661 files changed, 322997 insertions, 33147 deletions

diff --git a/source3/.cvsignore b/source3/.cvsignore
new file mode 100644
index 0000000000..77e82c5701
--- /dev/null
+++ b/source3/.cvsignore
@@ -0,0 +1,19 @@
+*.po
+*.po32
+.headers.stamp
+.proto.stamp
+.proto.check
+ID
+ID
+Makefile
+bin
+config.cache
+config.log
+config.status
+cvs.log
+dmallog.log
+dox
+libtool
+so_locations
+testdir
+testtmp
diff --git a/source3/.dmallocrc b/source3/.dmallocrc
new file mode 100644
index 0000000000..5e5c45e124
--- /dev/null
+++ b/source3/.dmallocrc
@@ -0,0 +1,2 @@
+samba allow-free-null, log-stats, log-non-free, log-trans, \
+        check-fence, check-heap, check-lists, error-abort
\ No newline at end of file
diff --git a/source3/CodingSuggestions b/source3/CodingSuggestions
new file mode 100644
index 0000000000..48c51281f5
--- /dev/null
+++ b/source3/CodingSuggestions
@@ -0,0 +1,143 @@
+/**
+
+@page CodingSuggestions Coding suggestions
+
+So you want to add code to Samba ...
+
+One of the daunting tasks facing a programmer attempting to write code for
+Samba is understanding the various coding conventions used by those most
+active in the project.  These conventions were mostly unwritten and helped
+improve either the portability, stability or consistency of the code. This
+document will attempt to document a few of the more important coding
+practices used at this time on the Samba project.  The coding practices are
+expected to change slightly over time, and even to grow as more is learned
+about obscure portability considerations.  Two existing documents
+samba/source/internals.doc and samba/source/architecture.doc provide
+additional information.
+
+The loosely related question of coding style is very personal and this
+document does not attempt to address that subject, except to say that I
+have observed that eight character tabs seem to be preferred in Samba
+source.  If you are interested in the topic of coding style, two oft-quoted
+documents are:
+
+   http://lxr.linux.no/source/Documentation/CodingStyle
+   http://www.fsf.org/prep/standards_toc.html
+
+but note that coding style in Samba varies due to the many different
+programmers who have contributed.
+
+Following are some considerations you should use when adding new code to
+Samba.  First and foremost remember that:
+
+Portability is a primary consideration in adding function, as is network
+compatability with de facto, existing, real world CIFS/SMB implementations.
+There are lots of platforms that Samba builds on so use caution when adding
+a call to a library function that is not invoked in existing Samba code.
+Also note that there are many quite different SMB/CIFS clients that Samba
+tries to support, not all of which follow the SNIA CIFS Technical Reference
+(or the earlier Microsoft reference documents or the X/Open book on the SMB
+Standard) perfectly.
+
+Here are some other suggestions:
+
+1) use d_printf instead of printf for display text
+	reason: enable auto-substitution of translated language text 
+
+2) use SAFE_FREE instead of free
+	reason: reduce traps due to null pointers
+
+3) don't use bzero use memset, or ZERO_STRUCT and ZERO_STRUCTP macros
+	reason: not POSIX
+
+4) don't use strcpy and strlen (use safe_* equivalents)
+	reason: to avoid traps due to buffer overruns
+
+5) don't use getopt_long, use popt functions instead
+	reason: portability
+
+6) explicitly add const qualifiers on parm passing in functions where parm
+   is input only (somewhat controversial but const can be #defined away)
+
+8) discourage use of threads
+        reason: portability (also see architecture.doc)
+
+9) don't explicitly include new header files in C files - new h files 
+   should be included by adding them once to includes.h
+	reason: consistency
+
+10) don't explicitly extern functions (they are autogenerated by 
+    "make proto" into proto.h)
+	reason: consistency
+
+11) use endian safe macros when unpacking SMBs (see byteorder.h and
+    internals.doc)
+	reason: not everyone uses Intel
+
+12) Note Unicode implications of charset handling (see internals.doc).  See
+    pull_*  and push_* and convert_string functions.
+	reason: Internationalization
+
+13) Don't assume English only
+	reason: See above
+
+14) Try to avoid using in/out parameters (functions that return data which
+    overwrites input parameters)
+	reason: Can cause stability problems
+
+15) Ensure copyright notices are correct, don't append Tridge's name to code
+    that he didn't write.  If you did not write the code, make sure that it
+    can coexist with the rest of the Samba GPLed code.
+
+16) Consider usage of DATA_BLOBs for length specified byte-data.
+	reason: stability
+
+17) Take advantage of tdbs for database like function
+	reason: consistency
+
+18) Don't access the SAM_ACCOUNT structure directly, they should be accessed
+    via pdb_get...() and pdb_set...() functions.
+	reason: stability, consistency
+
+19) Don't check a password directly against the passdb, always use the
+    check_password() interface.
+	reason: long term pluggability
+
+20) Try to use asprintf rather than pstrings and fstrings where possible
+
+21) Use normal C comments / * instead of C++ comments // like
+    this.  Although the C++ comment format is part of the C99
+    standard, some older vendor C compilers do not accept it.
+
+22) Try to write documentation for API functions and structures
+    explaining the point of the code, the way it should be used, and
+    any special conditions or results.  Mark these with a double-star
+    comment start / ** so that they can be picked up by Doxygen, as in
+    this file.
+
+23) Keep the scope narrow. This means making functions/variables
+    static whenever possible. We don't want our namespace
+    polluted. Each module should have a minimal number of externally
+    visible functions or variables.
+
+24) Use function pointers to keep knowledge about particular pieces of
+    code isolated in one place. We don't want a particular piece of
+    functionality to be spread out across lots of places - that makes
+    for fragile, hand to maintain code. Instead, design an interface
+    and use tables containing function pointers to implement specific
+    functionality. This is particularly important for command
+    interpreters. 
+
+25) Think carefully about what it will be like for someone else to add
+    to and maintain your code. If it would be hard for someone else to
+    maintain then do it another way. 
+
+The suggestions above are simply that, suggestions, but the information may
+help in reducing the routine rework done on new code.  The preceeding list
+is expected to change routinely as new support routines and macros are
+added.
+
+Written by Steve French, with contributions from Simo Sorce, Andrew
+Bartlett, Tim Potter and Martin Pool.
+
+**/
diff --git a/source3/Doxyfile b/source3/Doxyfile
new file mode 100644
index 0000000000..fe71065c24
--- /dev/null
+++ b/source3/Doxyfile
@@ -0,0 +1,170 @@
+# Doxyfile 0.1
+
+#---------------------------------------------------------------------------
+# General configuration options
+#---------------------------------------------------------------------------
+PROJECT_NAME           = Samba
+PROJECT_NUMBER         = HEAD
+OUTPUT_DIRECTORY       = dox
+OUTPUT_LANGUAGE        = English
+EXTRACT_ALL            = YES
+EXTRACT_PRIVATE        = YES
+EXTRACT_STATIC         = YES
+HIDE_UNDOC_MEMBERS     = NO
+HIDE_UNDOC_CLASSES     = NO
+BRIEF_MEMBER_DESC      = YES
+REPEAT_BRIEF           = YES
+ALWAYS_DETAILED_SEC    = NO
+FULL_PATH_NAMES        = NO
+STRIP_FROM_PATH        = *source
+INTERNAL_DOCS          = YES
+CLASS_DIAGRAMS         = YES
+SOURCE_BROWSER         = YES
+INLINE_SOURCES         = YES
+STRIP_CODE_COMMENTS    = NO
+CASE_SENSE_NAMES       = YES
+SHORT_NAMES            = NO
+HIDE_SCOPE_NAMES       = YES
+VERBATIM_HEADERS       = YES
+SHOW_INCLUDE_FILES     = YES
+JAVADOC_AUTOBRIEF      = YES
+INHERIT_DOCS           = YES
+INLINE_INFO            = YES
+SORT_MEMBER_DOCS       = NO
+DISTRIBUTE_GROUP_DOC   = NO
+TAB_SIZE               = 8
+GENERATE_TODOLIST      = YES
+GENERATE_TESTLIST      = YES
+GENERATE_BUGLIST       = YES
+ALIASES                = 
+ENABLED_SECTIONS       = 
+MAX_INITIALIZER_LINES  = 30
+OPTIMIZE_OUTPUT_FOR_C  = YES
+SHOW_USED_FILES        = YES
+REFERENCED_RELATION    = YES
+REFERENCED_BY_RELATION = YES
+#---------------------------------------------------------------------------
+# configuration options related to warning and progress messages
+#---------------------------------------------------------------------------
+QUIET                  = NO
+WARNINGS               = NO
+WARN_IF_UNDOCUMENTED   = NO
+WARN_FORMAT            = "$file:$line: $text"
+WARN_LOGFILE           = 
+#---------------------------------------------------------------------------
+# configuration options related to the input files
+#---------------------------------------------------------------------------
+INPUT                  = . \
+                         CodingSuggestions mainpage.dox
+FILE_PATTERNS          = *.c \
+                         *.h \
+                         *.idl
+RECURSIVE              = YES
+EXCLUDE                = include/includes.h \
+                         include/proto.h
+EXCLUDE_PATTERNS       = 
+EXAMPLE_PATH           = 
+EXAMPLE_PATTERNS       = 
+IMAGE_PATH             = 
+INPUT_FILTER           = 
+FILTER_SOURCE_FILES    = NO
+#---------------------------------------------------------------------------
+# configuration options related to the alphabetical class index
+#---------------------------------------------------------------------------
+ALPHABETICAL_INDEX     = YES
+COLS_IN_ALPHA_INDEX    = 1
+IGNORE_PREFIX          = 
+#---------------------------------------------------------------------------
+# configuration options related to the HTML output
+#---------------------------------------------------------------------------
+GENERATE_HTML          = YES
+HTML_OUTPUT            = html
+HTML_HEADER            = 
+HTML_FOOTER            = 
+HTML_STYLESHEET        = 
+HTML_ALIGN_MEMBERS     = YES
+GENERATE_HTMLHELP      = NO
+GENERATE_CHI           = NO
+BINARY_TOC             = NO
+TOC_EXPAND             = NO
+DISABLE_INDEX          = NO
+ENUM_VALUES_PER_LINE   = 3
+GENERATE_TREEVIEW      = NO
+TREEVIEW_WIDTH         = 250
+#---------------------------------------------------------------------------
+# configuration options related to the LaTeX output
+#---------------------------------------------------------------------------
+GENERATE_LATEX         = NO
+LATEX_OUTPUT           = latex
+COMPACT_LATEX          = NO
+PAPER_TYPE             = a4wide
+EXTRA_PACKAGES         = 
+LATEX_HEADER           = 
+PDF_HYPERLINKS         = YES
+USE_PDFLATEX           = YES
+LATEX_BATCHMODE        = YES
+#---------------------------------------------------------------------------
+# configuration options related to the RTF output
+#---------------------------------------------------------------------------
+GENERATE_RTF           = NO
+RTF_OUTPUT             = rtf
+COMPACT_RTF            = NO
+RTF_HYPERLINKS         = NO
+RTF_STYLESHEET_FILE    = 
+RTF_EXTENSIONS_FILE    = 
+#---------------------------------------------------------------------------
+# configuration options related to the man page output
+#---------------------------------------------------------------------------
+GENERATE_MAN           = NO
+MAN_OUTPUT             = man
+MAN_EXTENSION          = .3
+MAN_LINKS              = NO
+#---------------------------------------------------------------------------
+# configuration options related to the XML output
+#---------------------------------------------------------------------------
+GENERATE_XML           = NO
+#---------------------------------------------------------------------------
+# Configuration options related to the preprocessor   
+#---------------------------------------------------------------------------
+ENABLE_PREPROCESSING   = NO
+MACRO_EXPANSION        = NO
+EXPAND_ONLY_PREDEF     = NO
+SEARCH_INCLUDES        = YES
+INCLUDE_PATH           = 
+INCLUDE_FILE_PATTERNS  = 
+PREDEFINED             = 
+EXPAND_AS_DEFINED      = 
+SKIP_FUNCTION_MACROS   = YES
+#---------------------------------------------------------------------------
+# Configuration::addtions related to external references   
+#---------------------------------------------------------------------------
+TAGFILES               = 
+GENERATE_TAGFILE       = 
+ALLEXTERNALS           = NO
+PERL_PATH              = /usr/bin/perl
+#---------------------------------------------------------------------------
+# Configuration options related to the dot tool   
+#---------------------------------------------------------------------------
+HAVE_DOT               = YES
+CLASS_GRAPH            = YES
+COLLABORATION_GRAPH    = YES
+TEMPLATE_RELATIONS     = YES
+INCLUDE_GRAPH          = YES
+INCLUDED_BY_GRAPH      = YES
+GRAPHICAL_HIERARCHY    = YES
+DOT_PATH               = 
+DOTFILE_DIRS           = 
+MAX_DOT_GRAPH_WIDTH    = 1024
+MAX_DOT_GRAPH_HEIGHT   = 1024
+GENERATE_LEGEND        = YES
+DOT_CLEANUP            = YES
+#---------------------------------------------------------------------------
+# Configuration::addtions related to the search engine   
+#---------------------------------------------------------------------------
+SEARCHENGINE           = NO
+CGI_NAME               = search.cgi
+CGI_URL                = 
+DOC_URL                = 
+DOC_ABSPATH            = 
+BIN_ABSPATH            = /usr/local/bin/
+EXT_DOC_PATHS          = 
diff --git a/source3/Makefile.in b/source3/Makefile.in
new file mode 100644
index 0000000000..54e3238fba
--- /dev/null
+++ b/source3/Makefile.in
@@ -0,0 +1,926 @@
+##########################################################################
+# Makefile.in for Samba - rewritten for autoconf support
+# Copyright Andrew Tridgell 1992-1998
+# Copyright (C) 2001 by Martin Pool <mbp@samba.org>
+###########################################################################
+
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+mandir=@mandir@
+
+LIBS=@LIBS@ 
+CC=@CC@
+SHLD=@SHLD@
+CFLAGS=@CFLAGS@
+CPPFLAGS=@CPPFLAGS@
+LDFLAGS=@LDFLAGS@
+LDSHFLAGS=@LDSHFLAGS@ @LDFLAGS@ @CFLAGS@
+AWK=@AWK@
+DYNEXP=@DYNEXP@
+
+TERMLDFLAGS=@TERMLDFLAGS@
+TERMLIBS=@TERMLIBS@
+
+LINK=$(CC) $(FLAGS) $(LDFLAGS)
+
+INSTALLCMD=@INSTALL@
+
+VPATH=@srcdir@
+srcdir=@srcdir@
+builddir=@builddir@
+SHELL=/bin/sh
+
+# XXX: Perhaps this should be @SHELL@ instead -- apparently autoconf
+# will search for a POSIX-compliant shell, and that might not be
+# /bin/sh on some platforms.  I guess it's not a big problem -- mbp
+
+# See the autoconf manual "Installation Directory Variables" for a
+# discussion of thesubtle use of these variables.
+
+BASEDIR= @prefix@
+BINDIR = @bindir@
+# sbindir is mapped to bindir when compiling SAMBA in 2.0.x compatibility mode.
+SBINDIR = @sbindir@
+LIBDIR = @libdir@
+VARDIR = @localstatedir@
+MANDIR = @mandir@
+
+# The permissions to give the executables
+INSTALLPERMS = 0755
+
+# set these to where to find various files
+# These can be overridden by command line switches (see smbd(8))
+# or in smb.conf (see smb.conf(5))
+LOGFILEBASE = $(VARDIR)
+CONFIGFILE = $(LIBDIR)/smb.conf
+LMHOSTSFILE = $(LIBDIR)/lmhosts
+DRIVERFILE = $(LIBDIR)/printers.def
+# This is where smbpasswd et al go
+PRIVATEDIR = @privatedir@
+
+SMB_PASSWD_FILE = $(PRIVATEDIR)/smbpasswd
+PRIVATE_DIR = $(PRIVATEDIR)
+
+# This is where SWAT images and help files go
+SWATDIR = @swatdir@
+
+# the directory where lock files go
+LOCKDIR = @lockdir@
+
+# man pages language(s)
+man_langs = "@manlangs@"
+
+FLAGS1 = $(CFLAGS) @FLAGS1@ -Iinclude -I$(srcdir)/include -I$(srcdir)/ubiqx -I$(srcdir)/smbwrapper  -I. $(CPPFLAGS) -I$(srcdir)
+FLAGS2 = 
+FLAGS3 = 
+FLAGS4 = 
+FLAGS5 = $(FLAGS1) $(FLAGS2) $(FLAGS3) $(FLAGS4)
+FLAGS  = $(ISA) $(FLAGS5) 
+FLAGS32  = $(ISA32) $(FLAGS5)
+
+PASSWD_FLAGS = -DSMB_PASSWD_FILE=\"$(SMB_PASSWD_FILE)\" -DPRIVATE_DIR=\"$(PRIVATE_DIR)\"
+PATH_FLAGS1 = -DCONFIGFILE=\"$(CONFIGFILE)\"  -DSBINDIR=\"$(SBINDIR)\"
+PATH_FLAGS2 = $(PATH_FLAGS1) -DBINDIR=\"$(BINDIR)\" -DDRIVERFILE=\"$(DRIVERFILE)\" 
+PATH_FLAGS3 = $(PATH_FLAGS2) -DLMHOSTSFILE=\"$(LMHOSTSFILE)\" 
+PATH_FLAGS4 = $(PATH_FLAGS3) -DSWATDIR=\"$(SWATDIR)\"  -DLOCKDIR=\"$(LOCKDIR)\"
+PATH_FLAGS5 = $(PATH_FLAGS4) -DLIBDIR=\"$(LIBDIR)\" -DLOGFILEBASE=\"$(LOGFILEBASE)\"
+PATH_FLAGS = $(PATH_FLAGS5) $(PASSWD_FLAGS)
+
+WINBIND_PROGS = @WINBIND_TARGETS@
+WINBIND_SPROGS = @WINBIND_STARGETS@
+WINBIND_PAM_PROGS = @WINBIND_PAM_TARGETS@
+WINBIND_LPROGS = @WINBIND_LTARGETS@
+
+SPROGS = bin/smbd bin/nmbd bin/swat bin/wrepld @WINBIND_STARGETS@
+PROGS1 = bin/smbclient bin/net bin/smbspool bin/testparm bin/testprns bin/smbstatus bin/smbcontrol bin/smbtree bin/tdbbackup @RUNPROG@ @WINBIND_TARGETS@
+PROGS2 = bin/smbpasswd bin/rpcclient bin/smbcacls @WRAP@ @WRAP32@ @PAM_MOD@
+MPROGS = @MPROGS@
+LPROGS = $(WINBIND_PAM_PROGS) $(WINBIND_LPROGS)
+
+PROGS = $(PROGS1) $(PROGS2) $(MPROGS) bin/nmblookup bin/pdbedit bin/smbgroupedit
+TORTURE_PROGS = bin/smbtorture bin/msgtest bin/masktest bin/locktest \
+	bin/locktest2 bin/nsstest
+SHLIBS = libsmbclient
+
+SCRIPTS = $(srcdir)/script/smbtar $(srcdir)/script/addtosmbpass $(srcdir)/script/convert_smbpasswd
+
+QUOTAOBJS=@QUOTAOBJS@
+
+######################################################################
+# object file lists
+######################################################################
+
+TDBBASE_OBJ = tdb/tdb.o tdb/spinlock.o
+TDB_OBJ = $(TDBBASE_OBJ) tdb/tdbutil.o 
+
+LIB_OBJ = lib/charcnv.o lib/debug.o lib/fault.o \
+          lib/getsmbpass.o lib/interface.o lib/md4.o \
+          lib/interfaces.o lib/pidfile.o lib/replace.o \
+          lib/signal.o lib/system.o lib/time.o \
+	  lib/ufc.o lib/genrand.o lib/username.o \
+	  lib/util_getent.o lib/util_pw.o lib/access.o lib/smbrun.o \
+	  lib/bitmap.o lib/crc32.o lib/snprintf.o lib/dprintf.o \
+	  lib/xfile.o lib/wins_srv.o \
+	  lib/util_str.o lib/util_sid.o \
+	  lib/util_unistr.o lib/util_file.o \
+	  lib/util.o lib/util_sock.o lib/util_sec.o smbd/ssl.o \
+	  lib/talloc.o lib/hash.o lib/substitute.o lib/fsusage.o \
+	  lib/ms_fnmatch.o lib/select.o lib/error.o lib/messages.o \
+	  lib/tallocmsg.o lib/dmallocmsg.o \
+	  lib/md5.o lib/hmacmd5.o lib/iconv.o lib/smbpasswd.o \
+	  nsswitch/wb_client.o nsswitch/wb_common.o \
+	  lib/pam_errors.o intl/lang_tdb.o lib/account_pol.o \
+	  $(TDB_OBJ) 
+
+READLINE_OBJ = lib/readline.o
+
+UBIQX_OBJ = ubiqx/ubi_BinTree.o ubiqx/ubi_Cache.o ubiqx/ubi_SplayTree.o \
+            ubiqx/ubi_dLinkList.o ubiqx/ubi_sLinkList.o ubiqx/debugparse.o
+
+PARAM_OBJ = param/loadparm.o param/params.o dynconfig.o
+
+LIBADS_OBJ = libads/ldap.o libads/ldap_printer.o libads/sasl.o \
+	     libads/krb5_setpw.o libads/kerberos.o libads/ldap_user.o \
+	     libads/ads_struct.o libads/ads_status.o passdb/secrets.o \
+             libads/util.o libads/disp_sec.o
+
+LIBSMB_OBJ = libsmb/clientgen.o libsmb/cliconnect.o libsmb/clifile.o \
+	     libsmb/clikrb5.o libsmb/clispnego.o libsmb/asn1.o \
+	     libsmb/clirap.o libsmb/clierror.o libsmb/climessage.o \
+	     libsmb/clireadwrite.o libsmb/clilist.o libsmb/cliprint.o \
+	     libsmb/clitrans.o libsmb/clisecdesc.o libsmb/clidgram.o \
+	     libsmb/namequery.o libsmb/nmblib.o libsmb/clistr.o \
+             libsmb/nterr.o libsmb/smbdes.o libsmb/smbencrypt.o \
+             libsmb/smberr.o libsmb/credentials.o libsmb/pwd_cache.o \
+	     libsmb/clioplock.o libsmb/errormap.o libsmb/clirap2.o \
+	     libsmb/passchange.o libsmb/unexpected.o libsmb/doserr.o \
+	     $(RPC_PARSE_OBJ1) $(LIBADS_OBJ)
+
+LIBMSRPC_OBJ = libsmb/cli_lsarpc.o libsmb/cli_samr.o libsmb/cli_spoolss.o \
+	       libsmb/cli_netlogon.o libsmb/cli_srvsvc.o libsmb/cli_wkssvc.o \
+	       libsmb/cli_dfs.o libsmb/cli_reg.o libsmb/trust_passwd.o\
+	       rpc_client/cli_pipe.o libsmb/cli_pipe_util.o
+
+LIBMSRPC_PICOBJ = $(LIBMSRPC_OBJ:.o=.po)
+
+RPC_SERVER_OBJ = rpc_server/srv_lsa.o rpc_server/srv_lsa_nt.o \
+                 rpc_server/srv_lsa_hnd.o rpc_server/srv_netlog.o rpc_server/srv_netlog_nt.o \
+                 rpc_server/srv_pipe_hnd.o rpc_server/srv_reg.o rpc_server/srv_reg_nt.o \
+                 rpc_server/srv_samr.o rpc_server/srv_samr_nt.o rpc_server/srv_srvsvc.o rpc_server/srv_srvsvc_nt.o \
+                 rpc_server/srv_util.o rpc_server/srv_wkssvc.o rpc_server/srv_wkssvc_nt.o \
+                 rpc_server/srv_pipe.o rpc_server/srv_dfs.o rpc_server/srv_dfs_nt.o \
+                 rpc_server/srv_spoolss.o rpc_server/srv_spoolss_nt.o
+
+# this includes only the low level parse code, not stuff
+# that requires knowledge of security contexts
+RPC_PARSE_OBJ1 = rpc_parse/parse_prs.o rpc_parse/parse_sec.o \
+		 rpc_parse/parse_misc.o
+
+RPC_PARSE_OBJ = rpc_parse/parse_lsa.o rpc_parse/parse_net.o \
+                rpc_parse/parse_reg.o rpc_parse/parse_rpc.o \
+                rpc_parse/parse_samr.o rpc_parse/parse_srv.o \
+                rpc_parse/parse_wks.o \
+		rpc_parse/parse_spoolss.o rpc_parse/parse_dfs.o
+
+
+RPC_CLIENT_OBJ = rpc_client/cli_netlogon.o rpc_client/cli_pipe.o \
+	rpc_client/cli_login.o \
+	rpc_client/cli_spoolss_notify.o
+
+LOCKING_OBJ = locking/locking.o locking/brlock.o locking/posix.o
+
+PASSDB_OBJ = passdb/passdb.o passdb/pdb_interface.o passdb/pdb_get_set.o \
+		passdb/machine_sid.o passdb/pdb_smbpasswd.o \
+		passdb/pdb_tdb.o passdb/pdb_ldap.o passdb/pdb_plugin.o \
+		passdb/pdb_nisplus.o
+
+GROUPDB_OBJ = groupdb/mapping.o
+
+# passdb/smbpass.o passdb/ldap.o passdb/nispass.o 
+
+PROFILE_OBJ = profile/profile.o
+
+OPLOCK_OBJ = smbd/oplock.o smbd/oplock_irix.o smbd/oplock_linux.o
+
+NOTIFY_OBJ = smbd/notify.o smbd/notify_hash.o smbd/notify_kernel.o
+
+PLAINTEXT_AUTH_OBJ = auth/pampass.o auth/pass_check.o
+
+UNIGRP_OBJ = libsmb/netlogon_unigrp.o 
+
+AUTH_OBJ = auth/auth.o auth/auth_sam.o auth/auth_server.o auth/auth_domain.o \
+	   auth/auth_rhosts.o auth/auth_unix.o auth/auth_util.o	auth/auth_winbind.o \
+	   auth/auth_builtin.o auth/auth_compat.o $(PLAINTEXT_AUTH_OBJ) $(UNIGRP_OBJ)
+
+MANGLE_OBJ = smbd/mangle.o smbd/mangle_hash.o smbd/mangle_map.o smbd/mangle_hash2.o
+
+SMBD_OBJ1 = smbd/server.o smbd/files.o smbd/chgpasswd.o smbd/connection.o \
+	    smbd/utmp.o smbd/session.o \
+            smbd/dfree.o smbd/dir.o smbd/password.o smbd/conn.o smbd/fileio.o \
+            smbd/ipc.o smbd/lanman.o smbd/negprot.o \
+            smbd/message.o smbd/nttrans.o smbd/pipes.o \
+            smbd/reply.o smbd/sesssetup.o smbd/trans2.o smbd/uid.o \
+	    smbd/dosmode.o smbd/filename.o smbd/open.o smbd/close.o \
+	    smbd/blocking.o smbd/sec_ctx.o \
+	    smbd/vfs.o smbd/vfs-wrap.o smbd/statcache.o \
+            smbd/posix_acls.o lib/sysacls.o \
+	    smbd/process.o smbd/service.o smbd/error.o \
+	    printing/printfsp.o lib/util_seaccess.o smbd/srvstr.o \
+            smbd/build_options.o \
+	    smbd/change_trust_pw.o \
+	    rpc_client/cli_spoolss_notify.o \
+	    $(MANGLE_OBJ)
+
+
+PRINTING_OBJ = printing/pcap.o printing/print_svid.o \
+				printing/print_cups.o printing/print_generic.o \
+				printing/lpq_parse.o printing/load.o
+
+PRINTBACKEND_OBJ = printing/printing.o printing/nt_printing.o
+
+MSDFS_OBJ = msdfs/msdfs.o 
+
+SMBD_OBJ = $(SMBD_OBJ1) $(MSDFS_OBJ) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) \
+           $(RPC_SERVER_OBJ) $(RPC_PARSE_OBJ) \
+           $(LOCKING_OBJ) $(PASSDB_OBJ) $(PRINTING_OBJ) $(PROFILE_OBJ) \
+	   $(LIB_OBJ) $(PRINTBACKEND_OBJ) $(QUOTAOBJS) $(OPLOCK_OBJ) \
+	   $(NOTIFY_OBJ) $(GROUPDB_OBJ) $(AUTH_OBJ) $(LIBMSRPC_OBJ)
+
+
+NMBD_OBJ1 = nmbd/asyncdns.o nmbd/nmbd.o nmbd/nmbd_become_dmb.o \
+            nmbd/nmbd_become_lmb.o nmbd/nmbd_browserdb.o \
+            nmbd/nmbd_browsesync.o nmbd/nmbd_elections.o \
+            nmbd/nmbd_incomingdgrams.o nmbd/nmbd_incomingrequests.o \
+            nmbd/nmbd_lmhosts.o nmbd/nmbd_logonnames.o nmbd/nmbd_mynames.o \
+            nmbd/nmbd_namelistdb.o nmbd/nmbd_namequery.o \
+            nmbd/nmbd_nameregister.o nmbd/nmbd_namerelease.o \
+            nmbd/nmbd_nodestatus.o nmbd/nmbd_packets.o \
+            nmbd/nmbd_processlogon.o nmbd/nmbd_responserecordsdb.o \
+            nmbd/nmbd_sendannounce.o nmbd/nmbd_serverlistdb.o \
+            nmbd/nmbd_subnetdb.o nmbd/nmbd_winsproxy.o nmbd/nmbd_winsserver.o \
+            nmbd/nmbd_workgroupdb.o nmbd/nmbd_synclists.o
+
+NMBD_OBJ = $(NMBD_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) \
+           $(PROFILE_OBJ) $(LIB_OBJ)
+
+WREPL_OBJ1 = wrepld/server.o wrepld/process.o wrepld/parser.o wrepld/socket.o \
+             wrepld/partners.o
+
+WREPL_OBJ = $(WREPL_OBJ1)  $(PARAM_OBJ) $(UBIQX_OBJ) \
+	    $(PROFILE_OBJ) $(LIB_OBJ)
+
+SWAT_OBJ = web/cgi.o web/diagnose.o web/startstop.o web/statuspage.o \
+           web/swat.o web/neg_lang.o $(PRINTING_OBJ) $(LIBSMB_OBJ) $(LOCKING_OBJ) \
+           $(PARAM_OBJ) $(PASSDB_OBJ) \
+	   $(UBIQX_OBJ) $(LIB_OBJ) $(GROUPDB_OBJ) $(PLAINTEXT_AUTH_OBJ) \
+	   smbwrapper/shared.o
+
+SMBSH_OBJ = smbwrapper/smbsh.o smbwrapper/shared.o \
+            $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
+
+MAKE_PRINTERDEF_OBJ = utils/make_printerdef.o $(PARAM_OBJ) \
+                      $(UBIQX_OBJ) $(LIB_OBJ)
+
+STATUS_OBJ = utils/status.o $(LOCKING_OBJ) $(PARAM_OBJ) \
+             $(UBIQX_OBJ) $(PROFILE_OBJ) $(LIB_OBJ)
+
+SMBCONTROL_OBJ = utils/smbcontrol.o $(LOCKING_OBJ) $(PARAM_OBJ) \
+             $(UBIQX_OBJ) $(PROFILE_OBJ) $(LIB_OBJ)
+
+SMBTREE_OBJ = utils/smbtree.o $(LOCKING_OBJ) $(PARAM_OBJ) \
+             $(UBIQX_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) $(LIBSMB_OBJ)
+
+TESTPARM_OBJ = utils/testparm.o \
+               $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
+
+TESTPRNS_OBJ = utils/testprns.o $(PARAM_OBJ) $(PRINTING_OBJ) $(UBIQX_OBJ) \
+               $(LIB_OBJ)
+
+SMBPASSWD_OBJ = utils/smbpasswd.o $(PARAM_OBJ) \
+		$(LIBSMB_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ)\
+                $(UBIQX_OBJ) $(LIB_OBJ)
+
+PDBEDIT_OBJ = utils/pdbedit.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(PASSDB_OBJ) \
+		$(UBIQX_OBJ) $(LIB_OBJ) $(GROUPDB_OBJ)
+
+SMBGROUPEDIT_OBJ = utils/smbgroupedit.o $(GROUPDB_OBJ) $(PARAM_OBJ) \
+		$(LIBSMB_OBJ) $(PASSDB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
+
+RPCCLIENT_OBJ1 = rpcclient/rpcclient.o rpcclient/cmd_lsarpc.o \
+	         rpcclient/cmd_samr.o rpcclient/cmd_spoolss.o \
+		 rpcclient/cmd_netlogon.o rpcclient/cmd_srvsvc.o \
+		 rpcclient/cmd_dfs.o rpcclient/cmd_reg.o \
+		 rpc_client/cli_login.o rpc_client/cli_netlogon.o \
+		 rpcclient/display_sec.o
+
+RPCCLIENT_OBJ = $(RPCCLIENT_OBJ1) \
+             $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
+             $(RPC_PARSE_OBJ) $(PASSDB_OBJ) $(LIBMSRPC_OBJ) \
+             $(READLINE_OBJ) $(GROUPDB_OBJ)
+
+SAMSYNC_OBJ1 = rpcclient/samsync.o rpcclient/display_sec.o
+
+SAMSYNC_OBJ = $(SAMSYNC_OBJ1) \
+             $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
+             $(RPC_PARSE_OBJ) $(PASSDB_OBJ) $(LIBMSRPC_OBJ) \
+             $(GROUPDB_OBJ)
+
+PAM_WINBIND_OBJ = nsswitch/pam_winbind.po nsswitch/wb_common.po lib/snprintf.po
+
+SMBW_OBJ = smbwrapper/smbw.o \
+		smbwrapper/smbw_dir.o smbwrapper/smbw_stat.o \
+		smbwrapper/realcalls.o smbwrapper/shared.o \
+		smbwrapper/smbw_cache.o \
+		$(LIBSMB_OBJ) $(PARAM_OBJ) \
+                $(UBIQX_OBJ) $(LIB_OBJ)
+
+SMBWRAPPER_OBJ = $(SMBW_OBJ) smbwrapper/wrapped.o
+
+LIBSMBCLIENT_OBJ = libsmb/libsmbclient.o $(LIB_OBJ) $(LIBSMB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ)
+
+CLIENT_OBJ = client/client.o client/clitar.o \
+             $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
+             $(READLINE_OBJ)
+
+NET_OBJ = utils/net.o utils/net_ads.o utils/net_help.o \
+          utils/net_rap.o utils/net_rpc.o \
+	utils/net_rpc_join.o utils/net_time.o utils/net_lookup.o \
+	$(LIBSMB_OBJ) $(LIBMSRPC_OBJ) $(RPC_PARSE_OBJ) $(PASSDB_OBJ) \
+	$(GROUPDB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
+
+
+CUPS_OBJ = client/smbspool.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
+
+MOUNT_OBJ = client/smbmount.o \
+             $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
+
+MNT_OBJ = client/smbmnt.o \
+             $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
+
+UMOUNT_OBJ = client/smbumount.o \
+             $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
+
+NMBLOOKUP_OBJ = utils/nmblookup.o $(PARAM_OBJ) $(UBIQX_OBJ) \
+                $(LIBSMB_OBJ) $(LIB_OBJ)
+
+SMBTORTURE_OBJ = torture/torture.o torture/nbio.o torture/scanner.o torture/utable.o \
+		torture/denytest.o \
+	$(LIBSMB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
+
+MASKTEST_OBJ = torture/masktest.o $(LIBSMB_OBJ) $(PARAM_OBJ) \
+                 $(UBIQX_OBJ) $(LIB_OBJ)
+
+MSGTEST_OBJ = torture/msgtest.o $(LIBSMB_OBJ) $(PARAM_OBJ) \
+                 $(UBIQX_OBJ) $(LIB_OBJ)
+
+LOCKTEST_OBJ = torture/locktest.o $(LOCKING_OBJ) $(LIBSMB_OBJ) $(PARAM_OBJ) \
+                 $(UBIQX_OBJ) $(LIB_OBJ)
+
+NSSTEST_OBJ = torture/nsstest.o $(LIBSMB_OBJ) $(PARAM_OBJ) \
+                 $(UBIQX_OBJ) $(LIB_OBJ)
+
+LOCKTEST2_OBJ = torture/locktest2.o $(LOCKING_OBJ) $(LIBSMB_OBJ) $(PARAM_OBJ) \
+                 $(UBIQX_OBJ) $(LIB_OBJ)
+
+SMBCACLS_OBJ = utils/smbcacls.o $(LOCKING_OBJ) $(LIBSMB_OBJ) $(PARAM_OBJ) \
+                 $(UBIQX_OBJ) $(LIB_OBJ) $(RPC_PARSE_OBJ) $(PASSDB_OBJ) \
+		 $(LIBMSRPC_OBJ) $(GROUPDB_OBJ)
+
+TALLOCTORT_OBJ = lib/talloctort.o  $(LIB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ)
+
+RPCTORTURE_OBJ = torture/rpctorture.o \
+             rpcclient/display.o \
+             rpcclient/cmd_lsarpc.o \
+             rpcclient/cmd_wkssvc.o \
+             rpcclient/cmd_samr.o \
+             rpcclient/cmd_srvsvc.o \
+             rpcclient/cmd_netlogon.o \
+             $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
+             $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) $(PASSDB_OBJ)
+
+DEBUG2HTML_OBJ = utils/debug2html.o ubiqx/debugparse.o
+
+SMBFILTER_OBJ = utils/smbfilter.o $(LIBSMB_OBJ) $(PARAM_OBJ) \
+                 $(UBIQX_OBJ) $(LIB_OBJ)
+
+PROTO_OBJ = $(SMBD_OBJ) $(NMBD_OBJ) $(SWAT_OBJ) $(CLIENT_OBJ) \
+	    $(SMBWRAPPER_OBJ) $(SMBTORTURE_OBJ) $(RPCCLIENT_OBJ1) \
+	    $(LIBMSRPC_OBJ) $(RPC_CLIENT_OBJ) $(AUTH_OBJ) $(NET_OBJ)
+
+NSS_OBJ_0 = nsswitch/wins.o $(PARAM_OBJ) $(UBIQX_OBJ) $(LIBSMB_OBJ) $(LIB_OBJ) $(NSSWINS_OBJ)
+NSS_OBJ = $(NSS_OBJ_0:.o=.po)
+
+PICOBJS = $(SMBWRAPPER_OBJ:.o=.po)
+PICOBJS32 = $(SMBWRAPPER_OBJ:.o=.po32)
+LIBSMBCLIENT_PICOBJS = $(LIBSMBCLIENT_OBJ:.o=.po)
+
+PAM_SMBPASS_OBJ_0 = pam_smbpass/pam_smb_auth.o pam_smbpass/pam_smb_passwd.o \
+               pam_smbpass/pam_smb_acct.o pam_smbpass/support.o \
+               lib/debug.o lib/util_sid.o lib/messages.o lib/util_str.o \
+               lib/wins_srv.o lib/substitute.o lib/select.o lib/util.o \
+               nsswitch/wb_client.o nsswitch/wb_common.o \
+               lib/system.o lib/util_file.o \
+               lib/genrand.o lib/username.o lib/util_getent.o lib/charcnv.o lib/time.o \
+               lib/md4.o lib/util_unistr.o lib/signal.o lib/talloc.o \
+               lib/ms_fnmatch.o lib/util_sock.o lib/smbrun.o \
+               lib/util_sec.o lib/snprintf.o \
+               ubiqx/ubi_sLinkList.o libsmb/smbencrypt.o libsmb/smbdes.o \
+               $(PARAM_OBJ) $(TDB_OBJ) $(PASSDB_OBJ)
+
+PAM_SMBPASS_PICOOBJ = $(PAM_SMBPASS_OBJ_0:.o=.po)
+
+WINBINDD_OBJ1 = \
+		nsswitch/winbindd.o       \
+		nsswitch/winbindd_user.o  \
+		nsswitch/winbindd_group.o \
+		nsswitch/winbindd_idmap.o \
+		nsswitch/winbindd_util.o  \
+		nsswitch/winbindd_cache.o \
+		nsswitch/winbindd_pam.o   \
+		nsswitch/winbindd_sid.o   \
+		nsswitch/winbindd_misc.o  \
+		nsswitch/winbindd_cm.o \
+		nsswitch/winbindd_wins.o \
+		nsswitch/winbindd_rpc.o \
+		nsswitch/winbindd_ads.o
+
+WINBINDD_OBJ = \
+		$(WINBINDD_OBJ1) $(NOPROTO_OBJ) $(PASSDB_OBJ) \
+		$(LIBNMB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
+		$(LIBSMB_OBJ) $(LIBMSRPC_OBJ) $(RPC_PARSE_OBJ) \
+		$(GROUPDB_OBJ) $(PROFILE_OBJ) $(UNIGRP_OBJ)
+
+WBINFO_OBJ = nsswitch/wbinfo.o libsmb/smbencrypt.o libsmb/smbdes.o \
+	passdb/secrets.o
+
+WINBIND_NSS_OBJ = nsswitch/winbind_nss.o nsswitch/wb_common.o @WINBIND_NSS_EXTRA_OBJS@
+
+WINBIND_NSS_PICOBJS = $(WINBIND_NSS_OBJ:.o=.po)
+
+POPT_OBJS=popt/findme.o popt/popt.o popt/poptconfig.o \
+          popt/popthelp.o popt/poptparse.o
+
+TDBBACKUP_OBJ = tdb/tdbbackup.o $(TDBBASE_OBJ)
+
+######################################################################
+# now the rules...
+######################################################################
+all : SHOWFLAGS include/proto.h include/wrepld_proto.h include/build_env.h $(SPROGS) $(PROGS) $(WINBIND_PROGS) $(WINBIND_SPROGS) $(LPROGS) $(SHLIBS)
+
+pam_smbpass : SHOWFLAGS bin/pam_smbpass.@SHLIBEXT@
+
+smbwrapper : SHOWFLAGS bin/smbsh bin/smbwrapper.@SHLIBEXT@ @WRAP32@
+
+torture : SHOWFLAGS $(TORTURE_PROGS)
+
+smbtorture : SHOWFLAGS bin/smbtorture
+
+masktest : SHOWFLAGS bin/masktest
+
+msgtest : SHOWFLAGS bin/msgtest
+
+locktest : SHOWFLAGS bin/locktest
+
+smbcacls : SHOWFLAGS bin/smbcacls
+
+locktest2 : SHOWFLAGS bin/locktest2
+
+rpctorture : SHOWFLAGS bin/rpctorture
+
+debug2html : SHOWFLAGS bin/debug2html
+
+smbfilter : SHOWFLAGS bin/smbfilter
+
+talloctort : SHOWFLAGS bin/talloctort
+
+nsswitch : SHOWFLAGS $(WINBIND_PROGS) $(WINBIND_SPROGS) $(LPROGS)
+
+wins : SHOWFLAGS nsswitch/libnss_wins.so
+
+everything: all libsmbclient debug2html smbfilter talloctort bin/samsync bin/make_printerdef
+
+.SUFFIXES:
+.SUFFIXES: .c .o .po .po32 .lo
+
+SHOWFLAGS:
+	@echo "Using FLAGS = $(FLAGS)"
+	@echo "      FLAGS32 = $(FLAGS32)"
+	@echo "      LIBS = $(LIBS)"
+	@echo "      LDSHFLAGS = $(LDSHFLAGS)"
+	@echo "      LDFLAGS = $(LDFLAGS)"
+
+MAKEDIR = || exec false; \
+	  if test -d "$$dir"; then :; else \
+	  echo mkdir "$$dir"; \
+	  mkdir -p "$$dir" >/dev/null 2>&1 || \
+	  test -d "$$dir" || \
+	  mkdir "$$dir" || \
+	  exec false; fi || exec false
+
+.c.o:
+	@if (: >> $@ || : > $@) >/dev/null 2>&1; then rm -f $@; else \
+	 dir=`echo $@ | sed 's,/[^/]*$$,,;s,^$$,.,'` $(MAKEDIR); fi
+	@echo Compiling $*.c
+	@$(CC) -I. -I$(srcdir) $(FLAGS) -c $< \
+	  -o $@ 
+@BROKEN_CC@	-mv `echo $@ | sed 's%^.*/%%g'` $@
+
+# These dependencies are only approximately correct: we want to make
+# sure Samba's paths are updated if ./configure is re-run.  Really it
+# would be nice if "make prefix=/opt/samba all" also rebuilt things,
+# but since we also require "make install prefix=/opt/samba" *not* to
+# rebuild it's a bit hard.
+
+dynconfig.o: dynconfig.c Makefile
+	@echo Compiling $*.c
+	@$(CC) $(FLAGS) $(PATH_FLAGS) -c $< -o $@ 
+
+dynconfig.po: dynconfig.c Makefile
+	@if (: >> $@ || : > $@) >/dev/null 2>&1; then rm -f $@; else \
+	  dir=`echo $@ | sed 's,/[^/]*$$,,;s,^$$,.,'` $(MAKEDIR); fi
+	@echo Compiling $*.c with @PICFLAG@
+	@$(CC) -I. -I$(srcdir) $(FLAGS) $(PATH_FLAGS) @PICFLAG@ -c $< -o $*.@PICSUFFIX@
+@BROKEN_CC@	-mv `echo $@ | sed -e 's%^.*/%%g' -e 's%\.po$$%.o%'` $@
+@POBAD_CC@	@mv $*.po.o $@
+
+.c.po: 
+	@if (: >> $@ || : > $@) >/dev/null 2>&1; then rm -f $@; else \
+	  dir=`echo $@ | sed 's,/[^/]*$$,,;s,^$$,.,'` $(MAKEDIR); fi
+	@echo Compiling $*.c with @PICFLAG@
+	@$(CC) -I. -I$(srcdir) $(FLAGS) @PICFLAG@ -c $< -o $*.@PICSUFFIX@
+@BROKEN_CC@	-mv `echo $@ | sed -e 's%^.*/%%g' -e 's%\.po$$%.o%'` $@
+@POBAD_CC@	@mv $*.po.o $@
+
+# this is for IRIX
+.c.po32: 
+	@if (: >> $@ || : > $@) >/dev/null 2>&1; then rm -f $@; else \
+	  dir=`echo $@ | sed 's,/[^/]*$$,,;s,^$$,.,'` $(MAKEDIR); fi
+	@echo Compiling $*.c with @PICFLAG@ and -32
+	@$(CC) -32 -I. -I$(srcdir) $(FLAGS32) $(PATH_FLAGS) @PICFLAG@ -c $< \
+	  -o $*.po32.o 
+@BROKEN_CC@	-mv `echo $@ | sed -e 's%^.*/%%g' -e 's%\.po32$$%.o%'` $@.o
+	@mv $*.po32.o $@
+
+bin/.dummy:
+	@if (: >> $@ || : > $@) >/dev/null 2>&1; then :; else \
+	  dir=bin $(MAKEDIR); fi
+	@: >> $@ || : > $@ # what a fancy emoticon!
+
+bin/smbd: $(SMBD_OBJ) bin/.dummy
+	@echo Linking $@
+	@$(CC) $(FLAGS) -o $@ $(SMBD_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) 
+
+bin/nmbd: $(NMBD_OBJ) bin/.dummy
+	@echo Linking $@
+	@$(CC) $(FLAGS) -o $@ $(NMBD_OBJ) $(LDFLAGS) $(LIBS)
+
+bin/wrepld: $(WREPL_OBJ) bin/.dummy
+	@echo Linking $@
+	@$(CC) $(FLAGS) -o $@ $(WREPL_OBJ) $(LDFLAGS) $(LIBS) 
+
+bin/swat: $(SWAT_OBJ) bin/.dummy
+	@echo Linking $@
+	@$(CC) $(FLAGS) -o $@ $(SWAT_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) 
+
+bin/rpcclient: $(RPCCLIENT_OBJ) @BUILD_POPT@ bin/.dummy
+	@echo Linking $@
+	@$(CC) $(FLAGS) -o $@ $(RPCCLIENT_OBJ) $(LDFLAGS) $(DYNEXP) $(TERMLDFLAGS) $(TERMLIBS) $(LIBS) @BUILD_POPT@
+
+bin/samsync: $(SAMSYNC_OBJ) bin/.dummy
+	@echo Linking $@
+	@$(CC) $(FLAGS) -o $@ $(SAMSYNC_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS)
+
+bin/smbclient: $(CLIENT_OBJ) bin/.dummy
+	@echo Linking $@
+	@$(CC) $(FLAGS) -o $@ $(CLIENT_OBJ) $(LDFLAGS) $(TERMLDFLAGS) $(TERMLIBS) $(LIBS)
+
+bin/net: $(NET_OBJ) @BUILD_POPT@ bin/.dummy
+	@echo Linking $@
+	@$(CC) $(FLAGS) -o $@ $(NET_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) @BUILD_POPT@
+
+bin/smbspool: $(CUPS_OBJ) bin/.dummy
+	@echo Linking $@
+	@$(CC) $(FLAGS) -o $@ $(CUPS_OBJ) $(LDFLAGS) $(LIBS)
+
+bin/smbmount: $(MOUNT_OBJ) bin/.dummy
+	@echo Linking $@
+	@$(CC) $(FLAGS) -o $@ $(MOUNT_OBJ) $(LDFLAGS) $(LIBS)
+
+bin/smbmnt: $(MNT_OBJ) bin/.dummy
+	@echo Linking $@
+	@$(CC) $(FLAGS) -o $@ $(MNT_OBJ) $(LDFLAGS) $(LIBS)
+
+bin/smbumount: $(UMOUNT_OBJ) bin/.dummy
+	@echo Linking $@
+	@$(CC) $(FLAGS) -o $@ $(UMOUNT_OBJ) $(LDFLAGS) $(LIBS)
+
+bin/testparm: $(TESTPARM_OBJ) bin/.dummy
+	@echo Linking $@
+	@$(CC) $(FLAGS) -o $@ $(TESTPARM_OBJ) $(LDFLAGS) $(LIBS)
+
+bin/testprns: $(TESTPRNS_OBJ) bin/.dummy
+	@echo Linking $@
+	@$(CC) $(FLAGS) -o $@ $(TESTPRNS_OBJ) $(LDFLAGS) $(LIBS)
+
+bin/smbstatus: $(STATUS_OBJ) @BUILD_POPT@ bin/.dummy
+	@echo Linking $@
+	@$(CC) $(FLAGS) -o $@ $(STATUS_OBJ) $(LDFLAGS) $(LIBS) @BUILD_POPT@
+
+bin/smbcontrol: $(SMBCONTROL_OBJ) bin/.dummy
+	@echo Linking $@
+	@$(CC) $(FLAGS) -o $@ $(SMBCONTROL_OBJ) $(LDFLAGS) $(LIBS)
+
+bin/smbtree: $(SMBTREE_OBJ) bin/.dummy
+	@echo Linking $@
+	@$(CC) $(FLAGS) -o $@ $(SMBTREE_OBJ) $(LDFLAGS) $(LIBS)
+
+bin/smbpasswd: $(SMBPASSWD_OBJ) bin/.dummy
+	@echo Linking $@
+	@$(CC) $(FLAGS) -o $@ $(SMBPASSWD_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS)
+
+bin/pdbedit: $(PDBEDIT_OBJ) bin/.dummy
+	@echo Linking $@
+	@$(CC) $(FLAGS) -o $@ $(PDBEDIT_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS)
+
+bin/smbgroupedit: $(SMBGROUPEDIT_OBJ) bin/.dummy
+	@echo Linking $@
+	@$(CC) $(FLAGS) -o $@ $(SMBGROUPEDIT_OBJ) $(LDFLAGS) $(LIBS)
+
+bin/nmblookup: $(NMBLOOKUP_OBJ) bin/.dummy
+	@echo Linking $@
+	@$(CC) $(FLAGS) -o $@ $(NMBLOOKUP_OBJ) $(LDFLAGS) $(LIBS)
+
+bin/make_printerdef: $(MAKE_PRINTERDEF_OBJ) bin/.dummy
+	@echo Linking $@
+	@$(CC) $(FLAGS) -o $@ $(MAKE_PRINTERDEF_OBJ) $(LDFLAGS) $(LIBS)
+
+bin/smbtorture: $(SMBTORTURE_OBJ) bin/.dummy
+	@echo Linking $@
+	@$(CC) $(FLAGS) -o $@ $(SMBTORTURE_OBJ) $(LDFLAGS) $(LIBS)
+
+bin/talloctort: $(TALLOCTORT_OBJ) bin/.dummy
+	@echo Linking $@
+	@$(CC) $(FLAGS) -o $@ $(TALLOCTORT_OBJ) $(LDFLAGS) $(LIBS)
+
+bin/masktest: $(MASKTEST_OBJ) bin/.dummy
+	@echo Linking $@
+	@$(CC) $(FLAGS) -o $@ $(MASKTEST_OBJ) $(LDFLAGS) $(LIBS)
+
+bin/msgtest: $(MSGTEST_OBJ) bin/.dummy
+	@echo Linking $@
+	@$(CC) $(FLAGS) -o $@ $(MSGTEST_OBJ) $(LDFLAGS) $(LIBS)
+
+bin/smbcacls: $(SMBCACLS_OBJ) bin/.dummy
+	@echo Linking $@
+	@$(CC) $(FLAGS) -o $@ $(SMBCACLS_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS)
+
+bin/locktest: $(LOCKTEST_OBJ) bin/.dummy
+	@echo Linking $@
+	@$(CC) $(FLAGS) -o $@ $(LOCKTEST_OBJ) $(LDFLAGS) $(LIBS)
+
+bin/nsstest: $(NSSTEST_OBJ) bin/.dummy
+	@echo Linking $@
+	@$(CC) $(FLAGS) -o $@ $(NSSTEST_OBJ) $(LDFLAGS) $(LIBS)
+
+bin/locktest2: $(LOCKTEST2_OBJ) bin/.dummy
+	@echo Linking $@
+	@$(CC) $(FLAGS) -o $@ $(LOCKTEST2_OBJ) $(LDFLAGS) $(LIBS)
+
+bin/rpctorture: $(RPCTORTURE_OBJ) bin/.dummy
+	@echo Linking $@
+	@$(CC) $(FLAGS) -o $@ $(RPCTORTURE_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS)
+
+bin/debug2html: $(DEBUG2HTML_OBJ) bin/.dummy
+	@echo Linking $@
+	@$(CC) $(FLAGS) -o $@ $(DEBUG2HTML_OBJ) $(LDFLAGS) $(LIBS)
+
+bin/smbfilter: $(SMBFILTER_OBJ) bin/.dummy
+	@echo Linking $@
+	@$(CC) $(FLAGS) -o $@ $(SMBFILTER_OBJ) $(LDFLAGS) $(LIBS)
+
+bin/smbw_sample: $(SMBW_OBJ) utils/smbw_sample.o bin/.dummy
+	@echo Linking $@
+	@$(CC) $(FLAGS) -o $@ $(SMBW_OBJ) utils/smbw_sample.o $(LDFLAGS) $(LIBS)
+
+bin/smbwrapper.@SHLIBEXT@: $(PICOBJS)
+	@echo Linking shared library $@
+	@$(SHLD) $(LDSHFLAGS) -o $@ $(PICOBJS) $(LIBS)
+
+bin/smbwrapper.32.@SHLIBEXT@: $(PICOBJS32)
+	@echo Linking shared library $@
+	@$(SHLD) -32 $(LDSHFLAGS) -o $@ $(PICOBJS32) $(LIBS)
+
+bin/libsmbclient.@SHLIBEXT@: $(LIBSMBCLIENT_PICOBJS)
+	echo Linking libsmbclient shared library $@
+	$(SHLD) $(LDSHFLAGS) -o $@ $(LIBSMBCLIENT_PICOBJS) $(LIBS)
+
+bin/libsmbclient.a: $(LIBSMBCLIENT_PICOBJS)
+	@echo Linking libsmbclient non-shared library $@
+	-$(AR) -rc $@ $(LIBSMBCLIENT_PICOBJS) 
+
+libsmbclient: bin/libsmbclient.a bin/libsmbclient.@SHLIBEXT@
+
+bin/smbsh: $(SMBSH_OBJ) bin/.dummy
+	@echo Linking $@
+	@$(CC) $(FLAGS) -o $@ $(SMBSH_OBJ) $(LDFLAGS) $(LIBS)
+
+nsswitch/libnss_wins.so: $(NSS_OBJ)
+	@echo "Linking $@"
+	@$(SHLD) $(LDSHFLAGS) -o $@ $(NSS_OBJ) -lc
+
+bin/winbindd: $(WINBINDD_OBJ) bin/.dummy
+	@echo Linking $@
+	@$(LINK) -o $@ $(WINBINDD_OBJ) $(DYNEXP) $(LIBS)
+
+nsswitch/libnss_winbind.so: $(WINBIND_NSS_PICOBJS)
+	@echo "Linking $@"
+	@$(SHLD) $(LDSHFLAGS) -o $@ $(WINBIND_NSS_PICOBJS) @WINBIND_NSS_EXTRA_LIBS@
+
+nsswitch/pam_winbind.so: $(PAM_WINBIND_OBJ) bin/.dummy
+	@echo Linking $@
+	@$(SHLD) $(LDSHFLAGS) -o $@ $(PAM_WINBIND_OBJ)
+
+bin/wbinfo: $(WBINFO_OBJ) $(PARAM_OBJ) $(LIB_OBJ) $(NOPROTO_OBJ) \
+		$(UBIQX_OBJ) @BUILD_POPT@ bin/.dummy
+	@echo Linking $@
+	@$(LINK) -o $@ $(WBINFO_OBJ) $(PARAM_OBJ) $(LIB_OBJ) $(NOPROTO_OBJ) \
+		$(UBIQX_OBJ) $(LIBS) @BUILD_POPT@
+
+bin/pam_smbpass.@SHLIBEXT@: $(PAM_SMBPASS_PICOOBJ)
+	@echo "Linking shared library $@"
+	$(SHLD) $(LDSHFLAGS) -symbolic -o $@ $(PAM_SMBPASS_PICOOBJ) -lpam $(DYNEXP) $(LIBS) -lc
+
+bin/libmsrpc.a: $(LIBMSRPC_PICOBJ)
+	-$(AR) -rc $@ $(LIBMSRPC_PICOBJ) 
+
+bin/spamsync: rpcclient/samsync.o bin/libmsrpc.a
+	@$(LINK) -o $@ rpcclient/samsync.o bin/libmsrpc.a \
+		$(UBIQX_OBJ) $(LIBS)
+
+bin/tdbbackup: $(TDBBACKUP_OBJ) bin/.dummy
+	@echo Linking $@
+	@$(CC) $(FLAGS) -o $@ $(TDBBACKUP_OBJ)
+
+install: installbin installman installscripts installdat installswat 
+
+installdirs:
+	@$(SHELL) $(srcdir)/script/installdirs.sh $(BASEDIR) $(BINDIR) $(SBINDIR) $(LIBDIR) $(VARDIR) $(PRIVATEDIR)
+
+installservers: all installdirs
+	@$(SHELL) $(srcdir)/script/installbin.sh $(INSTALLPERMS) $(BASEDIR) $(SBINDIR) $(LIBDIR) $(VARDIR) $(SPROGS)
+
+installbin: all installdirs
+	@$(SHELL) $(srcdir)/script/installbin.sh $(INSTALLPERMS) $(BASEDIR) $(SBINDIR) $(LIBDIR) $(VARDIR) $(SPROGS)
+	@$(SHELL) $(srcdir)/script/installbin.sh $(INSTALLPERMS) $(BASEDIR) $(BINDIR) $(LIBDIR) $(VARDIR) $(PROGS)
+
+installscripts: installdirs
+	@$(SHELL) $(srcdir)/script/installscripts.sh $(INSTALLPERMS) $(BINDIR) $(SCRIPTS)
+
+installdat: installdirs
+	@$(SHELL) $(srcdir)/script/installdat.sh $(LIBDIR) $(srcdir)
+
+installswat: installdirs
+	@$(SHELL) $(srcdir)/script/installswat.sh $(SWATDIR) $(srcdir)
+
+installclientlib:
+	-$(INSTALLCMD) bin/libsmbclient.so ${prefix}/lib
+	-$(INSTALLCMD) -d ${prefix}/include
+	-$(INSTALLCMD) include/libsmbclient.h ${prefix}/include
+
+# revert to the previously installed version
+revert:
+	@$(SHELL) $(srcdir)/script/revert.sh $(SBINDIR) $(SPROGS) 
+	@$(SHELL) $(srcdir)/script/revert.sh $(BINDIR) $(PROGS) $(SCRIPTS)
+
+installman:
+	@$(SHELL) $(srcdir)/script/installman.sh $(MANDIR) $(srcdir) $(man_langs) "@ROFF@"
+
+.PHONY: showlayout
+
+showlayout: 
+	@echo "Samba will be installed into:"
+	@echo "  basedir: $(BASEDIR)"
+	@echo "  bindir:  $(BINDIR)"
+	@echo "  sbindir: $(SBINDIR)"
+	@echo "  libdir:  $(LIBDIR)"
+	@echo "  vardir:  $(VARDIR)"
+	@echo "  mandir:  $(MANDIR)"
+
+
+uninstall: uninstallman uninstallbin uninstallscripts
+
+uninstallman:
+	@$(SHELL) $(srcdir)/script/uninstallman.sh $(MANDIR) $(srcdir) $(man_langs)
+
+uninstallbin:
+	@$(SHELL) $(srcdir)/script/uninstallbin.sh $(INSTALLPERMS) $(BASEDIR) $(SBINDIR) $(LIBDIR) $(VARDIR) $(SPROGS)
+	@$(SHELL) $(srcdir)/script/uninstallbin.sh $(INSTALLPERMS) $(BASEDIR) $(BINDIR) $(LIBDIR) $(VARDIR) $(PROGS)
+
+uninstallscripts:
+	@$(SHELL) $(srcdir)/script/uninstallscripts.sh $(INSTALLPERMS) $(BINDIR) $(SCRIPTS)
+
+# Toplevel clean files
+TOPFILES=dynconfig.o dynconfig.po
+
+clean: delheaders
+	-rm -f core */*~ *~ */*.o */*.po */*.po32 */*.@SHLIBEXT@ \
+	$(TOPFILES) $(PROGS) $(SPROGS) .headers.stamp
+
+winbindd_proto:
+	@cd $(srcdir) && $(SHELL) script/mkproto.sh $(AWK) \
+	  -h _WINBINDD_PROTO_H_ nsswitch/winbindd_proto.h \
+	  $(WINBINDD_OBJ1)
+
+delheaders:
+	@/bin/rm -f $(srcdir)/include/proto.h $(srcdir)/include/build_env.h
+	@/bin/rm -f include/proto.h include/build_env.h
+
+# we want our generated headers to be rebuilt if they don't exist, but not rebuilt every time
+.headers.stamp:
+	@[ -f $@ ] || touch $@
+
+$(PROTO_OBJ) : .headers.stamp
+
+include/proto.h:
+	@echo rebuilding include/proto.h
+	@cd $(srcdir) && $(AWK) -f script/mkproto.awk `echo $(PROTO_OBJ) | tr ' ' '\n' | sed -e 's/\.o/\.c/g' | sort -u | egrep -v 'ubiqx/|wrapped'` > $(builddir)/include/proto.h
+
+include/build_env.h:
+	@echo rebuilding include/build_env.h
+	@cd $(srcdir) && $(SHELL) script/build_env.sh $(srcdir) $(builddir) $(CC) > $(builddir)/include/build_env.h
+
+include/wrepld_proto.h:
+	@echo rebuilding include/wrepld_proto.h
+	@cd $(srcdir) && $(SHELL) script/mkproto.sh $(AWK) \
+	  -h _WREPLD_PROTO_H_ $(builddir)/include/wrepld_proto.h \
+	  $(WREPL_OBJ1)
+
+headers: delheaders include/proto.h include/build_env.h include/wrepld_proto.h .headers.stamp
+
+proto: headers winbindd_proto
+
+etags:
+	etags `find $(srcdir) -name "*.[ch]" | grep -v /CVS/`
+
+ctags:
+	ctags `find $(srcdir) -name "*.[ch]" | grep -v /CVS/`
+
+realclean: clean
+	-rm -f config.log $(PROGS) $(SPROGS) bin/.dummy
+	-rmdir bin
+
+distclean: realclean
+	-rm -f include/config.h Makefile
+	-rm -f config.status config.cache so_locations
+	-rm -rf .deps
+
+# this target is really just for my use. It only works on a limited
+# range of machines and is used to produce a list of potentially
+# dead (ie. unused) functions in the code. (tridge)
+finddead:
+	nm */*.o |grep 'U ' | awk '{print $$2}' | sort -u > nmused.txt
+	nm */*.o |grep 'T ' | awk '{print $$3}' | sort -u > nmfns.txt
+	comm -13 nmused.txt nmfns.txt 
+
+
+# when configure.in is updated, reconfigure
+$(srcdir)/configure: $(srcdir)/configure.in
+	@echo "WARNING: you need to rerun autoconf"
+
+config.status: $(srcdir)/configure
+	@echo "WARNING: you need to run configure"
+
+Makefile: $(srcdir)/Makefile.in config.status
+	@echo "WARNING: you need to run ./config.status"
+
+test_prefix=/tmp/test-samba
+# Run regression suite using the external "satyr" framework
+check:
+	@echo "** Sorry, samba self-test without installation does not work "
+	@echo "** yet.  Please try specifying a scratch directory to"
+	@echo "**       ./configure --prefix DIR"
+	@echo "** then run \"make install installcheck\""
+	exit 1
+
+# 	-rm -rf $(test_prefix)/lib
+# 	mkdir $(test_prefix)/lib -p ./testdir 
+# 	PATH=$(builddir)/bin:$(PATH) \
+# 	SATYR_SUITEDIR=../testsuite/build_farm/ prefix=$(test_prefix) \
+# 	testdir=./testdir $(SHELL) satyr
+
+# Run regression suite on the installed version.
+
+# `installcheck'
+#      Perform installation tests (if any).  The user must build and
+#      install the program before running the tests.  You should not
+#      assume that `$(bindir)' is in the search path.
+
+dangerous-installcheck:
+	mkdir -p $(BASEDIR)/lib
+	mkdir -p $(BASEDIR)/var
+	PATH=$(BINDIR):$(SBINDIR):$(PATH) \
+	SATYR_DISCOURAGE=1 \
+	SATYR_SUITEDIR=../testsuite/satyr/ prefix=$(BASEDIR) \
+	LIBSMB_PROG=$(SBINDIR)/smbd \
+	testdir=./testdir $(SHELL) satyr
+
diff --git a/source3/acconfig.h b/source3/acconfig.h
new file mode 100644
index 0000000000..00c14ca97b
--- /dev/null
+++ b/source3/acconfig.h
@@ -0,0 +1,216 @@
+#undef HAVE_VOLATILE
+#undef HAVE_BROKEN_READDIR
+#undef HAVE_C99_VSNPRINTF
+#undef HAVE_ERRNO_DECL
+#undef HAVE_LONGLONG
+#undef HAVE_OFF64_T
+#undef HAVE_REMSH
+#undef HAVE_UNSIGNED_CHAR
+#undef HAVE_UTIMBUF
+#undef HAVE_SIG_ATOMIC_T_TYPE
+#undef HAVE_SOCKLEN_T_TYPE
+#undef ssize_t
+#undef ino_t
+#undef ssize_t
+#undef loff_t
+#undef offset_t
+#undef aclent_t
+#undef wchar_t
+#undef HAVE_CONNECT
+#undef HAVE_SHORT_INO_T
+#undef WITH_SMBWRAPPER
+#undef WITH_AFS
+#undef WITH_DFS
+#undef SUNOS5
+#undef SUNOS4
+#undef LINUX
+#undef AIX
+#undef BSD
+#undef IRIX
+#undef IRIX6
+#undef HPUX
+#undef QNX
+#undef SCO
+#undef OSF1
+#undef NEXT2
+#undef RELIANTUNIX
+#undef HAVE_MMAP
+#undef HAVE_FCNTL_LOCK
+#undef HAVE_FTRUNCATE_EXTEND
+#undef FTRUNCATE_NEEDS_ROOT
+#undef HAVE_TRAPDOOR_UID
+#undef HAVE_ROOT
+#undef HAVE_GETTIMEOFDAY_TZ
+#undef HAVE_SOCK_SIN_LEN
+#undef STAT_READ_FILSYS
+#undef STAT_STATFS2_BSIZE
+#undef STAT_STATFS2_FSIZE
+#undef STAT_STATFS2_FS_DATA
+#undef STAT_STATFS3_OSF1
+#undef STAT_STATFS4
+#undef STAT_STATVFS
+#undef STAT_STATVFS64
+#undef HAVE_IFACE_AIX
+#undef HAVE_IFACE_IFCONF
+#undef HAVE_IFACE_IFREQ
+#undef HAVE_CRYPT
+#undef HAVE_PUTPRPWNAM
+#undef HAVE_SET_AUTH_PARAMETERS
+#undef WITH_SYSLOG
+#undef WITH_PROFILE
+#undef WITH_SSL
+#undef SSL_DIR
+#undef WITH_PAM
+#undef WITH_NISPLUS_HOME
+#undef WITH_AUTOMOUNT
+#undef WITH_SMBMOUNT
+#undef WITH_QUOTAS
+#undef WITH_WINBIND
+#undef HAVE_BROKEN_GETGROUPS
+#undef REPLACE_GETPASS
+#undef REPLACE_INET_NTOA
+#undef HAVE_FILE_MACRO
+#undef HAVE_FUNCTION_MACRO
+#undef HAVE_SETRESUID_DECL
+#undef HAVE_SETRESUID
+#undef WITH_NETATALK
+#undef WITH_UTMP
+#undef WITH_MSDFS
+#undef WITH_LIBICONV
+#undef HAVE_INO64_T
+#undef HAVE_DEV64_T
+#undef HAVE_STRUCT_FLOCK64
+#undef SIZEOF_INO_T
+#undef SIZEOF_OFF_T
+#undef STAT_STATVFS64
+#undef HAVE_LIBREADLINE
+#undef HAVE_KERNEL_SHARE_MODES
+#undef HAVE_KERNEL_OPLOCKS_IRIX
+#undef HAVE_KERNEL_OPLOCKS_LINUX
+#undef HAVE_KERNEL_CHANGE_NOTIFY
+#undef HAVE_IRIX_SPECIFIC_CAPABILITIES
+#undef HAVE_INT16_FROM_RPC_RPC_H
+#undef HAVE_UINT16_FROM_RPC_RPC_H
+#undef HAVE_INT32_FROM_RPC_RPC_H
+#undef HAVE_UINT32_FROM_RPC_RPC_H
+#undef KRB4_AUTH
+#undef KRB5_AUTH
+#undef KRB4_DIR
+#undef KRB5_DIR
+#undef SEEKDIR_RETURNS_VOID
+#undef HAVE_DIRENT_D_OFF
+#undef HAVE_GETSPNAM
+#undef HAVE_BIGCRYPT
+#undef HAVE_GETPRPWNAM
+#undef HAVE_FSTAT64
+#undef HAVE_LSTAT64
+#undef HAVE_STAT64
+#undef HAVE_SETRESGID
+#undef HAVE_SETRESGID_DECL
+#undef HAVE_SHADOW_H
+#undef HAVE_CUPS
+#undef HAVE_MEMSET
+#undef HAVE_STRCASECMP
+#undef HAVE_STRUCT_DIRENT64
+#undef HAVE_TRUNCATED_SALT
+#undef BROKEN_NISPLUS_INCLUDE_FILES
+#undef HAVE_RPC_AUTH_ERROR_CONFLICT
+#undef HAVE_EXPLICIT_LARGEFILE_SUPPORT
+#undef USE_BOTH_CRYPT_CALLS
+#undef HAVE_BROKEN_FCNTL64_LOCKS
+#undef HAVE_SECURE_MKSTEMP
+#undef HAVE_FNMATCH
+#undef USE_SETEUID
+#undef USE_SETRESUID
+#undef USE_SETREUID
+#undef USE_SETUIDX
+#undef HAVE_LIBDL
+#undef SYSCONF_SC_NGROUPS_MAX
+#undef HAVE_UT_UT_NAME
+#undef HAVE_UT_UT_USER
+#undef HAVE_UT_UT_ID
+#undef HAVE_UT_UT_HOST
+#undef HAVE_UT_UT_TIME
+#undef HAVE_UT_UT_TV
+#undef HAVE_UT_UT_TYPE
+#undef HAVE_UT_UT_PID
+#undef HAVE_UT_UT_EXIT
+#undef HAVE_UT_UT_ADDR
+#undef HAVE_UX_UT_SYSLEN
+#undef PUTUTLINE_RETURNS_UTMP
+#undef COMPILER_SUPPORTS_LL
+#undef HAVE_YP_GET_DEFAULT_DOMAIN
+#undef USE_SPINLOCKS
+#undef SPARC_SPINLOCKS
+#undef INTEL_SPINLOCKS
+#undef MIPS_SPINLOCKS
+#undef POWERPC_SPINLOCKS
+#undef HAVE_POSIX_ACLS
+#undef HAVE_ACL_GET_PERM_NP
+#undef HAVE_UNIXWARE_ACLS
+#undef HAVE_SOLARIS_ACLS
+#undef HAVE_HPUX_ACLS
+#undef HAVE_IRIX_ACLS
+#undef HAVE_AIX_ACLS
+#undef HAVE_TRU64_ACLS
+#undef HAVE_NO_ACLS
+#undef HAVE_LIBPAM
+#undef HAVE_ASPRINTF_DECL
+#undef HAVE_VASPRINTF_DECL
+#undef HAVE_SNPRINTF_DECL
+#undef HAVE_VSNPRINTF_DECL
+#undef HAVE_NATIVE_ICONV
+#undef HAVE_UNIXSOCKET
+#undef MMAP_BLACKLIST
+#undef HAVE_IMMEDIATE_STRUCTURES
+#undef HAVE_CUPS
+#undef WITH_LDAP_SAM
+#undef WITH_NISPLUS_SAM
+#undef WITH_TDB_SAM
+#undef LINUX_QUOTAS_1
+#undef LINUX_QUOTAS_2
+#undef PACKAGE
+#undef VERSION
+#undef HAVE_LC_MESSAGES
+#undef ENABLE_NLS
+#undef HAVE_CATGETS
+#undef HAVE_GETTEXT
+#undef HAVE_STPCPY
+#undef I18N_SWAT
+#undef I18N_DEFAULT_PREF_LANG
+#undef HAVE_KRB5
+#undef HAVE_GSSAPI
+#undef BROKEN_REDHAT_7_SYSTEM_HEADERS
+#undef HAVE_LDAP
+#undef HAVE_STAT_ST_BLOCKS
+#undef STAT_ST_BLOCKSIZE
+#undef HAVE_DEVICE_MAJOR_FN
+#undef HAVE_DEVICE_MINOR_FN
+/*
+ * Add these definitions to allow VFS modules to
+ * see the CPPFLAGS defines.
+ */
+#ifndef _HPUX_SOURCE
+#undef _HPUX_SOURCE
+#endif
+#ifndef _POSIX_SOURCE
+#undef _POSIX_SOURCE
+#endif
+#ifndef _LARGEFILE64_SOURCE
+#undef _LARGEFILE64_SOURCE
+#endif
+#ifndef _ALIGNMENT_REQUIRED
+#undef _ALIGNMENT_REQUIRED
+#endif
+#ifndef _MAX_ALIGNMENT
+#undef _MAX_ALIGNMENT
+#endif
+#ifndef _LARGE_FILES
+#undef _LARGE_FILES
+#endif
+#ifndef _FILE_OFFSET_BITS
+#undef _FILE_OFFSET_BITS
+#endif
+#ifndef _GNU_SOURCE
+#undef _GNU_SOURCE
+#endif
diff --git a/source3/aclocal.m4 b/source3/aclocal.m4
new file mode 100644
index 0000000000..caf5ab461b
--- /dev/null
+++ b/source3/aclocal.m4
@@ -0,0 +1,932 @@
+dnl AC_VALIDATE_CACHE_SYSTEM_TYPE[(cmd)]
+dnl if the cache file is inconsistent with the current host,
+dnl target and build system types, execute CMD or print a default
+dnl error message.
+AC_DEFUN(AC_VALIDATE_CACHE_SYSTEM_TYPE, [
+    AC_REQUIRE([AC_CANONICAL_SYSTEM])
+    AC_MSG_CHECKING([config.cache system type])
+    if { test x"${ac_cv_host_system_type+set}" = x"set" &&
+         test x"$ac_cv_host_system_type" != x"$host"; } ||
+       { test x"${ac_cv_build_system_type+set}" = x"set" &&
+         test x"$ac_cv_build_system_type" != x"$build"; } ||
+       { test x"${ac_cv_target_system_type+set}" = x"set" &&
+         test x"$ac_cv_target_system_type" != x"$target"; }; then
+	AC_MSG_RESULT([different])
+	ifelse($#, 1, [$1],
+		[AC_MSG_ERROR(["you must remove config.cache and restart configure"])])
+    else
+	AC_MSG_RESULT([same])
+    fi
+    ac_cv_host_system_type="$host"
+    ac_cv_build_system_type="$build"
+    ac_cv_target_system_type="$target"
+])
+
+
+dnl test whether dirent has a d_off member
+AC_DEFUN(AC_DIRENT_D_OFF,
+[AC_CACHE_CHECK([for d_off in dirent], ac_cv_dirent_d_off,
+[AC_TRY_COMPILE([
+#include <unistd.h>
+#include <sys/types.h>
+#include <dirent.h>], [struct dirent d; d.d_off;],
+ac_cv_dirent_d_off=yes, ac_cv_dirent_d_off=no)])
+if test $ac_cv_dirent_d_off = yes; then
+  AC_DEFINE(HAVE_DIRENT_D_OFF)
+fi
+])
+
+
+dnl AC_PROG_CC_FLAG(flag)
+AC_DEFUN(AC_PROG_CC_FLAG,
+[AC_CACHE_CHECK(whether ${CC-cc} accepts -$1, ac_cv_prog_cc_$1,
+[echo 'void f(){}' > conftest.c
+if test -z "`${CC-cc} -$1 -c conftest.c 2>&1`"; then
+  ac_cv_prog_cc_$1=yes
+else
+  ac_cv_prog_cc_$1=no
+fi
+rm -f conftest*
+])])
+
+dnl see if a declaration exists for a function or variable
+dnl defines HAVE_function_DECL if it exists
+dnl AC_HAVE_DECL(var, includes)
+AC_DEFUN(AC_HAVE_DECL,
+[
+ AC_CACHE_CHECK([for $1 declaration],ac_cv_have_$1_decl,[
+    AC_TRY_COMPILE([$2],[int i = (int)$1],
+        ac_cv_have_$1_decl=yes,ac_cv_have_$1_decl=no)])
+ if test x"$ac_cv_have_$1_decl" = x"yes"; then
+    AC_DEFINE([HAVE_]translit([$1], [a-z], [A-Z])[_DECL])
+ fi
+])
+
+
+dnl check for a function in a library, but don't
+dnl keep adding the same library to the LIBS variable.
+dnl AC_LIBTESTFUNC(lib,func)
+AC_DEFUN(AC_LIBTESTFUNC,
+[case "$LIBS" in
+  *-l$1*) AC_CHECK_FUNCS($2) ;;
+  *) AC_CHECK_LIB($1, $2) 
+     AC_CHECK_FUNCS($2)
+  ;;
+  esac
+])
+
+dnl Define an AC_DEFINE with ifndef guard.
+dnl AC_N_DEFINE(VARIABLE [, VALUE])
+define(AC_N_DEFINE,
+[cat >> confdefs.h <<\EOF
+[#ifndef] $1
+[#define] $1 ifelse($#, 2, [$2], $#, 3, [$2], 1)
+[#endif]
+EOF
+])
+
+dnl Add an #include
+dnl AC_ADD_INCLUDE(VARIABLE)
+define(AC_ADD_INCLUDE,
+[cat >> confdefs.h <<\EOF
+[#include] $1
+EOF
+])
+
+## libtool.m4 - Configure libtool for the target system. -*-Shell-script-*-
+## Copyright (C) 1996-1999 Free Software Foundation, Inc.
+## Originally by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
+##
+## This program is free software; you can redistribute it and/or modify
+## it under the terms of the GNU General Public License as published by
+## the Free Software Foundation; either version 2 of the License, or
+## (at your option) any later version.
+##
+## This program is distributed in the hope that it will be useful, but
+## WITHOUT ANY WARRANTY; without even the implied warranty of
+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+## General Public License for more details.
+##
+## You should have received a copy of the GNU General Public License
+## along with this program; if not, write to the Free Software
+## Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+##
+## As a special exception to the GNU General Public License, if you
+## distribute this file as part of a program that contains a
+## configuration script generated by Autoconf, you may include it under
+## the same distribution terms that you use for the rest of that program.
+
+# serial 40 AC_PROG_LIBTOOL
+AC_DEFUN(AC_PROG_LIBTOOL,
+[AC_REQUIRE([AC_LIBTOOL_SETUP])dnl
+
+# Save cache, so that ltconfig can load it
+AC_CACHE_SAVE
+
+# Actually configure libtool.  ac_aux_dir is where install-sh is found.
+CC="$CC" CFLAGS="$CFLAGS" CPPFLAGS="$CPPFLAGS" \
+LD="$LD" LDFLAGS="$LDFLAGS" LIBS="$LIBS" \
+LN_S="$LN_S" NM="$NM" RANLIB="$RANLIB" \
+DLLTOOL="$DLLTOOL" AS="$AS" OBJDUMP="$OBJDUMP" \
+${CONFIG_SHELL-/bin/sh} $ac_aux_dir/ltconfig --no-reexec \
+$libtool_flags --no-verify $ac_aux_dir/ltmain.sh $lt_target \
+|| AC_MSG_ERROR([libtool configure failed])
+
+# Reload cache, that may have been modified by ltconfig
+AC_CACHE_LOAD
+
+# This can be used to rebuild libtool when needed
+LIBTOOL_DEPS="$ac_aux_dir/ltconfig $ac_aux_dir/ltmain.sh"
+
+# Always use our own libtool.
+LIBTOOL='$(SHELL) $(top_builddir)/libtool'
+AC_SUBST(LIBTOOL)dnl
+
+# Redirect the config.log output again, so that the ltconfig log is not
+# clobbered by the next message.
+exec 5>>./config.log
+])
+
+# Macro to add for using GNU gettext.
+# Ulrich Drepper <drepper@cygnus.com>, 1995.
+#
+# This file can be copied and used freely without restrictions.  It can
+# be used in projects which are not available under the GNU Public License
+# but which still want to provide support for the GNU gettext functionality.
+# Please note that the actual code is *not* freely available.
+
+# serial 5
+
+AC_DEFUN(AM_WITH_NLS,
+  [AC_MSG_CHECKING([whether NLS is requested])
+    dnl Default is enabled NLS
+    AC_ARG_ENABLE(nls,
+      [  --disable-nls           do not use Native Language Support],
+      USE_NLS=$enableval, USE_NLS=yes)
+    AC_MSG_RESULT($USE_NLS)
+    AC_SUBST(USE_NLS)
+
+    USE_INCLUDED_LIBINTL=no
+
+    dnl If we use NLS figure out what method
+    if test "$USE_NLS" = "yes"; then
+      AC_DEFINE(ENABLE_NLS)
+#      AC_MSG_CHECKING([whether included gettext is requested])
+#      AC_ARG_WITH(included-gettext,
+#        [  --with-included-gettext use the GNU gettext library included here],
+#        nls_cv_force_use_gnu_gettext=$withval,
+#        nls_cv_force_use_gnu_gettext=no)
+#      AC_MSG_RESULT($nls_cv_force_use_gnu_gettext)
+
+        dnl ad-hoc fix to prevent configure from detecting
+        dnl gettext on the system. use included-gettext as default.(rkawa)
+        nls_cv_force_use_gnu_gettext="yes"
+
+      nls_cv_use_gnu_gettext="$nls_cv_force_use_gnu_gettext"
+      if test "$nls_cv_force_use_gnu_gettext" != "yes"; then
+        dnl User does not insist on using GNU NLS library.  Figure out what
+        dnl to use.  If gettext or catgets are available (in this order) we
+        dnl use this.  Else we have to fall back to GNU NLS library.
+        dnl catgets is only used if permitted by option --with-catgets.
+        nls_cv_header_intl=
+        nls_cv_header_libgt=
+        CATOBJEXT=NONE
+
+        AC_CHECK_HEADER(libintl.h,
+          [AC_CACHE_CHECK([for gettext in libc], gt_cv_func_gettext_libc,
+            [AC_TRY_LINK([#include <libintl.h>], [return (int) gettext ("")],
+               gt_cv_func_gettext_libc=yes, gt_cv_func_gettext_libc=no)])
+
+           if test "$gt_cv_func_gettext_libc" != "yes"; then
+             AC_CHECK_LIB(intl, bindtextdomain,
+               [AC_CACHE_CHECK([for gettext in libintl],
+                 gt_cv_func_gettext_libintl,
+                 [AC_CHECK_LIB(intl, gettext,
+                  gt_cv_func_gettext_libintl=yes,
+                  gt_cv_func_gettext_libintl=no)],
+                 gt_cv_func_gettext_libintl=no)])
+           fi
+
+           if test "$gt_cv_func_gettext_libc" = "yes" \
+              || test "$gt_cv_func_gettext_libintl" = "yes"; then
+              AC_DEFINE(HAVE_GETTEXT)
+              AM_PATH_PROG_WITH_TEST(MSGFMT, msgfmt,
+                [test -z "`$ac_dir/$ac_word -h 2>&1 | grep 'dv '`"], no)dnl
+              if test "$MSGFMT" != "no"; then
+                AC_CHECK_FUNCS(dcgettext)
+                AC_PATH_PROG(GMSGFMT, gmsgfmt, $MSGFMT)
+                AM_PATH_PROG_WITH_TEST(XGETTEXT, xgettext,
+                  [test -z "`$ac_dir/$ac_word -h 2>&1 | grep '(HELP)'`"], :)
+                AC_TRY_LINK(, [extern int _nl_msg_cat_cntr;
+                               return _nl_msg_cat_cntr],
+                  [CATOBJEXT=.gmo
+                   DATADIRNAME=share],
+                  [CATOBJEXT=.mo
+                   DATADIRNAME=lib])
+                INSTOBJEXT=.mo
+              fi
+            fi
+        ])
+
+        if test "$CATOBJEXT" = "NONE"; then
+#         AC_MSG_CHECKING([whether catgets can be used])
+#         AC_ARG_WITH(catgets,
+#           [  --with-catgets          use catgets functions if available],
+#           nls_cv_use_catgets=$withval, nls_cv_use_catgets=no)
+#         AC_MSG_RESULT($nls_cv_use_catgets)
+
+        dnl ad-hoc fix to prevent configure to detect catgets library.
+        dnl (rkawa)
+        nls_cv_use_catgets="no"
+
+          if test "$nls_cv_use_catgets" = "yes"; then
+            dnl No gettext in C library.  Try catgets next.
+            AC_CHECK_LIB(i, main)
+            AC_CHECK_FUNC(catgets,
+              [AC_DEFINE(HAVE_CATGETS)
+               INTLOBJS="\$(CATOBJS)"
+               AC_PATH_PROG(GENCAT, gencat, no)dnl
+               if test "$GENCAT" != "no"; then
+                 AC_PATH_PROG(GMSGFMT, gmsgfmt, no)
+                 if test "$GMSGFMT" = "no"; then
+                   AM_PATH_PROG_WITH_TEST(GMSGFMT, msgfmt,
+                    [test -z "`$ac_dir/$ac_word -h 2>&1 | grep 'dv '`"], no)
+                 fi
+                 AM_PATH_PROG_WITH_TEST(XGETTEXT, xgettext,
+                   [test -z "`$ac_dir/$ac_word -h 2>&1 | grep '(HELP)'`"], :)
+                 USE_INCLUDED_LIBINTL=yes
+                 CATOBJEXT=.cat
+                 INSTOBJEXT=.cat
+                 DATADIRNAME=lib
+                 INTLDEPS='$(top_builddir)/intl/libintl.a'
+                 INTLLIBS=$INTLDEPS
+                 LIBS=`echo $LIBS | sed -e 's/-lintl//'`
+                 nls_cv_header_intl=intl/libintl.h
+                 nls_cv_header_libgt=intl/libgettext.h
+               fi])
+          fi
+        fi
+
+        if test "$CATOBJEXT" = "NONE"; then
+          dnl Neither gettext nor catgets in included in the C library.
+          dnl Fall back on GNU gettext library.
+          nls_cv_use_gnu_gettext=yes
+        fi
+      fi
+
+      if test "$nls_cv_use_gnu_gettext" = "yes"; then
+        dnl Mark actions used to generate GNU NLS library.
+        INTLOBJS="\$(GETTOBJS)"
+        AM_PATH_PROG_WITH_TEST(MSGFMT, msgfmt,
+          [test -z "`$ac_dir/$ac_word -h 2>&1 | grep 'dv '`"], msgfmt)
+        AC_PATH_PROG(GMSGFMT, gmsgfmt, $MSGFMT)
+        AM_PATH_PROG_WITH_TEST(XGETTEXT, xgettext,
+          [test -z "`$ac_dir/$ac_word -h 2>&1 | grep '(HELP)'`"], :)
+        AC_SUBST(MSGFMT)
+        USE_INCLUDED_LIBINTL=yes
+        CATOBJEXT=.gmo
+        INSTOBJEXT=.mo
+        DATADIRNAME=share
+        INTLDEPS='$(top_builddir)/intl/libintl.a'
+        INTLLIBS=$INTLDEPS
+        LIBS=`echo $LIBS | sed -e 's/-lintl//'`
+        nls_cv_header_intl=intl/libintl.h
+        nls_cv_header_libgt=intl/libgettext.h
+      fi
+
+      dnl Test whether we really found GNU xgettext.
+      if test "$XGETTEXT" != ":"; then
+        dnl If it is no GNU xgettext we define it as : so that the
+        dnl Makefiles still can work.
+        if $XGETTEXT --omit-header /dev/null 2> /dev/null; then
+          : ;
+        else
+          AC_MSG_RESULT(
+            [found xgettext program is not GNU xgettext; ignore it])
+          XGETTEXT=":"
+        fi
+      fi
+
+      # We need to process the po/ directory.
+      POSUB=po
+    else
+      DATADIRNAME=share
+      nls_cv_header_intl=intl/libintl.h
+      nls_cv_header_libgt=intl/libgettext.h
+    fi
+
+    dnl the next line has been modified by rkawa to avoid
+    dnl misconfiguration of intl/libintl.h symlink.
+    rm -f intl/libintl.h
+
+    AC_LINK_FILES($nls_cv_header_libgt, $nls_cv_header_intl)
+    AC_OUTPUT_COMMANDS(
+     [case "$CONFIG_FILES" in *po/Makefile.in*)
+        sed -e "/POTFILES =/r po/POTFILES" po/Makefile.in > po/Makefile
+      esac])
+
+
+    # If this is used in GNU gettext we have to set USE_NLS to `yes'
+    # because some of the sources are only built for this goal.
+    if test "$PACKAGE" = gettext; then
+      USE_NLS=yes
+      USE_INCLUDED_LIBINTL=yes
+    fi
+
+    dnl These rules are solely for the distribution goal.  While doing this
+    dnl we only have to keep exactly one list of the available catalogs
+    dnl in configure.in.
+    for lang in $ALL_LINGUAS; do
+      GMOFILES="$GMOFILES $lang.gmo"
+      POFILES="$POFILES $lang.po"
+    done
+
+    dnl Make all variables we use known to autoconf.
+    AC_SUBST(USE_INCLUDED_LIBINTL)
+    AC_SUBST(CATALOGS)
+    AC_SUBST(CATOBJEXT)
+    AC_SUBST(DATADIRNAME)
+    AC_SUBST(GMOFILES)
+    AC_SUBST(INSTOBJEXT)
+    AC_SUBST(INTLDEPS)
+    AC_SUBST(INTLLIBS)
+    AC_SUBST(INTLOBJS)
+    AC_SUBST(POFILES)
+    AC_SUBST(POSUB)
+  ])
+
+AC_DEFUN(AM_GNU_GETTEXT,
+  [AC_REQUIRE([AC_PROG_MAKE_SET])dnl
+   AC_REQUIRE([AC_PROG_CC])dnl
+   AC_REQUIRE([AC_PROG_RANLIB])dnl
+   AC_REQUIRE([AC_ISC_POSIX])dnl
+   AC_REQUIRE([AC_HEADER_STDC])dnl
+   AC_REQUIRE([AC_C_CONST])dnl
+   AC_REQUIRE([AC_C_INLINE])dnl
+   AC_REQUIRE([AC_TYPE_OFF_T])dnl
+   AC_REQUIRE([AC_TYPE_SIZE_T])dnl
+   AC_REQUIRE([AC_FUNC_ALLOCA])dnl
+   AC_REQUIRE([AC_FUNC_MMAP])dnl
+
+   AC_CHECK_HEADERS([argz.h limits.h locale.h nl_types.h malloc.h string.h \
+unistd.h sys/param.h])
+   AC_CHECK_FUNCS([getcwd munmap putenv setenv setlocale strchr strcasecmp \
+strdup __argz_count __argz_stringify __argz_next])
+
+   if test "${ac_cv_func_stpcpy+set}" != "set"; then
+     AC_CHECK_FUNCS(stpcpy)
+   fi
+   if test "${ac_cv_func_stpcpy}" = "yes"; then
+     AC_DEFINE(HAVE_STPCPY)
+   fi
+
+   AM_LC_MESSAGES
+   AM_WITH_NLS
+
+
+   if test "x$CATOBJEXT" != "x"; then
+     if test "x$ALL_LINGUAS" = "x"; then
+       LINGUAS=
+     else
+       AC_MSG_CHECKING(for catalogs to be installed)
+       NEW_LINGUAS=
+       for lang in ${LINGUAS=$ALL_LINGUAS}; do
+         case "$ALL_LINGUAS" in
+          *$lang*) NEW_LINGUAS="$NEW_LINGUAS $lang" ;;
+         esac
+       done
+       LINGUAS=$NEW_LINGUAS
+       AC_MSG_RESULT($LINGUAS)
+     fi
+
+     dnl Construct list of names of catalog files to be constructed.
+     if test -n "$LINGUAS"; then
+       for lang in $LINGUAS; do CATALOGS="$CATALOGS $lang$CATOBJEXT"; done
+     fi
+   fi
+
+   dnl The reference to <locale.h> in the installed <libintl.h> file
+   dnl must be resolved because we cannot expect the users of this
+   dnl to define HAVE_LOCALE_H.
+   if test $ac_cv_header_locale_h = yes; then
+     INCLUDE_LOCALE_H="#include <locale.h>"
+   else
+     INCLUDE_LOCALE_H="\
+/* The system does not provide the header <locale.h>.  Take care yourself.  */"
+   fi
+   AC_SUBST(INCLUDE_LOCALE_H)
+   dnl Determine which catalog format we have (if any is needed)
+   dnl For now we know about two different formats:
+   dnl   Linux libc-5 and the normal X/Open format
+   test -d intl || mkdir intl
+   if test "$CATOBJEXT" = ".cat"; then
+     AC_CHECK_HEADER(linux/version.h, msgformat=linux, msgformat=xopen)
+
+     dnl Transform the SED scripts while copying because some dumb SEDs
+     dnl cannot handle comments.
+     sed -e '/^#/d' $srcdir/intl/$msgformat-msg.sed > intl/po2msg.sed
+
+     dnl To avoid XPG incompatible SED to be used, .msg files of
+     dnl x/open format are included to the archive, rather than
+     dnl compiled in the installation. If the system uses linux libc5
+     dnl format, then x/open files are removed and the sed script
+     dnl creates the files of the correct format. (rkawa)
+     if test "$msgformat" = "linux"; then
+       rm -f $srcdir/po/*.msg
+     fi
+   fi
+   dnl po2tbl.sed is always needed.
+   sed -e '/^#.*[^\\]$/d' -e '/^#$/d' \
+     $srcdir/intl/po2tbl.sed.in > intl/po2tbl.sed
+
+   dnl In the intl/Makefile.in we have a special dependency which makes
+   dnl only sense for gettext.  We comment this out for non-gettext
+   dnl packages.
+   if test "$PACKAGE" = "gettext"; then
+     GT_NO="#NO#"
+     GT_YES=
+   else
+     GT_NO=
+     GT_YES="#YES#"
+   fi
+   AC_SUBST(GT_NO)
+   AC_SUBST(GT_YES)
+
+   dnl If the AC_CONFIG_AUX_DIR macro for autoconf is used we possibly
+   dnl find the mkinstalldirs script in another subdir but ($top_srcdir).
+   dnl Try to locate is.
+   MKINSTALLDIRS=
+   if test -n "$ac_aux_dir"; then
+     MKINSTALLDIRS="$ac_aux_dir/mkinstalldirs"
+   fi
+   if test -z "$MKINSTALLDIRS"; then
+     MKINSTALLDIRS="\$(top_srcdir)/mkinstalldirs"
+   fi
+   AC_SUBST(MKINSTALLDIRS)
+
+   dnl *** For now the libtool support in intl/Makefile is not for real.
+   l=
+   AC_SUBST(l)
+
+   dnl Generate list of files to be processed by xgettext which will
+   dnl be included in po/Makefile.
+   test -d po || mkdir po
+   if test "x$srcdir" != "x."; then
+     if test "x`echo $srcdir | sed 's@/.*@@'`" = "x"; then
+       posrcprefix="$srcdir/"
+     else
+       posrcprefix="../$srcdir/"
+     fi
+   else
+     posrcprefix="../"
+   fi
+   rm -f po/POTFILES
+   sed -e "/^#/d" -e "/^\$/d" -e "s,.*, $posrcprefix& \\\\," -e "\$s/\(.*\) \\\\/\1/" \
+        < $srcdir/po/POTFILES.in > po/POTFILES
+  ])
+
+# Check whether LC_MESSAGES is available in <locale.h>.
+# Ulrich Drepper <drepper@cygnus.com>, 1995.
+#
+# This file can be copied and used freely without restrictions.  It can
+# be used in projects which are not available under the GNU Public License
+# but which still want to provide support for the GNU gettext functionality.
+# Please note that the actual code is *not* freely available.
+
+# serial 1
+
+AC_DEFUN(AM_LC_MESSAGES,
+  [if test $ac_cv_header_locale_h = yes; then
+    AC_CACHE_CHECK([for LC_MESSAGES], am_cv_val_LC_MESSAGES,
+      [AC_TRY_LINK([#include <locale.h>], [return LC_MESSAGES],
+       am_cv_val_LC_MESSAGES=yes, am_cv_val_LC_MESSAGES=no)])
+    if test $am_cv_val_LC_MESSAGES = yes; then
+      AC_DEFINE(HAVE_LC_MESSAGES)
+    fi
+  fi])
+
+# Search path for a program which passes the given test.
+# Ulrich Drepper <drepper@cygnus.com>, 1996.
+#
+# This file can be copied and used freely without restrictions.  It can
+# be used in projects which are not available under the GNU Public License
+# but which still want to provide support for the GNU gettext functionality.
+# Please note that the actual code is *not* freely available.
+
+# serial 1
+
+dnl AM_PATH_PROG_WITH_TEST(VARIABLE, PROG-TO-CHECK-FOR,
+dnl   TEST-PERFORMED-ON-FOUND_PROGRAM [, VALUE-IF-NOT-FOUND [, PATH]])
+AC_DEFUN(AM_PATH_PROG_WITH_TEST,
+[# Extract the first word of "$2", so it can be a program name with args.
+set dummy $2; ac_word=[$]2
+AC_MSG_CHECKING([for $ac_word])
+AC_CACHE_VAL(ac_cv_path_$1,
+[case "[$]$1" in
+  /*)
+  ac_cv_path_$1="[$]$1" # Let the user override the test with a path.
+  ;;
+  *)
+  IFS="${IFS=   }"; ac_save_ifs="$IFS"; IFS="${IFS}:"
+  for ac_dir in ifelse([$5], , $PATH, [$5]); do
+    test -z "$ac_dir" && ac_dir=.
+    if test -f $ac_dir/$ac_word; then
+      if [$3]; then
+        ac_cv_path_$1="$ac_dir/$ac_word"
+        break
+      fi
+    fi
+  done
+  IFS="$ac_save_ifs"
+dnl If no 4th arg is given, leave the cache variable unset,
+dnl so AC_PATH_PROGS will keep looking.
+ifelse([$4], , , [  test -z "[$]ac_cv_path_$1" && ac_cv_path_$1="$4"
+])dnl
+  ;;
+esac])dnl
+$1="$ac_cv_path_$1"
+if test -n "[$]$1"; then
+  AC_MSG_RESULT([$]$1)
+else
+  AC_MSG_RESULT(no)
+fi
+AC_SUBST($1)dnl
+])
+
+
+AC_DEFUN(AC_LIBTOOL_SETUP,
+[AC_PREREQ(2.13)dnl
+AC_REQUIRE([AC_ENABLE_SHARED])dnl
+AC_REQUIRE([AC_ENABLE_STATIC])dnl
+AC_REQUIRE([AC_ENABLE_FAST_INSTALL])dnl
+AC_REQUIRE([AC_CANONICAL_HOST])dnl
+AC_REQUIRE([AC_CANONICAL_BUILD])dnl
+AC_REQUIRE([AC_PROG_RANLIB])dnl
+AC_REQUIRE([AC_PROG_CC])dnl
+AC_REQUIRE([AC_PROG_LD])dnl
+AC_REQUIRE([AC_PROG_NM])dnl
+AC_REQUIRE([AC_PROG_LN_S])dnl
+dnl
+
+case "$target" in
+NONE) lt_target="$host" ;;
+*) lt_target="$target" ;;
+esac
+
+# Check for any special flags to pass to ltconfig.
+libtool_flags="--cache-file=$cache_file"
+test "$enable_shared" = no && libtool_flags="$libtool_flags --disable-shared"
+test "$enable_static" = no && libtool_flags="$libtool_flags --disable-static"
+test "$enable_fast_install" = no && libtool_flags="$libtool_flags --disable-fast-install"
+test "$ac_cv_prog_gcc" = yes && libtool_flags="$libtool_flags --with-gcc"
+test "$ac_cv_prog_gnu_ld" = yes && libtool_flags="$libtool_flags --with-gnu-ld"
+ifdef([AC_PROVIDE_AC_LIBTOOL_DLOPEN],
+[libtool_flags="$libtool_flags --enable-dlopen"])
+ifdef([AC_PROVIDE_AC_LIBTOOL_WIN32_DLL],
+[libtool_flags="$libtool_flags --enable-win32-dll"])
+AC_ARG_ENABLE(libtool-lock,
+  [  --disable-libtool-lock  avoid locking (might break parallel builds)])
+test "x$enable_libtool_lock" = xno && libtool_flags="$libtool_flags --disable-lock"
+test x"$silent" = xyes && libtool_flags="$libtool_flags --silent"
+
+# Some flags need to be propagated to the compiler or linker for good
+# libtool support.
+case "$lt_target" in
+*-*-irix6*)
+  # Find out which ABI we are using.
+  echo '[#]line __oline__ "configure"' > conftest.$ac_ext
+  if AC_TRY_EVAL(ac_compile); then
+    case "`/usr/bin/file conftest.o`" in
+    *32-bit*)
+      LD="${LD-ld} -32"
+      ;;
+    *N32*)
+      LD="${LD-ld} -n32"
+      ;;
+    *64-bit*)
+      LD="${LD-ld} -64"
+      ;;
+    esac
+  fi
+  rm -rf conftest*
+  ;;
+
+*-*-sco3.2v5*)
+  # On SCO OpenServer 5, we need -belf to get full-featured binaries.
+  SAVE_CFLAGS="$CFLAGS"
+  CFLAGS="$CFLAGS -belf"
+  AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf,
+    [AC_TRY_LINK([],[],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no])])
+  if test x"$lt_cv_cc_needs_belf" != x"yes"; then
+    # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
+    CFLAGS="$SAVE_CFLAGS"
+  fi
+  ;;
+
+ifdef([AC_PROVIDE_AC_LIBTOOL_WIN32_DLL],
+[*-*-cygwin* | *-*-mingw*)
+  AC_CHECK_TOOL(DLLTOOL, dlltool, false)
+  AC_CHECK_TOOL(AS, as, false)
+  AC_CHECK_TOOL(OBJDUMP, objdump, false)
+  ;;
+])
+esac
+])
+
+# AC_LIBTOOL_DLOPEN - enable checks for dlopen support
+AC_DEFUN(AC_LIBTOOL_DLOPEN, [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])])
+
+# AC_LIBTOOL_WIN32_DLL - declare package support for building win32 dll's
+AC_DEFUN(AC_LIBTOOL_WIN32_DLL, [AC_BEFORE([$0], [AC_LIBTOOL_SETUP])])
+
+# AC_ENABLE_SHARED - implement the --enable-shared flag
+# Usage: AC_ENABLE_SHARED[(DEFAULT)]
+#   Where DEFAULT is either `yes' or `no'.  If omitted, it defaults to
+#   `yes'.
+AC_DEFUN(AC_ENABLE_SHARED, [dnl
+define([AC_ENABLE_SHARED_DEFAULT], ifelse($1, no, no, yes))dnl
+AC_ARG_ENABLE(shared,
+changequote(<<, >>)dnl
+<<  --enable-shared[=PKGS]  build shared libraries [default=>>AC_ENABLE_SHARED_DEFAULT],
+changequote([, ])dnl
+[p=${PACKAGE-default}
+case "$enableval" in
+yes) enable_shared=yes ;;
+no) enable_shared=no ;;
+*)
+  enable_shared=no
+  # Look at the argument we got.  We use all the common list separators.
+  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS="${IFS}:,"
+  for pkg in $enableval; do
+    if test "X$pkg" = "X$p"; then
+      enable_shared=yes
+    fi
+  done
+  IFS="$ac_save_ifs"
+  ;;
+esac],
+enable_shared=AC_ENABLE_SHARED_DEFAULT)dnl
+])
+
+# AC_DISABLE_SHARED - set the default shared flag to --disable-shared
+AC_DEFUN(AC_DISABLE_SHARED, [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
+AC_ENABLE_SHARED(no)])
+
+# AC_ENABLE_STATIC - implement the --enable-static flag
+# Usage: AC_ENABLE_STATIC[(DEFAULT)]
+#   Where DEFAULT is either `yes' or `no'.  If omitted, it defaults to
+#   `yes'.
+AC_DEFUN(AC_ENABLE_STATIC, [dnl
+define([AC_ENABLE_STATIC_DEFAULT], ifelse($1, no, no, yes))dnl
+AC_ARG_ENABLE(static,
+changequote(<<, >>)dnl
+<<  --enable-static[=PKGS]  build static libraries [default=>>AC_ENABLE_STATIC_DEFAULT],
+changequote([, ])dnl
+[p=${PACKAGE-default}
+case "$enableval" in
+yes) enable_static=yes ;;
+no) enable_static=no ;;
+*)
+  enable_static=no
+  # Look at the argument we got.  We use all the common list separators.
+  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS="${IFS}:,"
+  for pkg in $enableval; do
+    if test "X$pkg" = "X$p"; then
+      enable_static=yes
+    fi
+  done
+  IFS="$ac_save_ifs"
+  ;;
+esac],
+enable_static=AC_ENABLE_STATIC_DEFAULT)dnl
+])
+
+# AC_DISABLE_STATIC - set the default static flag to --disable-static
+AC_DEFUN(AC_DISABLE_STATIC, [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
+AC_ENABLE_STATIC(no)])
+
+
+# AC_ENABLE_FAST_INSTALL - implement the --enable-fast-install flag
+# Usage: AC_ENABLE_FAST_INSTALL[(DEFAULT)]
+#   Where DEFAULT is either `yes' or `no'.  If omitted, it defaults to
+#   `yes'.
+AC_DEFUN(AC_ENABLE_FAST_INSTALL, [dnl
+define([AC_ENABLE_FAST_INSTALL_DEFAULT], ifelse($1, no, no, yes))dnl
+AC_ARG_ENABLE(fast-install,
+changequote(<<, >>)dnl
+<<  --enable-fast-install[=PKGS]  optimize for fast installation [default=>>AC_ENABLE_FAST_INSTALL_DEFAULT],
+changequote([, ])dnl
+[p=${PACKAGE-default}
+case "$enableval" in
+yes) enable_fast_install=yes ;;
+no) enable_fast_install=no ;;
+*)
+  enable_fast_install=no
+  # Look at the argument we got.  We use all the common list separators.
+  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS="${IFS}:,"
+  for pkg in $enableval; do
+    if test "X$pkg" = "X$p"; then
+      enable_fast_install=yes
+    fi
+  done
+  IFS="$ac_save_ifs"
+  ;;
+esac],
+enable_fast_install=AC_ENABLE_FAST_INSTALL_DEFAULT)dnl
+])
+
+# AC_ENABLE_FAST_INSTALL - set the default to --disable-fast-install
+AC_DEFUN(AC_DISABLE_FAST_INSTALL, [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
+AC_ENABLE_FAST_INSTALL(no)])
+
+# AC_PROG_LD - find the path to the GNU or non-GNU linker
+AC_DEFUN(AC_PROG_LD,
+[AC_ARG_WITH(gnu-ld,
+[  --with-gnu-ld           assume the C compiler uses GNU ld [default=no]],
+test "$withval" = no || with_gnu_ld=yes, with_gnu_ld=no)
+AC_REQUIRE([AC_PROG_CC])dnl
+AC_REQUIRE([AC_CANONICAL_HOST])dnl
+AC_REQUIRE([AC_CANONICAL_BUILD])dnl
+ac_prog=ld
+if test "$ac_cv_prog_gcc" = yes; then
+  # Check if gcc -print-prog-name=ld gives a path.
+  AC_MSG_CHECKING([for ld used by GCC])
+  ac_prog=`($CC -print-prog-name=ld) 2>&5`
+  case "$ac_prog" in
+    # Accept absolute paths.
+changequote(,)dnl
+    [\\/]* | [A-Za-z]:[\\/]*)
+      re_direlt='/[^/][^/]*/\.\./'
+changequote([,])dnl
+      # Canonicalize the path of ld
+      ac_prog=`echo $ac_prog| sed 's%\\\\%/%g'`
+      while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do
+	ac_prog=`echo $ac_prog| sed "s%$re_direlt%/%"`
+      done
+      test -z "$LD" && LD="$ac_prog"
+      ;;
+  "")
+    # If it fails, then pretend we aren't using GCC.
+    ac_prog=ld
+    ;;
+  *)
+    # If it is relative, then search for the first ld in PATH.
+    with_gnu_ld=unknown
+    ;;
+  esac
+elif test "$with_gnu_ld" = yes; then
+  AC_MSG_CHECKING([for GNU ld])
+else
+  AC_MSG_CHECKING([for non-GNU ld])
+fi
+AC_CACHE_VAL(ac_cv_path_LD,
+[if test -z "$LD"; then
+  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS="${IFS}${PATH_SEPARATOR-:}"
+  for ac_dir in $PATH; do
+    test -z "$ac_dir" && ac_dir=.
+    if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
+      ac_cv_path_LD="$ac_dir/$ac_prog"
+      # Check to see if the program is GNU ld.  I'd rather use --version,
+      # but apparently some GNU ld's only accept -v.
+      # Break only if it was the GNU/non-GNU ld that we prefer.
+      if "$ac_cv_path_LD" -v 2>&1 < /dev/null | egrep '(GNU|with BFD)' > /dev/null; then
+	test "$with_gnu_ld" != no && break
+      else
+	test "$with_gnu_ld" != yes && break
+      fi
+    fi
+  done
+  IFS="$ac_save_ifs"
+else
+  ac_cv_path_LD="$LD" # Let the user override the test with a path.
+fi])
+LD="$ac_cv_path_LD"
+if test -n "$LD"; then
+  AC_MSG_RESULT($LD)
+else
+  AC_MSG_RESULT(no)
+fi
+test -z "$LD" && AC_MSG_ERROR([no acceptable ld found in \$PATH])
+AC_PROG_LD_GNU
+])
+
+AC_DEFUN(AC_PROG_LD_GNU,
+[AC_CACHE_CHECK([if the linker ($LD) is GNU ld], ac_cv_prog_gnu_ld,
+[# I'd rather use --version here, but apparently some GNU ld's only accept -v.
+if $LD -v 2>&1 </dev/null | egrep '(GNU|with BFD)' 1>&5; then
+  ac_cv_prog_gnu_ld=yes
+else
+  ac_cv_prog_gnu_ld=no
+fi])
+])
+
+# AC_PROG_NM - find the path to a BSD-compatible name lister
+AC_DEFUN(AC_PROG_NM,
+[AC_MSG_CHECKING([for BSD-compatible nm])
+AC_CACHE_VAL(ac_cv_path_NM,
+[if test -n "$NM"; then
+  # Let the user override the test.
+  ac_cv_path_NM="$NM"
+else
+  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS="${IFS}${PATH_SEPARATOR-:}"
+  for ac_dir in $PATH /usr/ccs/bin /usr/ucb /bin; do
+    test -z "$ac_dir" && ac_dir=.
+    if test -f $ac_dir/nm || test -f $ac_dir/nm$ac_exeext ; then
+      # Check to see if the nm accepts a BSD-compat flag.
+      # Adding the `sed 1q' prevents false positives on HP-UX, which says:
+      #   nm: unknown option "B" ignored
+      if ($ac_dir/nm -B /dev/null 2>&1 | sed '1q'; exit 0) | egrep /dev/null >/dev/null; then
+	ac_cv_path_NM="$ac_dir/nm -B"
+	break
+      elif ($ac_dir/nm -p /dev/null 2>&1 | sed '1q'; exit 0) | egrep /dev/null >/dev/null; then
+	ac_cv_path_NM="$ac_dir/nm -p"
+	break
+      else
+	ac_cv_path_NM=${ac_cv_path_NM="$ac_dir/nm"} # keep the first match, but
+	continue # so that we can try to find one that supports BSD flags
+      fi
+    fi
+  done
+  IFS="$ac_save_ifs"
+  test -z "$ac_cv_path_NM" && ac_cv_path_NM=nm
+fi])
+NM="$ac_cv_path_NM"
+AC_MSG_RESULT([$NM])
+])
+
+# AC_CHECK_LIBM - check for math library
+AC_DEFUN(AC_CHECK_LIBM,
+[AC_REQUIRE([AC_CANONICAL_HOST])dnl
+LIBM=
+case "$lt_target" in
+*-*-beos* | *-*-cygwin*)
+  # These system don't have libm
+  ;;
+*-ncr-sysv4.3*)
+  AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM="-lmw")
+  AC_CHECK_LIB(m, main, LIBM="$LIBM -lm")
+  ;;
+*)
+  AC_CHECK_LIB(m, main, LIBM="-lm")
+  ;;
+esac
+])
+
+# AC_LIBLTDL_CONVENIENCE[(dir)] - sets LIBLTDL to the link flags for
+# the libltdl convenience library, adds --enable-ltdl-convenience to
+# the configure arguments.  Note that LIBLTDL is not AC_SUBSTed, nor
+# is AC_CONFIG_SUBDIRS called.  If DIR is not provided, it is assumed
+# to be `${top_builddir}/libltdl'.  Make sure you start DIR with
+# '${top_builddir}/' (note the single quotes!) if your package is not
+# flat, and, if you're not using automake, define top_builddir as
+# appropriate in the Makefiles.
+AC_DEFUN(AC_LIBLTDL_CONVENIENCE, [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
+  case "$enable_ltdl_convenience" in
+  no) AC_MSG_ERROR([this package needs a convenience libltdl]) ;;
+  "") enable_ltdl_convenience=yes
+      ac_configure_args="$ac_configure_args --enable-ltdl-convenience" ;;
+  esac
+  LIBLTDL=ifelse($#,1,$1,['${top_builddir}/libltdl'])/libltdlc.la
+  INCLTDL=ifelse($#,1,-I$1,['-I${top_builddir}/libltdl'])
+])
+
+# AC_LIBLTDL_INSTALLABLE[(dir)] - sets LIBLTDL to the link flags for
+# the libltdl installable library, and adds --enable-ltdl-install to
+# the configure arguments.  Note that LIBLTDL is not AC_SUBSTed, nor
+# is AC_CONFIG_SUBDIRS called.  If DIR is not provided, it is assumed
+# to be `${top_builddir}/libltdl'.  Make sure you start DIR with
+# '${top_builddir}/' (note the single quotes!) if your package is not
+# flat, and, if you're not using automake, define top_builddir as
+# appropriate in the Makefiles.
+# In the future, this macro may have to be called after AC_PROG_LIBTOOL.
+AC_DEFUN(AC_LIBLTDL_INSTALLABLE, [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
+  AC_CHECK_LIB(ltdl, main,
+  [test x"$enable_ltdl_install" != xyes && enable_ltdl_install=no],
+  [if test x"$enable_ltdl_install" = xno; then
+     AC_MSG_WARN([libltdl not installed, but installation disabled])
+   else
+     enable_ltdl_install=yes
+   fi
+  ])
+  if test x"$enable_ltdl_install" = x"yes"; then
+    ac_configure_args="$ac_configure_args --enable-ltdl-install"
+    LIBLTDL=ifelse($#,1,$1,['${top_builddir}/libltdl'])/libltdl.la
+    INCLTDL=ifelse($#,1,-I$1,['-I${top_builddir}/libltdl'])
+  else
+    ac_configure_args="$ac_configure_args --enable-ltdl-install=no"
+    LIBLTDL="-lltdl"
+    INCLTDL=
+  fi
+])
+
+dnl old names
+AC_DEFUN(AM_PROG_LIBTOOL, [indir([AC_PROG_LIBTOOL])])dnl
+AC_DEFUN(AM_ENABLE_SHARED, [indir([AC_ENABLE_SHARED], $@)])dnl
+AC_DEFUN(AM_ENABLE_STATIC, [indir([AC_ENABLE_STATIC], $@)])dnl
+AC_DEFUN(AM_DISABLE_SHARED, [indir([AC_DISABLE_SHARED], $@)])dnl
+AC_DEFUN(AM_DISABLE_STATIC, [indir([AC_DISABLE_STATIC], $@)])dnl
+AC_DEFUN(AM_PROG_LD, [indir([AC_PROG_LD])])dnl
+AC_DEFUN(AM_PROG_NM, [indir([AC_PROG_NM])])dnl
+
+dnl This is just to silence aclocal about the macro not being used
+ifelse([AC_DISABLE_FAST_INSTALL])dnl
diff --git a/source3/aparser/Makefile b/source3/aparser/Makefile
new file mode 100644
index 0000000000..953743b234
--- /dev/null
+++ b/source3/aparser/Makefile
@@ -0,0 +1,17 @@
+CFLAGS=-Wall -g
+CC=gcc
+
+OBJ = vluke.o parser.o 
+AWKPROGS=dump.awk harness.awk header.awk parsefn.awk main.awk parsetree.awk template.awk util.awk
+
+all: test.h vluke
+
+test.h : $(AWKPROGS)
+	igawk -f main.awk srvsvc.struct
+
+vluke: test.h $(OBJ) 
+	$(CC) $(CFLAGS) -o vluke $(OBJ)
+
+clean:
+	rm -f *.o test.h prs_*.[ch]
+
diff --git a/source3/aparser/build b/source3/aparser/build
new file mode 100755
index 0000000000..4cdf2901f8
--- /dev/null
+++ b/source3/aparser/build
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+file=$1
+
+if ! igawk -f main.awk $file; then
+    echo parse failed;
+    exit 1;
+fi
+
+echo compiling vluke
+gcc -Wall -g -o vluke parser.c vluke.c util.c
+echo done.
+
diff --git a/source3/aparser/cifs.struct b/source3/aparser/cifs.struct
new file mode 100644
index 0000000000..202f0d7e61
--- /dev/null
+++ b/source3/aparser/cifs.struct
@@ -0,0 +1,1029 @@
+module cifs
+
+option autoalign False
+
+
+#define BOOL uint32
+#define UCHAR uint8
+#define WCHAR uint16
+#define USHORT uint16
+#define LONG uint32
+#define ULONG uint32
+#define DWORD uint32
+#define SMB_TIME uint16
+#define SMB_DATE uint16
+
+typedef struct {
+	ULONG low;
+	LONG high;
+} TIME;
+
+typedef struct {
+	ULONG low;
+	ULONG high;
+} hyper;
+
+typedef struct {
+	uint8 cmd;
+	uint8 reserved;
+	uint16 offset;
+} ANDX_INFO;
+
+
+typedef struct {
+	uint8 tag2;
+	STRING protocol;
+} BUF2;
+
+typedef struct {
+	uint16 bcount;
+	BUF2 protocol[*];
+} Q_NEGPROT_0;
+
+typedef struct {
+	uint8 wcount;
+	union ctr[wcount] {
+		case 0 Q_NEGPROT_0 q0;
+	}
+} Q_NEGPROT;
+
+typedef struct {
+	USHORT  DialectIndex;         /* Index of selected dialect */
+	USHORT  SecurityMode;         /* Security mode: */
+				      /* bit 0: 0 = share, 1 = user */
+				      /* bit 1: 1 = use challenge/response */
+				      /* authentication */
+	USHORT  MaxBufferSize;        /* Max transmit buffer size (>= 1024) */
+	USHORT  MaxMpxCount;          /* Max pending multiplexed requests */
+	USHORT  MaxNumberVcs;         /* Max VCs between client and server */
+	USHORT  RawMode;              /* Raw modes supported: */
+				      /*  bit 0: 1 = Read Raw supported */
+				      /*  bit 1: 1 = Write Raw supported */
+	ULONG SessionKey;             /* Unique token identifying this session */
+	SMB_TIME ServerTime;          /* Current time at server */
+	SMB_DATE ServerDate;          /* Current date at server */
+	USHORT ServerTimeZone;        /* Current time zone at server */
+	USHORT  ChallengeLength;      /* Length of Challenge; MBZ if not LM2.1
+				      /* dialect or later */
+	USHORT  Reserved;             /* MBZ */
+	USHORT  ByteCount;             /* Count of data bytes */
+	UCHAR Challenge[ChallengeLength];            /* The challenge */
+	STRING PrimaryDomain;       /* The server's primary domain */
+
+} R_NEGPROT_12;
+
+typedef struct {
+	USHORT DialectIndex;  /*Index of selected dialect */
+	UCHAR SecurityMode;   /*Security mode: */
+			      /*  bit 0: 0 = share, 1 = user */
+			      /*  bit 1: 1 = use challenge/response */
+			      /*  authentication */
+			      /*  bit 2: 1 = Security Signatures (SMB integrity */
+			      /*  check) enabled */
+			      /*  bit 3: 1 = Security Signatures (SMB integrity */
+			      /*  check) required */
+	USHORT MaxMpxCount;   /*Max pending outstanding requests */
+	USHORT MaxNumberVcs;  /*Max VCs between client and server */
+	ULONG MaxBufferSize;  /*Max transmit buffer size */
+	ULONG MaxRawSize;     /*Maximum raw buffer size */
+	ULONG SessionKey;     /*Unique token identifying this session */
+	ULONG Capabilities;   /*Server capabilities */
+	ULONG SystemTimeLow;  /*System (UTC) time of the server (low). */
+	ULONG SystemTimeHigh; /*System (UTC) time of the server (high). */
+	USHORT ServerTimeZone;/*Time zone of server (minutes from UTC) */
+	UCHAR SecurityBlobLength;/*Length of SecurityBlob */
+
+	USHORT bcount;     /*Count of data bytes */
+	/*UCHAR GUID[16];       A globally unique identifier assigned to the */
+			      /*  server; present only when */
+			      /*  CAP_EXTENDED_SECURITY is on in the */
+			      /*  Capabilities field. */
+	UCHAR SecurityBlob[SecurityBlobLength];  /*Opaque Security Blob associated with the */
+			      /*  security package if CAP_EXTENDED_SECURITY is */
+			      /*  on in the Capabilities field; else challenge */
+			      /*  for CIFS challenge/response authentication. */
+	STRING OemDomainName[+]; /*The name of the domain (in OEM chars); not */
+	                      /*  present  if CAP_EXTENDED_SECURITY is on in the */
+			      /*  Capabilities field */
+} R_NEGPROT_17;
+
+
+typedef struct {
+	uint8 wcount;
+	union ctr[wcount] {
+		case 17 R_NEGPROT_17 r17;
+	}
+} R_NEGPROT;
+
+typedef struct {
+	uint8 wcount;
+	uint16 vwv[wcount];
+	uint16 bcount;
+	uint8 none[bcount];
+} Q_TDIS;
+
+typedef struct {
+	uint8 wcount;
+	uint16 vwv[wcount];
+	uint16 bcount;
+	uint8 none[bcount];
+} R_TDIS;
+
+typedef struct {
+	ANDX_INFO andx;
+	uint16 bcount;
+	uint8 none[bcount];
+} R_ULOGOFF_ANDX_2;
+
+typedef struct {
+	uint8 wcount;
+	union ctr[wcount] {
+		case 2 R_ULOGOFF_ANDX_2 q2;
+	}
+} R_ULOGOFF_ANDX;
+
+typedef struct {
+	ANDX_INFO andx;
+	uint16 bcount;
+	uint8 none[bcount];
+} Q_ULOGOFF_ANDX_2;
+
+typedef struct {
+	uint8 wcount;
+	union ctr[wcount] {
+		case 2 Q_ULOGOFF_ANDX_2 q2;
+	}
+} Q_ULOGOFF_ANDX;
+
+typedef struct {
+	ANDX_INFO andx;
+	uint16 bufsize;
+	uint16 max_mpx;
+	uint16 vc;
+	ULONG sess_key;
+	uint16 pwlen;
+	ULONG reserved;
+
+	uint16 bcount;
+	uint8 password[pwlen];
+	STRING domain;
+	STRING os;
+	STRING server;
+
+} Q_SESSION_SETUP_ANDX_10;
+
+typedef struct {
+	ANDX_INFO andx;
+	uint16 bufsize;
+	uint16 max_mpx;
+	uint16 vc;
+	ULONG sess_key;
+	uint16 pwlen;
+	uint16 upwlen;
+	ULONG capabilities;
+	ULONG reserved;
+
+	uint16 bcount;
+	uint8 password[pwlen];
+	uint8 upassword[upwlen];
+	STRING user;
+	STRING domain;
+	STRING os;
+	STRING server;
+
+} Q_SESSION_SETUP_ANDX_13;
+
+typedef struct _Q_SESSION_SETUP_ANDX {
+	uint8 wcount;
+	union ctr[wcount] {
+		case 10 Q_SESSION_SETUP_ANDX_10 q10;
+		case 13 Q_SESSION_SETUP_ANDX_13 q13;
+	}
+} Q_SESSION_SETUP_ANDX;
+
+typedef struct {
+	ANDX_INFO andx;
+	uint16 vwv2;
+	uint16 passlen;
+	uint16 bcount;
+	uint8 password[passlen];
+	STRING path;
+	STRING device;
+} Q_TCON_ANDX_4;
+
+typedef struct _Q_TCON_ANDX {
+	uint8 wcount;
+	union ctr[wcount] {
+		case 4 Q_TCON_ANDX_4 q4;
+	}
+} Q_TCON_ANDX;
+
+typedef struct {
+	ANDX_INFO andx;
+	uint16 vwv2;
+	uint16 bcount;
+	STRING share;
+} R_TCON_ANDX_3;
+
+typedef struct _R_TCON_ANDX {
+	uint8 wcount;
+	union ctr[wcount] {
+		case 3 R_TCON_ANDX_3 q3;
+	}
+} R_TCON_ANDX;
+
+typedef struct {
+	ANDX_INFO andx;
+	uint16 action;
+
+	uint16 count;
+	STRING os;
+	STRING server;
+	STRING domain;
+} R_SESSION_SETUP_ANDX_10;
+
+typedef struct _R_SESSION_SETUP_ANDX {
+	uint8 wcount;
+	union ctr[wcount] {
+		case 3 R_SESSION_SETUP_ANDX_10 r3;
+	}
+} R_SESSION_SETUP_ANDX;
+
+
+typedef struct _R_CLOSE {
+	uint8 wcount;
+	uint16 count;
+	uint8 none[count];
+
+} R_CLOSE;
+
+typedef struct _Q_CLOSE {
+	uint8 wcount;
+	uint16 fnum;
+	uint32 vwv1;
+
+	uint16 count;
+	uint8 none[count];
+
+} Q_CLOSE;
+
+typedef struct {
+	uint16 dsize;
+	uint16 bsizehi;
+	uint16 bsizelo;
+	uint16 avail;
+	uint16 vwv4;
+
+	uint16 bcount;
+	uint8 none[bcount];
+
+} R_DSKATTR_5;
+
+typedef struct {
+	uint8 wcount;
+	union ctr[wcount] {
+		case 5 R_DSKATTR_5 r5;
+	}
+} R_DSKATTR;
+
+typedef struct {
+	uint16 count;
+	uint8 none[count];
+
+} Q_DSKATTR_0;
+
+typedef struct _Q_DSKATTR {
+	uint8 wcount;
+	union ctr[wcount] {
+		case 0 Q_DSKATTR_0 q1;
+	}
+
+} Q_DSKATTR;
+
+typedef struct {
+	ANDX_INFO andx;
+
+	uint16 bcount;
+	uint8 none[bcount];
+
+} R_LOCKING_2;
+
+typedef struct {
+	uint8 wcount;
+	union ctr[wcount] {
+		case 2 R_LOCKING_2 r2;
+	}
+} R_LOCKING_ANDX;
+
+/* XXXX must do a switch on bit 0x10 to do large locks XXXX */
+/*      LockType Flag Name            Value Description */
+
+#define LOCKING_ANDX_SHARED_LOCK      0x01  /* Read-only lock */
+#define LOCKING_ANDX_OPLOCK_RELEASE   0x02  /* Oplock break notification */
+#define LOCKING_ANDX_CHANGE_LOCKTYPE  0x04  /* Change lock type */
+#define LOCKING_ANDX_CANCEL_LOCK      0x08  /* Cancel outstanding request */
+#define LOCKING_ANDX_LARGE_FILES      0x10  /* Large file locking format */
+
+typedef struct {
+	USHORT Pid;      /* PID of process "owning" lock */
+	ULONG Offset;    /* Offset to bytes to [un]lock */
+	ULONG Length;    /* Number of bytes to [un]lock */
+} LOCKING_ANDX_RANGE_SHORT;
+
+typedef struct {
+	USHORT Pid;       /* PID of process "owning" lock */
+	.align4 0;
+	ULONG OffsetHigh; /* Offset to bytes to [un]lock (high) */
+	ULONG OffsetLow;  /* Offset to bytes to [un]lock (low) */
+	ULONG LengthHigh; /* Number of bytes to [un]lock (high) */
+	ULONG LengthLow;  /* Number of bytes to [un]lock (low) */
+
+} LOCKING_ANDX_RANGE_LARGE;
+
+/* typedef struct { */
+	/* union ctr[LockType&0x10] { */
+		/* case 0    LOCKING_ANDX_RANGE_SHORT ls; */
+		/* case 0x10 LOCKING_ANDX_RANGE_LARGE ll; */
+	/* } */
+/* } LOCKING_ANDX_RANGE; */
+
+typedef struct {
+	ANDX_INFO andx;
+
+	USHORT Fid;             /* File handle */
+	UCHAR LockType;         /* See LockType table below */
+	UCHAR OplockLevel;      /* The new oplock level */
+	ULONG Timeout;          /* Milliseconds to wait for unlock */
+	USHORT NumberOfUnlocks; /* Num. unlock range structs following */
+	USHORT NumberOfLocks;   /* Num. lock range structs following */
+
+	USHORT ByteCount;       /* Count of data bytes */
+	LOCKING_ANDX_RANGE_SHORT Unlocks[NumberOfUnlocks]; /* Unlock ranges */
+	LOCKING_ANDX_RANGE_SHORT Locks[NumberOfLocks];     /* Lock ranges */
+
+} Q_LOCKING_8;
+
+typedef struct _Q_LOCKING {
+	uint8 wcount;
+	union ctr[wcount] {
+		case 8 Q_LOCKING_8 q8;
+	}
+
+} Q_LOCKING_ANDX;
+
+
+typedef struct {
+	uint16 bcount;
+	uint8 protocols[bcount];
+
+} R_UNLINK_0;
+
+typedef struct {
+	uint8 wcount;
+	union ctr[wcount] {
+		case 0 R_UNLINK_0 r0;
+	}
+} R_UNLINK;
+
+typedef struct {
+	uint16 dirtype;
+
+	uint16 count;
+	uint8 fname[count];
+
+} Q_UNLINK_1;
+
+typedef struct _Q_UNLINK {
+	uint8 wcount;
+	union ctr[wcount] {
+		case 1 Q_UNLINK_1 q1;
+	}
+
+} Q_UNLINK;
+
+typedef struct _R_OPEN_ANDX{
+	uint8 wcount;
+	ANDX_INFO andx;
+	uint16 fnum;
+	uint16 fmode;
+	uint32 mtime;
+	uint32 size;
+	uint16 rmode;
+	uint16 vwv9;
+	uint16 vwv10;
+	uint16 smb_action;
+	uint16 vwv12;
+	uint16 vwv13;
+	uint16 vwv14;
+
+	uint16 count;
+	uint8 none[count];
+
+} R_OPEN_ANDX;
+
+typedef struct _Q_OPEN_ANDX{
+	uint8 wcount;
+	ANDX_INFO andx;
+	uint16 fnum;
+	uint16 fmode;
+	uint32 mtime;
+	uint32 size;
+	uint16 rmode;
+	uint16 vwv9;
+	uint16 vwv10;
+	uint16 smb_action;
+	uint16 vwv12;
+	uint16 vwv13;
+	uint16 vwv14;
+
+	uint16 count;
+	uint8 fname[count];
+
+} Q_OPEN_ANDX;
+
+typedef struct _R_READ_ANDX {
+	uint8 wcount;
+	ANDX_INFO andx;
+	uint16 vwv2;
+	uint16 vwv3;
+	uint16 vwv4;
+	uint16 nread;
+	uint16 offset;
+	uint16 vwv7;
+	uint16 vwv8;
+	uint16 vwv9;
+	uint16 vwv10;
+	uint16 vwv11;
+
+	uint16 count;
+	uint8 data[count];
+
+} R_READ_ANDX;
+
+typedef struct _Q_READ_ANDX_10 {
+	ANDX_INFO andx;
+	uint16 fnum;
+	uint32 startpos;
+	uint16 smb_maxcnt;
+	uint16 smb_mincnt;
+	uint16 vwv7;
+	uint16 vwv8;
+	uint16 vwv9;
+
+	uint16 count;
+	uint8 none[count];
+
+} Q_READ_ANDX_10;
+
+typedef struct _Q_READ_ANDX_12 {
+	ANDX_INFO andx;
+	uint16 fnum;
+	uint32 startpos;
+	uint16 smb_maxcnt;
+	uint16 smb_mincnt;
+	uint16 vwv7;
+	uint16 vwv8;
+	uint16 vwv9;
+	uint32 startposhi;
+
+	uint16 count;
+	uint8 none[count];
+
+} Q_READ_ANDX_12;
+
+typedef struct _Q_READ_ANDX {
+	uint8 wcount;
+	union ctr[wcount] {
+		case 10 Q_READ_ANDX_10 q10;
+		case 12 Q_READ_ANDX_12 q12;
+	}
+} Q_READ_ANDX;
+
+typedef struct _R_WRITE_ANDX {
+	uint8 wcount;
+	ANDX_INFO andx;
+	uint16 nwritten;
+	uint16 vwv3;
+	uint16 vwv4;
+	uint16 vwv5;
+
+	uint16 count;
+	uint8 none[count];
+
+} R_WRITE_ANDX;
+
+typedef struct _Q_WRITE_ANDX_12 {
+	ANDX_INFO andx;
+	uint16 fnum;
+	uint32 startpos;
+	uint16 vwv5;
+	uint16 vwv6;
+	uint16 write_through;
+	uint16 vwv8;
+	uint16 vwv9;
+	uint16 numtowrite;
+	uint16 smb_doff;
+
+	uint16 count;
+	uint8 data[count];
+
+} Q_WRITE_ANDX_12;
+
+typedef struct _Q_WRITE_ANDX_14 {
+	ANDX_INFO andx;
+	uint16 fnum;
+	uint32 startpos;
+	uint16 vwv5;
+	uint16 vwv6;
+	uint16 write_through;
+	uint16 vwv8;
+	uint16 vwv9;
+	uint16 numtowrite;
+	uint16 smb_doff;
+	uint32 startposhi;
+
+	uint16 count;
+	uint8 data[count];
+
+} Q_WRITE_ANDX_14;
+
+typedef struct _Q_WRITE_ANDX {
+	uint8 wcount;
+	union ctr[wcount] {
+		case 12 Q_WRITE_ANDX_12 q12;
+		case 14 Q_WRITE_ANDX_14 q14;
+	}
+} Q_WRITE_ANDX;
+
+
+
+typedef struct _Q_NTTRANS_19 {
+	UCHAR MaxSetupCount;          /* Max setup words to return */
+	USHORT Reserved;
+	ULONG TotalParameterCount;    /* Total parameter bytes being sent */
+	ULONG TotalDataCount;         /* Total data bytes being sent */
+	ULONG MaxParameterCount;      /* Max parameter bytes to return */
+	ULONG MaxDataCount;           /* Max data bytes to return */
+	ULONG ParameterCount;         /* Parameter bytes sent this buffer */
+	ULONG ParameterOffset;        /* Offset (from header start) to */
+					 /* Parameters */
+	ULONG DataCount;              /* Data bytes sent this buffer */
+	ULONG DataOffset;             /* Offset (from header start) to data */
+	UCHAR SetupCount;             /* Count of setup words */
+	USHORT Function;              /* The transaction function code */
+	UCHAR Buffer[1];
+	USHORT Setup[SetupCount];     /* Setup words */
+	USHORT ByteCount;             /* Count of data bytes */
+	.align4 0;
+	UCHAR Parameters[ParameterCount];/* Parameter bytes */
+	.align4 0;
+	UCHAR Data[DataCount];        /* Data bytes */
+
+} Q_NTTRANS_19;
+
+typedef struct _Q_NTTRANS {
+	uint8 wcount;
+	union ctr[wcount] {
+		case 19 Q_NTTRANS_19 q19;
+	}
+} Q_NTTRANS;
+
+typedef struct _R_NTTRANS_18 {
+	UCHAR Reserved[3];
+	ULONG TotalParameterCount;   /* Total parameter bytes being sent */
+	ULONG TotalDataCount;        /* Total data bytes being sent */
+	ULONG ParameterCount;        /* Parameter bytes sent this buffer */
+	ULONG ParameterOffset;       /* Offset (from header start) to */
+					  /* Parameters */
+	ULONG ParameterDisplacement; /* Specifies the offset from the start */
+				/* of the overall parameter block to */
+				/* the parameter bytes that are */
+				/* contained in this message */
+	ULONG DataCount;        /* Data bytes sent this buffer */
+	ULONG DataOffset;       /* Offset (from header start) to data */
+	ULONG DataDisplacement; /* Specifies the offset from the start */
+				/* of the overall data block to the */
+				/* data bytes that are contained in */
+				/* this message. */
+	UCHAR SetupCount;       /* Count of setup words */
+	USHORT Setup[SetupCount]; /* Setup words */
+	USHORT ByteCount;       /* Count of data bytes */
+	.align4 0;
+	UCHAR Parameters[ParameterCount]; /* Parameter bytes */
+	.align4 0;
+	UCHAR Data[DataCount];  /* Data bytes */
+} R_NTTRANS_18;
+
+typedef struct _R_NTTRANS {
+	uint8 wcount;
+	union ctr[wcount] {
+		case 18 R_NTTRANS_18 q18;
+	}
+	.align4 2;
+} R_NTTRANS;
+
+/*Setup[0] Transaction2           Value Description */
+/*Subcommand Code */
+/*=============================== ===== ============================= */
+
+#define TRANS2_OPEN2                    0x00  /* Create file with extended attributes */
+#define TRANS2_FIND_FIRST2              0x01  /* Begin search for files */
+#define TRANS2_FIND_NEXT2               0x02  /* Resume search for files */
+#define TRANS2_QUERY_FS_INFO     0x03  /* Get file system information
+#define TRANS2_RESERVED4                0x04  /* Reserved */
+#define TRANS2_QUERY_PATH_INFO   0x05  /* Get information about a named file or directory */
+#define TRANS2_SET_PATH_INFO     0x06  /* Set information about a named file or directory */
+#define TRANS2_QUERY_FILE_INFO   0x07  /* Get information about a handle */
+#define TRANS2_SET_FILE_INFO     0x08  /* Set information by handle */
+#define TRANS2_FSCTL                    0x09  /* Not implemented by NT server */
+#define TRANS2_IOCTL2                   0x0A  /* Not implemented by NT server */
+#define TRANS2_FIND_NOTIFY_FIRST        0x0B  /* Not implemented by NT server */
+#define TRANS2_FIND_NOTIFY_NEXT         0x0C  /* Not implemented by NT server */
+#define TRANS2_CREATE_DIRECTORY         0x0D  /* Create directory with extended attributes */
+#define TRANS2_SESSION_SETUP            0x0E  /* Session setup with extended security information */
+#define TRANS2_GET_DFS_REFERRAL         0x10  /* Get a DFS referral */
+#define TRANS2_REPORT_DFS_INCONSISTENCY 0x11  /* Report a DFS knowledge inconsistency */
+
+typedef struct {
+	USHORT InformationLevel;   /* Level of information requested */
+} TRANS2_QUERY_FS_INFO_STRUCT;
+
+#define SMB_INFO_STANDARD                1
+#define SMB_INFO_QUERY_EA_SIZE           2
+#define SMB_SET_FILE_BASIC_INFO          0x101
+#define SMB_SET_FILE_DISPOSITION_INFO    0x102
+#define SMB_SET_FILE_ALLOCATION_INFO     0x103
+#define SMB_SET_FILE_END_OF_FILE_INFO    0x104
+
+
+typedef struct {
+	hyper CreationTime;
+	hyper LastAccessTime;
+	hyper LastWriteTime;
+	hyper ChangeTime;
+	USHORT Attributes;
+	.align4 0;
+} SMB_QUERY_FILE_BASIC_INFO_STRUCT;
+
+
+typedef struct {
+	ULONG fs_atr;
+	LONG max_len_filename;
+	ULONG length;
+	uint8 fs[length];
+	.align4 2;
+} SMB_QUERY_FS_ATTRIBUTE_INFO_STRUCT;
+
+#define FILE_CASE_SENSITIVE_SEARCH   0x00000001
+#define FILE_CASE_PRESERVED_NAMES    0x00000002
+#define FILE_PRSISTENT_ACLS          0x00000004
+#define FILE_FILE_COMPRESSION        0x00000008
+#define FILE_VOLUME_QUOTAS           0x00000010
+#define FILE_DEVICE_IS_MOUNTED       0x00000020
+#define FILE_VOLUME_IS_COMPRESSED    0x00008000
+
+typedef struct {
+	USHORT Fid;
+	USHORT InformationLevel;
+	USHORT Reserved;
+	.align4 0;
+
+	union ctr[InformationLevel] {
+		case 0x101 SMB_QUERY_FILE_BASIC_INFO_STRUCT t101;
+	}
+
+} TRANS2_SET_FILE_INFO_STRUCT;
+
+typedef struct {
+	USHORT InformationLevel;   /* Level of information requested */
+	ULONG Reserved;            /* Must be zero */
+	STRING FileName;           /* File or directory name */
+} TRANS2_QUERY_PATH_INFO_STRUCT;
+
+typedef struct {
+	USHORT SearchAttributes;
+	USHORT SearchCount;          
+	USHORT Flags;                
+	USHORT InformationLevel;      
+	ULONG SearchStorageType;
+	STRING FileName;              
+} TRANS2_FIND_FIRST2_STRUCT;
+
+typedef struct _Q_TRANS2_15 {
+	USHORT TotalParameterCount;      /* Total parameter bytes being sent */
+	USHORT TotalDataCount;           /* Total data bytes being sent */
+	USHORT MaxParameterCount;        /* Max parameter bytes to return */
+	USHORT MaxDataCount;             /* Max data bytes to return */
+	UCHAR MaxSetupCount;             /* Max setup words to return */
+	UCHAR Reserved;
+	USHORT Flags;                    /* Additional information: */
+				  /* bit 0 - also disconnect TID in TID */
+	ULONG Timeout;
+	USHORT Reserved2;
+	USHORT ParameterCount;           /* Parameter bytes sent this buffer */
+	USHORT ParameterOffset;          /* Offset (from header start) to */
+				  /* Parameters */
+	USHORT DataCount;                /* Data bytes sent this buffer */
+	USHORT DataOffset;               /* Offset (from header start) to data */
+	UCHAR SetupCount;                /* Count of setup words */
+	UCHAR Reserved3;                 /* Reserved (pad above to word) */
+	USHORT Setup[SetupCount];        /* Setup words (# = SetupWordCount) */
+	USHORT ByteCount;                /* Count of data bytes */
+	.align4 0;
+	union ctr[Setup[0]] {
+		case 1 TRANS2_FIND_FIRST2_STRUCT t1;
+		case 3 TRANS2_QUERY_FS_INFO_STRUCT t3;
+		case 5 TRANS2_QUERY_PATH_INFO_STRUCT t5;
+		case 8 TRANS2_SET_FILE_INFO_STRUCT t8;
+	}
+
+} Q_TRANS2_15;
+
+typedef struct _Q_TRANS2 {
+	uint8 wcount;
+	union ctr[wcount] {
+		case 15 Q_TRANS2_15 q15;
+	}
+} Q_TRANS2;
+
+typedef struct {
+	ULONG NextEntryOffset;
+	ULONG FileIndex;
+	hyper CreationTime;
+	hyper LastAccessTime;
+	hyper LastWriteTime;
+	hyper ChangeTime;
+	hyper EndOfFile;
+	hyper AllocationSize;
+	ULONG ExtFileAttributes;
+	ULONG FileNameLength;
+	ULONG EaSize;
+	UCHAR ShortNameLength;
+	UCHAR Reserved;
+	uint8 ShortName[24];
+	UCHAR FileName[FileNameLength];
+	.align4 2;
+} SMB_FIND_FILE_BOTH_DIRECTORY_INFO;
+
+typedef struct {
+	.align2 0;
+} R_TRANS2_D0;
+
+typedef struct {
+	.align4 2;
+} R_TRANS2_P0;
+
+typedef struct {
+	USHORT Reserved;
+} R_TRANS2_P2;
+
+typedef struct {
+	USHORT Sid;            /* Search handle */
+	USHORT SearchCount;    /* Number of entries returned */
+	USHORT EndOfSearch;    /* Was last entry returned? */
+	USHORT EaErrorOffset;  /* Offset into EA list if EA error */
+	USHORT LastNameOffset; /* Offset into data to file name of last */
+			/*  entry, if server needs it to resume */
+			/*  search; else 0 */
+	.align4 2;
+	SMB_FIND_FILE_BOTH_DIRECTORY_INFO i104[SearchCount];
+} R_TRANS2_FIND_FIRST2_STRUCT;
+
+typedef struct {
+	SMB_QUERY_FILE_BASIC_INFO_STRUCT i101;
+	.align4 2;
+} R_TRANS2_FILE_BASIC_STRUCT;
+
+typedef struct _R_TRANS2_10 {
+	USHORT TotalParameterCount;/* Total parameter bytes being sent */
+	USHORT TotalDataCount;     /* Total data bytes being sent */
+	USHORT Reserved2;
+	USHORT ParameterCount;     /* Parameter bytes sent this buffer */
+	USHORT ParameterOffset;    /* Offset (from header start) to */
+				  /* Parameters */
+	USHORT ParameterDisplacement; /* Specifies the offset from the start */
+				  /* of the overall parameter block to */
+				  /* the parameter bytes that are */
+				  /* contained in this message */
+	USHORT DataCount;          /* Data bytes sent this buffer */
+	USHORT DataOffset;         /* Offset (from header start) to data */
+	USHORT DataDisplacement;   /* Specifies the offset from the start */
+				  /* of the overall data block to the */
+				  /* data bytes that are contained in */
+				  /* this message. */
+	UCHAR SetupCount;         /* Count of setup words */
+	UCHAR Reserved3;                 /* Reserved (pad above to word) */
+	USHORT Setup[SetupCount]; /* Setup words */
+	USHORT ByteCount;         /* Count of data bytes */
+	.align4 2;
+	union pctr[ParameterCount] {
+		case 0 R_TRANS2_P0 p0;
+		case 2 R_TRANS2_P2 p2;
+		case 10 R_TRANS2_FIND_FIRST2_STRUCT r10;
+	}
+	union dctr[DataCount] {
+		case 0 R_TRANS2_D0 d0;
+		case 0x24 R_TRANS2_FILE_BASIC_STRUCT r24;
+		case 0x14 SMB_QUERY_FS_ATTRIBUTE_INFO_STRUCT r14;
+	}
+} R_TRANS2_10;
+
+typedef struct {
+	USHORT ByteCount;         /* Count of data bytes */
+} R_TRANS2_0;
+
+typedef struct _R_TRANS2 {
+	uint8 wcount;
+	union ctr[wcount] {
+		case 0 R_TRANS2_0 q0;
+		case 10 R_TRANS2_10 q10;
+	}
+} R_TRANS2;
+
+typedef struct _Q_TRANS_16 {
+	USHORT TotalParameterCount;      /* Total parameter bytes being sent */
+	USHORT TotalDataCount;           /* Total data bytes being sent */
+	USHORT MaxParameterCount;        /* Max parameter bytes to return */
+	USHORT MaxDataCount;             /* Max data bytes to return */
+	UCHAR MaxSetupCount;             /* Max setup words to return */
+	UCHAR Reserved;
+	USHORT Flags;                    /* Additional information: */
+				  /* bit 0 - also disconnect TID in TID */
+	ULONG Timeout;
+	USHORT Reserved2;
+	USHORT ParameterCount;           /* Parameter bytes sent this buffer */
+	USHORT ParameterOffset;          /* Offset (from header start) to */
+				  /* Parameters */
+	USHORT DataCount;                /* Data bytes sent this buffer */
+	USHORT DataOffset;               /* Offset (from header start) to data */
+	UCHAR SetupCount;                /* Count of setup words */
+	UCHAR Reserved3;                 /* Reserved (pad above to word) */
+	USHORT Setup[SetupCount];        /* Setup words (# = SetupWordCount) */
+	USHORT ByteCount;                /* Count of data bytes */
+	STRING Name;                    /* Must be NULL */
+	.align4 0;
+	UCHAR Parameters[ParameterCount];/* Parameter bytes (# = ParameterCount) */ 
+	.align4 0;
+	UCHAR Data[DataCount];           /* Data bytes (# = DataCount) */
+
+} Q_TRANS_16;
+
+typedef struct _Q_TRANS {
+	uint8 wcount;
+	union ctr[wcount] {
+		case 16 Q_TRANS_16 q16;
+	}
+} Q_TRANS;
+
+typedef struct _R_TRANS_10 {
+	USHORT TotalParameterCount;/* Total parameter bytes being sent */
+	USHORT TotalDataCount;     /* Total data bytes being sent */
+	USHORT Reserved2;
+	USHORT ParameterCount;     /* Parameter bytes sent this buffer */
+	USHORT ParameterOffset;    /* Offset (from header start) to */
+				  /* Parameters */
+	USHORT ParameterDisplacement; /* Specifies the offset from the start */
+				  /* of the overall parameter block to */
+				  /* the parameter bytes that are */
+				  /* contained in this message */
+	USHORT DataCount;          /* Data bytes sent this buffer */
+	USHORT DataOffset;         /* Offset (from header start) to data */
+	USHORT DataDisplacement;   /* Specifies the offset from the start */
+				  /* of the overall data block to the */
+				  /* data bytes that are contained in */
+				  /* this message. */
+	UCHAR SetupCount;         /* Count of setup words */
+	UCHAR Reserved3;                 /* Reserved (pad above to word) */
+	USHORT Setup[SetupCount]; /* Setup words */
+	USHORT ByteCount;         /* Count of data bytes */
+	.align4 0;
+	UCHAR Parameters[ParameterCount];/* Parameter bytes */
+	.align4 0;
+	UCHAR Data[DataCount];    /* Data bytes */
+} R_TRANS_10;
+
+typedef struct _R_TRANS {
+	uint8 wcount;
+	union ctr[wcount] {
+		case 10 R_TRANS_10 q10;
+	}
+} R_TRANS;
+
+typedef struct _Q_NT_CREATE_ANDX_24 {
+	ANDX_INFO andx;
+	uint8 reserved;
+	uint16 name_len;
+	ULONG flags;
+	ULONG rootfid;
+	ULONG access;
+	hyper allocsize;
+	ULONG attribs;
+	ULONG sharing;
+	ULONG creat_disp;
+	ULONG creat_options;
+	ULONG impersonation;
+	uint8 sec_flags;
+
+	uint16 count;
+	uint8 name[name_len];
+
+} Q_NTCREATE_ANDX_24;
+
+typedef struct _Q_NTCREATE_ANDX{
+	uint8 wcount;
+	union ctr[wcount] {
+		case 24 Q_NTCREATE_ANDX_24 q24;
+	}
+} Q_NTCREATE_ANDX;
+
+typedef struct {
+	ANDX_INFO andx;
+	uint8 oplock_level;
+	uint16 fid;
+	ULONG action;
+	TIME create_time;
+	TIME access_time;
+	TIME write_time;
+	TIME change_time;
+	ULONG ext_attribs;
+	hyper allocsize;
+	hyper size;
+	uint16 type;
+	uint16 state;
+	uint8 directory;
+
+	uint16 count;
+	uint8 none[count];
+
+} R_NTCREATE_ANDX_34;
+
+typedef struct _R_NTCREATE_ANDX{
+	uint8 wcount;
+	union ctr[wcount] {
+		case 34 R_NTCREATE_ANDX_34 q34;
+	}
+} R_NTCREATE_ANDX;
+
+typedef struct {
+	ULONG smbhdr;
+	uint8 com;
+	uint8 rcls;
+	uint8 reh;
+	uint16 err;
+	uint8 flg;
+	uint16 flg2;
+	uint16 reserved;
+	uint8 SecuritySignature[8]; 
+	uint16 pad;
+	uint16 tid;
+	uint16 pid;
+	uint16 uid;
+	uint16 mid;
+} SMB_HDR;
+
+typedef struct _R_SMB {
+	ULONG nbhdr;
+	SMB_HDR hdr;
+	union ctr[hdr.com] {
+		case 4   R_CLOSE      r4;
+		case 6   R_UNLINK     r6;
+		case 36  R_LOCKING_ANDX r36;
+		case 37  R_TRANS r37;
+		case 45  R_OPEN_ANDX r45;
+		case 46  R_READ_ANDX r46;
+		case 47  R_WRITE_ANDX r47;
+		case 50  R_TRANS2 q50;
+		case 113 R_TDIS    r113;
+		case 114 R_NEGPROT r114;
+		case 115 R_SESSION_SETUP_ANDX r115;
+		case 116 R_ULOGOFF_ANDX r116;
+		case 117 R_TCON_ANDX r117;
+		case 128 R_DSKATTR    r128;
+		case 160 R_NTTRANS r160;
+		case 162 R_NTCREATE_ANDX r162;
+	}
+} R_SMB;
+
+typedef struct _Q_SMB {
+	ULONG nbhdr;
+	SMB_HDR hdr;
+	union ctr[hdr.com] {
+		case 4   Q_CLOSE      q4;
+		case 6   Q_UNLINK     q6;
+		case 36  Q_LOCKING_ANDX q36;
+		case 37  Q_TRANS q37;
+		case 45  Q_OPEN_ANDX q45;
+		case 46  Q_READ_ANDX q46;
+		case 47  Q_WRITE_ANDX q47;
+		case 50  Q_TRANS2 q50;
+		case 113 Q_TDIS    q113;
+		case 114 Q_NEGPROT q114;
+		case 115 Q_SESSION_SETUP_ANDX q115;
+		case 116 Q_ULOGOFF_ANDX q116;
+		case 117 Q_TCON_ANDX q117;
+		case 128 Q_DSKATTR    q128;
+		case 160 Q_NTTRANS q160;
+		case 162 Q_NTCREATE_ANDX q162;
+	}
+} Q_SMB;
+
diff --git a/source3/aparser/dump.awk b/source3/aparser/dump.awk
new file mode 100644
index 0000000000..11bfb107e4
--- /dev/null
+++ b/source3/aparser/dump.awk
@@ -0,0 +1,70 @@
+# dump the current parse tree
+
+
+function element_string(elnum,
+			LOCAL, elem)
+{
+	elem = elements[elnum, "elem"];
+	if (elements[elnum, "ptr"]=="1") elem="*"elem;
+	if (elements[elnum, "array_len"]!="") 
+		elem=elem"["elements[elnum, "array_len"]"]";
+	if (elements[elnum, "switch"]!="") 
+		elem=elem"["elements[elnum, "switch"]"]";
+	return elem;
+}
+
+function dump_element(f, elnum,
+		      LOCAL, elem, type)
+{
+	type = elements[elnum, "type"];
+	case = elements[elnum, "case"];
+	elem = element_string(elnum);
+	if (case != "") {
+		xprintf(f,"\t\tcase %d %s %s;\n", case, type, elem);
+	} else {
+		xprintf(f,"\t%s %s;\n", type, elem);
+	}
+}
+
+function dump_union(f, elnum,
+		    LOCAL, i) 
+{
+	xprintf(f,"\tunion %s {\n", element_string(elnum));
+	for (i=0;i<unions[elnum, "num_elems"];i++) {
+		dump_element(f, unions[elnum, i]);
+	}
+	xprintf(f,"\t}\n");
+}
+
+function dump_elem(f, struct_num, elem_num,
+		   LOCAL, enum) 
+{
+	elnum = structs[struct_num, elem_num];
+
+	if (elements[elnum, "type"] == "union") {
+		dump_union(f, elnum);
+	} else {
+		dump_element(f, elnum);
+	}
+}
+
+function dump_structs(f, NIL,
+		      LOCAL, i, j) 
+{
+	xprintf(f,"/* dump of parsed structures */\n\n\n");
+
+	for (i=0;i < num_options;i++) {
+		xprintf(f,"option %s %s\n", options[i, "name"], options[i, "value"]);
+	}
+	xprintf(f,"\n\n");
+
+	for (i=0;i < num_structs;i++) {
+		xprintf(f,"/* structure %d */\n", i);
+		xprintf(f,"struct %s {\n", structs[i, "name"]);
+		for (j=0;j<structs[i, "num_elems"];j++) {
+			dump_elem(f, i, j);
+		}
+		xprintf(f,"};\n\n");
+	}
+	xprintf(f,"/* end dump */\n\n");
+}
diff --git a/source3/aparser/harness.awk b/source3/aparser/harness.awk
new file mode 100644
index 0000000000..6c4c35c40f
--- /dev/null
+++ b/source3/aparser/harness.awk
@@ -0,0 +1,17 @@
+function produce_harness(f,
+			 LOCAL, v, struct_num, i)
+{
+	struct_num=structs[test];
+
+	v["MODULE"]=module;
+
+	print_template(f, "harness_start.tpl", v);
+
+	for (i=0;i<num_structs;i++) {
+		v["TEST"] = structs[i, "name"];
+		print_template(f, "harness.tpl", v);
+	}
+
+	print_template(f, "harness_end.tpl", v);
+}
+
diff --git a/source3/aparser/header.awk b/source3/aparser/header.awk
new file mode 100644
index 0000000000..ba7117436b
--- /dev/null
+++ b/source3/aparser/header.awk
@@ -0,0 +1,80 @@
+# produce a header file for a parsed struct file
+
+function header_elstring(elnum,
+			 LOCAL, elem)
+{
+	array_len = elements[elnum, "array_len"];
+	elem=elements[elnum, "elem"];
+	if (elements[elnum, "ptr"]=="1") elem="*"elem;
+	if (array_len!="") {
+		if (is_constant(array_len) == 1) {
+			elem=elem"["array_len"]";
+		} else {
+			elem="*"elem;
+		}
+	}
+	return elem;
+}
+
+function header_element(f, elnum,
+			LOCAL, type)
+{
+	type=elements[elnum, "type"];
+	if (substr(type,1,1) == ".") return;
+	xprintf(f,"\t%s %s;\n", type, header_elstring(elnum));
+}
+
+function header_union(f, elnum,
+		      LOCAL, i) 
+{
+	xprintf(f,"\tunion {\n");
+	for (i=0;i<unions[elnum, "num_elems"];i++) {
+		header_element(f, unions[elnum, i]);
+	}
+	xprintf(f,"\t} %s;\n", header_elstring(elnum));
+}
+
+function header_elem(f, elnum) 
+{
+	
+	if (elements[elnum, "type"] == "union") {
+		header_union(f, elnum);
+	} else {
+		header_element(f, elnum);
+	}
+}
+
+function header_struct(f, struct_num,
+		       LOCAL, i) 
+{
+	xprintf(f,"/* structure %s */\n", 
+	       structs[struct_num, "name"]);
+	xprintf(f,"typedef struct {\n");
+	for (i=0;i < structs[struct_num, "num_elems"];i++) {
+		header_elem(f, structs[struct_num, i]);
+	}
+	xprintf(f,"} %s;\n\n\n", structs[struct_num, "name"]);
+}
+
+
+function produce_headers(f, NIL,
+			 LOCAL, i) 
+{
+	xprintf(f,"/* auto-generated headers for %s */\n\n\n", module);
+	xprintf(f,"#ifndef _%s_\n", module);
+	xprintf(f,"#define _%s_\n", module);
+
+	xprintf(f,"\n\n");
+	for (i=0;i < num_options;i++) {
+		xprintf(f,"#define OPTION_%s %s\n", 
+			options[i, "name"], options[i, "value"]);
+	}
+	xprintf(f,"\n\n");
+
+	for (i=0;i < num_structs;i++) {
+		header_struct(f, i);
+	}
+	xprintf(f,"/* end auto-generated headers */\n\n");
+	xprintf(f,"#endif /* _%s_ */\n", module);
+}
+
diff --git a/source3/aparser/main.awk b/source3/aparser/main.awk
new file mode 100644
index 0000000000..4969f2217a
--- /dev/null
+++ b/source3/aparser/main.awk
@@ -0,0 +1,25 @@
+# the main program
+
+@include dump.awk
+@include header.awk
+@include util.awk
+@include template.awk
+#@include parsefn.awk
+@include parserel.awk
+@include harness.awk
+@include parsetree.awk
+@include token.awk
+
+END {
+	dump_structs("dump.out");
+	printf("Producing headers...\n");
+	produce_headers("prs_"module".h");
+#	printf("Producing parsers...\n");
+#	produce_parsers("prs_"module".c", "mod_"module".c");
+	printf("Producing relative parsers...\n");
+	produce_relative("prs_"module".c");
+	printf("Producing harness...\n");
+	produce_harness("test.h");
+	printf("Done.\n");
+	exit 0;
+}
diff --git a/source3/aparser/parsefn.awk b/source3/aparser/parsefn.awk
new file mode 100644
index 0000000000..2bebd765e6
--- /dev/null
+++ b/source3/aparser/parsefn.awk
@@ -0,0 +1,271 @@
+# build parse functions for a parsed struct file
+
+function elem_name(v, elem)
+{
+	return v["UNION"]elem;
+}
+
+function parse_array(f, v, elnum, flags,
+		     LOCAL, type, elem, array_len)
+{
+	type = elements[elnum, "type"];
+	elem = elements[elnum, "elem"];
+	array_len = elements[elnum, "array_len"];
+	v["ELEM"] = elem_name(v, elem);
+	v["TYPE"] = type;
+	v["FLAGS"] = flags;
+	v["ARRAY_LEN"] = array_len;
+
+	if (array_len=="+") {
+	  print_template(f,"prs_array_optional.tpl", v);
+	  return;
+	}
+
+	if (array_len=="*") {
+	  print_template(f,"prs_array_remainder.tpl", v);
+	  return;
+	}
+
+	if (type == "wchar" || type == "uint16") {
+		if (match(array_len,"[0-9]") == 1) {
+			print_template(f, "prs_wstring_fixed.tpl", v);
+		} else {
+			print_template(f, "prs_wstring.tpl", v);
+		}
+	} else if (type == "uint8") {
+		if (match(array_len,"[0-9]") == 1) {
+			print_template(f, "prs_uint8s_fixed.tpl", v);
+		} else {
+			print_template(f, "prs_uint8s.tpl", v);
+		}
+	} else {
+		print_template(f, "prs_array.tpl", v);
+	}
+}
+	      
+
+function parse_element(f, v, elnum, flags,
+		       LOCAL, type, elem)
+{
+	if (elements[elnum,"nowire"] != "") {
+		return;
+	}
+	type = elements[elnum, "type"];
+	if (substr(type,1,1) == ".") return;
+	elem = elements[elnum, "elem"];
+	if (elements[elnum,"ptr"] == "") {
+		v["PTR"] = "\\&";
+	} else {
+		v["PTR"] = " ";
+	}
+	v["ELEM"] = elem_name(v, elem);
+	v["TYPE"] = type;
+	v["FLAGS"] = flags;
+	print_template(f, "prs_element.tpl", v);
+}
+
+function parse_union(f, v, elnum, flags,
+		     LOCAL, i)
+{
+	v["UNION"] = elements[elnum, "elem"];
+	v["SWITCH"] = elements[elnum, "switch"];
+
+	if (elements[elnum, "ptr"] == "1") {
+		v["UNION"] = v["UNION"]"->";
+	} else {
+		v["UNION"] = v["UNION"]".";
+	}
+
+	print_template(f, "union_start.tpl", v);
+	for (i=0;i<unions[elnum, "num_elems"];i++) {
+		v["CASE"] = elements[unions[elnum, i], "case"];
+		print_template(f, "prs_case.tpl", v);
+		if (elements[elnum, "ptr"] == "1") {
+			parse_scalars(f, v, unions[elnum, i], "PARSE_SCALARS");
+			parse_buffers(f, v, unions[elnum, i], "PARSE_BUFFERS");
+		} else {
+			if (flags == "PARSE_SCALARS") {
+				parse_scalars(f, v, unions[elnum, i], flags);
+			} else {
+				parse_buffers(f, v, unions[elnum, i], flags);
+			}
+		}
+		print_template(f, "prs_break.tpl", v);
+	}
+	v["UNION"] = "";
+
+	print_template(f, "union_end.tpl", v);
+}
+
+function parse_scalar(f, v, elnum, flags)
+{
+	if (elements[elnum, "type"] == "union") {
+		parse_union(f, v, elnum, flags);
+	} else if (elements[elnum, "array_len"]!="") {
+		parse_array(f, v, elnum, flags);
+	} else {
+		parse_element(f, v, elnum, flags);
+	}
+}
+
+function parse_align2(f, v, elnum, flags,
+		       LOCAL, elem)
+{
+	elem = elements[elnum, "elem"];
+	v["OFFSET"] = elem_name(v, elem);
+	print_template(f, "prs_align2.tpl", v);
+}
+
+function parse_align4(f, v, elnum, flags,
+		       LOCAL, elem)
+{
+	elem = elements[elnum, "elem"];
+	v["OFFSET"] = elem_name(v, elem);
+	print_template(f, "prs_align4.tpl", v);
+}
+
+function parse_pointer(f, v, elnum, flags,
+		       LOCAL, elem)
+{
+	elem = elements[elnum, "elem"];
+	v["ELEM"] = elem_name(v, elem);
+	v["FLAGS"] = flags;
+	print_template(f, "prs_pointer.tpl", v);
+}
+
+function parse_scalar_fn(m, v, elnum,
+			LOCAL, elem, type)
+{
+	elem = elements[elnum, "elem"];
+	type = elements[elnum, "type"]
+	xprintf(m, "%s %s", type, elem_name(v, elem));
+	if (type == "union") {
+	} else if (elements[elnum, "array_len"]!="") {
+	} else {
+	}
+}
+
+function parse_pointer_fn(f, v, elnum, flags,
+		       LOCAL, elem)
+{
+	elem = elements[elnum, "elem"];
+	v["ELEM"] = elem_name(v, elem);
+	v["FLAGS"] = flags;
+	xprintf(m, "%s\n", v["ELEM"]);
+}
+
+function parse_scalars_fn(m, v, elnum, flags)
+{
+	if (elements[elnum, "type"] == ".align2") {
+	}
+	else if (elements[elnum, "type"] == ".align4") {
+	}
+	else if (elements[elnum, "ptr"] == "1") {
+		parse_pointer_fn(m, v, elnum, flags);
+	} else {
+		parse_scalar_fn(m, v, elnum, flags);
+	}
+}
+
+function parse_scalars(f, v, elnum, flags)
+{
+	if (elements[elnum, "type"] == ".align2") {
+		parse_align2(f, v, elnum, flags);
+	}
+	else if (elements[elnum, "type"] == ".align4") {
+		parse_align4(f, v, elnum, flags);
+	}
+	else if (elements[elnum, "ptr"] == "1") {
+		parse_pointer(f, v, elnum, flags);
+	} else {
+		parse_scalar(f, v, elnum, flags);
+	}
+}
+
+function parse_buffers(f, v, elnum, flags,
+		      LOCAL, elem, type)
+{
+	elem = elements[elnum, "elem"];
+	type = elements[elnum, "type"];
+	v["ELEM"] = elem_name(v, elem);
+	if (elements[elnum, "type"] == ".align2") {
+	}
+	else if (elements[elnum, "type"] == ".align4") {
+	} else if (elements[elnum, "ptr"] == "1") {
+		print_template(f, "ifptr_start.tpl", v);
+		parse_scalar(f, v, elnum, "PARSE_SCALARS|PARSE_BUFFERS");
+		print_template(f, "ifptr_end.tpl", v);
+	} else {
+		parse_scalar(f, v, elnum, flags);
+	}
+}
+
+function struct_parser(f, m, v, struct_num,
+		       LOCAL, i, n1, f1, num_elems) 
+{
+	f1 = -1;
+	num_elems = structs[struct_num, "num_elems"];
+	v["STRUCTNAME"] = structs[struct_num, "name"];
+	v["FUNCNAME"] = "io_" v["STRUCTNAME"];
+	print_template(f, "fn_start.tpl", v);
+
+	for (n1=0;n1<num_elems;n1++) {
+		if (elements[structs[struct_num, n1], "type"] == ".trailer") {
+			f1 = n1;
+			break;
+		}
+	}
+
+        # first all the structure pointers, scalars and arrays
+	for (i=0;i<n1;i++) {
+		parse_scalars(f, v, structs[struct_num, i], "PARSE_SCALARS");
+	}
+
+	print_template(f, "fn_mid.tpl", v);
+
+	# now the buffers
+	for (i=0;i<n1;i++) {
+		parse_buffers(f, v, structs[struct_num, i], "PARSE_BUFFERS");
+	}
+
+	# and any trailers
+	for (i=n1;i<num_elems;i++) {
+		parse_scalars(f, v, structs[struct_num, i], "PARSE_SCALARS");
+		parse_buffers(f, v, structs[struct_num, i], "PARSE_BUFFERS");
+	}
+
+	if (i > 0) {
+		print_template(f, "fn_end.tpl", v);
+	}
+	else {
+		print_template(f, "fn_end0.tpl", v);
+	}
+
+	if (f1 == -1)
+		return;
+
+	xprintf(m, "void fn_%s(\n", v["STRUCTNAME"]);
+
+	for (i=f1+1;i<num_elems;i++) {
+		parse_scalars_fn(m, v, structs[struct_num, i]);
+		if (i != num_elems-1)
+			xprintf(m, ", \n");
+			
+	}
+
+	xprintf(m, ")\n{\n}\n");
+}
+
+function produce_parsers(f, m,
+			 LOCAL, v, i)
+{
+	v["MODULE"]=module;
+
+	print_template(f, "module_start.tpl", v);
+
+	for (i=0;i < num_structs;i++) {
+		struct_parser(f, m, v, i);
+	}
+
+	print_template(f, "module_end.tpl", v);
+}
diff --git a/source3/aparser/parser.c b/source3/aparser/parser.c
new file mode 100644
index 0000000000..0c7153e1fb
--- /dev/null
+++ b/source3/aparser/parser.c
@@ -0,0 +1,471 @@
+#include "parser.h"
+
+/*******************************************************************
+ Attempt, if needed, to grow a data buffer.
+ Also depends on the data stream mode (io).
+ ********************************************************************/
+
+BOOL io_grow(io_struct *ps, uint32 extra_space)
+{
+	uint32 new_size;
+	char *new_data;
+
+	ps->grow_size = MAX(ps->grow_size, ps->data_offset + extra_space);
+
+	if(ps->data_offset + extra_space <= ps->buffer_size)
+		return True;
+
+	/*
+	 * We cannot grow the buffer if we're not reading
+	 * into the io_struct, or if we don't own the memory.
+	 */
+
+	if(UNMARSHALLING(ps) || !ps->is_dynamic) {
+		DEBUG(0,("io_grow: Buffer overflow - unable to expand buffer by %u bytes.\n",
+				(unsigned int)extra_space));
+		return False;
+	}
+	
+	/*
+	 * Decide how much extra space we really need.
+	 */
+
+	extra_space -= (ps->buffer_size - ps->data_offset);
+	if(ps->buffer_size == 0) {
+		new_size = extra_space;
+
+		if((new_data = malloc(new_size)) == NULL) {
+			DEBUG(0,("io_grow: Malloc failure for size %u.\n", (unsigned int)new_size));
+			return False;
+		}
+		memset(new_data, '\0', new_size );
+	} else {
+		/*
+		 * If the current buffer size is bigger than the space needed, just 
+		 * double it, else add extra_space.
+		 */
+		new_size = MAX(ps->buffer_size*2, ps->buffer_size + extra_space);		
+
+		if ((new_data = Realloc(ps->data_p, new_size)) == NULL) {
+			DEBUG(0,("io_grow: Realloc failure for size %u.\n",
+				(unsigned int)new_size));
+			return False;
+		}
+	}
+	ps->buffer_size = new_size;
+	ps->data_p = new_data;
+
+	return True;
+}
+
+
+/*******************************************************************
+ Ensure we can read/write to a given offset.
+ ********************************************************************/
+
+char *io_mem_get(io_struct *ps, uint32 extra_size)
+{
+	if(UNMARSHALLING(ps)) {
+		/*
+		 * If reading, ensure that we can read the requested size item.
+		 */
+		if (ps->data_offset + extra_size > ps->buffer_size) {
+			DEBUG(0,("io_mem_get: reading data of size %u would overrun buffer.\n",
+					(unsigned int)extra_size ));
+			return NULL;
+		}
+	} else {
+		/*
+		 * Writing - grow the buffer if needed.
+		 */
+		if(!io_grow(ps, extra_size))
+			return False;
+	}
+	return &ps->data_p[ps->data_offset];
+}
+
+/*******************************************************************
+ Initialise a parse structure - malloc the data if requested.
+ ********************************************************************/
+
+BOOL io_init(io_struct *ps, uint32 size, BOOL io)
+{
+	ZERO_STRUCTP(ps);
+	ps->io = io;
+	ps->bigendian_data = False;
+	ps->is_dynamic = False;
+	ps->data_offset = 0;
+	ps->buffer_size = 0;
+	ps->data_p = NULL;
+
+	if (size != 0) {
+		ps->buffer_size = size;
+		if((ps->data_p = (char *)malloc((size_t)size)) == NULL) {
+			DEBUG(0,("io_init: malloc fail for %u bytes.\n", (unsigned int)size));
+			return False;
+		}
+		ps->is_dynamic = True; /* We own this memory. */
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ debug output for parsing info.
+
+ XXXX side-effect of this function is to increase the debug depth XXXX
+
+ ********************************************************************/
+void io_debug(io_struct *ps, int depth, char *desc, char *fn_name)
+{
+	DEBUG(5+depth, ("%s%06x %s %s\n", tab_depth(depth), ps->data_offset, fn_name, desc));
+}
+
+/*******************************************************************
+ Align a the data_len to a multiple of align bytes - filling with
+ zeros.
+ ********************************************************************/
+
+BOOL io_align2(io_struct *ps, int offset)
+{
+	uint32 mod = (ps->data_offset + offset) & (2-1);
+
+	if (mod != 0) {
+		uint32 extra_space = (2 - mod);
+		if(!io_grow(ps, extra_space))
+			return False;
+		memset(&ps->data_p[ps->data_offset], '\0', (size_t)extra_space);
+		ps->data_offset += extra_space;
+	}
+
+	return True;
+}
+
+BOOL io_align4(io_struct *ps, int offset)
+{
+	uint32 mod = (ps->data_offset + offset) & (4-1);
+
+	if (mod != 0) {
+		uint32 extra_space = (4 - mod);
+		if(!io_grow(ps, extra_space))
+			return False;
+		memset(&ps->data_p[ps->data_offset], '\0', (size_t)extra_space);
+		ps->data_offset += extra_space;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ Align a the data_len to a multiple of align bytes - filling with
+ zeros.
+ ********************************************************************/
+
+BOOL io_align(io_struct *ps, int align)
+{
+	uint32 mod;
+
+	if (!ps->autoalign) return True;
+
+	mod = ps->data_offset & (align-1);
+
+	if (align != 0 && mod != 0) {
+		uint32 extra_space = (align - mod);
+		if(!io_grow(ps, extra_space))
+			return False;
+		memset(&ps->data_p[ps->data_offset], '\0', (size_t)extra_space);
+		ps->data_offset += extra_space;
+	}
+
+	return True;
+}
+
+
+/*******************************************************************
+ read from a socket into memory.
+ ********************************************************************/
+BOOL io_read(io_struct *ps, int fd, size_t len, int timeout)
+{
+	BOOL ok;
+	size_t prev_size = ps->buffer_size;
+	if (!io_grow(ps, len))
+	{
+		return False;
+	}
+
+	if (timeout > 0)
+	{
+		ok = (read(fd, &ps->data_p[prev_size], len) == len);
+	}
+	else 
+	{
+		ok = (read(fd, &ps->data_p[prev_size], len) == len);
+	}
+	return ok;
+}
+
+
+/*******************************************************************
+ do IO on a uint32.
+ ********************************************************************/
+BOOL io_uint32(char *name, io_struct *ps, int depth, uint32 *data32, unsigned flags)
+{
+	char *q;
+
+	if (!(flags & PARSE_SCALARS)) return True;
+
+	if (!io_align(ps, 4)) return False;
+
+	q = io_mem_get(ps, sizeof(uint32));
+	if (q == NULL) return False;
+
+	DBG_RW_IVAL(name, depth, ps->data_offset, ps->io, ps->bigendian_data, q, *data32)
+	ps->data_offset += sizeof(uint32);
+
+	return True;
+}
+
+/*******************************************************************
+ do IO on a uint16.
+ ********************************************************************/
+BOOL io_uint16(char *name, io_struct *ps, int depth, uint16 *data16, unsigned flags)
+{
+	char *q;
+
+	if (!(flags & PARSE_SCALARS)) return True;
+
+	if (!io_align(ps, 2)) return False;
+
+	q = io_mem_get(ps, sizeof(uint16));
+	if (q == NULL) return False;
+
+	DBG_RW_SVAL(name, depth, ps->data_offset, ps->io, ps->bigendian_data, q, *data16)
+	ps->data_offset += sizeof(uint16);
+
+	return True;
+}
+
+/*******************************************************************
+ do IO on a uint8.
+ ********************************************************************/
+BOOL io_uint8(char *name, io_struct *ps, int depth, uint8 *data8, unsigned flags)
+{
+	char *q;
+
+	if (!(flags & PARSE_SCALARS)) return True;
+
+	q = io_mem_get(ps, sizeof(uint8));
+	if (q == NULL) return False;
+
+	DBG_RW_IVAL(name, depth, ps->data_offset, ps->io, ps->bigendian_data, q, *data8)
+	ps->data_offset += sizeof(uint8);
+
+	return True;
+}
+
+/*******************************************************************
+ do IO on a pointer
+ ********************************************************************/
+BOOL io_pointer(char *desc, io_struct *ps, int depth, void **p, unsigned flags)
+{
+	uint32 v;
+
+	if (!(flags & PARSE_SCALARS)) return True;
+
+	v = (*p) ? 0xdeadbeef : 0;
+	if (!io_uint32(desc, ps, depth, &v, flags)) return False;
+	*p = (void *) (v ? 0xdeadbeef : 0);
+	return True;
+}
+
+/*******************************************************************
+ Stream a null-terminated string.  
+ ********************************************************************/
+BOOL io_SMBSTR(char *name, io_struct *ps, int depth, char **str, unsigned flags)
+{
+	char *q;
+	uint8 *start;
+	int i;
+	size_t len;
+	int start_offset = ps->data_offset;
+
+	if (!(flags & PARSE_SCALARS)) return True;
+	
+	if (UNMARSHALLING(ps)) {
+		*str = io_mem_get(ps, 0);
+		if (*str == NULL)
+			return False;
+		len = strlen(*str);
+		ps->data_offset += len + 1;
+	}
+	else
+	{
+		len = strlen(*str)+1;
+		start = (uint8*)q;
+
+		for(i = 0; i < len; i++) {
+			q = io_mem_get(ps, 1);
+			if (q == NULL)
+				return False;
+
+			RW_CVAL(ps->io, q, (*str)[i],0);
+			ps->data_offset++;
+		}
+	}
+
+	DEBUG(5,("%s%04x %s: %s\n", tab_depth(depth),
+				start_offset, name, *str));
+	return True;
+}
+
+/******************************************************************
+ do IO on a byte array
+ ********************************************************************/
+BOOL io_uint8s(char *name, io_struct *ps, int depth, uint8 **data8s, int len, unsigned flags)
+{
+	char *q;
+	size_t num_bytes = len * sizeof(uint8);
+
+	if (!(flags & PARSE_SCALARS)) return True;
+
+	q = io_mem_get(ps, num_bytes);
+	if (q == NULL) return False;
+
+	if (MARSHALLING(ps))
+	{
+		DBG_RW_PCVAL(True, name, depth, ps->data_offset, ps->io, q, *data8s, len)
+	}
+	else
+	{
+		*data8s = q;
+		dump_data(depth+5, *data8s, num_bytes);
+	}
+	ps->data_offset += num_bytes;
+
+	return True;
+}
+/******************************************************************
+ do IO on a fixed-size byte array
+ ********************************************************************/
+BOOL io_uint8s_fixed(char *name, io_struct *ps, int depth, uint8 *data8s, int len, unsigned flags)
+{
+	char *q;
+	size_t num_bytes = len * sizeof(uint8);
+
+	if (!(flags & PARSE_SCALARS)) return True;
+
+	q = io_mem_get(ps, num_bytes);
+	if (q == NULL) return False;
+
+	DBG_RW_PCVAL(True, name, depth, ps->data_offset, ps->io, q, data8s, len)
+	ps->data_offset += num_bytes;
+
+	return True;
+}
+
+
+/******************************************************************
+ do IO on an io (eh?? :)
+ ********************************************************************/
+BOOL io_io_struct(char *name, io_struct *ps, int depth, io_struct *io, unsigned flags)
+{
+	char *q;
+	uint16 len;
+
+	if (!(flags & PARSE_SCALARS)) return True;
+
+	q = io_mem_get(ps, sizeof(uint16));
+	if (q == NULL) return False;
+
+	/* length first */
+	if (MARSHALLING(ps))
+	{
+		len = io->data_offset;
+	}
+	if (!io_uint16("len", ps, depth+1, &len, flags))
+	{
+		return False;
+	}
+	if (UNMARSHALLING(ps))
+	{
+		if (!io_init(io, len, UNMARSHALL))
+		{
+			return False;
+		}
+	}
+
+	/* now data */
+	q = io_mem_get(ps, len * sizeof(uint8));
+	if (q == NULL) return False;
+
+	if (MARSHALLING(ps))
+	{
+		DBG_RW_PCVAL(False, name, depth+1, ps->data_offset, ps->io, q, io->data_p, len)
+	}
+	else
+	{
+		io->data_p = q;
+		dump_data(depth+5, q, len);
+	}
+	ps->data_offset += len;
+
+	return True;
+}
+
+/******************************************************************
+ do IO on a unicode array
+ ********************************************************************/
+BOOL io_wstring(char *name, io_struct *ps, int depth, uint16 *data16s, int len, unsigned flags)
+{
+	char *q;
+
+	if (!(flags & PARSE_SCALARS)) return True;
+
+	if (!io_align(ps, 2)) return False;
+
+	q = io_mem_get(ps, len * sizeof(uint16));
+	if (q == NULL) return False;
+
+	DBG_RW_PSVAL(True, name, depth, ps->data_offset, ps->io, ps->bigendian_data, q, data16s, len)
+	ps->data_offset += (len * sizeof(uint16));
+
+	return True;
+}
+
+
+/******************************************************************
+allocate some memory for a parse structure
+ ********************************************************************/
+void io_free(io_struct *ps)
+{
+	if (ps->is_dynamic && ps->data_p)
+	{
+		free(ps->data_p);
+		ps->data_p = NULL;
+	}
+}
+
+/******************************************************************
+allocate some memory for a parse structure
+ ********************************************************************/
+BOOL io_alloc(char *name, io_struct *ps, void **ptr, unsigned size)
+{
+	(*ptr) = (void *)malloc(size);
+	if (*ptr) return True;
+	return False;
+}
+
+/******************************************************************
+realloc some memory for a parse structure
+ ********************************************************************/
+BOOL io_realloc(char *name, io_struct *ps, void **ptr, unsigned size)
+{
+	BOOL ret = True;
+	void *tp;
+
+	tp = (void *)Realloc(*ptr, size);
+	if (tp) *ptr = tp;
+	else ret = False;
+	return ret;
+}
+
diff --git a/source3/aparser/parser.h b/source3/aparser/parser.h
new file mode 100644
index 0000000000..319aeb5d13
--- /dev/null
+++ b/source3/aparser/parser.h
@@ -0,0 +1,103 @@
+#include <ctype.h>
+#include <stdio.h>
+#include <malloc.h>
+#include <unistd.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include "../include/byteorder.h"
+
+#define PARSE_SCALARS (1<<0)
+#define PARSE_BUFFERS (1<<1)
+
+#ifndef MIN
+#define MIN(a,b) ((a)<(b)?(a):(b))
+#endif
+
+#ifndef MAX
+#define MAX(a,b) ((a)>(b)?(a):(b))
+#endif
+
+#define DEBUG(lvl, str) printf str;
+#define DEBUGADD(lvl, str) printf str;
+
+#define MARSHALL 0
+#define UNMARSHALL 1
+
+#define MARSHALLING(ps) (!(ps)->io)
+#define UNMARSHALLING(ps) ((ps)->io)
+
+typedef int BOOL;
+typedef unsigned char uint8;
+typedef unsigned char uchar;
+typedef unsigned short uint16;
+typedef unsigned short wchar;
+typedef unsigned uint32;
+typedef char *SMBSTR;
+
+/* a null terminated unicode string */
+typedef uint16 ZUSTRING;
+
+#ifndef _PSTRING
+
+#define PSTRING_LEN 1024
+#define FSTRING_LEN 128
+
+typedef char pstring[PSTRING_LEN];
+typedef char fstring[FSTRING_LEN];
+
+#define _PSTRING
+
+#endif
+#define False 0
+#define True 1
+
+/* zero a structure given a pointer to the structure */
+#define ZERO_STRUCTP(x) do { if ((x) != NULL) memset((char *)(x), 0, sizeof(*(x))); } while(0)
+
+#define MAX_UNISTRLEN 256
+#define MAX_STRINGLEN 256
+#define MAX_BUFFERLEN 512
+
+typedef struct _io_struct 
+{
+	BOOL io; /* parsing in or out of data stream */
+	/* 
+	 * If the (incoming) data is big-endian. On output we are
+	 * always little-endian.
+	 */ 
+	BOOL bigendian_data;
+	BOOL is_dynamic; /* Do we own this memory or not ? */
+	BOOL autoalign; /* should we auto-align all elements? */
+	uint32 data_offset; /* Current working offset into data. */
+	uint32 buffer_size; /* Current size of the buffer. */
+	uint32 grow_size; /* size requested via io_grow() calls */
+	char *data_p; /* The buffer itself. */
+} io_struct;
+
+
+char *io_mem_get(io_struct *ps, uint32 extra_size);
+BOOL io_init(io_struct *ps, uint32 size, BOOL io);
+void io_debug(io_struct *ps, int depth, char *desc, char *fn_name);
+BOOL io_align(io_struct *ps, int align);
+BOOL io_align4(io_struct *ps, int align);
+BOOL io_align2(io_struct *ps, int align);
+BOOL io_read(io_struct *ps, int fd, size_t len, int timeout);
+void dump_data(int level,char *buf1,int len);
+BOOL io_alloc(char *name, io_struct *ps, void **ptr, unsigned size);
+BOOL io_uint32(char *name, io_struct *ps, int depth, uint32 *data32, unsigned flags);
+BOOL io_uint16(char *name, io_struct *ps, int depth, uint16 *data16, unsigned flags);
+BOOL io_uint8(char *name, io_struct *ps, int depth, uint8 *data8, unsigned flags);
+BOOL io_pointer(char *desc, io_struct *ps, int depth, void **p, unsigned flags);
+BOOL io_SMBSTR(char *name, io_struct *ps, int depth, char **str, unsigned flags);
+BOOL io_io_struct(char *name, io_struct *ps, int depth, io_struct *io, unsigned flags);
+BOOL io_wstring(char *name, io_struct *ps, int depth, uint16 *data16s, int len, unsigned flags);
+BOOL io_uint8s_fixed(char *name, io_struct *ps, int depth, uint8 *data8s, int len, unsigned flags);
+BOOL io_uint8s(char *name, io_struct *ps, int depth, uint8 **data8s, int len, unsigned flags);
+
+char *tab_depth(int depth);
+void *Realloc(void *p,size_t size);
+void dump_data(int level,char *buf1,int len);
+void print_asc(int level, uchar const *buf, int len);
+BOOL io_ZUSTRING(char *name, io_struct *ps, int depth, uint16 **ustr, unsigned flags);
+size_t strlen_w(void *src);
+
diff --git a/source3/aparser/parserel.awk b/source3/aparser/parserel.awk
new file mode 100644
index 0000000000..6d80f0607e
--- /dev/null
+++ b/source3/aparser/parserel.awk
@@ -0,0 +1,213 @@
+# build parse functions for a parsed struct file
+
+function elem_name(v, elem)
+{
+	return v["UNION"]elem;
+}
+
+function parse_array(f, v, elnum, flags,
+		     LOCAL, type, elem, array_len)
+{
+	type = elements[elnum, "type"];
+	elem = elements[elnum, "elem"];
+	array_len = elements[elnum, "array_len"];
+	v["ELEM"] = elem_name(v, elem);
+	v["TYPE"] = type;
+	v["FLAGS"] = flags;
+	v["ARRAY_LEN"] = array_len;
+
+	if (array_len=="+") {
+	  print_template(f,"prs_array_optional.tpl", v);
+	  return;
+	}
+
+	if (array_len=="&") {
+	  print_template(f,"prs_array_null.tpl", v);
+	  return;
+	}
+
+	if (array_len=="*") {
+	  print_template(f,"prs_array_remainder.tpl", v);
+	  return;
+	}
+
+	if (type == "wchar" || type == "uint16") {
+		if (match(array_len,"[0-9]") == 1) {
+			print_template(f, "prs_wstring_fixed.tpl", v);
+		} else {
+			print_template(f, "prs_wstring.tpl", v);
+		}
+	} else if (type == "uint8") {
+		if (match(array_len,"[0-9]") == 1) {
+			print_template(f, "prs_uint8s_fixed.tpl", v);
+		} else {
+			print_template(f, "prs_uint8s.tpl", v);
+		}
+	} else {
+		print_template(f, "prs_array.tpl", v);
+	}
+}
+	      
+
+function parse_element(f, v, elnum, flags,
+		       LOCAL, type, elem)
+{
+	if (elements[elnum,"nowire"] != "") {
+		return;
+	}
+	type = elements[elnum, "type"];
+	if (substr(type,1,1) == ".") return;
+	elem = elements[elnum, "elem"];
+	if (elements[elnum,"ptr"] == "") {
+		v["PTR"] = "\\&";
+	} else {
+		v["PTR"] = " ";
+	}
+	v["ELEM"] = elem_name(v, elem);
+	v["TYPE"] = type;
+	v["FLAGS"] = flags;
+	print_template(f, "prs_element.tpl", v);
+}
+
+function parse_union(f, v, elnum, flags,
+		     LOCAL, i)
+{
+	v["UNION"] = elements[elnum, "elem"];
+	v["SWITCH"] = elements[elnum, "switch"];
+
+	if (elements[elnum, "ptr"] == "1") {
+		v["UNION"] = v["UNION"]"->";
+	} else {
+		v["UNION"] = v["UNION"]".";
+	}
+
+	print_template(f, "union_start.tpl", v);
+	for (i=0;i<unions[elnum, "num_elems"];i++) {
+		v["CASE"] = elements[unions[elnum, i], "case"];
+		print_template(f, "prs_case.tpl", v);
+		if (elements[elnum, "ptr"] == "1") {
+			parse_scalars(f, v, unions[elnum, i], "PARSE_SCALARS");
+			parse_buffers(f, v, unions[elnum, i], "PARSE_BUFFERS");
+		} else {
+			if (flags == "PARSE_SCALARS") {
+				parse_scalars(f, v, unions[elnum, i], flags);
+			} else {
+				parse_buffers(f, v, unions[elnum, i], flags);
+			}
+		}
+		print_template(f, "prs_break.tpl", v);
+	}
+	v["UNION"] = "";
+
+	print_template(f, "union_end.tpl", v);
+}
+
+function parse_scalar(f, v, elnum, flags)
+{
+	if (elements[elnum, "type"] == "union") {
+		parse_union(f, v, elnum, flags);
+	} else if (elements[elnum, "array_len"]!="") {
+		parse_array(f, v, elnum, flags);
+	} else {
+		parse_element(f, v, elnum, flags);
+	}
+}
+
+function parse_pointer(f, v, elnum, flags,
+		       LOCAL, elem)
+{
+	elem = elements[elnum, "elem"];
+	v["ELEM"] = elem_name(v, elem);
+	v["FLAGS"] = flags;
+	print_template(f, "prs_pointer.tpl", v);
+}
+
+function parse_scalars(f, v, elnum, flags)
+{
+	if (elements[elnum, "ptr"] == "1") {
+		parse_pointer(f, v, elnum, flags);
+	} else {
+		parse_scalar(f, v, elnum, flags);
+	}
+}
+
+function parse_buffers(f, v, elnum, flags,
+		      LOCAL, elem, type)
+{
+	elem = elements[elnum, "elem"];
+	type = elements[elnum, "type"];
+	v["ELEM"] = elem_name(v, elem);
+	if (elements[elnum, "ptr"] == "1") {
+		print_template(f, "ifptr_start.tpl", v);
+		parse_scalar(f, v, elnum, "PARSE_SCALARS|PARSE_BUFFERS");
+		print_template(f, "ifptr_end.tpl", v);
+	} else {
+		parse_scalar(f, v, elnum, flags);
+	}
+}
+
+function struct_immediate(f, v, struct_num,
+			  LOCAL, i, n1, num_elems) 
+{
+	num_elems = structs[struct_num, "num_elems"];
+	v["STRUCTNAME"] = structs[struct_num, "name"];
+	v["FUNCNAME"] = "io_" v["STRUCTNAME"];
+
+	print_template(f, "fn_i_start.tpl", v);
+
+	for (i=0;i<num_elems;i++) {
+		parse_scalars(f, v, structs[struct_num, i], "PARSE_SCALARS");
+		parse_buffers(f, v, structs[struct_num, i], "PARSE_BUFFERS");
+	}
+
+	print_template(f, "fn_i_end.tpl", v);
+}
+
+
+function struct_recursive(f, v, struct_num,
+			  LOCAL, i, n1, num_elems) 
+{
+	num_elems = structs[struct_num, "num_elems"];
+	v["STRUCTNAME"] = structs[struct_num, "name"];
+	v["FUNCNAME"] = "io_" v["STRUCTNAME"];
+
+	print_template(f, "fn_start.tpl", v);
+
+# first all the structure pointers, scalars and arrays
+	for (i=0;i<num_elems;i++) {
+		parse_scalars(f, v, structs[struct_num, i], "PARSE_SCALARS");
+	}
+	
+	print_template(f, "fn_mid.tpl", v);
+	
+# now the buffers
+	for (i=0;i<num_elems;i++) {
+		parse_buffers(f, v, structs[struct_num, i], "PARSE_BUFFERS");
+	}
+
+	print_template(f, "fn_end.tpl", v);
+}
+
+function struct_parser(f, v, struct_num,
+		       LOCAL, i, n1, num_elems) 
+{
+	if (structs[struct_num, "recurse"] == "True") {
+		struct_recursive(f, v, struct_num);
+	} else {
+		struct_immediate(f, v, struct_num);
+	}
+}
+
+function produce_relative(f,
+			 LOCAL, v, i)
+{
+	v["MODULE"]=module;
+
+	print_template(f, "module_start.tpl", v);
+
+	for (i=0;i < num_structs;i++) {
+		struct_parser(f, v, i);
+	}
+
+	print_template(f, "module_end.tpl", v);
+}
diff --git a/source3/aparser/parsetree.awk b/source3/aparser/parsetree.awk
new file mode 100644
index 0000000000..80587a0111
--- /dev/null
+++ b/source3/aparser/parsetree.awk
@@ -0,0 +1,224 @@
+# build the parse tree for a struct file
+
+function find_structure(name, 
+			LOCAL, i)
+{
+  for (i=0;i<num_structs;i++) {
+    if (structs[i, "name"] == name) return i;
+  }
+  return "-1";
+}
+
+function start_module(name) 
+{
+	module=name;
+	num_structs=0;
+	num_elements=0;
+	num_unions=0;
+	num_tests=0;
+	num_options=0;
+}
+
+function set_option(name, value) 
+{
+	options[name] = value;
+	options[num_options, "name"] = name;
+	options[num_options, "value"] = value;
+	num_options++;
+}
+
+function parse_define(def1, def2,
+		      LOCAL, type, i)
+{
+	defines[def1]=def2;
+}
+
+function start_struct(name) 
+{
+	current_struct=num_structs;
+	structs[name]=current_struct;
+	structs[current_struct, "name"]=name;
+	structs[current_struct, "num_elems"]=0;
+	structs[current_struct, "num_unions"]=0;
+	structs[current_struct, "recurse"] = options["recurse"];
+}
+
+function end_struct(name) 
+{
+	if (name!="") structs[num_structs, "name"]=name;
+	printf("struct %s with %d elements\n", 
+	       structs[num_structs, "name"],
+	       structs[num_structs, "num_elems"]);
+	num_structs++;
+	current_struct="";
+}
+
+function add_element(type, elem, case,
+		     LOCAL, elem_num, i, v)
+{
+	while (defines[type]!="") {
+		type=defines[type];
+	}
+	elem_num=num_elements;
+
+	if (substr(elem, 1, 1) == ".") {
+		elem=substr(elem, 2);
+		elements[elem_num, "nowire"]=1;
+	}
+
+	if (substr(elem, 1, 1) == "*") {
+		elem=substr(elem, 2);
+		elements[elem_num, "ptr"]=1;
+	}
+
+	i=match(elem,"[[]");
+	if (i != 0) {
+		v = substr(elem, i+1, length(elem)-i-1);
+		elem=substr(elem, 1, i-1);
+		if (type=="union") {
+			elements[elem_num, "switch"] = v;
+		} else {
+			elements[elem_num, "array_len"] = v;
+		}
+	}
+
+	elements[elem_num, "type"] = type;
+	elements[elem_num, "elem"] = elem;
+	elements[elem_num, "case"] = case;
+
+	num_elements++;
+	return elem_num;
+}
+
+function add_struct_elem(type, elem, case,
+			 LOCAL, elem_num)
+{
+	elem_num=structs[current_struct, "num_elems"];
+	structs[current_struct, elem_num] = add_element(type, elem, case);
+	structs[current_struct, "num_elems"]++;
+	return structs[current_struct, elem_num];
+}
+
+function start_union(elem)
+{
+	current_union = add_struct_elem("union", elem);
+	unions[current_union, "num_elems"] = 0;
+}
+
+function start_union_notencap(switch)
+{
+	add_struct_elem("uint32", "switch_"switch);
+	start_union("UNKNOWN[switch_"switch"]");
+}
+
+function start_union_encap(struct, type, switch, union)
+{
+	start_struct(struct);
+	add_struct_elem(type, switch);
+	add_struct_elem(type, "switch_"switch);
+	start_union(union"[switch_"switch"]");
+	encap_union="1";
+}
+
+function parse_case(case, type, elem,
+		    LOCAL, elem_num) 
+{
+	split(case, a, "[:]");
+	case = a[1];
+	elem_num = unions[current_union, "num_elems"];
+	unions[current_union, elem_num] = add_element(type, elem, case);
+	unions[current_union, "num_elems"]++;
+}
+
+function end_union(name) 
+{
+	if (name!="") {
+		elements[current_union, "elem"] = name;
+	}
+	current_union="";
+	if (encap_union=="1") {
+		end_struct(name);
+		encap_union="0";
+	}
+}
+
+function delete_element(struct, elnum,
+			LOCAL, i)
+{
+	for (i=elnum;i<structs[struct,"num_elems"]-1;i++) {
+		structs[struct, i] = structs[struct, i+1];
+	}
+	structs[struct, "num_elems"]--;
+}
+
+function copy_struct(from, to,
+		     LOCAL, i)
+{
+	for (i=0;i<structs[from,"num_elems"];i++) {
+		structs[to, i] = structs[from, i];
+	}
+	structs[to, "name"] = structs[from, "name"];
+	structs[to, "num_elems"] = structs[from, "num_elems"];
+	structs[to, "num_unions"] = structs[from, "num_unions"];
+}
+
+function add_sizeis_array(count, type, elem)
+{
+	copy_struct(current_struct, current_struct+1);
+	elem=substr(elem,2);
+	start_struct("array_"current_struct"_"elem);
+	add_struct_elem("uint32", count);
+	add_struct_elem(type, elem"["count"]");
+	end_struct("");
+	current_struct=num_structs;
+	add_struct_elem("array_"current_struct-1"_"elem, "*"elem"_ptr");
+}
+
+
+function start_function(type, fname)
+{
+        start_struct(fname);
+	structs[current_struct, "recurse"] = "False";
+}
+
+function end_function(LOCAL, i)
+{
+  copy_struct(num_structs, num_structs+1);
+  structs[num_structs, "name"] = "Q_"structs[num_structs, "name"];
+  for (i=0;i<structs[num_structs, "num_elems"];i++) {
+    if (match(elements[structs[num_structs, i], "properties"], "in") == 0) {
+      delete_element(num_structs, i);
+      i--;
+    }
+  }
+  end_struct();
+  current_struct=num_structs;
+  structs[num_structs, "name"] = "R_"structs[num_structs, "name"];
+  for (i=0;i<structs[num_structs, "num_elems"];i++) {
+    if (match(elements[structs[num_structs, i], "properties"], "out") == 0) {
+      delete_element(num_structs, i);
+      i--;
+    }
+  }
+  if (return_result!="void")
+    add_function_param("[out]", return_result, "status");
+  end_struct();
+}
+
+function add_function_param(properties, type, elem,
+			    LOCAL, elnum, len)
+{
+  len=length(type);
+  if (substr(type, len) == "*") {
+    type=substr(type, 1, len-1);
+    elem="*"elem;
+  }
+  if (substr(elem,1,1) == "*" &&
+      (match(properties,"in") == 0 || 
+       find_structure(type) != "-1")) {
+    elem=substr(elem, 2);
+  }
+  elnum = add_struct_elem(type, elem);
+  elements[elnum, "properties"] = properties;
+}
+
diff --git a/source3/aparser/spool.struct b/source3/aparser/spool.struct
new file mode 100644
index 0000000000..1563ba5be0
--- /dev/null
+++ b/source3/aparser/spool.struct
@@ -0,0 +1,90 @@
+module spool
+
+struct BUFFER5 {
+       uint32 buf_len;
+       uint16 buffer[buf_len];
+};
+
+struct BUFFERP {
+       uint32 buf_len;
+       BUFFER5 *buf;
+};
+
+struct UNISTR2 {
+       uint32 max_len;
+       uint32 undoc;
+       uint32 str_len;
+       uint16 buffer[str_len];
+};
+
+struct LPWSTR {
+       UNISTR2 *str;
+};
+
+struct VERSION {
+       uint32 version;
+       uint32 build;
+       uint32 osversion;
+};
+
+struct NTTIME {
+       uint32 low;
+       uint32 high;
+};
+
+struct DWORD {
+       uint32 x;
+};
+
+struct PRINTER_DRIVER_INFO_LEVEL_3 {
+	DWORD cversion;
+	LPWSTR name;
+	LPWSTR environment;
+	LPWSTR driverpath;
+	LPWSTR datafile;
+	LPWSTR configfile;
+	LPWSTR helpfile;
+	LPWSTR monitorname;
+	LPWSTR defaultdatatype;
+	BUFFERP dependentfiles;
+};
+
+struct PRINTER_DRIVER_INFO_LEVEL_6 {
+         DWORD   dummy1; 
+	 DWORD   version; 
+	 LPWSTR   name;       
+	 LPWSTR environment;
+	 LPWSTR driverpath;
+	 LPWSTR datafile;
+	 LPWSTR configfile;
+	 LPWSTR helpfile;
+	 LPWSTR monitorname;
+	 LPWSTR defaultdatatype;
+	 BUFFERP  dependentfiles;
+	 BUFFERP  previousnames;
+	 NTTIME   driverdate; 
+	 VERSION driverversion; 
+	 LPWSTR mfgname; 
+	 LPWSTR oemurl; 
+	 LPWSTR hardwareid; 
+	 LPWSTR provider; 
+};
+
+
+struct PRINTER_DRIVER_INFO {
+       uint32 level;
+       union *info[level] {
+	      case 3 PRINTER_DRIVER_INFO_LEVEL_3 info_3;
+	      case 6 PRINTER_DRIVER_INFO_LEVEL_6 info_6;
+       }
+};
+
+
+struct R_GETPRINTERDATA {
+	uint32 type;
+	uint32 size;
+	uint8 *data;
+	uint32 needed;
+	uint32 status;
+};
+
diff --git a/source3/aparser/spool_io_printer_driver_info_level_3.prs b/source3/aparser/spool_io_printer_driver_info_level_3.prs
new file mode 100644
index 0000000000..baa32ef7c7
--- /dev/null
+++ b/source3/aparser/spool_io_printer_driver_info_level_3.prs
diff --git a/source3/aparser/spool_io_printer_driver_info_level_6.prs b/source3/aparser/spool_io_printer_driver_info_level_6.prs
new file mode 100644
index 0000000000..3c5a47e7a3
--- /dev/null
+++ b/source3/aparser/spool_io_printer_driver_info_level_6.prs
diff --git a/source3/aparser/srvsvc.struct b/source3/aparser/srvsvc.struct
new file mode 100644
index 0000000000..aa40c8f15e
--- /dev/null
+++ b/source3/aparser/srvsvc.struct
@@ -0,0 +1,184 @@
+module srvsvc
+
+typedef uint32 LONG;
+typedef uint32 *ENUM_HND;
+
+typedef struct _UNISTR2 {
+       uint32 max_len;
+       uint32 undoc;
+       uint32 str_len;
+       wchar  buffer[str_len];
+} UNISTR2;
+
+typedef UNISTR2 *LPWSTR;
+
+/* function 8 */
+struct CONN_INFO_0 {
+	uint32 id; /* connection id. */
+};
+
+struct CONN_INFO_1 {
+	uint32 id; 
+	uint32 type;
+	uint32 num_opens;
+	uint32 num_users;
+	uint32 open_time;
+	LPWSTR usr_name;
+	LPWSTR net_name; 
+};
+
+struct CONN_ENUM_CTR {
+	uint32 level;
+	uint32 level2;
+	uint32 num_entries;
+	uint32 num_entries2;
+	union *info[level] {
+		case 0 CONN_INFO_0 info0[num_entries]; 
+		case 1 CONN_INFO_1 info1[num_entries]; 
+	}
+};
+
+struct SRV_R_NET_CONN_ENUM {
+        .trailer;
+	CONN_ENUM_CTR ctr;
+        uint32 num_entries;
+        ENUM_HND handle;
+        uint32 status2;
+};
+
+struct SRV_Q_NET_CONN_ENUM {
+       .trailer;
+       LPWSTR dest_srv;
+       LPWSTR qual_srv;
+       uint32 level;
+       uint32 level2;
+       CONN_ENUM_CTR *ctr;
+       uint32 max_len;
+       ENUM_HND handle;
+};
+
+/* function 9 */
+struct FILE_INFO_3 {
+	uint32 id;            /* file index */
+	uint32 perms;         /* file permissions. don't know what format */
+	uint32 num_locks;     /* file locks */
+	LPWSTR path_name; /* file name */
+	LPWSTR user_name; /* file owner */
+};
+
+struct SRV_FILE_INFO_CTR {
+	uint32 level;
+	uint32 num_entries;
+	uint32 dummy;
+	union *file[level] {
+	      case 3 FILE_INFO_3 info3[num_entries];
+	}
+};
+
+struct SRV_Q_NET_FILE_ENUM {
+       .trailer;
+       LPWSTR srv_name;
+       LPWSTR qual_name;
+       uint32 dummy;
+       uint32 level;
+       SRV_FILE_INFO_CTR ctr;
+       uint32 *status;
+       uint32 preferred_len;
+       ENUM_HND enum_hnd;
+};
+
+
+struct SRV_R_NET_FILE_ENUM {
+       .trailer;
+       uint32 level;
+       uint32 dummy;
+       SRV_FILE_INFO_CTR *ctr;
+       uint32 total_entries;                    /* total number of files */
+       ENUM_HND enum_hnd;
+       uint32 status;        /* return status */
+};
+
+
+/* function 15 */
+struct SRV_SHARE_INFO_1 {
+	LPWSTR uni_netname;
+	uint32 type;
+	LPWSTR uni_remark;
+};
+
+struct SRV_SHARE_INFO_2 {
+	LPWSTR uni_netname;
+	uint32 type;
+	LPWSTR uni_remark;
+	uint32 perms;
+	uint32 max_uses;
+	uint32 num_uses;
+	LPWSTR path;
+	LPWSTR passwd;
+};
+
+struct SRV_R_NET_SHARE_ENUM {
+       uint32 level;
+       uint32 level2;
+       uint32 *ret_count;
+       uint32 num_entries;
+       union *info[level] {
+              case 1 SRV_SHARE_INFO_1 info1[num_entries];
+              case 2 SRV_SHARE_INFO_2 info2[num_entries];
+       }
+       .trailer;
+       uint32 count;
+       ENUM_HND handle;
+       uint32 status;
+};
+
+
+
+/* function 21 */
+struct SERVER_INFO_100 {
+	uint32  dwPlatformID;
+	LPWSTR pszName;
+};
+
+struct SERVER_INFO_101 {
+	    uint32  dwPlatformID;
+	    LPWSTR pszName;
+	    uint32  dwVerMajor;
+	    uint32  dwVerMinor;
+	    uint32  dwType;
+	    LPWSTR pszComment;
+};
+
+struct SERVER_INFO_102 {
+    uint32 dwPlatformID;
+    LPWSTR pszName;
+    uint32 dwVerMajor;
+    uint32 dwVerMinor;
+    uint32 dwType;
+    LPWSTR pszComment;
+    uint32 dwUsers;
+    uint32 lDisc;
+    uint32 bHidden;
+    uint32 dwAnnounce;
+    uint32 dwAnnDelta;
+    uint32 dwLicenses;
+    LPWSTR pszUserPath;
+};
+
+struct SRV_R_NET_SERVER_INFO {
+       .trailer;
+       uint32 level;
+       union *info[level] {
+		case 100 SERVER_INFO_100 sv100;
+		case 101 SERVER_INFO_101 sv101;
+		case 102 SERVER_INFO_102 sv102;
+       }
+       uint32 status;
+};
+
+struct SRV_Q_NET_SERVER_INFO {
+       .trailer;
+       LPWSTR server;
+       uint32 level;
+};
+
diff --git a/source3/aparser/srvsvc2.struct b/source3/aparser/srvsvc2.struct
new file mode 100644
index 0000000000..362d121e37
--- /dev/null
+++ b/source3/aparser/srvsvc2.struct
@@ -0,0 +1,655 @@
+module srvsvc
+
+option autoalign True
+option relative False
+option recurse True
+option foo blah
+
+#define BOOL uint32
+#define LONG uint32
+#define DWORD uint32
+#define STATUS uint32
+
+typedef struct _UNISTR2 {
+       uint32 max_len;
+       uint32 undoc;
+       uint32 str_len;
+       wchar  buffer[str_len];
+} UNISTR2;
+
+struct LPWSTR {
+       UNISTR2 *str;
+};
+
+
+
+	/* -- CHARACTER DEVICE INFORMATION -- */
+
+	typedef struct _CHARDEV_INFO_0 {
+		LPWSTR  pszName;
+	} CHARDEV_INFO_0;
+
+	typedef struct _CHARDEV_INFO_1 {
+		LPWSTR  pszName;
+		DWORD   dwStatus;
+		LPWSTR  pszUser;
+		DWORD   dwTime;
+	} CHARDEV_INFO_1;
+
+	typedef union _CHARDEV_INFO switch (DWORD dwLevel) ctr {
+		case 1: CHARDEV_INFO_0 *ci0;
+		case 2: CHARDEV_INFO_1 *ci1;
+	} CHARDEV_INFO;
+
+	typedef struct _CHARDEV_ENUM_0 {
+		DWORD   dwEntries;
+		[size_is(dwEntries)] CHARDEV_INFO_0 *ci0;
+	} CHARDEV_ENUM_0;
+
+	typedef struct _CHARDEV_ENUM_1 {
+		DWORD   dwEntries;
+		[size_is(dwEntries)] CHARDEV_INFO_1 *ci1;
+	} CHARDEV_ENUM_1;
+
+	typedef struct _CHARDEV_ENUM {
+		DWORD dwLevel;
+		[switch_is(dwLevel)] union {
+			[case(0)] CHARDEV_ENUM_0 *ce0;
+			[case(1)] CHARDEV_ENUM_1 *ce1;
+		} ctr;
+	} CHARDEV_ENUM;
+
+	STATUS NetrCharDevEnum(    /* Function 0x00 */
+	              [in,unique] LPWSTR        pszServer,
+	                 [in,out] CHARDEV_ENUM* pCharDevEnum,
+	                     [in] DWORD         dwMaxLen,
+	                    [out] DWORD*        dwEntries,
+	                 [in,out] DWORD*        hResume
+						 );
+
+	STATUS NetrCharDevGetInfo(     /* Function 0x01 */
+	              [in,unique] LPWSTR        pszServer,
+	                 [in,ref] LPWSTR        pszDevice,
+	                     [in] DWORD         dwLevel,
+	                    [out] CHARDEV_INFO* pCharDevInfo
+	                      );
+
+	STATUS NetrCharDevControl(     /* Function 0x02 */
+	              [in,unique] LPWSTR pszServer,
+	                 [in,ref] LPWSTR pszDevice,
+	                     [in] DWORD  dwOpcode
+	                      );
+
+	/* -- CHARACTER DEVICE QUEUE INFORMATION -- */
+
+	typedef struct _CHARDEVQ_INFO_0 {
+		LPWSTR  pszName;
+	} CHARDEVQ_INFO_0;
+
+	typedef struct _CHARDEVQ_INFO_1 {
+		LPWSTR  pszName;
+		DWORD   dwPriority;
+		LPWSTR  pszDevices;
+		DWORD   dwNumUsers;
+		DWORD   dwNumAhead;
+	} CHARDEVQ_INFO_1;
+
+	typedef union _CHARDEVQ_INFO switch (DWORD dwLevel) ctr {
+		case 1: CHARDEVQ_INFO_0 *ci0;
+		case 2: CHARDEVQ_INFO_1 *ci1;
+	} CHARDEVQ_INFO;
+
+	typedef struct _CHARDEVQ_ENUM_0 {
+		DWORD   dwEntries;
+		[size_is(dwEntries)] CHARDEVQ_INFO_0 *ci0;
+	} CHARDEVQ_ENUM_0;
+
+	typedef struct _CHARDEVQ_ENUM_1 {
+		DWORD   dwEntries;
+		[size_is(dwEntries)] CHARDEVQ_INFO_1 *ci1;
+	} CHARDEVQ_ENUM_1;
+
+	typedef struct _CHARDEVQ_ENUM {
+		DWORD dwLevel;
+		[switch_is(dwLevel)] union {
+			[case(0)] CHARDEVQ_ENUM_0 *ce0;
+			[case(1)] CHARDEVQ_ENUM_1 *ce1;
+		} ctr;
+	} CHARDEVQ_ENUM;
+
+	STATUS NetrCharDevQEnum(       /* Function 0x03 */
+	              [in,unique] LPWSTR         pszServer,
+	              [in,unique] LPWSTR         pszUser,
+	                 [in,out] CHARDEVQ_ENUM* pCharDevQEnum,
+	                     [in] DWORD          dwMaxLen,
+	                    [out] DWORD*         dwEntries,
+	                 [in,out] DWORD*         hResume
+						    );
+
+	STATUS NetrCharDevQGetInfo(    /* Function 0x04 */
+	              [in,unique] LPWSTR         pszServer,
+	                 [in,ref] LPWSTR         pszQueue,
+	                 [in,ref] LPWSTR         pszUser,
+	                     [in] DWORD          dwLevel,
+	                    [out] CHARDEVQ_INFO* pCharDevQInfo
+	                           );
+
+	STATUS NetrCharDevQSetInfo(    /* Function 0x05 */
+	              [in,unique] LPWSTR         pszServer,
+	                 [in,ref] LPWSTR         pszQueue,
+	                     [in] DWORD          dwLevel,
+	                     [in] CHARDEVQ_INFO* pCharDevQInfo,
+	                 [in,out] DWORD*         dwParmError
+	                           );
+
+	STATUS NetrCharDevQPurge(      /* Function 0x06 */
+	              [in,unique] LPWSTR pszServer,
+	                 [in,ref] LPWSTR pszQueue
+	                         );
+
+	STATUS NetrCharDevQPurgeSelf(  /* Function 0x07 */
+	              [in,unique] LPWSTR pszServer,
+				     [in,ref] LPWSTR pszQueue,
+				     [in,ref] LPWSTR pszComputer
+	                             );
+
+	/* -- CONNECTION INFORMATION -- */
+
+	typedef struct _CONNECTION_INFO_0 {
+		DWORD  dwConnID;
+	} CONNECTION_INFO_0;
+
+	typedef struct _CONNECTION_INFO_1 {
+		DWORD  dwConnID;
+		DWORD  dwType;
+		DWORD  dwNumOpens;
+		DWORD  dwNumUsers;
+		DWORD  dwTime;
+		LPWSTR pszUser;
+		LPWSTR pszShare;
+	} CONNECTION_INFO_1;
+
+	typedef struct _CONNECTION_ENUM_0 {
+		DWORD   dwEntries;
+		[size_is(dwEntries)] CONNECTION_INFO_0 *ci0;
+	} CONNECTION_ENUM_0;
+
+	typedef struct _CONNECTION_ENUM_1 {
+		DWORD   dwEntries;
+		[size_is(dwEntries)] CONNECTION_INFO_1 *ci1;
+	} CONNECTION_ENUM_1;
+
+	typedef struct _CONNECTION_ENUM {
+		DWORD dwLevel;
+		[switch_is(dwLevel)] union {
+			[case(0)] CONNECTION_ENUM_0 *ce0;
+			[case(1)] CONNECTION_ENUM_1 *ce1;
+		} ctr;
+	} CONNECTION_ENUM;
+
+	STATUS NetrConnectionEnum(     /* Function 0x08 */
+	              [in,unique] LPWSTR           pszServer,
+	              [in,unique] LPWSTR           pszClient,
+	                 [in,out] CONNECTION_ENUM* pConnectionEnum,
+	                     [in] DWORD            dwMaxLen,
+	                    [out] DWORD*           dwEntries,
+	                 [in,out] DWORD*           hResume
+	                          );
+
+	/* -- FILE INFORMATION -- */
+
+	typedef struct _FILE_INFO_2 {
+		DWORD  dwFileID;
+	} FILE_INFO_2;
+
+	typedef struct _FILE_INFO_3 {
+		DWORD  dwFileID;
+		DWORD  dwPermissions;
+		DWORD  dwNumLocks;
+		LPWSTR pszPath;
+		LPWSTR pszUser;
+	} FILE_INFO_3;
+
+	typedef union _FILE_INFO switch (DWORD dwLevel) ctr {
+		case 2: FILE_INFO_2 *fi2;
+		case 3: FILE_INFO_3 *fi3;
+	} FILE_INFO;
+
+	typedef struct _FILE_ENUM_2 {
+		DWORD   dwEntries;
+		[size_is(dwEntries)] FILE_INFO_2 *fi2;
+	} FILE_ENUM_2;
+
+	typedef struct _FILE_ENUM_3 {
+		DWORD   dwEntries;
+		[size_is(dwEntries)] FILE_INFO_3 *fi3;
+	} FILE_ENUM_3;
+
+	typedef struct _FILE_ENUM {
+		DWORD dwLevel;
+		[switch_is(dwLevel)] union {
+			[case(2)] FILE_ENUM_2 *fe2;
+			[case(3)] FILE_ENUM_3 *fe3;
+		} ctr;
+	} FILE_ENUM;
+
+	STATUS NetrFileEnum(           /* Function 0x09 */
+	              [in,unique] LPWSTR     pszServer,
+	              [in,unique] LPWSTR     pszBasePath,
+	              [in,unique] LPWSTR     pszUser,
+	                 [in,out] FILE_ENUM* pFileEnum,
+	                     [in] DWORD      dwMaxLen,
+	                    [out] DWORD*     dwEntries,
+	                 [in,out] DWORD*     hResume
+	                     );
+
+	STATUS NetrFileGetInfo(        /* Function 0x0A */
+	              [in,unique] LPWSTR     pszServer,
+	                     [in] DWORD      dwFileID,
+	                     [in] DWORD      dwLevel,
+	                    [out] FILE_INFO* pFileInfo
+	                       );
+
+	STATUS NetrFileClose(          /* Function 0x0B */
+	              [in,unique] LPWSTR pszServer,
+	                     [in] DWORD  dwFileID
+	                     );
+
+	/* -- SESSION INFORMATION -- */
+
+	typedef struct _SESSION_INFO_0 {
+		LPWSTR  pszClient;
+	} SESSION_INFO_0;
+
+	typedef struct _SESSION_INFO_1 {
+		LPWSTR  pszClient;
+		LPWSTR  pszUser;
+		DWORD   dwOpens;
+		DWORD   dwTime;
+		DWORD   dwIdleTime;
+		DWORD   dwUserFlags;
+	} SESSION_INFO_1;
+
+	typedef struct _SESSION_INFO_2 {
+		LPWSTR  pszClient;
+		LPWSTR  pszUser;
+		DWORD   dwOpens;
+		DWORD   dwTime;
+		DWORD   dwIdleTime;
+		DWORD   dwUserFlags;
+	    LPWSTR  pszClientType;
+	} SESSION_INFO_2;
+
+	typedef struct _SESSION_ENUM_0 {
+		DWORD   dwEntries;
+		[size_is(dwEntries)] SESSION_INFO_0 *si0;
+	} SESSION_ENUM_0;
+
+	typedef struct _SESSION_ENUM_1 {
+		DWORD   dwEntries;
+		[size_is(dwEntries)] SESSION_INFO_1 *si1;
+	} SESSION_ENUM_1;
+
+	typedef struct _SESSION_ENUM_2 {
+		DWORD   dwEntries;
+		[size_is(dwEntries)] SESSION_INFO_2 *si2;
+	} SESSION_ENUM_2;
+
+	typedef struct _SESSION_ENUM {
+		DWORD dwLevel;
+		[switch_is(dwLevel)] union {
+			[case(0)] SESSION_ENUM_0 *se0;
+			[case(1)] SESSION_ENUM_1 *se1;
+			[case(2)] SESSION_ENUM_2 *se2;
+		} ctr;
+	} SESSION_ENUM;
+
+	STATUS NetrSessionEnum(        /* Function 0x0C */
+	              [in,unique] LPWSTR        pszServer,
+	              [in,unique] LPWSTR        pszClient,
+	              [in,unique] LPWSTR        pszUser,
+	                 [in,out] SESSION_ENUM* pFileEnum,
+	                     [in] DWORD         dwMaxLen,
+	                    [out] DWORD*        dwEntries,
+	                 [in,out] DWORD*        hResume	
+	                     );
+
+	STATUS NetrSessionDel(         /* Function 0x0D */
+	              [in,unique] LPWSTR pszServer,
+	                 [in,ref] LPWSTR pszClient,
+	                 [in,ref] LPWSTR pszUser
+	                      );
+
+	/* -- SHARE INFORMATION -- */
+
+	typedef struct _SHARE_INFO_0 {
+		LPWSTR  pszName;
+	} SHARE_INFO_0;
+
+	typedef struct _SHARE_INFO_1 {
+		LPWSTR  pszName;
+		DWORD   dwType;
+		LPWSTR  pszComment;
+	} SHARE_INFO_1;
+
+	typedef struct _SHARE_INFO_2 {
+		LPWSTR  pszName;
+		DWORD   dwType;
+		LPWSTR  pszComment;
+		DWORD   dwPermissions;
+		DWORD   dwMaxUses;
+		DWORD   dwCurrentUses;
+		LPWSTR  pszPath;
+		LPWSTR  pszPasswd;
+	} SHARE_INFO_2;
+
+	typedef union _SHARE_INFO switch (DWORD dwLevel) ctr {
+		case 0: SHARE_INFO_0 *si0;
+		case 1: SHARE_INFO_1 *si1;
+		case 2: SHARE_INFO_2 *si2;
+	} SHARE_INFO;
+
+	typedef struct _SHARE_ENUM_0 {
+		DWORD   dwEntries;
+		[size_is(dwEntries)] SHARE_INFO_0 *si0;
+	} SHARE_ENUM_0;
+
+	typedef struct _SHARE_ENUM_1 {
+		DWORD   dwEntries;
+		[size_is(dwEntries)] SHARE_INFO_1 *si1;
+	} SHARE_ENUM_1;
+
+	typedef struct _SHARE_ENUM_2 {
+		DWORD   dwEntries;
+		[size_is(dwEntries)] SHARE_INFO_2 *si2;
+	} SHARE_ENUM_2;
+
+	typedef struct _SHARE_ENUM {
+		DWORD dwLevel;
+		[switch_is(dwLevel)] union {
+			[case(0)] SHARE_ENUM_0 *se0;
+			[case(1)] SHARE_ENUM_1 *se1;
+			[case(2)] SHARE_ENUM_2 *se2;
+		} ctr;
+	} SHARE_ENUM;
+
+	STATUS NetrShareAdd(           /* Function 0x0E */
+	              [in,unique] LPWSTR      pszServer,
+	                     [in] DWORD       dwLevel,
+	                    [out] SHARE_INFO* pShareInfo,
+	                 [in,out] DWORD*      dwParmError
+	                    );
+
+	STATUS NetrShareEnum(          /* Function 0x0F */
+	              [in,unique] LPWSTR       pszServer,
+	                 [in,out] SHARE_ENUM*  pShareEnum,
+	                     [in] DWORD        dwMaxLen,
+	                    [out] DWORD*       dwEntries,
+	                 [in,out] DWORD*       hResume
+						 );
+
+	STATUS NetrShareGetInfo(       /* Function 0x10 */
+	              [in,unique] LPWSTR       pszServer,
+	                 [in,ref] LPWSTR       pszShare,
+	                     [in] DWORD        dwLevel,
+	                    [out] SHARE_INFO*  pShareInfo
+	                      );
+
+	STATUS NetrShareSetInfo(       /* Function 0x11 */
+	              [in,unique] LPWSTR       pszServer,
+	                 [in,ref] LPWSTR       pszShare,
+	                     [in] DWORD        dwLevel,
+	                     [in] SHARE_INFO*  pShareInfo,
+	                     [in] DWORD        dwReserved
+	                      );
+
+	STATUS NetrShareDel(           /* Function 0x12 */
+	              [in,unique] LPWSTR pszServer,
+	                 [in,ref] LPWSTR pszShare,
+	                     [in] DWORD  dwReserved
+	                    );
+
+	STATUS NetrShareDelSticky(     /* Function 0x13 */
+	              [in,unique] LPWSTR pszServer,
+	                 [in,ref] LPWSTR pszShare,
+	                     [in] DWORD  dwReserved
+	                          );
+
+	STATUS NetrShareCheck(         /* Function 0x14 */
+	              [in,unique] LPWSTR pszServer,
+	                 [in,ref] LPWSTR pszDevice,
+	                    [out] DWORD* dwType
+	                      );
+
+	/* --- SERVER INFORMATION --- */
+
+	typedef struct _SERVER_INFO_100 {
+		DWORD  dwPlatformID;
+		LPWSTR pszName;
+	} SERVER_INFO_100;
+
+	typedef struct _SERVER_INFO_101 {
+	    DWORD  dwPlatformID;
+	    LPWSTR pszName;
+	    DWORD  dwVerMajor;
+	    DWORD  dwVerMinor;
+	    DWORD  dwType;
+	    LPWSTR pszComment;
+	} SERVER_INFO_101;
+
+	typedef struct _SERVER_INFO_102 {
+	    DWORD  dwPlatformID;
+	    LPWSTR pszName;
+	    DWORD  dwVerMajor;
+	    DWORD  dwVerMinor;
+	    DWORD  dwType;
+	    LPWSTR pszComment;
+		DWORD  dwUsers;
+		LONG   lDisc;
+		BOOL   bHidden;
+		DWORD  dwAnnounce;
+		DWORD  dwAnnDelta;
+		DWORD  dwLicenses;
+		LPWSTR pszUserPath;
+	} SERVER_INFO_102;
+
+	typedef union _SERVER_INFO switch (DWORD dwLevel) ctr {
+		case 100: SERVER_INFO_100 *sv100;
+		case 101: SERVER_INFO_101 *sv101;
+		case 102: SERVER_INFO_102 *sv102;
+	} SERVER_INFO;
+
+	STATUS NetrServerGetInfo(      /* Function 0x15 */
+	              [in,unique] LPWSTR       pszServerName,
+	                     [in] DWORD        dwLevel,
+	                    [out] SERVER_INFO* pServerInfo
+	                      );
+
+	STATUS NetrServerSetInfo(      /* Function 0x16 */
+	              [in,unique] LPWSTR       pszServerName,
+	                     [in] DWORD        dwLevel,
+	                     [in] SERVER_INFO* pServerInfo,
+	                     [in] DWORD        dwReserved
+	                      );
+
+	typedef struct _DISK_INFO {
+		LPWSTR  pszName;
+	} DISK_INFO;
+
+	typedef struct _DISK_ENUM {
+		DWORD   dwEntries;
+		[size_is(dwEntries)] DISK_INFO *di;
+	} DISK_ENUM;
+
+	STATUS NetrServerDiskEnum(     /* Function 0x17 */
+	              [in,unique] LPWSTR       pszServer,
+	                     [in] DWORD        dwLevel,
+	                 [in,out] DISK_ENUM*   pDiskEnum,
+	                     [in] DWORD        dwMaxLen,
+	                    [out] DWORD*       dwEntries,
+	                 [in,out] DWORD*       hResume
+	                          );
+
+	typedef struct _STAT_SERVER {
+		DWORD dwStart;
+		DWORD dwFOpens;
+		DWORD dwDevOpens;
+		DWORD dwJobsQueued;
+		DWORD dwSOpens;
+		DWORD dwSTimedOut;
+		DWORD dwSErrors;
+		DWORD dwPWErrors;
+		DWORD dwPermErrors;
+		DWORD dwSysErrors;
+		DWORD dwBytesSentLow;
+		DWORD dwBytesSentHigh;
+		DWORD dwBytesRcvdLow;
+		DWORD dwBytesRcvdHigh;
+		DWORD dwAVResponse;
+		DWORD dwReqBufNeed;
+		DWORD dwBigBufNeed;
+	} STAT_SERVER;
+
+	STATUS NetrServerStatisticsGet( /* Function 0x18 */
+	              [in,unique] LPWSTR       pszServer,
+	                     [in] DWORD        dwLevel,
+	                     [in] DWORD        dwOptions,
+	                    [out] STAT_SERVER* pStatServer
+	                               );
+
+	typedef struct _TRANSPORT_INFO_0 {
+		LPWSTR  pszName;
+	} TRANSPORT_INFO_0;
+
+	typedef union _TRANSPORT_INFO switch (DWORD dwLevel) ctr {
+		case 0: TRANSPORT_INFO_0 *ti0;
+	} TRANSPORT_INFO;
+
+	typedef struct _TRANSPORT_ENUM_0 {
+		DWORD   dwEntries;
+		[size_is(dwEntries)] TRANSPORT_INFO_0 *ti0;
+	} TRANSPORT_ENUM_0;
+
+	typedef struct _TRANSPORT_ENUM {
+		DWORD dwLevel;
+		[switch_is(dwLevel)] union {
+			[case(0)] TRANSPORT_ENUM_0 *te0;
+		} ctr;
+	} TRANSPORT_ENUM;
+
+	STATUS NetrServerTransportAdd( /* Function 0x19 */
+	              [in,unique] LPWSTR          pszServer,
+	                     [in] DWORD           dwLevel,
+	                    [out] TRANSPORT_INFO* pTransportInfo
+	                              );
+
+	STATUS NetrServerTransportEnum( /* Function 0x1a */
+	              [in,unique] LPWSTR          pszServer,
+	                 [in,out] TRANSPORT_ENUM* pTransportEnum,
+	                     [in] DWORD           dwMaxLen,
+	                    [out] DWORD*          dwEntries,
+	                 [in,out] DWORD*          hResume
+	                               );
+
+	STATUS NetrServerTransportDel( /* Function 0x1b */
+	              [in,unique] LPWSTR          pszServer,
+	                     [in] DWORD           dwLevel,
+	                    [out] TRANSPORT_INFO* pTransportInfo
+	                              );
+
+	typedef struct _TIME_OF_DAY {
+		DWORD dwElapsedTime;
+		DWORD dwMsecs;
+		DWORD dwHours;
+		DWORD dwMins;
+		DWORD dwSecs;
+		DWORD dwHunds;
+		LONG  lTimeZone;
+		DWORD dwInterval;
+		DWORD dwDay;
+		DWORD dwMonth;
+		DWORD dwYear;
+		DWORD dwWeekday;
+	} TIME_OF_DAY;
+
+	STATUS NetrRemoteTOD(          /* Function 0x1c */
+	              [in,unique] LPWSTR       pszServer,
+	                    [out] TIME_OF_DAY* pTOD
+	);
+
+	STATUS NetrServerSetServiceBits( /* Function 0x1d */
+	              [in,unique] LPWSTR pszServer,
+	                     [in] DWORD  hServiceStatus, /* ?? */
+	                     [in] DWORD  dwServiceBits,
+	                     [in] BOOL   bSetBitsOn,
+	                     [in] BOOL   bUpdateImmediately
+	                               );
+
+	/* --- PATH INFORMATION --- */
+
+	STATUS NetprPathType(          /* Function 0x1e */
+	                          void /* Not known */
+	                     );
+
+	STATUS NetprPathCanonicalize(  /* Function 0x1f */
+	                          void /* Not known */
+	                             );
+
+	STATUS NetprPathCompare(       /* Function 0x20 */
+	                          void /* Not known */
+	                        );
+
+	STATUS NetprNameValidate(      /* Function 0x21 */
+	                          void /* Not known */
+	                         );
+
+	STATUS NetprNameCanonicalize(  /* Function 0x22 */
+	                          void /* Not known */
+	                             );
+
+	STATUS NetprNameCompare(       /* Function 0x23 */
+	                          void /* Not known */
+	                        );
+
+	/* --- LATER ADDITIONS --- */
+
+	STATUS NetrShareEnumSticky(    /* Function 0x24 */
+	              [in,unique] LPWSTR       pszServer,
+	                 [in,out] SHARE_ENUM*  pShareEnum,
+	                     [in] DWORD        dwMaxLen,
+	                    [out] DWORD*       dwEntries,
+	                 [in,out] DWORD*       hResume
+	                           );
+
+	STATUS NetrShareDelStart(      /* Function 0x25 */
+	              [in,unique] LPWSTR pszServer,
+	                 [in,ref] LPWSTR pszShare,
+	                     [in] DWORD  dwReserved /* ? */
+	                         );
+
+	STATUS NetrShareDelCommit(     /* Function 0x26 */
+	              [in,unique] LPWSTR pszServer
+	                          );
+
+	STATUS NetrpGetFileSecurity(   /* Function 0x27 */
+	                          void /* Not known */
+	                            );
+
+	STATUS NetrpSetFileSecurity(   /* Function 0x28 */
+	                          void /* Not known */
+	                            );
+
+	STATUS NetrServerTransportAddEx( /* Function 0x29 */
+	              [in,unique] LPWSTR          pszServer,
+	                     [in] DWORD           dwLevel,
+	                    [out] TRANSPORT_INFO* pTransportInfo
+	                                );
+
+	STATUS NetrServerSetServiceBitsEx( /* Function 0x30 */
+	              [in,unique] LPWSTR pszServer,
+	                     [in] DWORD  hServiceStatus, /* ?? */
+	                     [in] DWORD  dwServiceBits,
+	                     [in] BOOL   bSetBitsOn,
+	                     [in] BOOL   bUpdateImmediately
+	                                  );
+
diff --git a/source3/aparser/template.awk b/source3/aparser/template.awk
new file mode 100644
index 0000000000..2015700835
--- /dev/null
+++ b/source3/aparser/template.awk
@@ -0,0 +1,18 @@
+# template file handling
+
+function print_template(f, tplname, v,
+			LOCAL, i, pat, line)
+{
+	tplname="templates/"tplname;
+	if (numlines(tplname) <= 0) fatal("no template "tplname);
+	while ((getline line < tplname) > 0) {
+		while ((i = match(line,"@[a-zA-Z_]*@")) != 0) {
+			pat=substr(line,i+1,RLENGTH-2);
+			if (v[pat] == "") fatal("no value for "pat" in "tplname);
+			gsub("@"pat"@", v[pat], line);
+		}
+		
+		xprintf(f, "%s\n", line);
+	}
+	close(tplname);
+}
diff --git a/source3/aparser/templates/fn_end.tpl b/source3/aparser/templates/fn_end.tpl
new file mode 100644
index 0000000000..2275ec4e33
--- /dev/null
+++ b/source3/aparser/templates/fn_end.tpl
@@ -0,0 +1,13 @@
+
+end:
+	/* the parse is OK */
+	return True;
+
+fail:
+	if (UNMARSHALLING(ps)) {
+		ZERO_STRUCTP(il);
+	}
+	return False;
+} /* @FUNCNAME@ */
+
+
diff --git a/source3/aparser/templates/fn_end0.tpl b/source3/aparser/templates/fn_end0.tpl
new file mode 100644
index 0000000000..6e49a10f53
--- /dev/null
+++ b/source3/aparser/templates/fn_end0.tpl
@@ -0,0 +1,8 @@
+
+end:
+	/* the parse is OK */
+	return True;
+
+} /* @FUNCNAME@ */
+
+
diff --git a/source3/aparser/templates/fn_i_end.tpl b/source3/aparser/templates/fn_i_end.tpl
new file mode 100644
index 0000000000..9de61decb3
--- /dev/null
+++ b/source3/aparser/templates/fn_i_end.tpl
@@ -0,0 +1,12 @@
+
+	/* the parse is OK */
+	return True;
+
+fail:
+	if (UNMARSHALLING(ps)) {
+		ZERO_STRUCTP(il);
+	}
+	return False;
+} /* @FUNCNAME@ */
+
+
diff --git a/source3/aparser/templates/fn_i_start.tpl b/source3/aparser/templates/fn_i_start.tpl
new file mode 100644
index 0000000000..3979d78e7d
--- /dev/null
+++ b/source3/aparser/templates/fn_i_start.tpl
@@ -0,0 +1,15 @@
+/*******************************************************************
+parse a @STRUCTNAME@ structure
+********************************************************************/
+BOOL @FUNCNAME@(char *desc, io_struct *ps, int depth,
+		@STRUCTNAME@ *il, unsigned flags)
+{
+	io_debug(ps, depth, desc, "@FUNCNAME@");
+	depth++;
+	
+#if 0
+	if (UNMARSHALLING(ps)) {
+		ZERO_STRUCTP(il);
+	}
+#endif
+	/* parse the scalars */
diff --git a/source3/aparser/templates/fn_mid.tpl b/source3/aparser/templates/fn_mid.tpl
new file mode 100644
index 0000000000..b81de92a5b
--- /dev/null
+++ b/source3/aparser/templates/fn_mid.tpl
@@ -0,0 +1,6 @@
+
+buffers:
+	if (!(flags & PARSE_BUFFERS)) goto end;
+
+	/* now parse the buffers */
+
diff --git a/source3/aparser/templates/fn_start.tpl b/source3/aparser/templates/fn_start.tpl
new file mode 100644
index 0000000000..a5d58767a6
--- /dev/null
+++ b/source3/aparser/templates/fn_start.tpl
@@ -0,0 +1,17 @@
+/*******************************************************************
+parse a @STRUCTNAME@ structure
+********************************************************************/
+BOOL @FUNCNAME@(char *desc, io_struct *ps, int depth,
+		@STRUCTNAME@ *il, unsigned flags)
+{
+	io_debug(ps, depth, desc, "@FUNCNAME@");
+	depth++;
+	
+	if (!(flags & PARSE_SCALARS)) goto buffers;
+
+#if 0
+	if (UNMARSHALLING(ps)) {
+		ZERO_STRUCTP(il);
+	}
+#endif
+	/* parse the scalars */
diff --git a/source3/aparser/templates/harness.tpl b/source3/aparser/templates/harness.tpl
new file mode 100644
index 0000000000..27c33c0adc
--- /dev/null
+++ b/source3/aparser/templates/harness.tpl
@@ -0,0 +1,5 @@
+
+	if (strcmp(test,"@TEST@")==0) {
+	   @TEST@ il;
+	   ret = io_@TEST@("@TEST@", ps, 0, &il, flags);
+	} else 
diff --git a/source3/aparser/templates/harness_end.tpl b/source3/aparser/templates/harness_end.tpl
new file mode 100644
index 0000000000..1e15faec16
--- /dev/null
+++ b/source3/aparser/templates/harness_end.tpl
@@ -0,0 +1,7 @@
+	{
+		printf("structure %s not found\n", test);
+		ret = False;
+	}
+
+	return ret;
+}
diff --git a/source3/aparser/templates/harness_start.tpl b/source3/aparser/templates/harness_start.tpl
new file mode 100644
index 0000000000..beba6fc12d
--- /dev/null
+++ b/source3/aparser/templates/harness_start.tpl
@@ -0,0 +1,7 @@
+#include "prs_@MODULE@.c"
+
+static BOOL run_test(char *test, io_struct *ps, int flags) 
+{
+	BOOL ret;
+
+	
diff --git a/source3/aparser/templates/ifptr_end.tpl b/source3/aparser/templates/ifptr_end.tpl
new file mode 100644
index 0000000000..990635cf45
--- /dev/null
+++ b/source3/aparser/templates/ifptr_end.tpl
@@ -0,0 +1 @@
+	}
diff --git a/source3/aparser/templates/ifptr_start.tpl b/source3/aparser/templates/ifptr_start.tpl
new file mode 100644
index 0000000000..228b84bac9
--- /dev/null
+++ b/source3/aparser/templates/ifptr_start.tpl
@@ -0,0 +1,2 @@
+	if (il->@ELEM@) {
+	if (!io_alloc("@ELEM@", ps, (void **)&il->@ELEM@, sizeof(*(il->@ELEM@)))) goto fail;
diff --git a/source3/aparser/templates/module_end.tpl b/source3/aparser/templates/module_end.tpl
new file mode 100644
index 0000000000..661f7edb95
--- /dev/null
+++ b/source3/aparser/templates/module_end.tpl
@@ -0,0 +1,3 @@
+
+
+/* end auto-generated structure parsers for @MODULE@ */
diff --git a/source3/aparser/templates/module_start.tpl b/source3/aparser/templates/module_start.tpl
new file mode 100644
index 0000000000..ac6a3c9d98
--- /dev/null
+++ b/source3/aparser/templates/module_start.tpl
@@ -0,0 +1,5 @@
+/* auto-generated structure parsers for @MODULE@ 
+   generated by aparser
+*/
+#include "prs_@MODULE@.h"
+
diff --git a/source3/aparser/templates/prs_.align.tpl b/source3/aparser/templates/prs_.align.tpl
new file mode 100644
index 0000000000..25816a23b3
--- /dev/null
+++ b/source3/aparser/templates/prs_.align.tpl
@@ -0,0 +1 @@
+	if(!io_align(ps)) goto fail;
diff --git a/source3/aparser/templates/prs_align2.tpl b/source3/aparser/templates/prs_align2.tpl
new file mode 100644
index 0000000000..54c569b547
--- /dev/null
+++ b/source3/aparser/templates/prs_align2.tpl
@@ -0,0 +1 @@
+	if (!io_align2(ps, @OFFSET@)) goto fail;
diff --git a/source3/aparser/templates/prs_align4.tpl b/source3/aparser/templates/prs_align4.tpl
new file mode 100644
index 0000000000..702fab1324
--- /dev/null
+++ b/source3/aparser/templates/prs_align4.tpl
@@ -0,0 +1 @@
+	if (!io_align4(ps, @OFFSET@)) goto fail;
diff --git a/source3/aparser/templates/prs_array.tpl b/source3/aparser/templates/prs_array.tpl
new file mode 100644
index 0000000000..4bd6a26c99
--- /dev/null
+++ b/source3/aparser/templates/prs_array.tpl
@@ -0,0 +1,8 @@
+	if ((@FLAGS@ & PARSE_SCALARS) &&
+            !io_alloc("@ELEM@", ps, (void **)&il->@ELEM@, sizeof(*(il->@ELEM@))*(il->@ARRAY_LEN@))) goto fail;
+	{
+		int i;
+		for (i=0;i<il->@ARRAY_LEN@;i++) {
+		if (!io_@TYPE@("@ELEM@...", ps, depth+1, &il->@ELEM@[i], @FLAGS@)) goto fail;
+		}
+	}
diff --git a/source3/aparser/templates/prs_array_optional.tpl b/source3/aparser/templates/prs_array_optional.tpl
new file mode 100644
index 0000000000..38bd32861f
--- /dev/null
+++ b/source3/aparser/templates/prs_array_optional.tpl
@@ -0,0 +1,5 @@
+	if ((MARSHALLING(ps) && il->@ELEM@) ||
+	     ps->data_offset < ps->buffer_size) {
+	if (!io_alloc("@ELEM@", ps, (void **)&il->@ELEM@, sizeof(*(il->@ELEM@)))) goto fail;
+	if (!io_@TYPE@("@ELEM@...", ps, depth+1, il->@ELEM@, @FLAGS@)) goto fail;
+	}
diff --git a/source3/aparser/templates/prs_array_remainder.tpl b/source3/aparser/templates/prs_array_remainder.tpl
new file mode 100644
index 0000000000..c8b1e2ab5a
--- /dev/null
+++ b/source3/aparser/templates/prs_array_remainder.tpl
@@ -0,0 +1,17 @@
+	if (UNMARSHALLING(ps))
+	{
+		int i;
+		for (i=0;ps->data_offset < ps->buffer_size;i++) {
+		if (!io_alloc("@ELEM@", ps, (void **)&il->@ELEM@, sizeof(*(il->@ELEM@))*(i+1))) goto fail;
+		if (!io_@TYPE@("@ELEM@...", ps, depth+1, &il->@ELEM@[i], @FLAGS@)) goto fail;
+		}
+	}
+	else
+	{
+		int i = -1;
+		/* HACK ALERT! */
+		do {
+		i++;
+		if (!io_@TYPE@("@ELEM@...", ps, depth+1, &il->@ELEM@[i], @FLAGS@)) goto fail;
+		} while (il->@ELEM@[i].tag2 != 0);
+	}
diff --git a/source3/aparser/templates/prs_break.tpl b/source3/aparser/templates/prs_break.tpl
new file mode 100644
index 0000000000..eb540f7be8
--- /dev/null
+++ b/source3/aparser/templates/prs_break.tpl
@@ -0,0 +1 @@
+		break;
diff --git a/source3/aparser/templates/prs_case.tpl b/source3/aparser/templates/prs_case.tpl
new file mode 100644
index 0000000000..06c1bd3ae6
--- /dev/null
+++ b/source3/aparser/templates/prs_case.tpl
@@ -0,0 +1 @@
+		case @CASE@:
diff --git a/source3/aparser/templates/prs_case_end.tpl b/source3/aparser/templates/prs_case_end.tpl
new file mode 100644
index 0000000000..eb540f7be8
--- /dev/null
+++ b/source3/aparser/templates/prs_case_end.tpl
@@ -0,0 +1 @@
+		break;
diff --git a/source3/aparser/templates/prs_element.tpl b/source3/aparser/templates/prs_element.tpl
new file mode 100644
index 0000000000..e8bf5180ce
--- /dev/null
+++ b/source3/aparser/templates/prs_element.tpl
@@ -0,0 +1 @@
+	if (!io_@TYPE@("@ELEM@", ps, depth+1, @PTR@il->@ELEM@, @FLAGS@)) goto fail;
diff --git a/source3/aparser/templates/prs_pointer.tpl b/source3/aparser/templates/prs_pointer.tpl
new file mode 100644
index 0000000000..4ebcf19d83
--- /dev/null
+++ b/source3/aparser/templates/prs_pointer.tpl
@@ -0,0 +1,2 @@
+	if (!io_pointer("@ELEM@_ptr", ps, depth+1, 
+                         (void **)&il->@ELEM@, @FLAGS@)) goto fail;
diff --git a/source3/aparser/templates/prs_struct.tpl b/source3/aparser/templates/prs_struct.tpl
new file mode 100644
index 0000000000..ab8246db8e
--- /dev/null
+++ b/source3/aparser/templates/prs_struct.tpl
@@ -0,0 +1 @@
+	if (!@MODULE@_io_@TYPE@("@ELEM@", &il->@ELEM@, ps, depth+1)) goto fail;
diff --git a/source3/aparser/templates/prs_struct_alloc.tpl b/source3/aparser/templates/prs_struct_alloc.tpl
new file mode 100644
index 0000000000..9eae5c92fc
--- /dev/null
+++ b/source3/aparser/templates/prs_struct_alloc.tpl
@@ -0,0 +1 @@
+	if (!@MODULE@_io_@TYPE@_alloc("@ELEM@", &il->@ELEM@, ps, depth+1)) goto fail;
diff --git a/source3/aparser/templates/prs_uint16.tpl b/source3/aparser/templates/prs_uint16.tpl
new file mode 100644
index 0000000000..b40d6d4216
--- /dev/null
+++ b/source3/aparser/templates/prs_uint16.tpl
@@ -0,0 +1 @@
+	if (!io_uint16("@ELEM@", ps, depth+1, &il->@ELEM@)) goto fail;
diff --git a/source3/aparser/templates/prs_uint32.tpl b/source3/aparser/templates/prs_uint32.tpl
new file mode 100644
index 0000000000..eb76715d28
--- /dev/null
+++ b/source3/aparser/templates/prs_uint32.tpl
@@ -0,0 +1 @@
+	if (!io_uint32("@ELEM@", ps, depth+1, &il->@ELEM@)) goto fail;
diff --git a/source3/aparser/templates/prs_uint8s.tpl b/source3/aparser/templates/prs_uint8s.tpl
new file mode 100644
index 0000000000..967162213f
--- /dev/null
+++ b/source3/aparser/templates/prs_uint8s.tpl
@@ -0,0 +1,2 @@
+	if (!io_alloc("@ELEM@", ps, (void **)&il->@ELEM@, sizeof(*(il->@ELEM@))*(il->@ARRAY_LEN@))) goto fail;
+	if (!io_uint8s("@ELEM@", ps, depth+1, &il->@ELEM@,	il->@ARRAY_LEN@, @FLAGS@)) goto fail;
diff --git a/source3/aparser/templates/prs_uint8s_fixed.tpl b/source3/aparser/templates/prs_uint8s_fixed.tpl
new file mode 100644
index 0000000000..26597f419f
--- /dev/null
+++ b/source3/aparser/templates/prs_uint8s_fixed.tpl
@@ -0,0 +1 @@
+	if (!io_uint8s_fixed("@ELEM@", ps, depth+1, il->@ELEM@, @ARRAY_LEN@, @FLAGS@)) goto fail;
diff --git a/source3/aparser/templates/prs_wstring.tpl b/source3/aparser/templates/prs_wstring.tpl
new file mode 100644
index 0000000000..4de46f093c
--- /dev/null
+++ b/source3/aparser/templates/prs_wstring.tpl
@@ -0,0 +1,2 @@
+	if (!io_alloc("@ELEM@", ps, (void **)&il->@ELEM@, sizeof(*(il->@ELEM@))*(il->@ARRAY_LEN@))) goto fail;
+	if (!io_wstring("@ELEM@", ps, depth+1, il->@ELEM@,	il->@ARRAY_LEN@, @FLAGS@)) goto fail;
diff --git a/source3/aparser/templates/prs_wstring_fixed.tpl b/source3/aparser/templates/prs_wstring_fixed.tpl
new file mode 100644
index 0000000000..e33f7c3d5d
--- /dev/null
+++ b/source3/aparser/templates/prs_wstring_fixed.tpl
@@ -0,0 +1,2 @@
+	if (!io_alloc("@ELEM@", ps, (void **)&il->@ELEM@, sizeof(*(il->@ELEM@))*(@ARRAY_LEN@))) goto fail;
+	if (!io_wstring("@ELEM@", ps, depth+1, il->@ELEM@,	@ARRAY_LEN@, @FLAGS@)) goto fail;
diff --git a/source3/aparser/templates/union_end.tpl b/source3/aparser/templates/union_end.tpl
new file mode 100644
index 0000000000..511adbcf60
--- /dev/null
+++ b/source3/aparser/templates/union_end.tpl
@@ -0,0 +1,5 @@
+		default:
+			DEBUG(5,("No handler for case %d in @FUNCNAME@\n",
+				 (int)il->@SWITCH@));
+			goto fail;
+	}
diff --git a/source3/aparser/templates/union_start.tpl b/source3/aparser/templates/union_start.tpl
new file mode 100644
index 0000000000..aa052be697
--- /dev/null
+++ b/source3/aparser/templates/union_start.tpl
@@ -0,0 +1 @@
+	switch (il->@SWITCH@) {
diff --git a/source3/aparser/token.awk b/source3/aparser/token.awk
new file mode 100644
index 0000000000..fb2982f077
--- /dev/null
+++ b/source3/aparser/token.awk
@@ -0,0 +1,180 @@
+# tokenise the input file
+
+function parse_error(msg) {
+	printf("PARSE ERROR: %s\nLine "NR" : "$0"\n", msg);
+	exit 1;
+}
+
+# ignore multi-line C comments.
+{
+  if (t = index($0, "/*")) {
+    if (t > 1)
+      tmp = substr($0, 1, t - 1)
+    else
+      tmp = ""
+    u = index(substr($0, t + 2), "*/")
+    while (u == 0) {
+      getline
+      t = -1
+      u = index($0, "*/")
+    }
+    if (u <= length($0) - 2)
+      $0 = tmp substr($0, t + u + 3)
+    else
+      $0 = tmp
+  }
+}
+
+# ignore blank lines
+/^[ \t]*$/ {
+	next;
+}
+
+/^\#define.*/ {
+	split($0,a,"[ \t;]*");
+	parse_define(a[2], a[3]);
+	next;
+}
+
+# ignore comments
+/^[ \t]*\#/ {
+	next;
+}
+
+/^[ \t]*module/ {
+	{if (module!="") parse_error("you can only specify one module name");}
+	start_module($2);
+	next;
+}
+
+{if (module=="") parse_error("you must specify the module name first");}
+
+/^[ \t]*option/ {
+	set_option($2, $3);
+	next;
+}
+
+/^[ \t]*typedef struct.*\{/ {
+	{if (current_struct!="") parse_error("you cannot have nested structures");}
+	start_struct($3);
+	next;
+}
+
+/^[ \t]*struct.*\{/ {
+	{if (current_struct!="") parse_error("you cannot have nested structures");}
+	start_struct($2);
+	next;
+}
+
+/^[ \t]*typedef union.*\{/ {
+	{if (current_struct!="") parse_error("this cannot appear inside a structure");}
+	split($0,a,"[ \t;()]*");
+	start_union_encap(a[4], a[6], a[7], a[8]);
+	next;
+}
+
+/^[ \t]*void.*\(/ {
+	{if (current_struct!="") parse_error("you cannot have nested structures");}
+	split($0,a,"[ \t;()]*");
+	start_function(a[2], a[3]);
+	return_result="void";
+	next;
+}
+
+/^[ \t]*STATUS.*\(|^[ \t]*void.*\(/ {
+	{if (current_struct!="") parse_error("you cannot have nested structures");}
+	split($0,a,"[ \t;()]*");
+	start_function(a[2], a[3]);
+	return_result="STATUS";
+	next;
+}
+
+{if (current_struct=="") parse_error("this must appear inside a structure");}
+
+/^[ \t]*union.*\{/ {
+	{if (current_union!="") parse_error("you cannot have nested unions");}
+	start_union($2);
+	next;
+}
+
+/^[ \t]*\[switch_is.*union.*\{/ {
+	{if (current_union!="") parse_error("you cannot have nested unions");}
+	split($0,a,"[ \t;()]*");
+	start_union_notencap(a[3]);
+	next;
+}
+
+/^[ \t]*case.*;/ {
+	{if (current_union=="") parse_error("this must appear inide a union");}
+	split($0,a,"[ \t;]*");
+	parse_case(a[3],a[4],a[5]);
+	next;
+}
+
+/^[ \t]*\[case(.*)\].*;/ {
+	{if (current_union=="") parse_error("this must appear inide a union");}
+	split($0,a,"[ \t;()[\]]*");
+	parse_case(a[6],a[8],a[9]);
+	next;
+}
+
+/^[ \t]*\}$/ {
+	{if (current_union=="") parse_error("this must appear inside a union");}
+	end_union("");
+	next;
+}
+
+/^[ \t]*\} .*;/ {
+	if (current_union!="") {
+		split($2,a,"[ \t;]*");
+		end_union(a[1]);
+		next;
+	}
+}
+
+{if (current_union!="") parse_error("this cannot appear inside a union");}
+
+/^[ \t]*\};/ {
+	end_struct("");
+	next;
+}
+
+/^[ \t]*\} .*;/ {
+	split($2,a,"[ \t;]*");
+	end_struct(a[1]);
+	next;
+}
+
+/^[ \t]*\);/ {
+	end_function();
+	return_result="";
+	next;
+}
+
+/^.*size_is.*\*.*;/ {
+	split($0,a,"[ \t;()]*");
+	add_sizeis_array(a[3], a[5], a[6]);
+	next;
+}
+
+/^.*;/ {
+	split($0,a,"[ \t;]*");
+	add_struct_elem(a[2], a[3]);
+	next;
+}
+
+/^[\t ]*void/ {
+	next;
+}
+
+/^[ \t]*\[.*\].*/ {
+	split($0,a,"[ \t;]*");
+	split(a[4], b, "[,]");
+	add_function_param(a[2], a[3], b[1]);
+	next;
+}
+
+{
+	parse_error("Unknown construct.");
+}
+
diff --git a/source3/aparser/util.awk b/source3/aparser/util.awk
new file mode 100644
index 0000000000..6c5594da68
--- /dev/null
+++ b/source3/aparser/util.awk
@@ -0,0 +1,39 @@
+function isaptr(elem) 
+{
+	if (substr(elem, 1, 1) == "*") {
+		return 1;
+	}
+	return 0;
+}
+
+function noptr(elem) 
+{
+	if (!isaptr(elem)) return elem;
+	return substr(elem, 2);
+}
+
+function xprintf(f, fmt, v1, v2, v3, v4, v5, v6, v7)
+{
+	printf(fmt, v1, v2, v3, v4, v5, v6) > f;
+}
+
+function fatal(why)
+{
+	printf("FATAL: %s\n", why);
+	exit 1;
+}
+
+function numlines(fname,
+		  LOCAL, line, count)
+{
+	count=0;
+	while ((getline line < fname) > 0) count++;
+	close(fname);
+	return count;
+}
+
+# return 1 if the string is a constant
+function is_constant(s) 
+{
+    return match(s,"^[0-9]+$");
+}
diff --git a/source3/aparser/util.c b/source3/aparser/util.c
new file mode 100644
index 0000000000..ffa84dbfab
--- /dev/null
+++ b/source3/aparser/util.c
@@ -0,0 +1,112 @@
+#include "parser.h"
+
+
+/*******************************************************************
+ Count the number of characters (not bytes) in a unicode string.
+********************************************************************/
+size_t strlen_w(void *src)
+{
+	size_t len;
+
+	for (len = 0; SVAL(src, len*2); len++) ;
+
+	return len;
+}
+
+/****************************************************************************
+expand a pointer to be a particular size
+****************************************************************************/
+void *Realloc(void *p,size_t size)
+{
+  void *ret=NULL;
+
+  if (size == 0) {
+    if (p) free(p);
+    DEBUG(5,("Realloc asked for 0 bytes\n"));
+    return NULL;
+  }
+
+  if (!p)
+    ret = (void *)malloc(size);
+  else
+    ret = (void *)realloc(p,size);
+
+  if (!ret)
+    DEBUG(0,("Memory allocation error: failed to expand to %d bytes\n",(int)size));
+
+  return(ret);
+}
+
+
+char *tab_depth(int depth)
+{
+	static pstring spaces;
+	memset(spaces, ' ', depth * 4);
+	spaces[depth * 4] = 0;
+	return spaces;
+}
+
+void print_asc(int level, uchar const *buf, int len)
+{
+	int i;
+	for (i = 0; i < len; i++)
+	{
+		DEBUGADD(level, ("%c", isprint(buf[i]) ? buf[i] : '.'));
+	}
+}
+
+void dump_data(int level, char *buf1, int len)
+{
+	uchar const *buf = (uchar const *)buf1;
+	int i = 0;
+	if (buf == NULL)
+	{
+		DEBUG(level, ("dump_data: NULL, len=%d\n", len));
+		return;
+	}
+	if (len < 0)
+		return;
+	if (len == 0)
+	{
+		DEBUG(level, ("\n"));
+		return;
+	}
+
+	DEBUG(level, ("[%03X] ", i));
+	for (i = 0; i < len;)
+	{
+		DEBUGADD(level, ("%02X ", (int)buf[i]));
+		i++;
+		if (i % 8 == 0)
+			DEBUGADD(level, (" "));
+		if (i % 16 == 0)
+		{
+			print_asc(level, &buf[i - 16], 8);
+			DEBUGADD(level, (" "));
+			print_asc(level, &buf[i - 8], 8);
+			DEBUGADD(level, ("\n"));
+			if (i < len)
+				DEBUGADD(level, ("[%03X] ", i));
+		}
+	}
+
+	if (i % 16 != 0)	/* finish off a non-16-char-length row */
+	{
+		int n;
+
+		n = 16 - (i % 16);
+		DEBUGADD(level, (" "));
+		if (n > 8)
+			DEBUGADD(level, (" "));
+		while (n--)
+			DEBUGADD(level, ("   "));
+
+		n = MIN(8, i % 16);
+		print_asc(level, &buf[i - (i % 16)], n);
+		DEBUGADD(level, (" "));
+		n = (i % 16) - n;
+		if (n > 0)
+			print_asc(level, &buf[i - n], n);
+		DEBUGADD(level, ("\n"));
+	}
+}
diff --git a/source3/aparser/vluke.c b/source3/aparser/vluke.c
new file mode 100644
index 0000000000..d3868f2753
--- /dev/null
+++ b/source3/aparser/vluke.c
@@ -0,0 +1,41 @@
+#include "parser.h"
+#include "test.h"
+
+int main(int argc, char *argv[])
+{
+	BOOL ret;
+	char *fname, *test;
+	int fd;	
+	struct stat st;
+	io_struct ps;
+
+	if (argc < 3) {
+		printf("usage: vluke <structure> <file>\n");
+		exit(1);
+	}
+
+	test = argv[1];
+	fname = argv[2];
+
+	fd = open(fname,O_RDONLY);
+	if (fd == -1) {
+	  perror(fname);
+	  exit(1);
+	}
+	fstat(fd, &st);
+
+	io_init(&ps, 0, MARSHALL);
+	ps.is_dynamic=True;
+	io_read(&ps, fd, st.st_size, 0);
+	ps.data_offset = 0;	
+	ps.buffer_size = ps.grow_size;
+	ps.io = UNMARSHALL;
+	ps.autoalign = OPTION_autoalign;
+	ret = run_test(test, &ps, PARSE_SCALARS|PARSE_BUFFERS);
+	printf("\nret=%s\n", ret?"OK":"Bad");
+	printf("Trailer is %d bytes\n\n", ps.grow_size - ps.data_offset);
+	if (ps.grow_size - ps.data_offset > 0) {
+		dump_data(0, ps.data_p + ps.data_offset, ps.grow_size - ps.data_offset);
+	}
+	return !ret;
+}
diff --git a/source3/architecture.doc b/source3/architecture.doc
new file mode 100644
index 0000000000..eb29792bea
--- /dev/null
+++ b/source3/architecture.doc
@@ -0,0 +1,134 @@
+Samba Architecture
+------------------
+
+First preliminary version Dan Shearer Nov 97
+Quickly scrabbled together from odd bits of mail and memory. Please update.
+
+This document gives a general overview of how Samba works
+internally. The Samba Team has tried to come up with a model which is
+the best possible compromise between elegance, portability, security
+and the constraints imposed by the very messy SMB and CIFS
+protocol. 
+
+It also tries to answer some of the frequently asked questions such as:
+
+	* 	Is Samba secure when running on Unix? The xyz platform?
+		What about the root priveliges issue?
+
+	*	Pros and cons of multithreading in various parts of Samba
+
+	*	Why not have a separate process for name resolution, WINS,
+		and browsing?
+
+
+Multithreading and Samba
+------------------------
+
+People sometimes tout threads as a uniformly good thing. They are very
+nice in their place but are quite inappropriate for smbd. nmbd is
+another matter, and multi-threading it would be very nice. 
+
+The short version is that smbd is not multithreaded, and alternative
+servers that take this approach under Unix (such as Syntax, at the
+time of writing) suffer tremendous performance penalties and are less
+robust. nmbd is not threaded either, but this is because it is not
+possible to do it while keeping code consistent and portable across 35
+or more platforms. (This drawback also applies to threading smbd.)
+
+The longer versions is that there are very good reasons for not making
+smbd multi-threaded.  Multi-threading would actually make Samba much
+slower, less scalable, less portable and much less robust. The fact
+that we use a separate process for each connection is one of Samba's
+biggest advantages.
+
+Threading smbd
+--------------
+
+A few problems that would arise from a threaded smbd are:
+
+0)  It's not only to create threads instead of processes, but you
+    must care about all variables if they have to be thread specific
+    (currently they would be global).
+
+1) if one thread dies (eg. a seg fault) then all threads die. We can
+immediately throw robustness out the window.
+
+2) many of the system calls we make are blocking. Non-blocking
+equivalents of many calls are either not available or are awkward (and
+slow) to use. So while we block in one thread all clients are
+waiting. Imagine if one share is a slow NFS filesystem and the others
+are fast, we will end up slowing all clients to the speed of NFS.
+
+3) you can't run as a different uid in different threads. This means
+we would have to switch uid/gid on _every_ SMB packet. It would be
+horrendously slow.
+
+4) the per process file descriptor limit would mean that we could only
+support a limited number of clients.
+
+5) we couldn't use the system locking calls as the locking context of
+fcntl() is a process, not a thread.
+
+Threading nmbd
+--------------
+
+This would be ideal, but gets sunk by portability requirements.
+
+Andrew tried to write a test threads library for nmbd that used only
+ansi-C constructs (using setjmp and longjmp). Unfortunately some OSes
+defeat this by restricting longjmp to calling addresses that are
+shallower than the current address on the stack (apparently AIX does
+this). This makes a truly portable threads library impossible. So to
+support all our current platforms we would have to code nmbd both with
+and without threads, and as the real aim of threads is to make the
+code clearer we would not have gained anything. (it is a myth that
+threads make things faster. threading is like recursion, it can make
+things clear but the same thing can always be done faster by some
+other method)
+
+Chris tried to spec out a general design that would abstract threading
+vs separate processes (vs other methods?) and make them accessible
+through some general API. This doesn't work because of the data
+sharing requirements of the protocol (packets in the future depending
+on packets now, etc.) At least, the code would work but would be very
+clumsy, and besides the fork() type model would never work on Unix. (Is there an OS that it would work on, for nmbd?)
+
+A fork() is cheap, but not nearly cheap enough to do on every UDP
+packet that arrives. Having a pool of processes is possible but is
+nasty to program cleanly due to the enormous amount of shared data (in
+complex structures) between the processes. We can't rely on each
+platform having a shared memory system.
+
+nbmd Design
+-----------
+
+Originally Andrew used recursion to simulate a multi-threaded
+environment, which use the stack enormously and made for really
+confusing debugging sessions. Luke Leighton rewrote it to use a
+queuing system that keeps state information on each packet.  The
+first version used a single structure which was used by all the
+pending states.  As the initialisation of this structure was
+done by adding arguments, as the functionality developed, it got
+pretty messy.  So, it was replaced with a higher-order function
+and a pointer to a user-defined memory block.  This suddenly
+made things much simpler: large numbers of functions could be
+made static, and modularised.  This is the same principle as used
+in NT's kernel, and achieves the same effect as threads, but in
+a single process.
+
+Then Jeremy rewrote nmbd. The packet data in nmbd isn't what's on the
+wire. It's a nice format that is very amenable to processing but still
+keeps the idea of a distinct packet. See "struct packet_struct" in
+nameserv.h.  It has all the detail but none of the on-the-wire
+mess. This makes it ideal for using in disk or memory-based databases
+for browsing and WINS support. 
+
+nmbd now consists of a series of modules. It...
+
+
+Samba Design and Security
+-------------------------
+
+Why Isn't nmbd Multiple Daemons?
+--------------------------------
+
diff --git a/source3/auth/auth.c b/source3/auth/auth.c
new file mode 100644
index 0000000000..c7b9fcc1d8
--- /dev/null
+++ b/source3/auth/auth.c
@@ -0,0 +1,456 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Password and authentication handling
+   Copyright (C) Andrew Bartlett         2001-2002
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/** List of various built-in authenticaion modules */
+
+const struct auth_init_function builtin_auth_init_functions[] = {
+	{ "guest", auth_init_guest },
+	{ "rhosts", auth_init_rhosts },
+	{ "hostsequiv", auth_init_hostsequiv },
+	{ "sam", auth_init_sam },	
+	{ "samstrict", auth_init_samstrict },
+	{ "unix", auth_init_unix },
+	{ "smbserver", auth_init_smbserver },
+	{ "ntdomain", auth_init_ntdomain },
+	{ "trustdomain", auth_init_trustdomain },
+	{ "winbind", auth_init_winbind },
+#ifdef DEVELOPER
+	{ "name_to_ntstatus", auth_init_name_to_ntstatus },
+#endif
+	{ NULL, NULL}
+};
+
+/****************************************************************************
+ Try to get a challenge out of the various authenticaion modules.
+ Returns a const char of length 8 bytes.
+****************************************************************************/
+
+static const uint8 *get_ntlm_challenge(struct auth_context *auth_context) 
+{
+	DATA_BLOB challenge = data_blob(NULL, 0);
+	char *challenge_set_by = NULL;
+	auth_methods *auth_method;
+	TALLOC_CTX *mem_ctx;
+
+	if (auth_context->challenge.length) {
+		DEBUG(5, ("get_ntlm_challenge (auth subsystem): returning previous challenge (normal)\n"));
+		return auth_context->challenge.data;
+	}
+
+	for (auth_method = auth_context->auth_method_list; auth_method; auth_method = auth_method->next)
+	{
+		if (auth_method->get_chal == NULL) {
+			DEBUG(5, ("auth_get_challenge: module %s did not want to specify a challenge\n", auth_method->name));
+			continue;
+		}
+
+		DEBUG(5, ("auth_get_challenge: getting challenge from module %s\n", auth_method->name));
+		if (challenge_set_by != NULL) {
+			DEBUG(1, ("auth_get_challenge: CONFIGURATION ERROR: authenticaion method %s has already specified a challenge.  Challenge by %s ignored.\n", 
+				  challenge_set_by, auth_method->name));
+			continue;
+		}
+
+		mem_ctx = talloc_init_named("auth_get_challenge for module %s", auth_method->name);
+		if (!mem_ctx) {
+			smb_panic("talloc_init_named() failed!");
+		}
+		
+		challenge = auth_method->get_chal(auth_context, &auth_method->private_data, mem_ctx);
+		if (!challenge.length) {
+			DEBUG(3, ("auth_get_challenge: getting challenge from authenticaion method %s FAILED.\n", 
+				  auth_method->name));
+		} else {
+			DEBUG(5, ("auth_get_challenge: sucessfully got challenge from module %s\n", auth_method->name));
+			auth_context->challenge = challenge;
+			challenge_set_by = auth_method->name;
+			auth_context->challenge_set_method = auth_method;
+		}
+		talloc_destroy(mem_ctx);
+	}
+	
+	if (!challenge_set_by) {
+		uchar chal[8];
+		
+		generate_random_buffer(chal, sizeof(chal), False);
+		auth_context->challenge = data_blob_talloc(auth_context->mem_ctx, 
+							   chal, sizeof(chal));
+		
+		challenge_set_by = "random";
+	} 
+	
+	DEBUG(5, ("auth_context challenge created by %s\n", challenge_set_by));
+	DEBUG(5, ("challenge is: \n"));
+	dump_data(5, auth_context->challenge.data, auth_context->challenge.length);
+	
+	SMB_ASSERT(auth_context->challenge.length == 8);
+
+	auth_context->challenge_set_by=challenge_set_by;
+
+	return auth_context->challenge.data;
+}
+
+
+/**
+ * Check user is in correct domain (if required)
+ *
+ * @param user Only used to fill in the debug message
+ * 
+ * @param domain The domain to be verified
+ *
+ * @return True if the user can connect with that domain, 
+ *         False otherwise.
+**/
+
+static BOOL check_domain_match(const char *user, const char *domain) 
+{
+	/*
+	 * If we aren't serving to trusted domains, we must make sure that
+	 * the validation request comes from an account in the same domain
+	 * as the Samba server
+	 */
+
+	if (!lp_allow_trusted_domains() &&
+	    !(strequal("", domain) || 
+	      strequal(lp_workgroup(), domain) || 
+	      is_netbios_alias_or_name(domain))) {
+		DEBUG(1, ("check_domain_match: Attempt to connect as user %s from domain %s denied.\n", user, domain));
+		return False;
+	} else {
+		return True;
+	}
+}
+
+/**
+ * Check a user's Plaintext, LM or NTLM password.
+ *
+ * Check a user's password, as given in the user_info struct and return various
+ * interesting details in the server_info struct.
+ *
+ * This function does NOT need to be in a become_root()/unbecome_root() pair
+ * as it makes the calls itself when needed.
+ *
+ * The return value takes precedence over the contents of the server_info 
+ * struct.  When the return is other than NT_STATUS_OK the contents 
+ * of that structure is undefined.
+ *
+ * @param user_info Contains the user supplied components, including the passwords.
+ *                  Must be created with make_user_info() or one of its wrappers.
+ *
+ * @param auth_info Supplies the challenges and some other data. 
+ *                  Must be created with make_auth_info(), and the challenges should be 
+ *                  filled in, either at creation or by calling the challenge geneation 
+ *                  function auth_get_challenge().  
+ *
+ * @param server_info If successful, contains information about the authenticaion, 
+ *                    including a SAM_ACCOUNT struct describing the user.
+ *
+ * @return An NTSTATUS with NT_STATUS_OK or an appropriate error.
+ *
+ **/
+
+static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
+				    const struct auth_usersupplied_info *user_info, 
+				    struct auth_serversupplied_info **server_info)
+{
+	
+	NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
+	const char *pdb_username;
+	auth_methods *auth_method;
+	TALLOC_CTX *mem_ctx;
+
+	if (!user_info || !auth_context || !server_info) {
+		return NT_STATUS_LOGON_FAILURE;
+	}
+
+	DEBUG(3, ("check_password:  Checking password for unmapped user [%s]\\[%s]@[%s] with the new password interface\n", 
+		  user_info->client_domain.str, user_info->smb_name.str, user_info->wksta_name.str));
+
+	DEBUG(3, ("check_password:  mapped user is: [%s]\\[%s]@[%s]\n", 
+		  user_info->domain.str, user_info->internal_username.str, user_info->wksta_name.str));
+	if (auth_context->challenge_set_by) {
+		DEBUG(10, ("auth_context challenge created by %s\n", auth_context->challenge_set_by));
+	}
+	DEBUG(10, ("challenge is: \n"));
+	dump_data(5, auth_context->challenge.data, auth_context->challenge.length);
+
+#ifdef DEBUG_PASSWORD
+	DEBUG(100, ("user_info has passwords of length %d and %d\n", 
+		    user_info->lm_resp.length, user_info->nt_resp.length));
+	DEBUG(100, ("lm:\n"));
+	dump_data(100, user_info->lm_resp.data, user_info->lm_resp.length);
+	DEBUG(100, ("nt:\n"));
+	dump_data(100, user_info->nt_resp.data, user_info->nt_resp.length);
+#endif
+
+	/* This needs to be sorted:  If it doesn't match, what should we do? */
+  	if (!check_domain_match(user_info->smb_name.str, user_info->domain.str)) {
+		return NT_STATUS_LOGON_FAILURE;
+	}
+
+	for (auth_method = auth_context->auth_method_list;auth_method; auth_method = auth_method->next)
+	{
+		mem_ctx = talloc_init_named("%s authentication for user %s\\%s", auth_method->name, 
+					    user_info->domain.str, user_info->smb_name.str);
+
+		nt_status = auth_method->auth(auth_context, auth_method->private_data, mem_ctx, user_info, server_info);
+		if (NT_STATUS_IS_OK(nt_status)) {
+			DEBUG(3, ("check_password: %s authentication for user [%s] suceeded\n", 
+				  auth_method->name, user_info->smb_name.str));
+		} else {
+			DEBUG(5, ("check_password: %s authentication for user [%s] FAILED with error %s\n", 
+				  auth_method->name, user_info->smb_name.str, nt_errstr(nt_status)));
+		}
+
+		talloc_destroy(mem_ctx);
+
+		if (NT_STATUS_IS_OK(nt_status)) {
+			break;
+		}
+	}
+
+	/* This is one of the few places the *relies* (rather than just sets defaults
+	   on the value of lp_security().  This needs to change.  A new paramater 
+	   perhaps? */
+	if (lp_security() >= SEC_SERVER) {
+		smb_user_control(user_info, *server_info, nt_status);
+	}
+
+	if (NT_STATUS_IS_OK(nt_status)) {
+		pdb_username = pdb_get_username((*server_info)->sam_account);
+		if (!(*server_info)->guest) {
+			/* We might not be root if we are an RPC call */
+			become_root();
+			nt_status = smb_pam_accountcheck(pdb_username);
+			unbecome_root();
+			
+			if (NT_STATUS_IS_OK(nt_status)) {
+				DEBUG(5, ("check_password:  PAM Account for user [%s] suceeded\n", 
+					  pdb_username));
+			} else {
+				DEBUG(3, ("check_password:  PAM Account for user [%s] FAILED with error %s\n", 
+					  pdb_username, nt_errstr(nt_status)));
+			} 
+		}
+		
+		if (NT_STATUS_IS_OK(nt_status)) {
+			DEBUG((*server_info)->guest ? 5 : 2, 
+			      ("check_password:  %sauthenticaion for user [%s] -> [%s] -> [%s] suceeded\n", 
+			       (*server_info)->guest ? "guest " : "", 
+			       user_info->smb_name.str, 
+			       user_info->internal_username.str, 
+			       pdb_username));
+		}
+	}
+
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		DEBUG(2, ("check_password:  Authenticaion for user [%s] -> [%s] FAILED with error %s\n", 
+			  user_info->smb_name.str, user_info->internal_username.str, 
+			  nt_errstr(nt_status)));
+		ZERO_STRUCTP(server_info);
+	}
+	return nt_status;
+}
+
+/***************************************************************************
+ Clear out a auth_context, and destroy the attached TALLOC_CTX
+***************************************************************************/
+
+static void free_auth_context(struct auth_context **auth_context)
+{
+	if (*auth_context != NULL) {
+		talloc_destroy((*auth_context)->mem_ctx);
+	}
+	*auth_context = NULL;
+}
+
+/***************************************************************************
+ Make a auth_info struct
+***************************************************************************/
+
+static NTSTATUS make_auth_context(struct auth_context **auth_context) 
+{
+	TALLOC_CTX *mem_ctx;
+
+	mem_ctx = talloc_init_named("authentication context");
+	
+	*auth_context = talloc(mem_ctx, sizeof(**auth_context));
+	if (!*auth_context) {
+		DEBUG(0,("make_auth_context: talloc failed!\n"));
+		talloc_destroy(mem_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+	ZERO_STRUCTP(*auth_context);
+
+	(*auth_context)->mem_ctx = mem_ctx;
+	(*auth_context)->check_ntlm_password = check_ntlm_password;
+	(*auth_context)->get_ntlm_challenge = get_ntlm_challenge;
+	(*auth_context)->free = free_auth_context;
+	
+	return NT_STATUS_OK;
+}
+
+/***************************************************************************
+ Make a auth_info struct for the auth subsystem
+***************************************************************************/
+
+static NTSTATUS make_auth_context_text_list(struct auth_context **auth_context, char **text_list) 
+{
+	auth_methods *list = NULL;
+	auth_methods *t = NULL;
+	auth_methods *tmp;
+	int i;
+	NTSTATUS nt_status;
+
+	if (!text_list) {
+		DEBUG(2,("No auth method list!?\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+	
+	if (!NT_STATUS_IS_OK(nt_status = make_auth_context(auth_context))) {
+		return nt_status;
+	}
+	
+	for (;*text_list; text_list++)
+	{ 
+		DEBUG(5,("Attempting to find an auth method to match %s\n", *text_list));
+		for (i = 0; builtin_auth_init_functions[i].name; i++)
+		{
+			if (strequal(builtin_auth_init_functions[i].name, *text_list))
+			{
+				DEBUG(5,("Found auth method %s (at pos %d)\n", *text_list, i));
+				if (builtin_auth_init_functions[i].init(*auth_context, &t)) {
+					DEBUG(5,("auth method %s has a valid init\n", *text_list));
+					t->name = builtin_auth_init_functions[i].name;
+					DLIST_ADD_END(list, t, tmp);
+				} else {
+					DEBUG(0,("auth method %s did not correctly init\n", *text_list));
+				}
+				break;
+			}
+		}
+	}
+	
+	(*auth_context)->auth_method_list = list;
+	
+	return nt_status;
+}
+
+/***************************************************************************
+ Make a auth_context struct for the auth subsystem
+***************************************************************************/
+
+NTSTATUS make_auth_context_subsystem(struct auth_context **auth_context) 
+{
+	char **auth_method_list = NULL; 
+	NTSTATUS nt_status;
+
+	if (lp_auth_methods() && !lp_list_copy(&auth_method_list, lp_auth_methods())) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (auth_method_list == NULL) {
+		switch (lp_security()) 
+		{
+		case SEC_DOMAIN:
+			DEBUG(5,("Making default auth method list for security=domain\n"));
+			auth_method_list = lp_list_make("guest samstrict ntdomain");
+			break;
+		case SEC_SERVER:
+			DEBUG(5,("Making default auth method list for security=server\n"));
+			auth_method_list = lp_list_make("guest samstrict smbserver");
+			break;
+		case SEC_USER:
+			if (lp_encrypted_passwords()) {	
+				DEBUG(5,("Making default auth method list for security=user, encrypt passwords = yes\n"));
+				auth_method_list = lp_list_make("guest sam");
+			} else {
+				DEBUG(5,("Making default auth method list for security=user, encrypt passwords = no\n"));
+				auth_method_list = lp_list_make("guest unix");
+			}
+			break;
+		case SEC_SHARE:
+			if (lp_encrypted_passwords()) {
+				DEBUG(5,("Making default auth method list for security=share, encrypt passwords = yes\n"));
+				auth_method_list = lp_list_make("guest sam");
+			} else {
+				DEBUG(5,("Making default auth method list for security=share, encrypt passwords = no\n"));
+				auth_method_list = lp_list_make("guest unix");
+			}
+			break;
+		case SEC_ADS:
+			DEBUG(5,("Making default auth method list for security=ADS\n"));
+			auth_method_list = lp_list_make("guest samstrict ads ntdomain");
+			break;
+		default:
+			DEBUG(5,("Unknown auth method!\n"));
+			return NT_STATUS_UNSUCCESSFUL;
+		}
+	} else {
+		DEBUG(5,("Using specified auth order\n"));
+	}
+	
+	if (!NT_STATUS_IS_OK(nt_status = make_auth_context_text_list(auth_context, auth_method_list))) {
+		lp_list_free(&auth_method_list);
+		return nt_status;
+	}
+	
+	lp_list_free(&auth_method_list);
+	return nt_status;
+}
+
+/***************************************************************************
+ Make a auth_info struct with a random challenge
+***************************************************************************/
+
+NTSTATUS make_auth_context_random(struct auth_context **auth_context) 
+{
+	uchar chal[8];
+	NTSTATUS nt_status;
+	if (!NT_STATUS_IS_OK(nt_status = make_auth_context_subsystem(auth_context))) {
+		return nt_status;
+	}
+	
+	generate_random_buffer(chal, sizeof(chal), False);
+	(*auth_context)->challenge = data_blob(chal, sizeof(chal));
+
+	(*auth_context)->challenge_set_by = "random";
+
+	return nt_status;
+}
+
+/***************************************************************************
+ Make a auth_info struct with a fixed challenge
+***************************************************************************/
+
+NTSTATUS make_auth_context_fixed(struct auth_context **auth_context, uchar chal[8]) 
+{
+	NTSTATUS nt_status;
+	if (!NT_STATUS_IS_OK(nt_status = make_auth_context_subsystem(auth_context))) {
+		return nt_status;
+	}
+	
+	(*auth_context)->challenge = data_blob(chal, 8);
+	return nt_status;
+}
+
+
diff --git a/source3/auth/auth_builtin.c b/source3/auth/auth_builtin.c
new file mode 100644
index 0000000000..6e999b0d14
--- /dev/null
+++ b/source3/auth/auth_builtin.c
@@ -0,0 +1,111 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Generic authenticaion types
+   Copyright (C) Andrew Bartlett              2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/**
+ * Return a guest logon for guest users (username = "")
+ *
+ * Typically used as the first module in the auth chain, this allows
+ * guest logons to be delt with in one place.  Non-gust logons 'fail'
+ * and pass onto the next module.
+ **/
+
+static NTSTATUS check_guest_security(const struct auth_context *auth_context,
+				     void *my_private_data, 
+				     TALLOC_CTX *mem_ctx,
+				     const auth_usersupplied_info *user_info, 
+				     auth_serversupplied_info **server_info)
+{
+	NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
+
+	if (!(user_info->internal_username.str 
+	      && *user_info->internal_username.str)) { 
+		if (make_server_info_guest(server_info)) {
+			nt_status = NT_STATUS_OK;
+		} else {
+			nt_status = NT_STATUS_NO_SUCH_USER;
+		}
+	}
+
+	return nt_status;
+}
+
+/* Guest modules initialisation */
+BOOL auth_init_guest(struct auth_context *auth_context, auth_methods **auth_method) 
+{
+	if (!make_auth_methods(auth_context, auth_method)) {
+		return False;
+	}
+
+	(*auth_method)->auth = check_guest_security;
+	return True;
+}
+
+/** 
+ * Return an error based on username
+ *
+ * This function allows the testing of obsure errors, as well as the generation
+ * of NT_STATUS -> DOS error mapping tables.
+ *
+ * This module is of no value to end-users.
+ *
+ * The password is ignored.
+ *
+ * @return An NTSTATUS value based on the username
+ **/
+
+static NTSTATUS check_name_to_ntstatus_security(const struct auth_context *auth_context,
+						void *my_private_data, 
+						TALLOC_CTX *mem_ctx,
+						const auth_usersupplied_info *user_info, 
+						auth_serversupplied_info **server_info)
+{
+	NTSTATUS nt_status;
+	fstring user;
+	long error_num;
+	fstrcpy(user, user_info->smb_name.str);
+	
+	if (strncasecmp("NT_STATUS", user, strlen("NT_STATUS")) == 0) {
+		strupper(user);
+		return nt_status_string_to_code(user);
+	}
+
+	strlower(user);
+	error_num = strtoul(user, NULL, 16);
+	
+	DEBUG(5,("Error for user %s was %lx\n", user, error_num));
+
+	nt_status = NT_STATUS(error_num);
+	
+	return nt_status;
+}
+
+/** Module initailisation function */
+BOOL auth_init_name_to_ntstatus(struct auth_context *auth_context, auth_methods **auth_method) 
+{
+	if (!make_auth_methods(auth_context, auth_method)) {
+		return False;
+	}
+
+	(*auth_method)->auth = check_name_to_ntstatus_security;
+	return True;
+}
+
diff --git a/source3/auth/auth_compat.c b/source3/auth/auth_compat.c
new file mode 100644
index 0000000000..857cf2b7d9
--- /dev/null
+++ b/source3/auth/auth_compat.c
@@ -0,0 +1,119 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Password and authentication handling
+   Copyright (C) Andrew Bartlett         2001-2002
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/****************************************************************************
+ COMPATIBILITY INTERFACES:
+ ***************************************************************************/
+
+/****************************************************************************
+check if a username/password is OK assuming the password is a 24 byte
+SMB hash
+return True if the password is correct, False otherwise
+****************************************************************************/
+
+NTSTATUS check_plaintext_password(const char *smb_name, DATA_BLOB plaintext_password, auth_serversupplied_info **server_info)
+{
+	struct auth_context *plaintext_auth_context = NULL;
+	auth_usersupplied_info *user_info = NULL;
+	const uint8 *chal;
+	NTSTATUS nt_status;
+	if (!NT_STATUS_IS_OK(nt_status = make_auth_context_subsystem(&plaintext_auth_context))) {
+		return nt_status;
+	}
+	
+	chal = plaintext_auth_context->get_ntlm_challenge(plaintext_auth_context);
+	
+	if (!make_user_info_for_reply(&user_info, 
+				      smb_name, lp_workgroup(), chal,
+				      plaintext_password)) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	
+	nt_status = plaintext_auth_context->check_ntlm_password(plaintext_auth_context, 
+								user_info, server_info); 
+	
+	(plaintext_auth_context->free)(&plaintext_auth_context);
+	free_user_info(&user_info);
+	return nt_status;
+}
+
+static NTSTATUS pass_check_smb(const char *smb_name,
+			       const char *domain, 
+			       DATA_BLOB lm_pwd,
+			       DATA_BLOB nt_pwd,
+			       DATA_BLOB plaintext_password,
+			       BOOL encrypted)
+
+{
+	NTSTATUS nt_status;
+	extern struct auth_context *negprot_global_auth_context;
+	auth_serversupplied_info *server_info = NULL;
+	if (encrypted) {		
+		auth_usersupplied_info *user_info = NULL;
+		make_user_info_for_reply_enc(&user_info, smb_name, 
+					     domain,
+					     lm_pwd, 
+					     nt_pwd);
+		nt_status = negprot_global_auth_context->check_ntlm_password(negprot_global_auth_context, 
+									     user_info, &server_info);
+		free_user_info(&user_info);
+	} else {
+		nt_status = check_plaintext_password(smb_name, plaintext_password, &server_info);
+	}		
+	free_server_info(&server_info);
+	return nt_status;
+}
+
+/****************************************************************************
+check if a username/password pair is ok via the auth subsystem.
+return True if the password is correct, False otherwise
+****************************************************************************/
+BOOL password_ok(char *smb_name, DATA_BLOB password_blob)
+{
+
+	DATA_BLOB null_password = data_blob(NULL, 0);
+	extern BOOL global_encrypted_passwords_negotiated;
+	BOOL encrypted = (global_encrypted_passwords_negotiated && password_blob.length == 24);
+	
+	if (encrypted) {
+		/* 
+		 * The password could be either NTLM or plain LM.  Try NTLM first, 
+		 * but fall-through as required.
+		 * NTLMv2 makes no sense here.
+		 */
+		if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), null_password, password_blob, null_password, encrypted))) {
+			return True;
+		}
+		
+		if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), password_blob, null_password, null_password, encrypted))) {
+			return True;
+		}
+	} else {
+		if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), null_password, null_password, password_blob, encrypted))) {
+			return True;
+		}
+	}
+
+	return False;
+}
+
+
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
new file mode 100644
index 0000000000..af353ef812
--- /dev/null
+++ b/source3/auth/auth_domain.c
@@ -0,0 +1,571 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Authenticate against a remote domain
+   Copyright (C) Andrew Tridgell 1992-1998
+   Copyright (C) Andrew Bartlett 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+BOOL global_machine_password_needs_changing = False;
+
+extern pstring global_myname;
+extern userdom_struct current_user_info;
+
+/**
+ * Connect to a remote server for domain security authenticaion.
+ *
+ * @param cli the cli to return containing the active connection
+ * @param server either a machine name or text IP address to
+ *               connect to.
+ * @param trust_password the trust password to establish the
+ *                       credentials with.
+ *
+ **/
+
+static NTSTATUS connect_to_domain_password_server(struct cli_state **cli, 
+						  const char *server, 
+						  const char *setup_creds_as,
+						  uint16 sec_chan,
+						  const unsigned char *trust_passwd)
+{
+	struct in_addr dest_ip;
+	fstring remote_machine;
+        NTSTATUS result;
+
+	if (is_ipaddress(server)) {
+		struct in_addr to_ip;
+	  
+		/* we shouldn't have 255.255.255.255 forthe IP address of 
+		   a password server anyways */
+		if ((to_ip.s_addr=inet_addr(server)) == 0xFFFFFFFF) {
+			DEBUG (0,("connect_to_domain_password_server: inet_addr(%s) returned 0xFFFFFFFF!\n", server));
+			return NT_STATUS_UNSUCCESSFUL;
+		}
+
+		if (!name_status_find("*", 0x20, 0x20, to_ip, remote_machine)) {
+			DEBUG(0, ("connect_to_domain_password_server: Can't "
+				  "resolve name for IP %s\n", server));
+			return NT_STATUS_UNSUCCESSFUL;
+		}
+	} else {
+		fstrcpy(remote_machine, server);
+	}
+
+	standard_sub_basic(current_user_info.smb_name, remote_machine);
+	strupper(remote_machine);
+
+	if(!resolve_name( remote_machine, &dest_ip, 0x20)) {
+		DEBUG(1,("connect_to_domain_password_server: Can't resolve address for %s\n", remote_machine));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+  
+	if (ismyip(dest_ip)) {
+		DEBUG(1,("connect_to_domain_password_server: Password server loop - not using password server %s\n",
+			 remote_machine));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+  
+	/* TODO: Send a SAMLOGON request to determine whether this is a valid
+	   logonserver.  We can avoid a 30-second timeout if the DC is down
+	   if the SAMLOGON request fails as it is only over UDP. */
+
+	/* we use a mutex to prevent two connections at once - when a NT PDC gets
+	   two connections where one hasn't completed a negprot yet it will send a 
+	   TCP reset to the first connection (tridge) */
+	if (!message_named_mutex(server, 20)) {
+		DEBUG(1,("connect_to_domain_password_server: domain mutex failed for %s\n", server));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+	
+	/* Attempt connection */
+	result = cli_full_connection(cli, global_myname, server,
+				     &dest_ip, 0, "IPC$", "IPC", "", "", "", 0);
+
+	message_named_mutex_release(server);
+	
+	if (!NT_STATUS_IS_OK(result)) {
+		return result;
+	}
+
+	/*
+	 * We now have an anonymous connection to IPC$ on the domain password server.
+	 */
+
+	/*
+	 * Even if the connect succeeds we need to setup the netlogon
+	 * pipe here. We do this as we may just have changed the domain
+	 * account password on the PDC and yet we may be talking to
+	 * a BDC that doesn't have this replicated yet. In this case
+	 * a successful connect to a DC needs to take the netlogon connect
+	 * into account also. This patch from "Bjart Kvarme" <bjart.kvarme@usit.uio.no>.
+	 */
+
+	if(cli_nt_session_open(*cli, PIPE_NETLOGON) == False) {
+		DEBUG(0,("connect_to_domain_password_server: unable to open the domain client session to \
+machine %s. Error was : %s.\n", remote_machine, cli_errstr(*cli)));
+		cli_nt_session_close(*cli);
+		cli_ulogoff(*cli);
+		cli_shutdown(*cli);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	snprintf((*cli)->mach_acct, sizeof((*cli)->mach_acct) - 1, "%s$", setup_creds_as);
+
+	if (!(*cli)->mach_acct) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	result = new_cli_nt_setup_creds(*cli, sec_chan, trust_passwd);
+
+        if (!NT_STATUS_IS_OK(result)) {
+		DEBUG(0,("connect_to_domain_password_server: unable to setup the PDC credentials to machine \
+%s. Error was : %s.\n", remote_machine, nt_errstr(result)));
+		cli_nt_session_close(*cli);
+		cli_ulogoff(*cli);
+		cli_shutdown(*cli);
+		return result;
+	}
+
+	return NT_STATUS_OK;
+}
+
+/***********************************************************************
+ Utility function to attempt a connection to an IP address of a DC.
+************************************************************************/
+
+static NTSTATUS attempt_connect_to_dc(struct cli_state **cli, 
+				      const char *domain, 
+				      struct in_addr *ip, 
+				      const char *setup_creds_as, 
+				      uint16 sec_chan,
+				      const unsigned char *trust_passwd)
+{
+	fstring dc_name;
+
+	/*
+	 * Ignore addresses we have already tried.
+	 */
+
+	if (is_zero_ip(*ip))
+		return NT_STATUS_UNSUCCESSFUL;
+
+	if (!lookup_dc_name(global_myname, domain, ip, dc_name))
+		return NT_STATUS_UNSUCCESSFUL;
+
+	return connect_to_domain_password_server(cli, dc_name, setup_creds_as, sec_chan, trust_passwd);
+}
+
+/***********************************************************************
+ We have been asked to dynamcially determine the IP addresses of
+ the PDC and BDC's for DOMAIN, and query them in turn.
+************************************************************************/
+static NTSTATUS find_connect_pdc(struct cli_state **cli, 
+				 const char *domain,
+				 const char *setup_creds_as,
+				 uint16 sec_chan,
+				 unsigned char *trust_passwd, 
+				 time_t last_change_time)
+{
+	struct in_addr *ip_list = NULL;
+	int count = 0;
+	int i;
+	NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
+	time_t time_now = time(NULL);
+	BOOL use_pdc_only = False;
+
+	/*
+	 * If the time the machine password has changed
+	 * was less than an hour ago then we need to contact
+	 * the PDC only, as we cannot be sure domain replication
+	 * has yet taken place. Bug found by Gerald (way to go
+	 * Gerald !). JRA.
+	 */
+
+	if (time_now - last_change_time < 3600)
+		use_pdc_only = True;
+
+	if (!get_dc_list(use_pdc_only, domain, &ip_list, &count))
+		return NT_STATUS_UNSUCCESSFUL;
+
+	/*
+	 * Firstly try and contact a PDC/BDC who has the same
+	 * network address as any of our interfaces.
+	 */
+	for(i = 0; i < count; i++) {
+		if(!is_local_net(ip_list[i]))
+			continue;
+
+		if(NT_STATUS_IS_OK(nt_status = 
+				   attempt_connect_to_dc(cli, domain, 
+							 &ip_list[i], setup_creds_as, 
+							 sec_chan, trust_passwd))) 
+			break;
+		
+		zero_ip(&ip_list[i]); /* Tried and failed. */
+	}
+
+	/*
+	 * Secondly try and contact a random PDC/BDC.
+	 */
+	if(!NT_STATUS_IS_OK(nt_status)) {
+		i = (sys_random() % count);
+
+		if (!is_zero_ip(ip_list[i])) {
+			if (!NT_STATUS_IS_OK(nt_status = 
+					     attempt_connect_to_dc(cli, domain, 
+								   &ip_list[i], setup_creds_as, 
+								   sec_chan, trust_passwd)))
+				zero_ip(&ip_list[i]); /* Tried and failed. */
+		}
+	}
+
+	/*
+	 * Finally go through the IP list in turn, ignoring any addresses
+	 * we have already tried.
+	 */
+	if(!NT_STATUS_IS_OK(nt_status)) {
+		/*
+		 * Try and connect to any of the other IP addresses in the PDC/BDC list.
+		 * Note that from a WINS server the #1 IP address is the PDC.
+		 */
+		for(i = 0; i < count; i++) {
+			if (is_zero_ip(ip_list[i]))
+				continue;
+
+			if (NT_STATUS_IS_OK(nt_status = attempt_connect_to_dc(cli, domain, 
+						  &ip_list[i], setup_creds_as, sec_chan, trust_passwd)))
+				break;
+		}
+	}
+
+	SAFE_FREE(ip_list);
+	return nt_status;
+}
+
+/***********************************************************************
+ Do the same as security=server, but using NT Domain calls and a session
+ key from the machine password.  If the server parameter is specified
+ use it, otherwise figure out a server from the 'password server' param.
+************************************************************************/
+
+static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
+				       const auth_usersupplied_info *user_info, 
+				       const char *domain,
+				       uchar chal[8],
+				       auth_serversupplied_info **server_info, 
+				       char *server, char *setup_creds_as,
+				       uint16 sec_chan,
+				       unsigned char *trust_passwd,
+				       time_t last_change_time)
+{
+	fstring remote_machine;
+	NET_USER_INFO_3 info3;
+	struct cli_state *cli = NULL;
+	NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
+	struct passwd *pass;
+
+	/*
+	 * At this point, smb_apasswd points to the lanman response to
+	 * the challenge in local_challenge, and smb_ntpasswd points to
+	 * the NT response to the challenge in local_challenge. Ship
+	 * these over the secure channel to a domain controller and
+	 * see if they were valid.
+	 */
+
+	while (!NT_STATUS_IS_OK(nt_status) &&
+	       next_token(&server,remote_machine,LIST_SEP,sizeof(remote_machine))) {
+		if(strequal(remote_machine, "*")) {
+			nt_status = find_connect_pdc(&cli, domain, setup_creds_as, sec_chan, trust_passwd, last_change_time);
+		} else {
+			nt_status = connect_to_domain_password_server(&cli, remote_machine, setup_creds_as, sec_chan, trust_passwd);
+		}
+	}
+
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		DEBUG(0,("domain_client_validate: Domain password server not available.\n"));
+		return nt_status;
+	}
+
+	ZERO_STRUCT(info3);
+
+        /*
+         * If this call succeeds, we now have lots of info about the user
+         * in the info3 structure.  
+         */
+
+	nt_status = cli_netlogon_sam_network_logon(cli, mem_ctx,
+						   user_info->smb_name.str, user_info->domain.str, 
+						   user_info->wksta_name.str, chal, 
+						   user_info->lm_resp, user_info->nt_resp, 
+						   &info3);
+        
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		DEBUG(0,("domain_client_validate: unable to validate password "
+                         "for user %s in domain %s to Domain controller %s. "
+                         "Error was %s.\n", user_info->smb_name.str,
+                         user_info->domain.str, cli->srv_name_slash, 
+                         nt_errstr(nt_status)));
+	} else {
+                char *dom_user;
+
+                /* Check DOMAIN\username first to catch winbind users, then
+                   just the username for local users. */
+
+                dom_user = talloc_asprintf(mem_ctx, "%s%s%s", user_info->domain.str,
+					   lp_winbind_separator(),
+					   user_info->internal_username.str);
+		
+		if (!dom_user) {
+			DEBUG(0, ("talloc_asprintf failed!\n"));
+			nt_status = NT_STATUS_NO_MEMORY;
+		} else { 
+
+			if (!(pass = Get_Pwnam(dom_user)))
+				pass = Get_Pwnam(user_info->internal_username.str);
+			
+			if (pass) {
+				make_server_info_pw(server_info, pass);
+				if (!server_info) {
+					nt_status = NT_STATUS_NO_MEMORY;
+				}
+			} else {
+				nt_status = NT_STATUS_NO_SUCH_USER;
+			}
+		}
+	}
+
+	/* Store the user group information in the server_info returned to the caller. */
+	
+	if (NT_STATUS_IS_OK(nt_status) && (info3.num_groups2 != 0)) {
+		int i;
+		NT_USER_TOKEN *ptok;
+		auth_serversupplied_info *pserver_info = *server_info;
+
+		if ((pserver_info->ptok = malloc( sizeof(NT_USER_TOKEN) ) ) == NULL) {
+			DEBUG(0, ("domain_client_validate: out of memory allocating rid group membership\n"));
+			nt_status = NT_STATUS_NO_MEMORY;
+			free_server_info(server_info);
+			goto done;
+		}
+
+		ptok = pserver_info->ptok;
+		ptok->num_sids = (size_t)info3.num_groups2;
+
+		if ((ptok->user_sids = (DOM_SID *)malloc( sizeof(DOM_SID) * ptok->num_sids )) == NULL) {
+			DEBUG(0, ("domain_client_validate: Out of memory allocating group SIDS\n"));
+			nt_status = NT_STATUS_NO_MEMORY;
+			free_server_info(server_info);
+			goto done;
+		}
+ 
+		for (i = 0; i < ptok->num_sids; i++) {
+			sid_copy(&ptok->user_sids[i], &info3.dom_sid.sid);
+			sid_append_rid(&ptok->user_sids[i], info3.gids[i].g_rid);
+		}
+		
+		uni_group_cache_store_netlogon(mem_ctx, &info3);
+	}
+
+#if 0
+	/* 
+	 * We don't actually need to do this - plus it fails currently with
+	 * NT_STATUS_INVALID_INFO_CLASS - we need to know *exactly* what to
+	 * send here. JRA.
+	 */
+
+	if (NT_STATUS_IS_OK(status)) {
+		if(cli_nt_logoff(&cli, &ctr) == False) {
+			DEBUG(0,("domain_client_validate: unable to log off user %s in domain \
+%s to Domain controller %s. Error was %s.\n", user, domain, remote_machine, cli_errstr(&cli)));        
+			nt_status = NT_STATUS_LOGON_FAILURE;
+		}
+	}
+#endif /* 0 */
+
+  done:
+
+	/* Note - once the cli stream is shutdown the mem_ctx used
+	   to allocate the other_sids and gids structures has been deleted - so
+	   these pointers are no longer valid..... */
+
+	cli_nt_session_close(cli);
+	cli_ulogoff(cli);
+	cli_shutdown(cli);
+	return nt_status;
+}
+
+/****************************************************************************
+ Check for a valid username and password in security=domain mode.
+****************************************************************************/
+
+static NTSTATUS check_ntdomain_security(const struct auth_context *auth_context,
+					void *my_private_data, 
+					TALLOC_CTX *mem_ctx,
+					const auth_usersupplied_info *user_info, 
+					auth_serversupplied_info **server_info)
+{
+	NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
+	char *password_server;
+	unsigned char trust_passwd[16];
+	time_t last_change_time;
+	char *domain = lp_workgroup();
+
+	if (!user_info || !server_info || !auth_context) {
+		DEBUG(1,("check_ntdomain_security: Critical variables not present.  Failing.\n"));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	/* 
+	 * Check that the requested domain is not our own machine name.
+	 * If it is, we should never check the PDC here, we use our own local
+	 * password file.
+	 */
+
+	if(is_netbios_alias_or_name(user_info->domain.str)) {
+		DEBUG(3,("check_ntdomain_security: Requested domain was for this machine.\n"));
+		return NT_STATUS_LOGON_FAILURE;
+	}
+
+	/*
+	 * Get the machine account password for our primary domain
+	 * No need to become_root() as secrets_init() is done at startup.
+	 */
+
+	if (!secrets_fetch_trust_account_password(domain, trust_passwd, &last_change_time))
+	{
+		DEBUG(0, ("check_ntdomain_security: could not fetch trust account password for domain %s\n", lp_workgroup()));
+		return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+	}
+
+	/* Test if machine password is expired and need to be changed */
+	if (time(NULL) > last_change_time + lp_machine_password_timeout())
+	{
+		global_machine_password_needs_changing = True;
+	}
+
+	/*
+	 * Treat each name in the 'password server =' line as a potential
+	 * PDC/BDC. Contact each in turn and try and authenticate.
+	 */
+
+	password_server = lp_passwordserver();
+
+	nt_status = domain_client_validate(mem_ctx, user_info, domain,
+					   (uchar *)auth_context->challenge.data, 
+					   server_info, 
+					   password_server, global_myname, SEC_CHAN_WKSTA, trust_passwd, last_change_time);
+	return nt_status;
+}
+
+/* module initialisation */
+BOOL auth_init_ntdomain(struct auth_context *auth_context, auth_methods **auth_method) 
+{
+	if (!make_auth_methods(auth_context, auth_method)) {
+		return False;
+	}
+
+	(*auth_method)->auth = check_ntdomain_security;
+	return True;
+}
+
+
+/****************************************************************************
+ Check for a valid username and password in a trusted domain
+****************************************************************************/
+
+static NTSTATUS check_trustdomain_security(const struct auth_context *auth_context,
+					   void *my_private_data, 
+					   TALLOC_CTX *mem_ctx,
+					   const auth_usersupplied_info *user_info, 
+					   auth_serversupplied_info **server_info)
+{
+	NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
+	unsigned char trust_md4_password[16];
+	char *trust_password;
+	time_t last_change_time;
+	DOM_SID sid;
+
+	if (!user_info || !server_info || !auth_context) {
+		DEBUG(1,("check_trustdomain_security: Critical variables not present.  Failing.\n"));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	/* 
+	 * Check that the requested domain is not our own machine name.
+	 * If it is, we should never check the PDC here, we use our own local
+	 * password file.
+	 */
+
+	if(is_netbios_alias_or_name(user_info->domain.str)) {
+		DEBUG(3,("check_trustdomain_security: Requested domain was for this machine.\n"));
+		return NT_STATUS_LOGON_FAILURE;
+	}
+
+	/* 
+	 * Check that the requested domain is not our own domain,
+	 * If it is, we should use our own local password file.
+	 */
+
+	if(strequal(lp_workgroup(), (user_info->domain.str))) {
+		DEBUG(3,("check_trustdomain_security: Requested domain was for this domain.\n"));
+		return NT_STATUS_LOGON_FAILURE;
+	}
+
+	/*
+	 * Get the machine account password for the trusted domain
+	 * No need to become_root() as secrets_init() is done at startup.
+	 */
+
+	if (!secrets_fetch_trusted_domain_password(user_info->domain.str, &trust_password, &sid, &last_change_time))
+	{
+		DEBUG(0, ("check_trustdomain_security: could not fetch trust account password for domain %s\n", user_info->domain.str));
+		return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+	}
+
+#ifdef DEBUG_PASSWORD
+	DEBUG(100, ("Trust password for domain %s is %s\n", user_info->domain.str, trust_password));
+#endif
+	E_md4hash((uchar *)trust_password, trust_md4_password);
+	SAFE_FREE(trust_password);
+
+#if 0
+	/* Test if machine password is expired and need to be changed */
+	if (time(NULL) > last_change_time + lp_machine_password_timeout())
+	{
+		global_machine_password_needs_changing = True;
+	}
+#endif
+
+	nt_status = domain_client_validate(mem_ctx, user_info, user_info->domain.str,
+					   (uchar *)auth_context->challenge.data, 
+					   server_info, "*" /* Do a lookup */, 
+					   lp_workgroup(), SEC_CHAN_DOMAIN, trust_md4_password, last_change_time);
+	
+	return nt_status;
+}
+
+/* module initialisation */
+BOOL auth_init_trustdomain(struct auth_context *auth_context, auth_methods **auth_method) 
+{
+	if (!make_auth_methods(auth_context, auth_method)) {
+		return False;
+	}
+
+	(*auth_method)->auth = check_trustdomain_security;
+	return True;
+}
diff --git a/source3/auth/auth_rhosts.c b/source3/auth/auth_rhosts.c
new file mode 100644
index 0000000000..9586d1d65e
--- /dev/null
+++ b/source3/auth/auth_rhosts.c
@@ -0,0 +1,231 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Main SMB reply routines
+   Copyright (C) Andrew Tridgell 1992-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/****************************************************************************
+ Read the a hosts.equiv or .rhosts file and check if it
+ allows this user from this machine.
+****************************************************************************/
+
+static BOOL check_user_equiv(const char *user, const char *remote, const char *equiv_file)
+{
+  int plus_allowed = 1;
+  char *file_host;
+  char *file_user;
+  char **lines = file_lines_load(equiv_file, NULL);
+  int i;
+
+  DEBUG(5, ("check_user_equiv %s %s %s\n", user, remote, equiv_file));
+  if (! lines) return False;
+  for (i=0; lines[i]; i++) {
+    char *buf = lines[i];
+    trim_string(buf," "," ");
+
+    if (buf[0] != '#' && buf[0] != '\n') 
+    {
+      BOOL is_group = False;
+      int plus = 1;
+      char *bp = buf;
+      if (strcmp(buf, "NO_PLUS\n") == 0)
+      {
+	DEBUG(6, ("check_user_equiv NO_PLUS\n"));
+	plus_allowed = 0;
+      }
+      else {
+	if (buf[0] == '+') 
+	{
+	  bp++;
+	  if (*bp == '\n' && plus_allowed) 
+	  {
+	    /* a bare plus means everbody allowed */
+	    DEBUG(6, ("check_user_equiv everybody allowed\n"));
+	    file_lines_free(lines);
+	    return True;
+	  }
+	}
+	else if (buf[0] == '-')
+	{
+	  bp++;
+	  plus = 0;
+	}
+	if (*bp == '@') 
+	{
+	  is_group = True;
+	  bp++;
+	}
+	file_host = strtok(bp, " \t\n");
+	file_user = strtok(NULL, " \t\n");
+	DEBUG(7, ("check_user_equiv %s %s\n", file_host ? file_host : "(null)", 
+                 file_user ? file_user : "(null)" ));
+	if (file_host && *file_host) 
+	{
+	  BOOL host_ok = False;
+
+#if defined(HAVE_NETGROUP) && defined(HAVE_YP_GET_DEFAULT_DOMAIN)
+	  if (is_group)
+	    {
+	      static char *mydomain = NULL;
+	      if (!mydomain)
+		yp_get_default_domain(&mydomain);
+	      if (mydomain && innetgr(file_host,remote,user,mydomain))
+		host_ok = True;
+	    }
+#else
+	  if (is_group)
+	    {
+	      DEBUG(1,("Netgroups not configured\n"));
+	      continue;
+	    }
+#endif
+
+	  /* is it this host */
+	  /* the fact that remote has come from a call of gethostbyaddr
+	   * means that it may have the fully qualified domain name
+	   * so we could look up the file version to get it into
+	   * a canonical form, but I would rather just type it
+	   * in full in the equiv file
+	   */
+	  if (!host_ok && !is_group && strequal(remote, file_host))
+	    host_ok = True;
+
+	  if (!host_ok)
+	    continue;
+
+	  /* is it this user */
+	  if (file_user == 0 || strequal(user, file_user)) 
+	    {
+	      DEBUG(5, ("check_user_equiv matched %s%s %s\n",
+			(plus ? "+" : "-"), file_host,
+			(file_user ? file_user : "")));
+	      file_lines_free(lines);
+	      return (plus ? True : False);
+	    }
+	}
+      }
+    }
+  }
+  file_lines_free(lines);
+  return False;
+}
+
+
+/****************************************************************************
+check for a possible hosts equiv or rhosts entry for the user
+****************************************************************************/
+
+static BOOL check_hosts_equiv(struct passwd *pass)
+{
+  char *fname = NULL;
+
+  if (!pass) 
+    return(False);
+
+  fname = lp_hosts_equiv();
+
+  /* note: don't allow hosts.equiv on root */
+  if (fname && *fname && (pass->pw_uid != 0)) {
+	  if (check_user_equiv(pass->pw_name,client_name(),fname))
+		  return(True);
+  }
+  
+  return(False);
+}
+
+
+/****************************************************************************
+ Check for a valid .rhosts/hosts.equiv entry for this user
+****************************************************************************/
+
+static NTSTATUS check_hostsequiv_security(const struct auth_context *auth_context,
+					  void *my_private_data, 
+					  TALLOC_CTX *mem_ctx,
+					  const auth_usersupplied_info *user_info, 
+					  auth_serversupplied_info **server_info)
+{
+	NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
+	struct passwd *pass = Get_Pwnam(user_info->internal_username.str);
+	
+	if (pass) {
+		if (check_hosts_equiv(pass)) {
+			nt_status = NT_STATUS_OK;
+			make_server_info_pw(server_info, pass);
+		}
+	} else {
+		nt_status = NT_STATUS_NO_SUCH_USER;
+	}
+
+	return nt_status;
+}
+
+/* module initialisation */
+BOOL auth_init_hostsequiv(struct auth_context *auth_context, auth_methods **auth_method) 
+{
+	if (!make_auth_methods(auth_context, auth_method)) {
+		return False;
+	}
+
+	(*auth_method)->auth = check_hostsequiv_security;
+	return True;
+}
+
+
+/****************************************************************************
+ Check for a valid .rhosts/hosts.equiv entry for this user
+****************************************************************************/
+
+static NTSTATUS check_rhosts_security(const struct auth_context *auth_context,
+				      void *my_private_data, 
+				      TALLOC_CTX *mem_ctx,
+				      const auth_usersupplied_info *user_info, 
+				      auth_serversupplied_info **server_info)
+{
+	NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
+	struct passwd *pass = Get_Pwnam(user_info->internal_username.str);
+	pstring rhostsfile;
+	
+	if (pass) {
+		char *home = pass->pw_dir;
+		if (home) {
+			slprintf(rhostsfile, sizeof(rhostsfile)-1, "%s/.rhosts", home);
+			become_root();
+			if (check_user_equiv(pass->pw_name,client_name(),rhostsfile)) {
+				nt_status = NT_STATUS_OK;
+				make_server_info_pw(server_info, pass);
+			}
+			unbecome_root();
+		} 
+	} else {
+		nt_status = NT_STATUS_NO_SUCH_USER;
+	}
+
+	return nt_status;
+}
+
+/* module initialisation */
+BOOL auth_init_rhosts(struct auth_context *auth_context, auth_methods **auth_method) 
+{
+	if (!make_auth_methods(auth_context, auth_method)) {
+		return False;
+	}
+
+	(*auth_method)->auth = check_rhosts_security;
+	return True;
+}
diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
new file mode 100644
index 0000000000..6753951c89
--- /dev/null
+++ b/source3/auth/auth_sam.c
@@ -0,0 +1,452 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Password and authentication handling
+   Copyright (C) Andrew Tridgell              1992-2000
+   Copyright (C) Luke Kenneth Casson Leighton 1996-2000
+   Copyright (C) Andrew Bartlett              2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/****************************************************************************
+core of smb password checking routine.
+****************************************************************************/
+static BOOL smb_pwd_check_ntlmv1(DATA_BLOB nt_response,
+				 const uchar *part_passwd,
+				 DATA_BLOB sec_blob,
+				 uint8 user_sess_key[16])
+{
+	/* Finish the encryption of part_passwd. */
+	uchar p24[24];
+	
+	if (part_passwd == NULL) {
+		DEBUG(10,("No password set - DISALLOWING access\n"));
+		/* No password set - always false ! */
+		return False;
+	}
+	
+	if (sec_blob.length != 8) {
+		DEBUG(0, ("smb_pwd_check_ntlmv1: incorrect challenge size (%d)\n", sec_blob.length));
+		return False;
+	}
+	
+	if (nt_response.length != 24) {
+		DEBUG(0, ("smb_pwd_check_ntlmv1: incorrect password length (%d)\n", nt_response.length));
+		return False;
+	}
+
+	SMBOWFencrypt(part_passwd, sec_blob.data, p24);
+	if (user_sess_key != NULL)
+	{
+		SMBsesskeygen_ntv1(part_passwd, NULL, user_sess_key);
+	}
+	
+	
+	
+#if DEBUG_PASSWORD
+	DEBUG(100,("Part password (P16) was |"));
+	dump_data(100, part_passwd, 16);
+	DEBUG(100,("Password from client was |"));
+	dump_data(100, nt_response.data, nt_response.length);
+	DEBUG(100,("Given challenge was |"));
+	dump_data(100, sec_blob.data, sec_blob.length);
+	DEBUG(100,("Value from encryption was |"));
+	dump_data(100, p24, 24);
+#endif
+  return (memcmp(p24, nt_response.data, 24) == 0);
+}
+
+/****************************************************************************
+core of smb password checking routine.
+****************************************************************************/
+static BOOL smb_pwd_check_ntlmv2(const DATA_BLOB ntv2_response,
+				 const uchar *part_passwd,
+				 const DATA_BLOB sec_blob,
+				 const char *user, const char *domain,
+				 uint8 user_sess_key[16])
+{
+	/* Finish the encryption of part_passwd. */
+	uchar kr[16];
+	uchar value_from_encryption[16];
+	uchar client_response[16];
+	DATA_BLOB client_key_data;
+
+	if (part_passwd == NULL)
+	{
+		DEBUG(10,("No password set - DISALLOWING access\n"));
+		/* No password set - always False */
+		return False;
+	}
+
+	if (ntv2_response.length < 16) {
+		/* We MUST have more than 16 bytes, or the stuff below will go
+		   crazy... */
+		DEBUG(0, ("smb_pwd_check_ntlmv2: incorrect password length (%d)\n", 
+			  ntv2_response.length));
+		return False;
+	}
+
+	client_key_data = data_blob(ntv2_response.data+16, ntv2_response.length-16);
+	memcpy(client_response, ntv2_response.data, sizeof(client_response));
+
+	ntv2_owf_gen(part_passwd, user, domain, kr);
+	SMBOWFencrypt_ntv2(kr, sec_blob, client_key_data, (char *)value_from_encryption);
+	if (user_sess_key != NULL)
+	{
+		SMBsesskeygen_ntv2(kr, value_from_encryption, user_sess_key);
+	}
+
+#if DEBUG_PASSWORD
+	DEBUG(100,("Part password (P16) was |"));
+	dump_data(100, part_passwd, 16);
+	DEBUG(100,("Password from client was |"));
+	dump_data(100, ntv2_response.data, ntv2_response.length);
+	DEBUG(100,("Variable data from client was |"));
+	dump_data(100, client_key_data.data, client_key_data.length);
+	DEBUG(100,("Given challenge was |"));
+	dump_data(100, sec_blob.data, sec_blob.length);
+	DEBUG(100,("Value from encryption was |"));
+	dump_data(100, value_from_encryption, 16);
+#endif
+	data_blob_clear_free(&client_key_data);
+	return (memcmp(value_from_encryption, client_response, 16) == 0);
+}
+
+
+/****************************************************************************
+ Do a specific test for an smb password being correct, given a smb_password and
+ the lanman and NT responses.
+****************************************************************************/
+static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
+				TALLOC_CTX *mem_ctx,
+				SAM_ACCOUNT *sampass, 
+				const auth_usersupplied_info *user_info, 
+				uint8 user_sess_key[16])
+{
+	uint16 acct_ctrl;
+	const uint8 *nt_pw, *lm_pw;
+	uint32 auth_flags;
+
+	acct_ctrl = pdb_get_acct_ctrl(sampass);
+	if (acct_ctrl & ACB_PWNOTREQ) 
+	{
+		if (lp_null_passwords()) 
+		{
+			DEBUG(3,("Account for user '%s' has no password and null passwords are allowed.\n", pdb_get_username(sampass)));
+			return(NT_STATUS_OK);
+		} 
+		else 
+		{
+			DEBUG(3,("Account for user '%s' has no password and null passwords are NOT allowed.\n", pdb_get_username(sampass)));
+			return(NT_STATUS_LOGON_FAILURE);
+		}		
+	}
+
+	nt_pw = pdb_get_nt_passwd(sampass);
+	lm_pw = pdb_get_lanman_passwd(sampass);
+	
+	auth_flags = user_info->auth_flags;
+
+	if (nt_pw == NULL) {
+		DEBUG(3,("sam_password_ok: NO NT password stored for user %s.\n", 
+			 pdb_get_username(sampass)));
+		/* No return, we want to check the LM hash below in this case */
+		auth_flags &= (~(AUTH_FLAG_NTLMv2_RESP |  AUTH_FLAG_NTLM_RESP));
+	}
+	
+	if (auth_flags & AUTH_FLAG_NTLMv2_RESP) {
+		/* We have the NT MD4 hash challenge available - see if we can
+		   use it (ie. does it exist in the smbpasswd file).
+		*/
+		DEBUG(4,("sam_password_ok: Checking NTLMv2 password\n"));
+		if (smb_pwd_check_ntlmv2( user_info->nt_resp, 
+					  nt_pw, auth_context->challenge, 
+					  user_info->smb_name.str, 
+					  user_info->client_domain.str,
+					  user_sess_key))
+		{
+			return NT_STATUS_OK;
+		} else {
+			DEBUG(3,("sam_password_ok: NTLMv2 password check failed\n"));
+			return NT_STATUS_WRONG_PASSWORD;
+		}
+	} else if (auth_flags & AUTH_FLAG_NTLM_RESP) {
+		if (lp_ntlm_auth()) {				
+			/* We have the NT MD4 hash challenge available - see if we can
+			   use it (ie. does it exist in the smbpasswd file).
+			*/
+			DEBUG(4,("sam_password_ok: Checking NT MD4 password\n"));
+			if (smb_pwd_check_ntlmv1(user_info->nt_resp, 
+						 nt_pw, auth_context->challenge,
+						 user_sess_key)) 
+			{
+				return NT_STATUS_OK;
+			} else {
+				DEBUG(3,("sam_password_ok: NT MD4 password check failed for user %s\n",pdb_get_username(sampass)));
+				return NT_STATUS_WRONG_PASSWORD;
+			}
+		} else {
+			DEBUG(2,("sam_password_ok: NTLMv1 passwords NOT PERMITTED for user %s\n",pdb_get_username(sampass)));			
+				/* No return, we want to check the LM hash below in this case */
+		}
+	}
+	
+	if (lm_pw == NULL) {
+		DEBUG(3,("sam_password_ok: NO LanMan password set for user %s (and no NT password supplied)\n",pdb_get_username(sampass)));
+		auth_flags &= (~AUTH_FLAG_LM_RESP);		
+	}
+	
+	if (auth_flags & AUTH_FLAG_LM_RESP) {
+		
+		if (user_info->lm_resp.length != 24) {
+			DEBUG(2,("sam_password_ok: invalid LanMan password length (%d) for user %s\n", 
+				 user_info->nt_resp.length, pdb_get_username(sampass)));		
+		}
+		
+		if (!lp_lanman_auth()) {
+			DEBUG(3,("sam_password_ok: Lanman passwords NOT PERMITTED for user %s\n",pdb_get_username(sampass)));			
+			return NT_STATUS_LOGON_FAILURE;
+		}
+		
+		DEBUG(4,("sam_password_ok: Checking LM password\n"));
+		if (smb_pwd_check_ntlmv1(user_info->lm_resp, 
+					 lm_pw, auth_context->challenge,
+					 user_sess_key)) 
+		{
+			return NT_STATUS_OK;
+		} else {
+			DEBUG(4,("sam_password_ok: LM password check failed for user %s\n",pdb_get_username(sampass)));
+			return NT_STATUS_WRONG_PASSWORD;
+		} 
+	}
+
+	/* Should not be reached, but if they send nothing... */
+	DEBUG(3,("sam_password_ok: NEITHER LanMan nor NT password supplied for user %s\n",pdb_get_username(sampass)));
+	return NT_STATUS_WRONG_PASSWORD;
+}
+
+/****************************************************************************
+ Do a specific test for a SAM_ACCOUNT being vaild for this connection 
+ (ie not disabled, expired and the like).
+****************************************************************************/
+static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx,
+			       SAM_ACCOUNT *sampass, 
+			       const auth_usersupplied_info *user_info)
+{
+	uint16	acct_ctrl = pdb_get_acct_ctrl(sampass);
+	char *workstation_list;
+	time_t kickoff_time;
+	
+	DEBUG(4,("sam_account_ok: Checking SMB password for user %s\n",pdb_get_username(sampass)));
+
+	/* Quit if the account was disabled. */
+	if (acct_ctrl & ACB_DISABLED) {
+		DEBUG(1,("Account for user '%s' was disabled.\n", pdb_get_username(sampass)));
+		return NT_STATUS_ACCOUNT_DISABLED;
+	}
+
+	/* Test account expire time */
+	
+	kickoff_time = pdb_get_kickoff_time(sampass);
+	if (kickoff_time != 0 && time(NULL) > kickoff_time) {
+		DEBUG(1,("Account for user '%s' has expried.\n", pdb_get_username(sampass)));
+		DEBUG(3,("Account expired at '%ld' unix time.\n", (long)kickoff_time));
+		return NT_STATUS_ACCOUNT_EXPIRED;
+	}
+
+	if (!(pdb_get_acct_ctrl(sampass) & ACB_PWNOEXP)) {
+		time_t must_change_time = pdb_get_pass_must_change_time(sampass);
+		time_t last_set_time = pdb_get_pass_last_set_time(sampass);
+
+		/* check for immediate expiry "must change at next logon" */
+		if (must_change_time == 0 && last_set_time != 0) {
+			DEBUG(1,("Account for user '%s' password must change!.\n", pdb_get_username(sampass)));
+			return NT_STATUS_PASSWORD_MUST_CHANGE;
+		}
+
+		/* check for expired password */
+		if (must_change_time < time(NULL) && must_change_time != 0) {
+			DEBUG(1,("Account for user '%s' password expired!.\n", pdb_get_username(sampass)));
+			DEBUG(1,("Password expired at '%s' (%ld) unix time.\n", http_timestring(must_change_time), (long)must_change_time));
+			return NT_STATUS_PASSWORD_EXPIRED;
+		}
+	}
+
+	/* Test workstation. Workstation list is comma separated. */
+
+	workstation_list = talloc_strdup(mem_ctx, pdb_get_workstations(sampass));
+
+	if (!workstation_list) return NT_STATUS_NO_MEMORY;
+
+	if (*workstation_list) {
+		BOOL invalid_ws = True;
+		char *s = workstation_list;
+			
+		fstring tok;
+			
+		while (next_token(&s, tok, ",", sizeof(tok))) {
+			DEBUG(10,("checking for workstation match %s and %s (len=%d)\n",
+				  tok, user_info->wksta_name.str, user_info->wksta_name.len));
+			if(strequal(tok, user_info->wksta_name.str)) {
+				invalid_ws = False;
+				break;
+			}
+		}
+		
+		if (invalid_ws) 
+			return NT_STATUS_INVALID_WORKSTATION;
+	}
+
+	if (acct_ctrl & ACB_DOMTRUST) {
+		DEBUG(2,("sam_account_ok: Domain trust account %s denied by server\n", pdb_get_username(sampass)));
+		return NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT;
+	}
+	
+	if (acct_ctrl & ACB_SVRTRUST) {
+		DEBUG(2,("sam_account_ok: Server trust account %s denied by server\n", pdb_get_username(sampass)));
+		return NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT;
+	}
+	
+	if (acct_ctrl & ACB_WSTRUST) {
+		DEBUG(4,("sam_account_ok: Wksta trust account %s denied by server\n", pdb_get_username(sampass)));
+		return NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT;
+	}
+	
+	return NT_STATUS_OK;
+}
+
+
+/****************************************************************************
+check if a username/password is OK assuming the password is a 24 byte
+SMB hash supplied in the user_info structure
+return an NT_STATUS constant.
+****************************************************************************/
+
+static NTSTATUS check_sam_security(const struct auth_context *auth_context,
+				   void *my_private_data, 
+				   TALLOC_CTX *mem_ctx,
+				   const auth_usersupplied_info *user_info, 
+				   auth_serversupplied_info **server_info)
+{
+	SAM_ACCOUNT *sampass=NULL;
+	BOOL ret;
+	NTSTATUS nt_status;
+	uint8 user_sess_key[16];
+	const uint8* lm_hash;
+
+	if (!user_info || !auth_context) {
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	/* Can't use the talloc version here, becouse the returned struct gets
+	   kept on the server_info */
+	if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam(&sampass))) {
+		return nt_status;
+	}
+
+	/* get the account information */
+
+	become_root();
+	ret = pdb_getsampwnam(sampass, user_info->internal_username.str);
+	unbecome_root();
+
+	if (ret == False)
+	{
+		DEBUG(3,("Couldn't find user '%s' in passdb file.\n", user_info->internal_username.str));
+		pdb_free_sam(&sampass);
+		return NT_STATUS_NO_SUCH_USER;
+	}
+
+	nt_status = sam_password_ok(auth_context, mem_ctx, sampass, user_info, user_sess_key);
+
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		pdb_free_sam(&sampass);
+		return nt_status;
+	}
+
+	nt_status = sam_account_ok(mem_ctx, sampass, user_info);
+	
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		pdb_free_sam(&sampass);
+		return nt_status;
+	}
+
+	if (!make_server_info_sam(server_info, sampass)) {		
+		DEBUG(0,("failed to malloc memory for server_info\n"));
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	lm_hash = pdb_get_lanman_passwd((*server_info)->sam_account);
+	if (lm_hash) {
+		memcpy((*server_info)->first_8_lm_hash, lm_hash, 8);
+	}
+	
+	memcpy((*server_info)->session_key, user_sess_key, sizeof(user_sess_key));
+
+	return nt_status;
+}
+
+/* module initialisation */
+BOOL auth_init_sam(struct auth_context *auth_context, auth_methods **auth_method) 
+{
+	if (!make_auth_methods(auth_context, auth_method)) {
+		return False;
+	}
+
+	(*auth_method)->auth = check_sam_security;
+	return True;
+}
+
+
+/****************************************************************************
+Check SAM security (above) but with a few extra checks.
+****************************************************************************/
+
+static NTSTATUS check_samstrict_security(const struct auth_context *auth_context,
+					 void *my_private_data, 
+					 TALLOC_CTX *mem_ctx,
+					 const auth_usersupplied_info *user_info, 
+					 auth_serversupplied_info **server_info)
+{
+
+	if (!user_info || !auth_context) {
+		return NT_STATUS_LOGON_FAILURE;
+	}
+
+	/* If we are a domain member, we must not 
+	   attempt to check the password locally,
+	   unless it is one of our aliases. */
+	
+	if (!is_netbios_alias_or_name(user_info->domain.str)) {
+		return NT_STATUS_NO_SUCH_USER;
+	}
+	
+	return check_sam_security(auth_context, my_private_data, mem_ctx, user_info, server_info);
+}
+
+/* module initialisation */
+BOOL auth_init_samstrict(struct auth_context *auth_context, auth_methods **auth_method) 
+{
+	if (!make_auth_methods(auth_context, auth_method)) {
+		return False;
+	}
+
+	(*auth_method)->auth = check_samstrict_security;
+	return True;
+}
+
+
diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c
new file mode 100644
index 0000000000..5190d45c20
--- /dev/null
+++ b/source3/auth/auth_server.c
@@ -0,0 +1,367 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Authenticate to a remote server
+   Copyright (C) Andrew Tridgell 1992-1998
+   Copyright (C) Andrew Bartlett 2001
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+extern pstring global_myname;
+extern userdom_struct current_user_info;
+
+/****************************************************************************
+ Support for server level security.
+****************************************************************************/
+
+static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx)
+{
+	struct cli_state *cli = NULL;
+	fstring desthost;
+	struct in_addr dest_ip;
+	char *p, *pserver;
+	BOOL connected_ok = False;
+
+	if (!(cli = cli_initialise(cli)))
+		return NULL;
+
+	/* security = server just can't function with spnego */
+	cli->use_spnego = False;
+
+        pserver = talloc_strdup(mem_ctx, lp_passwordserver());
+	p = pserver;
+
+        while(next_token( &p, desthost, LIST_SEP, sizeof(desthost))) {
+		standard_sub_basic(current_user_info.smb_name, desthost);
+		strupper(desthost);
+
+		if(!resolve_name( desthost, &dest_ip, 0x20)) {
+			DEBUG(1,("server_cryptkey: Can't resolve address for %s\n",desthost));
+			continue;
+		}
+
+		if (ismyip(dest_ip)) {
+			DEBUG(1,("Password server loop - disabling password server %s\n",desthost));
+			continue;
+		}
+
+		if (cli_connect(cli, desthost, &dest_ip)) {
+			DEBUG(3,("connected to password server %s\n",desthost));
+			connected_ok = True;
+			break;
+		}
+	}
+
+	if (!connected_ok) {
+		DEBUG(0,("password server not available\n"));
+		cli_shutdown(cli);
+		return NULL;
+	}
+
+	if (!attempt_netbios_session_request(cli, global_myname, desthost, &dest_ip))
+		return NULL;
+	
+	if (strequal(desthost,myhostname())) {
+		exit_server("Password server loop!");
+	}
+	
+	DEBUG(3,("got session\n"));
+
+	if (!cli_negprot(cli)) {
+		DEBUG(1,("%s rejected the negprot\n",desthost));
+		cli_shutdown(cli);
+		return NULL;
+	}
+
+	if (cli->protocol < PROTOCOL_LANMAN2 ||
+	    !(cli->sec_mode & 1)) {
+		DEBUG(1,("%s isn't in user level security mode\n",desthost));
+		cli_shutdown(cli);
+		return NULL;
+	}
+
+	DEBUG(3,("password server OK\n"));
+
+	return cli;
+}
+
+/****************************************************************************
+ Clean up our allocated cli.
+****************************************************************************/
+
+static void free_server_private_data(void **private_data_pointer) 
+{
+	struct cli_state **cli = (struct cli_state **)private_data_pointer;
+	if (*cli && (*cli)->initialised) {
+		cli_shutdown(*cli);
+	}
+}
+
+/****************************************************************************
+ Send a 'keepalive' packet down the cli pipe.
+****************************************************************************/
+
+static void send_server_keepalive(void **private_data_pointer) 
+{
+	struct cli_state **cli = (struct cli_state **)private_data_pointer;
+	
+	/* also send a keepalive to the password server if its still
+	   connected */
+	if (cli && *cli && (*cli)->initialised) {
+		if (!send_keepalive((*cli)->fd)) {
+			DEBUG( 2, ( "password server keepalive failed.\n"));
+			cli_shutdown(*cli);
+		}
+	}
+}
+
+/****************************************************************************
+ Get the challenge out of a password server.
+****************************************************************************/
+
+static DATA_BLOB auth_get_challenge_server(const struct auth_context *auth_context,
+					   void **my_private_data, 
+					   TALLOC_CTX *mem_ctx)
+{
+	struct cli_state *cli = server_cryptkey(mem_ctx);
+	
+	if (cli) {
+		DEBUG(3,("using password server validation\n"));
+
+		if ((cli->sec_mode & 2) == 0) {
+			/* We can't work with unencrypted password servers
+			   unless 'encrypt passwords = no' */
+			DEBUG(5,("make_auth_info_server: Server is unencrypted, no challenge available..\n"));
+			
+			/* However, it is still a perfectly fine connection
+			   to pass that unencrypted password over */
+			*my_private_data = (void *)cli;
+			return data_blob(NULL, 0);
+			
+		} else if (cli->secblob.length < 8) {
+			/* We can't do much if we don't get a full challenge */
+			DEBUG(2,("make_auth_info_server: Didn't receive a full challenge from server\n"));
+			cli_shutdown(cli);
+			return data_blob(NULL, 0);
+		}
+
+		*my_private_data = (void *)cli;
+
+		/* The return must be allocated on the caller's mem_ctx, as our own will be
+		   destoyed just after the call. */
+		return data_blob_talloc(auth_context->mem_ctx, cli->secblob.data,8);
+	} else {
+		return data_blob(NULL, 0);
+	}
+}
+
+
+/****************************************************************************
+ Check for a valid username and password in security=server mode.
+  - Validate a password with the password server.
+****************************************************************************/
+
+static NTSTATUS check_smbserver_security(const struct auth_context *auth_context,
+					 void *my_private_data, 
+					 TALLOC_CTX *mem_ctx,
+					 const auth_usersupplied_info *user_info, 
+					 auth_serversupplied_info **server_info)
+{
+	struct cli_state *cli;
+	static unsigned char badpass[24];
+	static fstring baduser; 
+	static BOOL tested_password_server = False;
+	static BOOL bad_password_server = False;
+	NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
+	BOOL locally_made_cli = False;
+
+	/* 
+	 * Check that the requested domain is not our own machine name.
+	 * If it is, we should never check the PDC here, we use our own local
+	 * password file.
+	 */
+
+	if(is_netbios_alias_or_name(user_info->domain.str)) {
+		DEBUG(3,("check_smbserver_security: Requested domain was for this machine.\n"));
+		return NT_STATUS_LOGON_FAILURE;
+	}
+
+	cli = my_private_data;
+	
+	if (cli) {
+	} else {
+		cli = server_cryptkey(mem_ctx);
+		locally_made_cli = True;
+	}
+
+	if (!cli || !cli->initialised) {
+		DEBUG(1,("password server is not connected (cli not initilised)\n"));
+		return NT_STATUS_LOGON_FAILURE;
+	}  
+	
+	if ((cli->sec_mode & 2) == 0) {
+		if (user_info->encrypted) {
+			DEBUG(1,("password server %s is plaintext, but we are encrypted. This just can't work :-(\n", cli->desthost));
+			return NT_STATUS_LOGON_FAILURE;		
+		}
+	} else {
+		if (memcmp(cli->secblob.data, auth_context->challenge.data, 8) != 0) {
+			DEBUG(1,("the challenge that the password server (%s) supplied us is not the one we gave our client. This just can't work :-(\n", cli->desthost));
+			return NT_STATUS_LOGON_FAILURE;		
+		}
+	}
+
+	if(badpass[0] == 0)
+		memset(badpass, 0x1f, sizeof(badpass));
+
+	if((user_info->nt_resp.length == sizeof(badpass)) && 
+	   !memcmp(badpass, user_info->nt_resp.data, sizeof(badpass))) {
+		/* 
+		 * Very unlikely, our random bad password is the same as the users
+		 * password.
+		 */
+		memset(badpass, badpass[0]+1, sizeof(badpass));
+	}
+
+	if(baduser[0] == 0) {
+		fstrcpy(baduser, INVALID_USER_PREFIX);
+		fstrcat(baduser, global_myname);
+	}
+
+	/*
+	 * Attempt a session setup with a totally incorrect password.
+	 * If this succeeds with the guest bit *NOT* set then the password
+	 * server is broken and is not correctly setting the guest bit. We
+	 * need to detect this as some versions of NT4.x are broken. JRA.
+	 */
+
+	/* I sure as hell hope that there arn't servers out there that take 
+	 * NTLMv2 and have this bug, as we don't test for that... 
+	 *  - abartlet@samba.org
+	 */
+
+	if ((!tested_password_server) && (lp_paranoid_server_security())) {
+		if (cli_session_setup(cli, baduser, (char *)badpass, sizeof(badpass), 
+					(char *)badpass, sizeof(badpass), user_info->domain.str)) {
+
+			/*
+			 * We connected to the password server so we
+			 * can say we've tested it.
+			 */
+			tested_password_server = True;
+
+			if ((SVAL(cli->inbuf,smb_vwv2) & 1) == 0) {
+				DEBUG(0,("server_validate: password server %s allows users as non-guest \
+with a bad password.\n", cli->desthost));
+				DEBUG(0,("server_validate: This is broken (and insecure) behaviour. Please do not \
+use this machine as the password server.\n"));
+				cli_ulogoff(cli);
+
+				/*
+				 * Password server has the bug.
+				 */
+				bad_password_server = True;
+				return NT_STATUS_LOGON_FAILURE;
+			}
+			cli_ulogoff(cli);
+		}
+	} else {
+
+		/*
+		 * We have already tested the password server.
+		 * Fail immediately if it has the bug.
+		 */
+
+		if(bad_password_server) {
+			DEBUG(0,("server_validate: [1] password server %s allows users as non-guest \
+with a bad password.\n", cli->desthost));
+			DEBUG(0,("server_validate: [1] This is broken (and insecure) behaviour. Please do not \
+use this machine as the password server.\n"));
+			return NT_STATUS_LOGON_FAILURE;
+		}
+	}
+
+	/*
+	 * Now we know the password server will correctly set the guest bit, or is
+	 * not guest enabled, we can try with the real password.
+	 */
+
+	if (!user_info->encrypted) {
+		/* Plaintext available */
+		if (!cli_session_setup(cli, user_info->smb_name.str, 
+				       (char *)user_info->plaintext_password.data, 
+				       user_info->plaintext_password.length, 
+				       NULL, 0,
+				       user_info->domain.str)) {
+			DEBUG(1,("password server %s rejected the password\n", cli->desthost));
+			/* Make this cli_nt_error() when the conversion is in */
+			nt_status = cli_nt_error(cli);
+		} else {
+			nt_status = NT_STATUS_OK;
+		}
+	} else {
+		if (!cli_session_setup(cli, user_info->smb_name.str, 
+				       (char *)user_info->lm_resp.data, 
+				       user_info->lm_resp.length, 
+				       (char *)user_info->nt_resp.data, 
+				       user_info->nt_resp.length, 
+				       user_info->domain.str)) {
+			DEBUG(1,("password server %s rejected the password\n", cli->desthost));
+			/* Make this cli_nt_error() when the conversion is in */
+			nt_status = cli_nt_error(cli);
+		} else {
+			nt_status = NT_STATUS_OK;
+		}
+	}
+
+	/* if logged in as guest then reject */
+	if ((SVAL(cli->inbuf,smb_vwv2) & 1) != 0) {
+		DEBUG(1,("password server %s gave us guest only\n", cli->desthost));
+		nt_status = NT_STATUS_LOGON_FAILURE;
+	}
+
+	cli_ulogoff(cli);
+
+	if NT_STATUS_IS_OK(nt_status) {
+		struct passwd *pass = Get_Pwnam(user_info->internal_username.str);
+		if (pass) {
+			if (!make_server_info_pw(server_info, pass)) { 
+				nt_status = NT_STATUS_NO_MEMORY;
+			}
+		} else {
+			nt_status = NT_STATUS_NO_SUCH_USER;
+		}
+	}
+
+	if (locally_made_cli) {
+		cli_shutdown(cli);
+	}
+
+	return(nt_status);
+}
+
+BOOL auth_init_smbserver(struct auth_context *auth_context, auth_methods **auth_method) 
+{
+	if (!make_auth_methods(auth_context, auth_method)) {
+		return False;
+	}
+	(*auth_method)->auth = check_smbserver_security;
+	(*auth_method)->get_chal = auth_get_challenge_server;
+	(*auth_method)->send_keepalive = send_server_keepalive;
+	(*auth_method)->free_private_data = free_server_private_data;
+	return True;
+}
diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c
new file mode 100644
index 0000000000..05646f554e
--- /dev/null
+++ b/source3/auth/auth_unix.c
@@ -0,0 +1,129 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Password and authentication handling
+   Copyright (C) Andrew Bartlett              2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/**
+ * update the encrypted smbpasswd file from the plaintext username and password
+ *  
+ *  this ugly hack needs to die, but not quite yet, I think people still use it...
+ **/
+static BOOL update_smbpassword_file(char *user, char *password)
+{
+	SAM_ACCOUNT 	*sampass = NULL;
+	BOOL            ret;
+	
+	pdb_init_sam(&sampass);
+	
+	become_root();
+	ret = pdb_getsampwnam(sampass, user);
+	unbecome_root();
+
+	if(ret == False) {
+		DEBUG(0,("pdb_getsampwnam returned NULL\n"));
+		pdb_free_sam(&sampass);
+		return False;
+	}
+
+	/*
+	 * Remove the account disabled flag - we are updating the
+	 * users password from a login.
+	 */
+	if (!pdb_set_acct_ctrl(sampass, pdb_get_acct_ctrl(sampass) & ~ACB_DISABLED)) {
+		pdb_free_sam(&sampass);
+		return False;
+	}
+
+	if (!pdb_set_plaintext_passwd (sampass, password)) {
+		pdb_free_sam(&sampass);
+		return False;
+	}
+
+	/* Now write it into the file. */
+	become_root();
+
+	ret = pdb_update_sam_account (sampass);
+
+	unbecome_root();
+
+	if (ret) {
+		DEBUG(3,("pdb_update_sam_account returned %d\n",ret));
+	}
+
+	memset(password, '\0', strlen(password));
+
+	pdb_free_sam(&sampass);
+	return ret;
+}
+
+
+/** Check a plaintext username/password
+ *
+ * Cannot deal with an encrupted password in any manner whatsoever,
+ * unless the account has a null password.
+ **/
+
+static NTSTATUS check_unix_security(const struct auth_context *auth_context,
+			     void *my_private_data, 
+			     TALLOC_CTX *mem_ctx,
+			     const auth_usersupplied_info *user_info, 
+			     auth_serversupplied_info **server_info)
+{
+	NTSTATUS nt_status;
+	struct passwd *pass = NULL;
+
+	become_root();
+	pass = Get_Pwnam(user_info->internal_username.str);
+
+	
+	/** @todo This call assumes a ASCII password, no charset transformation is 
+	    done.  We may need to revisit this **/
+	nt_status = pass_check(pass,
+				pass ? pass->pw_name : user_info->internal_username.str, 
+				(char *)user_info->plaintext_password.data,
+				user_info->plaintext_password.length-1,
+				lp_update_encrypted() ? 
+				update_smbpassword_file : NULL,
+				True);
+	
+	unbecome_root();
+
+	if NT_STATUS_IS_OK(nt_status) {
+		if (pass) {
+			make_server_info_pw(server_info, pass);
+		} else {
+			/* we need to do somthing more useful here */
+			nt_status = NT_STATUS_NO_SUCH_USER;
+		}
+	}
+
+	return nt_status;
+}
+
+/* module initialisation */
+BOOL auth_init_unix(struct auth_context *auth_context, auth_methods **auth_method) 
+{
+	if (!make_auth_methods(auth_context, auth_method)) {
+		return False;
+	}
+
+	(*auth_method)->auth = check_unix_security;
+	return True;
+}
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
new file mode 100644
index 0000000000..d80c927c19
--- /dev/null
+++ b/source3/auth/auth_util.c
@@ -0,0 +1,685 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Authentication utility functions
+   Copyright (C) Andrew Tridgell 1992-1998
+   Copyright (C) Andrew Bartlett 2001
+   Copyright (C) Jeremy Allison 2000-2001
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+extern fstring remote_machine;
+extern pstring global_myname;
+
+/****************************************************************************
+ Create a UNIX user on demand.
+****************************************************************************/
+
+static int smb_create_user(const char *unix_user, const char *homedir)
+{
+	pstring add_script;
+	int ret;
+
+	pstrcpy(add_script, lp_adduser_script());
+	if (! *add_script)
+		return -1;
+	all_string_sub(add_script, "%u", unix_user, sizeof(pstring));
+	if (homedir)
+		all_string_sub(add_script, "%H", homedir, sizeof(pstring));
+	ret = smbrun(add_script,NULL);
+	DEBUG(3,("smb_create_user: Running the command `%s' gave %d\n",add_script,ret));
+	return ret;
+}
+
+/****************************************************************************
+ Delete a UNIX user on demand.
+****************************************************************************/
+
+int smb_delete_user(const char *unix_user)
+{
+	pstring del_script;
+	int ret;
+
+	pstrcpy(del_script, lp_deluser_script());
+	if (! *del_script)
+		return -1;
+	all_string_sub(del_script, "%u", unix_user, sizeof(pstring));
+	ret = smbrun(del_script,NULL);
+	DEBUG(3,("smb_delete_user: Running the command `%s' gave %d\n",del_script,ret));
+	return ret;
+}
+
+/****************************************************************************
+ Add and Delete UNIX users on demand, based on NTSTATUS codes.
+****************************************************************************/
+
+void smb_user_control(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info, NTSTATUS nt_status) 
+{
+	struct passwd *pwd=NULL;
+
+	if (NT_STATUS_IS_OK(nt_status)) {
+
+		if (!(server_info->sam_fill_level & SAM_FILL_UNIX)) {
+			
+			/*
+			 * User validated ok against Domain controller.
+			 * If the admin wants us to try and create a UNIX
+			 * user on the fly, do so.
+			 */
+			
+			if(lp_adduser_script() && !(pwd = Get_Pwnam(user_info->internal_username.str))) {
+				smb_create_user(user_info->internal_username.str, NULL);
+			}
+		}
+	} else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER)) {
+		/*
+		 * User failed to validate ok against Domain controller.
+		 * If the failure was "user doesn't exist" and admin 
+		 * wants us to try and delete that UNIX user on the fly,
+		 * do so.
+		 */
+		if (lp_deluser_script()) {
+			smb_delete_user(user_info->internal_username.str);
+		}
+	}
+}
+
+/****************************************************************************
+ Create an auth_usersupplied_data structure
+****************************************************************************/
+
+static BOOL make_user_info(auth_usersupplied_info **user_info, 
+			   const char *smb_name, 
+			   const char *internal_username,
+			   const char *client_domain, 
+			   const char *domain,
+			   const char *wksta_name, 
+			   DATA_BLOB lm_pwd, DATA_BLOB nt_pwd,
+			   DATA_BLOB plaintext, 
+			   uint32 auth_flags, BOOL encrypted)
+{
+
+	DEBUG(5,("attempting to make a user_info for %s (%s)\n", internal_username, smb_name));
+
+	*user_info = malloc(sizeof(**user_info));
+	if (!user_info) {
+		DEBUG(0,("malloc failed for user_info (size %d)\n", sizeof(*user_info)));
+		return False;
+	}
+
+	ZERO_STRUCTP(*user_info);
+
+	DEBUG(5,("making strings for %s's user_info struct\n", internal_username));
+
+	(*user_info)->smb_name.str = strdup(smb_name);
+	if ((*user_info)->smb_name.str) { 
+		(*user_info)->smb_name.len = strlen(smb_name);
+	} else {
+		free_user_info(user_info);
+		return False;
+	}
+	
+	(*user_info)->internal_username.str = strdup(internal_username);
+	if ((*user_info)->internal_username.str) { 
+		(*user_info)->internal_username.len = strlen(internal_username);
+	} else {
+		free_user_info(user_info);
+		return False;
+	}
+
+	(*user_info)->domain.str = strdup(domain);
+	if ((*user_info)->domain.str) { 
+		(*user_info)->domain.len = strlen(domain);
+	} else {
+		free_user_info(user_info);
+		return False;
+	}
+
+	(*user_info)->client_domain.str = strdup(client_domain);
+	if ((*user_info)->client_domain.str) { 
+		(*user_info)->client_domain.len = strlen(client_domain);
+	} else {
+		free_user_info(user_info);
+		return False;
+	}
+
+	(*user_info)->wksta_name.str = strdup(wksta_name);
+	if ((*user_info)->wksta_name.str) { 
+		(*user_info)->wksta_name.len = strlen(wksta_name);
+	} else {
+		free_user_info(user_info);
+		return False;
+	}
+
+	DEBUG(5,("makeing blobs for %s's user_info struct\n", internal_username));
+
+	(*user_info)->lm_resp = data_blob(lm_pwd.data, lm_pwd.length);
+	(*user_info)->nt_resp = data_blob(nt_pwd.data, nt_pwd.length);
+	(*user_info)->plaintext_password = data_blob(plaintext.data, plaintext.length);
+
+	(*user_info)->encrypted = encrypted;
+	(*user_info)->auth_flags = auth_flags;
+
+	DEBUG(10,("made an %sencrypted user_info for %s (%s)\n", encrypted ? "":"un" , internal_username, smb_name));
+
+	return True;
+}
+
+/****************************************************************************
+ Create an auth_usersupplied_data structure after appropriate mapping.
+****************************************************************************/
+
+BOOL make_user_info_map(auth_usersupplied_info **user_info, 
+			const char *smb_name, 
+			const char *client_domain, 
+			const char *wksta_name, 
+			DATA_BLOB lm_pwd, DATA_BLOB nt_pwd,
+			DATA_BLOB plaintext, 
+			uint32 ntlmssp_flags, BOOL encrypted)
+{
+	const char *domain;
+	fstring internal_username;
+	fstrcpy(internal_username, smb_name);
+	map_username(internal_username); 
+
+	DEBUG(5, ("make_user_info_map: Mapping user [%s]\\[%s] from workstation [%s]\n",
+	      client_domain, smb_name, wksta_name));
+	
+	if (lp_allow_trusted_domains() && *client_domain) {
+
+		/* the client could have given us a workstation name
+		   or other crap for the workgroup - we really need a
+		   way of telling if this domain name is one of our
+		   trusted domain names 
+
+		   Also don't allow "" as a domain, fixes a Win9X bug 
+		   where it doens't supply a domain for logon script
+		   'net use' commands.
+
+		   The way I do it here is by checking if the fully
+		   qualified username exists. This is rather reliant
+		   on winbind, but until we have a better method this
+		   will have to do 
+		*/
+
+		domain = client_domain;
+
+		if ((smb_name) && (*smb_name)) { /* Don't do this for guests */
+			char *user = NULL;
+			if (asprintf(&user, "%s%s%s", 
+				 client_domain, lp_winbind_separator(), 
+				 smb_name) < 0) {
+				DEBUG(0, ("make_user_info_map: asprintf() failed!\n"));
+				return False;
+			}
+
+			DEBUG(5, ("make_user_info_map: testing for user %s\n", user));
+			
+			if (Get_Pwnam(user) == NULL) {
+				DEBUG(5, ("make_user_info_map: test for user %s failed\n", user));
+				domain = lp_workgroup();
+				DEBUG(5, ("make_user_info_map: trusted domain %s doesn't appear to exist, using %s\n", 
+					  client_domain, domain));
+			} else {
+				DEBUG(5, ("make_user_info_map: using trusted domain %s\n", domain));
+			}
+			SAFE_FREE(user);
+		}
+	} else {
+		domain = lp_workgroup();
+	}
+	
+	return make_user_info(user_info, 
+			      smb_name, internal_username,
+			      client_domain, domain,
+			      wksta_name, 
+			      lm_pwd, nt_pwd,
+			      plaintext, 
+			      ntlmssp_flags, encrypted);
+	
+}
+
+/****************************************************************************
+ Create an auth_usersupplied_data, making the DATA_BLOBs here. 
+ Decrypt and encrypt the passwords.
+****************************************************************************/
+
+BOOL make_user_info_netlogon_network(auth_usersupplied_info **user_info, 
+				     const char *smb_name, 
+				     const char *client_domain, 
+				     const char *wksta_name, 
+				     const uchar *lm_network_pwd, int lm_pwd_len,
+				     const uchar *nt_network_pwd, int nt_pwd_len)
+{
+	BOOL ret;
+	DATA_BLOB lm_blob = data_blob(lm_network_pwd, lm_pwd_len);
+	DATA_BLOB nt_blob = data_blob(nt_network_pwd, nt_pwd_len);
+	DATA_BLOB plaintext_blob = data_blob(NULL, 0);
+	uint32 auth_flags = AUTH_FLAG_NONE;
+
+	if (lm_pwd_len)
+		auth_flags |= AUTH_FLAG_LM_RESP;
+	if (nt_pwd_len == 24) {
+		auth_flags |= AUTH_FLAG_NTLM_RESP; 
+	} else if (nt_pwd_len != 0) {
+		auth_flags |= AUTH_FLAG_NTLMv2_RESP; 
+	}
+
+	ret = make_user_info_map(user_info, 
+				 smb_name, client_domain, 
+				 wksta_name, 
+				 lm_blob, nt_blob,
+				 plaintext_blob, 
+				 auth_flags, True);
+		
+	data_blob_free(&lm_blob);
+	data_blob_free(&nt_blob);
+	return ret;
+}
+
+/****************************************************************************
+ Create an auth_usersupplied_data, making the DATA_BLOBs here. 
+ Decrypt and encrypt the passwords.
+****************************************************************************/
+
+BOOL make_user_info_netlogon_interactive(auth_usersupplied_info **user_info, 
+					 const char *smb_name, 
+					 const char *client_domain, 
+					 const char *wksta_name, 
+					 const uchar chal[8], 
+					 const uchar lm_interactive_pwd[16], 
+					 const uchar nt_interactive_pwd[16], 
+					 const uchar *dc_sess_key)
+{
+	char lm_pwd[16];
+	char nt_pwd[16];
+	unsigned char local_lm_response[24];
+	unsigned char local_nt_response[24];
+	unsigned char key[16];
+	uint32 auth_flags = AUTH_FLAG_NONE;
+	
+	ZERO_STRUCT(key);
+	memcpy(key, dc_sess_key, 8);
+	
+	if (lm_interactive_pwd) memcpy(lm_pwd, lm_interactive_pwd, sizeof(lm_pwd));
+	if (nt_interactive_pwd) memcpy(nt_pwd, nt_interactive_pwd, sizeof(nt_pwd));
+	
+#ifdef DEBUG_PASSWORD
+	DEBUG(100,("key:"));
+	dump_data(100, (char *)key, sizeof(key));
+	
+	DEBUG(100,("lm owf password:"));
+	dump_data(100, lm_pwd, sizeof(lm_pwd));
+	
+	DEBUG(100,("nt owf password:"));
+	dump_data(100, nt_pwd, sizeof(nt_pwd));
+#endif
+	
+	SamOEMhash((uchar *)lm_pwd, key, sizeof(lm_pwd));
+	SamOEMhash((uchar *)nt_pwd, key, sizeof(nt_pwd));
+	
+#ifdef DEBUG_PASSWORD
+	DEBUG(100,("decrypt of lm owf password:"));
+	dump_data(100, lm_pwd, sizeof(lm_pwd));
+	
+	DEBUG(100,("decrypt of nt owf password:"));
+	dump_data(100, nt_pwd, sizeof(nt_pwd));
+#endif
+	
+	SMBOWFencrypt((const unsigned char *)lm_pwd, chal, local_lm_response);
+	SMBOWFencrypt((const unsigned char *)nt_pwd, chal, local_nt_response);
+	
+	/* Password info paranoia */
+	ZERO_STRUCT(lm_pwd);
+	ZERO_STRUCT(nt_pwd);
+	ZERO_STRUCT(key);
+
+	{
+		BOOL ret;
+		DATA_BLOB local_lm_blob = data_blob(local_lm_response, sizeof(local_lm_response));
+		DATA_BLOB local_nt_blob = data_blob(local_nt_response, sizeof(local_nt_response));
+		DATA_BLOB plaintext_blob = data_blob(NULL, 0);
+
+		if (lm_interactive_pwd)
+			auth_flags |= AUTH_FLAG_LM_RESP;
+		if (nt_interactive_pwd)
+			auth_flags |= AUTH_FLAG_NTLM_RESP; 
+
+		ret = make_user_info_map(user_info, 
+					 smb_name, client_domain, 
+					 wksta_name, 
+					 local_lm_blob,
+					 local_nt_blob,
+					 plaintext_blob, 
+					 auth_flags, True);
+		
+		data_blob_free(&local_lm_blob);
+		data_blob_free(&local_nt_blob);
+		return ret;
+	}
+}
+
+
+/****************************************************************************
+ Create an auth_usersupplied_data structure
+****************************************************************************/
+
+BOOL make_user_info_for_reply(auth_usersupplied_info **user_info, 
+			      const char *smb_name, 
+			      const char *client_domain,
+			      const uint8 chal[8],
+			      DATA_BLOB plaintext_password)
+{
+
+	DATA_BLOB local_lm_blob;
+	DATA_BLOB local_nt_blob;
+	BOOL ret = False;
+	uint32 auth_flags = AUTH_FLAG_NONE;
+			
+	/*
+	 * Not encrypted - do so.
+	 */
+	
+	DEBUG(5,("make_user_info_for_reply: User passwords not in encrypted format.\n"));
+	
+	if (plaintext_password.data) {
+		unsigned char local_lm_response[24];
+		
+#ifdef DEBUG_PASSWORD
+		DEBUG(10,("Unencrypted password (len %d):\n",plaintext_password.length));
+		dump_data(100, plaintext_password.data, plaintext_password.length);
+#endif
+
+		SMBencrypt( (const uchar *)plaintext_password.data, (const uchar*)chal, local_lm_response);
+		local_lm_blob = data_blob(local_lm_response, 24);
+		
+		/* We can't do an NT hash here, as the password needs to be
+		   case insensitive */
+		local_nt_blob = data_blob(NULL, 0); 
+		
+		auth_flags = (AUTH_FLAG_PLAINTEXT | AUTH_FLAG_LM_RESP);
+	} else {
+		local_lm_blob = data_blob(NULL, 0); 
+		local_nt_blob = data_blob(NULL, 0); 
+	}
+	
+	ret = make_user_info_map(user_info, smb_name,
+				 client_domain, 
+				 remote_machine,
+				 local_lm_blob,
+				 local_nt_blob,
+				 plaintext_password, 
+				 auth_flags, False);
+	
+	data_blob_free(&local_lm_blob);
+	return ret;
+}
+
+/****************************************************************************
+ Create an auth_usersupplied_data structure
+****************************************************************************/
+
+BOOL make_user_info_for_reply_enc(auth_usersupplied_info **user_info, 
+				  const char *smb_name,
+				  const char *client_domain, 
+				  DATA_BLOB lm_resp, DATA_BLOB nt_resp)
+{
+	uint32 auth_flags = AUTH_FLAG_NONE;
+
+	DATA_BLOB no_plaintext_blob = data_blob(NULL, 0); 
+	
+	if (lm_resp.length == 24) {
+		auth_flags |= AUTH_FLAG_LM_RESP;
+	}
+	if (nt_resp.length == 0) {
+	} else if (nt_resp.length == 24) {
+		auth_flags |= AUTH_FLAG_NTLM_RESP;
+	} else {
+		auth_flags |= AUTH_FLAG_NTLMv2_RESP;
+	}
+
+	return make_user_info_map(user_info, smb_name, 
+				 client_domain, 
+				 remote_machine, 
+				 lm_resp, 
+				 nt_resp, 
+				 no_plaintext_blob, 
+				 auth_flags, True);
+}
+
+/****************************************************************************
+ Create a guest user_info blob, for anonymous authenticaion.
+****************************************************************************/
+
+BOOL make_user_info_guest(auth_usersupplied_info **user_info) 
+{
+	DATA_BLOB lm_blob = data_blob(NULL, 0);
+	DATA_BLOB nt_blob = data_blob(NULL, 0);
+	DATA_BLOB plaintext_blob = data_blob(NULL, 0);
+	uint32 auth_flags = AUTH_FLAG_NONE;
+
+	return make_user_info(user_info, 
+			      "","", 
+			      "","", 
+			      "", 
+			      nt_blob, lm_blob,
+			      plaintext_blob, 
+			      auth_flags, True);
+}
+
+/***************************************************************************
+ Make a user_info struct
+***************************************************************************/
+
+BOOL make_server_info(auth_serversupplied_info **server_info) 
+{
+	*server_info = malloc(sizeof(**server_info));
+	if (!*server_info) {
+		DEBUG(0,("make_server_info: malloc failed!\n"));
+		return False;
+	}
+	ZERO_STRUCTP(*server_info);
+	return True;
+}
+
+/***************************************************************************
+ Make (and fill) a user_info struct from a SAM_ACCOUNT
+***************************************************************************/
+
+BOOL make_server_info_sam(auth_serversupplied_info **server_info, SAM_ACCOUNT *sampass) 
+{
+	if (!make_server_info(server_info)) {
+		return False;
+	}
+
+	(*server_info)->sam_fill_level = SAM_FILL_ALL;
+	(*server_info)->sam_account = sampass;
+
+	DEBUG(5,("make_server_info_sam: made server info for user %s\n",
+		 pdb_get_username((*server_info)->sam_account)));
+	return True;
+}
+
+/***************************************************************************
+ Make (and fill) a user_info struct from a 'struct passwd' by conversion 
+ to a SAM_ACCOUNT
+***************************************************************************/
+
+BOOL make_server_info_pw(auth_serversupplied_info **server_info, const struct passwd *pwd)
+{
+	SAM_ACCOUNT *sampass = NULL;
+	if (!NT_STATUS_IS_OK(pdb_init_sam_pw(&sampass, pwd))) {		
+		return False;
+	}
+	return make_server_info_sam(server_info, sampass);
+}
+
+/***************************************************************************
+ Free a user_info struct
+***************************************************************************/
+
+void free_user_info(auth_usersupplied_info **user_info)
+{
+	DEBUG(5,("attempting to free (and zero) a user_info structure\n"));
+	if (*user_info != NULL) {
+		if ((*user_info)->smb_name.str) {
+			DEBUG(10,("structure was created for %s\n", (*user_info)->smb_name.str));
+		}
+		SAFE_FREE((*user_info)->smb_name.str);
+		SAFE_FREE((*user_info)->internal_username.str);
+		SAFE_FREE((*user_info)->client_domain.str);
+		SAFE_FREE((*user_info)->domain.str);
+		SAFE_FREE((*user_info)->wksta_name.str);
+		data_blob_free(&(*user_info)->lm_resp);
+		data_blob_free(&(*user_info)->nt_resp);
+		SAFE_FREE((*user_info)->interactive_password);
+		data_blob_clear_free(&(*user_info)->plaintext_password);
+		ZERO_STRUCT(**user_info);
+	}
+	SAFE_FREE(*user_info);
+}
+
+/***************************************************************************
+ Clear out a server_info struct that has been allocated
+***************************************************************************/
+
+void free_server_info(auth_serversupplied_info **server_info)
+{
+	if (*server_info != NULL) {
+		pdb_free_sam(&(*server_info)->sam_account);
+		
+		/* call pam_end here, unless we know we are keeping it */
+		delete_nt_token( &(*server_info)->ptok );
+		ZERO_STRUCT(**server_info);
+	}
+	SAFE_FREE(*server_info);
+}
+
+/***************************************************************************
+ Make a server_info struct for a guest user 
+***************************************************************************/
+
+BOOL make_server_info_guest(auth_serversupplied_info **server_info) 
+{
+	struct passwd *pass = getpwnam_alloc(lp_guestaccount());
+	
+	if (pass) {
+		if (!make_server_info_pw(server_info, pass)) {
+			passwd_free(&pass);
+			return False;
+		}
+		(*server_info)->guest = True;
+		passwd_free(&pass);
+		return True;
+	}
+	DEBUG(0,("make_server_info_guest: getpwnam_alloc() failed on guest account!\n")); 
+	return False;
+}
+
+/***************************************************************************
+ Make an auth_methods struct
+***************************************************************************/
+
+BOOL make_auth_methods(struct auth_context *auth_context, auth_methods **auth_method) 
+{
+	if (!auth_context) {
+		smb_panic("no auth_context supplied to make_auth_methods()!\n");
+	}
+
+	if (!auth_method) {
+		smb_panic("make_auth_methods: pointer to auth_method pointer is NULL!\n");
+	}
+
+	*auth_method = talloc(auth_context->mem_ctx, sizeof(**auth_method));
+	if (!*auth_method) {
+		DEBUG(0,("make_auth_method: malloc failed!\n"));
+		return False;
+	}
+	ZERO_STRUCTP(*auth_method);
+	
+	return True;
+}
+
+/****************************************************************************
+ Delete a SID token.
+****************************************************************************/
+
+void delete_nt_token(NT_USER_TOKEN **pptoken)
+{
+    if (*pptoken) {
+		NT_USER_TOKEN *ptoken = *pptoken;
+        SAFE_FREE( ptoken->user_sids );
+        ZERO_STRUCTP(ptoken);
+    }
+    SAFE_FREE(*pptoken);
+}
+
+/****************************************************************************
+ Duplicate a SID token.
+****************************************************************************/
+
+NT_USER_TOKEN *dup_nt_token(NT_USER_TOKEN *ptoken)
+{
+	NT_USER_TOKEN *token;
+
+	if (!ptoken)
+		return NULL;
+
+    if ((token = (NT_USER_TOKEN *)malloc( sizeof(NT_USER_TOKEN) ) ) == NULL)
+        return NULL;
+
+    ZERO_STRUCTP(token);
+
+    if ((token->user_sids = (DOM_SID *)memdup( ptoken->user_sids, sizeof(DOM_SID) * ptoken->num_sids )) == NULL) {
+        SAFE_FREE(token);
+        return NULL;
+    }
+
+    token->num_sids = ptoken->num_sids;
+
+	return token;
+}
+
+/**
+ * Squash an NT_STATUS in line with security requirements.
+ * In an attempt to avoid giving the whole game away when users
+ * are authenticating, NT replaces both NT_STATUS_NO_SUCH_USER and 
+ * NT_STATUS_WRONG_PASSWORD with NT_STATUS_LOGON_FAILURE in certain situations 
+ * (session setups in particular).
+ *
+ * @param nt_status NTSTATUS input for squashing.
+ * @return the 'squashed' nt_status
+ **/
+
+NTSTATUS nt_status_squash(NTSTATUS nt_status)
+{
+	if NT_STATUS_IS_OK(nt_status) {
+		return nt_status;		
+	} else if NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER) {
+		/* Match WinXP and don't give the game away */
+		return NT_STATUS_LOGON_FAILURE;
+		
+	} else if NT_STATUS_EQUAL(nt_status, NT_STATUS_WRONG_PASSWORD) {
+		/* Match WinXP and don't give the game away */
+		return NT_STATUS_LOGON_FAILURE;
+	} else {
+		return nt_status;
+	}  
+}
+
+
+
diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c
new file mode 100644
index 0000000000..bc19b36b54
--- /dev/null
+++ b/source3/auth/auth_winbind.c
@@ -0,0 +1,111 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Winbind authentication mechnism
+
+   Copyright (C) Tim Potter 2000
+   Copyright (C) Andrew Bartlett 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/* Prototypes from common.h */
+
+NSS_STATUS winbindd_request(int req_type, 
+			    struct winbindd_request *request,
+			    struct winbindd_response *response);
+
+
+/* Authenticate a user with a challenge/response */
+
+static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
+				       void *my_private_data, 
+				       TALLOC_CTX *mem_ctx,
+				       const auth_usersupplied_info *user_info, 
+				       auth_serversupplied_info **server_info)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+        NSS_STATUS result;
+        struct passwd *pw;
+	NTSTATUS nt_status;
+
+	if (!user_info) {
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	if (!auth_context) {
+		DEBUG(3,("Password for user %s cannot be checked because we have no auth_info to get the challenge from.\n", 
+			 user_info->internal_username.str));		
+		return NT_STATUS_UNSUCCESSFUL;
+	}		
+
+	/* Send off request */
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	snprintf(request.data.auth_crap.user, sizeof(request.data.auth_crap.user),
+		 "%s\\%s", user_info->domain.str, user_info->smb_name.str);
+
+	fstrcpy(request.data.auth_crap.user, user_info->smb_name.str);
+	fstrcpy(request.data.auth_crap.domain, user_info->domain.str);
+
+	memcpy(request.data.auth_crap.chal, auth_context->challenge.data, sizeof(request.data.auth_crap.chal));
+	
+	request.data.auth_crap.lm_resp_len = MIN(user_info->lm_resp.length, 
+						 sizeof(request.data.auth_crap.lm_resp));
+	request.data.auth_crap.nt_resp_len = MIN(user_info->nt_resp.length, 
+						 sizeof(request.data.auth_crap.nt_resp));
+	
+	memcpy(request.data.auth_crap.lm_resp, user_info->lm_resp.data, 
+	       sizeof(request.data.auth_crap.lm_resp_len));
+	memcpy(request.data.auth_crap.nt_resp, user_info->nt_resp.data, 
+	       request.data.auth_crap.lm_resp_len);
+	
+	result = winbindd_request(WINBINDD_PAM_AUTH_CRAP, &request, &response);
+
+	if (result == NSS_STATUS_SUCCESS) {
+		
+		pw = Get_Pwnam(user_info->internal_username.str);
+		
+		if (pw) {			
+			if (make_server_info_pw(server_info, pw)) {
+				nt_status = NT_STATUS_OK;
+			} else {
+				nt_status = NT_STATUS_NO_MEMORY;
+			}
+		} else {
+			nt_status = NT_STATUS_NO_SUCH_USER;
+		}
+	} else {
+		nt_status = NT_STATUS_LOGON_FAILURE;
+	}
+
+        return nt_status;
+}
+
+/* module initialisation */
+BOOL auth_init_winbind(struct auth_context *auth_context, auth_methods **auth_method) 
+{
+	if (!make_auth_methods(auth_context, auth_method)) {
+		return False;
+	}
+
+	(*auth_method)->auth = check_winbind_security;
+	return True;
+}
diff --git a/source3/auth/pampass.c b/source3/auth/pampass.c
new file mode 100644
index 0000000000..1428e929f1
--- /dev/null
+++ b/source3/auth/pampass.c
@@ -0,0 +1,872 @@
+/* 
+   Unix SMB/CIFS implementation.
+   PAM Password checking
+   Copyright (C) Andrew Tridgell 1992-2001
+   Copyright (C) John H Terpsta 1999-2001
+   Copyright (C) Andrew Bartlett 2001
+   Copyright (C) Jeremy Allison 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+/*
+ * This module provides PAM based functions for validation of
+ * username/password pairs, account managment, session and access control.
+ * Note: SMB password checking is done in smbpass.c
+ */
+
+#include "includes.h"
+
+#ifdef WITH_PAM
+
+/*******************************************************************
+ * Handle PAM authentication 
+ * 	- Access, Authentication, Session, Password
+ *   Note: See PAM Documentation and refer to local system PAM implementation
+ *   which determines what actions/limitations/allowances become affected.
+ *********************************************************************/
+
+#include <security/pam_appl.h>
+
+/*
+ * Structure used to communicate between the conversation function
+ * and the server_login/change password functions.
+ */
+
+struct smb_pam_userdata {
+	const char *PAM_username;
+	const char *PAM_password;
+	const char *PAM_newpassword;
+};
+
+typedef int (*smb_pam_conv_fn)(int, const struct pam_message **, struct pam_response **, void *appdata_ptr);
+
+/*
+ *  Macros to help make life easy
+ */
+#define COPY_STRING(s) (s) ? strdup(s) : NULL
+
+/*******************************************************************
+ PAM error handler.
+ *********************************************************************/
+
+static BOOL smb_pam_error_handler(pam_handle_t *pamh, int pam_error, char *msg, int dbglvl)
+{
+
+	if( pam_error != PAM_SUCCESS) {
+		DEBUG(dbglvl, ("smb_pam_error_handler: PAM: %s : %s\n",
+				msg, pam_strerror(pamh, pam_error)));
+		
+		return False;
+	}
+	return True;
+}
+
+/*******************************************************************
+ This function is a sanity check, to make sure that we NEVER report
+ failure as sucess.
+*********************************************************************/
+
+static BOOL smb_pam_nt_status_error_handler(pam_handle_t *pamh, int pam_error,
+							char *msg, int dbglvl, 
+					    NTSTATUS *nt_status)
+{
+	*nt_status = pam_to_nt_status(pam_error);
+
+	if (smb_pam_error_handler(pamh, pam_error, msg, dbglvl))
+		return True;
+
+	if (NT_STATUS_IS_OK(*nt_status)) {
+		/* Complain LOUDLY */
+		DEBUG(0, ("smb_pam_nt_status_error_handler: PAM: BUG: PAM and NT_STATUS \
+error MISMATCH, forcing to NT_STATUS_LOGON_FAILURE"));
+		*nt_status = NT_STATUS_LOGON_FAILURE;
+	}
+	return False;
+}
+
+/*
+ * PAM conversation function
+ * Here we assume (for now, at least) that echo on means login name, and
+ * echo off means password.
+ */
+
+static int smb_pam_conv(int num_msg,
+		    const struct pam_message **msg,
+		    struct pam_response **resp,
+		    void *appdata_ptr)
+{
+	int replies = 0;
+	struct pam_response *reply = NULL;
+	struct smb_pam_userdata *udp = (struct smb_pam_userdata *)appdata_ptr;
+
+	*resp = NULL;
+
+	if (num_msg <= 0)
+		return PAM_CONV_ERR;
+
+	/*
+	 * Apparantly HPUX has a buggy PAM that doesn't support the
+	 * appdata_ptr. Fail if this is the case. JRA.
+	 */
+
+	if (udp == NULL) {
+		DEBUG(0,("smb_pam_conv: PAM on this system is broken - appdata_ptr == NULL !\n"));
+		return PAM_CONV_ERR;
+	}
+
+	reply = malloc(sizeof(struct pam_response) * num_msg);
+	if (!reply)
+		return PAM_CONV_ERR;
+
+	memset(reply, '\0', sizeof(struct pam_response) * num_msg);
+
+	for (replies = 0; replies < num_msg; replies++) {
+		switch (msg[replies]->msg_style) {
+			case PAM_PROMPT_ECHO_ON:
+				reply[replies].resp_retcode = PAM_SUCCESS;
+				reply[replies].resp = COPY_STRING(udp->PAM_username);
+				/* PAM frees resp */
+				break;
+
+			case PAM_PROMPT_ECHO_OFF:
+				reply[replies].resp_retcode = PAM_SUCCESS;
+				reply[replies].resp = COPY_STRING(udp->PAM_password);
+				/* PAM frees resp */
+				break;
+
+			case PAM_TEXT_INFO:
+				/* fall through */
+
+			case PAM_ERROR_MSG:
+				/* ignore it... */
+				reply[replies].resp_retcode = PAM_SUCCESS;
+				reply[replies].resp = NULL;
+				break;
+
+			default:
+				/* Must be an error of some sort... */
+				SAFE_FREE(reply);
+				return PAM_CONV_ERR;
+		}
+	}
+	if (reply)
+		*resp = reply;
+	return PAM_SUCCESS;
+}
+
+/*
+ * PAM password change conversation function
+ * Here we assume (for now, at least) that echo on means login name, and
+ * echo off means password.
+ */
+
+static void special_char_sub(char *buf)
+{
+	all_string_sub(buf, "\\n", "", 0);
+	all_string_sub(buf, "\\r", "", 0);
+	all_string_sub(buf, "\\s", " ", 0);
+	all_string_sub(buf, "\\t", "\t", 0);
+}
+
+static void pwd_sub(char *buf, const char *username, const char *oldpass, const char *newpass)
+{
+	pstring_sub(buf, "%u", username);
+	all_string_sub(buf, "%o", oldpass, sizeof(fstring));
+	all_string_sub(buf, "%n", newpass, sizeof(fstring));
+}
+
+
+struct chat_struct {
+	struct chat_struct *next, *prev;
+	fstring prompt;
+	fstring reply;
+};
+
+/**************************************************************
+ Create a linked list containing chat data.
+***************************************************************/
+
+static struct chat_struct *make_pw_chat(char *p) 
+{
+	fstring prompt;
+	fstring reply;
+	struct chat_struct *list = NULL;
+	struct chat_struct *t;
+	struct chat_struct *tmp;
+
+	while (1) {
+		t = (struct chat_struct *)malloc(sizeof(*t));
+		if (!t) {
+			DEBUG(0,("make_pw_chat: malloc failed!\n"));
+			return NULL;
+		}
+
+		ZERO_STRUCTP(t);
+
+		DLIST_ADD_END(list, t, tmp);
+
+		if (!next_token(&p, prompt, NULL, sizeof(fstring)))
+			break;
+
+		if (strequal(prompt,"."))
+			fstrcpy(prompt,"*");
+
+		special_char_sub(prompt);
+		fstrcpy(t->prompt, prompt);
+		strlower(t->prompt);
+		trim_string(t->prompt, " ", " ");
+
+		if (!next_token(&p, reply, NULL, sizeof(fstring)))
+			break;
+
+		if (strequal(reply,"."))
+				fstrcpy(reply,"");
+
+		special_char_sub(reply);
+		fstrcpy(t->reply, reply);
+		strlower(t->reply);
+		trim_string(t->reply, " ", " ");
+
+	}
+	return list;
+}
+
+static void free_pw_chat(struct chat_struct *list)
+{
+    while (list) {
+        struct chat_struct *old_head = list;
+        DLIST_REMOVE(list, list);
+        SAFE_FREE(old_head);
+    }
+}
+
+static int smb_pam_passchange_conv(int num_msg,
+				const struct pam_message **msg,
+				struct pam_response **resp,
+				void *appdata_ptr)
+{
+	int replies = 0;
+	struct pam_response *reply = NULL;
+	fstring current_prompt;
+	fstring current_reply;
+	struct smb_pam_userdata *udp = (struct smb_pam_userdata *)appdata_ptr;
+	struct chat_struct *pw_chat= make_pw_chat(lp_passwd_chat());
+	struct chat_struct *t;
+	BOOL found; 
+	*resp = NULL;
+	
+	DEBUG(10,("smb_pam_passchange_conv: starting converstation for %d messages\n", num_msg));
+
+	if (num_msg <= 0)
+		return PAM_CONV_ERR;
+
+	if (pw_chat == NULL)
+		return PAM_CONV_ERR;
+
+	/*
+	 * Apparantly HPUX has a buggy PAM that doesn't support the
+	 * appdata_ptr. Fail if this is the case. JRA.
+	 */
+
+	if (udp == NULL) {
+		DEBUG(0,("smb_pam_passchange_conv: PAM on this system is broken - appdata_ptr == NULL !\n"));
+		free_pw_chat(pw_chat);
+		return PAM_CONV_ERR;
+	}
+
+	reply = malloc(sizeof(struct pam_response) * num_msg);
+	if (!reply) {
+		DEBUG(0,("smb_pam_passchange_conv: malloc for reply failed!\n"));
+		free_pw_chat(pw_chat);
+		return PAM_CONV_ERR;
+	}
+
+	for (replies = 0; replies < num_msg; replies++) {
+		found = False;
+		DEBUG(10,("smb_pam_passchange_conv: Processing message %d\n", replies));
+		switch (msg[replies]->msg_style) {
+		case PAM_PROMPT_ECHO_ON:
+			DEBUG(10,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_ON: PAM said: %s\n", msg[replies]->msg));
+			fstrcpy(current_prompt, msg[replies]->msg);
+			trim_string(current_prompt, " ", " ");
+			for (t=pw_chat; t; t=t->next) {
+
+				DEBUG(10,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_ON: trying to match |%s| to |%s|\n",
+						t->prompt, current_prompt ));
+
+				if (unix_wild_match(t->prompt, current_prompt) == 0) {
+					fstrcpy(current_reply, t->reply);
+					DEBUG(10,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_ON: We sent: %s\n", current_reply));
+					pwd_sub(current_reply, udp->PAM_username, udp->PAM_password, udp->PAM_newpassword);
+#ifdef DEBUG_PASSWORD
+					DEBUG(100,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_ON: We actualy sent: %s\n", current_reply));
+#endif
+					reply[replies].resp_retcode = PAM_SUCCESS;
+					reply[replies].resp = COPY_STRING(current_reply);
+					found = True;
+					break;
+				}
+			}
+			/* PAM frees resp */
+			if (!found) {
+				DEBUG(3,("smb_pam_passchange_conv: Could not find reply for PAM prompt: %s\n",msg[replies]->msg));
+				free_pw_chat(pw_chat);
+				SAFE_FREE(reply);
+				return PAM_CONV_ERR;
+			}
+			break;
+
+		case PAM_PROMPT_ECHO_OFF:
+			DEBUG(10,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: PAM said: %s\n", msg[replies]->msg));
+			fstrcpy(current_prompt, msg[replies]->msg);
+			trim_string(current_prompt, " ", " ");
+			for (t=pw_chat; t; t=t->next) {
+
+				DEBUG(10,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: trying to match |%s| to |%s|\n",
+						t->prompt, current_prompt ));
+
+				if (unix_wild_match(t->prompt, current_prompt) == 0) {
+					fstrcpy(current_reply, t->reply);
+					DEBUG(10,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: We sent: %s\n", current_reply));
+					pwd_sub(current_reply, udp->PAM_username, udp->PAM_password, udp->PAM_newpassword);
+					reply[replies].resp_retcode = PAM_SUCCESS;
+					reply[replies].resp = COPY_STRING(current_reply);
+#ifdef DEBUG_PASSWORD
+					DEBUG(100,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: We actualy sent: %s\n", current_reply));
+#endif
+					found = True;
+					break;
+				}
+			}
+			/* PAM frees resp */
+			
+			if (!found) {
+				DEBUG(3,("smb_pam_passchange_conv: Could not find reply for PAM prompt: %s\n",msg[replies]->msg));
+				free_pw_chat(pw_chat);
+				SAFE_FREE(reply);
+				return PAM_CONV_ERR;
+			}
+			break;
+
+		case PAM_TEXT_INFO:
+			/* fall through */
+
+		case PAM_ERROR_MSG:
+			/* ignore it... */
+			reply[replies].resp_retcode = PAM_SUCCESS;
+			reply[replies].resp = NULL;
+			break;
+			
+		default:
+			/* Must be an error of some sort... */
+			free_pw_chat(pw_chat);
+			SAFE_FREE(reply);
+			return PAM_CONV_ERR;
+		}
+	}
+		
+	free_pw_chat(pw_chat);
+	if (reply)
+		*resp = reply;
+	return PAM_SUCCESS;
+}
+
+/***************************************************************************
+ Free up a malloced pam_conv struct.
+****************************************************************************/
+
+static void smb_free_pam_conv(struct pam_conv *pconv)
+{
+	if (pconv)
+		SAFE_FREE(pconv->appdata_ptr);
+
+	SAFE_FREE(pconv);
+}
+
+/***************************************************************************
+ Allocate a pam_conv struct.
+****************************************************************************/
+
+static struct pam_conv *smb_setup_pam_conv(smb_pam_conv_fn smb_pam_conv_fnptr, const char *user,
+					const char *passwd, const char *newpass)
+{
+	struct pam_conv *pconv = (struct pam_conv *)malloc(sizeof(struct pam_conv));
+	struct smb_pam_userdata *udp = (struct smb_pam_userdata *)malloc(sizeof(struct smb_pam_userdata));
+
+	if (pconv == NULL || udp == NULL) {
+		SAFE_FREE(pconv);
+		SAFE_FREE(udp);
+		return NULL;
+	}
+
+	udp->PAM_username = user;
+	udp->PAM_password = passwd;
+	udp->PAM_newpassword = newpass;
+
+	pconv->conv = smb_pam_conv_fnptr;
+	pconv->appdata_ptr = (void *)udp;
+	return pconv;
+}
+
+/* 
+ * PAM Closing out cleanup handler
+ */
+
+static BOOL smb_pam_end(pam_handle_t *pamh, struct pam_conv *smb_pam_conv_ptr)
+{
+	int pam_error;
+
+	smb_free_pam_conv(smb_pam_conv_ptr);
+       
+	if( pamh != NULL ) {
+		pam_error = pam_end(pamh, 0);
+		if(smb_pam_error_handler(pamh, pam_error, "End Cleanup Failed", 2) == True) {
+			DEBUG(4, ("smb_pam_end: PAM: PAM_END OK.\n"));
+			return True;
+		}
+	}
+	DEBUG(2,("smb_pam_end: PAM: not initialised"));
+	return False;
+}
+
+/*
+ * Start PAM authentication for specified account
+ */
+
+static BOOL smb_pam_start(pam_handle_t **pamh, const char *user, const char *rhost, struct pam_conv *pconv)
+{
+	int pam_error;
+	const char *our_rhost;
+
+	*pamh = (pam_handle_t *)NULL;
+
+	DEBUG(4,("smb_pam_start: PAM: Init user: %s\n", user));
+
+	pam_error = pam_start("samba", user, pconv, pamh);
+	if( !smb_pam_error_handler(*pamh, pam_error, "Init Failed", 0)) {
+		*pamh = (pam_handle_t *)NULL;
+		return False;
+	}
+
+	if (rhost == NULL) {
+		our_rhost = client_name();
+		if (strequal(rhost,"UNKNOWN"))
+			our_rhost = client_addr();
+	} else {
+		our_rhost = rhost;
+	}
+
+#ifdef PAM_RHOST
+	DEBUG(4,("smb_pam_start: PAM: setting rhost to: %s\n", our_rhost));
+	pam_error = pam_set_item(*pamh, PAM_RHOST, our_rhost);
+	if(!smb_pam_error_handler(*pamh, pam_error, "set rhost failed", 0)) {
+		smb_pam_end(*pamh, pconv);
+		*pamh = (pam_handle_t *)NULL;
+		return False;
+	}
+#endif
+#ifdef PAM_TTY
+	DEBUG(4,("smb_pam_start: PAM: setting tty\n"));
+	pam_error = pam_set_item(*pamh, PAM_TTY, "samba");
+	if (!smb_pam_error_handler(*pamh, pam_error, "set tty failed", 0)) {
+		smb_pam_end(*pamh, pconv);
+		*pamh = (pam_handle_t *)NULL;
+		return False;
+	}
+#endif
+	DEBUG(4,("smb_pam_start: PAM: Init passed for user: %s\n", user));
+	return True;
+}
+
+/*
+ * PAM Authentication Handler
+ */
+static NTSTATUS smb_pam_auth(pam_handle_t *pamh, char *user)
+{
+	int pam_error;
+	NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
+
+	/*
+	 * To enable debugging set in /etc/pam.d/samba:
+	 *	auth required /lib/security/pam_pwdb.so nullok shadow audit
+	 */
+	
+	DEBUG(4,("smb_pam_auth: PAM: Authenticate User: %s\n", user));
+	pam_error = pam_authenticate(pamh, PAM_SILENT | lp_null_passwords() ? 0 : PAM_DISALLOW_NULL_AUTHTOK);
+	switch( pam_error ){
+		case PAM_AUTH_ERR:
+			DEBUG(2, ("smb_pam_auth: PAM: Athentication Error for user %s\n", user));
+			break;
+		case PAM_CRED_INSUFFICIENT:
+			DEBUG(2, ("smb_pam_auth: PAM: Insufficient Credentials for user %s\n", user));
+			break;
+		case PAM_AUTHINFO_UNAVAIL:
+			DEBUG(2, ("smb_pam_auth: PAM: Authentication Information Unavailable for user %s\n", user));
+			break;
+		case PAM_USER_UNKNOWN:
+			DEBUG(2, ("smb_pam_auth: PAM: Username %s NOT known to Authentication system\n", user));
+			break;
+		case PAM_MAXTRIES:
+			DEBUG(2, ("smb_pam_auth: PAM: One or more authentication modules reports user limit for user %s exceeeded\n", user));
+			break;
+		case PAM_ABORT:
+			DEBUG(0, ("smb_pam_auth: PAM: One or more PAM modules failed to load for user %s\n", user));
+			break;
+		case PAM_SUCCESS:
+			DEBUG(4, ("smb_pam_auth: PAM: User %s Authenticated OK\n", user));
+			break;
+		default:
+			DEBUG(0, ("smb_pam_auth: PAM: UNKNOWN ERROR while authenticating user %s\n", user));
+			break;
+	}
+
+	smb_pam_nt_status_error_handler(pamh, pam_error, "Authentication Failure", 2, &nt_status);
+	return nt_status;
+}
+
+/* 
+ * PAM Account Handler
+ */
+static NTSTATUS smb_pam_account(pam_handle_t *pamh, const char * user)
+{
+	int pam_error;
+	NTSTATUS nt_status = NT_STATUS_ACCOUNT_DISABLED;
+
+	DEBUG(4,("smb_pam_account: PAM: Account Management for User: %s\n", user));
+	pam_error = pam_acct_mgmt(pamh, PAM_SILENT); /* Is user account enabled? */
+	switch( pam_error ) {
+		case PAM_AUTHTOK_EXPIRED:
+			DEBUG(2, ("smb_pam_account: PAM: User %s is valid but password is expired\n", user));
+			break;
+		case PAM_ACCT_EXPIRED:
+			DEBUG(2, ("smb_pam_account: PAM: User %s no longer permitted to access system\n", user));
+			break;
+		case PAM_AUTH_ERR:
+			DEBUG(2, ("smb_pam_account: PAM: There was an authentication error for user %s\n", user));
+			break;
+		case PAM_PERM_DENIED:
+			DEBUG(0, ("smb_pam_account: PAM: User %s is NOT permitted to access system at this time\n", user));
+			break;
+		case PAM_USER_UNKNOWN:
+			DEBUG(0, ("smb_pam_account: PAM: User \"%s\" is NOT known to account management\n", user));
+			break;
+		case PAM_SUCCESS:
+			DEBUG(4, ("smb_pam_account: PAM: Account OK for User: %s\n", user));
+			break;
+		default:
+			DEBUG(0, ("smb_pam_account: PAM: UNKNOWN PAM ERROR (%d) during Account Management for User: %s\n", pam_error, user));
+			break;
+	}
+
+	smb_pam_nt_status_error_handler(pamh, pam_error, "Account Check Failed", 2, &nt_status);
+	return nt_status;
+}
+
+/*
+ * PAM Credential Setting
+ */
+
+static NTSTATUS smb_pam_setcred(pam_handle_t *pamh, char * user)
+{
+	int pam_error;
+	NTSTATUS nt_status = NT_STATUS_NO_TOKEN;
+
+	/*
+	 * This will allow samba to aquire a kerberos token. And, when
+	 * exporting an AFS cell, be able to /write/ to this cell.
+	 */
+
+	DEBUG(4,("PAM: Account Management SetCredentials for User: %s\n", user));
+	pam_error = pam_setcred(pamh, (PAM_ESTABLISH_CRED|PAM_SILENT)); 
+	switch( pam_error ) {
+		case PAM_CRED_UNAVAIL:
+			DEBUG(0, ("smb_pam_setcred: PAM: Credentials not found for user:%s\n", user ));
+			break;
+		case PAM_CRED_EXPIRED:
+			DEBUG(0, ("smb_pam_setcred: PAM: Credentials for user: \"%s\" EXPIRED!\n", user ));
+			break;
+		case PAM_USER_UNKNOWN:
+			DEBUG(0, ("smb_pam_setcred: PAM: User: \"%s\" is NOT known so can not set credentials!\n", user ));
+			break;
+		case PAM_CRED_ERR:
+			DEBUG(0, ("smb_pam_setcred: PAM: Unknown setcredentials error - unable to set credentials for %s\n", user ));
+			break;
+		case PAM_SUCCESS:
+			DEBUG(4, ("smb_pam_setcred: PAM: SetCredentials OK for User: %s\n", user));
+			break;
+		default:
+			DEBUG(0, ("smb_pam_setcred: PAM: UNKNOWN PAM ERROR (%d) during SetCredentials for User: %s\n", pam_error, user));
+			break;
+	}
+
+	smb_pam_nt_status_error_handler(pamh, pam_error, "Set Credential Failure", 2, &nt_status);
+	return nt_status;
+}
+
+/*
+ * PAM Internal Session Handler
+ */
+static BOOL smb_internal_pam_session(pam_handle_t *pamh, char *user, char *tty, BOOL flag)
+{
+	int pam_error;
+
+#ifdef PAM_TTY
+	DEBUG(4,("smb_internal_pam_session: PAM: tty set to: %s\n", tty));
+	pam_error = pam_set_item(pamh, PAM_TTY, tty);
+	if (!smb_pam_error_handler(pamh, pam_error, "set tty failed", 0))
+		return False;
+#endif
+
+	if (flag) {
+		pam_error = pam_open_session(pamh, PAM_SILENT);
+		if (!smb_pam_error_handler(pamh, pam_error, "session setup failed", 0))
+			return False;
+	} else {
+		pam_setcred(pamh, (PAM_DELETE_CRED|PAM_SILENT)); /* We don't care if this fails */
+		pam_error = pam_close_session(pamh, PAM_SILENT); /* This will probably pick up the error anyway */
+		if (!smb_pam_error_handler(pamh, pam_error, "session close failed", 0))
+			return False;
+	}
+	return (True);
+}
+
+/*
+ * Internal PAM Password Changer.
+ */
+
+static BOOL smb_pam_chauthtok(pam_handle_t *pamh, const char * user)
+{
+	int pam_error;
+
+	DEBUG(4,("smb_pam_chauthtok: PAM: Password Change for User: %s\n", user));
+
+	pam_error = pam_chauthtok(pamh, PAM_SILENT); /* Change Password */
+
+	switch( pam_error ) {
+	case PAM_AUTHTOK_ERR:
+		DEBUG(2, ("PAM: unable to obtain the new authentication token - is password to weak?\n"));
+		break;
+
+	/* This doesn't seem to be defined on Solaris. JRA */
+#ifdef PAM_AUTHTOK_RECOVER_ERR
+	case PAM_AUTHTOK_RECOVER_ERR:
+		DEBUG(2, ("PAM: unable to obtain the old authentication token - was the old password wrong?.\n"));
+		break;
+#endif
+
+	case PAM_AUTHTOK_LOCK_BUSY:
+		DEBUG(2, ("PAM: unable to change the authentication token since it is currently locked.\n"));
+		break;
+	case PAM_AUTHTOK_DISABLE_AGING:
+		DEBUG(2, ("PAM: Authentication token aging has been disabled.\n"));
+		break;
+	case PAM_PERM_DENIED:
+		DEBUG(0, ("PAM: Permission denied.\n"));
+		break;
+	case PAM_TRY_AGAIN:
+		DEBUG(0, ("PAM: Could not update all authentication token(s). No authentication tokens were updated.\n"));
+		break;
+	case PAM_USER_UNKNOWN:
+		DEBUG(0, ("PAM: User not known to PAM\n"));
+		break;
+	case PAM_SUCCESS:
+		DEBUG(4, ("PAM: Account OK for User: %s\n", user));
+		break;
+	default:
+		DEBUG(0, ("PAM: UNKNOWN PAM ERROR (%d) for User: %s\n", pam_error, user));
+	}
+ 
+	if(!smb_pam_error_handler(pamh, pam_error, "Password Change Failed", 2)) {
+		return False;
+	}
+
+	/* If this point is reached, the password has changed. */
+	return True;
+}
+
+/*
+ * PAM Externally accessible Session handler
+ */
+
+BOOL smb_pam_claim_session(char *user, char *tty, char *rhost)
+{
+	pam_handle_t *pamh = NULL;
+	struct pam_conv *pconv = NULL;
+
+	/* Ignore PAM if told to. */
+
+	if (!lp_obey_pam_restrictions())
+		return True;
+
+	if ((pconv = smb_setup_pam_conv(smb_pam_conv, user, NULL, NULL)) == NULL)
+		return False;
+
+	if (!smb_pam_start(&pamh, user, rhost, pconv))
+		return False;
+
+	if (!smb_internal_pam_session(pamh, user, tty, True)) {
+		smb_pam_end(pamh, pconv);
+		return False;
+	}
+
+	return smb_pam_end(pamh, pconv);
+}
+
+/*
+ * PAM Externally accessible Session handler
+ */
+
+BOOL smb_pam_close_session(char *user, char *tty, char *rhost)
+{
+	pam_handle_t *pamh = NULL;
+	struct pam_conv *pconv = NULL;
+
+	/* Ignore PAM if told to. */
+
+	if (!lp_obey_pam_restrictions())
+		return True;
+
+	if ((pconv = smb_setup_pam_conv(smb_pam_conv, user, NULL, NULL)) == NULL)
+		return False;
+
+	if (!smb_pam_start(&pamh, user, rhost, pconv))
+		return False;
+
+	if (!smb_internal_pam_session(pamh, user, tty, False)) {
+		smb_pam_end(pamh, pconv);
+		return False;
+	}
+
+	return smb_pam_end(pamh, pconv);
+}
+
+/*
+ * PAM Externally accessible Account handler
+ */
+
+NTSTATUS smb_pam_accountcheck(const char * user)
+{
+	NTSTATUS nt_status = NT_STATUS_ACCOUNT_DISABLED;
+	pam_handle_t *pamh = NULL;
+	struct pam_conv *pconv = NULL;
+
+	/* Ignore PAM if told to. */
+
+	if (!lp_obey_pam_restrictions())
+		return NT_STATUS_OK;
+
+	if ((pconv = smb_setup_pam_conv(smb_pam_conv, user, NULL, NULL)) == NULL)
+		return NT_STATUS_NO_MEMORY;
+
+	if (!smb_pam_start(&pamh, user, NULL, pconv))
+		return NT_STATUS_ACCOUNT_DISABLED;
+
+	if (!NT_STATUS_IS_OK(nt_status = smb_pam_account(pamh, user)))
+		DEBUG(0, ("smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User %s!\n", user));
+
+	smb_pam_end(pamh, pconv);
+	return nt_status;
+}
+
+/*
+ * PAM Password Validation Suite
+ */
+
+NTSTATUS smb_pam_passcheck(char * user, char * password)
+{
+	pam_handle_t *pamh = NULL;
+	NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
+	struct pam_conv *pconv = NULL;
+
+	/*
+	 * Note we can't ignore PAM here as this is the only
+	 * way of doing auths on plaintext passwords when
+	 * compiled --with-pam.
+	 */
+
+	if ((pconv = smb_setup_pam_conv(smb_pam_conv, user, password, NULL)) == NULL)
+		return NT_STATUS_LOGON_FAILURE;
+
+	if (!smb_pam_start(&pamh, user, NULL, pconv))
+		return NT_STATUS_LOGON_FAILURE;
+
+	if (!NT_STATUS_IS_OK(nt_status = smb_pam_auth(pamh, user))) {
+		DEBUG(0, ("smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User %s !\n", user));
+		smb_pam_end(pamh, pconv);
+		return nt_status;
+	}
+
+	if (!NT_STATUS_IS_OK(nt_status = smb_pam_account(pamh, user))) {
+		DEBUG(0, ("smb_pam_passcheck: PAM: smb_pam_account failed - Rejecting User %s !\n", user));
+		smb_pam_end(pamh, pconv);
+		return nt_status;
+	}
+
+	if (!NT_STATUS_IS_OK(nt_status = smb_pam_setcred(pamh, user))) {
+		DEBUG(0, ("smb_pam_passcheck: PAM: smb_pam_setcred failed - Rejecting User %s !\n", user));
+		smb_pam_end(pamh, pconv);
+		return nt_status;
+	}
+
+	smb_pam_end(pamh, pconv);
+	return nt_status;
+}
+
+/*
+ * PAM Password Change Suite
+ */
+
+BOOL smb_pam_passchange(const char * user, const char * oldpassword, const char * newpassword)
+{
+	/* Appropriate quantities of root should be obtained BEFORE calling this function */
+	struct pam_conv *pconv = NULL;
+	pam_handle_t *pamh = NULL;
+
+	if ((pconv = smb_setup_pam_conv(smb_pam_passchange_conv, user, oldpassword, newpassword)) == NULL)
+		return False;
+
+	if(!smb_pam_start(&pamh, user, NULL, pconv))
+		return False;
+
+	if (!smb_pam_chauthtok(pamh, user)) {
+		DEBUG(0, ("smb_pam_passchange: PAM: Password Change Failed for user %s!\n", user));
+		smb_pam_end(pamh, pconv);
+		return False;
+	}
+
+	return smb_pam_end(pamh, pconv);
+}
+
+#else
+
+/* If PAM not used, no PAM restrictions on accounts. */
+NTSTATUS smb_pam_accountcheck(const char * user)
+{
+	return NT_STATUS_OK;
+}
+
+/* If PAM not used, also no PAM restrictions on sessions. */
+BOOL smb_pam_claim_session(char *user, char *tty, char *rhost)
+{
+	return True;
+}
+
+/* If PAM not used, also no PAM restrictions on sessions. */
+BOOL smb_pam_close_session(char *in_user, char *tty, char *rhost)
+{
+	return True;
+}
+#endif /* WITH_PAM */
diff --git a/source3/auth/pass_check.c b/source3/auth/pass_check.c
new file mode 100644
index 0000000000..47c9664a74
--- /dev/null
+++ b/source3/auth/pass_check.c
@@ -0,0 +1,793 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Password checking
+   Copyright (C) Andrew Tridgell 1992-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+/* this module is for checking a username/password against a system
+   password database. The SMB encrypted password support is elsewhere */
+
+#include "includes.h"
+
+/* these are kept here to keep the string_combinations function simple */
+static fstring this_user;
+#if !defined(WITH_PAM) 
+static fstring this_salt;
+static fstring this_crypted;
+#endif
+
+#ifdef WITH_AFS
+
+#include <afs/stds.h>
+#include <afs/kautils.h>
+
+/*******************************************************************
+check on AFS authentication
+********************************************************************/
+static BOOL afs_auth(char *user, char *password)
+{
+	long password_expires = 0;
+	char *reason;
+
+	/* For versions of AFS prior to 3.3, this routine has few arguments, */
+	/* but since I can't find the old documentation... :-)               */
+	setpag();
+	if (ka_UserAuthenticateGeneral
+	    (KA_USERAUTH_VERSION + KA_USERAUTH_DOSETPAG, user, (char *)0,	/* instance */
+	     (char *)0,		/* cell */
+	     password, 0,	/* lifetime, default */
+	     &password_expires,	/*days 'til it expires */
+	     0,			/* spare 2 */
+	     &reason) == 0)
+	{
+		return (True);
+	}
+	DEBUG(1,
+	      ("AFS authentication for \"%s\" failed (%s)\n", user, reason));
+	return (False);
+}
+#endif
+
+
+#ifdef WITH_DFS
+
+#include <dce/dce_error.h>
+#include <dce/sec_login.h>
+
+/*****************************************************************
+ This new version of the DFS_AUTH code was donated by Karsten Muuss
+ <muuss@or.uni-bonn.de>. It fixes the following problems with the
+ old code :
+
+  - Server credentials may expire
+  - Client credential cache files have wrong owner
+  - purge_context() function is called with invalid argument
+
+ This new code was modified to ensure that on exit the uid/gid is
+ still root, and the original directory is restored. JRA.
+******************************************************************/
+
+sec_login_handle_t my_dce_sec_context;
+int dcelogin_atmost_once = 0;
+
+/*******************************************************************
+check on a DCE/DFS authentication
+********************************************************************/
+static BOOL dfs_auth(char *user, char *password)
+{
+	error_status_t err;
+	int err2;
+	int prterr;
+	signed32 expire_time, current_time;
+	boolean32 password_reset;
+	struct passwd *pw;
+	sec_passwd_rec_t passwd_rec;
+	sec_login_auth_src_t auth_src = sec_login_auth_src_network;
+	unsigned char dce_errstr[dce_c_error_string_len];
+	gid_t egid;
+
+	if (dcelogin_atmost_once)
+		return (False);
+
+#ifdef HAVE_CRYPT
+	/*
+	 * We only go for a DCE login context if the given password
+	 * matches that stored in the local password file.. 
+	 * Assumes local passwd file is kept in sync w/ DCE RGY!
+	 */
+
+	if (strcmp((char *)crypt(password, this_salt), this_crypted))
+	{
+		return (False);
+	}
+#endif
+
+	sec_login_get_current_context(&my_dce_sec_context, &err);
+	if (err != error_status_ok)
+	{
+		dce_error_inq_text(err, dce_errstr, &err2);
+		DEBUG(0, ("DCE can't get current context. %s\n", dce_errstr));
+
+		return (False);
+	}
+
+	sec_login_certify_identity(my_dce_sec_context, &err);
+	if (err != error_status_ok)
+	{
+		dce_error_inq_text(err, dce_errstr, &err2);
+		DEBUG(0, ("DCE can't get current context. %s\n", dce_errstr));
+
+		return (False);
+	}
+
+	sec_login_get_expiration(my_dce_sec_context, &expire_time, &err);
+	if (err != error_status_ok)
+	{
+		dce_error_inq_text(err, dce_errstr, &err2);
+		DEBUG(0, ("DCE can't get expiration. %s\n", dce_errstr));
+
+		return (False);
+	}
+
+	time(&current_time);
+
+	if (expire_time < (current_time + 60))
+	{
+		struct passwd *pw;
+		sec_passwd_rec_t *key;
+
+		sec_login_get_pwent(my_dce_sec_context,
+				    (sec_login_passwd_t *) & pw, &err);
+		if (err != error_status_ok)
+		{
+			dce_error_inq_text(err, dce_errstr, &err2);
+			DEBUG(0, ("DCE can't get pwent. %s\n", dce_errstr));
+
+			return (False);
+		}
+
+		sec_login_refresh_identity(my_dce_sec_context, &err);
+		if (err != error_status_ok)
+		{
+			dce_error_inq_text(err, dce_errstr, &err2);
+			DEBUG(0, ("DCE can't refresh identity. %s\n",
+				  dce_errstr));
+
+			return (False);
+		}
+
+		sec_key_mgmt_get_key(rpc_c_authn_dce_secret, NULL,
+				     (unsigned char *)pw->pw_name,
+				     sec_c_key_version_none,
+				     (void **)&key, &err);
+		if (err != error_status_ok)
+		{
+			dce_error_inq_text(err, dce_errstr, &err2);
+			DEBUG(0, ("DCE can't get key for %s. %s\n",
+				  pw->pw_name, dce_errstr));
+
+			return (False);
+		}
+
+		sec_login_valid_and_cert_ident(my_dce_sec_context, key,
+					       &password_reset, &auth_src,
+					       &err);
+		if (err != error_status_ok)
+		{
+			dce_error_inq_text(err, dce_errstr, &err2);
+			DEBUG(0,
+			      ("DCE can't validate and certify identity for %s. %s\n",
+			       pw->pw_name, dce_errstr));
+		}
+
+		sec_key_mgmt_free_key(key, &err);
+		if (err != error_status_ok)
+		{
+			dce_error_inq_text(err, dce_errstr, &err2);
+			DEBUG(0, ("DCE can't free key.\n", dce_errstr));
+		}
+	}
+
+	if (sec_login_setup_identity((unsigned char *)user,
+				     sec_login_no_flags,
+				     &my_dce_sec_context, &err) == 0)
+	{
+		dce_error_inq_text(err, dce_errstr, &err2);
+		DEBUG(0, ("DCE Setup Identity for %s failed: %s\n",
+			  user, dce_errstr));
+		return (False);
+	}
+
+	sec_login_get_pwent(my_dce_sec_context,
+			    (sec_login_passwd_t *) & pw, &err);
+	if (err != error_status_ok)
+	{
+		dce_error_inq_text(err, dce_errstr, &err2);
+		DEBUG(0, ("DCE can't get pwent. %s\n", dce_errstr));
+
+		return (False);
+	}
+
+	sec_login_purge_context(&my_dce_sec_context, &err);
+	if (err != error_status_ok)
+	{
+		dce_error_inq_text(err, dce_errstr, &err2);
+		DEBUG(0, ("DCE can't purge context. %s\n", dce_errstr));
+
+		return (False);
+	}
+
+	/*
+	 * NB. I'd like to change these to call something like change_to_user()
+	 * instead but currently we don't have a connection
+	 * context to become the correct user. This is already
+	 * fairly platform specific code however, so I think
+	 * this should be ok. I have added code to go
+	 * back to being root on error though. JRA.
+	 */
+
+	egid = getegid();
+
+	set_effective_gid(pw->pw_gid);
+	set_effective_uid(pw->pw_uid);
+
+	if (sec_login_setup_identity((unsigned char *)user,
+				     sec_login_no_flags,
+				     &my_dce_sec_context, &err) == 0)
+	{
+		dce_error_inq_text(err, dce_errstr, &err2);
+		DEBUG(0, ("DCE Setup Identity for %s failed: %s\n",
+			  user, dce_errstr));
+		goto err;
+	}
+
+	sec_login_get_pwent(my_dce_sec_context,
+			    (sec_login_passwd_t *) & pw, &err);
+	if (err != error_status_ok)
+	{
+		dce_error_inq_text(err, dce_errstr, &err2);
+		DEBUG(0, ("DCE can't get pwent. %s\n", dce_errstr));
+		goto err;
+	}
+
+	passwd_rec.version_number = sec_passwd_c_version_none;
+	passwd_rec.pepper = NULL;
+	passwd_rec.key.key_type = sec_passwd_plain;
+	passwd_rec.key.tagged_union.plain = (idl_char *) password;
+
+	sec_login_validate_identity(my_dce_sec_context,
+				    &passwd_rec, &password_reset,
+				    &auth_src, &err);
+	if (err != error_status_ok)
+	{
+		dce_error_inq_text(err, dce_errstr, &err2);
+		DEBUG(0,
+		      ("DCE Identity Validation failed for principal %s: %s\n",
+		       user, dce_errstr));
+		goto err;
+	}
+
+	sec_login_certify_identity(my_dce_sec_context, &err);
+	if (err != error_status_ok)
+	{
+		dce_error_inq_text(err, dce_errstr, &err2);
+		DEBUG(0, ("DCE certify identity failed: %s\n", dce_errstr));
+		goto err;
+	}
+
+	if (auth_src != sec_login_auth_src_network)
+	{
+		DEBUG(0, ("DCE context has no network credentials.\n"));
+	}
+
+	sec_login_set_context(my_dce_sec_context, &err);
+	if (err != error_status_ok)
+	{
+		dce_error_inq_text(err, dce_errstr, &err2);
+		DEBUG(0,
+		      ("DCE login failed for principal %s, cant set context: %s\n",
+		       user, dce_errstr));
+
+		sec_login_purge_context(&my_dce_sec_context, &err);
+		goto err;
+	}
+
+	sec_login_get_pwent(my_dce_sec_context,
+			    (sec_login_passwd_t *) & pw, &err);
+	if (err != error_status_ok)
+	{
+		dce_error_inq_text(err, dce_errstr, &err2);
+		DEBUG(0, ("DCE can't get pwent. %s\n", dce_errstr));
+		goto err;
+	}
+
+	DEBUG(0, ("DCE login succeeded for principal %s on pid %d\n",
+		  user, sys_getpid()));
+
+	DEBUG(3, ("DCE principal: %s\n"
+		  "          uid: %d\n"
+		  "          gid: %d\n",
+		  pw->pw_name, pw->pw_uid, pw->pw_gid));
+	DEBUG(3, ("         info: %s\n"
+		  "          dir: %s\n"
+		  "        shell: %s\n",
+		  pw->pw_gecos, pw->pw_dir, pw->pw_shell));
+
+	sec_login_get_expiration(my_dce_sec_context, &expire_time, &err);
+	if (err != error_status_ok)
+	{
+		dce_error_inq_text(err, dce_errstr, &err2);
+		DEBUG(0, ("DCE can't get expiration. %s\n", dce_errstr));
+		goto err;
+	}
+
+	set_effective_uid(0);
+	set_effective_gid(0);
+
+	DEBUG(0,
+	      ("DCE context expires: %s", asctime(localtime(&expire_time))));
+
+	dcelogin_atmost_once = 1;
+	return (True);
+
+      err:
+
+	/* Go back to root, JRA. */
+	set_effective_uid(0);
+	set_effective_gid(egid);
+	return (False);
+}
+
+void dfs_unlogin(void)
+{
+	error_status_t err;
+	int err2;
+	unsigned char dce_errstr[dce_c_error_string_len];
+
+	sec_login_purge_context(&my_dce_sec_context, &err);
+	if (err != error_status_ok)
+	{
+		dce_error_inq_text(err, dce_errstr, &err2);
+		DEBUG(0,
+		      ("DCE purge login context failed for server instance %d: %s\n",
+		       sys_getpid(), dce_errstr));
+	}
+}
+#endif
+
+#ifdef LINUX_BIGCRYPT
+/****************************************************************************
+an enhanced crypt for Linux to handle password longer than 8 characters
+****************************************************************************/
+static int linux_bigcrypt(char *password, char *salt1, char *crypted)
+{
+#define LINUX_PASSWORD_SEG_CHARS 8
+	char salt[3];
+	int i;
+
+	StrnCpy(salt, salt1, 2);
+	crypted += 2;
+
+	for (i = strlen(password); i > 0; i -= LINUX_PASSWORD_SEG_CHARS) {
+		char *p = crypt(password, salt) + 2;
+		if (strncmp(p, crypted, LINUX_PASSWORD_SEG_CHARS) != 0)
+			return (0);
+		password += LINUX_PASSWORD_SEG_CHARS;
+		crypted += strlen(p);
+	}
+
+	return (1);
+}
+#endif
+
+#ifdef OSF1_ENH_SEC
+/****************************************************************************
+an enhanced crypt for OSF1
+****************************************************************************/
+static char *osf1_bigcrypt(char *password, char *salt1)
+{
+	static char result[AUTH_MAX_PASSWD_LENGTH] = "";
+	char *p1;
+	char *p2 = password;
+	char salt[3];
+	int i;
+	int parts = strlen(password) / AUTH_CLEARTEXT_SEG_CHARS;
+	if (strlen(password) % AUTH_CLEARTEXT_SEG_CHARS)
+		parts++;
+
+	StrnCpy(salt, salt1, 2);
+	StrnCpy(result, salt1, 2);
+	result[2] = '\0';
+
+	for (i = 0; i < parts; i++) {
+		p1 = crypt(p2, salt);
+		strncat(result, p1 + 2,
+			AUTH_MAX_PASSWD_LENGTH - strlen(p1 + 2) - 1);
+		StrnCpy(salt, &result[2 + i * AUTH_CIPHERTEXT_SEG_CHARS], 2);
+		p2 += AUTH_CLEARTEXT_SEG_CHARS;
+	}
+
+	return (result);
+}
+#endif
+
+
+/****************************************************************************
+apply a function to upper/lower case combinations
+of a string and return true if one of them returns true.
+try all combinations with N uppercase letters.
+offset is the first char to try and change (start with 0)
+it assumes the string starts lowercased
+****************************************************************************/
+static NTSTATUS string_combinations2(char *s, int offset, NTSTATUS (*fn) (char *),
+				 int N)
+{
+	int len = strlen(s);
+	int i;
+	NTSTATUS nt_status;
+
+#ifdef PASSWORD_LENGTH
+	len = MIN(len, PASSWORD_LENGTH);
+#endif
+
+	if (N <= 0 || offset >= len)
+		return (fn(s));
+
+	for (i = offset; i < (len - (N - 1)); i++) {
+		char c = s[i];
+		if (!islower(c))
+			continue;
+		s[i] = toupper(c);
+		if (!NT_STATUS_EQUAL(nt_status = string_combinations2(s, i + 1, fn, N - 1),NT_STATUS_WRONG_PASSWORD)) {
+			return (nt_status);
+		}
+		s[i] = c;
+	}
+	return (NT_STATUS_WRONG_PASSWORD);
+}
+
+/****************************************************************************
+apply a function to upper/lower case combinations
+of a string and return true if one of them returns true.
+try all combinations with up to N uppercase letters.
+offset is the first char to try and change (start with 0)
+it assumes the string starts lowercased
+****************************************************************************/
+static NTSTATUS string_combinations(char *s, NTSTATUS (*fn) (char *), int N)
+{
+	int n;
+	NTSTATUS nt_status;
+	for (n = 1; n <= N; n++)
+		if (!NT_STATUS_EQUAL(nt_status = string_combinations2(s, 0, fn, n), NT_STATUS_WRONG_PASSWORD))
+			return nt_status;
+	return NT_STATUS_WRONG_PASSWORD;
+}
+
+
+/****************************************************************************
+core of password checking routine
+****************************************************************************/
+static NTSTATUS password_check(char *password)
+{
+#ifdef WITH_PAM
+	return smb_pam_passcheck(this_user, password);
+#else
+
+	BOOL ret;
+
+#ifdef WITH_AFS
+	if (afs_auth(this_user, password))
+		return NT_STATUS_OK;
+#endif /* WITH_AFS */
+
+#ifdef WITH_DFS
+	if (dfs_auth(this_user, password))
+		return NT_STATUS_OK;
+#endif /* WITH_DFS */
+
+#ifdef OSF1_ENH_SEC
+	
+	ret = (strcmp(osf1_bigcrypt(password, this_salt),
+		      this_crypted) == 0);
+	if (!ret) {
+		DEBUG(2,
+		      ("OSF1_ENH_SEC failed. Trying normal crypt.\n"));
+		ret = (strcmp((char *)crypt(password, this_salt), this_crypted) == 0);
+	}
+	if (ret) {
+		return NT_STATUS_OK;
+	} else {
+		return NT_STATUS_WRONG_PASSWORD;
+	}
+	
+#endif /* OSF1_ENH_SEC */
+	
+#ifdef ULTRIX_AUTH
+	ret = (strcmp((char *)crypt16(password, this_salt), this_crypted) == 0);
+	if (ret) {
+		return NT_STATUS_OK;
+        } else {
+		return NT_STATUS_WRONG_PASSWORD;
+	}
+	
+#endif /* ULTRIX_AUTH */
+	
+#ifdef LINUX_BIGCRYPT
+	ret = (linux_bigcrypt(password, this_salt, this_crypted));
+        if (ret) {
+		return NT_STATUS_OK;
+	} else {
+		return NT_STATUS_WRONG_PASSWORD;
+	}
+#endif /* LINUX_BIGCRYPT */
+	
+#if defined(HAVE_BIGCRYPT) && defined(HAVE_CRYPT) && defined(USE_BOTH_CRYPT_CALLS)
+	
+	/*
+	 * Some systems have bigcrypt in the C library but might not
+	 * actually use it for the password hashes (HPUX 10.20) is
+	 * a noteable example. So we try bigcrypt first, followed
+	 * by crypt.
+	 */
+
+	if (strcmp(bigcrypt(password, this_salt), this_crypted) == 0)
+		return NT_STATUS_OK;
+	else
+		ret = (strcmp((char *)crypt(password, this_salt), this_crypted) == 0);
+	if (ret) {
+		return NT_STATUS_OK;
+	} else {
+		return NT_STATUS_WRONG_PASSWORD;
+	}
+#else /* HAVE_BIGCRYPT && HAVE_CRYPT && USE_BOTH_CRYPT_CALLS */
+	
+#ifdef HAVE_BIGCRYPT
+	ret = (strcmp(bigcrypt(password, this_salt), this_crypted) == 0);
+        if (ret) {
+		return NT_STATUS_OK;
+	} else {
+		return NT_STATUS_WRONG_PASSWORD;
+	}
+#endif /* HAVE_BIGCRYPT */
+	
+#ifndef HAVE_CRYPT
+	DEBUG(1, ("Warning - no crypt available\n"));
+	return NT_STATUS_LOGON_FAILURE;
+#else /* HAVE_CRYPT */
+	ret = (strcmp((char *)crypt(password, this_salt), this_crypted) == 0);
+        if (ret) {
+		return NT_STATUS_OK;
+	} else {
+		return NT_STATUS_WRONG_PASSWORD;
+	}
+#endif /* HAVE_CRYPT */
+#endif /* HAVE_BIGCRYPT && HAVE_CRYPT && USE_BOTH_CRYPT_CALLS */
+#endif /* WITH_PAM || KRB4_AUTH || KRB5_AUTH */
+}
+
+
+
+/****************************************************************************
+CHECK if a username/password is OK
+the function pointer fn() points to a function to call when a successful
+match is found and is used to update the encrypted password file 
+return NT_STATUS_OK on correct match, appropriate error otherwise
+****************************************************************************/
+
+NTSTATUS pass_check(const struct passwd *input_pass, char *user, char *password, 
+		    int pwlen, BOOL (*fn) (char *, char *), BOOL run_cracker)
+{
+	struct passwd *pass;
+	pstring pass2;
+	int level = lp_passwordlevel();
+
+	NTSTATUS nt_status;
+	if (password)
+		password[pwlen] = 0;
+
+#if DEBUG_PASSWORD
+	DEBUG(100, ("checking user=[%s] pass=[%s]\n", user, password));
+#endif
+
+	if (!password)
+		return NT_STATUS_LOGON_FAILURE;
+
+	if (((!*password) || (!pwlen)) && !lp_null_passwords())
+		return NT_STATUS_LOGON_FAILURE;
+
+#if defined(WITH_PAM) 
+
+	/*
+	 * If we're using PAM we want to short-circuit all the 
+	 * checks below and dive straight into the PAM code.
+	 */
+
+	fstrcpy(this_user, user);
+
+	DEBUG(4, ("pass_check: Checking (PAM) password for user %s (l=%d)\n", user, pwlen));
+
+#else /* Not using PAM */
+
+	DEBUG(4, ("pass_check: Checking password for user %s (l=%d)\n", user, pwlen));
+
+	if (!input_pass) {
+		DEBUG(3, ("Couldn't find user %s\n", user));
+		return NT_STATUS_NO_SUCH_USER;
+	}
+
+	pass = make_modifyable_passwd(input_pass);
+
+#ifdef HAVE_GETSPNAM
+	{
+		struct spwd *spass;
+
+		/* many shadow systems require you to be root to get
+		   the password, in most cases this should already be
+		   the case when this function is called, except
+		   perhaps for IPC password changing requests */
+
+		spass = getspnam(pass->pw_name);
+		if (spass && spass->sp_pwdp)
+			pstrcpy(pass->pw_passwd, spass->sp_pwdp);
+	}
+#elif defined(IA_UINFO)
+	{
+		/* Need to get password with SVR4.2's ia_ functions
+		   instead of get{sp,pw}ent functions. Required by
+		   UnixWare 2.x, tested on version
+		   2.1. (tangent@cyberport.com) */
+		uinfo_t uinfo;
+		if (ia_openinfo(pass->pw_name, &uinfo) != -1)
+			ia_get_logpwd(uinfo, &(pass->pw_passwd));
+	}
+#endif
+
+#ifdef HAVE_GETPRPWNAM
+	{
+		struct pr_passwd *pr_pw = getprpwnam(pass->pw_name);
+		if (pr_pw && pr_pw->ufld.fd_encrypt)
+			pstrcpy(pass->pw_passwd, pr_pw->ufld.fd_encrypt);
+	}
+#endif
+
+#ifdef HAVE_GETPWANAM
+	{
+		struct passwd_adjunct *pwret;
+		pwret = getpwanam(s);
+		if (pwret && pwret->pwa_passwd)
+			pstrcpy(pass->pw_passwd,pwret->pwa_passwd);
+	}
+#endif
+
+#ifdef OSF1_ENH_SEC
+	{
+		struct pr_passwd *mypasswd;
+		DEBUG(5, ("Checking password for user %s in OSF1_ENH_SEC\n",
+			  user));
+		mypasswd = getprpwnam(user);
+		if (mypasswd) {
+			fstrcpy(pass->pw_name, mypasswd->ufld.fd_name);
+			fstrcpy(pass->pw_passwd, mypasswd->ufld.fd_encrypt);
+		} else {
+			DEBUG(5,
+			      ("OSF1_ENH_SEC: No entry for user %s in protected database !\n",
+			       user));
+		}
+	}
+#endif
+
+#ifdef ULTRIX_AUTH
+	{
+		AUTHORIZATION *ap = getauthuid(pass->pw_uid);
+		if (ap) {
+			fstrcpy(pass->pw_passwd, ap->a_password);
+			endauthent();
+		}
+	}
+#endif
+
+	/* extract relevant info */
+	fstrcpy(this_salt, pass->pw_passwd);
+
+#if defined(HAVE_TRUNCATED_SALT)
+	/* crypt on some platforms (HPUX in particular)
+	   won't work with more than 2 salt characters. */
+	this_salt[2] = 0;
+#endif
+
+	/* Copy into global for the convenience of looping code */
+	fstrcpy(this_crypted, pass->pw_passwd);
+
+	if (!*this_crypted) {
+		if (!lp_null_passwords()) {
+			DEBUG(2, ("Disallowing %s with null password\n",
+				  this_user));
+			passwd_free(&pass);
+			return NT_STATUS_LOGON_FAILURE;
+		}
+		if (!*password) {
+			DEBUG(3,
+			      ("Allowing access to %s with null password\n",
+			       this_user));
+			passwd_free(&pass);
+			return NT_STATUS_OK;
+		}
+	}
+
+	passwd_free(&pass);
+
+#endif /* defined(WITH_PAM) */
+
+	/* try it as it came to us */
+	nt_status = password_check(password);
+        if NT_STATUS_IS_OK(nt_status) {
+                if (fn) {
+                        fn(user, password);
+		}
+		return (nt_status);
+	} else if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_WRONG_PASSWORD)) {
+                /* No point continuing if its not the password thats to blame (ie PAM disabled). */
+                return (nt_status);
+        }
+
+	if (!run_cracker) {
+		return (nt_status);
+	}
+
+	/* if the password was given to us with mixed case then we don't
+	 * need to proceed as we know it hasn't been case modified by the
+	 * client */
+	if (strhasupper(password) && strhaslower(password)) {
+		passwd_free(&pass);
+		return nt_status;
+	}
+
+	/* make a copy of it */
+	StrnCpy(pass2, password, sizeof(pstring) - 1);
+
+	/* try all lowercase if it's currently all uppercase */
+	if (strhasupper(password)) {
+		strlower(password);
+		if NT_STATUS_IS_OK(nt_status = password_check(password)) {
+		        if (fn)
+				fn(user, password);
+			return (nt_status);
+		}
+	}
+
+	/* give up? */
+	if (level < 1) {
+		/* restore it */
+		fstrcpy(password, pass2);
+		return NT_STATUS_WRONG_PASSWORD;
+	}
+
+	/* last chance - all combinations of up to level chars upper! */
+	strlower(password);
+
+ 
+        if NT_STATUS_IS_OK(nt_status = string_combinations(password, password_check, level)) {
+                if (fn)
+			fn(user, password);
+		return nt_status;
+	}
+        
+	/* restore it */
+	fstrcpy(password, pass2);
+
+	return NT_STATUS_WRONG_PASSWORD;
+}
diff --git a/source3/bin/.cvsignore b/source3/bin/.cvsignore
new file mode 100644
index 0000000000..c152d8918a
--- /dev/null
+++ b/source3/bin/.cvsignore
@@ -0,0 +1,38 @@
+.dummy
+.libs
+locktest
+locktest2
+make_printerdef
+make_smbcodepage
+make_unicodemap
+masktest
+msgtest
+net
+nmbd
+nmblookup
+pdbedit
+rpcclient
+samsync
+smbcacls
+smbcacls
+smbclient
+smbcontrol
+smbd
+smbgroupedit
+smbmnt
+smbmount
+smbpasswd
+smbsh
+smbspool
+smbstatus
+smbtorture
+smbtree
+smbumount
+swat
+talloctort
+tdbbackup
+testparm
+testprns
+wbinfo
+winbindd
+wrepld
diff --git a/source3/change-log b/source3/change-log
index e120ac6f02..1f7798b541 100644
--- a/source3/change-log
+++ b/source3/change-log
@@ -1,10 +1,13 @@
-Change Log for Samba
+SUPERCEDED Change Log for Samba
+^^^^^^^^^^
 
 Unless otherwise attributed, all changes were made by 
-Andrew.Tridgell@anu.edu.au
+Andrew.Tridgell@anu.edu.au. All bugs to samba-bugs@samba.org.
 
 NOTE: THIS LOG IS IN CHRONOLOGICAL ORDER
 
+NOTE: From now on the cvs.log file will be used to give a complete log of
+changes to samba. This change-log is now obsolete.
 
 1.5.00	announced to mailing list
 
@@ -1793,6 +1796,9 @@ NOTE: THIS LOG IS IN CHRONOLOGICAL ORDER
 	- Linux quota patch from xeno@mix.hsv.no
 	- try to work around NT passlen2 problem in session setup
 	- released alpha1
+
+NOTE: From now on the cvs.log file will be used to give a complete log of
+changes to samba. This change-log is now obsolete.
 	
 	
 ==========
@@ -1869,4 +1875,4 @@ lpd stuff:
  	Tony Aiuto (tony@ics.com)
 
 make max disk size local
-	
\ No newline at end of file
+	
diff --git a/source3/client/.cvsignore b/source3/client/.cvsignore
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/source3/client/.cvsignore
diff --git a/source3/client/client.c b/source3/client/client.c
index 504cb5a0bb..1daba28b98 100644
--- a/source3/client/client.c
+++ b/source3/client/client.c
@@ -1,8 +1,8 @@
 /* 
-   Unix SMB/Netbios implementation.
-   Version 1.9.
+   Unix SMB/CIFS implementation.
    SMB client
-   Copyright (C) Andrew Tridgell 1994-1995
+   Copyright (C) Andrew Tridgell 1994-1998
+   Copyright (C) Simo Sorce 2001
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -19,36 +19,40 @@
    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */
 
-#ifdef SYSLOG
-#undef SYSLOG
-#endif
+#define NO_SYSLOG
 
 #include "includes.h"
-#include "nameserv.h"
 
 #ifndef REGISTER
 #define REGISTER 0
 #endif
 
+const char prog_name[] = "smbclient";
+
+struct cli_state *cli;
+extern BOOL in_client;
+extern BOOL AllowDebugChange;
+static int port = 0;
 pstring cur_dir = "\\";
 pstring cd_path = "";
-pstring service="";
-pstring desthost="";
-pstring myname = "";
-pstring password = "";
-pstring username="";
-pstring workgroup=WORKGROUP;
-BOOL got_pass = False;
-BOOL connect_as_printer = False;
-BOOL connect_as_ipc = False;
-extern struct in_addr bcast_ip;
-static BOOL got_bcast=False;
-
-char cryptkey[8];
-BOOL doencrypt=False;
-
+static pstring service;
+static pstring desthost;
+extern pstring global_myname;
+static pstring password;
+static pstring username;
+static pstring workgroup;
+static char *cmdstr;
+static BOOL got_pass;
+static int io_bufsize = 64512;
+static BOOL use_kerberos;
+
+static int name_type = 0x20;
+static int max_protocol = PROTOCOL_NT1;
 extern pstring user_socket_options;
 
+static int process_tok(fstring tok);
+static int cmd_help(void);
+
 /* 30 second timeout on most commands */
 #define CLIENT_TIMEOUT (30*1000)
 #define SHORT_TIMEOUT (5*1000)
@@ -56,65 +60,35 @@ extern pstring user_socket_options;
 /* value for unused fid field in trans2 secondary request */
 #define FID_UNUSED (0xFFFF)
 
-int name_type = 0x20;
-
-int max_protocol = PROTOCOL_NT1;
-
-
 time_t newer_than = 0;
 int archive_level = 0;
 
-extern struct in_addr myip;
-
-extern pstring debugf;
-extern int DEBUGLEVEL;
-
 BOOL translation = False;
 
+static BOOL have_ip;
+
 /* clitar bits insert */
-extern void cmd_tar();
-extern void cmd_block();
-extern void cmd_tarmode();
-extern void cmd_setmode();
 extern int blocksize;
 extern BOOL tar_inc;
 extern BOOL tar_reset;
-extern int process_tar();
-extern int tar_parseargs();
 /* clitar bits end */
  
 
-int cnum = 0;
-int pid = 0;
-int gid = 0;
-int uid = 0;
-int mid = 0;
-int myumask = 0755;
-
-int max_xmit = BUFFER_SIZE;
-
-extern pstring scope;
+mode_t myumask = 0755;
 
 BOOL prompt = True;
 
 int printmode = 1;
 
-BOOL recurse = False;
+static BOOL recurse = False;
 BOOL lowercase = False;
 
-BOOL have_ip = False;
-
 struct in_addr dest_ip;
 
 #define SEPARATORS " \t\n\r"
 
 BOOL abort_mget = True;
 
-extern int Protocol;
-
-BOOL readbraw_supported = False;
-BOOL writebraw_supported = False;
-
 pstring fileselection = "";
 
 extern file_info def_finfo;
@@ -125,269 +99,114 @@ int get_total_time_ms = 0;
 int put_total_size = 0;
 int put_total_time_ms = 0;
 
-
-extern int Client;
+/* totals globals */
+static double dir_total;
 
 #define USENMB
 
-#ifdef KANJI
-extern int coding_system;
-#define CNV_LANG(s) (coding_system == DOSV_CODE?s:dos_to_unix(s, False))
-#define CNV_INPUT(s) (coding_system == DOSV_CODE?s:unix_to_dos(s, True))
-static BOOL
-setup_term_code (char *code)
-{
-    int new;
-    new = interpret_coding_system (code, UNKNOWN_CODE);
-    if (new != UNKNOWN_CODE) {
-	coding_system = new;
-	return True;
-    }
-    return False;
-}
-#else
-#define CNV_LANG(s) dos2unix_format(s,False)
-#define CNV_INPUT(s) unix2dos_format(s,True)
-#endif
-
-static void send_logout(void );
-BOOL reopen_connection(char *inbuf,char *outbuf);
-static int do_long_dir(char *inbuf,char *outbuf,char *Mask,int attribute,void (*fn)(),BOOL recurse_dir);
-static int do_short_dir(char *inbuf,char *outbuf,char *Mask,int attribute,void (*fn)(),BOOL recurse_dir);
-static BOOL call_api(int prcnt,int drcnt,int mprcnt,int mdrcnt,
-		     int *rprcnt,int *rdrcnt,char *param,char *data,
-		     char **rparam,char **rdata);
-static BOOL send_trans_request(char *outbuf,int trans,
-			       char *name,int fid,int flags,
-			       char *data,char *param,uint16 *setup,
-			       int ldata,int lparam,int lsetup,
-			       int mdata,int mparam,int msetup);
-
-
-/****************************************************************************
-setup basics in a outgoing packet
-****************************************************************************/
-void setup_pkt(char *outbuf)
-{
-  SSVAL(outbuf,smb_pid,pid);
-  SSVAL(outbuf,smb_uid,uid);
-  SSVAL(outbuf,smb_mid,mid);
-  if (Protocol > PROTOCOL_CORE)
-    {
-      SCVAL(outbuf,smb_flg,0x8);
-      SSVAL(outbuf,smb_flg2,0x1);
-    }
-}
-
 /****************************************************************************
 write to a local file with CR/LF->LF translation if appropriate. return the 
 number taken from the buffer. This may not equal the number written.
 ****************************************************************************/
 static int writefile(int f, char *b, int n)
 {
-  int i;
+	int i;
 
-  if (!translation)
-    return(write(f,b,n));
-  
-  i = 0;
-  while (i < n)
-    {
-      if (*b == '\r' && (i<(n-1)) && *(b+1) == '\n')
-	{
-	  b++;i++;
+	if (!translation) {
+		return write(f,b,n);
 	}
-      if (write(f, b, 1) != 1)
-	{
-	  break;
+
+	i = 0;
+	while (i < n) {
+		if (*b == '\r' && (i<(n-1)) && *(b+1) == '\n') {
+			b++;i++;
+		}
+		if (write(f, b, 1) != 1) {
+			break;
+		}
+		b++;
+		i++;
 	}
-      b++;
-      i++;
-    }
   
-  return(i);
+	return(i);
 }
 
 /****************************************************************************
   read from a file with LF->CR/LF translation if appropriate. return the 
   number read. read approx n bytes.
 ****************************************************************************/
-static int readfile(char *b, int size, int n, FILE *f)
+static int readfile(char *b, int n, XFILE *f)
 {
-  int i;
-  int c;
+	int i;
+	int c;
 
-  if (!translation || (size != 1))
-    return(fread(b,size,n,f));
+	if (!translation)
+		return x_fread(b,1,n,f);
   
-  i = 0;
-  while (i < n)
-    {
-      if ((c = getc(f)) == EOF)
-	{
-	  break;
-	}
+	i = 0;
+	while (i < (n - 1) && (i < BUFFER_SIZE)) {
+		if ((c = x_getc(f)) == EOF) {
+			break;
+		}
       
-      if (c == '\n') /* change all LFs to CR/LF */
-	{
-	  b[i++] = '\r';
-	  n++;
-	}
+		if (c == '\n') { /* change all LFs to CR/LF */
+			b[i++] = '\r';
+		}
       
-      b[i++] = c;
-    }
+		b[i++] = c;
+	}
   
-  return(i);
+	return(i);
 }
  
 
 /****************************************************************************
-read from a file with print translation. return the number read. read approx n
-bytes.
-****************************************************************************/
-static int printread(FILE *f,char *b,int n)
-{
-  int i;
-
-  i = readfile(b,1, n-1,f);
-#if FORMFEED
-  if (feof(f) && i>0)
-    b[i++] = '\014';
-#endif
-
-  return(i);
-}
-
-/****************************************************************************
-check for existance of a dir
-****************************************************************************/
-static BOOL chkpath(char *path,BOOL report)
-{
-  fstring path2;
-  pstring inbuf,outbuf;
-  char *p;
-
-  strcpy(path2,path);
-  trim_string(path2,NULL,"\\");
-  if (!*path2) *path2 = '\\';
-
-  bzero(outbuf,smb_size);
-  set_message(outbuf,0,4 + strlen(path2),True);
-  SCVAL(outbuf,smb_com,SMBchkpth);
-  SSVAL(outbuf,smb_tid,cnum);
-  setup_pkt(outbuf);
-
-  p = smb_buf(outbuf);
-  *p++ = 4;
-  strcpy(p,path2);
-
-  send_smb(Client,outbuf);
-  receive_smb(Client,inbuf,CLIENT_TIMEOUT);
-
-  if (report && CVAL(inbuf,smb_rcls) != 0)
-    DEBUG(2,("chkpath: %s\n",smb_errstr(inbuf)));
-
-  return(CVAL(inbuf,smb_rcls) == 0);
-}
-
-
-/****************************************************************************
 send a message
 ****************************************************************************/
-static void send_message(char *inbuf,char *outbuf)
+static void send_message(void)
 {
-  int total_len = 0;
+	int total_len = 0;
+	int grp_id;
 
-  char *p;
-  int grp_id;
-
-  /* send a SMBsendstrt command */
-  bzero(outbuf,smb_size);
-  set_message(outbuf,0,0,True);
-  CVAL(outbuf,smb_com) = SMBsendstrt;
-  SSVAL(outbuf,smb_tid,cnum);
-
-  p = smb_buf(outbuf);
-  *p++ = 4;
-  strcpy(p,username);
-  p = skip_string(p,1);
-  *p++ = 4;
-  strcpy(p,desthost);
-  p = skip_string(p,1);
-
-  set_message(outbuf,0,PTR_DIFF(p,smb_buf(outbuf)),False);
-
-  send_smb(Client,outbuf);
-  
+	if (!cli_message_start(cli, desthost, username, &grp_id)) {
+		d_printf("message start: %s\n", cli_errstr(cli));
+		return;
+	}
 
-  if (!receive_smb(Client,inbuf,SHORT_TIMEOUT) || CVAL(inbuf,smb_rcls) != 0)
-    {
-      printf("SMBsendstrt failed. (%s)\n",smb_errstr(inbuf));
-      return;
-    }
 
-  grp_id = SVAL(inbuf,smb_vwv0);
+	d_printf("Connected. Type your message, ending it with a Control-D\n");
 
-  printf("Connected. Type your message, ending it with a Control-D\n");
+	while (!feof(stdin) && total_len < 1600) {
+		int maxlen = MIN(1600 - total_len,127);
+		pstring msg;
+		int l=0;
+		int c;
 
-  while (!feof(stdin) && total_len < 1600)
-    {
-      int maxlen = MIN(1600 - total_len,127);
-      pstring msg;
-      int l=0;
-      int c;
+		ZERO_ARRAY(msg);
 
-      bzero(msg,smb_size);
+		for (l=0;l<maxlen && (c=fgetc(stdin))!=EOF;l++) {
+			if (c == '\n')
+				msg[l++] = '\r';
+			msg[l] = c;   
+		}
 
-      for (l=0;l<maxlen && (c=fgetc(stdin))!=EOF;l++)
-	{
-	  if (c == '\n')
-	    msg[l++] = '\r';
-	  msg[l] = c;   
+		if (!cli_message_text(cli, msg, l, grp_id)) {
+			d_printf("SMBsendtxt failed (%s)\n",cli_errstr(cli));
+			return;
+		}      
+		
+		total_len += l;
 	}
 
-      CVAL(outbuf,smb_com) = SMBsendtxt;
-
-      set_message(outbuf,1,l+3,True);
-
-      SSVAL(outbuf,smb_vwv0,grp_id);
-
-      p = smb_buf(outbuf);
-      *p = 1;
-      SSVAL(p,1,l);
-      memcpy(p+3,msg,l);
-
-      send_smb(Client,outbuf);
-      
+	if (total_len >= 1600)
+		d_printf("the message was truncated to 1600 bytes\n");
+	else
+		d_printf("sent %d bytes\n",total_len);
 
-      if (!receive_smb(Client,inbuf,SHORT_TIMEOUT) || CVAL(inbuf,smb_rcls) != 0)
-	{
-	  printf("SMBsendtxt failed (%s)\n",smb_errstr(inbuf));
-	  return;
+	if (!cli_message_end(cli, grp_id)) {
+		d_printf("SMBsendend failed (%s)\n",cli_errstr(cli));
+		return;
 	}      
-
-      total_len += l;
-    }
-
-  if (total_len >= 1600)
-    printf("the message was truncated to 1600 bytes ");
-  else
-    printf("sent %d bytes ",total_len);
-
-  printf("(status was %d-%d)\n",CVAL(inbuf,smb_rcls),SVAL(inbuf,smb_err));
-
-  CVAL(outbuf,smb_com) = SMBsendend;
-  set_message(outbuf,1,0,False);
-  SSVAL(outbuf,smb_vwv0,grp_id);
-
-  send_smb(Client,outbuf);
-  
-
-  if (!receive_smb(Client,inbuf,SHORT_TIMEOUT) || CVAL(inbuf,smb_rcls) != 0)
-    {
-      printf("SMBsendend failed (%s)\n",smb_errstr(inbuf));
-      return;
-    }      
 }
 
 
@@ -395,1137 +214,572 @@ static void send_message(char *inbuf,char *outbuf)
 /****************************************************************************
 check the space on a device
 ****************************************************************************/
-static void do_dskattr(void)
+static int do_dskattr(void)
 {
-  pstring inbuf,outbuf;
+	int total, bsize, avail;
 
-  bzero(outbuf,smb_size);
-  set_message(outbuf,0,0,True);
-  CVAL(outbuf,smb_com) = SMBdskattr;
-  SSVAL(outbuf,smb_tid,cnum);
-  setup_pkt(outbuf);
-
-  send_smb(Client,outbuf);
-  receive_smb(Client,inbuf,CLIENT_TIMEOUT);
+	if (!cli_dskattr(cli, &bsize, &total, &avail)) {
+		d_printf("Error in dskattr: %s\n",cli_errstr(cli)); 
+		return 1;
+	}
 
-  if (CVAL(inbuf,smb_rcls) != 0) 
-    DEBUG(0,("Error in dskattr: %s\n",smb_errstr(inbuf)));      
+	d_printf("\n\t\t%d blocks of size %d. %d blocks available\n",
+		 total, bsize, avail);
 
-  DEBUG(0,("\n\t\t%d blocks of size %d. %d blocks available\n",
-	SVAL(inbuf,smb_vwv0),
-	SVAL(inbuf,smb_vwv1)*SVAL(inbuf,smb_vwv2),
-	SVAL(inbuf,smb_vwv3)));
+	return 0;
 }
 
 /****************************************************************************
 show cd/pwd
 ****************************************************************************/
-static void cmd_pwd(void)
+static int cmd_pwd(void)
 {
-  DEBUG(0,("Current directory is %s",CNV_LANG(service)));
-  DEBUG(0,("%s\n",CNV_LANG(cur_dir)));
+	d_printf("Current directory is %s",service);
+	d_printf("%s\n",cur_dir);
+	return 0;
 }
 
 
 /****************************************************************************
 change directory - inner section
 ****************************************************************************/
-static void do_cd(char *newdir)
+static int do_cd(char *newdir)
 {
-  char *p = newdir;
-  pstring saved_dir;
-  pstring dname;
+	char *p = newdir;
+	pstring saved_dir;
+	pstring dname;
       
-  /* Save the current directory in case the
-     new directory is invalid */
-  strcpy(saved_dir, cur_dir);
-  if (*p == '\\')
-    strcpy(cur_dir,p);
-  else
-    strcat(cur_dir,p);
-  if (*(cur_dir+strlen(cur_dir)-1) != '\\') {
-    strcat(cur_dir, "\\");
-  }
-  dos_clean_name(cur_dir);
-  strcpy(dname,cur_dir);
-  strcat(cur_dir,"\\");
-  dos_clean_name(cur_dir);
-
-  if (!strequal(cur_dir,"\\"))
-    if (!chkpath(dname,True))
-      strcpy(cur_dir,saved_dir);
-
-  strcpy(cd_path,cur_dir);
+	dos_format(newdir);
+
+	/* Save the current directory in case the
+	   new directory is invalid */
+	pstrcpy(saved_dir, cur_dir);
+	if (*p == '\\')
+		pstrcpy(cur_dir,p);
+	else
+		pstrcat(cur_dir,p);
+	if (*(cur_dir+strlen(cur_dir)-1) != '\\') {
+		pstrcat(cur_dir, "\\");
+	}
+	dos_clean_name(cur_dir);
+	pstrcpy(dname,cur_dir);
+	pstrcat(cur_dir,"\\");
+	dos_clean_name(cur_dir);
+	
+	if (!strequal(cur_dir,"\\")) {
+		if (!cli_chkpath(cli, dname)) {
+			d_printf("cd %s: %s\n", dname, cli_errstr(cli));
+			pstrcpy(cur_dir,saved_dir);
+		}
+	}
+	
+	pstrcpy(cd_path,cur_dir);
+
+	return 0;
 }
 
 /****************************************************************************
 change directory
 ****************************************************************************/
-static void cmd_cd(char *inbuf,char *outbuf)
+static int cmd_cd(void)
 {
-  fstring buf;
-
-  if (next_token(NULL,buf,NULL))
-    do_cd(buf);
-  else
-    DEBUG(0,("Current directory is %s\n",CNV_LANG(cur_dir)));
-}
+	fstring buf;
+	int rc = 0;
 
+	if (next_token_nr(NULL,buf,NULL,sizeof(buf)))
+		rc = do_cd(buf);
+	else
+		d_printf("Current directory is %s\n",cur_dir);
 
-/****************************************************************************
-  display info about a file
-  ****************************************************************************/
-static void display_finfo(file_info *finfo)
-{
-  time_t t = finfo->mtime; /* the time is assumed to be passed as GMT */
-  DEBUG(0,("  %-30s%7.7s%10d  %s",
-	   CNV_LANG(finfo->name),
-	   attrib_string(finfo->mode),
-	   finfo->size,
-	   asctime(LocalTime(&t,GMT_TO_LOCAL))));
+	return rc;
 }
 
-/****************************************************************************
-  do a directory listing, calling fn on each file found
-  ****************************************************************************/
-void do_dir(char *inbuf,char *outbuf,char *Mask,int attribute,void (*fn)(),BOOL recurse_dir)
-{
-  DEBUG(5,("do_dir(%s,%x,%s)\n",Mask,attribute,BOOLSTR(recurse_dir)));
-  if (Protocol >= PROTOCOL_LANMAN2)
-    {
-      if (do_long_dir(inbuf,outbuf,Mask,attribute,fn,recurse_dir) > 0)
-	return;
-    }
-
-  expand_mask(Mask,False);
-  do_short_dir(inbuf,outbuf,Mask,attribute,fn,recurse_dir);
-  return;
-}
 
 /*******************************************************************
   decide if a file should be operated on
   ********************************************************************/
 static BOOL do_this_one(file_info *finfo)
 {
-  if (finfo->mode & aDIR) return(True);
+	if (finfo->mode & aDIR) return(True);
 
-  if (newer_than && finfo->mtime < newer_than)
-    return(False);
+	if (*fileselection && 
+	    !mask_match(finfo->name,fileselection,False)) {
+		DEBUG(3,("match_match %s failed\n", finfo->name));
+		return False;
+	}
 
-  if ((archive_level==1 || archive_level==2) && !(finfo->mode & aARCH))
-    return(False);
+	if (newer_than && finfo->mtime < newer_than) {
+		DEBUG(3,("newer_than %s failed\n", finfo->name));
+		return(False);
+	}
 
-  return(True);
+	if ((archive_level==1 || archive_level==2) && !(finfo->mode & aARCH)) {
+		DEBUG(3,("archive %s failed\n", finfo->name));
+		return(False);
+	}
+	
+	return(True);
 }
 
 /****************************************************************************
-interpret a short filename structure
-The length of the structure is returned
-****************************************************************************/
-static int interpret_short_filename(char *p,file_info *finfo)
+  display info about a file
+  ****************************************************************************/
+static void display_finfo(file_info *finfo)
 {
-  finfo->mode = CVAL(p,21);
-
-  /* this date is converted to GMT by make_unix_date */
-  finfo->ctime = make_unix_date(p+22);
-  finfo->mtime = finfo->atime = finfo->ctime;
-  finfo->size = IVAL(p,26);
-  strcpy(finfo->name,p+30);
-  
-  return(DIR_STRUCT_SIZE);
+	if (do_this_one(finfo)) {
+		time_t t = finfo->mtime; /* the time is assumed to be passed as GMT */
+		d_printf("  %-30s%7.7s %8.0f  %s",
+			 finfo->name,
+			 attrib_string(finfo->mode),
+			 (double)finfo->size,
+			 asctime(LocalTime(&t)));
+		dir_total += finfo->size;
+	}
 }
 
+
 /****************************************************************************
-interpret a long filename structure - this is mostly guesses at the moment
-The length of the structure is returned
-The structure of a long filename depends on the info level. 260 is used
-by NT and 2 is used by OS/2
-****************************************************************************/
-static int interpret_long_filename(int level,char *p,file_info *finfo)
+   accumulate size of a file
+  ****************************************************************************/
+static void do_du(file_info *finfo)
 {
-  if (finfo)
-    memcpy(finfo,&def_finfo,sizeof(*finfo));
-
-  switch (level)
-    {
-    case 1: /* OS/2 understands this */
-      if (finfo)
-	{
-	  /* these dates are converted to GMT by make_unix_date */
-	  finfo->ctime = make_unix_date2(p+4);
-	  finfo->atime = make_unix_date2(p+8);
-	  finfo->mtime = make_unix_date2(p+12);
-	  finfo->size = IVAL(p,16);
-	  finfo->mode = CVAL(p,24);
-	  strcpy(finfo->name,p+27);
+	if (do_this_one(finfo)) {
+		dir_total += finfo->size;
 	}
-      return(28 + CVAL(p,26));
+}
 
-    case 2: /* this is what OS/2 uses mostly */
-      if (finfo)
-	{
-	  /* these dates are converted to GMT by make_unix_date */
-	  finfo->ctime = make_unix_date2(p+4);
-	  finfo->atime = make_unix_date2(p+8);
-	  finfo->mtime = make_unix_date2(p+12);
-	  finfo->size = IVAL(p,16);
-	  finfo->mode = CVAL(p,24);
-	  strcpy(finfo->name,p+31);
-	}
-      return(32 + CVAL(p,30));
+static BOOL do_list_recurse;
+static BOOL do_list_dirs;
+static char *do_list_queue = 0;
+static long do_list_queue_size = 0;
+static long do_list_queue_start = 0;
+static long do_list_queue_end = 0;
+static void (*do_list_fn)(file_info *);
 
-      /* levels 3 and 4 are untested */
-    case 3:
-      if (finfo)
-	{
-	  /* these dates are probably like the other ones */
-	  finfo->ctime = make_unix_date2(p+8);
-	  finfo->atime = make_unix_date2(p+12);
-	  finfo->mtime = make_unix_date2(p+16);
-	  finfo->size = IVAL(p,20);
-	  finfo->mode = CVAL(p,28);
-	  strcpy(finfo->name,p+33);
+/****************************************************************************
+functions for do_list_queue
+  ****************************************************************************/
+
+/*
+ * The do_list_queue is a NUL-separated list of strings stored in a
+ * char*.  Since this is a FIFO, we keep track of the beginning and
+ * ending locations of the data in the queue.  When we overflow, we
+ * double the size of the char*.  When the start of the data passes
+ * the midpoint, we move everything back.  This is logically more
+ * complex than a linked list, but easier from a memory management
+ * angle.  In any memory error condition, do_list_queue is reset.
+ * Functions check to ensure that do_list_queue is non-NULL before
+ * accessing it.
+ */
+static void reset_do_list_queue(void)
+{
+	SAFE_FREE(do_list_queue);
+	do_list_queue_size = 0;
+	do_list_queue_start = 0;
+	do_list_queue_end = 0;
+}
+
+static void init_do_list_queue(void)
+{
+	reset_do_list_queue();
+	do_list_queue_size = 1024;
+	do_list_queue = malloc(do_list_queue_size);
+	if (do_list_queue == 0) { 
+		d_printf("malloc fail for size %d\n",
+			 (int)do_list_queue_size);
+		reset_do_list_queue();
+	} else {
+		memset(do_list_queue, 0, do_list_queue_size);
 	}
-      return(SVAL(p,4)+4);
+}
 
-    case 4:
-      if (finfo)
+static void adjust_do_list_queue(void)
+{
+	/*
+	 * If the starting point of the queue is more than half way through,
+	 * move everything toward the beginning.
+	 */
+	if (do_list_queue && (do_list_queue_start == do_list_queue_end))
 	{
-	  /* these dates are probably like the other ones */
-	  finfo->ctime = make_unix_date2(p+8);
-	  finfo->atime = make_unix_date2(p+12);
-	  finfo->mtime = make_unix_date2(p+16);
-	  finfo->size = IVAL(p,20);
-	  finfo->mode = CVAL(p,28);
-	  strcpy(finfo->name,p+37);
+		DEBUG(4,("do_list_queue is empty\n"));
+		do_list_queue_start = do_list_queue_end = 0;
+		*do_list_queue = '\0';
 	}
-      return(SVAL(p,4)+4);
-
-    case 260: /* NT uses this, but also accepts 2 */
-      if (finfo)
+	else if (do_list_queue_start > (do_list_queue_size / 2))
 	{
-	  int ret = SVAL(p,0);
-	  int namelen;
-	  p += 4; /* next entry offset */
-	  p += 4; /* fileindex */
-
-	  /* these dates appear to arrive in a weird way. It seems to
-	     be localtime plus the serverzone given in the initial
-	     connect. This is GMT when DST is not in effect and one
-	     hour from GMT otherwise. Can this really be right??
-
-	     I suppose this could be called kludge-GMT. Is is the GMT
-	     you get by using the current DST setting on a different
-	     localtime. It will be cheap to calculate, I suppose, as
-	     no DST tables will be needed */
-
-	  finfo->ctime = interpret_long_date(p); p += 8;
-	  finfo->atime = interpret_long_date(p); p += 8;
-	  finfo->mtime = interpret_long_date(p); p += 8; p += 8;
-	  finfo->size = IVAL(p,0); p += 8;
-	  p += 8; /* alloc size */
-	  finfo->mode = CVAL(p,0); p += 4;
-	  namelen = IVAL(p,0); p += 4;
-	  p += 4; /* EA size */
-	  p += 2; /* short name len? */
-	  p += 24; /* short name? */	  
-	  StrnCpy(finfo->name,p,namelen);
-	  return(ret);
+		DEBUG(4,("sliding do_list_queue backward\n"));
+		memmove(do_list_queue,
+			do_list_queue + do_list_queue_start,
+			do_list_queue_end - do_list_queue_start);
+		do_list_queue_end -= do_list_queue_start;
+		do_list_queue_start = 0;
 	}
-      return(SVAL(p,0));
-    }
-
-  DEBUG(1,("Unknown long filename format %d\n",level));
-  return(SVAL(p,0));
+	   
 }
 
-
-
-
-/****************************************************************************
-  act on the files in a dir listing
-  ****************************************************************************/
-static void dir_action(char *inbuf,char *outbuf,int attribute,file_info *finfo,BOOL recurse_dir,void (*fn)(),BOOL longdir)
+static void add_to_do_list_queue(const char* entry)
 {
-
-  if (!((finfo->mode & aDIR) == 0 && *fileselection && 
-	!mask_match(finfo->name,fileselection,False,False)) &&
-      !(recurse_dir && (strequal(finfo->name,".") || 
-			strequal(finfo->name,".."))))
-    {
-      if (recurse_dir && (finfo->mode & aDIR))
+	char *dlq;
+	long new_end = do_list_queue_end + ((long)strlen(entry)) + 1;
+	while (new_end > do_list_queue_size)
 	{
-	  pstring mask2;
-	  pstring sav_dir;
-	  strcpy(sav_dir,cur_dir);
-	  strcat(cur_dir,finfo->name);
-	  strcat(cur_dir,"\\");
-	  strcpy(mask2,cur_dir);
-
-	  if (!fn)
-	    DEBUG(0,("\n%s\n",CNV_LANG(cur_dir)));
-
-	  strcat(mask2,"*");
-
-	  if (longdir)
-	    do_long_dir(inbuf,outbuf,mask2,attribute,fn,True);      
-	  else
-	    do_dir(inbuf,outbuf,mask2,attribute,fn,True);
-
-	  strcpy(cur_dir,sav_dir);
+		do_list_queue_size *= 2;
+		DEBUG(4,("enlarging do_list_queue to %d\n",
+			 (int)do_list_queue_size));
+		dlq = Realloc(do_list_queue, do_list_queue_size);
+		if (! dlq) {
+			d_printf("failure enlarging do_list_queue to %d bytes\n",
+				 (int)do_list_queue_size);
+			reset_do_list_queue();
+		}
+		else
+		{
+			do_list_queue = dlq;
+			memset(do_list_queue + do_list_queue_size / 2,
+			       0, do_list_queue_size / 2);
+		}
 	}
-      else
+	if (do_list_queue)
 	{
-	  if (fn && do_this_one(finfo))
-	    fn(finfo);
+		pstrcpy(do_list_queue + do_list_queue_end, entry);
+		do_list_queue_end = new_end;
+		DEBUG(4,("added %s to do_list_queue (start=%d, end=%d)\n",
+			 entry, (int)do_list_queue_start, (int)do_list_queue_end));
 	}
-    }
 }
 
-
-/****************************************************************************
-  do a directory listing, calling fn on each file found
-  ****************************************************************************/
-static int do_short_dir(char *inbuf,char *outbuf,char *Mask,int attribute,void (*fn)(),BOOL recurse_dir)
+static char *do_list_queue_head(void)
 {
-  char *p;
-  int received = 0;
-  BOOL first = True;
-  char status[21];
-  int num_asked = (max_xmit - 100)/DIR_STRUCT_SIZE;
-  int num_received = 0;
-  int i;
-  char *dirlist = NULL;
-  pstring mask;
-  file_info finfo;
-
-  finfo = def_finfo;
-
-  bzero(status,21);
-
-  strcpy(mask,Mask);
-  
-  while (1)
-    {
-      bzero(outbuf,smb_size);
-      if (first)	
-	set_message(outbuf,2,5 + strlen(mask),True);
-      else
-	set_message(outbuf,2,5 + 21,True);
-
-#if FFIRST
-      if (Protocol >= PROTOCOL_LANMAN1)
-	CVAL(outbuf,smb_com) = SMBffirst;
-      else
-#endif
-	CVAL(outbuf,smb_com) = SMBsearch;
-
-      SSVAL(outbuf,smb_tid,cnum);
-      setup_pkt(outbuf);
+	return do_list_queue + do_list_queue_start;
+}
 
-      SSVAL(outbuf,smb_vwv0,num_asked);
-      SSVAL(outbuf,smb_vwv1,attribute);
-  
-      p = smb_buf(outbuf);
-      *p++ = 4;
-      
-      if (first)
-	strcpy(p,mask);
-      else
-	strcpy(p,"");
-      p += strlen(p) + 1;
-      
-      *p++ = 5;
-      if (first)
-	SSVAL(p,0,0);
-      else
+static void remove_do_list_queue_head(void)
+{
+	if (do_list_queue_end > do_list_queue_start)
 	{
-	  SSVAL(p,0,21);
-	  p += 2;
-	  memcpy(p,status,21);
+		do_list_queue_start += strlen(do_list_queue_head()) + 1;
+		adjust_do_list_queue();
+		DEBUG(4,("removed head of do_list_queue (start=%d, end=%d)\n",
+			 (int)do_list_queue_start, (int)do_list_queue_end));
 	}
+}
 
-      send_smb(Client,outbuf);
-      receive_smb(Client,inbuf,CLIENT_TIMEOUT);
-
-      received = SVAL(inbuf,smb_vwv0);
-
-      DEBUG(5,("dir received %d\n",received));
-
-      DEBUG(6,("errstr=%s\n",smb_errstr(inbuf)));
-
-      if (received <= 0) break;
-
-      first = False;
-
-      dirlist = Realloc(dirlist,(num_received + received)*DIR_STRUCT_SIZE);
-
-      if (!dirlist) 
-	return 0;
-
-      p = smb_buf(inbuf) + 3;
-
-      memcpy(dirlist+num_received*DIR_STRUCT_SIZE,
-	     p,received*DIR_STRUCT_SIZE);
-
-      memcpy(status,p + ((received-1)*DIR_STRUCT_SIZE),21);
-
-      num_received += received;
-
-      if (CVAL(inbuf,smb_rcls) != 0) break;
-    }
-
-#if FFIRST
-  if (!first && Protocol >= PROTOCOL_LANMAN1)
-    {
-      bzero(outbuf,smb_size);
-      CVAL(outbuf,smb_com) = SMBfclose;
-
-      SSVAL(outbuf,smb_tid,cnum);
-      setup_pkt(outbuf);
-
-      p = smb_buf(outbuf);
-      *p++ = 4;
-      
-      strcpy(p,"");
-      p += strlen(p) + 1;
-      
-      *p++ = 5;
-      SSVAL(p,0,21);
-      p += 2;
-      memcpy(p,status,21);
-
-      send_smb(Client,outbuf);
-      receive_smb(Client,inbuf,CLIENT_TIMEOUT,False);
-
-      if (CVAL(inbuf,smb_rcls) != 0) 
-	DEBUG(0,("Error closing search: %s\n",smb_errstr(inbuf)));      
-    }
-#endif
-
-  if (!fn)
-    for (p=dirlist,i=0;i<num_received;i++)
-      {
-	p += interpret_short_filename(p,&finfo);
-	display_finfo(&finfo);
-      }
-
-  for (p=dirlist,i=0;i<num_received;i++)
-    {
-      p += interpret_short_filename(p,&finfo);
-      dir_action(inbuf,outbuf,attribute,&finfo,recurse_dir,fn,False);
-    }
-
-  if (dirlist) free(dirlist);
-  return(num_received);
+static int do_list_queue_empty(void)
+{
+	return (! (do_list_queue && *do_list_queue));
 }
 
 /****************************************************************************
-  receive a SMB trans or trans2 response allocating the necessary memory
+a helper for do_list
   ****************************************************************************/
-static BOOL receive_trans_response(char *inbuf,int trans,
-                                   int *data_len,int *param_len,
-				      char **data,char **param)
+static void do_list_helper(file_info *f, const char *mask, void *state)
 {
-  int total_data=0;
-  int total_param=0;
-  int this_data,this_param;
-
-  *data_len = *param_len = 0;
-
-  receive_smb(Client,inbuf,CLIENT_TIMEOUT);
-  show_msg(inbuf);
-
-  /* sanity check */
-  if (CVAL(inbuf,smb_com) != trans)
-    {
-      DEBUG(0,("Expected %s response, got command 0x%02x\n",
-	       trans==SMBtrans?"SMBtrans":"SMBtrans2", CVAL(inbuf,smb_com)));
-      return(False);
-    }
-  if (CVAL(inbuf,smb_rcls) != 0)
-    return(False);
-
-  /* parse out the lengths */
-  total_data = SVAL(inbuf,smb_tdrcnt);
-  total_param = SVAL(inbuf,smb_tprcnt);
-
-  /* allocate it */
-  *data = Realloc(*data,total_data);
-  *param = Realloc(*param,total_param);
-
-  while (1)
-    {
-      this_data = SVAL(inbuf,smb_drcnt);
-      this_param = SVAL(inbuf,smb_prcnt);
-      if (this_data)
-	memcpy(*data + SVAL(inbuf,smb_drdisp),
-	       smb_base(inbuf) + SVAL(inbuf,smb_droff),
-	       this_data);
-      if (this_param)
-	memcpy(*param + SVAL(inbuf,smb_prdisp),
-	       smb_base(inbuf) + SVAL(inbuf,smb_proff),
-	       this_param);
-      *data_len += this_data;
-      *param_len += this_param;
-
-      /* parse out the total lengths again - they can shrink! */
-      total_data = SVAL(inbuf,smb_tdrcnt);
-      total_param = SVAL(inbuf,smb_tprcnt);
-
-      if (total_data <= *data_len && total_param <= *param_len)
-	break;
-
-      receive_smb(Client,inbuf,CLIENT_TIMEOUT);
-      show_msg(inbuf);
-
-      /* sanity check */
-      if (CVAL(inbuf,smb_com) != trans)
-	{
-	  DEBUG(0,("Expected %s response, got command 0x%02x\n",
-		   trans==SMBtrans?"SMBtrans":"SMBtrans2", CVAL(inbuf,smb_com)));
-	  return(False);
+	if (f->mode & aDIR) {
+		if (do_list_dirs && do_this_one(f)) {
+			do_list_fn(f);
+		}
+		if (do_list_recurse && 
+		    !strequal(f->name,".") && 
+		    !strequal(f->name,"..")) {
+			pstring mask2;
+			char *p;
+
+			pstrcpy(mask2, mask);
+			p = strrchr_m(mask2,'\\');
+			if (!p) return;
+			p[1] = 0;
+			pstrcat(mask2, f->name);
+			pstrcat(mask2,"\\*");
+			add_to_do_list_queue(mask2);
+		}
+		return;
+	}
+
+	if (do_this_one(f)) {
+		do_list_fn(f);
 	}
-      if (CVAL(inbuf,smb_rcls) != 0)
-	  return(False);
-    }
-  
-  return(True);
 }
 
+
 /****************************************************************************
-  do a directory listing, calling fn on each file found. Use the TRANSACT2
-  call for long filenames
+a wrapper around cli_list that adds recursion
   ****************************************************************************/
-static int do_long_dir(char *inbuf,char *outbuf,char *Mask,int attribute,void (*fn)(),BOOL recurse_dir)
+void do_list(const char *mask,uint16 attribute,void (*fn)(file_info *),BOOL rec, BOOL dirs)
 {
-  int max_matches = 512;
-  int info_level = Protocol<PROTOCOL_NT1?1:260; /* NT uses 260, OS/2 uses 2. Both accept 1. */
-  char *p;
-  pstring mask;
-  file_info finfo;
-  int i;
-  char *dirlist = NULL;
-  int dirlist_len = 0;
-  int total_received = 0;
-  BOOL First = True;
-  char *resp_data=NULL;
-  char *resp_param=NULL;
-  int resp_data_len = 0;
-  int resp_param_len=0;
-
-  int ff_resume_key = 0;
-  int ff_searchcount=0;
-  int ff_eos=0;
-  int ff_lastname=0;
-  int ff_dir_handle=0;
-  int loop_count = 0;
-
-  uint16 setup;
-  pstring param;
-
-  strcpy(mask,Mask);
-
-  while (ff_eos == 0)
-    {
-      loop_count++;
-      if (loop_count > 200)
-	{
-	  DEBUG(0,("ERROR: Looping in FIND_NEXT??\n"));
-	  break;
-	}
+	static int in_do_list = 0;
 
-      if (First)
-	{
-	  setup = TRANSACT2_FINDFIRST;
-	  SSVAL(param,0,attribute); /* attribute */
-	  SSVAL(param,2,max_matches); /* max count */
-	  SSVAL(param,4,8+4+2);	/* resume required + close on end + continue */
-	  SSVAL(param,6,info_level); 
-	  SIVAL(param,8,0);
-	  strcpy(param+12,mask);
-	}
-      else
+	if (in_do_list && rec)
 	{
-	  setup = TRANSACT2_FINDNEXT;
-	  SSVAL(param,0,ff_dir_handle);
-	  SSVAL(param,2,max_matches); /* max count */
-	  SSVAL(param,4,info_level); 
-	  SIVAL(param,6,ff_resume_key); /* ff_resume_key */
-	  SSVAL(param,10,8+4+2);	/* resume required + close on end + continue */
-	  strcpy(param+12,mask);
-
-	  DEBUG(5,("hand=0x%X resume=%d ff_lastname=%d mask=%s\n",
-		   ff_dir_handle,ff_resume_key,ff_lastname,mask));
+		fprintf(stderr, "INTERNAL ERROR: do_list called recursively when the recursive flag is true\n");
+		exit(1);
 	}
-      /* ??? original code added 1 pad byte after param */
 
-      send_trans_request(outbuf,SMBtrans2,NULL,FID_UNUSED,0,
-			 NULL,param,&setup,
-			 0,12+strlen(mask)+1,1,
-			 BUFFER_SIZE,10,0);
+	in_do_list = 1;
 
-      if (!receive_trans_response(inbuf,SMBtrans2,
-			      &resp_data_len,&resp_param_len,
-			          &resp_data,&resp_param))
-	{
-	  DEBUG(3,("FIND%s gave %s\n",First?"FIRST":"NEXT",smb_errstr(inbuf)));
-	  break;
-	}
+	do_list_recurse = rec;
+	do_list_dirs = dirs;
+	do_list_fn = fn;
 
-      /* parse out some important return info */
-      p = resp_param;
-      if (First)
+	if (rec)
 	{
-	  ff_dir_handle = SVAL(p,0);
-	  ff_searchcount = SVAL(p,2);
-	  ff_eos = SVAL(p,4);
-	  ff_lastname = SVAL(p,8);
+		init_do_list_queue();
+		add_to_do_list_queue(mask);
+		
+		while (! do_list_queue_empty())
+		{
+			/*
+			 * Need to copy head so that it doesn't become
+			 * invalid inside the call to cli_list.  This
+			 * would happen if the list were expanded
+			 * during the call.
+			 * Fix from E. Jay Berkenbilt (ejb@ql.org)
+			 */
+			pstring head;
+			pstrcpy(head, do_list_queue_head());
+			cli_list(cli, head, attribute, do_list_helper, NULL);
+			remove_do_list_queue_head();
+			if ((! do_list_queue_empty()) && (fn == display_finfo))
+			{
+				char* next_file = do_list_queue_head();
+				char* save_ch = 0;
+				if ((strlen(next_file) >= 2) &&
+				    (next_file[strlen(next_file) - 1] == '*') &&
+				    (next_file[strlen(next_file) - 2] == '\\'))
+				{
+					save_ch = next_file +
+						strlen(next_file) - 2;
+					*save_ch = '\0';
+				}
+				d_printf("\n%s\n",next_file);
+				if (save_ch)
+				{
+					*save_ch = '\\';
+				}
+			}
+		}
 	}
-      else
+	else
 	{
-	  ff_searchcount = SVAL(p,0);
-	  ff_eos = SVAL(p,2);
-	  ff_lastname = SVAL(p,6);
+		if (cli_list(cli, mask, attribute, do_list_helper, NULL) == -1)
+		{
+			d_printf("%s listing %s\n", cli_errstr(cli), mask);
+		}
 	}
 
-      if (ff_searchcount == 0) 
-	break;
-
-      /* point to the data bytes */
-      p = resp_data;
+	in_do_list = 0;
+	reset_do_list_queue();
+}
 
-      /* we might need the lastname for continuations */
-      if (ff_lastname > 0)
-	{
-	  switch(info_level)
-	    {
-	    case 260:
-	      ff_resume_key =0;
-	      StrnCpy(mask,p+ff_lastname,resp_data_len-ff_lastname);
-	      /* strcpy(mask,p+ff_lastname+94); */
-	      break;
-	    case 1:
-	      strcpy(mask,p + ff_lastname + 1);
-	      ff_resume_key = 0;
-	      break;
-	    }
+/****************************************************************************
+  get a directory listing
+  ****************************************************************************/
+static int cmd_dir(void)
+{
+	uint16 attribute = aDIR | aSYSTEM | aHIDDEN;
+	pstring mask;
+	fstring buf;
+	char *p=buf;
+	int rc;
+	
+	dir_total = 0;
+	pstrcpy(mask,cur_dir);
+	if(mask[strlen(mask)-1]!='\\')
+		pstrcat(mask,"\\");
+	
+	if (next_token_nr(NULL,buf,NULL,sizeof(buf))) {
+		dos_format(p);
+		if (*p == '\\')
+			pstrcpy(mask,p);
+		else
+			pstrcat(mask,p);
 	}
-      else
-	strcpy(mask,"");
-  
-      /* and add them to the dirlist pool */
-      dirlist = Realloc(dirlist,dirlist_len + resp_data_len);
-
-      if (!dirlist)
-	{
-	  DEBUG(0,("Failed to expand dirlist\n"));
-	  break;
+	else {
+		pstrcat(mask,"*");
 	}
 
-      /* put in a length for the last entry, to ensure we can chain entries 
-	 into the next packet */
-      {
-	char *p2;
-	for (p2=p,i=0;i<(ff_searchcount-1);i++)
-	  p2 += interpret_long_filename(info_level,p2,NULL);
-	SSVAL(p2,0,resp_data_len - PTR_DIFF(p2,p));
-      }
-
-      /* grab the data for later use */
-      memcpy(dirlist+dirlist_len,p,resp_data_len);
-      dirlist_len += resp_data_len;
-
-      total_received += ff_searchcount;
-
-      if (resp_data) free(resp_data); resp_data = NULL;
-      if (resp_param) free(resp_param); resp_param = NULL;
-
-      DEBUG(3,("received %d entries (eos=%d resume=%d)\n",
-	       ff_searchcount,ff_eos,ff_resume_key));
-
-      First = False;
-    }
-
-  if (!fn)
-    for (p=dirlist,i=0;i<total_received;i++)
-      {
-	p += interpret_long_filename(info_level,p,&finfo);
-	display_finfo(&finfo);
-      }
-
-  for (p=dirlist,i=0;i<total_received;i++)
-    {
-      p += interpret_long_filename(info_level,p,&finfo);
-      dir_action(inbuf,outbuf,attribute,&finfo,recurse_dir,fn,True);
-    }
-
-  /* free up the dirlist buffer */
-  if (dirlist) free(dirlist);
-  return(total_received);
+	do_list(mask, attribute, display_finfo, recurse, True);
+
+	rc = do_dskattr();
+
+	DEBUG(3, ("Total bytes listed: %.0f\n", dir_total));
+
+	return rc;
 }
 
 
 /****************************************************************************
   get a directory listing
   ****************************************************************************/
-static void cmd_dir(char *inbuf,char *outbuf)
+static int cmd_du(void)
 {
-  int attribute = aDIR | aSYSTEM | aHIDDEN;
-  pstring mask;
-  fstring buf;
-  char *p=buf;
-
-  strcpy(mask,cur_dir);
-  if(mask[strlen(mask)-1]!='\\')
-    strcat(mask,"\\");
-
-  if (next_token(NULL,buf,NULL))
-    {
-      if (*p == '\\')
-	strcpy(mask,p);
-      else
-	strcat(mask,p);
-    }
-  else {
-    strcat(mask,"*");
-  }
-
-  do_dir(inbuf,outbuf,mask,attribute,NULL,recurse);
-
-  do_dskattr();
-}
+	uint16 attribute = aDIR | aSYSTEM | aHIDDEN;
+	pstring mask;
+	fstring buf;
+	char *p=buf;
+	int rc;
+	
+	dir_total = 0;
+	pstrcpy(mask,cur_dir);
+	if(mask[strlen(mask)-1]!='\\')
+		pstrcat(mask,"\\");
+	
+	if (next_token_nr(NULL,buf,NULL,sizeof(buf))) {
+		dos_format(p);
+		if (*p == '\\')
+			pstrcpy(mask,p);
+		else
+			pstrcat(mask,p);
+	} else {
+		pstrcat(mask,"*");
+	}
+
+	do_list(mask, attribute, do_du, recurse, True);
+
+	rc = do_dskattr();
+
+	d_printf("Total number of bytes: %.0f\n", dir_total);
 
+	return rc;
+}
 
 
 /****************************************************************************
   get a file from rname to lname
   ****************************************************************************/
-static void do_get(char *rname,char *lname,file_info *finfo1)
+static int do_get(char *rname,char *lname)
 {  
-  int handle=0,fnum;
-  uint32 nread=0;
-  char *p;
-  BOOL newhandle = False;
-  char *inbuf,*outbuf;
-  file_info finfo;
-  BOOL close_done = False;
-  BOOL ignore_close_error = False;
-  char *dataptr=NULL;
-  int datalen=0;
-
-  struct timeval tp_start;
-  GetTimeOfDay(&tp_start);
-
-  if (finfo1) 
-    finfo = *finfo1;
-  else
-    finfo = def_finfo;
-
-  if (lowercase)
-    strlower(lname);
-
-
-  inbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
-  outbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
-
-  if (!inbuf || !outbuf)
-    {
-      DEBUG(0,("out of memory\n"));
-      return;
-    }
-
-  bzero(outbuf,smb_size);
-  set_message(outbuf,15,1 + strlen(rname),True);
-
-  CVAL(outbuf,smb_com) = SMBopenX;
-  SSVAL(outbuf,smb_tid,cnum);
-  setup_pkt(outbuf);
-
-  SSVAL(outbuf,smb_vwv0,0xFF);
-  SSVAL(outbuf,smb_vwv2,1);
-  SSVAL(outbuf,smb_vwv3,(DENY_NONE<<4));
-  SSVAL(outbuf,smb_vwv4,aSYSTEM | aHIDDEN);
-  SSVAL(outbuf,smb_vwv5,aSYSTEM | aHIDDEN);
-  SSVAL(outbuf,smb_vwv8,1);
-  
-  p = smb_buf(outbuf);
-  strcpy(p,rname);
-  p = skip_string(p,1);
-
-  /* do a chained openX with a readX? */
-#if 1
-  if (finfo.size > 0)
-    {
-      DEBUG(3,("Chaining readX wth openX\n"));
-      SSVAL(outbuf,smb_vwv0,SMBreadX);
-      SSVAL(outbuf,smb_vwv1,smb_offset(p,outbuf));
-      bzero(p,200);
-      p -= smb_wct;
-      SSVAL(p,smb_wct,10);
-      SSVAL(p,smb_vwv0,0xFF);
-      SSVAL(p,smb_vwv5,MIN(max_xmit-500,finfo.size));
-      SSVAL(p,smb_vwv9,MIN(BUFFER_SIZE,finfo.size));
-      smb_setlen(outbuf,smb_len(outbuf)+11*2+1);  
-    }
-#endif
-
-  if(!strcmp(lname,"-"))
-    handle = fileno(stdout);
-  else 
-    {
-      handle = creat(lname,0644);
-      newhandle = True;
-    }
-  if (handle < 0)
-    {
-      DEBUG(0,("Error opening local file %s\n",lname));
-      free(inbuf);free(outbuf);
-      return;
-    }
-
-  send_smb(Client,outbuf);
-  receive_smb(Client,inbuf,CLIENT_TIMEOUT);
-
-  if (CVAL(inbuf,smb_rcls) != 0)
-    {
-      if (CVAL(inbuf,smb_rcls) == ERRSRV &&
-	  SVAL(inbuf,smb_err) == ERRnoresource &&
-	  reopen_connection(inbuf,outbuf))
-	{
-	  do_get(rname,lname,finfo1);
-	  return;
+	int handle=0,fnum;
+	BOOL newhandle = False;
+	char *data;
+	struct timeval tp_start;
+	int read_size = io_bufsize;
+	uint16 attr;
+	size_t size;
+	off_t nread = 0;
+	int rc = 0;
+
+	GetTimeOfDay(&tp_start);
+
+	if (lowercase) {
+		strlower(lname);
 	}
-      DEBUG(0,("%s opening remote file %s\n",smb_errstr(inbuf),CNV_LANG(rname)));
-      if(newhandle)
-	close(handle);
-      free(inbuf);free(outbuf);
-      return;
-    }
-
-  strcpy(finfo.name,rname);
-
-  if (!finfo1)
-    {
-      finfo.mode = SVAL(inbuf,smb_vwv3);
-      /* these times arrive as LOCAL time, using the DST offset 
-	 corresponding to that time, we convert them to GMT */
-      finfo.mtime = make_unix_date3(inbuf+smb_vwv4);
-      finfo.atime = finfo.ctime = finfo.mtime;
-      finfo.size = IVAL(inbuf,smb_vwv6);
-    }
-
-  DEBUG(3,("file %s attrib 0x%X\n",CNV_LANG(finfo.name),finfo.mode));
-
-  fnum = SVAL(inbuf,smb_vwv2);
-
-  /* we might have got some data from a chained readX */
-  if (SVAL(inbuf,smb_vwv0) == SMBreadX)
-    {
-      p = (smb_base(inbuf)+SVAL(inbuf,smb_vwv1)) - smb_wct;
-      datalen = SVAL(p,smb_vwv5);
-      dataptr = smb_base(inbuf) + SVAL(p,smb_vwv6);
-    }
-  else
-    {
-      dataptr = NULL;
-      datalen = 0;
-    }
-
-
-  DEBUG(2,("getting file %s of size %d bytes as %s ",
-	   CNV_LANG(finfo.name),
-	   finfo.size,
-	   lname));
-
-  while (nread < finfo.size && !close_done)
-    {
-      int method = -1;
-      static BOOL can_chain_close = True;
-
-      p=NULL;
-      
-      DEBUG(3,("nread=%d max_xmit=%d fsize=%d\n",nread,max_xmit,finfo.size));
 
-      /* 3 possible read types. readbraw if a large block is required.
-	 readX + close if not much left and read if neither is supported */
+	fnum = cli_open(cli, rname, O_RDONLY, DENY_NONE);
+
+	if (fnum == -1) {
+		d_printf("%s opening remote file %s\n",cli_errstr(cli),rname);
+		return 1;
+	}
 
-      /* we might have already read some data from a chained readX */
-      if (dataptr && datalen>0)
-	method=3;
+	if(!strcmp(lname,"-")) {
+		handle = fileno(stdout);
+	} else {
+		handle = sys_open(lname,O_WRONLY|O_CREAT|O_TRUNC,0644);
+		newhandle = True;
+	}
+	if (handle < 0) {
+		d_printf("Error opening local file %s\n",lname);
+		return 1;
+	}
 
-      /* if we can finish now then readX+close */
-      if (method<0 && can_chain_close && (Protocol >= PROTOCOL_LANMAN1) && 
-	  ((finfo.size - nread) < 
-	   (max_xmit - (2*smb_size + 13*SIZEOFWORD + 300))))
-	method = 0;
 
-      /* if we support readraw then use that */
-      if (method<0 && readbraw_supported)
-	method = 1;
+	if (!cli_qfileinfo(cli, fnum, 
+			   &attr, &size, NULL, NULL, NULL, NULL, NULL) &&
+	    !cli_getattrE(cli, fnum, 
+			  &attr, &size, NULL, NULL, NULL)) {
+		d_printf("getattrib: %s\n",cli_errstr(cli));
+		return 1;
+	}
 
-      /* if we can then use readX */
-      if (method<0 && (Protocol >= PROTOCOL_LANMAN1))
-	method = 2;
+	DEBUG(2,("getting file %s of size %.0f as %s ", 
+		 lname, (double)size, lname));
 
-      switch (method)
-	{
-	  /* use readX */
-	case 0:
-	case 2:
-	  if (method == 0)
-	    close_done = True;
-	    
-	  /* use readX + close */
-	  bzero(outbuf,smb_size);
-	  set_message(outbuf,10,0,True);
-	  CVAL(outbuf,smb_com) = SMBreadX;
-	  SSVAL(outbuf,smb_tid,cnum);
-	  setup_pkt(outbuf);
-	  
-	  if (close_done)
-	    {
-	      CVAL(outbuf,smb_vwv0) = SMBclose;
-	      SSVAL(outbuf,smb_vwv1,smb_offset(smb_buf(outbuf),outbuf));
-	    }
-	  else
-	    CVAL(outbuf,smb_vwv0) = 0xFF;	      
-	  
-	  SSVAL(outbuf,smb_vwv2,fnum);
-	  SIVAL(outbuf,smb_vwv3,nread);
-	  SSVAL(outbuf,smb_vwv5,MIN(max_xmit-200,finfo.size - nread));
-	  SSVAL(outbuf,smb_vwv6,0);
-	  SIVAL(outbuf,smb_vwv7,0);
-	  SSVAL(outbuf,smb_vwv9,MIN(BUFFER_SIZE,finfo.size-nread));
-	  
-	  if (close_done)
-	    {
-	      p = smb_buf(outbuf);
-	      bzero(p,9);
-	      
-	      CVAL(p,0) = 3;
-	      SSVAL(p,1,fnum);
-	      SIVALS(p,3,-1);
-	      
-	      /* now set the total packet length */
-	      smb_setlen(outbuf,smb_len(outbuf)+9);
-	    }
-	  
-	  send_smb(Client,outbuf);
-	  receive_smb(Client,inbuf,CLIENT_TIMEOUT);
-	  
-	  if (CVAL(inbuf,smb_rcls) != 0)
-	    {
-	      DEBUG(0,("Error %s reading remote file\n",smb_errstr(inbuf)));
-	      break;
-	    }
-	  
-	  if (close_done &&
-	      SVAL(inbuf,smb_vwv0) != SMBclose)
-	    {
-	      /* NOTE: WfWg sometimes just ignores the chained
-		 command! This seems to break the spec? */
-	      DEBUG(3,("Rejected chained close?\n"));
-	      close_done = False;
-	      can_chain_close = False;
-	      ignore_close_error = True;
-	    }
-	  
-	  datalen = SVAL(inbuf,smb_vwv5);
-	  dataptr = smb_base(inbuf) + SVAL(inbuf,smb_vwv6);
-	  break;
-
-	  /* use readbraw */
-	case 1:
-	  {
-	    static int readbraw_size = BUFFER_SIZE;
-	  
-	    extern int Client;
-	    bzero(outbuf,smb_size);
-	    set_message(outbuf,8,0,True);
-	    CVAL(outbuf,smb_com) = SMBreadbraw;
-	    SSVAL(outbuf,smb_tid,cnum);
-	    setup_pkt(outbuf);
-	    SSVAL(outbuf,smb_vwv0,fnum);
-	    SIVAL(outbuf,smb_vwv1,nread);
-	    SSVAL(outbuf,smb_vwv3,MIN(finfo.size-nread,readbraw_size));
-	    SSVAL(outbuf,smb_vwv4,0);
-	    SIVALS(outbuf,smb_vwv5,-1);
-	    send_smb(Client,outbuf);
-
-	    /* Now read the raw data into the buffer and write it */	  
-	    if(read_smb_length(Client,inbuf,0) == -1) {
-	      DEBUG(0,("Failed to read length in readbraw\n"));	    
-	      exit(1);
-	    }
-	    
-	    /* Even though this is not an smb message, smb_len
-	       returns the generic length of an smb message */
-	    datalen = smb_len(inbuf);
-
-	    if (datalen == 0)
-	      {
-		/* we got a readbraw error */
-		DEBUG(4,("readbraw error - reducing size\n"));
-		readbraw_size = (readbraw_size * 9) / 10;
-		
-		if (readbraw_size < max_xmit)
-		  {
-		    DEBUG(0,("disabling readbraw\n"));
-		    readbraw_supported = False;
-		  }
-		
-		dataptr=NULL;
-		continue;
-	      }
-
-	    if(read_data(Client,inbuf,datalen) != datalen) {
-	      DEBUG(0,("Failed to read data in readbraw\n"));
-	      exit(1);
-	    }
-	    dataptr = inbuf;
-	  }
-	  break;
-
-	case 3:
-	  /* we've already read some data with a chained readX */
-	  break;
-
-	default:
-	  /* use plain read */
-	  bzero(outbuf,smb_size);
-	  set_message(outbuf,5,0,True);
-	  CVAL(outbuf,smb_com) = SMBread;
-	  SSVAL(outbuf,smb_tid,cnum);
-	  setup_pkt(outbuf);
-
-	  SSVAL(outbuf,smb_vwv0,fnum);
-	  SSVAL(outbuf,smb_vwv1,MIN(max_xmit-200,finfo.size - nread));
-	  SIVAL(outbuf,smb_vwv2,nread);
-	  SSVAL(outbuf,smb_vwv4,finfo.size - nread);
-
-	  send_smb(Client,outbuf);
-	  receive_smb(Client,inbuf,CLIENT_TIMEOUT);
-
-	  if (CVAL(inbuf,smb_rcls) != 0)
-	    {
-	      DEBUG(0,("Error %s reading remote file\n",smb_errstr(inbuf)));
-	      break;
-	    }
-
-	  datalen = SVAL(inbuf,smb_vwv0);
-	  dataptr = smb_buf(inbuf) + 3;
-	  break;
+	if(!(data = (char *)malloc(read_size))) { 
+		d_printf("malloc fail for size %d\n", read_size);
+		cli_close(cli, fnum);
+		return 1;
 	}
+
+	while (1) {
+		int n = cli_read(cli, fnum, data, nread, read_size);
+
+		if (n <= 0) break;
  
-      if (writefile(handle,dataptr,datalen) != datalen)
-	{
-	  DEBUG(0,("Error writing local file\n"));
-	  break;
-	}
+		if (writefile(handle,data, n) != n) {
+			d_printf("Error writing local file\n");
+			rc = 1;
+			break;
+		}
       
-      nread += datalen;
-      if (datalen == 0) 
-	{
-	  DEBUG(0,("Error reading file %s. Got %d bytes\n",CNV_LANG(rname),nread));
-	  break;
+		nread += n;
 	}
 
-      dataptr=NULL;
-      datalen=0;
-    }
+	if (nread < size) {
+		DEBUG (0, ("Short read when getting file %s. Only got %ld bytes.\n",
+			    rname, (long)nread));
 
+		rc = 1;
+	}
 
+	SAFE_FREE(data);
+	
+	if (!cli_close(cli, fnum)) {
+		d_printf("Error %s closing remote file\n",cli_errstr(cli));
+		rc = 1;
+	}
+
+	if (newhandle) {
+		close(handle);
+	}
+
+	if (archive_level >= 2 && (attr & aARCH)) {
+		cli_setatr(cli, rname, attr & ~(uint16)aARCH, 0);
+	}
 
-  if (!close_done)
-    {
-      bzero(outbuf,smb_size);
-      set_message(outbuf,3,0,True);
-      CVAL(outbuf,smb_com) = SMBclose;
-      SSVAL(outbuf,smb_tid,cnum);
-      setup_pkt(outbuf);
-      
-      SSVAL(outbuf,smb_vwv0,fnum);
-      SIVALS(outbuf,smb_vwv1,-1);
-      
-      send_smb(Client,outbuf);
-      receive_smb(Client,inbuf,CLIENT_TIMEOUT);
-      
-      if (!ignore_close_error && CVAL(inbuf,smb_rcls) != 0)
 	{
-	  DEBUG(0,("Error %s closing remote file\n",smb_errstr(inbuf)));
-	  if(newhandle)
-	    close(handle);
-	  free(inbuf);free(outbuf);
-	  return;
+		struct timeval tp_end;
+		int this_time;
+		
+		GetTimeOfDay(&tp_end);
+		this_time = 
+			(tp_end.tv_sec - tp_start.tv_sec)*1000 +
+			(tp_end.tv_usec - tp_start.tv_usec)/1000;
+		get_total_time_ms += this_time;
+		get_total_size += nread;
+		
+		DEBUG(2,("(%3.1f kb/s) (average %3.1f kb/s)\n",
+			 nread / (1.024*this_time + 1.0e-4),
+			 get_total_size / (1.024*get_total_time_ms)));
 	}
-    }
-
-  if(newhandle)
-    close(handle);
-
-  if (archive_level >= 2 && (finfo.mode & aARCH)) {
-    bzero(outbuf,smb_size);
-    set_message(outbuf,8,strlen(rname)+4,True);
-    CVAL(outbuf,smb_com) = SMBsetatr;
-    SSVAL(outbuf,smb_tid,cnum);
-    setup_pkt(outbuf);
-    SSVAL(outbuf,smb_vwv0,finfo.mode & ~(aARCH));
-    SIVALS(outbuf,smb_vwv1,0);
-    p = smb_buf(outbuf);
-    *p++ = 4;
-    strcpy(p,rname);
-    p += strlen(p)+1;
-    *p++ = 4;
-    *p = 0;
-    send_smb(Client,outbuf);
-    receive_smb(Client,inbuf,CLIENT_TIMEOUT);
-  }
-
-  {
-    struct timeval tp_end;
-    int this_time;
-
-    GetTimeOfDay(&tp_end);
-    this_time = 
-      (tp_end.tv_sec - tp_start.tv_sec)*1000 +
-	(tp_end.tv_usec - tp_start.tv_usec)/1000;
-    get_total_time_ms += this_time;
-    get_total_size += finfo.size;
-
-    DEBUG(2,("(%g kb/s) (average %g kb/s)\n",
-	     finfo.size / (1.024*this_time + 1.0e-4),
-	     get_total_size / (1.024*get_total_time_ms)));
-  }
-
-  free(inbuf);free(outbuf);
+	
+	return rc;
 }
 
 
 /****************************************************************************
   get a file
   ****************************************************************************/
-static void cmd_get(void)
+static int cmd_get(void)
 {
-  pstring lname;
-  pstring rname;
-  char *p;
-
-  strcpy(rname,cur_dir);
-  strcat(rname,"\\");
+	pstring lname;
+	pstring rname;
+	char *p;
 
-  p = rname + strlen(rname);
-
-  if (!next_token(NULL,p,NULL)) {
-    DEBUG(0,("get <filename>\n"));
-    return;
-  }
-  strcpy(lname,p);
-  dos_clean_name(rname);
-    
-  next_token(NULL,lname,NULL);
-
-  do_get(rname,lname,NULL);
+	pstrcpy(rname,cur_dir);
+	pstrcat(rname,"\\");
+	
+	p = rname + strlen(rname);
+	
+	if (!next_token_nr(NULL,p,NULL,sizeof(rname)-strlen(rname))) {
+		d_printf("get <filename>\n");
+		return 1;
+	}
+	pstrcpy(lname,p);
+	dos_clean_name(rname);
+	
+	next_token_nr(NULL,lname,NULL,sizeof(lname));
+	
+	return do_get(rname, lname);
 }
 
 
@@ -1534,110 +788,105 @@ static void cmd_get(void)
   ****************************************************************************/
 static void do_mget(file_info *finfo)
 {
-  pstring rname;
-  pstring quest;
+	pstring rname;
+	pstring quest;
+	pstring saved_curdir;
+	pstring mget_mask;
 
-  if (strequal(finfo->name,".") || strequal(finfo->name,".."))
-    return;
+	if (strequal(finfo->name,".") || strequal(finfo->name,".."))
+		return;
 
-  if (abort_mget)
-    {
-      DEBUG(0,("mget aborted\n"));
-      return;
-    }
-
-  if (finfo->mode & aDIR)
-    sprintf(quest,"Get directory %s? ",CNV_LANG(finfo->name));
-  else
-    sprintf(quest,"Get file %s? ",CNV_LANG(finfo->name));
-
-  if (prompt && !yesno(quest)) return;
+	if (abort_mget)	{
+		d_printf("mget aborted\n");
+		return;
+	}
 
-  if (finfo->mode & aDIR)
-    {
-      pstring saved_curdir;
-      pstring mget_mask;
-      char *inbuf,*outbuf;
+	if (finfo->mode & aDIR)
+		slprintf(quest,sizeof(pstring)-1,
+			 "Get directory %s? ",finfo->name);
+	else
+		slprintf(quest,sizeof(pstring)-1,
+			 "Get file %s? ",finfo->name);
 
-      inbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
-      outbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
+	if (prompt && !yesno(quest)) return;
 
-      if (!inbuf || !outbuf)
-	{
-	  DEBUG(0,("out of memory\n"));
-	  return;
+	if (!(finfo->mode & aDIR)) {
+		pstrcpy(rname,cur_dir);
+		pstrcat(rname,finfo->name);
+		do_get(rname,finfo->name);
+		return;
 	}
 
-      strcpy(saved_curdir,cur_dir);
+	/* handle directories */
+	pstrcpy(saved_curdir,cur_dir);
 
-      strcat(cur_dir,finfo->name);
-      strcat(cur_dir,"\\");
+	pstrcat(cur_dir,finfo->name);
+	pstrcat(cur_dir,"\\");
 
-      unix_format(finfo->name);
-      {
+	unix_format(finfo->name);
 	if (lowercase)
-	  strlower(finfo->name);
-
+		strlower(finfo->name);
+	
 	if (!directory_exist(finfo->name,NULL) && 
-	    sys_mkdir(finfo->name,0777) != 0) 
-	  {
-	    DEBUG(0,("failed to create directory %s\n",CNV_LANG(finfo->name)));
-	    strcpy(cur_dir,saved_curdir);
-	    free(inbuf);free(outbuf);
-	    return;
-	  }
-
-	if (sys_chdir(finfo->name) != 0)
-	  {
-	    DEBUG(0,("failed to chdir to directory %s\n",CNV_LANG(finfo->name)));
-	    strcpy(cur_dir,saved_curdir);
-	    free(inbuf);free(outbuf);
-	    return;
-	  }
-      }       
-
-      strcpy(mget_mask,cur_dir);
-      strcat(mget_mask,"*");
-      
-      do_dir((char *)inbuf,(char *)outbuf,
-	     mget_mask,aSYSTEM | aHIDDEN | aDIR,do_mget,False);
-      chdir("..");
-      strcpy(cur_dir,saved_curdir);
-      free(inbuf);free(outbuf);
-    }
-  else
-    {
-      strcpy(rname,cur_dir);
-      strcat(rname,finfo->name);
-      do_get(rname,finfo->name,finfo);
-    }
+	    mkdir(finfo->name,0777) != 0) {
+		d_printf("failed to create directory %s\n",finfo->name);
+		pstrcpy(cur_dir,saved_curdir);
+		return;
+	}
+	
+	if (chdir(finfo->name) != 0) {
+		d_printf("failed to chdir to directory %s\n",finfo->name);
+		pstrcpy(cur_dir,saved_curdir);
+		return;
+	}
+
+	pstrcpy(mget_mask,cur_dir);
+	pstrcat(mget_mask,"*");
+	
+	do_list(mget_mask, aSYSTEM | aHIDDEN | aDIR,do_mget,False, True);
+	chdir("..");
+	pstrcpy(cur_dir,saved_curdir);
 }
 
+
 /****************************************************************************
 view the file using the pager
 ****************************************************************************/
-static void cmd_more(void)
+static int cmd_more(void)
 {
-  fstring rname,lname,tmpname,pager_cmd;
-  char *pager;
-
-  strcpy(rname,cur_dir);
-  strcat(rname,"\\");
-  sprintf(tmpname,"/tmp/smbmore.%d",getpid());
-  strcpy(lname,tmpname);
-
-  if (!next_token(NULL,rname+strlen(rname),NULL)) {
-    DEBUG(0,("more <filename>\n"));
-    return;
-  }
-  dos_clean_name(rname);
-
-  do_get(rname,lname,NULL);
-
-  pager=getenv("PAGER");
-  sprintf(pager_cmd,"%s %s",(pager? pager:PAGER), tmpname);
-  system(pager_cmd);
-  unlink(tmpname);
+	fstring rname,lname,pager_cmd;
+	char *pager;
+	int fd;
+	int rc = 0;
+
+	fstrcpy(rname,cur_dir);
+	fstrcat(rname,"\\");
+	
+	slprintf(lname,sizeof(lname)-1, "%s/smbmore.XXXXXX",tmpdir());
+	fd = smb_mkstemp(lname);
+	if (fd == -1) {
+		d_printf("failed to create temporary file for more\n");
+		return 1;
+	}
+	close(fd);
+
+	if (!next_token_nr(NULL,rname+strlen(rname),NULL,sizeof(rname)-strlen(rname))) {
+		d_printf("more <filename>\n");
+		unlink(lname);
+		return 1;
+	}
+	dos_clean_name(rname);
+
+	rc = do_get(rname,lname);
+
+	pager=getenv("PAGER");
+
+	slprintf(pager_cmd,sizeof(pager_cmd)-1,
+		 "%s %s",(pager? pager:PAGER), lname);
+	system(pager_cmd);
+	unlink(lname);
+	
+	return rc;
 }
 
 
@@ -1645,2082 +894,1127 @@ static void cmd_more(void)
 /****************************************************************************
 do a mget command
 ****************************************************************************/
-static void cmd_mget(char *inbuf,char *outbuf)
+static int cmd_mget(void)
 {
-  int attribute = aSYSTEM | aHIDDEN;
-  pstring mget_mask;
-  fstring buf;
-  char *p=buf;
-
-  *mget_mask = 0;
-
-  if (recurse)
-    attribute |= aDIR;
-
-  abort_mget = False;
-
-  while (next_token(NULL,p,NULL))
-    {
-      strcpy(mget_mask,cur_dir);
-      if(mget_mask[strlen(mget_mask)-1]!='\\')
-	strcat(mget_mask,"\\");
-
-      if (*p == '\\')
-	strcpy(mget_mask,p);
-      else
-	strcat(mget_mask,p);
-      do_dir((char *)inbuf,(char *)outbuf,mget_mask,attribute,do_mget,False);
-    }
-
-  if (! *mget_mask)
-    {
-      strcpy(mget_mask,cur_dir);
-      if(mget_mask[strlen(mget_mask)-1]!='\\')
-	strcat(mget_mask,"\\");
-      strcat(mget_mask,"*");
-      do_dir((char *)inbuf,(char *)outbuf,mget_mask,attribute,do_mget,False);
-    }
+	uint16 attribute = aSYSTEM | aHIDDEN;
+	pstring mget_mask;
+	fstring buf;
+	char *p=buf;
+
+	*mget_mask = 0;
+
+	if (recurse)
+		attribute |= aDIR;
+	
+	abort_mget = False;
+
+	while (next_token_nr(NULL,p,NULL,sizeof(buf))) {
+		pstrcpy(mget_mask,cur_dir);
+		if(mget_mask[strlen(mget_mask)-1]!='\\')
+			pstrcat(mget_mask,"\\");
+		
+		if (*p == '\\')
+			pstrcpy(mget_mask,p);
+		else
+			pstrcat(mget_mask,p);
+		do_list(mget_mask, attribute,do_mget,False,True);
+	}
+
+	if (!*mget_mask) {
+		pstrcpy(mget_mask,cur_dir);
+		if(mget_mask[strlen(mget_mask)-1]!='\\')
+			pstrcat(mget_mask,"\\");
+		pstrcat(mget_mask,"*");
+		do_list(mget_mask, attribute,do_mget,False,True);
+	}
+	
+	return 0;
 }
 
+
 /****************************************************************************
 make a directory of name "name"
 ****************************************************************************/
 static BOOL do_mkdir(char *name)
 {
-  char *p;
-  char *inbuf,*outbuf;
-
-  inbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
-  outbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
-
-  if (!inbuf || !outbuf)
-    {
-      DEBUG(0,("out of memory\n"));
-      return False;
-    }
-
-  bzero(outbuf,smb_size);
-  set_message(outbuf,0,2 + strlen(name),True);
-  
-  CVAL(outbuf,smb_com) = SMBmkdir;
-  SSVAL(outbuf,smb_tid,cnum);
-  setup_pkt(outbuf);
+	if (!cli_mkdir(cli, name)) {
+		d_printf("%s making remote directory %s\n",
+			 cli_errstr(cli),name);
+		return(False);
+	}
 
-  
-  p = smb_buf(outbuf);
-  *p++ = 4;      
-  strcpy(p,name);
-  
-  send_smb(Client,outbuf);
-  receive_smb(Client,inbuf,CLIENT_TIMEOUT);
-  
-  if (CVAL(inbuf,smb_rcls) != 0)
-    {
-      DEBUG(0,("%s making remote directory %s\n",
-	       smb_errstr(inbuf),CNV_LANG(name)));
+	return(True);
+}
 
-      free(inbuf);free(outbuf);
-      return(False);
-    }
+/****************************************************************************
+show 8.3 name of a file
+****************************************************************************/
+static BOOL do_altname(char *name)
+{
+	fstring altname;
+	if (!NT_STATUS_IS_OK(cli_qpathinfo_alt_name(cli, name, altname))) {
+		d_printf("%s getting alt name for %s\n",
+			 cli_errstr(cli),name);
+		return(False);
+	}
+	d_printf("%s\n", altname);
 
-  free(inbuf);free(outbuf);
-  return(True);
+	return(True);
 }
 
 
 /****************************************************************************
-  make a directory
-  ****************************************************************************/
-static void cmd_mkdir(char *inbuf,char *outbuf)
+ Exit client.
+****************************************************************************/
+static int cmd_quit(void)
 {
-  pstring mask;
-  fstring buf;
-  char *p=buf;
-  
-  strcpy(mask,cur_dir);
-
-  if (!next_token(NULL,p,NULL))
-    {
-      if (!recurse)
-	DEBUG(0,("mkdir <dirname>\n"));
-      return;
-    }
-  strcat(mask,p);
-
-  if (recurse)
-    {
-      pstring ddir;
-      pstring ddir2;
-      *ddir2 = 0;
-
-      strcpy(ddir,mask);
-      trim_string(ddir,".",NULL);
-      p = strtok(ddir,"/\\");
-      while (p)
-	{
-	  strcat(ddir2,p);
-	  if (!chkpath(ddir2,False))
-	    {		  
-	      do_mkdir(ddir2);
-	    }
-	  strcat(ddir2,"\\");
-	  p = strtok(NULL,"/\\");
-	}	 
-    }
-  else
-    do_mkdir(mask);
+	cli_shutdown(cli);
+	exit(0);
+	/* NOTREACHED */
+	return 0;
 }
 
 
-/*******************************************************************
-  write to a file using writebraw
-  ********************************************************************/
-static int smb_writeraw(char *outbuf,int fnum,int pos,char *buf,int n)
+/****************************************************************************
+  make a directory
+  ****************************************************************************/
+static int cmd_mkdir(void)
 {
-  extern int Client;
-  pstring inbuf;
-
-  bzero(outbuf,smb_size);
-  bzero(inbuf,smb_size);  
-  set_message(outbuf,Protocol>PROTOCOL_COREPLUS?12:10,0,True);
-
-  CVAL(outbuf,smb_com) = SMBwritebraw;
-  SSVAL(outbuf,smb_tid,cnum);
-  setup_pkt(outbuf);
-
-  SSVAL(outbuf,smb_vwv0,fnum);
-  SSVAL(outbuf,smb_vwv1,n);
-  SIVAL(outbuf,smb_vwv3,pos);
-  SSVAL(outbuf,smb_vwv7,1);
-
-  send_smb(Client,outbuf);
+	pstring mask;
+	fstring buf;
+	char *p=buf;
   
-  if (!receive_smb(Client,inbuf,CLIENT_TIMEOUT) || CVAL(inbuf,smb_rcls) != 0)
-    return(0);
-
-  _smb_setlen(buf-4,n);		/* HACK! XXXX */
+	pstrcpy(mask,cur_dir);
 
-  if (write_socket(Client,buf-4,n+4) != n+4)
-    return(0);
+	if (!next_token_nr(NULL,p,NULL,sizeof(buf))) {
+		if (!recurse)
+			d_printf("mkdir <dirname>\n");
+		return 1;
+	}
+	pstrcat(mask,p);
 
-  if (!receive_smb(Client,inbuf,CLIENT_TIMEOUT) || CVAL(inbuf,smb_rcls) != 0) {
-    DEBUG(0,("Error writing remote file (2)\n"));
-    return(0);
-  }
-  return(SVAL(inbuf,smb_vwv0));
+	if (recurse) {
+		pstring ddir;
+		pstring ddir2;
+		*ddir2 = 0;
+		
+		pstrcpy(ddir,mask);
+		trim_string(ddir,".",NULL);
+		p = strtok(ddir,"/\\");
+		while (p) {
+			pstrcat(ddir2,p);
+			if (!cli_chkpath(cli, ddir2)) { 
+				do_mkdir(ddir2);
+			}
+			pstrcat(ddir2,"\\");
+			p = strtok(NULL,"/\\");
+		}	 
+	} else {
+		do_mkdir(mask);
+	}
+	
+	return 0;
 }
-      
 
 
-/*******************************************************************
-  write to a file
-  ********************************************************************/
-static int smb_writefile(char *outbuf,int fnum,int pos,char *buf,int n)
+/****************************************************************************
+  show alt name
+  ****************************************************************************/
+static int cmd_altname(void)
 {
-  pstring inbuf;
-
-  if (writebraw_supported && n > (max_xmit-200)) 
-    return(smb_writeraw(outbuf,fnum,pos,buf,n));
-
-  bzero(outbuf,smb_size);
-  bzero(inbuf,smb_size);
-  set_message(outbuf,5,n + 3,True);
-
-  CVAL(outbuf,smb_com) = SMBwrite;
-  SSVAL(outbuf,smb_tid,cnum);
-  setup_pkt(outbuf);
-
-  SSVAL(outbuf,smb_vwv0,fnum);
-  SSVAL(outbuf,smb_vwv1,n);
-  SIVAL(outbuf,smb_vwv2,pos);
-  SSVAL(outbuf,smb_vwv4,0);
-  CVAL(smb_buf(outbuf),0) = 1;
-  SSVAL(smb_buf(outbuf),1,n);
+	pstring name;
+	fstring buf;
+	char *p=buf;
+  
+	pstrcpy(name,cur_dir);
 
-  memcpy(smb_buf(outbuf)+3,buf,n);
+	if (!next_token_nr(NULL,p,NULL,sizeof(buf))) {
+		d_printf("altname <file>\n");
+		return 1;
+	}
+	pstrcat(name,p);
 
-  send_smb(Client,outbuf);
-  receive_smb(Client,inbuf,CLIENT_TIMEOUT);
+	do_altname(name);
 
-  if (CVAL(inbuf,smb_rcls) != 0) {
-    DEBUG(0,("%s writing remote file\n",smb_errstr(inbuf)));
-    return(0);
-  }
-  return(SVAL(inbuf,smb_vwv0));
+	return 0;
 }
-      
 
 
 /****************************************************************************
   put a single file
   ****************************************************************************/
-static void do_put(char *rname,char *lname,file_info *finfo)
-{
-  int fnum;
-  FILE *f;
-  int nread=0;
-  char *p;
-  char *inbuf,*outbuf; 
-  time_t close_time = finfo->mtime;
-  char *buf=NULL;
-  static int maxwrite=0;
-
-  struct timeval tp_start;
-  GetTimeOfDay(&tp_start);
-
-  inbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
-  outbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
-
-  if (!inbuf || !outbuf)
-    {
-      DEBUG(0,("out of memory\n"));
-      return;
-    }
-
-  bzero(outbuf,smb_size);
-  set_message(outbuf,3,2 + strlen(rname),True);
-
-  if (finfo->mtime == 0 || finfo->mtime == -1)
-    finfo->mtime = finfo->atime = finfo->ctime = time(NULL);
-
-  CVAL(outbuf,smb_com) = SMBcreate;
-  SSVAL(outbuf,smb_tid,cnum);
-  setup_pkt(outbuf);
-
-  SSVAL(outbuf,smb_vwv0,finfo->mode);
-  put_dos_date3(outbuf,smb_vwv1,finfo->mtime);
-  
-  p = smb_buf(outbuf);
-  *p++ = 4;      
-  strcpy(p,rname);
-  
-  send_smb(Client,outbuf);
-  receive_smb(Client,inbuf,CLIENT_TIMEOUT);
+static int do_put(char *rname,char *lname)
+{
+	int fnum;
+	XFILE *f;
+	int nread=0;
+	char *buf=NULL;
+	int maxwrite=io_bufsize;
+	int rc = 0;
+	
+	struct timeval tp_start;
+	GetTimeOfDay(&tp_start);
+
+	fnum = cli_open(cli, rname, O_RDWR|O_CREAT|O_TRUNC, DENY_NONE);
   
-  if (CVAL(inbuf,smb_rcls) != 0)
-    {
-      DEBUG(0,("%s opening remote file %s\n",smb_errstr(inbuf),CNV_LANG(rname)));
+	if (fnum == -1) {
+		d_printf("%s opening remote file %s\n",cli_errstr(cli),rname);
+		return 1;
+	}
 
-      free(inbuf);free(outbuf);if (buf) free(buf);
-      return;
-    }
+	/* allow files to be piped into smbclient
+	   jdblair 24.jun.98
 
-  f = fopen(lname,"r");
+	   Note that in this case this function will exit(0) rather
+	   than returning. */
+	if (!strcmp(lname, "-")) {
+		f = x_stdin;
+		/* size of file is not known */
+	} else {
+		f = x_fopen(lname,O_RDONLY, 0);
+	}
 
-  if (!f)
-    {
-      DEBUG(0,("Error opening local file %s\n",lname));
-      free(inbuf);free(outbuf);
-      return;
-    }
+	if (!f) {
+		d_printf("Error opening local file %s\n",lname);
+		return 1;
+	}
 
   
-  fnum = SVAL(inbuf,smb_vwv0);
-  if (finfo->size < 0)
-    finfo->size = file_size(lname);
+	DEBUG(1,("putting file %s as %s ",lname,
+		 rname));
   
-  DEBUG(1,("putting file %s of size %d bytes as %s ",lname,finfo->size,CNV_LANG(rname)));
-  
-  if (!maxwrite)
-    maxwrite = writebraw_supported?MAX(max_xmit,BUFFER_SIZE):(max_xmit-200);
+	buf = (char *)malloc(maxwrite);
+	if (!buf) {
+		d_printf("ERROR: Not enough memory!\n");
+		return 1;
+	}
+	while (!x_feof(f)) {
+		int n = maxwrite;
+		int ret;
 
-  while (nread < finfo->size)
-    {
-      int n = maxwrite;
-      int ret;
+		if ((n = readfile(buf,n,f)) < 1) {
+			if((n == 0) && x_feof(f))
+				break; /* Empty local file. */
 
-      n = MIN(n,finfo->size - nread);
+			d_printf("Error reading local file: %s\n", strerror(errno));
+			rc = 1;
+			break;
+		}
 
-      buf = (char *)Realloc(buf,n+4);
-  
-      fseek(f,nread,SEEK_SET);
-      if ((n = readfile(buf+4,1,n,f)) < 1)
-	{
-	  DEBUG(0,("Error reading local file\n"));
-	  break;
-	}	  
+		ret = cli_write(cli, fnum, 0, buf, nread, n);
 
-      ret = smb_writefile(outbuf,fnum,nread,buf+4,n);
+		if (n != ret) {
+			d_printf("Error writing file: %s\n", cli_errstr(cli));
+			rc = 1;
+			break;
+		} 
 
-      if (n != ret) {
-	if (!maxwrite) {
-	  DEBUG(0,("Error writing file\n"));
-	  break;
-	} else {
-	  maxwrite /= 2;
-	  continue;
+		nread += n;
 	}
-      }
-
-      nread += n;
-    }
-
-
 
-  bzero(outbuf,smb_size);
-  set_message(outbuf,3,0,True);
-  CVAL(outbuf,smb_com) = SMBclose;
-  SSVAL(outbuf,smb_tid,cnum);
-  setup_pkt(outbuf);
+	if (!cli_close(cli, fnum)) {
+		d_printf("%s closing remote file %s\n",cli_errstr(cli),rname);
+		x_fclose(f);
+		SAFE_FREE(buf);
+		return 1;
+	}
 
-  SSVAL(outbuf,smb_vwv0,fnum);  
-  put_dos_date3(outbuf,smb_vwv1,close_time);
+	
+	x_fclose(f);
+	SAFE_FREE(buf);
 
-  send_smb(Client,outbuf);
-  receive_smb(Client,inbuf,CLIENT_TIMEOUT);
-  
-  if (CVAL(inbuf,smb_rcls) != 0)
-    {
-      DEBUG(0,("%s closing remote file %s\n",smb_errstr(inbuf),CNV_LANG(rname)));
-      fclose(f);
-      free(inbuf);free(outbuf);
-      if (buf) free(buf);
-      return;
-    }
+	{
+		struct timeval tp_end;
+		int this_time;
+		
+		GetTimeOfDay(&tp_end);
+		this_time = 
+			(tp_end.tv_sec - tp_start.tv_sec)*1000 +
+			(tp_end.tv_usec - tp_start.tv_usec)/1000;
+		put_total_time_ms += this_time;
+		put_total_size += nread;
+		
+		DEBUG(1,("(%3.1f kb/s) (average %3.1f kb/s)\n",
+			 nread / (1.024*this_time + 1.0e-4),
+			 put_total_size / (1.024*put_total_time_ms)));
+	}
 
-  
-  fclose(f);
-  free(inbuf);free(outbuf);
-  if (buf) free(buf);
-
-  {
-    struct timeval tp_end;
-    int this_time;
-
-    GetTimeOfDay(&tp_end);
-    this_time = 
-      (tp_end.tv_sec - tp_start.tv_sec)*1000 +
-	(tp_end.tv_usec - tp_start.tv_usec)/1000;
-    put_total_time_ms += this_time;
-    put_total_size += finfo->size;
-
-    DEBUG(2,("(%g kb/s) (average %g kb/s)\n",
-	     finfo->size / (1.024*this_time + 1.0e-4),
-	     put_total_size / (1.024*put_total_time_ms)));
-  }
-} 
+	if (f == x_stdin) {
+		cli_shutdown(cli);
+		exit(0);
+	}
+	
+	return rc;
+}
 
  
 
 /****************************************************************************
   put a file
   ****************************************************************************/
-static void cmd_put(void)
+static int cmd_put(void)
 {
-  pstring lname;
-  pstring rname;
-  fstring buf;
-  char *p=buf;
-  file_info finfo;
-  finfo = def_finfo;
-  
-  strcpy(rname,cur_dir);
-  strcat(rname,"\\");
-  
+	pstring lname;
+	pstring rname;
+	fstring buf;
+	char *p=buf;
+	
+	pstrcpy(rname,cur_dir);
+	pstrcat(rname,"\\");
   
-  if (!next_token(NULL,p,NULL))
-    {
-      DEBUG(0,("put <filename>\n"));
-      return;
-    }
-  strcpy(lname,p);
+	if (!next_token_nr(NULL,p,NULL,sizeof(buf))) {
+		d_printf("put <filename>\n");
+		return 1;
+	}
+	pstrcpy(lname,p);
   
-  if (next_token(NULL,p,NULL))
-    strcat(rname,p);      
-  else
-    strcat(rname,lname);
-
-  dos_clean_name(rname);
-
-  {
-    struct stat st;
-    if (!file_exist(lname,&st)) {
-      DEBUG(0,("%s does not exist\n",lname));
-      return;
-    }
-    finfo.mtime = st.st_mtime;
-  }
-
-  do_put(rname,lname,&finfo);
+	if (next_token_nr(NULL,p,NULL,sizeof(buf)))
+		pstrcat(rname,p);      
+	else
+		pstrcat(rname,lname);
+	
+	dos_clean_name(rname);
+
+	{
+		SMB_STRUCT_STAT st;
+		/* allow '-' to represent stdin
+		   jdblair, 24.jun.98 */
+		if (!file_exist(lname,&st) &&
+		    (strcmp(lname,"-"))) {
+			d_printf("%s does not exist\n",lname);
+			return 1;
+		}
+	}
+
+	return do_put(rname,lname);
+}
+
+/*************************************
+  File list structure
+*************************************/
+
+static struct file_list {
+	struct file_list *prev, *next;
+	char *file_path;
+	BOOL isdir;
+} *file_list;
+
+/****************************************************************************
+  Free a file_list structure
+****************************************************************************/
+
+static void free_file_list (struct file_list * list)
+{
+	struct file_list *tmp;
+	
+	while (list)
+	{
+		tmp = list;
+		DLIST_REMOVE(list, list);
+		SAFE_FREE(tmp->file_path);
+		SAFE_FREE(tmp);
+	}
 }
 
 /****************************************************************************
   seek in a directory/file list until you get something that doesn't start with
   the specified name
   ****************************************************************************/
-static BOOL seek_list(FILE *f,char *name)
+static BOOL seek_list(struct file_list *list, char *name)
 {
-  pstring s;
-  while (!feof(f))
-    {
-      if (fscanf(f,"%s",s) != 1) return(False);
-      trim_string(s,"./",NULL);
-      if (strncmp(s,name,strlen(name)) != 0)
-	{
-	  strcpy(name,s);
-	  return(True);
+	while (list) {
+		trim_string(list->file_path,"./","\n");
+		if (strncmp(list->file_path, name, strlen(name)) != 0) {
+			return(True);
+		}
+		list = list->next;
 	}
-    }
       
-  return(False);
+	return(False);
 }
 
-
 /****************************************************************************
   set the file selection mask
   ****************************************************************************/
-static void cmd_select(void)
+static int cmd_select(void)
 {
-  strcpy(fileselection,"");
-  next_token(NULL,fileselection,NULL);
+	pstrcpy(fileselection,"");
+	next_token_nr(NULL,fileselection,NULL,sizeof(fileselection));
+
+	return 0;
 }
 
+/****************************************************************************
+  Recursive file matching function act as find
+  match must be always set to True when calling this function
+****************************************************************************/
+static int file_find(struct file_list **list, const char *directory, 
+		      const char *expression, BOOL match)
+{
+	DIR *dir;
+	struct file_list *entry;
+        struct stat statbuf;
+        int ret;
+        char *path;
+	BOOL isdir;
+	char *dname;
+
+        dir = opendir(directory);
+	if (!dir) return -1;
+	
+        while ((dname = readdirname(dir))) {
+		if (!strcmp("..", dname)) continue;
+		if (!strcmp(".", dname)) continue;
+		
+		if (asprintf(&path, "%s/%s", directory, dname) <= 0) {
+			continue;
+		}
+
+		isdir = False;
+		if (!match || !gen_fnmatch(expression, dname)) {
+			if (recurse) {
+				ret = stat(path, &statbuf);
+				if (ret == 0) {
+					if (S_ISDIR(statbuf.st_mode)) {
+						isdir = True;
+						ret = file_find(list, path, expression, False);
+					}
+				} else {
+					d_printf("file_find: cannot stat file %s\n", path);
+				}
+				
+				if (ret == -1) {
+					SAFE_FREE(path);
+					closedir(dir);
+					return -1;
+				}
+			}
+			entry = (struct file_list *) malloc(sizeof (struct file_list));
+			if (!entry) {
+				d_printf("Out of memory in file_find\n");
+				closedir(dir);
+				return -1;
+			}
+			entry->file_path = path;
+			entry->isdir = isdir;
+                        DLIST_ADD(*list, entry);
+		} else {
+			SAFE_FREE(path);
+		}
+        }
+
+	closedir(dir);
+	return 0;
+}
 
 /****************************************************************************
   mput some files
   ****************************************************************************/
-static void cmd_mput(void)
+static int cmd_mput(void)
 {
-  pstring lname;
-  pstring rname;
-  file_info finfo;
-  fstring buf;
-  char *p=buf;
-
-  finfo = def_finfo;
-
-  
-  while (next_token(NULL,p,NULL))
-    {
-      struct stat st;
-      pstring cmd;
-      pstring tmpname;
-      FILE *f;
-      
-      sprintf(tmpname,"/tmp/ls.smb.%d",(int)getpid());
-      if (recurse)
-	sprintf(cmd,"find . -name \"%s\" -print > %s",p,tmpname);
-      else
-	sprintf(cmd,"/bin/ls %s > %s",p,tmpname);
-      system(cmd);
-
-      f = fopen(tmpname,"r");
-      if (!f) continue;
-
-      while (!feof(f))
-	{
-	  pstring quest;
-
-	  if (fscanf(f,"%s",lname) != 1) break;
-	  trim_string(lname,"./",NULL);
-
-	again1:
+	fstring buf;
+	char *p=buf;
+	
+	while (next_token_nr(NULL,p,NULL,sizeof(buf))) {
+		int ret;
+		struct file_list *temp_list;
+		char *quest, *lname, *rname;
+	
+		file_list = NULL;
 
-	  /* check if it's a directory */
-	  if (directory_exist(lname,&st))
-	    {
-	      if (!recurse) continue;
-	      sprintf(quest,"Put directory %s? ",lname);
-	      if (prompt && !yesno(quest)) 
-		{
-		  strcat(lname,"/");
-		  if (!seek_list(f,lname))
-		    break;
-		  goto again1;		    
+		ret = file_find(&file_list, ".", p, True);
+		if (ret) {
+			free_file_list(file_list);
+			continue;
 		}
-	      
-	      strcpy(rname,cur_dir);
-	      strcat(rname,lname);
-	      if (!do_mkdir(rname))
-		{
-		  strcat(lname,"/");
-		  if (!seek_list(f,lname))
-		    break;
-		  goto again1;		    		  
+		
+		quest = NULL;
+		lname = NULL;
+		rname = NULL;
+				
+		for (temp_list = file_list; temp_list; 
+		     temp_list = temp_list->next) {
+
+			SAFE_FREE(lname);
+			if (asprintf(&lname, "%s/", temp_list->file_path) <= 0)
+				continue;
+			trim_string(lname, "./", "/");
+			
+			/* check if it's a directory */
+			if (temp_list->isdir) {
+				/* if (!recurse) continue; */
+				
+				SAFE_FREE(quest);
+				if (asprintf(&quest, "Put directory %s? ", lname) < 0) break;
+				if (prompt && !yesno(quest)) { /* No */
+					/* Skip the directory */
+					lname[strlen(lname)-1] = '/';
+					if (!seek_list(temp_list, lname))
+						break;		    
+				} else { /* Yes */
+	      				SAFE_FREE(rname);
+					if(asprintf(&rname, "%s%s", cur_dir, lname) < 0) break;
+					dos_format(rname);
+					if (!cli_chkpath(cli, rname) && 
+					    !do_mkdir(rname)) {
+						DEBUG (0, ("Unable to make dir, skipping..."));
+						/* Skip the directory */
+						lname[strlen(lname)-1] = '/';
+						if (!seek_list(temp_list, lname))
+							break;
+					}
+				}
+				continue;
+			} else {
+				SAFE_FREE(quest);
+				if (asprintf(&quest,"Put file %s? ", lname) < 0) break;
+				if (prompt && !yesno(quest)) /* No */
+					continue;
+				
+				/* Yes */
+				SAFE_FREE(rname);
+				if (asprintf(&rname, "%s%s", cur_dir, lname) < 0) break;
+			}
+
+			dos_format(rname);
+
+			do_put(rname, lname);
 		}
-
-	      continue;
-	    }
-	  else
-	    {
-	      sprintf(quest,"Put file %s? ",lname);
-	      if (prompt && !yesno(quest)) continue;
-
-	      strcpy(rname,cur_dir);
-	      strcat(rname,lname);
-	    }
-	  dos_format(rname);
-
-	  /* null size so do_put knows to ignore it */
-	  finfo.size = -1;
-
-	  /* set the date on the file */
-	  finfo.mtime = st.st_mtime;
-
-	  do_put(rname,lname,&finfo);
+		free_file_list(file_list);
+		SAFE_FREE(quest);
+		SAFE_FREE(lname);
+		SAFE_FREE(rname);
 	}
-      fclose(f);
-      unlink(tmpname);
-    }
-}
 
-/****************************************************************************
-  cancel a print job
-  ****************************************************************************/
-static void do_cancel(int job)
-{
-  char *rparam = NULL;
-  char *rdata = NULL;
-  char *p;
-  int rdrcnt,rprcnt;
-  pstring param;
-
-  bzero(param,sizeof(param));
-
-  p = param;
-  SSVAL(p,0,81);		/* api number */
-  p += 2;
-  strcpy(p,"W");
-  p = skip_string(p,1);
-  strcpy(p,"");
-  p = skip_string(p,1);
-  SSVAL(p,0,job);     
-  p += 2;
-
-  if (call_api(PTR_DIFF(p,param),0,
-	       6,1000,
-	       &rprcnt,&rdrcnt,
-	       param,NULL,
-	       &rparam,&rdata))
-    {
-      int res = SVAL(rparam,0);
-
-      if (!res)
-	printf("Job %d cancelled\n",job);
-      else
-	printf("Error %d calcelling job %d\n",res,job);
-      return;
-    }
-  else
-  printf("Server refused cancel request\n");
-
-  if (rparam) free(rparam);
-  if (rdata) free(rdata);
-
-  return;
+	return 0;
 }
 
 
 /****************************************************************************
   cancel a print job
   ****************************************************************************/
-static void cmd_cancel(char *inbuf,char *outbuf )
+static int do_cancel(int job)
 {
-  fstring buf;
-  int job; 
-
-  if (!connect_as_printer)
-    {
-      DEBUG(0,("WARNING: You didn't use the -P option to smbclient.\n"));
-      DEBUG(0,("Trying to cancel print jobs without -P may fail\n"));
-    }
-
-  if (!next_token(NULL,buf,NULL)) {
-    printf("cancel <jobid> ...\n");
-    return;
-  }
-  do {
-    job = atoi(buf);
-    do_cancel(job);
-  } while (next_token(NULL,buf,NULL));
+	if (cli_printjob_del(cli, job)) {
+		d_printf("Job %d cancelled\n",job);
+		return 0;
+	} else {
+		d_printf("Error cancelling job %d : %s\n",job,cli_errstr(cli));
+		return 1;
+	}
 }
 
 
 /****************************************************************************
-  get info on a file
+  cancel a print job
   ****************************************************************************/
-static void cmd_stat(char *inbuf,char *outbuf)
+static int cmd_cancel(void)
 {
-  fstring buf;
-  pstring param;
-  char *resp_data=NULL;
-  char *resp_param=NULL;
-  int resp_data_len = 0;
-  int resp_param_len=0;
-  char *p;
-  uint16 setup = TRANSACT2_QPATHINFO;
-
-  if (!next_token(NULL,buf,NULL)) {
-    printf("stat <file>\n");
-    return;
-  }
-
-  bzero(param,6);
-  SSVAL(param,0,4); /* level */
-  p = param+6;
-  strcpy(p,cur_dir);
-  strcat(p,buf);
-
-  send_trans_request(outbuf,SMBtrans2,NULL,FID_UNUSED,0,
-		     NULL,param,&setup,
-		     0,6 + strlen(p)+1,1,
-		     BUFFER_SIZE,2,0);
-
-  receive_trans_response(inbuf,SMBtrans2,
-			  &resp_data_len,&resp_param_len,
-			  &resp_data,&resp_param);
-
-  if (resp_data) free(resp_data); resp_data = NULL;
-  if (resp_param) free(resp_param); resp_param = NULL;
+	fstring buf;
+	int job; 
+
+	if (!next_token_nr(NULL,buf,NULL,sizeof(buf))) {
+		d_printf("cancel <jobid> ...\n");
+		return 1;
+	}
+	do {
+		job = atoi(buf);
+		do_cancel(job);
+	} while (next_token_nr(NULL,buf,NULL,sizeof(buf)));
+	
+	return 0;
 }
 
 
 /****************************************************************************
   print a file
   ****************************************************************************/
-static void cmd_print(char *inbuf,char *outbuf )
+static int cmd_print(void)
 {
-  int fnum;
-  FILE *f = NULL;
-  uint32 nread=0;
-  pstring lname;
-  pstring rname;
-  char *p;
-
-  if (!connect_as_printer)
-    {
-      DEBUG(0,("WARNING: You didn't use the -P option to smbclient.\n"));
-      DEBUG(0,("Trying to print without -P may fail\n"));
-    }
-
-  if (!next_token(NULL,lname,NULL))
-    {
-      DEBUG(0,("print <filename>\n"));
-      return;
-    }
-
-  strcpy(rname,lname);
-  p = strrchr(rname,'/');
-  if (p)
-    {
-      pstring tname;
-      strcpy(tname,p+1);
-      strcpy(rname,tname);
-    }
-
-  if ((int)strlen(rname) > 14)
-    rname[14] = 0;
-
-  if (strequal(lname,"-"))
-    {
-      f = stdin;
-      strcpy(rname,"stdin");
-    }
-  
-  dos_clean_name(rname);
-
-  bzero(outbuf,smb_size);
-  set_message(outbuf,2,2 + strlen(rname),True);
-  
-  CVAL(outbuf,smb_com) = SMBsplopen;
-  SSVAL(outbuf,smb_tid,cnum);
-  setup_pkt(outbuf);
-
-  SSVAL(outbuf,smb_vwv0,0);
-  SSVAL(outbuf,smb_vwv1,printmode);
-  
-  p = smb_buf(outbuf);
-  *p++ = 4;      
-  strcpy(p,rname);
-  
-  send_smb(Client,outbuf);
-  receive_smb(Client,inbuf,CLIENT_TIMEOUT);
-  
-  if (CVAL(inbuf,smb_rcls) != 0)
-    {
-      DEBUG(0,("%s opening printer for %s\n",smb_errstr(inbuf),CNV_LANG(rname)));
-      return;
-    }
-  
-  if (!f)
-    f = fopen(lname,"r");
-  if (!f)
-    {
-      DEBUG(0,("Error opening local file %s\n",lname));
-      return;
-    }
+	pstring lname;
+	pstring rname;
+	char *p;
 
-  
-  fnum = SVAL(inbuf,smb_vwv0);
-  
-  DEBUG(1,("printing file %s as %s\n",lname,CNV_LANG(rname)));
-  
-  while (!feof(f))
-    {
-      int n;
-  
-      bzero(outbuf,smb_size);
-      set_message(outbuf,1,3,True);
-
-      /* for some strange reason the OS/2 print server can't handle large
-	 packets when printing. weird */
-      n = MIN(1024,max_xmit-(smb_len(outbuf)+4));
-
-      if (translation)
-	n = printread(f,smb_buf(outbuf)+3,(int)(0.95*n));
-      else
-	n = readfile(smb_buf(outbuf)+3,1,n,f);
-      if (n <= 0) 
-	{
-	  DEBUG(0,("read gave %d\n",n));
-	  break;
+	if (!next_token_nr(NULL,lname,NULL, sizeof(lname))) {
+		d_printf("print <filename>\n");
+		return 1;
 	}
 
-      smb_setlen(outbuf,smb_len(outbuf) + n);
-
-      CVAL(outbuf,smb_com) = SMBsplwr;
-      SSVAL(outbuf,smb_tid,cnum);
-      setup_pkt(outbuf);
-
-      SSVAL(outbuf,smb_vwv0,fnum);
-      SSVAL(outbuf,smb_vwv1,n+3);
-      CVAL(smb_buf(outbuf),0) = 1;
-      SSVAL(smb_buf(outbuf),1,n);
-
-      send_smb(Client,outbuf);
-      receive_smb(Client,inbuf,CLIENT_TIMEOUT);
-
-      if (CVAL(inbuf,smb_rcls) != 0)
-	{
-	  DEBUG(0,("%s printing remote file\n",smb_errstr(inbuf)));
-	  break;
+	pstrcpy(rname,lname);
+	p = strrchr_m(rname,'/');
+	if (p) {
+		slprintf(rname, sizeof(rname)-1, "%s-%d", p+1, (int)sys_getpid());
 	}
 
-      nread += n;
-    }
-
-  DEBUG(2,("%d bytes printed\n",nread));
+	if (strequal(lname,"-")) {
+		slprintf(rname, sizeof(rname)-1, "stdin-%d", (int)sys_getpid());
+	}
 
-  bzero(outbuf,smb_size);
-  set_message(outbuf,1,0,True);
-  CVAL(outbuf,smb_com) = SMBsplclose;
-  SSVAL(outbuf,smb_tid,cnum);
-  setup_pkt(outbuf);
+	return do_put(rname, lname);
+}
 
-  SSVAL(outbuf,smb_vwv0,fnum);
 
-  send_smb(Client,outbuf);
-  receive_smb(Client,inbuf,CLIENT_TIMEOUT);
-  
-  if (CVAL(inbuf,smb_rcls) != 0)
-    {
-      DEBUG(0,("%s closing print file\n",smb_errstr(inbuf)));
-      if (f != stdin)
-	fclose(f);
-      return;
-    }
-
-  if (f != stdin)
-    fclose(f);
+/****************************************************************************
+ show a print queue entry
+****************************************************************************/
+static void queue_fn(struct print_job_info *p)
+{
+	d_printf("%-6d   %-9d    %s\n", (int)p->id, (int)p->size, p->name);
 }
 
 /****************************************************************************
-print a file
+ show a print queue
 ****************************************************************************/
-static void cmd_queue(char *inbuf,char *outbuf )
+static int cmd_queue(void)
 {
-  int count;
-  char *p;
-
-  bzero(outbuf,smb_size);
-  set_message(outbuf,2,0,True);
-  
-  CVAL(outbuf,smb_com) = SMBsplretq;
-  SSVAL(outbuf,smb_tid,cnum);
-  setup_pkt(outbuf);
-
-  SSVAL(outbuf,smb_vwv0,32); /* a max of 20 entries is to be shown */
-  SSVAL(outbuf,smb_vwv1,0); /* the index into the queue */
-  
-  send_smb(Client,outbuf);
-  receive_smb(Client,inbuf,CLIENT_TIMEOUT);
-  
-  if (CVAL(inbuf,smb_rcls) != 0)
-    {
-      DEBUG(0,("%s obtaining print queue\n",smb_errstr(inbuf)));
-      return;
-    }
-
-  count = SVAL(inbuf,smb_vwv0);
-  p = smb_buf(inbuf) + 3;
-  if (count <= 0)
-    {
-      DEBUG(0,("No entries in the print queue\n"));
-      return;
-    }  
-
-  {
-    char status[20];
-
-    DEBUG(0,("Job      Name              Size         Status\n"));
-
-    while (count--)
-      {
-	switch (CVAL(p,4))
-	  {
-	  case 0x01: sprintf(status,"held or stopped"); break;
-	  case 0x02: sprintf(status,"printing"); break;
-	  case 0x03: sprintf(status,"awaiting print"); break;
-	  case 0x04: sprintf(status,"in intercept"); break;
-	  case 0x05: sprintf(status,"file had error"); break;
-	  case 0x06: sprintf(status,"printer error"); break;
-	  default: sprintf(status,"unknown"); break;
-	  }
-
-	DEBUG(0,("%-6d   %-16.16s  %-9d    %s\n",
-		 SVAL(p,5),p+12,IVAL(p,7),status));
-	p += 28;
-      }
-  }
-  
+	cli_print_queue(cli, queue_fn);
+	
+	return 0;
 }
 
-
 /****************************************************************************
 delete some files
 ****************************************************************************/
 static void do_del(file_info *finfo)
 {
-  char *p;
-  char *inbuf,*outbuf;
-  pstring mask;
+	pstring mask;
 
-  strcpy(mask,cur_dir);
-  strcat(mask,finfo->name);
+	pstrcpy(mask,cur_dir);
+	pstrcat(mask,finfo->name);
 
-  if (finfo->mode & aDIR) 
-    return;
+	if (finfo->mode & aDIR) 
+		return;
 
-  inbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
-  outbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
-  
-  if (!inbuf || !outbuf)
-    {
-      DEBUG(0,("out of memory\n"));
-      return;
-    }
-
-  bzero(outbuf,smb_size);
-  set_message(outbuf,1,2 + strlen(mask),True);
-  
-  CVAL(outbuf,smb_com) = SMBunlink;
-  SSVAL(outbuf,smb_tid,cnum);
-  setup_pkt(outbuf);
+	if (!cli_unlink(cli, mask)) {
+		d_printf("%s deleting remote file %s\n",cli_errstr(cli),mask);
+	}
+}
 
-  SSVAL(outbuf,smb_vwv0,0);
-  
-  p = smb_buf(outbuf);
-  *p++ = 4;      
-  strcpy(p,mask);
-  
-  send_smb(Client,outbuf);
-  receive_smb(Client,inbuf,CLIENT_TIMEOUT);
-  
-  if (CVAL(inbuf,smb_rcls) != 0)
-    DEBUG(0,("%s deleting remote file %s\n",smb_errstr(inbuf),CNV_LANG(mask)));
+/****************************************************************************
+delete some files
+****************************************************************************/
+static int cmd_del(void)
+{
+	pstring mask;
+	fstring buf;
+	uint16 attribute = aSYSTEM | aHIDDEN;
 
-  free(inbuf);free(outbuf);
-  
+	if (recurse)
+		attribute |= aDIR;
+	
+	pstrcpy(mask,cur_dir);
+	
+	if (!next_token_nr(NULL,buf,NULL,sizeof(buf))) {
+		d_printf("del <filename>\n");
+		return 1;
+	}
+	pstrcat(mask,buf);
+
+	do_list(mask, attribute,do_del,False,False);
+	
+	return 0;
 }
 
 /****************************************************************************
-delete some files
 ****************************************************************************/
-static void cmd_del(char *inbuf,char *outbuf )
+static int cmd_open(void)
 {
-  pstring mask;
-  fstring buf;
-  int attribute = aSYSTEM | aHIDDEN;
+	pstring mask;
+	fstring buf;
+	
+	pstrcpy(mask,cur_dir);
+	
+	if (!next_token_nr(NULL,buf,NULL,sizeof(buf))) {
+		d_printf("open <filename>\n");
+		return 1;
+	}
+	pstrcat(mask,buf);
 
-  if (recurse)
-    attribute |= aDIR;
-  
-  strcpy(mask,cur_dir);
-    
-  if (!next_token(NULL,buf,NULL))
-    {
-      DEBUG(0,("del <filename>\n"));
-      return;
-    }
-  strcat(mask,buf);
-
-  do_dir((char *)inbuf,(char *)outbuf,mask,attribute,do_del,False);
+	cli_open(cli, mask, O_RDWR, DENY_ALL);
+
+	return 0;
 }
 
 
 /****************************************************************************
 remove a directory
 ****************************************************************************/
-static void cmd_rmdir(char *inbuf,char *outbuf )
+static int cmd_rmdir(void)
 {
-  pstring mask;
-  fstring buf;
-  char *p;
-  
-  strcpy(mask,cur_dir);
-  
-  if (!next_token(NULL,buf,NULL))
-    {
-      DEBUG(0,("rmdir <dirname>\n"));
-      return;
-    }
-  strcat(mask,buf);
-
-  bzero(outbuf,smb_size);
-  set_message(outbuf,0,2 + strlen(mask),True);
+	pstring mask;
+	fstring buf;
   
-  CVAL(outbuf,smb_com) = SMBrmdir;
-  SSVAL(outbuf,smb_tid,cnum);
-  setup_pkt(outbuf);
+	pstrcpy(mask,cur_dir);
+	
+	if (!next_token_nr(NULL,buf,NULL,sizeof(buf))) {
+		d_printf("rmdir <dirname>\n");
+		return 1;
+	}
+	pstrcat(mask,buf);
 
-  
-  p = smb_buf(outbuf);
-  *p++ = 4;      
-  strcpy(p,mask);
-  
-  send_smb(Client,outbuf);
-  receive_smb(Client,inbuf,CLIENT_TIMEOUT);
-  
-  if (CVAL(inbuf,smb_rcls) != 0)
-    {
-      DEBUG(0,("%s removing remote directory file %s\n",smb_errstr(inbuf),CNV_LANG(mask)));
-      return;
-    }
-  
+	if (!cli_rmdir(cli, mask)) {
+		d_printf("%s removing remote directory file %s\n",
+			 cli_errstr(cli),mask);
+	}
+	
+	return 0;
 }
 
 /****************************************************************************
-rename some files
+ UNIX hardlink.
 ****************************************************************************/
-static void cmd_rename(char *inbuf,char *outbuf )
+
+static int cmd_link(void)
 {
-  pstring src,dest;
-  fstring buf,buf2;
-  char *p;
-  
-  strcpy(src,cur_dir);
-  strcpy(dest,cur_dir);
-  
-  if (!next_token(NULL,buf,NULL) || !next_token(NULL,buf2,NULL))
-    {
-      DEBUG(0,("rename <src> <dest>\n"));
-      return;
-    }
-  strcat(src,buf);
-  strcat(dest,buf2);
-
-  bzero(outbuf,smb_size);
-  set_message(outbuf,1,4 + strlen(src) + strlen(dest),True);
-  
-  CVAL(outbuf,smb_com) = SMBmv;
-  SSVAL(outbuf,smb_tid,cnum);
-  SSVAL(outbuf,smb_vwv0,aHIDDEN | aDIR | aSYSTEM);
-  setup_pkt(outbuf);
+	pstring src,dest;
+	fstring buf,buf2;
   
-  p = smb_buf(outbuf);
-  *p++ = 4;      
-  strcpy(p,src);
-  p = skip_string(p,1);
-  *p++ = 4;      
-  strcpy(p,dest);
-  
-  send_smb(Client,outbuf);
-  receive_smb(Client,inbuf,CLIENT_TIMEOUT);
-  
-  if (CVAL(inbuf,smb_rcls) != 0)
-    {
-      DEBUG(0,("%s renaming files\n",smb_errstr(inbuf)));
-      return;
-    }
-  
-}
+	if (!SERVER_HAS_UNIX_CIFS(cli)) {
+		d_printf("Server doesn't support UNIX CIFS calls.\n");
+		return 1;
+	}
 
+	pstrcpy(src,cur_dir);
+	pstrcpy(dest,cur_dir);
+  
+	if (!next_token(NULL,buf,NULL,sizeof(buf)) || 
+	    !next_token(NULL,buf2,NULL, sizeof(buf2))) {
+		d_printf("link <src> <dest>\n");
+		return 1;
+	}
 
-/****************************************************************************
-toggle the prompt flag
-****************************************************************************/
-static void cmd_prompt(void)
-{
-  prompt = !prompt;
-  DEBUG(2,("prompting is now %s\n",prompt?"on":"off"));
-}
+	pstrcat(src,buf);
+	pstrcat(dest,buf2);
 
+	if (!cli_unix_hardlink(cli, src, dest)) {
+		d_printf("%s linking files (%s -> %s)\n", cli_errstr(cli), src, dest);
+		return 1;
+	}  
 
-/****************************************************************************
-set the newer than time
-****************************************************************************/
-static void cmd_newer(void)
-{
-  fstring buf;
-  BOOL ok;
-  struct stat sbuf;
-
-  ok = next_token(NULL,buf,NULL);
-  if (ok && (sys_stat(buf,&sbuf) == 0))
-    {
-      newer_than = sbuf.st_mtime;
-      DEBUG(1,("Getting files newer than %s",
-	       asctime(LocalTime(&newer_than,GMT_TO_LOCAL))));
-    }
-  else
-    newer_than = 0;
-
-  if (ok && newer_than == 0)
-    DEBUG(0,("Error setting newer-than time\n"));
+	return 0;
 }
 
 /****************************************************************************
-set the archive level
+ UNIX symlink.
 ****************************************************************************/
-static void cmd_archive(void)
+
+static int cmd_symlink(void)
 {
-  fstring buf;
+	pstring src,dest;
+	fstring buf,buf2;
+  
+	if (!SERVER_HAS_UNIX_CIFS(cli)) {
+		d_printf("Server doesn't support UNIX CIFS calls.\n");
+		return 1;
+	}
 
-  if (next_token(NULL,buf,NULL)) {
-    archive_level = atoi(buf);
-  } else
-    DEBUG(0,("Archive level is %d\n",archive_level));
+	pstrcpy(src,cur_dir);
+	pstrcpy(dest,cur_dir);
+	
+	if (!next_token(NULL,buf,NULL,sizeof(buf)) || 
+	    !next_token(NULL,buf2,NULL, sizeof(buf2))) {
+		d_printf("symlink <src> <dest>\n");
+		return 1;
+	}
+
+	pstrcat(src,buf);
+	pstrcat(dest,buf2);
+
+	if (!cli_unix_symlink(cli, src, dest)) {
+		d_printf("%s symlinking files (%s -> %s)\n",
+			cli_errstr(cli), src, dest);
+		return 1;
+	} 
+
+	return 0;
 }
 
 /****************************************************************************
-toggle the lowercaseflag
+ UNIX chmod.
 ****************************************************************************/
-static void cmd_lowercase(void)
+
+static int cmd_chmod(void)
 {
-  lowercase = !lowercase;
-  DEBUG(2,("filename lowercasing is now %s\n",lowercase?"on":"off"));
-}
+	pstring src;
+	mode_t mode;
+	fstring buf, buf2;
+  
+	if (!SERVER_HAS_UNIX_CIFS(cli)) {
+		d_printf("Server doesn't support UNIX CIFS calls.\n");
+		return 1;
+	}
 
+	pstrcpy(src,cur_dir);
+	
+	if (!next_token(NULL,buf,NULL,sizeof(buf)) || 
+	    !next_token(NULL,buf2,NULL, sizeof(buf2))) {
+		d_printf("chmod mode file\n");
+		return 1;
+	}
 
+	mode = (mode_t)strtol(buf, NULL, 8);
+	pstrcat(src,buf2);
 
+	if (!cli_unix_chmod(cli, src, mode)) {
+		d_printf("%s chmod file %s 0%o\n",
+			cli_errstr(cli), src, (unsigned int)mode);
+		return 1;
+	} 
 
-/****************************************************************************
-toggle the recurse flag
-****************************************************************************/
-static void cmd_recurse(void)
-{
-  recurse = !recurse;
-  DEBUG(2,("directory recursion is now %s\n",recurse?"on":"off"));
+	return 0;
 }
 
 /****************************************************************************
-toggle the translate flag
+ UNIX chown.
 ****************************************************************************/
-static void cmd_translate(void)
-{
-  translation = !translation;
-  DEBUG(2,("CR/LF<->LF and print text translation now %s\n",
-	translation?"on":"off"));
-}
-
 
-/****************************************************************************
-do a printmode command
-****************************************************************************/
-static void cmd_printmode(void)
+static int cmd_chown(void)
 {
-  fstring buf;
-  fstring mode;
-
-  if (next_token(NULL,buf,NULL))
-    {
-      if (strequal(buf,"text"))
-	printmode = 0;      
-      else
-	{
-	  if (strequal(buf,"graphics"))
-	    printmode = 1;
-	  else
-	    printmode = atoi(buf);
+	pstring src;
+	uid_t uid;
+	gid_t gid;
+	fstring buf, buf2, buf3;
+  
+	if (!SERVER_HAS_UNIX_CIFS(cli)) {
+		d_printf("Server doesn't support UNIX CIFS calls.\n");
+		return 1;
 	}
-    }
-
-  switch(printmode)
-    {
-    case 0: 
-      strcpy(mode,"text");
-      break;
-    case 1: 
-      strcpy(mode,"graphics");
-      break;
-    default: 
-      sprintf(mode,"%d",printmode);
-      break;
-    }
-
-  DEBUG(2,("the printmode is now %s\n",mode));
+
+	pstrcpy(src,cur_dir);
+	
+	if (!next_token(NULL,buf,NULL,sizeof(buf)) || 
+	    !next_token(NULL,buf2,NULL, sizeof(buf2)) ||
+	    !next_token(NULL,buf3,NULL, sizeof(buf3))) {
+		d_printf("chown uid gid file\n");
+		return 1;
+	}
+
+	uid = (uid_t)atoi(buf);
+	gid = (gid_t)atoi(buf2);
+	pstrcat(src,buf3);
+
+	if (!cli_unix_chown(cli, src, uid, gid)) {
+		d_printf("%s chown file %s uid=%d, gid=%d\n",
+			cli_errstr(cli), src, (int)uid, (int)gid);
+		return 1;
+	} 
+
+	return 0;
 }
 
 /****************************************************************************
-do the lcd command
+rename some files
 ****************************************************************************/
-static void cmd_lcd(void)
+static int cmd_rename(void)
 {
-  fstring buf;
-  pstring d;
+	pstring src,dest;
+	fstring buf,buf2;
+  
+	pstrcpy(src,cur_dir);
+	pstrcpy(dest,cur_dir);
+	
+	if (!next_token_nr(NULL,buf,NULL,sizeof(buf)) || 
+	    !next_token_nr(NULL,buf2,NULL, sizeof(buf2))) {
+		d_printf("rename <src> <dest>\n");
+		return 1;
+	}
+
+	pstrcat(src,buf);
+	pstrcat(dest,buf2);
 
-  if (next_token(NULL,buf,NULL))
-    sys_chdir(buf);
-  DEBUG(2,("the local directory is now %s\n",GetWd(d)));
+	if (!cli_rename(cli, src, dest)) {
+		d_printf("%s renaming files\n",cli_errstr(cli));
+		return 1;
+	}
+	
+	return 0;
 }
 
 
 /****************************************************************************
-send a session request
+toggle the prompt flag
 ****************************************************************************/
-static BOOL send_session_request(char *inbuf,char *outbuf)
+static int cmd_prompt(void)
 {
-  fstring dest;
-  char *p;
-  int len = 4;
-  /* send a session request (RFC 8002) */
-
-  strcpy(dest,desthost);
-  p = strchr(dest,'.');
-  if (p) *p = 0;
-
-  /* put in the destination name */
-  p = outbuf+len;
-  name_mangle(dest,p,name_type);
-  len += name_len(p);
-
-  /* and my name */
-  p = outbuf+len;
-  name_mangle(myname,p,0);
-  len += name_len(p);
-
-  /* setup the packet length */
-  _smb_setlen(outbuf,len);
-  CVAL(outbuf,0) = 0x81;
-
-  send_smb(Client,outbuf);
-  DEBUG(5,("Sent session request\n"));
-
-  receive_smb(Client,inbuf,CLIENT_TIMEOUT);
-
-  if (CVAL(inbuf,0) == 0x84) /* C. Hoch  9/14/95 Start */
-    {
-      /* For information, here is the response structure.
-       * We do the byte-twiddling to for portability.
-       struct RetargetResponse{
-       unsigned char type;
-       unsigned char flags;
-       int16 length;
-       int32 ip_addr;
-       int16 port;
-       };
-       */
-      extern int Client;
-      int port = (CVAL(inbuf,8)<<8)+CVAL(inbuf,9);
-      /* SESSION RETARGET */
-      putip((char *)&dest_ip,inbuf+4);
-
-      close_sockets();
-      Client = open_socket_out(SOCK_STREAM, &dest_ip, port);
-      if (Client == -1)
-        return False;
-
-      DEBUG(3,("Retargeted\n"));
-
-      set_socket_options(Client,user_socket_options);
-
-      /* Try again */
-      return send_session_request(inbuf,outbuf);
-    } /* C. Hoch 9/14/95 End */
-
-
-  if (CVAL(inbuf,0) != 0x82)
-    {
-      int ecode = CVAL(inbuf,4);
-      DEBUG(0,("Session request failed (%d,%d) with myname=%s destname=%s\n",
-	       CVAL(inbuf,0),ecode,myname,desthost));
-      switch (ecode)
-	{
-	case 0x80: 
-	  DEBUG(0,("Not listening on called name\n")); 
-	  DEBUG(0,("Try to connect to another name (instead of %s)\n",desthost));
-	  DEBUG(0,("You may find the -I option useful for this\n"));
-	  break;
-	case 0x81: 
-	  DEBUG(0,("Not listening for calling name\n")); 
-	  DEBUG(0,("Try to connect as another name (instead of %s)\n",myname));
-	  DEBUG(0,("You may find the -n option useful for this\n"));
-	  break;
-	case 0x82: 
-	  DEBUG(0,("Called name not present\n")); 
-	  DEBUG(0,("Try to connect to another name (instead of %s)\n",desthost));
-	  DEBUG(0,("You may find the -I option useful for this\n"));
-	  break;
-	case 0x83: 
-	  DEBUG(0,("Called name present, but insufficient resources\n")); 
-	  DEBUG(0,("Perhaps you should try again later?\n")); 
-	  break;
-	default:
-	  DEBUG(0,("Unspecified error 0x%X\n",ecode)); 
-	  DEBUG(0,("Your server software is being unfriendly\n"));
-	  break;	  
-	}
-      return(False);
-    }
-  return(True);
+	prompt = !prompt;
+	DEBUG(2,("prompting is now %s\n",prompt?"on":"off"));
+	
+	return 1;
 }
 
 
 /****************************************************************************
-send a login command
+set the newer than time
 ****************************************************************************/
-static BOOL send_login(char *inbuf,char *outbuf,BOOL start_session,BOOL use_setup)
+static int cmd_newer(void)
 {
-  BOOL was_null = (!inbuf && !outbuf);
-  int sesskey=0;
-  time_t servertime = 0;
-  extern int serverzone;
-  int sec_mode=0;
-  int crypt_len;
-  int max_vcs=0;
-  struct {
-    int prot;
-    char *name;
-  }
-  prots[] = 
-    {
-      {PROTOCOL_CORE,"PC NETWORK PROGRAM 1.0"},
-      {PROTOCOL_COREPLUS,"MICROSOFT NETWORKS 1.03"},
-      {PROTOCOL_LANMAN1,"MICROSOFT NETWORKS 3.0"},
-      {PROTOCOL_LANMAN1,"LANMAN1.0"},
-      {PROTOCOL_LANMAN2,"LM1.2X002"},
-      {PROTOCOL_LANMAN2,"Samba"},
-      {PROTOCOL_NT1,"NT LM 0.12"},
-      {PROTOCOL_NT1,"NT LANMAN 1.0"},
-      {-1,NULL}
-    };
-  char *pass = NULL;  
-  pstring dev;
-  char *p;
-  int numprots;
-
-  if (was_null)
-    {
-      inbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
-      outbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
-    }
-
-#if AJT
-  if (strstr(service,"IPC$")) connect_as_ipc = True;
-#endif
-
-  strcpy(dev,"A:");
-  if (connect_as_printer)
-    strcpy(dev,"LPT1:");
-  if (connect_as_ipc)
-    strcpy(dev,"IPC");
+	fstring buf;
+	BOOL ok;
+	SMB_STRUCT_STAT sbuf;
 
-
-  if (start_session && !send_session_request(inbuf,outbuf))
-    {
-      if (was_null)
-	{
-	  free(inbuf);
-	  free(outbuf);
-	}      
-      return(False);
-    }
-
-  bzero(outbuf,smb_size);
-
-  /* setup the protocol strings */
-  {
-    int plength;
-
-    for (plength=0,numprots=0;
-	 prots[numprots].name && prots[numprots].prot<=max_protocol;
-	 numprots++)
-      plength += strlen(prots[numprots].name)+2;
-    
-    set_message(outbuf,0,plength,True);
-
-    p = smb_buf(outbuf);
-    for (numprots=0;
-	 prots[numprots].name && prots[numprots].prot<=max_protocol;
-	 numprots++)
-      {
-	*p++ = 2;
-	strcpy(p,prots[numprots].name);
-	p += strlen(p) + 1;
-      }
-  }
-
-  CVAL(outbuf,smb_com) = SMBnegprot;
-  setup_pkt(outbuf);
-
-  CVAL(smb_buf(outbuf),0) = 2;
-
-  send_smb(Client,outbuf);
-  receive_smb(Client,inbuf,CLIENT_TIMEOUT);
-
-  show_msg(inbuf);
-
-  if (CVAL(inbuf,smb_rcls) != 0 || ((int)SVAL(inbuf,smb_vwv0) >= numprots))
-    {
-      DEBUG(0,("SMBnegprot failed. myname=%s destname=%s - %s \n",
-	    myname,desthost,smb_errstr(inbuf)));
-      if (was_null)
-	{
-	  free(inbuf);
-	  free(outbuf);
+	ok = next_token_nr(NULL,buf,NULL,sizeof(buf));
+	if (ok && (sys_stat(buf,&sbuf) == 0)) {
+		newer_than = sbuf.st_mtime;
+		DEBUG(1,("Getting files newer than %s",
+			 asctime(LocalTime(&newer_than))));
+	} else {
+		newer_than = 0;
 	}
-      return(False);
-    }
-
-  Protocol = prots[SVAL(inbuf,smb_vwv0)].prot;
-
-
-  if (Protocol < PROTOCOL_NT1) {    
-    sec_mode = SVAL(inbuf,smb_vwv1);
-    max_xmit = SVAL(inbuf,smb_vwv2);
-    sesskey = IVAL(inbuf,smb_vwv6);
-    serverzone = SVALS(inbuf,smb_vwv10)*60;
-    /* this time is converted to GMT by make_unix_date */
-    servertime = make_unix_date(inbuf+smb_vwv8);
-    if (Protocol >= PROTOCOL_COREPLUS) {
-      readbraw_supported = ((SVAL(inbuf,smb_vwv5) & 0x1) != 0);
-      writebraw_supported = ((SVAL(inbuf,smb_vwv5) & 0x2) != 0);
-    }
-    crypt_len = smb_buflen(inbuf);
-    memcpy(cryptkey,smb_buf(inbuf),8);
-    DEBUG(3,("max mux %d\n",SVAL(inbuf,smb_vwv3)));
-    max_vcs = SVAL(inbuf,smb_vwv4); 
-    DEBUG(3,("max vcs %d\n",max_vcs)); 
-    DEBUG(3,("max blk %d\n",SVAL(inbuf,smb_vwv5)));
-  } else {
-    /* NT protocol */
-    sec_mode = CVAL(inbuf,smb_vwv1);
-    max_xmit = IVAL(inbuf,smb_vwv3+1);
-    sesskey = IVAL(inbuf,smb_vwv7+1);
-    serverzone = SVALS(inbuf,smb_vwv15+1)*60;
-    /* this time arrives in real GMT */
-    servertime = interpret_long_date(inbuf+smb_vwv11+1);
-    crypt_len = CVAL(inbuf,smb_vwv16+1);
-    memcpy(cryptkey,smb_buf(inbuf),8);
-    if (IVAL(inbuf,smb_vwv9+1) & 1)
-      readbraw_supported = writebraw_supported = True;      
-    DEBUG(3,("max mux %d\n",SVAL(inbuf,smb_vwv1+1)));
-    max_vcs = SVAL(inbuf,smb_vwv2+1); 
-    DEBUG(3,("max vcs %d\n",max_vcs));
-    DEBUG(3,("max raw %d\n",IVAL(inbuf,smb_vwv5+1)));
-    DEBUG(3,("capabilities 0x%x\n",IVAL(inbuf,smb_vwv9+1)));
-  }
-
-  DEBUG(3,("Sec mode %d\n",SVAL(inbuf,smb_vwv1)));
-  DEBUG(3,("max xmt %d\n",max_xmit));
-  DEBUG(3,("Got %d byte crypt key\n",crypt_len));
-  DEBUG(3,("Chose protocol [%s]\n",prots[SVAL(inbuf,smb_vwv0)].name));
-
-  doencrypt = ((sec_mode & 2) != 0);
-
-  if (servertime) {
-    static BOOL done_time = False;
-    if (!done_time) {
-      DEBUG(1,("Server time is %sTimezone is UTC%+02.1f\n",
-	       asctime(LocalTime(&servertime,GMT_TO_LOCAL)),
-	       -(double)(serverzone/3600.0)));
-      done_time = True;
-    }
-  }
-
- get_pass:
-
-  if (got_pass)
-    pass = password;
-  else
-    pass = (char *)getpass("Password: ");
-
-  if (Protocol >= PROTOCOL_LANMAN1 && use_setup)
-    {
-      fstring pword;
-      int passlen = strlen(pass)+1;
-      strcpy(pword,pass);      
-
-#ifdef SMB_PASSWD
-      if (doencrypt && *pass) {
-	DEBUG(3,("Using encrypted passwords\n"));
-	passlen = 24;
-	SMBencrypt(pass,cryptkey,pword);
-      }
-#else
-      doencrypt = False;
-#endif
 
-      /* if in share level security then don't send a password now */
-      if (!(sec_mode & 1)) {strcpy(pword, "");passlen=1;} 
-
-      /* send a session setup command */
-      bzero(outbuf,smb_size);
-
-      if (Protocol < PROTOCOL_NT1) {
-	set_message(outbuf,10,1 + strlen(username) + passlen,True);
-	CVAL(outbuf,smb_com) = SMBsesssetupX;
-	setup_pkt(outbuf);
-
-	CVAL(outbuf,smb_vwv0) = 0xFF;
-	SSVAL(outbuf,smb_vwv2,max_xmit);
-	SSVAL(outbuf,smb_vwv3,2);
-	SSVAL(outbuf,smb_vwv4,max_vcs-1);
-	SIVAL(outbuf,smb_vwv5,sesskey);
-	SSVAL(outbuf,smb_vwv7,passlen);
-	p = smb_buf(outbuf);
-	memcpy(p,pword,passlen);
-	p += passlen;
-	strcpy(p,username);
-      } else {
-	if (!doencrypt) passlen--;
-	/* for Win95 */
-	set_message(outbuf,13,0,True);
-	CVAL(outbuf,smb_com) = SMBsesssetupX;
-	setup_pkt(outbuf);
-
-	CVAL(outbuf,smb_vwv0) = 0xFF;
-	SSVAL(outbuf,smb_vwv2,BUFFER_SIZE);
-	SSVAL(outbuf,smb_vwv3,2);
-	SSVAL(outbuf,smb_vwv4,getpid());
-	SIVAL(outbuf,smb_vwv5,sesskey);
-	SSVAL(outbuf,smb_vwv7,passlen);
-	SSVAL(outbuf,smb_vwv8,0);
-	p = smb_buf(outbuf);
-	memcpy(p,pword,passlen); p += SVAL(outbuf,smb_vwv7);
-	strcpy(p,username);p = skip_string(p,1);
-	strcpy(p,workgroup);p = skip_string(p,1);
-	strcpy(p,"Unix");p = skip_string(p,1);
-	strcpy(p,"Samba");p = skip_string(p,1);
-	set_message(outbuf,13,PTR_DIFF(p,smb_buf(outbuf)),False);
-      }
-
-      send_smb(Client,outbuf);
-      receive_smb(Client,inbuf,CLIENT_TIMEOUT);
-
-      show_msg(inbuf);
-
-      if (CVAL(inbuf,smb_rcls) != 0)
-	{
-	  if (! *pass &&
-	      ((CVAL(inbuf,smb_rcls) == ERRDOS && 
-		SVAL(inbuf,smb_err) == ERRnoaccess) ||
-	       (CVAL(inbuf,smb_rcls) == ERRSRV && 
-		SVAL(inbuf,smb_err) == ERRbadpw)))
-	    {
-	      got_pass = False;
-	      DEBUG(3,("resending login\n"));
-	      goto get_pass;
-	    }
-	      
-	  DEBUG(0,("Session setup failed for username=%s myname=%s destname=%s   %s\n",
-		username,myname,desthost,smb_errstr(inbuf)));
-	  DEBUG(0,("You might find the -U, -W or -n options useful\n"));
-	  DEBUG(0,("Sometimes you have to use `-n USERNAME' (particularly with OS/2)\n"));
-	  DEBUG(0,("Some servers also insist on uppercase-only passwords\n"));
-	  if (was_null)
-	    {
-	      free(inbuf);
-	      free(outbuf);
-	    }
-	  return(False);
+	if (ok && newer_than == 0) {
+		d_printf("Error setting newer-than time\n");
+		return 1;
 	}
 
-      if (Protocol >= PROTOCOL_NT1) {
-	char *domain,*os,*lanman;
-	p = smb_buf(inbuf);
-	os = p;
-	lanman = skip_string(os,1);
-	domain = skip_string(lanman,1);
-	if (*domain || *os || *lanman)
-	  DEBUG(1,("Domain=[%s] OS=[%s] Server=[%s]\n",domain,os,lanman));
-      }
-
-      /* use the returned uid from now on */
-      if (SVAL(inbuf,smb_uid) != uid)
-	DEBUG(3,("Server gave us a UID of %d. We gave %d\n",
-	      SVAL(inbuf,smb_uid),uid));
-      uid = SVAL(inbuf,smb_uid);
-    }
-
-  /* now we've got a connection - send a tcon message */
-  bzero(outbuf,smb_size);
-
-  if (strncmp(service,"\\\\",2) != 0)
-    {
-      DEBUG(0,("\nWarning: Your service name doesn't start with \\\\. This is probably incorrect.\n"));
-      DEBUG(0,("Perhaps try replacing each \\ with \\\\ on the command line?\n\n"));
-    }
-
-
- again2:
-
-  {
-    int passlen = strlen(pass)+1;
-    fstring pword;
-    strcpy(pword,pass);
-
-#ifdef SMB_PASSWD
-    if (doencrypt && *pass) {
-      passlen=24;
-      SMBencrypt(pass,cryptkey,pword);      
-    }
-#endif
-
-    /* if in user level security then don't send a password now */
-    if ((sec_mode & 1)) {
-      strcpy(pword, ""); passlen=1; 
-    }
-
-    set_message(outbuf,4,2 + strlen(service) + passlen + strlen(dev),True);
-    CVAL(outbuf,smb_com) = SMBtconX;
-    setup_pkt(outbuf);
-
-    SSVAL(outbuf,smb_vwv0,0xFF);
-    SSVAL(outbuf,smb_vwv3,passlen);
-
-    p = smb_buf(outbuf);
-    memcpy(p,pword,passlen);
-    p += passlen;
-    strcpy(p,service);
-    p = skip_string(p,1);
-    strcpy(p,dev);
-  }
-
-  send_smb(Client,outbuf);
-  receive_smb(Client,inbuf,CLIENT_TIMEOUT);
-
-  /* trying again with a blank password */
-  if (CVAL(inbuf,smb_rcls) != 0 && 
-      (int)strlen(pass) > 0 && 
-      !doencrypt &&
-      Protocol >= PROTOCOL_LANMAN1)
-    {
-      DEBUG(2,("first SMBtconX failed, trying again. %s\n",smb_errstr(inbuf)));
-      strcpy(pass,"");
-      goto again2;
-    }  
-
-  if (CVAL(inbuf,smb_rcls) != 0)
-    {
-      DEBUG(0,("SMBtconX failed. %s\n",smb_errstr(inbuf)));
-      DEBUG(0,("Perhaps you are using the wrong sharename, username or password?\n"));
-      DEBUG(0,("Some servers insist that these be in uppercase\n"));
-      if (was_null)
-	{
-	  free(inbuf);
-	  free(outbuf);
-	}
-      return(False);
-    }
-  
-
-  max_xmit = MIN(max_xmit,BUFFER_SIZE-4);
-  if (max_xmit <= 0)
-    max_xmit = BUFFER_SIZE - 4;
+	return 0;
+}
 
-  cnum = SVAL(inbuf,smb_tid);
+/****************************************************************************
+set the archive level
+****************************************************************************/
+static int cmd_archive(void)
+{
+	fstring buf;
 
-  DEBUG(3,("Connected with cnum=%d max_xmit=%d\n",cnum,max_xmit));
+	if (next_token_nr(NULL,buf,NULL,sizeof(buf))) {
+		archive_level = atoi(buf);
+	} else
+		d_printf("Archive level is %d\n",archive_level);
 
-  if (was_null)
-    {
-      free(inbuf);
-      free(outbuf);
-    }
-  return True;
+	return 0;
 }
 
-
 /****************************************************************************
-send a logout command
+toggle the lowercaseflag
 ****************************************************************************/
-static void send_logout(void )
+static int cmd_lowercase(void)
 {
-  pstring inbuf,outbuf;
+	lowercase = !lowercase;
+	DEBUG(2,("filename lowercasing is now %s\n",lowercase?"on":"off"));
 
-  bzero(outbuf,smb_size);
-  set_message(outbuf,0,0,True);
-  CVAL(outbuf,smb_com) = SMBtdis;
-  SSVAL(outbuf,smb_tid,cnum);
-  setup_pkt(outbuf);
+	return 0;
+}
 
-  send_smb(Client,outbuf);
-  receive_smb(Client,inbuf,SHORT_TIMEOUT);
 
-  if (CVAL(inbuf,smb_rcls) != 0)
-    {
-      DEBUG(0,("SMBtdis failed %s\n",smb_errstr(inbuf)));
-    }
 
-  
-#ifdef STATS
-  stats_report();
-#endif
-  exit(0);
-}
 
+/****************************************************************************
+toggle the recurse flag
+****************************************************************************/
+static int cmd_recurse(void)
+{
+	recurse = !recurse;
+	DEBUG(2,("directory recursion is now %s\n",recurse?"on":"off"));
 
+	return 0;
+}
 
 /****************************************************************************
-call a remote api
+toggle the translate flag
 ****************************************************************************/
-static BOOL call_api(int prcnt,int drcnt,
-		     int mprcnt,int mdrcnt,
-		     int *rprcnt,int *rdrcnt,
-		     char *param,char *data,
-		     char **rparam,char **rdata)
+static int cmd_translate(void)
 {
-  static char *inbuf=NULL;
-  static char *outbuf=NULL;
+	translation = !translation;
+	DEBUG(2,("CR/LF<->LF and print text translation now %s\n",
+		 translation?"on":"off"));
 
-  if (!inbuf) inbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
-  if (!outbuf) outbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
+	return 0;
+}
 
-  send_trans_request(outbuf,SMBtrans,"\\PIPE\\LANMAN",0,0,
-		     data,param,NULL,
-		     drcnt,prcnt,0,
-		     mdrcnt,mprcnt,0);
 
-  return (receive_trans_response(inbuf,SMBtrans,
-                                 rdrcnt,rprcnt,
-                                 rdata,rparam));
+/****************************************************************************
+do a printmode command
+****************************************************************************/
+static int cmd_printmode(void)
+{
+	fstring buf;
+	fstring mode;
+
+	if (next_token_nr(NULL,buf,NULL,sizeof(buf))) {
+		if (strequal(buf,"text")) {
+			printmode = 0;      
+		} else {
+			if (strequal(buf,"graphics"))
+				printmode = 1;
+			else
+				printmode = atoi(buf);
+		}
+	}
+
+	switch(printmode)
+		{
+		case 0: 
+			fstrcpy(mode,"text");
+			break;
+		case 1: 
+			fstrcpy(mode,"graphics");
+			break;
+		default: 
+			slprintf(mode,sizeof(mode)-1,"%d",printmode);
+			break;
+		}
+	
+	DEBUG(2,("the printmode is now %s\n",mode));
+
+	return 0;
 }
 
 /****************************************************************************
-  send a SMB trans or trans2 request
-  ****************************************************************************/
-static BOOL send_trans_request(char *outbuf,int trans,
-			       char *name,int fid,int flags,
-			       char *data,char *param,uint16 *setup,
-			       int ldata,int lparam,int lsetup,
-			       int mdata,int mparam,int msetup)
+do the lcd command
+****************************************************************************/
+static int cmd_lcd(void)
 {
-  int i;
-  int this_ldata,this_lparam;
-  int tot_data=0,tot_param=0;
-  char *outdata,*outparam;
-  pstring inbuf;
-  char *p;
-
-  this_lparam = MIN(lparam,max_xmit - (500+lsetup*SIZEOFWORD)); /* hack */
-  this_ldata = MIN(ldata,max_xmit - (500+lsetup*SIZEOFWORD+this_lparam));
-
-  bzero(outbuf,smb_size);
-  set_message(outbuf,14+lsetup,0,True);
-  CVAL(outbuf,smb_com) = trans;
-  SSVAL(outbuf,smb_tid,cnum);
-  setup_pkt(outbuf);
-
-  outparam = smb_buf(outbuf)+(trans==SMBtrans ? strlen(name)+1 : 3);
-  outdata = outparam+this_lparam;
-
-  /* primary request */
-  SSVAL(outbuf,smb_tpscnt,lparam);	/* tpscnt */
-  SSVAL(outbuf,smb_tdscnt,ldata);	/* tdscnt */
-  SSVAL(outbuf,smb_mprcnt,mparam);	/* mprcnt */
-  SSVAL(outbuf,smb_mdrcnt,mdata);	/* mdrcnt */
-  SCVAL(outbuf,smb_msrcnt,msetup);	/* msrcnt */
-  SSVAL(outbuf,smb_flags,flags);	/* flags */
-  SIVAL(outbuf,smb_timeout,0);		/* timeout */
-  SSVAL(outbuf,smb_pscnt,this_lparam);	/* pscnt */
-  SSVAL(outbuf,smb_psoff,smb_offset(outparam,outbuf)); /* psoff */
-  SSVAL(outbuf,smb_dscnt,this_ldata);	/* dscnt */
-  SSVAL(outbuf,smb_dsoff,smb_offset(outdata,outbuf)); /* dsoff */
-  SCVAL(outbuf,smb_suwcnt,lsetup);	/* suwcnt */
-  for (i=0;i<lsetup;i++)		/* setup[] */
-    SSVAL(outbuf,smb_setup+i*SIZEOFWORD,setup[i]);
-  p = smb_buf(outbuf);
-  if (trans==SMBtrans)
-    strcpy(p,name);			/* name[] */
-  else
-    {
-      *p++ = 0;				/* put in a null smb_name */
-      *p++ = 'D'; *p++ = ' ';		/* this was added because OS/2 does it */
-    }
-  if (this_lparam)			/* param[] */
-    memcpy(outparam,param,this_lparam);
-  if (this_ldata)			/* data[] */
-    memcpy(outdata,data,this_ldata);
-  set_message(outbuf,14+lsetup,		/* wcnt, bcc */
-	      PTR_DIFF(outdata+this_ldata,smb_buf(outbuf)),False);
-
-  show_msg(outbuf);
-  send_smb(Client,outbuf);
-
-  if (this_ldata < ldata || this_lparam < lparam)
-    {
-      /* receive interim response */
-      if (!receive_smb(Client,inbuf,SHORT_TIMEOUT) || CVAL(inbuf,smb_rcls) != 0)
-	{
-	  DEBUG(0,("%s request failed (%s)\n",
-	           trans==SMBtrans?"SMBtrans":"SMBtrans2", smb_errstr(inbuf)));
-	  return(False);
-	}      
-
-      tot_data = this_ldata;
-      tot_param = this_lparam;
-
-      while (tot_data < ldata || tot_param < lparam)
-    {
-	  this_lparam = MIN(lparam-tot_param,max_xmit - 500); /* hack */
-	  this_ldata = MIN(ldata-tot_data,max_xmit - (500+this_lparam));
-
-	  set_message(outbuf,trans==SMBtrans?8:9,0,True);
-	  CVAL(outbuf,smb_com) = trans==SMBtrans ? SMBtranss : SMBtranss2;
-
-	  outparam = smb_buf(outbuf);
-	  outdata = outparam+this_lparam;
-
-	  /* secondary request */
-	  SSVAL(outbuf,smb_tpscnt,lparam);	/* tpscnt */
-	  SSVAL(outbuf,smb_tdscnt,ldata);	/* tdscnt */
-	  SSVAL(outbuf,smb_spscnt,this_lparam);	/* pscnt */
-	  SSVAL(outbuf,smb_spsoff,smb_offset(outparam,outbuf)); /* psoff */
-	  SSVAL(outbuf,smb_spsdisp,tot_param);	/* psdisp */
-	  SSVAL(outbuf,smb_sdscnt,this_ldata);	/* dscnt */
-	  SSVAL(outbuf,smb_sdsoff,smb_offset(outdata,outbuf)); /* dsoff */
-	  SSVAL(outbuf,smb_sdsdisp,tot_data);	/* dsdisp */
-	  if (trans==SMBtrans2)
-	    SSVAL(outbuf,smb_sfid,fid);		/* fid */
-	  if (this_lparam)			/* param[] */
-	    memcpy(outparam,param,this_lparam);
-	  if (this_ldata)			/* data[] */
-	    memcpy(outdata,data,this_ldata);
-	  set_message(outbuf,trans==SMBtrans?8:9, /* wcnt, bcc */
-		      PTR_DIFF(outdata+this_ldata,smb_buf(outbuf)),False);
-
-	  show_msg(outbuf);
-	  send_smb(Client,outbuf);
-
-	  tot_data += this_ldata;
-	  tot_param += this_lparam;
-	}
-    }
+	fstring buf;
+	pstring d;
+	
+	if (next_token_nr(NULL,buf,NULL,sizeof(buf)))
+		chdir(buf);
+	DEBUG(2,("the local directory is now %s\n",sys_getwd(d)));
 
-    return(True);
+	return 0;
 }
 
 /****************************************************************************
-try and browse available connections on a host
+list a share name
 ****************************************************************************/
-static BOOL browse_host(BOOL sort)
+static void browse_fn(const char *name, uint32 m, 
+                      const char *comment, void *state)
 {
-#ifdef NOSTRCASECMP
-#define strcasecmp StrCaseCmp
-#endif
-  extern int strcasecmp();
-
-  char *rparam = NULL;
-  char *rdata = NULL;
-  char *p;
-  int rdrcnt,rprcnt;
-  pstring param;
-  int count = -1;
-
-  /* now send a SMBtrans command with api RNetShareEnum */
-  p = param;
-  SSVAL(p,0,0); /* api number */
-  p += 2;
-  strcpy(p,"WrLeh");
-  p = skip_string(p,1);
-  strcpy(p,"B13BWz");
-  p = skip_string(p,1);
-  SSVAL(p,0,1);
-  SSVAL(p,2,BUFFER_SIZE);
-  p += 4;
-
-  if (call_api(PTR_DIFF(p,param),0,
-	       1024,BUFFER_SIZE,
-               &rprcnt,&rdrcnt,
-	       param,NULL,
-	       &rparam,&rdata))
-    {
-      int res = SVAL(rparam,0);
-      int converter=SVAL(rparam,2);
-      int i;
-      BOOL long_share_name=False;
-      
-      if (res == 0)
-	{
-	  count=SVAL(rparam,4);
-	  p = rdata;
-
-	  if (count > 0)
-	    {
-	      printf("\n\tSharename      Type      Comment\n");
-	      printf("\t---------      ----      -------\n");
-	    }
-
-	  if (sort)
-	    qsort(p,count,20,QSORT_CAST strcasecmp);
-
-	  for (i=0;i<count;i++)
-	    {
-	      char *sname = p;
-	      int type = SVAL(p,14);
-	      int comment_offset = IVAL(p,16) & 0xFFFF;
-	      fstring typestr;
-	      *typestr=0;
-
-	      switch (type)
-		{
-		case STYPE_DISKTREE:
-		  strcpy(typestr,"Disk"); break;
-		case STYPE_PRINTQ:
-		  strcpy(typestr,"Printer"); break;	      
-		case STYPE_DEVICE:
-		  strcpy(typestr,"Device"); break;
-		case STYPE_IPC:
-		  strcpy(typestr,"IPC"); break;      
-		}
+        fstring typestr;
 
-	      printf("\t%-15.15s%-10.10s%s\n",
-		     sname,
-		     typestr,
-		     comment_offset?rdata+comment_offset-converter:"");
-	  
-	      if (strlen(sname)>8) long_share_name=True;
-	  
-	      p += 20;
-	    }
-
-	  if (long_share_name) {
-	    printf("\nNOTE: There were share names longer than 8 chars.\nOn older clients these may not be accessible or may give browsing errors\n");
-	  }
-	}
-    }
-  
-  if (rparam) free(rparam);
-  if (rdata) free(rdata);
+        *typestr=0;
 
-  return(count>0);
+        switch (m)
+        {
+          case STYPE_DISKTREE:
+            fstrcpy(typestr,"Disk"); break;
+          case STYPE_PRINTQ:
+            fstrcpy(typestr,"Printer"); break;
+          case STYPE_DEVICE:
+            fstrcpy(typestr,"Device"); break;
+          case STYPE_IPC:
+            fstrcpy(typestr,"IPC"); break;
+        }
+	/* FIXME: If the remote machine returns non-ascii characters
+	   in any of these fields, they can corrupt the output.  We
+	   should remove them. */
+	d_printf("\t%-15.15s%-10.10s%s\n",
+               name,typestr,comment);
 }
 
 
 /****************************************************************************
-get some server info
+try and browse available connections on a host
 ****************************************************************************/
-static void server_info()
+static BOOL browse_host(BOOL sort)
 {
-  char *rparam = NULL;
-  char *rdata = NULL;
-  char *p;
-  int rdrcnt,rprcnt;
-  pstring param;
-
-  bzero(param,sizeof(param));
-
-  p = param;
-  SSVAL(p,0,63); /* api number */
-  p += 2;
-  strcpy(p,"WrLh");
-  p = skip_string(p,1);
-  strcpy(p,"zzzBBzz");
-  p = skip_string(p,1);
-  SSVAL(p,0,10); /* level 10 */
-  SSVAL(p,2,1000);
-  p += 6;
-
-  if (call_api(PTR_DIFF(p,param),0,
-	       6,1000,
-	       &rprcnt,&rdrcnt,
-	       param,NULL,
-	       &rparam,&rdata))
-    {
-      int res = SVAL(rparam,0);
-      int converter=SVAL(rparam,2);
-
-      if (res == 0)
-	{
-      p = rdata;
+	int ret;
 
-      printf("\nServer=[%s] User=[%s] Workgroup=[%s] Domain=[%s]\n",
-	     rdata+SVAL(p,0)-converter,
-	     rdata+SVAL(p,4)-converter,
-	     rdata+SVAL(p,8)-converter,
-	     rdata+SVAL(p,14)-converter);
-    }
-    }
+        d_printf("\n\tSharename      Type      Comment\n");
+        d_printf("\t---------      ----      -------\n");
 
-  if (rparam) free(rparam);
-  if (rdata) free(rdata);
+	if((ret = cli_RNetShareEnum(cli, browse_fn, NULL)) == -1)
+		d_printf("Error returning browse list: %s\n", cli_errstr(cli));
 
-  return;
+	return (ret != -1);
 }
 
+/****************************************************************************
+list a server name
+****************************************************************************/
+static void server_fn(const char *name, uint32 m, 
+                      const char *comment, void *state)
+{
+        d_printf("\t%-16.16s     %s\n", name, comment);
+}
 
 /****************************************************************************
 try and browse available connections on a host
 ****************************************************************************/
-static BOOL list_servers()
+static BOOL list_servers(char *wk_grp)
 {
-  char *rparam = NULL;
-  char *rdata = NULL;
-  int rdrcnt,rprcnt;
-  char *p;
-  pstring param;
-  int uLevel = 1;
-  int count = 0;
-
-  /* now send a SMBtrans command with api ServerEnum? */
-  p = param;
-  SSVAL(p,0,0x68); /* api number */
-  p += 2;
-  strcpy(p,"WrLehDO");
-  p = skip_string(p,1);
-
-  strcpy(p,"B16BBDz");
-#if 0
-  strcpy(p,getenv("XX_STR2"));
-#endif
-
-  p = skip_string(p,1);
-  SSVAL(p,0,uLevel);
-  SSVAL(p,2,0x2000); /* buf length */
-  p += 4;
-
-  SIVAL(p,0,SV_TYPE_ALL);
-
-  if (call_api(PTR_DIFF(p+4,param),0,
-	       8,10000,
-	       &rprcnt,&rdrcnt,
-	       param,NULL,
-	       &rparam,&rdata))
-    {
-      int res = SVAL(rparam,0);
-      int converter=SVAL(rparam,2);
-      int i;
-
-      if (res == 0) {	
-	char *p2 = rdata;
-	count=SVAL(rparam,4);
-
-	if (count > 0) {
-	  printf("\n\nThis machine has a browse list:\n");
-	  printf("\n\tServer               Comment\n");
-	  printf("\t---------            -------\n");
-	}
+	if (!cli->server_domain) return False;
 	
-	for (i=0;i<count;i++) {
-	  char *sname = p2;
-	  int comment_offset = IVAL(p2,22) & 0xFFFF;
-	  printf("\t%-16.16s     %s\n",
-		 sname,
-		 comment_offset?rdata+comment_offset-converter:"");
-	  
-	  p2 += 26;
-	}
-      }
-    }
-
-  if (rparam) {free(rparam); rparam = NULL;}
-  if (rdata) {free(rdata); rdata = NULL;}
-
-  SIVAL(p,0,SV_TYPE_DOMAIN_ENUM);
-
-  if (call_api(PTR_DIFF(p+4,param),0,
-	       8,10000,
-	       &rprcnt,&rdrcnt,
-	       param,NULL,
-	       &rparam,&rdata))
-    {
-      int res = SVAL(rparam,0);
-      int converter=SVAL(rparam,2);
-      int i;
-
-      if (res == 0) {
-	char *p2 = rdata;
-	count=SVAL(rparam,4);
-
-	if (count > 0) {
-	  printf("\n\nThis machine has a workgroup list:\n");
-	  printf("\n\tWorkgroup            Master\n");
-	  printf("\t---------            -------\n");
-	}
-	
-	for (i=0;i<count;i++) {
-	  char *sname = p2;
-	  int comment_offset = IVAL(p2,22) & 0xFFFF;
-	  printf("\t%-16.16s     %s\n",
-		 sname,
-		 comment_offset?rdata+comment_offset-converter:"");
-	  
-	  p2 += 26;
-	}
-      }
-    }
+        d_printf("\n\tServer               Comment\n");
+        d_printf("\t---------            -------\n");
 
-  if (rparam) free(rparam);
-  if (rdata) free(rdata);
-
-  return(count>0);
-}
+	cli_NetServerEnum(cli, cli->server_domain, SV_TYPE_ALL, server_fn, NULL);
 
+        d_printf("\n\tWorkgroup            Master\n");
+        d_printf("\t---------            -------\n");
 
+	cli_NetServerEnum(cli, cli->server_domain, SV_TYPE_DOMAIN_ENUM, server_fn, NULL);
+	return True;
+}
 
+/* Some constants for completing filename arguments */
 
-void cmd_help();
+#define COMPL_NONE        0          /* No completions */
+#define COMPL_REMOTE      1          /* Complete remote filename */
+#define COMPL_LOCAL       2          /* Complete local filename */
 
-/* This defines the commands supported by this client */
+/* This defines the commands supported by this client.
+ * NOTE: The "!" must be the last one in the list because it's fn pointer
+ *       field is NULL, and NULL in that field is used in process_tok()
+ *       (below) to indicate the end of the list.  crh
+ */
 struct
 {
   char *name;
-  void (*fn)();
+  int (*fn)(void);
   char *description;
+  char compl_args[2];      /* Completion argument info */
 } commands[] = 
 {
-  {"ls",cmd_dir,"<mask> list the contents of the current directory"},
-  {"dir",cmd_dir,"<mask> list the contents of the current directory"},
-  {"lcd",cmd_lcd,"[directory] change/report the local current working directory"},
-  {"cd",cmd_cd,"[directory] change/report the remote directory"},
-  {"pwd",cmd_pwd,"show current remote directory (same as 'cd' with no args)"},
-  {"get",cmd_get,"<remote name> [local name] get a file"},
-  {"mget",cmd_mget,"<mask> get all the matching files"},
-  {"put",cmd_put,"<local name> [remote name] put a file"},
-  {"mput",cmd_mput,"<mask> put all matching files"},
-  {"rename",cmd_rename,"<src> <dest> rename some files"},
-  {"more",cmd_more,"<remote name> view a remote file with your pager"},  
-  {"mask",cmd_select,"<mask> mask all filenames against this"},
-  {"del",cmd_del,"<mask> delete all matching files"},
-  {"rm",cmd_del,"<mask> delete all matching files"},
-  {"mkdir",cmd_mkdir,"<directory> make a directory"},
-  {"md",cmd_mkdir,"<directory> make a directory"},
-  {"rmdir",cmd_rmdir,"<directory> remove a directory"},
-  {"rd",cmd_rmdir,"<directory> remove a directory"},
-  {"prompt",cmd_prompt,"toggle prompting for filenames for mget and mput"},  
-  {"recurse",cmd_recurse,"toggle directory recursion for mget and mput"},  
-  {"translate",cmd_translate,"toggle text translation for printing"},  
-  {"lowercase",cmd_lowercase,"toggle lowercasing of filenames for get"},  
-  {"print",cmd_print,"<file name> print a file"},
-  {"printmode",cmd_printmode,"<graphics or text> set the print mode"},
-  {"queue",cmd_queue,"show the print queue"},
-  {"cancel",cmd_cancel,"<jobid> cancel a print queue entry"},
-  {"stat",cmd_stat,"<file> get info on a file (experimental!)"},
-  {"quit",send_logout,"logoff the server"},
-  {"q",send_logout,"logoff the server"},
-  {"exit",send_logout,"logoff the server"},
-  {"newer",cmd_newer,"<file> only mget files newer than the specified local file"},
-  {"archive",cmd_archive,"<level>\n0=ignore archive bit\n1=only get archive files\n2=only get archive files and reset archive bit\n3=get all files and reset archive bit"},
-  {"tar",cmd_tar,"tar <c|x>[IXbgNa] current directory to/from <file name>" },
-  {"blocksize",cmd_block,"blocksize <number> (default 20)" },
-  {"tarmode",cmd_tarmode,
-     "<full|inc|reset|noreset> tar's behaviour towards archive bits" },
-  {"setmode",cmd_setmode,"filename <setmode string> change modes of file"},
-  {"help",cmd_help,"[command] give help on a command"},
-  {"?",cmd_help,"[command] give help on a command"},
-  {"!",NULL,"run a shell command on the local system"},
-  {"",NULL,NULL}
+  {"?",cmd_help,"[command] give help on a command",{COMPL_NONE,COMPL_NONE}},
+  {"altname",cmd_altname,"<file> show alt name",{COMPL_NONE,COMPL_NONE}},
+  {"archive",cmd_archive,"<level>\n0=ignore archive bit\n1=only get archive files\n2=only get archive files and reset archive bit\n3=get all files and reset archive bit",{COMPL_NONE,COMPL_NONE}},
+  {"blocksize",cmd_block,"blocksize <number> (default 20)",{COMPL_NONE,COMPL_NONE}},
+  {"cancel",cmd_cancel,"<jobid> cancel a print queue entry",{COMPL_NONE,COMPL_NONE}},
+  {"cd",cmd_cd,"[directory] change/report the remote directory",{COMPL_REMOTE,COMPL_NONE}},
+  {"chmod",cmd_chmod,"<src> <mode> chmod a file using UNIX permission",{COMPL_REMOTE,COMPL_REMOTE}},
+  {"chown",cmd_chown,"<src> <uid> <gid> chown a file using UNIX uids and gids",{COMPL_REMOTE,COMPL_REMOTE}},
+  {"del",cmd_del,"<mask> delete all matching files",{COMPL_REMOTE,COMPL_NONE}},
+  {"dir",cmd_dir,"<mask> list the contents of the current directory",{COMPL_REMOTE,COMPL_NONE}},
+  {"du",cmd_du,"<mask> computes the total size of the current directory",{COMPL_REMOTE,COMPL_NONE}},
+  {"exit",cmd_quit,"logoff the server",{COMPL_NONE,COMPL_NONE}},
+  {"get",cmd_get,"<remote name> [local name] get a file",{COMPL_REMOTE,COMPL_LOCAL}},
+  {"help",cmd_help,"[command] give help on a command",{COMPL_NONE,COMPL_NONE}},
+  {"history",cmd_history,"displays the command history",{COMPL_NONE,COMPL_NONE}},
+  {"lcd",cmd_lcd,"[directory] change/report the local current working directory",{COMPL_LOCAL,COMPL_NONE}},
+  {"link",cmd_link,"<src> <dest> create a UNIX hard link",{COMPL_REMOTE,COMPL_REMOTE}},
+  {"lowercase",cmd_lowercase,"toggle lowercasing of filenames for get",{COMPL_NONE,COMPL_NONE}},  
+  {"ls",cmd_dir,"<mask> list the contents of the current directory",{COMPL_REMOTE,COMPL_NONE}},
+  {"mask",cmd_select,"<mask> mask all filenames against this",{COMPL_REMOTE,COMPL_NONE}},
+  {"md",cmd_mkdir,"<directory> make a directory",{COMPL_NONE,COMPL_NONE}},
+  {"mget",cmd_mget,"<mask> get all the matching files",{COMPL_REMOTE,COMPL_NONE}},
+  {"mkdir",cmd_mkdir,"<directory> make a directory",{COMPL_NONE,COMPL_NONE}},
+  {"more",cmd_more,"<remote name> view a remote file with your pager",{COMPL_REMOTE,COMPL_NONE}},  
+  {"mput",cmd_mput,"<mask> put all matching files",{COMPL_REMOTE,COMPL_NONE}},
+  {"newer",cmd_newer,"<file> only mget files newer than the specified local file",{COMPL_LOCAL,COMPL_NONE}},
+  {"open",cmd_open,"<mask> open a file",{COMPL_REMOTE,COMPL_NONE}},
+  {"print",cmd_print,"<file name> print a file",{COMPL_NONE,COMPL_NONE}},
+  {"printmode",cmd_printmode,"<graphics or text> set the print mode",{COMPL_NONE,COMPL_NONE}},
+  {"prompt",cmd_prompt,"toggle prompting for filenames for mget and mput",{COMPL_NONE,COMPL_NONE}},  
+  {"put",cmd_put,"<local name> [remote name] put a file",{COMPL_LOCAL,COMPL_REMOTE}},
+  {"pwd",cmd_pwd,"show current remote directory (same as 'cd' with no args)",{COMPL_NONE,COMPL_NONE}},
+  {"q",cmd_quit,"logoff the server",{COMPL_NONE,COMPL_NONE}},
+  {"queue",cmd_queue,"show the print queue",{COMPL_NONE,COMPL_NONE}},
+  {"quit",cmd_quit,"logoff the server",{COMPL_NONE,COMPL_NONE}},
+  {"rd",cmd_rmdir,"<directory> remove a directory",{COMPL_NONE,COMPL_NONE}},
+  {"recurse",cmd_recurse,"toggle directory recursion for mget and mput",{COMPL_NONE,COMPL_NONE}},  
+  {"rename",cmd_rename,"<src> <dest> rename some files",{COMPL_REMOTE,COMPL_REMOTE}},
+  {"rm",cmd_del,"<mask> delete all matching files",{COMPL_REMOTE,COMPL_NONE}},
+  {"rmdir",cmd_rmdir,"<directory> remove a directory",{COMPL_NONE,COMPL_NONE}},
+  {"setmode",cmd_setmode,"filename <setmode string> change modes of file",{COMPL_REMOTE,COMPL_NONE}},
+  {"symlink",cmd_symlink,"<src> <dest> create a UNIX symlink",{COMPL_REMOTE,COMPL_REMOTE}},
+  {"tar",cmd_tar,"tar <c|x>[IXFqbgNan] current directory to/from <file name>",{COMPL_NONE,COMPL_NONE}},
+  {"tarmode",cmd_tarmode,"<full|inc|reset|noreset> tar's behaviour towards archive bits",{COMPL_NONE,COMPL_NONE}},
+  {"translate",cmd_translate,"toggle text translation for printing",{COMPL_NONE,COMPL_NONE}},
+  
+  /* Yes, this must be here, see crh's comment above. */
+  {"!",NULL,"run a shell command on the local system",{COMPL_NONE,COMPL_NONE}},
+  {"",NULL,NULL,{COMPL_NONE,COMPL_NONE}}
 };
 
 
@@ -3730,805 +2024,892 @@ struct
   ******************************************************************/
 static int process_tok(fstring tok)
 {
-  int i = 0, matches = 0;
-  int cmd=0;
-  int tok_len = strlen(tok);
-  
-  while (commands[i].fn != NULL)
-    {
-      if (strequal(commands[i].name,tok))
-	{
-	  matches = 1;
-	  cmd = i;
-	  break;
-	}
-      else if (strnequal(commands[i].name, tok, tok_len+1))
-	{
-	  matches++;
-	  cmd = i;
+	int i = 0, matches = 0;
+	int cmd=0;
+	int tok_len = strlen(tok);
+	
+	while (commands[i].fn != NULL) {
+		if (strequal(commands[i].name,tok)) {
+			matches = 1;
+			cmd = i;
+			break;
+		} else if (strnequal(commands[i].name, tok, tok_len)) {
+			matches++;
+			cmd = i;
+		}
+		i++;
 	}
-      i++;
-    }
   
-  if (matches == 0)
-    return(-1);
-  else if (matches == 1)
-    return(cmd);
-  else
-    return(-2);
+	if (matches == 0)
+		return(-1);
+	else if (matches == 1)
+		return(cmd);
+	else
+		return(-2);
 }
 
 /****************************************************************************
 help
 ****************************************************************************/
-void cmd_help(void)
+static int cmd_help(void)
 {
-  int i=0,j;
-  fstring buf;
-
-  if (next_token(NULL,buf,NULL))
-    {
-      if ((i = process_tok(buf)) >= 0)
-	DEBUG(0,("HELP %s:\n\t%s\n\n",commands[i].name,commands[i].description));		    
-    }
-  else
-    while (commands[i].description)
-      {
-	for (j=0; commands[i].description && (j<5); j++) {
-	  DEBUG(0,("%-15s",commands[i].name));
-	  i++;
+	int i=0,j;
+	fstring buf;
+	
+	if (next_token_nr(NULL,buf,NULL,sizeof(buf))) {
+		if ((i = process_tok(buf)) >= 0)
+			d_printf("HELP %s:\n\t%s\n\n",commands[i].name,commands[i].description);
+	} else {
+		while (commands[i].description) {
+			for (j=0; commands[i].description && (j<5); j++) {
+				d_printf("%-15s",commands[i].name);
+				i++;
+			}
+			d_printf("\n");
+		}
 	}
-	DEBUG(0,("\n"));
-      }
+	return 0;
 }
 
 /****************************************************************************
-open the client sockets
+process a -c command string
 ****************************************************************************/
-static BOOL open_sockets(int port )
+static int process_command_string(char *cmd)
 {
-  static int last_port;
-  char *host;
-  pstring service2;
-  extern int Client;
-#ifdef USENMB
-  BOOL failed = True;
-#endif
+	pstring line;
+	char *ptr;
+	int rc = 0;
 
-  if (port == 0) port=last_port;
-  last_port=port;
-
-  strupper(service);
-
-  if (*desthost)
-    {
-      host = desthost;
-    }
-  else
-    {
-      strcpy(service2,service);
-      host = strtok(service2,"\\/");
-      if (!host) {
-	DEBUG(0,("Badly formed host name\n"));
-	return(False);
-      }
-      strcpy(desthost,host);
-    }
-
-  DEBUG(3,("Opening sockets\n"));
-
-  if (*myname == 0)
-    {
-      get_myname(myname,NULL);
-      strupper(myname);
-    }
-
-  if (!have_ip)
-    {
-      struct hostent *hp;
-
-      if ((hp = Get_Hostbyname(host))) {
-	putip((char *)&dest_ip,(char *)hp->h_addr);
-	failed = False;
-      } else {
-#ifdef USENMB
-	/* Try and resolve the name with the netbios server */
-	int           	bcast;
-	pstring		hs;
-	struct in_addr	ip1, ip2;
+	while (cmd[0] != '\0')    {
+		char *p;
+		fstring tok;
+		int i;
+		
+		if ((p = strchr_m(cmd, ';')) == 0) {
+			strncpy(line, cmd, 999);
+			line[1000] = '\0';
+			cmd += strlen(cmd);
+		} else {
+			if (p - cmd > 999) p = cmd + 999;
+			strncpy(line, cmd, p - cmd);
+			line[p - cmd] = '\0';
+			cmd = p + 1;
+		}
+		
+		/* and get the first part of the command */
+		ptr = line;
+		if (!next_token_nr(&ptr,tok,NULL,sizeof(tok))) continue;
+		
+		if ((i = process_tok(tok)) >= 0) {
+			rc = commands[i].fn();
+		} else if (i == -2) {
+			d_printf("%s: command abbreviation ambiguous\n",tok);
+		} else {
+			d_printf("%s: command not found\n",tok);
+		}
+	}
 	
-	if ((bcast = open_socket_in(SOCK_DGRAM, 0, 3)) != -1) {
-	  set_socket_options (bcast, "SO_BROADCAST");
+	return rc;
+}	
+
+/****************************************************************************
+handle completion of commands for readline
+****************************************************************************/
+static char **completion_fn(char *text, int start, int end)
+{
+#define MAX_COMPLETIONS 100
+	char **matches;
+	int i, count=0;
+
+	/* for words not at the start of the line fallback to filename completion */
+	if (start) return NULL;
 
-	  if (!got_bcast && get_myname(hs, &ip1)) {
-	    get_broadcast(&ip1, &bcast_ip, &ip2);
-	  }
+	matches = (char **)malloc(sizeof(matches[0])*MAX_COMPLETIONS);
+	if (!matches) return NULL;
 
-	  if (name_query(bcast, host, 0x20, True, True, bcast_ip, &dest_ip,0)){
-	    failed = False;
-	  }
-	  close (bcast);
+	matches[count++] = strdup(text);
+	if (!matches[0]) return NULL;
+
+	for (i=0;commands[i].fn && count < MAX_COMPLETIONS-1;i++) {
+		if (strncmp(text, commands[i].name, strlen(text)) == 0) {
+			matches[count] = strdup(commands[i].name);
+			if (!matches[count]) return NULL;
+			count++;
+		}
 	}
-#endif
-	if (failed) {
-	  DEBUG(0,("Get_Hostbyname: Unknown host %s.\n",host));
-	  return False;
+
+	if (count == 2) {
+		SAFE_FREE(matches[0]);
+		matches[0] = strdup(matches[1]);
 	}
-      }
-    }
+	matches[count] = NULL;
+	return matches;
+}
 
-  Client = open_socket_out(SOCK_STREAM, &dest_ip, port);
-  if (Client == -1)
-    return False;
 
-  DEBUG(3,("Connected\n"));
-  
-  set_socket_options(Client,user_socket_options);  
-  
-  return True;
+/****************************************************************************
+make sure we swallow keepalives during idle time
+****************************************************************************/
+static void readline_callback(void)
+{
+	fd_set fds;
+	struct timeval timeout;
+	static time_t last_t;
+	time_t t;
+
+	t = time(NULL);
+
+	if (t - last_t < 5) return;
+
+	last_t = t;
+
+ again:
+	FD_ZERO(&fds);
+	FD_SET(cli->fd,&fds);
+
+	timeout.tv_sec = 0;
+	timeout.tv_usec = 0;
+	sys_select_intr(cli->fd+1,&fds,NULL,NULL,&timeout);
+      		
+	/* We deliberately use receive_smb instead of
+	   client_receive_smb as we want to receive
+	   session keepalives and then drop them here.
+	*/
+	if (FD_ISSET(cli->fd,&fds)) {
+		receive_smb(cli->fd,cli->inbuf,0);
+		goto again;
+	}
+      
+	cli_chkpath(cli, "\\");
 }
 
+
 /****************************************************************************
-wait for keyboard activity, swallowing network packets
+process commands on stdin
 ****************************************************************************/
-#ifdef CLIX
-static char wait_keyboard(char *buffer)
-#else
-static void wait_keyboard(char *buffer)
-#endif
+static void process_stdin(void)
 {
-  fd_set fds;
-  int selrtn;
-  struct timeval timeout;
-  
-#ifdef CLIX
-  int delay = 0;
-#endif
-  
-  while (1) 
-    {
-      extern int Client;
-      FD_ZERO(&fds);
-      FD_SET(Client,&fds);
-#ifndef CLIX
-      FD_SET(fileno(stdin),&fds);
-#endif
+	char *ptr;
 
-      timeout.tv_sec = 20;
-      timeout.tv_usec = 0;
-#ifdef CLIX
-      timeout.tv_sec = 0;
-#endif
-      selrtn = sys_select(&fds,&timeout);
-      
-#ifndef CLIX
-      if (FD_ISSET(fileno(stdin),&fds))
-  	return;
-#else
-      {
-	char ch;
-	int f_flags;
-	int readret;
-	
-	f_flags = fcntl(fileno(stdin), F_GETFL, 0);
-	fcntl( fileno(stdin), F_SETFL, f_flags | O_NONBLOCK);
-	readret = read_data( fileno(stdin), &ch, 1);
-	fcntl(fileno(stdin), F_SETFL, f_flags);
-	if (readret == -1)
-	  {
-	    if (errno != EAGAIN)
-	      {
-		/* should crash here */
-		DEBUG(1,("readchar stdin failed\n"));
-	      }
-	  }
-	else if (readret != 0)
-	  {
-	    return ch;
-	  }
-      }
-#endif
-      if (FD_ISSET(Client,&fds))
-  	receive_smb(Client,buffer,0);
+	while (1) {
+		fstring tok;
+		fstring the_prompt;
+		char *cline;
+		pstring line;
+		int i;
+		
+		/* display a prompt */
+		slprintf(the_prompt, sizeof(the_prompt)-1, "smb: %s> ", cur_dir);
+		cline = smb_readline(the_prompt, readline_callback, completion_fn);
+			
+		if (!cline) break;
+		
+		pstrcpy(line, cline);
+
+		/* special case - first char is ! */
+		if (*line == '!') {
+			system(line + 1);
+			continue;
+		}
       
-#ifdef CLIX
-      delay++;
-      if (delay > 100000)
-	{
-	  delay = 0;
-	  chkpath("\\",False);
+		/* and get the first part of the command */
+		ptr = line;
+		if (!next_token_nr(&ptr,tok,NULL,sizeof(tok))) continue;
+
+		if ((i = process_tok(tok)) >= 0) {
+			commands[i].fn();
+		} else if (i == -2) {
+			d_printf("%s: command abbreviation ambiguous\n",tok);
+		} else {
+			d_printf("%s: command not found\n",tok);
+		}
 	}
-#else
-      chkpath("\\",False);
-#endif
-    }  
 }
 
 
-/****************************************************************************
-close and open the connection again
-****************************************************************************/
-BOOL reopen_connection(char *inbuf,char *outbuf)
+/***************************************************** 
+return a connection to a server
+*******************************************************/
+struct cli_state *do_connect(const char *server, const char *share)
 {
-  static int open_count=0;
+	struct cli_state *c;
+	struct nmb_name called, calling;
+	const char *server_n;
+	struct in_addr ip;
+	fstring servicename;
+	char *sharename;
+	
+	/* make a copy so we don't modify the global string 'service' */
+	safe_strcpy(servicename, share, sizeof(servicename)-1);
+	sharename = servicename;
+	if (*sharename == '\\') {
+		server = sharename+2;
+		sharename = strchr_m(server,'\\');
+		if (!sharename) return NULL;
+		*sharename = 0;
+		sharename++;
+	}
 
-  open_count++;
+	server_n = server;
+	
+	zero_ip(&ip);
+
+	make_nmb_name(&calling, global_myname, 0x0);
+	make_nmb_name(&called , server, name_type);
 
-  if (open_count>5) return(False);
+ again:
+	zero_ip(&ip);
+	if (have_ip) ip = dest_ip;
+
+	/* have to open a new connection */
+	if (!(c=cli_initialise(NULL)) || (cli_set_port(c, port) != port) ||
+	    !cli_connect(c, server_n, &ip)) {
+		d_printf("Connection to %s failed\n", server_n);
+		return NULL;
+	}
+
+	c->protocol = max_protocol;
+	c->use_kerberos = use_kerberos;
+
+	if (!cli_session_request(c, &calling, &called)) {
+		char *p;
+		d_printf("session request to %s failed (%s)\n", 
+			 called.name, cli_errstr(c));
+		cli_shutdown(c);
+		if ((p=strchr_m(called.name, '.'))) {
+			*p = 0;
+			goto again;
+		}
+		if (strcmp(called.name, "*SMBSERVER")) {
+			make_nmb_name(&called , "*SMBSERVER", 0x20);
+			goto again;
+		}
+		return NULL;
+	}
 
-  DEBUG(1,("Trying to re-open connection\n"));
+	DEBUG(4,(" session request ok\n"));
 
-  set_message(outbuf,0,0,True);
-  SCVAL(outbuf,smb_com,SMBtdis);
-  SSVAL(outbuf,smb_tid,cnum);
-  setup_pkt(outbuf);
+	if (!cli_negprot(c)) {
+		d_printf("protocol negotiation failed\n");
+		cli_shutdown(c);
+		return NULL;
+	}
 
-  send_smb(Client,outbuf);
-  receive_smb(Client,inbuf,SHORT_TIMEOUT);
+	if (!got_pass) {
+		char *pass = getpass("Password: ");
+		if (pass) {
+			pstrcpy(password, pass);
+		}
+	}
 
-  close_sockets();
-  if (!open_sockets(0)) return(False);
+	if (!cli_session_setup(c, username, 
+			       password, strlen(password),
+			       password, strlen(password),
+			       workgroup)) {
+		/* if a password was not supplied then try again with a null username */
+		if (password[0] || !username[0] || use_kerberos ||
+		    !cli_session_setup(c, "", "", 0, "", 0, workgroup)) { 
+			d_printf("session setup failed: %s\n", cli_errstr(c));
+			cli_shutdown(c);
+			return NULL;
+		}
+		d_printf("Anonymous login successful\n");
+	}
 
-  return(send_login(inbuf,outbuf,True,True));
+	if (*c->server_domain) {
+		DEBUG(1,("Domain=[%s] OS=[%s] Server=[%s]\n",
+			c->server_domain,c->server_os,c->server_type));
+	} else if (*c->server_os || *c->server_type){
+		DEBUG(1,("OS=[%s] Server=[%s]\n",
+			 c->server_os,c->server_type));
+	}		
+	
+	DEBUG(4,(" session setup ok\n"));
+
+	if (!cli_send_tconX(c, sharename, "?????",
+			    password, strlen(password)+1)) {
+		d_printf("tree connect failed: %s\n", cli_errstr(c));
+		cli_shutdown(c);
+		return NULL;
+	}
+
+	DEBUG(4,(" tconx ok\n"));
+
+	return c;
 }
 
+
 /****************************************************************************
   process commands from the client
 ****************************************************************************/
-BOOL process(char *base_directory)
+static int process(char *base_directory)
 {
-  extern FILE *dbf;
-  pstring line;
+	int rc = 0;
 
-  char *InBuffer = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
-  char *OutBuffer = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
+	cli = do_connect(desthost, service);
+	if (!cli) {
+		return 1;
+	}
 
-  if ((InBuffer == NULL) || (OutBuffer == NULL)) 
-    return(False);
+	if (*base_directory) do_cd(base_directory);
+	
+	if (cmdstr) {
+		rc = process_command_string(cmdstr);
+	} else {
+		process_stdin();
+	}
   
-  bzero(OutBuffer,smb_size);
-
-  if (!send_login(InBuffer,OutBuffer,True,True))
-    return(False);
+	cli_shutdown(cli);
+	return rc;
+}
 
-  if (*base_directory) do_cd(base_directory);
+/****************************************************************************
+usage on the program
+****************************************************************************/
+static void usage(char *pname)
+{
+  d_printf("Usage: %s service <password> [options]", pname);
+
+  d_printf("\nVersion %s\n",VERSION);
+  d_printf("\t-s smb.conf           pathname to smb.conf file\n");
+  d_printf("\t-O socket_options     socket options to use\n");
+  d_printf("\t-R name resolve order use these name resolution services only\n");
+  d_printf("\t-M host               send a winpopup message to the host\n");
+  d_printf("\t-i scope              use this NetBIOS scope\n");
+  d_printf("\t-N                    don't ask for a password\n");
+  d_printf("\t-n netbios name.      Use this name as my netbios name\n");
+  d_printf("\t-d debuglevel         set the debuglevel\n");
+  d_printf("\t-P                    connect to service as a printer\n");
+  d_printf("\t-p port               connect to the specified port\n");
+  d_printf("\t-l log basename.      Basename for log/debug files\n");
+  d_printf("\t-h                    Print this help message.\n");
+  d_printf("\t-I dest IP            use this IP to connect to\n");
+  d_printf("\t-E                    write messages to stderr instead of stdout\n");
+  d_printf("\t-k                    use kerberos (active directory) authentication\n");
+  d_printf("\t-U username           set the network username\n");
+  d_printf("\t-L host               get a list of shares available on a host\n");
+  d_printf("\t-t terminal code      terminal i/o code {sjis|euc|jis7|jis8|junet|hex}\n");
+  d_printf("\t-m max protocol       set the max protocol level\n");
+  d_printf("\t-A filename           get the credentials from a file\n");
+  d_printf("\t-W workgroup          set the workgroup name\n");
+  d_printf("\t-T<c|x>IXFqgbNan      command line tar\n");
+  d_printf("\t-D directory          start from directory\n");
+  d_printf("\t-c command string     execute semicolon separated commands\n");
+  d_printf("\t-b xmit/send buffer   changes the transmit/send buffer (default: 65520)\n");
+  d_printf("\n");
+}
+
+
+/****************************************************************************
+get a password from a a file or file descriptor
+exit on failure
+****************************************************************************/
+static void get_password_file(void)
+{
+	int fd = -1;
+	char *p;
+	BOOL close_it = False;
+	pstring spec;
+	char pass[128];
+		
+	if ((p = getenv("PASSWD_FD")) != NULL) {
+		pstrcpy(spec, "descriptor ");
+		pstrcat(spec, p);
+		sscanf(p, "%d", &fd);
+		close_it = False;
+	} else if ((p = getenv("PASSWD_FILE")) != NULL) {
+		fd = sys_open(p, O_RDONLY, 0);
+		pstrcpy(spec, p);
+		if (fd < 0) {
+			fprintf(stderr, "Error opening PASSWD_FILE %s: %s\n",
+				spec, strerror(errno));
+			exit(1);
+		}
+		close_it = True;
+	}
 
-  while (!feof(stdin))
-    {
-      fstring tok;
-      int i;
+	for(p = pass, *p = '\0'; /* ensure that pass is null-terminated */
+	    p && p - pass < sizeof(pass);) {
+		switch (read(fd, p, 1)) {
+		case 1:
+			if (*p != '\n' && *p != '\0') {
+				*++p = '\0'; /* advance p, and null-terminate pass */
+				break;
+			}
+		case 0:
+			if (p - pass) {
+				*p = '\0'; /* null-terminate it, just in case... */
+				p = NULL; /* then force the loop condition to become false */
+				break;
+			} else {
+				fprintf(stderr, "Error reading password from file %s: %s\n",
+					spec, "empty password\n");
+				exit(1);
+			}
+			
+		default:
+			fprintf(stderr, "Error reading password from file %s: %s\n",
+				spec, strerror(errno));
+			exit(1);
+		}
+	}
+	pstrcpy(password, pass);
+	if (close_it)
+		close(fd);
+}	
 
-      bzero(OutBuffer,smb_size);
 
-      /* display a prompt */
-      DEBUG(1,("smb: %s> ", CNV_LANG(cur_dir)));
-      fflush(dbf);
 
-#ifdef CLIX
-      line[0] = wait_keyboard(InBuffer);
-      /* this might not be such a good idea... */
-      if ( line[0] == EOF)
-	break;
-#else
-      wait_keyboard(InBuffer);
-#endif
-  
-      /* and get a response */
-#ifdef CLIX
-      fgets( &line[1],999, stdin);
-#else
-      if (!fgets(line,1000,stdin))
-	break;
-#endif
+/****************************************************************************
+handle a -L query
+****************************************************************************/
+static int do_host_query(char *query_host)
+{
+	cli = do_connect(query_host, "IPC$");
+	if (!cli)
+		return 1;
 
-      /* input language code to internal one */
-      CNV_INPUT (line);
+	browse_host(True);
+	list_servers(workgroup);
 
-      /* special case - first char is ! */
-      if (*line == '!')
-	{
-	  system(line + 1);
-	  continue;
-	}
-      
-      /* and get the first part of the command */
-      {
-	char *ptr = line;
-	if (!next_token(&ptr,tok,NULL)) continue;
-      }
-
-      if ((i = process_tok(tok)) >= 0)
-	commands[i].fn(InBuffer,OutBuffer);
-      else if (i == -2)
-	DEBUG(0,("%s: command abbreviation ambiguous\n",CNV_LANG(tok)));
-      else
-	DEBUG(0,("%s: command not found\n",CNV_LANG(tok)));
-    }
-  
-  send_logout();
-  return(True);
+	cli_shutdown(cli);
+	
+	return(0);
 }
 
 
 /****************************************************************************
-usage on the program
+handle a tar operation
 ****************************************************************************/
-void usage(char *pname)
+static int do_tar_op(char *base_directory)
 {
-  DEBUG(0,("Usage: %s service <password> [-p port] [-d debuglevel] [-l log] ",
-	   pname));
+	int ret;
+	cli = do_connect(desthost, service);
+	if (!cli)
+		return 1;
 
-#ifdef KANJI
-  DEBUG(0,("[-t termcode] "));
-#endif /* KANJI */
+	recurse=True;
 
-  DEBUG(0,("\nVersion %s\n",VERSION));
-  DEBUG(0,("\t-p port               listen on the specified port\n"));
-  DEBUG(0,("\t-d debuglevel         set the debuglevel\n"));
-  DEBUG(0,("\t-l log basename.      Basename for log/debug files\n"));
-  DEBUG(0,("\t-n netbios name.      Use this name as my netbios name\n"));
-  DEBUG(0,("\t-N                    don't ask for a password\n"));
-  DEBUG(0,("\t-P                    connect to service as a printer\n"));
-  DEBUG(0,("\t-M host               send a winpopup message to the host\n"));
-  DEBUG(0,("\t-m max protocol       set the max protocol level\n"));
-  DEBUG(0,("\t-L host               get a list of shares available on a host\n"));
-  DEBUG(0,("\t-I dest IP            use this IP to connect to\n"));
-  DEBUG(0,("\t-E                    write messages to stderr instead of stdout\n"));
-  DEBUG(0,("\t-U username           set the network username\n"));
-  DEBUG(0,("\t-W workgroup          set the workgroup name\n"));
-#ifdef KANJI
-  DEBUG(0,("\t-t terminal code      terminal i/o code {sjis|euc|jis7|jis8|junet|hex}\n"));
-#endif /* KANJI */
-  DEBUG(0,("\t-T<c|x>IXgbNa          command line tar\n"));
-  DEBUG(0,("\t-D directory          start from directory\n"));
-  DEBUG(0,("\n"));
-}
+	if (*base_directory) do_cd(base_directory);
+	
+	ret=process_tar();
 
+	cli_shutdown(cli);
 
+	return(ret);
+}
 
 /****************************************************************************
-  main program
+handle a message operation
 ****************************************************************************/
-int main(int argc,char *argv[])
+static int do_message_op(void)
 {
-  fstring base_directory;
-  char *pname = argv[0];
-  int port = 139;
-  int opt;
-  extern FILE *dbf;
-  extern char *optarg;
-  extern int optind;
-  pstring query_host;
-  BOOL message = False;
-  extern char tar_type;
-
-  *query_host = 0;
-  *base_directory = 0;
-
-  DEBUGLEVEL = 2;
-
-  setup_logging(pname,True);
-
-  TimeInit();
-  charset_initialise();
-
-  pid = getpid();
-  uid = getuid();
-  gid = getgid();
-  mid = pid + 100;
-  myumask = umask(0);
-  umask(myumask);
-
-  if (getenv("USER"))
-    {
-      strcpy(username,getenv("USER"));
-      strupper(username);
-    }
-
-  if (*username == 0 && getenv("LOGNAME"))
-    {
-      strcpy(username,getenv("LOGNAME"));
-      strupper(username);
-    }
-
-  if (argc < 2)
-    {
-      usage(pname);
-      exit(1);
-    }
-  
-  if (*argv[1] != '-')
-    {
+	struct in_addr ip;
+	struct nmb_name called, calling;
 
-      strcpy(service,argv[1]);  
-      argc--;
-      argv++;
+        zero_ip(&ip);
 
-      if (count_chars(service,'\\') < 3)
-	{
-	  usage(pname);
-	  printf("\n%s: Not enough '\\' characters in service\n",service);
-	  exit(1);
-	}
+	make_nmb_name(&calling, global_myname, 0x0);
+	make_nmb_name(&called , desthost, name_type);
 
-/*
-      if (count_chars(service,'\\') > 3)
-	{
-	  usage(pname);
-	  printf("\n%s: Too many '\\' characters in service\n",service);
-	  exit(1);
-	}
-	*/
+        zero_ip(&ip);
+	if (have_ip) ip = dest_ip;
 
-      if (argc > 1 && (*argv[1] != '-'))
-	{
-	  got_pass = True;
-	  strcpy(password,argv[1]);  
-	  memset(argv[1],'X',strlen(argv[1]));
-	  argc--;
-	  argv++;
+	if (!(cli=cli_initialise(NULL)) || (cli_set_port(cli, port) != port) || !cli_connect(cli, desthost, &ip)) {
+		d_printf("Connection to %s failed\n", desthost);
+		return 1;
 	}
-    }
 
-#ifdef KANJI
-  setup_term_code (KANJI);
-  while ((opt = getopt (argc, argv, "B:O:M:i:Nn:d:Pp:l:hI:EB:U:L:t:m:W:T:D:")) != EOF)
-#else
-  while ((opt = getopt (argc, argv, "B:O:M:i:Nn:d:Pp:l:hI:EB:U:L:m:W:T:D:")) != EOF)
-#endif /* KANJI */
-    switch (opt)
-      {
-      case 'm':
-	max_protocol = interpret_protocol(optarg,max_protocol);
-	break;
-      case 'O':
-	strcpy(user_socket_options,optarg);
-	break;	
-      case 'M':
-	name_type = 3;
-	strcpy(desthost,optarg);
-	strupper(desthost);
-	message = True;
-	break;
-      case 'B':
-	bcast_ip = *interpret_addr2(optarg);
-	got_bcast = True;
-	break;
-      case 'D':
-	strcpy(base_directory,optarg);
-	break;
-      case 'T':
-	if (!tar_parseargs(argc, argv, optarg, optind)) {
-	  usage(pname);
-	  exit(1);
+	if (!cli_session_request(cli, &calling, &called)) {
+		d_printf("session request failed\n");
+		cli_shutdown(cli);
+		return 1;
 	}
-	break;
-      case 'i':
-	strcpy(scope,optarg);
-	break;
-      case 'L':
-	got_pass = True;
-	strcpy(query_host,optarg);
-	break;
-      case 'U':
-	{
-	  char *p;
-	strcpy(username,optarg);
-	if ((p=strchr(username,'%')))
-	  {
-	    *p = 0;
-	    strcpy(password,p+1);
-	    got_pass = True;
-	    memset(strchr(optarg,'%')+1,'X',strlen(password));
-	  }
-	}
-	    
-	break;
-      case 'W':
-	strcpy(workgroup,optarg);
-	break;
-      case 'E':
-	dbf = stderr;
-	break;
-      case 'I':
-	{
-	  dest_ip = *interpret_addr2(optarg);
-	  if (zero_ip(dest_ip)) exit(1);
-	  have_ip = True;
+
+	send_message();
+	cli_shutdown(cli);
+
+	return 0;
+}
+
+
+/**
+ * Process "-L hostname" option.
+ *
+ * We don't actually do anything yet -- we just stash the name in a
+ * global variable and do the query when all options have been read.
+ **/
+static void remember_query_host(const char *arg,
+				pstring query_host)
+{
+	char *slash;
+	
+	while (*arg == '\\' || *arg == '/')
+		arg++;
+	pstrcpy(query_host, arg);
+	if ((slash = strchr(query_host, '/'))
+	    || (slash = strchr(query_host, '\\'))) {
+		*slash = 0;
 	}
-	break;
-      case 'n':
-	strcpy(myname,optarg);
-	break;
-      case 'N':
-	got_pass = True;
-	break;
-      case 'P':
-	connect_as_printer = True;
-	break;
-      case 'd':
-	if (*optarg == 'A')
-	  DEBUGLEVEL = 10000;
-	else
-	  DEBUGLEVEL = atoi(optarg);
-	break;
-      case 'l':
-	sprintf(debugf,"%s.client",optarg);
-	break;
-      case 'p':
-	port = atoi(optarg);
-	break;
-      case 'h':
-	usage(pname);
-	exit(0);
-	break;
+}
+
+
+/****************************************************************************
+  main program
+****************************************************************************/
+ int main(int argc,char *argv[])
+{
+	fstring base_directory;
+	char *pname = argv[0];
+	int opt;
+	extern char *optarg;
+	extern int optind;
+	int old_debug;
+	pstring query_host;
+	BOOL message = False;
+	extern char tar_type;
+	pstring term_code;
+	pstring new_name_resolve_order;
+	pstring logfile;
+	char *p;
+	int rc = 0;
+
 #ifdef KANJI
-      case 't':
-	if (!setup_term_code (optarg)) {
-	    DEBUG(0, ("%s: unknown terminal code name\n", optarg));
-	    usage (pname);
-	    exit (1);
-	}
-	break;
+	pstrcpy(term_code, KANJI);
+#else /* KANJI */
+	*term_code = 0;
 #endif /* KANJI */
-      default:
-	usage(pname);
-	exit(1);
-      }
 
-  if (!tar_type && !*query_host && !*service && !message)
-    {
-      usage(pname);
-      exit(1);
-    }
+	*query_host = 0;
+	*base_directory = 0;
 
+	*new_name_resolve_order = 0;
 
-  DEBUG(3,("%s client started (version %s)\n",timestring(),VERSION));
+	DEBUGLEVEL = 2;
+	AllowDebugChange = False;
+ 
+	setup_logging(pname,True);
+
+	/*
+	 * If the -E option is given, be careful not to clobber stdout
+	 * before processing the options.  28.Feb.99, richard@hacom.nl.
+	 * Also pre-parse the -s option to get the service file name.
+	 */
+
+	for (opt = 1; opt < argc; opt++) {
+		if (strcmp(argv[opt], "-E") == 0)
+			dbf = x_stderr;
+		else if(strncmp(argv[opt], "-s", 2) == 0) {
+			if(argv[opt][2] != '\0')
+				pstrcpy(dyn_CONFIGFILE, &argv[opt][2]);
+			else if(argv[opt+1] != NULL) {
+				/*
+				 * At least one more arg left.
+				 */
+				pstrcpy(dyn_CONFIGFILE, argv[opt+1]);
+			} else {
+				usage(pname);
+				exit(1);
+			}
+		}
+	}
 
-  get_myname(*myname?NULL:myname,&myip);  
-  strupper(myname);
+	in_client = True;   /* Make sure that we tell lp_load we are */
 
-  if (tar_type) {
-    recurse=True;
+	old_debug = DEBUGLEVEL;
+	if (!lp_load(dyn_CONFIGFILE,True,False,False)) {
+		fprintf(stderr, "%s: Can't load %s - run testparm to debug it\n",
+			prog_name, dyn_CONFIGFILE);
+	}
+	DEBUGLEVEL = old_debug;
+	
+#ifdef WITH_SSL
+	sslutil_init(0);
+#endif
 
-    if (open_sockets(port)) {
-        char *InBuffer = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
-	char *OutBuffer = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
-	int ret;
+	pstrcpy(workgroup,lp_workgroup());
 
-	if ((InBuffer == NULL) || (OutBuffer == NULL)) 
-	  return(1);
+	load_interfaces();
+	myumask = umask(0);
+	umask(myumask);
 
-	bzero(OutBuffer,smb_size);
-	if (!send_login(InBuffer,OutBuffer,True,True))
-	  return(False);
+	if (getenv("USER")) {
+		pstrcpy(username,getenv("USER"));
 
-	if (*base_directory) do_cd(base_directory);
+		/* modification to support userid%passwd syntax in the USER var
+		   25.Aug.97, jdblair@uab.edu */
 
-	ret=process_tar(InBuffer, OutBuffer);
+		if ((p=strchr_m(username,'%'))) {
+			*p = 0;
+			pstrcpy(password,p+1);
+			got_pass = True;
+			memset(strchr_m(getenv("USER"),'%')+1,'X',strlen(password));
+		}
+		strupper(username);
+	}
 
-	send_logout();
-	close_sockets();
-	return(ret);
-    } else
-      return(1);
-  }
-  
-  if (*query_host)
-    {
-      int ret = 0;
-      sprintf(service,"\\\\%s\\IPC$",query_host);
-      strupper(service);
-      connect_as_ipc = True;
-      if (open_sockets(port))
-	{
-#if 0
-	  *username = 0;
-#endif
-	  if (!send_login(NULL,NULL,True,True))
-	    return(1);
-
-	  server_info();
-	  if (!browse_host(True)) {
-	    sleep(1);
-	    browse_host(True);
-	  }
-	  if (!list_servers()) {
-	    sleep(1);
-	    list_servers();
-	  }
-
-	  send_logout();
-	  close_sockets();
+	/* modification to support PASSWD environmental var
+	   25.Aug.97, jdblair@uab.edu */
+	if (getenv("PASSWD")) {
+		pstrcpy(password,getenv("PASSWD"));
+		got_pass = True;
 	}
 
-      return(ret);
-    }
+	if (getenv("PASSWD_FD") || getenv("PASSWD_FILE")) {
+		get_password_file();
+		got_pass = True;
+	}
 
-  if (message)
-    {
-      int ret = 0;
-      if (open_sockets(port))
-	{
-	  pstring inbuf,outbuf;
-	  bzero(outbuf,smb_size);
-	  if (!send_session_request(inbuf,outbuf))
-	    return(1);
+	if (*username == 0 && getenv("LOGNAME")) {
+		pstrcpy(username,getenv("LOGNAME"));
+		strupper(username);
+	}
 
-	  send_message(inbuf,outbuf);
+	if (*username == 0) {
+		pstrcpy(username,"GUEST");
+	}
 
-	  close_sockets();
+	if (argc < 2) {
+		usage(pname);
+		exit(1);
 	}
 
-      return(ret);
-    }
+	/* FIXME: At the moment, if the user should happen to give the
+	 * options ahead of the service name (in standard Unix
+	 * fashion) then smbclient just spits out the usage message
+	 * with no explanation of what in particular was wrong.  Is
+	 * there any reason we can't just parse out the service name
+	 * and password after running getopt?? -- mbp */
+	if (*argv[1] != '-') {
+		pstrcpy(service,argv[1]);  
+		/* Convert any '/' characters in the service name to '\' characters */
+		string_replace( service, '/','\\');
+		argc--;
+		argv++;
+		
+		if (count_chars(service,'\\') < 3) {
+			usage(pname);
+			d_printf("\n%s: Not enough '\\' characters in service\n",service);
+			exit(1);
+		}
 
-  if (open_sockets(port))
-    {
-      if (!process(base_directory))
-	{
-	  close_sockets();
-	  return(1);
+		if (argc > 1 && (*argv[1] != '-')) {
+			got_pass = True;
+			pstrcpy(password,argv[1]);  
+			memset(argv[1],'X',strlen(argv[1]));
+			argc--;
+			argv++;
+		}
 	}
-      close_sockets();
-    }
-  else
-    return(1);
 
-  return(0);
-}
+	while ((opt = 
+		getopt(argc, argv,"s:O:R:M:i:Nn:d:Pp:l:hI:EU:L:t:m:W:T:D:c:b:A:k")) != EOF) {
+		switch (opt) {
+		case 's':
+			pstrcpy(dyn_CONFIGFILE, optarg);
+			break;
+		case 'O':
+			pstrcpy(user_socket_options,optarg);
+			break;	
+		case 'R':
+			pstrcpy(new_name_resolve_order, optarg);
+			break;
+		case 'M':
+			name_type = 0x03; /* messages are sent to NetBIOS name type 0x3 */
+			pstrcpy(desthost,optarg);
+			message = True;
+			break;
+		case 'i':
+			{
+				extern pstring global_scope;
+				pstrcpy(global_scope,optarg);
+				strupper(global_scope);
+			}
+			break;
+		case 'N':
+			got_pass = True;
+			break;
+		case 'n':
+			pstrcpy(global_myname,optarg);
+			break;
+		case 'd':
+			if (*optarg == 'A')
+				DEBUGLEVEL = 10000;
+			else
+				DEBUGLEVEL = atoi(optarg);
+			break;
+		case 'P':
+			/* not needed anymore */
+			break;
+		case 'p':
+			port = atoi(optarg);
+			break;
+		case 'l':
+			slprintf(logfile,sizeof(logfile)-1, "%s.client",optarg);
+			lp_set_logfile(logfile);
+			break;
+		case 'h':
+			usage(pname);
+			exit(0);
+			break;
+		case 'I':
+			{
+				dest_ip = *interpret_addr2(optarg);
+				if (is_zero_ip(dest_ip))
+					exit(1);
+				have_ip = True;
+			}
+			break;
+		case 'E':
+			display_set_stderr();
+			dbf = x_stderr;
+			break;
+		case 'U':
+			{
+				char *lp;
+				pstrcpy(username,optarg);
+				if ((lp=strchr_m(username,'%'))) {
+					*lp = 0;
+					pstrcpy(password,lp+1);
+					got_pass = True;
+					memset(strchr_m(optarg,'%')+1,'X',strlen(password));
+				}
+			}
+			break;
+
+		case 'A':
+			{
+ 	 			XFILE *auth;
+        	                fstring buf;
+                        	uint16 len = 0;
+				char *ptr, *val, *param;
+                               
+	                        if ((auth=x_fopen(optarg, O_RDONLY, 0)) == NULL)
+				{
+					/* fail if we can't open the credentials file */
+					d_printf("ERROR: Unable to open credentials file!\n");
+					exit (-1);
+				}
+                                
+				while (!x_feof(auth))
+				{  
+					/* get a line from the file */
+					if (!x_fgets(buf, sizeof(buf), auth))
+						continue;
+					len = strlen(buf);
+					
+					if ((len) && (buf[len-1]=='\n'))
+					{
+						buf[len-1] = '\0';
+						len--;
+					}	
+					if (len == 0)
+						continue;
+					
+					/* break up the line into parameter & value.
+					   will need to eat a little whitespace possibly */
+					param = buf;
+					if (!(ptr = strchr_m (buf, '=')))
+						continue;
+					val = ptr+1;
+					*ptr = '\0';
+					
+					/* eat leading white space */
+					while ((*val!='\0') && ((*val==' ') || (*val=='\t')))
+						val++;
+					
+					if (strwicmp("password", param) == 0)
+					{
+						pstrcpy(password, val);
+						got_pass = True;
+					}
+					else if (strwicmp("username", param) == 0)
+						pstrcpy(username, val);
+					else if (strwicmp("domain", param) == 0)
+						pstrcpy(workgroup,val);
+					memset(buf, 0, sizeof(buf));
+				}
+				x_fclose(auth);
+			}
+			break;
+
+		case 'L':
+			remember_query_host(optarg, query_host);
+			break;
+		case 't':
+			pstrcpy(term_code, optarg);
+			break;
+		case 'm':
+			max_protocol = interpret_protocol(optarg, max_protocol);
+			break;
+		case 'W':
+			pstrcpy(workgroup,optarg);
+			break;
+		case 'T':
+			if (!tar_parseargs(argc, argv, optarg, optind)) {
+				usage(pname);
+				exit(1);
+			}
+			break;
+		case 'D':
+			pstrcpy(base_directory,optarg);
+			break;
+		case 'c':
+			cmdstr = optarg;
+			break;
+		case 'b':
+			io_bufsize = MAX(1, atoi(optarg));
+			break;
+		case 'k':
+#ifdef HAVE_KRB5
+			use_kerberos = True;
+			got_pass = True;
+#else
+			d_printf("No kerberos support compiled in\n");
+			exit(1);
+#endif
+			break;
+		default:
+			usage(pname);
+			exit(1);
+		}
+	}
 
+	get_myname((*global_myname)?NULL:global_myname);  
 
-/* error code stuff - put together by Merik Karman
-   merik@blackadder.dsh.oz.au */
+	if(*new_name_resolve_order)
+		lp_set_name_resolve_order(new_name_resolve_order);
 
-typedef struct
-{
-  char *name;
-  int code;
-  char *message;
-} err_code_struct;
-
-/* Dos Error Messages */
-err_code_struct dos_msgs[] = {
-  {"ERRbadfunc",1,"Invalid function."},
-  {"ERRbadfile",2,"File not found."},
-  {"ERRbadpath",3,"Directory invalid."},
-  {"ERRnofids",4,"No file descriptors available"},
-  {"ERRnoaccess",5,"Access denied."},
-  {"ERRbadfid",6,"Invalid file handle."},
-  {"ERRbadmcb",7,"Memory control blocks destroyed."},
-  {"ERRnomem",8,"Insufficient server memory to perform the requested function."},
-  {"ERRbadmem",9,"Invalid memory block address."},
-  {"ERRbadenv",10,"Invalid environment."},
-  {"ERRbadformat",11,"Invalid format."},
-  {"ERRbadaccess",12,"Invalid open mode."},
-  {"ERRbaddata",13,"Invalid data."},
-  {"ERR",14,"reserved."},
-  {"ERRbaddrive",15,"Invalid drive specified."},
-  {"ERRremcd",16,"A Delete Directory request attempted  to  remove  the  server's  current directory."},
-  {"ERRdiffdevice",17,"Not same device."},
-  {"ERRnofiles",18,"A File Search command can find no more files matching the specified criteria."},
-  {"ERRbadshare",32,"The sharing mode specified for an Open conflicts with existing  FIDs  on the file."},
-  {"ERRlock",33,"A Lock request conflicted with an existing lock or specified an  invalid mode,  or an Unlock requested attempted to remove a lock held by another process."},
-  {"ERRfilexists",80,"The file named in a Create Directory, Make  New  File  or  Link  request already exists."},
-  {"ERRbadpipe",230,"Pipe invalid."},
-  {"ERRpipebusy",231,"All instances of the requested pipe are busy."},
-  {"ERRpipeclosing",232,"Pipe close in progress."},
-  {"ERRnotconnected",233,"No process on other end of pipe."},
-  {"ERRmoredata",234,"There is more data to be returned."},
-  {"ERRinvgroup",2455,"Invalid workgroup (try the -W option)"},
-  {NULL,-1,NULL}};
-
-/* Server Error Messages */
-err_code_struct server_msgs[] = {
-  {"ERRerror",1,"Non-specific error code."},
-  {"ERRbadpw",2,"Bad password - name/password pair in a Tree Connect or Session Setup are invalid."},
-  {"ERRbadtype",3,"reserved."},
-  {"ERRaccess",4,"The requester does not have  the  necessary  access  rights  within  the specified  context for the requested function. The context is defined by the TID or the UID."},
-  {"ERRinvnid",5,"The tree ID (TID) specified in a command was invalid."},
-  {"ERRinvnetname",6,"Invalid network name in tree connect."},
-  {"ERRinvdevice",7,"Invalid device - printer request made to non-printer connection or  non-printer request made to printer connection."},
-  {"ERRqfull",49,"Print queue full (files) -- returned by open print file."},
-  {"ERRqtoobig",50,"Print queue full -- no space."},
-  {"ERRqeof",51,"EOF on print queue dump."},
-  {"ERRinvpfid",52,"Invalid print file FID."},
-  {"ERRsmbcmd",64,"The server did not recognize the command received."},
-  {"ERRsrverror",65,"The server encountered an internal error, e.g., system file unavailable."},
-  {"ERRfilespecs",67,"The file handle (FID) and pathname parameters contained an invalid  combination of values."},
-  {"ERRreserved",68,"reserved."},
-  {"ERRbadpermits",69,"The access permissions specified for a file or directory are not a valid combination.  The server cannot set the requested attribute."},
-  {"ERRreserved",70,"reserved."},
-  {"ERRsetattrmode",71,"The attribute mode in the Set File Attribute request is invalid."},
-  {"ERRpaused",81,"Server is paused."},
-  {"ERRmsgoff",82,"Not receiving messages."},
-  {"ERRnoroom",83,"No room to buffer message."},
-  {"ERRrmuns",87,"Too many remote user names."},
-  {"ERRtimeout",88,"Operation timed out."},
-  {"ERRnoresource",89,"No resources currently available for request."},
-  {"ERRtoomanyuids",90,"Too many UIDs active on this session."},
-  {"ERRbaduid",91,"The UID is not known as a valid ID on this session."},
-  {"ERRusempx",250,"Temp unable to support Raw, use MPX mode."},
-  {"ERRusestd",251,"Temp unable to support Raw, use standard read/write."},
-  {"ERRcontmpx",252,"Continue in MPX mode."},
-  {"ERRreserved",253,"reserved."},
-  {"ERRreserved",254,"reserved."},
-  {"ERRnosupport",0xFFFF,"Function not supported."},
-  {NULL,-1,NULL}};
-
-/* Hard Error Messages */
-err_code_struct hard_msgs[] = {
-  {"ERRnowrite",19,"Attempt to write on write-protected diskette."},
-  {"ERRbadunit",20,"Unknown unit."},
-  {"ERRnotready",21,"Drive not ready."},
-  {"ERRbadcmd",22,"Unknown command."},
-  {"ERRdata",23,"Data error (CRC)."},
-  {"ERRbadreq",24,"Bad request structure length."},
-  {"ERRseek",25 ,"Seek error."},
-  {"ERRbadmedia",26,"Unknown media type."},
-  {"ERRbadsector",27,"Sector not found."},
-  {"ERRnopaper",28,"Printer out of paper."},
-  {"ERRwrite",29,"Write fault."},
-  {"ERRread",30,"Read fault."},
-  {"ERRgeneral",31,"General failure."},
-  {"ERRbadshare",32,"A open conflicts with an existing open."},
-  {"ERRlock",33,"A Lock request conflicted with an existing lock or specified an invalid mode, or an Unlock requested attempted to remove a lock held by another process."},
-  {"ERRwrongdisk",34,"The wrong disk was found in a drive."},
-  {"ERRFCBUnavail",35,"No FCBs are available to process request."},
-  {"ERRsharebufexc",36,"A sharing buffer has been exceeded."},
-  {NULL,-1,NULL}};
+	if (!tar_type && !*query_host && !*service && !message) {
+		usage(pname);
+		exit(1);
+	}
 
+	DEBUG( 3, ( "Client started (version %s).\n", VERSION ) );
 
-struct
-{
-  int code;
-  char *class;
-  err_code_struct *err_msgs;
-} err_classes[] = { 
-  {0,"SUCCESS",NULL},
-  {0x01,"ERRDOS",dos_msgs},
-  {0x02,"ERRSRV",server_msgs},
-  {0x03,"ERRHRD",hard_msgs},
-  {0x04,"ERRXOS",NULL},
-  {0xE1,"ERRRMX1",NULL},
-  {0xE2,"ERRRMX2",NULL},
-  {0xE3,"ERRRMX3",NULL},
-  {0xFF,"ERRCMD",NULL},
-  {-1,NULL,NULL}};
+	if (tar_type) {
+		if (cmdstr)
+			process_command_string(cmdstr);
+		return do_tar_op(base_directory);
+	}
 
+	if ((p=strchr_m(query_host,'#'))) {
+		*p = 0;
+		p++;
+		sscanf(p, "%x", &name_type);
+	}
+  
+	if (*query_host) {
+		return do_host_query(query_host);
+	}
 
-/****************************************************************************
-return a SMB error string from a SMB buffer
-****************************************************************************/
-char *smb_errstr(char *inbuf)
-{
-  static pstring ret;
-  int class = CVAL(inbuf,smb_rcls);
-  int num = SVAL(inbuf,smb_err);
-  int i,j;
-
-  for (i=0;err_classes[i].class;i++)
-    if (err_classes[i].code == class)
-      {
-	if (err_classes[i].err_msgs)
-	  {
-	    err_code_struct *err = err_classes[i].err_msgs;
-	    for (j=0;err[j].name;j++)
-	      if (num == err[j].code)
-		{
-		  if (DEBUGLEVEL > 0)
-		    sprintf(ret,"%s - %s (%s)",err_classes[i].class,
-			    err[j].name,err[j].message);
-		  else
-		    sprintf(ret,"%s - %s",err_classes[i].class,err[j].name);
-		  return ret;
-		}
-	  }
+	if (message) {
+		return do_message_op();
+	}
+	
+	if (process(base_directory)) {
+		return 1;
+	}
 
-	sprintf(ret,"%s - %d",err_classes[i].class,num);
-	return ret;
-      }
-  
-  sprintf(ret,"ERROR: Unknown error (%d,%d)",class,num);
-  return(ret);
+	return rc;
 }
diff --git a/source3/client/clitar.c b/source3/client/clitar.c
index 1433ec5941..9fa3750b0c 100644
--- a/source3/client/clitar.c
+++ b/source3/client/clitar.c
@@ -1,8 +1,8 @@
 /* 
-   Unix SMB/Netbios implementation.
-   Version 1.9.
+   Unix SMB/CIFS implementation.
    Tar Extensions
-   Copyright (C) Ricky Poulten 1995
+   Copyright (C) Ricky Poulten 1995-1998
+   Copyright (C) Richard Sharpe 1998
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -18,100 +18,181 @@
    along with this program; if not, write to the Free Software
    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */
+/* The following changes developed by Richard Sharpe for Canon Information
+   Systems Research Australia (CISRA)
+
+   1. Restore can now restore files with long file names
+   2. Save now saves directory information so that we can restore 
+      directory creation times
+   3. tar now accepts both UNIX path names and DOS path names. I prefer
+      those lovely /'s to those UGLY \'s :-)
+   4. the files to exclude can be specified as a regular expression by adding
+      an r flag to the other tar flags. Eg:
+
+         -TcrX file.tar "*.(obj|exe)"
+
+      will skip all .obj and .exe files
+*/
 
 
 #include "includes.h"
 #include "clitar.h"
 
-extern void setup_pkt(char *outbuf);
-extern BOOL reopen_connection(char *inbuf,char *outbuf);
-extern void do_dir(char *inbuf,char *outbuf,char *Mask,int attribute,void (*fn)(),BOOL recurse_dir);
+static int clipfind(char **aret, int ret, char *tok);
+
+typedef struct file_info_struct file_info2;
 
-int tar_parseargs(int argc, char *argv[], char *Optarg, int Optind);
+struct file_info_struct
+{
+  size_t size;
+  uint16 mode;
+  int uid;
+  int gid;
+  /* These times are normally kept in GMT */
+  time_t mtime;
+  time_t atime;
+  time_t ctime;
+  char *name;     /* This is dynamically allocate */
+
+  file_info2 *next, *prev;  /* Used in the stack ... */
+
+};
+
+typedef struct
+{
+  file_info2 *top;
+  int items;
 
-extern BOOL recurse;
+} stack;
+
+stack dir_stack = {NULL, 0}; /* Want an empty stack */
 
 #define SEPARATORS " \t\n\r"
-extern int DEBUGLEVEL;
-extern int Client;
+extern struct cli_state *cli;
 
 /* These defines are for the do_setrattr routine, to indicate
  * setting and reseting of file attributes in the function call */
 #define ATTRSET 1
 #define ATTRRESET 0
 
-static int attribute = aDIR | aSYSTEM | aHIDDEN;
+static uint16 attribute = aDIR | aSYSTEM | aHIDDEN;
 
 #ifndef CLIENT_TIMEOUT
 #define CLIENT_TIMEOUT (30*1000)
 #endif
 
-static char *tarbuf;
+static char *tarbuf, *buffer_p;
 static int tp, ntarf, tbufsiz;
+static double ttarf;
 /* Incremental mode */
 BOOL tar_inc=False;
 /* Reset archive bit */
 BOOL tar_reset=False;
 /* Include / exclude mode (true=include, false=exclude) */
 BOOL tar_excl=True;
+/* use regular expressions for search on file names */
+BOOL tar_re_search=False;
+#ifdef HAVE_REGEX_H
+regex_t *preg;
+#endif
+/* Do not dump anything, just calculate sizes */
+BOOL dry_run=False;
+/* Dump files with System attribute */
+BOOL tar_system=True;
+/* Dump files with Hidden attribute */
+BOOL tar_hidden=True;
+/* Be noisy - make a catalogue */
+BOOL tar_noisy=True;
+BOOL tar_real_noisy=False;  /* Don't want to be really noisy by default */
+
 char tar_type='\0';
 static char **cliplist=NULL;
 static int clipn=0;
+static BOOL must_free_cliplist = False;
 
 extern file_info def_finfo;
 extern BOOL lowercase;
-extern int cnum;
+extern uint16 cnum;
 extern BOOL readbraw_supported;
 extern int max_xmit;
 extern pstring cur_dir;
 extern int get_total_time_ms;
 extern int get_total_size;
-extern int Protocol;
 
 int blocksize=20;
 int tarhandle;
 
-static void writetarheader();
-static void do_atar();
-static void do_tar();
-static void oct_it();
-static void fixtarname();
-static int dotarbuf();
-static void dozerobuf();
-static void dotareof();
-static void initarbuf();
-static int do_setrattr();
-void cmd_tar();
-int process_tar();
-char **toktocliplist();
-int clipfind();
+static void writetarheader(int f,  char *aname, int size, time_t mtime,
+			   char *amode, unsigned char ftype);
+static void do_atar(char *rname,char *lname,file_info *finfo1);
+static void do_tar(file_info *finfo);
+static void oct_it(long value, int ndgs, char *p);
+static void fixtarname(char *tptr, char *fp, int l);
+static int dotarbuf(int f, char *b, int n);
+static void dozerobuf(int f, int n);
+static void dotareof(int f);
+static void initarbuf(void);
+
 /* restore functions */
-static long readtarheader();
-static long unoct();
-static void do_tarput();
-static void unfixtarname();
+static long readtarheader(union hblock *hb, file_info2 *finfo, char *prefix);
+static long unoct(char *p, int ndgs);
+static void do_tarput(void);
+static void unfixtarname(char *tptr, char *fp, int l, BOOL first);
 
 /*
  * tar specific utitlities
  */
 
+/*******************************************************************
+Create  a string of size size+1 (for the null)
+*******************************************************************/
+static char *string_create_s(int size)
+{
+  char *tmp;
+
+  tmp = (char *)malloc(size+1);
+
+  if (tmp == NULL) {
+
+    DEBUG(0, ("Out of memory in string_create_s\n"));
+
+  }
+
+  return(tmp);
+
+}
+
 /****************************************************************************
 Write a tar header to buffer
 ****************************************************************************/
 static void writetarheader(int f,  char *aname, int size, time_t mtime,
-		    char *amode)
+			   char *amode, unsigned char ftype)
 {
   union hblock hb;
   int i, chk, l;
   char *jp;
 
+  DEBUG(5, ("WriteTarHdr, Type = %c, Size= %i, Name = %s\n", ftype, size, aname));
+
   memset(hb.dummy, 0, sizeof(hb.dummy));
   
   l=strlen(aname);
-  if (l >= NAMSIZ)
-    {
-      DEBUG(0, ("tar file %s name length exceeds NAMSIZ\n", aname));
-    }
+  if (l >= NAMSIZ - 1) {
+	  /* write a GNU tar style long header */
+	  char *b;
+	  b = (char *)malloc(l+TBLOCK+100);
+	  if (!b) {
+		  DEBUG(0,("out of memory\n"));
+		  exit(1);
+	  }
+	  writetarheader(f, "/./@LongLink", l+2, 0, "     0 \0", 'L');
+	  memset(b, 0, l+TBLOCK+100);
+	  fixtarname(b, aname, l);
+	  i = strlen(b)+1;
+	  DEBUG(5, ("File name in tar file: %s, size=%d, \n", b, (int)strlen(b)));
+	  dotarbuf(f, b, TBLOCK*(((i-1)/TBLOCK)+1));
+	  SAFE_FREE(b);
+  }
 
   /* use l + 1 to do the null too */
   fixtarname(hb.dbuf.name, aname, (l >= NAMSIZ) ? NAMSIZ : l + 1);
@@ -122,14 +203,14 @@ static void writetarheader(int f,  char *aname, int size, time_t mtime,
   /* write out a "standard" tar format header */
 
   hb.dbuf.name[NAMSIZ-1]='\0';
-  strcpy(hb.dbuf.mode, amode);
+  safe_strcpy(hb.dbuf.mode, amode, strlen(amode));
   oct_it(0L, 8, hb.dbuf.uid);
   oct_it(0L, 8, hb.dbuf.gid);
   oct_it((long) size, 13, hb.dbuf.size);
   oct_it((long) mtime, 13, hb.dbuf.mtime);
   memcpy(hb.dbuf.chksum, "        ", sizeof(hb.dbuf.chksum));
-  hb.dbuf.linkflag='0';
   memset(hb.dbuf.linkname, 0, NAMSIZ);
+  hb.dbuf.linkflag=ftype;
   
   for (chk=0, i=sizeof(hb.dummy), jp=hb.dummy; --i>=0;) chk+=(0xFF & *jp++);
 
@@ -142,7 +223,7 @@ static void writetarheader(int f,  char *aname, int size, time_t mtime,
 /****************************************************************************
 Read a tar header into a hblock structure, and validate
 ***************************************************************************/
-static long readtarheader(union hblock *hb, file_info *finfo, char *prefix)
+static long readtarheader(union hblock *hb, file_info2 *finfo, char *prefix)
 {
   long chk, fchk;
   int i;
@@ -167,29 +248,44 @@ static long readtarheader(union hblock *hb, file_info *finfo, char *prefix)
 
   fchk=unoct(hb->dbuf.chksum, sizeof(hb->dbuf.chksum));
 
-  DEBUG(5, ("checksum totals chk=%d fchk=%d chksum=%s\n",
+  DEBUG(5, ("checksum totals chk=%ld fchk=%ld chksum=%s\n",
 	    chk, fchk, hb->dbuf.chksum));
 
   if (fchk != chk)
     {
-      DEBUG(0, ("checksums don't match %d %d\n", fchk, chk));
+      DEBUG(0, ("checksums don't match %ld %ld\n", fchk, chk));
+      dump_data(5, (char *)hb - TBLOCK, TBLOCK *3);
       return -1;
     }
 
-  strcpy(finfo->name, prefix);
+  if ((finfo->name = string_create_s(strlen(prefix) + strlen(hb -> dbuf.name) + 3)) == NULL) {
+
+    DEBUG(0, ("Out of space creating file_info2 for %s\n", hb -> dbuf.name));
+    return(-1);
+
+  }
+
+  safe_strcpy(finfo->name, prefix, strlen(prefix) + strlen(hb -> dbuf.name) + 3);
 
   /* use l + 1 to do the null too; do prefix - prefcnt to zap leading slash */
   unfixtarname(finfo->name + strlen(prefix), hb->dbuf.name,
-	       strlen(hb->dbuf.name) + 1);
+	       strlen(hb->dbuf.name) + 1, True);
 
-/* can't handle links at present */
-  if (hb->dbuf.linkflag != '0') {
+  /* can't handle some links at present */
+  if ((hb->dbuf.linkflag != '0') && (hb -> dbuf.linkflag != '5')) {
     if (hb->dbuf.linkflag == 0) {
       DEBUG(6, ("Warning: NULL link flag (gnu tar archive ?) %s\n",
 		finfo->name));
     } else { 
-      DEBUG(0, ("this tar file appears to contain some kind of link - ignoring\n"));
-      return -2;
+      if (hb -> dbuf.linkflag == 'L') { /* We have a longlink */
+         /* Do nothing here at the moment. do_tarput will handle this
+            as long as the longlink gets back to it, as it has to advance 
+            the buffer pointer, etc */
+
+      } else {
+        DEBUG(0, ("this tar file appears to contain some kind of link other than a GNUtar Longlink - ignoring\n"));
+        return -2;
+      }
     }
   }
     
@@ -222,6 +318,9 @@ static int dotarbuf(int f, char *b, int n)
 {
   int fail=1, writ=n;
 
+  if (dry_run) {
+    return writ;
+  }
   /* This routine and the next one should be the only ones that do write()s */
   if (tp + n >= tbufsiz)
     {
@@ -250,7 +349,7 @@ static int dotarbuf(int f, char *b, int n)
 }
 
 /****************************************************************************
-Write a zeros to buffer / tape
+Write zeros to buffer / tape
 ****************************************************************************/
 static void dozerobuf(int f, int n)
 {
@@ -258,9 +357,13 @@ static void dozerobuf(int f, int n)
    * used to round files to nearest block
    * and to do tar EOFs */
 
+  if (dry_run)
+    return;
+  
   if (n+tp >= tbufsiz)
     {
       memset(tarbuf+tp, 0, tbufsiz-tp);
+
       write(f, tarbuf, tbufsiz);
       memset(tarbuf, 0, (tp+=n-tbufsiz));
     }
@@ -274,14 +377,14 @@ static void dozerobuf(int f, int n)
 /****************************************************************************
 Malloc tape buffer
 ****************************************************************************/
-static void initarbuf()
+static void initarbuf(void)
 {
   /* initialize tar buffer */
   tbufsiz=blocksize*TBLOCK;
-  tarbuf=malloc(tbufsiz);
+  tarbuf=malloc(tbufsiz);      /* FIXME: We might not get the buffer */
 
-  /* reset tar buffer pointer and tar file counter */
-  tp=0; ntarf=0;
+  /* reset tar buffer pointer and tar file counter and total dumped */
+  tp=0; ntarf=0; ttarf=0;
 }
 
 /****************************************************************************
@@ -289,13 +392,16 @@ Write two zero blocks at end of file
 ****************************************************************************/
 static void dotareof(int f)
 {
-  struct stat stbuf;
+  SMB_STRUCT_STAT stbuf;
   /* Two zero blocks at end of file, write out full buffer */
 
+  if (dry_run)
+    return;
+
   (void) dozerobuf(f, TBLOCK);
   (void) dozerobuf(f, TBLOCK);
 
-  if (fstat(f, &stbuf) == -1)
+  if (sys_fstat(f, &stbuf) == -1)
     {
       DEBUG(0, ("Couldn't stat file handle\n"));
       return;
@@ -311,37 +417,18 @@ static void dotareof(int f)
 ****************************************************************************/
 static void fixtarname(char *tptr, char *fp, int l)
 {
-  /* add a '.' to start of file name, convert from ugly dos \'s in path
-   * to lovely unix /'s :-} */
-
-  *tptr++='.';
-#ifdef KANJI
-  while (l > 0) {
-    if (is_shift_jis (*fp)) {
-      *tptr++ = *fp++;
-      *tptr++ = *fp++;
-      l -= 2;
-    } else if (is_kana (*fp)) {
-      *tptr++ = *fp++;
-      l--;
-    } else if (*fp == '\\') {
-      *tptr++ = '/';
-      fp++;
-      l--;
-    } else {
-      *tptr++ = *fp++;
-      l--;
-    }
-  }
-#else
-  while (l--) { *tptr=(*fp == '\\') ? '/' : *fp; tptr++; fp++; }
-#endif
+	/* add a '.' to start of file name, convert from ugly dos \'s in path
+	 * to lovely unix /'s :-} */
+	*tptr++='.';
+
+	safe_strcpy(tptr, fp, l);
+	string_replace(tptr, '\\', '/');
 }
 
 /****************************************************************************
 Convert from decimal to octal string
 ****************************************************************************/
-static void oct_it (register long value, register int ndgs, register char *p)
+static void oct_it (long value, int ndgs, char *p)
 {
   /* Converts long to octal string, pads with leading zeros */
 
@@ -371,7 +458,7 @@ static long unoct(char *p, int ndgs)
 
   while (--ndgs)
     {
-      if (isdigit(*p))
+      if (isdigit((int)*p))
         value = (value << 3) | (long) (*p - '0');
 
       p++;
@@ -381,10 +468,14 @@ static long unoct(char *p, int ndgs)
 }
 
 /****************************************************************************
-Compare two strings in a slash insensitive way
+Compare two strings in a slash insensitive way, allowing s1 to match s2 
+if s1 is an "initial" string (up to directory marker).  Thus, if s2 is 
+a file in any subdirectory of s1, declare a match.
 ***************************************************************************/
-int strslashcmp(const char *s1, const char *s2)
+static int strslashcmp(char *s1, char *s2)
 {
+  char *s1_0=s1;
+
   while(*s1 && *s2 &&
 	(*s1 == *s2
 	 || tolower(*s1) == tolower(*s2)
@@ -393,296 +484,52 @@ int strslashcmp(const char *s1, const char *s2)
 	  s1++; s2++;
   }
 
-  return *s1-*s2;
-}
-
-/*
- * general smb utility functions
- */
-/****************************************************************************
-Set DOS file attributes
-***************************************************************************/
-static int do_setrattr(char *fname, int attr, int setit)
-{
-  /*
-   * First get the existing attribs from existing file
+  /* if s1 has a trailing slash, it compared equal, so s1 is an "initial" 
+     string of s2.
    */
-  char *inbuf,*outbuf;
-  char *p;
-  pstring name;
-  int fattr;
-
-  strcpy(name,fname);
-  strcpy(fname,"\\");
-  strcat(fname,name);
-
-  inbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
-  outbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
-
-  if (!inbuf || !outbuf)
-    {
-      DEBUG(0,("out of memory\n"));
-      return False;
-    }
-
-  /* send an smb getatr message */
-
-  memset(outbuf,0,smb_size);
-  set_message(outbuf,0,2 + strlen(fname),True);
-  CVAL(outbuf,smb_com) = SMBgetatr;
-  SSVAL(outbuf,smb_tid,cnum);
-  setup_pkt(outbuf);
-
-  p = smb_buf(outbuf);
-  *p++ = 4;
-  strcpy(p,fname);
-  p += (strlen(fname)+1);
-  
-  *p++ = 4;
-  *p++ = 0;
-
-  send_smb(Client,outbuf);
-  receive_smb(Client,inbuf,CLIENT_TIMEOUT);
-
-  if (CVAL(inbuf,smb_rcls) != 0)
-    DEBUG(5,("getatr: %s\n",smb_errstr(inbuf)));
-  else
-    {
-      DEBUG(5,("\nattr 0x%X  time %d  size %d\n",
-	       (int)CVAL(inbuf,smb_vwv0),
-	       SVAL(inbuf,smb_vwv1),
-	       SVAL(inbuf,smb_vwv3)));
-    }
-
-  fattr=CVAL(inbuf,smb_vwv0);
+  if (!*s1 && s1 != s1_0 && (*(s1-1) == '/' || *(s1-1) == '\\')) return 0;
 
-  /* combine found attributes with bits to be set or reset */
+  /* ignore trailing slash on s1 */
+  if (!*s2 && (*s1 == '/' || *s1 == '\\') && !*(s1+1)) return 0;
 
-  attr=setit ? (fattr | attr) : (fattr & ~attr);
+  /* check for s1 is an "initial" string of s2 */
+  if (*s2 == '/' || *s2 == '\\') return 0;
 
-  /* now try and set attributes by sending smb reset message */
-
-  /* clear out buffer and start again */
-  memset(outbuf,0,smb_size);
-  set_message(outbuf,8,4 + strlen(fname),True);
-  CVAL(outbuf,smb_com) = SMBsetatr;
-  SSVAL(outbuf,smb_tid,cnum);
-  setup_pkt(outbuf);
-
-  SSVAL(outbuf,smb_vwv0,attr);
-
-  p = smb_buf(outbuf);
-  *p++ = 4;      
-  strcpy(p,fname);
-  p += (strlen(fname)+1);
-  
-  *p++ = 4;
-  *p++ = 0;
-
-  send_smb(Client,outbuf);
-  receive_smb(Client,inbuf,CLIENT_TIMEOUT);
-  
-  if (CVAL(inbuf,smb_rcls) != 0)
-    {
-      DEBUG(0,("%s setting attributes on file %s\n",
-	    smb_errstr(inbuf), fname));
-      free(inbuf);free(outbuf);
-      return(False);
-    }
-
-  free(inbuf);free(outbuf);
-  return(True);
+  return *s1-*s2;
 }
 
-/****************************************************************************
-Create a file on a share
-***************************************************************************/
-static BOOL smbcreat(file_info finfo, int *fnum, char *inbuf, char *outbuf)
-{
-  char *p;
-  /* *must* be called with buffer ready malloc'ed */
-  /* open remote file */
-  
-  memset(outbuf,0,smb_size);
-  set_message(outbuf,3,2 + strlen(finfo.name),True);
-  CVAL(outbuf,smb_com) = SMBcreate;
-  SSVAL(outbuf,smb_tid,cnum);
-  setup_pkt(outbuf);
-  
-  SSVAL(outbuf,smb_vwv0,finfo.mode);
-  put_dos_date3(outbuf,smb_vwv1,finfo.mtime);
-  
-  p = smb_buf(outbuf);
-  *p++ = 4;      
-  strcpy(p,finfo.name);
-  
-  send_smb(Client,outbuf);
-  receive_smb(Client,inbuf,CLIENT_TIMEOUT);
-  
-  if (CVAL(inbuf,smb_rcls) != 0)
-    {
-      DEBUG(0,("%s opening remote file %s\n",smb_errstr(inbuf),
-	       finfo.name));
-      return 0;
-    }
-  
-  *fnum = SVAL(inbuf,smb_vwv0);
-  return True;
-}
 
 /****************************************************************************
-Write a file to a share
-***************************************************************************/
-static BOOL smbwrite(int fnum, int n, int low, int high, int left,
-		     char *bufferp, char *inbuf, char *outbuf)
-{
-  /* *must* be called with buffer ready malloc'ed */
-
-  memset(outbuf,0,smb_size);
-  set_message(outbuf,5,n + 3,True);
-  
-  memcpy(smb_buf(outbuf)+3, bufferp, n);
-  
-  set_message(outbuf,5,n + 3, False);
-  CVAL(outbuf,smb_com) = SMBwrite;
-  SSVAL(outbuf,smb_tid,cnum);
-  setup_pkt(outbuf);
-  
-  SSVAL(outbuf,smb_vwv0,fnum);
-  SSVAL(outbuf,smb_vwv1,n);
-  SIVAL(outbuf,smb_vwv2,low);
-  SSVAL(outbuf,smb_vwv4,left);
-  CVAL(smb_buf(outbuf),0) = 1;
-  SSVAL(smb_buf(outbuf),1,n);
-
-  send_smb(Client,outbuf); 
-  receive_smb(Client,inbuf,CLIENT_TIMEOUT);
-  
-  if (CVAL(inbuf,smb_rcls) != 0)
-    {
-      DEBUG(0,("%s writing remote file\n",smb_errstr(inbuf)));
-      return False;
-    }
-  
-  if (n != SVAL(inbuf,smb_vwv0))
-    {
-      DEBUG(0,("Error: only wrote %d bytes out of %d\n",
-	       SVAL(inbuf,smb_vwv0), n));
-      return False;
-    }
-
-  return True;
-}
-
-/****************************************************************************
-Close a file on a share
+Ensure a remote path exists (make if necessary)
 ***************************************************************************/
-static BOOL smbshut(file_info finfo, int fnum, char *inbuf, char *outbuf)
+static BOOL ensurepath(char *fname)
 {
   /* *must* be called with buffer ready malloc'ed */
+  /* ensures path exists */
 
-  memset(outbuf,0,smb_size);
-  set_message(outbuf,3,0,True);
-  CVAL(outbuf,smb_com) = SMBclose;
-  SSVAL(outbuf,smb_tid,cnum);
-  setup_pkt(outbuf);
-  
-  SSVAL(outbuf,smb_vwv0,fnum);
-  put_dos_date3(outbuf,smb_vwv1,finfo.mtime);
-  
-  DEBUG(3,("Setting date to %s (0x%X)",
-	   asctime(LocalTime(&finfo.mtime,GMT_TO_LOCAL)),
-	   finfo.mtime));
-  
-  send_smb(Client,outbuf);
-  receive_smb(Client,inbuf,CLIENT_TIMEOUT);
-  
-  if (CVAL(inbuf,smb_rcls) != 0)
-    {
-      DEBUG(0,("%s closing remote file %s\n",smb_errstr(inbuf),
-	       finfo.name));
-      return False;
-    }
-
-  return True;
-}
-
-/****************************************************************************
-Verify existence of path on share
-***************************************************************************/
-static BOOL smbchkpath(char *fname, char *inbuf, char *outbuf)
-{
-  char *p;
-
-  memset(outbuf,0,smb_size);
-  set_message(outbuf,0,4 + strlen(fname),True);
-  CVAL(outbuf,smb_com) = SMBchkpth;
-  SSVAL(outbuf,smb_tid,cnum);
-  setup_pkt(outbuf);
-
-  p = smb_buf(outbuf);
-  *p++ = 4;
-  strcpy(p,fname);
-
-  send_smb(Client,outbuf);
-  receive_smb(Client,inbuf,CLIENT_TIMEOUT);
-
-  DEBUG(5,("smbchkpath: %s\n",smb_errstr(inbuf)));
-
-  return(CVAL(inbuf,smb_rcls) == 0);
-}
+  char *partpath, *ffname;
+  char *p=fname, *basehack;
 
-/****************************************************************************
-Make a directory on share
-***************************************************************************/
-static BOOL smbmkdir(char *fname, char *inbuf, char *outbuf)
-{
-  /* *must* be called with buffer ready malloc'ed */
-  char *p;
+  DEBUG(5, ( "Ensurepath called with: %s\n", fname));
 
-  memset(outbuf,0,smb_size);
-  set_message(outbuf,0,2 + strlen(fname),True);
-  
-  CVAL(outbuf,smb_com) = SMBmkdir;
-  SSVAL(outbuf,smb_tid,cnum);
-  setup_pkt(outbuf);
-  
-  p = smb_buf(outbuf);
-  *p++ = 4;      
-  strcpy(p,fname);
-  
-  send_smb(Client,outbuf);
-  receive_smb(Client,inbuf,CLIENT_TIMEOUT);
-  
-  if (CVAL(inbuf,smb_rcls) != 0)
-    {
-      DEBUG(0,("%s making remote directory %s\n",
-	       smb_errstr(inbuf),fname));
-      return(False);
-    }
+  partpath = string_create_s(strlen(fname));
+  ffname = string_create_s(strlen(fname));
 
-  return(True);
-}
+  if ((partpath == NULL) || (ffname == NULL)){
 
-/****************************************************************************
-Ensure a remote path exists (make if necessary)
-***************************************************************************/
-static BOOL ensurepath(char *fname, char *inbuf, char *outbuf)
-{
-  /* *must* be called with buffer ready malloc'ed */
-  /* ensures path exists */
+    DEBUG(0, ("Out of memory in ensurepath: %s\n", fname));
+    return(False);
 
-  pstring partpath, ffname;
-  char *p=fname, *basehack;
+  }
 
   *partpath = 0;
 
   /* fname copied to ffname so can strtok */
 
-  strcpy(ffname, fname);
+  safe_strcpy(ffname, fname, strlen(fname));
 
   /* do a `basename' on ffname, so don't try and make file name directory */
-  if ((basehack=strrchr(ffname, '\\')) == NULL)
+  if ((basehack=strrchr_m(ffname, '\\')) == NULL)
     return True;
   else
     *basehack='\0';
@@ -691,10 +538,10 @@ static BOOL ensurepath(char *fname, char *inbuf, char *outbuf)
 
   while (p)
     {
-      strcat(partpath, p);
+      safe_strcat(partpath, p, strlen(fname) + 1);
 
-      if (!smbchkpath(partpath, inbuf, outbuf)) {
-	if (!smbmkdir(partpath, inbuf, outbuf))
+      if (!cli_chkpath(cli, partpath)) {
+	if (!cli_mkdir(cli, partpath))
 	  {
 	    DEBUG(0, ("Error mkdirhiering\n"));
 	    return False;
@@ -704,16 +551,48 @@ static BOOL ensurepath(char *fname, char *inbuf, char *outbuf)
 
       }
 
-      strcat(partpath, "\\");
+      safe_strcat(partpath, "\\", strlen(fname) + 1);
       p = strtok(NULL,"/\\");
     }
 
     return True;
 }
 
-/*
- * smbclient functions
- */
+static int padit(char *buf, int bufsize, int padsize)
+{
+	int berr= 0;
+	int bytestowrite;
+  
+	DEBUG(5, ("Padding with %d zeros\n", padsize));
+	memset(buf, 0, bufsize);
+	while( !berr && padsize > 0 ) {
+		bytestowrite= MIN(bufsize, padsize);
+		berr = dotarbuf(tarhandle, buf, bytestowrite) != bytestowrite;
+		padsize -= bytestowrite;
+	}
+  
+	return berr;
+}
+
+
+static void do_setrattr(char *name, uint16 attr, int set)
+{
+	uint16 oldattr;
+
+	if (!cli_getatr(cli, name, &oldattr, NULL, NULL)) return;
+
+	if (set == ATTRSET) {
+		attr |= oldattr;
+	} else {
+		attr = oldattr & ~attr;
+	}
+
+	if (!cli_setatr(cli, name, attr, 0)) {
+		DEBUG(1,("setatr failed: %s\n", cli_errstr(cli)));
+	}
+}
+
+
 /****************************************************************************
 append one remote file to the tar file
 ***************************************************************************/
@@ -721,356 +600,154 @@ static void do_atar(char *rname,char *lname,file_info *finfo1)
 {
   int fnum;
   uint32 nread=0;
-  char *p;
-  char *inbuf,*outbuf;
-  file_info finfo;
+  char ftype;
+  file_info2 finfo;
   BOOL close_done = False;
   BOOL shallitime=True;
-  BOOL ignore_close_error = False;
-  char *dataptr=NULL;
+  char data[65520];
+  int read_size = 65520;
   int datalen=0;
 
   struct timeval tp_start;
   GetTimeOfDay(&tp_start);
 
-  if (finfo1) 
-    finfo = *finfo1;
-  else
-    finfo = def_finfo;
+  ftype = '0'; /* An ordinary file ... */
 
-  inbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
-  outbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
+  if (finfo1) {
+    finfo.size  = finfo1 -> size;
+    finfo.mode  = finfo1 -> mode;
+    finfo.uid   = finfo1 -> uid;
+    finfo.gid   = finfo1 -> gid;
+    finfo.mtime = finfo1 -> mtime;
+    finfo.atime = finfo1 -> atime;
+    finfo.ctime = finfo1 -> ctime;
+  }
+  else {
+    finfo.size  = def_finfo.size;
+    finfo.mode  = def_finfo.mode;
+    finfo.uid   = def_finfo.uid;
+    finfo.gid   = def_finfo.gid;
+    finfo.mtime = def_finfo.mtime;
+    finfo.atime = def_finfo.atime;
+    finfo.ctime = def_finfo.ctime;
+  }
 
-  if (!inbuf || !outbuf)
+  if (dry_run)
     {
-      DEBUG(0,("out of memory\n"));
+      DEBUG(3,("skipping file %s of size %d bytes\n",
+	       finfo.name,
+	       (int)finfo.size));
+      shallitime=0;
+      ttarf+=finfo.size + TBLOCK - (finfo.size % TBLOCK);
+      ntarf++;
       return;
     }
 
-  memset(outbuf,0,smb_size);
-  set_message(outbuf,15,1 + strlen(rname),True);
-
-  CVAL(outbuf,smb_com) = SMBopenX;
-  SSVAL(outbuf,smb_tid,cnum);
-  setup_pkt(outbuf);
-
-  SSVAL(outbuf,smb_vwv0,0xFF);
-  SSVAL(outbuf,smb_vwv2,1);
-  SSVAL(outbuf,smb_vwv3,(DENY_NONE<<4));
-  SSVAL(outbuf,smb_vwv4,aSYSTEM | aHIDDEN);
-  SSVAL(outbuf,smb_vwv5,aSYSTEM | aHIDDEN);
-  SSVAL(outbuf,smb_vwv8,1);
-
-  p = smb_buf(outbuf);
-  strcpy(p,rname);
-  p = skip_string(p,1);
+  fnum = cli_open(cli, rname, O_RDONLY, DENY_NONE);
 
   dos_clean_name(rname);
 
-  /* do a chained openX with a readX? */  
-  if (finfo.size > 0)
-    {
-      SSVAL(outbuf,smb_vwv0,SMBreadX);
-      SSVAL(outbuf,smb_vwv1,PTR_DIFF(p,outbuf) - 4);
-      memset(p,0,200);
-      p -= smb_wct;
-      SSVAL(p,smb_wct,10);
-      SSVAL(p,smb_vwv0,0xFF);
-      SSVAL(p,smb_vwv5,MIN(max_xmit-500,finfo.size));
-      SSVAL(p,smb_vwv9,MIN(0xFFFF,finfo.size));
-      smb_setlen(outbuf,smb_len(outbuf)+11*2+1);  
-    }
-  
-  send_smb(Client,outbuf);
-  receive_smb(Client,inbuf,CLIENT_TIMEOUT);
-
-  if (CVAL(inbuf,smb_rcls) != 0)
-    {
-      if (CVAL(inbuf,smb_rcls) == ERRSRV &&
-	  SVAL(inbuf,smb_err) == ERRnoresource &&
-	  reopen_connection(inbuf,outbuf))
-	{
-	  do_atar(rname,lname,finfo1);
-	  free(inbuf);free(outbuf);
+  if (fnum == -1) {
+	  DEBUG(0,("%s opening remote file %s (%s)\n",
+		   cli_errstr(cli),rname, cur_dir));
 	  return;
-	}
+  }
 
-      DEBUG(0,("%s opening remote file %s\n",smb_errstr(inbuf),rname));
-      free(inbuf);free(outbuf);
-      return;
-    }
+  finfo.name = string_create_s(strlen(rname));
+  if (finfo.name == NULL) {
+	  DEBUG(0, ("Unable to allocate space for finfo.name in do_atar\n"));
+	  return;
+  }
 
-  strcpy(finfo.name,rname);
-  if (!finfo1)
-    {
-      finfo.mode = SVAL(inbuf,smb_vwv3);
-      finfo.size = IVAL(inbuf,smb_vwv4);
-      finfo.mtime = make_unix_date3(inbuf+smb_vwv6);
-      finfo.atime = finfo.ctime = finfo.mtime;
-    }
+  safe_strcpy(finfo.name,rname, strlen(rname));
+  if (!finfo1) {
+	  if (!cli_getattrE(cli, fnum, &finfo.mode, &finfo.size, NULL, &finfo.atime, &finfo.mtime)) {
+		  DEBUG(0, ("getattrE: %s\n", cli_errstr(cli)));
+		  return;
+	  }
+	  finfo.ctime = finfo.mtime;
+  }
 
   DEBUG(3,("file %s attrib 0x%X\n",finfo.name,finfo.mode));
 
-  fnum = SVAL(inbuf,smb_vwv2);
-
   if (tar_inc && !(finfo.mode & aARCH))
     {
       DEBUG(4, ("skipping %s - archive bit not set\n", finfo.name));
       shallitime=0;
     }
+  else if (!tar_system && (finfo.mode & aSYSTEM))
+    {
+      DEBUG(4, ("skipping %s - system bit is set\n", finfo.name));
+      shallitime=0;
+    }
+  else if (!tar_hidden && (finfo.mode & aHIDDEN))
+    {
+      DEBUG(4, ("skipping %s - hidden bit is set\n", finfo.name));
+      shallitime=0;
+    }
   else
     {
-      if (SVAL(inbuf,smb_vwv0) == SMBreadX)
-	{
-	  p = (inbuf+4+SVAL(inbuf,smb_vwv1)) - smb_wct;
-	  datalen = SVAL(p,smb_vwv5);
-	  dataptr = inbuf + 4 + SVAL(p,smb_vwv6);
-	}
-      else
-	{
-	  dataptr = NULL;
-	  datalen = 0;
-	}
-
-      DEBUG(2,("getting file %s of size %d bytes as a tar file %s",
+      DEBUG(3,("getting file %s of size %d bytes as a tar file %s",
 	       finfo.name,
-	       finfo.size,
+	       (int)finfo.size,
 	       lname));
       
       /* write a tar header, don't bother with mode - just set to 100644 */
-      writetarheader(tarhandle, rname, finfo.size, finfo.mtime, "100644 \0");
-      
-      while (nread < finfo.size && !close_done)
-	{
-	  int method = -1;
-	  static BOOL can_chain_close=True;
+      writetarheader(tarhandle, rname, finfo.size, finfo.mtime, "100644 \0", ftype);
 
-	  p=NULL;
-	  
-	  DEBUG(3,("nread=%d\n",nread));
-	  
-	  /* 3 possible read types. readbraw if a large block is required.
-	     readX + close if not much left and read if neither is supported */
-
-	  /* we might have already read some data from a chained readX */
-	  if (dataptr && datalen>0)
-	    method=3;
-	  
-	  /* if we can finish now then readX+close */
-	  if (method<0 && can_chain_close && (Protocol >= PROTOCOL_LANMAN1) && 
-	      ((finfo.size - nread) < 
-	       (max_xmit - (2*smb_size + 13*SIZEOFWORD + 300))))
-	    method = 0;
-	  
-	  /* if we support readraw then use that */
-	  if (method<0 && readbraw_supported)
-	    method = 1;
-	  
-	  /* if we can then use readX */
-	  if (method<0 && (Protocol >= PROTOCOL_LANMAN1))
-	    method = 2;
-	  
-	  
-	  switch (method)
-	    {
-	      /* use readX */
-	    case 0:
-	    case 2:
-	      if (method == 0)
-		close_done = True;
+      while (nread < finfo.size && !close_done)	{
 	      
-	      /* use readX + close */
-	      memset(outbuf,0,smb_size);
-	      set_message(outbuf,10,0,True);
-	      CVAL(outbuf,smb_com) = SMBreadX;
-	      SSVAL(outbuf,smb_tid,cnum);
-	      setup_pkt(outbuf);
-	      
-	      if (close_done)
-		{
-		  CVAL(outbuf,smb_vwv0) = SMBclose;
-		  SSVAL(outbuf,smb_vwv1,PTR_DIFF(smb_buf(outbuf),outbuf) - 4);
-		}
-	      else
-		CVAL(outbuf,smb_vwv0) = 0xFF;	      
-	      
-	      
-	      SSVAL(outbuf,smb_vwv2,fnum);
-	      SIVAL(outbuf,smb_vwv3,nread);
-	      SSVAL(outbuf,smb_vwv5,MIN(max_xmit-200,finfo.size - nread));
-	      SSVAL(outbuf,smb_vwv6,0);
-	      SIVAL(outbuf,smb_vwv7,0);
-	      SSVAL(outbuf,smb_vwv9,MIN(0xFFFF,finfo.size-nread));
-	      
-	      if (close_done)
-		{
-		  p = smb_buf(outbuf);
-		  memset(p,0,9);
-		  
-		  CVAL(p,0) = 3;
-		  SSVAL(p,1,fnum);
-		  SIVALS(p,3,-1);
-		  
-		  /* now set the total packet length */
-		  smb_setlen(outbuf,smb_len(outbuf)+9);
-		}
-	      
-	      send_smb(Client,outbuf);
-	      receive_smb(Client,inbuf,CLIENT_TIMEOUT);
-	      
-	      if (CVAL(inbuf,smb_rcls) != 0)
-		{
-		  DEBUG(0,("Error %s reading remote file\n",smb_errstr(inbuf)));
-		  break;
-		}
-	      
-	      if (close_done &&
-		  SVAL(inbuf,smb_vwv0) != SMBclose)
-		{
-		  /* NOTE: WfWg sometimes just ignores the chained
-		     command! This seems to break the spec? */
-		  DEBUG(3,("Rejected chained close?\n"));
-		  close_done = False;
-		  can_chain_close = False;
-		  ignore_close_error = True;
-		}
+	      DEBUG(3,("nread=%d\n",nread));
 	      
-	      datalen = SVAL(inbuf,smb_vwv5);
-	      dataptr = inbuf + 4 + SVAL(inbuf,smb_vwv6);
-	      break;
+	      datalen = cli_read(cli, fnum, data, nread, read_size);
 	      
+	      if (datalen == -1) {
+		      DEBUG(0,("Error reading file %s : %s\n", rname, cli_errstr(cli)));
+		      break;
+	      }
 	      
-	      /* use readbraw */
-	    case 1:
-	      {
-		static int readbraw_size = 0xFFFF;
-		
-		extern int Client;
-		memset(outbuf,0,smb_size);
-		set_message(outbuf,8,0,True);
-		CVAL(outbuf,smb_com) = SMBreadbraw;
-		SSVAL(outbuf,smb_tid,cnum);
-		setup_pkt(outbuf);
-		SSVAL(outbuf,smb_vwv0,fnum);
-		SIVAL(outbuf,smb_vwv1,nread);
-		SSVAL(outbuf,smb_vwv3,MIN(finfo.size-nread,readbraw_size));
-		SSVAL(outbuf,smb_vwv4,0);
-		SIVALS(outbuf,smb_vwv5,-1);
-		send_smb(Client,outbuf);
-		
-		/* Now read the raw data into the buffer and write it */	  
-		if(read_smb_length(Client,inbuf,0) == -1) {
-		  DEBUG(0,("Failed to read length in readbraw\n"));	    
-		  exit(1);
-		}
-		
-		/* Even though this is not an smb message, smb_len
-		   returns the generic length of an smb message */
-		datalen = smb_len(inbuf);
-		
-		if (datalen == 0)
-		  {
-		    /* we got a readbraw error */
-		    DEBUG(4,("readbraw error - reducing size\n"));
-		    readbraw_size = (readbraw_size * 9) / 10;
-		    
-		    if (readbraw_size < max_xmit)
-		      {
-			DEBUG(0,("disabling readbraw\n"));
-			readbraw_supported = False;
-		      }
-
-		    dataptr=NULL;
-		    continue;
+		  nread += datalen;
+
+		  /* if file size has increased since we made file size query, truncate
+			read so tar header for this file will be correct.
+		   */
+
+		  if (nread > finfo.size) {
+			datalen -= nread - finfo.size;
+			DEBUG(0,("File size change - truncating %s to %d bytes\n", finfo.name, (int)finfo.size));
 		  }
 
-		if(read_data(Client,inbuf,datalen) != datalen) {
-		  DEBUG(0,("Failed to read data in readbraw\n"));
-		  exit(1);
-		}
-		dataptr = inbuf;
+	      /* add received bits of file to buffer - dotarbuf will
+	       * write out in 512 byte intervals */
+	      if (dotarbuf(tarhandle,data,datalen) != datalen) {
+		      DEBUG(0,("Error writing to tar file - %s\n", strerror(errno)));
+		      break;
 	      }
-	      break;
-
-	    case 3:
-	      /* we've already read some data with a chained readX */
-	      break;
-	      
-	    default:
-	      /* use plain read */
-	      memset(outbuf,0,smb_size);
-	      set_message(outbuf,5,0,True);
-	      CVAL(outbuf,smb_com) = SMBread;
-	      SSVAL(outbuf,smb_tid,cnum);
-	      setup_pkt(outbuf);
-	      
-	      SSVAL(outbuf,smb_vwv0,fnum);
-	      SSVAL(outbuf,smb_vwv1,MIN(max_xmit-200,finfo.size - nread));
-	      SIVAL(outbuf,smb_vwv2,nread);
-	      SSVAL(outbuf,smb_vwv4,finfo.size - nread);
 	      
-	      send_smb(Client,outbuf);
-	      receive_smb(Client,inbuf,CLIENT_TIMEOUT);
-	      
-	      if (CVAL(inbuf,smb_rcls) != 0)
-		{
-		  DEBUG(0,("Error %s reading remote file\n",smb_errstr(inbuf)));
-		  break;
-		}
-	      
-	      datalen = SVAL(inbuf,smb_vwv0);
-	      dataptr = smb_buf(inbuf) + 3;
-	      break;
-	    }
-	  
-	  
-	  /* add received bits of file to buffer - dotarbuf will
-	   * write out in 512 byte intervals */
-	  if (dotarbuf(tarhandle,dataptr,datalen) != datalen)
-	    {
-	      DEBUG(0,("Error writing local file\n"));
-	      break;
-	    }
-	  
-	  nread += datalen;
-	  if (datalen == 0) 
-	    {
-	      DEBUG(0,("Error reading file %s. Got 0 bytes\n", rname));
-	      break;
-	    }
-
-	  dataptr=NULL;
-	  datalen=0;
-	}
-      
+	      if (datalen == 0) {
+		      DEBUG(0,("Error reading file %s. Got 0 bytes\n", rname));
+		      break;
+	      }
+
+	      datalen=0;
+      }
+
+      /* pad tar file with zero's if we couldn't get entire file */
+      if (nread < finfo.size) {
+	      DEBUG(0, ("Didn't get entire file. size=%d, nread=%d\n", (int)finfo.size, (int)nread));
+	      if (padit(data, sizeof(data), finfo.size - nread))
+		      DEBUG(0,("Error writing tar file - %s\n", strerror(errno)));
+      }
+
       /* round tar file to nearest block */
       if (finfo.size % TBLOCK)
 	dozerobuf(tarhandle, TBLOCK - (finfo.size % TBLOCK));
       
+      ttarf+=finfo.size + TBLOCK - (finfo.size % TBLOCK);
       ntarf++;
     }
   
-  if (!close_done)
-    {
-      memset(outbuf,0,smb_size);
-      set_message(outbuf,3,0,True);
-      CVAL(outbuf,smb_com) = SMBclose;
-      SSVAL(outbuf,smb_tid,cnum);
-      setup_pkt(outbuf);
-      
-      SSVAL(outbuf,smb_vwv0,fnum);
-      SIVALS(outbuf,smb_vwv1,-1);
-      
-      send_smb(Client,outbuf);
-      receive_smb(Client,inbuf,CLIENT_TIMEOUT);
-      
-      if (!ignore_close_error && CVAL(inbuf,smb_rcls) != 0)
-	{
-	  DEBUG(0,("Error %s closing remote file\n",smb_errstr(inbuf)));
-	  free(inbuf);free(outbuf);
-	  return;
-	}
-    }
+  cli_close(cli, fnum);
 
   if (shallitime)
     {
@@ -1078,7 +755,8 @@ static void do_atar(char *rname,char *lname,file_info *finfo1)
       int this_time;
 
       /* if shallitime is true then we didn't skip */
-      if (tar_reset) (void) do_setrattr(finfo.name, aARCH, ATTRRESET);
+      if (tar_reset && !dry_run)
+	(void) do_setrattr(finfo.name, aARCH, ATTRRESET);
       
       GetTimeOfDay(&tp_end);
       this_time = 
@@ -1087,13 +765,18 @@ static void do_atar(char *rname,char *lname,file_info *finfo1)
       get_total_time_ms += this_time;
       get_total_size += finfo.size;
 
+      if (tar_noisy)
+	{
+	  DEBUG(0, ("%10d (%7.1f kb/s) %s\n",
+	       (int)finfo.size, finfo.size / MAX(0.001, (1.024*this_time)),
+               finfo.name));
+	}
+
       /* Thanks to Carel-Jan Engel (ease@mail.wirehub.nl) for this one */
-      DEBUG(2,("(%g kb/s) (average %g kb/s)\n",
+      DEBUG(3,("(%g kb/s) (average %g kb/s)\n",
 	       finfo.size / MAX(0.001, (1.024*this_time)),
 	       get_total_size / MAX(0.001, (1.024*get_total_time_ms))));
     }
-  
-  free(inbuf);free(outbuf);
 }
 
 /****************************************************************************
@@ -1103,25 +786,29 @@ static void do_tar(file_info *finfo)
 {
   pstring rname;
 
-  if (strequal(finfo->name,".") || strequal(finfo->name,".."))
+  if (strequal(finfo->name,"..") || strequal(finfo->name,"."))
     return;
 
   /* Is it on the exclude list ? */
   if (!tar_excl && clipn) {
     pstring exclaim;
 
-    strcpy(exclaim, cur_dir);
+    DEBUG(5, ("Excl: strlen(cur_dir) = %d\n", (int)strlen(cur_dir)));
+
+    safe_strcpy(exclaim, cur_dir, sizeof(pstring));
     *(exclaim+strlen(exclaim)-1)='\0';
 
-    if (clipfind(cliplist, clipn, exclaim)) {
-      DEBUG(3,("Skipping directory %s\n", exclaim));
-      return;
-    }
+    safe_strcat(exclaim, "\\", sizeof(pstring));
+    safe_strcat(exclaim, finfo->name, sizeof(exclaim));
 
-    strcat(exclaim, "\\");
-    strcat(exclaim, finfo->name);
+    DEBUG(5, ("...tar_re_search: %d\n", tar_re_search));
 
-    if (clipfind(cliplist, clipn, exclaim)) {
+    if ((!tar_re_search && clipfind(cliplist, clipn, exclaim)) ||
+#ifdef HAVE_REGEX_H
+	(tar_re_search && !regexec(preg, exclaim, 0, NULL, 0))) {
+#else
+        (tar_re_search && mask_match(exclaim, cliplist[0], True))) {
+#endif
       DEBUG(3,("Skipping file %s\n", exclaim));
       return;
     }
@@ -1131,36 +818,33 @@ static void do_tar(file_info *finfo)
     {
       pstring saved_curdir;
       pstring mtar_mask;
-      char *inbuf,*outbuf;
 
-      inbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
-      outbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
+      safe_strcpy(saved_curdir, cur_dir, sizeof(saved_curdir));
 
-      if (!inbuf || !outbuf)
-	{
-	  DEBUG(0,("out of memory\n"));
-	  return;
-	}
+      DEBUG(5, ("Sizeof(cur_dir)=%d, strlen(cur_dir)=%d, strlen(finfo->name)=%d\nname=%s,cur_dir=%s\n", (int)sizeof(cur_dir), (int)strlen(cur_dir), (int)strlen(finfo->name), finfo->name, cur_dir));
 
-      strcpy(saved_curdir,cur_dir);
+      safe_strcat(cur_dir,finfo->name, sizeof(cur_dir));
+      safe_strcat(cur_dir,"\\", sizeof(cur_dir));
 
-      strcat(cur_dir,finfo->name);
-      strcat(cur_dir,"\\");
+      DEBUG(5, ("Writing a dir, Name = %s\n", cur_dir));
 
       /* write a tar directory, don't bother with mode - just set it to
        * 40755 */
-      writetarheader(tarhandle, cur_dir, 0, finfo->mtime, "040755 \0");
-      strcpy(mtar_mask,cur_dir);
-      strcat(mtar_mask,"*");
-      
-      do_dir((char *)inbuf,(char *)outbuf,mtar_mask,attribute,do_tar,recurse);
-      strcpy(cur_dir,saved_curdir);
-      free(inbuf);free(outbuf);
+      writetarheader(tarhandle, cur_dir, 0, finfo->mtime, "040755 \0", '5');
+      if (tar_noisy) {
+          DEBUG(0,("                directory %s\n", cur_dir));
+      }
+      ntarf++;  /* Make sure we have a file on there */
+      safe_strcpy(mtar_mask,cur_dir, sizeof(pstring));
+      safe_strcat(mtar_mask,"*", sizeof(pstring));
+      DEBUG(5, ("Doing list with mtar_mask: %s\n", mtar_mask));
+      do_list(mtar_mask, attribute, do_tar, False, True);
+      safe_strcpy(cur_dir,saved_curdir, sizeof(pstring));
     }
   else
     {
-      strcpy(rname,cur_dir);
-      strcat(rname,finfo->name);
+      safe_strcpy(rname,cur_dir, sizeof(pstring));
+      safe_strcat(rname,finfo->name, sizeof(pstring));
       do_atar(rname,finfo->name,finfo);
     }
 }
@@ -1168,227 +852,423 @@ static void do_tar(file_info *finfo)
 /****************************************************************************
 Convert from UNIX to DOS file names
 ***************************************************************************/
-static void unfixtarname(char *tptr, char *fp, int l)
+static void unfixtarname(char *tptr, char *fp, int l, BOOL first)
 {
-  /* remove '.' from start of file name, convert from unix /'s to
-   * dos \'s in path. Kill any absolute path names.
-   */
+	/* remove '.' from start of file name, convert from unix /'s to
+	 * dos \'s in path. Kill any absolute path names. But only if first!
+	 */
 
-  if (*fp == '.') fp++;
-  if (*fp == '\\' || *fp == '/') fp++;
-
-#ifdef KANJI
-  while (l > 0) {
-    if (is_shift_jis (*fp)) {
-      *tptr++ = *fp++;
-      *tptr++ = *fp++;
-      l -= 2;
-    } else if (is_kana (*fp)) {
-      *tptr++ = *fp++;
-      l--;
-    } else if (*fp == '/') {
-      *tptr++ = '\\';
-      fp++;
-      l--;
-    } else {
-      *tptr++ = *fp++;
-      l--;
+	DEBUG(5, ("firstb=%lX, secondb=%lX, len=%i\n", (long)tptr, (long)fp, l));
+
+	if (first) {
+		if (*fp == '.') {
+			fp++;
+			l--;
+		}
+		if (*fp == '\\' || *fp == '/') {
+			fp++;
+			l--;
+		}
+	}
+
+	safe_strcpy(tptr, fp, l);
+	string_replace(tptr, '/', '\\');
+}
+
+
+/****************************************************************************
+Move to the next block in the buffer, which may mean read in another set of
+blocks. FIXME, we should allow more than one block to be skipped.
+****************************************************************************/
+static int next_block(char *ltarbuf, char **bufferp, int bufsiz)
+{
+  int bufread, total = 0;
+
+  DEBUG(5, ("Advancing to next block: %0lx\n", (unsigned long)*bufferp));
+  *bufferp += TBLOCK;
+  total = TBLOCK;
+
+  if (*bufferp >= (ltarbuf + bufsiz)) {
+
+    DEBUG(5, ("Reading more data into ltarbuf ...\n"));
+
+    /*
+     * Bugfix from Bob Boehmer <boehmer@worldnet.att.net>
+     * Fixes bug where read can return short if coming from
+     * a pipe.
+     */
+
+    bufread = read(tarhandle, ltarbuf, bufsiz);
+    total = bufread;
+
+    while (total < bufsiz) {
+      if (bufread < 0) { /* An error, return false */
+        return (total > 0 ? -2 : bufread);
+      }
+      if (bufread == 0) {
+        if (total <= 0) {
+            return -2;
+        }
+        break;
+      }
+      bufread = read(tarhandle, &ltarbuf[total], bufsiz - total);
+      total += bufread;
     }
+
+    DEBUG(5, ("Total bytes read ... %i\n", total));
+
+    *bufferp = ltarbuf;
+
   }
-#else
-  while (l--) { *tptr=(*fp == '/') ? '\\' : *fp; tptr++; fp++; }
-#endif
+
+  return(total);
+
 }
 
-static void do_tarput()
+/* Skip a file, even if it includes a long file name? */
+static int skip_file(int skipsize)
 {
-  file_info finfo;
-  int nread=0, bufread;
-  char *inbuf,*outbuf; 
-  int fsize=0;
-  int fnum;
+  int dsize = skipsize;
+
+  DEBUG(5, ("Skiping file. Size = %i\n", skipsize));
+
+  /* FIXME, we should skip more than one block at a time */
+
+  while (dsize > 0) {
+
+    if (next_block(tarbuf, &buffer_p, tbufsiz) <= 0) {
+
+	DEBUG(0, ("Empty file, short tar file, or read error: %s\n", strerror(errno)));
+	return(False);
+
+    }
+
+    dsize -= TBLOCK;
+
+  }
+
+  return(True);
+}
+
+/*************************************************************
+ Get a file from the tar file and store it.
+ When this is called, tarbuf already contains the first
+ file block. This is a bit broken & needs fixing.
+**************************************************************/
+
+static int get_file(file_info2 finfo)
+{
+  int fnum = -1, pos = 0, dsize = 0, rsize = 0, bpos = 0;
+
+  DEBUG(5, ("get_file: file: %s, size %i\n", finfo.name, (int)finfo.size));
+
+  if (ensurepath(finfo.name) && 
+      (fnum=cli_open(cli, finfo.name, O_RDWR|O_CREAT|O_TRUNC, DENY_NONE)) == -1) {
+      DEBUG(0, ("abandoning restore\n"));
+      return(False);
+  }
+
+  /* read the blocks from the tar file and write to the remote file */
+
+  rsize = finfo.size;  /* This is how much to write */
+
+  while (rsize > 0) {
+
+    /* We can only write up to the end of the buffer */
+
+    dsize = MIN(tbufsiz - (buffer_p - tarbuf) - bpos, 65520); /* Calculate the size to write */
+    dsize = MIN(dsize, rsize);  /* Should be only what is left */
+    DEBUG(5, ("writing %i bytes, bpos = %i ...\n", dsize, bpos));
+
+    if (cli_write(cli, fnum, 0, buffer_p + bpos, pos, dsize) != dsize) {
+	    DEBUG(0, ("Error writing remote file\n"));
+	    return 0;
+    }
+
+    rsize -= dsize;
+    pos += dsize;
+
+    /* Now figure out how much to move in the buffer */
+
+    /* FIXME, we should skip more than one block at a time */
+
+    /* First, skip any initial part of the part written that is left over */
+    /* from the end of the first TBLOCK                                   */
+
+    if ((bpos) && ((bpos + dsize) >= TBLOCK)) {
+
+      dsize -= (TBLOCK - bpos);  /* Get rid of the end of the first block */
+      bpos = 0;
+
+      if (next_block(tarbuf, &buffer_p, tbufsiz) <=0) {  /* and skip the block */
+	DEBUG(0, ("Empty file, short tar file, or read error: %s\n", strerror(errno)));
+	return False;
+
+      }
+
+    }
+
+    /*
+     * Bugfix from Bob Boehmer <boehmer@worldnet.att.net>.
+     * If the file being extracted is an exact multiple of
+     * TBLOCK bytes then we don't want to extract the next
+     * block from the tarfile here, as it will be done in
+     * the caller of get_file().
+     */
+
+    while (((rsize != 0) && (dsize >= TBLOCK)) ||
+         ((rsize == 0) && (dsize > TBLOCK))) {
+
+      if (next_block(tarbuf, &buffer_p, tbufsiz) <=0) {
+	DEBUG(0, ("Empty file, short tar file, or read error: %s\n", strerror(errno)));
+	return False;
+      }
+
+      dsize -= TBLOCK;
+    }
+
+    bpos = dsize;
+
+  }
+
+  /* Now close the file ... */
+
+  if (!cli_close(cli, fnum)) {
+	  DEBUG(0, ("Error closing remote file\n"));
+	  return(False);
+  }
+
+  /* Now we update the creation date ... */
+
+  DEBUG(5, ("Updating creation date on %s\n", finfo.name));
+
+  if (!cli_setatr(cli, finfo.name, finfo.mode, finfo.mtime)) {
+	  if (tar_real_noisy) {
+		  DEBUG(0, ("Could not set time on file: %s\n", finfo.name));
+		  /*return(False); */ /* Ignore, as Win95 does not allow changes */
+	  }
+  }
+
+  ntarf++;
+
+  DEBUG(0, ("restore tar file %s of size %d bytes\n", finfo.name, (int)finfo.size));
+  
+  return(True);
+}
+
+/* Create a directory.  We just ensure that the path exists and return as there
+   is no file associated with a directory 
+*/
+static int get_dir(file_info2 finfo)
+{
+
+  DEBUG(0, ("restore directory %s\n", finfo.name));
+
+  if (!ensurepath(finfo.name)) {
+
+    DEBUG(0, ("Problems creating directory\n"));
+    return(False);
+
+  }
+
+  ntarf++;
+  return(True);
+
+}
+/* Get a file with a long file name ... first file has file name, next file 
+   has the data. We only want the long file name, as the loop in do_tarput
+   will deal with the rest.
+*/
+static char * get_longfilename(file_info2 finfo)
+{
+  int namesize = finfo.size + strlen(cur_dir) + 2;
+  char *longname = malloc(namesize);
+  int offset = 0, left = finfo.size;
+  BOOL first = True;
+
+  DEBUG(5, ("Restoring a long file name: %s\n", finfo.name));
+  DEBUG(5, ("Len = %d\n", (int)finfo.size));
+
+  if (longname == NULL) {
+
+    DEBUG(0, ("could not allocate buffer of size %d for longname\n", 
+	      (int)(finfo.size + strlen(cur_dir) + 2)));
+    return(NULL);
+  }
+
+  /* First, add cur_dir to the long file name */
+
+  if (strlen(cur_dir) > 0) {
+    strncpy(longname, cur_dir, namesize);
+    offset = strlen(cur_dir);
+  }
+
+  /* Loop through the blocks picking up the name */
+
+  while (left > 0) {
+
+    if (next_block(tarbuf, &buffer_p, tbufsiz) <= 0) {
+
+      DEBUG(0, ("Empty file, short tar file, or read error: %s\n", strerror(errno)));
+      return(NULL);
+
+    }
+
+    unfixtarname(longname + offset, buffer_p, MIN(TBLOCK, finfo.size), first--);
+    DEBUG(5, ("UnfixedName: %s, buffer: %s\n", longname, buffer_p));
+
+    offset += TBLOCK;
+    left -= TBLOCK;
+
+  }
+
+  return(longname);
+
+}
+
+static void do_tarput(void)
+{
+  file_info2 finfo;
   struct timeval tp_start;
-  BOOL tskip=False;       /* We'll take each file as it comes */
+  char *longfilename = NULL, linkflag;
+  int skip = False;
 
   GetTimeOfDay(&tp_start);
-  
-  inbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
-  outbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
-  
-  if (!inbuf || !outbuf)
-    {
-      DEBUG(0,("out of memory\n"));
+
+  DEBUG(5, ("RJS do_tarput called ...\n"));
+
+  buffer_p = tarbuf + tbufsiz;  /* init this to force first read */
+
+  /* Now read through those files ... */
+
+  while (True) {
+
+    /* Get us to the next block, or the first block first time around */
+
+    if (next_block(tarbuf, &buffer_p, tbufsiz) <= 0) {
+
+      DEBUG(0, ("Empty file, short tar file, or read error: %s\n", strerror(errno)));
+
       return;
+
     }
-  
-  /*
-   * Must read in tbufsiz dollops
-   */
 
-  /* These should be the only reads in clitar.c */
-  while ((bufread=read(tarhandle, tarbuf, tbufsiz))>0) {
-    char *bufferp, *endofbuffer;
-    int chunk;
+    DEBUG(5, ("Reading the next header ...\n"));
 
-    /* Code to handle a short read.
-     * We always need a TBLOCK full of stuff
-     */
-    if (bufread % TBLOCK) {
-      int lchunk=TBLOCK-(bufread % TBLOCK);
-      int lread;
+    switch (readtarheader((union hblock *) buffer_p, &finfo, cur_dir)) {
+
+    case -2:    /* Hmm, not good, but not fatal */
+      DEBUG(0, ("Skipping %s...\n", finfo.name));
+      if ((next_block(tarbuf, &buffer_p, tbufsiz) <= 0) &&
+          !skip_file(finfo.size)) {
 
-      /* It's a shorty - a short read that is */
-      DEBUG(3, ("Short read, read %d so far (need %d)\n", bufread, lchunk));
+	DEBUG(0, ("Short file, bailing out...\n"));
+	return;
 
-      while ((lread=read(tarhandle, tarbuf+bufread, lchunk))>0) {
-	bufread+=lread;
-	if (!(lchunk-=lread)) break;
       }
 
-      /* If we've reached EOF then that must be a short file */
-      if (lread<=0) break;
+      break;
+
+    case -1:
+      DEBUG(0, ("abandoning restore, -1 from read tar header\n"));
+      return;
+
+    case 0: /* chksum is zero - looks like an EOF */
+      DEBUG(0, ("tar: restored %d files and directories\n", ntarf));
+      return;        /* Hmmm, bad here ... */
+
+    default: 
+      /* No action */
+
+      break;
+
     }
 
-    bufferp=tarbuf; 
-    endofbuffer=tarbuf+bufread;
+    /* Now, do we have a long file name? */
+
+    if (longfilename != NULL) {
+
+      SAFE_FREE(finfo.name);   /* Free the space already allocated */
+      finfo.name = longfilename;
+      longfilename = NULL;
 
-    if (tskip) {
-      if (fsize<bufread) {
-	tskip=False;
-	bufferp+=fsize;
-	fsize=0;
-      } else {
-	if (fsize==bufread) tskip=False;
-	fsize-=bufread;
-	continue;
-      }
     }
 
-    do {
-      if (!fsize)
-	{
-	  switch (readtarheader((union hblock *) bufferp, &finfo, cur_dir))
-	    {
-	    case -2:             /* something dodgy but not fatal about this */
-	      DEBUG(0, ("skipping %s...\n", finfo.name));
-	      bufferp+=TBLOCK;   /* header - like a link */
-	      continue;
-	    case -1:
-	      DEBUG(0, ("abandoning restore\n"));
-	      free(inbuf); free(outbuf);
-	      return;
-	    case 0: /* chksum is zero - we assume that one all zero
-		     *header block will do for eof */
-	      DEBUG(0,
-		    ("total of %d tar files restored to share\n", ntarf));
-	      free(inbuf); free(outbuf);
-	      return;
-	    default:
-	      break;
-	    }
-
-	  tskip=clipn
-	    && (clipfind(cliplist, clipn, finfo.name) ^ tar_excl);
-	  if (tskip) {
-	    bufferp+=TBLOCK;
-	    if (finfo.mode & aDIR)
-	      continue;
-	    else if ((fsize=finfo.size) % TBLOCK) {
-	      fsize+=TBLOCK-(fsize%TBLOCK);
-	    }
-	    if (fsize<endofbuffer-bufferp) {
-	      bufferp+=fsize;
-	      fsize=0;
-	      continue;
-	    } else {
-	      fsize-=endofbuffer-bufferp;
-	      break;
-	    }
-	  }
+    /* Well, now we have a header, process the file ...            */
 
-	  if (finfo.mode & aDIR)
-	    {
-	      if (!smbchkpath(finfo.name, inbuf, outbuf)
-		  && !smbmkdir(finfo.name, inbuf, outbuf))
-		{
-		  DEBUG(0, ("abandoning restore\n"));
-		  free(inbuf); free(outbuf);
-		  return;
-	      }
-	      else
-		{
-		  bufferp+=TBLOCK;
-		  continue;
-		}
-	    }
-	  
-	  fsize=finfo.size;
-
-	  if (ensurepath(finfo.name, inbuf, outbuf)
-	      && !smbcreat(finfo, &fnum, inbuf, outbuf))
-	    {
-	      DEBUG(0, ("abandoning restore\n"));
-	      free(inbuf);free(outbuf);
-	      return;
-	    }
-
-	  DEBUG(0,("restore tar file %s of size %d bytes\n",
-		   finfo.name,finfo.size));
-
-	  nread=0;
-	  if ((bufferp+=TBLOCK) >= endofbuffer) break;	  
-	} /* if (!fsize) */
-	
-      /* write out the file in chunk sized chunks - don't
-       * go past end of buffer though */
-      chunk=(fsize-nread < endofbuffer - bufferp)
-	? fsize - nread : endofbuffer - bufferp;
-      
-      while (chunk > 0) {
-	int minichunk=MIN(chunk, max_xmit-200);
-	
-	if (!smbwrite(fnum, /* file descriptor */
-		      minichunk, /* n */
-		      nread, /* offset low */
-		      0, /* offset high - not implemented */
-		      fsize-nread, /* left - only hint to server */
-		      bufferp,
-		      inbuf,
-		      outbuf))
-	  {
-	    DEBUG(0, ("Error writing remote file\n"));
-	    free(inbuf); free(outbuf);
-	    return;
-	  }
-	DEBUG(5, ("chunk writing fname=%s fnum=%d nread=%d minichunk=%d chunk=%d size=%d\n", finfo.name, fnum, nread, minichunk, chunk, fsize));
-	
-	bufferp+=minichunk; nread+=minichunk;
-	chunk-=minichunk;
+    /* Should we skip the file? We have the long name as well here */
+
+    skip = clipn &&
+      ((!tar_re_search && clipfind(cliplist, clipn, finfo.name) ^ tar_excl)
+#ifdef HAVE_REGEX_H
+      || (tar_re_search && !regexec(preg, finfo.name, 0, NULL, 0)));
+#else
+      || (tar_re_search && mask_match(finfo.name, cliplist[0], True)));
+#endif
+
+  DEBUG(5, ("Skip = %i, cliplist=%s, file=%s\n", skip, (cliplist?cliplist[0]:NULL), finfo.name));
+
+  if (skip) {
+
+    skip_file(finfo.size);
+    continue;
+
+  }
+
+    /* We only get this far if we should process the file */
+  linkflag = ((union hblock *)buffer_p) -> dbuf.linkflag;
+
+    switch (linkflag) {
+
+    case '0':  /* Should use symbolic names--FIXME */
+
+      /* 
+       * Skip to the next block first, so we can get the file, FIXME, should
+       * be in get_file ...
+       * The 'finfo.size != 0' fix is from Bob Boehmer <boehmer@worldnet.att.net>
+       * Fixes bug where file size in tarfile is zero.
+       */
+
+      if ((finfo.size != 0) && next_block(tarbuf, &buffer_p, tbufsiz) <=0) {
+	DEBUG(0, ("Short file, bailing out...\n"));
+	return;
       }
-      
-      if (nread>=fsize)
-	{
-	  if (!smbshut(finfo, fnum, inbuf, outbuf))
-	    {
-	      DEBUG(0, ("Error closing remote file\n"));
-	      free(inbuf);free(outbuf);
-	      return;
-	    }
-	  if (fsize % TBLOCK) bufferp+=TBLOCK - (fsize % TBLOCK);
-	  DEBUG(5, ("bufferp is now %d (psn=%d)\n",
-		    (long) bufferp, (long)(bufferp - tarbuf)));
-	  ntarf++;
-	  fsize=0;
-	}
-    } while (bufferp < endofbuffer);
+      if (!get_file(finfo)) {
+	DEBUG(0, ("Abandoning restore\n"));
+	return;
+
+      }
+      break;
+
+    case '5':
+      if (!get_dir(finfo)) {
+	DEBUG(0, ("Abandoning restore \n"));
+	return;
+      }
+      break;
+
+    case 'L':
+      longfilename = get_longfilename(finfo);
+      if (!longfilename) {
+	DEBUG(0, ("abandoning restore\n"));
+	return;
+
+      }
+      DEBUG(5, ("Long file name: %s\n", longfilename));
+      break;
+
+    default:
+      skip_file(finfo.size);  /* Don't handle these yet */
+      break;
+
+    }
+
   }
 
-  DEBUG(0, ("premature eof on tar file ?\n"));
-  DEBUG(0,("total of %d tar files restored to share\n", ntarf));
 
-  free(inbuf); free(outbuf);
 }
 
+
 /*
  * samba interactive commands
  */
@@ -1396,36 +1276,38 @@ static void do_tarput()
 /****************************************************************************
 Blocksize command
 ***************************************************************************/
-void cmd_block(void)
+int cmd_block(void)
 {
   fstring buf;
   int block;
 
-  if (!next_token(NULL,buf,NULL))
+  if (!next_token_nr(NULL,buf,NULL,sizeof(buf)))
     {
       DEBUG(0, ("blocksize <n>\n"));
-      return;
+      return 1;
     }
 
   block=atoi(buf);
   if (block < 0 || block > 65535)
     {
       DEBUG(0, ("blocksize out of range"));
-      return;
+      return 1;
     }
 
   blocksize=block;
   DEBUG(2,("blocksize is now %d\n", blocksize));
+
+  return 0;
 }
 
 /****************************************************************************
 command to set incremental / reset mode
 ***************************************************************************/
-void cmd_tarmode(void)
+int cmd_tarmode(void)
 {
   fstring buf;
 
-  while (next_token(NULL,buf,NULL)) {
+  while (next_token_nr(NULL,buf,NULL,sizeof(buf))) {
     if (strequal(buf, "full"))
       tar_inc=False;
     else if (strequal(buf, "inc"))
@@ -1434,37 +1316,54 @@ void cmd_tarmode(void)
       tar_reset=True;
     else if (strequal(buf, "noreset"))
       tar_reset=False;
+    else if (strequal(buf, "system"))
+      tar_system=True;
+    else if (strequal(buf, "nosystem"))
+      tar_system=False;
+    else if (strequal(buf, "hidden"))
+      tar_hidden=True;
+    else if (strequal(buf, "nohidden"))
+      tar_hidden=False;
+    else if (strequal(buf, "verbose") || strequal(buf, "noquiet"))
+      tar_noisy=True;
+    else if (strequal(buf, "quiet") || strequal(buf, "noverbose"))
+      tar_noisy=False;
     else DEBUG(0, ("tarmode: unrecognised option %s\n", buf));
   }
 
-  DEBUG(0, ("tarmode is now %s, %s\n",
+  DEBUG(0, ("tarmode is now %s, %s, %s, %s, %s\n",
 	    tar_inc ? "incremental" : "full",
-	    tar_reset ? "reset" : "noreset"));
+	    tar_system ? "system" : "nosystem",
+	    tar_hidden ? "hidden" : "nohidden",
+	    tar_reset ? "reset" : "noreset",
+	    tar_noisy ? "verbose" : "quiet"));
+
+  return 0;
 }
 
 /****************************************************************************
 Feeble attrib command
 ***************************************************************************/
-void cmd_setmode(void)
+int cmd_setmode(void)
 {
   char *q;
   fstring buf;
   pstring fname;
-  int attra[2];
+  uint16 attra[2];
   int direct=1;
 
   attra[0] = attra[1] = 0;
 
-  if (!next_token(NULL,buf,NULL))
+  if (!next_token_nr(NULL,buf,NULL,sizeof(buf)))
     {
-      DEBUG(0, ("setmode <filename> <perm=[+|-]rsha>\n"));
-      return;
+      DEBUG(0, ("setmode <filename> <[+|-]rsha>\n"));
+      return 1;
     }
 
-  strcpy(fname, cur_dir);
-  strcat(fname, buf);
+  safe_strcpy(fname, cur_dir, sizeof(pstring));
+  safe_strcat(fname, buf, sizeof(pstring));
 
-  while (next_token(NULL,buf,NULL)) {
+  while (next_token_nr(NULL,buf,NULL,sizeof(buf))) {
     q=buf;
 
     while(*q)
@@ -1482,55 +1381,64 @@ void cmd_setmode(void)
       case 'a': attra[direct]|=aARCH;
 	break;
       default: DEBUG(0, ("setmode <filename> <perm=[+|-]rsha>\n"));
-	return;
+	return 1;
       }
   }
 
   if (attra[ATTRSET]==0 && attra[ATTRRESET]==0)
     {
-      DEBUG(0, ("setmode <filename> <perm=[+|-]rsha>\n"));
-      return;
+      DEBUG(0, ("setmode <filename> <[+|-]rsha>\n"));
+      return 1;
     }
 
-DEBUG(2, ("\nperm set %d %d\n", attra[ATTRSET], attra[ATTRRESET]));
-  (void) do_setrattr(fname, attra[ATTRSET], ATTRSET);
-  (void) do_setrattr(fname, attra[ATTRRESET], ATTRRESET);
+  DEBUG(2, ("\nperm set %d %d\n", attra[ATTRSET], attra[ATTRRESET]));
+  do_setrattr(fname, attra[ATTRSET], ATTRSET);
+  do_setrattr(fname, attra[ATTRRESET], ATTRRESET);
+
+  return 0;
 }
 
 /****************************************************************************
 Principal command for creating / extracting
 ***************************************************************************/
-void cmd_tar(char *inbuf, char *outbuf)
+int cmd_tar(void)
 {
   fstring buf;
   char **argl;
   int argcl;
 
-  if (!next_token(NULL,buf,NULL))
+  if (!next_token_nr(NULL,buf,NULL,sizeof(buf)))
     {
-      DEBUG(0,("tar <c|x>[IXbga] <filename>\n"));
-      return;
+      DEBUG(0,("tar <c|x>[IXbgan] <filename>\n"));
+      return 1;
     }
 
   argl=toktocliplist(&argcl, NULL);
   if (!tar_parseargs(argcl, argl, buf, 0))
-    return;
+    return 1;
 
-  process_tar(inbuf, outbuf);
+  process_tar();
 
-  free(argl);
+  SAFE_FREE(argl);
+
+  return 0;
 }
 
 /****************************************************************************
 Command line (option) version
 ***************************************************************************/
-int process_tar(char *inbuf, char *outbuf)
+int process_tar(void)
 {
   initarbuf();
   switch(tar_type) {
   case 'x':
+
+#if 0
+    do_tarput2();
+#else
     do_tarput();
-    free(tarbuf);
+#endif
+    SAFE_FREE(tarbuf);
     close(tarhandle);
     break;
   case 'r':
@@ -1540,67 +1448,82 @@ int process_tar(char *inbuf, char *outbuf)
       pstring tarmac;
 
       for (i=0; i<clipn; i++) {
-	DEBUG(0,("arg %d = %s\n", i, cliplist[i]));
+	DEBUG(5,("arg %d = %s\n", i, cliplist[i]));
 
 	if (*(cliplist[i]+strlen(cliplist[i])-1)=='\\') {
 	  *(cliplist[i]+strlen(cliplist[i])-1)='\0';
 	}
 	
-	if (strrchr(cliplist[i], '\\')) {
+	if (strrchr_m(cliplist[i], '\\')) {
 	  pstring saved_dir;
 	  
-	  strcpy(saved_dir, cur_dir);
+	  safe_strcpy(saved_dir, cur_dir, sizeof(pstring));
 	  
 	  if (*cliplist[i]=='\\') {
-	    strcpy(tarmac, cliplist[i]);
+	    safe_strcpy(tarmac, cliplist[i], sizeof(pstring));
 	  } else {
-	    strcpy(tarmac, cur_dir);
-	    strcat(tarmac, cliplist[i]);
+	    safe_strcpy(tarmac, cur_dir, sizeof(pstring));
+	    safe_strcat(tarmac, cliplist[i], sizeof(pstring));
 	  }
-	  strcpy(cur_dir, tarmac);
-	  *(strrchr(cur_dir, '\\')+1)='\0';
+	  safe_strcpy(cur_dir, tarmac, sizeof(pstring));
+	  *(strrchr_m(cur_dir, '\\')+1)='\0';
 
-	  do_dir((char *)inbuf,(char *)outbuf,tarmac,attribute,do_tar,recurse);
-	  strcpy(cur_dir,saved_dir);
+	  DEBUG(5, ("process_tar, do_list with tarmac: %s\n", tarmac));
+	  do_list(tarmac,attribute,do_tar, False, True);
+	  safe_strcpy(cur_dir,saved_dir, sizeof(pstring));
 	} else {
-	  strcpy(tarmac, cur_dir);
-	  strcat(tarmac, cliplist[i]);
-	  do_dir((char *)inbuf,(char *)outbuf,tarmac,attribute,do_tar,recurse);
+	  safe_strcpy(tarmac, cur_dir, sizeof(pstring));
+	  safe_strcat(tarmac, cliplist[i], sizeof(pstring));
+	  DEBUG(5, ("process_tar, do_list with tarmac: %s\n", tarmac));
+	  do_list(tarmac,attribute,do_tar, False, True);
 	}
       }
     } else {
       pstring mask;
-      strcpy(mask,cur_dir);
-      strcat(mask,"\\*");
-      do_dir((char *)inbuf,(char *)outbuf,mask,attribute,do_tar,recurse);
+      safe_strcpy(mask,cur_dir, sizeof(pstring));
+      DEBUG(5, ("process_tar, do_list with mask: %s\n", mask));
+      safe_strcat(mask,"\\*", sizeof(pstring));
+      do_list(mask,attribute,do_tar,False, True);
     }
     
     if (ntarf) dotareof(tarhandle);
     close(tarhandle);
-    free(tarbuf);
+    SAFE_FREE(tarbuf);
     
-    DEBUG(0, ("tar: dumped %d tar files\n", ntarf));
+    DEBUG(0, ("tar: dumped %d files and directories\n", ntarf));
+    DEBUG(0, ("Total bytes written: %.0f\n", (double)ttarf));
     break;
   }
 
+  if (must_free_cliplist) {
+    int i;
+    for (i = 0; i < clipn; ++i) {
+      SAFE_FREE(cliplist[i]);
+    }
+    SAFE_FREE(cliplist);
+    cliplist = NULL;
+    clipn = 0;
+    must_free_cliplist = False;
+  }
+
   return(0);
 }
 
 /****************************************************************************
 Find a token (filename) in a clip list
 ***************************************************************************/
-int clipfind(char **aret, int ret, char *tok)
+static int clipfind(char **aret, int ret, char *tok)
 {
   if (aret==NULL) return 0;
 
   /* ignore leading slashes or dots in token */
-  while(strchr("/\\.", *tok)) tok++;
+  while(strchr_m("/\\.", *tok)) tok++;
 
   while(ret--) {
     char *pkey=*aret++;
 
     /* ignore leading slashes or dots in list */
-    while(strchr("/\\.", *pkey)) pkey++;
+    while(strchr_m("/\\.", *pkey)) pkey++;
 
     if (!strslashcmp(pkey, tok)) return 1;
   }
@@ -1609,6 +1532,114 @@ int clipfind(char **aret, int ret, char *tok)
 }
 
 /****************************************************************************
+Read list of files to include from the file and initialize cliplist
+accordingly.
+***************************************************************************/
+static int read_inclusion_file(char *filename)
+{
+  XFILE *inclusion = NULL;
+  char buf[MAXPATHLEN + 1];
+  char *inclusion_buffer = NULL;
+  int inclusion_buffer_size = 0;
+  int inclusion_buffer_sofar = 0;
+  char *p;
+  char *tmpstr;
+  int i;
+  int error = 0;
+
+  clipn = 0;
+  buf[MAXPATHLEN] = '\0'; /* guarantee null-termination */
+  if ((inclusion = x_fopen(filename, O_RDONLY, 0)) == NULL) {
+    /* XXX It would be better to include a reason for failure, but without
+     * autoconf, it's hard to use strerror, sys_errlist, etc.
+     */
+    DEBUG(0,("Unable to open inclusion file %s\n", filename));
+    return 0;
+  }
+
+  while ((! error) && (x_fgets(buf, sizeof(buf)-1, inclusion))) {
+    if (inclusion_buffer == NULL) {
+      inclusion_buffer_size = 1024;
+      if ((inclusion_buffer = malloc(inclusion_buffer_size)) == NULL) {
+	DEBUG(0,("failure allocating buffer to read inclusion file\n"));
+	error = 1;
+	break;
+      }
+    }
+    
+    if (buf[strlen(buf)-1] == '\n') {
+      buf[strlen(buf)-1] = '\0';
+    }
+    
+    if ((strlen(buf) + 1 + inclusion_buffer_sofar) >= inclusion_buffer_size) {
+      char *ib;
+      inclusion_buffer_size *= 2;
+      ib = Realloc(inclusion_buffer,inclusion_buffer_size);
+      if (! ib) {
+	DEBUG(0,("failure enlarging inclusion buffer to %d bytes\n",
+		 inclusion_buffer_size));
+	error = 1;
+	break;
+      }
+      else inclusion_buffer = ib;
+    }
+    
+    safe_strcpy(inclusion_buffer + inclusion_buffer_sofar, buf, inclusion_buffer_size - inclusion_buffer_sofar);
+    inclusion_buffer_sofar += strlen(buf) + 1;
+    clipn++;
+  }
+  x_fclose(inclusion);
+
+  if (! error) {
+    /* Allocate an array of clipn + 1 char*'s for cliplist */
+    cliplist = malloc((clipn + 1) * sizeof(char *));
+    if (cliplist == NULL) {
+      DEBUG(0,("failure allocating memory for cliplist\n"));
+      error = 1;
+    } else {
+      cliplist[clipn] = NULL;
+      p = inclusion_buffer;
+      for (i = 0; (! error) && (i < clipn); i++) {
+	/* set current item to NULL so array will be null-terminated even if
+	 * malloc fails below. */
+	cliplist[i] = NULL;
+	if ((tmpstr = (char *)malloc(strlen(p)+1)) == NULL) {
+	  DEBUG(0, ("Could not allocate space for a cliplist item, # %i\n", i));
+	  error = 1;
+	} else {
+	  unfixtarname(tmpstr, p, strlen(p) + 1, True);
+	  cliplist[i] = tmpstr;
+	  if ((p = strchr_m(p, '\000')) == NULL) {
+	    DEBUG(0,("INTERNAL ERROR: inclusion_buffer is of unexpected contents.\n"));
+	    abort();
+	  }
+	}
+	++p;
+      }
+      must_free_cliplist = True;
+    }
+  }
+
+  SAFE_FREE(inclusion_buffer);
+  if (error) {
+    if (cliplist) {
+      char **pp;
+      /* We know cliplist is always null-terminated */
+      for (pp = cliplist; *pp; ++pp) {
+        SAFE_FREE(*pp);
+      }
+      SAFE_FREE(cliplist);
+      cliplist = NULL;
+      must_free_cliplist = False;
+    }
+    return 0;
+  }
+  
+  /* cliplist and its elements are freed at the end of process_tar. */
+  return 1;
+}
+
+/****************************************************************************
 Parse tar arguments. Sets tar_type, tar_excl, etc.
 ***************************************************************************/
 int tar_parseargs(int argc, char *argv[], char *Optarg, int Optind)
@@ -1620,6 +1651,7 @@ int tar_parseargs(int argc, char *argv[], char *Optarg, int Optind)
    */
   tar_type='\0';
   tar_excl=True;
+  dry_run=False;
 
   while (*Optarg) 
     switch(*Optarg++) {
@@ -1649,13 +1681,13 @@ int tar_parseargs(int argc, char *argv[], char *Optarg, int Optind)
 	DEBUG(0,("Option N must be followed by valid file name\n"));
 	return 0;
       } else {
-	struct stat stbuf;
+	SMB_STRUCT_STAT stbuf;
 	extern time_t newer_than;
 	
 	if (sys_stat(argv[Optind], &stbuf) == 0) {
 	  newer_than = stbuf.st_mtime;
 	  DEBUG(1,("Getting files newer than %s",
-		   asctime(LocalTime(&newer_than,GMT_TO_LOCAL))));
+		   asctime(LocalTime(&newer_than))));
 	  Optind++;
 	} else {
 	  DEBUG(0,("Error setting newer-than time\n"));
@@ -1666,20 +1698,43 @@ int tar_parseargs(int argc, char *argv[], char *Optarg, int Optind)
     case 'a':
       tar_reset=True;
       break;
+    case 'q':
+      tar_noisy=False;
+      break;
     case 'I':
       if (tar_clipfl) {
-	DEBUG(0,("Only one of I,X must be specified\n"));
+	DEBUG(0,("Only one of I,X,F must be specified\n"));
 	return 0;
       }
       tar_clipfl='I';
       break;
     case 'X':
       if (tar_clipfl) {
-	DEBUG(0,("Only one of I,X must be specified\n"));
+	DEBUG(0,("Only one of I,X,F must be specified\n"));
 	return 0;
       }
       tar_clipfl='X';
       break;
+    case 'F':
+      if (tar_clipfl) {
+	DEBUG(0,("Only one of I,X,F must be specified\n"));
+	return 0;
+      }
+      tar_clipfl='F';
+      break;
+    case 'r':
+      DEBUG(0, ("tar_re_search set\n"));
+      tar_re_search = True;
+      break;
+    case 'n':
+      if (tar_type == 'c') {
+	DEBUG(0, ("dry_run set\n"));
+	dry_run = True;
+      } else {
+	DEBUG(0, ("n is only meaningful when creating a tar-file\n"));
+	return 0;
+      }
+      break;
     default:
       DEBUG(0,("Unknown tar option\n"));
       return 0;
@@ -1690,21 +1745,105 @@ int tar_parseargs(int argc, char *argv[], char *Optarg, int Optind)
     return 0;
   }
 
+  /* tar_excl is true if cliplist lists files to be included.
+   * Both 'I' and 'F' mean include. */
+  tar_excl=tar_clipfl!='X';
+
+  if (tar_clipfl=='F') {
+    if (argc-Optind-1 != 1) {
+      DEBUG(0,("Option F must be followed by exactly one filename.\n"));
+      return 0;
+    }
+    if (! read_inclusion_file(argv[Optind+1])) {
+      return 0;
+    }
+  } else if (Optind+1<argc && !tar_re_search) { /* For backwards compatibility */
+    char *tmpstr;
+    char **tmplist;
+    int clipcount;
+
+    cliplist=argv+Optind+1;
+    clipn=argc-Optind-1;
+    clipcount = clipn;
+
+    if ((tmplist=malloc(clipn*sizeof(char *))) == NULL) {
+      DEBUG(0, ("Could not allocate space to process cliplist, count = %i\n", 
+               clipn)
+           );
+      return 0;
+    }
+
+    for (clipcount = 0; clipcount < clipn; clipcount++) {
+
+      DEBUG(5, ("Processing an item, %s\n", cliplist[clipcount]));
+
+      if ((tmpstr = (char *)malloc(strlen(cliplist[clipcount])+1)) == NULL) {
+        DEBUG(0, ("Could not allocate space for a cliplist item, # %i\n",
+                 clipcount)
+             );
+        return 0;
+      }
+      unfixtarname(tmpstr, cliplist[clipcount], strlen(cliplist[clipcount]) + 1, True);
+      tmplist[clipcount] = tmpstr;
+      DEBUG(5, ("Processed an item, %s\n", tmpstr));
+
+      DEBUG(5, ("Cliplist is: %s\n", cliplist[0]));
+    }
+    cliplist = tmplist;
+    must_free_cliplist = True;
+  }
+
+  if (Optind+1<argc && tar_re_search) {  /* Doing regular expression seaches */
+#ifdef HAVE_REGEX_H
+    int errcode;
+
+    if ((preg = (regex_t *)malloc(65536)) == NULL) {
+
+      DEBUG(0, ("Could not allocate buffer for regular expression search\n"));
+      return;
+
+    }
+
+    if (errcode = regcomp(preg, argv[Optind + 1], REG_EXTENDED)) {
+      char errstr[1024];
+      size_t errlen;
+
+      errlen = regerror(errcode, preg, errstr, sizeof(errstr) - 1);
+      
+      DEBUG(0, ("Could not compile pattern buffer for re search: %s\n%s\n", argv[Optind + 1], errstr));
+      return;
+
+    }
+#endif
+
+    clipn=argc-Optind-1;
+    cliplist=argv+Optind+1;
+
+  }
+
   if (Optind>=argc || !strcmp(argv[Optind], "-")) {
     /* Sets tar handle to either 0 or 1, as appropriate */
     tarhandle=(tar_type=='c');
+    /*
+     * Make sure that dbf points to stderr if we are using stdout for 
+     * tar output
+    */
+    if (tarhandle == 1) 
+      dbf = x_stderr;
   } else {
-    tar_excl=tar_clipfl!='X';
-    
-    if (Optind+1<argc) {
-      cliplist=argv+Optind+1;
-      clipn=argc-Optind-1;
-    }
-
-    if ((tar_type=='x' && (tarhandle = open(argv[Optind], O_RDONLY)) == -1)
-	|| (tar_type=='c' && (tarhandle=creat(argv[Optind], 0644)) < 0))
+    if (tar_type=='c' && (dry_run || strcmp(argv[Optind], "/dev/null")==0))
+      {
+	if (!dry_run) {
+	  DEBUG(0,("Output is /dev/null, assuming dry_run"));
+	  dry_run = True;
+	}
+	tarhandle=-1;
+      } else
+    if ((tar_type=='x' && (tarhandle = sys_open(argv[Optind], O_RDONLY, 0)) == -1)
+	|| (tar_type=='c' && (tarhandle=sys_creat(argv[Optind], 0644)) < 0))
       {
-	DEBUG(0,("Error opening local file %s\n",argv[Optind]));
+	DEBUG(0,("Error opening local file %s - %s\n",
+		 argv[Optind], strerror(errno)));
 	return(0);
       }
   }
diff --git a/source3/client/smbmnt.c b/source3/client/smbmnt.c
new file mode 100644
index 0000000000..36248987b1
--- /dev/null
+++ b/source3/client/smbmnt.c
@@ -0,0 +1,306 @@
+/*
+ *  smbmnt.c
+ *
+ *  Copyright (C) 1995-1998 by Paal-Kr. Engstad and Volker Lendecke
+ *  extensively modified by Tridge
+ *
+ */
+
+#include "includes.h"
+
+#include <mntent.h>
+#include <sys/utsname.h>
+
+#include <asm/types.h>
+#include <asm/posix_types.h>
+#include <linux/smb.h>
+#include <linux/smb_mount.h>
+#include <asm/unistd.h>
+
+#ifndef	MS_MGC_VAL
+/* This may look strange but MS_MGC_VAL is what we are looking for and
+	is what we need from <linux/fs.h> under libc systems and is
+	provided in standard includes on glibc systems.  So...  We
+	switch on what we need...  */
+#include <linux/fs.h>
+#endif
+
+static uid_t mount_uid;
+static gid_t mount_gid;
+static int mount_ro;
+static unsigned mount_fmask;
+static unsigned mount_dmask;
+static int user_mount;
+static char *options;
+
+static void
+help(void)
+{
+        printf("\n");
+        printf("Usage: smbmnt mount-point [options]\n");
+	printf("Version %s\n\n",VERSION);
+        printf("-s share       share name on server\n"
+               "-r             mount read-only\n"
+               "-u uid         mount as uid\n"
+               "-g gid         mount as gid\n"
+               "-f mask        permission mask for files\n"
+               "-d mask        permission mask for directories\n"
+               "-o options     name=value, list of options\n"
+               "-h             print this help text\n");
+}
+
+static int
+parse_args(int argc, char *argv[], struct smb_mount_data *data, char **share)
+{
+        int opt;
+
+        while ((opt = getopt (argc, argv, "s:u:g:rf:d:o:")) != EOF)
+	{
+                switch (opt)
+		{
+                case 's':
+                        *share = optarg;
+                        break;
+                case 'u':
+			if (!user_mount) {
+				mount_uid = strtol(optarg, NULL, 0);
+			}
+                        break;
+                case 'g':
+			if (!user_mount) {
+				mount_gid = strtol(optarg, NULL, 0);
+			}
+                        break;
+                case 'r':
+                        mount_ro = 1;
+                        break;
+                case 'f':
+                        mount_fmask = strtol(optarg, NULL, 8);
+                        break;
+                case 'd':
+                        mount_dmask = strtol(optarg, NULL, 8);
+                        break;
+		case 'o':
+			options = optarg;
+			break;
+                default:
+                        return -1;
+                }
+        }
+        return 0;
+        
+}
+
+static char *
+fullpath(const char *p)
+{
+        char path[MAXPATHLEN];
+
+	if (strlen(p) > MAXPATHLEN-1) {
+		return NULL;
+	}
+
+        if (realpath(p, path) == NULL) {
+		fprintf(stderr,"Failed to find real path for mount point\n");
+		exit(1);
+	}
+	return strdup(path);
+}
+
+/* Check whether user is allowed to mount on the specified mount point. If it's
+   OK then we change into that directory - this prevents race conditions */
+static int mount_ok(char *mount_point)
+{
+	SMB_STRUCT_STAT st;
+
+	if (chdir(mount_point) != 0) {
+		return -1;
+	}
+
+        if (sys_stat(".", &st) != 0) {
+		return -1;
+        }
+
+        if (!S_ISDIR(st.st_mode)) {
+                errno = ENOTDIR;
+                return -1;
+        }
+
+        if ((getuid() != 0) && 
+	    ((getuid() != st.st_uid) || 
+	     ((st.st_mode & S_IRWXU) != S_IRWXU))) {
+                errno = EPERM;
+                return -1;
+        }
+
+        return 0;
+}
+
+/* Tries to mount using the appropriate format. For 2.2 the struct,
+   for 2.4 the ascii version. */
+static int
+do_mount(char *share_name, unsigned int flags, struct smb_mount_data *data)
+{
+	pstring opts;
+	struct utsname uts;
+	char *release, *major, *minor;
+	char *data1, *data2;
+
+	uname(&uts);
+	release = uts.release;
+	major = strsep(&release, ".");
+	minor = strsep(&release, ".");
+	if (major && minor && atoi(major) == 2 && atoi(minor) < 4) {
+		/* < 2.4, assume struct */
+		data1 = (char *) data;
+		data2 = opts;
+	} else {
+		/* >= 2.4, assume ascii but fall back on struct */
+		data1 = opts;
+		data2 = (char *) data;
+	}
+
+	slprintf(opts, sizeof(opts)-1,
+		 "version=7,uid=%d,gid=%d,file_mode=0%o,dir_mode=0%o,%s",
+		 data->uid, data->gid, data->file_mode, data->dir_mode,options);
+	if (mount(share_name, ".", "smbfs", flags, data1) == 0)
+		return 0;
+	return mount(share_name, ".", "smbfs", flags, data2);
+}
+
+ int main(int argc, char *argv[])
+{
+	char *mount_point, *share_name = NULL;
+	FILE *mtab;
+	int fd;
+	unsigned int flags;
+	struct smb_mount_data data;
+	struct mntent ment;
+
+	memset(&data, 0, sizeof(struct smb_mount_data));
+
+	if (argc < 2) {
+		help();
+		exit(1);
+	}
+
+	if (argv[1][0] == '-') {
+		help();
+		exit(1);
+	}
+
+	if (getuid() != 0) {
+		user_mount = 1;
+	}
+
+        if (geteuid() != 0) {
+                fprintf(stderr, "smbmnt must be installed suid root for direct user mounts (%d,%d)\n", getuid(), geteuid());
+                exit(1);
+        }
+
+	mount_uid = getuid();
+	mount_gid = getgid();
+	mount_fmask = umask(0);
+        umask(mount_fmask);
+	mount_fmask = ~mount_fmask;
+
+        mount_point = fullpath(argv[1]);
+
+        argv += 1;
+        argc -= 1;
+
+        if (mount_ok(mount_point) != 0) {
+                fprintf(stderr, "cannot mount on %s: %s\n",
+                        mount_point, strerror(errno));
+                exit(1);
+        }
+
+	data.version = SMB_MOUNT_VERSION;
+
+        /* getuid() gives us the real uid, who may umount the fs */
+        data.mounted_uid = getuid();
+
+        if (parse_args(argc, argv, &data, &share_name) != 0) {
+                help();
+                return -1;
+        }
+
+        data.uid = mount_uid;
+        data.gid = mount_gid;
+        data.file_mode = (S_IRWXU|S_IRWXG|S_IRWXO) & mount_fmask;
+        data.dir_mode  = (S_IRWXU|S_IRWXG|S_IRWXO) & mount_dmask;
+
+        if (mount_dmask == 0) {
+                data.dir_mode = data.file_mode;
+                if ((data.dir_mode & S_IRUSR) != 0)
+                        data.dir_mode |= S_IXUSR;
+                if ((data.dir_mode & S_IRGRP) != 0)
+                        data.dir_mode |= S_IXGRP;
+                if ((data.dir_mode & S_IROTH) != 0)
+                        data.dir_mode |= S_IXOTH;
+        }
+
+	flags = MS_MGC_VAL;
+
+	if (mount_ro) flags |= MS_RDONLY;
+
+	if (do_mount(share_name, flags, &data) < 0) {
+		switch (errno) {
+		case ENODEV:
+			fprintf(stderr, "ERROR: smbfs filesystem not supported by the kernel\n");
+			break;
+		default:
+			perror("mount error");
+		}
+		fprintf(stderr, "Please refer to the smbmnt(8) manual page\n");
+		return -1;
+	}
+
+        ment.mnt_fsname = share_name ? share_name : "none";
+        ment.mnt_dir = mount_point;
+        ment.mnt_type = "smbfs";
+        ment.mnt_opts = "";
+        ment.mnt_freq = 0;
+        ment.mnt_passno= 0;
+
+        mount_point = ment.mnt_dir;
+
+	if (mount_point == NULL)
+	{
+		fprintf(stderr, "Mount point too long\n");
+		return -1;
+	}
+	
+        if ((fd = open(MOUNTED"~", O_RDWR|O_CREAT|O_EXCL, 0600)) == -1)
+        {
+                fprintf(stderr, "Can't get "MOUNTED"~ lock file");
+                return 1;
+        }
+        close(fd);
+	
+        if ((mtab = setmntent(MOUNTED, "a+")) == NULL)
+        {
+                fprintf(stderr, "Can't open " MOUNTED);
+                return 1;
+        }
+
+        if (addmntent(mtab, &ment) == 1)
+        {
+                fprintf(stderr, "Can't write mount entry");
+                return 1;
+        }
+        if (fchmod(fileno(mtab), 0644) == -1)
+        {
+                fprintf(stderr, "Can't set perms on "MOUNTED);
+                return 1;
+        }
+        endmntent(mtab);
+
+        if (unlink(MOUNTED"~") == -1)
+        {
+                fprintf(stderr, "Can't remove "MOUNTED"~");
+                return 1;
+        }
+
+	return 0;
+}	
diff --git a/source3/client/smbmount.c b/source3/client/smbmount.c
new file mode 100644
index 0000000000..ad050063ec
--- /dev/null
+++ b/source3/client/smbmount.c
@@ -0,0 +1,883 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMBFS mount program
+   Copyright (C) Andrew Tridgell 1999
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#define NO_SYSLOG
+
+#include "includes.h"
+
+#include <mntent.h>
+#include <asm/types.h>
+#include <linux/smb_fs.h>
+
+extern BOOL in_client;
+extern pstring user_socket_options;
+extern BOOL append_log;
+extern fstring remote_machine;
+
+static pstring credentials;
+static pstring my_netbios_name;
+static pstring password;
+static pstring username;
+static pstring workgroup;
+static pstring mpoint;
+static pstring service;
+static pstring options;
+
+static struct in_addr dest_ip;
+static BOOL have_ip;
+static int smb_port = 0;
+static BOOL got_pass;
+static uid_t mount_uid;
+static gid_t mount_gid;
+static int mount_ro;
+static unsigned mount_fmask;
+static unsigned mount_dmask;
+
+static void usage(void);
+
+static void exit_parent(int sig)
+{
+	/* parent simply exits when child says go... */
+	exit(0);
+}
+
+static void daemonize(void)
+{
+	int j, status;
+	pid_t child_pid;
+
+	signal( SIGTERM, exit_parent );
+
+	if ((child_pid = sys_fork()) < 0) {
+		DEBUG(0,("could not fork\n"));
+	}
+
+	if (child_pid > 0) {
+		while( 1 ) {
+			j = waitpid( child_pid, &status, 0 );
+			if( j < 0 ) {
+				if( EINTR == errno ) {
+					continue;
+				}
+				status = errno;
+			}
+			break;
+		}
+		/* If we get here - the child exited with some error status */
+		exit(status);
+	}
+
+	signal( SIGTERM, SIG_DFL );
+	chdir("/");
+}
+
+static void close_our_files(int client_fd)
+{
+	int i;
+	struct rlimit limits;
+
+	getrlimit(RLIMIT_NOFILE,&limits);
+	for (i = 0; i< limits.rlim_max; i++) {
+		if (i == client_fd)
+			continue;
+		close(i);
+	}
+}
+
+static void usr1_handler(int x)
+{
+	return;
+}
+
+
+/***************************************************** 
+return a connection to a server
+*******************************************************/
+static struct cli_state *do_connection(char *the_service)
+{
+	struct cli_state *c;
+	struct nmb_name called, calling;
+	char *server_n;
+	struct in_addr ip;
+	pstring server;
+	char *share;
+
+	if (the_service[0] != '\\' || the_service[1] != '\\') {
+		usage();
+		exit(1);
+	}
+
+	pstrcpy(server, the_service+2);
+	share = strchr_m(server,'\\');
+	if (!share) {
+		usage();
+		exit(1);
+	}
+	*share = 0;
+	share++;
+
+	server_n = server;
+
+	make_nmb_name(&calling, my_netbios_name, 0x0);
+	make_nmb_name(&called , server, 0x20);
+
+ again:
+        zero_ip(&ip);
+	if (have_ip) ip = dest_ip;
+
+	/* have to open a new connection */
+	if (!(c=cli_initialise(NULL)) || (cli_set_port(c, smb_port) != smb_port) ||
+	    !cli_connect(c, server_n, &ip)) {
+		DEBUG(0,("%d: Connection to %s failed\n", sys_getpid(), server_n));
+		if (c) {
+			cli_shutdown(c);
+		}
+		return NULL;
+	}
+
+	/* SPNEGO doesn't work till we get NTSTATUS error support */
+	c->use_spnego = False;
+
+	if (!cli_session_request(c, &calling, &called)) {
+		char *p;
+		DEBUG(0,("%d: session request to %s failed (%s)\n", 
+			 sys_getpid(), called.name, cli_errstr(c)));
+		cli_shutdown(c);
+		if ((p=strchr_m(called.name, '.'))) {
+			*p = 0;
+			goto again;
+		}
+		if (strcmp(called.name, "*SMBSERVER")) {
+			make_nmb_name(&called , "*SMBSERVER", 0x20);
+			goto again;
+		}
+		return NULL;
+	}
+
+	DEBUG(4,("%d: session request ok\n", sys_getpid()));
+
+	if (!cli_negprot(c)) {
+		DEBUG(0,("%d: protocol negotiation failed\n", sys_getpid()));
+		cli_shutdown(c);
+		return NULL;
+	}
+
+	if (!got_pass) {
+		char *pass = getpass("Password: ");
+		if (pass) {
+			pstrcpy(password, pass);
+		}
+	}
+
+	/* This should be right for current smbfs. Future versions will support
+	  large files as well as unicode and oplocks. */
+	c->capabilities &= ~(CAP_UNICODE | CAP_LARGE_FILES | CAP_NT_SMBS |
+				CAP_NT_FIND | CAP_STATUS32 | CAP_LEVEL_II_OPLOCKS);
+	c->force_dos_errors = True;
+	if (!cli_session_setup(c, username, 
+			       password, strlen(password),
+			       password, strlen(password),
+			       workgroup)) {
+		/* if a password was not supplied then try again with a
+			null username */
+		if (password[0] || !username[0] ||
+				!cli_session_setup(c, "", "", 0, "", 0, workgroup)) {
+			DEBUG(0,("%d: session setup failed: %s\n",
+				sys_getpid(), cli_errstr(c)));
+			cli_shutdown(c);
+			return NULL;
+		}
+		DEBUG(0,("Anonymous login successful\n"));
+	}
+
+	DEBUG(4,("%d: session setup ok\n", sys_getpid()));
+
+	if (!cli_send_tconX(c, share, "?????",
+			    password, strlen(password)+1)) {
+		DEBUG(0,("%d: tree connect failed: %s\n",
+			 sys_getpid(), cli_errstr(c)));
+		cli_shutdown(c);
+		return NULL;
+	}
+
+	DEBUG(4,("%d: tconx ok\n", sys_getpid()));
+
+	got_pass = True;
+
+	return c;
+}
+
+
+/****************************************************************************
+unmount smbfs  (this is a bailout routine to clean up if a reconnect fails)
+	Code blatently stolen from smbumount.c
+		-mhw-
+****************************************************************************/
+static void smb_umount(char *mount_point)
+{
+	int fd;
+        struct mntent *mnt;
+        FILE* mtab;
+        FILE* new_mtab;
+
+	/* Programmers Note:
+		This routine only gets called to the scene of a disaster
+		to shoot the survivors...  A connection that was working
+		has now apparently failed.  We have an active mount point
+		(presumably) that we need to dump.  If we get errors along
+		the way - make some noise, but we are already turning out
+		the lights to exit anyways...
+	*/
+        if (umount(mount_point) != 0) {
+                DEBUG(0,("%d: Could not umount %s: %s\n",
+			 sys_getpid(), mount_point, strerror(errno)));
+                return;
+        }
+
+        if ((fd = open(MOUNTED"~", O_RDWR|O_CREAT|O_EXCL, 0600)) == -1) {
+                DEBUG(0,("%d: Can't get "MOUNTED"~ lock file", sys_getpid()));
+                return;
+        }
+
+        close(fd);
+	
+        if ((mtab = setmntent(MOUNTED, "r")) == NULL) {
+                DEBUG(0,("%d: Can't open " MOUNTED ": %s\n",
+			 sys_getpid(), strerror(errno)));
+                return;
+        }
+
+#define MOUNTED_TMP MOUNTED".tmp"
+
+        if ((new_mtab = setmntent(MOUNTED_TMP, "w")) == NULL) {
+                DEBUG(0,("%d: Can't open " MOUNTED_TMP ": %s\n",
+			 sys_getpid(), strerror(errno)));
+                endmntent(mtab);
+                return;
+        }
+
+        while ((mnt = getmntent(mtab)) != NULL) {
+                if (strcmp(mnt->mnt_dir, mount_point) != 0) {
+                        addmntent(new_mtab, mnt);
+                }
+        }
+
+        endmntent(mtab);
+
+        if (fchmod (fileno (new_mtab), S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH) < 0) {
+                DEBUG(0,("%d: Error changing mode of %s: %s\n",
+			 sys_getpid(), MOUNTED_TMP, strerror(errno)));
+                return;
+        }
+
+        endmntent(new_mtab);
+
+        if (rename(MOUNTED_TMP, MOUNTED) < 0) {
+                DEBUG(0,("%d: Cannot rename %s to %s: %s\n",
+			 sys_getpid(), MOUNTED, MOUNTED_TMP, strerror(errno)));
+                return;
+        }
+
+        if (unlink(MOUNTED"~") == -1) {
+                DEBUG(0,("%d: Can't remove "MOUNTED"~", sys_getpid()));
+                return;
+        }
+}
+
+
+/*
+ * Call the smbfs ioctl to install a connection socket,
+ * then wait for a signal to reconnect. Note that we do
+ * not exit after open_sockets() or send_login() errors,
+ * as the smbfs mount would then have no way to recover.
+ */
+static void send_fs_socket(char *the_service, char *mount_point, struct cli_state *c)
+{
+	int fd, closed = 0, res = 1;
+	pid_t parentpid = getppid();
+	struct smb_conn_opt conn_options;
+
+	memset(&conn_options, 0, sizeof(conn_options));
+
+	while (1) {
+		if ((fd = open(mount_point, O_RDONLY)) < 0) {
+			DEBUG(0,("mount.smbfs[%d]: can't open %s\n",
+				 sys_getpid(), mount_point));
+			break;
+		}
+
+		conn_options.fd = c->fd;
+		conn_options.protocol = c->protocol;
+		conn_options.case_handling = SMB_CASE_DEFAULT;
+		conn_options.max_xmit = c->max_xmit;
+		conn_options.server_uid = c->vuid;
+		conn_options.tid = c->cnum;
+		conn_options.secmode = c->sec_mode;
+		conn_options.rawmode = 0;
+		conn_options.sesskey = c->sesskey;
+		conn_options.maxraw = 0;
+		conn_options.capabilities = c->capabilities;
+		conn_options.serverzone = c->serverzone/60;
+
+		res = ioctl(fd, SMB_IOC_NEWCONN, &conn_options);
+		if (res != 0) {
+			DEBUG(0,("mount.smbfs[%d]: ioctl failed, res=%d\n",
+				 sys_getpid(), res));
+			close(fd);
+			break;
+		}
+
+		if (parentpid) {
+			/* Ok...  We are going to kill the parent.  Now
+				is the time to break the process group... */
+			setsid();
+			/* Send a signal to the parent to terminate */
+			kill(parentpid, SIGTERM);
+			parentpid = 0;
+		}
+
+		close(fd);
+
+		/* This looks wierd but we are only closing the userspace
+		   side, the connection has already been passed to smbfs and 
+		   it has increased the usage count on the socket.
+
+		   If we don't do this we will "leak" sockets and memory on
+		   each reconnection we have to make. */
+		cli_shutdown(c);
+		c = NULL;
+
+		if (!closed) {
+			/* redirect stdout & stderr since we can't know that
+			   the library functions we use are using DEBUG. */
+			if ( (fd = open("/dev/null", O_WRONLY)) < 0)
+				DEBUG(2,("mount.smbfs: can't open /dev/null\n"));
+			close_our_files(fd);
+			if (fd >= 0) {
+				dup2(fd, STDOUT_FILENO);
+				dup2(fd, STDERR_FILENO);
+				close(fd);
+			}
+
+			/* here we are no longer interactive */
+			pstrcpy(remote_machine, "smbmount");	/* sneaky ... */
+			setup_logging("mount.smbfs", False);
+			append_log = True;
+			reopen_logs();
+			DEBUG(0, ("mount.smbfs: entering daemon mode for service %s, pid=%d\n", the_service, sys_getpid()));
+
+			closed = 1;
+		}
+
+		/* Wait for a signal from smbfs ... but don't continue
+                   until we actually get a new connection. */
+		while (!c) {
+			CatchSignal(SIGUSR1, &usr1_handler);
+			pause();
+			DEBUG(2,("mount.smbfs[%d]: got signal, getting new socket\n", sys_getpid()));
+			c = do_connection(the_service);
+		}
+	}
+
+	smb_umount(mount_point);
+	DEBUG(2,("mount.smbfs[%d]: exit\n", sys_getpid()));
+	exit(1);
+}
+
+
+/**
+ * Mount a smbfs
+ **/
+static void init_mount(void)
+{
+	char mount_point[MAXPATHLEN+1];
+	pstring tmp;
+	pstring svc2;
+	struct cli_state *c;
+	char *args[20];
+	int i, status;
+
+	if (realpath(mpoint, mount_point) == NULL) {
+		fprintf(stderr, "Could not resolve mount point %s\n", mpoint);
+		return;
+	}
+
+
+	c = do_connection(service);
+	if (!c) {
+		fprintf(stderr,"SMB connection failed\n");
+		exit(1);
+	}
+
+	/*
+		Set up to return as a daemon child and wait in the parent
+		until the child say it's ready...
+	*/
+	daemonize();
+
+	pstrcpy(svc2, service);
+	string_replace(svc2, '\\','/');
+	string_replace(svc2, ' ','_');
+
+	memset(args, 0, sizeof(args[0])*20);
+
+	i=0;
+	args[i++] = "smbmnt";
+
+	args[i++] = mount_point;
+	args[i++] = "-s";
+	args[i++] = svc2;
+
+	if (mount_ro) {
+		args[i++] = "-r";
+	}
+	if (mount_uid) {
+		slprintf(tmp, sizeof(tmp)-1, "%d", mount_uid);
+		args[i++] = "-u";
+		args[i++] = smb_xstrdup(tmp);
+	}
+	if (mount_gid) {
+		slprintf(tmp, sizeof(tmp)-1, "%d", mount_gid);
+		args[i++] = "-g";
+		args[i++] = smb_xstrdup(tmp);
+	}
+	if (mount_fmask) {
+		slprintf(tmp, sizeof(tmp)-1, "0%o", mount_fmask);
+		args[i++] = "-f";
+		args[i++] = smb_xstrdup(tmp);
+	}
+	if (mount_dmask) {
+		slprintf(tmp, sizeof(tmp)-1, "0%o", mount_dmask);
+		args[i++] = "-d";
+		args[i++] = smb_xstrdup(tmp);
+	}
+	if (options) {
+		args[i++] = "-o";
+		args[i++] = options;
+	}
+
+	if (sys_fork() == 0) {
+		char *smbmnt_path;
+
+		asprintf(&smbmnt_path, "%s/smbmnt", dyn_BINDIR);
+		
+		if (file_exist(smbmnt_path, NULL)) {
+			execv(smbmnt_path, args);
+			fprintf(stderr,
+				"smbfs/init_mount: execv of %s failed. Error was %s.",
+				smbmnt_path, strerror(errno));
+		} else {
+			execvp("smbmnt", args);
+			fprintf(stderr,
+				"smbfs/init_mount: execv of %s failed. Error was %s.",
+				"smbmnt", strerror(errno));
+		}
+		free(smbmnt_path);
+		exit(1);
+	}
+
+	if (waitpid(-1, &status, 0) == -1) {
+		fprintf(stderr,"waitpid failed: Error was %s", strerror(errno) );
+		/* FIXME: do some proper error handling */
+		exit(1);
+	}
+
+	if (WIFEXITED(status) && WEXITSTATUS(status) != 0) {
+		fprintf(stderr,"smbmnt failed: %d\n", WEXITSTATUS(status));
+		/* FIXME: do some proper error handling */
+		exit(1);
+	}
+
+	/* Ok...  This is the rubicon for that mount point...  At any point
+	   after this, if the connections fail and can not be reconstructed
+	   for any reason, we will have to unmount the mount point.  There
+	   is no exit from the next call...
+	*/
+	send_fs_socket(service, mount_point, c);
+}
+
+
+/****************************************************************************
+get a password from a a file or file descriptor
+exit on failure (from smbclient, move to libsmb or shared .c file?)
+****************************************************************************/
+static void get_password_file(void)
+{
+	int fd = -1;
+	char *p;
+	BOOL close_it = False;
+	pstring spec;
+	char pass[128];
+
+	if ((p = getenv("PASSWD_FD")) != NULL) {
+		pstrcpy(spec, "descriptor ");
+		pstrcat(spec, p);
+		sscanf(p, "%d", &fd);
+		close_it = False;
+	} else if ((p = getenv("PASSWD_FILE")) != NULL) {
+		fd = sys_open(p, O_RDONLY, 0);
+		pstrcpy(spec, p);
+		if (fd < 0) {
+			fprintf(stderr, "Error opening PASSWD_FILE %s: %s\n",
+				spec, strerror(errno));
+			exit(1);
+		}
+		close_it = True;
+	}
+
+	for(p = pass, *p = '\0'; /* ensure that pass is null-terminated */
+	    p && p - pass < sizeof(pass);) {
+		switch (read(fd, p, 1)) {
+		case 1:
+			if (*p != '\n' && *p != '\0') {
+				*++p = '\0'; /* advance p, and null-terminate pass */
+				break;
+			}
+		case 0:
+			if (p - pass) {
+				*p = '\0'; /* null-terminate it, just in case... */
+				p = NULL; /* then force the loop condition to become false */
+				break;
+			} else {
+				fprintf(stderr, "Error reading password from file %s: %s\n",
+					spec, "empty password\n");
+				exit(1);
+			}
+
+		default:
+			fprintf(stderr, "Error reading password from file %s: %s\n",
+				spec, strerror(errno));
+			exit(1);
+		}
+	}
+	pstrcpy(password, pass);
+	if (close_it)
+		close(fd);
+}
+
+/****************************************************************************
+get username and password from a credentials file
+exit on failure (from smbclient, move to libsmb or shared .c file?)
+****************************************************************************/
+static void read_credentials_file(char *filename)
+{
+	FILE *auth;
+	fstring buf;
+	uint16 len = 0;
+	char *ptr, *val, *param;
+
+	if ((auth=sys_fopen(filename, "r")) == NULL)
+	{
+		/* fail if we can't open the credentials file */
+		DEBUG(0,("ERROR: Unable to open credentials file!\n"));
+		exit (-1);
+	}
+
+	while (!feof(auth))
+	{
+		/* get a line from the file */
+		if (!fgets (buf, sizeof(buf), auth))
+			continue;
+		len = strlen(buf);
+
+		if ((len) && (buf[len-1]=='\n'))
+		{
+			buf[len-1] = '\0';
+			len--;
+		}
+		if (len == 0)
+			continue;
+
+		/* break up the line into parameter & value.
+		   will need to eat a little whitespace possibly */
+		param = buf;
+		if (!(ptr = strchr (buf, '=')))
+			continue;
+		val = ptr+1;
+		*ptr = '\0';
+
+		/* eat leading white space */
+		while ((*val!='\0') && ((*val==' ') || (*val=='\t')))
+			val++;
+
+		if (strwicmp("password", param) == 0)
+		{
+			pstrcpy(password, val);
+			got_pass = True;
+		}
+		else if (strwicmp("username", param) == 0)
+			pstrcpy(username, val);
+
+		memset(buf, 0, sizeof(buf));
+	}
+	fclose(auth);
+}
+
+
+/****************************************************************************
+usage on the program
+****************************************************************************/
+static void usage(void)
+{
+	printf("Usage: mount.smbfs service mountpoint [-o options,...]\n");
+
+	printf("Version %s\n\n",VERSION);
+
+	printf(
+"Options:\n\
+      username=<arg>                  SMB username\n\
+      password=<arg>                  SMB password\n\
+      credentials=<filename>          file with username/password\n\
+      netbiosname=<arg>               source NetBIOS name\n\
+      uid=<arg>                       mount uid or username\n\
+      gid=<arg>                       mount gid or groupname\n\
+      port=<arg>                      remote SMB port number\n\
+      fmask=<arg>                     file umask\n\
+      dmask=<arg>                     directory umask\n\
+      debug=<arg>                     debug level\n\
+      ip=<arg>                        destination host or IP address\n\
+      workgroup=<arg>                 workgroup on destination\n\
+      sockopt=<arg>                   TCP socket options\n\
+      scope=<arg>                     NetBIOS scope\n\
+      iocharset=<arg>                 Linux charset (iso8859-1, utf8)\n\
+      codepage=<arg>                  server codepage (cp850)\n\
+      ttl=<arg>                       dircache time to live\n\
+      guest                           don't prompt for a password\n\
+      ro                              mount read-only\n\
+      rw                              mount read-write\n\
+\n\
+This command is designed to be run from within /bin/mount by giving\n\
+the option '-t smbfs'. For example:\n\
+  mount -t smbfs -o username=tridge,password=foobar //fjall/test /data/test\n\
+");
+}
+
+
+/****************************************************************************
+  Argument parsing for mount.smbfs interface
+  mount will call us like this:
+    mount.smbfs device mountpoint -o <options>
+  
+  <options> is never empty, containing at least rw or ro
+ ****************************************************************************/
+static void parse_mount_smb(int argc, char **argv)
+{
+	int opt;
+	char *opts;
+	char *opteq;
+	extern char *optarg;
+	int val;
+	extern pstring global_scope;
+	char *p;
+
+	if (argc < 2 || argv[1][0] == '-') {
+		usage();
+		exit(1);
+	}
+	
+	pstrcpy(service, argv[1]);
+	pstrcpy(mpoint, argv[2]);
+
+	/* Convert any '/' characters in the service name to
+	   '\' characters */
+	string_replace(service, '/','\\');
+	argc -= 2;
+	argv += 2;
+
+	opt = getopt(argc, argv, "o:");
+	if(opt != 'o') {
+		return;
+	}
+
+	options[0] = 0;
+	p = options;
+
+	/*
+	 * option parsing from nfsmount.c (util-linux-2.9u)
+	 */
+        for (opts = strtok(optarg, ","); opts; opts = strtok(NULL, ",")) {
+		DEBUG(3, ("opts: %s\n", opts));
+                if ((opteq = strchr_m(opts, '='))) {
+                        val = atoi(opteq + 1);
+                        *opteq = '\0';
+
+                        if (!strcmp(opts, "username") || 
+			    !strcmp(opts, "logon")) {
+				char *lp;
+				pstrcpy(username,opteq+1);
+				if ((lp=strchr_m(username,'%'))) {
+					*lp = 0;
+					pstrcpy(password,lp+1);
+					got_pass = True;
+					memset(strchr_m(opteq+1,'%')+1,'X',strlen(password));
+				}
+				if ((lp=strchr_m(username,'/'))) {
+					*lp = 0;
+					pstrcpy(workgroup,lp+1);
+				}
+			} else if(!strcmp(opts, "passwd") ||
+				  !strcmp(opts, "password")) {
+				pstrcpy(password,opteq+1);
+				got_pass = True;
+				memset(opteq+1,'X',strlen(password));
+			} else if(!strcmp(opts, "credentials")) {
+				pstrcpy(credentials,opteq+1);
+			} else if(!strcmp(opts, "netbiosname")) {
+				pstrcpy(my_netbios_name,opteq+1);
+			} else if(!strcmp(opts, "uid")) {
+				mount_uid = nametouid(opteq+1);
+			} else if(!strcmp(opts, "gid")) {
+				mount_gid = nametogid(opteq+1);
+			} else if(!strcmp(opts, "port")) {
+				smb_port = val;
+			} else if(!strcmp(opts, "fmask")) {
+				mount_fmask = strtol(opteq+1, NULL, 8);
+			} else if(!strcmp(opts, "dmask")) {
+				mount_dmask = strtol(opteq+1, NULL, 8);
+			} else if(!strcmp(opts, "debug")) {
+				DEBUGLEVEL = val;
+			} else if(!strcmp(opts, "ip")) {
+				dest_ip = *interpret_addr2(opteq+1);
+				if (is_zero_ip(dest_ip)) {
+					fprintf(stderr,"Can't resolve address %s\n", opteq+1);
+					exit(1);
+				}
+				have_ip = True;
+			} else if(!strcmp(opts, "workgroup")) {
+				pstrcpy(workgroup,opteq+1);
+			} else if(!strcmp(opts, "sockopt")) {
+				pstrcpy(user_socket_options,opteq+1);
+			} else if(!strcmp(opts, "scope")) {
+				pstrcpy(global_scope,opteq+1);
+			} else {
+				slprintf(p, sizeof(pstring) - (p - options) - 1, "%s=%s,", opts, opteq+1);
+				p += strlen(p);
+			}
+		} else {
+			val = 1;
+			if(!strcmp(opts, "nocaps")) {
+				fprintf(stderr, "Unhandled option: %s\n", opteq+1);
+				exit(1);
+			} else if(!strcmp(opts, "guest")) {
+				*password = '\0';
+				got_pass = True;
+			} else if(!strcmp(opts, "rw")) {
+				mount_ro = 0;
+			} else if(!strcmp(opts, "ro")) {
+				mount_ro = 1;
+			} else {
+				strncpy(p, opts, sizeof(pstring) - (p - options) - 1);
+				p += strlen(opts);
+				*p++ = ',';
+				*p = 0;
+			}
+		}
+	}
+
+	if (!*service) {
+		usage();
+		exit(1);
+	}
+
+	if (p != options) {
+		*(p-1) = 0;	/* remove trailing , */
+		DEBUG(3,("passthrough options '%s'\n", options));
+	}
+}
+
+/****************************************************************************
+  main program
+****************************************************************************/
+ int main(int argc,char *argv[])
+{
+	extern char *optarg;
+	extern int optind;
+	char *p;
+
+	DEBUGLEVEL = 1;
+
+	/* here we are interactive, even if run from autofs */
+	setup_logging("mount.smbfs",True);
+
+#if 0 /* JRA - Urban says not needed ? */
+	/* CLI_FORCE_ASCII=false makes smbmount negotiate unicode. The default
+	   is to not announce any unicode capabilities as current smbfs does
+	   not support it. */
+	p = getenv("CLI_FORCE_ASCII");
+	if (p && !strcmp(p, "false"))
+		unsetenv("CLI_FORCE_ASCII");
+	else
+		setenv("CLI_FORCE_ASCII", "true", 1);
+#endif
+
+	in_client = True;   /* Make sure that we tell lp_load we are */
+
+	if (getenv("USER")) {
+		pstrcpy(username,getenv("USER"));
+
+		if ((p=strchr_m(username,'%'))) {
+			*p = 0;
+			pstrcpy(password,p+1);
+			got_pass = True;
+			memset(strchr_m(getenv("USER"),'%')+1,'X',strlen(password));
+		}
+		strupper(username);
+	}
+
+	if (getenv("PASSWD")) {
+		pstrcpy(password,getenv("PASSWD"));
+		got_pass = True;
+	}
+
+	if (getenv("PASSWD_FD") || getenv("PASSWD_FILE")) {
+		get_password_file();
+		got_pass = True;
+	}
+
+	if (*username == 0 && getenv("LOGNAME")) {
+		pstrcpy(username,getenv("LOGNAME"));
+	}
+
+	if (!lp_load(dyn_CONFIGFILE,True,False,False)) {
+		fprintf(stderr, "Can't load %s - run testparm to debug it\n", 
+			dyn_CONFIGFILE);
+	}
+
+	parse_mount_smb(argc, argv);
+
+	if (*credentials != 0) {
+		read_credentials_file(credentials);
+	}
+
+	DEBUG(3,("mount.smbfs started (version %s)\n", VERSION));
+
+	if (*workgroup == 0) {
+		pstrcpy(workgroup,lp_workgroup());
+	}
+
+	load_interfaces();
+	if (!*my_netbios_name) {
+		pstrcpy(my_netbios_name, myhostname());
+	}
+	strupper(my_netbios_name);
+
+	init_mount();
+	return 0;
+}
diff --git a/source3/client/smbspool.c b/source3/client/smbspool.c
new file mode 100644
index 0000000000..2a2d5cbaf5
--- /dev/null
+++ b/source3/client/smbspool.c
@@ -0,0 +1,412 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB backend for the Common UNIX Printing System ("CUPS")
+   Copyright 1999 by Easy Software Products
+   Copyright Andrew Tridgell 1994-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#define NO_SYSLOG
+
+#include "includes.h"
+
+/*
+ * Globals...
+ */
+
+extern BOOL		in_client;	/* Boolean for client library */
+
+
+/*
+ * Local functions...
+ */
+
+static void		list_devices(void);
+static struct cli_state	*smb_connect(char *, char *, char *, char *, char *);
+static int		smb_print(struct cli_state *, char *, FILE *);
+
+
+/*
+ * 'main()' - Main entry for SMB backend.
+ */
+
+ int				/* O - Exit status */
+ main(int  argc,			/* I - Number of command-line arguments */
+     char *argv[])		/* I - Command-line arguments */
+{
+  int		i;		/* Looping var */
+  int		copies;		/* Number of copies */
+  char		uri[1024],	/* URI */
+		*sep,		/* Pointer to separator */
+		*username,	/* Username */
+		*password,	/* Password */
+		*workgroup,	/* Workgroup */
+		*server,	/* Server name */
+		*printer;	/* Printer name */
+  FILE		*fp;		/* File to print */
+  int		status=0;		/* Status of LPD job */
+  struct cli_state *cli;	/* SMB interface */
+
+  /* we expect the URI in argv[0]. Detect the case where it is in argv[1] and cope */
+  if (argc > 2 && strncmp(argv[0],"smb://", 6) && !strncmp(argv[1],"smb://", 6)) {
+	  argv++;
+	  argc--;
+  }
+
+  if (argc == 1)
+  {
+   /*
+    * NEW!  In CUPS 1.1 the backends are run with no arguments to list the
+    *       available devices.  These can be devices served by this backend
+    *       or any other backends (i.e. you can have an SNMP backend that
+    *       is only used to enumerate the available network printers... :)
+    */
+
+    list_devices();
+    return (0);
+  }
+
+  if (argc < 6 || argc > 7)
+  {
+    fprintf(stderr, "Usage: %s [DEVICE_URI] job-id user title copies options [file]\n",
+            argv[0]);
+    fputs("       The DEVICE_URI environment variable can also contain the\n", stderr);
+    fputs("       destination printer:\n", stderr);
+    fputs("\n", stderr);
+    fputs("           smb://[username:password@][workgroup/]server/printer\n", stderr);
+    return (1);
+  }
+
+ /*
+  * If we have 7 arguments, print the file named on the command-line.
+  * Otherwise, print data from stdin...
+  */
+
+  if (argc == 6)
+  {
+   /*
+    * Print from Copy stdin to a temporary file...
+    */
+
+    fp     = stdin;
+    copies = 1;
+  }
+  else if ((fp = fopen(argv[6], "rb")) == NULL)
+  {
+    perror("ERROR: Unable to open print file");
+    return (1);
+  }
+  else
+    copies = atoi(argv[4]);
+
+ /*
+  * Find the URI...
+  */
+
+  if (strncmp(argv[0], "smb://", 6) == 0)
+    strncpy(uri, argv[0], sizeof(uri) - 1);
+  else if (getenv("DEVICE_URI") != NULL)
+    strncpy(uri, getenv("DEVICE_URI"), sizeof(uri) - 1);
+  else
+  {
+    fputs("ERROR: No device URI found in argv[0] or DEVICE_URI environment variable!\n", stderr);
+    return (1);
+  }
+
+  uri[sizeof(uri) - 1] = '\0';
+
+ /*
+  * Extract the destination from the URI...
+  */
+
+  if ((sep = strrchr_m(uri, '@')) != NULL)
+  {
+    username = uri + 6;
+    *sep++ = '\0';
+
+    server = sep;
+
+   /*
+    * Extract password as needed...
+    */
+
+    if ((password = strchr_m(username, ':')) != NULL)
+      *password++ = '\0';
+    else
+      password = "";
+  }
+  else
+  {
+    username = "";
+    password = "";
+    server   = uri + 6;
+  }
+
+  if ((sep = strchr_m(server, '/')) == NULL)
+  {
+    fputs("ERROR: Bad URI - need printer name!\n", stderr);
+    return (1);
+  }
+
+  *sep++ = '\0';
+  printer = sep;
+
+  if ((sep = strchr_m(printer, '/')) != NULL)
+  {
+   /*
+    * Convert to smb://[username:password@]workgroup/server/printer...
+    */
+
+    *sep++ = '\0';
+
+    workgroup = server;
+    server    = printer;
+    printer   = sep;
+  }
+  else
+    workgroup = NULL;
+
+ /*
+  * Setup the SAMBA server state...
+  */
+
+  setup_logging("smbspool", True);
+
+  in_client = True;   /* Make sure that we tell lp_load we are */
+
+  if (!lp_load(dyn_CONFIGFILE, True, False, False))
+  {
+    fprintf(stderr, "ERROR: Can't load %s - run testparm to debug it\n", dyn_CONFIGFILE);
+    return (1);
+  }
+
+  if (workgroup == NULL)
+    workgroup = lp_workgroup();
+
+  load_interfaces();
+
+  do
+  {
+    if ((cli = smb_connect(workgroup, server, printer, username, password)) == NULL)
+    {
+      if (getenv("CLASS") == NULL)
+      {
+        perror("ERROR: Unable to connect to SAMBA host, will retry in 60 seconds...");
+        sleep (60);
+      }
+      else
+      {
+        perror("ERROR: Unable to connect to SAMBA host, trying next printer...");
+        return (1);
+      }
+    }
+  }
+  while (cli == NULL);
+
+ /*
+  * Now that we are connected to the server, ignore SIGTERM so that we
+  * can finish out any page data the driver sends (e.g. to eject the
+  * current page...  Only ignore SIGTERM if we are printing data from
+  * stdin (otherwise you can't cancel raw jobs...)
+  */
+
+  if (argc < 7)
+    CatchSignal(SIGTERM, SIG_IGN);
+
+ /*
+  * Queue the job...
+  */
+
+  for (i = 0; i < copies; i ++)
+    if ((status = smb_print(cli, argv[3] /* title */, fp)) != 0)
+      break;
+
+  cli_shutdown(cli);
+
+ /*
+  * Return the queue status...
+  */
+
+  return (status);
+}
+
+
+/*
+ * 'list_devices()' - List the available printers seen on the network...
+ */
+
+static void
+list_devices(void)
+{
+ /*
+  * Eventually, search the local workgroup for available hosts and printers.
+  */
+
+  puts("network smb \"Unknown\" \"Windows Printer via SAMBA\"");
+}
+
+
+/*
+ * 'smb_connect()' - Return a connection to a server.
+ */
+
+static struct cli_state *		/* O - SMB connection */
+smb_connect(char *workgroup,		/* I - Workgroup */
+            char *server,		/* I - Server */
+            char *share,		/* I - Printer */
+            char *username,		/* I - Username */
+            char *password)		/* I - Password */
+{
+  struct cli_state	*c;		/* New connection */
+  struct nmb_name	called,		/* NMB name of server */
+			calling;	/* NMB name of client */
+  struct in_addr	ip;		/* IP address of server */
+  pstring		myname;		/* Client name */
+
+
+ /*
+  * Get the names and addresses of the client and server...
+  */
+
+  get_myname(myname);  
+
+  zero_ip(&ip);
+
+  make_nmb_name(&calling, myname, 0x0);
+  make_nmb_name(&called, server, 0x20);
+
+ /*
+  * Open a new connection to the SMB server...
+  */
+
+  if ((c = cli_initialise(NULL)) == NULL)
+  {
+    fputs("ERROR: cli_initialize() failed...\n", stderr);
+    return (NULL);
+  }
+
+  if (!cli_connect(c, server, &ip))
+  {
+    fputs("ERROR: cli_connect() failed...\n", stderr);
+    return (NULL);
+  }
+
+  if (!cli_session_request(c, &calling, &called))
+  {
+    fputs("ERROR: cli_session_request() failed...\n", stderr);
+    return (NULL);
+  }
+
+  if (!cli_negprot(c))
+  {
+    fputs("ERROR: SMB protocol negotiation failed\n", stderr);
+    cli_shutdown(c);
+    return (NULL);
+  }
+
+ /*
+  * Do password stuff...
+  */
+
+  if (!cli_session_setup(c, username, 
+			 password, strlen(password),
+			 password, strlen(password),
+			 workgroup))
+  {
+    fprintf(stderr, "ERROR: SMB session setup failed: %s\n", cli_errstr(c));
+    return (NULL);
+  }
+
+  if (!cli_send_tconX(c, share, "?????",
+		      password, strlen(password)+1))
+  {
+    fprintf(stderr, "ERROR: SMB tree connect failed: %s\n", cli_errstr(c));
+    cli_shutdown(c);
+    return (NULL);
+  }
+
+ /*
+  * Return the new connection...
+  */
+
+  return (c);
+}
+
+
+/*
+ * 'smb_print()' - Queue a job for printing using the SMB protocol.
+ */
+
+static int				/* O - 0 = success, non-0 = failure */
+smb_print(struct cli_state *cli,	/* I - SMB connection */
+          char             *title,	/* I - Title/job name */
+          FILE             *fp)		/* I - File to print */
+{
+  int	fnum;		/* File number */
+  int	nbytes,		/* Number of bytes read */
+	tbytes;		/* Total bytes read */
+  char	buffer[8192],	/* Buffer for copy */
+	*ptr;		/* Pointer into tile */
+
+
+ /*
+  * Sanitize the title...
+  */
+
+  for (ptr = title; *ptr; ptr ++)
+    if (!isalnum((int)*ptr) && !isspace((int)*ptr))
+      *ptr = '_';
+
+ /*
+  * Open the printer device...
+  */
+
+  if ((fnum = cli_open(cli, title, O_RDWR | O_CREAT | O_TRUNC, DENY_NONE)) == -1)
+  {
+    fprintf(stderr, "ERROR: %s opening remote file %s\n",
+            cli_errstr(cli), title);
+    return (1);
+  }
+
+ /*
+  * Copy the file to the printer...
+  */
+
+  if (fp != stdin)
+    rewind(fp);
+
+  tbytes = 0;
+
+  while ((nbytes = fread(buffer, 1, sizeof(buffer), fp)) > 0)
+  {
+    if (cli_write(cli, fnum, 0, buffer, tbytes, nbytes) != nbytes)
+    {
+      fprintf(stderr, "ERROR: Error writing file: %s\n", cli_errstr(cli));
+      break;
+    }
+
+    tbytes += nbytes;
+  } 
+
+  if (!cli_close(cli, fnum))
+  {
+    fprintf(stderr, "ERROR: %s closing remote file %s\n",
+            cli_errstr(cli), title);
+    return (1);
+  }
+  else
+    return (0);
+}
diff --git a/source3/client/smbumount.c b/source3/client/smbumount.c
new file mode 100644
index 0000000000..983ad44fa0
--- /dev/null
+++ b/source3/client/smbumount.c
@@ -0,0 +1,185 @@
+/*
+ *  smbumount.c
+ *
+ *  Copyright (C) 1995-1998 by Volker Lendecke
+ *
+ */
+
+#include "includes.h"
+
+#include <mntent.h>
+
+#include <asm/types.h>
+#include <asm/posix_types.h>
+#include <linux/smb.h>
+#include <linux/smb_mount.h>
+#include <linux/smb_fs.h>
+
+/* This is a (hopefully) temporary hack due to the fact that
+	sizeof( uid_t ) != sizeof( __kernel_uid_t ) under glibc.
+	This may change in the future and smb.h may get fixed in the
+	future.  In the mean time, it's ugly hack time - get over it.
+*/
+#undef SMB_IOC_GETMOUNTUID
+#define	SMB_IOC_GETMOUNTUID		_IOR('u', 1, __kernel_uid_t)
+
+#ifndef O_NOFOLLOW
+#define O_NOFOLLOW     0400000
+#endif
+
+static void
+usage(void)
+{
+        printf("usage: smbumount mountpoint\n");
+}
+
+static int
+umount_ok(const char *mount_point)
+{
+	/* we set O_NOFOLLOW to prevent users playing games with symlinks to
+	   umount filesystems they don't own */
+        int fid = open(mount_point, O_RDONLY|O_NOFOLLOW, 0);
+        __kernel_uid_t mount_uid;
+	
+        if (fid == -1) {
+                fprintf(stderr, "Could not open %s: %s\n",
+                        mount_point, strerror(errno));
+                return -1;
+        }
+        
+        if (ioctl(fid, SMB_IOC_GETMOUNTUID, &mount_uid) != 0) {
+                fprintf(stderr, "%s probably not smb-filesystem\n",
+                        mount_point);
+                return -1;
+        }
+
+        if ((getuid() != 0)
+            && (mount_uid != getuid())) {
+                fprintf(stderr, "You are not allowed to umount %s\n",
+                        mount_point);
+                return -1;
+        }
+
+        close(fid);
+        return 0;
+}
+
+/* Make a canonical pathname from PATH.  Returns a freshly malloced string.
+   It is up the *caller* to ensure that the PATH is sensible.  i.e.
+   canonicalize ("/dev/fd0/.") returns "/dev/fd0" even though ``/dev/fd0/.''
+   is not a legal pathname for ``/dev/fd0''  Anything we cannot parse
+   we return unmodified.   */
+static char *
+canonicalize (char *path)
+{
+	char *canonical = malloc (PATH_MAX + 1);
+
+	if (!canonical) {
+		fprintf(stderr, "Error! Not enough memory!\n");
+		return NULL;
+	}
+
+	if (strlen(path) > PATH_MAX) {
+		fprintf(stderr, "Mount point string too long\n");
+		return NULL;
+	}
+
+	if (path == NULL)
+		return NULL;
+  
+	if (realpath (path, canonical))
+		return canonical;
+
+	pstrcpy (canonical, path);
+	return canonical;
+}
+
+
+int 
+main(int argc, char *argv[])
+{
+        int fd;
+        char* mount_point;
+        struct mntent *mnt;
+        FILE* mtab;
+        FILE* new_mtab;
+
+        if (argc != 2) {
+                usage();
+                exit(1);
+        }
+
+        if (geteuid() != 0) {
+                fprintf(stderr, "smbumount must be installed suid root\n");
+                exit(1);
+        }
+
+        mount_point = canonicalize(argv[1]);
+
+	if (mount_point == NULL)
+	{
+		exit(1);
+	}
+
+        if (umount_ok(mount_point) != 0) {
+                exit(1);
+        }
+
+        if (umount(mount_point) != 0) {
+                fprintf(stderr, "Could not umount %s: %s\n",
+                        mount_point, strerror(errno));
+                exit(1);
+        }
+
+        if ((fd = open(MOUNTED"~", O_RDWR|O_CREAT|O_EXCL, 0600)) == -1)
+        {
+                fprintf(stderr, "Can't get "MOUNTED"~ lock file");
+                return 1;
+        }
+        close(fd);
+	
+        if ((mtab = setmntent(MOUNTED, "r")) == NULL) {
+                fprintf(stderr, "Can't open " MOUNTED ": %s\n",
+                        strerror(errno));
+                return 1;
+        }
+
+#define MOUNTED_TMP MOUNTED".tmp"
+
+        if ((new_mtab = setmntent(MOUNTED_TMP, "w")) == NULL) {
+                fprintf(stderr, "Can't open " MOUNTED_TMP ": %s\n",
+                        strerror(errno));
+                endmntent(mtab);
+                return 1;
+        }
+
+        while ((mnt = getmntent(mtab)) != NULL) {
+                if (strcmp(mnt->mnt_dir, mount_point) != 0) {
+                        addmntent(new_mtab, mnt);
+                }
+        }
+
+        endmntent(mtab);
+
+        if (fchmod (fileno (new_mtab), S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH) < 0) {
+                fprintf(stderr, "Error changing mode of %s: %s\n",
+                        MOUNTED_TMP, strerror(errno));
+                exit(1);
+        }
+
+        endmntent(new_mtab);
+
+        if (rename(MOUNTED_TMP, MOUNTED) < 0) {
+                fprintf(stderr, "Cannot rename %s to %s: %s\n",
+                        MOUNTED, MOUNTED_TMP, strerror(errno));
+                exit(1);
+        }
+
+        if (unlink(MOUNTED"~") == -1)
+        {
+                fprintf(stderr, "Can't remove "MOUNTED"~");
+                return 1;
+        }
+
+	return 0;
+}	
diff --git a/source3/client/testsmbc.c b/source3/client/testsmbc.c
new file mode 100644
index 0000000000..ec98774dcf
--- /dev/null
+++ b/source3/client/testsmbc.c
@@ -0,0 +1,455 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB client library test program
+   Copyright (C) Andrew Tridgell 1998
+   Copyright (C) Richard Sharpe 2000
+   Copyright (C) John Terpsra 2000
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include <stdio.h>
+#include <errno.h>
+#include <sys/time.h>
+#include <string.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <libsmbclient.h>
+
+void auth_fn(const char *server, const char *share,
+	     char *workgroup, int wgmaxlen, char *username, int unmaxlen,
+	     char *password, int pwmaxlen)
+{
+  char temp[128];
+
+  fprintf(stdout, "Need password for //%s/%s\n", server, share);
+
+  fprintf(stdout, "Enter workgroup: [%s] ", workgroup);
+  fgets(temp, sizeof(temp), stdin);
+
+  if (temp[strlen(temp) - 1] == 0x0a) /* A new line? */
+    temp[strlen(temp) - 1] = 0x00;
+
+  if (temp[0]) strncpy(workgroup, temp, wgmaxlen - 1);
+
+  fprintf(stdout, "Enter username: [%s] ", username);
+  fgets(temp, sizeof(temp), stdin);
+
+  if (temp[strlen(temp) - 1] == 0x0a) /* A new line? */
+    temp[strlen(temp) - 1] = 0x00;
+
+  if (temp[0]) strncpy(username, temp, unmaxlen - 1);
+
+  fprintf(stdout, "Enter password: [%s] ", password);
+  fgets(temp, sizeof(temp), stdin);
+
+  if (temp[strlen(temp) - 1] == 0x0a) /* A new line? */
+    temp[strlen(temp) - 1] = 0x00;
+
+  if (temp[0]) strncpy(password, temp, pwmaxlen - 1);
+
+}
+
+int global_id = 0;
+
+void print_list_fn(struct print_job_info *pji)
+{
+
+  fprintf(stdout, "Print job: ID: %u, Prio: %u, Size: %u, User: %s, Name: %s\n",
+	  pji->id, pji->priority, pji->size, pji->user, pji->name);
+
+  global_id = pji->id;
+
+}
+
+int main(int argc, char *argv[])
+{
+  int err, fd, dh1, dh2, dh3, dsize, dirc;
+  const char *file = "smb://samba/public/testfile.txt";
+  const char *file2 = "smb://samba/public/testfile2.txt";
+  char buff[256];
+  char dirbuf[512];
+  char *dirp;
+  struct stat st1, st2;
+
+  err = smbc_init(auth_fn,  10); /* Initialize things */
+
+  if (err < 0) {
+
+    fprintf(stderr, "Initializing the smbclient library ...: %s\n", strerror(errno));
+
+  }
+
+  if (argc > 1) {
+
+    /* Try to list the print jobs ... */
+
+    if (smbc_list_print_jobs("smb://samba/pclp", print_list_fn) < 0) {
+
+      fprintf(stderr, "Could not list print jobs: %s, %d\n", strerror(errno), errno);
+      exit(1);
+
+    }
+
+    /* Try to delete the last job listed */
+
+    if (global_id > 0) {
+
+      fprintf(stdout, "Trying to delete print job %u\n", global_id);
+
+      if (smbc_unlink_print_job("smb://samba/pclp", global_id) < 0) {
+
+	fprintf(stderr, "Failed to unlink job id %u, %s, %u\n", global_id, 
+		strerror(errno), errno);
+
+	exit(1);
+
+      }
+
+    }
+
+    /* Try to print a file ... */
+
+    if (smbc_print_file("smb://samba/public/testfile2.txt", "smb://samba/pclp") < 0) {
+
+      fprintf(stderr, "Failed to print job: %s %u\n", strerror(errno), errno);
+      exit(1);
+
+    }
+
+    /* Try to delete argv[1] as a file ... */
+    
+    if (smbc_unlink(argv[1]) < 0) {
+
+      fprintf(stderr, "Could not unlink: %s, %s, %d\n",
+	      argv[1], strerror(errno), errno);
+
+      exit(0);
+
+    }
+
+    if ((dh1 = smbc_opendir("smb://"))<1) {
+
+      fprintf(stderr, "Could not open directory: smb://: %s\n",
+	      strerror(errno));
+
+      exit(1);
+
+    }
+
+    if ((dh2 = smbc_opendir("smb://sambanet")) < 0) {
+
+      fprintf(stderr, "Could not open directory: smb://sambanet: %s\n",
+	      strerror(errno));
+
+      exit(1);
+
+    }
+
+    if ((dh3 = smbc_opendir("smb://samba")) < 0) {
+
+      fprintf(stderr, "Could not open directory: smb://samba: %s\n",
+	      strerror(errno));
+
+      exit(1);
+
+    }
+
+    fprintf(stdout, "Directory handles: %u, %u, %u\n", dh1, dh2, dh3);
+
+    /* Now, list those directories, but in funny ways ... */
+
+    dirp = (char *)dirbuf;
+
+    if ((dirc = smbc_getdents(dh1, (struct smbc_dirent *)dirp, 
+			      sizeof(dirbuf))) < 0) {
+
+      fprintf(stderr, "Problems getting directory entries: %s\n",
+	      strerror(errno));
+
+      exit(1);
+
+    }
+
+    /* Now, process the list of names ... */
+
+    fprintf(stdout, "Directory listing, size = %u\n", dirc);
+
+    while (dirc > 0) {
+
+      dsize = ((struct smbc_dirent *)dirp)->dirlen;
+      fprintf(stdout, "Dir Ent, Type: %u, Name: %s, Comment: %s\n",
+	      ((struct smbc_dirent *)dirp)->smbc_type, 
+	      ((struct smbc_dirent *)dirp)->name, 
+	      ((struct smbc_dirent *)dirp)->comment);
+
+      dirp += dsize;
+      (char *)dirc -= dsize;
+
+    }
+
+    dirp = (char *)dirbuf;
+
+    if ((dirc = smbc_getdents(dh2, (struct smbc_dirent *)dirp, 
+			      sizeof(dirbuf))) < 0) {
+
+      fprintf(stderr, "Problems getting directory entries: %s\n",
+	      strerror(errno));
+
+      exit(1);
+
+    }
+
+    /* Now, process the list of names ... */
+
+    fprintf(stdout, "\nDirectory listing, size = %u\n", dirc);
+
+    while (dirc > 0) {
+
+      dsize = ((struct smbc_dirent *)dirp)->dirlen;
+      fprintf(stdout, "Dir Ent, Type: %u, Name: %s, Comment: %s\n",
+	      ((struct smbc_dirent *)dirp)->smbc_type, 
+	      ((struct smbc_dirent *)dirp)->name, 
+	      ((struct smbc_dirent *)dirp)->comment);
+
+      dirp += dsize;
+      (char *)dirc -= dsize;
+
+    }
+
+    dirp = (char *)dirbuf;
+
+    if ((dirc = smbc_getdents(dh3, (struct smbc_dirent *)dirp, 
+			      sizeof(dirbuf))) < 0) {
+
+      fprintf(stderr, "Problems getting directory entries: %s\n",
+	      strerror(errno));
+
+      exit(1);
+
+    }
+
+    /* Now, process the list of names ... */
+
+    fprintf(stdout, "Directory listing, size = %u\n", dirc);
+
+    while (dirc > 0) {
+
+      dsize = ((struct smbc_dirent *)dirp)->dirlen;
+      fprintf(stdout, "\nDir Ent, Type: %u, Name: %s, Comment: %s\n",
+	      ((struct smbc_dirent *)dirp)->smbc_type, 
+	      ((struct smbc_dirent *)dirp)->name, 
+	      ((struct smbc_dirent *)dirp)->comment);
+
+      (char *)dirp += dsize;
+      (char *)dirc -= dsize;
+
+    }
+
+    exit(1);
+
+  }
+
+  /* For now, open a file on a server that is hard coded ... later will
+   * read from the command line ...
+   */
+
+  fd = smbc_open(file, O_RDWR | O_CREAT | O_TRUNC, 0666);
+
+  if (fd < 0) {
+
+    fprintf(stderr, "Creating file: %s: %s\n", file, strerror(errno));
+    exit(0);
+
+  }
+
+  fprintf(stdout, "Opened or created file: %s\n", file);
+
+  /* Now, write some date to the file ... */
+
+  bzero(buff, sizeof(buff));
+  strcpy(buff, "Some test data for the moment ...");
+
+  err = smbc_write(fd, buff, sizeof(buff));
+
+  if (err < 0) {
+    
+    fprintf(stderr, "writing file: %s: %s\n", file, strerror(errno));
+    exit(0);
+
+  }
+
+  fprintf(stdout, "Wrote %d bytes to file: %s\n", sizeof(buff), buff);
+
+  /* Now, seek the file back to offset 0 */
+
+  err = smbc_lseek(fd, SEEK_SET, 0);
+
+  if (err < 0) {
+
+    fprintf(stderr, "Seeking file: %s: %s\n", file, strerror(errno));
+    exit(0);
+
+  }
+
+  fprintf(stdout, "Completed lseek on file: %s\n", file);
+
+  /* Now, read the file contents back ... */
+
+  err = smbc_read(fd, buff, sizeof(buff));
+
+  if (err < 0) {
+
+    fprintf(stderr, "Reading file: %s: %s\n", file, strerror(errno));
+    exit(0);
+
+  }
+
+  fprintf(stdout, "Read file: %s\n", buff);  /* Should check the contents */
+
+  fprintf(stdout, "Now fstat'ing file: %s\n", file);
+
+  err = smbc_fstat(fd, &st1);
+
+  if (err < 0) {
+
+    fprintf(stderr, "Fstat'ing file: %s: %s\n", file, strerror(errno));
+    exit(0);
+
+  }
+
+
+  /* Now, close the file ... */
+
+  err = smbc_close(fd);
+
+  if (err < 0) {
+
+    fprintf(stderr, "Closing file: %s: %s\n", file, strerror(errno));
+
+  }
+
+  /* Now, rename the file ... */
+
+  err = smbc_rename(file, file2);
+
+  if (err < 0) {
+
+    fprintf(stderr, "Renaming file: %s to %s: %s\n", file, file2, strerror(errno));
+
+  }
+
+  fprintf(stdout, "Renamed file %s to %s\n", file, file2);
+
+  /* Now, create a file and delete it ... */
+
+  fprintf(stdout, "Now, creating file: %s so we can delete it.\n", file);
+
+  fd = smbc_open(file, O_RDWR | O_CREAT, 0666);
+
+  if (fd < 0) {
+
+    fprintf(stderr, "Creating file: %s: %s\n", file, strerror(errno));
+    exit(0);
+
+  }
+
+  fprintf(stdout, "Opened or created file: %s\n", file);
+
+  err = smbc_close(fd);
+
+  if (err < 0) {
+
+    fprintf(stderr, "Closing file: %s: %s\n", file, strerror(errno));
+    exit(0);
+
+  }
+  
+  /* Now, delete the file ... */
+
+  fprintf(stdout, "File %s created, now deleting ...\n", file);
+
+  err = smbc_unlink(file);
+
+  if (err < 0) {
+
+    fprintf(stderr, "Deleting file: %s: %s\n", file, strerror(errno));
+    exit(0);
+
+  }
+
+  /* Now, stat the file, file 2 ... */
+
+  fprintf(stdout, "Now stat'ing file: %s\n", file);
+
+  err = smbc_stat(file2, &st2);
+
+  if (err < 0) {
+
+    fprintf(stderr, "Stat'ing file: %s: %s\n", file, strerror(errno));
+    exit(0);
+
+  }
+
+  fprintf(stdout, "Stat'ed file:   %s. Size = %d, mode = %04X\n", file2, 
+	  (int)st2.st_size, st2.st_mode);
+  fprintf(stdout, "    time: %s\n", ctime(&st2.st_atime));
+  fprintf(stdout, "Earlier stat:   %s, Size = %d, mode = %04X\n", file, 
+	  (int)st1.st_size, st1.st_mode);
+  fprintf(stdout, "    time: %s\n", ctime(&st1.st_atime));
+
+  /* Now, make a directory ... */
+
+  fprintf(stdout, "Making directory smb://samba/public/make-dir\n");
+
+  if (smbc_mkdir("smb://samba/public/make-dir", 0666) < 0) {
+
+    fprintf(stderr, "Error making directory: smb://samba/public/make-dir: %s\n", 
+	    strerror(errno));
+
+    if (errno == EEXIST) { /* Try to delete the directory */
+
+      fprintf(stdout, "Trying to delete directory: smb://samba/public/make-dir\n");
+
+      if (smbc_rmdir("smb://samba/public/make-dir") < 0) { /* Error */
+
+	fprintf(stderr, "Error removing directory: smb://samba/public/make-dir: %s\n", strerror(errno));
+
+	exit(0);
+
+      }
+
+      fprintf(stdout, "Making directory: smb://samba/public/make-dir\n");
+
+      if (smbc_mkdir("smb://samba/public/make-dir", 666) < 0) {
+
+	fprintf(stderr, "Error making directory: smb://samba/public/make-dir: %s\n",
+		strerror(errno));
+
+	fprintf(stderr, "I give up!\n");
+
+	exit(1);
+
+      }
+
+    }
+
+    exit(0);
+    
+  }
+
+  fprintf(stdout, "Made dir: make-dir\n");
+  return 0;
+}
diff --git a/source3/client/tree.c b/source3/client/tree.c
new file mode 100644
index 0000000000..94fd93c210
--- /dev/null
+++ b/source3/client/tree.c
@@ -0,0 +1,811 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB client GTK+ tree-based application
+   Copyright (C) Andrew Tridgell 1998
+   Copyright (C) Richard Sharpe 2001
+   Copyright (C) John Terpstra 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+/* example-gtk+ application, ripped off from the gtk+ tree.c sample */
+
+#include <stdio.h>
+#include <errno.h>
+#include <gtk/gtk.h>
+#include "libsmbclient.h"
+
+static GtkWidget *clist;
+
+struct tree_data {
+
+  guint32 type;    /* Type of tree item, an SMBC_TYPE */
+  char name[256];  /* May need to change this later   */
+
+};
+
+void error_message(gchar *message) {
+
+  GtkWidget *dialog, *label, *okay_button;
+     
+  /* Create the widgets */
+     
+  dialog = gtk_dialog_new();
+  gtk_window_set_modal(GTK_WINDOW(dialog), True);
+  label = gtk_label_new (message);
+  okay_button = gtk_button_new_with_label("Okay");
+     
+  /* Ensure that the dialog box is destroyed when the user clicks ok. */
+     
+  gtk_signal_connect_object (GTK_OBJECT (okay_button), "clicked",
+			     GTK_SIGNAL_FUNC (gtk_widget_destroy), dialog);
+  gtk_container_add (GTK_CONTAINER (GTK_DIALOG(dialog)->action_area),
+		     okay_button);
+
+  /* Add the label, and show everything we've added to the dialog. */
+
+  gtk_container_add (GTK_CONTAINER (GTK_DIALOG(dialog)->vbox),
+		     label);
+  gtk_widget_show_all (dialog);
+}
+
+/*
+ * We are given a widget, and we want to retrieve its URL so we 
+ * can do a directory listing.
+ *
+ * We walk back up the tree, picking up pieces until we hit a server or
+ * workgroup type and return a path from there
+ */
+
+static char path_string[1024];
+
+char *get_path(GtkWidget *item)
+{
+  GtkWidget *p = item;
+  struct tree_data *pd;
+  char *comps[1024];  /* We keep pointers to the components here */
+  int i = 0, j, level,type;
+
+  /* Walk back up the tree, getting the private data */
+
+  level = GTK_TREE(item->parent)->level;
+
+  /* Pick up this item's component info */
+
+  pd = (struct tree_data *)gtk_object_get_user_data(GTK_OBJECT(item));
+
+  comps[i++] = pd->name;
+  type = pd->type;
+
+  while (level > 0 && type != SMBC_SERVER && type != SMBC_WORKGROUP) {
+
+    /* Find the parent and extract the data etc ... */
+
+    p = GTK_WIDGET(p->parent);    
+    p = GTK_WIDGET(GTK_TREE(p)->tree_owner);
+
+    pd = (struct tree_data *)gtk_object_get_user_data(GTK_OBJECT(p));
+
+    level = GTK_TREE(item->parent)->level;
+
+    comps[i++] = pd->name;
+    type = pd->type;
+
+  }
+
+  /* 
+   * Got a list of comps now, should check that we did not hit a workgroup
+   * when we got other things as well ... Later
+   *
+   * Now, build the path
+   */
+
+  snprintf(path_string, sizeof(path_string), "smb:/");
+
+  for (j = i - 1; j >= 0; j--) {
+
+    strncat(path_string, "/", sizeof(path_string) - strlen(path_string));
+    strncat(path_string, comps[j], sizeof(path_string) - strlen(path_string));
+
+  }
+  
+  fprintf(stdout, "Path string = %s\n", path_string);
+
+  return path_string;
+
+}
+
+struct tree_data *make_tree_data(guint32 type, const char *name)
+{
+  struct tree_data *p = (struct tree_data *)malloc(sizeof(struct tree_data));
+
+  if (p) {
+
+    p->type = type;
+    strncpy(p->name, name, sizeof(p->name));
+
+  }
+
+  return p;
+
+}
+
+/* Note that this is called every time the user clicks on an item,
+   whether it is already selected or not. */
+static void cb_select_child (GtkWidget *root_tree, GtkWidget *child,
+			     GtkWidget *subtree)
+{
+  gint dh, err, dirlen;
+  char dirbuf[512];
+  struct smbc_dirent *dirp;
+  struct stat st1;
+  char path[1024], path1[1024];
+
+  g_print ("select_child called for root tree %p, subtree %p, child %p\n",
+	   root_tree, subtree, child);
+
+  /* Now, figure out what it is, and display it in the clist ... */
+
+  gtk_clist_clear(GTK_CLIST(clist));  /* Clear the CLIST */
+
+  /* Now, get the private data for the subtree */
+
+  strncpy(path, get_path(child), 1024);
+
+  if ((dh = smbc_opendir(path)) < 0) { /* Handle error */
+
+    g_print("cb_select_child: Could not open dir %s, %s\n", path,
+	    strerror(errno));
+
+    gtk_main_quit();
+
+    return;
+
+  }
+
+  while ((err = smbc_getdents(dh, (struct smbc_dirent *)dirbuf,
+			      sizeof(dirbuf))) != 0) {
+
+    if (err < 0) {
+
+      g_print("cb_select_child: Could not read dir %s, %s\n", path,
+	      strerror(errno));
+
+      gtk_main_quit();
+
+      return;
+
+    }
+
+    dirp = (struct smbc_dirent *)dirbuf;
+
+    while (err > 0) {
+      gchar col1[128], col2[128], col3[128], col4[128];
+      gchar *rowdata[4] = {col1, col2, col3, col4};
+
+      dirlen = dirp->dirlen;
+
+      /* Format each of the items ... */
+
+      strncpy(col1, dirp->name, 128);
+
+      col2[0] = col3[0] = col4[0] = (char)0;
+
+      switch (dirp->smbc_type) {
+
+      case SMBC_WORKGROUP:
+
+	break;
+
+      case SMBC_SERVER:
+
+	strncpy(col2, (dirp->comment?dirp->comment:""), 128);
+
+	break;
+
+      case SMBC_FILE_SHARE:
+
+	strncpy(col2, (dirp->comment?dirp->comment:""), 128);
+
+	break;
+
+      case SMBC_PRINTER_SHARE:
+
+	strncpy(col2, (dirp->comment?dirp->comment:""), 128);
+	break;
+
+      case SMBC_COMMS_SHARE:
+
+	break;
+
+      case SMBC_IPC_SHARE:
+
+	break;
+
+      case SMBC_DIR:
+      case SMBC_FILE:
+
+	/* Get stats on the file/dir and see what we have */
+
+	if ((strcmp(dirp->name, ".") != 0) &&
+	    (strcmp(dirp->name, "..") != 0)) {
+
+	  strncpy(path1, path, sizeof(path1));
+	  strncat(path1, "/", sizeof(path) - strlen(path));
+	  strncat(path1, dirp->name, sizeof(path) - strlen(path));
+
+	  if (smbc_stat(path1, &st1) < 0) {
+	    
+	    if (errno != EBUSY) {
+	      
+	      g_print("cb_select_child: Could not stat file %s, %s\n", path1, 
+		      strerror(errno));
+	    
+	      gtk_main_quit();
+
+	      return;
+
+	    }
+	    else {
+
+	      strncpy(col2, "Device or resource busy", sizeof(col2));
+
+	    }
+	  }
+	  else {
+	    /* Now format each of the relevant things ... */
+
+	    snprintf(col2, sizeof(col2), "%c%c%c%c%c%c%c%c%c(%0X)",
+		     (st1.st_mode&S_IRUSR?'r':'-'),
+		     (st1.st_mode&S_IWUSR?'w':'-'),
+		     (st1.st_mode&S_IXUSR?'x':'-'),
+		     (st1.st_mode&S_IRGRP?'r':'-'),
+		     (st1.st_mode&S_IWGRP?'w':'-'),
+		     (st1.st_mode&S_IXGRP?'x':'-'),
+		     (st1.st_mode&S_IROTH?'r':'-'),
+		     (st1.st_mode&S_IWOTH?'w':'-'),
+		     (st1.st_mode&S_IXOTH?'x':'-'),
+		     st1.st_mode); 
+	    snprintf(col3, sizeof(col3), "%u", st1.st_size);
+	    snprintf(col4, sizeof(col4), "%s", ctime(&st1.st_mtime));
+	  }
+	}
+
+	break;
+
+      default:
+
+	break;
+      }
+
+      gtk_clist_append(GTK_CLIST(clist), rowdata);
+
+      (char *)dirp += dirlen;
+      err -= dirlen;
+
+    }
+
+  }
+
+}
+
+/* Note that this is never called */
+static void cb_unselect_child( GtkWidget *root_tree,
+                               GtkWidget *child,
+                               GtkWidget *subtree )
+{
+  g_print ("unselect_child called for root tree %p, subtree %p, child %p\n",
+	   root_tree, subtree, child);
+}
+
+/* for all the GtkItem:: and GtkTreeItem:: signals */
+static void cb_itemsignal( GtkWidget *item,
+                           gchar     *signame )
+{
+  GtkWidget *real_tree, *aitem, *subtree;
+  gchar *name;
+  GtkLabel *label;
+  gint dh, err, dirlen, level;
+  char dirbuf[512];
+  struct smbc_dirent *dirp;
+  
+  label = GTK_LABEL (GTK_BIN (item)->child);
+  /* Get the text of the label */
+  gtk_label_get (label, &name);
+
+  level = GTK_TREE(item->parent)->level;
+
+  /* Get the level of the tree which the item is in */
+  g_print ("%s called for item %s->%p, level %d\n", signame, name,
+	   item, GTK_TREE (item->parent)->level);
+
+  real_tree = GTK_TREE_ITEM_SUBTREE(item);  /* Get the subtree */
+
+  if (strncmp(signame, "expand", 6) == 0) { /* Expand called */
+    char server[128];
+
+    if ((dh = smbc_opendir(get_path(item))) < 0) { /* Handle error */
+      gchar errmsg[256];
+
+      g_print("cb_itemsignal: Could not open dir %s, %s\n", get_path(item), 
+	      strerror(errno));
+
+      slprintf(errmsg, sizeof(errmsg), "cb_itemsignal: Could not open dir %s, %s\n", get_path(item), strerror(errno));
+
+      error_message(errmsg);
+
+      /*      gtk_main_quit();*/
+
+      return;
+
+    }
+
+    while ((err = smbc_getdents(dh, (struct smbc_dirent *)dirbuf, 
+				sizeof(dirbuf))) != 0) {
+
+      if (err < 0) { /* An error, report it */
+	gchar errmsg[256];
+
+	g_print("cb_itemsignal: Could not read dir smbc://, %s\n",
+		strerror(errno));
+
+	slprintf(errmsg, sizeof(errmsg), "cb_itemsignal: Could not read dir smbc://, %s\n", strerror(errno));
+
+	error_message(errmsg);
+
+	/*	gtk_main_quit();*/
+
+	return;
+
+      }
+
+      dirp = (struct smbc_dirent *)dirbuf;
+
+      while (err > 0) {
+	struct tree_data *my_data;
+
+	dirlen = dirp->dirlen;
+
+	my_data = make_tree_data(dirp->smbc_type, dirp->name);
+
+	if (!my_data) {
+
+	  g_print("Could not allocate space for tree_data: %s\n",
+		  dirp->name);
+
+	  gtk_main_quit();
+	  return;
+
+	}
+
+	aitem = gtk_tree_item_new_with_label(dirp->name);
+
+	/* Connect all GtkItem:: and GtkTreeItem:: signals */
+	gtk_signal_connect (GTK_OBJECT(aitem), "select",
+			    GTK_SIGNAL_FUNC(cb_itemsignal), "select");
+	gtk_signal_connect (GTK_OBJECT(aitem), "deselect",
+			    GTK_SIGNAL_FUNC(cb_itemsignal), "deselect");
+	gtk_signal_connect (GTK_OBJECT(aitem), "toggle",
+			    GTK_SIGNAL_FUNC(cb_itemsignal), "toggle");
+	gtk_signal_connect (GTK_OBJECT(aitem), "expand",
+			    GTK_SIGNAL_FUNC(cb_itemsignal), "expand");
+	gtk_signal_connect (GTK_OBJECT(aitem), "collapse",
+			    GTK_SIGNAL_FUNC(cb_itemsignal), "collapse");
+	/* Add it to the parent tree */
+	gtk_tree_append (GTK_TREE(real_tree), aitem);
+
+	gtk_widget_show (aitem);
+
+	gtk_object_set_user_data(GTK_OBJECT(aitem), (gpointer)my_data);
+
+	fprintf(stdout, "Added: %s, len: %u\n", dirp->name, dirlen);
+
+	if (dirp->smbc_type != SMBC_FILE &&
+	    dirp->smbc_type != SMBC_IPC_SHARE &&
+	    (strcmp(dirp->name, ".") != 0) && 
+	    (strcmp(dirp->name, "..") !=0)){
+	  
+	  subtree = gtk_tree_new();
+	  gtk_tree_item_set_subtree(GTK_TREE_ITEM(aitem), subtree);
+
+	  gtk_signal_connect(GTK_OBJECT(subtree), "select_child",
+			     GTK_SIGNAL_FUNC(cb_select_child), real_tree);
+	  gtk_signal_connect(GTK_OBJECT(subtree), "unselect_child",
+			     GTK_SIGNAL_FUNC(cb_unselect_child), real_tree);
+
+	}
+
+	(char *)dirp += dirlen;
+	err -= dirlen;
+
+      }
+
+    }
+
+    smbc_closedir(dh);   
+
+  }
+  else if (strncmp(signame, "collapse", 8) == 0) {
+    GtkWidget *subtree = gtk_tree_new();
+
+    gtk_tree_remove_items(GTK_TREE(real_tree), GTK_TREE(real_tree)->children);
+
+    gtk_tree_item_set_subtree(GTK_TREE_ITEM(item), subtree);
+
+    gtk_signal_connect (GTK_OBJECT(subtree), "select_child",
+			GTK_SIGNAL_FUNC(cb_select_child), real_tree);
+    gtk_signal_connect (GTK_OBJECT(subtree), "unselect_child",
+			GTK_SIGNAL_FUNC(cb_unselect_child), real_tree);
+
+  }
+
+}
+
+static void cb_selection_changed( GtkWidget *tree )
+{
+  GList *i;
+  
+  g_print ("selection_change called for tree %p\n", tree);
+  g_print ("selected objects are:\n");
+
+  i = GTK_TREE_SELECTION(tree);
+  while (i){
+    gchar *name;
+    GtkLabel *label;
+    GtkWidget *item;
+
+    /* Get a GtkWidget pointer from the list node */
+    item = GTK_WIDGET (i->data);
+    label = GTK_LABEL (GTK_BIN (item)->child);
+    gtk_label_get (label, &name);
+    g_print ("\t%s on level %d\n", name, GTK_TREE
+	     (item->parent)->level);
+    i = i->next;
+  }
+}
+
+/*
+ * Expand or collapse the whole network ...
+ */
+static void cb_wholenet(GtkWidget *item, gchar *signame)
+{
+  GtkWidget *real_tree, *aitem, *subtree;
+  gchar *name;
+  GtkLabel *label;
+  gint dh, err, dirlen;
+  char dirbuf[512];
+  struct smbc_dirent *dirp;
+  
+  label = GTK_LABEL (GTK_BIN (item)->child);
+  gtk_label_get (label, &name);
+  g_print ("%s called for item %s->%p, level %d\n", signame, name,
+	   item, GTK_TREE (item->parent)->level);
+
+  real_tree = GTK_TREE_ITEM_SUBTREE(item);  /* Get the subtree */
+
+  if (strncmp(signame, "expand", 6) == 0) { /* Expand called */
+
+    if ((dh = smbc_opendir("smb://")) < 0) { /* Handle error */
+
+      g_print("cb_wholenet: Could not open dir smbc://, %s\n",
+	      strerror(errno));
+
+      gtk_main_quit();
+
+      return;
+
+    }
+
+    while ((err = smbc_getdents(dh, (struct smbc_dirent *)dirbuf, 
+				sizeof(dirbuf))) != 0) {
+
+      if (err < 0) { /* An error, report it */
+
+	g_print("cb_wholenet: Could not read dir smbc://, %s\n",
+		strerror(errno));
+
+	gtk_main_quit();
+
+	return;
+
+      }
+
+      dirp = (struct smbc_dirent *)dirbuf;
+
+      while (err > 0) {
+	struct tree_data *my_data;
+
+	dirlen = dirp->dirlen;
+
+	my_data = make_tree_data(dirp->smbc_type, dirp->name);
+
+	aitem = gtk_tree_item_new_with_label(dirp->name);
+
+	/* Connect all GtkItem:: and GtkTreeItem:: signals */
+	gtk_signal_connect (GTK_OBJECT(aitem), "select",
+			    GTK_SIGNAL_FUNC(cb_itemsignal), "select");
+	gtk_signal_connect (GTK_OBJECT(aitem), "deselect",
+			    GTK_SIGNAL_FUNC(cb_itemsignal), "deselect");
+	gtk_signal_connect (GTK_OBJECT(aitem), "toggle",
+			    GTK_SIGNAL_FUNC(cb_itemsignal), "toggle");
+	gtk_signal_connect (GTK_OBJECT(aitem), "expand",
+			    GTK_SIGNAL_FUNC(cb_itemsignal), "expand");
+	gtk_signal_connect (GTK_OBJECT(aitem), "collapse",
+			    GTK_SIGNAL_FUNC(cb_itemsignal), "collapse");
+
+	gtk_tree_append (GTK_TREE(real_tree), aitem);
+	/* Show it - this can be done at any time */
+	gtk_widget_show (aitem);
+
+	gtk_object_set_user_data(GTK_OBJECT(aitem), (gpointer)my_data);
+
+	fprintf(stdout, "Added: %s, len: %u\n", dirp->name, dirlen);
+
+	subtree = gtk_tree_new();
+
+	gtk_tree_item_set_subtree(GTK_TREE_ITEM(aitem), subtree);
+
+	gtk_signal_connect(GTK_OBJECT(subtree), "select_child",
+			   GTK_SIGNAL_FUNC(cb_select_child), real_tree);
+	gtk_signal_connect(GTK_OBJECT(subtree), "unselect_child",
+			   GTK_SIGNAL_FUNC(cb_unselect_child), real_tree);
+
+	(char *)dirp += dirlen;
+	err -= dirlen;
+
+      }
+
+    }
+
+    smbc_closedir(dh);   
+
+  }
+  else { /* Must be collapse ... FIXME ... */
+    GtkWidget *subtree = gtk_tree_new();
+
+    gtk_tree_remove_items(GTK_TREE(real_tree), GTK_TREE(real_tree)->children);
+
+    gtk_tree_item_set_subtree(GTK_TREE_ITEM(item), subtree);
+
+    gtk_signal_connect (GTK_OBJECT(subtree), "select_child",
+			GTK_SIGNAL_FUNC(cb_select_child), real_tree);
+    gtk_signal_connect (GTK_OBJECT(subtree), "unselect_child",
+			GTK_SIGNAL_FUNC(cb_unselect_child), real_tree);
+
+
+  }
+
+}
+
+/* Should put up a dialog box to ask the user for username and password */
+
+static void 
+auth_fn(const char *server, const char *share,
+	char *workgroup, int wgmaxlen, char *username, int unmaxlen,
+	char *password, int pwmaxlen)
+{
+
+   strncpy(username, "test", unmaxlen);
+   strncpy(password, "test", pwmaxlen);
+
+}
+
+static char *col_titles[] = {
+  "Name", "Attributes", "Size", "Modification Date",
+};
+
+int main( int   argc,
+          char *argv[] )
+{
+  GtkWidget *window, *scrolled_win, *scrolled_win2, *tree;
+  GtkWidget *subtree, *item, *main_hbox, *r_pane, *l_pane;
+  gint err, dh;
+  gint i;
+  char dirbuf[512];
+  struct smbc_dirent *dirp;
+
+  gtk_init (&argc, &argv);
+
+  /* Init the smbclient library */
+
+  err = smbc_init(auth_fn, 10);
+
+  /* Print an error response ... */
+
+  if (err < 0) {
+
+    fprintf(stderr, "smbc_init returned %s (%i)\nDo you have a ~/.smb/smb.conf file?\n", strerror(errno), errno);
+    exit(1);
+
+  }
+
+  /* a generic toplevel window */
+  window = gtk_window_new (GTK_WINDOW_TOPLEVEL);
+  gtk_widget_set_name(window, "main browser window");
+  gtk_signal_connect (GTK_OBJECT(window), "delete_event",
+		      GTK_SIGNAL_FUNC (gtk_main_quit), NULL);
+  gtk_window_set_title(GTK_WINDOW(window), "The Linux Windows Network Browser");
+  gtk_widget_set_usize(GTK_WIDGET(window), 750, -1);
+  gtk_container_set_border_width (GTK_CONTAINER(window), 5);
+
+  gtk_widget_show (window);
+
+  /* A container for the two panes ... */
+
+  main_hbox = gtk_hbox_new(FALSE, 1);
+  gtk_container_border_width(GTK_CONTAINER(main_hbox), 1);
+  gtk_container_add(GTK_CONTAINER(window), main_hbox);
+
+  gtk_widget_show(main_hbox);
+
+  l_pane = gtk_hpaned_new();
+  gtk_paned_gutter_size(GTK_PANED(l_pane), (GTK_PANED(l_pane))->handle_size);
+  r_pane = gtk_hpaned_new();
+  gtk_paned_gutter_size(GTK_PANED(r_pane), (GTK_PANED(r_pane))->handle_size);
+  gtk_container_add(GTK_CONTAINER(main_hbox), l_pane);
+  gtk_widget_show(l_pane);
+
+  /* A generic scrolled window */
+  scrolled_win = gtk_scrolled_window_new (NULL, NULL);
+  gtk_scrolled_window_set_policy (GTK_SCROLLED_WINDOW (scrolled_win),
+				  GTK_POLICY_AUTOMATIC,
+				  GTK_POLICY_AUTOMATIC);
+  gtk_widget_set_usize (scrolled_win, 150, 200);
+  gtk_container_add (GTK_CONTAINER(l_pane), scrolled_win);
+  gtk_widget_show (scrolled_win);
+
+  /* Another generic scrolled window */
+  scrolled_win2 = gtk_scrolled_window_new (NULL, NULL);
+  gtk_scrolled_window_set_policy (GTK_SCROLLED_WINDOW (scrolled_win2),
+				  GTK_POLICY_AUTOMATIC,
+				  GTK_POLICY_AUTOMATIC);
+  gtk_widget_set_usize (scrolled_win2, 150, 200);
+  gtk_paned_add2 (GTK_PANED(l_pane), scrolled_win2);
+  gtk_widget_show (scrolled_win2);
+  
+  /* Create the root tree */
+  tree = gtk_tree_new();
+  g_print ("root tree is %p\n", tree);
+  /* connect all GtkTree:: signals */
+  gtk_signal_connect (GTK_OBJECT(tree), "select_child",
+		      GTK_SIGNAL_FUNC(cb_select_child), tree);
+  gtk_signal_connect (GTK_OBJECT(tree), "unselect_child",
+		      GTK_SIGNAL_FUNC(cb_unselect_child), tree);
+  gtk_signal_connect (GTK_OBJECT(tree), "selection_changed",
+		      GTK_SIGNAL_FUNC(cb_selection_changed), tree);
+  /* Add it to the scrolled window */
+  gtk_scrolled_window_add_with_viewport (GTK_SCROLLED_WINDOW(scrolled_win),
+                                         tree);
+  /* Set the selection mode */
+  gtk_tree_set_selection_mode (GTK_TREE(tree),
+			       GTK_SELECTION_MULTIPLE);
+  /* Show it */
+  gtk_widget_show (tree);
+
+  /* Now, create a clist and attach it to the second pane */
+
+  clist = gtk_clist_new_with_titles(4, col_titles);
+
+  gtk_container_add (GTK_CONTAINER(scrolled_win2), clist);
+
+  gtk_widget_show(clist);
+
+  /* Now, build the top level display ... */
+
+  if ((dh = smbc_opendir("smb:///")) < 0) {
+
+    fprintf(stderr, "Could not list default workgroup: smb:///: %s\n",
+	    strerror(errno));
+
+    exit(1);
+
+  }
+
+  /* Create a tree item for Whole Network */
+
+  item = gtk_tree_item_new_with_label ("Whole Network");
+  /* Connect all GtkItem:: and GtkTreeItem:: signals */
+  gtk_signal_connect (GTK_OBJECT(item), "select",
+		      GTK_SIGNAL_FUNC(cb_itemsignal), "select");
+  gtk_signal_connect (GTK_OBJECT(item), "deselect",
+		      GTK_SIGNAL_FUNC(cb_itemsignal), "deselect");
+  gtk_signal_connect (GTK_OBJECT(item), "toggle",
+		      GTK_SIGNAL_FUNC(cb_itemsignal), "toggle");
+  gtk_signal_connect (GTK_OBJECT(item), "expand",
+		      GTK_SIGNAL_FUNC(cb_wholenet), "expand");
+  gtk_signal_connect (GTK_OBJECT(item), "collapse",
+		      GTK_SIGNAL_FUNC(cb_wholenet), "collapse");
+  /* Add it to the parent tree */
+  gtk_tree_append (GTK_TREE(tree), item);
+  /* Show it - this can be done at any time */
+  gtk_widget_show (item);
+
+  subtree = gtk_tree_new();  /* A subtree for Whole Network */
+
+  gtk_tree_item_set_subtree(GTK_TREE_ITEM(item), subtree);
+
+  gtk_signal_connect (GTK_OBJECT(subtree), "select_child",
+		      GTK_SIGNAL_FUNC(cb_select_child), tree);
+  gtk_signal_connect (GTK_OBJECT(subtree), "unselect_child",
+		      GTK_SIGNAL_FUNC(cb_unselect_child), tree);
+
+  /* Now, get the items in smb:/// and add them to the tree */
+
+  dirp = (struct smbc_dirent *)dirbuf;
+
+  while ((err = smbc_getdents(dh, (struct smbc_dirent *)dirbuf, 
+			      sizeof(dirbuf))) != 0) {
+
+    if (err < 0) { /* Handle the error */
+
+      fprintf(stderr, "Could not read directory for smbc:///: %s\n",
+	      strerror(errno));
+
+      exit(1);
+
+    }
+
+    fprintf(stdout, "Dir len: %u\n", err);
+
+    while (err > 0) { /* Extract each entry and make a sub-tree */
+      struct tree_data *my_data;
+      int dirlen = dirp->dirlen;
+
+      my_data = make_tree_data(dirp->smbc_type, dirp->name);
+
+      item = gtk_tree_item_new_with_label(dirp->name);
+      /* Connect all GtkItem:: and GtkTreeItem:: signals */
+      gtk_signal_connect (GTK_OBJECT(item), "select",
+			  GTK_SIGNAL_FUNC(cb_itemsignal), "select");
+      gtk_signal_connect (GTK_OBJECT(item), "deselect",
+			  GTK_SIGNAL_FUNC(cb_itemsignal), "deselect");
+      gtk_signal_connect (GTK_OBJECT(item), "toggle",
+			  GTK_SIGNAL_FUNC(cb_itemsignal), "toggle");
+      gtk_signal_connect (GTK_OBJECT(item), "expand",
+			  GTK_SIGNAL_FUNC(cb_itemsignal), "expand");
+      gtk_signal_connect (GTK_OBJECT(item), "collapse",
+			  GTK_SIGNAL_FUNC(cb_itemsignal), "collapse");
+      /* Add it to the parent tree */
+      gtk_tree_append (GTK_TREE(tree), item);
+      /* Show it - this can be done at any time */
+      gtk_widget_show (item);
+
+      gtk_object_set_user_data(GTK_OBJECT(item), (gpointer)my_data);
+
+      fprintf(stdout, "Added: %s, len: %u\n", dirp->name, dirlen);
+
+      subtree = gtk_tree_new();
+
+      gtk_tree_item_set_subtree(GTK_TREE_ITEM(item), subtree);
+
+      gtk_signal_connect (GTK_OBJECT(subtree), "select_child",
+			  GTK_SIGNAL_FUNC(cb_select_child), tree);
+      gtk_signal_connect (GTK_OBJECT(subtree), "unselect_child",
+			  GTK_SIGNAL_FUNC(cb_unselect_child), tree);
+
+      (char *)dirp += dirlen;
+      err -= dirlen;
+
+    }
+
+  }
+
+  smbc_closedir(dh); /* FIXME, check for error :-) */
+
+  /* Show the window and loop endlessly */
+  gtk_main();
+  return 0;
+}
+/* example-end */
diff --git a/source3/codepages/.cvsignore b/source3/codepages/.cvsignore
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/source3/codepages/.cvsignore
diff --git a/source3/codepages/lowcase.dat b/source3/codepages/lowcase.dat
new file mode 100644
index 0000000000..62b6e2e952
--- /dev/null
+++ b/source3/codepages/lowcase.dat
diff --git a/source3/codepages/upcase.dat b/source3/codepages/upcase.dat
new file mode 100644
index 0000000000..bb6f9beb4e
--- /dev/null
+++ b/source3/codepages/upcase.dat
diff --git a/source3/codepages/valid.dat b/source3/codepages/valid.dat
new file mode 100644
index 0000000000..78c14b33f0
--- /dev/null
+++ b/source3/codepages/valid.dat
diff --git a/source3/config.guess b/source3/config.guess
new file mode 100755
index 0000000000..bcdc0742b7
--- /dev/null
+++ b/source3/config.guess
@@ -0,0 +1,1308 @@
+#! /bin/sh
+# Attempt to guess a canonical system name.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
+#   Free Software Foundation, Inc.
+
+timestamp='2001-11-26'
+
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# Originally written by Per Bothner <bothner@cygnus.com>.
+# Please send patches to <config-patches@gnu.org>.  Submit a context
+# diff and a properly formatted ChangeLog entry.
+#
+# This script attempts to guess a canonical system name similar to
+# config.sub.  If it succeeds, it prints the system name on stdout, and
+# exits with 0.  Otherwise, it exits with 1.
+#
+# The plan is that this can be called by configure scripts if you
+# don't specify an explicit build system type.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION]
+
+Output the configuration name of the system \`$me' is run on.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.guess ($timestamp)
+
+Originally written by Per Bothner.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
+Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit 0 ;;
+    --version | -v )
+       echo "$version" ; exit 0 ;;
+    --help | --h* | -h )
+       echo "$usage"; exit 0 ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help" >&2
+       exit 1 ;;
+    * )
+       break ;;
+  esac
+done
+
+if test $# != 0; then
+  echo "$me: too many arguments$help" >&2
+  exit 1
+fi
+
+
+dummy=dummy-$$
+trap 'rm -f $dummy.c $dummy.o $dummy.rel $dummy; exit 1' 1 2 15
+
+# CC_FOR_BUILD -- compiler used by this script.
+# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
+# use `HOST_CC' if defined, but it is deprecated.
+
+set_cc_for_build='case $CC_FOR_BUILD,$HOST_CC,$CC in
+ ,,)    echo "int dummy(){}" > $dummy.c ;
+	for c in cc gcc c89 ; do
+	  ($c $dummy.c -c -o $dummy.o) >/dev/null 2>&1 ;
+	  if test $? = 0 ; then
+	     CC_FOR_BUILD="$c"; break ;
+	  fi ;
+	done ;
+	rm -f $dummy.c $dummy.o $dummy.rel ;
+	if test x"$CC_FOR_BUILD" = x ; then
+	  CC_FOR_BUILD=no_compiler_found ;
+	fi
+	;;
+ ,,*)   CC_FOR_BUILD=$CC ;;
+ ,*,*)  CC_FOR_BUILD=$HOST_CC ;;
+esac'
+
+# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
+# (ghazi@noc.rutgers.edu 1994-08-24)
+if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
+	PATH=$PATH:/.attbin ; export PATH
+fi
+
+UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
+UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
+UNAME_SYSTEM=`(uname -s) 2>/dev/null`  || UNAME_SYSTEM=unknown
+UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
+
+# Note: order is significant - the case branches are not exclusive.
+
+case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
+    *:NetBSD:*:*)
+	# NetBSD (nbsd) targets should (where applicable) match one or
+	# more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
+	# *-*-netbsdecoff* and *-*-netbsd*.  For targets that recently
+	# switched to ELF, *-*-netbsd* would select the old
+	# object file format.  This provides both forward
+	# compatibility and a consistent mechanism for selecting the
+	# object file format.
+	# Determine the machine/vendor (is the vendor relevant).
+	case "${UNAME_MACHINE}" in
+	    amiga) machine=m68k-unknown ;;
+	    arm32) machine=arm-unknown ;;
+	    atari*) machine=m68k-atari ;;
+	    sun3*) machine=m68k-sun ;;
+	    mac68k) machine=m68k-apple ;;
+	    macppc) machine=powerpc-apple ;;
+	    hp3[0-9][05]) machine=m68k-hp ;;
+	    ibmrt|romp-ibm) machine=romp-ibm ;;
+	    sparc*) machine=`uname -p`-unknown ;;
+	    *) machine=${UNAME_MACHINE}-unknown ;;
+	esac
+	# The Operating System including object format, if it has switched
+	# to ELF recently, or will in the future.
+	case "${UNAME_MACHINE}" in
+	    i386|sparc|amiga|arm*|hp300|mvme68k|vax|atari|luna68k|mac68k|news68k|next68k|pc532|sun3*|x68k)
+		eval $set_cc_for_build
+		if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
+			| grep __ELF__ >/dev/null
+		then
+		    # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
+		    # Return netbsd for either.  FIX?
+		    os=netbsd
+		else
+		    os=netbsdelf
+		fi
+		;;
+	    *)
+	        os=netbsd
+		;;
+	esac
+	# The OS release
+	release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+	# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
+	# contains redundant information, the shorter form:
+	# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
+	echo "${machine}-${os}${release}"
+	exit 0 ;;
+    amiga:OpenBSD:*:*)
+	echo m68k-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    arc:OpenBSD:*:*)
+	echo mipsel-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    hp300:OpenBSD:*:*)
+	echo m68k-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    mac68k:OpenBSD:*:*)
+	echo m68k-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    macppc:OpenBSD:*:*)
+	echo powerpc-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    mvme68k:OpenBSD:*:*)
+	echo m68k-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    mvme88k:OpenBSD:*:*)
+	echo m88k-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    mvmeppc:OpenBSD:*:*)
+	echo powerpc-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    pmax:OpenBSD:*:*)
+	echo mipsel-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    sgi:OpenBSD:*:*)
+	echo mipseb-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    sun3:OpenBSD:*:*)
+	echo m68k-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    wgrisc:OpenBSD:*:*)
+	echo mipsel-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    *:OpenBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    alpha:OSF1:*:*)
+	if test $UNAME_RELEASE = "V4.0"; then
+		UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
+	fi
+	# A Vn.n version is a released version.
+	# A Tn.n version is a released field test version.
+	# A Xn.n version is an unreleased experimental baselevel.
+	# 1.2 uses "1.2" for uname -r.
+	cat <<EOF >$dummy.s
+	.data
+\$Lformat:
+	.byte 37,100,45,37,120,10,0	# "%d-%x\n"
+
+	.text
+	.globl main
+	.align 4
+	.ent main
+main:
+	.frame \$30,16,\$26,0
+	ldgp \$29,0(\$27)
+	.prologue 1
+	.long 0x47e03d80 # implver \$0
+	lda \$2,-1
+	.long 0x47e20c21 # amask \$2,\$1
+	lda \$16,\$Lformat
+	mov \$0,\$17
+	not \$1,\$18
+	jsr \$26,printf
+	ldgp \$29,0(\$26)
+	mov 0,\$16
+	jsr \$26,exit
+	.end main
+EOF
+	eval $set_cc_for_build
+	$CC_FOR_BUILD $dummy.s -o $dummy 2>/dev/null
+	if test "$?" = 0 ; then
+		case `./$dummy` in
+			0-0)
+				UNAME_MACHINE="alpha"
+				;;
+			1-0)
+				UNAME_MACHINE="alphaev5"
+				;;
+			1-1)
+				UNAME_MACHINE="alphaev56"
+				;;
+			1-101)
+				UNAME_MACHINE="alphapca56"
+				;;
+			2-303)
+				UNAME_MACHINE="alphaev6"
+				;;
+			2-307)
+				UNAME_MACHINE="alphaev67"
+				;;
+			2-1307)
+				UNAME_MACHINE="alphaev68"
+				;;
+		esac
+	fi
+	rm -f $dummy.s $dummy
+	echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+	exit 0 ;;
+    Alpha\ *:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# Should we change UNAME_MACHINE based on the output of uname instead
+	# of the specific Alpha model?
+	echo alpha-pc-interix
+	exit 0 ;;
+    21064:Windows_NT:50:3)
+	echo alpha-dec-winnt3.5
+	exit 0 ;;
+    Amiga*:UNIX_System_V:4.0:*)
+	echo m68k-unknown-sysv4
+	exit 0;;
+    *:[Aa]miga[Oo][Ss]:*:*)
+	echo ${UNAME_MACHINE}-unknown-amigaos
+	exit 0 ;;
+    *:OS/390:*:*)
+	echo i370-ibm-openedition
+	exit 0 ;;
+    arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
+	echo arm-acorn-riscix${UNAME_RELEASE}
+	exit 0;;
+    SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
+	echo hppa1.1-hitachi-hiuxmpp
+	exit 0;;
+    Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
+	# akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
+	if test "`(/bin/universe) 2>/dev/null`" = att ; then
+		echo pyramid-pyramid-sysv3
+	else
+		echo pyramid-pyramid-bsd
+	fi
+	exit 0 ;;
+    NILE*:*:*:dcosx)
+	echo pyramid-pyramid-svr4
+	exit 0 ;;
+    sun4H:SunOS:5.*:*)
+	echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit 0 ;;
+    sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
+	echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit 0 ;;
+    i86pc:SunOS:5.*:*)
+	echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit 0 ;;
+    sun4*:SunOS:6*:*)
+	# According to config.sub, this is the proper way to canonicalize
+	# SunOS6.  Hard to guess exactly what SunOS6 will be like, but
+	# it's likely to be more like Solaris than SunOS4.
+	echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit 0 ;;
+    sun4*:SunOS:*:*)
+	case "`/usr/bin/arch -k`" in
+	    Series*|S4*)
+		UNAME_RELEASE=`uname -v`
+		;;
+	esac
+	# Japanese Language versions have a version number like `4.1.3-JL'.
+	echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
+	exit 0 ;;
+    sun3*:SunOS:*:*)
+	echo m68k-sun-sunos${UNAME_RELEASE}
+	exit 0 ;;
+    sun*:*:4.2BSD:*)
+	UNAME_RELEASE=`(head -1 /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
+	test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
+	case "`/bin/arch`" in
+	    sun3)
+		echo m68k-sun-sunos${UNAME_RELEASE}
+		;;
+	    sun4)
+		echo sparc-sun-sunos${UNAME_RELEASE}
+		;;
+	esac
+	exit 0 ;;
+    aushp:SunOS:*:*)
+	echo sparc-auspex-sunos${UNAME_RELEASE}
+	exit 0 ;;
+    # The situation for MiNT is a little confusing.  The machine name
+    # can be virtually everything (everything which is not
+    # "atarist" or "atariste" at least should have a processor
+    # > m68000).  The system name ranges from "MiNT" over "FreeMiNT"
+    # to the lowercase version "mint" (or "freemint").  Finally
+    # the system name "TOS" denotes a system which is actually not
+    # MiNT.  But MiNT is downward compatible to TOS, so this should
+    # be no problem.
+    atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
+	exit 0 ;;
+    atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
+	echo m68k-atari-mint${UNAME_RELEASE}
+        exit 0 ;;
+    *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
+	exit 0 ;;
+    milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
+        echo m68k-milan-mint${UNAME_RELEASE}
+        exit 0 ;;
+    hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
+        echo m68k-hades-mint${UNAME_RELEASE}
+        exit 0 ;;
+    *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
+        echo m68k-unknown-mint${UNAME_RELEASE}
+        exit 0 ;;
+    powerpc:machten:*:*)
+	echo powerpc-apple-machten${UNAME_RELEASE}
+	exit 0 ;;
+    RISC*:Mach:*:*)
+	echo mips-dec-mach_bsd4.3
+	exit 0 ;;
+    RISC*:ULTRIX:*:*)
+	echo mips-dec-ultrix${UNAME_RELEASE}
+	exit 0 ;;
+    VAX*:ULTRIX*:*:*)
+	echo vax-dec-ultrix${UNAME_RELEASE}
+	exit 0 ;;
+    2020:CLIX:*:* | 2430:CLIX:*:*)
+	echo clipper-intergraph-clix${UNAME_RELEASE}
+	exit 0 ;;
+    mips:*:*:UMIPS | mips:*:*:RISCos)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+#ifdef __cplusplus
+#include <stdio.h>  /* for printf() prototype */
+	int main (int argc, char *argv[]) {
+#else
+	int main (argc, argv) int argc; char *argv[]; {
+#endif
+	#if defined (host_mips) && defined (MIPSEB)
+	#if defined (SYSTYPE_SYSV)
+	  printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_SVR4)
+	  printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
+	  printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
+	#endif
+	#endif
+	  exit (-1);
+	}
+EOF
+	$CC_FOR_BUILD $dummy.c -o $dummy \
+	  && ./$dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \
+	  && rm -f $dummy.c $dummy && exit 0
+	rm -f $dummy.c $dummy
+	echo mips-mips-riscos${UNAME_RELEASE}
+	exit 0 ;;
+    Motorola:PowerMAX_OS:*:*)
+	echo powerpc-motorola-powermax
+	exit 0 ;;
+    Night_Hawk:Power_UNIX:*:*)
+	echo powerpc-harris-powerunix
+	exit 0 ;;
+    m88k:CX/UX:7*:*)
+	echo m88k-harris-cxux7
+	exit 0 ;;
+    m88k:*:4*:R4*)
+	echo m88k-motorola-sysv4
+	exit 0 ;;
+    m88k:*:3*:R3*)
+	echo m88k-motorola-sysv3
+	exit 0 ;;
+    AViiON:dgux:*:*)
+        # DG/UX returns AViiON for all architectures
+        UNAME_PROCESSOR=`/usr/bin/uname -p`
+	if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
+	then
+	    if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
+	       [ ${TARGET_BINARY_INTERFACE}x = x ]
+	    then
+		echo m88k-dg-dgux${UNAME_RELEASE}
+	    else
+		echo m88k-dg-dguxbcs${UNAME_RELEASE}
+	    fi
+	else
+	    echo i586-dg-dgux${UNAME_RELEASE}
+	fi
+ 	exit 0 ;;
+    M88*:DolphinOS:*:*)	# DolphinOS (SVR3)
+	echo m88k-dolphin-sysv3
+	exit 0 ;;
+    M88*:*:R3*:*)
+	# Delta 88k system running SVR3
+	echo m88k-motorola-sysv3
+	exit 0 ;;
+    XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
+	echo m88k-tektronix-sysv3
+	exit 0 ;;
+    Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
+	echo m68k-tektronix-bsd
+	exit 0 ;;
+    *:IRIX*:*:*)
+	echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
+	exit 0 ;;
+    ????????:AIX?:[12].1:2)   # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
+	echo romp-ibm-aix      # uname -m gives an 8 hex-code CPU id
+	exit 0 ;;              # Note that: echo "'`uname -s`'" gives 'AIX '
+    i*86:AIX:*:*)
+	echo i386-ibm-aix
+	exit 0 ;;
+    ia64:AIX:*:*)
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+	fi
+	echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
+	exit 0 ;;
+    *:AIX:2:3)
+	if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
+		eval $set_cc_for_build
+		sed 's/^		//' << EOF >$dummy.c
+		#include <sys/systemcfg.h>
+
+		main()
+			{
+			if (!__power_pc())
+				exit(1);
+			puts("powerpc-ibm-aix3.2.5");
+			exit(0);
+			}
+EOF
+		$CC_FOR_BUILD $dummy.c -o $dummy && ./$dummy && rm -f $dummy.c $dummy && exit 0
+		rm -f $dummy.c $dummy
+		echo rs6000-ibm-aix3.2.5
+	elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
+		echo rs6000-ibm-aix3.2.4
+	else
+		echo rs6000-ibm-aix3.2
+	fi
+	exit 0 ;;
+    *:AIX:*:[45])
+	IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | head -1 | awk '{ print $1 }'`
+	if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
+		IBM_ARCH=rs6000
+	else
+		IBM_ARCH=powerpc
+	fi
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+	fi
+	echo ${IBM_ARCH}-ibm-aix${IBM_REV}
+	exit 0 ;;
+    *:AIX:*:*)
+	echo rs6000-ibm-aix
+	exit 0 ;;
+    ibmrt:4.4BSD:*|romp-ibm:BSD:*)
+	echo romp-ibm-bsd4.4
+	exit 0 ;;
+    ibmrt:*BSD:*|romp-ibm:BSD:*)            # covers RT/PC BSD and
+	echo romp-ibm-bsd${UNAME_RELEASE}   # 4.3 with uname added to
+	exit 0 ;;                           # report: romp-ibm BSD 4.3
+    *:BOSX:*:*)
+	echo rs6000-bull-bosx
+	exit 0 ;;
+    DPX/2?00:B.O.S.:*:*)
+	echo m68k-bull-sysv3
+	exit 0 ;;
+    9000/[34]??:4.3bsd:1.*:*)
+	echo m68k-hp-bsd
+	exit 0 ;;
+    hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
+	echo m68k-hp-bsd4.4
+	exit 0 ;;
+    9000/[34678]??:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	case "${UNAME_MACHINE}" in
+	    9000/31? )            HP_ARCH=m68000 ;;
+	    9000/[34]?? )         HP_ARCH=m68k ;;
+	    9000/[678][0-9][0-9])
+		if [ -x /usr/bin/getconf ]; then
+		    sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
+                    sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
+                    case "${sc_cpu_version}" in
+                      523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
+                      528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
+                      532)                      # CPU_PA_RISC2_0
+                        case "${sc_kernel_bits}" in
+                          32) HP_ARCH="hppa2.0n" ;;
+                          64) HP_ARCH="hppa2.0w" ;;
+			  '') HP_ARCH="hppa2.0" ;;   # HP-UX 10.20
+                        esac ;;
+                    esac
+		fi
+		if [ "${HP_ARCH}" = "" ]; then
+		    eval $set_cc_for_build
+		    sed 's/^              //' << EOF >$dummy.c
+
+              #define _HPUX_SOURCE
+              #include <stdlib.h>
+              #include <unistd.h>
+
+              int main ()
+              {
+              #if defined(_SC_KERNEL_BITS)
+                  long bits = sysconf(_SC_KERNEL_BITS);
+              #endif
+                  long cpu  = sysconf (_SC_CPU_VERSION);
+
+                  switch (cpu)
+              	{
+              	case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
+              	case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
+              	case CPU_PA_RISC2_0:
+              #if defined(_SC_KERNEL_BITS)
+              	    switch (bits)
+              		{
+              		case 64: puts ("hppa2.0w"); break;
+              		case 32: puts ("hppa2.0n"); break;
+              		default: puts ("hppa2.0"); break;
+              		} break;
+              #else  /* !defined(_SC_KERNEL_BITS) */
+              	    puts ("hppa2.0"); break;
+              #endif
+              	default: puts ("hppa1.0"); break;
+              	}
+                  exit (0);
+              }
+EOF
+		    (CCOPTS= $CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null) && HP_ARCH=`./$dummy`
+		    if test -z "$HP_ARCH"; then HP_ARCH=hppa; fi
+		    rm -f $dummy.c $dummy
+		fi ;;
+	esac
+	echo ${HP_ARCH}-hp-hpux${HPUX_REV}
+	exit 0 ;;
+    ia64:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	echo ia64-hp-hpux${HPUX_REV}
+	exit 0 ;;
+    3050*:HI-UX:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#include <unistd.h>
+	int
+	main ()
+	{
+	  long cpu = sysconf (_SC_CPU_VERSION);
+	  /* The order matters, because CPU_IS_HP_MC68K erroneously returns
+	     true for CPU_PA_RISC1_0.  CPU_IS_PA_RISC returns correct
+	     results, however.  */
+	  if (CPU_IS_PA_RISC (cpu))
+	    {
+	      switch (cpu)
+		{
+		  case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
+		  default: puts ("hppa-hitachi-hiuxwe2"); break;
+		}
+	    }
+	  else if (CPU_IS_HP_MC68K (cpu))
+	    puts ("m68k-hitachi-hiuxwe2");
+	  else puts ("unknown-hitachi-hiuxwe2");
+	  exit (0);
+	}
+EOF
+	$CC_FOR_BUILD $dummy.c -o $dummy && ./$dummy && rm -f $dummy.c $dummy && exit 0
+	rm -f $dummy.c $dummy
+	echo unknown-hitachi-hiuxwe2
+	exit 0 ;;
+    9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
+	echo hppa1.1-hp-bsd
+	exit 0 ;;
+    9000/8??:4.3bsd:*:*)
+	echo hppa1.0-hp-bsd
+	exit 0 ;;
+    *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
+	echo hppa1.0-hp-mpeix
+	exit 0 ;;
+    hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
+	echo hppa1.1-hp-osf
+	exit 0 ;;
+    hp8??:OSF1:*:*)
+	echo hppa1.0-hp-osf
+	exit 0 ;;
+    i*86:OSF1:*:*)
+	if [ -x /usr/sbin/sysversion ] ; then
+	    echo ${UNAME_MACHINE}-unknown-osf1mk
+	else
+	    echo ${UNAME_MACHINE}-unknown-osf1
+	fi
+	exit 0 ;;
+    parisc*:Lites*:*:*)
+	echo hppa1.1-hp-lites
+	exit 0 ;;
+    C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
+	echo c1-convex-bsd
+        exit 0 ;;
+    C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+        exit 0 ;;
+    C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
+	echo c34-convex-bsd
+        exit 0 ;;
+    C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
+	echo c38-convex-bsd
+        exit 0 ;;
+    C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
+	echo c4-convex-bsd
+        exit 0 ;;
+    CRAY*X-MP:*:*:*)
+	echo xmp-cray-unicos
+        exit 0 ;;
+    CRAY*Y-MP:*:*:*)
+	echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit 0 ;;
+    CRAY*[A-Z]90:*:*:*)
+	echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
+	| sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
+	      -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
+	      -e 's/\.[^.]*$/.X/'
+	exit 0 ;;
+    CRAY*TS:*:*:*)
+	echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit 0 ;;
+    CRAY*T3D:*:*:*)
+	echo alpha-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit 0 ;;
+    CRAY*T3E:*:*:*)
+	echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit 0 ;;
+    CRAY*SV1:*:*:*)
+	echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit 0 ;;
+    CRAY-2:*:*:*)
+	echo cray2-cray-unicos
+        exit 0 ;;
+    F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
+	FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+        FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
+        echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+        exit 0 ;;
+    i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
+	echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
+	exit 0 ;;
+    sparc*:BSD/OS:*:*)
+	echo sparc-unknown-bsdi${UNAME_RELEASE}
+	exit 0 ;;
+    *:BSD/OS:*:*)
+	echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
+	exit 0 ;;
+    *:FreeBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
+	exit 0 ;;
+    i*:CYGWIN*:*)
+	echo ${UNAME_MACHINE}-pc-cygwin
+	exit 0 ;;
+    i*:MINGW*:*)
+	echo ${UNAME_MACHINE}-pc-mingw32
+	exit 0 ;;
+    i*:PW*:*)
+	echo ${UNAME_MACHINE}-pc-pw32
+	exit 0 ;;
+    i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
+	# UNAME_MACHINE based on the output of uname instead of i386?
+	echo i386-pc-interix
+	exit 0 ;;
+    i*:UWIN*:*)
+	echo ${UNAME_MACHINE}-pc-uwin
+	exit 0 ;;
+    p*:CYGWIN*:*)
+	echo powerpcle-unknown-cygwin
+	exit 0 ;;
+    prep*:SunOS:5.*:*)
+	echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit 0 ;;
+    *:GNU:*:*)
+	echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
+	exit 0 ;;
+    i*86:Minix:*:*)
+	echo ${UNAME_MACHINE}-pc-minix
+	exit 0 ;;
+    arm*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit 0 ;;
+    ia64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux
+	exit 0 ;;
+    m68*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit 0 ;;
+    mips:Linux:*:*)
+	case `sed -n '/^byte/s/^.*: \(.*\) endian/\1/p' < /proc/cpuinfo` in
+	  big)    echo mips-unknown-linux-gnu && exit 0 ;;
+	  little) echo mipsel-unknown-linux-gnu && exit 0 ;;
+	esac
+	;;
+    ppc:Linux:*:*)
+	echo powerpc-unknown-linux-gnu
+	exit 0 ;;
+    ppc64:Linux:*:*)
+	echo powerpc64-unknown-linux-gnu
+	exit 0 ;;
+    alpha:Linux:*:*)
+	case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+	  EV5)   UNAME_MACHINE=alphaev5 ;;
+	  EV56)  UNAME_MACHINE=alphaev56 ;;
+	  PCA56) UNAME_MACHINE=alphapca56 ;;
+	  PCA57) UNAME_MACHINE=alphapca56 ;;
+	  EV6)   UNAME_MACHINE=alphaev6 ;;
+	  EV67)  UNAME_MACHINE=alphaev67 ;;
+	  EV68*) UNAME_MACHINE=alphaev68 ;;
+        esac
+	objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null
+	if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
+	echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
+	exit 0 ;;
+    parisc:Linux:*:* | hppa:Linux:*:*)
+	# Look for CPU level
+	case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
+	  PA7*) echo hppa1.1-unknown-linux-gnu ;;
+	  PA8*) echo hppa2.0-unknown-linux-gnu ;;
+	  *)    echo hppa-unknown-linux-gnu ;;
+	esac
+	exit 0 ;;
+    parisc64:Linux:*:* | hppa64:Linux:*:*)
+	echo hppa64-unknown-linux-gnu
+	exit 0 ;;
+    s390:Linux:*:* | s390x:Linux:*:*)
+	echo ${UNAME_MACHINE}-ibm-linux
+	exit 0 ;;
+    sh*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit 0 ;;
+    sparc:Linux:*:* | sparc64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit 0 ;;
+    x86_64:Linux:*:*)
+	echo x86_64-unknown-linux-gnu
+	exit 0 ;;
+    i*86:Linux:*:*)
+	# The BFD linker knows what the default object file format is, so
+	# first see if it will tell us. cd to the root directory to prevent
+	# problems with other programs or directories called `ld' in the path.
+	ld_supported_targets=`cd /; ld --help 2>&1 \
+			 | sed -ne '/supported targets:/!d
+				    s/[ 	][ 	]*/ /g
+				    s/.*supported targets: *//
+				    s/ .*//
+				    p'`
+        case "$ld_supported_targets" in
+	  elf32-i386)
+		TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu"
+		;;
+	  a.out-i386-linux)
+		echo "${UNAME_MACHINE}-pc-linux-gnuaout"
+		exit 0 ;;		
+	  coff-i386)
+		echo "${UNAME_MACHINE}-pc-linux-gnucoff"
+		exit 0 ;;
+	  "")
+		# Either a pre-BFD a.out linker (linux-gnuoldld) or
+		# one that does not give us useful --help.
+		echo "${UNAME_MACHINE}-pc-linux-gnuoldld"
+		exit 0 ;;
+	esac
+	# Determine whether the default compiler is a.out or elf
+	eval $set_cc_for_build
+	cat >$dummy.c <<EOF
+#include <features.h>
+#ifdef __cplusplus
+#include <stdio.h>  /* for printf() prototype */
+	int main (int argc, char *argv[]) {
+#else
+	int main (argc, argv) int argc; char *argv[]; {
+#endif
+#ifdef __ELF__
+# ifdef __GLIBC__
+#  if __GLIBC__ >= 2
+    printf ("%s-pc-linux-gnu\n", argv[1]);
+#  else
+    printf ("%s-pc-linux-gnulibc1\n", argv[1]);
+#  endif
+# else
+   printf ("%s-pc-linux-gnulibc1\n", argv[1]);
+# endif
+#else
+  printf ("%s-pc-linux-gnuaout\n", argv[1]);
+#endif
+  return 0;
+}
+EOF
+	$CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null && ./$dummy "${UNAME_MACHINE}" && rm -f $dummy.c $dummy && exit 0
+	rm -f $dummy.c $dummy
+	test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0
+	;;
+    i*86:DYNIX/ptx:4*:*)
+	# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
+	# earlier versions are messed up and put the nodename in both
+	# sysname and nodename.
+	echo i386-sequent-sysv4
+	exit 0 ;;
+    i*86:UNIX_SV:4.2MP:2.*)
+        # Unixware is an offshoot of SVR4, but it has its own version
+        # number series starting with 2...
+        # I am not positive that other SVR4 systems won't match this,
+	# I just have to hope.  -- rms.
+        # Use sysv4.2uw... so that sysv4* matches it.
+	echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
+	exit 0 ;;
+    i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
+	UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
+	if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
+		echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
+	else
+		echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
+	fi
+	exit 0 ;;
+    i*86:*:5:[78]*)
+	case `/bin/uname -X | grep "^Machine"` in
+	    *486*)	     UNAME_MACHINE=i486 ;;
+	    *Pentium)	     UNAME_MACHINE=i586 ;;
+	    *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
+	esac
+	echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
+	exit 0 ;;
+    i*86:*:3.2:*)
+	if test -f /usr/options/cb.name; then
+		UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
+		echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
+	elif /bin/uname -X 2>/dev/null >/dev/null ; then
+		UNAME_REL=`(/bin/uname -X|egrep Release|sed -e 's/.*= //')`
+		(/bin/uname -X|egrep i80486 >/dev/null) && UNAME_MACHINE=i486
+		(/bin/uname -X|egrep '^Machine.*Pentium' >/dev/null) \
+			&& UNAME_MACHINE=i586
+		(/bin/uname -X|egrep '^Machine.*Pent ?II' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		(/bin/uname -X|egrep '^Machine.*Pentium Pro' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
+	else
+		echo ${UNAME_MACHINE}-pc-sysv32
+	fi
+	exit 0 ;;
+    i*86:*DOS:*:*)
+	echo ${UNAME_MACHINE}-pc-msdosdjgpp
+	exit 0 ;;
+    pc:*:*:*)
+	# Left here for compatibility:
+        # uname -m prints for DJGPP always 'pc', but it prints nothing about
+        # the processor, so we play safe by assuming i386.
+	echo i386-pc-msdosdjgpp
+        exit 0 ;;
+    Intel:Mach:3*:*)
+	echo i386-pc-mach3
+	exit 0 ;;
+    paragon:*:*:*)
+	echo i860-intel-osf1
+	exit 0 ;;
+    i860:*:4.*:*) # i860-SVR4
+	if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
+	  echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
+	else # Add other i860-SVR4 vendors below as they are discovered.
+	  echo i860-unknown-sysv${UNAME_RELEASE}  # Unknown i860-SVR4
+	fi
+	exit 0 ;;
+    mini*:CTIX:SYS*5:*)
+	# "miniframe"
+	echo m68010-convergent-sysv
+	exit 0 ;;
+    M68*:*:R3V[567]*:*)
+	test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;;
+    3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0)
+	OS_REL=''
+	test -r /etc/.relid \
+	&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+	  && echo i486-ncr-sysv4.3${OS_REL} && exit 0
+	/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+	  && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;;
+    3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
+        /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+          && echo i486-ncr-sysv4 && exit 0 ;;
+    m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
+	echo m68k-unknown-lynxos${UNAME_RELEASE}
+	exit 0 ;;
+    mc68030:UNIX_System_V:4.*:*)
+	echo m68k-atari-sysv4
+	exit 0 ;;
+    i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*)
+	echo i386-unknown-lynxos${UNAME_RELEASE}
+	exit 0 ;;
+    TSUNAMI:LynxOS:2.*:*)
+	echo sparc-unknown-lynxos${UNAME_RELEASE}
+	exit 0 ;;
+    rs6000:LynxOS:2.*:*)
+	echo rs6000-unknown-lynxos${UNAME_RELEASE}
+	exit 0 ;;
+    PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*)
+	echo powerpc-unknown-lynxos${UNAME_RELEASE}
+	exit 0 ;;
+    SM[BE]S:UNIX_SV:*:*)
+	echo mips-dde-sysv${UNAME_RELEASE}
+	exit 0 ;;
+    RM*:ReliantUNIX-*:*:*)
+	echo mips-sni-sysv4
+	exit 0 ;;
+    RM*:SINIX-*:*:*)
+	echo mips-sni-sysv4
+	exit 0 ;;
+    *:SINIX-*:*:*)
+	if uname -p 2>/dev/null >/dev/null ; then
+		UNAME_MACHINE=`(uname -p) 2>/dev/null`
+		echo ${UNAME_MACHINE}-sni-sysv4
+	else
+		echo ns32k-sni-sysv
+	fi
+	exit 0 ;;
+    PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
+                      # says <Richard.M.Bartel@ccMail.Census.GOV>
+        echo i586-unisys-sysv4
+        exit 0 ;;
+    *:UNIX_System_V:4*:FTX*)
+	# From Gerald Hewes <hewes@openmarket.com>.
+	# How about differentiating between stratus architectures? -djm
+	echo hppa1.1-stratus-sysv4
+	exit 0 ;;
+    *:*:*:FTX*)
+	# From seanf@swdc.stratus.com.
+	echo i860-stratus-sysv4
+	exit 0 ;;
+    *:VOS:*:*)
+	# From Paul.Green@stratus.com.
+	echo hppa1.1-stratus-vos
+	exit 0 ;;
+    mc68*:A/UX:*:*)
+	echo m68k-apple-aux${UNAME_RELEASE}
+	exit 0 ;;
+    news*:NEWS-OS:6*:*)
+	echo mips-sony-newsos6
+	exit 0 ;;
+    R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
+	if [ -d /usr/nec ]; then
+	        echo mips-nec-sysv${UNAME_RELEASE}
+	else
+	        echo mips-unknown-sysv${UNAME_RELEASE}
+	fi
+        exit 0 ;;
+    BeBox:BeOS:*:*)	# BeOS running on hardware made by Be, PPC only.
+	echo powerpc-be-beos
+	exit 0 ;;
+    BeMac:BeOS:*:*)	# BeOS running on Mac or Mac clone, PPC only.
+	echo powerpc-apple-beos
+	exit 0 ;;
+    BePC:BeOS:*:*)	# BeOS running on Intel PC compatible.
+	echo i586-pc-beos
+	exit 0 ;;
+    SX-4:SUPER-UX:*:*)
+	echo sx4-nec-superux${UNAME_RELEASE}
+	exit 0 ;;
+    SX-5:SUPER-UX:*:*)
+	echo sx5-nec-superux${UNAME_RELEASE}
+	exit 0 ;;
+    Power*:Rhapsody:*:*)
+	echo powerpc-apple-rhapsody${UNAME_RELEASE}
+	exit 0 ;;
+    *:Rhapsody:*:*)
+	echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
+	exit 0 ;;
+    *:Darwin:*:*)
+	echo `uname -p`-apple-darwin${UNAME_RELEASE}
+	exit 0 ;;
+    *:procnto*:*:* | *:QNX:[0123456789]*:*)
+	if test "${UNAME_MACHINE}" = "x86pc"; then
+		UNAME_MACHINE=pc
+	fi
+	echo `uname -p`-${UNAME_MACHINE}-nto-qnx
+	exit 0 ;;
+    *:QNX:*:4*)
+	echo i386-pc-qnx
+	exit 0 ;;
+    NSR-[GKLNPTVW]:NONSTOP_KERNEL:*:*)
+	echo nsr-tandem-nsk${UNAME_RELEASE}
+	exit 0 ;;
+    *:NonStop-UX:*:*)
+	echo mips-compaq-nonstopux
+	exit 0 ;;
+    BS2000:POSIX*:*:*)
+	echo bs2000-siemens-sysv
+	exit 0 ;;
+    DS/*:UNIX_System_V:*:*)
+	echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
+	exit 0 ;;
+    *:Plan9:*:*)
+	# "uname -m" is not consistent, so use $cputype instead. 386
+	# is converted to i386 for consistency with other x86
+	# operating systems.
+	if test "$cputype" = "386"; then
+	    UNAME_MACHINE=i386
+	else
+	    UNAME_MACHINE="$cputype"
+	fi
+	echo ${UNAME_MACHINE}-unknown-plan9
+	exit 0 ;;
+    i*86:OS/2:*:*)
+	# If we were able to find `uname', then EMX Unix compatibility
+	# is probably installed.
+	echo ${UNAME_MACHINE}-pc-os2-emx
+	exit 0 ;;
+    *:TOPS-10:*:*)
+	echo pdp10-unknown-tops10
+	exit 0 ;;
+    *:TENEX:*:*)
+	echo pdp10-unknown-tenex
+	exit 0 ;;
+    KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
+	echo pdp10-dec-tops20
+	exit 0 ;;
+    XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
+	echo pdp10-xkl-tops20
+	exit 0 ;;
+    *:TOPS-20:*:*)
+	echo pdp10-unknown-tops20
+	exit 0 ;;
+    *:ITS:*:*)
+	echo pdp10-unknown-its
+	exit 0 ;;
+    i*86:XTS-300:*:STOP)
+	echo ${UNAME_MACHINE}-unknown-stop
+	exit 0 ;;
+    i*86:atheos:*:*)
+	echo ${UNAME_MACHINE}-unknown-atheos
+	exit 0 ;;
+esac
+
+#echo '(No uname command or uname output not recognized.)' 1>&2
+#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
+
+eval $set_cc_for_build
+cat >$dummy.c <<EOF
+#ifdef _SEQUENT_
+# include <sys/types.h>
+# include <sys/utsname.h>
+#endif
+main ()
+{
+#if defined (sony)
+#if defined (MIPSEB)
+  /* BFD wants "bsd" instead of "newsos".  Perhaps BFD should be changed,
+     I don't know....  */
+  printf ("mips-sony-bsd\n"); exit (0);
+#else
+#include <sys/param.h>
+  printf ("m68k-sony-newsos%s\n",
+#ifdef NEWSOS4
+          "4"
+#else
+	  ""
+#endif
+         ); exit (0);
+#endif
+#endif
+
+#if defined (__arm) && defined (__acorn) && defined (__unix)
+  printf ("arm-acorn-riscix"); exit (0);
+#endif
+
+#if defined (hp300) && !defined (hpux)
+  printf ("m68k-hp-bsd\n"); exit (0);
+#endif
+
+#if defined (NeXT)
+#if !defined (__ARCHITECTURE__)
+#define __ARCHITECTURE__ "m68k"
+#endif
+  int version;
+  version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
+  if (version < 4)
+    printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
+  else
+    printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
+  exit (0);
+#endif
+
+#if defined (MULTIMAX) || defined (n16)
+#if defined (UMAXV)
+  printf ("ns32k-encore-sysv\n"); exit (0);
+#else
+#if defined (CMU)
+  printf ("ns32k-encore-mach\n"); exit (0);
+#else
+  printf ("ns32k-encore-bsd\n"); exit (0);
+#endif
+#endif
+#endif
+
+#if defined (__386BSD__)
+  printf ("i386-pc-bsd\n"); exit (0);
+#endif
+
+#if defined (sequent)
+#if defined (i386)
+  printf ("i386-sequent-dynix\n"); exit (0);
+#endif
+#if defined (ns32000)
+  printf ("ns32k-sequent-dynix\n"); exit (0);
+#endif
+#endif
+
+#if defined (_SEQUENT_)
+    struct utsname un;
+
+    uname(&un);
+
+    if (strncmp(un.version, "V2", 2) == 0) {
+	printf ("i386-sequent-ptx2\n"); exit (0);
+    }
+    if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
+	printf ("i386-sequent-ptx1\n"); exit (0);
+    }
+    printf ("i386-sequent-ptx\n"); exit (0);
+
+#endif
+
+#if defined (vax)
+# if !defined (ultrix)
+#  include <sys/param.h>
+#  if defined (BSD)
+#   if BSD == 43
+      printf ("vax-dec-bsd4.3\n"); exit (0);
+#   else
+#    if BSD == 199006
+      printf ("vax-dec-bsd4.3reno\n"); exit (0);
+#    else
+      printf ("vax-dec-bsd\n"); exit (0);
+#    endif
+#   endif
+#  else
+    printf ("vax-dec-bsd\n"); exit (0);
+#  endif
+# else
+    printf ("vax-dec-ultrix\n"); exit (0);
+# endif
+#endif
+
+#if defined (alliant) && defined (i860)
+  printf ("i860-alliant-bsd\n"); exit (0);
+#endif
+
+  exit (1);
+}
+EOF
+
+$CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null && ./$dummy && rm -f $dummy.c $dummy && exit 0
+rm -f $dummy.c $dummy
+
+# Apollos put the system type in the environment.
+
+test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; }
+
+# Convex versions that predate uname can use getsysinfo(1)
+
+if [ -x /usr/convex/getsysinfo ]
+then
+    case `getsysinfo -f cpu_type` in
+    c1*)
+	echo c1-convex-bsd
+	exit 0 ;;
+    c2*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+	exit 0 ;;
+    c34*)
+	echo c34-convex-bsd
+	exit 0 ;;
+    c38*)
+	echo c38-convex-bsd
+	exit 0 ;;
+    c4*)
+	echo c4-convex-bsd
+	exit 0 ;;
+    esac
+fi
+
+cat >&2 <<EOF
+$0: unable to guess system type
+
+This script, last modified $timestamp, has failed to recognize
+the operating system you are using. It is advised that you
+download the most up to date version of the config scripts from
+
+    ftp://ftp.gnu.org/pub/gnu/config/
+
+If the version you run ($0) is already up to date, please
+send the following data and any information you think might be
+pertinent to <config-patches@gnu.org> in order to provide the needed
+information to handle your system.
+
+config.guess timestamp = $timestamp
+
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null`
+
+hostinfo               = `(hostinfo) 2>/dev/null`
+/bin/universe          = `(/bin/universe) 2>/dev/null`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null`
+/bin/arch              = `(/bin/arch) 2>/dev/null`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
+
+UNAME_MACHINE = ${UNAME_MACHINE}
+UNAME_RELEASE = ${UNAME_RELEASE}
+UNAME_SYSTEM  = ${UNAME_SYSTEM}
+UNAME_VERSION = ${UNAME_VERSION}
+EOF
+
+exit 1
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/source3/config.sub b/source3/config.sub
new file mode 100755
index 0000000000..2476310dff
--- /dev/null
+++ b/source3/config.sub
@@ -0,0 +1,1421 @@
+#! /bin/sh
+# Configuration validation subroutine script.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
+#   Free Software Foundation, Inc.
+
+timestamp='2001-12-03'
+
+# This file is (in principle) common to ALL GNU software.
+# The presence of a machine in this file suggests that SOME GNU software
+# can handle that machine.  It does not imply ALL GNU software can.
+#
+# This file is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330,
+# Boston, MA 02111-1307, USA.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# Please send patches to <config-patches@gnu.org>.  Submit a context
+# diff and a properly formatted ChangeLog entry.
+#
+# Configuration subroutine to validate and canonicalize a configuration type.
+# Supply the specified configuration type as an argument.
+# If it is invalid, we print an error message on stderr and exit with code 1.
+# Otherwise, we print the canonical config type on stdout and succeed.
+
+# This file is supposed to be the same for all GNU packages
+# and recognize all the CPU types, system types and aliases
+# that are meaningful with *any* GNU software.
+# Each package is responsible for reporting which valid configurations
+# it does not support.  The user should be able to distinguish
+# a failure to support a valid configuration from a meaningless
+# configuration.
+
+# The goal of this file is to map all the various variations of a given
+# machine specification into a single specification in the form:
+#	CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
+# or in some cases, the newer four-part form:
+#	CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
+# It is wrong to echo any other type of specification.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION] CPU-MFR-OPSYS
+       $0 [OPTION] ALIAS
+
+Canonicalize a configuration name.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.sub ($timestamp)
+
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
+Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit 0 ;;
+    --version | -v )
+       echo "$version" ; exit 0 ;;
+    --help | --h* | -h )
+       echo "$usage"; exit 0 ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help"
+       exit 1 ;;
+
+    *local*)
+       # First pass through any local machine types.
+       echo $1
+       exit 0;;
+
+    * )
+       break ;;
+  esac
+done
+
+case $# in
+ 0) echo "$me: missing argument$help" >&2
+    exit 1;;
+ 1) ;;
+ *) echo "$me: too many arguments$help" >&2
+    exit 1;;
+esac
+
+# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
+# Here we must recognize all the valid KERNEL-OS combinations.
+maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
+case $maybe_os in
+  nto-qnx* | linux-gnu* | storm-chaos* | os2-emx* | windows32-*)
+    os=-$maybe_os
+    basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
+    ;;
+  *)
+    basic_machine=`echo $1 | sed 's/-[^-]*$//'`
+    if [ $basic_machine != $1 ]
+    then os=`echo $1 | sed 's/.*-/-/'`
+    else os=; fi
+    ;;
+esac
+
+### Let's recognize common machines as not being operating systems so
+### that things like config.sub decstation-3100 work.  We also
+### recognize some manufacturers as not being operating systems, so we
+### can provide default operating systems below.
+case $os in
+	-sun*os*)
+		# Prevent following clause from handling this invalid input.
+		;;
+	-dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
+	-att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
+	-unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
+	-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
+	-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
+	-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
+	-apple | -axis)
+		os=
+		basic_machine=$1
+		;;
+	-sim | -cisco | -oki | -wec | -winbond)
+		os=
+		basic_machine=$1
+		;;
+	-scout)
+		;;
+	-wrs)
+		os=-vxworks
+		basic_machine=$1
+		;;
+	-chorusos*)
+		os=-chorusos
+		basic_machine=$1
+		;;
+ 	-chorusrdb)
+ 		os=-chorusrdb
+		basic_machine=$1
+ 		;;
+	-hiux*)
+		os=-hiuxwe2
+		;;
+	-sco5)
+		os=-sco3.2v5
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco4)
+		os=-sco3.2v4
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2.[4-9]*)
+		os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2v[4-9]*)
+		# Don't forget version if it is 3.2v4 or newer.
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco*)
+		os=-sco3.2v2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-udk*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-isc)
+		os=-isc2.2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-clix*)
+		basic_machine=clipper-intergraph
+		;;
+	-isc*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-lynx*)
+		os=-lynxos
+		;;
+	-ptx*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
+		;;
+	-windowsnt*)
+		os=`echo $os | sed -e 's/windowsnt/winnt/'`
+		;;
+	-psos*)
+		os=-psos
+		;;
+	-mint | -mint[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
+esac
+
+# Decode aliases for certain CPU-COMPANY combinations.
+case $basic_machine in
+	# Recognize the basic CPU types without company name.
+	# Some are omitted here because they have special meanings below.
+	1750a | 580 \
+	| a29k \
+	| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
+	| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \
+	| c4x | clipper \
+	| d10v | d30v | dsp16xx \
+	| fr30 \
+	| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
+	| i370 | i860 | i960 | ia64 \
+	| m32r | m68000 | m68k | m88k | mcore \
+	| mips16 | mips64 | mips64el | mips64orion | mips64orionel \
+	| mips64vr4100 | mips64vr4100el | mips64vr4300 \
+	| mips64vr4300el | mips64vr5000 | mips64vr5000el \
+	| mipsbe | mipseb | mipsel | mipsle | mipstx39 | mipstx39el \
+	| mipsisa32 \
+	| mn10200 | mn10300 \
+	| ns16k | ns32k \
+	| openrisc \
+	| pdp10 | pdp11 | pj | pjl \
+	| powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
+	| pyramid \
+	| sh | sh[34] | sh[34]eb | shbe | shle \
+	| sparc | sparc64 | sparclet | sparclite | sparcv9 | sparcv9b \
+	| strongarm \
+	| tahoe | thumb | tic80 | tron \
+	| v850 | v850e \
+	| we32k \
+	| x86 | xscale | xstormy16 | xtensa \
+	| z8k)
+		basic_machine=$basic_machine-unknown
+		;;
+	m6811 | m68hc11 | m6812 | m68hc12)
+		# Motorola 68HC11/12.
+		basic_machine=$basic_machine-unknown
+		os=-none
+		;;
+	m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
+		;;
+
+	# We use `pc' rather than `unknown'
+	# because (1) that's what they normally are, and
+	# (2) the word "unknown" tends to confuse beginning users.
+	i*86 | x86_64)
+	  basic_machine=$basic_machine-pc
+	  ;;
+	# Object if more than one company name word.
+	*-*-*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+	# Recognize the basic CPU types with company name.
+	580-* \
+	| a29k-* \
+	| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
+	| alphapca5[67]-* | arc-* \
+	| arm-*  | armbe-* | armle-* | armv*-* \
+	| avr-* \
+	| bs2000-* \
+	| c[123]* | c30-* | [cjt]90-* | c54x-* \
+	| clipper-* | cray2-* | cydra-* \
+	| d10v-* | d30v-* \
+	| elxsi-* \
+	| f30[01]-* | f700-* | fr30-* | fx80-* \
+	| h8300-* | h8500-* \
+	| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
+	| i*86-* | i860-* | i960-* | ia64-* \
+	| m32r-* \
+	| m68000-* | m680[01234]0-* | m68360-* | m683?2-* | m68k-* \
+	| m88110-* | m88k-* | mcore-* \
+	| mips-* | mips16-* | mips64-* | mips64el-* | mips64orion-* \
+	| mips64orionel-* | mips64vr4100-* | mips64vr4100el-* \
+	| mips64vr4300-* | mips64vr4300el-* | mipsbe-* | mipseb-* \
+	| mipsle-* | mipsel-* | mipstx39-* | mipstx39el-* \
+	| none-* | np1-* | ns16k-* | ns32k-* \
+	| orion-* \
+	| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
+	| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
+	| pyramid-* \
+	| romp-* | rs6000-* \
+	| sh-* | sh[34]-* | sh[34]eb-* | shbe-* | shle-* \
+	| sparc-* | sparc64-* | sparc86x-* | sparclite-* \
+	| sparcv9-* | sparcv9b-* | strongarm-* | sv1-* \
+	| t3e-* | tahoe-* | thumb-* | tic30-* | tic54x-* | tic80-* | tron-* \
+	| v850-* | v850e-* | vax-* \
+	| we32k-* \
+	| x86-* | x86_64-* | xmp-* | xps100-* | xscale-* | xstormy16-* \
+	| xtensa-* \
+	| ymp-* \
+	| z8k-*)
+		;;
+	# Recognize the various machine names and aliases which stand
+	# for a CPU type and a company and sometimes even an OS.
+	386bsd)
+		basic_machine=i386-unknown
+		os=-bsd
+		;;
+	3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
+		basic_machine=m68000-att
+		;;
+	3b*)
+		basic_machine=we32k-att
+		;;
+	a29khif)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	adobe68k)
+		basic_machine=m68010-adobe
+		os=-scout
+		;;
+	alliant | fx80)
+		basic_machine=fx80-alliant
+		;;
+	altos | altos3068)
+		basic_machine=m68k-altos
+		;;
+	am29k)
+		basic_machine=a29k-none
+		os=-bsd
+		;;
+	amdahl)
+		basic_machine=580-amdahl
+		os=-sysv
+		;;
+	amiga | amiga-*)
+		basic_machine=m68k-unknown
+		;;
+	amigaos | amigados)
+		basic_machine=m68k-unknown
+		os=-amigaos
+		;;
+	amigaunix | amix)
+		basic_machine=m68k-unknown
+		os=-sysv4
+		;;
+	apollo68)
+		basic_machine=m68k-apollo
+		os=-sysv
+		;;
+	apollo68bsd)
+		basic_machine=m68k-apollo
+		os=-bsd
+		;;
+	aux)
+		basic_machine=m68k-apple
+		os=-aux
+		;;
+	balance)
+		basic_machine=ns32k-sequent
+		os=-dynix
+		;;
+	convex-c1)
+		basic_machine=c1-convex
+		os=-bsd
+		;;
+	convex-c2)
+		basic_machine=c2-convex
+		os=-bsd
+		;;
+	convex-c32)
+		basic_machine=c32-convex
+		os=-bsd
+		;;
+	convex-c34)
+		basic_machine=c34-convex
+		os=-bsd
+		;;
+	convex-c38)
+		basic_machine=c38-convex
+		os=-bsd
+		;;
+	cray | ymp)
+		basic_machine=ymp-cray
+		os=-unicos
+		;;
+	cray2)
+		basic_machine=cray2-cray
+		os=-unicos
+		;;
+	[cjt]90)
+		basic_machine=${basic_machine}-cray
+		os=-unicos
+		;;
+	crds | unos)
+		basic_machine=m68k-crds
+		;;
+	cris | cris-* | etrax*)
+		basic_machine=cris-axis
+		;;
+	da30 | da30-*)
+		basic_machine=m68k-da30
+		;;
+	decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
+		basic_machine=mips-dec
+		;;
+	delta | 3300 | motorola-3300 | motorola-delta \
+	      | 3300-motorola | delta-motorola)
+		basic_machine=m68k-motorola
+		;;
+	delta88)
+		basic_machine=m88k-motorola
+		os=-sysv3
+		;;
+	dpx20 | dpx20-*)
+		basic_machine=rs6000-bull
+		os=-bosx
+		;;
+	dpx2* | dpx2*-bull)
+		basic_machine=m68k-bull
+		os=-sysv3
+		;;
+	ebmon29k)
+		basic_machine=a29k-amd
+		os=-ebmon
+		;;
+	elxsi)
+		basic_machine=elxsi-elxsi
+		os=-bsd
+		;;
+	encore | umax | mmax)
+		basic_machine=ns32k-encore
+		;;
+	es1800 | OSE68k | ose68k | ose | OSE)
+		basic_machine=m68k-ericsson
+		os=-ose
+		;;
+	fx2800)
+		basic_machine=i860-alliant
+		;;
+	genix)
+		basic_machine=ns32k-ns
+		;;
+	gmicro)
+		basic_machine=tron-gmicro
+		os=-sysv
+		;;
+	go32)
+		basic_machine=i386-pc
+		os=-go32
+		;;
+	h3050r* | hiux*)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	h8300hms)
+		basic_machine=h8300-hitachi
+		os=-hms
+		;;
+	h8300xray)
+		basic_machine=h8300-hitachi
+		os=-xray
+		;;
+	h8500hms)
+		basic_machine=h8500-hitachi
+		os=-hms
+		;;
+	harris)
+		basic_machine=m88k-harris
+		os=-sysv3
+		;;
+	hp300-*)
+		basic_machine=m68k-hp
+		;;
+	hp300bsd)
+		basic_machine=m68k-hp
+		os=-bsd
+		;;
+	hp300hpux)
+		basic_machine=m68k-hp
+		os=-hpux
+		;;
+	hp3k9[0-9][0-9] | hp9[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k2[0-9][0-9] | hp9k31[0-9])
+		basic_machine=m68000-hp
+		;;
+	hp9k3[2-9][0-9])
+		basic_machine=m68k-hp
+		;;
+	hp9k6[0-9][0-9] | hp6[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k7[0-79][0-9] | hp7[0-79][0-9])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k78[0-9] | hp78[0-9])
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][13679] | hp8[0-9][13679])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][0-9] | hp8[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hppa-next)
+		os=-nextstep3
+		;;
+	hppaosf)
+		basic_machine=hppa1.1-hp
+		os=-osf
+		;;
+	hppro)
+		basic_machine=hppa1.1-hp
+		os=-proelf
+		;;
+	i370-ibm* | ibm*)
+		basic_machine=i370-ibm
+		;;
+# I'm not sure what "Sysv32" means.  Should this be sysv3.2?
+	i*86v32)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv32
+		;;
+	i*86v4*)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv4
+		;;
+	i*86v)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv
+		;;
+	i*86sol2)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-solaris2
+		;;
+	i386mach)
+		basic_machine=i386-mach
+		os=-mach
+		;;
+	i386-vsta | vsta)
+		basic_machine=i386-unknown
+		os=-vsta
+		;;
+	iris | iris4d)
+		basic_machine=mips-sgi
+		case $os in
+		    -irix*)
+			;;
+		    *)
+			os=-irix4
+			;;
+		esac
+		;;
+	isi68 | isi)
+		basic_machine=m68k-isi
+		os=-sysv
+		;;
+	m88k-omron*)
+		basic_machine=m88k-omron
+		;;
+	magnum | m3230)
+		basic_machine=mips-mips
+		os=-sysv
+		;;
+	merlin)
+		basic_machine=ns32k-utek
+		os=-sysv
+		;;
+	mingw32)
+		basic_machine=i386-pc
+		os=-mingw32
+		;;
+	miniframe)
+		basic_machine=m68000-convergent
+		;;
+	*mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
+	mipsel*-linux*)
+		basic_machine=mipsel-unknown
+		os=-linux-gnu
+		;;
+	mips*-linux*)
+		basic_machine=mips-unknown
+		os=-linux-gnu
+		;;
+	mips3*-*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
+		;;
+	mips3*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
+		;;
+	mmix*)
+		basic_machine=mmix-knuth
+		os=-mmixware
+		;;
+	monitor)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
+	msdos)
+		basic_machine=i386-pc
+		os=-msdos
+		;;
+	mvs)
+		basic_machine=i370-ibm
+		os=-mvs
+		;;
+	ncr3000)
+		basic_machine=i486-ncr
+		os=-sysv4
+		;;
+	netbsd386)
+		basic_machine=i386-unknown
+		os=-netbsd
+		;;
+	netwinder)
+		basic_machine=armv4l-rebel
+		os=-linux
+		;;
+	news | news700 | news800 | news900)
+		basic_machine=m68k-sony
+		os=-newsos
+		;;
+	news1000)
+		basic_machine=m68030-sony
+		os=-newsos
+		;;
+	news-3600 | risc-news)
+		basic_machine=mips-sony
+		os=-newsos
+		;;
+	necv70)
+		basic_machine=v70-nec
+		os=-sysv
+		;;
+	next | m*-next )
+		basic_machine=m68k-next
+		case $os in
+		    -nextstep* )
+			;;
+		    -ns2*)
+		      os=-nextstep2
+			;;
+		    *)
+		      os=-nextstep3
+			;;
+		esac
+		;;
+	nh3000)
+		basic_machine=m68k-harris
+		os=-cxux
+		;;
+	nh[45]000)
+		basic_machine=m88k-harris
+		os=-cxux
+		;;
+	nindy960)
+		basic_machine=i960-intel
+		os=-nindy
+		;;
+	mon960)
+		basic_machine=i960-intel
+		os=-mon960
+		;;
+	nonstopux)
+		basic_machine=mips-compaq
+		os=-nonstopux
+		;;
+	np1)
+		basic_machine=np1-gould
+		;;
+	nsr-tandem)
+		basic_machine=nsr-tandem
+		;;
+	op50n-* | op60c-*)
+		basic_machine=hppa1.1-oki
+		os=-proelf
+		;;
+	OSE68000 | ose68000)
+		basic_machine=m68000-ericsson
+		os=-ose
+		;;
+	os68k)
+		basic_machine=m68k-none
+		os=-os68k
+		;;
+	pa-hitachi)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	paragon)
+		basic_machine=i860-intel
+		os=-osf
+		;;
+	pbd)
+		basic_machine=sparc-tti
+		;;
+	pbb)
+		basic_machine=m68k-tti
+		;;
+        pc532 | pc532-*)
+		basic_machine=ns32k-pc532
+		;;
+	pentium | p5 | k5 | k6 | nexgen | viac3)
+		basic_machine=i586-pc
+		;;
+	pentiumpro | p6 | 6x86 | athlon)
+		basic_machine=i686-pc
+		;;
+	pentiumii | pentium2)
+		basic_machine=i686-pc
+		;;
+	pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
+		basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumpro-* | p6-* | 6x86-* | athlon-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumii-* | pentium2-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pn)
+		basic_machine=pn-gould
+		;;
+	power)	basic_machine=power-ibm
+		;;
+	ppc)	basic_machine=powerpc-unknown
+	        ;;
+	ppc-*)	basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppcle | powerpclittle | ppc-le | powerpc-little)
+		basic_machine=powerpcle-unknown
+	        ;;
+	ppcle-* | powerpclittle-*)
+		basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppc64)	basic_machine=powerpc64-unknown
+	        ;;
+	ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppc64le | powerpc64little | ppc64-le | powerpc64-little)
+		basic_machine=powerpc64le-unknown
+	        ;;
+	ppc64le-* | powerpc64little-*)
+		basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ps2)
+		basic_machine=i386-ibm
+		;;
+	pw32)
+		basic_machine=i586-unknown
+		os=-pw32
+		;;
+	rom68k)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
+	rm[46]00)
+		basic_machine=mips-siemens
+		;;
+	rtpc | rtpc-*)
+		basic_machine=romp-ibm
+		;;
+	s390 | s390-*)
+		basic_machine=s390-ibm
+		;;
+	s390x | s390x-*)
+		basic_machine=s390x-ibm
+		;;
+	sa29200)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	sequent)
+		basic_machine=i386-sequent
+		;;
+	sh)
+		basic_machine=sh-hitachi
+		os=-hms
+		;;
+	sparclite-wrs | simso-wrs)
+		basic_machine=sparclite-wrs
+		os=-vxworks
+		;;
+	sps7)
+		basic_machine=m68k-bull
+		os=-sysv2
+		;;
+	spur)
+		basic_machine=spur-unknown
+		;;
+	st2000)
+		basic_machine=m68k-tandem
+		;;
+	stratus)
+		basic_machine=i860-stratus
+		os=-sysv4
+		;;
+	sun2)
+		basic_machine=m68000-sun
+		;;
+	sun2os3)
+		basic_machine=m68000-sun
+		os=-sunos3
+		;;
+	sun2os4)
+		basic_machine=m68000-sun
+		os=-sunos4
+		;;
+	sun3os3)
+		basic_machine=m68k-sun
+		os=-sunos3
+		;;
+	sun3os4)
+		basic_machine=m68k-sun
+		os=-sunos4
+		;;
+	sun4os3)
+		basic_machine=sparc-sun
+		os=-sunos3
+		;;
+	sun4os4)
+		basic_machine=sparc-sun
+		os=-sunos4
+		;;
+	sun4sol2)
+		basic_machine=sparc-sun
+		os=-solaris2
+		;;
+	sun3 | sun3-*)
+		basic_machine=m68k-sun
+		;;
+	sun4)
+		basic_machine=sparc-sun
+		;;
+	sun386 | sun386i | roadrunner)
+		basic_machine=i386-sun
+		;;
+	sv1)
+		basic_machine=sv1-cray
+		os=-unicos
+		;;
+	symmetry)
+		basic_machine=i386-sequent
+		os=-dynix
+		;;
+	t3e)
+		basic_machine=t3e-cray
+		os=-unicos
+		;;
+	tic54x | c54x*)
+		basic_machine=tic54x-unknown
+		os=-coff
+		;;
+	tx39)
+		basic_machine=mipstx39-unknown
+		;;
+	tx39el)
+		basic_machine=mipstx39el-unknown
+		;;
+	tower | tower-32)
+		basic_machine=m68k-ncr
+		;;
+	udi29k)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	ultra3)
+		basic_machine=a29k-nyu
+		os=-sym1
+		;;
+	v810 | necv810)
+		basic_machine=v810-nec
+		os=-none
+		;;
+	vaxv)
+		basic_machine=vax-dec
+		os=-sysv
+		;;
+	vms)
+		basic_machine=vax-dec
+		os=-vms
+		;;
+	vpp*|vx|vx-*)
+               basic_machine=f301-fujitsu
+               ;;
+	vxworks960)
+		basic_machine=i960-wrs
+		os=-vxworks
+		;;
+	vxworks68)
+		basic_machine=m68k-wrs
+		os=-vxworks
+		;;
+	vxworks29k)
+		basic_machine=a29k-wrs
+		os=-vxworks
+		;;
+	w65*)
+		basic_machine=w65-wdc
+		os=-none
+		;;
+	w89k-*)
+		basic_machine=hppa1.1-winbond
+		os=-proelf
+		;;
+	windows32)
+		basic_machine=i386-pc
+		os=-windows32-msvcrt
+		;;
+	xmp)
+		basic_machine=xmp-cray
+		os=-unicos
+		;;
+        xps | xps100)
+		basic_machine=xps100-honeywell
+		;;
+	z8k-*-coff)
+		basic_machine=z8k-unknown
+		os=-sim
+		;;
+	none)
+		basic_machine=none-none
+		os=-none
+		;;
+
+# Here we handle the default manufacturer of certain CPU types.  It is in
+# some cases the only manufacturer, in others, it is the most popular.
+	w89k)
+		basic_machine=hppa1.1-winbond
+		;;
+	op50n)
+		basic_machine=hppa1.1-oki
+		;;
+	op60c)
+		basic_machine=hppa1.1-oki
+		;;
+	mips)
+		if [ x$os = x-linux-gnu ]; then
+			basic_machine=mips-unknown
+		else
+			basic_machine=mips-mips
+		fi
+		;;
+	romp)
+		basic_machine=romp-ibm
+		;;
+	rs6000)
+		basic_machine=rs6000-ibm
+		;;
+	vax)
+		basic_machine=vax-dec
+		;;
+	pdp10)
+		# there are many clones, so DEC is not a safe bet
+		basic_machine=pdp10-unknown
+		;;
+	pdp11)
+		basic_machine=pdp11-dec
+		;;
+	we32k)
+		basic_machine=we32k-att
+		;;
+	sh3 | sh4 | sh3eb | sh4eb)
+		basic_machine=sh-unknown
+		;;
+	sparc | sparcv9 | sparcv9b)
+		basic_machine=sparc-sun
+		;;
+        cydra)
+		basic_machine=cydra-cydrome
+		;;
+	orion)
+		basic_machine=orion-highlevel
+		;;
+	orion105)
+		basic_machine=clipper-highlevel
+		;;
+	mac | mpw | mac-mpw)
+		basic_machine=m68k-apple
+		;;
+	pmac | pmac-mpw)
+		basic_machine=powerpc-apple
+		;;
+	c4x*)
+		basic_machine=c4x-none
+		os=-coff
+		;;
+	*-unknown)
+		# Make sure to match an already-canonicalized machine name.
+		;;
+	*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+esac
+
+# Here we canonicalize certain aliases for manufacturers.
+case $basic_machine in
+	*-digital*)
+		basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
+		;;
+	*-commodore*)
+		basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
+		;;
+	*)
+		;;
+esac
+
+# Decode manufacturer-specific aliases for certain operating systems.
+
+if [ x"$os" != x"" ]
+then
+case $os in
+        # First match some system type aliases
+        # that might get confused with valid system types.
+	# -solaris* is a basic system type, with this one exception.
+	-solaris1 | -solaris1.*)
+		os=`echo $os | sed -e 's|solaris1|sunos4|'`
+		;;
+	-solaris)
+		os=-solaris2
+		;;
+	-svr4*)
+		os=-sysv4
+		;;
+	-unixware*)
+		os=-sysv4.2uw
+		;;
+	-gnu/linux*)
+		os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
+		;;
+	# First accept the basic system types.
+	# The portable systems comes first.
+	# Each alternative MUST END IN A *, to match a version number.
+	# -sysv* is not here because it comes later, after sysvr4.
+	-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
+	      | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\
+	      | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
+	      | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
+	      | -aos* \
+	      | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
+	      | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
+	      | -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \
+	      | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
+	      | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
+	      | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
+	      | -chorusos* | -chorusrdb* \
+	      | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
+	      | -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \
+	      | -interix* | -uwin* | -rhapsody* | -darwin* | -opened* \
+	      | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
+	      | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
+	      | -os2* | -vos* | -palmos* | -uclinux* | -nucleus*)
+	# Remember, each alternative MUST END IN *, to match a version number.
+		;;
+	-qnx*)
+		case $basic_machine in
+		    x86-* | i*86-*)
+			;;
+		    *)
+			os=-nto$os
+			;;
+		esac
+		;;
+	-nto*)
+		os=-nto-qnx
+		;;
+	-sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
+	      | -windows* | -osx | -abug | -netware* | -os9* | -beos* \
+	      | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
+		;;
+	-mac*)
+		os=`echo $os | sed -e 's|mac|macos|'`
+		;;
+	-linux*)
+		os=`echo $os | sed -e 's|linux|linux-gnu|'`
+		;;
+	-sunos5*)
+		os=`echo $os | sed -e 's|sunos5|solaris2|'`
+		;;
+	-sunos6*)
+		os=`echo $os | sed -e 's|sunos6|solaris3|'`
+		;;
+	-opened*)
+		os=-openedition
+		;;
+	-wince*)
+		os=-wince
+		;;
+	-osfrose*)
+		os=-osfrose
+		;;
+	-osf*)
+		os=-osf
+		;;
+	-utek*)
+		os=-bsd
+		;;
+	-dynix*)
+		os=-bsd
+		;;
+	-acis*)
+		os=-aos
+		;;
+	-atheos*)
+		os=-atheos
+		;;
+	-386bsd)
+		os=-bsd
+		;;
+	-ctix* | -uts*)
+		os=-sysv
+		;;
+	-ns2 )
+	        os=-nextstep2
+		;;
+	-nsk*)
+		os=-nsk
+		;;
+	# Preserve the version number of sinix5.
+	-sinix5.*)
+		os=`echo $os | sed -e 's|sinix|sysv|'`
+		;;
+	-sinix*)
+		os=-sysv4
+		;;
+	-triton*)
+		os=-sysv3
+		;;
+	-oss*)
+		os=-sysv3
+		;;
+	-svr4)
+		os=-sysv4
+		;;
+	-svr3)
+		os=-sysv3
+		;;
+	-sysvr4)
+		os=-sysv4
+		;;
+	# This must come after -sysvr4.
+	-sysv*)
+		;;
+	-ose*)
+		os=-ose
+		;;
+	-es1800*)
+		os=-ose
+		;;
+	-xenix)
+		os=-xenix
+		;;
+        -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+	        os=-mint
+		;;
+	-none)
+		;;
+	*)
+		# Get rid of the `-' at the beginning of $os.
+		os=`echo $os | sed 's/[^-]*-//'`
+		echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
+		exit 1
+		;;
+esac
+else
+
+# Here we handle the default operating systems that come with various machines.
+# The value should be what the vendor currently ships out the door with their
+# machine or put another way, the most popular os provided with the machine.
+
+# Note that if you're going to try to match "-MANUFACTURER" here (say,
+# "-sun"), then you have to tell the case statement up towards the top
+# that MANUFACTURER isn't an operating system.  Otherwise, code above
+# will signal an error saying that MANUFACTURER isn't an operating
+# system, and we'll never get to this point.
+
+case $basic_machine in
+	*-acorn)
+		os=-riscix1.2
+		;;
+	arm*-rebel)
+		os=-linux
+		;;
+	arm*-semi)
+		os=-aout
+		;;
+	pdp10-*)
+		os=-tops20
+		;;
+        pdp11-*)
+		os=-none
+		;;
+	*-dec | vax-*)
+		os=-ultrix4.2
+		;;
+	m68*-apollo)
+		os=-domain
+		;;
+	i386-sun)
+		os=-sunos4.0.2
+		;;
+	m68000-sun)
+		os=-sunos3
+		# This also exists in the configure program, but was not the
+		# default.
+		# os=-sunos4
+		;;
+	m68*-cisco)
+		os=-aout
+		;;
+	mips*-cisco)
+		os=-elf
+		;;
+	mips*-*)
+		os=-elf
+		;;
+	*-tti)	# must be before sparc entry or we get the wrong os.
+		os=-sysv3
+		;;
+	sparc-* | *-sun)
+		os=-sunos4.1.1
+		;;
+	*-be)
+		os=-beos
+		;;
+	*-ibm)
+		os=-aix
+		;;
+	*-wec)
+		os=-proelf
+		;;
+	*-winbond)
+		os=-proelf
+		;;
+	*-oki)
+		os=-proelf
+		;;
+	*-hp)
+		os=-hpux
+		;;
+	*-hitachi)
+		os=-hiux
+		;;
+	i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
+		os=-sysv
+		;;
+	*-cbm)
+		os=-amigaos
+		;;
+	*-dg)
+		os=-dgux
+		;;
+	*-dolphin)
+		os=-sysv3
+		;;
+	m68k-ccur)
+		os=-rtu
+		;;
+	m88k-omron*)
+		os=-luna
+		;;
+	*-next )
+		os=-nextstep
+		;;
+	*-sequent)
+		os=-ptx
+		;;
+	*-crds)
+		os=-unos
+		;;
+	*-ns)
+		os=-genix
+		;;
+	i370-*)
+		os=-mvs
+		;;
+	*-next)
+		os=-nextstep3
+		;;
+        *-gould)
+		os=-sysv
+		;;
+        *-highlevel)
+		os=-bsd
+		;;
+	*-encore)
+		os=-bsd
+		;;
+        *-sgi)
+		os=-irix
+		;;
+        *-siemens)
+		os=-sysv4
+		;;
+	*-masscomp)
+		os=-rtu
+		;;
+	f30[01]-fujitsu | f700-fujitsu)
+		os=-uxpv
+		;;
+	*-rom68k)
+		os=-coff
+		;;
+	*-*bug)
+		os=-coff
+		;;
+	*-apple)
+		os=-macos
+		;;
+	*-atari*)
+		os=-mint
+		;;
+	*)
+		os=-none
+		;;
+esac
+fi
+
+# Here we handle the case where we know the os, and the CPU type, but not the
+# manufacturer.  We pick the logical manufacturer.
+vendor=unknown
+case $basic_machine in
+	*-unknown)
+		case $os in
+			-riscix*)
+				vendor=acorn
+				;;
+			-sunos*)
+				vendor=sun
+				;;
+			-aix*)
+				vendor=ibm
+				;;
+			-beos*)
+				vendor=be
+				;;
+			-hpux*)
+				vendor=hp
+				;;
+			-mpeix*)
+				vendor=hp
+				;;
+			-hiux*)
+				vendor=hitachi
+				;;
+			-unos*)
+				vendor=crds
+				;;
+			-dgux*)
+				vendor=dg
+				;;
+			-luna*)
+				vendor=omron
+				;;
+			-genix*)
+				vendor=ns
+				;;
+			-mvs* | -opened*)
+				vendor=ibm
+				;;
+			-ptx*)
+				vendor=sequent
+				;;
+			-vxsim* | -vxworks*)
+				vendor=wrs
+				;;
+			-aux*)
+				vendor=apple
+				;;
+			-hms*)
+				vendor=hitachi
+				;;
+			-mpw* | -macos*)
+				vendor=apple
+				;;
+			-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+				vendor=atari
+				;;
+			-vos*)
+				vendor=stratus
+				;;
+		esac
+		basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
+		;;
+esac
+
+echo $basic_machine$os
+exit 0
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/source3/configure b/source3/configure
new file mode 100755
index 0000000000..5e2416abe7
--- /dev/null
+++ b/source3/configure
@@ -0,0 +1,14127 @@
+#! /bin/sh
+
+# Guess values for system-dependent variables and create Makefiles.
+# Generated automatically using autoconf version 2.13 
+# Copyright (C) 1992, 93, 94, 95, 96 Free Software Foundation, Inc.
+#
+# This configure script is free software; the Free Software Foundation
+# gives unlimited permission to copy, distribute and modify it.
+
+# Defaults:
+ac_help=
+ac_default_prefix=/usr/local
+# Any additions from configure.in:
+ac_default_prefix=/usr/local/samba
+ac_help="$ac_help
+  --enable-debug          turn on debugging [default=no]"
+ac_help="$ac_help
+  --enable-developer      turn on developer warnings and debugging [default=no]"
+ac_help="$ac_help
+  --enable-krb5developer      turn on developer warnings and debugging, except -Wstrict-prototypes [default=no]"
+ac_help="$ac_help
+  --enable-dmalloc          enable heap debugging [default=no]"
+ac_help="$ac_help
+  --with-readline[=DIR]   Look for readline include/libs in DIR (default=auto) "
+ac_help="$ac_help
+  --with-libiconv=BASEDIR Use libiconv in BASEDIR/lib and BASEDIR/include (default=auto) "
+ac_help="$ac_help
+  --with-smbwrapper       Include SMB wrapper support (default=no) "
+ac_help="$ac_help
+  --with-afs              Include AFS clear-text auth support (default=no) "
+ac_help="$ac_help
+  --with-dce-dfs          Include DCE/DFS clear-text auth support (default=no)"
+ac_help="$ac_help
+  --with-krb5=base-dir    Locate Kerberos 5 support (default=/usr)"
+ac_help="$ac_help
+  --with-automount        Include AUTOMOUNT support (default=no)"
+ac_help="$ac_help
+  --with-smbmount         Include SMBMOUNT (Linux only) support (default=no)"
+ac_help="$ac_help
+  --with-pam              Include PAM support (default=no)"
+ac_help="$ac_help
+  --with-pam_smbpass      Build a PAM module to allow other applications to use our smbpasswd file (default=no)"
+ac_help="$ac_help
+  --with-tdbsam           Include experimental TDB SAM support (default=no)"
+ac_help="$ac_help
+  --with-ldapsam          Include experimental LDAP SAM support (default=no)"
+ac_help="$ac_help
+  --with-nisplussam       Include NISPLUS SAM support (default=no)"
+ac_help="$ac_help
+  --with-nisplus-home     Include NISPLUS_HOME support (default=no)"
+ac_help="$ac_help
+  --with-ssl              Include SSL support (default=no)
+  --with-sslinc=DIR          Where the SSL includes are (defaults to /usr/local/ssl/include)
+  --with-ssllib=DIR          Where the SSL libraries are (defaults to /usr/local/ssl/lib)"
+ac_help="$ac_help
+  --with-syslog           Include experimental SYSLOG support (default=no)"
+ac_help="$ac_help
+  --with-profiling-data   Include gathering source code profile information (default=no)"
+ac_help="$ac_help
+  --with-quotas           Include experimental disk-quota support (default=no)"
+ac_help="$ac_help
+  --with-utmp             Include experimental utmp accounting (default=no)"
+ac_help="$ac_help
+  --with-privatedir=DIR   Where to put smbpasswd ($ac_default_prefix/private)"
+ac_help="$ac_help
+  --with-lockdir=DIR      Where to put lock files ($ac_default_prefix/var/locks)"
+ac_help="$ac_help
+  --with-swatdir=DIR      Where to put SWAT files ($ac_default_prefix/swat)"
+ac_help="$ac_help
+  --with-manpages-langs={en,ja,pl}  Choose man pages' language(s). (en)"
+ac_help="$ac_help
+  --with-spinlocks        Use spin locks instead of fcntl locks (default=no) "
+ac_help="$ac_help
+  --with-acl-support      Include ACL support (default=no)"
+ac_help="$ac_help
+  --with-winbind          Build winbind (default, if supported by OS)"
+ac_help="$ac_help
+  --with-included-popt    use bundled popt library, not from system"
+
+# Initialize some variables set by options.
+# The variables have the same names as the options, with
+# dashes changed to underlines.
+build=NONE
+cache_file=./config.cache
+exec_prefix=NONE
+host=NONE
+no_create=
+nonopt=NONE
+no_recursion=
+prefix=NONE
+program_prefix=NONE
+program_suffix=NONE
+program_transform_name=s,x,x,
+silent=
+site=
+srcdir=
+target=NONE
+verbose=
+x_includes=NONE
+x_libraries=NONE
+bindir='${exec_prefix}/bin'
+sbindir='${exec_prefix}/sbin'
+libexecdir='${exec_prefix}/libexec'
+datadir='${prefix}/share'
+sysconfdir='${prefix}/etc'
+sharedstatedir='${prefix}/com'
+localstatedir='${prefix}/var'
+libdir='${exec_prefix}/lib'
+includedir='${prefix}/include'
+oldincludedir='/usr/include'
+infodir='${prefix}/info'
+mandir='${prefix}/man'
+
+# Initialize some other variables.
+subdirs=
+MFLAGS= MAKEFLAGS=
+SHELL=${CONFIG_SHELL-/bin/sh}
+# Maximum number of lines to put in a shell here document.
+ac_max_here_lines=12
+
+ac_prev=
+for ac_option
+do
+
+  # If the previous option needs an argument, assign it.
+  if test -n "$ac_prev"; then
+    eval "$ac_prev=\$ac_option"
+    ac_prev=
+    continue
+  fi
+
+  case "$ac_option" in
+  -*=*) ac_optarg=`echo "$ac_option" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
+  *) ac_optarg= ;;
+  esac
+
+  # Accept the important Cygnus configure options, so we can diagnose typos.
+
+  case "$ac_option" in
+
+  -bindir | --bindir | --bindi | --bind | --bin | --bi)
+    ac_prev=bindir ;;
+  -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
+    bindir="$ac_optarg" ;;
+
+  -build | --build | --buil | --bui | --bu)
+    ac_prev=build ;;
+  -build=* | --build=* | --buil=* | --bui=* | --bu=*)
+    build="$ac_optarg" ;;
+
+  -cache-file | --cache-file | --cache-fil | --cache-fi \
+  | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
+    ac_prev=cache_file ;;
+  -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
+  | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
+    cache_file="$ac_optarg" ;;
+
+  -datadir | --datadir | --datadi | --datad | --data | --dat | --da)
+    ac_prev=datadir ;;
+  -datadir=* | --datadir=* | --datadi=* | --datad=* | --data=* | --dat=* \
+  | --da=*)
+    datadir="$ac_optarg" ;;
+
+  -disable-* | --disable-*)
+    ac_feature=`echo $ac_option|sed -e 's/-*disable-//'`
+    # Reject names that are not valid shell variable names.
+    if test -n "`echo $ac_feature| sed 's/[-a-zA-Z0-9_]//g'`"; then
+      { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; }
+    fi
+    ac_feature=`echo $ac_feature| sed 's/-/_/g'`
+    eval "enable_${ac_feature}=no" ;;
+
+  -enable-* | --enable-*)
+    ac_feature=`echo $ac_option|sed -e 's/-*enable-//' -e 's/=.*//'`
+    # Reject names that are not valid shell variable names.
+    if test -n "`echo $ac_feature| sed 's/[-_a-zA-Z0-9]//g'`"; then
+      { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; }
+    fi
+    ac_feature=`echo $ac_feature| sed 's/-/_/g'`
+    case "$ac_option" in
+      *=*) ;;
+      *) ac_optarg=yes ;;
+    esac
+    eval "enable_${ac_feature}='$ac_optarg'" ;;
+
+  -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
+  | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
+  | --exec | --exe | --ex)
+    ac_prev=exec_prefix ;;
+  -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
+  | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
+  | --exec=* | --exe=* | --ex=*)
+    exec_prefix="$ac_optarg" ;;
+
+  -gas | --gas | --ga | --g)
+    # Obsolete; use --with-gas.
+    with_gas=yes ;;
+
+  -help | --help | --hel | --he)
+    # Omit some internal or obsolete options to make the list less imposing.
+    # This message is too long to be a string in the A/UX 3.1 sh.
+    cat << EOF
+Usage: configure [options] [host]
+Options: [defaults in brackets after descriptions]
+Configuration:
+  --cache-file=FILE       cache test results in FILE
+  --help                  print this message
+  --no-create             do not create output files
+  --quiet, --silent       do not print \`checking...' messages
+  --version               print the version of autoconf that created configure
+Directory and file names:
+  --prefix=PREFIX         install architecture-independent files in PREFIX
+                          [$ac_default_prefix]
+  --exec-prefix=EPREFIX   install architecture-dependent files in EPREFIX
+                          [same as prefix]
+  --bindir=DIR            user executables in DIR [EPREFIX/bin]
+  --sbindir=DIR           system admin executables in DIR [EPREFIX/sbin]
+  --libexecdir=DIR        program executables in DIR [EPREFIX/libexec]
+  --datadir=DIR           read-only architecture-independent data in DIR
+                          [PREFIX/share]
+  --sysconfdir=DIR        read-only single-machine data in DIR [PREFIX/etc]
+  --sharedstatedir=DIR    modifiable architecture-independent data in DIR
+                          [PREFIX/com]
+  --localstatedir=DIR     modifiable single-machine data in DIR [PREFIX/var]
+  --libdir=DIR            object code libraries in DIR [EPREFIX/lib]
+  --includedir=DIR        C header files in DIR [PREFIX/include]
+  --oldincludedir=DIR     C header files for non-gcc in DIR [/usr/include]
+  --infodir=DIR           info documentation in DIR [PREFIX/info]
+  --mandir=DIR            man documentation in DIR [PREFIX/man]
+  --srcdir=DIR            find the sources in DIR [configure dir or ..]
+  --program-prefix=PREFIX prepend PREFIX to installed program names
+  --program-suffix=SUFFIX append SUFFIX to installed program names
+  --program-transform-name=PROGRAM
+                          run sed PROGRAM on installed program names
+EOF
+    cat << EOF
+Host type:
+  --build=BUILD           configure for building on BUILD [BUILD=HOST]
+  --host=HOST             configure for HOST [guessed]
+  --target=TARGET         configure for TARGET [TARGET=HOST]
+Features and packages:
+  --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
+  --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
+  --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
+  --without-PACKAGE       do not use PACKAGE (same as --with-PACKAGE=no)
+  --x-includes=DIR        X include files are in DIR
+  --x-libraries=DIR       X library files are in DIR
+EOF
+    if test -n "$ac_help"; then
+      echo "--enable and --with options recognized:$ac_help"
+    fi
+    exit 0 ;;
+
+  -host | --host | --hos | --ho)
+    ac_prev=host ;;
+  -host=* | --host=* | --hos=* | --ho=*)
+    host="$ac_optarg" ;;
+
+  -includedir | --includedir | --includedi | --included | --include \
+  | --includ | --inclu | --incl | --inc)
+    ac_prev=includedir ;;
+  -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
+  | --includ=* | --inclu=* | --incl=* | --inc=*)
+    includedir="$ac_optarg" ;;
+
+  -infodir | --infodir | --infodi | --infod | --info | --inf)
+    ac_prev=infodir ;;
+  -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
+    infodir="$ac_optarg" ;;
+
+  -libdir | --libdir | --libdi | --libd)
+    ac_prev=libdir ;;
+  -libdir=* | --libdir=* | --libdi=* | --libd=*)
+    libdir="$ac_optarg" ;;
+
+  -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
+  | --libexe | --libex | --libe)
+    ac_prev=libexecdir ;;
+  -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
+  | --libexe=* | --libex=* | --libe=*)
+    libexecdir="$ac_optarg" ;;
+
+  -localstatedir | --localstatedir | --localstatedi | --localstated \
+  | --localstate | --localstat | --localsta | --localst \
+  | --locals | --local | --loca | --loc | --lo)
+    ac_prev=localstatedir ;;
+  -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
+  | --localstate=* | --localstat=* | --localsta=* | --localst=* \
+  | --locals=* | --local=* | --loca=* | --loc=* | --lo=*)
+    localstatedir="$ac_optarg" ;;
+
+  -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
+    ac_prev=mandir ;;
+  -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
+    mandir="$ac_optarg" ;;
+
+  -nfp | --nfp | --nf)
+    # Obsolete; use --without-fp.
+    with_fp=no ;;
+
+  -no-create | --no-create | --no-creat | --no-crea | --no-cre \
+  | --no-cr | --no-c)
+    no_create=yes ;;
+
+  -no-recursion | --no-recursion | --no-recursio | --no-recursi \
+  | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
+    no_recursion=yes ;;
+
+  -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
+  | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
+  | --oldin | --oldi | --old | --ol | --o)
+    ac_prev=oldincludedir ;;
+  -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
+  | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
+  | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
+    oldincludedir="$ac_optarg" ;;
+
+  -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
+    ac_prev=prefix ;;
+  -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
+    prefix="$ac_optarg" ;;
+
+  -program-prefix | --program-prefix | --program-prefi | --program-pref \
+  | --program-pre | --program-pr | --program-p)
+    ac_prev=program_prefix ;;
+  -program-prefix=* | --program-prefix=* | --program-prefi=* \
+  | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
+    program_prefix="$ac_optarg" ;;
+
+  -program-suffix | --program-suffix | --program-suffi | --program-suff \
+  | --program-suf | --program-su | --program-s)
+    ac_prev=program_suffix ;;
+  -program-suffix=* | --program-suffix=* | --program-suffi=* \
+  | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
+    program_suffix="$ac_optarg" ;;
+
+  -program-transform-name | --program-transform-name \
+  | --program-transform-nam | --program-transform-na \
+  | --program-transform-n | --program-transform- \
+  | --program-transform | --program-transfor \
+  | --program-transfo | --program-transf \
+  | --program-trans | --program-tran \
+  | --progr-tra | --program-tr | --program-t)
+    ac_prev=program_transform_name ;;
+  -program-transform-name=* | --program-transform-name=* \
+  | --program-transform-nam=* | --program-transform-na=* \
+  | --program-transform-n=* | --program-transform-=* \
+  | --program-transform=* | --program-transfor=* \
+  | --program-transfo=* | --program-transf=* \
+  | --program-trans=* | --program-tran=* \
+  | --progr-tra=* | --program-tr=* | --program-t=*)
+    program_transform_name="$ac_optarg" ;;
+
+  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+  | -silent | --silent | --silen | --sile | --sil)
+    silent=yes ;;
+
+  -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
+    ac_prev=sbindir ;;
+  -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
+  | --sbi=* | --sb=*)
+    sbindir="$ac_optarg" ;;
+
+  -sharedstatedir | --sharedstatedir | --sharedstatedi \
+  | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
+  | --sharedst | --shareds | --shared | --share | --shar \
+  | --sha | --sh)
+    ac_prev=sharedstatedir ;;
+  -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
+  | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
+  | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
+  | --sha=* | --sh=*)
+    sharedstatedir="$ac_optarg" ;;
+
+  -site | --site | --sit)
+    ac_prev=site ;;
+  -site=* | --site=* | --sit=*)
+    site="$ac_optarg" ;;
+
+  -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
+    ac_prev=srcdir ;;
+  -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
+    srcdir="$ac_optarg" ;;
+
+  -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
+  | --syscon | --sysco | --sysc | --sys | --sy)
+    ac_prev=sysconfdir ;;
+  -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
+  | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
+    sysconfdir="$ac_optarg" ;;
+
+  -target | --target | --targe | --targ | --tar | --ta | --t)
+    ac_prev=target ;;
+  -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
+    target="$ac_optarg" ;;
+
+  -v | -verbose | --verbose | --verbos | --verbo | --verb)
+    verbose=yes ;;
+
+  -version | --version | --versio | --versi | --vers)
+    echo "configure generated by autoconf version 2.13"
+    exit 0 ;;
+
+  -with-* | --with-*)
+    ac_package=`echo $ac_option|sed -e 's/-*with-//' -e 's/=.*//'`
+    # Reject names that are not valid shell variable names.
+    if test -n "`echo $ac_package| sed 's/[-_a-zA-Z0-9]//g'`"; then
+      { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; }
+    fi
+    ac_package=`echo $ac_package| sed 's/-/_/g'`
+    case "$ac_option" in
+      *=*) ;;
+      *) ac_optarg=yes ;;
+    esac
+    eval "with_${ac_package}='$ac_optarg'" ;;
+
+  -without-* | --without-*)
+    ac_package=`echo $ac_option|sed -e 's/-*without-//'`
+    # Reject names that are not valid shell variable names.
+    if test -n "`echo $ac_package| sed 's/[-a-zA-Z0-9_]//g'`"; then
+      { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; }
+    fi
+    ac_package=`echo $ac_package| sed 's/-/_/g'`
+    eval "with_${ac_package}=no" ;;
+
+  --x)
+    # Obsolete; use --with-x.
+    with_x=yes ;;
+
+  -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
+  | --x-incl | --x-inc | --x-in | --x-i)
+    ac_prev=x_includes ;;
+  -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
+  | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
+    x_includes="$ac_optarg" ;;
+
+  -x-libraries | --x-libraries | --x-librarie | --x-librari \
+  | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
+    ac_prev=x_libraries ;;
+  -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
+  | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
+    x_libraries="$ac_optarg" ;;
+
+  -*) { echo "configure: error: $ac_option: invalid option; use --help to show usage" 1>&2; exit 1; }
+    ;;
+
+  *)
+    if test -n "`echo $ac_option| sed 's/[-a-z0-9.]//g'`"; then
+      echo "configure: warning: $ac_option: invalid host type" 1>&2
+    fi
+    if test "x$nonopt" != xNONE; then
+      { echo "configure: error: can only configure for one host and one target at a time" 1>&2; exit 1; }
+    fi
+    nonopt="$ac_option"
+    ;;
+
+  esac
+done
+
+if test -n "$ac_prev"; then
+  { echo "configure: error: missing argument to --`echo $ac_prev | sed 's/_/-/g'`" 1>&2; exit 1; }
+fi
+
+trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15
+
+# File descriptor usage:
+# 0 standard input
+# 1 file creation
+# 2 errors and warnings
+# 3 some systems may open it to /dev/tty
+# 4 used on the Kubota Titan
+# 6 checking for... messages and results
+# 5 compiler messages saved in config.log
+if test "$silent" = yes; then
+  exec 6>/dev/null
+else
+  exec 6>&1
+fi
+exec 5>./config.log
+
+echo "\
+This file contains any messages produced by compilers while
+running configure, to aid debugging if configure makes a mistake.
+" 1>&5
+
+# Strip out --no-create and --no-recursion so they do not pile up.
+# Also quote any args containing shell metacharacters.
+ac_configure_args=
+for ac_arg
+do
+  case "$ac_arg" in
+  -no-create | --no-create | --no-creat | --no-crea | --no-cre \
+  | --no-cr | --no-c) ;;
+  -no-recursion | --no-recursion | --no-recursio | --no-recursi \
+  | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) ;;
+  *" "*|*"	"*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?]*)
+  ac_configure_args="$ac_configure_args '$ac_arg'" ;;
+  *) ac_configure_args="$ac_configure_args $ac_arg" ;;
+  esac
+done
+
+# NLS nuisances.
+# Only set these to C if already set.  These must not be set unconditionally
+# because not all systems understand e.g. LANG=C (notably SCO).
+# Fixing LC_MESSAGES prevents Solaris sh from translating var values in `set'!
+# Non-C LC_CTYPE values break the ctype check.
+if test "${LANG+set}"   = set; then LANG=C;   export LANG;   fi
+if test "${LC_ALL+set}" = set; then LC_ALL=C; export LC_ALL; fi
+if test "${LC_MESSAGES+set}" = set; then LC_MESSAGES=C; export LC_MESSAGES; fi
+if test "${LC_CTYPE+set}"    = set; then LC_CTYPE=C;    export LC_CTYPE;    fi
+
+# confdefs.h avoids OS command line length limits that DEFS can exceed.
+rm -rf conftest* confdefs.h
+# AIX cpp loses on an empty file, so make sure it contains at least a newline.
+echo > confdefs.h
+
+# A filename unique to this package, relative to the directory that
+# configure is in, which we can look for to find out if srcdir is correct.
+ac_unique_file=include/includes.h
+
+# Find the source files, if location was not specified.
+if test -z "$srcdir"; then
+  ac_srcdir_defaulted=yes
+  # Try the directory containing this script, then its parent.
+  ac_prog=$0
+  ac_confdir=`echo $ac_prog|sed 's%/[^/][^/]*$%%'`
+  test "x$ac_confdir" = "x$ac_prog" && ac_confdir=.
+  srcdir=$ac_confdir
+  if test ! -r $srcdir/$ac_unique_file; then
+    srcdir=..
+  fi
+else
+  ac_srcdir_defaulted=no
+fi
+if test ! -r $srcdir/$ac_unique_file; then
+  if test "$ac_srcdir_defaulted" = yes; then
+    { echo "configure: error: can not find sources in $ac_confdir or .." 1>&2; exit 1; }
+  else
+    { echo "configure: error: can not find sources in $srcdir" 1>&2; exit 1; }
+  fi
+fi
+srcdir=`echo "${srcdir}" | sed 's%\([^/]\)/*$%\1%'`
+
+# Prefer explicitly selected file to automatically selected ones.
+if test -z "$CONFIG_SITE"; then
+  if test "x$prefix" != xNONE; then
+    CONFIG_SITE="$prefix/share/config.site $prefix/etc/config.site"
+  else
+    CONFIG_SITE="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site"
+  fi
+fi
+for ac_site_file in $CONFIG_SITE; do
+  if test -r "$ac_site_file"; then
+    echo "loading site script $ac_site_file"
+    . "$ac_site_file"
+  fi
+done
+
+if test -r "$cache_file"; then
+  echo "loading cache $cache_file"
+  . $cache_file
+else
+  echo "creating cache $cache_file"
+  > $cache_file
+fi
+
+ac_ext=c
+# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options.
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5'
+ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5'
+cross_compiling=$ac_cv_prog_cc_cross
+
+ac_exeext=
+ac_objext=o
+if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then
+  # Stardent Vistra SVR4 grep lacks -e, says ghazi@caip.rutgers.edu.
+  if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then
+    ac_n= ac_c='
+' ac_t='	'
+  else
+    ac_n=-n ac_c= ac_t=
+  fi
+else
+  ac_n= ac_c='\c' ac_t=
+fi
+
+
+
+# we want to be compatible with older versions of Samba
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+# compile with optimisation and without debugging by default
+CFLAGS="-O ${CFLAGS}"
+
+# Check whether --enable-debug or --disable-debug was given.
+if test "${enable_debug+set}" = set; then
+  enableval="$enable_debug"
+  if eval "test x$enable_debug = xyes"; then
+	CFLAGS="${CFLAGS} -g"
+    fi
+fi
+
+
+# Check whether --enable-developer or --disable-developer was given.
+if test "${enable_developer+set}" = set; then
+  enableval="$enable_developer"
+  if eval "test x$enable_developer = xyes"; then
+	CFLAGS="${CFLAGS} -g -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align -DDEBUG_PASSWORD -DDEVELOPER"
+    fi
+fi
+
+
+# Check whether --enable-krb5developer or --disable-krb5developer was given.
+if test "${enable_krb5developer+set}" = set; then
+  enableval="$enable_krb5developer"
+  if eval "test x$enable_krb5developer = xyes"; then
+	CFLAGS="${CFLAGS} -g -Wall -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -DDEBUG_PASSWORD -DDEVELOPER"
+    fi
+fi
+
+
+# Check whether --enable-dmalloc or --disable-dmalloc was given.
+if test "${enable_dmalloc+set}" = set; then
+  enableval="$enable_dmalloc"
+  :
+fi
+
+
+if test "x$enable_dmalloc" = xyes
+then
+	cat >> confdefs.h <<\EOF
+#define ENABLE_DMALLOC 1
+EOF
+
+	cat >> confdefs.h <<\EOF
+#define DMALLOC_FUNC_CHECK 1
+EOF
+
+	LIBS="$LIBS -ldmalloc"	
+fi
+
+# Extract the first word of "gcc", so it can be a program name with args.
+set dummy gcc; ac_word=$2
+echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+echo "configure:662: checking for $ac_word" >&5
+if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
+  ac_dummy="$PATH"
+  for ac_dir in $ac_dummy; do
+    test -z "$ac_dir" && ac_dir=.
+    if test -f $ac_dir/$ac_word; then
+      ac_cv_prog_CC="gcc"
+      break
+    fi
+  done
+  IFS="$ac_save_ifs"
+fi
+fi
+CC="$ac_cv_prog_CC"
+if test -n "$CC"; then
+  echo "$ac_t""$CC" 1>&6
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+if test -z "$CC"; then
+  # Extract the first word of "cc", so it can be a program name with args.
+set dummy cc; ac_word=$2
+echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+echo "configure:692: checking for $ac_word" >&5
+if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
+  ac_prog_rejected=no
+  ac_dummy="$PATH"
+  for ac_dir in $ac_dummy; do
+    test -z "$ac_dir" && ac_dir=.
+    if test -f $ac_dir/$ac_word; then
+      if test "$ac_dir/$ac_word" = "/usr/ucb/cc"; then
+        ac_prog_rejected=yes
+	continue
+      fi
+      ac_cv_prog_CC="cc"
+      break
+    fi
+  done
+  IFS="$ac_save_ifs"
+if test $ac_prog_rejected = yes; then
+  # We found a bogon in the path, so make sure we never use it.
+  set dummy $ac_cv_prog_CC
+  shift
+  if test $# -gt 0; then
+    # We chose a different compiler from the bogus one.
+    # However, it has the same basename, so the bogon will be chosen
+    # first if we set CC to just the basename; use the full file name.
+    shift
+    set dummy "$ac_dir/$ac_word" "$@"
+    shift
+    ac_cv_prog_CC="$@"
+  fi
+fi
+fi
+fi
+CC="$ac_cv_prog_CC"
+if test -n "$CC"; then
+  echo "$ac_t""$CC" 1>&6
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+  if test -z "$CC"; then
+    case "`uname -s`" in
+    *win32* | *WIN32*)
+      # Extract the first word of "cl", so it can be a program name with args.
+set dummy cl; ac_word=$2
+echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+echo "configure:743: checking for $ac_word" >&5
+if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
+  ac_dummy="$PATH"
+  for ac_dir in $ac_dummy; do
+    test -z "$ac_dir" && ac_dir=.
+    if test -f $ac_dir/$ac_word; then
+      ac_cv_prog_CC="cl"
+      break
+    fi
+  done
+  IFS="$ac_save_ifs"
+fi
+fi
+CC="$ac_cv_prog_CC"
+if test -n "$CC"; then
+  echo "$ac_t""$CC" 1>&6
+else
+  echo "$ac_t""no" 1>&6
+fi
+ ;;
+    esac
+  fi
+  test -z "$CC" && { echo "configure: error: no acceptable cc found in \$PATH" 1>&2; exit 1; }
+fi
+
+echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6
+echo "configure:775: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5
+
+ac_ext=c
+# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options.
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5'
+ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5'
+cross_compiling=$ac_cv_prog_cc_cross
+
+cat > conftest.$ac_ext << EOF
+
+#line 786 "configure"
+#include "confdefs.h"
+
+main(){return(0);}
+EOF
+if { (eval echo configure:791: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  ac_cv_prog_cc_works=yes
+  # If we can't run a trivial program, we are probably using a cross compiler.
+  if (./conftest; exit) 2>/dev/null; then
+    ac_cv_prog_cc_cross=no
+  else
+    ac_cv_prog_cc_cross=yes
+  fi
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  ac_cv_prog_cc_works=no
+fi
+rm -fr conftest*
+ac_ext=c
+# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options.
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5'
+ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5'
+cross_compiling=$ac_cv_prog_cc_cross
+
+echo "$ac_t""$ac_cv_prog_cc_works" 1>&6
+if test $ac_cv_prog_cc_works = no; then
+  { echo "configure: error: installation or configuration problem: C compiler cannot create executables." 1>&2; exit 1; }
+fi
+echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6
+echo "configure:817: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5
+echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6
+cross_compiling=$ac_cv_prog_cc_cross
+
+echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6
+echo "configure:822: checking whether we are using GNU C" >&5
+if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.c <<EOF
+#ifdef __GNUC__
+  yes;
+#endif
+EOF
+if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:831: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then
+  ac_cv_prog_gcc=yes
+else
+  ac_cv_prog_gcc=no
+fi
+fi
+
+echo "$ac_t""$ac_cv_prog_gcc" 1>&6
+
+if test $ac_cv_prog_gcc = yes; then
+  GCC=yes
+else
+  GCC=
+fi
+
+ac_test_CFLAGS="${CFLAGS+set}"
+ac_save_CFLAGS="$CFLAGS"
+CFLAGS=
+echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6
+echo "configure:850: checking whether ${CC-cc} accepts -g" >&5
+if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  echo 'void f(){}' > conftest.c
+if test -z "`${CC-cc} -g -c conftest.c 2>&1`"; then
+  ac_cv_prog_cc_g=yes
+else
+  ac_cv_prog_cc_g=no
+fi
+rm -f conftest*
+
+fi
+
+echo "$ac_t""$ac_cv_prog_cc_g" 1>&6
+if test "$ac_test_CFLAGS" = set; then
+  CFLAGS="$ac_save_CFLAGS"
+elif test $ac_cv_prog_cc_g = yes; then
+  if test "$GCC" = yes; then
+    CFLAGS="-g -O2"
+  else
+    CFLAGS="-g"
+  fi
+else
+  if test "$GCC" = yes; then
+    CFLAGS="-O2"
+  else
+    CFLAGS=
+  fi
+fi
+
+ac_aux_dir=
+for ac_dir in $srcdir $srcdir/.. $srcdir/../..; do
+  if test -f $ac_dir/install-sh; then
+    ac_aux_dir=$ac_dir
+    ac_install_sh="$ac_aux_dir/install-sh -c"
+    break
+  elif test -f $ac_dir/install.sh; then
+    ac_aux_dir=$ac_dir
+    ac_install_sh="$ac_aux_dir/install.sh -c"
+    break
+  fi
+done
+if test -z "$ac_aux_dir"; then
+  { echo "configure: error: can not find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." 1>&2; exit 1; }
+fi
+ac_config_guess=$ac_aux_dir/config.guess
+ac_config_sub=$ac_aux_dir/config.sub
+ac_configure=$ac_aux_dir/configure # This should be Cygnus configure.
+
+# Find a good install program.  We prefer a C program (faster),
+# so one script is as good as another.  But avoid the broken or
+# incompatible versions:
+# SysV /etc/install, /usr/sbin/install
+# SunOS /usr/etc/install
+# IRIX /sbin/install
+# AIX /bin/install
+# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
+# AFS /usr/afsws/bin/install, which mishandles nonexistent args
+# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
+# ./install, which can be erroneously created by make from ./install.sh.
+echo $ac_n "checking for a BSD compatible install""... $ac_c" 1>&6
+echo "configure:912: checking for a BSD compatible install" >&5
+if test -z "$INSTALL"; then
+if eval "test \"`echo '$''{'ac_cv_path_install'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+    IFS="${IFS= 	}"; ac_save_IFS="$IFS"; IFS=":"
+  for ac_dir in $PATH; do
+    # Account for people who put trailing slashes in PATH elements.
+    case "$ac_dir/" in
+    /|./|.//|/etc/*|/usr/sbin/*|/usr/etc/*|/sbin/*|/usr/afsws/bin/*|/usr/ucb/*) ;;
+    *)
+      # OSF1 and SCO ODT 3.0 have their own names for install.
+      # Don't use installbsd from OSF since it installs stuff as root
+      # by default.
+      for ac_prog in ginstall scoinst install; do
+        if test -f $ac_dir/$ac_prog; then
+	  if test $ac_prog = install &&
+            grep dspmsg $ac_dir/$ac_prog >/dev/null 2>&1; then
+	    # AIX install.  It has an incompatible calling convention.
+	    :
+	  else
+	    ac_cv_path_install="$ac_dir/$ac_prog -c"
+	    break 2
+	  fi
+	fi
+      done
+      ;;
+    esac
+  done
+  IFS="$ac_save_IFS"
+
+fi
+  if test "${ac_cv_path_install+set}" = set; then
+    INSTALL="$ac_cv_path_install"
+  else
+    # As a last resort, use the slow shell script.  We don't cache a
+    # path for INSTALL within a source directory, because that will
+    # break other packages using the cache if that directory is
+    # removed, or if the path is relative.
+    INSTALL="$ac_install_sh"
+  fi
+fi
+echo "$ac_t""$INSTALL" 1>&6
+
+# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
+# It thinks the first close brace ends the variable substitution.
+test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
+
+test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL_PROGRAM}'
+
+test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
+
+for ac_prog in mawk gawk nawk awk
+do
+# Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+echo "configure:969: checking for $ac_word" >&5
+if eval "test \"`echo '$''{'ac_cv_prog_AWK'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  if test -n "$AWK"; then
+  ac_cv_prog_AWK="$AWK" # Let the user override the test.
+else
+  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
+  ac_dummy="$PATH"
+  for ac_dir in $ac_dummy; do
+    test -z "$ac_dir" && ac_dir=.
+    if test -f $ac_dir/$ac_word; then
+      ac_cv_prog_AWK="$ac_prog"
+      break
+    fi
+  done
+  IFS="$ac_save_ifs"
+fi
+fi
+AWK="$ac_cv_prog_AWK"
+if test -n "$AWK"; then
+  echo "$ac_t""$AWK" 1>&6
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+test -n "$AWK" && break
+done
+
+
+echo $ac_n "checking for POSIXized ISC""... $ac_c" 1>&6
+echo "configure:1000: checking for POSIXized ISC" >&5
+if test -d /etc/conf/kconfig.d &&
+  grep _POSIX_VERSION /usr/include/sys/unistd.h >/dev/null 2>&1
+then
+  echo "$ac_t""yes" 1>&6
+  ISC=yes # If later tests want to check for ISC.
+  cat >> confdefs.h <<\EOF
+#define _POSIX_SOURCE 1
+EOF
+
+  if test "$GCC" = yes; then
+    CC="$CC -posix"
+  else
+    CC="$CC -Xp"
+  fi
+else
+  echo "$ac_t""no" 1>&6
+  ISC=
+fi
+
+
+if test "x$CC" != xcc; then
+  echo $ac_n "checking whether $CC and cc understand -c and -o together""... $ac_c" 1>&6
+echo "configure:1023: checking whether $CC and cc understand -c and -o together" >&5
+else
+  echo $ac_n "checking whether cc understands -c and -o together""... $ac_c" 1>&6
+echo "configure:1026: checking whether cc understands -c and -o together" >&5
+fi
+set dummy $CC; ac_cc="`echo $2 |
+		       sed -e 's/[^a-zA-Z0-9_]/_/g' -e 's/^[0-9]/_/'`"
+if eval "test \"`echo '$''{'ac_cv_prog_cc_${ac_cc}_c_o'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  echo 'foo(){}' > conftest.c
+# Make sure it works both with $CC and with simple cc.
+# We do the test twice because some compilers refuse to overwrite an
+# existing .o file with -o, though they will create one.
+ac_try='${CC-cc} -c conftest.c -o conftest.o 1>&5'
+if { (eval echo configure:1038: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } &&
+   test -f conftest.o && { (eval echo configure:1039: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; };
+then
+  eval ac_cv_prog_cc_${ac_cc}_c_o=yes
+  if test "x$CC" != xcc; then
+    # Test first that cc exists at all.
+    if { ac_try='cc -c conftest.c 1>&5'; { (eval echo configure:1044: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; }; then
+      ac_try='cc -c conftest.c -o conftest.o 1>&5'
+      if { (eval echo configure:1046: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } &&
+	 test -f conftest.o && { (eval echo configure:1047: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; };
+      then
+        # cc works too.
+        :
+      else
+        # cc exists but doesn't like -o.
+        eval ac_cv_prog_cc_${ac_cc}_c_o=no
+      fi
+    fi
+  fi
+else
+  eval ac_cv_prog_cc_${ac_cc}_c_o=no
+fi
+rm -f conftest*
+
+fi
+if eval "test \"`echo '$ac_cv_prog_cc_'${ac_cc}_c_o`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+else
+  echo "$ac_t""no" 1>&6
+  cat >> confdefs.h <<\EOF
+#define NO_MINUS_C_MINUS_O 1
+EOF
+
+fi
+
+if eval "test \"`echo '$ac_cv_prog_cc_'${ac_cc}_c_o`\" = no"; then
+      BROKEN_CC=
+else
+      BROKEN_CC=#
+fi
+
+
+echo $ac_n "checking that the C compiler understands volatile""... $ac_c" 1>&6
+echo "configure:1081: checking that the C compiler understands volatile" >&5
+if eval "test \"`echo '$''{'samba_cv_volatile'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+    cat > conftest.$ac_ext <<EOF
+#line 1087 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+int main() {
+volatile int i = 0
+; return 0; }
+EOF
+if { (eval echo configure:1094: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  samba_cv_volatile=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  samba_cv_volatile=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$samba_cv_volatile" 1>&6
+if test x"$samba_cv_volatile" = x"yes"; then
+   cat >> confdefs.h <<\EOF
+#define HAVE_VOLATILE 1
+EOF
+
+fi
+
+
+
+# Do some error checking and defaulting for the host and target type.
+# The inputs are:
+#    configure --host=HOST --target=TARGET --build=BUILD NONOPT
+#
+# The rules are:
+# 1. You are not allowed to specify --host, --target, and nonopt at the
+#    same time.
+# 2. Host defaults to nonopt.
+# 3. If nonopt is not specified, then host defaults to the current host,
+#    as determined by config.guess.
+# 4. Target and build default to nonopt.
+# 5. If nonopt is not specified, then target and build default to host.
+
+# The aliases save the names the user supplied, while $host etc.
+# will get canonicalized.
+case $host---$target---$nonopt in
+NONE---*---* | *---NONE---* | *---*---NONE) ;;
+*) { echo "configure: error: can only configure for one host and one target at a time" 1>&2; exit 1; } ;;
+esac
+
+
+# Make sure we can run config.sub.
+if ${CONFIG_SHELL-/bin/sh} $ac_config_sub sun4 >/dev/null 2>&1; then :
+else { echo "configure: error: can not run $ac_config_sub" 1>&2; exit 1; }
+fi
+
+echo $ac_n "checking host system type""... $ac_c" 1>&6
+echo "configure:1143: checking host system type" >&5
+
+host_alias=$host
+case "$host_alias" in
+NONE)
+  case $nonopt in
+  NONE)
+    if host_alias=`${CONFIG_SHELL-/bin/sh} $ac_config_guess`; then :
+    else { echo "configure: error: can not guess host type; you must specify one" 1>&2; exit 1; }
+    fi ;;
+  *) host_alias=$nonopt ;;
+  esac ;;
+esac
+
+host=`${CONFIG_SHELL-/bin/sh} $ac_config_sub $host_alias`
+host_cpu=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
+host_vendor=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
+host_os=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
+echo "$ac_t""$host" 1>&6
+
+echo $ac_n "checking target system type""... $ac_c" 1>&6
+echo "configure:1164: checking target system type" >&5
+
+target_alias=$target
+case "$target_alias" in
+NONE)
+  case $nonopt in
+  NONE) target_alias=$host_alias ;;
+  *) target_alias=$nonopt ;;
+  esac ;;
+esac
+
+target=`${CONFIG_SHELL-/bin/sh} $ac_config_sub $target_alias`
+target_cpu=`echo $target | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
+target_vendor=`echo $target | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
+target_os=`echo $target | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
+echo "$ac_t""$target" 1>&6
+
+echo $ac_n "checking build system type""... $ac_c" 1>&6
+echo "configure:1182: checking build system type" >&5
+
+build_alias=$build
+case "$build_alias" in
+NONE)
+  case $nonopt in
+  NONE) build_alias=$host_alias ;;
+  *) build_alias=$nonopt ;;
+  esac ;;
+esac
+
+build=`${CONFIG_SHELL-/bin/sh} $ac_config_sub $build_alias`
+build_cpu=`echo $build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
+build_vendor=`echo $build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
+build_os=`echo $build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
+echo "$ac_t""$build" 1>&6
+
+test "$host_alias" != "$target_alias" &&
+  test "$program_prefix$program_suffix$program_transform_name" = \
+    NONENONEs,x,x, &&
+  program_prefix=${target_alias}-
+
+
+  case "$host_os" in
+	*irix6*) cat >> confdefs.h <<\EOF
+#include <standards.h>
+EOF
+
+	;;
+esac
+
+
+    
+    echo $ac_n "checking config.cache system type""... $ac_c" 1>&6
+echo "configure:1216: checking config.cache system type" >&5
+    if { test x"${ac_cv_host_system_type+set}" = x"set" &&
+         test x"$ac_cv_host_system_type" != x"$host"; } ||
+       { test x"${ac_cv_build_system_type+set}" = x"set" &&
+         test x"$ac_cv_build_system_type" != x"$build"; } ||
+       { test x"${ac_cv_target_system_type+set}" = x"set" &&
+         test x"$ac_cv_target_system_type" != x"$target"; }; then
+	echo "$ac_t""different" 1>&6
+	{ echo "configure: error: "you must remove config.cache and restart configure"" 1>&2; exit 1; }
+    else
+	echo "$ac_t""same" 1>&6
+    fi
+    ac_cv_host_system_type="$host"
+    ac_cv_build_system_type="$build"
+    ac_cv_target_system_type="$target"
+
+
+DYNEXP=
+
+#
+# Config CPPFLAG settings for strange OS's that must be set
+# before other tests.
+#
+case "$host_os" in
+# Try to work out if this is the native HPUX compiler that uses the -Ae flag.
+    *hpux*)
+    
+      echo $ac_n "checking whether ${CC-cc} accepts -Ae""... $ac_c" 1>&6
+echo "configure:1244: checking whether ${CC-cc} accepts -Ae" >&5
+if eval "test \"`echo '$''{'ac_cv_prog_cc_Ae'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  echo 'void f(){}' > conftest.c
+if test -z "`${CC-cc} -Ae -c conftest.c 2>&1`"; then
+  ac_cv_prog_cc_Ae=yes
+else
+  ac_cv_prog_cc_Ae=no
+fi
+rm -f conftest*
+
+fi
+
+echo "$ac_t""$ac_cv_prog_cc_Ae" 1>&6
+      # mmap on HPUX is completely broken...
+      cat >> confdefs.h <<\EOF
+#define MMAP_BLACKLIST 1
+EOF
+
+      if test $ac_cv_prog_cc_Ae = yes; then
+        CPPFLAGS="$CPPFLAGS -Ae"
+      fi
+#
+# Defines needed for HPUX support.
+# HPUX has bigcrypt but (sometimes?) doesn't use it for
+# password hashing - hence the USE_BOTH_CRYPT_CALLS define.
+#
+      case `uname -r` in
+			*9*|*10*)
+				CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_POSIX_SOURCE -D_ALIGNMENT_REQUIRED=1 -D_MAX_ALIGNMENT=4"
+		   		cat >> confdefs.h <<\EOF
+#define USE_BOTH_CRYPT_CALLS 1
+EOF
+
+				cat >> confdefs.h <<\EOF
+#define _HPUX_SOURCE 1
+EOF
+
+				cat >> confdefs.h <<\EOF
+#define _POSIX_SOURCE 1
+EOF
+
+				cat >> confdefs.h <<\EOF
+#define _ALIGNMENT_REQUIRED 1
+EOF
+
+				cat >> confdefs.h <<\EOF
+#define _MAX_ALIGNMENT 4
+EOF
+
+				;;
+			*11*)
+				CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_POSIX_SOURCE -D_LARGEFILE64_SOURCE -D_ALIGNMENT_REQUIRED=1 -D_MAX_ALIGNMENT=4"
+		   		cat >> confdefs.h <<\EOF
+#define USE_BOTH_CRYPT_CALLS 1
+EOF
+
+				cat >> confdefs.h <<\EOF
+#define _HPUX_SOURCE 1
+EOF
+
+				cat >> confdefs.h <<\EOF
+#define _POSIX_SOURCE 1
+EOF
+
+				cat >> confdefs.h <<\EOF
+#define _LARGEFILE64_SOURCE 1
+EOF
+
+				cat >> confdefs.h <<\EOF
+#define _ALIGNMENT_REQUIRED 1
+EOF
+
+				cat >> confdefs.h <<\EOF
+#define _MAX_ALIGNMENT 4
+EOF
+
+				;;
+      esac
+      DYNEXP="-Wl,-E"
+      ;;
+
+#
+# CRAY Unicos has broken const handling
+       *unicos*)
+	  echo "$ac_t""disabling const" 1>&6
+	  CPPFLAGS="$CPPFLAGS -Dconst="
+	  ;;
+	
+#
+# AIX4.x doesn't even admit to having large
+# files *at all* unless the -D_LARGE_FILE or -D_LARGE_FILE_API flags are set.
+#
+    *aix4*)
+	  echo "$ac_t""enabling large file support" 1>&6
+      CPPFLAGS="$CPPFLAGS -D_LARGE_FILES"
+      cat >> confdefs.h <<\EOF
+#define _LARGE_FILES 1
+EOF
+
+      ;;    
+#
+# Defines needed for Solaris 2.6/2.7 aka 7.0 to make it admit
+# to the existance of large files..
+# Note that -D_LARGEFILE64_SOURCE is different from the Sun
+# recommendations on large file support, however it makes the
+# compile work using gcc 2.7 and 2.8, whereas using the Sun
+# recommendation makes the compile fail on gcc2.7. JRA.
+#
+	*solaris*)
+		case `uname -r` in
+			5.0*|5.1*|5.2*|5.3*|5.5*)
+	  			echo "$ac_t""no large file support" 1>&6
+				;;
+			5.*)
+			echo "$ac_t""enabling large file support" 1>&6
+			if test "$ac_cv_prog_gcc" = yes; then
+				${CC-cc} -v >conftest.c 2>&1
+				ac_cv_gcc_compiler_version_number=`grep 'gcc version' conftest.c`
+				rm -fr conftest.c
+				case "$ac_cv_gcc_compiler_version_number" in
+					*"gcc version 2.6"*|*"gcc version 2.7"*)
+						CPPFLAGS="$CPPFLAGS -D_LARGEFILE64_SOURCE"
+						cat >> confdefs.h <<\EOF
+#define _LARGEFILE64_SOURCE 1
+EOF
+
+						;;
+					*)
+						CPPFLAGS="$CPPFLAGS -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"
+						cat >> confdefs.h <<\EOF
+#define _LARGEFILE64_SOURCE 1
+EOF
+
+						cat >> confdefs.h <<\EOF
+#define _FILE_OFFSET_BITS 64
+EOF
+
+						;;
+				esac
+			else
+				DYNEXP="-dc -dp"
+				CPPFLAGS="$CPPFLAGS -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"
+				cat >> confdefs.h <<\EOF
+#define _LARGEFILE64_SOURCE 1
+EOF
+
+				cat >> confdefs.h <<\EOF
+#define _FILE_OFFSET_BITS 64
+EOF
+
+			fi
+			;;
+		esac
+		;;
+#
+# Tests needed for SINIX large file support.
+#
+    *sysv4*)
+      if test $host = mips-sni-sysv4 ; then
+        echo $ac_n "checking for LFS support""... $ac_c" 1>&6
+echo "configure:1406: checking for LFS support" >&5
+        old_CPPFLAGS="$CPPFLAGS"
+        CPPFLAGS="-D_LARGEFILE64_SOURCE $CPPFLAGS"
+        if test "$cross_compiling" = yes; then
+  SINIX_LFS_SUPPORT=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 1413 "configure"
+#include "confdefs.h"
+
+#include <unistd.h>
+main () {
+#if _LFS64_LARGEFILE == 1
+exit(0);
+#else
+exit(1);
+#endif
+}
+EOF
+if { (eval echo configure:1425: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  SINIX_LFS_SUPPORT=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  SINIX_LFS_SUPPORT=no
+fi
+rm -fr conftest*
+fi
+
+        CPPFLAGS="$old_CPPFLAGS"
+        if test x$SINIX_LFS_SUPPORT = xyes ; then
+          CPPFLAGS="-D_LARGEFILE64_SOURCE $CPPFLAGS"
+          cat >> confdefs.h <<\EOF
+#define _LARGEFILE64_SOURCE 1
+EOF
+
+          CFLAGS="`getconf LFS64_CFLAGS` $CFLAGS"
+          LDFLAGS="`getconf LFS64_LDFLAGS` $LDFLAGS"
+          LIBS="`getconf LFS64_LIBS` $LIBS"
+        fi
+      echo "$ac_t""$SINIX_LFS_SUPPORT" 1>&6
+      fi
+    ;;
+
+# Tests for linux LFS support. Need kernel 2.4 and glibc2.2 or greater support.
+#
+    *linux*)
+        echo $ac_n "checking for LFS support""... $ac_c" 1>&6
+echo "configure:1456: checking for LFS support" >&5
+        old_CPPFLAGS="$CPPFLAGS"
+        CPPFLAGS="-D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE $CPPFLAGS"
+       if test "$cross_compiling" = yes; then
+  LINUX_LFS_SUPPORT=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 1463 "configure"
+#include "confdefs.h"
+
+#include <unistd.h>
+#include <sys/utsname.h>
+main() {
+#if _LFS64_LARGEFILE == 1
+       struct utsname uts;
+       char *release;
+       int major, minor;
+
+       /* Ensure this is glibc 2.2 or higher */
+#if defined(__GLIBC__) && defined(__GLIBC_MINOR__)
+       int libc_major = __GLIBC__;
+       int libc_minor = __GLIBC_MINOR__;
+
+       if (libc_major < 2)
+              exit(1);
+       if (libc_minor < 2)
+              exit(1);
+#endif
+
+       /* Ensure this is kernel 2.4 or higher */
+
+       uname(&uts);
+       release = uts.release;
+       major = atoi(strsep(&release, "."));
+       minor = atoi(strsep(&release, "."));
+
+       if (major > 2 || (major == 2 && minor > 3))
+               exit(0);
+       exit(1);
+#else
+       exit(1);
+#endif
+}
+
+EOF
+if { (eval echo configure:1501: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  LINUX_LFS_SUPPORT=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  LINUX_LFS_SUPPORT=no
+fi
+rm -fr conftest*
+fi
+
+        CPPFLAGS="$old_CPPFLAGS"
+        if test x$LINUX_LFS_SUPPORT = xyes ; then
+          CPPFLAGS="-D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE $CPPFLAGS"
+          cat >> confdefs.h <<\EOF
+#define _LARGEFILE64_SOURCE 1
+EOF
+
+          cat >> confdefs.h <<\EOF
+#define _FILE_OFFSET_BITS 64
+EOF
+
+          cat >> confdefs.h <<\EOF
+#define _GNU_SOURCE 1
+EOF
+
+        fi
+       echo "$ac_t""$LINUX_LFS_SUPPORT" 1>&6
+		;;
+
+    *hurd*)
+        echo $ac_n "checking for LFS support""... $ac_c" 1>&6
+echo "configure:1534: checking for LFS support" >&5
+        old_CPPFLAGS="$CPPFLAGS"
+        CPPFLAGS="-D_LARGEFILE64_SOURCE -D_GNU_SOURCE $CPPFLAGS"
+        if test "$cross_compiling" = yes; then
+  GLIBC_LFS_SUPPORT=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 1541 "configure"
+#include "confdefs.h"
+
+#include <unistd.h>
+main () {
+#if _LFS64_LARGEFILE == 1
+exit(0);
+#else
+exit(1);
+#endif
+}
+EOF
+if { (eval echo configure:1553: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  GLIBC_LFS_SUPPORT=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  GLIBC_LFS_SUPPORT=no
+fi
+rm -fr conftest*
+fi
+
+        CPPFLAGS="$old_CPPFLAGS"
+        if test x$GLIBC_LFS_SUPPORT = xyes ; then
+          CPPFLAGS="-D_LARGEFILE64_SOURCE -D_GNU_SOURCE $CPPFLAGS"
+          cat >> confdefs.h <<\EOF
+#define _LARGEFILE64_SOURCE 1
+EOF
+
+          cat >> confdefs.h <<\EOF
+#define _GNU_SOURCE 1
+EOF
+
+        fi
+      echo "$ac_t""$GLIBC_LFS_SUPPORT" 1>&6
+    ;;
+
+esac
+
+echo $ac_n "checking for inline""... $ac_c" 1>&6
+echo "configure:1583: checking for inline" >&5
+if eval "test \"`echo '$''{'ac_cv_c_inline'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_cv_c_inline=no
+for ac_kw in inline __inline__ __inline; do
+  cat > conftest.$ac_ext <<EOF
+#line 1590 "configure"
+#include "confdefs.h"
+
+int main() {
+} $ac_kw foo() {
+; return 0; }
+EOF
+if { (eval echo configure:1597: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_c_inline=$ac_kw; break
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+done
+
+fi
+
+echo "$ac_t""$ac_cv_c_inline" 1>&6
+case "$ac_cv_c_inline" in
+  inline | yes) ;;
+  no) cat >> confdefs.h <<\EOF
+#define inline 
+EOF
+ ;;
+  *)  cat >> confdefs.h <<EOF
+#define inline $ac_cv_c_inline
+EOF
+ ;;
+esac
+
+echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6
+echo "configure:1623: checking how to run the C preprocessor" >&5
+# On Suns, sometimes $CPP names a directory.
+if test -n "$CPP" && test -d "$CPP"; then
+  CPP=
+fi
+if test -z "$CPP"; then
+if eval "test \"`echo '$''{'ac_cv_prog_CPP'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+    # This must be in double quotes, not single quotes, because CPP may get
+  # substituted into the Makefile and "${CC-cc}" will confuse make.
+  CPP="${CC-cc} -E"
+  # On the NeXT, cc -E runs the code through the compiler's parser,
+  # not just through cpp.
+  cat > conftest.$ac_ext <<EOF
+#line 1638 "configure"
+#include "confdefs.h"
+#include <assert.h>
+Syntax Error
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:1644: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+if test -z "$ac_err"; then
+  :
+else
+  echo "$ac_err" >&5
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  CPP="${CC-cc} -E -traditional-cpp"
+  cat > conftest.$ac_ext <<EOF
+#line 1655 "configure"
+#include "confdefs.h"
+#include <assert.h>
+Syntax Error
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:1661: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+if test -z "$ac_err"; then
+  :
+else
+  echo "$ac_err" >&5
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  CPP="${CC-cc} -nologo -E"
+  cat > conftest.$ac_ext <<EOF
+#line 1672 "configure"
+#include "confdefs.h"
+#include <assert.h>
+Syntax Error
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:1678: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+if test -z "$ac_err"; then
+  :
+else
+  echo "$ac_err" >&5
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  CPP=/lib/cpp
+fi
+rm -f conftest*
+fi
+rm -f conftest*
+fi
+rm -f conftest*
+  ac_cv_prog_CPP="$CPP"
+fi
+  CPP="$ac_cv_prog_CPP"
+else
+  ac_cv_prog_CPP="$CPP"
+fi
+echo "$ac_t""$CPP" 1>&6
+
+echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6
+echo "configure:1703: checking for ANSI C header files" >&5
+if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 1708 "configure"
+#include "confdefs.h"
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <float.h>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:1716: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+if test -z "$ac_err"; then
+  rm -rf conftest*
+  ac_cv_header_stdc=yes
+else
+  echo "$ac_err" >&5
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+if test $ac_cv_header_stdc = yes; then
+  # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
+cat > conftest.$ac_ext <<EOF
+#line 1733 "configure"
+#include "confdefs.h"
+#include <string.h>
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  egrep "memchr" >/dev/null 2>&1; then
+  :
+else
+  rm -rf conftest*
+  ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+  # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
+cat > conftest.$ac_ext <<EOF
+#line 1751 "configure"
+#include "confdefs.h"
+#include <stdlib.h>
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  egrep "free" >/dev/null 2>&1; then
+  :
+else
+  rm -rf conftest*
+  ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+  # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
+if test "$cross_compiling" = yes; then
+  :
+else
+  cat > conftest.$ac_ext <<EOF
+#line 1772 "configure"
+#include "confdefs.h"
+#include <ctype.h>
+#define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
+#define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
+#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
+int main () { int i; for (i = 0; i < 256; i++)
+if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) exit(2);
+exit (0); }
+
+EOF
+if { (eval echo configure:1783: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  :
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  ac_cv_header_stdc=no
+fi
+rm -fr conftest*
+fi
+
+fi
+fi
+
+echo "$ac_t""$ac_cv_header_stdc" 1>&6
+if test $ac_cv_header_stdc = yes; then
+  cat >> confdefs.h <<\EOF
+#define STDC_HEADERS 1
+EOF
+
+fi
+
+ac_header_dirent=no
+for ac_hdr in dirent.h sys/ndir.h sys/dir.h ndir.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr that defines DIR""... $ac_c" 1>&6
+echo "configure:1811: checking for $ac_hdr that defines DIR" >&5
+if eval "test \"`echo '$''{'ac_cv_header_dirent_$ac_safe'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 1816 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <$ac_hdr>
+int main() {
+DIR *dirp = 0;
+; return 0; }
+EOF
+if { (eval echo configure:1824: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_header_dirent_$ac_safe=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_header_dirent_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_dirent_'$ac_safe`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+ ac_header_dirent=$ac_hdr; break
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+# Two versions of opendir et al. are in -ldir and -lx on SCO Xenix.
+if test $ac_header_dirent = dirent.h; then
+echo $ac_n "checking for opendir in -ldir""... $ac_c" 1>&6
+echo "configure:1849: checking for opendir in -ldir" >&5
+ac_lib_var=`echo dir'_'opendir | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-ldir  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 1857 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char opendir();
+
+int main() {
+opendir()
+; return 0; }
+EOF
+if { (eval echo configure:1868: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  LIBS="$LIBS -ldir"
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+else
+echo $ac_n "checking for opendir in -lx""... $ac_c" 1>&6
+echo "configure:1890: checking for opendir in -lx" >&5
+ac_lib_var=`echo x'_'opendir | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lx  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 1898 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char opendir();
+
+int main() {
+opendir()
+; return 0; }
+EOF
+if { (eval echo configure:1909: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  LIBS="$LIBS -lx"
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+fi
+
+echo $ac_n "checking whether time.h and sys/time.h may both be included""... $ac_c" 1>&6
+echo "configure:1932: checking whether time.h and sys/time.h may both be included" >&5
+if eval "test \"`echo '$''{'ac_cv_header_time'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 1937 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <sys/time.h>
+#include <time.h>
+int main() {
+struct tm *tp;
+; return 0; }
+EOF
+if { (eval echo configure:1946: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_header_time=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_header_time=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_header_time" 1>&6
+if test $ac_cv_header_time = yes; then
+  cat >> confdefs.h <<\EOF
+#define TIME_WITH_SYS_TIME 1
+EOF
+
+fi
+
+echo $ac_n "checking for sys/wait.h that is POSIX.1 compatible""... $ac_c" 1>&6
+echo "configure:1967: checking for sys/wait.h that is POSIX.1 compatible" >&5
+if eval "test \"`echo '$''{'ac_cv_header_sys_wait_h'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 1972 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <sys/wait.h>
+#ifndef WEXITSTATUS
+#define WEXITSTATUS(stat_val) ((unsigned)(stat_val) >> 8)
+#endif
+#ifndef WIFEXITED
+#define WIFEXITED(stat_val) (((stat_val) & 255) == 0)
+#endif
+int main() {
+int s;
+wait (&s);
+s = WIFEXITED (s) ? WEXITSTATUS (s) : 1;
+; return 0; }
+EOF
+if { (eval echo configure:1988: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_header_sys_wait_h=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_header_sys_wait_h=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_header_sys_wait_h" 1>&6
+if test $ac_cv_header_sys_wait_h = yes; then
+  cat >> confdefs.h <<\EOF
+#define HAVE_SYS_WAIT_H 1
+EOF
+
+fi
+
+for ac_hdr in arpa/inet.h sys/fcntl.h sys/select.h fcntl.h sys/time.h sys/unistd.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:2012: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 2017 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:2022: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+if test -z "$ac_err"; then
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=yes"
+else
+  echo "$ac_err" >&5
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_hdr in unistd.h utime.h grp.h sys/id.h limits.h memory.h net/if.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:2052: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 2057 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:2062: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+if test -z "$ac_err"; then
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=yes"
+else
+  echo "$ac_err" >&5
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_hdr in compat.h rpc/rpc.h rpcsvc/nis.h rpcsvc/yp_prot.h rpcsvc/ypclnt.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:2092: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 2097 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:2102: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+if test -z "$ac_err"; then
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=yes"
+else
+  echo "$ac_err" >&5
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_hdr in sys/param.h ctype.h sys/wait.h sys/resource.h sys/ioctl.h sys/ipc.h sys/mode.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:2132: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 2137 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:2142: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+if test -z "$ac_err"; then
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=yes"
+else
+  echo "$ac_err" >&5
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_hdr in sys/mman.h sys/filio.h sys/priv.h sys/shm.h string.h strings.h stdlib.h sys/socket.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:2172: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 2177 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:2182: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+if test -z "$ac_err"; then
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=yes"
+else
+  echo "$ac_err" >&5
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_hdr in sys/mount.h sys/vfs.h sys/fs/s5param.h sys/filsys.h termios.h termio.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:2212: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 2217 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:2222: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+if test -z "$ac_err"; then
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=yes"
+else
+  echo "$ac_err" >&5
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_hdr in sys/termio.h sys/statfs.h sys/dustat.h sys/statvfs.h stdarg.h sys/sockio.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:2252: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 2257 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:2262: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+if test -z "$ac_err"; then
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=yes"
+else
+  echo "$ac_err" >&5
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_hdr in security/pam_modules.h security/_pam_macros.h ldap.h lber.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:2292: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 2297 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:2302: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+if test -z "$ac_err"; then
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=yes"
+else
+  echo "$ac_err" >&5
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+
+#
+# HPUX has a bug in that including shadow.h causes a re-definition of MAXINT.
+# This causes configure to fail to detect it. Check for shadow separately on HPUX.
+#
+case "$host_os" in
+    *hpux*)
+		cat > conftest.$ac_ext <<EOF
+#line 2336 "configure"
+#include "confdefs.h"
+#include <shadow.h>
+int main() {
+struct spwd testme
+; return 0; }
+EOF
+if { (eval echo configure:2343: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_header_shadow_h=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_header_shadow_h=no
+fi
+rm -f conftest*
+		if test x"$ac_cv_header_shadow_h" = x"yes"; then
+		   cat >> confdefs.h <<\EOF
+#define HAVE_SHADOW_H 1
+EOF
+
+		fi
+	;;
+esac
+for ac_hdr in shadow.h netinet/ip.h netinet/tcp.h netinet/in_systm.h netinet/in_ip.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:2365: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 2370 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:2375: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+if test -z "$ac_err"; then
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=yes"
+else
+  echo "$ac_err" >&5
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_hdr in nss.h nss_common.h ns_api.h sys/security.h security/pam_appl.h security/pam_modules.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:2405: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 2410 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:2415: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+if test -z "$ac_err"; then
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=yes"
+else
+  echo "$ac_err" >&5
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_hdr in stropts.h poll.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:2445: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 2450 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:2455: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+if test -z "$ac_err"; then
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=yes"
+else
+  echo "$ac_err" >&5
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_hdr in sys/capability.h syscall.h sys/syscall.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:2485: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 2490 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:2495: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+if test -z "$ac_err"; then
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=yes"
+else
+  echo "$ac_err" >&5
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_hdr in sys/acl.h sys/cdefs.h glob.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:2525: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 2530 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:2535: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+if test -z "$ac_err"; then
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=yes"
+else
+  echo "$ac_err" >&5
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+
+# For experimental utmp support (lastlog on some BSD-like systems)
+for ac_hdr in utmp.h utmpx.h lastlog.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:2567: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 2572 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:2577: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+if test -z "$ac_err"; then
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=yes"
+else
+  echo "$ac_err" >&5
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+ 
+# For quotas on Veritas VxFS filesystems
+for ac_hdr in sys/fs/vx_quota.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:2609: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 2614 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:2619: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+if test -z "$ac_err"; then
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=yes"
+else
+  echo "$ac_err" >&5
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+
+# For quotas on Linux XFS filesystems
+for ac_hdr in linux/xqm.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:2651: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 2656 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:2661: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+if test -z "$ac_err"; then
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=yes"
+else
+  echo "$ac_err" >&5
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+
+echo $ac_n "checking size of int""... $ac_c" 1>&6
+echo "configure:2689: checking size of int" >&5
+if eval "test \"`echo '$''{'ac_cv_sizeof_int'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  if test "$cross_compiling" = yes; then
+  ac_cv_sizeof_int=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 2697 "configure"
+#include "confdefs.h"
+#include <stdio.h>
+#include <sys/types.h>
+main()
+{
+  FILE *f=fopen("conftestval", "w");
+  if (!f) exit(1);
+  fprintf(f, "%d\n", sizeof(int));
+  exit(0);
+}
+EOF
+if { (eval echo configure:2709: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  ac_cv_sizeof_int=`cat conftestval`
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  ac_cv_sizeof_int=0
+fi
+rm -fr conftest*
+fi
+
+fi
+echo "$ac_t""$ac_cv_sizeof_int" 1>&6
+cat >> confdefs.h <<EOF
+#define SIZEOF_INT $ac_cv_sizeof_int
+EOF
+
+
+echo $ac_n "checking size of long""... $ac_c" 1>&6
+echo "configure:2729: checking size of long" >&5
+if eval "test \"`echo '$''{'ac_cv_sizeof_long'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  if test "$cross_compiling" = yes; then
+  ac_cv_sizeof_long=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 2737 "configure"
+#include "confdefs.h"
+#include <stdio.h>
+#include <sys/types.h>
+main()
+{
+  FILE *f=fopen("conftestval", "w");
+  if (!f) exit(1);
+  fprintf(f, "%d\n", sizeof(long));
+  exit(0);
+}
+EOF
+if { (eval echo configure:2749: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  ac_cv_sizeof_long=`cat conftestval`
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  ac_cv_sizeof_long=0
+fi
+rm -fr conftest*
+fi
+
+fi
+echo "$ac_t""$ac_cv_sizeof_long" 1>&6
+cat >> confdefs.h <<EOF
+#define SIZEOF_LONG $ac_cv_sizeof_long
+EOF
+
+
+echo $ac_n "checking size of short""... $ac_c" 1>&6
+echo "configure:2769: checking size of short" >&5
+if eval "test \"`echo '$''{'ac_cv_sizeof_short'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  if test "$cross_compiling" = yes; then
+  ac_cv_sizeof_short=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 2777 "configure"
+#include "confdefs.h"
+#include <stdio.h>
+#include <sys/types.h>
+main()
+{
+  FILE *f=fopen("conftestval", "w");
+  if (!f) exit(1);
+  fprintf(f, "%d\n", sizeof(short));
+  exit(0);
+}
+EOF
+if { (eval echo configure:2789: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  ac_cv_sizeof_short=`cat conftestval`
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  ac_cv_sizeof_short=0
+fi
+rm -fr conftest*
+fi
+
+fi
+echo "$ac_t""$ac_cv_sizeof_short" 1>&6
+cat >> confdefs.h <<EOF
+#define SIZEOF_SHORT $ac_cv_sizeof_short
+EOF
+
+
+
+echo $ac_n "checking for working const""... $ac_c" 1>&6
+echo "configure:2810: checking for working const" >&5
+if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 2815 "configure"
+#include "confdefs.h"
+
+int main() {
+
+/* Ultrix mips cc rejects this.  */
+typedef int charset[2]; const charset x;
+/* SunOS 4.1.1 cc rejects this.  */
+char const *const *ccp;
+char **p;
+/* NEC SVR4.0.2 mips cc rejects this.  */
+struct point {int x, y;};
+static struct point const zero = {0,0};
+/* AIX XL C 1.02.0.0 rejects this.
+   It does not let you subtract one const X* pointer from another in an arm
+   of an if-expression whose if-part is not a constant expression */
+const char *g = "string";
+ccp = &g + (g ? g-g : 0);
+/* HPUX 7.0 cc rejects these. */
+++ccp;
+p = (char**) ccp;
+ccp = (char const *const *) p;
+{ /* SCO 3.2v4 cc rejects this.  */
+  char *t;
+  char const *s = 0 ? (char *) 0 : (char const *) 0;
+
+  *t++ = 0;
+}
+{ /* Someone thinks the Sun supposedly-ANSI compiler will reject this.  */
+  int x[] = {25, 17};
+  const int *foo = &x[0];
+  ++foo;
+}
+{ /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */
+  typedef const int *iptr;
+  iptr p = 0;
+  ++p;
+}
+{ /* AIX XL C 1.02.0.0 rejects this saying
+     "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */
+  struct s { int j; const int *ap[3]; };
+  struct s *b; b->j = 5;
+}
+{ /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */
+  const int foo = 10;
+}
+
+; return 0; }
+EOF
+if { (eval echo configure:2864: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_c_const=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_c_const=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_c_const" 1>&6
+if test $ac_cv_c_const = no; then
+  cat >> confdefs.h <<\EOF
+#define const 
+EOF
+
+fi
+
+echo $ac_n "checking for inline""... $ac_c" 1>&6
+echo "configure:2885: checking for inline" >&5
+if eval "test \"`echo '$''{'ac_cv_c_inline'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_cv_c_inline=no
+for ac_kw in inline __inline__ __inline; do
+  cat > conftest.$ac_ext <<EOF
+#line 2892 "configure"
+#include "confdefs.h"
+
+int main() {
+} $ac_kw foo() {
+; return 0; }
+EOF
+if { (eval echo configure:2899: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_c_inline=$ac_kw; break
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+done
+
+fi
+
+echo "$ac_t""$ac_cv_c_inline" 1>&6
+case "$ac_cv_c_inline" in
+  inline | yes) ;;
+  no) cat >> confdefs.h <<\EOF
+#define inline 
+EOF
+ ;;
+  *)  cat >> confdefs.h <<EOF
+#define inline $ac_cv_c_inline
+EOF
+ ;;
+esac
+
+echo $ac_n "checking whether byte ordering is bigendian""... $ac_c" 1>&6
+echo "configure:2925: checking whether byte ordering is bigendian" >&5
+if eval "test \"`echo '$''{'ac_cv_c_bigendian'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_cv_c_bigendian=unknown
+# See if sys/param.h defines the BYTE_ORDER macro.
+cat > conftest.$ac_ext <<EOF
+#line 2932 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <sys/param.h>
+int main() {
+
+#if !BYTE_ORDER || !BIG_ENDIAN || !LITTLE_ENDIAN
+ bogus endian macros
+#endif
+; return 0; }
+EOF
+if { (eval echo configure:2943: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  # It does; now see whether it defined to BIG_ENDIAN or not.
+cat > conftest.$ac_ext <<EOF
+#line 2947 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <sys/param.h>
+int main() {
+
+#if BYTE_ORDER != BIG_ENDIAN
+ not big endian
+#endif
+; return 0; }
+EOF
+if { (eval echo configure:2958: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_c_bigendian=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_c_bigendian=no
+fi
+rm -f conftest*
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+if test $ac_cv_c_bigendian = unknown; then
+if test "$cross_compiling" = yes; then
+    { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; }
+else
+  cat > conftest.$ac_ext <<EOF
+#line 2978 "configure"
+#include "confdefs.h"
+main () {
+  /* Are we little or big endian?  From Harbison&Steele.  */
+  union
+  {
+    long l;
+    char c[sizeof (long)];
+  } u;
+  u.l = 1;
+  exit (u.c[sizeof (long) - 1] == 1);
+}
+EOF
+if { (eval echo configure:2991: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  ac_cv_c_bigendian=no
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  ac_cv_c_bigendian=yes
+fi
+rm -fr conftest*
+fi
+
+fi
+fi
+
+echo "$ac_t""$ac_cv_c_bigendian" 1>&6
+if test $ac_cv_c_bigendian = yes; then
+  cat >> confdefs.h <<\EOF
+#define WORDS_BIGENDIAN 1
+EOF
+
+fi
+
+echo $ac_n "checking whether char is unsigned""... $ac_c" 1>&6
+echo "configure:3015: checking whether char is unsigned" >&5
+if eval "test \"`echo '$''{'ac_cv_c_char_unsigned'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  if test "$GCC" = yes; then
+  # GCC predefines this symbol on systems where it applies.
+cat > conftest.$ac_ext <<EOF
+#line 3022 "configure"
+#include "confdefs.h"
+#ifdef __CHAR_UNSIGNED__
+  yes
+#endif
+
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  egrep "yes" >/dev/null 2>&1; then
+  rm -rf conftest*
+  ac_cv_c_char_unsigned=yes
+else
+  rm -rf conftest*
+  ac_cv_c_char_unsigned=no
+fi
+rm -f conftest*
+
+else
+if test "$cross_compiling" = yes; then
+    { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; }
+else
+  cat > conftest.$ac_ext <<EOF
+#line 3044 "configure"
+#include "confdefs.h"
+/* volatile prevents gcc2 from optimizing the test away on sparcs.  */
+#if !defined(__STDC__) || __STDC__ != 1
+#define volatile
+#endif
+main() {
+  volatile char c = 255; exit(c < 0);
+}
+EOF
+if { (eval echo configure:3054: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  ac_cv_c_char_unsigned=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  ac_cv_c_char_unsigned=no
+fi
+rm -fr conftest*
+fi
+
+fi
+fi
+
+echo "$ac_t""$ac_cv_c_char_unsigned" 1>&6
+if test $ac_cv_c_char_unsigned = yes && test "$GCC" != yes; then
+  cat >> confdefs.h <<\EOF
+#define __CHAR_UNSIGNED__ 1
+EOF
+
+fi
+
+
+echo $ac_n "checking return type of signal handlers""... $ac_c" 1>&6
+echo "configure:3079: checking return type of signal handlers" >&5
+if eval "test \"`echo '$''{'ac_cv_type_signal'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 3084 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <signal.h>
+#ifdef signal
+#undef signal
+#endif
+#ifdef __cplusplus
+extern "C" void (*signal (int, void (*)(int)))(int);
+#else
+void (*signal ()) ();
+#endif
+
+int main() {
+int i;
+; return 0; }
+EOF
+if { (eval echo configure:3101: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_type_signal=void
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_type_signal=int
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_type_signal" 1>&6
+cat >> confdefs.h <<EOF
+#define RETSIGTYPE $ac_cv_type_signal
+EOF
+
+
+echo $ac_n "checking for uid_t in sys/types.h""... $ac_c" 1>&6
+echo "configure:3120: checking for uid_t in sys/types.h" >&5
+if eval "test \"`echo '$''{'ac_cv_type_uid_t'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 3125 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  egrep "uid_t" >/dev/null 2>&1; then
+  rm -rf conftest*
+  ac_cv_type_uid_t=yes
+else
+  rm -rf conftest*
+  ac_cv_type_uid_t=no
+fi
+rm -f conftest*
+
+fi
+
+echo "$ac_t""$ac_cv_type_uid_t" 1>&6
+if test $ac_cv_type_uid_t = no; then
+  cat >> confdefs.h <<\EOF
+#define uid_t int
+EOF
+
+  cat >> confdefs.h <<\EOF
+#define gid_t int
+EOF
+
+fi
+
+echo $ac_n "checking for mode_t""... $ac_c" 1>&6
+echo "configure:3154: checking for mode_t" >&5
+if eval "test \"`echo '$''{'ac_cv_type_mode_t'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 3159 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  egrep "(^|[^a-zA-Z_0-9])mode_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then
+  rm -rf conftest*
+  ac_cv_type_mode_t=yes
+else
+  rm -rf conftest*
+  ac_cv_type_mode_t=no
+fi
+rm -f conftest*
+
+fi
+echo "$ac_t""$ac_cv_type_mode_t" 1>&6
+if test $ac_cv_type_mode_t = no; then
+  cat >> confdefs.h <<\EOF
+#define mode_t int
+EOF
+
+fi
+
+echo $ac_n "checking for off_t""... $ac_c" 1>&6
+echo "configure:3187: checking for off_t" >&5
+if eval "test \"`echo '$''{'ac_cv_type_off_t'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 3192 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  egrep "(^|[^a-zA-Z_0-9])off_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then
+  rm -rf conftest*
+  ac_cv_type_off_t=yes
+else
+  rm -rf conftest*
+  ac_cv_type_off_t=no
+fi
+rm -f conftest*
+
+fi
+echo "$ac_t""$ac_cv_type_off_t" 1>&6
+if test $ac_cv_type_off_t = no; then
+  cat >> confdefs.h <<\EOF
+#define off_t long
+EOF
+
+fi
+
+echo $ac_n "checking for size_t""... $ac_c" 1>&6
+echo "configure:3220: checking for size_t" >&5
+if eval "test \"`echo '$''{'ac_cv_type_size_t'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 3225 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  egrep "(^|[^a-zA-Z_0-9])size_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then
+  rm -rf conftest*
+  ac_cv_type_size_t=yes
+else
+  rm -rf conftest*
+  ac_cv_type_size_t=no
+fi
+rm -f conftest*
+
+fi
+echo "$ac_t""$ac_cv_type_size_t" 1>&6
+if test $ac_cv_type_size_t = no; then
+  cat >> confdefs.h <<\EOF
+#define size_t unsigned
+EOF
+
+fi
+
+echo $ac_n "checking for pid_t""... $ac_c" 1>&6
+echo "configure:3253: checking for pid_t" >&5
+if eval "test \"`echo '$''{'ac_cv_type_pid_t'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 3258 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  egrep "(^|[^a-zA-Z_0-9])pid_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then
+  rm -rf conftest*
+  ac_cv_type_pid_t=yes
+else
+  rm -rf conftest*
+  ac_cv_type_pid_t=no
+fi
+rm -f conftest*
+
+fi
+echo "$ac_t""$ac_cv_type_pid_t" 1>&6
+if test $ac_cv_type_pid_t = no; then
+  cat >> confdefs.h <<\EOF
+#define pid_t int
+EOF
+
+fi
+
+echo $ac_n "checking for st_rdev in struct stat""... $ac_c" 1>&6
+echo "configure:3286: checking for st_rdev in struct stat" >&5
+if eval "test \"`echo '$''{'ac_cv_struct_st_rdev'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 3291 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <sys/stat.h>
+int main() {
+struct stat s; s.st_rdev;
+; return 0; }
+EOF
+if { (eval echo configure:3299: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_struct_st_rdev=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_struct_st_rdev=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_struct_st_rdev" 1>&6
+if test $ac_cv_struct_st_rdev = yes; then
+  cat >> confdefs.h <<\EOF
+#define HAVE_ST_RDEV 1
+EOF
+
+fi
+
+echo $ac_n "checking for d_off in dirent""... $ac_c" 1>&6
+echo "configure:3320: checking for d_off in dirent" >&5
+if eval "test \"`echo '$''{'ac_cv_dirent_d_off'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 3325 "configure"
+#include "confdefs.h"
+
+#include <unistd.h>
+#include <sys/types.h>
+#include <dirent.h>
+int main() {
+struct dirent d; d.d_off;
+; return 0; }
+EOF
+if { (eval echo configure:3335: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_dirent_d_off=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_dirent_d_off=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_dirent_d_off" 1>&6
+if test $ac_cv_dirent_d_off = yes; then
+  cat >> confdefs.h <<\EOF
+#define HAVE_DIRENT_D_OFF 1
+EOF
+
+fi
+
+echo $ac_n "checking for ino_t""... $ac_c" 1>&6
+echo "configure:3356: checking for ino_t" >&5
+if eval "test \"`echo '$''{'ac_cv_type_ino_t'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 3361 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  egrep "(^|[^a-zA-Z_0-9])ino_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then
+  rm -rf conftest*
+  ac_cv_type_ino_t=yes
+else
+  rm -rf conftest*
+  ac_cv_type_ino_t=no
+fi
+rm -f conftest*
+
+fi
+echo "$ac_t""$ac_cv_type_ino_t" 1>&6
+if test $ac_cv_type_ino_t = no; then
+  cat >> confdefs.h <<\EOF
+#define ino_t unsigned
+EOF
+
+fi
+
+echo $ac_n "checking for loff_t""... $ac_c" 1>&6
+echo "configure:3389: checking for loff_t" >&5
+if eval "test \"`echo '$''{'ac_cv_type_loff_t'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 3394 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  egrep "(^|[^a-zA-Z_0-9])loff_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then
+  rm -rf conftest*
+  ac_cv_type_loff_t=yes
+else
+  rm -rf conftest*
+  ac_cv_type_loff_t=no
+fi
+rm -f conftest*
+
+fi
+echo "$ac_t""$ac_cv_type_loff_t" 1>&6
+if test $ac_cv_type_loff_t = no; then
+  cat >> confdefs.h <<\EOF
+#define loff_t off_t
+EOF
+
+fi
+
+echo $ac_n "checking for offset_t""... $ac_c" 1>&6
+echo "configure:3422: checking for offset_t" >&5
+if eval "test \"`echo '$''{'ac_cv_type_offset_t'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 3427 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  egrep "(^|[^a-zA-Z_0-9])offset_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then
+  rm -rf conftest*
+  ac_cv_type_offset_t=yes
+else
+  rm -rf conftest*
+  ac_cv_type_offset_t=no
+fi
+rm -f conftest*
+
+fi
+echo "$ac_t""$ac_cv_type_offset_t" 1>&6
+if test $ac_cv_type_offset_t = no; then
+  cat >> confdefs.h <<\EOF
+#define offset_t loff_t
+EOF
+
+fi
+
+echo $ac_n "checking for ssize_t""... $ac_c" 1>&6
+echo "configure:3455: checking for ssize_t" >&5
+if eval "test \"`echo '$''{'ac_cv_type_ssize_t'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 3460 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  egrep "(^|[^a-zA-Z_0-9])ssize_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then
+  rm -rf conftest*
+  ac_cv_type_ssize_t=yes
+else
+  rm -rf conftest*
+  ac_cv_type_ssize_t=no
+fi
+rm -f conftest*
+
+fi
+echo "$ac_t""$ac_cv_type_ssize_t" 1>&6
+if test $ac_cv_type_ssize_t = no; then
+  cat >> confdefs.h <<\EOF
+#define ssize_t int
+EOF
+
+fi
+
+echo $ac_n "checking for wchar_t""... $ac_c" 1>&6
+echo "configure:3488: checking for wchar_t" >&5
+if eval "test \"`echo '$''{'ac_cv_type_wchar_t'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 3493 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+EOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  egrep "(^|[^a-zA-Z_0-9])wchar_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then
+  rm -rf conftest*
+  ac_cv_type_wchar_t=yes
+else
+  rm -rf conftest*
+  ac_cv_type_wchar_t=no
+fi
+rm -f conftest*
+
+fi
+echo "$ac_t""$ac_cv_type_wchar_t" 1>&6
+if test $ac_cv_type_wchar_t = no; then
+  cat >> confdefs.h <<\EOF
+#define wchar_t unsigned short
+EOF
+
+fi
+
+
+############################################
+# for cups support we need libcups, and a handful of header files
+
+echo $ac_n "checking for httpConnect in -lcups""... $ac_c" 1>&6
+echo "configure:3525: checking for httpConnect in -lcups" >&5
+ac_lib_var=`echo cups'_'httpConnect | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lcups  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 3533 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char httpConnect();
+
+int main() {
+httpConnect()
+; return 0; }
+EOF
+if { (eval echo configure:3544: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_lib=HAVE_LIB`echo cups | sed -e 's/[^a-zA-Z0-9_]/_/g' \
+    -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+  LIBS="-lcups $LIBS"
+
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+
+# I wonder if there is a nicer way of doing this?
+
+if test x"$ac_cv_lib_cups_httpConnect" = x"yes"; then
+        for ac_hdr in cups/cups.h cups/language.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:3579: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 3584 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:3589: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+if test -z "$ac_err"; then
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=yes"
+else
+  echo "$ac_err" >&5
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+        if test x"$ac_cv_header_cups_cups_h" = x"yes"; then
+                if test x"$ac_cv_header_cups_language_h" = x"yes"; then
+                        cat >> confdefs.h <<\EOF
+#define HAVE_CUPS 1
+EOF
+
+                fi
+        fi
+fi
+
+############################################
+# we need libdl for PAM, the password database plugins and the new VFS code
+echo $ac_n "checking for dlopen in -ldl""... $ac_c" 1>&6
+echo "configure:3628: checking for dlopen in -ldl" >&5
+ac_lib_var=`echo dl'_'dlopen | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-ldl  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 3636 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char dlopen();
+
+int main() {
+dlopen()
+; return 0; }
+EOF
+if { (eval echo configure:3647: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  LIBS="$LIBS -ldl";
+	cat >> confdefs.h <<\EOF
+#define HAVE_LIBDL 1
+EOF
+
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+
+############################################
+# check if the compiler can do immediate structures
+echo $ac_n "checking for immediate structures""... $ac_c" 1>&6
+echo "configure:3675: checking for immediate structures" >&5
+if eval "test \"`echo '$''{'samba_cv_immediate_structures'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+    cat > conftest.$ac_ext <<EOF
+#line 3681 "configure"
+#include "confdefs.h"
+
+#include <stdio.h>
+int main() {
+
+   typedef struct {unsigned x;} FOOBAR;
+   #define X_FOOBAR(x) ((FOOBAR) { x })
+   #define FOO_ONE X_FOOBAR(1)
+   FOOBAR f = FOO_ONE;   
+   static struct {
+	FOOBAR y; 
+	} f2[] = {
+		{FOO_ONE}
+	};   
+
+; return 0; }
+EOF
+if { (eval echo configure:3699: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  samba_cv_immediate_structures=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  samba_cv_immediate_structures=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$samba_cv_immediate_structures" 1>&6
+if test x"$samba_cv_immediate_structures" = x"yes"; then
+   cat >> confdefs.h <<\EOF
+#define HAVE_IMMEDIATE_STRUCTURES 1
+EOF
+
+fi
+
+############################################
+# check for unix domain sockets
+echo $ac_n "checking for unix domain sockets""... $ac_c" 1>&6
+echo "configure:3722: checking for unix domain sockets" >&5
+if eval "test \"`echo '$''{'samba_cv_unixsocket'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+    cat > conftest.$ac_ext <<EOF
+#line 3728 "configure"
+#include "confdefs.h"
+
+#include <sys/types.h>
+#include <stdlib.h>
+#include <stddef.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+int main() {
+
+  struct sockaddr_un sunaddr; 
+  sunaddr.sun_family = AF_UNIX;
+
+; return 0; }
+EOF
+if { (eval echo configure:3743: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  samba_cv_unixsocket=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  samba_cv_unixsocket=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$samba_cv_unixsocket" 1>&6
+if test x"$samba_cv_unixsocket" = x"yes"; then
+   cat >> confdefs.h <<\EOF
+#define HAVE_UNIXSOCKET 1
+EOF
+
+fi
+
+
+echo $ac_n "checking for socklen_t type""... $ac_c" 1>&6
+echo "configure:3765: checking for socklen_t type" >&5
+if eval "test \"`echo '$''{'samba_cv_socklen_t'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+    cat > conftest.$ac_ext <<EOF
+#line 3771 "configure"
+#include "confdefs.h"
+
+#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+#include <sys/socket.h>
+int main() {
+socklen_t i = 0
+; return 0; }
+EOF
+if { (eval echo configure:3784: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  samba_cv_socklen_t=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  samba_cv_socklen_t=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$samba_cv_socklen_t" 1>&6
+if test x"$samba_cv_socklen_t" = x"yes"; then
+   cat >> confdefs.h <<\EOF
+#define HAVE_SOCKLEN_T_TYPE 1
+EOF
+
+fi
+
+echo $ac_n "checking for sig_atomic_t type""... $ac_c" 1>&6
+echo "configure:3805: checking for sig_atomic_t type" >&5
+if eval "test \"`echo '$''{'samba_cv_sig_atomic_t'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+    cat > conftest.$ac_ext <<EOF
+#line 3811 "configure"
+#include "confdefs.h"
+
+#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+#include <signal.h>
+int main() {
+sig_atomic_t i = 0
+; return 0; }
+EOF
+if { (eval echo configure:3824: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  samba_cv_sig_atomic_t=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  samba_cv_sig_atomic_t=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$samba_cv_sig_atomic_t" 1>&6
+if test x"$samba_cv_sig_atomic_t" = x"yes"; then
+   cat >> confdefs.h <<\EOF
+#define HAVE_SIG_ATOMIC_T_TYPE 1
+EOF
+
+fi
+
+# stupid headers have the functions but no declaration. grrrr.
+
+ echo $ac_n "checking for errno declaration""... $ac_c" 1>&6
+echo "configure:3847: checking for errno declaration" >&5
+if eval "test \"`echo '$''{'ac_cv_have_errno_decl'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+    cat > conftest.$ac_ext <<EOF
+#line 3853 "configure"
+#include "confdefs.h"
+#include <errno.h>
+int main() {
+int i = (int)errno
+; return 0; }
+EOF
+if { (eval echo configure:3860: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_have_errno_decl=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_have_errno_decl=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_have_errno_decl" 1>&6
+ if test x"$ac_cv_have_errno_decl" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_ERRNO_DECL 1
+EOF
+
+ fi
+
+
+ echo $ac_n "checking for setresuid declaration""... $ac_c" 1>&6
+echo "configure:3882: checking for setresuid declaration" >&5
+if eval "test \"`echo '$''{'ac_cv_have_setresuid_decl'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+    cat > conftest.$ac_ext <<EOF
+#line 3888 "configure"
+#include "confdefs.h"
+#include <unistd.h>
+int main() {
+int i = (int)setresuid
+; return 0; }
+EOF
+if { (eval echo configure:3895: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_have_setresuid_decl=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_have_setresuid_decl=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_have_setresuid_decl" 1>&6
+ if test x"$ac_cv_have_setresuid_decl" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_SETRESUID_DECL 1
+EOF
+
+ fi
+
+
+ echo $ac_n "checking for setresgid declaration""... $ac_c" 1>&6
+echo "configure:3917: checking for setresgid declaration" >&5
+if eval "test \"`echo '$''{'ac_cv_have_setresgid_decl'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+    cat > conftest.$ac_ext <<EOF
+#line 3923 "configure"
+#include "confdefs.h"
+#include <unistd.h>
+int main() {
+int i = (int)setresgid
+; return 0; }
+EOF
+if { (eval echo configure:3930: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_have_setresgid_decl=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_have_setresgid_decl=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_have_setresgid_decl" 1>&6
+ if test x"$ac_cv_have_setresgid_decl" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_SETRESGID_DECL 1
+EOF
+
+ fi
+
+
+ echo $ac_n "checking for asprintf declaration""... $ac_c" 1>&6
+echo "configure:3952: checking for asprintf declaration" >&5
+if eval "test \"`echo '$''{'ac_cv_have_asprintf_decl'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+    cat > conftest.$ac_ext <<EOF
+#line 3958 "configure"
+#include "confdefs.h"
+#include <stdio.h>
+int main() {
+int i = (int)asprintf
+; return 0; }
+EOF
+if { (eval echo configure:3965: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_have_asprintf_decl=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_have_asprintf_decl=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_have_asprintf_decl" 1>&6
+ if test x"$ac_cv_have_asprintf_decl" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_ASPRINTF_DECL 1
+EOF
+
+ fi
+
+
+ echo $ac_n "checking for vasprintf declaration""... $ac_c" 1>&6
+echo "configure:3987: checking for vasprintf declaration" >&5
+if eval "test \"`echo '$''{'ac_cv_have_vasprintf_decl'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+    cat > conftest.$ac_ext <<EOF
+#line 3993 "configure"
+#include "confdefs.h"
+#include <stdio.h>
+int main() {
+int i = (int)vasprintf
+; return 0; }
+EOF
+if { (eval echo configure:4000: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_have_vasprintf_decl=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_have_vasprintf_decl=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_have_vasprintf_decl" 1>&6
+ if test x"$ac_cv_have_vasprintf_decl" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_VASPRINTF_DECL 1
+EOF
+
+ fi
+
+
+ echo $ac_n "checking for vsnprintf declaration""... $ac_c" 1>&6
+echo "configure:4022: checking for vsnprintf declaration" >&5
+if eval "test \"`echo '$''{'ac_cv_have_vsnprintf_decl'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+    cat > conftest.$ac_ext <<EOF
+#line 4028 "configure"
+#include "confdefs.h"
+#include <stdio.h>
+int main() {
+int i = (int)vsnprintf
+; return 0; }
+EOF
+if { (eval echo configure:4035: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_have_vsnprintf_decl=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_have_vsnprintf_decl=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_have_vsnprintf_decl" 1>&6
+ if test x"$ac_cv_have_vsnprintf_decl" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_VSNPRINTF_DECL 1
+EOF
+
+ fi
+
+
+ echo $ac_n "checking for snprintf declaration""... $ac_c" 1>&6
+echo "configure:4057: checking for snprintf declaration" >&5
+if eval "test \"`echo '$''{'ac_cv_have_snprintf_decl'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+    cat > conftest.$ac_ext <<EOF
+#line 4063 "configure"
+#include "confdefs.h"
+#include <stdio.h>
+int main() {
+int i = (int)snprintf
+; return 0; }
+EOF
+if { (eval echo configure:4070: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_have_snprintf_decl=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_have_snprintf_decl=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_have_snprintf_decl" 1>&6
+ if test x"$ac_cv_have_snprintf_decl" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_SNPRINTF_DECL 1
+EOF
+
+ fi
+
+
+# and glibc has setresuid under linux but the function does
+# nothing until kernel 2.1.44! very dumb.
+echo $ac_n "checking for real setresuid""... $ac_c" 1>&6
+echo "configure:4094: checking for real setresuid" >&5
+if eval "test \"`echo '$''{'samba_cv_have_setresuid'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+    if test "$cross_compiling" = yes; then
+  samba_cv_have_setresuid=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 4103 "configure"
+#include "confdefs.h"
+#include <errno.h>
+main() { setresuid(1,1,1); setresuid(2,2,2); exit(errno==EPERM?0:1);}
+EOF
+if { (eval echo configure:4108: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  samba_cv_have_setresuid=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  samba_cv_have_setresuid=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$samba_cv_have_setresuid" 1>&6
+if test x"$samba_cv_have_setresuid" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_SETRESUID 1
+EOF
+
+fi
+
+# Do the same check for setresguid...
+#
+echo $ac_n "checking for real setresgid""... $ac_c" 1>&6
+echo "configure:4133: checking for real setresgid" >&5
+if eval "test \"`echo '$''{'samba_cv_have_setresgid'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+    if test "$cross_compiling" = yes; then
+  samba_cv_have_setresgid=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 4142 "configure"
+#include "confdefs.h"
+#include <unistd.h>
+#include <errno.h>
+main() { errno = 0; setresgid(1,1,1); exit(errno != 0 ? (errno==EPERM ? 0 : 1) : 0);}
+EOF
+if { (eval echo configure:4148: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  samba_cv_have_setresgid=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  samba_cv_have_setresgid=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$samba_cv_have_setresgid" 1>&6
+if test x"$samba_cv_have_setresgid" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_SETRESGID 1
+EOF
+
+fi
+
+echo $ac_n "checking for 8-bit clean memcmp""... $ac_c" 1>&6
+echo "configure:4171: checking for 8-bit clean memcmp" >&5
+if eval "test \"`echo '$''{'ac_cv_func_memcmp_clean'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  if test "$cross_compiling" = yes; then
+  ac_cv_func_memcmp_clean=no
+else
+  cat > conftest.$ac_ext <<EOF
+#line 4179 "configure"
+#include "confdefs.h"
+
+main()
+{
+  char c0 = 0x40, c1 = 0x80, c2 = 0x81;
+  exit(memcmp(&c0, &c2, 1) < 0 && memcmp(&c1, &c2, 1) < 0 ? 0 : 1);
+}
+
+EOF
+if { (eval echo configure:4189: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  ac_cv_func_memcmp_clean=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  ac_cv_func_memcmp_clean=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$ac_cv_func_memcmp_clean" 1>&6
+test $ac_cv_func_memcmp_clean = no && LIBOBJS="$LIBOBJS memcmp.${ac_objext}"
+
+
+###############################################
+# test for where we get crypt() from
+for ac_func in crypt
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:4212: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 4217 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:4240: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+if test x"$ac_cv_func_crypt" = x"no"; then
+    echo $ac_n "checking for crypt in -lcrypt""... $ac_c" 1>&6
+echo "configure:4266: checking for crypt in -lcrypt" >&5
+ac_lib_var=`echo crypt'_'crypt | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lcrypt  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 4274 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char crypt();
+
+int main() {
+crypt()
+; return 0; }
+EOF
+if { (eval echo configure:4285: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  LIBS="$LIBS -lcrypt";
+	cat >> confdefs.h <<\EOF
+#define HAVE_CRYPT 1
+EOF
+
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+fi
+
+
+###############################################
+# Readline included by default unless explicitly asked not to
+test "${with_readline+set}" != "set" && with_readline=yes
+
+# test for where we get readline() from
+echo $ac_n "checking whether to use readline""... $ac_c" 1>&6
+echo "configure:4318: checking whether to use readline" >&5
+# Check whether --with-readline or --without-readline was given.
+if test "${with_readline+set}" = set; then
+  withval="$with_readline"
+    case "$with_readline" in
+  yes)
+    echo "$ac_t""yes" 1>&6
+
+    for ac_hdr in readline.h history.h readline/readline.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:4330: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 4335 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:4340: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+if test -z "$ac_err"; then
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=yes"
+else
+  echo "$ac_err" >&5
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+    for ac_hdr in readline/history.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:4370: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 4375 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:4380: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+if test -z "$ac_err"; then
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=yes"
+else
+  echo "$ac_err" >&5
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+
+    for ac_hdr in readline.h readline/readline.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:4411: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 4416 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:4421: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+if test -z "$ac_err"; then
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=yes"
+else
+  echo "$ac_err" >&5
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+ 
+      for termlib in ncurses curses termcap terminfo termlib; do
+       echo $ac_n "checking for tgetent in -l${termlib}""... $ac_c" 1>&6
+echo "configure:4444: checking for tgetent in -l${termlib}" >&5
+ac_lib_var=`echo ${termlib}'_'tgetent | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-l${termlib}  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 4452 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char tgetent();
+
+int main() {
+tgetent()
+; return 0; }
+EOF
+if { (eval echo configure:4463: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  TERMLIBS="-l${termlib}"; break
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+      done
+      echo $ac_n "checking for rl_callback_handler_install in -lreadline""... $ac_c" 1>&6
+echo "configure:4485: checking for rl_callback_handler_install in -lreadline" >&5
+ac_lib_var=`echo readline'_'rl_callback_handler_install | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lreadline $TERMLIBS $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 4493 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char rl_callback_handler_install();
+
+int main() {
+rl_callback_handler_install()
+; return 0; }
+EOF
+if { (eval echo configure:4504: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  TERMLIBS="-lreadline $TERMLIBS"
+       cat >> confdefs.h <<\EOF
+#define HAVE_LIBREADLINE 1
+EOF
+
+       break
+else
+  echo "$ac_t""no" 1>&6
+TERMLIBS=
+fi
+
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+    ;;
+  no)
+    echo "$ac_t""no" 1>&6
+    ;;
+  *)
+    echo "$ac_t""yes" 1>&6
+
+    # Needed for AC_CHECK_HEADERS and AC_CHECK_LIB to look at
+    # alternate readline path
+    _ldflags=${LDFLAGS}
+    _cppflags=${CPPFLAGS}
+
+    # Add additional search path
+    LDFLAGS="-L$with_readline/lib $LDFLAGS"
+    CPPFLAGS="-I$with_readline/include $CPPFLAGS"
+
+    for ac_hdr in readline.h history.h readline/readline.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:4555: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 4560 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:4565: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+if test -z "$ac_err"; then
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=yes"
+else
+  echo "$ac_err" >&5
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+    for ac_hdr in readline/history.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:4595: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 4600 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:4605: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+if test -z "$ac_err"; then
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=yes"
+else
+  echo "$ac_err" >&5
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+
+    for ac_hdr in readline.h readline/readline.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:4636: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 4641 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:4646: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+if test -z "$ac_err"; then
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=yes"
+else
+  echo "$ac_err" >&5
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+ 
+      for termlib in ncurses curses termcap terminfo termlib; do
+       echo $ac_n "checking for tgetent in -l${termlib}""... $ac_c" 1>&6
+echo "configure:4669: checking for tgetent in -l${termlib}" >&5
+ac_lib_var=`echo ${termlib}'_'tgetent | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-l${termlib}  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 4677 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char tgetent();
+
+int main() {
+tgetent()
+; return 0; }
+EOF
+if { (eval echo configure:4688: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  TERMLIBS="-l${termlib}"; break
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+      done
+      echo $ac_n "checking for rl_callback_handler_install in -lreadline""... $ac_c" 1>&6
+echo "configure:4710: checking for rl_callback_handler_install in -lreadline" >&5
+ac_lib_var=`echo readline'_'rl_callback_handler_install | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lreadline $TERMLIBS $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 4718 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char rl_callback_handler_install();
+
+int main() {
+rl_callback_handler_install()
+; return 0; }
+EOF
+if { (eval echo configure:4729: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  TERMLDFLAGS="-L$with_readline/lib"
+       TERMCPPFLAGS="-I$with_readline/include"
+       CPPFLAGS="-I$with_readline/include $CPPFLAGS"
+       TERMLIBS="-lreadline $TERMLIBS"
+       cat >> confdefs.h <<\EOF
+#define HAVE_LIBREADLINE 1
+EOF
+
+       break
+else
+  echo "$ac_t""no" 1>&6
+TERMLIBS= CPPFLAGS=$_cppflags
+fi
+
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+
+    LDFLAGS=$_ldflags
+    ;;
+  esac
+else
+  echo "$ac_t""no" 1>&6
+
+fi
+
+
+
+
+# The readline API changed slightly from readline3 to readline4, so
+# code will generate warnings on one of them unless we have a few
+# special cases.
+echo $ac_n "checking for rl_completion_matches in -lreadline""... $ac_c" 1>&6
+echo "configure:4779: checking for rl_completion_matches in -lreadline" >&5
+ac_lib_var=`echo readline'_'rl_completion_matches | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lreadline $TERMLIBS $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 4787 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char rl_completion_matches();
+
+int main() {
+rl_completion_matches()
+; return 0; }
+EOF
+if { (eval echo configure:4798: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  cat >> confdefs.h <<\EOF
+#define HAVE_NEW_LIBREADLINE 1
+EOF
+
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+
+# The following test taken from the cvs sources
+# If we can't find connect, try looking in -lsocket, -lnsl, and -linet.
+# The Irix 5 libc.so has connect and gethostbyname, but Irix 5 also has
+# libsocket.so which has a bad implementation of gethostbyname (it
+# only looks in /etc/hosts), so we only look for -lsocket if we need
+# it.
+for ac_func in connect
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:4831: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 4836 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:4859: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+if test x"$ac_cv_func_connect" = x"no"; then
+    case "$LIBS" in
+    *-lnsl*) ;;
+    *) echo $ac_n "checking for printf in -lnsl_s""... $ac_c" 1>&6
+echo "configure:4887: checking for printf in -lnsl_s" >&5
+ac_lib_var=`echo nsl_s'_'printf | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lnsl_s  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 4895 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char printf();
+
+int main() {
+printf()
+; return 0; }
+EOF
+if { (eval echo configure:4906: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_lib=HAVE_LIB`echo nsl_s | sed -e 's/[^a-zA-Z0-9_]/_/g' \
+    -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+  LIBS="-lnsl_s $LIBS"
+
+else
+  echo "$ac_t""no" 1>&6
+fi
+ ;;
+    esac
+    case "$LIBS" in
+    *-lnsl*) ;;
+    *) echo $ac_n "checking for printf in -lnsl""... $ac_c" 1>&6
+echo "configure:4937: checking for printf in -lnsl" >&5
+ac_lib_var=`echo nsl'_'printf | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lnsl  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 4945 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char printf();
+
+int main() {
+printf()
+; return 0; }
+EOF
+if { (eval echo configure:4956: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_lib=HAVE_LIB`echo nsl | sed -e 's/[^a-zA-Z0-9_]/_/g' \
+    -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+  LIBS="-lnsl $LIBS"
+
+else
+  echo "$ac_t""no" 1>&6
+fi
+ ;;
+    esac
+    case "$LIBS" in
+    *-lsocket*) ;;
+    *) echo $ac_n "checking for connect in -lsocket""... $ac_c" 1>&6
+echo "configure:4987: checking for connect in -lsocket" >&5
+ac_lib_var=`echo socket'_'connect | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lsocket  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 4995 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char connect();
+
+int main() {
+connect()
+; return 0; }
+EOF
+if { (eval echo configure:5006: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_lib=HAVE_LIB`echo socket | sed -e 's/[^a-zA-Z0-9_]/_/g' \
+    -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+  LIBS="-lsocket $LIBS"
+
+else
+  echo "$ac_t""no" 1>&6
+fi
+ ;;
+    esac
+    case "$LIBS" in
+    *-linet*) ;;
+    *) echo $ac_n "checking for connect in -linet""... $ac_c" 1>&6
+echo "configure:5037: checking for connect in -linet" >&5
+ac_lib_var=`echo inet'_'connect | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-linet  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 5045 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char connect();
+
+int main() {
+connect()
+; return 0; }
+EOF
+if { (eval echo configure:5056: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_lib=HAVE_LIB`echo inet | sed -e 's/[^a-zA-Z0-9_]/_/g' \
+    -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+  LIBS="-linet $LIBS"
+
+else
+  echo "$ac_t""no" 1>&6
+fi
+ ;;
+    esac
+            if test x"$ac_cv_lib_socket_connect" = x"yes" || 
+       test x"$ac_cv_lib_inet_connect" = x"yes"; then
+        # ac_cv_func_connect=yes
+        # don't!  it would cause AC_CHECK_FUNC to succeed next time configure is run
+        cat >> confdefs.h <<\EOF
+#define HAVE_CONNECT 1
+EOF
+
+    fi
+fi
+
+###############################################
+# test for where we get get_yp_default_domain() from
+for ac_func in yp_get_default_domain
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:5100: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 5105 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:5128: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+if test x"$ac_cv_func_yp_get_default_domain" = x"no"; then
+	echo $ac_n "checking for yp_get_default_domain in -lnsl""... $ac_c" 1>&6
+echo "configure:5154: checking for yp_get_default_domain in -lnsl" >&5
+ac_lib_var=`echo nsl'_'yp_get_default_domain | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lnsl  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 5162 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char yp_get_default_domain();
+
+int main() {
+yp_get_default_domain()
+; return 0; }
+EOF
+if { (eval echo configure:5173: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  LIBS="$LIBS -lnsl";
+	cat >> confdefs.h <<\EOF
+#define HAVE_YP_GET_DEFAULT_DOMAIN 1
+EOF
+
+else
+  echo "$ac_t""no" 1>&6
+fi
+ 
+fi
+
+# Check if we have execl, if not we need to compile smbrun.
+for ac_func in execl
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:5203: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 5208 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:5231: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+if test x"$ac_cv_func_execl" = x"no"; then
+    RUNPROG="bin/smbrun"
+else
+    RUNPROG=""
+fi
+
+for ac_func in dlopen dlclose dlsym dlerror waitpid getcwd strdup strndup strtoul strerror chown fchown chmod fchmod chroot link mknod mknod64
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:5264: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 5269 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:5292: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_func in fstat strchr utime utimes getrlimit fsync bzero memset strlcpy strlcat setpgid
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:5319: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 5324 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:5347: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_func in memmove vsnprintf snprintf asprintf vasprintf setsid glob strpbrk pipe crypt16 getauthuid
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:5374: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 5379 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:5402: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_func in strftime sigprocmask sigblock sigaction sigset innetgr setnetgrent getnetgrent endnetgrent
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:5429: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 5434 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:5457: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_func in initgroups select poll rdchk getgrnam getgrent pathconf realpath
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:5484: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 5489 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:5512: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_func in setpriv setgidx setuidx setgroups sysconf mktime rename ftruncate stat64 fstat64
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:5539: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 5544 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:5567: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_func in lstat64 fopen64 atexit grantpt dup2 lseek64 ftruncate64 readdir64
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:5594: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 5599 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:5622: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_func in fseek64 fseeko64 ftell64 ftello64 setluid getpwanam setlinebuf
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:5649: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 5654 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:5677: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_func in srandom random srand rand setenv usleep strcasecmp fcvt fcvtl symlink readlink
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:5704: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 5709 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:5732: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_func in syslog vsyslog
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:5759: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 5764 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:5787: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+# setbuffer is needed for smbtorture
+for ac_func in setbuffer
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:5815: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 5820 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:5843: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+
+# syscall() is needed for smbwrapper.
+for ac_func in syscall
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:5872: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 5877 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:5900: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+
+for ac_func in _dup _dup2 _opendir _readdir _seekdir _telldir _closedir
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:5928: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 5933 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:5956: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_func in __dup __dup2 __opendir __readdir __seekdir __telldir __closedir
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:5983: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 5988 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:6011: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_func in __getcwd _getcwd
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:6038: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 6043 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:6066: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_func in __xstat __fxstat __lxstat
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:6093: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 6098 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:6121: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_func in _stat _lstat _fstat __stat __lstat __fstat
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:6148: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 6153 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:6176: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_func in _acl __acl _facl __facl _open __open _chdir __chdir
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:6203: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 6208 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:6231: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_func in _close __close _fchdir __fchdir _fcntl __fcntl
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:6258: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 6263 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:6286: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_func in getdents _getdents __getdents _lseek __lseek _read __read
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:6313: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 6318 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:6341: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_func in _write __write _fork __fork
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:6368: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 6373 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:6396: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_func in _stat64 __stat64 _fstat64 __fstat64 _lstat64 __lstat64
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:6423: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 6428 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:6451: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_func in __sys_llseek llseek _llseek __llseek readdir64 _readdir64 __readdir64
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:6478: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 6483 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:6506: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_func in pread _pread __pread pread64 _pread64 __pread64
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:6533: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 6538 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:6561: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_func in pwrite _pwrite __pwrite pwrite64 _pwrite64 __pwrite64
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:6588: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 6593 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:6616: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+for ac_func in open64 _open64 __open64 creat64
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:6643: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 6648 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:6671: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+
+#
+# stat64 family may need <sys/stat.h> on some systems, notably ReliantUNIX
+#
+
+if test x$ac_cv_func_stat64 = xno ; then
+  echo $ac_n "checking for stat64 in <sys/stat.h>""... $ac_c" 1>&6
+echo "configure:6702: checking for stat64 in <sys/stat.h>" >&5
+  cat > conftest.$ac_ext <<EOF
+#line 6704 "configure"
+#include "confdefs.h"
+
+#if defined(HAVE_UNISTD_H)
+#include <unistd.h>
+#endif
+#include <sys/stat.h>
+
+int main() {
+struct stat64 st64; exit(stat64(".",&st64));
+; return 0; }
+EOF
+if { (eval echo configure:6716: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  ac_cv_func_stat64=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+  echo "$ac_t""$ac_cv_func_stat64" 1>&6
+  if test x$ac_cv_func_stat64 = xyes ; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_STAT64 1
+EOF
+
+  fi
+fi
+
+if test x$ac_cv_func_lstat64 = xno ; then
+  echo $ac_n "checking for lstat64 in <sys/stat.h>""... $ac_c" 1>&6
+echo "configure:6735: checking for lstat64 in <sys/stat.h>" >&5
+  cat > conftest.$ac_ext <<EOF
+#line 6737 "configure"
+#include "confdefs.h"
+
+#if defined(HAVE_UNISTD_H)
+#include <unistd.h>
+#endif
+#include <sys/stat.h>
+
+int main() {
+struct stat64 st64; exit(lstat64(".",&st64));
+; return 0; }
+EOF
+if { (eval echo configure:6749: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  ac_cv_func_lstat64=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+  echo "$ac_t""$ac_cv_func_lstat64" 1>&6
+  if test x$ac_cv_func_lstat64 = xyes ; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_LSTAT64 1
+EOF
+
+  fi
+fi
+
+if test x$ac_cv_func_fstat64 = xno ; then
+  echo $ac_n "checking for fstat64 in <sys/stat.h>""... $ac_c" 1>&6
+echo "configure:6768: checking for fstat64 in <sys/stat.h>" >&5
+  cat > conftest.$ac_ext <<EOF
+#line 6770 "configure"
+#include "confdefs.h"
+
+#if defined(HAVE_UNISTD_H)
+#include <unistd.h>
+#endif
+#include <sys/stat.h>
+
+int main() {
+struct stat64 st64; exit(fstat64(0,&st64));
+; return 0; }
+EOF
+if { (eval echo configure:6782: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  ac_cv_func_fstat64=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+  echo "$ac_t""$ac_cv_func_fstat64" 1>&6
+  if test x$ac_cv_func_fstat64 = xyes ; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_FSTAT64 1
+EOF
+
+  fi
+fi
+
+#####################################
+# we might need the resolv library on some systems
+echo $ac_n "checking for dn_expand in -lresolv""... $ac_c" 1>&6
+echo "configure:6802: checking for dn_expand in -lresolv" >&5
+ac_lib_var=`echo resolv'_'dn_expand | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lresolv  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 6810 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char dn_expand();
+
+int main() {
+dn_expand()
+; return 0; }
+EOF
+if { (eval echo configure:6821: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_lib=HAVE_LIB`echo resolv | sed -e 's/[^a-zA-Z0-9_]/_/g' \
+    -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+  LIBS="-lresolv $LIBS"
+
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+
+#
+# Check for the functions putprpwnam, set_auth_parameters,
+# getspnam, bigcrypt and getprpwnam in -lsec and -lsecurity
+# Needed for OSF1 and HPUX.
+#
+
+case "$LIBS" in
+  *-lsecurity*) for ac_func in putprpwnam
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:6859: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 6864 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:6887: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+ ;;
+  *) echo $ac_n "checking for putprpwnam in -lsecurity""... $ac_c" 1>&6
+echo "configure:6912: checking for putprpwnam in -lsecurity" >&5
+ac_lib_var=`echo security'_'putprpwnam | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lsecurity  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 6920 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char putprpwnam();
+
+int main() {
+putprpwnam()
+; return 0; }
+EOF
+if { (eval echo configure:6931: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_lib=HAVE_LIB`echo security | sed -e 's/[^a-zA-Z0-9_]/_/g' \
+    -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+  LIBS="-lsecurity $LIBS"
+
+else
+  echo "$ac_t""no" 1>&6
+fi
+ 
+     for ac_func in putprpwnam
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:6961: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 6966 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:6989: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+  ;;
+  esac
+
+case "$LIBS" in
+  *-lsec*) for ac_func in putprpwnam
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:7020: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 7025 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:7048: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+ ;;
+  *) echo $ac_n "checking for putprpwnam in -lsec""... $ac_c" 1>&6
+echo "configure:7073: checking for putprpwnam in -lsec" >&5
+ac_lib_var=`echo sec'_'putprpwnam | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lsec  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 7081 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char putprpwnam();
+
+int main() {
+putprpwnam()
+; return 0; }
+EOF
+if { (eval echo configure:7092: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_lib=HAVE_LIB`echo sec | sed -e 's/[^a-zA-Z0-9_]/_/g' \
+    -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+  LIBS="-lsec $LIBS"
+
+else
+  echo "$ac_t""no" 1>&6
+fi
+ 
+     for ac_func in putprpwnam
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:7122: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 7127 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:7150: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+  ;;
+  esac
+
+
+case "$LIBS" in
+  *-lsecurity*) for ac_func in set_auth_parameters
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:7182: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 7187 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:7210: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+ ;;
+  *) echo $ac_n "checking for set_auth_parameters in -lsecurity""... $ac_c" 1>&6
+echo "configure:7235: checking for set_auth_parameters in -lsecurity" >&5
+ac_lib_var=`echo security'_'set_auth_parameters | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lsecurity  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 7243 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char set_auth_parameters();
+
+int main() {
+set_auth_parameters()
+; return 0; }
+EOF
+if { (eval echo configure:7254: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_lib=HAVE_LIB`echo security | sed -e 's/[^a-zA-Z0-9_]/_/g' \
+    -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+  LIBS="-lsecurity $LIBS"
+
+else
+  echo "$ac_t""no" 1>&6
+fi
+ 
+     for ac_func in set_auth_parameters
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:7284: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 7289 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:7312: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+  ;;
+  esac
+
+case "$LIBS" in
+  *-lsec*) for ac_func in set_auth_parameters
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:7343: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 7348 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:7371: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+ ;;
+  *) echo $ac_n "checking for set_auth_parameters in -lsec""... $ac_c" 1>&6
+echo "configure:7396: checking for set_auth_parameters in -lsec" >&5
+ac_lib_var=`echo sec'_'set_auth_parameters | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lsec  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 7404 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char set_auth_parameters();
+
+int main() {
+set_auth_parameters()
+; return 0; }
+EOF
+if { (eval echo configure:7415: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_lib=HAVE_LIB`echo sec | sed -e 's/[^a-zA-Z0-9_]/_/g' \
+    -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+  LIBS="-lsec $LIBS"
+
+else
+  echo "$ac_t""no" 1>&6
+fi
+ 
+     for ac_func in set_auth_parameters
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:7445: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 7450 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:7473: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+  ;;
+  esac
+
+
+# UnixWare 7.x has its getspnam in -lgen
+case "$LIBS" in
+  *-lgen*) for ac_func in getspnam
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:7506: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 7511 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:7534: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+ ;;
+  *) echo $ac_n "checking for getspnam in -lgen""... $ac_c" 1>&6
+echo "configure:7559: checking for getspnam in -lgen" >&5
+ac_lib_var=`echo gen'_'getspnam | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lgen  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 7567 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char getspnam();
+
+int main() {
+getspnam()
+; return 0; }
+EOF
+if { (eval echo configure:7578: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_lib=HAVE_LIB`echo gen | sed -e 's/[^a-zA-Z0-9_]/_/g' \
+    -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+  LIBS="-lgen $LIBS"
+
+else
+  echo "$ac_t""no" 1>&6
+fi
+ 
+     for ac_func in getspnam
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:7608: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 7613 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:7636: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+  ;;
+  esac
+
+
+case "$LIBS" in
+  *-lsecurity*) for ac_func in getspnam
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:7668: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 7673 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:7696: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+ ;;
+  *) echo $ac_n "checking for getspnam in -lsecurity""... $ac_c" 1>&6
+echo "configure:7721: checking for getspnam in -lsecurity" >&5
+ac_lib_var=`echo security'_'getspnam | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lsecurity  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 7729 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char getspnam();
+
+int main() {
+getspnam()
+; return 0; }
+EOF
+if { (eval echo configure:7740: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_lib=HAVE_LIB`echo security | sed -e 's/[^a-zA-Z0-9_]/_/g' \
+    -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+  LIBS="-lsecurity $LIBS"
+
+else
+  echo "$ac_t""no" 1>&6
+fi
+ 
+     for ac_func in getspnam
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:7770: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 7775 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:7798: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+  ;;
+  esac
+
+case "$LIBS" in
+  *-lsec*) for ac_func in getspnam
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:7829: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 7834 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:7857: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+ ;;
+  *) echo $ac_n "checking for getspnam in -lsec""... $ac_c" 1>&6
+echo "configure:7882: checking for getspnam in -lsec" >&5
+ac_lib_var=`echo sec'_'getspnam | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lsec  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 7890 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char getspnam();
+
+int main() {
+getspnam()
+; return 0; }
+EOF
+if { (eval echo configure:7901: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_lib=HAVE_LIB`echo sec | sed -e 's/[^a-zA-Z0-9_]/_/g' \
+    -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+  LIBS="-lsec $LIBS"
+
+else
+  echo "$ac_t""no" 1>&6
+fi
+ 
+     for ac_func in getspnam
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:7931: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 7936 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:7959: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+  ;;
+  esac
+
+
+case "$LIBS" in
+  *-lsecurity*) for ac_func in bigcrypt
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:7991: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 7996 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:8019: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+ ;;
+  *) echo $ac_n "checking for bigcrypt in -lsecurity""... $ac_c" 1>&6
+echo "configure:8044: checking for bigcrypt in -lsecurity" >&5
+ac_lib_var=`echo security'_'bigcrypt | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lsecurity  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 8052 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char bigcrypt();
+
+int main() {
+bigcrypt()
+; return 0; }
+EOF
+if { (eval echo configure:8063: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_lib=HAVE_LIB`echo security | sed -e 's/[^a-zA-Z0-9_]/_/g' \
+    -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+  LIBS="-lsecurity $LIBS"
+
+else
+  echo "$ac_t""no" 1>&6
+fi
+ 
+     for ac_func in bigcrypt
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:8093: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 8098 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:8121: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+  ;;
+  esac
+
+case "$LIBS" in
+  *-lsec*) for ac_func in bigcrypt
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:8152: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 8157 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:8180: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+ ;;
+  *) echo $ac_n "checking for bigcrypt in -lsec""... $ac_c" 1>&6
+echo "configure:8205: checking for bigcrypt in -lsec" >&5
+ac_lib_var=`echo sec'_'bigcrypt | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lsec  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 8213 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char bigcrypt();
+
+int main() {
+bigcrypt()
+; return 0; }
+EOF
+if { (eval echo configure:8224: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_lib=HAVE_LIB`echo sec | sed -e 's/[^a-zA-Z0-9_]/_/g' \
+    -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+  LIBS="-lsec $LIBS"
+
+else
+  echo "$ac_t""no" 1>&6
+fi
+ 
+     for ac_func in bigcrypt
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:8254: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 8259 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:8282: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+  ;;
+  esac
+
+
+case "$LIBS" in
+  *-lsecurity*) for ac_func in getprpwnam
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:8314: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 8319 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:8342: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+ ;;
+  *) echo $ac_n "checking for getprpwnam in -lsecurity""... $ac_c" 1>&6
+echo "configure:8367: checking for getprpwnam in -lsecurity" >&5
+ac_lib_var=`echo security'_'getprpwnam | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lsecurity  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 8375 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char getprpwnam();
+
+int main() {
+getprpwnam()
+; return 0; }
+EOF
+if { (eval echo configure:8386: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_lib=HAVE_LIB`echo security | sed -e 's/[^a-zA-Z0-9_]/_/g' \
+    -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+  LIBS="-lsecurity $LIBS"
+
+else
+  echo "$ac_t""no" 1>&6
+fi
+ 
+     for ac_func in getprpwnam
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:8416: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 8421 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:8444: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+  ;;
+  esac
+
+case "$LIBS" in
+  *-lsec*) for ac_func in getprpwnam
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:8475: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 8480 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:8503: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+ ;;
+  *) echo $ac_n "checking for getprpwnam in -lsec""... $ac_c" 1>&6
+echo "configure:8528: checking for getprpwnam in -lsec" >&5
+ac_lib_var=`echo sec'_'getprpwnam | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lsec  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 8536 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char getprpwnam();
+
+int main() {
+getprpwnam()
+; return 0; }
+EOF
+if { (eval echo configure:8547: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_lib=HAVE_LIB`echo sec | sed -e 's/[^a-zA-Z0-9_]/_/g' \
+    -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+  LIBS="-lsec $LIBS"
+
+else
+  echo "$ac_t""no" 1>&6
+fi
+ 
+     for ac_func in getprpwnam
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:8577: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 8582 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:8605: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+  ;;
+  esac
+
+
+# this bit needs to be modified for each OS that is suported by
+# smbwrapper. You need to specify how to created a shared library and
+# how to compile C code to produce PIC object files
+
+# these are the defaults, good for lots of systems
+HOST_OS="$host_os"
+LDSHFLAGS="-shared"
+SHLD="\${CC}"
+PICFLAG=""
+PICSUFFIX="po"
+POBAD_CC="#"
+SHLIBEXT="so"
+# Assume non-shared by default and override below
+BLDSHARED="false"
+echo $ac_n "checking ability to build shared libraries""... $ac_c" 1>&6
+echo "configure:8648: checking ability to build shared libraries" >&5
+
+# and these are for particular systems
+case "$host_os" in
+		*linux*)   cat >> confdefs.h <<\EOF
+#define LINUX 1
+EOF
+
+			BLDSHARED="true"
+			LDSHFLAGS="-shared" 
+			DYNEXP="-Wl,--export-dynamic"
+			PICFLAG="-fPIC"
+			cat >> confdefs.h <<\EOF
+#define STAT_ST_BLOCKSIZE 512
+EOF
+
+		;;
+		*solaris*) 
+			cat >> confdefs.h <<\EOF
+#define SUNOS5 1
+EOF
+
+			BLDSHARED="true"
+			LDSHFLAGS="-h \$@ -G"
+			if test "${ac_cv_prog_CC}" = "gcc"; then
+				PICFLAG="-fPIC"
+			else
+				PICFLAG="-KPIC"
+				POBAD_CC=""
+				PICSUFFIX="po.o"
+			fi
+			cat >> confdefs.h <<\EOF
+#define STAT_ST_BLOCKSIZE 512
+EOF
+
+		;;
+		*sunos*) cat >> confdefs.h <<\EOF
+#define SUNOS4 1
+EOF
+
+			BLDSHARED="true"
+			LDSHFLAGS="-Wl,-h,\$@ -G"
+			PICFLAG="-KPIC"   # Is this correct for SunOS
+		;;
+		*bsd*)  BLDSHARED="true"
+			LDSHFLAGS="-Wl,-soname,\$@ -shared"
+			PICFLAG="-fPIC"
+			cat >> confdefs.h <<\EOF
+#define STAT_ST_BLOCKSIZE 512
+EOF
+
+		;;
+		*irix*) cat >> confdefs.h <<\EOF
+#define IRIX 1
+EOF
+
+			case "$host_os" in
+			*irix6*) cat >> confdefs.h <<\EOF
+#define IRIX6 1
+EOF
+
+			;;
+			esac
+			ATTEMPT_WRAP32_BUILD=yes
+			BLDSHARED="true"
+			LDSHFLAGS="-soname \$@ -shared"
+			SHLD="\${LD}"
+			if test "${ac_cv_prog_CC}" = "gcc"; then
+				PICFLAG="-fPIC"
+			else 
+				PICFLAG="-KPIC"
+			fi
+			cat >> confdefs.h <<\EOF
+#define STAT_ST_BLOCKSIZE 512
+EOF
+
+		;;
+		*aix*) cat >> confdefs.h <<\EOF
+#define AIX 1
+EOF
+
+			BLDSHARED="true"
+			LDSHFLAGS="-Wl,-bexpall,-bM:SRE,-bnoentry"
+			PICFLAG="-O2 -qmaxmem=6000"
+			cat >> confdefs.h <<\EOF
+#define STAT_ST_BLOCKSIZE DEV_BSIZE
+EOF
+
+		;;
+		*hpux*) cat >> confdefs.h <<\EOF
+#define HPUX 1
+EOF
+
+			SHLIBEXT="sl"
+			# Use special PIC flags for the native HP-UX compiler.
+			if test $ac_cv_prog_cc_Ae = yes; then
+				SHLD="/usr/bin/ld"
+				BLDSHARED="true"
+				LDSHFLAGS="-B symbolic -b -z +h \$@"
+				PICFLAG="+z"
+			fi
+			DYNEXP="-Wl,-E"
+			cat >> confdefs.h <<\EOF
+#define STAT_ST_BLOCKSIZE 8192
+EOF
+
+		;;
+		*qnx*) cat >> confdefs.h <<\EOF
+#define QNX 1
+EOF
+;;
+		*osf*) cat >> confdefs.h <<\EOF
+#define OSF1 1
+EOF
+
+			BLDSHARED="true"
+			LDSHFLAGS="-Wl,-soname,\$@ -shared"
+			PICFLAG="-fPIC"
+		;;
+		*sco*) 
+        		cat >> confdefs.h <<\EOF
+#define SCO 1
+EOF
+
+		;;
+		*unixware*) cat >> confdefs.h <<\EOF
+#define UNIXWARE 1
+EOF
+
+			BLDSHARED="true"
+			LDSHFLAGS="-Wl,-soname,\$@ -shared"
+			PICFLAG="-KPIC"
+		;;
+		*next2*) cat >> confdefs.h <<\EOF
+#define NEXT2 1
+EOF
+;;
+		*dgux*) # Extract the first word of "groff", so it can be a program name with args.
+set dummy groff; ac_word=$2
+echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+echo "configure:8788: checking for $ac_word" >&5
+if eval "test \"`echo '$''{'ac_cv_prog_ROFF'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  if test -n "$ROFF"; then
+  ac_cv_prog_ROFF="$ROFF" # Let the user override the test.
+else
+  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
+  ac_dummy="$PATH"
+  for ac_dir in $ac_dummy; do
+    test -z "$ac_dir" && ac_dir=.
+    if test -f $ac_dir/$ac_word; then
+      ac_cv_prog_ROFF="groff -etpsR -Tascii -man"
+      break
+    fi
+  done
+  IFS="$ac_save_ifs"
+fi
+fi
+ROFF="$ac_cv_prog_ROFF"
+if test -n "$ROFF"; then
+  echo "$ac_t""$ROFF" 1>&6
+else
+  echo "$ac_t""no" 1>&6
+fi
+;;
+		*sysv4*)
+			case "$host" in
+				*-univel-*)
+					if  test "$GCC" != yes ; then
+						cat >> confdefs.h <<\EOF
+#define HAVE_MEMSET 1
+EOF
+
+					fi
+					LDSHFLAGS="-G"
+                             		DYNEXP="-Bexport"
+				;;
+				*mips-sni-sysv4*)
+					cat >> confdefs.h <<\EOF
+#define RELIANTUNIX 1
+EOF
+
+                    		;;
+			esac
+		;;
+
+		*sysv5*)
+			if  test "$GCC" != yes ; then
+				cat >> confdefs.h <<\EOF
+#define HAVE_MEMSET 1
+EOF
+
+			fi
+			LDSHFLAGS="-G"
+		;;
+esac
+
+echo "$ac_t""$BLDSHARED" 1>&6
+echo $ac_n "checking linker flags for shared libraries""... $ac_c" 1>&6
+echo "configure:8848: checking linker flags for shared libraries" >&5
+echo "$ac_t""$LDSHFLAGS" 1>&6
+echo $ac_n "checking compiler flags for position-independent code""... $ac_c" 1>&6
+echo "configure:8851: checking compiler flags for position-independent code" >&5
+echo "$ac_t""$PICFLAGS" 1>&6
+
+#######################################################
+# test whether building a shared library actually works
+if test $BLDSHARED = true; then
+echo $ac_n "checking whether building shared libraries actually works""... $ac_c" 1>&6
+echo "configure:8858: checking whether building shared libraries actually works" >&5
+if eval "test \"`echo '$''{'ac_cv_shlib_works'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+   ac_cv_shlib_works=no
+   # try building a trivial shared library
+   $CC $CPPFLAGS $CFLAGS $PICFLAG -c -o shlib.po ${srcdir-.}/tests/shlib.c &&
+     $CC $CPPFLAGS $CFLAGS $LDSHFLAGS -o shlib.so shlib.po &&
+     ac_cv_shlib_works=yes
+   rm -f shlib.so shlib.po
+
+fi
+
+echo "$ac_t""$ac_cv_shlib_works" 1>&6
+if test $ac_cv_shlib_works = no; then
+   BLDSHARED=false
+fi
+fi
+
+
+# this updates our target list if we can build shared libs
+if test $BLDSHARED = true; then
+   LIBSMBCLIENT_SHARED=bin/libsmbclient.$SHLIBEXT
+else
+   LIBSMBCLIENT_SHARED=
+fi
+
+################
+
+echo $ac_n "checking for long long""... $ac_c" 1>&6
+echo "configure:8889: checking for long long" >&5
+if eval "test \"`echo '$''{'samba_cv_have_longlong'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if test "$cross_compiling" = yes; then
+  samba_cv_have_longlong=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 8898 "configure"
+#include "confdefs.h"
+#include <stdio.h>
+main() { long long x = 1000000; x *= x; exit(((x/1000000) == 1000000)? 0: 1); }
+EOF
+if { (eval echo configure:8903: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  samba_cv_have_longlong=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  samba_cv_have_longlong=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$samba_cv_have_longlong" 1>&6
+if test x"$samba_cv_have_longlong" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_LONGLONG 1
+EOF
+
+fi
+
+#
+# Check if the compiler supports the LL prefix on long long integers.
+# AIX needs this.
+
+echo $ac_n "checking for LL suffix on long long integers""... $ac_c" 1>&6
+echo "configure:8930: checking for LL suffix on long long integers" >&5
+if eval "test \"`echo '$''{'samba_cv_compiler_supports_ll'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+    cat > conftest.$ac_ext <<EOF
+#line 8936 "configure"
+#include "confdefs.h"
+#include <stdio.h>
+int main() {
+long long i = 0x8000000000LL
+; return 0; }
+EOF
+if { (eval echo configure:8943: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  samba_cv_compiler_supports_ll=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  samba_cv_compiler_supports_ll=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$samba_cv_compiler_supports_ll" 1>&6
+if test x"$samba_cv_compiler_supports_ll" = x"yes"; then
+   cat >> confdefs.h <<\EOF
+#define COMPILER_SUPPORTS_LL 1
+EOF
+
+fi
+
+  
+echo $ac_n "checking for 64 bit off_t""... $ac_c" 1>&6
+echo "configure:8965: checking for 64 bit off_t" >&5
+if eval "test \"`echo '$''{'samba_cv_SIZEOF_OFF_T'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if test "$cross_compiling" = yes; then
+  samba_cv_SIZEOF_OFF_T=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 8974 "configure"
+#include "confdefs.h"
+#include <stdio.h>
+#include <sys/stat.h>
+main() { exit((sizeof(off_t) == 8) ? 0 : 1); }
+EOF
+if { (eval echo configure:8980: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  samba_cv_SIZEOF_OFF_T=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  samba_cv_SIZEOF_OFF_T=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$samba_cv_SIZEOF_OFF_T" 1>&6
+if test x"$samba_cv_SIZEOF_OFF_T" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define SIZEOF_OFF_T 8
+EOF
+
+fi
+
+echo $ac_n "checking for off64_t""... $ac_c" 1>&6
+echo "configure:9003: checking for off64_t" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_OFF64_T'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if test "$cross_compiling" = yes; then
+  samba_cv_HAVE_OFF64_T=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 9012 "configure"
+#include "confdefs.h"
+
+#if defined(HAVE_UNISTD_H)
+#include <unistd.h>
+#endif
+#include <stdio.h>
+#include <sys/stat.h>
+main() { struct stat64 st; off64_t s; if (sizeof(off_t) == sizeof(off64_t)) exit(1); exit((lstat64("/dev/null", &st)==0)?0:1); }
+EOF
+if { (eval echo configure:9022: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  samba_cv_HAVE_OFF64_T=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  samba_cv_HAVE_OFF64_T=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$samba_cv_HAVE_OFF64_T" 1>&6
+if test x"$samba_cv_HAVE_OFF64_T" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_OFF64_T 1
+EOF
+
+fi
+
+echo $ac_n "checking for 64 bit ino_t""... $ac_c" 1>&6
+echo "configure:9045: checking for 64 bit ino_t" >&5
+if eval "test \"`echo '$''{'samba_cv_SIZEOF_INO_T'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if test "$cross_compiling" = yes; then
+  samba_cv_SIZEOF_INO_T=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 9054 "configure"
+#include "confdefs.h"
+#include <stdio.h>
+#include <sys/stat.h>
+main() { exit((sizeof(ino_t) == 8) ? 0 : 1); }
+EOF
+if { (eval echo configure:9060: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  samba_cv_SIZEOF_INO_T=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  samba_cv_SIZEOF_INO_T=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$samba_cv_SIZEOF_INO_T" 1>&6
+if test x"$samba_cv_SIZEOF_INO_T" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define SIZEOF_INO_T 8
+EOF
+
+fi
+
+echo $ac_n "checking for ino64_t""... $ac_c" 1>&6
+echo "configure:9083: checking for ino64_t" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_INO64_T'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if test "$cross_compiling" = yes; then
+  samba_cv_HAVE_INO64_T=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 9092 "configure"
+#include "confdefs.h"
+
+#if defined(HAVE_UNISTD_H)
+#include <unistd.h>
+#endif
+#include <stdio.h>
+#include <sys/stat.h>
+main() { struct stat64 st; ino64_t s; if (sizeof(ino_t) == sizeof(ino64_t)) exit(1); exit((lstat64("/dev/null", &st)==0)?0:1); }
+EOF
+if { (eval echo configure:9102: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  samba_cv_HAVE_INO64_T=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  samba_cv_HAVE_INO64_T=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$samba_cv_HAVE_INO64_T" 1>&6
+if test x"$samba_cv_HAVE_INO64_T" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_INO64_T 1
+EOF
+
+fi
+
+echo $ac_n "checking for dev64_t""... $ac_c" 1>&6
+echo "configure:9125: checking for dev64_t" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_DEV64_T'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if test "$cross_compiling" = yes; then
+  samba_cv_HAVE_DEV64_T=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 9134 "configure"
+#include "confdefs.h"
+
+#if defined(HAVE_UNISTD_H)
+#include <unistd.h>
+#endif
+#include <stdio.h>
+#include <sys/stat.h>
+main() { struct stat64 st; dev64_t s; if (sizeof(dev_t) == sizeof(dev64_t)) exit(1); exit((lstat64("/dev/null", &st)==0)?0:1); }
+EOF
+if { (eval echo configure:9144: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  samba_cv_HAVE_DEV64_T=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  samba_cv_HAVE_DEV64_T=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$samba_cv_HAVE_DEV64_T" 1>&6
+if test x"$samba_cv_HAVE_DEV64_T" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_DEV64_T 1
+EOF
+
+fi
+
+echo $ac_n "checking for struct dirent64""... $ac_c" 1>&6
+echo "configure:9167: checking for struct dirent64" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_STRUCT_DIRENT64'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 9173 "configure"
+#include "confdefs.h"
+
+#if defined(HAVE_UNISTD_H)
+#include <unistd.h>
+#endif
+#include <sys/types.h>
+#include <dirent.h>
+int main() {
+struct dirent64 de;
+; return 0; }
+EOF
+if { (eval echo configure:9185: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  samba_cv_HAVE_STRUCT_DIRENT64=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  samba_cv_HAVE_STRUCT_DIRENT64=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$samba_cv_HAVE_STRUCT_DIRENT64" 1>&6
+if test x"$samba_cv_HAVE_STRUCT_DIRENT64" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_STRUCT_DIRENT64 1
+EOF
+
+fi
+
+echo $ac_n "checking for major macro""... $ac_c" 1>&6
+echo "configure:9206: checking for major macro" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_DEVICE_MAJOR_FN'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if test "$cross_compiling" = yes; then
+  samba_cv_HAVE_DEVICE_MAJOR_FN=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 9215 "configure"
+#include "confdefs.h"
+
+#if defined(HAVE_UNISTD_H)
+#include <unistd.h>
+#endif
+#include <sys/types.h>
+main() { dev_t dev; int i = major(dev); return 0; }
+EOF
+if { (eval echo configure:9224: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  samba_cv_HAVE_DEVICE_MAJOR_FN=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  samba_cv_HAVE_DEVICE_MAJOR_FN=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$samba_cv_HAVE_DEVICE_MAJOR_FN" 1>&6
+if test x"$samba_cv_HAVE_DEVICE_MAJOR_FN" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_DEVICE_MAJOR_FN 1
+EOF
+
+fi
+
+echo $ac_n "checking for minor macro""... $ac_c" 1>&6
+echo "configure:9247: checking for minor macro" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_DEVICE_MINOR_FN'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if test "$cross_compiling" = yes; then
+  samba_cv_HAVE_DEVICE_MINOR_FN=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 9256 "configure"
+#include "confdefs.h"
+
+#if defined(HAVE_UNISTD_H)
+#include <unistd.h>
+#endif
+#include <sys/types.h>
+main() { dev_t dev; int i = minor(dev); return 0; }
+EOF
+if { (eval echo configure:9265: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  samba_cv_HAVE_DEVICE_MINOR_FN=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  samba_cv_HAVE_DEVICE_MINOR_FN=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$samba_cv_HAVE_DEVICE_MINOR_FN" 1>&6
+if test x"$samba_cv_HAVE_DEVICE_MINOR_FN" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_DEVICE_MINOR_FN 1
+EOF
+
+fi
+
+echo $ac_n "checking for unsigned char""... $ac_c" 1>&6
+echo "configure:9288: checking for unsigned char" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_UNSIGNED_CHAR'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if test "$cross_compiling" = yes; then
+  samba_cv_HAVE_UNSIGNED_CHAR=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 9297 "configure"
+#include "confdefs.h"
+#include <stdio.h>
+main() { char c; c=250; exit((c > 0)?0:1); }
+EOF
+if { (eval echo configure:9302: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  samba_cv_HAVE_UNSIGNED_CHAR=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  samba_cv_HAVE_UNSIGNED_CHAR=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$samba_cv_HAVE_UNSIGNED_CHAR" 1>&6
+if test x"$samba_cv_HAVE_UNSIGNED_CHAR" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_UNSIGNED_CHAR 1
+EOF
+
+fi
+
+echo $ac_n "checking for sin_len in sock""... $ac_c" 1>&6
+echo "configure:9325: checking for sin_len in sock" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_SOCK_SIN_LEN'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 9331 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+int main() {
+struct sockaddr_in sock; sock.sin_len = sizeof(sock);
+; return 0; }
+EOF
+if { (eval echo configure:9340: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  samba_cv_HAVE_SOCK_SIN_LEN=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  samba_cv_HAVE_SOCK_SIN_LEN=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$samba_cv_HAVE_SOCK_SIN_LEN" 1>&6
+if test x"$samba_cv_HAVE_SOCK_SIN_LEN" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_SOCK_SIN_LEN 1
+EOF
+
+fi
+
+echo $ac_n "checking whether seekdir returns void""... $ac_c" 1>&6
+echo "configure:9361: checking whether seekdir returns void" >&5
+if eval "test \"`echo '$''{'samba_cv_SEEKDIR_RETURNS_VOID'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 9367 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <dirent.h>
+void seekdir(DIR *d, long loc) { return; }
+int main() {
+return 0;
+; return 0; }
+EOF
+if { (eval echo configure:9376: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  samba_cv_SEEKDIR_RETURNS_VOID=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  samba_cv_SEEKDIR_RETURNS_VOID=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$samba_cv_SEEKDIR_RETURNS_VOID" 1>&6
+if test x"$samba_cv_SEEKDIR_RETURNS_VOID" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define SEEKDIR_RETURNS_VOID 1
+EOF
+
+fi
+
+echo $ac_n "checking for __FILE__ macro""... $ac_c" 1>&6
+echo "configure:9397: checking for __FILE__ macro" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_FILE_MACRO'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 9403 "configure"
+#include "confdefs.h"
+#include <stdio.h>
+int main() {
+printf("%s\n", __FILE__);
+; return 0; }
+EOF
+if { (eval echo configure:9410: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  samba_cv_HAVE_FILE_MACRO=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  samba_cv_HAVE_FILE_MACRO=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$samba_cv_HAVE_FILE_MACRO" 1>&6
+if test x"$samba_cv_HAVE_FILE_MACRO" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_FILE_MACRO 1
+EOF
+
+fi
+
+echo $ac_n "checking for __FUNCTION__ macro""... $ac_c" 1>&6
+echo "configure:9431: checking for __FUNCTION__ macro" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_FUNCTION_MACRO'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 9437 "configure"
+#include "confdefs.h"
+#include <stdio.h>
+int main() {
+printf("%s\n", __FUNCTION__);
+; return 0; }
+EOF
+if { (eval echo configure:9444: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  samba_cv_HAVE_FUNCTION_MACRO=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  samba_cv_HAVE_FUNCTION_MACRO=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$samba_cv_HAVE_FUNCTION_MACRO" 1>&6
+if test x"$samba_cv_HAVE_FUNCTION_MACRO" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_FUNCTION_MACRO 1
+EOF
+
+fi
+
+echo $ac_n "checking if gettimeofday takes tz argument""... $ac_c" 1>&6
+echo "configure:9465: checking if gettimeofday takes tz argument" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_GETTIMEOFDAY_TZ'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if test "$cross_compiling" = yes; then
+  samba_cv_HAVE_GETTIMEOFDAY_TZ=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 9474 "configure"
+#include "confdefs.h"
+
+#include <sys/time.h>
+#include <unistd.h>
+main() { struct timeval tv; exit(gettimeofday(&tv, NULL));}
+EOF
+if { (eval echo configure:9481: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  samba_cv_HAVE_GETTIMEOFDAY_TZ=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  samba_cv_HAVE_GETTIMEOFDAY_TZ=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$samba_cv_HAVE_GETTIMEOFDAY_TZ" 1>&6
+if test x"$samba_cv_HAVE_GETTIMEOFDAY_TZ" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_GETTIMEOFDAY_TZ 1
+EOF
+
+fi
+
+echo $ac_n "checking for C99 vsnprintf""... $ac_c" 1>&6
+echo "configure:9504: checking for C99 vsnprintf" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_C99_VSNPRINTF'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if test "$cross_compiling" = yes; then
+  samba_cv_HAVE_C99_VSNPRINTF=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 9513 "configure"
+#include "confdefs.h"
+
+#include <sys/types.h>
+#include <stdarg.h>
+void foo(const char *format, ...) { 
+       va_list ap;
+       int len;
+       char buf[5];
+
+       va_start(ap, format);
+       len = vsnprintf(buf, 0, format, ap);
+       va_end(ap);
+       if (len != 5) exit(1);
+
+       va_start(ap, format);
+       len = vsnprintf(0, 0, format, ap);
+       va_end(ap);
+       if (len != 5) exit(1);
+
+       if (snprintf(buf, 3, "hello") != 5 || strcmp(buf, "he") != 0) exit(1);
+
+       exit(0);
+}
+main() { foo("hello"); }
+
+EOF
+if { (eval echo configure:9540: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  samba_cv_HAVE_C99_VSNPRINTF=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  samba_cv_HAVE_C99_VSNPRINTF=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$samba_cv_HAVE_C99_VSNPRINTF" 1>&6
+if test x"$samba_cv_HAVE_C99_VSNPRINTF" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_C99_VSNPRINTF 1
+EOF
+
+fi
+
+echo $ac_n "checking for broken readdir""... $ac_c" 1>&6
+echo "configure:9563: checking for broken readdir" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_BROKEN_READDIR'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if test "$cross_compiling" = yes; then
+  samba_cv_HAVE_BROKEN_READDIR=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 9572 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <dirent.h>
+main() { struct dirent *di; DIR *d = opendir("."); di = readdir(d);
+if (di && di->d_name[-2] == '.' && di->d_name[-1] == 0 &&
+di->d_name[0] == 0) exit(0); exit(1);} 
+EOF
+if { (eval echo configure:9580: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  samba_cv_HAVE_BROKEN_READDIR=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  samba_cv_HAVE_BROKEN_READDIR=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$samba_cv_HAVE_BROKEN_READDIR" 1>&6
+if test x"$samba_cv_HAVE_BROKEN_READDIR" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_BROKEN_READDIR 1
+EOF
+
+fi
+
+echo $ac_n "checking for utimbuf""... $ac_c" 1>&6
+echo "configure:9603: checking for utimbuf" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_UTIMBUF'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 9609 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <utime.h>
+int main() {
+struct utimbuf tbuf;  tbuf.actime = 0; tbuf.modtime = 1; exit(utime("foo.c",&tbuf));
+; return 0; }
+EOF
+if { (eval echo configure:9617: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  samba_cv_HAVE_UTIMBUF=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  samba_cv_HAVE_UTIMBUF=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$samba_cv_HAVE_UTIMBUF" 1>&6
+if test x"$samba_cv_HAVE_UTIMBUF" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_UTIMBUF 1
+EOF
+
+fi
+
+
+for ac_func in pututline pututxline updwtmp updwtmpx getutmpx
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:9641: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 9646 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:9669: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+
+echo $ac_n "checking for ut_name in utmp""... $ac_c" 1>&6
+echo "configure:9695: checking for ut_name in utmp" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_NAME'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 9701 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <utmp.h>
+int main() {
+struct utmp ut;  ut.ut_name[0] = 'a';
+; return 0; }
+EOF
+if { (eval echo configure:9709: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  samba_cv_HAVE_UT_UT_NAME=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  samba_cv_HAVE_UT_UT_NAME=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$samba_cv_HAVE_UT_UT_NAME" 1>&6
+if test x"$samba_cv_HAVE_UT_UT_NAME" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_UT_UT_NAME 1
+EOF
+
+fi 
+
+echo $ac_n "checking for ut_user in utmp""... $ac_c" 1>&6
+echo "configure:9730: checking for ut_user in utmp" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_USER'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 9736 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <utmp.h>
+int main() {
+struct utmp ut;  ut.ut_user[0] = 'a';
+; return 0; }
+EOF
+if { (eval echo configure:9744: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  samba_cv_HAVE_UT_UT_USER=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  samba_cv_HAVE_UT_UT_USER=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$samba_cv_HAVE_UT_UT_USER" 1>&6
+if test x"$samba_cv_HAVE_UT_UT_USER" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_UT_UT_USER 1
+EOF
+
+fi 
+
+echo $ac_n "checking for ut_id in utmp""... $ac_c" 1>&6
+echo "configure:9765: checking for ut_id in utmp" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_ID'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 9771 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <utmp.h>
+int main() {
+struct utmp ut;  ut.ut_id[0] = 'a';
+; return 0; }
+EOF
+if { (eval echo configure:9779: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  samba_cv_HAVE_UT_UT_ID=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  samba_cv_HAVE_UT_UT_ID=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$samba_cv_HAVE_UT_UT_ID" 1>&6
+if test x"$samba_cv_HAVE_UT_UT_ID" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_UT_UT_ID 1
+EOF
+
+fi 
+
+echo $ac_n "checking for ut_host in utmp""... $ac_c" 1>&6
+echo "configure:9800: checking for ut_host in utmp" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_HOST'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 9806 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <utmp.h>
+int main() {
+struct utmp ut;  ut.ut_host[0] = 'a';
+; return 0; }
+EOF
+if { (eval echo configure:9814: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  samba_cv_HAVE_UT_UT_HOST=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  samba_cv_HAVE_UT_UT_HOST=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$samba_cv_HAVE_UT_UT_HOST" 1>&6
+if test x"$samba_cv_HAVE_UT_UT_HOST" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_UT_UT_HOST 1
+EOF
+
+fi 
+
+echo $ac_n "checking for ut_time in utmp""... $ac_c" 1>&6
+echo "configure:9835: checking for ut_time in utmp" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_TIME'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 9841 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <utmp.h>
+int main() {
+struct utmp ut;  time_t t; ut.ut_time = t;
+; return 0; }
+EOF
+if { (eval echo configure:9849: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  samba_cv_HAVE_UT_UT_TIME=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  samba_cv_HAVE_UT_UT_TIME=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$samba_cv_HAVE_UT_UT_TIME" 1>&6
+if test x"$samba_cv_HAVE_UT_UT_TIME" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_UT_UT_TIME 1
+EOF
+
+fi 
+
+echo $ac_n "checking for ut_tv in utmp""... $ac_c" 1>&6
+echo "configure:9870: checking for ut_tv in utmp" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_TV'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 9876 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <utmp.h>
+int main() {
+struct utmp ut;  struct timeval tv; ut.ut_tv = tv;
+; return 0; }
+EOF
+if { (eval echo configure:9884: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  samba_cv_HAVE_UT_UT_TV=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  samba_cv_HAVE_UT_UT_TV=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$samba_cv_HAVE_UT_UT_TV" 1>&6
+if test x"$samba_cv_HAVE_UT_UT_TV" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_UT_UT_TV 1
+EOF
+
+fi 
+
+echo $ac_n "checking for ut_type in utmp""... $ac_c" 1>&6
+echo "configure:9905: checking for ut_type in utmp" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_TYPE'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 9911 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <utmp.h>
+int main() {
+struct utmp ut;  ut.ut_type = 0;
+; return 0; }
+EOF
+if { (eval echo configure:9919: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  samba_cv_HAVE_UT_UT_TYPE=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  samba_cv_HAVE_UT_UT_TYPE=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$samba_cv_HAVE_UT_UT_TYPE" 1>&6
+if test x"$samba_cv_HAVE_UT_UT_TYPE" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_UT_UT_TYPE 1
+EOF
+
+fi 
+
+echo $ac_n "checking for ut_pid in utmp""... $ac_c" 1>&6
+echo "configure:9940: checking for ut_pid in utmp" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_PID'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 9946 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <utmp.h>
+int main() {
+struct utmp ut;  ut.ut_pid = 0;
+; return 0; }
+EOF
+if { (eval echo configure:9954: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  samba_cv_HAVE_UT_UT_PID=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  samba_cv_HAVE_UT_UT_PID=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$samba_cv_HAVE_UT_UT_PID" 1>&6
+if test x"$samba_cv_HAVE_UT_UT_PID" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_UT_UT_PID 1
+EOF
+
+fi 
+
+echo $ac_n "checking for ut_exit in utmp""... $ac_c" 1>&6
+echo "configure:9975: checking for ut_exit in utmp" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_EXIT'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 9981 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <utmp.h>
+int main() {
+struct utmp ut;  ut.ut_exit.e_exit = 0;
+; return 0; }
+EOF
+if { (eval echo configure:9989: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  samba_cv_HAVE_UT_UT_EXIT=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  samba_cv_HAVE_UT_UT_EXIT=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$samba_cv_HAVE_UT_UT_EXIT" 1>&6
+if test x"$samba_cv_HAVE_UT_UT_EXIT" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_UT_UT_EXIT 1
+EOF
+
+fi 
+
+echo $ac_n "checking for ut_addr in utmp""... $ac_c" 1>&6
+echo "configure:10010: checking for ut_addr in utmp" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_ADDR'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 10016 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <utmp.h>
+int main() {
+struct utmp ut;  ut.ut_addr = 0;
+; return 0; }
+EOF
+if { (eval echo configure:10024: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  samba_cv_HAVE_UT_UT_ADDR=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  samba_cv_HAVE_UT_UT_ADDR=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$samba_cv_HAVE_UT_UT_ADDR" 1>&6
+if test x"$samba_cv_HAVE_UT_UT_ADDR" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_UT_UT_ADDR 1
+EOF
+
+fi 
+
+if test x$ac_cv_func_pututline = xyes ; then
+  echo $ac_n "checking whether pututline returns pointer""... $ac_c" 1>&6
+echo "configure:10046: checking whether pututline returns pointer" >&5
+if eval "test \"`echo '$''{'samba_cv_PUTUTLINE_RETURNS_UTMP'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+  cat > conftest.$ac_ext <<EOF
+#line 10052 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <utmp.h>
+int main() {
+struct utmp utarg; struct utmp *utreturn; utreturn = pututline(&utarg);
+; return 0; }
+EOF
+if { (eval echo configure:10060: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  samba_cv_PUTUTLINE_RETURNS_UTMP=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  samba_cv_PUTUTLINE_RETURNS_UTMP=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$samba_cv_PUTUTLINE_RETURNS_UTMP" 1>&6
+  if test x"$samba_cv_PUTUTLINE_RETURNS_UTMP" = x"yes"; then
+      cat >> confdefs.h <<\EOF
+#define PUTUTLINE_RETURNS_UTMP 1
+EOF
+
+  fi
+fi
+
+echo $ac_n "checking for ut_syslen in utmpx""... $ac_c" 1>&6
+echo "configure:10082: checking for ut_syslen in utmpx" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_UX_UT_SYSLEN'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 10088 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <utmpx.h>
+int main() {
+struct utmpx ux;  ux.ut_syslen = 0;
+; return 0; }
+EOF
+if { (eval echo configure:10096: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  samba_cv_HAVE_UX_UT_SYSLEN=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  samba_cv_HAVE_UX_UT_SYSLEN=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$samba_cv_HAVE_UX_UT_SYSLEN" 1>&6
+if test x"$samba_cv_HAVE_UX_UT_SYSLEN" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_UX_UT_SYSLEN 1
+EOF
+
+fi 
+
+
+#################################################
+# check for libiconv support
+echo $ac_n "checking whether to use libiconv""... $ac_c" 1>&6
+echo "configure:10120: checking whether to use libiconv" >&5
+# Check whether --with-libiconv or --without-libiconv was given.
+if test "${with_libiconv+set}" = set; then
+  withval="$with_libiconv"
+   case "$withval" in
+  no)
+    echo "$ac_t""no" 1>&6
+    ;;
+  *)
+    echo "$ac_t""yes" 1>&6
+    CFLAGS="$CFLAGS -I$withval/include"
+    LDFLAGS="$LDFLAGS -L$withval/lib"
+    echo $ac_n "checking for iconv_open in -liconv""... $ac_c" 1>&6
+echo "configure:10133: checking for iconv_open in -liconv" >&5
+ac_lib_var=`echo iconv'_'iconv_open | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-liconv  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 10141 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char iconv_open();
+
+int main() {
+iconv_open()
+; return 0; }
+EOF
+if { (eval echo configure:10152: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_lib=HAVE_LIB`echo iconv | sed -e 's/[^a-zA-Z0-9_]/_/g' \
+    -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+  LIBS="-liconv $LIBS"
+
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+    cat >> confdefs.h <<EOF
+#define WITH_LIBICONV "${withval}"
+EOF
+
+    ;;
+  esac 
+else
+  echo "$ac_t""no" 1>&6
+
+fi
+
+
+
+############
+# check for iconv in libc
+echo $ac_n "checking for working iconv""... $ac_c" 1>&6
+echo "configure:10195: checking for working iconv" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_NATIVE_ICONV'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if test "$cross_compiling" = yes; then
+  samba_cv_HAVE_NATIVE_ICONV=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 10204 "configure"
+#include "confdefs.h"
+
+#include <iconv.h>
+main() {
+       iconv_t cd = iconv_open("ASCII", "UCS-2LE");
+       if (cd == 0 || cd == (iconv_t)-1) return -1;
+       return 0;
+}
+
+EOF
+if { (eval echo configure:10215: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  samba_cv_HAVE_NATIVE_ICONV=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  samba_cv_HAVE_NATIVE_ICONV=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$samba_cv_HAVE_NATIVE_ICONV" 1>&6
+if test x"$samba_cv_HAVE_NATIVE_ICONV" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_NATIVE_ICONV 1
+EOF
+
+fi
+
+
+echo $ac_n "checking for Linux kernel oplocks""... $ac_c" 1>&6
+echo "configure:10239: checking for Linux kernel oplocks" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_KERNEL_OPLOCKS_LINUX'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if test "$cross_compiling" = yes; then
+  samba_cv_HAVE_KERNEL_OPLOCKS_LINUX=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 10248 "configure"
+#include "confdefs.h"
+
+#include <sys/types.h>
+#include <fcntl.h>
+#ifndef F_GETLEASE
+#define F_GETLEASE	1025
+#endif
+main() {
+       int fd = open("/dev/null", O_RDONLY);
+       return fcntl(fd, F_GETLEASE, 0) == -1;
+}
+
+EOF
+if { (eval echo configure:10262: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  samba_cv_HAVE_KERNEL_OPLOCKS_LINUX=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  samba_cv_HAVE_KERNEL_OPLOCKS_LINUX=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$samba_cv_HAVE_KERNEL_OPLOCKS_LINUX" 1>&6
+if test x"$samba_cv_HAVE_KERNEL_OPLOCKS_LINUX" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_KERNEL_OPLOCKS_LINUX 1
+EOF
+
+fi
+
+echo $ac_n "checking for kernel change notify support""... $ac_c" 1>&6
+echo "configure:10285: checking for kernel change notify support" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_KERNEL_CHANGE_NOTIFY'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if test "$cross_compiling" = yes; then
+  samba_cv_HAVE_KERNEL_CHANGE_NOTIFY=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 10294 "configure"
+#include "confdefs.h"
+
+#include <sys/types.h>
+#include <fcntl.h>
+#include <signal.h>
+#ifndef F_NOTIFY
+#define F_NOTIFY 1026
+#endif
+main() {
+       	exit(fcntl(open("/tmp", O_RDONLY), F_NOTIFY, 0) == -1 ?  1 : 0);
+}
+
+EOF
+if { (eval echo configure:10308: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  samba_cv_HAVE_KERNEL_CHANGE_NOTIFY=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  samba_cv_HAVE_KERNEL_CHANGE_NOTIFY=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$samba_cv_HAVE_KERNEL_CHANGE_NOTIFY" 1>&6
+if test x"$samba_cv_HAVE_KERNEL_CHANGE_NOTIFY" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_KERNEL_CHANGE_NOTIFY 1
+EOF
+
+fi
+
+echo $ac_n "checking for kernel share modes""... $ac_c" 1>&6
+echo "configure:10331: checking for kernel share modes" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_KERNEL_SHARE_MODES'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if test "$cross_compiling" = yes; then
+  samba_cv_HAVE_KERNEL_SHARE_MODES=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 10340 "configure"
+#include "confdefs.h"
+
+#include <sys/types.h>
+#include <fcntl.h>
+#include <signal.h>
+#include <sys/file.h>
+#ifndef LOCK_MAND
+#define LOCK_MAND	32
+#define LOCK_READ	64
+#endif
+main() {
+       	exit(flock(open("/dev/null", O_RDWR), LOCK_MAND|LOCK_READ) != 0);
+}
+
+EOF
+if { (eval echo configure:10356: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  samba_cv_HAVE_KERNEL_SHARE_MODES=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  samba_cv_HAVE_KERNEL_SHARE_MODES=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$samba_cv_HAVE_KERNEL_SHARE_MODES" 1>&6
+if test x"$samba_cv_HAVE_KERNEL_SHARE_MODES" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_KERNEL_SHARE_MODES 1
+EOF
+
+fi
+
+
+
+
+echo $ac_n "checking for IRIX kernel oplock type definitions""... $ac_c" 1>&6
+echo "configure:10382: checking for IRIX kernel oplock type definitions" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_KERNEL_OPLOCKS_IRIX'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 10388 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <fcntl.h>
+int main() {
+oplock_stat_t t; t.os_state = OP_REVOKE; t.os_dev = 1; t.os_ino = 1;
+; return 0; }
+EOF
+if { (eval echo configure:10396: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  samba_cv_HAVE_KERNEL_OPLOCKS_IRIX=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  samba_cv_HAVE_KERNEL_OPLOCKS_IRIX=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$samba_cv_HAVE_KERNEL_OPLOCKS_IRIX" 1>&6
+if test x"$samba_cv_HAVE_KERNEL_OPLOCKS_IRIX" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_KERNEL_OPLOCKS_IRIX 1
+EOF
+
+fi
+
+echo $ac_n "checking for irix specific capabilities""... $ac_c" 1>&6
+echo "configure:10417: checking for irix specific capabilities" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_IRIX_SPECIFIC_CAPABILITIES'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if test "$cross_compiling" = yes; then
+  samba_cv_HAVE_IRIX_SPECIFIC_CAPABILITIES=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 10426 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <sys/capability.h>
+main() {
+ cap_t cap;
+ if ((cap = cap_get_proc()) == NULL)
+   exit(1);
+ cap->cap_effective |= CAP_NETWORK_MGT;
+ cap->cap_inheritable |= CAP_NETWORK_MGT;
+ cap_set_proc(cap);
+ exit(0);
+}
+
+EOF
+if { (eval echo configure:10441: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  samba_cv_HAVE_IRIX_SPECIFIC_CAPABILITIES=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  samba_cv_HAVE_IRIX_SPECIFIC_CAPABILITIES=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$samba_cv_HAVE_IRIX_SPECIFIC_CAPABILITIES" 1>&6
+if test x"$samba_cv_HAVE_IRIX_SPECIFIC_CAPABILITIES" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_IRIX_SPECIFIC_CAPABILITIES 1
+EOF
+
+fi
+
+#
+# Check for int16, uint16, int32 and uint32 in rpc/types.h included from rpc/rpc.h
+# This is *really* broken but some systems (DEC OSF1) do this.... JRA.
+#
+
+echo $ac_n "checking for int16 typedef included by rpc/rpc.h""... $ac_c" 1>&6
+echo "configure:10469: checking for int16 typedef included by rpc/rpc.h" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_INT16_FROM_RPC_RPC_H'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 10475 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#if defined(HAVE_RPC_RPC_H)
+#include <rpc/rpc.h>
+#endif
+int main() {
+int16 testvar;
+; return 0; }
+EOF
+if { (eval echo configure:10485: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  samba_cv_HAVE_INT16_FROM_RPC_RPC_H=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  samba_cv_HAVE_INT16_FROM_RPC_RPC_H=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$samba_cv_HAVE_INT16_FROM_RPC_RPC_H" 1>&6
+if test x"$samba_cv_HAVE_INT16_FROM_RPC_RPC_H" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_INT16_FROM_RPC_RPC_H 1
+EOF
+
+fi
+
+echo $ac_n "checking for uint16 typedef included by rpc/rpc.h""... $ac_c" 1>&6
+echo "configure:10506: checking for uint16 typedef included by rpc/rpc.h" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_UINT16_FROM_RPC_RPC_H'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 10512 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#if defined(HAVE_RPC_RPC_H)
+#include <rpc/rpc.h>
+#endif
+int main() {
+uint16 testvar;
+; return 0; }
+EOF
+if { (eval echo configure:10522: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  samba_cv_HAVE_UINT16_FROM_RPC_RPC_H=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  samba_cv_HAVE_UINT16_FROM_RPC_RPC_H=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$samba_cv_HAVE_UINT16_FROM_RPC_RPC_H" 1>&6
+if test x"$samba_cv_HAVE_UINT16_FROM_RPC_RPC_H" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_UINT16_FROM_RPC_RPC_H 1
+EOF
+
+fi
+
+echo $ac_n "checking for int32 typedef included by rpc/rpc.h""... $ac_c" 1>&6
+echo "configure:10543: checking for int32 typedef included by rpc/rpc.h" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_INT32_FROM_RPC_RPC_H'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 10549 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#if defined(HAVE_RPC_RPC_H)
+#include <rpc/rpc.h>
+#endif
+int main() {
+int32 testvar;
+; return 0; }
+EOF
+if { (eval echo configure:10559: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  samba_cv_HAVE_INT32_FROM_RPC_RPC_H=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  samba_cv_HAVE_INT32_FROM_RPC_RPC_H=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$samba_cv_HAVE_INT32_FROM_RPC_RPC_H" 1>&6
+if test x"$samba_cv_HAVE_INT32_FROM_RPC_RPC_H" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_INT32_FROM_RPC_RPC_H 1
+EOF
+
+fi
+
+echo $ac_n "checking for uint32 typedef included by rpc/rpc.h""... $ac_c" 1>&6
+echo "configure:10580: checking for uint32 typedef included by rpc/rpc.h" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_UINT32_FROM_RPC_RPC_H'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 10586 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#if defined(HAVE_RPC_RPC_H)
+#include <rpc/rpc.h>
+#endif
+int main() {
+uint32 testvar;
+; return 0; }
+EOF
+if { (eval echo configure:10596: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  samba_cv_HAVE_UINT32_FROM_RPC_RPC_H=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  samba_cv_HAVE_UINT32_FROM_RPC_RPC_H=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$samba_cv_HAVE_UINT32_FROM_RPC_RPC_H" 1>&6
+if test x"$samba_cv_HAVE_UINT32_FROM_RPC_RPC_H" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_UINT32_FROM_RPC_RPC_H 1
+EOF
+
+fi
+
+
+echo $ac_n "checking for conflicting AUTH_ERROR define in rpc/rpc.h""... $ac_c" 1>&6
+echo "configure:10618: checking for conflicting AUTH_ERROR define in rpc/rpc.h" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_RPC_AUTH_ERROR_CONFLICT'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 10624 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#ifdef HAVE_SYS_SECURITY_H
+#include <sys/security.h>
+#include <prot.h>
+#endif  /* HAVE_SYS_SECURITY_H */
+#if defined(HAVE_RPC_RPC_H)
+#include <rpc/rpc.h>
+#endif
+int main() {
+int testvar;
+; return 0; }
+EOF
+if { (eval echo configure:10638: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  samba_cv_HAVE_RPC_AUTH_ERROR_CONFLICT=no
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  samba_cv_HAVE_RPC_AUTH_ERROR_CONFLICT=yes
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$samba_cv_HAVE_RPC_AUTH_ERROR_CONFLICT" 1>&6
+if test x"$samba_cv_HAVE_RPC_AUTH_ERROR_CONFLICT" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_RPC_AUTH_ERROR_CONFLICT 1
+EOF
+
+fi
+
+echo $ac_n "checking for test routines""... $ac_c" 1>&6
+echo "configure:10659: checking for test routines" >&5
+if test "$cross_compiling" = yes; then
+  echo "configure: warning: cannot run when cross-compiling" 1>&2
+else
+  cat > conftest.$ac_ext <<EOF
+#line 10664 "configure"
+#include "confdefs.h"
+#include "${srcdir-.}/tests/trivial.c"
+EOF
+if { (eval echo configure:10668: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  echo "$ac_t""yes" 1>&6
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  { echo "configure: error: cant find test code. Aborting config" 1>&2; exit 1; }
+fi
+rm -fr conftest*
+fi
+
+
+echo $ac_n "checking for ftruncate extend""... $ac_c" 1>&6
+echo "configure:10682: checking for ftruncate extend" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_FTRUNCATE_EXTEND'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if test "$cross_compiling" = yes; then
+  samba_cv_HAVE_FTRUNCATE_EXTEND=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 10691 "configure"
+#include "confdefs.h"
+#include "${srcdir-.}/tests/ftruncate.c"
+EOF
+if { (eval echo configure:10695: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  samba_cv_HAVE_FTRUNCATE_EXTEND=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  samba_cv_HAVE_FTRUNCATE_EXTEND=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$samba_cv_HAVE_FTRUNCATE_EXTEND" 1>&6
+if test x"$samba_cv_HAVE_FTRUNCATE_EXTEND" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_FTRUNCATE_EXTEND 1
+EOF
+
+fi
+
+echo $ac_n "checking for AF_LOCAL socket support""... $ac_c" 1>&6
+echo "configure:10718: checking for AF_LOCAL socket support" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_WORKING_AF_LOCAL'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if test "$cross_compiling" = yes; then
+  samba_cv_HAVE_WORKING_AF_LOCAL=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 10727 "configure"
+#include "confdefs.h"
+#include "${srcdir-.}/tests/unixsock.c"
+EOF
+if { (eval echo configure:10731: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  samba_cv_HAVE_WORKING_AF_LOCAL=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  samba_cv_HAVE_WORKING_AF_LOCAL=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$samba_cv_HAVE_WORKING_AF_LOCAL" 1>&6
+if test x"$samba_cv_HAVE_WORKING_AF_LOCAL" != xno
+then
+    cat >> confdefs.h <<\EOF
+#define HAVE_WORKING_AF_LOCAL 1
+EOF
+
+fi
+
+echo $ac_n "checking for broken getgroups""... $ac_c" 1>&6
+echo "configure:10755: checking for broken getgroups" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_BROKEN_GETGROUPS'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if test "$cross_compiling" = yes; then
+  samba_cv_HAVE_BROKEN_GETGROUPS=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 10764 "configure"
+#include "confdefs.h"
+#include "${srcdir-.}/tests/getgroups.c"
+EOF
+if { (eval echo configure:10768: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  samba_cv_HAVE_BROKEN_GETGROUPS=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  samba_cv_HAVE_BROKEN_GETGROUPS=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$samba_cv_HAVE_BROKEN_GETGROUPS" 1>&6
+if test x"$samba_cv_HAVE_BROKEN_GETGROUPS" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_BROKEN_GETGROUPS 1
+EOF
+
+fi
+
+echo $ac_n "checking whether getpass should be replaced""... $ac_c" 1>&6
+echo "configure:10791: checking whether getpass should be replaced" >&5
+if eval "test \"`echo '$''{'samba_cv_REPLACE_GETPASS'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+SAVE_CPPFLAGS="$CPPFLAGS"
+CPPFLAGS="$CPPFLAGS -I${srcdir-.}/ -I${srcdir-.}/include -I${srcdir-.}/ubiqx -I${srcdir-.}/smbwrapper"
+cat > conftest.$ac_ext <<EOF
+#line 10799 "configure"
+#include "confdefs.h"
+
+#define REPLACE_GETPASS 1
+#define NO_CONFIG_H 1
+#define main dont_declare_main
+#include "${srcdir-.}/lib/getsmbpass.c"
+#undef main
+
+int main() {
+
+; return 0; }
+EOF
+if { (eval echo configure:10812: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  samba_cv_REPLACE_GETPASS=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  samba_cv_REPLACE_GETPASS=no
+fi
+rm -f conftest*
+CPPFLAGS="$SAVE_CPPFLAGS"
+
+fi
+
+echo "$ac_t""$samba_cv_REPLACE_GETPASS" 1>&6
+if test x"$samba_cv_REPLACE_GETPASS" = x"yes"; then
+	cat >> confdefs.h <<\EOF
+#define REPLACE_GETPASS 1
+EOF
+
+fi
+
+echo $ac_n "checking for broken inet_ntoa""... $ac_c" 1>&6
+echo "configure:10835: checking for broken inet_ntoa" >&5
+if eval "test \"`echo '$''{'samba_cv_REPLACE_INET_NTOA'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if test "$cross_compiling" = yes; then
+  samba_cv_REPLACE_INET_NTOA=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 10844 "configure"
+#include "confdefs.h"
+
+#include <stdio.h>
+#include <sys/types.h>
+#include <netinet/in.h>
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+main() { struct in_addr ip; ip.s_addr = 0x12345678;
+if (strcmp(inet_ntoa(ip),"18.52.86.120") &&
+    strcmp(inet_ntoa(ip),"120.86.52.18")) { exit(0); } 
+exit(1);}
+EOF
+if { (eval echo configure:10858: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  samba_cv_REPLACE_INET_NTOA=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  samba_cv_REPLACE_INET_NTOA=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$samba_cv_REPLACE_INET_NTOA" 1>&6
+if test x"$samba_cv_REPLACE_INET_NTOA" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define REPLACE_INET_NTOA 1
+EOF
+
+fi
+
+echo $ac_n "checking for secure mkstemp""... $ac_c" 1>&6
+echo "configure:10881: checking for secure mkstemp" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_SECURE_MKSTEMP'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if test "$cross_compiling" = yes; then
+  samba_cv_HAVE_SECURE_MKSTEMP=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 10890 "configure"
+#include "confdefs.h"
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+main() { 
+  struct stat st;
+  char tpl[20]="/tmp/test.XXXXXX"; 
+  int fd = mkstemp(tpl); 
+  if (fd == -1) exit(1);
+  unlink(tpl);
+  if (fstat(fd, &st) != 0) exit(1);
+  if ((st.st_mode & 0777) != 0600) exit(1);
+  exit(0);
+}
+EOF
+if { (eval echo configure:10907: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  samba_cv_HAVE_SECURE_MKSTEMP=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  samba_cv_HAVE_SECURE_MKSTEMP=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$samba_cv_HAVE_SECURE_MKSTEMP" 1>&6
+if test x"$samba_cv_HAVE_SECURE_MKSTEMP" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_SECURE_MKSTEMP 1
+EOF
+
+fi
+
+echo $ac_n "checking for sysconf(_SC_NGROUPS_MAX)""... $ac_c" 1>&6
+echo "configure:10930: checking for sysconf(_SC_NGROUPS_MAX)" >&5
+if eval "test \"`echo '$''{'samba_cv_SYSCONF_SC_NGROUPS_MAX'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if test "$cross_compiling" = yes; then
+  samba_cv_SYSCONF_SC_NGROUPS_MAX=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 10939 "configure"
+#include "confdefs.h"
+#include <unistd.h>
+main() { exit(sysconf(_SC_NGROUPS_MAX) == -1 ? 1 : 0); }
+EOF
+if { (eval echo configure:10944: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  samba_cv_SYSCONF_SC_NGROUPS_MAX=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  samba_cv_SYSCONF_SC_NGROUPS_MAX=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$samba_cv_SYSCONF_SC_NGROUPS_MAX" 1>&6
+if test x"$samba_cv_SYSCONF_SC_NGROUPS_MAX" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define SYSCONF_SC_NGROUPS_MAX 1
+EOF
+
+fi
+
+echo $ac_n "checking for root""... $ac_c" 1>&6
+echo "configure:10967: checking for root" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_ROOT'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if test "$cross_compiling" = yes; then
+  samba_cv_HAVE_ROOT=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 10976 "configure"
+#include "confdefs.h"
+main() { exit(getuid() != 0); }
+EOF
+if { (eval echo configure:10980: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  samba_cv_HAVE_ROOT=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  samba_cv_HAVE_ROOT=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$samba_cv_HAVE_ROOT" 1>&6
+if test x"$samba_cv_HAVE_ROOT" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_ROOT 1
+EOF
+
+else
+    echo "configure: warning: running as non-root will disable some tests" 1>&2
+fi
+
+##################
+# look for a method of finding the list of network interfaces
+iface=no;
+echo $ac_n "checking for iface AIX""... $ac_c" 1>&6
+echo "configure:11008: checking for iface AIX" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_IFACE_AIX'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if test "$cross_compiling" = yes; then
+  samba_cv_HAVE_IFACE_AIX=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 11017 "configure"
+#include "confdefs.h"
+
+#define HAVE_IFACE_AIX 1
+#define AUTOCONF_TEST 1
+#include "confdefs.h"
+#include "${srcdir-.}/lib/interfaces.c"
+EOF
+if { (eval echo configure:11025: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  samba_cv_HAVE_IFACE_AIX=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  samba_cv_HAVE_IFACE_AIX=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$samba_cv_HAVE_IFACE_AIX" 1>&6
+if test x"$samba_cv_HAVE_IFACE_AIX" = x"yes"; then
+    iface=yes;cat >> confdefs.h <<\EOF
+#define HAVE_IFACE_AIX 1
+EOF
+
+fi
+
+if test $iface = no; then
+echo $ac_n "checking for iface ifconf""... $ac_c" 1>&6
+echo "configure:11049: checking for iface ifconf" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_IFACE_IFCONF'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if test "$cross_compiling" = yes; then
+  samba_cv_HAVE_IFACE_IFCONF=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 11058 "configure"
+#include "confdefs.h"
+
+#define HAVE_IFACE_IFCONF 1
+#define AUTOCONF_TEST 1
+#include "confdefs.h"
+#include "${srcdir-.}/lib/interfaces.c"
+EOF
+if { (eval echo configure:11066: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  samba_cv_HAVE_IFACE_IFCONF=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  samba_cv_HAVE_IFACE_IFCONF=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$samba_cv_HAVE_IFACE_IFCONF" 1>&6
+if test x"$samba_cv_HAVE_IFACE_IFCONF" = x"yes"; then
+    iface=yes;cat >> confdefs.h <<\EOF
+#define HAVE_IFACE_IFCONF 1
+EOF
+
+fi
+fi
+
+if test $iface = no; then
+echo $ac_n "checking for iface ifreq""... $ac_c" 1>&6
+echo "configure:11091: checking for iface ifreq" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_IFACE_IFREQ'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if test "$cross_compiling" = yes; then
+  samba_cv_HAVE_IFACE_IFREQ=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 11100 "configure"
+#include "confdefs.h"
+
+#define HAVE_IFACE_IFREQ 1
+#define AUTOCONF_TEST 1
+#include "confdefs.h"
+#include "${srcdir-.}/lib/interfaces.c"
+EOF
+if { (eval echo configure:11108: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  samba_cv_HAVE_IFACE_IFREQ=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  samba_cv_HAVE_IFACE_IFREQ=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$samba_cv_HAVE_IFACE_IFREQ" 1>&6
+if test x"$samba_cv_HAVE_IFACE_IFREQ" = x"yes"; then
+    iface=yes;cat >> confdefs.h <<\EOF
+#define HAVE_IFACE_IFREQ 1
+EOF
+
+fi
+fi
+
+
+################################################
+# look for a method of setting the effective uid
+seteuid=no;
+if test $seteuid = no; then
+echo $ac_n "checking for setresuid""... $ac_c" 1>&6
+echo "configure:11137: checking for setresuid" >&5
+if eval "test \"`echo '$''{'samba_cv_USE_SETRESUID'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if test "$cross_compiling" = yes; then
+  samba_cv_USE_SETRESUID=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 11146 "configure"
+#include "confdefs.h"
+
+#define AUTOCONF_TEST 1
+#define USE_SETRESUID 1
+#include "confdefs.h"
+#include "${srcdir-.}/lib/util_sec.c"
+EOF
+if { (eval echo configure:11154: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  samba_cv_USE_SETRESUID=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  samba_cv_USE_SETRESUID=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$samba_cv_USE_SETRESUID" 1>&6
+if test x"$samba_cv_USE_SETRESUID" = x"yes"; then
+    seteuid=yes;cat >> confdefs.h <<\EOF
+#define USE_SETRESUID 1
+EOF
+
+fi
+fi
+
+
+if test $seteuid = no; then
+echo $ac_n "checking for setreuid""... $ac_c" 1>&6
+echo "configure:11180: checking for setreuid" >&5
+if eval "test \"`echo '$''{'samba_cv_USE_SETREUID'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if test "$cross_compiling" = yes; then
+  samba_cv_USE_SETREUID=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 11189 "configure"
+#include "confdefs.h"
+
+#define AUTOCONF_TEST 1
+#define USE_SETREUID 1
+#include "confdefs.h"
+#include "${srcdir-.}/lib/util_sec.c"
+EOF
+if { (eval echo configure:11197: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  samba_cv_USE_SETREUID=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  samba_cv_USE_SETREUID=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$samba_cv_USE_SETREUID" 1>&6
+if test x"$samba_cv_USE_SETREUID" = x"yes"; then
+    seteuid=yes;cat >> confdefs.h <<\EOF
+#define USE_SETREUID 1
+EOF
+
+fi
+fi
+
+if test $seteuid = no; then
+echo $ac_n "checking for seteuid""... $ac_c" 1>&6
+echo "configure:11222: checking for seteuid" >&5
+if eval "test \"`echo '$''{'samba_cv_USE_SETEUID'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if test "$cross_compiling" = yes; then
+  samba_cv_USE_SETEUID=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 11231 "configure"
+#include "confdefs.h"
+
+#define AUTOCONF_TEST 1
+#define USE_SETEUID 1
+#include "confdefs.h"
+#include "${srcdir-.}/lib/util_sec.c"
+EOF
+if { (eval echo configure:11239: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  samba_cv_USE_SETEUID=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  samba_cv_USE_SETEUID=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$samba_cv_USE_SETEUID" 1>&6
+if test x"$samba_cv_USE_SETEUID" = x"yes"; then
+    seteuid=yes;cat >> confdefs.h <<\EOF
+#define USE_SETEUID 1
+EOF
+
+fi
+fi
+
+if test $seteuid = no; then
+echo $ac_n "checking for setuidx""... $ac_c" 1>&6
+echo "configure:11264: checking for setuidx" >&5
+if eval "test \"`echo '$''{'samba_cv_USE_SETUIDX'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if test "$cross_compiling" = yes; then
+  samba_cv_USE_SETUIDX=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 11273 "configure"
+#include "confdefs.h"
+
+#define AUTOCONF_TEST 1
+#define USE_SETUIDX 1
+#include "confdefs.h"
+#include "${srcdir-.}/lib/util_sec.c"
+EOF
+if { (eval echo configure:11281: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  samba_cv_USE_SETUIDX=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  samba_cv_USE_SETUIDX=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$samba_cv_USE_SETUIDX" 1>&6
+if test x"$samba_cv_USE_SETUIDX" = x"yes"; then
+    seteuid=yes;cat >> confdefs.h <<\EOF
+#define USE_SETUIDX 1
+EOF
+
+fi
+fi
+
+
+echo $ac_n "checking for working mmap""... $ac_c" 1>&6
+echo "configure:11306: checking for working mmap" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_MMAP'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if test "$cross_compiling" = yes; then
+  samba_cv_HAVE_MMAP=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 11315 "configure"
+#include "confdefs.h"
+#include "${srcdir-.}/tests/shared_mmap.c"
+EOF
+if { (eval echo configure:11319: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  samba_cv_HAVE_MMAP=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  samba_cv_HAVE_MMAP=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$samba_cv_HAVE_MMAP" 1>&6
+if test x"$samba_cv_HAVE_MMAP" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_MMAP 1
+EOF
+
+fi
+
+echo $ac_n "checking for ftruncate needs root""... $ac_c" 1>&6
+echo "configure:11342: checking for ftruncate needs root" >&5
+if eval "test \"`echo '$''{'samba_cv_FTRUNCATE_NEEDS_ROOT'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if test "$cross_compiling" = yes; then
+  samba_cv_FTRUNCATE_NEEDS_ROOT=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 11351 "configure"
+#include "confdefs.h"
+#include "${srcdir-.}/tests/ftruncroot.c"
+EOF
+if { (eval echo configure:11355: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  samba_cv_FTRUNCATE_NEEDS_ROOT=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  samba_cv_FTRUNCATE_NEEDS_ROOT=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$samba_cv_FTRUNCATE_NEEDS_ROOT" 1>&6
+if test x"$samba_cv_FTRUNCATE_NEEDS_ROOT" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define FTRUNCATE_NEEDS_ROOT 1
+EOF
+
+fi
+
+echo $ac_n "checking for fcntl locking""... $ac_c" 1>&6
+echo "configure:11378: checking for fcntl locking" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_FCNTL_LOCK'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if test "$cross_compiling" = yes; then
+  samba_cv_HAVE_FCNTL_LOCK=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 11387 "configure"
+#include "confdefs.h"
+#include "${srcdir-.}/tests/fcntl_lock.c"
+EOF
+if { (eval echo configure:11391: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  samba_cv_HAVE_FCNTL_LOCK=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  samba_cv_HAVE_FCNTL_LOCK=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$samba_cv_HAVE_FCNTL_LOCK" 1>&6
+if test x"$samba_cv_HAVE_FCNTL_LOCK" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_FCNTL_LOCK 1
+EOF
+
+fi
+
+echo $ac_n "checking for broken (glibc2.1/x86) 64 bit fcntl locking""... $ac_c" 1>&6
+echo "configure:11414: checking for broken (glibc2.1/x86) 64 bit fcntl locking" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_BROKEN_FCNTL64_LOCKS'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if test "$cross_compiling" = yes; then
+  samba_cv_HAVE_BROKEN_FCNTL64_LOCKS=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 11423 "configure"
+#include "confdefs.h"
+#include "${srcdir-.}/tests/fcntl_lock64.c"
+EOF
+if { (eval echo configure:11427: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  samba_cv_HAVE_BROKEN_FCNTL64_LOCKS=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  samba_cv_HAVE_BROKEN_FCNTL64_LOCKS=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$samba_cv_HAVE_BROKEN_FCNTL64_LOCKS" 1>&6
+if test x"$samba_cv_HAVE_BROKEN_FCNTL64_LOCKS" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_BROKEN_FCNTL64_LOCKS 1
+EOF
+
+
+else
+
+
+  echo $ac_n "checking for 64 bit fcntl locking""... $ac_c" 1>&6
+echo "configure:11452: checking for 64 bit fcntl locking" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_STRUCT_FLOCK64'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+  if test "$cross_compiling" = yes; then
+  samba_cv_HAVE_STRUCT_FLOCK64=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 11461 "configure"
+#include "confdefs.h"
+
+#if defined(HAVE_UNISTD_H)
+#include <unistd.h>
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+
+#ifdef HAVE_SYS_FCNTL_H
+#include <sys/fcntl.h>
+#endif
+main() { struct flock64 fl64;
+#if defined(F_SETLKW64) && defined(F_SETLK64) && defined(F_GETLK64)
+exit(0);
+#else
+exit(1);
+#endif
+}
+EOF
+if { (eval echo configure:11485: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  samba_cv_HAVE_STRUCT_FLOCK64=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  samba_cv_HAVE_STRUCT_FLOCK64=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$samba_cv_HAVE_STRUCT_FLOCK64" 1>&6
+
+  if test x"$samba_cv_HAVE_STRUCT_FLOCK64" = x"yes"; then
+      cat >> confdefs.h <<\EOF
+#define HAVE_STRUCT_FLOCK64 1
+EOF
+
+  fi
+fi
+
+echo $ac_n "checking for st_blocks in struct stat""... $ac_c" 1>&6
+echo "configure:11510: checking for st_blocks in struct stat" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_STAT_ST_BLOCKS'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 11516 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+int main() {
+struct stat st;  st.st_blocks = 0;
+; return 0; }
+EOF
+if { (eval echo configure:11525: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  samba_cv_HAVE_STAT_ST_BLOCKS=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  samba_cv_HAVE_STAT_ST_BLOCKS=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$samba_cv_HAVE_STAT_ST_BLOCKS" 1>&6
+if test x"$samba_cv_HAVE_STAT_ST_BLOCKS" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_STAT_ST_BLOCKS 1
+EOF
+
+fi 
+
+case "$host_os" in
+*linux*)
+echo $ac_n "checking for broken RedHat 7.2 system header files""... $ac_c" 1>&6
+echo "configure:11548: checking for broken RedHat 7.2 system header files" >&5
+if eval "test \"`echo '$''{'samba_cv_BROKEN_REDHAT_7_SYSTEM_HEADERS'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 11554 "configure"
+#include "confdefs.h"
+
+#ifdef HAVE_SYS_VFS_H
+#include <sys/vfs.h>
+#endif
+#ifdef HAVE_SYS_CAPABILITY_H
+#include <sys/capability.h>
+#endif
+
+int main() {
+int i;
+; return 0; }
+EOF
+if { (eval echo configure:11568: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  samba_cv_BROKEN_REDHAT_7_SYSTEM_HEADERS=no
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  samba_cv_BROKEN_REDHAT_7_SYSTEM_HEADERS=yes
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$samba_cv_BROKEN_REDHAT_7_SYSTEM_HEADERS" 1>&6
+if test x"$samba_cv_BROKEN_REDHAT_7_SYSTEM_HEADERS" = x"yes"; then
+   cat >> confdefs.h <<\EOF
+#define BROKEN_REDHAT_7_SYSTEM_HEADERS 1
+EOF
+
+fi
+;;
+esac
+
+echo $ac_n "checking for broken nisplus include files""... $ac_c" 1>&6
+echo "configure:11591: checking for broken nisplus include files" >&5
+if eval "test \"`echo '$''{'samba_cv_BROKEN_NISPLUS_INCLUDE_FILES'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+cat > conftest.$ac_ext <<EOF
+#line 11597 "configure"
+#include "confdefs.h"
+#include <sys/acl.h>
+#if defined(HAVE_RPCSVC_NIS_H)
+#include <rpcsvc/nis.h>
+#endif
+int main() {
+int i;
+; return 0; }
+EOF
+if { (eval echo configure:11607: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  samba_cv_BROKEN_NISPLUS_INCLUDE_FILES=no
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  samba_cv_BROKEN_NISPLUS_INCLUDE_FILES=yes
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$samba_cv_BROKEN_NISPLUS_INCLUDE_FILES" 1>&6
+if test x"$samba_cv_BROKEN_NISPLUS_INCLUDE_FILES" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define BROKEN_NISPLUS_INCLUDE_FILES 1
+EOF
+
+fi
+
+
+#################################################
+# check for smbwrapper support
+echo $ac_n "checking whether to use smbwrapper""... $ac_c" 1>&6
+echo "configure:11631: checking whether to use smbwrapper" >&5
+# Check whether --with-smbwrapper or --without-smbwrapper was given.
+if test "${with_smbwrapper+set}" = set; then
+  withval="$with_smbwrapper"
+   case "$withval" in
+  yes)
+    echo "$ac_t""yes" 1>&6
+    cat >> confdefs.h <<\EOF
+#define WITH_SMBWRAPPER 1
+EOF
+
+	WRAP="bin/smbsh bin/smbwrapper.$SHLIBEXT"
+
+	if test x$ATTEMPT_WRAP32_BUILD = x; then
+		WRAP32=""
+	else
+			WRAP32=bin/smbwrapper.32.$SHLIBEXT
+	fi
+
+# Conditions under which smbwrapper should not be built.
+
+	if test x$PICFLAG = x; then
+	   echo No support for PIC code - disabling smbwrapper and smbsh
+	   WRAP=""
+	   WRAP32=""
+	elif test x$ac_cv_func_syscall = xno; then
+	   echo "$ac_t""No syscall() -- disabling smbwrapper and smbsh" 1>&6
+	   WRAP=""
+	   WRAP32=""
+	fi
+    ;;
+  *)
+    echo "$ac_t""no" 1>&6
+    ;;
+  esac 
+else
+  echo "$ac_t""no" 1>&6
+
+fi
+
+
+#################################################
+# check for AFS clear-text auth support
+echo $ac_n "checking whether to use AFS clear-text auth""... $ac_c" 1>&6
+echo "configure:11675: checking whether to use AFS clear-text auth" >&5
+# Check whether --with-afs or --without-afs was given.
+if test "${with_afs+set}" = set; then
+  withval="$with_afs"
+   case "$withval" in
+  yes)
+    echo "$ac_t""yes" 1>&6
+    cat >> confdefs.h <<\EOF
+#define WITH_AFS 1
+EOF
+
+    ;;
+  *)
+    echo "$ac_t""no" 1>&6
+    ;;
+  esac 
+else
+  echo "$ac_t""no" 1>&6
+
+fi
+
+
+
+#################################################
+# check for the DFS clear-text auth system
+echo $ac_n "checking whether to use DFS clear-text auth""... $ac_c" 1>&6
+echo "configure:11701: checking whether to use DFS clear-text auth" >&5
+# Check whether --with-dfs or --without-dfs was given.
+if test "${with_dfs+set}" = set; then
+  withval="$with_dfs"
+   case "$withval" in
+  yes)
+    echo "$ac_t""yes" 1>&6
+    cat >> confdefs.h <<\EOF
+#define WITH_DFS 1
+EOF
+
+    ;;
+  *)
+    echo "$ac_t""no" 1>&6
+    ;;
+  esac 
+else
+  echo "$ac_t""no" 1>&6
+
+fi
+
+
+
+#################################################
+# see if this box has the RedHat location for kerberos
+echo $ac_n "checking for /usr/kerberos""... $ac_c" 1>&6
+echo "configure:11727: checking for /usr/kerberos" >&5
+if test -d /usr/kerberos; then
+    LDFLAGS="$LDFLAGS -L/usr/kerberos/lib"
+    CFLAGS="$CFLAGS -I/usr/kerberos/include"
+    CPPFLAGS="$CPPFLAGS -I/usr/kerberos/include"
+    echo "$ac_t""yes" 1>&6
+else
+    echo "$ac_t""no" 1>&6
+fi
+
+#################################################
+# check for location of Kerberos 5 install
+echo $ac_n "checking for kerberos 5 install path""... $ac_c" 1>&6
+echo "configure:11740: checking for kerberos 5 install path" >&5
+# Check whether --with-krb5 or --without-krb5 was given.
+if test "${with_krb5+set}" = set; then
+  withval="$with_krb5"
+   case "$withval" in
+  no)
+    echo "$ac_t""no" 1>&6
+    ;;
+  *)
+    echo "$ac_t""yes" 1>&6
+    LIBS="$LIBS -lkrb5"
+    CFLAGS="$CFLAGS -I$withval/include"
+    CPPFLAGS="$CPPFLAGS -I$withval/include"
+    LDFLAGS="$LDFLAGS -L$withval/lib"
+    ;;
+  esac 
+else
+  echo "$ac_t""no" 1>&6
+
+fi
+
+
+# now check for krb5.h. Some systems have the libraries without the headers!
+# note that this check is done here to allow for different kerberos
+# include paths
+for ac_hdr in krb5.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:11769: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 11774 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:11779: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+if test -z "$ac_err"; then
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=yes"
+else
+  echo "$ac_err" >&5
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+
+# now check for gssapi headers.  This is also done here to allow for
+# different kerberos include paths
+for ac_hdr in gssapi/gssapi_generic.h gssapi/gssapi.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:11812: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 11817 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:11822: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+if test -z "$ac_err"; then
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=yes"
+else
+  echo "$ac_err" >&5
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+
+##################################################################
+# we might need the k5crypto and com_err libraries on some systems
+echo $ac_n "checking for _et_list in -lcom_err""... $ac_c" 1>&6
+echo "configure:11852: checking for _et_list in -lcom_err" >&5
+ac_lib_var=`echo com_err'_'_et_list | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lcom_err  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 11860 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char _et_list();
+
+int main() {
+_et_list()
+; return 0; }
+EOF
+if { (eval echo configure:11871: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  LIBS="$LIBS -lcom_err"
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+echo $ac_n "checking for krb5_encrypt_data in -lk5crypto""... $ac_c" 1>&6
+echo "configure:11892: checking for krb5_encrypt_data in -lk5crypto" >&5
+ac_lib_var=`echo k5crypto'_'krb5_encrypt_data | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lk5crypto  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 11900 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char krb5_encrypt_data();
+
+int main() {
+krb5_encrypt_data()
+; return 0; }
+EOF
+if { (eval echo configure:11911: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  LIBS="$LIBS -lk5crypto"
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+
+########################################################
+# now see if we can find the krb5 libs in standard paths
+# or as specified above
+echo $ac_n "checking for krb5_mk_req_extended in -lkrb5""... $ac_c" 1>&6
+echo "configure:11936: checking for krb5_mk_req_extended in -lkrb5" >&5
+ac_lib_var=`echo krb5'_'krb5_mk_req_extended | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lkrb5  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 11944 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char krb5_mk_req_extended();
+
+int main() {
+krb5_mk_req_extended()
+; return 0; }
+EOF
+if { (eval echo configure:11955: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  LIBS="$LIBS -lkrb5";
+	cat >> confdefs.h <<\EOF
+#define HAVE_KRB5 1
+EOF
+
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+
+########################################################
+# now see if we can find the gssapi libs in standard paths
+echo $ac_n "checking for gss_display_status in -lgssapi_krb5""... $ac_c" 1>&6
+echo "configure:11983: checking for gss_display_status in -lgssapi_krb5" >&5
+ac_lib_var=`echo gssapi_krb5'_'gss_display_status | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lgssapi_krb5  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 11991 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char gss_display_status();
+
+int main() {
+gss_display_status()
+; return 0; }
+EOF
+if { (eval echo configure:12002: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  LIBS="$LIBS -lgssapi_krb5";
+	cat >> confdefs.h <<\EOF
+#define HAVE_GSSAPI 1
+EOF
+
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+
+##################################################################
+# we might need the lber lib on some systems. To avoid link errors
+# this test must be before the libldap test
+echo $ac_n "checking for ber_scanf in -llber""... $ac_c" 1>&6
+echo "configure:12031: checking for ber_scanf in -llber" >&5
+ac_lib_var=`echo lber'_'ber_scanf | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-llber  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 12039 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char ber_scanf();
+
+int main() {
+ber_scanf()
+; return 0; }
+EOF
+if { (eval echo configure:12050: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  LIBS="$LIBS -llber"
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+
+########################################################
+# now see if we can find the ldap libs in standard paths
+if test x$have_ldap != xyes; then
+echo $ac_n "checking for ldap_domain2hostlist in -lldap""... $ac_c" 1>&6
+echo "configure:12075: checking for ldap_domain2hostlist in -lldap" >&5
+ac_lib_var=`echo ldap'_'ldap_domain2hostlist | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lldap  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 12083 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char ldap_domain2hostlist();
+
+int main() {
+ldap_domain2hostlist()
+; return 0; }
+EOF
+if { (eval echo configure:12094: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  LIBS="$LIBS -lldap";
+	cat >> confdefs.h <<\EOF
+#define HAVE_LDAP 1
+EOF
+
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+fi
+
+#################################################
+# check for automount support
+echo $ac_n "checking whether to use AUTOMOUNT""... $ac_c" 1>&6
+echo "configure:12123: checking whether to use AUTOMOUNT" >&5
+# Check whether --with-automount or --without-automount was given.
+if test "${with_automount+set}" = set; then
+  withval="$with_automount"
+   case "$withval" in
+  yes)
+    echo "$ac_t""yes" 1>&6
+    cat >> confdefs.h <<\EOF
+#define WITH_AUTOMOUNT 1
+EOF
+
+    ;;
+  *)
+    echo "$ac_t""no" 1>&6
+    ;;
+  esac 
+else
+  echo "$ac_t""no" 1>&6
+
+fi
+
+
+#################################################
+# check for smbmount support
+echo $ac_n "checking whether to use SMBMOUNT""... $ac_c" 1>&6
+echo "configure:12148: checking whether to use SMBMOUNT" >&5
+# Check whether --with-smbmount or --without-smbmount was given.
+if test "${with_smbmount+set}" = set; then
+  withval="$with_smbmount"
+   case "$withval" in
+  yes)
+	case "$host_os" in
+	*linux*)
+		echo "$ac_t""yes" 1>&6
+		cat >> confdefs.h <<\EOF
+#define WITH_SMBMOUNT 1
+EOF
+
+		MPROGS="bin/smbmount bin/smbmnt bin/smbumount"
+		;;
+	*)
+		{ echo "configure: error: not on a linux system!" 1>&2; exit 1; }
+		;;
+	esac
+    ;;
+  *)
+    echo "$ac_t""no" 1>&6
+    MPROGS=
+    ;;
+  esac 
+else
+  echo "$ac_t""no" 1>&6
+  MPROGS=
+
+fi
+
+
+
+#################################################
+# check for a PAM clear-text auth, accounts, password and session support
+with_pam_for_crypt=no
+echo $ac_n "checking whether to use PAM""... $ac_c" 1>&6
+echo "configure:12185: checking whether to use PAM" >&5
+# Check whether --with-pam or --without-pam was given.
+if test "${with_pam+set}" = set; then
+  withval="$with_pam"
+   case "$withval" in
+  yes)
+    echo "$ac_t""yes" 1>&6
+    cat >> confdefs.h <<\EOF
+#define WITH_PAM 1
+EOF
+
+    LIBS="$LIBS -lpam"
+    with_pam_for_crypt=yes
+    ;;
+  *)
+    echo "$ac_t""no" 1>&6
+    ;;
+  esac 
+else
+  echo "$ac_t""no" 1>&6
+
+fi
+
+
+# we can't build a pam module if we don't have pam.
+echo $ac_n "checking for pam_get_data in -lpam""... $ac_c" 1>&6
+echo "configure:12211: checking for pam_get_data in -lpam" >&5
+ac_lib_var=`echo pam'_'pam_get_data | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lpam  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 12219 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char pam_get_data();
+
+int main() {
+pam_get_data()
+; return 0; }
+EOF
+if { (eval echo configure:12230: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  cat >> confdefs.h <<\EOF
+#define HAVE_LIBPAM 1
+EOF
+
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+
+#################################################
+# check for pam_smbpass support
+echo $ac_n "checking whether to use pam_smbpass""... $ac_c" 1>&6
+echo "configure:12257: checking whether to use pam_smbpass" >&5
+# Check whether --with-pam_smbpass or --without-pam_smbpass was given.
+if test "${with_pam_smbpass+set}" = set; then
+  withval="$with_pam_smbpass"
+   case "$withval" in
+  yes)
+    echo "$ac_t""yes" 1>&6
+
+# Conditions under which pam_smbpass should not be built.
+
+       if test x$PICFLAG = x; then
+          echo "$ac_t""No support for PIC code - disabling pam_smbpass" 1>&6
+          PAM_MOD=""
+       elif test x$ac_cv_lib_pam_pam_get_data = xno; then
+          echo "$ac_t""No libpam found -- disabling pam_smbpass" 1>&6
+          PAM_MOD=""
+       else
+          PAM_MOD="bin/pam_smbpass.so"
+       fi
+    ;;
+  *)
+    echo "$ac_t""no" 1>&6
+    ;;
+  esac 
+else
+  echo "$ac_t""no" 1>&6
+
+fi
+
+
+
+###############################################
+# test for where we get crypt() from, but only
+# if not using PAM
+if test $with_pam_for_crypt = no; then
+for ac_func in crypt
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:12295: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 12300 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:12323: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+if test x"$ac_cv_func_crypt" = x"no"; then
+    echo $ac_n "checking for crypt in -lcrypt""... $ac_c" 1>&6
+echo "configure:12349: checking for crypt in -lcrypt" >&5
+ac_lib_var=`echo crypt'_'crypt | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lcrypt  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 12357 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char crypt();
+
+int main() {
+crypt()
+; return 0; }
+EOF
+if { (eval echo configure:12368: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  LIBS="$LIBS -lcrypt";
+	cat >> confdefs.h <<\EOF
+#define HAVE_CRYPT 1
+EOF
+
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+fi
+fi
+
+##
+## moved after the check for -lcrypt in order to
+## ensure that the necessary libraries are included
+## check checking for truncated salt.  Wrapped by the
+## $with_pam_for_crypt variable as above   --jerry
+##
+if test $with_pam_for_crypt = no; then
+echo $ac_n "checking for a crypt that needs truncated salt""... $ac_c" 1>&6
+echo "configure:12403: checking for a crypt that needs truncated salt" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_TRUNCATED_SALT'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if test "$cross_compiling" = yes; then
+  samba_cv_HAVE_TRUNCATED_SALT=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 12412 "configure"
+#include "confdefs.h"
+#include "${srcdir-.}/tests/crypttest.c"
+EOF
+if { (eval echo configure:12416: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  samba_cv_HAVE_TRUNCATED_SALT=no
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  samba_cv_HAVE_TRUNCATED_SALT=yes
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$samba_cv_HAVE_TRUNCATED_SALT" 1>&6
+if test x"$samba_cv_HAVE_TRUNCATED_SALT" = x"yes"; then
+	cat >> confdefs.h <<\EOF
+#define HAVE_TRUNCATED_SALT 1
+EOF
+
+fi
+fi
+
+
+
+########################################################################################
+##
+## TESTS FOR SAM BACKENDS.  KEEP THESE GROUPED TOGETHER
+##
+########################################################################################
+
+#################################################
+# check for a TDB password database
+echo $ac_n "checking whether to use TDB SAM database""... $ac_c" 1>&6
+echo "configure:12450: checking whether to use TDB SAM database" >&5
+# Check whether --with-tdbsam or --without-tdbsam was given.
+if test "${with_tdbsam+set}" = set; then
+  withval="$with_tdbsam"
+   case "$withval" in
+  yes)
+    echo "$ac_t""yes" 1>&6
+    cat >> confdefs.h <<\EOF
+#define WITH_TDB_SAM 1
+EOF
+
+    ;;
+  *)
+    echo "$ac_t""no" 1>&6
+    ;;
+  esac 
+else
+  echo "$ac_t""no" 1>&6
+
+fi
+
+
+#################################################
+# check for a LDAP password database
+echo $ac_n "checking whether to use LDAP SAM database""... $ac_c" 1>&6
+echo "configure:12475: checking whether to use LDAP SAM database" >&5
+# Check whether --with-ldapsam or --without-ldapsam was given.
+if test "${with_ldapsam+set}" = set; then
+  withval="$with_ldapsam"
+   case "$withval" in
+  yes)
+    echo "$ac_t""yes" 1>&6
+    cat >> confdefs.h <<\EOF
+#define WITH_LDAP_SAM 1
+EOF
+
+    LIBS="-lldap -llber $LIBS"
+    ;;
+  *)
+    echo "$ac_t""no" 1>&6
+    ;;
+  esac 
+else
+  echo "$ac_t""no" 1>&6
+
+fi
+
+
+#################################################
+# check for a NISPLUS password database
+echo $ac_n "checking whether to use NISPLUS SAM database""... $ac_c" 1>&6
+echo "configure:12501: checking whether to use NISPLUS SAM database" >&5
+# Check whether --with-nisplussam or --without-nisplussam was given.
+if test "${with_nisplussam+set}" = set; then
+  withval="$with_nisplussam"
+   case "$withval" in
+  yes)
+    echo "$ac_t""yes" 1>&6
+    cat >> confdefs.h <<\EOF
+#define WITH_NISPLUS_SAM 1
+EOF
+
+    ;;
+  *)
+    echo "$ac_t""no" 1>&6
+    ;;
+  esac 
+else
+  echo "$ac_t""no" 1>&6
+
+fi
+
+
+########################################################################################
+##
+## END OF TESTS FOR SAM BACKENDS.  
+##
+########################################################################################
+
+#################################################
+# check for a NISPLUS_HOME support 
+echo $ac_n "checking whether to use NISPLUS_HOME""... $ac_c" 1>&6
+echo "configure:12532: checking whether to use NISPLUS_HOME" >&5
+# Check whether --with-nisplus-home or --without-nisplus-home was given.
+if test "${with_nisplus_home+set}" = set; then
+  withval="$with_nisplus_home"
+   case "$withval" in
+  yes)
+    echo "$ac_t""yes" 1>&6
+    cat >> confdefs.h <<\EOF
+#define WITH_NISPLUS_HOME 1
+EOF
+
+    ;;
+  *)
+    echo "$ac_t""no" 1>&6
+    ;;
+  esac 
+else
+  echo "$ac_t""no" 1>&6
+
+fi
+
+
+#################################################
+# check for the secure socket layer
+echo $ac_n "checking whether to use SSL""... $ac_c" 1>&6
+echo "configure:12557: checking whether to use SSL" >&5
+# Check whether --with-ssl or --without-ssl was given.
+if test "${with_ssl+set}" = set; then
+  withval="$with_ssl"
+   case "$withval" in
+  yes)
+    echo "$ac_t""yes" 1>&6
+    cat >> confdefs.h <<\EOF
+#define WITH_SSL 1
+EOF
+
+    withval="/usr/local/ssl"     # default
+
+    if test "${with_sslinc+set}" = set; then
+
+	withval="$with_sslinc"
+	case "$withval" in
+	yes|no)
+	  echo "configure: warning: --with-sslinc called without argument - will use default" 1>&w
+	  CFLAGS="-I/usr/local/ssl/include $CFLAGS"
+	;;
+        * )
+          CFLAGS="-I${withval} $CFLAGS"
+	;;
+	esac
+
+    else
+
+	CFLAGS="-I/usr/local/ssl/include $CFLAGS"   
+
+    fi
+
+    if test "${with_ssllib+set}" = set; then
+
+	withval="$with_ssllib"
+	case "$withval" in
+	yes|no)
+	  echo "configure: warning: --with-ssllib called without argument - will use default" 1>&w
+	  LDFLAGS="-L/usr/local/ssl/lib $LDFLAGS"
+	;;
+        * )
+  	  LDFLAGS="-L${withval}/lib $LDFLAGS"
+	;;
+	esac
+
+    else
+
+	LDFLAGS="-L/usr/local/ssl/lib $LDFLAGS"
+
+    fi
+
+    LIBS="-lssl -lcrypto $LIBS"
+
+#    if test ! -d ${withval}; then
+#      echo "configure: error: called with --with-ssl, but ssl base directory ${withval} does not exist or is not a directory. Aborting config" 1>&2
+#      exit 1
+#    fi 
+
+    CFLAGS="-DHAVE_CRYPT_DECL $CFLAGS"  # Damn, SSLeay defines its own
+
+    ;;
+  *)
+    echo "$ac_t""no" 1>&6
+    ;;
+  esac 
+else
+  echo "$ac_t""no" 1>&6
+
+fi
+
+
+#################################################
+# check for syslog logging
+echo $ac_n "checking whether to use syslog logging""... $ac_c" 1>&6
+echo "configure:12631: checking whether to use syslog logging" >&5
+# Check whether --with-syslog or --without-syslog was given.
+if test "${with_syslog+set}" = set; then
+  withval="$with_syslog"
+   case "$withval" in
+  yes)
+    echo "$ac_t""yes" 1>&6
+    cat >> confdefs.h <<\EOF
+#define WITH_SYSLOG 1
+EOF
+
+    ;;
+  *)
+    echo "$ac_t""no" 1>&6
+    ;;
+  esac 
+else
+  echo "$ac_t""no" 1>&6
+
+fi
+
+
+#################################################
+# check for a shared memory profiling support
+echo $ac_n "checking whether to use profiling""... $ac_c" 1>&6
+echo "configure:12656: checking whether to use profiling" >&5
+# Check whether --with-profiling-data or --without-profiling-data was given.
+if test "${with_profiling_data+set}" = set; then
+  withval="$with_profiling_data"
+   case "$withval" in
+  yes)
+    echo "$ac_t""yes" 1>&6
+    cat >> confdefs.h <<\EOF
+#define WITH_PROFILE 1
+EOF
+
+    ;;
+  *)
+    echo "$ac_t""no" 1>&6
+    ;;
+  esac 
+else
+  echo "$ac_t""no" 1>&6
+
+fi
+
+
+
+#################################################
+# check for experimental disk-quotas support
+QUOTAOBJS=smbd/noquotas.o
+
+echo $ac_n "checking whether to support disk-quotas""... $ac_c" 1>&6
+echo "configure:12684: checking whether to support disk-quotas" >&5
+# Check whether --with-quotas or --without-quotas was given.
+if test "${with_quotas+set}" = set; then
+  withval="$with_quotas"
+   case "$withval" in
+  yes)
+    echo "$ac_t""yes" 1>&6
+    case "$host_os" in
+      *linux*)
+        # Check for kernel 2.4.x quota braindamage...
+        echo $ac_n "checking for linux 2.4.x quota braindamage..""... $ac_c" 1>&6
+echo "configure:12695: checking for linux 2.4.x quota braindamage.." >&5
+if eval "test \"`echo '$''{'samba_cv_linux_2_4_quota_braindamage'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+        cat > conftest.$ac_ext <<EOF
+#line 12701 "configure"
+#include "confdefs.h"
+#include <stdio.h>
+#include <sys/types.h>
+#include <asm/types.h>
+#include <linux/quota.h>
+#include <mntent.h>
+#include <linux/unistd.h>
+int main() {
+struct mem_dqblk D;
+; return 0; }
+EOF
+if { (eval echo configure:12713: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  samba_cv_linux_2_4_quota_braindamage=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  samba_cv_linux_2_4_quota_braindamage=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$samba_cv_linux_2_4_quota_braindamage" 1>&6
+if test x"$samba_cv_linux_2_4_quota_braindamage" = x"yes"; then
+        cat >> confdefs.h <<\EOF
+#define LINUX_QUOTAS_2 1
+EOF
+
+else
+        cat >> confdefs.h <<\EOF
+#define LINUX_QUOTAS_1 1
+EOF
+
+fi
+        ;;
+      *)
+        ;;
+    esac
+    QUOTAOBJS=smbd/quotas.o
+    cat >> confdefs.h <<\EOF
+#define WITH_QUOTAS 1
+EOF
+
+    ;;
+  *)
+    echo "$ac_t""no" 1>&6
+    ;;
+  esac 
+else
+  echo "$ac_t""no" 1>&6
+
+fi
+
+
+
+#################################################
+# check for experimental utmp accounting
+
+echo $ac_n "checking whether to support utmp accounting""... $ac_c" 1>&6
+echo "configure:12762: checking whether to support utmp accounting" >&5
+# Check whether --with-utmp or --without-utmp was given.
+if test "${with_utmp+set}" = set; then
+  withval="$with_utmp"
+   case "$withval" in
+  yes)
+    echo "$ac_t""yes" 1>&6
+    cat >> confdefs.h <<\EOF
+#define WITH_UTMP 1
+EOF
+
+    ;;
+  *)
+    echo "$ac_t""no" 1>&6
+    ;;
+  esac 
+else
+  echo "$ac_t""no" 1>&6
+
+fi
+
+
+#################################################
+# set private directory location
+# Check whether --with-privatedir or --without-privatedir was given.
+if test "${with_privatedir+set}" = set; then
+  withval="$with_privatedir"
+   case "$withval" in
+  yes|no)
+  #
+  # Just in case anybody calls it without argument
+  #
+    echo "configure: warning: --with-privatedir called without argument - will use default" 1>&2
+    privatedir='${prefix}/private'
+  ;;
+  * )
+    privatedir="$withval"
+    ;;
+  esac
+  
+else
+  privatedir='${prefix}/private'
+   
+
+fi
+
+
+#################################################
+# set lock directory location
+# Check whether --with-lockdir or --without-lockdir was given.
+if test "${with_lockdir+set}" = set; then
+  withval="$with_lockdir"
+   case "$withval" in
+  yes|no)
+  #
+  # Just in case anybody calls it without argument
+  #
+    echo "configure: warning: --with-lockdir called without argument - will use default" 1>&2
+    lockdir='$(VARDIR)/locks'
+  ;;
+  * )
+    lockdir="$withval"
+    ;;
+  esac
+  
+else
+  lockdir='$(VARDIR)/locks'
+   
+
+fi
+
+
+#################################################
+# set SWAT directory location
+# Check whether --with-swatdir or --without-swatdir was given.
+if test "${with_swatdir+set}" = set; then
+  withval="$with_swatdir"
+   case "$withval" in
+  yes|no)
+  #
+  # Just in case anybody does it
+  #
+    echo "configure: warning: --with-swatdir called without argument - will use default" 1>&2
+    swatdir='${prefix}/swat'
+  ;;
+  * )
+    swatdir="$withval"
+    ;;
+  esac
+  
+else
+  swatdir='${prefix}/swat'
+   
+
+fi
+
+
+#################################################
+# choose native language(s) of man pages
+echo $ac_n "checking chosen man pages' language(s)""... $ac_c" 1>&6
+echo "configure:12862: checking chosen man pages' language(s)" >&5
+# Check whether --with-manpages-langs or --without-manpages-langs was given.
+if test "${with_manpages_langs+set}" = set; then
+  withval="$with_manpages_langs"
+   case "$withval" in
+  yes|no)
+    echo "configure: warning: --with-manpages-langs called without argument - will use default" 1>&2
+    manlangs="en"
+  ;;
+  *)
+    manlangs="$withval"
+  ;;
+  esac
+
+  echo "$ac_t""$manlangs" 1>&6
+  manlangs=`echo $manlangs | sed "s/,/ /"`   # replacing commas with spaces to produce a list
+  
+else
+  manlangs="en"
+  echo "$ac_t""$manlangs" 1>&6
+  
+
+fi
+
+
+#################################################
+# these tests are taken from the GNU fileutils package
+echo "checking how to get filesystem space usage" 1>&6
+echo "configure:12890: checking how to get filesystem space usage" >&5
+space=no
+
+# Test for statvfs64.
+if test $space = no; then
+  # SVR4
+  echo $ac_n "checking statvfs64 function (SVR4)""... $ac_c" 1>&6
+echo "configure:12897: checking statvfs64 function (SVR4)" >&5
+if eval "test \"`echo '$''{'fu_cv_sys_stat_statvfs64'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  if test "$cross_compiling" = yes; then
+  fu_cv_sys_stat_statvfs64=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 12905 "configure"
+#include "confdefs.h"
+
+#if defined(HAVE_UNISTD_H)
+#include <unistd.h>
+#endif
+#include <sys/types.h>
+#include <sys/statvfs.h>
+  main ()
+  {
+    struct statvfs64 fsd;
+    exit (statvfs64 (".", &fsd));
+  }
+EOF
+if { (eval echo configure:12919: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  fu_cv_sys_stat_statvfs64=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  fu_cv_sys_stat_statvfs64=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$fu_cv_sys_stat_statvfs64" 1>&6
+  if test $fu_cv_sys_stat_statvfs64 = yes; then
+    space=yes
+    cat >> confdefs.h <<\EOF
+#define STAT_STATVFS64 1
+EOF
+
+  fi
+fi
+
+# Perform only the link test since it seems there are no variants of the
+# statvfs function.  This check is more than just AC_CHECK_FUNCS(statvfs)
+# because that got a false positive on SCO OSR5.  Adding the declaration
+# of a `struct statvfs' causes this test to fail (as it should) on such
+# systems.  That system is reported to work fine with STAT_STATFS4 which
+# is what it gets when this test fails.
+if test $space = no; then
+  # SVR4
+  echo $ac_n "checking statvfs function (SVR4)""... $ac_c" 1>&6
+echo "configure:12952: checking statvfs function (SVR4)" >&5
+if eval "test \"`echo '$''{'fu_cv_sys_stat_statvfs'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 12957 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <sys/statvfs.h>
+int main() {
+struct statvfs fsd; statvfs (0, &fsd);
+; return 0; }
+EOF
+if { (eval echo configure:12965: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  fu_cv_sys_stat_statvfs=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  fu_cv_sys_stat_statvfs=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$fu_cv_sys_stat_statvfs" 1>&6
+  if test $fu_cv_sys_stat_statvfs = yes; then
+    space=yes
+    cat >> confdefs.h <<\EOF
+#define STAT_STATVFS 1
+EOF
+
+  fi
+fi
+
+if test $space = no; then
+  # DEC Alpha running OSF/1
+  echo $ac_n "checking for 3-argument statfs function (DEC OSF/1)""... $ac_c" 1>&6
+echo "configure:12990: checking for 3-argument statfs function (DEC OSF/1)" >&5
+  if eval "test \"`echo '$''{'fu_cv_sys_stat_statfs3_osf1'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  if test "$cross_compiling" = yes; then
+  fu_cv_sys_stat_statfs3_osf1=no
+else
+  cat > conftest.$ac_ext <<EOF
+#line 12998 "configure"
+#include "confdefs.h"
+
+#include <sys/param.h>
+#include <sys/types.h>
+#include <sys/mount.h>
+  main ()
+  {
+    struct statfs fsd;
+    fsd.f_fsize = 0;
+    exit (statfs (".", &fsd, sizeof (struct statfs)));
+  }
+EOF
+if { (eval echo configure:13011: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  fu_cv_sys_stat_statfs3_osf1=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  fu_cv_sys_stat_statfs3_osf1=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+  echo "$ac_t""$fu_cv_sys_stat_statfs3_osf1" 1>&6
+  if test $fu_cv_sys_stat_statfs3_osf1 = yes; then
+    space=yes
+    cat >> confdefs.h <<\EOF
+#define STAT_STATFS3_OSF1 1
+EOF
+
+  fi
+fi
+
+if test $space = no; then
+# AIX
+  echo $ac_n "checking for two-argument statfs with statfs.bsize member (AIX, 4.3BSD)""... $ac_c" 1>&6
+echo "configure:13038: checking for two-argument statfs with statfs.bsize member (AIX, 4.3BSD)" >&5
+  if eval "test \"`echo '$''{'fu_cv_sys_stat_statfs2_bsize'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  if test "$cross_compiling" = yes; then
+  fu_cv_sys_stat_statfs2_bsize=no
+else
+  cat > conftest.$ac_ext <<EOF
+#line 13046 "configure"
+#include "confdefs.h"
+
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+#ifdef HAVE_SYS_MOUNT_H
+#include <sys/mount.h>
+#endif
+#ifdef HAVE_SYS_VFS_H
+#include <sys/vfs.h>
+#endif
+  main ()
+  {
+  struct statfs fsd;
+  fsd.f_bsize = 0;
+  exit (statfs (".", &fsd));
+  }
+EOF
+if { (eval echo configure:13065: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  fu_cv_sys_stat_statfs2_bsize=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  fu_cv_sys_stat_statfs2_bsize=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+  echo "$ac_t""$fu_cv_sys_stat_statfs2_bsize" 1>&6
+  if test $fu_cv_sys_stat_statfs2_bsize = yes; then
+    space=yes
+    cat >> confdefs.h <<\EOF
+#define STAT_STATFS2_BSIZE 1
+EOF
+
+  fi
+fi
+
+if test $space = no; then
+# SVR3
+  echo $ac_n "checking for four-argument statfs (AIX-3.2.5, SVR3)""... $ac_c" 1>&6
+echo "configure:13092: checking for four-argument statfs (AIX-3.2.5, SVR3)" >&5
+  if eval "test \"`echo '$''{'fu_cv_sys_stat_statfs4'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  if test "$cross_compiling" = yes; then
+  fu_cv_sys_stat_statfs4=no
+else
+  cat > conftest.$ac_ext <<EOF
+#line 13100 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <sys/statfs.h>
+  main ()
+  {
+  struct statfs fsd;
+  exit (statfs (".", &fsd, sizeof fsd, 0));
+  }
+EOF
+if { (eval echo configure:13110: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  fu_cv_sys_stat_statfs4=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  fu_cv_sys_stat_statfs4=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+  echo "$ac_t""$fu_cv_sys_stat_statfs4" 1>&6
+  if test $fu_cv_sys_stat_statfs4 = yes; then
+    space=yes
+    cat >> confdefs.h <<\EOF
+#define STAT_STATFS4 1
+EOF
+
+  fi
+fi
+
+if test $space = no; then
+# 4.4BSD and NetBSD
+  echo $ac_n "checking for two-argument statfs with statfs.fsize member (4.4BSD and NetBSD)""... $ac_c" 1>&6
+echo "configure:13137: checking for two-argument statfs with statfs.fsize member (4.4BSD and NetBSD)" >&5
+  if eval "test \"`echo '$''{'fu_cv_sys_stat_statfs2_fsize'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  if test "$cross_compiling" = yes; then
+  fu_cv_sys_stat_statfs2_fsize=no
+else
+  cat > conftest.$ac_ext <<EOF
+#line 13145 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+#ifdef HAVE_SYS_MOUNT_H
+#include <sys/mount.h>
+#endif
+  main ()
+  {
+  struct statfs fsd;
+  fsd.f_fsize = 0;
+  exit (statfs (".", &fsd));
+  }
+EOF
+if { (eval echo configure:13161: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  fu_cv_sys_stat_statfs2_fsize=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  fu_cv_sys_stat_statfs2_fsize=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+  echo "$ac_t""$fu_cv_sys_stat_statfs2_fsize" 1>&6
+  if test $fu_cv_sys_stat_statfs2_fsize = yes; then
+    space=yes
+    cat >> confdefs.h <<\EOF
+#define STAT_STATFS2_FSIZE 1
+EOF
+
+  fi
+fi
+
+if test $space = no; then
+  # Ultrix
+  echo $ac_n "checking for two-argument statfs with struct fs_data (Ultrix)""... $ac_c" 1>&6
+echo "configure:13188: checking for two-argument statfs with struct fs_data (Ultrix)" >&5
+  if eval "test \"`echo '$''{'fu_cv_sys_stat_fs_data'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  if test "$cross_compiling" = yes; then
+  fu_cv_sys_stat_fs_data=no
+else
+  cat > conftest.$ac_ext <<EOF
+#line 13196 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+#ifdef HAVE_SYS_MOUNT_H
+#include <sys/mount.h>
+#endif
+#ifdef HAVE_SYS_FS_TYPES_H
+#include <sys/fs_types.h>
+#endif
+  main ()
+  {
+  struct fs_data fsd;
+  /* Ultrix's statfs returns 1 for success,
+     0 for not mounted, -1 for failure.  */
+  exit (statfs (".", &fsd) != 1);
+  }
+EOF
+if { (eval echo configure:13216: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  fu_cv_sys_stat_fs_data=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  fu_cv_sys_stat_fs_data=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+  echo "$ac_t""$fu_cv_sys_stat_fs_data" 1>&6
+  if test $fu_cv_sys_stat_fs_data = yes; then
+    space=yes
+    cat >> confdefs.h <<\EOF
+#define STAT_STATFS2_FS_DATA 1
+EOF
+
+  fi
+fi
+
+#
+# As a gating factor for large file support, in order to
+# use <4GB files we must have the following minimal support
+# available.
+# long long, and a 64 bit off_t or off64_t.
+# If we don't have all of these then disable large
+# file support.
+#
+echo $ac_n "checking if large file support can be enabled""... $ac_c" 1>&6
+echo "configure:13249: checking if large file support can be enabled" >&5
+cat > conftest.$ac_ext <<EOF
+#line 13251 "configure"
+#include "confdefs.h"
+
+#if defined(HAVE_LONGLONG) && (defined(HAVE_OFF64_T) || (defined(SIZEOF_OFF_T) && (SIZEOF_OFF_T == 8)))
+#include <sys/types.h>
+#else
+__COMPILE_ERROR_
+#endif
+
+int main() {
+int i
+; return 0; }
+EOF
+if { (eval echo configure:13264: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  samba_cv_HAVE_EXPLICIT_LARGEFILE_SUPPORT=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  samba_cv_HAVE_EXPLICIT_LARGEFILE_SUPPORT=no
+fi
+rm -f conftest*
+if test x"$samba_cv_HAVE_EXPLICIT_LARGEFILE_SUPPORT" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_EXPLICIT_LARGEFILE_SUPPORT 1
+EOF
+
+fi
+echo "$ac_t""$samba_cv_HAVE_EXPLICIT_LARGEFILE_SUPPORT" 1>&6
+
+# Check whether --with-spinlocks or --without-spinlocks was given.
+if test "${with_spinlocks+set}" = set; then
+  withval="$with_spinlocks"
+  :
+fi
+
+if test "x$with_spinlocks" = "xyes"; then
+    cat >> confdefs.h <<\EOF
+#define USE_SPINLOCKS 1
+EOF
+
+
+    case "$host_cpu" in
+        sparc)
+            cat >> confdefs.h <<\EOF
+#define SPARC_SPINLOCKS 1
+EOF
+
+            ;;
+
+        i386|i486|i586|i686)
+            cat >> confdefs.h <<\EOF
+#define INTEL_SPINLOCKS 1
+EOF
+
+            ;;
+
+        mips)
+            cat >> confdefs.h <<\EOF
+#define MIPS_SPINLOCKS 1
+EOF
+
+            ;;
+
+        powerpc)
+            cat >> confdefs.h <<\EOF
+#define POWERPC_SPINLOCKS 1
+EOF
+
+            ;;
+    esac
+fi
+
+#################################################
+# check for ACL support
+
+echo $ac_n "checking whether to support ACLs""... $ac_c" 1>&6
+echo "configure:13329: checking whether to support ACLs" >&5
+# Check whether --with-acl-support or --without-acl-support was given.
+if test "${with_acl_support+set}" = set; then
+  withval="$with_acl_support"
+   case "$withval" in
+  yes)
+
+	case "$host_os" in
+	*sysv5*)
+		echo "$ac_t""Using UnixWare ACLs" 1>&6
+		cat >> confdefs.h <<\EOF
+#define HAVE_UNIXWARE_ACLS 1
+EOF
+
+		;;
+	*solaris*)
+		echo "$ac_t""Using solaris ACLs" 1>&6
+		cat >> confdefs.h <<\EOF
+#define HAVE_SOLARIS_ACLS 1
+EOF
+
+		;;
+	*hpux*)
+		echo "$ac_t""Using HPUX ACLs" 1>&6
+		cat >> confdefs.h <<\EOF
+#define HAVE_HPUX_ACLS 1
+EOF
+
+		;;
+	*irix*)
+		echo "$ac_t""Using IRIX ACLs" 1>&6
+		cat >> confdefs.h <<\EOF
+#define HAVE_IRIX_ACLS 1
+EOF
+
+		;;
+	*aix*)
+		echo "$ac_t""Using AIX ACLs" 1>&6
+		cat >> confdefs.h <<\EOF
+#define HAVE_AIX_ACLS 1
+EOF
+
+		;;
+	*osf*)
+		echo "$ac_t""Using Tru64 ACLs" 1>&6
+		cat >> confdefs.h <<\EOF
+#define HAVE_TRU64_ACLS 1
+EOF
+
+		LIBS="$LIBS -lpacl"
+		;;
+        *)
+		echo $ac_n "checking for acl_get_file in -lacl""... $ac_c" 1>&6
+echo "configure:13382: checking for acl_get_file in -lacl" >&5
+ac_lib_var=`echo acl'_'acl_get_file | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lacl  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 13390 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char acl_get_file();
+
+int main() {
+acl_get_file()
+; return 0; }
+EOF
+if { (eval echo configure:13401: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_lib=HAVE_LIB`echo acl | sed -e 's/[^a-zA-Z0-9_]/_/g' \
+    -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+  LIBS="-lacl $LIBS"
+
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+		echo $ac_n "checking for ACL support""... $ac_c" 1>&6
+echo "configure:13429: checking for ACL support" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_POSIX_ACLS'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+		cat > conftest.$ac_ext <<EOF
+#line 13435 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <sys/acl.h>
+int main() {
+ acl_t acl; int entry_id; acl_entry_t *entry_p; return acl_get_entry( acl, entry_id, entry_p);
+; return 0; }
+EOF
+if { (eval echo configure:13443: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  samba_cv_HAVE_POSIX_ACLS=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  samba_cv_HAVE_POSIX_ACLS=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$samba_cv_HAVE_POSIX_ACLS" 1>&6
+			if test x"$samba_cv_HAVE_POSIX_ACLS" = x"yes"; then
+				echo "$ac_t""Using posix ACLs" 1>&6
+				cat >> confdefs.h <<\EOF
+#define HAVE_POSIX_ACLS 1
+EOF
+
+				echo $ac_n "checking for acl_get_perm_np""... $ac_c" 1>&6
+echo "configure:13463: checking for acl_get_perm_np" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_ACL_GET_PERM_NP'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+				cat > conftest.$ac_ext <<EOF
+#line 13469 "configure"
+#include "confdefs.h"
+#include <sys/types.h>
+#include <sys/acl.h>
+int main() {
+ acl_permset_t permset_d; acl_perm_t perm; return acl_get_perm_np( permset_d, perm);
+; return 0; }
+EOF
+if { (eval echo configure:13477: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  samba_cv_HAVE_ACL_GET_PERM_NP=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  samba_cv_HAVE_ACL_GET_PERM_NP=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$samba_cv_HAVE_ACL_GET_PERM_NP" 1>&6
+				if test x"$samba_cv_HAVE_ACL_GET_PERM_NP" = x"yes"; then
+					cat >> confdefs.h <<\EOF
+#define HAVE_ACL_GET_PERM_NP 1
+EOF
+
+				fi
+			fi
+            ;;
+        esac
+        ;;
+  *)
+    echo "$ac_t""no" 1>&6
+    cat >> confdefs.h <<\EOF
+#define HAVE_NO_ACLS 1
+EOF
+
+    ;;
+  esac 
+else
+  cat >> confdefs.h <<\EOF
+#define HAVE_NO_ACLS 1
+EOF
+
+  echo "$ac_t""no" 1>&6
+
+fi
+
+
+#################################################
+# Check whether winbind is supported on this platform.  If so we need to
+# build and install client programs (WINBIND_TARGETS), sbin programs
+# (WINBIND_STARGETS) and shared libraries (WINBIND_LTARGETS).
+
+echo $ac_n "checking whether to build winbind""... $ac_c" 1>&6
+echo "configure:13524: checking whether to build winbind" >&5
+
+# Initially, the value of $host_os decides whether winbind is supported
+
+case "$host_os" in
+	*linux*|*irix*)
+		HAVE_WINBIND=yes
+		;;
+	*solaris*)
+		HAVE_WINBIND=yes
+		WINBIND_NSS_EXTRA_OBJS="nsswitch/winbind_nss_solaris.o"
+		WINBIND_NSS_EXTRA_LIBS="-lsocket"
+		;;
+	*hpux11*)
+		HAVE_WINBIND=yes
+		WINBIND_NSS_EXTRA_OBJS="nsswitch/winbind_nss_solaris.o"
+		;;
+	*)
+		HAVE_WINBIND=no
+		winbind_no_reason=", unsupported on $host_os"
+		;;
+esac
+
+# Check the setting of --with-winbindd
+
+# Check whether --with-winbind or --without-winbind was given.
+if test "${with_winbind+set}" = set; then
+  withval="$with_winbind"
+   
+  case "$withval" in
+	yes)
+		HAVE_WINBIND=yes
+		;;
+        no)
+		HAVE_WINBIND=no
+                winbind_reason=""
+                ;;
+  esac 
+fi
+
+
+# We need unix domain sockets for winbind
+
+if test x"$HAVE_WINBIND" = x"yes"; then
+	if test x"$samba_cv_unixsocket" = x"no"; then
+		winbind_no_reason=", no unix domain socket support on $host_os"
+		HAVE_WINBIND=no
+	fi
+fi
+
+# Display test results
+
+WINBIND_TARGETS=""
+WINBIND_STARGETS=""
+WINBIND_LTARGETS=""
+WINBIND_PAM_PROGS=""
+
+if test x"$HAVE_WINBIND" = x"yes"; then
+        echo "$ac_t""yes" 1>&6
+
+	WINBIND_TARGETS="bin/wbinfo"
+	WINBIND_STARGETS="bin/winbindd"
+        if test x"$BLDSHARED" = x"true"; then
+		WINBIND_LTARGETS="nsswitch/libnss_winbind.so"
+		if test x"$with_pam" = x"yes"; then
+			WINBIND_PAM_TARGETS="nsswitch/pam_winbind.so"
+		fi
+	fi
+else
+        echo "$ac_t""no$winbind_no_reason" 1>&6
+fi
+
+# Substitution time!
+
+
+
+
+
+
+
+
+#################################################
+# Check to see if we should use the included popt 
+
+# Check whether --with-included-popt or --without-included-popt was given.
+if test "${with_included_popt+set}" = set; then
+  withval="$with_included_popt"
+   
+  case "$withval" in
+	yes)
+		INCLUDED_POPT=yes
+		;;
+        no)
+		INCLUDED_POPT=no
+                ;;
+  esac 
+fi
+
+if test x"$INCLUDED_POPT" != x"yes"; then
+    echo $ac_n "checking for poptGetContext in -lpopt""... $ac_c" 1>&6
+echo "configure:13624: checking for poptGetContext in -lpopt" >&5
+ac_lib_var=`echo popt'_'poptGetContext | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lpopt  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 13632 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char poptGetContext();
+
+int main() {
+poptGetContext()
+; return 0; }
+EOF
+if { (eval echo configure:13643: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  INCLUDED_POPT=no
+else
+  echo "$ac_t""no" 1>&6
+INCLUDED_POPT=yes
+fi
+
+fi
+
+echo $ac_n "checking whether to use included popt""... $ac_c" 1>&6
+echo "configure:13667: checking whether to use included popt" >&5
+if test x"$INCLUDED_POPT" = x"yes"; then
+    echo "$ac_t""$srcdir/popt" 1>&6
+    BUILD_POPT='$(POPT_OBJS)'
+    FLAGS1="-I$srcdir/popt"
+else
+    echo "$ac_t""no" 1>&6
+    LIBS="$LIBS -lpopt"
+fi
+
+
+
+#################################################
+# do extra things if we are running insure
+
+if test "${ac_cv_prog_CC}" = "insure"; then
+	CPPFLAGS="$CPPFLAGS -D__INSURE__"
+fi
+
+#################################################
+# final configure stuff
+
+echo $ac_n "checking configure summary""... $ac_c" 1>&6
+echo "configure:13690: checking configure summary" >&5
+if test "$cross_compiling" = yes; then
+  echo "configure: warning: cannot run when cross-compiling" 1>&2
+else
+  cat > conftest.$ac_ext <<EOF
+#line 13695 "configure"
+#include "confdefs.h"
+#include "${srcdir-.}/tests/summary.c"
+EOF
+if { (eval echo configure:13699: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  echo "$ac_t""yes" 1>&6
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  { echo "configure: error: summary failure. Aborting config" 1>&2; exit 1; }; exit 1;
+fi
+rm -fr conftest*
+fi
+
+
+builddir=`pwd`
+
+
+trap '' 1 2 15
+cat > confcache <<\EOF
+# This file is a shell script that caches the results of configure
+# tests run on this system so they can be shared between configure
+# scripts and configure runs.  It is not useful on other systems.
+# If it contains results you don't want to keep, you may remove or edit it.
+#
+# By default, configure uses ./config.cache as the cache file,
+# creating it if it does not exist already.  You can give configure
+# the --cache-file=FILE option to use a different cache file; that is
+# what configure does when it calls configure scripts in
+# subdirectories, so they share the cache.
+# Giving --cache-file=/dev/null disables caching, for debugging configure.
+# config.status only pays attention to the cache file if you give it the
+# --recheck option to rerun configure.
+#
+EOF
+# The following way of writing the cache mishandles newlines in values,
+# but we know of no workaround that is simple, portable, and efficient.
+# So, don't put newlines in cache variables' values.
+# Ultrix sh set writes to stderr and can't be redirected directly,
+# and sets the high bit in the cache file unless we assign to the vars.
+(set) 2>&1 |
+  case `(ac_space=' '; set | grep ac_space) 2>&1` in
+  *ac_space=\ *)
+    # `set' does not quote correctly, so add quotes (double-quote substitution
+    # turns \\\\ into \\, and sed turns \\ into \).
+    sed -n \
+      -e "s/'/'\\\\''/g" \
+      -e "s/^\\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\\)=\\(.*\\)/\\1=\${\\1='\\2'}/p"
+    ;;
+  *)
+    # `set' quotes correctly as required by POSIX, so do not add quotes.
+    sed -n -e 's/^\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\)=\(.*\)/\1=${\1=\2}/p'
+    ;;
+  esac >> confcache
+if cmp -s $cache_file confcache; then
+  :
+else
+  if test -w $cache_file; then
+    echo "updating cache $cache_file"
+    cat confcache > $cache_file
+  else
+    echo "not updating unwritable cache $cache_file"
+  fi
+fi
+rm -f confcache
+
+trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15
+
+test "x$prefix" = xNONE && prefix=$ac_default_prefix
+# Let make expand exec_prefix.
+test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
+
+# Any assignment to VPATH causes Sun make to only execute
+# the first set of double-colon rules, so remove it if not needed.
+# If there is a colon in the path, we need to keep it.
+if test "x$srcdir" = x.; then
+  ac_vpsub='/^[ 	]*VPATH[ 	]*=[^:]*$/d'
+fi
+
+trap 'rm -f $CONFIG_STATUS conftest*; exit 1' 1 2 15
+
+DEFS=-DHAVE_CONFIG_H
+
+# Without the "./", some shells look in PATH for config.status.
+: ${CONFIG_STATUS=./config.status}
+
+echo creating $CONFIG_STATUS
+rm -f $CONFIG_STATUS
+cat > $CONFIG_STATUS <<EOF
+#! /bin/sh
+# Generated automatically by configure.
+# Run this file to recreate the current configuration.
+# This directory was configured as follows,
+# on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
+#
+# $0 $ac_configure_args
+#
+# Compiler output produced by configure, useful for debugging
+# configure, is in ./config.log if it exists.
+
+ac_cs_usage="Usage: $CONFIG_STATUS [--recheck] [--version] [--help]"
+for ac_option
+do
+  case "\$ac_option" in
+  -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
+    echo "running \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion"
+    exec \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion ;;
+  -version | --version | --versio | --versi | --vers | --ver | --ve | --v)
+    echo "$CONFIG_STATUS generated by autoconf version 2.13"
+    exit 0 ;;
+  -help | --help | --hel | --he | --h)
+    echo "\$ac_cs_usage"; exit 0 ;;
+  *) echo "\$ac_cs_usage"; exit 1 ;;
+  esac
+done
+
+ac_given_srcdir=$srcdir
+ac_given_INSTALL="$INSTALL"
+
+trap 'rm -fr `echo "include/stamp-h Makefile include/config.h" | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15
+EOF
+cat >> $CONFIG_STATUS <<EOF
+
+# Protect against being on the right side of a sed subst in config.status.
+sed 's/%@/@@/; s/@%/@@/; s/%g\$/@g/; /@g\$/s/[\\\\&%]/\\\\&/g;
+ s/@@/%@/; s/@@/@%/; s/@g\$/%g/' > conftest.subs <<\\CEOF
+$ac_vpsub
+$extrasub
+s%@SHELL@%$SHELL%g
+s%@CFLAGS@%$CFLAGS%g
+s%@CPPFLAGS@%$CPPFLAGS%g
+s%@CXXFLAGS@%$CXXFLAGS%g
+s%@FFLAGS@%$FFLAGS%g
+s%@DEFS@%$DEFS%g
+s%@LDFLAGS@%$LDFLAGS%g
+s%@LIBS@%$LIBS%g
+s%@exec_prefix@%$exec_prefix%g
+s%@prefix@%$prefix%g
+s%@program_transform_name@%$program_transform_name%g
+s%@bindir@%$bindir%g
+s%@sbindir@%$sbindir%g
+s%@libexecdir@%$libexecdir%g
+s%@datadir@%$datadir%g
+s%@sysconfdir@%$sysconfdir%g
+s%@sharedstatedir@%$sharedstatedir%g
+s%@localstatedir@%$localstatedir%g
+s%@libdir@%$libdir%g
+s%@includedir@%$includedir%g
+s%@oldincludedir@%$oldincludedir%g
+s%@infodir@%$infodir%g
+s%@mandir@%$mandir%g
+s%@RUNPROG@%$RUNPROG%g
+s%@MPROGS@%$MPROGS%g
+s%@LDSHFLAGS@%$LDSHFLAGS%g
+s%@SHLD@%$SHLD%g
+s%@HOST_OS@%$HOST_OS%g
+s%@PAM_MOD@%$PAM_MOD%g
+s%@WRAP@%$WRAP%g
+s%@WRAP32@%$WRAP32%g
+s%@PICFLAG@%$PICFLAG%g
+s%@PICSUFFIX@%$PICSUFFIX%g
+s%@POBAD_CC@%$POBAD_CC%g
+s%@SHLIBEXT@%$SHLIBEXT%g
+s%@LIBSMBCLIENT_SHARED@%$LIBSMBCLIENT_SHARED%g
+s%@CC@%$CC%g
+s%@INSTALL_PROGRAM@%$INSTALL_PROGRAM%g
+s%@INSTALL_SCRIPT@%$INSTALL_SCRIPT%g
+s%@INSTALL_DATA@%$INSTALL_DATA%g
+s%@AWK@%$AWK%g
+s%@BROKEN_CC@%$BROKEN_CC%g
+s%@host@%$host%g
+s%@host_alias@%$host_alias%g
+s%@host_cpu@%$host_cpu%g
+s%@host_vendor@%$host_vendor%g
+s%@host_os@%$host_os%g
+s%@target@%$target%g
+s%@target_alias@%$target_alias%g
+s%@target_cpu@%$target_cpu%g
+s%@target_vendor@%$target_vendor%g
+s%@target_os@%$target_os%g
+s%@build@%$build%g
+s%@build_alias@%$build_alias%g
+s%@build_cpu@%$build_cpu%g
+s%@build_vendor@%$build_vendor%g
+s%@build_os@%$build_os%g
+s%@CPP@%$CPP%g
+s%@LIBOBJS@%$LIBOBJS%g
+s%@TERMLIBS@%$TERMLIBS%g
+s%@TERMLDFLAGS@%$TERMLDFLAGS%g
+s%@ROFF@%$ROFF%g
+s%@DYNEXP@%$DYNEXP%g
+s%@QUOTAOBJS@%$QUOTAOBJS%g
+s%@privatedir@%$privatedir%g
+s%@lockdir@%$lockdir%g
+s%@swatdir@%$swatdir%g
+s%@manlangs@%$manlangs%g
+s%@WINBIND_TARGETS@%$WINBIND_TARGETS%g
+s%@WINBIND_STARGETS@%$WINBIND_STARGETS%g
+s%@WINBIND_LTARGETS@%$WINBIND_LTARGETS%g
+s%@WINBIND_PAM_TARGETS@%$WINBIND_PAM_TARGETS%g
+s%@WINBIND_NSS_EXTRA_OBJS@%$WINBIND_NSS_EXTRA_OBJS%g
+s%@WINBIND_NSS_EXTRA_LIBS@%$WINBIND_NSS_EXTRA_LIBS%g
+s%@BUILD_POPT@%$BUILD_POPT%g
+s%@FLAGS1@%$FLAGS1%g
+s%@builddir@%$builddir%g
+
+CEOF
+EOF
+
+cat >> $CONFIG_STATUS <<\EOF
+
+# Split the substitutions into bite-sized pieces for seds with
+# small command number limits, like on Digital OSF/1 and HP-UX.
+ac_max_sed_cmds=90 # Maximum number of lines to put in a sed script.
+ac_file=1 # Number of current file.
+ac_beg=1 # First line for current file.
+ac_end=$ac_max_sed_cmds # Line after last line for current file.
+ac_more_lines=:
+ac_sed_cmds=""
+while $ac_more_lines; do
+  if test $ac_beg -gt 1; then
+    sed "1,${ac_beg}d; ${ac_end}q" conftest.subs > conftest.s$ac_file
+  else
+    sed "${ac_end}q" conftest.subs > conftest.s$ac_file
+  fi
+  if test ! -s conftest.s$ac_file; then
+    ac_more_lines=false
+    rm -f conftest.s$ac_file
+  else
+    if test -z "$ac_sed_cmds"; then
+      ac_sed_cmds="sed -f conftest.s$ac_file"
+    else
+      ac_sed_cmds="$ac_sed_cmds | sed -f conftest.s$ac_file"
+    fi
+    ac_file=`expr $ac_file + 1`
+    ac_beg=$ac_end
+    ac_end=`expr $ac_end + $ac_max_sed_cmds`
+  fi
+done
+if test -z "$ac_sed_cmds"; then
+  ac_sed_cmds=cat
+fi
+EOF
+
+cat >> $CONFIG_STATUS <<EOF
+
+CONFIG_FILES=\${CONFIG_FILES-"include/stamp-h Makefile"}
+EOF
+cat >> $CONFIG_STATUS <<\EOF
+for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then
+  # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in".
+  case "$ac_file" in
+  *:*) ac_file_in=`echo "$ac_file"|sed 's%[^:]*:%%'`
+       ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;;
+  *) ac_file_in="${ac_file}.in" ;;
+  esac
+
+  # Adjust a relative srcdir, top_srcdir, and INSTALL for subdirectories.
+
+  # Remove last slash and all that follows it.  Not all systems have dirname.
+  ac_dir=`echo $ac_file|sed 's%/[^/][^/]*$%%'`
+  if test "$ac_dir" != "$ac_file" && test "$ac_dir" != .; then
+    # The file is in a subdirectory.
+    test ! -d "$ac_dir" && mkdir "$ac_dir"
+    ac_dir_suffix="/`echo $ac_dir|sed 's%^\./%%'`"
+    # A "../" for each directory in $ac_dir_suffix.
+    ac_dots=`echo $ac_dir_suffix|sed 's%/[^/]*%../%g'`
+  else
+    ac_dir_suffix= ac_dots=
+  fi
+
+  case "$ac_given_srcdir" in
+  .)  srcdir=.
+      if test -z "$ac_dots"; then top_srcdir=.
+      else top_srcdir=`echo $ac_dots|sed 's%/$%%'`; fi ;;
+  /*) srcdir="$ac_given_srcdir$ac_dir_suffix"; top_srcdir="$ac_given_srcdir" ;;
+  *) # Relative path.
+    srcdir="$ac_dots$ac_given_srcdir$ac_dir_suffix"
+    top_srcdir="$ac_dots$ac_given_srcdir" ;;
+  esac
+
+  case "$ac_given_INSTALL" in
+  [/$]*) INSTALL="$ac_given_INSTALL" ;;
+  *) INSTALL="$ac_dots$ac_given_INSTALL" ;;
+  esac
+
+  echo creating "$ac_file"
+  rm -f "$ac_file"
+  configure_input="Generated automatically from `echo $ac_file_in|sed 's%.*/%%'` by configure."
+  case "$ac_file" in
+  *Makefile*) ac_comsub="1i\\
+# $configure_input" ;;
+  *) ac_comsub= ;;
+  esac
+
+  ac_file_inputs=`echo $ac_file_in|sed -e "s%^%$ac_given_srcdir/%" -e "s%:% $ac_given_srcdir/%g"`
+  sed -e "$ac_comsub
+s%@configure_input@%$configure_input%g
+s%@srcdir@%$srcdir%g
+s%@top_srcdir@%$top_srcdir%g
+s%@INSTALL@%$INSTALL%g
+" $ac_file_inputs | (eval "$ac_sed_cmds") > $ac_file
+fi; done
+rm -f conftest.s*
+
+# These sed commands are passed to sed as "A NAME B NAME C VALUE D", where
+# NAME is the cpp macro being defined and VALUE is the value it is being given.
+#
+# ac_d sets the value in "#define NAME VALUE" lines.
+ac_dA='s%^\([ 	]*\)#\([ 	]*define[ 	][ 	]*\)'
+ac_dB='\([ 	][ 	]*\)[^ 	]*%\1#\2'
+ac_dC='\3'
+ac_dD='%g'
+# ac_u turns "#undef NAME" with trailing blanks into "#define NAME VALUE".
+ac_uA='s%^\([ 	]*\)#\([ 	]*\)undef\([ 	][ 	]*\)'
+ac_uB='\([ 	]\)%\1#\2define\3'
+ac_uC=' '
+ac_uD='\4%g'
+# ac_e turns "#undef NAME" without trailing blanks into "#define NAME VALUE".
+ac_eA='s%^\([ 	]*\)#\([ 	]*\)undef\([ 	][ 	]*\)'
+ac_eB='$%\1#\2define\3'
+ac_eC=' '
+ac_eD='%g'
+
+if test "${CONFIG_HEADERS+set}" != set; then
+EOF
+cat >> $CONFIG_STATUS <<EOF
+  CONFIG_HEADERS="include/config.h"
+EOF
+cat >> $CONFIG_STATUS <<\EOF
+fi
+for ac_file in .. $CONFIG_HEADERS; do if test "x$ac_file" != x..; then
+  # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in".
+  case "$ac_file" in
+  *:*) ac_file_in=`echo "$ac_file"|sed 's%[^:]*:%%'`
+       ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;;
+  *) ac_file_in="${ac_file}.in" ;;
+  esac
+
+  echo creating $ac_file
+
+  rm -f conftest.frag conftest.in conftest.out
+  ac_file_inputs=`echo $ac_file_in|sed -e "s%^%$ac_given_srcdir/%" -e "s%:% $ac_given_srcdir/%g"`
+  cat $ac_file_inputs > conftest.in
+
+EOF
+
+# Transform confdefs.h into a sed script conftest.vals that substitutes
+# the proper values into config.h.in to produce config.h.  And first:
+# Protect against being on the right side of a sed subst in config.status.
+# Protect against being in an unquoted here document in config.status.
+rm -f conftest.vals
+cat > conftest.hdr <<\EOF
+s/[\\&%]/\\&/g
+s%[\\$`]%\\&%g
+s%#define \([A-Za-z_][A-Za-z0-9_]*\) *\(.*\)%${ac_dA}\1${ac_dB}\1${ac_dC}\2${ac_dD}%gp
+s%ac_d%ac_u%gp
+s%ac_u%ac_e%gp
+EOF
+sed -n -f conftest.hdr confdefs.h > conftest.vals
+rm -f conftest.hdr
+
+# This sed command replaces #undef with comments.  This is necessary, for
+# example, in the case of _POSIX_SOURCE, which is predefined and required
+# on some systems where configure will not decide to define it.
+cat >> conftest.vals <<\EOF
+s%^[ 	]*#[ 	]*undef[ 	][ 	]*[a-zA-Z_][a-zA-Z_0-9]*%/* & */%
+EOF
+
+# Break up conftest.vals because some shells have a limit on
+# the size of here documents, and old seds have small limits too.
+
+rm -f conftest.tail
+while :
+do
+  ac_lines=`grep -c . conftest.vals`
+  # grep -c gives empty output for an empty file on some AIX systems.
+  if test -z "$ac_lines" || test "$ac_lines" -eq 0; then break; fi
+  # Write a limited-size here document to conftest.frag.
+  echo '  cat > conftest.frag <<CEOF' >> $CONFIG_STATUS
+  sed ${ac_max_here_lines}q conftest.vals >> $CONFIG_STATUS
+  echo 'CEOF
+  sed -f conftest.frag conftest.in > conftest.out
+  rm -f conftest.in
+  mv conftest.out conftest.in
+' >> $CONFIG_STATUS
+  sed 1,${ac_max_here_lines}d conftest.vals > conftest.tail
+  rm -f conftest.vals
+  mv conftest.tail conftest.vals
+done
+rm -f conftest.vals
+
+cat >> $CONFIG_STATUS <<\EOF
+  rm -f conftest.frag conftest.h
+  echo "/* $ac_file.  Generated automatically by configure.  */" > conftest.h
+  cat conftest.in >> conftest.h
+  rm -f conftest.in
+  if cmp -s $ac_file conftest.h 2>/dev/null; then
+    echo "$ac_file is unchanged"
+    rm -f conftest.h
+  else
+    # Remove last slash and all that follows it.  Not all systems have dirname.
+      ac_dir=`echo $ac_file|sed 's%/[^/][^/]*$%%'`
+      if test "$ac_dir" != "$ac_file" && test "$ac_dir" != .; then
+      # The file is in a subdirectory.
+      test ! -d "$ac_dir" && mkdir "$ac_dir"
+    fi
+    rm -f $ac_file
+    mv conftest.h $ac_file
+  fi
+fi; done
+
+EOF
+cat >> $CONFIG_STATUS <<EOF
+
+EOF
+cat >> $CONFIG_STATUS <<\EOF
+
+exit 0
+EOF
+chmod +x $CONFIG_STATUS
+rm -fr confdefs* $ac_clean_files
+test "$no_create" = yes || ${CONFIG_SHELL-/bin/sh} $CONFIG_STATUS || exit 1
+
+
+#################################################
+# Print very concise instructions on building/use
+if test "x$enable_dmalloc" = xyes
+then
+	echo "$ac_t""Note: The dmalloc debug library will be included.  To turn it on use" 1>&6
+	echo "$ac_t""      \$ eval \`dmalloc samba\`." 1>&6
+fi
diff --git a/source3/configure.developer b/source3/configure.developer
new file mode 100755
index 0000000000..0409a75061
--- /dev/null
+++ b/source3/configure.developer
@@ -0,0 +1,2 @@
+#!/bin/sh
+`dirname $0`/configure --enable-developer $*
diff --git a/source3/configure.in b/source3/configure.in
new file mode 100644
index 0000000000..bbfdc2e382
--- /dev/null
+++ b/source3/configure.in
@@ -0,0 +1,2727 @@
+dnl -*- mode: m4-mode -*-
+dnl Process this file with autoconf to produce a configure script.
+AC_INIT(include/includes.h)
+AC_CONFIG_HEADER(include/config.h)
+# we want to be compatible with older versions of Samba
+AC_PREFIX_DEFAULT(/usr/local/samba)
+
+dnl Unique-to-Samba variables we'll be playing with.
+AC_SUBST(SHELL)
+AC_SUBST(RUNPROG)
+AC_SUBST(MPROGS)
+AC_SUBST(LDSHFLAGS)
+AC_SUBST(SHLD)
+AC_SUBST(HOST_OS)
+AC_SUBST(PAM_MOD)
+AC_SUBST(WRAP)
+AC_SUBST(WRAP32)
+AC_SUBST(PICFLAG)
+AC_SUBST(PICSUFFIX)
+AC_SUBST(POBAD_CC)
+AC_SUBST(SHLIBEXT)
+AC_SUBST(LIBSMBCLIENT_SHARED)
+
+# compile with optimisation and without debugging by default
+CFLAGS="-O ${CFLAGS}"
+
+AC_ARG_ENABLE(debug, [  --enable-debug          turn on debugging [default=no]],
+    [if eval "test x$enable_debug = xyes"; then
+	CFLAGS="${CFLAGS} -g"
+    fi])
+
+AC_ARG_ENABLE(developer, [  --enable-developer      turn on developer warnings and debugging [default=no]],
+    [if eval "test x$enable_developer = xyes"; then
+	CFLAGS="${CFLAGS} -g -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align -DDEBUG_PASSWORD -DDEVELOPER"
+    fi])
+
+AC_ARG_ENABLE(krb5developer, [  --enable-krb5developer      turn on developer warnings and debugging, except -Wstrict-prototypes [default=no]],
+    [if eval "test x$enable_krb5developer = xyes"; then
+	CFLAGS="${CFLAGS} -g -Wall -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -DDEBUG_PASSWORD -DDEVELOPER"
+    fi])
+
+AC_ARG_ENABLE(dmalloc, [  --enable-dmalloc          enable heap debugging [default=no]])
+
+if test "x$enable_dmalloc" = xyes
+then
+	AC_DEFINE(ENABLE_DMALLOC, 1, [Define to turn on dmalloc debugging])
+	AC_DEFINE(DMALLOC_FUNC_CHECK, 1, 
+                  [Define to check invariants around some common functions])
+	LIBS="$LIBS -ldmalloc"	
+fi
+
+dnl Checks for programs.
+AC_PROG_CC
+AC_PROG_INSTALL
+AC_PROG_AWK
+
+dnl needed before AC_TRY_COMPILE
+AC_ISC_POSIX
+
+dnl Check if C compiler understands -c and -o at the same time
+AC_PROG_CC_C_O
+if eval "test \"`echo '$ac_cv_prog_cc_'${ac_cc}_c_o`\" = no"; then
+      BROKEN_CC=
+else
+      BROKEN_CC=#
+fi
+AC_SUBST(BROKEN_CC)
+
+dnl Check if the C compiler understands volatile (it should, being ANSI).
+AC_CACHE_CHECK([that the C compiler understands volatile],samba_cv_volatile, [
+    AC_TRY_COMPILE([#include <sys/types.h>],[volatile int i = 0],
+	samba_cv_volatile=yes,samba_cv_volatile=no)])
+if test x"$samba_cv_volatile" = x"yes"; then
+   AC_DEFINE(HAVE_VOLATILE)
+fi
+
+
+AC_CANONICAL_SYSTEM
+
+dnl Add #include for broken IRIX header files
+  case "$host_os" in
+	*irix6*) AC_ADD_INCLUDE(<standards.h>)
+	;;
+esac
+
+AC_VALIDATE_CACHE_SYSTEM_TYPE
+
+DYNEXP=
+
+#
+# Config CPPFLAG settings for strange OS's that must be set
+# before other tests.
+#
+case "$host_os" in
+# Try to work out if this is the native HPUX compiler that uses the -Ae flag.
+    *hpux*)
+    
+      AC_PROG_CC_FLAG(Ae)
+      # mmap on HPUX is completely broken...
+      AC_DEFINE(MMAP_BLACKLIST)
+      if test $ac_cv_prog_cc_Ae = yes; then
+        CPPFLAGS="$CPPFLAGS -Ae"
+      fi
+#
+# Defines needed for HPUX support.
+# HPUX has bigcrypt but (sometimes?) doesn't use it for
+# password hashing - hence the USE_BOTH_CRYPT_CALLS define.
+#
+      case `uname -r` in
+			*9*|*10*)
+				CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_POSIX_SOURCE -D_ALIGNMENT_REQUIRED=1 -D_MAX_ALIGNMENT=4"
+		   		AC_DEFINE(USE_BOTH_CRYPT_CALLS)
+				AC_DEFINE(_HPUX_SOURCE)
+				AC_DEFINE(_POSIX_SOURCE)
+				AC_DEFINE(_ALIGNMENT_REQUIRED,1)
+				AC_DEFINE(_MAX_ALIGNMENT,4)
+				;;
+			*11*)
+				CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_POSIX_SOURCE -D_LARGEFILE64_SOURCE -D_ALIGNMENT_REQUIRED=1 -D_MAX_ALIGNMENT=4"
+		   		AC_DEFINE(USE_BOTH_CRYPT_CALLS)
+				AC_DEFINE(_HPUX_SOURCE)
+				AC_DEFINE(_POSIX_SOURCE)
+				AC_DEFINE(_LARGEFILE64_SOURCE)
+				AC_DEFINE(_ALIGNMENT_REQUIRED,1)
+				AC_DEFINE(_MAX_ALIGNMENT,4)
+				;;
+      esac
+      DYNEXP="-Wl,-E"
+      ;;
+
+#
+# CRAY Unicos has broken const handling
+       *unicos*)
+	  AC_MSG_RESULT([disabling const])
+	  CPPFLAGS="$CPPFLAGS -Dconst="
+	  ;;
+	
+#
+# AIX4.x doesn't even admit to having large
+# files *at all* unless the -D_LARGE_FILE or -D_LARGE_FILE_API flags are set.
+#
+    *aix4*)
+	  AC_MSG_RESULT([enabling large file support])
+      CPPFLAGS="$CPPFLAGS -D_LARGE_FILES"
+      AC_DEFINE(_LARGE_FILES)
+      ;;    
+#
+# Defines needed for Solaris 2.6/2.7 aka 7.0 to make it admit
+# to the existance of large files..
+# Note that -D_LARGEFILE64_SOURCE is different from the Sun
+# recommendations on large file support, however it makes the
+# compile work using gcc 2.7 and 2.8, whereas using the Sun
+# recommendation makes the compile fail on gcc2.7. JRA.
+#
+	*solaris*)
+		case `uname -r` in
+			5.0*|5.1*|5.2*|5.3*|5.5*)
+	  			AC_MSG_RESULT([no large file support])
+				;;
+			5.*)
+			AC_MSG_RESULT([enabling large file support])
+			if test "$ac_cv_prog_gcc" = yes; then
+				${CC-cc} -v >conftest.c 2>&1
+				ac_cv_gcc_compiler_version_number=`grep 'gcc version' conftest.c`
+				rm -fr conftest.c
+				case "$ac_cv_gcc_compiler_version_number" in
+					*"gcc version 2.6"*|*"gcc version 2.7"*)
+						CPPFLAGS="$CPPFLAGS -D_LARGEFILE64_SOURCE"
+						AC_DEFINE(_LARGEFILE64_SOURCE)
+						;;
+					*)
+						CPPFLAGS="$CPPFLAGS -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"
+						AC_DEFINE(_LARGEFILE64_SOURCE)
+						AC_DEFINE(_FILE_OFFSET_BITS,64)
+						;;
+				esac
+			else
+				DYNEXP="-dc -dp"
+				CPPFLAGS="$CPPFLAGS -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"
+				AC_DEFINE(_LARGEFILE64_SOURCE)
+				AC_DEFINE(_FILE_OFFSET_BITS,64)
+			fi
+			;;
+		esac
+		;;
+#
+# Tests needed for SINIX large file support.
+#
+    *sysv4*)
+      if test $host = mips-sni-sysv4 ; then
+        AC_MSG_CHECKING([for LFS support])
+        old_CPPFLAGS="$CPPFLAGS"
+        CPPFLAGS="-D_LARGEFILE64_SOURCE $CPPFLAGS"
+        AC_TRY_RUN([
+#include <unistd.h>
+main () {
+#if _LFS64_LARGEFILE == 1
+exit(0);
+#else
+exit(1);
+#endif
+}], [SINIX_LFS_SUPPORT=yes], [SINIX_LFS_SUPPORT=no], [SINIX_LFS_SUPPORT=cross])
+        CPPFLAGS="$old_CPPFLAGS"
+        if test x$SINIX_LFS_SUPPORT = xyes ; then
+          CPPFLAGS="-D_LARGEFILE64_SOURCE $CPPFLAGS"
+          AC_DEFINE(_LARGEFILE64_SOURCE)
+          CFLAGS="`getconf LFS64_CFLAGS` $CFLAGS"
+          LDFLAGS="`getconf LFS64_LDFLAGS` $LDFLAGS"
+          LIBS="`getconf LFS64_LIBS` $LIBS"
+        fi
+      AC_MSG_RESULT([$SINIX_LFS_SUPPORT])
+      fi
+    ;;
+
+# Tests for linux LFS support. Need kernel 2.4 and glibc2.2 or greater support.
+#
+    *linux*)
+        AC_MSG_CHECKING([for LFS support])
+        old_CPPFLAGS="$CPPFLAGS"
+        CPPFLAGS="-D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE $CPPFLAGS"
+       AC_TRY_RUN([
+#include <unistd.h>
+#include <sys/utsname.h>
+main() {
+#if _LFS64_LARGEFILE == 1
+       struct utsname uts;
+       char *release;
+       int major, minor;
+
+       /* Ensure this is glibc 2.2 or higher */
+#if defined(__GLIBC__) && defined(__GLIBC_MINOR__)
+       int libc_major = __GLIBC__;
+       int libc_minor = __GLIBC_MINOR__;
+
+       if (libc_major < 2)
+              exit(1);
+       if (libc_minor < 2)
+              exit(1);
+#endif
+
+       /* Ensure this is kernel 2.4 or higher */
+
+       uname(&uts);
+       release = uts.release;
+       major = atoi(strsep(&release, "."));
+       minor = atoi(strsep(&release, "."));
+
+       if (major > 2 || (major == 2 && minor > 3))
+               exit(0);
+       exit(1);
+#else
+       exit(1);
+#endif
+}
+], [LINUX_LFS_SUPPORT=yes], [LINUX_LFS_SUPPORT=no], [LINUX_LFS_SUPPORT=cross])
+        CPPFLAGS="$old_CPPFLAGS"
+        if test x$LINUX_LFS_SUPPORT = xyes ; then
+          CPPFLAGS="-D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE $CPPFLAGS"
+          AC_DEFINE(_LARGEFILE64_SOURCE)
+          AC_DEFINE(_FILE_OFFSET_BITS,64)
+          AC_DEFINE(_GNU_SOURCE)
+        fi
+       AC_MSG_RESULT([$LINUX_LFS_SUPPORT])
+		;;
+
+    *hurd*)
+        AC_MSG_CHECKING([for LFS support])
+        old_CPPFLAGS="$CPPFLAGS"
+        CPPFLAGS="-D_LARGEFILE64_SOURCE -D_GNU_SOURCE $CPPFLAGS"
+        AC_TRY_RUN([
+#include <unistd.h>
+main () {
+#if _LFS64_LARGEFILE == 1
+exit(0);
+#else
+exit(1);
+#endif
+}], [GLIBC_LFS_SUPPORT=yes], [GLIBC_LFS_SUPPORT=no], [GLIBC_LFS_SUPPORT=cross])
+        CPPFLAGS="$old_CPPFLAGS"
+        if test x$GLIBC_LFS_SUPPORT = xyes ; then
+          CPPFLAGS="-D_LARGEFILE64_SOURCE -D_GNU_SOURCE $CPPFLAGS"
+          AC_DEFINE(_LARGEFILE64_SOURCE)
+          AC_DEFINE(_GNU_SOURCE)
+        fi
+      AC_MSG_RESULT([$GLIBC_LFS_SUPPORT])
+    ;;
+
+esac
+
+AC_INLINE
+AC_HEADER_STDC
+AC_HEADER_DIRENT
+AC_HEADER_TIME
+AC_HEADER_SYS_WAIT
+AC_CHECK_HEADERS(arpa/inet.h sys/fcntl.h sys/select.h fcntl.h sys/time.h sys/unistd.h)
+AC_CHECK_HEADERS(unistd.h utime.h grp.h sys/id.h limits.h memory.h net/if.h)
+AC_CHECK_HEADERS(compat.h rpc/rpc.h rpcsvc/nis.h rpcsvc/yp_prot.h rpcsvc/ypclnt.h)
+AC_CHECK_HEADERS(sys/param.h ctype.h sys/wait.h sys/resource.h sys/ioctl.h sys/ipc.h sys/mode.h)
+AC_CHECK_HEADERS(sys/mman.h sys/filio.h sys/priv.h sys/shm.h string.h strings.h stdlib.h sys/socket.h)
+AC_CHECK_HEADERS(sys/mount.h sys/vfs.h sys/fs/s5param.h sys/filsys.h termios.h termio.h)
+AC_CHECK_HEADERS(sys/termio.h sys/statfs.h sys/dustat.h sys/statvfs.h stdarg.h sys/sockio.h)
+AC_CHECK_HEADERS(security/pam_modules.h security/_pam_macros.h ldap.h lber.h)
+
+#
+# HPUX has a bug in that including shadow.h causes a re-definition of MAXINT.
+# This causes configure to fail to detect it. Check for shadow separately on HPUX.
+#
+case "$host_os" in
+    *hpux*)
+		AC_TRY_COMPILE([#include <shadow.h>],[struct spwd testme],
+			ac_cv_header_shadow_h=yes,ac_cv_header_shadow_h=no)
+		if test x"$ac_cv_header_shadow_h" = x"yes"; then
+		   AC_DEFINE(HAVE_SHADOW_H)
+		fi
+	;;
+esac
+AC_CHECK_HEADERS(shadow.h netinet/ip.h netinet/tcp.h netinet/in_systm.h netinet/in_ip.h)
+AC_CHECK_HEADERS(nss.h nss_common.h ns_api.h sys/security.h security/pam_appl.h security/pam_modules.h)
+AC_CHECK_HEADERS(stropts.h poll.h)
+AC_CHECK_HEADERS(sys/capability.h syscall.h sys/syscall.h)
+AC_CHECK_HEADERS(sys/acl.h sys/cdefs.h glob.h)
+
+# For experimental utmp support (lastlog on some BSD-like systems)
+AC_CHECK_HEADERS(utmp.h utmpx.h lastlog.h)
+ 
+# For quotas on Veritas VxFS filesystems
+AC_CHECK_HEADERS(sys/fs/vx_quota.h)
+
+# For quotas on Linux XFS filesystems
+AC_CHECK_HEADERS(linux/xqm.h)
+
+AC_CHECK_SIZEOF(int,cross)
+AC_CHECK_SIZEOF(long,cross)
+AC_CHECK_SIZEOF(short,cross)
+
+AC_C_CONST
+AC_C_INLINE
+AC_C_BIGENDIAN
+AC_C_CHAR_UNSIGNED
+
+AC_TYPE_SIGNAL
+AC_TYPE_UID_T
+AC_TYPE_MODE_T
+AC_TYPE_OFF_T
+AC_TYPE_SIZE_T
+AC_TYPE_PID_T
+AC_STRUCT_ST_RDEV
+AC_DIRENT_D_OFF
+AC_CHECK_TYPE(ino_t,unsigned)
+AC_CHECK_TYPE(loff_t,off_t)
+AC_CHECK_TYPE(offset_t,loff_t)
+AC_CHECK_TYPE(ssize_t, int)
+AC_CHECK_TYPE(wchar_t, unsigned short)
+
+############################################
+# for cups support we need libcups, and a handful of header files
+
+AC_CHECK_LIB(cups,httpConnect)
+
+# I wonder if there is a nicer way of doing this?
+
+if test x"$ac_cv_lib_cups_httpConnect" = x"yes"; then
+        AC_CHECK_HEADERS(cups/cups.h cups/language.h)
+        if test x"$ac_cv_header_cups_cups_h" = x"yes"; then
+                if test x"$ac_cv_header_cups_language_h" = x"yes"; then
+                        AC_DEFINE(HAVE_CUPS)
+                fi
+        fi
+fi
+
+############################################
+# we need libdl for PAM, the password database plugins and the new VFS code
+AC_CHECK_LIB(dl, dlopen, [LIBS="$LIBS -ldl";
+	AC_DEFINE(HAVE_LIBDL)])
+
+############################################
+# check if the compiler can do immediate structures
+AC_CACHE_CHECK([for immediate structures],samba_cv_immediate_structures, [
+    AC_TRY_COMPILE([
+#include <stdio.h>],
+[
+   typedef struct {unsigned x;} FOOBAR;
+   #define X_FOOBAR(x) ((FOOBAR) { x })
+   #define FOO_ONE X_FOOBAR(1)
+   FOOBAR f = FOO_ONE;   
+   static struct {
+	FOOBAR y; 
+	} f2[] = {
+		{FOO_ONE}
+	};   
+],
+	samba_cv_immediate_structures=yes,samba_cv_immediate_structures=no)])
+if test x"$samba_cv_immediate_structures" = x"yes"; then
+   AC_DEFINE(HAVE_IMMEDIATE_STRUCTURES)
+fi
+
+############################################
+# check for unix domain sockets
+AC_CACHE_CHECK([for unix domain sockets],samba_cv_unixsocket, [
+    AC_TRY_COMPILE([
+#include <sys/types.h>
+#include <stdlib.h>
+#include <stddef.h>
+#include <sys/socket.h>
+#include <sys/un.h>],
+[
+  struct sockaddr_un sunaddr; 
+  sunaddr.sun_family = AF_UNIX;
+],
+	samba_cv_unixsocket=yes,samba_cv_unixsocket=no)])
+if test x"$samba_cv_unixsocket" = x"yes"; then
+   AC_DEFINE(HAVE_UNIXSOCKET)
+fi
+
+
+AC_CACHE_CHECK([for socklen_t type],samba_cv_socklen_t, [
+    AC_TRY_COMPILE([
+#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+#include <sys/socket.h>],[socklen_t i = 0],
+	samba_cv_socklen_t=yes,samba_cv_socklen_t=no)])
+if test x"$samba_cv_socklen_t" = x"yes"; then
+   AC_DEFINE(HAVE_SOCKLEN_T_TYPE)
+fi
+
+AC_CACHE_CHECK([for sig_atomic_t type],samba_cv_sig_atomic_t, [
+    AC_TRY_COMPILE([
+#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+#include <signal.h>],[sig_atomic_t i = 0],
+	samba_cv_sig_atomic_t=yes,samba_cv_sig_atomic_t=no)])
+if test x"$samba_cv_sig_atomic_t" = x"yes"; then
+   AC_DEFINE(HAVE_SIG_ATOMIC_T_TYPE)
+fi
+
+# stupid headers have the functions but no declaration. grrrr.
+AC_HAVE_DECL(errno, [#include <errno.h>])
+AC_HAVE_DECL(setresuid, [#include <unistd.h>])
+AC_HAVE_DECL(setresgid, [#include <unistd.h>])
+AC_HAVE_DECL(asprintf, [#include <stdio.h>])
+AC_HAVE_DECL(vasprintf, [#include <stdio.h>])
+AC_HAVE_DECL(vsnprintf, [#include <stdio.h>])
+AC_HAVE_DECL(snprintf, [#include <stdio.h>])
+
+# and glibc has setresuid under linux but the function does
+# nothing until kernel 2.1.44! very dumb.
+AC_CACHE_CHECK([for real setresuid],samba_cv_have_setresuid,[
+    AC_TRY_RUN([#include <errno.h>
+main() { setresuid(1,1,1); setresuid(2,2,2); exit(errno==EPERM?0:1);}],
+	samba_cv_have_setresuid=yes,samba_cv_have_setresuid=no,samba_cv_have_setresuid=cross)])
+if test x"$samba_cv_have_setresuid" = x"yes"; then
+    AC_DEFINE(HAVE_SETRESUID)
+fi
+
+# Do the same check for setresguid...
+#
+AC_CACHE_CHECK([for real setresgid],samba_cv_have_setresgid,[
+    AC_TRY_RUN([#include <unistd.h>
+#include <errno.h>
+main() { errno = 0; setresgid(1,1,1); exit(errno != 0 ? (errno==EPERM ? 0 : 1) : 0);}],
+	samba_cv_have_setresgid=yes,samba_cv_have_setresgid=no,samba_cv_have_setresgid=cross)])
+if test x"$samba_cv_have_setresgid" = x"yes"; then
+    AC_DEFINE(HAVE_SETRESGID)
+fi
+
+AC_FUNC_MEMCMP
+
+###############################################
+# test for where we get crypt() from
+AC_CHECK_FUNCS(crypt)
+if test x"$ac_cv_func_crypt" = x"no"; then
+    AC_CHECK_LIB(crypt, crypt, [LIBS="$LIBS -lcrypt";
+	AC_DEFINE(HAVE_CRYPT)])
+fi
+
+
+###############################################
+# Readline included by default unless explicitly asked not to
+test "${with_readline+set}" != "set" && with_readline=yes
+
+# test for where we get readline() from
+AC_MSG_CHECKING(whether to use readline)
+AC_ARG_WITH(readline,
+[  --with-readline[=DIR]   Look for readline include/libs in DIR (default=auto) ],
+[  case "$with_readline" in
+  yes)
+    AC_MSG_RESULT(yes)
+
+    AC_CHECK_HEADERS(readline.h history.h readline/readline.h)
+    AC_CHECK_HEADERS(readline/history.h)
+
+    AC_CHECK_HEADERS(readline.h readline/readline.h,[
+      for termlib in ncurses curses termcap terminfo termlib; do
+       AC_CHECK_LIB(${termlib}, tgetent, [TERMLIBS="-l${termlib}"; break])
+      done
+      AC_CHECK_LIB(readline, rl_callback_handler_install,
+       [TERMLIBS="-lreadline $TERMLIBS"
+       AC_DEFINE(HAVE_LIBREADLINE)
+       break], [TERMLIBS=], $TERMLIBS)])
+    ;;
+  no)
+    AC_MSG_RESULT(no)
+    ;;
+  *)
+    AC_MSG_RESULT(yes)
+
+    # Needed for AC_CHECK_HEADERS and AC_CHECK_LIB to look at
+    # alternate readline path
+    _ldflags=${LDFLAGS}
+    _cppflags=${CPPFLAGS}
+
+    # Add additional search path
+    LDFLAGS="-L$with_readline/lib $LDFLAGS"
+    CPPFLAGS="-I$with_readline/include $CPPFLAGS"
+
+    AC_CHECK_HEADERS(readline.h history.h readline/readline.h)
+    AC_CHECK_HEADERS(readline/history.h)
+
+    AC_CHECK_HEADERS(readline.h readline/readline.h,[
+      for termlib in ncurses curses termcap terminfo termlib; do
+       AC_CHECK_LIB(${termlib}, tgetent, [TERMLIBS="-l${termlib}"; break])
+      done
+      AC_CHECK_LIB(readline, rl_callback_handler_install,
+       [TERMLDFLAGS="-L$with_readline/lib"
+       TERMCPPFLAGS="-I$with_readline/include"
+       CPPFLAGS="-I$with_readline/include $CPPFLAGS"
+       TERMLIBS="-lreadline $TERMLIBS"
+       AC_DEFINE(HAVE_LIBREADLINE)
+       break], [TERMLIBS= CPPFLAGS=$_cppflags], $TERMLIBS)])
+
+    LDFLAGS=$_ldflags
+    ;;
+  esac],
+  AC_MSG_RESULT(no)
+)
+AC_SUBST(TERMLIBS)
+AC_SUBST(TERMLDFLAGS)
+
+# The readline API changed slightly from readline3 to readline4, so
+# code will generate warnings on one of them unless we have a few
+# special cases.
+AC_CHECK_LIB(readline, rl_completion_matches,
+	     [AC_DEFINE(HAVE_NEW_LIBREADLINE, 1, 
+			[Do we have rl_completion_matches?])],
+	     [],
+	     [$TERMLIBS])
+
+# The following test taken from the cvs sources
+# If we can't find connect, try looking in -lsocket, -lnsl, and -linet.
+# The Irix 5 libc.so has connect and gethostbyname, but Irix 5 also has
+# libsocket.so which has a bad implementation of gethostbyname (it
+# only looks in /etc/hosts), so we only look for -lsocket if we need
+# it.
+AC_CHECK_FUNCS(connect)
+if test x"$ac_cv_func_connect" = x"no"; then
+    case "$LIBS" in
+    *-lnsl*) ;;
+    *) AC_CHECK_LIB(nsl_s, printf) ;;
+    esac
+    case "$LIBS" in
+    *-lnsl*) ;;
+    *) AC_CHECK_LIB(nsl, printf) ;;
+    esac
+    case "$LIBS" in
+    *-lsocket*) ;;
+    *) AC_CHECK_LIB(socket, connect) ;;
+    esac
+    case "$LIBS" in
+    *-linet*) ;;
+    *) AC_CHECK_LIB(inet, connect) ;;
+    esac
+    dnl We can't just call AC_CHECK_FUNCS(connect) here, because the value
+    dnl has been cached.
+    if test x"$ac_cv_lib_socket_connect" = x"yes" || 
+       test x"$ac_cv_lib_inet_connect" = x"yes"; then
+        # ac_cv_func_connect=yes
+        # don't!  it would cause AC_CHECK_FUNC to succeed next time configure is run
+        AC_DEFINE(HAVE_CONNECT)
+    fi
+fi
+
+###############################################
+# test for where we get get_yp_default_domain() from
+AC_CHECK_FUNCS(yp_get_default_domain)
+if test x"$ac_cv_func_yp_get_default_domain" = x"no"; then
+	AC_CHECK_LIB(nsl, yp_get_default_domain, [LIBS="$LIBS -lnsl";
+	AC_DEFINE(HAVE_YP_GET_DEFAULT_DOMAIN)]) 
+fi
+
+# Check if we have execl, if not we need to compile smbrun.
+AC_CHECK_FUNCS(execl)
+if test x"$ac_cv_func_execl" = x"no"; then
+    RUNPROG="bin/smbrun"
+else
+    RUNPROG=""
+fi
+
+AC_CHECK_FUNCS(dlopen dlclose dlsym dlerror waitpid getcwd strdup strndup strtoul strerror chown fchown chmod fchmod chroot link mknod mknod64)
+AC_CHECK_FUNCS(fstat strchr utime utimes getrlimit fsync bzero memset strlcpy strlcat setpgid)
+AC_CHECK_FUNCS(memmove vsnprintf snprintf asprintf vasprintf setsid glob strpbrk pipe crypt16 getauthuid)
+AC_CHECK_FUNCS(strftime sigprocmask sigblock sigaction sigset innetgr setnetgrent getnetgrent endnetgrent)
+AC_CHECK_FUNCS(initgroups select poll rdchk getgrnam getgrent pathconf realpath)
+AC_CHECK_FUNCS(setpriv setgidx setuidx setgroups sysconf mktime rename ftruncate stat64 fstat64)
+AC_CHECK_FUNCS(lstat64 fopen64 atexit grantpt dup2 lseek64 ftruncate64 readdir64)
+AC_CHECK_FUNCS(fseek64 fseeko64 ftell64 ftello64 setluid getpwanam setlinebuf)
+AC_CHECK_FUNCS(srandom random srand rand setenv usleep strcasecmp fcvt fcvtl symlink readlink)
+AC_CHECK_FUNCS(syslog vsyslog)
+# setbuffer is needed for smbtorture
+AC_CHECK_FUNCS(setbuffer)
+
+# syscall() is needed for smbwrapper.
+AC_CHECK_FUNCS(syscall)
+
+AC_CHECK_FUNCS(_dup _dup2 _opendir _readdir _seekdir _telldir _closedir)
+AC_CHECK_FUNCS(__dup __dup2 __opendir __readdir __seekdir __telldir __closedir)
+AC_CHECK_FUNCS(__getcwd _getcwd)
+AC_CHECK_FUNCS(__xstat __fxstat __lxstat)
+AC_CHECK_FUNCS(_stat _lstat _fstat __stat __lstat __fstat)
+AC_CHECK_FUNCS(_acl __acl _facl __facl _open __open _chdir __chdir)
+AC_CHECK_FUNCS(_close __close _fchdir __fchdir _fcntl __fcntl)
+AC_CHECK_FUNCS(getdents _getdents __getdents _lseek __lseek _read __read)
+AC_CHECK_FUNCS(_write __write _fork __fork)
+AC_CHECK_FUNCS(_stat64 __stat64 _fstat64 __fstat64 _lstat64 __lstat64)
+AC_CHECK_FUNCS(__sys_llseek llseek _llseek __llseek readdir64 _readdir64 __readdir64)
+AC_CHECK_FUNCS(pread _pread __pread pread64 _pread64 __pread64)
+AC_CHECK_FUNCS(pwrite _pwrite __pwrite pwrite64 _pwrite64 __pwrite64)
+AC_CHECK_FUNCS(open64 _open64 __open64 creat64)
+
+#
+# stat64 family may need <sys/stat.h> on some systems, notably ReliantUNIX
+#
+
+if test x$ac_cv_func_stat64 = xno ; then
+  AC_MSG_CHECKING([for stat64 in <sys/stat.h>])
+  AC_TRY_LINK([
+#if defined(HAVE_UNISTD_H)
+#include <unistd.h>
+#endif
+#include <sys/stat.h>
+], [struct stat64 st64; exit(stat64(".",&st64));], [ac_cv_func_stat64=yes])
+  AC_MSG_RESULT([$ac_cv_func_stat64])
+  if test x$ac_cv_func_stat64 = xyes ; then
+    AC_DEFINE(HAVE_STAT64)
+  fi
+fi
+
+if test x$ac_cv_func_lstat64 = xno ; then
+  AC_MSG_CHECKING([for lstat64 in <sys/stat.h>])
+  AC_TRY_LINK([
+#if defined(HAVE_UNISTD_H)
+#include <unistd.h>
+#endif
+#include <sys/stat.h>
+], [struct stat64 st64; exit(lstat64(".",&st64));], [ac_cv_func_lstat64=yes])
+  AC_MSG_RESULT([$ac_cv_func_lstat64])
+  if test x$ac_cv_func_lstat64 = xyes ; then
+    AC_DEFINE(HAVE_LSTAT64)
+  fi
+fi
+
+if test x$ac_cv_func_fstat64 = xno ; then
+  AC_MSG_CHECKING([for fstat64 in <sys/stat.h>])
+  AC_TRY_LINK([
+#if defined(HAVE_UNISTD_H)
+#include <unistd.h>
+#endif
+#include <sys/stat.h>
+], [struct stat64 st64; exit(fstat64(0,&st64));], [ac_cv_func_fstat64=yes])
+  AC_MSG_RESULT([$ac_cv_func_fstat64])
+  if test x$ac_cv_func_fstat64 = xyes ; then
+    AC_DEFINE(HAVE_FSTAT64)
+  fi
+fi
+
+#####################################
+# we might need the resolv library on some systems
+AC_CHECK_LIB(resolv, dn_expand)
+
+#
+# Check for the functions putprpwnam, set_auth_parameters,
+# getspnam, bigcrypt and getprpwnam in -lsec and -lsecurity
+# Needed for OSF1 and HPUX.
+#
+
+AC_LIBTESTFUNC(security, putprpwnam)
+AC_LIBTESTFUNC(sec, putprpwnam)
+
+AC_LIBTESTFUNC(security, set_auth_parameters)
+AC_LIBTESTFUNC(sec, set_auth_parameters)
+
+# UnixWare 7.x has its getspnam in -lgen
+AC_LIBTESTFUNC(gen, getspnam)
+
+AC_LIBTESTFUNC(security, getspnam)
+AC_LIBTESTFUNC(sec, getspnam)
+
+AC_LIBTESTFUNC(security, bigcrypt)
+AC_LIBTESTFUNC(sec, bigcrypt)
+
+AC_LIBTESTFUNC(security, getprpwnam)
+AC_LIBTESTFUNC(sec, getprpwnam)
+
+# this bit needs to be modified for each OS that is suported by
+# smbwrapper. You need to specify how to created a shared library and
+# how to compile C code to produce PIC object files
+
+# these are the defaults, good for lots of systems
+HOST_OS="$host_os"
+LDSHFLAGS="-shared"
+SHLD="\${CC}"
+PICFLAG=""
+PICSUFFIX="po"
+POBAD_CC="#"
+SHLIBEXT="so"
+# Assume non-shared by default and override below
+BLDSHARED="false"
+AC_MSG_CHECKING([ability to build shared libraries])
+
+# and these are for particular systems
+case "$host_os" in
+		*linux*)   AC_DEFINE(LINUX)
+			BLDSHARED="true"
+			LDSHFLAGS="-shared" 
+			DYNEXP="-Wl,--export-dynamic"
+			PICFLAG="-fPIC"
+			AC_DEFINE(STAT_ST_BLOCKSIZE,512)
+		;;
+		*solaris*) 
+			AC_DEFINE(SUNOS5)
+			BLDSHARED="true"
+			LDSHFLAGS="-h \$@ -G"
+			if test "${ac_cv_prog_CC}" = "gcc"; then
+				PICFLAG="-fPIC"
+			else
+				PICFLAG="-KPIC"
+				POBAD_CC=""
+				PICSUFFIX="po.o"
+			fi
+			AC_DEFINE(STAT_ST_BLOCKSIZE,512)
+		;;
+		*sunos*) AC_DEFINE(SUNOS4)
+			BLDSHARED="true"
+			LDSHFLAGS="-Wl,-h,\$@ -G"
+			PICFLAG="-KPIC"   # Is this correct for SunOS
+		;;
+		*bsd*)  BLDSHARED="true"
+			LDSHFLAGS="-Wl,-soname,\$@ -shared"
+			PICFLAG="-fPIC"
+			AC_DEFINE(STAT_ST_BLOCKSIZE,512)
+		;;
+		*irix*) AC_DEFINE(IRIX)
+			case "$host_os" in
+			*irix6*) AC_DEFINE(IRIX6)
+			;;
+			esac
+			ATTEMPT_WRAP32_BUILD=yes
+			BLDSHARED="true"
+			LDSHFLAGS="-soname \$@ -shared"
+			SHLD="\${LD}"
+			if test "${ac_cv_prog_CC}" = "gcc"; then
+				PICFLAG="-fPIC"
+			else 
+				PICFLAG="-KPIC"
+			fi
+			AC_DEFINE(STAT_ST_BLOCKSIZE,512)
+		;;
+		*aix*) AC_DEFINE(AIX)
+			BLDSHARED="true"
+			LDSHFLAGS="-Wl,-bexpall,-bM:SRE,-bnoentry"
+			PICFLAG="-O2 -qmaxmem=6000"
+			AC_DEFINE(STAT_ST_BLOCKSIZE,DEV_BSIZE)
+		;;
+		*hpux*) AC_DEFINE(HPUX)
+			SHLIBEXT="sl"
+			# Use special PIC flags for the native HP-UX compiler.
+			if test $ac_cv_prog_cc_Ae = yes; then
+				SHLD="/usr/bin/ld"
+				BLDSHARED="true"
+				LDSHFLAGS="-B symbolic -b -z +h \$@"
+				PICFLAG="+z"
+			fi
+			DYNEXP="-Wl,-E"
+			AC_DEFINE(STAT_ST_BLOCKSIZE,8192)
+		;;
+		*qnx*) AC_DEFINE(QNX);;
+		*osf*) AC_DEFINE(OSF1)
+			BLDSHARED="true"
+			LDSHFLAGS="-Wl,-soname,\$@ -shared"
+			PICFLAG="-fPIC"
+		;;
+		*sco*) 
+        		AC_DEFINE(SCO)
+		;;
+		*unixware*) AC_DEFINE(UNIXWARE)
+			BLDSHARED="true"
+			LDSHFLAGS="-Wl,-soname,\$@ -shared"
+			PICFLAG="-KPIC"
+		;;
+		*next2*) AC_DEFINE(NEXT2);;
+		*dgux*) AC_CHECK_PROG( ROFF, groff, [groff -etpsR -Tascii -man]);;
+		*sysv4*)
+			case "$host" in
+				*-univel-*)
+					if [ test "$GCC" != yes ]; then
+						AC_DEFINE(HAVE_MEMSET)
+					fi
+					LDSHFLAGS="-G"
+                             		DYNEXP="-Bexport"
+				;;
+				*mips-sni-sysv4*)
+					AC_DEFINE(RELIANTUNIX)
+                    		;;
+			esac
+		;;
+
+		*sysv5*)
+			if [ test "$GCC" != yes ]; then
+				AC_DEFINE(HAVE_MEMSET)
+			fi
+			LDSHFLAGS="-G"
+		;;
+esac
+AC_SUBST(DYNEXP)
+AC_MSG_RESULT($BLDSHARED)
+AC_MSG_CHECKING([linker flags for shared libraries])
+AC_MSG_RESULT([$LDSHFLAGS])
+AC_MSG_CHECKING([compiler flags for position-independent code])
+AC_MSG_RESULT([$PICFLAGS])
+
+#######################################################
+# test whether building a shared library actually works
+if test $BLDSHARED = true; then
+AC_CACHE_CHECK([whether building shared libraries actually works], 
+               [ac_cv_shlib_works],[
+   ac_cv_shlib_works=no
+   # try building a trivial shared library
+   $CC $CPPFLAGS $CFLAGS $PICFLAG -c -o shlib.po ${srcdir-.}/tests/shlib.c &&
+     $CC $CPPFLAGS $CFLAGS $LDSHFLAGS -o shlib.so shlib.po &&
+     ac_cv_shlib_works=yes
+   rm -f shlib.so shlib.po
+])
+if test $ac_cv_shlib_works = no; then
+   BLDSHARED=false
+fi
+fi
+
+
+# this updates our target list if we can build shared libs
+if test $BLDSHARED = true; then
+   LIBSMBCLIENT_SHARED=bin/libsmbclient.$SHLIBEXT
+else
+   LIBSMBCLIENT_SHARED=
+fi
+
+################
+
+AC_CACHE_CHECK([for long long],samba_cv_have_longlong,[
+AC_TRY_RUN([#include <stdio.h>
+main() { long long x = 1000000; x *= x; exit(((x/1000000) == 1000000)? 0: 1); }],
+samba_cv_have_longlong=yes,samba_cv_have_longlong=no,samba_cv_have_longlong=cross)])
+if test x"$samba_cv_have_longlong" = x"yes"; then
+    AC_DEFINE(HAVE_LONGLONG)
+fi
+
+#
+# Check if the compiler supports the LL prefix on long long integers.
+# AIX needs this.
+
+AC_CACHE_CHECK([for LL suffix on long long integers],samba_cv_compiler_supports_ll, [
+    AC_TRY_COMPILE([#include <stdio.h>],[long long i = 0x8000000000LL],
+	samba_cv_compiler_supports_ll=yes,samba_cv_compiler_supports_ll=no)])
+if test x"$samba_cv_compiler_supports_ll" = x"yes"; then
+   AC_DEFINE(COMPILER_SUPPORTS_LL)
+fi
+
+  
+AC_CACHE_CHECK([for 64 bit off_t],samba_cv_SIZEOF_OFF_T,[
+AC_TRY_RUN([#include <stdio.h>
+#include <sys/stat.h>
+main() { exit((sizeof(off_t) == 8) ? 0 : 1); }],
+samba_cv_SIZEOF_OFF_T=yes,samba_cv_SIZEOF_OFF_T=no,samba_cv_SIZEOF_OFF_T=cross)])
+if test x"$samba_cv_SIZEOF_OFF_T" = x"yes"; then
+    AC_DEFINE(SIZEOF_OFF_T,8)
+fi
+
+AC_CACHE_CHECK([for off64_t],samba_cv_HAVE_OFF64_T,[
+AC_TRY_RUN([
+#if defined(HAVE_UNISTD_H)
+#include <unistd.h>
+#endif
+#include <stdio.h>
+#include <sys/stat.h>
+main() { struct stat64 st; off64_t s; if (sizeof(off_t) == sizeof(off64_t)) exit(1); exit((lstat64("/dev/null", &st)==0)?0:1); }],
+samba_cv_HAVE_OFF64_T=yes,samba_cv_HAVE_OFF64_T=no,samba_cv_HAVE_OFF64_T=cross)])
+if test x"$samba_cv_HAVE_OFF64_T" = x"yes"; then
+    AC_DEFINE(HAVE_OFF64_T)
+fi
+
+AC_CACHE_CHECK([for 64 bit ino_t],samba_cv_SIZEOF_INO_T,[
+AC_TRY_RUN([#include <stdio.h>
+#include <sys/stat.h>
+main() { exit((sizeof(ino_t) == 8) ? 0 : 1); }],
+samba_cv_SIZEOF_INO_T=yes,samba_cv_SIZEOF_INO_T=no,samba_cv_SIZEOF_INO_T=cross)])
+if test x"$samba_cv_SIZEOF_INO_T" = x"yes"; then
+    AC_DEFINE(SIZEOF_INO_T,8)
+fi
+
+AC_CACHE_CHECK([for ino64_t],samba_cv_HAVE_INO64_T,[
+AC_TRY_RUN([
+#if defined(HAVE_UNISTD_H)
+#include <unistd.h>
+#endif
+#include <stdio.h>
+#include <sys/stat.h>
+main() { struct stat64 st; ino64_t s; if (sizeof(ino_t) == sizeof(ino64_t)) exit(1); exit((lstat64("/dev/null", &st)==0)?0:1); }],
+samba_cv_HAVE_INO64_T=yes,samba_cv_HAVE_INO64_T=no,samba_cv_HAVE_INO64_T=cross)])
+if test x"$samba_cv_HAVE_INO64_T" = x"yes"; then
+    AC_DEFINE(HAVE_INO64_T)
+fi
+
+AC_CACHE_CHECK([for dev64_t],samba_cv_HAVE_DEV64_T,[
+AC_TRY_RUN([
+#if defined(HAVE_UNISTD_H)
+#include <unistd.h>
+#endif
+#include <stdio.h>
+#include <sys/stat.h>
+main() { struct stat64 st; dev64_t s; if (sizeof(dev_t) == sizeof(dev64_t)) exit(1); exit((lstat64("/dev/null", &st)==0)?0:1); }],
+samba_cv_HAVE_DEV64_T=yes,samba_cv_HAVE_DEV64_T=no,samba_cv_HAVE_DEV64_T=cross)])
+if test x"$samba_cv_HAVE_DEV64_T" = x"yes"; then
+    AC_DEFINE(HAVE_DEV64_T)
+fi
+
+AC_CACHE_CHECK([for struct dirent64],samba_cv_HAVE_STRUCT_DIRENT64,[
+AC_TRY_COMPILE([
+#if defined(HAVE_UNISTD_H)
+#include <unistd.h>
+#endif
+#include <sys/types.h>
+#include <dirent.h>],
+[struct dirent64 de;],
+samba_cv_HAVE_STRUCT_DIRENT64=yes,samba_cv_HAVE_STRUCT_DIRENT64=no)])
+if test x"$samba_cv_HAVE_STRUCT_DIRENT64" = x"yes"; then
+    AC_DEFINE(HAVE_STRUCT_DIRENT64)
+fi
+
+AC_CACHE_CHECK([for major macro],samba_cv_HAVE_DEVICE_MAJOR_FN,[
+AC_TRY_RUN([
+#if defined(HAVE_UNISTD_H)
+#include <unistd.h>
+#endif
+#include <sys/types.h>
+main() { dev_t dev; int i = major(dev); return 0; }],
+samba_cv_HAVE_DEVICE_MAJOR_FN=yes,samba_cv_HAVE_DEVICE_MAJOR_FN=no,samba_cv_HAVE_DEVICE_MAJOR_FN=cross)])
+if test x"$samba_cv_HAVE_DEVICE_MAJOR_FN" = x"yes"; then
+    AC_DEFINE(HAVE_DEVICE_MAJOR_FN)
+fi
+
+AC_CACHE_CHECK([for minor macro],samba_cv_HAVE_DEVICE_MINOR_FN,[
+AC_TRY_RUN([
+#if defined(HAVE_UNISTD_H)
+#include <unistd.h>
+#endif
+#include <sys/types.h>
+main() { dev_t dev; int i = minor(dev); return 0; }],
+samba_cv_HAVE_DEVICE_MINOR_FN=yes,samba_cv_HAVE_DEVICE_MINOR_FN=no,samba_cv_HAVE_DEVICE_MINOR_FN=cross)])
+if test x"$samba_cv_HAVE_DEVICE_MINOR_FN" = x"yes"; then
+    AC_DEFINE(HAVE_DEVICE_MINOR_FN)
+fi
+
+AC_CACHE_CHECK([for unsigned char],samba_cv_HAVE_UNSIGNED_CHAR,[
+AC_TRY_RUN([#include <stdio.h>
+main() { char c; c=250; exit((c > 0)?0:1); }],
+samba_cv_HAVE_UNSIGNED_CHAR=yes,samba_cv_HAVE_UNSIGNED_CHAR=no,samba_cv_HAVE_UNSIGNED_CHAR=cross)])
+if test x"$samba_cv_HAVE_UNSIGNED_CHAR" = x"yes"; then
+    AC_DEFINE(HAVE_UNSIGNED_CHAR)
+fi
+
+AC_CACHE_CHECK([for sin_len in sock],samba_cv_HAVE_SOCK_SIN_LEN,[
+AC_TRY_COMPILE([#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>],
+[struct sockaddr_in sock; sock.sin_len = sizeof(sock);],
+samba_cv_HAVE_SOCK_SIN_LEN=yes,samba_cv_HAVE_SOCK_SIN_LEN=no)])
+if test x"$samba_cv_HAVE_SOCK_SIN_LEN" = x"yes"; then
+    AC_DEFINE(HAVE_SOCK_SIN_LEN)
+fi
+
+AC_CACHE_CHECK([whether seekdir returns void],samba_cv_SEEKDIR_RETURNS_VOID,[
+AC_TRY_COMPILE([#include <sys/types.h>
+#include <dirent.h>
+void seekdir(DIR *d, long loc) { return; }],[return 0;],
+samba_cv_SEEKDIR_RETURNS_VOID=yes,samba_cv_SEEKDIR_RETURNS_VOID=no)])
+if test x"$samba_cv_SEEKDIR_RETURNS_VOID" = x"yes"; then
+    AC_DEFINE(SEEKDIR_RETURNS_VOID)
+fi
+
+AC_CACHE_CHECK([for __FILE__ macro],samba_cv_HAVE_FILE_MACRO,[
+AC_TRY_COMPILE([#include <stdio.h>], [printf("%s\n", __FILE__);],
+samba_cv_HAVE_FILE_MACRO=yes,samba_cv_HAVE_FILE_MACRO=no)])
+if test x"$samba_cv_HAVE_FILE_MACRO" = x"yes"; then
+    AC_DEFINE(HAVE_FILE_MACRO)
+fi
+
+AC_CACHE_CHECK([for __FUNCTION__ macro],samba_cv_HAVE_FUNCTION_MACRO,[
+AC_TRY_COMPILE([#include <stdio.h>], [printf("%s\n", __FUNCTION__);],
+samba_cv_HAVE_FUNCTION_MACRO=yes,samba_cv_HAVE_FUNCTION_MACRO=no)])
+if test x"$samba_cv_HAVE_FUNCTION_MACRO" = x"yes"; then
+    AC_DEFINE(HAVE_FUNCTION_MACRO)
+fi
+
+AC_CACHE_CHECK([if gettimeofday takes tz argument],samba_cv_HAVE_GETTIMEOFDAY_TZ,[
+AC_TRY_RUN([
+#include <sys/time.h>
+#include <unistd.h>
+main() { struct timeval tv; exit(gettimeofday(&tv, NULL));}],
+           samba_cv_HAVE_GETTIMEOFDAY_TZ=yes,samba_cv_HAVE_GETTIMEOFDAY_TZ=no,samba_cv_HAVE_GETTIMEOFDAY_TZ=cross)])
+if test x"$samba_cv_HAVE_GETTIMEOFDAY_TZ" = x"yes"; then
+    AC_DEFINE(HAVE_GETTIMEOFDAY_TZ)
+fi
+
+AC_CACHE_CHECK([for C99 vsnprintf],samba_cv_HAVE_C99_VSNPRINTF,[
+AC_TRY_RUN([
+#include <sys/types.h>
+#include <stdarg.h>
+void foo(const char *format, ...) { 
+       va_list ap;
+       int len;
+       char buf[5];
+
+       va_start(ap, format);
+       len = vsnprintf(buf, 0, format, ap);
+       va_end(ap);
+       if (len != 5) exit(1);
+
+       va_start(ap, format);
+       len = vsnprintf(0, 0, format, ap);
+       va_end(ap);
+       if (len != 5) exit(1);
+
+       if (snprintf(buf, 3, "hello") != 5 || strcmp(buf, "he") != 0) exit(1);
+
+       exit(0);
+}
+main() { foo("hello"); }
+],
+samba_cv_HAVE_C99_VSNPRINTF=yes,samba_cv_HAVE_C99_VSNPRINTF=no,samba_cv_HAVE_C99_VSNPRINTF=cross)])
+if test x"$samba_cv_HAVE_C99_VSNPRINTF" = x"yes"; then
+    AC_DEFINE(HAVE_C99_VSNPRINTF)
+fi
+
+AC_CACHE_CHECK([for broken readdir],samba_cv_HAVE_BROKEN_READDIR,[
+AC_TRY_RUN([#include <sys/types.h>
+#include <dirent.h>
+main() { struct dirent *di; DIR *d = opendir("."); di = readdir(d);
+if (di && di->d_name[-2] == '.' && di->d_name[-1] == 0 &&
+di->d_name[0] == 0) exit(0); exit(1);} ],
+samba_cv_HAVE_BROKEN_READDIR=yes,samba_cv_HAVE_BROKEN_READDIR=no,samba_cv_HAVE_BROKEN_READDIR=cross)])
+if test x"$samba_cv_HAVE_BROKEN_READDIR" = x"yes"; then
+    AC_DEFINE(HAVE_BROKEN_READDIR)
+fi
+
+AC_CACHE_CHECK([for utimbuf],samba_cv_HAVE_UTIMBUF,[
+AC_TRY_COMPILE([#include <sys/types.h>
+#include <utime.h>],
+[struct utimbuf tbuf;  tbuf.actime = 0; tbuf.modtime = 1; exit(utime("foo.c",&tbuf));],
+samba_cv_HAVE_UTIMBUF=yes,samba_cv_HAVE_UTIMBUF=no,samba_cv_HAVE_UTIMBUF=cross)])
+if test x"$samba_cv_HAVE_UTIMBUF" = x"yes"; then
+    AC_DEFINE(HAVE_UTIMBUF)
+fi
+
+dnl  utmp and utmpx come in many flavours
+dnl  We need to check for many of them
+dnl  But we don't need to do each and every one, because our code uses
+dnl  mostly just the utmp (not utmpx) fields.
+
+AC_CHECK_FUNCS(pututline pututxline updwtmp updwtmpx getutmpx)
+
+AC_CACHE_CHECK([for ut_name in utmp],samba_cv_HAVE_UT_UT_NAME,[
+AC_TRY_COMPILE([#include <sys/types.h>
+#include <utmp.h>],
+[struct utmp ut;  ut.ut_name[0] = 'a';],
+samba_cv_HAVE_UT_UT_NAME=yes,samba_cv_HAVE_UT_UT_NAME=no,samba_cv_HAVE_UT_UT_NAME=cross)])
+if test x"$samba_cv_HAVE_UT_UT_NAME" = x"yes"; then
+    AC_DEFINE(HAVE_UT_UT_NAME)
+fi 
+
+AC_CACHE_CHECK([for ut_user in utmp],samba_cv_HAVE_UT_UT_USER,[
+AC_TRY_COMPILE([#include <sys/types.h>
+#include <utmp.h>],
+[struct utmp ut;  ut.ut_user[0] = 'a';],
+samba_cv_HAVE_UT_UT_USER=yes,samba_cv_HAVE_UT_UT_USER=no,samba_cv_HAVE_UT_UT_USER=cross)])
+if test x"$samba_cv_HAVE_UT_UT_USER" = x"yes"; then
+    AC_DEFINE(HAVE_UT_UT_USER)
+fi 
+
+AC_CACHE_CHECK([for ut_id in utmp],samba_cv_HAVE_UT_UT_ID,[
+AC_TRY_COMPILE([#include <sys/types.h>
+#include <utmp.h>],
+[struct utmp ut;  ut.ut_id[0] = 'a';],
+samba_cv_HAVE_UT_UT_ID=yes,samba_cv_HAVE_UT_UT_ID=no,samba_cv_HAVE_UT_UT_ID=cross)])
+if test x"$samba_cv_HAVE_UT_UT_ID" = x"yes"; then
+    AC_DEFINE(HAVE_UT_UT_ID)
+fi 
+
+AC_CACHE_CHECK([for ut_host in utmp],samba_cv_HAVE_UT_UT_HOST,[
+AC_TRY_COMPILE([#include <sys/types.h>
+#include <utmp.h>],
+[struct utmp ut;  ut.ut_host[0] = 'a';],
+samba_cv_HAVE_UT_UT_HOST=yes,samba_cv_HAVE_UT_UT_HOST=no,samba_cv_HAVE_UT_UT_HOST=cross)])
+if test x"$samba_cv_HAVE_UT_UT_HOST" = x"yes"; then
+    AC_DEFINE(HAVE_UT_UT_HOST)
+fi 
+
+AC_CACHE_CHECK([for ut_time in utmp],samba_cv_HAVE_UT_UT_TIME,[
+AC_TRY_COMPILE([#include <sys/types.h>
+#include <utmp.h>],
+[struct utmp ut;  time_t t; ut.ut_time = t;],
+samba_cv_HAVE_UT_UT_TIME=yes,samba_cv_HAVE_UT_UT_TIME=no,samba_cv_HAVE_UT_UT_TIME=cross)])
+if test x"$samba_cv_HAVE_UT_UT_TIME" = x"yes"; then
+    AC_DEFINE(HAVE_UT_UT_TIME)
+fi 
+
+AC_CACHE_CHECK([for ut_tv in utmp],samba_cv_HAVE_UT_UT_TV,[
+AC_TRY_COMPILE([#include <sys/types.h>
+#include <utmp.h>],
+[struct utmp ut;  struct timeval tv; ut.ut_tv = tv;],
+samba_cv_HAVE_UT_UT_TV=yes,samba_cv_HAVE_UT_UT_TV=no,samba_cv_HAVE_UT_UT_TV=cross)])
+if test x"$samba_cv_HAVE_UT_UT_TV" = x"yes"; then
+    AC_DEFINE(HAVE_UT_UT_TV)
+fi 
+
+AC_CACHE_CHECK([for ut_type in utmp],samba_cv_HAVE_UT_UT_TYPE,[
+AC_TRY_COMPILE([#include <sys/types.h>
+#include <utmp.h>],
+[struct utmp ut;  ut.ut_type = 0;],
+samba_cv_HAVE_UT_UT_TYPE=yes,samba_cv_HAVE_UT_UT_TYPE=no,samba_cv_HAVE_UT_UT_TYPE=cross)])
+if test x"$samba_cv_HAVE_UT_UT_TYPE" = x"yes"; then
+    AC_DEFINE(HAVE_UT_UT_TYPE)
+fi 
+
+AC_CACHE_CHECK([for ut_pid in utmp],samba_cv_HAVE_UT_UT_PID,[
+AC_TRY_COMPILE([#include <sys/types.h>
+#include <utmp.h>],
+[struct utmp ut;  ut.ut_pid = 0;],
+samba_cv_HAVE_UT_UT_PID=yes,samba_cv_HAVE_UT_UT_PID=no,samba_cv_HAVE_UT_UT_PID=cross)])
+if test x"$samba_cv_HAVE_UT_UT_PID" = x"yes"; then
+    AC_DEFINE(HAVE_UT_UT_PID)
+fi 
+
+AC_CACHE_CHECK([for ut_exit in utmp],samba_cv_HAVE_UT_UT_EXIT,[
+AC_TRY_COMPILE([#include <sys/types.h>
+#include <utmp.h>],
+[struct utmp ut;  ut.ut_exit.e_exit = 0;],
+samba_cv_HAVE_UT_UT_EXIT=yes,samba_cv_HAVE_UT_UT_EXIT=no,samba_cv_HAVE_UT_UT_EXIT=cross)])
+if test x"$samba_cv_HAVE_UT_UT_EXIT" = x"yes"; then
+    AC_DEFINE(HAVE_UT_UT_EXIT)
+fi 
+
+AC_CACHE_CHECK([for ut_addr in utmp],samba_cv_HAVE_UT_UT_ADDR,[
+AC_TRY_COMPILE([#include <sys/types.h>
+#include <utmp.h>],
+[struct utmp ut;  ut.ut_addr = 0;],
+samba_cv_HAVE_UT_UT_ADDR=yes,samba_cv_HAVE_UT_UT_ADDR=no,samba_cv_HAVE_UT_UT_ADDR=cross)])
+if test x"$samba_cv_HAVE_UT_UT_ADDR" = x"yes"; then
+    AC_DEFINE(HAVE_UT_UT_ADDR)
+fi 
+
+if test x$ac_cv_func_pututline = xyes ; then
+  AC_CACHE_CHECK([whether pututline returns pointer],samba_cv_PUTUTLINE_RETURNS_UTMP,[
+  AC_TRY_COMPILE([#include <sys/types.h>
+#include <utmp.h>],
+  [struct utmp utarg; struct utmp *utreturn; utreturn = pututline(&utarg);],
+  samba_cv_PUTUTLINE_RETURNS_UTMP=yes,samba_cv_PUTUTLINE_RETURNS_UTMP=no)])
+  if test x"$samba_cv_PUTUTLINE_RETURNS_UTMP" = x"yes"; then
+      AC_DEFINE(PUTUTLINE_RETURNS_UTMP)
+  fi
+fi
+
+AC_CACHE_CHECK([for ut_syslen in utmpx],samba_cv_HAVE_UX_UT_SYSLEN,[
+AC_TRY_COMPILE([#include <sys/types.h>
+#include <utmpx.h>],
+[struct utmpx ux;  ux.ut_syslen = 0;],
+samba_cv_HAVE_UX_UT_SYSLEN=yes,samba_cv_HAVE_UX_UT_SYSLEN=no,samba_cv_HAVE_UX_UT_SYSLEN=cross)])
+if test x"$samba_cv_HAVE_UX_UT_SYSLEN" = x"yes"; then
+    AC_DEFINE(HAVE_UX_UT_SYSLEN)
+fi 
+
+
+#################################################
+# check for libiconv support
+AC_MSG_CHECKING(whether to use libiconv)
+AC_ARG_WITH(libiconv,
+[  --with-libiconv=BASEDIR Use libiconv in BASEDIR/lib and BASEDIR/include (default=auto) ],
+[ case "$withval" in
+  no)
+    AC_MSG_RESULT(no)
+    ;;
+  *)
+    AC_MSG_RESULT(yes)
+    CFLAGS="$CFLAGS -I$withval/include"
+    LDFLAGS="$LDFLAGS -L$withval/lib"
+    AC_CHECK_LIB(iconv, iconv_open)
+    AC_DEFINE_UNQUOTED(WITH_LIBICONV, "${withval}")
+    ;;
+  esac ],
+  AC_MSG_RESULT(no)
+)
+
+
+############
+# check for iconv in libc
+AC_CACHE_CHECK([for working iconv],samba_cv_HAVE_NATIVE_ICONV,[
+AC_TRY_RUN([
+#include <iconv.h>
+main() {
+       iconv_t cd = iconv_open("ASCII", "UCS-2LE");
+       if (cd == 0 || cd == (iconv_t)-1) return -1;
+       return 0;
+}
+],
+samba_cv_HAVE_NATIVE_ICONV=yes,samba_cv_HAVE_NATIVE_ICONV=no,samba_cv_HAVE_NATIVE_ICONV=cross)])
+if test x"$samba_cv_HAVE_NATIVE_ICONV" = x"yes"; then
+    AC_DEFINE(HAVE_NATIVE_ICONV)
+fi
+
+
+AC_CACHE_CHECK([for Linux kernel oplocks],samba_cv_HAVE_KERNEL_OPLOCKS_LINUX,[
+AC_TRY_RUN([
+#include <sys/types.h>
+#include <fcntl.h>
+#ifndef F_GETLEASE
+#define F_GETLEASE	1025
+#endif
+main() {
+       int fd = open("/dev/null", O_RDONLY);
+       return fcntl(fd, F_GETLEASE, 0) == -1;
+}
+],
+samba_cv_HAVE_KERNEL_OPLOCKS_LINUX=yes,samba_cv_HAVE_KERNEL_OPLOCKS_LINUX=no,samba_cv_HAVE_KERNEL_OPLOCKS_LINUX=cross)])
+if test x"$samba_cv_HAVE_KERNEL_OPLOCKS_LINUX" = x"yes"; then
+    AC_DEFINE(HAVE_KERNEL_OPLOCKS_LINUX)
+fi
+
+AC_CACHE_CHECK([for kernel change notify support],samba_cv_HAVE_KERNEL_CHANGE_NOTIFY,[
+AC_TRY_RUN([
+#include <sys/types.h>
+#include <fcntl.h>
+#include <signal.h>
+#ifndef F_NOTIFY
+#define F_NOTIFY 1026
+#endif
+main() {
+       	exit(fcntl(open("/tmp", O_RDONLY), F_NOTIFY, 0) == -1 ?  1 : 0);
+}
+],
+samba_cv_HAVE_KERNEL_CHANGE_NOTIFY=yes,samba_cv_HAVE_KERNEL_CHANGE_NOTIFY=no,samba_cv_HAVE_KERNEL_CHANGE_NOTIFY=cross)])
+if test x"$samba_cv_HAVE_KERNEL_CHANGE_NOTIFY" = x"yes"; then
+    AC_DEFINE(HAVE_KERNEL_CHANGE_NOTIFY)
+fi
+
+AC_CACHE_CHECK([for kernel share modes],samba_cv_HAVE_KERNEL_SHARE_MODES,[
+AC_TRY_RUN([
+#include <sys/types.h>
+#include <fcntl.h>
+#include <signal.h>
+#include <sys/file.h>
+#ifndef LOCK_MAND
+#define LOCK_MAND	32
+#define LOCK_READ	64
+#endif
+main() {
+       	exit(flock(open("/dev/null", O_RDWR), LOCK_MAND|LOCK_READ) != 0);
+}
+],
+samba_cv_HAVE_KERNEL_SHARE_MODES=yes,samba_cv_HAVE_KERNEL_SHARE_MODES=no,samba_cv_HAVE_KERNEL_SHARE_MODES=cross)])
+if test x"$samba_cv_HAVE_KERNEL_SHARE_MODES" = x"yes"; then
+    AC_DEFINE(HAVE_KERNEL_SHARE_MODES)
+fi
+
+
+
+
+AC_CACHE_CHECK([for IRIX kernel oplock type definitions],samba_cv_HAVE_KERNEL_OPLOCKS_IRIX,[
+AC_TRY_COMPILE([#include <sys/types.h>
+#include <fcntl.h>],
+[oplock_stat_t t; t.os_state = OP_REVOKE; t.os_dev = 1; t.os_ino = 1;],
+samba_cv_HAVE_KERNEL_OPLOCKS_IRIX=yes,samba_cv_HAVE_KERNEL_OPLOCKS_IRIX=no)])
+if test x"$samba_cv_HAVE_KERNEL_OPLOCKS_IRIX" = x"yes"; then
+    AC_DEFINE(HAVE_KERNEL_OPLOCKS_IRIX)
+fi
+
+AC_CACHE_CHECK([for irix specific capabilities],samba_cv_HAVE_IRIX_SPECIFIC_CAPABILITIES,[
+AC_TRY_RUN([#include <sys/types.h>
+#include <sys/capability.h>
+main() {
+ cap_t cap;
+ if ((cap = cap_get_proc()) == NULL)
+   exit(1);
+ cap->cap_effective |= CAP_NETWORK_MGT;
+ cap->cap_inheritable |= CAP_NETWORK_MGT;
+ cap_set_proc(cap);
+ exit(0);
+}
+],
+samba_cv_HAVE_IRIX_SPECIFIC_CAPABILITIES=yes,samba_cv_HAVE_IRIX_SPECIFIC_CAPABILITIES=no,samba_cv_HAVE_IRIX_SPECIFIC_CAPABILITIES=cross)])
+if test x"$samba_cv_HAVE_IRIX_SPECIFIC_CAPABILITIES" = x"yes"; then
+    AC_DEFINE(HAVE_IRIX_SPECIFIC_CAPABILITIES)
+fi
+
+#
+# Check for int16, uint16, int32 and uint32 in rpc/types.h included from rpc/rpc.h
+# This is *really* broken but some systems (DEC OSF1) do this.... JRA.
+#
+
+AC_CACHE_CHECK([for int16 typedef included by rpc/rpc.h],samba_cv_HAVE_INT16_FROM_RPC_RPC_H,[
+AC_TRY_COMPILE([#include <sys/types.h>
+#if defined(HAVE_RPC_RPC_H)
+#include <rpc/rpc.h>
+#endif],
+[int16 testvar;],
+samba_cv_HAVE_INT16_FROM_RPC_RPC_H=yes,samba_cv_HAVE_INT16_FROM_RPC_RPC_H=no)])
+if test x"$samba_cv_HAVE_INT16_FROM_RPC_RPC_H" = x"yes"; then
+    AC_DEFINE(HAVE_INT16_FROM_RPC_RPC_H)
+fi
+
+AC_CACHE_CHECK([for uint16 typedef included by rpc/rpc.h],samba_cv_HAVE_UINT16_FROM_RPC_RPC_H,[
+AC_TRY_COMPILE([#include <sys/types.h>
+#if defined(HAVE_RPC_RPC_H)
+#include <rpc/rpc.h>
+#endif],
+[uint16 testvar;],
+samba_cv_HAVE_UINT16_FROM_RPC_RPC_H=yes,samba_cv_HAVE_UINT16_FROM_RPC_RPC_H=no)])
+if test x"$samba_cv_HAVE_UINT16_FROM_RPC_RPC_H" = x"yes"; then
+    AC_DEFINE(HAVE_UINT16_FROM_RPC_RPC_H)
+fi
+
+AC_CACHE_CHECK([for int32 typedef included by rpc/rpc.h],samba_cv_HAVE_INT32_FROM_RPC_RPC_H,[
+AC_TRY_COMPILE([#include <sys/types.h>
+#if defined(HAVE_RPC_RPC_H)
+#include <rpc/rpc.h>
+#endif],
+[int32 testvar;],
+samba_cv_HAVE_INT32_FROM_RPC_RPC_H=yes,samba_cv_HAVE_INT32_FROM_RPC_RPC_H=no)])
+if test x"$samba_cv_HAVE_INT32_FROM_RPC_RPC_H" = x"yes"; then
+    AC_DEFINE(HAVE_INT32_FROM_RPC_RPC_H)
+fi
+
+AC_CACHE_CHECK([for uint32 typedef included by rpc/rpc.h],samba_cv_HAVE_UINT32_FROM_RPC_RPC_H,[
+AC_TRY_COMPILE([#include <sys/types.h>
+#if defined(HAVE_RPC_RPC_H)
+#include <rpc/rpc.h>
+#endif],
+[uint32 testvar;],
+samba_cv_HAVE_UINT32_FROM_RPC_RPC_H=yes,samba_cv_HAVE_UINT32_FROM_RPC_RPC_H=no)])
+if test x"$samba_cv_HAVE_UINT32_FROM_RPC_RPC_H" = x"yes"; then
+    AC_DEFINE(HAVE_UINT32_FROM_RPC_RPC_H)
+fi
+
+dnl
+dnl Some systems (SCO) have a problem including
+dnl <prot.h> and <rpc/rpc.h> due to AUTH_ERROR being defined
+dnl as a #define in <prot.h> and as part of an enum
+dnl in <rpc/rpc.h>.
+dnl
+
+AC_CACHE_CHECK([for conflicting AUTH_ERROR define in rpc/rpc.h],samba_cv_HAVE_RPC_AUTH_ERROR_CONFLICT,[
+AC_TRY_COMPILE([#include <sys/types.h>
+#ifdef HAVE_SYS_SECURITY_H
+#include <sys/security.h>
+#include <prot.h>
+#endif  /* HAVE_SYS_SECURITY_H */
+#if defined(HAVE_RPC_RPC_H)
+#include <rpc/rpc.h>
+#endif],
+[int testvar;],
+samba_cv_HAVE_RPC_AUTH_ERROR_CONFLICT=no,samba_cv_HAVE_RPC_AUTH_ERROR_CONFLICT=yes)])
+if test x"$samba_cv_HAVE_RPC_AUTH_ERROR_CONFLICT" = x"yes"; then
+    AC_DEFINE(HAVE_RPC_AUTH_ERROR_CONFLICT)
+fi
+
+AC_MSG_CHECKING([for test routines])
+AC_TRY_RUN([#include "${srcdir-.}/tests/trivial.c"],
+           AC_MSG_RESULT(yes),
+	   AC_MSG_ERROR([cant find test code. Aborting config]),
+	   AC_MSG_WARN([cannot run when cross-compiling]))
+
+AC_CACHE_CHECK([for ftruncate extend],samba_cv_HAVE_FTRUNCATE_EXTEND,[
+AC_TRY_RUN([#include "${srcdir-.}/tests/ftruncate.c"],
+           samba_cv_HAVE_FTRUNCATE_EXTEND=yes,samba_cv_HAVE_FTRUNCATE_EXTEND=no,samba_cv_HAVE_FTRUNCATE_EXTEND=cross)])
+if test x"$samba_cv_HAVE_FTRUNCATE_EXTEND" = x"yes"; then
+    AC_DEFINE(HAVE_FTRUNCATE_EXTEND)
+fi
+
+AC_CACHE_CHECK([for AF_LOCAL socket support], samba_cv_HAVE_WORKING_AF_LOCAL, [
+AC_TRY_RUN([#include "${srcdir-.}/tests/unixsock.c"],
+	   samba_cv_HAVE_WORKING_AF_LOCAL=yes,
+	   samba_cv_HAVE_WORKING_AF_LOCAL=no,
+	   samba_cv_HAVE_WORKING_AF_LOCAL=cross)])
+if test x"$samba_cv_HAVE_WORKING_AF_LOCAL" != xno
+then
+    AC_DEFINE(HAVE_WORKING_AF_LOCAL, 1, [Define if you have working AF_LOCAL sockets])
+fi
+
+AC_CACHE_CHECK([for broken getgroups],samba_cv_HAVE_BROKEN_GETGROUPS,[
+AC_TRY_RUN([#include "${srcdir-.}/tests/getgroups.c"],
+           samba_cv_HAVE_BROKEN_GETGROUPS=yes,samba_cv_HAVE_BROKEN_GETGROUPS=no,samba_cv_HAVE_BROKEN_GETGROUPS=cross)])
+if test x"$samba_cv_HAVE_BROKEN_GETGROUPS" = x"yes"; then
+    AC_DEFINE(HAVE_BROKEN_GETGROUPS)
+fi
+
+AC_CACHE_CHECK([whether getpass should be replaced],samba_cv_REPLACE_GETPASS,[
+SAVE_CPPFLAGS="$CPPFLAGS"
+CPPFLAGS="$CPPFLAGS -I${srcdir-.}/ -I${srcdir-.}/include -I${srcdir-.}/ubiqx -I${srcdir-.}/smbwrapper"
+AC_TRY_COMPILE([
+#define REPLACE_GETPASS 1
+#define NO_CONFIG_H 1
+#define main dont_declare_main
+#include "${srcdir-.}/lib/getsmbpass.c"
+#undef main
+],[],samba_cv_REPLACE_GETPASS=yes,samba_cv_REPLACE_GETPASS=no)
+CPPFLAGS="$SAVE_CPPFLAGS"
+])
+if test x"$samba_cv_REPLACE_GETPASS" = x"yes"; then
+	AC_DEFINE(REPLACE_GETPASS)
+fi
+
+AC_CACHE_CHECK([for broken inet_ntoa],samba_cv_REPLACE_INET_NTOA,[
+AC_TRY_RUN([
+#include <stdio.h>
+#include <sys/types.h>
+#include <netinet/in.h>
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+main() { struct in_addr ip; ip.s_addr = 0x12345678;
+if (strcmp(inet_ntoa(ip),"18.52.86.120") &&
+    strcmp(inet_ntoa(ip),"120.86.52.18")) { exit(0); } 
+exit(1);}],
+           samba_cv_REPLACE_INET_NTOA=yes,samba_cv_REPLACE_INET_NTOA=no,samba_cv_REPLACE_INET_NTOA=cross)])
+if test x"$samba_cv_REPLACE_INET_NTOA" = x"yes"; then
+    AC_DEFINE(REPLACE_INET_NTOA)
+fi
+
+AC_CACHE_CHECK([for secure mkstemp],samba_cv_HAVE_SECURE_MKSTEMP,[
+AC_TRY_RUN([#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+main() { 
+  struct stat st;
+  char tpl[20]="/tmp/test.XXXXXX"; 
+  int fd = mkstemp(tpl); 
+  if (fd == -1) exit(1);
+  unlink(tpl);
+  if (fstat(fd, &st) != 0) exit(1);
+  if ((st.st_mode & 0777) != 0600) exit(1);
+  exit(0);
+}],
+samba_cv_HAVE_SECURE_MKSTEMP=yes,
+samba_cv_HAVE_SECURE_MKSTEMP=no,
+samba_cv_HAVE_SECURE_MKSTEMP=cross)])
+if test x"$samba_cv_HAVE_SECURE_MKSTEMP" = x"yes"; then
+    AC_DEFINE(HAVE_SECURE_MKSTEMP)
+fi
+
+AC_CACHE_CHECK([for sysconf(_SC_NGROUPS_MAX)],samba_cv_SYSCONF_SC_NGROUPS_MAX,[
+AC_TRY_RUN([#include <unistd.h>
+main() { exit(sysconf(_SC_NGROUPS_MAX) == -1 ? 1 : 0); }],
+samba_cv_SYSCONF_SC_NGROUPS_MAX=yes,samba_cv_SYSCONF_SC_NGROUPS_MAX=no,samba_cv_SYSCONF_SC_NGROUPS_MAX=cross)])
+if test x"$samba_cv_SYSCONF_SC_NGROUPS_MAX" = x"yes"; then
+    AC_DEFINE(SYSCONF_SC_NGROUPS_MAX)
+fi
+
+AC_CACHE_CHECK([for root],samba_cv_HAVE_ROOT,[
+AC_TRY_RUN([main() { exit(getuid() != 0); }],
+           samba_cv_HAVE_ROOT=yes,samba_cv_HAVE_ROOT=no,samba_cv_HAVE_ROOT=cross)])
+if test x"$samba_cv_HAVE_ROOT" = x"yes"; then
+    AC_DEFINE(HAVE_ROOT)
+else
+    AC_MSG_WARN(running as non-root will disable some tests)
+fi
+
+##################
+# look for a method of finding the list of network interfaces
+iface=no;
+AC_CACHE_CHECK([for iface AIX],samba_cv_HAVE_IFACE_AIX,[
+AC_TRY_RUN([
+#define HAVE_IFACE_AIX 1
+#define AUTOCONF_TEST 1
+#include "confdefs.h"
+#include "${srcdir-.}/lib/interfaces.c"],
+           samba_cv_HAVE_IFACE_AIX=yes,samba_cv_HAVE_IFACE_AIX=no,samba_cv_HAVE_IFACE_AIX=cross)])
+if test x"$samba_cv_HAVE_IFACE_AIX" = x"yes"; then
+    iface=yes;AC_DEFINE(HAVE_IFACE_AIX)
+fi
+
+if test $iface = no; then
+AC_CACHE_CHECK([for iface ifconf],samba_cv_HAVE_IFACE_IFCONF,[
+AC_TRY_RUN([
+#define HAVE_IFACE_IFCONF 1
+#define AUTOCONF_TEST 1
+#include "confdefs.h"
+#include "${srcdir-.}/lib/interfaces.c"],
+           samba_cv_HAVE_IFACE_IFCONF=yes,samba_cv_HAVE_IFACE_IFCONF=no,samba_cv_HAVE_IFACE_IFCONF=cross)])
+if test x"$samba_cv_HAVE_IFACE_IFCONF" = x"yes"; then
+    iface=yes;AC_DEFINE(HAVE_IFACE_IFCONF)
+fi
+fi
+
+if test $iface = no; then
+AC_CACHE_CHECK([for iface ifreq],samba_cv_HAVE_IFACE_IFREQ,[
+AC_TRY_RUN([
+#define HAVE_IFACE_IFREQ 1
+#define AUTOCONF_TEST 1
+#include "confdefs.h"
+#include "${srcdir-.}/lib/interfaces.c"],
+           samba_cv_HAVE_IFACE_IFREQ=yes,samba_cv_HAVE_IFACE_IFREQ=no,samba_cv_HAVE_IFACE_IFREQ=cross)])
+if test x"$samba_cv_HAVE_IFACE_IFREQ" = x"yes"; then
+    iface=yes;AC_DEFINE(HAVE_IFACE_IFREQ)
+fi
+fi
+
+
+################################################
+# look for a method of setting the effective uid
+seteuid=no;
+if test $seteuid = no; then
+AC_CACHE_CHECK([for setresuid],samba_cv_USE_SETRESUID,[
+AC_TRY_RUN([
+#define AUTOCONF_TEST 1
+#define USE_SETRESUID 1
+#include "confdefs.h"
+#include "${srcdir-.}/lib/util_sec.c"],
+           samba_cv_USE_SETRESUID=yes,samba_cv_USE_SETRESUID=no,samba_cv_USE_SETRESUID=cross)])
+if test x"$samba_cv_USE_SETRESUID" = x"yes"; then
+    seteuid=yes;AC_DEFINE(USE_SETRESUID)
+fi
+fi
+
+
+if test $seteuid = no; then
+AC_CACHE_CHECK([for setreuid],samba_cv_USE_SETREUID,[
+AC_TRY_RUN([
+#define AUTOCONF_TEST 1
+#define USE_SETREUID 1
+#include "confdefs.h"
+#include "${srcdir-.}/lib/util_sec.c"],
+           samba_cv_USE_SETREUID=yes,samba_cv_USE_SETREUID=no,samba_cv_USE_SETREUID=cross)])
+if test x"$samba_cv_USE_SETREUID" = x"yes"; then
+    seteuid=yes;AC_DEFINE(USE_SETREUID)
+fi
+fi
+
+if test $seteuid = no; then
+AC_CACHE_CHECK([for seteuid],samba_cv_USE_SETEUID,[
+AC_TRY_RUN([
+#define AUTOCONF_TEST 1
+#define USE_SETEUID 1
+#include "confdefs.h"
+#include "${srcdir-.}/lib/util_sec.c"],
+           samba_cv_USE_SETEUID=yes,samba_cv_USE_SETEUID=no,samba_cv_USE_SETEUID=cross)])
+if test x"$samba_cv_USE_SETEUID" = x"yes"; then
+    seteuid=yes;AC_DEFINE(USE_SETEUID)
+fi
+fi
+
+if test $seteuid = no; then
+AC_CACHE_CHECK([for setuidx],samba_cv_USE_SETUIDX,[
+AC_TRY_RUN([
+#define AUTOCONF_TEST 1
+#define USE_SETUIDX 1
+#include "confdefs.h"
+#include "${srcdir-.}/lib/util_sec.c"],
+           samba_cv_USE_SETUIDX=yes,samba_cv_USE_SETUIDX=no,samba_cv_USE_SETUIDX=cross)])
+if test x"$samba_cv_USE_SETUIDX" = x"yes"; then
+    seteuid=yes;AC_DEFINE(USE_SETUIDX)
+fi
+fi
+
+
+AC_CACHE_CHECK([for working mmap],samba_cv_HAVE_MMAP,[
+AC_TRY_RUN([#include "${srcdir-.}/tests/shared_mmap.c"],
+           samba_cv_HAVE_MMAP=yes,samba_cv_HAVE_MMAP=no,samba_cv_HAVE_MMAP=cross)])
+if test x"$samba_cv_HAVE_MMAP" = x"yes"; then
+    AC_DEFINE(HAVE_MMAP)
+fi
+
+AC_CACHE_CHECK([for ftruncate needs root],samba_cv_FTRUNCATE_NEEDS_ROOT,[
+AC_TRY_RUN([#include "${srcdir-.}/tests/ftruncroot.c"],
+           samba_cv_FTRUNCATE_NEEDS_ROOT=yes,samba_cv_FTRUNCATE_NEEDS_ROOT=no,samba_cv_FTRUNCATE_NEEDS_ROOT=cross)])
+if test x"$samba_cv_FTRUNCATE_NEEDS_ROOT" = x"yes"; then
+    AC_DEFINE(FTRUNCATE_NEEDS_ROOT)
+fi
+
+AC_CACHE_CHECK([for fcntl locking],samba_cv_HAVE_FCNTL_LOCK,[
+AC_TRY_RUN([#include "${srcdir-.}/tests/fcntl_lock.c"],
+           samba_cv_HAVE_FCNTL_LOCK=yes,samba_cv_HAVE_FCNTL_LOCK=no,samba_cv_HAVE_FCNTL_LOCK=cross)])
+if test x"$samba_cv_HAVE_FCNTL_LOCK" = x"yes"; then
+    AC_DEFINE(HAVE_FCNTL_LOCK)
+fi
+
+AC_CACHE_CHECK([for broken (glibc2.1/x86) 64 bit fcntl locking],samba_cv_HAVE_BROKEN_FCNTL64_LOCKS,[
+AC_TRY_RUN([#include "${srcdir-.}/tests/fcntl_lock64.c"],
+           samba_cv_HAVE_BROKEN_FCNTL64_LOCKS=yes,samba_cv_HAVE_BROKEN_FCNTL64_LOCKS=no,samba_cv_HAVE_BROKEN_FCNTL64_LOCKS=cross)])
+if test x"$samba_cv_HAVE_BROKEN_FCNTL64_LOCKS" = x"yes"; then
+    AC_DEFINE(HAVE_BROKEN_FCNTL64_LOCKS)
+
+else
+
+dnl
+dnl Don't check for 64 bit fcntl locking if we know that the
+dnl glibc2.1 broken check has succeeded.
+dnl 
+
+  AC_CACHE_CHECK([for 64 bit fcntl locking],samba_cv_HAVE_STRUCT_FLOCK64,[
+  AC_TRY_RUN([
+#if defined(HAVE_UNISTD_H)
+#include <unistd.h>
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+
+#ifdef HAVE_SYS_FCNTL_H
+#include <sys/fcntl.h>
+#endif
+main() { struct flock64 fl64;
+#if defined(F_SETLKW64) && defined(F_SETLK64) && defined(F_GETLK64)
+exit(0);
+#else
+exit(1);
+#endif
+}],
+       samba_cv_HAVE_STRUCT_FLOCK64=yes,samba_cv_HAVE_STRUCT_FLOCK64=no,samba_cv_HAVE_STRUCT_FLOCK64=cross)])
+
+  if test x"$samba_cv_HAVE_STRUCT_FLOCK64" = x"yes"; then
+      AC_DEFINE(HAVE_STRUCT_FLOCK64)
+  fi
+fi
+
+AC_CACHE_CHECK([for st_blocks in struct stat],samba_cv_HAVE_STAT_ST_BLOCKS,[
+AC_TRY_COMPILE([#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>],
+[struct stat st;  st.st_blocks = 0;],
+samba_cv_HAVE_STAT_ST_BLOCKS=yes,samba_cv_HAVE_STAT_ST_BLOCKS=no,samba_cv_HAVE_STAT_ST_BLOCKS=cross)])
+if test x"$samba_cv_HAVE_STAT_ST_BLOCKS" = x"yes"; then
+    AC_DEFINE(HAVE_STAT_ST_BLOCKS)
+fi 
+
+case "$host_os" in
+*linux*)
+AC_CACHE_CHECK([for broken RedHat 7.2 system header files],samba_cv_BROKEN_REDHAT_7_SYSTEM_HEADERS,[
+AC_TRY_COMPILE([
+#ifdef HAVE_SYS_VFS_H
+#include <sys/vfs.h>
+#endif
+#ifdef HAVE_SYS_CAPABILITY_H
+#include <sys/capability.h>
+#endif
+],[int i;],
+   samba_cv_BROKEN_REDHAT_7_SYSTEM_HEADERS=no,samba_cv_BROKEN_REDHAT_7_SYSTEM_HEADERS=yes)])
+if test x"$samba_cv_BROKEN_REDHAT_7_SYSTEM_HEADERS" = x"yes"; then
+   AC_DEFINE(BROKEN_REDHAT_7_SYSTEM_HEADERS)
+fi
+;;
+esac
+
+AC_CACHE_CHECK([for broken nisplus include files],samba_cv_BROKEN_NISPLUS_INCLUDE_FILES,[
+AC_TRY_COMPILE([#include <sys/acl.h>
+#if defined(HAVE_RPCSVC_NIS_H)
+#include <rpcsvc/nis.h>
+#endif],
+[int i;],
+samba_cv_BROKEN_NISPLUS_INCLUDE_FILES=no,samba_cv_BROKEN_NISPLUS_INCLUDE_FILES=yes)])
+if test x"$samba_cv_BROKEN_NISPLUS_INCLUDE_FILES" = x"yes"; then
+    AC_DEFINE(BROKEN_NISPLUS_INCLUDE_FILES)
+fi
+
+
+#################################################
+# check for smbwrapper support
+AC_MSG_CHECKING(whether to use smbwrapper)
+AC_ARG_WITH(smbwrapper,
+[  --with-smbwrapper       Include SMB wrapper support (default=no) ],
+[ case "$withval" in
+  yes)
+    AC_MSG_RESULT(yes)
+    AC_DEFINE(WITH_SMBWRAPPER)
+	WRAP="bin/smbsh bin/smbwrapper.$SHLIBEXT"
+
+	if test x$ATTEMPT_WRAP32_BUILD = x; then
+		WRAP32=""
+	else
+			WRAP32=bin/smbwrapper.32.$SHLIBEXT
+	fi
+
+# Conditions under which smbwrapper should not be built.
+
+	if test x$PICFLAG = x; then
+	   echo No support for PIC code - disabling smbwrapper and smbsh
+	   WRAP=""
+	   WRAP32=""
+	elif test x$ac_cv_func_syscall = xno; then
+	   AC_MSG_RESULT([No syscall() -- disabling smbwrapper and smbsh])
+	   WRAP=""
+	   WRAP32=""
+	fi
+    ;;
+  *)
+    AC_MSG_RESULT(no)
+    ;;
+  esac ],
+  AC_MSG_RESULT(no)
+)
+
+#################################################
+# check for AFS clear-text auth support
+AC_MSG_CHECKING(whether to use AFS clear-text auth)
+AC_ARG_WITH(afs,
+[  --with-afs              Include AFS clear-text auth support (default=no) ],
+[ case "$withval" in
+  yes)
+    AC_MSG_RESULT(yes)
+    AC_DEFINE(WITH_AFS)
+    ;;
+  *)
+    AC_MSG_RESULT(no)
+    ;;
+  esac ],
+  AC_MSG_RESULT(no)
+)
+
+
+#################################################
+# check for the DFS clear-text auth system
+AC_MSG_CHECKING(whether to use DFS clear-text auth)
+AC_ARG_WITH(dfs,
+[  --with-dce-dfs          Include DCE/DFS clear-text auth support (default=no)],
+[ case "$withval" in
+  yes)
+    AC_MSG_RESULT(yes)
+    AC_DEFINE(WITH_DFS)
+    ;;
+  *)
+    AC_MSG_RESULT(no)
+    ;;
+  esac ],
+  AC_MSG_RESULT(no)
+)
+
+
+#################################################
+# see if this box has the RedHat location for kerberos
+AC_MSG_CHECKING(for /usr/kerberos)
+if test -d /usr/kerberos; then
+    LDFLAGS="$LDFLAGS -L/usr/kerberos/lib"
+    CFLAGS="$CFLAGS -I/usr/kerberos/include"
+    CPPFLAGS="$CPPFLAGS -I/usr/kerberos/include"
+    AC_MSG_RESULT(yes)
+else
+    AC_MSG_RESULT(no)
+fi
+
+#################################################
+# check for location of Kerberos 5 install
+AC_MSG_CHECKING(for kerberos 5 install path)
+AC_ARG_WITH(krb5,
+[  --with-krb5=base-dir    Locate Kerberos 5 support (default=/usr)],
+[ case "$withval" in
+  no)
+    AC_MSG_RESULT(no)
+    ;;
+  *)
+    AC_MSG_RESULT(yes)
+    LIBS="$LIBS -lkrb5"
+    CFLAGS="$CFLAGS -I$withval/include"
+    CPPFLAGS="$CPPFLAGS -I$withval/include"
+    LDFLAGS="$LDFLAGS -L$withval/lib"
+    ;;
+  esac ],
+  AC_MSG_RESULT(no)
+)
+
+# now check for krb5.h. Some systems have the libraries without the headers!
+# note that this check is done here to allow for different kerberos
+# include paths
+AC_CHECK_HEADERS(krb5.h)
+
+# now check for gssapi headers.  This is also done here to allow for
+# different kerberos include paths
+AC_CHECK_HEADERS(gssapi/gssapi_generic.h gssapi/gssapi.h)
+
+##################################################################
+# we might need the k5crypto and com_err libraries on some systems
+AC_CHECK_LIB(com_err, _et_list, [LIBS="$LIBS -lcom_err"])
+AC_CHECK_LIB(k5crypto, krb5_encrypt_data, [LIBS="$LIBS -lk5crypto"])
+
+########################################################
+# now see if we can find the krb5 libs in standard paths
+# or as specified above
+AC_CHECK_LIB(krb5, krb5_mk_req_extended, [LIBS="$LIBS -lkrb5";
+	AC_DEFINE(HAVE_KRB5)])
+
+########################################################
+# now see if we can find the gssapi libs in standard paths
+AC_CHECK_LIB(gssapi_krb5, gss_display_status, [LIBS="$LIBS -lgssapi_krb5";
+	AC_DEFINE(HAVE_GSSAPI)])
+
+##################################################################
+# we might need the lber lib on some systems. To avoid link errors
+# this test must be before the libldap test
+AC_CHECK_LIB(lber, ber_scanf, [LIBS="$LIBS -llber"])
+
+########################################################
+# now see if we can find the ldap libs in standard paths
+if test x$have_ldap != xyes; then
+AC_CHECK_LIB(ldap, ldap_domain2hostlist, [LIBS="$LIBS -lldap";
+	AC_DEFINE(HAVE_LDAP)])
+fi
+
+#################################################
+# check for automount support
+AC_MSG_CHECKING(whether to use AUTOMOUNT)
+AC_ARG_WITH(automount,
+[  --with-automount        Include AUTOMOUNT support (default=no)],
+[ case "$withval" in
+  yes)
+    AC_MSG_RESULT(yes)
+    AC_DEFINE(WITH_AUTOMOUNT)
+    ;;
+  *)
+    AC_MSG_RESULT(no)
+    ;;
+  esac ],
+  AC_MSG_RESULT(no)
+)
+
+#################################################
+# check for smbmount support
+AC_MSG_CHECKING(whether to use SMBMOUNT)
+AC_ARG_WITH(smbmount,
+[  --with-smbmount         Include SMBMOUNT (Linux only) support (default=no)],
+[ case "$withval" in
+  yes)
+	case "$host_os" in
+	*linux*)
+		AC_MSG_RESULT(yes)
+		AC_DEFINE(WITH_SMBMOUNT)
+		MPROGS="bin/smbmount bin/smbmnt bin/smbumount"
+		;;
+	*)
+		AC_MSG_ERROR(not on a linux system!)
+		;;
+	esac
+    ;;
+  *)
+    AC_MSG_RESULT(no)
+    MPROGS=
+    ;;
+  esac ],
+  AC_MSG_RESULT(no)
+  MPROGS=
+)
+
+
+#################################################
+# check for a PAM clear-text auth, accounts, password and session support
+with_pam_for_crypt=no
+AC_MSG_CHECKING(whether to use PAM)
+AC_ARG_WITH(pam,
+[  --with-pam              Include PAM support (default=no)],
+[ case "$withval" in
+  yes)
+    AC_MSG_RESULT(yes)
+    AC_DEFINE(WITH_PAM)
+    LIBS="$LIBS -lpam"
+    with_pam_for_crypt=yes
+    ;;
+  *)
+    AC_MSG_RESULT(no)
+    ;;
+  esac ],
+  AC_MSG_RESULT(no)
+)
+
+# we can't build a pam module if we don't have pam.
+AC_CHECK_LIB(pam, pam_get_data, [AC_DEFINE(HAVE_LIBPAM)])
+
+#################################################
+# check for pam_smbpass support
+AC_MSG_CHECKING(whether to use pam_smbpass)
+AC_ARG_WITH(pam_smbpass,
+[  --with-pam_smbpass      Build a PAM module to allow other applications to use our smbpasswd file (default=no)],
+[ case "$withval" in
+  yes)
+    AC_MSG_RESULT(yes)
+
+# Conditions under which pam_smbpass should not be built.
+
+       if test x$PICFLAG = x; then
+          AC_MSG_RESULT([No support for PIC code - disabling pam_smbpass])
+          PAM_MOD=""
+       elif test x$ac_cv_lib_pam_pam_get_data = xno; then
+          AC_MSG_RESULT([No libpam found -- disabling pam_smbpass])
+          PAM_MOD=""
+       else
+          PAM_MOD="bin/pam_smbpass.so"
+       fi
+    ;;
+  *)
+    AC_MSG_RESULT(no)
+    ;;
+  esac ],
+  AC_MSG_RESULT(no)
+)
+
+
+###############################################
+# test for where we get crypt() from, but only
+# if not using PAM
+if test $with_pam_for_crypt = no; then
+AC_CHECK_FUNCS(crypt)
+if test x"$ac_cv_func_crypt" = x"no"; then
+    AC_CHECK_LIB(crypt, crypt, [LIBS="$LIBS -lcrypt";
+	AC_DEFINE(HAVE_CRYPT)])
+fi
+fi
+
+##
+## moved after the check for -lcrypt in order to
+## ensure that the necessary libraries are included
+## check checking for truncated salt.  Wrapped by the
+## $with_pam_for_crypt variable as above   --jerry
+##
+if test $with_pam_for_crypt = no; then
+AC_CACHE_CHECK([for a crypt that needs truncated salt],samba_cv_HAVE_TRUNCATED_SALT,[
+AC_TRY_RUN([#include "${srcdir-.}/tests/crypttest.c"],
+	samba_cv_HAVE_TRUNCATED_SALT=no,samba_cv_HAVE_TRUNCATED_SALT=yes,samba_cv_HAVE_TRUNCATED_SALT=cross)])
+if test x"$samba_cv_HAVE_TRUNCATED_SALT" = x"yes"; then
+	AC_DEFINE(HAVE_TRUNCATED_SALT)
+fi
+fi
+
+
+
+########################################################################################
+##
+## TESTS FOR SAM BACKENDS.  KEEP THESE GROUPED TOGETHER
+##
+########################################################################################
+
+#################################################
+# check for a TDB password database
+AC_MSG_CHECKING(whether to use TDB SAM database)
+AC_ARG_WITH(tdbsam,
+[  --with-tdbsam           Include experimental TDB SAM support (default=no)],
+[ case "$withval" in
+  yes)
+    AC_MSG_RESULT(yes)
+    AC_DEFINE(WITH_TDB_SAM)
+    ;;
+  *)
+    AC_MSG_RESULT(no)
+    ;;
+  esac ],
+  AC_MSG_RESULT(no)
+)
+
+#################################################
+# check for a LDAP password database
+AC_MSG_CHECKING(whether to use LDAP SAM database)
+AC_ARG_WITH(ldapsam,
+[  --with-ldapsam          Include experimental LDAP SAM support (default=no)],
+[ case "$withval" in
+  yes)
+    AC_MSG_RESULT(yes)
+    AC_DEFINE(WITH_LDAP_SAM)
+    LIBS="-lldap -llber $LIBS"
+    ;;
+  *)
+    AC_MSG_RESULT(no)
+    ;;
+  esac ],
+  AC_MSG_RESULT(no)
+)
+
+#################################################
+# check for a NISPLUS password database
+AC_MSG_CHECKING(whether to use NISPLUS SAM database)
+AC_ARG_WITH(nisplussam,
+[  --with-nisplussam       Include NISPLUS SAM support (default=no)],
+[ case "$withval" in
+  yes)
+    AC_MSG_RESULT(yes)
+    AC_DEFINE(WITH_NISPLUS_SAM)
+    ;;
+  *)
+    AC_MSG_RESULT(no)
+    ;;
+  esac ],
+  AC_MSG_RESULT(no)
+)
+
+########################################################################################
+##
+## END OF TESTS FOR SAM BACKENDS.  
+##
+########################################################################################
+
+#################################################
+# check for a NISPLUS_HOME support 
+AC_MSG_CHECKING(whether to use NISPLUS_HOME)
+AC_ARG_WITH(nisplus-home,
+[  --with-nisplus-home     Include NISPLUS_HOME support (default=no)],
+[ case "$withval" in
+  yes)
+    AC_MSG_RESULT(yes)
+    AC_DEFINE(WITH_NISPLUS_HOME)
+    ;;
+  *)
+    AC_MSG_RESULT(no)
+    ;;
+  esac ],
+  AC_MSG_RESULT(no)
+)
+
+#################################################
+# check for the secure socket layer
+AC_MSG_CHECKING(whether to use SSL)
+AC_ARG_WITH(ssl,
+[  --with-ssl              Include SSL support (default=no)
+  --with-sslinc=DIR          Where the SSL includes are (defaults to /usr/local/ssl/include)
+  --with-ssllib=DIR          Where the SSL libraries are (defaults to /usr/local/ssl/lib)],
+[ case "$withval" in
+  yes)
+    AC_MSG_RESULT(yes)
+    AC_DEFINE(WITH_SSL)
+    withval="/usr/local/ssl"     # default
+
+    if test "${with_sslinc+set}" = set; then
+
+	withval="$with_sslinc"
+	case "$withval" in
+	yes|no)
+	  echo "configure: warning: --with-sslinc called without argument - will use default" 1>&w
+	  CFLAGS="-I/usr/local/ssl/include $CFLAGS"
+	;;
+        * )
+          CFLAGS="-I${withval} $CFLAGS"
+	;;
+	esac
+
+    else
+
+	CFLAGS="-I/usr/local/ssl/include $CFLAGS"   
+
+    fi
+
+    if test "${with_ssllib+set}" = set; then
+
+	withval="$with_ssllib"
+	case "$withval" in
+	yes|no)
+	  echo "configure: warning: --with-ssllib called without argument - will use default" 1>&w
+	  LDFLAGS="-L/usr/local/ssl/lib $LDFLAGS"
+	;;
+        * )
+  	  LDFLAGS="-L${withval}/lib $LDFLAGS"
+	;;
+	esac
+
+    else
+
+	LDFLAGS="-L/usr/local/ssl/lib $LDFLAGS"
+
+    fi
+
+    LIBS="-lssl -lcrypto $LIBS"
+
+#    if test ! -d ${withval}; then
+#      echo "configure: error: called with --with-ssl, but ssl base directory ${withval} does not exist or is not a directory. Aborting config" 1>&2
+#      exit 1
+#    fi 
+
+    CFLAGS="-DHAVE_CRYPT_DECL $CFLAGS"  # Damn, SSLeay defines its own
+
+    ;;
+  *)
+    AC_MSG_RESULT(no)
+    ;;
+  esac ],
+  AC_MSG_RESULT(no)
+)
+
+#################################################
+# check for syslog logging
+AC_MSG_CHECKING(whether to use syslog logging)
+AC_ARG_WITH(syslog,
+[  --with-syslog           Include experimental SYSLOG support (default=no)],
+[ case "$withval" in
+  yes)
+    AC_MSG_RESULT(yes)
+    AC_DEFINE(WITH_SYSLOG)
+    ;;
+  *)
+    AC_MSG_RESULT(no)
+    ;;
+  esac ],
+  AC_MSG_RESULT(no)
+)
+
+#################################################
+# check for a shared memory profiling support
+AC_MSG_CHECKING(whether to use profiling)
+AC_ARG_WITH(profiling-data,
+[  --with-profiling-data   Include gathering source code profile information (default=no)],
+[ case "$withval" in
+  yes)
+    AC_MSG_RESULT(yes)
+    AC_DEFINE(WITH_PROFILE)
+    ;;
+  *)
+    AC_MSG_RESULT(no)
+    ;;
+  esac ],
+  AC_MSG_RESULT(no)
+)
+
+
+#################################################
+# check for experimental disk-quotas support
+QUOTAOBJS=smbd/noquotas.o
+
+AC_MSG_CHECKING(whether to support disk-quotas)
+AC_ARG_WITH(quotas,
+[  --with-quotas           Include experimental disk-quota support (default=no)],
+[ case "$withval" in
+  yes)
+    AC_MSG_RESULT(yes)
+    case "$host_os" in
+      *linux*)
+        # Check for kernel 2.4.x quota braindamage...
+        AC_CACHE_CHECK([for linux 2.4.x quota braindamage..],samba_cv_linux_2_4_quota_braindamage, [
+        AC_TRY_COMPILE([#include <stdio.h>
+#include <sys/types.h>
+#include <asm/types.h>
+#include <linux/quota.h>
+#include <mntent.h>
+#include <linux/unistd.h>],[struct mem_dqblk D;],
+      samba_cv_linux_2_4_quota_braindamage=yes,samba_cv_linux_2_4_quota_braindamage=no)])
+if test x"$samba_cv_linux_2_4_quota_braindamage" = x"yes"; then
+        AC_DEFINE(LINUX_QUOTAS_2)
+else
+        AC_DEFINE(LINUX_QUOTAS_1)
+fi
+        ;;
+      *)
+        ;;
+    esac
+    QUOTAOBJS=smbd/quotas.o
+    AC_DEFINE(WITH_QUOTAS)
+    ;;
+  *)
+    AC_MSG_RESULT(no)
+    ;;
+  esac ],
+  AC_MSG_RESULT(no)
+)
+AC_SUBST(QUOTAOBJS)
+
+#################################################
+# check for experimental utmp accounting
+
+AC_MSG_CHECKING(whether to support utmp accounting)
+AC_ARG_WITH(utmp,
+[  --with-utmp             Include experimental utmp accounting (default=no)],
+[ case "$withval" in
+  yes)
+    AC_MSG_RESULT(yes)
+    AC_DEFINE(WITH_UTMP)
+    ;;
+  *)
+    AC_MSG_RESULT(no)
+    ;;
+  esac ],
+  AC_MSG_RESULT(no)
+)
+
+#################################################
+# set private directory location
+AC_ARG_WITH(privatedir,
+[  --with-privatedir=DIR   Where to put smbpasswd ($ac_default_prefix/private)],
+[ case "$withval" in
+  yes|no)
+  #
+  # Just in case anybody calls it without argument
+  #
+    AC_MSG_WARN([--with-privatedir called without argument - will use default])
+    privatedir='${prefix}/private'
+  ;;
+  * )
+    privatedir="$withval"
+    ;;
+  esac
+  AC_SUBST(privatedir)],
+  [privatedir='${prefix}/private'
+   AC_SUBST(privatedir)]
+)
+
+#################################################
+# set lock directory location
+AC_ARG_WITH(lockdir,
+[  --with-lockdir=DIR      Where to put lock files ($ac_default_prefix/var/locks)],
+[ case "$withval" in
+  yes|no)
+  #
+  # Just in case anybody calls it without argument
+  #
+    AC_MSG_WARN([--with-lockdir called without argument - will use default])
+    lockdir='$(VARDIR)/locks'
+  ;;
+  * )
+    lockdir="$withval"
+    ;;
+  esac
+  AC_SUBST(lockdir)],
+  [lockdir='$(VARDIR)/locks'
+   AC_SUBST(lockdir)]
+)
+
+#################################################
+# set SWAT directory location
+AC_ARG_WITH(swatdir,
+[  --with-swatdir=DIR      Where to put SWAT files ($ac_default_prefix/swat)],
+[ case "$withval" in
+  yes|no)
+  #
+  # Just in case anybody does it
+  #
+    AC_MSG_WARN([--with-swatdir called without argument - will use default])
+    swatdir='${prefix}/swat'
+  ;;
+  * )
+    swatdir="$withval"
+    ;;
+  esac
+  AC_SUBST(swatdir)],
+  [swatdir='${prefix}/swat'
+   AC_SUBST(swatdir)]
+)
+
+#################################################
+# choose native language(s) of man pages
+AC_MSG_CHECKING(chosen man pages' language(s))
+AC_ARG_WITH(manpages-langs,
+[  --with-manpages-langs={en,ja,pl}  Choose man pages' language(s). (en)],
+[ case "$withval" in
+  yes|no)
+    AC_MSG_WARN(--with-manpages-langs called without argument - will use default)
+    manlangs="en"
+  ;;
+  *)
+    manlangs="$withval"
+  ;;
+  esac
+
+  AC_MSG_RESULT($manlangs)
+  manlangs=`echo $manlangs | sed "s/,/ /"`   # replacing commas with spaces to produce a list
+  AC_SUBST(manlangs)],
+
+  [manlangs="en"
+  AC_MSG_RESULT($manlangs)
+  AC_SUBST(manlangs)]
+)
+
+#################################################
+# these tests are taken from the GNU fileutils package
+AC_CHECKING(how to get filesystem space usage)
+space=no
+
+# Test for statvfs64.
+if test $space = no; then
+  # SVR4
+  AC_CACHE_CHECK([statvfs64 function (SVR4)], fu_cv_sys_stat_statvfs64,
+  [AC_TRY_RUN([
+#if defined(HAVE_UNISTD_H)
+#include <unistd.h>
+#endif
+#include <sys/types.h>
+#include <sys/statvfs.h>
+  main ()
+  {
+    struct statvfs64 fsd;
+    exit (statvfs64 (".", &fsd));
+  }],
+  fu_cv_sys_stat_statvfs64=yes,
+  fu_cv_sys_stat_statvfs64=no,
+  fu_cv_sys_stat_statvfs64=cross)])
+  if test $fu_cv_sys_stat_statvfs64 = yes; then
+    space=yes
+    AC_DEFINE(STAT_STATVFS64)
+  fi
+fi
+
+# Perform only the link test since it seems there are no variants of the
+# statvfs function.  This check is more than just AC_CHECK_FUNCS(statvfs)
+# because that got a false positive on SCO OSR5.  Adding the declaration
+# of a `struct statvfs' causes this test to fail (as it should) on such
+# systems.  That system is reported to work fine with STAT_STATFS4 which
+# is what it gets when this test fails.
+if test $space = no; then
+  # SVR4
+  AC_CACHE_CHECK([statvfs function (SVR4)], fu_cv_sys_stat_statvfs,
+		 [AC_TRY_LINK([#include <sys/types.h>
+#include <sys/statvfs.h>],
+			      [struct statvfs fsd; statvfs (0, &fsd);],
+			      fu_cv_sys_stat_statvfs=yes,
+			      fu_cv_sys_stat_statvfs=no)])
+  if test $fu_cv_sys_stat_statvfs = yes; then
+    space=yes
+    AC_DEFINE(STAT_STATVFS)
+  fi
+fi
+
+if test $space = no; then
+  # DEC Alpha running OSF/1
+  AC_MSG_CHECKING([for 3-argument statfs function (DEC OSF/1)])
+  AC_CACHE_VAL(fu_cv_sys_stat_statfs3_osf1,
+  [AC_TRY_RUN([
+#include <sys/param.h>
+#include <sys/types.h>
+#include <sys/mount.h>
+  main ()
+  {
+    struct statfs fsd;
+    fsd.f_fsize = 0;
+    exit (statfs (".", &fsd, sizeof (struct statfs)));
+  }],
+  fu_cv_sys_stat_statfs3_osf1=yes,
+  fu_cv_sys_stat_statfs3_osf1=no,
+  fu_cv_sys_stat_statfs3_osf1=no)])
+  AC_MSG_RESULT($fu_cv_sys_stat_statfs3_osf1)
+  if test $fu_cv_sys_stat_statfs3_osf1 = yes; then
+    space=yes
+    AC_DEFINE(STAT_STATFS3_OSF1)
+  fi
+fi
+
+if test $space = no; then
+# AIX
+  AC_MSG_CHECKING([for two-argument statfs with statfs.bsize dnl
+member (AIX, 4.3BSD)])
+  AC_CACHE_VAL(fu_cv_sys_stat_statfs2_bsize,
+  [AC_TRY_RUN([
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+#ifdef HAVE_SYS_MOUNT_H
+#include <sys/mount.h>
+#endif
+#ifdef HAVE_SYS_VFS_H
+#include <sys/vfs.h>
+#endif
+  main ()
+  {
+  struct statfs fsd;
+  fsd.f_bsize = 0;
+  exit (statfs (".", &fsd));
+  }],
+  fu_cv_sys_stat_statfs2_bsize=yes,
+  fu_cv_sys_stat_statfs2_bsize=no,
+  fu_cv_sys_stat_statfs2_bsize=no)])
+  AC_MSG_RESULT($fu_cv_sys_stat_statfs2_bsize)
+  if test $fu_cv_sys_stat_statfs2_bsize = yes; then
+    space=yes
+    AC_DEFINE(STAT_STATFS2_BSIZE)
+  fi
+fi
+
+if test $space = no; then
+# SVR3
+  AC_MSG_CHECKING([for four-argument statfs (AIX-3.2.5, SVR3)])
+  AC_CACHE_VAL(fu_cv_sys_stat_statfs4,
+  [AC_TRY_RUN([#include <sys/types.h>
+#include <sys/statfs.h>
+  main ()
+  {
+  struct statfs fsd;
+  exit (statfs (".", &fsd, sizeof fsd, 0));
+  }],
+    fu_cv_sys_stat_statfs4=yes,
+    fu_cv_sys_stat_statfs4=no,
+    fu_cv_sys_stat_statfs4=no)])
+  AC_MSG_RESULT($fu_cv_sys_stat_statfs4)
+  if test $fu_cv_sys_stat_statfs4 = yes; then
+    space=yes
+    AC_DEFINE(STAT_STATFS4)
+  fi
+fi
+
+if test $space = no; then
+# 4.4BSD and NetBSD
+  AC_MSG_CHECKING([for two-argument statfs with statfs.fsize dnl
+member (4.4BSD and NetBSD)])
+  AC_CACHE_VAL(fu_cv_sys_stat_statfs2_fsize,
+  [AC_TRY_RUN([#include <sys/types.h>
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+#ifdef HAVE_SYS_MOUNT_H
+#include <sys/mount.h>
+#endif
+  main ()
+  {
+  struct statfs fsd;
+  fsd.f_fsize = 0;
+  exit (statfs (".", &fsd));
+  }],
+  fu_cv_sys_stat_statfs2_fsize=yes,
+  fu_cv_sys_stat_statfs2_fsize=no,
+  fu_cv_sys_stat_statfs2_fsize=no)])
+  AC_MSG_RESULT($fu_cv_sys_stat_statfs2_fsize)
+  if test $fu_cv_sys_stat_statfs2_fsize = yes; then
+    space=yes
+    AC_DEFINE(STAT_STATFS2_FSIZE)
+  fi
+fi
+
+if test $space = no; then
+  # Ultrix
+  AC_MSG_CHECKING([for two-argument statfs with struct fs_data (Ultrix)])
+  AC_CACHE_VAL(fu_cv_sys_stat_fs_data,
+  [AC_TRY_RUN([#include <sys/types.h>
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+#ifdef HAVE_SYS_MOUNT_H
+#include <sys/mount.h>
+#endif
+#ifdef HAVE_SYS_FS_TYPES_H
+#include <sys/fs_types.h>
+#endif
+  main ()
+  {
+  struct fs_data fsd;
+  /* Ultrix's statfs returns 1 for success,
+     0 for not mounted, -1 for failure.  */
+  exit (statfs (".", &fsd) != 1);
+  }],
+  fu_cv_sys_stat_fs_data=yes,
+  fu_cv_sys_stat_fs_data=no,
+  fu_cv_sys_stat_fs_data=no)])
+  AC_MSG_RESULT($fu_cv_sys_stat_fs_data)
+  if test $fu_cv_sys_stat_fs_data = yes; then
+    space=yes
+    AC_DEFINE(STAT_STATFS2_FS_DATA)
+  fi
+fi
+
+#
+# As a gating factor for large file support, in order to
+# use <4GB files we must have the following minimal support
+# available.
+# long long, and a 64 bit off_t or off64_t.
+# If we don't have all of these then disable large
+# file support.
+#
+AC_MSG_CHECKING([if large file support can be enabled])
+AC_TRY_COMPILE([
+#if defined(HAVE_LONGLONG) && (defined(HAVE_OFF64_T) || (defined(SIZEOF_OFF_T) && (SIZEOF_OFF_T == 8)))
+#include <sys/types.h>
+#else
+__COMPILE_ERROR_
+#endif
+],
+[int i],
+samba_cv_HAVE_EXPLICIT_LARGEFILE_SUPPORT=yes,samba_cv_HAVE_EXPLICIT_LARGEFILE_SUPPORT=no)
+if test x"$samba_cv_HAVE_EXPLICIT_LARGEFILE_SUPPORT" = x"yes"; then
+    AC_DEFINE(HAVE_EXPLICIT_LARGEFILE_SUPPORT)
+fi
+AC_MSG_RESULT([$samba_cv_HAVE_EXPLICIT_LARGEFILE_SUPPORT])
+
+AC_ARG_WITH(spinlocks, 
+[  --with-spinlocks        Use spin locks instead of fcntl locks (default=no) ])
+if test "x$with_spinlocks" = "xyes"; then
+    AC_DEFINE(USE_SPINLOCKS)
+
+    case "$host_cpu" in
+        sparc)
+            AC_DEFINE(SPARC_SPINLOCKS)
+            ;;
+
+        i386|i486|i586|i686)
+            AC_DEFINE(INTEL_SPINLOCKS)
+            ;;
+
+        mips)
+            AC_DEFINE(MIPS_SPINLOCKS)
+            ;;
+
+        powerpc)
+            AC_DEFINE(POWERPC_SPINLOCKS)
+            ;;
+    esac
+fi
+
+#################################################
+# check for ACL support
+
+AC_MSG_CHECKING(whether to support ACLs)
+AC_ARG_WITH(acl-support,
+[  --with-acl-support      Include ACL support (default=no)],
+[ case "$withval" in
+  yes)
+
+	case "$host_os" in
+	*sysv5*)
+		AC_MSG_RESULT(Using UnixWare ACLs)
+		AC_DEFINE(HAVE_UNIXWARE_ACLS)
+		;;
+	*solaris*)
+		AC_MSG_RESULT(Using solaris ACLs)
+		AC_DEFINE(HAVE_SOLARIS_ACLS)
+		;;
+	*hpux*)
+		AC_MSG_RESULT(Using HPUX ACLs)
+		AC_DEFINE(HAVE_HPUX_ACLS)
+		;;
+	*irix*)
+		AC_MSG_RESULT(Using IRIX ACLs)
+		AC_DEFINE(HAVE_IRIX_ACLS)
+		;;
+	*aix*)
+		AC_MSG_RESULT(Using AIX ACLs)
+		AC_DEFINE(HAVE_AIX_ACLS)
+		;;
+	*osf*)
+		AC_MSG_RESULT(Using Tru64 ACLs)
+		AC_DEFINE(HAVE_TRU64_ACLS)
+		LIBS="$LIBS -lpacl"
+		;;
+        *)
+		AC_CHECK_LIB(acl,acl_get_file)
+		AC_CACHE_CHECK([for ACL support],samba_cv_HAVE_POSIX_ACLS,[
+		AC_TRY_LINK([#include <sys/types.h>
+#include <sys/acl.h>],
+[ acl_t acl; int entry_id; acl_entry_t *entry_p; return acl_get_entry( acl, entry_id, entry_p);],
+samba_cv_HAVE_POSIX_ACLS=yes,samba_cv_HAVE_POSIX_ACLS=no)])
+			if test x"$samba_cv_HAVE_POSIX_ACLS" = x"yes"; then
+				AC_MSG_RESULT(Using posix ACLs)
+				AC_DEFINE(HAVE_POSIX_ACLS)
+				AC_CACHE_CHECK([for acl_get_perm_np],samba_cv_HAVE_ACL_GET_PERM_NP,[
+				AC_TRY_LINK([#include <sys/types.h>
+#include <sys/acl.h>],
+[ acl_permset_t permset_d; acl_perm_t perm; return acl_get_perm_np( permset_d, perm);],
+samba_cv_HAVE_ACL_GET_PERM_NP=yes,samba_cv_HAVE_ACL_GET_PERM_NP=no)])
+				if test x"$samba_cv_HAVE_ACL_GET_PERM_NP" = x"yes"; then
+					AC_DEFINE(HAVE_ACL_GET_PERM_NP)
+				fi
+			fi
+            ;;
+        esac
+        ;;
+  *)
+    AC_MSG_RESULT(no)
+    AC_DEFINE(HAVE_NO_ACLS)
+    ;;
+  esac ],
+  AC_DEFINE(HAVE_NO_ACLS)
+  AC_MSG_RESULT(no)
+)
+
+#################################################
+# Check whether winbind is supported on this platform.  If so we need to
+# build and install client programs (WINBIND_TARGETS), sbin programs
+# (WINBIND_STARGETS) and shared libraries (WINBIND_LTARGETS).
+
+AC_MSG_CHECKING(whether to build winbind)
+
+# Initially, the value of $host_os decides whether winbind is supported
+
+case "$host_os" in
+	*linux*|*irix*)
+		HAVE_WINBIND=yes
+		;;
+	*solaris*)
+		HAVE_WINBIND=yes
+		WINBIND_NSS_EXTRA_OBJS="nsswitch/winbind_nss_solaris.o"
+		WINBIND_NSS_EXTRA_LIBS="-lsocket"
+		;;
+	*hpux11*)
+		HAVE_WINBIND=yes
+		WINBIND_NSS_EXTRA_OBJS="nsswitch/winbind_nss_solaris.o"
+		;;
+	*)
+		HAVE_WINBIND=no
+		winbind_no_reason=", unsupported on $host_os"
+		;;
+esac
+
+# Check the setting of --with-winbindd
+
+AC_ARG_WITH(winbind,
+[  --with-winbind          Build winbind (default, if supported by OS)],
+[ 
+  case "$withval" in
+	yes)
+		HAVE_WINBIND=yes
+		;;
+        no)
+		HAVE_WINBIND=no
+                winbind_reason=""
+                ;;
+  esac ],
+)
+
+# We need unix domain sockets for winbind
+
+if test x"$HAVE_WINBIND" = x"yes"; then
+	if test x"$samba_cv_unixsocket" = x"no"; then
+		winbind_no_reason=", no unix domain socket support on $host_os"
+		HAVE_WINBIND=no
+	fi
+fi
+
+# Display test results
+
+WINBIND_TARGETS=""
+WINBIND_STARGETS=""
+WINBIND_LTARGETS=""
+WINBIND_PAM_PROGS=""
+
+if test x"$HAVE_WINBIND" = x"yes"; then
+        AC_MSG_RESULT(yes)
+
+	WINBIND_TARGETS="bin/wbinfo"
+	WINBIND_STARGETS="bin/winbindd"
+        if test x"$BLDSHARED" = x"true"; then
+		WINBIND_LTARGETS="nsswitch/libnss_winbind.so"
+		if test x"$with_pam" = x"yes"; then
+			WINBIND_PAM_TARGETS="nsswitch/pam_winbind.so"
+		fi
+	fi
+else
+        AC_MSG_RESULT(no$winbind_no_reason)
+fi
+
+# Substitution time!
+
+AC_SUBST(WINBIND_TARGETS)
+AC_SUBST(WINBIND_STARGETS)
+AC_SUBST(WINBIND_LTARGETS)
+AC_SUBST(WINBIND_PAM_TARGETS)
+AC_SUBST(WINBIND_NSS_EXTRA_OBJS)
+AC_SUBST(WINBIND_NSS_EXTRA_LIBS)
+
+#################################################
+# Check to see if we should use the included popt 
+
+AC_ARG_WITH(included-popt,
+[  --with-included-popt    use bundled popt library, not from system],
+[ 
+  case "$withval" in
+	yes)
+		INCLUDED_POPT=yes
+		;;
+        no)
+		INCLUDED_POPT=no
+                ;;
+  esac ],
+)
+if test x"$INCLUDED_POPT" != x"yes"; then
+    AC_CHECK_LIB(popt, poptGetContext,
+	         INCLUDED_POPT=no, INCLUDED_POPT=yes)
+fi
+
+AC_MSG_CHECKING(whether to use included popt)
+if test x"$INCLUDED_POPT" = x"yes"; then
+    AC_MSG_RESULT($srcdir/popt)
+    BUILD_POPT='$(POPT_OBJS)'
+    FLAGS1="-I$srcdir/popt"
+else
+    AC_MSG_RESULT(no)
+    LIBS="$LIBS -lpopt"
+fi
+AC_SUBST(BUILD_POPT)
+AC_SUBST(FLAGS1)
+
+#################################################
+# do extra things if we are running insure
+
+if test "${ac_cv_prog_CC}" = "insure"; then
+	CPPFLAGS="$CPPFLAGS -D__INSURE__"
+fi
+
+#################################################
+# final configure stuff
+
+AC_MSG_CHECKING([configure summary])
+AC_TRY_RUN([#include "${srcdir-.}/tests/summary.c"],
+           AC_MSG_RESULT(yes),
+	   AC_MSG_ERROR([summary failure. Aborting config]); exit 1;,
+	   AC_MSG_WARN([cannot run when cross-compiling]))
+
+builddir=`pwd`
+AC_SUBST(builddir)
+
+AC_OUTPUT(include/stamp-h Makefile)
+
+#################################################
+# Print very concise instructions on building/use
+if test "x$enable_dmalloc" = xyes
+then
+	AC_MSG_RESULT([Note: The dmalloc debug library will be included.  To turn it on use])
+	AC_MSG_RESULT([      \$ eval \`dmalloc samba\`.])
+fi
diff --git a/source3/configure.nodebug.developer b/source3/configure.nodebug.developer
new file mode 100755
index 0000000000..65e21b4bdf
--- /dev/null
+++ b/source3/configure.nodebug.developer
@@ -0,0 +1,3 @@
+#!/bin/sh
+CFLAGS="-Wall -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align -DDEBUG_PASSWORD"; export CFLAGS
+./configure $*
diff --git a/source3/dynconfig.c b/source3/dynconfig.c
new file mode 100644
index 0000000000..76b5bce5c9
--- /dev/null
+++ b/source3/dynconfig.c
@@ -0,0 +1,73 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Copyright (C) 2001 by Martin Pool <mbp@samba.org>
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/**
+ * @file dynconfig.c
+ *
+ * @brief Global configurations, initialized to configured defaults.
+ *
+ * This file should be the only file that depends on path
+ * configuration (--prefix, etc), so that if ./configure is re-run,
+ * all programs will be appropriately updated.  Everything else in
+ * Samba should import extern variables from here, rather than relying
+ * on preprocessor macros.
+ *
+ * Eventually some of these may become even more variable, so that
+ * they can for example consistently be set across the whole of Samba
+ * by command-line parameters, config file entries, or environment
+ * variables.
+ *
+ * @todo Perhaps eventually these should be merged into the parameter
+ * table?  There's kind of a chicken-and-egg situation there...
+ **/
+
+char const *dyn_SBINDIR = SBINDIR,
+	*dyn_BINDIR = BINDIR,
+	*dyn_SWATDIR = SWATDIR;
+
+pstring dyn_CONFIGFILE = CONFIGFILE; /**< Location of smb.conf file. **/
+
+/** Log file directory. **/
+pstring dyn_LOGFILEBASE = LOGFILEBASE;
+
+/** Statically configured LanMan hosts. **/
+pstring dyn_LMHOSTSFILE = LMHOSTSFILE;
+
+/**
+ * @brief Samba library directory.
+ *
+ * @sa lib_path() to get the path to a file inside the LIBDIR.
+ **/
+pstring dyn_LIBDIR = LIBDIR;  
+
+/**
+ * @brief Directory holding lock files.
+ *
+ * Not writable, but used to set a default in the parameter table.
+ **/
+const pstring dyn_LOCKDIR = LOCKDIR;
+
+const pstring dyn_DRIVERFILE = DRIVERFILE;
+
+const pstring dyn_SMB_PASSWD_FILE = SMB_PASSWD_FILE;
+const pstring dyn_PRIVATE_DIR = PRIVATE_DIR;
+
+
diff --git a/source3/groupdb/aliasdb.c b/source3/groupdb/aliasdb.c
new file mode 100644
index 0000000000..718bf1d7ce
--- /dev/null
+++ b/source3/groupdb/aliasdb.c
@@ -0,0 +1,385 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Password and authentication handling
+   Copyright (C) Jeremy Allison 1996-1998
+   Copyright (C) Luke Kenneth Caseson Leighton 1996-1998
+      
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mases Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+extern fstring global_sam_name;
+
+/*
+ * NOTE. All these functions are abstracted into a structure
+ * that points to the correct function for the selected database. JRA.
+ */
+
+static struct aliasdb_ops *aldb_ops;
+
+/***************************************************************
+ Initialise the alias db operations.
+***************************************************************/
+
+BOOL initialise_alias_db(void)
+{
+  if (aldb_ops)
+  {
+    return True;
+  }
+
+#ifdef WITH_NISPLUS
+  aldb_ops =  nisplus_initialise_alias_db();
+#elif defined(WITH_LDAP)
+  aldb_ops = ldap_initialise_alias_db();
+#else 
+  aldb_ops = file_initialise_alias_db();
+#endif 
+
+  return (aldb_ops != NULL);
+}
+
+/*
+ * Functions that return/manipulate a LOCAL_GRP.
+ */
+
+/************************************************************************
+ Utility function to search alias database by gid: the LOCAL_GRP
+ structure does not have a gid member, so we have to convert here
+ from gid to alias rid.
+*************************************************************************/
+LOCAL_GRP *iterate_getaliasgid(gid_t gid, LOCAL_GRP_MEMBER **mem, int *num_mem)
+{
+	return iterate_getaliasrid(pwdb_gid_to_alias_rid(gid), mem, num_mem);
+}
+
+/************************************************************************
+ Utility function to search alias database by rid.  use this if your database
+ does not have search facilities.
+*************************************************************************/
+LOCAL_GRP *iterate_getaliasrid(uint32 rid, LOCAL_GRP_MEMBER **mem, int *num_mem)
+{
+	LOCAL_GRP *als = NULL;
+	void *fp = NULL;
+
+	DEBUG(10, ("search by rid: 0x%x\n", rid));
+
+	/* Open the alias database file - not for update. */
+	fp = startaliasent(False);
+
+	if (fp == NULL)
+	{
+		DEBUG(0, ("unable to open alias database.\n"));
+		return NULL;
+	}
+
+	while ((als = getaliasent(fp, mem, num_mem)) != NULL && als->rid != rid)
+	{
+	}
+
+	if (als != NULL)
+	{
+		DEBUG(10, ("found alias %s by rid: 0x%x\n", als->name, rid));
+	}
+
+	endaliasent(fp);
+	return als;
+}
+
+/************************************************************************
+ Utility function to search alias database by name.  use this if your database
+ does not have search facilities.
+*************************************************************************/
+LOCAL_GRP *iterate_getaliasnam(char *name, LOCAL_GRP_MEMBER **mem, int *num_mem)
+{
+	LOCAL_GRP *als = NULL;
+	void *fp = NULL;
+
+	DEBUG(10, ("search by name: %s\n", name));
+
+	/* Open the alias database file - not for update. */
+	fp = startaliasent(False);
+
+	if (fp == NULL)
+	{
+		DEBUG(0, ("unable to open alias database.\n"));
+		return NULL;
+	}
+
+	while ((als = getaliasent(fp, mem, num_mem)) != NULL && !strequal(als->name, name))
+	{
+	}
+
+	if (als != NULL)
+	{
+		DEBUG(10, ("found by name: %s\n", name));
+	}
+
+	endaliasent(fp);
+	return als;
+}
+
+/*************************************************************************
+ Routine to return the next entry in the smbdomainalias list.
+ *************************************************************************/
+BOOL add_domain_alias(LOCAL_GRP **alss, int *num_alss, LOCAL_GRP *als)
+{
+	LOCAL_GRP *talss;
+
+	if (alss == NULL || num_alss == NULL || als == NULL)
+		return False;
+
+	talss = Realloc((*alss), ((*num_alss)+1) * sizeof(LOCAL_GRP));
+	if (talss == NULL) {
+		SAFE_FREE(*alss);
+		return False;
+	} else
+		(*alss) = talss;
+
+	DEBUG(10,("adding alias %s(%s)\n", als->name, als->comment));
+
+	fstrcpy((*alss)[(*num_alss)].name   , als->name);
+	fstrcpy((*alss)[(*num_alss)].comment, als->comment);
+	(*alss)[(*num_alss)].rid = als->rid;
+
+	(*num_alss)++;
+
+	return True;
+}
+
+/*************************************************************************
+ checks to see if a user is a member of a domain alias
+ *************************************************************************/
+static BOOL user_is_member(char *user_name, LOCAL_GRP_MEMBER *mem, int num_mem)
+{
+	int i;
+	pstring name;
+	slprintf(name, sizeof(name)-1, "\\%s\\%s", global_sam_name, user_name);
+
+	for (i = 0; i < num_mem; i++)
+	{
+		DEBUG(10,("searching against user %s...\n", mem[i].name));
+		if (strequal(mem[i].name, name))
+		{
+			DEBUG(10,("searching for user %s: found\n", name));
+			return True;
+		}
+	}
+	DEBUG(10,("searching for user %s: not found\n", name));
+	return False;
+}
+
+/*************************************************************************
+ gets an array of aliases that a user is in.  use this if your database
+ does not have search facilities
+ *************************************************************************/
+BOOL iterate_getuseraliasnam(char *user_name, LOCAL_GRP **alss, int *num_alss)
+{
+	LOCAL_GRP *als;
+	LOCAL_GRP_MEMBER *mem = NULL;
+	int num_mem = 0;
+	void *fp = NULL;
+
+	DEBUG(10, ("search for useralias by name: %s\n", user_name));
+
+	if (user_name == NULL || als == NULL || num_alss == NULL)
+	{
+		return False;
+	}
+
+	(*alss) = NULL;
+	(*num_alss) = 0;
+
+	/* Open the alias database file - not for update. */
+	fp = startaliasent(False);
+
+	if (fp == NULL)
+	{
+		DEBUG(0, ("unable to open alias database.\n"));
+		return False;
+	}
+
+	/* iterate through all aliases.  search members for required user */
+	while ((als = getaliasent(fp, &mem, &num_mem)) != NULL)
+	{
+		DEBUG(5,("alias name %s members: %d\n", als->name, num_mem));
+		if (num_mem != 0 && mem != NULL)
+		{
+			BOOL ret = True;
+			if (user_is_member(user_name, mem, num_mem))
+			{
+				ret = add_domain_alias(alss, num_alss, als);
+			}
+
+			SAFE_FREE(mem);
+			num_mem = 0;
+
+			if (!ret)
+			{
+				(*num_alss) = 0;
+				break;
+			}
+		}
+	}
+
+	if ((*num_alss) != 0)
+	{
+		DEBUG(10, ("found %d user aliases:\n", (*num_alss)));
+	}
+
+	endaliasent(fp);
+	return True;
+}
+
+/*************************************************************************
+ gets an array of aliases that a user is in.  use this if your database
+ does not have search facilities
+ *************************************************************************/
+BOOL enumdomaliases(LOCAL_GRP **alss, int *num_alss)
+{
+	LOCAL_GRP *als;
+	void *fp = NULL;
+
+	DEBUG(10, ("enum user aliases\n"));
+
+	if (als == NULL || num_alss == NULL)
+	{
+		return False;
+	}
+
+	(*alss) = NULL;
+	(*num_alss) = 0;
+
+	/* Open the alias database file - not for update. */
+	fp = startaliasent(False);
+
+	if (fp == NULL)
+	{
+		DEBUG(0, ("unable to open alias database.\n"));
+		return False;
+	}
+
+	/* iterate through all aliases. */
+	while ((als = getaliasent(fp, NULL, NULL)) != NULL)
+	{
+		if (!add_domain_alias(alss, num_alss, als))
+		{
+			DEBUG(0,("unable to add alias while enumerating\n"));
+			return False;
+		}
+	}
+
+	if ((*num_alss) != 0)
+	{
+		DEBUG(10, ("found %d user aliases:\n", (*num_alss)));
+	}
+
+	endaliasent(fp);
+	return True;
+}
+
+/***************************************************************
+ Start to enumerate the alias database list. Returns a void pointer
+ to ensure no modification outside this module.
+****************************************************************/
+
+void *startaliasent(BOOL update)
+{
+  return aldb_ops->startaliasent(update);
+}
+
+/***************************************************************
+ End enumeration of the alias database list.
+****************************************************************/
+
+void endaliasent(void *vp)
+{
+  aldb_ops->endaliasent(vp);
+}
+
+/*************************************************************************
+ Routine to return the next entry in the alias database list.
+ *************************************************************************/
+
+LOCAL_GRP *getaliasent(void *vp, LOCAL_GRP_MEMBER **mem, int *num_mem)
+{
+	return aldb_ops->getaliasent(vp, mem, num_mem);
+}
+
+/************************************************************************
+ Routine to add an entry to the alias database file.
+*************************************************************************/
+
+BOOL add_alias_entry(LOCAL_GRP *newals)
+{
+ 	return aldb_ops->add_alias_entry(newals);
+}
+
+/************************************************************************
+ Routine to search the alias database file for an entry matching the aliasname.
+ and then replace the entry.
+************************************************************************/
+
+BOOL mod_alias_entry(LOCAL_GRP* als)
+{
+ 	return aldb_ops->mod_alias_entry(als);
+}
+
+/************************************************************************
+ Routine to search alias database by name.
+*************************************************************************/
+
+LOCAL_GRP *getaliasnam(char *name, LOCAL_GRP_MEMBER **mem, int *num_mem)
+{
+	return aldb_ops->getaliasnam(name, mem, num_mem);
+}
+
+/************************************************************************
+ Routine to search alias database by alias rid.
+*************************************************************************/
+
+LOCAL_GRP *getaliasrid(uint32 alias_rid, LOCAL_GRP_MEMBER **mem, int *num_mem)
+{
+	return aldb_ops->getaliasrid(alias_rid, mem, num_mem);
+}
+
+/************************************************************************
+ Routine to search alias database by gid.
+*************************************************************************/
+
+LOCAL_GRP *getaliasgid(gid_t gid, LOCAL_GRP_MEMBER **mem, int *num_mem)
+{
+	return aldb_ops->getaliasgid(gid, mem, num_mem);
+}
+
+/*************************************************************************
+ gets an array of aliases that a user is in.
+ *************************************************************************/
+BOOL getuseraliasnam(char *user_name, LOCAL_GRP **als, int *num_alss)
+{
+	return aldb_ops->getuseraliasnam(user_name, als, num_alss);
+}
+
+/*************************************************************
+ initialises a LOCAL_GRP.
+ **************************************************************/
+
+void aldb_init_als(LOCAL_GRP *als)
+{
+	if (als == NULL) return;
+	ZERO_STRUCTP(als);
+}
+
diff --git a/source3/groupdb/aliasfile.c b/source3/groupdb/aliasfile.c
new file mode 100644
index 0000000000..77189fd822
--- /dev/null
+++ b/source3/groupdb/aliasfile.c
@@ -0,0 +1,290 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * SMB parameters and setup
+ * Copyright (C) Andrew Tridgell 1992-1998 Modified by Jeremy Allison 1995.
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 675
+ * Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+#ifdef USE_SMBPASS_DB
+
+static int al_file_lock_depth = 0;
+
+static char s_readbuf[1024];
+
+/***************************************************************
+ Start to enumerate the aliasdb list. Returns a void pointer
+ to ensure no modification outside this module.
+****************************************************************/
+
+static void *startalsfilepwent(BOOL update)
+{
+	return startfilepwent(lp_smb_alias_file(),
+	                      s_readbuf, sizeof(s_readbuf),
+	                      &al_file_lock_depth, update);
+}
+
+/***************************************************************
+ End enumeration of the aliasdb list.
+****************************************************************/
+
+static void endalsfilepwent(void *vp)
+{
+	endfilepwent(vp, &al_file_lock_depth);
+}
+
+/*************************************************************************
+ Return the current position in the aliasdb list as an SMB_BIG_UINT.
+ This must be treated as an opaque token.
+*************************************************************************/
+static SMB_BIG_UINT getalsfilepwpos(void *vp)
+{
+	return getfilepwpos(vp);
+}
+
+/*************************************************************************
+ Set the current position in the aliasdb list from an SMB_BIG_UINT.
+ This must be treated as an opaque token.
+*************************************************************************/
+static BOOL setalsfilepwpos(void *vp, SMB_BIG_UINT tok)
+{
+	return setfilepwpos(vp, tok);
+}
+
+static BOOL make_alias_line(char *p, int max_len,
+				LOCAL_GRP *als,
+				LOCAL_GRP_MEMBER **mem, int *num_mem)
+{
+	int i;
+	int len;
+	len = slprintf(p, max_len-1, "%s:%s:%d:", als->name, als->comment, als->rid);
+
+	if (len == -1)
+	{
+		DEBUG(0,("make_alias_line: cannot create entry\n"));
+		return False;
+	}
+
+	p += len;
+	max_len -= len;
+
+	if (mem == NULL || num_mem == NULL)
+	{
+		return True;
+	}
+
+	for (i = 0; i < (*num_mem); i++)
+	{
+		len = strlen((*mem)[i].name);
+		p = safe_strcpy(p, (*mem)[i].name, max_len); 
+
+		if (p == NULL)
+		{
+			DEBUG(0, ("make_alias_line: out of space for aliases!\n"));
+			return False;
+		}
+
+		max_len -= len;
+
+		if (i != (*num_mem)-1)
+		{
+			*p = ',';
+			p++;
+			max_len--;
+		}
+	}
+
+	return True;
+}
+
+/*************************************************************************
+ Routine to return the next entry in the smbdomainalias list.
+ *************************************************************************/
+static char *get_alias_members(char *p, int *num_mem, LOCAL_GRP_MEMBER **members)
+{
+	fstring name;
+
+	if (num_mem == NULL || members == NULL)
+		return NULL;
+
+	(*num_mem) = 0;
+	(*members) = NULL;
+
+	while (next_token(&p, name, ",", sizeof(fstring))) {
+		LOCAL_GRP_MEMBER *mbrs;
+		DOM_SID sid;
+		uint8 type;
+
+		if (lookup_sid(name, &sid, &type)) {
+			mbrs = Realloc((*members), ((*num_mem)+1) * sizeof(LOCAL_GRP_MEMBER));
+			(*num_mem)++;
+		} else {
+			DEBUG(0,("alias database: could not resolve alias named %s\n", name));
+			continue;
+		}
+		if (mbrs == NULL) {
+			SAFE_FREE(*members);
+			return NULL;
+        } else
+            (*members) = mbrs;
+		
+		fstrcpy((*members)[(*num_mem)-1].name, name);
+		(*members)[(*num_mem)-1].sid_use = type;
+		sid_copy(&(*members)[(*num_mem)-1].sid, &sid);
+	}
+	return p;
+}
+
+/*************************************************************************
+ Routine to return the next entry in the smbdomainalias list.
+ *************************************************************************/
+static LOCAL_GRP *getalsfilepwent(void *vp, LOCAL_GRP_MEMBER **mem, int *num_mem)
+{
+	/* Static buffers we will return. */
+	static LOCAL_GRP al_buf;
+
+	int gidval;
+
+	pstring linebuf;
+	char  *p;
+	size_t            linebuf_len;
+
+	aldb_init_als(&al_buf);
+
+	/*
+	 * Scan the file, a line at a time and check if the name matches.
+	 */
+	while ((linebuf_len = getfileline(vp, linebuf, sizeof(linebuf))) > 0)
+	{
+		/* get alias name */
+
+		p = strncpyn(al_buf.name, linebuf, sizeof(al_buf.name), ':');
+		if (p == NULL)
+		{
+			DEBUG(0, ("getalsfilepwent: malformed alias entry (no :)\n"));
+			continue;
+		}
+
+		/* Go past ':' */
+		p++;
+
+		/* get alias comment */
+
+		p = strncpyn(al_buf.comment, p, sizeof(al_buf.comment), ':');
+		if (p == NULL)
+		{
+			DEBUG(0, ("getalsfilepwent: malformed alias entry (no :)\n"));
+			continue;
+		}
+
+		/* Go past ':' */
+		p++;
+
+		/* Get alias gid. */
+
+		p = Atoic(p, &gidval, ":");
+
+		if (p == NULL)
+		{
+			DEBUG(0, ("getalsfilepwent: malformed alias entry (no : after uid)\n"));
+			continue;
+		}
+
+		/* Go past ':' */
+		p++;
+
+		/* now get the user's aliases.  there are a maximum of 32 */
+
+		if (mem != NULL && num_mem != NULL)
+		{
+			(*mem) = NULL;
+			(*num_mem) = 0;
+
+			p = get_alias_members(p, num_mem, mem);
+			if (p == NULL)
+			{
+				DEBUG(0, ("getalsfilepwent: malformed alias entry (no : after members)\n"));
+			}
+		}
+
+		/* ok, set up the static data structure and return it */
+
+		al_buf.rid     = pwdb_gid_to_alias_rid((gid_t)gidval);
+
+		make_alias_line(linebuf, sizeof(linebuf), &al_buf, mem, num_mem);
+		DEBUG(10,("line: '%s'\n", linebuf));
+
+		return &al_buf;
+	}
+
+	DEBUG(5,("getalsfilepwent: end of file reached.\n"));
+	return NULL;
+}
+
+/************************************************************************
+ Routine to add an entry to the aliasdb file.
+*************************************************************************/
+
+static BOOL add_alsfileals_entry(LOCAL_GRP *newals)
+{
+	DEBUG(0, ("add_alsfileals_entry: NOT IMPLEMENTED\n"));
+	return False;
+}
+
+/************************************************************************
+ Routine to search the aliasdb file for an entry matching the aliasname.
+ and then modify its alias entry. We can't use the startalspwent()/
+ getalspwent()/endalspwent() interfaces here as we depend on looking
+ in the actual file to decide how much room we have to write data.
+ override = False, normal
+ override = True, override XXXXXXXX'd out alias or NO PASS
+************************************************************************/
+
+static BOOL mod_alsfileals_entry(LOCAL_GRP* als)
+{
+	DEBUG(0, ("mod_alsfileals_entry: NOT IMPLEMENTED\n"));
+	return False;
+}
+
+
+static struct aliasdb_ops file_ops =
+{
+	startalsfilepwent,
+	endalsfilepwent,
+	getalsfilepwpos,
+	setalsfilepwpos,
+
+	iterate_getaliasnam,          /* In aliasdb.c */
+	iterate_getaliasgid,          /* In aliasdb.c */
+	iterate_getaliasrid,          /* In aliasdb.c */
+	getalsfilepwent,
+
+	add_alsfileals_entry,
+	mod_alsfileals_entry,
+
+	iterate_getuseraliasnam      /* in aliasdb.c */
+};
+
+struct aliasdb_ops *file_initialise_alias_db(void)
+{    
+	return &file_ops;
+}
+
+#else
+ /* Do *NOT* make this function static. It breaks the compile on gcc. JRA */
+ void als_dummy_function(void) { } /* stop some compilers complaining */
+#endif /* USE_SMBPASS_DB */
diff --git a/source3/groupdb/groupdb.c b/source3/groupdb/groupdb.c
new file mode 100644
index 0000000000..c18463741d
--- /dev/null
+++ b/source3/groupdb/groupdb.c
@@ -0,0 +1,381 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Password and authentication handling
+   Copyright (C) Jeremy Allison 1996-1998
+   Copyright (C) Luke Kenneth Casson Leighton 1996-1998
+      
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/*
+ * NOTE. All these functions are abstracted into a structure
+ * that points to the correct function for the selected database. JRA.
+ */
+
+static struct groupdb_ops *gpdb_ops;
+
+/***************************************************************
+ Initialise the group db operations.
+***************************************************************/
+
+BOOL initialise_group_db(void)
+{
+  if (gpdb_ops)
+  {
+    return True;
+  }
+
+#ifdef WITH_NISPLUS
+  gpdb_ops =  nisplus_initialise_group_db();
+#elif defined(WITH_LDAP)
+  gpdb_ops = ldap_initialise_group_db();
+#else 
+  gpdb_ops = file_initialise_group_db();
+#endif 
+
+  return (gpdb_ops != NULL);
+}
+
+/*
+ * Functions that return/manipulate a DOMAIN_GRP.
+ */
+
+/************************************************************************
+ Utility function to search group database by gid: the DOMAIN_GRP
+ structure does not have a gid member, so we have to convert here
+ from gid to group rid.
+*************************************************************************/
+DOMAIN_GRP *iterate_getgroupgid(gid_t gid, DOMAIN_GRP_MEMBER **mem, int *num_mem)
+{
+	return iterate_getgrouprid(pwdb_gid_to_group_rid(gid), mem, num_mem);
+}
+
+/************************************************************************
+ Utility function to search group database by rid.  use this if your database
+ does not have search facilities.
+*************************************************************************/
+DOMAIN_GRP *iterate_getgrouprid(uint32 rid, DOMAIN_GRP_MEMBER **mem, int *num_mem)
+{
+	DOMAIN_GRP *grp = NULL;
+	void *fp = NULL;
+
+	DEBUG(10, ("search by rid: 0x%x\n", rid));
+
+	/* Open the group database file - not for update. */
+	fp = startgroupent(False);
+
+	if (fp == NULL)
+	{
+		DEBUG(0, ("unable to open group database.\n"));
+		return NULL;
+	}
+
+	while ((grp = getgroupent(fp, mem, num_mem)) != NULL && grp->rid != rid)
+	{
+	}
+
+	if (grp != NULL)
+	{
+		DEBUG(10, ("found group %s by rid: 0x%x\n", grp->name, rid));
+	}
+
+	endgroupent(fp);
+	return grp;
+}
+
+/************************************************************************
+ Utility function to search group database by name.  use this if your database
+ does not have search facilities.
+*************************************************************************/
+DOMAIN_GRP *iterate_getgroupnam(char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem)
+{
+	DOMAIN_GRP *grp = NULL;
+	void *fp = NULL;
+
+	DEBUG(10, ("search by name: %s\n", name));
+
+	/* Open the group database file - not for update. */
+	fp = startgroupent(False);
+
+	if (fp == NULL)
+	{
+		DEBUG(0, ("unable to open group database.\n"));
+		return NULL;
+	}
+
+	while ((grp = getgroupent(fp, mem, num_mem)) != NULL && !strequal(grp->name, name))
+	{
+	}
+
+	if (grp != NULL)
+	{
+		DEBUG(10, ("found by name: %s\n", name));
+	}
+
+	endgroupent(fp);
+	return grp;
+}
+
+/*************************************************************************
+ Routine to return the next entry in the smbdomaingroup list.
+ *************************************************************************/
+BOOL add_domain_group(DOMAIN_GRP **grps, int *num_grps, DOMAIN_GRP *grp)
+{
+	DOMAIN_GRP *tgrps;
+
+	if (grps == NULL || num_grps == NULL || grp == NULL)
+		return False;
+
+	tgrps = Realloc((*grps), ((*num_grps)+1) * sizeof(DOMAIN_GRP));
+	if (tgrps == NULL) {
+		SAFE_FREE(*grps);
+		return False;
+	} else
+		(*grps) = tgrps;
+
+	DEBUG(10,("adding group %s(%s)\n", grp->name, grp->comment));
+
+	fstrcpy((*grps)[(*num_grps)].name   , grp->name);
+	fstrcpy((*grps)[(*num_grps)].comment, grp->comment);
+	(*grps)[(*num_grps)].attr = grp->attr;
+	(*grps)[(*num_grps)].rid  = grp->rid ;
+
+	(*num_grps)++;
+
+	return True;
+}
+
+/*************************************************************************
+ checks to see if a user is a member of a domain group
+ *************************************************************************/
+static BOOL user_is_member(char *user_name, DOMAIN_GRP_MEMBER *mem, int num_mem)
+{
+	int i;
+	for (i = 0; i < num_mem; i++)
+	{
+		DEBUG(10,("searching against user %s...\n", mem[i].name));
+		if (strequal(mem[i].name, user_name))
+		{
+			DEBUG(10,("searching for user %s: found\n", user_name));
+			return True;
+		}
+	}
+	DEBUG(10,("searching for user %s: not found\n", user_name));
+	return False;
+}
+
+/*************************************************************************
+ gets an array of groups that a user is in.  use this if your database
+ does not have search facilities
+ *************************************************************************/
+BOOL iterate_getusergroupsnam(char *user_name, DOMAIN_GRP **grps, int *num_grps)
+{
+	DOMAIN_GRP *grp;
+	DOMAIN_GRP_MEMBER *mem = NULL;
+	int num_mem = 0;
+	void *fp = NULL;
+
+	DEBUG(10, ("search for usergroups by name: %s\n", user_name));
+
+	if (user_name == NULL || grp == NULL || num_grps == NULL)
+	{
+		return False;
+	}
+
+	(*grps) = NULL;
+	(*num_grps) = 0;
+
+	/* Open the group database file - not for update. */
+	fp = startgroupent(False);
+
+	if (fp == NULL)
+	{
+		DEBUG(0, ("unable to open group database.\n"));
+		return False;
+	}
+
+	/* iterate through all groups.  search members for required user */
+	while ((grp = getgroupent(fp, &mem, &num_mem)) != NULL)
+	{
+		DEBUG(5,("group name %s members: %d\n", grp->name, num_mem));
+		if (num_mem != 0 && mem != NULL)
+		{
+			BOOL ret = True;
+			if (user_is_member(user_name, mem, num_mem))
+			{
+				ret = add_domain_group(grps, num_grps, grp);
+			}
+
+			SAFE_FREE(mem);
+			num_mem = 0;
+
+			if (!ret)
+			{
+				(*num_grps) = 0;
+				break;
+			}
+		}
+	}
+
+	if ((*num_grps) != 0)
+	{
+		DEBUG(10, ("found %d user groups:\n", (*num_grps)));
+	}
+
+	endgroupent(fp);
+	return True;
+}
+
+/*************************************************************************
+ gets an array of groups that a user is in.  use this if your database
+ does not have search facilities
+ *************************************************************************/
+BOOL enumdomgroups(DOMAIN_GRP **grps, int *num_grps)
+{
+	DOMAIN_GRP *grp;
+	void *fp = NULL;
+
+	DEBUG(10, ("enum user groups\n"));
+
+	if (grp == NULL || num_grps == NULL)
+	{
+		return False;
+	}
+
+	(*grps) = NULL;
+	(*num_grps) = 0;
+
+	/* Open the group database file - not for update. */
+	fp = startgroupent(False);
+
+	if (fp == NULL)
+	{
+		DEBUG(0, ("unable to open group database.\n"));
+		return False;
+	}
+
+	/* iterate through all groups. */
+	while ((grp = getgroupent(fp, NULL, NULL)) != NULL)
+	{
+		if (!add_domain_group(grps, num_grps, grp))
+		{
+			DEBUG(0,("unable to add group while enumerating\n"));
+			return False;
+		}
+	}
+
+	if ((*num_grps) != 0)
+	{
+		DEBUG(10, ("found %d user groups:\n", (*num_grps)));
+	}
+
+	endgroupent(fp);
+	return True;
+}
+
+/***************************************************************
+ Start to enumerate the group database list. Returns a void pointer
+ to ensure no modification outside this module.
+****************************************************************/
+
+void *startgroupent(BOOL update)
+{
+  return gpdb_ops->startgroupent(update);
+}
+
+/***************************************************************
+ End enumeration of the group database list.
+****************************************************************/
+
+void endgroupent(void *vp)
+{
+  gpdb_ops->endgroupent(vp);
+}
+
+/*************************************************************************
+ Routine to return the next entry in the group database list.
+ *************************************************************************/
+
+DOMAIN_GRP *getgroupent(void *vp, DOMAIN_GRP_MEMBER **mem, int *num_mem)
+{
+	return gpdb_ops->getgroupent(vp, mem, num_mem);
+}
+
+/************************************************************************
+ Routine to add an entry to the group database file.
+*************************************************************************/
+
+BOOL add_group_entry(DOMAIN_GRP *newgrp)
+{
+ 	return gpdb_ops->add_group_entry(newgrp);
+}
+
+/************************************************************************
+ Routine to search the group database file for an entry matching the groupname.
+ and then replace the entry.
+************************************************************************/
+
+BOOL mod_group_entry(DOMAIN_GRP* grp)
+{
+ 	return gpdb_ops->mod_group_entry(grp);
+}
+
+/************************************************************************
+ Routine to search group database by name.
+*************************************************************************/
+
+DOMAIN_GRP *getgroupnam(char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem)
+{
+	return gpdb_ops->getgroupnam(name, mem, num_mem);
+}
+
+/************************************************************************
+ Routine to search group database by group rid.
+*************************************************************************/
+
+DOMAIN_GRP *getgrouprid(uint32 group_rid, DOMAIN_GRP_MEMBER **mem, int *num_mem)
+{
+	return gpdb_ops->getgrouprid(group_rid, mem, num_mem);
+}
+
+/************************************************************************
+ Routine to search group database by gid.
+*************************************************************************/
+
+DOMAIN_GRP *getgroupgid(gid_t gid, DOMAIN_GRP_MEMBER **mem, int *num_mem)
+{
+	return gpdb_ops->getgroupgid(gid, mem, num_mem);
+}
+
+/*************************************************************************
+ gets an array of groups that a user is in.
+ *************************************************************************/
+BOOL getusergroupsnam(char *user_name, DOMAIN_GRP **grp, int *num_grps)
+{
+	return gpdb_ops->getusergroupsnam(user_name, grp, num_grps);
+}
+
+/*************************************************************
+ initialises a DOMAIN_GRP.
+ **************************************************************/
+
+void gpdb_init_grp(DOMAIN_GRP *grp)
+{
+	if (grp == NULL) return;
+	ZERO_STRUCTP(grp);
+}
+
diff --git a/source3/groupdb/groupfile.c b/source3/groupdb/groupfile.c
new file mode 100644
index 0000000000..4502b190aa
--- /dev/null
+++ b/source3/groupdb/groupfile.c
@@ -0,0 +1,285 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * SMB parameters and setup
+ * Copyright (C) Andrew Tridgell 1992-1998 Modified by Jeremy Allison 1995.
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 675
+ * Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+#ifdef USE_SMBPASS_DB
+
+static int gp_file_lock_depth = 0;
+
+static char s_readbuf[1024];
+
+/***************************************************************
+ Start to enumerate the grppasswd list. Returns a void pointer
+ to ensure no modification outside this module.
+****************************************************************/
+
+static void *startgrpfilepwent(BOOL update)
+{
+	return startfilepwent(lp_smb_group_file(),
+	                      s_readbuf, sizeof(s_readbuf),
+	                      &gp_file_lock_depth, update);
+}
+
+/***************************************************************
+ End enumeration of the grppasswd list.
+****************************************************************/
+
+static void endgrpfilepwent(void *vp)
+{
+	endfilepwent(vp, &gp_file_lock_depth);
+}
+
+/*************************************************************************
+ Return the current position in the grppasswd list as an SMB_BIG_UINT.
+ This must be treated as an opaque token.
+*************************************************************************/
+static SMB_BIG_UINT getgrpfilepwpos(void *vp)
+{
+	return getfilepwpos(vp);
+}
+
+/*************************************************************************
+ Set the current position in the grppasswd list from an SMB_BIG_UINT.
+ This must be treated as an opaque token.
+*************************************************************************/
+static BOOL setgrpfilepwpos(void *vp, SMB_BIG_UINT tok)
+{
+	return setfilepwpos(vp, tok);
+}
+
+static BOOL make_group_line(char *p, int max_len,
+				DOMAIN_GRP *grp,
+				DOMAIN_GRP_MEMBER **mem, int *num_mem)
+{
+	int i;
+	int len;
+	len = slprintf(p, max_len-1, "%s:%s:%d:", grp->name, grp->comment, grp->rid);
+
+	if (len == -1)
+	{
+		DEBUG(0,("make_group_line: cannot create entry\n"));
+		return False;
+	}
+
+	p += len;
+	max_len -= len;
+
+	if (mem == NULL || num_mem == NULL)
+	{
+		return True;
+	}
+
+	for (i = 0; i < (*num_mem); i++)
+	{
+		len = strlen((*mem)[i].name);
+		p = safe_strcpy(p, (*mem)[i].name, max_len); 
+
+		if (p == NULL)
+		{
+			DEBUG(0, ("make_group_line: out of space for groups!\n"));
+			return False;
+		}
+
+		max_len -= len;
+
+		if (i != (*num_mem)-1)
+		{
+			*p = ',';
+			p++;
+			max_len--;
+		}
+	}
+
+	return True;
+}
+
+/*************************************************************************
+ Routine to return the next entry in the smbdomaingroup list.
+ *************************************************************************/
+static char *get_group_members(char *p, int *num_mem, DOMAIN_GRP_MEMBER **members)
+{
+	fstring name;
+
+	if (num_mem == NULL || members == NULL)
+	{
+		return NULL;
+	}
+
+	(*num_mem) = 0;
+	(*members) = NULL;
+
+	while (next_token(&p, name, ",", sizeof(fstring)))
+	{
+		DOMAIN_GRP_MEMBER *mbrs;
+		
+		mbrs = Realloc((*members), ((*num_mem)+1) * sizeof(DOMAIN_GRP_MEMBER));
+		if (mbrs == NULL) {
+			SAFE_FREE(*members);
+			return NULL;
+		}
+		else (*members) = mbrs;
+		fstrcpy((*members)[(*num_mem)].name, name);
+		(*members)[(*num_mem)].attr = 0x07;
+		(*num_mem)++;
+	}
+	return p;
+}
+
+/*************************************************************************
+ Routine to return the next entry in the smbdomaingroup list.
+ *************************************************************************/
+static DOMAIN_GRP *getgrpfilepwent(void *vp, DOMAIN_GRP_MEMBER **mem, int *num_mem)
+{
+	/* Static buffers we will return. */
+	static DOMAIN_GRP gp_buf;
+
+	int gidval;
+
+	pstring linebuf;
+	char  *p;
+	size_t            linebuf_len;
+
+	gpdb_init_grp(&gp_buf);
+
+	/*
+	 * Scan the file, a line at a time and check if the name matches.
+	 */
+	while ((linebuf_len = getfileline(vp, linebuf, sizeof(linebuf))) > 0)
+	{
+		/* get group name */
+
+		p = strncpyn(gp_buf.name, linebuf, sizeof(gp_buf.name), ':');
+		if (p == NULL)
+		{
+			DEBUG(0, ("getgrpfilepwent: malformed group entry (no :)\n"));
+			continue;
+		}
+
+		/* Go past ':' */
+		p++;
+
+		/* get group comment */
+
+		p = strncpyn(gp_buf.comment, p, sizeof(gp_buf.comment), ':');
+		if (p == NULL)
+		{
+			DEBUG(0, ("getgrpfilepwent: malformed group entry (no :)\n"));
+			continue;
+		}
+
+		/* Go past ':' */
+		p++;
+
+		/* Get group gid. */
+
+		p = Atoic(p, &gidval, ":");
+
+		if (p == NULL)
+		{
+			DEBUG(0, ("getgrpfilepwent: malformed group entry (no : after uid)\n"));
+			continue;
+		}
+
+		/* Go past ':' */
+		p++;
+
+		/* now get the user's groups.  there are a maximum of 32 */
+
+		if (mem != NULL && num_mem != NULL)
+		{
+			(*mem) = NULL;
+			(*num_mem) = 0;
+
+			p = get_group_members(p, num_mem, mem);
+			if (p == NULL)
+			{
+				DEBUG(0, ("getgrpfilepwent: malformed group entry (no : after members)\n"));
+			}
+		}
+
+		/* ok, set up the static data structure and return it */
+
+		gp_buf.rid     = pwdb_gid_to_group_rid((gid_t)gidval);
+		gp_buf.attr    = 0x07;
+
+		make_group_line(linebuf, sizeof(linebuf), &gp_buf, mem, num_mem);
+		DEBUG(10,("line: '%s'\n", linebuf));
+
+		return &gp_buf;
+	}
+
+	DEBUG(5,("getgrpfilepwent: end of file reached.\n"));
+	return NULL;
+}
+
+/************************************************************************
+ Routine to add an entry to the grppasswd file.
+*************************************************************************/
+
+static BOOL add_grpfilegrp_entry(DOMAIN_GRP *newgrp)
+{
+	DEBUG(0, ("add_grpfilegrp_entry: NOT IMPLEMENTED\n"));
+	return False;
+}
+
+/************************************************************************
+ Routine to search the grppasswd file for an entry matching the groupname.
+ and then modify its group entry. We can't use the startgrppwent()/
+ getgrppwent()/endgrppwent() interfaces here as we depend on looking
+ in the actual file to decide how much room we have to write data.
+ override = False, normal
+ override = True, override XXXXXXXX'd out group or NO PASS
+************************************************************************/
+
+static BOOL mod_grpfilegrp_entry(DOMAIN_GRP* grp)
+{
+	DEBUG(0, ("mod_grpfilegrp_entry: NOT IMPLEMENTED\n"));
+	return False;
+}
+
+
+static struct groupdb_ops file_ops =
+{
+	startgrpfilepwent,
+	endgrpfilepwent,
+	getgrpfilepwpos,
+	setgrpfilepwpos,
+
+	iterate_getgroupnam,          /* In groupdb.c */
+	iterate_getgroupgid,          /* In groupdb.c */
+	iterate_getgrouprid,          /* In groupdb.c */
+	getgrpfilepwent,
+
+	add_grpfilegrp_entry,
+	mod_grpfilegrp_entry,
+
+	iterate_getusergroupsnam      /* in groupdb.c */
+};
+
+struct groupdb_ops *file_initialise_group_db(void)
+{    
+	return &file_ops;
+}
+
+#else
+ /* Do *NOT* make this function static. It breaks the compile on gcc. JRA */
+ void grppass_dummy_function(void) { } /* stop some compilers complaining */
+#endif /* USE_SMBPASS_DB */
diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c
new file mode 100644
index 0000000000..99ccffb464
--- /dev/null
+++ b/source3/groupdb/mapping.c
@@ -0,0 +1,1225 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell              1992-2000,
+ *  Copyright (C) Jean François Micouleau      1998-2001.
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+extern DOM_SID global_sam_sid;
+
+static TDB_CONTEXT *tdb; /* used for driver files */
+
+#define DATABASE_VERSION_V1 1 /* native byte format. */
+#define DATABASE_VERSION_V2 2 /* le format. */
+
+#define GROUP_PREFIX "UNIXGROUP/"
+
+PRIVS privs[] = {
+	{SE_PRIV_NONE,           "no_privs",                  "No privilege"                    }, /* this one MUST be first */
+	{SE_PRIV_ADD_MACHINES,   "SeMachineAccountPrivilege", "Add workstations to the domain"  },
+	{SE_PRIV_SEC_PRIV,       "SeSecurityPrivilege",       "Manage the audit logs"           },
+	{SE_PRIV_TAKE_OWNER,     "SeTakeOwnershipPrivilege",  "Take ownership of file"          },
+	{SE_PRIV_ADD_USERS,      "SaAddUsers",                "Add users to the domain - Samba" },
+	{SE_PRIV_PRINT_OPERATOR, "SaPrintOp",                 "Add or remove printers - Samba"  },
+	{SE_PRIV_ALL,            "SaAllPrivs",                "all privileges"                  }
+};
+/*
+PRIVS privs[] = {
+	{  2, "SeCreateTokenPrivilege" },
+	{  3, "SeAssignPrimaryTokenPrivilege" },
+	{  4, "SeLockMemoryPrivilege" },
+	{  5, "SeIncreaseQuotaPrivilege" },
+	{  6, "SeMachineAccountPrivilege" },
+	{  7, "SeTcbPrivilege" },
+	{  8, "SeSecurityPrivilege" },
+	{  9, "SeTakeOwnershipPrivilege" },
+	{ 10, "SeLoadDriverPrivilege" },
+	{ 11, "SeSystemProfilePrivilege" },
+	{ 12, "SeSystemtimePrivilege" },
+	{ 13, "SeProfileSingleProcessPrivilege" },
+	{ 14, "SeIncreaseBasePriorityPrivilege" },
+	{ 15, "SeCreatePagefilePrivilege" },
+	{ 16, "SeCreatePermanentPrivilege" },
+	{ 17, "SeBackupPrivilege" },
+	{ 18, "SeRestorePrivilege" },
+	{ 19, "SeShutdownPrivilege" },
+	{ 20, "SeDebugPrivilege" },
+	{ 21, "SeAuditPrivilege" },
+	{ 22, "SeSystemEnvironmentPrivilege" },
+	{ 23, "SeChangeNotifyPrivilege" },
+	{ 24, "SeRemoteShutdownPrivilege" },
+	{ 25, "SeUndockPrivilege" },
+	{ 26, "SeSyncAgentPrivilege" },
+	{ 27, "SeEnableDelegationPrivilege" },
+};
+*/
+
+	/*
+	 * Those are not really privileges like the other ones.
+	 * They are handled in a special case and called
+	 * system privileges.
+	 *
+	 * SeNetworkLogonRight
+	 * SeUnsolicitedInputPrivilege
+	 * SeBatchLogonRight
+	 * SeServiceLogonRight
+	 * SeInteractiveLogonRight
+	 * SeDenyInteractiveLogonRight
+	 * SeDenyNetworkLogonRight
+	 * SeDenyBatchLogonRight
+	 * SeDenyBatchLogonRight
+	 */
+
+#if 0
+/****************************************************************************
+check if the user has the required privilege.
+****************************************************************************/
+static BOOL se_priv_access_check(NT_USER_TOKEN *token, uint32 privilege)
+{
+	/* no token, no privilege */
+	if (token==NULL)
+		return False;
+	
+	if ((token->privilege & privilege)==privilege)
+		return True;
+	
+	return False;
+}
+#endif
+
+/****************************************************************************
+dump the mapping group mapping to a text file
+****************************************************************************/
+char *decode_sid_name_use(fstring group, enum SID_NAME_USE name_use)
+{	
+	static fstring group_type;
+
+	switch(name_use) {
+		case SID_NAME_USER:
+			fstrcpy(group_type,"User");
+			break;
+		case SID_NAME_DOM_GRP:
+			fstrcpy(group_type,"Domain group");
+			break;
+		case SID_NAME_DOMAIN:
+			fstrcpy(group_type,"Domain");
+			break;
+		case SID_NAME_ALIAS:
+			fstrcpy(group_type,"Local group");
+			break;
+		case SID_NAME_WKN_GRP:
+			fstrcpy(group_type,"Builtin group");
+			break;
+		case SID_NAME_DELETED:
+			fstrcpy(group_type,"Deleted");
+			break;
+		case SID_NAME_INVALID:
+			fstrcpy(group_type,"Invalid");
+			break;
+		case SID_NAME_UNKNOWN:
+		default:
+			fstrcpy(group_type,"Unknown type");
+			break;
+	}
+	
+	fstrcpy(group, group_type);
+	return group_type;
+}
+
+/****************************************************************************
+initialise first time the mapping list - called from init_group_mapping()
+****************************************************************************/
+static BOOL default_group_mapping(void)
+{
+	DOM_SID sid_admins;
+	DOM_SID sid_users;
+	DOM_SID sid_guests;
+	fstring str_admins;
+	fstring str_users;
+	fstring str_guests;
+	LUID_ATTR set;
+
+	PRIVILEGE_SET privilege_none;
+	PRIVILEGE_SET privilege_all;
+	PRIVILEGE_SET privilege_print_op;
+
+	init_privilege(&privilege_none);
+	init_privilege(&privilege_all);
+	init_privilege(&privilege_print_op);
+
+	set.attr=0;
+	set.luid.high=0;
+	set.luid.low=SE_PRIV_PRINT_OPERATOR;
+	add_privilege(&privilege_print_op, set);
+
+	add_all_privilege(&privilege_all);
+
+	/* Add the Wellknown groups */
+
+	add_initial_entry(-1, "S-1-5-32-544", SID_NAME_ALIAS, "Administrators", "", privilege_all, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
+	add_initial_entry(-1, "S-1-5-32-545", SID_NAME_ALIAS, "Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
+	add_initial_entry(-1, "S-1-5-32-546", SID_NAME_ALIAS, "Guests", "", privilege_none, PR_ACCESS_FROM_NETWORK);
+	add_initial_entry(-1, "S-1-5-32-547", SID_NAME_ALIAS, "Power Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
+
+	add_initial_entry(-1, "S-1-5-32-548", SID_NAME_ALIAS, "Account Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
+	add_initial_entry(-1, "S-1-5-32-549", SID_NAME_ALIAS, "System Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
+	add_initial_entry(-1, "S-1-5-32-550", SID_NAME_ALIAS, "Print Operators", "", privilege_print_op, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
+	add_initial_entry(-1, "S-1-5-32-551", SID_NAME_ALIAS, "Backup Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
+
+	add_initial_entry(-1, "S-1-5-32-552", SID_NAME_ALIAS, "Replicators", "", privilege_none, PR_ACCESS_FROM_NETWORK);
+
+	/* Add the defaults domain groups */
+
+	sid_copy(&sid_admins, &global_sam_sid);
+	sid_append_rid(&sid_admins, DOMAIN_GROUP_RID_ADMINS);
+	sid_to_string(str_admins, &sid_admins);
+	add_initial_entry(-1, str_admins, SID_NAME_DOM_GRP, "Domain Admins", "", privilege_all, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
+
+	sid_copy(&sid_users,  &global_sam_sid);
+	sid_append_rid(&sid_users,  DOMAIN_GROUP_RID_USERS);
+	sid_to_string(str_users, &sid_users);
+	add_initial_entry(-1, str_users,  SID_NAME_DOM_GRP, "Domain Users",  "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
+
+	sid_copy(&sid_guests, &global_sam_sid);
+	sid_append_rid(&sid_guests, DOMAIN_GROUP_RID_GUESTS);
+	sid_to_string(str_guests, &sid_guests);
+	add_initial_entry(-1, str_guests, SID_NAME_DOM_GRP, "Domain Guests", "", privilege_none, PR_ACCESS_FROM_NETWORK);
+
+	return True;
+}
+
+/****************************************************************************
+ Open the group mapping tdb.
+****************************************************************************/
+
+static BOOL init_group_mapping(void)
+{
+	static pid_t local_pid;
+	char *vstring = "INFO/version";
+	int32 vers_id;
+	
+	if (tdb && local_pid == sys_getpid())
+		return True;
+	tdb = tdb_open_log(lock_path("group_mapping.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
+	if (!tdb) {
+		DEBUG(0,("Failed to open group mapping database\n"));
+		return False;
+	}
+
+	local_pid = sys_getpid();
+
+	/* handle a Samba upgrade */
+	tdb_lock_bystring(tdb, vstring);
+
+	/* Cope with byte-reversed older versions of the db. */
+	vers_id = tdb_fetch_int32(tdb, vstring);
+	if ((vers_id == DATABASE_VERSION_V1) || (IREV(vers_id) == DATABASE_VERSION_V1)) {
+		/* Written on a bigendian machine with old fetch_int code. Save as le. */
+		tdb_store_int32(tdb, vstring, DATABASE_VERSION_V2);
+		vers_id = DATABASE_VERSION_V2;
+	}
+
+	if (vers_id != DATABASE_VERSION_V2) {
+		tdb_traverse(tdb, tdb_traverse_delete_fn, NULL);
+		tdb_store_int32(tdb, vstring, DATABASE_VERSION_V2);
+	}
+
+	tdb_unlock_bystring(tdb, vstring);
+
+	/* write a list of default groups */
+	if(!default_group_mapping())
+		return False;
+
+	return True;
+}
+
+/****************************************************************************
+****************************************************************************/
+BOOL add_mapping_entry(GROUP_MAP *map, int flag)
+{
+	TDB_DATA kbuf, dbuf;
+	pstring key, buf;
+	fstring string_sid="";
+	int len;
+	int i;
+	PRIVILEGE_SET *set;
+
+	if(!init_group_mapping()) {
+		DEBUG(0,("failed to initialize group mapping"));
+		return(False);
+	}
+	
+	sid_to_string(string_sid, &map->sid);
+
+	len = tdb_pack(buf, sizeof(buf), "ddffd",
+			map->gid, map->sid_name_use, map->nt_name, map->comment, map->systemaccount);
+
+	/* write the privilege list in the TDB database */
+
+	set=&map->priv_set;
+	len += tdb_pack(buf+len, sizeof(buf)-len, "d", set->count);
+	for (i=0; i<set->count; i++)
+		len += tdb_pack(buf+len, sizeof(buf)-len, "ddd", 
+				set->set[i].luid.low, set->set[i].luid.high, set->set[i].attr);
+
+	if (len > sizeof(buf))
+		return False;
+
+	slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid);
+
+	kbuf.dsize = strlen(key)+1;
+	kbuf.dptr = key;
+	dbuf.dsize = len;
+	dbuf.dptr = buf;
+	if (tdb_store(tdb, kbuf, dbuf, flag) != 0) return False;
+
+	return True;
+}
+
+/****************************************************************************
+initialise first time the mapping list
+****************************************************************************/
+BOOL add_initial_entry(gid_t gid, fstring sid, enum SID_NAME_USE sid_name_use,
+			      fstring nt_name, fstring comment, PRIVILEGE_SET priv_set, uint32 systemaccount)
+{
+	GROUP_MAP map;
+
+	if(!init_group_mapping()) {
+		DEBUG(0,("failed to initialize group mapping"));
+		return(False);
+	}
+	
+	map.gid=gid;
+	string_to_sid(&map.sid, sid);
+	map.sid_name_use=sid_name_use;
+	fstrcpy(map.nt_name, nt_name);
+	fstrcpy(map.comment, comment);
+	map.systemaccount=systemaccount;
+
+	map.priv_set.count=priv_set.count;
+	map.priv_set.set=priv_set.set;
+
+	add_mapping_entry(&map, TDB_INSERT);
+
+	return True;
+}
+
+/****************************************************************************
+initialise a privilege list
+****************************************************************************/
+void init_privilege(PRIVILEGE_SET *priv_set)
+{
+	priv_set->count=0;
+	priv_set->control=0;
+	priv_set->set=NULL;
+}
+
+/****************************************************************************
+free a privilege list
+****************************************************************************/
+BOOL free_privilege(PRIVILEGE_SET *priv_set)
+{
+	if (priv_set->count==0) {
+		DEBUG(100,("free_privilege: count=0, nothing to clear ?\n"));
+		return False;
+	}
+
+	if (priv_set->set==NULL) {
+		DEBUG(0,("free_privilege: list ptr is NULL, very strange !\n"));
+		return False;
+	}
+
+	safe_free(priv_set->set);
+	priv_set->count=0;
+	priv_set->control=0;
+	priv_set->set=NULL;
+
+	return True;
+}
+
+/****************************************************************************
+add a privilege to a privilege array
+****************************************************************************/
+BOOL add_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set)
+{
+	LUID_ATTR *new_set;
+
+	/* check if the privilege is not already in the list */
+	if (check_priv_in_privilege(priv_set, set))
+		return False;
+
+	/* we can allocate memory to add the new privilege */
+
+	new_set=(LUID_ATTR *)Realloc(priv_set->set, (priv_set->count+1)*(sizeof(LUID_ATTR)));
+	if (new_set==NULL) {
+		DEBUG(0,("add_privilege: could not Realloc memory to add a new privilege\n"));
+		return False;
+	}
+
+	new_set[priv_set->count].luid.high=set.luid.high;
+	new_set[priv_set->count].luid.low=set.luid.low;
+	new_set[priv_set->count].attr=set.attr;
+	
+	priv_set->count++;
+	priv_set->set=new_set;
+	
+	return True;	
+}
+
+/****************************************************************************
+add all the privileges to a privilege array
+****************************************************************************/
+BOOL add_all_privilege(PRIVILEGE_SET *priv_set)
+{
+	LUID_ATTR set;
+
+	set.attr=0;
+	set.luid.high=0;
+	
+	set.luid.low=SE_PRIV_ADD_USERS;
+	add_privilege(priv_set, set);
+
+	set.luid.low=SE_PRIV_ADD_MACHINES;
+	add_privilege(priv_set, set);
+
+	set.luid.low=SE_PRIV_PRINT_OPERATOR;
+	add_privilege(priv_set, set);
+	
+	return True;
+}
+
+/****************************************************************************
+check if the privilege list is empty
+****************************************************************************/
+BOOL check_empty_privilege(PRIVILEGE_SET *priv_set)
+{
+	return (priv_set->count == 0);
+}
+
+/****************************************************************************
+check if the privilege is in the privilege list
+****************************************************************************/
+BOOL check_priv_in_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set)
+{
+	int i;
+
+	/* if the list is empty, obviously we can't have it */
+	if (check_empty_privilege(priv_set))
+		return False;
+
+	for (i=0; i<priv_set->count; i++) {
+		LUID_ATTR *cur_set;
+
+		cur_set=&priv_set->set[i];
+		/* check only the low and high part. Checking the attr field has no meaning */
+		if( (cur_set->luid.low==set.luid.low) && (cur_set->luid.high==set.luid.high) )
+			return True;
+	}
+
+	return False;
+}
+
+/****************************************************************************
+remove a privilege to a privilege array
+****************************************************************************/
+BOOL remove_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set)
+{
+	LUID_ATTR *new_set;
+	LUID_ATTR *old_set;
+	int i,j;
+
+	/* check if the privilege is in the list */
+	if (!check_priv_in_privilege(priv_set, set))
+		return False;
+
+	/* special case if it's the only privilege in the list */
+	if (priv_set->count==1) {
+		free_privilege(priv_set);
+		init_privilege(priv_set);	
+	
+		return True;
+	}
+
+	/* 
+	 * the privilege is there, create a new list,
+	 * and copy the other privileges
+	 */
+
+	old_set=priv_set->set;
+
+	new_set=(LUID_ATTR *)malloc((priv_set->count-1)*(sizeof(LUID_ATTR)));
+	if (new_set==NULL) {
+		DEBUG(0,("remove_privilege: could not malloc memory for new privilege list\n"));
+		return False;
+	}
+
+	for (i=0, j=0; i<priv_set->count; i++) {
+		if ((old_set[i].luid.low==set.luid.low) && 
+		    (old_set[i].luid.high==set.luid.high)) {
+		    	continue;
+		}
+		
+		new_set[j].luid.low=old_set[i].luid.low;
+		new_set[j].luid.high=old_set[i].luid.high;
+		new_set[j].attr=old_set[i].attr;
+
+		j++;
+	}
+	
+	if (j!=priv_set->count-1) {
+		DEBUG(0,("remove_privilege: mismatch ! difference is not -1\n"));
+		DEBUGADD(0,("old count:%d, new count:%d\n", priv_set->count, j));
+		safe_free(new_set);
+		return False;
+	}
+		
+	/* ok everything is fine */
+	
+	priv_set->count--;
+	priv_set->set=new_set;
+	
+	safe_free(old_set);
+	
+	return True;	
+}
+
+/****************************************************************************
+return the sid and the type of the unix group
+****************************************************************************/
+BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv)
+{
+	TDB_DATA kbuf, dbuf;
+	pstring key;
+	fstring string_sid;
+	int ret;
+	int i;
+	PRIVILEGE_SET *set;
+	
+	if(!init_group_mapping()) {
+		DEBUG(0,("failed to initialize group mapping"));
+		return(False);
+	}
+
+	/* the key is the SID, retrieving is direct */
+
+	sid_to_string(string_sid, &sid);
+	slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid);
+
+	kbuf.dptr = key;
+	kbuf.dsize = strlen(key)+1;
+		
+	dbuf = tdb_fetch(tdb, kbuf);
+	if (!dbuf.dptr) return False;
+
+	ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddffd",
+				&map->gid, &map->sid_name_use, &map->nt_name, &map->comment, &map->systemaccount);
+
+	set=&map->priv_set;
+	init_privilege(set);
+	ret += tdb_unpack(dbuf.dptr+ret, dbuf.dsize-ret, "d", &set->count);
+
+	DEBUG(10,("get_group_map_from_sid: %d privileges\n", map->priv_set.count));
+
+	set->set = NULL;
+	if (set->count) {
+		set->set=(LUID_ATTR *)smb_xmalloc(set->count*sizeof(LUID_ATTR));
+	}
+
+	for (i=0; i<set->count; i++)
+		ret += tdb_unpack(dbuf.dptr+ret, dbuf.dsize-ret, "ddd", 
+				&(set->set[i].luid.low), &(set->set[i].luid.high), &(set->set[i].attr));
+
+	SAFE_FREE(dbuf.dptr);
+	if (ret != dbuf.dsize) {
+		DEBUG(0,("get_group_map_from_sid: group mapping TDB corrupted ?\n"));
+		free_privilege(set);
+		return False;
+	}
+
+	/* we don't want the privileges */
+	if (with_priv==MAPPING_WITHOUT_PRIV)
+		free_privilege(set);
+
+	sid_copy(&map->sid, &sid);
+	
+	return True;
+}
+
+
+/****************************************************************************
+return the sid and the type of the unix group
+****************************************************************************/
+BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map, BOOL with_priv)
+{
+	TDB_DATA kbuf, dbuf, newkey;
+	fstring string_sid;
+	int ret;
+	int i;
+	PRIVILEGE_SET *set;
+
+	if(!init_group_mapping()) {
+		DEBUG(0,("failed to initialize group mapping"));
+		return(False);
+	}
+
+	/* we need to enumerate the TDB to find the GID */
+
+	for (kbuf = tdb_firstkey(tdb); 
+	     kbuf.dptr; 
+	     newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) {
+
+		if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue;
+		
+		dbuf = tdb_fetch(tdb, kbuf);
+		if (!dbuf.dptr) continue;
+
+		fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX));
+
+		string_to_sid(&map->sid, string_sid);
+		
+		ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddffd",
+				 &map->gid, &map->sid_name_use, &map->nt_name, &map->comment, &map->systemaccount);
+
+		set=&map->priv_set;
+		ret += tdb_unpack(dbuf.dptr+ret, dbuf.dsize-ret, "d", &set->count);
+		set->set = NULL;
+		if (set->count) {
+			set->set=(LUID_ATTR *)smb_xmalloc(set->count*sizeof(LUID_ATTR));
+		}
+
+		for (i=0; i<set->count; i++)
+			ret += tdb_unpack(dbuf.dptr+ret, dbuf.dsize-ret, "ddd", 
+					&(set->set[i].luid.low), &(set->set[i].luid.high), &(set->set[i].attr));
+
+		SAFE_FREE(dbuf.dptr);
+		if (ret != dbuf.dsize){
+			free_privilege(set);
+			continue;
+		}
+
+		if (gid==map->gid) {
+			if (!with_priv)
+				free_privilege(&map->priv_set);
+			return True;
+		}
+		
+		free_privilege(set);
+	}
+
+	return False;
+}
+
+/****************************************************************************
+return the sid and the type of the unix group
+****************************************************************************/
+BOOL get_group_map_from_ntname(char *name, GROUP_MAP *map, BOOL with_priv)
+{
+	TDB_DATA kbuf, dbuf, newkey;
+	fstring string_sid;
+	int ret;
+	int i;
+	PRIVILEGE_SET *set;
+
+	if(!init_group_mapping()) {
+		DEBUG(0,("failed to initialize group mapping"));
+		return(False);
+	}
+
+	/* we need to enumerate the TDB to find the name */
+
+	for (kbuf = tdb_firstkey(tdb); 
+	     kbuf.dptr; 
+	     newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) {
+
+		if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue;
+		
+		dbuf = tdb_fetch(tdb, kbuf);
+		if (!dbuf.dptr) continue;
+
+		fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX));
+
+		string_to_sid(&map->sid, string_sid);
+		
+		ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddffd",
+				 &map->gid, &map->sid_name_use, &map->nt_name, &map->comment, &map->systemaccount);
+
+		set=&map->priv_set;
+		ret += tdb_unpack(dbuf.dptr+ret, dbuf.dsize-ret, "d", &set->count);
+	
+		set->set=(LUID_ATTR *)malloc(set->count*sizeof(LUID_ATTR));
+		if (set->set==NULL) {
+			DEBUG(0,("get_group_map_from_ntname: could not allocate memory for privileges\n"));
+			return False;
+		}
+
+		for (i=0; i<set->count; i++)
+			ret += tdb_unpack(dbuf.dptr+ret, dbuf.dsize-ret, "ddd", 
+					&(set->set[i].luid.low), &(set->set[i].luid.high), &(set->set[i].attr));
+
+		SAFE_FREE(dbuf.dptr);
+		if (ret != dbuf.dsize) {
+			free_privilege(set);
+			continue;
+		}
+
+		if (StrCaseCmp(name, map->nt_name)==0) {
+			if (!with_priv)
+				free_privilege(&map->priv_set);
+			return True;
+		}
+
+		free_privilege(set);
+	}
+
+	return False;
+}
+
+/****************************************************************************
+ remove a group mapping entry
+****************************************************************************/
+BOOL group_map_remove(DOM_SID sid)
+{
+	TDB_DATA kbuf, dbuf;
+	pstring key;
+	fstring string_sid;
+	
+	if(!init_group_mapping()) {
+		DEBUG(0,("failed to initialize group mapping"));
+		return(False);
+	}
+
+	/* the key is the SID, retrieving is direct */
+
+	sid_to_string(string_sid, &sid);
+	slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid);
+
+	kbuf.dptr = key;
+	kbuf.dsize = strlen(key)+1;
+		
+	dbuf = tdb_fetch(tdb, kbuf);
+	if (!dbuf.dptr) return False;
+	
+	SAFE_FREE(dbuf.dptr);
+
+	if(tdb_delete(tdb, kbuf) != TDB_SUCCESS)
+		return False;
+
+	return True;
+}
+
+
+/****************************************************************************
+enumerate the group mapping
+****************************************************************************/
+BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap,
+			int *num_entries, BOOL unix_only, BOOL with_priv)
+{
+	TDB_DATA kbuf, dbuf, newkey;
+	fstring string_sid;
+	fstring group_type;
+	GROUP_MAP map;
+	GROUP_MAP *mapt;
+	int ret;
+	int entries=0;
+	int i;
+	PRIVILEGE_SET *set;
+
+	if(!init_group_mapping()) {
+		DEBUG(0,("failed to initialize group mapping"));
+		return(False);
+	}
+
+	*num_entries=0;
+	*rmap=NULL;
+
+	for (kbuf = tdb_firstkey(tdb); 
+	     kbuf.dptr; 
+	     newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) {
+
+		if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0)
+			continue;
+		
+		dbuf = tdb_fetch(tdb, kbuf);
+		if (!dbuf.dptr)
+			continue;
+
+		fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX));
+				
+		ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddffd",
+				 &map.gid, &map.sid_name_use, &map.nt_name, &map.comment, &map.systemaccount);
+
+		set=&map.priv_set;
+		init_privilege(set);
+		
+		ret += tdb_unpack(dbuf.dptr+ret, dbuf.dsize-ret, "d", &set->count);
+	
+		if (set->count!=0) {
+			set->set=(LUID_ATTR *)malloc(set->count*sizeof(LUID_ATTR));
+			if (set->set==NULL) {
+				DEBUG(0,("enum_group_mapping: could not allocate memory for privileges\n"));
+				return False;
+			}
+		}
+
+		for (i=0; i<set->count; i++)
+			ret += tdb_unpack(dbuf.dptr+ret, dbuf.dsize-ret, "ddd", 
+					&(set->set[i].luid.low), &(set->set[i].luid.high), &(set->set[i].attr));
+
+		SAFE_FREE(dbuf.dptr);
+		if (ret != dbuf.dsize) {
+			DEBUG(11,("enum_group_mapping: error in memory size\n"));
+			free_privilege(set);
+			continue;
+		}
+
+		/* list only the type or everything if UNKNOWN */
+		if (sid_name_use!=SID_NAME_UNKNOWN  && sid_name_use!=map.sid_name_use) {
+			DEBUG(11,("enum_group_mapping: group %s is not of the requested type\n", map.nt_name));
+			free_privilege(set);
+			continue;
+		}
+		
+		if (unix_only==ENUM_ONLY_MAPPED && map.gid==-1) {
+			DEBUG(11,("enum_group_mapping: group %s is non mapped\n", map.nt_name));
+			free_privilege(set);
+			continue;
+		}
+
+		string_to_sid(&map.sid, string_sid);
+		
+		decode_sid_name_use(group_type, map.sid_name_use);
+		DEBUG(11,("enum_group_mapping: returning group %s of type %s\n", map.nt_name ,group_type));
+
+		mapt=(GROUP_MAP *)Realloc((*rmap), (entries+1)*sizeof(GROUP_MAP));
+		if (!mapt) {
+			DEBUG(0,("enum_group_mapping: Unable to enlarge group map!\n"));
+			SAFE_FREE(*rmap);
+			free_privilege(set);
+			return False;
+		}
+		else
+			(*rmap) = mapt;
+
+		mapt[entries].gid = map.gid;
+		sid_copy( &mapt[entries].sid, &map.sid);
+		mapt[entries].sid_name_use = map.sid_name_use;
+		fstrcpy(mapt[entries].nt_name, map.nt_name);
+		fstrcpy(mapt[entries].comment, map.comment);
+		mapt[entries].systemaccount=map.systemaccount;
+		mapt[entries].priv_set.count=set->count;
+		mapt[entries].priv_set.control=set->control;
+		mapt[entries].priv_set.set=set->set;
+		if (!with_priv)
+			free_privilege(&(mapt[entries].priv_set));
+
+		entries++;
+	}
+
+	*num_entries=entries;
+	return True;
+}
+
+
+/****************************************************************************
+convert a privilege string to a privilege array
+****************************************************************************/
+void convert_priv_from_text(PRIVILEGE_SET *se_priv, char *privilege)
+{
+	pstring tok;
+	char *p = privilege;
+	int i;
+	LUID_ATTR set;
+
+	/* By default no privilege */
+	init_privilege(se_priv);
+	
+	if (privilege==NULL)
+		return;
+
+	while(next_token(&p, tok, " ", sizeof(tok)) ) {
+		for (i=0; i<=PRIV_ALL_INDEX; i++) {
+			if (StrCaseCmp(privs[i].priv, tok)==0) {
+				set.attr=0;
+				set.luid.high=0;
+				set.luid.low=privs[i].se_priv;
+				add_privilege(se_priv, set);
+			}
+		}		
+	}
+}
+
+/****************************************************************************
+convert a privilege array to a privilege string
+****************************************************************************/
+void convert_priv_to_text(PRIVILEGE_SET *se_priv, char *privilege)
+{
+	int i,j;
+
+	if (privilege==NULL)
+		return;
+
+	ZERO_STRUCTP(privilege);
+
+	if (check_empty_privilege(se_priv)) {
+		fstrcat(privilege, "No privilege");
+		return;
+	}
+
+	for(i=0; i<se_priv->count; i++) {
+		j=1;
+		while (privs[j].se_priv!=se_priv->set[i].luid.low && j<=PRIV_ALL_INDEX) {
+			j++;
+		}
+
+		fstrcat(privilege, privs[j].priv);
+		fstrcat(privilege, " ");
+	}
+}
+
+
+/*
+ *
+ * High level functions
+ * better to use them than the lower ones.
+ *
+ * we are checking if the group is in the mapping file
+ * and if the group is an existing unix group
+ *
+ */
+
+/* get a domain group from it's SID */
+
+BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv)
+{
+	struct group *grp;
+
+	if(!init_group_mapping()) {
+		DEBUG(0,("failed to initialize group mapping"));
+		return(False);
+	}
+
+	DEBUG(10, ("get_domain_group_from_sid\n"));
+
+	/* if the group is NOT in the database, it CAN NOT be a domain group */
+	if(!get_group_map_from_sid(sid, map, with_priv))
+		return False;
+
+	DEBUG(10, ("get_domain_group_from_sid: SID found in the TDB\n"));
+
+	/* if it's not a domain group, continue */
+	if (map->sid_name_use!=SID_NAME_DOM_GRP) {
+		if (with_priv)
+			free_privilege(&map->priv_set);
+		return False;
+	}
+
+	DEBUG(10, ("get_domain_group_from_sid: SID is a domain group\n"));
+ 	
+	if (map->gid==-1) {
+		if (with_priv)
+			free_privilege(&map->priv_set);
+		return False;
+	}
+
+	DEBUG(10, ("get_domain_group_from_sid: SID is mapped to gid:%d\n",map->gid));
+
+	if ( (grp=getgrgid(map->gid)) == NULL) {
+		DEBUG(10, ("get_domain_group_from_sid: gid DOESN'T exist in UNIX security\n"));
+		if (with_priv)
+			free_privilege(&map->priv_set);
+		return False;
+	}
+
+	DEBUG(10, ("get_domain_group_from_sid: gid exists in UNIX security\n"));
+
+	return True;
+}
+
+
+/* get a local (alias) group from it's SID */
+
+BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv)
+{
+	struct group *grp;
+
+	if(!init_group_mapping()) {
+		DEBUG(0,("failed to initialize group mapping"));
+		return(False);
+	}
+
+	/* The group is in the mapping table */
+	if(get_group_map_from_sid(sid, map, with_priv)) {
+		if (map->sid_name_use!=SID_NAME_ALIAS) {
+			if (with_priv)
+				free_privilege(&map->priv_set);
+			return False;
+ 		}
+		
+		if (map->gid==-1) {
+			if (with_priv)
+				free_privilege(&map->priv_set);
+			return False;
+		}
+
+		if ( (grp=getgrgid(map->gid)) == NULL) {
+			if (with_priv)
+				free_privilege(&map->priv_set);
+			return False;
+		}
+	} else {
+		/* the group isn't in the mapping table.
+		 * make one based on the unix information */
+		uint32 alias_rid;
+
+		sid_peek_rid(&sid, &alias_rid);
+		map->gid=pdb_group_rid_to_gid(alias_rid);
+
+		if ((grp=getgrgid(map->gid)) == NULL)
+			return False;
+
+		map->sid_name_use=SID_NAME_ALIAS;
+		map->systemaccount=PR_ACCESS_FROM_NETWORK;
+
+		fstrcpy(map->nt_name, grp->gr_name);
+		fstrcpy(map->comment, "Local Unix Group");
+
+		init_privilege(&map->priv_set);
+
+		sid_copy(&map->sid, &sid);
+	}
+
+	return True;
+}
+
+/* get a builtin group from it's SID */
+
+BOOL get_builtin_group_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv)
+{
+	struct group *grp;
+
+	if(!init_group_mapping()) {
+		DEBUG(0,("failed to initialize group mapping"));
+		return(False);
+	}
+
+	if(!get_group_map_from_sid(sid, map, with_priv))
+		return False;
+
+	if (map->sid_name_use!=SID_NAME_WKN_GRP) {
+		if (with_priv)
+			free_privilege(&map->priv_set);
+		return False;
+	}
+
+	if (map->gid==-1) {
+		if (with_priv)
+			free_privilege(&map->priv_set);
+		return False;
+	}
+
+	if ( (grp=getgrgid(map->gid)) == NULL) {
+		if (with_priv)
+			free_privilege(&map->priv_set);
+		return False;
+	}
+
+	return True;
+}
+
+
+
+/****************************************************************************
+Returns a GROUP_MAP struct based on the gid.
+****************************************************************************/
+BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map, BOOL with_priv)
+{
+	struct group *grp;
+
+	if(!init_group_mapping()) {
+		DEBUG(0,("failed to initialize group mapping"));
+		return(False);
+	}
+
+	if ( (grp=getgrgid(gid)) == NULL)
+		return False;
+
+	/*
+	 * make a group map from scratch if doesn't exist.
+	 */
+	if (!get_group_map_from_gid(gid, map, with_priv)) {
+		map->gid=gid;
+		map->sid_name_use=SID_NAME_ALIAS;
+		map->systemaccount=PR_ACCESS_FROM_NETWORK;
+		init_privilege(&map->priv_set);
+
+		/* interim solution until we have a last RID allocated */
+
+		sid_copy(&map->sid, &global_sam_sid);
+		sid_append_rid(&map->sid, pdb_gid_to_group_rid(gid));
+
+		fstrcpy(map->nt_name, grp->gr_name);
+		fstrcpy(map->comment, "Local Unix Group");
+	}
+	
+	return True;
+}
+
+
+
+
+/****************************************************************************
+ Get the member users of a group and
+ all the users who have that group as primary.
+            
+ give back an array of uid
+ return the grand number of users
+
+
+ TODO: sort the list and remove duplicate. JFM.
+
+****************************************************************************/
+        
+BOOL get_uid_list_of_group(gid_t gid, uid_t **uid, int *num_uids)
+{
+	struct group *grp;
+	struct passwd *pwd;
+	int i=0;
+	char *gr;
+	uid_t *u;
+ 
+	if(!init_group_mapping()) {
+		DEBUG(0,("failed to initialize group mapping"));
+		return(False);
+	}
+
+	*num_uids = 0;
+	*uid=NULL;
+	
+	if ( (grp=getgrgid(gid)) == NULL)
+		return False;
+
+	gr = grp->gr_mem[0];
+	DEBUG(10, ("getting members\n"));
+        
+	while (gr && (*gr != (char)'\0')) {
+		u = Realloc((*uid), sizeof(uid_t)*(*num_uids+1));
+		if (!u) {
+			DEBUG(0,("get_uid_list_of_group: unable to enlarge uid list!\n"));
+			return False;
+		}
+		else (*uid) = u;
+
+		if( (pwd=getpwnam_alloc(gr)) !=NULL) {
+			(*uid)[*num_uids]=pwd->pw_uid;
+			(*num_uids)++;
+		}
+		passwd_free(&pwd);
+		gr = grp->gr_mem[++i];
+	}
+	DEBUG(10, ("got [%d] members\n", *num_uids));
+
+	setpwent();
+	while ((pwd=getpwent()) != NULL) {
+		if (pwd->pw_gid==gid) {
+			u = Realloc((*uid), sizeof(uid_t)*(*num_uids+1));
+			if (!u) {
+				DEBUG(0,("get_uid_list_of_group: unable to enlarge uid list!\n"));
+				return False;
+			}
+			else (*uid) = u;
+			(*uid)[*num_uids]=pwd->pw_uid;
+
+			(*num_uids)++;
+		}
+	}
+	endpwent();
+	DEBUG(10, ("got primary groups, members: [%d]\n", *num_uids));
+
+        return True;
+}
+
+/****************************************************************************
+ Create a UNIX group on demand.
+****************************************************************************/
+
+int smb_create_group(char *unix_group)
+{
+	pstring add_script;
+	int ret;
+
+	pstrcpy(add_script, lp_addgroup_script());
+	if (! *add_script) return -1;
+	pstring_sub(add_script, "%g", unix_group);
+	ret = smbrun(add_script,NULL);
+	DEBUG(3,("smb_create_group: Running the command `%s' gave %d\n",add_script,ret));
+	return ret;
+}
+
+/****************************************************************************
+ Delete a UNIX group on demand.
+****************************************************************************/
+
+int smb_delete_group(char *unix_group)
+{
+	pstring del_script;
+	int ret;
+
+	pstrcpy(del_script, lp_delgroup_script());
+	if (! *del_script) return -1;
+	pstring_sub(del_script, "%g", unix_group);
+	ret = smbrun(del_script,NULL);
+	DEBUG(3,("smb_delete_group: Running the command `%s' gave %d\n",del_script,ret));
+	return ret;
+}
+
+/****************************************************************************
+ Create a UNIX group on demand.
+****************************************************************************/
+
+int smb_add_user_group(char *unix_group, char *unix_user)
+{
+	pstring add_script;
+	int ret;
+
+	pstrcpy(add_script, lp_addusertogroup_script());
+	if (! *add_script) return -1;
+	pstring_sub(add_script, "%g", unix_group);
+	pstring_sub(add_script, "%u", unix_user);
+	ret = smbrun(add_script,NULL);
+	DEBUG(3,("smb_add_user_group: Running the command `%s' gave %d\n",add_script,ret));
+	return ret;
+}
+
+/****************************************************************************
+ Delete a UNIX group on demand.
+****************************************************************************/
+
+int smb_delete_user_group(const char *unix_group, const char *unix_user)
+{
+	pstring del_script;
+	int ret;
+
+	pstrcpy(del_script, lp_deluserfromgroup_script());
+	if (! *del_script) return -1;
+	pstring_sub(del_script, "%g", unix_group);
+	pstring_sub(del_script, "%u", unix_user);
+	ret = smbrun(del_script,NULL);
+	DEBUG(3,("smb_delete_user_group: Running the command `%s' gave %d\n",del_script,ret));
+	return ret;
+}
diff --git a/source3/include/.cvsignore b/source3/include/.cvsignore
new file mode 100644
index 0000000000..60afd37315
--- /dev/null
+++ b/source3/include/.cvsignore
@@ -0,0 +1,5 @@
+build_env.h
+config.h
+stamp-h
+proto.h
+wrepld_proto.h
diff --git a/source3/include/MacExtensions.h b/source3/include/MacExtensions.h
new file mode 100644
index 0000000000..d09370ed9f
--- /dev/null
+++ b/source3/include/MacExtensions.h
@@ -0,0 +1,246 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB parameters and setup
+   Copyright (C) Andrew Tridgell 1992-1998
+   Copyright (C) John H Terpstra 1996-1998
+   Copyright (C) Luke Kenneth Casson Leighton 1996-1998
+   Copyright (C) Paul Ashton 1998
+    
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+#ifndef _MAC_EXTENSIONS_H
+#define _MAC_EXTENSIONS_H
+
+/* Folder that holds the stream info */
+#define STREAM_FOLDER 					".streams"
+#define STREAM_FOLDER_SLASH 			".streams/"
+
+/* Common Streams Names*/
+#define DefaultStreamTestLen	6
+#define DefaultStreamTest		":$DATA"
+#define AFPDATA_STREAM 			"::$DATA"
+#define AFPINFO_STREAM 			":AFP_AfpInfo:$DATA"
+#define AFPRESOURCE_STREAM 		":AFP_Resource:$DATA"
+#define AFPCOMMENTS_STREAM 		":Comments:$DATA"
+#define AFPDESKTOP_STREAM 		":AFP_DeskTop:$DATA"
+#define AFPIDINDEX_STREAM 		":AFP_IdIndex:$DATA"
+
+/*
+** NT's AFP_AfpInfo stream structure
+*/
+#define APF_INFO_SIZE		0x3c		
+#define AFP_Signature		0x41465000 
+#define AFP_Version			0x00000100
+#define AFP_BackupTime		0x00000080
+#define AFP_FinderSize		32
+/*
+** Orginal AFP_AfpInfo stream used by NT 
+** We needed a way to store the create date so SAMBA
+** AFP_AfpInfo adds for bytes to this structrure
+** and call's it _SambaAfpInfo
+*/
+typedef struct _AfpInfo
+{
+	 uint32       	afpi_Signature;   		/* Must be *(PDWORD)"AFP" */
+	 uint32       	afpi_Version;     		/* Must be 0x00010000 */
+	 uint32       	afpi_Reserved1;
+	 uint32       	afpi_BackupTime;  		/* Backup time for the file/dir */
+	 unsigned char 	afpi_FinderInfo[AFP_FinderSize];  	/* Finder Info (32 bytes) */
+	 unsigned char 	afpi_ProDosInfo[6];  	/* ProDos Info (6 bytes) # */
+	 unsigned char 	afpi_Reserved2[6];
+} AfpInfo;
+
+typedef struct _SambaAfpInfo
+{
+	 AfpInfo       	afp; 
+	 unsigned long 	createtime;
+} SambaAfpInfo;
+
+/*
+** On SAMBA this structrue is followed by 4 bytes that store the create
+** date of the file or folder asociated with it.
+*/
+
+/*
+** These extentions are only supported with the NT LM 0.12 Dialect. These extentions
+** will be process on a share by share bases.
+*/
+
+/*
+** Trans2_Query_FS_Information Call is used by the MacCIFS extentions for three reasons.
+** First to see if the remote server share supports the basic Macintosh CIFS extentions.
+** Second to return some basic need information about the share to the Macintosh.
+** Third to see if this share support any other Macintosh extentions.
+**
+** We will be using infromation levels that are betwwen 0x300 and 0x399 for all Macintosh
+** extentions calls. The first of these will be the SMB_MAC_QUERY_FS_INFO level which
+** will allow the server to return the MacQueryFSInfo structure. All fields are Little
+** Endian unless other wise specified.
+*/
+#define SMB_MAC_QUERY_FS_INFO 0x301
+
+
+
+/* 
+** The server will return folder access control in the Trans2_Find_First2 
+** and Trans2_Find_Next2 message described later in this document. 
+*/
+#define SUPPORT_MAC_ACCESS_CNTRL	0x0010
+/*
+** The server supports setting/getting comments using the mechanism in this 
+** document instead of using the NTFS format described in the Introduction. 
+*/
+#define SUPPORT_MAC_GETSETCOMMENTS	0x0020
+/*
+** The Server supports setting and getting Macintosh desktop database information
+** using the mechanism in this document. 
+*/
+#define SUPPORT_MAC_DESKTOPDB_CALLS	0x0040
+/*
+** The server will return a unique id for files and directories in the 
+** Trans2_Find_First2 and Trans2_Find_Next2 message described later in this document. 
+*/
+#define SUPPORT_MAC_UNIQUE_IDS		0x0080
+/*
+** The server will return this flag telling the client that the server does
+** not support streams or the Macintosh extensions. The rest of this message
+** will be ignored by the client. 
+*/
+#define NO_STREAMS_OR_MAC_SUPPORT	0x0100
+
+/*
+** We will be adding a new info level to the Trans2_Find_First2 and Trans2_Find_Next2.
+** This info level will be SMB_MAC_FIND_BOTH_HFS_INFO and will support the server
+** return additional information need by the Macintosh. All fields are Little
+** Endian unless other wise specified.
+*/
+
+#define SMB_MAC_FIND_BOTH_HFS_INFO	  0x302
+
+enum {
+	ownerRead	= 0x0400,
+	ownerWrite	= 0x0200,
+	ownerSearch	= 0x0100,
+	groupRead	= 0x0040,
+	groupWrite	= 0x0020,
+	groupSearch	= 0x0010,
+	otherRead	= 0x0004,
+	otherWrite	= 0x0002,
+	otherSearch	= 0x0001,
+	Owner		= 0x0800
+};
+	
+
+/*
+** We will be adding a new info level to the Trans2_Set_Path_Information.
+** This info level will be SMB_MAC_SET_FINDER_INFO and will support the client
+** setting information on the server need by the Macintosh. All fields are Little
+** Endian unless other wise specified.
+*/
+
+#define SMB_MAC_SET_FINDER_INFO	  0x303
+
+enum {
+	SetCreateDate	= 0x01,			/* If this is set then set the create date of the file/folder */
+	SetModDate		= 0x02,			/* If this is set then set the modify date of the file/folder */
+	SetFLAttrib		= 0x04,			/* If this is set then set the Macintosh lock bit of the file/folder */
+	FndrInfo1		= 0x08,			/* If this is set then set the first 16 bytes of finder info */
+	FndrInfo2		= 0x10,			/* If this is set then set the second 16 bytes of finder info */
+	SetHidden		= 0x20			/* We are either setting or unsetting the hidden bit */
+};
+
+
+/*
+** We will be adding some new info level to the Trans2_Set_Path_Information and Trans2_Query_Path_Information.
+** These info levels will allow the client to add, get, and remove desktop inforamtion from the
+** server. How the server stores this information is up to them.
+*/
+
+/*
+** We need to be able to store an application name and its creator in a database. We send a 
+** Trans2_Set_Path_Information call with the full path of the application in the path field. 
+** We will send an info level that represents adding an application name and creator to the database.
+** We will pass the File Creator in the data message. 
+**
+** The server should just respond  with no error or an error.
+*/
+#define SMB_MAC_DT_ADD_APPL	  0x304
+
+/*
+** We need to be able to remove an application name and its creator from a database. We send a 
+** Trans2_Set_Path_Information call with the full path of the application in the path field. 
+** We will send an info level that represents removing an application name and creator from the database.
+** We will pass the File Creator in the data message. 
+**
+** The server should just respond  with no error or an error.
+*/
+#define SMB_MAC_DT_REMOVE_APPL	  0x305
+
+
+/*
+** We need to be able to get an application name and its creator from a database. We send a 
+** Trans2_Query_Path_Information call in which the name field is just ignore. 
+** We will send an info level that represents getting an application name with a structure that 
+** contains the File Creator and index. Were index has the following meaning.
+**		Index = 0; Get the application path from the database with the most current date.
+**		Index > 0; Use the index to find the application path from the database.
+**				e.g. 	index of 5 means get the fifth entry of this application name in the database.
+**						if not entry return an error.
+**
+** The server returns with a structure that contains the full path to the appication and
+** its creator's date.
+*/
+#define SMB_MAC_DT_GET_APPL	  0x306
+
+
+/*
+** We need to be able to get an icon from a database. We send a Trans2_Query_Path_Information call in 
+** which the path name is ignore. We will send an info level that represents getting an icon with a structure
+** that contains the Requested size of the icon, the Icon type, File Creator, and File Type.
+**
+** The server returns with a structure that contains the actual size of the icon 
+** (must be less than requested length) and the icon bit map. 
+*/
+#define SMB_MAC_DT_GET_ICON	  0x307
+
+
+/*
+** We need to be able to get an icon from a database. We send a Trans2_Query_Path_Information call in 
+** which the path name is ignore. We will send an info level that represents getting an icon with a structure
+** that contains the index and File Creator. The index allows the client to make repeated calls to the server
+** gathering all icon stored by this file creator.
+**		
+**
+** The server returns with a structure that contains the actual size of the icon 
+** (must be less than requested length) and the icon bit map, File Type, and Icon Type. 
+*/
+#define SMB_MAC_DT_GET_ICON_INFO	  0x308
+
+
+
+/*
+** We need to be able to add an icon to a database. We send a Trans2_Set_Path_Information call in 
+** which the path name is ignore. We will send an info level that represents setting an icon with a structure
+** that contains the icon data, icon size, icon type, the file type, and file creator.
+**		
+**
+** The server returns only that the call was succesfull or not. 
+*/
+#define SMB_MAC_DT_ADD_ICON	  0x309
+
+#endif /* _MAC_EXTENSIONS_H */
+
+/* _MAC_EXTENSIONS_H */
+
diff --git a/source3/include/ads.h b/source3/include/ads.h
new file mode 100644
index 0000000000..8658e72f6a
--- /dev/null
+++ b/source3/include/ads.h
@@ -0,0 +1,130 @@
+/*
+  header for ads (active directory) library routines
+
+  basically this is a wrapper around ldap
+*/
+
+typedef struct {
+	void *ld;
+	char *realm;
+	char *ldap_server;
+	char *ldap_server_name;
+	char *kdc_server;
+	int ldap_port;
+	char *bind_path;
+	time_t last_attempt;
+	char *password;
+	char *user_name;
+	char *server_realm;
+} ADS_STRUCT;
+
+typedef struct {
+	char *printerName;
+	char *serverName;
+	char *shortServerName;
+	char *versionNumber;
+	char *uNCName;
+	char **description;
+	char *assetNumber;
+	char *bytesPerMinute;
+	char *defaultPriority;
+	char *driverName;
+	char *driverVersion;
+	char *location;
+	char *operatingSystem;
+	char *operatingSystemHotfix;
+	char *operatingSystemServicePack;
+	char *operatingSystemVersion;
+	char *physicalLocationObject;
+	char **portName;
+	char *printAttributes;
+	char **printBinNames;
+	char *printCollate;
+	char *printColor;
+	char *printDuplexSupported;
+	char *printEndTime;
+	char *printFOrmName;
+	char *printKeepPrintedJobs;
+	char **printLanguage;
+	char *printMACAddress;
+	char *printMaxCopies;
+	char *printMaxResolutionSupported;
+	char *printMaxXExtent;
+	char *printMaxYExtent;
+	char **printMediaReady;
+	char **printMediaSupported;
+	char *printMemory;
+	char *printMinXExtent;
+	char *printMinYExtent;
+	char *printNetworkAddress;
+	char *printNotify;
+	char *printNumberUp;
+	char **printOrientationsSupported;
+	char *printOwner;
+	char *printPagesPerMinute;
+	char *printRate;
+	char *printRateUnit;
+	char *printSeparatorFile;
+	char **printShareName;
+	char *printSpooling;
+	char *printStaplingSupported;
+	char *printStartTime;
+	char *printStatus;
+	char *priority;
+} ADS_PRINTER_ENTRY;
+
+/* there are 4 possible types of errors the ads subsystem can produce */
+enum ads_error_type {ADS_ERROR_KRB5, ADS_ERROR_GSS, 
+		     ADS_ERROR_LDAP, ADS_ERROR_SYSTEM};
+
+typedef struct {
+	enum ads_error_type error_type;
+	int rc;
+	/* For error_type = ADS_ERROR_GSS minor_status describe GSS API error */
+	/* Where rc represents major_status of GSS API error */
+	int minor_status;
+} ADS_STATUS;
+
+#ifdef HAVE_ADS
+typedef LDAPMod **ADS_MODLIST;
+#else
+typedef void **ADS_MODLIST;
+#endif
+
+/* macros to simplify error returning */
+#define ADS_ERROR(rc) ads_build_error(ADS_ERROR_LDAP, rc, 0)
+#define ADS_ERROR_SYSTEM(rc) ads_build_error(ADS_ERROR_SYSTEM, rc, 0)
+#define ADS_ERROR_KRB5(rc) ads_build_error(ADS_ERROR_KRB5, rc, 0)
+#define ADS_ERROR_GSS(rc, minor) ads_build_error(ADS_ERROR_GSS, rc, minor)
+
+#define ADS_ERR_OK(status) ((status).rc == 0)
+#define ADS_SUCCESS ADS_ERROR(0)
+
+/* time between reconnect attempts */
+#define ADS_RECONNECT_TIME 5
+
+/* timeout on searches */
+#define ADS_SEARCH_TIMEOUT 10
+
+/* ldap control oids */
+#define ADS_PAGE_CTL_OID "1.2.840.113556.1.4.319"
+#define ADS_NO_REFERRALS_OID "1.2.840.113556.1.4.1339"
+#define ADS_SERVER_SORT_OID "1.2.840.113556.1.4.473"
+
+#define UF_DONT_EXPIRE_PASSWD           0x10000
+#define UF_MNS_LOGON_ACCOUNT            0x20000
+#define UF_SMARTCARD_REQUIRED           0x40000
+#define UF_TRUSTED_FOR_DELEGATION       0x80000
+#define UF_NOT_DELEGATED               0x100000
+#define UF_USE_DES_KEY_ONLY            0x200000
+#define UF_DONT_REQUIRE_PREAUTH        0x400000
+
+#define UF_TEMP_DUPLICATE_ACCOUNT       0x0100
+#define UF_NORMAL_ACCOUNT               0x0200
+#define UF_INTERDOMAIN_TRUST_ACCOUNT    0x0800
+#define UF_WORKSTATION_TRUST_ACCOUNT    0x1000
+#define UF_SERVER_TRUST_ACCOUNT         0x2000
+
+/* account types */
+#define ATYPE_GROUP               0x10000000
+#define ATYPE_USER                0x30000000
diff --git a/source3/include/asn_1.h b/source3/include/asn_1.h
new file mode 100644
index 0000000000..090c5459d1
--- /dev/null
+++ b/source3/include/asn_1.h
@@ -0,0 +1,57 @@
+/* 
+   Unix SMB/CIFS implementation.   
+   simple ASN1 code
+   Copyright (C) Andrew Tridgell 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _ASN_1_H
+#define _ASN_1_H
+
+struct nesting {
+	off_t start;
+	size_t taglen; /* for parsing */
+	struct nesting *next;
+};
+
+typedef struct {
+	uint8 *data;
+	size_t length;
+	off_t ofs;
+	struct nesting *nesting;
+	BOOL has_error;
+} ASN1_DATA;
+
+
+#define ASN1_APPLICATION(x) ((x)+0x60)
+#define ASN1_SEQUENCE(x) ((x)+0x30)
+#define ASN1_CONTEXT(x) ((x)+0xa0)
+#define ASN1_GENERAL_STRING 0x1b
+#define ASN1_OCTET_STRING 0x4
+#define ASN1_OID 0x6
+#define ASN1_BOOLEAN 0x1
+#define ASN1_INTEGER 0x2
+#define ASN1_ENUMERATED 0xa
+
+#define ASN1_MAX_OIDS 20
+
+/* some well known object IDs */
+#define OID_SPNEGO "1 3 6 1 5 5 2"
+#define OID_NTLMSSP "1 3 6 1 4 1 311 2 2 10"
+#define OID_KERBEROS5_OLD "1 2 840 48018 1 2 2"
+#define OID_KERBEROS5 "1 2 840 113554 1 2 2"
+
+#endif /* _ASN_1_H */
diff --git a/source3/include/auth.h b/source3/include/auth.h
new file mode 100644
index 0000000000..5c8bc8edfe
--- /dev/null
+++ b/source3/include/auth.h
@@ -0,0 +1,151 @@
+#ifndef _SMBAUTH_H_
+#define _SMBAUTH_H_
+/* 
+   Unix SMB/CIFS implementation.
+   Standardised Authentication types
+   Copyright (C) Andrew Bartlett 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+/* AUTH_STR - string */
+typedef struct normal_string
+{
+	int len;
+	char *str;
+} AUTH_STR;
+
+/* AUTH_UNISTR - unicode string or buffer */
+typedef struct unicode_string
+{
+	int len;
+	uchar *unistr;
+} AUTH_UNISTR;
+
+typedef struct interactive_password
+{
+	OWF_INFO          lm_owf;              /* LM OWF Password */
+	OWF_INFO          nt_owf;              /* NT OWF Password */
+} auth_interactive_password;
+
+#define AUTH_FLAG_NONE        0x000000
+#define AUTH_FLAG_PLAINTEXT   0x000001
+#define AUTH_FLAG_LM_RESP     0x000002
+#define AUTH_FLAG_NTLM_RESP   0x000004
+#define AUTH_FLAG_NTLMv2_RESP 0x000008
+
+typedef struct auth_usersupplied_info
+{
+	
+ 	DATA_BLOB lm_resp;
+	DATA_BLOB nt_resp;
+	auth_interactive_password * interactive_password;
+ 	DATA_BLOB plaintext_password;
+	
+	BOOL encrypted;
+	
+	uint32 auth_flags;
+
+	AUTH_STR           client_domain;          /* domain name string */
+	AUTH_STR           domain;               /* domain name after mapping */
+	AUTH_STR           internal_username;    /* username after mapping */
+	AUTH_STR           smb_name;        /* username before mapping */
+	AUTH_STR           wksta_name;           /* workstation name (netbios calling name) unicode string */
+	
+} auth_usersupplied_info;
+
+#define SAM_FILL_NAME  0x01
+#define SAM_FILL_INFO3 0x02
+#define SAM_FILL_SAM   0x04
+#define SAM_FILL_UNIX  0x08
+#define SAM_FILL_ALL (SAM_FILL_NAME | SAM_FILL_INFO3 | SAM_FILL_SAM | SAM_FILL_UNIX)
+
+typedef struct auth_serversupplied_info 
+{
+	BOOL guest;
+	
+	/* This groups info is needed for when we become_user() for this uid */
+	int n_groups;
+	gid_t *groups;
+	
+	/* NT group information taken from the info3 structure */
+	
+	NT_USER_TOKEN *ptok;
+	
+	uint8 session_key[16];
+	
+	uint8 first_8_lm_hash[8];
+
+	uint32 sam_fill_level;  /* How far is this structure filled? */
+	
+	SAM_ACCOUNT *sam_account;
+	
+	void *pam_handle;
+	
+} auth_serversupplied_info;
+
+struct auth_context {
+	DATA_BLOB challenge; 
+
+	/* Who set this up in the first place? */ 
+	char *challenge_set_by; 
+
+	struct auth_methods *challenge_set_method; 
+	/* What order are the various methods in?   Try to stop it changing under us */ 
+	struct auth_methods *auth_method_list;	
+
+	TALLOC_CTX *mem_ctx;
+	const uint8 *(*get_ntlm_challenge)(struct auth_context *auth_context);
+	NTSTATUS (*check_ntlm_password)(const struct auth_context *auth_context,
+					const struct auth_usersupplied_info *user_info, 
+					struct auth_serversupplied_info **server_info);
+	NTSTATUS (*nt_status_squash)(NTSTATUS nt_status);
+	void (*free)(struct auth_context **auth_context);
+};
+
+typedef struct auth_methods
+{
+	struct auth_methods *prev, *next;
+	char *name; /* What name got this module */
+
+	NTSTATUS (*auth)(const struct auth_context *auth_context,
+			 void *my_private_data, 
+			 TALLOC_CTX *mem_ctx,
+			 const struct auth_usersupplied_info *user_info, 
+			 auth_serversupplied_info **server_info);
+
+	DATA_BLOB (*get_chal)(const struct auth_context *auth_context,
+			      void **my_private_data, 
+			      TALLOC_CTX *mem_ctx);
+	
+	/* Used to keep tabs on things like the cli for SMB server authentication */
+	void *private_data;
+	
+	/* Function to clean up the above arbitary structure */
+	void (*free_private_data)(void **private_data);
+
+	/* Function to send a keepalive message on the above structure */
+	void (*send_keepalive)(void **private_data);
+
+} auth_methods;
+
+struct auth_init_function {
+	char *name;
+	/* Function to create a member of the authmethods list */
+	BOOL (*init)(struct auth_context *auth_context, struct auth_methods **auth_method);
+};
+
+
+#endif /* _SMBAUTH_H_ */
diff --git a/source3/include/byteorder.h b/source3/include/byteorder.h
index 899cd6c499..1abf1854f3 100644
--- a/source3/include/byteorder.h
+++ b/source3/include/byteorder.h
@@ -1,8 +1,7 @@
 /* 
-   Unix SMB/Netbios implementation.
-   Version 1.9.
+   Unix SMB/CIFS implementation.
    SMB Byte handling
-   Copyright (C) Andrew Tridgell 1992-1995
+   Copyright (C) Andrew Tridgell 1992-1998
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -19,9 +18,79 @@
    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */
 
+#ifndef _BYTEORDER_H
+#define _BYTEORDER_H
+
 /*
    This file implements macros for machine independent short and 
    int manipulation
+
+Here is a description of this file that I emailed to the samba list once:
+
+> I am confused about the way that byteorder.h works in Samba. I have
+> looked at it, and I would have thought that you might make a distinction
+> between LE and BE machines, but you only seem to distinguish between 386
+> and all other architectures.
+> 
+> Can you give me a clue?
+
+sure.
+
+The distinction between 386 and other architectures is only there as
+an optimisation. You can take it out completely and it will make no
+difference. The routines (macros) in byteorder.h are totally byteorder
+independent. The 386 optimsation just takes advantage of the fact that
+the x86 processors don't care about alignment, so we don't have to
+align ints on int boundaries etc. If there are other processors out
+there that aren't alignment sensitive then you could also define
+CAREFUL_ALIGNMENT=0 on those processors as well.
+
+Ok, now to the macros themselves. I'll take a simple example, say we
+want to extract a 2 byte integer from a SMB packet and put it into a
+type called uint16 that is in the local machines byte order, and you
+want to do it with only the assumption that uint16 is _at_least_ 16
+bits long (this last condition is very important for architectures
+that don't have any int types that are 2 bytes long)
+
+You do this:
+
+#define CVAL(buf,pos) (((unsigned char *)(buf))[pos])
+#define PVAL(buf,pos) ((unsigned)CVAL(buf,pos))
+#define SVAL(buf,pos) (PVAL(buf,pos)|PVAL(buf,(pos)+1)<<8)
+
+then to extract a uint16 value at offset 25 in a buffer you do this:
+
+char *buffer = foo_bar();
+uint16 xx = SVAL(buffer,25);
+
+We are using the byteoder independence of the ANSI C bitshifts to do
+the work. A good optimising compiler should turn this into efficient
+code, especially if it happens to have the right byteorder :-)
+
+I know these macros can be made a bit tidier by removing some of the
+casts, but you need to look at byteorder.h as a whole to see the
+reasoning behind them. byteorder.h defines the following macros:
+
+SVAL(buf,pos) - extract a 2 byte SMB value
+IVAL(buf,pos) - extract a 4 byte SMB value
+SVALS(buf,pos) signed version of SVAL()
+IVALS(buf,pos) signed version of IVAL()
+
+SSVAL(buf,pos,val) - put a 2 byte SMB value into a buffer
+SIVAL(buf,pos,val) - put a 4 byte SMB value into a buffer
+SSVALS(buf,pos,val) - signed version of SSVAL()
+SIVALS(buf,pos,val) - signed version of SIVAL()
+
+RSVAL(buf,pos) - like SVAL() but for NMB byte ordering
+RSVALS(buf,pos) - like SVALS() but for NMB byte ordering
+RIVAL(buf,pos) - like IVAL() but for NMB byte ordering
+RIVALS(buf,pos) - like IVALS() but for NMB byte ordering
+RSSVAL(buf,pos,val) - like SSVAL() but for NMB ordering
+RSIVAL(buf,pos,val) - like SIVAL() but for NMB ordering
+RSIVALS(buf,pos,val) - like SIVALS() but for NMB ordering
+
+it also defines lots of intermediate macros, just ignore those :-)
+
 */
 
 #undef CAREFUL_ALIGNMENT
@@ -36,45 +105,68 @@
 #define CAREFUL_ALIGNMENT 1
 #endif
 
-#define CVAL(buf,pos) (((unsigned char *)(buf))[pos])
-#define PVAL(buf,pos) ((unsigned)CVAL(buf,pos))
-#define SCVAL(buf,pos,val) (CVAL(buf,pos) = (val))
+#define CVAL(buf,pos) (((const unsigned char *)(buf))[pos])
+#define CVAL_NC(buf,pos) (((unsigned char *)(buf))[pos]) /* Non-const version of CVAL */
+#define PVAL(buf,pos) ((const unsigned)CVAL(buf,pos))
+#define PVAL_NC(buf,pos) ((unsigned)CVAL(buf,pos)) /* Non const version of PVAL */
+#define SCVAL(buf,pos,val) (CVAL_NC(buf,pos) = (val))
 
 
 #if CAREFUL_ALIGNMENT
+
 #define SVAL(buf,pos) (PVAL(buf,pos)|PVAL(buf,(pos)+1)<<8)
 #define IVAL(buf,pos) (SVAL(buf,pos)|SVAL(buf,(pos)+2)<<16)
-#define SSVALX(buf,pos,val) (CVAL(buf,pos)=(val)&0xFF,CVAL(buf,pos+1)=(val)>>8)
+#define SSVALX(buf,pos,val) (CVAL_NC(buf,pos)=(unsigned char)((val)&0xFF),CVAL_NC(buf,pos+1)=(unsigned char)((val)>>8))
 #define SIVALX(buf,pos,val) (SSVALX(buf,pos,val&0xFFFF),SSVALX(buf,pos+2,val>>16))
-#define SVALS(buf,pos) ((int16)SVAL(buf,pos))
-#define IVALS(buf,pos) ((int32)IVAL(buf,pos))
-#define SSVAL(buf,pos,val) SSVALX((buf),(pos),((uint16)(val)))
-#define SIVAL(buf,pos,val) SIVALX((buf),(pos),((uint32)(val)))
-#define SSVALS(buf,pos,val) SSVALX((buf),(pos),((int16)(val)))
-#define SIVALS(buf,pos,val) SIVALX((buf),(pos),((int32)(val)))
-#else
+#define SVALS(buf,pos) ((const int16)SVAL(buf,pos))
+#define IVALS(buf,pos) ((const int32)IVAL(buf,pos))
+#define SSVAL(buf,pos,val) SSVALX((buf),(pos),((const uint16)(val)))
+#define SIVAL(buf,pos,val) SIVALX((buf),(pos),((const uint32)(val)))
+#define SSVALS(buf,pos,val) SSVALX((buf),(pos),((const int16)(val)))
+#define SIVALS(buf,pos,val) SIVALX((buf),(pos),((const int32)(val)))
+
+#else /* CAREFUL_ALIGNMENT */
+
 /* this handles things for architectures like the 386 that can handle
    alignment errors */
 /*
    WARNING: This section is dependent on the length of int16 and int32
    being correct 
 */
-#define SVAL(buf,pos) (*(uint16 *)((char *)(buf) + (pos)))
-#define IVAL(buf,pos) (*(uint32 *)((char *)(buf) + (pos)))
-#define SVALS(buf,pos) (*(int16 *)((char *)(buf) + (pos)))
-#define IVALS(buf,pos) (*(int32 *)((char *)(buf) + (pos)))
-#define SSVAL(buf,pos,val) SVAL(buf,pos)=((uint16)(val))
-#define SIVAL(buf,pos,val) IVAL(buf,pos)=((uint32)(val))
-#define SSVALS(buf,pos,val) SVALS(buf,pos)=((int16)(val))
-#define SIVALS(buf,pos,val) IVALS(buf,pos)=((int32)(val))
-#endif
 
+/* get single value from an SMB buffer */
+#define SVAL(buf,pos) (*(const uint16 *)((const char *)(buf) + (pos)))
+#define SVAL_NC(buf,pos) (*(uint16 *)((char *)(buf) + (pos))) /* Non const version of above. */
+#define IVAL(buf,pos) (*(const uint32 *)((const char *)(buf) + (pos)))
+#define IVAL_NC(buf,pos) (*(uint32 *)((char *)(buf) + (pos))) /* Non const version of above. */
+#define SVALS(buf,pos) (*(const int16 *)((const char *)(buf) + (pos)))
+#define SVALS_NC(buf,pos) (*(int16 *)((char *)(buf) + (pos))) /* Non const version of above. */
+#define IVALS(buf,pos) (*(const int32 *)((const char *)(buf) + (pos)))
+#define IVALS_NC(buf,pos) (*(int32 *)((char *)(buf) + (pos))) /* Non const version of above. */
+
+/* store single value in an SMB buffer */
+#define SSVAL(buf,pos,val) SVAL_NC(buf,pos)=((const uint16)(val))
+#define SIVAL(buf,pos,val) IVAL_NC(buf,pos)=((const uint32)(val))
+#define SSVALS(buf,pos,val) SVALS_NC(buf,pos)=((const int16)(val))
+#define SIVALS(buf,pos,val) IVALS_NC(buf,pos)=((const int32)(val))
+
+#endif /* CAREFUL_ALIGNMENT */
 
 /* now the reverse routines - these are used in nmb packets (mostly) */
 #define SREV(x) ((((x)&0xFF)<<8) | (((x)>>8)&0xFF))
 #define IREV(x) ((SREV(x)<<16) | (SREV((x)>>16)))
 
 #define RSVAL(buf,pos) SREV(SVAL(buf,pos))
+#define RSVALS(buf,pos) SREV(SVALS(buf,pos))
 #define RIVAL(buf,pos) IREV(IVAL(buf,pos))
+#define RIVALS(buf,pos) IREV(IVALS(buf,pos))
 #define RSSVAL(buf,pos,val) SSVAL(buf,pos,SREV(val))
+#define RSSVALS(buf,pos,val) SSVALS(buf,pos,SREV(val))
 #define RSIVAL(buf,pos,val) SIVAL(buf,pos,IREV(val))
+#define RSIVALS(buf,pos,val) SIVALS(buf,pos,IREV(val))
+
+/* Alignment macros. */
+#define ALIGN4(p,base) ((p) + ((4 - (PTR_DIFF((p), (base)) & 3)) & 3))
+#define ALIGN2(p,base) ((p) + ((2 - (PTR_DIFF((p), (base)) & 1)) & 1))
+
+#endif /* _BYTEORDER_H */
diff --git a/source3/include/charset.h b/source3/include/charset.h
index 7091732223..07d5e2d599 100644
--- a/source3/include/charset.h
+++ b/source3/include/charset.h
@@ -1,8 +1,7 @@
 /* 
-   Unix SMB/Netbios implementation.
-   Version 1.9.
-   Character set handling
-   Copyright (C) Andrew Tridgell 1992-1995
+   Unix SMB/CIFS implementation.
+   charset defines
+   Copyright (C) Andrew Tridgell 2001
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -19,43 +18,7 @@
    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */
 
-#ifndef CHARSET_C
-
-extern char *dos_char_map;
-extern char *upper_char_map;
-extern char *lower_char_map;
-extern void add_char_string(char *s);
-extern void charset_initialise(void);
-
-#ifdef toupper
-#undef toupper
-#endif
-
-#ifdef tolower
-#undef tolower
-#endif
-
-#ifdef isupper
-#undef isupper
-#endif
-
-#ifdef islower
-#undef islower
-#endif
-
-#ifdef isdoschar
-#undef isdoschar
-#endif
-
-#ifdef isspace
-#undef isspace
-#endif
-
-#define toupper(c) upper_char_map[(char)(c)]
-#define tolower(c) lower_char_map[(char)(c)]
-#define isupper(c) (((char)(c)) != tolower(c))
-#define islower(c) (((char)(c)) != toupper(c))
-#define isdoschar(c) (dos_char_map[(char)(c)] != 0)
-#define isspace(c) ((c)==' ' || (c) == '\t')
-#endif
+/* this defines the charset types used in samba */
+typedef enum {CH_UCS2=0, CH_UNIX=1, CH_DISPLAY=2, CH_DOS=3, CH_UTF8=4} charset_t;
 
+#define NUM_CHARSETS 5
diff --git a/source3/include/client.h b/source3/include/client.h
new file mode 100644
index 0000000000..0974cd0666
--- /dev/null
+++ b/source3/include/client.h
@@ -0,0 +1,148 @@
+/*
+   Unix SMB/CIFS implementation.
+   SMB parameters and setup
+   Copyright (C) Andrew Tridgell 1992-1998
+   Copyright (C) Luke Kenneth Casson Leighton 1996-1998
+   Copyright (C) Jeremy Allison 1998
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _CLIENT_H
+#define _CLIENT_H
+
+/* the client asks for a smaller buffer to save ram and also to get more
+   overlap on the wire. This size gives us a nice read/write size, which
+   will be a multiple of the page size on almost any system */
+#define CLI_BUFFER_SIZE (0xFFFF)
+
+
+/*
+ * These definitions depend on smb.h
+ */
+
+typedef struct file_info
+{
+	SMB_OFF_T size;
+	uint16 mode;
+	uid_t uid;
+	gid_t gid;
+	/* these times are normally kept in GMT */
+	time_t mtime;
+	time_t atime;
+	time_t ctime;
+	pstring name;
+	char short_name[13*3]; /* the *3 is to cope with multi-byte */
+} file_info;
+
+struct print_job_info
+{
+	uint16 id;
+	uint16 priority;
+	size_t size;
+	fstring user;
+	fstring name;
+	time_t t;
+};
+
+struct cli_state {
+	int port;
+	int fd;
+	uint16 cnum;
+	uint16 pid;
+	uint16 mid;
+	uint16 vuid;
+	int protocol;
+	int sec_mode;
+	int rap_error;
+	int privileges;
+
+	fstring eff_name;
+	fstring desthost;
+	fstring user_name;
+	fstring domain;
+
+	/*
+	 * The following strings are the
+	 * ones returned by the server if
+	 * the protocol > NT1.
+	 */
+	fstring server_type;
+	fstring server_os;
+	fstring server_domain;
+
+	fstring share;
+	fstring dev;
+	struct nmb_name called;
+	struct nmb_name calling;
+	fstring full_dest_host_name;
+	struct in_addr dest_ip;
+
+	struct pwd_info pwd;
+	DATA_BLOB secblob; /* cryptkey or negTokenInit */
+	uint32 sesskey;
+	int serverzone;
+	uint32 servertime;
+	int readbraw_supported;
+	int writebraw_supported;
+	int timeout; /* in milliseconds. */
+	int max_xmit;
+	int max_mux;
+	char *outbuf;
+	char *inbuf;
+	int bufsize;
+	int initialised;
+	int win95;
+	uint32 capabilities;
+
+	TALLOC_CTX *mem_ctx;
+
+	/*
+	 * Only used in NT domain calls.
+	 */
+
+	uint16 nt_pipe_fnum;               /* Pipe handle. */
+	unsigned char sess_key[16];        /* Current session key. */
+	unsigned char ntlmssp_hash[258];   /* ntlmssp data. */
+	uint32 ntlmssp_cli_flgs;           /* ntlmssp client flags */
+	uint32 ntlmssp_srv_flgs;           /* ntlmssp server flags */
+	uint32 ntlmssp_seq_num;            /* ntlmssp sequence number */
+	DOM_CRED clnt_cred;                /* Client credential. */
+	fstring mach_acct;                 /* MYNAME$. */
+	fstring srv_name_slash;            /* \\remote server. */
+	fstring clnt_name_slash;           /* \\local client. */
+	uint16 max_xmit_frag;
+	uint16 max_recv_frag;
+	uint32 ntlmssp_flags;
+	BOOL use_kerberos;
+	BOOL use_spnego;
+
+	BOOL use_oplocks; /* should we use oplocks? */
+	BOOL use_level_II_oplocks; /* should we use level II oplocks? */
+
+	/* a oplock break request handler */
+	BOOL (*oplock_handler)(struct cli_state *cli, int fnum, unsigned char level);
+
+	BOOL force_dos_errors;
+
+	/* was this structure allocated by cli_initialise? If so, then
+           free in cli_shutdown() */
+	BOOL allocated;
+
+	/* Name of the pipe we're talking to, if any */
+	fstring pipe_name;
+};
+
+#endif /* _CLIENT_H */
diff --git a/source3/include/clitar.h b/source3/include/clitar.h
index 2305fceeec..b7731172d6 100644
--- a/source3/include/clitar.h
+++ b/source3/include/clitar.h
@@ -1,3 +1,25 @@
+/*
+ * Unix SMB/CIFS implementation. 
+ * clitar file format
+ * Copyright (C) Andrew Tridgell              2000
+ * 
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 675
+ * Mass Ave, Cambridge, MA 02139, USA.  
+ */
+
+#ifndef _CLITAR_H
+#define _CLITAR_H
 
 #define TBLOCK 512
 #define NAMSIZ 100
@@ -15,3 +37,5 @@ union hblock {
     char linkname[NAMSIZ];
   } dbuf;
 };
+
+#endif /* _CLITAR_H */
diff --git a/source3/include/config.h.in b/source3/include/config.h.in
new file mode 100644
index 0000000000..7328d022c1
--- /dev/null
+++ b/source3/include/config.h.in
@@ -0,0 +1,1159 @@
+/* include/config.h.in.  Generated automatically from configure.in by autoheader 2.13.  */
+
+/* Define if on AIX 3.
+   System headers sometimes define this.
+   We just want to avoid a redefinition error message.  */
+#ifndef _ALL_SOURCE
+#undef _ALL_SOURCE
+#endif
+
+/* Define if type char is unsigned and you are not using gcc.  */
+#ifndef __CHAR_UNSIGNED__
+#undef __CHAR_UNSIGNED__
+#endif
+
+/* Define to empty if the keyword does not work.  */
+#undef const
+
+/* Define to `int' if <sys/types.h> doesn't define.  */
+#undef gid_t
+
+/* Define if you have a working `mmap' system call.  */
+#undef HAVE_MMAP
+
+/* Define if your struct stat has st_rdev.  */
+#undef HAVE_ST_RDEV
+
+/* Define if you have <sys/wait.h> that is POSIX.1 compatible.  */
+#undef HAVE_SYS_WAIT_H
+
+/* Define as __inline if that's what the C compiler calls it.  */
+#undef inline
+
+/* Define to `int' if <sys/types.h> doesn't define.  */
+#undef mode_t
+
+/* Define if your C compiler doesn't accept -c and -o together.  */
+#undef NO_MINUS_C_MINUS_O
+
+/* Define to `long' if <sys/types.h> doesn't define.  */
+#undef off_t
+
+/* Define to `int' if <sys/types.h> doesn't define.  */
+#undef pid_t
+
+/* Define if you need to in order for stat and other things to work.  */
+#undef _POSIX_SOURCE
+
+/* Define as the return type of signal handlers (int or void).  */
+#undef RETSIGTYPE
+
+/* Define to `unsigned' if <sys/types.h> doesn't define.  */
+#undef size_t
+
+/* Define if you have the ANSI C header files.  */
+#undef STDC_HEADERS
+
+/* Define if you can safely include both <sys/time.h> and <time.h>.  */
+#undef TIME_WITH_SYS_TIME
+
+/* Define to `int' if <sys/types.h> doesn't define.  */
+#undef uid_t
+
+/* Define if your processor stores words with the most significant
+   byte first (like Motorola and SPARC, unlike Intel and VAX).  */
+#undef WORDS_BIGENDIAN
+
+#undef HAVE_VOLATILE
+#undef HAVE_BROKEN_READDIR
+#undef HAVE_C99_VSNPRINTF
+#undef HAVE_ERRNO_DECL
+#undef HAVE_LONGLONG
+#undef HAVE_OFF64_T
+#undef HAVE_REMSH
+#undef HAVE_UNSIGNED_CHAR
+#undef HAVE_UTIMBUF
+#undef HAVE_SIG_ATOMIC_T_TYPE
+#undef HAVE_SOCKLEN_T_TYPE
+#undef ssize_t
+#undef ino_t
+#undef ssize_t
+#undef loff_t
+#undef offset_t
+#undef aclent_t
+#undef wchar_t
+#undef HAVE_CONNECT
+#undef HAVE_SHORT_INO_T
+#undef WITH_SMBWRAPPER
+#undef WITH_AFS
+#undef WITH_DFS
+#undef SUNOS5
+#undef SUNOS4
+#undef LINUX
+#undef AIX
+#undef BSD
+#undef IRIX
+#undef IRIX6
+#undef HPUX
+#undef QNX
+#undef SCO
+#undef OSF1
+#undef NEXT2
+#undef RELIANTUNIX
+#undef HAVE_MMAP
+#undef HAVE_FCNTL_LOCK
+#undef HAVE_FTRUNCATE_EXTEND
+#undef FTRUNCATE_NEEDS_ROOT
+#undef HAVE_TRAPDOOR_UID
+#undef HAVE_ROOT
+#undef HAVE_GETTIMEOFDAY_TZ
+#undef HAVE_SOCK_SIN_LEN
+#undef STAT_READ_FILSYS
+#undef STAT_STATFS2_BSIZE
+#undef STAT_STATFS2_FSIZE
+#undef STAT_STATFS2_FS_DATA
+#undef STAT_STATFS3_OSF1
+#undef STAT_STATFS4
+#undef STAT_STATVFS
+#undef STAT_STATVFS64
+#undef HAVE_IFACE_AIX
+#undef HAVE_IFACE_IFCONF
+#undef HAVE_IFACE_IFREQ
+#undef HAVE_CRYPT
+#undef HAVE_PUTPRPWNAM
+#undef HAVE_SET_AUTH_PARAMETERS
+#undef WITH_SYSLOG
+#undef WITH_PROFILE
+#undef WITH_SSL
+#undef SSL_DIR
+#undef WITH_PAM
+#undef WITH_NISPLUS_HOME
+#undef WITH_AUTOMOUNT
+#undef WITH_SMBMOUNT
+#undef WITH_QUOTAS
+#undef WITH_WINBIND
+#undef HAVE_BROKEN_GETGROUPS
+#undef REPLACE_GETPASS
+#undef REPLACE_INET_NTOA
+#undef HAVE_FILE_MACRO
+#undef HAVE_FUNCTION_MACRO
+#undef HAVE_SETRESUID_DECL
+#undef HAVE_SETRESUID
+#undef WITH_NETATALK
+#undef WITH_UTMP
+#undef WITH_MSDFS
+#undef WITH_LIBICONV
+#undef HAVE_INO64_T
+#undef HAVE_DEV64_T
+#undef HAVE_STRUCT_FLOCK64
+#undef SIZEOF_INO_T
+#undef SIZEOF_OFF_T
+#undef STAT_STATVFS64
+#undef HAVE_LIBREADLINE
+#undef HAVE_KERNEL_SHARE_MODES
+#undef HAVE_KERNEL_OPLOCKS_IRIX
+#undef HAVE_KERNEL_OPLOCKS_LINUX
+#undef HAVE_KERNEL_CHANGE_NOTIFY
+#undef HAVE_IRIX_SPECIFIC_CAPABILITIES
+#undef HAVE_INT16_FROM_RPC_RPC_H
+#undef HAVE_UINT16_FROM_RPC_RPC_H
+#undef HAVE_INT32_FROM_RPC_RPC_H
+#undef HAVE_UINT32_FROM_RPC_RPC_H
+#undef KRB4_AUTH
+#undef KRB5_AUTH
+#undef KRB4_DIR
+#undef KRB5_DIR
+#undef SEEKDIR_RETURNS_VOID
+#undef HAVE_DIRENT_D_OFF
+#undef HAVE_GETSPNAM
+#undef HAVE_BIGCRYPT
+#undef HAVE_GETPRPWNAM
+#undef HAVE_FSTAT64
+#undef HAVE_LSTAT64
+#undef HAVE_STAT64
+#undef HAVE_SETRESGID
+#undef HAVE_SETRESGID_DECL
+#undef HAVE_SHADOW_H
+#undef HAVE_CUPS
+#undef HAVE_MEMSET
+#undef HAVE_STRCASECMP
+#undef HAVE_STRUCT_DIRENT64
+#undef HAVE_TRUNCATED_SALT
+#undef BROKEN_NISPLUS_INCLUDE_FILES
+#undef HAVE_RPC_AUTH_ERROR_CONFLICT
+#undef HAVE_EXPLICIT_LARGEFILE_SUPPORT
+#undef USE_BOTH_CRYPT_CALLS
+#undef HAVE_BROKEN_FCNTL64_LOCKS
+#undef HAVE_SECURE_MKSTEMP
+#undef HAVE_FNMATCH
+#undef USE_SETEUID
+#undef USE_SETRESUID
+#undef USE_SETREUID
+#undef USE_SETUIDX
+#undef HAVE_LIBDL
+#undef SYSCONF_SC_NGROUPS_MAX
+#undef HAVE_UT_UT_NAME
+#undef HAVE_UT_UT_USER
+#undef HAVE_UT_UT_ID
+#undef HAVE_UT_UT_HOST
+#undef HAVE_UT_UT_TIME
+#undef HAVE_UT_UT_TV
+#undef HAVE_UT_UT_TYPE
+#undef HAVE_UT_UT_PID
+#undef HAVE_UT_UT_EXIT
+#undef HAVE_UT_UT_ADDR
+#undef HAVE_UX_UT_SYSLEN
+#undef PUTUTLINE_RETURNS_UTMP
+#undef COMPILER_SUPPORTS_LL
+#undef HAVE_YP_GET_DEFAULT_DOMAIN
+#undef USE_SPINLOCKS
+#undef SPARC_SPINLOCKS
+#undef INTEL_SPINLOCKS
+#undef MIPS_SPINLOCKS
+#undef POWERPC_SPINLOCKS
+#undef HAVE_POSIX_ACLS
+#undef HAVE_ACL_GET_PERM_NP
+#undef HAVE_UNIXWARE_ACLS
+#undef HAVE_SOLARIS_ACLS
+#undef HAVE_HPUX_ACLS
+#undef HAVE_IRIX_ACLS
+#undef HAVE_AIX_ACLS
+#undef HAVE_TRU64_ACLS
+#undef HAVE_NO_ACLS
+#undef HAVE_LIBPAM
+#undef HAVE_ASPRINTF_DECL
+#undef HAVE_VASPRINTF_DECL
+#undef HAVE_SNPRINTF_DECL
+#undef HAVE_VSNPRINTF_DECL
+#undef HAVE_NATIVE_ICONV
+#undef HAVE_UNIXSOCKET
+#undef MMAP_BLACKLIST
+#undef HAVE_IMMEDIATE_STRUCTURES
+#undef HAVE_CUPS
+#undef WITH_LDAP_SAM
+#undef WITH_NISPLUS_SAM
+#undef WITH_TDB_SAM
+#undef LINUX_QUOTAS_1
+#undef LINUX_QUOTAS_2
+#undef PACKAGE
+#undef VERSION
+#undef HAVE_LC_MESSAGES
+#undef ENABLE_NLS
+#undef HAVE_CATGETS
+#undef HAVE_GETTEXT
+#undef HAVE_STPCPY
+#undef I18N_SWAT
+#undef I18N_DEFAULT_PREF_LANG
+#undef HAVE_KRB5
+#undef HAVE_GSSAPI
+#undef BROKEN_REDHAT_7_SYSTEM_HEADERS
+#undef HAVE_LDAP
+#undef HAVE_STAT_ST_BLOCKS
+#undef STAT_ST_BLOCKSIZE
+#undef HAVE_DEVICE_MAJOR_FN
+#undef HAVE_DEVICE_MINOR_FN
+/*
+ * Add these definitions to allow VFS modules to
+ * see the CPPFLAGS defines.
+ */
+#ifndef _HPUX_SOURCE
+#undef _HPUX_SOURCE
+#endif
+#ifndef _POSIX_SOURCE
+#undef _POSIX_SOURCE
+#endif
+#ifndef _LARGEFILE64_SOURCE
+#undef _LARGEFILE64_SOURCE
+#endif
+#ifndef _ALIGNMENT_REQUIRED
+#undef _ALIGNMENT_REQUIRED
+#endif
+#ifndef _MAX_ALIGNMENT
+#undef _MAX_ALIGNMENT
+#endif
+#ifndef _LARGE_FILES
+#undef _LARGE_FILES
+#endif
+#ifndef _FILE_OFFSET_BITS
+#undef _FILE_OFFSET_BITS
+#endif
+#ifndef _GNU_SOURCE
+#undef _GNU_SOURCE
+#endif
+
+/* The number of bytes in a int.  */
+#undef SIZEOF_INT
+
+/* The number of bytes in a long.  */
+#undef SIZEOF_LONG
+
+/* The number of bytes in a short.  */
+#undef SIZEOF_SHORT
+
+/* Define if you have the __acl function.  */
+#undef HAVE___ACL
+
+/* Define if you have the __chdir function.  */
+#undef HAVE___CHDIR
+
+/* Define if you have the __close function.  */
+#undef HAVE___CLOSE
+
+/* Define if you have the __closedir function.  */
+#undef HAVE___CLOSEDIR
+
+/* Define if you have the __dup function.  */
+#undef HAVE___DUP
+
+/* Define if you have the __dup2 function.  */
+#undef HAVE___DUP2
+
+/* Define if you have the __facl function.  */
+#undef HAVE___FACL
+
+/* Define if you have the __fchdir function.  */
+#undef HAVE___FCHDIR
+
+/* Define if you have the __fcntl function.  */
+#undef HAVE___FCNTL
+
+/* Define if you have the __fork function.  */
+#undef HAVE___FORK
+
+/* Define if you have the __fstat function.  */
+#undef HAVE___FSTAT
+
+/* Define if you have the __fstat64 function.  */
+#undef HAVE___FSTAT64
+
+/* Define if you have the __fxstat function.  */
+#undef HAVE___FXSTAT
+
+/* Define if you have the __getcwd function.  */
+#undef HAVE___GETCWD
+
+/* Define if you have the __getdents function.  */
+#undef HAVE___GETDENTS
+
+/* Define if you have the __llseek function.  */
+#undef HAVE___LLSEEK
+
+/* Define if you have the __lseek function.  */
+#undef HAVE___LSEEK
+
+/* Define if you have the __lstat function.  */
+#undef HAVE___LSTAT
+
+/* Define if you have the __lstat64 function.  */
+#undef HAVE___LSTAT64
+
+/* Define if you have the __lxstat function.  */
+#undef HAVE___LXSTAT
+
+/* Define if you have the __open function.  */
+#undef HAVE___OPEN
+
+/* Define if you have the __open64 function.  */
+#undef HAVE___OPEN64
+
+/* Define if you have the __opendir function.  */
+#undef HAVE___OPENDIR
+
+/* Define if you have the __pread function.  */
+#undef HAVE___PREAD
+
+/* Define if you have the __pread64 function.  */
+#undef HAVE___PREAD64
+
+/* Define if you have the __pwrite function.  */
+#undef HAVE___PWRITE
+
+/* Define if you have the __pwrite64 function.  */
+#undef HAVE___PWRITE64
+
+/* Define if you have the __read function.  */
+#undef HAVE___READ
+
+/* Define if you have the __readdir function.  */
+#undef HAVE___READDIR
+
+/* Define if you have the __readdir64 function.  */
+#undef HAVE___READDIR64
+
+/* Define if you have the __seekdir function.  */
+#undef HAVE___SEEKDIR
+
+/* Define if you have the __stat function.  */
+#undef HAVE___STAT
+
+/* Define if you have the __stat64 function.  */
+#undef HAVE___STAT64
+
+/* Define if you have the __sys_llseek function.  */
+#undef HAVE___SYS_LLSEEK
+
+/* Define if you have the __telldir function.  */
+#undef HAVE___TELLDIR
+
+/* Define if you have the __write function.  */
+#undef HAVE___WRITE
+
+/* Define if you have the __xstat function.  */
+#undef HAVE___XSTAT
+
+/* Define if you have the _acl function.  */
+#undef HAVE__ACL
+
+/* Define if you have the _chdir function.  */
+#undef HAVE__CHDIR
+
+/* Define if you have the _close function.  */
+#undef HAVE__CLOSE
+
+/* Define if you have the _closedir function.  */
+#undef HAVE__CLOSEDIR
+
+/* Define if you have the _dup function.  */
+#undef HAVE__DUP
+
+/* Define if you have the _dup2 function.  */
+#undef HAVE__DUP2
+
+/* Define if you have the _facl function.  */
+#undef HAVE__FACL
+
+/* Define if you have the _fchdir function.  */
+#undef HAVE__FCHDIR
+
+/* Define if you have the _fcntl function.  */
+#undef HAVE__FCNTL
+
+/* Define if you have the _fork function.  */
+#undef HAVE__FORK
+
+/* Define if you have the _fstat function.  */
+#undef HAVE__FSTAT
+
+/* Define if you have the _fstat64 function.  */
+#undef HAVE__FSTAT64
+
+/* Define if you have the _getcwd function.  */
+#undef HAVE__GETCWD
+
+/* Define if you have the _getdents function.  */
+#undef HAVE__GETDENTS
+
+/* Define if you have the _llseek function.  */
+#undef HAVE__LLSEEK
+
+/* Define if you have the _lseek function.  */
+#undef HAVE__LSEEK
+
+/* Define if you have the _lstat function.  */
+#undef HAVE__LSTAT
+
+/* Define if you have the _lstat64 function.  */
+#undef HAVE__LSTAT64
+
+/* Define if you have the _open function.  */
+#undef HAVE__OPEN
+
+/* Define if you have the _open64 function.  */
+#undef HAVE__OPEN64
+
+/* Define if you have the _opendir function.  */
+#undef HAVE__OPENDIR
+
+/* Define if you have the _pread function.  */
+#undef HAVE__PREAD
+
+/* Define if you have the _pread64 function.  */
+#undef HAVE__PREAD64
+
+/* Define if you have the _pwrite function.  */
+#undef HAVE__PWRITE
+
+/* Define if you have the _pwrite64 function.  */
+#undef HAVE__PWRITE64
+
+/* Define if you have the _read function.  */
+#undef HAVE__READ
+
+/* Define if you have the _readdir function.  */
+#undef HAVE__READDIR
+
+/* Define if you have the _readdir64 function.  */
+#undef HAVE__READDIR64
+
+/* Define if you have the _seekdir function.  */
+#undef HAVE__SEEKDIR
+
+/* Define if you have the _stat function.  */
+#undef HAVE__STAT
+
+/* Define if you have the _stat64 function.  */
+#undef HAVE__STAT64
+
+/* Define if you have the _telldir function.  */
+#undef HAVE__TELLDIR
+
+/* Define if you have the _write function.  */
+#undef HAVE__WRITE
+
+/* Define if you have the asprintf function.  */
+#undef HAVE_ASPRINTF
+
+/* Define if you have the atexit function.  */
+#undef HAVE_ATEXIT
+
+/* Define if you have the bigcrypt function.  */
+#undef HAVE_BIGCRYPT
+
+/* Define if you have the bzero function.  */
+#undef HAVE_BZERO
+
+/* Define if you have the chmod function.  */
+#undef HAVE_CHMOD
+
+/* Define if you have the chown function.  */
+#undef HAVE_CHOWN
+
+/* Define if you have the chroot function.  */
+#undef HAVE_CHROOT
+
+/* Define if you have the connect function.  */
+#undef HAVE_CONNECT
+
+/* Define if you have the creat64 function.  */
+#undef HAVE_CREAT64
+
+/* Define if you have the crypt function.  */
+#undef HAVE_CRYPT
+
+/* Define if you have the crypt16 function.  */
+#undef HAVE_CRYPT16
+
+/* Define if you have the dlclose function.  */
+#undef HAVE_DLCLOSE
+
+/* Define if you have the dlerror function.  */
+#undef HAVE_DLERROR
+
+/* Define if you have the dlopen function.  */
+#undef HAVE_DLOPEN
+
+/* Define if you have the dlsym function.  */
+#undef HAVE_DLSYM
+
+/* Define if you have the dup2 function.  */
+#undef HAVE_DUP2
+
+/* Define if you have the endnetgrent function.  */
+#undef HAVE_ENDNETGRENT
+
+/* Define if you have the execl function.  */
+#undef HAVE_EXECL
+
+/* Define if you have the fchmod function.  */
+#undef HAVE_FCHMOD
+
+/* Define if you have the fchown function.  */
+#undef HAVE_FCHOWN
+
+/* Define if you have the fcvt function.  */
+#undef HAVE_FCVT
+
+/* Define if you have the fcvtl function.  */
+#undef HAVE_FCVTL
+
+/* Define if you have the fopen64 function.  */
+#undef HAVE_FOPEN64
+
+/* Define if you have the fseek64 function.  */
+#undef HAVE_FSEEK64
+
+/* Define if you have the fseeko64 function.  */
+#undef HAVE_FSEEKO64
+
+/* Define if you have the fstat function.  */
+#undef HAVE_FSTAT
+
+/* Define if you have the fstat64 function.  */
+#undef HAVE_FSTAT64
+
+/* Define if you have the fsync function.  */
+#undef HAVE_FSYNC
+
+/* Define if you have the ftell64 function.  */
+#undef HAVE_FTELL64
+
+/* Define if you have the ftello64 function.  */
+#undef HAVE_FTELLO64
+
+/* Define if you have the ftruncate function.  */
+#undef HAVE_FTRUNCATE
+
+/* Define if you have the ftruncate64 function.  */
+#undef HAVE_FTRUNCATE64
+
+/* Define if you have the getauthuid function.  */
+#undef HAVE_GETAUTHUID
+
+/* Define if you have the getcwd function.  */
+#undef HAVE_GETCWD
+
+/* Define if you have the getdents function.  */
+#undef HAVE_GETDENTS
+
+/* Define if you have the getgrent function.  */
+#undef HAVE_GETGRENT
+
+/* Define if you have the getgrnam function.  */
+#undef HAVE_GETGRNAM
+
+/* Define if you have the getnetgrent function.  */
+#undef HAVE_GETNETGRENT
+
+/* Define if you have the getprpwnam function.  */
+#undef HAVE_GETPRPWNAM
+
+/* Define if you have the getpwanam function.  */
+#undef HAVE_GETPWANAM
+
+/* Define if you have the getrlimit function.  */
+#undef HAVE_GETRLIMIT
+
+/* Define if you have the getspnam function.  */
+#undef HAVE_GETSPNAM
+
+/* Define if you have the getutmpx function.  */
+#undef HAVE_GETUTMPX
+
+/* Define if you have the glob function.  */
+#undef HAVE_GLOB
+
+/* Define if you have the grantpt function.  */
+#undef HAVE_GRANTPT
+
+/* Define if you have the initgroups function.  */
+#undef HAVE_INITGROUPS
+
+/* Define if you have the innetgr function.  */
+#undef HAVE_INNETGR
+
+/* Define if you have the link function.  */
+#undef HAVE_LINK
+
+/* Define if you have the llseek function.  */
+#undef HAVE_LLSEEK
+
+/* Define if you have the lseek64 function.  */
+#undef HAVE_LSEEK64
+
+/* Define if you have the lstat64 function.  */
+#undef HAVE_LSTAT64
+
+/* Define if you have the memmove function.  */
+#undef HAVE_MEMMOVE
+
+/* Define if you have the memset function.  */
+#undef HAVE_MEMSET
+
+/* Define if you have the mknod function.  */
+#undef HAVE_MKNOD
+
+/* Define if you have the mknod64 function.  */
+#undef HAVE_MKNOD64
+
+/* Define if you have the mktime function.  */
+#undef HAVE_MKTIME
+
+/* Define if you have the open64 function.  */
+#undef HAVE_OPEN64
+
+/* Define if you have the pathconf function.  */
+#undef HAVE_PATHCONF
+
+/* Define if you have the pipe function.  */
+#undef HAVE_PIPE
+
+/* Define if you have the poll function.  */
+#undef HAVE_POLL
+
+/* Define if you have the pread function.  */
+#undef HAVE_PREAD
+
+/* Define if you have the pread64 function.  */
+#undef HAVE_PREAD64
+
+/* Define if you have the putprpwnam function.  */
+#undef HAVE_PUTPRPWNAM
+
+/* Define if you have the pututline function.  */
+#undef HAVE_PUTUTLINE
+
+/* Define if you have the pututxline function.  */
+#undef HAVE_PUTUTXLINE
+
+/* Define if you have the pwrite function.  */
+#undef HAVE_PWRITE
+
+/* Define if you have the pwrite64 function.  */
+#undef HAVE_PWRITE64
+
+/* Define if you have the rand function.  */
+#undef HAVE_RAND
+
+/* Define if you have the random function.  */
+#undef HAVE_RANDOM
+
+/* Define if you have the rdchk function.  */
+#undef HAVE_RDCHK
+
+/* Define if you have the readdir64 function.  */
+#undef HAVE_READDIR64
+
+/* Define if you have the readlink function.  */
+#undef HAVE_READLINK
+
+/* Define if you have the realpath function.  */
+#undef HAVE_REALPATH
+
+/* Define if you have the rename function.  */
+#undef HAVE_RENAME
+
+/* Define if you have the select function.  */
+#undef HAVE_SELECT
+
+/* Define if you have the set_auth_parameters function.  */
+#undef HAVE_SET_AUTH_PARAMETERS
+
+/* Define if you have the setbuffer function.  */
+#undef HAVE_SETBUFFER
+
+/* Define if you have the setenv function.  */
+#undef HAVE_SETENV
+
+/* Define if you have the setgidx function.  */
+#undef HAVE_SETGIDX
+
+/* Define if you have the setgroups function.  */
+#undef HAVE_SETGROUPS
+
+/* Define if you have the setlinebuf function.  */
+#undef HAVE_SETLINEBUF
+
+/* Define if you have the setluid function.  */
+#undef HAVE_SETLUID
+
+/* Define if you have the setnetgrent function.  */
+#undef HAVE_SETNETGRENT
+
+/* Define if you have the setpgid function.  */
+#undef HAVE_SETPGID
+
+/* Define if you have the setpriv function.  */
+#undef HAVE_SETPRIV
+
+/* Define if you have the setsid function.  */
+#undef HAVE_SETSID
+
+/* Define if you have the setuidx function.  */
+#undef HAVE_SETUIDX
+
+/* Define if you have the sigaction function.  */
+#undef HAVE_SIGACTION
+
+/* Define if you have the sigblock function.  */
+#undef HAVE_SIGBLOCK
+
+/* Define if you have the sigprocmask function.  */
+#undef HAVE_SIGPROCMASK
+
+/* Define if you have the sigset function.  */
+#undef HAVE_SIGSET
+
+/* Define if you have the snprintf function.  */
+#undef HAVE_SNPRINTF
+
+/* Define if you have the srand function.  */
+#undef HAVE_SRAND
+
+/* Define if you have the srandom function.  */
+#undef HAVE_SRANDOM
+
+/* Define if you have the stat64 function.  */
+#undef HAVE_STAT64
+
+/* Define if you have the strcasecmp function.  */
+#undef HAVE_STRCASECMP
+
+/* Define if you have the strchr function.  */
+#undef HAVE_STRCHR
+
+/* Define if you have the strdup function.  */
+#undef HAVE_STRDUP
+
+/* Define if you have the strerror function.  */
+#undef HAVE_STRERROR
+
+/* Define if you have the strftime function.  */
+#undef HAVE_STRFTIME
+
+/* Define if you have the strlcat function.  */
+#undef HAVE_STRLCAT
+
+/* Define if you have the strlcpy function.  */
+#undef HAVE_STRLCPY
+
+/* Define if you have the strndup function.  */
+#undef HAVE_STRNDUP
+
+/* Define if you have the strpbrk function.  */
+#undef HAVE_STRPBRK
+
+/* Define if you have the strtoul function.  */
+#undef HAVE_STRTOUL
+
+/* Define if you have the symlink function.  */
+#undef HAVE_SYMLINK
+
+/* Define if you have the syscall function.  */
+#undef HAVE_SYSCALL
+
+/* Define if you have the sysconf function.  */
+#undef HAVE_SYSCONF
+
+/* Define if you have the syslog function.  */
+#undef HAVE_SYSLOG
+
+/* Define if you have the updwtmp function.  */
+#undef HAVE_UPDWTMP
+
+/* Define if you have the updwtmpx function.  */
+#undef HAVE_UPDWTMPX
+
+/* Define if you have the usleep function.  */
+#undef HAVE_USLEEP
+
+/* Define if you have the utime function.  */
+#undef HAVE_UTIME
+
+/* Define if you have the utimes function.  */
+#undef HAVE_UTIMES
+
+/* Define if you have the vasprintf function.  */
+#undef HAVE_VASPRINTF
+
+/* Define if you have the vsnprintf function.  */
+#undef HAVE_VSNPRINTF
+
+/* Define if you have the vsyslog function.  */
+#undef HAVE_VSYSLOG
+
+/* Define if you have the waitpid function.  */
+#undef HAVE_WAITPID
+
+/* Define if you have the yp_get_default_domain function.  */
+#undef HAVE_YP_GET_DEFAULT_DOMAIN
+
+/* Define if you have the <arpa/inet.h> header file.  */
+#undef HAVE_ARPA_INET_H
+
+/* Define if you have the <compat.h> header file.  */
+#undef HAVE_COMPAT_H
+
+/* Define if you have the <ctype.h> header file.  */
+#undef HAVE_CTYPE_H
+
+/* Define if you have the <cups/cups.h> header file.  */
+#undef HAVE_CUPS_CUPS_H
+
+/* Define if you have the <cups/language.h> header file.  */
+#undef HAVE_CUPS_LANGUAGE_H
+
+/* Define if you have the <dirent.h> header file.  */
+#undef HAVE_DIRENT_H
+
+/* Define if you have the <fcntl.h> header file.  */
+#undef HAVE_FCNTL_H
+
+/* Define if you have the <glob.h> header file.  */
+#undef HAVE_GLOB_H
+
+/* Define if you have the <grp.h> header file.  */
+#undef HAVE_GRP_H
+
+/* Define if you have the <gssapi/gssapi.h> header file.  */
+#undef HAVE_GSSAPI_GSSAPI_H
+
+/* Define if you have the <gssapi/gssapi_generic.h> header file.  */
+#undef HAVE_GSSAPI_GSSAPI_GENERIC_H
+
+/* Define if you have the <history.h> header file.  */
+#undef HAVE_HISTORY_H
+
+/* Define if you have the <krb5.h> header file.  */
+#undef HAVE_KRB5_H
+
+/* Define if you have the <lastlog.h> header file.  */
+#undef HAVE_LASTLOG_H
+
+/* Define if you have the <lber.h> header file.  */
+#undef HAVE_LBER_H
+
+/* Define if you have the <ldap.h> header file.  */
+#undef HAVE_LDAP_H
+
+/* Define if you have the <limits.h> header file.  */
+#undef HAVE_LIMITS_H
+
+/* Define if you have the <linux/xqm.h> header file.  */
+#undef HAVE_LINUX_XQM_H
+
+/* Define if you have the <memory.h> header file.  */
+#undef HAVE_MEMORY_H
+
+/* Define if you have the <ndir.h> header file.  */
+#undef HAVE_NDIR_H
+
+/* Define if you have the <net/if.h> header file.  */
+#undef HAVE_NET_IF_H
+
+/* Define if you have the <netinet/in_ip.h> header file.  */
+#undef HAVE_NETINET_IN_IP_H
+
+/* Define if you have the <netinet/in_systm.h> header file.  */
+#undef HAVE_NETINET_IN_SYSTM_H
+
+/* Define if you have the <netinet/ip.h> header file.  */
+#undef HAVE_NETINET_IP_H
+
+/* Define if you have the <netinet/tcp.h> header file.  */
+#undef HAVE_NETINET_TCP_H
+
+/* Define if you have the <ns_api.h> header file.  */
+#undef HAVE_NS_API_H
+
+/* Define if you have the <nss.h> header file.  */
+#undef HAVE_NSS_H
+
+/* Define if you have the <nss_common.h> header file.  */
+#undef HAVE_NSS_COMMON_H
+
+/* Define if you have the <poll.h> header file.  */
+#undef HAVE_POLL_H
+
+/* Define if you have the <readline.h> header file.  */
+#undef HAVE_READLINE_H
+
+/* Define if you have the <readline/history.h> header file.  */
+#undef HAVE_READLINE_HISTORY_H
+
+/* Define if you have the <readline/readline.h> header file.  */
+#undef HAVE_READLINE_READLINE_H
+
+/* Define if you have the <rpc/rpc.h> header file.  */
+#undef HAVE_RPC_RPC_H
+
+/* Define if you have the <rpcsvc/nis.h> header file.  */
+#undef HAVE_RPCSVC_NIS_H
+
+/* Define if you have the <rpcsvc/yp_prot.h> header file.  */
+#undef HAVE_RPCSVC_YP_PROT_H
+
+/* Define if you have the <rpcsvc/ypclnt.h> header file.  */
+#undef HAVE_RPCSVC_YPCLNT_H
+
+/* Define if you have the <security/_pam_macros.h> header file.  */
+#undef HAVE_SECURITY__PAM_MACROS_H
+
+/* Define if you have the <security/pam_appl.h> header file.  */
+#undef HAVE_SECURITY_PAM_APPL_H
+
+/* Define if you have the <security/pam_modules.h> header file.  */
+#undef HAVE_SECURITY_PAM_MODULES_H
+
+/* Define if you have the <shadow.h> header file.  */
+#undef HAVE_SHADOW_H
+
+/* Define if you have the <stdarg.h> header file.  */
+#undef HAVE_STDARG_H
+
+/* Define if you have the <stdlib.h> header file.  */
+#undef HAVE_STDLIB_H
+
+/* Define if you have the <string.h> header file.  */
+#undef HAVE_STRING_H
+
+/* Define if you have the <strings.h> header file.  */
+#undef HAVE_STRINGS_H
+
+/* Define if you have the <stropts.h> header file.  */
+#undef HAVE_STROPTS_H
+
+/* Define if you have the <sys/acl.h> header file.  */
+#undef HAVE_SYS_ACL_H
+
+/* Define if you have the <sys/capability.h> header file.  */
+#undef HAVE_SYS_CAPABILITY_H
+
+/* Define if you have the <sys/cdefs.h> header file.  */
+#undef HAVE_SYS_CDEFS_H
+
+/* Define if you have the <sys/dir.h> header file.  */
+#undef HAVE_SYS_DIR_H
+
+/* Define if you have the <sys/dustat.h> header file.  */
+#undef HAVE_SYS_DUSTAT_H
+
+/* Define if you have the <sys/fcntl.h> header file.  */
+#undef HAVE_SYS_FCNTL_H
+
+/* Define if you have the <sys/filio.h> header file.  */
+#undef HAVE_SYS_FILIO_H
+
+/* Define if you have the <sys/filsys.h> header file.  */
+#undef HAVE_SYS_FILSYS_H
+
+/* Define if you have the <sys/fs/s5param.h> header file.  */
+#undef HAVE_SYS_FS_S5PARAM_H
+
+/* Define if you have the <sys/fs/vx_quota.h> header file.  */
+#undef HAVE_SYS_FS_VX_QUOTA_H
+
+/* Define if you have the <sys/id.h> header file.  */
+#undef HAVE_SYS_ID_H
+
+/* Define if you have the <sys/ioctl.h> header file.  */
+#undef HAVE_SYS_IOCTL_H
+
+/* Define if you have the <sys/ipc.h> header file.  */
+#undef HAVE_SYS_IPC_H
+
+/* Define if you have the <sys/mman.h> header file.  */
+#undef HAVE_SYS_MMAN_H
+
+/* Define if you have the <sys/mode.h> header file.  */
+#undef HAVE_SYS_MODE_H
+
+/* Define if you have the <sys/mount.h> header file.  */
+#undef HAVE_SYS_MOUNT_H
+
+/* Define if you have the <sys/ndir.h> header file.  */
+#undef HAVE_SYS_NDIR_H
+
+/* Define if you have the <sys/param.h> header file.  */
+#undef HAVE_SYS_PARAM_H
+
+/* Define if you have the <sys/priv.h> header file.  */
+#undef HAVE_SYS_PRIV_H
+
+/* Define if you have the <sys/resource.h> header file.  */
+#undef HAVE_SYS_RESOURCE_H
+
+/* Define if you have the <sys/security.h> header file.  */
+#undef HAVE_SYS_SECURITY_H
+
+/* Define if you have the <sys/select.h> header file.  */
+#undef HAVE_SYS_SELECT_H
+
+/* Define if you have the <sys/shm.h> header file.  */
+#undef HAVE_SYS_SHM_H
+
+/* Define if you have the <sys/socket.h> header file.  */
+#undef HAVE_SYS_SOCKET_H
+
+/* Define if you have the <sys/sockio.h> header file.  */
+#undef HAVE_SYS_SOCKIO_H
+
+/* Define if you have the <sys/statfs.h> header file.  */
+#undef HAVE_SYS_STATFS_H
+
+/* Define if you have the <sys/statvfs.h> header file.  */
+#undef HAVE_SYS_STATVFS_H
+
+/* Define if you have the <sys/syscall.h> header file.  */
+#undef HAVE_SYS_SYSCALL_H
+
+/* Define if you have the <sys/termio.h> header file.  */
+#undef HAVE_SYS_TERMIO_H
+
+/* Define if you have the <sys/time.h> header file.  */
+#undef HAVE_SYS_TIME_H
+
+/* Define if you have the <sys/unistd.h> header file.  */
+#undef HAVE_SYS_UNISTD_H
+
+/* Define if you have the <sys/vfs.h> header file.  */
+#undef HAVE_SYS_VFS_H
+
+/* Define if you have the <sys/wait.h> header file.  */
+#undef HAVE_SYS_WAIT_H
+
+/* Define if you have the <syscall.h> header file.  */
+#undef HAVE_SYSCALL_H
+
+/* Define if you have the <termio.h> header file.  */
+#undef HAVE_TERMIO_H
+
+/* Define if you have the <termios.h> header file.  */
+#undef HAVE_TERMIOS_H
+
+/* Define if you have the <unistd.h> header file.  */
+#undef HAVE_UNISTD_H
+
+/* Define if you have the <utime.h> header file.  */
+#undef HAVE_UTIME_H
+
+/* Define if you have the <utmp.h> header file.  */
+#undef HAVE_UTMP_H
+
+/* Define if you have the <utmpx.h> header file.  */
+#undef HAVE_UTMPX_H
+
+/* Define if you have the acl library (-lacl).  */
+#undef HAVE_LIBACL
+
+/* Define if you have the cups library (-lcups).  */
+#undef HAVE_LIBCUPS
+
+/* Define if you have the gen library (-lgen).  */
+#undef HAVE_LIBGEN
+
+/* Define if you have the iconv library (-liconv).  */
+#undef HAVE_LIBICONV
+
+/* Define if you have the inet library (-linet).  */
+#undef HAVE_LIBINET
+
+/* Define if you have the nsl library (-lnsl).  */
+#undef HAVE_LIBNSL
+
+/* Define if you have the nsl_s library (-lnsl_s).  */
+#undef HAVE_LIBNSL_S
+
+/* Define if you have the resolv library (-lresolv).  */
+#undef HAVE_LIBRESOLV
+
+/* Define if you have the sec library (-lsec).  */
+#undef HAVE_LIBSEC
+
+/* Define if you have the security library (-lsecurity).  */
+#undef HAVE_LIBSECURITY
+
+/* Define if you have the socket library (-lsocket).  */
+#undef HAVE_LIBSOCKET
+
+/* Define to turn on dmalloc debugging */
+#undef ENABLE_DMALLOC
+
+/* Define to check invariants around some common functions */
+#undef DMALLOC_FUNC_CHECK
+
+/* Do we have rl_completion_matches? */
+#undef HAVE_NEW_LIBREADLINE
+
+/* Define if you have working AF_LOCAL sockets */
+#undef HAVE_WORKING_AF_LOCAL
+
diff --git a/source3/include/debug.h b/source3/include/debug.h
new file mode 100644
index 0000000000..235fbf70c4
--- /dev/null
+++ b/source3/include/debug.h
@@ -0,0 +1,197 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB debug stuff
+   Copyright (C) Andrew Tridgell 1992-1998
+   Copyright (C) John H Terpstra 1996-1998
+   Copyright (C) Luke Kenneth Casson Leighton 1996-1998
+   Copyright (C) Paul Ashton 1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _DEBUG_H
+#define _DEBUG_H
+
+/* -------------------------------------------------------------------------- **
+ * Debugging code.  See also debug.c
+ */
+
+/* mkproto.awk has trouble with ifdef'd function definitions (it ignores
+ * the #ifdef directive and will read both definitions, thus creating two
+ * diffferent prototype declarations), so we must do these by hand.
+ */
+/* I know the __attribute__ stuff is ugly, but it does ensure we get the 
+   arguemnts to DEBUG() right. We have got them wrong too often in the 
+   past.
+ */
+int  Debug1( char *, ... ) PRINTF_ATTRIBUTE(1,2);
+BOOL dbgtext( char *, ... ) PRINTF_ATTRIBUTE(1,2);
+
+extern XFILE *dbf;
+
+/* If we have these macros, we can add additional info to the header. */
+#ifdef HAVE_FILE_MACRO
+#define FILE_MACRO (__FILE__)
+#else
+#define FILE_MACRO ("")
+#endif
+
+#ifdef HAVE_FUNCTION_MACRO
+#define FUNCTION_MACRO  (__FUNCTION__)
+#else
+#define FUNCTION_MACRO  ("")
+#endif
+
+/* 
+ * Redefine DEBUGLEVEL because so we don't have to change every source file
+ * that *unnecessarily* references it. Source files neeed not extern reference 
+ * DEBUGLEVEL, as it's extern in includes.h (which all source files include).
+ * Eventually, all these references should be removed, and all references to
+ * DEBUGLEVEL should be references to DEBUGLEVEL_CLASS[DBGC_ALL]. This could
+ * still be through a macro still called DEBUGLEVEL. This cannot be done now
+ * because some references would expand incorrectly.
+ */
+#define DEBUGLEVEL *debug_level
+
+
+/*
+ * Define all new debug classes here. A class is represented by an entry in
+ * the DEBUGLEVEL_CLASS array. Index zero of this arrray is equivalent to the
+ * old DEBUGLEVEL. Any source file that does NOT add the following lines:
+ *
+ *   #undef  DBGC_CLASS
+ *   #define DBGC_CLASS DBGC_<your class name here>
+ *
+ * at the start of the file (after #include "includes.h") will default to
+ * using index zero, so it will behaive just like it always has. 
+ */
+#define DBGC_CLASS            0     /* override as shown above */
+#define DBGC_ALL              0     /* index equivalent to DEBUGLEVEL */
+
+#define DBGC_TDB              1
+#define DBGC_PRINTDRIVERS     2
+#define DBGC_LANMAN           3
+#define DBGC_SMB              4
+#define DBGC_RPC              5
+#define DBGC_RPC_HDR          6
+#define DBGC_BDC              7
+
+#define DBGC_LAST             8     /* MUST be last class value + 1 */
+
+extern int DEBUGLEVEL_CLASS[DBGC_LAST];
+extern BOOL DEBUGLEVEL_CLASS_ISSET[DBGC_LAST];
+
+struct debuglevel_message {
+	int debuglevel_class[DBGC_LAST];
+	BOOL debuglevel_class_isset[DBGC_LAST];
+};
+
+/* Debugging macros
+ *
+ * DEBUGLVL()
+ *   If the 'file specific' debug class level >= level OR the system-wide 
+ *   DEBUGLEVEL (synomym for DEBUGLEVEL_CLASS[ DBGC_ALL ]) >= level then
+ *   generate a header using the default macros for file, line, and 
+ *   function name. Returns True if the debug level was <= DEBUGLEVEL.
+ * 
+ *   Example: if( DEBUGLVL( 2 ) ) dbgtext( "Some text.\n" );
+ *
+ * DEBUGLVLC()
+ *   If the 'macro specified' debug class level >= level OR the system-wide 
+ *   DEBUGLEVEL (synomym for DEBUGLEVEL_CLASS[ DBGC_ALL ]) >= level then 
+ *   generate a header using the default macros for file, line, and 
+ *   function name. Returns True if the debug level was <= DEBUGLEVEL.
+ * 
+ *   Example: if( DEBUGLVLC( DBGC_TDB, 2 ) ) dbgtext( "Some text.\n" );
+ *
+ * DEBUG()
+ *   If the 'file specific' debug class level >= level OR the system-wide 
+ *   DEBUGLEVEL (synomym for DEBUGLEVEL_CLASS[ DBGC_ALL ]) >= level then 
+ *   generate a header using the default macros for file, line, and 
+ *   function name. Each call to DEBUG() generates a new header *unless* the 
+ *   previous debug output was unterminated (i.e. no '\n').
+ *   See debug.c:dbghdr() for more info.
+ *
+ *   Example: DEBUG( 2, ("Some text and a value %d.\n", value) );
+ *
+ * DEBUGC()
+ *   If the 'macro specified' debug class level >= level OR the system-wide 
+ *   DEBUGLEVEL (synomym for DEBUGLEVEL_CLASS[ DBGC_ALL ]) >= level then 
+ *   generate a header using the default macros for file, line, and 
+ *   function name. Each call to DEBUG() generates a new header *unless* the 
+ *   previous debug output was unterminated (i.e. no '\n').
+ *   See debug.c:dbghdr() for more info.
+ *
+ *   Example: DEBUGC( DBGC_TDB, 2, ("Some text and a value %d.\n", value) );
+ *
+ *  DEBUGADD(), DEBUGADDC()
+ *    Same as DEBUG() and DEBUGC() except the text is appended to the previous
+ *    DEBUG(), DEBUGC(), DEBUGADD(), DEBUGADDC() with out another interviening 
+ *    header.
+ *
+ *    Example: DEBUGADD( 2, ("Some text and a value %d.\n", value) );
+ *             DEBUGADDC( DBGC_TDB, 2, ("Some text and a value %d.\n", value) );
+ *
+ * Note: If the debug class has not be redeined (see above) then the optimizer 
+ * will remove the extra conditional test.
+ */
+
+#define DEBUGLVL( level ) \
+  ( ((level) <= MAX_DEBUG_LEVEL) && \
+     ((DEBUGLEVEL_CLASS[ DBGC_CLASS ] >= (level))||  \
+     (!DEBUGLEVEL_CLASS[ DBGC_CLASS ] && \
+      DEBUGLEVEL_CLASS[ DBGC_ALL   ] >= (level))  ) \
+   && dbghdr( level, FILE_MACRO, FUNCTION_MACRO, (__LINE__) ) )
+
+
+#define DEBUGLVLC( dbgc_class, level ) \
+  ( ((level) <= MAX_DEBUG_LEVEL) && \
+     ((DEBUGLEVEL_CLASS[ dbgc_class ] >= (level))||  \
+     (!DEBUGLEVEL_CLASS_ISSET[ dbgc_class ] && \
+      DEBUGLEVEL_CLASS[ DBGC_ALL   ] >= (level))  ) \
+   && dbghdr( level, FILE_MACRO, FUNCTION_MACRO, (__LINE__) ) )
+
+
+#define DEBUG( level, body ) \
+  (void)( ((level) <= MAX_DEBUG_LEVEL) && \
+           ((DEBUGLEVEL_CLASS[ DBGC_CLASS ] >= (level))||  \
+           (!DEBUGLEVEL_CLASS_ISSET[ DBGC_CLASS ] && \
+            DEBUGLEVEL_CLASS[ DBGC_ALL   ] >= (level))  ) \
+       && (dbghdr( level, FILE_MACRO, FUNCTION_MACRO, (__LINE__) )) \
+       && (dbgtext body) )
+
+#define DEBUGC( dbgc_class, level, body ) \
+  (void)( ((level) <= MAX_DEBUG_LEVEL) && \
+           ((DEBUGLEVEL_CLASS[ dbgc_class ] >= (level))||  \
+           (!DEBUGLEVEL_CLASS_ISSET[ dbgc_class ] && \
+	    DEBUGLEVEL_CLASS[ DBGC_ALL   ] >= (level))  ) \
+       && (dbghdr( level, FILE_MACRO, FUNCTION_MACRO, (__LINE__) )) \
+       && (dbgtext body) )
+
+#define DEBUGADD( level, body ) \
+  (void)( ((level) <= MAX_DEBUG_LEVEL) && \
+           ((DEBUGLEVEL_CLASS[ DBGC_CLASS ] >= (level))||  \
+           (!DEBUGLEVEL_CLASS_ISSET[ DBGC_CLASS ] && \
+            DEBUGLEVEL_CLASS[ DBGC_ALL   ] >= (level))  ) \
+       && (dbgtext body) )
+
+#define DEBUGADDC( dbgc_class, level, body ) \
+  (void)( ((level) <= MAX_DEBUG_LEVEL) && \
+          ((DEBUGLEVEL_CLASS[ dbgc_class ] >= (level))||  \
+           (!DEBUGLEVEL_CLASS_ISSET[ dbgc_class ] && \
+            DEBUGLEVEL_CLASS[ DBGC_ALL   ] >= (level))  ) \
+       && (dbgtext body) )
+
+#endif
diff --git a/source3/include/dlinklist.h b/source3/include/dlinklist.h
new file mode 100644
index 0000000000..794aea7576
--- /dev/null
+++ b/source3/include/dlinklist.h
@@ -0,0 +1,78 @@
+/* 
+   Unix SMB/CIFS implementation.
+   some simple double linked list macros
+   Copyright (C) Andrew Tridgell 1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+/* To use these macros you must have a structure containing a next and
+   prev pointer */
+
+
+/* hook into the front of the list */
+#define DLIST_ADD(list, p) \
+{ \
+        if (!(list)) { \
+		(list) = (p); \
+		(p)->next = (p)->prev = NULL; \
+	} else { \
+		(list)->prev = (p); \
+		(p)->next = (list); \
+		(p)->prev = NULL; \
+		(list) = (p); \
+	}\
+}
+
+/* remove an element from a list - element doesn't have to be in list. */
+#define DLIST_REMOVE(list, p) \
+{ \
+	if ((p) == (list)) { \
+		(list) = (p)->next; \
+		if (list) (list)->prev = NULL; \
+	} else { \
+		if ((p)->prev) (p)->prev->next = (p)->next; \
+		if ((p)->next) (p)->next->prev = (p)->prev; \
+	} \
+	if ((p) && ((p) != (list))) (p)->next = (p)->prev = NULL; \
+}
+
+/* promote an element to the top of the list */
+#define DLIST_PROMOTE(list, p) \
+{ \
+          DLIST_REMOVE(list, p) \
+          DLIST_ADD(list, p) \
+}
+
+/* hook into the end of the list - needs a tmp pointer */
+#define DLIST_ADD_END(list, p, tmp) \
+{ \
+		if (!(list)) { \
+			(list) = (p); \
+			(p)->next = (p)->prev = NULL; \
+		} else { \
+			for ((tmp) = (list); (tmp)->next; (tmp) = (tmp)->next) ; \
+			(tmp)->next = (p); \
+			(p)->next = NULL; \
+			(p)->prev = (tmp); \
+		} \
+}
+
+/* demote an element to the top of the list, needs a tmp pointer */
+#define DLIST_DEMOTE(list, p, tmp) \
+{ \
+		DLIST_REMOVE(list, p) \
+		DLIST_ADD_END(list, p, tmp) \
+}
diff --git a/source3/include/doserr.h b/source3/include/doserr.h
new file mode 100644
index 0000000000..4945bc69d7
--- /dev/null
+++ b/source3/include/doserr.h
@@ -0,0 +1,193 @@
+/* 
+   Unix SMB/CIFS implementation.
+   DOS error code constants
+   Copyright (C) Andrew Tridgell              1992-2000
+   Copyright (C) John H Terpstra              1996-2000
+   Copyright (C) Luke Kenneth Casson Leighton 1996-2000
+   Copyright (C) Paul Ashton                  1998-2000
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _DOSERR_H
+#define _DOSERR_H
+
+/* Error classes */
+
+#define ERRDOS 0x01 /*  Error is from the core DOS operating system set. */
+#define ERRSRV 0x02  /* Error is generated by the server network file manager.*/
+#define ERRHRD 0x03  /* Error is an hardware error. */
+#define ERRCMD 0xFF  /* Command was not in the "SMB" format. */
+
+/* SMB X/Open error codes for the ERRDOS error class */
+#define ERRsuccess 0 /* No error */
+#define ERRbadfunc 1 /* Invalid function (or system call) */
+#define ERRbadfile 2 /* File not found (pathname error) */
+#define ERRbadpath 3 /* Directory not found */
+#define ERRnofids 4 /* Too many open files */
+#define ERRnoaccess 5 /* Access denied */
+#define ERRbadfid 6 /* Invalid fid */
+#define ERRbadmcb 7 /* Memory control blocks destroyed. */
+#define ERRnomem 8 /* Out of memory */
+#define ERRbadmem 9 /* Invalid memory block address */
+#define ERRbadenv 10 /* Invalid environment */
+#define ERRbadaccess 12 /* Invalid open mode */
+#define ERRbaddata 13 /* Invalid data (only from ioctl call) */
+#define ERRres 14 /* reserved */
+#define ERRbaddrive 15 /* Invalid drive */
+#define ERRremcd 16 /* Attempt to delete current directory */
+#define ERRdiffdevice 17 /* rename/move across different filesystems */
+#define ERRnofiles 18 /* no more files found in file search */
+#define ERRgeneral 31 /* General failure */
+#define ERRbadshare 32 /* Share mode on file conflict with open mode */
+#define ERRlock 33 /* Lock request conflicts with existing lock */
+#define ERRunsup 50 /* Request unsupported, returned by Win 95, RJS 20Jun98 */
+#define ERRnetnamedel 64 /* Network name deleted or not available */
+#define ERRnosuchshare 67 /* You specified an invalid share name */
+#define ERRfilexists 80 /* File in operation already exists */
+#define ERRinvalidparam 87
+#define ERRcannotopen 110 /* Cannot open the file specified */
+#define ERRinsufficientbuffer 122
+#define ERRinvalidname 123 /* Invalid name */
+#define ERRunknownlevel 124
+#define ERRnotlocked 158 /* This region is not locked by this locking context. */
+#define ERRrename 183
+#define ERRbadpipe 230 /* Named pipe invalid */
+#define ERRpipebusy 231 /* All instances of pipe are busy */
+#define ERRpipeclosing 232 /* named pipe close in progress */
+#define ERRnotconnected 233 /* No process on other end of named pipe */
+#define ERRmoredata 234 /* More data to be returned */
+#define ERRnomoreitems 259
+#define ERRbaddirectory 267 /* Invalid directory name in a path. */
+#define ERReasnotsupported 282 /* Extended attributes */
+#define ERRlogonfailure 1326 /* Unknown username or bad password */
+#define ERRbuftoosmall 2123
+#define ERRunknownipc 2142
+#define ERRnosuchprintjob 2151
+#define ERRinvgroup 2455
+
+/* here's a special one from observing NT */
+#define ERRnoipc 66 /* don't support ipc */
+
+/* These errors seem to be only returned by the NT printer driver system */
+
+#define ERRunknownprinterdriver 1797 /* ERROR_UNKNOWN_PRINTER_DRIVER */
+#define ERRinvalidprintername 1801 /* ERROR_INVALID_PRINTER_NAME */
+#define ERRprinteralreadyexists 1802 /* ERROR_PRINTER_ALREADY_EXISTS */
+#define ERRinvaliddatatype 1804 /* ERROR_INVALID_DATATYPE */
+#define ERRinvalidenvironment 1805 /* ERROR_INVALID_ENVIRONMENT */
+#define ERRprinterdriverinuse 3001 /* ERROR_PRINTER_DRIVER_IN_USE */
+
+/* Error codes for the ERRSRV class */
+
+#define ERRerror 1 /* Non specific error code */
+#define ERRbadpw 2 /* Bad password */
+#define ERRbadtype 3 /* reserved */
+#define ERRaccess 4 /* No permissions to do the requested operation */
+#define ERRinvnid 5 /* tid invalid */
+#define ERRinvnetname 6 /* Invalid servername */
+#define ERRinvdevice 7 /* Invalid device */
+#define ERRqfull 49 /* Print queue full */
+#define ERRqtoobig 50 /* Queued item too big */
+#define ERRinvpfid 52 /* Invalid print file in smb_fid */
+#define ERRsmbcmd 64 /* Unrecognised command */
+#define ERRsrverror 65 /* smb server internal error */
+#define ERRfilespecs 67 /* fid and pathname invalid combination */
+#define ERRbadlink 68 /* reserved */
+#define ERRbadpermits 69 /* Access specified for a file is not valid */
+#define ERRbadpid 70 /* reserved */
+#define ERRsetattrmode 71 /* attribute mode invalid */
+#define ERRpaused 81 /* Message server paused */
+#define ERRmsgoff 82 /* Not receiving messages */
+#define ERRnoroom 83 /* No room for message */
+#define ERRrmuns 87 /* too many remote usernames */
+#define ERRtimeout 88 /* operation timed out */
+#define ERRnoresource  89 /* No resources currently available for request. */
+#define ERRtoomanyuids 90 /* too many userids */
+#define ERRbaduid 91 /* bad userid */
+#define ERRuseMPX 250 /* temporarily unable to use raw mode, use MPX mode */
+#define ERRuseSTD 251 /* temporarily unable to use raw mode, use standard mode */
+#define ERRcontMPX 252 /* resume MPX mode */
+#define ERRbadPW /* reserved */
+#define ERRnosupport 0xFFFF
+#define ERRunknownsmb 22 /* from NT 3.5 response */
+
+/* Error codes for the ERRHRD class */
+
+#define ERRnowrite 19 /* read only media */
+#define ERRbadunit 20 /* Unknown device */
+#define ERRnotready 21 /* Drive not ready */
+#define ERRbadcmd 22 /* Unknown command */
+#define ERRdata 23 /* Data (CRC) error */
+#define ERRbadreq 24 /* Bad request structure length */
+#define ERRseek 25
+#define ERRbadmedia 26
+#define ERRbadsector 27
+#define ERRnopaper 28
+#define ERRwrite 29 /* write fault */
+#define ERRread 30 /* read fault */
+#define ERRgeneral 31 /* General hardware failure */
+#define ERRwrongdisk 34
+#define ERRFCBunavail 35
+#define ERRsharebufexc 36 /* share buffer exceeded */
+#define ERRdiskfull 39
+
+
+/* these are win32 error codes. There are only a few places where
+   these matter for Samba, primarily in the NT printing code */
+#define WERR_OK W_ERROR(0)
+#define WERR_BADFILE W_ERROR(2)
+#define WERR_ACCESS_DENIED W_ERROR(5)
+#define WERR_BADFID W_ERROR(6)
+#define WERR_BADFUNC W_ERROR(1)
+#define WERR_INSUFFICIENT_BUFFER W_ERROR(122)
+#define WERR_NO_SUCH_SHARE W_ERROR(67)
+#define WERR_ALREADY_EXISTS W_ERROR(80)
+#define WERR_INVALID_PARAM W_ERROR(87)
+#define WERR_NOT_SUPPORTED W_ERROR(50)
+#define WERR_BAD_PASSWORD W_ERROR(86)
+#define WERR_NOMEM W_ERROR(8)
+#define WERR_INVALID_NAME W_ERROR(123)
+#define WERR_UNKNOWN_LEVEL W_ERROR(124)
+#define WERR_OBJECT_PATH_INVALID W_ERROR(161)
+#define WERR_NO_MORE_ITEMS W_ERROR(259)
+#define WERR_MORE_DATA W_ERROR(234)
+#define WERR_UNKNOWN_PRINTER_DRIVER W_ERROR(1797)
+#define WERR_INVALID_PRINTER_NAME W_ERROR(1801)
+#define WERR_PRINTER_ALREADY_EXISTS W_ERROR(1802)
+#define WERR_INVALID_DATATYPE W_ERROR(1804)
+#define WERR_INVALID_ENVIRONMENT W_ERROR(1805)
+#define WERR_INVALID_FORM_NAME W_ERROR(1902)
+#define WERR_INVALID_FORM_SIZE W_ERROR(1903)
+#define WERR_BUF_TOO_SMALL W_ERROR(2123)
+#define WERR_JOB_NOT_FOUND W_ERROR(2151)
+#define WERR_DEST_NOT_FOUND W_ERROR(2152)
+#define WERR_NOT_LOCAL_DOMAIN W_ERROR(2320)
+#define WERR_PRINTER_DRIVER_IN_USE W_ERROR(3001)
+#define WERR_STATUS_MORE_ENTRIES   W_ERROR(0x0105)
+
+/* DFS errors */
+
+#ifndef NERR_BASE
+#define NERR_BASE (2100)
+#endif
+
+#define WERR_DFS_NO_SUCH_VOL            W_ERROR(NERR_BASE+562)
+#define WERR_DFS_NO_SUCH_SHARE          W_ERROR(NERR_BASE+565)
+#define WERR_DFS_NO_SUCH_SERVER         W_ERROR(NERR_BASE+573)
+#define WERR_DFS_INTERNAL_ERROR         W_ERROR(NERR_BASE+590)
+#define WERR_DFS_CANT_CREATE_JUNCT      W_ERROR(NERR_BASE+569)
+
+#endif /* _DOSERR_H */
diff --git a/source3/include/dynconfig.h b/source3/include/dynconfig.h
new file mode 100644
index 0000000000..eaa3a0568d
--- /dev/null
+++ b/source3/include/dynconfig.h
@@ -0,0 +1,36 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Copyright (C) 2001 by Martin Pool <mbp@samba.org>
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+/**
+ * @file dynconfig.h
+ *
+ * @brief Exported global configurations.
+ **/
+
+extern char const *dyn_SBINDIR,
+	*dyn_BINDIR,
+	*dyn_SWATDIR;
+
+extern pstring dyn_CONFIGFILE;
+extern pstring dyn_LOGFILEBASE, dyn_LMHOSTSFILE;
+extern pstring dyn_LIBDIR;
+extern const pstring dyn_LOCKDIR; 
+extern const pstring dyn_DRIVERFILE; 
+extern const pstring dyn_SMB_PASSWD_FILE;
+extern const pstring dyn_PRIVATE_DIR;
diff --git a/source3/include/hash.h b/source3/include/hash.h
new file mode 100644
index 0000000000..c327c971ab
--- /dev/null
+++ b/source3/include/hash.h
@@ -0,0 +1,74 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Ying Chen 2000.
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef	_HASH_H_
+#define	_HASH_H_
+
+#define MAX_HASH_TABLE_SIZE    16384
+#define HASH_TABLE_INCREMENT  2
+
+typedef int (*compare_function)(char *, char *);
+typedef int (*hash_function)(int, char *);
+
+/*
+ * lru_link: links the node to the LRU list.
+ * hash_elem: the pointer to the element that is tied onto the link.
+ */
+typedef struct lru_node {
+        ubi_dlNode lru_link;
+        void *hash_elem;
+} lru_node;
+
+/* 
+ * bucket_link: link the hash element to the bucket chain that it belongs to.
+ * lru_link: this element ties the hash element to the lru list. 
+ * bucket: a pointer to the hash bucket that this element belongs to.
+ * value: a pointer to the hash element content. It can be anything.
+ * key: stores the string key. The hash_element is always allocated with
+ * more memory space than the structure shown below to accomodate the space
+ * used for the whole string. But the memory is always appended at the 
+ * end of the structure, so keep "key" at the end of the structure.
+ * Don't move it.
+ */
+typedef struct hash_element {
+        ubi_dlNode	bucket_link;          
+        lru_node    lru_link;
+        ubi_dlList	*bucket;
+        void	*value;		
+        char key[1];	
+} hash_element;
+
+/*
+ * buckets: a list of buckets, implemented as a dLinkList. 
+ * lru_chain: the lru list of all the hash elements. 
+ * num_elements: the # of elements in the hash table.
+ * size: the hash table size.
+ * comp_func: the compare function used during hash key comparisons.
+ */
+
+typedef struct hash_table {
+        ubi_dlList      *buckets;
+        ubi_dlList      lru_chain;     
+        int     num_elements;	
+        int     size;
+        compare_function        comp_func; 
+} hash_table;
+
+#endif /* _HASH_H_ */
diff --git a/source3/include/hmacmd5.h b/source3/include/hmacmd5.h
new file mode 100644
index 0000000000..6b53a6fd07
--- /dev/null
+++ b/source3/include/hmacmd5.h
@@ -0,0 +1,32 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Interface header: Scheduler service
+   Copyright (C) Luke Kenneth Casson Leighton 1996-1999
+   Copyright (C) Andrew Tridgell 1992-1999
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _HMAC_MD5_H
+
+typedef struct 
+{
+        struct MD5Context ctx;
+        uchar k_ipad[65];    
+        uchar k_opad[65];
+
+} HMACMD5Context;
+
+#endif /* _HMAC_MD5_H */
diff --git a/source3/include/includes.h b/source3/include/includes.h
index cc2bbbfad7..5da1c1d997 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -1,10 +1,10 @@
 #ifndef _INCLUDES_H
 #define _INCLUDES_H
 /* 
-   Unix SMB/Netbios implementation.
-   Version 1.9.
+   Unix SMB/CIFS implementation.
    Machine customisation and include handling
-   Copyright (C) Andrew Tridgell 1994-1995
+   Copyright (C) Andrew Tridgell 1994-1998
+   Copyright (C) 2002 by Martin Pool <mbp@samba.org>
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -20,1135 +20,1140 @@
    along with this program; if not, write to the Free Software
    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */
-/*
-   This file does all the #includes's. This makes it easier to
-   port to a new unix. Hopefully a port will only have to edit the Makefile
-   and add a section for the new unix below.
-*/
 
+#ifndef NO_CONFIG_H /* for some tests */
+#include "config.h"
+#endif
 
-/* the first OS dependent section is to setup what includes will be used.
-   the main OS dependent section comes later on 
-*/
+#include "local.h"
 
-#ifdef ALTOS
-#define NO_UTIMEH
+#ifdef AIX
+#define DEFAULT_PRINTING PRINT_AIX
+#define PRINTCAP_NAME "/etc/qconfig"
 #endif
 
-#ifdef MIPS
-#define POSIX_H
-#define NO_UTIMEH
+#ifdef HPUX
+#define DEFAULT_PRINTING PRINT_HPUX
 #endif
 
-#ifdef sun386
-#define NO_UTIMEH
+#ifdef QNX
+#define DEFAULT_PRINTING PRINT_QNX
 #endif
 
-#ifdef NEXT2
-#define NO_UTIMEH
+#ifdef SUNOS4
+/* on SUNOS4 termios.h conflicts with sys/ioctl.h */
+#undef HAVE_TERMIOS_H
 #endif
 
-#ifdef NEXT3_0
-#define NO_UTIMEH
-#define NO_UNISTDH
+#ifdef LINUX
+#ifndef DEFAULT_PRINTING
+#define DEFAULT_PRINTING PRINT_BSD
 #endif
-
-#ifdef APOLLO
-#define NO_UTIMEH
-#define NO_SYSMOUNTH
-#define NO_UNISTDH
+#ifndef PRINTCAP_NAME
+#define PRINTCAP_NAME "/etc/printcap"
 #endif
-
-#ifdef AIX
-#define NO_SYSMOUNTH
 #endif
 
-#ifdef M88K_R3
-#define SVR3H
-#define NO_RESOURCEH
+#ifdef __GNUC__
+/** Use gcc attribute to check printf fns.  a1 is the 1-based index of
+ * the parameter containing the format, and a2 the index of the first
+ * argument.  **/
+#define PRINTF_ATTRIBUTE(a1, a2) __attribute__ ((format (__printf__, a1, a2)))
+#else
+#define PRINTF_ATTRIBUTE(a1, a2)
 #endif
 
-#ifdef DNIX
-#define NO_SYSMOUNTH
-#define NO_NETIFH
-#define NO_RESOURCEH
-#define PRIME_NMBD 0
-#define NO_SETGROUPS
+#ifdef __GNUC__
+/** gcc attribute used on function parameters so that it does not emit
+ * warnings about them being unused. **/
+#  define UNUSED(param) param __attribute__ ((unused))
+#else
+#  define UNUSED(param) param
+/** Feel free to add definitions for other compilers here. */
 #endif
 
-
-#ifdef ISC
-#define SYSSTREAMH
-#define NO_RESOURCEH
+#ifdef RELIANTUNIX
+/*
+ * <unistd.h> has to be included before any other to get
+ * large file support on Reliant UNIX. Yes, it's broken :-).
+ */
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
 #endif
+#endif /* RELIANTUNIX */
 
-#ifdef QNX
-#define NO_RESOURCEH
-#define NO_SYSMOUNTH
-#define USE_MMAP 1
-#ifdef __386__
-   #define __i386__
-#endif
-#endif
+#include <sys/types.h>
 
-#ifdef NEWS42
-#define NO_UTIMEH
-#define NO_STRFTIME
-#define NO_UTIMBUF
-#define REPLACE_MKTIME
-#define NO_TM_NAME
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#else
+#ifdef HAVE_SYS_TIME_H
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
 #endif
 
-#ifdef OS2
-#define NO_SYSMOUNTH
-#define NO_NETIFH
+#ifdef HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
 #endif
 
-#ifdef LYNX
-#define NO_SYSMOUNTH
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
 #endif
 
+#include <stdio.h>
+#include <stddef.h>
 
-#if (defined(SHADOW_PWD)||defined(OSF1_ENH_SEC)||defined(SecureWare)||defined(PWDAUTH))
-#define PASSWORD_LENGTH 16
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
 #endif
 
-/* here is the general includes section - with some ifdefs generated 
-   by the previous section 
-*/
-#include "local.h"
-#include <stdio.h>
-#ifdef POSIX_STDLIBH
-#include <posix/stdlib.h>
-#else
+#ifdef HAVE_STDLIB_H
 #include <stdlib.h>
 #endif
-#include <ctype.h>
-#include <time.h>
-#ifndef NO_UTIMEH
-#include <utime.h>
+
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
 #endif
-#include <sys/types.h>
 
-#ifdef SVR3H
-#include <sys/statfs.h>
-#include <sys/stream.h>
-#include <netinet/types.h>
-#include <netinet/ether.h>
-#include <netinet/ip_if.h>
+#ifdef HAVE_UNIXSOCKET
+#include <sys/un.h>
 #endif
 
-#include <sys/socket.h>
-#include <sys/ioctl.h>
-#include <stddef.h>
-#ifdef POSIX_H
-#include <posix/utime.h>
-#include <bsd/sys/time.h>
-#include <bsd/netinet/in.h>
-#else
-#include <sys/time.h>
-#include <netinet/in.h>
-#endif 
-#include <netdb.h>
-#include <signal.h>
-#include <errno.h>
-#include <sys/file.h>
-#include <sys/stat.h>
-#include <sys/param.h>
-#include <grp.h>
-#ifndef NO_RESOURCEH
-#include <sys/resource.h>
+#ifdef HAVE_SYS_SYSCALL_H
+#include <sys/syscall.h>
+#elif HAVE_SYSCALL_H
+#include <syscall.h>
 #endif
-#ifndef NO_SYSMOUNTH
-#include <sys/mount.h>
+
+#ifdef HAVE_STRING_H
+#include <string.h>
 #endif
-#include <pwd.h>
-#ifdef __STDC__
-#include <stdarg.h>
-#else
-#include <varargs.h>
+
+#ifdef HAVE_STRINGS_H
+#include <strings.h>
 #endif
-#ifndef NO_UNISTDH
-#include <unistd.h>
+
+#ifdef HAVE_MEMORY_H
+#include <memory.h>
 #endif
-#include <sys/wait.h>
-#ifdef SYSSTREAMH
-#include <sys/stream.h>
+
+#ifdef HAVE_MALLOC_H
+#include <malloc.h>
 #endif
-#ifndef NO_NETIFH
-#ifdef POSIX_H
-#include <bsd/net/if.h>
+
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
 #else
-#include <net/if.h>
+#ifdef HAVE_SYS_FCNTL_H
+#include <sys/fcntl.h>
 #endif
 #endif
 
-#if USE_MMAP
-#include <sys/mman.h>
+#include <sys/stat.h>
+
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
 #endif
 
-#if defined(GETPWANAM)
-#include <sys/types.h>
-#include <sys/label.h>
-#include <sys/audit.h>
-#include <pwdadj.h>
+#ifdef HAVE_SYS_IOCTL_H
+#include <sys/ioctl.h>
 #endif
 
-#if defined(SHADOW_PWD) && !defined(NETBSD) && !defined(CONVEX)
-#include <shadow.h>
+#ifdef HAVE_SYS_FILIO_H
+#include <sys/filio.h>
 #endif
 
-/* this might be different on different systems */
-#ifdef QUOTAS 
-#ifdef LINUX
-#ifdef __KERNEL__
-#undef __KERNEL__
-#include <sys/quota.h>
-#define __KERNEL__
-#else
-#include <sys/quota.h>
+#include <signal.h>
+
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
 #endif
-#include <mntent.h>
-#else
-#include <sys/quota.h>
-#ifndef CRAY
-#include <devnm.h>
-#else
-#include <mntent.h>
+#ifdef HAVE_CTYPE_H
+#include <ctype.h>
 #endif
+#ifdef HAVE_GRP_H
+#include <grp.h>
 #endif
+#ifdef HAVE_SYS_PRIV_H
+#include <sys/priv.h>
 #endif
-
-#ifdef SYSLOG
-#include <syslog.h>
+#ifdef HAVE_SYS_ID_H
+#include <sys/id.h>
 #endif
 
+#include <errno.h>
 
+#ifdef HAVE_UTIME_H
+#include <utime.h>
+#endif
 
-/***************************************************************************
-Here come some platform specific sections
-***************************************************************************/
-
-
-#ifdef LINUX
-#include <arpa/inet.h>
-#include <dirent.h>
-#include <string.h>
-#include <sys/vfs.h>
-#include <netinet/in.h>
-#ifndef NO_ASMSIGNALH
-#include <asm/signal.h>
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
 #endif
-#define SIGNAL_CAST (__sighandler_t)
-#define USE_GETCWD
-#define USE_SETSID
-#define HAVE_BZERO
-#define HAVE_MEMMOVE
-#ifdef SHADOW_PWD
-#ifndef crypt
-#define crypt pw_encrypt
+
+#ifdef HAVE_SYS_MODE_H
+/* apparently AIX needs this for S_ISLNK */
+#ifndef S_ISLNK
+#include <sys/mode.h>
 #endif
 #endif
+
+#ifdef HAVE_GLOB_H
+#include <glob.h>
 #endif
 
-#ifdef SUNOS4
-#define SIGNAL_CAST (void (*)(int))
-#include <netinet/tcp.h>
-#include <dirent.h>
-#include <sys/acct.h>
-#include <sys/vfs.h>
-#include <string.h>
-#include <errno.h>
-#include <sys/wait.h>
-#include <signal.h>
-/* #include <termios.h> */
-#ifdef sun386
-#define NO_STRFTIME
-#define NO_UTIMBUF
-#define mktime timelocal
-typedef unsigned short mode_t;
+#include <pwd.h>
+
+#ifdef HAVE_STDARG_H
+#include <stdarg.h>
 #else
-#include <utime.h>
-#define NO_STRERROR
-#endif
-#define REPLACE_GETPASS
-#define BSD_TERMIO
+#include <varargs.h>
 #endif
 
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+#include <syslog.h>
+#include <sys/file.h>
 
-#ifdef SUNOS5
-#include <fcntl.h>
-#include <dirent.h>
-#include <sys/acct.h>
-#include <sys/statfs.h>
-#include <sys/statvfs.h>
-#include <sys/filio.h>
-#include <sys/sockio.h>
-#include <netinet/in_systm.h>
+#ifdef HAVE_NETINET_TCP_H
 #include <netinet/tcp.h>
-#include <netinet/ip.h>
-#include <string.h>
-#include <arpa/inet.h>
-#include <rpcsvc/ypclnt.h>
-#include <crypt.h> 
-#include <termios.h>
-extern int gettimeofday (struct timeval *, void *);
-extern int gethostname (char *name, int namelen);
-extern int innetgr (const char *, const char *, const char *, const char *);
-#define USE_SETVBUF
-#define SIGNAL_CAST (void (*)(int))
-#ifndef SYSV
-#define SYSV
-#endif
-#define USE_WAITPID
-#define REPLACE_STRLEN
-#define USE_STATVFS
-#define USE_GETCWD
-#define USE_SETSID
-#define REPLACE_GETPASS
 #endif
 
+/*
+ * The next three defines are needed to access the IPTOS_* options
+ * on some systems.
+ */
 
-#ifdef ULTRIX
-#include <strings.h>
-#include <nfs/nfs_clnt.h>
-#include <nfs/vfs.h>
-#include <netinet/tcp.h>
-#ifdef ULTRIX_AUTH
-#include <auth.h>
+#ifdef HAVE_NETINET_IN_SYSTM_H
+#include <netinet/in_systm.h>
 #endif
-char *getwd(char *);
-#define NOSTRDUP
-#ifdef __STDC__
-#define SIGNAL_CAST (void(*)(int))
+
+#ifdef HAVE_NETINET_IN_IP_H
+#include <netinet/in_ip.h>
 #endif
-#define USE_DIRECT
+
+#ifdef HAVE_NETINET_IP_H
+#include <netinet/ip.h>
 #endif
 
-#ifdef SGI
-#include <netinet/tcp.h>
-#include <sys/statfs.h>
-#include <string.h>
-#include <signal.h>
-#ifndef SYSV
-#define SYSV
+#if defined(HAVE_TERMIOS_H)
+/* POSIX terminal handling. */
+#include <termios.h>
+#elif defined(HAVE_TERMIO_H)
+/* Older SYSV terminal handling - don't use if we can avoid it. */
+#include <termio.h>
+#elif defined(HAVE_SYS_TERMIO_H)
+/* Older SYSV terminal handling - don't use if we can avoid it. */
+#include <sys/termio.h>
 #endif
-#define SIGNAL_CAST (void (*)())
-#define STATFS4
-#define USE_WAITPID
-#define USE_DIRECT
+
+#if HAVE_DIRENT_H
+# include <dirent.h>
+# define NAMLEN(dirent) strlen((dirent)->d_name)
+#else
+# define dirent direct
+# define NAMLEN(dirent) (dirent)->d_namlen
+# if HAVE_SYS_NDIR_H
+#  include <sys/ndir.h>
+# endif
+# if HAVE_SYS_DIR_H
+#  include <sys/dir.h>
+# endif
+# if HAVE_NDIR_H
+#  include <ndir.h>
+# endif
+#endif
+
+#ifdef HAVE_SYS_MMAN_H
+#include <sys/mman.h>
 #endif
 
-#ifdef SGI5
-#include <netinet/tcp.h>
-#include <sys/statvfs.h>
-#include <string.h>
-#include <signal.h>
-#include <dirent.h>
-#define USE_WAITPID
-#define NETGROUP 
-#ifndef SYSV
-#define SYSV
+#ifdef HAVE_NET_IF_H
+#include <net/if.h>
 #endif
-#define SIGNAL_CAST (void (*)())
-#define USE_STATVFS
-#define USE_WAITPID
+
+
+#ifdef HAVE_SYS_MOUNT_H
+#include <sys/mount.h>
 #endif
 
+#ifdef HAVE_SYS_VFS_H
+#include <sys/vfs.h>
+#endif
 
-#ifdef MIPS
-#include <bsd/net/soioctl.h>
-#include <string.h>
-#include <dirent.h>
-#include <fcntl.h>
-#include <sys/statfs.h>
-#include <sys/wait.h>
-#include <sys/termio.h>
-#define SIGNAL_CAST (void (*)())
-typedef int mode_t;
-extern struct group *getgrnam();
-extern struct passwd *getpwnam();
-#define STATFS4
-#define NO_STRERROR
-#define REPLACE_STRSTR
-#endif /* MIPS */
+#ifdef HAVE_SYS_ACL_H
+#include <sys/acl.h>
+#endif
 
+#ifdef HAVE_SYS_FS_S5PARAM_H 
+#include <sys/fs/s5param.h>
+#endif
 
+#if defined (HAVE_SYS_FILSYS_H) && !defined (_CRAY)
+#include <sys/filsys.h> 
+#endif
 
-#ifdef DGUX
-#include <string.h>
-#include <dirent.h>
-#include <sys/statfs.h>
-#include <sys/statvfs.h>
-#include <fcntl.h>
-#include <termios.h>
-#define SYSV
-#define USE_WAITPID
-#define SIGNAL_CAST (void (*)(int))
-#define STATFS4
-#define USE_GETCWD
+#ifdef HAVE_SYS_STATFS_H
+# include <sys/statfs.h>
 #endif
 
+#ifdef HAVE_DUSTAT_H              
+#include <sys/dustat.h>
+#endif
 
-#ifdef SVR4
-#include <string.h>
-#include <sys/dir.h>
-#include <dirent.h>
-#include <sys/statfs.h>
+#ifdef HAVE_SYS_STATVFS_H          
 #include <sys/statvfs.h>
-#include <sys/vfs.h>
-#include <sys/filio.h>
-#include <fcntl.h>
-#include <sys/sockio.h>
-#include <netinet/tcp.h>
-#include <stropts.h>
-#include <termios.h>
-#define SYSV
-#define USE_WAITPID
-#define SIGNAL_CAST (void (*)(int))
-#define USE_STATVFS
-#define USE_GETCWD
-#define USE_SETSID
 #endif
 
+#ifdef HAVE_SHADOW_H
+#include <shadow.h>
+#endif
 
-#ifdef OSF1
-#include <termios.h>
-#include <strings.h>
-#include <dirent.h>
-char *getwd(char *);
-char *mktemp(char *); /* No standard include */
-#include <netinet/in.h>
-#include <arpa/inet.h> /* both for inet_ntoa */
-#define SIGNAL_CAST ( void (*) (int) )
-#define STATFS3
-#define USE_F_FSIZE
-#include <netinet/tcp.h>
-#ifdef OSF1_ENH_SEC
-#include <pwd.h>
-#include <sys/types.h>
+#ifdef HAVE_GETPWANAM
+#include <sys/label.h>
+#include <sys/audit.h>
+#include <pwdadj.h>
+#endif
+
+#ifdef HAVE_SYS_SECURITY_H
 #include <sys/security.h>
 #include <prot.h>
-#include <unistd.h>
 #define PASSWORD_LENGTH 16
-#define NEED_AUTH_PARAMETERS
-#endif  /* OSF1_ENH_SEC */
+#endif  /* HAVE_SYS_SECURITY_H */
+
+#ifdef HAVE_COMPAT_H
+#include <compat.h>
 #endif
 
+#ifdef HAVE_STROPTS_H
+#include <stropts.h>
+#endif
 
-#ifdef CLIX
-#include <dirent.h>
-#define SIGNAL_CAST	(void (*)())
-#include <sys/fcntl.h>
-#include <sys/statfs.h>
-#include <string.h>
-#define NO_EID
-#define USE_WAITPID
-#define STATFS4
-#define NO_FSYNC
-#define USE_GETCWD
-#define USE_SETSID
-#define REPLACE_GETPASS
-#define NO_GETRLIMIT
-#endif	/* CLIX */
+#ifdef HAVE_POLL_H
+#include <poll.h>
+#endif
 
+#ifdef HAVE_SYS_CAPABILITY_H
 
+#if defined(BROKEN_REDHAT_7_SYSTEM_HEADERS) && !defined(_I386_STATFS_H)
+#define _I386_STATFS_H
+#define BROKEN_REDHAT_7_STATFS_WORKAROUND
+#endif
 
-#ifdef BSDI
-#include <string.h>
-#include <netinet/tcp.h>
-#define SIGNAL_CAST (void (*)())
-#define USE_DIRECT
+#include <sys/capability.h>
+
+#ifdef BROKEN_REDHAT_7_STATFS_WORKAROUND
+#undef _I386_STATFS_H
+#undef BROKEN_REDHAT_7_STATFS_WORKAROUND
 #endif
 
+#endif
 
-#ifdef NETBSD
-#include <strings.h>
-#include <netinet/tcp.h>
-/* you may not need this */
-#define NO_GETSPNAM
-#define SIGNAL_CAST (void (*)())
-#define USE_DIRECT
-#define REPLACE_INNETGR
-#endif 
+#if defined(HAVE_RPC_RPC_H)
+/*
+ * Check for AUTH_ERROR define conflict with rpc/rpc.h in prot.h.
+ */
+#if defined(HAVE_SYS_SECURITY_H) && defined(HAVE_RPC_AUTH_ERROR_CONFLICT)
+#undef AUTH_ERROR
+#endif
+#include <rpc/rpc.h>
+#endif
 
+#if defined(HAVE_YP_GET_DEFAULT_DOMAIN) && defined(HAVE_SETNETGRENT) && defined(HAVE_ENDNETGRENT) && defined(HAVE_GETNETGRENT)
+#define HAVE_NETGROUP 1
+#endif
 
+#if defined (HAVE_NETGROUP)
+#if defined(HAVE_RPCSVC_YP_PROT_H)
+#include <rpcsvc/yp_prot.h>
+#endif
+#if defined(HAVE_RPCSVC_YPCLNT_H)
+#include <rpcsvc/ypclnt.h>
+#endif
+#endif /* HAVE_NETGROUP */
 
-#ifdef FreeBSD
-#include <strings.h>
-#include <netinet/tcp.h>
-#include <netinet/in_systm.h>
-#include <netinet/ip.h>
-#define SIGNAL_CAST (void (*)())
-#define USE_DIRECT
-#define REPLACE_INNETGR
-#endif 
+#if defined(HAVE_SYS_IPC_H)
+#include <sys/ipc.h>
+#endif /* HAVE_SYS_IPC_H */
 
+#if defined(HAVE_SYS_SHM_H)
+#include <sys/shm.h>
+#endif /* HAVE_SYS_SHM_H */
 
+#ifdef HAVE_NATIVE_ICONV
+#include <iconv.h>
+#endif
 
-#ifdef AIX
-#include <strings.h>
-#include <sys/dir.h>
-#include <sys/select.h>
-#include <dirent.h>
-#include <sys/statfs.h>
-#include <sys/vfs.h>
-#include <sys/id.h>
-#include <sys/priv.h>
-#include <netinet/tcp.h>
-#define SYSV
-#define USE_WAITPID
-#define SIGNAL_CAST (void (*)())
-#define DEFAULT_PRINTING PRINT_AIX
+#if HAVE_KRB5_H
+#include <krb5.h>
+#else
+#undef HAVE_KRB5
 #endif
 
+#if HAVE_LBER_H
+#include <lber.h>
+#endif
 
-#ifdef HPUX
-#include <string.h>
-#include <dirent.h>
-#include <fcntl.h>
-#include <sys/vfs.h>
-#include <sys/types.h>
-#include <sys/termios.h>
-#include <netinet/tcp.h>
-#ifdef HPUX_10_TRUSTED
-#include <hpsecurity.h>
-#include <prot.h>
-#define NEED_AUTH_PARAMETERS
-#endif
-#define SIGNAL_CAST (void (*)(__harg))
-#define SELECT_CAST (int *)
-#define SYSV
-#define USE_WAITPID
-#define WAIT3_CAST2 (int *)
-#define USE_GETCWD
-#define USE_SETSID
-#define USE_SETRES
-#define DEFAULT_PRINTING PRINT_HPUX
-#define SIGCLD_IGNORE
+#if HAVE_LDAP_H
+#include <ldap.h>
+#else
+#undef HAVE_LDAP
 #endif
 
+#if HAVE_GSSAPI_GSSAPI_H
+#include <gssapi/gssapi.h>
+#else
+#undef HAVE_KRB5
+#endif
 
-#ifdef SEQUENT
-#include <signal.h>
-#include <string.h>
-#include <dirent.h>
-#include <sys/types.h>
-#include <sys/statfs.h>
-#include <sys/stat.h>
-#include <sys/buf.h>
-#include <sys/socket.h>
-#include <unistd.h>
-#include <fcntl.h>
-#define SIGNAL_CAST (void (*)(int))
-#define USE_WAITPID
-#define USE_GETCWD
-#define NO_EID
-#define STATFS4
-#define USE_DIRECT
+#if HAVE_GSSAPI_GSSAPI_GENERIC_H
+#include <gssapi/gssapi_generic.h>
+#else
+#undef HAVE_KRB5
 #endif
 
-#ifdef NEXT2
-#include <sys/types.h>
-#include <strings.h>
-#include <dirent.h>
-#include <sys/vfs.h>
-#define bzero(b,len) memset(b,0,len)
-#define mode_t int
-#define NO_UTIMBUF
-#include <libc.h>
-#define NOSTRDUP
-#define USE_DIRECT
-#define USE_WAITPID
-#endif 
+/* we support ADS if we have krb5 and ldap libs */
+#if defined(HAVE_KRB5) && defined(HAVE_LDAP) && defined(HAVE_GSSAPI)
+#define HAVE_ADS
+#endif
 
+/*
+ * Define VOLATILE if needed.
+ */
 
-#ifdef NEXT3_0
-#include <strings.h>
-#include <sys/dir.h>
-#include <sys/vfs.h>
-#define bzero(b,len) memset(b,0,len)
-#define NO_UTIMBUF
-#include <libc.h>
-#define NOSTRDUP
-#define USE_DIRECT
-#define mode_t int
-#define GID_TYPE int
-#define gid_t int
-#define SIGNAL_CAST (void (*)(int))
-#define WAIT3_CAST1 (union wait *)
-#define HAVE_GMTOFF
+#if defined(HAVE_VOLATILE)
+#define VOLATILE volatile
+#else
+#define VOLATILE
 #endif
 
+/*
+ * Define additional missing types
+ */
+#ifndef HAVE_SIG_ATOMIC_T_TYPE
+typedef int sig_atomic_t;
+#endif
 
+#ifndef HAVE_SOCKLEN_T_TYPE
+typedef int socklen_t;
+#endif
 
-#ifdef APOLLO
-#include <string.h>
-#include <fcntl.h>
-#include <sys/statfs.h>
-#define NO_UTIMBUF
-#define USE_DIRECT
-#define USE_GETCWD
-#define SIGNAL_CAST     (void (*)())
-#define HAVE_FCNTL_LOCK 0
-#define HAVE_GETTIMEOFDAY
-#define STATFS4
+
+#ifndef uchar
+#define uchar unsigned char
 #endif
 
+#ifdef HAVE_UNSIGNED_CHAR
+#define schar signed char
+#else
+#define schar char
+#endif
 
+/*
+   Samba needs type definitions for int16, int32, uint16 and uint32.
 
-#ifdef SCO
-#include <sys/netinet/tcp.h>
-#include <sys/netinet/in_systm.h>
-#include <sys/netinet/ip.h>
-#include <dirent.h>
-#include <string.h>
-#include <fcntl.h>
-#include <sys/statfs.h>
-#include <sys/stropts.h>
-#include <limits.h>
-#ifdef EVEREST
-#include <unistd.h> 
+   Normally these are signed and unsigned 16 and 32 bit integers, but
+   they actually only need to be at least 16 and 32 bits
+   respectively. Thus if your word size is 8 bytes just defining them
+   as signed and unsigned int will work.
+*/
+
+#ifndef uint8
+#define uint8 unsigned char
 #endif
-#ifdef NETGROUP
-#include <rpcsvc/ypclnt.h>
+
+#if !defined(int16) && !defined(HAVE_INT16_FROM_RPC_RPC_H)
+#if (SIZEOF_SHORT == 4)
+#define int16 __ERROR___CANNOT_DETERMINE_TYPE_FOR_INT16;
+#else /* SIZEOF_SHORT != 4 */
+#define int16 short
+#endif /* SIZEOF_SHORT != 4 */
 #endif
-#ifdef SecureWare
-#include <sys/security.h>
-#include <sys/audit.h>
-#include <prot.h>
-#define crypt bigcrypt
-#endif
-#ifndef EVEREST
- #define ftruncate(f,l) syscall(0x0a28,f,l)
-#endif 
-#define SIGNAL_CAST (void (*)(int))
-#define USE_WAITPID
-#define USE_GETCWD
-#define USE_SETSID
-#ifdef SCO3_2_2
-#define NO_EID
+
+/*
+ * Note we duplicate the size tests in the unsigned 
+ * case as int16 may be a typedef from rpc/rpc.h
+ */
+
+#if !defined(uint16) && !defined(HAVE_UINT16_FROM_RPC_RPC_H)
+#if (SIZEOF_SHORT == 4)
+#define uint16 __ERROR___CANNOT_DETERMINE_TYPE_FOR_INT16;
+#else /* SIZEOF_SHORT != 4 */
+#define uint16 unsigned short
+#endif /* SIZEOF_SHORT != 4 */
+#endif
+
+#if !defined(int32) && !defined(HAVE_INT32_FROM_RPC_RPC_H)
+#if (SIZEOF_INT == 4)
+#define int32 int
+#elif (SIZEOF_LONG == 4)
+#define int32 long
+#elif (SIZEOF_SHORT == 4)
+#define int32 short
 #else
-#ifndef EVEREST
-#define USE_IFREQ
+/* uggh - no 32 bit type?? probably a CRAY. just hope this works ... */
+#define int32 int
 #endif
 #endif
-#define STATFS4
-#define NO_FSYNC
-#ifndef EVEREST
-#define NO_INITGROUPS
+
+/*
+ * Note we duplicate the size tests in the unsigned 
+ * case as int32 may be a typedef from rpc/rpc.h
+ */
+
+#if !defined(uint32) && !defined(HAVE_UINT32_FROM_RPC_RPC_H)
+#if (SIZEOF_INT == 4)
+#define uint32 unsigned int
+#elif (SIZEOF_LONG == 4)
+#define uint32 unsigned long
+#elif (SIZEOF_SHORT == 4)
+#define uint32 unsigned short
+#else
+/* uggh - no 32 bit type?? probably a CRAY. just hope this works ... */
+#define uint32 unsigned
 #endif
-#define HAVE_PATHCONF
-#define NO_GETRLIMIT
 #endif
 
+/*
+ * Types for devices, inodes and offsets.
+ */
 
+#ifndef SMB_DEV_T
+#  if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_DEV64_T)
+#    define SMB_DEV_T dev64_t
+#  else
+#    define SMB_DEV_T dev_t
+#  endif
+#endif
 
-/* Definitions for RiscIX */
-#ifdef RiscIX
-#define SIGNAL_CAST (void (*)(int))
-#include <sys/dirent.h>
-#include <sys/acct.h>
-#include <sys/vfs.h>
-#include <string.h>
-#include <utime.h>
-#include <signal.h>
-#define HAVE_GETTIMEOFDAY
-#define NOSTRCASECMP
-#define NOSTRDUP
+/*
+ * Setup the correctly sized inode type.
+ */
+
+#ifndef SMB_INO_T
+#  if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_INO64_T)
+#    define SMB_INO_T ino64_t
+#  else
+#    define SMB_INO_T ino_t
+#  endif
 #endif
 
+#ifndef LARGE_SMB_INO_T
+#  if (defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_INO64_T)) || (defined(SIZEOF_INO_T) && (SIZEOF_INO_T == 8))
+#    define LARGE_SMB_INO_T 1
+#  endif
+#endif
 
+#ifdef LARGE_SMB_INO_T
+#define SINO_T(p, ofs, v) (SIVAL(p,ofs,(v)&0xFFFFFFFF), SIVAL(p,(ofs)+4,(v)>>32))
+#else 
+#define SINO_T(p, ofs, v) (SIVAL(p,ofs,v),SIVAL(p,(ofs)+4,0))
+#endif
 
-#ifdef ISC
-#include <net/errno.h>
-#include <string.h>
-#include <sys/dir.h>
-#include <dirent.h>
-#include <sys/statfs.h>
-#include <fcntl.h>
-#include <sys/sioctl.h>
-#include <stropts.h>
-#include <limits.h>
-#include <netinet/tcp.h>
-#define FIONREAD FIORDCHK
-#define SYSV
-#define USE_WAITPID
-#define SIGNAL_CAST (void (*)(int))
-#define USE_GETCWD
-#define USE_SETSID
-#define USE_IFREQ
-#define NO_FTRUNCATE
-#define STATFS4
-#define NO_FSYNC
+#ifndef SMB_OFF_T
+#  if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_OFF64_T)
+#    define SMB_OFF_T off64_t
+#  else
+#    define SMB_OFF_T off_t
+#  endif
 #endif
 
+/* this should really be a 64 bit type if possible */
+#define br_off SMB_BIG_UINT
 
+#define SMB_OFF_T_BITS (sizeof(SMB_OFF_T)*8)
 
-#ifdef AUX
-#include <fstab.h>
-#include <string.h>
-#include <dirent.h>
-#include <sys/vfs.h>
-#include <fcntl.h>
-#include <termios.h>
-#define SYSV
-#define USE_WAITPID
-#define SIGNAL_CAST (void (*)(int))
-char *strdup (char *);
-#define USE_GETCWD
-#endif
+/*
+ * Set the define that tells us if we can do 64 bit
+ * NT SMB calls.
+ */
 
+#ifndef LARGE_SMB_OFF_T
+#  if (defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_OFF64_T)) || (defined(SIZEOF_OFF_T) && (SIZEOF_OFF_T == 8))
+#    define LARGE_SMB_OFF_T 1
+#  endif
+#endif
 
-#ifdef M88K_R3
-#include <string.h>
-#include <dirent.h>
-#include <fcntl.h>
-#include <termios.h>
-#define STATFS4
-#define SYSV
-#define USE_WAITPID
-#define SIGNAL_CAST (void (*)(int))
-char *strdup (char *);
-#define USE_GETCWD
-#define NO_FSYNC
-#define NO_EID
+#ifdef LARGE_SMB_OFF_T
+#define SOFF_T(p, ofs, v) (SIVAL(p,ofs,(v)&0xFFFFFFFF), SIVAL(p,(ofs)+4,(v)>>32))
+#define SOFF_T_R(p, ofs, v) (SIVAL(p,(ofs)+4,(v)&0xFFFFFFFF), SIVAL(p,ofs,(v)>>32))
+#else 
+#define SOFF_T(p, ofs, v) (SIVAL(p,ofs,v),SIVAL(p,(ofs)+4,0))
+#define SOFF_T_R(p, ofs, v) (SIVAL(p,(ofs)+4,v),SIVAL(p,ofs,0))
 #endif
 
+/*
+ * Type for stat structure.
+ */
 
-#ifdef DNIX
-#include <dirent.h>
-#include <string.h>
-#include <fcntl.h>
-#include <sys/statfs.h>
-#include <sys/stropts.h>
-#define NO_GET_BROADCAST
-#define USE_WAITPID
-#define USE_GETCWD
-#define USE_SETSID
-#define STATFS4
-#define NO_EID
-#define PF_INET AF_INET
-#define NO_STRERROR
-#define ftruncate(f,l) chsize(f,l)
-#endif /* DNIX */
-
-#ifdef CONVEX
-#define SIGNAL_CAST (void (*)(int))
-#include <netinet/tcp.h>
-#include <arpa/inet.h>
-#include <dirent.h>
-#include <string.h>
-#include <sys/vfs.h>
-#include <fcntl.h>
-#define DONT_REINSTALL_SIG
-#define USE_SIGBLOCK
-#define USE_WAITPID
-#define SIGNAL_CAST (_SigFunc_Ptr_t)
-#define NO_GETSPNAM
-#define HAVE_MEMMOVE
-extern char *mktemp(char *);
-extern int  fsync(int);
-extern int  seteuid(uid_t);
-extern int  setgroups(int, int *);
-extern int  initgroups(char *, int);
-extern int  statfs(char *, struct statfs *);
-extern int  setegid(gid_t);
-extern int  getopt(int, char *const *, const char *);
-extern int  chroot(char *);
-extern int  gettimeofday(struct timeval *, struct timezone *);
-extern int  gethostname(char *, int);
-extern char *crypt(char *, char *);
-extern char *getpass(char *);
-#endif
-
-
-#ifdef CRAY
-#define MAXPATHLEN 1024
-#include <dirent.h>
-#include <string.h>
-#include <fcntl.h>
-#include <sys/statfs.h>
-#define SIGNAL_CAST (void (*)(int))
-#define SIGCLD_IGNORE
-#define HAVE_FCNTL_LOCK 1
-#define USE_SETSID
-#define STATFS4
+#ifndef SMB_STRUCT_STAT
+#  if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_STAT64) && defined(HAVE_OFF64_T)
+#    define SMB_STRUCT_STAT struct stat64
+#  else
+#    define SMB_STRUCT_STAT struct stat
+#  endif
 #endif
 
+/*
+ * Type for dirent structure.
+ */
 
-#ifdef ALTOS
-#include <unistd.h>
-#include <string.h>
-#include <dirent.h>
-#include <sys/fcntl.h>
-#include <sys/statfs.h>
-#define        const
-#define        uid_t           int
-#define        gid_t           int
-#define        mode_t          int
-#define        ptrdiff_t       int
-#define HAVE_GETGRNAM  0
-#define NO_EID
-#define NO_FSYNC
-#define        NO_FTRUNCATE
-#define        NO_GETRLIMIT
-#define        NO_INITGROUPS
-#define NO_SELECT
-#define NO_SETGROUPS
-#define NO_STRERROR
-#define NO_STRFTIME
-#define        NO_TM_NAME
-#define NO_UTIMEH
-#define NOSTRCASECMP
-#define REPLACE_MKTIME
-#define REPLACE_RENAME
-#define REPLACE_STRSTR
-#define STATFS4
-#define        USE_GETCWD
+#ifndef SMB_STRUCT_DIRENT
+#  if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_STRUCT_DIRENT64)
+#    define SMB_STRUCT_DIRENT struct dirent64
+#  else
+#    define SMB_STRUCT_DIRENT struct dirent
+#  endif
 #endif
 
-#ifdef QNX
-#define STATFS4
-#include <sys/statfs.h>
-#include <sys/select.h>
-#include <signal.h>
-#include <sys/dir.h>
-#define SIGNAL_CAST (void (*)())
-#define USE_WAITPID
-#define NO_INITGROUPS
-#define NO_SETGROUPS
-#define HAVE_TIMEZONE
-#define USE_GETCWD
-#define USE_SETSID
-#define HAVE_FCNTL_LOCK 1
-#define DEFAULT_PRINTING PRINT_QNX
+/*
+ * Defines for 64 bit fcntl locks.
+ */
+
+#ifndef SMB_STRUCT_FLOCK
+#  if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_STRUCT_FLOCK64) && defined(HAVE_OFF64_T)
+#    define SMB_STRUCT_FLOCK struct flock64
+#  else
+#    define SMB_STRUCT_FLOCK struct flock
+#  endif
 #endif
 
+#ifndef SMB_F_SETLKW
+#  if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_STRUCT_FLOCK64) && defined(HAVE_OFF64_T)
+#    define SMB_F_SETLKW F_SETLKW64
+#  else
+#    define SMB_F_SETLKW F_SETLKW
+#  endif
+#endif
 
-#ifdef NEWS42
-#include <string.h>
-#include <dirent.h>
-#include <sys/vfs.h>
-#include <sys/timeb.h>
-typedef int mode_t;
+#ifndef SMB_F_SETLK
+#  if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_STRUCT_FLOCK64) && defined(HAVE_OFF64_T)
+#    define SMB_F_SETLK F_SETLK64
+#  else
+#    define SMB_F_SETLK F_SETLK
+#  endif
 #endif
 
-#ifdef OS2
-#include <dirent.h>
-#include <sys/statfs.h>
-#include <string.h>
-#include <limits.h>
-#define SIGNAL_CAST (void (*)())
-#define HAVE_FCNTL_LOCK 0
-#define USE_WAITPID
-#define NO_GET_BROADCAST
-#define NO_EID
-#define NO_SETGROUPS
-#define NO_INITGROUPS
-#define NO_CRYPT
-#define NO_STATFS
-#define NO_CHROOT
-#define NO_CHOWN
-#define strcasecmp stricmp
-#define strncasecmp strnicmp
-#endif
-
-
-#ifdef LYNX
-#define SIGNAL_CAST (void (*)())
-#define WAIT3_CAST1 (union wait *)
-#define STATFS4
-#include <fcntl.h>
-#include <resource.h>
-#include <stat.h>
-#include <string.h>
-#include <dirent.h>
-#include <sys/statfs.h>
-#define USE_GETCWD
-#define USE_GETSID
+#ifndef SMB_F_GETLK
+#  if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_STRUCT_FLOCK64) && defined(HAVE_OFF64_T)
+#    define SMB_F_GETLK F_GETLK64
+#  else
+#    define SMB_F_GETLK F_GETLK
+#  endif
 #endif
 
+#if defined(HAVE_LONGLONG)
+#define SMB_BIG_UINT unsigned long long
+#define SMB_BIG_INT long long
+#define SBIG_UINT(p, ofs, v) (SIVAL(p,ofs,(v)&0xFFFFFFFF), SIVAL(p,(ofs)+4,(v)>>32))
+#else
+#define SMB_BIG_UINT unsigned long
+#define SMB_BIG_INT long
+#define SBIG_UINT(p, ofs, v) (SIVAL(p,ofs,v),SIVAL(p,(ofs)+4,0))
+#endif
 
-/*******************************************************************
-end of the platform specific sections
-********************************************************************/
+#define SMB_BIG_UINT_BITS (sizeof(SMB_BIG_UINT)*8)
 
-#ifdef SecureWare
-#define NEED_AUTH_PARAMETERS
+#ifndef MIN
+#define MIN(a,b) ((a)<(b)?(a):(b))
 #endif
 
-#ifdef REPLACE_GETPASS
-extern char    *getsmbpass(char *);
-#define getpass(s) getsmbpass(s)
+#ifndef MAX
+#define MAX(a,b) ((a)>(b)?(a):(b))
 #endif
 
-#ifdef REPLACE_INNETGR
-#define innetgr(group,host,user,dom) InNetGr(group,host,user,dom)
+#ifndef HAVE_STRERROR
+extern char *sys_errlist[];
+#define strerror(i) sys_errlist[i]
 #endif
 
-#ifndef FD_SETSIZE
-#define FD_SETSIZE 255
+#ifndef HAVE_ERRNO_DECL
+extern int errno;
 #endif
 
-#ifndef MAXINT
-#define MAXINT ((((unsigned)1)<<(sizeof(int)*8-1))-1)
+#ifdef HAVE_BROKEN_GETGROUPS
+#define GID_T int
+#else
+#define GID_T gid_t
 #endif
 
-#ifndef __STDC__
-#define const
+#ifndef NGROUPS_MAX
+#define NGROUPS_MAX 32 /* Guess... */
+#endif
+
+/* Our own pstrings and fstrings */
+#include "pstring.h"
+
+/* Lists, trees, caching, database... */
+#include "xfile.h"
+#include "intl.h"
+#include "ubi_sLinkList.h"
+#include "ubi_dLinkList.h"
+#include "dlinklist.h"
+#include "../tdb/tdb.h"
+#include "../tdb/spinlock.h"
+#include "talloc.h"
+#include "ads.h"
+#include "interfaces.h"
+#include "hash.h"
+#include "trans2.h"
+#include "nterr.h"
+#include "messages.h"
+#include "charset.h"
+#include "dynconfig.h"
+
+#include "util_getent.h"
+
+#ifndef UBI_BINTREE_H
+#include "ubi_Cache.h"
+#endif /* UBI_BINTREE_H */
+
+#include "debugparse.h"
+
+#include "version.h"
+#include "smb.h"
+#include "smbw.h"
+#include "nameserv.h"
+
+#include "secrets.h"
+
+#include "byteorder.h"
+
+#include "ntdomain.h"
+
+#include "msdfs.h"
+
+#include "smbprofile.h"
+
+#include "mapping.h"
+
+#include "rap.h"
+
+#include "md5.h"
+#include "hmacmd5.h"
+
+#include "auth.h"
+
+#include "passdb.h"
+
+#include "session.h"
+
+#include "asn_1.h"
+
+#include "popt.h"
+
+#include "mangle.h"
+
+#ifndef MAXCODEPAGELINES
+#define MAXCODEPAGELINES 256
 #endif
 
-/* Now for some other grungy stuff */
-#ifdef NO_GETSPNAM
-struct spwd { /* fake shadow password structure */
-       char *sp_pwdp;
+/*
+ * Type for wide character dirent structure.
+ * Only d_name is defined by POSIX.
+ */
+
+typedef struct smb_wdirent {
+	wpstring        d_name;
+} SMB_STRUCT_WDIRENT;
+
+/*
+ * Type for wide character passwd structure.
+ */
+
+typedef struct smb_wpasswd {
+	wfstring       pw_name;
+	char           *pw_passwd;
+	uid_t          pw_uid;
+	gid_t          pw_gid;
+	wpstring       pw_gecos;
+	wpstring       pw_dir;
+	wpstring       pw_shell;
+} SMB_STRUCT_WPASSWD;
+
+/* used in net.c */
+struct functable {
+	char *funcname;
+	int (*fn)(int argc, const char **argv);
 };
-#endif
 
-#ifndef HAVE_BZERO
-#ifndef bzero
-#define bzero(p,s) memset(p,0,s)
-#endif
-#endif
 
-#ifndef HAVE_MEMMOVE
-#ifndef memmove
-#define memmove(d,s,n) MemMove(d,s,n)
-#endif
-#endif
+/* Defines for wisXXX functions. */
+#define UNI_UPPER    0x1
+#define UNI_LOWER    0x2
+#define UNI_DIGIT    0x4
+#define UNI_XDIGIT   0x8
+#define UNI_SPACE    0x10
 
-#ifdef USE_DIRECT
-#include <sys/dir.h>
-#endif
+#include "nsswitch/nss.h"
+
+/***** automatically generated prototypes *****/
+#include "proto.h"
 
-/* some unixes have ENOTTY instead of TIOCNOTTY */
-#ifndef TIOCNOTTY
-#ifdef ENOTTY
-#define TIOCNOTTY ENOTTY
+/* String routines */
+
+#include "safe_string.h"
+
+#ifdef __COMPAR_FN_T
+#define QSORT_CAST (__compar_fn_t)
 #endif
+
+#ifndef QSORT_CAST
+#define QSORT_CAST (int (*)(const void *, const void *))
 #endif
 
-#ifndef SIGHUP
-#define SIGHUP 1
+/* this guess needs to be improved (tridge) */
+#if (defined(STAT_STATVFS) || defined(STAT_STATVFS64)) && !defined(SYSV)
+#define SYSV 1
 #endif
 
-/* if undefined then use bsd or sysv printing */
 #ifndef DEFAULT_PRINTING
-#ifdef SYSV
+#ifdef HAVE_CUPS
+#define DEFAULT_PRINTING PRINT_CUPS
+#define PRINTCAP_NAME "cups"
+#elif defined(SYSV)
 #define DEFAULT_PRINTING PRINT_SYSV
+#define PRINTCAP_NAME "lpstat"
 #else
 #define DEFAULT_PRINTING PRINT_BSD
+#define PRINTCAP_NAME "/etc/printcap"
 #endif
 #endif
 
+#ifndef PRINTCAP_NAME
+#define PRINTCAP_NAME "/etc/printcap"
+#endif
 
-#ifdef AFS_AUTH
-#include <afs/stds.h>
-#include <afs/kautils.h>
+#ifndef SIGCLD
+#define SIGCLD SIGCHLD
 #endif
 
-#ifdef DFS_AUTH
-#include <dce/dce_error.h>
-#include <dce/sec_login.h>
+#ifndef MAP_FILE
+#define MAP_FILE 0
 #endif
 
-#ifdef NO_UTIMBUF
-struct utimbuf {
-  time_t actime;
-  time_t modtime;
-};
+#if (!defined(WITH_NISPLUS) && !defined(WITH_LDAP) && !defined(WITH_TDB_SAM))
+#define USE_SMBPASS_DB 1
 #endif
 
-#ifdef NO_STRERROR
-#ifndef strerror
-extern char *sys_errlist[];
-#define strerror(i) sys_errlist[i]
+#if defined(HAVE_PUTPRPWNAM) && defined(AUTH_CLEARTEXT_SEG_CHARS)
+#define OSF1_ENH_SEC 1
+#endif
+
+#ifndef ALLOW_CHANGE_PASSWORD
+#if (defined(HAVE_TERMIOS_H) && defined(HAVE_DUP2) && defined(HAVE_SETSID))
+#define ALLOW_CHANGE_PASSWORD 1
 #endif
 #endif
 
-#ifndef perror
-#define perror(m) printf("%s: %s\n",m,strerror(errno))
+/* what is the longest significant password available on your system? 
+ Knowing this speeds up password searches a lot */
+#ifndef PASSWORD_LENGTH
+#define PASSWORD_LENGTH 8
 #endif
 
-#ifndef MAXHOSTNAMELEN
-#define MAXHOSTNAMELEN 255
+#ifdef REPLACE_INET_NTOA
+#define inet_ntoa rep_inet_ntoa
 #endif
 
-#include "version.h"
-#include "smb.h"
-#include "byteorder.h"
-#ifdef SMB_PASSWD
-#include "smbpass.h"
+#ifndef HAVE_PIPE
+#define SYNC_DNS 1
 #endif
 
-#include "kanji.h"
-#include "charset.h"
+#ifndef MAXPATHLEN
+#define MAXPATHLEN 256
+#endif
 
-#ifndef S_IFREG
-#define S_IFREG 0100000
+#ifndef SEEK_SET
+#define SEEK_SET 0
 #endif
 
-#ifndef S_ISREG
-#define S_ISREG(x) ((S_IFREG & x)!=0)
+#ifndef INADDR_LOOPBACK
+#define INADDR_LOOPBACK 0x7f000001
 #endif
 
-#ifndef S_ISDIR
-#define S_ISDIR(x) ((S_IFDIR & x)!=0)
+#ifndef INADDR_NONE
+#define INADDR_NONE 0xffffffff
 #endif
 
-#ifdef UFC_CRYPT
+#ifndef HAVE_CRYPT
 #define crypt ufc_crypt
 #endif
 
-#ifdef REPLACE_STRLEN
-#define strlen(s) Strlen(s)
+#ifndef O_ACCMODE
+#define O_ACCMODE (O_RDONLY | O_WRONLY | O_RDWR)
 #endif
 
-#ifdef REPLACE_STRSTR
-#define strstr(s,p) Strstr(s,p)
+#if defined(HAVE_CRYPT16) && defined(HAVE_GETAUTHUID)
+#define ULTRIX_AUTH 1
 #endif
 
-#ifdef REPLACE_MKTIME
-#define mktime(t) Mktime(t)
+#ifdef HAVE_LIBREADLINE
+#  ifdef HAVE_READLINE_READLINE_H
+#    include <readline/readline.h>
+#    ifdef HAVE_READLINE_HISTORY_H
+#      include <readline/history.h>
+#    endif
+#  else
+#    ifdef HAVE_READLINE_H
+#      include <readline.h>
+#      ifdef HAVE_HISTORY_H
+#        include <history.h>
+#      endif
+#    else
+#      undef HAVE_LIBREADLINE
+#    endif
+#  endif
 #endif
 
-#ifndef NGROUPS_MAX
-#define NGROUPS_MAX 128
+#ifndef HAVE_STRDUP
+char *strdup(const char *s);
 #endif
 
-#ifndef EDQUOT
-#define EDQUOT ENOSPC
+#ifndef HAVE_MEMMOVE
+void *memmove(void *dest,const void *src,int size);
 #endif
 
-#ifndef HAVE_GETGRNAM
-#define HAVE_GETGRNAM 1
+#ifndef HAVE_INITGROUPS
+int initgroups(char *name,gid_t id);
 #endif
 
-#ifndef SOL_TCP
-#define SOL_TCP 6
+#ifndef HAVE_RENAME
+int rename(const char *zfrom, const char *zto);
 #endif
 
-/* default to using ftruncate workaround as this is safer than assuming
-it works and getting lots of bug reports */
-#ifndef FTRUNCATE_CAN_EXTEND
-#define FTRUNCATE_CAN_EXTEND 0
+#ifndef HAVE_MKTIME
+time_t mktime(struct tm *t);
 #endif
 
-/* maybe this unix doesn't separate RD and WR locks? */
-#ifndef F_RDLCK
-#define F_RDLCK F_WRLCK
+#ifndef HAVE_STRLCPY
+size_t strlcpy(char *d, const char *s, size_t bufsize);
 #endif
 
-#ifndef ENOTSOCK
-#define ENOTSOCK EINVAL
+#ifndef HAVE_STRLCAT
+size_t strlcat(char *d, const char *s, size_t bufsize);
 #endif
 
-#ifndef SIGCLD
-#define SIGCLD SIGCHLD
-#endif 
+#ifndef HAVE_FTRUNCATE
+int ftruncate(int f,long l);
+#endif
 
-#ifndef HAVE_FCNTL_LOCK
-#define HAVE_FCNTL_LOCK 1
+#ifndef HAVE_STRTOUL
+unsigned long strtoul(const char *nptr, char **endptr, int base);
 #endif
 
-#ifndef WAIT3_CAST2
-#define WAIT3_CAST2 (struct rusage *)
+#if (defined(USE_SETRESUID) && !defined(HAVE_SETRESUID_DECL))
+/* stupid glibc */
+int setresuid(uid_t ruid, uid_t euid, uid_t suid);
+#endif
+#if (defined(USE_SETRESUID) && !defined(HAVE_SETRESGID_DECL))
+int setresgid(gid_t rgid, gid_t egid, gid_t sgid);
+#endif
+#ifndef HAVE_VASPRINTF_DECL
+int vasprintf(char **ptr, const char *format, va_list ap);
 #endif
 
-#ifndef WAIT3_CAST1
-#define WAIT3_CAST1 (int *)
+#if !defined(HAVE_BZERO) && defined(HAVE_MEMSET)
+#define bzero(a,b) memset((a),'\0',(b))
 #endif
 
-#ifndef QSORT_CAST
-#define QSORT_CAST (int (*)())
+#ifdef REPLACE_GETPASS
+#define getpass(prompt) getsmbpass((prompt))
 #endif
 
-/* this is a rough check to see if this machine has a lstat() call.
-   it is not guaranteed to work */
-#if !(defined(S_ISLNK) || defined(S_IFLNK))
-#define lstat stat
+/*
+ * Some older systems seem not to have MAXHOSTNAMELEN
+ * defined.
+ */
+#ifndef MAXHOSTNAMELEN
+#define MAXHOSTNAMELEN 254
 #endif
 
-/* Not all systems declare ERRNO in errno.h... and some systems #define it! */
-#ifndef errno
-extern int errno;
-#endif 
+/* yuck, I'd like a better way of doing this */
+#define DIRP_SIZE (256 + 32)
 
+/*
+ * glibc on linux doesn't seem to have MSG_WAITALL
+ * defined. I think the kernel has it though..
+ */
 
-#ifdef NO_EID
-#define geteuid() getuid()
-#define getegid() getgid()
-#define seteuid(x) setuid(x)
-#define setegid(x) setgid(x)
+#ifndef MSG_WAITALL
+#define MSG_WAITALL 0
 #endif
 
+/* default socket options. Dave Miller thinks we should default to TCP_NODELAY
+   given the socket IO pattern that Samba uses */
+#ifdef TCP_NODELAY
+#define DEFAULT_SOCKET_OPTIONS "TCP_NODELAY"
+#else
+#define DEFAULT_SOCKET_OPTIONS ""
+#endif
 
-#if (HAVE_FCNTL_LOCK == 0)
-/* since there is no locking available, system includes  */
-/* for DomainOS 10.4 do not contain any of the following */
-/* #define's. So, to satisfy the compiler, add these     */
-/* #define's, although they arn't really necessary.      */
-#define F_GETLK 0
-#define F_SETLK 0
-#define F_WRLCK 0
-#define F_UNLCK 0
-#endif /* HAVE_FCNTL_LOCK == 0 */
+/* Load header file for libdl stuff */
 
-#ifdef NOSTRCASECMP
-#define strcasecmp(s1,s2) StrCaseCmp(s1,s2)
-#define strncasecmp(s1,s2,n) StrnCaseCmp(s1,s2,n)
+#ifdef HAVE_LIBDL
+#include <dlfcn.h>
 #endif
 
-#ifndef strcpy
-#define strcpy(dest,src) StrCpy(dest,src)
+/* dmalloc -- free heap debugger (dmalloc.org).  This should be near
+ * the *bottom* of include files so as not to conflict. */
+#ifdef ENABLE_DMALLOC
+#  include <dmalloc.h>
 #endif
 
 
-/* possibly wrap the malloc calls */
-#if WRAP_MALLOC
+/* Some POSIX definitions for those without */
+ 
+#ifndef S_IFDIR
+#define S_IFDIR         0x4000
+#endif
+#ifndef S_ISDIR
+#define S_ISDIR(mode)   ((mode & 0xF000) == S_IFDIR)
+#endif
+#ifndef S_IRWXU
+#define S_IRWXU 00700           /* read, write, execute: owner */
+#endif
+#ifndef S_IRUSR
+#define S_IRUSR 00400           /* read permission: owner */
+#endif
+#ifndef S_IWUSR
+#define S_IWUSR 00200           /* write permission: owner */
+#endif
+#ifndef S_IXUSR
+#define S_IXUSR 00100           /* execute permission: owner */
+#endif
+#ifndef S_IRWXG
+#define S_IRWXG 00070           /* read, write, execute: group */
+#endif
+#ifndef S_IRGRP
+#define S_IRGRP 00040           /* read permission: group */
+#endif
+#ifndef S_IWGRP
+#define S_IWGRP 00020           /* write permission: group */
+#endif
+#ifndef S_IXGRP
+#define S_IXGRP 00010           /* execute permission: group */
+#endif
+#ifndef S_IRWXO
+#define S_IRWXO 00007           /* read, write, execute: other */
+#endif
+#ifndef S_IROTH
+#define S_IROTH 00004           /* read permission: other */
+#endif
+#ifndef S_IWOTH
+#define S_IWOTH 00002           /* write permission: other */
+#endif
+#ifndef S_IXOTH
+#define S_IXOTH 00001           /* execute permission: other */
+#endif
+
+/* For sys_adminlog(). */
+#ifndef LOG_EMERG
+#define LOG_EMERG       0       /* system is unusable */
+#endif
+
+#ifndef LOG_ALERT
+#define LOG_ALERT       1       /* action must be taken immediately */
+#endif
+
+#ifndef LOG_CRIT
+#define LOG_CRIT        2       /* critical conditions */
+#endif
+
+#ifndef LOG_ERR
+#define LOG_ERR         3       /* error conditions */
+#endif
+
+#ifndef LOG_WARNING
+#define LOG_WARNING     4       /* warning conditions */
+#endif
+
+#ifndef LOG_NOTICE
+#define LOG_NOTICE      5       /* normal but significant condition */
+#endif
 
-/* undo the old malloc def if necessary */
-#ifdef malloc
-#define xx_old_malloc malloc
-#undef malloc
+#ifndef LOG_INFO
+#define LOG_INFO        6       /* informational */
 #endif
 
-#define malloc(size) malloc_wrapped(size,__FILE__,__LINE__)
+#ifndef LOG_DEBUG
+#define LOG_DEBUG       7       /* debug-level messages */
+#endif
 
-/* undo the old realloc def if necessary */
-#ifdef realloc
-#define xx_old_realloc realloc
-#undef realloc
+/* NetBSD doesn't have these */
+#ifndef SHM_R
+#define SHM_R 0400
 #endif
 
-#define realloc(ptr,size) realloc_wrapped(ptr,size,__FILE__,__LINE__)
+#ifndef SHM_W
+#define SHM_W 0200
+#endif
 
-/* undo the old free def if necessary */
-#ifdef free
-#define xx_old_free free
-#undef free
+#if HAVE_KERNEL_SHARE_MODES
+#ifndef LOCK_MAND 
+#define LOCK_MAND	32	/* This is a mandatory flock */
+#define LOCK_READ	64	/* ... Which allows concurrent read operations */
+#define LOCK_WRITE	128	/* ... Which allows concurrent write operations */
+#define LOCK_RW		192	/* ... Which allows concurrent read & write ops */
+#endif
 #endif
 
-#define free(ptr) free_wrapped(ptr,__FILE__,__LINE__)
+extern int DEBUGLEVEL;
+
+#define MAX_SEC_CTX_DEPTH 8    /* Maximum number of security contexts */
+
+
+#ifdef GLIBC_HACK_FCNTL64
+/* this is a gross hack. 64 bit locking is completely screwed up on
+   i386 Linux in glibc 2.1.95 (which ships with RedHat 7.0). This hack
+   "fixes" the problem with the current 2.4.0test kernels 
+*/
+#define fcntl fcntl64
+#undef F_SETLKW 
+#undef F_SETLK 
+#define F_SETLK 13
+#define F_SETLKW 14
+#endif
 
-/* and the malloc prototypes */
-void *malloc_wrapped(int,char *,int);
-void *realloc_wrapped(void *,int,char *,int);
-void free_wrapped(void *,char *,int);
 
+/* Needed for sys_dlopen/sys_dlsym/sys_dlclose */
+#ifndef RTLD_GLOBAL
+#define RTLD_GLOBAL 0
 #endif
 
+#ifndef RTLD_LAZY
+#define RTLD_LAZY 0
+#endif
 
-#if WRAP_MEMCPY
-/* undo the old memcpy def if necessary */
-#ifdef memcpy
-#define xx_old_memcpy memcpy
-#undef memcpy
+#ifndef RTLD_NOW
+#define RTLD_NOW 0
 #endif
 
-#define memcpy(d,s,l) memcpy_wrapped(d,s,l,__FILE__,__LINE__)
-void *memcpy_wrapped(void *d,void *s,int l,char *fname,int line);
+/* needed for some systems without iconv. Doesn't really matter
+   what error code we use */
+#ifndef EILSEQ
+#define EILSEQ EIO
 #endif
 
+/* add varargs prototypes with printf checking */
+int fdprintf(int , const char *, ...) PRINTF_ATTRIBUTE(2,3);
+int d_printf(const char *, ...) PRINTF_ATTRIBUTE(1,2);
+int d_fprintf(FILE *f, const char *, ...) PRINTF_ATTRIBUTE(2,3);
+#ifndef HAVE_SNPRINTF_DECL
+int snprintf(char *,size_t ,const char *, ...) PRINTF_ATTRIBUTE(3,4);
+#endif
+#ifndef HAVE_ASPRINTF_DECL
+int asprintf(char **,const char *, ...) PRINTF_ATTRIBUTE(2,3);
 #endif
+
+/* we used to use these fns, but now we have good replacements
+   for snprintf and vsnprintf */
+#define slprintf snprintf
+#define vslprintf vsnprintf
+
+#endif /* _INCLUDES_H */
+
diff --git a/source3/include/interfaces.h b/source3/include/interfaces.h
new file mode 100644
index 0000000000..3b786f1ebc
--- /dev/null
+++ b/source3/include/interfaces.h
@@ -0,0 +1,12 @@
+/* 
+   This structure is used by lib/interfaces.c to return the list of network
+   interfaces on the machine
+*/
+
+#define MAX_INTERFACES 128
+
+struct iface_struct {
+	char name[16];
+	struct in_addr ip;
+	struct in_addr netmask;
+};
diff --git a/source3/include/intl.h b/source3/include/intl.h
new file mode 100644
index 0000000000..5b56d9aa2c
--- /dev/null
+++ b/source3/include/intl.h
@@ -0,0 +1,24 @@
+/* 
+   Unix SMB/CIFS implementation.
+   internationalisation headers
+   Copyright (C) Andrew Tridgell              2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+
+/* ideally we would have a static mapping, but that precludes
+   dynamic loading. This is a reasonable compromise */
+#define _(x) lang_msg_rotate(x)
diff --git a/source3/include/kanji.h b/source3/include/kanji.h
deleted file mode 100644
index 4f18305c63..0000000000
--- a/source3/include/kanji.h
+++ /dev/null
@@ -1,130 +0,0 @@
-/* 
-   Unix SMB/Netbios implementation.
-   Version 1.9.
-   Kanji Extensions
-   Copyright (C) Andrew Tridgell 1992-1994
-   
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2 of the License, or
-   (at your option) any later version.
-   
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-   
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-
-   Adding for Japanese language by <fujita@ainix.isac.co.jp> 1994.9.5
-     and extend coding system to EUC/SJIS/JIS/HEX at 1994.10.11
-     and add all jis codes sequence at 1995.8.16
-     Notes: Hexadecimal code by <ohki@gssm.otuka.tsukuba.ac.jp>
-*/
-#ifndef _KANJI_H_
-#define _KANJI_H_
-
-#ifdef KANJI
-
-/* FOR SHIFT JIS CODE */
-#define is_shift_jis(c) \
-    ((0x81 <= ((unsigned char) (c)) && ((unsigned char) (c)) <= 0x9f) \
-     || (0xe0 <= ((unsigned char) (c)) && ((unsigned char) (c)) <= 0xef))
-#define is_shift_jis2(c) \
-    (0x40 <= ((unsigned char) (c)) && ((unsigned char) (c)) <= 0xfc \
-    && ((unsigned char) (c)) != 0x7f)
-#define is_kana(c) ((0xa0 <= ((unsigned char) (c)) && ((unsigned char) (c)) <= 0xdf))
-
-#ifdef _KANJI_C_
-/* FOR EUC CODE */
-#define euc_kana (0x8e)
-#define is_euc_kana(c) (((unsigned char) (c)) == euc_kana)
-#define is_euc(c)  (0xa0 < ((unsigned char) (c)) && ((unsigned char) (c)) < 0xff)
-
-/* FOR JIS CODE */
-/* default jis third shift code, use for output */
-#ifndef JIS_KSO
-#define JIS_KSO 'B'
-#endif
-#ifndef JIS_KSI
-#define JIS_KSI 'J'
-#endif
-/* in: \E$B or \E$@ */
-/* out: \E(J or \E(B or \E(H */
-#define jis_esc (0x1b)
-#define jis_so (0x0e)
-#define jis_so1 ('$')
-#define jis_so2 ('B')
-#define jis_si (0x0f)
-#define jis_si1 ('(')
-#define jis_si2 ('J')
-#define is_esc(c) (((unsigned char) (c)) == jis_esc)
-#define is_so1(c) (((unsigned char) (c)) == jis_so1)
-#define is_so2(c) (((unsigned char) (c)) == jis_so2 || ((unsigned char) (c)) == '@')
-#define is_si1(c) (((unsigned char) (c)) == jis_si1)
-#define is_si2(c) (((unsigned char) (c)) == jis_si2 || ((unsigned char) (c)) == 'B' \
-    || ((unsigned char) (c)) == 'H')
-#define is_so(c) (((unsigned char) (c)) == jis_so)
-#define is_si(c) (((unsigned char) (c)) == jis_si)
-#define junet_kana1 ('(')
-#define junet_kana2 ('I')
-#define is_juk1(c) (((unsigned char) (c)) == junet_kana1)
-#define is_juk2(c) (((unsigned char) (c)) == junet_kana2)
-
-#define _KJ_ROMAN (0)
-#define _KJ_KANJI (1)
-#define _KJ_KANA (2)
-
-/* FOR HEX */
-#define HEXTAG ':'
-#define hex2bin(x)						      \
-    ( ((int) '0' <= ((int) (x)) && ((int) (x)) <= (int)'9')?	      \
-        (((int) (x))-(int)'0'):					      \
-      ((int) 'a'<= ((int) (x)) && ((int) (x))<= (int) 'f')?	      \
-        (((int) (x)) - (int)'a'+10):				      \
-      (((int) (x)) - (int)'A'+10) )
-#define bin2hex(x)						      \
-    ( (((int) (x)) >= 10)? (((int) (x))-10 + (int) 'a'): (((int) (x)) + (int) '0') )
-
-#else /* not _KANJI_C_ */
-
-extern char* (*_dos_to_unix) (const char *str, BOOL overwrite);
-extern char* (*_unix_to_dos) (const char *str, BOOL overwrite);
-
-#define unix_to_dos (*_unix_to_dos)
-#define dos_to_unix (*_dos_to_unix)
-
-extern char *sj_strtok (char *s1, const char *s2);
-extern char *sj_strchr (const char *s, int c);
-extern char *sj_strrchr (const char *s, int c);
-extern char *sj_strstr (const char *s1, const char *s2);
-
-#define strchr sj_strchr
-#define strrchr sj_strrchr
-#define strstr sj_strstr
-#define strtok sj_strtok
-
-#endif /* _KANJI_C_ */
-
-#define UNKNOWN_CODE (-1)
-#define SJIS_CODE (0)
-#define EUC_CODE (1)
-#define JIS7_CODE (2)
-#define JIS8_CODE (3)
-#define JUNET_CODE (4)
-#define HEX_CODE (5)
-#define CAP_CODE (6)
-#define DOSV_CODE SJIS_CODE
-
-int interpret_coding_system (char *str, int def);
-
-#else 
-
-#define unix_to_dos(x,y) (x)
-#define dos_to_unix(x,y) (x)
-
-#endif /* not KANJI */
-
-#endif /* _KANJI_H_ */
diff --git a/source3/include/libsmbclient.h b/source3/include/libsmbclient.h
new file mode 100644
index 0000000000..e343b876d3
--- /dev/null
+++ b/source3/include/libsmbclient.h
@@ -0,0 +1,790 @@
+/*=====================================================================
+  Unix SMB/CIFS implementation.
+  SMB client library API definitions
+  Copyright (C) Andrew Tridgell 1998
+  Copyright (C) Richard Sharpe 2000
+  Copyright (C) John Terpsra 2000
+   
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 2 of the License, or
+  (at your option) any later version.
+   
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+   
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+  =====================================================================*/
+
+#ifndef SMBCLIENT_H_INCLUDED
+#define SMBCLIENT_H_INCLUDED
+
+/*-------------------------------------------------------------------*/
+/* The following are special comments to instruct DOXYGEN (automated 
+ * documentation tool:
+*/
+/** \defgroup libsmbclient
+*/
+/** \defgroup structure Data Structures Type and Constants
+*   \ingroup libsmbclient
+*   Data structures, types, and constants
+*/
+/** \defgroup file File Functions
+*   \ingroup libsmbclient
+*   Functions used to access individual file contents
+*/
+/** \defgroup directory Directory Functions
+*   \ingroup libsmbclient
+*   Functions used to access directory entries
+*/
+/** \defgroup attribute Attributes Functions
+*   \ingroup libsmbclient
+*   Functions used to view or change file and directory attributes
+*/
+/** \defgroup print Print Functions
+*   \ingroup libsmbclient
+*   Functions used to access printing functionality
+*/
+/** \defgroup attribute Miscellaneous Functions
+*   \ingroup libsmbclient
+*   Functions that don't fit in to other categories
+*/
+/*-------------------------------------------------------------------*/   
+
+/* Make sure we have the following includes for now ... */
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
+#define SMBC_MAX_NAME       1023
+#define SMBC_WORKGROUP      1
+#define SMBC_SERVER         2
+#define SMBC_FILE_SHARE     3
+#define SMBC_PRINTER_SHARE  4
+#define SMBC_COMMS_SHARE    5
+#define SMBC_IPC_SHARE      6
+#define SMBC_DIR            7
+#define SMBC_FILE           8
+#define SMBC_LINK           9
+
+#define SMBC_FILE_MODE (S_IFREG | 0444)
+#define SMBC_DIR_MODE  (S_IFDIR | 0555)
+
+#define SMBC_MAX_FD         10000
+
+
+/**@ingroup structure
+ * Structure that represents a directory entry.
+ *
+ */
+struct smbc_dirent 
+{
+	/** Type of entity.
+	    SMBC_WORKGROUP=1,
+	    SMBC_SERVER=2, 
+	    SMBC_FILE_SHARE=3,
+	    SMBC_PRINTER_SHARE=4,
+	    SMBC_COMMS_SHARE=5,
+	    SMBC_IPC_SHARE=6,
+	    SMBC_DIR=7,
+	    SMBC_FILE=8,
+	    SMBC_LINK=9,*/ 
+	uint smbc_type; 
+
+	/** Length of this smbc_dirent in bytes
+	 */
+	uint dirlen;
+	/** The length of the comment string in bytes (includes null 
+	 *  terminator)
+	 */
+	uint commentlen;
+	/** Points to the null terminated comment string 
+	 */
+	char *comment;
+	/** The length of the name string in bytes (includes null 
+	 *  terminator)
+	 */
+	uint namelen;
+	/** Points to the null terminated name string 
+	 */
+	char name[1];
+};
+
+
+#ifndef _CLIENT_H
+typedef unsigned short uint16;
+
+/**@ingroup structure
+ * Structure that represents a print job.
+ *
+ */
+struct print_job_info 
+{
+	/** numeric ID of the print job
+	 */
+	uint16 id;
+    
+	/** represents print job priority (lower numbers mean higher priority)
+	 */
+	uint16 priority;
+    
+	/** Size of the print job
+	 */
+	size_t size;
+    
+	/** Name of the user that owns the print job
+	 */
+	char user[128];
+  
+	/** Name of the print job. This will have no name if an anonymous print
+	 *  file was opened. Ie smb://server/printer
+	 */
+	char name[128];
+
+	/** Time the print job was spooled
+	 */
+	time_t t;
+};
+#endif
+
+
+/**@ingroup structure
+ * Authentication callback function type.
+ * 
+ * Type for the the authentication function called by the library to
+ * obtain authentication credentals
+ *
+ * @param srv       Server being authenticated to
+ *
+ * @param shr       Share being authenticated to
+ *
+ * @param wg        Pointer to buffer containing a "hint" for the
+ *                  workgroup to be authenticated.  Should be filled in
+ *                  with the correct workgroup if the hint is wrong.
+ * 
+ * @param wglen     The size of the workgroup buffer in bytes
+ *
+ * @param un        Pointer to buffer containing a "hint" for the
+ *                  user name to be use for authentication. Should be
+ *                  filled in with the correct workgroup if the hint is
+ *                  wrong.
+ * 
+ * @param unlen     The size of the username buffer in bytes
+ *
+ * @param pw        Pointer to buffer containing to which password 
+ *                  copied
+ * 
+ * @param pwlen     The size of the password buffer in bytes
+ *           
+ */
+typedef void (*smbc_get_auth_data_fn)(const char *srv, 
+                                      const char *shr,
+                                      char *wg, int wglen, 
+                                      char *un, int unlen,
+                                      char *pw, int pwlen);
+
+
+/**@ingroup structure
+ * Print job info callback function type.
+ *
+ * @param i         pointer to print job information structure
+ *
+ */ 
+typedef void (*smbc_get_print_job_info)(struct print_job_info *i);
+
+
+/**@ingroup misc
+ * Initialize the samba client library.
+ *
+ * Must be called before using any of the smbclient API function
+ *  
+ * @param fn        The function that will be called to obtaion 
+ *                  authentication credentials.
+ *
+ * @param debug     Allows caller to set the debug level. Can be
+ *                  changed in smb.conf file. Allows caller to set
+ *                  debugging if no smb.conf.
+ *   
+ * @return          0 on success, < 0 on error with errno set:
+ *                  - ENOMEM Out of memory
+ *                  - ENOENT The smb.conf file would not load
+ *
+ */
+int smbc_init(smbc_get_auth_data_fn fn, int debug);
+
+
+/**@ingroup file
+ * Open a file on an SMB server.
+ *
+ * @param furl      The smb url of the file to be opened. 
+ *
+ * @param flags     Is one of O_RDONLY, O_WRONLY or O_RDWR which 
+ *                  request opening  the  file  read-only,write-only
+ *                  or read/write. flags may also be bitwise-or'd with
+ *                  one or  more of  the following: 
+ *                  O_CREAT - If the file does not exist it will be 
+ *                  created.
+ *                  O_EXCL - When  used with O_CREAT, if the file 
+ *                  already exists it is an error and the open will 
+ *                  fail. 
+ *                  O_TRUNC - If the file already exists it will be
+ *                  truncated.
+ *                  O_APPEND The  file  is  opened  in  append mode 
+ *
+ * @param mode      mode specifies the permissions to use if a new 
+ *                  file is created.  It  is  modified  by  the 
+ *                  process's umask in the usual way: the permissions
+ *                  of the created file are (mode & ~umask) 
+ *
+ *                  Not currently use, but there for future use.
+ *                  We will map this to SYSTEM, HIDDEN, etc bits
+ *                  that reverses the mapping that smbc_fstat does.
+ *
+ * @return          Valid file handle, < 0 on error with errno set:
+ *                  - ENOMEM  Out of memory
+ *                  - EINVAL if an invalid parameter passed, like no 
+ *                  file, or smbc_init not called.
+ *                  - EEXIST  pathname already exists and O_CREAT and 
+ *                  O_EXCL were used.
+ *                  - EISDIR  pathname  refers  to  a  directory  and  
+ *                  the access requested involved writing.
+ *                  - EACCES  The requested access to the file is not 
+ *                  allowed 
+ *                  - ENODEV The requested share does not exist
+ *                  - ENOTDIR A file on the path is not a directory
+ *                  - ENOENT  A directory component in pathname does 
+ *                  not exist.
+ *
+ * @see             smbc_creat()
+ *
+ * @note            This call uses an underlying routine that may create
+ *                  a new connection to the server specified in the URL.
+ *                  If the credentials supplied in the URL, or via the
+ *                  auth_fn in the smbc_init call, fail, this call will
+ *                  try again with an empty username and password. This 
+ *                  often gets mapped to the guest account on some machines.
+ */
+int smbc_open(const char *furl, int flags, mode_t mode);
+
+
+/**@ingroup file
+ * Create a file on an SMB server.
+ *
+ * Same as calling smbc_open() with flags = O_CREAT|O_WRONLY|O_TRUNC 
+ *   
+ * @param furl      The smb url of the file to be created
+ *  
+ * @param mode      mode specifies the permissions to use if  a  new  
+ *                  file is created.  It  is  modified  by  the 
+ *                  process's umask in the usual way: the permissions
+ *                  of the created file are (mode & ~umask)
+ *
+ *                  NOTE, the above is not true. We are dealing with 
+ *                  an SMB server, which has no concept of a umask!
+ *      
+ * @return          Valid file handle, < 0 on error with errno set:
+ *                  - ENOMEM  Out of memory
+ *                  - EINVAL if an invalid parameter passed, like no 
+ *                  file, or smbc_init not called.
+ *                  - EEXIST  pathname already exists and O_CREAT and
+ *                  O_EXCL were used.
+ *                  - EISDIR  pathname  refers  to  a  directory  and
+ *                  the access requested involved writing.
+ *                  - EACCES  The requested access to the file is not
+ *                  allowed 
+ *                  - ENOENT  A directory component in pathname does 
+ *                  not exist.
+ *                  - ENODEV The requested share does not exist.
+ * @see             smbc_open()
+ *
+ */
+int smbc_creat(const char *furl, mode_t mode);
+
+
+/**@ingroup file
+ * Read from a file using an opened file handle.
+ *
+ * @param fd        Open file handle from smbc_open() or smbc_creat()
+ *
+ * @param buf       Pointer to buffer to recieve read data
+ *
+ * @param bufsize   Size of buf in bytes
+ *
+ * @return          Number of bytes read, < 0 on error with errno set:
+ *                  - EISDIR fd refers to a directory
+ *                  - EBADF  fd  is  not  a valid file descriptor or 
+ *                  is not open for reading.
+ *                  - EINVAL fd is attached to an object which is 
+ *                  unsuitable for reading, or no buffer passed or
+ *		    smbc_init not called.
+ *
+ * @see             smbc_open(), smbc_write()
+ *
+ */
+ssize_t smbc_read(int fd, void *buf, size_t bufsize);
+
+
+/**@ingroup file
+ * Write to a file using an opened file handle.
+ *
+ * @param fd        Open file handle from smbc_open() or smbc_creat()
+ *
+ * @param buf       Pointer to buffer to recieve read data
+ *
+ * @param bufsize   Size of buf in bytes
+ *
+ * @return          Number of bytes written, < 0 on error with errno set:
+ *                  - EISDIR fd refers to a directory.
+ *                  - EBADF  fd  is  not  a valid file descriptor or 
+ *                  is not open for reading.
+ *                  - EINVAL fd is attached to an object which is 
+ *                  unsuitable for reading, or no buffer passed or
+ *		    smbc_init not called.
+ *
+ * @see             smbc_open(), smbc_read()
+ *
+ */
+ssize_t smbc_write(int fd, void *buf, size_t bufsize);
+
+
+/**@ingroup file
+ * Seek to a specific location in a file.
+ *
+ * @param fd        Open file handle from smbc_open() or smbc_creat()
+ * 
+ * @param offset    Offset in bytes from whence
+ * 
+ * @param whence    A location in the file:
+ *                  - SEEK_SET The offset is set to offset bytes from
+ *                  the beginning of the file
+ *                  - SEEK_CUR The offset is set to current location 
+ *                  plus offset bytes.
+ *                  - SEEK_END The offset is set to the size of the 
+ *                  file plus offset bytes.
+ *
+ * @return          Upon successful completion, lseek returns the 
+ *                  resulting offset location as measured in bytes 
+ *                  from the beginning  of the file. Otherwise, a value
+ *                  of (off_t)-1 is returned and errno is set to 
+ *                  indicate the error:
+ *                  - EBADF  Fildes is not an open file descriptor.
+ *                  - EINVAL Whence is not a proper value or smbc_init
+ *		      not called.
+ *
+ * @todo Are all the whence values really supported?
+ * 
+ * @todo Are errno values complete and correct?
+ */
+off_t smbc_lseek(int fd, off_t offset, int whence);
+
+
+/**@ingroup file
+ * Close an open file handle.
+ *
+ * @param fd        The file handle to close
+ *
+ * @return          0 on success, < 0 on error with errno set:
+ *                  - EBADF  fd isn't a valid open file descriptor
+ *                  - EINVAL smbc_init() failed or has not been called
+ *
+ * @see             smbc_open(), smbc_creat()
+ */
+int smbc_close(int fd);
+
+
+/**@ingroup directory
+ * Unlink (delete) a file or directory.
+ *
+ * @param furl      The smb url of the file to delete
+ *
+ * @return          0 on success, < 0 on error with errno set:
+ *                  - EACCES or EPERM Write  access  to the directory 
+ *                  containing pathname is not allowed or one  
+ *                  of  the  directories in pathname did not allow
+ *                  search (execute) permission
+ *                  - ENOENT A directory component in pathname does
+ *                  not exist
+ *                  - EINVAL NULL was passed in the file param or
+ *		      smbc_init not called.
+ *                  - EACCES You do not have access to the file
+ *                  - ENOMEM Insufficient kernel memory was available
+ *
+ * @see             smbc_rmdir()s
+ *
+ * @todo Are errno values complete and correct?
+ */
+int smbc_unlink(const char *furl);
+
+
+/**@ingroup directory
+ * Rename or move a file or directory.
+ * 
+ * @param ourl      The original smb url (source url) of file or 
+ *                  directory to be moved
+ * 
+ * @param nurl      The new smb url (destination url) of the file
+ *                  or directory after the move.  Currently nurl must
+ *                  be on the same share as ourl.
+ *
+ * @return          0 on success, < 0 on error with errno set:
+ *                  - EISDIR nurl is an existing directory, but ourl is
+ *                  not a directory.
+ *                  - EEXIST nurl is  a  non-empty directory, 
+ *                  i.e., contains entries other than "." and ".."
+ *                  - EINVAL The  new  url  contained  a path prefix 
+ *                  of the old, or, more generally, an  attempt was
+ *                  made  to make a directory a subdirectory of itself
+ *		    or smbc_init not called.
+ *                  - ENOTDIR A component used as a directory in ourl 
+ *                  or nurl path is not, in fact, a directory.  Or, 
+ *                  ourl  is a directory, and newpath exists but is not
+ *                  a directory.
+ *                  - EACCES or EPERM Write access to the directory 
+ *                  containing ourl or nurl is not allowed for the 
+ *                  process's effective uid,  or  one of the 
+ *                  directories in ourl or nurl did not allow search
+ *                  (execute) permission,  or ourl  was  a  directory
+ *                  and did not allow write permission.
+ *                  - ENOENT A  directory component in ourl or nurl 
+ *                  does not exist.
+ *                  - EXDEV Rename across shares not supported.
+ *                  - ENOMEM Insufficient kernel memory was available.
+ *                  - EEXIST The target file, nurl, already exists.
+ *
+ *
+ * @todo Are we going to support copying when urls are not on the same
+ *       share?  I say no... NOTE. I agree for the moment.
+ *
+ */
+int smbc_rename(const char *ourl, const char *nurl);
+
+
+/**@ingroup directory
+ * Open a directory used to obtain directory entries.
+ *
+ * @param durl      The smb url of the directory to open
+ *
+ * @return          Valid directory handle. < 0 on error with errno set:
+ *                  - EACCES Permission denied.
+ *                  - EINVAL A NULL file/URL was passed, or the URL would
+ *                  not parse, or was of incorrect form or smbc_init not
+ *                  called.
+ *                  - ENOENT durl does not exist, or name is an 
+ *                  - ENOMEM Insufficient memory to complete the 
+ *                  operation.                              
+ *                  - ENOTDIR name is not a directory.
+ *                  - EPERM the workgroup could not be found.
+ *                  - ENODEV the workgroup or server could not be found.
+ *
+ * @see             smbc_getdents(), smbc_readdir(), smbc_closedir()
+ *
+ */
+int smbc_opendir(const char *durl);
+
+
+/**@ingroup directory
+ * Close a directory handle opened by smbc_opendir().
+ *
+ * @param dh        Directory handle to close
+ *
+ * @return          0 on success, < 0 on error with errno set:
+ *                  - EBADF dh is an invalid directory handle
+ *
+ * @see             smbc_opendir()
+ */
+int smbc_closedir(int dh);
+
+
+/**@ingroup directory
+ * Get multiple directory entries.
+ *
+ * smbc_getdents() reads as many dirent structures from the an open 
+ * directory handle into a specified memory area as will fit.
+ *
+ * @param dh        Valid directory as returned by smbc_opendir()
+ *
+ * @param dirp      pointer to buffer that will receive the directory
+ *                  entries.
+ * 
+ * @param count     The size of the dirp buffer in bytes
+ *
+ * @returns         If any dirents returned, return will indicate the
+ *                  total size. If there were no more dirents available,
+ *                  0 is returned. < 0 indicates an error.
+ *                  - EBADF  Invalid directory handle
+ *                  - EINVAL Result buffer is too small or smbc_init
+ *		    not called.
+ *                  - ENOENT No such directory.
+ * @see             , smbc_dirent, smbc_readdir(), smbc_open()
+ *
+ * @todo Are errno values complete and correct?
+ *
+ * @todo Add example code so people know how to parse buffers.
+ */
+int smbc_getdents(unsigned int dh, struct smbc_dirent *dirp, int count);
+
+
+/**@ingroup directory
+ * Get a single directory entry.
+ *
+ * @param dh        Valid directory as returned by smbc_opendir()
+ *
+ * @return          A pointer to a smbc_dirent structure, or NULL if an
+ *                  error occurs or end-of-directory is reached:
+ *                  - EBADF Invalid directory handle
+ *                  - EINVAL smbc_init() failed or has not been called
+ *
+ * @see             smbc_dirent, smbc_getdents(), smbc_open()
+ */
+struct smbc_dirent* smbc_readdir(unsigned int dh);
+
+
+/**@ingroup directory
+ * Get the current directory offset.
+ *
+ * smbc_telldir() may be used in conjunction with smbc_readdir() and
+ * smbc_lseekdir().
+ *
+ * @param dh        Valid directory as returned by smbc_opendir()
+ *
+ * @return          The current location in the directory stream or -1
+ *                  if an error occur.  The current location is not
+ *                  an offset. Becuase of the implementation, it is a 
+ *                  handle that allows the library to find the entry
+ *                  later.
+ *                  - EBADF dh is not a valid directory handle
+ *                  - EINVAL smbc_init() failed or has not been called
+ *                  - ENOTDIR if dh is not a directory
+ *
+ * @see             smbc_readdir()
+ *
+ */
+off_t smbc_telldir(int dh);
+
+
+/**@ingroup directory
+ * lseek on directories.
+ *
+ * smbc_lseekdir() may be used in conjunction with smbc_readdir() and
+ * smbc_telldir(). (rewind by smbc_lseekdir(fd, NULL))
+ *
+ * @param fd        Valid directory as returned by smbc_opendir()
+ * 
+ * @param offset    The offset (as returned by smbc_telldir). Can be
+ *                  NULL, in which case we will rewind
+ *
+ * @return          0 on success, -1 on failure
+ *                  - EBADF dh is not a valid directory handle
+ *                  - ENOTDIR if dh is not a directory
+ *                  - EINVAL offset did not refer to a valid dirent or
+ *		      smbc_init not called.
+ *
+ * @see             smbc_telldir()
+ *
+ *
+ * @todo In what does the reture and errno values mean?
+ */
+int smbc_lseekdir(int fd, off_t offset);
+
+/**@ingroup directory
+ * Create a directory.
+ *
+ * @param durl      The url of the directory to create
+ *
+ * @param mode      Specifies  the  permissions to use. It is modified
+ *                  by the process's umask in the usual way: the 
+ *                  permissions of the created file are (mode & ~umask).
+ * 
+ * @return          0 on success, < 0 on error with errno set:
+ *                  - EEXIST directory url already exists
+ *                  - EACCES The parent directory does not allow write
+ *                  permission to the process, or one of the directories
+ *                  - ENOENT A directory component in pathname does not
+ *                  exist.
+ *                  - EINVAL NULL durl passed or smbc_init not called.
+ *                  - ENOMEM Insufficient memory was available.
+ *
+ * @see             smbc_rmdir()
+ *
+ */
+int smbc_mkdir(const char *durl, mode_t mode);
+
+
+/**@ingroup directory
+ * Remove a directory.
+ * 
+ * @param durl      The smb url of the directory to remove
+ *
+ * @return          0 on success, < 0 on error with errno set:
+ *                  - EACCES or EPERM Write access to the directory
+ *                  containing pathname was not allowed.
+ *                  - EINVAL durl is NULL or smbc_init not called.
+ *                  - ENOENT A directory component in pathname does not
+ *                  exist.
+ *                  - ENOTEMPTY directory contains entries.
+ *                  - ENOMEM Insufficient kernel memory was available.
+ *
+ * @see             smbc_mkdir(), smbc_unlink() 
+ *
+ * @todo Are errno values complete and correct?
+ */
+int smbc_rmdir(const char *durl);
+
+
+/**@ingroup attribute
+ * Get information about a file or directory.
+ *
+ * @param url       The smb url to get information for
+ *
+ * @param st        pointer to a buffer that will be filled with 
+ *                  standard Unix struct stat information.
+ *
+ * @return          0 on success, < 0 on error with errno set:
+ *                  - ENOENT A component of the path file_name does not
+ *                  exist.
+ *                  - EINVAL a NULL url was passed or smbc_init not called.
+ *                  - EACCES Permission denied.
+ *                  - ENOMEM Out of memory
+ *                  - ENOTDIR The target dir, url, is not a directory.
+ *
+ * @see             Unix stat()
+ *
+ */
+int smbc_stat(const char *url, struct stat *st);
+
+
+/**@ingroup attribute
+ * Get file information via an file descriptor.
+ * 
+ * @param fd        Open file handle from smbc_open() or smbc_creat()
+ *
+ * @param st        pointer to a buffer that will be filled with 
+ *                  standard Unix struct stat information.
+ * 
+ * @return          EBADF  filedes is bad.
+ *                  - EACCES Permission denied.
+ *                  - EBADF fd is not a valid file descriptor
+ *                  - EINVAL Problems occurred in the underlying routines
+ *		      or smbc_init not called.
+ *                  - ENOMEM Out of memory
+ *
+ * @see             smbc_stat(), Unix stat()
+ *
+ */
+int smbc_fstat(int fd, struct stat *st);
+
+
+/**@ingroup attribue
+ * Change the ownership of a file or directory.
+ *
+ * @param url       The smb url of the file or directory to change 
+ *                  ownership of.
+ *
+ * @param owner     I have no idea?
+ *
+ * @param group     I have not idea?
+ *
+ * @return          0 on success, < 0 on error with errno set:
+ *                  - EPERM  The effective UID does not match the owner
+ *                  of the file, and is not zero; or the owner or group
+ *                  were specified incorrectly.
+ *                  - ENOENT The file does not exist.
+ *                  - ENOMEM Insufficient was available.
+ *                  - ENOENT file or directory does not exist
+ *
+ * @todo Are we actually going to be able to implement this function
+ *
+ * @todo How do we abstract owner and group uid and gid?
+ *
+ */
+int smbc_chown(const char *url, uid_t owner, gid_t group);
+
+
+/**@ingroup attribute
+ * Change the permissions of a file.
+ *
+ * @param url       The smb url of the file or directory to change
+ *                  permissions of
+ * 
+ * @param mode      The permissions to set:
+ *                  - Put good explaination of permissions here!
+ *
+ * @return          0 on success, < 0 on error with errno set:
+ *                  - EPERM  The effective UID does not match the owner
+ *                  of the file, and is not zero
+ *                  - ENOENT The file does not exist.
+ *                  - ENOMEM Insufficient was available.
+ *                  - ENOENT file or directory does not exist
+ *
+ * @todo Actually implement this fuction?
+ *
+ * @todo Are errno values complete and correct?
+ */
+int smbc_chmod(const char *url, mode_t mode);
+
+
+/**@ingroup print
+ * Print a file given the name in fname. It would be a URL ...
+ * 
+ * @param fname     The URL of a file on a remote SMB server that the
+ *                  caller wants printed
+ *
+ * @param printq    The URL of the print share to print the file to.
+ *
+ * @return          0 on success, < 0 on error with errno set:         
+ *
+ *                  - EINVAL fname or printq was NULL or smbc_init not
+ * 		      not called.
+ *                  and errors returned by smbc_open
+ *
+ */                                     
+int smbc_print_file(const char *fname, const char *printq);
+
+/**@ingroup print
+ * Open a print file that can be written to by other calls. This simply
+ * does an smbc_open call after checking if there is a file name on the
+ * URI. If not, a temporary name is added ...
+ *
+ * @param fname     The URL of the print share to print to?
+ *
+ * @returns         A file handle for the print file if successful.
+ *                  Returns -1 if an error ocurred and errno has the values
+ *                  - EINVAL fname was NULL or smbc_init not called.
+ *                  - all errors returned by smbc_open
+ *
+ */
+int smbc_open_print_job(const char *fname);
+
+/**@ingroup print
+ * List the print jobs on a print share, for the moment, pass a callback 
+ *
+ * @param purl      The url of the print share to list the jobs of
+ * 
+ * @param fn        Callback function the receives printjob info
+ * 
+ * @return          0 on success, < 0 on error with errno set: 
+ *                  - EINVAL fname was NULL or smbc_init not called
+ *                  - EACCES ???
+ */
+int smbc_list_print_jobs(const char *purl, smbc_get_print_job_info fn);
+
+/**@ingroup print
+ * Delete a print job 
+ *
+ * @param purl      Url of the print share
+ *
+ * @param id        The id of the job to delete
+ *
+ * @return          0 on success, < 0 on error with errno set: 
+ *                  - EINVAL fname was NULL or smbc_init not called
+ *
+ * @todo    what errno values are possible here?
+ */
+int smbc_unlink_print_job(const char *purl, int id);
+
+
+#endif /* SMBCLIENT_H_INCLUDED */
diff --git a/source3/include/local.h b/source3/include/local.h
index 2775453e15..1ecd63738e 100644
--- a/source3/include/local.h
+++ b/source3/include/local.h
@@ -1,7 +1,24 @@
+/* Copyright (C) 1995-1998 Samba-Team */
+/* Copyright (C) 1998 John H Terpstra <jht@aquasoft.com.au> */
+
 /* local definitions for file server */
 #ifndef _LOCAL_H
 #define _LOCAL_H
 
+/* The default workgroup - usually overridden in smb.conf */
+#ifndef WORKGROUP
+#define WORKGROUP "WORKGROUP"
+#endif
+
+/* the maximum debug level to compile into the code. This assumes a good 
+   optimising compiler that can remove unused code 
+   for embedded or low-memory systems set this to a value like 2 to get
+   only important messages. This gives *much* smaller binaries
+*/
+#ifndef MAX_DEBUG_LEVEL
+#define MAX_DEBUG_LEVEL 1000
+#endif
+
 /* This defines the section name in the configuration file that will contain */
 /* global parameters - that is, parameters relating to the whole server, not */
 /* just services. This name is then reserved, and may not be used as a       */
@@ -17,57 +34,57 @@
    refer to the special "printers" service */
 #define PRINTERS_NAME "printers"
 
-/* This defines the name of the printcap file. It is MOST UNLIKELY that
-   this will change BUT! Specifying a file with the format of a printcap
-   file but containing only a subset of the printers actually in your real 
-   printcap file is a quick-n-dirty way to allow dynamic access to a subset
-   of available printers.
-*/
-#define PRINTCAP_NAME "/etc/printcap"
-
-/* set these to define the limits of the server. NOTE These are on a
-   per-client basis. Thus any one machine can't connect to more than
-   MAX_CONNECTIONS services, but any number of machines may connect at
-   one time. */
-#define MAX_CONNECTIONS 127
-#define MAX_OPEN_FILES 100
-
-/* the max number of connections that the smbstatus program will show */
-#define MAXSTATUS 1000
+/* Yves Gaige <yvesg@hptnodur.grenoble.hp.com> requested this set this 	     */
+/* to a maximum of 8 if old smb clients break because of long printer names. */
+#define MAXPRINTERLEN 15
 
 /* max number of directories open at once */
 /* note that with the new directory code this no longer requires a
    file handle per directory, but large numbers do use more memory */
-#define MAXDIR 64
+#define MAX_OPEN_DIRECTORIES 256
+
+/* max number of directory handles */
+/* As this now uses the bitmap code this can be
+   quite large. */
+#define MAX_DIRECTORY_HANDLES 2048
+
+/* maximum number of file caches per smbd */
+#define MAX_WRITE_CACHES 10
+
+/* define what facility to use for syslog */
+#ifndef SYSLOG_FACILITY
+#define SYSLOG_FACILITY LOG_DAEMON
+#endif
+
+/* 
+ * Default number of maximum open files per smbd. This is
+ * also limited by the maximum available file descriptors
+ * per process and can also be set in smb.conf as "max open files"
+ * in the [global] section.
+ */
+
+#ifndef MAX_OPEN_FILES
+#define MAX_OPEN_FILES 10000
+#endif
+ 
+/* the max number of simultanous connections to the server by all clients */
+/* zero means no limit. */
+#define MAXSTATUS 0
 
 #define WORDMAX 0xFFFF
 
+/* the maximum password length before we declare a likely attack */
+#define MAX_PASS_LEN 200
 
 /* separators for lists */
 #define LIST_SEP " \t,;:\n\r"
 
-#ifndef LOCKDIR
-#define LOCKDIR "/tmp/samba"
-#endif
+/* wchar separators for lists */
+#define LIST_SEP_W wchar_list_sep
 
 /* this is where browse lists are kept in the lock dir */
 #define SERVER_LIST "browse.dat"
 
-/* the print command on the server, %s is replaced with the filename  */
-/* note that the -r removes the file after printing - you'll run out  */
-/* of disk pretty quickly if you don't. This command is only used as  */
-/* the default - it can be overridden in the configuration file.      */
-#define PRINT_COMMAND "lpr -r %s"
-
-/* the lpq command on the server. the printername is passed as an argument */
-#ifndef LPQ_COMMAND
-#define LPQ_COMMAND "lpq -P"
-#endif
-
-/* shall guest entries in printer queues get changed to user entries,
-   so they can be deleted using the windows print manager? */
-#define LPQ_GUEST_TO_USER
-
 /* shall filenames with illegal chars in them get mangled in long
    filename listings? */
 #define MANGLE_LONG_FILENAMES 
@@ -79,43 +96,18 @@
 /* the size of the directory cache */
 #define DIRCACHESIZE 20
 
-/* what type of filesystem do we want this to show up as in a NT file
-   manager window? */
-#define FSTYPE_STRING "Samba"
-
-/* we have two time standards - local and GMT. This will try to sort them out.
- */
-
-#define LOCAL_TO_GMT 1
-#define GMT_TO_LOCAL (-1)
+/* what default type of filesystem do we want this to show up as in a
+   NT file manager window? */
+#define FSTYPE_STRING "NTFS"
 
-/* do you want smbd to send a 1 byte packet to nmbd to trigger it to start 
-   when smbd starts? */
-#ifndef PRIME_NMBD
-#define PRIME_NMBD 1
+/* the default guest account - normally set in the Makefile or smb.conf */
+#ifndef GUEST_ACCOUNT
+#define GUEST_ACCOUNT "nobody"
 #endif
 
-/* do you want session setups at user level security with a invalid
-   password to be rejected or allowed in as guest? WinNT rejects them
-   but it can be a pain as it means "net view" needs to use a password 
-
-   You have 3 choices:
-
-   GUEST_SESSSETUP = 0 means session setups with an invalid password
-   are rejected.
-
-   GUEST_SESSSETUP = 1 means session setups with an invalid password
-   are rejected, unless the username does not exist, in which case it
-   is treated as a guest login
-
-   GUEST_SESSSETUP = 2 means session setups with an invalid password
-   are treated as a guest login
-
-   Note that GUEST_SESSSETUP only has an effect in user or server
-   level security.
-   */
-#ifndef GUEST_SESSSETUP
-#define GUEST_SESSSETUP 0
+/* user to test password server with as invalid in security=server mode. */
+#ifndef INVALID_USER_PREFIX
+#define INVALID_USER_PREFIX "sambatest"
 #endif
 
 /* the default pager to use for the client "more" command. Users can
@@ -130,18 +122,19 @@
 /* the following control timings of various actions. Don't change 
    them unless you know what you are doing. These are all in seconds */
 #define DEFAULT_SMBD_TIMEOUT (60*60*24*7)
-#define SMBD_RELOAD_CHECK (10)
-#define SHARE_MODES_CHECK (10)
-#define SHARE_MODES_CLEAN (300)
+#define SMBD_RELOAD_CHECK (180)
 #define IDLE_CLOSED_TIMEOUT (60)
 #define DPTR_IDLE_TIMEOUT (120)
-#define SMBD_SELECT_LOOP (10)
+#define SMBD_SELECT_TIMEOUT (60)
+#define SMBD_SELECT_TIMEOUT_WITH_PENDING_LOCKS (10)
 #define NMBD_SELECT_LOOP (10)
 #define BROWSE_INTERVAL (60)
 #define REGISTRATION_INTERVAL (10*60)
 #define NMBD_INETD_TIMEOUT (120)
 #define NMBD_MAX_TTL (24*60*60)
 #define LPQ_LOCK_TIMEOUT (5)
+#define NMBD_INTERFACES_RELOAD (120)
+#define NMBD_UNEXPECTED_TIMEOUT (15)
 
 /* the following are in milliseconds */
 #define LOCK_RETRY_TIMEOUT (100)
@@ -151,17 +144,63 @@
    accessible to root */
 #define DUMP_CORE 1
 
-/* what is the longest significant password available on your system? 
- Knowing this speeds up password searches a lot */
-#ifndef PASSWORD_LENGTH
-#define PASSWORD_LENGTH 8
+/* shall we support browse requests via a FIFO to nmbd? */
+#define ENABLE_FIFO 1
+
+/* how long (in miliseconds) to wait for a socket connect to happen */
+#define LONG_CONNECT_TIMEOUT 30000
+#define SHORT_CONNECT_TIMEOUT 5000
+
+/* the default netbios keepalive timeout */
+#define DEFAULT_KEEPALIVE 300
+
+/* the directory to sit in when idle */
+/* #define IDLE_DIR "/" */
+
+/* Timout (in seconds) to wait for an oplock break
+   message to return from the client. */
+
+#define OPLOCK_BREAK_TIMEOUT 30
+
+/* Timout (in seconds) to add to the oplock break timeout
+   to wait for the smbd to smbd message to return. */
+
+#define OPLOCK_BREAK_TIMEOUT_FUDGEFACTOR 2
+
+/* the read preciction code has been disabled until some problems with
+   it are worked out */
+#define USE_READ_PREDICTION 0
+
+/* name of directory that netatalk uses to store macintosh resource forks */
+#define APPLEDOUBLE ".AppleDouble/"
+
+/*
+ * Default passwd chat script.
+ */
+
+#define DEFAULT_PASSWD_CHAT "*new*password* %n\\n *new*password* %n\\n *changed*"
+
+/* Minimum length of allowed password when changing UNIX password. */
+#define MINPASSWDLENGTH 5
+
+/* maximum ID number used for session control. This cannot be larger
+   than 62*62 for the current code */
+#define MAX_SESSION_ID 3000
+
+#ifndef SESSION_TEMPLATE
+#define SESSION_TEMPLATE "smb/%d"
 #endif
 
-#define SMB_ALIGNMENT 1
+/* the maximum age in seconds of a password. Should be a lp_ parameter */
+#define MAX_PASSWORD_AGE (21*24*60*60)
 
+/* Allocation roundup. */
+#define SMB_ROUNDUP_ALLOCATION_SIZE 0x100000
 
-/* shall we support browse requests via a FIFO to nmbd? */
-#define ENABLE_FIFO 1
+/* shall we deny oplocks to clients that get timeouts? */
+#define FASCIST_OPLOCK_BACKOFF 1
 
+/* this enables the "rabbit pellet" fix for SMBwritebraw */
+#define RABBIT_PELLET_FIX 1
 
 #endif
diff --git a/source3/include/mangle.h b/source3/include/mangle.h
new file mode 100644
index 0000000000..d3218519f8
--- /dev/null
+++ b/source3/include/mangle.h
@@ -0,0 +1,11 @@
+/*
+  header for 8.3 name mangling interface 
+*/
+
+struct mangle_fns {
+	BOOL (*is_mangled)(const char *s);
+	BOOL (*is_8_3)(const char *fname, BOOL check_case);
+	void (*reset)(void);
+	BOOL (*check_cache)(char *s);
+	BOOL (*name_map)(char *OutName, BOOL need83, BOOL cache83);
+};
diff --git a/source3/include/mapping.h b/source3/include/mapping.h
new file mode 100644
index 0000000000..5ef5c19dd2
--- /dev/null
+++ b/source3/include/mapping.h
@@ -0,0 +1,60 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell              1992-2000,
+ *  Copyright (C) Jean François Micouleau      1998-2001.
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#define PRIV_ALL_INDEX		5
+
+#define SE_PRIV_NONE		0x0000
+#define SE_PRIV_ADD_MACHINES	0x0006
+#define SE_PRIV_SEC_PRIV	0x0008
+#define SE_PRIV_TAKE_OWNER	0x0009
+#define SE_PRIV_ADD_USERS	0xff01
+#define SE_PRIV_PRINT_OPERATOR	0xff03
+#define SE_PRIV_ALL		0xffff
+
+#define ENUM_ONLY_MAPPED True
+#define ENUM_ALL_MAPPED False
+
+#define MAPPING_WITH_PRIV True
+#define MAPPING_WITHOUT_PRIV False
+
+#define PR_NONE                0x0000
+#define PR_LOG_ON_LOCALLY      0x0001
+#define PR_ACCESS_FROM_NETWORK 0x0002
+#define PR_LOG_ON_BATCH_JOB    0x0004
+#define PR_LOG_ON_SERVICE      0x0010
+
+
+typedef struct _GROUP_MAP {
+	gid_t gid;
+	DOM_SID sid;
+	enum SID_NAME_USE sid_name_use;
+	fstring nt_name;
+	fstring comment;
+	uint32 systemaccount;
+	PRIVILEGE_SET priv_set;
+} GROUP_MAP;
+
+typedef struct _PRIVS {
+	uint32 se_priv;
+	char *priv;
+	char *description;
+} PRIVS;
+
diff --git a/source3/include/md5.h b/source3/include/md5.h
new file mode 100644
index 0000000000..dc2f2dd207
--- /dev/null
+++ b/source3/include/md5.h
@@ -0,0 +1,25 @@
+#ifndef MD5_H
+#define MD5_H
+#ifndef HEADER_MD5_H
+/* Try to avoid clashes with OpenSSL */
+#define HEADER_MD5_H 
+#endif
+
+struct MD5Context {
+	uint32 buf[4];
+	uint32 bits[2];
+	unsigned char in[64];
+};
+
+void MD5Init(struct MD5Context *context);
+void MD5Update(struct MD5Context *context, unsigned char const *buf,
+	       unsigned len);
+void MD5Final(unsigned char digest[16], struct MD5Context *context);
+void MD5Transform(uint32 buf[4], uint32 const in[16]);
+
+/*
+ * This is needed to make RSAREF happy on some MS-DOS compilers.
+ */
+typedef struct MD5Context MD5_CTX;
+
+#endif /* !MD5_H */
diff --git a/source3/include/messages.h b/source3/include/messages.h
new file mode 100644
index 0000000000..9868b5de09
--- /dev/null
+++ b/source3/include/messages.h
@@ -0,0 +1,60 @@
+/* 
+   Unix SMB/CIFS implementation.
+   messages.c header
+   Copyright (C) Andrew Tridgell 2000
+   Copyright (C) 2001, 2002 by Martin Pool
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _MESSAGES_H_
+#define _MESSAGES_H_
+
+/* general messages */
+#define MSG_DEBUG		1
+#define MSG_PING		2
+#define MSG_PONG		3
+#define MSG_PROFILE		4
+#define MSG_REQ_DEBUGLEVEL	5
+#define MSG_DEBUGLEVEL		6
+#define MSG_REQ_PROFILELEVEL	7
+#define MSG_PROFILELEVEL	8
+#define MSG_REQ_POOL_USAGE	9
+#define MSG_POOL_USAGE		10
+
+/* If dmalloc is included, set a steady-state mark */
+#define MSG_REQ_DMALLOC_MARK	11
+
+/* If dmalloc is included, dump to the dmalloc log a description of
+ * what has changed since the last MARK */
+#define MSG_REQ_DMALLOC_LOG_CHANGED	12
+
+#define MSG_SHUTDOWN		13
+
+/* nmbd messages */
+#define MSG_FORCE_ELECTION 1001
+#define MSG_WINS_NEW_ENTRY 1002
+
+/* rpc messages */
+#define MSG_PRINTER_NOTIFY 2001
+#define MSG_PRINTER_UPDATE 2002
+
+/* smbd messages */
+#define MSG_SMB_CONF_UPDATED 3001
+#define MSG_SMB_FORCE_TDIS   3002
+#define MSG_SMB_SAM_SYNC     3003
+#define MSG_SMB_SAM_REPL     3004
+
+#endif
diff --git a/source3/include/msdfs.h b/source3/include/msdfs.h
new file mode 100644
index 0000000000..ab56ae4af4
--- /dev/null
+++ b/source3/include/msdfs.h
@@ -0,0 +1,77 @@
+/* 
+   Unix SMB/CIFS implementation.
+   MSDfs services for Samba
+   Copyright (C) Shirish Kalele 2000
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _MSDFS_H
+#define _MSDFS_H
+
+#define REFERRAL_TTL 600
+
+/* Flags used in trans2 Get Referral reply */
+#define DFSREF_REFERRAL_SERVER 0x1
+#define DFSREF_STORAGE_SERVER  0x2
+
+/* Referral sizes */
+#define VERSION2_REFERRAL_SIZE 0x16
+#define VERSION3_REFERRAL_SIZE 0x22
+#define REFERRAL_HEADER_SIZE 0x08
+
+/* Maximum number of referrals for each Dfs volume */
+#define MAX_REFERRAL_COUNT   256
+
+struct referral
+{
+	pstring alternate_path; /* contains the path referred */
+	uint32 proximity;
+	uint32 ttl; /* how long should client cache referral */
+};
+
+struct junction_map
+{
+  pstring service_name;
+  pstring volume_name;
+  int referral_count;
+  struct referral* referral_list;
+};
+
+struct dfs_path
+{
+  pstring hostname;
+  pstring servicename;
+  pstring volumename;
+  pstring restofthepath;
+};
+
+#define RESOLVE_DFSPATH(name, conn, inbuf, outbuf) \
+{ if(((SVAL(inbuf,smb_flg2) & FLAGS2_DFS_PATHNAMES)) && \
+     dfs_redirect(name,conn)) \
+     return ERROR_NT(NT_STATUS_PATH_NOT_COVERED); }
+
+#define RESOLVE_FINDFIRST_DFSPATH(name, conn, inbuf, outbuf) \
+{ if((SVAL(inbuf,smb_flg2) & FLAGS2_DFS_PATHNAMES) || \
+     get_remote_arch()==RA_WIN95) \
+      if(dfs_findfirst_redirect(directory,conn)) \
+	 return ERROR_NT(NT_STATUS_PATH_NOT_COVERED); }
+ 
+#define init_dfsroot(conn, inbuf, outbuf) \
+{ if(lp_msdfs_root(SNUM(conn)) && lp_host_msdfs())  \
+	SSVAL(outbuf, smb_vwv2, SMB_SHARE_IN_DFS | SMB_SUPPORT_SEARCH_BITS); \
+}
+
+#endif /* _MSDFS_H */
diff --git a/source3/include/nameserv.h b/source3/include/nameserv.h
index 168dd4ba86..53a5a3b5d8 100644
--- a/source3/include/nameserv.h
+++ b/source3/include/nameserv.h
@@ -1,8 +1,9 @@
+#ifndef _NAMESERV_H_
+#define _NAMESERV_H_
 /* 
-   Unix SMB/Netbios implementation.
-   Version 1.9.
+   Unix SMB/CIFS implementation.
    NBT netbios header - version 2
-   Copyright (C) Andrew Tridgell 1994-1995
+   Copyright (C) Andrew Tridgell 1994-1998
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -20,59 +21,434 @@
    
 */
 
-#define MAX_DGRAM_SIZE 576
+#define INFO_VERSION	"INFO/version"
+#define INFO_COUNT	"INFO/num_entries"
+#define INFO_ID_HIGH	"INFO/id_high"
+#define INFO_ID_LOW	"INFO/id_low"
+#define ENTRY_PREFIX 	"ENTRY/"
+
+#define PERMANENT_TTL 0
+
+/* NTAS uses 2, NT uses 1, WfWg uses 0 */
+#define MAINTAIN_LIST    2
+#define ELECTION_VERSION 1
+
+#define MAX_DGRAM_SIZE (576) /* tcp/ip datagram limit is 576 bytes */
 #define MIN_DGRAM_SIZE 12
 
-#define NMB_PORT 137
-#define DGRAM_PORT 138
-#define SMB_PORT 139
+/*********************************************************
+ Types of reply packet.
+**********************************************************/
+
+enum netbios_reply_type_code { NMB_QUERY, NMB_STATUS, NMB_REG, NMB_REG_REFRESH,
+                               NMB_REL, NMB_WAIT_ACK, NMB_MULTIHOMED_REG,
+                               WINS_REG, WINS_QUERY };
+
+/* From rfc1002, 4.2.1.2 */
+/* Question types. */
+#define QUESTION_TYPE_NB_QUERY  0x20
+#define QUESTION_TYPE_NB_STATUS 0x21
+
+/* Question class */
+#define QUESTION_CLASS_IN  0x1
+
+/* Opcode definitions */
+#define NMB_NAME_QUERY_OPCODE       0x0
+#define NMB_NAME_REG_OPCODE         0x05 /* see rfc1002.txt 4.2.2,3,5,6,7,8 */
+#define NMB_NAME_RELEASE_OPCODE     0x06 /* see rfc1002.txt 4.2.9,10,11 */
+#define NMB_WACK_OPCODE             0x07 /* see rfc1002.txt 4.2.16 */
+/* Ambiguity in rfc1002 about which of these is correct. */
+/* WinNT uses 8 by default but can be made to use 9. */
+#define NMB_NAME_REFRESH_OPCODE_8   0x08 /* see rfc1002.txt 4.2.4 */
+#define NMB_NAME_REFRESH_OPCODE_9   0x09 /* see rfc1002.txt 4.2.4 */
+#define NMB_NAME_MULTIHOMED_REG_OPCODE 0x0F /* Invented by Microsoft. */
+
+/* XXXX what about all the other types?? 0x1, 0x2, 0x3, 0x4, 0x8? */
+
+/* Resource record types. rfc1002 4.2.1.3 */
+#define RR_TYPE_A                  0x1
+#define RR_TYPE_NS                 0x2
+#define RR_TYPE_NULL               0xA
+#define RR_TYPE_NB                0x20
+#define RR_TYPE_NBSTAT            0x21
+
+/* Resource record class. */
+#define RR_CLASS_IN                0x1
+
+/* NetBIOS flags */
+#define NB_GROUP  0x80
+#define NB_PERM   0x02
+#define NB_ACTIVE 0x04
+#define NB_CONFL  0x08
+#define NB_DEREG  0x10
+#define NB_BFLAG  0x00 /* Broadcast node type. */
+#define NB_PFLAG  0x20 /* Point-to-point node type. */
+#define NB_MFLAG  0x40 /* Mixed bcast & p-p node type. */
+#define NB_HFLAG  0x60 /* Microsoft 'hybrid' node type. */
+#define NB_NODETYPEMASK 0x60
+/* Mask applied to outgoing NetBIOS flags. */
+#define NB_FLGMSK 0xE0
+
+/* The wins flags. Looks like the nbflags ! */
+#define WINS_UNIQUE	0x00 /* Unique record */
+#define WINS_NGROUP	0x01 /* Normal Group eg: 1B */
+#define WINS_SGROUP	0x02 /* Special Group eg: 1C */
+#define WINS_MHOMED	0x03 /* MultiHomed */
+
+#define WINS_ACTIVE	0x00 /* active record */
+#define WINS_RELEASED	0x04 /* released record */
+#define WINS_TOMBSTONED 0x08 /* tombstoned record */
+#define WINS_DELETED	0x0C /* deleted record */
+
+#define WINS_STATE_MASK	0x0C
+
+#define WINS_LOCAL	0x00 /* local record */
+#define WINS_REMOTE	0x10 /* remote record */
+
+#define WINS_BNODE	0x00 /* Broadcast node */
+#define WINS_PNODE	0x20 /* PtP node */
+#define WINS_MNODE	0x40 /* Mixed node */
+#define WINS_HNODE	0x60 /* Hybrid node */
 
-enum name_source {LMHOSTS, REGISTER, SELF, DNS, DNSFAIL};
+#define WINS_NONSTATIC	0x00 /* dynamic record */
+#define WINS_STATIC	0x80 /* static record */
+
+#define WINS_STATE_ACTIVE(p) (((p)->data.wins_flags & WINS_STATE_MASK) == WINS_ACTIVE)
+
+
+/* NetBIOS flag identifier. */
+#define NAME_GROUP(p)  ((p)->data.nb_flags & NB_GROUP)
+#define NAME_BFLAG(p) (((p)->data.nb_flags & NB_NODETYPEMASK) == NB_BFLAG)
+#define NAME_PFLAG(p) (((p)->data.nb_flags & NB_NODETYPEMASK) == NB_PFLAG)
+#define NAME_MFLAG(p) (((p)->data.nb_flags & NB_NODETYPEMASK) == NB_MFLAG)
+#define NAME_HFLAG(p) (((p)->data.nb_flags & NB_NODETYPEMASK) == NB_HFLAG)
+
+/* Samba name state for a name in a namelist. */
+#define NAME_IS_ACTIVE(p)        ((p)->data.nb_flags & NB_ACTIVE)
+#define NAME_IN_CONFLICT(p)      ((p)->data.nb_flags & NB_CONFL)
+#define NAME_IS_DEREGISTERING(p) ((p)->data.nb_flags & NB_DEREG)
+
+/* Error codes for NetBIOS requests. */
+#define FMT_ERR   0x1       /* Packet format error. */
+#define SRV_ERR   0x2       /* Internal server error. */
+#define NAM_ERR   0x3       /* Name does not exist. */
+#define IMP_ERR   0x4       /* Request not implemented. */
+#define RFS_ERR   0x5       /* Request refused. */
+#define ACT_ERR   0x6       /* Active error - name owned by another host. */
+#define CFT_ERR   0x7       /* Name in conflict error. */
+
+#define REFRESH_TIME (15*60)
+#define NAME_POLL_REFRESH_TIME (5*60)
+#define NAME_POLL_INTERVAL 15
+
+/* Workgroup state identifiers. */
+#define AM_POTENTIAL_MASTER_BROWSER(work) ((work)->mst_state == MST_POTENTIAL)
+#define AM_LOCAL_MASTER_BROWSER(work) ((work)->mst_state == MST_BROWSER)
+#define AM_DOMAIN_MASTER_BROWSER(work) ((work)->dom_state == DOMAIN_MST)
+#define AM_DOMAIN_MEMBER(work) ((work)->log_state == LOGON_SRV)
+
+/* Microsoft browser NetBIOS name. */
+#define MSBROWSE "\001\002__MSBROWSE__\002"
+
+/* Mail slots. */
+#define BROWSE_MAILSLOT    "\\MAILSLOT\\BROWSE"
+#define NET_LOGON_MAILSLOT "\\MAILSLOT\\NET\\NETLOGON"
+#define NT_LOGON_MAILSLOT  "\\MAILSLOT\\NET\\NTLOGON"
+#define LANMAN_MAILSLOT    "\\MAILSLOT\\LANMAN"
+
+/* Samba definitions for find_name_on_subnet(). */
+#define FIND_ANY_NAME   0
+#define FIND_SELF_NAME  1
+
+/*
+ * The different name types that can be in namelists.
+ *
+ * SELF_NAME should only be on the broadcast and unicast subnets.
+ * LMHOSTS_NAME should only be in the remote_broadcast_subnet.
+ * REGISTER_NAME, DNS_NAME, DNSFAIL_NAME should only be in the wins_server_subnet.
+ * WINS_PROXY_NAME should only be on the broadcast subnets.
+ * PERMANENT_NAME can be on all subnets except remote_broadcast_subnet.
+ *
+ */
+
+enum name_source {LMHOSTS_NAME, REGISTER_NAME, SELF_NAME, DNS_NAME, 
+                  DNSFAIL_NAME, PERMANENT_NAME, WINS_PROXY_NAME};
 enum node_type {B_NODE=0, P_NODE=1, M_NODE=2, NBDD_NODE=3};
 enum packet_type {NMB_PACKET, DGRAM_PACKET};
 
-/* a netbios name structure */
-struct nmb_name {
-  char name[17];
-  char scope[64];
-  int name_type;
+enum master_state
+{
+  MST_NONE,
+  MST_POTENTIAL,
+  MST_BACKUP,
+  MST_MSB,
+  MST_BROWSER,
+  MST_UNBECOMING_MASTER
 };
 
-/* this is the structure used for the local netbios name list */
-struct name_record
+enum domain_state
 {
-  struct name_record *next;
-  struct name_record *prev;
-  struct nmb_name name;
-  time_t death_time;
-  struct in_addr ip;
-  BOOL unique;
-  enum name_source source;
+  DOMAIN_NONE,
+  DOMAIN_WAIT,
+  DOMAIN_MST
 };
 
-/* this is used by the list of domains */
-struct domain_record
+enum logon_state
 {
-  struct domain_record *next;
-  struct domain_record *prev;
-  fstring name;
-  time_t lastannounce_time;
-  int announce_interval;
-  struct in_addr bcast_ip;
+  LOGON_NONE,
+  LOGON_WAIT,
+  LOGON_SRV
+};
+
+struct subnet_record;
+
+struct nmb_data
+{
+  uint16 nb_flags;         /* Netbios flags. */
+  int num_ips;             /* Number of ip entries. */
+  struct in_addr *ip;      /* The ip list for this name. */
+
+  enum name_source source; /* Where the name came from. */
+
+  time_t death_time; /* The time the record must be removed (do not remove if 0). */
+  time_t refresh_time; /* The time the record should be refreshed. */
+  
+  SMB_BIG_UINT id;		/* unique id */
+  struct in_addr wins_ip;	/* the adress of the wins server this record comes from */
+
+  int wins_flags;		/* similar to the netbios flags but different ! */
 };
 
-/* this is used to hold the list of servers in my domain */
+/* This structure represents an entry in a local netbios name list. */
+struct name_record
+  {
+  ubi_trNode            node[1];
+  struct subnet_record *subnet;
+  struct nmb_name       name;    /* The netbios name. */
+  struct nmb_data       data;    /* The netbios data. */
+  };
+
+/* Browser cache for synchronising browse lists. */
+struct browse_cache_record
+  {
+  ubi_dlNode     node[1];
+  pstring        lmb_name;
+  pstring        work_group;
+  struct in_addr ip;
+  time_t         sync_time;
+  time_t         death_time; /* The time the record must be removed. */
+  };
+
+/* This is used to hold the list of servers in my domain, and is
+   contained within lists of domains. */
+
 struct server_record
 {
   struct server_record *next;
   struct server_record *prev;
-  fstring name;
-  fstring comment;
-  uint32 servertype;
+
+  struct subnet_record *subnet;
+
+  struct server_info_struct serv;
   time_t death_time;  
 };
 
-/* a resource record */
+/* A workgroup structure. It contains a list of servers. */
+struct work_record
+{
+  struct work_record *next;
+  struct work_record *prev;
+
+  struct subnet_record *subnet;
+
+  struct server_record *serverlist;
+
+  /* Stage of development from non-local-master up to local-master browser. */
+  enum master_state mst_state;
+
+  /* Stage of development from non-domain-master to domain-master browser. */
+  enum domain_state dom_state;
+
+  /* Stage of development from non-logon-server to logon server. */
+  enum logon_state log_state;
+
+  /* Work group info. */
+  fstring work_group;
+  int     token;        /* Used when communicating with backup browsers. */
+  fstring local_master_browser_name;      /* Current local master browser. */
+
+  /* Announce info. */
+  time_t lastannounce_time;
+  int announce_interval;
+  BOOL    needannounce;
+
+  /* Timeout time for this workgroup. 0 means permanent. */
+  time_t death_time;  
+
+  /* Election info */
+  BOOL    RunningElection;
+  BOOL    needelection;
+  int     ElectionCount;
+  uint32  ElectionCriterion;
+
+  /* Domain master browser info. Used for efficient syncs. */
+  struct nmb_name dmb_name;
+  struct in_addr dmb_addr;
+};
+
+/* typedefs needed to define copy & free functions for userdata. */
+struct userdata_struct;
+
+typedef struct userdata_struct * (*userdata_copy_fn)(struct userdata_struct *);
+typedef void (*userdata_free_fn)(struct userdata_struct *);
+
+/* Structure to define any userdata passed around. */
+
+struct userdata_struct {
+  userdata_copy_fn copy_fn;
+  userdata_free_fn free_fn;
+  unsigned int userdata_len;
+  char data[16]; /* 16 is to ensure alignment/padding on all systems */
+};
+
+struct response_record;
+struct packet_struct;
+struct res_rec;
+
+/* typedef to define the function called when this response packet comes in. */
+typedef void (*response_function)(struct subnet_record *, struct response_record *,
+                                  struct packet_struct *);
+
+/* typedef to define the function called when this response record times out. */
+typedef void (*timeout_response_function)(struct subnet_record *,
+                                          struct response_record *);
+
+/* typedef to define the function called when the request that caused this
+   response record to be created is successful. */
+typedef void (*success_function)(struct subnet_record *, struct userdata_struct *, ...);
+
+/* typedef to define the function called when the request that caused this
+   response record to be created is unsuccessful. */
+typedef void (*fail_function)(struct subnet_record *, struct response_record *, ...);
+
+/* List of typedefs for success and fail functions of the different query
+   types. Used to catch any compile time prototype errors. */
+
+typedef void (*register_name_success_function)( struct subnet_record *,
+                                                struct userdata_struct *,
+                                                struct nmb_name *,
+                                                uint16,
+                                                int,
+                                                struct in_addr);
+typedef void (*register_name_fail_function)( struct subnet_record *,
+                                             struct response_record *,
+                                             struct nmb_name *);
+
+typedef void (*release_name_success_function)( struct subnet_record *,
+                                               struct userdata_struct *, 
+                                               struct nmb_name *,
+                                               struct in_addr);
+typedef void (*release_name_fail_function)( struct subnet_record *,
+                                            struct response_record *, 
+                                            struct nmb_name *);
+
+typedef void (*refresh_name_success_function)( struct subnet_record *,
+                                               struct userdata_struct *, 
+                                               struct nmb_name *,
+                                               uint16,
+                                               int,
+                                               struct in_addr);
+typedef void (*refresh_name_fail_function)( struct subnet_record *,
+                                            struct response_record *,
+                                            struct nmb_name *);
+
+typedef void (*query_name_success_function)( struct subnet_record *,
+                                             struct userdata_struct *,
+                                             struct nmb_name *,
+                                             struct in_addr,
+                                             struct res_rec *answers);
+
+typedef void (*query_name_fail_function)( struct subnet_record *,
+                                          struct response_record *,    
+                                          struct nmb_name *,
+                                          int);  
+
+typedef void (*node_status_success_function)( struct subnet_record *,
+                                              struct userdata_struct *,
+                                              struct res_rec *,
+                                              struct in_addr);
+typedef void (*node_status_fail_function)( struct subnet_record *,
+                                           struct response_record *);
+
+/* Initiated name queries are recorded in this list to track any responses. */
+
+struct response_record
+{
+  struct response_record *next;
+  struct response_record *prev;
+
+  uint16 response_id;
+
+  /* Callbacks for packets received or not. */ 
+  response_function resp_fn;
+  timeout_response_function timeout_fn;
+
+  /* Callbacks for the request succeeding or not. */
+  success_function success_fn;
+  fail_function fail_fn;
+ 
+  struct packet_struct *packet;
+
+  struct userdata_struct *userdata;
+
+  int num_msgs;
+
+  time_t repeat_time;
+  time_t repeat_interval;
+  int    repeat_count;
+
+  /* Recursion protection. */
+  BOOL in_expiration_processing;
+};
+
+/* A subnet structure. It contains a list of workgroups and netbios names. */
+
+/*
+   B nodes will have their own, totally separate subnet record, with their
+   own netbios name set. These do NOT interact with other subnet records'
+   netbios names.
+*/
+
+enum subnet_type {
+  NORMAL_SUBNET              = 0,  /* Subnet listed in interfaces list. */
+  UNICAST_SUBNET             = 1,  /* Subnet for unicast packets. */
+  REMOTE_BROADCAST_SUBNET    = 2,  /* Subnet for remote broadcasts. */
+  WINS_SERVER_SUBNET         = 3   /* Only created if we are a WINS server. */
+};
+
+struct subnet_record
+{
+  struct subnet_record *next;
+  struct subnet_record *prev;
+
+  char  *subnet_name;      /* For Debug identification. */
+  enum subnet_type type;   /* To catagorize the subnet. */
+
+  struct work_record     *workgrouplist; /* List of workgroups. */
+  ubi_trRoot              namelist[1];   /* List of netbios names. */
+  struct response_record *responselist;  /* List of responses expected. */
+
+  BOOL namelist_changed;
+  BOOL work_changed;
+
+  struct in_addr bcast_ip;
+  struct in_addr mask_ip;
+  struct in_addr myip;
+  int nmb_sock;               /* socket to listen for unicast 137. */
+  int dgram_sock;             /* socket to listen for unicast 138. */
+};
+
+/* A resource record. */
 struct res_rec {
   struct nmb_name rr_name;
   int rr_type;
@@ -82,7 +458,7 @@ struct res_rec {
   char rdata[MAX_DGRAM_SIZE];
 };
 
-/* define a nmb packet. */
+/* An nmb packet. */
 struct nmb_packet
 {
   struct {
@@ -114,8 +490,18 @@ struct nmb_packet
   struct res_rec *additional;
 };
 
+/* msg_type field options - from rfc1002. */
+
+#define DGRAM_UNIQUE 0x10
+#define DGRAM_GROUP 0x11
+#define DGRAM_BROADCAST 0x12
+#define DGRAM_ERROR 0x13
+#define DGRAM_QUERY_REQUEST 0x14
+#define DGRAM_POSITIVE_QUERY_RESPONSE 0x15
+#define DGRAM_NEGATIVE_QUERT_RESPONSE 0x16
+
+/* A datagram - this normally contains SMB data in the data[] array. */
 
-/* a datagram - this normally contains SMB data in the data[] array */
 struct dgram_packet {
   struct {
     int msg_type;
@@ -136,12 +522,14 @@ struct dgram_packet {
   char data[MAX_DGRAM_SIZE];
 };
 
-/* define a structure used to queue packets. this will be a linked
- list of nmb packets */
+/* Define a structure used to queue packets. This will be a linked
+ list of nmb packets. */
+
 struct packet_struct
 {
   struct packet_struct *next;
   struct packet_struct *prev;
+  BOOL locked;
   struct in_addr ip;
   int port;
   int fd;
@@ -153,32 +541,88 @@ struct packet_struct
   } packet;
 };
 
+/* NETLOGON opcodes */
 
-/* this defines a list of network interfaces */
-struct net_interface {
-  struct net_interface *next;
-  struct in_addr ip;
-  struct in_addr bcast;
-  struct in_addr netmask;
-};
+#define QUERYFORPDC	 7 /* Query for PDC. */
+#define SAM_UAS_CHANGE  10 /* Announce change to UAS or SAM. */
+#define QUERYFORPDC_R	12 /* Response to Query for PDC. */
+#define SAMLOGON	18
+#define SAMLOGON_R	19
+#define SAMLOGON_UNK_R	21
+
+/* Ids for netbios packet types. */
+
+#define ANN_HostAnnouncement         1
+#define ANN_AnnouncementRequest      2
+#define ANN_Election                 8
+#define ANN_GetBackupListReq         9
+#define ANN_GetBackupListResp       10
+#define ANN_BecomeBackup            11
+#define ANN_DomainAnnouncement      12
+#define ANN_MasterAnnouncement      13
+#define ANN_ResetBrowserState       14
+#define ANN_LocalMasterAnnouncement 15
+
+
+/* Broadcast packet announcement intervals, in minutes. */
+
+/* Attempt to add domain logon and domain master names. */
+#define CHECK_TIME_ADD_DOM_NAMES 5 
+
+/* Search for master browsers of workgroups samba knows about, 
+   except default. */
+#define CHECK_TIME_MST_BROWSE       5 
+
+/* Request backup browser announcements from other servers. */
+#define CHECK_TIME_ANNOUNCE_BACKUP 15
+
+/* Request host announcements from other servers: min and max of interval. */
+#define CHECK_TIME_MIN_HOST_ANNCE   3
+#define CHECK_TIME_MAX_HOST_ANNCE  12
+
+/* Announce as master to WINS server and any Primary Domain Controllers. */
+#define CHECK_TIME_MST_ANNOUNCE    15
+
+/* Time between syncs from domain master browser to local master browsers. */
+#define CHECK_TIME_DMB_TO_LMB_SYNC    15
+
+/* Do all remote announcements this often. */
+#define REMOTE_ANNOUNCE_INTERVAL 180
+
+/* what is the maximum period between name refreshes. Note that this only
+   affects non-permanent self names (in seconds) */
+#define MAX_REFRESH_TIME (60*20)
+
+/* The Extinction interval: 4 days, time a node will stay in released state  */
+#define EXTINCTION_INTERVAL (4*24*60*60)
+
+/* The Extinction time-out: 1 day, time a node will stay in deleted state */
+#define EXTINCTION_TIMEOUT (24*60*60)
+
+/* Macro's to enumerate subnets either with or without
+   the UNICAST subnet. */
+
+extern struct subnet_record *subnetlist;
+extern struct subnet_record *unicast_subnet;
+extern struct subnet_record *wins_server_subnet;
+extern struct subnet_record *remote_broadcast_subnet;
+
+#define FIRST_SUBNET subnetlist
+#define NEXT_SUBNET_EXCLUDING_UNICAST(x) ((x)->next)
+#define NEXT_SUBNET_INCLUDING_UNICAST(x) (get_next_subnet_maybe_unicast((x)))
 
+/* wins replication record used between nmbd and wrepld */
+typedef struct _WINS_RECORD {
+	char name[17];
+	char type;
+	int nb_flags;
+	int wins_flags;
+	SMB_BIG_UINT id;
+	int num_ips;
+	struct in_addr ip[25];
+	struct in_addr wins_ip;
+} WINS_RECORD;
 
-/* prototypes */
-void free_nmb_packet(struct nmb_packet *nmb);
-void free_packet(struct packet_struct *packet);
-struct packet_struct *read_packet(int fd,enum packet_type packet_type);
-BOOL send_packet(struct packet_struct *p);
-struct packet_struct *receive_packet(int fd,enum packet_type type,int timeout);
-void make_nmb_name(struct nmb_name *n,char *name,int type,char *this_scope);
-BOOL name_query(int fd,char *name,int name_type,
-		       BOOL bcast,BOOL recurse,
-		       struct in_addr to_ip, struct in_addr *ip,void (*fn)());
-BOOL name_status(int fd,char *name,int name_type,BOOL recurse,
-		 struct in_addr to_ip,char *master,char *rname,
-		 void (*fn)());
-BOOL send_mailslot_reply(char *mailslot,int fd,char *buf,int len,
-			 char *srcname,char *dstname,
-			 int src_type,int dest_type,
-			 struct in_addr dest_ip,
-			 struct in_addr src_ip);
-char *namestr(struct nmb_name *n);
+/* To be removed. */
+enum state_type { TEST };
+#endif /* _NAMESERV_H_ */
diff --git a/source3/include/nt_printing.h b/source3/include/nt_printing.h
new file mode 100644
index 0000000000..90ac45412d
--- /dev/null
+++ b/source3/include/nt_printing.h
@@ -0,0 +1,334 @@
+/*
+   Unix SMB/CIFS implementation.
+   SMB parameters and setup
+   Copyright (C) Andrew Tridgell              1992-2000,
+   Copyright (C) Jean Francois Micouleau      1998-2000.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef NT_PRINTING_H_
+#define NT_PRINTING_H_
+
+#define ORIENTATION      0x00000001L
+#define PAPERSIZE        0x00000002L
+#define PAPERLENGTH      0x00000004L
+#define PAPERWIDTH       0x00000008L
+#define SCALE            0x00000010L
+#define COPIES           0x00000100L
+#define DEFAULTSOURCE    0x00000200L
+#define PRINTQUALITY     0x00000400L
+#define COLOR            0x00000800L
+#define DUPLEX           0x00001000L
+#define YRESOLUTION      0x00002000L
+#define TTOPTION         0x00004000L
+#define COLLATE          0x00008000L
+#define FORMNAME         0x00010000L
+#define LOGPIXELS        0x00020000L
+#define BITSPERPEL       0x00040000L
+#define PELSWIDTH        0x00080000L
+#define PELSHEIGHT       0x00100000L
+#define DISPLAYFLAGS     0x00200000L
+#define DISPLAYFREQUENCY 0x00400000L
+#define PANNINGWIDTH     0x00800000L
+#define PANNINGHEIGHT    0x01000000L
+
+#define ORIENT_PORTRAIT   1
+#define ORIENT_LANDSCAPE  2
+
+#define PAPER_FIRST                PAPER_LETTER
+#define PAPER_LETTER               1  /* Letter 8 1/2 x 11 in               */
+#define PAPER_LETTERSMALL          2  /* Letter Small 8 1/2 x 11 in         */
+#define PAPER_TABLOID              3  /* Tabloid 11 x 17 in                 */
+#define PAPER_LEDGER               4  /* Ledger 17 x 11 in                  */
+#define PAPER_LEGAL                5  /* Legal 8 1/2 x 14 in                */
+#define PAPER_STATEMENT            6  /* Statement 5 1/2 x 8 1/2 in         */
+#define PAPER_EXECUTIVE            7  /* Executive 7 1/4 x 10 1/2 in        */
+#define PAPER_A3                   8  /* A3 297 x 420 mm                    */
+#define PAPER_A4                   9  /* A4 210 x 297 mm                    */
+#define PAPER_A4SMALL             10  /* A4 Small 210 x 297 mm              */
+#define PAPER_A5                  11  /* A5 148 x 210 mm                    */
+#define PAPER_B4                  12  /* B4 (JIS) 250 x 354                 */
+#define PAPER_B5                  13  /* B5 (JIS) 182 x 257 mm              */
+#define PAPER_FOLIO               14  /* Folio 8 1/2 x 13 in                */
+#define PAPER_QUARTO              15  /* Quarto 215 x 275 mm                */
+#define PAPER_10X14               16  /* 10x14 in                           */
+#define PAPER_11X17               17  /* 11x17 in                           */
+#define PAPER_NOTE                18  /* Note 8 1/2 x 11 in                 */
+#define PAPER_ENV_9               19  /* Envelope #9 3 7/8 x 8 7/8          */
+#define PAPER_ENV_10              20  /* Envelope #10 4 1/8 x 9 1/2         */
+#define PAPER_ENV_11              21  /* Envelope #11 4 1/2 x 10 3/8        */
+#define PAPER_ENV_12              22  /* Envelope #12 4 \276 x 11           */
+#define PAPER_ENV_14              23  /* Envelope #14 5 x 11 1/2            */
+#define PAPER_CSHEET              24  /* C size sheet                       */
+#define PAPER_DSHEET              25  /* D size sheet                       */
+#define PAPER_ESHEET              26  /* E size sheet                       */
+#define PAPER_ENV_DL              27  /* Envelope DL 110 x 220mm            */
+#define PAPER_ENV_C5              28  /* Envelope C5 162 x 229 mm           */
+#define PAPER_ENV_C3              29  /* Envelope C3  324 x 458 mm          */
+#define PAPER_ENV_C4              30  /* Envelope C4  229 x 324 mm          */
+#define PAPER_ENV_C6              31  /* Envelope C6  114 x 162 mm          */
+#define PAPER_ENV_C65             32  /* Envelope C65 114 x 229 mm          */
+#define PAPER_ENV_B4              33  /* Envelope B4  250 x 353 mm          */
+#define PAPER_ENV_B5              34  /* Envelope B5  176 x 250 mm          */
+#define PAPER_ENV_B6              35  /* Envelope B6  176 x 125 mm          */
+#define PAPER_ENV_ITALY           36  /* Envelope 110 x 230 mm              */
+#define PAPER_ENV_MONARCH         37  /* Envelope Monarch 3.875 x 7.5 in    */
+#define PAPER_ENV_PERSONAL        38  /* 6 3/4 Envelope 3 5/8 x 6 1/2 in    */
+#define PAPER_FANFOLD_US          39  /* US Std Fanfold 14 7/8 x 11 in      */
+#define PAPER_FANFOLD_STD_GERMAN  40  /* German Std Fanfold 8 1/2 x 12 in   */
+#define PAPER_FANFOLD_LGL_GERMAN  41  /* German Legal Fanfold 8 1/2 x 13 in */
+
+#define PAPER_LAST                PAPER_FANFOLD_LGL_GERMAN
+#define PAPER_USER                256
+
+#define BIN_FIRST         BIN_UPPER
+#define BIN_UPPER         1
+#define BIN_ONLYONE       1
+#define BIN_LOWER         2
+#define BIN_MIDDLE        3
+#define BIN_MANUAL        4
+#define BIN_ENVELOPE      5
+#define BIN_ENVMANUAL     6
+#define BIN_AUTO          7
+#define BIN_TRACTOR       8
+#define BIN_SMALLFMT      9
+#define BIN_LARGEFMT      10
+#define BIN_LARGECAPACITY 11
+#define BIN_CASSETTE      14
+#define BIN_FORMSOURCE    15
+#define BIN_LAST          BIN_FORMSOURCE
+
+#define BIN_USER          256     /* device specific bins start here */
+
+#define RES_DRAFT         (-1)
+#define RES_LOW           (-2)
+#define RES_MEDIUM        (-3)
+#define RES_HIGH          (-4)
+
+#define COLOR_MONOCHROME  1
+#define COLOR_COLOR       2
+
+#define DUP_SIMPLEX    1
+#define DUP_VERTICAL   2
+#define DUP_HORIZONTAL 3
+
+#define TT_BITMAP     1       /* print TT fonts as graphics */
+#define TT_DOWNLOAD   2       /* download TT fonts as soft fonts */
+#define TT_SUBDEV     3       /* substitute device fonts for TT fonts */
+
+#define COLLATE_FALSE  0
+#define COLLATE_TRUE   1
+
+typedef struct nt_printer_driver_info_level_3
+{
+	uint32 cversion;
+
+	fstring name;
+	fstring environment;
+	fstring driverpath;
+	fstring datafile;
+	fstring configfile;
+	fstring helpfile;
+	fstring monitorname;
+	fstring defaultdatatype;
+	fstring *dependentfiles;
+} NT_PRINTER_DRIVER_INFO_LEVEL_3;
+
+/* SPOOL_PRINTER_DRIVER_INFO_LEVEL_6 structure */
+typedef struct {
+	uint32	version;
+	fstring	name;
+	fstring	environment;
+	fstring	driverpath;
+	fstring	datafile;
+	fstring	configfile;
+	fstring	helpfile;
+	fstring	monitorname;
+	fstring	defaultdatatype;
+	fstring	mfgname;
+	fstring	oemurl;
+	fstring	hardwareid;
+	fstring	provider;
+	fstring *dependentfiles;
+	fstring *previousnames;
+} NT_PRINTER_DRIVER_INFO_LEVEL_6;
+
+
+typedef struct nt_printer_driver_info_level
+{
+	NT_PRINTER_DRIVER_INFO_LEVEL_3 *info_3;
+	NT_PRINTER_DRIVER_INFO_LEVEL_6 *info_6;
+} NT_PRINTER_DRIVER_INFO_LEVEL;
+
+typedef struct nt_printer_param
+{
+	fstring value;
+	uint32 type;
+	uint8 *data;
+	int data_len;
+	struct nt_printer_param *next;
+} NT_PRINTER_PARAM;
+
+typedef struct ntdevicemode
+{
+	fstring	devicename;
+	fstring	formname;
+
+	uint16	specversion;
+	uint16	driverversion;
+	uint16	size;
+	uint16	driverextra;
+	uint16	orientation;
+	uint16	papersize;
+	uint16	paperlength;
+	uint16	paperwidth;
+	uint16	scale;
+	uint16	copies;
+	uint16	defaultsource;
+	uint16	printquality;
+	uint16	color;
+	uint16	duplex;
+	uint16	yresolution;
+	uint16	ttoption;
+	uint16	collate;
+	uint16	logpixels;
+
+	uint32	fields;
+	uint32	bitsperpel;
+	uint32	pelswidth;
+	uint32	pelsheight;
+	uint32	displayflags;
+	uint32	displayfrequency;
+	uint32	icmmethod;
+	uint32	icmintent;
+	uint32	mediatype;
+	uint32	dithertype;
+	uint32	reserved1;
+	uint32	reserved2;
+	uint32	panningwidth;
+	uint32	panningheight;
+	uint8 	*private;
+} NT_DEVICEMODE;
+
+typedef struct nt_printer_info_level_2
+{
+	uint32 attributes;
+	uint32 priority;
+	uint32 default_priority;
+	uint32 starttime;
+	uint32 untiltime;
+	uint32 status;
+	uint32 cjobs;
+	uint32 averageppm;
+	fstring servername;
+	fstring printername;
+	fstring sharename;
+	fstring portname;
+	fstring drivername;
+	pstring comment;
+	fstring location;
+	NT_DEVICEMODE *devmode;
+	fstring sepfile;
+	fstring printprocessor;
+	fstring datatype;
+	fstring parameters;
+	NT_PRINTER_PARAM *specific;
+	SEC_DESC_BUF *secdesc_buf;
+	/* not used but ... and how ??? */
+	uint32 changeid;
+	uint32 c_setprinter;
+	uint32 setuptime;	
+} NT_PRINTER_INFO_LEVEL_2;
+
+typedef struct nt_printer_info_level
+{
+	NT_PRINTER_INFO_LEVEL_2 *info_2;
+} NT_PRINTER_INFO_LEVEL;
+
+typedef struct
+{
+	fstring name;
+	uint32 flag;
+	uint32 width;
+	uint32 length;
+	uint32 left;
+	uint32 top;
+	uint32 right;
+	uint32 bottom;
+} nt_forms_struct;
+
+/*
+typedef struct _form
+{
+       uint32 flags;
+       uint32 name_ptr;
+       uint32 size_x;
+       uint32 size_y;
+       uint32 left;
+       uint32 top;
+       uint32 right;
+       uint32 bottom;
+       UNISTR2 name;
+} FORM;
+*/
+
+#ifndef SAMBA_PRINTER_PORT_NAME
+#define SAMBA_PRINTER_PORT_NAME "Samba Printer Port"
+#endif
+
+/* DOS header format */
+#define DOS_HEADER_SIZE                 64
+#define DOS_HEADER_MAGIC_OFFSET         0
+#define DOS_HEADER_MAGIC                0x5A4D
+#define DOS_HEADER_LFANEW_OFFSET        60
+
+/* New Executable format (Win or OS/2 1.x segmented) */
+#define NE_HEADER_SIZE                  64
+#define NE_HEADER_SIGNATURE_OFFSET      0
+#define NE_HEADER_SIGNATURE             0x454E
+#define NE_HEADER_TARGET_OS_OFFSET      54
+#define NE_HEADER_TARGOS_WIN            0x02
+#define NE_HEADER_MINOR_VER_OFFSET      62
+#define NE_HEADER_MAJOR_VER_OFFSET      63
+
+/* Portable Executable format */
+#define PE_HEADER_SIZE                  248
+#define PE_HEADER_SIGNATURE_OFFSET      0
+#define PE_HEADER_SIGNATURE             0x00004550
+#define PE_HEADER_MACHINE_OFFSET        4
+#define PE_HEADER_MACHINE_I386          0x14c
+#define PE_HEADER_NUMBER_OF_SECTIONS    6
+#define PE_HEADER_MAJOR_OS_VER_OFFSET   64
+#define PE_HEADER_MINOR_OS_VER_OFFSET   66
+#define PE_HEADER_MAJOR_IMG_VER_OFFSET  68
+#define PE_HEADER_MINOR_IMG_VER_OFFSET  70
+#define PE_HEADER_MAJOR_SS_VER_OFFSET   72
+#define PE_HEADER_MINOR_SS_VER_OFFSET   74
+#define PE_HEADER_SECT_HEADER_SIZE      40
+#define PE_HEADER_SECT_NAME_OFFSET      0
+#define PE_HEADER_SECT_SIZE_DATA_OFFSET 16
+#define PE_HEADER_SECT_PTR_DATA_OFFSET  20
+
+/* Microsoft file version format */
+#define VS_SIGNATURE                    "VS_VERSION_INFO"
+#define VS_MAGIC_VALUE                  0xfeef04bd
+#define VS_MAJOR_OFFSET					8
+#define VS_MINOR_OFFSET					12
+#define VS_VERSION_INFO_UNICODE_SIZE    (sizeof(VS_SIGNATURE)*2+4+VS_MINOR_OFFSET+4) /* not true size! */
+#define VS_VERSION_INFO_SIZE            (sizeof(VS_SIGNATURE)+4+VS_MINOR_OFFSET+4)   /* not true size! */
+#define VS_NE_BUF_SIZE                  4096  /* Must be > 2*VS_VERSION_INFO_SIZE */
+
+#endif /* NT_PRINTING_H_ */
diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h
new file mode 100644
index 0000000000..57eb4f4331
--- /dev/null
+++ b/source3/include/ntdomain.h
@@ -0,0 +1,379 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB parameters and setup
+   Copyright (C) Andrew Tridgell 1992-1997
+   Copyright (C) Luke Kenneth Casson Leighton 1996-1997
+   Copyright (C) Paul Ashton 1997
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _NT_DOMAIN_H /* _NT_DOMAIN_H */
+#define _NT_DOMAIN_H 
+
+/* dce/rpc support */
+#include "rpc_dce.h"
+
+/* miscellaneous structures / defines */
+#include "rpc_misc.h"
+
+#include "rpc_creds.h"
+
+#include "talloc.h"
+
+/*
+ * A bunch of stuff that was put into smb.h
+ * in the NTDOM branch - it didn't belong there.
+ */
+ 
+typedef struct _prs_struct 
+{
+	BOOL io; /* parsing in or out of data stream */
+	/* 
+	 * If the (incoming) data is big-endian. On output we are
+	 * always little-endian.
+	 */ 
+	BOOL bigendian_data;
+	uint8 align; /* data alignment */
+	BOOL is_dynamic; /* Do we own this memory or not ? */
+	uint32 data_offset; /* Current working offset into data. */
+	uint32 buffer_size; /* Current allocated size of the buffer. */
+	uint32 grow_size; /* size requested via prs_grow() calls */
+	char *data_p; /* The buffer itself. */
+	TALLOC_CTX *mem_ctx; /* When unmarshalling, use this.... */
+} prs_struct;
+
+/*
+ * Defines for io member of prs_struct.
+ */
+
+#define MARSHALL 0
+#define UNMARSHALL 1
+
+#define MARSHALLING(ps) (!(ps)->io)
+#define UNMARSHALLING(ps) ((ps)->io)
+
+#define RPC_BIG_ENDIAN 		1
+#define RPC_LITTLE_ENDIAN	0
+
+#define RPC_PARSE_ALIGN 4
+
+typedef struct _output_data {
+	/*
+	 * Raw RPC output data. This does not include RPC headers or footers.
+	 */
+	prs_struct rdata;
+
+	/* The amount of data sent from the current rdata struct. */
+	uint32 data_sent_length;
+
+	/*
+	 * The current PDU being returned. This inclues
+	 * headers, data and authentication footer.
+	 */
+	unsigned char current_pdu[MAX_PDU_FRAG_LEN];
+
+	/* The amount of data in the current_pdu buffer. */
+	uint32 current_pdu_len;
+
+	/* The amount of data sent from the current PDU. */
+	uint32 current_pdu_sent;
+} output_data;
+
+typedef struct _input_data {
+    /*
+     * This is the current incoming pdu. The data here
+     * is collected via multiple writes until a complete
+     * pdu is seen, then the data is copied into the in_data
+     * structure. The maximum size of this is 0x1630 (MAX_PDU_FRAG_LEN).
+     */
+    unsigned char current_in_pdu[MAX_PDU_FRAG_LEN];
+
+    /*
+     * The amount of data needed to complete the in_pdu.
+     * If this is zero, then we are at the start of a new
+     * pdu.
+     */
+    uint32 pdu_needed_len;
+
+    /*
+     * The amount of data received so far in the in_pdu.
+     * If this is zero, then we are at the start of a new
+     * pdu.
+     */
+    uint32 pdu_received_len;
+
+    /*
+     * This is the collection of input data with all
+     * the rpc headers and auth footers removed.
+     * The maximum length of this (1Mb) is strictly enforced.
+     */
+    prs_struct data;
+} input_data;
+
+/*
+ * Handle database - stored per pipe.
+ */
+
+struct policy
+{
+    struct policy *next, *prev;
+
+    POLICY_HND pol_hnd;
+
+    void *data_ptr;
+    void (*free_fn)(void *);
+
+};
+
+struct handle_list {
+	struct policy *Policy; 	/* List of policies. */
+	size_t count;			/* Current number of handles. */
+	size_t pipe_ref_count;	/* Number of pipe handles referring to this list. */
+};
+
+/* Domain controller authentication protocol info */
+struct dcinfo
+{
+	DOM_CHAL clnt_chal; /* Initial challenge received from client */
+	DOM_CHAL srv_chal;  /* Initial server challenge */
+	DOM_CRED clnt_cred; /* Last client credential */
+	DOM_CRED srv_cred;  /* Last server credential */
+ 
+	uchar  sess_key[8]; /* Session key */
+	uchar  md4pw[16];   /* md4(machine password) */
+
+	fstring mach_acct;  /* Machine name we've authenticated. */
+
+	fstring remote_machine;  /* Machine name we've authenticated. */
+
+	BOOL challenge_sent;
+	BOOL got_session_key;
+	BOOL authenticated;
+
+};
+
+/*
+ * DCE/RPC-specific samba-internal-specific handling of data on
+ * NamedPipes.
+ *
+ */
+
+typedef struct pipes_struct
+{
+	struct pipes_struct *next, *prev;
+
+	connection_struct *conn;
+	uint16 vuid; /* points to the unauthenticated user that opened this pipe. */
+
+	fstring name;
+	fstring pipe_srv_name;
+
+	RPC_HDR hdr; /* Incoming RPC header. */
+	RPC_HDR_REQ hdr_req; /* Incoming request header. */
+
+	uint32 ntlmssp_chal_flags; /* Client challenge flags. */
+	BOOL ntlmssp_auth_requested; /* If the client wanted authenticated rpc. */
+	BOOL ntlmssp_auth_validated; /* If the client *got* authenticated rpc. */
+	unsigned char challenge[8];
+	unsigned char ntlmssp_hash[258];
+	uint32 ntlmssp_seq_num;
+	struct dcinfo dc; /* Keeps the creds data. */
+
+	/*
+	 * Windows user info.
+	 */
+	fstring user_name;
+	fstring domain;
+	fstring wks;
+
+	/*
+	 * Unix user name and credentials.
+	 */
+
+	fstring pipe_user_name;
+	struct current_user pipe_user;
+
+	uint8 session_key[16];
+
+	/*
+	 * Set to true when an RPC bind has been done on this pipe.
+	 */
+	
+	BOOL pipe_bound;
+	
+	/*
+	 * Set to true when we should return fault PDU's for everything.
+	 */
+	
+	BOOL fault_state;
+
+	/*
+	 * Set to true when we should return fault PDU's for a bad handle.
+	 */
+
+	BOOL bad_handle_fault_state;
+	
+	/*
+	 * Set to RPC_BIG_ENDIAN when dealing with big-endian PDU's
+	 */
+	
+	BOOL endian;
+	
+	/*
+	 * Struct to deal with multiple pdu inputs.
+	 */
+
+	input_data in_data;
+
+	/*
+	 * Struct to deal with multiple pdu outputs.
+	 */
+
+	output_data out_data;
+
+	/* talloc context to use when allocating memory on this pipe. */
+	TALLOC_CTX *mem_ctx;
+
+	/* handle database to use on this pipe. */
+	struct handle_list *pipe_handles;
+
+} pipes_struct;
+
+typedef struct smb_np_struct
+{
+	struct smb_np_struct *next, *prev;
+	int pnum;
+	connection_struct *conn;
+	uint16 vuid; /* points to the unauthenticated user that opened this pipe. */
+	BOOL open; /* open connection */
+	uint16 device_state;
+	uint16 priority;
+	fstring name;
+
+	/* When replying to an SMBtrans, this is the maximum amount of
+           data that can be sent in the initial reply. */
+	int max_trans_reply;
+
+	/*
+	 * NamedPipe state information.
+	 *
+	 * (e.g. typecast a np_struct, above).
+	 */
+	void *np_state;
+
+	/*
+	 * NamedPipe functions, to be called to perform
+	 * Named Pipe transactions on request from an
+	 * SMB client.
+	 */
+
+	/* call to create a named pipe connection.
+	 * returns: state information representing the connection.
+	 *          is stored in np_state, above.
+	 */
+	void *   (*namedpipe_create)(char *pipe_name, 
+					  connection_struct *conn, uint16 vuid);
+
+	/* call to perform a write / read namedpipe transaction.
+	 * TransactNamedPipe is weird: it returns whether there
+	 * is more data outstanding to be read, and the
+	 * caller is expected to take note and follow up with
+	 * read requests.
+	 */
+	ssize_t  (*namedpipe_transact)(void *np_state,
+	                               char *data, int len,
+	                               char *rdata, int rlen,
+	                               BOOL *pipe_outstanding);
+
+	/* call to perform a write namedpipe operation
+	 */
+	ssize_t  (*namedpipe_write)(void * np_state,
+	                            char *data, size_t n);
+
+	/* call to perform a read namedpipe operation.
+	 *
+	 * NOTE: the only reason that the pipe_outstanding
+	 * argument is here is because samba does not use
+	 * the namedpipe_transact function yet: instead,
+	 * it performs the same as what namedpipe_transact
+	 * does - a write, followed by a read.
+	 *
+	 * when samba is modified to use namedpipe_transact,
+	 * the pipe_outstanding argument may be removed.
+	 */
+	ssize_t  (*namedpipe_read)(void * np_state,
+	                           char *data, size_t max_len,
+	                           BOOL *pipe_outstanding);
+
+	/* call to close a namedpipe.
+	 * function is expected to perform all cleanups
+	 * necessary, free all memory etc.
+	 *
+	 * returns True if cleanup was successful (not that
+	 * we particularly care).
+	 */
+	BOOL     (*namedpipe_close)(void * np_state);
+
+} smb_np_struct;
+
+struct api_struct
+{  
+  char *name;
+  uint8 opnum;
+  BOOL (*fn) (pipes_struct *);
+};
+
+typedef struct
+{  
+	uint32 rid;
+	char *name;
+
+} rid_name;
+
+struct acct_info
+{
+    fstring acct_name; /* account name */
+    fstring acct_desc; /* account name */
+    uint32 rid; /* domain-relative RID */
+};
+
+/*
+ * higher order functions for use with msrpc client code
+ */
+
+#define PRINT_INFO_FN(fn)\
+        void (*fn)(const char*, uint32, uint32, void  *const *const)
+#define JOB_INFO_FN(fn)\
+        void (*fn)(const char*, const char*, uint32, uint32, void *const *const)
+
+/* end higher order functions */
+
+
+/* security descriptor structures */
+#include "rpc_secdes.h"
+
+/* different dce/rpc pipes */
+#include "rpc_lsa.h"
+#include "rpc_netlogon.h"
+#include "rpc_reg.h"
+#include "rpc_samr.h"
+#include "rpc_srvsvc.h"
+#include "rpc_wkssvc.h"
+#include "rpc_spoolss.h"
+#include "rpc_dfs.h"
+#include "sids.h"
+
+#endif /* _NT_DOMAIN_H */
diff --git a/source3/include/nterr.h b/source3/include/nterr.h
new file mode 100644
index 0000000000..ef8e6bd27f
--- /dev/null
+++ b/source3/include/nterr.h
@@ -0,0 +1,562 @@
+/* 
+   Unix SMB/CIFS implementation.
+   NT error code constants
+   Copyright (C) Andrew Tridgell              1992-2000
+   Copyright (C) John H Terpstra              1996-2000
+   Copyright (C) Luke Kenneth Casson Leighton 1996-2000
+   Copyright (C) Paul Ashton                  1998-2000
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _NTERR_H
+#define _NTERR_H
+
+/* Win32 Status codes. */
+
+#define STATUS_BUFFER_OVERFLOW            NT_STATUS(0x80000005)
+#define NT_STATUS_NO_MORE_ENTRIES         NT_STATUS(0x8000001a)
+
+#define STATUS_MORE_ENTRIES               NT_STATUS(0x0105)
+#define ERROR_INVALID_PARAMETER		  NT_STATUS(0x0057)
+#define ERROR_INSUFFICIENT_BUFFER	  NT_STATUS(0x007a)
+#define STATUS_NOTIFY_ENUM_DIR            NT_STATUS(0x010c)
+#define ERROR_INVALID_DATATYPE		  NT_STATUS(0x070c)
+
+/* Win32 Error codes extracted using a loop in smbclient then printing a
+   netmon sniff to a file. */
+
+/*
+                       --------------
+                      /              \
+                     /      REST      \
+                    /        IN        \
+                   /       PEACE        \
+                  /                      \
+                  | NT_STATUS_NOPROBLEMO |
+                  |                      |
+                  |                      |
+                  |      4 September     |
+                  |                      |
+                  |         2001         |
+                 *|     *  *  *          | *
+        _________)/\\_//(\/(/\)/\//\/\///|_)_______
+*/
+
+#define NT_STATUS_OK NT_STATUS(0x0000)
+#define NT_STATUS_UNSUCCESSFUL NT_STATUS(0xC0000000 | 0x0001)
+#define NT_STATUS_NOT_IMPLEMENTED NT_STATUS(0xC0000000 | 0x0002)
+#define NT_STATUS_INVALID_INFO_CLASS NT_STATUS(0xC0000000 | 0x0003)
+#define NT_STATUS_INFO_LENGTH_MISMATCH NT_STATUS(0xC0000000 | 0x0004)
+#define NT_STATUS_ACCESS_VIOLATION NT_STATUS(0xC0000000 | 0x0005)
+#define NT_STATUS_IN_PAGE_ERROR NT_STATUS(0xC0000000 | 0x0006)
+#define NT_STATUS_PAGEFILE_QUOTA NT_STATUS(0xC0000000 | 0x0007)
+#define NT_STATUS_INVALID_HANDLE NT_STATUS(0xC0000000 | 0x0008)
+#define NT_STATUS_BAD_INITIAL_STACK NT_STATUS(0xC0000000 | 0x0009)
+#define NT_STATUS_BAD_INITIAL_PC NT_STATUS(0xC0000000 | 0x000a)
+#define NT_STATUS_INVALID_CID NT_STATUS(0xC0000000 | 0x000b)
+#define NT_STATUS_TIMER_NOT_CANCELED NT_STATUS(0xC0000000 | 0x000c)
+#define NT_STATUS_INVALID_PARAMETER NT_STATUS(0xC0000000 | 0x000d)
+#define NT_STATUS_NO_SUCH_DEVICE NT_STATUS(0xC0000000 | 0x000e)
+#define NT_STATUS_NO_SUCH_FILE NT_STATUS(0xC0000000 | 0x000f)
+#define NT_STATUS_INVALID_DEVICE_REQUEST NT_STATUS(0xC0000000 | 0x0010)
+#define NT_STATUS_END_OF_FILE NT_STATUS(0xC0000000 | 0x0011)
+#define NT_STATUS_WRONG_VOLUME NT_STATUS(0xC0000000 | 0x0012)
+#define NT_STATUS_NO_MEDIA_IN_DEVICE NT_STATUS(0xC0000000 | 0x0013)
+#define NT_STATUS_UNRECOGNIZED_MEDIA NT_STATUS(0xC0000000 | 0x0014)
+#define NT_STATUS_NONEXISTENT_SECTOR NT_STATUS(0xC0000000 | 0x0015)
+#define NT_STATUS_MORE_PROCESSING_REQUIRED NT_STATUS(0xC0000000 | 0x0016)
+#define NT_STATUS_NO_MEMORY NT_STATUS(0xC0000000 | 0x0017)
+#define NT_STATUS_CONFLICTING_ADDRESSES NT_STATUS(0xC0000000 | 0x0018)
+#define NT_STATUS_NOT_MAPPED_VIEW NT_STATUS(0xC0000000 | 0x0019)
+#define NT_STATUS_UNABLE_TO_FREE_VM NT_STATUS(0xC0000000 | 0x001a)
+#define NT_STATUS_UNABLE_TO_DELETE_SECTION NT_STATUS(0xC0000000 | 0x001b)
+#define NT_STATUS_INVALID_SYSTEM_SERVICE NT_STATUS(0xC0000000 | 0x001c)
+#define NT_STATUS_ILLEGAL_INSTRUCTION NT_STATUS(0xC0000000 | 0x001d)
+#define NT_STATUS_INVALID_LOCK_SEQUENCE NT_STATUS(0xC0000000 | 0x001e)
+#define NT_STATUS_INVALID_VIEW_SIZE NT_STATUS(0xC0000000 | 0x001f)
+#define NT_STATUS_INVALID_FILE_FOR_SECTION NT_STATUS(0xC0000000 | 0x0020)
+#define NT_STATUS_ALREADY_COMMITTED NT_STATUS(0xC0000000 | 0x0021)
+#define NT_STATUS_ACCESS_DENIED NT_STATUS(0xC0000000 | 0x0022)
+#define NT_STATUS_BUFFER_TOO_SMALL NT_STATUS(0xC0000000 | 0x0023)
+#define NT_STATUS_OBJECT_TYPE_MISMATCH NT_STATUS(0xC0000000 | 0x0024)
+#define NT_STATUS_NONCONTINUABLE_EXCEPTION NT_STATUS(0xC0000000 | 0x0025)
+#define NT_STATUS_INVALID_DISPOSITION NT_STATUS(0xC0000000 | 0x0026)
+#define NT_STATUS_UNWIND NT_STATUS(0xC0000000 | 0x0027)
+#define NT_STATUS_BAD_STACK NT_STATUS(0xC0000000 | 0x0028)
+#define NT_STATUS_INVALID_UNWIND_TARGET NT_STATUS(0xC0000000 | 0x0029)
+#define NT_STATUS_NOT_LOCKED NT_STATUS(0xC0000000 | 0x002a)
+#define NT_STATUS_PARITY_ERROR NT_STATUS(0xC0000000 | 0x002b)
+#define NT_STATUS_UNABLE_TO_DECOMMIT_VM NT_STATUS(0xC0000000 | 0x002c)
+#define NT_STATUS_NOT_COMMITTED NT_STATUS(0xC0000000 | 0x002d)
+#define NT_STATUS_INVALID_PORT_ATTRIBUTES NT_STATUS(0xC0000000 | 0x002e)
+#define NT_STATUS_PORT_MESSAGE_TOO_LONG NT_STATUS(0xC0000000 | 0x002f)
+#define NT_STATUS_INVALID_PARAMETER_MIX NT_STATUS(0xC0000000 | 0x0030)
+#define NT_STATUS_INVALID_QUOTA_LOWER NT_STATUS(0xC0000000 | 0x0031)
+#define NT_STATUS_DISK_CORRUPT_ERROR NT_STATUS(0xC0000000 | 0x0032)
+#define NT_STATUS_OBJECT_NAME_INVALID NT_STATUS(0xC0000000 | 0x0033)
+#define NT_STATUS_OBJECT_NAME_NOT_FOUND NT_STATUS(0xC0000000 | 0x0034)
+#define NT_STATUS_OBJECT_NAME_COLLISION NT_STATUS(0xC0000000 | 0x0035)
+#define NT_STATUS_HANDLE_NOT_WAITABLE NT_STATUS(0xC0000000 | 0x0036)
+#define NT_STATUS_PORT_DISCONNECTED NT_STATUS(0xC0000000 | 0x0037)
+#define NT_STATUS_DEVICE_ALREADY_ATTACHED NT_STATUS(0xC0000000 | 0x0038)
+#define NT_STATUS_OBJECT_PATH_INVALID NT_STATUS(0xC0000000 | 0x0039)
+#define NT_STATUS_OBJECT_PATH_NOT_FOUND NT_STATUS(0xC0000000 | 0x003a)
+#define NT_STATUS_OBJECT_PATH_SYNTAX_BAD NT_STATUS(0xC0000000 | 0x003b)
+#define NT_STATUS_DATA_OVERRUN NT_STATUS(0xC0000000 | 0x003c)
+#define NT_STATUS_DATA_LATE_ERROR NT_STATUS(0xC0000000 | 0x003d)
+#define NT_STATUS_DATA_ERROR NT_STATUS(0xC0000000 | 0x003e)
+#define NT_STATUS_CRC_ERROR NT_STATUS(0xC0000000 | 0x003f)
+#define NT_STATUS_SECTION_TOO_BIG NT_STATUS(0xC0000000 | 0x0040)
+#define NT_STATUS_PORT_CONNECTION_REFUSED NT_STATUS(0xC0000000 | 0x0041)
+#define NT_STATUS_INVALID_PORT_HANDLE NT_STATUS(0xC0000000 | 0x0042)
+#define NT_STATUS_SHARING_VIOLATION NT_STATUS(0xC0000000 | 0x0043)
+#define NT_STATUS_QUOTA_EXCEEDED NT_STATUS(0xC0000000 | 0x0044)
+#define NT_STATUS_INVALID_PAGE_PROTECTION NT_STATUS(0xC0000000 | 0x0045)
+#define NT_STATUS_MUTANT_NOT_OWNED NT_STATUS(0xC0000000 | 0x0046)
+#define NT_STATUS_SEMAPHORE_LIMIT_EXCEEDED NT_STATUS(0xC0000000 | 0x0047)
+#define NT_STATUS_PORT_ALREADY_SET NT_STATUS(0xC0000000 | 0x0048)
+#define NT_STATUS_SECTION_NOT_IMAGE NT_STATUS(0xC0000000 | 0x0049)
+#define NT_STATUS_SUSPEND_COUNT_EXCEEDED NT_STATUS(0xC0000000 | 0x004a)
+#define NT_STATUS_THREAD_IS_TERMINATING NT_STATUS(0xC0000000 | 0x004b)
+#define NT_STATUS_BAD_WORKING_SET_LIMIT NT_STATUS(0xC0000000 | 0x004c)
+#define NT_STATUS_INCOMPATIBLE_FILE_MAP NT_STATUS(0xC0000000 | 0x004d)
+#define NT_STATUS_SECTION_PROTECTION NT_STATUS(0xC0000000 | 0x004e)
+#define NT_STATUS_EAS_NOT_SUPPORTED NT_STATUS(0xC0000000 | 0x004f)
+#define NT_STATUS_EA_TOO_LARGE NT_STATUS(0xC0000000 | 0x0050)
+#define NT_STATUS_NONEXISTENT_EA_ENTRY NT_STATUS(0xC0000000 | 0x0051)
+#define NT_STATUS_NO_EAS_ON_FILE NT_STATUS(0xC0000000 | 0x0052)
+#define NT_STATUS_EA_CORRUPT_ERROR NT_STATUS(0xC0000000 | 0x0053)
+#define NT_STATUS_FILE_LOCK_CONFLICT NT_STATUS(0xC0000000 | 0x0054)
+#define NT_STATUS_LOCK_NOT_GRANTED NT_STATUS(0xC0000000 | 0x0055)
+#define NT_STATUS_DELETE_PENDING NT_STATUS(0xC0000000 | 0x0056)
+#define NT_STATUS_CTL_FILE_NOT_SUPPORTED NT_STATUS(0xC0000000 | 0x0057)
+#define NT_STATUS_UNKNOWN_REVISION NT_STATUS(0xC0000000 | 0x0058)
+#define NT_STATUS_REVISION_MISMATCH NT_STATUS(0xC0000000 | 0x0059)
+#define NT_STATUS_INVALID_OWNER NT_STATUS(0xC0000000 | 0x005a)
+#define NT_STATUS_INVALID_PRIMARY_GROUP NT_STATUS(0xC0000000 | 0x005b)
+#define NT_STATUS_NO_IMPERSONATION_TOKEN NT_STATUS(0xC0000000 | 0x005c)
+#define NT_STATUS_CANT_DISABLE_MANDATORY NT_STATUS(0xC0000000 | 0x005d)
+#define NT_STATUS_NO_LOGON_SERVERS NT_STATUS(0xC0000000 | 0x005e)
+#define NT_STATUS_NO_SUCH_LOGON_SESSION NT_STATUS(0xC0000000 | 0x005f)
+#define NT_STATUS_NO_SUCH_PRIVILEGE NT_STATUS(0xC0000000 | 0x0060)
+#define NT_STATUS_PRIVILEGE_NOT_HELD NT_STATUS(0xC0000000 | 0x0061)
+#define NT_STATUS_INVALID_ACCOUNT_NAME NT_STATUS(0xC0000000 | 0x0062)
+#define NT_STATUS_USER_EXISTS NT_STATUS(0xC0000000 | 0x0063)
+#define NT_STATUS_NO_SUCH_USER NT_STATUS(0xC0000000 | 0x0064)
+#define NT_STATUS_GROUP_EXISTS NT_STATUS(0xC0000000 | 0x0065)
+#define NT_STATUS_NO_SUCH_GROUP NT_STATUS(0xC0000000 | 0x0066)
+#define NT_STATUS_MEMBER_IN_GROUP NT_STATUS(0xC0000000 | 0x0067)
+#define NT_STATUS_MEMBER_NOT_IN_GROUP NT_STATUS(0xC0000000 | 0x0068)
+#define NT_STATUS_LAST_ADMIN NT_STATUS(0xC0000000 | 0x0069)
+#define NT_STATUS_WRONG_PASSWORD NT_STATUS(0xC0000000 | 0x006a)
+#define NT_STATUS_ILL_FORMED_PASSWORD NT_STATUS(0xC0000000 | 0x006b)
+#define NT_STATUS_PASSWORD_RESTRICTION NT_STATUS(0xC0000000 | 0x006c)
+#define NT_STATUS_LOGON_FAILURE NT_STATUS(0xC0000000 | 0x006d)
+#define NT_STATUS_ACCOUNT_RESTRICTION NT_STATUS(0xC0000000 | 0x006e)
+#define NT_STATUS_INVALID_LOGON_HOURS NT_STATUS(0xC0000000 | 0x006f)
+#define NT_STATUS_INVALID_WORKSTATION NT_STATUS(0xC0000000 | 0x0070)
+#define NT_STATUS_PASSWORD_EXPIRED NT_STATUS(0xC0000000 | 0x0071)
+#define NT_STATUS_ACCOUNT_DISABLED NT_STATUS(0xC0000000 | 0x0072)
+#define NT_STATUS_NONE_MAPPED NT_STATUS(0xC0000000 | 0x0073)
+#define NT_STATUS_TOO_MANY_LUIDS_REQUESTED NT_STATUS(0xC0000000 | 0x0074)
+#define NT_STATUS_LUIDS_EXHAUSTED NT_STATUS(0xC0000000 | 0x0075)
+#define NT_STATUS_INVALID_SUB_AUTHORITY NT_STATUS(0xC0000000 | 0x0076)
+#define NT_STATUS_INVALID_ACL NT_STATUS(0xC0000000 | 0x0077)
+#define NT_STATUS_INVALID_SID NT_STATUS(0xC0000000 | 0x0078)
+#define NT_STATUS_INVALID_SECURITY_DESCR NT_STATUS(0xC0000000 | 0x0079)
+#define NT_STATUS_PROCEDURE_NOT_FOUND NT_STATUS(0xC0000000 | 0x007a)
+#define NT_STATUS_INVALID_IMAGE_FORMAT NT_STATUS(0xC0000000 | 0x007b)
+#define NT_STATUS_NO_TOKEN NT_STATUS(0xC0000000 | 0x007c)
+#define NT_STATUS_BAD_INHERITANCE_ACL NT_STATUS(0xC0000000 | 0x007d)
+#define NT_STATUS_RANGE_NOT_LOCKED NT_STATUS(0xC0000000 | 0x007e)
+#define NT_STATUS_DISK_FULL NT_STATUS(0xC0000000 | 0x007f)
+#define NT_STATUS_SERVER_DISABLED NT_STATUS(0xC0000000 | 0x0080)
+#define NT_STATUS_SERVER_NOT_DISABLED NT_STATUS(0xC0000000 | 0x0081)
+#define NT_STATUS_TOO_MANY_GUIDS_REQUESTED NT_STATUS(0xC0000000 | 0x0082)
+#define NT_STATUS_GUIDS_EXHAUSTED NT_STATUS(0xC0000000 | 0x0083)
+#define NT_STATUS_INVALID_ID_AUTHORITY NT_STATUS(0xC0000000 | 0x0084)
+#define NT_STATUS_AGENTS_EXHAUSTED NT_STATUS(0xC0000000 | 0x0085)
+#define NT_STATUS_INVALID_VOLUME_LABEL NT_STATUS(0xC0000000 | 0x0086)
+#define NT_STATUS_SECTION_NOT_EXTENDED NT_STATUS(0xC0000000 | 0x0087)
+#define NT_STATUS_NOT_MAPPED_DATA NT_STATUS(0xC0000000 | 0x0088)
+#define NT_STATUS_RESOURCE_DATA_NOT_FOUND NT_STATUS(0xC0000000 | 0x0089)
+#define NT_STATUS_RESOURCE_TYPE_NOT_FOUND NT_STATUS(0xC0000000 | 0x008a)
+#define NT_STATUS_RESOURCE_NAME_NOT_FOUND NT_STATUS(0xC0000000 | 0x008b)
+#define NT_STATUS_ARRAY_BOUNDS_EXCEEDED NT_STATUS(0xC0000000 | 0x008c)
+#define NT_STATUS_FLOAT_DENORMAL_OPERAND NT_STATUS(0xC0000000 | 0x008d)
+#define NT_STATUS_FLOAT_DIVIDE_BY_ZERO NT_STATUS(0xC0000000 | 0x008e)
+#define NT_STATUS_FLOAT_INEXACT_RESULT NT_STATUS(0xC0000000 | 0x008f)
+#define NT_STATUS_FLOAT_INVALID_OPERATION NT_STATUS(0xC0000000 | 0x0090)
+#define NT_STATUS_FLOAT_OVERFLOW NT_STATUS(0xC0000000 | 0x0091)
+#define NT_STATUS_FLOAT_STACK_CHECK NT_STATUS(0xC0000000 | 0x0092)
+#define NT_STATUS_FLOAT_UNDERFLOW NT_STATUS(0xC0000000 | 0x0093)
+#define NT_STATUS_INTEGER_DIVIDE_BY_ZERO NT_STATUS(0xC0000000 | 0x0094)
+#define NT_STATUS_INTEGER_OVERFLOW NT_STATUS(0xC0000000 | 0x0095)
+#define NT_STATUS_PRIVILEGED_INSTRUCTION NT_STATUS(0xC0000000 | 0x0096)
+#define NT_STATUS_TOO_MANY_PAGING_FILES NT_STATUS(0xC0000000 | 0x0097)
+#define NT_STATUS_FILE_INVALID NT_STATUS(0xC0000000 | 0x0098)
+#define NT_STATUS_ALLOTTED_SPACE_EXCEEDED NT_STATUS(0xC0000000 | 0x0099)
+#define NT_STATUS_INSUFFICIENT_RESOURCES NT_STATUS(0xC0000000 | 0x009a)
+#define NT_STATUS_DFS_EXIT_PATH_FOUND NT_STATUS(0xC0000000 | 0x009b)
+#define NT_STATUS_DEVICE_DATA_ERROR NT_STATUS(0xC0000000 | 0x009c)
+#define NT_STATUS_DEVICE_NOT_CONNECTED NT_STATUS(0xC0000000 | 0x009d)
+#define NT_STATUS_DEVICE_POWER_FAILURE NT_STATUS(0xC0000000 | 0x009e)
+#define NT_STATUS_FREE_VM_NOT_AT_BASE NT_STATUS(0xC0000000 | 0x009f)
+#define NT_STATUS_MEMORY_NOT_ALLOCATED NT_STATUS(0xC0000000 | 0x00a0)
+#define NT_STATUS_WORKING_SET_QUOTA NT_STATUS(0xC0000000 | 0x00a1)
+#define NT_STATUS_MEDIA_WRITE_PROTECTED NT_STATUS(0xC0000000 | 0x00a2)
+#define NT_STATUS_DEVICE_NOT_READY NT_STATUS(0xC0000000 | 0x00a3)
+#define NT_STATUS_INVALID_GROUP_ATTRIBUTES NT_STATUS(0xC0000000 | 0x00a4)
+#define NT_STATUS_BAD_IMPERSONATION_LEVEL NT_STATUS(0xC0000000 | 0x00a5)
+#define NT_STATUS_CANT_OPEN_ANONYMOUS NT_STATUS(0xC0000000 | 0x00a6)
+#define NT_STATUS_BAD_VALIDATION_CLASS NT_STATUS(0xC0000000 | 0x00a7)
+#define NT_STATUS_BAD_TOKEN_TYPE NT_STATUS(0xC0000000 | 0x00a8)
+#define NT_STATUS_BAD_MASTER_BOOT_RECORD NT_STATUS(0xC0000000 | 0x00a9)
+#define NT_STATUS_INSTRUCTION_MISALIGNMENT NT_STATUS(0xC0000000 | 0x00aa)
+#define NT_STATUS_INSTANCE_NOT_AVAILABLE NT_STATUS(0xC0000000 | 0x00ab)
+#define NT_STATUS_PIPE_NOT_AVAILABLE NT_STATUS(0xC0000000 | 0x00ac)
+#define NT_STATUS_INVALID_PIPE_STATE NT_STATUS(0xC0000000 | 0x00ad)
+#define NT_STATUS_PIPE_BUSY NT_STATUS(0xC0000000 | 0x00ae)
+#define NT_STATUS_ILLEGAL_FUNCTION NT_STATUS(0xC0000000 | 0x00af)
+#define NT_STATUS_PIPE_DISCONNECTED NT_STATUS(0xC0000000 | 0x00b0)
+#define NT_STATUS_PIPE_CLOSING NT_STATUS(0xC0000000 | 0x00b1)
+#define NT_STATUS_PIPE_CONNECTED NT_STATUS(0xC0000000 | 0x00b2)
+#define NT_STATUS_PIPE_LISTENING NT_STATUS(0xC0000000 | 0x00b3)
+#define NT_STATUS_INVALID_READ_MODE NT_STATUS(0xC0000000 | 0x00b4)
+#define NT_STATUS_IO_TIMEOUT NT_STATUS(0xC0000000 | 0x00b5)
+#define NT_STATUS_FILE_FORCED_CLOSED NT_STATUS(0xC0000000 | 0x00b6)
+#define NT_STATUS_PROFILING_NOT_STARTED NT_STATUS(0xC0000000 | 0x00b7)
+#define NT_STATUS_PROFILING_NOT_STOPPED NT_STATUS(0xC0000000 | 0x00b8)
+#define NT_STATUS_COULD_NOT_INTERPRET NT_STATUS(0xC0000000 | 0x00b9)
+#define NT_STATUS_FILE_IS_A_DIRECTORY NT_STATUS(0xC0000000 | 0x00ba)
+#define NT_STATUS_NOT_SUPPORTED NT_STATUS(0xC0000000 | 0x00bb)
+#define NT_STATUS_REMOTE_NOT_LISTENING NT_STATUS(0xC0000000 | 0x00bc)
+#define NT_STATUS_DUPLICATE_NAME NT_STATUS(0xC0000000 | 0x00bd)
+#define NT_STATUS_BAD_NETWORK_PATH NT_STATUS(0xC0000000 | 0x00be)
+#define NT_STATUS_NETWORK_BUSY NT_STATUS(0xC0000000 | 0x00bf)
+#define NT_STATUS_DEVICE_DOES_NOT_EXIST NT_STATUS(0xC0000000 | 0x00c0)
+#define NT_STATUS_TOO_MANY_COMMANDS NT_STATUS(0xC0000000 | 0x00c1)
+#define NT_STATUS_ADAPTER_HARDWARE_ERROR NT_STATUS(0xC0000000 | 0x00c2)
+#define NT_STATUS_INVALID_NETWORK_RESPONSE NT_STATUS(0xC0000000 | 0x00c3)
+#define NT_STATUS_UNEXPECTED_NETWORK_ERROR NT_STATUS(0xC0000000 | 0x00c4)
+#define NT_STATUS_BAD_REMOTE_ADAPTER NT_STATUS(0xC0000000 | 0x00c5)
+#define NT_STATUS_PRINT_QUEUE_FULL NT_STATUS(0xC0000000 | 0x00c6)
+#define NT_STATUS_NO_SPOOL_SPACE NT_STATUS(0xC0000000 | 0x00c7)
+#define NT_STATUS_PRINT_CANCELLED NT_STATUS(0xC0000000 | 0x00c8)
+#define NT_STATUS_NETWORK_NAME_DELETED NT_STATUS(0xC0000000 | 0x00c9)
+#define NT_STATUS_NETWORK_ACCESS_DENIED NT_STATUS(0xC0000000 | 0x00ca)
+#define NT_STATUS_BAD_DEVICE_TYPE NT_STATUS(0xC0000000 | 0x00cb)
+#define NT_STATUS_BAD_NETWORK_NAME NT_STATUS(0xC0000000 | 0x00cc)
+#define NT_STATUS_TOO_MANY_NAMES NT_STATUS(0xC0000000 | 0x00cd)
+#define NT_STATUS_TOO_MANY_SESSIONS NT_STATUS(0xC0000000 | 0x00ce)
+#define NT_STATUS_SHARING_PAUSED NT_STATUS(0xC0000000 | 0x00cf)
+#define NT_STATUS_REQUEST_NOT_ACCEPTED NT_STATUS(0xC0000000 | 0x00d0)
+#define NT_STATUS_REDIRECTOR_PAUSED NT_STATUS(0xC0000000 | 0x00d1)
+#define NT_STATUS_NET_WRITE_FAULT NT_STATUS(0xC0000000 | 0x00d2)
+#define NT_STATUS_PROFILING_AT_LIMIT NT_STATUS(0xC0000000 | 0x00d3)
+#define NT_STATUS_NOT_SAME_DEVICE NT_STATUS(0xC0000000 | 0x00d4)
+#define NT_STATUS_FILE_RENAMED NT_STATUS(0xC0000000 | 0x00d5)
+#define NT_STATUS_VIRTUAL_CIRCUIT_CLOSED NT_STATUS(0xC0000000 | 0x00d6)
+#define NT_STATUS_NO_SECURITY_ON_OBJECT NT_STATUS(0xC0000000 | 0x00d7)
+#define NT_STATUS_CANT_WAIT NT_STATUS(0xC0000000 | 0x00d8)
+#define NT_STATUS_PIPE_EMPTY NT_STATUS(0xC0000000 | 0x00d9)
+#define NT_STATUS_CANT_ACCESS_DOMAIN_INFO NT_STATUS(0xC0000000 | 0x00da)
+#define NT_STATUS_CANT_TERMINATE_SELF NT_STATUS(0xC0000000 | 0x00db)
+#define NT_STATUS_INVALID_SERVER_STATE NT_STATUS(0xC0000000 | 0x00dc)
+#define NT_STATUS_INVALID_DOMAIN_STATE NT_STATUS(0xC0000000 | 0x00dd)
+#define NT_STATUS_INVALID_DOMAIN_ROLE NT_STATUS(0xC0000000 | 0x00de)
+#define NT_STATUS_NO_SUCH_DOMAIN NT_STATUS(0xC0000000 | 0x00df)
+#define NT_STATUS_DOMAIN_EXISTS NT_STATUS(0xC0000000 | 0x00e0)
+#define NT_STATUS_DOMAIN_LIMIT_EXCEEDED NT_STATUS(0xC0000000 | 0x00e1)
+#define NT_STATUS_OPLOCK_NOT_GRANTED NT_STATUS(0xC0000000 | 0x00e2)
+#define NT_STATUS_INVALID_OPLOCK_PROTOCOL NT_STATUS(0xC0000000 | 0x00e3)
+#define NT_STATUS_INTERNAL_DB_CORRUPTION NT_STATUS(0xC0000000 | 0x00e4)
+#define NT_STATUS_INTERNAL_ERROR NT_STATUS(0xC0000000 | 0x00e5)
+#define NT_STATUS_GENERIC_NOT_MAPPED NT_STATUS(0xC0000000 | 0x00e6)
+#define NT_STATUS_BAD_DESCRIPTOR_FORMAT NT_STATUS(0xC0000000 | 0x00e7)
+#define NT_STATUS_INVALID_USER_BUFFER NT_STATUS(0xC0000000 | 0x00e8)
+#define NT_STATUS_UNEXPECTED_IO_ERROR NT_STATUS(0xC0000000 | 0x00e9)
+#define NT_STATUS_UNEXPECTED_MM_CREATE_ERR NT_STATUS(0xC0000000 | 0x00ea)
+#define NT_STATUS_UNEXPECTED_MM_MAP_ERROR NT_STATUS(0xC0000000 | 0x00eb)
+#define NT_STATUS_UNEXPECTED_MM_EXTEND_ERR NT_STATUS(0xC0000000 | 0x00ec)
+#define NT_STATUS_NOT_LOGON_PROCESS NT_STATUS(0xC0000000 | 0x00ed)
+#define NT_STATUS_LOGON_SESSION_EXISTS NT_STATUS(0xC0000000 | 0x00ee)
+#define NT_STATUS_INVALID_PARAMETER_1 NT_STATUS(0xC0000000 | 0x00ef)
+#define NT_STATUS_INVALID_PARAMETER_2 NT_STATUS(0xC0000000 | 0x00f0)
+#define NT_STATUS_INVALID_PARAMETER_3 NT_STATUS(0xC0000000 | 0x00f1)
+#define NT_STATUS_INVALID_PARAMETER_4 NT_STATUS(0xC0000000 | 0x00f2)
+#define NT_STATUS_INVALID_PARAMETER_5 NT_STATUS(0xC0000000 | 0x00f3)
+#define NT_STATUS_INVALID_PARAMETER_6 NT_STATUS(0xC0000000 | 0x00f4)
+#define NT_STATUS_INVALID_PARAMETER_7 NT_STATUS(0xC0000000 | 0x00f5)
+#define NT_STATUS_INVALID_PARAMETER_8 NT_STATUS(0xC0000000 | 0x00f6)
+#define NT_STATUS_INVALID_PARAMETER_9 NT_STATUS(0xC0000000 | 0x00f7)
+#define NT_STATUS_INVALID_PARAMETER_10 NT_STATUS(0xC0000000 | 0x00f8)
+#define NT_STATUS_INVALID_PARAMETER_11 NT_STATUS(0xC0000000 | 0x00f9)
+#define NT_STATUS_INVALID_PARAMETER_12 NT_STATUS(0xC0000000 | 0x00fa)
+#define NT_STATUS_REDIRECTOR_NOT_STARTED NT_STATUS(0xC0000000 | 0x00fb)
+#define NT_STATUS_REDIRECTOR_STARTED NT_STATUS(0xC0000000 | 0x00fc)
+#define NT_STATUS_STACK_OVERFLOW NT_STATUS(0xC0000000 | 0x00fd)
+#define NT_STATUS_NO_SUCH_PACKAGE NT_STATUS(0xC0000000 | 0x00fe)
+#define NT_STATUS_BAD_FUNCTION_TABLE NT_STATUS(0xC0000000 | 0x00ff)
+#define NT_STATUS_DIRECTORY_NOT_EMPTY NT_STATUS(0xC0000000 | 0x0101)
+#define NT_STATUS_FILE_CORRUPT_ERROR NT_STATUS(0xC0000000 | 0x0102)
+#define NT_STATUS_NOT_A_DIRECTORY NT_STATUS(0xC0000000 | 0x0103)
+#define NT_STATUS_BAD_LOGON_SESSION_STATE NT_STATUS(0xC0000000 | 0x0104)
+#define NT_STATUS_LOGON_SESSION_COLLISION NT_STATUS(0xC0000000 | 0x0105)
+#define NT_STATUS_NAME_TOO_LONG NT_STATUS(0xC0000000 | 0x0106)
+#define NT_STATUS_FILES_OPEN NT_STATUS(0xC0000000 | 0x0107)
+#define NT_STATUS_CONNECTION_IN_USE NT_STATUS(0xC0000000 | 0x0108)
+#define NT_STATUS_MESSAGE_NOT_FOUND NT_STATUS(0xC0000000 | 0x0109)
+#define NT_STATUS_PROCESS_IS_TERMINATING NT_STATUS(0xC0000000 | 0x010a)
+#define NT_STATUS_INVALID_LOGON_TYPE NT_STATUS(0xC0000000 | 0x010b)
+#define NT_STATUS_NO_GUID_TRANSLATION NT_STATUS(0xC0000000 | 0x010c)
+#define NT_STATUS_CANNOT_IMPERSONATE NT_STATUS(0xC0000000 | 0x010d)
+#define NT_STATUS_IMAGE_ALREADY_LOADED NT_STATUS(0xC0000000 | 0x010e)
+#define NT_STATUS_ABIOS_NOT_PRESENT NT_STATUS(0xC0000000 | 0x010f)
+#define NT_STATUS_ABIOS_LID_NOT_EXIST NT_STATUS(0xC0000000 | 0x0110)
+#define NT_STATUS_ABIOS_LID_ALREADY_OWNED NT_STATUS(0xC0000000 | 0x0111)
+#define NT_STATUS_ABIOS_NOT_LID_OWNER NT_STATUS(0xC0000000 | 0x0112)
+#define NT_STATUS_ABIOS_INVALID_COMMAND NT_STATUS(0xC0000000 | 0x0113)
+#define NT_STATUS_ABIOS_INVALID_LID NT_STATUS(0xC0000000 | 0x0114)
+#define NT_STATUS_ABIOS_SELECTOR_NOT_AVAILABLE NT_STATUS(0xC0000000 | 0x0115)
+#define NT_STATUS_ABIOS_INVALID_SELECTOR NT_STATUS(0xC0000000 | 0x0116)
+#define NT_STATUS_NO_LDT NT_STATUS(0xC0000000 | 0x0117)
+#define NT_STATUS_INVALID_LDT_SIZE NT_STATUS(0xC0000000 | 0x0118)
+#define NT_STATUS_INVALID_LDT_OFFSET NT_STATUS(0xC0000000 | 0x0119)
+#define NT_STATUS_INVALID_LDT_DESCRIPTOR NT_STATUS(0xC0000000 | 0x011a)
+#define NT_STATUS_INVALID_IMAGE_NE_FORMAT NT_STATUS(0xC0000000 | 0x011b)
+#define NT_STATUS_RXACT_INVALID_STATE NT_STATUS(0xC0000000 | 0x011c)
+#define NT_STATUS_RXACT_COMMIT_FAILURE NT_STATUS(0xC0000000 | 0x011d)
+#define NT_STATUS_MAPPED_FILE_SIZE_ZERO NT_STATUS(0xC0000000 | 0x011e)
+#define NT_STATUS_TOO_MANY_OPENED_FILES NT_STATUS(0xC0000000 | 0x011f)
+#define NT_STATUS_CANCELLED NT_STATUS(0xC0000000 | 0x0120)
+#define NT_STATUS_CANNOT_DELETE NT_STATUS(0xC0000000 | 0x0121)
+#define NT_STATUS_INVALID_COMPUTER_NAME NT_STATUS(0xC0000000 | 0x0122)
+#define NT_STATUS_FILE_DELETED NT_STATUS(0xC0000000 | 0x0123)
+#define NT_STATUS_SPECIAL_ACCOUNT NT_STATUS(0xC0000000 | 0x0124)
+#define NT_STATUS_SPECIAL_GROUP NT_STATUS(0xC0000000 | 0x0125)
+#define NT_STATUS_SPECIAL_USER NT_STATUS(0xC0000000 | 0x0126)
+#define NT_STATUS_MEMBERS_PRIMARY_GROUP NT_STATUS(0xC0000000 | 0x0127)
+#define NT_STATUS_FILE_CLOSED NT_STATUS(0xC0000000 | 0x0128)
+#define NT_STATUS_TOO_MANY_THREADS NT_STATUS(0xC0000000 | 0x0129)
+#define NT_STATUS_THREAD_NOT_IN_PROCESS NT_STATUS(0xC0000000 | 0x012a)
+#define NT_STATUS_TOKEN_ALREADY_IN_USE NT_STATUS(0xC0000000 | 0x012b)
+#define NT_STATUS_PAGEFILE_QUOTA_EXCEEDED NT_STATUS(0xC0000000 | 0x012c)
+#define NT_STATUS_COMMITMENT_LIMIT NT_STATUS(0xC0000000 | 0x012d)
+#define NT_STATUS_INVALID_IMAGE_LE_FORMAT NT_STATUS(0xC0000000 | 0x012e)
+#define NT_STATUS_INVALID_IMAGE_NOT_MZ NT_STATUS(0xC0000000 | 0x012f)
+#define NT_STATUS_INVALID_IMAGE_PROTECT NT_STATUS(0xC0000000 | 0x0130)
+#define NT_STATUS_INVALID_IMAGE_WIN_16 NT_STATUS(0xC0000000 | 0x0131)
+#define NT_STATUS_LOGON_SERVER_CONFLICT NT_STATUS(0xC0000000 | 0x0132)
+#define NT_STATUS_TIME_DIFFERENCE_AT_DC NT_STATUS(0xC0000000 | 0x0133)
+#define NT_STATUS_SYNCHRONIZATION_REQUIRED NT_STATUS(0xC0000000 | 0x0134)
+#define NT_STATUS_DLL_NOT_FOUND NT_STATUS(0xC0000000 | 0x0135)
+#define NT_STATUS_OPEN_FAILED NT_STATUS(0xC0000000 | 0x0136)
+#define NT_STATUS_IO_PRIVILEGE_FAILED NT_STATUS(0xC0000000 | 0x0137)
+#define NT_STATUS_ORDINAL_NOT_FOUND NT_STATUS(0xC0000000 | 0x0138)
+#define NT_STATUS_ENTRYPOINT_NOT_FOUND NT_STATUS(0xC0000000 | 0x0139)
+#define NT_STATUS_CONTROL_C_EXIT NT_STATUS(0xC0000000 | 0x013a)
+#define NT_STATUS_LOCAL_DISCONNECT NT_STATUS(0xC0000000 | 0x013b)
+#define NT_STATUS_REMOTE_DISCONNECT NT_STATUS(0xC0000000 | 0x013c)
+#define NT_STATUS_REMOTE_RESOURCES NT_STATUS(0xC0000000 | 0x013d)
+#define NT_STATUS_LINK_FAILED NT_STATUS(0xC0000000 | 0x013e)
+#define NT_STATUS_LINK_TIMEOUT NT_STATUS(0xC0000000 | 0x013f)
+#define NT_STATUS_INVALID_CONNECTION NT_STATUS(0xC0000000 | 0x0140)
+#define NT_STATUS_INVALID_ADDRESS NT_STATUS(0xC0000000 | 0x0141)
+#define NT_STATUS_DLL_INIT_FAILED NT_STATUS(0xC0000000 | 0x0142)
+#define NT_STATUS_MISSING_SYSTEMFILE NT_STATUS(0xC0000000 | 0x0143)
+#define NT_STATUS_UNHANDLED_EXCEPTION NT_STATUS(0xC0000000 | 0x0144)
+#define NT_STATUS_APP_INIT_FAILURE NT_STATUS(0xC0000000 | 0x0145)
+#define NT_STATUS_PAGEFILE_CREATE_FAILED NT_STATUS(0xC0000000 | 0x0146)
+#define NT_STATUS_NO_PAGEFILE NT_STATUS(0xC0000000 | 0x0147)
+#define NT_STATUS_INVALID_LEVEL NT_STATUS(0xC0000000 | 0x0148)
+#define NT_STATUS_WRONG_PASSWORD_CORE NT_STATUS(0xC0000000 | 0x0149)
+#define NT_STATUS_ILLEGAL_FLOAT_CONTEXT NT_STATUS(0xC0000000 | 0x014a)
+#define NT_STATUS_PIPE_BROKEN NT_STATUS(0xC0000000 | 0x014b)
+#define NT_STATUS_REGISTRY_CORRUPT NT_STATUS(0xC0000000 | 0x014c)
+#define NT_STATUS_REGISTRY_IO_FAILED NT_STATUS(0xC0000000 | 0x014d)
+#define NT_STATUS_NO_EVENT_PAIR NT_STATUS(0xC0000000 | 0x014e)
+#define NT_STATUS_UNRECOGNIZED_VOLUME NT_STATUS(0xC0000000 | 0x014f)
+#define NT_STATUS_SERIAL_NO_DEVICE_INITED NT_STATUS(0xC0000000 | 0x0150)
+#define NT_STATUS_NO_SUCH_ALIAS NT_STATUS(0xC0000000 | 0x0151)
+#define NT_STATUS_MEMBER_NOT_IN_ALIAS NT_STATUS(0xC0000000 | 0x0152)
+#define NT_STATUS_MEMBER_IN_ALIAS NT_STATUS(0xC0000000 | 0x0153)
+#define NT_STATUS_ALIAS_EXISTS NT_STATUS(0xC0000000 | 0x0154)
+#define NT_STATUS_LOGON_NOT_GRANTED NT_STATUS(0xC0000000 | 0x0155)
+#define NT_STATUS_TOO_MANY_SECRETS NT_STATUS(0xC0000000 | 0x0156)
+#define NT_STATUS_SECRET_TOO_LONG NT_STATUS(0xC0000000 | 0x0157)
+#define NT_STATUS_INTERNAL_DB_ERROR NT_STATUS(0xC0000000 | 0x0158)
+#define NT_STATUS_FULLSCREEN_MODE NT_STATUS(0xC0000000 | 0x0159)
+#define NT_STATUS_TOO_MANY_CONTEXT_IDS NT_STATUS(0xC0000000 | 0x015a)
+#define NT_STATUS_LOGON_TYPE_NOT_GRANTED NT_STATUS(0xC0000000 | 0x015b)
+#define NT_STATUS_NOT_REGISTRY_FILE NT_STATUS(0xC0000000 | 0x015c)
+#define NT_STATUS_NT_CROSS_ENCRYPTION_REQUIRED NT_STATUS(0xC0000000 | 0x015d)
+#define NT_STATUS_DOMAIN_CTRLR_CONFIG_ERROR NT_STATUS(0xC0000000 | 0x015e)
+#define NT_STATUS_FT_MISSING_MEMBER NT_STATUS(0xC0000000 | 0x015f)
+#define NT_STATUS_ILL_FORMED_SERVICE_ENTRY NT_STATUS(0xC0000000 | 0x0160)
+#define NT_STATUS_ILLEGAL_CHARACTER NT_STATUS(0xC0000000 | 0x0161)
+#define NT_STATUS_UNMAPPABLE_CHARACTER NT_STATUS(0xC0000000 | 0x0162)
+#define NT_STATUS_UNDEFINED_CHARACTER NT_STATUS(0xC0000000 | 0x0163)
+#define NT_STATUS_FLOPPY_VOLUME NT_STATUS(0xC0000000 | 0x0164)
+#define NT_STATUS_FLOPPY_ID_MARK_NOT_FOUND NT_STATUS(0xC0000000 | 0x0165)
+#define NT_STATUS_FLOPPY_WRONG_CYLINDER NT_STATUS(0xC0000000 | 0x0166)
+#define NT_STATUS_FLOPPY_UNKNOWN_ERROR NT_STATUS(0xC0000000 | 0x0167)
+#define NT_STATUS_FLOPPY_BAD_REGISTERS NT_STATUS(0xC0000000 | 0x0168)
+#define NT_STATUS_DISK_RECALIBRATE_FAILED NT_STATUS(0xC0000000 | 0x0169)
+#define NT_STATUS_DISK_OPERATION_FAILED NT_STATUS(0xC0000000 | 0x016a)
+#define NT_STATUS_DISK_RESET_FAILED NT_STATUS(0xC0000000 | 0x016b)
+#define NT_STATUS_SHARED_IRQ_BUSY NT_STATUS(0xC0000000 | 0x016c)
+#define NT_STATUS_FT_ORPHANING NT_STATUS(0xC0000000 | 0x016d)
+#define NT_STATUS_PARTITION_FAILURE NT_STATUS(0xC0000000 | 0x0172)
+#define NT_STATUS_INVALID_BLOCK_LENGTH NT_STATUS(0xC0000000 | 0x0173)
+#define NT_STATUS_DEVICE_NOT_PARTITIONED NT_STATUS(0xC0000000 | 0x0174)
+#define NT_STATUS_UNABLE_TO_LOCK_MEDIA NT_STATUS(0xC0000000 | 0x0175)
+#define NT_STATUS_UNABLE_TO_UNLOAD_MEDIA NT_STATUS(0xC0000000 | 0x0176)
+#define NT_STATUS_EOM_OVERFLOW NT_STATUS(0xC0000000 | 0x0177)
+#define NT_STATUS_NO_MEDIA NT_STATUS(0xC0000000 | 0x0178)
+#define NT_STATUS_NO_SUCH_MEMBER NT_STATUS(0xC0000000 | 0x017a)
+#define NT_STATUS_INVALID_MEMBER NT_STATUS(0xC0000000 | 0x017b)
+#define NT_STATUS_KEY_DELETED NT_STATUS(0xC0000000 | 0x017c)
+#define NT_STATUS_NO_LOG_SPACE NT_STATUS(0xC0000000 | 0x017d)
+#define NT_STATUS_TOO_MANY_SIDS NT_STATUS(0xC0000000 | 0x017e)
+#define NT_STATUS_LM_CROSS_ENCRYPTION_REQUIRED NT_STATUS(0xC0000000 | 0x017f)
+#define NT_STATUS_KEY_HAS_CHILDREN NT_STATUS(0xC0000000 | 0x0180)
+#define NT_STATUS_CHILD_MUST_BE_VOLATILE NT_STATUS(0xC0000000 | 0x0181)
+#define NT_STATUS_DEVICE_CONFIGURATION_ERROR NT_STATUS(0xC0000000 | 0x0182)
+#define NT_STATUS_DRIVER_INTERNAL_ERROR NT_STATUS(0xC0000000 | 0x0183)
+#define NT_STATUS_INVALID_DEVICE_STATE NT_STATUS(0xC0000000 | 0x0184)
+#define NT_STATUS_IO_DEVICE_ERROR NT_STATUS(0xC0000000 | 0x0185)
+#define NT_STATUS_DEVICE_PROTOCOL_ERROR NT_STATUS(0xC0000000 | 0x0186)
+#define NT_STATUS_BACKUP_CONTROLLER NT_STATUS(0xC0000000 | 0x0187)
+#define NT_STATUS_LOG_FILE_FULL NT_STATUS(0xC0000000 | 0x0188)
+#define NT_STATUS_TOO_LATE NT_STATUS(0xC0000000 | 0x0189)
+#define NT_STATUS_NO_TRUST_LSA_SECRET NT_STATUS(0xC0000000 | 0x018a)
+#define NT_STATUS_NO_TRUST_SAM_ACCOUNT NT_STATUS(0xC0000000 | 0x018b)
+#define NT_STATUS_TRUSTED_DOMAIN_FAILURE NT_STATUS(0xC0000000 | 0x018c)
+#define NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE NT_STATUS(0xC0000000 | 0x018d)
+#define NT_STATUS_EVENTLOG_FILE_CORRUPT NT_STATUS(0xC0000000 | 0x018e)
+#define NT_STATUS_EVENTLOG_CANT_START NT_STATUS(0xC0000000 | 0x018f)
+#define NT_STATUS_TRUST_FAILURE NT_STATUS(0xC0000000 | 0x0190)
+#define NT_STATUS_MUTANT_LIMIT_EXCEEDED NT_STATUS(0xC0000000 | 0x0191)
+#define NT_STATUS_NETLOGON_NOT_STARTED NT_STATUS(0xC0000000 | 0x0192)
+#define NT_STATUS_ACCOUNT_EXPIRED NT_STATUS(0xC0000000 | 0x0193)
+#define NT_STATUS_POSSIBLE_DEADLOCK NT_STATUS(0xC0000000 | 0x0194)
+#define NT_STATUS_NETWORK_CREDENTIAL_CONFLICT NT_STATUS(0xC0000000 | 0x0195)
+#define NT_STATUS_REMOTE_SESSION_LIMIT NT_STATUS(0xC0000000 | 0x0196)
+#define NT_STATUS_EVENTLOG_FILE_CHANGED NT_STATUS(0xC0000000 | 0x0197)
+#define NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT NT_STATUS(0xC0000000 | 0x0198)
+#define NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT NT_STATUS(0xC0000000 | 0x0199)
+#define NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT NT_STATUS(0xC0000000 | 0x019a)
+#define NT_STATUS_DOMAIN_TRUST_INCONSISTENT NT_STATUS(0xC0000000 | 0x019b)
+#define NT_STATUS_FS_DRIVER_REQUIRED NT_STATUS(0xC0000000 | 0x019c)
+#define NT_STATUS_NO_USER_SESSION_KEY NT_STATUS(0xC0000000 | 0x0202)
+#define NT_STATUS_USER_SESSION_DELETED NT_STATUS(0xC0000000 | 0x0203)
+#define NT_STATUS_RESOURCE_LANG_NOT_FOUND NT_STATUS(0xC0000000 | 0x0204)
+#define NT_STATUS_INSUFF_SERVER_RESOURCES NT_STATUS(0xC0000000 | 0x0205)
+#define NT_STATUS_INVALID_BUFFER_SIZE NT_STATUS(0xC0000000 | 0x0206)
+#define NT_STATUS_INVALID_ADDRESS_COMPONENT NT_STATUS(0xC0000000 | 0x0207)
+#define NT_STATUS_INVALID_ADDRESS_WILDCARD NT_STATUS(0xC0000000 | 0x0208)
+#define NT_STATUS_TOO_MANY_ADDRESSES NT_STATUS(0xC0000000 | 0x0209)
+#define NT_STATUS_ADDRESS_ALREADY_EXISTS NT_STATUS(0xC0000000 | 0x020a)
+#define NT_STATUS_ADDRESS_CLOSED NT_STATUS(0xC0000000 | 0x020b)
+#define NT_STATUS_CONNECTION_DISCONNECTED NT_STATUS(0xC0000000 | 0x020c)
+#define NT_STATUS_CONNECTION_RESET NT_STATUS(0xC0000000 | 0x020d)
+#define NT_STATUS_TOO_MANY_NODES NT_STATUS(0xC0000000 | 0x020e)
+#define NT_STATUS_TRANSACTION_ABORTED NT_STATUS(0xC0000000 | 0x020f)
+#define NT_STATUS_TRANSACTION_TIMED_OUT NT_STATUS(0xC0000000 | 0x0210)
+#define NT_STATUS_TRANSACTION_NO_RELEASE NT_STATUS(0xC0000000 | 0x0211)
+#define NT_STATUS_TRANSACTION_NO_MATCH NT_STATUS(0xC0000000 | 0x0212)
+#define NT_STATUS_TRANSACTION_RESPONDED NT_STATUS(0xC0000000 | 0x0213)
+#define NT_STATUS_TRANSACTION_INVALID_ID NT_STATUS(0xC0000000 | 0x0214)
+#define NT_STATUS_TRANSACTION_INVALID_TYPE NT_STATUS(0xC0000000 | 0x0215)
+#define NT_STATUS_NOT_SERVER_SESSION NT_STATUS(0xC0000000 | 0x0216)
+#define NT_STATUS_NOT_CLIENT_SESSION NT_STATUS(0xC0000000 | 0x0217)
+#define NT_STATUS_CANNOT_LOAD_REGISTRY_FILE NT_STATUS(0xC0000000 | 0x0218)
+#define NT_STATUS_DEBUG_ATTACH_FAILED NT_STATUS(0xC0000000 | 0x0219)
+#define NT_STATUS_SYSTEM_PROCESS_TERMINATED NT_STATUS(0xC0000000 | 0x021a)
+#define NT_STATUS_DATA_NOT_ACCEPTED NT_STATUS(0xC0000000 | 0x021b)
+#define NT_STATUS_NO_BROWSER_SERVERS_FOUND NT_STATUS(0xC0000000 | 0x021c)
+#define NT_STATUS_VDM_HARD_ERROR NT_STATUS(0xC0000000 | 0x021d)
+#define NT_STATUS_DRIVER_CANCEL_TIMEOUT NT_STATUS(0xC0000000 | 0x021e)
+#define NT_STATUS_REPLY_MESSAGE_MISMATCH NT_STATUS(0xC0000000 | 0x021f)
+#define NT_STATUS_MAPPED_ALIGNMENT NT_STATUS(0xC0000000 | 0x0220)
+#define NT_STATUS_IMAGE_CHECKSUM_MISMATCH NT_STATUS(0xC0000000 | 0x0221)
+#define NT_STATUS_LOST_WRITEBEHIND_DATA NT_STATUS(0xC0000000 | 0x0222)
+#define NT_STATUS_CLIENT_SERVER_PARAMETERS_INVALID NT_STATUS(0xC0000000 | 0x0223)
+#define NT_STATUS_PASSWORD_MUST_CHANGE NT_STATUS(0xC0000000 | 0x0224)
+#define NT_STATUS_NOT_FOUND NT_STATUS(0xC0000000 | 0x0225)
+#define NT_STATUS_NOT_TINY_STREAM NT_STATUS(0xC0000000 | 0x0226)
+#define NT_STATUS_RECOVERY_FAILURE NT_STATUS(0xC0000000 | 0x0227)
+#define NT_STATUS_STACK_OVERFLOW_READ NT_STATUS(0xC0000000 | 0x0228)
+#define NT_STATUS_FAIL_CHECK NT_STATUS(0xC0000000 | 0x0229)
+#define NT_STATUS_DUPLICATE_OBJECTID NT_STATUS(0xC0000000 | 0x022a)
+#define NT_STATUS_OBJECTID_EXISTS NT_STATUS(0xC0000000 | 0x022b)
+#define NT_STATUS_CONVERT_TO_LARGE NT_STATUS(0xC0000000 | 0x022c)
+#define NT_STATUS_RETRY NT_STATUS(0xC0000000 | 0x022d)
+#define NT_STATUS_FOUND_OUT_OF_SCOPE NT_STATUS(0xC0000000 | 0x022e)
+#define NT_STATUS_ALLOCATE_BUCKET NT_STATUS(0xC0000000 | 0x022f)
+#define NT_STATUS_PROPSET_NOT_FOUND NT_STATUS(0xC0000000 | 0x0230)
+#define NT_STATUS_MARSHALL_OVERFLOW NT_STATUS(0xC0000000 | 0x0231)
+#define NT_STATUS_INVALID_VARIANT NT_STATUS(0xC0000000 | 0x0232)
+#define NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND NT_STATUS(0xC0000000 | 0x0233)
+#define NT_STATUS_ACCOUNT_LOCKED_OUT NT_STATUS(0xC0000000 | 0x0234)
+#define NT_STATUS_HANDLE_NOT_CLOSABLE NT_STATUS(0xC0000000 | 0x0235)
+#define NT_STATUS_CONNECTION_REFUSED NT_STATUS(0xC0000000 | 0x0236)
+#define NT_STATUS_GRACEFUL_DISCONNECT NT_STATUS(0xC0000000 | 0x0237)
+#define NT_STATUS_ADDRESS_ALREADY_ASSOCIATED NT_STATUS(0xC0000000 | 0x0238)
+#define NT_STATUS_ADDRESS_NOT_ASSOCIATED NT_STATUS(0xC0000000 | 0x0239)
+#define NT_STATUS_CONNECTION_INVALID NT_STATUS(0xC0000000 | 0x023a)
+#define NT_STATUS_CONNECTION_ACTIVE NT_STATUS(0xC0000000 | 0x023b)
+#define NT_STATUS_NETWORK_UNREACHABLE NT_STATUS(0xC0000000 | 0x023c)
+#define NT_STATUS_HOST_UNREACHABLE NT_STATUS(0xC0000000 | 0x023d)
+#define NT_STATUS_PROTOCOL_UNREACHABLE NT_STATUS(0xC0000000 | 0x023e)
+#define NT_STATUS_PORT_UNREACHABLE NT_STATUS(0xC0000000 | 0x023f)
+#define NT_STATUS_REQUEST_ABORTED NT_STATUS(0xC0000000 | 0x0240)
+#define NT_STATUS_CONNECTION_ABORTED NT_STATUS(0xC0000000 | 0x0241)
+#define NT_STATUS_BAD_COMPRESSION_BUFFER NT_STATUS(0xC0000000 | 0x0242)
+#define NT_STATUS_USER_MAPPED_FILE NT_STATUS(0xC0000000 | 0x0243)
+#define NT_STATUS_AUDIT_FAILED NT_STATUS(0xC0000000 | 0x0244)
+#define NT_STATUS_TIMER_RESOLUTION_NOT_SET NT_STATUS(0xC0000000 | 0x0245)
+#define NT_STATUS_CONNECTION_COUNT_LIMIT NT_STATUS(0xC0000000 | 0x0246)
+#define NT_STATUS_LOGIN_TIME_RESTRICTION NT_STATUS(0xC0000000 | 0x0247)
+#define NT_STATUS_LOGIN_WKSTA_RESTRICTION NT_STATUS(0xC0000000 | 0x0248)
+#define NT_STATUS_IMAGE_MP_UP_MISMATCH NT_STATUS(0xC0000000 | 0x0249)
+#define NT_STATUS_INSUFFICIENT_LOGON_INFO NT_STATUS(0xC0000000 | 0x0250)
+#define NT_STATUS_BAD_DLL_ENTRYPOINT NT_STATUS(0xC0000000 | 0x0251)
+#define NT_STATUS_BAD_SERVICE_ENTRYPOINT NT_STATUS(0xC0000000 | 0x0252)
+#define NT_STATUS_LPC_REPLY_LOST NT_STATUS(0xC0000000 | 0x0253)
+#define NT_STATUS_IP_ADDRESS_CONFLICT1 NT_STATUS(0xC0000000 | 0x0254)
+#define NT_STATUS_IP_ADDRESS_CONFLICT2 NT_STATUS(0xC0000000 | 0x0255)
+#define NT_STATUS_REGISTRY_QUOTA_LIMIT NT_STATUS(0xC0000000 | 0x0256)
+#define NT_STATUS_PATH_NOT_COVERED NT_STATUS(0xC0000000 | 0x0257)
+#define NT_STATUS_NO_CALLBACK_ACTIVE NT_STATUS(0xC0000000 | 0x0258)
+#define NT_STATUS_LICENSE_QUOTA_EXCEEDED NT_STATUS(0xC0000000 | 0x0259)
+#define NT_STATUS_PWD_TOO_SHORT NT_STATUS(0xC0000000 | 0x025a)
+#define NT_STATUS_PWD_TOO_RECENT NT_STATUS(0xC0000000 | 0x025b)
+#define NT_STATUS_PWD_HISTORY_CONFLICT NT_STATUS(0xC0000000 | 0x025c)
+#define NT_STATUS_PLUGPLAY_NO_DEVICE NT_STATUS(0xC0000000 | 0x025e)
+#define NT_STATUS_UNSUPPORTED_COMPRESSION NT_STATUS(0xC0000000 | 0x025f)
+#define NT_STATUS_INVALID_HW_PROFILE NT_STATUS(0xC0000000 | 0x0260)
+#define NT_STATUS_INVALID_PLUGPLAY_DEVICE_PATH NT_STATUS(0xC0000000 | 0x0261)
+#define NT_STATUS_DRIVER_ORDINAL_NOT_FOUND NT_STATUS(0xC0000000 | 0x0262)
+#define NT_STATUS_DRIVER_ENTRYPOINT_NOT_FOUND NT_STATUS(0xC0000000 | 0x0263)
+#define NT_STATUS_RESOURCE_NOT_OWNED NT_STATUS(0xC0000000 | 0x0264)
+#define NT_STATUS_TOO_MANY_LINKS NT_STATUS(0xC0000000 | 0x0265)
+#define NT_STATUS_QUOTA_LIST_INCONSISTENT NT_STATUS(0xC0000000 | 0x0266)
+#define NT_STATUS_FILE_IS_OFFLINE NT_STATUS(0xC0000000 | 0x0267)
+#define NT_STATUS_NO_SUCH_JOB NT_STATUS(0xC0000000 | 0xEDE) /* scheduler */
+
+#endif /* _NTERR_H */
diff --git a/source3/include/passdb.h b/source3/include/passdb.h
new file mode 100644
index 0000000000..f17b043fb2
--- /dev/null
+++ b/source3/include/passdb.h
@@ -0,0 +1,97 @@
+/* 
+   Unix SMB/CIFS implementation.
+   passdb structures and parameters
+   Copyright (C) Gerald Carter 2001
+   Copyright (C) Luke Kenneth Casson Leighton 1998 - 2000
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _PASSDB_H
+#define _PASSDB_H
+
+
+/*****************************************************************
+ Functions to be implemented by the new (v2) passdb API 
+****************************************************************/
+
+typedef struct pdb_context 
+{
+	struct pdb_methods *pdb_selected;
+	
+	/* These functions are wrappers for the functions listed above.
+	   They may do extra things like re-reading a SAM_ACCOUNT on update */
+
+	BOOL (*pdb_setsampwent)(struct pdb_context *, BOOL update);
+	
+	void (*pdb_endsampwent)(struct pdb_context *);
+	
+	BOOL (*pdb_getsampwent)(struct pdb_context *, SAM_ACCOUNT *user);
+	
+	BOOL (*pdb_getsampwnam)(struct pdb_context *, SAM_ACCOUNT *sam_acct, const char *username);
+	
+	BOOL (*pdb_getsampwrid)(struct pdb_context *, SAM_ACCOUNT *sam_acct, uint32 rid);
+	
+	BOOL (*pdb_add_sam_account)(struct pdb_context *, SAM_ACCOUNT *sampass);
+	
+	BOOL (*pdb_update_sam_account)(struct pdb_context *, SAM_ACCOUNT *sampass);
+	
+	BOOL (*pdb_delete_sam_account)(struct pdb_context *, SAM_ACCOUNT *username);
+	
+	void (*free_fn)(struct pdb_context **);
+	
+	TALLOC_CTX *mem_ctx;
+	
+} PDB_CONTEXT;
+
+typedef struct pdb_methods 
+{
+	const char *name; /* What name got this module */
+
+	BOOL (*setsampwent)(struct pdb_context *, BOOL update);
+	
+	void (*endsampwent)(struct pdb_context *);
+	
+	BOOL (*getsampwent)(struct pdb_context *, SAM_ACCOUNT *user);
+	
+	BOOL (*getsampwnam)(struct pdb_context *, SAM_ACCOUNT *sam_acct, const char *username);
+	
+	BOOL (*getsampwrid)(struct pdb_context *, SAM_ACCOUNT *sam_acct, uint32 rid);
+	
+	BOOL (*add_sam_account)(struct pdb_context *, const SAM_ACCOUNT *sampass);
+	
+	BOOL (*update_sam_account)(struct pdb_context *, const SAM_ACCOUNT *sampass);
+	
+	BOOL (*delete_sam_account)(struct pdb_context *, const SAM_ACCOUNT *username);
+	
+	void *private_data;  /* Private data of some kind */
+	
+	void (*free_private_data)(void **);
+
+} PDB_METHODS;
+
+typedef NTSTATUS (*pdb_init_function)(struct pdb_context *, 
+			 struct pdb_methods **, 
+			 const char *);
+
+struct pdb_init_function_entry {
+	char *name;
+	/* Function to create a member of the authmethods list */
+	NTSTATUS (*init)(struct pdb_context *pdb_context, 
+			 struct pdb_methods **pdb_method, 
+			 const char *location);
+};
+
+#endif /* _PASSDB_H */
diff --git a/source3/include/printing.h b/source3/include/printing.h
new file mode 100644
index 0000000000..b99f2aeffb
--- /dev/null
+++ b/source3/include/printing.h
@@ -0,0 +1,76 @@
+#ifndef PRINTING_H_
+#define PRINTING_H_
+
+/* 
+   Unix SMB/CIFS implementation.
+   printing definitions
+   Copyright (C) Andrew Tridgell 1992-2000
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/*
+   This file defines the low-level printing system interfaces used by the
+   SAMBA printing subsystem.
+*/
+
+/* Information for print jobs */
+struct printjob {
+	pid_t pid; /* which process launched the job */
+	int sysjob; /* the system (lp) job number */
+	int fd; /* file descriptor of open file if open */
+	time_t starttime; /* when the job started spooling */
+	int status; /* the status of this job */
+	size_t size; /* the size of the job so far */
+	int page_count;	/* then number of pages so far */
+	BOOL spooled; /* has it been sent to the spooler yet? */
+	BOOL smbjob; /* set if the job is a SMB job */
+	fstring filename; /* the filename used to spool the file */
+	fstring jobname; /* the job name given to us by the client */
+	fstring user; /* the user who started the job */
+	fstring queuename; /* service number of printer for this job */
+};
+
+/* Information for print interfaces */
+struct printif
+{
+  int (*queue_get)(int snum, print_queue_struct **q,
+                   print_status_struct *status);
+  int (*queue_pause)(int snum);
+  int (*queue_resume)(int snum);
+  int (*job_delete)(int snum, struct printjob *pjob);
+  int (*job_pause)(int snum, struct printjob *pjob);
+  int (*job_resume)(int snum, struct printjob *pjob);
+  int (*job_submit)(int snum, struct printjob *pjob);
+};
+
+extern struct printif	generic_printif;
+
+#ifdef HAVE_CUPS
+extern struct printif	cups_printif;
+#endif /* HAVE_CUPS */
+
+#define PRINT_MAX_JOBID 10000
+#define UNIX_JOB_START PRINT_MAX_JOBID
+#define NEXT_JOBID(j) ((j+1) % PRINT_MAX_JOBID > 0 ? (j+1) % PRINT_MAX_JOBID : 1)
+
+#define MAX_CACHE_VALID_TIME 3600
+
+#define PRINT_SPOOL_PREFIX "smbprn."
+#define PRINT_DATABASE_VERSION 4
+
+#endif /* PRINTING_H_ */
diff --git a/source3/include/pstring.h b/source3/include/pstring.h
new file mode 100644
index 0000000000..92870e4cae
--- /dev/null
+++ b/source3/include/pstring.h
@@ -0,0 +1,36 @@
+/* 
+   samba -- Unix SMB/CIFS implementation.
+   Safe standardized string types
+   
+   Copyright (C) Andrew Tridgell              1992-2000
+   Copyright (C) John H Terpstra              1996-2000
+   Copyright (C) Luke Kenneth Casson Leighton 1996-2000
+   Copyright (C) Paul Ashton                  1998-2000
+   Copyright (C) Martin Pool		      2002
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _PSTRING
+
+#define PSTRING_LEN 1024
+#define FSTRING_LEN 256
+
+typedef char pstring[PSTRING_LEN];
+typedef char fstring[FSTRING_LEN];
+
+#define _PSTRING
+
+#endif /* ndef _PSTRING */
diff --git a/source3/include/rap.h b/source3/include/rap.h
new file mode 100755
index 0000000000..993dfa7e33
--- /dev/null
+++ b/source3/include/rap.h
@@ -0,0 +1,507 @@
+/* 
+   Samba Unix/Linux SMB client library 
+   RAP (SMB Remote Procedure Calls) defines and structures
+   Copyright (C) Steve French 2001  (sfrench@us.ibm.com)
+   Copyright (C) Jim McDonough 2001 (jmcd@us.ibm.com)
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _RAP_H_
+#define _RAP_H_
+
+/*****************************************************/
+/*                                                   */
+/*   Additional RAP functionality                    */
+/*                                                   */
+/*   RAP is the original SMB RPC, documented         */
+/*   by Microsoft and X/Open in the 1990s and        */
+/*   supported by most SMB/CIFS servers although     */
+/*   it is unlikely that any one implementation      */
+/*   supports all RAP command codes since some       */
+/*   are quite obsolete and a few are specific       */
+/*   to a particular network operating system        */
+/*                                                   */ 
+/*   Although it has largely been replaced           */ 
+/*   for complex remote admistration and management  */
+/*   (of servers) by the relatively newer            */
+/*   DCE/RPC based remote API (which better handles  */
+/*   large >64K data structures), there are many     */
+/*   important administrative and resource location  */
+/*   tasks and user tasks (e.g. password change)     */
+/*   that are performed via RAP.                     */
+/*                                                   */
+/*   Although a few of the RAP calls are implemented */
+/*   in the Samba client library already (clirap.c)  */
+/*   the new ones are in clirap2.c for easy patching */
+/*   and integration and a corresponding header      */
+/*   file, rap.h, has been created.                  */
+/*                                                   */
+/*   This is based on data from the CIFS spec        */
+/*   and the LAN Server and LAN Manager              */
+/*   Programming Reference books and published       */
+/*   RAP document and CIFS forum postings and        */
+/*   lots of trial and error.  Additional            */
+/*   background information is available from the    */
+/*   X/Open reference book in their PC Interworking  */
+/*   series "IPC for SMB" and also from the          */
+/*   interoperability documentation in               */
+/*   ftp://ftp.microsoft.com/developr/drg/cifs       */
+/*                                                   */
+/*   Function names changed from API_ (as they are   */
+/*   in the CIFS specification to RAP_ in order      */
+/*   to avoid confusion with other API calls         */
+/*   sent via DCE RPC                                */
+/*                                                   */
+/*****************************************************/
+
+/*****************************************************/
+/*                                                   */
+/* Although without pound defines (of this header)   */
+/* cifsrap.c already includes support for:           */
+/*                                                   */
+/* WshareEnum (API number 0, level 1)                */
+/* NetServerEnum2 (API num 104, level 1)             */
+/* WWkstaUserLogon (132)                             */
+/* SamOEMchgPasswordUser2_P (214)                    */
+/*                                                   */
+/* and cifsprint.c already includes support for:     */
+/*                                                   */
+/* WPrintJobEnum (API num 76, level 2)               */
+/* WPrintJobDel  (API num 81)                        */
+/*                                                   */
+/*****************************************************/ 
+
+#define RAP_WshareEnum			        0
+#define RAP_WshareGetInfo			1
+#define RAP_WshareSetInfo			2
+#define RAP_WshareAdd				3
+#define RAP_WshareDel				4
+#define RAP_NetShareCheck			5
+#define RAP_WsessionEnum			6
+#define RAP_WsessionGetInfo			7
+#define RAP_WsessionDel		        	8
+#define RAP_WconnectionEnum			9
+#define RAP_WfileEnum				10
+#define RAP_WfileGetInfo			11
+#define RAP_WfileClose				12
+#define RAP_WserverGetInfo			13
+#define RAP_WserverSetInfo			14
+#define RAP_WserverDiskEnum			15
+#define RAP_WserverAdminCommand	        	16
+#define RAP_NetAuditOpen			17
+#define RAP_WauditClear			        18
+#define RAP_NetErrorLogOpen			19
+#define RAP_WerrorLogClear			20
+#define RAP_NetCharDevEnum			21
+#define RAP_NetCharDevGetInfo			22
+#define RAP_WCharDevControl			23
+#define RAP_NetCharDevQEnum			24
+#define RAP_NetCharDevQGetInfo	        	25
+#define RAP_WCharDevQSetInfo			26
+#define RAP_WCharDevQPurge			27
+#define RAP_WCharDevQPurgeSelf		        28
+#define RAP_WMessageNameEnum		        29
+#define RAP_WMessageNameGetInfo  		30
+#define RAP_WMessageNameAdd			31
+#define RAP_WMessageNameDel			32
+#define RAP_WMessageNameFwd			33
+#define RAP_WMessageNameUnFwd	        	34
+#define RAP_WMessageBufferSend	        	35
+#define RAP_WMessageFileSend			36
+#define RAP_WMessageLogFileSet	         	37
+#define RAP_WMessageLogFileGet		        38
+#define RAP_WServiceEnum			39
+#define RAP_WServiceInstall			40
+#define RAP_WServiceControl			41
+#define RAP_WAccessEnum	         		42
+#define RAP_WAccessGetInfo			43
+#define RAP_WAccessSetInfo			44
+#define RAP_WAccessAdd		        	45
+#define RAP_WAccessDel		        	46
+#define RAP_WGroupEnum			        47
+#define RAP_WGroupAdd		        	48
+#define RAP_WGroupDel				49
+#define RAP_WGroupAddUser			50
+#define RAP_WGroupDelUser			51
+#define RAP_WGroupGetUsers			52
+#define RAP_WUserEnum		         	53
+#define RAP_WUserAdd				54
+#define RAP_WUserDel				55
+#define RAP_WUserGetInfo			56
+#define RAP_WUserSetInfo			57
+#define RAP_WUserPasswordSet			58
+#define RAP_WUserGetGroups			59
+#define RAP_WWkstaSetUID			62
+#define RAP_WWkstaGetInfo			63
+#define RAP_WWkstaSetInfo			64
+#define RAP_WUseEnum				65
+#define RAP_WUseAdd				66
+#define RAP_WUseDel				67
+#define RAP_WUseGetInfo		        	68
+#define RAP_WPrintQEnum		        	69
+#define RAP_WPrintQGetInfo			70
+#define RAP_WPrintQSetInfo			71
+#define RAP_WPrintQAdd		        	72
+#define RAP_WPrintQDel				73
+#define RAP_WPrintQPause			74
+#define RAP_WPrintQContinue			75
+#define RAP_WPrintJobEnum			76
+#define RAP_WPrintJobGetInfo			77
+#define RAP_WPrintJobSetInfo_OLD		78
+#define RAP_WPrintJobDel			81
+#define RAP_WPrintJobPause			82
+#define RAP_WPrintJobContinue			83
+#define RAP_WPrintDestEnum			84
+#define RAP_WPrintDestGetInfo			85
+#define RAP_WPrintDestControl			86
+#define RAP_WProfileSave			87
+#define RAP_WProfileLoad			88
+#define RAP_WStatisticsGet			89
+#define RAP_WStatisticsClear			90
+#define RAP_NetRemoteTOD			91
+#define RAP_WNetBiosEnum			92
+#define RAP_WNetBiosGetInfo			93
+#define RAP_NetServerEnum			94
+#define RAP_I_NetServerEnum			95
+#define RAP_WServiceGetInfo			96
+#define RAP_WPrintQPurge			103
+#define RAP_NetServerEnum2			104
+#define RAP_WAccessGetUserPerms		        105
+#define RAP_WGroupGetInfo			106
+#define RAP_WGroupSetInfo			107
+#define RAP_WGroupSetUsers			108
+#define RAP_WUserSetGroups			109
+#define RAP_WUserModalsGet			110
+#define RAP_WUserModalsSet			111
+#define RAP_WFileEnum2		        	112
+#define RAP_WUserAdd2				113
+#define RAP_WUserSetInfo2			114
+#define RAP_WUserPasswordSet2			115
+#define RAP_I_NetServerEnum2			116
+#define RAP_WConfigGet2			        117
+#define RAP_WConfigGetAll2			118
+#define RAP_WGetDCName		        	119
+#define RAP_NetHandleGetInfo			120
+#define RAP_NetHandleSetInfo			121
+#define RAP_WStatisticsGet2			122
+#define RAP_WBuildGetInfo			123
+#define RAP_WFileGetInfo2			124
+#define RAP_WFileClose2			        125
+#define RAP_WNetServerReqChallenge		126
+#define RAP_WNetServerAuthenticate		127
+#define RAP_WNetServerPasswordSet		128
+#define RAP_WNetAccountDeltas			129
+#define RAP_WNetAccountSync			130
+#define RAP_WUserEnum2	        		131
+#define RAP_WWkstaUserLogon			132
+#define RAP_WWkstaUserLogoff			133
+#define RAP_WLogonEnum	         		134
+#define RAP_WErrorLogRead			135
+#define RAP_NetPathType		        	136
+#define RAP_NetPathCanonicalize		        137
+#define RAP_NetPathCompare			138
+#define RAP_NetNameValidate		        139
+#define RAP_NetNameCanonicalize		        140
+#define RAP_NetNameCompare		        141
+#define RAP_WAuditRead		        	142
+#define RAP_WPrintDestAdd			143
+#define RAP_WPrintDestSetInfo			144
+#define RAP_WPrintDestDel			145
+#define RAP_WUserValidate2			146
+#define RAP_WPrintJobSetInfo			147
+#define RAP_TI_NetServerDiskEnum		148
+#define RAP_TI_NetServerDiskGetInfo		149
+#define RAP_TI_FTVerifyMirror			150
+#define RAP_TI_FTAbortVerify			151
+#define RAP_TI_FTGetInfo			152
+#define RAP_TI_FTSetInfo			153
+#define RAP_TI_FTLockDisk			154
+#define RAP_TI_FTFixError			155
+#define RAP_TI_FTAbortFix			156
+#define RAP_TI_FTDiagnoseError			157
+#define RAP_TI_FTGetDriveStats			158
+#define RAP_TI_FTErrorGetInfo			160
+#define RAP_NetAccessCheck			163
+#define RAP_NetAlertRaise			164
+#define RAP_NetAlertStart			165
+#define RAP_NetAlertStop			166
+#define RAP_NetAuditWrite			167
+#define RAP_NetIRemoteAPI			168
+#define RAP_NetServiceStatus			169
+#define RAP_NetServerRegister			170
+#define RAP_NetServerDeregister		        171
+#define RAP_NetSessionEntryMake	        	172
+#define RAP_NetSessionEntryClear		173
+#define RAP_NetSessionEntryGetInfo		174
+#define RAP_NetSessionEntrySetInfo		175
+#define RAP_NetConnectionEntryMake		176
+#define RAP_NetConnectionEntryClear		177
+#define RAP_NetConnectionEntrySetInfo		178
+#define RAP_NetConnectionEntryGetInfo		179
+#define RAP_NetFileEntryMake			180
+#define RAP_NetFileEntryClear			181
+#define RAP_NetFileEntrySetInfo	        	182
+#define RAP_NetFileEntryGetInfo		        183
+#define RAP_AltSrvMessageBufferSend		184
+#define RAP_AltSrvMessageFileSend		185
+#define RAP_wI_NetRplWkstaEnum		        186
+#define RAP_wI_NetRplWkstaGetInfo		187
+#define RAP_wI_NetRplWkstaSetInfo		188
+#define RAP_wI_NetRplWkstaAdd		        189
+#define RAP_wI_NetRplWkstaDel			190
+#define RAP_wI_NetRplProfileEnum		191
+#define RAP_wI_NetRplProfileGetInfo		192
+#define RAP_wI_NetRplProfileSetInfo		193
+#define RAP_wI_NetRplProfileAdd	        	194
+#define RAP_wI_NetRplProfileDel			195
+#define RAP_wI_NetRplProfileClone		196
+#define RAP_wI_NetRplBaseProfileEnum		197
+#define RAP_WIServerSetInfo			201
+#define RAP_WPrintDriverEnum			205
+#define RAP_WPrintQProcessorEnum		206
+#define RAP_WPrintPortEnum			207
+#define RAP_WNetWriteUpdateLog	        	208
+#define RAP_WNetAccountUpdate			209
+#define RAP_WNetAccountConfirmUpdate		210
+#define RAP_WConfigSet				211
+#define RAP_WAccountsReplicate			212                      
+#define RAP_SamOEMChgPasswordUser2_P	        214
+#define RAP_NetServerEnum3			215
+#define RAP_WprintDriverGetInfo			250
+#define RAP_WprintDriverSetInfo			251
+#define RAP_WaliasAdd				252
+#define RAP_WaliasDel				253
+#define RAP_WaliasGetInfo			254
+#define RAP_WaliasSetInfo			255
+#define RAP_WaliasEnum	        		256
+#define RAP_WuserGetLogonAsn			257
+#define RAP_WuserSetLogonAsn			258
+#define RAP_WuserGetAppSel			259
+#define RAP_WuserSetAppSel			260
+#define RAP_WappAdd				261
+#define RAP_WappDel				262
+#define RAP_WappGetInfo		        	263
+#define RAP_WappSetInfo			        264
+#define RAP_WappEnum				265
+#define RAP_WUserDCDBInit			266
+#define RAP_WDASDAdd		        	267
+#define RAP_WDASDDel		        	268
+#define RAP_WDASDGetInfo			269
+#define RAP_WDASDSetInfo			270
+#define RAP_WDASDEnum			        271
+#define RAP_WDASDCheck	         		272
+#define RAP_WDASDCtl				273
+#define RAP_WuserRemoteLogonCheck		274
+#define RAP_WUserPasswordSet3			275
+#define RAP_WCreateRIPLMachine   		276
+#define RAP_WDeleteRIPLMachine		        277
+#define RAP_WGetRIPLMachineInfo	         	278
+#define RAP_WSetRIPLMachineInfo	         	279
+#define RAP_WEnumRIPLMachine	        	280
+#define RAP_I_ShareAdd		        	281
+#define RAP_AliasEnum		         	282
+#define RAP_WaccessApply			283
+#define RAP_WPrt16Query			        284
+#define RAP_WPrt16Set				285
+#define RAP_WUserDel100		        	286
+#define RAP_WUserRemoteLogonCheck2		287
+#define RAP_WRemoteTODSet			294
+#define RAP_WprintJobMoveAll			295
+#define RAP_W16AppParmAdd			296
+#define RAP_W16AppParmDel			297
+#define RAP_W16AppParmGet			298
+#define RAP_W16AppParmSet			299
+#define RAP_W16RIPLMachineCreate		300
+#define RAP_W16RIPLMachineGetInfo		301
+#define RAP_W16RIPLMachineSetInfo		302
+#define RAP_W16RIPLMachineEnum		        303
+#define RAP_W16RIPLMachineListParmEnum	        304
+#define RAP_W16RIPLMachClassGetInfo		305
+#define RAP_W16RIPLMachClassEnum		306
+#define RAP_W16RIPLMachClassCreate		307
+#define RAP_W16RIPLMachClassSetInfo		308
+#define RAP_W16RIPLMachClassDelete		309
+#define RAP_W16RIPLMachClassLPEnum		310
+#define RAP_W16RIPLMachineDelete		311
+#define RAP_W16WSLevelGetInfo	         	312
+#define RAP_WserverNameAdd			313
+#define RAP_WserverNameDel			314
+#define RAP_WserverNameEnum			315
+#define RAP_I_WDASDEnum	         		316
+#define RAP_WDASDEnumTerminate	         	317
+#define RAP_WDASDSetInfo2			318
+#define MAX_API					318
+
+
+/* Parameter description strings for RAP calls   */
+/* Names are defined name for RAP call with _REQ */
+/* appended to end.                              */
+
+#define RAP_WFileEnum2_REQ	"zzWrLehb8g8"
+#define RAP_WFileGetInfo2_REQ	"DWrLh"
+#define RAP_WFileClose2_REQ     "D"  	
+
+#define RAP_NetGroupEnum_REQ    "WrLeh"
+#define RAP_NetGroupAdd_REQ     "WsT"
+#define RAP_NetGroupDel_REQ     "z"
+#define RAP_NetGroupAddUser_REQ "zz"
+#define RAP_NetGroupDelUser_REQ "zz"
+#define RAP_NetGroupGetUsers_REQ "zWrLeh"
+#define RAP_NetGroupSetUsers_REQ "zWsTW"
+
+#define RAP_NetUserAdd2_REQ       "WsTWW"
+#define RAP_NetUserEnum_REQ       "WrLeh"
+#define RAP_NetUserEnum2_REQ      "WrLDieh"
+#define RAP_NetUserGetGroups_REQ  "zWrLeh"
+#define RAP_NetUserSetGroups_REQ  "zWsTW"
+#define RAP_NetUserPasswordSet_REQ "zb16b16w"
+#define RAP_NetUserPasswordSet2_REQ "zb16b16WW"
+#define RAP_SAMOEMChgPasswordUser2_REQ "B516B16"
+#define RAP_NetUserValidate2_REQ    "Wb62WWrLhWW"
+
+#define RAP_NetServerEnum2_REQ  "WrLehDz"
+#define RAP_WserverGetInfo_REQ  "WrLh"
+#define RAP_NetWkstatGetInfo    "WrLh"
+
+#define RAP_WShareAdd_REQ       "WsT"
+#define RAP_WShareEnum_REQ      "WrLeh"
+#define RAP_WShareDel_REQ       "zW"
+#define RAP_WWkstaGetInfo_REQ   "WrLh"
+
+#define RAP_NetPrintQEnum_REQ   "WrLeh"
+#define RAP_NetPrintQGetInfo_REQ "zWrLh"
+
+#define RAP_NetServerAdminCommand_REQ "zhrLeh"
+#define RAP_NetServiceEnum_REQ  "WrLeh"
+#define RAP_NetServiceControl_REQ "zWWrL"
+#define RAP_NetServiceInstall_REQ "zF88sg88T"
+#define RAP_NetServiceGetInfo_REQ "zWrLh"
+#define RAP_NetSessionEnum_REQ  "WrLeh"
+#define RAP_NetSessionGetInfo_REQ "zWrLh"
+#define RAP_NetSessionDel_REQ   "zW"
+
+#define RAP_NetConnectionEnum_REQ "zWrLeh"
+
+#define RAP_NetWkstaUserLogoff_REQ "zzWb38WrLh"
+
+/* Description strings for returned data in RAP calls */
+/* I use all caps here in part to avoid accidental    */
+/* name collisions */
+
+#define RAP_FILE_INFO_L2        "D"
+#define RAP_FILE_INFO_L3        "DWWzz"
+
+#define RAP_GROUP_INFO_L0       "B21"
+#define RAP_GROUP_INFO_L1       "B21Bz"
+#define RAP_GROUP_USERS_INFO_0  "B21"
+#define RAP_GROUP_USERS_INFO_1  "B21BN"
+
+#define RAP_USER_INFO_L0        "B21"
+#define RAP_USER_INFO_L1        "B21BB16DWzzWz"
+
+#define RAP_SERVER_INFO_L0      "B16"
+#define RAP_SERVER_INFO_L1      "B16BBDz"
+#define RAP_SERVER_INFO_L2 "B16BBDzDDDWWzWWWWWWWB21BzWWWWWWWWWWWWWWWWWWWWWWz"
+#define RAP_SERVER_INFO_L3 "B16BBDzDDDWWzWWWWWWWB21BzWWWWWWWWWWWWWWWWWWWWWWzDWz"
+#define RAP_SERVICE_INFO_L0     "B16"
+#define RAP_SERVICE_INFO_L2     "B16WDWB64"
+#define RAP_SHARE_INFO_L0       "B13"
+#define RAP_SHARE_INFO_L1	"B13BWz"
+#define RAP_SHARE_INFO_L2	"B13BWzWWWzB9B"
+
+#define RAP_PRINTQ_INFO_L2      "B13BWWWzzzzzWN"
+#define RAP_SMB_PRINT_JOB_L1    "WB21BB16B10zWWzDDz"
+
+#define RAP_SESSION_INFO_L2      "zzWWWDDDz"
+#define RAP_CONNECTION_INFO_L1   "WWWWDzz"
+
+#define RAP_USER_LOGOFF_INFO_L1     "WDW"
+
+#define RAP_WKSTA_INFO_L1       "WDzzzzBBDWDWWWWWWWWWWWWWWWWWWWzzWzzW"
+#define RAP_WKSTA_INFO_L10      "zzzBBzz"
+
+/* BB explicit packing would help in structs below */
+
+/* sizes of fixed-length fields, including null terminator */
+#define RAP_GROUPNAME_LEN 21
+#define RAP_USERNAME_LEN 21
+#define RAP_SHARENAME_LEN 13
+#define RAP_UPASSWD_LEN 16 /* user password */
+#define RAP_SPASSWD_LEN 9 /* share password */
+#define RAP_MACHNAME_LEN 16
+#define RAP_SRVCNAME_LEN 16
+#define RAP_SRVCCMNT_LEN 64
+#define RAP_DATATYPE_LEN 10
+
+
+typedef struct rap_group_info_1
+{
+    char   group_name[RAP_GROUPNAME_LEN];
+    char   reserved1;
+    char * comment;
+} RAP_GROUP_INFO_1;
+
+typedef struct rap_user_info_1
+{
+    char   user_name[RAP_USERNAME_LEN];
+    char   reserved1;
+    char   passwrd[RAP_UPASSWD_LEN];
+    uint32 pwage;
+    uint16 priv;
+    char * home_dir;
+    char * comment;
+    uint16 userflags;
+    char * logon_script;
+} RAP_USER_INFO_1;
+
+typedef struct rap_service_info_2
+{
+    char   service_name[RAP_SRVCNAME_LEN];
+    uint16 status;
+    uint32 installcode;
+    uint16 process_num;
+    char * comment;
+} RAP_SERVICE_INFO_2;
+
+
+typedef struct rap_share_info_0
+{
+    char   share_name[RAP_SHARENAME_LEN];
+} RAP_SHARE_INFO_0;
+
+typedef struct rap_share_info_1
+{
+    char   share_name[RAP_SHARENAME_LEN];
+    char   reserved1;
+    uint16 share_type;
+    char * comment;
+} RAP_SHARE_INFO_1;
+
+typedef struct rap_share_info_2
+{
+    char   share_name[RAP_SHARENAME_LEN];
+    char   reserved1;
+    uint16 share_type;
+    char * comment;
+    uint16 perms;
+    uint16 maximum_users;
+    uint16 active_users;
+    char * path;
+    char   password[RAP_SPASSWD_LEN];
+    char   reserved2;
+} RAP_SHARE_INFO_2;
+
+#endif /* _RAP_H_ */
diff --git a/source3/include/rpc_brs.h b/source3/include/rpc_brs.h
new file mode 100644
index 0000000000..cd0928d470
--- /dev/null
+++ b/source3/include/rpc_brs.h
@@ -0,0 +1,80 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB parameters and setup
+   Copyright (C) Andrew Tridgell 1992-1999
+   Copyright (C) Luke Kenneth Casson Leighton 1996-1999
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _RPC_BRS_H /* _RPC_BRS_H */
+#define _RPC_BRS_H 
+
+
+/* brssvc pipe */
+#define BRS_QUERY_INFO    0x02
+
+
+/* BRS_Q_QUERY_INFO - probably a capabilities request */
+typedef struct q_brs_query_info_info
+{
+	uint32 ptr_srv_name;         /* pointer (to server name?) */
+	UNISTR2 uni_srv_name;        /* unicode server name starting with '\\' */
+
+	uint16 switch_value1;            /* info level 100 (0x64) */
+	/* align */
+	uint16 switch_value2;            /* info level 100 (0x64) */
+
+	uint32 ptr;
+	uint32 pad1;
+	uint32 pad2;
+
+} BRS_Q_QUERY_INFO;
+
+
+/* BRS_INFO_100 - level 100 info */
+typedef struct brs_info_100_info
+{
+	uint32 pad1;
+	uint32 ptr2;
+	uint32 pad2;
+	uint32 pad3;
+
+} BRS_INFO_100;
+
+
+/* BRS_R_QUERY_INFO - probably a capabilities request */
+typedef struct r_brs_query_info_info
+{
+	uint16 switch_value1;          /* 100 (0x64) - switch value */
+	/* align */
+	uint16 switch_value2;            /* info level 100 (0x64) */
+
+	/* for now, only level 100 is supported.  this should be an enum container */
+	uint32 ptr_1;              /* pointer 1 */
+
+	union
+	{
+		BRS_INFO_100 *brs100;      /* browser info level 100 */
+		void *id;
+
+	} info;
+
+	NTSTATUS status;             /* return status */
+
+} BRS_R_QUERY_INFO;
+
+#endif /* _RPC_BRS_H */
+
diff --git a/source3/include/rpc_client.h b/source3/include/rpc_client.h
new file mode 100644
index 0000000000..bce9ec7f27
--- /dev/null
+++ b/source3/include/rpc_client.h
@@ -0,0 +1,28 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB parameters and setup
+   Copyright (C) Elrond                            2000
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _RPC_CLIENT_H
+#define _RPC_CLIENT_H
+
+#if 0	/* JERRY */
+#include "rpc_client_proto.h"
+#endif 
+
+#endif /* _RPC_CLIENT_H */
diff --git a/source3/include/rpc_creds.h b/source3/include/rpc_creds.h
new file mode 100644
index 0000000000..3022b17289
--- /dev/null
+++ b/source3/include/rpc_creds.h
@@ -0,0 +1,96 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB parameters and setup
+   Copyright (C) Andrew Tridgell 1992-1999
+   Copyright (C) Luke Kenneth Casson Leighton 1996-1999
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+
+#ifndef _RPC_CREDS_H /* _RPC_CREDS_H */
+#define _RPC_CREDS_H 
+
+typedef struct ntuser_creds
+{
+	fstring user_name;
+	fstring domain;
+	struct pwd_info pwd;
+
+	uint32 ntlmssp_flags;
+
+} CREDS_NT;
+
+typedef struct unixuser_creds
+{
+	fstring user_name;
+	fstring requested_name;
+	fstring real_name;
+	BOOL guest;
+
+} CREDS_UNIX;
+
+typedef struct unixsec_creds
+{
+	uint32 uid;
+	uint32 gid;
+	int num_grps;
+	uint32 *grps;
+
+} CREDS_UNIX_SEC;
+
+typedef struct ntsec_creds
+{
+	DOM_SID sid;
+	uint32 num_grps;
+	uint32 *grp_rids;
+
+} CREDS_NT_SEC;
+
+typedef struct user_creds
+{
+	BOOL reuse;
+
+	uint32 ptr_ntc;
+	uint32 ptr_uxc;
+	uint32 ptr_nts;
+	uint32 ptr_uxs;
+	uint32 ptr_ssk;
+
+	CREDS_NT   ntc;
+	CREDS_UNIX uxc;
+
+	CREDS_NT_SEC   nts;
+	CREDS_UNIX_SEC uxs;
+
+	uchar usr_sess_key[16];
+
+} CREDS_HYBRID;
+
+typedef struct cred_command
+{
+	uint16 version;
+	uint16 command;
+	uint32 pid; /* unique process id */
+
+	fstring name;
+
+	uint32 ptr_creds;
+	CREDS_HYBRID *cred;
+
+} CREDS_CMD;
+
+#endif /* _RPC_CREDS_H */
+
diff --git a/source3/include/rpc_dce.h b/source3/include/rpc_dce.h
new file mode 100644
index 0000000000..01d974d41d
--- /dev/null
+++ b/source3/include/rpc_dce.h
@@ -0,0 +1,344 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB parameters and setup
+   Copyright (C) Andrew Tridgell 1992-1997
+   Copyright (C) Luke Kenneth Casson Leighton 1996-1997
+   Copyright (C) Paul Ashton 1997
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _DCE_RPC_H /* _DCE_RPC_H */
+#define _DCE_RPC_H 
+
+#include "rpc_misc.h"  /* this only pulls in STRHDR */
+
+
+/* DCE/RPC packet types */
+
+enum RPC_PKT_TYPE
+{
+	RPC_REQUEST = 0x00,
+	RPC_RESPONSE = 0x02,
+	RPC_FAULT    = 0x03,
+	RPC_BIND     = 0x0B,
+	RPC_BINDACK  = 0x0C,
+	RPC_BINDNACK = 0x0D,
+	RPC_ALTCONT  = 0x0E,
+	RPC_ALTCONTRESP = 0x0F,
+	RPC_BINDRESP = 0x10 /* not the real name!  this is undocumented! */
+};
+
+/* DCE/RPC flags */
+#define RPC_FLG_FIRST 0x01
+#define RPC_FLG_LAST  0x02
+#define RPC_FLG_NOCALL 0x20
+
+/* NTLMSSP message types */
+enum NTLM_MESSAGE_TYPE
+{
+	NTLMSSP_NEGOTIATE = 1,
+	NTLMSSP_CHALLENGE = 2,
+	NTLMSSP_AUTH      = 3,
+	NTLMSSP_UNKNOWN   = 4
+};
+
+/* NTLMSSP negotiation flags */
+#define NTLMSSP_NEGOTIATE_UNICODE          0x00000001
+#define NTLMSSP_NEGOTIATE_OEM              0x00000002
+#define NTLMSSP_REQUEST_TARGET             0x00000004
+#define NTLMSSP_NEGOTIATE_SIGN             0x00000010
+#define NTLMSSP_NEGOTIATE_SEAL             0x00000020
+#define NTLMSSP_NEGOTIATE_LM_KEY           0x00000080
+#define NTLMSSP_NEGOTIATE_NTLM             0x00000200
+#define NTLMSSP_NEGOTIATE_00001000         0x00001000
+#define NTLMSSP_NEGOTIATE_00002000         0x00002000
+#define NTLMSSP_NEGOTIATE_ALWAYS_SIGN      0x00008000
+#define NTLMSSP_NEGOTIATE_NTLM2            0x00080000
+#define NTLMSSP_NEGOTIATE_TARGET_INFO      0x00800000
+#define NTLMSSP_NEGOTIATE_128              0x20000000
+#define NTLMSSP_NEGOTIATE_KEY_EXCH         0x40000000
+
+#define SMBD_NTLMSSP_NEG_FLAGS 0x000082b1
+
+/* NTLMSSP signature version */
+#define NTLMSSP_SIGN_VERSION 0x01
+
+/* NTLMSSP auth type and level. */
+#define NTLMSSP_AUTH_TYPE 0xa
+#define NTLMSSP_AUTH_LEVEL 0x6
+
+/* Maximum PDU fragment size. */
+#define MAX_PDU_FRAG_LEN 0x1630
+
+/*
+ * Actual structure of a DCE UUID
+ */
+
+typedef struct rpc_uuid
+{
+  uint32 time_low;
+  uint16 time_mid;
+  uint16 time_hi_and_version;
+  uint8 remaining[8];
+} RPC_UUID;
+
+#define RPC_UUID_LEN 16
+
+/* RPC_IFACE */
+typedef struct rpc_iface_info
+{
+  RPC_UUID uuid;    /* 16 bytes of rpc interface identification */
+  uint32 version;    /* the interface version number */
+
+} RPC_IFACE;
+
+#define RPC_IFACE_LEN (RPC_UUID_LEN + 4)
+
+struct pipe_id_info
+{
+	/* the names appear not to matter: the syntaxes _do_ matter */
+
+	char *client_pipe;
+	RPC_IFACE abstr_syntax; /* this one is the abstract syntax id */
+
+	char *server_pipe;  /* this one is the secondary syntax name */
+	RPC_IFACE trans_syntax; /* this one is the primary syntax id */
+};
+
+/* RPC_HDR - dce rpc header */
+typedef struct rpc_hdr_info
+{
+  uint8  major; /* 5 - RPC major version */
+  uint8  minor; /* 0 - RPC minor version */
+  uint8  pkt_type; /* RPC_PKT_TYPE - RPC response packet */
+  uint8  flags; /* DCE/RPC flags */
+  uint8  pack_type[4]; /* 0x1000 0000 - little-endian packed data representation */
+  uint16 frag_len; /* fragment length - data size (bytes) inc header and tail. */
+  uint16 auth_len; /* 0 - authentication length  */
+  uint32 call_id; /* call identifier.  matches 12th uint32 of incoming RPC data. */
+
+} RPC_HDR;
+
+#define RPC_HEADER_LEN 16
+
+/* RPC_HDR_REQ - ms request rpc header */
+typedef struct rpc_hdr_req_info
+{
+  uint32 alloc_hint;   /* allocation hint - data size (bytes) minus header and tail. */
+  uint16 context_id;   /* 0 - presentation context identifier */
+  uint16  opnum;        /* opnum */
+
+} RPC_HDR_REQ;
+
+#define RPC_HDR_REQ_LEN 8
+
+/* RPC_HDR_RESP - ms response rpc header */
+typedef struct rpc_hdr_resp_info
+{
+  uint32 alloc_hint;   /* allocation hint - data size (bytes) minus header and tail. */
+  uint16 context_id;   /* 0 - presentation context identifier */
+  uint8  cancel_count; /* 0 - cancel count */
+  uint8  reserved;     /* 0 - reserved. */
+
+} RPC_HDR_RESP;
+
+#define RPC_HDR_RESP_LEN 8
+
+/* RPC_HDR_FAULT - fault rpc header */
+typedef struct rpc_hdr_fault_info
+{
+  NTSTATUS status;
+  uint32 reserved; /* 0x0000 0000 */
+} RPC_HDR_FAULT;
+
+#define RPC_HDR_FAULT_LEN 8
+
+/* this seems to be the same string name depending on the name of the pipe,
+ * but is more likely to be linked to the interface name
+ * "srvsvc", "\\PIPE\\ntsvcs"
+ * "samr", "\\PIPE\\lsass"
+ * "wkssvc", "\\PIPE\\wksvcs"
+ * "NETLOGON", "\\PIPE\\NETLOGON"
+ */
+/* RPC_ADDR_STR */
+typedef struct rpc_addr_info
+{
+  uint16 len;   /* length of the string including null terminator */
+  fstring str; /* the string above in single byte, null terminated form */
+
+} RPC_ADDR_STR;
+
+/* RPC_HDR_BBA */
+typedef struct rpc_hdr_bba_info
+{
+  uint16 max_tsize;       /* maximum transmission fragment size (0x1630) */
+  uint16 max_rsize;       /* max receive fragment size (0x1630) */
+  uint32 assoc_gid;       /* associated group id (0x0) */
+
+} RPC_HDR_BBA;
+
+#define RPC_HDR_BBA_LEN 8
+
+/* RPC_HDR_AUTHA */
+typedef struct rpc_hdr_autha_info
+{
+	uint16 max_tsize;       /* maximum transmission fragment size (0x1630) */
+	uint16 max_rsize;       /* max receive fragment size (0x1630) */
+
+	uint8 auth_type; /* 0x0a */
+	uint8 auth_level; /* 0x06 */
+	uint8 stub_type_len; /* don't know */
+	uint8 padding; /* padding */
+
+	uint32 unknown; /* 0x0014a0c0 */
+
+} RPC_HDR_AUTHA;
+
+#define RPC_HDR_AUTHA_LEN 12
+
+/* RPC_HDR_AUTH */
+typedef struct rpc_hdr_auth_info
+{
+	uint8 auth_type; /* 0x0a */
+	uint8 auth_level; /* 0x06 */
+	uint8 stub_type_len; /* don't know */
+	uint8 padding; /* padding */
+
+	uint32 unknown; /* pointer */
+
+} RPC_HDR_AUTH;
+
+#define RPC_HDR_AUTH_LEN 8
+
+/* RPC_BIND_REQ - ms req bind */
+typedef struct rpc_bind_req_info
+{
+  RPC_HDR_BBA bba;
+
+  uint32 num_elements;    /* the number of elements (0x1) */
+  uint16 context_id;      /* presentation context identifier (0x0) */
+  uint8 num_syntaxes;     /* the number of syntaxes (has always been 1?)(0x1) */
+
+  RPC_IFACE abstract;     /* num and vers. of interface client is using */
+  RPC_IFACE transfer;     /* num and vers. of interface to use for replies */
+  
+} RPC_HDR_RB;
+
+/* 
+ * The following length is 8 bytes RPC_HDR_BBA_LEN, 8 bytes internals 
+ * (with 3 bytes padding), + 2 x RPC_IFACE_LEN bytes for RPC_IFACE structs.
+ */
+
+#define RPC_HDR_RB_LEN (RPC_HDR_BBA_LEN + 8 + (2*RPC_IFACE_LEN))
+
+/* RPC_RESULTS - can only cope with one reason, right now... */
+typedef struct rpc_results_info
+{
+/* uint8[] # 4-byte alignment padding, against SMB header */
+
+  uint8 num_results; /* the number of results (0x01) */
+
+/* uint8[] # 4-byte alignment padding, against SMB header */
+
+  uint16 result; /* result (0x00 = accept) */
+  uint16 reason; /* reason (0x00 = no reason specified) */
+
+} RPC_RESULTS;
+
+/* RPC_HDR_BA */
+typedef struct rpc_hdr_ba_info
+{
+  RPC_HDR_BBA bba;
+
+  RPC_ADDR_STR addr    ;  /* the secondary address string, as described earlier */
+  RPC_RESULTS  res     ; /* results and reasons */
+  RPC_IFACE    transfer; /* the transfer syntax from the request */
+
+} RPC_HDR_BA;
+
+/* RPC_AUTH_VERIFIER */
+typedef struct rpc_auth_verif_info
+{
+	fstring signature; /* "NTLMSSP" */
+	uint32  msg_type; /* NTLMSSP_MESSAGE_TYPE (1,2,3) */
+
+} RPC_AUTH_VERIFIER;
+
+/* this is TEMPORARILY coded up as a specific structure */
+/* this structure comes after the bind request */
+/* RPC_AUTH_NTLMSSP_NEG */
+typedef struct rpc_auth_ntlmssp_neg_info
+{
+	uint32  neg_flgs; /* 0x0000 b2b3 */
+
+	STRHDR hdr_myname; /* offset is against START of this structure */
+	STRHDR hdr_domain; /* offset is against START of this structure */
+
+	fstring myname; /* calling workstation's name */
+	fstring domain; /* calling workstations's domain */
+
+} RPC_AUTH_NTLMSSP_NEG;
+
+/* this is TEMPORARILY coded up as a specific structure */
+/* this structure comes after the bind acknowledgement */
+/* RPC_AUTH_NTLMSSP_CHAL */
+typedef struct rpc_auth_ntlmssp_chal_info
+{
+	uint32 unknown_1; /* 0x0000 0000 */
+	uint32 unknown_2; /* 0x0000 0028 */
+	uint32 neg_flags; /* 0x0000 82b1 */
+
+	uint8 challenge[8]; /* ntlm challenge */
+	uint8 reserved [8]; /* zeros */
+
+} RPC_AUTH_NTLMSSP_CHAL;
+
+
+/* RPC_AUTH_NTLMSSP_RESP */
+typedef struct rpc_auth_ntlmssp_resp_info
+{
+	STRHDR hdr_lm_resp; /* 24 byte response */
+	STRHDR hdr_nt_resp; /* 24 byte response */
+	STRHDR hdr_domain;
+	STRHDR hdr_usr;
+	STRHDR hdr_wks;
+	STRHDR hdr_sess_key; /* NULL unless negotiated */
+	uint32 neg_flags; /* 0x0000 82b1 */
+
+	fstring sess_key;
+	fstring wks;
+	fstring user;
+	fstring domain;
+	fstring nt_resp;
+	fstring lm_resp;
+
+} RPC_AUTH_NTLMSSP_RESP;
+
+/* attached to the end of encrypted rpc requests and responses */
+/* RPC_AUTH_NTLMSSP_CHK */
+typedef struct rpc_auth_ntlmssp_chk_info
+{
+	uint32 ver; /* 0x0000 0001 */
+	uint32 reserved;
+	uint32 crc32; /* checksum using 0xEDB8 8320 as a polynomial */
+	uint32 seq_num;
+
+} RPC_AUTH_NTLMSSP_CHK;
+
+#define RPC_AUTH_NTLMSSP_CHK_LEN 16
+
+
+#endif /* _DCE_RPC_H */
diff --git a/source3/include/rpc_dfs.h b/source3/include/rpc_dfs.h
new file mode 100644
index 0000000000..39316a5d54
--- /dev/null
+++ b/source3/include/rpc_dfs.h
@@ -0,0 +1,197 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Samba parameters and setup
+   Copyright (C) Andrew Tridgell 1992-2000
+   Copyright (C) Luke Kenneth Casson Leighton 1996 - 2000
+   Copyright (C) Shirish Kalele 2000
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful, 
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _RPC_DFS_H
+#define _RPC_DFS_H
+
+/* NETDFS pipe: calls */
+#define DFS_EXIST                0x00
+#define DFS_ADD                  0x01
+#define DFS_REMOVE               0x02
+#define DFS_GET_INFO             0x04
+#define DFS_ENUM                 0x05
+
+/* dfsadd flags */
+#define DFSFLAG_ADD_VOLUME           0x00000001
+#define DFSFLAG_RESTORE_VOLUME       0x00000002
+
+typedef struct dfs_q_dfs_exist
+{
+  uint32 dummy;
+}
+DFS_Q_DFS_EXIST;
+
+/* status == 1 if dfs exists. */
+typedef struct dfs_r_dfs_exist
+{
+	uint32 status;          /* Not a WERROR or NTSTATUS code */
+}
+DFS_R_DFS_EXIST;
+
+typedef struct dfs_q_dfs_add
+{
+  uint32 ptr_DfsEntryPath;
+  UNISTR2 DfsEntryPath;
+  uint32 ptr_ServerName;
+  UNISTR2 ServerName;
+  uint32 ptr_ShareName;
+  UNISTR2 ShareName;
+  uint32 ptr_Comment;
+  UNISTR2 Comment;
+  uint32 Flags;
+}
+DFS_Q_DFS_ADD;
+
+typedef struct dfs_r_dfs_add
+{
+  WERROR status;
+}
+DFS_R_DFS_ADD;
+
+/********************************************/
+typedef struct dfs_q_dfs_remove
+{
+  UNISTR2 DfsEntryPath;
+  uint32 ptr_ServerName;
+  UNISTR2 ServerName;
+  uint32 ptr_ShareName;
+  UNISTR2 ShareName;
+}
+DFS_Q_DFS_REMOVE;
+
+typedef struct dfs_r_dfs_remove
+{
+  WERROR status;
+}
+DFS_R_DFS_REMOVE;
+
+/********************************************/
+typedef struct dfs_info_1
+{
+  uint32 ptr_entrypath;
+  UNISTR2 entrypath;
+}
+DFS_INFO_1;
+
+typedef struct dfs_info_2
+{
+  uint32 ptr_entrypath;
+  UNISTR2 entrypath;
+  uint32 ptr_comment;
+  UNISTR2 comment;
+  uint32 state;
+  uint32 num_storages;
+}
+DFS_INFO_2;
+
+typedef struct dfs_storage_info
+{
+  uint32 state;
+  uint32 ptr_servername;
+  UNISTR2 servername;
+  uint32 ptr_sharename;
+  UNISTR2 sharename;
+}
+DFS_STORAGE_INFO;
+
+typedef struct dfs_info_3
+{
+  uint32 ptr_entrypath;
+  UNISTR2 entrypath;
+  uint32 ptr_comment;
+  UNISTR2 comment;
+  uint32 state;
+  uint32 num_storages;
+  uint32 ptr_storages;
+  uint32 num_storage_infos;
+  DFS_STORAGE_INFO* storages;
+}
+DFS_INFO_3;
+
+typedef struct dfs_info_ctr
+{
+  
+  uint32 switch_value;
+  uint32 num_entries;
+  uint32 ptr_dfs_ctr; /* pointer to dfs info union */
+  union
+  {
+    DFS_INFO_1 *info1;
+    DFS_INFO_2 *info2;
+    DFS_INFO_3 *info3;
+  } dfs;
+}
+DFS_INFO_CTR;
+
+typedef struct dfs_q_dfs_get_info
+{
+  UNISTR2 uni_path;
+  
+  uint32 ptr_server;
+  UNISTR2 uni_server;
+
+  uint32 ptr_share;
+  UNISTR2 uni_share;
+  
+  uint32 level;
+}
+DFS_Q_DFS_GET_INFO;
+
+typedef struct dfs_r_dfs_get_info
+{
+  uint32 level;
+  uint32 ptr_ctr;
+  DFS_INFO_CTR ctr;
+  WERROR status;
+}
+DFS_R_DFS_GET_INFO;
+
+typedef struct dfs_q_dfs_enum
+{
+  uint32 level;
+  uint32 maxpreflen;
+  uint32 ptr_buffer;
+  uint32 level2;
+  uint32 ptr_num_entries;
+  uint32 num_entries;
+  uint32 ptr_num_entries2;
+  uint32 num_entries2;
+  ENUM_HND reshnd;
+}
+DFS_Q_DFS_ENUM;
+
+typedef struct dfs_r_dfs_enum
+{
+  DFS_INFO_CTR *ctr;
+  uint32 ptr_buffer;
+  uint32 level;
+  uint32 level2;
+  uint32 ptr_num_entries;
+  uint32 num_entries;
+  uint32 ptr_num_entries2;
+  uint32 num_entries2;
+  ENUM_HND reshnd;
+  WERROR status;
+}
+DFS_R_DFS_ENUM;
+
+#endif  
diff --git a/source3/include/rpc_lsa.h b/source3/include/rpc_lsa.h
new file mode 100644
index 0000000000..ccdce6f263
--- /dev/null
+++ b/source3/include/rpc_lsa.h
@@ -0,0 +1,672 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB parameters and setup
+   Copyright (C) Andrew Tridgell 1992-1997
+   Copyright (C) Luke Kenneth Casson Leighton 1996-1997
+   Copyright (C) Paul Ashton 1997
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _RPC_LSA_H /* _RPC_LSA_H */
+#define _RPC_LSA_H 
+
+#include "rpc_misc.h"
+
+enum SID_NAME_USE
+{
+	SID_NAME_USE_NONE = 0,/* NOTUSED */
+	SID_NAME_USER    = 1, /* user */
+	SID_NAME_DOM_GRP = 2, /* domain group */
+	SID_NAME_DOMAIN  = 3, /* domain: don't know what this is */
+	SID_NAME_ALIAS   = 4, /* local group */
+	SID_NAME_WKN_GRP = 5, /* well-known group */
+	SID_NAME_DELETED = 6, /* deleted account: needed for c2 rating */
+	SID_NAME_INVALID = 7, /* invalid account */
+	SID_NAME_UNKNOWN = 8  /* oops. */
+};
+
+/* Opcodes available on PIPE_LSARPC */
+
+#define LSA_CLOSE              0x00
+#define LSA_DELETE             0x01
+#define LSA_ENUM_PRIVS         0x02
+#define LSA_QUERYSECOBJ        0x03
+#define LSA_SETSECOBJ          0x04
+#define LSA_CHANGEPASSWORD     0x05
+#define LSA_OPENPOLICY         0x06
+#define LSA_QUERYINFOPOLICY    0x07
+#define LSA_SETINFOPOLICY      0x08
+#define LSA_CLEARAUDITLOG      0x09
+#define LSA_CREATEACCOUNT      0x0a
+#define LSA_ENUM_ACCOUNTS      0x0b
+#define LSA_CREATETRUSTDOM     0x0c
+#define LSA_ENUMTRUSTDOM       0x0d
+#define LSA_LOOKUPNAMES        0x0e
+#define LSA_LOOKUPSIDS         0x0f
+#define LSA_CREATESECRET       0x10
+#define LSA_OPENACCOUNT	       0x11
+#define LSA_ENUMPRIVSACCOUNT   0x12
+#define LSA_ADDPRIVS           0x13
+#define LSA_REMOVEPRIVS        0x14
+#define LSA_GETQUOTAS          0x15
+#define LSA_SETQUOTAS          0x16
+#define LSA_GETSYSTEMACCOUNT   0x17
+#define LSA_SETSYSTEMACCOUNT   0x18
+#define LSA_OPENTRUSTDOM       0x19
+#define LSA_QUERYTRUSTDOM      0x1a
+#define LSA_SETINFOTRUSTDOM    0x1b
+#define LSA_OPENSECRET         0x1c
+#define LSA_SETSECRET          0x1d
+#define LSA_QUERYSECRET        0x1e
+#define LSA_LOOKUPPRIVVALUE    0x1f
+#define LSA_LOOKUPPRIVNAME     0x20
+#define LSA_PRIV_GET_DISPNAME  0x21
+#define LSA_DELETEOBJECT       0x22
+#define LSA_ENUMACCTWITHRIGHT  0x23
+#define LSA_ENUMACCTRIGHTS     0x24
+#define LSA_ADDACCTRIGHTS      0x25
+#define LSA_REMOVEACCTRIGHTS   0x26
+#define LSA_QUERYTRUSTDOMINFO  0x27
+#define LSA_SETTRUSTDOMINFO    0x28
+#define LSA_DELETETRUSTDOM     0x29
+#define LSA_STOREPRIVDATA      0x2a
+#define LSA_RETRPRIVDATA       0x2b
+#define LSA_OPENPOLICY2        0x2c
+#define LSA_UNK_GET_CONNUSER   0x2d /* LsaGetConnectedCredentials ? */
+
+/* XXXX these are here to get a compile! */
+#define LSA_LOOKUPRIDS      0xFD
+
+/* DOM_QUERY - info class 3 and 5 LSA Query response */
+typedef struct dom_query_info
+{
+  uint16 uni_dom_max_len; /* domain name string length * 2 */
+  uint16 uni_dom_str_len; /* domain name string length * 2 */
+  uint32 buffer_dom_name; /* undocumented domain name string buffer pointer */
+  uint32 buffer_dom_sid; /* undocumented domain SID string buffer pointer */
+  UNISTR2 uni_domain_name; /* domain name (unicode string) */
+  DOM_SID2 dom_sid; /* domain SID */
+
+} DOM_QUERY;
+
+/* level 5 is same as level 3. */
+typedef DOM_QUERY DOM_QUERY_3;
+typedef DOM_QUERY DOM_QUERY_5;
+
+/* level 2 is auditing settings */
+typedef struct dom_query_2
+{
+	uint32 auditing_enabled;
+	uint32 count1; /* usualy 7, at least on nt4sp4 */
+	uint32 count2; /* the same */
+	uint32 *auditsettings;
+} DOM_QUERY_2;
+
+/* level 6 is server role information */
+typedef struct dom_query_6
+{
+	uint16 server_role; /* 2=backup, 3=primary */
+} DOM_QUERY_6;
+
+typedef struct seq_qos_info
+{
+	uint32 len; /* 12 */
+	uint16 sec_imp_level; /* 0x02 - impersonation level */
+	uint8  sec_ctxt_mode; /* 0x01 - context tracking mode */
+	uint8  effective_only; /* 0x00 - effective only */
+
+} LSA_SEC_QOS;
+
+typedef struct obj_attr_info
+{
+	uint32 len;          /* 0x18 - length (in bytes) inc. the length field. */
+	uint32 ptr_root_dir; /* 0 - root directory (pointer) */
+	uint32 ptr_obj_name; /* 0 - object name (pointer) */
+	uint32 attributes;   /* 0 - attributes (undocumented) */
+	uint32 ptr_sec_desc; /* 0 - security descriptior (pointer) */
+	uint32 ptr_sec_qos;  /* security quality of service */
+	LSA_SEC_QOS *sec_qos;
+
+} LSA_OBJ_ATTR;
+
+/* LSA_Q_OPEN_POL - LSA Query Open Policy */
+typedef struct lsa_q_open_pol_info
+{
+	uint32 ptr;         /* undocumented buffer pointer */
+	uint16 system_name; /* 0x5c - system name */
+	LSA_OBJ_ATTR attr ; /* object attributes */
+
+	uint32 des_access; /* desired access attributes */
+
+} LSA_Q_OPEN_POL;
+
+/* LSA_R_OPEN_POL - response to LSA Open Policy */
+typedef struct lsa_r_open_pol_info
+{
+	POLICY_HND pol; /* policy handle */
+	NTSTATUS status; /* return code */
+
+} LSA_R_OPEN_POL;
+
+/* LSA_Q_OPEN_POL2 - LSA Query Open Policy */
+typedef struct lsa_q_open_pol2_info
+{
+	uint32       ptr;             /* undocumented buffer pointer */
+	UNISTR2      uni_server_name; /* server name, starting with two '\'s */
+	LSA_OBJ_ATTR attr           ; /* object attributes */
+
+	uint32 des_access; /* desired access attributes */
+
+} LSA_Q_OPEN_POL2;
+
+/* LSA_R_OPEN_POL2 - response to LSA Open Policy */
+typedef struct lsa_r_open_pol2_info
+{
+	POLICY_HND pol; /* policy handle */
+	NTSTATUS status; /* return code */
+
+} LSA_R_OPEN_POL2;
+
+
+#define POLICY_VIEW_LOCAL_INFORMATION    0x00000001
+#define POLICY_VIEW_AUDIT_INFORMATION    0x00000002
+#define POLICY_GET_PRIVATE_INFORMATION   0x00000004
+#define POLICY_TRUST_ADMIN               0x00000008
+#define POLICY_CREATE_ACCOUNT            0x00000010
+#define POLICY_CREATE_SECRET             0x00000020
+#define POLICY_CREATE_PRIVILEGE          0x00000040
+#define POLICY_SET_DEFAULT_QUOTA_LIMITS  0x00000080
+#define POLICY_SET_AUDIT_REQUIREMENTS    0x00000100
+#define POLICY_AUDIT_LOG_ADMIN           0x00000200
+#define POLICY_SERVER_ADMIN              0x00000400
+#define POLICY_LOOKUP_NAMES              0x00000800
+
+#define POLICY_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED_ACCESS  |\
+                            POLICY_VIEW_LOCAL_INFORMATION    |\
+                            POLICY_VIEW_AUDIT_INFORMATION    |\
+                            POLICY_GET_PRIVATE_INFORMATION   |\
+                            POLICY_TRUST_ADMIN               |\
+                            POLICY_CREATE_ACCOUNT            |\
+                            POLICY_CREATE_SECRET             |\
+                            POLICY_CREATE_PRIVILEGE          |\
+                            POLICY_SET_DEFAULT_QUOTA_LIMITS  |\
+                            POLICY_SET_AUDIT_REQUIREMENTS    |\
+                            POLICY_AUDIT_LOG_ADMIN           |\
+                            POLICY_SERVER_ADMIN              |\
+                            POLICY_LOOKUP_NAMES )
+
+
+#define POLICY_READ       ( STANDARD_RIGHTS_READ_ACCESS      |\
+                            POLICY_VIEW_AUDIT_INFORMATION    |\
+                            POLICY_GET_PRIVATE_INFORMATION)
+
+#define POLICY_WRITE      ( STANDARD_RIGHTS_WRITE_ACCESS     |\
+                            POLICY_TRUST_ADMIN               |\
+                            POLICY_CREATE_ACCOUNT            |\
+                            POLICY_CREATE_SECRET             |\
+                            POLICY_CREATE_PRIVILEGE          |\
+                            POLICY_SET_DEFAULT_QUOTA_LIMITS  |\
+                            POLICY_SET_AUDIT_REQUIREMENTS    |\
+                            POLICY_AUDIT_LOG_ADMIN           |\
+                            POLICY_SERVER_ADMIN)
+
+#define POLICY_EXECUTE    ( STANDARD_RIGHTS_EXECUTE_ACCESS   |\
+                            POLICY_VIEW_LOCAL_INFORMATION    |\
+                            POLICY_LOOKUP_NAMES )
+
+/* LSA_Q_QUERY_SEC_OBJ - LSA query security */
+typedef struct lsa_query_sec_obj_info
+{
+	POLICY_HND pol; /* policy handle */
+	uint32 sec_info;
+
+} LSA_Q_QUERY_SEC_OBJ;
+
+/* LSA_R_QUERY_SEC_OBJ - probably an open */
+typedef struct r_lsa_query_sec_obj_info
+{
+	uint32 ptr;
+	SEC_DESC_BUF *buf;
+
+	NTSTATUS status;         /* return status */
+
+} LSA_R_QUERY_SEC_OBJ;
+
+/* LSA_Q_QUERY_INFO - LSA query info policy */
+typedef struct lsa_query_info
+{
+	POLICY_HND pol; /* policy handle */
+    uint16 info_class; /* info class */
+
+} LSA_Q_QUERY_INFO;
+
+/* LSA_INFO_UNION */
+typedef union lsa_info_union
+{
+	DOM_QUERY_2 id2;
+	DOM_QUERY_3 id3;
+	DOM_QUERY_5 id5;
+	DOM_QUERY_6 id6;
+} LSA_INFO_UNION;
+
+/* LSA_R_QUERY_INFO - response to LSA query info policy */
+typedef struct lsa_r_query_info
+{
+    uint32 undoc_buffer; /* undocumented buffer pointer */
+    uint16 info_class; /* info class (same as info class in request) */
+   
+	LSA_INFO_UNION dom; 
+
+	NTSTATUS status; /* return code */
+
+} LSA_R_QUERY_INFO;
+
+/* LSA_Q_ENUM_TRUST_DOM - LSA enumerate trusted domains */
+typedef struct lsa_enum_trust_dom_info
+{
+	POLICY_HND pol; /* policy handle */
+    uint32 enum_context; /* enumeration context handle */
+    uint32 preferred_len; /* preferred maximum length */
+
+} LSA_Q_ENUM_TRUST_DOM;
+
+/* LSA_R_ENUM_TRUST_DOM - response to LSA enumerate trusted domains */
+typedef struct lsa_r_enum_trust_dom_info
+{
+	uint32 enum_context; /* enumeration context handle */
+	uint32 num_domains; /* number of domains */
+	uint32 ptr_enum_domains; /* buffer pointer to num domains */
+
+	/* this lot is only added if ptr_enum_domains is non-NULL */
+	uint32 num_domains2; /* number of domains */
+	UNIHDR2 *hdr_domain_name;
+	UNISTR2 *uni_domain_name;
+	DOM_SID2 *domain_sid;
+
+	NTSTATUS status; /* return code */
+
+} LSA_R_ENUM_TRUST_DOM;
+
+/* LSA_Q_CLOSE */
+typedef struct lsa_q_close_info
+{
+	POLICY_HND pol; /* policy handle */
+
+} LSA_Q_CLOSE;
+
+/* LSA_R_CLOSE */
+typedef struct lsa_r_close_info
+{
+	POLICY_HND pol; /* policy handle.  should be all zeros. */
+
+	NTSTATUS status; /* return code */
+
+} LSA_R_CLOSE;
+
+
+#define MAX_REF_DOMAINS 32
+
+/* DOM_TRUST_HDR */
+typedef struct dom_trust_hdr
+{
+	UNIHDR hdr_dom_name; /* referenced domain unicode string headers */
+	uint32 ptr_dom_sid;
+
+} DOM_TRUST_HDR;
+	
+/* DOM_TRUST_INFO */
+typedef struct dom_trust_info
+{
+	UNISTR2  uni_dom_name; /* domain name unicode string */
+	DOM_SID2 ref_dom     ; /* referenced domain SID */
+
+} DOM_TRUST_INFO;
+	
+/* DOM_R_REF */
+typedef struct dom_ref_info
+{
+    uint32 num_ref_doms_1; /* num referenced domains */
+    uint32 ptr_ref_dom; /* pointer to referenced domains */
+    uint32 max_entries; /* 32 - max number of entries */
+    uint32 num_ref_doms_2; /* num referenced domains */
+
+    DOM_TRUST_HDR  hdr_ref_dom[MAX_REF_DOMAINS]; /* referenced domains */
+    DOM_TRUST_INFO ref_dom    [MAX_REF_DOMAINS]; /* referenced domains */
+
+} DOM_R_REF;
+
+/* the domain_idx points to a SID associated with the name */
+
+/* LSA_TRANS_NAME - translated name */
+typedef struct lsa_trans_name_info
+{
+	uint16 sid_name_use; /* value is 5 for a well-known group; 2 for a domain group; 1 for a user... */
+	UNIHDR hdr_name; 
+	uint32 domain_idx; /* index into DOM_R_REF array of SIDs */
+
+} LSA_TRANS_NAME;
+
+/* This number purly arbitary - just to prevent a client from requesting large amounts of memory */
+#define MAX_LOOKUP_SIDS 256
+
+/* LSA_TRANS_NAME_ENUM - LSA Translated Name Enumeration container */
+typedef struct lsa_trans_name_enum_info
+{
+	uint32 num_entries;
+	uint32 ptr_trans_names;
+	uint32 num_entries2;
+	
+	LSA_TRANS_NAME *name; /* translated names  */
+	UNISTR2 *uni_name;
+
+} LSA_TRANS_NAME_ENUM;
+
+/* LSA_SID_ENUM - LSA SID enumeration container */
+typedef struct lsa_sid_enum_info
+{
+	uint32 num_entries;
+	uint32 ptr_sid_enum;
+	uint32 num_entries2;
+	
+	uint32 *ptr_sid; /* domain SID pointers to be looked up. */
+	DOM_SID2 *sid; /* domain SIDs to be looked up. */
+
+} LSA_SID_ENUM;
+
+/* LSA_Q_LOOKUP_SIDS - LSA Lookup SIDs */
+typedef struct lsa_q_lookup_sids
+{
+	POLICY_HND          pol; /* policy handle */
+	LSA_SID_ENUM        sids;
+	LSA_TRANS_NAME_ENUM names;
+	LOOKUP_LEVEL        level;
+	uint32              mapped_count;
+
+} LSA_Q_LOOKUP_SIDS;
+
+/* LSA_R_LOOKUP_SIDS - response to LSA Lookup SIDs */
+typedef struct lsa_r_lookup_sids
+{
+	uint32              ptr_dom_ref;
+	DOM_R_REF           *dom_ref; /* domain reference info */
+
+	LSA_TRANS_NAME_ENUM *names;
+	uint32              mapped_count;
+
+	NTSTATUS            status; /* return code */
+
+} LSA_R_LOOKUP_SIDS;
+
+/* LSA_Q_LOOKUP_NAMES - LSA Lookup NAMEs */
+typedef struct lsa_q_lookup_names
+{
+	POLICY_HND pol; /* policy handle */
+	uint32 num_entries;
+	uint32 num_entries2;
+	UNIHDR  *hdr_name; /* name buffer pointers */
+	UNISTR2 *uni_name; /* names to be looked up */
+
+	uint32 num_trans_entries;
+	uint32 ptr_trans_sids; /* undocumented domain SID buffer pointer */
+	uint32 lookup_level;
+	uint32 mapped_count;
+
+} LSA_Q_LOOKUP_NAMES;
+
+/* LSA_R_LOOKUP_NAMES - response to LSA Lookup NAMEs by name */
+typedef struct lsa_r_lookup_names
+{
+	uint32 ptr_dom_ref;
+	DOM_R_REF *dom_ref; /* domain reference info */
+
+	uint32 num_entries;
+	uint32 ptr_entries;
+	uint32 num_entries2;
+	DOM_RID2 *dom_rid; /* domain RIDs being looked up */
+
+	uint32 mapped_count;
+
+	NTSTATUS status; /* return code */
+} LSA_R_LOOKUP_NAMES;
+
+/* This is probably a policy handle but at the moment we
+   never read it - so use a dummy struct. */
+
+typedef struct lsa_q_open_secret
+{
+	uint32 dummy;
+} LSA_Q_OPEN_SECRET;
+
+/* We always return "not found" at present - so just marshal the minimum. */
+
+typedef struct lsa_r_open_secret
+{
+	uint32 dummy1;
+	uint32 dummy2;
+	uint32 dummy3;
+	uint32 dummy4;
+	NTSTATUS status;
+} LSA_R_OPEN_SECRET;
+
+typedef struct lsa_enum_priv_entry
+{
+	UNIHDR hdr_name;
+	uint32 luid_low;
+	uint32 luid_high;
+	UNISTR2 name;
+	
+} LSA_PRIV_ENTRY;
+
+/* LSA_Q_ENUM_PRIVS - LSA enum privileges */
+typedef struct lsa_q_enum_privs
+{
+	POLICY_HND pol; /* policy handle */
+	uint32 enum_context;
+	uint32 pref_max_length;
+} LSA_Q_ENUM_PRIVS;
+
+typedef struct lsa_r_enum_privs
+{
+	uint32 enum_context;
+	uint32 count;
+	uint32 ptr;
+	uint32 count1;
+
+	LSA_PRIV_ENTRY *privs;
+
+	NTSTATUS status;
+} LSA_R_ENUM_PRIVS;
+
+/* LSA_Q_PRIV_GET_DISPNAME - LSA get privilege display name */
+typedef struct lsa_q_priv_get_dispname
+{
+	POLICY_HND pol; /* policy handle */
+	UNIHDR hdr_name;
+	UNISTR2 name;
+	uint16 lang_id;
+	uint16 lang_id_sys;
+} LSA_Q_PRIV_GET_DISPNAME;
+
+typedef struct lsa_r_priv_get_dispname
+{
+	uint32 ptr_info;
+	UNIHDR hdr_desc;
+	UNISTR2 desc;
+	/* Don't align ! */
+	uint16 lang_id;
+	/* align */
+	NTSTATUS status;
+} LSA_R_PRIV_GET_DISPNAME;
+
+/* LSA_Q_ENUM_ACCOUNTS */
+typedef struct lsa_q_enum_accounts
+{
+	POLICY_HND pol; /* policy handle */
+	uint32 enum_context;
+	uint32 pref_max_length;
+} LSA_Q_ENUM_ACCOUNTS;
+
+/* LSA_R_ENUM_ACCOUNTS */
+typedef struct lsa_r_enum_accounts
+{
+	uint32 enum_context;
+	LSA_SID_ENUM sids;
+	NTSTATUS status;
+} LSA_R_ENUM_ACCOUNTS;
+
+/* LSA_Q_UNK_GET_CONNUSER - gets username\domain of connected user
+                  called when "Take Ownership" is clicked -SK */
+typedef struct lsa_q_unk_get_connuser
+{
+  uint32 ptr_srvname;
+  UNISTR2 uni2_srvname;
+  uint32 unk1; /* 3 unknown uint32's are seen right after uni2_srvname */
+  uint32 unk2; /* unk2 appears to be a ptr, unk1 = unk3 = 0 usually */
+  uint32 unk3; 
+} LSA_Q_UNK_GET_CONNUSER;
+
+/* LSA_R_UNK_GET_CONNUSER */
+typedef struct lsa_r_unk_get_connuser
+{
+  uint32 ptr_user_name;
+  UNIHDR hdr_user_name;
+  UNISTR2 uni2_user_name;
+  
+  uint32 unk1;
+  
+  uint32 ptr_dom_name;
+  UNIHDR hdr_dom_name;
+  UNISTR2 uni2_dom_name;
+
+  NTSTATUS status;
+} LSA_R_UNK_GET_CONNUSER;
+
+
+typedef struct lsa_q_openaccount
+{
+	POLICY_HND pol; /* policy handle */
+	DOM_SID2 sid;
+	uint32 access; /* desired access */
+} LSA_Q_OPENACCOUNT;
+
+typedef struct lsa_r_openaccount
+{
+	POLICY_HND pol; /* policy handle */
+	NTSTATUS status;
+} LSA_R_OPENACCOUNT;
+
+typedef struct lsa_q_enumprivsaccount
+{
+	POLICY_HND pol; /* policy handle */
+} LSA_Q_ENUMPRIVSACCOUNT;
+
+
+typedef struct LUID
+{
+	uint32 low;
+	uint32 high;
+} LUID;
+
+typedef struct LUID_ATTR
+{
+	LUID luid;
+	uint32 attr;
+} LUID_ATTR ;
+
+typedef struct privilege_set
+{
+	uint32 count;
+	uint32 control;
+	LUID_ATTR *set;
+} PRIVILEGE_SET;
+
+typedef struct lsa_r_enumprivsaccount
+{
+	uint32 ptr;
+	uint32 count;
+	PRIVILEGE_SET set;
+	NTSTATUS status;
+} LSA_R_ENUMPRIVSACCOUNT;
+
+typedef struct lsa_q_getsystemaccount
+{
+	POLICY_HND pol; /* policy handle */
+} LSA_Q_GETSYSTEMACCOUNT;
+
+typedef struct lsa_r_getsystemaccount
+{
+	uint32 access;
+	NTSTATUS status;
+} LSA_R_GETSYSTEMACCOUNT;
+
+
+typedef struct lsa_q_setsystemaccount
+{
+	POLICY_HND pol; /* policy handle */
+	uint32 access;
+} LSA_Q_SETSYSTEMACCOUNT;
+
+typedef struct lsa_r_setsystemaccount
+{
+	NTSTATUS status;
+} LSA_R_SETSYSTEMACCOUNT;
+
+
+typedef struct lsa_q_lookupprivvalue
+{
+	POLICY_HND pol; /* policy handle */
+	UNIHDR hdr_right;
+	UNISTR2 uni2_right;
+} LSA_Q_LOOKUPPRIVVALUE;
+
+typedef struct lsa_r_lookupprivvalue
+{
+	LUID luid;
+	NTSTATUS status;
+} LSA_R_LOOKUPPRIVVALUE;
+
+
+typedef struct lsa_q_addprivs
+{
+	POLICY_HND pol; /* policy handle */
+	uint32 count;
+	PRIVILEGE_SET set;
+} LSA_Q_ADDPRIVS;
+
+typedef struct lsa_r_addprivs
+{
+	NTSTATUS status;
+} LSA_R_ADDPRIVS;
+
+
+typedef struct lsa_q_removeprivs
+{
+	POLICY_HND pol; /* policy handle */
+	uint32 allrights;
+	uint32 ptr;
+	uint32 count;
+	PRIVILEGE_SET set;
+} LSA_Q_REMOVEPRIVS;
+
+typedef struct lsa_r_removeprivs
+{
+	NTSTATUS status;
+} LSA_R_REMOVEPRIVS;
+
+
+#endif /* _RPC_LSA_H */
+
+
diff --git a/source3/include/rpc_misc.h b/source3/include/rpc_misc.h
new file mode 100644
index 0000000000..e47853c2a2
--- /dev/null
+++ b/source3/include/rpc_misc.h
@@ -0,0 +1,397 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB parameters and setup
+   Copyright (C) Andrew Tridgell 1992-1997
+   Copyright (C) Luke Kenneth Casson Leighton 1996-1997
+   Copyright (C) Paul Ashton 1997
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "ntdomain.h"
+#include "rpc_dce.h"
+
+#ifndef _RPC_MISC_H /* _RPC_MISC_H */
+#define _RPC_MISC_H 
+
+
+
+/* well-known RIDs - Relative IDs */
+
+/* RIDs - Well-known users ... */
+#define DOMAIN_USER_RID_ADMIN          (0x000001F4L)
+#define DOMAIN_USER_RID_GUEST          (0x000001F5L)
+#define DOMAIN_USER_RID_KRBTGT         (0x000001F6L)
+
+/* RIDs - well-known groups ... */
+#define DOMAIN_GROUP_RID_ADMINS        (0x00000200L)
+#define DOMAIN_GROUP_RID_USERS         (0x00000201L)
+#define DOMAIN_GROUP_RID_GUESTS        (0x00000202L)
+#define DOMAIN_GROUP_RID_COMPUTERS     (0x00000203L)
+
+#define DOMAIN_GROUP_RID_CONTROLLERS   (0x00000204L)
+#define DOMAIN_GROUP_RID_CERT_ADMINS   (0x00000205L)
+#define DOMAIN_GROUP_RID_SCHEMA_ADMINS (0x00000206L)
+#define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS (0x00000207L)
+
+/* is the following the right number? I bet it is  --simo
+#define DOMAIN_GROUP_RID_POLICY_ADMINS (0x00000208L)
+*/
+
+/* RIDs - well-known aliases ... */
+#define BUILTIN_ALIAS_RID_ADMINS        (0x00000220L)
+#define BUILTIN_ALIAS_RID_USERS         (0x00000221L)
+#define BUILTIN_ALIAS_RID_GUESTS        (0x00000222L)
+#define BUILTIN_ALIAS_RID_POWER_USERS   (0x00000223L)
+
+#define BUILTIN_ALIAS_RID_ACCOUNT_OPS   (0x00000224L)
+#define BUILTIN_ALIAS_RID_SYSTEM_OPS    (0x00000225L)
+#define BUILTIN_ALIAS_RID_PRINT_OPS     (0x00000226L)
+#define BUILTIN_ALIAS_RID_BACKUP_OPS    (0x00000227L)
+
+#define BUILTIN_ALIAS_RID_REPLICATOR    (0x00000228L)
+#define BUILTIN_ALIAS_RID_RAS_SERVERS   (0x00000229L)
+
+/*
+ * Masks for mappings between unix uid and gid types and
+ * NT RIDS.
+ */
+
+
+#define BASE_RID (0x000003E8L)
+
+/* Take the bottom bit. */
+#define RID_TYPE_MASK 1
+#define RID_MULTIPLIER 2
+
+/* The two common types. */
+#define USER_RID_TYPE 0
+#define GROUP_RID_TYPE 1
+
+/* ENUM_HND */
+typedef struct enum_hnd_info
+{
+	uint32 ptr_hnd;          /* pointer to enumeration handle */
+	uint32 handle;           /* enumeration handle */
+
+} ENUM_HND;
+
+/* LOOKUP_LEVEL - switch value */
+typedef struct lookup_level_info
+{
+  uint16 value;
+
+} LOOKUP_LEVEL;
+
+/* DOM_SID2 - security id */
+typedef struct sid_info_2
+{
+	uint32 num_auths; /* length, bytes, including length of len :-) */
+
+	DOM_SID sid;
+
+} DOM_SID2;
+
+/* STRHDR - string header */
+typedef struct header_info
+{
+  uint16 str_str_len;
+  uint16 str_max_len;
+  uint32 buffer; /* non-zero */
+
+} STRHDR;
+
+/* UNIHDR - unicode string header */
+typedef struct unihdr_info
+{
+  uint16 uni_str_len;
+  uint16 uni_max_len;
+  uint32 buffer; /* usually has a value of 4 */
+
+} UNIHDR;
+
+/* UNIHDR2 - unicode string header and undocumented buffer */
+typedef struct unihdr2_info
+{
+  UNIHDR unihdr;
+  uint32 buffer; /* 32 bit buffer pointer */
+
+} UNIHDR2;
+
+/* clueless as to what maximum length should be */
+#define MAX_UNISTRLEN 256
+#define MAX_STRINGLEN 256
+#define MAX_BUFFERLEN 512
+
+/* UNISTR - unicode string size and buffer */
+typedef struct unistr_info
+{
+  /* unicode characters. ***MUST*** be little-endian. ***MUST*** be null-terminated */
+  uint16 *buffer;
+} UNISTR;
+
+/* BUFHDR - buffer header */
+typedef struct bufhdr_info
+{
+  uint32 buf_max_len;
+  uint32 buf_len;
+
+} BUFHDR;
+
+/* BUFFER2 - unicode string, size (in uint8 ascii chars) and buffer */
+/* pathetic.  some stupid team of \PIPE\winreg writers got the concept */
+/* of a unicode string different from the other \PIPE\ writers */
+typedef struct buffer2_info
+{
+  uint32 buf_max_len;
+  uint32 undoc;
+  uint32 buf_len;
+  /* unicode characters. ***MUST*** be little-endian. **NOT** necessarily null-terminated */
+  uint16 *buffer;
+
+} BUFFER2;
+
+/* BUFFER3 */
+typedef struct buffer3_info
+{
+  uint32 buf_max_len;
+  uint8  *buffer; /* Data */
+  uint32 buf_len;
+
+} BUFFER3;
+
+/* BUFFER5 */
+typedef struct buffer5_info
+{
+  uint32 buf_len;
+  uint16 *buffer; /* data */
+} BUFFER5;
+
+/* UNISTR2 - unicode string size (in uint16 unicode chars) and buffer */
+typedef struct unistr2_info
+{
+  uint32 uni_max_len;
+  uint32 undoc;
+  uint32 uni_str_len;
+  /* unicode characters. ***MUST*** be little-endian. 
+     **must** be null-terminated and the uni_str_len should include
+     the NULL character */
+  uint16 *buffer;
+
+} UNISTR2;
+
+/* STRING2 - string size (in uint8 chars) and buffer */
+typedef struct string2_info
+{
+  uint32 str_max_len;
+  uint32 undoc;
+  uint32 str_str_len;
+  uint8  *buffer; /* uint8 characters. **NOT** necessarily null-terminated */
+
+} STRING2;
+
+/* UNISTR3 - XXXX not sure about this structure */
+typedef struct unistr3_info
+{
+	uint32 uni_str_len;
+	UNISTR str;
+
+} UNISTR3;
+
+
+/* DOM_RID2 - domain RID structure for ntlsa pipe */
+typedef struct domrid2_info
+{
+	uint8 type; /* value is SID_NAME_USE enum */
+	uint32 rid;
+	uint32 rid_idx; /* referenced domain index */
+
+} DOM_RID2;
+
+/* DOM_RID3 - domain RID structure for samr pipe */
+typedef struct domrid3_info
+{
+	uint32 rid;        /* domain-relative (to a SID) id */
+	uint32 type1;      /* value is 0x1 */
+	uint32 ptr_type;   /* undocumented pointer */
+	uint32 type2;      /* value is 0x1 */
+	uint32 unk; /* value is 0x2 */
+
+} DOM_RID3;
+
+/* DOM_RID4 - rid + user attributes */
+typedef struct domrid4_info
+{
+  uint32 unknown;
+  uint16 attr;
+  uint32 rid;  /* user RID */
+
+} DOM_RID4;
+
+/* DOM_CLNT_SRV - client / server names */
+typedef struct clnt_srv_info
+{
+  uint32  undoc_buffer; /* undocumented 32 bit buffer pointer */
+  UNISTR2 uni_logon_srv; /* logon server name */
+  uint32  undoc_buffer2; /* undocumented 32 bit buffer pointer */
+  UNISTR2 uni_comp_name; /* client machine name */
+
+} DOM_CLNT_SRV;
+
+/* DOM_LOG_INFO - login info */
+typedef struct log_info
+{
+  uint32  undoc_buffer; /* undocumented 32 bit buffer pointer */
+  UNISTR2 uni_logon_srv; /* logon server name */
+  UNISTR2 uni_acct_name; /* account name */
+  uint16  sec_chan;      /* secure channel type */
+  UNISTR2 uni_comp_name; /* client machine name */
+
+} DOM_LOG_INFO;
+
+/* DOM_CHAL - challenge info */
+typedef struct chal_info
+{
+    uchar data[8]; /* credentials */
+} DOM_CHAL;
+ 
+/* DOM_CREDs - timestamped client or server credentials */
+typedef struct cred_info
+{
+    DOM_CHAL challenge; /* credentials */
+    UTIME timestamp;    /* credential time-stamp */
+} DOM_CRED;
+
+/* DOM_CLNT_INFO - client info */
+typedef struct clnt_info
+{
+  DOM_LOG_INFO login;
+  DOM_CRED     cred;
+
+} DOM_CLNT_INFO;
+
+/* DOM_CLNT_INFO2 - client info */
+typedef struct clnt_info2
+{
+  DOM_CLNT_SRV login;
+  uint32        ptr_cred;
+  DOM_CRED      cred;
+
+} DOM_CLNT_INFO2;
+
+/* DOM_LOGON_ID - logon id */
+typedef struct logon_info
+{
+  uint32 low;
+  uint32 high;
+
+} DOM_LOGON_ID;
+
+/* OWF INFO */
+typedef struct owf_info
+{
+  uint8 data[16];
+
+} OWF_INFO;
+
+
+/* DOM_GID - group id + user attributes */
+typedef struct gid_info
+{
+  uint32 g_rid;  /* a group RID */
+  uint32 attr;
+
+} DOM_GID;
+
+/* POLICY_HND */
+typedef struct lsa_policy_info
+{
+	uint32 data1;
+	uint32 data2;
+	uint16 data3;
+	uint16 data4;
+	uint8 data5[8];
+
+#ifdef __INSURE__
+
+	/* To prevent the leakage of policy handles mallocate a bit of
+	   memory when a policy handle is created and free it when the
+	   handle is closed.  This should cause Insure to flag an error
+	   when policy handles are overwritten or fall out of scope without
+	   being freed. */
+
+	char *marker;
+#endif
+
+} POLICY_HND;
+
+/*
+ * A client connection's state, pipe name, 
+ * user credentials, etc...
+ */
+typedef struct _cli_auth_fns cli_auth_fns;
+struct user_creds;
+struct cli_connection {
+
+        char                    *srv_name;
+        char                    *pipe_name;
+        struct user_creds       usr_creds;
+
+        struct cli_state        *pCli_state;
+
+        cli_auth_fns            *auth;
+
+        void                    *auth_info;
+        void                    *auth_creds;
+};
+
+
+/* 
+ * Associate a POLICY_HND with a cli_connection
+ */
+typedef struct rpc_hnd_node {
+
+	POLICY_HND		hnd;
+	struct cli_connection 	*cli;
+
+} RPC_HND_NODE;
+
+typedef struct uint64_s
+{
+	uint32 low;
+	uint32 high;
+} UINT64_S;
+
+/* BUFHDR2 - another buffer header, with info level */
+typedef struct bufhdr2_info
+{
+	uint32 info_level;
+	uint32 length;		/* uint8 chars */
+	uint32 buffer;
+
+}
+BUFHDR2;
+
+/* BUFFER4 - simple length and buffer */
+typedef struct buffer4_info
+{
+	uint32 buf_len;
+	uint8 buffer[MAX_BUFFERLEN];
+
+}
+BUFFER4;
+
+
+#endif /* _RPC_MISC_H */
diff --git a/source3/include/rpc_netlogon.h b/source3/include/rpc_netlogon.h
new file mode 100644
index 0000000000..80b00fbaad
--- /dev/null
+++ b/source3/include/rpc_netlogon.h
@@ -0,0 +1,905 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB parameters and setup
+   Copyright (C) Andrew Tridgell 1992-1997
+   Copyright (C) Luke Kenneth Casson Leighton 1996-1997
+   Copyright (C) Paul Ashton 1997
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _RPC_NETLOGON_H /* _RPC_NETLOGON_H */
+#define _RPC_NETLOGON_H 
+
+
+/* NETLOGON pipe */
+#define NET_SAMLOGON           0x02
+#define NET_SAMLOGOFF          0x03
+#define NET_REQCHAL            0x04
+#define NET_AUTH               0x05
+#define NET_SRVPWSET           0x06
+#define NET_SAM_DELTAS         0x07
+#define NET_LOGON_CTRL         0x0c
+#define NET_AUTH2              0x0f
+#define NET_LOGON_CTRL2        0x0e
+#define NET_SAM_SYNC           0x10
+#define NET_TRUST_DOM_LIST     0x13
+
+/* Secure Channel types.  used in NetrServerAuthenticate negotiation */
+#define SEC_CHAN_WKSTA   2
+#define SEC_CHAN_DOMAIN  4
+#define SEC_CHAN_BDC     6
+
+/* Returned delta types */
+#define SAM_DELTA_DOMAIN_INFO  0x01 /* Domain */
+#define SAM_DELTA_GROUP_INFO   0x02 /* Domain groups */
+#define SAM_DELTA_ACCOUNT_INFO 0x05 /* Users */
+#define SAM_DELTA_GROUP_MEM    0x08 /* Group membership */
+#define SAM_DELTA_ALIAS_INFO   0x09 /* Local groups */
+#define SAM_DELTA_ALIAS_MEM    0x0C /* Local group membership */
+#define SAM_DELTA_DOM_INFO     0x0D /* Privilige stuff */
+#define SAM_DELTA_UNK0E_INFO   0x0e /* Privilige stuff */
+#define SAM_DELTA_PRIVS_INFO   0x10 /* Privilige stuff */
+#define SAM_DELTA_UNK12_INFO   0x12 /* Privilige stuff */
+#define SAM_DELTA_SAM_STAMP    0x16 /* Some kind of journal record? */
+
+/* SAM database types */
+#define SAM_DATABASE_DOMAIN    0x00 /* Domain users and groups */
+#define SAM_DATABASE_BUILTIN   0x01 /* BUILTIN users and groups */
+#define SAM_DATABASE_PRIVS     0x02 /* Priviliges? */
+
+#if 0
+/* I think this is correct - it's what gets parsed on the wire. JRA. */
+/* NET_USER_INFO_2 */
+typedef struct net_user_info_2
+{
+	uint32 ptr_user_info;
+
+	NTTIME logon_time;            /* logon time */
+	NTTIME logoff_time;           /* logoff time */
+	NTTIME kickoff_time;          /* kickoff time */
+	NTTIME pass_last_set_time;    /* password last set time */
+	NTTIME pass_can_change_time;  /* password can change time */
+	NTTIME pass_must_change_time; /* password must change time */
+
+	UNIHDR hdr_user_name;    /* username unicode string header */
+	UNIHDR hdr_full_name;    /* user's full name unicode string header */
+	UNIHDR hdr_logon_script; /* logon script unicode string header */
+	UNIHDR hdr_profile_path; /* profile path unicode string header */
+	UNIHDR hdr_home_dir;     /* home directory unicode string header */
+	UNIHDR hdr_dir_drive;    /* home directory drive unicode string header */
+
+	uint16 logon_count;  /* logon count */
+	uint16 bad_pw_count; /* bad password count */
+
+	uint32 user_id;       /* User ID */
+	uint32 group_id;      /* Group ID */
+	uint32 num_groups;    /* num groups */
+	uint32 buffer_groups; /* undocumented buffer pointer to groups. */
+	uint32 user_flgs;     /* user flags */
+
+	uint8 user_sess_key[16]; /* unused user session key */
+
+	UNIHDR hdr_logon_srv; /* logon server unicode string header */
+	UNIHDR hdr_logon_dom; /* logon domain unicode string header */
+
+	uint32 buffer_dom_id; /* undocumented logon domain id pointer */
+	uint8 padding[40];    /* unused padding bytes.  expansion room */
+
+	UNISTR2 uni_user_name;    /* username unicode string */
+	UNISTR2 uni_full_name;    /* user's full name unicode string */
+	UNISTR2 uni_logon_script; /* logon script unicode string */
+	UNISTR2 uni_profile_path; /* profile path unicode string */
+	UNISTR2 uni_home_dir;     /* home directory unicode string */
+	UNISTR2 uni_dir_drive;    /* home directory drive unicode string */
+
+	uint32 num_groups2;        /* num groups */
+	DOM_GID *gids; /* group info */
+
+	UNISTR2 uni_logon_srv; /* logon server unicode string */
+	UNISTR2 uni_logon_dom; /* logon domain unicode string */
+
+	DOM_SID2 dom_sid;           /* domain SID */
+
+	uint32 num_other_groups;        /* other groups */
+	DOM_GID *other_gids; /* group info */
+	DOM_SID2 *other_sids; /* undocumented - domain SIDs */
+
+} NET_USER_INFO_2;
+#endif
+
+/* NET_USER_INFO_3 */
+typedef struct net_user_info_3
+{
+	uint32 ptr_user_info;
+
+	NTTIME logon_time;            /* logon time */
+	NTTIME logoff_time;           /* logoff time */
+	NTTIME kickoff_time;          /* kickoff time */
+	NTTIME pass_last_set_time;    /* password last set time */
+	NTTIME pass_can_change_time;  /* password can change time */
+	NTTIME pass_must_change_time; /* password must change time */
+
+	UNIHDR hdr_user_name;    /* username unicode string header */
+	UNIHDR hdr_full_name;    /* user's full name unicode string header */
+	UNIHDR hdr_logon_script; /* logon script unicode string header */
+	UNIHDR hdr_profile_path; /* profile path unicode string header */
+	UNIHDR hdr_home_dir;     /* home directory unicode string header */
+	UNIHDR hdr_dir_drive;    /* home directory drive unicode string header */
+
+	uint16 logon_count;  /* logon count */
+	uint16 bad_pw_count; /* bad password count */
+
+	uint32 user_rid;       /* User RID */
+	uint32 group_rid;      /* Group RID */
+
+	uint32 num_groups;    /* num groups */
+	uint32 buffer_groups; /* undocumented buffer pointer to groups. */
+	uint32 user_flgs;     /* user flags */
+
+	uint8 user_sess_key[16]; /* unused user session key */
+
+	UNIHDR hdr_logon_srv; /* logon server unicode string header */
+	UNIHDR hdr_logon_dom; /* logon domain unicode string header */
+
+	uint32 buffer_dom_id; /* undocumented logon domain id pointer */
+	uint8 padding[40];    /* unused padding bytes.  expansion room */
+
+	uint32 num_other_sids; /* 0 - num_sids */
+	uint32 buffer_other_sids; /* NULL - undocumented pointer to SIDs. */
+	
+	UNISTR2 uni_user_name;    /* username unicode string */
+	UNISTR2 uni_full_name;    /* user's full name unicode string */
+	UNISTR2 uni_logon_script; /* logon script unicode string */
+	UNISTR2 uni_profile_path; /* profile path unicode string */
+	UNISTR2 uni_home_dir;     /* home directory unicode string */
+	UNISTR2 uni_dir_drive;    /* home directory drive unicode string */
+
+	uint32 num_groups2;        /* num groups */
+	DOM_GID *gids; /* group info */
+
+	UNISTR2 uni_logon_srv; /* logon server unicode string */
+	UNISTR2 uni_logon_dom; /* logon domain unicode string */
+
+	DOM_SID2 dom_sid;           /* domain SID */
+
+	uint32 num_other_groups;        /* other groups */
+	DOM_GID *other_gids; /* group info */
+	DOM_SID2 *other_sids; /* undocumented - domain SIDs */
+
+} NET_USER_INFO_3;
+
+
+/* NETLOGON_INFO_1 - pdc status info, i presume */
+typedef struct netlogon_1_info
+{
+	uint32 flags;            /* 0x0 - undocumented */
+	uint32 pdc_status;       /* 0x0 - undocumented */
+
+} NETLOGON_INFO_1;
+
+/* NETLOGON_INFO_2 - pdc status info, plus trusted domain info */
+typedef struct netlogon_2_info
+{
+	uint32  flags;            /* 0x0 - undocumented */
+	uint32  pdc_status;       /* 0x0 - undocumented */
+	uint32  ptr_trusted_dc_name; /* pointer to trusted domain controller name */
+	uint32  tc_status;           /* 0x051f - ERROR_NO_LOGON_SERVERS */
+	UNISTR2 uni_trusted_dc_name; /* unicode string - trusted dc name */
+
+} NETLOGON_INFO_2;
+
+/* NETLOGON_INFO_3 - logon status info, i presume */
+typedef struct netlogon_3_info
+{
+	uint32 flags;            /* 0x0 - undocumented */
+	uint32 logon_attempts;   /* number of logon attempts */
+	uint32 reserved_1;       /* 0x0 - undocumented */
+	uint32 reserved_2;       /* 0x0 - undocumented */
+	uint32 reserved_3;       /* 0x0 - undocumented */
+	uint32 reserved_4;       /* 0x0 - undocumented */
+	uint32 reserved_5;       /* 0x0 - undocumented */
+
+} NETLOGON_INFO_3;
+
+/********************************************************
+ Logon Control Query
+
+ This is generated by a nltest /bdc_query:DOMAIN
+
+ query_level 0x1, function_code 0x1
+
+ ********************************************************/
+
+/* NET_Q_LOGON_CTRL - LSA Netr Logon Control */
+
+typedef struct net_q_logon_ctrl_info
+{
+	uint32 ptr;
+	UNISTR2 uni_server_name;
+	uint32 function_code;
+	uint32 query_level;
+} NET_Q_LOGON_CTRL;
+
+/* NET_R_LOGON_CTRL - LSA Netr Logon Control */
+
+typedef struct net_r_logon_ctrl_info
+{
+	uint32 switch_value;
+	uint32 ptr;
+
+	union {
+		NETLOGON_INFO_1 info1;
+	} logon;
+
+	NTSTATUS status;
+} NET_R_LOGON_CTRL;
+
+/********************************************************
+ Logon Control2 Query
+
+ query_level 0x1 - pdc status
+ query_level 0x3 - number of logon attempts.
+
+ ********************************************************/
+
+/* NET_Q_LOGON_CTRL2 - LSA Netr Logon Control 2 */
+typedef struct net_q_logon_ctrl2_info
+{
+	uint32       ptr;             /* undocumented buffer pointer */
+	UNISTR2      uni_server_name; /* server name, starting with two '\'s */
+	
+	uint32       function_code; /* 0x1 */
+	uint32       query_level;   /* 0x1, 0x3 */
+	uint32       switch_value;  /* 0x1 */
+
+} NET_Q_LOGON_CTRL2;
+
+/*******************************************************
+ Logon Control Response
+
+ switch_value is same as query_level in request 
+ *******************************************************/
+
+/* NET_R_LOGON_CTRL2 - response to LSA Logon Control2 */
+typedef struct net_r_logon_ctrl2_info
+{
+	uint32       switch_value;  /* 0x1, 0x3 */
+	uint32       ptr;
+
+	union
+	{
+		NETLOGON_INFO_1 info1;
+		NETLOGON_INFO_2 info2;
+		NETLOGON_INFO_3 info3;
+
+	} logon;
+
+	NTSTATUS status; /* return code */
+
+} NET_R_LOGON_CTRL2;
+
+/* NET_Q_TRUST_DOM_LIST - LSA Query Trusted Domains */
+typedef struct net_q_trust_dom_info
+{
+	uint32       ptr;             /* undocumented buffer pointer */
+	UNISTR2      uni_server_name; /* server name, starting with two '\'s */
+
+} NET_Q_TRUST_DOM_LIST;
+
+#define MAX_TRUST_DOMS 1
+
+/* NET_R_TRUST_DOM_LIST - response to LSA Trusted Domains */
+typedef struct net_r_trust_dom_info
+{
+	UNISTR2 uni_trust_dom_name[MAX_TRUST_DOMS];
+
+	NTSTATUS status; /* return code */
+
+} NET_R_TRUST_DOM_LIST;
+
+
+/* NEG_FLAGS */
+typedef struct neg_flags_info
+{
+    uint32 neg_flags; /* negotiated flags */
+
+} NEG_FLAGS;
+
+
+/* NET_Q_REQ_CHAL */
+typedef struct net_q_req_chal_info
+{
+    uint32  undoc_buffer; /* undocumented buffer pointer */
+    UNISTR2 uni_logon_srv; /* logon server unicode string */
+    UNISTR2 uni_logon_clnt; /* logon client unicode string */
+    DOM_CHAL clnt_chal; /* client challenge */
+
+} NET_Q_REQ_CHAL;
+
+
+/* NET_R_REQ_CHAL */
+typedef struct net_r_req_chal_info
+{
+	DOM_CHAL srv_chal; /* server challenge */
+	NTSTATUS status; /* return code */
+} NET_R_REQ_CHAL;
+
+/* NET_Q_AUTH */
+typedef struct net_q_auth_info
+{
+	DOM_LOG_INFO clnt_id; /* client identification info */
+	DOM_CHAL clnt_chal;     /* client-calculated credentials */
+} NET_Q_AUTH;
+
+/* NET_R_AUTH */
+typedef struct net_r_auth_info
+{
+	DOM_CHAL srv_chal;     /* server-calculated credentials */
+	NTSTATUS status; /* return code */
+} NET_R_AUTH;
+
+/* NET_Q_AUTH_2 */
+typedef struct net_q_auth2_info
+{
+    DOM_LOG_INFO clnt_id; /* client identification info */
+    DOM_CHAL clnt_chal;     /* client-calculated credentials */
+
+    NEG_FLAGS clnt_flgs; /* usually 0x0000 01ff */
+
+} NET_Q_AUTH_2;
+
+
+/* NET_R_AUTH_2 */
+typedef struct net_r_auth2_info
+{
+	DOM_CHAL srv_chal;     /* server-calculated credentials */
+	NEG_FLAGS srv_flgs; /* usually 0x0000 01ff */
+	NTSTATUS status; /* return code */
+} NET_R_AUTH_2;
+
+
+/* NET_Q_SRV_PWSET */
+typedef struct net_q_srv_pwset_info
+{
+    DOM_CLNT_INFO clnt_id; /* client identification/authentication info */
+    uint8 pwd[16]; /* new password - undocumented. */
+
+} NET_Q_SRV_PWSET;
+    
+/* NET_R_SRV_PWSET */
+typedef struct net_r_srv_pwset_info
+{
+    DOM_CRED srv_cred;     /* server-calculated credentials */
+
+  NTSTATUS status; /* return code */
+
+} NET_R_SRV_PWSET;
+
+/* NET_ID_INFO_2 */
+typedef struct net_network_info_2
+{
+	uint32            ptr_id_info2;        /* pointer to id_info_2 */
+	UNIHDR            hdr_domain_name;     /* domain name unicode header */
+	uint32            param_ctrl;          /* param control (0x2) */
+	DOM_LOGON_ID      logon_id;            /* logon ID */
+	UNIHDR            hdr_user_name;       /* user name unicode header */
+	UNIHDR            hdr_wksta_name;      /* workstation name unicode header */
+	uint8             lm_chal[8];          /* lan manager 8 byte challenge */
+	STRHDR            hdr_nt_chal_resp;    /* nt challenge response */
+	STRHDR            hdr_lm_chal_resp;    /* lm challenge response */
+
+	UNISTR2           uni_domain_name;     /* domain name unicode string */
+	UNISTR2           uni_user_name;       /* user name unicode string */
+	UNISTR2           uni_wksta_name;      /* workgroup name unicode string */
+	STRING2           nt_chal_resp;        /* nt challenge response */
+	STRING2           lm_chal_resp;        /* lm challenge response */
+
+} NET_ID_INFO_2;
+
+/* NET_ID_INFO_1 */
+typedef struct id_info_1
+{
+	uint32            ptr_id_info1;        /* pointer to id_info_1 */
+	UNIHDR            hdr_domain_name;     /* domain name unicode header */
+	uint32            param_ctrl;          /* param control */
+	DOM_LOGON_ID      logon_id;            /* logon ID */
+	UNIHDR            hdr_user_name;       /* user name unicode header */
+	UNIHDR            hdr_wksta_name;      /* workstation name unicode header */
+	OWF_INFO          lm_owf;              /* LM OWF Password */
+	OWF_INFO          nt_owf;              /* NT OWF Password */
+	UNISTR2           uni_domain_name;     /* domain name unicode string */
+	UNISTR2           uni_user_name;       /* user name unicode string */
+	UNISTR2           uni_wksta_name;      /* workgroup name unicode string */
+
+} NET_ID_INFO_1;
+
+#define INTERACTIVE_LOGON_TYPE 1
+#define NET_LOGON_TYPE 2
+
+/* NET_ID_INFO_CTR */
+typedef struct net_id_info_ctr_info
+{
+  uint16         switch_value;
+  
+  union
+  {
+    NET_ID_INFO_1 id1; /* auth-level 1 - interactive user login */
+    NET_ID_INFO_2 id2; /* auth-level 2 - workstation referred login */
+
+  } auth;
+  
+} NET_ID_INFO_CTR;
+
+/* SAM_INFO - sam logon/off id structure */
+typedef struct sam_info
+{
+  DOM_CLNT_INFO2  client;
+  uint32          ptr_rtn_cred; /* pointer to return credentials */
+  DOM_CRED        rtn_cred; /* return credentials */
+  uint16          logon_level;
+  NET_ID_INFO_CTR *ctr;
+
+} DOM_SAM_INFO;
+
+/* NET_Q_SAM_LOGON */
+typedef struct net_q_sam_logon_info
+{
+    DOM_SAM_INFO sam_id;
+	uint16          validation_level;
+
+} NET_Q_SAM_LOGON;
+
+/* NET_R_SAM_LOGON */
+typedef struct net_r_sam_logon_info
+{
+    uint32 buffer_creds; /* undocumented buffer pointer */
+    DOM_CRED srv_creds; /* server credentials.  server time stamp appears to be ignored. */
+    
+	uint16 switch_value; /* 3 - indicates type of USER INFO */
+    NET_USER_INFO_3 *user;
+
+    uint32 auth_resp; /* 1 - Authoritative response; 0 - Non-Auth? */
+
+  NTSTATUS status; /* return code */
+
+} NET_R_SAM_LOGON;
+
+
+/* NET_Q_SAM_LOGOFF */
+typedef struct net_q_sam_logoff_info
+{
+    DOM_SAM_INFO sam_id;
+
+} NET_Q_SAM_LOGOFF;
+
+/* NET_R_SAM_LOGOFF */
+typedef struct net_r_sam_logoff_info
+{
+    uint32 buffer_creds; /* undocumented buffer pointer */
+    DOM_CRED srv_creds; /* server credentials.  server time stamp appears to be ignored. */
+    
+  NTSTATUS status; /* return code */
+
+} NET_R_SAM_LOGOFF;
+
+/* NET_Q_SAM_SYNC */
+typedef struct net_q_sam_sync_info
+{
+	UNISTR2 uni_srv_name; /* \\PDC */
+	UNISTR2 uni_cli_name; /* BDC */
+	DOM_CRED cli_creds;
+	DOM_CRED ret_creds;
+
+	uint32 database_id;
+	uint32 restart_state;
+	uint32 sync_context;
+
+	uint32 max_size;       /* preferred maximum length */
+
+} NET_Q_SAM_SYNC;
+
+/* SAM_DELTA_HDR */
+typedef struct sam_delta_hdr_info
+{
+	uint16 type;  /* type of structure attached */
+	uint16 type2;
+	uint32 target_rid;
+
+	uint32 type3;
+	uint32 ptr_delta;
+
+} SAM_DELTA_HDR;
+
+/* SAM_DOMAIN_INFO (0x1) */
+typedef struct sam_domain_info_info
+{
+	UNIHDR hdr_dom_name;
+	UNIHDR hdr_oem_info;
+
+	UINT64_S force_logoff;
+	uint16   min_pwd_len;
+	uint16   pwd_history_len;
+	UINT64_S max_pwd_age;
+	UINT64_S min_pwd_age;
+	UINT64_S dom_mod_count;
+	NTTIME   creation_time;
+
+	BUFHDR2 hdr_sec_desc; /* security descriptor */
+	UNIHDR hdr_unknown;
+	uint8 reserved[40];
+
+	UNISTR2 uni_dom_name;
+	UNISTR2 buf_oem_info; /* never seen */
+
+	BUFFER4 buf_sec_desc;
+	UNISTR2 buf_unknown;
+
+} SAM_DOMAIN_INFO;
+
+/* SAM_GROUP_INFO (0x2) */
+typedef struct sam_group_info_info
+{
+	UNIHDR hdr_grp_name;
+	DOM_GID gid;
+	UNIHDR hdr_grp_desc;
+	BUFHDR2 hdr_sec_desc;  /* security descriptor */
+	uint8 reserved[48];
+
+	UNISTR2 uni_grp_name;
+	UNISTR2 uni_grp_desc;
+	BUFFER4 buf_sec_desc;
+
+} SAM_GROUP_INFO;
+
+/* SAM_PWD */
+typedef struct sam_passwd_info
+{
+	/* this structure probably contains password history */
+	/* this is probably a count of lm/nt pairs */
+	uint32 unk_0; /* 0x0000 0002 */
+
+	UNIHDR hdr_lm_pwd;
+	uint8  buf_lm_pwd[16];
+
+	UNIHDR hdr_nt_pwd;
+	uint8  buf_nt_pwd[16];
+
+	UNIHDR hdr_empty_lm;
+	UNIHDR hdr_empty_nt;
+
+} SAM_PWD;
+
+/* SAM_ACCOUNT_INFO (0x5) */
+typedef struct sam_account_info_info
+{
+	UNIHDR hdr_acct_name;
+	UNIHDR hdr_full_name;
+
+	uint32 user_rid;
+	uint32 group_rid;
+
+	UNIHDR hdr_home_dir;
+	UNIHDR hdr_dir_drive;
+	UNIHDR hdr_logon_script;
+	UNIHDR hdr_acct_desc;
+	UNIHDR hdr_workstations;
+
+	NTTIME logon_time;
+	NTTIME logoff_time;
+
+	uint32 logon_divs; /* 0xA8 */
+	uint32 ptr_logon_hrs;
+
+	uint16 bad_pwd_count;
+	uint16 logon_count;
+	NTTIME pwd_last_set_time;
+	NTTIME acct_expiry_time;
+
+	uint32 acb_info;
+	uint8 nt_pwd[16];
+	uint8 lm_pwd[16];
+	uint8 nt_pwd_present;
+	uint8 lm_pwd_present;
+	uint8 pwd_expired;
+
+	UNIHDR hdr_comment;
+	UNIHDR hdr_parameters;
+	uint16 country;
+	uint16 codepage;
+
+	BUFHDR2 hdr_sec_desc;  /* security descriptor */
+
+	UNIHDR  hdr_profile;
+	UNIHDR  hdr_reserved[3];  /* space for more strings */
+	uint32  dw_reserved[4];   /* space for more data - first two seem to
+				     be an NTTIME */
+
+	UNISTR2 uni_acct_name;
+	UNISTR2 uni_full_name;
+	UNISTR2 uni_home_dir;
+	UNISTR2 uni_dir_drive;
+	UNISTR2 uni_logon_script;
+	UNISTR2 uni_acct_desc;
+	UNISTR2 uni_workstations;
+
+	uint32 unknown1; /* 0x4EC */
+	uint32 unknown2; /* 0 */
+
+	BUFFER4 buf_logon_hrs;
+	UNISTR2 uni_comment;
+	UNISTR2 uni_parameters;
+	SAM_PWD pass;
+	BUFFER4 buf_sec_desc;
+	UNISTR2 uni_profile;
+
+} SAM_ACCOUNT_INFO;
+
+/* SAM_GROUP_MEM_INFO (0x8) */
+typedef struct sam_group_mem_info_info
+{
+	uint32 ptr_rids;
+	uint32 ptr_attribs;
+	uint32 num_members;
+	uint8 unknown[16];
+
+	uint32 num_members2;
+	uint32 *rids;
+
+	uint32 num_members3;
+	uint32 *attribs;
+
+} SAM_GROUP_MEM_INFO;
+
+/* SAM_ALIAS_INFO (0x9) */
+typedef struct sam_alias_info_info
+{
+	UNIHDR hdr_als_name;
+	uint32 als_rid;
+	BUFHDR2 hdr_sec_desc;  /* security descriptor */
+	UNIHDR hdr_als_desc;
+	uint8 reserved[40];
+
+	UNISTR2 uni_als_name;
+	BUFFER4 buf_sec_desc;
+	UNISTR2 uni_als_desc;
+
+} SAM_ALIAS_INFO;
+
+/* SAM_ALIAS_MEM_INFO (0xC) */
+typedef struct sam_alias_mem_info_info
+{
+	uint32 num_members;
+	uint32 ptr_members;
+	uint8 unknown[16];
+
+	uint32 num_sids;
+	uint32 *ptr_sids;
+	DOM_SID2 *sids;
+
+} SAM_ALIAS_MEM_INFO;
+
+
+/* SAM_DELTA_DOM (0x0D) */
+typedef struct
+{
+	uint32 unknown1; /* 0x5000 */
+	uint32 unknown2; /* 0 */
+	uint32 unknown3; /* 0 */
+	uint32 unknown4; /* 0 */
+	uint32 count1;
+	uint32 ptr1;
+	uint16 count2;
+	uint16 count3;
+	uint32 ptr2;
+	uint32 ptr3;
+
+	uint32 unknown4b; /* 0x02000000 */
+	uint32 unknown5; /* 0x00100000 */
+	uint32 unknown6; /* 0x00010000 */
+	uint32 unknown7; /* 0x0f000000 */
+	uint32 unknown8; /* 0 */
+	uint32 unknown9; /* 0 */
+	uint32 unknown10; /* 0 */
+	uint32 unknown11; /* 0x3c*/
+	uint32 unknown12; /* 0*/
+
+	uint32 unknown13; /* a7080110 */
+	uint32 unknown14; /* 01bfb0dd */
+	uint32 unknown15; /* 0f */
+	uint32 unknown16; /* 68 */
+	uint32 unknown17; /* 00169000 */
+
+	uint32 count4;
+	uint32 unknown18; /* 0  times count4 */
+	
+	uint32 unknown19; /* 8 */
+
+	uint32 unknown20; /* 0x04 times count1 */
+	
+	uint32 ptr4;
+	
+	UNISTR2 domain_name;
+	DOM_SID2 domain_sid;
+
+} SAM_DELTA_DOM;
+
+/* SAM_DELTA_UNK0E (0x0e) */
+typedef struct
+{
+	uint32 buf_size;
+	SEC_DESC *sec_desc;
+	DOM_SID2 sid;
+	UNIHDR hdr_domain;
+	
+	uint32 unknown0;
+	uint32 unknown1;
+	uint32 unknown2;
+	
+	uint32 buf_size2;
+	uint32 ptr;
+
+	uint32 unknown3;
+	UNISTR2 domain;
+
+} SAM_DELTA_UNK0E;
+
+/* SAM_DELTA_PRIVS (0x10) */
+typedef struct
+{
+	uint32 buf_size;
+	SEC_DESC *sec_desc;
+	DOM_SID2 sid;
+
+	uint32 priv_count;
+	uint32 reserved1; /* 0x0 */
+
+	uint32 ptr1;
+	uint32 ptr2;
+
+	uint32 unknown1;
+	uint32 unknown2;
+	uint32 unknown3;
+	uint32 unknown4;
+	uint32 unknown5;
+	uint32 unknown6;
+	uint32 unknown7;
+	uint32 unknown8;
+	uint32 unknown9;
+	
+	uint32 buf_size2;
+	uint32 ptr3;
+	uint32 unknown10; /* 48 bytes 0x0*/
+	
+	uint32 attribute_count;
+	uint32 *attributes;
+	
+	uint32 privlist_count;
+	UNIHDR *hdr_privslist;
+	UNISTR2 *uni_privslist;
+
+
+} SAM_DELTA_PRIVS;
+
+/* SAM_DELTA_UNK12 (0x12) */
+typedef struct
+{
+	uint32 buf_size;
+	SEC_DESC *sec_desc;
+	UNISTR2 secret;
+
+	uint32 count1;
+	uint32 count2;
+	uint32 ptr;
+	NTTIME time1;
+	uint32 count3;
+	uint32 count4;
+	uint32 ptr2;
+	NTTIME time2;
+	uint32 unknow1;
+
+	uint32 buf_size2;
+	uint32 ptr3;
+	uint32 unknow2; /* 0x0 12 times */
+
+	uint32 chal_len;
+	uint32 reserved1; /* 0 */
+	uint32 chal_len2;
+	uint8 chal[16];
+
+	uint32 key_len;
+	uint32 reserved2; /* 0 */
+	uint32 key_len2;
+	uint8 key[8];
+
+	uint32 buf_size3;
+	SEC_DESC *sec_desc2;
+
+} SAM_DELTA_UNK12;
+
+/* SAM_DELTA_STAMP (0x16) */
+typedef struct
+{
+        uint32 seqnum;
+        uint32 dom_mod_count_ptr;
+	UINT64_S dom_mod_count;  /* domain mod count at last sync */
+} SAM_DELTA_STAMP;
+
+typedef union sam_delta_ctr_info
+{
+	SAM_DOMAIN_INFO    domain_info ;
+	SAM_GROUP_INFO     group_info  ;
+	SAM_ACCOUNT_INFO   account_info;
+	SAM_GROUP_MEM_INFO grp_mem_info;
+	SAM_ALIAS_INFO     alias_info  ;
+	SAM_ALIAS_MEM_INFO als_mem_info;
+	SAM_DELTA_DOM	   dom_info;
+	SAM_DELTA_PRIVS    privs_info;
+	SAM_DELTA_STAMP    stamp;
+	SAM_DELTA_UNK0E    unk0e_info;
+	SAM_DELTA_UNK12    unk12_info;
+} SAM_DELTA_CTR;
+
+/* NET_R_SAM_SYNC */
+typedef struct net_r_sam_sync_info
+{
+	DOM_CRED srv_creds;
+
+	uint32 sync_context;
+
+	uint32 ptr_deltas;
+	uint32 num_deltas;
+	uint32 ptr_deltas2;
+	uint32 num_deltas2;
+
+	SAM_DELTA_HDR *hdr_deltas;
+	SAM_DELTA_CTR *deltas;
+
+	NTSTATUS status;
+} NET_R_SAM_SYNC;
+
+/* NET_Q_SAM_DELTAS */
+typedef struct net_q_sam_deltas_info
+{
+	UNISTR2 uni_srv_name;
+	UNISTR2 uni_cli_name;
+	DOM_CRED cli_creds;
+	DOM_CRED ret_creds;
+
+	uint32 database_id;
+	UINT64_S dom_mod_count;  /* domain mod count at last sync */
+
+	uint32 max_size;       /* preferred maximum length */
+
+} NET_Q_SAM_DELTAS;
+
+/* NET_R_SAM_DELTAS */
+typedef struct net_r_sam_deltas_info
+{
+	DOM_CRED srv_creds;
+
+	UINT64_S dom_mod_count;   /* new domain mod count */
+
+	uint32 ptr_deltas;
+	uint32 num_deltas;
+	uint32 num_deltas2;
+
+	SAM_DELTA_HDR *hdr_deltas;
+	SAM_DELTA_CTR *deltas;
+
+	NTSTATUS status;
+} NET_R_SAM_DELTAS;
+
+#endif /* _RPC_NETLOGON_H */
diff --git a/source3/include/rpc_parse.h b/source3/include/rpc_parse.h
new file mode 100644
index 0000000000..73fbcb2b1b
--- /dev/null
+++ b/source3/include/rpc_parse.h
@@ -0,0 +1,30 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB parameters and setup
+   Copyright (C) Andrew Tridgell              1992-2000
+   Copyright (C) Luke Kenneth Casson Leighton 1996-2000
+   Copyright (C) Elrond                            2000
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _RPC_PARSE_H
+#define _RPC_PARSE_H 
+
+/* different dce/rpc pipes */
+#include "rpc_reg.h"
+#include "rpc_brs.h"
+
+#endif /* _RPC_PARSE_H */
diff --git a/source3/include/rpc_reg.h b/source3/include/rpc_reg.h
new file mode 100644
index 0000000000..a5aa606120
--- /dev/null
+++ b/source3/include/rpc_reg.h
@@ -0,0 +1,552 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB parameters and setup
+   Copyright (C) Andrew Tridgell 1992-1997
+   Copyright (C) Luke Kenneth Casson Leighton 1996-1997
+   Copyright (C) Paul Ashton 1997
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _RPC_REG_H /* _RPC_REG_H */
+#define _RPC_REG_H 
+
+
+/* winreg pipe defines */
+#define REG_OPEN_HKCR		0x00
+#define _REG_UNK_01		0x01
+#define REG_OPEN_HKLM		0x02
+#define _REG_UNK_03		0x03
+#define REG_OPEN_HKU		0x04
+#define REG_CLOSE		0x05
+#define REG_CREATE_KEY		0x06
+#define REG_DELETE_KEY		0x07
+#define REG_DELETE_VALUE	0x08
+#define REG_ENUM_KEY		0x09
+#define REG_ENUM_VALUE		0x0a
+#define REG_FLUSH_KEY		0x0b
+#define REG_GET_KEY_SEC		0x0c
+#define	_REG_UNK_0D		0x0d
+#define _REG_UNK_0E		0x0e
+#define REG_OPEN_ENTRY		0x0f
+#define REG_QUERY_KEY		0x10
+#define REG_INFO		0x11
+#define	_REG_UNK_12		0x12
+#define _REG_UNK_13		0x13
+#define	_REG_UNK_14		0x14
+#define REG_SET_KEY_SEC		0x15
+#define REG_CREATE_VALUE	0x16
+#define	_REG_UNK_17		0x17
+#define REG_SHUTDOWN		0x18
+#define REG_ABORT_SHUTDOWN	0x19
+#define REG_UNK_1A		0x1a
+
+#define HKEY_CLASSES_ROOT	0x80000000
+#define HKEY_CURRENT_USER	0x80000001
+#define HKEY_LOCAL_MACHINE 	0x80000002
+#define HKEY_USERS         	0x80000003
+
+/* Registry data types */
+
+#define REG_NONE                       0
+#define REG_SZ		               1
+#define REG_EXPAND_SZ                  2
+#define REG_BINARY 	               3
+#define REG_DWORD	               4
+#define REG_DWORD_LE	               4	/* DWORD, little endian */
+#define REG_DWORD_BE	               5	/* DWORD, big endian */
+#define REG_LINK                       6
+#define REG_MULTI_SZ  	               7
+#define REG_RESOURCE_LIST              8
+#define REG_FULL_RESOURCE_DESCRIPTOR   9
+#define REG_RESOURCE_REQUIREMENTS_LIST 10
+
+/* Shutdown options */
+#define REG_FORCE_SHUTDOWN 0x001
+#define REG_REBOOT_ON_SHUTDOWN 0x100
+
+/* REG_Q_OPEN_HKCR   */
+typedef struct q_reg_open_hkcr_info
+{
+	uint32 ptr;
+	uint16 unknown_0; /* 0x5428      - 16 bit unknown */
+	uint16 unknown_1; /* random.  changes */
+	uint32 level;     /* 0x0000 0002 - 32 bit unknown */
+
+} REG_Q_OPEN_HKCR  ;
+
+/* REG_R_OPEN_HKCR   */
+typedef struct r_reg_open_hkcr_info
+{
+	POLICY_HND pol;       /* policy handle */
+	NTSTATUS status;         /* return status */
+
+} REG_R_OPEN_HKCR;
+
+
+/* REG_Q_OPEN_HKLM   */
+typedef struct q_reg_open_hklm_info
+{
+	uint32 ptr;
+	uint16 unknown_0;	/* 0xE084      - 16 bit unknown */
+	uint16 unknown_1;	/* random.  changes */
+	uint32 access_mask;	/* 0x0000 0002 - 32 bit unknown */
+
+}
+REG_Q_OPEN_HKLM;
+
+/* REG_R_OPEN_HKLM   */
+typedef struct r_reg_open_hklm_info
+{
+	POLICY_HND pol;		/* policy handle */
+	NTSTATUS status;		/* return status */
+
+}
+REG_R_OPEN_HKLM;
+
+
+/* REG_Q_OPEN_HKU */
+typedef struct q_reg_open_hku_info
+{
+	uint32 ptr;
+	uint16 unknown_0; /* 0xE084      - 16 bit unknown */
+	uint16 unknown_1; /* random.  changes */
+	uint32 level;     /* 0x0000 0002 - 32 bit unknown */
+
+} REG_Q_OPEN_HKU;
+
+/* REG_R_OPEN_HKU */
+typedef struct r_reg_open_hku_info
+{
+	POLICY_HND pol;       /* policy handle */
+	NTSTATUS status;         /* return status */
+
+} REG_R_OPEN_HKU;
+
+
+/* REG_Q_FLUSH_KEY */
+typedef struct q_reg_open_flush_key_info
+{
+	POLICY_HND pol;       /* policy handle */
+
+} REG_Q_FLUSH_KEY;
+
+/* REG_R_FLUSH_KEY */
+typedef struct r_reg_open_flush_key_info
+{
+	NTSTATUS status;         /* return status */
+
+} REG_R_FLUSH_KEY;
+
+
+/* REG_Q_SET_KEY_SEC */
+typedef struct q_reg_set_key_sec_info
+{
+	POLICY_HND pol;         /* policy handle */
+
+	uint32 sec_info;       /* xxxx_SECURITY_INFORMATION */
+
+	uint32 ptr;       /* pointer */
+	BUFHDR hdr_sec;    /* header for security data */
+	SEC_DESC_BUF *data;    /* security data */
+	
+} REG_Q_SET_KEY_SEC;
+
+/* REG_R_SET_KEY_SEC */
+typedef struct r_reg_set_key_sec_info
+{
+	NTSTATUS status;
+	
+} REG_R_SET_KEY_SEC;
+
+
+/* REG_Q_GET_KEY_SEC */
+typedef struct q_reg_get_key_sec_info
+{
+	POLICY_HND pol;         /* policy handle */
+
+	uint32 sec_info;       /* xxxx_SECURITY_INFORMATION */
+
+	uint32 ptr;       /* pointer */
+	BUFHDR hdr_sec;    /* header for security data */
+	SEC_DESC_BUF *data;    /* security data */
+	
+} REG_Q_GET_KEY_SEC;
+
+/* REG_R_GET_KEY_SEC */
+typedef struct r_reg_get_key_sec_info
+{
+	uint32 sec_info;       /* xxxx_SECURITY_INFORMATION */
+
+	uint32 ptr;       /* pointer */
+	BUFHDR hdr_sec;    /* header for security data */
+	SEC_DESC_BUF *data;    /* security data */
+
+	NTSTATUS status;
+	
+} REG_R_GET_KEY_SEC;
+
+/* REG_Q_CREATE_VALUE */
+typedef struct q_reg_create_value_info
+{
+	POLICY_HND pol;    /* policy handle */
+
+	UNIHDR hdr_name;   /* name of value */
+	UNISTR2 uni_name;
+
+	uint32 type;       /* 1 = UNISTR, 3 = BYTES, 4 = DWORD, 7 = MULTI_UNISTR */
+
+	BUFFER3 *buf_value; /* value, in byte buffer */
+
+} REG_Q_CREATE_VALUE;
+
+/* REG_R_CREATE_VALUE */
+typedef struct r_reg_create_value_info
+{ 
+	NTSTATUS status;         /* return status */
+
+} REG_R_CREATE_VALUE;
+
+/* REG_Q_ENUM_VALUE */
+typedef struct q_reg_query_value_info
+{
+	POLICY_HND pol;    /* policy handle */
+
+	uint32 val_index;  /* index */
+
+	UNIHDR hdr_name;   /* name of value */
+	UNISTR2 uni_name;
+
+	uint32 ptr_type;   /* pointer */
+	uint32 type;       /* 1 = UNISTR, 3 = BYTES, 4 = DWORD, 7 = MULTI_UNISTR */
+
+	uint32 ptr_value;  /* pointer */
+	BUFFER2 buf_value; /* value, in byte buffer */
+
+	uint32 ptr1;       /* pointer */
+	uint32 len_value1; /* */
+
+	uint32 ptr2;       /* pointer */
+	uint32 len_value2; /* */
+
+} REG_Q_ENUM_VALUE;
+
+/* REG_R_ENUM_VALUE */
+typedef struct r_reg_enum_value_info
+{ 
+	UNIHDR hdr_name;        /* name of value */
+	UNISTR2 uni_name;
+
+	uint32 ptr_type;            /* pointer */
+	uint32 type;        /* 1 = UNISTR, 3 = BYTES, 4 = DWORD, 7 = MULTI_UNISTR */
+
+	uint32 ptr_value;       /* pointer */
+	BUFFER2 *buf_value;    /* value, in byte buffer */
+
+	uint32 ptr1;            /* pointer */
+	uint32 len_value1;       /* */
+
+	uint32 ptr2;            /* pointer */
+	uint32 len_value2;       /* */
+
+	NTSTATUS status;         /* return status */
+
+} REG_R_ENUM_VALUE;
+
+/* REG_Q_CREATE_KEY */
+typedef struct q_reg_create_key_info
+{
+	POLICY_HND pnt_pol;       /* parent key policy handle */
+
+	UNIHDR hdr_name;
+	UNISTR2 uni_name;
+
+	UNIHDR hdr_class;
+	UNISTR2 uni_class;
+
+	uint32 reserved; /* 0x0000 0000 */
+	SEC_ACCESS sam_access; /* access rights flags, see rpc_secdes.h */
+
+	uint32 ptr1;
+	uint32 sec_info; /* xxxx_SECURITY_INFORMATION */
+
+	uint32 ptr2;       /* pointer */
+	BUFHDR hdr_sec;    /* header for security data */
+	uint32 ptr3;       /* pointer */
+	SEC_DESC_BUF *data;
+
+	uint32 unknown_2; /* 0x0000 0000 */
+
+} REG_Q_CREATE_KEY;
+
+/* REG_R_CREATE_KEY */
+typedef struct r_reg_create_key_info
+{
+	POLICY_HND key_pol;       /* policy handle */
+	uint32 unknown; /* 0x0000 0000 */
+
+	NTSTATUS status;         /* return status */
+
+} REG_R_CREATE_KEY;
+
+/* REG_Q_DELETE_KEY */
+typedef struct q_reg_delete_key_info
+{
+	POLICY_HND pnt_pol;       /* parent key policy handle */
+
+	UNIHDR hdr_name;
+	UNISTR2 uni_name;
+} REG_Q_DELETE_KEY;
+
+/* REG_R_DELETE_KEY */
+typedef struct r_reg_delete_key_info
+{
+	POLICY_HND key_pol;       /* policy handle */
+
+	NTSTATUS status;         /* return status */
+
+} REG_R_DELETE_KEY;
+
+/* REG_Q_DELETE_VALUE */
+typedef struct q_reg_delete_val_info
+{
+	POLICY_HND pnt_pol;       /* parent key policy handle */
+
+	UNIHDR hdr_name;
+	UNISTR2 uni_name;
+
+} REG_Q_DELETE_VALUE;
+
+/* REG_R_DELETE_VALUE */
+typedef struct r_reg_delete_val_info
+{
+	POLICY_HND key_pol;       /* policy handle */
+
+	NTSTATUS status;         /* return status */
+
+} REG_R_DELETE_VALUE;
+
+/* REG_Q_QUERY_KEY */
+typedef struct q_reg_query_info
+{
+	POLICY_HND pol;       /* policy handle */
+	UNIHDR hdr_class;
+	UNISTR2 uni_class;
+
+} REG_Q_QUERY_KEY;
+
+/* REG_R_QUERY_KEY */
+typedef struct r_reg_query_key_info
+{
+	UNIHDR hdr_class;
+	UNISTR2 uni_class;
+
+	uint32 num_subkeys;
+	uint32 max_subkeylen;
+	uint32 max_subkeysize; /* 0x0000 0000 */
+	uint32 num_values;
+	uint32 max_valnamelen;
+	uint32 max_valbufsize; 
+	uint32 sec_desc; /* 0x0000 0078 */
+	NTTIME mod_time;  /* modified time */
+
+	NTSTATUS status;         /* return status */
+
+} REG_R_QUERY_KEY;
+
+
+/* REG_Q_UNK_1A */
+typedef struct q_reg_unk_1a_info
+{
+	POLICY_HND pol;       /* policy handle */
+
+} REG_Q_UNK_1A;
+
+/* REG_R_UNK_1A */
+typedef struct r_reg_unk_1a_info
+{
+	uint32 unknown;         /* 0x0500 0000 */
+	NTSTATUS status;         /* return status */
+
+} REG_R_UNK_1A;
+
+
+/* REG_Q_CLOSE */
+typedef struct reg_q_close_info
+{
+	POLICY_HND pol; /* policy handle */
+
+} REG_Q_CLOSE;
+
+/* REG_R_CLOSE */
+typedef struct reg_r_close_info
+{
+	POLICY_HND pol; /* policy handle.  should be all zeros. */
+
+	NTSTATUS status; /* return code */
+
+} REG_R_CLOSE;
+
+
+/* REG_Q_ENUM_KEY */
+typedef struct q_reg_enum_value_info
+{
+	POLICY_HND pol;         /* policy handle */
+
+	uint32 key_index;       
+
+	uint16 key_name_len;    /* 0x0000 */
+	uint16 unknown_1;       /* 0x0414 */
+
+	uint32 ptr1;            /* pointer */
+	uint32 unknown_2;       /* 0x0000 020A */
+	uint8  pad1[8];         /* padding - zeros */
+
+	uint32 ptr2;            /* pointer */
+	uint8  pad2[8];         /* padding - zeros */
+
+	uint32 ptr3;            /* pointer */
+	NTTIME time;            /* current time? */
+
+} REG_Q_ENUM_KEY;
+
+/* REG_R_ENUM_KEY */
+typedef struct r_reg_enum_key_info
+{ 
+	uint16 key_name_len;    /* number of bytes in key name */
+	uint16 unknown_1;       /* 0x0414 - matches with query unknown_1 */
+
+	uint32 ptr1;            /* pointer */
+	uint32 unknown_2;       /* 0x0000 020A */
+	uint32 unknown_3;       /* 0x0000 0000 */
+
+	UNISTR3 key_name;
+
+	uint32 ptr2;            /* pointer */
+	uint8  pad2[8];         /* padding - zeros */
+
+	uint32 ptr3;            /* pointer */
+	NTTIME time;            /* current time? */
+
+	NTSTATUS status;         /* return status */
+
+} REG_R_ENUM_KEY;
+
+
+/* REG_Q_INFO */
+typedef struct q_reg_info_info
+{
+	POLICY_HND pol;		/* policy handle */
+
+	UNIHDR  hdr_type;	/* unicode product type header */
+	UNISTR2 uni_type;	/* unicode product type - "ProductType" */
+
+	uint32 ptr_reserved;	/* pointer */
+  
+	uint32 ptr_buf;		/* the next three fields follow if ptr_buf != 0 */
+	uint32 ptr_bufsize;
+	uint32 bufsize;
+	uint32 buf_unk;
+
+	uint32 unk1;
+	uint32 ptr_buflen;
+	uint32 buflen;
+  
+	uint32 ptr_buflen2;
+	uint32 buflen2;
+
+} REG_Q_INFO;
+
+/* REG_R_INFO */
+typedef struct r_reg_info_info
+{ 
+	uint32 ptr_type;	/* key type pointer */
+	uint32 type;		/* key datatype  */
+
+	uint32 ptr_uni_val;	/* key value pointer */
+	BUFFER2 *uni_val;	/* key value */
+
+	uint32 ptr_max_len;
+	uint32 buf_max_len;
+
+	uint32 ptr_len;
+	uint32 buf_len;
+  
+	NTSTATUS status;	/* return status */
+
+} REG_R_INFO;
+
+
+/* REG_Q_OPEN_ENTRY */
+typedef struct q_reg_open_entry_info
+{
+	POLICY_HND pol;        /* policy handle */
+
+	UNIHDR  hdr_name;       /* unicode registry string header */
+	UNISTR2 uni_name;       /* unicode registry string name */
+
+	uint32 unknown_0;       /* 32 bit unknown - 0x0000 0000 */
+	uint32 unknown_1;       /* 32 bit unknown - 0x0200 0000 */
+
+} REG_Q_OPEN_ENTRY;
+
+
+
+/* REG_R_OPEN_ENTRY */
+typedef struct r_reg_open_entry_info
+{
+	POLICY_HND pol;       /* policy handle */
+	NTSTATUS status;         /* return status */
+
+} REG_R_OPEN_ENTRY;
+
+/* REG_Q_SHUTDOWN */
+typedef struct q_reg_shutdown_info
+{
+	uint32 ptr_0;
+	uint32 ptr_1;
+	uint32 ptr_2;
+	UNIHDR hdr_msg;		/* shutdown message */
+	UNISTR2 uni_msg;	/* seconds */
+	uint32 timeout;		/* seconds */
+	uint16 flags;
+		
+} REG_Q_SHUTDOWN;
+
+/* REG_R_SHUTDOWN */
+typedef struct r_reg_shutdown_info
+{
+	NTSTATUS status;		/* return status */
+
+} REG_R_SHUTDOWN;
+
+/* REG_Q_ABORT_SHUTDOWN */
+typedef struct q_reg_abort_shutdown_info
+{
+	uint32 ptr_server;
+	uint16 server;
+
+} REG_Q_ABORT_SHUTDOWN;
+
+/* REG_R_ABORT_SHUTDOWN */
+typedef struct r_reg_abort_shutdown_info
+{ 
+	NTSTATUS status; /* return status */
+
+} REG_R_ABORT_SHUTDOWN;
+
+
+#endif /* _RPC_REG_H */
+
diff --git a/source3/include/rpc_samr.h b/source3/include/rpc_samr.h
new file mode 100644
index 0000000000..191a3695fb
--- /dev/null
+++ b/source3/include/rpc_samr.h
@@ -0,0 +1,1817 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB parameters and setup
+   Copyright (C) Andrew Tridgell              1992-2000
+   Copyright (C) Luke Kenneth Casson Leighton 1996-2000
+   Copyright (C) Paul Ashton                  1997-2000
+   Copyright (C) Jean François Micouleau      1998-2001.
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _RPC_SAMR_H /* _RPC_SAMR_H */
+#define _RPC_SAMR_H 
+
+
+#include "rpc_misc.h"
+
+
+/*******************************************************************
+ the following information comes from a QuickView on samsrv.dll,
+ and gives an idea of exactly what is needed:
+ 
+x SamrAddMemberToAlias
+x SamrAddMemberToGroup
+SamrAddMultipleMembersToAlias
+x SamrChangePasswordUser
+x SamrCloseHandle
+x SamrConnect
+x SamrCreateAliasInDomain
+x SamrCreateGroupInDomain
+x SamrCreateUserInDomain
+? SamrDeleteAlias
+SamrDeleteGroup
+x SamrDeleteUser
+x SamrEnumerateAliasesInDomain
+SamrEnumerateDomainsInSamServer
+x SamrEnumerateGroupsInDomain
+x SamrEnumerateUsersInDomain
+SamrGetUserDomainPasswordInformation
+SamrLookupDomainInSamServer
+? SamrLookupIdsInDomain
+x SamrLookupNamesInDomain
+x SamrOpenAlias
+x SamrOpenDomain
+x SamrOpenGroup
+x SamrOpenUser
+x SamrQueryDisplayInformation
+x SamrQueryInformationAlias
+SamrQueryInformationDomain
+? SamrQueryInformationUser
+x SamrQuerySecurityObject
+SamrRemoveMemberFromAlias
+SamrRemoveMemberFromForiegnDomain
+SamrRemoveMemberFromGroup
+SamrRemoveMultipleMembersFromAlias
+x SamrSetInformationAlias
+SamrSetInformationDomain
+x SamrSetInformationGroup
+x SamrSetInformationUser
+SamrSetMemberAttributesOfGroup
+SamrSetSecurityObject
+SamrShutdownSamServer
+SamrTestPrivateFunctionsDomain
+SamrTestPrivateFunctionsUser
+
+********************************************************************/
+
+#define SAMR_CONNECT_ANON      0x00
+#define SAMR_CLOSE_HND         0x01
+#define SAMR_UNKNOWN_2         0x02 /* set sec object? */
+#define SAMR_QUERY_SEC_OBJECT  0x03
+
+#define SAMR_UNKNOWN_4         0x04 /* profile info? */
+#define SAMR_LOOKUP_DOMAIN     0x05
+#define SAMR_ENUM_DOMAINS      0x06
+#define SAMR_OPEN_DOMAIN       0x07
+#define SAMR_QUERY_DOMAIN_INFO 0x08
+#define SAMR_SET_DOMAIN_INFO   0x09
+
+#define SAMR_CREATE_DOM_GROUP  0x0a
+#define SAMR_ENUM_DOM_GROUPS   0x0b
+#define SAMR_ENUM_DOM_USERS    0x0d
+#define SAMR_CREATE_DOM_ALIAS  0x0e
+#define SAMR_ENUM_DOM_ALIASES  0x0f
+#define SAMR_QUERY_USERALIASES 0x10
+
+#define SAMR_LOOKUP_NAMES      0x11
+#define SAMR_LOOKUP_RIDS       0x12
+
+#define SAMR_OPEN_GROUP        0x13
+#define SAMR_QUERY_GROUPINFO   0x14
+#define SAMR_SET_GROUPINFO     0x15
+#define SAMR_ADD_GROUPMEM      0x16
+#define SAMR_DELETE_DOM_GROUP  0x17
+#define SAMR_DEL_GROUPMEM      0x18
+#define SAMR_QUERY_GROUPMEM    0x19
+#define SAMR_UNKNOWN_1A        0x1a
+
+#define SAMR_OPEN_ALIAS        0x1b
+#define SAMR_QUERY_ALIASINFO   0x1c
+#define SAMR_SET_ALIASINFO     0x1d
+#define SAMR_DELETE_DOM_ALIAS  0x1e
+#define SAMR_ADD_ALIASMEM      0x1f
+#define SAMR_DEL_ALIASMEM      0x20
+#define SAMR_QUERY_ALIASMEM    0x21
+
+#define SAMR_OPEN_USER         0x22
+#define SAMR_DELETE_DOM_USER   0x23
+#define SAMR_QUERY_USERINFO    0x24
+#define SAMR_SET_USERINFO2     0x25
+#define SAMR_QUERY_USERGROUPS  0x27
+
+#define SAMR_QUERY_DISPINFO    0x28
+#define SAMR_UNKNOWN_29        0x29
+#define SAMR_UNKNOWN_2a        0x2a
+#define SAMR_UNKNOWN_2b        0x2b
+#define SAMR_GET_USRDOM_PWINFO 0x2c
+#define SAMR_UNKNOWN_2D        0x2d
+#define SAMR_UNKNOWN_2E        0x2e /* looks like an alias for SAMR_QUERY_DOMAIN_INFO */
+#define SAMR_UNKNOWN_2f        0x2f
+#define SAMR_QUERY_DISPINFO3   0x30 /* Alias for SAMR_QUERY_DISPINFO
+				       with info level 3 */
+#define SAMR_UNKNOWN_31        0x31
+#define SAMR_CREATE_USER       0x32
+#define SAMR_QUERY_DISPINFO4   0x33 /* Alias for SAMR_QUERY_DISPINFO
+				       with info level 4 */
+#define SAMR_ADDMULTI_ALIASMEM 0x34
+
+#define SAMR_UNKNOWN_35        0x35
+#define SAMR_UNKNOWN_36        0x36
+#define SAMR_CHGPASSWD_USER    0x37
+#define SAMR_GET_DOM_PWINFO    0x38
+#define SAMR_CONNECT           0x39
+#define SAMR_SET_USERINFO      0x3A
+
+
+typedef struct _DISP_USER_INFO {
+	SAM_ACCOUNT *sam;
+} DISP_USER_INFO;
+
+typedef struct _DISP_GROUP_INFO {
+	DOMAIN_GRP *grp;
+} DISP_GROUP_INFO;
+
+
+typedef struct logon_hours_info
+{
+	uint32 len; /* normally 21 bytes */
+	uint8 hours[32];
+
+} LOGON_HRS;
+
+/* SAM_USER_INFO_23 */
+typedef struct sam_user_info_23
+{
+	/* TIMES MAY NOT IN RIGHT ORDER!!!! */
+	NTTIME logon_time;            /* logon time */
+	NTTIME logoff_time;           /* logoff time */
+	NTTIME kickoff_time;          /* kickoff time */
+	NTTIME pass_last_set_time;    /* password last set time */
+	NTTIME pass_can_change_time;  /* password can change time */
+	NTTIME pass_must_change_time; /* password must change time */
+
+	UNIHDR hdr_user_name;    /* NULL - user name unicode string header */
+	UNIHDR hdr_full_name;    /* user's full name unicode string header */
+	UNIHDR hdr_home_dir;     /* home directory unicode string header */
+	UNIHDR hdr_dir_drive;    /* home drive unicode string header */
+	UNIHDR hdr_logon_script; /* logon script unicode string header */
+	UNIHDR hdr_profile_path; /* profile path unicode string header */
+	UNIHDR hdr_acct_desc  ;  /* user description */
+	UNIHDR hdr_workstations; /* comma-separated workstations user can log in from */
+	UNIHDR hdr_unknown_str ; /* don't know what this is, yet. */
+	UNIHDR hdr_munged_dial ; /* munged path name and dial-back tel number */
+
+	uint8 lm_pwd[16];    /* lm user passwords */
+	uint8 nt_pwd[16];    /* nt user passwords */
+
+	uint32 user_rid;      /* Primary User ID */
+	uint32 group_rid;     /* Primary Group ID */
+
+	uint32 acb_info; /* account info (ACB_xxxx bit-mask) */
+
+	uint32 unknown_3; /* 0x09f8 27fa */
+
+	uint16 logon_divs; /* 0x0000 00a8 which is 168 which is num hrs in a week */
+	/* uint8 pad[2] */
+	uint32 ptr_logon_hrs; /* pointer to logon hours */
+
+	uint8 padding1[8];
+
+	uint32 unknown_5;     /* 0x0001 0000 */
+
+	uint8 pass[516];
+
+	UNISTR2 uni_user_name;    /* NULL - username unicode string */
+	UNISTR2 uni_full_name;    /* user's full name unicode string */
+	UNISTR2 uni_home_dir;     /* home directory unicode string */
+	UNISTR2 uni_dir_drive;    /* home directory drive unicode string */
+	UNISTR2 uni_logon_script; /* logon script unicode string */
+	UNISTR2 uni_profile_path; /* profile path unicode string */
+	UNISTR2 uni_acct_desc  ;  /* user description unicode string */
+	UNISTR2 uni_workstations; /* login from workstations unicode string */
+	UNISTR2 uni_unknown_str ; /* don't know what this is, yet. */
+	UNISTR2 uni_munged_dial ; /* munged path name and dial-back tel no */
+
+	uint32 unknown_6; /* 0x0000 04ec */
+	uint32 padding4;
+
+	LOGON_HRS logon_hrs;
+
+} SAM_USER_INFO_23;
+
+/* SAM_USER_INFO_24 */
+typedef struct sam_user_info_24
+{
+	uint8 pass[516];
+	uint16 pw_len;
+} SAM_USER_INFO_24;
+
+/*
+ * NB. This structure is *definately* incorrect. It's my best guess
+ * currently for W2K SP2. The password field is encrypted in a different
+ * way than normal... And there are definately other problems. JRA.
+ */
+
+/* SAM_USER_INFO_25 */
+typedef struct sam_user_info_25
+{
+	/* TIMES MAY NOT IN RIGHT ORDER!!!! */
+	NTTIME logon_time;            /* logon time */
+	NTTIME logoff_time;           /* logoff time */
+	NTTIME kickoff_time;          /* kickoff time */
+	NTTIME pass_last_set_time;    /* password last set time */
+	NTTIME pass_can_change_time;  /* password can change time */
+	NTTIME pass_must_change_time; /* password must change time */
+
+	UNIHDR hdr_user_name;    /* NULL - user name unicode string header */
+	UNIHDR hdr_full_name;    /* user's full name unicode string header */
+	UNIHDR hdr_home_dir;     /* home directory unicode string header */
+	UNIHDR hdr_dir_drive;    /* home drive unicode string header */
+	UNIHDR hdr_logon_script; /* logon script unicode string header */
+	UNIHDR hdr_profile_path; /* profile path unicode string header */
+	UNIHDR hdr_acct_desc  ;  /* user description */
+	UNIHDR hdr_workstations; /* comma-separated workstations user can log in from */
+	UNIHDR hdr_unknown_str ; /* don't know what this is, yet. */
+	UNIHDR hdr_munged_dial ; /* munged path name and dial-back tel number */
+
+	uint8 lm_pwd[16];    /* lm user passwords */
+	uint8 nt_pwd[16];    /* nt user passwords */
+
+	uint32 user_rid;      /* Primary User ID */
+	uint32 group_rid;     /* Primary Group ID */
+
+	uint32 acb_info; /* account info (ACB_xxxx bit-mask) */
+
+	uint32 unknown_6[6];
+
+	uint8 pass[532];
+
+	UNISTR2 uni_user_name;    /* NULL - username unicode string */
+	UNISTR2 uni_full_name;    /* user's full name unicode string */
+	UNISTR2 uni_home_dir;     /* home directory unicode string */
+	UNISTR2 uni_dir_drive;    /* home directory drive unicode string */
+	UNISTR2 uni_logon_script; /* logon script unicode string */
+	UNISTR2 uni_profile_path; /* profile path unicode string */
+	UNISTR2 uni_acct_desc  ;  /* user description unicode string */
+	UNISTR2 uni_workstations; /* login from workstations unicode string */
+	UNISTR2 uni_unknown_str ; /* don't know what this is, yet. */
+	UNISTR2 uni_munged_dial ; /* munged path name and dial-back tel no */
+} SAM_USER_INFO_25;
+
+
+/* SAM_USER_INFO_21 */
+typedef struct sam_user_info_21
+{
+	NTTIME logon_time;            /* logon time */
+	NTTIME logoff_time;           /* logoff time */
+	NTTIME kickoff_time;          /* kickoff time */
+	NTTIME pass_last_set_time;    /* password last set time */
+	NTTIME pass_can_change_time;  /* password can change time */
+	NTTIME pass_must_change_time; /* password must change time */
+
+	UNIHDR hdr_user_name;    /* username unicode string header */
+	UNIHDR hdr_full_name;    /* user's full name unicode string header */
+	UNIHDR hdr_home_dir;     /* home directory unicode string header */
+	UNIHDR hdr_dir_drive;    /* home drive unicode string header */
+	UNIHDR hdr_logon_script; /* logon script unicode string header */
+	UNIHDR hdr_profile_path; /* profile path unicode string header */
+	UNIHDR hdr_acct_desc  ;  /* user description */
+	UNIHDR hdr_workstations; /* comma-separated workstations user can log in from */
+	UNIHDR hdr_unknown_str ; /* don't know what this is, yet. */
+	UNIHDR hdr_munged_dial ; /* munged path name and dial-back tel number */
+
+	uint8 lm_pwd[16];    /* lm user passwords */
+	uint8 nt_pwd[16];    /* nt user passwords */
+
+	uint32 user_rid;      /* Primary User ID */
+	uint32 group_rid;     /* Primary Group ID */
+
+	uint32 acb_info; /* account info (ACB_xxxx bit-mask) */
+
+	uint32 unknown_3; /* 0x00ff ffff */
+
+	uint16 logon_divs; /* 0x0000 00a8 which is 168 which is num hrs in a week */
+	/* uint8 pad[2] */
+	uint32 ptr_logon_hrs; /* unknown pointer */
+
+	uint32 unknown_5;     /* 0x0002 0000 */
+
+	uint8 padding1[8];
+
+	UNISTR2 uni_user_name;    /* username unicode string */
+	UNISTR2 uni_full_name;    /* user's full name unicode string */
+	UNISTR2 uni_home_dir;     /* home directory unicode string */
+	UNISTR2 uni_dir_drive;    /* home directory drive unicode string */
+	UNISTR2 uni_logon_script; /* logon script unicode string */
+	UNISTR2 uni_profile_path; /* profile path unicode string */
+	UNISTR2 uni_acct_desc  ;  /* user description unicode string */
+	UNISTR2 uni_workstations; /* login from workstations unicode string */
+	UNISTR2 uni_unknown_str ; /* don't know what this is, yet. */
+	UNISTR2 uni_munged_dial ; /* munged path name and dial-back tel number */
+
+	uint32 unknown_6; /* 0x0000 04ec */
+	uint32 padding4;
+
+	LOGON_HRS logon_hrs;
+
+} SAM_USER_INFO_21;
+
+
+/* SAM_USER_INFO_20 */
+typedef struct sam_user_info_20
+{
+	UNIHDR hdr_munged_dial ; /* munged path name and dial-back tel number */
+
+	UNISTR2 uni_munged_dial ; /* munged path name and dial-back tel number */
+
+} SAM_USER_INFO_20;
+
+/* SAM_USER_INFO_12 */
+typedef struct sam_user_info_12
+{
+	uint8 lm_pwd[16];    /* lm user passwords */
+	uint8 nt_pwd[16];    /* nt user passwords */
+
+	uint8 lm_pwd_active; 
+	uint8 nt_pwd_active; 
+
+} SAM_USER_INFO_12;
+
+/* SAM_USER_INFO_11 */
+typedef struct sam_user_info_11
+{
+	uint8  padding_0[16];  /* 0 - padding 16 bytes */
+	NTTIME expiry;         /* expiry time or something? */
+	uint8  padding_1[24];  /* 0 - padding 24 bytes */
+
+	UNIHDR hdr_mach_acct;  /* unicode header for machine account */
+	uint32 padding_2;      /* 0 - padding 4 bytes */
+
+	uint32 ptr_1;          /* pointer */
+	uint8  padding_3[32];  /* 0 - padding 32 bytes */
+	uint32 padding_4;      /* 0 - padding 4 bytes */
+
+	uint32 ptr_2;          /* pointer */
+	uint32 padding_5;      /* 0 - padding 4 bytes */
+
+	uint32 ptr_3;          /* pointer */
+	uint8  padding_6[32];  /* 0 - padding 32 bytes */
+
+	uint32 rid_user;       /* user RID */
+	uint32 rid_group;      /* group RID */
+
+	uint16 acct_ctrl;      /* 0080 - ACB_XXXX */
+	uint16 unknown_3;      /* 16 bit padding */
+
+	uint16 unknown_4;      /* 0x003f      - 16 bit unknown */
+	uint16 unknown_5;      /* 0x003c      - 16 bit unknown */
+
+	uint8  padding_7[16];  /* 0 - padding 16 bytes */
+	uint32 padding_8;      /* 0 - padding 4 bytes */
+	
+	UNISTR2 uni_mach_acct; /* unicode string for machine account */
+
+	uint8  padding_9[48];  /* 0 - padding 48 bytes */
+
+} SAM_USER_INFO_11;
+
+
+/* SAM_USER_INFO_10 */
+typedef struct sam_user_info_10
+{
+	uint32 acb_info;
+
+} SAM_USER_INFO_10;
+
+
+
+/* SAMR_Q_CLOSE_HND - probably a policy handle close */
+typedef struct q_samr_close_hnd_info
+{
+    POLICY_HND pol;          /* policy handle */
+
+} SAMR_Q_CLOSE_HND;
+
+
+/* SAMR_R_CLOSE_HND - probably a policy handle close */
+typedef struct r_samr_close_hnd_info
+{
+	POLICY_HND pol;       /* policy handle */
+	NTSTATUS status;         /* return status */
+
+} SAMR_R_CLOSE_HND;
+
+
+/****************************************************************************
+SAMR_Q_GET_USRDOM_PWINFO - a "set user info" occurs just after this
+*****************************************************************************/
+
+/* SAMR_Q_GET_USRDOM_PWINFO */
+typedef struct q_samr_usrdom_pwinfo_info
+{
+	POLICY_HND user_pol;          /* policy handle */
+
+} SAMR_Q_GET_USRDOM_PWINFO;
+
+
+/****************************************************************************
+SAMR_R_GET_USRDOM_PWINFO - a "set user info" occurs just after this
+*****************************************************************************/
+
+/* SAMR_R_GET_USRDOM_PWINFO */
+typedef struct r_samr_usrdom_pwinfo_info
+{
+	uint16 unknown_0; /* 0000 */
+	uint16 unknown_1; /* 0x0016 or 0x0015 */
+	uint32 unknown_2; /* 0x0000 0000 */
+	NTSTATUS status; 
+
+} SAMR_R_GET_USRDOM_PWINFO;
+
+
+/****************************************************************************
+SAMR_Q_QUERY_SEC_OBJ - info level 4.  returns SIDs.
+*****************************************************************************/
+
+/* SAMR_Q_QUERY_SEC_OBJ - probably get domain info... */
+typedef struct q_samr_query_sec_obj_info
+{
+	POLICY_HND user_pol;          /* policy handle */
+	uint32 sec_info;     /* xxxx_SECURITY_INFORMATION 0x0000 0004 */
+
+} SAMR_Q_QUERY_SEC_OBJ;
+
+/* SAMR_R_QUERY_SEC_OBJ - probably an open */
+typedef struct r_samr_query_sec_obj_info
+{
+	uint32 ptr;
+	SEC_DESC_BUF *buf;
+
+	NTSTATUS status;         /* return status */
+
+} SAMR_R_QUERY_SEC_OBJ;
+
+
+/****************************************************************************
+SAMR_Q_QUERY_DOMAIN_INFO - probably a query on domain group info.
+*****************************************************************************/
+
+/* SAMR_Q_QUERY_DOMAIN_INFO - */
+typedef struct q_samr_query_domain_info
+{
+	POLICY_HND domain_pol;   /* policy handle */
+	uint16 switch_value;     /* 0x0002, 0x0001 */
+
+} SAMR_Q_QUERY_DOMAIN_INFO;
+
+typedef struct sam_unknown_info_3_info
+{
+	NTTIME logout;	
+	/* 0x8000 0000 */ /* DON'T forcibly disconnect remote users from server when logon hours expire*/
+
+	/* 0x0000 0000 */ /* forcibly disconnect remote users from server when logon hours expire*/
+
+} SAM_UNK_INFO_3;
+
+typedef struct sam_unknown_info_6_info
+{
+	uint32 unknown_0; /* 0x0000 0000 */
+
+	uint32 ptr_0;     /* pointer to unknown structure */
+	uint8  padding[12]; /* 12 bytes zeros */
+
+} SAM_UNK_INFO_6;
+
+typedef struct sam_unknown_info_7_info
+{
+	uint16 unknown_0; /* 0x0003 */
+
+} SAM_UNK_INFO_7;
+
+typedef struct sam_unknown_info_12_inf
+{
+	NTTIME duration;
+	NTTIME reset_count;
+	uint16 bad_attempt_lockout;
+
+} SAM_UNK_INFO_12;
+
+typedef struct sam_unknown_info_5_inf
+{
+	UNIHDR hdr_server; /* server name unicode header */
+	UNISTR2 uni_server; /* server name unicode string */
+
+} SAM_UNK_INFO_5;
+
+typedef struct sam_unknown_info_2_inf
+{
+	uint32 unknown_0; /* 0x0000 0000 */
+	uint32 unknown_1; /* 0x8000 0000 */
+	uint32 unknown_2; /* 0x0000 0000 */
+
+	uint32 ptr_0;     /* pointer to unknown structure */
+	UNIHDR hdr_domain; /* domain name unicode header */
+	UNIHDR hdr_server; /* server name unicode header */
+
+	/* put all the data in here, at the moment, including what the above
+	   pointer is referring to
+	 */
+
+	uint32 seq_num; /* some sort of incrementing sequence number? */
+	uint32 unknown_3; /* 0x0000 0000 */
+	
+	uint32 unknown_4; /* 0x0000 0001 */
+	uint32 unknown_5; /* 0x0000 0003 */
+	uint32 unknown_6; /* 0x0000 0001 */
+	uint32 num_domain_usrs; /* number of users in domain */
+	uint32 num_domain_grps; /* number of domain groups in domain */
+	uint32 num_local_grps; /* number of local groups in domain */
+
+	uint8 padding[12]; /* 12 bytes zeros */
+
+	UNISTR2 uni_domain; /* domain name unicode string */
+	UNISTR2 uni_server; /* server name unicode string */
+
+} SAM_UNK_INFO_2;
+
+typedef struct sam_unknown_info_1_inf
+{
+	uint16 min_length_password;
+	uint16 password_history;
+	uint32 flag;
+	NTTIME expire;
+	NTTIME min_passwordage;
+
+} SAM_UNK_INFO_1;
+
+
+typedef struct sam_unknown_ctr_info
+{
+	union
+	{
+		SAM_UNK_INFO_1 inf1;
+		SAM_UNK_INFO_2 inf2;
+		SAM_UNK_INFO_3 inf3;
+		SAM_UNK_INFO_5 inf5;
+		SAM_UNK_INFO_6 inf6;
+		SAM_UNK_INFO_7 inf7;
+		SAM_UNK_INFO_12 inf12;
+
+	} info;
+
+} SAM_UNK_CTR;
+
+
+/* SAMR_R_QUERY_DOMAIN_INFO - */
+typedef struct r_samr_query_domain_info
+{
+	uint32 ptr_0;
+	uint16 switch_value; /* same as in query */
+
+	SAM_UNK_CTR *ctr;
+
+	NTSTATUS status;         /* return status */
+
+} SAMR_R_QUERY_DOMAIN_INFO;
+
+
+/* SAMR_Q_LOOKUP_DOMAIN - obtain SID for a local domain */
+typedef struct q_samr_lookup_domain_info
+{
+	POLICY_HND connect_pol;
+
+	UNIHDR  hdr_domain;
+	UNISTR2 uni_domain;
+
+} SAMR_Q_LOOKUP_DOMAIN;
+
+
+/* SAMR_R_LOOKUP_DOMAIN */
+typedef struct r_samr_lookup_domain_info
+{
+	uint32   ptr_sid;
+	DOM_SID2 dom_sid;
+
+	NTSTATUS status;
+
+} SAMR_R_LOOKUP_DOMAIN;
+
+
+/****************************************************************************
+SAMR_Q_OPEN_DOMAIN - unknown_0 values seen associated with SIDs:
+
+0x0000 03f1 and a specific   domain sid - S-1-5-21-44c01ca6-797e5c3d-33f83fd0
+0x0000 0200 and a specific   domain sid - S-1-5-21-44c01ca6-797e5c3d-33f83fd0
+*****************************************************************************/
+
+/* SAMR_Q_OPEN_DOMAIN */
+typedef struct q_samr_open_domain_info
+{
+	POLICY_HND pol;   /* policy handle */
+	uint32 flags;               /* 0x2000 0000; 0x0000 0211; 0x0000 0280; 0x0000 0200 - flags? */
+	DOM_SID2 dom_sid;         /* domain SID */
+
+} SAMR_Q_OPEN_DOMAIN;
+
+
+/* SAMR_R_OPEN_DOMAIN - probably an open */
+typedef struct r_samr_open_domain_info
+{
+	POLICY_HND domain_pol; /* policy handle associated with the SID */
+	NTSTATUS status;         /* return status */
+
+} SAMR_R_OPEN_DOMAIN;
+
+#define MAX_SAM_ENTRIES_W2K 0x400
+#define MAX_SAM_ENTRIES_W95 50
+/* The following should be the greater of the preceeding two. */
+#define MAX_SAM_ENTRIES MAX_SAM_ENTRIES_W2K
+
+typedef struct samr_entry_info
+{
+	uint32 rid;
+	UNIHDR hdr_name;
+
+} SAM_ENTRY;
+
+
+/* SAMR_Q_ENUM_DOMAINS - SAM rids and names */
+typedef struct q_samr_enum_domains_info
+{
+	POLICY_HND pol;     /* policy handle */
+
+	uint32 start_idx;   /* enumeration handle */
+	uint32 max_size;    /* 0x0000 ffff */
+
+} SAMR_Q_ENUM_DOMAINS;
+
+/* SAMR_R_ENUM_DOMAINS - SAM rids and Domain names */
+typedef struct r_samr_enum_domains_info
+{
+	uint32 next_idx;     /* next starting index required for enum */
+	uint32 ptr_entries1;  
+
+	uint32 num_entries2;
+	uint32 ptr_entries2;
+
+	uint32 num_entries3;
+
+	SAM_ENTRY *sam;
+	UNISTR2 *uni_dom_name;
+
+	uint32 num_entries4;
+
+	NTSTATUS status;
+
+} SAMR_R_ENUM_DOMAINS;
+
+/* SAMR_Q_ENUM_DOM_USERS - SAM rids and names */
+typedef struct q_samr_enum_dom_users_info
+{
+	POLICY_HND pol;          /* policy handle */
+
+	uint32 start_idx;   /* number of values (0 indicates unlimited?) */
+	uint16 acb_mask;          /* 0x0000 indicates all */
+	uint16 unknown_1;         /* 0x0000 */
+
+	uint32 max_size;              /* 0x0000 ffff */
+
+} SAMR_Q_ENUM_DOM_USERS;
+
+
+/* SAMR_R_ENUM_DOM_USERS - SAM rids and names */
+typedef struct r_samr_enum_dom_users_info
+{
+	uint32 next_idx;     /* next starting index required for enum */
+	uint32 ptr_entries1;  
+
+	uint32 num_entries2;
+	uint32 ptr_entries2;
+
+	uint32 num_entries3;
+
+	SAM_ENTRY *sam;
+	UNISTR2 *uni_acct_name;
+
+	uint32 num_entries4;
+
+	NTSTATUS status;
+
+} SAMR_R_ENUM_DOM_USERS;
+
+
+/* SAMR_Q_ENUM_DOM_GROUPS - SAM rids and names */
+typedef struct q_samr_enum_dom_groups_info
+{
+	POLICY_HND pol;          /* policy handle */
+
+	/* this is possibly an enumeration context handle... */
+	uint32 start_idx;         /* 0x0000 0000 */
+
+	uint32 max_size;              /* 0x0000 ffff */
+
+} SAMR_Q_ENUM_DOM_GROUPS;
+
+
+/* SAMR_R_ENUM_DOM_GROUPS - SAM rids and names */
+typedef struct r_samr_enum_dom_groups_info
+{
+	uint32 next_idx;
+	uint32 ptr_entries1;
+
+	uint32 num_entries2;
+	uint32 ptr_entries2;
+
+	uint32 num_entries3;
+
+	SAM_ENTRY *sam;
+	UNISTR2 *uni_grp_name;
+
+	uint32 num_entries4;
+
+	NTSTATUS status;
+
+} SAMR_R_ENUM_DOM_GROUPS;
+
+
+/* SAMR_Q_ENUM_DOM_ALIASES - SAM rids and names */
+typedef struct q_samr_enum_dom_aliases_info
+{
+	POLICY_HND pol;          /* policy handle */
+
+	/* this is possibly an enumeration context handle... */
+	uint32 start_idx;         /* 0x0000 0000 */
+
+	uint32 max_size;              /* 0x0000 ffff */
+
+} SAMR_Q_ENUM_DOM_ALIASES;
+
+
+/* SAMR_R_ENUM_DOM_ALIASES - SAM rids and names */
+typedef struct r_samr_enum_dom_aliases_info
+{
+	uint32 next_idx;
+	uint32 ptr_entries1;
+
+	uint32 num_entries2;
+	uint32 ptr_entries2;
+
+	uint32 num_entries3;
+
+	SAM_ENTRY *sam;
+	UNISTR2 *uni_grp_name;
+
+	uint32 num_entries4;
+
+	NTSTATUS status;
+
+} SAMR_R_ENUM_DOM_ALIASES;
+
+
+/* -- Level 1 Display Info - User Information -- */
+
+typedef struct samr_entry_info1
+{
+	uint32 user_idx;
+
+	uint32 rid_user;
+	uint16 acb_info;
+
+	UNIHDR hdr_acct_name;
+	UNIHDR hdr_user_name;
+	UNIHDR hdr_user_desc;
+
+} SAM_ENTRY1;
+
+typedef struct samr_str_entry_info1
+{
+	UNISTR2 uni_acct_name;
+	UNISTR2 uni_full_name;
+	UNISTR2 uni_acct_desc;
+
+} SAM_STR1;
+
+typedef struct sam_entry_info_1
+{
+	SAM_ENTRY1 *sam;
+	SAM_STR1   *str;
+
+} SAM_DISPINFO_1;
+
+
+/* -- Level 2 Display Info - Trust Account Information -- */
+
+typedef struct samr_entry_info2
+{
+	uint32 user_idx;
+
+	uint32 rid_user;
+	uint16 acb_info;
+
+	UNIHDR hdr_srv_name;
+	UNIHDR hdr_srv_desc;
+
+} SAM_ENTRY2;
+
+typedef struct samr_str_entry_info2
+{
+	UNISTR2 uni_srv_name;
+	UNISTR2 uni_srv_desc;
+
+} SAM_STR2;
+
+typedef struct sam_entry_info_2
+{
+	SAM_ENTRY2 *sam;
+	SAM_STR2   *str;
+
+} SAM_DISPINFO_2;
+
+
+/* -- Level 3 Display Info - Domain Group Information -- */
+
+typedef struct samr_entry_info3
+{
+	uint32 grp_idx;
+
+	uint32 rid_grp;
+	uint32 attr;     /* SE_GROUP_xxx, usually 7 */
+
+	UNIHDR hdr_grp_name;
+	UNIHDR hdr_grp_desc;
+
+} SAM_ENTRY3;
+
+typedef struct samr_str_entry_info3
+{
+	UNISTR2 uni_grp_name;
+	UNISTR2 uni_grp_desc;
+
+} SAM_STR3;
+
+typedef struct sam_entry_info_3
+{
+	SAM_ENTRY3 *sam;
+	SAM_STR3   *str;
+
+} SAM_DISPINFO_3;
+
+
+/* -- Level 4 Display Info - User List (ASCII) -- */
+
+typedef struct samr_entry_info4
+{
+	uint32 user_idx;
+	STRHDR hdr_acct_name;
+
+} SAM_ENTRY4;
+
+typedef struct samr_str_entry_info4
+{
+	STRING2 acct_name;
+
+} SAM_STR4;
+
+typedef struct sam_entry_info_4
+{
+	SAM_ENTRY4 *sam;
+	SAM_STR4   *str;
+
+} SAM_DISPINFO_4;
+
+
+/* -- Level 5 Display Info - Group List (ASCII) -- */
+
+typedef struct samr_entry_info5
+{
+	uint32 grp_idx;
+	STRHDR hdr_grp_name;
+
+} SAM_ENTRY5;
+
+typedef struct samr_str_entry_info5
+{
+	STRING2 grp_name;
+
+} SAM_STR5;
+
+typedef struct sam_entry_info_5
+{
+	SAM_ENTRY5 *sam;
+	SAM_STR5   *str;
+
+} SAM_DISPINFO_5;
+
+
+typedef struct sam_dispinfo_ctr_info
+{
+	union
+	{
+		SAM_DISPINFO_1 *info1; /* users/names/descriptions */
+		SAM_DISPINFO_2 *info2; /* trust accounts */
+		SAM_DISPINFO_3 *info3; /* domain groups/descriptions */
+		SAM_DISPINFO_4 *info4; /* user list (ASCII) - used by Win95 */
+		SAM_DISPINFO_5 *info5; /* group list (ASCII) */
+		void       *info; /* allows assignment without typecasting, */
+
+	} sam;
+
+} SAM_DISPINFO_CTR;
+
+
+/* SAMR_Q_QUERY_DISPINFO - SAM rids, names and descriptions */
+typedef struct q_samr_query_disp_info
+{
+	POLICY_HND domain_pol;
+
+	uint16 switch_level;    /* see SAM_DISPINFO_CTR above */
+	/* align */
+
+	uint32 start_idx;       /* start enumeration index */
+	uint32 max_entries;     /* maximum number of entries to return */
+	uint32 max_size;        /* recommended data size; if exceeded server
+				   should return STATUS_MORE_ENTRIES */
+
+} SAMR_Q_QUERY_DISPINFO;
+
+
+/* SAMR_R_QUERY_DISPINFO  */
+typedef struct r_samr_query_dispinfo_info
+{
+	uint32 total_size;     /* total data size for all matching entries
+				  (0 = uncalculated) */
+	uint32 data_size;      /* actual data size returned = size of SAM_ENTRY
+				  structures + total length of strings */
+
+	uint16 switch_level;   /* see SAM_DISPINFO_CTR above */
+	/* align */
+
+	uint32 num_entries;    /* number of entries returned */
+	uint32 ptr_entries;
+	uint32 num_entries2;
+
+	SAM_DISPINFO_CTR *ctr;
+
+	NTSTATUS status;
+
+} SAMR_R_QUERY_DISPINFO;
+
+
+/* SAMR_Q_DELETE_DOM_GROUP - delete domain group */
+typedef struct q_samr_delete_dom_group_info
+{
+    POLICY_HND group_pol;          /* policy handle */
+
+} SAMR_Q_DELETE_DOM_GROUP;
+
+
+/* SAMR_R_DELETE_DOM_GROUP - delete domain group */
+typedef struct r_samr_delete_dom_group_info
+{
+	POLICY_HND pol;       /* policy handle */
+	NTSTATUS status;        /* return status */
+
+} SAMR_R_DELETE_DOM_GROUP;
+
+
+/* SAMR_Q_CREATE_DOM_GROUP - SAM create group */
+typedef struct q_samr_create_dom_group_info
+{
+	POLICY_HND pol;        /* policy handle */
+
+	UNIHDR hdr_acct_desc;
+	UNISTR2 uni_acct_desc;
+
+	uint32 access_mask;    
+
+} SAMR_Q_CREATE_DOM_GROUP;
+
+/* SAMR_R_CREATE_DOM_GROUP - SAM create group */
+typedef struct r_samr_create_dom_group_info
+{
+	POLICY_HND pol;        /* policy handle */
+
+	uint32 rid;    
+	NTSTATUS status;    
+
+} SAMR_R_CREATE_DOM_GROUP;
+
+/* SAMR_Q_QUERY_GROUPINFO - SAM Group Info */
+typedef struct q_samr_query_group_info
+{
+	POLICY_HND pol;        /* policy handle */
+
+	uint16 switch_level;    /* 0x0001 seen */
+
+} SAMR_Q_QUERY_GROUPINFO;
+
+typedef struct samr_group_info1
+{
+	UNIHDR hdr_acct_name;
+
+	uint32 unknown_1; /* 0x0000 0003 - number of group members? */
+	uint32 num_members; /* 0x0000 0001 - number of group members? */
+
+	UNIHDR hdr_acct_desc;
+
+	UNISTR2 uni_acct_name;
+	UNISTR2 uni_acct_desc;
+
+} GROUP_INFO1;
+
+typedef struct samr_group_info3
+{
+	uint32 unknown_1; /* 0x0000 0003 - number of group members? */
+
+} GROUP_INFO3;
+
+typedef struct samr_group_info4
+{
+	UNIHDR hdr_acct_desc;
+	UNISTR2 uni_acct_desc;
+
+} GROUP_INFO4;
+
+/* GROUP_INFO_CTR */
+typedef struct group_info_ctr
+{
+	uint16 switch_value1;
+
+	union
+ 	{
+		GROUP_INFO1 info1;
+		GROUP_INFO3 info3;
+		GROUP_INFO4 info4;
+
+	} group;
+
+} GROUP_INFO_CTR;
+
+/* SAMR_R_QUERY_GROUPINFO - SAM Group Info */
+typedef struct r_samr_query_groupinfo_info
+{
+	uint32 ptr;        
+	GROUP_INFO_CTR *ctr;
+
+	NTSTATUS status;
+
+} SAMR_R_QUERY_GROUPINFO;
+
+
+/* SAMR_Q_SET_GROUPINFO - SAM Group Info */
+typedef struct q_samr_set_group_info
+{
+	POLICY_HND pol;        /* policy handle */
+	GROUP_INFO_CTR *ctr;
+
+} SAMR_Q_SET_GROUPINFO;
+
+/* SAMR_R_SET_GROUPINFO - SAM Group Info */
+typedef struct r_samr_set_group_info
+{
+	NTSTATUS status;
+
+} SAMR_R_SET_GROUPINFO;
+
+
+/* SAMR_Q_DELETE_DOM_ALIAS - delete domain alias */
+typedef struct q_samr_delete_dom_alias_info
+{
+    POLICY_HND alias_pol;          /* policy handle */
+
+} SAMR_Q_DELETE_DOM_ALIAS;
+
+
+/* SAMR_R_DELETE_DOM_ALIAS - delete domain alias */
+typedef struct r_samr_delete_dom_alias_info
+{
+	POLICY_HND pol;       /* policy handle */
+	NTSTATUS status;        /* return status */
+
+} SAMR_R_DELETE_DOM_ALIAS;
+
+
+/* SAMR_Q_CREATE_DOM_ALIAS - SAM create alias */
+typedef struct q_samr_create_dom_alias_info
+{
+	POLICY_HND dom_pol;        /* policy handle */
+
+	UNIHDR hdr_acct_desc;
+	UNISTR2 uni_acct_desc;
+
+	uint32 access_mask;    /* 0x001f000f */
+
+} SAMR_Q_CREATE_DOM_ALIAS;
+
+/* SAMR_R_CREATE_DOM_ALIAS - SAM create alias */
+typedef struct r_samr_create_dom_alias_info
+{
+	POLICY_HND alias_pol;        /* policy handle */
+
+	uint32 rid;    
+	NTSTATUS status;    
+
+} SAMR_R_CREATE_DOM_ALIAS;
+
+/* SAMR_Q_QUERY_ALIASINFO - SAM Alias Info */
+typedef struct q_samr_query_alias_info
+{
+	POLICY_HND pol;        /* policy handle */
+
+	uint16 switch_level;    /* 0x0003 seen */
+
+} SAMR_Q_QUERY_ALIASINFO;
+
+typedef struct samr_alias_info1
+{
+	UNIHDR hdr_acct_name;
+	UNIHDR hdr_acct_desc;
+	uint32 num_member;
+	UNISTR2 uni_acct_name;
+	UNISTR2 uni_acct_desc;
+
+} ALIAS_INFO1;
+
+typedef struct samr_alias_info3
+{
+	UNIHDR hdr_acct_desc;
+	UNISTR2 uni_acct_desc;
+
+} ALIAS_INFO3;
+
+/* ALIAS_INFO_CTR */
+typedef struct alias_info_ctr
+{
+	uint16 switch_value1;
+	uint16 switch_value2;
+
+	union
+ 	{
+		ALIAS_INFO1 info1;
+		ALIAS_INFO3 info3;
+
+	} alias;
+
+} ALIAS_INFO_CTR;
+
+/* SAMR_R_QUERY_ALIASINFO - SAM alias info */
+typedef struct r_samr_query_aliasinfo_info
+{
+	uint32 ptr;        
+	ALIAS_INFO_CTR ctr;
+
+	NTSTATUS status;
+
+} SAMR_R_QUERY_ALIASINFO;
+
+
+/* SAMR_Q_SET_ALIASINFO - SAM Alias Info */
+typedef struct q_samr_set_alias_info
+{
+	POLICY_HND alias_pol;        /* policy handle */
+	ALIAS_INFO_CTR ctr;
+
+} SAMR_Q_SET_ALIASINFO;
+
+/* SAMR_R_SET_ALIASINFO - SAM alias info */
+typedef struct r_samr_set_aliasinfo_info
+{
+	NTSTATUS status;
+
+} SAMR_R_SET_ALIASINFO;
+
+
+/* SAMR_Q_QUERY_USERGROUPS - */
+typedef struct q_samr_query_usergroup_info
+{
+	POLICY_HND pol;          /* policy handle associated with unknown id */
+
+} SAMR_Q_QUERY_USERGROUPS;
+
+/* SAMR_R_QUERY_USERGROUPS - probably a get sam info */
+typedef struct r_samr_query_usergroup_info
+{
+	uint32 ptr_0;            /* pointer */
+	uint32 num_entries;      /* number of RID groups */
+	uint32 ptr_1;            /* pointer */
+	uint32 num_entries2;     /* number of RID groups */
+
+	DOM_GID *gid; /* group info */
+
+	NTSTATUS status;         /* return status */
+
+} SAMR_R_QUERY_USERGROUPS;
+
+/* SAM_USERINFO_CTR - sam user info */
+typedef struct sam_userinfo_ctr_info
+{
+	uint16 switch_value;      
+
+	union
+	{
+		SAM_USER_INFO_10 *id10; /* auth-level 0x10 */
+		SAM_USER_INFO_11 *id11; /* auth-level 0x11 */
+		SAM_USER_INFO_12 *id12; /* auth-level 0x12 */
+		SAM_USER_INFO_20 *id20; /* auth-level 20 */
+		SAM_USER_INFO_21 *id21; /* auth-level 21 */
+		SAM_USER_INFO_23 *id23; /* auth-level 0x17 */
+		SAM_USER_INFO_24 *id24; /* auth-level 0x18 */
+		SAM_USER_INFO_25 *id25; /* auth-level 0x19 */
+		void* id; /* to make typecasting easy */
+
+	} info;
+
+} SAM_USERINFO_CTR;
+
+
+/* SAMR_Q_SET_USERINFO2 - set sam info */
+typedef struct q_samr_set_user_info2
+{
+	POLICY_HND pol;          /* policy handle associated with user */
+	uint16 switch_value;      /* 0x0010 */
+
+	SAM_USERINFO_CTR *ctr;
+
+} SAMR_Q_SET_USERINFO2;
+
+/* SAMR_R_SET_USERINFO2 - set sam info */
+typedef struct r_samr_set_user_info2
+{
+	NTSTATUS status;         /* return status */
+
+} SAMR_R_SET_USERINFO2;
+
+/* SAMR_Q_SET_USERINFO - set sam info */
+typedef struct q_samr_set_user_info
+{
+	POLICY_HND pol;          /* policy handle associated with user */
+	uint16 switch_value;
+	SAM_USERINFO_CTR *ctr;
+
+} SAMR_Q_SET_USERINFO;
+
+/* SAMR_R_SET_USERINFO - set sam info */
+typedef struct r_samr_set_user_info
+{
+	NTSTATUS status;         /* return status */
+
+} SAMR_R_SET_USERINFO;
+
+
+/* SAMR_Q_QUERY_USERINFO - probably a get sam info */
+typedef struct q_samr_query_user_info
+{
+	POLICY_HND pol;          /* policy handle associated with unknown id */
+	uint16 switch_value;         /* 0x0015, 0x0011 or 0x0010 - 16 bit unknown */
+
+} SAMR_Q_QUERY_USERINFO;
+
+/* SAMR_R_QUERY_USERINFO - probably a get sam info */
+typedef struct r_samr_query_user_info
+{
+	uint32 ptr;            /* pointer */
+	SAM_USERINFO_CTR *ctr;
+
+	NTSTATUS status;         /* return status */
+
+} SAMR_R_QUERY_USERINFO;
+
+
+/****************************************************************************
+SAMR_Q_QUERY_USERALIASES - do a conversion from name to RID.
+
+the policy handle allocated by an "samr open secret" call is associated
+with a SID.  this policy handle is what is queried here, *not* the SID
+itself.  the response to the lookup rids is relative to this SID.
+*****************************************************************************/
+/* SAMR_Q_QUERY_USERALIASES */
+typedef struct q_samr_query_useraliases_info
+{
+	POLICY_HND pol;       /* policy handle */
+
+	uint32 num_sids1;      /* number of rids being looked up */
+	uint32 ptr;            /* buffer pointer */
+	uint32 num_sids2;      /* number of rids being looked up */
+
+	uint32   *ptr_sid; /* pointers to sids to be looked up */
+	DOM_SID2 *sid    ; /* sids to be looked up. */
+
+} SAMR_Q_QUERY_USERALIASES;
+
+
+/* SAMR_R_QUERY_USERALIASES */
+typedef struct r_samr_query_useraliases_info
+{
+	uint32 num_entries;
+	uint32 ptr; /* undocumented buffer pointer */
+
+	uint32 num_entries2; 
+	uint32 *rid; /* domain RIDs being looked up */
+
+	NTSTATUS status; /* return code */
+
+} SAMR_R_QUERY_USERALIASES;
+
+
+/****************************************************************************
+SAMR_Q_LOOKUP_NAMES - do a conversion from Names to RIDs+types.
+*****************************************************************************/
+/* SAMR_Q_LOOKUP_NAMES */
+typedef struct q_samr_lookup_names_info
+{
+	POLICY_HND pol;       /* policy handle */
+
+	uint32 num_names1;      /* number of names being looked up */
+	uint32 flags;           /* 0x0000 03e8 - unknown */
+	uint32 ptr;            /* 0x0000 0000 - 32 bit unknown */
+	uint32 num_names2;      /* number of names being looked up */
+
+	UNIHDR  *hdr_name; /* unicode account name header */
+	UNISTR2 *uni_name; /* unicode account name string */
+
+} SAMR_Q_LOOKUP_NAMES;
+
+
+/* SAMR_R_LOOKUP_NAMES */
+typedef struct r_samr_lookup_names_info
+{
+	uint32 num_rids1;      /* number of aliases being looked up */
+	uint32 ptr_rids;       /* pointer to aliases */
+	uint32 num_rids2;      /* number of aliases being looked up */
+
+	uint32 *rids; /* rids */
+
+	uint32 num_types1;      /* number of users in aliases being looked up */
+	uint32 ptr_types;       /* pointer to users in aliases */
+	uint32 num_types2;      /* number of users in aliases being looked up */
+
+	uint32 *types; /* SID_ENUM type */
+
+	NTSTATUS status; /* return code */
+
+} SAMR_R_LOOKUP_NAMES;
+
+
+/****************************************************************************
+SAMR_Q_LOOKUP_RIDS - do a conversion from RID groups to something.
+
+called to resolve domain RID groups.
+*****************************************************************************/
+/* SAMR_Q_LOOKUP_RIDS */
+typedef struct q_samr_lookup_rids_info
+{
+	POLICY_HND pol;       /* policy handle */
+
+	uint32 num_rids1;      /* number of rids being looked up */
+	uint32 flags;          /* 0x0000 03e8 - unknown */
+	uint32 ptr;            /* 0x0000 0000 - 32 bit unknown */
+	uint32 num_rids2;      /* number of rids being looked up */
+
+	uint32 *rid; /* domain RIDs being looked up */
+
+} SAMR_Q_LOOKUP_RIDS;
+
+
+/****************************************************************************
+SAMR_R_LOOKUP_RIDS - do a conversion from group RID to names
+
+*****************************************************************************/
+/* SAMR_R_LOOKUP_RIDS */
+typedef struct r_samr_lookup_rids_info
+{
+	uint32 num_names1;      /* number of aliases being looked up */
+	uint32 ptr_names;       /* pointer to aliases */
+	uint32 num_names2;      /* number of aliases being looked up */
+
+	UNIHDR  *hdr_name; /* unicode account name header */
+	UNISTR2 *uni_name; /* unicode account name string */
+
+	uint32 num_types1;      /* number of users in aliases being looked up */
+	uint32 ptr_types;       /* pointer to users in aliases */
+	uint32 num_types2;      /* number of users in aliases being looked up */
+
+	uint32 *type; /* SID_ENUM type */
+
+	NTSTATUS status;
+
+} SAMR_R_LOOKUP_RIDS;
+
+
+/* SAMR_Q_OPEN_USER - probably an open */
+typedef struct q_samr_open_user_info
+{
+	POLICY_HND domain_pol;       /* policy handle */
+	uint32 access_mask;     /* 32 bit unknown - 0x02011b */
+	uint32 user_rid;      /* user RID */
+
+} SAMR_Q_OPEN_USER;
+
+
+/* SAMR_R_OPEN_USER - probably an open */
+typedef struct r_samr_open_user_info
+{
+	POLICY_HND user_pol;       /* policy handle associated with unknown id */
+	NTSTATUS status;         /* return status */
+
+} SAMR_R_OPEN_USER;
+
+
+/* SAMR_Q_CREATE_USER - probably a create */
+typedef struct q_samr_create_user_info
+{
+	POLICY_HND domain_pol;       /* policy handle */
+
+	UNIHDR  hdr_name;       /* unicode account name header */
+	UNISTR2 uni_name;       /* unicode account name */
+
+	uint32 acb_info;      /* account control info */
+	uint32 access_mask;     /* 0xe005 00b0 */
+
+} SAMR_Q_CREATE_USER;
+
+
+/* SAMR_R_CREATE_USER - probably a create */
+typedef struct r_samr_create_user_info
+{
+	POLICY_HND user_pol;       /* policy handle associated with user */
+
+	uint32 unknown_0;     /* 0x0007 03ff */
+	uint32 user_rid;      /* user RID */
+	NTSTATUS status;         /* return status */
+
+} SAMR_R_CREATE_USER;
+
+
+/* SAMR_Q_DELETE_DOM_USER - delete domain user */
+typedef struct q_samr_delete_dom_user_info
+{
+    POLICY_HND user_pol;          /* policy handle */
+
+} SAMR_Q_DELETE_DOM_USER;
+
+
+/* SAMR_R_DELETE_DOM_USER - delete domain user */
+typedef struct r_samr_delete_dom_user_info
+{
+	POLICY_HND pol;       /* policy handle */
+	NTSTATUS status;        /* return status */
+
+} SAMR_R_DELETE_DOM_USER;
+
+
+/* SAMR_Q_QUERY_GROUPMEM - query group members */
+typedef struct q_samr_query_groupmem_info
+{
+	POLICY_HND group_pol;        /* policy handle */
+
+} SAMR_Q_QUERY_GROUPMEM;
+
+
+/* SAMR_R_QUERY_GROUPMEM - query group members */
+typedef struct r_samr_query_groupmem_info
+{
+	uint32 ptr;
+	uint32 num_entries;
+
+	uint32 ptr_rids;
+	uint32 ptr_attrs;
+
+	uint32 num_rids;
+	uint32 *rid;
+
+	uint32 num_attrs;
+	uint32 *attr;
+
+	NTSTATUS status;
+
+} SAMR_R_QUERY_GROUPMEM;
+
+
+/* SAMR_Q_DEL_GROUPMEM - probably an del group member */
+typedef struct q_samr_del_group_mem_info
+{
+	POLICY_HND pol;       /* policy handle */
+	uint32 rid;         /* rid */
+
+} SAMR_Q_DEL_GROUPMEM;
+
+
+/* SAMR_R_DEL_GROUPMEM - probably an del group member */
+typedef struct r_samr_del_group_mem_info
+{
+	NTSTATUS status;         /* return status */
+
+} SAMR_R_DEL_GROUPMEM;
+
+
+/* SAMR_Q_ADD_GROUPMEM - probably an add group member */
+typedef struct q_samr_add_group_mem_info
+{
+	POLICY_HND pol;       /* policy handle */
+
+	uint32 rid;         /* rid */
+	uint32 unknown;     /* 0x0000 0005 */
+
+} SAMR_Q_ADD_GROUPMEM;
+
+
+/* SAMR_R_ADD_GROUPMEM - probably an add group member */
+typedef struct r_samr_add_group_mem_info
+{
+	NTSTATUS status;         /* return status */
+
+} SAMR_R_ADD_GROUPMEM;
+
+
+/* SAMR_Q_OPEN_GROUP - probably an open */
+typedef struct q_samr_open_group_info
+{
+	POLICY_HND domain_pol;       /* policy handle */
+	uint32 access_mask;         /* 0x0000 0001, 0x0000 0003, 0x0000 001f */
+	uint32 rid_group;        /* rid */
+
+} SAMR_Q_OPEN_GROUP;
+
+
+/* SAMR_R_OPEN_GROUP - probably an open */
+typedef struct r_samr_open_group_info
+{
+	POLICY_HND pol;       /* policy handle */
+	NTSTATUS status;         /* return status */
+
+} SAMR_R_OPEN_GROUP;
+
+
+/* SAMR_Q_QUERY_ALIASMEM - query alias members */
+typedef struct q_samr_query_aliasmem_info
+{
+	POLICY_HND alias_pol;        /* policy handle */
+
+} SAMR_Q_QUERY_ALIASMEM;
+
+
+/* SAMR_R_QUERY_ALIASMEM - query alias members */
+typedef struct r_samr_query_aliasmem_info
+{
+	uint32 num_sids;
+	uint32 ptr;
+	uint32 num_sids1;
+
+	DOM_SID2 *sid;
+
+	NTSTATUS status;
+
+} SAMR_R_QUERY_ALIASMEM;
+
+
+/* SAMR_Q_ADD_ALIASMEM - add alias member */
+typedef struct q_samr_add_alias_mem_info
+{
+	POLICY_HND alias_pol;       /* policy handle */
+
+	DOM_SID2 sid; /* member sid to be added to the alias */
+
+} SAMR_Q_ADD_ALIASMEM;
+
+
+/* SAMR_R_ADD_ALIASMEM - add alias member */
+typedef struct r_samr_add_alias_mem_info
+{
+	NTSTATUS status;         /* return status */
+
+} SAMR_R_ADD_ALIASMEM;
+
+
+/* SAMR_Q_DEL_ALIASMEM - add an add alias member */
+typedef struct q_samr_del_alias_mem_info
+{
+	POLICY_HND alias_pol;       /* policy handle */
+
+	DOM_SID2 sid; /* member sid to be added to alias */
+
+} SAMR_Q_DEL_ALIASMEM;
+
+
+/* SAMR_R_DEL_ALIASMEM - delete alias member */
+typedef struct r_samr_del_alias_mem_info
+{
+	NTSTATUS status;         /* return status */
+
+} SAMR_R_DEL_ALIASMEM;
+
+
+
+/* SAMR_Q_OPEN_ALIAS - probably an open */
+typedef struct q_samr_open_alias_info
+{
+	POLICY_HND dom_pol;
+
+	uint32 access_mask;         
+	uint32 rid_alias;
+
+} SAMR_Q_OPEN_ALIAS;
+
+
+/* SAMR_R_OPEN_ALIAS - probably an open */
+typedef struct r_samr_open_alias_info
+{
+	POLICY_HND pol;       /* policy handle */
+	NTSTATUS status;         /* return status */
+
+} SAMR_R_OPEN_ALIAS;
+
+
+/* SAMR_Q_CONNECT_ANON - probably an open */
+typedef struct q_samr_connect_anon_info
+{
+	uint32 ptr;                  /* ptr? */
+	uint16 unknown_0;            /* 0x005c */
+	uint16 unknown_1;            /* 0x0001 */
+	uint32 access_mask;
+
+} SAMR_Q_CONNECT_ANON;
+
+/* SAMR_R_CONNECT_ANON - probably an open */
+typedef struct r_samr_connect_anon_info
+{
+	POLICY_HND connect_pol;       /* policy handle */
+	NTSTATUS status;         /* return status */
+
+} SAMR_R_CONNECT_ANON;
+
+/* SAMR_Q_CONNECT - probably an open */
+typedef struct q_samr_connect_info
+{
+	uint32 ptr_srv_name;         /* pointer (to server name?) */
+	UNISTR2 uni_srv_name;        /* unicode server name starting with '\\' */
+
+	uint32 access_mask;            
+
+} SAMR_Q_CONNECT;
+
+
+/* SAMR_R_CONNECT - probably an open */
+typedef struct r_samr_connect_info
+{
+    POLICY_HND connect_pol;       /* policy handle */
+	NTSTATUS status;         /* return status */
+
+} SAMR_R_CONNECT;
+
+/* SAMR_Q_GET_DOM_PWINFO */
+typedef struct q_samr_get_dom_pwinfo
+{
+	uint32 ptr; 
+	UNIHDR  hdr_srv_name;
+	UNISTR2 uni_srv_name;
+
+} SAMR_Q_GET_DOM_PWINFO;
+
+/* SAMR_R_GET_DOM_PWINFO */
+typedef struct r_samr_get_dom_pwinfo
+{
+	uint16 unk_0;
+	uint16 unk_1;
+	uint16 unk_2;
+	NTSTATUS status;
+
+} SAMR_R_GET_DOM_PWINFO;
+
+/* SAMR_ENC_PASSWD */
+typedef struct enc_passwd_info
+{
+	uint32 ptr;
+	uint8 pass[516];
+
+} SAMR_ENC_PASSWD;
+
+/* SAMR_ENC_HASH */
+typedef struct enc_hash_info
+{
+	uint32 ptr;
+	uint8 hash[16];
+
+} SAMR_ENC_HASH;
+
+/* SAMR_Q_CHGPASSWD_USER */
+typedef struct q_samr_chgpasswd_user_info
+{
+	uint32 ptr_0;
+
+	UNIHDR hdr_dest_host; /* server name unicode header */
+	UNISTR2 uni_dest_host; /* server name unicode string */
+
+	UNIHDR hdr_user_name;    /* username unicode string header */
+	UNISTR2 uni_user_name;    /* username unicode string */
+
+	SAMR_ENC_PASSWD nt_newpass;
+	SAMR_ENC_HASH nt_oldhash;
+
+	uint32 unknown; /* 0x0000 0001 */
+
+	SAMR_ENC_PASSWD lm_newpass;
+	SAMR_ENC_HASH lm_oldhash;
+
+} SAMR_Q_CHGPASSWD_USER;
+
+/* SAMR_R_CHGPASSWD_USER */
+typedef struct r_samr_chgpasswd_user_info
+{
+	NTSTATUS status; /* 0 == OK, C000006A (NT_STATUS_WRONG_PASSWORD) */
+
+} SAMR_R_CHGPASSWD_USER;
+
+
+/* SAMR_Q_UNKNOWN_2D */
+typedef struct q_samr_unknown_2d_info
+{
+	POLICY_HND dom_pol;   /* policy handle */
+	DOM_SID2 sid;         /* SID */
+
+} SAMR_Q_UNKNOWN_2D;
+
+
+/* SAMR_R_UNKNOWN_2D - probably an open */
+typedef struct r_samr_unknown_2d_info
+{
+	NTSTATUS status;         /* return status */
+
+} SAMR_R_UNKNOWN_2D;
+
+
+
+/* these are from the old rpc_samr.h - they are needed while the merge
+   is still going on */
+#define MAX_SAM_SIDS 15
+
+/* DOM_SID3 - security id */
+typedef struct sid_info_3
+{
+        uint16 len; /* length, bytes, including length of len :-) */
+        /* uint8  pad[2]; */
+        
+        DOM_SID sid;
+
+} DOM_SID3;
+
+/* SAMR_Q_UNKNOWN_2E */
+typedef struct q_samr_unknown_2e_info
+{
+	POLICY_HND domain_pol;   /* policy handle */
+	uint16 switch_value;
+
+} SAMR_Q_UNKNOWN_2E;
+
+/* SAMR_R_UNKNOWN_2E */
+typedef struct r_samr_unknown_2e_info
+{
+	uint32 ptr_0;
+	uint16 switch_value;
+	SAM_UNK_CTR *ctr;
+	NTSTATUS status;         /* return status */
+
+} SAMR_R_UNKNOWN_2E;
+
+/* SAMR_Q_SET_DOMAIN_INFO */
+typedef struct q_samr_set_domain_info
+{
+	POLICY_HND domain_pol;   /* policy handle */
+	uint16 switch_value0;
+	uint16 switch_value;
+	SAM_UNK_CTR *ctr;
+
+} SAMR_Q_SET_DOMAIN_INFO;
+
+/* SAMR_R_SET_DOMAIN_INFO */
+typedef struct r_samr_set_domain_info
+{
+	NTSTATUS status;         /* return status */
+
+} SAMR_R_SET_DOMAIN_INFO;
+
+
+#endif /* _RPC_SAMR_H */
+
diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h
new file mode 100644
index 0000000000..e51a5fd2f8
--- /dev/null
+++ b/source3/include/rpc_secdes.h
@@ -0,0 +1,214 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB parameters and setup
+   Copyright (C) Andrew Tridgell              1992-2000
+   Copyright (C) Luke Kenneth Casson Leighton 1996-2000
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _RPC_SECDES_H /* _RPC_SECDES_H */
+#define _RPC_SECDES_H 
+
+#define SEC_RIGHTS_QUERY_VALUE		0x00000001
+#define SEC_RIGHTS_SET_VALUE		0x00000002
+#define SEC_RIGHTS_CREATE_SUBKEY	0x00000004
+#define SEC_RIGHTS_ENUM_SUBKEYS		0x00000008
+#define SEC_RIGHTS_NOTIFY		0x00000010
+#define SEC_RIGHTS_CREATE_LINK		0x00000020
+#define SEC_RIGHTS_READ			0x00020019
+#define SEC_RIGHTS_FULL_CONTROL		0x000f003f
+#define SEC_RIGHTS_MAXIMUM_ALLOWED	0x02000000
+/* for ADS */
+#define	SEC_RIGHTS_LIST_CONTENTS	0x4
+#define SEC_RIGHTS_LIST_OBJECT		0x80
+#define	SEC_RIGHTS_READ_ALL_PROP	0x10
+#define	SEC_RIGHTS_READ_PERMS		0x20000
+#define SEC_RIGHTS_WRITE_ALL_VALID	0x8
+#define	SEC_RIGHTS_WRITE_ALL_PROP	0x20     
+#define SEC_RIGHTS_MODIFY_OWNER		0x80000
+#define	SEC_RIGHTS_MODIFY_PERMS		0x40000
+#define	SEC_RIGHTS_CREATE_CHILD		0x1
+#define	SEC_RIGHTS_DELETE_CHILD		0x2
+#define SEC_RIGHTS_DELETE_SUBTREE	0x40
+#define SEC_RIGHTS_DELETE               0x10000 /* advanced/special/object/delete */
+#define SEC_RIGHTS_EXTENDED		0x100 /* change/reset password, receive/send as*/
+#define	SEC_RIGHTS_CHANGE_PASSWD	SEC_RIGHTS_EXTENDED
+#define	SEC_RIGHTS_RESET_PASSWD		SEC_RIGHTS_EXTENDED
+#define SEC_RIGHTS_FULL_CTRL		0xf01ff
+
+#define SEC_ACE_OBJECT_PRESENT           0x00000001 /* thanks for Jim McDonough <jmcd@us.ibm.com> */
+#define SEC_ACE_OBJECT_INHERITED_PRESENT 0x00000002
+
+#define SEC_ACE_FLAG_OBJECT_INHERIT		0x1
+#define SEC_ACE_FLAG_CONTAINER_INHERIT		0x2
+#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT	0x4
+#define SEC_ACE_FLAG_INHERIT_ONLY		0x8
+#define SEC_ACE_FLAG_INHERITED_ACE		0x10 /* New for Windows 2000 */
+#define SEC_ACE_FLAG_VALID_INHERIT		0xf
+#define SEC_ACE_FLAG_SUCCESSFUL_ACCESS		0x40
+#define SEC_ACE_FLAG_FAILED_ACCESS		0x80
+
+#define SEC_ACE_TYPE_ACCESS_ALLOWED		0x0
+#define SEC_ACE_TYPE_ACCESS_DENIED		0x1
+#define SEC_ACE_TYPE_SYSTEM_AUDIT		0x2
+#define SEC_ACE_TYPE_SYSTEM_ALARM		0x3
+#define SEC_ACE_TYPE_ALLOWED_COMPOUND		0x4
+#define SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT	0x5
+#define SEC_ACE_TYPE_ACCESS_DENIED_OBJECT     	0x6
+#define SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT      	0x7
+#define SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT	0x8
+
+#define SEC_DESC_OWNER_DEFAULTED	0x0001
+#define SEC_DESC_GROUP_DEFAULTED	0x0002
+#define SEC_DESC_DACL_PRESENT		0x0004
+#define SEC_DESC_DACL_DEFAULTED		0x0008
+#define SEC_DESC_SACL_PRESENT		0x0010
+#define SEC_DESC_SACL_DEFAULTED		0x0020
+#define SEC_DESC_SELF_RELATIVE		0x8000
+/*
+ * New Windows 2000 bits.
+ */
+#define SE_DESC_DACL_AUTO_INHERIT_REQ	0x0100
+#define SE_DESC_SACL_AUTO_INHERIT_REQ	0x0200
+#define SE_DESC_DACL_AUTO_INHERITED	0x0400
+#define SE_DESC_SACL_AUTO_INHERITED	0x0800
+#define SE_DESC_DACL_PROTECTED		0x1000
+#define SE_DESC_SACL_PROTECTED		0x2000
+
+/* security information */
+#define OWNER_SECURITY_INFORMATION	0x00000001
+#define GROUP_SECURITY_INFORMATION	0x00000002
+#define DACL_SECURITY_INFORMATION	0x00000004
+#define SACL_SECURITY_INFORMATION	0x00000008
+
+#define ALL_SECURITY_INFORMATION (OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|\
+									DACL_SECURITY_INFORMATION|SACL_SECURITY_INFORMATION)
+
+/* Globally Unique ID */
+#define  GUID_SIZE 16
+typedef struct guid_info
+{
+	uint8 info[GUID_SIZE];
+} GUID;
+
+/* SEC_ACCESS */
+typedef struct security_info_info
+{
+	uint32 mask;
+
+} SEC_ACCESS;
+
+/* SEC_ACE */
+typedef struct security_ace_info
+{
+	uint8 type;  /* xxxx_xxxx_ACE_TYPE - e.g allowed / denied etc */
+	uint8 flags; /* xxxx_INHERIT_xxxx - e.g OBJECT_INHERIT_ACE */
+	uint16 size;
+
+	SEC_ACCESS info;
+
+	/* this stuff may be present when type is XXXX_TYPE_XXXX_OBJECT */
+	uint32  obj_flags; /* xxxx_ACE_OBJECT_xxxx e.g present/inherited present etc */
+	GUID    obj_guid;  /* object GUID */
+	GUID    inh_guid;  /* inherited object GUID */		
+        /* eof object stuff */
+
+	DOM_SID trustee;
+
+} SEC_ACE;
+#define  SEC_ACE_HEADER_SIZE (2 * sizeof(uint8) + sizeof(uint16) + sizeof(uint32))
+
+#ifndef ACL_REVISION
+#define ACL_REVISION 0x3
+#endif
+
+#ifndef NT4_ACL_REVISION
+#define NT4_ACL_REVISION 0x2
+#endif
+
+#ifndef _SEC_ACL
+/* SEC_ACL */
+typedef struct security_acl_info
+{
+	uint16 revision; /* 0x0003 */
+	uint16 size; /* size in bytes of the entire ACL structure */
+	uint32 num_aces; /* number of Access Control Entries */
+
+	SEC_ACE *ace;
+
+} SEC_ACL;
+#define  SEC_ACL_HEADER_SIZE (2 * sizeof(uint16) + sizeof(uint32))
+#define _SEC_ACL
+#endif
+
+#ifndef SEC_DESC_REVISION
+#define SEC_DESC_REVISION 0x1
+#endif
+
+#ifndef _SEC_DESC
+/* SEC_DESC */
+typedef struct security_descriptor_info
+{
+	uint16 revision; /* 0x0001 */
+	uint16 type;     /* SEC_DESC_xxxx flags */
+
+	uint32 off_owner_sid; /* offset to owner sid */
+	uint32 off_grp_sid  ; /* offset to group sid */
+	uint32 off_sacl     ; /* offset to system list of permissions */
+	uint32 off_dacl     ; /* offset to list of permissions */
+
+	SEC_ACL *dacl; /* user ACL */
+	SEC_ACL *sacl; /* system ACL */
+	DOM_SID *owner_sid; 
+	DOM_SID *grp_sid;
+
+} SEC_DESC;
+#define  SEC_DESC_HEADER_SIZE (2 * sizeof(uint16) + 4 * sizeof(uint32))
+#define _SEC_DESC
+#endif
+
+#ifndef _SEC_DESC_BUF
+/* SEC_DESC_BUF */
+typedef struct sec_desc_buf_info
+{
+	uint32 max_len;
+	uint32 ptr;
+	uint32 len;
+
+	SEC_DESC *sec;
+
+} SEC_DESC_BUF;
+#define _SEC_DESC_BUF
+#endif
+
+/* A type to describe the mapping of generic access rights to object
+   specific access rights. */
+
+typedef struct generic_mapping {
+	uint32 generic_read;
+	uint32 generic_write;
+	uint32 generic_execute;
+	uint32 generic_all;
+} GENERIC_MAPPING;
+
+typedef struct standard_mapping {
+	uint32 std_read;
+	uint32 std_write;
+	uint32 std_execute;
+	uint32 std_all;
+} STANDARD_MAPPING;
+
+#endif /* _RPC_SECDES_H */
diff --git a/source3/include/rpc_spoolss.h b/source3/include/rpc_spoolss.h
new file mode 100755
index 0000000000..71854b5d89
--- /dev/null
+++ b/source3/include/rpc_spoolss.h
@@ -0,0 +1,2117 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB parameters and setup
+   Copyright (C) Andrew Tridgell              1992-2000,
+   Copyright (C) Luke Kenneth Casson Leighton 1996-2000,
+   Copyright (C) Jean Francois Micouleau      1998-2000.
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _RPC_SPOOLSS_H		/* _RPC_SPOOLSS_H */
+#define _RPC_SPOOLSS_H
+
+#define INTEGER 1
+#define STRING 2
+
+/* spoolss pipe: this are the calls which are not implemented ...
+#define SPOOLSS_GETPRINTERDRIVER			0x0b
+#define SPOOLSS_READPRINTER				0x16
+#define SPOOLSS_WAITFORPRINTERCHANGE			0x1c
+#define SPOOLSS_ADDPORT					0x25
+#define SPOOLSS_CONFIGUREPORT				0x26
+#define SPOOLSS_DELETEPORT				0x27
+#define SPOOLSS_CREATEPRINTERIC				0x28
+#define SPOOLSS_PLAYGDISCRIPTONPRINTERIC		0x29
+#define SPOOLSS_DELETEPRINTERIC				0x2a
+#define SPOOLSS_ADDPRINTERCONNECTION			0x2b
+#define SPOOLSS_DELETEPRINTERCONNECTION			0x2c
+#define SPOOLSS_PRINTERMESSAGEBOX			0x2d
+#define SPOOLSS_ADDMONITOR				0x2e
+#define SPOOLSS_DELETEMONITOR				0x2f
+#define SPOOLSS_DELETEPRINTPROCESSOR			0x30
+#define SPOOLSS_ADDPRINTPROVIDOR			0x31
+#define SPOOLSS_DELETEPRINTPROVIDOR			0x32
+#define SPOOLSS_FINDFIRSTPRINTERCHANGENOTIFICATION	0x36
+#define SPOOLSS_FINDNEXTPRINTERCHANGENOTIFICATION	0x37
+#define SPOOLSS_ROUTERFINDFIRSTPRINTERNOTIFICATIONOLD	0x39
+#define SPOOLSS_ADDPORTEX				0x3d
+#define SPOOLSS_REMOTEFINDFIRSTPRINTERCHANGENOTIFICATION0x3e
+#define SPOOLSS_SPOOLERINIT				0x3f
+#define SPOOLSS_RESETPRINTEREX				0x40
+#define SPOOLSS_DELETEPRINTERDATAEX			0x51
+#define SPOOLSS_DELETEPRINTERDRIVEREX			0x54
+#define SPOOLSS_ADDPRINTERDRIVEREX			0x59
+*/
+
+/* those are implemented */
+#define SPOOLSS_ENUMPRINTERS				0x00
+#define SPOOLSS_OPENPRINTER				0x01
+#define SPOOLSS_SETJOB					0x02
+#define SPOOLSS_GETJOB					0x03
+#define SPOOLSS_ENUMJOBS				0x04
+#define SPOOLSS_ADDPRINTER				0x05
+#define SPOOLSS_DELETEPRINTER				0x06
+#define SPOOLSS_SETPRINTER				0x07
+#define SPOOLSS_GETPRINTER				0x08
+#define SPOOLSS_ADDPRINTERDRIVER			0x09
+#define SPOOLSS_ENUMPRINTERDRIVERS			0x0a
+#define SPOOLSS_GETPRINTERDRIVERDIRECTORY		0x0c
+#define SPOOLSS_DELETEPRINTERDRIVER			0x0d
+#define SPOOLSS_ADDPRINTPROCESSOR			0x0e
+#define SPOOLSS_ENUMPRINTPROCESSORS			0x0f
+#define SPOOLSS_GETPRINTPROCESSORDIRECTORY		0x10
+#define SPOOLSS_STARTDOCPRINTER				0x11
+#define SPOOLSS_STARTPAGEPRINTER			0x12
+#define SPOOLSS_WRITEPRINTER				0x13
+#define SPOOLSS_ENDPAGEPRINTER				0x14
+#define SPOOLSS_ABORTPRINTER				0x15
+#define SPOOLSS_ENDDOCPRINTER				0x17
+#define SPOOLSS_ADDJOB					0x18
+#define SPOOLSS_SCHEDULEJOB				0x19
+#define SPOOLSS_GETPRINTERDATA				0x1a
+#define SPOOLSS_SETPRINTERDATA				0x1b
+#define SPOOLSS_CLOSEPRINTER				0x1d
+#define SPOOLSS_ADDFORM					0x1e
+#define SPOOLSS_DELETEFORM				0x1f
+#define SPOOLSS_GETFORM					0x20
+#define SPOOLSS_SETFORM					0x21
+#define SPOOLSS_ENUMFORMS				0x22
+#define SPOOLSS_ENUMPORTS				0x23
+#define SPOOLSS_ENUMMONITORS				0x24
+#define SPOOLSS_ENUMPRINTPROCDATATYPES			0x33
+#define SPOOLSS_RESETPRINTER				0x34
+#define SPOOLSS_GETPRINTERDRIVER2			0x35
+#define SPOOLSS_FCPN					0x38	/* FindClosePrinterNotify */
+#define SPOOLSS_REPLYOPENPRINTER			0x3a
+#define SPOOLSS_ROUTERREPLYPRINTER			0x3b
+#define SPOOLSS_REPLYCLOSEPRINTER			0x3c
+#define SPOOLSS_RFFPCNEX				0x41	/* RemoteFindFirstPrinterChangeNotifyEx */
+#define SPOOLSS_RRPCN					0x42	/* RouteRefreshPrinterChangeNotification */
+#define SPOOLSS_RFNPCNEX				0x43	/* RemoteFindNextPrinterChangeNotifyEx */
+#define SPOOLSS_OPENPRINTEREX				0x45
+#define SPOOLSS_ADDPRINTEREX				0x46
+#define SPOOLSS_ENUMPRINTERDATA				0x48
+#define SPOOLSS_DELETEPRINTERDATA			0x49
+#define SPOOLSS_SETPRINTERDATAEX			0x4d
+#define SPOOLSS_GETPRINTERDATAEX			0x4e
+#define SPOOLSS_ENUMPRINTERDATAEX			0x4f
+#define SPOOLSS_ENUMPRINTERKEY				0x50
+
+
+#define PRINTER_CONTROL_UNPAUSE		0x00000000
+#define PRINTER_CONTROL_PAUSE		0x00000001
+#define PRINTER_CONTROL_RESUME		0x00000002
+#define PRINTER_CONTROL_PURGE		0x00000003
+#define PRINTER_CONTROL_SET_STATUS	0x00000004
+
+#define PRINTER_STATUS_PAUSED		0x00000001
+#define PRINTER_STATUS_ERROR		0x00000002
+#define PRINTER_STATUS_PENDING_DELETION	0x00000004
+#define PRINTER_STATUS_PAPER_JAM	0x00000008
+
+#define PRINTER_STATUS_PAPER_OUT	0x00000010
+#define PRINTER_STATUS_MANUAL_FEED	0x00000020
+#define PRINTER_STATUS_PAPER_PROBLEM	0x00000040
+#define PRINTER_STATUS_OFFLINE		0x00000080
+
+#define PRINTER_STATUS_IO_ACTIVE	0x00000100
+#define PRINTER_STATUS_BUSY		0x00000200
+#define PRINTER_STATUS_PRINTING		0x00000400
+#define PRINTER_STATUS_OUTPUT_BIN_FULL	0x00000800
+
+#define PRINTER_STATUS_NOT_AVAILABLE	0x00001000
+#define PRINTER_STATUS_WAITING		0x00002000
+#define PRINTER_STATUS_PROCESSING	0x00004000
+#define PRINTER_STATUS_INITIALIZING	0x00008000
+
+#define PRINTER_STATUS_WARMING_UP	0x00010000
+#define PRINTER_STATUS_TONER_LOW	0x00020000
+#define PRINTER_STATUS_NO_TONER		0x00040000
+#define PRINTER_STATUS_PAGE_PUNT	0x00080000
+
+#define PRINTER_STATUS_USER_INTERVENTION	0x00100000
+#define PRINTER_STATUS_OUT_OF_MEMORY	0x00200000
+#define PRINTER_STATUS_DOOR_OPEN	0x00400000
+#define PRINTER_STATUS_SERVER_UNKNOWN	0x00800000
+
+#define PRINTER_STATUS_POWER_SAVE	0x01000000
+
+#define SERVER_ACCESS_ADMINISTER	0x00000001
+#define SERVER_ACCESS_ENUMERATE		0x00000002
+#define PRINTER_ACCESS_ADMINISTER	0x00000004
+#define PRINTER_ACCESS_USE		0x00000008
+#define JOB_ACCESS_ADMINISTER		0x00000010
+
+/* JOB status codes. */
+
+#define JOB_STATUS_PAUSED		0x001
+#define JOB_STATUS_ERROR		0x002
+#define JOB_STATUS_DELETING		0x004
+#define JOB_STATUS_SPOOLING		0x008
+#define JOB_STATUS_PRINTING		0x010
+#define JOB_STATUS_OFFLINE		0x020
+#define JOB_STATUS_PAPEROUT		0x040
+#define JOB_STATUS_PRINTED		0x080
+#define JOB_STATUS_DELETED		0x100
+#define JOB_STATUS_BLOCKED		0x200
+#define JOB_STATUS_USER_INTERVENTION	0x400
+
+/* ACE masks for the various print permissions */
+
+#define PRINTER_ACE_FULL_CONTROL      GENERIC_ALL_ACCESS
+#define PRINTER_ACE_MANAGE_DOCUMENTS  READ_CONTROL_ACCESS
+#define PRINTER_ACE_PRINT             \
+    (GENERIC_READ_ACCESS | GENERIC_WRITE_ACCESS | GENERIC_EXECUTE_ACCESS)
+
+/* Access rights for print servers */
+#define SERVER_ALL_ACCESS	STANDARD_RIGHTS_REQUIRED_ACCESS|SERVER_ACCESS_ADMINISTER|SERVER_ACCESS_ENUMERATE
+#define SERVER_READ		STANDARD_RIGHTS_READ_ACCESS|SERVER_ACCESS_ENUMERATE
+#define SERVER_WRITE		STANDARD_RIGHTS_WRITE_ACCESS|SERVER_ACCESS_ADMINISTER|SERVER_ACCESS_ENUMERATE
+#define SERVER_EXECUTE		STANDARD_RIGHTS_EXECUTE_ACCESS|SERVER_ACCESS_ENUMERATE
+
+/* Access rights for printers */
+#define PRINTER_ALL_ACCESS	STANDARD_RIGHTS_REQUIRED_ACCESS|PRINTER_ACCESS_ADMINISTER|PRINTER_ACCESS_USE
+#define PRINTER_READ          STANDARD_RIGHTS_READ_ACCESS|PRINTER_ACCESS_USE
+#define PRINTER_WRITE         STANDARD_RIGHTS_WRITE_ACCESS|PRINTER_ACCESS_USE
+#define PRINTER_EXECUTE       STANDARD_RIGHTS_EXECUTE_ACCESS|PRINTER_ACCESS_USE
+
+/* Access rights for jobs */
+#define JOB_ALL_ACCESS	STANDARD_RIGHTS_REQUIRED_ACCESS|JOB_ACCESS_ADMINISTER
+#define JOB_READ	STANDARD_RIGHTS_READ_ACCESS|JOB_ACCESS_ADMINISTER
+#define JOB_WRITE	STANDARD_RIGHTS_WRITE_ACCESS|JOB_ACCESS_ADMINISTER
+#define JOB_EXECUTE	STANDARD_RIGHTS_EXECUTE_ACCESS|JOB_ACCESS_ADMINISTER
+
+#define ONE_VALUE 1
+#define TWO_VALUE 2
+#define POINTER   3
+
+#define PRINTER_NOTIFY_TYPE 0x00
+#define JOB_NOTIFY_TYPE     0x01
+
+#define MAX_PRINTER_NOTIFY 26
+#define MAX_JOB_NOTIFY 24
+
+#define MAX_NOTIFY_TYPE_FOR_NOW 26
+
+#define PRINTER_NOTIFY_SERVER_NAME		0x00
+#define PRINTER_NOTIFY_PRINTER_NAME		0x01
+#define PRINTER_NOTIFY_SHARE_NAME		0x02
+#define PRINTER_NOTIFY_PORT_NAME		0x03
+#define PRINTER_NOTIFY_DRIVER_NAME		0x04
+#define PRINTER_NOTIFY_COMMENT			0x05
+#define PRINTER_NOTIFY_LOCATION			0x06
+#define PRINTER_NOTIFY_DEVMODE			0x07
+#define PRINTER_NOTIFY_SEPFILE			0x08
+#define PRINTER_NOTIFY_PRINT_PROCESSOR		0x09
+#define PRINTER_NOTIFY_PARAMETERS		0x0A
+#define PRINTER_NOTIFY_DATATYPE			0x0B
+#define PRINTER_NOTIFY_SECURITY_DESCRIPTOR	0x0C
+#define PRINTER_NOTIFY_ATTRIBUTES		0x0D
+#define PRINTER_NOTIFY_PRIORITY			0x0E
+#define PRINTER_NOTIFY_DEFAULT_PRIORITY		0x0F
+#define PRINTER_NOTIFY_START_TIME		0x10
+#define PRINTER_NOTIFY_UNTIL_TIME		0x11
+#define PRINTER_NOTIFY_STATUS			0x12
+#define PRINTER_NOTIFY_STATUS_STRING		0x13
+#define PRINTER_NOTIFY_CJOBS			0x14
+#define PRINTER_NOTIFY_AVERAGE_PPM		0x15
+#define PRINTER_NOTIFY_TOTAL_PAGES		0x16
+#define PRINTER_NOTIFY_PAGES_PRINTED		0x17
+#define PRINTER_NOTIFY_TOTAL_BYTES		0x18
+#define PRINTER_NOTIFY_BYTES_PRINTED		0x19
+
+#define JOB_NOTIFY_PRINTER_NAME			0x00
+#define JOB_NOTIFY_MACHINE_NAME			0x01
+#define JOB_NOTIFY_PORT_NAME			0x02
+#define JOB_NOTIFY_USER_NAME			0x03
+#define JOB_NOTIFY_NOTIFY_NAME			0x04
+#define JOB_NOTIFY_DATATYPE			0x05
+#define JOB_NOTIFY_PRINT_PROCESSOR		0x06
+#define JOB_NOTIFY_PARAMETERS			0x07
+#define JOB_NOTIFY_DRIVER_NAME			0x08
+#define JOB_NOTIFY_DEVMODE			0x09
+#define JOB_NOTIFY_STATUS			0x0A
+#define JOB_NOTIFY_STATUS_STRING		0x0B
+#define JOB_NOTIFY_SECURITY_DESCRIPTOR		0x0C
+#define JOB_NOTIFY_DOCUMENT			0x0D
+#define JOB_NOTIFY_PRIORITY			0x0E
+#define JOB_NOTIFY_POSITION			0x0F
+#define JOB_NOTIFY_SUBMITTED			0x10
+#define JOB_NOTIFY_START_TIME			0x11
+#define JOB_NOTIFY_UNTIL_TIME			0x12
+#define JOB_NOTIFY_TIME				0x13
+#define JOB_NOTIFY_TOTAL_PAGES			0x14
+#define JOB_NOTIFY_PAGES_PRINTED		0x15
+#define JOB_NOTIFY_TOTAL_BYTES			0x16
+#define JOB_NOTIFY_BYTES_PRINTED		0x17
+
+#define PRINTER_NOTIFY_OPTIONS_REFRESH  	0x01
+
+#define PRINTER_CHANGE_ADD_PRINTER			0x00000001
+#define PRINTER_CHANGE_SET_PRINTER			0x00000002
+#define PRINTER_CHANGE_DELETE_PRINTER			0x00000004
+#define PRINTER_CHANGE_FAILED_CONNECTION_PRINTER	0x00000008
+#define PRINTER_CHANGE_PRINTER	(PRINTER_CHANGE_ADD_PRINTER | \
+				 PRINTER_CHANGE_SET_PRINTER | \
+				 PRINTER_CHANGE_DELETE_PRINTER | \
+				 PRINTER_CHANGE_FAILED_CONNECTION_PRINTER )
+
+#define PRINTER_CHANGE_ADD_JOB				0x00000100
+#define PRINTER_CHANGE_SET_JOB				0x00000200
+#define PRINTER_CHANGE_DELETE_JOB			0x00000400
+#define PRINTER_CHANGE_WRITE_JOB			0x00000800
+#define PRINTER_CHANGE_JOB	(PRINTER_CHANGE_ADD_JOB | \
+				 PRINTER_CHANGE_SET_JOB | \
+				 PRINTER_CHANGE_DELETE_JOB | \
+				 PRINTER_CHANGE_WRITE_JOB )
+
+#define PRINTER_CHANGE_ADD_FORM				0x00010000
+#define PRINTER_CHANGE_SET_FORM				0x00020000
+#define PRINTER_CHANGE_DELETE_FORM			0x00040000
+#define PRINTER_CHANGE_FORM	(PRINTER_CHANGE_ADD_FORM | \
+				 PRINTER_CHANGE_SET_FORM | \
+				 PRINTER_CHANGE_DELETE_FORM )
+
+#define PRINTER_CHANGE_ADD_PORT				0x00100000
+#define PRINTER_CHANGE_CONFIGURE_PORT			0x00200000
+#define PRINTER_CHANGE_DELETE_PORT			0x00400000
+#define PRINTER_CHANGE_PORT	(PRINTER_CHANGE_ADD_PORT | \
+				 PRINTER_CHANGE_CONFIGURE_PORT | \
+				 PRINTER_CHANGE_DELETE_PORT )
+
+#define PRINTER_CHANGE_ADD_PRINT_PROCESSOR		0x01000000
+#define PRINTER_CHANGE_DELETE_PRINT_PROCESSOR		0x04000000
+#define PRINTER_CHANGE_PRINT_PROCESSOR	(PRINTER_CHANGE_ADD_PRINT_PROCESSOR | \
+					 PRINTER_CHANGE_DELETE_PRINT_PROCESSOR )
+
+#define PRINTER_CHANGE_ADD_PRINTER_DRIVER		0x10000000
+#define PRINTER_CHANGE_SET_PRINTER_DRIVER		0x20000000
+#define PRINTER_CHANGE_DELETE_PRINTER_DRIVER		0x40000000
+#define PRINTER_CHANGE_PRINTER_DRIVER	(PRINTER_CHANGE_ADD_PRINTER_DRIVER | \
+					 PRINTER_CHANGE_SET_PRINTER_DRIVER | \
+					 PRINTER_CHANGE_DELETE_PRINTER_DRIVER )
+
+#define PRINTER_CHANGE_TIMEOUT				0x80000000
+#define PRINTER_CHANGE_ALL	(PRINTER_CHANGE_JOB | \
+				 PRINTER_CHANGE_FORM | \
+				 PRINTER_CHANGE_PORT | \
+				 PRINTER_CHANGE_PRINT_PROCESSOR | \
+				 PRINTER_CHANGE_PRINTER_DRIVER )
+
+#define PRINTER_NOTIFY_INFO_DISCARDED	0x1
+
+/*
+ * Set of macros for flagging what changed in the PRINTER_INFO_2 struct
+ * when sending messages to other smbd's
+ */
+#define PRINTER_MESSAGE_NULL            0x00000000
+#define PRINTER_MESSAGE_DRIVER		0x00000001
+#define PRINTER_MESSAGE_COMMENT		0x00000002
+#define PRINTER_MESSAGE_PRINTERNAME	0x00000004
+#define PRINTER_MESSAGE_LOCATION	0x00000008
+#define PRINTER_MESSAGE_DEVMODE		0x00000010	/* not curently supported */
+#define PRINTER_MESSAGE_SEPFILE		0x00000020
+#define PRINTER_MESSAGE_PRINTPROC	0x00000040
+#define PRINTER_MESSAGE_PARAMS		0x00000080
+#define PRINTER_MESSAGE_DATATYPE	0x00000100
+#define PRINTER_MESSAGE_SECDESC		0x00000200
+#define PRINTER_MESSAGE_CJOBS		0x00000400
+#define PRINTER_MESSAGE_PORT		0x00000800
+#define PRINTER_MESSAGE_SHARENAME	0x00001000
+#define PRINTER_MESSAGE_ATTRIBUTES	0x00002000
+
+typedef struct printer_message_info {
+	uint32 low;		/* PRINTER_CHANGE_XXX */
+	uint32 high;		/* PRINTER_CHANGE_XXX */
+	fstring printer_name;
+	uint32 flags;		/* PRINTER_MESSAGE_XXX */
+}
+PRINTER_MESSAGE_INFO;
+
+/*
+ * The printer attributes.
+ * I #defined all of them (grabbed form MSDN)
+ * I'm only using:
+ * ( SHARED | NETWORK | RAW_ONLY )
+ * RAW_ONLY _MUST_ be present otherwise NT will send an EMF file
+ */
+
+#define PRINTER_ATTRIBUTE_QUEUED		0x00000001
+#define PRINTER_ATTRIBUTE_DIRECT		0x00000002
+#define PRINTER_ATTRIBUTE_DEFAULT		0x00000004
+#define PRINTER_ATTRIBUTE_SHARED		0x00000008
+
+#define PRINTER_ATTRIBUTE_NETWORK		0x00000010
+#define PRINTER_ATTRIBUTE_HIDDEN		0x00000020
+#define PRINTER_ATTRIBUTE_LOCAL			0x00000040
+#define PRINTER_ATTRIBUTE_ENABLE_DEVQ		0x00000080
+
+#define PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS	0x00000100
+#define PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST	0x00000200
+#define PRINTER_ATTRIBUTE_WORK_OFFLINE		0x00000400
+#define PRINTER_ATTRIBUTE_ENABLE_BIDI		0x00000800
+
+#define PRINTER_ATTRIBUTE_RAW_ONLY		0x00001000
+
+#define NO_PRIORITY	 0
+#define MAX_PRIORITY	99
+#define MIN_PRIORITY	 1
+#define DEF_PRIORITY	 1
+
+/* the flags of the query */
+#define PRINTER_ENUM_DEFAULT		0x00000001
+#define PRINTER_ENUM_LOCAL		0x00000002
+#define PRINTER_ENUM_CONNECTIONS	0x00000004
+#define PRINTER_ENUM_FAVORITE		0x00000004
+#define PRINTER_ENUM_NAME		0x00000008
+#define PRINTER_ENUM_REMOTE		0x00000010
+#define PRINTER_ENUM_SHARED		0x00000020
+#define PRINTER_ENUM_NETWORK		0x00000040
+
+/* the flags of each printers */
+#define PRINTER_ENUM_UNKNOWN_8		0x00000008
+#define PRINTER_ENUM_EXPAND		0x00004000
+#define PRINTER_ENUM_CONTAINER		0x00008000
+#define PRINTER_ENUM_ICONMASK		0x00ff0000
+#define PRINTER_ENUM_ICON1		0x00010000
+#define PRINTER_ENUM_ICON2		0x00020000
+#define PRINTER_ENUM_ICON3		0x00040000
+#define PRINTER_ENUM_ICON4		0x00080000
+#define PRINTER_ENUM_ICON5		0x00100000
+#define PRINTER_ENUM_ICON6		0x00200000
+#define PRINTER_ENUM_ICON7		0x00400000
+#define PRINTER_ENUM_ICON8		0x00800000
+
+/* this struct is undocumented */
+/* thanks to the ddk ... */
+typedef struct spool_user_1
+{
+	uint32 size;		/* length of user_name & client_name + 2? */
+	uint32 client_name_ptr;
+	uint32 user_name_ptr;
+	uint32 build;
+	uint32 major;
+	uint32 minor;
+	uint32 processor;
+	UNISTR2 client_name;
+	UNISTR2 user_name;
+}
+SPOOL_USER_1;
+
+typedef struct spool_user_ctr_info
+{
+	uint32 level;
+	uint32 ptr;
+	SPOOL_USER_1 user1;
+}
+SPOOL_USER_CTR;
+
+/*
+ * various bits in the DEVICEMODE.fields member
+ */
+
+#define DEVMODE_ORIENTATION		0x00000001
+#define DEVMODE_PAPERSIZE		0x00000002
+#define DEVMODE_PAPERLENGTH		0x00000004
+#define DEVMODE_PAPERWIDTH		0x00000008
+#define DEVMODE_SCALE			0x00000010
+#define DEVMODE_POSITION		0x00000020
+#define DEVMODE_NUP			0x00000040
+#define DEVMODE_COPIES			0x00000100
+#define DEVMODE_DEFAULTSOURCE		0x00000200
+#define DEVMODE_PRINTQUALITY		0x00000400
+#define DEVMODE_COLOR			0x00000800
+#define DEVMODE_DUPLEX			0x00001000
+#define DEVMODE_YRESOLUTION		0x00002000
+#define DEVMODE_TTOPTION		0x00004000
+#define DEVMODE_COLLATE			0x00008000
+#define DEVMODE_FORMNAME		0x00010000
+#define DEVMODE_LOGPIXELS		0x00020000
+#define DEVMODE_BITSPERPEL		0x00040000
+#define DEVMODE_PELSWIDTH		0x00080000
+#define DEVMODE_PELSHEIGHT		0x00100000
+#define DEVMODE_DISPLAYFLAGS		0x00200000
+#define DEVMODE_DISPLAYFREQUENCY	0x00400000
+#define DEVMODE_ICMMETHOD		0x00800000
+#define DEVMODE_ICMINTENT		0x01000000
+#define DEVMODE_MEDIATYPE		0x02000000
+#define DEVMODE_DITHERTYPE		0x04000000
+#define DEVMODE_PANNINGWIDTH		0x08000000
+#define DEVMODE_PANNINGHEIGHT		0x10000000
+
+
+/* 
+ * Devicemode structure
+ */
+
+typedef struct devicemode
+{
+	UNISTR devicename;
+	uint16 specversion;
+	uint16 driverversion;
+	uint16 size;
+	uint16 driverextra;
+	uint32 fields;
+	uint16 orientation;
+	uint16 papersize;
+	uint16 paperlength;
+	uint16 paperwidth;
+	uint16 scale;
+	uint16 copies;
+	uint16 defaultsource;
+	uint16 printquality;
+	uint16 color;
+	uint16 duplex;
+	uint16 yresolution;
+	uint16 ttoption;
+	uint16 collate;
+	UNISTR formname;
+	uint16 logpixels;
+	uint32 bitsperpel;
+	uint32 pelswidth;
+	uint32 pelsheight;
+	uint32 displayflags;
+	uint32 displayfrequency;
+	uint32 icmmethod;
+	uint32 icmintent;
+	uint32 mediatype;
+	uint32 dithertype;
+	uint32 reserved1;
+	uint32 reserved2;
+	uint32 panningwidth;
+	uint32 panningheight;
+	uint8 *private;
+}
+DEVICEMODE;
+
+typedef struct _devmode_cont
+{
+	uint32 size;
+	uint32 devmode_ptr;
+	DEVICEMODE *devmode;
+}
+DEVMODE_CTR;
+
+typedef struct _printer_default
+{
+	uint32 datatype_ptr;
+	UNISTR2 datatype;
+	DEVMODE_CTR devmode_cont;
+	uint32 access_required;
+}
+PRINTER_DEFAULT;
+
+/* SPOOL_Q_OPEN_PRINTER request to open a printer */
+typedef struct spool_q_open_printer
+{
+	uint32 printername_ptr;
+	UNISTR2 printername;
+	PRINTER_DEFAULT printer_default;
+}
+SPOOL_Q_OPEN_PRINTER;
+
+/* SPOOL_R_OPEN_PRINTER reply to an open printer */
+typedef struct spool_r_open_printer
+{
+	POLICY_HND handle;	/* handle used along all transactions (20*uint8) */
+	WERROR status;
+}
+SPOOL_R_OPEN_PRINTER;
+
+/* SPOOL_Q_OPEN_PRINTER_EX request to open a printer */
+typedef struct spool_q_open_printer_ex
+{
+	uint32 printername_ptr;
+	UNISTR2 printername;
+	PRINTER_DEFAULT printer_default;
+	uint32 user_switch;
+	SPOOL_USER_CTR user_ctr;
+}
+SPOOL_Q_OPEN_PRINTER_EX;
+
+/* SPOOL_R_OPEN_PRINTER_EX reply to an open printer */
+typedef struct spool_r_open_printer_ex
+{
+	POLICY_HND handle;	/* handle used along all transactions (20*uint8) */
+	WERROR status;
+}
+SPOOL_R_OPEN_PRINTER_EX;
+
+typedef struct spool_notify_option_type
+{
+	uint16 type;
+	uint16 reserved0;
+	uint32 reserved1;
+	uint32 reserved2;
+	uint32 count;
+	uint32 fields_ptr;
+	uint32 count2;
+	uint16 fields[MAX_NOTIFY_TYPE_FOR_NOW];
+}
+SPOOL_NOTIFY_OPTION_TYPE;
+
+typedef struct spool_notify_option_type_ctr
+{
+	uint32 count;
+	SPOOL_NOTIFY_OPTION_TYPE *type;
+}
+SPOOL_NOTIFY_OPTION_TYPE_CTR;
+
+
+
+typedef struct s_header_type
+{
+	uint32 type;
+	union
+	{
+		uint32 value;
+		UNISTR string;
+	}
+	data;
+}
+HEADER_TYPE;
+
+typedef struct new_buffer
+{
+	uint32 ptr;
+	uint32 size;
+	prs_struct prs;
+	uint32 struct_start;
+	uint32 string_at_end;
+}
+NEW_BUFFER;
+
+typedef struct spool_q_getprinterdata
+{
+	POLICY_HND handle;
+	UNISTR2 valuename;
+	uint32 size;
+}
+SPOOL_Q_GETPRINTERDATA;
+
+typedef struct spool_r_getprinterdata
+{
+	uint32 type;
+	uint32 size;
+	uint8 *data;
+	uint32 needed;
+	WERROR status;
+}
+SPOOL_R_GETPRINTERDATA;
+
+typedef struct spool_q_deleteprinterdata
+{
+	POLICY_HND handle;
+	UNISTR2 valuename;
+}
+SPOOL_Q_DELETEPRINTERDATA;
+
+typedef struct spool_r_deleteprinterdata
+{
+	WERROR status;
+}
+SPOOL_R_DELETEPRINTERDATA;
+
+typedef struct spool_q_closeprinter
+{
+	POLICY_HND handle;
+}
+SPOOL_Q_CLOSEPRINTER;
+
+typedef struct spool_r_closeprinter
+{
+	POLICY_HND handle;
+	WERROR status;
+}
+SPOOL_R_CLOSEPRINTER;
+
+typedef struct spool_q_startpageprinter
+{
+	POLICY_HND handle;
+}
+SPOOL_Q_STARTPAGEPRINTER;
+
+typedef struct spool_r_startpageprinter
+{
+	WERROR status;
+}
+SPOOL_R_STARTPAGEPRINTER;
+
+typedef struct spool_q_endpageprinter
+{
+	POLICY_HND handle;
+}
+SPOOL_Q_ENDPAGEPRINTER;
+
+typedef struct spool_r_endpageprinter
+{
+	WERROR status;
+}
+SPOOL_R_ENDPAGEPRINTER;
+
+
+typedef struct spool_q_deleteprinterdriver
+{
+	uint32 server_ptr;
+	UNISTR2 server;
+	UNISTR2 arch;
+	UNISTR2 driver;
+}
+SPOOL_Q_DELETEPRINTERDRIVER;
+
+typedef struct spool_r_deleteprinterdriver
+{
+	WERROR status;
+}
+SPOOL_R_DELETEPRINTERDRIVER;
+
+
+typedef struct spool_doc_info_1
+{
+	uint32 p_docname;
+	uint32 p_outputfile;
+	uint32 p_datatype;
+	UNISTR2 docname;
+	UNISTR2 outputfile;
+	UNISTR2 datatype;
+}
+DOC_INFO_1;
+
+typedef struct spool_doc_info
+{
+	uint32 switch_value;
+	DOC_INFO_1 doc_info_1;
+}
+DOC_INFO;
+
+typedef struct spool_doc_info_container
+{
+	uint32 level;
+	DOC_INFO docinfo;
+}
+DOC_INFO_CONTAINER;
+
+typedef struct spool_q_startdocprinter
+{
+	POLICY_HND handle;
+	DOC_INFO_CONTAINER doc_info_container;
+}
+SPOOL_Q_STARTDOCPRINTER;
+
+typedef struct spool_r_startdocprinter
+{
+	uint32 jobid;
+	WERROR status;
+}
+SPOOL_R_STARTDOCPRINTER;
+
+typedef struct spool_q_enddocprinter
+{
+	POLICY_HND handle;
+}
+SPOOL_Q_ENDDOCPRINTER;
+
+typedef struct spool_r_enddocprinter
+{
+	WERROR status;
+}
+SPOOL_R_ENDDOCPRINTER;
+
+typedef struct spool_q_writeprinter
+{
+	POLICY_HND handle;
+	uint32 buffer_size;
+	uint8 *buffer;
+	uint32 buffer_size2;
+}
+SPOOL_Q_WRITEPRINTER;
+
+typedef struct spool_r_writeprinter
+{
+	uint32 buffer_written;
+	WERROR status;
+}
+SPOOL_R_WRITEPRINTER;
+
+typedef struct spool_notify_option
+{
+	uint32 version;
+	uint32 flags;
+	uint32 count;
+	uint32 option_type_ptr;
+	SPOOL_NOTIFY_OPTION_TYPE_CTR ctr;
+}
+SPOOL_NOTIFY_OPTION;
+
+typedef struct spool_notify_info_data
+{
+	uint16 type;
+	uint16 field;
+	uint32 reserved;
+	uint32 id;
+	union
+	{
+		uint32 value[2];
+		struct
+		{
+			uint32 length;
+			uint16 *string;
+		}
+		data;
+	}
+	notify_data;
+	uint32 size;
+	BOOL enc_type;
+} SPOOL_NOTIFY_INFO_DATA;
+
+typedef struct spool_notify_info
+{
+	uint32 version;
+	uint32 flags;
+	uint32 count;
+	SPOOL_NOTIFY_INFO_DATA *data;
+}
+SPOOL_NOTIFY_INFO;
+
+/* If the struct name looks obscure, yes it is ! */
+/* RemoteFindFirstPrinterChangeNotificationEx query struct */
+typedef struct spoolss_q_rffpcnex
+{
+	POLICY_HND handle;
+	uint32 flags;
+	uint32 options;
+	uint32 localmachine_ptr;
+	UNISTR2 localmachine;
+	uint32 printerlocal;
+	uint32 option_ptr;
+	SPOOL_NOTIFY_OPTION *option;
+}
+SPOOL_Q_RFFPCNEX;
+
+typedef struct spool_r_rffpcnex
+{
+	WERROR status;
+}
+SPOOL_R_RFFPCNEX;
+
+/* Remote Find Next Printer Change Notify Ex */
+typedef struct spool_q_rfnpcnex
+{
+	POLICY_HND handle;
+	uint32 change;
+	uint32 option_ptr;
+	SPOOL_NOTIFY_OPTION *option;
+}
+SPOOL_Q_RFNPCNEX;
+
+typedef struct spool_r_rfnpcnex
+{
+	uint32 info_ptr;
+	SPOOL_NOTIFY_INFO info;
+	WERROR status;
+}
+SPOOL_R_RFNPCNEX;
+
+/* Find Close Printer Notify */
+typedef struct spool_q_fcpn
+{
+	POLICY_HND handle;
+}
+SPOOL_Q_FCPN;
+
+typedef struct spool_r_fcpn
+{
+	WERROR status;
+}
+SPOOL_R_FCPN;
+
+
+typedef struct printer_info_0
+{
+	UNISTR printername;
+	UNISTR servername;
+	uint32 cjobs;
+	uint32 total_jobs;
+	uint32 total_bytes;
+	
+	uint16 year;
+	uint16 month;
+	uint16 dayofweek;
+	uint16 day;
+	uint16 hour;
+	uint16 minute;
+	uint16 second;
+	uint16 milliseconds;
+
+	uint32 global_counter;
+	uint32 total_pages;
+
+	uint16 major_version;
+	uint16 build_version;
+
+	uint32 unknown7;
+	uint32 unknown8;
+	uint32 unknown9;
+	uint32 session_counter;
+	uint32 unknown11;
+	uint32 printer_errors;
+	uint32 unknown13;
+	uint32 unknown14;
+	uint32 unknown15;
+	uint32 unknown16;
+	uint32 change_id;
+	uint32 unknown18;
+	uint32 status;
+	uint32 unknown20;
+	uint32 c_setprinter;
+
+	uint16 unknown22;
+	uint16 unknown23;
+	uint16 unknown24;
+	uint16 unknown25;
+	uint16 unknown26;
+	uint16 unknown27;
+	uint16 unknown28;
+	uint16 unknown29;
+} PRINTER_INFO_0;
+
+typedef struct printer_info_1
+{
+	uint32 flags;
+	UNISTR description;
+	UNISTR name;
+	UNISTR comment;
+}
+PRINTER_INFO_1;
+
+typedef struct printer_info_2
+{
+	UNISTR servername;
+	UNISTR printername;
+	UNISTR sharename;
+	UNISTR portname;
+	UNISTR drivername;
+	UNISTR comment;
+	UNISTR location;
+	DEVICEMODE *devmode;
+	UNISTR sepfile;
+	UNISTR printprocessor;
+	UNISTR datatype;
+	UNISTR parameters;
+	SEC_DESC *secdesc;
+	uint32 attributes;
+	uint32 priority;
+	uint32 defaultpriority;
+	uint32 starttime;
+	uint32 untiltime;
+	uint32 status;
+	uint32 cjobs;
+	uint32 averageppm;
+}
+PRINTER_INFO_2;
+
+typedef struct printer_info_3
+{
+	uint32 flags;
+	SEC_DESC *secdesc;
+}
+PRINTER_INFO_3;
+
+typedef struct printer_info_4
+{
+	UNISTR printername;
+	UNISTR servername;
+	uint32 attributes;
+}
+PRINTER_INFO_4;
+
+typedef struct printer_info_5
+{
+	UNISTR printername;
+	UNISTR portname;
+	uint32 attributes;
+	uint32 device_not_selected_timeout;
+	uint32 transmission_retry_timeout;
+}
+PRINTER_INFO_5;
+
+typedef struct spool_q_enumprinters
+{
+	uint32 flags;
+	uint32 servername_ptr;
+	UNISTR2 servername;
+	uint32 level;
+	NEW_BUFFER *buffer;
+	uint32 offered;
+}
+SPOOL_Q_ENUMPRINTERS;
+
+typedef struct printer_info_ctr_info
+{
+	PRINTER_INFO_0 *printers_0;
+	PRINTER_INFO_1 *printers_1;
+	PRINTER_INFO_2 *printers_2;
+	PRINTER_INFO_3 *printers_3;
+	PRINTER_INFO_4 *printers_4;
+	PRINTER_INFO_5 *printers_5;
+}
+PRINTER_INFO_CTR;
+
+typedef struct spool_r_enumprinters
+{
+	NEW_BUFFER *buffer;
+	uint32 needed;		/* bytes needed */
+	uint32 returned;	/* number of printers */
+	WERROR status;
+}
+SPOOL_R_ENUMPRINTERS;
+
+
+typedef struct spool_q_getprinter
+{
+	POLICY_HND handle;
+	uint32 level;
+	NEW_BUFFER *buffer;
+	uint32 offered;
+}
+SPOOL_Q_GETPRINTER;
+
+typedef struct printer_info_info
+{
+	union
+	{
+		PRINTER_INFO_0 *info0;
+		PRINTER_INFO_1 *info1;
+		PRINTER_INFO_2 *info2;
+		void *info;
+	} printer;
+} PRINTER_INFO;
+
+typedef struct spool_r_getprinter
+{
+	NEW_BUFFER *buffer;
+	uint32 needed;
+	WERROR status;
+} SPOOL_R_GETPRINTER;
+
+typedef struct driver_info_1
+{
+	UNISTR name;
+} DRIVER_INFO_1;
+
+typedef struct driver_info_2
+{
+	uint32 version;
+	UNISTR name;
+	UNISTR architecture;
+	UNISTR driverpath;
+	UNISTR datafile;
+	UNISTR configfile;
+} DRIVER_INFO_2;
+
+typedef struct driver_info_3
+{
+	uint32 version;
+	UNISTR name;
+	UNISTR architecture;
+	UNISTR driverpath;
+	UNISTR datafile;
+	UNISTR configfile;
+	UNISTR helpfile;
+	uint16 *dependentfiles;
+	UNISTR monitorname;
+	UNISTR defaultdatatype;
+}
+DRIVER_INFO_3;
+
+typedef struct driver_info_6
+{
+	uint32 version;
+	UNISTR name;
+	UNISTR architecture;
+	UNISTR driverpath;
+	UNISTR datafile;
+	UNISTR configfile;
+	UNISTR helpfile;
+	uint16 *dependentfiles;
+	UNISTR monitorname;
+	UNISTR defaultdatatype;
+	uint16* previousdrivernames;
+	NTTIME driver_date;
+	uint32 padding;
+	uint32 driver_version_low;
+	uint32 driver_version_high;
+	UNISTR mfgname;
+	UNISTR oem_url;
+	UNISTR hardware_id;
+	UNISTR provider;
+}
+DRIVER_INFO_6;
+
+typedef struct driver_info_info
+{
+	DRIVER_INFO_1 *info1;
+	DRIVER_INFO_2 *info2;
+	DRIVER_INFO_3 *info3;
+	DRIVER_INFO_6 *info6;
+}
+PRINTER_DRIVER_CTR;
+
+typedef struct spool_q_getprinterdriver2
+{
+	POLICY_HND handle;
+	uint32 architecture_ptr;
+	UNISTR2 architecture;
+	uint32 level;
+	NEW_BUFFER *buffer;
+	uint32 offered;
+	uint32 clientmajorversion;
+	uint32 clientminorversion;
+}
+SPOOL_Q_GETPRINTERDRIVER2;
+
+typedef struct spool_r_getprinterdriver2
+{
+	NEW_BUFFER *buffer;
+	uint32 needed;
+	uint32 servermajorversion;
+	uint32 serverminorversion;
+	WERROR status;
+}
+SPOOL_R_GETPRINTERDRIVER2;
+
+
+typedef struct add_jobinfo_1
+{
+	UNISTR path;
+	uint32 job_number;
+}
+ADD_JOBINFO_1;
+
+
+typedef struct spool_q_addjob
+{
+	POLICY_HND handle;
+	uint32 level;
+	NEW_BUFFER *buffer;
+	uint32 offered;
+}
+SPOOL_Q_ADDJOB;
+
+typedef struct spool_r_addjob
+{
+	NEW_BUFFER *buffer;
+	uint32 needed;
+	WERROR status;
+}
+SPOOL_R_ADDJOB;
+
+/*
+ * I'm really wondering how many different time formats
+ * I will have to cope with
+ *
+ * JFM, 09/13/98 In a mad mood ;-(
+*/
+typedef struct systemtime
+{
+	uint16 year;
+	uint16 month;
+	uint16 dayofweek;
+	uint16 day;
+	uint16 hour;
+	uint16 minute;
+	uint16 second;
+	uint16 milliseconds;
+}
+SYSTEMTIME;
+
+typedef struct s_job_info_1
+{
+	uint32 jobid;
+	UNISTR printername;
+	UNISTR machinename;
+	UNISTR username;
+	UNISTR document;
+	UNISTR datatype;
+	UNISTR text_status;
+	uint32 status;
+	uint32 priority;
+	uint32 position;
+	uint32 totalpages;
+	uint32 pagesprinted;
+	SYSTEMTIME submitted;
+}
+JOB_INFO_1;
+
+typedef struct s_job_info_2
+{
+	uint32 jobid;
+	UNISTR printername;
+	UNISTR machinename;
+	UNISTR username;
+	UNISTR document;
+	UNISTR notifyname;
+	UNISTR datatype;
+	UNISTR printprocessor;
+	UNISTR parameters;
+	UNISTR drivername;
+	DEVICEMODE *devmode;
+	UNISTR text_status;
+/*	SEC_DESC sec_desc;*/
+	uint32 status;
+	uint32 priority;
+	uint32 position;
+	uint32 starttime;
+	uint32 untiltime;
+	uint32 totalpages;
+	uint32 size;
+	SYSTEMTIME submitted;
+	uint32 timeelapsed;
+	uint32 pagesprinted;
+}
+JOB_INFO_2;
+
+typedef struct spool_q_enumjobs
+{
+	POLICY_HND handle;
+	uint32 firstjob;
+	uint32 numofjobs;
+	uint32 level;
+	NEW_BUFFER *buffer;
+	uint32 offered;
+}
+SPOOL_Q_ENUMJOBS;
+
+typedef struct job_info_ctr_info
+{
+	union
+	{
+		JOB_INFO_1 **job_info_1;
+		JOB_INFO_2 **job_info_2;
+		void *info;
+	} job;
+
+} JOB_INFO_CTR;
+
+typedef struct spool_r_enumjobs
+{
+	NEW_BUFFER *buffer;
+	uint32 needed;
+	uint32 returned;
+	WERROR status;
+}
+SPOOL_R_ENUMJOBS;
+
+typedef struct spool_q_schedulejob
+{
+	POLICY_HND handle;
+	uint32 jobid;
+}
+SPOOL_Q_SCHEDULEJOB;
+
+typedef struct spool_r_schedulejob
+{
+	WERROR status;
+}
+SPOOL_R_SCHEDULEJOB;
+
+typedef struct s_port_info_1
+{
+	UNISTR port_name;
+}
+PORT_INFO_1;
+
+typedef struct s_port_info_2
+{
+	UNISTR port_name;
+	UNISTR monitor_name;
+	UNISTR description;
+	uint32 port_type;
+	uint32 reserved;
+}
+PORT_INFO_2;
+
+typedef struct spool_q_enumports
+{
+	uint32 name_ptr;
+	UNISTR2 name;
+	uint32 level;
+	NEW_BUFFER *buffer;
+	uint32 offered;
+}
+SPOOL_Q_ENUMPORTS;
+
+typedef struct port_info_ctr_info
+{
+	union
+	{
+		PORT_INFO_1 *info_1;
+		PORT_INFO_2 *info_2;
+	}
+	port;
+
+}
+PORT_INFO_CTR;
+
+typedef struct spool_r_enumports
+{
+	NEW_BUFFER *buffer;
+	uint32 needed;		/* bytes needed */
+	uint32 returned;	/* number of printers */
+	WERROR status;
+}
+SPOOL_R_ENUMPORTS;
+
+#define JOB_CONTROL_PAUSE              1
+#define JOB_CONTROL_RESUME             2
+#define JOB_CONTROL_CANCEL             3
+#define JOB_CONTROL_RESTART            4
+#define JOB_CONTROL_DELETE             5
+
+typedef struct job_info_info
+{
+	union
+	{
+		JOB_INFO_1 job_info_1;
+		JOB_INFO_2 job_info_2;
+	}
+	job;
+
+}
+JOB_INFO;
+
+typedef struct spool_q_setjob
+{
+	POLICY_HND handle;
+	uint32 jobid;
+	uint32 level;
+	JOB_INFO ctr;
+	uint32 command;
+
+}
+SPOOL_Q_SETJOB;
+
+typedef struct spool_r_setjob
+{
+	WERROR status;
+
+}
+SPOOL_R_SETJOB;
+
+typedef struct spool_q_enumprinterdrivers
+{
+	uint32 name_ptr;
+	UNISTR2 name;
+	uint32 environment_ptr;
+	UNISTR2 environment;
+	uint32 level;
+	NEW_BUFFER *buffer;
+	uint32 offered;
+}
+SPOOL_Q_ENUMPRINTERDRIVERS;
+
+typedef struct spool_r_enumprinterdrivers
+{
+	NEW_BUFFER *buffer;
+	uint32 needed;
+	uint32 returned;
+	WERROR status;
+}
+SPOOL_R_ENUMPRINTERDRIVERS;
+
+#define FORM_USER    0
+#define FORM_BUILTIN 1
+#define FORM_PRINTER 2
+
+typedef struct spool_form_1
+{
+	uint32 flag;
+	UNISTR name;
+	uint32 width;
+	uint32 length;
+	uint32 left;
+	uint32 top;
+	uint32 right;
+	uint32 bottom;
+}
+FORM_1;
+
+typedef struct spool_q_enumforms
+{
+	POLICY_HND handle;
+	uint32 level;
+	NEW_BUFFER *buffer;
+	uint32 offered;
+}
+SPOOL_Q_ENUMFORMS;
+
+typedef struct spool_r_enumforms
+{
+	NEW_BUFFER *buffer;
+	uint32 needed;
+	uint32 numofforms;
+	WERROR status;
+}
+SPOOL_R_ENUMFORMS;
+
+typedef struct spool_q_getform
+{
+	POLICY_HND handle;
+	UNISTR2 formname;
+	uint32 level;
+	NEW_BUFFER *buffer;
+	uint32 offered;
+}
+SPOOL_Q_GETFORM;
+
+typedef struct spool_r_getform
+{
+	NEW_BUFFER *buffer;
+	uint32 needed;
+	WERROR status;
+}
+SPOOL_R_GETFORM;
+
+typedef struct spool_printer_info_level_1
+{
+	uint32 flags;
+	uint32 description_ptr;
+	uint32 name_ptr;
+	uint32 comment_ptr;
+	UNISTR2 description;
+	UNISTR2 name;
+	UNISTR2 comment;	
+} SPOOL_PRINTER_INFO_LEVEL_1;
+
+typedef struct spool_printer_info_level_2
+{
+	uint32 servername_ptr;
+	uint32 printername_ptr;
+	uint32 sharename_ptr;
+	uint32 portname_ptr;
+	uint32 drivername_ptr;
+	uint32 comment_ptr;
+	uint32 location_ptr;
+	uint32 devmode_ptr;
+	uint32 sepfile_ptr;
+	uint32 printprocessor_ptr;
+	uint32 datatype_ptr;
+	uint32 parameters_ptr;
+	uint32 secdesc_ptr;
+	uint32 attributes;
+	uint32 priority;
+	uint32 default_priority;
+	uint32 starttime;
+	uint32 untiltime;
+	uint32 status;
+	uint32 cjobs;
+	uint32 averageppm;
+	UNISTR2 servername;
+	UNISTR2 printername;
+	UNISTR2 sharename;
+	UNISTR2 portname;
+	UNISTR2 drivername;
+	UNISTR2 comment;
+	UNISTR2 location;
+	UNISTR2 sepfile;
+	UNISTR2 printprocessor;
+	UNISTR2 datatype;
+	UNISTR2 parameters;
+}
+SPOOL_PRINTER_INFO_LEVEL_2;
+
+typedef struct spool_printer_info_level_3
+{
+	uint32 secdesc_ptr;
+}
+SPOOL_PRINTER_INFO_LEVEL_3;
+
+typedef struct spool_printer_info_level
+{
+	uint32 level;
+	uint32 info_ptr;
+	SPOOL_PRINTER_INFO_LEVEL_1 *info_1;
+	SPOOL_PRINTER_INFO_LEVEL_2 *info_2;
+	SPOOL_PRINTER_INFO_LEVEL_3 *info_3;
+}
+SPOOL_PRINTER_INFO_LEVEL;
+
+typedef struct spool_printer_driver_info_level_3
+{
+	uint32 cversion;
+	uint32 name_ptr;
+	uint32 environment_ptr;
+	uint32 driverpath_ptr;
+	uint32 datafile_ptr;
+	uint32 configfile_ptr;
+	uint32 helpfile_ptr;
+	uint32 monitorname_ptr;
+	uint32 defaultdatatype_ptr;
+	uint32 dependentfilessize;
+	uint32 dependentfiles_ptr;
+
+	UNISTR2 name;
+	UNISTR2 environment;
+	UNISTR2 driverpath;
+	UNISTR2 datafile;
+	UNISTR2 configfile;
+	UNISTR2 helpfile;
+	UNISTR2 monitorname;
+	UNISTR2 defaultdatatype;
+	BUFFER5 dependentfiles;
+
+}
+SPOOL_PRINTER_DRIVER_INFO_LEVEL_3;
+
+/* SPOOL_PRINTER_DRIVER_INFO_LEVEL_6 structure */
+typedef struct {
+	uint32 version;
+	uint32 name_ptr;
+	uint32 environment_ptr;
+	uint32 driverpath_ptr;
+	uint32 datafile_ptr;
+	uint32 configfile_ptr;
+	uint32 helpfile_ptr;
+	uint32 monitorname_ptr;
+	uint32 defaultdatatype_ptr;
+	uint32 dependentfiles_len;
+	uint32 dependentfiles_ptr;
+	uint32 previousnames_len;
+	uint32 previousnames_ptr;
+	NTTIME	driverdate;
+	UINT64_S	driverversion;
+	uint32	dummy4;
+	uint32 mfgname_ptr;
+	uint32 oemurl_ptr;
+	uint32 hardwareid_ptr;
+	uint32 provider_ptr;
+	UNISTR2	name;
+	UNISTR2	environment;
+	UNISTR2	driverpath;
+	UNISTR2	datafile;
+	UNISTR2	configfile;
+	UNISTR2	helpfile;
+	UNISTR2	monitorname;
+	UNISTR2	defaultdatatype;
+	BUFFER5	dependentfiles;
+	BUFFER5	previousnames;
+	UNISTR2	mfgname;
+	UNISTR2	oemurl;
+	UNISTR2	hardwareid;
+	UNISTR2	provider;
+} SPOOL_PRINTER_DRIVER_INFO_LEVEL_6;
+
+
+typedef struct spool_printer_driver_info_level
+{
+	uint32 level;
+	uint32 ptr;
+	SPOOL_PRINTER_DRIVER_INFO_LEVEL_3 *info_3;
+	SPOOL_PRINTER_DRIVER_INFO_LEVEL_6 *info_6;
+}
+SPOOL_PRINTER_DRIVER_INFO_LEVEL;
+
+
+/* this struct is undocumented */
+/* thanks to the ddk ... */
+typedef struct spool_user_level_1
+{
+	uint32 size;
+	uint32 client_name_ptr;
+	uint32 user_name_ptr;
+	uint32 build;
+	uint32 major;
+	uint32 minor;
+	uint32 processor;
+	UNISTR2 client_name;
+	UNISTR2 user_name;
+}
+SPOOL_USER_LEVEL_1;
+
+typedef struct spool_user_level
+{
+	SPOOL_USER_LEVEL_1 *user_level_1;
+}
+SPOOL_USER_LEVEL;
+
+typedef struct spool_q_setprinter
+{
+	POLICY_HND handle;
+	uint32 level;
+	SPOOL_PRINTER_INFO_LEVEL info;
+	SEC_DESC_BUF *secdesc_ctr;
+	DEVMODE_CTR devmode_ctr;
+
+	uint32 command;
+
+}
+SPOOL_Q_SETPRINTER;
+
+typedef struct spool_r_setprinter
+{
+	WERROR status;
+}
+SPOOL_R_SETPRINTER;
+
+typedef struct spool_q_addprinter
+{
+	UNISTR2 server_name;
+	uint32 level;
+	SPOOL_PRINTER_INFO_LEVEL info;
+	DEVMODE_CTR devmode_ctr;
+	SEC_DESC_BUF *secdesc_ctr;
+	uint32 user_level;
+	SPOOL_USER_LEVEL user;
+}
+SPOOL_Q_ADDPRINTER;
+
+typedef struct spool_r_addprinter
+{
+	WERROR status;
+}
+SPOOL_R_ADDPRINTER;
+
+typedef struct spool_q_deleteprinter
+{
+	POLICY_HND handle;
+}
+SPOOL_Q_DELETEPRINTER;
+
+typedef struct spool_r_deleteprinter
+{
+	POLICY_HND handle;
+	WERROR status;
+}
+SPOOL_R_DELETEPRINTER;
+
+typedef struct spool_q_abortprinter
+{
+	POLICY_HND handle;
+}
+SPOOL_Q_ABORTPRINTER;
+
+typedef struct spool_r_abortprinter
+{
+	WERROR status;
+}
+SPOOL_R_ABORTPRINTER;
+
+
+typedef struct spool_q_addprinterex
+{
+	uint32 server_name_ptr;
+	UNISTR2 server_name;
+	uint32 level;
+	SPOOL_PRINTER_INFO_LEVEL info;
+	DEVMODE_CTR devmode_ctr;
+	SEC_DESC_BUF *secdesc_ctr;
+	uint32 user_switch;
+	SPOOL_USER_CTR user_ctr;
+}
+SPOOL_Q_ADDPRINTEREX;
+
+typedef struct spool_r_addprinterex
+{
+	POLICY_HND handle;
+	WERROR status;
+}
+SPOOL_R_ADDPRINTEREX;
+
+
+typedef struct spool_q_addprinterdriver
+{
+	uint32 server_name_ptr;
+	UNISTR2 server_name;
+	uint32 level;
+	SPOOL_PRINTER_DRIVER_INFO_LEVEL info;
+}
+SPOOL_Q_ADDPRINTERDRIVER;
+
+typedef struct spool_r_addprinterdriver
+{
+	WERROR status;
+}
+SPOOL_R_ADDPRINTERDRIVER;
+
+
+typedef struct driver_directory_1
+{
+	UNISTR name;
+}
+DRIVER_DIRECTORY_1;
+
+typedef struct driver_info_ctr_info
+{
+	DRIVER_DIRECTORY_1 *info1;
+}
+DRIVER_DIRECTORY_CTR;
+
+typedef struct spool_q_getprinterdriverdirectory
+{
+	uint32 name_ptr;
+	UNISTR2 name;
+	uint32 environment_ptr;
+	UNISTR2 environment;
+	uint32 level;
+	NEW_BUFFER *buffer;
+	uint32 offered;
+}
+SPOOL_Q_GETPRINTERDRIVERDIR;
+
+typedef struct spool_r_getprinterdriverdirectory
+{
+	NEW_BUFFER *buffer;
+	uint32 needed;
+	WERROR status;
+}
+SPOOL_R_GETPRINTERDRIVERDIR;
+
+typedef struct spool_q_addprintprocessor
+{
+	uint32 server_ptr;
+	UNISTR2 server;
+	UNISTR2 environment;
+	UNISTR2 path;
+	UNISTR2 name;
+}
+SPOOL_Q_ADDPRINTPROCESSOR;
+
+typedef struct spool_r_addprintprocessor
+{
+	WERROR status;
+}
+SPOOL_R_ADDPRINTPROCESSOR;
+
+
+typedef struct spool_q_enumprintprocessors
+{
+	uint32 name_ptr;
+	UNISTR2 name;
+	uint32 environment_ptr;
+	UNISTR2 environment;
+	uint32 level;
+	NEW_BUFFER *buffer;
+	uint32 offered;
+}
+SPOOL_Q_ENUMPRINTPROCESSORS;
+
+typedef struct printprocessor_1
+{
+	UNISTR name;
+}
+PRINTPROCESSOR_1;
+
+typedef struct spool_r_enumprintprocessors
+{
+	NEW_BUFFER *buffer;
+	uint32 needed;
+	uint32 returned;
+	WERROR status;
+}
+SPOOL_R_ENUMPRINTPROCESSORS;
+
+typedef struct spool_q_enumprintprocdatatypes
+{
+	uint32 name_ptr;
+	UNISTR2 name;
+	uint32 processor_ptr;
+	UNISTR2 processor;
+	uint32 level;
+	NEW_BUFFER *buffer;
+	uint32 offered;
+}
+SPOOL_Q_ENUMPRINTPROCDATATYPES;
+
+typedef struct ppdatatype_1
+{
+	UNISTR name;
+}
+PRINTPROCDATATYPE_1;
+
+typedef struct spool_r_enumprintprocdatatypes
+{
+	NEW_BUFFER *buffer;
+	uint32 needed;
+	uint32 returned;
+	WERROR status;
+}
+SPOOL_R_ENUMPRINTPROCDATATYPES;
+
+typedef struct printmonitor_1
+{
+	UNISTR name;
+}
+PRINTMONITOR_1;
+
+typedef struct printmonitor_2
+{
+	UNISTR name;
+	UNISTR environment;
+	UNISTR dll_name;
+}
+PRINTMONITOR_2;
+
+typedef struct spool_q_enumprintmonitors
+{
+	uint32 name_ptr;
+	UNISTR2 name;
+	uint32 level;
+	NEW_BUFFER *buffer;
+	uint32 offered;
+}
+SPOOL_Q_ENUMPRINTMONITORS;
+
+typedef struct spool_r_enumprintmonitors
+{
+	NEW_BUFFER *buffer;
+	uint32 needed;
+	uint32 returned;
+	WERROR status;
+}
+SPOOL_R_ENUMPRINTMONITORS;
+
+
+typedef struct spool_q_enumprinterdata
+{
+	POLICY_HND handle;
+	uint32 index;
+	uint32 valuesize;
+	uint32 datasize;
+}
+SPOOL_Q_ENUMPRINTERDATA;
+
+typedef struct spool_r_enumprinterdata
+{
+	uint32 valuesize;
+	uint16 *value;
+	uint32 realvaluesize;
+	uint32 type;
+	uint32 datasize;
+	uint8 *data;
+	uint32 realdatasize;
+	WERROR status;
+}
+SPOOL_R_ENUMPRINTERDATA;
+
+typedef struct spool_q_setprinterdata
+{
+	POLICY_HND handle;
+	UNISTR2 value;
+	uint32 type;
+	uint32 max_len;
+	uint8 *data;
+	uint32 real_len;
+	uint32 numeric_data;
+}
+SPOOL_Q_SETPRINTERDATA;
+
+typedef struct spool_r_setprinterdata
+{
+	WERROR status;
+}
+SPOOL_R_SETPRINTERDATA;
+
+typedef struct spool_q_resetprinter
+{
+	POLICY_HND handle;
+	uint32 datatype_ptr;
+	UNISTR2 datatype;
+	DEVMODE_CTR devmode_ctr;
+
+} SPOOL_Q_RESETPRINTER;
+
+typedef struct spool_r_resetprinter
+{
+	WERROR status;
+} 
+SPOOL_R_RESETPRINTER;
+
+
+
+typedef struct _form
+{
+	uint32 flags;
+	uint32 name_ptr;
+	uint32 size_x;
+	uint32 size_y;
+	uint32 left;
+	uint32 top;
+	uint32 right;
+	uint32 bottom;
+	UNISTR2 name;
+}
+FORM;
+
+typedef struct spool_q_addform
+{
+	POLICY_HND handle;
+	uint32 level;
+	uint32 level2;		/* This should really be part of the FORM structure */
+	FORM form;
+}
+SPOOL_Q_ADDFORM;
+
+typedef struct spool_r_addform
+{
+	WERROR status;
+}
+SPOOL_R_ADDFORM;
+
+typedef struct spool_q_setform
+{
+	POLICY_HND handle;
+	UNISTR2 name;
+	uint32 level;
+	uint32 level2;
+	FORM form;
+}
+SPOOL_Q_SETFORM;
+
+typedef struct spool_r_setform
+{
+	WERROR status;
+}
+SPOOL_R_SETFORM;
+
+typedef struct spool_q_deleteform
+{
+	POLICY_HND handle;
+	UNISTR2 name;
+}
+SPOOL_Q_DELETEFORM;
+
+typedef struct spool_r_deleteform
+{
+	WERROR status;
+}
+SPOOL_R_DELETEFORM;
+
+typedef struct spool_q_getjob
+{
+	POLICY_HND handle;
+	uint32 jobid;
+	uint32 level;
+	NEW_BUFFER *buffer;
+	uint32 offered;
+}
+SPOOL_Q_GETJOB;
+
+typedef struct pjob_info_info
+{
+	union
+	{
+		JOB_INFO_1 *job_info_1;
+		JOB_INFO_2 *job_info_2;
+		void *info;
+	}
+	job;
+
+}
+PJOB_INFO;
+
+typedef struct spool_r_getjob
+{
+	NEW_BUFFER *buffer;
+	uint32 needed;
+	WERROR status;
+}
+SPOOL_R_GETJOB;
+
+typedef struct spool_q_replyopenprinter
+{
+	UNISTR2 string;
+	uint32 printer;
+	uint32 type;
+	uint32 unknown0;
+	uint32 unknown1;
+}
+SPOOL_Q_REPLYOPENPRINTER;
+
+typedef struct spool_r_replyopenprinter
+{
+	POLICY_HND handle;
+	WERROR status;
+}
+SPOOL_R_REPLYOPENPRINTER;
+
+typedef struct spool_q_routerreplyprinter
+{
+	POLICY_HND handle;
+	uint32 condition;
+	uint32 unknown1;	/* 0x00000001 */
+	uint32 change_id;
+	uint8  unknown2[5];	/* 0x0000000001 */
+}
+SPOOL_Q_ROUTERREPLYPRINTER;
+
+typedef struct spool_r_routerreplyprinter
+{
+	WERROR status;
+}
+SPOOL_R_ROUTERREPLYPRINTER;
+
+typedef struct spool_q_replycloseprinter
+{
+	POLICY_HND handle;
+}
+SPOOL_Q_REPLYCLOSEPRINTER;
+
+typedef struct spool_r_replycloseprinter
+{
+	POLICY_HND handle;
+	WERROR status;
+}
+SPOOL_R_REPLYCLOSEPRINTER;
+
+typedef struct spool_q_rrpcn
+{
+	POLICY_HND handle;
+	uint32 change_low;
+	uint32 change_high;
+	uint32 unknown0;
+	uint32 unknown1;
+	uint32 info_ptr;
+	SPOOL_NOTIFY_INFO info;	
+}
+SPOOL_Q_REPLY_RRPCN;
+
+typedef struct spool_r_rrpcn
+{
+	uint32 unknown0;
+	WERROR status;
+}
+SPOOL_R_REPLY_RRPCN;
+
+typedef struct spool_q_getprinterdataex
+{
+	POLICY_HND handle;
+	UNISTR2 keyname;
+        UNISTR2 valuename;
+	uint32 size;
+}
+SPOOL_Q_GETPRINTERDATAEX;
+
+typedef struct spool_r_getprinterdataex
+{
+	uint32 type;
+	uint32 size;
+	uint8 *data;
+	uint32 needed;
+	WERROR status;
+}
+SPOOL_R_GETPRINTERDATAEX;
+
+typedef struct spool_q_setprinterdataex
+{
+	POLICY_HND handle;
+	UNISTR2 key;
+	UNISTR2 value;
+	uint32 type;
+	uint32 max_len;
+	uint8 *data;
+	uint32 real_len;
+	uint32 numeric_data;
+}
+SPOOL_Q_SETPRINTERDATAEX;
+
+typedef struct spool_r_setprinterdataex
+{
+	WERROR status;
+}
+SPOOL_R_SETPRINTERDATAEX;
+
+
+typedef struct spool_q_enumprinterkey
+{
+	POLICY_HND handle;
+	UNISTR2 key;
+	uint32 size;
+}
+SPOOL_Q_ENUMPRINTERKEY;
+
+typedef struct spool_r_enumprinterkey
+{
+	BUFFER5 keys;
+	uint32 needed;	/* in bytes */
+	WERROR status;
+}
+SPOOL_R_ENUMPRINTERKEY;
+
+typedef struct printer_enum_values
+{
+	UNISTR valuename;
+	uint32 value_len;
+	uint32 type;
+	uint8  *data;
+	uint32 data_len; 
+	
+}
+PRINTER_ENUM_VALUES;
+
+typedef struct printer_enum_values_ctr
+{
+	uint32 size;
+	uint32 size_of_array;
+	PRINTER_ENUM_VALUES *values;
+}
+PRINTER_ENUM_VALUES_CTR;
+
+typedef struct spool_q_enumprinterdataex
+{
+	POLICY_HND handle;
+	UNISTR2 key;
+	uint32 size;
+}
+SPOOL_Q_ENUMPRINTERDATAEX;
+
+typedef struct spool_r_enumprinterdataex
+{
+	PRINTER_ENUM_VALUES_CTR ctr;
+	uint32 needed;
+	uint32 returned;
+	WERROR status;
+}
+SPOOL_R_ENUMPRINTERDATAEX;
+
+typedef struct printprocessor_directory_1
+{
+	UNISTR name;
+}
+PRINTPROCESSOR_DIRECTORY_1;
+
+typedef struct spool_q_getprintprocessordirectory
+{
+	UNISTR2 name;
+	UNISTR2 environment;
+	uint32 level;
+	NEW_BUFFER *buffer;
+	uint32 offered;
+}
+SPOOL_Q_GETPRINTPROCESSORDIRECTORY;
+
+typedef struct spool_r_getprintprocessordirectory
+{
+	NEW_BUFFER *buffer;
+	uint32 needed;
+	WERROR status;
+}
+SPOOL_R_GETPRINTPROCESSORDIRECTORY;
+
+#define PRINTER_DRIVER_VERSION 2
+#define PRINTER_DRIVER_ARCHITECTURE "Windows NT x86"
+
+#endif /* _RPC_SPOOLSS_H */
+
diff --git a/source3/include/rpc_srvsvc.h b/source3/include/rpc_srvsvc.h
new file mode 100644
index 0000000000..5ebb41036e
--- /dev/null
+++ b/source3/include/rpc_srvsvc.h
@@ -0,0 +1,834 @@
+/*
+   Unix SMB/CIFS implementation.
+   SMB parameters and setup
+   Copyright (C) Andrew Tridgell 1992-1997
+   Copyright (C) Luke Kenneth Casson Leighton 1996-1997
+   Copyright (C) Paul Ashton 1997
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _RPC_SRVSVC_H /* _RPC_SRVSVC_H */
+#define _RPC_SRVSVC_H 
+
+
+/* srvsvc pipe */
+#define SRV_NETCONNENUM        0x08
+#define SRV_NETFILEENUM        0x09
+#define SRV_NETSESSENUM        0x0c
+#define SRV_NET_SHARE_ADD      0x0e
+#define SRV_NETSHAREENUM_ALL   0x0f
+#define SRV_NET_SHARE_GET_INFO 0x10
+#define SRV_NET_SHARE_SET_INFO 0x11
+#define SRV_NET_SHARE_DEL      0x12
+#define SRV_NET_SRV_GET_INFO   0x15
+#define SRV_NET_SRV_SET_INFO   0x16
+#define SRV_NET_DISK_ENUM      0x17
+#define SRV_NET_REMOTE_TOD     0x1c
+#define SRV_NET_NAME_VALIDATE  0x21
+#define SRV_NETSHAREENUM       0x24
+#define SRV_NETFILEQUERYSECDESC 0x27
+#define SRV_NETFILESETSECDESC	0x28
+
+#define MAX_SERVER_DISK_ENTRIES 15
+
+typedef struct disk_info {
+	uint32  unknown;
+	UNISTR3 disk_name;
+} DISK_INFO;
+
+typedef struct disk_enum_container {
+	uint32 level;
+	uint32 entries_read;
+	uint32 unknown;
+	uint32 disk_info_ptr;
+	DISK_INFO disk_info[MAX_SERVER_DISK_ENTRIES];
+} DISK_ENUM_CONTAINER;
+
+typedef struct net_srv_disk_enum {
+	uint32 ptr_srv_name;         /* pointer (to server name?) */
+	UNISTR2 uni_srv_name;        /* server name */
+
+	DISK_ENUM_CONTAINER disk_enum_ctr;
+
+	uint32 preferred_len;        /* preferred maximum length (0xffff ffff) */
+	uint32 total_entries;        /* total number of entries */
+	ENUM_HND enum_hnd;
+	WERROR status;               /* return status */
+} SRV_Q_NET_DISK_ENUM, SRV_R_NET_DISK_ENUM;
+
+typedef struct net_name_validate {
+	uint32 ptr_srv_name;
+	UNISTR2 uni_srv_name;
+	UNISTR2 uni_name; /*name to validate*/
+	uint32 type;
+	uint32 flags;
+	WERROR status;
+} SRV_Q_NET_NAME_VALIDATE, SRV_R_NET_NAME_VALIDATE;
+
+/* SESS_INFO_0 (pointers to level 0 session info strings) */
+typedef struct ptr_sess_info0
+{
+	uint32 ptr_name; /* pointer to name. */
+
+} SESS_INFO_0;
+
+/* SESS_INFO_0_STR (level 0 session info strings) */
+typedef struct str_sess_info0
+{
+	UNISTR2 uni_name; /* unicode string of name */
+
+} SESS_INFO_0_STR;
+
+/* oops - this is going to take up a *massive* amount of stack. */
+/* the UNISTR2s already have 1024 uint16 chars in them... */
+#define MAX_SESS_ENTRIES 32
+
+/* SRV_SESS_INFO_0 */
+typedef struct srv_sess_info_0_info
+{
+	uint32 num_entries_read;                     /* EntriesRead */
+	uint32 ptr_sess_info;                       /* Buffer */
+	uint32 num_entries_read2;                    /* EntriesRead */
+
+	SESS_INFO_0     info_0    [MAX_SESS_ENTRIES]; /* session entry pointers */
+	SESS_INFO_0_STR info_0_str[MAX_SESS_ENTRIES]; /* session entry strings */
+
+} SRV_SESS_INFO_0;
+
+/* SESS_INFO_1 (pointers to level 1 session info strings) */
+typedef struct ptr_sess_info1
+{
+	uint32 ptr_name; /* pointer to name. */
+	uint32 ptr_user; /* pointer to user name. */
+
+	uint32 num_opens;
+	uint32 open_time;
+	uint32 idle_time;
+	uint32 user_flags;
+
+} SESS_INFO_1;
+
+/* SESS_INFO_1_STR (level 1 session info strings) */
+typedef struct str_sess_info1
+{
+	UNISTR2 uni_name; /* unicode string of name */
+	UNISTR2 uni_user; /* unicode string of user */
+
+} SESS_INFO_1_STR;
+
+/* SRV_SESS_INFO_1 */
+typedef struct srv_sess_info_1_info
+{
+	uint32 num_entries_read;                     /* EntriesRead */
+	uint32 ptr_sess_info;                       /* Buffer */
+	uint32 num_entries_read2;                    /* EntriesRead */
+
+	SESS_INFO_1     info_1    [MAX_SESS_ENTRIES]; /* session entry pointers */
+	SESS_INFO_1_STR info_1_str[MAX_SESS_ENTRIES]; /* session entry strings */
+
+} SRV_SESS_INFO_1;
+
+/* SRV_SESS_INFO_CTR */
+typedef struct srv_sess_info_ctr_info
+{
+	uint32 switch_value;         /* switch value */
+	uint32 ptr_sess_ctr;       /* pointer to sess info union */
+	union
+    {
+		SRV_SESS_INFO_0 info0; /* session info level 0 */
+		SRV_SESS_INFO_1 info1; /* session info level 1 */
+
+    } sess;
+
+} SRV_SESS_INFO_CTR;
+
+
+/* SRV_Q_NET_SESS_ENUM */
+typedef struct q_net_sess_enum_info
+{
+	uint32 ptr_srv_name;         /* pointer (to server name?) */
+	UNISTR2 uni_srv_name;        /* server name */
+
+	uint32 ptr_qual_name;         /* pointer (to qualifier name) */
+	UNISTR2 uni_qual_name;        /* qualifier name "\\qualifier" */
+
+	uint32 sess_level;          /* session level */
+
+	SRV_SESS_INFO_CTR *ctr;
+
+	uint32 preferred_len;        /* preferred maximum length (0xffff ffff) */
+	ENUM_HND enum_hnd;
+
+} SRV_Q_NET_SESS_ENUM;
+
+/* SRV_R_NET_SESS_ENUM */
+typedef struct r_net_sess_enum_info
+{
+	uint32 sess_level;          /* share level */
+
+	SRV_SESS_INFO_CTR *ctr;
+
+	uint32 total_entries;                    /* total number of entries */
+	ENUM_HND enum_hnd;
+
+	WERROR status;               /* return status */
+
+} SRV_R_NET_SESS_ENUM;
+
+/* CONN_INFO_0 (pointers to level 0 connection info strings) */
+typedef struct ptr_conn_info0
+{
+	uint32 id; /* connection id. */
+
+} CONN_INFO_0;
+
+/* oops - this is going to take up a *massive* amount of stack. */
+/* the UNISTR2s already have 1024 uint16 chars in them... */
+#define MAX_CONN_ENTRIES 32
+
+/* SRV_CONN_INFO_0 */
+typedef struct srv_conn_info_0_info
+{
+	uint32 num_entries_read;                     /* EntriesRead */
+	uint32 ptr_conn_info;                       /* Buffer */
+	uint32 num_entries_read2;                    /* EntriesRead */
+
+	CONN_INFO_0     info_0    [MAX_CONN_ENTRIES]; /* connection entry pointers */
+
+} SRV_CONN_INFO_0;
+
+/* CONN_INFO_1 (pointers to level 1 connection info strings) */
+typedef struct ptr_conn_info1
+{
+	uint32 id;   /* connection id */
+	uint32 type; /* 0x3 */
+	uint32 num_opens;
+	uint32 num_users;
+	uint32 open_time;
+
+	uint32 ptr_usr_name; /* pointer to user name. */
+	uint32 ptr_net_name; /* pointer to network name (e.g IPC$). */
+
+} CONN_INFO_1;
+
+/* CONN_INFO_1_STR (level 1 connection info strings) */
+typedef struct str_conn_info1
+{
+	UNISTR2 uni_usr_name; /* unicode string of user */
+	UNISTR2 uni_net_name; /* unicode string of name */
+
+} CONN_INFO_1_STR;
+
+/* SRV_CONN_INFO_1 */
+typedef struct srv_conn_info_1_info
+{
+	uint32 num_entries_read;                     /* EntriesRead */
+	uint32 ptr_conn_info;                       /* Buffer */
+	uint32 num_entries_read2;                    /* EntriesRead */
+
+	CONN_INFO_1     info_1    [MAX_CONN_ENTRIES]; /* connection entry pointers */
+	CONN_INFO_1_STR info_1_str[MAX_CONN_ENTRIES]; /* connection entry strings */
+
+} SRV_CONN_INFO_1;
+
+/* SRV_CONN_INFO_CTR */
+typedef struct srv_conn_info_ctr_info
+{
+	uint32 switch_value;         /* switch value */
+	uint32 ptr_conn_ctr;       /* pointer to conn info union */
+	union
+    {
+		SRV_CONN_INFO_0 info0; /* connection info level 0 */
+		SRV_CONN_INFO_1 info1; /* connection info level 1 */
+
+    } conn;
+
+} SRV_CONN_INFO_CTR;
+
+
+/* SRV_Q_NET_CONN_ENUM */
+typedef struct q_net_conn_enum_info
+{
+	uint32 ptr_srv_name;         /* pointer (to server name) */
+	UNISTR2 uni_srv_name;        /* server name "\\server" */
+
+	uint32 ptr_qual_name;         /* pointer (to qualifier name) */
+	UNISTR2 uni_qual_name;        /* qualifier name "\\qualifier" */
+
+	uint32 conn_level;          /* connection level */
+
+	SRV_CONN_INFO_CTR *ctr;
+
+	uint32 preferred_len;        /* preferred maximum length (0xffff ffff) */
+	ENUM_HND enum_hnd;
+
+} SRV_Q_NET_CONN_ENUM;
+
+/* SRV_R_NET_CONN_ENUM */
+typedef struct r_net_conn_enum_info
+{
+	uint32 conn_level;          /* share level */
+
+	SRV_CONN_INFO_CTR *ctr;
+
+	uint32 total_entries;                    /* total number of entries */
+	ENUM_HND enum_hnd;
+
+	WERROR status;               /* return status */
+
+} SRV_R_NET_CONN_ENUM;
+
+/* SH_INFO_1 (pointers to level 1 share info strings) */
+typedef struct ptr_share_info1
+{
+	uint32 ptr_netname; /* pointer to net name. */
+	uint32 type; /* ipc, print, disk ... */
+	uint32 ptr_remark; /* pointer to comment. */
+
+} SH_INFO_1;
+
+/* SH_INFO_1_STR (level 1 share info strings) */
+typedef struct str_share_info1
+{
+	UNISTR2 uni_netname; /* unicode string of net name */
+	UNISTR2 uni_remark; /* unicode string of comment */
+
+} SH_INFO_1_STR;
+
+/* SRV_SHARE_INFO_1 */
+typedef struct share_info_1_info
+{
+	SH_INFO_1 info_1;
+	SH_INFO_1_STR info_1_str;
+
+} SRV_SHARE_INFO_1;
+
+/* SH_INFO_2 (pointers to level 2 share info strings) */
+typedef struct ptr_share_info2
+{
+	uint32 ptr_netname; /* pointer to net name. */
+	uint32 type; /* ipc, print, disk ... */
+	uint32 ptr_remark; /* pointer to comment. */
+	uint32 perms;      /* permissions */
+	uint32 max_uses;   /* maximum uses */
+	uint32 num_uses;   /* current uses */
+	uint32 ptr_path;   /* pointer to path name */
+	uint32 ptr_passwd; /* pointer to password */
+
+} SH_INFO_2;
+
+/* SH_INFO_2_STR (level 2 share info strings) */
+typedef struct str_share_info2
+{
+	UNISTR2 uni_netname; /* unicode string of net name (e.g NETLOGON) */
+	UNISTR2 uni_remark;  /* unicode string of comment (e.g "Logon server share") */
+	UNISTR2 uni_path;    /* unicode string of local path (e.g c:\winnt\system32\repl\import\scripts) */
+	UNISTR2 uni_passwd;  /* unicode string of password - presumably for share level security (e.g NULL) */
+
+} SH_INFO_2_STR;
+
+/* SRV_SHARE_INFO_2 */
+typedef struct share_info_2_info
+{
+	SH_INFO_2 info_2;
+	SH_INFO_2_STR info_2_str;
+
+} SRV_SHARE_INFO_2;
+
+typedef struct ptr_share_info501
+{
+	uint32 ptr_netname; /* pointer to net name */
+	uint32 type;     /* ipc, print, disk */
+	uint32 ptr_remark;  /* pointer to comment */
+	uint32 csc_policy;  /* client-side offline caching policy << 4 */
+} SH_INFO_501;
+
+typedef struct str_share_info501
+{
+	UNISTR2 uni_netname; /* unicode string of net name */
+	UNISTR2 uni_remark;  /* unicode string of comment */
+} SH_INFO_501_STR;
+
+/* SRV_SHARE_INFO_501 */
+typedef struct share_info_501_info
+{
+	SH_INFO_501 info_501;
+	SH_INFO_501_STR info_501_str;
+} SRV_SHARE_INFO_501;
+
+/* SH_INFO_502 (pointers to level 502 share info strings) */
+typedef struct ptr_share_info502
+{
+	uint32 ptr_netname; /* pointer to net name. */
+	uint32 type; /* ipc, print, disk ... */
+	uint32 ptr_remark; /* pointer to comment. */
+	uint32 perms;      /* permissions */
+	uint32 max_uses;   /* maximum uses */
+	uint32 num_uses;   /* current uses */
+	uint32 ptr_path;   /* pointer to path name */
+	uint32 ptr_passwd; /* pointer to password */
+	uint32 sd_size;    /* size of security descriptor */
+	uint32 ptr_sd;     /* pointer to security descriptor */
+
+} SH_INFO_502;
+
+/* SH_INFO_502_STR (level 502 share info strings) */
+typedef struct str_share_info502
+{
+	SH_INFO_502 *ptrs;
+
+	UNISTR2 uni_netname; /* unicode string of net name (e.g NETLOGON) */
+	UNISTR2 uni_remark;  /* unicode string of comment (e.g "Logon server share") */
+	UNISTR2 uni_path;    /* unicode string of local path (e.g c:\winnt\system32\repl\import\scripts) */
+	UNISTR2 uni_passwd;  /* unicode string of password - presumably for share level security (e.g NULL) */
+
+	uint32 sd_size;
+	SEC_DESC *sd;
+
+} SH_INFO_502_STR;
+
+/* SRV_SHARE_INFO_502 */
+typedef struct share_info_502_info
+{
+	SH_INFO_502 info_502;
+	SH_INFO_502_STR info_502_str;
+
+} SRV_SHARE_INFO_502;
+
+/* SRV_SHARE_INFO_1005 */
+typedef struct share_info_1005_info
+{
+  uint32 dfs_root_flag; 
+} SRV_SHARE_INFO_1005;
+
+/* SRV_SHARE_INFO_1501 */
+typedef struct share_info_1501_info
+{
+	SEC_DESC_BUF *sdb;
+} SRV_SHARE_INFO_1501;
+
+/* SRV_SHARE_INFO_CTR */
+typedef struct srv_share_info_ctr_info
+{
+	uint32 info_level;
+	uint32 switch_value;
+	uint32 ptr_share_info;
+
+	uint32 num_entries;
+	uint32 ptr_entries;
+	uint32 num_entries2;
+
+	union {
+		SRV_SHARE_INFO_1 *info1; /* share info level 1 */
+		SRV_SHARE_INFO_2 *info2; /* share info level 2 */
+		SRV_SHARE_INFO_501 *info501; /* share info level 501 */
+		SRV_SHARE_INFO_502 *info502; /* share info level 502 */
+		void *info;
+
+	} share;
+
+} SRV_SHARE_INFO_CTR;
+
+/* SRV_Q_NET_SHARE_ENUM */
+typedef struct q_net_share_enum_info
+{
+	uint32 ptr_srv_name;         /* pointer (to server name?) */
+	UNISTR2 uni_srv_name;        /* server name */
+
+	SRV_SHARE_INFO_CTR ctr;     /* share info container */
+
+	uint32 preferred_len;        /* preferred maximum length (0xffff ffff) */
+
+	ENUM_HND enum_hnd;
+
+} SRV_Q_NET_SHARE_ENUM;
+
+
+/* SRV_R_NET_SHARE_ENUM */
+typedef struct r_net_share_enum_info
+{
+	SRV_SHARE_INFO_CTR ctr;     /* share info container */
+
+	uint32 total_entries;                    /* total number of entries */
+	ENUM_HND enum_hnd;
+
+	WERROR status;               /* return status */
+
+} SRV_R_NET_SHARE_ENUM;
+
+
+/* SRV_Q_NET_SHARE_GET_INFO */
+typedef struct q_net_share_get_info_info
+{
+	uint32 ptr_srv_name;
+	UNISTR2 uni_srv_name;
+
+	UNISTR2 uni_share_name;
+	uint32 info_level;
+
+} SRV_Q_NET_SHARE_GET_INFO;
+
+/* JRA. NB. We also need level 1004 and 1006 here. */
+
+/* SRV_SHARE_INFO */
+typedef struct srv_share_info {
+	uint32 switch_value;
+	uint32 ptr_share_ctr;
+
+	union {
+		SRV_SHARE_INFO_1 info1;
+		SRV_SHARE_INFO_2 info2;
+		SRV_SHARE_INFO_501 info501;
+		SRV_SHARE_INFO_502 info502;
+		SRV_SHARE_INFO_1005 info1005;
+		SRV_SHARE_INFO_1501 info1501;
+	} share;
+} SRV_SHARE_INFO;
+
+/* SRV_R_NET_SHARE_GET_INFO */
+typedef struct r_net_share_get_info_info
+{
+	SRV_SHARE_INFO info;
+	WERROR status;
+
+} SRV_R_NET_SHARE_GET_INFO;
+
+/* SRV_Q_NET_SHARE_SET_INFO */
+typedef struct q_net_share_set_info_info
+{
+	uint32 ptr_srv_name;
+	UNISTR2 uni_srv_name;
+
+	UNISTR2 uni_share_name;
+	uint32 info_level;
+
+	SRV_SHARE_INFO info;
+
+} SRV_Q_NET_SHARE_SET_INFO;
+
+/* SRV_R_NET_SHARE_SET_INFO */
+typedef struct r_net_share_set_info
+{
+	uint32 switch_value;         /* switch value */
+
+	WERROR status;               /* return status */
+
+} SRV_R_NET_SHARE_SET_INFO;
+
+/* SRV_Q_NET_SHARE_ADD */
+typedef struct q_net_share_add
+{
+	uint32 ptr_srv_name;
+	UNISTR2 uni_srv_name;
+
+	uint32 info_level;
+
+	SRV_SHARE_INFO info;
+
+} SRV_Q_NET_SHARE_ADD;
+
+/* SRV_R_NET_SHARE_ADD */
+typedef struct r_net_share_add
+{
+	uint32 switch_value;         /* switch value */
+
+	WERROR status;               /* return status */
+
+} SRV_R_NET_SHARE_ADD;
+
+/* SRV_Q_NET_SHARE_DEL */
+typedef struct q_net_share_del
+{
+	uint32 ptr_srv_name;
+	UNISTR2 uni_srv_name;
+	UNISTR2 uni_share_name;
+
+} SRV_Q_NET_SHARE_DEL;
+
+/* SRV_R_NET_SHARE_DEL */
+typedef struct r_net_share_del
+{
+	WERROR status;               /* return status */
+
+} SRV_R_NET_SHARE_DEL;
+
+/* FILE_INFO_3 (level 3 file info strings) */
+typedef struct file_info3_info
+{
+	uint32 id;            /* file index */
+	uint32 perms;         /* file permissions. don't know what format */
+	uint32 num_locks;     /* file locks */
+	uint32 ptr_path_name; /* file name */
+	uint32 ptr_user_name; /* file owner */
+
+} FILE_INFO_3;
+
+/* FILE_INFO_3_STR (level 3 file info strings) */
+typedef struct str_file_info3_info
+{
+	UNISTR2 uni_path_name; /* unicode string of file name */
+	UNISTR2 uni_user_name; /* unicode string of file owner. */
+
+} FILE_INFO_3_STR;
+
+/* oops - this is going to take up a *massive* amount of stack. */
+/* the UNISTR2s already have 1024 uint16 chars in them... */
+#define MAX_FILE_ENTRIES 32
+
+/* SRV_FILE_INFO_3 */
+typedef struct srv_file_info_3
+{
+	uint32 num_entries_read;                     /* EntriesRead */
+	uint32 ptr_file_info;                        /* Buffer */
+
+	uint32 num_entries_read2;                    /* EntriesRead */
+
+	FILE_INFO_3     info_3    [MAX_FILE_ENTRIES]; /* file entry details */
+	FILE_INFO_3_STR info_3_str[MAX_FILE_ENTRIES]; /* file entry strings */
+
+} SRV_FILE_INFO_3;
+
+/* SRV_FILE_INFO_CTR */
+typedef struct srv_file_info_3_info
+{
+	uint32 switch_value;         /* switch value */
+	uint32 ptr_file_ctr;       /* pointer to file info union */
+	union
+    {
+		SRV_FILE_INFO_3 info3; /* file info with 0 entries */
+
+    } file;
+
+} SRV_FILE_INFO_CTR;
+
+
+/* SRV_Q_NET_FILE_ENUM */
+typedef struct q_net_file_enum_info
+{
+	uint32 ptr_srv_name;         /* pointer (to server name?) */
+	UNISTR2 uni_srv_name;        /* server name */
+
+	uint32 ptr_qual_name;         /* pointer (to qualifier name) */
+	UNISTR2 uni_qual_name;        /* qualifier name "\\qualifier" */
+
+	uint32 file_level;          /* file level */
+
+	SRV_FILE_INFO_CTR *ctr;
+
+	uint32 preferred_len; /* preferred maximum length (0xffff ffff) */
+	ENUM_HND enum_hnd;
+
+} SRV_Q_NET_FILE_ENUM;
+
+
+/* SRV_R_NET_FILE_ENUM */
+typedef struct r_net_file_enum_info
+{
+	uint32 file_level;          /* file level */
+
+	SRV_FILE_INFO_CTR *ctr;
+
+	uint32 total_entries;                    /* total number of files */
+	ENUM_HND enum_hnd;
+
+	WERROR status;        /* return status */
+
+} SRV_R_NET_FILE_ENUM;
+
+/* SRV_INFO_100 */
+typedef struct srv_info_100_info
+{
+	uint32 platform_id;     /* 0x500 */
+	uint32 ptr_name;        /* pointer to server name */
+
+	UNISTR2 uni_name;       /* server name "server" */
+
+} SRV_INFO_100;
+
+/* SRV_INFO_101 */
+typedef struct srv_info_101_info
+{
+	uint32 platform_id;     /* 0x500 */
+	uint32 ptr_name;        /* pointer to server name */
+	uint32 ver_major;       /* 0x4 */
+	uint32 ver_minor;       /* 0x2 */
+	uint32 srv_type;        /* browse etc type */
+	uint32 ptr_comment;     /* pointer to server comment */
+
+	UNISTR2 uni_name;       /* server name "server" */
+	UNISTR2 uni_comment;    /* server comment "samba x.x.x blah" */
+
+} SRV_INFO_101;
+
+/* SRV_INFO_102  */
+typedef struct srv_info_102_info
+{
+	uint32 platform_id;     /* 0x500 */
+	uint32 ptr_name;        /* pointer to server name */
+	uint32 ver_major;       /* 0x4 */
+	uint32 ver_minor;       /* 0x2 */
+	uint32 srv_type;        /* browse etc type */
+	uint32 ptr_comment;     /* pointer to server comment */
+	uint32 users;           /* 0xffff ffff*/
+	uint32 disc;            /* 0xf */
+	uint32 hidden;          /* 0x0 */
+	uint32 announce;        /* 240 */
+	uint32 ann_delta;       /* 3000 */
+	uint32 licenses;        /* 0 */
+	uint32 ptr_usr_path;    /* pointer to user path */
+
+	UNISTR2 uni_name;       /* server name "server" */
+	UNISTR2 uni_comment;    /* server comment "samba x.x.x blah" */
+	UNISTR2 uni_usr_path;   /* "c:\" (eh?) */
+
+} SRV_INFO_102;
+
+
+/* SRV_INFO_CTR */
+typedef struct srv_info_ctr_info
+{
+	uint32 switch_value;         /* switch value */
+	uint32 ptr_srv_ctr;         /* pointer to server info */
+	union
+    {
+		SRV_INFO_102 sv102; /* server info level 102 */
+		SRV_INFO_101 sv101; /* server info level 101 */
+		SRV_INFO_100 sv100; /* server info level 100 */
+
+    } srv;
+
+} SRV_INFO_CTR;
+
+/* SRV_Q_NET_SRV_GET_INFO */
+typedef struct q_net_srv_get_info
+{
+	uint32  ptr_srv_name;
+	UNISTR2 uni_srv_name; /* "\\server" */
+	uint32  switch_value;
+
+} SRV_Q_NET_SRV_GET_INFO;
+
+/* SRV_R_NET_SRV_GET_INFO */
+typedef struct r_net_srv_get_info
+{
+	SRV_INFO_CTR *ctr;
+
+	WERROR status;               /* return status */
+
+} SRV_R_NET_SRV_GET_INFO;
+
+/* SRV_Q_NET_SRV_SET_INFO */
+typedef struct q_net_srv_set_info
+{
+	uint32  ptr_srv_name;
+	UNISTR2 uni_srv_name; /* "\\server" */
+	uint32  switch_value;
+
+	SRV_INFO_CTR *ctr;
+
+} SRV_Q_NET_SRV_SET_INFO;
+
+
+/* SRV_R_NET_SRV_SET_INFO */
+typedef struct r_net_srv_set_info
+{
+	uint32 switch_value;         /* switch value */
+
+	WERROR status;               /* return status */
+
+} SRV_R_NET_SRV_SET_INFO;
+
+/* SRV_Q_NET_REMOTE_TOD */
+typedef struct q_net_remote_tod
+{
+	uint32  ptr_srv_name;
+	UNISTR2 uni_srv_name; /* "\\server" */
+
+} SRV_Q_NET_REMOTE_TOD;
+
+/* TIME_OF_DAY_INFO */
+typedef struct time_of_day_info
+{
+	uint32	elapsedt;
+	uint32	msecs;
+	uint32	hours;
+	uint32	mins;
+	uint32	secs;
+	uint32	hunds;
+	uint32	zone;
+	uint32	tintervals;
+	uint32	day;
+	uint32	month;
+	uint32	year;
+	uint32	weekday;
+	
+} TIME_OF_DAY_INFO;
+
+/* SRV_R_NET_REMOTE_TOD */
+typedef struct r_net_remote_tod
+{
+	uint32 ptr_srv_tod;         /* pointer to TOD */
+	TIME_OF_DAY_INFO *tod;
+	
+	WERROR status;               /* return status */
+
+} SRV_R_NET_REMOTE_TOD;
+
+/* SRV_Q_NET_FILE_QUERY_SECDESC */
+typedef struct q_net_file_query_secdesc
+{
+	uint32  ptr_srv_name;
+	UNISTR2 uni_srv_name;
+	uint32  ptr_qual_name;
+	UNISTR2 uni_qual_name;
+	UNISTR2 uni_file_name;
+	uint32  unknown1;
+	uint32  unknown2;
+	uint32  unknown3;
+} SRV_Q_NET_FILE_QUERY_SECDESC;
+
+/* SRV_R_NET_FILE_QUERY_SECDESC */
+typedef struct r_net_file_query_secdesc
+{
+	uint32 ptr_response;
+	uint32 size_response;
+	uint32 ptr_secdesc;
+	uint32 size_secdesc;
+	SEC_DESC *sec_desc;
+	WERROR status;
+} SRV_R_NET_FILE_QUERY_SECDESC;
+
+/* SRV_Q_NET_FILE_SET_SECDESC */
+typedef struct q_net_file_set_secdesc
+{
+	uint32  ptr_srv_name;
+	UNISTR2 uni_srv_name;
+	uint32  ptr_qual_name;
+	UNISTR2 uni_qual_name;
+	UNISTR2 uni_file_name;
+	uint32  sec_info;
+	uint32  size_set;
+	uint32  ptr_secdesc;
+	uint32  size_secdesc;
+	SEC_DESC *sec_desc;
+} SRV_Q_NET_FILE_SET_SECDESC;
+
+/* SRV_R_NET_FILE_SET_SECDESC */
+typedef struct r_net_file_set_secdesc
+{
+	WERROR status;
+} SRV_R_NET_FILE_SET_SECDESC;
+#endif /* _RPC_SRVSVC_H */
diff --git a/source3/include/rpc_wkssvc.h b/source3/include/rpc_wkssvc.h
new file mode 100644
index 0000000000..adc37c255b
--- /dev/null
+++ b/source3/include/rpc_wkssvc.h
@@ -0,0 +1,72 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB parameters and setup
+   Copyright (C) Andrew Tridgell 1992-1997
+   Copyright (C) Luke Kenneth Casson Leighton 1996-1997
+   Copyright (C) Paul Ashton 1997
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _RPC_WKS_H /* _RPC_WKS_H */
+#define _RPC_WKS_H 
+
+
+/* wkssvc pipe */
+#define WKS_QUERY_INFO    0x00
+
+
+/* WKS_Q_QUERY_INFO - probably a capabilities request */
+typedef struct q_wks_query_info_info
+{
+	uint32 ptr_srv_name;         /* pointer (to server name?) */
+	UNISTR2 uni_srv_name;        /* unicode server name starting with '\\' */
+
+	uint16 switch_value;            /* info level 100 (0x64) */
+
+} WKS_Q_QUERY_INFO;
+
+
+/* WKS_INFO_100 - level 100 info */
+typedef struct wks_info_100_info
+{
+	uint32 platform_id;          /* 0x0000 01f4 - unknown */
+	uint32 ptr_compname;       /* pointer to server name */
+	uint32 ptr_lan_grp ;       /* pointer to domain name */
+	uint32 ver_major;          /* 4 - unknown */
+	uint32 ver_minor;          /* 0 - unknown */
+
+	UNISTR2 uni_compname;      /* unicode server name */
+	UNISTR2 uni_lan_grp ;      /* unicode domain name */
+
+} WKS_INFO_100;
+
+
+/* WKS_R_QUERY_INFO - probably a capabilities request */
+typedef struct r_wks_query_info_info
+{
+	uint16 switch_value;          /* 100 (0x64) - switch value */
+
+	/* for now, only level 100 is supported.  this should be an enum container */
+	uint32 ptr_1;              /* pointer 1 */
+	WKS_INFO_100 *wks100;      /* workstation info level 100 */
+
+	NTSTATUS status;             /* return status */
+
+} WKS_R_QUERY_INFO;
+
+
+#endif /* _RPC_WKS_H */
+
diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h
new file mode 100644
index 0000000000..1ee97833c5
--- /dev/null
+++ b/source3/include/safe_string.h
@@ -0,0 +1,66 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Safe string handling routines.
+   Copyright (C) Andrew Tridgell 1994-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _SAFE_STRING_H
+#define _SAFE_STRING_H
+
+#ifndef _SPLINT_ /* http://www.splint.org */
+
+/* Some macros to ensure people don't use buffer overflow vulnerable string
+   functions. */
+
+#ifdef bcopy
+#undef bcopy
+#endif /* bcopy */
+#define bcopy(src,dest,size) __ERROR__XX__NEVER_USE_BCOPY___;
+
+#ifdef strcpy
+#undef strcpy
+#endif /* strcpy */
+#define strcpy(dest,src) __ERROR__XX__NEVER_USE_STRCPY___;
+
+#ifdef strcat
+#undef strcat
+#endif /* strcat */
+#define strcat(dest,src) __ERROR__XX__NEVER_USE_STRCAT___;
+
+#ifdef sprintf
+#undef sprintf
+#endif /* sprintf */
+#define sprintf __ERROR__XX__NEVER_USE_SPRINTF__;
+
+#endif /* !_SPLINT_ */
+
+#define pstrcpy(d,s) safe_strcpy((d), (s),sizeof(pstring)-1)
+#define pstrcat(d,s) safe_strcat((d), (s),sizeof(pstring)-1)
+#define fstrcpy(d,s) safe_strcpy((d),(s),sizeof(fstring)-1)
+#define fstrcat(d,s) safe_strcat((d),(s),sizeof(fstring)-1)
+
+#define wpstrcpy(d,s) safe_strcpy_w((d),(s),sizeof(wpstring))
+#define wpstrcat(d,s) safe_strcat_w((d),(s),sizeof(wpstring))
+#define wfstrcpy(d,s) safe_strcpy_w((d),(s),sizeof(wfstring))
+#define wfstrcat(d,s) safe_strcat_w((d),(s),sizeof(wfstring))
+
+/* replace some string functions with multi-byte
+   versions */
+#define strlower(s) strlower_m(s)
+#define strupper(s) strupper_m(s)
+
+#endif
diff --git a/source3/include/secrets.h b/source3/include/secrets.h
new file mode 100644
index 0000000000..69ab4f6c8d
--- /dev/null
+++ b/source3/include/secrets.h
@@ -0,0 +1,59 @@
+/*
+ * Unix SMB/CIFS implementation. 
+ * secrets.tdb file format info
+ * Copyright (C) Andrew Tridgell              2000
+ * 
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 675
+ * Mass Ave, Cambridge, MA 02139, USA.  
+ */
+
+#ifndef _SECRETS_H
+#define _SECRETS_H
+
+/* the first one is for the hashed password (NT4 style) the latter
+   for plaintext (ADS)
+*/
+#define SECRETS_MACHINE_ACCT_PASS "SECRETS/$MACHINE.ACC"
+#define SECRETS_MACHINE_PASSWORD "SECRETS/MACHINE_PASSWORD"
+
+/* this one is for storing trusted domain account password */
+#define SECRETS_DOMTRUST_ACCT_PASS "SECRETS/$DOMTRUST.ACC"
+
+/* The domain sid and our sid are stored here even though they aren't
+   really secret. */
+#define SECRETS_DOMAIN_SID    "SECRETS/SID"
+#define SECRETS_SAM_SID       "SAM/SID"
+
+/* Authenticated user info is stored in secrets.tdb under these keys */
+
+#define SECRETS_AUTH_USER      "SECRETS/AUTH_USER"
+#define SECRETS_AUTH_DOMAIN      "SECRETS/AUTH_DOMAIN"
+#define SECRETS_AUTH_PASSWORD  "SECRETS/AUTH_PASSWORD"
+
+/* structure for storing machine account password
+   (ie. when samba server is member of a domain */
+struct machine_acct_pass {
+	uint8 hash[16];
+	time_t mod_time;
+};
+
+/* structure for storing trusted domain password */
+struct trusted_dom_pass {
+	int pass_len;
+	fstring pass;
+	time_t mod_time;
+	DOM_SID domain_sid; /* remote domain's sid */
+};
+
+#endif /* _SECRETS_H */
diff --git a/source3/include/session.h b/source3/include/session.h
new file mode 100644
index 0000000000..f613afee09
--- /dev/null
+++ b/source3/include/session.h
@@ -0,0 +1,40 @@
+/* 
+   Unix SMB/CIFS implementation.
+   session handling for recording currently vailid vuids
+   Copyright (C) tridge@samba.org 2001
+   Copyright (C) Andew Bartlett <abartlet@samba.org> 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+/* a "session" is claimed when we do a SessionSetupX operation
+   and is yielded when the corresponding vuid is destroyed.
+
+   sessions are used to populate utmp and PAM session structures
+*/
+
+struct sessionid {
+	uid_t uid;
+	gid_t gid;
+	fstring username;
+	fstring hostname;
+	fstring netbios_name;
+	fstring remote_machine;
+	fstring id_str;
+	uint32  id_num;
+	uint32  pid;
+	fstring ip_addr;
+};
+
diff --git a/source3/include/sids.h b/source3/include/sids.h
new file mode 100644
index 0000000000..860d96b193
--- /dev/null
+++ b/source3/include/sids.h
@@ -0,0 +1,39 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB parameters and setup
+   Copyright (C) Andrew Tridgell              1992-2000
+   Copyright (C) Luke Kenneth Casson Leighton 1996-2000
+   Copyright (C) Elrond                            2000
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _SIDS_H
+#define _SIDS_H 
+
+extern DOM_SID global_sam_sid;
+extern fstring global_sam_name;
+
+extern DOM_SID global_member_sid;
+
+extern DOM_SID global_sid_S_1_5_32; /* local well-known domain */
+extern DOM_SID global_sid_S_1_1;    /* Global Domain */
+extern DOM_SID global_sid_NULL;
+
+extern const DOM_SID *global_sid_everyone;
+extern const DOM_SID *global_sid_system;   /* SYSTEM */
+extern const DOM_SID *global_sid_builtin;
+
+#endif /* _SIDS_H */
diff --git a/source3/include/smb.h b/source3/include/smb.h
index b7faffa9e9..8963528e9a 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -1,8 +1,13 @@
 /* 
-   Unix SMB/Netbios implementation.
-   Version 1.9.
-   SMB parameters and setup
-   Copyright (C) Andrew Tridgell 1992-1995
+   Unix SMB/CIFS implementation.
+   SMB parameters and setup, plus a whole lot more.
+   
+   Copyright (C) Andrew Tridgell              1992-2000
+   Copyright (C) John H Terpstra              1996-2000
+   Copyright (C) Luke Kenneth Casson Leighton 1996-2000
+   Copyright (C) Paul Ashton                  1998-2000
+   Copyright (C) Simo Sorce                   2001-2002
+   Copyright (C) Martin Pool		      2002
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -18,59 +23,34 @@
    along with this program; if not, write to the Free Software
    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */
+
 #ifndef _SMB_H
 #define _SMB_H
 
-#ifndef MAX_CONNECTIONS
-#define MAX_CONNECTIONS 127
-#endif
-
-#ifndef MAX_OPEN_FILES
-#define MAX_OPEN_FILES 50
-#endif
-
-#ifndef GUEST_ACCOUNT
-#define GUEST_ACCOUNT "nobody"
+#if defined(LARGE_SMB_OFF_T)
+#define BUFFER_SIZE (128*1024)
+#else /* no large readwrite possible */
+#define BUFFER_SIZE (0xFFFF)
 #endif
 
-#define BUFFER_SIZE (0xFFFF)
 #define SAFETY_MARGIN 1024
+#define LARGE_WRITEX_HDR_SIZE 65
 
-#ifndef EXTERN
-#	define EXTERN extern
-#endif
+#define NMB_PORT 137
+#define DGRAM_PORT 138
+#define SMB_PORT 139
 
 #define False (0)
 #define True (1)
-#define BOOLSTR(b) ((b) ? "Yes" : "No")
-#define BITSETB(ptr,bit) ((((char *)ptr)[0] & (1<<(bit)))!=0)
-#define BITSETW(ptr,bit) ((SVAL(ptr,0) & (1<<(bit)))!=0)
-#define PTR_DIFF(p1,p2) ((ptrdiff_t)(((char *)(p1)) - (char *)(p2)))
+#define Auto (2)
 
+#ifndef _BOOL
 typedef int BOOL;
-
-/*
-   Samba needs type definitions for int16, int32, uint16 and uint32.
-   
-   Normally these are signed and unsigned 16 and 32 bit integers, but
-   they actually only need to be at least 16 and 32 bits
-   respectively. Thus if your word size is 8 bytes just defining them
-   as signed and unsigned int will work.
-*/
-
-/* afs/stds.h defines int16 and int32 */
-#ifndef AFS_AUTH
-typedef short int16;
-typedef int int32;
+#define _BOOL       /* So we don't typedef BOOL again in vfs.h */
 #endif
 
-#ifndef uint16
-typedef unsigned short uint16;
-#endif
-
-#ifndef uint32
-typedef unsigned int uint32;
-#endif
+/* limiting size of ipc replies */
+#define REALLOC(ptr,size) Realloc(ptr,MAX((size),4*1024))
 
 #define SIZEOFWORD 2
 
@@ -78,35 +58,33 @@ typedef unsigned int uint32;
 #define DEF_CREATE_MASK (0755)
 #endif
 
-#ifndef DEFAULT_PIPE_TIMEOUT
-#define DEFAULT_PIPE_TIMEOUT 10000000 /* Ten seconds */
-#endif
+/* string manipulation flags - see clistr.c and srvstr.c */
+#define STR_TERMINATE 1
+#define STR_UPPER 2
+#define STR_ASCII 4
+#define STR_UNICODE 8
+#define STR_NOALIGN 16
 
-/* debugging code */
-#ifndef SYSLOG
-#define DEBUG(level,body) ((DEBUGLEVEL>=(level))?(Debug1 body):0)
-#else
-EXTERN int syslog_level;
+/* how long to wait for secondary SMB packets (milli-seconds) */
+#define SMB_SECONDARY_WAIT (60*1000)
 
-#define DEBUG(level,body) ((DEBUGLEVEL>=(level))? \
-						   (syslog_level = (level), Debug1 body):0)
-#endif
+/* Debugging stuff */
+#include "debug.h"
 
-#define DIR_STRUCT_SIZE 43
+/* this defines the error codes that receive_smb can put in smb_read_error */
+#define READ_TIMEOUT 1
+#define READ_EOF 2
+#define READ_ERROR 3
 
-/* these define all the command types recognised by the server - there
-are lots of gaps so probably there are some rare commands that are not
-implemented */
-
-#define pSETDIR '\377'
+#define DIR_STRUCT_SIZE 43
 
 /* these define the attribute byte as seen by DOS */
-#define aRONLY (1L<<0)
-#define aHIDDEN (1L<<1)
-#define aSYSTEM (1L<<2)
-#define aVOLID (1L<<3)
-#define aDIR (1L<<4)
-#define aARCH (1L<<5)
+#define aRONLY (1L<<0)		/* 0x01 */
+#define aHIDDEN (1L<<1)		/* 0x02 */
+#define aSYSTEM (1L<<2)		/* 0x04 */
+#define aVOLID (1L<<3)		/* 0x08 */
+#define aDIR (1L<<4)		/* 0x10 */
+#define aARCH (1L<<5)		/* 0x20 */
 
 /* deny modes */
 #define DENY_DOS 0
@@ -116,212 +94,424 @@ implemented */
 #define DENY_NONE 4
 #define DENY_FCB 7
 
+/* open modes */
+#define DOS_OPEN_RDONLY 0
+#define DOS_OPEN_WRONLY 1
+#define DOS_OPEN_RDWR 2
+#define DOS_OPEN_FCB 0xF
+
+/* define shifts and masks for share and open modes. */
+#define OPEN_MODE_MASK 0xF
+#define SHARE_MODE_SHIFT 4
+#define SHARE_MODE_MASK 0x7
+#define GET_OPEN_MODE(x) ((x) & OPEN_MODE_MASK)
+#define SET_OPEN_MODE(x) ((x) & OPEN_MODE_MASK)
+#define GET_DENY_MODE(x) (((x)>>SHARE_MODE_SHIFT) & SHARE_MODE_MASK)
+#define SET_DENY_MODE(x) (((x) & SHARE_MODE_MASK) <<SHARE_MODE_SHIFT)
+
+/* Sync on open file (not sure if used anymore... ?) */
+#define FILE_SYNC_OPENMODE (1<<14)
+#define GET_FILE_SYNC_OPENMODE(x) (((x) & FILE_SYNC_OPENMODE) ? True : False)
+
+/* allow delete on open file mode (used by NT SMB's). */
+#define ALLOW_SHARE_DELETE (1<<15)
+#define GET_ALLOW_SHARE_DELETE(x) (((x) & ALLOW_SHARE_DELETE) ? True : False)
+#define SET_ALLOW_SHARE_DELETE(x) ((x) ? ALLOW_SHARE_DELETE : 0)
+
+/* delete on close flag (used by NT SMB's). */
+#define DELETE_ON_CLOSE_FLAG (1<<16)
+#define GET_DELETE_ON_CLOSE_FLAG(x) (((x) & DELETE_ON_CLOSE_FLAG) ? True : False)
+#define SET_DELETE_ON_CLOSE_FLAG(x) ((x) ? DELETE_ON_CLOSE_FLAG : 0)
+
+/* open disposition values */
+#define FILE_EXISTS_FAIL 0
+#define FILE_EXISTS_OPEN 1
+#define FILE_EXISTS_TRUNCATE 2
+
+/* mask for open disposition. */
+#define FILE_OPEN_MASK 0x3
+
+#define GET_FILE_OPEN_DISPOSITION(x) ((x) & FILE_OPEN_MASK)
+#define SET_FILE_OPEN_DISPOSITION(x) ((x) & FILE_OPEN_MASK)
+
+/* The above can be OR'ed with... */
+#define FILE_CREATE_IF_NOT_EXIST 0x10
+#define FILE_FAIL_IF_NOT_EXIST 0
+
+#define GET_FILE_CREATE_DISPOSITION(x) ((x) & (FILE_CREATE_IF_NOT_EXIST|FILE_FAIL_IF_NOT_EXIST))
+
 /* share types */
-#define STYPE_DISKTREE	0	/* Disk drive */
-#define STYPE_PRINTQ	1	/* Spooler queue */
-#define STYPE_DEVICE	2	/* Serial device */
-#define STYPE_IPC	3	/* Interprocess communication (IPC) */
-
-/* SMB X/Open error codes for the ERRdos error class */
-#define ERRbadfunc 1 /* Invalid function (or system call) */
-#define ERRbadfile 2 /* File not found (pathname error) */
-#define ERRbadpath 3 /* Directory not found */
-#define ERRnofids 4 /* Too many open files */
-#define ERRnoaccess 5 /* Access denied */
-#define ERRbadfid 6 /* Invalid fid */
-#define ERRnomem 8 /* Out of memory */
-#define ERRbadmem 9 /* Invalid memory block address */
-#define ERRbadenv 10 /* Invalid environment */
-#define ERRbadaccess 12 /* Invalid open mode */
-#define ERRbaddata 13 /* Invalid data (only from ioctl call) */
-#define ERRres 14 /* reserved */
-#define ERRbaddrive 15 /* Invalid drive */
-#define ERRremcd 16 /* Attempt to delete current directory */
-#define ERRdiffdevice 17 /* rename/move across different filesystems */
-#define ERRnofiles 18 /* no more files found in file search */
-#define ERRbadshare 32 /* Share mode on file conflict with open mode */
-#define ERRlock 33 /* Lock request conflicts with existing lock */
-#define ERRfilexists 80 /* File in operation already exists */
-#define ERRbadpipe 230 /* Named pipe invalid */
-#define ERRpipebusy 231 /* All instances of pipe are busy */
-#define ERRpipeclosing 232 /* named pipe close in progress */
-#define ERRnotconnected 233 /* No process on other end of named pipe */
-#define ERRmoredata 234 /* More data to be returned */
-#define ERROR_EAS_DIDNT_FIT 275 /* Extended attributes didn't fit */
-#define ERROR_EAS_NOT_SUPPORTED 282 /* Extended attributes not suppored */
-#define ERRunknownlevel 124
-#define ERRunknownipc 2142
-
-
-/* here's a special one from observing NT */
-#define ERRnoipc 66 /* don't support ipc */
-
-/* Error codes for the ERRSRV class */
-
-#define ERRerror 1 /* Non specific error code */
-#define ERRbadpw 2 /* Bad password */
-#define ERRbadtype 3 /* reserved */
-#define ERRaccess 4 /* No permissions to do the requested operation */
-#define ERRinvnid 5 /* tid invalid */
-#define ERRinvnetname 6 /* Invalid servername */
-#define ERRinvdevice 7 /* Invalid device */
-#define ERRqfull 49 /* Print queue full */
-#define ERRqtoobig 50 /* Queued item too big */
-#define ERRinvpfid 52 /* Invalid print file in smb_fid */
-#define ERRsmbcmd 64 /* Unrecognised command */
-#define ERRsrverror 65 /* smb server internal error */
-#define ERRfilespecs 67 /* fid and pathname invalid combination */
-#define ERRbadlink 68 /* reserved */
-#define ERRbadpermits 69 /* Access specified for a file is not valid */
-#define ERRbadpid 70 /* reserved */
-#define ERRsetattrmode 71 /* attribute mode invalid */
-#define ERRpaused 81 /* Message server paused */
-#define ERRmsgoff 82 /* Not receiving messages */
-#define ERRnoroom 83 /* No room for message */
-#define ERRrmuns 87 /* too many remote usernames */
-#define ERRtimeout 88 /* operation timed out */
-#define ERRnoresource  89 /* No resources currently available for request. */
-#define ERRtoomanyuids 90 /* too many userids */
-#define ERRbaduid 91 /* bad userid */
-#define ERRuseMPX 250 /* temporarily unable to use raw mode, use MPX mode */
-#define ERRuseSTD 251 /* temporarily unable to use raw mode, use standard mode */
-#define ERRcontMPX 252 /* resume MPX mode */
-#define ERRbadPW /* reserved */
-#define ERRnosupport 0xFFFF
-#define ERRunknownsmb 22 /* from NT 3.5 response */
-
-
-/* Error codes for the ERRHRD class */
-
-#define ERRnowrite 19 /* read only media */
-#define ERRbadunit 20 /* Unknown device */
-#define ERRnotready 21 /* Drive not ready */
-#define ERRbadcmd 22 /* Unknown command */
-#define ERRdata 23 /* Data (CRC) error */
-#define ERRbadreq 24 /* Bad request structure length */
-#define ERRseek 25
-#define ERRbadmedia 26
-#define ERRbadsector 27
-#define ERRnopaper 28
-#define ERRwrite 29 /* write fault */
-#define ERRread 30 /* read fault */
-#define ERRgeneral 31 /* General hardware failure */
-#define ERRwrongdisk 34
-#define ERRFCBunavail 35
-#define ERRsharebufexc 36 /* share buffer exceeded */
-#define ERRdiskfull 39
-
-
-typedef char pstring[1024];
-typedef char fstring[128];
-typedef fstring string;
+#define STYPE_DISKTREE  0	/* Disk drive */
+#define STYPE_PRINTQ    1	/* Spooler queue */
+#define STYPE_DEVICE    2	/* Serial device */
+#define STYPE_IPC       3	/* Interprocess communication (IPC) */
+#define STYPE_HIDDEN    0x80000000 /* share is a hidden one (ends with $) */
 
-typedef struct
+#include "doserr.h"
+
+/*
+ * SMB UCS2 (16-bit unicode) internal type.
+ */
+
+typedef uint16 smb_ucs2_t;
+
+/* ucs2 string types. */
+typedef smb_ucs2_t wpstring[PSTRING_LEN];
+typedef smb_ucs2_t wfstring[FSTRING_LEN];
+
+
+#ifdef WORDS_BIGENDIAN
+#define UCS2_SHIFT 8
+#else
+#define UCS2_SHIFT 0
+#endif
+
+/* turn a 7 bit character into a ucs2 character */
+#define UCS2_CHAR(c) ((c) << UCS2_SHIFT)
+
+/* pipe string names */
+#define PIPE_LANMAN   "\\PIPE\\LANMAN"
+#define PIPE_SRVSVC   "\\PIPE\\srvsvc"
+#define PIPE_SAMR     "\\PIPE\\samr"
+#define PIPE_WINREG   "\\PIPE\\winreg"
+#define PIPE_WKSSVC   "\\PIPE\\wkssvc"
+#define PIPE_NETLOGON "\\PIPE\\NETLOGON"
+#define PIPE_NTLSA    "\\PIPE\\ntlsa"
+#define PIPE_NTSVCS   "\\PIPE\\ntsvcs"
+#define PIPE_LSASS    "\\PIPE\\lsass"
+#define PIPE_LSARPC   "\\PIPE\\lsarpc"
+#define PIPE_SPOOLSS  "\\PIPE\\spoolss"
+#define PIPE_NETDFS   "\\PIPE\\netdfs"
+
+/* 64 bit time (100usec) since ????? - cifs6.txt, section 3.5, page 30 */
+typedef struct nttime_info
 {
-  int size;
-  int mode;
-  int uid;
-  int gid;
-  /* these times are normally kept in GMT */
-  time_t mtime;
-  time_t atime;
-  time_t ctime;
-  pstring name;
-} file_info;
+  uint32 low;
+  uint32 high;
+} NTTIME;
+
+
+/* The Splint code analysis tool doesn't like immediate structures. */
+
+#ifdef _SPLINT_                      /* http://www.splint.org */
+#undef HAVE_IMMEDIATE_STRUCTURES
+#endif
+
+/* the following rather strange looking definitions of NTSTATUS and WERROR
+   and there in order to catch common coding errors where different error types
+   are mixed up. This is especially important as we slowly convert Samba
+   from using BOOL for internal functions 
+*/
+
+#if defined(HAVE_IMMEDIATE_STRUCTURES)
+typedef struct {uint32 v;} NTSTATUS;
+#define NT_STATUS(x) ((NTSTATUS) { x })
+#define NT_STATUS_V(x) ((x).v)
+#else
+typedef uint32 NTSTATUS;
+#define NT_STATUS(x) (x)
+#define NT_STATUS_V(x) (x)
+#endif
+
+#if defined(HAVE_IMMEDIATE_STRUCTURES)
+typedef struct {uint32 v;} WERROR;
+#define W_ERROR(x) ((WERROR) { x })
+#define W_ERROR_V(x) ((x).v)
+#else
+typedef uint32 WERROR;
+#define W_ERROR(x) (x)
+#define W_ERROR_V(x) (x)
+#endif
+
+#define NT_STATUS_IS_OK(x) (NT_STATUS_V(x) == 0)
+#define NT_STATUS_IS_ERR(x) ((NT_STATUS_V(x) & 0xc0000000) == 0xc0000000)
+#define NT_STATUS_EQUAL(x,y) (NT_STATUS_V(x) == NT_STATUS_V(y))
+#define W_ERROR_IS_OK(x) (W_ERROR_V(x) == 0)
+
+
+/* Allowable account control bits */
+#define ACB_DISABLED   0x0001  /* 1 = User account disabled */
+#define ACB_HOMDIRREQ  0x0002  /* 1 = Home directory required */
+#define ACB_PWNOTREQ   0x0004  /* 1 = User password not required */
+#define ACB_TEMPDUP    0x0008  /* 1 = Temporary duplicate account */
+#define ACB_NORMAL     0x0010  /* 1 = Normal user account */
+#define ACB_MNS        0x0020  /* 1 = MNS logon user account */
+#define ACB_DOMTRUST   0x0040  /* 1 = Interdomain trust account */
+#define ACB_WSTRUST    0x0080  /* 1 = Workstation trust account */
+#define ACB_SVRTRUST   0x0100  /* 1 = Server trust account */
+#define ACB_PWNOEXP    0x0200  /* 1 = User password does not expire */
+#define ACB_AUTOLOCK   0x0400  /* 1 = Account auto locked */
+ 
+#define MAX_HOURS_LEN 32
+
+#ifndef MAXSUBAUTHS
+#define MAXSUBAUTHS 15 /* max sub authorities in a SID */
+#endif
+
+/**
+ * @brief Security Identifier
+ *
+ * @sa http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/accctrl_38yn.asp
+ **/
+typedef struct sid_info
+{
+  uint8  sid_rev_num;             /**< SID revision number */
+  uint8  num_auths;               /**< Number of sub-authorities */
+  uint8  id_auth[6];              /**< Identifier Authority */
+  /*
+   *  Pointer to sub-authorities.
+   *
+   * @note The values in these uint32's are in *native* byteorder, not
+   * neccessarily little-endian...... JRA.
+   */
+  uint32 sub_auths[MAXSUBAUTHS];  
+
+} DOM_SID;
+
+/*
+ * The complete list of SIDS belonging to this user.
+ * Created when a vuid is registered.
+ * The definition of the user_sids array is as follows :
+ *
+ * token->user_sids[0] = primary user SID.
+ * token->user_sids[1] = primary group SID.
+ * token->user_sids[2..num_sids] = supplementary group SIDS.
+ */
+
+#define PRIMARY_USER_SID_INDEX 0
+#define PRIMARY_GROUP_SID_INDEX 1
+
+typedef struct _nt_user_token {
+	size_t num_sids;
+	DOM_SID *user_sids;
+} NT_USER_TOKEN;
+
+/*** query a local group, get a list of these: shows who is in that group ***/
+
+/* local group member info */
+typedef struct local_grp_member_info
+{
+	DOM_SID sid    ; /* matches with name */
+	uint8   sid_use; /* usr=1 grp=2 dom=3 alias=4 wkng=5 del=6 inv=7 unk=8 */
+	fstring name   ; /* matches with sid: must be of the form "DOMAIN\account" */
+
+} LOCAL_GRP_MEMBER;
+
+/* enumerate these to get list of local groups */
+
+/* local group info */
+typedef struct local_grp_info
+{
+	fstring name;
+	fstring comment;
+
+} LOCAL_GRP;
 
+/*** enumerate these to get list of domain groups ***/
+
+/* domain group member info */
+typedef struct domain_grp_info
+{
+	fstring name;
+	fstring comment;
+	uint32  rid; /* group rid */
+	uint8   attr; /* attributes forced to be set to 0x7: SE_GROUP_xxx */
+
+} DOMAIN_GRP;
+
+/*** query a domain group, get a list of these: shows who is in that group ***/
+
+/* domain group info */
+typedef struct domain_grp_member_info
+{
+	fstring name;
+	uint8   attr; /* attributes forced to be set to 0x7: SE_GROUP_xxx */
+
+} DOMAIN_GRP_MEMBER;
+
+/* 32 bit time (sec) since 01jan1970 - cifs6.txt, section 3.5, page 30 */
+typedef struct time_info
+{
+  uint32 time;
+} UTIME;
 
 /* Structure used when SMBwritebmpx is active */
 typedef struct
-        {
-	int   wr_total_written; /* So we know when to discard this */
-	int32 wr_timeout;
-	int32 wr_errclass;
-	int32 wr_error; /* Cached errors */
-	BOOL  wr_mode; /* write through mode) */
-	BOOL  wr_discard; /* discard all further data */
-        } write_bmpx_struct;
+{
+  size_t wr_total_written; /* So we know when to discard this */
+  int32 wr_timeout;
+  int32 wr_errclass;
+  int32 wr_error; /* Cached errors */
+  BOOL  wr_mode; /* write through mode) */
+  BOOL  wr_discard; /* discard all further data */
+} write_bmpx_struct;
+
+typedef struct write_cache
+{
+    SMB_OFF_T file_size;
+    SMB_OFF_T offset;
+    size_t alloc_size;
+    size_t data_size;
+    char *data;
+} write_cache;
 
 typedef struct
 {
-  int cnum;
-  int fd;
-  int pos;
-  int size;
-  int mode;
-  char *mmap_ptr;
-  int mmap_size;
-  write_bmpx_struct *wbmpx_ptr;
-  time_t open_time;
-  BOOL open;
-  BOOL can_lock;
-  BOOL can_read;
-  BOOL can_write;
-  BOOL share_mode;
-  BOOL share_pending;
-  BOOL print_file;
-  BOOL modified;
-  char *name;
+	smb_ucs2_t *origname;
+	smb_ucs2_t *filename;
+	SMB_STRUCT_STAT *statinfo;
+} smb_filename;
+
+
+typedef struct files_struct
+{
+	struct files_struct *next, *prev;
+	int fnum;
+	struct connection_struct *conn;
+	int fd;
+	int print_jobid;
+	SMB_DEV_T dev;
+	SMB_INO_T inode;
+	BOOL delete_on_close;
+	SMB_OFF_T pos;
+	SMB_OFF_T size;
+	mode_t mode;
+	uint16 vuid;
+	write_bmpx_struct *wbmpx_ptr;
+	write_cache *wcp;
+	struct timeval open_time;
+	int share_mode;
+	uint32 desired_access;
+	time_t pending_modtime;
+	int oplock_type;
+	int sent_oplock_break;
+	unsigned long file_id;
+	BOOL can_lock;
+	BOOL can_read;
+	BOOL can_write;
+	BOOL print_file;
+	BOOL modified;
+	BOOL is_directory;
+	BOOL directory_delete_on_close;
+	char *fsp_name;
 } files_struct;
 
+/* used to hold an arbitrary blob of data */
+typedef struct data_blob {
+	uint8 *data;
+	size_t length;
+	void (*free)(struct data_blob *data_blob);
+} DATA_BLOB;
+
+/*
+ * Structure used to keep directory state information around.
+ * Used in NT change-notify code.
+ */
+
+typedef struct
+{
+  time_t modify_time;
+  time_t status_time;
+} dir_status_struct;
 
 struct uid_cache {
   int entries;
-  int list[UID_CACHE_SIZE];
+  uid_t list[UID_CACHE_SIZE];
 };
 
 typedef struct
 {
-  int service;
-  BOOL force_user;
-  int uid; /* uid of user who *opened* this connection */
-  int gid; /* gid of user who *opened* this connection */
-  struct uid_cache uid_cache;
-  void *dirptr;
-  BOOL open;
-  BOOL printer;
-  BOOL ipc;
-  BOOL read_only;
-  BOOL admin_user;
-  char *dirpath;
-  char *connectpath;
-  char *origpath;
-  char *user; /* name of user who *opened* this connection */
-  /* following groups stuff added by ih */
-  /* This groups info is valid for the user that *opened* the connection */
-  int ngroups;
-  gid_t *groups;
-  int *igroups; /* an integer version - some OSes are broken :-( */
-  time_t lastused;
-  BOOL used;
-  int num_files_open;
-} connection_struct;
+  char *name;
+  BOOL is_wild;
+} name_compare_entry;
 
+/* Include VFS stuff */
 
-typedef struct
+#include "smb_acls.h"
+#include "vfs.h"
+
+typedef struct connection_struct
 {
-  int uid; /* uid of a validated user */
-  int gid; /* gid of a validated user */
-  fstring name; /* name of a validated user */
-  BOOL guest;
-  /* following groups stuff added by ih */
-  /* This groups info is needed for when we become_user() for this uid */
-  int user_ngroups;
-  gid_t *user_groups;
-  int *user_igroups; /* an integer version - some OSes are broken :-( */
-} user_struct;
+	struct connection_struct *next, *prev;
+	unsigned cnum; /* an index passed over the wire */
+	int service;
+	BOOL force_user;
+	struct uid_cache uid_cache;
+	void *dirptr;
+	BOOL printer;
+	BOOL ipc;
+	BOOL read_only;
+	BOOL admin_user;
+	char *dirpath;
+	char *connectpath;
+	char *origpath;
+
+	struct vfs_ops vfs_ops;                   /* Filesystem operations */
+	/* Handle on dlopen() call */
+	void *dl_handle;
+	void *vfs_private;
+
+	char *user; /* name of user who *opened* this connection */
+	uid_t uid; /* uid of user who *opened* this connection */
+	gid_t gid; /* gid of user who *opened* this connection */
+	char client_address[18]; /* String version of client IP address. */
+
+	uint16 vuid; /* vuid of user who *opened* this connection, or UID_FIELD_INVALID */
+
+	/* following groups stuff added by ih */
+
+	/* This groups info is valid for the user that *opened* the connection */
+	int ngroups;
+	gid_t *groups;
+	NT_USER_TOKEN *nt_user_token;
+	
+	time_t lastused;
+	BOOL used;
+	int num_files_open;
+	name_compare_entry *hide_list; /* Per-share list of files to return as hidden. */
+	name_compare_entry *veto_list; /* Per-share list of files to veto (never show). */
+	name_compare_entry *veto_oplock_list; /* Per-share list of files to refuse oplocks on. */       
 
+} connection_struct;
 
-enum {LPQ_QUEUED,LPQ_PAUSED,LPQ_SPOOLING,LPQ_PRINTING};
+struct current_user
+{
+	connection_struct *conn;
+	uint16 vuid;
+	uid_t uid;
+	gid_t gid;
+	int ngroups;
+	gid_t *groups;
+	NT_USER_TOKEN *nt_user_token;
+};
 
-typedef struct
+/* Defines for the sent_oplock_break field above. */
+#define NO_BREAK_SENT 0
+#define EXCLUSIVE_BREAK_SENT 1
+#define LEVEL_II_BREAK_SENT 2
+
+typedef struct {
+	fstring smb_name; /* user name from the client */
+	fstring unix_name; /* unix user name of a validated user */
+	fstring full_name; /* to store full name (such as "Joe Bloggs") from gecos field of password file */
+	fstring domain; /* domain that the client specified */
+} userdom_struct;
+
+/* Extra fields above "LPQ_PRINTING" are used to map extra NT status codes. */
+
+enum {LPQ_QUEUED=0,LPQ_PAUSED,LPQ_SPOOLING,LPQ_PRINTING,LPQ_ERROR,LPQ_DELETING,
+      LPQ_OFFLINE,LPQ_PAPEROUT,LPQ_PRINTED,LPQ_DELETED,LPQ_BLOCKED,LPQ_USER_INTERVENTION};
+
+typedef struct _print_queue_struct
 {
   int job;
   int size;
+  int page_count;
   int status;
   int priority;
   time_t time;
-  char user[30];
-  char file[100];
+  fstring fs_user;
+  fstring fs_file;
 } print_queue_struct;
 
 enum {LPSTAT_OK, LPSTAT_STOPPED, LPSTAT_ERROR};
@@ -329,68 +519,257 @@ enum {LPSTAT_OK, LPSTAT_STOPPED, LPSTAT_ERROR};
 typedef struct
 {
   fstring message;
+  int qcount;
   int status;
 }  print_status_struct;
 
+/* used for server information: client, nameserv and ipc */
+struct server_info_struct
+{
+  fstring name;
+  uint32 type;
+  fstring comment;
+  fstring domain; /* used ONLY in ipc.c NOT namework.c */
+  BOOL server_added; /* used ONLY in ipc.c NOT namework.c */
+};
+
 
-/* this is used for smbstatus */
-struct connect_record
+/* used for network interfaces */
+struct interface
 {
-  int magic;
-  int pid;
-  int cnum;
-  int uid;
-  int gid;
-  char name[24];
-  char addr[24];
-  char machine[128];
-  time_t start;
+	struct interface *next, *prev;
+	struct in_addr ip;
+	struct in_addr bcast;
+	struct in_addr nmask;
 };
 
+/* struct returned by get_share_modes */
+typedef struct {
+	pid_t pid;
+	uint16 op_port;
+	uint16 op_type;
+	int share_mode;
+	uint32 desired_access;
+	struct timeval time;
+	SMB_DEV_T dev;
+	SMB_INO_T inode;
+	unsigned long share_file_id;
+} share_mode_entry;
+
+
+#define SHAREMODE_FN_CAST() \
+	void (*)(share_mode_entry *, char*)
+
+#define SHAREMODE_FN(fn) \
+	void (*fn)(share_mode_entry *, char*)
+
+#define NT_HASH_LEN 16
+#define LM_HASH_LEN 16
+
+/*
+ * bit flags representing initialized fields in SAM_ACCOUNT
+ */
+#define FLAG_SAM_UNINIT		0x00000000
+#define FLAG_SAM_UID		0x00000001
+#define FLAG_SAM_GID		0x00000002
+#define FLAG_SAM_SMBHOME	0x00000004
+#define FLAG_SAM_PROFILE	0x00000008
+#define FLAG_SAM_DRIVE          0x00000010
+#define FLAG_SAM_LOGONSCRIPT	0x00000020
+#define FLAG_SAM_LOGONTIME	0x00000040
+#define FLAG_SAM_LOGOFFTIME	0x00000080
+#define FLAG_SAM_KICKOFFTIME	0x00000100
+#define FLAG_SAM_CANCHANGETIME	0x00000200
+#define FLAG_SAM_MUSTCHANGETIME	0x00000400
+
+
+#define IS_SAM_UNIX_USER(x) \
+	((pdb_get_init_flag(x) & FLAG_SAM_UID) \
+	 && (pdb_get_init_flag(x) & FLAG_SAM_GID))
+
+#define IS_SAM_SET(x, flag)	((x)->private.init_flag & (flag))
+		
+typedef struct sam_passwd
+{
+	TALLOC_CTX *mem_ctx;
+	
+	void (*free_fn)(struct sam_passwd **);
+
+	struct user_data {
+		/* initiailization flags */
+		uint32 init_flag;
+		
+		time_t logon_time;            /* logon time */
+		time_t logoff_time;           /* logoff time */
+		time_t kickoff_time;          /* kickoff time */
+		time_t pass_last_set_time;    /* password last set time */
+		time_t pass_can_change_time;  /* password can change time */
+		time_t pass_must_change_time; /* password must change time */
+		
+		char * username;     /* UNIX username string */
+		char * domain;       /* Windows Domain name */
+		char * nt_username;  /* Windows username string */
+		char * full_name;    /* user's full name string */
+		char * home_dir;     /* home directory string */
+		char * dir_drive;    /* home directory drive string */
+		char * logon_script; /* logon script string */
+		char * profile_path; /* profile path string */
+		char * acct_desc  ;  /* user description string */
+		char * workstations; /* login from workstations string */
+		char * unknown_str ; /* don't know what this is, yet. */
+		char * munged_dial ; /* munged path name and dial-back tel number */
+		
+		uid_t uid;          /* this is a unix uid_t */
+		gid_t gid;          /* this is a unix gid_t */
+		uint32 user_rid;    /* Primary User ID */
+		uint32 group_rid;   /* Primary Group ID */
+		
+		DATA_BLOB lm_pw; /* .data is Null if no password */
+		DATA_BLOB nt_pw; /* .data is Null if no password */
+		
+		uint16 acct_ctrl; /* account info (ACB_xxxx bit-mask) */
+		uint32 unknown_3; /* 0x00ff ffff */
+		
+		uint16 logon_divs; /* 168 - number of hours in a week */
+		uint32 hours_len; /* normally 21 bytes */
+		uint8 hours[MAX_HOURS_LEN];
+		
+		uint32 unknown_5; /* 0x0002 0000 */
+		uint32 unknown_6; /* 0x0000 04ec */
+	} private;
+	/* Lets see if the remaining code can get the hint that you
+	   are meant to use the pdb_...() functions. */
+	
+} SAM_ACCOUNT;
+
+/*
+ * Flags for account policy.
+ */
+#define AP_MIN_PASSWORD_LEN 		1
+#define AP_PASSWORD_HISTORY		2
+#define AP_USER_MUST_LOGON_TO_CHG_PASS	3
+#define AP_MAX_PASSWORD_AGE		4
+#define AP_MIN_PASSWORD_AGE		5
+#define AP_LOCK_ACCOUNT_DURATION	6
+#define AP_RESET_COUNT_TIME		7
+#define AP_BAD_ATTEMPT_LOCKOUT		8
+#define AP_TIME_TO_LOGOUT		9
+
+
+/*
+ * Flags for local user manipulation.
+ */
+
+#define LOCAL_ADD_USER 0x1
+#define LOCAL_DELETE_USER 0x2
+#define LOCAL_DISABLE_USER 0x4
+#define LOCAL_ENABLE_USER 0x8
+#define LOCAL_TRUST_ACCOUNT 0x10
+#define LOCAL_SET_NO_PASSWORD 0x20
+#define LOCAL_SET_PASSWORD 0x40
+#define LOCAL_SET_LDAP_ADMIN_PW 0x80
+#define LOCAL_INTERDOM_ACCOUNT 0x100
+
+/* key and data in the connections database - used in smbstatus and smbd */
+struct connections_key {
+	pid_t pid;
+	int cnum;
+	fstring name;
+};
+
+struct connections_data {
+	int magic;
+	pid_t pid;
+	int cnum;
+	uid_t uid;
+	gid_t gid;
+	char name[24];
+	char addr[24];
+	char machine[FSTRING_LEN];
+	time_t start;
+};
+
+
+/* key and data records in the tdb locking database */
+struct locking_key {
+	SMB_DEV_T dev;
+	SMB_INO_T inode;
+};
+
+struct locking_data {
+	union {
+		int num_share_mode_entries;
+		share_mode_entry dummy; /* Needed for alignment. */
+	} u;
+	/* the following two entries are implicit 
+	   share_mode_entry modes[num_share_mode_entries];
+           char file_name[];
+	*/
+};
+
+
+/* the following are used by loadparm for option lists */
+typedef enum
+{
+  P_BOOL,P_BOOLREV,P_CHAR,P_INTEGER,P_OCTAL,P_LIST,
+  P_STRING,P_USTRING,P_GSTRING,P_UGSTRING,P_ENUM,P_SEP
+} parm_type;
+
+typedef enum
+{
+  P_LOCAL,P_GLOBAL,P_SEPARATOR,P_NONE
+} parm_class;
+
+/* passed to br lock code */
+enum brl_type {READ_LOCK, WRITE_LOCK};
+
+struct enum_list {
+	int value;
+	char *name;
+};
+
+#define BRLOCK_FN_CAST() \
+	void (*)(SMB_DEV_T dev, SMB_INO_T ino, int pid, \
+				 enum brl_type lock_type, \
+				 br_off start, br_off size)
+#define BRLOCK_FN(fn) \
+	void (*fn)(SMB_DEV_T dev, SMB_INO_T ino, int pid, \
+				 enum brl_type lock_type, \
+				 br_off start, br_off size)
+struct parm_struct
+{
+	char *label;
+	parm_type type;
+	parm_class class;
+	void *ptr;
+	BOOL (*special)(char *, char **);
+	struct enum_list *enum_list;
+	unsigned flags;
+	union {
+		BOOL bvalue;
+		int ivalue;
+		char *svalue;
+		char cvalue;
+		char **lvalue;
+	} def;
+};
+
+struct bitmap {
+	uint32 *b;
+	int n;
+};
+
+#define FLAG_BASIC 	0x01 /* fundamental options */
+#define FLAG_SHARE 	0x02 /* file sharing options */
+#define FLAG_PRINT 	0x04 /* printing options */
+#define FLAG_GLOBAL 	0x08 /* local options that should be globally settable in SWAT */
+#define FLAG_DEPRECATED 0x10 /* options that should no longer be used */
+#define FLAG_HIDE  	0x20 /* options that should be hidden in SWAT */
+
+#ifndef LOCKING_VERSION
+#define LOCKING_VERSION 4
+#endif /* LOCKING_VERSION */
 
-#define LOCKING_VERSION 2
-
-/* these are useful macros for checking validity of handles */
-#define VALID_FNUM(fnum)   (((fnum) >= 0) && ((fnum) < MAX_OPEN_FILES))
-#define OPEN_FNUM(fnum)    (VALID_FNUM(fnum) && Files[fnum].open)
-#define VALID_CNUM(cnum)   (((cnum) >= 0) && ((cnum) < MAX_CONNECTIONS))
-#define OPEN_CNUM(cnum)    (VALID_CNUM(cnum) && Connections[cnum].open)
-#define IS_IPC(cnum)       (VALID_CNUM(cnum) && Connections[cnum].ipc)
-#define FNUM_OK(fnum,c) (OPEN_FNUM(fnum) && (c)==Files[fnum].cnum)
-
-#define CHECK_FNUM(fnum,c) if (!FNUM_OK(fnum,c)) \
-                               return(ERROR(ERRDOS,ERRbadfid))
-#define CHECK_READ(fnum) if (!Files[fnum].can_read) \
-                               return(ERROR(ERRDOS,ERRbadaccess))
-#define CHECK_WRITE(fnum) if (!Files[fnum].can_write) \
-                               return(ERROR(ERRDOS,ERRbadaccess))
-#define CHECK_ERROR(fnum) if (HAS_CACHED_ERROR(fnum)) \
-                               return(CACHED_ERROR(fnum))
-
-/* translates a connection number into a service number */
-#define SNUM(cnum)         (Connections[cnum].service)
-
-/* access various service details */
-#define SERVICE(snum)      (lp_servicename(snum))
-#define PRINTCAP           (lp_printcapname())
-#define PRINTCOMMAND(snum) (lp_printcommand(snum))
-#define PRINTERNAME(snum)  (lp_printername(snum))
-#define CAN_WRITE(cnum)    (OPEN_CNUM(cnum) && !Connections[cnum].read_only)
-#define VALID_SNUM(snum)   (lp_snum_ok(snum))
-#define GUEST_OK(snum)     (VALID_SNUM(snum) && lp_guest_ok(snum))
-#define GUEST_ONLY(snum)   (VALID_SNUM(snum) && lp_guest_only(snum))
-#define CAN_SETDIR(snum)   (!lp_no_set_dir(snum))
-#define CAN_PRINT(cnum)    (OPEN_CNUM(cnum) && lp_print_ok(SNUM(cnum)))
-#define POSTSCRIPT(cnum)   (OPEN_CNUM(cnum) && lp_postscript(SNUM(cnum)))
-#define MAP_HIDDEN(cnum)   (OPEN_CNUM(cnum) && lp_map_hidden(SNUM(cnum)))
-#define MAP_SYSTEM(cnum)   (OPEN_CNUM(cnum) && lp_map_system(SNUM(cnum)))
-#define MAP_ARCHIVE(cnum)   (OPEN_CNUM(cnum) && lp_map_archive(SNUM(cnum)))
-#define CREATE_MODE(cnum)  (lp_create_mode(SNUM(cnum)) | 0700)
-#ifdef SMB_PASSWD
-#define SMBENCRYPT()       (lp_encrypted_passwords())
-#else
-#define SMBENCRYPT() (False)
-#endif
 
 /* the basic packet size, assuming no words or bytes */
 #define smb_size 39
@@ -428,6 +807,15 @@ struct connect_record
 #define smb_vwv16 69
 #define smb_vwv17 71
 
+/* flag defines. CIFS spec 3.1.1 */
+#define FLAG_SUPPORT_LOCKREAD       0x01
+#define FLAG_CLIENT_BUF_AVAIL       0x02
+#define FLAG_RESERVED               0x04
+#define FLAG_CASELESS_PATHNAMES     0x08
+#define FLAG_CANONICAL_PATHNAMES    0x10
+#define FLAG_REQUEST_OPLOCK         0x20
+#define FLAG_REQUEST_BATCH_OPLOCK   0x40
+#define FLAG_REPLY                  0x80
 
 /* the complete */
 #define SMBmkdir      0x00   /* create directory */
@@ -501,6 +889,7 @@ struct connect_record
 #define SMBffirst        0x82   /* find first */
 #define SMBfunique       0x83   /* find unique */
 #define SMBfclose        0x84   /* find close */
+#define SMBkeepalive     0x85   /* keepalive */
 #define SMBinvalid       0xFE   /* invalid command */
 
 /* Extended 2.0 protocol */
@@ -510,23 +899,41 @@ struct connect_record
 #define SMBfindnclose    0x35   /* Terminate a TRANSACT2_FINDNOTIFYFIRST */
 #define SMBulogoffX      0x74   /* user logoff */
 
-
-/* these are the TRANS2 sub commands */
-#define TRANSACT2_OPEN          0
-#define TRANSACT2_FINDFIRST     1
-#define TRANSACT2_FINDNEXT      2
-#define TRANSACT2_QFSINFO       3
-#define TRANSACT2_SETFSINFO     4
-#define TRANSACT2_QPATHINFO     5
-#define TRANSACT2_SETPATHINFO   6
-#define TRANSACT2_QFILEINFO     7
-#define TRANSACT2_SETFILEINFO   8
-#define TRANSACT2_FSCTL         9
-#define TRANSACT2_IOCTL           10
-#define TRANSACT2_FINDNOTIFYFIRST 11
-#define TRANSACT2_FINDNOTIFYNEXT  12
-#define TRANSACT2_MKDIR           13
-
+/* NT SMB extensions. */
+#define SMBnttrans       0xA0   /* NT transact */
+#define SMBnttranss      0xA1   /* NT transact secondary */
+#define SMBntcreateX     0xA2   /* NT create and X */
+#define SMBntcancel      0xA4   /* NT cancel */
+
+/* These are the TRANS2 sub commands */
+#define TRANSACT2_OPEN                        0
+#define TRANSACT2_FINDFIRST                   1
+#define TRANSACT2_FINDNEXT                    2
+#define TRANSACT2_QFSINFO                     3
+#define TRANSACT2_SETFSINFO                   4
+#define TRANSACT2_QPATHINFO                   5
+#define TRANSACT2_SETPATHINFO                 6
+#define TRANSACT2_QFILEINFO                   7
+#define TRANSACT2_SETFILEINFO                 8
+#define TRANSACT2_FSCTL                       9
+#define TRANSACT2_IOCTL                     0xA
+#define TRANSACT2_FINDNOTIFYFIRST           0xB
+#define TRANSACT2_FINDNOTIFYNEXT            0xC
+#define TRANSACT2_MKDIR                     0xD
+#define TRANSACT2_SESSION_SETUP             0xE
+#define TRANSACT2_GET_DFS_REFERRAL         0x10
+#define TRANSACT2_REPORT_DFS_INCONSISTANCY 0x11
+
+/* These are the NT transact sub commands. */
+#define NT_TRANSACT_CREATE                1
+#define NT_TRANSACT_IOCTL                 2
+#define NT_TRANSACT_SET_SECURITY_DESC     3
+#define NT_TRANSACT_NOTIFY_CHANGE         4
+#define NT_TRANSACT_RENAME                5
+#define NT_TRANSACT_QUERY_SECURITY_DESC   6
+
+/* Relevant IOCTL codes */
+#define IOCTL_QUERY_JOB_INFO      0x530060
 
 /* these are the trans2 sub fields for primary requests */
 #define smb_tpscnt smb_vwv0
@@ -565,369 +972,259 @@ struct connect_record
 #define smb_droff smb_vwv7
 #define smb_drdisp smb_vwv8
 
+/* these are for the NT trans primary request. */
+#define smb_nt_MaxSetupCount smb_vwv0
+#define smb_nt_Flags (smb_vwv0 + 1)
+#define smb_nt_TotalParameterCount (smb_vwv0 + 3)
+#define smb_nt_TotalDataCount (smb_vwv0 + 7)
+#define smb_nt_MaxParameterCount (smb_vwv0 + 11)
+#define smb_nt_MaxDataCount (smb_vwv0 + 15)
+#define smb_nt_ParameterCount (smb_vwv0 + 19)
+#define smb_nt_ParameterOffset (smb_vwv0 + 23)
+#define smb_nt_DataCount (smb_vwv0 + 27)
+#define smb_nt_DataOffset (smb_vwv0 + 31)
+#define smb_nt_SetupCount (smb_vwv0 + 35)
+#define smb_nt_Function (smb_vwv0 + 36)
+#define smb_nt_SetupStart (smb_vwv0 + 38)
+
+/* these are for the NT trans secondary request. */
+#define smb_nts_TotalParameterCount (smb_vwv0 + 3)
+#define smb_nts_TotalDataCount (smb_vwv0 + 7)
+#define smb_nts_ParameterCount (smb_vwv0 + 11)
+#define smb_nts_ParameterOffset (smb_vwv0 + 15)
+#define smb_nts_ParameterDisplacement (smb_vwv0 + 19)
+#define smb_nts_DataCount (smb_vwv0 + 23)
+#define smb_nts_DataOffset (smb_vwv0 + 27)
+#define smb_nts_DataDisplacement (smb_vwv0 + 31)
+
+/* these are for the NT trans reply. */
+#define smb_ntr_TotalParameterCount (smb_vwv0 + 3)
+#define smb_ntr_TotalDataCount (smb_vwv0 + 7)
+#define smb_ntr_ParameterCount (smb_vwv0 + 11)
+#define smb_ntr_ParameterOffset (smb_vwv0 + 15)
+#define smb_ntr_ParameterDisplacement (smb_vwv0 + 19)
+#define smb_ntr_DataCount (smb_vwv0 + 23)
+#define smb_ntr_DataOffset (smb_vwv0 + 27)
+#define smb_ntr_DataDisplacement (smb_vwv0 + 31)
+
+/* these are for the NT create_and_X */
+#define smb_ntcreate_NameLength (smb_vwv0 + 5)
+#define smb_ntcreate_Flags (smb_vwv0 + 7)
+#define smb_ntcreate_RootDirectoryFid (smb_vwv0 + 11)
+#define smb_ntcreate_DesiredAccess (smb_vwv0 + 15)
+#define smb_ntcreate_AllocationSize (smb_vwv0 + 19)
+#define smb_ntcreate_FileAttributes (smb_vwv0 + 27)
+#define smb_ntcreate_ShareAccess (smb_vwv0 + 31)
+#define smb_ntcreate_CreateDisposition (smb_vwv0 + 35)
+#define smb_ntcreate_CreateOptions (smb_vwv0 + 39)
+#define smb_ntcreate_ImpersonationLevel (smb_vwv0 + 43)
+#define smb_ntcreate_SecurityFlags (smb_vwv0 + 47)
+
+/* this is used on a TConX. I'm not sure the name is very helpful though */
+#define SMB_SUPPORT_SEARCH_BITS        0x0001
+#define SMB_SHARE_IN_DFS               0x0002
+
+/* Named pipe write mode flags. Used in writeX calls. */
+#define PIPE_RAW_MODE 0x4
+#define PIPE_START_MESSAGE 0x8
+
+/* these are the constants used in the above call. */
+/* DesiredAccess */
+/* File Specific access rights. */
+#define FILE_READ_DATA        0x001
+#define FILE_WRITE_DATA       0x002
+#define FILE_APPEND_DATA      0x004
+#define FILE_READ_EA          0x008
+#define FILE_WRITE_EA         0x010
+#define FILE_EXECUTE          0x020
+#define FILE_DELETE_CHILD     0x040
+#define FILE_READ_ATTRIBUTES  0x080
+#define FILE_WRITE_ATTRIBUTES 0x100
+
+#define FILE_ALL_ACCESS       0x1FF
+
+/* the desired access to use when opening a pipe */
+#define DESIRED_ACCESS_PIPE 0x2019f
+ 
+/* Generic access masks & rights. */
+#define SPECIFIC_RIGHTS_MASK 0x00FFFFL
+#define STANDARD_RIGHTS_MASK 0xFF0000L
+#define DELETE_ACCESS        (1L<<16) /* 0x00010000 */
+#define READ_CONTROL_ACCESS  (1L<<17) /* 0x00020000 */
+#define WRITE_DAC_ACCESS     (1L<<18) /* 0x00040000 */
+#define WRITE_OWNER_ACCESS   (1L<<19) /* 0x00080000 */
+#define SYNCHRONIZE_ACCESS   (1L<<20) /* 0x00100000 */
+
+/* Combinations of standard masks. */
+#define STANDARD_RIGHTS_ALL_ACCESS (DELETE_ACCESS|READ_CONTROL_ACCESS|WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS|SYNCHRONIZE_ACCESS)
+#define STANDARD_RIGHTS_EXECUTE_ACCESS (READ_CONTROL_ACCESS)
+#define STANDARD_RIGHTS_READ_ACCESS (READ_CONTROL_ACCESS)
+#define STANDARD_RIGHTS_REQUIRED_ACCESS (DELETE_ACCESS|READ_CONTROL_ACCESS|WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS)
+#define STANDARD_RIGHTS_WRITE_ACCESS (READ_CONTROL_ACCESS)
+
+#define SYSTEM_SECURITY_ACCESS (1L<<24)	          /* 0x01000000 */
+#define MAXIMUM_ALLOWED_ACCESS (1L<<25)	          /* 0x02000000 */
+#define GENERIC_ALL_ACCESS     (1<<28)            /* 0x10000000 */
+#define GENERIC_EXECUTE_ACCESS (1<<29)            /* 0x20000000 */
+#define GENERIC_WRITE_ACCESS   (1<<30)            /* 0x40000000 */
+#define GENERIC_READ_ACCESS   (((unsigned)1)<<31) /* 0x80000000 */
+
+/* Mapping of generic access rights for files to specific rights. */
+
+#define FILE_GENERIC_ALL (STANDARD_RIGHTS_REQUIRED_ACCESS| SYNCHRONIZE_ACCESS|FILE_ALL_ACCESS)
+
+#define FILE_GENERIC_READ (STANDARD_RIGHTS_READ_ACCESS|FILE_READ_DATA|FILE_READ_ATTRIBUTES|\
+							FILE_READ_EA|SYNCHRONIZE_ACCESS)
+
+#define FILE_GENERIC_WRITE (STANDARD_RIGHTS_WRITE_ACCESS|FILE_WRITE_DATA|FILE_WRITE_ATTRIBUTES|\
+							FILE_WRITE_EA|FILE_APPEND_DATA|SYNCHRONIZE_ACCESS)
+
+#define FILE_GENERIC_EXECUTE (STANDARD_RIGHTS_EXECUTE_ACCESS|FILE_READ_ATTRIBUTES|\
+								FILE_EXECUTE|SYNCHRONIZE_ACCESS)
+
+/* Mapping of access rights to UNIX perms. */
+#define UNIX_ACCESS_RWX		FILE_GENERIC_ALL
+#define UNIX_ACCESS_R 		FILE_GENERIC_READ
+#define UNIX_ACCESS_W		FILE_GENERIC_WRITE
+#define UNIX_ACCESS_X		FILE_GENERIC_EXECUTE
+
+#if 0
+/*
+ * This is the old mapping we used to use. To get W2KSP2 profiles
+ * working we need to map to the canonical file perms.
+ */
+#define UNIX_ACCESS_RWX (UNIX_ACCESS_R|UNIX_ACCESS_W|UNIX_ACCESS_X)
+#define UNIX_ACCESS_R (READ_CONTROL_ACCESS|SYNCHRONIZE_ACCESS|\
+			FILE_READ_ATTRIBUTES|FILE_READ_EA|FILE_READ_DATA)
+#define UNIX_ACCESS_W (READ_CONTROL_ACCESS|SYNCHRONIZE_ACCESS|\
+			FILE_WRITE_ATTRIBUTES|FILE_WRITE_EA|\
+			FILE_APPEND_DATA|FILE_WRITE_DATA)
+#define UNIX_ACCESS_X (READ_CONTROL_ACCESS|SYNCHRONIZE_ACCESS|\
+			FILE_EXECUTE|FILE_READ_ATTRIBUTES)
+#endif
+
+#define UNIX_ACCESS_NONE (WRITE_OWNER_ACCESS)
+
+/* Flags field. */
+#define REQUEST_OPLOCK 2
+#define REQUEST_BATCH_OPLOCK 4
+#define OPEN_DIRECTORY 8
+
+/* ShareAccess field. */
+#define FILE_SHARE_NONE 0 /* Cannot be used in bitmask. */
+#define FILE_SHARE_READ 1
+#define FILE_SHARE_WRITE 2
+#define FILE_SHARE_DELETE 4
+
+/* FileAttributesField */
+#define FILE_ATTRIBUTE_READONLY aRONLY
+#define FILE_ATTRIBUTE_HIDDEN aHIDDEN
+#define FILE_ATTRIBUTE_SYSTEM aSYSTEM
+#define FILE_ATTRIBUTE_DIRECTORY aDIR
+#define FILE_ATTRIBUTE_ARCHIVE aARCH
+#define FILE_ATTRIBUTE_NORMAL 0x80L
+#define FILE_ATTRIBUTE_TEMPORARY 0x100L
+#define FILE_ATTRIBUTE_SPARSE 0x200L
+#define FILE_ATTRIBUTE_COMPRESSED 0x800L
+#define FILE_ATTRIBUTE_NONINDEXED 0x2000L
+#define SAMBA_ATTRIBUTES_MASK 0x7F
+
+/* Flags - combined with attributes. */
+#define FILE_FLAG_WRITE_THROUGH    0x80000000L
+#define FILE_FLAG_NO_BUFFERING     0x20000000L
+#define FILE_FLAG_RANDOM_ACCESS    0x10000000L
+#define FILE_FLAG_SEQUENTIAL_SCAN  0x08000000L
+#define FILE_FLAG_DELETE_ON_CLOSE  0x04000000L
+#define FILE_FLAG_BACKUP_SEMANTICS 0x02000000L
+#define FILE_FLAG_POSIX_SEMANTICS  0x01000000L
+
+/* CreateDisposition field. */
+#define FILE_SUPERSEDE 0
+#define FILE_OPEN 1
+#define FILE_CREATE 2
+#define FILE_OPEN_IF 3
+#define FILE_OVERWRITE 4
+#define FILE_OVERWRITE_IF 5
+
+/* CreateOptions field. */
+#define FILE_DIRECTORY_FILE       0x0001
+#define FILE_WRITE_THROUGH        0x0002
+#define FILE_SEQUENTIAL_ONLY      0x0004
+#define FILE_NON_DIRECTORY_FILE   0x0040
+#define FILE_NO_EA_KNOWLEDGE      0x0200
+#define FILE_EIGHT_DOT_THREE_ONLY 0x0400
+#define FILE_RANDOM_ACCESS        0x0800
+#define FILE_DELETE_ON_CLOSE      0x1000
+
+/* Responses when opening a file. */
+#define FILE_WAS_OPENED 1
+#define FILE_WAS_CREATED 2
+#define FILE_WAS_OVERWRITTEN 3
+
+/* File type flags */
+#define FILE_TYPE_DISK  0
+#define FILE_TYPE_BYTE_MODE_PIPE 1
+#define FILE_TYPE_MESSAGE_MODE_PIPE 2
+#define FILE_TYPE_PRINTER 3
+#define FILE_TYPE_COMM_DEVICE 4
+#define FILE_TYPE_UNKNOWN 0xFFFF
+
+/* Flag for NT transact rename call. */
+#define RENAME_REPLACE_IF_EXISTS 1
+
+/* Filesystem Attributes. */
+#define FILE_CASE_SENSITIVE_SEARCH 0x01
+#define FILE_CASE_PRESERVED_NAMES 0x02
+#define FILE_UNICODE_ON_DISK 0x04
+/* According to cifs9f, this is 4, not 8 */
+/* Acconding to testing, this actually sets the security attribute! */
+#define FILE_PERSISTENT_ACLS 0x08
+/* These entries added from cifs9f --tsb */
+#define FILE_FILE_COMPRESSION 0x10
+#define FILE_VOLUME_QUOTAS 0x20
+/* I think this is wrong. JRA #define FILE_DEVICE_IS_MOUNTED 0x20 */
+#define FILE_VOLUME_SPARSE_FILE 0x40
+#define FILE_VOLUME_IS_COMPRESSED 0x8000
+
+/* ChangeNotify flags. */
+#define FILE_NOTIFY_CHANGE_FILE        0x001
+#define FILE_NOTIFY_CHANGE_DIR_NAME    0x002
+#define FILE_NOTIFY_CHANGE_ATTRIBUTES  0x004
+#define FILE_NOTIFY_CHANGE_SIZE        0x008
+#define FILE_NOTIFY_CHANGE_LAST_WRITE  0x010
+#define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x020
+#define FILE_NOTIFY_CHANGE_CREATION    0x040
+#define FILE_NOTIFY_CHANGE_EA          0x080
+#define FILE_NOTIFY_CHANGE_SECURITY    0x100
+#define FILE_NOTIFY_CHANGE_FILE_NAME   0x200
+
 /* where to find the base of the SMB packet proper */
 #define smb_base(buf) (((char *)(buf))+4)
 
+/* we don't allow server strings to be longer than 48 characters as
+   otherwise NT will not honour the announce packets */
+#define MAX_SERVER_STRING_LENGTH 48
 
-#define SUCCESS 0  /* The request was successful. */
-#define ERRDOS 0x01 /*  Error is from the core DOS operating system set. */
-#define ERRSRV 0x02  /* Error is generated by the server network file manager.*/
-#define ERRHRD 0x03  /* Error is an hardware error. */
-#define ERRCMD 0xFF  /* Command was not in the "SMB" format. */
 
-/* structure used to hold the incoming hosts info */
-struct from_host {
-    char   *name;			/* host name */
-    char   *addr;			/* host address */
-    struct sockaddr_in *sin;		/* their side of the link */
-};
+#define SMB_SUCCESS 0  /* The request was successful. */
 
-/* and a few prototypes */
-BOOL user_ok(char *user,int snum);
-int sys_rename(char *from, char *to);
-int sys_select(fd_set *fds,struct timeval *tval);
-int sys_unlink(char *fname);
-int sys_open(char *fname,int flags,int mode);
-DIR *sys_opendir(char *dname);
-int sys_stat(char *fname,struct stat *sbuf);
-int sys_lstat(char *fname,struct stat *sbuf);
-int sys_mkdir(char *dname,int mode);
-int sys_rmdir(char *dname);
-int sys_chdir(char *dname);
-int sys_utime(char *fname,struct utimbuf *times);
-int sys_disk_free(char *path,int *bsize,int *dfree,int *dsize);
-void lpq_reset(int);
-void status_printjob(int cnum,int snum,int jobid,int status);
-void DirCacheAdd(char *path,char *name,char *dname,int snum);
-char *DirCacheCheck(char *path,char *name,int snum);
-void DirCacheFlush(int snum);
-int interpret_character_set(char *str, int def);
-char *dos2unix_format(char *, BOOL);
-char *unix2dos_format(char *, BOOL);
-BOOL fcntl_lock(int fd,int op,uint32 offset,uint32 count,int type);
-void BlockSignals(BOOL block);
-void msleep(int t);
-int file_lock(char *name,int timeout);
-void file_unlock(int fd);
-int find_service(char *service);
-int TvalDiff(struct timeval *tvalold,struct timeval *tvalnew);
-int smb_offset(char *p,char *buf);
-void sync_file(int fnum);
-int PutUniCode(char *dst,char *src);
-void map_username(char *user);
-void close_low_fds(void);
-void clean_share_files(void);
-int write_socket(int fd,char *buf,int len);
-char *readdirname(void *p);
-int dos_chmod(int cnum,char *fname,int mode,struct stat *st);
-int smb_numwords(char *buf);
-int get_share_mode(int cnum,struct stat *sbuf,int *pid);
-void del_share_mode(int fnum);
-BOOL set_share_mode(int fnum,int mode);
-int DSTDiff(time_t t);
-void TimeInit(void);
-void put_long_date(char *p,time_t t);
-time_t interpret_long_date(char *p);
-void dptr_idlecnum(int cnum);
-void dptr_closecnum(int cnum);
-void init_dptrs(void);
-void fault_setup();
-void set_socket_options(int fd, char *options);
-void putip(void *dest,void *src);
-void standard_sub_basic(char *s);
-void *OpenDir(char *name);
-void CloseDir(void *p);
-char *ReadDirName(void *p);
-BOOL SeekDir(void *p,int pos);
-int TellDir(void *p);
-int write_data(int fd,char *buffer,int N);
-BOOL server_cryptkey(char *buf);
-BOOL server_validate(char *buf);
-BOOL become_service(int cnum,BOOL do_chdir);
-BOOL snum_used(int snum);
-BOOL reload_services(BOOL test);
-void reopen_logs(void);
-int transfer_file(int infd,int outfd,int n,char *header,int headlen,int align);
-int str_checksum(char *s);
-time_t file_modtime(char *fname);
-BOOL do_match(char *str, char *regexp, int case_sig);
-BOOL is_a_socket(int fd);
-void _smb_setlen(char *buf,int len);
-void valid_initialise(void);
-BOOL is_8_3(char *fname);
-BOOL is_mangled(char *s);
-void standard_sub(int cnum,char *s);
-void del_printqueue(int cnum,int snum,int jobid);
-BOOL strisnormal(char *s);
-BOOL check_mangled_stack(char *s);
-int sys_chown(char *fname,int uid,int gid);
-int sys_chroot(char *dname);
-BOOL next_token(char **ptr,char *buff,char *sep);
-void invalidate_uid(int uid);
-char *fgets_slash(char *s,int maxlen,FILE *f);
-int read_udp_socket(int fd,char *buf,int len);
-void exit_server(char *reason);
-BOOL process_exists(int pid);
-BOOL chgpasswd(char *name,char *oldpass,char *newpass);
-void array_promote(char *array,int elsize,int element);
-void string_replace(char *s,char oldc,char newc);
-BOOL user_in_list(char *user,char *list);
-BOOL string_sub(char *s,char *pattern,char *insert);
-char *StrnCpy(char *dest,const char *src,int n);
-char *validated_username(int vuid);
-BOOL set_user_password(char *user,char *oldpass,char *newpass);
-int smb_buf_ofs(char *buf);
-char *skip_string(char *buf,int n);
-BOOL is_locked(int fnum,int cnum,uint32 count,uint32 offset);
-int read_file(int fnum,char *data,int pos,int mincnt,int maxcnt,int timeout,BOOL exact);
-int write_file(int fnum,char *data,int n);
-BOOL do_lock(int fnum,int cnum,uint32 count,uint32 offset,int *eclass,uint32 *ecode);
-int seek_file(int fnum,int pos);
-BOOL do_unlock(int fnum,int cnum,uint32 count,uint32 offset,int *eclass,uint32 *ecode);
-int get_printqueue(int snum,int cnum,print_queue_struct **queue,print_status_struct *status);
-void parse_connect(char *buf,char *service,char *user,char *password,int *pwlen,char *dev);
-int setup_groups(char *user,int uid, int gid, int *p_ngroups, 
-		 int **p_igroups, gid_t **p_groups);
-int make_connection(char *service,char *user,char *password, int pwlen, char *dev,int vuid);
-char *dptr_path(int key);
-char *dptr_wcard(int key);
-BOOL dptr_set_wcard(int key, char *wcard);
-BOOL dptr_set_attr(int key, uint16 attr);
-uint16 dptr_attr(int key);
-void dptr_close(int key);
-void dptr_closepath(char *path,int pid);
-int dptr_create(int cnum,char *path, BOOL expect_close,int pid);
-BOOL dptr_fill(char *buf,unsigned int key);
-BOOL dptr_zero(char *buf);
-void *dptr_fetch(char *buf,int *num);
-void *dptr_fetch_lanman2(char *params,int dptr_num);
-BOOL get_dir_entry(int cnum,char *mask,int dirtype,char *fname,int *size,int *mode,time_t *date,BOOL check_descend);
-void open_file(int fnum,int cnum,char *fname,int flags,int mode);
-void open_file_shared(int fnum,int cnum,char *fname,int share_mode,int ofun,int mode,int *Access,int *action);
-void close_file(int fnum);
-int reply_trans2(char *inbuf,char *outbuf,int length,int bufsize);
-int reply_trans(char *inbuf,char *outbuf);
-char *ufc_crypt(char *key,char *salt);
-BOOL authorise_login(int snum,char *user,char *password, int pwlen, 
-		     BOOL *guest,BOOL *force,int vuid);
-void add_session_user(char *user);
-int valid_uid(int uid);
-user_struct *get_valid_user_struct(int uid);
-BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd, BOOL nt_password);
-void register_uid(int uid,int gid,char *name,BOOL guest);
-BOOL fromhost(int sock,struct from_host *f);
-BOOL strhasupper(char *s);
-BOOL strhaslower(char *s);
-int disk_free(char *path,int *bsize,int *dfree,int *dsize);
-char *uidtoname(int uid);
-char *gidtoname(int gid);
-int get_share_mode_byname(int cnum,char *fname,int *pid);
-int get_share_mode_by_fnum(int cnum,int fnum,int *pid);
-BOOL check_file_sharing(int cnum,char *fname);
-char *StrCpy(char *dest,char *src);
-int unix_error_packet(char *inbuf,char *outbuf,int def_class,uint32 def_code,int line);
-time_t make_unix_date2(void *date_ptr);
-int cached_error_packet(char *inbuf,char *outbuf,int fnum,int line);
-mode_t unix_mode(int cnum,int dosmode);
-BOOL check_name(char *name,int cnum);
-int error_packet(char *inbuf,char *outbuf,int error_class,uint32 error_code,int line);
-int find_free_file(void );
-BOOL unix_convert(char *name,int cnum);
-void unix_convert_lanman2(char *s,char *home,BOOL case_is_sig);
-void print_file(int fnum);
-int read_smb_length(int fd,char *inbuf,int timeout);
-int read_predict(int fd,int offset,char *buf,char **ptr,int num);
-void invalidate_read_prediction(int fd);
-void do_read_prediction();
-BOOL claim_connection(int cnum,char *name,int max_connections,BOOL Clear);
-BOOL yield_connection(int cnum,char *name,int max_connections);
-int count_chars(char *s,char c);
-int smbrun(char *,char *);
-BOOL name_map_mangle(char *OutName,BOOL need83,int snum);
-struct hostent *Get_Hostbyname(char *name);
-struct passwd *Get_Pwnam(char *user,BOOL allow_change);
-void Abort(void);
-void *Realloc(void *p,int size);
-void smb_setlen(char *buf,int len);
-int set_message(char *buf,int num_words,int num_bytes,BOOL zero);
-BOOL check_access(int snum);
-BOOL in_group(gid_t group, int current_gid, int ngroups, int *groups);
-BOOL string_set(char **dest,char *src);
-BOOL string_init(char **dest,char *src);
-void string_free(char **s);
-char *attrib_string(int mode);
-void unix_format(char *fname);
-BOOL directory_exist(char *dname,struct stat *st);
-time_t make_unix_date3(void *date_ptr);
-void put_dos_date3(char *buf,int offset,time_t unixdate);
-void make_dir_struct(char *buf,char *mask,char *fname,unsigned int size,int mode,time_t date);
-BOOL in_list(char *s,char *list,BOOL case_sensitive);
-void strupper(char *s);
-BOOL file_exist(char *fname,struct stat *sbuf);
-int read_with_timeout(int fd,char *buf,int mincnt,int maxcnt, long time_out, BOOL exact);
-void close_sockets(void );
-BOOL send_smb(int fd,char *buffer);
-BOOL send_keepalive(int client);
-int read_data(int fd,char *buffer,int N);
-int smb_len(char *buf);
-BOOL receive_smb(int fd,char *buffer,int timeout);
-void show_msg(char *buf);
-BOOL big_endian(void );
-BOOL become_user(int cnum, int uid);
-BOOL unbecome_user(void);
-void become_daemon(void);
-BOOL reduce_name(char *s,char *dir,BOOL widelinks);
-void strlower(char *s);
-void strnorm(char *s);
-char *smb_buf(char *buf);
-char *smb_trans2_param(char *buf);
-char *smb_trans2_data(char *buf);
-BOOL strequal(char *,char *);
-BOOL strnequal(char *,char *,int n);
-BOOL strcsequal(char *,char *);
-BOOL mask_match( char *str, char *regexp, int case_sig, BOOL trans2);
-int dos_mode(int ,char *,struct stat *);
-char *timestring();
-BOOL ip_equal(struct in_addr ip1,struct in_addr ip2);
-BOOL send_one_packet(char *buf,int len,struct in_addr ip,int port,int type);
-char *get_home_dir(char *);
-int set_filelen(int fd, long len);
-void put_dos_date(char *buf,int offset,time_t unixdate);
-void put_dos_date2(char *buf,int offset,time_t unixdate);
-int lp_keepalive(void);
-int name_len(char *s);
-void dos_clean_name(char *s);
-void unix_clean_name(char *s);
-time_t make_unix_date(void *date_ptr);
-BOOL lanman2_match( char *str, char *regexp, int case_sig, BOOL autoext);
-BOOL trim_string(char *s,char *front,char *back);
-int byte_checksum(char *buf,int len);
-BOOL yesno(char *p);
-uint32 file_size(char *file_name);
-void dos_format(char *fname);
-char *GetWd(char *s);
-int name_mangle(char *in,char *out,char name_type);
-int name_len(char *s);
-void create_mangled_stack(int size);
-int name_extract(char *buf,int ofs,char *name);
-void get_broadcast(struct in_addr *if_ipaddr, struct in_addr *if_bcast, struct in_addr *if_nmask);
-BOOL allow_access(char *deny_list,char *allow_list,struct from_host *client);
-#ifdef __STDC__
-int Debug1(char *, ...);
-#else
-int Debug1();
-#endif
-BOOL check_hosts_equiv(char *user);
-int chain_reply(int type,char *inbuf,char *inbuf2,char *outbuf,char *outbuf2,int size,int bufsize);
-void close_cnum(int cnum,int uid);
-char *smb_errstr(char *inbuf);
-void GetTimeOfDay(struct timeval *tval);
-struct tm *LocalTime(time_t *t,int);
-int TimeDiff(time_t t);
-BOOL set_filetime(char *fname,time_t mtime);
-char *dirname_dos(char *path,char *buf);
-BOOL get_myname(char *myname,struct in_addr *ip);
-void expand_mask(char *Mask, BOOL);
-BOOL sane_unix_date(time_t unixdate);
-time_t start_of_month(void);
-char *smb_fn_name(int cnum);
-void get_machine_info(void);
-int open_socket_in(int type, int port, int dlevel);
-int open_socket_out(int type,struct in_addr *addr, int port );
-struct in_addr *interpret_addr2(char *str);
-BOOL zero_ip(struct in_addr ip);
-int read_max_udp(int fd,char *buffer,int bufsize,int maxtime);
-int interpret_protocol(char *str,int def);
-int interpret_security(char *str,int def);
-int ChDir(char *path);
-int smb_buflen(char *buf);
-unsigned long interpret_addr(char *str);
-void mangle_name_83(char *s);
-BOOL lp_casesignames(void);
-void setup_logging(char *pname,BOOL interactive);
-#ifdef DFS_AUTH
+#ifdef WITH_DFS
 void dfs_unlogin(void);
 extern int dcelogin_atmost_once;
 #endif
-#if AJT
-void ajt_panic(void);
-#endif
+
 #ifdef NOSTRDUP
 char *strdup(char *s);
 #endif
-#ifdef REPLACE_STRLEN
-int Strlen(char *);
-#endif
-#ifdef REPLACE_STRSTR
-char *Strstr(char *s, char *p);
-#endif
-
-#ifndef MIN
-#define MIN(a,b) ((a)<(b)?(a):(b))
-#endif
-#ifndef MAX
-#define MAX(a,b) ((a)>(b)?(a):(b))
-#endif
-
-#ifndef ABS
-#define ABS(a) ((a)>0?(a):(-(a)))
-#endif
 
 #ifndef SIGNAL_CAST
-#define SIGNAL_CAST
+#define SIGNAL_CAST (RETSIGTYPE (*)(int))
 #endif
 
 #ifndef SELECT_CAST
 #define SELECT_CAST
 #endif
 
-
-/* Some POSIX definitions for those without */
- 
-#ifndef S_IFDIR
-#define S_IFDIR         0x4000
-#endif
-#ifndef S_ISDIR
-#define S_ISDIR(mode)   ((mode & 0xF000) == S_IFDIR)
-#endif
-#ifndef S_IRWXU
-#define S_IRWXU 00700           /* read, write, execute: owner */
-#endif
-#ifndef S_IRUSR
-#define S_IRUSR 00400           /* read permission: owner */
-#endif
-#ifndef S_IWUSR
-#define S_IWUSR 00200           /* write permission: owner */
-#endif
-#ifndef S_IXUSR
-#define S_IXUSR 00100           /* execute permission: owner */
-#endif
-#ifndef S_IRWXG
-#define S_IRWXG 00070           /* read, write, execute: group */
-#endif
-#ifndef S_IRGRP
-#define S_IRGRP 00040           /* read permission: group */
-#endif
-#ifndef S_IWGRP
-#define S_IWGRP 00020           /* write permission: group */
-#endif
-#ifndef S_IXGRP
-#define S_IXGRP 00010           /* execute permission: group */
-#endif
-#ifndef S_IRWXO
-#define S_IRWXO 00007           /* read, write, execute: other */
-#endif
-#ifndef S_IROTH
-#define S_IROTH 00004           /* read permission: other */
-#endif
-#ifndef S_IWOTH
-#define S_IWOTH 00002           /* write permission: other */
-#endif
-#ifndef S_IXOTH
-#define S_IXOTH 00001           /* execute permission: other */
-#endif
-
-
 /* these are used in NetServerEnum to choose what to receive */
 #define SV_TYPE_WORKSTATION         0x00000001
 #define SV_TYPE_SERVER              0x00000002
@@ -951,56 +1248,419 @@ char *Strstr(char *s, char *p);
 #define SV_TYPE_DOMAIN_MASTER       0x00080000
 #define SV_TYPE_SERVER_OSF          0x00100000
 #define SV_TYPE_SERVER_VMS          0x00200000
+#define SV_TYPE_WIN95_PLUS          0x00400000
+#define SV_TYPE_DFS_SERVER	    0x00800000
 #define SV_TYPE_ALTERNATE_XPORT     0x20000000  
 #define SV_TYPE_LOCAL_LIST_ONLY     0x40000000  
 #define SV_TYPE_DOMAIN_ENUM         0x80000000
 #define SV_TYPE_ALL                 0xFFFFFFFF  
 
+/* This was set by JHT in liaison with Jeremy Allison early 1997
+ * History:
+ * Version 4.0 - never made public
+ * Version 4.10 - New to 1.9.16p2, lost in space 1.9.16p3 to 1.9.16p9
+ *              - Reappeared in 1.9.16p11 with fixed smbd services
+ * Version 4.20 - To indicate that nmbd and browsing now works better
+ * Version 4.50 - Set at release of samba-2.2.0 by JHT
+ *
+ *  Note: In the presence of NT4.X do not set above 4.9
+ *        Setting this above 4.9 can have undesired side-effects.
+ *        This may change again in Samba-3.0 after further testing. JHT
+ */
+ 
+#define DEFAULT_MAJOR_VERSION 0x04
+#define DEFAULT_MINOR_VERSION 0x05
 
+/* Browser Election Values */
+#define BROWSER_ELECTION_VERSION	0x010f
+#define BROWSER_CONSTANT	0xaa55
+
+/* NT Flags2 bits - cifs6.txt section 3.1.2 */
+   
+#define FLAGS2_LONG_PATH_COMPONENTS   0x0001
+#define FLAGS2_EXTENDED_ATTRIBUTES    0x0002
+#define FLAGS2_IS_LONG_NAME           0x0040
+#define FLAGS2_EXTENDED_SECURITY      0x0800 
+#define FLAGS2_DFS_PATHNAMES          0x1000
+#define FLAGS2_READ_PERMIT_NO_EXECUTE 0x2000
+#define FLAGS2_32_BIT_ERROR_CODES     0x4000 
+#define FLAGS2_UNICODE_STRINGS        0x8000
+
+#define FLAGS2_WIN2K_SIGNATURE        0xC852 /* Hack alert ! For now... JRA. */
+
+/* Capabilities.  see ftp.microsoft.com/developr/drg/cifs/cifs/cifs4.txt */
+
+#define CAP_RAW_MODE         0x0001
+#define CAP_MPX_MODE         0x0002
+#define CAP_UNICODE          0x0004
+#define CAP_LARGE_FILES      0x0008
+#define CAP_NT_SMBS          0x0010
+#define CAP_RPC_REMOTE_APIS  0x0020
+#define CAP_STATUS32         0x0040
+#define CAP_LEVEL_II_OPLOCKS 0x0080
+#define CAP_LOCK_AND_READ    0x0100
+#define CAP_NT_FIND          0x0200
+#define CAP_DFS              0x1000
+#define CAP_W2K_SMBS         0x2000
+#define CAP_LARGE_READX      0x4000
+#define CAP_LARGE_WRITEX     0x8000
+#define CAP_UNIX                0x800000 /* Capabilities for UNIX extensions. Created by HP. */
+#define CAP_EXTENDED_SECURITY 0x80000000
 
 /* protocol types. It assumes that higher protocols include lower protocols
    as subsets */
 enum protocol_types {PROTOCOL_NONE,PROTOCOL_CORE,PROTOCOL_COREPLUS,PROTOCOL_LANMAN1,PROTOCOL_LANMAN2,PROTOCOL_NT1};
 
 /* security levels */
-enum security_types {SEC_SHARE,SEC_USER,SEC_SERVER};
+enum security_types {SEC_SHARE,SEC_USER,SEC_SERVER,SEC_DOMAIN,SEC_ADS};
+
+/* server roles */
+enum server_types
+{
+	ROLE_STANDALONE,
+	ROLE_DOMAIN_MEMBER,
+	ROLE_DOMAIN_BDC,
+	ROLE_DOMAIN_PDC
+};
 
 /* printing types */
-enum printing_types {PRINT_BSD,PRINT_SYSV,PRINT_AIX,PRINT_HPUX,PRINT_QNX};
+enum printing_types {PRINT_BSD,PRINT_SYSV,PRINT_AIX,PRINT_HPUX,
+		     PRINT_QNX,PRINT_PLP,PRINT_LPRNG,PRINT_SOFTQ,
+		     PRINT_CUPS,PRINT_LPRNT,PRINT_LPROS2
+#ifdef DEVELOPER
+,PRINT_TEST,PRINT_VLP
+#endif /* DEVELOPER */
+};
+
+/* LDAP schema types */
+enum schema_types {SCHEMA_COMPAT, SCHEMA_AD, SCHEMA_SAMBA};
 
+/* LDAP SSL options */
+enum ldap_ssl_types {LDAP_SSL_ON, LDAP_SSL_OFF, LDAP_SSL_START_TLS};
+
+/* Remote architectures we know about. */
+enum remote_arch_types {RA_UNKNOWN, RA_WFWG, RA_OS2, RA_WIN95, RA_WINNT, RA_WIN2K, RA_SAMBA};
 
 /* case handling */
 enum case_handling {CASE_LOWER,CASE_UPPER};
 
+#ifdef WITH_SSL
+/* SSL version options */
+enum ssl_version_enum {SMB_SSL_V2,SMB_SSL_V3,SMB_SSL_V23,SMB_SSL_TLS1};
+#endif /* WITH_SSL */
+
+/*
+ * Global value meaing that the smb_uid field should be
+ * ingored (in share level security and protocol level == CORE)
+ */
+
+#define UID_FIELD_INVALID 0
+#define VUID_OFFSET 100 /* Amount to bias returned vuid numbers */
+
+/* Defines needed for multi-codepage support. */
+#define MSDOS_LATIN_1_CODEPAGE 850
+#define KANJI_CODEPAGE 932
+#define HANGUL_CODEPAGE 949
+#define BIG5_CODEPAGE 950
+#define SIMPLIFIED_CHINESE_CODEPAGE 936
+
+#ifdef KANJI
+/* 
+ * Default client code page - Japanese 
+ */
+#define DEFAULT_CLIENT_CODE_PAGE KANJI_CODEPAGE
+#else /* KANJI */
+/* 
+ * Default client code page - 850 - Western European 
+ */
+#define DEFAULT_CLIENT_CODE_PAGE MSDOS_LATIN_1_CODEPAGE
+#endif /* KANJI */
+
+/* Global val set if multibyte codepage. */
+extern int global_is_multibyte_codepage;
+
+#define get_character_len(x) (global_is_multibyte_codepage ? skip_multibyte_char((x)) : 0)
+
+/* 
+ * Size of buffer to use when moving files across filesystems. 
+ */
+#define COPYBUF_SIZE (8*1024)
+
+/* 
+ * Values used to override error codes. 
+ */
+extern int unix_ERR_class;
+extern int unix_ERR_code;
+
+/*
+ * Used in chaining code.
+ */
+extern int chain_size;
+
+/*
+ * Map the Core and Extended Oplock requesst bits down
+ * to common bits (EXCLUSIVE_OPLOCK & BATCH_OPLOCK).
+ */
+
+/*
+ * Core protocol.
+ */
+#define CORE_OPLOCK_REQUEST(inbuf) \
+    ((CVAL(inbuf,smb_flg)&(FLAG_REQUEST_OPLOCK|FLAG_REQUEST_BATCH_OPLOCK))>>5)
+
+/*
+ * Extended protocol.
+ */
+#define EXTENDED_OPLOCK_REQUEST(inbuf) ((SVAL(inbuf,smb_vwv2)&((1<<1)|(1<<2)))>>1)
+
+/* Lock types. */
+#define LOCKING_ANDX_SHARED_LOCK 0x1
+#define LOCKING_ANDX_OPLOCK_RELEASE 0x2
+#define LOCKING_ANDX_CHANGE_LOCKTYPE 0x4
+#define LOCKING_ANDX_CANCEL_LOCK 0x8
+#define LOCKING_ANDX_LARGE_FILES 0x10
+
+/* Oplock levels */
+#define OPLOCKLEVEL_NONE 0
+#define OPLOCKLEVEL_II 1
+
+/*
+ * Bits we test with.
+ */
+
+#define NO_OPLOCK 0
+#define EXCLUSIVE_OPLOCK 1
+#define BATCH_OPLOCK 2
+#define LEVEL_II_OPLOCK 4
+
+#define EXCLUSIVE_OPLOCK_TYPE(lck) ((lck) & (EXCLUSIVE_OPLOCK|BATCH_OPLOCK))
+#define BATCH_OPLOCK_TYPE(lck) ((lck) & BATCH_OPLOCK)
+#define LEVEL_II_OPLOCK_TYPE(lck) ((lck) & LEVEL_II_OPLOCK)
+
+#define CORE_OPLOCK_GRANTED (1<<5)
+#define EXTENDED_OPLOCK_GRANTED (1<<15)
+
+/*
+ * Return values for oplock types.
+ */
+
+#define NO_OPLOCK_RETURN 0
+#define EXCLUSIVE_OPLOCK_RETURN 1
+#define BATCH_OPLOCK_RETURN 2
+#define LEVEL_II_OPLOCK_RETURN 3
+
+/*
+ * Loopback command offsets.
+ */
+
+#define OPBRK_CMD_LEN_OFFSET 0
+#define OPBRK_CMD_PORT_OFFSET 4
+#define OPBRK_CMD_HEADER_LEN 6
+
+#define OPBRK_MESSAGE_CMD_OFFSET 0
+
+/*
+ * Oplock break command code to send over the udp socket.
+ * The same message is sent for both exlusive and level II breaks. 
+ * 
+ * The form of this is :
+ *
+ *  0     2       2+pid   2+pid+dev 2+pid+dev+ino
+ *  +----+--------+-------+--------+---------+
+ *  | cmd| pid    | dev   |  inode | fileid  |
+ *  +----+--------+-------+--------+---------+
+ */
+
+#define OPLOCK_BREAK_CMD 0x1
+#define OPLOCK_BREAK_PID_OFFSET 2
+#define OPLOCK_BREAK_DEV_OFFSET (OPLOCK_BREAK_PID_OFFSET + sizeof(pid_t))
+#define OPLOCK_BREAK_INODE_OFFSET (OPLOCK_BREAK_DEV_OFFSET + sizeof(SMB_DEV_T))
+#define OPLOCK_BREAK_FILEID_OFFSET (OPLOCK_BREAK_INODE_OFFSET + sizeof(SMB_INO_T))
+#define OPLOCK_BREAK_MSG_LEN (OPLOCK_BREAK_FILEID_OFFSET + sizeof(unsigned long))
+
+#define KERNEL_OPLOCK_BREAK_CMD 0x2
+#define LEVEL_II_OPLOCK_BREAK_CMD 0x3
+
+/*
+ * Capabilities abstracted for different systems.
+ */
+
+#define KERNEL_OPLOCK_CAPABILITY 0x1
+
+/*
+ * Oplock break command code sent via the kernel interface (if it exists).
+ *
+ * Form of this is :
+ *
+ *  0     2       2+devsize 2+devsize+inodesize
+ *  +----+--------+--------+----------+
+ *  | cmd| dev    |  inode |  fileid  |
+ *  +----+--------+--------+----------+
+ */
+#define KERNEL_OPLOCK_BREAK_DEV_OFFSET 2
+#define KERNEL_OPLOCK_BREAK_INODE_OFFSET (KERNEL_OPLOCK_BREAK_DEV_OFFSET + sizeof(SMB_DEV_T))
+#define KERNEL_OPLOCK_BREAK_FILEID_OFFSET (KERNEL_OPLOCK_BREAK_INODE_OFFSET + sizeof(SMB_INO_T))
+#define KERNEL_OPLOCK_BREAK_MSG_LEN (KERNEL_OPLOCK_BREAK_FILEID_OFFSET + sizeof(unsigned long))
+
+
+/* if a kernel does support oplocks then a structure of the following
+   typee is used to describe how to interact with the kernel */
+struct kernel_oplocks {
+	BOOL (*receive_message)(fd_set *fds, char *buffer, int buffer_len);
+	BOOL (*set_oplock)(files_struct *fsp, int oplock_type);
+	void (*release_oplock)(files_struct *fsp);
+	BOOL (*parse_message)(char *msg_start, int msg_len, SMB_INO_T *inode, SMB_DEV_T *dev, unsigned long *file_id);
+	BOOL (*msg_waiting)(fd_set *fds);
+	int notification_fd;
+};
+
+
+#define CMD_REPLY 0x8000
+
+/* this structure defines the functions for doing change notify in
+   various implementations */
+struct cnotify_fns {
+	void * (*register_notify)(connection_struct *conn, char *path, uint32 flags);
+	BOOL (*check_notify)(connection_struct *conn, uint16 vuid, char *path, uint32 flags, void *data, time_t t);
+	void (*remove_notify)(void *data);
+	int select_time;
+};
+
+
+
+#include "smb_macros.h"
+
+/* A netbios name structure. */
+struct nmb_name {
+  char         name[17];
+  char         scope[64];
+  unsigned int name_type;
+};
+
 
-/* Macros to get at offsets within smb_lkrng and smb_unlkrng
-   structures. We cannot define these as actual structures
-   due to possible differences in structure packing
-   on different machines/compilers. */
+/* A netbios node status array element. */
+struct node_status {
+	char name[16];
+	unsigned char type;
+	unsigned char flags;
+};
+
+struct pwd_info
+{
+	BOOL null_pwd;
+	BOOL cleartext;
+	BOOL crypted;
+
+	fstring password;
+
+	uchar smb_lm_pwd[16];
+	uchar smb_nt_pwd[16];
+
+	uchar smb_lm_owf[24];
+	uchar smb_nt_owf[128];
+	size_t nt_owf_len;
+
+	uchar lm_cli_chal[8];
+	uchar nt_cli_chal[128];
+	size_t nt_cli_chal_len;
+
+	uchar sess_key[16];
+};
+
+#include "rpc_creds.h"
+#include "rpc_misc.h"
+#include "rpc_secdes.h"
+#include "nt_printing.h"
+
+typedef struct user_struct
+{
+	struct user_struct *next, *prev;
+	uint16 vuid; /* Tag for this entry. */
+	uid_t uid; /* uid of a validated user */
+	gid_t gid; /* gid of a validated user */
+
+	userdom_struct user;
+	char *homedir;
+	
+	BOOL guest;
+
+	/* following groups stuff added by ih */
+	/* This groups info is needed for when we become_user() for this uid */
+	int n_groups;
+	gid_t *groups;
+
+	NT_USER_TOKEN *nt_user_token;
+
+	uint8 session_key[16];
+
+	int session_id; /* used by utmp and pam session code */
+} user_struct;
+
+
+struct unix_error_map {
+	int unix_error;
+	int dos_class;
+	int dos_code;
+	NTSTATUS nt_error;
+};
+
+#include "ntdomain.h"
+
+#include "client.h"
+
+/*
+ * Size of new password account encoding string.  This is enough space to
+ * hold 11 ACB characters, plus the surrounding [] and a terminating null.
+ * Do not change unless you are adding new ACB bits!
+ */
+
+#define NEW_PW_FORMAT_SPACE_PADDED_LEN 14
+
+/*
+   Do you want session setups at user level security with a invalid
+   password to be rejected or allowed in as guest? WinNT rejects them
+   but it can be a pain as it means "net view" needs to use a password
+
+   You have 3 choices in the setting of map_to_guest:
+
+   "NEVER_MAP_TO_GUEST" means session setups with an invalid password
+   are rejected. This is the default.
+
+   "MAP_TO_GUEST_ON_BAD_USER" means session setups with an invalid password
+   are rejected, unless the username does not exist, in which case it
+   is treated as a guest login
+
+   "MAP_TO_GUEST_ON_BAD_PASSWORD" means session setups with an invalid password
+   are treated as a guest login
+
+   Note that map_to_guest only has an effect in user or server
+   level security.
+*/
 
-#define SMB_LPID_OFFSET(indx) (10 * (indx))
-#define SMB_LKOFF_OFFSET(indx) ( 2 + (10 * (indx)))
-#define SMB_LKLEN_OFFSET(indx) ( 6 + (10 * (indx)))
+#define NEVER_MAP_TO_GUEST 0
+#define MAP_TO_GUEST_ON_BAD_USER 1
+#define MAP_TO_GUEST_ON_BAD_PASSWORD 2
 
-/* Macro to cache an error in a write_bmpx_struct */
-#define CACHE_ERROR(w,c,e) ((w)->wr_errclass = (c), (w)->wr_error = (e), \
-			    w->wr_discard = True, -1)
-/* Macro to test if an error has been cached for this fnum */
-#define HAS_CACHED_ERROR(fnum) (Files[(fnum)].open && \
-				Files[(fnum)].wbmpx_ptr && \
-				Files[(fnum)].wbmpx_ptr->wr_discard)
-/* Macro to turn the cached error into an error packet */
-#define CACHED_ERROR(fnum) cached_error_packet(inbuf,outbuf,fnum,__LINE__)
+#define SAFE_NETBIOS_CHARS ". -_"
 
-/* these are the datagram types */
-#define DGRAM_DIRECT_UNIQUE 0x10
+#include "nsswitch/winbindd_nss.h"
 
-#define ERROR(class,x) error_packet(inbuf,outbuf,class,x,__LINE__)
+/* generic iconv conversion structure */
+typedef struct {
+	size_t (*direct)(void *cd, char **inbuf, size_t *inbytesleft,
+			 char **outbuf, size_t *outbytesleft);
+	size_t (*pull)(void *cd, char **inbuf, size_t *inbytesleft,
+		       char **outbuf, size_t *outbytesleft);
+	size_t (*push)(void *cd, char **inbuf, size_t *inbytesleft,
+		       char **outbuf, size_t *outbytesleft);
+	void *cd_direct, *cd_pull, *cd_push;
+	char *from_name, *to_name;
+} *smb_iconv_t;
 
-/* this is how errors are generated */
-#define UNIXERROR(defclass,deferror) unix_error_packet(inbuf,outbuf,defclass,deferror,__LINE__)
+/* The maximum length of a trust account password.
+   Used when we randomly create it, 15 char passwords
+   exceed NT4's max password length */
 
-#define ROUNDUP(x,g) (((x)+((g)-1))&~((g)-1))
+#define DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH 14
 
-#endif 
-/* _SMB_H */
+#endif /* _SMB_H */
diff --git a/source3/include/smb_acls.h b/source3/include/smb_acls.h
new file mode 100644
index 0000000000..3ed670d38b
--- /dev/null
+++ b/source3/include/smb_acls.h
@@ -0,0 +1,278 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Portable SMB ACL interface
+   Copyright (C) Jeremy Allison 2000
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _SMB_ACLS_H
+#define _SMB_ACLS_H
+
+#include "includes.h"
+
+#if defined(HAVE_POSIX_ACLS)
+
+/* This is an identity mapping (just remove the SMB_). */
+
+#define SMB_ACL_TAG_T               acl_tag_t
+#define SMB_ACL_TYPE_T				acl_type_t
+#define SMB_ACL_PERMSET_T           acl_permset_t
+#define SMB_ACL_PERM_T				acl_perm_t
+#define SMB_ACL_READ                ACL_READ
+#define SMB_ACL_WRITE               ACL_WRITE
+#define SMB_ACL_EXECUTE             ACL_EXECUTE
+
+/* Types of ACLs. */
+#define SMB_ACL_USER                ACL_USER
+#define SMB_ACL_USER_OBJ            ACL_USER_OBJ
+#define SMB_ACL_GROUP               ACL_GROUP
+#define SMB_ACL_GROUP_OBJ           ACL_GROUP_OBJ
+#define SMB_ACL_OTHER               ACL_OTHER
+#define SMB_ACL_MASK                ACL_MASK
+
+#define SMB_ACL_T 					acl_t
+
+#define SMB_ACL_ENTRY_T				acl_entry_t
+
+#define SMB_ACL_FIRST_ENTRY         ACL_FIRST_ENTRY
+#define SMB_ACL_NEXT_ENTRY          ACL_NEXT_ENTRY
+
+#define SMB_ACL_TYPE_ACCESS         ACL_TYPE_ACCESS
+#define SMB_ACL_TYPE_DEFAULT        ACL_TYPE_DEFAULT
+
+#elif defined(HAVE_TRU64_ACLS)
+
+/* This is for DEC/Compaq Tru64 UNIX */
+
+#define SMB_ACL_TAG_T               acl_tag_t
+#define SMB_ACL_TYPE_T				acl_type_t
+#define SMB_ACL_PERMSET_T           acl_permset_t
+#define SMB_ACL_PERM_T				acl_perm_t
+#define SMB_ACL_READ                ACL_READ
+#define SMB_ACL_WRITE               ACL_WRITE
+#define SMB_ACL_EXECUTE             ACL_EXECUTE
+
+/* Types of ACLs. */
+#define SMB_ACL_USER                ACL_USER
+#define SMB_ACL_USER_OBJ            ACL_USER_OBJ
+#define SMB_ACL_GROUP               ACL_GROUP
+#define SMB_ACL_GROUP_OBJ           ACL_GROUP_OBJ
+#define SMB_ACL_OTHER               ACL_OTHER
+#define SMB_ACL_MASK                ACL_MASK
+
+#define SMB_ACL_T 					acl_t
+
+#define SMB_ACL_ENTRY_T				acl_entry_t
+
+#define SMB_ACL_FIRST_ENTRY         0
+#define SMB_ACL_NEXT_ENTRY          1
+
+#define SMB_ACL_TYPE_ACCESS         ACL_TYPE_ACCESS
+#define SMB_ACL_TYPE_DEFAULT        ACL_TYPE_DEFAULT
+
+#elif defined(HAVE_UNIXWARE_ACLS) || defined(HAVE_SOLARIS_ACLS)
+/*
+ * Donated by Michael Davidson <md@sco.COM> for UnixWare / OpenUNIX.
+ * Modified by Toomas Soome <tsoome@ut.ee> for Solaris.
+ */
+
+/* SVR4.2 ES/MP ACLs */
+typedef int			SMB_ACL_TAG_T;
+typedef int			SMB_ACL_TYPE_T;
+typedef ushort		*SMB_ACL_PERMSET_T;
+typedef ushort		SMB_ACL_PERM_T;
+#define SMB_ACL_READ 				4
+#define SMB_ACL_WRITE 				2
+#define SMB_ACL_EXECUTE				1
+
+/* Types of ACLs. */
+#define SMB_ACL_USER				USER
+#define SMB_ACL_USER_OBJ			USER_OBJ
+#define SMB_ACL_GROUP				GROUP
+#define SMB_ACL_GROUP_OBJ			GROUP_OBJ
+#define SMB_ACL_OTHER				OTHER_OBJ
+#define SMB_ACL_MASK				CLASS_OBJ
+
+typedef struct SMB_ACL_T {
+	int	size;
+	int	count;
+	int	next;
+	struct acl	acl[1];
+} *SMB_ACL_T;
+
+typedef struct acl					*SMB_ACL_ENTRY_T;
+
+#define SMB_ACL_FIRST_ENTRY			0
+#define SMB_ACL_NEXT_ENTRY			1
+
+#define SMB_ACL_TYPE_ACCESS			0
+#define SMB_ACL_TYPE_DEFAULT		1
+
+#elif defined(HAVE_HPUX_ACLS)
+
+/*
+ * Based on the Solaris & UnixWare code.
+ */
+
+#undef GROUP
+#include <sys/aclv.h>
+
+/* SVR4.2 ES/MP ACLs */
+typedef int			SMB_ACL_TAG_T;
+typedef int			SMB_ACL_TYPE_T;
+typedef ushort		*SMB_ACL_PERMSET_T;
+typedef ushort		SMB_ACL_PERM_T;
+#define SMB_ACL_READ 				4
+#define SMB_ACL_WRITE 				2
+#define SMB_ACL_EXECUTE				1
+
+/* Types of ACLs. */
+#define SMB_ACL_USER				USER
+#define SMB_ACL_USER_OBJ			USER_OBJ
+#define SMB_ACL_GROUP				GROUP
+#define SMB_ACL_GROUP_OBJ			GROUP_OBJ
+#define SMB_ACL_OTHER				OTHER_OBJ
+#define SMB_ACL_MASK				CLASS_OBJ
+
+typedef struct SMB_ACL_T {
+	int	size;
+	int	count;
+	int	next;
+	struct acl	acl[1];
+} *SMB_ACL_T;
+
+typedef struct acl					*SMB_ACL_ENTRY_T;
+
+#define SMB_ACL_FIRST_ENTRY			0
+#define SMB_ACL_NEXT_ENTRY			1
+
+#define SMB_ACL_TYPE_ACCESS			0
+#define SMB_ACL_TYPE_DEFAULT		1
+
+#elif defined(HAVE_IRIX_ACLS)
+
+#define SMB_ACL_TAG_T               acl_tag_t
+#define SMB_ACL_TYPE_T		    acl_type_t
+#define SMB_ACL_PERMSET_T           acl_permset_t
+#define SMB_ACL_PERM_T		    acl_perm_t
+#define SMB_ACL_READ                ACL_READ
+#define SMB_ACL_WRITE               ACL_WRITE
+#define SMB_ACL_EXECUTE             ACL_EXECUTE
+
+/* Types of ACLs. */
+#define SMB_ACL_USER                ACL_USER
+#define SMB_ACL_USER_OBJ            ACL_USER_OBJ
+#define SMB_ACL_GROUP               ACL_GROUP
+#define SMB_ACL_GROUP_OBJ           ACL_GROUP_OBJ
+#define SMB_ACL_OTHER               ACL_OTHER_OBJ
+#define SMB_ACL_MASK                ACL_MASK
+
+typedef struct SMB_ACL_T {
+   int next;
+   BOOL freeaclp;
+   struct acl  *aclp;
+} *SMB_ACL_T;
+
+#define SMB_ACL_ENTRY_T		    acl_entry_t
+
+#define SMB_ACL_FIRST_ENTRY         0
+#define SMB_ACL_NEXT_ENTRY          1
+
+#define SMB_ACL_TYPE_ACCESS         ACL_TYPE_ACCESS
+#define SMB_ACL_TYPE_DEFAULT        ACL_TYPE_DEFAULT
+
+#elif defined(HAVE_AIX_ACLS)
+
+/* Donated by Medha Date, mdate@austin.ibm.com, for IBM */
+
+#include "/usr/include/acl.h"
+
+typedef uint                        *SMB_ACL_PERMSET_T;
+ 
+struct acl_entry_link{
+	struct acl_entry_link *prevp;
+	struct new_acl_entry *entryp;
+	struct acl_entry_link *nextp;
+	int count;
+};
+
+struct new_acl_entry{
+	unsigned short  ace_len;
+	unsigned short  ace_type;
+	unsigned int    ace_access;
+	struct ace_id ace_id[1];
+};
+
+#define SMB_ACL_ENTRY_T             struct new_acl_entry*
+#define SMB_ACL_T                   struct acl_entry_link*
+ 
+#define SMB_ACL_TAG_T               unsigned short
+#define SMB_ACL_TYPE_T              int
+#define SMB_ACL_PERM_T              uint
+#define SMB_ACL_READ                S_IRUSR
+#define SMB_ACL_WRITE               S_IWUSR
+#define SMB_ACL_EXECUTE             S_IXUSR
+
+/* Types of ACLs. */
+#define SMB_ACL_USER                ACEID_USER
+#define SMB_ACL_USER_OBJ            3
+#define SMB_ACL_GROUP               ACEID_GROUP
+#define SMB_ACL_GROUP_OBJ           4
+#define SMB_ACL_OTHER               5
+#define SMB_ACL_MASK                6
+
+
+#define SMB_ACL_FIRST_ENTRY         1
+#define SMB_ACL_NEXT_ENTRY          2
+
+#define SMB_ACL_TYPE_ACCESS         0
+#define SMB_ACL_TYPE_DEFAULT        1
+
+#else /* No ACLs. */
+
+/* No ACLS - fake it. */
+#define SMB_ACL_TAG_T 				int
+#define SMB_ACL_TYPE_T              int
+#define SMB_ACL_PERMSET_T 			mode_t
+#define SMB_ACL_PERM_T				mode_t
+#define SMB_ACL_READ 				S_IRUSR
+#define SMB_ACL_WRITE 				S_IWUSR
+#define SMB_ACL_EXECUTE				S_IXUSR
+
+/* Types of ACLs. */
+#define SMB_ACL_USER				0
+#define SMB_ACL_USER_OBJ			1
+#define SMB_ACL_GROUP				2
+#define SMB_ACL_GROUP_OBJ			3
+#define SMB_ACL_OTHER				4
+#define SMB_ACL_MASK				5
+
+typedef struct SMB_ACL_T {
+	int dummy;
+} *SMB_ACL_T;
+
+typedef struct SMB_ACL_ENTRY_T {
+	int dummy;
+} *SMB_ACL_ENTRY_T;
+
+#define SMB_ACL_FIRST_ENTRY			0
+#define SMB_ACL_NEXT_ENTRY			1
+
+#define SMB_ACL_TYPE_ACCESS			0
+#define SMB_ACL_TYPE_DEFAULT		1
+
+#endif /* No ACLs. */
+#endif /* _SMB_ACLS_H */
diff --git a/source3/include/smb_macros.h b/source3/include/smb_macros.h
new file mode 100644
index 0000000000..c19be784a1
--- /dev/null
+++ b/source3/include/smb_macros.h
@@ -0,0 +1,289 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB parameters and setup
+   Copyright (C) Andrew Tridgell 1992-1999
+   Copyright (C) John H Terpstra 1996-1999
+   Copyright (C) Luke Kenneth Casson Leighton 1996-1999
+   Copyright (C) Paul Ashton 1998 - 1999
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _SMB_MACROS_H
+#define _SMB_MACROS_H
+
+/* Misc bit macros */
+#define BOOLSTR(b) ((b) ? "Yes" : "No")
+#define BITSETB(ptr,bit) ((((char *)ptr)[0] & (1<<(bit)))!=0)
+#define BITSETW(ptr,bit) ((SVAL(ptr,0) & (1<<(bit)))!=0)
+
+/* for readability... */
+#define IS_DOS_READONLY(test_mode) (((test_mode) & aRONLY) != 0)
+#define IS_DOS_DIR(test_mode)      (((test_mode) & aDIR) != 0)
+#define IS_DOS_ARCHIVE(test_mode)  (((test_mode) & aARCH) != 0)
+#define IS_DOS_SYSTEM(test_mode)   (((test_mode) & aSYSTEM) != 0)
+#define IS_DOS_HIDDEN(test_mode)   (((test_mode) & aHIDDEN) != 0)
+
+#ifndef SAFE_FREE /* Oh no this is also defined in tdb.h */
+
+/**
+ * Free memory if the pointer and zero the pointer.
+ *
+ * @note You are explicitly allowed to pass NULL pointers -- they will
+ * always be ignored.
+ **/
+#define SAFE_FREE(x) do { if ((x) != NULL) {free(x); x=NULL;} } while(0)
+#endif
+
+/* zero a structure */
+#define ZERO_STRUCT(x) memset((char *)&(x), 0, sizeof(x))
+
+/* zero a structure given a pointer to the structure */
+#define ZERO_STRUCTP(x) do { if ((x) != NULL) memset((char *)(x), 0, sizeof(*(x))); } while(0)
+
+/* zero a structure given a pointer to the structure - no zero check */
+#define ZERO_STRUCTPN(x) memset((char *)(x), 0, sizeof(*(x)))
+
+/* zero an array - note that sizeof(array) must work - ie. it must not be a 
+   pointer */
+#define ZERO_ARRAY(x) memset((char *)(x), 0, sizeof(x))
+
+/* pointer difference macro */
+#define PTR_DIFF(p1,p2) ((ptrdiff_t)(((const char *)(p1)) - (const char *)(p2)))
+
+/* work out how many elements there are in a static array */
+#define ARRAY_SIZE(a) (sizeof(a)/sizeof(a[0]))
+
+/* assert macros */
+#define SMB_ASSERT(b) ((b)?(void)0: \
+        (DEBUG(0,("PANIC: assert failed at %s(%d)\n", \
+		 __FILE__, __LINE__)), smb_panic("assert failed")))
+#define SMB_ASSERT_ARRAY(a,n) SMB_ASSERT((sizeof(a)/sizeof((a)[0])) >= (n))
+
+/* these are useful macros for checking validity of handles */
+#define OPEN_FSP(fsp)    ((fsp) && !(fsp)->is_directory)
+#define OPEN_CONN(conn)    ((conn) && (conn)->open)
+#define IS_IPC(conn)       ((conn) && (conn)->ipc)
+#define IS_PRINT(conn)       ((conn) && (conn)->printer)
+#define FNUM_OK(fsp,c) (OPEN_FSP(fsp) && (c)==(fsp)->conn)
+
+#define CHECK_FSP(fsp,conn) if (!FNUM_OK(fsp,conn)) \
+                               return(ERROR_DOS(ERRDOS,ERRbadfid)); \
+                            else if((fsp)->fd == -1) \
+                               return(ERROR_DOS(ERRDOS,ERRbadaccess))
+
+#define CHECK_READ(fsp) if (!(fsp)->can_read) \
+                               return(ERROR_DOS(ERRDOS,ERRbadaccess))
+#define CHECK_WRITE(fsp) if (!(fsp)->can_write) \
+                               return(ERROR_DOS(ERRDOS,ERRbadaccess))
+
+#define CHECK_ERROR(fsp) if (HAS_CACHED_ERROR(fsp)) \
+								return(CACHED_ERROR(fsp))
+
+/* translates a connection number into a service number */
+#define SNUM(conn)         ((conn)?(conn)->service:-1)
+
+/* access various service details */
+#define SERVICE(snum)      (lp_servicename(snum))
+#define PRINTCAP           (lp_printcapname())
+#define PRINTCOMMAND(snum) (lp_printcommand(snum))
+#define PRINTERNAME(snum)  (lp_printername(snum))
+#define CAN_WRITE(conn)    (!conn->read_only)
+#define VALID_SNUM(snum)   (lp_snum_ok(snum))
+#define GUEST_OK(snum)     (VALID_SNUM(snum) && lp_guest_ok(snum))
+#define GUEST_ONLY(snum)   (VALID_SNUM(snum) && lp_guest_only(snum))
+#define CAN_SETDIR(snum)   (!lp_no_set_dir(snum))
+#define CAN_PRINT(conn)    ((conn) && lp_print_ok((conn)->service))
+#define MAP_HIDDEN(conn)   ((conn) && lp_map_hidden((conn)->service))
+#define MAP_SYSTEM(conn)   ((conn) && lp_map_system((conn)->service))
+#define MAP_ARCHIVE(conn)   ((conn) && lp_map_archive((conn)->service))
+#define IS_HIDDEN_PATH(conn,path)  ((conn) && is_in_path((path),(conn)->hide_list))
+#define IS_VETO_PATH(conn,path)  ((conn) && is_in_path((path),(conn)->veto_list))
+#define IS_VETO_OPLOCK_PATH(conn,path)  ((conn) && is_in_path((path),(conn)->veto_oplock_list))
+
+/* 
+ * Used by the stat cache code to check if a returned
+ * stat structure is valid.
+ */
+
+#define VALID_STAT(st) ((st).st_nlink != 0)  
+#define VALID_STAT_OF_DIR(st) (VALID_STAT(st) && S_ISDIR((st).st_mode))
+
+#ifndef MIN
+#define MIN(a,b) ((a)<(b)?(a):(b))
+#endif
+#ifndef MAX
+#define MAX(a,b) ((a)>(b)?(a):(b))
+#endif
+
+#ifndef ABS
+#define ABS(a) ((a)>0?(a):(-(a)))
+#endif
+
+/* Macros to get at offsets within smb_lkrng and smb_unlkrng
+   structures. We cannot define these as actual structures
+   due to possible differences in structure packing
+   on different machines/compilers. */
+
+#define SMB_LPID_OFFSET(indx) (10 * (indx))
+#define SMB_LKOFF_OFFSET(indx) ( 2 + (10 * (indx)))
+#define SMB_LKLEN_OFFSET(indx) ( 6 + (10 * (indx)))
+#define SMB_LARGE_LPID_OFFSET(indx) (20 * (indx))
+#define SMB_LARGE_LKOFF_OFFSET_HIGH(indx) (4 + (20 * (indx)))
+#define SMB_LARGE_LKOFF_OFFSET_LOW(indx) (8 + (20 * (indx)))
+#define SMB_LARGE_LKLEN_OFFSET_HIGH(indx) (12 + (20 * (indx)))
+#define SMB_LARGE_LKLEN_OFFSET_LOW(indx) (16 + (20 * (indx)))
+
+/* Macro to cache an error in a write_bmpx_struct */
+#define CACHE_ERROR(w,c,e) ((w)->wr_errclass = (c), (w)->wr_error = (e), \
+                w->wr_discard = True, -1)
+/* Macro to test if an error has been cached for this fnum */
+#define HAS_CACHED_ERROR(fsp) ((fsp)->wbmpx_ptr && \
+                (fsp)->wbmpx_ptr->wr_discard)
+/* Macro to turn the cached error into an error packet */
+#define CACHED_ERROR(fsp) cached_error_packet(outbuf,fsp,__LINE__,__FILE__)
+
+/* these are the datagram types */
+#define DGRAM_DIRECT_UNIQUE 0x10
+
+#define ERROR_DOS(class,code) error_packet(outbuf,NT_STATUS_OK,class,code,__LINE__,__FILE__)
+#define ERROR_NT(status) error_packet(outbuf,status,0,0,__LINE__,__FILE__)
+#define ERROR_BOTH(status,class,code) error_packet(outbuf,status,class,code,__LINE__,__FILE__)
+
+/* this is how errors are generated */
+#define UNIXERROR(defclass,deferror) unix_error_packet(outbuf,defclass,deferror,__LINE__,__FILE__)
+
+#define SMB_ROUNDUP(x,g) (((x)+((g)-1))&~((g)-1))
+#define SMB_ROUNDUP_ALLOCATION(s) ((s) ? (SMB_ROUNDUP((SMB_OFF_T)((s)+1), ((SMB_OFF_T)SMB_ROUNDUP_ALLOCATION_SIZE))) : 0 )
+
+/* Extra macros added by Ying Chen at IBM - speed increase by inlining. */
+#define smb_buf(buf) (buf + smb_size + CVAL(buf,smb_wct)*2)
+#define smb_buflen(buf) (SVAL(buf,smb_vwv0 + (int)CVAL(buf, smb_wct)*2))
+
+/* Note that chain_size must be available as an extern int to this macro. */
+#define smb_offset(p,buf) (PTR_DIFF(p,buf+4) + chain_size)
+
+#define smb_len(buf) (PVAL(buf,3)|(PVAL(buf,2)<<8)|((PVAL(buf,1)&1)<<16))
+#define _smb_setlen(buf,len) buf[0] = 0; buf[1] = (len&0x10000)>>16; \
+        buf[2] = (len&0xFF00)>>8; buf[3] = len&0xFF;
+
+/*******************************************************************
+find the difference in milliseconds between two struct timeval
+values
+********************************************************************/
+
+#define TvalDiff(tvalold,tvalnew) \
+  (((tvalnew)->tv_sec - (tvalold)->tv_sec)*1000 +  \
+	 ((int)(tvalnew)->tv_usec - (int)(tvalold)->tv_usec)/1000)
+
+/****************************************************************************
+true if two IP addresses are equal
+****************************************************************************/
+
+#define ip_equal(ip1,ip2) ((ip1).s_addr == (ip2).s_addr)
+
+/*****************************************************************
+ splits out the last subkey of a key
+ *****************************************************************/  
+
+#define reg_get_subkey(full_keyname, key_name, subkey_name) \
+	split_at_last_component(full_keyname, key_name, '\\', subkey_name)
+
+/****************************************************************************
+ Used by dptr_zero.
+****************************************************************************/
+
+#define DPTR_MASK ((uint32)(((uint32)1)<<31))
+
+/****************************************************************************
+ Return True if the offset is at zero.
+****************************************************************************/
+
+#define dptr_zero(buf) ((IVAL(buf,1)&~DPTR_MASK) == 0)
+
+/*******************************************************************
+copy an IP address from one buffer to another
+********************************************************************/
+
+#define putip(dest,src) memcpy(dest,src,4)
+
+/*******************************************************************
+ Return True if a server has CIFS UNIX capabilities.
+********************************************************************/
+
+#define SERVER_HAS_UNIX_CIFS(c) ((c)->capabilities & CAP_UNIX)
+
+/****************************************************************************
+ Make a filename into unix format.
+****************************************************************************/
+
+#define unix_format(fname) string_replace(fname,'\\','/')
+#define unix_format_w(fname) string_replace_w(fname, UCS2_CHAR('\\'), UCS2_CHAR('/'))
+
+/****************************************************************************
+ Make a file into DOS format.
+****************************************************************************/
+
+#define dos_format(fname) string_replace(fname,'/','\\')
+
+/*******************************************************************
+ vfs stat wrapper that calls internal2unix.
+********************************************************************/
+
+#define vfs_stat(conn, fname, st) ((conn)->vfs_ops.stat((conn), fname,(st)))
+
+/*******************************************************************
+ vfs lstat wrapper that calls internal2unix.
+********************************************************************/
+
+#define vfs_lstat(conn, fname, st) ((conn)->vfs_ops.lstat((conn), fname,(st)))
+
+/*******************************************************************
+ vfs fstat wrapper
+********************************************************************/
+
+#define vfs_fstat(fsp, fd, st) ((fsp)->conn->vfs_ops.fstat((fsp),(fd),(st)))
+
+/*******************************************************************
+ vfs rmdir wrapper that calls internal2unix.
+********************************************************************/
+
+#define vfs_rmdir(conn,fname) ((conn)->vfs_ops.rmdir((conn),fname))
+
+/*******************************************************************
+ vfs Unlink wrapper that calls internal2unix.
+********************************************************************/
+
+#define vfs_unlink(conn, fname) ((conn)->vfs_ops.unlink((conn),fname))
+
+/*******************************************************************
+ vfs chmod wrapper that calls internal2unix.
+********************************************************************/
+
+#define vfs_chmod(conn,fname,mode) ((conn)->vfs_ops.chmod((conn),fname,(mode)))
+
+/*******************************************************************
+ vfs chown wrapper that calls internal2unix.
+********************************************************************/
+
+#define vfs_chown(conn,fname,uid,gid) ((conn)->vfs_ops.chown((conn),fname,(uid),(gid)))
+
+/*******************************************************************
+ A wrapper for vfs_chdir().
+********************************************************************/
+
+#define vfs_chdir(conn,fname) ((conn)->vfs_ops.chdir((conn),fname))
+
+#endif /* _SMB_MACROS_H */
diff --git a/source3/include/smbprofile.h b/source3/include/smbprofile.h
new file mode 100644
index 0000000000..82017cee85
--- /dev/null
+++ b/source3/include/smbprofile.h
@@ -0,0 +1,466 @@
+#ifndef _PROFILE_H_
+#define _PROFILE_H_
+/* 
+   Unix SMB/CIFS implementation.
+   store smbd profiling information in shared memory
+   Copyright (C) Andrew Tridgell 1999
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+*/
+
+/*
+ * Reasons for cache flush.
+ */
+
+#define NUM_FLUSH_REASONS 8 /* Keep this in sync with the enum below. */
+enum flush_reason_enum { SEEK_FLUSH, READ_FLUSH, WRITE_FLUSH, READRAW_FLUSH,
+			OPLOCK_RELEASE_FLUSH, CLOSE_FLUSH, SYNC_FLUSH, SIZECHANGE_FLUSH };
+
+/* this file defines the profile structure in the profile shared
+   memory area */
+
+#define PROF_SHMEM_KEY ((key_t)0x07021999)
+#define PROF_SHM_MAGIC 0x6349985
+#define PROF_SHM_VERSION 6
+
+/* time values in the following structure are in microseconds */
+
+struct profile_stats {
+/* general counters */
+	unsigned smb_count; /* how many SMB packets we have processed */
+	unsigned uid_changes; /* how many times we change our effective uid */
+/* system call counters */
+	unsigned syscall_opendir_count;
+	unsigned syscall_opendir_time;
+	unsigned syscall_readdir_count;
+	unsigned syscall_readdir_time;
+	unsigned syscall_mkdir_count;
+	unsigned syscall_mkdir_time;
+	unsigned syscall_rmdir_count;
+	unsigned syscall_rmdir_time;
+	unsigned syscall_closedir_count;
+	unsigned syscall_closedir_time;
+	unsigned syscall_open_count;
+	unsigned syscall_open_time;
+	unsigned syscall_close_count;
+	unsigned syscall_close_time;
+	unsigned syscall_read_count;
+	unsigned syscall_read_time;
+	unsigned syscall_read_bytes;	/* bytes read with read syscall */
+	unsigned syscall_write_count;
+	unsigned syscall_write_time;
+	unsigned syscall_write_bytes;	/* bytes written with write syscall */
+	unsigned syscall_lseek_count;
+	unsigned syscall_lseek_time;
+	unsigned syscall_rename_count;
+	unsigned syscall_rename_time;
+	unsigned syscall_fsync_count;
+	unsigned syscall_fsync_time;
+	unsigned syscall_stat_count;
+	unsigned syscall_stat_time;
+	unsigned syscall_fstat_count;
+	unsigned syscall_fstat_time;
+	unsigned syscall_lstat_count;
+	unsigned syscall_lstat_time;
+	unsigned syscall_unlink_count;
+	unsigned syscall_unlink_time;
+	unsigned syscall_chmod_count;
+	unsigned syscall_chmod_time;
+	unsigned syscall_fchmod_count;
+	unsigned syscall_fchmod_time;
+	unsigned syscall_chown_count;
+	unsigned syscall_chown_time;
+	unsigned syscall_fchown_count;
+	unsigned syscall_fchown_time;
+	unsigned syscall_chdir_count;
+	unsigned syscall_chdir_time;
+	unsigned syscall_getwd_count;
+	unsigned syscall_getwd_time;
+	unsigned syscall_utime_count;
+	unsigned syscall_utime_time;
+	unsigned syscall_ftruncate_count;
+	unsigned syscall_ftruncate_time;
+	unsigned syscall_fcntl_lock_count;
+	unsigned syscall_fcntl_lock_time;
+	unsigned syscall_readlink_count;
+	unsigned syscall_readlink_time;
+	unsigned syscall_symlink_count;
+	unsigned syscall_symlink_time;
+	unsigned syscall_link_count;
+	unsigned syscall_link_time;
+	unsigned syscall_mknod_count;
+	unsigned syscall_mknod_time;
+	unsigned syscall_realpath_count;
+	unsigned syscall_realpath_time;
+/* stat cache counters */
+	unsigned statcache_lookups;
+	unsigned statcache_misses;
+	unsigned statcache_hits;
+/* write cache counters */
+	unsigned writecache_read_hits;
+	unsigned writecache_abutted_writes;
+	unsigned writecache_total_writes;
+	unsigned writecache_non_oplock_writes;
+	unsigned writecache_direct_writes;
+	unsigned writecache_init_writes;
+	unsigned writecache_flushed_writes[NUM_FLUSH_REASONS];
+	unsigned writecache_num_perfect_writes;
+	unsigned writecache_num_write_caches;
+	unsigned writecache_allocated_write_caches;
+/* counters for individual SMB types */
+	unsigned SMBmkdir_count;	/* create directory */
+	unsigned SMBmkdir_time;
+	unsigned SMBrmdir_count;	/* delete directory */
+	unsigned SMBrmdir_time;
+	unsigned SMBopen_count;		/* open file */
+	unsigned SMBopen_time;
+	unsigned SMBcreate_count;	/* create file */
+	unsigned SMBcreate_time;
+	unsigned SMBclose_count;	/* close file */
+	unsigned SMBclose_time;
+	unsigned SMBflush_count;	/* flush file */
+	unsigned SMBflush_time;
+	unsigned SMBunlink_count;	/* delete file */
+	unsigned SMBunlink_time;
+	unsigned SMBmv_count;		/* rename file */
+	unsigned SMBmv_time;
+	unsigned SMBgetatr_count;	/* get file attributes */
+	unsigned SMBgetatr_time;
+	unsigned SMBsetatr_count;	/* set file attributes */
+	unsigned SMBsetatr_time;
+	unsigned SMBread_count;		/* read from file */
+	unsigned SMBread_time;
+	unsigned SMBwrite_count;	/* write to file */
+	unsigned SMBwrite_time;
+	unsigned SMBlock_count;		/* lock byte range */
+	unsigned SMBlock_time;
+	unsigned SMBunlock_count;	/* unlock byte range */
+	unsigned SMBunlock_time;
+	unsigned SMBctemp_count;	/* create temporary file */
+	unsigned SMBctemp_time;
+	/* SMBmknew stats are currently combined with SMBcreate */
+	unsigned SMBmknew_count;	/* make new file */
+	unsigned SMBmknew_time;
+	unsigned SMBchkpth_count;	/* check directory path */
+	unsigned SMBchkpth_time;
+	unsigned SMBexit_count;		/* process exit */
+	unsigned SMBexit_time;
+	unsigned SMBlseek_count;	/* seek */
+	unsigned SMBlseek_time;
+	unsigned SMBlockread_count;	/* Lock a range and read */
+	unsigned SMBlockread_time;
+	unsigned SMBwriteunlock_count;	/* Unlock a range then write */
+	unsigned SMBwriteunlock_time;
+	unsigned SMBreadbraw_count;	/* read a block of data with no smb header */
+	unsigned SMBreadbraw_time;
+	unsigned SMBreadBmpx_count;	/* read block multiplexed */
+	unsigned SMBreadBmpx_time;
+	unsigned SMBreadBs_count;	/* read block (secondary response) */
+	unsigned SMBreadBs_time;
+	unsigned SMBwritebraw_count;	/* write a block of data with no smb header */
+	unsigned SMBwritebraw_time;
+	unsigned SMBwriteBmpx_count;	/* write block multiplexed */
+	unsigned SMBwriteBmpx_time;
+	unsigned SMBwriteBs_count;	/* write block (secondary request) */
+	unsigned SMBwriteBs_time;
+	unsigned SMBwritec_count;	/* secondary write request */
+	unsigned SMBwritec_time;
+	unsigned SMBsetattrE_count;	/* set file attributes expanded */
+	unsigned SMBsetattrE_time;
+	unsigned SMBgetattrE_count;	/* get file attributes expanded */
+	unsigned SMBgetattrE_time;
+	unsigned SMBlockingX_count;	/* lock/unlock byte ranges and X */
+	unsigned SMBlockingX_time;
+	unsigned SMBtrans_count;	/* transaction - name, bytes in/out */
+	unsigned SMBtrans_time;
+	unsigned SMBtranss_count;	/* transaction (secondary request/response) */
+	unsigned SMBtranss_time;
+	unsigned SMBioctl_count;	/* IOCTL */
+	unsigned SMBioctl_time;
+	unsigned SMBioctls_count;	/* IOCTL  (secondary request/response) */
+	unsigned SMBioctls_time;
+	unsigned SMBcopy_count;		/* copy */
+	unsigned SMBcopy_time;
+	unsigned SMBmove_count;		/* move */
+	unsigned SMBmove_time;
+	unsigned SMBecho_count;		/* echo */
+	unsigned SMBecho_time;
+	unsigned SMBwriteclose_count;	/* write a file then close it */
+	unsigned SMBwriteclose_time;
+	unsigned SMBopenX_count;	/* open and X */
+	unsigned SMBopenX_time;
+	unsigned SMBreadX_count;	/* read and X */
+	unsigned SMBreadX_time;
+	unsigned SMBwriteX_count;	/* write and X */
+	unsigned SMBwriteX_time;
+	unsigned SMBtrans2_count;	/* TRANS2 protocol set */
+	unsigned SMBtrans2_time;
+	unsigned SMBtranss2_count;	/* TRANS2 protocol set, secondary command */
+	unsigned SMBtranss2_time;
+	unsigned SMBfindclose_count;	/* Terminate a TRANSACT2_FINDFIRST */
+	unsigned SMBfindclose_time;
+	unsigned SMBfindnclose_count;	/* Terminate a TRANSACT2_FINDNOTIFYFIRST */
+	unsigned SMBfindnclose_time;
+	unsigned SMBtcon_count;		/* tree connect */
+	unsigned SMBtcon_time;
+	unsigned SMBtdis_count;		/* tree disconnect */
+	unsigned SMBtdis_time;
+	unsigned SMBnegprot_count;	/* negotiate protocol */
+	unsigned SMBnegprot_time;
+	unsigned SMBsesssetupX_count;	/* Session Set Up & X (including User Logon) */
+	unsigned SMBsesssetupX_time;
+	unsigned SMBulogoffX_count;	/* user logoff */
+	unsigned SMBulogoffX_time;
+	unsigned SMBtconX_count;	/* tree connect and X*/
+	unsigned SMBtconX_time;
+	unsigned SMBdskattr_count;	/* get disk attributes */
+	unsigned SMBdskattr_time;
+	unsigned SMBsearch_count;	/* search directory */
+	unsigned SMBsearch_time;
+	/* SBMffirst stats combined with SMBsearch */
+	unsigned SMBffirst_count;	/* find first */
+	unsigned SMBffirst_time;
+	/* SBMfunique stats combined with SMBsearch */
+	unsigned SMBfunique_count;	/* find unique */
+	unsigned SMBfunique_time;
+	unsigned SMBfclose_count;	/* find close */
+	unsigned SMBfclose_time;
+	unsigned SMBnttrans_count;	/* NT transact */
+	unsigned SMBnttrans_time;
+	unsigned SMBnttranss_count;	/* NT transact secondary */
+	unsigned SMBnttranss_time;
+	unsigned SMBntcreateX_count;	/* NT create and X */
+	unsigned SMBntcreateX_time;
+	unsigned SMBntcancel_count;	/* NT cancel */
+	unsigned SMBntcancel_time;
+	unsigned SMBsplopen_count;	/* open print spool file */
+	unsigned SMBsplopen_time;
+	unsigned SMBsplwr_count;	/* write to print spool file */
+	unsigned SMBsplwr_time;
+	unsigned SMBsplclose_count;	/* close print spool file */
+	unsigned SMBsplclose_time;
+	unsigned SMBsplretq_count;	/* return print queue */
+	unsigned SMBsplretq_time;
+	unsigned SMBsends_count;	/* send single block message */
+	unsigned SMBsends_time;
+	unsigned SMBsendb_count;	/* send broadcast message */
+	unsigned SMBsendb_time;
+	unsigned SMBfwdname_count;	/* forward user name */
+	unsigned SMBfwdname_time;
+	unsigned SMBcancelf_count;	/* cancel forward */
+	unsigned SMBcancelf_time;
+	unsigned SMBgetmac_count;	/* get machine name */
+	unsigned SMBgetmac_time;
+	unsigned SMBsendstrt_count;	/* send start of multi-block message */
+	unsigned SMBsendstrt_time;
+	unsigned SMBsendend_count;	/* send end of multi-block message */
+	unsigned SMBsendend_time;
+	unsigned SMBsendtxt_count;	/* send text of multi-block message */
+	unsigned SMBsendtxt_time;
+	unsigned SMBinvalid_count;	/* invalid command */
+	unsigned SMBinvalid_time;
+/* Pathworks setdir command */
+	unsigned pathworks_setdir_count;
+	unsigned pathworks_setdir_time;
+/* These are the TRANS2 sub commands */
+	unsigned Trans2_open_count;
+	unsigned Trans2_open_time;
+	unsigned Trans2_findfirst_count;
+	unsigned Trans2_findfirst_time;
+	unsigned Trans2_findnext_count;
+	unsigned Trans2_findnext_time;
+	unsigned Trans2_qfsinfo_count;
+	unsigned Trans2_qfsinfo_time;
+	unsigned Trans2_setfsinfo_count;
+	unsigned Trans2_setfsinfo_time;
+	unsigned Trans2_qpathinfo_count;
+	unsigned Trans2_qpathinfo_time;
+	unsigned Trans2_setpathinfo_count;
+	unsigned Trans2_setpathinfo_time;
+	unsigned Trans2_qfileinfo_count;
+	unsigned Trans2_qfileinfo_time;
+	unsigned Trans2_setfileinfo_count;
+	unsigned Trans2_setfileinfo_time;
+	unsigned Trans2_fsctl_count;
+	unsigned Trans2_fsctl_time;
+	unsigned Trans2_ioctl_count;
+	unsigned Trans2_ioctl_time;
+	unsigned Trans2_findnotifyfirst_count;
+	unsigned Trans2_findnotifyfirst_time;
+	unsigned Trans2_findnotifynext_count;
+	unsigned Trans2_findnotifynext_time;
+	unsigned Trans2_mkdir_count;
+	unsigned Trans2_mkdir_time;
+	unsigned Trans2_session_setup_count;
+	unsigned Trans2_session_setup_time;
+	unsigned Trans2_get_dfs_referral_count;
+	unsigned Trans2_get_dfs_referral_time;
+	unsigned Trans2_report_dfs_inconsistancy_count;
+	unsigned Trans2_report_dfs_inconsistancy_time;
+/* These are the NT transact sub commands. */
+	unsigned NT_transact_create_count;
+	unsigned NT_transact_create_time;
+	unsigned NT_transact_ioctl_count;
+	unsigned NT_transact_ioctl_time;
+	unsigned NT_transact_set_security_desc_count;
+	unsigned NT_transact_set_security_desc_time;
+	unsigned NT_transact_notify_change_count;
+	unsigned NT_transact_notify_change_time;
+	unsigned NT_transact_rename_count;
+	unsigned NT_transact_rename_time;
+	unsigned NT_transact_query_security_desc_count;
+	unsigned NT_transact_query_security_desc_time;
+/* These are ACL manipulation calls */
+	unsigned get_nt_acl_count;
+	unsigned get_nt_acl_time;
+	unsigned fget_nt_acl_count;
+	unsigned fget_nt_acl_time;
+	unsigned set_nt_acl_count;
+	unsigned set_nt_acl_time;
+	unsigned fset_nt_acl_count;
+	unsigned fset_nt_acl_time;
+	unsigned chmod_acl_count;
+	unsigned chmod_acl_time;
+	unsigned fchmod_acl_count;
+	unsigned fchmod_acl_time;
+/* These are nmbd stats */
+	unsigned name_release_count;
+	unsigned name_release_time;
+	unsigned name_refresh_count;
+	unsigned name_refresh_time;
+	unsigned name_registration_count;
+	unsigned name_registration_time;
+	unsigned node_status_count;
+	unsigned node_status_time;
+	unsigned name_query_count;
+	unsigned name_query_time;
+	unsigned host_announce_count;
+	unsigned host_announce_time;
+	unsigned workgroup_announce_count;
+	unsigned workgroup_announce_time;
+	unsigned local_master_announce_count;
+	unsigned local_master_announce_time;
+	unsigned master_browser_announce_count;
+	unsigned master_browser_announce_time;
+	unsigned lm_host_announce_count;
+	unsigned lm_host_announce_time;
+	unsigned get_backup_list_count;
+	unsigned get_backup_list_time;
+	unsigned reset_browser_count;
+	unsigned reset_browser_time;
+	unsigned announce_request_count;
+	unsigned announce_request_time;
+	unsigned lm_announce_request_count;
+	unsigned lm_announce_request_time;
+	unsigned domain_logon_count;
+	unsigned domain_logon_time;
+	unsigned sync_browse_lists_count;
+	unsigned sync_browse_lists_time;
+	unsigned run_elections_count;
+	unsigned run_elections_time;
+	unsigned election_count;
+	unsigned election_time;
+};
+
+struct profile_header {
+	int prof_shm_magic;
+	int prof_shm_version;
+	struct profile_stats stats;
+};
+
+extern struct profile_header *profile_h;
+extern struct profile_stats *profile_p;
+extern struct timeval profile_starttime;
+extern struct timeval profile_endtime;
+extern struct timeval profile_starttime_nested;
+extern struct timeval profile_endtime_nested;
+extern BOOL do_profile_flag;
+extern BOOL do_profile_times;
+
+/* these are helper macros - do not call them directly in the code
+ * use the DO_PROFILE_* START_PROFILE and END_PROFILE ones
+ * below which test for the profile flage first
+ */
+#define INC_PROFILE_COUNT(x) profile_p->x++
+#define DEC_PROFILE_COUNT(x) profile_p->x--
+#define ADD_PROFILE_COUNT(x,y) profile_p->x += (y)
+#define PROFILE_TIME \
+	((profile_endtime.tv_sec - profile_starttime.tv_sec) *1000000 + \
+	((int)profile_endtime.tv_usec - (int)profile_starttime.tv_usec))
+#define PROFILE_TIME_NESTED \
+	((profile_endtime_nested.tv_sec - profile_starttime_nested.tv_sec) *1000000 + \
+	((int)profile_endtime_nested.tv_usec - (int)profile_starttime_nested.tv_usec))
+
+#ifdef WITH_PROFILE
+#define DO_PROFILE_INC(x) \
+	if (do_profile_flag) { \
+		INC_PROFILE_COUNT(x); \
+	}
+#define DO_PROFILE_DEC(x) \
+	if (do_profile_flag) { \
+		DEC_PROFILE_COUNT(x); \
+	}
+#define DO_PROFILE_DEC_INC(x,y) \
+	if (do_profile_flag) { \
+		DEC_PROFILE_COUNT(x); \
+		INC_PROFILE_COUNT(y); \
+	}
+#define DO_PROFILE_ADD(x,n) \
+	if (do_profile_flag) { \
+		ADD_PROFILE_COUNT(x,n); \
+	}
+#define START_PROFILE(x) \
+	if (do_profile_flag) { \
+		if (do_profile_times) \
+			GetTimeOfDay(&profile_starttime); \
+		INC_PROFILE_COUNT(x##_count); \
+	}
+#define START_PROFILE_NESTED(x) \
+	if (do_profile_flag) { \
+		if (do_profile_times) \
+			GetTimeOfDay(&profile_starttime_nested); \
+		INC_PROFILE_COUNT(x##_count); \
+	}
+#define START_PROFILE_BYTES(x,n) \
+	if (do_profile_flag) { \
+		if (do_profile_times) \
+			GetTimeOfDay(&profile_starttime); \
+		INC_PROFILE_COUNT(x##_count); \
+		ADD_PROFILE_COUNT(x##_bytes,n); \
+	}
+#define END_PROFILE(x) \
+	if (do_profile_times) { \
+		GetTimeOfDay(&profile_endtime); \
+		ADD_PROFILE_COUNT(x##_time,PROFILE_TIME); \
+	}
+#define END_PROFILE_NESTED(x) \
+	if (do_profile_times) { \
+		GetTimeOfDay(&profile_endtime_nested); \
+		ADD_PROFILE_COUNT(x##_time,PROFILE_TIME_NESTED); \
+	}
+#else
+#define DO_PROFILE_INC(x)
+#define DO_PROFILE_DEC(x)
+#define DO_PROFILE_DEC_INC(x,y)
+#define DO_PROFILE_ADD(x,n)
+#define START_PROFILE(x)
+#define START_PROFILE_NESTED(x)
+#define START_PROFILE_BYTES(x,n)
+#define END_PROFILE(x)
+#define END_PROFILE_NESTED(x)
+#endif
+
+#endif
diff --git a/source3/include/stamp-h.in b/source3/include/stamp-h.in
new file mode 100644
index 0000000000..c9061b3ad3
--- /dev/null
+++ b/source3/include/stamp-h.in
@@ -0,0 +1 @@
+Sun Jul 18 20:32:29 UTC 1999
diff --git a/source3/include/talloc.h b/source3/include/talloc.h
new file mode 100644
index 0000000000..64a5883041
--- /dev/null
+++ b/source3/include/talloc.h
@@ -0,0 +1,51 @@
+#ifndef _TALLOC_H_
+#define _TALLOC_H_
+/* 
+   Unix SMB/CIFS implementation.
+   Samba temporary memory allocation functions
+   Copyright (C) Andrew Tridgell 2000
+   Copyright (C) 2001 by Martin Pool <mbp@samba.org>
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+/**
+ * @ingroup talloc
+ * @{
+ * @sa talloc.c
+ */
+
+/**
+ * talloc allocation pool.  All allocated blocks can be freed in one go.
+ **/
+typedef struct talloc_ctx TALLOC_CTX;
+
+TALLOC_CTX *talloc_init_named(char const *fmt, ...) PRINTF_ATTRIBUTE(1, 2);
+
+char *talloc_vasprintf(TALLOC_CTX *t, const char *fmt, va_list ap)
+	PRINTF_ATTRIBUTE(2, 0);
+
+char *talloc_asprintf(TALLOC_CTX *t, const char *fmt, ...)
+	PRINTF_ATTRIBUTE(2, 3);
+
+char *talloc_vasprintf_append(TALLOC_CTX *t, char *, const char *, va_list ap)
+	PRINTF_ATTRIBUTE(3, 0);
+
+char *talloc_asprintf_append(TALLOC_CTX *t, char *, const char *, ...)
+	PRINTF_ATTRIBUTE(3, 4);
+
+/** @} */
+
+#endif /* ndef _TALLOC_H_ */
diff --git a/source3/include/trans2.h b/source3/include/trans2.h
index cc366ccaea..3a6fe6e9ee 100644
--- a/source3/include/trans2.h
+++ b/source3/include/trans2.h
@@ -1,8 +1,7 @@
 /* 
-   Unix SMB/Netbios implementation.
-   Version 1.9.
+   Unix SMB/CIFS implementation.
    SMB transaction2 handling
-   Copyright (C) Jeremy Allison 1994
+   Copyright (C) Jeremy Allison 1994-2002.
 
    Extensively modified by Andrew Tridgell, 1995
 
@@ -194,6 +193,11 @@ Byte offset   Type     name                description
 } FSINFO;
 *************************************************************/
 
+#define SMB_INFO_STANDARD               1
+#define SMB_INFO_QUERY_EA_SIZE          2
+#define SMB_INFO_QUERY_EAS_FROM_LIST    3
+#define SMB_INFO_QUERY_ALL_EAS          4
+#define SMB_INFO_IS_NAME_VALID          6
 #define SMB_QUERY_FS_LABEL_INFO			0x101
 #define SMB_QUERY_FS_VOLUME_INFO		0x102
 #define SMB_QUERY_FS_SIZE_INFO			0x103
@@ -226,16 +230,208 @@ Byte offset   Type     name                description
 #define SMB_SET_FILE_ALLOCATION_INFO	0x103
 #define SMB_SET_FILE_END_OF_FILE_INFO	0x104
 
+/*
+ * Thursby MAC extensions....
+ */
+
+/*
+ * MAC CIFS Extensions have the range 0x300 - 0x2FF reserved.
+ * Supposedly Microsoft have agreed to this.
+ */
+
+#define MIN_MAC_INFO_LEVEL 0x300
+#define MAX_MAC_INFO_LEVEL 0x3FF
+
+#define SMB_MAC_QUERY_FS_INFO           0x301
+
 #define DIRLEN_GUESS (45+MAX(l1_achName,l2_achName))
 
-/* Function prototypes */
+/*
+ * DeviceType and Characteristics returned in a
+ * SMB_QUERY_FS_DEVICE_INFO call.
+ */
+
+#define DEVICETYPE_CD_ROM		0x2
+#define DEVICETYPE_CD_ROM_FILE_SYSTEM	0x3
+#define DEVICETYPE_DISK			0x7
+#define DEVICETYPE_DISK_FILE_SYSTEM	0x8
+#define DEVICETYPE_FILE_SYSTEM		0x9
+
+/* Characteristics. */
+#define TYPE_REMOVABLE_MEDIA		0x1
+#define TYPE_READ_ONLY_DEVICE		0x2
+#define TYPE_FLOPPY			0x4
+#define TYPE_WORM			0x8
+#define TYPE_REMOTE			0x10
+#define TYPE_MOUNTED			0x20
+#define TYPE_VIRTUAL			0x40
+
+/* NT passthrough levels... */
+
+#define SMB_FILE_DIRECTORY_INFORMATION			1001
+#define SMB_FILE_FULL_DIRECTORY_INFORMATION		1002
+#define SMB_FILE_BOTH_DIRECTORY_INFORMATION		1003
+#define SMB_FILE_BASIC_INFORMATION			1004
+#define SMB_FILE_STANDARD_INFORMATION			1005
+#define SMB_FILE_INTERNAL_INFORMATION			1006
+#define SMB_FILE_EA_INFORMATION				1007
+#define SMB_FILE_ACCESS_INFORMATION			1008
+#define SMB_FILE_NAME_INFORMATION			1009
+#define SMB_FILE_RENAME_INFORMATION			1010
+#define SMB_FILE_LINK_INFORMATION			1011
+#define SMB_FILE_NAMES_INFORMATION			1012
+#define SMB_FILE_DISPOSITION_INFORMATION		1013
+#define SMB_FILE_POSITION_INFORMATION			1014
+#define SMB_FILE_FULL_EA_INFORMATION			1015
+#define SMB_FILE_MODE_INFORMATION			1016
+#define SMB_FILE_ALIGNMENT_INFORMATION			1017
+#define SMB_FILE_ALL_INFORMATION			1018
+#define SMB_FILE_ALLOCATION_INFORMATION			1019
+#define SMB_FILE_END_OF_FILE_INFORMATION		1020
+#define SMB_FILE_ALTERNATE_NAME_INFORMATION		1021
+#define SMB_FILE_STREAM_INFORMATION			1022
+#define SMB_FILE_PIPE_INFORMATION			1023
+#define SMB_FILE_PIPE_LOCAL_INFORMATION			1024
+#define SMB_FILE_PIPE_REMOTE_INFORMATION		1025
+#define SMB_FILE_MAILSLOT_QUERY_INFORMATION		1026
+#define SMB_FILE_MAILSLOT_SET_INFORMATION		1027
+#define SMB_FILE_COMPRESSION_INFORMATION		1028
+#define SMB_FILE_OBJECTID_INFORMATION			1029
+#define SMB_FILE_COMPLETION_INFORMATION			1030
+#define SMB_FILE_MOVE_CLUSTER_INFORMATION		1031
+#define SMB_FILE_QUOTA_INFORMATION			1032
+#define SMB_FILE_REPARSEPOINT_INFORMATION		1033
+#define SMB_FILE_NETWORK_OPEN_INFORMATION		1034
+#define SMB_FILE_ATTRIBUTE_TAG_INFORMATION		1035
+#define SMB_FILE_TRACKING_INFORMATION			1036
+#define SMB_FILE_MAXIMUM_INFORMATION			1037
+
+/* NT passthough levels for qfsinfo. */
+
+#define SMB_FS_VOLUME_INFORMATION			1001
+#define SMB_FS_LABEL_INFORMATION			1002
+#define SMB_FS_SIZE_INFORMATION				1003
+#define SMB_FS_DEVICE_INFORMATION			1004
+#define SMB_FS_ATTRIBUTE_INFORMATION			1005
+#define SMB_FS_CONTROL_INFORMATION			1006
+#define SMB_FS_FULL_SIZE_INFORMATION			1007
+#define SMB_FS_OBJECTID_INFORMATION			1008
+
+/* UNIX CIFS Extensions - created by HP */
+/*
+ * UNIX CIFS Extensions have the range 0x200 - 0x2FF reserved.
+ * Supposedly Microsoft have agreed to this.
+ */
+
+#define MIN_UNIX_INFO_LEVEL 0x200
+#define MAX_UNIX_INFO_LEVEL 0x2FF
+
+#define INFO_LEVEL_IS_UNIX(level) (((level) >= MIN_UNIX_INFO_LEVEL) && ((level) <= MAX_UNIX_INFO_LEVEL))
+
+#define SMB_QUERY_FILE_UNIX_BASIC      0x200   /* UNIX File Info*/
+#define SMB_SET_FILE_UNIX_BASIC        0x200
+
+#define SMB_MODE_NO_CHANGE                 0xFFFFFFFF     /* file mode value which */
+                                              /* means "don't change it" */
+#define SMB_UID_NO_CHANGE                  0xFFFFFFFF
+#define SMB_GID_NO_CHANGE                  0xFFFFFFFF
+
+/*
+Offset Size         Name
+0      LARGE_INTEGER EndOfFile                File size
+8      LARGE_INTEGER Blocks                   Number of bytes used on disk (st_blocks).
+16     LARGE_INTEGER CreationTime             Creation time
+24     LARGE_INTEGER LastAccessTime           Last access time
+32     LARGE_INTEGER LastModificationTime     Last modification time
+40     LARGE_INTEGER Uid                      Numeric user id for the owner
+48     LARGE_INTEGER Gid                      Numeric group id of owner
+56     ULONG Type                             Enumeration specifying the pathname type:
+                                              0 -- File
+                                              1 -- Directory
+                                              2 -- Symbolic link
+                                              3 -- Character device
+                                              4 -- Block device
+                                              5 -- FIFO (named pipe)
+                                              6 -- Unix domain socket
+
+60     LARGE_INTEGER devmajor                 Major device number if type is device
+68     LARGE_INTEGER devminor                 Minor device number if type is device
+76     LARGE_INTEGER uniqueid                 This is a server-assigned unique id for the file. The client
+                                              will typically map this onto an inode number. The scope of
+                                              uniqueness is the share.
+84     LARGE_INTEGER permissions              Standard UNIX file permissions  - see below.
+92     LARGE_INTEGER nlinks                   The number of directory entries that map to this entry
+                                              (number of hard links)
+
+100 - end.
+*/
 
+/* UNIX filetype mappings. */
+
+#define UNIX_TYPE_FILE 0
+#define UNIX_TYPE_DIR 1
+#define UNIX_TYPE_SYMLINK 2
+#define UNIX_TYPE_CHARDEV 3
+#define UNIX_TYPE_BLKDEV 4
+#define UNIX_TYPE_FIFO 5
+#define UNIX_TYPE_SOCKET 6
+#define UNIX_TYPE_UNKNOWN 0xFFFFFFFF
+
+/*
+ * Oh this is fun. "Standard UNIX permissions" has no
+ * meaning in POSIX. We need to define the mapping onto
+ * and off the wire as this was not done in the original HP
+ * spec. JRA.
+ */
+
+#define UNIX_X_OTH			0000001
+#define UNIX_W_OTH			0000002
+#define UNIX_R_OTH			0000004
+#define UNIX_X_GRP			0000010
+#define UNIX_W_GRP                      0000020
+#define UNIX_R_GRP                      0000040
+#define UNIX_X_USR                      0000100
+#define UNIX_W_USR                      0000200
+#define UNIX_R_USR                      0000400
+#define UNIX_STICKY                     0001000
+#define UNIX_SET_GID                    0002000
+#define UNIX_SET_UID                    0004000
+
+/* Masks for the above */
+#define UNIX_OTH_MASK                   0000007
+#define UNIX_GRP_MASK                   0000070
+#define UNIX_USR_MASK                   0000700
+#define UNIX_PERM_MASK                  0000777
+#define UNIX_EXTRA_MASK                 0007000
+#define UNIX_ALL_MASK                   0007777
+
+#define SMB_QUERY_FILE_UNIX_LINK       0x201
+#define SMB_SET_FILE_UNIX_LINK         0x201
+#define SMB_SET_FILE_UNIX_HLINK        0x203
+
+#define SMB_FIND_FILE_UNIX             0x202
+
+/*
+ Info level for QVOLINFO - returns version of CIFS UNIX extensions, plus
+ 64-bits worth of capability fun :-).
+*/
 
-int reply_findnclose(char *inbuf,char *outbuf,int length,int bufsize);
+#define SMB_CIFS_UNIX_QUERY_INFO      0x200
 
-int reply_findclose(char *inbuf,char *outbuf,int length,int bufsize);
+/* Returns the following.
 
-#endif
+  UINT16             major version number
+  UINT16             minor version number
+  LARGE_INTEGER      capability bitfield
+
+*/
 
+#define CIFS_UNIX_MAJOR_VERSION 1
+#define CIFS_UNIX_MINOR_VERSION 0
 
+#define CIFS_UNIX_FCNTL_LOCKS_CAP           0x1
+#define CIFS_UNIX_POSIX_ACLS_CAP            0x2
 
+/* ... more as we think of them :-). */
+
+#endif
diff --git a/source3/include/util_getent.h b/source3/include/util_getent.h
new file mode 100644
index 0000000000..b67758ba23
--- /dev/null
+++ b/source3/include/util_getent.h
@@ -0,0 +1,61 @@
+/*
+   Unix SMB/CIFS implementation.
+   Samba utility functions
+   Copyright (C) Simo Sorce 2001
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _UTIL_GETENT_H
+#define _UTIL_GETENT_H
+
+/* Element for a single linked list of group entries */
+/* Replace the use of struct group in some cases */
+/* Used by getgrent_list() */
+
+struct sys_grent {
+	char *gr_name;
+	char *gr_passwd;
+	gid_t gr_gid;
+	char **gr_mem;
+	struct sys_grent *next;
+};
+
+/* Element for a single linked list of passwd entries */
+/* Replace the use of struct passwd in some cases */
+/* Used by getpwent_list() */
+
+struct sys_pwent {
+	char *pw_name;
+	char *pw_passwd;
+	uid_t pw_uid;
+	gid_t pw_gid;
+	char *pw_gecos;
+	char *pw_dir;
+	char *pw_shell;
+	struct sys_pwent *next;
+};
+
+/* Element for a single linked list of user names in a group. */
+/* Used to return group lists that may span multiple lines in 
+   /etc/group file. */
+/* Used by get_users_in_group() */
+
+struct sys_userlist {
+	struct sys_userlist *next, *prev;
+	char *unix_name;
+};
+
+#endif /* _UTIL_GETENT_H */
diff --git a/source3/include/version.h b/source3/include/version.h
index 9ad8b7d44b..afc40a8cf9 100644
--- a/source3/include/version.h
+++ b/source3/include/version.h
@@ -1 +1 @@
-#define VERSION "1.9.16alpha1"
+#define VERSION "3.0-alpha17"
diff --git a/source3/include/vfs.h b/source3/include/vfs.h
new file mode 100644
index 0000000000..2f9fedf77d
--- /dev/null
+++ b/source3/include/vfs.h
@@ -0,0 +1,138 @@
+/* 
+   Unix SMB/CIFS implementation.
+   VFS structures and parameters
+   Copyright (C) Tim Potter 1999
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _VFS_H
+#define _VFS_H
+
+/* Avoid conflict with an AIX include file */
+
+#ifdef vfs_ops
+#undef vfs_ops
+#endif
+
+/*
+ * As we're now (thanks Andrew ! :-) using file_structs and connection
+ * structs in the vfs - then anyone writing a vfs must include includes.h...
+ */
+
+/*
+ * This next constant specifies the version number of the VFS interface
+ * this smbd will load. Increment this if *ANY* changes are made to the
+ * vfs_ops below. JRA.
+ */
+
+/* Changed to version 2 for CIFS UNIX extensions (mknod and link added). JRA. */
+/* Changed to version 3 for POSIX acl extensions. JRA. */
+#define SMB_VFS_INTERFACE_VERSION 3
+
+/* VFS operations structure */
+
+struct connection_struct;
+struct files_struct;
+struct security_descriptor_info;
+
+struct vfs_ops {
+
+	/* Disk operations */
+    
+	int (*connect)(struct connection_struct *conn, const char *service, const char *user);
+	void (*disconnect)(struct connection_struct *conn);
+	SMB_BIG_UINT (*disk_free)(struct connection_struct *conn, const char *path, BOOL small_query, SMB_BIG_UINT *bsize, 
+		SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize);
+    
+	/* Directory operations */
+
+	DIR *(*opendir)(struct connection_struct *conn, const char *fname);
+	struct dirent *(*readdir)(struct connection_struct *conn, DIR *dirp);
+	int (*mkdir)(struct connection_struct *conn, const char *path, mode_t mode);
+	int (*rmdir)(struct connection_struct *conn, const char *path);
+	int (*closedir)(struct connection_struct *conn, DIR *dir);
+    
+	/* File operations */
+    
+	int (*open)(struct connection_struct *conn, const char *fname, int flags, mode_t mode);
+	int (*close)(struct files_struct *fsp, int fd);
+	ssize_t (*read)(struct files_struct *fsp, int fd, void *data, size_t n);
+	ssize_t (*write)(struct files_struct *fsp, int fd, const void *data, size_t n);
+	SMB_OFF_T (*lseek)(struct files_struct *fsp, int filedes, SMB_OFF_T offset, int whence);
+	int (*rename)(struct connection_struct *conn, const char *old, const char *new);
+	int (*fsync)(struct files_struct *fsp, int fd);
+	int (*stat)(struct connection_struct *conn, const char *fname, SMB_STRUCT_STAT *sbuf);
+	int (*fstat)(struct files_struct *fsp, int fd, SMB_STRUCT_STAT *sbuf);
+	int (*lstat)(struct connection_struct *conn, const char *path, SMB_STRUCT_STAT *sbuf);
+	int (*unlink)(struct connection_struct *conn, const char *path);
+	int (*chmod)(struct connection_struct *conn, const char *path, mode_t mode);
+	int (*fchmod)(struct files_struct *fsp, int fd, mode_t mode);
+	int (*chown)(struct connection_struct *conn, const char *path, uid_t uid, gid_t gid);
+	int (*fchown)(struct files_struct *fsp, int fd, uid_t uid, gid_t gid);
+	int (*chdir)(struct connection_struct *conn, const char *path);
+	char *(*getwd)(struct connection_struct *conn, char *buf);
+	int (*utime)(struct connection_struct *conn, const char *path, struct utimbuf *times);
+	int (*ftruncate)(struct files_struct *fsp, int fd, SMB_OFF_T offset);
+	BOOL (*lock)(struct files_struct *fsp, int fd, int op, SMB_OFF_T offset, SMB_OFF_T count, int type);
+	int (*symlink)(struct connection_struct *conn, const char *oldpath, const char *newpath);
+	int (*readlink)(struct connection_struct *conn, const char *path, char *buf, size_t bufsiz);
+	int (*link)(struct connection_struct *conn, const char *oldpath, const char *newpath);
+	int (*mknod)(struct connection_struct *conn, const char *path, mode_t mode, SMB_DEV_T dev);
+	char *(*realpath)(struct connection_struct *conn, const char *path, char *resolved_path);
+
+	/* NT ACL operations. */
+
+	size_t (*fget_nt_acl)(struct files_struct *fsp, int fd, struct security_descriptor_info **ppdesc);
+	size_t (*get_nt_acl)(struct files_struct *fsp, const char *name, struct security_descriptor_info **ppdesc);
+	BOOL (*fset_nt_acl)(struct files_struct *fsp, int fd, uint32 security_info_sent, struct security_descriptor_info *psd);
+	BOOL (*set_nt_acl)(struct files_struct *fsp, const char *name, uint32 security_info_sent, struct security_descriptor_info *psd);
+
+	/* POSIX ACL operations. */
+
+	int (*chmod_acl)(struct connection_struct *conn, const char *name, mode_t mode);
+	int (*fchmod_acl)(struct files_struct *fsp, int fd, mode_t mode);
+
+	int (*sys_acl_get_entry)(struct connection_struct *conn, SMB_ACL_T theacl, int entry_id, SMB_ACL_ENTRY_T *entry_p);
+	int (*sys_acl_get_tag_type)(struct connection_struct *conn, SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p);
+	int (*sys_acl_get_permset)(struct connection_struct *conn, SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p);
+	void * (*sys_acl_get_qualifier)(struct connection_struct *conn, SMB_ACL_ENTRY_T entry_d);
+	SMB_ACL_T (*sys_acl_get_file)(struct connection_struct *conn, const char *path_p, SMB_ACL_TYPE_T type);
+	SMB_ACL_T (*sys_acl_get_fd)(struct files_struct *fsp, int fd);
+	int (*sys_acl_clear_perms)(struct connection_struct *conn, SMB_ACL_PERMSET_T permset);
+	int (*sys_acl_add_perm)(struct connection_struct *conn, SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm);
+	char * (*sys_acl_to_text)(struct connection_struct *conn, SMB_ACL_T theacl, ssize_t *plen);
+	SMB_ACL_T (*sys_acl_init)(struct connection_struct *conn, int count);
+	int (*sys_acl_create_entry)(struct connection_struct *conn, SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry);
+	int (*sys_acl_set_tag_type)(struct connection_struct *conn, SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype);
+	int (*sys_acl_set_qualifier)(struct connection_struct *conn, SMB_ACL_ENTRY_T entry, void *qual);
+	int (*sys_acl_set_permset)(struct connection_struct *conn, SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset);
+	int (*sys_acl_valid)(struct connection_struct *conn, SMB_ACL_T theacl );
+	int (*sys_acl_set_file)(struct connection_struct *conn, const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl);
+	int (*sys_acl_set_fd)(struct files_struct *fsp, int fd, SMB_ACL_T theacl);
+	int (*sys_acl_delete_def_file)(struct connection_struct *conn, const char *path);
+	int (*sys_acl_get_perm)(struct connection_struct *conn, SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm);
+	int (*sys_acl_free_text)(struct connection_struct *conn, char *text);
+	int (*sys_acl_free_acl)(struct connection_struct *conn, SMB_ACL_T posix_acl);
+	int (*sys_acl_free_qualifier)(struct connection_struct *conn, void *qualifier, SMB_ACL_TAG_T tagtype);
+};
+
+struct vfs_options {
+    struct vfs_options *prev, *next;
+    char *name;
+    char *value;
+};
+
+#endif /* _VFS_H */
diff --git a/source3/include/xfile.h b/source3/include/xfile.h
new file mode 100644
index 0000000000..a573b59a4a
--- /dev/null
+++ b/source3/include/xfile.h
@@ -0,0 +1,47 @@
+/* 
+   Unix SMB/CIFS implementation.
+   stdio replacement
+   Copyright (C) Andrew Tridgell 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _XFILE_H_
+#define _XFILE_H_
+/*
+  see xfile.c for explanations
+*/
+
+typedef struct {
+	int fd;
+	char *buf;
+	char *next;
+	int bufsize;
+	int bufused;
+	int open_flags;
+	int buftype;
+	int flags;
+} XFILE;
+
+extern XFILE *x_stdin, *x_stdout, *x_stderr;
+
+/* buffering type */
+#define X_IOFBF 0
+#define X_IOLBF 1
+#define X_IONBF 2
+
+#define x_getc(f) x_fgetc(f)
+
+#endif /* _XFILE_H_ */
diff --git a/source3/install-sh b/source3/install-sh
new file mode 100755
index 0000000000..58719246f0
--- /dev/null
+++ b/source3/install-sh
@@ -0,0 +1,238 @@
+#! /bin/sh
+#
+# install - install a program, script, or datafile
+# This comes from X11R5.
+#
+# Calling this script install-sh is preferred over install.sh, to prevent
+# `make' implicit rules from creating a file called install from it
+# when there is no Makefile.
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.
+#
+
+
+# set DOITPROG to echo to test this script
+
+# Don't use :- since 4.3BSD and earlier shells don't like it.
+doit="${DOITPROG-}"
+
+
+# put in absolute paths if you don't have them in your path; or use env. vars.
+
+mvprog="${MVPROG-mv}"
+cpprog="${CPPROG-cp}"
+chmodprog="${CHMODPROG-chmod}"
+chownprog="${CHOWNPROG-chown}"
+chgrpprog="${CHGRPPROG-chgrp}"
+stripprog="${STRIPPROG-strip}"
+rmprog="${RMPROG-rm}"
+mkdirprog="${MKDIRPROG-mkdir}"
+
+transformbasename=""
+transform_arg=""
+instcmd="$mvprog"
+chmodcmd="$chmodprog 0755"
+chowncmd=""
+chgrpcmd=""
+stripcmd=""
+rmcmd="$rmprog -f"
+mvcmd="$mvprog"
+src=""
+dst=""
+dir_arg=""
+
+while [ x"$1" != x ]; do
+    case $1 in
+	-c) instcmd="$cpprog"
+	    shift
+	    continue;;
+
+	-d) dir_arg=true
+	    shift
+	    continue;;
+
+	-m) chmodcmd="$chmodprog $2"
+	    shift
+	    shift
+	    continue;;
+
+	-o) chowncmd="$chownprog $2"
+	    shift
+	    shift
+	    continue;;
+
+	-g) chgrpcmd="$chgrpprog $2"
+	    shift
+	    shift
+	    continue;;
+
+	-s) stripcmd="$stripprog"
+	    shift
+	    continue;;
+
+	-t=*) transformarg=`echo $1 | sed 's/-t=//'`
+	    shift
+	    continue;;
+
+	-b=*) transformbasename=`echo $1 | sed 's/-b=//'`
+	    shift
+	    continue;;
+
+	*)  if [ x"$src" = x ]
+	    then
+		src=$1
+	    else
+		# this colon is to work around a 386BSD /bin/sh bug
+		:
+		dst=$1
+	    fi
+	    shift
+	    continue;;
+    esac
+done
+
+if [ x"$src" = x ]
+then
+	echo "install:	no input file specified"
+	exit 1
+else
+	true
+fi
+
+if [ x"$dir_arg" != x ]; then
+	dst=$src
+	src=""
+	
+	if [ -d $dst ]; then
+		instcmd=:
+	else
+		instcmd=mkdir
+	fi
+else
+
+# Waiting for this to be detected by the "$instcmd $src $dsttmp" command
+# might cause directories to be created, which would be especially bad 
+# if $src (and thus $dsttmp) contains '*'.
+
+	if [ -f $src -o -d $src ]
+	then
+		true
+	else
+		echo "install:  $src does not exist"
+		exit 1
+	fi
+	
+	if [ x"$dst" = x ]
+	then
+		echo "install:	no destination specified"
+		exit 1
+	else
+		true
+	fi
+
+# If destination is a directory, append the input filename; if your system
+# does not like double slashes in filenames, you may need to add some logic
+
+	if [ -d $dst ]
+	then
+		dst="$dst"/`basename $src`
+	else
+		true
+	fi
+fi
+
+## this sed command emulates the dirname command
+dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'`
+
+# Make sure that the destination directory exists.
+#  this part is taken from Noah Friedman's mkinstalldirs script
+
+# Skip lots of stat calls in the usual case.
+if [ ! -d "$dstdir" ]; then
+defaultIFS='	
+'
+IFS="${IFS-${defaultIFS}}"
+
+oIFS="${IFS}"
+# Some sh's can't handle IFS=/ for some reason.
+IFS='%'
+set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'`
+IFS="${oIFS}"
+
+pathcomp=''
+
+while [ $# -ne 0 ] ; do
+	pathcomp="${pathcomp}${1}"
+	shift
+
+	if [ ! -d "${pathcomp}" ] ;
+        then
+		$mkdirprog "${pathcomp}"
+	else
+		true
+	fi
+
+	pathcomp="${pathcomp}/"
+done
+fi
+
+if [ x"$dir_arg" != x ]
+then
+	$doit $instcmd $dst &&
+
+	if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi &&
+	if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi &&
+	if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi &&
+	if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi
+else
+
+# If we're going to rename the final executable, determine the name now.
+
+	if [ x"$transformarg" = x ] 
+	then
+		dstfile=`basename $dst`
+	else
+		dstfile=`basename $dst $transformbasename | 
+			sed $transformarg`$transformbasename
+	fi
+
+# don't allow the sed command to completely eliminate the filename
+
+	if [ x"$dstfile" = x ] 
+	then
+		dstfile=`basename $dst`
+	else
+		true
+	fi
+
+# Make a temp file name in the proper directory.
+
+	dsttmp=$dstdir/#inst.$$#
+
+# Move or copy the file name to the temp name
+
+	$doit $instcmd $src $dsttmp &&
+
+	trap "rm -f ${dsttmp}" 0 &&
+
+# and set any options; do chmod last to preserve setuid bits
+
+# If any of these fail, we abort the whole thing.  If we want to
+# ignore errors from any of these, just make sure not to ignore
+# errors from the above "$doit $instcmd $src $dsttmp" command.
+
+	if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi &&
+	if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi &&
+	if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi &&
+	if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi &&
+
+# Now rename the file to the real destination.
+
+	$doit $rmcmd -f $dstdir/$dstfile &&
+	$doit $mvcmd $dsttmp $dstdir/$dstfile 
+
+fi &&
+
+
+exit 0
diff --git a/source3/internals.doc b/source3/internals.doc
new file mode 100644
index 0000000000..c8cc6dd136
--- /dev/null
+++ b/source3/internals.doc
@@ -0,0 +1,281 @@
+internals.txt, 8 May 1996
+Written by David Chappell <David.Chappell@mail.trincoll.edu>.
+
+This document describes some of the internal functions which must be
+understood by anyone wishing to add features to Samba.
+
+
+
+=============================================================================
+This section describes character set handling in Samba, as implemented in
+Samba 3.0 and above
+
+In the past Samba had very ad-hoc character set handling. Scattered
+throughout the code were numerous calls which converted particular
+strings to/from DOS codepages. The problem is that there was no way of
+telling if a particular char* is in dos codepage or unix
+codepage. This led to a nightmare of code that tried to cope with
+particular cases without handlingt the general case.
+
+The new system works like this:
+
+- all char* strings inside Samba are "unix" strings. These are
+  multi-byte strings that are in the charset defined by the "unix
+  charset" option in smb.conf. 
+
+- there is no single fixed character set for unix strings, but any
+  character set that is used does need the following properties:
+    * must not contain NULLs except for termination
+    * must be 7-bit compatible with C strings, so that a constant
+      string or character in C will be byte-for-byte identical to the
+      equivalent string in the chosen character set. 
+    * when you uppercase or lowercase a string it does not become
+      longer than the original string
+    * must be able to correctly hold all characters that your client
+      will throw at it
+  For example, UTF-8 is fine, and most multi-byte asian character sets
+  are fine, but UCS2 could not be used for unix strings as they
+  contain nulls.
+
+- when you need to put a string into a buffer that will be sent on the
+  wire, or you need a string in a character set format that is
+  compatible with the clients character set then you need to use a
+  pull_ or push_ function. The pull_ functions pull a string from a
+  wire buffer into a (multi-byte) unix string. The push_ functions
+  push a string out to a wire buffer. 
+
+- the two main pull_ and push_ functions you need to understand are
+  pull_string and push_string. These functions take a base pointer
+  that should point at the start of the SMB packet that the string is
+  in. The functions will check the flags field in this packet to
+  automatically determine if the packet is marked as a unicode packet,
+  and they will choose whether to use unicode for this string based on
+  that flag. You may also force this decision using the STR_UNICODE or
+  STR_ASCII flags. For use in smbd/ and libsmb/ there are wrapper
+  functions clistr_ and srvstr_ that call the pull_/push_ functions
+  with the appropriate first argument.
+
+  You may also call the pull_ascii/pull_ucs2 or push_ascii/push_ucs2
+  functions if you know that a particular string is ascii or
+  unicode. There are also a number of other convenience functions in
+  charcnv.c that call the pull_/push_ functions with particularly
+  common arguments, such as pull_ascii_pstring()
+
+The biggest thing to remember is that internal (unix) strings in Samba
+may now contain multi-byte characters. This means you cannot assume
+that characters are always 1 byte long. Often this means that you will
+have to convert strings to ucs2 and back again in order to do some
+(seemingly) simple task. For examples of how to do this see functions
+like strchr_m(). I know this is very slow, and we will eventually
+speed it up but right now we want this stuff correct not fast.
+
+Other rules:
+
+  - all lp_ functions now return unix strings. The magic "DOS" flag on
+    parameters is gone.
+  - all vfs functions take unix strings. Don't convert when passing to
+    them
+
+
+=============================================================================
+This section describes the macros defined in byteorder.h.  These macros 
+are used extensively in the Samba code.
+
+-----------------------------------------------------------------------------
+CVAL(buf,pos)
+
+returns the byte at offset pos within buffer buf as an unsigned character.
+
+-----------------------------------------------------------------------------
+PVAL(buf,pos)
+
+returns the value of CVAL(buf,pos) cast to type unsigned integer.
+
+-----------------------------------------------------------------------------
+SCVAL(buf,pos,val)
+
+sets the byte at offset pos within buffer buf to value val.
+
+-----------------------------------------------------------------------------
+SVAL(buf,pos)
+
+returns the value of the unsigned short (16 bit) little-endian integer at 
+offset pos within buffer buf.  An integer of this type is sometimes
+refered to as "USHORT".
+
+-----------------------------------------------------------------------------
+IVAL(buf,pos)
+
+returns the value of the unsigned 32 bit little-endian integer at offset 
+pos within buffer buf.
+
+-----------------------------------------------------------------------------
+SVALS(buf,pos)
+
+returns the value of the signed short (16 bit) little-endian integer at 
+offset pos within buffer buf.
+
+-----------------------------------------------------------------------------
+IVALS(buf,pos)
+
+returns the value of the signed 32 bit little-endian integer at offset pos
+within buffer buf.
+
+-----------------------------------------------------------------------------
+SSVAL(buf,pos,val)
+
+sets the unsigned short (16 bit) little-endian integer at offset pos within 
+buffer buf to value val.
+
+-----------------------------------------------------------------------------
+SIVAL(buf,pos,val)
+
+sets the unsigned 32 bit little-endian integer at offset pos within buffer 
+buf to the value val.
+
+-----------------------------------------------------------------------------
+SSVALS(buf,pos,val)
+
+sets the short (16 bit) signed little-endian integer at offset pos within 
+buffer buf to the value val.
+
+-----------------------------------------------------------------------------
+SIVALS(buf,pos,val)
+
+sets the signed 32 bit little-endian integer at offset pos withing buffer
+buf to the value val.
+
+-----------------------------------------------------------------------------
+RSVAL(buf,pos)
+
+returns the value of the unsigned short (16 bit) big-endian integer at 
+offset pos within buffer buf.
+
+-----------------------------------------------------------------------------
+RIVAL(buf,pos)
+
+returns the value of the unsigned 32 bit big-endian integer at offset 
+pos within buffer buf.
+
+-----------------------------------------------------------------------------
+RSSVAL(buf,pos,val)
+
+sets the value of the unsigned short (16 bit) big-endian integer at 
+offset pos within buffer buf to value val.
+refered to as "USHORT".
+
+-----------------------------------------------------------------------------
+RSIVAL(buf,pos,val)
+
+sets the value of the unsigned 32 bit big-endian integer at offset 
+pos within buffer buf to value val.
+
+
+
+
+
+=============================================================================
+This section describes the functions need to make a LAN Manager RPC call.
+This information had been obtained by examining the Samba code and the LAN
+Manager 2.0 API documentation.  It should not be considered entirely
+reliable.
+
+-----------------------------------------------------------------------------
+call_api(int prcnt, int drcnt, int mprcnt, int mdrcnt, 
+	char *param, char *data, char **rparam, char **rdata);
+
+This function is defined in client.c.  It uses an SMB transaction to call a
+remote api.
+
+The parameters are as follows:
+
+prcnt:   the number of bytes of parameters begin sent.
+drcnt:   the number of bytes of data begin sent.
+mprcnt:  the maximum number of bytes of parameters which should be returned
+mdrcnt:  the maximum number of bytes of data which should be returned
+param:   a pointer to the parameters to be sent.
+data:    a pointer to the data to be sent.
+rparam:  a pointer to a pointer which will be set to point to the returned
+	 paramters.  The caller of call_api() must deallocate this memory.
+rdata:   a pointer to a pointer which will be set to point to the returned 
+	 data.  The caller of call_api() must deallocate this memory.
+
+-----------------------------------------------------------------------------
+These are the parameters which you ought to send, in the order of their
+appearance in the parameter block:
+
+* An unsigned 16 bit integer API number.  You should set this value with
+SSVAL().  I do not know where these numbers are described.
+
+* An ASCIIZ string describing the parameters to the API function as defined
+in the LAN Manager documentation.  The first parameter, which is the server
+name, is ommited.  This string is based uppon the API function as described
+in the manual, not the data which is actually passed.
+
+* An ASCIIZ string describing the data structure which ought to be returned.
+
+* Any parameters which appear in the function call, as defined in the LAN
+Manager API documentation, after the "Server" and up to and including the
+"uLevel" parameters.
+
+* An unsigned 16 bit integer which gives the size in bytes of the buffer we
+will use to receive the returned array of data structures.  Presumably this
+should be the same as mdrcnt.  This value should be set with SSVAL().
+
+* An ASCIIZ string describing substructures which should be returned.  If no 
+substructures apply, this string is of zero length.
+
+-----------------------------------------------------------------------------
+The code in client.c always calls call_api() with no data.  It is unclear
+when a non-zero length data buffer would be sent.
+
+-----------------------------------------------------------------------------
+The returned parameters (pointed to by rparam), in their order of appearance
+are:
+
+* An unsigned 16 bit integer which contains the API function's return code. 
+This value should be read with SVAL().
+
+* An adjustment which tells the amount by which pointers in the returned
+data should be adjusted.  This value should be read with SVAL().  Basically, 
+the address of the start of the returned data buffer should have the returned
+pointer value added to it and then have this value subtracted from it in
+order to obtain the currect offset into the returned data buffer.
+
+* A count of the number of elements in the array of structures returned. 
+It is also possible that this may sometimes be the number of bytes returned.
+
+-----------------------------------------------------------------------------
+When call_api() returns, rparam points to the returned parameters.  The
+first if these is the result code.  It will be zero if the API call
+suceeded.  This value by be read with "SVAL(rparam,0)".
+
+The second parameter may be read as "SVAL(rparam,2)".  It is a 16 bit offset
+which indicates what the base address of the returned data buffer was when
+it was built on the server.  It should be used to correct pointer before
+use.
+
+The returned data buffer contains the array of returned data structures. 
+Note that all pointers must be adjusted before use.  The function
+fix_char_ptr() in client.c can be used for this purpose.
+
+The third parameter (which may be read as "SVAL(rparam,4)") has something to
+do with indicating the amount of data returned or possibly the amount of
+data which can be returned if enough buffer space is allowed.
+
+-----------------------------------------------------------------------------
+Certain data structures are described by means of ASCIIz strings containing
+code characters.  These are the code characters:
+
+W	a type byte little-endian unsigned integer
+N	a count of substructures which follow
+D	a four byte little-endian unsigned integer
+B	a byte (with optional count expressed as trailing ASCII digits)
+z	a four byte offset to a NULL terminated string
+l	a four byte offset to non-string user data
+b	an offset to data (with count expressed as trailing ASCII digits)
+r	pointer to returned data buffer???
+L	length in bytes of returned data buffer???
+h	number of bytes of information available???
+
+----------------------------------------------------------------------------
diff --git a/source3/intl/.cvsignore b/source3/intl/.cvsignore
new file mode 100644
index 0000000000..5f2a5c4cf7
--- /dev/null
+++ b/source3/intl/.cvsignore
@@ -0,0 +1,2 @@
+*.po
+*.po32
diff --git a/source3/intl/lang_tdb.c b/source3/intl/lang_tdb.c
new file mode 100644
index 0000000000..d5e8bd41bd
--- /dev/null
+++ b/source3/intl/lang_tdb.c
@@ -0,0 +1,222 @@
+/* 
+   Unix SMB/CIFS implementation.
+   tdb based replacement for gettext 
+   Copyright (C) Andrew Tridgell 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+static TDB_CONTEXT *tdb;
+
+/* the currently selected language */
+static char *current_lang;
+
+
+/* load a msg file into the tdb */
+static BOOL load_msg(const char *msg_file)
+{
+	char **lines;
+	int num_lines, i;
+	char *msgid, *msgstr;
+	TDB_DATA key, data;
+
+	lines = file_lines_load(msg_file, &num_lines);
+
+	if (!lines) {
+		return False;
+	}
+
+	if (tdb_lockall(tdb) != 0) return False;
+
+	/* wipe the db */
+	tdb_traverse(tdb, tdb_traverse_delete_fn, NULL);
+
+	msgid = NULL;
+	
+	for (i=0;i<num_lines;i++) {
+		if (strncmp(lines[i], "msgid \"", 7) == 0) {
+			msgid = lines[i] + 7;
+		}
+		if (msgid && strncmp(lines[i], "msgstr \"", 8) == 0) {
+			msgstr = lines[i] + 8;
+			trim_string(msgid, NULL, "\"");
+			trim_string(msgstr, NULL, "\"");
+			if (*msgstr == 0) {
+				msgstr = msgid;
+			}
+			key.dptr = msgid;
+			key.dsize = strlen(msgid)+1;
+			data.dptr = msgstr;
+			data.dsize = strlen(msgstr)+1;
+			tdb_store(tdb, key, data, 0);
+			msgid = NULL;
+		}
+	}
+
+	file_lines_free(lines);
+	tdb_unlockall(tdb);
+
+	return True;
+}
+
+
+/* work out what language to use from locale variables */
+static char *get_lang(void)
+{
+	char *vars[] = {"LANGUAGE", "LC_ALL", "LC_LANG", "LANG", NULL};
+	int i;
+	char *p;
+
+	for (i=0; vars[i]; i++) {
+		if ((p = getenv(vars[i]))) {
+			return p;
+		}
+	}
+
+	return NULL;
+}
+
+/* initialise the message translation subsystem. If the "lang" argument
+   is NULL then get the language from the normal environment variables */
+BOOL lang_tdb_init(const char *lang)
+{
+	char *path = NULL;
+	char *msg_path = NULL;
+	struct stat st;
+	static int initialised;
+	time_t loadtime;
+
+	/* we only want to init once per process, unless given
+	   an override */
+	if (initialised && !lang) return True;
+
+	if (initialised) {
+		/* we are re-initialising, free up any old init */
+		tdb_close(tdb);
+		tdb = NULL;
+		SAFE_FREE(current_lang);
+	}
+
+	initialised = 1;
+
+	if (!lang) {
+		/* no lang given, use environment */
+		lang = get_lang();
+	}
+
+	/* if no lang then we don't translate */
+	if (!lang) return True;
+
+	asprintf(&msg_path, "%s.msg", lib_path((char *)lang));
+	if (stat(msg_path, &st) != 0) {
+		/* the msg file isn't available */
+		free(msg_path);
+		return False;
+	}
+	
+
+	asprintf(&path, "%s%s.tdb", lock_path("lang_"), lang);
+
+	tdb = tdb_open_log(path, 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0644);
+	if (!tdb) {
+		tdb = tdb_open_log(path, 0, TDB_DEFAULT, O_RDONLY, 0);
+		free(path);
+		free(msg_path);
+		if (!tdb) return False;
+		current_lang = strdup(lang);
+		return True;
+	}
+
+	free(path);
+
+	loadtime = tdb_fetch_int32(tdb, "/LOADTIME/");
+
+	if (loadtime == -1 || loadtime < st.st_mtime) {
+		load_msg(msg_path);
+		tdb_store_int32(tdb, "/LOADTIME/", (int)time(NULL));
+	}
+	free(msg_path);
+
+	current_lang = strdup(lang);
+
+	return True;
+}
+
+/* translate a msgid to a message string in the current language 
+   returns a string that must be freed by calling lang_msg_free()
+*/
+const char *lang_msg(const char *msgid)
+{
+	TDB_DATA key, data;
+
+	lang_tdb_init(NULL);
+
+	if (!tdb) return msgid;
+
+	key.dptr = (char *)msgid;
+	key.dsize = strlen(msgid)+1;
+	
+	data = tdb_fetch(tdb, key);
+
+	/* if the message isn't found then we still need to return a pointer
+	   that can be freed. Pity. */
+	if (!data.dptr) return strdup(msgid);
+
+	return (const char *)data.dptr;
+}
+
+
+/* free up a string from lang_msg() */
+void lang_msg_free(const char *msgstr)
+{
+	if (!tdb) return;
+	free((void *)msgstr);
+}
+
+
+/*
+  when the _() translation macro is used there is no obvious place to free
+  the resulting string and there is no easy way to give a static pointer.
+  All we can do is rotate between some static buffers and hope a single d_printf() 
+  doesn't have more calls to _() than the number of buffers 
+*/
+const char *lang_msg_rotate(const char *msgid)
+{
+#define NUM_LANG_BUFS 4
+	char *msgstr;
+	static pstring bufs[NUM_LANG_BUFS];
+	static int next;
+
+	msgstr = (char *)lang_msg(msgid);
+	if (!msgstr) return msgid;
+
+	pstrcpy(bufs[next], msgstr);
+	msgstr = bufs[next];
+
+	next = (next+1) % NUM_LANG_BUFS;
+	
+	return msgstr;
+}
+
+
+/* 
+   return the current language - needed for language file mappings 
+*/
+char *lang_tdb_current(void)
+{
+	return current_lang;
+}
diff --git a/source3/intl/linux-msg.sed b/source3/intl/linux-msg.sed
new file mode 100644
index 0000000000..5918e720a9
--- /dev/null
+++ b/source3/intl/linux-msg.sed
@@ -0,0 +1,100 @@
+# po2msg.sed - Convert Uniforum style .po file to Linux style .msg file
+# Copyright (C) 1995 Free Software Foundation, Inc.
+# Ulrich Drepper <drepper@gnu.ai.mit.edu>, 1995.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+#
+#
+# The first directive in the .msg should be the definition of the
+# message set number.  We use always set number 1.
+#
+1 {
+  i\
+$set 1 # Automatically created by po2msg.sed
+  h
+  s/.*/0/
+  x
+}
+#
+# Mitch's old catalog format does not allow comments.
+#
+# We copy the original message as a comment into the .msg file.
+#
+/^msgid/ {
+  s/msgid[ 	]*"//
+#
+# This does not work now with the new format.
+# /"$/! {
+#   s/\\$//
+#   s/$/ ... (more lines following)"/
+# }
+  x
+# The following nice solution is by
+# Bruno <Haible@ma2s2.mathematik.uni-karlsruhe.de>
+  td
+# Increment a decimal number in pattern space.
+# First hide trailing `9' digits.
+  :d
+  s/9\(_*\)$/_\1/
+  td
+# Assure at least one digit is available.
+  s/^\(_*\)$/0\1/
+# Increment the last digit.
+  s/8\(_*\)$/9\1/
+  s/7\(_*\)$/8\1/
+  s/6\(_*\)$/7\1/
+  s/5\(_*\)$/6\1/
+  s/4\(_*\)$/5\1/
+  s/3\(_*\)$/4\1/
+  s/2\(_*\)$/3\1/
+  s/1\(_*\)$/2\1/
+  s/0\(_*\)$/1\1/
+# Convert the hidden `9' digits to `0's.
+  s/_/0/g
+  x
+  G
+  s/\(.*\)"\n\([0-9]*\)/$ #\2 Original Message:(\1)/p
+}
+#
+# The .msg file contains, other then the .po file, only the translations
+# but each given a unique ID.  Starting from 1 and incrementing by 1 for
+# each message we assign them to the messages.
+# It is important that the .po file used to generate the cat-id-tbl.c file
+# (with po-to-tbl) is the same as the one used here.  (At least the order
+# of declarations must not be changed.)
+#
+/^msgstr/ {
+  s/msgstr[ 	]*"\(.*\)"/# \1/
+# Clear substitution flag.
+  tb
+# Append the next line.
+  :b
+  N
+# Look whether second part is continuation line.
+  s/\(.*\n\)"\(.*\)"/\1\2/
+# Yes, then branch.
+  ta
+  P
+  D
+# Note that D includes a jump to the start!!
+# We found a continuation line.  But before printing insert '\'.
+  :a
+  s/\(.*\)\(\n.*\)/\1\\\2/
+  P
+# We cannot use D here.
+  s/.*\n\(.*\)/\1/
+  tb
+}
+d
diff --git a/source3/lib/.cvsignore b/source3/lib/.cvsignore
new file mode 100644
index 0000000000..07da2225c7
--- /dev/null
+++ b/source3/lib/.cvsignore
@@ -0,0 +1,3 @@
+*.po
+*.po32
+
diff --git a/source3/lib/access.c b/source3/lib/access.c
index 14a84b2fb4..f12ee92799 100644
--- a/source3/lib/access.c
+++ b/source3/lib/access.c
@@ -1,147 +1,162 @@
 /* 
-This module is an adaption of code from the tcpd-1.4 package written
-by Wietse Venema, Eindhoven University of Technology, The Netherlands.
+   This module is an adaption of code from the tcpd-1.4 package written
+   by Wietse Venema, Eindhoven University of Technology, The Netherlands.
 
-The code is used here with permission.
+   The code is used here with permission.
 
-The code has been considerably changed from the original. Bug reports
-should be sent to Andrew.Tridgell@anu.edu.au
+   The code has been considerably changed from the original. Bug reports
+   should be sent to samba@samba.org
 */
 
 #include "includes.h"
-#include "loadparm.h"
 
-#define ALLOW_PURE_ADDRESSES
-
-extern int DEBUGLEVEL;
-
-#ifndef	INADDR_NONE
-#define	INADDR_NONE	((unsigned long)~0)
-#endif
-
-
-#define FROM_ADDRLEN  (4*3+3+1)
-#define Good True
-#define Bad False
-
-#define CLIENT_MATCH client_match
-
-/* Delimiters for lists of daemons or clients. */
-
-static char sep[] = ", \t";
-
-/* Constants to be used in assignments only, not in comparisons... */
-
-#define	YES		1
-#define	NO		0
 #define	FAIL		(-1)
 
-/* Forward declarations. */
-BOOL allow_access(char *deny_list,char *allow_list,struct from_host *client);
-static int list_match(char *list,char *item, int (*match_fn)());
-static int client_match(char *tok,char *item);
-static int string_match(char *tok,char *s);
-static int masked_match(char *tok, char *slash, char *s);
-static int matchname(char *remotehost,struct in_addr  addr);
-BOOL fromhost(int sock,struct from_host *f);
-
-
-/* Size of logical line buffer. */
-#define	BUFLEN 2048
+#define ALLONES  ((uint32)0xFFFFFFFF)
 
+/* masked_match - match address against netnumber/netmask */
+static int masked_match(char *tok, char *slash, char *s)
+{
+	uint32 net;
+	uint32 mask;
+	uint32 addr;
+
+	if ((addr = interpret_addr(s)) == INADDR_NONE)
+		return (False);
+	*slash = 0;
+	net = interpret_addr(tok);
+	*slash = '/';
+
+        if (strlen(slash + 1) > 2) {
+                mask = interpret_addr(slash + 1);
+        } else {
+		mask = (uint32)((ALLONES >> atoi(slash + 1)) ^ ALLONES);
+        }
+
+	if (net == INADDR_NONE || mask == INADDR_NONE) {
+		DEBUG(0,("access: bad net/mask access control: %s\n", tok));
+		return (False);
+	}
+	return ((addr & mask) == net);
+}
 
-/* return true if access should be allowed to a service*/
-BOOL check_access(int snum)
+/* string_match - match string against token */
+static int string_match(char *tok,char *s, char *invalid_char)
 {
-  extern int Client;
-  extern struct from_host Client_info;
-  char *denyl,*allowl;
-  BOOL ret = False;
+	size_t     tok_len;
+	size_t     str_len;
+	char   *cut;
+
+	*invalid_char = '\0';
+
+	/* Return True if a token has the magic value "ALL". Return
+	 * FAIL if the token is "FAIL". If the token starts with a "."
+	 * (domain name), return True if it matches the last fields of
+	 * the string. If the token has the magic value "LOCAL",
+	 * return True if the string does not contain a "."
+	 * character. If the token ends on a "." (network number),
+	 * return True if it matches the first fields of the
+	 * string. If the token begins with a "@" (netgroup name),
+	 * return True if the string is a (host) member of the
+	 * netgroup. Return True if the token fully matches the
+	 * string. If the token is a netnumber/netmask pair, return
+	 * True if the address is a member of the specified subnet.  
+	 */
+
+	if (tok[0] == '.') {			/* domain: match last fields */
+		if ((str_len = strlen(s)) > (tok_len = strlen(tok))
+		    && strcasecmp(tok, s + str_len - tok_len) == 0)
+			return (True);
+	} else if (tok[0] == '@') { /* netgroup: look it up */
+#ifdef	HAVE_NETGROUP
+		static char *mydomain = NULL;
+		char *hostname = NULL;
+		BOOL netgroup_ok = False;
+
+		if (!mydomain) yp_get_default_domain(&mydomain);
+
+		if (!mydomain) {
+			DEBUG(0,("Unable to get default yp domain.\n"));
+			return False;
+		}
+		if (!(hostname = strdup(s))) {
+			DEBUG(1,("out of memory for strdup!\n"));
+			return False;
+		}
+		
+		netgroup_ok = innetgr(tok + 1, hostname, (char *) 0, mydomain);
+		
+		DEBUG(5,("looking for %s of domain %s in netgroup %s gave %s\n", 
+			 hostname,
+			 mydomain, 
+			 tok+1,
+			 BOOLSTR(netgroup_ok)));
+
+		SAFE_FREE(hostname);
+      
+		if (netgroup_ok) return(True);
+#else
+		DEBUG(0,("access: netgroup support is not configured\n"));
+		return (False);
+#endif
+	} else if (strcasecmp(tok, "ALL") == 0) {	/* all: match any */
+		return (True);
+	} else if (strcasecmp(tok, "FAIL") == 0) {	/* fail: match any */
+		return (FAIL);
+	} else if (strcasecmp(tok, "LOCAL") == 0) {	/* local: no dots */
+		if (strchr_m(s, '.') == 0 && strcasecmp(s, "unknown") != 0)
+			return (True);
+	} else if (!strcasecmp(tok, s)) {   /* match host name or address */
+		return (True);
+	} else if (tok[(tok_len = strlen(tok)) - 1] == '.') {	/* network */
+		if (strncmp(tok, s, tok_len) == 0)
+			return (True);
+	} else if ((cut = strchr_m(tok, '/')) != 0) {	/* netnumber/netmask */
+		if (isdigit((int)s[0]) && masked_match(tok, cut, s))
+			return (True);
+	} else if (strchr_m(tok, '*') != 0) {
+		*invalid_char = '*';
+	} else if (strchr_m(tok, '?') != 0) {
+		*invalid_char = '?';
+	}
+	return (False);
+}
 
-  denyl = lp_hostsdeny(snum);
-  if (denyl) denyl = strdup(denyl);
 
-  allowl = lp_hostsallow(snum);
-  if (allowl) allowl = strdup(allowl);
+/* client_match - match host name and address against token */
+static int client_match(char *tok,char *item)
+{
+    char **client = (char **)item;
+    int     match;
+	char invalid_char = '\0';
 
+    /*
+     * Try to match the address first. If that fails, try to match the host
+     * name if available.
+     */
 
-  fromhost(Client,&Client_info);
+    if ((match = string_match(tok, client[1], &invalid_char)) == 0) {
+		if(invalid_char)
+			DEBUG(0,("client_match: address match failing due to invalid character '%c' found in \
+token '%s' in an allow/deny hosts line.\n", invalid_char, tok ));
 
-  if ((!denyl || *denyl==0) && (!allowl || *allowl==0))
-    ret = True;
+		if (client[0][0] != 0)
+			match = string_match(tok, client[0], &invalid_char);
 
-  if (!ret)
-    {
-      if (!fromhost(Client,&Client_info))
-	DEBUG(0,("ERROR: Can't get from_host info\n"));
-      else
-	{
-	  if (allow_access(denyl,allowl,&Client_info))
-	    {
-	      if (snum >= 0)
-		DEBUG(2,("Allowed connection from %s (%s) to %s\n",
-			 Client_info.name,Client_info.addr,
-			 lp_servicename(snum)));
-	      ret = True;
-	    }
-	  else
-	    if (snum >= 0)
-	      DEBUG(0,("Denied connection from %s (%s) to %s\n",
-		       Client_info.name,Client_info.addr,
-		       lp_servicename(snum)));
+		if(invalid_char)
+			DEBUG(0,("client_match: address match failing due to invalid character '%c' found in \
+token '%s' in an allow/deny hosts line.\n", invalid_char, tok ));
 	}
-    }
-
-  if (denyl) free(denyl);
-  if (allowl) free(allowl);
-  return(ret);
-}
-
 
-/* return true if access should be allowed */
-BOOL allow_access(char *deny_list,char *allow_list,struct from_host *client)
-{
-  /* if theres no deny list and no allow list then allow access */
-  if ((!deny_list || *deny_list == 0) && (!allow_list || *allow_list == 0))
-    return(True);  
-
-  /* if there is an allow list but no deny list then allow only hosts
-     on the allow list */
-  if (!deny_list || *deny_list == 0)
-    return(list_match(allow_list,(char *)client,CLIENT_MATCH));
-
-  /* if theres a deny list but no allow list then allow
-     all hosts not on the deny list */
-  if (!allow_list || *allow_list == 0)
-    return(!list_match(deny_list,(char *)client,CLIENT_MATCH));
-
-  /* if there are both type of list then allow all hosts on the allow list */
-  if (list_match(allow_list,(char *)client,CLIENT_MATCH))
-    return (True);
-
-  /* if there are both type of list and it's not on the allow then
-     allow it if its not on the deny */
-  if (list_match(deny_list,(char *)client,CLIENT_MATCH))
-    return (False);
-
-  return (True);
+    return (match);
 }
 
 /* list_match - match an item against a list of tokens with exceptions */
-/* (All modifications are marked with the initials "jkf") */
-static int list_match(char *list,char *item, int (*match_fn)())
+static int list_match(char **list,char *item, int (*match_fn)(char *, char *))
 {
-    char   *tok;
-    char   *listcopy;		/* jkf */
-    int     match = NO;
-
-    /*
-     * jkf@soton.ac.uk -- 31 August 1994 -- Stop list_match()
-     * overwriting the list given as its first parameter.
-     */
+    int     match = False;
 
-    /* jkf -- can get called recursively with NULL list */
-    listcopy = (list == 0) ? (char *)0 : strdup(list);
+    if (!list) return False;
 
     /*
      * Process tokens one at a time. We have exhausted all possible matches
@@ -150,240 +165,158 @@ static int list_match(char *list,char *item, int (*match_fn)())
      * the match is affected by any exceptions.
      */
 
-    for (tok = strtok(listcopy, sep); tok ; tok = strtok(NULL, sep)) {
-	if (strcasecmp(tok, "EXCEPT") == 0)	/* EXCEPT: give up */
+    for (; *list ; list++) {
+	if (strcasecmp(*list, "EXCEPT") == 0)	/* EXCEPT: give up */
 	    break;
-	if ((match = (*match_fn) (tok, item)))	/* YES or FAIL */
+	if ((match = (*match_fn) (*list, item)))	/* True or FAIL */
 	    break;
     }
-    /* Process exceptions to YES or FAIL matches. */
-
-    if (match != NO) {
-	while ((tok = strtok((char *) 0, sep)) && strcasecmp(tok, "EXCEPT"))
-	     /* VOID */ ;
-	if (tok == 0 || list_match((char *) 0, item, match_fn) == NO) {
-	    if (listcopy != 0) free(listcopy); /* jkf */
-	    return (match);
-	}
-    }
-
-    if (listcopy != 0) free(listcopy); /* jkf */
-    return (NO);
-}
+    /* Process exceptions to True or FAIL matches. */
 
+    if (match != False) {
+	while (*list  && strcasecmp(*list, "EXCEPT"))
+		list++;
 
-/* client_match - match host name and address against token */
-static int client_match(char *tok,char *item)
-{
-    struct from_host *client = (struct from_host *) item;
-    int     match;
-
-    /*
-     * Try to match the address first. If that fails, try to match the host
-     * name if available.
-     */
+	for (; *list; list++) {
+		if ((*match_fn) (*list, item)) /* Exception Found */
+			return False;
+	}
+    }
 
-    if ((match = string_match(tok, client->addr)) == 0)
-	if (client->name[0] != 0)
-	    match = string_match(tok, client->name);
     return (match);
 }
 
-/* string_match - match string against token */
-static int string_match(char *tok,char *s)
-{
-    int     tok_len;
-    int     str_len;
-    char   *cut;
-
-    /*
-     * Return YES if a token has the magic value "ALL". Return FAIL if the
-     * token is "FAIL". If the token starts with a "." (domain name), return
-     * YES if it matches the last fields of the string. If the token has the
-     * magic value "LOCAL", return YES if the string does not contain a "."
-     * character. If the token ends on a "." (network number), return YES if
-     * it matches the first fields of the string. If the token begins with a
-     * "@" (netgroup name), return YES if the string is a (host) member of
-     * the netgroup. Return YES if the token fully matches the string. If the
-     * token is a netnumber/netmask pair, return YES if the address is a
-     * member of the specified subnet.
-     */
 
-    if (tok[0] == '.') {			/* domain: match last fields */
-	if ((str_len = strlen(s)) > (tok_len = strlen(tok))
-	    && strcasecmp(tok, s + str_len - tok_len) == 0)
-	    return (YES);
-    } else if (tok[0] == '@') {			/* netgroup: look it up */
-#ifdef	NETGROUP
-      static char *mydomain = NULL;
-      char *hostname = NULL;
-      BOOL netgroup_ok = False;
-
-      if (!mydomain) yp_get_default_domain(&mydomain);
-
-      if (!(hostname = strdup(s))) {
-	DEBUG(1,("out of memory for strdup!\n"));
-	return NO;
-      }
-
-      netgroup_ok = innetgr(tok + 1, hostname, (char *) 0, mydomain);
-
-      DEBUG(5,("looking for %s of domain %s in netgroup %s gave %s\n", 
-	       hostname,
-	       mydomain, 
-	       tok+1,
-	       BOOLSTR(netgroup_ok)));
-
-#ifdef NETGROUP_INSECURE
-      /* if you really want netgroups that match non qualified names
-	 then define NETGROUP_INSECURE. It can, however, be a big
-	 security hole */
-      {
-	char        *clnt_domain;
-	if (!netgroup_ok && (clnt_domain=strchr(hostname,'.'))) {
-	  *clnt_domain++ = '\0';
-	  netgroup_ok = innetgr(tok + 1, hostname, (char *) 0, mydomain);
+/* return true if access should be allowed */
+BOOL allow_access(char **deny_list,char **allow_list,
+		  char *cname,char *caddr)
+{
+	char *client[2];
+
+	client[0] = cname;
+	client[1] = caddr;  
+
+	/* if it is loopback then always allow unless specifically denied */
+	if (strcmp(caddr, "127.0.0.1") == 0) {
+		/*
+		 * If 127.0.0.1 matches both allow and deny then allow.
+		 * Patch from Steve Langasek vorlon@netexpress.net.
+		 */
+		if (deny_list && 
+			list_match(deny_list,(char *)client,client_match) &&
+				(!allow_list ||
+				!list_match(allow_list,(char *)client, client_match))) {
+			return False;
+		}
+		return True;
 	}
-      }
-#endif
 
-      free(hostname);
-      
-      if (netgroup_ok) return(YES);
-#else
-      DEBUG(0,("access: netgroup support is not configured"));
-      return (NO);
-#endif
-    } else if (strcasecmp(tok, "ALL") == 0) {	/* all: match any */
-	return (YES);
-    } else if (strcasecmp(tok, "FAIL") == 0) {	/* fail: match any */
-	return (FAIL);
-    } else if (strcasecmp(tok, "LOCAL") == 0) {	/* local: no dots */
-	if (strchr(s, '.') == 0 && strcasecmp(s, "unknown") != 0)
-	    return (YES);
-    } else if (!strcasecmp(tok, s)) {	/* match host name or address */
-	return (YES);
-    } else if (tok[(tok_len = strlen(tok)) - 1] == '.') {	/* network */
-	if (strncmp(tok, s, tok_len) == 0)
-	    return (YES);
-    } else if ((cut = strchr(tok, '/')) != 0) {	/* netnumber/netmask */
-	if (isdigit(s[0]) && masked_match(tok, cut, s))
-	    return (YES);
-    }
-    return (NO);
-}
+	/* if theres no deny list and no allow list then allow access */
+	if ((!deny_list || *deny_list == 0) && 
+	    (!allow_list || *allow_list == 0)) {
+		return(True);  
+	}
 
-/* masked_match - match address against netnumber/netmask */
-static int masked_match(char *tok, char *slash, char *s)
-{
-    unsigned long net;
-    unsigned long mask;
-    unsigned long addr;
-
-    if ((addr = interpret_addr(s)) == INADDR_NONE)
-	return (NO);
-    *slash = 0;
-    net = interpret_addr(tok);
-    *slash = '/';
-    if (net == INADDR_NONE || (mask = interpret_addr(slash + 1)) == INADDR_NONE) {
-	DEBUG(0,("access: bad net/mask access control: %s", tok));
-	return (NO);
-    }
-    return ((addr & mask) == net);
+	/* if there is an allow list but no deny list then allow only hosts
+	   on the allow list */
+	if (!deny_list || *deny_list == 0)
+		return(list_match(allow_list,(char *)client,client_match));
+
+	/* if theres a deny list but no allow list then allow
+	   all hosts not on the deny list */
+	if (!allow_list || *allow_list == 0)
+		return(!list_match(deny_list,(char *)client,client_match));
+
+	/* if there are both types of list then allow all hosts on the
+           allow list */
+	if (list_match(allow_list,(char *)client,client_match))
+		return (True);
+
+	/* if there are both types of list and it's not on the allow then
+	   allow it if its not on the deny */
+	if (list_match(deny_list,(char *)client,client_match))
+		return (False);
+	
+	return (True);
 }
 
-
-/* fromhost - find out what is at the other end of a socket */
-BOOL fromhost(int sock,struct from_host *f)
+/* return true if the char* contains ip addrs only.  Used to avoid 
+gethostbyaddr() calls */
+static BOOL only_ipaddrs_in_list(char** list)
 {
-    static struct sockaddr sa;
-    struct sockaddr_in *sockin = (struct sockaddr_in *) (&sa);
-    struct hostent *hp;
-    int     length = sizeof(sa);
-    static char addr_buf[FROM_ADDRLEN];
-    static char name_buf[MAXHOSTNAMELEN];
-    BOOL   takeAddressAsHostname = False;
-
-    if (getpeername(sock, &sa, &length) < 0) 
-      {
-	DEBUG(0,("getpeername failed\n"));
-	return(False);
-      }
-
-    f->sin = sockin;
-    f->addr = strcpy(addr_buf,(char *)inet_ntoa(sockin->sin_addr));
-
-    /* Look up the remote host name. */
-    if ((hp = gethostbyaddr((char *) &sockin->sin_addr,
-			    sizeof(sockin->sin_addr),
-			    AF_INET)) == 0) {
-      DEBUG(1,("Gethostbyaddr failed for %s\n",addr_buf));
-#ifdef ALLOW_PURE_ADDRESSES
-      takeAddressAsHostname = True;
-#else
-      return(False);
-#endif
-    }
-
-    /* Save the host name. A later gethostbyxxx() call may clobber it. */
-    f->name = StrnCpy(name_buf,
-                      takeAddressAsHostname? f->addr : hp->h_name,
-                      sizeof(name_buf) - 1);
-
-    /*
-     * Verify that the host name does not belong to someone else. If host
-     * name verification fails, pretend that the host name lookup failed.
-     */
-    if (!takeAddressAsHostname && !matchname(f->name, sockin->sin_addr))
-      {
-	DEBUG(0,("Matchname failed\n"));
-	return(False);
-      }
-
-    return(True);	
+	BOOL 		only_ip = True;
+	
+	if (!list) return True;
+			
+	for (; *list ; list++) 
+	{
+		/* factor out the special strings */
+		if (!strcasecmp(*list, "ALL") || !strcasecmp(*list, "FAIL") || 
+		    !strcasecmp(*list, "EXCEPT"))
+		{
+			continue;
+		}
+		
+		if (!is_ipaddress(*list))
+		{
+			char *p;
+			/* 
+			 * if we failed, make sure that it was not because the token
+			 * was a network/netmask pair.  Only network/netmask pairs
+			 * have a '/' in them
+			 */
+			if ((p=strchr_m(*list, '/')) == NULL)
+			{
+				only_ip = False;
+				DEBUG(3,("only_ipaddrs_in_list: list has non-ip address (%s)\n", *list));
+				break;
+			}
+		}
+	}
+	
+	return only_ip;
 }
 
-/* matchname - determine if host name matches IP address */
-static int matchname(char *remotehost,struct in_addr  addr)
+/* return true if access should be allowed to a service for a socket */
+BOOL check_access(int sock, char **allow_list, char **deny_list)
 {
-  struct hostent *hp;
-  int     i;
-  
-  if ((hp = Get_Hostbyname(remotehost)) == 0) {
-    DEBUG(0,("Get_Hostbyname(%s): lookup failure", remotehost));
-    return (Bad);
-  } 
-
-    /*
-     * Make sure that gethostbyname() returns the "correct" host name.
-     * Unfortunately, gethostbyname("localhost") sometimes yields
-     * "localhost.domain". Since the latter host name comes from the
-     * local DNS, we just have to trust it (all bets are off if the local
-     * DNS is perverted). We always check the address list, though.
-     */
-  
-  if (strcasecmp(remotehost, hp->h_name)
-      && strcasecmp(remotehost, "localhost")) {
-    DEBUG(0,("host name/name mismatch: %s != %s",
-	  remotehost, hp->h_name));
-    return (Bad);
-  }
+	BOOL ret = False;
+	BOOL only_ip = False;
 	
-  /* Look up the host address in the address list we just got. */
-  for (i = 0; hp->h_addr_list[i]; i++) {
-    if (memcmp(hp->h_addr_list[i], (caddr_t) & addr, sizeof(addr)) == 0)
-      return (Good);
-  }
-
-  /*
-   * The host name does not map to the original host address. Perhaps
-   * someone has compromised a name server. More likely someone botched
-   * it, but that could be dangerous, too.
-   */
-  
-  DEBUG(0,("host name/address mismatch: %s != %s",
-	inet_ntoa(addr), hp->h_name));
-  return (Bad);
-}
+	if ((!deny_list || *deny_list==0) && (!allow_list || *allow_list==0)) 
+	{
+		ret = True;
+	}
 
+	if (!ret) 
+	{
+		/* bypass gethostbyaddr() calls if the lists only contain IP addrs */
+		if (only_ipaddrs_in_list(allow_list) && only_ipaddrs_in_list(deny_list))
+		{
+			only_ip = True;
+			DEBUG (3, ("check_access: no hostnames in host allow/deny list.\n"));
+			ret = allow_access(deny_list,allow_list, "", get_socket_addr(sock));
+		}
+		else
+		{
+			DEBUG (3, ("check_access: hostnames in host allow/deny list.\n"));
+			ret = allow_access(deny_list,allow_list, get_socket_name(sock),
+					   get_socket_addr(sock));
+		}
+		
+		if (ret) 
+		{
+			DEBUG(2,("Allowed connection from %s (%s)\n",
+				 only_ip ? "" : get_socket_name(sock),
+				 get_socket_addr(sock)));
+		} 
+		else 
+		{
+			DEBUG(0,("Denied connection from %s (%s)\n",
+				 only_ip ? "" : get_socket_name(sock),
+				 get_socket_addr(sock)));
+		}
+	}
 
+	return(ret);
+}
diff --git a/source3/lib/account_pol.c b/source3/lib/account_pol.c
new file mode 100644
index 0000000000..07676e2202
--- /dev/null
+++ b/source3/lib/account_pol.c
@@ -0,0 +1,126 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  account policy storage
+ *  Copyright (C) Jean François Micouleau      1998-2001.
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+static TDB_CONTEXT *tdb; /* used for driver files */
+
+#define DATABASE_VERSION 1
+
+/****************************************************************************
+ Open the account policy tdb.
+****************************************************************************/
+
+BOOL init_account_policy(void)
+{
+	static pid_t local_pid;
+	char *vstring = "INFO/version";
+
+	if (tdb && local_pid == sys_getpid())
+		return True;
+	tdb = tdb_open_log(lock_path("account_policy.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
+	if (!tdb) {
+		DEBUG(0,("Failed to open account policy database\n"));
+		return False;
+	}
+
+	local_pid = sys_getpid();
+
+	/* handle a Samba upgrade */
+	tdb_lock_bystring(tdb, vstring);
+	if (tdb_fetch_int32(tdb, vstring) != DATABASE_VERSION) {
+		tdb_traverse(tdb, tdb_traverse_delete_fn, NULL);
+		tdb_store_int32(tdb, vstring, DATABASE_VERSION);
+		
+		account_policy_set(AP_MIN_PASSWORD_LEN, MINPASSWDLENGTH);   /* 5 chars minimum             */
+		account_policy_set(AP_PASSWORD_HISTORY, 0);		    /* don't keep any old password */
+		account_policy_set(AP_USER_MUST_LOGON_TO_CHG_PASS, 0);	    /* don't force user to logon   */
+		account_policy_set(AP_MAX_PASSWORD_AGE, MAX_PASSWORD_AGE);  /* 21 days                     */
+		account_policy_set(AP_MIN_PASSWORD_AGE, 0);		    /* 0 days                      */
+		account_policy_set(AP_LOCK_ACCOUNT_DURATION, 0);	    /* lockout for 0 minutes       */
+		account_policy_set(AP_RESET_COUNT_TIME, 0);		    /* reset immediatly            */
+		account_policy_set(AP_BAD_ATTEMPT_LOCKOUT, 0);		    /* don't lockout               */
+		account_policy_set(AP_TIME_TO_LOGOUT, -1);		    /* don't force logout          */
+	}
+	tdb_unlock_bystring(tdb, vstring);
+
+	return True;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static char *decode_account_policy_name(int field)
+{
+	switch (field) {
+		case AP_MIN_PASSWORD_LEN:
+			return "min password length";
+		case AP_PASSWORD_HISTORY:
+			return "password history";
+		case AP_USER_MUST_LOGON_TO_CHG_PASS:
+			return "user must logon to change password";
+		case AP_MAX_PASSWORD_AGE:
+			return "maximum password age";
+		case AP_MIN_PASSWORD_AGE:
+			return "minimum password age";
+		case AP_LOCK_ACCOUNT_DURATION:
+			return "lockout duration";
+		case AP_RESET_COUNT_TIME:
+			return "reset count minutes";
+		case AP_BAD_ATTEMPT_LOCKOUT:
+			return "bad lockout attempt";
+		case AP_TIME_TO_LOGOUT:
+			return "disconnect time";
+		default:
+			return "undefined value";
+	}
+}
+
+
+/****************************************************************************
+****************************************************************************/
+BOOL account_policy_get(int field, uint32 *value)
+{
+	fstring name;
+
+	init_account_policy();
+
+	fstrcpy(name, decode_account_policy_name(field));
+	*value=tdb_fetch_int32(tdb, name);
+	DEBUG(10,("account_policy_get: %s:%d\n", name, *value));
+	return True;
+}
+
+
+/****************************************************************************
+****************************************************************************/
+BOOL account_policy_set(int field, uint32 value)
+{
+	fstring name;
+
+	init_account_policy();
+
+	fstrcpy(name, decode_account_policy_name(field));
+	if ( tdb_store_int32(tdb, name, value)== -1)
+		return False;
+	DEBUG(10,("account_policy_set: %s:%d\n", name, value));
+	
+	return True;
+}
+
diff --git a/source3/lib/bitmap.c b/source3/lib/bitmap.c
new file mode 100644
index 0000000000..8121c38bd5
--- /dev/null
+++ b/source3/lib/bitmap.c
@@ -0,0 +1,139 @@
+/*
+   Unix SMB/CIFS implementation.
+   simple bitmap functions
+   Copyright (C) Andrew Tridgell 1992-1998
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/* these functions provide a simple way to allocate integers from a
+   pool without repetition */
+
+/****************************************************************************
+allocate a bitmap of the specified size
+****************************************************************************/
+struct bitmap *bitmap_allocate(int n)
+{
+	struct bitmap *bm;
+
+	bm = (struct bitmap *)malloc(sizeof(*bm));
+
+	if (!bm) return NULL;
+	
+	bm->n = n;
+	bm->b = (uint32 *)malloc(sizeof(bm->b[0])*(n+31)/32);
+	if (!bm->b) {
+		SAFE_FREE(bm);
+		return NULL;
+	}
+
+	memset(bm->b, 0, sizeof(bm->b[0])*(n+31)/32);
+
+	return bm;
+}
+
+/****************************************************************************
+free a bitmap.
+****************************************************************************/
+
+void bitmap_free(struct bitmap *bm)
+{
+	if (!bm)
+		return;
+
+	SAFE_FREE(bm->b);
+	SAFE_FREE(bm);
+}
+
+/****************************************************************************
+set a bit in a bitmap
+****************************************************************************/
+BOOL bitmap_set(struct bitmap *bm, unsigned i)
+{
+	if (i >= bm->n) {
+		DEBUG(0,("Setting invalid bitmap entry %d (of %d)\n",
+		      i, bm->n));
+		return False;
+	}
+	bm->b[i/32] |= (1<<(i%32));
+	return True;
+}
+
+/****************************************************************************
+clear a bit in a bitmap
+****************************************************************************/
+BOOL bitmap_clear(struct bitmap *bm, unsigned i)
+{
+	if (i >= bm->n) {
+		DEBUG(0,("clearing invalid bitmap entry %d (of %d)\n",
+		      i, bm->n));
+		return False;
+	}
+	bm->b[i/32] &= ~(1<<(i%32));
+	return True;
+}
+
+/****************************************************************************
+query a bit in a bitmap
+****************************************************************************/
+BOOL bitmap_query(struct bitmap *bm, unsigned i)
+{
+	if (i >= bm->n) return False;
+	if (bm->b[i/32] & (1<<(i%32))) {
+		return True;
+	}
+	return False;
+}
+
+/****************************************************************************
+find a zero bit in a bitmap starting at the specified offset, with
+wraparound
+****************************************************************************/
+int bitmap_find(struct bitmap *bm, unsigned ofs)
+{
+	int i, j;
+
+	if (ofs > bm->n) ofs = 0;
+
+	i = ofs;
+	while (i < bm->n) {
+		if (~(bm->b[i/32])) {
+			j = i;
+			do {
+				if (!bitmap_query(bm, j)) return j;
+				j++;
+			} while (j & 31 && j < bm->n);
+		}
+		i += 32;
+		i &= ~31;
+	}
+
+	i = 0;
+	while (i < ofs) {
+		if (~(bm->b[i/32])) {
+			j = i;
+			do {
+				if (!bitmap_query(bm, j)) return j;
+				j++;
+			} while (j & 31 && j < bm->n);
+		}
+		i += 32;
+		i &= ~31;
+	}
+
+	return -1;
+}
diff --git a/source3/lib/charcnv.c b/source3/lib/charcnv.c
index 049390f2a4..cdfca8eb97 100644
--- a/source3/lib/charcnv.c
+++ b/source3/lib/charcnv.c
@@ -1,8 +1,9 @@
 /* 
-   Unix SMB/Netbios implementation.
-   Version 1.9.
+   Unix SMB/CIFS implementation.
    Character set conversion Extensions
-   Copyright (C) Andrew Tridgell 1992-1994
+   Copyright (C) Igor Vergeichik <iverg@mail.ru> 2001
+   Copyright (C) Andrew Tridgell 2001
+   Copyright (C) Simo Sorce 2001
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -20,107 +21,768 @@
 
 */
 #include "includes.h"
-extern int DEBUGLEVEL;
 
-static char cvtbuf[1024];
+static pstring cvtbuf;
 
-static mapsinited = 0;
+static smb_iconv_t conv_handles[NUM_CHARSETS][NUM_CHARSETS];
 
-static char unix2dos[256];
-static char dos2unix[256];
+/****************************************************************************
+return the name of a charset to give to iconv()
+****************************************************************************/
+static char *charset_name(charset_t ch)
+{
+	char *ret = NULL;
+
+	if (ch == CH_UCS2) ret = "UCS-2LE";
+	else if (ch == CH_UNIX) ret = lp_unix_charset();
+	else if (ch == CH_DOS) ret = lp_dos_charset();
+	else if (ch == CH_DISPLAY) ret = lp_display_charset();
+	else if (ch == CH_UTF8) ret = "UTF8";
+
+	if (!ret || !*ret) ret = "ASCII";
+	return ret;
+}
+
+
+static void lazy_initialize_conv(void)
+{
+	static int initialized = False;
+
+	if (!initialized) {
+		initialized = True;
+		load_case_tables();
+		init_iconv();
+		init_valid_table();
+	}
+}
+
+/****************************************************************************
+ Initialize iconv conversion descriptors 
+****************************************************************************/
+void init_iconv(void)
+{
+	int c1, c2;
+	BOOL did_reload = False;
+
+	/* so that charset_name() works we need to get the UNIX<->UCS2 going
+	   first */
+	if (!conv_handles[CH_UNIX][CH_UCS2]) {
+		conv_handles[CH_UNIX][CH_UCS2] = smb_iconv_open("UCS-2LE", "ASCII");
+	}
+	if (!conv_handles[CH_UCS2][CH_UNIX]) {
+		conv_handles[CH_UCS2][CH_UNIX] = smb_iconv_open("ASCII", "UCS-2LE");
+	}
+	
+
+	for (c1=0;c1<NUM_CHARSETS;c1++) {
+		for (c2=0;c2<NUM_CHARSETS;c2++) {
+			char *n1 = charset_name((charset_t)c1);
+			char *n2 = charset_name((charset_t)c2);
+			if (conv_handles[c1][c2] &&
+			    strcmp(n1, conv_handles[c1][c2]->from_name) == 0 &&
+			    strcmp(n2, conv_handles[c1][c2]->to_name) == 0) continue;
+
+			did_reload = True;
+
+			if (conv_handles[c1][c2]) {
+				smb_iconv_close(conv_handles[c1][c2]);
+			}
+			conv_handles[c1][c2] = smb_iconv_open(n2,n1);
+			if (conv_handles[c1][c2] == (smb_iconv_t)-1) {
+				DEBUG(0,("Conversion from %s to %s not supported\n",
+					 charset_name((charset_t)c1), charset_name((charset_t)c2)));
+				conv_handles[c1][c2] = NULL;
+			}
+		}
+	}
+
+	if (did_reload) {
+		init_valid_table();
+	}
+}
+
+/**
+ * Convert string from one encoding to another, making error checking etc
+ *
+ * @param descriptor conversion descriptor, created in init_iconv()
+ * @param src pointer to source string (multibyte or singlebyte)
+ * @param srclen length of the source string in bytes
+ * @param dest pointer to destination string (multibyte or singlebyte)
+ * @param destlen maximal length allowed for string
+ * @retval the number of bytes occupied in the destination
+ **/
+size_t convert_string(charset_t from, charset_t to,
+		      void const *src, size_t srclen, 
+		      void *dest, size_t destlen)
+{
+	size_t i_len, o_len;
+	size_t retval;
+	const char* inbuf = (const char*)src;
+	char* outbuf = (char*)dest;
+	smb_iconv_t descriptor;
+
+	if (srclen == -1) srclen = strlen(src)+1;
 
-static void initmaps() {
-    int k;
+	lazy_initialize_conv();
 
-    for (k = 0; k < 256; k++) unix2dos[k] = k;
-    for (k = 0; k < 256; k++) dos2unix[k] = k;
+	descriptor = conv_handles[from][to];
 
-    mapsinited = 1;
+	if (descriptor == (smb_iconv_t)-1 || descriptor == (smb_iconv_t)0) {
+		/* conversion not supported, use as is */
+		int len = MIN(srclen,destlen);
+		memcpy(dest,src,len);
+		return len;
+	}
+
+	i_len=srclen;
+	o_len=destlen;
+	retval = smb_iconv(descriptor,  &inbuf, &i_len, &outbuf, &o_len);
+	if(retval==-1) 		
+	{
+	    	char *reason="unknown error";
+		switch(errno)
+		{ case EINVAL: reason="Incomplete multibyte sequence"; break;
+		  case E2BIG:  reason="No more room"; 
+		   	       DEBUG(0, ("Required %d, available %d\n",
+			       srclen, destlen));
+			       /* we are not sure we need srclen bytes,
+			          may be more, may be less.
+				  We only know we need more than destlen
+				  bytes ---simo */
+				
+						
+		               break;
+		  case EILSEQ: reason="Illegal multibyte sequence"; break;
+		}
+		/* smb_panic(reason); */
+	}
+	return destlen-o_len;
 }
 
-static void update_map(char * str) {
-    char *p;
+/**
+ * Convert between character sets, allocating a new buffer for the result.
+ *
+ * @param srclen length of source buffer.
+ * @param dest always set at least to NULL
+ * @note -1 is not accepted for srclen.
+ *
+ * @retval Size in bytes of the converted string; or -1 in case of error.
+ **/
+size_t convert_string_allocate(charset_t from, charset_t to,
+		      		void const *src, size_t srclen, void **dest)
+{
+	size_t i_len, o_len, destlen;
+	size_t retval;
+	const char *inbuf = (const char *)src;
+	char *outbuf, *ob;
+	smb_iconv_t descriptor;
+
+	*dest = NULL;
+
+	if (src == NULL || srclen == -1) return -1;
+
+	lazy_initialize_conv();
 
-    for (p = str; *p; p++) {
-        if (p[1]) {
-            unix2dos[(unsigned char)*p] = p[1];
-            dos2unix[(unsigned char)p[1]] = *p;
-            p++;
-        }
-    }
+	descriptor = conv_handles[from][to];
+
+	if (descriptor == (smb_iconv_t)-1 || descriptor == (smb_iconv_t)0) {
+		/* conversion not supported, return -1*/
+		DEBUG(3, ("convert_string_allocate: conversion not supported!\n"));
+		return -1;
+	}
+
+	destlen = MAX(srclen, 512);
+	outbuf = NULL;
+convert:
+	destlen = destlen * 2;
+	ob = (char *)realloc(outbuf, destlen);
+	if (!ob) {
+		DEBUG(0, ("convert_string_allocate: realloc failed!\n"));
+		SAFE_FREE(outbuf);
+		return -1;
+	}
+	else outbuf = ob;
+	i_len = srclen;
+	o_len = destlen;
+	retval = smb_iconv(descriptor,
+			   &inbuf, &i_len,
+			   &outbuf, &o_len);
+	if(retval == -1) 		
+	{
+	    	char *reason="unknown error";
+		switch(errno)
+		{
+		case EINVAL:
+			reason="Incomplete multibyte sequence";
+			break;
+		case E2BIG:
+			goto convert;		
+		case EILSEQ:
+			reason="Illegal multibyte sequence";
+			break;
+		}
+		DEBUG(0,("Conversion error: %s(%s)\n",reason,inbuf));
+		/* smb_panic(reason); */
+		return -1;
+	}
+	
+	destlen = destlen - o_len;
+	*dest = (char *)Realloc(ob,destlen);
+	if (!*dest) {
+		DEBUG(0, ("convert_string_allocate: out of memory!\n"));
+		SAFE_FREE(ob);
+		return -1;
+	}
+
+	return destlen;
 }
 
-static void initiso() {
+/**
+ * Convert between character sets, allocating a new buffer using talloc for the result.
+ *
+ * @param srclen length of source buffer.
+ * @param dest always set at least to NULL 
+ * @note -1 is not accepted for srclen.
+ *
+ * @retval Size in bytes of the converted string; or -1 in case of error.
+ **/
+size_t convert_string_talloc(TALLOC_CTX *ctx, charset_t from, charset_t to,
+		      		void const *src, size_t srclen, void **dest)
+{
+	void *ob;
+	size_t dest_len;
 
-    if (!mapsinited) initmaps();
+	*dest = NULL;
+	dest_len=convert_string_allocate(from, to, src, srclen, (void **)&ob);
+	if (dest_len == -1)
+		return -1;
+	*dest = talloc_strdup(ctx, (char *)ob);
+	SAFE_FREE(ob);
+	if (*dest == NULL)
+		return -1;
+	return dest_len;
+}
 
-    update_map("\241\255\242\233\243\234\244\236\245\235\246\272\247\025\250\251");
-    update_map("\251\273\252\246\253\256\254\252\255\274\256\310\257\257\260\370");
-    update_map("\261\361\262\375\263\264\264\265\265\266\266\024\267\371\270\267");
-    update_map("\271\270\272\247\273\275\274\254\275\253\276\276\277\250\200\277");
-    update_map("\301\300\302\301\303\302\304\216\305\217\306\222\307\200\310\303");
-    update_map("\311\220\312\305\313\306\314\307\315\315\316\317\317\320\320\311");
-    update_map("\321\245\322\321\323\322\324\323\325\324\326\231\327\312\330\325");
-    update_map("\331\326\332\327\333\330\334\232\335\313\336\314\337\341\340\205");
-    update_map("\341\240\342\203\343\331\344\204\345\206\346\221\347\207\350\212");
-    update_map("\351\202\352\210\353\211\354\215\355\241\356\214\357\213\360\316");
-    update_map("\361\244\362\225\363\242\364\223\365\332\366\224\367\366\370\362");
-    update_map("\371\227\372\243\373\226\374\201\375\304\376\263\377\230");
+int unix_strupper(const char *src, size_t srclen, char *dest, size_t destlen)
+{
+	int size;
+	smb_ucs2_t *buffer=(smb_ucs2_t*)cvtbuf;
+	size=convert_string(CH_UNIX, CH_UCS2, src, srclen, buffer, sizeof(cvtbuf));
+	if (!strupper_w(buffer) && (dest == src)) return srclen;
+	return convert_string(CH_UCS2, CH_UNIX, buffer, size, dest, destlen);
 }
 
-/*
- * Convert unix to dos
- */
-char *
-unix2dos_format(char *str,BOOL overwrite)
+int unix_strlower(const char *src, size_t srclen, char *dest, size_t destlen)
 {
-    char *p;
-    char *dp;
+	int size;
+	smb_ucs2_t *buffer=(smb_ucs2_t*)cvtbuf;
+	size=convert_string(CH_UNIX, CH_UCS2, src, srclen, buffer, sizeof(cvtbuf));
+	if (!strlower_w(buffer) && (dest == src)) return srclen;
+	return convert_string(CH_UCS2, CH_UNIX, buffer, size, dest, destlen);
+}
+
 
-    if (!mapsinited) initmaps();
-    if (overwrite) {
-        for (p = str; *p; p++) *p = unix2dos[(unsigned char)*p];
-        return str;
-    } else {
-        for (p = str, dp = cvtbuf; *p; p++,dp++) *dp = unix2dos[(unsigned char)*p];
-        *dp = 0;
-        return cvtbuf;
-    }
+int ucs2_align(const void *base_ptr, const void *p, int flags)
+{
+	if (flags & (STR_NOALIGN|STR_ASCII)) return 0;
+	return PTR_DIFF(p, base_ptr) & 1;
 }
 
-/*
- * Convert dos to unix
- */
-char *
-dos2unix_format (char *str, BOOL overwrite)
+
+/****************************************************************************
+copy a string from a char* unix src to a dos codepage string destination
+return the number of bytes occupied by the string in the destination
+flags can have:
+  STR_TERMINATE means include the null termination
+  STR_UPPER     means uppercase in the destination
+dest_len is the maximum length allowed in the destination. If dest_len
+is -1 then no maxiumum is used
+****************************************************************************/
+int push_ascii(void *dest, const char *src, int dest_len, int flags)
 {
-    char *p;
-    char *dp;
+	int src_len = strlen(src);
+	pstring tmpbuf;
 
-    if (!mapsinited) initmaps();
-    if (overwrite) {
-        for (p = str; *p; p++) *p = dos2unix[(unsigned char)*p];
-        return str;
-    } else {
-        for (p = str, dp = cvtbuf; *p; p++,dp++) *dp = dos2unix[(unsigned char)*p];
-        *dp = 0;
-        return cvtbuf;
-    }
+	/* treat a pstring as "unlimited" length */
+	if (dest_len == -1) {
+		dest_len = sizeof(pstring);
+	}
+
+	if (flags & STR_UPPER) {
+		pstrcpy(tmpbuf, src);
+		strupper(tmpbuf);
+		src = tmpbuf;
+	}
+
+	if (flags & STR_TERMINATE) {
+		src_len++;
+	}
+
+	return convert_string(CH_UNIX, CH_DOS, src, src_len, dest, dest_len);
 }
 
+int push_ascii_fstring(void *dest, const char *src)
+{
+	return push_ascii(dest, src, sizeof(fstring), STR_TERMINATE);
+}
 
-/*
- * Interpret character set.
- */
-int 
-interpret_character_set (char *str, int def)
+int push_ascii_pstring(void *dest, const char *src)
 {
+	return push_ascii(dest, src, sizeof(pstring), STR_TERMINATE);
+}
+
+int push_pstring(void *dest, const char *src)
+{
+	return push_ascii(dest, src, sizeof(pstring), STR_TERMINATE);
+}
+
+
+/****************************************************************************
+copy a string from a dos codepage source to a unix char* destination
+flags can have:
+  STR_TERMINATE means the string in src is null terminated
+if STR_TERMINATE is set then src_len is ignored
+src_len is the length of the source area in bytes
+return the number of bytes occupied by the string in src
+the resulting string in "dest" is always null terminated
+****************************************************************************/
+int pull_ascii(char *dest, const void *src, int dest_len, int src_len, int flags)
+{
+	int ret;
+
+	if (dest_len == -1) {
+		dest_len = sizeof(pstring);
+	}
+
+	if (flags & STR_TERMINATE) src_len = strlen(src)+1;
+
+	ret = convert_string(CH_DOS, CH_UNIX, src, src_len, dest, dest_len);
+
+	if (dest_len) dest[MIN(ret, dest_len-1)] = 0;
+
+	return src_len;
+}
+
+int pull_ascii_pstring(char *dest, const void *src)
+{
+	return pull_ascii(dest, src, sizeof(pstring), -1, STR_TERMINATE);
+}
+
+int pull_ascii_fstring(char *dest, const void *src)
+{
+	return pull_ascii(dest, src, sizeof(fstring), -1, STR_TERMINATE);
+}
+
+/****************************************************************************
+copy a string from a char* src to a unicode destination
+return the number of bytes occupied by the string in the destination
+flags can have:
+  STR_TERMINATE means include the null termination
+  STR_UPPER     means uppercase in the destination
+  STR_NOALIGN   means don't do alignment
+dest_len is the maximum length allowed in the destination. If dest_len
+is -1 then no maxiumum is used
+****************************************************************************/
+int push_ucs2(const void *base_ptr, void *dest, const char *src, int dest_len, int flags)
+{
+	int len=0;
+	int src_len = strlen(src);
+	pstring tmpbuf;
+
+	/* treat a pstring as "unlimited" length */
+	if (dest_len == -1) {
+		dest_len = sizeof(pstring);
+	}
+
+	if (flags & STR_UPPER) {
+		pstrcpy(tmpbuf, src);
+		strupper(tmpbuf);
+		src = tmpbuf;
+	}
+
+	if (flags & STR_TERMINATE) {
+		src_len++;
+	}
+
+	if (ucs2_align(base_ptr, dest, flags)) {
+		*(char *)dest = 0;
+		dest = (void *)((char *)dest + 1);
+		if (dest_len) dest_len--;
+		len++;
+	}
+
+	/* ucs2 is always a multiple of 2 bytes */
+	dest_len &= ~1;
+
+	len += convert_string(CH_UNIX, CH_UCS2, src, src_len, dest, dest_len);
+	return len;
+}
+
+/**
+ * Copy a string from a unix char* src to a UCS2 destination, allocating a buffer using talloc
+ *
+ * @param dest always set at least to NULL 
+ *
+ * @retval The number of bytes occupied by the string in the destination
+ **/
+int push_ucs2_talloc(TALLOC_CTX *ctx, void **dest, const char *src)
+{
+	int src_len = strlen(src)+1;
+
+	*dest = NULL;
+	return convert_string_talloc(ctx, CH_UNIX, CH_UCS2, src, src_len, dest);
+}
+
+/**
+ * Copy a string from a unix char* src to a UCS2 destination, allocating a buffer
+ *
+ * @param dest always set at least to NULL 
+ *
+ * @retval The number of bytes occupied by the string in the destination
+ **/
+int push_ucs2_allocate(void **dest, const char *src)
+{
+	int src_len = strlen(src)+1;
+
+	*dest = NULL;
+	return convert_string_allocate(CH_UNIX, CH_UCS2, src, src_len, dest);	
+}
+
+/****************************************************************************
+copy a string from a char* src to a UTF-8 destination
+return the number of bytes occupied by the string in the destination
+flags can have:
+  STR_TERMINATE means include the null termination
+  STR_UPPER     means uppercase in the destination
+dest_len is the maximum length allowed in the destination. If dest_len
+is -1 then no maxiumum is used
+****************************************************************************/
+int push_utf8(void *dest, const char *src, int dest_len, int flags)
+{
+	int src_len = strlen(src);
+	pstring tmpbuf;
+
+	/* treat a pstring as "unlimited" length */
+	if (dest_len == -1) {
+		dest_len = sizeof(pstring);
+	}
 
-    if (strequal (str, "iso8859-1")) {
-        initiso();
-        return def;
-    } else {
-        DEBUG(0,("unrecognized character set\n"));
-    }
-    return def;
+	if (flags & STR_UPPER) {
+		pstrcpy(tmpbuf, src);
+		strupper(tmpbuf);
+		src = tmpbuf;
+	}
+
+	if (flags & STR_TERMINATE) {
+		src_len++;
+	}
+
+	return convert_string(CH_UNIX, CH_UTF8, src, src_len, dest, dest_len);
+}
+
+int push_utf8_fstring(void *dest, const char *src)
+{
+	return push_utf8(dest, src, sizeof(fstring), STR_TERMINATE);
+}
+
+int push_utf8_pstring(void *dest, const char *src)
+{
+	return push_utf8(dest, src, sizeof(pstring), STR_TERMINATE);
+}
+
+/**
+ * Copy a string from a unix char* src to a UTF-8 destination, allocating a buffer using talloc
+ *
+ * @param dest always set at least to NULL 
+ *
+ * @retval The number of bytes occupied by the string in the destination
+ **/
+int push_utf8_talloc(TALLOC_CTX *ctx, void **dest, const char *src)
+{
+	int src_len = strlen(src)+1;
+
+	*dest = NULL;
+	return convert_string_talloc(ctx, CH_UNIX, CH_UTF8, src, src_len, dest);
+}
+
+/**
+ * Copy a string from a unix char* src to a UTF-8 destination, allocating a buffer
+ *
+ * @param dest always set at least to NULL 
+ *
+ * @retval The number of bytes occupied by the string in the destination
+ **/
+int push_utf8_allocate(void **dest, const char *src)
+{
+	int src_len = strlen(src)+1;
+
+	*dest = NULL;
+	return convert_string_allocate(CH_UNIX, CH_UTF8, src, src_len, dest);	
+}
+
+/****************************************************************************
+copy a string from a ucs2 source to a unix char* destination
+flags can have:
+  STR_TERMINATE means the string in src is null terminated
+  STR_NOALIGN   means don't try to align
+if STR_TERMINATE is set then src_len is ignored
+src_len is the length of the source area in bytes
+return the number of bytes occupied by the string in src
+the resulting string in "dest" is always null terminated
+****************************************************************************/
+int pull_ucs2(const void *base_ptr, char *dest, const void *src, int dest_len, int src_len, int flags)
+{
+	int ret;
+
+	if (dest_len == -1) {
+		dest_len = sizeof(pstring);
+	}
+
+	if (ucs2_align(base_ptr, src, flags)) {
+		src = (const void *)((const char *)src + 1);
+		if (src_len > 0) src_len--;
+	}
+
+	if (flags & STR_TERMINATE) src_len = strlen_w(src)*2+2;
+
+	/* ucs2 is always a multiple of 2 bytes */
+	src_len &= ~1;
+	
+	ret = convert_string(CH_UCS2, CH_UNIX, src, src_len, dest, dest_len);
+	if (dest_len) dest[MIN(ret, dest_len-1)] = 0;
+
+	return src_len;
+}
+
+int pull_ucs2_pstring(char *dest, const void *src)
+{
+	return pull_ucs2(NULL, dest, src, sizeof(pstring), -1, STR_TERMINATE);
+}
+
+int pull_ucs2_fstring(char *dest, const void *src)
+{
+	return pull_ucs2(NULL, dest, src, sizeof(fstring), -1, STR_TERMINATE);
+}
+
+/**
+ * Copy a string from a UCS2 src to a unix char * destination, allocating a buffer using talloc
+ *
+ * @param dest always set at least to NULL 
+ *
+ * @retval The number of bytes occupied by the string in the destination
+ **/
+int pull_ucs2_talloc(TALLOC_CTX *ctx, void **dest, const char *src)
+{
+	int src_len = strlen(src)+1;
+	*dest = NULL;
+	return convert_string_talloc(ctx, CH_UCS2, CH_UNIX, src, src_len, dest);	
+}
+
+/**
+ * Copy a string from a UCS2 src to a unix char * destination, allocating a buffer
+ *
+ * @param dest always set at least to NULL 
+ *
+ * @retval The number of bytes occupied by the string in the destination
+ **/
+int pull_ucs2_allocate(void **dest, const char *src)
+{
+	int src_len = strlen(src)+1;
+	*dest = NULL;
+	return convert_string_allocate(CH_UCS2, CH_UNIX, src, src_len, dest);	
+}
+
+/****************************************************************************
+copy a string from a utf-8 source to a unix char* destination
+flags can have:
+  STR_TERMINATE means the string in src is null terminated
+if STR_TERMINATE is set then src_len is ignored
+src_len is the length of the source area in bytes
+return the number of bytes occupied by the string in src
+the resulting string in "dest" is always null terminated
+****************************************************************************/
+int pull_utf8(char *dest, const void *src, int dest_len, int src_len, int flags)
+{
+	int ret;
+
+	if (dest_len == -1) {
+		dest_len = sizeof(pstring);
+	}
+
+	if (flags & STR_TERMINATE) src_len = strlen(src)+1;
+
+	ret = convert_string(CH_UTF8, CH_UNIX, src, src_len, dest, dest_len);
+	if (dest_len) dest[MIN(ret, dest_len-1)] = 0;
+
+	return src_len;
+}
+
+int pull_utf8_pstring(char *dest, const void *src)
+{
+	return pull_utf8(dest, src, sizeof(pstring), -1, STR_TERMINATE);
+}
+
+int pull_utf8_fstring(char *dest, const void *src)
+{
+	return pull_utf8(dest, src, sizeof(fstring), -1, STR_TERMINATE);
+}
+
+/**
+ * Copy a string from a UTF-8 src to a unix char * destination, allocating a buffer using talloc
+ *
+ * @param dest always set at least to NULL 
+ *
+ * @retval The number of bytes occupied by the string in the destination
+ **/
+int pull_utf8_talloc(TALLOC_CTX *ctx, void **dest, const char *src)
+{
+	int src_len = strlen(src)+1;
+	*dest = NULL;
+	return convert_string_talloc(ctx, CH_UTF8, CH_UNIX, src, src_len, dest);	
+}
+
+/**
+ * Copy a string from a UTF-8 src to a unix char * destination, allocating a buffer
+ *
+ * @param dest always set at least to NULL 
+ *
+ * @retval The number of bytes occupied by the string in the destination
+ **/
+int pull_utf8_allocate(void **dest, const char *src)
+{
+	int src_len = strlen(src)+1;
+	*dest = NULL;
+	return convert_string_allocate(CH_UTF8, CH_UNIX, src, src_len, dest);	
+}
+ 
+/****************************************************************************
+copy a string from a char* src to a unicode or ascii
+dos codepage destination choosing unicode or ascii based on the 
+flags in the SMB buffer starting at base_ptr
+return the number of bytes occupied by the string in the destination
+flags can have:
+  STR_TERMINATE means include the null termination
+  STR_UPPER     means uppercase in the destination
+  STR_ASCII     use ascii even with unicode packet
+  STR_NOALIGN   means don't do alignment
+dest_len is the maximum length allowed in the destination. If dest_len
+is -1 then no maxiumum is used
+****************************************************************************/
+int push_string(const void *base_ptr, void *dest, const char *src, int dest_len, int flags)
+{
+	if (!(flags & STR_ASCII) && \
+	    ((flags & STR_UNICODE || \
+	      (SVAL(base_ptr, smb_flg2) & FLAGS2_UNICODE_STRINGS)))) {
+		return push_ucs2(base_ptr, dest, src, dest_len, flags);
+	}
+	return push_ascii(dest, src, dest_len, flags);
+}
+
+
+/****************************************************************************
+copy a string from a unicode or ascii source (depending on
+the packet flags) to a char* destination
+flags can have:
+  STR_TERMINATE means the string in src is null terminated
+  STR_UNICODE   means to force as unicode
+  STR_ASCII     use ascii even with unicode packet
+  STR_NOALIGN   means don't do alignment
+if STR_TERMINATE is set then src_len is ignored
+src_len is the length of the source area in bytes
+return the number of bytes occupied by the string in src
+the resulting string in "dest" is always null terminated
+****************************************************************************/
+int pull_string(const void *base_ptr, char *dest, const void *src, int dest_len, int src_len, 
+		int flags)
+{
+	if (!(flags & STR_ASCII) && \
+	    ((flags & STR_UNICODE || \
+	      (SVAL(base_ptr, smb_flg2) & FLAGS2_UNICODE_STRINGS)))) {
+		return pull_ucs2(base_ptr, dest, src, dest_len, src_len, flags);
+	}
+	return pull_ascii(dest, src, dest_len, src_len, flags);
+}
+
+int align_string(const void *base_ptr, const char *p, int flags)
+{
+	if (!(flags & STR_ASCII) && \
+	    ((flags & STR_UNICODE || \
+	      (SVAL(base_ptr, smb_flg2) & FLAGS2_UNICODE_STRINGS)))) {
+		return ucs2_align(base_ptr, p, flags);
+	}
+	return 0;
+}
+
+
+
+/****************************************************************************
+convert from ucs2 to unix charset and return the
+allocated and converted string or NULL if an error occurred.
+you must provide a zero terminated string.
+the returning string will be zero terminated.
+****************************************************************************/
+char *acnv_u2ux(const smb_ucs2_t *src)
+{
+	size_t slen;
+	size_t dlen;
+	void *dest;
+	
+	slen = (strlen_w(src) + 1) * sizeof(smb_ucs2_t);
+	dlen = convert_string_allocate(CH_UCS2, CH_UNIX, src, slen, &dest);
+	if (dlen == -1) return NULL;
+	else return dest;
+}
+
+/****************************************************************************
+convert from unix to ucs2 charset and return the
+allocated and converted string or NULL if an error occurred.
+you must provide a zero terminated string.
+the returning string will be zero terminated.
+****************************************************************************/
+smb_ucs2_t *acnv_uxu2(const char *src)
+{
+	size_t slen;
+	size_t dlen;
+	void *dest;
+	
+	slen = strlen(src) + 1;
+	dlen = convert_string_allocate(CH_UNIX, CH_UCS2, src, slen, &dest);
+	if (dlen == -1) return NULL;
+	else return dest;
+}
+
+/****************************************************************************
+convert from ucs2 to dos charset and return the
+allocated and converted string or NULL if an error occurred.
+you must provide a zero terminated string.
+the returning string will be zero terminated.
+****************************************************************************/
+char *acnv_u2dos(const smb_ucs2_t *src)
+{
+	size_t slen;
+	size_t dlen;
+	void *dest;
+	
+	slen = (strlen_w(src) + 1) * sizeof(smb_ucs2_t);
+	dlen = convert_string_allocate(CH_UCS2, CH_DOS, src, slen, &dest);
+	if (dlen == -1) return NULL;
+	else return dest;
+}
+
+/****************************************************************************
+convert from dos to ucs2 charset and return the
+allocated and converted string or NULL if an error occurred.
+you must provide a zero terminated string.
+the returning string will be zero terminated.
+****************************************************************************/
+smb_ucs2_t *acnv_dosu2(const char *src)
+{
+	size_t slen;
+	size_t dlen;
+	void *dest;
+	
+	slen = strlen(src) + 1;
+	dlen = convert_string_allocate(CH_DOS, CH_UCS2, src, slen, &dest);
+	if (dlen == -1) return NULL;
+	else return dest;
 }
diff --git a/source3/lib/charset.c b/source3/lib/charset.c
deleted file mode 100644
index ada3ef790a..0000000000
--- a/source3/lib/charset.c
+++ /dev/null
@@ -1,111 +0,0 @@
-/* 
-   Unix SMB/Netbios implementation.
-   Version 1.9.
-   Character set handling
-   Copyright (C) Andrew Tridgell 1992-1995
-   
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2 of the License, or
-   (at your option) any later version.
-   
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-   
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#define CHARSET_C
-#include "includes.h"
-
-extern int DEBUGLEVEL;
-
-char xx_dos_char_map[256];
-char xx_upper_char_map[256];
-char xx_lower_char_map[256];
-
-char *dos_char_map = NULL;
-char *upper_char_map = NULL;
-char *lower_char_map = NULL;
-
-static void add_dos_char(int lower, int upper)
-{
-  DEBUG(6,("Adding chars 0%o 0%o\n",lower,upper));
-  if (lower) dos_char_map[(char)lower] = 1;
-  if (upper) dos_char_map[(char)upper] = 1;
-  if (lower && upper) {
-    lower_char_map[(char)upper] = (char)lower;
-    upper_char_map[(char)lower] = (char)upper;
-  }
-}
-
-/****************************************************************************
-initialise the charset arrays
-****************************************************************************/
-void charset_initialise(void)
-{
-  int i;
-
-  dos_char_map = &xx_dos_char_map[128];
-  upper_char_map = &xx_upper_char_map[128];
-  lower_char_map = &xx_lower_char_map[128];
-
-  for (i= -128;i<=127;i++) {
-    dos_char_map[(char)i] = 0;
-  }
-
-  for (i=0;i<=127;i++) {
-    if (isalnum((char)i) || strchr("._^$~!#%&-{}()@'`",(char)i))
-      add_dos_char(i,0);
-  }
-
-  for (i= -128;i<=127;i++) {
-    char c = (char)i;
-    upper_char_map[i] = lower_char_map[i] = c;
-    if (isupper(c)) lower_char_map[c] = tolower(c);
-    if (islower(c)) upper_char_map[c] = toupper(c);
-  }
-
-  /* valid for all DOS PC */
-  add_dos_char(142,0);     /* A trema      */
-  add_dos_char(143,0);     /* A o          */
-  add_dos_char(144,0);     /* E '          */
-  add_dos_char(146,0);     /* AE           */
-  add_dos_char(153,0);     /* O trema      */
-  add_dos_char(154,0);     /* U trema      */
-  add_dos_char(165,0);     /* N tilda      */
-  add_dos_char(128,0);     /* C cedille    */
-  add_dos_char(156,0);     /* Pound        */
-  add_dos_char(183,0);     /* A `     (WIN)*/
-  add_dos_char(157,0);     /* Phi     (WIN)*/
-  add_dos_char(212,0);     /* E`      (WIN)*/
-}
-
-
-/*******************************************************************
-add characters depending on a string passed by the user
-********************************************************************/
-void add_char_string(char *s)
-{
-  char *extra_chars = (char *)strdup(s);
-  char *t;
-  if (!extra_chars) return;
-
-  for (t=strtok(extra_chars," \t\r\n"); t; t=strtok(NULL," \t\r\n")) {
-    char c1=0,c2=0;
-    int i1=0,i2=0;
-    if (isdigit(*t) || (*t)=='-') {
-      sscanf(t,"%i:%i",&i1,&i2);
-      add_dos_char(i1,i2);
-    } else {
-      sscanf(t,"%c:%c",&c1,&c2);
-      add_dos_char(c1,c2);
-    }
-  }
-
-  free(extra_chars);
-}
diff --git a/source3/lib/crc32.c b/source3/lib/crc32.c
new file mode 100644
index 0000000000..bd4f1633e5
--- /dev/null
+++ b/source3/lib/crc32.c
@@ -0,0 +1,67 @@
+/* 
+ * Copyright Francesco Ferrara, 1998 <francesco@aerra.it> 
+ *
+ * Used by kind permission, 14th October 1998. http://www.aerre.it/francesco
+ *
+ *
+ */
+
+#include "includes.h"
+
+static unsigned long CRCTable[256] = 
+{
+        0x00000000,0x77073096,0xEE0E612C,0x990951BA,0x076DC419,0x706AF48F,
+        0xE963A535,0x9E6495A3,0x0EDB8832,0x79DCB8A4,0xE0D5E91E,0x97D2D988,
+        0x09B64C2B,0x7EB17CBD,0xE7B82D07,0x90BF1D91,0x1DB71064,0x6AB020F2,
+        0xF3B97148,0x84BE41DE,0x1ADAD47D,0x6DDDE4EB,0xF4D4B551,0x83D385C7,
+        0x136C9856,0x646BA8C0,0xFD62F97A,0x8A65C9EC,0x14015C4F,0x63066CD9,
+        0xFA0F3D63,0x8D080DF5,0x3B6E20C8,0x4C69105E,0xD56041E4,0xA2677172,
+        0x3C03E4D1,0x4B04D447,0xD20D85FD,0xA50AB56B,0x35B5A8FA,0x42B2986C,
+        0xDBBBC9D6,0xACBCF940,0x32D86CE3,0x45DF5C75,0xDCD60DCF,0xABD13D59,
+        0x26D930AC,0x51DE003A,0xC8D75180,0xBFD06116,0x21B4F4B5,0x56B3C423,
+        0xCFBA9599,0xB8BDA50F,0x2802B89E,0x5F058808,0xC60CD9B2,0xB10BE924,
+        0x2F6F7C87,0x58684C11,0xC1611DAB,0xB6662D3D,0x76DC4190,0x01DB7106,
+        0x98D220BC,0xEFD5102A,0x71B18589,0x06B6B51F,0x9FBFE4A5,0xE8B8D433,
+        0x7807C9A2,0x0F00F934,0x9609A88E,0xE10E9818,0x7F6A0DBB,0x086D3D2D,
+        0x91646C97,0xE6635C01,0x6B6B51F4,0x1C6C6162,0x856530D8,0xF262004E,
+        0x6C0695ED,0x1B01A57B,0x8208F4C1,0xF50FC457,0x65B0D9C6,0x12B7E950,
+        0x8BBEB8EA,0xFCB9887C,0x62DD1DDF,0x15DA2D49,0x8CD37CF3,0xFBD44C65,
+        0x4DB26158,0x3AB551CE,0xA3BC0074,0xD4BB30E2,0x4ADFA541,0x3DD895D7,
+        0xA4D1C46D,0xD3D6F4FB,0x4369E96A,0x346ED9FC,0xAD678846,0xDA60B8D0,
+        0x44042D73,0x33031DE5,0xAA0A4C5F,0xDD0D7CC9,0x5005713C,0x270241AA,
+        0xBE0B1010,0xC90C2086,0x5768B525,0x206F85B3,0xB966D409,0xCE61E49F,
+        0x5EDEF90E,0x29D9C998,0xB0D09822,0xC7D7A8B4,0x59B33D17,0x2EB40D81,
+        0xB7BD5C3B,0xC0BA6CAD,0xEDB88320,0x9ABFB3B6,0x03B6E20C,0x74B1D29A,
+        0xEAD54739,0x9DD277AF,0x04DB2615,0x73DC1683,0xE3630B12,0x94643B84,
+        0x0D6D6A3E,0x7A6A5AA8,0xE40ECF0B,0x9309FF9D,0x0A00AE27,0x7D079EB1,
+        0xF00F9344,0x8708A3D2,0x1E01F268,0x6906C2FE,0xF762575D,0x806567CB,
+        0x196C3671,0x6E6B06E7,0xFED41B76,0x89D32BE0,0x10DA7A5A,0x67DD4ACC,
+        0xF9B9DF6F,0x8EBEEFF9,0x17B7BE43,0x60B08ED5,0xD6D6A3E8,0xA1D1937E,
+        0x38D8C2C4,0x4FDFF252,0xD1BB67F1,0xA6BC5767,0x3FB506DD,0x48B2364B,
+        0xD80D2BDA,0xAF0A1B4C,0x36034AF6,0x41047A60,0xDF60EFC3,0xA867DF55,
+        0x316E8EEF,0x4669BE79,0xCB61B38C,0xBC66831A,0x256FD2A0,0x5268E236,
+        0xCC0C7795,0xBB0B4703,0x220216B9,0x5505262F,0xC5BA3BBE,0xB2BD0B28,
+        0x2BB45A92,0x5CB36A04,0xC2D7FFA7,0xB5D0CF31,0x2CD99E8B,0x5BDEAE1D,
+        0x9B64C2B0,0xEC63F226,0x756AA39C,0x026D930A,0x9C0906A9,0xEB0E363F,
+        0x72076785,0x05005713,0x95BF4A82,0xE2B87A14,0x7BB12BAE,0x0CB61B38,
+        0x92D28E9B,0xE5D5BE0D,0x7CDCEFB7,0x0BDBDF21,0x86D3D2D4,0xF1D4E242,
+        0x68DDB3F8,0x1FDA836E,0x81BE16CD,0xF6B9265B,0x6FB077E1,0x18B74777,
+        0x88085AE6,0xFF0F6A70,0x66063BCA,0x11010B5C,0x8F659EFF,0xF862AE69,
+        0x616BFFD3,0x166CCF45,0xA00AE278,0xD70DD2EE,0x4E048354,0x3903B3C2,
+        0xA7672661,0xD06016F7,0x4969474D,0x3E6E77DB,0xAED16A4A,0xD9D65ADC,
+        0x40DF0B66,0x37D83BF0,0xA9BCAE53,0xDEBB9EC5,0x47B2CF7F,0x30B5FFE9,
+        0xBDBDF21C,0xCABAC28A,0x53B39330,0x24B4A3A6,0xBAD03605,0xCDD70693,
+        0x54DE5729,0x23D967BF,0xB3667A2E,0xC4614AB8,0x5D681B02,0x2A6F2B94,
+        0xB40BBE37,0xC30C8EA1,0x5A05DF1B,0x2D02EF8D
+};
+
+uint32 crc32_calc_buffer( char *buffer, uint32 count)
+{
+	uint32 crc=0xffffffff, i;
+        for(i=0;i<count;i++)
+                crc = (crc>>8) ^ CRCTable[(buffer[i] ^ crc) & 0xff];
+        crc^=0xffffffff;
+	DEBUG(10,("crc32_calc_buffer: %x\n", crc));
+	dump_data(100, buffer, count);
+        return crc;
+}
diff --git a/source3/lib/debug.c b/source3/lib/debug.c
new file mode 100644
index 0000000000..7960c32b58
--- /dev/null
+++ b/source3/lib/debug.c
@@ -0,0 +1,771 @@
+/*
+   Unix SMB/CIFS implementation.
+   Samba utility functions
+   Copyright (C) Andrew Tridgell 1992-1998
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/* -------------------------------------------------------------------------- **
+ * Defines...
+ *
+ *  FORMAT_BUFR_MAX - Index of the last byte of the format buffer;
+ *                    format_bufr[FORMAT_BUFR_MAX] should always be reserved
+ *                    for a terminating null byte.
+ */
+
+#define FORMAT_BUFR_MAX ( sizeof( format_bufr ) - 1 )
+
+/* -------------------------------------------------------------------------- **
+ * This module implements Samba's debugging utility.
+ *
+ * The syntax of a debugging log file is represented as:
+ *
+ *  <debugfile> :== { <debugmsg> }
+ *
+ *  <debugmsg>  :== <debughdr> '\n' <debugtext>
+ *
+ *  <debughdr>  :== '[' TIME ',' LEVEL ']' [ [FILENAME ':'] [FUNCTION '()'] ]
+ *
+ *  <debugtext> :== { <debugline> }
+ *
+ *  <debugline> :== TEXT '\n'
+ *
+ * TEXT     is a string of characters excluding the newline character.
+ * LEVEL    is the DEBUG level of the message (an integer in the range 0..10).
+ * TIME     is a timestamp.
+ * FILENAME is the name of the file from which the debug message was generated.
+ * FUNCTION is the function from which the debug message was generated.
+ *
+ * Basically, what that all means is:
+ *
+ * - A debugging log file is made up of debug messages.
+ *
+ * - Each debug message is made up of a header and text.  The header is
+ *   separated from the text by a newline.
+ *
+ * - The header begins with the timestamp and debug level of the message
+ *   enclosed in brackets.  The filename and function from which the
+ *   message was generated may follow.  The filename is terminated by a
+ *   colon, and the function name is terminated by parenthesis.
+ *
+ * - The message text is made up of zero or more lines, each terminated by
+ *   a newline.
+ */
+
+/* -------------------------------------------------------------------------- **
+ * External variables.
+ *
+ *  dbf           - Global debug file handle.
+ *  debugf        - Debug file name.
+ *  append_log    - If True, then the output file will be opened in append
+ *                  mode.
+ *  DEBUGLEVEL    - System-wide debug message limit.  Messages with message-
+ *                  levels higher than DEBUGLEVEL will not be processed.
+ */
+
+XFILE   *dbf        = NULL;
+pstring debugf     = "";
+BOOL    append_log = False;
+
+int     DEBUGLEVEL_CLASS[DBGC_LAST];
+BOOL    DEBUGLEVEL_CLASS_ISSET[DBGC_LAST];
+int     DEBUGLEVEL = DEBUGLEVEL_CLASS;
+BOOL	AllowDebugChange = True;
+
+
+/* -------------------------------------------------------------------------- **
+ * Internal variables.
+ *
+ *  stdout_logging  - Default False, if set to True then dbf will be set to
+ *                    stdout and debug output will go to dbf only, and not
+ *                    to syslog.  Set in setup_logging() and read in Debug1().
+ *
+ *  debug_count     - Number of debug messages that have been output.
+ *                    Used to check log size.
+ *
+ *  syslog_level    - Internal copy of the message debug level.  Written by
+ *                    dbghdr() and read by Debug1().
+ *
+ *  format_bufr     - Used to format debug messages.  The dbgtext() function
+ *                    prints debug messages to a string, and then passes the
+ *                    string to format_debug_text(), which uses format_bufr
+ *                    to build the formatted output.
+ *
+ *  format_pos      - Marks the first free byte of the format_bufr.
+ * 
+ *
+ *  log_overflow    - When this variable is True, never attempt to check the
+ *                    size of the log. This is a hack, so that we can write
+ *                    a message using DEBUG, from open_logs() when we
+ *                    are unable to open a new log file for some reason.
+ */
+
+static BOOL    stdout_logging = False;
+static int     debug_count    = 0;
+#ifdef WITH_SYSLOG
+static int     syslog_level   = 0;
+#endif
+static pstring format_bufr    = { '\0' };
+static size_t     format_pos     = 0;
+static BOOL    log_overflow   = False;
+
+/*
+ * Define all the debug class selection names here. Names *MUST NOT* contain 
+ * white space. There must be one name for each DBGC_<class name>, and they 
+ * must be in the table in the order of DBGC_<class name>.. 
+ */
+char *classname_table[] = {
+	"all",               /* DBGC_ALL; index refs traditional DEBUGLEVEL */
+	"tdb",               /* DBGC_TDB	  */
+	"printdrivers",      /* DBGC_PRINTDRIVERS */
+	"lanman",            /* DBGC_LANMAN       */
+	"smb",               /* DBGC_SMB          */
+	"rpc",               /* DBGC_RPC          */
+	"rpc_hdr",           /* DBGC_RPC_HDR      */
+	"bdc",               /* DBGC_BDC          */
+};
+
+
+/* -------------------------------------------------------------------------- **
+ * Functions...
+ */
+
+/****************************************************************************
+utility access to debug class names's
+****************************************************************************/
+char* debug_classname_from_index(int ndx)
+{
+	return classname_table[ndx];
+}
+
+/****************************************************************************
+utility to translate names to debug class index's
+****************************************************************************/
+int debug_lookup_classname(char* classname)
+{
+	int i;
+
+	if (!classname) return -1;
+
+	for (i=0; i<DBGC_LAST; i++) {
+		if (strcmp(classname, classname_table[i])==0)
+			return i;
+	}
+	return -1;
+}
+
+/****************************************************************************
+parse the debug levels from smbcontrol. Example debug level parameter:
+  printdrivers:7
+****************************************************************************/
+BOOL debug_parse_params(char **params, int *debuglevel_class,
+			BOOL *debuglevel_class_isset)
+{
+	int   i, ndx;
+	char *class_name;
+	char *class_level;
+	
+	/* Set the new debug level array to the current DEBUGLEVEL array */
+	memcpy(debuglevel_class, DEBUGLEVEL_CLASS, sizeof(DEBUGLEVEL_CLASS));
+
+	/* Allow DBGC_ALL to be specified w/o requiring its class name e.g."10"  
+	 * v.s. "all:10", this is the traditional way to set DEBUGLEVEL 
+	 */
+	if (isdigit((int)params[0][0])) {
+		debuglevel_class[DBGC_ALL] = atoi(params[0]);
+		debuglevel_class_isset[DBGC_ALL] = True;
+		i = 1; /* start processing at the next params */
+	}
+	else
+		i = 0; /* DBGC_ALL not specified OR class name was included */
+
+	/* Fill in new debug class levels */
+	for (; i < DBGC_LAST && params[i]; i++) {
+		if ((class_name=strtok(params[i],":")) &&
+			(class_level=strtok(NULL, "\0")) &&
+            ((ndx = debug_lookup_classname(class_name)) != -1)) {
+				debuglevel_class[ndx] = atoi(class_level);
+				debuglevel_class_isset[ndx] = True;
+		} else {
+			DEBUG(0,("debug_parse_params: unrecognized debug class name or format [%s]\n", params[i]));
+			return False;
+		}
+	}
+
+	return True;
+}
+
+/****************************************************************************
+parse the debug levels from smb.conf. Example debug level string:
+  3 tdb:5 printdrivers:7
+Note: the 1st param has no "name:" preceeding it.
+****************************************************************************/
+BOOL debug_parse_levels(char *params_str)
+{
+	int  i;
+	char *params[DBGC_LAST];
+	int  debuglevel_class[DBGC_LAST];	
+	BOOL debuglevel_class_isset[DBGC_LAST];
+
+	if (AllowDebugChange == False)
+		return True;
+	ZERO_ARRAY(params);
+	ZERO_ARRAY(debuglevel_class);
+	ZERO_ARRAY(debuglevel_class_isset);
+
+	if ((params[0]=strtok(params_str," ,"))) {
+		for (i=1; i<DBGC_LAST;i++) {
+			if ((params[i]=strtok(NULL," ,"))==NULL)
+				break;
+		}
+	}
+	else
+		return False;
+
+	if (debug_parse_params(params, debuglevel_class, 
+			       debuglevel_class_isset)) {
+		debug_message(0, sys_getpid(), (void*)debuglevel_class, sizeof(debuglevel_class));
+
+		memcpy(DEBUGLEVEL_CLASS, debuglevel_class, 
+		       sizeof(debuglevel_class));
+
+		memcpy(DEBUGLEVEL_CLASS_ISSET, debuglevel_class_isset,
+		       sizeof(debuglevel_class_isset));
+
+		{
+			int q;
+
+			for (q = 0; q < DBGC_LAST; q++)
+				DEBUG(5, ("%s: %d/%d\n",
+					  classname_table[q],
+					  DEBUGLEVEL_CLASS[q],
+					  DEBUGLEVEL_CLASS_ISSET[q]));
+		}
+
+		return True;
+	} else
+		return False;
+}
+
+/****************************************************************************
+receive a "set debug level" message
+****************************************************************************/
+void debug_message(int msg_type, pid_t src, void *buf, size_t len)
+{
+	struct debuglevel_message *dm = (struct debuglevel_message *)buf;
+	int i;
+
+	/* Set the new DEBUGLEVEL_CLASS array from the passed message */
+	memcpy(DEBUGLEVEL_CLASS, dm->debuglevel_class, sizeof(dm->debuglevel_class));
+	memcpy(DEBUGLEVEL_CLASS_ISSET, dm->debuglevel_class_isset, sizeof(dm->debuglevel_class_isset));
+
+	DEBUG(3,("INFO: Debug class %s level = %d   (pid %u from pid %u)\n",
+			classname_table[DBGC_ALL],
+			DEBUGLEVEL_CLASS[DBGC_ALL], (unsigned int)sys_getpid(), (unsigned int)src));
+
+	for (i=1; i<DBGC_LAST; i++) {
+		if (DEBUGLEVEL_CLASS[i])
+			 DEBUGADD(3,("INFO: Debug class %s level = %d\n", 
+						classname_table[i], DEBUGLEVEL_CLASS[i]));
+	}
+}
+
+
+/****************************************************************************
+send a "set debug level" message
+****************************************************************************/
+void debug_message_send(pid_t pid, int level)
+{
+	message_send_pid(pid, MSG_DEBUG, &level, sizeof(int), False);
+}
+
+
+/* ************************************************************************** **
+ * get ready for syslog stuff
+ * ************************************************************************** **
+ */
+void setup_logging(char *pname, BOOL interactive)
+{
+	message_register(MSG_DEBUG, debug_message);
+
+	/* reset to allow multiple setup calls, going from interactive to
+	   non-interactive */
+	stdout_logging = False;
+	dbf = NULL;
+
+	if (interactive) {
+		stdout_logging = True;
+		dbf = x_stdout;
+	}
+#ifdef WITH_SYSLOG
+	else {
+		char *p = strrchr_m( pname,'/' );
+		if (p)
+			pname = p + 1;
+#ifdef LOG_DAEMON
+		openlog( pname, LOG_PID, SYSLOG_FACILITY );
+#else
+		/* for old systems that have no facility codes. */
+		openlog( pname, LOG_PID );
+#endif
+	}
+#endif
+} /* setup_logging */
+
+/* ************************************************************************** **
+ * reopen the log files
+ * note that we now do this unconditionally
+ * We attempt to open the new debug fp before closing the old. This means
+ * if we run out of fd's we just keep using the old fd rather than aborting.
+ * Fix from dgibson@linuxcare.com.
+ * ************************************************************************** **
+ */
+
+BOOL reopen_logs( void )
+{
+	pstring fname;
+	mode_t oldumask;
+	XFILE *new_dbf = NULL;
+	BOOL ret = True;
+
+	if (stdout_logging)
+		return True;
+
+	oldumask = umask( 022 );
+  
+	pstrcpy(fname, debugf );
+
+	if (lp_loaded()) {
+		char *logfname;
+
+		logfname = lp_logfile();
+		if (*logfname)
+			pstrcpy(fname, logfname);
+	}
+
+	pstrcpy( debugf, fname );
+	if (append_log)
+		new_dbf = x_fopen( debugf, O_WRONLY|O_APPEND|O_CREAT, 0644);
+	else
+		new_dbf = x_fopen( debugf, O_WRONLY|O_CREAT|O_TRUNC, 0644 );
+
+	if (!new_dbf) {
+		log_overflow = True;
+		DEBUG(0, ("Unable to open new log file %s: %s\n", debugf, strerror(errno)));
+		log_overflow = False;
+		if (dbf)
+			x_fflush(dbf);
+		ret = False;
+	} else {
+		x_setbuf(new_dbf, NULL);
+		if (dbf)
+			(void) x_fclose(dbf);
+		dbf = new_dbf;
+	}
+
+	/* Fix from klausr@ITAP.Physik.Uni-Stuttgart.De
+	 * to fix problem where smbd's that generate less
+	 * than 100 messages keep growing the log.
+	 */
+	force_check_log_size();
+	(void)umask(oldumask);
+
+	return ret;
+}
+
+/* ************************************************************************** **
+ * Force a check of the log size.
+ * ************************************************************************** **
+ */
+void force_check_log_size( void )
+{
+  debug_count = 100;
+}
+
+/***************************************************************************
+ Check to see if there is any need to check if the logfile has grown too big.
+**************************************************************************/
+
+BOOL need_to_check_log_size( void )
+{
+	int maxlog;
+
+	if( debug_count++ < 100 )
+		return( False );
+
+	maxlog = lp_max_log_size() * 1024;
+	if( !dbf || maxlog <= 0 ) {
+		debug_count = 0;
+		return(False);
+	}
+	return( True );
+}
+
+/* ************************************************************************** **
+ * Check to see if the log has grown to be too big.
+ * ************************************************************************** **
+ */
+
+void check_log_size( void )
+{
+	int         maxlog;
+	SMB_STRUCT_STAT st;
+
+	/*
+	 *  We need to be root to check/change log-file, skip this and let the main
+	 *  loop check do a new check as root.
+	 */
+
+	if( geteuid() != 0 )
+		return;
+
+	if(log_overflow || !need_to_check_log_size() )
+		return;
+
+	maxlog = lp_max_log_size() * 1024;
+
+	if( sys_fstat( x_fileno( dbf ), &st ) == 0 && st.st_size > maxlog ) {
+		(void)reopen_logs();
+		if( dbf && get_file_size( debugf ) > maxlog ) {
+			pstring name;
+
+			slprintf( name, sizeof(name)-1, "%s.old", debugf );
+			(void)rename( debugf, name );
+      
+			if (!reopen_logs()) {
+				/* We failed to reopen a log - continue using the old name. */
+				(void)rename(name, debugf);
+			}
+		}
+	}
+
+	/*
+	 * Here's where we need to panic if dbf == NULL..
+	 */
+
+	if(dbf == NULL) {
+		/* This code should only be reached in very strange
+		 * circumstances. If we merely fail to open the new log we
+		 * should stick with the old one. ergo this should only be
+		 * reached when opening the logs for the first time: at
+		 * startup or when the log level is increased from zero.
+		 * -dwg 6 June 2000
+		 */
+		dbf = x_fopen( "/dev/console", O_WRONLY, 0);
+		if(dbf) {
+			DEBUG(0,("check_log_size: open of debug file %s failed - using console.\n",
+					debugf ));
+		} else {
+			/*
+			 * We cannot continue without a debug file handle.
+			 */
+			abort();
+		}
+	}
+	debug_count = 0;
+} /* check_log_size */
+
+/* ************************************************************************** **
+ * Write an debug message on the debugfile.
+ * This is called by dbghdr() and format_debug_text().
+ * ************************************************************************** **
+ */
+ int Debug1( char *format_str, ... )
+{
+  va_list ap;  
+  int old_errno = errno;
+
+  if( stdout_logging )
+    {
+    va_start( ap, format_str );
+    if(dbf)
+      (void)x_vfprintf( dbf, format_str, ap );
+    va_end( ap );
+    errno = old_errno;
+    return( 0 );
+    }
+  
+#ifdef WITH_SYSLOG
+  if( !lp_syslog_only() )
+#endif
+    {
+    if( !dbf )
+      {
+      mode_t oldumask = umask( 022 );
+
+      if( append_log )
+        dbf = x_fopen( debugf, O_WRONLY|O_APPEND|O_CREAT, 0644 );
+      else
+        dbf = x_fopen( debugf, O_WRONLY|O_CREAT|O_TRUNC, 0644 );
+      (void)umask( oldumask );
+      if( dbf )
+        {
+        x_setbuf( dbf, NULL );
+        }
+      else
+        {
+        errno = old_errno;
+        return(0);
+        }
+      }
+    }
+
+#ifdef WITH_SYSLOG
+  if( syslog_level < lp_syslog() )
+    {
+    /* map debug levels to syslog() priorities
+     * note that not all DEBUG(0, ...) calls are
+     * necessarily errors
+     */
+    static int priority_map[] = { 
+      LOG_ERR,     /* 0 */
+      LOG_WARNING, /* 1 */
+      LOG_NOTICE,  /* 2 */
+      LOG_INFO,    /* 3 */
+      };
+    int     priority;
+    pstring msgbuf;
+
+    if( syslog_level >= ( sizeof(priority_map) / sizeof(priority_map[0]) )
+     || syslog_level < 0)
+      priority = LOG_DEBUG;
+    else
+      priority = priority_map[syslog_level];
+      
+    va_start( ap, format_str );
+    vslprintf( msgbuf, sizeof(msgbuf)-1, format_str, ap );
+    va_end( ap );
+      
+    msgbuf[255] = '\0';
+    syslog( priority, "%s", msgbuf );
+    }
+#endif
+  
+  check_log_size();
+
+#ifdef WITH_SYSLOG
+  if( !lp_syslog_only() )
+#endif
+    {
+    va_start( ap, format_str );
+    if(dbf)
+      (void)x_vfprintf( dbf, format_str, ap );
+    va_end( ap );
+    if(dbf)
+      (void)x_fflush( dbf );
+    }
+
+  errno = old_errno;
+
+  return( 0 );
+  } /* Debug1 */
+
+
+/* ************************************************************************** **
+ * Print the buffer content via Debug1(), then reset the buffer.
+ *
+ *  Input:  none
+ *  Output: none
+ *
+ * ************************************************************************** **
+ */
+static void bufr_print( void )
+  {
+  format_bufr[format_pos] = '\0';
+  (void)Debug1( "%s", format_bufr );
+  format_pos = 0;
+  } /* bufr_print */
+
+/* ************************************************************************** **
+ * Format the debug message text.
+ *
+ *  Input:  msg - Text to be added to the "current" debug message text.
+ *
+ *  Output: none.
+ *
+ *  Notes:  The purpose of this is two-fold.  First, each call to syslog()
+ *          (used by Debug1(), see above) generates a new line of syslog
+ *          output.  This is fixed by storing the partial lines until the
+ *          newline character is encountered.  Second, printing the debug
+ *          message lines when a newline is encountered allows us to add
+ *          spaces, thus indenting the body of the message and making it
+ *          more readable.
+ *
+ * ************************************************************************** **
+ */
+static void format_debug_text( char *msg )
+  {
+  size_t i;
+  BOOL timestamp = (!stdout_logging && (lp_timestamp_logs() || 
+					!(lp_loaded())));
+
+  for( i = 0; msg[i]; i++ )
+    {
+    /* Indent two spaces at each new line. */
+    if(timestamp && 0 == format_pos)
+      {
+      format_bufr[0] = format_bufr[1] = ' ';
+      format_pos = 2;
+      }
+
+    /* If there's room, copy the character to the format buffer. */
+    if( format_pos < FORMAT_BUFR_MAX )
+      format_bufr[format_pos++] = msg[i];
+
+    /* If a newline is encountered, print & restart. */
+    if( '\n' == msg[i] )
+      bufr_print();
+
+    /* If the buffer is full dump it out, reset it, and put out a line
+     * continuation indicator.
+     */
+    if( format_pos >= FORMAT_BUFR_MAX )
+      {
+      bufr_print();
+      (void)Debug1( " +>\n" );
+      }
+    }
+
+  /* Just to be safe... */
+  format_bufr[format_pos] = '\0';
+  } /* format_debug_text */
+
+/* ************************************************************************** **
+ * Flush debug output, including the format buffer content.
+ *
+ *  Input:  none
+ *  Output: none
+ *
+ * ************************************************************************** **
+ */
+void dbgflush( void )
+  {
+  bufr_print();
+  if(dbf)
+    (void)x_fflush( dbf );
+  } /* dbgflush */
+
+/* ************************************************************************** **
+ * Print a Debug Header.
+ *
+ *  Input:  level - Debug level of the message (not the system-wide debug
+ *                  level. )
+ *          file  - Pointer to a string containing the name of the file
+ *                  from which this function was called, or an empty string
+ *                  if the __FILE__ macro is not implemented.
+ *          func  - Pointer to a string containing the name of the function
+ *                  from which this function was called, or an empty string
+ *                  if the __FUNCTION__ macro is not implemented.
+ *          line  - line number of the call to dbghdr, assuming __LINE__
+ *                  works.
+ *
+ *  Output: Always True.  This makes it easy to fudge a call to dbghdr()
+ *          in a macro, since the function can be called as part of a test.
+ *          Eg: ( (level <= DEBUGLEVEL) && (dbghdr(level,"",line)) )
+ *
+ *  Notes:  This function takes care of setting syslog_level.
+ *
+ * ************************************************************************** **
+ */
+
+BOOL dbghdr( int level, char *file, char *func, int line )
+{
+  /* Ensure we don't lose any real errno value. */
+  int old_errno = errno;
+
+  if( format_pos ) {
+    /* This is a fudge.  If there is stuff sitting in the format_bufr, then
+     * the *right* thing to do is to call
+     *   format_debug_text( "\n" );
+     * to write the remainder, and then proceed with the new header.
+     * Unfortunately, there are several places in the code at which
+     * the DEBUG() macro is used to build partial lines.  That in mind,
+     * we'll work under the assumption that an incomplete line indicates
+     * that a new header is *not* desired.
+     */
+    return( True );
+  }
+
+#ifdef WITH_SYSLOG
+  /* Set syslog_level. */
+  syslog_level = level;
+#endif
+
+  /* Don't print a header if we're logging to stdout. */
+  if( stdout_logging )
+    return( True );
+
+  /* Print the header if timestamps are turned on.  If parameters are
+   * not yet loaded, then default to timestamps on.
+   */
+  if( lp_timestamp_logs() || !(lp_loaded()) ) {
+    char header_str[200];
+
+	header_str[0] = '\0';
+
+	if( lp_debug_pid())
+	  slprintf(header_str,sizeof(header_str)-1,", pid=%u",(unsigned int)sys_getpid());
+
+	if( lp_debug_uid()) {
+      size_t hs_len = strlen(header_str);
+	  slprintf(header_str + hs_len,
+               sizeof(header_str) - 1 - hs_len,
+			   ", effective(%u, %u), real(%u, %u)",
+               (unsigned int)geteuid(), (unsigned int)getegid(),
+			   (unsigned int)getuid(), (unsigned int)getgid()); 
+	}
+  
+    /* Print it all out at once to prevent split syslog output. */
+    (void)Debug1( "[%s, %d%s] %s:%s(%d)\n",
+                  timestring(lp_debug_hires_timestamp()), level,
+				  header_str, file, func, line );
+  }
+
+  errno = old_errno;
+  return( True );
+}
+
+/* ************************************************************************** **
+ * Add text to the body of the "current" debug message via the format buffer.
+ *
+ *  Input:  format_str  - Format string, as used in printf(), et. al.
+ *          ...         - Variable argument list.
+ *
+ *  ..or..  va_alist    - Old style variable parameter list starting point.
+ *
+ *  Output: Always True.  See dbghdr() for more info, though this is not
+ *          likely to be used in the same way.
+ *
+ * ************************************************************************** **
+ */
+ BOOL dbgtext( char *format_str, ... )
+  {
+  va_list ap;
+  pstring msgbuf;
+
+  va_start( ap, format_str ); 
+  vslprintf( msgbuf, sizeof(msgbuf)-1, format_str, ap );
+  va_end( ap );
+
+  format_debug_text( msgbuf );
+
+  return( True );
+  } /* dbgtext */
+
+
+/* ************************************************************************** */
diff --git a/source3/lib/dmallocmsg.c b/source3/lib/dmallocmsg.c
new file mode 100644
index 0000000000..a83ed518d7
--- /dev/null
+++ b/source3/lib/dmallocmsg.c
@@ -0,0 +1,72 @@
+/* 
+   samba -- Unix SMB/CIFS implementation.
+   Copyright (C) 2002 by Martin Pool
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/**
+ * @file dmallocmsg.c
+ *
+ * Glue code to cause dmalloc info to come out when we receive a prod
+ * over samba messaging.
+ **/
+
+#ifdef ENABLE_DMALLOC
+static unsigned long our_dm_mark = 0;
+#endif /* ENABLE_DMALLOC */
+
+
+/**
+ * Respond to a POOL_USAGE message by sending back string form of memory
+ * usage stats.
+ **/
+static void msg_req_dmalloc_mark(int UNUSED(msg_type), pid_t UNUSED(src_pid),
+			  void *UNUSED(buf), size_t UNUSED(len))
+{
+#ifdef ENABLE_DMALLOC
+	our_dm_mark = dmalloc_mark();
+	DEBUG(2,("Got MSG_REQ_DMALLOC_MARK: mark set\n"));
+#else
+	DEBUG(2,("Got MSG_REQ_DMALLOC_MARK but dmalloc not in this process\n"));
+#endif
+}
+
+
+
+static void msg_req_dmalloc_log_changed(int UNUSED(msg_type),
+					pid_t UNUSED(src_pid),
+					void *UNUSED(buf), size_t UNUSED(len))
+{
+#ifdef ENABLE_DMALLOC
+	dmalloc_log_changed(our_dm_mark, True, True, True);
+	DEBUG(2,("Got MSG_REQ_DMALLOC_LOG_CHANGED: done\n"));
+#else
+	DEBUG(2,("Got MSG_REQ_DMALLOC_LOG_CHANGED but dmalloc not in this process\n"));
+#endif
+}
+
+
+/**
+ * Register handler for MSG_REQ_POOL_USAGE
+ **/
+void register_dmalloc_msgs(void)
+{
+	message_register(MSG_REQ_DMALLOC_MARK, msg_req_dmalloc_mark);
+	message_register(MSG_REQ_DMALLOC_LOG_CHANGED, msg_req_dmalloc_log_changed);
+	DEBUG(2, ("Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED\n"));
+}	
diff --git a/source3/lib/dprintf.c b/source3/lib/dprintf.c
new file mode 100644
index 0000000000..dadebdb3b4
--- /dev/null
+++ b/source3/lib/dprintf.c
@@ -0,0 +1,110 @@
+/* 
+   Unix SMB/CIFS implementation.
+   display print functions
+   Copyright (C) Andrew Tridgell 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+
+/*
+  this module provides functions for printing internal strings in the "display charset"
+  This charset may be quite different from the chosen unix charset
+
+  Eventually these functions will need to take care of column count constraints
+
+  The d_ prefix on print functions in Samba refers to the display character set
+  conversion
+*/
+
+#include "includes.h"
+
+int d_vfprintf(FILE *f, const char *format, va_list ap)
+{
+	char *p, *p2;
+	int ret, maxlen, clen;
+	const char *msgstr;
+
+	/* do any message translations */
+	msgstr = lang_msg(format);
+	if (!msgstr) return -1;
+
+	ret = vasprintf(&p, msgstr, ap);
+
+	lang_msg_free(msgstr);
+
+	if (ret <= 0) return ret;
+
+	/* now we have the string in unix format, convert it to the display
+	   charset, but beware of it growing */
+	maxlen = ret*2;
+again:
+	p2 = malloc(maxlen);
+	if (!p2) {
+		SAFE_FREE(p);
+		return -1;
+	}
+	clen = convert_string(CH_UNIX, CH_DISPLAY, p, ret, p2, maxlen);
+
+	if (clen >= maxlen) {
+		/* it didn't fit - try a larger buffer */
+		maxlen *= 2;
+		SAFE_FREE(p2);
+		goto again;
+	}
+
+	/* good, its converted OK */
+	SAFE_FREE(p);
+	ret = fwrite(p2, 1, clen, f);
+	SAFE_FREE(p2);
+
+	return ret;
+}
+
+
+ int d_fprintf(FILE *f, const char *format, ...)
+{
+	int ret;
+	va_list ap;
+
+	va_start(ap, format);
+	ret = d_vfprintf(f, format, ap);
+	va_end(ap);
+
+	return ret;
+}
+
+static FILE *outfile;
+
+ int d_printf(const char *format, ...)
+{
+	int ret;
+	va_list ap;
+
+	if (!outfile) outfile = stdout;
+	
+	va_start(ap, format);
+	ret = d_vfprintf(outfile, format, ap);
+	va_end(ap);
+
+	return ret;
+}
+
+/* interactive programs need a way of tell d_*() to write to stderr instead
+   of stdout */
+void display_set_stderr(void)
+{
+	outfile = stderr;
+}
diff --git a/source3/lib/error.c b/source3/lib/error.c
new file mode 100644
index 0000000000..22ac1cb2d7
--- /dev/null
+++ b/source3/lib/error.c
@@ -0,0 +1,72 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  Unix/DOS/NT error code conversions
+ *  Copyright (C) Tim Potter 2000
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+/* Mapping between Unix, DOS and NT error numbers */
+
+const struct unix_error_map unix_dos_nt_errmap[] = {
+	{ EPERM, ERRDOS, ERRnoaccess, NT_STATUS_ACCESS_DENIED },
+	{ EACCES, ERRDOS, ERRnoaccess, NT_STATUS_ACCESS_DENIED },
+	{ ENOENT, ERRDOS, ERRbadfile, NT_STATUS_NO_SUCH_FILE },
+	{ ENOTDIR, ERRDOS, ERRbadpath, NT_STATUS_NOT_A_DIRECTORY },
+	{ EIO, ERRHRD, ERRgeneral, NT_STATUS_IO_DEVICE_ERROR },
+	{ EBADF, ERRSRV, ERRsrverror, NT_STATUS_INVALID_HANDLE },
+	{ EINVAL, ERRSRV, ERRsrverror, NT_STATUS_INVALID_HANDLE },
+	{ EEXIST, ERRDOS, ERRfilexists, NT_STATUS_OBJECT_NAME_COLLISION},
+	{ ENFILE, ERRDOS, ERRnofids, NT_STATUS_TOO_MANY_OPENED_FILES },
+	{ EMFILE, ERRDOS, ERRnofids, NT_STATUS_TOO_MANY_OPENED_FILES },
+	{ ENOSPC, ERRHRD, ERRdiskfull, NT_STATUS_DISK_FULL },
+#ifdef EDQUOT
+	{ EDQUOT, ERRHRD, ERRdiskfull, NT_STATUS_DISK_FULL },
+#endif
+#ifdef ENOTEMPTY
+	{ ENOTEMPTY, ERRDOS, ERRnoaccess, NT_STATUS_DIRECTORY_NOT_EMPTY },
+#endif
+#ifdef EXDEV
+	{ EXDEV, ERRDOS, ERRdiffdevice, NT_STATUS_NOT_SAME_DEVICE },
+#endif
+#ifdef EROFS
+	{ EROFS, ERRHRD, ERRnowrite, NT_STATUS_ACCESS_DENIED },
+#endif
+	{ 0, 0, 0, NT_STATUS_OK }
+};
+
+/*********************************************************************
+ Map an NT error code from a Unix error code.
+*********************************************************************/
+
+NTSTATUS map_nt_error_from_unix(int unix_error)
+{
+	int i = 0;
+
+	if (unix_error == 0)
+		return NT_STATUS_OK;
+
+	/* Look through list */
+	while(unix_dos_nt_errmap[i].unix_error != 0) {
+		if (unix_dos_nt_errmap[i].unix_error == unix_error)
+			return unix_dos_nt_errmap[i].nt_error;
+		i++;
+	}
+
+	/* Default return */
+	return NT_STATUS_ACCESS_DENIED;
+}
diff --git a/source3/lib/fault.c b/source3/lib/fault.c
index 20c75f7876..e132ed8f67 100644
--- a/source3/lib/fault.c
+++ b/source3/lib/fault.c
@@ -1,8 +1,7 @@
 /* 
-   Unix SMB/Netbios implementation.
-   Version 1.9.
+   Unix SMB/CIFS implementation.
    Critical Fault handling
-   Copyright (C) Andrew Tridgell 1992-1995
+   Copyright (C) Andrew Tridgell 1992-1998
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -19,44 +18,39 @@
    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */
 
-#ifdef LINUX
-#define __KERNEL__
-#endif
-
 #include "includes.h"
-extern int DEBUGLEVEL;
-
-
-static void (*cont_fn)();
 
+static void (*cont_fn)(void *);
 
 /*******************************************************************
 report a fault
 ********************************************************************/
 static void fault_report(int sig)
 {
-  DEBUG(0,("===============================================================\n"));
-  DEBUG(0,("INTERNAL ERROR: Signal %d in pid %d (%s)",sig,(int)getpid(),VERSION));
-  DEBUG(0,("\nPlease read the file BUGS.txt in the distribution\n"));
-  DEBUG(0,("===============================================================\n"));
+	static int counter;
+
+	if (counter) _exit(1);
+
+	counter++;
+
+	DEBUG(0,("===============================================================\n"));
+	DEBUG(0,("INTERNAL ERROR: Signal %d in pid %d (%s)",sig,(int)sys_getpid(),VERSION));
+	DEBUG(0,("\nPlease read the file BUGS.txt in the distribution\n"));
+	DEBUG(0,("===============================================================\n"));
   
-#if AJT
-  ajt_panic();
-#endif  
+	smb_panic("internal error");
 
-  if (cont_fn)
-    {
-      fault_setup(cont_fn);
-      cont_fn(NULL);
+	if (cont_fn) {
+		cont_fn(NULL);
 #ifdef SIGSEGV
-      signal(SIGSEGV,SIGNAL_CAST SIG_DFL);
+		CatchSignal(SIGSEGV,SIGNAL_CAST SIG_DFL);
 #endif
 #ifdef SIGBUS
-      signal(SIGBUS,SIGNAL_CAST SIG_DFL);
+		CatchSignal(SIGBUS,SIGNAL_CAST SIG_DFL);
 #endif
-      return; /* this should cause a core dump */
-    }
-  exit(1);
+		return; /* this should cause a core dump */
+	}
+	exit(1);
 }
 
 /****************************************************************************
@@ -64,21 +58,21 @@ catch serious errors
 ****************************************************************************/
 static void sig_fault(int sig)
 {
-  fault_report(sig);
+	fault_report(sig);
 }
 
 /*******************************************************************
 setup our fault handlers
 ********************************************************************/
-void fault_setup(void (*fn)())
+void fault_setup(void (*fn)(void *))
 {
-  cont_fn = fn;
+	cont_fn = fn;
 
 #ifdef SIGSEGV
-  signal(SIGSEGV,SIGNAL_CAST sig_fault);
+	CatchSignal(SIGSEGV,SIGNAL_CAST sig_fault);
 #endif
 #ifdef SIGBUS
-  signal(SIGBUS,SIGNAL_CAST sig_fault);
+	CatchSignal(SIGBUS,SIGNAL_CAST sig_fault);
 #endif
 }
 
diff --git a/source3/lib/fsusage.c b/source3/lib/fsusage.c
new file mode 100644
index 0000000000..bb7cff0645
--- /dev/null
+++ b/source3/lib/fsusage.c
@@ -0,0 +1,148 @@
+/* 
+   Unix SMB/CIFS implementation.
+   functions to calculate the free disk space
+   Copyright (C) Andrew Tridgell 1998-2000
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+
+/* Return the number of TOSIZE-byte blocks used by
+   BLOCKS FROMSIZE-byte blocks, rounding away from zero.
+*/
+static SMB_BIG_UINT adjust_blocks(SMB_BIG_UINT blocks, SMB_BIG_UINT fromsize, SMB_BIG_UINT tosize)
+{
+	if (fromsize == tosize)	/* e.g., from 512 to 512 */
+		return blocks;
+	else if (fromsize > tosize)	/* e.g., from 2048 to 512 */
+		return blocks * (fromsize / tosize);
+	else				/* e.g., from 256 to 512 */
+		return (blocks + 1) / (tosize / fromsize);
+}
+
+/* this does all of the system specific guff to get the free disk space.
+   It is derived from code in the GNU fileutils package, but has been
+   considerably mangled for use here 
+
+   results are returned in *dfree and *dsize, in 512 byte units
+*/
+int sys_fsusage(const char *path, SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize)
+{
+#ifdef STAT_STATFS3_OSF1
+#define CONVERT_BLOCKS(B) adjust_blocks ((SMB_BIG_UINT)(B), (SMB_BIG_UINT)fsd.f_fsize, (SMB_BIG_UINT)512)
+	struct statfs fsd;
+
+	if (statfs (path, &fsd, sizeof (struct statfs)) != 0)
+		return -1;
+#endif /* STAT_STATFS3_OSF1 */
+	
+#ifdef STAT_STATFS2_FS_DATA	/* Ultrix */
+#define CONVERT_BLOCKS(B) adjust_blocks ((SMB_BIG_UINT)(B), (SMB_BIG_UINT)1024, (SMB_BIG_UINT)512)	
+	struct fs_data fsd;
+	
+	if (statfs (path, &fsd) != 1)
+		return -1;
+	
+	(*dsize) = CONVERT_BLOCKS (fsd.fd_req.btot);
+	(*dfree) = CONVERT_BLOCKS (fsd.fd_req.bfreen);
+#endif /* STAT_STATFS2_FS_DATA */
+	
+#ifdef STAT_STATFS2_BSIZE	/* 4.3BSD, SunOS 4, HP-UX, AIX */
+#define CONVERT_BLOCKS(B) adjust_blocks ((SMB_BIG_UINT)(B), (SMB_BIG_UINT)fsd.f_bsize, (SMB_BIG_UINT)512)
+	struct statfs fsd;
+	
+	if (statfs (path, &fsd) < 0)
+		return -1;
+	
+#ifdef STATFS_TRUNCATES_BLOCK_COUNTS
+	/* In SunOS 4.1.2, 4.1.3, and 4.1.3_U1, the block counts in the
+	   struct statfs are truncated to 2GB.  These conditions detect that
+	   truncation, presumably without botching the 4.1.1 case, in which
+	   the values are not truncated.  The correct counts are stored in
+	   undocumented spare fields.  */
+	if (fsd.f_blocks == 0x1fffff && fsd.f_spare[0] > 0) {
+		fsd.f_blocks = fsd.f_spare[0];
+		fsd.f_bfree = fsd.f_spare[1];
+		fsd.f_bavail = fsd.f_spare[2];
+	}
+#endif /* STATFS_TRUNCATES_BLOCK_COUNTS */
+#endif /* STAT_STATFS2_BSIZE */
+	
+
+#ifdef STAT_STATFS2_FSIZE	/* 4.4BSD */
+#define CONVERT_BLOCKS(B) adjust_blocks ((SMB_BIG_UINT)(B), (SMB_BIG_UINT)fsd.f_fsize, (SMB_BIG_UINT)512)
+	
+	struct statfs fsd;
+	
+	if (statfs (path, &fsd) < 0)
+		return -1;
+#endif /* STAT_STATFS2_FSIZE */
+	
+#ifdef STAT_STATFS4		/* SVR3, Dynix, Irix, AIX */
+# if _AIX || defined(_CRAY)
+#  define CONVERT_BLOCKS(B) adjust_blocks ((SMB_BIG_UINT)(B), (SMB_BIG_UINT)fsd.f_bsize, (SMB_BIG_UINT)512)
+#  ifdef _CRAY
+#   define f_bavail f_bfree
+#  endif
+# else
+#  define CONVERT_BLOCKS(B) ((SMB_BIG_UINT)B)
+#  ifndef _SEQUENT_		/* _SEQUENT_ is DYNIX/ptx */
+#   ifndef DOLPHIN		/* DOLPHIN 3.8.alfa/7.18 has f_bavail */
+#    define f_bavail f_bfree
+#   endif
+#  endif
+# endif
+	
+	struct statfs fsd;
+
+	if (statfs (path, &fsd, sizeof fsd, 0) < 0)
+		return -1;
+	/* Empirically, the block counts on most SVR3 and SVR3-derived
+	   systems seem to always be in terms of 512-byte blocks,
+	   no matter what value f_bsize has.  */
+
+#endif /* STAT_STATFS4 */
+
+#if defined(STAT_STATVFS) || defined(STAT_STATVFS64)		/* SVR4 */
+# define CONVERT_BLOCKS(B) \
+	adjust_blocks ((SMB_BIG_UINT)(B), fsd.f_frsize ? (SMB_BIG_UINT)fsd.f_frsize : (SMB_BIG_UINT)fsd.f_bsize, (SMB_BIG_UINT)512)
+
+#ifdef STAT_STATVFS64
+	struct statvfs64 fsd;
+	if (statvfs64(path, &fsd) < 0) return -1;
+#else
+	struct statvfs fsd;
+	if (statvfs(path, &fsd) < 0) return -1;
+#endif
+
+	/* f_frsize isn't guaranteed to be supported.  */
+
+#endif /* STAT_STATVFS */
+
+#ifndef CONVERT_BLOCKS
+	/* we don't have any dfree code! */
+	return -1;
+#else
+#if !defined(STAT_STATFS2_FS_DATA)
+	/* !Ultrix */
+	(*dsize) = CONVERT_BLOCKS (fsd.f_blocks);
+	(*dfree) = CONVERT_BLOCKS (fsd.f_bavail);
+#endif /* not STAT_STATFS2_FS_DATA */
+#endif
+
+	return 0;
+}
diff --git a/source3/lib/genrand.c b/source3/lib/genrand.c
new file mode 100644
index 0000000000..6296ead726
--- /dev/null
+++ b/source3/lib/genrand.c
@@ -0,0 +1,267 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Functions to create reasonable random numbers for crypto use.
+
+   Copyright (C) Jeremy Allison 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+static unsigned char hash[258];
+static uint32 counter;
+unsigned char *reseed_data;
+size_t reseed_data_size;
+
+/**************************************************************** 
+ Copy any user given reseed data.
+*****************************************************************/
+
+void set_rand_reseed_data(unsigned char *data, size_t len)
+{
+	SAFE_FREE(reseed_data);
+	reseed_data_size = 0;
+
+	reseed_data = (unsigned char *)memdup(data, len);
+	if (reseed_data)
+		reseed_data_size = len;
+}
+
+/**************************************************************** 
+ Setup the seed.
+*****************************************************************/
+
+static void seed_random_stream(unsigned char *seedval, size_t seedlen)
+{
+	unsigned char j = 0;
+	size_t ind;
+
+	for (ind = 0; ind < 256; ind++)
+		hash[ind] = (unsigned char)ind;
+
+	for( ind = 0; ind < 256; ind++) {
+		unsigned char tc;
+
+		j += (hash[ind] + seedval[ind%seedlen]);
+
+		tc = hash[ind];
+		hash[ind] = hash[j];
+		hash[j] = tc;
+	}
+
+	hash[256] = 0;
+	hash[257] = 0;
+}
+
+/**************************************************************** 
+ Get datasize bytes worth of random data.
+*****************************************************************/
+
+static void get_random_stream(unsigned char *data, size_t datasize)
+{
+	unsigned char index_i = hash[256];
+	unsigned char index_j = hash[257];
+	size_t ind;
+
+	for( ind = 0; ind < datasize; ind++) {
+		unsigned char tc;
+		unsigned char t;
+
+		index_i++;
+		index_j += hash[index_i];
+
+		tc = hash[index_i];
+		hash[index_i] = hash[index_j];
+		hash[index_j] = tc;
+
+		t = hash[index_i] + hash[index_j];
+		data[ind] = hash[t];
+	}
+
+	hash[256] = index_i;
+	hash[257] = index_j;
+}
+
+/****************************************************************
+ Get a 16 byte hash from the contents of a file.
+ Note that the hash is not initialised.
+*****************************************************************/
+
+static void do_filehash(char *fname, unsigned char *the_hash)
+{
+	unsigned char buf[1011]; /* deliberate weird size */
+	unsigned char tmp_md4[16];
+	int fd, n;
+
+	fd = sys_open(fname,O_RDONLY,0);
+	if (fd == -1)
+		return;
+
+	while ((n = read(fd, (char *)buf, sizeof(buf))) > 0) {
+		mdfour(tmp_md4, buf, n);
+		for (n=0;n<16;n++)
+			the_hash[n] ^= tmp_md4[n];
+	}
+	close(fd);
+}
+
+/**************************************************************
+ Try and get a good random number seed. Try a number of
+ different factors. Firstly, try /dev/urandom - use if exists.
+
+ We use /dev/urandom as a read of /dev/random can block if
+ the entropy pool dries up. This leads clients to timeout
+ or be very slow on connect.
+
+ If we can't use /dev/urandom then seed the stream random generator
+ above...
+**************************************************************/
+
+static int do_reseed(BOOL use_fd, int fd)
+{
+	unsigned char seed_inbuf[40];
+	uint32 v1, v2; struct timeval tval; pid_t mypid;
+	struct passwd *pw;
+
+	if (use_fd) {
+		if (fd != -1)
+			return fd;
+
+		fd = sys_open( "/dev/urandom", O_RDONLY,0);
+		if(fd >= 0)
+			return fd;
+	}
+
+	/* Add in some secret file contents */
+
+	do_filehash("/etc/shadow", &seed_inbuf[0]);
+	do_filehash(lp_smb_passwd_file(), &seed_inbuf[16]);
+
+	/*
+	 * Add in the root encrypted password.
+	 * On any system where security is taken
+	 * seriously this will be secret.
+	 */
+
+	pw = getpwnam_alloc("root");
+	if (pw && pw->pw_passwd) {
+		size_t i;
+		unsigned char md4_tmp[16];
+		mdfour(md4_tmp, (unsigned char *)pw->pw_passwd, strlen(pw->pw_passwd));
+		for (i=0;i<16;i++)
+			seed_inbuf[8+i] ^= md4_tmp[i];
+		passwd_free(&pw);
+	}
+
+	/*
+	 * Add the counter, time of day, and pid.
+	 */
+
+	GetTimeOfDay(&tval);
+	mypid = sys_getpid();
+	v1 = (counter++) + mypid + tval.tv_sec;
+	v2 = (counter++) * mypid + tval.tv_usec;
+
+	SIVAL(seed_inbuf, 32, v1 ^ IVAL(seed_inbuf, 32));
+	SIVAL(seed_inbuf, 36, v2 ^ IVAL(seed_inbuf, 36));
+
+	/*
+	 * Add any user-given reseed data.
+	 */
+
+	if (reseed_data) {
+		size_t i;
+		for (i = 0; i < sizeof(seed_inbuf); i++)
+			seed_inbuf[i] ^= reseed_data[i % reseed_data_size];
+	}
+
+	seed_random_stream(seed_inbuf, sizeof(seed_inbuf));
+
+	return -1;
+}
+
+/*******************************************************************
+ Interface to the (hopefully) good crypto random number generator.
+********************************************************************/
+
+void generate_random_buffer( unsigned char *out, int len, BOOL do_reseed_now)
+{
+	static BOOL done_reseed = False;
+	static int urand_fd = -1;
+	unsigned char md4_buf[64];
+	unsigned char tmp_buf[16];
+	unsigned char *p;
+
+	if(!done_reseed || do_reseed_now) {
+		urand_fd = do_reseed(True, urand_fd);
+		done_reseed = True;
+	}
+
+	if (urand_fd != -1 && len > 0) {
+
+		if (read(urand_fd, out, len) == len)
+			return; /* len bytes of random data read from urandom. */
+
+		/* Read of urand error, drop back to non urand method. */
+		close(urand_fd);
+		urand_fd = -1;
+		do_reseed(False, -1);
+		done_reseed = True;
+	}
+
+	/*
+	 * Generate random numbers in chunks of 64 bytes,
+	 * then md4 them & copy to the output buffer.
+	 * This way the raw state of the stream is never externally
+	 * seen.
+	 */
+
+	p = out;
+	while(len > 0) {
+		int copy_len = len > 16 ? 16 : len;
+
+		get_random_stream(md4_buf, sizeof(md4_buf));
+		mdfour(tmp_buf, md4_buf, sizeof(md4_buf));
+		memcpy(p, tmp_buf, copy_len);
+		p += copy_len;
+		len -= copy_len;
+	}
+}
+
+/*******************************************************************
+ Use the random number generator to generate a random string.
+********************************************************************/
+
+static char c_list[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+_-#.,";
+
+char *generate_random_str(size_t len)
+{
+	static unsigned char retstr[256];
+	size_t i;
+
+	memset(retstr, '\0', sizeof(retstr));
+
+	if (len > sizeof(retstr)-1)
+		len = sizeof(retstr) -1;
+	generate_random_buffer( retstr, len, False);
+	for (i = 0; i < len; i++)
+		retstr[i] = c_list[ retstr[i] % sizeof(c_list) ];
+
+	retstr[i] = '\0';
+
+	return (char *)retstr;
+}
diff --git a/source3/lib/getsmbpass.c b/source3/lib/getsmbpass.c
index 07a7dbfd9b..0874529d32 100644
--- a/source3/lib/getsmbpass.c
+++ b/source3/lib/getsmbpass.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 1992, 1993, 1994 Free Software Foundation, Inc.
+/* Copyright (C) 1992-1998 Free Software Foundation, Inc.
 This file is part of the GNU C Library.
 
 The GNU C Library is free software; you can redistribute it and/or
@@ -40,20 +40,19 @@ static struct termio t;
 #define TCSANOW 0
 #endif
 
-int tcgetattr(int fd, struct termio *t)
+static int tcgetattr(int fd, struct termio *t)
 {
 	return ioctl(fd, TCGETA, t);
 }
 
-int tcsetattr(int fd, int flags, const struct termio *t)
+static int tcsetattr(int fd, int flags, struct termio *t)
 {
 	if(flags & TCSAFLUSH)
 		ioctl(fd, TCFLSH, TCIOFLUSH);
 	return ioctl(fd, TCSETS, t);
 }
 
-#else /* SYSV_TERMIO */
-#ifdef BSD_TERMIO
+#elif !defined(TCSAFLUSH)
 
 /* BSD TERMIO HANDLING */
 
@@ -63,37 +62,28 @@ static struct sgttyb t;
 #define TURN_ECHO_OFF(t) ((t).sg_flags &= ~ECHO)
 #define TURN_ECHO_ON(t) ((t).sg_flags |= ECHO)
 
-#ifndef TCSAFLUSH
 #define TCSAFLUSH 1
-#endif
-
-#ifndef TCSANOW
 #define TCSANOW 0
-#endif
 
-int tcgetattr(int fd, struct sgttyb *t)
+static int tcgetattr(int fd, struct sgttyb *t)
 {
 	return ioctl(fd, TIOCGETP, (char *)t);
 }
 
-int tcsetattr(int fd, int flags, const struct sgttyb *t)
+static int tcsetattr(int fd, int flags, struct sgttyb *t)
 {
 	return ioctl(fd, TIOCSETP, (char *)t);
 }
 
-#else /* BSD_TERMIO */
-
-/* POSIX TERMIO HANDLING */
+#else /* POSIX TERMIO HANDLING */
 #define ECHO_IS_ON(t) ((t).c_lflag & ECHO)
 #define TURN_ECHO_OFF(t) ((t).c_lflag &= ~ECHO)
 #define TURN_ECHO_ON(t) ((t).c_lflag |= ECHO)
 
 static struct termios t;
-#endif /* BSD_TERMIO */
 #endif /* SYSV_TERMIO */
 
-char *
-getsmbpass(char *prompt)     
+char *getsmbpass(char *prompt)    
 {
   FILE *in, *out;
   int echo_off;
@@ -102,7 +92,7 @@ getsmbpass(char *prompt)
   size_t nread;
 
   /* Catch problematic signals */
-  signal(SIGINT, SIGNAL_CAST SIG_IGN);
+  CatchSignal(SIGINT, SIGNAL_CAST SIG_IGN);
 
   /* Try to write to and read from the terminal if we can.
      If we can't open the terminal, use stderr and stdin.  */
@@ -154,13 +144,13 @@ getsmbpass(char *prompt)
     fclose (in);
 
   /* Catch problematic signals */
-  signal(SIGINT, SIGNAL_CAST SIG_DFL);
+  CatchSignal(SIGINT, SIGNAL_CAST SIG_DFL);
 
   printf("\n");
   return buf;
 }
 
 #else
-
-void getsmbpasswd_dummy() {;}
+ void getsmbpasswd_dummy(void);
+ void getsmbpasswd_dummy(void) {;}
 #endif
diff --git a/source3/lib/hash.c b/source3/lib/hash.c
new file mode 100644
index 0000000000..6b7a8476b1
--- /dev/null
+++ b/source3/lib/hash.c
@@ -0,0 +1,315 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Copyright (C) Ying Chen 2000.
+   Copyright (C) Jeremy Allison 2000.
+                 - added some defensive programming.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+/*
+ * NB. We may end up replacing this functionality in a future 2.x 
+ * release to reduce the number of hashing/lookup methods we support. JRA.
+ */
+
+#include "includes.h"
+
+static BOOL enlarge_hash_table(hash_table *table);
+static int primes[] = 
+        {17, 37, 67, 131, 257, 521, 1031, 2053, 4099, 8209, 16411};
+
+/****************************************************************************
+ *      This function initializes the hash table.
+ *      This hash function hashes on string keys.
+ *      This number of hash buckets is always rounded up to a power of 
+ *      2 first, then to a prime number that is large than the power of two. 
+ *      Input:
+ *              table -- the hash table pointer.
+ *              num_buckets -- the number of buckets to be allocated. This
+ *              hash function can dynamically increase its size when the 
+ *              the hash table size becomes small. There is a MAX hash table
+ *              size defined in hash.h.
+ *              compare_func -- the function pointer to a comparison function
+ *              used by the hash key comparison.
+ ****************************************************************************
+ */
+
+BOOL hash_table_init(hash_table *table, int num_buckets, compare_function compare_func)
+{
+	int 	i;
+	ubi_dlList 	*bucket;
+
+	table->num_elements = 0;
+	table->size = 2;
+	table->comp_func = compare_func;
+	while (table->size < num_buckets) 
+		table->size <<= 1;
+	for (i = 0; i < ARRAY_SIZE(primes); i++) {
+		if (primes[i] > table->size) {
+			table->size = primes[i];
+			break;
+		}
+	}
+
+	DEBUG(5, ("Hash size = %d.\n", table->size));
+
+	if(!(table->buckets = (ubi_dlList *) malloc(sizeof(ubi_dlList) * table->size))) {
+		DEBUG(0,("hash_table_init: malloc fail !\n"));
+		return False;
+	}
+	ubi_dlInitList(&(table->lru_chain));
+	for (i=0, bucket = table->buckets; i < table->size; i++, bucket++) 
+		ubi_dlInitList(bucket);
+
+	return True;
+}
+
+/*
+ **************************************************************
+ *	Compute a hash value based on a string key value.
+ *	Make the string key into an array of int's if possible.
+ *	For the last few chars that cannot be int'ed, use char instead.
+ *	The function returns the bucket index number for the hashed 
+ *	key.
+ **************************************************************
+ */
+
+static int string_hash(int hash_size, const char *key)
+{
+	u32 value;	/* Used to compute the hash value.  */
+	u32   i;	/* Used to cycle through random values. */
+
+	for (value = 0x238F13AF, i=0; key[i]; i++)
+		value = (value + (key[i] << (i*5 % 24)));
+
+	return (1103515243 * value + 12345) % hash_size;  
+}
+
+
+/* *************************************************************************
+ * 	Search the hash table for the entry in the hash chain.
+ *	The function returns the pointer to the 
+ *	element found in the chain or NULL if none is found. 
+ *	If the element is found, the element is also moved to 
+ *	the head of the LRU list.
+ *
+ *	Input:
+ *              table -- The hash table where the element is stored in.
+ *              hash_chain -- The pointer to the bucket that stores the 
+ *              element to be found.
+ *              key -- The hash key to be found. 
+ ***************************************************************************
+ */
+
+static hash_element *hash_chain_find(hash_table *table, ubi_dlList *hash_chain, char *key)
+{
+	hash_element *hash_elem;
+	ubi_dlNodePtr lru_item;
+	int	i = 0;
+
+	for (hash_elem = (hash_element *)(ubi_dlFirst(hash_chain)); i < hash_chain->count; 
+		i++, hash_elem = (hash_element *)(ubi_dlNext(hash_elem))) {
+		if ((table->comp_func)(hash_elem->key, key) == 0) {
+			/* Move to the head of the lru List. */
+			lru_item = ubi_dlRemove(&(table->lru_chain), &(hash_elem->lru_link.lru_link));
+			ubi_dlAddHead(&(table->lru_chain), lru_item);
+			return(hash_elem);
+		}
+	}
+	return ((hash_element *) NULL);
+}
+
+/* ***************************************************************************
+ *
+ * 	Lookup a hash table for an element with key.  
+ *      The function returns a pointer to the hash element.
+ *	If no element is found, the function returns NULL.
+ *
+ *      Input:
+ *              table -- The hash table to be searched on.
+ *              key -- The key to be found.
+ *****************************************************************************
+ */
+
+hash_element *hash_lookup(hash_table *table, char *key)
+{
+	return (hash_chain_find(table, &table->buckets[string_hash(table->size, key)], key));
+}
+
+/* ***************************************************************
+ *
+ *	This function first checks if an element with key "key"
+ *	exists in the hash table. If so, the function moves the 
+ *	element to the front of the LRU list. Otherwise, a new 
+ *	hash element corresponding to "value" and "key" is allocated
+ *	and inserted into the hash table. The new elements are
+ *	always inserted in the LRU order to the LRU list as well.
+ *
+ *      Input:
+ *              table -- The hash table to be inserted in.
+ *              value -- The content of the element to be inserted.
+ *              key -- The key of the new element to be inserted.
+ *
+ ****************************************************************
+ */
+
+hash_element *hash_insert(hash_table *table, char *value, char *key)
+{
+	hash_element	*hash_elem;
+	ubi_dlNodePtr lru_item;
+	ubi_dlList *bucket; 
+
+	/* 
+	 * If the hash table size has not reached the MAX_HASH_TABLE_SIZE,
+	 * the hash table may be enlarged if the current hash table is full.
+	 * If the hash table size has reached the MAX_HASH_TABLE_SIZE, 
+	 * use LRU to remove the oldest element from the hash table.
+	 */
+
+	if ((table->num_elements >= table->size) &&  
+		(table->num_elements < MAX_HASH_TABLE_SIZE)) {
+		if(!enlarge_hash_table(table))
+			return (hash_element *)NULL;
+		table->num_elements += 1;
+	} else if (table->num_elements >= MAX_HASH_TABLE_SIZE) {
+		/* Do an LRU replacement. */
+		lru_item = ubi_dlLast(&(table->lru_chain));
+		hash_elem = (hash_element *)(((lru_node *)lru_item)->hash_elem);
+		bucket = hash_elem->bucket;
+		ubi_dlRemThis(&(table->lru_chain), &(hash_elem->lru_link.lru_link));
+		ubi_dlRemThis(bucket, (ubi_dlNodePtr)hash_elem);
+		SAFE_FREE(hash_elem->value);
+		SAFE_FREE(hash_elem);
+	}  else  {
+		table->num_elements += 1;
+	}
+
+	bucket = &table->buckets[string_hash(table->size, key)];
+
+	/* Since we only have 1-byte for the key string, we need to 
+	 * allocate extra space in the hash_element to store the entire key
+	 * string.
+	 */
+
+	if(!(hash_elem = (hash_element *) malloc(sizeof(hash_element) + strlen(key)))) {
+		DEBUG(0,("hash_insert: malloc fail !\n"));
+		return (hash_element *)NULL;
+	}
+
+	safe_strcpy((char *) hash_elem->key, key, strlen(key)+1);
+
+	hash_elem->value = (char *)value;
+	hash_elem->bucket = bucket;
+	/* Insert in front of the lru list and the bucket list. */
+	ubi_dlAddHead(bucket, hash_elem);
+	hash_elem->lru_link.hash_elem = hash_elem;
+	ubi_dlAddHead(&(table->lru_chain), &(hash_elem->lru_link.lru_link));
+
+	return(hash_elem);
+}
+
+/* **************************************************************************
+ *
+ * 	Remove a hash element from the hash table. The hash element is 
+ * 	removed from both the LRU list and the hash bucket chain.
+ *
+ *      Input:
+ *              table -- the hash table to be manipulated on.
+ *              hash_elem -- the element to be removed.
+ **************************************************************************
+ */
+
+void hash_remove(hash_table *table, hash_element *hash_elem)
+{
+	if (hash_elem) { 
+		ubi_dlRemove(&(table->lru_chain), &(hash_elem->lru_link.lru_link));
+		ubi_dlRemove(hash_elem->bucket, (ubi_dlNodePtr) hash_elem);
+		SAFE_FREE(hash_elem->value);
+		SAFE_FREE(hash_elem);
+		table->num_elements--;
+	}
+}
+
+/* ******************************************************************
+ *	Increase the hash table size if it is too small. 
+ *	The hash table size is increased by the HASH_TABLE_INCREMENT
+ *	ratio.
+ *      Input:
+ *              table -- the hash table to be enlarged.
+ ******************************************************************
+ */
+
+static BOOL enlarge_hash_table(hash_table *table)
+{
+	hash_element  	*hash_elem;
+	int size, hash_value;
+	ubi_dlList	*buckets;
+	ubi_dlList	*old_bucket;
+	ubi_dlList	*bucket;
+	ubi_dlList  lru_chain;
+
+	buckets = table->buckets;
+	lru_chain = table->lru_chain;
+	size = table->size;
+
+	/* Reinitialize the hash table. */
+	if(!hash_table_init(table, table->size * HASH_TABLE_INCREMENT, table->comp_func))
+		return False;
+
+	for (old_bucket = buckets; size > 0; size--, old_bucket++) {
+		while (old_bucket->count != 0) {
+			hash_elem = (hash_element *) ubi_dlRemHead(old_bucket);
+			ubi_dlRemove(&lru_chain, &(hash_elem->lru_link.lru_link));
+			hash_value = string_hash(table->size, (char *) hash_elem->key);
+			bucket = &(table->buckets[hash_value]);
+			ubi_dlAddHead(bucket, hash_elem);
+			ubi_dlAddHead(&(table->lru_chain), &(hash_elem->lru_link.lru_link));
+			hash_elem->bucket = bucket;
+			hash_elem->lru_link.hash_elem = hash_elem;
+			table->num_elements++;
+		}
+	}
+	SAFE_FREE(buckets);
+
+	return True;
+}
+
+/* **********************************************************************
+ *
+ *	Remove everything from a hash table and free up the memory it 
+ *	occupies. 
+ *      Input: 
+ *              table -- the hash table to be cleared.
+ *
+ *************************************************************************
+ */
+
+void hash_clear(hash_table *table)
+{
+	int i;
+	ubi_dlList	*bucket = table->buckets;
+	hash_element    *hash_elem;
+	for (i = 0; i < table->size; bucket++, i++) {
+		while (bucket->count != 0) {
+			hash_elem = (hash_element *) ubi_dlRemHead(bucket);
+			SAFE_FREE(hash_elem->value);
+			SAFE_FREE(hash_elem);
+		}
+	}
+	table->size = 0;
+	SAFE_FREE(table->buckets);
+	table->buckets = NULL;
+}
diff --git a/source3/lib/hmacmd5.c b/source3/lib/hmacmd5.c
new file mode 100644
index 0000000000..f436fd30c0
--- /dev/null
+++ b/source3/lib/hmacmd5.c
@@ -0,0 +1,134 @@
+/* 
+   Unix SMB/CIFS implementation.
+   HMAC MD5 code for use in NTLMv2
+   Copyright (C) Luke Kenneth Casson Leighton 1996-2000
+   Copyright (C) Andrew Tridgell 1992-2000
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+/* taken direct from rfc2104 implementation and modified for suitable use
+ * for ntlmv2.
+ */
+
+#include "includes.h"
+
+/***********************************************************************
+ the rfc 2104 version of hmac_md5 initialisation.
+***********************************************************************/
+void hmac_md5_init_rfc2104(uchar*  key, int key_len, HMACMD5Context *ctx)
+{
+        int i;
+
+        /* if key is longer than 64 bytes reset it to key=MD5(key) */
+        if (key_len > 64)
+	{
+		uchar tk[16];
+                struct MD5Context tctx;
+
+                MD5Init(&tctx);
+                MD5Update(&tctx, key, key_len);
+                MD5Final(tk, &tctx);
+
+                key = tk;
+                key_len = 16;
+        }
+
+        /* start out by storing key in pads */
+        ZERO_STRUCT(ctx->k_ipad);
+        ZERO_STRUCT(ctx->k_opad);
+        memcpy( ctx->k_ipad, key, key_len);
+        memcpy( ctx->k_opad, key, key_len);
+
+        /* XOR key with ipad and opad values */
+        for (i=0; i<64; i++)
+	{
+                ctx->k_ipad[i] ^= 0x36;
+                ctx->k_opad[i] ^= 0x5c;
+        }
+
+        MD5Init(&ctx->ctx);
+        MD5Update(&ctx->ctx, ctx->k_ipad, 64);  
+}
+
+/***********************************************************************
+ the microsoft version of hmac_md5 initialisation.
+***********************************************************************/
+void hmac_md5_init_limK_to_64(const uchar* key, int key_len,
+			HMACMD5Context *ctx)
+{
+        int i;
+
+        /* if key is longer than 64 bytes truncate it */
+        if (key_len > 64)
+	{
+                key_len = 64;
+        }
+
+        /* start out by storing key in pads */
+        ZERO_STRUCT(ctx->k_ipad);
+        ZERO_STRUCT(ctx->k_opad);
+        memcpy( ctx->k_ipad, key, key_len);
+        memcpy( ctx->k_opad, key, key_len);
+
+        /* XOR key with ipad and opad values */
+        for (i=0; i<64; i++) {
+                ctx->k_ipad[i] ^= 0x36;
+                ctx->k_opad[i] ^= 0x5c;
+        }
+
+        MD5Init(&ctx->ctx);
+        MD5Update(&ctx->ctx, ctx->k_ipad, 64);  
+}
+
+/***********************************************************************
+ update hmac_md5 "inner" buffer
+***********************************************************************/
+void hmac_md5_update(const uchar* text, int text_len, HMACMD5Context *ctx)
+{
+        MD5Update(&ctx->ctx, text, text_len); /* then text of datagram */
+}
+
+/***********************************************************************
+ finish off hmac_md5 "inner" buffer and generate outer one.
+***********************************************************************/
+void hmac_md5_final(uchar *digest, HMACMD5Context *ctx)
+
+{
+        struct MD5Context ctx_o;
+
+        MD5Final(digest, &ctx->ctx);          
+
+        MD5Init(&ctx_o);
+        MD5Update(&ctx_o, ctx->k_opad, 64);   
+        MD5Update(&ctx_o, digest, 16); 
+        MD5Final(digest, &ctx_o);
+}
+
+/***********************************************************
+ single function to calculate an HMAC MD5 digest from data.
+ use the microsoft hmacmd5 init method because the key is 16 bytes.
+************************************************************/
+void hmac_md5( uchar key[16], uchar* data, int data_len, uchar* digest)
+{
+	HMACMD5Context ctx;
+	hmac_md5_init_limK_to_64(key, 16, &ctx);
+	if (data_len != 0)
+	{
+		hmac_md5_update(data, data_len, &ctx);
+	}
+	hmac_md5_final(digest, &ctx);
+}
+
diff --git a/source3/lib/iconv.c b/source3/lib/iconv.c
new file mode 100644
index 0000000000..43350d9349
--- /dev/null
+++ b/source3/lib/iconv.c
@@ -0,0 +1,581 @@
+/* 
+   Unix SMB/CIFS implementation.
+   minimal iconv implementation
+   Copyright (C) Andrew Tridgell 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+static size_t ascii_pull(void *,char **, size_t *, char **, size_t *);
+static size_t ascii_push(void *,char **, size_t *, char **, size_t *);
+static size_t  utf8_pull(void *,char **, size_t *, char **, size_t *);
+static size_t  utf8_push(void *,char **, size_t *, char **, size_t *);
+static size_t weird_pull(void *,char **, size_t *, char **, size_t *);
+static size_t weird_push(void *,char **, size_t *, char **, size_t *);
+static size_t ucs2hex_pull(void *,char **, size_t *, char **, size_t *);
+static size_t ucs2hex_push(void *,char **, size_t *, char **, size_t *);
+static size_t iconv_copy(void *,char **, size_t *, char **, size_t *);
+
+/*
+  for each charset we have a function that pulls from that charset to 
+  a ucs2 buffer, and a function that pushes to a ucs2 buffer 
+*/
+static struct {
+	char *name;
+	size_t (*pull)(void *, char **inbuf, size_t *inbytesleft,
+		       char **outbuf, size_t *outbytesleft);
+	size_t (*push)(void *, char **inbuf, size_t *inbytesleft,
+		       char **outbuf, size_t *outbytesleft);
+} charsets[] = {
+	{"UCS-2LE",  iconv_copy, iconv_copy},
+	{"UTF8",   utf8_pull,  utf8_push},
+	{"ASCII", ascii_pull, ascii_push},
+	{"WEIRD", weird_pull, weird_push},
+	{"UCS2-HEX", ucs2hex_pull, ucs2hex_push},
+	{NULL, NULL, NULL}
+};
+
+
+/* if there was an error then reset the internal state,
+   this ensures that we don't have a shift state remaining for
+   character sets like SJIS */
+static size_t sys_iconv(void *cd, 
+			char **inbuf, size_t *inbytesleft,
+			char **outbuf, size_t *outbytesleft)
+{
+#ifdef HAVE_NATIVE_ICONV
+	size_t ret = iconv((iconv_t)cd, 
+			   inbuf, inbytesleft, 
+			   outbuf, outbytesleft);
+	if (ret == (size_t)-1) iconv(cd, NULL, NULL, NULL, NULL);
+	return ret;
+#else
+	errno = EINVAL;
+	return -1;
+#endif
+}
+
+/*
+  this is a simple portable iconv() implementaion. It only knows about
+  a very small number of character sets - just enough that Samba works
+  on systems that don't have iconv
+ */
+size_t smb_iconv(smb_iconv_t cd, 
+		 const char **inbuf, size_t *inbytesleft,
+		 char **outbuf, size_t *outbytesleft)
+{
+	char cvtbuf[2048];
+	char *bufp = cvtbuf;
+	size_t bufsize;
+
+	/* in many cases we can go direct */
+	if (cd->direct) {
+		return cd->direct(cd->cd_direct, 
+				  (char **)inbuf, inbytesleft, outbuf, outbytesleft);
+	}
+
+
+	/* otherwise we have to do it chunks at a time */
+	while (*inbytesleft > 0) {
+		bufp = cvtbuf;
+		bufsize = sizeof(cvtbuf);
+		
+		if (cd->pull(cd->cd_pull, 
+			     (char **)inbuf, inbytesleft, &bufp, &bufsize) == -1
+		    && errno != E2BIG) return -1;
+
+		bufp = cvtbuf;
+		bufsize = sizeof(cvtbuf) - bufsize;
+
+		if (cd->push(cd->cd_push, 
+			     &bufp, &bufsize, 
+			     outbuf, outbytesleft) == -1) return -1;
+	}
+
+	return 0;
+}
+
+/*
+  simple iconv_open() wrapper
+ */
+smb_iconv_t smb_iconv_open(const char *tocode, const char *fromcode)
+{
+	smb_iconv_t ret;
+	int from, to;
+
+	ret = (smb_iconv_t)malloc(sizeof(*ret));
+	if (!ret) {
+		errno = ENOMEM;
+		return (smb_iconv_t)-1;
+	}
+	memset(ret, 0, sizeof(*ret));
+
+	ret->from_name = strdup(fromcode);
+	ret->to_name = strdup(tocode);
+
+	/* check for the simplest null conversion */
+	if (strcmp(fromcode, tocode) == 0) {
+		ret->direct = iconv_copy;
+		return ret;
+	}
+
+	for (from=0; charsets[from].name; from++) {
+		if (strcasecmp(charsets[from].name, fromcode) == 0) break;
+	}
+	for (to=0; charsets[to].name; to++) {
+		if (strcasecmp(charsets[to].name, tocode) == 0) break;
+	}
+
+#ifdef HAVE_NATIVE_ICONV
+	if (!charsets[from].name) {
+		ret->pull = sys_iconv;
+		ret->cd_pull = iconv_open("UCS-2LE", fromcode);
+		if (ret->cd_pull == (iconv_t)-1) goto failed;
+	}
+	if (!charsets[to].name) {
+		ret->push = sys_iconv;
+		ret->cd_push = iconv_open(tocode, "UCS-2LE");
+		if (ret->cd_push == (iconv_t)-1) goto failed;
+	}
+#else
+	if (!charsets[from].name || !charsets[to].name) {
+		goto failed;
+	}
+#endif
+
+	/* check for conversion to/from ucs2 */
+	if (from == 0 && charsets[to].name) {
+		ret->direct = charsets[to].push;
+		return ret;
+	}
+	if (to == 0 && charsets[from].name) {
+		ret->direct = charsets[from].pull;
+		return ret;
+	}
+
+#ifdef HAVE_NATIVE_ICONV
+	if (from == 0) {
+		ret->direct = sys_iconv;
+		ret->cd_direct = ret->cd_push;
+		ret->cd_push = NULL;
+		return ret;
+	}
+	if (to == 0) {
+		ret->direct = sys_iconv;
+		ret->cd_direct = ret->cd_pull;
+		ret->cd_pull = NULL;
+		return ret;
+	}
+#endif
+
+	/* the general case has to go via a buffer */
+	if (!ret->pull) ret->pull = charsets[from].pull;
+	if (!ret->push) ret->push = charsets[to].push;
+	return ret;
+
+failed:
+	SAFE_FREE(ret);
+	errno = EINVAL;
+	return (smb_iconv_t)-1;
+}
+
+/*
+  simple iconv_close() wrapper
+*/
+int smb_iconv_close (smb_iconv_t cd)
+{
+#ifdef HAVE_NATIVE_ICONV
+	if (cd->cd_direct) iconv_close((iconv_t)cd->cd_direct);
+	if (cd->cd_pull) iconv_close((iconv_t)cd->cd_pull);
+	if (cd->cd_push) iconv_close((iconv_t)cd->cd_push);
+#endif
+
+	SAFE_FREE(cd->from_name);
+	SAFE_FREE(cd->to_name);
+
+	memset(cd, 0, sizeof(*cd));
+	SAFE_FREE(cd);
+	return 0;
+}
+
+
+/**********************************************************************
+ the following functions implement the builtin character sets in Samba
+ and also the "test" character sets that are designed to test
+ multi-byte character set support for english users
+***********************************************************************/
+
+static size_t ascii_pull(void *cd, char **inbuf, size_t *inbytesleft,
+			 char **outbuf, size_t *outbytesleft)
+{
+	while (*inbytesleft >= 1 && *outbytesleft >= 2) {
+		(*outbuf)[0] = (*inbuf)[0];
+		(*outbuf)[1] = 0;
+		(*inbytesleft)  -= 1;
+		(*outbytesleft) -= 2;
+		(*inbuf)  += 1;
+		(*outbuf) += 2;
+	}
+
+	if (*inbytesleft > 0) {
+		errno = E2BIG;
+		return -1;
+	}
+	
+	return 0;
+}
+
+static size_t ascii_push(void *cd, char **inbuf, size_t *inbytesleft,
+			 char **outbuf, size_t *outbytesleft)
+{
+	int ir_count=0;
+
+	while (*inbytesleft >= 2 && *outbytesleft >= 1) {
+		(*outbuf)[0] = (*inbuf)[0] & 0x7F;
+		if ((*inbuf)[1]) ir_count++;
+		(*inbytesleft)  -= 2;
+		(*outbytesleft) -= 1;
+		(*inbuf)  += 2;
+		(*outbuf) += 1;
+	}
+
+	if (*inbytesleft == 1) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	if (*inbytesleft > 1) {
+		errno = E2BIG;
+		return -1;
+	}
+	
+	return ir_count;
+}
+
+
+static size_t ucs2hex_pull(void *cd, char **inbuf, size_t *inbytesleft,
+			 char **outbuf, size_t *outbytesleft)
+{
+	while (*inbytesleft >= 1 && *outbytesleft >= 2) {
+		unsigned v;
+
+		if ((*inbuf)[0] != '@') {
+			/* seven bit ascii case */
+			(*outbuf)[0] = (*inbuf)[0];
+			(*outbuf)[1] = 0;
+			(*inbytesleft)  -= 1;
+			(*outbytesleft) -= 2;
+			(*inbuf)  += 1;
+			(*outbuf) += 2;
+			continue;
+		}
+		/* it's a hex character */
+		if (*inbytesleft < 5) {
+			errno = EINVAL;
+			return -1;
+		}
+		
+		if (sscanf(&(*inbuf)[1], "%04x", &v) != 1) {
+			errno = EILSEQ;
+			return -1;
+		}
+
+		(*outbuf)[0] = v&0xff;
+		(*outbuf)[1] = v>>8;
+		(*inbytesleft)  -= 5;
+		(*outbytesleft) -= 2;
+		(*inbuf)  += 5;
+		(*outbuf) += 2;
+	}
+
+	if (*inbytesleft > 0) {
+		errno = E2BIG;
+		return -1;
+	}
+	
+	return 0;
+}
+
+static size_t ucs2hex_push(void *cd, char **inbuf, size_t *inbytesleft,
+			   char **outbuf, size_t *outbytesleft)
+{
+	while (*inbytesleft >= 2 && *outbytesleft >= 1) {
+		char buf[6];
+
+		if ((*inbuf)[1] == 0 && 
+		    ((*inbuf)[0] & 0x80) == 0 &&
+		    (*inbuf)[0] != '@') {
+			(*outbuf)[0] = (*inbuf)[0];
+			(*inbytesleft)  -= 2;
+			(*outbytesleft) -= 1;
+			(*inbuf)  += 2;
+			(*outbuf) += 1;
+			continue;
+		}
+		if (*outbytesleft < 5) {
+			errno = E2BIG;
+			return -1;
+		}
+		snprintf(buf, 6, "@%04x", SVAL(*inbuf, 0));
+		memcpy(*outbuf, buf, 5);
+		(*inbytesleft)  -= 2;
+		(*outbytesleft) -= 5;
+		(*inbuf)  += 2;
+		(*outbuf) += 5;
+	}
+
+	if (*inbytesleft == 1) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	if (*inbytesleft > 1) {
+		errno = E2BIG;
+		return -1;
+	}
+	
+	return 0;
+}
+
+
+/* the "weird" character set is very useful for testing multi-byte
+   support and finding bugs. Don't use on a production system! 
+*/
+static struct {
+	char from;
+	char *to;
+	int len;
+} weird_table[] = {
+	{'q', "^q^", 3},
+	{'Q', "^Q^", 3},
+	{0, NULL}
+};
+
+static size_t weird_pull(void *cd, char **inbuf, size_t *inbytesleft,
+			 char **outbuf, size_t *outbytesleft)
+{
+	while (*inbytesleft >= 1 && *outbytesleft >= 2) {
+		int i;
+		int done = 0;
+		for (i=0;weird_table[i].from;i++) {
+			if (strncmp((*inbuf), 
+				    weird_table[i].to, 
+				    weird_table[i].len) == 0) {
+				if (*inbytesleft < weird_table[i].len) {
+					DEBUG(0,("ERROR: truncated weird string\n"));
+					/* smb_panic("weird_pull"); */
+
+				} else {
+					(*outbuf)[0] = weird_table[i].from;
+					(*outbuf)[1] = 0;
+					(*inbytesleft)  -= weird_table[i].len;
+					(*outbytesleft) -= 2;
+					(*inbuf)  += weird_table[i].len;
+					(*outbuf) += 2;
+					done = 1;
+					break;
+				}
+			}
+		}
+		if (done) continue;
+		(*outbuf)[0] = (*inbuf)[0];
+		(*outbuf)[1] = 0;
+		(*inbytesleft)  -= 1;
+		(*outbytesleft) -= 2;
+		(*inbuf)  += 1;
+		(*outbuf) += 2;
+	}
+
+	if (*inbytesleft > 0) {
+		errno = E2BIG;
+		return -1;
+	}
+	
+	return 0;
+}
+
+static size_t weird_push(void *cd, char **inbuf, size_t *inbytesleft,
+			 char **outbuf, size_t *outbytesleft)
+{
+	int ir_count=0;
+
+	while (*inbytesleft >= 2 && *outbytesleft >= 1) {
+		int i;
+		int done=0;
+		for (i=0;weird_table[i].from;i++) {
+			if ((*inbuf)[0] == weird_table[i].from &&
+			    (*inbuf)[1] == 0) {
+				if (*outbytesleft < weird_table[i].len) {
+					DEBUG(0,("No room for weird character\n"));
+					/* smb_panic("weird_push"); */
+				} else {
+					memcpy(*outbuf, weird_table[i].to, 
+					       weird_table[i].len);
+					(*inbytesleft)  -= 2;
+					(*outbytesleft) -= weird_table[i].len;
+					(*inbuf)  += 2;
+					(*outbuf) += weird_table[i].len;
+					done = 1;
+					break;
+				}
+			}
+		}
+		if (done) continue;
+
+		(*outbuf)[0] = (*inbuf)[0];
+		if ((*inbuf)[1]) ir_count++;
+		(*inbytesleft)  -= 2;
+		(*outbytesleft) -= 1;
+		(*inbuf)  += 2;
+		(*outbuf) += 1;
+	}
+
+	if (*inbytesleft == 1) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	if (*inbytesleft > 1) {
+		errno = E2BIG;
+		return -1;
+	}
+	
+	return ir_count;
+}
+
+static size_t iconv_copy(void *cd, char **inbuf, size_t *inbytesleft,
+			 char **outbuf, size_t *outbytesleft)
+{
+	int n;
+
+	n = MIN(*inbytesleft, *outbytesleft);
+
+	memmove(*outbuf, *inbuf, n);
+
+	(*inbytesleft) -= n;
+	(*outbytesleft) -= n;
+	(*inbuf) += n;
+	(*outbuf) += n;
+
+	if (*inbytesleft > 0) {
+		errno = E2BIG;
+		return -1;
+	}
+
+	return 0;
+}
+
+static size_t utf8_pull(void *cd, char **inbuf, size_t *inbytesleft,
+			 char **outbuf, size_t *outbytesleft)
+{
+	while (*inbytesleft >= 1 && *outbytesleft >= 2) {
+		unsigned char *c = (unsigned char *)*inbuf;
+		unsigned char *uc = (unsigned char *)*outbuf;
+		int len = 1;
+
+		if ((c[0] & 0x80) == 0) {
+			uc[0] = c[0];
+			uc[1] = 0;
+		} else if ((c[0] & 0xf0) == 0xe0) {
+			if (*inbytesleft < 3) {
+				DEBUG(0,("short utf8 char\n"));
+				goto badseq;
+			}
+			uc[1] = ((c[0]&0xF)<<4) | ((c[1]>>2)&0xF);
+			uc[0] = (c[1]<<6) | (c[2]&0x3f);
+			len = 3;
+		} else if ((c[0] & 0xe0) == 0xc0) {
+			if (*inbytesleft < 2) {
+				DEBUG(0,("short utf8 char\n"));
+				goto badseq;
+			}
+			uc[1] = (c[0]>>2) & 0x7;
+			uc[0] = (c[0]<<6) | (c[1]&0x3f);
+			len = 2;
+		}
+
+		(*inbuf)  += len;
+		(*inbytesleft)  -= len;
+		(*outbytesleft) -= 2;
+		(*outbuf) += 2;
+	}
+
+	if (*inbytesleft > 0) {
+		errno = E2BIG;
+		return -1;
+	}
+	
+	return 0;
+
+badseq:
+	errno = EINVAL;
+	return -1;
+}
+
+static size_t utf8_push(void *cd, char **inbuf, size_t *inbytesleft,
+			 char **outbuf, size_t *outbytesleft)
+{
+	while (*inbytesleft >= 2 && *outbytesleft >= 1) {
+		unsigned char *c = (unsigned char *)*outbuf;
+		unsigned char *uc = (unsigned char *)*inbuf;
+		int len=1;
+
+		if (uc[1] & 0xf8) {
+			if (*outbytesleft < 3) {
+				DEBUG(0,("short utf8 write\n"));
+				goto toobig;
+			}
+			c[0] = 0xe0 | (uc[1]>>4);
+			c[1] = 0x80 | ((uc[1]&0xF)<<2) | (uc[0]>>6);
+			c[2] = 0x80 | (uc[0]&0x3f);
+			len = 3;
+		} else if (uc[1] | (uc[0] & 0x80)) {
+			if (*outbytesleft < 2) {
+				DEBUG(0,("short utf8 write\n"));
+				goto toobig;
+			}
+			c[0] = 0xc0 | (uc[1]<<2) | (uc[0]>>6);
+			c[1] = 0x80 | (uc[0]&0x3f);
+			len = 2;
+		} else {
+			c[0] = uc[0];
+		}
+
+
+		(*inbytesleft)  -= 2;
+		(*outbytesleft) -= len;
+		(*inbuf)  += 2;
+		(*outbuf) += len;
+	}
+
+	if (*inbytesleft == 1) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	if (*inbytesleft > 1) {
+		errno = E2BIG;
+		return -1;
+	}
+	
+	return 0;
+
+toobig:
+	errno = E2BIG;
+	return -1;
+}
+
diff --git a/source3/lib/interface.c b/source3/lib/interface.c
new file mode 100644
index 0000000000..d43001342e
--- /dev/null
+++ b/source3/lib/interface.c
@@ -0,0 +1,370 @@
+/* 
+   Unix SMB/CIFS implementation.
+   multiple interface handling
+   Copyright (C) Andrew Tridgell 1992-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+static struct iface_struct *probed_ifaces;
+static int total_probed;
+
+struct in_addr allones_ip;
+struct in_addr loopback_ip;
+
+static struct interface *local_interfaces;
+
+#define ALLONES  ((uint32)0xFFFFFFFF)
+#define MKBCADDR(_IP, _NM) ((_IP & _NM) | (_NM ^ ALLONES))
+#define MKNETADDR(_IP, _NM) (_IP & _NM)
+
+/****************************************************************************
+Try and find an interface that matches an ip. If we cannot, return NULL
+  **************************************************************************/
+static struct interface *iface_find(struct in_addr ip, BOOL CheckMask)
+{
+	struct interface *i;
+	if (is_zero_ip(ip)) return local_interfaces;
+
+	for (i=local_interfaces;i;i=i->next)
+		if (CheckMask) {
+			if (same_net(i->ip,ip,i->nmask)) return i;
+		} else if ((i->ip).s_addr == ip.s_addr) return i;
+
+	return NULL;
+}
+
+
+/****************************************************************************
+add an interface to the linked list of interfaces
+****************************************************************************/
+static void add_interface(struct in_addr ip, struct in_addr nmask)
+{
+	struct interface *iface;
+	if (iface_find(ip, False)) {
+		DEBUG(3,("not adding duplicate interface %s\n",inet_ntoa(ip)));
+		return;
+	}
+
+	if (ip_equal(nmask, allones_ip)) {
+		DEBUG(3,("not adding non-broadcast interface %s\n",inet_ntoa(ip)));
+		return;
+	}
+
+	iface = (struct interface *)malloc(sizeof(*iface));
+	if (!iface) return;
+	
+	ZERO_STRUCTPN(iface);
+
+	iface->ip = ip;
+	iface->nmask = nmask;
+	iface->bcast.s_addr = MKBCADDR(iface->ip.s_addr, iface->nmask.s_addr);
+
+	DLIST_ADD(local_interfaces, iface);
+
+	DEBUG(2,("added interface ip=%s ",inet_ntoa(iface->ip)));
+	DEBUG(2,("bcast=%s ",inet_ntoa(iface->bcast)));
+	DEBUG(2,("nmask=%s\n",inet_ntoa(iface->nmask)));	     
+}
+
+
+
+/****************************************************************************
+interpret a single element from a interfaces= config line 
+
+This handles the following different forms:
+
+1) wildcard interface name
+2) DNS name
+3) IP/masklen
+4) ip/mask
+5) bcast/mask
+****************************************************************************/
+static void interpret_interface(char *token)
+{
+	struct in_addr ip, nmask;
+	char *p;
+	int i, added=0;
+
+        zero_ip(&ip);
+        zero_ip(&nmask);
+	
+	/* first check if it is an interface name */
+	for (i=0;i<total_probed;i++) {
+		if (gen_fnmatch(token, probed_ifaces[i].name) == 0) {
+			add_interface(probed_ifaces[i].ip,
+				      probed_ifaces[i].netmask);
+			added = 1;
+		}
+	}
+	if (added) return;
+
+	/* maybe it is a DNS name */
+	p = strchr_m(token,'/');
+	if (!p) {
+		ip = *interpret_addr2(token);
+		for (i=0;i<total_probed;i++) {
+			if (ip.s_addr == probed_ifaces[i].ip.s_addr &&
+			    !ip_equal(allones_ip, probed_ifaces[i].netmask)) {
+				add_interface(probed_ifaces[i].ip,
+					      probed_ifaces[i].netmask);
+				return;
+			}
+		}
+		DEBUG(2,("can't determine netmask for %s\n", token));
+		return;
+	}
+
+	/* parse it into an IP address/netmasklength pair */
+	*p++ = 0;
+
+	ip = *interpret_addr2(token);
+
+	if (strlen(p) > 2) {
+		nmask = *interpret_addr2(p);
+	} else {
+		nmask.s_addr = htonl(((ALLONES >> atoi(p)) ^ ALLONES));
+	}
+
+	/* maybe the first component was a broadcast address */
+	if (ip.s_addr == MKBCADDR(ip.s_addr, nmask.s_addr) ||
+	    ip.s_addr == MKNETADDR(ip.s_addr, nmask.s_addr)) {
+		for (i=0;i<total_probed;i++) {
+			if (same_net(ip, probed_ifaces[i].ip, nmask)) {
+				add_interface(probed_ifaces[i].ip, nmask);
+				return;
+			}
+		}
+		DEBUG(2,("Can't determine ip for broadcast address %s\n", token));
+		return;
+	}
+
+	add_interface(ip, nmask);
+}
+
+
+/****************************************************************************
+load the list of network interfaces
+****************************************************************************/
+void load_interfaces(void)
+{
+	char **ptr;
+	int i;
+	struct iface_struct ifaces[MAX_INTERFACES];
+
+	ptr = lp_interfaces();
+
+	allones_ip = *interpret_addr2("255.255.255.255");
+	loopback_ip = *interpret_addr2("127.0.0.1");
+
+	SAFE_FREE(probed_ifaces);
+
+	/* dump the current interfaces if any */
+	while (local_interfaces) {
+		struct interface *iface = local_interfaces;
+		DLIST_REMOVE(local_interfaces, local_interfaces);
+		ZERO_STRUCTPN(iface);
+		SAFE_FREE(iface);
+	}
+
+	/* probe the kernel for interfaces */
+	total_probed = get_interfaces(ifaces, MAX_INTERFACES);
+
+	if (total_probed > 0) {
+		probed_ifaces = memdup(ifaces, sizeof(ifaces[0])*total_probed);
+	}
+
+	/* if we don't have a interfaces line then use all broadcast capable 
+	   interfaces except loopback */
+	if (!ptr || !*ptr || !**ptr) {
+		if (total_probed <= 0) {
+			DEBUG(0,("ERROR: Could not determine network interfaces, you must use a interfaces config line\n"));
+			exit(1);
+		}
+		for (i=0;i<total_probed;i++) {
+			if (probed_ifaces[i].netmask.s_addr != allones_ip.s_addr &&
+			    probed_ifaces[i].ip.s_addr != loopback_ip.s_addr) {
+				add_interface(probed_ifaces[i].ip, 
+					      probed_ifaces[i].netmask);
+			}
+		}
+		return;
+	}
+
+	if (ptr) {
+		while (*ptr) {
+			interpret_interface(*ptr);
+			ptr++;
+		}
+	}
+
+	if (!local_interfaces) {
+		DEBUG(0,("WARNING: no network interfaces found\n"));
+	}
+}
+
+
+/****************************************************************************
+return True if the list of probed interfaces has changed
+****************************************************************************/
+BOOL interfaces_changed(void)
+{
+	int n;
+	struct iface_struct ifaces[MAX_INTERFACES];
+
+	n = get_interfaces(ifaces, MAX_INTERFACES);
+
+	if ((n > 0 )&& (n != total_probed ||
+	    memcmp(ifaces, probed_ifaces, sizeof(ifaces[0])*n))) {
+		return True;
+	}
+	
+	return False;
+}
+
+
+/****************************************************************************
+  check if an IP is one of mine
+  **************************************************************************/
+BOOL ismyip(struct in_addr ip)
+{
+	struct interface *i;
+	for (i=local_interfaces;i;i=i->next)
+		if (ip_equal(i->ip,ip)) return True;
+	return False;
+}
+
+/****************************************************************************
+  check if a packet is from a local (known) net
+  **************************************************************************/
+BOOL is_local_net(struct in_addr from)
+{
+	struct interface *i;
+	for (i=local_interfaces;i;i=i->next) {
+		if((from.s_addr & i->nmask.s_addr) == 
+		   (i->ip.s_addr & i->nmask.s_addr))
+			return True;
+	}
+	return False;
+}
+
+/****************************************************************************
+  how many interfaces do we have
+  **************************************************************************/
+int iface_count(void)
+{
+	int ret = 0;
+	struct interface *i;
+
+	for (i=local_interfaces;i;i=i->next)
+		ret++;
+	return ret;
+}
+
+/****************************************************************************
+ True if we have two or more interfaces.
+  **************************************************************************/
+BOOL we_are_multihomed(void)
+{
+	static int multi = -1;
+
+	if(multi == -1)
+		multi = (iface_count() > 1 ? True : False);
+	
+	return multi;
+}
+
+/****************************************************************************
+  return the Nth interface
+  **************************************************************************/
+struct interface *get_interface(int n)
+{ 
+	struct interface *i;
+  
+	for (i=local_interfaces;i && n;i=i->next)
+		n--;
+
+	if (i) return i;
+	return NULL;
+}
+
+/****************************************************************************
+  return IP of the Nth interface
+  **************************************************************************/
+struct in_addr *iface_n_ip(int n)
+{
+	struct interface *i;
+  
+	for (i=local_interfaces;i && n;i=i->next)
+		n--;
+
+	if (i) return &i->ip;
+	return NULL;
+}
+
+/****************************************************************************
+  return bcast of the Nth interface
+  **************************************************************************/
+struct in_addr *iface_n_bcast(int n)
+{
+	struct interface *i;
+  
+	for (i=local_interfaces;i && n;i=i->next)
+		n--;
+
+	if (i) return &i->bcast;
+	return NULL;
+}
+
+
+/****************************************************************************
+this function provides a simple hash of the configured interfaces. It is
+used to detect a change in interfaces to tell us whether to discard
+the current wins.dat file.
+Note that the result is independent of the order of the interfaces
+  **************************************************************************/
+unsigned iface_hash(void)
+{
+	unsigned ret = 0;
+	struct interface *i;
+
+	for (i=local_interfaces;i;i=i->next) {
+		unsigned x1 = (unsigned)str_checksum(inet_ntoa(i->ip));
+		unsigned x2 = (unsigned)str_checksum(inet_ntoa(i->nmask));
+		ret ^= (x1 ^ x2);
+	}
+
+	return ret;
+}
+
+
+/* these 3 functions return the ip/bcast/nmask for the interface
+   most appropriate for the given ip address. If they can't find
+   an appropriate interface they return the requested field of the
+   first known interface. */
+
+struct in_addr *iface_bcast(struct in_addr ip)
+{
+	struct interface *i = iface_find(ip, True);
+	return(i ? &i->bcast : &local_interfaces->bcast);
+}
+
+struct in_addr *iface_ip(struct in_addr ip)
+{
+	struct interface *i = iface_find(ip, True);
+	return(i ? &i->ip : &local_interfaces->ip);
+}
diff --git a/source3/lib/interfaces.c b/source3/lib/interfaces.c
new file mode 100644
index 0000000000..7b8ef0d0c1
--- /dev/null
+++ b/source3/lib/interfaces.c
@@ -0,0 +1,401 @@
+/* 
+   Unix SMB/CIFS implementation.
+   return a list of network interfaces
+   Copyright (C) Andrew Tridgell 1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+
+/* working out the interfaces for a OS is an incredibly non-portable
+   thing. We have several possible implementations below, and autoconf
+   tries each of them to see what works
+
+   Note that this file does _not_ include includes.h. That is so this code
+   can be called directly from the autoconf tests. That also means
+   this code cannot use any of the normal Samba debug stuff or defines.
+   This is standalone code.
+
+*/
+
+#include <unistd.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+#include <sys/ioctl.h>
+#include <sys/time.h>
+#include <net/if.h>
+
+#ifndef SIOCGIFCONF
+#include <sys/sockio.h>
+#endif
+
+#ifdef AUTOCONF_TEST
+struct iface_struct {
+	char name[16];
+	struct in_addr ip;
+	struct in_addr netmask;
+};
+#else
+#include "config.h"
+#include "interfaces.h"
+#endif
+
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+
+#ifdef HAVE_STRING_H
+#include <string.h>
+#endif
+
+#ifdef HAVE_STRINGS_H
+#include <strings.h>
+#endif
+
+#ifdef __COMPAR_FN_T
+#define QSORT_CAST (__compar_fn_t)
+#endif
+
+#ifndef QSORT_CAST
+#define QSORT_CAST (int (*)(const void *, const void *))
+#endif
+
+#if HAVE_IFACE_IFCONF
+
+/* this works for Linux 2.2, Solaris 2.5, SunOS4, HPUX 10.20, OSF1
+   V4.0, Ultrix 4.4, SCO Unix 3.2, IRIX 6.4 and FreeBSD 3.2.
+
+   It probably also works on any BSD style system.  */
+
+/****************************************************************************
+  get the netmask address for a local interface
+****************************************************************************/
+static int _get_interfaces(struct iface_struct *ifaces, int max_interfaces)
+{  
+	struct ifconf ifc;
+	char buff[8192];
+	int fd, i, n;
+	struct ifreq *ifr=NULL;
+	int total = 0;
+	struct in_addr ipaddr;
+	struct in_addr nmask;
+	char *iname;
+
+	if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) == -1) {
+		return -1;
+	}
+  
+	ifc.ifc_len = sizeof(buff);
+	ifc.ifc_buf = buff;
+
+	if (ioctl(fd, SIOCGIFCONF, &ifc) != 0) {
+		close(fd);
+		return -1;
+	} 
+
+	ifr = ifc.ifc_req;
+  
+	n = ifc.ifc_len / sizeof(struct ifreq);
+
+	/* Loop through interfaces, looking for given IP address */
+	for (i=n-1;i>=0 && total < max_interfaces;i--) {
+		if (ioctl(fd, SIOCGIFADDR, &ifr[i]) != 0) {
+			continue;
+		}
+
+		iname = ifr[i].ifr_name;
+		ipaddr = (*(struct sockaddr_in *)&ifr[i].ifr_addr).sin_addr;
+
+		if (ioctl(fd, SIOCGIFFLAGS, &ifr[i]) != 0) {
+			continue;
+		}  
+
+		if (!(ifr[i].ifr_flags & IFF_UP)) {
+			continue;
+		}
+
+		if (ioctl(fd, SIOCGIFNETMASK, &ifr[i]) != 0) {
+			continue;
+		}  
+
+		nmask = ((struct sockaddr_in *)&ifr[i].ifr_addr)->sin_addr;
+
+		strncpy(ifaces[total].name, iname, sizeof(ifaces[total].name)-1);
+		ifaces[total].name[sizeof(ifaces[total].name)-1] = 0;
+		ifaces[total].ip = ipaddr;
+		ifaces[total].netmask = nmask;
+		total++;
+	}
+
+	close(fd);
+
+	return total;
+}  
+
+#elif HAVE_IFACE_IFREQ
+
+#ifndef I_STR
+#include <sys/stropts.h>
+#endif
+
+/****************************************************************************
+this should cover most of the streams based systems
+Thanks to Andrej.Borsenkow@mow.siemens.ru for several ideas in this code
+****************************************************************************/
+static int _get_interfaces(struct iface_struct *ifaces, int max_interfaces)
+{
+	struct ifreq ifreq;
+	struct strioctl strioctl;
+	char buff[8192];
+	int fd, i, n;
+	struct ifreq *ifr=NULL;
+	int total = 0;
+	struct in_addr ipaddr;
+	struct in_addr nmask;
+	char *iname;
+
+	if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) == -1) {
+		return -1;
+	}
+  
+	strioctl.ic_cmd = SIOCGIFCONF;
+	strioctl.ic_dp  = buff;
+	strioctl.ic_len = sizeof(buff);
+	if (ioctl(fd, I_STR, &strioctl) < 0) {
+		close(fd);
+		return -1;
+	} 
+
+	/* we can ignore the possible sizeof(int) here as the resulting
+	   number of interface structures won't change */
+	n = strioctl.ic_len / sizeof(struct ifreq);
+
+	/* we will assume that the kernel returns the length as an int
+           at the start of the buffer if the offered size is a
+           multiple of the structure size plus an int */
+	if (n*sizeof(struct ifreq) + sizeof(int) == strioctl.ic_len) {
+		ifr = (struct ifreq *)(buff + sizeof(int));  
+	} else {
+		ifr = (struct ifreq *)buff;  
+	}
+
+	/* Loop through interfaces */
+
+	for (i = 0; i<n && total < max_interfaces; i++) {
+		ifreq = ifr[i];
+  
+		strioctl.ic_cmd = SIOCGIFFLAGS;
+		strioctl.ic_dp  = (char *)&ifreq;
+		strioctl.ic_len = sizeof(struct ifreq);
+		if (ioctl(fd, I_STR, &strioctl) != 0) {
+			continue;
+		}
+		
+		if (!(ifreq.ifr_flags & IFF_UP)) {
+			continue;
+		}
+
+		strioctl.ic_cmd = SIOCGIFADDR;
+		strioctl.ic_dp  = (char *)&ifreq;
+		strioctl.ic_len = sizeof(struct ifreq);
+		if (ioctl(fd, I_STR, &strioctl) != 0) {
+			continue;
+		}
+
+		ipaddr = (*(struct sockaddr_in *) &ifreq.ifr_addr).sin_addr;
+		iname = ifreq.ifr_name;
+
+		strioctl.ic_cmd = SIOCGIFNETMASK;
+		strioctl.ic_dp  = (char *)&ifreq;
+		strioctl.ic_len = sizeof(struct ifreq);
+		if (ioctl(fd, I_STR, &strioctl) != 0) {
+			continue;
+		}
+
+		nmask = ((struct sockaddr_in *)&ifreq.ifr_addr)->sin_addr;
+
+		strncpy(ifaces[total].name, iname, sizeof(ifaces[total].name)-1);
+		ifaces[total].name[sizeof(ifaces[total].name)-1] = 0;
+		ifaces[total].ip = ipaddr;
+		ifaces[total].netmask = nmask;
+
+		total++;
+	}
+
+	close(fd);
+
+	return total;
+}
+
+#elif HAVE_IFACE_AIX
+
+/****************************************************************************
+this one is for AIX (tested on 4.2)
+****************************************************************************/
+static int _get_interfaces(struct iface_struct *ifaces, int max_interfaces)
+{
+	char buff[8192];
+	int fd, i;
+	struct ifconf ifc;
+	struct ifreq *ifr=NULL;
+	struct in_addr ipaddr;
+	struct in_addr nmask;
+	char *iname;
+	int total = 0;
+
+	if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) == -1) {
+		return -1;
+	}
+
+
+	ifc.ifc_len = sizeof(buff);
+	ifc.ifc_buf = buff;
+
+	if (ioctl(fd, SIOCGIFCONF, &ifc) != 0) {
+		close(fd);
+		return -1;
+	}
+
+	ifr = ifc.ifc_req;
+
+	/* Loop through interfaces */
+	i = ifc.ifc_len;
+
+	while (i > 0 && total < max_interfaces) {
+		unsigned inc;
+
+		inc = ifr->ifr_addr.sa_len;
+
+		if (ioctl(fd, SIOCGIFADDR, ifr) != 0) {
+			goto next;
+		}
+
+		ipaddr = (*(struct sockaddr_in *) &ifr->ifr_addr).sin_addr;
+		iname = ifr->ifr_name;
+
+		if (ioctl(fd, SIOCGIFFLAGS, ifr) != 0) {
+			goto next;
+		}
+
+		if (!(ifr->ifr_flags & IFF_UP)) {
+			goto next;
+		}
+
+		if (ioctl(fd, SIOCGIFNETMASK, ifr) != 0) {
+			goto next;
+		}
+
+		nmask = ((struct sockaddr_in *)&ifr->ifr_addr)->sin_addr;
+
+		strncpy(ifaces[total].name, iname, sizeof(ifaces[total].name)-1);
+		ifaces[total].name[sizeof(ifaces[total].name)-1] = 0;
+		ifaces[total].ip = ipaddr;
+		ifaces[total].netmask = nmask;
+
+		total++;
+
+	next:
+		/*
+		 * Patch from Archie Cobbs (archie@whistle.com).  The
+		 * addresses in the SIOCGIFCONF interface list have a
+		 * minimum size. Usually this doesn't matter, but if
+		 * your machine has tunnel interfaces, etc. that have
+		 * a zero length "link address", this does matter.  */
+
+		if (inc < sizeof(ifr->ifr_addr))
+			inc = sizeof(ifr->ifr_addr);
+		inc += IFNAMSIZ;
+
+		ifr = (struct ifreq*) (((char*) ifr) + inc);
+		i -= inc;
+	}
+  
+
+	close(fd);
+	return total;
+}
+
+#else /* a dummy version */
+static int _get_interfaces(struct iface_struct *ifaces, int max_interfaces)
+{
+	return -1;
+}
+#endif
+
+
+static int iface_comp(struct iface_struct *i1, struct iface_struct *i2)
+{
+	int r;
+	r = strcmp(i1->name, i2->name);
+	if (r) return r;
+	r = ntohl(i1->ip.s_addr) - ntohl(i2->ip.s_addr);
+	if (r) return r;
+	r = ntohl(i1->netmask.s_addr) - ntohl(i2->netmask.s_addr);
+	return r;
+}
+
+/* this wrapper is used to remove duplicates from the interface list generated
+   above */
+int get_interfaces(struct iface_struct *ifaces, int max_interfaces)
+{
+	int total, i, j;
+
+	total = _get_interfaces(ifaces, max_interfaces);
+	if (total <= 0) return total;
+
+	/* now we need to remove duplicates */
+	qsort(ifaces, total, sizeof(ifaces[0]), QSORT_CAST iface_comp);
+
+	for (i=1;i<total;) {
+		if (iface_comp(&ifaces[i-1], &ifaces[i]) == 0) {
+			for (j=i-1;j<total-1;j++) {
+				ifaces[j] = ifaces[j+1];
+			}
+			total--;
+		} else {
+			i++;
+		}
+	}
+
+	return total;
+}
+
+
+#ifdef AUTOCONF_TEST
+/* this is the autoconf driver to test get_interfaces() */
+
+#define MAX_INTERFACES 128
+
+ int main()
+{
+	struct iface_struct ifaces[MAX_INTERFACES];
+	int total = get_interfaces(ifaces, MAX_INTERFACES);
+	int i;
+
+	printf("got %d interfaces:\n", total);
+	if (total <= 0) exit(1);
+
+	for (i=0;i<total;i++) {
+		printf("%-10s ", ifaces[i].name);
+		printf("IP=%s ", inet_ntoa(ifaces[i].ip));
+		printf("NETMASK=%s\n", inet_ntoa(ifaces[i].netmask));
+	}
+	return 0;
+}
+#endif
diff --git a/source3/lib/kanji.c b/source3/lib/kanji.c
deleted file mode 100644
index 0af476eb15..0000000000
--- a/source3/lib/kanji.c
+++ /dev/null
@@ -1,895 +0,0 @@
-/* 
-   Unix SMB/Netbios implementation.
-   Version 1.9.
-   Kanji Extensions
-   Copyright (C) Andrew Tridgell 1992-1994
-   
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2 of the License, or
-   (at your option) any later version.
-   
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-   
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-
-   Adding for Japanese language by <fujita@ainix.isac.co.jp> 1994.9.5
-     and extend coding system to EUC/SJIS/JIS/HEX at 1994.10.11
-     and add all jis codes sequence type at 1995.8.16
-     Notes: Hexadecimal code by <ohki@gssm.otuka.tsukuba.ac.jp>
-*/
-#ifdef KANJI
-
-#define _KANJI_C_
-#include "includes.h"
-
-/* coding system keep in */
-int coding_system = SJIS_CODE;
-
-/* jis si/so sequence */
-char jis_kso = JIS_KSO;
-char jis_ksi = JIS_KSI;
-char hex_tag = HEXTAG;
-
-/*******************************************************************
-  SHIFT JIS functions
-********************************************************************/
-/*******************************************************************
- search token from S1 separated any char of S2
- S1 contain SHIFT JIS chars.
-********************************************************************/
-char *
-sj_strtok (char *s1, const char *s2)
-{
-    static char *s = NULL;
-    char *q;
-    if (!s1) {
-	if (!s) {
-	    return NULL;
-	}
-	s1 = s;
-    }
-    for (q = s1; *s1; ) {
-	if (is_shift_jis (*s1)) {
-	    s1 += 2;
-	} else if (is_kana (*s1)) {
-	    s1++;
-	} else {
-	    char *p = strchr (s2, *s1);
-	    if (p) {
-		if (s1 != q) {
-		    s = s1 + 1;
-		    *s1 = '\0';
-		    return q;
-		}
-		q = s1 + 1;
-	    }
-	    s1++;
-	}
-    }
-    s = NULL;
-    if (*q) {
-	return q;
-    }
-    return NULL;
-}
-
-/*******************************************************************
- search string S2 from S1
- S1 contain SHIFT JIS chars.
-********************************************************************/
-char *
-sj_strstr (const char *s1, const char *s2)
-{
-    register int len = strlen ((char *) s2);
-    if (!*s2) 
-	return (char *) s1;
-    for (;*s1;) {
-	if (*s1 == *s2) {
-	    if (strncmp (s1, s2, len) == 0)
-		return (char *) s1;
-	}
-	if (is_shift_jis (*s1)) {
-	    s1 += 2;
-	} else {
-	    s1++;
-	}
-    }
-    return 0;
-}
-
-/*******************************************************************
- Search char C from beginning of S.
- S contain SHIFT JIS chars.
-********************************************************************/
-char *
-sj_strchr (const char *s, int c)
-{
-    for (; *s; ) {
-	if (*s == c)
-	    return (char *) s;
-	if (is_shift_jis (*s)) {
-	    s += 2;
-	} else {
-	    s++;
-	}
-    }
-    return 0;
-}
-
-/*******************************************************************
- Search char C end of S.
- S contain SHIFT JIS chars.
-********************************************************************/
-char *
-sj_strrchr (const char *s, int c)
-{
-    register char *q;
-
-    for (q = 0; *s; ) {
-	if (*s == c) {
-	    q = (char *) s;
-	}
-	if (is_shift_jis (*s)) {
-	    s += 2;
-	} else {
-	    s++;
-	}
-    }
-    return q;
-}
-
-/*******************************************************************
-  Code conversion
-********************************************************************/
-/* convesion buffer */
-static char cvtbuf[1024];
-
-/*******************************************************************
-  EUC <-> SJIS
-********************************************************************/
-static int
-euc2sjis (register int hi, register int lo)
-{
-    if (hi & 1)
-	return ((hi / 2 + (hi < 0xdf ? 0x31 : 0x71)) << 8) |
-	    (lo - (lo >= 0xe0 ? 0x60 : 0x61));
-    else
-	return ((hi / 2 + (hi < 0xdf ? 0x30 : 0x70)) << 8) | (lo - 2);
-}
-
-static int
-sjis2euc (register int hi, register int lo)
-{
-    if (lo >= 0x9f)
-	return ((hi * 2 - (hi >= 0xe0 ? 0xe0 : 0x60)) << 8) | (lo + 2);
-    else
-	return ((hi * 2 - (hi >= 0xe0 ? 0xe1 : 0x61)) << 8) |
-	    (lo + (lo >= 0x7f ? 0x60 : 0x61));
-}
-
-/*******************************************************************
- Convert FROM contain SHIFT JIS codes to EUC codes
- return converted buffer
-********************************************************************/
-static char *
-sj_to_euc (const char *from, BOOL overwrite)
-{
-    register char *out;
-    char *save;
-
-    save = (char *) from;
-    for (out = cvtbuf; *from;) {
-	if (is_shift_jis (*from)) {
-	    int code = sjis2euc ((int) from[0] & 0xff, (int) from[1] & 0xff);
-	    *out++ = (code >> 8) & 0xff;
-	    *out++ = code;
-	    from += 2;
-	} else if (is_kana (*from)) {
-	    *out++ = euc_kana;
-	    *out++ = *from++;
-	} else {
-	    *out++ = *from++;
-	}
-    }
-    *out = 0;
-    if (overwrite) {
-	strcpy((char *) save, (char *) cvtbuf);
-	return (char *) save;
-    } else {
-	return cvtbuf;
-    }
-}
-
-/*******************************************************************
- Convert FROM contain EUC codes to SHIFT JIS codes
- return converted buffer
-********************************************************************/
-static char *
-euc_to_sj (const char *from, BOOL overwrite)
-{
-    register char *out;
-    char *save;
-
-    save = (char *) from;
-    for (out = cvtbuf; *from; ) {
-	if (is_euc (*from)) {
-	    int code = euc2sjis ((int) from[0] & 0xff, (int) from[1] & 0xff);
-	    *out++ = (code >> 8) & 0xff;
-	    *out++ = code;
-	    from += 2;
-	} else if (is_euc_kana (*from)) {
-	    *out++ = from[1];
-	    from += 2;
-	} else {
-	    *out++ = *from++;
-	}
-    }
-    *out = 0;
-    if (overwrite) {
-	strcpy(save, (char *) cvtbuf);
-	return save;
-    } else {
-	return cvtbuf;
-    }
-}
-
-/*******************************************************************
-  JIS7,JIS8,JUNET <-> SJIS
-********************************************************************/
-static int
-sjis2jis (register int hi, register int lo)
-{
-    if (lo >= 0x9f)
-	return ((hi * 2 - (hi >= 0xe0 ? 0x160 : 0xe0)) << 8) | (lo - 0x7e);
-    else
-	return ((hi * 2 - (hi >= 0xe0 ? 0x161 : 0xe1)) << 8) |
-	    (lo - (lo >= 0x7f ? 0x20 : 0x1f));
-}
-
-static int
-jis2sjis (register int hi, register int lo)
-{
-    if (hi & 1)
-	return ((hi / 2 + (hi < 0x5f ? 0x71 : 0xb1)) << 8) |
-	    (lo + (lo >= 0x60 ? 0x20 : 0x1f));
-    else
-	return ((hi / 2 + (hi < 0x5f ? 0x70 : 0xb0)) << 8) | (lo + 0x7e);
-}
-
-/*******************************************************************
- Convert FROM contain JIS codes to SHIFT JIS codes
- return converted buffer
-********************************************************************/
-static char *
-jis8_to_sj (const char *from, BOOL overwrite)
-{
-    register char *out;
-    register int shifted;
-    char *save;
-
-    shifted = _KJ_ROMAN;
-    save = (char *) from;
-    for (out = cvtbuf; *from;) {
-	if (is_esc (*from)) {
-	    if (is_so1 (from[1]) && is_so2 (from[2])) {
-		shifted = _KJ_KANJI;
-		from += 3;
-	    } else if (is_si1 (from[1]) && is_si2 (from[2])) {
-		shifted = _KJ_ROMAN;
-		from += 3;
-	    } else {			/* sequence error */
-		goto normal;
-	    }
-	} else {
-	normal:
-	    switch (shifted) {
-	    default:
-	    case _KJ_ROMAN:
-		*out++ = *from++;
-		break;
-	    case _KJ_KANJI:
-		{
-		    int code = jis2sjis ((int) from[0] & 0xff, (int) from[1] & 0xff);
-		    *out++ = (code >> 8) & 0xff;
-		    *out++ = code;
-		    from += 2;
-		}
-		break;
-	    }
-	}
-    }
-    *out = 0;
-    if (overwrite) {
-	strcpy (save, (char *) cvtbuf);
-	return save;
-    } else {
-	return cvtbuf;
-    }
-}
-
-/*******************************************************************
- Convert FROM contain SHIFT JIS codes to JIS codes
- return converted buffer
-********************************************************************/
-static char *
-sj_to_jis8 (const char *from, BOOL overwrite)
-{
-    register char *out;
-    register int shifted;
-    char *save;
-
-    shifted = _KJ_ROMAN;
-    save = (char *) from;
-    for (out = cvtbuf; *from; ) {
-	if (is_shift_jis (*from)) {
-	    int code;
-	    switch (shifted) {
-	    case _KJ_ROMAN:		/* to KANJI */
-		*out++ = jis_esc;
-		*out++ = jis_so1;
-		*out++ = jis_kso;
-		shifted = _KJ_KANJI;
-		break;
-	    }
-	    code = sjis2jis ((int) from[0] & 0xff, (int) from[1] & 0xff);
-	    *out++ = (code >> 8) & 0xff;
-	    *out++ = code;
-	    from += 2;
-	} else {
-	    switch (shifted) {
-	    case _KJ_KANJI:		/* to ROMAN/KANA */
-		*out++ = jis_esc;
-		*out++ = jis_si1;
-		*out++ = jis_ksi;
-		shifted = _KJ_ROMAN;
-		break;
-	    }
-	    *out++ = *from++;
-	}
-    }
-    switch (shifted) {
-    case _KJ_KANJI:			/* to ROMAN/KANA */
-	*out++ = jis_esc;
-	*out++ = jis_si1;
-	*out++ = jis_ksi;
-	shifted = _KJ_ROMAN;
-	break;
-    }
-    *out = 0;
-    if (overwrite) {
-	strcpy (save, (char *) cvtbuf);
-	return save;
-    } else {
-	return cvtbuf;
-    }
-}
-
-/*******************************************************************
- Convert FROM contain 7 bits JIS codes to SHIFT JIS codes
- return converted buffer
-********************************************************************/
-static char *
-jis7_to_sj (const char *from, BOOL overwrite)
-{
-    register char *out;
-    register int shifted;
-    char *save;
-
-    shifted = _KJ_ROMAN;
-    save = (char *) from;
-    for (out = cvtbuf; *from;) {
-	if (is_esc (*from)) {
-	    if (is_so1 (from[1]) && is_so2 (from[2])) {
-		shifted = _KJ_KANJI;
-		from += 3;
-	    } else if (is_si1 (from[1]) && is_si2 (from[2])) {
-		shifted = _KJ_ROMAN;
-		from += 3;
-	    } else {			/* sequence error */
-		goto normal;
-	    }
-	} else if (is_so (*from)) {
-	    shifted = _KJ_KANA;		/* to KANA */
-	    from++;
-	} else if (is_si (*from)) {
-	    shifted = _KJ_ROMAN;	/* to ROMAN */
-	    from++;
-	} else {
-	normal:
-	    switch (shifted) {
-	    default:
-	    case _KJ_ROMAN:
-		*out++ = *from++;
-		break;
-	    case _KJ_KANJI:
-		{
-		    int code = jis2sjis ((int) from[0] & 0xff, (int) from[1] & 0xff);
-		    *out++ = (code >> 8) & 0xff;
-		    *out++ = code;
-		    from += 2;
-		}
-		break;
-	    case _KJ_KANA:
-		*out++ = ((int) from[0]) + 0x80;
-		break;
-	    }
-	}
-    }
-    *out = 0;
-    if (overwrite) {
-	strcpy (save, (char *) cvtbuf);
-	return save;
-    } else {
-	return cvtbuf;
-    }
-}
-
-/*******************************************************************
- Convert FROM contain SHIFT JIS codes to 7 bits JIS codes
- return converted buffer
-********************************************************************/
-static char *
-sj_to_jis7 (const char *from, BOOL overwrite)
-{
-    register char *out;
-    register int shifted;
-    char *save;
-
-    shifted = _KJ_ROMAN;
-    save = (char *) from;
-    for (out = cvtbuf; *from; ) {
-	if (is_shift_jis (*from)) {
-	    int code;
-	    switch (shifted) {
-	    case _KJ_KANA:
-		*out++ = jis_si;	/* to ROMAN and through down */
-	    case _KJ_ROMAN:		/* to KANJI */
-		*out++ = jis_esc;
-		*out++ = jis_so1;
-		*out++ = jis_kso;
-		shifted = _KJ_KANJI;
-		break;
-	    }
-	    code = sjis2jis ((int) from[0] & 0xff, (int) from[1] & 0xff);
-	    *out++ = (code >> 8) & 0xff;
-	    *out++ = code;
-	    from += 2;
-	} else if (is_kana (from[0])) {
-	    switch (shifted) {
-	    case _KJ_KANJI:		/* to ROMAN */
-		*out++ = jis_esc;
-		*out++ = jis_si1;
-		*out++ = jis_ksi;
-	    case _KJ_ROMAN:		/* to KANA */
-		*out++ = jis_so;
-		shifted = _KJ_KANA;
-		break;
-	    }
-	    *out++ = ((int) *from++) - 0x80;
-	} else {
-	    switch (shifted) {
-	    case _KJ_KANA:
-		*out++ = jis_si;	/* to ROMAN */
-		shifted = _KJ_ROMAN;
-		break;
-	    case _KJ_KANJI:		/* to ROMAN */
-		*out++ = jis_esc;
-		*out++ = jis_si1;
-		*out++ = jis_ksi;
-		shifted = _KJ_ROMAN;
-		break;
-	    }
-	    *out++ = *from++;
-	}
-    }
-    switch (shifted) {
-    case _KJ_KANA:
-	*out++ = jis_si;		/* to ROMAN */
-	break;
-    case _KJ_KANJI:			/* to ROMAN */
-	*out++ = jis_esc;
-	*out++ = jis_si1;
-	*out++ = jis_ksi;
-	break;
-    }
-    *out = 0;
-    if (overwrite) {
-	strcpy (save, (char *) cvtbuf);
-	return save;
-    } else {
-	return cvtbuf;
-    }
-}
-
-/*******************************************************************
- Convert FROM contain 7 bits JIS(junet) codes to SHIFT JIS codes
- return converted buffer
-********************************************************************/
-static char *
-junet_to_sj (const char *from, BOOL overwrite)
-{
-    register char *out;
-    register int shifted;
-    char *save;
-
-    shifted = _KJ_ROMAN;
-    save = (char *) from;
-    for (out = cvtbuf; *from;) {
-	if (is_esc (*from)) {
-	    if (is_so1 (from[1]) && is_so2 (from[2])) {
-		shifted = _KJ_KANJI;
-		from += 3;
-	    } else if (is_si1 (from[1]) && is_si2 (from[2])) {
-		shifted = _KJ_ROMAN;
-		from += 3;
-	    } else if (is_juk1(from[1]) && is_juk2 (from[2])) {
-		shifted = _KJ_KANA;
-		from += 3;
-	    } else {			/* sequence error */
-		goto normal;
-	    }
-	} else {
-	normal:
-	    switch (shifted) {
-	    default:
-	    case _KJ_ROMAN:
-		*out++ = *from++;
-		break;
-	    case _KJ_KANJI:
-		{
-		    int code = jis2sjis ((int) from[0] & 0xff, (int) from[1] & 0xff);
-		    *out++ = (code >> 8) & 0xff;
-		    *out++ = code;
-		    from += 2;
-		}
-		break;
-	    case _KJ_KANA:
-		*out++ = ((int) from[0]) + 0x80;
-		break;
-	    }
-	}
-    }
-    *out = 0;
-    if (overwrite) {
-	strcpy (save, (char *) cvtbuf);
-	return save;
-    } else {
-	return cvtbuf;
-    }
-}
-
-/*******************************************************************
- Convert FROM contain SHIFT JIS codes to 7 bits JIS(junet) codes
- return converted buffer
-********************************************************************/
-static char *
-sj_to_junet (const char *from, BOOL overwrite)
-{
-    register char *out;
-    register int shifted;
-    char *save;
-
-    shifted = _KJ_ROMAN;
-    save = (char *) from;
-    for (out = cvtbuf; *from; ) {
-	if (is_shift_jis (*from)) {
-	    int code;
-	    switch (shifted) {
-	    case _KJ_KANA:
-	    case _KJ_ROMAN:		/* to KANJI */
-		*out++ = jis_esc;
-		*out++ = jis_so1;
-		*out++ = jis_so2;
-		shifted = _KJ_KANJI;
-		break;
-	    }
-	    code = sjis2jis ((int) from[0] & 0xff, (int) from[1] & 0xff);
-	    *out++ = (code >> 8) & 0xff;
-	    *out++ = code;
-	    from += 2;
-	} else if (is_kana (from[0])) {
-	    switch (shifted) {
-	    case _KJ_KANJI:		/* to ROMAN */
-	    case _KJ_ROMAN:		/* to KANA */
-		*out++ = jis_esc;
-		*out++ = junet_kana1;
-		*out++ = junet_kana2;
-		shifted = _KJ_KANA;
-		break;
-	    }
-	    *out++ = ((int) *from++) - 0x80;
-	} else {
-	    switch (shifted) {
-	    case _KJ_KANA:
-	    case _KJ_KANJI:		/* to ROMAN */
-		*out++ = jis_esc;
-		*out++ = jis_si1;
-		*out++ = jis_si2;
-		shifted = _KJ_ROMAN;
-		break;
-	    }
-	    *out++ = *from++;
-	}
-    }
-    switch (shifted) {
-    case _KJ_KANA:
-    case _KJ_KANJI:			/* to ROMAN */
-	*out++ = jis_esc;
-	*out++ = jis_si1;
-	*out++ = jis_si2;
-	break;
-    }
-    *out = 0;
-    if (overwrite) {
-	strcpy (save, (char *) cvtbuf);
-	return save;
-    } else {
-	return cvtbuf;
-    }
-}
-
-/*******************************************************************
-  HEX <-> SJIS
-********************************************************************/
-/* ":xx" -> a byte */
-static char *
-hex_to_sj (const char *from, BOOL overwrite)
-{
-    char *sp, *dp;
-    
-    sp = (char *) from;
-    dp = cvtbuf;
-    while (*sp) {
-	if (*sp == hex_tag && isxdigit (sp[1]) && isxdigit (sp[2])) {
-	    *dp++ = (hex2bin (sp[1])<<4) | (hex2bin (sp[2]));
-	    sp += 3;
-	} else
-	    *dp++ = *sp++;
-    }
-    *dp = '\0';
-    if (overwrite) {
-	strcpy ((char *) from, (char *) cvtbuf);
-	return (char *) from;
-    } else {
-	return cvtbuf;
-    }
-}
- 
-/*******************************************************************
-  kanji/kana -> ":xx" 
-********************************************************************/
-static char *
-sj_to_hex (const char *from, BOOL overwrite)
-{
-    unsigned char *sp, *dp;
-    
-    sp = (unsigned char*) from;
-    dp = (unsigned char*) cvtbuf;
-    while (*sp) {
-	if (is_kana(*sp)) {
-	    *dp++ = hex_tag;
-	    *dp++ = bin2hex (((*sp)>>4)&0x0f);
-	    *dp++ = bin2hex ((*sp)&0x0f);
-	    sp++;
-	} else if (is_shift_jis (*sp) && is_shift_jis2 (sp[1])) {
-	    *dp++ = hex_tag;
-	    *dp++ = bin2hex (((*sp)>>4)&0x0f);
-	    *dp++ = bin2hex ((*sp)&0x0f);
-	    sp++;
-	    *dp++ = hex_tag;
-	    *dp++ = bin2hex (((*sp)>>4)&0x0f);
-	    *dp++ = bin2hex ((*sp)&0x0f);
-	    sp++;
-	} else
-	    *dp++ = *sp++;
-    }
-    *dp = '\0';
-    if (overwrite) {
-	strcpy ((char *) from, (char *) cvtbuf);
-	return (char *) from;
-    } else {
-	return cvtbuf;
-    }
-}
-
-/*******************************************************************
-  kanji/kana -> ":xx" 
-********************************************************************/
-static char *
-sj_to_cap (const char *from, BOOL overwrite)
-{
-    unsigned char *sp, *dp;
-
-    sp = (unsigned char*) from;
-    dp = (unsigned char*) cvtbuf;
-    while (*sp) {
-	if (*sp >= 0x80) {
-	    *dp++ = hex_tag;
-	    *dp++ = bin2hex (((*sp)>>4)&0x0f);
-	    *dp++ = bin2hex ((*sp)&0x0f);
-	    sp++;
-	} else {
-	    *dp++ = *sp++;
-	}
-    }
-    *dp = '\0';
-    if (overwrite) {
-	strcpy ((char *) from, (char *) cvtbuf);
-	return (char *) from;
-    } else {
-	return cvtbuf;
-    }
-}
-
-/*******************************************************************
- sj to sj
-********************************************************************/
-static char *
-sj_to_sj (const char *from, BOOL overwrite)
-{
-    if (!overwrite) {
-	strcpy (cvtbuf, (char *) from);
-	return cvtbuf;
-    } else {
-	return (char *) from;
-    }
-}
-
-/************************************************************************
- conversion:
- _dos_to_unix		_unix_to_dos
-************************************************************************/
-
-char* (*_dos_to_unix) (const char *str, BOOL overwrite) = sj_to_sj;
-char* (*_unix_to_dos) (const char *str, BOOL overwrite) = sj_to_sj;
-
-static int
-setup_string_function (int codes)
-{
-    switch (codes) {
-    default:
-    case SJIS_CODE:
-	_dos_to_unix = sj_to_sj;
-	_unix_to_dos = sj_to_sj;
-
-	break;
-	
-    case EUC_CODE:
-	_dos_to_unix = sj_to_euc;
-	_unix_to_dos = euc_to_sj;
-	break;
-	
-    case JIS7_CODE:
-	_dos_to_unix = sj_to_jis7;
-	_unix_to_dos = jis7_to_sj;
-	break;
-
-    case JIS8_CODE:
-	_dos_to_unix = sj_to_jis8;
-	_unix_to_dos = jis8_to_sj;
-	break;
-
-    case JUNET_CODE:
-	_dos_to_unix = sj_to_junet;
-	_unix_to_dos = junet_to_sj;
-	break;
-
-    case HEX_CODE:
-	_dos_to_unix = sj_to_hex;
-	_unix_to_dos = hex_to_sj;
-	break;
-
-    case CAP_CODE:
-	_dos_to_unix = sj_to_cap;
-	_unix_to_dos = hex_to_sj;
-	break;
-    }
-    return codes;
-}
-
-/*
- * Interpret coding system.
- */
-int 
-interpret_coding_system (char *str, int def)
-{
-    int codes = def;
-    
-    if (strequal (str, "sjis")) {
-	codes = SJIS_CODE;
-    } else if (strequal (str, "euc")) {
-	codes = EUC_CODE;
-    } else if (strequal (str, "cap")) {
-	codes = CAP_CODE;
-	hex_tag = HEXTAG;
-    } else if (strequal (str, "hex")) {
-	codes = HEX_CODE;
-	hex_tag = HEXTAG;
-    } else if (strncasecmp (str, "hex", 3)) {
-	codes = HEX_CODE;
-	hex_tag = (str[3] ? str[3] : HEXTAG);
-    } else if (strequal (str, "j8bb")) {
-	codes = JIS8_CODE;
-	jis_kso = 'B';
-	jis_ksi = 'B';
-    } else if (strequal (str, "j8bj") || strequal (str, "jis8")) {
-	codes = JIS8_CODE;
-	jis_kso = 'B';
-	jis_ksi = 'J';
-    } else if (strequal (str, "j8bh")) {
-	codes = JIS8_CODE;
-	jis_kso = 'B';
-	jis_ksi = 'H';
-    } else if (strequal (str, "j8@b")) {
-	codes = JIS8_CODE;
-	jis_kso = '@';
-	jis_ksi = 'B';
-    } else if (strequal (str, "j8@j")) {
-	codes = JIS8_CODE;
-	jis_kso = '@';
-	jis_ksi = 'J';
-    } else if (strequal (str, "j8@h")) {
-	codes = JIS8_CODE;
-	jis_kso = '@';
-	jis_ksi = 'H';
-    } else if (strequal (str, "j7bb")) {
-	codes = JIS7_CODE;
-	jis_kso = 'B';
-	jis_ksi = 'B';
-    } else if (strequal (str, "j7bj") || strequal (str, "jis7")) {
-	codes = JIS7_CODE;
-	jis_kso = 'B';
-	jis_ksi = 'J';
-    } else if (strequal (str, "j7bh")) {
-	codes = JIS7_CODE;
-	jis_kso = 'B';
-	jis_ksi = 'H';
-    } else if (strequal (str, "j7@b")) {
-	codes = JIS7_CODE;
-	jis_kso = '@';
-	jis_ksi = 'B';
-    } else if (strequal (str, "j7@j")) {
-	codes = JIS7_CODE;
-	jis_kso = '@';
-	jis_ksi = 'J';
-    } else if (strequal (str, "j7@h")) {
-	codes = JIS7_CODE;
-	jis_kso = '@';
-	jis_ksi = 'H';
-    } else if (strequal (str, "jubb")) {
-	codes = JUNET_CODE;
-	jis_kso = 'B';
-	jis_ksi = 'B';
-    } else if (strequal (str, "jubj") || strequal (str, "junet")) {
-	codes = JUNET_CODE;
-	jis_kso = 'B';
-	jis_ksi = 'J';
-    } else if (strequal (str, "jubh")) {
-	codes = JUNET_CODE;
-	jis_kso = 'B';
-	jis_ksi = 'H';
-    } else if (strequal (str, "ju@b")) {
-	codes = JUNET_CODE;
-	jis_kso = '@';
-	jis_ksi = 'B';
-    } else if (strequal (str, "ju@j")) {
-	codes = JUNET_CODE;
-	jis_kso = '@';
-	jis_ksi = 'J';
-    } else if (strequal (str, "ju@h")) {
-	codes = JUNET_CODE;
-	jis_kso = '@';
-	jis_ksi = 'H';
-    }	
-    return setup_string_function (codes);
-}
-#else 
-int kanji_dummy_procedure(void)
-{return 0;}
-#endif /* KANJI */
diff --git a/source3/lib/md4.c b/source3/lib/md4.c
index 485e231a78..6803b7e883 100644
--- a/source3/lib/md4.c
+++ b/source3/lib/md4.c
@@ -1,299 +1,169 @@
-#ifdef SMB_PASSWD
-/*
-   This code is from rfc1186. 
+/* 
+   Unix SMB/CIFS implementation.
+   a implementation of MD4 designed for use in the SMB authentication protocol
+   Copyright (C) Andrew Tridgell 1997-1998.
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */
 
- /*
- ** ********************************************************************
- ** md4.c -- Implementation of MD4 Message Digest Algorithm           **
- ** Updated: 2/16/90 by Ronald L. Rivest                              **
- ** (C) 1990 RSA Data Security, Inc.                                  **
- ** ********************************************************************
- */
+#include "includes.h"
 
- /*
- ** To use MD4:
- **   -- Include md4.h in your program
- **   -- Declare an MDstruct MD to hold the state of the digest
- **          computation.
- **   -- Initialize MD using MDbegin(&MD)
- **   -- For each full block (64 bytes) X you wish to process, call
- **          MDupdate(&MD,X,512)
- **      (512 is the number of bits in a full block.)
- **   -- For the last block (less than 64 bytes) you wish to process,
- **          MDupdate(&MD,X,n)
- **      where n is the number of bits in the partial block. A partial
- **      block terminates the computation, so every MD computation
- **      should terminate by processing a partial block, even if it
- **      has n = 0.
- **   -- The message digest is available in MD.buffer[0] ...
- **      MD.buffer[3].  (Least-significant byte of each word
- **      should be output first.)
- **   -- You can print out the digest using MDprint(&MD)
- */
+/* NOTE: This code makes no attempt to be fast! 
 
- /* Implementation notes:
- ** This implementation assumes that ints are 32-bit quantities.
- ** If the machine stores the least-significant byte of an int in the
- ** least-addressed byte (e.g., VAX and 8086), then LOWBYTEFIRST
- ** should be set to TRUE.  Otherwise (e.g., SUNS), LOWBYTEFIRST
- ** should be set to FALSE.  Note that on machines with LOWBYTEFIRST
- ** FALSE the routine MDupdate modifies has a side-effect on its input
- ** array (the order of bytes in each word are reversed).  If this is
- ** undesired a call to MDreverse(X) can reverse the bytes of X back
- ** into order after each call to MDupdate.
- */
-
-#define TRUE  1
-#define FALSE 0
-
- /* Compile-time includes
- */
-
-#include <stdio.h>
-#include "md4.h"
-
-#define uchar unsigned char
-#define int16 unsigned short
-#define uint32 unsigned int
- 
-#include "byteorder.h"
-
- /* Compile-time declarations of MD4 "magic constants".
- */
-#define I0  0x67452301       /* Initial values for MD buffer */
-#define I1  0xefcdab89
-#define I2  0x98badcfe
-#define I3  0x10325476
-#define C2  013240474631     /* round 2 constant = sqrt(2) in octal */
-#define C3  015666365641     /* round 3 constant = sqrt(3) in octal */
- /* C2 and C3 are from Knuth, The Art of Programming, Volume 2
- ** (Seminumerical Algorithms), Second Edition (1981), Addison-Wesley.
- ** Table 2, page 660.
- */
-
-#define fs1  3               /* round 1 shift amounts */
-#define fs2  7
-#define fs3 11
-#define fs4 19
-#define gs1  3               /* round 2 shift amounts */
-#define gs2  5
-#define gs3  9
-#define gs4 13
-#define hs1  3               /* round 3 shift amounts */
-#define hs2  9
-#define hs3 11
-#define hs4 15
-
- /* Compile-time macro declarations for MD4.
- ** Note: The "rot" operator uses the variable "tmp".
- ** It assumes tmp is declared as unsigned int, so that the >>
- ** operator will shift in zeros rather than extending the sign bit.
- */
-#define f(X,Y,Z)             ((X&Y) | ((~X)&Z))
-#define g(X,Y,Z)             ((X&Y) | (X&Z) | (Y&Z))
-#define h(X,Y,Z)             (X^Y^Z)
-#define rot(X,S)             (tmp=X,(tmp<<S) | (tmp>>(32-S)))
-#define ff(A,B,C,D,i,s)      A = rot((A + f(B,C,D) + X[i]),s)
-#define gg(A,B,C,D,i,s)      A = rot((A + g(B,C,D) + X[i] + C2),s)
-#define hh(A,B,C,D,i,s)      A = rot((A + h(B,C,D) + X[i] + C3),s)
+   It assumes that a int is at least 32 bits long
+*/
 
- /* MDprint(MDp)
- ** Print message digest buffer MDp as 32 hexadecimal digits.
- ** Order is from low-order byte of buffer[0] to high-order byte of
- ** buffer[3].
- ** Each byte is printed with high-order hexadecimal digit first.
- ** This is a user-callable routine.
- */
- void
- MDprint(MDp)
- MDptr MDp;
- { int i,j;
-   for (i=0;i<4;i++)
-     for (j=0;j<32;j=j+8)
-       printf("%02x",(MDp->buffer[i]>>j) & 0xFF);
- }
+static uint32 A, B, C, D;
+
+static uint32 F(uint32 X, uint32 Y, uint32 Z)
+{
+	return (X&Y) | ((~X)&Z);
+}
+
+static uint32 G(uint32 X, uint32 Y, uint32 Z)
+{
+	return (X&Y) | (X&Z) | (Y&Z); 
+}
+
+static uint32 H(uint32 X, uint32 Y, uint32 Z)
+{
+	return X^Y^Z;
+}
+
+static uint32 lshift(uint32 x, int s)
+{
+	x &= 0xFFFFFFFF;
+	return ((x<<s)&0xFFFFFFFF) | (x>>(32-s));
+}
+
+#define ROUND1(a,b,c,d,k,s) a = lshift(a + F(b,c,d) + X[k], s)
+#define ROUND2(a,b,c,d,k,s) a = lshift(a + G(b,c,d) + X[k] + (uint32)0x5A827999,s)
+#define ROUND3(a,b,c,d,k,s) a = lshift(a + H(b,c,d) + X[k] + (uint32)0x6ED9EBA1,s)
+
+/* this applies md4 to 64 byte chunks */
+static void mdfour64(uint32 *M)
+{
+	int j;
+	uint32 AA, BB, CC, DD;
+	uint32 X[16];
+
+	for (j=0;j<16;j++)
+		X[j] = M[j];
+
+	AA = A; BB = B; CC = C; DD = D;
+
+        ROUND1(A,B,C,D,  0,  3);  ROUND1(D,A,B,C,  1,  7);  
+	ROUND1(C,D,A,B,  2, 11);  ROUND1(B,C,D,A,  3, 19);
+        ROUND1(A,B,C,D,  4,  3);  ROUND1(D,A,B,C,  5,  7);  
+	ROUND1(C,D,A,B,  6, 11);  ROUND1(B,C,D,A,  7, 19);
+        ROUND1(A,B,C,D,  8,  3);  ROUND1(D,A,B,C,  9,  7);  
+	ROUND1(C,D,A,B, 10, 11);  ROUND1(B,C,D,A, 11, 19);
+        ROUND1(A,B,C,D, 12,  3);  ROUND1(D,A,B,C, 13,  7);  
+	ROUND1(C,D,A,B, 14, 11);  ROUND1(B,C,D,A, 15, 19);	
+
+        ROUND2(A,B,C,D,  0,  3);  ROUND2(D,A,B,C,  4,  5);  
+	ROUND2(C,D,A,B,  8,  9);  ROUND2(B,C,D,A, 12, 13);
+        ROUND2(A,B,C,D,  1,  3);  ROUND2(D,A,B,C,  5,  5);  
+	ROUND2(C,D,A,B,  9,  9);  ROUND2(B,C,D,A, 13, 13);
+        ROUND2(A,B,C,D,  2,  3);  ROUND2(D,A,B,C,  6,  5);  
+	ROUND2(C,D,A,B, 10,  9);  ROUND2(B,C,D,A, 14, 13);
+        ROUND2(A,B,C,D,  3,  3);  ROUND2(D,A,B,C,  7,  5);  
+	ROUND2(C,D,A,B, 11,  9);  ROUND2(B,C,D,A, 15, 13);
+
+	ROUND3(A,B,C,D,  0,  3);  ROUND3(D,A,B,C,  8,  9);  
+	ROUND3(C,D,A,B,  4, 11);  ROUND3(B,C,D,A, 12, 15);
+        ROUND3(A,B,C,D,  2,  3);  ROUND3(D,A,B,C, 10,  9);  
+	ROUND3(C,D,A,B,  6, 11);  ROUND3(B,C,D,A, 14, 15);
+        ROUND3(A,B,C,D,  1,  3);  ROUND3(D,A,B,C,  9,  9);  
+	ROUND3(C,D,A,B,  5, 11);  ROUND3(B,C,D,A, 13, 15);
+        ROUND3(A,B,C,D,  3,  3);  ROUND3(D,A,B,C, 11,  9);  
+	ROUND3(C,D,A,B,  7, 11);  ROUND3(B,C,D,A, 15, 15);
+
+	A += AA; B += BB; C += CC; D += DD;
+	
+	A &= 0xFFFFFFFF; B &= 0xFFFFFFFF;
+	C &= 0xFFFFFFFF; D &= 0xFFFFFFFF;
+
+	for (j=0;j<16;j++)
+		X[j] = 0;
+}
+
+static void copy64(uint32 *M, const unsigned char *in)
+{
+	int i;
+
+	for (i=0;i<16;i++)
+		M[i] = (in[i*4+3]<<24) | (in[i*4+2]<<16) |
+			(in[i*4+1]<<8) | (in[i*4+0]<<0);
+}
+
+static void copy4(unsigned char *out, uint32 x)
+{
+	out[0] = x&0xFF;
+	out[1] = (x>>8)&0xFF;
+	out[2] = (x>>16)&0xFF;
+	out[3] = (x>>24)&0xFF;
+}
+
+/* produce a md4 message digest from data of length n bytes */
+void mdfour(unsigned char *out, const unsigned char *in, int n)
+{
+	unsigned char buf[128];
+	uint32 M[16];
+	uint32 b = n * 8;
+	int i;
+
+	A = 0x67452301;
+	B = 0xefcdab89;
+	C = 0x98badcfe;
+	D = 0x10325476;
+
+	while (n > 64) {
+		copy64(M, in);
+		mdfour64(M);
+		in += 64;
+		n -= 64;
+	}
 
- /* MDbegin(MDp)
- ** Initialize message digest buffer MDp.
- ** This is a user-callable routine.
- */
- void
- MDbegin(MDp)
- MDptr MDp;
- { int i;
-   MDp->buffer[0] = I0;
-   MDp->buffer[1] = I1;
-   MDp->buffer[2] = I2;
-   MDp->buffer[3] = I3;
-   for (i=0;i<8;i++) MDp->count[i] = 0;
-   MDp->done = 0;
- }
+	for (i=0;i<128;i++)
+		buf[i] = 0;
+	memcpy(buf, in, n);
+	buf[n] = 0x80;
+	
+	if (n <= 55) {
+		copy4(buf+56, b);
+		copy64(M, buf);
+		mdfour64(M);
+	} else {
+		copy4(buf+120, b); 
+		copy64(M, buf);
+		mdfour64(M);
+		copy64(M, buf+64);
+		mdfour64(M);
+	}
 
- /* MDreverse(X)
- ** Reverse the byte-ordering of every int in X.
- ** Assumes X is an array of 16 ints.
- ** The macro revx reverses the byte-ordering of the next word of X.
- */
- void MDreverse(X)
- unsigned int *X;
- { register unsigned int t;
-   register unsigned int i;
+	for (i=0;i<128;i++)
+		buf[i] = 0;
+	copy64(M, buf);
 
-   for(i = 0; i < 16; i++) {
-	  t = X[i];
-	  SIVAL(X,i*4,t);
-	}
- }
+	copy4(out, A);
+	copy4(out+4, B);
+	copy4(out+8, C);
+	copy4(out+12, D);
 
- /* MDblock(MDp,X)
- ** Update message digest buffer MDp->buffer using 16-word data block X.
- ** Assumes all 16 words of X are full of data.
- ** Does not update MDp->count.
- ** This routine is not user-callable.
- */
- static void
- MDblock(MDp,X)
- MDptr MDp;
- unsigned int *X;
- {
-   register unsigned int tmp, A, B, C, D;
-   MDreverse(X);
-   A = MDp->buffer[0];
-   B = MDp->buffer[1];
-   C = MDp->buffer[2];
-   D = MDp->buffer[3];
-   /* Update the message digest buffer */
-   ff(A , B , C , D ,  0 , fs1); /* Round 1 */
-   ff(D , A , B , C ,  1 , fs2);
-   ff(C , D , A , B ,  2 , fs3);
-   ff(B , C , D , A ,  3 , fs4);
-   ff(A , B , C , D ,  4 , fs1);
-   ff(D , A , B , C ,  5 , fs2);
-   ff(C , D , A , B ,  6 , fs3);
-   ff(B , C , D , A ,  7 , fs4);
-   ff(A , B , C , D ,  8 , fs1);
-   ff(D , A , B , C ,  9 , fs2);
-   ff(C , D , A , B , 10 , fs3);
-   ff(B , C , D , A , 11 , fs4);
-   ff(A , B , C , D , 12 , fs1);
-   ff(D , A , B , C , 13 , fs2);
-   ff(C , D , A , B , 14 , fs3);
-   ff(B , C , D , A , 15 , fs4);
-   gg(A , B , C , D ,  0 , gs1); /* Round 2 */
-   gg(D , A , B , C ,  4 , gs2);
-   gg(C , D , A , B ,  8 , gs3);
-   gg(B , C , D , A , 12 , gs4);
-   gg(A , B , C , D ,  1 , gs1);
-   gg(D , A , B , C ,  5 , gs2);
-   gg(C , D , A , B ,  9 , gs3);
-   gg(B , C , D , A , 13 , gs4);
-   gg(A , B , C , D ,  2 , gs1);
-   gg(D , A , B , C ,  6 , gs2);
-   gg(C , D , A , B , 10 , gs3);
-   gg(B , C , D , A , 14 , gs4);
-   gg(A , B , C , D ,  3 , gs1);
-   gg(D , A , B , C ,  7 , gs2);
-   gg(C , D , A , B , 11 , gs3);
-   gg(B , C , D , A , 15 , gs4);
-   hh(A , B , C , D ,  0 , hs1); /* Round 3 */
-   hh(D , A , B , C ,  8 , hs2);
-   hh(C , D , A , B ,  4 , hs3);
-   hh(B , C , D , A , 12 , hs4);
-   hh(A , B , C , D ,  2 , hs1);
-   hh(D , A , B , C , 10 , hs2);
-   hh(C , D , A , B ,  6 , hs3);
-   hh(B , C , D , A , 14 , hs4);
-   hh(A , B , C , D ,  1 , hs1);
-   hh(D , A , B , C ,  9 , hs2);
-   hh(C , D , A , B ,  5 , hs3);
-   hh(B , C , D , A , 13 , hs4);
-   hh(A , B , C , D ,  3 , hs1);
-   hh(D , A , B , C , 11 , hs2);
-   hh(C , D , A , B ,  7 , hs3);
-   hh(B , C , D , A , 15 , hs4);
-   MDp->buffer[0] += A;
-   MDp->buffer[1] += B;
-   MDp->buffer[2] += C;
-   MDp->buffer[3] += D;
- }
+	A = B = C = D = 0;
+}
 
- /* MDupdate(MDp,X,count)
- ** Input: MDp -- an MDptr
- **        X -- a pointer to an array of unsigned characters.
- **        count -- the number of bits of X to use.
- **          (if not a multiple of 8, uses high bits of last byte.)
- ** Update MDp using the number of bits of X given by count.
- ** This is the basic input routine for an MD4 user.
- ** The routine completes the MD computation when count < 512, so
- ** every MD computation should end with one call to MDupdate with a
- ** count less than 512.  A call with count 0 will be ignored if the
- ** MD has already been terminated (done != 0), so an extra call with
- ** count 0 can be given as a "courtesy close" to force termination
- ** if desired.
- */
- void
- MDupdate(MDp,X,count)
- MDptr MDp;
- unsigned char *X;
- unsigned int count;
- { unsigned int i, tmp, bit, byte, mask;
-   unsigned char XX[64];
-   unsigned char *p;
-   /* return with no error if this is a courtesy close with count
-   ** zero and MDp->done is true.
-   */
-   if (count == 0 && MDp->done) return;
-   /* check to see if MD is already done and report error */
-   if (MDp->done)
-          { printf("\nError: MDupdate MD already done."); return; }
-   /* Add count to MDp->count */
-   tmp = count;
-   p = MDp->count;
-   while (tmp)
-     { tmp += *p;
-       *p++ = tmp;
-       tmp = tmp >> 8;
-     }
-   /* Process data */
-   if (count == 512)
-     { /* Full block of data to handle */
-       MDblock(MDp,(unsigned int *)X);
-     }
-   else if (count > 512) /* Check for count too large */
-     { printf("\nError: MDupdate called with illegal count value %d."
-              ,count);
-       return;
-     }
-   else /* partial block -- must be last block so finish up */
-     { /* Find out how many bytes and residual bits there are */
-       byte = count >> 3;
-       bit =  count & 7;
-       /* Copy X into XX since we need to modify it */
-       for (i=0;i<=byte;i++)   XX[i] = X[i];
-       for (i=byte+1;i<64;i++) XX[i] = 0;
-       /* Add padding '1' bit and low-order zeros in last byte */
-       mask = 1 << (7 - bit);
-       XX[byte] = (XX[byte] | mask) & ~( mask - 1);
-       /* If room for bit count, finish up with this block */
-       if (byte <= 55)
-         { for (i=0;i<8;i++) XX[56+i] = MDp->count[i];
-           MDblock(MDp,(unsigned int *)XX);
-         }
-       else /* need to do two blocks to finish up */
-         { MDblock(MDp,(unsigned int *)XX);
-           for (i=0;i<56;i++) XX[i] = 0;
-           for (i=0;i<8;i++)  XX[56+i] = MDp->count[i];
-           MDblock(MDp,(unsigned int *)XX);
-         }
-       /* Set flag saying we're done with MD computation */
-       MDp->done = 1;
-     }
- }
 
- /*
- ** End of md4.c
- */
-#else
-void md4_dummy() {;}
-#endif
diff --git a/source3/lib/md5.c b/source3/lib/md5.c
new file mode 100644
index 0000000000..627725bb25
--- /dev/null
+++ b/source3/lib/md5.c
@@ -0,0 +1,245 @@
+/*
+ * This code implements the MD5 message-digest algorithm.
+ * The algorithm is due to Ron Rivest.  This code was
+ * written by Colin Plumb in 1993, no copyright is claimed.
+ * This code is in the public domain; do with it what you wish.
+ *
+ * Equivalent code is available from RSA Data Security, Inc.
+ * This code has been tested against that, and is equivalent,
+ * except that you don't need to include two pages of legalese
+ * with every copy.
+ *
+ * To compute the message digest of a chunk of bytes, declare an
+ * MD5Context structure, pass it to MD5Init, call MD5Update as
+ * needed on buffers full of bytes, and then call MD5Final, which
+ * will fill a supplied 16-byte array with the digest.
+ */
+
+/* This code slightly modified to fit into Samba by 
+   abartlet@samba.org Jun 2001 */
+
+#include "includes.h"
+
+#include "md5.h"
+
+/*
+ * Note: this code is harmless on little-endian machines.
+ */
+static void byteReverse(unsigned char *buf, unsigned longs)
+{
+    uint32 t;
+    do {
+	t = (uint32) ((unsigned) buf[3] << 8 | buf[2]) << 16 |
+	    ((unsigned) buf[1] << 8 | buf[0]);
+	*(uint32 *) buf = t;
+	buf += 4;
+    } while (--longs);
+}
+
+/*
+ * Start MD5 accumulation.  Set bit count to 0 and buffer to mysterious
+ * initialization constants.
+ */
+void MD5Init(struct MD5Context *ctx)
+{
+    ctx->buf[0] = 0x67452301;
+    ctx->buf[1] = 0xefcdab89;
+    ctx->buf[2] = 0x98badcfe;
+    ctx->buf[3] = 0x10325476;
+
+    ctx->bits[0] = 0;
+    ctx->bits[1] = 0;
+}
+
+/*
+ * Update context to reflect the concatenation of another buffer full
+ * of bytes.
+ */
+void MD5Update(struct MD5Context *ctx, unsigned char const *buf, unsigned len)
+{
+    register uint32 t;
+
+    /* Update bitcount */
+
+    t = ctx->bits[0];
+    if ((ctx->bits[0] = t + ((uint32) len << 3)) < t)
+	ctx->bits[1]++;		/* Carry from low to high */
+    ctx->bits[1] += len >> 29;
+
+    t = (t >> 3) & 0x3f;	/* Bytes already in shsInfo->data */
+
+    /* Handle any leading odd-sized chunks */
+
+    if (t) {
+	unsigned char *p = (unsigned char *) ctx->in + t;
+
+	t = 64 - t;
+	if (len < t) {
+	    memmove(p, buf, len);
+	    return;
+	}
+	memmove(p, buf, t);
+	byteReverse(ctx->in, 16);
+	MD5Transform(ctx->buf, (uint32 *) ctx->in);
+	buf += t;
+	len -= t;
+    }
+    /* Process data in 64-byte chunks */
+
+    while (len >= 64) {
+	memmove(ctx->in, buf, 64);
+	byteReverse(ctx->in, 16);
+	MD5Transform(ctx->buf, (uint32 *) ctx->in);
+	buf += 64;
+	len -= 64;
+    }
+
+    /* Handle any remaining bytes of data. */
+
+    memmove(ctx->in, buf, len);
+}
+
+/*
+ * Final wrapup - pad to 64-byte boundary with the bit pattern 
+ * 1 0* (64-bit count of bits processed, MSB-first)
+ */
+void MD5Final(unsigned char digest[16], struct MD5Context *ctx)
+{
+    unsigned int count;
+    unsigned char *p;
+
+    /* Compute number of bytes mod 64 */
+    count = (ctx->bits[0] >> 3) & 0x3F;
+
+    /* Set the first char of padding to 0x80.  This is safe since there is
+       always at least one byte free */
+    p = ctx->in + count;
+    *p++ = 0x80;
+
+    /* Bytes of padding needed to make 64 bytes */
+    count = 64 - 1 - count;
+
+    /* Pad out to 56 mod 64 */
+    if (count < 8) {
+	/* Two lots of padding:  Pad the first block to 64 bytes */
+	memset(p, 0, count);
+	byteReverse(ctx->in, 16);
+	MD5Transform(ctx->buf, (uint32 *) ctx->in);
+
+	/* Now fill the next block with 56 bytes */
+	memset(ctx->in, 0, 56);
+    } else {
+	/* Pad block to 56 bytes */
+	memset(p, 0, count - 8);
+    }
+    byteReverse(ctx->in, 14);
+
+    /* Append length in bits and transform */
+    ((uint32 *) ctx->in)[14] = ctx->bits[0];
+    ((uint32 *) ctx->in)[15] = ctx->bits[1];
+
+    MD5Transform(ctx->buf, (uint32 *) ctx->in);
+    byteReverse((unsigned char *) ctx->buf, 4);
+    memmove(digest, ctx->buf, 16);
+    memset(ctx, 0, sizeof(ctx));	/* In case it's sensitive */
+}
+
+/* The four core functions - F1 is optimized somewhat */
+
+/* #define F1(x, y, z) (x & y | ~x & z) */
+#define F1(x, y, z) (z ^ (x & (y ^ z)))
+#define F2(x, y, z) F1(z, x, y)
+#define F3(x, y, z) (x ^ y ^ z)
+#define F4(x, y, z) (y ^ (x | ~z))
+
+/* This is the central step in the MD5 algorithm. */
+#define MD5STEP(f, w, x, y, z, data, s) \
+	( w += f(x, y, z) + data,  w = w<<s | w>>(32-s),  w += x )
+
+/*
+ * The core of the MD5 algorithm, this alters an existing MD5 hash to
+ * reflect the addition of 16 longwords of new data.  MD5Update blocks
+ * the data and converts bytes into longwords for this routine.
+ */
+void MD5Transform(uint32 buf[4], uint32 const in[16])
+{
+    register uint32 a, b, c, d;
+
+    a = buf[0];
+    b = buf[1];
+    c = buf[2];
+    d = buf[3];
+
+    MD5STEP(F1, a, b, c, d, in[0] + 0xd76aa478, 7);
+    MD5STEP(F1, d, a, b, c, in[1] + 0xe8c7b756, 12);
+    MD5STEP(F1, c, d, a, b, in[2] + 0x242070db, 17);
+    MD5STEP(F1, b, c, d, a, in[3] + 0xc1bdceee, 22);
+    MD5STEP(F1, a, b, c, d, in[4] + 0xf57c0faf, 7);
+    MD5STEP(F1, d, a, b, c, in[5] + 0x4787c62a, 12);
+    MD5STEP(F1, c, d, a, b, in[6] + 0xa8304613, 17);
+    MD5STEP(F1, b, c, d, a, in[7] + 0xfd469501, 22);
+    MD5STEP(F1, a, b, c, d, in[8] + 0x698098d8, 7);
+    MD5STEP(F1, d, a, b, c, in[9] + 0x8b44f7af, 12);
+    MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17);
+    MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22);
+    MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122, 7);
+    MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12);
+    MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17);
+    MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22);
+
+    MD5STEP(F2, a, b, c, d, in[1] + 0xf61e2562, 5);
+    MD5STEP(F2, d, a, b, c, in[6] + 0xc040b340, 9);
+    MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14);
+    MD5STEP(F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20);
+    MD5STEP(F2, a, b, c, d, in[5] + 0xd62f105d, 5);
+    MD5STEP(F2, d, a, b, c, in[10] + 0x02441453, 9);
+    MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14);
+    MD5STEP(F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20);
+    MD5STEP(F2, a, b, c, d, in[9] + 0x21e1cde6, 5);
+    MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6, 9);
+    MD5STEP(F2, c, d, a, b, in[3] + 0xf4d50d87, 14);
+    MD5STEP(F2, b, c, d, a, in[8] + 0x455a14ed, 20);
+    MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905, 5);
+    MD5STEP(F2, d, a, b, c, in[2] + 0xfcefa3f8, 9);
+    MD5STEP(F2, c, d, a, b, in[7] + 0x676f02d9, 14);
+    MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20);
+
+    MD5STEP(F3, a, b, c, d, in[5] + 0xfffa3942, 4);
+    MD5STEP(F3, d, a, b, c, in[8] + 0x8771f681, 11);
+    MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16);
+    MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23);
+    MD5STEP(F3, a, b, c, d, in[1] + 0xa4beea44, 4);
+    MD5STEP(F3, d, a, b, c, in[4] + 0x4bdecfa9, 11);
+    MD5STEP(F3, c, d, a, b, in[7] + 0xf6bb4b60, 16);
+    MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23);
+    MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6, 4);
+    MD5STEP(F3, d, a, b, c, in[0] + 0xeaa127fa, 11);
+    MD5STEP(F3, c, d, a, b, in[3] + 0xd4ef3085, 16);
+    MD5STEP(F3, b, c, d, a, in[6] + 0x04881d05, 23);
+    MD5STEP(F3, a, b, c, d, in[9] + 0xd9d4d039, 4);
+    MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11);
+    MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16);
+    MD5STEP(F3, b, c, d, a, in[2] + 0xc4ac5665, 23);
+
+    MD5STEP(F4, a, b, c, d, in[0] + 0xf4292244, 6);
+    MD5STEP(F4, d, a, b, c, in[7] + 0x432aff97, 10);
+    MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15);
+    MD5STEP(F4, b, c, d, a, in[5] + 0xfc93a039, 21);
+    MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3, 6);
+    MD5STEP(F4, d, a, b, c, in[3] + 0x8f0ccc92, 10);
+    MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15);
+    MD5STEP(F4, b, c, d, a, in[1] + 0x85845dd1, 21);
+    MD5STEP(F4, a, b, c, d, in[8] + 0x6fa87e4f, 6);
+    MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10);
+    MD5STEP(F4, c, d, a, b, in[6] + 0xa3014314, 15);
+    MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21);
+    MD5STEP(F4, a, b, c, d, in[4] + 0xf7537e82, 6);
+    MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10);
+    MD5STEP(F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15);
+    MD5STEP(F4, b, c, d, a, in[9] + 0xeb86d391, 21);
+
+    buf[0] += a;
+    buf[1] += b;
+    buf[2] += c;
+    buf[3] += d;
+}
diff --git a/source3/lib/messages.c b/source3/lib/messages.c
new file mode 100644
index 0000000000..8602c2f32d
--- /dev/null
+++ b/source3/lib/messages.c
@@ -0,0 +1,534 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Samba internal messaging functions
+   Copyright (C) Andrew Tridgell 2000
+   Copyright (C) 2001 by Martin Pool
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+/**
+   @defgroups messages Internal messaging framework
+   @{
+   @file messages.c
+
+   This module is used for internal messaging between Samba daemons. 
+
+   The idea is that if a part of Samba wants to do communication with
+   another Samba process then it will do a message_register() of a
+   dispatch function, and use message_send_pid() to send messages to
+   that process.
+
+   The dispatch function is given the pid of the sender, and it can
+   use that to reply by message_send_pid().  See ping_message() for a
+   simple example.
+
+   This system doesn't have any inherent size limitations but is not
+   very efficient for large messages or when messages are sent in very
+   quick succession.
+
+*/
+
+#include "includes.h"
+
+/* the locking database handle */
+static TDB_CONTEXT *tdb;
+static int received_signal;
+
+/* change the message version with any incompatible changes in the protocol */
+#define MESSAGE_VERSION 1
+
+struct message_rec {
+	int msg_version;
+	int msg_type;
+	pid_t dest;
+	pid_t src;
+	size_t len;
+};
+
+/* we have a linked list of dispatch handlers */
+static struct dispatch_fns {
+	struct dispatch_fns *next, *prev;
+	int msg_type;
+	void (*fn)(int msg_type, pid_t pid, void *buf, size_t len);
+} *dispatch_fns;
+
+/****************************************************************************
+ Notifications come in as signals.
+****************************************************************************/
+
+static void sig_usr1(void)
+{
+	received_signal = 1;
+	sys_select_signal();
+}
+
+/****************************************************************************
+ A useful function for testing the message system.
+****************************************************************************/
+
+void ping_message(int msg_type, pid_t src, void *buf, size_t len)
+{
+	char *msg = buf ? buf : "none";
+	DEBUG(1,("INFO: Received PING message from PID %u [%s]\n",(unsigned int)src, msg));
+	message_send_pid(src, MSG_PONG, buf, len, True);
+}
+
+/****************************************************************************
+ Return current debug level.
+****************************************************************************/
+
+void debuglevel_message(int msg_type, pid_t src, void *buf, size_t len)
+{
+	DEBUG(1,("INFO: Received REQ_DEBUGLEVEL message from PID %u\n",(unsigned int)src));
+	message_send_pid(src, MSG_DEBUGLEVEL, DEBUGLEVEL_CLASS, sizeof(DEBUGLEVEL_CLASS), True);
+}
+
+/****************************************************************************
+ Initialise the messaging functions. 
+****************************************************************************/
+
+BOOL message_init(void)
+{
+	if (tdb) return True;
+
+	tdb = tdb_open_log(lock_path("messages.tdb"), 
+		       0, TDB_CLEAR_IF_FIRST|TDB_DEFAULT, 
+		       O_RDWR|O_CREAT,0600);
+
+	if (!tdb) {
+		DEBUG(0,("ERROR: Failed to initialise messages database\n"));
+		return False;
+	}
+
+	CatchSignal(SIGUSR1, SIGNAL_CAST sig_usr1);
+
+	message_register(MSG_PING, ping_message);
+	message_register(MSG_REQ_DEBUGLEVEL, debuglevel_message);
+
+	return True;
+}
+
+/*******************************************************************
+ Form a static tdb key from a pid.
+******************************************************************/
+
+static TDB_DATA message_key_pid(pid_t pid)
+{
+	static char key[20];
+	TDB_DATA kbuf;
+
+	slprintf(key, sizeof(key)-1, "PID/%d", (int)pid);
+	
+	kbuf.dptr = (char *)key;
+	kbuf.dsize = strlen(key)+1;
+	return kbuf;
+}
+
+/****************************************************************************
+ Notify a process that it has a message. If the process doesn't exist 
+ then delete its record in the database.
+****************************************************************************/
+
+static BOOL message_notify(pid_t pid)
+{
+	/* Doing kill with a non-positive pid causes messages to be
+	 * sent to places we don't want. */
+	SMB_ASSERT(pid > 0);
+	if (kill(pid, SIGUSR1) == -1) {
+		if (errno == ESRCH) {
+			DEBUG(2,("pid %d doesn't exist - deleting messages record\n", (int)pid));
+			tdb_delete(tdb, message_key_pid(pid));
+		} else {
+			DEBUG(2,("message to process %d failed - %s\n", (int)pid, strerror(errno)));
+		}
+		return False;
+	}
+	return True;
+}
+
+/****************************************************************************
+ Send a message to a particular pid.
+****************************************************************************/
+
+BOOL message_send_pid(pid_t pid, int msg_type, const void *buf, size_t len,
+		      BOOL duplicates_allowed)
+{
+	TDB_DATA kbuf;
+	TDB_DATA dbuf;
+	struct message_rec rec;
+	void *p;
+
+	rec.msg_version = MESSAGE_VERSION;
+	rec.msg_type = msg_type;
+	rec.dest = pid;
+	rec.src = sys_getpid();
+	rec.len = len;
+
+	/* Doing kill with a non-positive pid causes messages to be
+	 * sent to places we don't want. */
+	SMB_ASSERT(pid > 0);
+
+	kbuf = message_key_pid(pid);
+
+	/* lock the record for the destination */
+	tdb_chainlock(tdb, kbuf);
+
+	dbuf = tdb_fetch(tdb, kbuf);
+
+	if (!dbuf.dptr) {
+		/* its a new record */
+		p = (void *)malloc(len + sizeof(rec));
+		if (!p) goto failed;
+
+		memcpy(p, &rec, sizeof(rec));
+		if (len > 0) memcpy((void *)((char*)p+sizeof(rec)), buf, len);
+
+		dbuf.dptr = p;
+		dbuf.dsize = len + sizeof(rec);
+		tdb_store(tdb, kbuf, dbuf, TDB_REPLACE);
+		SAFE_FREE(p);
+		goto ok;
+	}
+
+	if (!duplicates_allowed) {
+		char *ptr;
+		struct message_rec prec;
+		
+		for(ptr = (char *)dbuf.dptr; ptr < dbuf.dptr + dbuf.dsize; ) {
+			/*
+			 * First check if the message header matches, then, if it's a non-zero
+			 * sized message, check if the data matches. If so it's a duplicate and
+			 * we can discard it. JRA.
+			 */
+
+			if (!memcmp(ptr, &rec, sizeof(rec))) {
+				if (!len || (len && !memcmp( ptr + sizeof(rec), buf, len))) {
+					DEBUG(10,("message_send_pid: discarding duplicate message.\n"));
+					SAFE_FREE(dbuf.dptr);
+					tdb_chainunlock(tdb, kbuf);
+					return True;
+				}
+			}
+			memcpy(&prec, ptr, sizeof(prec));
+			ptr += sizeof(rec) + prec.len;
+		}
+	}
+
+	/* we're adding to an existing entry */
+	p = (void *)malloc(dbuf.dsize + len + sizeof(rec));
+	if (!p) goto failed;
+
+	memcpy(p, dbuf.dptr, dbuf.dsize);
+	memcpy((void *)((char*)p+dbuf.dsize), &rec, sizeof(rec));
+	if (len > 0) memcpy((void *)((char*)p+dbuf.dsize+sizeof(rec)), buf, len);
+
+	SAFE_FREE(dbuf.dptr);
+	dbuf.dptr = p;
+	dbuf.dsize += len + sizeof(rec);
+	tdb_store(tdb, kbuf, dbuf, TDB_REPLACE);
+	SAFE_FREE(dbuf.dptr);
+
+ ok:
+	tdb_chainunlock(tdb, kbuf);
+	errno = 0;                    /* paranoia */
+	return message_notify(pid);
+
+ failed:
+	tdb_chainunlock(tdb, kbuf);
+	errno = 0;                    /* paranoia */
+	return False;
+}
+
+/****************************************************************************
+ Retrieve the next message for the current process.
+****************************************************************************/
+
+static BOOL message_recv(int *msg_type, pid_t *src, void **buf, size_t *len)
+{
+	TDB_DATA kbuf;
+	TDB_DATA dbuf;
+	struct message_rec rec;
+
+	kbuf = message_key_pid(sys_getpid());
+
+	tdb_chainlock(tdb, kbuf);
+	
+	dbuf = tdb_fetch(tdb, kbuf);
+	if (dbuf.dptr == NULL || dbuf.dsize == 0) goto failed;
+
+	memcpy(&rec, dbuf.dptr, sizeof(rec));
+
+	if (rec.msg_version != MESSAGE_VERSION) {
+		DEBUG(0,("message version %d received (expected %d)\n", rec.msg_version, MESSAGE_VERSION));
+		goto failed;
+	}
+
+	if (rec.len > 0) {
+		(*buf) = (void *)malloc(rec.len);
+		if (!(*buf)) goto failed;
+
+		memcpy(*buf, dbuf.dptr+sizeof(rec), rec.len);
+	} else {
+		*buf = NULL;
+	}
+
+	*len = rec.len;
+	*msg_type = rec.msg_type;
+	*src = rec.src;
+
+	if (dbuf.dsize - (sizeof(rec)+rec.len) > 0)
+		memmove(dbuf.dptr, dbuf.dptr+sizeof(rec)+rec.len, dbuf.dsize - (sizeof(rec)+rec.len));
+	dbuf.dsize -= sizeof(rec)+rec.len;
+
+	if (dbuf.dsize == 0)
+		tdb_delete(tdb, kbuf);
+	else
+		tdb_store(tdb, kbuf, dbuf, TDB_REPLACE);
+
+	SAFE_FREE(dbuf.dptr);
+	tdb_chainunlock(tdb, kbuf);
+	return True;
+
+ failed:
+	tdb_chainunlock(tdb, kbuf);
+	return False;
+}
+
+/****************************************************************************
+ Receive and dispatch any messages pending for this process.
+ Notice that all dispatch handlers for a particular msg_type get called,
+ so you can register multiple handlers for a message.
+****************************************************************************/
+
+void message_dispatch(void)
+{
+	int msg_type;
+	pid_t src;
+	void *buf;
+	size_t len;
+	struct dispatch_fns *dfn;
+	int n_handled;
+
+	if (!received_signal) return;
+
+	DEBUG(10,("message_dispatch: received_signal = %d\n", received_signal));
+
+	received_signal = 0;
+
+	while (message_recv(&msg_type, &src, &buf, &len)) {
+		DEBUG(10,("message_dispatch: received msg_type=%d src_pid=%d\n",
+			  msg_type, (int) src));
+		n_handled = 0;
+		for (dfn = dispatch_fns; dfn; dfn = dfn->next) {
+			if (dfn->msg_type == msg_type) {
+				DEBUG(10,("message_dispatch: processing message of type %d.\n", msg_type));
+				dfn->fn(msg_type, src, buf, len);
+				n_handled++;
+			}
+		}
+		if (!n_handled) {
+			DEBUG(5,("message_dispatch: warning: no handlers registed for "
+				 "msg_type %d in pid%d\n",
+				 msg_type, sys_getpid()));
+		}
+		SAFE_FREE(buf);
+	}
+}
+
+/****************************************************************************
+ Register a dispatch function for a particular message type.
+****************************************************************************/
+
+void message_register(int msg_type, 
+		      void (*fn)(int msg_type, pid_t pid, void *buf, size_t len))
+{
+	struct dispatch_fns *dfn;
+
+	dfn = (struct dispatch_fns *)malloc(sizeof(*dfn));
+
+	if (dfn != NULL) {
+
+		ZERO_STRUCTPN(dfn);
+
+		dfn->msg_type = msg_type;
+		dfn->fn = fn;
+
+		DLIST_ADD(dispatch_fns, dfn);
+	}
+	else {
+	
+		DEBUG(0,("message_register: Not enough memory. malloc failed!\n"));
+	}
+}
+
+/****************************************************************************
+ De-register the function for a particular message type.
+****************************************************************************/
+
+void message_deregister(int msg_type)
+{
+	struct dispatch_fns *dfn, *next;
+
+	for (dfn = dispatch_fns; dfn; dfn = next) {
+		next = dfn->next;
+		if (dfn->msg_type == msg_type) {
+			DLIST_REMOVE(dispatch_fns, dfn);
+			SAFE_FREE(dfn);
+		}
+	}	
+}
+
+struct msg_all {
+	int msg_type;
+	const void *buf;
+	size_t len;
+	BOOL duplicates;
+	int		n_sent;
+};
+
+/****************************************************************************
+ Send one of the messages for the broadcast.
+****************************************************************************/
+
+static int traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf, void *state)
+{
+	struct connections_data crec;
+	struct msg_all *msg_all = (struct msg_all *)state;
+
+	if (dbuf.dsize != sizeof(crec))
+		return 0;
+
+	memcpy(&crec, dbuf.dptr, sizeof(crec));
+
+	if (crec.cnum != -1)
+		return 0;
+
+	/* if the msg send fails because the pid was not found (i.e. smbd died), 
+	 * the msg has already been deleted from the messages.tdb.*/
+	if (!message_send_pid(crec.pid, msg_all->msg_type,
+			      msg_all->buf, msg_all->len,
+			      msg_all->duplicates)) {
+		
+		/* if the pid was not found delete the entry from connections.tdb */
+		if (errno == ESRCH) {
+			DEBUG(2,("pid %u doesn't exist - deleting connections %d [%s]\n",
+					(unsigned int)crec.pid, crec.cnum, crec.name));
+			tdb_delete(the_tdb, kbuf);
+		}
+	}
+	msg_all->n_sent++;
+	return 0;
+}
+
+/**
+ * Send a message to all smbd processes.
+ *
+ * It isn't very efficient, but should be OK for the sorts of
+ * applications that use it. When we need efficient broadcast we can add
+ * it.
+ *
+ * @param n_sent Set to the number of messages sent.  This should be
+ * equal to the number of processes, but be careful for races.
+ *
+ * @return True for success.
+ **/
+BOOL message_send_all(TDB_CONTEXT *conn_tdb, int msg_type,
+		      const void *buf, size_t len,
+		      BOOL duplicates_allowed,
+		      int *n_sent)
+{
+	struct msg_all msg_all;
+
+	msg_all.msg_type = msg_type;
+	msg_all.buf = buf;
+	msg_all.len = len;
+	msg_all.duplicates = duplicates_allowed;
+	msg_all.n_sent = 0;
+
+	tdb_traverse(conn_tdb, traverse_fn, &msg_all);
+	if (n_sent)
+		*n_sent = msg_all.n_sent;
+	return True;
+}
+
+static VOLATILE sig_atomic_t gotalarm;
+
+/***************************************************************
+ Signal function to tell us we timed out.
+****************************************************************/
+
+static void gotalarm_sig(void)
+{
+	gotalarm = 1;
+}
+
+/**
+ * Lock the messaging tdb based on a string - this is used as a primitive
+ * form of mutex between smbd instances. 
+ *
+ * @param name A string identifying the name of the mutex.
+ */
+
+BOOL message_named_mutex(char *name, unsigned int timeout)
+{
+	TDB_DATA key;
+	int ret;
+
+	if (!message_init())
+		return False;
+
+	key.dptr = name;
+	key.dsize = strlen(name)+1;
+
+	if (timeout) {
+		gotalarm = 0;
+		CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig);
+		alarm(timeout);
+	}
+
+	ret = tdb_chainlock(tdb, key);
+
+	if (timeout) {
+		alarm(0);
+		CatchSignal(SIGALRM, SIGNAL_CAST SIG_IGN);
+		if (gotalarm)
+			return False;
+	}
+
+	if (ret == 0)
+		DEBUG(10,("message_named_mutex: got mutex for %s\n", name ));
+
+	return (ret == 0);
+}
+
+/**
+ * Unlock a named mutex.
+ *
+ * @param name A string identifying the name of the mutex.
+ */
+
+void message_named_mutex_release(char *name)
+{
+	TDB_DATA key;
+
+	key.dptr = name;
+	key.dsize = strlen(name)+1;
+
+	tdb_chainunlock(tdb, key);
+	DEBUG(10,("message_named_mutex: released mutex for %s\n", name ));
+}
+
+/** @} **/
diff --git a/source3/lib/ms_fnmatch.c b/source3/lib/ms_fnmatch.c
new file mode 100644
index 0000000000..106efa5bbc
--- /dev/null
+++ b/source3/lib/ms_fnmatch.c
@@ -0,0 +1,225 @@
+/* 
+   Unix SMB/CIFS implementation.
+   filename matching routine
+   Copyright (C) Andrew Tridgell 1992-1998 
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.  */
+
+/*
+   This module was originally based on fnmatch.c copyright by the Free
+   Software Foundation. It bears little resemblence to that code now 
+*/  
+
+
+#if FNMATCH_TEST
+#include <stdio.h>
+#include <stdlib.h>
+#else
+#include "includes.h"
+#endif
+
+/* 
+   bugger. we need a separate wildcard routine for older versions
+   of the protocol. This is not yet perfect, but its a lot
+   better than what we had */
+static int ms_fnmatch_lanman_core(const smb_ucs2_t *pattern, 
+				  const smb_ucs2_t *string)
+{
+	const smb_ucs2_t *p = pattern, *n = string;
+	smb_ucs2_t c;
+
+	if (strcmp_wa(p, "?")==0 && strcmp_wa(n, ".")) goto match;
+
+	while ((c = *p++)) {
+		switch (c) {
+		case UCS2_CHAR('.'):
+			if (! *n) goto next;
+			if (*n != UCS2_CHAR('.')) goto nomatch;
+			n++;
+			break;
+
+		case UCS2_CHAR('?'):
+			if (! *n) goto next;
+			if ((*n == UCS2_CHAR('.') && 
+			     n[1] != UCS2_CHAR('.')) || ! *n) 
+				goto next;
+			n++;
+			break;
+
+		case UCS2_CHAR('>'):
+			if (! *n) goto next;
+			if (n[0] == UCS2_CHAR('.')) {
+				if (! n[1] && ms_fnmatch_lanman_core(p, n+1) == 0) goto match;
+				if (ms_fnmatch_lanman_core(p, n) == 0) goto match;
+				goto nomatch;
+			}
+			n++;
+			break;
+
+		case UCS2_CHAR('*'):
+			if (! *n) goto next;
+			if (! *p) goto match;
+			for (; *n; n++) {
+				if (ms_fnmatch_lanman_core(p, n) == 0) goto match;
+			}
+			break;
+
+		case UCS2_CHAR('<'):
+			for (; *n; n++) {
+				if (ms_fnmatch_lanman_core(p, n) == 0) goto match;
+				if (*n == UCS2_CHAR('.') && 
+				    !strchr_w(n+1,UCS2_CHAR('.'))) {
+					n++;
+					break;
+				}
+			}
+			break;
+
+		case UCS2_CHAR('"'):
+			if (*n == 0 && ms_fnmatch_lanman_core(p, n) == 0) goto match;
+			if (*n != UCS2_CHAR('.')) goto nomatch;
+			n++;
+			break;
+
+		default:
+			if (c != *n) goto nomatch;
+			n++;
+		}
+	}
+	
+	if (! *n) goto match;
+	
+ nomatch:
+	/*
+	if (verbose) printf("NOMATCH pattern=[%s] string=[%s]\n", pattern, string);
+	*/
+	return -1;
+
+next:
+	if (ms_fnmatch_lanman_core(p, n) == 0) goto match;
+        goto nomatch;
+
+ match:
+	/*
+	if (verbose) printf("MATCH   pattern=[%s] string=[%s]\n", pattern, string);
+	*/
+	return 0;
+}
+
+static int ms_fnmatch_lanman1(const smb_ucs2_t *pattern, const smb_ucs2_t *string)
+{
+	if (!strpbrk_wa(pattern, "?*<>\"")) {
+		smb_ucs2_t s[] = {UCS2_CHAR('.'), 0};
+		if (strcmp_wa(string,"..") == 0) string = s;
+		return strcasecmp_w(pattern, string);
+	}
+
+	if (strcmp_wa(string,"..") == 0 || strcmp_wa(string,".") == 0) {
+		smb_ucs2_t dot[] = {UCS2_CHAR('.'), 0};
+		smb_ucs2_t dotdot[] = {UCS2_CHAR('.'), UCS2_CHAR('.'), 0};
+		return ms_fnmatch_lanman_core(pattern, dotdot) &&
+			ms_fnmatch_lanman_core(pattern, dot);
+	}
+
+	return ms_fnmatch_lanman_core(pattern, string);
+}
+
+
+/* the following function was derived using the masktest utility -
+   after years of effort we finally have a perfect MS wildcard
+   matching routine! 
+
+   NOTE: this matches only filenames with no directory component
+
+   Returns 0 on match, -1 on fail.
+*/
+static int ms_fnmatch_w(const smb_ucs2_t *pattern, const smb_ucs2_t *string, int protocol)
+{
+	const smb_ucs2_t *p = pattern, *n = string;
+	smb_ucs2_t c;
+
+	if (protocol <= PROTOCOL_LANMAN2) {
+		return ms_fnmatch_lanman1(pattern, string);
+	}
+
+	while ((c = *p++)) {
+		switch (c) {
+		case UCS2_CHAR('?'):
+			if (! *n) return -1;
+			n++;
+			break;
+
+		case UCS2_CHAR('>'):
+			if (n[0] == UCS2_CHAR('.')) {
+				if (! n[1] && ms_fnmatch_w(p, n+1, protocol) == 0) return 0;
+				if (ms_fnmatch_w(p, n, protocol) == 0) return 0;
+				return -1;
+			}
+			if (! *n) return ms_fnmatch_w(p, n, protocol);
+			n++;
+			break;
+
+		case UCS2_CHAR('*'):
+			for (; *n; n++) {
+				if (ms_fnmatch_w(p, n, protocol) == 0) return 0;
+			}
+			break;
+
+		case UCS2_CHAR('<'):
+			for (; *n; n++) {
+				if (ms_fnmatch_w(p, n, protocol) == 0) return 0;
+				if (*n == UCS2_CHAR('.') && !strchr_wa(n+1,'.')) {
+					n++;
+					break;
+				}
+			}
+			break;
+
+		case UCS2_CHAR('"'):
+			if (*n == 0 && ms_fnmatch_w(p, n, protocol) == 0) return 0;
+			if (*n != UCS2_CHAR('.')) return -1;
+			n++;
+			break;
+
+		default:
+			if (c != *n) return -1;
+			n++;
+		}
+	}
+	
+	if (! *n) return 0;
+	
+	return -1;
+}
+
+
+int ms_fnmatch(const char *pattern, const char *string, int protocol)
+{
+	wpstring p, s;
+	int ret;
+
+	pstrcpy_wa(p, pattern);
+	pstrcpy_wa(s, string);
+
+	ret = ms_fnmatch_w(p, s, protocol);
+/* 	DEBUG(0,("ms_fnmatch(%s,%s) -> %d\n", pattern, string, ret)); */
+	return ret;
+}
+
+/* a generic fnmatch function - uses for non-CIFS pattern matching */
+int gen_fnmatch(const char *pattern, const char *string)
+{
+	return ms_fnmatch(pattern, string, PROTOCOL_NT1);
+}
diff --git a/source3/lib/netatalk.c b/source3/lib/netatalk.c
new file mode 100644
index 0000000000..035f3794a0
--- /dev/null
+++ b/source3/lib/netatalk.c
@@ -0,0 +1,155 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Copyright (C) Andrew Tridgell 1992-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+/*
+   netatalk.c : routines for improving interaction between Samba and netatalk.
+   Copyright (C) John D. Blair <jdblair@cobaltnet.com> 1998
+                 Cobalt Networks, Inc.
+*/
+
+#include "includes.h"
+
+#ifdef WITH_NETATALK
+ 
+/*****************
+   ntalk_resourcepath: creates the path to the netatalk resource fork for
+                        a given file
+
+   fname:       normal filename
+   doublename:  buffer that will contain the location of the resource fork
+   length:      length of this buffer (to prevent overflows)
+
+   NOTE: doesn't currently gracefully deal with buffer overflows- it just
+         doesn't allow them to occur.
+******************/
+void ntalk_resourcepath(const char *fname, char *doublename, const int length)
+{
+  int i;
+  int charnum;
+  int lastslash;
+  char appledouble[] = APPLEDOUBLE;
+
+  /* copy fname to doublename and find last slash */
+  for (i = 0; (fname[i] != 0) && (i <= length); i++) {
+    if (fname[i] == '/') {
+      lastslash = i;
+    }
+    doublename[i] = fname[i];
+  }
+  lastslash++; /* location just after last slash */
+
+  /* insert .AppleDouble */
+  charnum = lastslash;
+  for (i = 0; (appledouble[i] != 0) && (i <= length); i++) {
+    doublename[charnum] = appledouble[i];
+    charnum++;
+  }
+
+  /* append last part of file name */
+  for (i = lastslash; (fname[i] != 0) && (i <= length); i++) {
+    doublename[charnum] = fname[i];
+    charnum++;
+  }
+  
+  doublename[charnum] = 0;
+}
+
+/**********************
+ ntalk_mkresdir: creates a new .AppleDouble directory (if necessary)
+                 for the resource fork of a specified file
+**********************/
+int ntalk_mkresdir(const char *fname)
+{
+  char fdir[255];
+  int i;
+  int lastslash;
+  SMB_STRUCT_STAT dirstats;
+  char appledouble[] = APPLEDOUBLE;
+
+  /* find directory containing fname */
+  for (i = 0; (fname[i] != 0) && (i <= 254); i++) {
+    fdir[i] = fname[i];
+    if (fdir[i] == '/') {
+      lastslash = i;
+    }
+  }
+  lastslash++;
+  fdir[lastslash] = 0;
+  sys_lstat(fdir, &dirstats);
+
+  /* append .AppleDouble */
+  for (i = 0; (appledouble[i] != 0) && (lastslash <= 254); i++) {
+    fdir[lastslash] = appledouble[i];
+    lastslash++;
+  }
+  fdir[lastslash] = 0;
+
+  /* create this directory */
+  /* silently ignore EEXIST error */
+  if ((mkdir(fdir, dirstats.st_mode) < 0) && (errno != EEXIST)) {
+    return errno;
+  }
+
+  /* set ownership of this dir to the same as its parent */
+  /* holy race condition, batman! */
+  /* warning: this doesn't check for errors */
+  chown(fdir, dirstats.st_uid, dirstats.st_gid);
+
+  printf("%s\n", fdir);
+
+  return 1;
+}
+
+/**********************
+ ntalk_unlink: unlink a file and its resource fork
+**********************/
+int ntalk_unlink(const char *fname)
+{
+  char buf[255];
+
+  ntalk_resourcepath(fname, buf, 255);
+  unlink(buf);
+  return unlink(fname);
+}
+
+/**********************
+ ntalk_chown: chown a file and its resource fork
+**********************/
+int ntalk_chown(const char *fname, const uid_t uid, const gid_t gid)
+{
+  char buf[255];
+
+  ntalk_resourcepath(fname, buf, 255);
+  chown(buf, uid, gid);
+  return chown(fname, uid, gid);
+}
+
+/**********************
+ ntalk_chmod: chmod a file and its resource fork
+**********************/
+int ntalk_chmod(const char *fname, mode_t perms)
+{
+  char buf[255];
+
+  ntalk_resourcepath(fname, buf, 255);
+  chmod(buf, perms);
+  return chmod(fname, perms);
+}
+
+#endif /* WITH_NETATALK */
diff --git a/source3/lib/pam_errors.c b/source3/lib/pam_errors.c
new file mode 100644
index 0000000000..f74e4bf176
--- /dev/null
+++ b/source3/lib/pam_errors.c
@@ -0,0 +1,125 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  PAM error mapping functions
+ *  Copyright (C) Andrew Bartlett 2002
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+#ifdef WITH_PAM
+#include <security/pam_appl.h>
+
+#if defined(PAM_AUTHTOK_RECOVERY_ERR) && !defined(PAM_AUTHTOK_RECOVER_ERR)
+#define PAM_AUTHTOK_RECOVER_ERR PAM_AUTHTOK_RECOVERY_ERR
+#endif	
+
+/* PAM -> NT_STATUS map */
+const static struct {
+	int pam_code;
+	NTSTATUS ntstatus;
+} pam_to_nt_status_map[] = {
+	{PAM_OPEN_ERR, NT_STATUS_UNSUCCESSFUL},
+	{PAM_SYMBOL_ERR, NT_STATUS_UNSUCCESSFUL},
+	{PAM_SERVICE_ERR, NT_STATUS_UNSUCCESSFUL},
+	{PAM_SYSTEM_ERR,  NT_STATUS_UNSUCCESSFUL},
+	{PAM_BUF_ERR, NT_STATUS_UNSUCCESSFUL},
+	{PAM_PERM_DENIED, NT_STATUS_ACCESS_DENIED},
+	{PAM_AUTH_ERR, NT_STATUS_WRONG_PASSWORD},
+	{PAM_CRED_INSUFFICIENT, NT_STATUS_INSUFFICIENT_LOGON_INFO}, /* FIXME:  Is this correct? */
+	{PAM_AUTHINFO_UNAVAIL, NT_STATUS_LOGON_FAILURE},
+	{PAM_USER_UNKNOWN, NT_STATUS_NO_SUCH_USER},
+	{PAM_MAXTRIES, NT_STATUS_REMOTE_SESSION_LIMIT}, /* FIXME:  Is this correct? */
+	{PAM_NEW_AUTHTOK_REQD, NT_STATUS_PASSWORD_MUST_CHANGE},
+	{PAM_ACCT_EXPIRED, NT_STATUS_ACCOUNT_EXPIRED},
+	{PAM_SESSION_ERR, NT_STATUS_INSUFFICIENT_RESOURCES},
+	{PAM_CRED_UNAVAIL, NT_STATUS_NO_TOKEN},  /* FIXME:  Is this correct? */
+	{PAM_CRED_EXPIRED, NT_STATUS_PASSWORD_EXPIRED},  /* FIXME:  Is this correct? */
+	{PAM_CRED_ERR, NT_STATUS_UNSUCCESSFUL},
+	{PAM_AUTHTOK_ERR, NT_STATUS_UNSUCCESSFUL},
+#ifdef PAM_AUTHTOK_RECOVER_ERR
+	{PAM_AUTHTOK_RECOVER_ERR, NT_STATUS_UNSUCCESSFUL},
+#endif
+	{PAM_AUTHTOK_EXPIRED, NT_STATUS_PASSWORD_EXPIRED},
+	{PAM_SUCCESS, NT_STATUS_OK}
+};
+
+/* NT_STATUS -> PAM map */
+const static struct {
+	NTSTATUS ntstatus;
+	int pam_code;
+} nt_status_to_pam_map[] = {
+	{NT_STATUS_UNSUCCESSFUL, PAM_SYSTEM_ERR},
+	{NT_STATUS_NO_SUCH_USER, PAM_USER_UNKNOWN},
+	{NT_STATUS_WRONG_PASSWORD, PAM_AUTH_ERR},
+	{NT_STATUS_LOGON_FAILURE, PAM_AUTH_ERR},
+	{NT_STATUS_ACCOUNT_EXPIRED, PAM_ACCT_EXPIRED},
+	{NT_STATUS_PASSWORD_MUST_CHANGE, PAM_NEW_AUTHTOK_REQD},
+	{NT_STATUS_OK, PAM_SUCCESS}
+};
+
+/*****************************************************************************
+convert a PAM error to a NT status32 code
+ *****************************************************************************/
+NTSTATUS pam_to_nt_status(int pam_error)
+{
+	int i;
+	if (pam_error == 0) return NT_STATUS_OK;
+	
+	for (i=0; NT_STATUS_V(pam_to_nt_status_map[i].ntstatus); i++) {
+		if (pam_error == pam_to_nt_status_map[i].pam_code)
+			return pam_to_nt_status_map[i].ntstatus;
+	}
+	return NT_STATUS_UNSUCCESSFUL;
+}
+
+/*****************************************************************************
+convert an NT status32 code to a PAM error
+ *****************************************************************************/
+int nt_status_to_pam(NTSTATUS nt_status)
+{
+	int i;
+	if NT_STATUS_IS_OK(nt_status) return PAM_SUCCESS;
+	
+	for (i=0; NT_STATUS_V(nt_status_to_pam_map[i].ntstatus); i++) {
+		if (NT_STATUS_EQUAL(nt_status,nt_status_to_pam_map[i].ntstatus))
+			return nt_status_to_pam_map[i].pam_code;
+	}
+	return PAM_SYSTEM_ERR;
+}
+
+#else 
+
+/*****************************************************************************
+convert a PAM error to a NT status32 code
+ *****************************************************************************/
+NTSTATUS pam_to_nt_status(int pam_error)
+{
+	if (pam_error == 0) return NT_STATUS_OK;
+	return NT_STATUS_UNSUCCESSFUL;
+}
+
+/*****************************************************************************
+convert an NT status32 code to a PAM error
+ *****************************************************************************/
+int nt_status_to_pam(NTSTATUS nt_status)
+{
+	if (NT_STATUS_EQUAL(nt_status, NT_STATUS_OK)) return 0;
+	return 4; /* PAM_SYSTEM_ERR */
+}
+
+#endif
+
diff --git a/source3/lib/pidfile.c b/source3/lib/pidfile.c
new file mode 100644
index 0000000000..28fd959b54
--- /dev/null
+++ b/source3/lib/pidfile.c
@@ -0,0 +1,112 @@
+/* this code is broken - there is a race condition with the unlink (tridge) */
+
+/* 
+   Unix SMB/CIFS implementation.
+   pidfile handling
+   Copyright (C) Andrew Tridgell 1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+#ifndef O_NONBLOCK
+#define O_NONBLOCK
+#endif
+
+/* return the pid in a pidfile. return 0 if the process (or pidfile)
+   does not exist */
+pid_t pidfile_pid(char *name)
+{
+	int fd;
+	char pidstr[20];
+	unsigned ret;
+	pstring pidFile;
+
+	slprintf(pidFile, sizeof(pidFile)-1, "%s/%s.pid", lp_lockdir(), name);
+
+	fd = sys_open(pidFile, O_NONBLOCK | O_RDONLY, 0644);
+	if (fd == -1) {
+		return 0;
+	}
+
+	ZERO_ARRAY(pidstr);
+
+	if (read(fd, pidstr, sizeof(pidstr)-1) <= 0) {
+		goto noproc;
+	}
+
+	ret = atoi(pidstr);
+	
+	if (!process_exists((pid_t)ret)) {
+		goto noproc;
+	}
+
+	if (fcntl_lock(fd,SMB_F_SETLK,0,1,F_RDLCK)) {
+		/* we could get the lock - it can't be a Samba process */
+		goto noproc;
+	}
+
+	close(fd);
+	return (pid_t)ret;
+
+ noproc:
+	close(fd);
+	unlink(pidFile);
+	return 0;
+}
+
+/* Create a pid file in the lock directory. open it and leave it locked.
+   This must be done after a call to lp_load() as it uses the lp_lockdir()
+   function to generate the path to the pidfile. */
+
+void pidfile_create(char *name)
+{
+	int     fd;
+	char    buf[20];
+	pstring pidFile;
+	pid_t pid;
+
+	slprintf(pidFile, sizeof(pidFile)-1, "%s/%s.pid", lp_lockdir(), name);
+
+	pid = pidfile_pid(name);
+	if (pid != 0) {
+		DEBUG(0,("ERROR: %s is already running. File %s exists and process id %d is running.\n", 
+			 name, pidFile, (int)pid));
+		exit(1);
+	}
+
+	fd = sys_open(pidFile, O_NONBLOCK | O_CREAT | O_WRONLY | O_EXCL, 0644);
+	if (fd == -1) {
+		DEBUG(0,("ERROR: can't open %s: Error was %s\n", pidFile, 
+			 strerror(errno)));
+		exit(1);
+	}
+
+	if (fcntl_lock(fd,SMB_F_SETLK,0,1,F_WRLCK)==False) {
+		DEBUG(0,("ERROR: %s : fcntl lock of file %s failed. Error was %s\n",  
+              name, pidFile, strerror(errno)));
+		exit(1);
+	}
+
+	memset(buf, 0, sizeof(buf));
+	slprintf(buf, sizeof(buf) - 1, "%u\n", (unsigned int) sys_getpid());
+	if (write(fd, buf, sizeof(buf)) != sizeof(buf)) {
+		DEBUG(0,("ERROR: can't write to file %s: %s\n", 
+			 pidFile, strerror(errno)));
+		exit(1);
+	}
+	/* Leave pid file open & locked for the duration... */
+}
diff --git a/source3/lib/readline.c b/source3/lib/readline.c
new file mode 100644
index 0000000000..d80c571dd3
--- /dev/null
+++ b/source3/lib/readline.c
@@ -0,0 +1,119 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Samba readline wrapper implementation
+   Copyright (C) Simo Sorce 2001
+   Copyright (C) Andrew Tridgell 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+#ifdef HAVE_NEW_LIBREADLINE
+#  define RL_COMPLETION_CAST (rl_completion_func_t *)
+#else
+/* This type is missing from libreadline<4.0  (approximately) */
+#  define RL_COMPLETION_CAST
+#endif /* HAVE_NEW_LIBREADLINE */
+
+/****************************************************************************
+ Display the prompt and wait for input. Call callback() regularly
+****************************************************************************/
+
+static char *smb_readline_replacement(char *prompt, void (*callback)(void), 
+				char **(completion_fn)(char *text, int start, int end))
+{
+	fd_set fds;
+	static pstring line;
+	struct timeval timeout;
+	int fd = fileno(stdin);
+	char *ret;
+
+	x_fprintf(dbf, "%s", prompt);
+	x_fflush(dbf);
+
+	while (1) {
+		timeout.tv_sec = 5;
+		timeout.tv_usec = 0;
+
+		FD_ZERO(&fds);
+		FD_SET(fd,&fds);
+	
+		if (sys_select_intr(fd+1,&fds,NULL,NULL,&timeout) == 1) {
+			ret = fgets(line, sizeof(line), stdin);
+			return ret;
+		}
+		if (callback)
+			callback();
+	}
+}
+
+/****************************************************************************
+ Display the prompt and wait for input. Call callback() regularly.
+****************************************************************************/
+
+char *smb_readline(char *prompt, void (*callback)(void), 
+		   char **(completion_fn)(char *text, int start, int end))
+{
+#if HAVE_LIBREADLINE
+	if (isatty(fileno(stdin))) {
+		char *ret;
+
+		/* Aargh!  Readline does bizzare things with the terminal width
+		that mucks up expect(1).  Set CLI_NO_READLINE in the environment
+		to force readline not to be used. */
+
+		if (getenv("CLI_NO_READLINE"))
+			return smb_readline_replacement(prompt, callback, completion_fn);
+
+		if (completion_fn) {
+			/* The callback prototype has changed slightly between
+			different versions of Readline, so the same function
+			works in all of them to date, but we get compiler
+			warnings in some.  */
+			rl_attempted_completion_function = RL_COMPLETION_CAST completion_fn;
+		}
+
+		if (callback)
+			rl_event_hook = (Function *)callback;
+		ret = readline(prompt);
+		if (ret && *ret)
+			add_history(ret);
+		return ret;
+	} else
+#endif
+	return smb_readline_replacement(prompt, callback, completion_fn);
+}
+
+/****************************************************************************
+history
+****************************************************************************/
+int cmd_history(void)
+{
+#if defined(HAVE_LIBREADLINE)
+	HIST_ENTRY **hlist;
+	int i;
+
+	hlist = history_list();
+	
+	for (i = 0; hlist && hlist[i]; i++) {
+		DEBUG(0, ("%d: %s\n", i, hlist[i]->line));
+	}
+#else
+	DEBUG(0,("no history without readline support\n"));
+#endif
+
+	return 0;
+}
diff --git a/source3/lib/replace.c b/source3/lib/replace.c
new file mode 100644
index 0000000000..dd50ff035e
--- /dev/null
+++ b/source3/lib/replace.c
@@ -0,0 +1,416 @@
+/* 
+   Unix SMB/CIFS implementation.
+   replacement routines for broken systems
+   Copyright (C) Andrew Tridgell 1992-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+ void replace_dummy(void);
+ void replace_dummy(void) {}
+
+#ifndef HAVE_FTRUNCATE
+ /*******************************************************************
+ftruncate for operating systems that don't have it
+********************************************************************/
+ int ftruncate(int f,SMB_OFF_T l)
+{
+      struct  flock   fl;
+
+      fl.l_whence = 0;
+      fl.l_len = 0;
+      fl.l_start = l;
+      fl.l_type = F_WRLCK;
+      return fcntl(f, F_FREESP, &fl);
+}
+#endif /* HAVE_FTRUNCATE */
+
+
+#ifndef HAVE_STRLCPY
+/* like strncpy but does not 0 fill the buffer and always null 
+   terminates. bufsize is the size of the destination buffer */
+ size_t strlcpy(char *d, const char *s, size_t bufsize)
+{
+	size_t len = strlen(s);
+	size_t ret = len;
+	if (bufsize <= 0) return 0;
+	if (len >= bufsize) len = bufsize-1;
+	memcpy(d, s, len);
+	d[len] = 0;
+	return ret;
+}
+#endif
+
+#ifndef HAVE_STRLCAT
+/* like strncat but does not 0 fill the buffer and always null 
+   terminates. bufsize is the length of the buffer, which should
+   be one more than the maximum resulting string length */
+ size_t strlcat(char *d, const char *s, size_t bufsize)
+{
+	size_t len1 = strlen(d);
+	size_t len2 = strlen(s);
+	size_t ret = len1 + len2;
+
+	if (len1+len2 >= bufsize) {
+		len2 = bufsize - (len1+1);
+	}
+	if (len2 > 0) {
+		memcpy(d+len1, s, len2);
+		d[len1+len2] = 0;
+	}
+	return ret;
+}
+#endif
+
+#ifndef HAVE_MKTIME
+/*******************************************************************
+a mktime() replacement for those who don't have it - contributed by 
+C.A. Lademann <cal@zls.com>
+Corrections by richard.kettlewell@kewill.com
+********************************************************************/
+
+#define  MINUTE  60
+#define  HOUR    60*MINUTE
+#define  DAY             24*HOUR
+#define  YEAR    365*DAY
+ time_t mktime(struct tm *t)
+{
+  struct tm       *u;
+  time_t  epoch = 0;
+  int n;
+  int             mon [] = { 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 },
+  y, m, i;
+
+  if(t->tm_year < 70)
+    return((time_t)-1);
+
+  n = t->tm_year + 1900 - 1;
+  epoch = (t->tm_year - 70) * YEAR + 
+    ((n / 4 - n / 100 + n / 400) - (1969 / 4 - 1969 / 100 + 1969 / 400)) * DAY;
+
+  y = t->tm_year + 1900;
+  m = 0;
+
+  for(i = 0; i < t->tm_mon; i++) {
+    epoch += mon [m] * DAY;
+    if(m == 1 && y % 4 == 0 && (y % 100 != 0 || y % 400 == 0))
+      epoch += DAY;
+    
+    if(++m > 11) {
+      m = 0;
+      y++;
+    }
+  }
+
+  epoch += (t->tm_mday - 1) * DAY;
+  epoch += t->tm_hour * HOUR + t->tm_min * MINUTE + t->tm_sec;
+  
+  if((u = localtime(&epoch)) != NULL) {
+    t->tm_sec = u->tm_sec;
+    t->tm_min = u->tm_min;
+    t->tm_hour = u->tm_hour;
+    t->tm_mday = u->tm_mday;
+    t->tm_mon = u->tm_mon;
+    t->tm_year = u->tm_year;
+    t->tm_wday = u->tm_wday;
+    t->tm_yday = u->tm_yday;
+    t->tm_isdst = u->tm_isdst;
+  }
+
+  return(epoch);
+}
+#endif /* !HAVE_MKTIME */
+
+
+
+#ifndef HAVE_RENAME
+/* Rename a file. (from libiberty in GNU binutils)  */
+ int rename(const char *zfrom, const char *zto)
+{
+  if (link (zfrom, zto) < 0)
+    {
+      if (errno != EEXIST)
+	return -1;
+      if (unlink (zto) < 0
+	  || link (zfrom, zto) < 0)
+	return -1;
+    }
+  return unlink (zfrom);
+}
+#endif /* HAVE_RENAME */
+
+
+#ifndef HAVE_INNETGR
+#if defined(HAVE_SETNETGRENT) && defined(HAVE_GETNETGRENT) && defined(HAVE_ENDNETGRENT)
+/*
+ * Search for a match in a netgroup. This replaces it on broken systems.
+ */
+ int innetgr(const char *group,const char *host,const char *user,const char *dom)
+{
+	char *hst, *usr, *dm;
+  
+	setnetgrent(group);
+	while (getnetgrent(&hst, &usr, &dm)) {
+		if (((host == 0) || (hst == 0) || !strcmp(host, hst)) &&
+		    ((user == 0) || (usr == 0) || !strcmp(user, usr)) &&
+		    ((dom == 0) || (dm == 0) || !strcmp(dom, dm))) {
+			endnetgrent();
+			return (1);
+		}
+	}
+	endnetgrent();
+	return (0);
+}
+#endif /* HAVE_SETNETGRENT HAVE_GETNETGRENT HAVE_ENDNETGRENT */
+#endif /* HAVE_INNETGR */
+
+
+
+#ifndef HAVE_INITGROUPS
+/****************************************************************************
+ some systems don't have an initgroups call 
+****************************************************************************/
+ int initgroups(char *name,gid_t id)
+{
+#ifndef HAVE_SETGROUPS
+	static int done;
+	if (!done) {
+		DEBUG(1,("WARNING: running without setgroups\n"));
+		done=1;
+	}
+	/* yikes! no SETGROUPS or INITGROUPS? how can this work? */
+	return(0);
+#else /* HAVE_SETGROUPS */
+	gid_t *grouplst = NULL;
+	int max_gr = groups_max();
+	int ret;
+	int    i,j;
+	struct group *g;
+	char   *gr;
+	
+	if((grouplst = (gid_t *)malloc(sizeof(gid_t) * max_gr)) == NULL) {
+		DEBUG(0,("initgroups: malloc fail !\n"));
+		return -1;
+	}
+
+	grouplst[0] = id;
+	i = 1;
+	while (i < max_gr && ((g = (struct group *)getgrent()) != (struct group *)NULL)) {
+		if (g->gr_gid == id)
+			continue;
+		j = 0;
+		gr = g->gr_mem[0];
+		while (gr && (*gr != (char)NULL)) {
+			if (strcmp(name,gr) == 0) {
+				grouplst[i] = g->gr_gid;
+				i++;
+				gr = (char *)NULL;
+				break;
+			}
+			gr = g->gr_mem[++j];
+		}
+	}
+	endgrent();
+	ret = sys_setgroups(i,grouplst);
+	SAFE_FREE(grouplst);
+	return ret;
+#endif /* HAVE_SETGROUPS */
+}
+#endif /* HAVE_INITGROUPS */
+
+
+#if (defined(SecureWare) && defined(SCO))
+/* This is needed due to needing the nap() function but we don't want
+   to include the Xenix libraries since that will break other things...
+   BTW: system call # 0x0c28 is the same as calling nap() */
+ long nap(long milliseconds) {
+	 return syscall(0x0c28, milliseconds);
+ }
+#endif
+
+
+#ifndef HAVE_MEMMOVE
+/*******************************************************************
+safely copies memory, ensuring no overlap problems.
+this is only used if the machine does not have it's own memmove().
+this is not the fastest algorithm in town, but it will do for our
+needs.
+********************************************************************/
+ void *memmove(void *dest,const void *src,int size)
+{
+	unsigned long d,s;
+	int i;
+	if (dest==src || !size) return(dest);
+
+	d = (unsigned long)dest;
+	s = (unsigned long)src;
+
+	if ((d >= (s+size)) || (s >= (d+size))) {
+		/* no overlap */
+		memcpy(dest,src,size);
+		return(dest);
+	}
+
+	if (d < s) {
+		/* we can forward copy */
+		if (s-d >= sizeof(int) && 
+		    !(s%sizeof(int)) && 
+		    !(d%sizeof(int)) && 
+		    !(size%sizeof(int))) {
+			/* do it all as words */
+			int *idest = (int *)dest;
+			int *isrc = (int *)src;
+			size /= sizeof(int);
+			for (i=0;i<size;i++) idest[i] = isrc[i];
+		} else {
+			/* simplest */
+			char *cdest = (char *)dest;
+			char *csrc = (char *)src;
+			for (i=0;i<size;i++) cdest[i] = csrc[i];
+		}
+	} else {
+		/* must backward copy */
+		if (d-s >= sizeof(int) && 
+		    !(s%sizeof(int)) && 
+		    !(d%sizeof(int)) && 
+		    !(size%sizeof(int))) {
+			/* do it all as words */
+			int *idest = (int *)dest;
+			int *isrc = (int *)src;
+			size /= sizeof(int);
+			for (i=size-1;i>=0;i--) idest[i] = isrc[i];
+		} else {
+			/* simplest */
+			char *cdest = (char *)dest;
+			char *csrc = (char *)src;
+			for (i=size-1;i>=0;i--) cdest[i] = csrc[i];
+		}      
+	}
+	return(dest);
+}
+#endif /* HAVE_MEMMOVE */
+
+#ifndef HAVE_STRDUP
+/****************************************************************************
+duplicate a string
+****************************************************************************/
+ char *strdup(const char *s)
+{
+	size_t len;
+	char *ret;
+
+	if (!s) return(NULL);
+
+	len = strlen(s)+1;
+	ret = (char *)malloc(len);
+	if (!ret) return(NULL);
+	memcpy(ret,s,len);
+	return(ret);
+}
+#endif /* HAVE_STRDUP */
+
+#ifdef REPLACE_INET_NTOA
+char *rep_inet_ntoa(struct in_addr ip)
+{
+	unsigned char *p = (unsigned char *)&ip.s_addr;
+	static char buf[18];
+#if WORDS_BIGENDIAN
+	slprintf(buf, 17, "%d.%d.%d.%d", 
+		 (int)p[0], (int)p[1], (int)p[2], (int)p[3]);
+#else /* WORDS_BIGENDIAN */
+	slprintf(buf, 17, "%d.%d.%d.%d", 
+		 (int)p[3], (int)p[2], (int)p[1], (int)p[0]);
+#endif /* WORDS_BIGENDIAN */
+	return buf;
+}
+#endif /* REPLACE_INET_NTOA */
+
+#ifndef HAVE_STRTOUL
+#ifndef ULONG_MAX
+#define	ULONG_MAX	((unsigned long)(~0L))		/* 0xFFFFFFFF */
+#endif
+
+/*
+ * Convert a string to an unsigned long integer.
+ * Taken from libg++ - libiberty code.
+ *
+ * Ignores `locale' stuff.  Assumes that the upper and lower case
+ * alphabets and digits are each contiguous.
+ */
+ unsigned long strtoul(const char *nptr, char **endptr, int base)
+{
+	const char *s = nptr;
+	unsigned long acc;
+	int c;
+	unsigned long cutoff;
+	int neg = 0, any, cutlim;
+
+	/*
+	 * See strtol for comments as to the logic used.
+	 */
+	do {
+		c = *s++;
+	} while (isspace(c));
+	if (c == '-') {
+		neg = 1;
+		c = *s++;
+	} else if (c == '+')
+		c = *s++;
+	if ((base == 0 || base == 16) &&
+	    c == '0' && (*s == 'x' || *s == 'X')) {
+		c = s[1];
+		s += 2;
+		base = 16;
+	}
+	if (base == 0)
+		base = c == '0' ? 8 : 10;
+	cutoff = (unsigned long)ULONG_MAX / (unsigned long)base;
+	cutlim = (int)((unsigned long)ULONG_MAX % (unsigned long)base);
+	for (acc = 0, any = 0;; c = *s++) {
+		if (isdigit(c))
+			c -= '0';
+		else if (isalpha(c))
+			c -= isupper(c) ? 'A' - 10 : 'a' - 10;
+		else
+			break;
+		if (c >= base)
+			break;
+		if (any < 0 || acc > cutoff || acc == cutoff && c > cutlim)
+			any = -1;
+		else {
+			any = 1;
+			acc *= base;
+			acc += c;
+		}
+	}
+	if (any < 0) {
+		acc = ULONG_MAX;
+		errno = ERANGE;
+	} else if (neg)
+		acc = -acc;
+	if (endptr != 0)
+		*endptr = (char *) (any ? s - 1 : nptr);
+	return (acc);
+}
+#endif /* HAVE_STRTOUL */
+
+#ifndef HAVE_SETLINEBUF
+ int setlinebuf(FILE *stream)
+{
+	return setvbuf(stream, (char *)NULL, _IOLBF, 0);
+}
+#endif /* HAVE_SETLINEBUF */
diff --git a/source3/lib/select.c b/source3/lib/select.c
new file mode 100644
index 0000000000..550941ba77
--- /dev/null
+++ b/source3/lib/select.c
@@ -0,0 +1,159 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Samba select/poll implementation
+   Copyright (C) Andrew Tridgell 1992-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/* This is here because it allows us to avoid a nasty race in signal handling. 
+   We need to guarantee that when we get a signal we get out of a select immediately
+   but doing that involves a race condition. We can avoid the race by getting the 
+   signal handler to write to a pipe that is in the select/poll list 
+
+   This means all Samba signal handlers should call sys_select_signal().
+*/
+
+static pid_t initialised;
+static int select_pipe[2];
+static VOLATILE unsigned pipe_written, pipe_read;
+
+/*******************************************************************
+ Call this from all Samba signal handlers if you want to avoid a 
+ nasty signal race condition.
+********************************************************************/
+
+void sys_select_signal(void)
+{
+	char c = 1;
+	if (!initialised) return;
+
+	if (pipe_written > pipe_read+256) return;
+
+	if (write(select_pipe[1], &c, 1) == 1) pipe_written++;
+}
+
+/*******************************************************************
+ Like select() but avoids the signal race using a pipe
+ it also guuarantees that fds on return only ever contains bits set
+ for file descriptors that were readable.
+********************************************************************/
+
+int sys_select(int maxfd, fd_set *readfds, fd_set *writefds, fd_set *errorfds, struct timeval *tval)
+{
+	int ret, saved_errno;
+	fd_set *readfds2, readfds_buf;
+
+	if (initialised != sys_getpid()) {
+		pipe(select_pipe);
+
+		/*
+		 * These next two lines seem to fix a bug with the Linux
+		 * 2.0.x kernel (and probably other UNIXes as well) where
+		 * the one byte read below can block even though the
+		 * select returned that there is data in the pipe and
+		 * the pipe_written variable was incremented. Thanks to
+		 * HP for finding this one. JRA.
+		 */
+
+		if(set_blocking(select_pipe[0],0)==-1)
+			smb_panic("select_pipe[0]: O_NONBLOCK failed.\n");
+		if(set_blocking(select_pipe[1],0)==-1)
+			smb_panic("select_pipe[1]: O_NONBLOCK failed.\n");
+
+		initialised = sys_getpid();
+	}
+
+	maxfd = MAX(select_pipe[0]+1, maxfd);
+
+	/* If readfds is NULL we need to provide our own set. */
+	if (readfds) {
+		readfds2 = readfds;
+	} else {
+		readfds2 = &readfds_buf;
+		FD_ZERO(readfds2);
+	}
+	FD_SET(select_pipe[0], readfds2);
+
+	errno = 0;
+	ret = select(maxfd,readfds2,writefds,errorfds,tval);
+
+	if (ret <= 0) {
+		FD_ZERO(readfds2);
+		if (writefds)
+			FD_ZERO(writefds);
+		if (errorfds)
+			FD_ZERO(errorfds);
+	}
+
+	if (FD_ISSET(select_pipe[0], readfds2)) {
+		FD_CLR(select_pipe[0], readfds2);
+		ret--;
+		if (ret == 0) {
+			ret = -1;
+			errno = EINTR;
+		}
+	}
+
+	saved_errno = errno;
+
+	while (pipe_written != pipe_read) {
+		char c;
+		/* Due to the linux kernel bug in 2.0.x, we
+		 * always increment here even if the read failed... */
+		read(select_pipe[0], &c, 1);
+		pipe_read++;
+	}
+
+	errno = saved_errno;
+
+	return ret;
+}
+
+/*******************************************************************
+ Similar to sys_select() but catch EINTR and continue.
+ This is what sys_select() used to do in Samba.
+********************************************************************/
+
+int sys_select_intr(int maxfd, fd_set *readfds, fd_set *writefds, fd_set *errorfds, struct timeval *tval)
+{
+	int ret;
+	fd_set *readfds2, readfds_buf, *writefds2, writefds_buf, *errorfds2, errorfds_buf;
+
+	readfds2 = (readfds ? &readfds_buf : NULL);
+	writefds2 = (writefds ? &writefds_buf : NULL);
+	errorfds2 = (errorfds ? &errorfds_buf : NULL);
+
+	do {
+		if (readfds)
+			readfds_buf = *readfds;
+		if (writefds)
+			writefds_buf = *writefds;
+		if (errorfds)
+			errorfds_buf = *errorfds;
+		ret = sys_select(maxfd, readfds2, writefds2, errorfds2, tval);
+	} while (ret == -1 && errno == EINTR);
+
+	if (readfds)
+		*readfds = readfds_buf;
+	if (writefds)
+		*writefds = writefds_buf;
+	if (errorfds)
+		*errorfds = errorfds_buf;
+
+	return ret;
+}
diff --git a/source3/lib/signal.c b/source3/lib/signal.c
new file mode 100644
index 0000000000..99f908235c
--- /dev/null
+++ b/source3/lib/signal.c
@@ -0,0 +1,139 @@
+/* 
+   Unix SMB/CIFS implementation.
+   signal handling functions
+
+   Copyright (C) Andrew Tridgell 1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/****************************************************************************
+ Catch child exits and reap the child zombie status.
+****************************************************************************/
+
+static void sig_cld(int signum)
+{
+	while (sys_waitpid((pid_t)-1,(int *)NULL, WNOHANG) > 0)
+		;
+
+	/*
+	 * Turns out it's *really* important not to
+	 * restore the signal handler here if we have real POSIX
+	 * signal handling. If we do, then we get the signal re-delivered
+	 * immediately - hey presto - instant loop ! JRA.
+	 */
+
+#if !defined(HAVE_SIGACTION)
+	CatchSignal(SIGCLD, sig_cld);
+#endif
+}
+
+/****************************************************************************
+catch child exits - leave status;
+****************************************************************************/
+
+static void sig_cld_leave_status(int signum)
+{
+	/*
+	 * Turns out it's *really* important not to
+	 * restore the signal handler here if we have real POSIX
+	 * signal handling. If we do, then we get the signal re-delivered
+	 * immediately - hey presto - instant loop ! JRA.
+	 */
+
+#if !defined(HAVE_SIGACTION)
+	CatchSignal(SIGCLD, sig_cld_leave_status);
+#else
+	;
+#endif
+}
+
+/*******************************************************************
+ Block sigs.
+********************************************************************/
+
+void BlockSignals(BOOL block,int signum)
+{
+#ifdef HAVE_SIGPROCMASK
+	sigset_t set;
+	sigemptyset(&set);
+	sigaddset(&set,signum);
+	sigprocmask(block?SIG_BLOCK:SIG_UNBLOCK,&set,NULL);
+#elif defined(HAVE_SIGBLOCK)
+	if (block) {
+		sigblock(sigmask(signum));
+	} else {
+		sigsetmask(siggetmask() & ~sigmask(signum));
+	}
+#else
+	/* yikes! This platform can't block signals? */
+	static int done;
+	if (!done) {
+		DEBUG(0,("WARNING: No signal blocking available\n"));
+		done=1;
+	}
+#endif
+}
+
+/*******************************************************************
+ Catch a signal. This should implement the following semantics:
+
+ 1) The handler remains installed after being called.
+ 2) The signal should be blocked during handler execution.
+********************************************************************/
+
+void CatchSignal(int signum,void (*handler)(int ))
+{
+#ifdef HAVE_SIGACTION
+	struct sigaction act;
+
+	ZERO_STRUCT(act);
+
+	act.sa_handler = handler;
+#ifdef SA_RESTART
+	/*
+	 * We *want* SIGALRM to interrupt a system call.
+	 */
+	if(signum != SIGALRM)
+		act.sa_flags = SA_RESTART;
+#endif
+	sigemptyset(&act.sa_mask);
+	sigaddset(&act.sa_mask,signum);
+	sigaction(signum,&act,NULL);
+#else /* !HAVE_SIGACTION */
+	/* FIXME: need to handle sigvec and systems with broken signal() */
+	signal(signum, handler);
+#endif
+}
+
+/*******************************************************************
+ Ignore SIGCLD via whatever means is necessary for this OS.
+********************************************************************/
+
+void CatchChild(void)
+{
+	CatchSignal(SIGCLD, sig_cld);
+}
+
+/*******************************************************************
+ Catch SIGCLD but leave the child around so it's status can be reaped.
+********************************************************************/
+
+void CatchChildLeaveStatus(void)
+{
+	CatchSignal(SIGCLD, sig_cld_leave_status);
+}
diff --git a/source3/lib/smbpasswd.c b/source3/lib/smbpasswd.c
new file mode 100644
index 0000000000..c27af5540b
--- /dev/null
+++ b/source3/lib/smbpasswd.c
@@ -0,0 +1,200 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   smbpasswd file format routines
+
+   Copyright (C) Andrew Tridgell 1992-1998 
+   Modified by Jeremy Allison 1995.
+   Modified by Gerald (Jerry) Carter 2000-2001
+   Copyright (C) Tim Potter 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+/*! \file lib/smbpasswd.c
+
+   The smbpasswd file is used to store encrypted passwords in a similar
+   fashion to the /etc/passwd file.  The format is colon separated fields
+   with one user per line like so:
+
+   <username>:<uid>:<lanman hash>:<nt hash>:<acb info>:<last change time>
+
+   The username and uid must correspond to an entry in the /etc/passwd
+   file.  The lanman and nt password hashes are 32 hex digits corresponding
+   to the 16-byte lanman and nt hashes respectively.  
+
+   The password last change time is stored as a string of the format
+   LCD-<change time> where the change time is expressed as an 
+
+   'N'    No password
+   'D'    Disabled
+   'H'    Homedir required
+   'T'    Temp account.
+   'U'    User account (normal) 
+   'M'    MNS logon user account - what is this ? 
+   'W'    Workstation account
+   'S'    Server account 
+   'L'    Locked account
+   'X'    No Xpiry on password 
+   'I'    Interdomain trust account
+
+*/
+
+#include "includes.h"
+
+/*! Convert 32 hex characters into a 16 byte array. */
+
+BOOL smbpasswd_gethexpwd(char *p, unsigned char *pwd)
+{
+	int i;
+	unsigned char   lonybble, hinybble;
+	char           *hexchars = "0123456789ABCDEF";
+	char           *p1, *p2;
+	
+	if (!p) return (False);
+	
+	for (i = 0; i < 32; i += 2)
+	{
+		hinybble = toupper(p[i]);
+		lonybble = toupper(p[i + 1]);
+
+		p1 = strchr_m(hexchars, hinybble);
+		p2 = strchr_m(hexchars, lonybble);
+
+		if (!p1 || !p2)
+		{
+			return (False);
+		}
+
+		hinybble = PTR_DIFF(p1, hexchars);
+		lonybble = PTR_DIFF(p2, hexchars);
+
+		pwd[i / 2] = (hinybble << 4) | lonybble;
+	}
+	return (True);
+}
+
+/*! Convert a 16-byte array into 32 hex characters. */
+
+void smbpasswd_sethexpwd(fstring p, unsigned char *pwd, uint16 acb_info)
+{
+	if (pwd != NULL) {
+		int i;
+		for (i = 0; i < 16; i++)
+			slprintf(&p[i*2], 3, "%02X", pwd[i]);
+	} else {
+		if (acb_info & ACB_PWNOTREQ)
+			safe_strcpy(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 33);
+		else
+			safe_strcpy(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 33);
+	}
+}
+
+/*! Decode the account control bits (ACB) info from a string. */
+
+uint16 smbpasswd_decode_acb_info(const char *p)
+{
+	uint16 acb_info = 0;
+	BOOL finished = False;
+
+	/*
+	 * Check if the account type bits have been encoded after the
+	 * NT password (in the form [NDHTUWSLXI]).
+	 */
+
+	if (*p != '[') return 0;
+
+	for (p++; *p && !finished; p++)
+	{
+		switch (*p) {
+                case 'N': /* 'N'o password. */
+                        acb_info |= ACB_PWNOTREQ; 
+                        break;
+                case 'D': /* 'D'isabled. */
+                        acb_info |= ACB_DISABLED; 
+                        break; 
+                case 'H': /* 'H'omedir required. */
+                        acb_info |= ACB_HOMDIRREQ; 
+                        break;
+                case 'T': /* 'T'emp account. */
+                        acb_info |= ACB_TEMPDUP; 
+                        break;
+                case 'U': /* 'U'ser account (normal). */
+                        acb_info |= ACB_NORMAL;
+                        break;
+                case 'M': /* 'M'NS logon user account. What is this ? */
+                        acb_info |= ACB_MNS; 
+                        break; 
+                case 'W': /* 'W'orkstation account. */
+                        acb_info |= ACB_WSTRUST; 
+                        break; 
+                case 'S': /* 'S'erver account. */ 
+                        acb_info |= ACB_SVRTRUST; 
+                        break; 
+                case 'L': /* 'L'ocked account. */
+                        acb_info |= ACB_AUTOLOCK; 
+                        break; 
+                case 'X': /* No 'X'piry on password */
+                        acb_info |= ACB_PWNOEXP; 
+                        break; 
+                case 'I': /* 'I'nterdomain trust account. */
+                        acb_info |= ACB_DOMTRUST; 
+                        break; 
+
+                case ' ': 
+                        break;
+                case ':':
+                case '\n':
+                case '\0': 
+                case ']':
+                default:  
+                        finished = True;
+                        break;
+		}
+	}
+
+	return acb_info;
+}
+
+/*! Encode account control bits (ACBs) into a string. */
+
+char *smbpasswd_encode_acb_info(uint16 acb_info)
+{
+	static fstring acct_str;
+	size_t i = 0;
+
+	acct_str[i++] = '[';
+
+	if (acb_info & ACB_PWNOTREQ ) acct_str[i++] = 'N';
+	if (acb_info & ACB_DISABLED ) acct_str[i++] = 'D';
+	if (acb_info & ACB_HOMDIRREQ) acct_str[i++] = 'H';
+	if (acb_info & ACB_TEMPDUP  ) acct_str[i++] = 'T'; 
+	if (acb_info & ACB_NORMAL   ) acct_str[i++] = 'U';
+	if (acb_info & ACB_MNS      ) acct_str[i++] = 'M';
+	if (acb_info & ACB_WSTRUST  ) acct_str[i++] = 'W';
+	if (acb_info & ACB_SVRTRUST ) acct_str[i++] = 'S';
+	if (acb_info & ACB_AUTOLOCK ) acct_str[i++] = 'L';
+	if (acb_info & ACB_PWNOEXP  ) acct_str[i++] = 'X';
+	if (acb_info & ACB_DOMTRUST ) acct_str[i++] = 'I';
+
+	for ( ; i < NEW_PW_FORMAT_SPACE_PADDED_LEN - 2 ; i++ )
+                acct_str[i] = ' ';
+
+	i = NEW_PW_FORMAT_SPACE_PADDED_LEN - 2;
+	acct_str[i++] = ']';
+	acct_str[i++] = '\0';
+
+	return acct_str;
+}     
diff --git a/source3/lib/smbrun.c b/source3/lib/smbrun.c
new file mode 100644
index 0000000000..67f82ed0ad
--- /dev/null
+++ b/source3/lib/smbrun.c
@@ -0,0 +1,180 @@
+/* 
+   Unix SMB/CIFS implementation.
+   run a command as a specified user
+   Copyright (C) Andrew Tridgell 1992-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/* need to move this from here!! need some sleep ... */
+struct current_user current_user;
+
+/****************************************************************************
+This is a utility function of smbrun().
+****************************************************************************/
+
+static int setup_out_fd(void)
+{  
+	int fd;
+	pstring path;
+
+	slprintf(path, sizeof(path)-1, "%s/smb.XXXXXX", tmpdir());
+
+	/* now create the file */
+	fd = smb_mkstemp(path);
+
+	if (fd == -1) {
+		DEBUG(0,("setup_out_fd: Failed to create file %s. (%s)\n",
+			path, strerror(errno) ));
+		return -1;
+	}
+
+	DEBUG(10,("setup_out_fd: Created tmp file %s\n", path ));
+
+	/* Ensure file only kept around by open fd. */
+	unlink(path);
+	return fd;
+}
+
+/****************************************************************************
+run a command being careful about uid/gid handling and putting the output in
+outfd (or discard it if outfd is NULL).
+****************************************************************************/
+
+int smbrun(char *cmd, int *outfd)
+{
+	pid_t pid;
+	uid_t uid = current_user.uid;
+	gid_t gid = current_user.gid;
+	
+	/*
+	 * Lose any kernel oplock capabilities we may have.
+	 */
+	oplock_set_capability(False, False);
+
+	/* point our stdout at the file we want output to go into */
+
+	if (outfd && ((*outfd = setup_out_fd()) == -1)) {
+		return -1;
+	}
+
+	/* in this method we will exec /bin/sh with the correct
+	   arguments, after first setting stdout to point at the file */
+
+	/*
+	 * We need to temporarily stop CatchChild from eating
+	 * SIGCLD signals as it also eats the exit status code. JRA.
+	 */
+
+	CatchChildLeaveStatus();
+                                   	
+	if ((pid=sys_fork()) < 0) {
+		DEBUG(0,("smbrun: fork failed with error %s\n", strerror(errno) ));
+		CatchChild(); 
+		if (outfd) {
+			close(*outfd);
+			*outfd = -1;
+		}
+		return errno;
+    }
+
+	if (pid) {
+		/*
+		 * Parent.
+		 */
+		int status=0;
+		pid_t wpid;
+
+		
+		/* the parent just waits for the child to exit */
+		while((wpid = sys_waitpid(pid,&status,0)) < 0) {
+			if(errno == EINTR) {
+				errno = 0;
+				continue;
+			}
+			break;
+		}
+
+		CatchChild(); 
+
+		if (wpid != pid) {
+			DEBUG(2,("waitpid(%d) : %s\n",(int)pid,strerror(errno)));
+			if (outfd) {
+				close(*outfd);
+				*outfd = -1;
+			}
+			return -1;
+		}
+
+		/* Reset the seek pointer. */
+		if (outfd) {
+			sys_lseek(*outfd, 0, SEEK_SET);
+		}
+
+#if defined(WIFEXITED) && defined(WEXITSTATUS)
+		if (WIFEXITED(status)) {
+			return WEXITSTATUS(status);
+		}
+#endif
+
+		return status;
+	}
+	
+	CatchChild(); 
+	
+	/* we are in the child. we exec /bin/sh to do the work for us. we
+	   don't directly exec the command we want because it may be a
+	   pipeline or anything else the config file specifies */
+	
+	/* point our stdout at the file we want output to go into */
+	if (outfd) {
+		close(1);
+		if (dup2(*outfd,1) != 1) {
+			DEBUG(2,("Failed to create stdout file descriptor\n"));
+			close(*outfd);
+			exit(80);
+		}
+	}
+
+	/* now completely lose our privileges. This is a fairly paranoid
+	   way of doing it, but it does work on all systems that I know of */
+
+	become_user_permanently(uid, gid);
+
+	if (getuid() != uid || geteuid() != uid ||
+	    getgid() != gid || getegid() != gid) {
+		/* we failed to lose our privileges - do not execute
+                   the command */
+		exit(81); /* we can't print stuff at this stage,
+			     instead use exit codes for debugging */
+	}
+	
+#ifndef __INSURE__
+	/* close all other file descriptors, leaving only 0, 1 and 2. 0 and
+	   2 point to /dev/null from the startup code */
+	{
+	int fd;
+	for (fd=3;fd<256;fd++) close(fd);
+	}
+#endif
+
+	execl("/bin/sh","sh","-c",cmd,NULL);  
+	
+	/* not reached */
+	exit(82);
+	return 1;
+}
diff --git a/source3/lib/snprintf.c b/source3/lib/snprintf.c
new file mode 100644
index 0000000000..9a9dcdbae1
--- /dev/null
+++ b/source3/lib/snprintf.c
@@ -0,0 +1,962 @@
+/*
+ * Copyright Patrick Powell 1995
+ * This code is based on code written by Patrick Powell (papowell@astart.com)
+ * It may be used for any purpose as long as this notice remains intact
+ * on all source code distributions
+ */
+
+/**************************************************************
+ * Original:
+ * Patrick Powell Tue Apr 11 09:48:21 PDT 1995
+ * A bombproof version of doprnt (dopr) included.
+ * Sigh.  This sort of thing is always nasty do deal with.  Note that
+ * the version here does not include floating point...
+ *
+ * snprintf() is used instead of sprintf() as it does limit checks
+ * for string length.  This covers a nasty loophole.
+ *
+ * The other functions are there to prevent NULL pointers from
+ * causing nast effects.
+ *
+ * More Recently:
+ *  Brandon Long <blong@fiction.net> 9/15/96 for mutt 0.43
+ *  This was ugly.  It is still ugly.  I opted out of floating point
+ *  numbers, but the formatter understands just about everything
+ *  from the normal C string format, at least as far as I can tell from
+ *  the Solaris 2.5 printf(3S) man page.
+ *
+ *  Brandon Long <blong@fiction.net> 10/22/97 for mutt 0.87.1
+ *    Ok, added some minimal floating point support, which means this
+ *    probably requires libm on most operating systems.  Don't yet
+ *    support the exponent (e,E) and sigfig (g,G).  Also, fmtint()
+ *    was pretty badly broken, it just wasn't being exercised in ways
+ *    which showed it, so that's been fixed.  Also, formated the code
+ *    to mutt conventions, and removed dead code left over from the
+ *    original.  Also, there is now a builtin-test, just compile with:
+ *           gcc -DTEST_SNPRINTF -o snprintf snprintf.c -lm
+ *    and run snprintf for results.
+ * 
+ *  Thomas Roessler <roessler@guug.de> 01/27/98 for mutt 0.89i
+ *    The PGP code was using unsigned hexadecimal formats. 
+ *    Unfortunately, unsigned formats simply didn't work.
+ *
+ *  Michael Elkins <me@cs.hmc.edu> 03/05/98 for mutt 0.90.8
+ *    The original code assumed that both snprintf() and vsnprintf() were
+ *    missing.  Some systems only have snprintf() but not vsnprintf(), so
+ *    the code is now broken down under HAVE_SNPRINTF and HAVE_VSNPRINTF.
+ *
+ *  Andrew Tridgell (tridge@samba.org) Oct 1998
+ *    fixed handling of %.0f
+ *    added test for HAVE_LONG_DOUBLE
+ *
+ * tridge@samba.org, idra@samba.org, April 2001
+ *    got rid of fcvt code (twas buggy and made testing harder)
+ *    added C99 semantics
+ *
+ **************************************************************/
+
+#ifndef NO_CONFIG_H /* for some tests */
+#include "config.h"
+#endif
+
+#ifdef HAVE_STRING_H
+#include <string.h>
+#endif
+
+#ifdef HAVE_STRINGS_H
+#include <strings.h>
+#endif
+#ifdef HAVE_CTYPE_H
+#include <ctype.h>
+#endif
+#include <sys/types.h>
+#include <stdarg.h>
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+
+#if defined(HAVE_SNPRINTF) && defined(HAVE_VSNPRINTF) && defined(HAVE_C99_VSNPRINTF)
+/* only include stdio.h if we are not re-defining snprintf or vsnprintf */
+#include <stdio.h>
+ /* make the compiler happy with an empty file */
+ void dummy_snprintf(void) {} 
+#else
+
+#ifdef HAVE_LONG_DOUBLE
+#define LDOUBLE long double
+#else
+#define LDOUBLE double
+#endif
+
+#ifdef HAVE_LONG_LONG
+#define LLONG long long
+#else
+#define LLONG long
+#endif
+
+static size_t dopr(char *buffer, size_t maxlen, const char *format, 
+		   va_list args);
+static void fmtstr(char *buffer, size_t *currlen, size_t maxlen,
+		    char *value, int flags, int min, int max);
+static void fmtint(char *buffer, size_t *currlen, size_t maxlen,
+		    long value, int base, int min, int max, int flags);
+static void fmtfp(char *buffer, size_t *currlen, size_t maxlen,
+		   LDOUBLE fvalue, int min, int max, int flags);
+static void dopr_outch(char *buffer, size_t *currlen, size_t maxlen, char c);
+
+/*
+ * dopr(): poor man's version of doprintf
+ */
+
+/* format read states */
+#define DP_S_DEFAULT 0
+#define DP_S_FLAGS   1
+#define DP_S_MIN     2
+#define DP_S_DOT     3
+#define DP_S_MAX     4
+#define DP_S_MOD     5
+#define DP_S_CONV    6
+#define DP_S_DONE    7
+
+/* format flags - Bits */
+#define DP_F_MINUS 	(1 << 0)
+#define DP_F_PLUS  	(1 << 1)
+#define DP_F_SPACE 	(1 << 2)
+#define DP_F_NUM   	(1 << 3)
+#define DP_F_ZERO  	(1 << 4)
+#define DP_F_UP    	(1 << 5)
+#define DP_F_UNSIGNED 	(1 << 6)
+
+/* Conversion Flags */
+#define DP_C_SHORT   1
+#define DP_C_LONG    2
+#define DP_C_LDOUBLE 3
+#define DP_C_LLONG   4
+
+#define char_to_int(p) ((p)- '0')
+#ifndef MAX
+#define MAX(p,q) (((p) >= (q)) ? (p) : (q))
+#endif
+
+static size_t dopr(char *buffer, size_t maxlen, const char *format, va_list args)
+{
+	char ch;
+	LLONG value;
+	LDOUBLE fvalue;
+	char *strvalue;
+	int min;
+	int max;
+	int state;
+	int flags;
+	int cflags;
+	size_t currlen;
+	
+	state = DP_S_DEFAULT;
+	currlen = flags = cflags = min = 0;
+	max = -1;
+	ch = *format++;
+	
+	while (state != DP_S_DONE) {
+		if (ch == '\0') 
+			state = DP_S_DONE;
+
+		switch(state) {
+		case DP_S_DEFAULT:
+			if (ch == '%') 
+				state = DP_S_FLAGS;
+			else 
+				dopr_outch (buffer, &currlen, maxlen, ch);
+			ch = *format++;
+			break;
+		case DP_S_FLAGS:
+			switch (ch) {
+			case '-':
+				flags |= DP_F_MINUS;
+				ch = *format++;
+				break;
+			case '+':
+				flags |= DP_F_PLUS;
+				ch = *format++;
+				break;
+			case ' ':
+				flags |= DP_F_SPACE;
+				ch = *format++;
+				break;
+			case '#':
+				flags |= DP_F_NUM;
+				ch = *format++;
+				break;
+			case '0':
+				flags |= DP_F_ZERO;
+				ch = *format++;
+				break;
+			default:
+				state = DP_S_MIN;
+				break;
+			}
+			break;
+		case DP_S_MIN:
+			if (isdigit((unsigned char)ch)) {
+				min = 10*min + char_to_int (ch);
+				ch = *format++;
+			} else if (ch == '*') {
+				min = va_arg (args, int);
+				ch = *format++;
+				state = DP_S_DOT;
+			} else {
+				state = DP_S_DOT;
+			}
+			break;
+		case DP_S_DOT:
+			if (ch == '.') {
+				state = DP_S_MAX;
+				ch = *format++;
+			} else { 
+				state = DP_S_MOD;
+			}
+			break;
+		case DP_S_MAX:
+			if (isdigit((unsigned char)ch)) {
+				if (max < 0)
+					max = 0;
+				max = 10*max + char_to_int (ch);
+				ch = *format++;
+			} else if (ch == '*') {
+				max = va_arg (args, int);
+				ch = *format++;
+				state = DP_S_MOD;
+			} else {
+				state = DP_S_MOD;
+			}
+			break;
+		case DP_S_MOD:
+			switch (ch) {
+			case 'h':
+				cflags = DP_C_SHORT;
+				ch = *format++;
+				break;
+			case 'l':
+				cflags = DP_C_LONG;
+				ch = *format++;
+				if (ch == 'l') {	/* It's a long long */
+					cflags = DP_C_LLONG;
+					ch = *format++;
+				}
+				break;
+			case 'L':
+				cflags = DP_C_LDOUBLE;
+				ch = *format++;
+				break;
+			default:
+				break;
+			}
+			state = DP_S_CONV;
+			break;
+		case DP_S_CONV:
+			switch (ch) {
+			case 'd':
+			case 'i':
+				if (cflags == DP_C_SHORT) 
+					value = va_arg (args, int);
+				else if (cflags == DP_C_LONG)
+					value = va_arg (args, long int);
+				else if (cflags == DP_C_LLONG)
+					value = va_arg (args, LLONG);
+				else
+					value = va_arg (args, int);
+				fmtint (buffer, &currlen, maxlen, value, 10, min, max, flags);
+				break;
+			case 'o':
+				flags |= DP_F_UNSIGNED;
+				if (cflags == DP_C_SHORT)
+					value = va_arg (args, unsigned int);
+				else if (cflags == DP_C_LONG)
+					value = (long)va_arg (args, unsigned long int);
+				else if (cflags == DP_C_LLONG)
+					value = (long)va_arg (args, unsigned LLONG);
+				else
+					value = (long)va_arg (args, unsigned int);
+				fmtint (buffer, &currlen, maxlen, value, 8, min, max, flags);
+				break;
+			case 'u':
+				flags |= DP_F_UNSIGNED;
+				if (cflags == DP_C_SHORT)
+					value = va_arg (args, unsigned int);
+				else if (cflags == DP_C_LONG)
+					value = (long)va_arg (args, unsigned long int);
+				else if (cflags == DP_C_LLONG)
+					value = (LLONG)va_arg (args, unsigned LLONG);
+				else
+					value = (long)va_arg (args, unsigned int);
+				fmtint (buffer, &currlen, maxlen, value, 10, min, max, flags);
+				break;
+			case 'X':
+				flags |= DP_F_UP;
+			case 'x':
+				flags |= DP_F_UNSIGNED;
+				if (cflags == DP_C_SHORT)
+					value = va_arg (args, unsigned int);
+				else if (cflags == DP_C_LONG)
+					value = (long)va_arg (args, unsigned long int);
+				else if (cflags == DP_C_LLONG)
+					value = (LLONG)va_arg (args, unsigned LLONG);
+				else
+					value = (long)va_arg (args, unsigned int);
+				fmtint (buffer, &currlen, maxlen, value, 16, min, max, flags);
+				break;
+			case 'f':
+				if (cflags == DP_C_LDOUBLE)
+					fvalue = va_arg (args, LDOUBLE);
+				else
+					fvalue = va_arg (args, double);
+				/* um, floating point? */
+				fmtfp (buffer, &currlen, maxlen, fvalue, min, max, flags);
+				break;
+			case 'E':
+				flags |= DP_F_UP;
+			case 'e':
+				if (cflags == DP_C_LDOUBLE)
+					fvalue = va_arg (args, LDOUBLE);
+				else
+					fvalue = va_arg (args, double);
+				break;
+			case 'G':
+				flags |= DP_F_UP;
+			case 'g':
+				if (cflags == DP_C_LDOUBLE)
+					fvalue = va_arg (args, LDOUBLE);
+				else
+					fvalue = va_arg (args, double);
+				break;
+			case 'c':
+				dopr_outch (buffer, &currlen, maxlen, va_arg (args, int));
+				break;
+			case 's':
+				strvalue = va_arg (args, char *);
+				if (!strvalue) strvalue = "(NULL)";
+				if (max == -1) {
+					max = strlen(strvalue);
+				}
+				if (min > 0 && max >= 0 && min > max) max = min;
+				fmtstr (buffer, &currlen, maxlen, strvalue, flags, min, max);
+				break;
+			case 'p':
+				strvalue = va_arg (args, void *);
+				fmtint (buffer, &currlen, maxlen, (long) strvalue, 16, min, max, flags);
+				break;
+			case 'n':
+				if (cflags == DP_C_SHORT) {
+					short int *num;
+					num = va_arg (args, short int *);
+					*num = currlen;
+				} else if (cflags == DP_C_LONG) {
+					long int *num;
+					num = va_arg (args, long int *);
+					*num = (long int)currlen;
+				} else if (cflags == DP_C_LLONG) {
+					LLONG *num;
+					num = va_arg (args, LLONG *);
+					*num = (LLONG)currlen;
+				} else {
+					int *num;
+					num = va_arg (args, int *);
+					*num = currlen;
+				}
+				break;
+			case '%':
+				dopr_outch (buffer, &currlen, maxlen, ch);
+				break;
+			case 'w':
+				/* not supported yet, treat as next char */
+				ch = *format++;
+				break;
+			default:
+				/* Unknown, skip */
+				break;
+			}
+			ch = *format++;
+			state = DP_S_DEFAULT;
+			flags = cflags = min = 0;
+			max = -1;
+			break;
+		case DP_S_DONE:
+			break;
+		default:
+			/* hmm? */
+			break; /* some picky compilers need this */
+		}
+	}
+	if (maxlen != 0) {
+		if (currlen < maxlen - 1) 
+			buffer[currlen] = '\0';
+		else if (maxlen > 0) 
+			buffer[maxlen - 1] = '\0';
+	}
+	
+	return currlen;
+}
+
+static void fmtstr(char *buffer, size_t *currlen, size_t maxlen,
+		    char *value, int flags, int min, int max)
+{
+	int padlen, strln;     /* amount to pad */
+	int cnt = 0;
+
+#ifdef DEBUG_SNPRINTF
+	printf("fmtstr min=%d max=%d s=[%s]\n", min, max, value);
+#endif
+	if (value == 0) {
+		value = "<NULL>";
+	}
+
+	for (strln = 0; value[strln]; ++strln); /* strlen */
+	padlen = min - strln;
+	if (padlen < 0) 
+		padlen = 0;
+	if (flags & DP_F_MINUS) 
+		padlen = -padlen; /* Left Justify */
+	
+	while ((padlen > 0) && (cnt < max)) {
+		dopr_outch (buffer, currlen, maxlen, ' ');
+		--padlen;
+		++cnt;
+	}
+	while (*value && (cnt < max)) {
+		dopr_outch (buffer, currlen, maxlen, *value++);
+		++cnt;
+	}
+	while ((padlen < 0) && (cnt < max)) {
+		dopr_outch (buffer, currlen, maxlen, ' ');
+		++padlen;
+		++cnt;
+	}
+}
+
+/* Have to handle DP_F_NUM (ie 0x and 0 alternates) */
+
+static void fmtint(char *buffer, size_t *currlen, size_t maxlen,
+		    long value, int base, int min, int max, int flags)
+{
+	int signvalue = 0;
+	unsigned long uvalue;
+	char convert[20];
+	int place = 0;
+	int spadlen = 0; /* amount to space pad */
+	int zpadlen = 0; /* amount to zero pad */
+	int caps = 0;
+	
+	if (max < 0)
+		max = 0;
+	
+	uvalue = value;
+	
+	if(!(flags & DP_F_UNSIGNED)) {
+		if( value < 0 ) {
+			signvalue = '-';
+			uvalue = -value;
+		} else {
+			if (flags & DP_F_PLUS)  /* Do a sign (+/i) */
+				signvalue = '+';
+			else if (flags & DP_F_SPACE)
+				signvalue = ' ';
+		}
+	}
+  
+	if (flags & DP_F_UP) caps = 1; /* Should characters be upper case? */
+
+	do {
+		convert[place++] =
+			(caps? "0123456789ABCDEF":"0123456789abcdef")
+			[uvalue % (unsigned)base  ];
+		uvalue = (uvalue / (unsigned)base );
+	} while(uvalue && (place < 20));
+	if (place == 20) place--;
+	convert[place] = 0;
+
+	zpadlen = max - place;
+	spadlen = min - MAX (max, place) - (signvalue ? 1 : 0);
+	if (zpadlen < 0) zpadlen = 0;
+	if (spadlen < 0) spadlen = 0;
+	if (flags & DP_F_ZERO) {
+		zpadlen = MAX(zpadlen, spadlen);
+		spadlen = 0;
+	}
+	if (flags & DP_F_MINUS) 
+		spadlen = -spadlen; /* Left Justifty */
+
+#ifdef DEBUG_SNPRINTF
+	printf("zpad: %d, spad: %d, min: %d, max: %d, place: %d\n",
+	       zpadlen, spadlen, min, max, place);
+#endif
+
+	/* Spaces */
+	while (spadlen > 0) {
+		dopr_outch (buffer, currlen, maxlen, ' ');
+		--spadlen;
+	}
+
+	/* Sign */
+	if (signvalue) 
+		dopr_outch (buffer, currlen, maxlen, signvalue);
+
+	/* Zeros */
+	if (zpadlen > 0) {
+		while (zpadlen > 0) {
+			dopr_outch (buffer, currlen, maxlen, '0');
+			--zpadlen;
+		}
+	}
+
+	/* Digits */
+	while (place > 0) 
+		dopr_outch (buffer, currlen, maxlen, convert[--place]);
+  
+	/* Left Justified spaces */
+	while (spadlen < 0) {
+		dopr_outch (buffer, currlen, maxlen, ' ');
+		++spadlen;
+	}
+}
+
+static LDOUBLE abs_val(LDOUBLE value)
+{
+	LDOUBLE result = value;
+
+	if (value < 0)
+		result = -value;
+	
+	return result;
+}
+
+static LDOUBLE POW10(int exp)
+{
+	LDOUBLE result = 1;
+	
+	while (exp) {
+		result *= 10;
+		exp--;
+	}
+  
+	return result;
+}
+
+static LLONG ROUND(LDOUBLE value)
+{
+	LLONG intpart;
+
+	intpart = (LLONG)value;
+	value = value - intpart;
+	if (value >= 0.5) intpart++;
+	
+	return intpart;
+}
+
+/* a replacement for modf that doesn't need the math library. Should
+   be portable, but slow */
+static double my_modf(double x0, double *iptr)
+{
+	int i;
+	long l;
+	double x = x0;
+	double f = 1.0;
+
+	for (i=0;i<100;i++) {
+		l = (long)x;
+		if (l <= (x+1) && l >= (x-1)) break;
+		x *= 0.1;
+		f *= 10.0;
+	}
+
+	if (i == 100) {
+		/* yikes! the number is beyond what we can handle. What do we do? */
+		(*iptr) = 0;
+		return 0;
+	}
+
+	if (i != 0) {
+		double i2;
+		double ret;
+
+		ret = my_modf(x0-l*f, &i2);
+		(*iptr) = l*f + i2;
+		return ret;
+	} 
+
+	(*iptr) = l;
+	return x - (*iptr);
+}
+
+
+static void fmtfp (char *buffer, size_t *currlen, size_t maxlen,
+		   LDOUBLE fvalue, int min, int max, int flags)
+{
+	int signvalue = 0;
+	double ufvalue;
+	char iconvert[311];
+	char fconvert[311];
+	int iplace = 0;
+	int fplace = 0;
+	int padlen = 0; /* amount to pad */
+	int zpadlen = 0; 
+	int caps = 0;
+	int index;
+	double intpart;
+	double fracpart;
+	double temp;
+  
+	/* 
+	 * AIX manpage says the default is 0, but Solaris says the default
+	 * is 6, and sprintf on AIX defaults to 6
+	 */
+	if (max < 0)
+		max = 6;
+
+	ufvalue = abs_val (fvalue);
+
+	if (fvalue < 0) {
+		signvalue = '-';
+	} else {
+		if (flags & DP_F_PLUS) { /* Do a sign (+/i) */
+			signvalue = '+';
+		} else {
+			if (flags & DP_F_SPACE)
+				signvalue = ' ';
+		}
+	}
+
+#if 0
+	if (flags & DP_F_UP) caps = 1; /* Should characters be upper case? */
+#endif
+
+#if 0
+	 if (max == 0) ufvalue += 0.5; /* if max = 0 we must round */
+#endif
+
+	/* 
+	 * Sorry, we only support 16 digits past the decimal because of our 
+	 * conversion method
+	 */
+	if (max > 16)
+		max = 16;
+
+	/* We "cheat" by converting the fractional part to integer by
+	 * multiplying by a factor of 10
+	 */
+
+	temp = ufvalue;
+	my_modf(temp, &intpart);
+
+	fracpart = ROUND((POW10(max)) * (ufvalue - intpart));
+	
+	if (fracpart >= POW10(max)) {
+		intpart++;
+		fracpart -= POW10(max);
+	}
+
+
+	/* Convert integer part */
+	do {
+		temp = intpart;
+		my_modf(intpart*0.1, &intpart);
+		temp = temp*0.1;
+		index = (int) ((temp -intpart +0.05)* 10.0);
+		/* index = (int) (((double)(temp*0.1) -intpart +0.05) *10.0); */
+		/* printf ("%llf, %f, %x\n", temp, intpart, index); */
+		iconvert[iplace++] =
+			(caps? "0123456789ABCDEF":"0123456789abcdef")[index];
+	} while (intpart && (iplace < 311));
+	if (iplace == 311) iplace--;
+	iconvert[iplace] = 0;
+
+	/* Convert fractional part */
+	if (fracpart)
+	{
+		do {
+			temp = fracpart;
+			my_modf(fracpart*0.1, &fracpart);
+			temp = temp*0.1;
+			index = (int) ((temp -fracpart +0.05)* 10.0);
+			/* index = (int) ((((temp/10) -fracpart) +0.05) *10); */
+			/* printf ("%lf, %lf, %ld\n", temp, fracpart, index); */
+			fconvert[fplace++] =
+			(caps? "0123456789ABCDEF":"0123456789abcdef")[index];
+		} while(fracpart && (fplace < 311));
+		if (fplace == 311) fplace--;
+	}
+	fconvert[fplace] = 0;
+  
+	/* -1 for decimal point, another -1 if we are printing a sign */
+	padlen = min - iplace - max - 1 - ((signvalue) ? 1 : 0); 
+	zpadlen = max - fplace;
+	if (zpadlen < 0) zpadlen = 0;
+	if (padlen < 0) 
+		padlen = 0;
+	if (flags & DP_F_MINUS) 
+		padlen = -padlen; /* Left Justifty */
+	
+	if ((flags & DP_F_ZERO) && (padlen > 0)) {
+		if (signvalue) {
+			dopr_outch (buffer, currlen, maxlen, signvalue);
+			--padlen;
+			signvalue = 0;
+		}
+		while (padlen > 0) {
+			dopr_outch (buffer, currlen, maxlen, '0');
+			--padlen;
+		}
+	}
+	while (padlen > 0) {
+		dopr_outch (buffer, currlen, maxlen, ' ');
+		--padlen;
+	}
+	if (signvalue) 
+		dopr_outch (buffer, currlen, maxlen, signvalue);
+	
+	while (iplace > 0) 
+		dopr_outch (buffer, currlen, maxlen, iconvert[--iplace]);
+
+#ifdef DEBUG_SNPRINTF
+	printf("fmtfp: fplace=%d zpadlen=%d\n", fplace, zpadlen);
+#endif
+
+	/*
+	 * Decimal point.  This should probably use locale to find the correct
+	 * char to print out.
+	 */
+	if (max > 0) {
+		dopr_outch (buffer, currlen, maxlen, '.');
+		
+		while (fplace > 0) 
+			dopr_outch (buffer, currlen, maxlen, fconvert[--fplace]);
+	}
+	
+	while (zpadlen > 0) {
+		dopr_outch (buffer, currlen, maxlen, '0');
+		--zpadlen;
+	}
+
+	while (padlen < 0) {
+		dopr_outch (buffer, currlen, maxlen, ' ');
+		++padlen;
+	}
+}
+
+static void dopr_outch(char *buffer, size_t *currlen, size_t maxlen, char c)
+{
+	if (*currlen < maxlen) {
+		buffer[(*currlen)] = c;
+	}
+	(*currlen)++;
+}
+
+/* yes this really must be a ||. Don't muck with this (tridge) */
+#if !defined(HAVE_VSNPRINTF) || !defined(HAVE_C99_VSNPRINTF)
+ int vsnprintf (char *str, size_t count, const char *fmt, va_list args)
+{
+	return dopr(str, count, fmt, args);
+}
+#endif
+
+/* yes this really must be a ||. Don't muck wiith this (tridge)
+ *
+ * The logic for these two is that we need our own definition if the
+ * OS *either* has no definition of *sprintf, or if it does have one
+ * that doesn't work properly according to the autoconf test.  Perhaps
+ * these should really be smb_snprintf to avoid conflicts with buggy
+ * linkers? -- mbp
+ */
+#if !defined(HAVE_SNPRINTF) || !defined(HAVE_C99_SNPRINTF)
+ int snprintf(char *str,size_t count,const char *fmt,...)
+{
+	size_t ret;
+	va_list ap;
+    
+	va_start(ap, fmt);
+	ret = vsnprintf(str, count, fmt, ap);
+	va_end(ap);
+	return ret;
+}
+#endif
+
+#endif 
+
+#ifndef HAVE_VASPRINTF
+ int vasprintf(char **ptr, const char *format, va_list ap)
+{
+	int ret;
+	
+	ret = vsnprintf(NULL, 0, format, ap);
+	if (ret <= 0) return ret;
+
+	(*ptr) = (char *)malloc(ret+1);
+	if (!*ptr) return -1;
+	ret = vsnprintf(*ptr, ret+1, format, ap);
+
+	return ret;
+}
+#endif
+
+
+#ifndef HAVE_ASPRINTF
+ int asprintf(char **ptr, const char *format, ...)
+{
+	va_list ap;
+	int ret;
+	
+	*ptr = NULL;
+	va_start(ap, format);
+	ret = vasprintf(ptr, format, ap);
+	va_end(ap);
+
+	return ret;
+}
+#endif
+
+#ifndef HAVE_VSYSLOG
+#ifdef HAVE_SYSLOG
+ void vsyslog (int facility_priority, char *format, va_list arglist)
+{
+	char *msg = NULL;
+	vasprintf(&msg, format, arglist);
+        if (!msg)
+                return;
+        syslog(facility_priority, "%s", msg);
+        free(msg);
+}
+#endif /* HAVE_SYSLOG */
+#endif /* HAVE_VSYSLOG */
+
+#ifdef TEST_SNPRINTF
+
+ int sprintf(char *str,const char *fmt,...);
+
+ int main (void)
+{
+	char buf1[1024];
+	char buf2[1024];
+	char *fp_fmt[] = {
+		"%1.1f",
+		"%-1.5f",
+		"%1.5f",
+		"%123.9f",
+		"%10.5f",
+		"% 10.5f",
+		"%+22.9f",
+		"%+4.9f",
+		"%01.3f",
+		"%4f",
+		"%3.1f",
+		"%3.2f",
+		"%.0f",
+		"%f",
+		"-16.16f",
+		NULL
+	};
+	double fp_nums[] = { 6442452944.1234, -1.5, 134.21, 91340.2, 341.1234, 0203.9, 0.96, 0.996, 
+			     0.9996, 1.996, 4.136,  0};
+	char *int_fmt[] = {
+		"%-1.5d",
+		"%1.5d",
+		"%123.9d",
+		"%5.5d",
+		"%10.5d",
+		"% 10.5d",
+		"%+22.33d",
+		"%01.3d",
+		"%4d",
+		"%d",
+		NULL
+	};
+	long int_nums[] = { -1, 134, 91340, 341, 0203, 0};
+	char *str_fmt[] = {
+		"10.5s",
+		"5.10s",
+		"10.1s",
+		"0.10s",
+		"10.0s",
+		"1.10s",
+		"%s",
+		"%.1s",
+		"%.10s",
+		"%10s",
+		NULL
+	};
+	char *str_vals[] = {"hello", "a", "", "a longer string", NULL};
+	int x, y;
+	int fail = 0;
+	int num = 0;
+
+	printf ("Testing snprintf format codes against system sprintf...\n");
+
+	for (x = 0; fp_fmt[x] ; x++) {
+		for (y = 0; fp_nums[y] != 0 ; y++) {
+			int l1 = snprintf(NULL, 0, fp_fmt[x], fp_nums[y]);
+			int l2 = snprintf(buf1, sizeof(buf1), fp_fmt[x], fp_nums[y]);
+			sprintf (buf2, fp_fmt[x], fp_nums[y]);
+			if (strcmp (buf1, buf2)) {
+				printf("snprintf doesn't match Format: %s\n\tsnprintf = [%s]\n\t sprintf = [%s]\n", 
+				       fp_fmt[x], buf1, buf2);
+				fail++;
+			}
+			if (l1 != l2) {
+				printf("snprintf l1 != l2 (%d %d) %s\n", l1, l2, fp_fmt[x]);
+				fail++;
+			}
+			num++;
+		}
+	}
+
+	for (x = 0; int_fmt[x] ; x++) {
+		for (y = 0; int_nums[y] != 0 ; y++) {
+			int l1 = snprintf(NULL, 0, int_fmt[x], int_nums[y]);
+			int l2 = snprintf(buf1, sizeof(buf1), int_fmt[x], int_nums[y]);
+			sprintf (buf2, int_fmt[x], int_nums[y]);
+			if (strcmp (buf1, buf2)) {
+				printf("snprintf doesn't match Format: %s\n\tsnprintf = [%s]\n\t sprintf = [%s]\n", 
+				       int_fmt[x], buf1, buf2);
+				fail++;
+			}
+			if (l1 != l2) {
+				printf("snprintf l1 != l2 (%d %d) %s\n", l1, l2, int_fmt[x]);
+				fail++;
+			}
+			num++;
+		}
+	}
+
+	for (x = 0; str_fmt[x] ; x++) {
+		for (y = 0; str_vals[y] != 0 ; y++) {
+			int l1 = snprintf(NULL, 0, str_fmt[x], str_vals[y]);
+			int l2 = snprintf(buf1, sizeof(buf1), str_fmt[x], str_vals[y]);
+			sprintf (buf2, str_fmt[x], str_vals[y]);
+			if (strcmp (buf1, buf2)) {
+				printf("snprintf doesn't match Format: %s\n\tsnprintf = [%s]\n\t sprintf = [%s]\n", 
+				       str_fmt[x], buf1, buf2);
+				fail++;
+			}
+			if (l1 != l2) {
+				printf("snprintf l1 != l2 (%d %d) %s\n", l1, l2, str_fmt[x]);
+				fail++;
+			}
+			num++;
+		}
+	}
+
+	printf ("%d tests failed out of %d.\n", fail, num);
+
+	printf("seeing how many digits we support\n");
+	{
+		double v0 = 0.12345678901234567890123456789012345678901;
+		for (x=0; x<100; x++) {
+			snprintf(buf1, sizeof(buf1), "%1.1f", v0*pow(10, x));
+			sprintf(buf2,                "%1.1f", v0*pow(10, x));
+			if (strcmp(buf1, buf2)) {
+				printf("we seem to support %d digits\n", x-1);
+				break;
+			}
+		}
+	}
+
+	return 0;
+}
+#endif /* SNPRINTF_TEST */
diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c
new file mode 100644
index 0000000000..e878ee8cbf
--- /dev/null
+++ b/source3/lib/substitute.c
@@ -0,0 +1,358 @@
+/* 
+   Unix SMB/CIFS implementation.
+   string substitution functions
+   Copyright (C) Andrew Tridgell 1992-2000
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+
+#include "includes.h"
+
+fstring local_machine="";
+fstring remote_arch="UNKNOWN";
+userdom_struct current_user_info;
+fstring remote_proto="UNKNOWN";
+fstring remote_machine="";
+extern pstring global_myname;
+
+/*******************************************************************
+ Given a pointer to a %$(NAME) expand it as an environment variable.
+ Return the number of characters by which the pointer should be advanced.
+ Based on code by Branko Cibej <branko.cibej@hermes.si>
+ When this is called p points at the '%' character.
+********************************************************************/
+
+static size_t expand_env_var(char *p, int len)
+{
+	fstring envname;
+	char *envval;
+	char *q, *r;
+	int copylen;
+
+	if (p[1] != '$')
+		return 1;
+
+	if (p[2] != '(')
+		return 2;
+
+	/*
+	 * Look for the terminating ')'.
+	 */
+
+	if ((q = strchr_m(p,')')) == NULL) {
+		DEBUG(0,("expand_env_var: Unterminated environment variable [%s]\n", p));
+		return 2;
+	}
+
+	/*
+	 * Extract the name from within the %$(NAME) string.
+	 */
+
+	r = p+3;
+	copylen = MIN((q-r),(sizeof(envname)-1));
+	strncpy(envname,r,copylen);
+	envname[copylen] = '\0';
+
+	if ((envval = getenv(envname)) == NULL) {
+		DEBUG(0,("expand_env_var: Environment variable [%s] not set\n", envname));
+		return 2;
+	}
+
+	/*
+	 * Copy the full %$(NAME) into envname so it
+	 * can be replaced.
+	 */
+
+	copylen = MIN((q+1-p),(sizeof(envname)-1));
+	strncpy(envname,p,copylen);
+	envname[copylen] = '\0';
+	string_sub(p,envname,envval,len);
+	return 0; /* Allow the environment contents to be parsed. */
+}
+
+/*******************************************************************
+ Patch from jkf@soton.ac.uk
+ Added this to implement %p (NIS auto-map version of %H)
+*******************************************************************/
+
+static char *automount_path(const char *user_name)
+{
+	static pstring server_path;
+
+	/* use the passwd entry as the default */
+	/* this will be the default if WITH_AUTOMOUNT is not used or fails */
+
+	pstrcpy(server_path, get_user_home_dir(user_name));
+
+#if (defined(HAVE_NETGROUP) && defined (WITH_AUTOMOUNT))
+
+	if (lp_nis_home_map()) {
+		char *home_path_start;
+		char *automount_value = automount_lookup(user_name);
+
+		if(strlen(automount_value) > 0) {
+			home_path_start = strchr_m(automount_value,':');
+			if (home_path_start != NULL) {
+				DEBUG(5, ("NIS lookup succeeded.  Home path is: %s\n",
+						home_path_start?(home_path_start+1):""));
+				pstrcpy(server_path, home_path_start+1);
+			}
+		} else {
+			/* NIS key lookup failed: default to user home directory from password file */
+			DEBUG(5, ("NIS lookup failed. Using Home path from passwd file. Home path is: %s\n", server_path ));
+		}
+	}
+#endif
+
+	DEBUG(4,("Home server path: %s\n", server_path));
+
+	return server_path;
+}
+
+/*******************************************************************
+ Patch from jkf@soton.ac.uk
+ This is Luke's original function with the NIS lookup code
+ moved out to a separate function.
+*******************************************************************/
+
+static char *automount_server(const char *user_name)
+{
+	static pstring server_name;
+
+	/* use the local machine name as the default */
+	/* this will be the default if WITH_AUTOMOUNT is not used or fails */
+	if (*local_machine)
+		pstrcpy(server_name, local_machine);
+	else
+		pstrcpy(server_name, global_myname);
+	
+#if (defined(HAVE_NETGROUP) && defined (WITH_AUTOMOUNT))
+
+	if (lp_nis_home_map()) {
+	        int home_server_len;
+		char *automount_value = automount_lookup(user_name);
+		home_server_len = strcspn(automount_value,":");
+		DEBUG(5, ("NIS lookup succeeded.  Home server length: %d\n",home_server_len));
+		if (home_server_len > sizeof(pstring))
+			home_server_len = sizeof(pstring);
+		strncpy(server_name, automount_value, home_server_len);
+                server_name[home_server_len] = '\0';
+	}
+#endif
+
+	DEBUG(4,("Home server: %s\n", server_name));
+
+	return server_name;
+}
+
+/****************************************************************************
+ Do some standard substitutions in a string.
+****************************************************************************/
+
+void standard_sub_basic(const char *smb_name, char *str)
+{
+	char *p, *s;
+	fstring pidstr;
+	struct passwd *pass;
+
+	for (s=str; (p=strchr_m(s, '%'));s=p) {
+		fstring tmp_str;
+
+		int l = sizeof(pstring) - (int)(p-str);
+		
+		switch (*(p+1)) {
+		case 'U' : 
+			fstrcpy(tmp_str, smb_name);
+			strlower(tmp_str);
+			string_sub(p,"%U",tmp_str,l);
+			break;
+		case 'G' :
+			fstrcpy(tmp_str, smb_name);
+			if ((pass = Get_Pwnam(tmp_str))!=NULL) {
+				string_sub(p,"%G",gidtoname(pass->pw_gid),l);
+			} else {
+				p += 2;
+			}
+			break;
+		case 'D' :
+			fstrcpy(tmp_str, current_user_info.domain);
+			strupper(tmp_str);
+			string_sub(p,"%D", tmp_str,l);
+			break;
+		case 'I' : string_sub(p,"%I", client_addr(),l); break;
+		case 'L' : 
+			if (*local_machine) {
+				string_sub(p,"%L", local_machine,l); 
+			} else {
+				string_sub(p,"%L", global_myname,l); 
+			}
+			break;
+		case 'M' : string_sub(p,"%M", client_name(),l); break;
+		case 'R' : string_sub(p,"%R", remote_proto,l); break;
+		case 'T' : string_sub(p,"%T", timestring(False),l); break;
+		case 'a' : string_sub(p,"%a", remote_arch,l); break;
+		case 'd' :
+			slprintf(pidstr,sizeof(pidstr)-1, "%d",(int)sys_getpid());
+			string_sub(p,"%d", pidstr,l);
+			break;
+		case 'h' : string_sub(p,"%h", myhostname(),l); break;
+		case 'm' : string_sub(p,"%m", remote_machine,l); break;
+		case 'v' : string_sub(p,"%v", VERSION,l); break;
+		case '$' : p += expand_env_var(p,l); break; /* Expand environment variables */
+		case '\0': 
+			p++; 
+			break; /* don't run off the end of the string */
+			
+		default: p+=2; 
+			break;
+		}
+	}
+}
+
+/****************************************************************************
+ Do some standard substitutions in a string.
+****************************************************************************/
+
+void standard_sub_advanced(int snum, const char *user, const char *connectpath, gid_t gid, const char *smb_name, char *str)
+{
+	char *p, *s, *home;
+
+	for (s=str; (p=strchr_m(s, '%'));s=p) {
+		int l = sizeof(pstring) - (int)(p-str);
+		
+		switch (*(p+1)) {
+		case 'N' : string_sub(p,"%N", automount_server(user),l); break;
+		case 'H':
+			if ((home = get_user_home_dir(user))) {
+				string_sub(p,"%H",home, l);
+			} else {
+				p += 2;
+			}
+			break;
+		case 'P': 
+			string_sub(p,"%P", connectpath, l); 
+			break;
+			
+		case 'S': 
+			string_sub(p,"%S", lp_servicename(snum), l); 
+			break;
+			
+		case 'g': 
+			string_sub(p,"%g", gidtoname(gid), l); 
+			break;
+		case 'u': 
+			string_sub(p,"%u", user, l); 
+			break;
+			
+			/* Patch from jkf@soton.ac.uk Left the %N (NIS
+			 * server name) in standard_sub_basic as it is
+			 * a feature for logon servers, hence uses the
+			 * username.  The %p (NIS server path) code is
+			 * here as it is used instead of the default
+			 * "path =" string in [homes] and so needs the
+			 * service name, not the username.  */
+		case 'p': 
+			string_sub(p,"%p", automount_path(lp_servicename(snum)), l); 
+			break;
+		case '\0': 
+			p++; 
+			break; /* don't run off the end of the string */
+			
+		default: p+=2; 
+			break;
+		}
+	}
+
+	standard_sub_basic(smb_name, str);
+}
+
+/****************************************************************************
+ Do some standard substitutions in a string.
+****************************************************************************/
+
+void standard_sub_conn(connection_struct *conn, char *str)
+{
+	standard_sub_advanced(SNUM(conn), conn->user, conn->connectpath, conn->gid, current_user_info.smb_name, str);
+}
+
+/****************************************************************************
+ Like standard_sub but for a homes share where snum still points to the [homes]
+ share. No user specific snum created yet so servicename should be the username.
+****************************************************************************/
+
+void standard_sub_home(int snum, const char *user, char *str)
+{
+	char *p, *s;
+
+	for (s=str; (p=strchr_m(s, '%'));s=p) {
+		int l = sizeof(pstring) - (int)(p-str);
+		
+		switch (*(p+1)) {
+		case 'S': 
+			string_sub(p,"%S", user, l); 
+			break;
+		case 'p': 
+			string_sub(p,"%p", automount_path(user), l); 
+			break;
+		case '\0': 
+			p++; 
+			break; /* don't run off the end of the string */
+			
+		default: p+=2; 
+			break;
+		}
+	}
+
+        standard_sub_advanced(snum, user, "", -1, current_user_info.smb_name, str);
+}
+
+/****************************************************************************
+ Like standard_sub but by snum.
+****************************************************************************/
+
+void standard_sub_snum(int snum, char *str)
+{
+	extern struct current_user current_user;
+	static uid_t cached_uid = -1;
+	static fstring cached_user;
+	/* calling uidtoname() on every substitute would be too expensive, so
+	   we cache the result here as nearly every call is for the same uid */
+
+	if (cached_uid != current_user.uid) {
+		fstrcpy(cached_user, uidtoname(current_user.uid));
+		cached_uid = current_user.uid;
+	}
+
+	standard_sub_advanced(snum, cached_user, "", -1, current_user_info.smb_name, str);
+}
+
+/*******************************************************************
+ Substitute strings with useful parameters.
+********************************************************************/
+
+void standard_sub_vuser(char *str, user_struct *vuser)
+{
+	standard_sub_advanced(-1, vuser->user.unix_name, "", -1, current_user_info.smb_name, str);
+}
+
+/*******************************************************************
+ Substitute strings with useful parameters.
+********************************************************************/
+
+void standard_sub_vsnum(char *str, user_struct *vuser, int snum)
+{
+	standard_sub_advanced(snum, vuser->user.unix_name, "", -1, current_user_info.smb_name, str);
+}
diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c
new file mode 100644
index 0000000000..22245992f5
--- /dev/null
+++ b/source3/lib/sysacls.c
@@ -0,0 +1,3210 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Samba system utilities for ACL support.
+   Copyright (C) Jeremy Allison 2000.
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/*
+ This file wraps all differing system ACL interfaces into a consistent
+ one based on the POSIX interface. It also returns the correct errors
+ for older UNIX systems that don't support ACLs.
+
+ The interfaces that each ACL implementation must support are as follows :
+
+ int sys_acl_get_entry( SMB_ACL_T theacl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
+ int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
+ int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p
+ void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d)
+ SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
+ SMB_ACL_T sys_acl_get_fd(int fd)
+ int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset);
+ int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm);
+ char *sys_acl_to_text( SMB_ACL_T theacl, ssize_t *plen)
+ SMB_ACL_T sys_acl_init( int count)
+ int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
+ int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype)
+ int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual)
+ int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
+ int sys_acl_valid( SMB_ACL_T theacl )
+ int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
+ int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
+ int sys_acl_delete_def_file(const char *path)
+
+ This next one is not POSIX complient - but we *have* to have it !
+ More POSIX braindamage.
+
+ int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
+
+ The generic POSIX free is the following call. We split this into
+ several different free functions as we may need to add tag info
+ to structures when emulating the POSIX interface.
+
+ int sys_acl_free( void *obj_p)
+
+ The calls we actually use are :
+
+ int sys_acl_free_text(char *text) - free acl_to_text
+ int sys_acl_free_acl(SMB_ACL_T posix_acl)
+ int sys_acl_free_qualifier(void *qualifier, SMB_ACL_TAG_T tagtype)
+
+*/
+
+#if defined(HAVE_POSIX_ACLS)
+
+/* Identity mapping - easy. */
+
+int sys_acl_get_entry( SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
+{
+	return acl_get_entry( the_acl, entry_id, entry_p);
+}
+
+int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
+{
+	return acl_get_tag_type( entry_d, tag_type_p);
+}
+
+int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
+{
+	return acl_get_permset( entry_d, permset_p);
+}
+
+void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d)
+{
+	return acl_get_qualifier( entry_d);
+}
+
+SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
+{
+	return acl_get_file( path_p, type);
+}
+
+SMB_ACL_T sys_acl_get_fd(int fd)
+{
+	return acl_get_fd(fd);
+}
+
+int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset)
+{
+	return acl_clear_perms(permset);
+}
+
+int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
+{
+	return acl_add_perm(permset, perm);
+}
+
+int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
+{
+#if defined(HAVE_ACL_GET_PERM_NP)
+	/*
+	 * Required for TrustedBSD-based ACL implementations where
+	 * non-POSIX.1e functions are denoted by a _np (non-portable)
+	 * suffix.
+	 */
+	return acl_get_perm_np(permset, perm);
+#else
+	return acl_get_perm(permset, perm);
+#endif
+}
+
+char *sys_acl_to_text( SMB_ACL_T the_acl, ssize_t *plen)
+{
+	return acl_to_text( the_acl, plen);
+}
+
+SMB_ACL_T sys_acl_init( int count)
+{
+	return acl_init(count);
+}
+
+int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
+{
+	return acl_create_entry(pacl, pentry);
+}
+
+int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype)
+{
+	return acl_set_tag_type(entry, tagtype);
+}
+
+int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual)
+{
+	return acl_set_qualifier(entry, qual);
+}
+
+int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
+{
+	return acl_set_permset(entry, permset);
+}
+
+int sys_acl_valid( SMB_ACL_T theacl )
+{
+	return acl_valid(theacl);
+}
+
+int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
+{
+	return acl_set_file(name, acltype, theacl);
+}
+
+int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
+{
+	return acl_set_fd(fd, theacl);
+}
+
+int sys_acl_delete_def_file(const char *name)
+{
+	return acl_delete_def_file(name);
+}
+
+int sys_acl_free_text(char *text)
+{
+	return acl_free(text);
+}
+
+int sys_acl_free_acl(SMB_ACL_T the_acl) 
+{
+	return acl_free(the_acl);
+}
+
+int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype)
+{
+	return acl_free(qual);
+}
+
+#elif defined(HAVE_TRU64_ACLS)
+/*
+ * The interface to DEC/Compaq Tru64 UNIX ACLs
+ * is based on Draft 13 of the POSIX spec which is
+ * slightly different from the Draft 16 interface.
+ * 
+ * Also, some of the permset manipulation functions
+ * such as acl_clear_perm() and acl_add_perm() appear
+ * to be broken on Tru64 so we have to manipulate
+ * the permission bits in the permset directly.
+ */
+int sys_acl_get_entry( SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
+{
+	SMB_ACL_ENTRY_T	entry;
+
+	if (entry_id == SMB_ACL_FIRST_ENTRY && acl_first_entry(the_acl) != 0) {
+		return -1;
+	}
+
+	errno = 0;
+	if ((entry = acl_get_entry(the_acl)) != NULL) {
+		*entry_p = entry;
+		return 1;
+	}
+
+	return errno ? -1 : 0;
+}
+
+int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
+{
+	return acl_get_tag_type( entry_d, tag_type_p);
+}
+
+int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
+{
+	return acl_get_permset( entry_d, permset_p);
+}
+
+void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d)
+{
+	return acl_get_qualifier( entry_d);
+}
+
+SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
+{
+	return acl_get_file((char *)path_p, type);
+}
+
+SMB_ACL_T sys_acl_get_fd(int fd)
+{
+	return acl_get_fd(fd, ACL_TYPE_ACCESS);
+}
+
+int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset)
+{
+	*permset = 0;		/* acl_clear_perm() is broken on Tru64	*/
+
+	return 0;
+}
+
+int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
+{
+	if (perm & ~(SMB_ACL_READ | SMB_ACL_WRITE | SMB_ACL_EXECUTE)) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	*permset |= perm;	/* acl_add_perm() is broken on Tru64	*/
+
+	return 0;
+}
+
+int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
+{
+	return *permset & perm;	/* Tru64 doesn't have acl_get_perm() */
+}
+
+char *sys_acl_to_text( SMB_ACL_T the_acl, ssize_t *plen)
+{
+	return acl_to_text( the_acl, plen);
+}
+
+SMB_ACL_T sys_acl_init( int count)
+{
+	return acl_init(count);
+}
+
+int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
+{
+	SMB_ACL_ENTRY_T entry;
+
+	if ((entry = acl_create_entry(pacl)) == NULL) {
+		return -1;
+	}
+
+	*pentry = entry;
+	return 0;
+}
+
+int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype)
+{
+	return acl_set_tag_type(entry, tagtype);
+}
+
+int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual)
+{
+	return acl_set_qualifier(entry, qual);
+}
+
+int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
+{
+	return acl_set_permset(entry, permset);
+}
+
+int sys_acl_valid( SMB_ACL_T theacl )
+{
+	acl_entry_t	entry;
+
+	return acl_valid(theacl, &entry);
+}
+
+int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
+{
+	return acl_set_file((char *)name, acltype, theacl);
+}
+
+int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
+{
+	return acl_set_fd(fd, ACL_TYPE_ACCESS, theacl);
+}
+
+int sys_acl_delete_def_file(const char *name)
+{
+	return acl_delete_def_file((char *)name);
+}
+
+int sys_acl_free_text(char *text)
+{
+	/*
+	 * (void) cast and explicit return 0 are for DEC UNIX
+	 *  which just #defines acl_free_text() to be free()
+	 */
+	(void) acl_free_text(text);
+	return 0;
+}
+
+int sys_acl_free_acl(SMB_ACL_T the_acl) 
+{
+	return acl_free(the_acl);
+}
+
+int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype)
+{
+	return acl_free_qualifier(qual, tagtype);
+}
+
+#elif defined(HAVE_UNIXWARE_ACLS) || defined(HAVE_SOLARIS_ACLS)
+
+/*
+ * Donated by Michael Davidson <md@sco.COM> for UnixWare / OpenUNIX.
+ * Modified by Toomas Soome <tsoome@ut.ee> for Solaris.
+ */
+
+/*
+ * Note that while this code implements sufficient functionality
+ * to support the sys_acl_* interfaces it does not provide all
+ * of the semantics of the POSIX ACL interfaces.
+ *
+ * In particular, an ACL entry descriptor (SMB_ACL_ENTRY_T) returned
+ * from a call to sys_acl_get_entry() should not be assumed to be
+ * valid after calling any of the following functions, which may
+ * reorder the entries in the ACL.
+ *
+ *	sys_acl_valid()
+ *	sys_acl_set_file()
+ *	sys_acl_set_fd()
+ */
+
+/*
+ * The only difference between Solaris and UnixWare / OpenUNIX is
+ * that the #defines for the ACL operations have different names
+ */
+#if defined(HAVE_UNIXWARE_ACLS)
+
+#define	SETACL		ACL_SET
+#define	GETACL		ACL_GET
+#define	GETACLCNT	ACL_CNT
+
+#endif
+
+
+int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p)
+{
+	if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	if (entry_p == NULL) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	if (entry_id == SMB_ACL_FIRST_ENTRY) {
+		acl_d->next = 0;
+	}
+
+	if (acl_d->next < 0) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	if (acl_d->next >= acl_d->count) {
+		return 0;
+	}
+
+	*entry_p = &acl_d->acl[acl_d->next++];
+
+	return 1;
+}
+
+int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p)
+{
+	*type_p = entry_d->a_type;
+
+	return 0;
+}
+
+int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
+{
+	*permset_p = &entry_d->a_perm;
+
+	return 0;
+}
+
+void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d)
+{
+	if (entry_d->a_type != SMB_ACL_USER
+	    && entry_d->a_type != SMB_ACL_GROUP) {
+		errno = EINVAL;
+		return NULL;
+	}
+
+	return &entry_d->a_id;
+}
+
+/*
+ * There is no way of knowing what size the ACL returned by
+ * GETACL will be unless you first call GETACLCNT which means
+ * making an additional system call.
+ *
+ * In the hope of avoiding the cost of the additional system
+ * call in most cases, we initially allocate enough space for
+ * an ACL with INITIAL_ACL_SIZE entries. If this turns out to
+ * be too small then we use GETACLCNT to find out the actual
+ * size, reallocate the ACL buffer, and then call GETACL again.
+ */
+
+#define	INITIAL_ACL_SIZE	16
+
+SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type)
+{
+	SMB_ACL_T	acl_d;
+	int		count;		/* # of ACL entries allocated	*/
+	int		naccess;	/* # of access ACL entries	*/
+	int		ndefault;	/* # of default ACL entries	*/
+
+	if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) {
+		errno = EINVAL;
+		return NULL;
+	}
+
+	count = INITIAL_ACL_SIZE;
+	if ((acl_d = sys_acl_init(count)) == NULL) {
+		return NULL;
+	}
+
+	/*
+	 * If there isn't enough space for the ACL entries we use
+	 * GETACLCNT to determine the actual number of ACL entries
+	 * reallocate and try again. This is in a loop because it
+	 * is possible that someone else could modify the ACL and
+	 * increase the number of entries between the call to
+	 * GETACLCNT and the call to GETACL.
+	 */
+	while ((count = acl(path_p, GETACL, count, &acl_d->acl[0])) < 0
+	    && errno == ENOSPC) {
+
+		sys_acl_free_acl(acl_d);
+
+		if ((count = acl(path_p, GETACLCNT, 0, NULL)) < 0) {
+			return NULL;
+		}
+
+		if ((acl_d = sys_acl_init(count)) == NULL) {
+			return NULL;
+		}
+	}
+
+	if (count < 0) {
+		sys_acl_free_acl(acl_d);
+		return NULL;
+	}
+
+	/*
+	 * calculate the number of access and default ACL entries
+	 *
+	 * Note: we assume that the acl() system call returned a
+	 * well formed ACL which is sorted so that all of the
+	 * access ACL entries preceed any default ACL entries
+	 */
+	for (naccess = 0; naccess < count; naccess++) {
+		if (acl_d->acl[naccess].a_type & ACL_DEFAULT)
+			break;
+	}
+	ndefault = count - naccess;
+	
+	/*
+	 * if the caller wants the default ACL we have to copy
+	 * the entries down to the start of the acl[] buffer
+	 * and mask out the ACL_DEFAULT flag from the type field
+	 */
+	if (type == SMB_ACL_TYPE_DEFAULT) {
+		int	i, j;
+
+		for (i = 0, j = naccess; i < ndefault; i++, j++) {
+			acl_d->acl[i] = acl_d->acl[j];
+			acl_d->acl[i].a_type &= ~ACL_DEFAULT;
+		}
+
+		acl_d->count = ndefault;
+	} else {
+		acl_d->count = naccess;
+	}
+
+	return acl_d;
+}
+
+SMB_ACL_T sys_acl_get_fd(int fd)
+{
+	SMB_ACL_T	acl_d;
+	int		count;		/* # of ACL entries allocated	*/
+	int		naccess;	/* # of access ACL entries	*/
+
+	count = INITIAL_ACL_SIZE;
+	if ((acl_d = sys_acl_init(count)) == NULL) {
+		return NULL;
+	}
+
+	while ((count = facl(fd, GETACL, count, &acl_d->acl[0])) < 0
+	    && errno == ENOSPC) {
+
+		sys_acl_free_acl(acl_d);
+
+		if ((count = facl(fd, GETACLCNT, 0, NULL)) < 0) {
+			return NULL;
+		}
+
+		if ((acl_d = sys_acl_init(count)) == NULL) {
+			return NULL;
+		}
+	}
+
+	if (count < 0) {
+		sys_acl_free_acl(acl_d);
+		return NULL;
+	}
+
+	/*
+	 * calculate the number of access ACL entries
+	 */
+	for (naccess = 0; naccess < count; naccess++) {
+		if (acl_d->acl[naccess].a_type & ACL_DEFAULT)
+			break;
+	}
+	
+	acl_d->count = naccess;
+
+	return acl_d;
+}
+
+int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d)
+{
+	*permset_d = 0;
+
+	return 0;
+}
+
+int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
+{
+	if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE
+	    && perm != SMB_ACL_EXECUTE) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	if (permset_d == NULL) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	*permset_d |= perm;
+
+	return 0;
+}
+
+int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
+{
+	return *permset_d & perm;
+}
+
+char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p)
+{
+	int	i;
+	int	len, maxlen;
+	char	*text;
+
+	/*
+	 * use an initial estimate of 20 bytes per ACL entry
+	 * when allocating memory for the text representation
+	 * of the ACL
+	 */
+	len	= 0;
+	maxlen	= 20 * acl_d->count;
+	if ((text = malloc(maxlen)) == NULL) {
+		errno = ENOMEM;
+		return NULL;
+	}
+
+	for (i = 0; i < acl_d->count; i++) {
+		struct acl	*ap	= &acl_d->acl[i];
+		struct passwd	*pw;
+		struct group	*gr;
+		char		tagbuf[12];
+		char		idbuf[12];
+		char		*tag;
+		char		*id	= "";
+		char		perms[4];
+		int		nbytes;
+
+		switch (ap->a_type) {
+			/*
+			 * for debugging purposes it's probably more
+			 * useful to dump unknown tag types rather
+			 * than just returning an error
+			 */
+			default:
+				slprintf(tagbuf, sizeof(tagbuf)-1, "0x%x",
+					ap->a_type);
+				tag = tagbuf;
+				slprintf(idbuf, sizeof(idbuf)-1, "%ld",
+					(long)ap->a_id);
+				id = idbuf;
+				break;
+
+			case SMB_ACL_USER:
+				if ((pw = sys_getpwuid(ap->a_id)) == NULL) {
+					slprintf(idbuf, sizeof(idbuf)-1, "%ld",
+						(long)ap->a_id);
+					id = idbuf;
+				} else {
+					id = pw->pw_name;
+				}
+			case SMB_ACL_USER_OBJ:
+				tag = "user";
+				break;
+
+			case SMB_ACL_GROUP:
+				if ((gr = getgrgid(ap->a_id)) == NULL) {
+					slprintf(idbuf, sizeof(idbuf)-1, "%ld",
+						(long)ap->a_id);
+					id = idbuf;
+				} else {
+					id = gr->gr_name;
+				}
+			case SMB_ACL_GROUP_OBJ:
+				tag = "group";
+				break;
+
+			case SMB_ACL_OTHER:
+				tag = "other";
+				break;
+
+			case SMB_ACL_MASK:
+				tag = "mask";
+				break;
+
+		}
+
+		perms[0] = (ap->a_perm & SMB_ACL_READ) ? 'r' : '-';
+		perms[1] = (ap->a_perm & SMB_ACL_WRITE) ? 'w' : '-';
+		perms[2] = (ap->a_perm & SMB_ACL_EXECUTE) ? 'x' : '-';
+		perms[3] = '\0';
+
+		/*          <tag>      :  <qualifier>   :  rwx \n  \0 */
+		nbytes = strlen(tag) + 1 + strlen(id) + 1 + 3 + 1 + 1;
+
+		/*
+		 * If this entry would overflow the buffer
+		 * allocate enough additional memory for this
+		 * entry and an estimate of another 20 bytes
+		 * for each entry still to be processed
+		 */
+		if ((len + nbytes) > maxlen) {
+			char *oldtext = text;
+
+			maxlen += nbytes + 20 * (acl_d->count - i);
+
+			if ((text = Realloc(oldtext, maxlen)) == NULL) {
+				SAFE_FREE(oldtext);
+				errno = ENOMEM;
+				return NULL;
+			}
+		}
+
+		slprintf(&text[len], nbytes-1, "%s:%s:%s\n", tag, id, perms);
+		len += nbytes - 1;
+	}
+
+	if (len_p)
+		*len_p = len;
+
+	return text;
+}
+
+SMB_ACL_T sys_acl_init(int count)
+{
+	SMB_ACL_T	a;
+
+	if (count < 0) {
+		errno = EINVAL;
+		return NULL;
+	}
+
+	/*
+	 * note that since the definition of the structure pointed
+	 * to by the SMB_ACL_T includes the first element of the
+	 * acl[] array, this actually allocates an ACL with room
+	 * for (count+1) entries
+	 */
+	if ((a = malloc(sizeof(*a) + count * sizeof(struct acl))) == NULL) {
+		errno = ENOMEM;
+		return NULL;
+	}
+
+	a->size = count + 1;
+	a->count = 0;
+	a->next = -1;
+
+	return a;
+}
+
+
+int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p)
+{
+	SMB_ACL_T	acl_d;
+	SMB_ACL_ENTRY_T	entry_d;
+
+	if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	if (acl_d->count >= acl_d->size) {
+		errno = ENOSPC;
+		return -1;
+	}
+
+	entry_d		= &acl_d->acl[acl_d->count++];
+	entry_d->a_type	= 0;
+	entry_d->a_id	= -1;
+	entry_d->a_perm	= 0;
+	*entry_p	= entry_d;
+
+	return 0;
+}
+
+int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type)
+{
+	switch (tag_type) {
+		case SMB_ACL_USER:
+		case SMB_ACL_USER_OBJ:
+		case SMB_ACL_GROUP:
+		case SMB_ACL_GROUP_OBJ:
+		case SMB_ACL_OTHER:
+		case SMB_ACL_MASK:
+			entry_d->a_type = tag_type;
+			break;
+		default:
+			errno = EINVAL;
+			return -1;
+	}
+
+	return 0;
+}
+
+int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p)
+{
+	if (entry_d->a_type != SMB_ACL_GROUP
+	    && entry_d->a_type != SMB_ACL_USER) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	entry_d->a_id = *((id_t *)qual_p);
+
+	return 0;
+}
+
+int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d)
+{
+	if (*permset_d & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) {
+		return EINVAL;
+	}
+
+	entry_d->a_perm = *permset_d;
+
+	return 0;
+}
+
+/*
+ * sort the ACL and check it for validity
+ *
+ * if it's a minimal ACL with only 4 entries then we
+ * need to recalculate the mask permissions to make
+ * sure that they are the same as the GROUP_OBJ
+ * permissions as required by the UnixWare acl() system call.
+ *
+ * (note: since POSIX allows minimal ACLs which only contain
+ * 3 entries - ie there is no mask entry - we should, in theory,
+ * check for this and add a mask entry if necessary - however
+ * we "know" that the caller of this interface always specifies
+ * a mask so, in practice "this never happens" (tm) - if it *does*
+ * happen aclsort() will fail and return an error and someone will
+ * have to fix it ...)
+ */
+
+static int acl_sort(SMB_ACL_T acl_d)
+{
+	int     fixmask = (acl_d->count <= 4);
+
+	if (aclsort(acl_d->count, fixmask, acl_d->acl) != 0) {
+		errno = EINVAL;
+		return -1;
+	}
+	return 0;
+}
+ 
+int sys_acl_valid(SMB_ACL_T acl_d)
+{
+	return acl_sort(acl_d);
+}
+
+int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d)
+{
+	struct stat	s;
+	struct acl	*acl_p;
+	int		acl_count;
+	struct acl	*acl_buf	= NULL;
+	int		ret;
+
+	if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	if (acl_sort(acl_d) != 0) {
+		return -1;
+	}
+
+	acl_p		= &acl_d->acl[0];
+	acl_count	= acl_d->count;
+
+	/*
+	 * if it's a directory there is extra work to do
+	 * since the acl() system call will replace both
+	 * the access ACLs and the default ACLs (if any)
+	 */
+	if (stat(name, &s) != 0) {
+		return -1;
+	}
+	if (S_ISDIR(s.st_mode)) {
+		SMB_ACL_T	acc_acl;
+		SMB_ACL_T	def_acl;
+		SMB_ACL_T	tmp_acl;
+		int		i;
+
+		if (type == SMB_ACL_TYPE_ACCESS) {
+			acc_acl = acl_d;
+			def_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_DEFAULT);
+
+		} else {
+			def_acl = acl_d;
+			acc_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_ACCESS);
+		}
+
+		if (tmp_acl == NULL) {
+			return -1;
+		}
+
+		/*
+		 * allocate a temporary buffer for the complete ACL
+		 */
+		acl_count = acc_acl->count + def_acl->count;
+		acl_p = acl_buf = malloc(acl_count * sizeof(acl_buf[0]));
+
+		if (acl_buf == NULL) {
+			sys_acl_free_acl(tmp_acl);
+			errno = ENOMEM;
+			return -1;
+		}
+
+		/*
+		 * copy the access control and default entries into the buffer
+		 */
+		memcpy(&acl_buf[0], &acc_acl->acl[0],
+			acc_acl->count * sizeof(acl_buf[0]));
+
+		memcpy(&acl_buf[acc_acl->count], &def_acl->acl[0],
+			def_acl->count * sizeof(acl_buf[0]));
+
+		/*
+		 * set the ACL_DEFAULT flag on the default entries
+		 */
+		for (i = acc_acl->count; i < acl_count; i++) {
+			acl_buf[i].a_type |= ACL_DEFAULT;
+		}
+
+		sys_acl_free_acl(tmp_acl);
+
+	} else if (type != SMB_ACL_TYPE_ACCESS) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	ret = acl(name, SETACL, acl_count, acl_p);
+
+	SAFE_FREE(acl_buf);
+
+	return ret;
+}
+
+int sys_acl_set_fd(int fd, SMB_ACL_T acl_d)
+{
+	if (acl_sort(acl_d) != 0) {
+		return -1;
+	}
+
+	return facl(fd, SETACL, acl_d->count, &acl_d->acl[0]);
+}
+
+int sys_acl_delete_def_file(const char *path)
+{
+	SMB_ACL_T	acl_d;
+	int		ret;
+
+	/*
+	 * fetching the access ACL and rewriting it has
+	 * the effect of deleting the default ACL
+	 */
+	if ((acl_d = sys_acl_get_file(path, SMB_ACL_TYPE_ACCESS)) == NULL) {
+		return -1;
+	}
+
+	ret = acl(path, SETACL, acl_d->count, acl_d->acl);
+
+	sys_acl_free_acl(acl_d);
+	
+	return ret;
+}
+
+int sys_acl_free_text(char *text)
+{
+	SAFE_FREE(text);
+	return 0;
+}
+
+int sys_acl_free_acl(SMB_ACL_T acl_d) 
+{
+	SAFE_FREE(acl_d);
+	return 0;
+}
+
+int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype)
+{
+	return 0;
+}
+
+#elif defined(HAVE_HPUX_ACLS)
+#include <dl.h>
+
+/*
+ * Based on the Solaris/SCO code - with modifications.
+ */
+
+/*
+ * Note that while this code implements sufficient functionality
+ * to support the sys_acl_* interfaces it does not provide all
+ * of the semantics of the POSIX ACL interfaces.
+ *
+ * In particular, an ACL entry descriptor (SMB_ACL_ENTRY_T) returned
+ * from a call to sys_acl_get_entry() should not be assumed to be
+ * valid after calling any of the following functions, which may
+ * reorder the entries in the ACL.
+ *
+ *	sys_acl_valid()
+ *	sys_acl_set_file()
+ *	sys_acl_set_fd()
+ */
+
+/* This checks if the POSIX ACL system call is defined */
+/* which basically corresponds to whether JFS 3.3 or   */
+/* higher is installed. If acl() was called when it    */
+/* isn't defined, it causes the process to core dump   */
+/* so it is important to check this and avoid acl()    */
+/* calls if it isn't there.                            */
+
+static BOOL hpux_acl_call_presence(void)
+{
+
+	shl_t handle = NULL;
+	void *value;
+	int ret_val=0;
+	static BOOL already_checked=0;
+
+	if(already_checked)
+		return True;
+
+
+	ret_val = shl_findsym(&handle, "acl", TYPE_PROCEDURE, &value);
+
+	if(ret_val != 0) {
+		DEBUG(5, ("hpux_acl_call_presence: shl_findsym() returned %d, errno = %d, error %s\n",
+			ret_val, errno, strerror(errno)));
+		DEBUG(5,("hpux_acl_call_presence: acl() system call is not present. Check if you have JFS 3.3 and above?\n"));
+		return False;
+	}
+
+	DEBUG(10,("hpux_acl_call_presence: acl() system call is present. We have JFS 3.3 or above \n"));
+
+	already_checked = True;
+	return True;
+}
+
+int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p)
+{
+	if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	if (entry_p == NULL) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	if (entry_id == SMB_ACL_FIRST_ENTRY) {
+		acl_d->next = 0;
+	}
+
+	if (acl_d->next < 0) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	if (acl_d->next >= acl_d->count) {
+		return 0;
+	}
+
+	*entry_p = &acl_d->acl[acl_d->next++];
+
+	return 1;
+}
+
+int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p)
+{
+	*type_p = entry_d->a_type;
+
+	return 0;
+}
+
+int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
+{
+	*permset_p = &entry_d->a_perm;
+
+	return 0;
+}
+
+void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d)
+{
+	if (entry_d->a_type != SMB_ACL_USER
+	    && entry_d->a_type != SMB_ACL_GROUP) {
+		errno = EINVAL;
+		return NULL;
+	}
+
+	return &entry_d->a_id;
+}
+
+/*
+ * There is no way of knowing what size the ACL returned by
+ * ACL_GET will be unless you first call ACL_CNT which means
+ * making an additional system call.
+ *
+ * In the hope of avoiding the cost of the additional system
+ * call in most cases, we initially allocate enough space for
+ * an ACL with INITIAL_ACL_SIZE entries. If this turns out to
+ * be too small then we use ACL_CNT to find out the actual
+ * size, reallocate the ACL buffer, and then call ACL_GET again.
+ */
+
+#define	INITIAL_ACL_SIZE	16
+
+SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type)
+{
+	SMB_ACL_T	acl_d;
+	int		count;		/* # of ACL entries allocated	*/
+	int		naccess;	/* # of access ACL entries	*/
+	int		ndefault;	/* # of default ACL entries	*/
+
+	if(hpux_acl_call_presence() == False) {
+		/* Looks like we don't have the acl() system call on HPUX. 
+		 * May be the system doesn't have the latest version of JFS.
+		 */
+		return NULL; 
+	}
+
+	if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) {
+		errno = EINVAL;
+		return NULL;
+	}
+
+	count = INITIAL_ACL_SIZE;
+	if ((acl_d = sys_acl_init(count)) == NULL) {
+		return NULL;
+	}
+
+	/*
+	 * If there isn't enough space for the ACL entries we use
+	 * ACL_CNT to determine the actual number of ACL entries
+	 * reallocate and try again. This is in a loop because it
+	 * is possible that someone else could modify the ACL and
+	 * increase the number of entries between the call to
+	 * ACL_CNT and the call to ACL_GET.
+	 */
+	while ((count = acl(path_p, ACL_GET, count, &acl_d->acl[0])) < 0 && errno == ENOSPC) {
+
+		sys_acl_free_acl(acl_d);
+
+		if ((count = acl(path_p, ACL_CNT, 0, NULL)) < 0) {
+			return NULL;
+		}
+
+		if ((acl_d = sys_acl_init(count)) == NULL) {
+			return NULL;
+		}
+	}
+
+	if (count < 0) {
+		sys_acl_free_acl(acl_d);
+		return NULL;
+	}
+
+	/*
+	 * calculate the number of access and default ACL entries
+	 *
+	 * Note: we assume that the acl() system call returned a
+	 * well formed ACL which is sorted so that all of the
+	 * access ACL entries preceed any default ACL entries
+	 */
+	for (naccess = 0; naccess < count; naccess++) {
+		if (acl_d->acl[naccess].a_type & ACL_DEFAULT)
+			break;
+	}
+	ndefault = count - naccess;
+	
+	/*
+	 * if the caller wants the default ACL we have to copy
+	 * the entries down to the start of the acl[] buffer
+	 * and mask out the ACL_DEFAULT flag from the type field
+	 */
+	if (type == SMB_ACL_TYPE_DEFAULT) {
+		int	i, j;
+
+		for (i = 0, j = naccess; i < ndefault; i++, j++) {
+			acl_d->acl[i] = acl_d->acl[j];
+			acl_d->acl[i].a_type &= ~ACL_DEFAULT;
+		}
+
+		acl_d->count = ndefault;
+	} else {
+		acl_d->count = naccess;
+	}
+
+	return acl_d;
+}
+
+SMB_ACL_T sys_acl_get_fd(int fd)
+{
+	/*
+	 * HPUX doesn't have the facl call. Fake it using the path.... JRA.
+	 */
+
+	files_struct *fsp = file_find_fd(fd);
+
+	if (fsp == NULL) {
+		errno = EBADF;
+		return NULL;
+	}
+
+	/*
+	 * We know we're in the same conn context. So we
+	 * can use the relative path.
+	 */
+
+	return sys_acl_get_file(fsp->fsp_name, SMB_ACL_TYPE_ACCESS);
+}
+
+int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d)
+{
+	*permset_d = 0;
+
+	return 0;
+}
+
+int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
+{
+	if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE
+	    && perm != SMB_ACL_EXECUTE) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	if (permset_d == NULL) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	*permset_d |= perm;
+
+	return 0;
+}
+
+int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
+{
+	return *permset_d & perm;
+}
+
+char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p)
+{
+	int	i;
+	int	len, maxlen;
+	char	*text;
+
+	/*
+	 * use an initial estimate of 20 bytes per ACL entry
+	 * when allocating memory for the text representation
+	 * of the ACL
+	 */
+	len	= 0;
+	maxlen	= 20 * acl_d->count;
+	if ((text = malloc(maxlen)) == NULL) {
+		errno = ENOMEM;
+		return NULL;
+	}
+
+	for (i = 0; i < acl_d->count; i++) {
+		struct acl	*ap	= &acl_d->acl[i];
+		struct passwd	*pw;
+		struct group	*gr;
+		char		tagbuf[12];
+		char		idbuf[12];
+		char		*tag;
+		char		*id	= "";
+		char		perms[4];
+		int		nbytes;
+
+		switch (ap->a_type) {
+			/*
+			 * for debugging purposes it's probably more
+			 * useful to dump unknown tag types rather
+			 * than just returning an error
+			 */
+			default:
+				slprintf(tagbuf, sizeof(tagbuf)-1, "0x%x",
+					ap->a_type);
+				tag = tagbuf;
+				slprintf(idbuf, sizeof(idbuf)-1, "%ld",
+					(long)ap->a_id);
+				id = idbuf;
+				break;
+
+			case SMB_ACL_USER:
+				if ((pw = sys_getpwuid(ap->a_id)) == NULL) {
+					slprintf(idbuf, sizeof(idbuf)-1, "%ld",
+						(long)ap->a_id);
+					id = idbuf;
+				} else {
+					id = pw->pw_name;
+				}
+			case SMB_ACL_USER_OBJ:
+				tag = "user";
+				break;
+
+			case SMB_ACL_GROUP:
+				if ((gr = getgrgid(ap->a_id)) == NULL) {
+					slprintf(idbuf, sizeof(idbuf)-1, "%ld",
+						(long)ap->a_id);
+					id = idbuf;
+				} else {
+					id = gr->gr_name;
+				}
+			case SMB_ACL_GROUP_OBJ:
+				tag = "group";
+				break;
+
+			case SMB_ACL_OTHER:
+				tag = "other";
+				break;
+
+			case SMB_ACL_MASK:
+				tag = "mask";
+				break;
+
+		}
+
+		perms[0] = (ap->a_perm & SMB_ACL_READ) ? 'r' : '-';
+		perms[1] = (ap->a_perm & SMB_ACL_WRITE) ? 'w' : '-';
+		perms[2] = (ap->a_perm & SMB_ACL_EXECUTE) ? 'x' : '-';
+		perms[3] = '\0';
+
+		/*          <tag>      :  <qualifier>   :  rwx \n  \0 */
+		nbytes = strlen(tag) + 1 + strlen(id) + 1 + 3 + 1 + 1;
+
+		/*
+		 * If this entry would overflow the buffer
+		 * allocate enough additional memory for this
+		 * entry and an estimate of another 20 bytes
+		 * for each entry still to be processed
+		 */
+		if ((len + nbytes) > maxlen) {
+			char *oldtext = text;
+
+			maxlen += nbytes + 20 * (acl_d->count - i);
+
+			if ((text = Realloc(oldtext, maxlen)) == NULL) {
+				free(oldtext);
+				errno = ENOMEM;
+				return NULL;
+			}
+		}
+
+		slprintf(&text[len], nbytes-1, "%s:%s:%s\n", tag, id, perms);
+		len += nbytes - 1;
+	}
+
+	if (len_p)
+		*len_p = len;
+
+	return text;
+}
+
+SMB_ACL_T sys_acl_init(int count)
+{
+	SMB_ACL_T	a;
+
+	if (count < 0) {
+		errno = EINVAL;
+		return NULL;
+	}
+
+	/*
+	 * note that since the definition of the structure pointed
+	 * to by the SMB_ACL_T includes the first element of the
+	 * acl[] array, this actually allocates an ACL with room
+	 * for (count+1) entries
+	 */
+	if ((a = malloc(sizeof(*a) + count * sizeof(struct acl))) == NULL) {
+		errno = ENOMEM;
+		return NULL;
+	}
+
+	a->size = count + 1;
+	a->count = 0;
+	a->next = -1;
+
+	return a;
+}
+
+
+int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p)
+{
+	SMB_ACL_T	acl_d;
+	SMB_ACL_ENTRY_T	entry_d;
+
+	if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	if (acl_d->count >= acl_d->size) {
+		errno = ENOSPC;
+		return -1;
+	}
+
+	entry_d		= &acl_d->acl[acl_d->count++];
+	entry_d->a_type	= 0;
+	entry_d->a_id	= -1;
+	entry_d->a_perm	= 0;
+	*entry_p	= entry_d;
+
+	return 0;
+}
+
+int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type)
+{
+	switch (tag_type) {
+		case SMB_ACL_USER:
+		case SMB_ACL_USER_OBJ:
+		case SMB_ACL_GROUP:
+		case SMB_ACL_GROUP_OBJ:
+		case SMB_ACL_OTHER:
+		case SMB_ACL_MASK:
+			entry_d->a_type = tag_type;
+			break;
+		default:
+			errno = EINVAL;
+			return -1;
+	}
+
+	return 0;
+}
+
+int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p)
+{
+	if (entry_d->a_type != SMB_ACL_GROUP
+	    && entry_d->a_type != SMB_ACL_USER) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	entry_d->a_id = *((id_t *)qual_p);
+
+	return 0;
+}
+
+int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d)
+{
+	if (*permset_d & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) {
+		return EINVAL;
+	}
+
+	entry_d->a_perm = *permset_d;
+
+	return 0;
+}
+
+/* Structure to capture the count for each type of ACE. */
+
+struct hpux_acl_types {
+	int n_user;
+	int n_def_user;
+	int n_user_obj;
+	int n_def_user_obj;
+
+	int n_group;
+	int n_def_group;
+	int n_group_obj;
+	int n_def_group_obj;
+
+	int n_other;
+	int n_other_obj;
+	int n_def_other_obj;
+
+	int n_class_obj;
+	int n_def_class_obj;
+
+	int n_illegal_obj;
+};
+
+/* count_obj:
+ * Counts the different number of objects in a given array of ACL
+ * structures.
+ * Inputs:
+ *
+ * acl_count      - Count of ACLs in the array of ACL strucutres.
+ * aclp           - Array of ACL structures.
+ * acl_type_count - Pointer to acl_types structure. Should already be
+ *                  allocated.
+ * Output: 
+ *
+ * acl_type_count - This structure is filled up with counts of various 
+ *                  acl types.
+ */
+
+static int hpux_count_obj(int acl_count, struct acl *aclp, struct hpux_acl_types *acl_type_count)
+{
+	int i;
+
+	memset(acl_type_count, 0, sizeof(struct hpux_acl_types));
+
+	for(i=0;i<acl_count;i++) {
+		switch(aclp[i].a_type) {
+		case USER: 
+			acl_type_count->n_user++;
+			break;
+		case USER_OBJ: 
+			acl_type_count->n_user_obj++;
+			break;
+		case DEF_USER_OBJ: 
+			acl_type_count->n_def_user_obj++;
+			break;
+		case GROUP: 
+			acl_type_count->n_group++;
+			break;
+		case GROUP_OBJ: 
+			acl_type_count->n_group_obj++;
+			break;
+		case DEF_GROUP_OBJ: 
+			acl_type_count->n_def_group_obj++;
+			break;
+		case OTHER_OBJ: 
+			acl_type_count->n_other_obj++;
+			break;
+		case DEF_OTHER_OBJ: 
+			acl_type_count->n_def_other_obj++;
+			break;
+		case CLASS_OBJ:
+			acl_type_count->n_class_obj++;
+			break;
+		case DEF_CLASS_OBJ:
+			acl_type_count->n_def_class_obj++;
+			break;
+		case DEF_USER:
+			acl_type_count->n_def_user++;
+			break;
+		case DEF_GROUP:
+			acl_type_count->n_def_group++;
+			break;
+		default: 
+			acl_type_count->n_illegal_obj++;
+			break;
+		}
+	}
+}
+
+/* swap_acl_entries:  Swaps two ACL entries. 
+ *
+ * Inputs: aclp0, aclp1 - ACL entries to be swapped.
+ */
+
+static void hpux_swap_acl_entries(struct acl *aclp0, struct acl *aclp1)
+{
+	struct acl temp_acl;
+
+	temp_acl.a_type = aclp0->a_type;
+	temp_acl.a_id = aclp0->a_id;
+	temp_acl.a_perm = aclp0->a_perm;
+
+	aclp0->a_type = aclp1->a_type;
+	aclp0->a_id = aclp1->a_id;
+	aclp0->a_perm = aclp1->a_perm;
+
+	aclp1->a_type = temp_acl.a_type;
+	aclp1->a_id = temp_acl.a_id;
+	aclp1->a_perm = temp_acl.a_perm;
+}
+
+/* prohibited_duplicate_type
+ * Identifies if given ACL type can have duplicate entries or 
+ * not.
+ *
+ * Inputs: acl_type - ACL Type.
+ *
+ * Outputs: 
+ *
+ * Return.. 
+ *
+ * True - If the ACL type matches any of the prohibited types.
+ * False - If the ACL type doesn't match any of the prohibited types.
+ */ 
+
+static BOOL hpux_prohibited_duplicate_type(int acl_type)
+{
+	switch(acl_type) {
+		case USER:
+		case GROUP:
+		case DEF_USER: 
+		case DEF_GROUP:
+			return True;
+		default:
+			return False;
+	}
+}
+
+/* get_needed_class_perm
+ * Returns the permissions of a ACL structure only if the ACL
+ * type matches one of the pre-determined types for computing 
+ * CLASS_OBJ permissions.
+ *
+ * Inputs: aclp - Pointer to ACL structure.
+ */
+
+static int hpux_get_needed_class_perm(struct acl *aclp)
+{
+	switch(aclp->a_type) {
+		case USER: 
+		case GROUP_OBJ: 
+		case GROUP: 
+		case DEF_USER_OBJ: 
+		case DEF_USER:
+		case DEF_GROUP_OBJ: 
+		case DEF_GROUP:
+		case DEF_CLASS_OBJ:
+		case DEF_OTHER_OBJ: 
+			return aclp->a_perm;
+		default: 
+			return 0;
+	}
+}
+
+/* acl_sort for HPUX.
+ * Sorts the array of ACL structures as per the description in
+ * aclsort man page. Refer to aclsort man page for more details
+ *
+ * Inputs:
+ *
+ * acl_count - Count of ACLs in the array of ACL structures.
+ * calclass  - If this is not zero, then we compute the CLASS_OBJ
+ *             permissions.
+ * aclp      - Array of ACL structures.
+ *
+ * Outputs:
+ *
+ * aclp     - Sorted array of ACL structures.
+ *
+ * Outputs:
+ *
+ * Returns 0 for success -1 for failure. Prints a message to the Samba
+ * debug log in case of failure.
+ */
+
+static int hpux_acl_sort(int acl_count, int calclass, struct acl *aclp)
+{
+#if !defined(HAVE_HPUX_ACLSORT)
+	/*
+	 * The aclsort() system call is availabe on the latest HPUX General
+	 * Patch Bundles. So for HPUX, we developed our version of acl_sort 
+	 * function. Because, we don't want to update to a new 
+	 * HPUX GR bundle just for aclsort() call.
+	 */
+
+	struct hpux_acl_types acl_obj_count;
+	int n_class_obj_perm = 0;
+	int i, j;
+ 
+	if(!acl_count) {
+		DEBUG(10,("Zero acl count passed. Returning Success\n"));
+		return 0;
+	}
+
+	if(aclp == NULL) {
+		DEBUG(0,("Null ACL pointer in hpux_acl_sort. Returning Failure. \n"));
+		return -1;
+	}
+
+	/* Count different types of ACLs in the ACLs array */
+
+	hpux_count_obj(acl_count, aclp, &acl_obj_count);
+
+	/* There should be only one entry each of type USER_OBJ, GROUP_OBJ, 
+	 * CLASS_OBJ and OTHER_OBJ 
+	 */
+
+	if( (acl_obj_count.n_user_obj  != 1) || 
+		(acl_obj_count.n_group_obj != 1) || 
+		(acl_obj_count.n_class_obj != 1) ||
+		(acl_obj_count.n_other_obj != 1) 
+	) {
+		DEBUG(0,("hpux_acl_sort: More than one entry or no entries for \
+USER OBJ or GROUP_OBJ or OTHER_OBJ or CLASS_OBJ\n"));
+		return -1;
+	}
+
+	/* If any of the default objects are present, there should be only
+	 * one of them each.
+	 */
+
+	if( (acl_obj_count.n_def_user_obj  > 1) || (acl_obj_count.n_def_group_obj > 1) || 
+			(acl_obj_count.n_def_other_obj > 1) || (acl_obj_count.n_def_class_obj > 1) ) {
+		DEBUG(0,("hpux_acl_sort: More than one entry for DEF_CLASS_OBJ \
+or DEF_USER_OBJ or DEF_GROUP_OBJ or DEF_OTHER_OBJ\n"));
+		return -1;
+	}
+
+	/* We now have proper number of OBJ and DEF_OBJ entries. Now sort the acl 
+	 * structures.  
+	 *
+	 * Sorting crieteria - First sort by ACL type. If there are multiple entries of
+	 * same ACL type, sort by ACL id.
+	 *
+	 * I am using the trival kind of sorting method here because, performance isn't 
+	 * really effected by the ACLs feature. More over there aren't going to be more
+	 * than 17 entries on HPUX. 
+	 */
+
+	for(i=0; i<acl_count;i++) {
+		for (j=i+1; j<acl_count; j++) {
+			if( aclp[i].a_type > aclp[j].a_type ) {
+				/* ACL entries out of order, swap them */
+
+				hpux_swap_acl_entries((aclp+i), (aclp+j));
+
+			} else if ( aclp[i].a_type == aclp[j].a_type ) {
+
+				/* ACL entries of same type, sort by id */
+
+				if(aclp[i].a_id > aclp[j].a_id) {
+					hpux_swap_acl_entries((aclp+i), (aclp+j));
+				} else if (aclp[i].a_id == aclp[j].a_id) {
+					/* We have a duplicate entry. */
+					if(hpux_prohibited_duplicate_type(aclp[i].a_type)) {
+						DEBUG(0, ("hpux_acl_sort: Duplicate entry: Type(hex): %x Id: %d\n",
+							aclp[i].a_type, aclp[i].a_id));
+						return -1;
+					}
+				}
+
+			}
+		}
+	}
+
+	/* set the class obj permissions to the computed one. */
+	if(calclass) {
+		int n_class_obj_index = -1;
+
+		for(i=0;i<acl_count;i++) {
+			n_class_obj_perm |= hpux_get_needed_class_perm((aclp+i));
+
+			if(aclp[i].a_type == CLASS_OBJ)
+				n_class_obj_index = i;
+		}
+		aclp[n_class_obj_index].a_perm = n_class_obj_perm;
+	}
+
+	return 0;
+#else
+	return aclsort(acl_count, calclass, aclp);
+#endif
+}
+
+/*
+ * sort the ACL and check it for validity
+ *
+ * if it's a minimal ACL with only 4 entries then we
+ * need to recalculate the mask permissions to make
+ * sure that they are the same as the GROUP_OBJ
+ * permissions as required by the UnixWare acl() system call.
+ *
+ * (note: since POSIX allows minimal ACLs which only contain
+ * 3 entries - ie there is no mask entry - we should, in theory,
+ * check for this and add a mask entry if necessary - however
+ * we "know" that the caller of this interface always specifies
+ * a mask so, in practice "this never happens" (tm) - if it *does*
+ * happen aclsort() will fail and return an error and someone will
+ * have to fix it ...)
+ */
+
+static int acl_sort(SMB_ACL_T acl_d)
+{
+	int fixmask = (acl_d->count <= 4);
+
+	if (hpux_acl_sort(acl_d->count, fixmask, acl_d->acl) != 0) {
+		errno = EINVAL;
+		return -1;
+	}
+	return 0;
+}
+ 
+int sys_acl_valid(SMB_ACL_T acl_d)
+{
+	return acl_sort(acl_d);
+}
+
+int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d)
+{
+	struct stat	s;
+	struct acl	*acl_p;
+	int		acl_count;
+	struct acl	*acl_buf	= NULL;
+	int		ret;
+
+	if(hpux_acl_call_presence() == False) {
+		/* Looks like we don't have the acl() system call on HPUX. 
+		 * May be the system doesn't have the latest version of JFS.
+		 */
+		errno=ENOSYS;
+		return -1; 
+	}
+
+	if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	if (acl_sort(acl_d) != 0) {
+		return -1;
+	}
+
+	acl_p		= &acl_d->acl[0];
+	acl_count	= acl_d->count;
+
+	/*
+	 * if it's a directory there is extra work to do
+	 * since the acl() system call will replace both
+	 * the access ACLs and the default ACLs (if any)
+	 */
+	if (stat(name, &s) != 0) {
+		return -1;
+	}
+	if (S_ISDIR(s.st_mode)) {
+		SMB_ACL_T	acc_acl;
+		SMB_ACL_T	def_acl;
+		SMB_ACL_T	tmp_acl;
+		int		i;
+
+		if (type == SMB_ACL_TYPE_ACCESS) {
+			acc_acl = acl_d;
+			def_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_DEFAULT);
+
+		} else {
+			def_acl = acl_d;
+			acc_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_ACCESS);
+		}
+
+		if (tmp_acl == NULL) {
+			return -1;
+		}
+
+		/*
+		 * allocate a temporary buffer for the complete ACL
+		 */
+		acl_count = acc_acl->count + def_acl->count;
+		acl_p = acl_buf = malloc(acl_count * sizeof(acl_buf[0]));
+
+		if (acl_buf == NULL) {
+			sys_acl_free_acl(tmp_acl);
+			errno = ENOMEM;
+			return -1;
+		}
+
+		/*
+		 * copy the access control and default entries into the buffer
+		 */
+		memcpy(&acl_buf[0], &acc_acl->acl[0],
+			acc_acl->count * sizeof(acl_buf[0]));
+
+		memcpy(&acl_buf[acc_acl->count], &def_acl->acl[0],
+			def_acl->count * sizeof(acl_buf[0]));
+
+		/*
+		 * set the ACL_DEFAULT flag on the default entries
+		 */
+		for (i = acc_acl->count; i < acl_count; i++) {
+			acl_buf[i].a_type |= ACL_DEFAULT;
+		}
+
+		sys_acl_free_acl(tmp_acl);
+
+	} else if (type != SMB_ACL_TYPE_ACCESS) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	ret = acl(name, ACL_SET, acl_count, acl_p);
+
+	if (acl_buf) {
+		free(acl_buf);
+	}
+
+	return ret;
+}
+
+int sys_acl_set_fd(int fd, SMB_ACL_T acl_d)
+{
+	/*
+	 * HPUX doesn't have the facl call. Fake it using the path.... JRA.
+	 */
+
+	files_struct *fsp = file_find_fd(fd);
+
+	if (fsp == NULL) {
+		errno = EBADF;
+		return NULL;
+	}
+
+	if (acl_sort(acl_d) != 0) {
+		return -1;
+	}
+
+	/*
+	 * We know we're in the same conn context. So we
+	 * can use the relative path.
+	 */
+
+	return sys_acl_set_file(fsp->fsp_name, SMB_ACL_TYPE_ACCESS, acl_d);
+}
+
+int sys_acl_delete_def_file(const char *path)
+{
+	SMB_ACL_T	acl_d;
+	int		ret;
+
+	/*
+	 * fetching the access ACL and rewriting it has
+	 * the effect of deleting the default ACL
+	 */
+	if ((acl_d = sys_acl_get_file(path, SMB_ACL_TYPE_ACCESS)) == NULL) {
+		return -1;
+	}
+
+	ret = acl(path, ACL_SET, acl_d->count, acl_d->acl);
+
+	sys_acl_free_acl(acl_d);
+	
+	return ret;
+}
+
+int sys_acl_free_text(char *text)
+{
+	free(text);
+	return 0;
+}
+
+int sys_acl_free_acl(SMB_ACL_T acl_d) 
+{
+	free(acl_d);
+	return 0;
+}
+
+int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype)
+{
+	return 0;
+}
+
+#elif defined(HAVE_IRIX_ACLS)
+
+int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p)
+{
+	if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	if (entry_p == NULL) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	if (entry_id == SMB_ACL_FIRST_ENTRY) {
+		acl_d->next = 0;
+	}
+
+	if (acl_d->next < 0) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	if (acl_d->next >= acl_d->aclp->acl_cnt) {
+		return 0;
+	}
+
+	*entry_p = &acl_d->aclp->acl_entry[acl_d->next++];
+
+	return 1;
+}
+
+int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p)
+{
+	*type_p = entry_d->ae_tag;
+
+	return 0;
+}
+
+int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
+{
+	*permset_p = entry_d;
+
+	return 0;
+}
+
+void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d)
+{
+	if (entry_d->ae_tag != SMB_ACL_USER
+	    && entry_d->ae_tag != SMB_ACL_GROUP) {
+		errno = EINVAL;
+		return NULL;
+	}
+
+	return &entry_d->ae_id;
+}
+
+SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type)
+{
+	SMB_ACL_T	a;
+
+	if ((a = malloc(sizeof(*a))) == NULL) {
+		errno = ENOMEM;
+		return NULL;
+	}
+	if ((a->aclp = acl_get_file(path_p, type)) == NULL) {
+		SAFE_FREE(a);
+		return NULL;
+	}
+	a->next = -1;
+	a->freeaclp = True;
+	return a;
+}
+
+SMB_ACL_T sys_acl_get_fd(int fd)
+{
+	SMB_ACL_T	a;
+
+	if ((a = malloc(sizeof(*a))) == NULL) {
+		errno = ENOMEM;
+		return NULL;
+	}
+	if ((a->aclp = acl_get_fd(fd)) == NULL) {
+		SAFE_FREE(a);
+		return NULL;
+	}
+	a->next = -1;
+	a->freeaclp = True;
+	return a;
+}
+
+int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d)
+{
+	permset_d->ae_perm = 0;
+
+	return 0;
+}
+
+int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
+{
+	if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE
+	    && perm != SMB_ACL_EXECUTE) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	if (permset_d == NULL) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	permset_d->ae_perm |= perm;
+
+	return 0;
+}
+
+int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
+{
+	return permset_d->ae_perm & perm;
+}
+
+char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p)
+{
+	return acl_to_text(acl_d->aclp, len_p);
+}
+
+SMB_ACL_T sys_acl_init(int count)
+{
+	SMB_ACL_T	a;
+
+	if (count < 0) {
+		errno = EINVAL;
+		return NULL;
+	}
+
+	if ((a = malloc(sizeof(*a) + sizeof(struct acl))) == NULL) {
+		errno = ENOMEM;
+		return NULL;
+	}
+
+	a->next = -1;
+	a->freeaclp = False;
+	a->aclp = (struct acl *)(&a->aclp + sizeof(struct acl *));
+	a->aclp->acl_cnt = 0;
+
+	return a;
+}
+
+
+int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p)
+{
+	SMB_ACL_T	acl_d;
+	SMB_ACL_ENTRY_T	entry_d;
+
+	if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	if (acl_d->aclp->acl_cnt >= ACL_MAX_ENTRIES) {
+		errno = ENOSPC;
+		return -1;
+	}
+
+	entry_d		= &acl_d->aclp->acl_entry[acl_d->aclp->acl_cnt++];
+	entry_d->ae_tag	= 0;
+	entry_d->ae_id	= 0;
+	entry_d->ae_perm	= 0;
+	*entry_p	= entry_d;
+
+	return 0;
+}
+
+int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type)
+{
+	switch (tag_type) {
+		case SMB_ACL_USER:
+		case SMB_ACL_USER_OBJ:
+		case SMB_ACL_GROUP:
+		case SMB_ACL_GROUP_OBJ:
+		case SMB_ACL_OTHER:
+		case SMB_ACL_MASK:
+			entry_d->ae_tag = tag_type;
+			break;
+		default:
+			errno = EINVAL;
+			return -1;
+	}
+
+	return 0;
+}
+
+int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p)
+{
+	if (entry_d->ae_tag != SMB_ACL_GROUP
+	    && entry_d->ae_tag != SMB_ACL_USER) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	entry_d->ae_id = *((id_t *)qual_p);
+
+	return 0;
+}
+
+int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d)
+{
+	if (permset_d->ae_perm & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) {
+		return EINVAL;
+	}
+
+	entry_d->ae_perm = permset_d->ae_perm;
+
+	return 0;
+}
+
+int sys_acl_valid(SMB_ACL_T acl_d)
+{
+	return acl_valid(acl_d->aclp);
+}
+
+int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d)
+{
+	return acl_set_file(name, type, acl_d->aclp);
+}
+
+int sys_acl_set_fd(int fd, SMB_ACL_T acl_d)
+{
+	return acl_set_fd(fd, acl_d->aclp);
+}
+
+int sys_acl_delete_def_file(const char *name)
+{
+	return acl_delete_def_file(name);
+}
+
+int sys_acl_free_text(char *text)
+{
+	return acl_free(text);
+}
+
+int sys_acl_free_acl(SMB_ACL_T acl_d) 
+{
+	if (acl_d->freeaclp) {
+		acl_free(acl_d->aclp);
+	}
+	acl_free(acl_d);
+	return 0;
+}
+
+int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype)
+{
+	return 0;
+}
+
+#elif defined(HAVE_AIX_ACLS)
+
+/* Donated by Medha Date, mdate@austin.ibm.com, for IBM */
+
+int sys_acl_get_entry( SMB_ACL_T theacl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
+{
+	struct acl_entry_link *link;
+	struct new_acl_entry *entry;
+	int keep_going;
+
+	DEBUG(10,("This is the count: %d\n",theacl->count));
+
+	/* Check if count was previously set to -1. *
+	 * If it was, that means we reached the end *
+	 * of the acl last time.                    */
+	if(theacl->count == -1)
+		return(0);
+
+	link = theacl;
+	/* To get to the next acl, traverse linked list until index *
+	 * of acl matches the count we are keeping.  This count is  *
+	 * incremented each time we return an acl entry.            */
+
+	for(keep_going = 0; keep_going < theacl->count; keep_going++)
+		link = link->nextp;
+
+	entry = *entry_p =  link->entryp;
+
+	DEBUG(10,("*entry_p is %d\n",entry_p));
+	DEBUG(10,("*entry_p->ace_access is %d\n",entry->ace_access));
+
+	/* Increment count */
+	theacl->count++;
+	if(link->nextp == NULL)
+		theacl->count = -1;
+
+	return(1);
+}
+
+int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
+{
+	/* Initialize tag type */
+
+	*tag_type_p = -1;
+	DEBUG(10,("the tagtype is %d\n",entry_d->ace_id->id_type));
+
+	/* Depending on what type of entry we have, *
+	 * return tag type.                         */
+	switch(entry_d->ace_id->id_type) {
+	case ACEID_USER:
+		*tag_type_p = SMB_ACL_USER;
+		break;
+	case ACEID_GROUP:
+		*tag_type_p = SMB_ACL_GROUP;
+		break;
+
+	case SMB_ACL_USER_OBJ:
+	case SMB_ACL_GROUP_OBJ:
+	case SMB_ACL_OTHER:
+		*tag_type_p = entry_d->ace_id->id_type;
+		break;
+ 
+	default:
+		return(-1);
+	}
+
+	return(0);
+}
+
+int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
+{
+	DEBUG(10,("Starting AIX sys_acl_get_permset\n"));
+	*permset_p = &entry_d->ace_access;
+	DEBUG(10,("**permset_p is %d\n",**permset_p));
+	if(!(**permset_p & S_IXUSR) &&
+		!(**permset_p & S_IWUSR) &&
+		!(**permset_p & S_IRUSR) &&
+		(**permset_p != 0))
+			return(-1);
+
+	DEBUG(10,("Ending AIX sys_acl_get_permset\n"));
+	return(0);
+}
+
+void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d)
+{
+	return(entry_d->ace_id->id_data);
+}
+
+SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
+{
+	struct acl *file_acl = (struct acl *)NULL;
+	struct acl_entry *acl_entry;
+	struct new_acl_entry *new_acl_entry;
+	struct ace_id *idp;
+	struct acl_entry_link *acl_entry_link;
+	struct acl_entry_link *acl_entry_link_head;
+	int i;
+	int rc = 0;
+	uid_t user_id;
+
+	/* Get the acl using statacl */
+ 
+	DEBUG(10,("Entering sys_acl_get_file\n"));
+	DEBUG(10,("path_p is %s\n",path_p));
+
+	file_acl = (struct acl *)malloc(BUFSIZ);
+ 
+	if(file_acl == NULL) {
+		errno=ENOMEM;
+		DEBUG(0,("Error in AIX sys_acl_get_file: %d\n",errno));
+		return(NULL);
+	}
+
+	memset(file_acl,0,BUFSIZ);
+
+	rc = statacl((char *)path_p,0,file_acl,BUFSIZ);
+	if(rc == -1) {
+		DEBUG(0,("statacl returned %d with errno %d\n",rc,errno));
+		SAFE_FREE(file_acl);
+		return(NULL);
+	}
+
+	DEBUG(10,("Got facl and returned it\n"));
+
+	/* Point to the first acl entry in the acl */
+	acl_entry =  file_acl->acl_ext;
+
+	/* Begin setting up the head of the linked list *
+	 * that will be used for the storing the acl    *
+	 * in a way that is useful for the posix_acls.c *
+	 * code.                                          */
+
+	acl_entry_link_head = acl_entry_link = sys_acl_init(0);
+	if(acl_entry_link_head == NULL)
+		return(NULL);
+
+	acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry));
+	if(acl_entry_link->entryp == NULL) {
+		SAFE_FREE(file_acl);
+		errno = ENOMEM;
+		DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
+		return(NULL);
+	}
+
+	DEBUG(10,("acl_entry is %d\n",acl_entry));
+	DEBUG(10,("acl_last(file_acl) id %d\n",acl_last(file_acl)));
+
+	/* Check if the extended acl bit is on.   *
+	 * If it isn't, do not show the           *
+	 * contents of the acl since AIX intends *
+	 * the extended info to remain unused     */
+
+	if(file_acl->acl_mode & S_IXACL){
+		/* while we are not pointing to the very end */
+		while(acl_entry < acl_last(file_acl)) {
+			/* before we malloc anything, make sure this is  */
+			/* a valid acl entry and one that we want to map */
+			idp = id_nxt(acl_entry->ace_id);
+			if((acl_entry->ace_type == ACC_SPECIFY ||
+				(acl_entry->ace_type == ACC_PERMIT)) && (idp != id_last(acl_entry))) {
+					acl_entry = acl_nxt(acl_entry);
+					continue;
+			}
+
+			idp = acl_entry->ace_id;
+
+			/* Check if this is the first entry in the linked list. *
+			 * The first entry needs to keep prevp pointing to NULL *
+			 * and already has entryp allocated.                  */
+
+			if(acl_entry_link_head->count != 0) {
+				acl_entry_link->nextp = (struct acl_entry_link *)
+											malloc(sizeof(struct acl_entry_link));
+
+				if(acl_entry_link->nextp == NULL) {
+					SAFE_FREE(file_acl);
+					errno = ENOMEM;
+					DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
+					return(NULL);
+				}
+
+				acl_entry_link->nextp->prevp = acl_entry_link;
+				acl_entry_link = acl_entry_link->nextp;
+				acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry));
+				if(acl_entry_link->entryp == NULL) {
+					SAFE_FREE(file_acl);
+					errno = ENOMEM;
+					DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
+					return(NULL);
+				}
+				acl_entry_link->nextp = NULL;
+			}
+
+			acl_entry_link->entryp->ace_len = acl_entry->ace_len;
+
+			/* Don't really need this since all types are going *
+			 * to be specified but, it's better than leaving it 0 */
+
+			acl_entry_link->entryp->ace_type = acl_entry->ace_type;
+ 
+			acl_entry_link->entryp->ace_access = acl_entry->ace_access;
+ 
+			memcpy(acl_entry_link->entryp->ace_id,idp,sizeof(struct ace_id));
+
+			/* The access in the acl entries must be left shifted by *
+			 * three bites, because they will ultimately be compared *
+			 * to S_IRUSR, S_IWUSR, and S_IXUSR.                  */
+
+			switch(acl_entry->ace_type){
+			case ACC_PERMIT:
+			case ACC_SPECIFY:
+				acl_entry_link->entryp->ace_access = acl_entry->ace_access;
+				acl_entry_link->entryp->ace_access <<= 6;
+				acl_entry_link_head->count++;
+				break;
+			case ACC_DENY:
+				/* Since there is no way to return a DENY acl entry *
+				 * change to PERMIT and then shift.                 */
+				DEBUG(10,("acl_entry->ace_access is %d\n",acl_entry->ace_access));
+				acl_entry_link->entryp->ace_access = ~acl_entry->ace_access & 7;
+				DEBUG(10,("acl_entry_link->entryp->ace_access is %d\n",acl_entry_link->entryp->ace_access));
+				acl_entry_link->entryp->ace_access <<= 6;
+				acl_entry_link_head->count++;
+				break;
+			default:
+				return(0);
+			}
+
+			DEBUG(10,("acl_entry = %d\n",acl_entry));
+			DEBUG(10,("The ace_type is %d\n",acl_entry->ace_type));
+ 
+			acl_entry = acl_nxt(acl_entry);
+		}
+	} /* end of if enabled */
+
+	/* Since owner, group, other acl entries are not *
+	 * part of the acl entries in an acl, they must  *
+	 * be dummied up to become part of the list.     */
+
+	for( i = 1; i < 4; i++) {
+		DEBUG(10,("i is %d\n",i));
+		if(acl_entry_link_head->count != 0) {
+			acl_entry_link->nextp = (struct acl_entry_link *)malloc(sizeof(struct acl_entry_link));
+			if(acl_entry_link->nextp == NULL) {
+				SAFE_FREE(file_acl);
+				errno = ENOMEM;
+				DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
+				return(NULL);
+			}
+
+			acl_entry_link->nextp->prevp = acl_entry_link;
+			acl_entry_link = acl_entry_link->nextp;
+			acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry));
+			if(acl_entry_link->entryp == NULL) {
+				SAFE_FREE(file_acl);
+				errno = ENOMEM;
+				DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
+				return(NULL);
+			}
+		}
+
+		acl_entry_link->nextp = NULL;
+
+		new_acl_entry = acl_entry_link->entryp;
+		idp = new_acl_entry->ace_id;
+
+		new_acl_entry->ace_len = sizeof(struct acl_entry);
+		new_acl_entry->ace_type = ACC_PERMIT;
+		idp->id_len = sizeof(struct ace_id);
+		DEBUG(10,("idp->id_len = %d\n",idp->id_len));
+		memset(idp->id_data,0,sizeof(uid_t));
+
+		switch(i) {
+		case 2:
+			new_acl_entry->ace_access = file_acl->g_access << 6;
+			idp->id_type = SMB_ACL_GROUP_OBJ;
+			break;
+
+		case 3:
+			new_acl_entry->ace_access = file_acl->o_access << 6;
+			idp->id_type = SMB_ACL_OTHER;
+			break;
+ 
+		case 1:
+			new_acl_entry->ace_access = file_acl->u_access << 6;
+			idp->id_type = SMB_ACL_USER_OBJ;
+			break;
+ 
+		default:
+			return(NULL);
+
+		}
+
+		acl_entry_link_head->count++;
+		DEBUG(10,("new_acl_entry->ace_access = %d\n",new_acl_entry->ace_access));
+	}
+
+	acl_entry_link_head->count = 0;
+	SAFE_FREE(file_acl);
+
+	return(acl_entry_link_head);
+}
+
+SMB_ACL_T sys_acl_get_fd(int fd)
+{
+	struct acl *file_acl = (struct acl *)NULL;
+	struct acl_entry *acl_entry;
+	struct new_acl_entry *new_acl_entry;
+	struct ace_id *idp;
+	struct acl_entry_link *acl_entry_link;
+	struct acl_entry_link *acl_entry_link_head;
+	int i;
+	int rc = 0;
+	uid_t user_id;
+
+	/* Get the acl using fstatacl */
+   
+	DEBUG(10,("Entering sys_acl_get_fd\n"));
+	DEBUG(10,("fd is %d\n",fd));
+	file_acl = (struct acl *)malloc(BUFSIZ);
+
+	if(file_acl == NULL) {
+		errno=ENOMEM;
+		DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
+		return(NULL);
+	}
+
+	memset(file_acl,0,BUFSIZ);
+
+	rc = fstatacl(fd,0,file_acl,BUFSIZ);
+	if(rc == -1) {
+		DEBUG(0,("The fstatacl call returned %d with errno %d\n",rc,errno));
+		SAFE_FREE(file_acl);
+		return(NULL);
+	}
+
+	DEBUG(10,("Got facl and returned it\n"));
+
+	/* Point to the first acl entry in the acl */
+
+	acl_entry =  file_acl->acl_ext;
+	/* Begin setting up the head of the linked list *
+	 * that will be used for the storing the acl    *
+	 * in a way that is useful for the posix_acls.c *
+	 * code.                                        */
+
+	acl_entry_link_head = acl_entry_link = sys_acl_init(0);
+	if(acl_entry_link_head == NULL){
+		SAFE_FREE(file_acl);
+		return(NULL);
+	}
+
+	acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry));
+
+	if(acl_entry_link->entryp == NULL) {
+		errno = ENOMEM;
+		DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
+		SAFE_FREE(file_acl);
+		return(NULL);
+	}
+
+	DEBUG(10,("acl_entry is %d\n",acl_entry));
+	DEBUG(10,("acl_last(file_acl) id %d\n",acl_last(file_acl)));
+ 
+	/* Check if the extended acl bit is on.   *
+	 * If it isn't, do not show the           *
+	 * contents of the acl since AIX intends  *
+	 * the extended info to remain unused     */
+ 
+	if(file_acl->acl_mode & S_IXACL){
+		/* while we are not pointing to the very end */
+		while(acl_entry < acl_last(file_acl)) {
+			/* before we malloc anything, make sure this is  */
+			/* a valid acl entry and one that we want to map */
+
+			idp = id_nxt(acl_entry->ace_id);
+			if((acl_entry->ace_type == ACC_SPECIFY ||
+				(acl_entry->ace_type == ACC_PERMIT)) && (idp != id_last(acl_entry))) {
+					acl_entry = acl_nxt(acl_entry);
+					continue;
+			}
+
+			idp = acl_entry->ace_id;
+ 
+			/* Check if this is the first entry in the linked list. *
+			 * The first entry needs to keep prevp pointing to NULL *
+			 * and already has entryp allocated.                 */
+
+			if(acl_entry_link_head->count != 0) {
+				acl_entry_link->nextp = (struct acl_entry_link *)malloc(sizeof(struct acl_entry_link));
+				if(acl_entry_link->nextp == NULL) {
+					errno = ENOMEM;
+					DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
+					SAFE_FREE(file_acl);
+					return(NULL);
+				}
+				acl_entry_link->nextp->prevp = acl_entry_link;
+				acl_entry_link = acl_entry_link->nextp;
+				acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry));
+				if(acl_entry_link->entryp == NULL) {
+					errno = ENOMEM;
+					DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
+					SAFE_FREE(file_acl);
+					return(NULL);
+				}
+
+				acl_entry_link->nextp = NULL;
+			}
+
+			acl_entry_link->entryp->ace_len = acl_entry->ace_len;
+
+			/* Don't really need this since all types are going *
+			 * to be specified but, it's better than leaving it 0 */
+
+			acl_entry_link->entryp->ace_type = acl_entry->ace_type;
+			acl_entry_link->entryp->ace_access = acl_entry->ace_access;
+
+			memcpy(acl_entry_link->entryp->ace_id, idp, sizeof(struct ace_id));
+
+			/* The access in the acl entries must be left shifted by *
+			 * three bites, because they will ultimately be compared *
+			 * to S_IRUSR, S_IWUSR, and S_IXUSR.                  */
+
+			switch(acl_entry->ace_type){
+			case ACC_PERMIT:
+			case ACC_SPECIFY:
+				acl_entry_link->entryp->ace_access = acl_entry->ace_access;
+				acl_entry_link->entryp->ace_access <<= 6;
+				acl_entry_link_head->count++;
+				break;
+			case ACC_DENY:
+				/* Since there is no way to return a DENY acl entry *
+				 * change to PERMIT and then shift.                 */
+				DEBUG(10,("acl_entry->ace_access is %d\n",acl_entry->ace_access));
+				acl_entry_link->entryp->ace_access = ~acl_entry->ace_access & 7;
+				DEBUG(10,("acl_entry_link->entryp->ace_access is %d\n",acl_entry_link->entryp->ace_access));
+				acl_entry_link->entryp->ace_access <<= 6;
+				acl_entry_link_head->count++;
+				break;
+			default:
+				return(0);
+			}
+
+			DEBUG(10,("acl_entry = %d\n",acl_entry));
+			DEBUG(10,("The ace_type is %d\n",acl_entry->ace_type));
+ 
+			acl_entry = acl_nxt(acl_entry);
+		}
+	} /* end of if enabled */
+
+	/* Since owner, group, other acl entries are not *
+	 * part of the acl entries in an acl, they must  *
+	 * be dummied up to become part of the list.     */
+
+	for( i = 1; i < 4; i++) {
+		DEBUG(10,("i is %d\n",i));
+		if(acl_entry_link_head->count != 0){
+			acl_entry_link->nextp = (struct acl_entry_link *)malloc(sizeof(struct acl_entry_link));
+			if(acl_entry_link->nextp == NULL) {
+				errno = ENOMEM;
+				DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
+				SAFE_FREE(file_acl);
+				return(NULL);
+			}
+
+			acl_entry_link->nextp->prevp = acl_entry_link;
+			acl_entry_link = acl_entry_link->nextp;
+			acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry));
+
+			if(acl_entry_link->entryp == NULL) {
+				SAFE_FREE(file_acl);
+				errno = ENOMEM;
+				DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
+				return(NULL);
+			}
+		}
+
+		acl_entry_link->nextp = NULL;
+ 
+		new_acl_entry = acl_entry_link->entryp;
+		idp = new_acl_entry->ace_id;
+ 
+		new_acl_entry->ace_len = sizeof(struct acl_entry);
+		new_acl_entry->ace_type = ACC_PERMIT;
+		idp->id_len = sizeof(struct ace_id);
+		DEBUG(10,("idp->id_len = %d\n",idp->id_len));
+		memset(idp->id_data,0,sizeof(uid_t));
+ 
+		switch(i) {
+		case 2:
+			new_acl_entry->ace_access = file_acl->g_access << 6;
+			idp->id_type = SMB_ACL_GROUP_OBJ;
+			break;
+ 
+		case 3:
+			new_acl_entry->ace_access = file_acl->o_access << 6;
+			idp->id_type = SMB_ACL_OTHER;
+			break;
+ 
+		case 1:
+			new_acl_entry->ace_access = file_acl->u_access << 6;
+			idp->id_type = SMB_ACL_USER_OBJ;
+			break;
+ 
+		default:
+			return(NULL);
+		}
+ 
+		acl_entry_link_head->count++;
+		DEBUG(10,("new_acl_entry->ace_access = %d\n",new_acl_entry->ace_access));
+	}
+
+	acl_entry_link_head->count = 0;
+	SAFE_FREE(file_acl);
+ 
+	return(acl_entry_link_head);
+}
+
+int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset)
+{
+	*permset = *permset & ~0777;
+	return(0);
+}
+
+int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
+{
+	if((perm != 0) &&
+			(perm & (S_IXUSR | S_IWUSR | S_IRUSR)) == 0)
+		return(-1);
+
+	*permset |= perm;
+	DEBUG(10,("This is the permset now: %d\n",*permset));
+	return(0);
+}
+
+char *sys_acl_to_text( SMB_ACL_T theacl, ssize_t *plen)
+{
+	return(NULL);
+}
+
+SMB_ACL_T sys_acl_init( int count)
+{
+	struct acl_entry_link *theacl = NULL;
+ 
+	DEBUG(10,("Entering sys_acl_init\n"));
+
+	theacl = (struct acl_entry_link *)malloc(sizeof(struct acl_entry_link));
+	if(theacl == NULL) {
+		errno = ENOMEM;
+		DEBUG(0,("Error in sys_acl_init is %d\n",errno));
+		return(NULL);
+	}
+
+	theacl->count = 0;
+	theacl->nextp = NULL;
+	theacl->prevp = NULL;
+	theacl->entryp = NULL;
+	DEBUG(10,("Exiting sys_acl_init\n"));
+	return(theacl);
+}
+
+int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
+{
+	struct acl_entry_link *theacl;
+	struct acl_entry_link *acl_entryp;
+	struct acl_entry_link *temp_entry;
+	int counting;
+
+	DEBUG(10,("Entering the sys_acl_create_entry\n"));
+
+	theacl = acl_entryp = *pacl;
+
+	/* Get to the end of the acl before adding entry */
+
+	for(counting=0; counting < theacl->count; counting++){
+		DEBUG(10,("The acl_entryp is %d\n",acl_entryp));
+		temp_entry = acl_entryp;
+		acl_entryp = acl_entryp->nextp;
+	}
+
+	if(theacl->count != 0){
+		temp_entry->nextp = acl_entryp = (struct acl_entry_link *)malloc(sizeof(struct acl_entry_link));
+		if(acl_entryp == NULL) {
+			errno = ENOMEM;
+			DEBUG(0,("Error in sys_acl_create_entry is %d\n",errno));
+			return(-1);
+		}
+
+		DEBUG(10,("The acl_entryp is %d\n",acl_entryp));
+		acl_entryp->prevp = temp_entry;
+		DEBUG(10,("The acl_entryp->prevp is %d\n",acl_entryp->prevp));
+	}
+
+	*pentry = acl_entryp->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry));
+	if(*pentry == NULL) {
+		errno = ENOMEM;
+		DEBUG(0,("Error in sys_acl_create_entry is %d\n",errno));
+		return(-1);
+	}
+
+	memset(*pentry,0,sizeof(struct new_acl_entry));
+	acl_entryp->entryp->ace_len = sizeof(struct acl_entry);
+	acl_entryp->entryp->ace_type = ACC_PERMIT;
+	acl_entryp->entryp->ace_id->id_len = sizeof(struct ace_id);
+	acl_entryp->nextp = NULL;
+	theacl->count++;
+	DEBUG(10,("Exiting sys_acl_create_entry\n"));
+	return(0);
+}
+
+int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype)
+{
+	DEBUG(10,("Starting AIX sys_acl_set_tag_type\n"));
+	entry->ace_id->id_type = tagtype;
+	DEBUG(10,("The tag type is %d\n",entry->ace_id->id_type));
+	DEBUG(10,("Ending AIX sys_acl_set_tag_type\n"));
+}
+
+int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual)
+{
+	DEBUG(10,("Starting AIX sys_acl_set_qualifier\n"));
+	memcpy(entry->ace_id->id_data,qual,sizeof(uid_t));
+	DEBUG(10,("Ending AIX sys_acl_set_qualifier\n"));
+	return(0);
+}
+
+int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
+{
+	DEBUG(10,("Starting AIX sys_acl_set_permset\n"));
+	if(!(*permset & S_IXUSR) &&
+		!(*permset & S_IWUSR) &&
+		!(*permset & S_IRUSR) &&
+		(*permset != 0))
+			return(-1);
+
+	entry->ace_access = *permset;
+	DEBUG(10,("entry->ace_access = %d\n",entry->ace_access));
+	DEBUG(10,("Ending AIX sys_acl_set_permset\n"));
+	return(0);
+}
+
+int sys_acl_valid( SMB_ACL_T theacl )
+{
+	int user_obj = 0;
+	int group_obj = 0;
+	int other_obj = 0;
+	struct acl_entry_link *acl_entry;
+
+	for(acl_entry=theacl; acl_entry != NULL; acl_entry = acl_entry->nextp) {
+		user_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_USER_OBJ);
+		group_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_GROUP_OBJ);
+		other_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_OTHER);
+	}
+
+	DEBUG(10,("user_obj=%d, group_obj=%d, other_obj=%d\n",user_obj,group_obj,other_obj));
+ 
+	if(user_obj != 1 || group_obj != 1 || other_obj != 1)
+		return(-1); 
+
+	return(0);
+}
+
+int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
+{
+	struct acl_entry_link *acl_entry_link = NULL;
+	struct acl *file_acl = NULL;
+	struct acl *file_acl_temp = NULL;
+	struct acl_entry *acl_entry = NULL;
+	struct ace_id *ace_id = NULL;
+	uint id_type;
+	uint ace_access;
+	uint user_id;
+	uint acl_length;
+	uint rc;
+
+	DEBUG(10,("Entering sys_acl_set_file\n"));
+	DEBUG(10,("File name is %s\n",name));
+ 
+	/* AIX has no default ACL */
+	if(acltype == SMB_ACL_TYPE_DEFAULT)
+		return(0);
+
+	acl_length = BUFSIZ;
+	file_acl = (struct acl *)malloc(BUFSIZ);
+
+	if(file_acl == NULL) {
+		errno = ENOMEM;
+		DEBUG(0,("Error in sys_acl_set_file is %d\n",errno));
+		return(-1);
+	}
+
+	memset(file_acl,0,BUFSIZ);
+
+	file_acl->acl_len = ACL_SIZ;
+	file_acl->acl_mode = S_IXACL;
+
+	for(acl_entry_link=theacl; acl_entry_link != NULL; acl_entry_link = acl_entry_link->nextp) {
+		acl_entry_link->entryp->ace_access >>= 6;
+		id_type = acl_entry_link->entryp->ace_id->id_type;
+
+		switch(id_type) {
+		case SMB_ACL_USER_OBJ:
+			file_acl->u_access = acl_entry_link->entryp->ace_access;
+			continue;
+		case SMB_ACL_GROUP_OBJ:
+			file_acl->g_access = acl_entry_link->entryp->ace_access;
+			continue;
+		case SMB_ACL_OTHER:
+			file_acl->o_access = acl_entry_link->entryp->ace_access;
+			continue;
+		case SMB_ACL_MASK:
+			continue;
+		}
+
+		if((file_acl->acl_len + sizeof(struct acl_entry)) > acl_length) {
+			acl_length += sizeof(struct acl_entry);
+			file_acl_temp = (struct acl *)malloc(acl_length);
+			if(file_acl_temp == NULL) {
+				SAFE_FREE(file_acl);
+				errno = ENOMEM;
+				DEBUG(0,("Error in sys_acl_set_file is %d\n",errno));
+				return(-1);
+			}  
+
+			memcpy(file_acl_temp,file_acl,file_acl->acl_len);
+			SAFE_FREE(file_acl);
+			file_acl = file_acl_temp;
+		}
+
+		acl_entry = (struct acl_entry *)((char *)file_acl + file_acl->acl_len);
+		file_acl->acl_len += sizeof(struct acl_entry);
+		acl_entry->ace_len = acl_entry_link->entryp->ace_len;
+		acl_entry->ace_access = acl_entry_link->entryp->ace_access;
+ 
+		/* In order to use this, we'll need to wait until we can get denies */
+		/* if(!acl_entry->ace_access && acl_entry->ace_type == ACC_PERMIT)
+		acl_entry->ace_type = ACC_SPECIFY; */
+
+		acl_entry->ace_type = ACC_SPECIFY;
+ 
+		ace_id = acl_entry->ace_id;
+ 
+		ace_id->id_type = acl_entry_link->entryp->ace_id->id_type;
+		DEBUG(10,("The id type is %d\n",ace_id->id_type));
+		ace_id->id_len = acl_entry_link->entryp->ace_id->id_len;
+		memcpy(&user_id, acl_entry_link->entryp->ace_id->id_data, sizeof(uid_t));
+		memcpy(acl_entry->ace_id->id_data, &user_id, sizeof(uid_t));
+	}
+
+	rc = chacl(name,file_acl,file_acl->acl_len);
+	DEBUG(10,("errno is %d\n",errno));
+	DEBUG(10,("return code is %d\n",rc));
+	SAFE_FREE(file_acl);
+	DEBUG(10,("Exiting the sys_acl_set_file\n"));
+	return(rc);
+}
+
+int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
+{
+	struct acl_entry_link *acl_entry_link = NULL;
+	struct acl *file_acl = NULL;
+	struct acl *file_acl_temp = NULL;
+	struct acl_entry *acl_entry = NULL;
+	struct ace_id *ace_id = NULL;
+	uint id_type;
+	uint user_id;
+	uint acl_length;
+	uint rc;
+ 
+	DEBUG(10,("Entering sys_acl_set_fd\n"));
+	acl_length = BUFSIZ;
+	file_acl = (struct acl *)malloc(BUFSIZ);
+
+	if(file_acl == NULL) {
+		errno = ENOMEM;
+		DEBUG(0,("Error in sys_acl_set_fd is %d\n",errno));
+		return(-1);
+	}
+
+	memset(file_acl,0,BUFSIZ);
+ 
+	file_acl->acl_len = ACL_SIZ;
+	file_acl->acl_mode = S_IXACL;
+
+	for(acl_entry_link=theacl; acl_entry_link != NULL; acl_entry_link = acl_entry_link->nextp) {
+		acl_entry_link->entryp->ace_access >>= 6;
+		id_type = acl_entry_link->entryp->ace_id->id_type;
+		DEBUG(10,("The id_type is %d\n",id_type));
+
+		switch(id_type) {
+		case SMB_ACL_USER_OBJ:
+			file_acl->u_access = acl_entry_link->entryp->ace_access;
+			continue;
+		case SMB_ACL_GROUP_OBJ:
+			file_acl->g_access = acl_entry_link->entryp->ace_access;
+			continue;
+		case SMB_ACL_OTHER:
+			file_acl->o_access = acl_entry_link->entryp->ace_access;
+			continue;
+		case SMB_ACL_MASK:
+			continue;
+		}
+
+		if((file_acl->acl_len + sizeof(struct acl_entry)) > acl_length) {
+			acl_length += sizeof(struct acl_entry);
+			file_acl_temp = (struct acl *)malloc(acl_length);
+			if(file_acl_temp == NULL) {
+				SAFE_FREE(file_acl);
+				errno = ENOMEM;
+				DEBUG(0,("Error in sys_acl_set_fd is %d\n",errno));
+				return(-1);
+			}
+
+			memcpy(file_acl_temp,file_acl,file_acl->acl_len);
+			SAFE_FREE(file_acl);
+			file_acl = file_acl_temp;
+		}
+
+		acl_entry = (struct acl_entry *)((char *)file_acl + file_acl->acl_len);
+		file_acl->acl_len += sizeof(struct acl_entry);
+		acl_entry->ace_len = acl_entry_link->entryp->ace_len;
+		acl_entry->ace_access = acl_entry_link->entryp->ace_access;
+ 
+		/* In order to use this, we'll need to wait until we can get denies */
+		/* if(!acl_entry->ace_access && acl_entry->ace_type == ACC_PERMIT)
+			acl_entry->ace_type = ACC_SPECIFY; */
+ 
+		acl_entry->ace_type = ACC_SPECIFY;
+ 
+		ace_id = acl_entry->ace_id;
+ 
+		ace_id->id_type = acl_entry_link->entryp->ace_id->id_type;
+		DEBUG(10,("The id type is %d\n",ace_id->id_type));
+		ace_id->id_len = acl_entry_link->entryp->ace_id->id_len;
+		memcpy(&user_id, acl_entry_link->entryp->ace_id->id_data, sizeof(uid_t));
+		memcpy(ace_id->id_data, &user_id, sizeof(uid_t));
+	}
+ 
+	rc = fchacl(fd,file_acl,file_acl->acl_len);
+	DEBUG(10,("errno is %d\n",errno));
+	DEBUG(10,("return code is %d\n",rc));
+	SAFE_FREE(file_acl);
+	DEBUG(10,("Exiting sys_acl_set_fd\n"));
+	return(rc);
+}
+
+int sys_acl_delete_def_file(const char *name)
+{
+	/* AIX has no default ACL */
+	return 0;
+}
+
+int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
+{
+	return(*permset & perm);
+}
+
+int sys_acl_free_text(char *text)
+{
+	return(0);
+}
+
+int sys_acl_free_acl(SMB_ACL_T posix_acl)
+{
+	struct acl_entry_link *acl_entry_link;
+
+	for(acl_entry_link = posix_acl->nextp; acl_entry_link->nextp != NULL; acl_entry_link = acl_entry_link->nextp) {
+		SAFE_FREE(acl_entry_link->prevp->entryp);
+		SAFE_FREE(acl_entry_link->prevp);
+	}
+
+	SAFE_FREE(acl_entry_link->prevp->entryp);
+	SAFE_FREE(acl_entry_link->prevp);
+	SAFE_FREE(acl_entry_link->entryp);
+	SAFE_FREE(acl_entry_link);
+ 
+	return(0);
+}
+
+int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype)
+{
+	return(0);
+}
+
+#else /* No ACLs. */
+
+int sys_acl_get_entry( SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
+{
+	errno = ENOSYS;
+	return -1;
+}
+
+int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
+{
+	errno = ENOSYS;
+	return -1;
+}
+
+int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
+{
+	errno = ENOSYS;
+	return -1;
+}
+
+void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d)
+{
+	errno = ENOSYS;
+	return NULL;
+}
+
+SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
+{
+	errno = ENOSYS;
+	return (SMB_ACL_T)NULL;
+}
+
+SMB_ACL_T sys_acl_get_fd(int fd)
+{
+	errno = ENOSYS;
+	return (SMB_ACL_T)NULL;
+}
+
+int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset)
+{
+	errno = ENOSYS;
+	return -1;
+}
+
+int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
+{
+	errno = ENOSYS;
+	return -1;
+}
+
+int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
+{
+	errno = ENOSYS;
+	return (permset & perm) ? 1 : 0;
+}
+
+char *sys_acl_to_text( SMB_ACL_T the_acl, ssize_t *plen)
+{
+	errno = ENOSYS;
+	return NULL;
+}
+
+int sys_acl_free_text(char *text)
+{
+	errno = ENOSYS;
+	return -1;
+}
+
+SMB_ACL_T sys_acl_init( int count)
+{
+	errno = ENOSYS;
+	return NULL;
+}
+
+int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
+{
+	errno = ENOSYS;
+	return -1;
+}
+
+int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype)
+{
+	errno = ENOSYS;
+	return -1;
+}
+
+int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual)
+{
+	errno = ENOSYS;
+	return -1;
+}
+
+int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
+{
+	errno = ENOSYS;
+	return -1;
+}
+
+int sys_acl_valid( SMB_ACL_T theacl )
+{
+	errno = ENOSYS;
+	return -1;
+}
+
+int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
+{
+	errno = ENOSYS;
+	return -1;
+}
+
+int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
+{
+	errno = ENOSYS;
+	return -1;
+}
+
+int sys_acl_delete_def_file(const char *name)
+{
+	errno = ENOSYS;
+	return -1;
+}
+
+int sys_acl_free_acl(SMB_ACL_T the_acl) 
+{
+	errno = ENOSYS;
+	return -1;
+}
+
+int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype)
+{
+	errno = ENOSYS;
+	return -1;
+}
+
+#endif /* No ACLs. */
diff --git a/source3/lib/system.c b/source3/lib/system.c
index 938746e9c9..8c7eec939e 100644
--- a/source3/lib/system.c
+++ b/source3/lib/system.c
@@ -1,8 +1,8 @@
 /* 
-   Unix SMB/Netbios implementation.
-   Version 1.9.
+   Unix SMB/CIFS implementation.
    Samba system utilities
-   Copyright (C) Andrew Tridgell 1992-1995
+   Copyright (C) Andrew Tridgell 1992-1998
+   Copyright (C) Jeremy Allison 1998-2002
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -21,202 +21,1214 @@
 
 #include "includes.h"
 
-extern int DEBUGLEVEL;
-
 /*
    The idea is that this file will eventually have wrappers around all
-   important system calls in samba. The aim is twofold:
+   important system calls in samba. The aims are:
 
    - to enable easier porting by putting OS dependent stuff in here
 
    - to allow for hooks into other "pseudo-filesystems"
 
    - to allow easier integration of things like the japanese extensions
+
+   - to support the philosophy of Samba to expose the features of
+     the OS within the SMB model. In general whatever file/printer/variable
+     expansions/etc make sense to the OS should be acceptable to Samba.
 */
 
 
+
 /*******************************************************************
-this replaces the normal select() system call
-return if some data has arrived on one of the file descriptors
-return -1 means error
+ A wrapper for usleep in case we don't have one.
 ********************************************************************/
-#ifdef NO_SELECT
-static int pollfd(int fd)
-{
-  int     r=0;
-
-#ifdef HAS_RDCHK
-  r = rdchk(fd);
-#elif defined(TCRDCHK)
-  (void)ioctl(fd, TCRDCHK, &r);
-#else
-  (void)ioctl(fd, FIONREAD, &r);
-#endif
 
-  return(r);
-}
-
-int sys_select(fd_set *fds,struct timeval *tval)
+int sys_usleep(long usecs)
 {
-  fd_set fds2;
-  int counter=0;
-  int found=0;
+#ifndef HAVE_USLEEP
+	struct timeval tval;
+#endif
 
-  FD_ZERO(&fds2);
+	/*
+	 * We need this braindamage as the glibc usleep
+	 * is not SPEC1170 complient... grumble... JRA.
+	 */
 
-  while (1) 
-    {
-      int i;
-      for (i=0;i<255;i++) {
-	if (FD_ISSET(i,fds) && pollfd(i)>0) {
-	  found++;
-	  FD_SET(i,&fds2);
+	if(usecs < 0 || usecs > 1000000) {
+		errno = EINVAL;
+		return -1;
 	}
-      }
 
-      if (found) {
-	memcpy((void *)fds,(void *)&fds2,sizeof(fds2));
-	return(found);
-      }
-      
-      if (tval && tval.tv_sec < counter) return(0);
-      sleep(1);
-      counter++;
-    }
+#if HAVE_USLEEP
+	usleep(usecs);
+	return 0;
+#else /* HAVE_USLEEP */
+	/*
+	 * Fake it with select...
+	 */
+	tval.tv_sec = 0;
+	tval.tv_usec = usecs/1000;
+	select(0,NULL,NULL,NULL,&tval);
+	return 0;
+#endif /* HAVE_USLEEP */
 }
 
-#else
-int sys_select(fd_set *fds,struct timeval *tval)
+/*******************************************************************
+A stat() wrapper that will deal with 64 bit filesizes.
+********************************************************************/
+
+int sys_stat(const char *fname,SMB_STRUCT_STAT *sbuf)
 {
-  struct timeval t2;
-  int selrtn;
+	int ret;
+#if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_OFF64_T) && defined(HAVE_STAT64)
+	ret = stat64(fname, sbuf);
+#else
+	ret = stat(fname, sbuf);
+#endif
+	/* we always want directories to appear zero size */
+	if (ret == 0 && S_ISDIR(sbuf->st_mode)) sbuf->st_size = 0;
+	return ret;
+}
 
-  do {
-    if (tval) memcpy((void *)&t2,(void *)tval,sizeof(t2));
-    errno = 0;
-    selrtn = select(16,SELECT_CAST fds,NULL,NULL,tval?&t2:NULL);
-  } while (selrtn<0 && errno == EINTR);
+/*******************************************************************
+ An fstat() wrapper that will deal with 64 bit filesizes.
+********************************************************************/
 
-  return(selrtn);
-}
+int sys_fstat(int fd,SMB_STRUCT_STAT *sbuf)
+{
+	int ret;
+#if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_OFF64_T) && defined(HAVE_FSTAT64)
+	ret = fstat64(fd, sbuf);
+#else
+	ret = fstat(fd, sbuf);
 #endif
-
+	/* we always want directories to appear zero size */
+	if (ret == 0 && S_ISDIR(sbuf->st_mode)) sbuf->st_size = 0;
+	return ret;
+}
 
 /*******************************************************************
-just a unlink wrapper
+ An lstat() wrapper that will deal with 64 bit filesizes.
 ********************************************************************/
-int sys_unlink(char *fname)
+
+int sys_lstat(const char *fname,SMB_STRUCT_STAT *sbuf)
 {
-  return(unlink(dos_to_unix(fname,False)));
+	int ret;
+#if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_OFF64_T) && defined(HAVE_LSTAT64)
+	ret = lstat64(fname, sbuf);
+#else
+	ret = lstat(fname, sbuf);
+#endif
+	/* we always want directories to appear zero size */
+	if (ret == 0 && S_ISDIR(sbuf->st_mode)) sbuf->st_size = 0;
+	return ret;
 }
 
-
 /*******************************************************************
-a simple open() wrapper
+ An ftruncate() wrapper that will deal with 64 bit filesizes.
 ********************************************************************/
-int sys_open(char *fname,int flags,int mode)
+
+int sys_ftruncate(int fd, SMB_OFF_T offset)
 {
-  return(open(dos_to_unix(fname,False),flags,mode));
+#if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_OFF64_T) && defined(HAVE_FTRUNCATE64)
+	return ftruncate64(fd, offset);
+#else
+	return ftruncate(fd, offset);
+#endif
 }
 
-
 /*******************************************************************
-a simple opendir() wrapper
+ An lseek() wrapper that will deal with 64 bit filesizes.
 ********************************************************************/
-DIR *sys_opendir(char *dname)
+
+SMB_OFF_T sys_lseek(int fd, SMB_OFF_T offset, int whence)
 {
-  return(opendir(dos_to_unix(dname,False)));
+#if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_OFF64_T) && defined(HAVE_LSEEK64)
+	return lseek64(fd, offset, whence);
+#else
+	return lseek(fd, offset, whence);
+#endif
 }
 
+/*******************************************************************
+ An fseek() wrapper that will deal with 64 bit filesizes.
+********************************************************************/
+
+int sys_fseek(FILE *fp, SMB_OFF_T offset, int whence)
+{
+#if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(LARGE_SMB_OFF_T) && defined(HAVE_FSEEK64)
+	return fseek64(fp, offset, whence);
+#elif defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(LARGE_SMB_OFF_T) && defined(HAVE_FSEEKO64)
+	return fseeko64(fp, offset, whence);
+#else
+	return fseek(fp, offset, whence);
+#endif
+}
 
 /*******************************************************************
-and a stat() wrapper
+ An ftell() wrapper that will deal with 64 bit filesizes.
 ********************************************************************/
-int sys_stat(char *fname,struct stat *sbuf)
+
+SMB_OFF_T sys_ftell(FILE *fp)
 {
-  return(stat(dos_to_unix(fname,False),sbuf));
+#if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(LARGE_SMB_OFF_T) && defined(HAVE_FTELL64)
+	return (SMB_OFF_T)ftell64(fp);
+#elif defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(LARGE_SMB_OFF_T) && defined(HAVE_FTELLO64)
+	return (SMB_OFF_T)ftello64(fp);
+#else
+	return (SMB_OFF_T)ftell(fp);
+#endif
 }
 
 /*******************************************************************
-don't forget lstat()
+ A creat() wrapper that will deal with 64 bit filesizes.
 ********************************************************************/
-int sys_lstat(char *fname,struct stat *sbuf)
+
+int sys_creat(const char *path, mode_t mode)
 {
-  return(lstat(dos_to_unix(fname,False),sbuf));
+#if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_CREAT64)
+	return creat64(path, mode);
+#else
+	/*
+	 * If creat64 isn't defined then ensure we call a potential open64.
+	 * JRA.
+	 */
+	return sys_open(path, O_WRONLY | O_CREAT | O_TRUNC, mode);
+#endif
 }
 
+/*******************************************************************
+ An open() wrapper that will deal with 64 bit filesizes.
+********************************************************************/
+
+int sys_open(const char *path, int oflag, mode_t mode)
+{
+#if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_OPEN64)
+	return open64(path, oflag, mode);
+#else
+	return open(path, oflag, mode);
+#endif
+}
 
 /*******************************************************************
-mkdir() gets a wrapper
+ An fopen() wrapper that will deal with 64 bit filesizes.
 ********************************************************************/
-int sys_mkdir(char *dname,int mode)
+
+FILE *sys_fopen(const char *path, const char *type)
 {
-  return(mkdir(dos_to_unix(dname,False),mode));
+#if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_FOPEN64)
+	return fopen64(path, type);
+#else
+	return fopen(path, type);
+#endif
 }
 
+/*******************************************************************
+ A readdir wrapper that will deal with 64 bit filesizes.
+********************************************************************/
+
+SMB_STRUCT_DIRENT *sys_readdir(DIR *dirp)
+{
+#if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_READDIR64)
+	return readdir64(dirp);
+#else
+	return readdir(dirp);
+#endif
+}
 
 /*******************************************************************
-do does rmdir()
+ An mknod() wrapper that will deal with 64 bit filesizes.
 ********************************************************************/
-int sys_rmdir(char *dname)
+
+int sys_mknod(const char *path, mode_t mode, SMB_DEV_T dev)
 {
-  return(rmdir(dos_to_unix(dname,False)));
+#if defined(HAVE_MKNOD) || defined(HAVE_MKNOD64)
+#if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_MKNOD64) && defined(HAVE_DEV64_T)
+	return mknod64(path, mode, dev);
+#else
+	return mknod(path, mode, dev);
+#endif
+#else
+	/* No mknod system call. */
+	errno = ENOSYS;
+	return -1;
+#endif
 }
 
+/*******************************************************************
+ Wrapper for realpath.
+********************************************************************/
+
+char *sys_realpath(const char *path, char *resolved_path)
+{
+#if defined(HAVE_REALPATH)
+	return realpath(path, resolved_path);
+#else
+	/* As realpath is not a system call we can't return ENOSYS. */
+	errno = EINVAL;
+	return NULL;
+#endif
+}
 
 /*******************************************************************
-I almost forgot chdir()
+The wait() calls vary between systems
 ********************************************************************/
-int sys_chdir(char *dname)
+
+int sys_waitpid(pid_t pid,int *status,int options)
 {
-  return(chdir(dos_to_unix(dname,False)));
+#ifdef HAVE_WAITPID
+	return waitpid(pid,status,options);
+#else /* HAVE_WAITPID */
+	return wait4(pid, status, options, NULL);
+#endif /* HAVE_WAITPID */
 }
 
+/*******************************************************************
+ System wrapper for getwd
+********************************************************************/
+
+char *sys_getwd(char *s)
+{
+	char *wd;
+#ifdef HAVE_GETCWD
+	wd = (char *)getcwd(s, sizeof (pstring));
+#else
+	wd = (char *)getwd(s);
+#endif
+	return wd;
+}
 
 /*******************************************************************
-now for utime()
+system wrapper for symlink
 ********************************************************************/
-int sys_utime(char *fname,struct utimbuf *times)
+
+int sys_symlink(const char *oldpath, const char *newpath)
 {
-  return(utime(dos_to_unix(fname,False),times));
+#ifndef HAVE_SYMLINK
+	errno = ENOSYS;
+	return -1;
+#else
+	return symlink(oldpath, newpath);
+#endif
 }
 
 /*******************************************************************
-for rename()
+system wrapper for readlink
 ********************************************************************/
-int sys_rename(char *from, char *to)
+
+int sys_readlink(const char *path, char *buf, size_t bufsiz)
 {
-#ifdef KANJI
-    pstring zfrom, zto;
-    strcpy (zfrom, dos_to_unix (from, False));
-    strcpy (zto, dos_to_unix (to, False));
-    return rename (zfrom, zto);
-#else 
-    return rename (from, to);
-#endif /* KANJI */
+#ifndef HAVE_READLINK
+	errno = ENOSYS;
+	return -1;
+#else
+	return readlink(path, buf, bufsiz);
+#endif
 }
 
+/*******************************************************************
+system wrapper for link
+********************************************************************/
+
+int sys_link(const char *oldpath, const char *newpath)
+{
+#ifndef HAVE_LINK
+	errno = ENOSYS;
+	return -1;
+#else
+	return link(oldpath, newpath);
+#endif
+}
 
 /*******************************************************************
 chown isn't used much but OS/2 doesn't have it
 ********************************************************************/
-int sys_chown(char *fname,int uid,int gid)
+
+int sys_chown(const char *fname,uid_t uid,gid_t gid)
 {
-#ifdef NO_CHOWN
-  DEBUG(1,("Warning - chown(%s,%d,%d) not done\n",fname,uid,gid));
+#ifndef HAVE_CHOWN
+	static int done;
+	if (!done) {
+		DEBUG(1,("WARNING: no chown!\n"));
+		done=1;
+	}
 #else
-  return(chown(fname,uid,gid));
+	return(chown(fname,uid,gid));
 #endif
 }
 
 /*******************************************************************
 os/2 also doesn't have chroot
 ********************************************************************/
-int sys_chroot(char *dname)
+int sys_chroot(const char *dname)
+{
+#ifndef HAVE_CHROOT
+	static int done;
+	if (!done) {
+		DEBUG(1,("WARNING: no chroot!\n"));
+		done=1;
+	}
+	errno = ENOSYS;
+	return -1;
+#else
+	return(chroot(dname));
+#endif
+}
+
+/**************************************************************************
+A wrapper for gethostbyname() that tries avoids looking up hostnames 
+in the root domain, which can cause dial-on-demand links to come up for no
+apparent reason.
+****************************************************************************/
+
+struct hostent *sys_gethostbyname(const char *name)
+{
+#ifdef REDUCE_ROOT_DNS_LOOKUPS
+	char query[256], hostname[256];
+	char *domain;
+
+	/* Does this name have any dots in it? If so, make no change */
+
+	if (strchr_m(name, '.'))
+		return(gethostbyname(name));
+
+	/* Get my hostname, which should have domain name 
+		attached. If not, just do the gethostname on the
+		original string. 
+	*/
+
+	gethostname(hostname, sizeof(hostname) - 1);
+	hostname[sizeof(hostname) - 1] = 0;
+	if ((domain = strchr_m(hostname, '.')) == NULL)
+		return(gethostbyname(name));
+
+	/* Attach domain name to query and do modified query.
+		If names too large, just do gethostname on the
+		original string.
+	*/
+
+	if((strlen(name) + strlen(domain)) >= sizeof(query))
+		return(gethostbyname(name));
+
+	slprintf(query, sizeof(query)-1, "%s%s", name, domain);
+	return(gethostbyname(query));
+#else /* REDUCE_ROOT_DNS_LOOKUPS */
+	return(gethostbyname(name));
+#endif /* REDUCE_ROOT_DNS_LOOKUPS */
+}
+
+
+#if defined(HAVE_IRIX_SPECIFIC_CAPABILITIES)
+/**************************************************************************
+ Try and abstract process capabilities (for systems that have them).
+****************************************************************************/
+static BOOL set_process_capability( uint32 cap_flag, BOOL enable )
+{
+	if(cap_flag == KERNEL_OPLOCK_CAPABILITY) {
+		cap_t cap = cap_get_proc();
+
+		if (cap == NULL) {
+			DEBUG(0,("set_process_capability: cap_get_proc failed. Error was %s\n",
+				strerror(errno)));
+			return False;
+		}
+
+		if(enable)
+			cap->cap_effective |= CAP_NETWORK_MGT;
+		else
+			cap->cap_effective &= ~CAP_NETWORK_MGT;
+
+		if (cap_set_proc(cap) == -1) {
+			DEBUG(0,("set_process_capability: cap_set_proc failed. Error was %s\n",
+				strerror(errno)));
+			cap_free(cap);
+			return False;
+		}
+
+		cap_free(cap);
+
+		DEBUG(10,("set_process_capability: Set KERNEL_OPLOCK_CAPABILITY.\n"));
+	}
+	return True;
+}
+
+/**************************************************************************
+ Try and abstract inherited process capabilities (for systems that have them).
+****************************************************************************/
+
+static BOOL set_inherited_process_capability( uint32 cap_flag, BOOL enable )
+{
+	if(cap_flag == KERNEL_OPLOCK_CAPABILITY) {
+		cap_t cap = cap_get_proc();
+
+		if (cap == NULL) {
+			DEBUG(0,("set_inherited_process_capability: cap_get_proc failed. Error was %s\n",
+				strerror(errno)));
+			return False;
+		}
+
+		if(enable)
+			cap->cap_inheritable |= CAP_NETWORK_MGT;
+		else
+			cap->cap_inheritable &= ~CAP_NETWORK_MGT;
+
+		if (cap_set_proc(cap) == -1) {
+			DEBUG(0,("set_inherited_process_capability: cap_set_proc failed. Error was %s\n", 
+				strerror(errno)));
+			cap_free(cap);
+			return False;
+		}
+
+		cap_free(cap);
+
+		DEBUG(10,("set_inherited_process_capability: Set KERNEL_OPLOCK_CAPABILITY.\n"));
+	}
+	return True;
+}
+#endif
+
+/****************************************************************************
+ Gain the oplock capability from the kernel if possible.
+****************************************************************************/
+
+void oplock_set_capability(BOOL this_process, BOOL inherit)
+{
+#if HAVE_KERNEL_OPLOCKS_IRIX
+	set_process_capability(KERNEL_OPLOCK_CAPABILITY,this_process);
+	set_inherited_process_capability(KERNEL_OPLOCK_CAPABILITY,inherit);
+#endif
+}
+
+/**************************************************************************
+ Wrapper for random().
+****************************************************************************/
+
+long sys_random(void)
+{
+#if defined(HAVE_RANDOM)
+	return (long)random();
+#elif defined(HAVE_RAND)
+	return (long)rand();
+#else
+	DEBUG(0,("Error - no random function available !\n"));
+	exit(1);
+#endif
+}
+
+/**************************************************************************
+ Wrapper for srandom().
+****************************************************************************/
+
+void sys_srandom(unsigned int seed)
+{
+#if defined(HAVE_SRANDOM)
+	srandom(seed);
+#elif defined(HAVE_SRAND)
+	srand(seed);
+#else
+	DEBUG(0,("Error - no srandom function available !\n"));
+	exit(1);
+#endif
+}
+
+/**************************************************************************
+ Returns equivalent to NGROUPS_MAX - using sysconf if needed.
+****************************************************************************/
+
+int groups_max(void)
+{
+#if defined(SYSCONF_SC_NGROUPS_MAX)
+	int ret = sysconf(_SC_NGROUPS_MAX);
+	return (ret == -1) ? NGROUPS_MAX : ret;
+#else
+	return NGROUPS_MAX;
+#endif
+}
+
+/**************************************************************************
+ Wrapper for getgroups. Deals with broken (int) case.
+****************************************************************************/
+
+int sys_getgroups(int setlen, gid_t *gidset)
+{
+#if !defined(HAVE_BROKEN_GETGROUPS)
+	return getgroups(setlen, gidset);
+#else
+
+	GID_T gid;
+	GID_T *group_list;
+	int i, ngroups;
+
+	if(setlen == 0) {
+		return getgroups(setlen, &gid);
+	}
+
+	/*
+	 * Broken case. We need to allocate a
+	 * GID_T array of size setlen.
+	 */
+
+	if(setlen < 0) {
+		errno = EINVAL; 
+		return -1;
+	} 
+
+	if (setlen == 0)
+		setlen = groups_max();
+
+	if((group_list = (GID_T *)malloc(setlen * sizeof(GID_T))) == NULL) {
+		DEBUG(0,("sys_getgroups: Malloc fail.\n"));
+		return -1;
+	}
+
+	if((ngroups = getgroups(setlen, group_list)) < 0) {
+		int saved_errno = errno;
+		SAFE_FREE(group_list);
+		errno = saved_errno;
+		return -1;
+	}
+
+	for(i = 0; i < ngroups; i++)
+		gidset[i] = (gid_t)group_list[i];
+
+	SAFE_FREE(group_list);
+	return ngroups;
+#endif /* HAVE_BROKEN_GETGROUPS */
+}
+
+#ifdef HAVE_SETGROUPS
+
+/**************************************************************************
+ Wrapper for setgroups. Deals with broken (int) case. Automatically used
+ if we have broken getgroups.
+****************************************************************************/
+
+int sys_setgroups(int setlen, gid_t *gidset)
+{
+#if !defined(HAVE_BROKEN_GETGROUPS)
+	return setgroups(setlen, gidset);
+#else
+
+	GID_T *group_list;
+	int i ; 
+
+	if (setlen == 0)
+		return 0 ;
+
+	if (setlen < 0 || setlen > groups_max()) {
+		errno = EINVAL; 
+		return -1;   
+	}
+
+	/*
+	 * Broken case. We need to allocate a
+	 * GID_T array of size setlen.
+	 */
+
+	if((group_list = (GID_T *)malloc(setlen * sizeof(GID_T))) == NULL) {
+		DEBUG(0,("sys_setgroups: Malloc fail.\n"));
+		return -1;    
+	}
+ 
+	for(i = 0; i < setlen; i++) 
+		group_list[i] = (GID_T) gidset[i]; 
+
+	if(setgroups(setlen, group_list) != 0) {
+		int saved_errno = errno;
+		SAFE_FREE(group_list);
+		errno = saved_errno;
+		return -1;
+	}
+ 
+	SAFE_FREE(group_list);
+	return 0 ;
+#endif /* HAVE_BROKEN_GETGROUPS */
+}
+
+#endif /* HAVE_SETGROUPS */
+
+/*
+ * We only wrap pw_name and pw_passwd for now as these
+ * are the only potentially modified fields.
+ */
+
+/**************************************************************************
+ Helper function for getpwnam/getpwuid wrappers.
+****************************************************************************/
+
+struct saved_pw {
+	fstring 	pw_name;
+	fstring 	pw_passwd;
+	fstring		pw_gecos;
+	pstring		pw_dir;
+	pstring		pw_shell;
+	struct passwd pass;
+};
+
+static struct saved_pw pw_mod; /* This is the structure returned - can be modified. */
+static struct saved_pw pw_cache; /* This is the structure saved - used to check cache. */
+
+static int num_lookups; /* Counter so we don't always use cache. */
+#ifndef PW_RET_CACHE_MAX_LOOKUPS
+#define PW_RET_CACHE_MAX_LOOKUPS 100
+#endif
+
+static void copy_pwent(struct saved_pw *dst, struct passwd *pass)
 {
-#ifdef NO_CHROOT
-  DEBUG(1,("Warning - chroot(%s) not done\n",dname));
+	memcpy((char *)&dst->pass, pass, sizeof(struct passwd));
+
+	fstrcpy(dst->pw_name, pass->pw_name);
+	dst->pass.pw_name = dst->pw_name;
+
+	fstrcpy(dst->pw_passwd, pass->pw_passwd);
+	dst->pass.pw_passwd = dst->pw_passwd;
+
+	fstrcpy(dst->pw_gecos, pass->pw_gecos);
+	dst->pass.pw_gecos = dst->pw_gecos;
+
+	pstrcpy(dst->pw_dir, pass->pw_dir);
+	dst->pass.pw_dir = dst->pw_dir;
+
+	pstrcpy(dst->pw_shell, pass->pw_shell);
+	dst->pass.pw_shell = dst->pw_shell;
+}
+
+static struct passwd *setup_pwret(struct passwd *pass)
+{
+	if (pass == NULL) {
+		/* Clear the caches. */
+		memset(&pw_cache, '\0', sizeof(struct saved_pw));
+		memset(&pw_mod, '\0', sizeof(struct saved_pw));
+		num_lookups = 0;
+		return NULL;
+	}
+
+	copy_pwent( &pw_mod, pass);
+
+	if (pass != &pw_cache.pass) {
+
+		/* If it's a cache miss we must also refill the cache. */
+
+		copy_pwent( &pw_cache, pass);
+		num_lookups = 1;
+
+	} else {
+
+		/* Cache hit. */
+
+		num_lookups++;
+		num_lookups = (num_lookups % PW_RET_CACHE_MAX_LOOKUPS);
+	}
+
+	return &pw_mod.pass;
+}
+
+/**************************************************************************
+ Wrappers for setpwent(), getpwent() and endpwent()
+****************************************************************************/
+
+void sys_setpwent(void)
+{
+	setup_pwret(NULL); /* Clear cache. */
+	setpwent();
+}
+
+struct passwd *sys_getpwent(void)
+{
+	return setup_pwret(getpwent());
+}
+
+void sys_endpwent(void)
+{
+	setup_pwret(NULL); /* Clear cache. */
+	endpwent();
+}
+
+/**************************************************************************
+ Wrapper for getpwnam(). Always returns a static that can be modified.
+****************************************************************************/
+
+struct passwd *sys_getpwnam(const char *name)
+{
+	if (!name || !name[0])
+		return NULL;
+
+	/* check for a cache hit first */
+	if (num_lookups && pw_cache.pass.pw_name && !strcmp(name, pw_cache.pass.pw_name)) {
+		return setup_pwret(&pw_cache.pass);
+	}
+
+	return setup_pwret(getpwnam(name));
+}
+
+/**************************************************************************
+ Wrapper for getpwuid(). Always returns a static that can be modified.
+****************************************************************************/
+
+struct passwd *sys_getpwuid(uid_t uid)
+{
+	if (num_lookups && pw_cache.pass.pw_name && (uid == pw_cache.pass.pw_uid)) {
+		return setup_pwret(&pw_cache.pass);
+	}
+	
+  	return setup_pwret(getpwuid(uid));
+}
+
+#if 0 /* NOT CURRENTLY USED - JRA */
+/**************************************************************************
+ The following are the UNICODE versions of *all* system interface functions
+ called within Samba. Ok, ok, the exceptions are the gethostbyXX calls,
+ which currently are left as ascii as they are not used other than in name
+ resolution.
+****************************************************************************/
+
+/**************************************************************************
+ Wide stat. Just narrow and call sys_xxx.
+****************************************************************************/
+
+int wsys_stat(const smb_ucs2_t *wfname,SMB_STRUCT_STAT *sbuf)
+{
+	pstring fname;
+	return sys_stat(unicode_to_unix(fname,wfname,sizeof(fname)), sbuf);
+}
+
+/**************************************************************************
+ Wide lstat. Just narrow and call sys_xxx.
+****************************************************************************/
+
+int wsys_lstat(const smb_ucs2_t *wfname,SMB_STRUCT_STAT *sbuf)
+{
+	pstring fname;
+	return sys_lstat(unicode_to_unix(fname,wfname,sizeof(fname)), sbuf);
+}
+
+/**************************************************************************
+ Wide creat. Just narrow and call sys_xxx.
+****************************************************************************/
+
+int wsys_creat(const smb_ucs2_t *wfname, mode_t mode)
+{
+	pstring fname;
+	return sys_creat(unicode_to_unix(fname,wfname,sizeof(fname)), mode);
+}
+
+/**************************************************************************
+ Wide open. Just narrow and call sys_xxx.
+****************************************************************************/
+
+int wsys_open(const smb_ucs2_t *wfname, int oflag, mode_t mode)
+{
+	pstring fname;
+	return sys_open(unicode_to_unix(fname,wfname,sizeof(fname)), oflag, mode);
+}
+
+/**************************************************************************
+ Wide fopen. Just narrow and call sys_xxx.
+****************************************************************************/
+
+FILE *wsys_fopen(const smb_ucs2_t *wfname, const char *type)
+{
+	pstring fname;
+	return sys_fopen(unicode_to_unix(fname,wfname,sizeof(fname)), type);
+}
+
+/**************************************************************************
+ Wide opendir. Just narrow and call sys_xxx.
+****************************************************************************/
+
+DIR *wsys_opendir(const smb_ucs2_t *wfname)
+{
+	pstring fname;
+	return opendir(unicode_to_unix(fname,wfname,sizeof(fname)));
+}
+
+/**************************************************************************
+ Wide readdir. Return a structure pointer containing a wide filename.
+****************************************************************************/
+
+SMB_STRUCT_WDIRENT *wsys_readdir(DIR *dirp)
+{
+	static SMB_STRUCT_WDIRENT retval;
+	SMB_STRUCT_DIRENT *dirval = sys_readdir(dirp);
+
+	if(!dirval)
+		return NULL;
+
+	/*
+	 * The only POSIX defined member of this struct is d_name.
+	 */
+
+	unix_to_unicode(retval.d_name,dirval->d_name,sizeof(retval.d_name));
+
+	return &retval;
+}
+
+/**************************************************************************
+ Wide getwd. Call sys_xxx and widen. Assumes s points to a wpstring.
+****************************************************************************/
+
+smb_ucs2_t *wsys_getwd(smb_ucs2_t *s)
+{
+	pstring fname;
+	char *p = sys_getwd(fname);
+
+	if(!p)
+		return NULL;
+
+	return unix_to_unicode(s, p, sizeof(wpstring));
+}
+
+/**************************************************************************
+ Wide chown. Just narrow and call sys_xxx.
+****************************************************************************/
+
+int wsys_chown(const smb_ucs2_t *wfname, uid_t uid, gid_t gid)
+{
+	pstring fname;
+	return chown(unicode_to_unix(fname,wfname,sizeof(fname)), uid, gid);
+}
+
+/**************************************************************************
+ Wide chroot. Just narrow and call sys_xxx.
+****************************************************************************/
+
+int wsys_chroot(const smb_ucs2_t *wfname)
+{
+	pstring fname;
+	return chroot(unicode_to_unix(fname,wfname,sizeof(fname)));
+}
+
+/**************************************************************************
+ Wide getpwnam. Return a structure pointer containing wide names.
+****************************************************************************/
+
+SMB_STRUCT_WPASSWD *wsys_getpwnam(const smb_ucs2_t *wname)
+{
+	static SMB_STRUCT_WPASSWD retval;
+	fstring name;
+	struct passwd *pwret = sys_getpwnam(unicode_to_unix(name,wname,sizeof(name)));
+
+	if(!pwret)
+		return NULL;
+
+	unix_to_unicode(retval.pw_name, pwret->pw_name, sizeof(retval.pw_name));
+	retval.pw_passwd = pwret->pw_passwd;
+	retval.pw_uid = pwret->pw_uid;
+	retval.pw_gid = pwret->pw_gid;
+	unix_to_unicode(retval.pw_gecos, pwret->pw_gecos, sizeof(retval.pw_gecos));
+	unix_to_unicode(retval.pw_dir, pwret->pw_dir, sizeof(retval.pw_dir));
+	unix_to_unicode(retval.pw_shell, pwret->pw_shell, sizeof(retval.pw_shell));
+
+	return &retval;
+}
+
+/**************************************************************************
+ Wide getpwuid. Return a structure pointer containing wide names.
+****************************************************************************/
+
+SMB_STRUCT_WPASSWD *wsys_getpwuid(uid_t uid)
+{
+	static SMB_STRUCT_WPASSWD retval;
+	struct passwd *pwret = sys_getpwuid(uid);
+
+	if(!pwret)
+		return NULL;
+
+	unix_to_unicode(retval.pw_name, pwret->pw_name, sizeof(retval.pw_name));
+	retval.pw_passwd = pwret->pw_passwd;
+	retval.pw_uid = pwret->pw_uid;
+	retval.pw_gid = pwret->pw_gid;
+	unix_to_unicode(retval.pw_gecos, pwret->pw_gecos, sizeof(retval.pw_gecos));
+	unix_to_unicode(retval.pw_dir, pwret->pw_dir, sizeof(retval.pw_dir));
+	unix_to_unicode(retval.pw_shell, pwret->pw_shell, sizeof(retval.pw_shell));
+
+	return &retval;
+}
+#endif /* NOT CURRENTLY USED - JRA */
+
+/**************************************************************************
+ Extract a command into an arg list. Uses a static pstring for storage.
+ Caller frees returned arg list (which contains pointers into the static pstring).
+****************************************************************************/
+
+static char **extract_args(const char *command)
+{
+	static pstring trunc_cmd;
+	char *ptr;
+	int argcl;
+	char **argl = NULL;
+	int i;
+
+	pstrcpy(trunc_cmd, command);
+
+	if(!(ptr = strtok(trunc_cmd, " \t"))) {
+		errno = EINVAL;
+		return NULL;
+	}
+
+	/*
+	 * Count the args.
+	 */
+
+	for( argcl = 1; ptr; ptr = strtok(NULL, " \t"))
+		argcl++;
+
+	if((argl = (char **)malloc((argcl + 1) * sizeof(char *))) == NULL)
+		return NULL;
+
+	/*
+	 * Now do the extraction.
+	 */
+
+	pstrcpy(trunc_cmd, command);
+
+	ptr = strtok(trunc_cmd, " \t");
+	i = 0;
+	argl[i++] = ptr;
+
+	while((ptr = strtok(NULL, " \t")) != NULL)
+		argl[i++] = ptr;
+
+	argl[i++] = NULL;
+	return argl;
+}
+
+/**************************************************************************
+ Wrapper for fork. Ensures that mypid is reset. Used so we can write
+ a sys_getpid() that only does a system call *once*.
+****************************************************************************/
+
+static pid_t mypid = (pid_t)-1;
+
+pid_t sys_fork(void)
+{
+	pid_t forkret = fork();
+
+	if (forkret == (pid_t)0) /* Child - reset mypid so sys_getpid does a system call. */
+		mypid = (pid_t) -1;
+
+	return forkret;
+}
+
+/**************************************************************************
+ Wrapper for getpid. Ensures we only do a system call *once*.
+****************************************************************************/
+
+pid_t sys_getpid(void)
+{
+	if (mypid == (pid_t)-1)
+		mypid = getpid();
+
+	return mypid;
+}
+
+/**************************************************************************
+ Wrapper for popen. Safer as it doesn't search a path.
+ Modified from the glibc sources.
+ modified by tridge to return a file descriptor. We must kick our FILE* habit
+****************************************************************************/
+
+typedef struct _popen_list
+{
+	int fd;
+	pid_t child_pid;
+	struct _popen_list *next;
+} popen_list;
+
+static popen_list *popen_chain;
+
+int sys_popen(const char *command)
+{
+	int parent_end, child_end;
+	int pipe_fds[2];
+	popen_list *entry = NULL;
+	char **argl = NULL;
+
+	if (pipe(pipe_fds) < 0)
+		return -1;
+
+	parent_end = pipe_fds[0];
+	child_end = pipe_fds[1];
+
+	if (!*command) {
+		errno = EINVAL;
+		goto err_exit;
+	}
+
+	if((entry = (popen_list *)malloc(sizeof(popen_list))) == NULL)
+		goto err_exit;
+
+	ZERO_STRUCTP(entry);
+
+	/*
+	 * Extract the command and args into a NULL terminated array.
+	 */
+
+	if(!(argl = extract_args(command)))
+		goto err_exit;
+
+	entry->child_pid = sys_fork();
+
+	if (entry->child_pid == -1) {
+		goto err_exit;
+	}
+
+	if (entry->child_pid == 0) {
+
+		/*
+		 * Child !
+		 */
+
+		int child_std_end = STDOUT_FILENO;
+		popen_list *p;
+
+		close(parent_end);
+		if (child_end != child_std_end) {
+			dup2 (child_end, child_std_end);
+			close (child_end);
+		}
+
+		/*
+		 * POSIX.2:  "popen() shall ensure that any streams from previous
+		 * popen() calls that remain open in the parent process are closed
+		 * in the new child process."
+		 */
+
+		for (p = popen_chain; p; p = p->next)
+			close(p->fd);
+
+		execv(argl[0], argl);
+		_exit (127);
+	}
+
+	/*
+	 * Parent.
+	 */
+
+	close (child_end);
+	SAFE_FREE(argl);
+
+	/* Link into popen_chain. */
+	entry->next = popen_chain;
+	popen_chain = entry;
+	entry->fd = parent_end;
+
+	return entry->fd;
+
+err_exit:
+
+	SAFE_FREE(entry);
+	SAFE_FREE(argl);
+	close(pipe_fds[0]);
+	close(pipe_fds[1]);
+	return -1;
+}
+
+/**************************************************************************
+ Wrapper for pclose. Modified from the glibc sources.
+****************************************************************************/
+
+int sys_pclose(int fd)
+{
+	int wstatus;
+	popen_list **ptr = &popen_chain;
+	popen_list *entry = NULL;
+	pid_t wait_pid;
+	int status = -1;
+
+	/* Unlink from popen_chain. */
+	for ( ; *ptr != NULL; ptr = &(*ptr)->next) {
+		if ((*ptr)->fd == fd) {
+			entry = *ptr;
+			*ptr = (*ptr)->next;
+			status = 0;
+			break;
+		}
+	}
+
+	if (status < 0 || close(entry->fd) < 0)
+		return -1;
+
+	/*
+	 * As Samba is catching and eating child process
+	 * exits we don't really care about the child exit
+	 * code, a -1 with errno = ECHILD will do fine for us.
+	 */
+
+	do {
+		wait_pid = sys_waitpid (entry->child_pid, &wstatus, 0);
+	} while (wait_pid == -1 && errno == EINTR);
+
+	SAFE_FREE(entry);
+
+	if (wait_pid == -1)
+		return -1;
+	return wstatus;
+}
+
+/**************************************************************************
+ Wrappers for dlopen, dlsym, dlclose.
+****************************************************************************/
+
+void *sys_dlopen(const char *name, int flags)
+{
+#if defined(HAVE_LIBDL) || defined(HAVE_DLOPEN)
+	return dlopen(name, flags);
+#else
+	return NULL;
+#endif
+}
+
+void *sys_dlsym(void *handle, char *symbol)
+{
+#if defined(HAVE_LIBDL) || defined(HAVE_DLSYM)
+    return dlsym(handle, symbol);
+#else
+    return NULL;
+#endif
+}
+
+int sys_dlclose (void *handle)
+{
+#if defined(HAVE_LIBDL) || defined(HAVE_DLCLOSE)
+	return dlclose(handle);
+#else
+	return 0;
+#endif
+}
+
+const char *sys_dlerror(void)
+{
+#if defined(HAVE_LIBDL) || defined(HAVE_DLERROR)
+	return dlerror();
+#else
+	return NULL;
+#endif
+}
+
+/**************************************************************************
+ Wrapper for Admin Logs.
+****************************************************************************/
+
+void sys_adminlog(int priority, const char *format_str, ...)
+{
+	va_list ap;
+	int ret;
+	char **msgbuf = NULL;
+
+	if (!lp_admin_log())
+		return;
+
+	va_start( ap, format_str );
+	ret = vasprintf( msgbuf, format_str, ap );
+	va_end( ap );
+
+	if (ret == -1)
+		return;
+
+#if defined(HAVE_SYSLOG)
+	syslog( priority, "%s", *msgbuf );
 #else
-  return(chroot(dname));
+	DEBUG(0,("%s", *msgbuf ));
 #endif
+	SAFE_FREE(*msgbuf);
 }
diff --git a/source3/lib/talloc.c b/source3/lib/talloc.c
new file mode 100644
index 0000000000..6ac784a929
--- /dev/null
+++ b/source3/lib/talloc.c
@@ -0,0 +1,441 @@
+/* 
+   Samba Unix SMB/CIFS implementation.
+   Samba temporary memory allocation functions
+   Copyright (C) Andrew Tridgell 2000
+   Copyright (C) 2001, 2002 by Martin Pool <mbp@samba.org>
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+/**
+   @defgroup talloc Simple memory allocator
+   @{
+   
+   This is a very simple temporary memory allocator. To use it do the following:
+
+   1) when you first want to allocate a pool of meomry use
+   talloc_init() and save the resulting context pointer somewhere
+
+   2) to allocate memory use talloc()
+
+   3) when _all_ of the memory allocated using this context is no longer needed
+   use talloc_destroy()
+
+   talloc does not zero the memory. It guarantees memory of a
+   TALLOC_ALIGN alignment
+
+   @sa talloc.h
+*/
+
+/**
+ * @todo We could allocate both the talloc_chunk structure, and the
+ * memory it contains all in one allocation, which might be a bit
+ * faster and perhaps use less memory overhead.
+ *
+ * That smells like a premature optimization, though.  -- mbp
+ **/
+
+/**
+ * If you want testing for memory corruption, link with dmalloc or use
+ * Insure++.  It doesn't seem useful to duplicate them here.
+ **/
+
+#include "includes.h"
+
+struct talloc_chunk {
+	struct talloc_chunk *next;
+	size_t size;
+	void *ptr;
+};
+
+
+struct talloc_ctx {
+	struct talloc_chunk *list;
+	size_t total_alloc_size;
+
+	/** The name recorded for this pool, if any.  Should describe
+	 * the purpose for which it was allocated.  The string is
+	 * allocated within the pool. **/
+	char *name;
+
+	/** Pointer to the next allocate talloc pool, so that we can
+	 * summarize all talloc memory usage. **/
+	struct talloc_ctx *next_ctx;
+};
+
+
+/**
+ * Start of linked list of all talloc pools.
+ *
+ * @todo We should turn the global list off when using Insure++,
+ * otherwise all the memory will be seen as still reachable.
+ **/
+TALLOC_CTX *list_head = NULL;
+
+
+/**
+ * Add to the global list
+ **/
+static void talloc_enroll(TALLOC_CTX *t)
+{
+	t->next_ctx = list_head;
+	list_head = t;
+}
+
+
+static void talloc_disenroll(TALLOC_CTX *t)
+{
+	TALLOC_CTX **ttmp;
+
+	/* Use a double-* so that no special case is required for the
+	 * list head. */
+	for (ttmp = &list_head; *ttmp; ttmp = &((*ttmp)->next_ctx))
+		if (*ttmp == t) {
+			/* ttmp is the link that points to t, either
+			 * list_head or the next_ctx link in its
+			 * predecessor */
+			*ttmp = t->next_ctx;
+			t->next_ctx = NULL;	/* clobber */
+			return;
+		}
+	abort();		/* oops, this talloc was already
+				 * clobbered or something else went
+				 * wrong. */
+}
+
+
+/** Create a new talloc context. **/
+TALLOC_CTX *talloc_init(void)
+{
+	TALLOC_CTX *t;
+
+	t = (TALLOC_CTX *)malloc(sizeof(TALLOC_CTX));
+	if (t) {
+		t->list = NULL;
+		t->total_alloc_size = 0;
+		t->name = NULL;
+		talloc_enroll(t);
+	}
+
+	return t;
+}
+
+
+
+/**
+ * Create a new talloc context, with a name specifying its purpose.
+ * Please call this in preference to talloc_init().
+ **/
+ TALLOC_CTX *talloc_init_named(char const *fmt, ...) 
+{
+	TALLOC_CTX *t;
+	va_list ap;
+
+	t = talloc_init();
+	if (t && fmt) {
+		va_start(ap, fmt);
+		t->name = talloc_vasprintf(t, fmt, ap);
+		va_end(ap);
+	}
+	
+	return t;
+}
+
+
+/** Allocate a bit of memory from the specified pool **/
+void *talloc(TALLOC_CTX *t, size_t size)
+{
+	void *p;
+	struct talloc_chunk *tc;
+
+	if (!t || size == 0) return NULL;
+
+	p = malloc(size);
+	if (p) {
+		tc = malloc(sizeof(*tc));
+		if (tc) {
+			tc->ptr = p;
+			tc->size = size;
+			tc->next = t->list;
+			t->list = tc;
+			t->total_alloc_size += size;
+		}
+		else {
+			SAFE_FREE(p);
+		}
+	}
+	return p;
+}
+
+/** A talloc version of realloc */
+void *talloc_realloc(TALLOC_CTX *t, void *ptr, size_t size)
+{
+	struct talloc_chunk *tc;
+	void *new_ptr;
+
+	/* size zero is equivalent to free() */
+	if (!t || size == 0)
+		return NULL;
+
+	/* realloc(NULL) is equavalent to malloc() */
+	if (ptr == NULL)
+		return talloc(t, size);
+
+	for (tc=t->list; tc; tc=tc->next) {
+		if (tc->ptr == ptr) {
+			new_ptr = Realloc(ptr, size);
+			if (new_ptr) {
+				t->total_alloc_size += (size - tc->size);
+				tc->size = size;
+				tc->ptr = new_ptr;
+			}
+			return new_ptr;
+		}
+	}
+	return NULL;
+}
+
+/** Destroy all the memory allocated inside @p t, but not @p t
+ * itself. */
+void talloc_destroy_pool(TALLOC_CTX *t)
+{
+	struct talloc_chunk *c;
+	
+	if (!t)
+		return;
+
+	while (t->list) {
+		c = t->list->next;
+		SAFE_FREE(t->list->ptr);
+		SAFE_FREE(t->list);
+		t->list = c;
+	}
+
+	t->total_alloc_size = 0;
+}
+
+/** Destroy a whole pool including the context */
+void talloc_destroy(TALLOC_CTX *t)
+{
+	if (!t)
+		return;
+
+	talloc_destroy_pool(t);
+	talloc_disenroll(t);
+	memset(t, 0, sizeof(TALLOC_CTX));
+	SAFE_FREE(t);
+}
+
+/** Return the current total size of the pool. */
+size_t talloc_pool_size(TALLOC_CTX *t)
+{
+	if (t)
+		return t->total_alloc_size;
+	else
+		return 0;
+}
+
+const char * talloc_pool_name(TALLOC_CTX const *t)
+{
+	if (t)
+		return t->name;
+	else
+		return NULL;
+}
+
+
+/** talloc and zero memory. */
+void *talloc_zero(TALLOC_CTX *t, size_t size)
+{
+	void *p = talloc(t, size);
+
+	if (p)
+		memset(p, '\0', size);
+
+	return p;
+}
+
+/** memdup with a talloc. */
+void *talloc_memdup(TALLOC_CTX *t, const void *p, size_t size)
+{
+	void *newp = talloc(t,size);
+
+	if (newp)
+		memcpy(newp, p, size);
+
+	return newp;
+}
+
+/** strdup with a talloc */
+char *talloc_strdup(TALLOC_CTX *t, const char *p)
+{
+	if (p)
+		return talloc_memdup(t, p, strlen(p) + 1);
+	else
+		return NULL;
+}
+
+/**
+ * Perform string formatting, and return a pointer to newly allocated
+ * memory holding the result, inside a memory pool.
+ **/
+ char *talloc_asprintf(TALLOC_CTX *t, const char *fmt, ...)
+{
+	va_list ap;
+	char *ret;
+
+	va_start(ap, fmt);
+	ret = talloc_vasprintf(t, fmt, ap);
+	va_end(ap);
+	return ret;
+}
+
+
+ char *talloc_vasprintf(TALLOC_CTX *t, const char *fmt, va_list ap)
+{	
+	int len;
+	char *ret;
+	
+	len = vsnprintf(NULL, 0, fmt, ap);
+
+	ret = talloc(t, len+1);
+	if (ret)
+		vsnprintf(ret, len+1, fmt, ap);
+
+	return ret;
+}
+
+
+/**
+ * Realloc @p s to append the formatted result of @p fmt and return @p
+ * s, which may have moved.  Good for gradually accumulating output
+ * into a string buffer.
+ **/
+ char *talloc_asprintf_append(TALLOC_CTX *t, char *s,
+			      const char *fmt, ...)
+{
+	va_list ap;
+
+	va_start(ap, fmt);
+	s = talloc_vasprintf_append(t, s, fmt, ap);
+	va_end(ap);
+	return s;
+}
+
+
+
+/**
+ * Realloc @p s to append the formatted result of @p fmt and @p ap,
+ * and return @p s, which may have moved.  Good for gradually
+ * accumulating output into a string buffer.
+ **/
+ char *talloc_vasprintf_append(TALLOC_CTX *t, char *s,
+			       const char *fmt, va_list ap)
+{	
+	int len, s_len;
+
+	s_len = strlen(s);
+	len = vsnprintf(NULL, 0, fmt, ap);
+
+	s = talloc_realloc(t, s, s_len + len+1);
+	if (!s) return NULL;
+
+	vsnprintf(s+s_len, len+1, fmt, ap);
+
+	return s;
+}
+
+
+/**
+ * Return a human-readable description of all talloc memory usage.
+ * The result is allocated from @p t.
+ **/
+char *talloc_describe_all(TALLOC_CTX *rt)
+{
+	int n_pools = 0, total_chunks = 0;
+	size_t total_bytes = 0;
+	TALLOC_CTX *it;
+	char *s;
+
+	if (!rt) return NULL;
+
+	s = talloc_asprintf(rt, "global talloc allocations in pid: %u\n",
+			    (unsigned) sys_getpid());
+	s = talloc_asprintf_append(rt, s, "%-40s %8s %8s\n",
+				   "name", "chunks", "bytes");
+	s = talloc_asprintf_append(rt, s, "%-40s %8s %8s\n",
+				   "----------------------------------------",
+				   "--------",
+				   "--------");	
+	
+	for (it = list_head; it; it = it->next_ctx) {
+		size_t bytes;
+		int n_chunks;
+		fstring what;
+		
+		n_pools++;
+		
+		talloc_get_allocation(it, &bytes, &n_chunks);
+
+		if (it->name)
+			fstrcpy(what, it->name);
+		else
+			slprintf(what, sizeof what, "@%p", it);
+		
+		s = talloc_asprintf_append(rt, s, "%-40s %8u %8u\n",
+					   what,
+					   (unsigned) n_chunks,
+					   (unsigned) bytes);
+		total_bytes += bytes;
+		total_chunks += n_chunks;
+	}
+
+	s = talloc_asprintf_append(rt, s, "%-40s %8s %8s\n",
+				   "----------------------------------------",
+				   "--------",
+				   "--------");	
+
+	s = talloc_asprintf_append(rt, s, "%-40s %8u %8u\n",
+				   "TOTAL",
+				   (unsigned) total_chunks, (unsigned) total_bytes);
+
+	return s;
+}
+
+
+
+/**
+ * Return an estimated memory usage for the specified pool.  This does
+ * not include memory used by the underlying malloc implementation.
+ **/
+void talloc_get_allocation(TALLOC_CTX *t,
+			   size_t *total_bytes,
+			   int *n_chunks)
+{
+	struct talloc_chunk *chunk;
+
+	if (t) {
+		*total_bytes = 0;
+		*n_chunks = 0;
+
+		for (chunk = t->list; chunk; chunk = chunk->next) {
+			n_chunks[0]++;
+			*total_bytes += chunk->size;
+		}
+	}
+}
+
+
+/** @} */
diff --git a/source3/lib/tallocmsg.c b/source3/lib/tallocmsg.c
new file mode 100644
index 0000000000..608cdad452
--- /dev/null
+++ b/source3/lib/tallocmsg.c
@@ -0,0 +1,58 @@
+/* 
+   samba -- Unix SMB/CIFS implementation.
+   Copyright (C) 2001, 2002 by Martin Pool
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/**
+ * @file tallocmsg.c
+ *
+ * Glue code between talloc profiling and the Samba messaging system.
+ **/
+
+
+/**
+ * Respond to a POOL_USAGE message by sending back string form of memory
+ * usage stats.
+ **/
+void msg_pool_usage(int msg_type, pid_t src_pid,
+		    void *UNUSED(buf), size_t UNUSED(len))
+{
+	char *reply;
+	TALLOC_CTX *reply_pool = talloc_init_named("msg_pool_usage");
+
+	SMB_ASSERT(msg_type == MSG_REQ_POOL_USAGE);
+	
+	DEBUG(2,("Got POOL_USAGE\n"));
+
+	reply = talloc_describe_all(reply_pool);
+	
+	message_send_pid(src_pid, MSG_POOL_USAGE,
+			 reply, strlen(reply)+1, True);
+
+	talloc_destroy(reply_pool);
+}
+
+/**
+ * Register handler for MSG_REQ_POOL_USAGE
+ **/
+void register_msg_pool_usage(void)
+{
+	message_register(MSG_REQ_POOL_USAGE, msg_pool_usage);
+	DEBUG(2, ("Registered MSG_REQ_POOL_USAGE\n"));
+}	
diff --git a/source3/lib/talloctort.c b/source3/lib/talloctort.c
new file mode 100644
index 0000000000..3a64803776
--- /dev/null
+++ b/source3/lib/talloctort.c
@@ -0,0 +1,65 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Samba temporary memory allocation functions -- torturer
+   Copyright (C) 2001 by Martin Pool <mbp@samba.org>
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+#define NCTX 10
+#define NOBJ 20
+
+int main(void)
+{
+	int i;
+	TALLOC_CTX *ctx[NCTX];
+
+	for (i = 0; i < NCTX; i++) {
+		ctx[i] = talloc_init_named("torture(%d)", i);
+	}
+
+	for (i = 0; i < NCTX; i++) {
+		int j;
+		for (j = 0; j < NOBJ; j++) {
+			char *p;
+			size_t size = 1<<(i/3+j);
+
+			p = talloc(ctx[i], size);
+			if (!p) {
+				fprintf(stderr,
+					"failed to talloc %.0f bytes\n",
+					(double) size);
+				exit(1);
+			}
+
+			memset(p, 'A' + j, size);
+		}
+	}
+
+	for (i = 0; i < NCTX; i++) {
+		printf("talloc@%p %-40s %dkB\n", ctx[i],
+		       talloc_pool_name(ctx[i]),
+		       talloc_pool_size(ctx[i]) >> 10);
+	}
+
+	printf("%s", talloc_describe_all(ctx[0]));
+
+	for (i = NCTX - 1; i >= 0; i--)
+		talloc_destroy(ctx[i]);
+
+	return 0;
+}
diff --git a/source3/lib/time.c b/source3/lib/time.c
new file mode 100644
index 0000000000..5fc43612dd
--- /dev/null
+++ b/source3/lib/time.c
@@ -0,0 +1,749 @@
+/* 
+   Unix SMB/CIFS implementation.
+   time handling functions
+   Copyright (C) Andrew Tridgell 1992-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/*
+  This stuff was largely rewritten by Paul Eggert <eggert@twinsun.com>
+  in May 1996 
+  */
+
+
+int extra_time_offset = 0;
+
+#ifndef CHAR_BIT
+#define CHAR_BIT 8
+#endif
+
+#ifndef TIME_T_MIN
+#define TIME_T_MIN ((time_t)0 < (time_t) -1 ? (time_t) 0 \
+		    : ~ (time_t) 0 << (sizeof (time_t) * CHAR_BIT - 1))
+#endif
+#ifndef TIME_T_MAX
+#define TIME_T_MAX (~ (time_t) 0 - TIME_T_MIN)
+#endif
+
+/*******************************************************************
+ External access to time_t_min and time_t_max.
+********************************************************************/
+
+time_t get_time_t_min(void)
+{
+	return TIME_T_MIN;
+}
+
+time_t get_time_t_max(void)
+{
+	return TIME_T_MAX;
+}
+
+/*******************************************************************
+a gettimeofday wrapper
+********************************************************************/
+void GetTimeOfDay(struct timeval *tval)
+{
+#ifdef HAVE_GETTIMEOFDAY_TZ
+	gettimeofday(tval,NULL);
+#else
+	gettimeofday(tval);
+#endif
+}
+
+#define TM_YEAR_BASE 1900
+
+/*******************************************************************
+yield the difference between *A and *B, in seconds, ignoring leap seconds
+********************************************************************/
+static int tm_diff(struct tm *a, struct tm *b)
+{
+  int ay = a->tm_year + (TM_YEAR_BASE - 1);
+  int by = b->tm_year + (TM_YEAR_BASE - 1);
+  int intervening_leap_days =
+    (ay/4 - by/4) - (ay/100 - by/100) + (ay/400 - by/400);
+  int years = ay - by;
+  int days = 365*years + intervening_leap_days + (a->tm_yday - b->tm_yday);
+  int hours = 24*days + (a->tm_hour - b->tm_hour);
+  int minutes = 60*hours + (a->tm_min - b->tm_min);
+  int seconds = 60*minutes + (a->tm_sec - b->tm_sec);
+
+  return seconds;
+}
+
+/*******************************************************************
+  return the UTC offset in seconds west of UTC, or 0 if it cannot be determined
+  ******************************************************************/
+static int TimeZone(time_t t)
+{
+  struct tm *tm = gmtime(&t);
+  struct tm tm_utc;
+  if (!tm)
+    return 0;
+  tm_utc = *tm;
+  tm = localtime(&t);
+  if (!tm)
+    return 0;
+  return tm_diff(&tm_utc,tm);
+
+}
+
+static BOOL done_serverzone_init;
+
+/* Return the smb serverzone value */
+
+static int get_serverzone(void)
+{
+        static int serverzone;
+
+        if (!done_serverzone_init) {
+                serverzone = TimeZone(time(NULL));
+
+                if ((serverzone % 60) != 0) {
+                        DEBUG(1,("WARNING: Your timezone is not a multiple of 1 minute.\n"));
+                }
+
+                DEBUG(4,("Serverzone is %d\n",serverzone));
+
+                done_serverzone_init = True;
+        }
+
+        return serverzone;
+}
+
+/* Re-read the smb serverzone value */
+
+static struct timeval start_time_hires;
+
+void TimeInit(void)
+{
+	done_serverzone_init = False;
+	get_serverzone();
+	/* Save the start time of this process. */
+	if (start_time_hires.tv_sec == 0 && start_time_hires.tv_usec == 0)
+		GetTimeOfDay(&start_time_hires);
+}
+
+/**********************************************************************
+ Return a timeval struct of the uptime of this process. As TimeInit is
+ done before a daemon fork then this is the start time from the parent
+ daemon start. JRA.
+***********************************************************************/
+
+void get_process_uptime(struct timeval *ret_time)
+{
+	struct timeval time_now_hires;
+
+	GetTimeOfDay(&time_now_hires);
+	ret_time->tv_sec = time_now_hires.tv_sec - start_time_hires.tv_sec;
+	ret_time->tv_usec = time_now_hires.tv_usec - start_time_hires.tv_usec;
+	if (time_now_hires.tv_usec < start_time_hires.tv_usec) {
+		ret_time->tv_sec -= 1;
+		ret_time->tv_usec = 1000000 + (time_now_hires.tv_usec - start_time_hires.tv_usec);
+	} else
+		ret_time->tv_usec = time_now_hires.tv_usec - start_time_hires.tv_usec;
+}
+
+/*******************************************************************
+return the same value as TimeZone, but it should be more efficient.
+
+We keep a table of DST offsets to prevent calling localtime() on each 
+call of this function. This saves a LOT of time on many unixes.
+
+Updated by Paul Eggert <eggert@twinsun.com>
+********************************************************************/
+static int TimeZoneFaster(time_t t)
+{
+  static struct dst_table {time_t start,end; int zone;} *tdt, *dst_table = NULL;
+  static int table_size = 0;
+  int i;
+  int zone = 0;
+
+  if (t == 0) t = time(NULL);
+
+  /* Tunis has a 8 day DST region, we need to be careful ... */
+#define MAX_DST_WIDTH (365*24*60*60)
+#define MAX_DST_SKIP (7*24*60*60)
+
+  for (i=0;i<table_size;i++)
+    if (t >= dst_table[i].start && t <= dst_table[i].end) break;
+
+  if (i<table_size) {
+    zone = dst_table[i].zone;
+  } else {
+    time_t low,high;
+
+    zone = TimeZone(t);
+    tdt = (struct dst_table *)Realloc(dst_table,
+					      sizeof(dst_table[0])*(i+1));
+    if (!tdt) {
+      DEBUG(0,("TimeZoneFaster: out of memory!\n"));
+      SAFE_FREE(dst_table);
+      table_size = 0;
+    } else {
+      dst_table = tdt;
+      table_size++;
+
+      dst_table[i].zone = zone; 
+      dst_table[i].start = dst_table[i].end = t;
+    
+      /* no entry will cover more than 6 months */
+      low = t - MAX_DST_WIDTH/2;
+      if (t < low)
+	low = TIME_T_MIN;
+      
+      high = t + MAX_DST_WIDTH/2;
+      if (high < t)
+	high = TIME_T_MAX;
+      
+      /* widen the new entry using two bisection searches */
+      while (low+60*60 < dst_table[i].start) {
+	if (dst_table[i].start - low > MAX_DST_SKIP*2)
+	  t = dst_table[i].start - MAX_DST_SKIP;
+	else
+	  t = low + (dst_table[i].start-low)/2;
+	if (TimeZone(t) == zone)
+	  dst_table[i].start = t;
+	else
+	  low = t;
+      }
+
+      while (high-60*60 > dst_table[i].end) {
+	if (high - dst_table[i].end > MAX_DST_SKIP*2)
+	  t = dst_table[i].end + MAX_DST_SKIP;
+	else
+	  t = high - (high-dst_table[i].end)/2;
+	if (TimeZone(t) == zone)
+	  dst_table[i].end = t;
+	else
+	  high = t;
+      }
+#if 0
+      DEBUG(1,("Added DST entry from %s ",
+	       asctime(localtime(&dst_table[i].start))));
+      DEBUG(1,("to %s (%d)\n",asctime(localtime(&dst_table[i].end)),
+	       dst_table[i].zone));
+#endif
+    }
+  }
+  return zone;
+}
+
+/****************************************************************************
+  return the UTC offset in seconds west of UTC, adjusted for extra time offset
+  **************************************************************************/
+int TimeDiff(time_t t)
+{
+  return TimeZoneFaster(t) + 60*extra_time_offset;
+}
+
+
+/****************************************************************************
+  return the UTC offset in seconds west of UTC, adjusted for extra time
+  offset, for a local time value.  If ut = lt + LocTimeDiff(lt), then
+  lt = ut - TimeDiff(ut), but the converse does not necessarily hold near
+  daylight savings transitions because some local times are ambiguous.
+  LocTimeDiff(t) equals TimeDiff(t) except near daylight savings transitions.
+  +**************************************************************************/
+static int LocTimeDiff(time_t lte)
+{
+  time_t lt = lte - 60*extra_time_offset;
+  int d = TimeZoneFaster(lt);
+  time_t t = lt + d;
+
+  /* if overflow occurred, ignore all the adjustments so far */
+  if (((lte < lt) ^ (extra_time_offset < 0))  |  ((t < lt) ^ (d < 0)))
+    t = lte;
+
+  /* now t should be close enough to the true UTC to yield the right answer */
+  return TimeDiff(t);
+}
+
+
+/****************************************************************************
+try to optimise the localtime call, it can be quite expensive on some machines
+****************************************************************************/
+struct tm *LocalTime(time_t *t)
+{
+  time_t t2 = *t;
+
+  t2 -= TimeDiff(t2);
+
+  return(gmtime(&t2));
+}
+
+#define TIME_FIXUP_CONSTANT (369.0*365.25*24*60*60-(3.0*24*60*60+6.0*60*60))
+
+/****************************************************************************
+interpret an 8 byte "filetime" structure to a time_t
+It's originally in "100ns units since jan 1st 1601"
+
+It appears to be kludge-GMT (at least for file listings). This means
+its the GMT you get by taking a localtime and adding the
+serverzone. This is NOT the same as GMT in some cases. This routine
+converts this to real GMT.
+****************************************************************************/
+time_t nt_time_to_unix(NTTIME *nt)
+{
+  double d;
+  time_t ret;
+  /* The next two lines are a fix needed for the 
+     broken SCO compiler. JRA. */
+  time_t l_time_min = TIME_T_MIN;
+  time_t l_time_max = TIME_T_MAX;
+
+  if (nt->high == 0) return(0);
+
+  d = ((double)nt->high)*4.0*(double)(1<<30);
+  d += (nt->low&0xFFF00000);
+  d *= 1.0e-7;
+ 
+  /* now adjust by 369 years to make the secs since 1970 */
+  d -= TIME_FIXUP_CONSTANT;
+
+  if (!(l_time_min <= d && d <= l_time_max))
+    return(0);
+
+  ret = (time_t)(d+0.5);
+
+  /* this takes us from kludge-GMT to real GMT */
+  ret -= get_serverzone();
+  ret += LocTimeDiff(ret);
+
+  return(ret);
+}
+
+/****************************************************************************
+convert a NTTIME structure to a time_t
+It's originally in "100ns units"
+
+this is an absolute version of the one above.
+By absolute I mean, it doesn't adjust from 1/1/1601 to 1/1/1970
+if the NTTIME was 5 seconds, the time_t is 5 seconds. JFM
+****************************************************************************/
+time_t nt_time_to_unix_abs(NTTIME *nt)
+{
+	double d;
+	time_t ret;
+	/* The next two lines are a fix needed for the 
+	   broken SCO compiler. JRA. */
+	time_t l_time_min = TIME_T_MIN;
+	time_t l_time_max = TIME_T_MAX;
+
+	if (nt->high == 0)
+		return(0);
+
+	if (nt->high==0x80000000 && nt->low==0)
+		return -1;
+
+	/* reverse the time */
+	/* it's a negative value, turn it to positive */
+	nt->high=~nt->high;
+	nt->low=~nt->low;
+
+	d = ((double)nt->high)*4.0*(double)(1<<30);
+	d += (nt->low&0xFFF00000);
+	d *= 1.0e-7;
+  
+	if (!(l_time_min <= d && d <= l_time_max))
+		return(0);
+
+	ret = (time_t)(d+0.5);
+
+	/* this takes us from kludge-GMT to real GMT */
+	ret -= get_serverzone();
+	ret += LocTimeDiff(ret);
+
+	return(ret);
+}
+
+
+
+/****************************************************************************
+interprets an nt time into a unix time_t
+****************************************************************************/
+time_t interpret_long_date(char *p)
+{
+	NTTIME nt;
+	nt.low = IVAL(p,0);
+	nt.high = IVAL(p,4);
+	return nt_time_to_unix(&nt);
+}
+
+/****************************************************************************
+put a 8 byte filetime from a time_t
+This takes real GMT as input and converts to kludge-GMT
+****************************************************************************/
+void unix_to_nt_time(NTTIME *nt, time_t t)
+{
+	double d;
+
+	if (t==0)
+	{
+		nt->low = 0;
+		nt->high = 0;
+		return;
+	}
+	if (t == TIME_T_MAX)
+	{
+		nt->low = 0xffffffff;
+		nt->high = 0x7fffffff;
+		return;
+	}		
+	if (t == -1)
+	{
+		nt->low = 0xffffffff;
+		nt->high = 0xffffffff;
+		return;
+	}		
+
+	/* this converts GMT to kludge-GMT */
+	t -= LocTimeDiff(t) - get_serverzone(); 
+
+	d = (double)(t);
+	d += TIME_FIXUP_CONSTANT;
+	d *= 1.0e7;
+
+	nt->high = (uint32)(d * (1.0/(4.0*(double)(1<<30))));
+	nt->low  = (uint32)(d - ((double)nt->high)*4.0*(double)(1<<30));
+}
+
+/****************************************************************************
+convert a time_t to a NTTIME structure
+
+this is an absolute version of the one above.
+By absolute I mean, it doesn't adjust from 1/1/1970 to 1/1/1601
+if the nttime_t was 5 seconds, the NTTIME is 5 seconds. JFM
+****************************************************************************/
+void unix_to_nt_time_abs(NTTIME *nt, time_t t)
+{
+	double d;
+
+	if (t==0) {
+		nt->low = 0;
+		nt->high = 0;
+		return;
+	}
+
+	if (t == TIME_T_MAX) {
+		nt->low = 0xffffffff;
+		nt->high = 0x7fffffff;
+		return;
+	}
+		
+	if (t == -1) {
+		/* that's what NT uses for infinite */
+		nt->low = 0x0;
+		nt->high = 0x80000000;
+		return;
+	}		
+
+	/* this converts GMT to kludge-GMT */
+	t -= LocTimeDiff(t) - get_serverzone(); 
+
+	d = (double)(t);
+	d *= 1.0e7;
+
+	nt->high = (uint32)(d * (1.0/(4.0*(double)(1<<30))));
+	nt->low  = (uint32)(d - ((double)nt->high)*4.0*(double)(1<<30));
+
+	/* convert to a negative value */
+	nt->high=~nt->high;
+	nt->low=~nt->low;
+}
+
+
+/****************************************************************************
+take an NTTIME structure, containing high / low time.  convert to unix time.
+lkclXXXX this may need 2 SIVALs not a memcpy.  we'll see...
+****************************************************************************/
+void put_long_date(char *p,time_t t)
+{
+	NTTIME nt;
+	unix_to_nt_time(&nt, t);
+	SIVAL(p, 0, nt.low);
+	SIVAL(p, 4, nt.high);
+}
+
+/****************************************************************************
+check if it's a null mtime
+****************************************************************************/
+BOOL null_mtime(time_t mtime)
+{
+  if (mtime == 0 || mtime == 0xFFFFFFFF || mtime == (time_t)-1)
+    return(True);
+  return(False);
+}
+
+/*******************************************************************
+  create a 16 bit dos packed date
+********************************************************************/
+static uint16 make_dos_date1(struct tm *t)
+{
+  uint16 ret=0;
+  ret = (((unsigned)(t->tm_mon+1)) >> 3) | ((t->tm_year-80) << 1);
+  ret = ((ret&0xFF)<<8) | (t->tm_mday | (((t->tm_mon+1) & 0x7) << 5));
+  return(ret);
+}
+
+/*******************************************************************
+  create a 16 bit dos packed time
+********************************************************************/
+static uint16 make_dos_time1(struct tm *t)
+{
+  uint16 ret=0;
+  ret = ((((unsigned)t->tm_min >> 3)&0x7) | (((unsigned)t->tm_hour) << 3));
+  ret = ((ret&0xFF)<<8) | ((t->tm_sec/2) | ((t->tm_min & 0x7) << 5));
+  return(ret);
+}
+
+/*******************************************************************
+  create a 32 bit dos packed date/time from some parameters
+  This takes a GMT time and returns a packed localtime structure
+********************************************************************/
+static uint32 make_dos_date(time_t unixdate)
+{
+  struct tm *t;
+  uint32 ret=0;
+
+  t = LocalTime(&unixdate);
+  if (!t)
+    return 0xFFFFFFFF;
+
+  ret = make_dos_date1(t);
+  ret = ((ret&0xFFFF)<<16) | make_dos_time1(t);
+
+  return(ret);
+}
+
+/*******************************************************************
+put a dos date into a buffer (time/date format)
+This takes GMT time and puts local time in the buffer
+********************************************************************/
+void put_dos_date(char *buf,int offset,time_t unixdate)
+{
+  uint32 x = make_dos_date(unixdate);
+  SIVAL(buf,offset,x);
+}
+
+/*******************************************************************
+put a dos date into a buffer (date/time format)
+This takes GMT time and puts local time in the buffer
+********************************************************************/
+void put_dos_date2(char *buf,int offset,time_t unixdate)
+{
+  uint32 x = make_dos_date(unixdate);
+  x = ((x&0xFFFF)<<16) | ((x&0xFFFF0000)>>16);
+  SIVAL(buf,offset,x);
+}
+
+/*******************************************************************
+put a dos 32 bit "unix like" date into a buffer. This routine takes
+GMT and converts it to LOCAL time before putting it (most SMBs assume
+localtime for this sort of date)
+********************************************************************/
+void put_dos_date3(char *buf,int offset,time_t unixdate)
+{
+  if (!null_mtime(unixdate))
+    unixdate -= TimeDiff(unixdate);
+  SIVAL(buf,offset,unixdate);
+}
+
+/*******************************************************************
+  interpret a 32 bit dos packed date/time to some parameters
+********************************************************************/
+static void interpret_dos_date(uint32 date,int *year,int *month,int *day,int *hour,int *minute,int *second)
+{
+  uint32 p0,p1,p2,p3;
+
+  p0=date&0xFF; p1=((date&0xFF00)>>8)&0xFF; 
+  p2=((date&0xFF0000)>>16)&0xFF; p3=((date&0xFF000000)>>24)&0xFF;
+
+  *second = 2*(p0 & 0x1F);
+  *minute = ((p0>>5)&0xFF) + ((p1&0x7)<<3);
+  *hour = (p1>>3)&0xFF;
+  *day = (p2&0x1F);
+  *month = ((p2>>5)&0xFF) + ((p3&0x1)<<3) - 1;
+  *year = ((p3>>1)&0xFF) + 80;
+}
+
+/*******************************************************************
+  create a unix date (int GMT) from a dos date (which is actually in
+  localtime)
+********************************************************************/
+time_t make_unix_date(void *date_ptr)
+{
+  uint32 dos_date=0;
+  struct tm t;
+  time_t ret;
+
+  dos_date = IVAL(date_ptr,0);
+
+  if (dos_date == 0) return(0);
+  
+  interpret_dos_date(dos_date,&t.tm_year,&t.tm_mon,
+		     &t.tm_mday,&t.tm_hour,&t.tm_min,&t.tm_sec);
+  t.tm_isdst = -1;
+  
+  /* mktime() also does the local to GMT time conversion for us */
+  ret = mktime(&t);
+
+  return(ret);
+}
+
+/*******************************************************************
+like make_unix_date() but the words are reversed
+********************************************************************/
+time_t make_unix_date2(void *date_ptr)
+{
+  uint32 x,x2;
+
+  x = IVAL(date_ptr,0);
+  x2 = ((x&0xFFFF)<<16) | ((x&0xFFFF0000)>>16);
+  SIVAL(&x,0,x2);
+
+  return(make_unix_date((void *)&x));
+}
+
+/*******************************************************************
+  create a unix GMT date from a dos date in 32 bit "unix like" format
+  these generally arrive as localtimes, with corresponding DST
+  ******************************************************************/
+time_t make_unix_date3(void *date_ptr)
+{
+  time_t t = (time_t)IVAL(date_ptr,0);
+  if (!null_mtime(t))
+    t += LocTimeDiff(t);
+  return(t);
+}
+
+
+/***************************************************************************
+return a HTTP/1.0 time string
+  ***************************************************************************/
+char *http_timestring(time_t t)
+{
+  static fstring buf;
+  struct tm *tm = LocalTime(&t);
+
+  if (!tm)
+    slprintf(buf,sizeof(buf)-1,"%ld seconds since the Epoch",(long)t);
+  else
+#ifndef HAVE_STRFTIME
+  fstrcpy(buf, asctime(tm));
+  if(buf[strlen(buf)-1] == '\n')
+    buf[strlen(buf)-1] = 0;
+#else /* !HAVE_STRFTIME */
+  strftime(buf, sizeof(buf)-1, "%a, %d %b %Y %H:%M:%S %Z", tm);
+#endif /* !HAVE_STRFTIME */
+  return buf;
+}
+
+
+
+/****************************************************************************
+ Return the date and time as a string
+****************************************************************************/
+
+char *timestring(BOOL hires)
+{
+	static fstring TimeBuf;
+	struct timeval tp;
+	time_t t;
+	struct tm *tm;
+
+	if (hires) {
+		GetTimeOfDay(&tp);
+		t = (time_t)tp.tv_sec;
+	} else {
+		t = time(NULL);
+	}
+	tm = LocalTime(&t);
+	if (!tm) {
+		if (hires) {
+			slprintf(TimeBuf,
+				 sizeof(TimeBuf)-1,
+				 "%ld.%06ld seconds since the Epoch",
+				 (long)tp.tv_sec, 
+				 (long)tp.tv_usec);
+		} else {
+			slprintf(TimeBuf,
+				 sizeof(TimeBuf)-1,
+				 "%ld seconds since the Epoch",
+				 (long)t);
+		}
+	} else {
+#ifdef HAVE_STRFTIME
+		if (hires) {
+			strftime(TimeBuf,sizeof(TimeBuf)-1,"%Y/%m/%d %H:%M:%S",tm);
+			slprintf(TimeBuf+strlen(TimeBuf),
+				 sizeof(TimeBuf)-1 - strlen(TimeBuf), 
+				 ".%06ld", 
+				 (long)tp.tv_usec);
+		} else {
+			strftime(TimeBuf,100,"%Y/%m/%d %H:%M:%S",tm);
+		}
+#else
+		if (hires) {
+			slprintf(TimeBuf, 
+				 sizeof(TimeBuf)-1, 
+				 "%s.%06ld", 
+				 asctime(tm), 
+				 (long)tp.tv_usec);
+		} else {
+			fstrcpy(TimeBuf, asctime(tm));
+		}
+#endif
+	}
+	return(TimeBuf);
+}
+
+/****************************************************************************
+  return the best approximation to a 'create time' under UNIX from a stat
+  structure.
+****************************************************************************/
+
+time_t get_create_time(SMB_STRUCT_STAT *st,BOOL fake_dirs)
+{
+  time_t ret, ret1;
+
+  if(S_ISDIR(st->st_mode) && fake_dirs)
+    return (time_t)315493200L;          /* 1/1/1980 */
+    
+  ret = MIN(st->st_ctime, st->st_mtime);
+  ret1 = MIN(ret, st->st_atime);
+
+  if(ret1 != (time_t)0)
+    return ret1;
+
+  /*
+   * One of ctime, mtime or atime was zero (probably atime).
+   * Just return MIN(ctime, mtime).
+   */
+  return ret;
+}
+
+/****************************************************************************
+initialise an NTTIME to -1, which means "unknown" or "don't expire"
+****************************************************************************/
+
+void init_nt_time(NTTIME *nt)
+{
+	nt->high = 0x7FFFFFFF;
+	nt->low = 0xFFFFFFFF;
+}
diff --git a/source3/lib/ufc.c b/source3/lib/ufc.c
index 8417285821..ecc04d9e97 100644
--- a/source3/lib/ufc.c
+++ b/source3/lib/ufc.c
@@ -16,12 +16,14 @@
 
 */
 
-#ifdef UFC_CRYPT
+#include "includes.h"
+
+#ifndef HAVE_CRYPT
 
 /*
  * UFC-crypt: ultra fast crypt(3) implementation
  *
- * Copyright (C) 1991, 1992, Free Software Foundation, Inc.
+ * Copyright (C) 1991-1998, Free Software Foundation, Inc.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Library General Public
@@ -42,7 +44,6 @@
  * Support routines
  *
  */
-#include "includes.h"
 
 
 #ifndef long32
@@ -281,9 +282,7 @@ static ufc_long longmask[32] = {
  * bzero and some don't have memset.
  */
 
-static void clearmem(start, cnt)
-  char *start;
-  int cnt;
+static void clearmem(char *start, int cnt)
   { while(cnt--)
       *start++ = '\0';
   }
@@ -299,7 +298,7 @@ static int initialized = 0;
  * by fcrypt users.
  */
 
-static void ufc_init_des()
+static void ufc_init_des(void)
   { int comes_from_bit;
     int bit, sg;
     ufc_long j;
@@ -350,13 +349,13 @@ static void ufc_init_des()
     clearmem((char*)eperm32tab, sizeof(eperm32tab));
 
     for(bit = 0; bit < 48; bit++) {
-      ufc_long mask1,comes_from;
+      ufc_long inner_mask1,comes_from;
 	
       comes_from = perm32[esel[bit]-1]-1;
-      mask1      = bytemask[comes_from % 8];
+      inner_mask1      = bytemask[comes_from % 8];
 	
       for(j = 256; j--;) {
-	if(j & mask1)
+	if(j & inner_mask1)
 	  eperm32tab[comes_from / 8][j][bit / 24] |= BITMASK(bit % 24);
       }
     }
@@ -431,7 +430,7 @@ static void ufc_init_des()
     clearmem((char*)efp, sizeof efp);
     for(bit = 0; bit < 64; bit++) {
       int o_bit, o_long;
-      ufc_long word_value, mask1, mask2;
+      ufc_long word_value, inner_mask1, inner_mask2;
       int comes_from_f_bit, comes_from_e_bit;
       int comes_from_word, bit_within_word;
 
@@ -451,12 +450,12 @@ static void ufc_init_des()
       comes_from_word  = comes_from_e_bit / 6;        /* 0..15 */
       bit_within_word  = comes_from_e_bit % 6;        /* 0..5  */
 
-      mask1 = longmask[bit_within_word + 26];
-      mask2 = longmask[o_bit];
+      inner_mask1 = longmask[bit_within_word + 26];
+      inner_mask2 = longmask[o_bit];
 
       for(word_value = 64; word_value--;) {
-	if(word_value & mask1)
-	  efp[comes_from_word][word_value][o_long] |= mask2;
+	if(word_value & inner_mask1)
+	  efp[comes_from_word][word_value][o_long] |= inner_mask2;
       }
     }
     initialized++;
@@ -468,9 +467,7 @@ static void ufc_init_des()
  */
 
 #ifdef _UFC_32_
-static void shuffle_sb(k, saltbits)
-  long32 *k;
-  ufc_long saltbits;
+static void shuffle_sb(long32 *k, ufc_long saltbits)
   { ufc_long j;
     long32 x;
     for(j=4096; j--;) {
@@ -482,9 +479,7 @@ static void shuffle_sb(k, saltbits)
 #endif
 
 #ifdef _UFC_64_
-static void shuffle_sb(k, saltbits)
-  long64 *k;
-  ufc_long saltbits;
+static void shuffle_sb(long64 *k, ufc_long saltbits)
   { ufc_long j;
     long64 x;
     for(j=4096; j--;) {
@@ -503,9 +498,9 @@ static unsigned char current_salt[3] = "&&"; /* invalid value */
 static ufc_long current_saltbits = 0;
 static int direction = 0;
 
-static void setup_salt(char *s1)
+static void setup_salt(const char *s1)
   { ufc_long i, j, saltbits;
-    unsigned char *s2 = (unsigned char *)s1;
+    const unsigned char *s2 = (const unsigned char *)s1;
 
     if(!initialized)
       ufc_init_des();
@@ -543,8 +538,7 @@ static void setup_salt(char *s1)
     current_saltbits = saltbits;
   }
 
-static void ufc_mk_keytab(key)
-  char *key;
+static void ufc_mk_keytab(char *key)
   { ufc_long v1, v2, *k1;
     int i;
 #ifdef _UFC_32_
@@ -593,8 +587,7 @@ static void ufc_mk_keytab(key)
  * Undo an extra E selection and do final permutations
  */
 
-ufc_long *_ufc_dofinalperm(l1, l2, r1, r2)
-  ufc_long l1,l2,r1,r2;
+ufc_long *_ufc_dofinalperm(ufc_long l1, ufc_long l2, ufc_long r1, ufc_long r2)
   { ufc_long v1, v2, x;
     static ufc_long ary[2];
 
@@ -632,9 +625,7 @@ ufc_long *_ufc_dofinalperm(l1, l2, r1, r2)
  * prefixing with the salt
  */
 
-static char *output_conversion(v1, v2, salt)
-  ufc_long v1, v2;
-  char *salt;
+static char *output_conversion(ufc_long v1, ufc_long v2, const char *salt)
   { static char outbuf[14];
     int i, s;
 
@@ -656,13 +647,13 @@ static char *output_conversion(v1, v2, salt)
     return outbuf;
   }
 
-ufc_long *_ufc_doit();
-
 /* 
  * UNIX crypt function
  */
+
+static ufc_long *_ufc_doit(ufc_long , ufc_long, ufc_long, ufc_long, ufc_long);
    
-char *ufc_crypt(char *key,char *salt)
+char *ufc_crypt(const char *key,const char *salt)
   { ufc_long *s;
     char ktab[9];
 
@@ -702,8 +693,7 @@ extern long32 _ufc_sb0[], _ufc_sb1[], _ufc_sb2[], _ufc_sb3[];
 
 #define SBA(sb, v) (*(long32*)((char*)(sb)+(v)))
 
-ufc_long *_ufc_doit(l1, l2, r1, r2, itr)
-  ufc_long l1, l2, r1, r2, itr;
+static ufc_long *_ufc_doit(ufc_long l1, ufc_long l2, ufc_long r1, ufc_long r2, ufc_long itr)
   { int i;
     long32 s, *k;
 
@@ -742,8 +732,7 @@ extern long64 _ufc_sb0[], _ufc_sb1[], _ufc_sb2[], _ufc_sb3[];
 
 #define SBA(sb, v) (*(long64*)((char*)(sb)+(v)))
 
-ufc_long *_ufc_doit(l1, l2, r1, r2, itr)
-  ufc_long l1, l2, r1, r2, itr;
+static ufc_long *_ufc_doit(ufc_long l1, ufc_long l2, ufc_long r1, ufc_long r2, ufc_long itr)
   { int i;
     long64 l, r, s, *k;
 
@@ -777,6 +766,6 @@ ufc_long *_ufc_doit(l1, l2, r1, r2, itr)
 
 
 #else
-int ufc_dummy_procedure(void)
-{return 0;}
+ int ufc_dummy_procedure(void);
+ int ufc_dummy_procedure(void) {return 0;}
 #endif
diff --git a/source3/lib/username.c b/source3/lib/username.c
index 3d214fbbda..1504fd6a06 100644
--- a/source3/lib/username.c
+++ b/source3/lib/username.c
@@ -1,8 +1,8 @@
 /* 
-   Unix SMB/Netbios implementation.
-   Version 1.9.
+   Unix SMB/CIFS implementation.
    Username handling
-   Copyright (C) Andrew Tridgell 1992-1995
+   Copyright (C) Andrew Tridgell 1992-1998
+   Copyright (C) Jeremy Allison 1997-2001.
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -20,227 +20,667 @@
 */
 
 #include "includes.h"
-#include "loadparm.h"
-extern int DEBUGLEVEL;
 
+/* internal functions */
+static struct passwd *uname_string_combinations(char *s, struct passwd * (*fn) (const char *), int N);
+static struct passwd *uname_string_combinations2(char *s, int offset, struct passwd * (*fn) (const char *), int N);
+
+/*****************************************************************
+ Check if a user or group name is local (this is a *local* name for
+ *local* people, there's nothing for you here...).
+*****************************************************************/
+
+BOOL name_is_local(const char *name)
+{
+	return !(strchr_m(name, *lp_winbind_separator()));
+}
+
+/*****************************************************************
+ Splits passed user or group name to domain and user/group name parts
+ Returns True if name was splitted and False otherwise.
+*****************************************************************/
+
+BOOL split_domain_and_name(const char *name, char *domain, char* username)
+{
+	char *p = strchr(name,*lp_winbind_separator());
+	
+	
+	/* Parse a string of the form DOMAIN/user into a domain and a user */
+	DEBUG(10,("split_domain_and_name: checking whether name |%s| local or not\n", name));
+	
+	if (p) {
+		fstrcpy(username, p+1);
+		fstrcpy(domain, name);
+		domain[PTR_DIFF(p, name)] = 0;
+	} else if (lp_winbind_use_default_domain()) {
+		fstrcpy(username, name);
+		fstrcpy(domain, lp_workgroup());
+	} else
+		return False;
+	
+	DEBUG(10,("split_domain_and_name: all is fine, domain is |%s| and name is |%s|\n", domain, username));
+	return True;
+}
 
 /****************************************************************************
-get a users home directory. tries as-is then lower case
+ Get a users home directory.
 ****************************************************************************/
-char *get_home_dir(char *user)
+
+char *get_user_home_dir(const char *user)
 {
-  static struct passwd *pass;
+	static struct passwd *pass;
 
-  pass = Get_Pwnam(user,False);
+	/* Ensure the user exists. */
 
-  if (!pass) return(NULL);
-  return(pass->pw_dir);      
+	pass = Get_Pwnam(user);
+
+	if (!pass)
+		return(NULL);
+	/* Return home directory from struct passwd. */
+
+	return(pass->pw_dir);      
 }
 
+/****************************************************************************
+ Get a users service home directory.
+****************************************************************************/
+
+char *get_user_service_home_dir(const char *user)
+{
+	static struct passwd *pass;
+	int snum;
+
+	/* Ensure the user exists. */
+
+	pass = Get_Pwnam(user);
+
+	if (!pass)
+		return(NULL);
+
+	/* If a path is specified in [homes] then use it instead of the
+	   user's home directory from struct passwd. */
+
+	if ((snum = lp_servicenumber(HOMES_NAME)) != -1) {
+		static pstring home_dir;
+		
+		pstrcpy(home_dir, lp_pathname(snum));
+		standard_sub_home(snum, user, home_dir);
+
+		if (home_dir[0])
+			return home_dir;
+	}
+
+	/* Return home directory from struct passwd. */
+
+	return(pass->pw_dir);      
+}
 
 /*******************************************************************
-map a username from a dos name to a unix name by looking in the username
-map
+ Map a username from a dos name to a unix name by looking in the username
+ map. Note that this modifies the name in place.
+ This is the main function that should be called *once* on
+ any incoming or new username - in order to canonicalize the name.
+ This is being done to de-couple the case conversions from the user mapping
+ function. Previously, the map_username was being called
+ every time Get_Pwnam was called.
+ Returns True if username was changed, false otherwise.
 ********************************************************************/
-void map_username(char *user)
-{
-  static int depth=0;
-  static BOOL initialised=False;
-  static fstring last_from,last_to;
-  FILE *f;
-  char *s;
-  char *mapfile = lp_username_map();
-  if (!*mapfile || depth) return;
-
-  if (!*user) return;
-
-  if (!initialised) {
-    *last_from = *last_to = 0;
-    initialised = True;
-  }
-
-  if (strequal(user,last_to)) return;
-
-  if (strequal(user,last_from)) {
-    DEBUG(3,("Mapped user %s to %s\n",user,last_to));
-    strcpy(user,last_to);
-    return;
-  }
+
+BOOL map_username(char *user)
+{
+	static BOOL initialised=False;
+	static fstring last_from,last_to;
+	XFILE *f;
+	char *mapfile = lp_username_map();
+	char *s;
+	pstring buf;
+	BOOL mapped_user = False;
+
+	if (!*user)
+		return False;
+
+	if (!*mapfile)
+		return False;
+
+	if (!initialised) {
+		*last_from = *last_to = 0;
+		initialised = True;
+	}
+
+	if (strequal(user,last_to))
+		return False;
+
+	if (strequal(user,last_from)) {
+		DEBUG(3,("Mapped user %s to %s\n",user,last_to));
+		fstrcpy(user,last_to);
+		return True;
+	}
   
-  f = fopen(mapfile,"r");
-  if (!f) {
-    DEBUG(0,("can't open username map %s\n",mapfile));
-    return;
-  }
+	f = x_fopen(mapfile,O_RDONLY, 0);
+	if (!f) {
+		DEBUG(0,("can't open username map %s. Error %s\n",mapfile, strerror(errno) ));
+		return False;
+	}
+
+	DEBUG(4,("Scanning username map %s\n",mapfile));
 
-  DEBUG(4,("Scanning username map %s\n",mapfile));
+	while((s=fgets_slash(buf,sizeof(buf),f))!=NULL) {
+		char *unixname = s;
+		char *dosname = strchr_m(unixname,'=');
+		char **dosuserlist;
+		BOOL return_if_mapped = False;
 
-  depth++;
+		if (!dosname)
+			continue;
 
-  for (; (s=fgets_slash(NULL,80,f)); free(s)) {
-    char *unixname = s;
-    char *dosname = strchr(unixname,'=');
+		*dosname++ = 0;
+
+		while (isspace((int)*unixname))
+			unixname++;
+
+		if ('!' == *unixname) {
+			return_if_mapped = True;
+			unixname++;
+			while (*unixname && isspace((int)*unixname))
+				unixname++;
+		}
+    
+		if (!*unixname || strchr_m("#;",*unixname))
+			continue;
 
-    if (!dosname) continue;
-    *dosname++ = 0;
+		{
+			int l = strlen(unixname);
+			while (l && isspace((int)unixname[l-1])) {
+				unixname[l-1] = 0;
+				l--;
+			}
+		}
 
-    while (isspace(*unixname)) unixname++;
-    if (!*unixname || strchr("#;",*unixname)) continue;
+		dosuserlist = lp_list_make(dosname);
+		if (!dosuserlist) {
+			DEBUG(0,("Unable to build user list\n"));
+			return False;
+		}
 
-    {
-      int l = strlen(unixname);
-      while (l && isspace(unixname[l-1])) {
-	unixname[l-1] = 0;
-	l--;
-      }
-    }
+		if (strchr_m(dosname,'*') || user_in_list(user, dosuserlist)) {
+			DEBUG(3,("Mapped user %s to %s\n",user,unixname));
+			mapped_user = True;
+			fstrcpy(last_from,user);
+			sscanf(unixname,"%s",user);
+			fstrcpy(last_to,user);
+			if(return_if_mapped) {
+				lp_list_free (&dosuserlist);
+				x_fclose(f);
+				return True;
+			}
+		}
+    
+		lp_list_free (&dosuserlist);
+	}
 
-    if (strchr(dosname,'*') || user_in_list(user,dosname)) {
-      DEBUG(3,("Mapped user %s to %s\n",user,unixname));
-      StrnCpy(last_from,user,sizeof(last_from)-1);
-      sscanf(unixname,"%s",user);
-      StrnCpy(last_to,user,sizeof(last_to)-1);
-    }
-  }
+	x_fclose(f);
 
-  fclose(f);
+	/*
+	 * Setup the last_from and last_to as an optimization so 
+	 * that we don't scan the file again for the same user.
+	 */
+	fstrcpy(last_from,user);
+	fstrcpy(last_to,user);
 
-  depth--;
+	return mapped_user;
 }
 
 /****************************************************************************
-internals of Get_Pwnam wrapper
+ * A wrapper for sys_getpwnam().  The following variations are tried:
+ *   - as transmitted
+ *   - in all lower case if this differs from transmitted
+ *   - in all upper case if this differs from transmitted
+ *   - using lp_usernamelevel() for permutations.
 ****************************************************************************/
-static struct passwd *_Get_Pwnam(char *s)
-{
-  struct passwd *ret;
-
-  ret = getpwnam(s);
-  if (ret)
-    {
-#ifdef GETPWANAM
-      struct passwd_adjunct *pwret;
-      pwret = getpwanam(s);
-      if (pwret)
-	{
-	  free(ret->pw_passwd);
-	  ret->pw_passwd = pwret->pwa_passwd;
+
+static struct passwd *Get_Pwnam_internals(const char *user, char *user2)
+{
+	struct passwd *ret = NULL;
+
+	if (!user2 || !(*user2))
+		return(NULL);
+
+	if (!user || !(*user))
+		return(NULL);
+
+	/* Try in all lower case first as this is the most 
+	   common case on UNIX systems */
+	strlower(user2);
+	DEBUG(5,("Trying _Get_Pwnam(), username as lowercase is %s\n",user2));
+	ret = sys_getpwnam(user2);
+	if(ret)
+		goto done;
+
+	/* Try as given, if username wasn't originally lowercase */
+	if(strcmp(user, user2) != 0) {
+		DEBUG(5,("Trying _Get_Pwnam(), username as given is %s\n", user));
+		ret = sys_getpwnam(user);
+		if(ret)
+			goto done;
 	}
-#endif
 
-    }
+	/* Try as uppercase, if username wasn't originally uppercase */
+	strupper(user2);
+	if(strcmp(user, user2) != 0) {
+		DEBUG(5,("Trying _Get_Pwnam(), username as uppercase is %s\n", user2));
+		ret = sys_getpwnam(user2);
+		if(ret)
+			goto done;
+	}
 
-  return(ret);
-}
+	/* Try all combinations up to usernamelevel */
+	strlower(user2);
+	DEBUG(5,("Checking combinations of %d uppercase letters in %s\n", lp_usernamelevel(), user2));
+	ret = uname_string_combinations(user2, sys_getpwnam, lp_usernamelevel());
 
+done:
+	DEBUG(5,("Get_Pwnam_internals %s find user [%s]!\n",ret ? "did":"didn't", user));
+	return ret;
+}
 
 /****************************************************************************
-a wrapper for getpwnam() that tries with all lower and all upper case 
-if the initial name fails. Also tried with first letter capitalised
-Note that this changes user!
+ Get_Pwnam wrapper for modification.
+  NOTE: This can potentially modify 'user'! 
 ****************************************************************************/
-struct passwd *Get_Pwnam(char *user,BOOL allow_change)
+
+struct passwd *Get_Pwnam_Modify(char *user)
 {
-  fstring user2;
+	fstring user2;
+	struct passwd *ret;
 
-  struct passwd *ret;  
+	fstrcpy(user2, user);
 
-  if (!user || !(*user))
-    return(NULL);
+	ret = Get_Pwnam_internals(user, user2);
+	
+	/* If caller wants the modified username, ensure they get it  */
+	fstrcpy(user,user2);
 
-  StrnCpy(user2,user,sizeof(user2)-1);
+	/* We can safely assume ret is NULL if none of the above succeed */
+	return(ret);  
+}
 
-  if (!allow_change) {
-    user = &user2[0];
-  }
+/****************************************************************************
+ Get_Pwnam wrapper without modification.
+  NOTE: This with NOT modify 'user'! 
+****************************************************************************/
+
+struct passwd *Get_Pwnam(const char *user)
+{
+	fstring user2;
+	struct passwd *ret;
+
+	fstrcpy(user2, user);
 
-  map_username(user);
+	DEBUG(5,("Finding user %s\n", user));
 
-  ret = _Get_Pwnam(user);
-  if (ret) return(ret);
+	ret = Get_Pwnam_internals(user, user2);
+	
+	DEBUG(5,("Get_Pwnam %s find user [%s]!\n",ret ? "did":"didn't", user));
 
-  strlower(user);
-  ret = _Get_Pwnam(user);
-  if (ret)  return(ret);
+	return ret;  
+}
 
-  strupper(user);
-  ret = _Get_Pwnam(user);
-  if (ret) return(ret);
+/****************************************************************************
+ Check if a user is in a netgroup user list.
+****************************************************************************/
 
-  /* try with first letter capitalised */
-  if (strlen(user) > 1)
-    strlower(user+1);  
-  ret = _Get_Pwnam(user);
-  if (ret) return(ret);
+static BOOL user_in_netgroup_list(const char *user, const char *ngname)
+{
+#ifdef HAVE_NETGROUP
+	static char *mydomain = NULL;
+	if (mydomain == NULL)
+		yp_get_default_domain(&mydomain);
+
+	if(mydomain == NULL) {
+		DEBUG(5,("Unable to get default yp domain\n"));
+		return False;
+	}
 
-  if (allow_change)
-    strcpy(user,user2);
+	DEBUG(5,("looking for user %s of domain %s in netgroup %s\n",
+		user, mydomain, ngname));
+	DEBUG(5,("innetgr is %s\n", innetgr(ngname, NULL, user, mydomain)
+		? "TRUE" : "FALSE"));
 
-  return(NULL);
+	if (innetgr(ngname, NULL, user, mydomain))
+		return (True);
+#endif /* HAVE_NETGROUP */
+	return False;
 }
 
-
 /****************************************************************************
-check if a user is in a user list
+ Check if a user is in a winbind group.
+****************************************************************************/
+  
+static BOOL user_in_winbind_group_list(const char *user, const char *gname, BOOL *winbind_answered)
+{
+	int num_groups;
+	int i;
+ 	gid_t *groups = NULL;
+ 	gid_t gid;
+ 	BOOL ret = False;
+ 
+ 	*winbind_answered = False;
+ 
+ 	/*
+ 	 * Get the gid's that this user belongs to.
+ 	 */
+ 
+ 	if ((num_groups = winbind_getgroups(user, 0, NULL)) == -1)
+ 		return False;
+ 
+ 	if (num_groups == 0) {
+ 		*winbind_answered = True;
+ 		return False;
+ 	}
+ 
+ 	if ((groups = (gid_t *)malloc(sizeof(gid_t) * num_groups )) == NULL) {
+ 		DEBUG(0,("user_in_winbind_group_list: malloc fail.\n"));
+ 		goto err;
+ 	}
+ 
+ 	if ((num_groups = winbind_getgroups(user, num_groups, groups)) == -1) {
+ 		DEBUG(0,("user_in_winbind_group_list: second winbind_getgroups call \
+failed with error %s\n", strerror(errno) ));
+ 		goto err;
+	}
+ 
+	/*
+	 * Now we have the gid list for this user - convert the gname
+	 * to a gid_t via either winbind or the local UNIX lookup and do the comparison.
+	 */
+ 
+	if ((gid = nametogid(gname)) == (gid_t)-1) {
+ 		DEBUG(0,("user_in_winbind_group_list: winbind_lookup_name for group %s failed.\n",
+ 			gname ));
+ 		goto err;
+ 	}
+ 
+ 	for (i = 0; i < num_groups; i++) {
+ 		if (gid == groups[i]) {
+ 			ret = True;
+ 			break;
+ 		}
+ 	}
+ 
+ 	*winbind_answered = True;
+ 	SAFE_FREE(groups);
+ 	return ret;
+ 
+   err:
+ 
+ 	*winbind_answered = False;
+ 	SAFE_FREE(groups);
+ 	return False;
+}	      
+ 
+/****************************************************************************
+ Check if a user is in a UNIX group.
 ****************************************************************************/
-BOOL user_in_list(char *user,char *list)
-{
-  pstring tok;
-  char *p=list;
-
-  while (next_token(&p,tok,LIST_SEP))
-    {
-      if (strequal(user,tok))
-	return(True);
-
-#ifdef NETGROUP
-      if (*tok == '@')
-	{
-	  static char *mydomain = NULL;
-	  if (mydomain == 0)
-	    yp_get_default_domain(&mydomain);
-	  
-	  DEBUG(5,("looking for user %s of domain %s in netgroup %s\n",
-		   user, mydomain, &tok[1]));
-	  DEBUG(5,("innetgr is %s\n",
-		   innetgr(&tok[1], (char *) 0, user, mydomain)
-		   ? "TRUE" : "FALSE"));
-	  
-	  if (innetgr(&tok[1], (char *)0, user, mydomain))
-	    return (True);
+
+static BOOL user_in_unix_group_list(const char *user,const char *gname)
+{
+	struct passwd *pass = Get_Pwnam(user);
+	struct sys_userlist *user_list;
+	struct sys_userlist *member;
+
+	DEBUG(10,("user_in_unix_group_list: checking user %s in group %s\n", user, gname));
+
+ 	/*
+ 	 * We need to check the users primary group as this
+ 	 * group is implicit and often not listed in the group database.
+ 	 */
+ 
+ 	if (pass) {
+ 		if (strequal(gname,gidtoname(pass->pw_gid))) {
+ 			DEBUG(10,("user_in_unix_group_list: group %s is primary group.\n", gname ));
+ 			return True;
+ 		}
+ 	}
+ 
+	user_list = get_users_in_group(gname);
+ 	if (user_list == NULL) {
+ 		DEBUG(10,("user_in_unix_group_list: no such group %s\n", gname ));
+ 		return False;
+ 	}
+
+	for (member = user_list; member; member = member->next) {
+ 		DEBUG(10,("user_in_unix_group_list: checking user %s against member %s\n",
+			user, member->unix_name ));
+  		if (strequal(member->unix_name,user)) {
+			free_userlist(user_list);
+  			return(True);
+  		}
 	}
-#endif
 
+	free_userlist(user_list);
+	return False;
+}	      
 
-#if HAVE_GETGRNAM 
-      if (*tok == '@')
-	{
-          struct group *gptr;
-          char **member;  
-	  struct passwd *pass = Get_Pwnam(user,False);
+/****************************************************************************
+ Check if a user is in a group list. Ask winbind first, then use UNIX.
+****************************************************************************/
+
+BOOL user_in_group_list(const char *user, const char *gname)
+{
+	BOOL winbind_answered = False;
+	BOOL ret;
 
-	  if (pass) { 
-	    gptr = getgrgid(pass->pw_gid);
-	    if (gptr && strequal(gptr->gr_name,&tok[1]))
-	      return(True); 
-	  } 
+	ret = user_in_winbind_group_list(user, gname, &winbind_answered);
+	if (!winbind_answered)
+		ret = user_in_unix_group_list(user, gname);
 
-	  gptr = (struct group *)getgrnam(&tok[1]);
+	if (ret)
+		DEBUG(10,("user_in_group_list: user |%s| is in group |%s|\n", user, gname));
+	return ret;
+}
 
-	  if (gptr)
-	    {
-	      member = gptr->gr_mem;
-	      while (member && *member)
-		{
-		  if (strequal(*member,user))
-		    return(True);
-		  member++;
+/****************************************************************************
+ Check if a user is in a user list - can check combinations of UNIX
+ and netgroup lists.
+****************************************************************************/
+
+BOOL user_in_list(const char *user,char **list)
+{
+	if (!list || !*list)
+		return False;
+
+	DEBUG(10,("user_in_list: checking user %s in list\n", user));
+
+	while (*list) {
+
+		DEBUG(10,("user_in_list: checking user |%s| in group |%s|\n", user, *list));
+
+		/*
+		 * Check raw username.
+		 */
+		if (strequal(user, *list))
+			return(True);
+
+		/*
+		 * Now check to see if any combination
+		 * of UNIX and netgroups has been specified.
+		 */
+
+		if(**list == '@') {
+			/*
+			 * Old behaviour. Check netgroup list
+			 * followed by UNIX list.
+			 */
+			if(user_in_netgroup_list(user, *list +1))
+				return True;
+			if(user_in_group_list(user, *list +1))
+				return True;
+		} else if (**list == '+') {
+
+			if((*(*list +1)) == '&') {
+				/*
+				 * Search UNIX list followed by netgroup.
+				 */
+				if(user_in_group_list(user, *list +2))
+					return True;
+				if(user_in_netgroup_list(user, *list +2))
+					return True;
+
+			} else {
+
+				/*
+				 * Just search UNIX list.
+				 */
+
+				if(user_in_group_list(user, *list +1))
+					return True;
+			}
+
+		} else if (**list == '&') {
+
+			if(*(*list +1) == '+') {
+				/*
+				 * Search netgroup list followed by UNIX list.
+				 */
+				if(user_in_netgroup_list(user, *list +2))
+					return True;
+				if(user_in_group_list(user, *list +2))
+					return True;
+			} else {
+				/*
+				 * Just search netgroup list.
+				 */
+				if(user_in_netgroup_list(user, *list +1))
+					return True;
+			}
+		} else if (!name_is_local(*list)) {
+			/*
+			 * If user name did not match and token is not
+			 * a unix group and the token has a winbind separator in the
+			 * name then see if it is a Windows group.
+			 */
+
+			DOM_SID g_sid;
+			enum SID_NAME_USE name_type;
+			BOOL winbind_answered = False;
+			BOOL ret;
+			fstring groupname, domain;
+			
+			/* Parse a string of the form DOMAIN/user into a domain and a user */
+
+			char *p = strchr(*list,*lp_winbind_separator());
+			
+			DEBUG(10,("user_in_list: checking if user |%s| is in winbind group |%s|\n", user, *list));
+
+			if (p) {
+				fstrcpy(groupname, p+1);
+				fstrcpy(domain, *list);
+				domain[PTR_DIFF(p, *list)] = 0;
+
+				/* Check to see if name is a Windows group */
+				if (winbind_lookup_name(domain, groupname, &g_sid, &name_type) && name_type == SID_NAME_DOM_GRP) {
+					
+				/* Check if user name is in the Windows group */
+					ret = user_in_winbind_group_list(user, *list, &winbind_answered);
+					
+					if (winbind_answered && ret == True) {
+						DEBUG(10,("user_in_list: user |%s| is in winbind group |%s|\n", user, *list));
+						return ret;
+					}
+				}
+			}
 		}
-	    }
-	}	      
-#endif
-    }
-  return(False);
+    
+		list++;
+	}
+	return(False);
 }
 
+/* The functions below have been taken from password.c and slightly modified */
+/****************************************************************************
+ Apply a function to upper/lower case combinations
+ of a string and return true if one of them returns true.
+ Try all combinations with N uppercase letters.
+ offset is the first char to try and change (start with 0)
+ it assumes the string starts lowercased
+****************************************************************************/
+
+static struct passwd *uname_string_combinations2(char *s,int offset,struct passwd *(*fn)(const char *),int N)
+{
+	ssize_t len = (ssize_t)strlen(s);
+	int i;
+	struct passwd *ret;
+
+	if (N <= 0 || offset >= len)
+		return(fn(s));
+
+	for (i=offset;i<(len-(N-1));i++) {
+		char c = s[i];
+		if (!islower((int)c))
+			continue;
+		s[i] = toupper(c);
+		ret = uname_string_combinations2(s,i+1,fn,N-1);
+		if(ret)
+			return(ret);
+		s[i] = c;
+	}
+	return(NULL);
+}
 
+/****************************************************************************
+ Apply a function to upper/lower case combinations
+ of a string and return true if one of them returns true.
+ Try all combinations with up to N uppercase letters.
+ offset is the first char to try and change (start with 0)
+ it assumes the string starts lowercased
+****************************************************************************/
+
+static struct passwd * uname_string_combinations(char *s,struct passwd * (*fn)(const char *),int N)
+{
+	int n;
+	struct passwd *ret;
+
+	for (n=1;n<=N;n++) {
+		ret = uname_string_combinations2(s,0,fn,n);
+		if(ret)
+			return(ret);
+	}  
+	return(NULL);
+}
+
+/****************************************************************************
+ These wrappers allow appliance mode to work. In appliance mode the username
+ takes the form DOMAIN/user.
+****************************************************************************/
+
+struct passwd *smb_getpwnam(char *user, BOOL allow_change)
+{
+	struct passwd *pw;
+	char *p;
+	char *sep;
+	extern pstring global_myname;
+
+	if (allow_change)
+		pw = Get_Pwnam_Modify(user);
+	else
+		pw = Get_Pwnam(user);
+
+	if (pw)
+		return pw;
+
+	/*
+	 * If it is a domain qualified name and it isn't in our password
+	 * database but the domain portion matches our local machine name then
+	 * lookup just the username portion locally.
+	 */
+
+	sep = lp_winbind_separator();
+	p = strchr_m(user,*sep);
+	if (p && strncasecmp(global_myname, user, strlen(global_myname))==0) {
+		if (allow_change)
+			pw = Get_Pwnam_Modify(p+1);
+		else
+			pw = Get_Pwnam(p+1);
+	}
+	return NULL;
+}
diff --git a/source3/lib/util.c b/source3/lib/util.c
index 7bd6298c4c..7e2ad49639 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -1,8 +1,9 @@
 /* 
-   Unix SMB/Netbios implementation.
-   Version 1.9.
+   Unix SMB/CIFS implementation.
    Samba utility functions
-   Copyright (C) Andrew Tridgell 1992-1995
+   Copyright (C) Andrew Tridgell 1992-1998
+   Copyright (C) Jeremy Allison 2001
+   Copyright (C) Simo Sorce 2001
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -20,41 +21,51 @@
 */
 
 #include "includes.h"
-#include "loadparm.h"
 
-pstring scope = "";
+#if (defined(HAVE_NETGROUP) && defined (WITH_AUTOMOUNT))
+#ifdef WITH_NISPLUS_HOME
+#ifdef BROKEN_NISPLUS_INCLUDE_FILES
+/*
+ * The following lines are needed due to buggy include files
+ * in Solaris 2.6 which define GROUP in both /usr/include/sys/acl.h and
+ * also in /usr/include/rpcsvc/nis.h. The definitions conflict. JRA.
+ * Also GROUP_OBJ is defined as 0x4 in /usr/include/sys/acl.h and as
+ * an enum in /usr/include/rpcsvc/nis.h.
+ */
 
-int DEBUGLEVEL = 1;
+#if defined(GROUP)
+#undef GROUP
+#endif
 
-BOOL passive = False;
+#if defined(GROUP_OBJ)
+#undef GROUP_OBJ
+#endif
 
-int Protocol = PROTOCOL_COREPLUS;
+#endif /* BROKEN_NISPLUS_INCLUDE_FILES */
 
-int serverzone=0;
+#include <rpcsvc/nis.h>
 
-/* a default finfo structure to ensure all fields are sensible */
-file_info def_finfo = {-1,0,0,0,0,0,0,""};
+#else /* !WITH_NISPLUS_HOME */
 
-/* these are some file handles where debug info will be stored */
-FILE *dbf = NULL;
+#include "rpcsvc/ypclnt.h"
 
-/* the client file descriptor */
-int Client = -1;
+#endif /* WITH_NISPLUS_HOME */
+#endif /* HAVE_NETGROUP && WITH_AUTOMOUNT */
 
-/* info on the client */
-struct from_host Client_info=
-{"UNKNOWN","0.0.0.0",NULL};
+#ifdef WITH_SSL
+#include <openssl/ssl.h>
+#undef Realloc  /* SSLeay defines this and samba has a function of this name */
+extern SSL  *ssl;
+extern int  sslFd;
+#endif  /* WITH_SSL */
 
-/* the last IP received from */
-struct in_addr lastip;
+int Protocol = PROTOCOL_COREPLUS;
 
-/* the last port received from */
-int lastport=0;
+/* a default finfo structure to ensure all fields are sensible */
+file_info def_finfo = {-1,0,0,0,0,0,0,"",""};
 
-/* my IP, the broadcast IP and the Netmask */
-struct in_addr myip;
-struct in_addr bcast_ip;
-struct in_addr Netmask;
+/* this is used by the chaining code */
+int chain_size = 0;
 
 int trans_num = 0;
 
@@ -63,13 +74,6 @@ int trans_num = 0;
 */
 int case_default = CASE_LOWER;
 
-
-/* size of reads during a direct file to file transfer */
-int ReadSize = 16*1024;
-
-pstring debugf = "/tmp/log.samba";
-int syslog_level;
-
 /* the following control case operations - they are put here so the
    client can link easily */
 BOOL case_sensitive;
@@ -78,916 +82,110 @@ BOOL use_mangled_map = False;
 BOOL short_case_preserve;
 BOOL case_mangle;
 
-fstring remote_machine="";
-fstring local_machine="";
-fstring remote_arch="UNKNOWN";
-fstring remote_proto="UNKNOWN";
-pstring myhostname="";
-pstring user_socket_options="";   
-pstring sesssetup_user="";
-
-
-static char *filename_dos(char *path,char *buf);
-
-static BOOL stdout_logging = False;
-
-
-/*******************************************************************
-  get ready for syslog stuff
-  ******************************************************************/
-void setup_logging(char *pname,BOOL interactive)
-{
-#ifdef SYSLOG
-  if (!interactive) {
-    char *p = strrchr(pname,'/');
-    if (p) pname = p+1;
-    openlog(pname, LOG_PID, LOG_DAEMON);
-  }
-#endif
-  if (interactive) {
-    stdout_logging = True;
-    dbf = stdout;
-  }
-}
-
-
-BOOL append_log=False;
-
-
-/****************************************************************************
-reopen the log files
-****************************************************************************/
-void reopen_logs(void)
-{
-  extern FILE *dbf;
-  pstring fname;
-  
-  if (DEBUGLEVEL > 0)
-    {
-      strcpy(fname,debugf);
-      if (lp_loaded() && (*lp_logfile()))
-	strcpy(fname,lp_logfile());
-
-      if (!strcsequal(fname,debugf) || !dbf || !file_exist(debugf,NULL))
-	{
-	  strcpy(debugf,fname);
-	  if (dbf) fclose(dbf);
-	  if (append_log)
-	    dbf = fopen(debugf,"a");
-	  else
-	    dbf = fopen(debugf,"w");
-	  if (dbf) setbuf(dbf,NULL);
-	}
-    }
-  else
-    {
-      if (dbf)
-	{
-	  fclose(dbf);
-	  dbf = NULL;
-	}
-    }
-}
-
-
-/*******************************************************************
-write an debug message on the debugfile. This is called by the DEBUG
-macro
-********************************************************************/
-#ifdef __STDC__
-int Debug1(char *format_str, ...)
-{
-#else
-int Debug1(va_alist)
-va_dcl
-{  
-  char *format_str;
-#endif
-  va_list ap;  
-  
-#ifdef __STDC__
-  va_start(ap, format_str);
-#else
-  va_start(ap);
-  format_str = va_arg(ap,char *);
-#endif
-
-  if (stdout_logging) {
-    vfprintf(dbf,format_str,ap);
-    va_end(ap);
-    return(0);
-  }
+static enum remote_arch_types ra_type = RA_UNKNOWN;
+pstring user_socket_options=DEFAULT_SOCKET_OPTIONS;   
 
-  {
-    static int debug_count=0;
+pstring global_myname = "";
+fstring global_myworkgroup = "";
+char **my_netbios_names;
 
-    debug_count++;
-    if (debug_count == 100) {
-      int maxlog = lp_max_log_size() * 1024;
-      if (dbf && maxlog > 0)
-	{
-	  struct stat st;
-
-	  if (fstat(fileno(dbf),&st) == 0 && st.st_size > maxlog) {
-	    fclose(dbf); dbf = NULL;
-	    reopen_logs();
-	    if (dbf && file_size(debugf) > maxlog) {
-	      pstring name;
-	      fclose(dbf); dbf = NULL;
-	      sprintf(name,"%s.old",debugf);
-	      sys_rename(debugf,name);
-	      reopen_logs();
-	    }
-	  }
-	}
-      debug_count=0;
-    }
-  }
-  
-#ifdef SYSLOG
-  if (!lp_syslog_only())
-#endif  
-    {
-      if (!dbf) 
-	{
-      	  dbf = fopen(debugf,"w");
-	  if (dbf)
-	    setbuf(dbf,NULL);
-	  else
-	    return(0);
-	}
-    }
-
-#ifdef SYSLOG
-  if (syslog_level < lp_syslog())
-    {
-      /* 
-       * map debug levels to syslog() priorities
-       * note that not all DEBUG(0, ...) calls are
-       * necessarily errors
-       */
-      static int priority_map[] = { 
-	LOG_ERR,     /* 0 */
-	LOG_WARNING, /* 1 */
-	LOG_NOTICE,  /* 2 */
-	LOG_INFO,    /* 3 */
-      };
-      int priority;
-      pstring msgbuf;
-      
-      if (syslog_level >= sizeof(priority_map) / sizeof(priority_map[0]) ||
-	  syslog_level < 0)
-	priority = LOG_DEBUG;
-      else
-	priority = priority_map[syslog_level];
-      
-      vsprintf(msgbuf, format_str, ap);
-      
-      msgbuf[255] = '\0';
-      syslog(priority, "%s", msgbuf);
-    }
-#endif
-  
-#ifdef SYSLOG
-  if (!lp_syslog_only())
-#endif
-    {
-      vfprintf(dbf,format_str,ap);
-      fflush(dbf);
-    }
-  
-  va_end(ap);
-  return(0);
-}
 
 /****************************************************************************
-routine to do file locking
-****************************************************************************/
-BOOL fcntl_lock(int fd,int op,uint32 offset,uint32 count,int type)
+  find a suitable temporary directory. The result should be copied immediately
+ as it may be overwritten by a subsequent call.
+  ****************************************************************************/
+char *tmpdir(void)
 {
-#if HAVE_FCNTL_LOCK
-  struct flock lock;
-  int ret;
-
-#if 1
-  uint32 mask = 0xC0000000;
-
-  /* make sure the count is reasonable, we might kill the lockd otherwise */
-  count &= ~mask;
-
-  /* the offset is often strange - remove 2 of its bits if either of
-     the top two bits are set. Shift the top ones by two bits. This
-     still allows OLE2 apps to operate, but should stop lockd from
-     dieing */
-  if ((offset & mask) != 0)
-    offset = (offset & ~mask) | ((offset & mask) >> 2);
-#else
-  unsigned long mask = ((unsigned)1<<31);
-
-  /* interpret negative counts as large numbers */
-  if (count < 0)
-    count &= ~mask;
-
-  /* no negative offsets */
-  offset &= ~mask;
-
-  /* count + offset must be in range */
-  while ((offset < 0 || (offset + count < 0)) && mask)
-    {
-      offset &= ~mask;
-      mask = mask >> 1;
-    }
-#endif
-
-
-  DEBUG(5,("fcntl_lock %d %d %d %d %d\n",fd,op,(int)offset,(int)count,type));
-
-  lock.l_type = type;
-  lock.l_whence = SEEK_SET;
-  lock.l_start = (int)offset;
-  lock.l_len = (int)count;
-  lock.l_pid = 0;
-
-  errno = 0;
-
-  ret = fcntl(fd,op,&lock);
-
-  if (errno != 0)
-    DEBUG(3,("fcntl lock gave errno %d (%s)\n",errno,strerror(errno)));
-
-  /* a lock query */
-  if (op == F_GETLK)
-    {
-      if ((ret != -1) &&
-	  (lock.l_type != F_UNLCK) && 
-	  (lock.l_pid != 0) && 
-	  (lock.l_pid != getpid()))
-	{
-	  DEBUG(3,("fd %d is locked by pid %d\n",fd,lock.l_pid));
-	  return(True);
-	}
-
-      /* it must be not locked or locked by me */
-      return(False);
-    }
-
-  /* a lock set or unset */
-  if (ret == -1)
-    {
-      DEBUG(3,("lock failed at offset %d count %d op %d type %d (%s)\n",
-	       offset,count,op,type,strerror(errno)));
-
-      /* perhaps it doesn't support this sort of locking?? */
-      if (errno == EINVAL)
-	{
-	  DEBUG(3,("locking not supported? returning True\n"));
-	  return(True);
-	}
-
-      return(False);
-    }
-
-  /* everything went OK */
-  DEBUG(5,("Lock call successful\n"));
-
-  return(True);
-#else
-  return(False);
-#endif
-}
-
-/*******************************************************************
-lock a file - returning a open file descriptor or -1 on failure
-The timeout is in seconds. 0 means no timeout
-********************************************************************/
-int file_lock(char *name,int timeout)
-{  
-  int fd = open(name,O_RDWR|O_CREAT,0666);
-  time_t t=0;
-  if (fd < 0) return(-1);
-
-#if HAVE_FCNTL_LOCK
-  if (timeout) t = time(NULL);
-  while (!timeout || (time(NULL)-t < timeout)) {
-    if (fcntl_lock(fd,F_SETLK,0,1,F_WRLCK)) return(fd);    
-    msleep(LOCK_RETRY_TIMEOUT);
-  }
-  return(-1);
-#else
-  return(fd);
-#endif
-}
-
-/*******************************************************************
-unlock a file locked by file_lock
-********************************************************************/
-void file_unlock(int fd)
-{
-  if (fd<0) return;
-#if HAVE_FCNTL_LOCK
-  fcntl_lock(fd,F_SETLK,0,1,F_UNLCK);
-#endif
-  close(fd);
-}
-
-/*******************************************************************
-a gettimeofday wrapper
-********************************************************************/
-void GetTimeOfDay(struct timeval *tval)
-{
-#ifdef GETTIMEOFDAY1
-  gettimeofday(tval);
-#else
-  gettimeofday(tval,NULL);
-#endif
-}
-
-int extra_time_offset = 0;
-
-static int timediff = 0;
-
-/*******************************************************************
-init the time differences
-********************************************************************/
-void TimeInit(void)
-{
-  struct tm tm_utc,tm_local;
-  time_t t;
-
-  t = time(NULL);
-
-  tm_utc = *(gmtime(&t));
-  tm_local = *(localtime(&t));
-
-#ifdef HAVE_GMTOFF
-  timediff = -tm_local.tm_gmtoff;  
-#else
-  timediff = mktime(&tm_utc) - mktime(&tm_local);
-#endif
-
-  if (serverzone == 0) {
-    serverzone = timediff - DSTDiff(t);
-    DEBUG(4,("Serverzone is %d\n",serverzone));
-  }
-}
-
-
-/*******************************************************************
-return the DST offset for a particular time
-We keep a table of DST offsets to prevent calling localtime() on each 
-call of this function. This saves a LOT of time on many unixes.
-********************************************************************/
-int DSTDiff(time_t t)
-{
-  static struct dst_table {time_t start,end; BOOL is_dst;} *dst_table = NULL;
-  static int table_size = 0;
-  int i;
-  BOOL is_dst = False;
-
-  if (t == 0) t = time(NULL);
-
-#ifndef NO_ISDST
-  for (i=0;i<table_size;i++)
-    if (t >= dst_table[i].start && t <= dst_table[i].end) break;
-
-  if (i<table_size) {
-    is_dst = dst_table[i].is_dst;
-  } else {
-    time_t low,high;
-
-    dst_table = (struct dst_table *)Realloc(dst_table,
-					      sizeof(dst_table[0])*(i+1));
-    if (!dst_table) {
-      table_size = 0;
-      return(0);
-    }
-
-    table_size++;
-
-    dst_table[i].is_dst = is_dst = (localtime(&t)->tm_isdst?True:False);;
-    dst_table[i].start = dst_table[i].end = t;
-    
-    /* no entry will cover more than 6 months */
-    low = t - 3*30*24*60*60;
-    high = t + 3*30*24*60*60;
-
-    /* widen the new entry using two bisection searches */
-    while (low+60*60 < dst_table[i].start) {
-      t = low + (dst_table[i].start-low)/2;
-      if ((localtime(&t)->tm_isdst?True:False) == is_dst)
-	dst_table[i].start = t;
-      else
-	low = t;
-    }
-
-    while (high-60*60 > dst_table[i].end) {
-      t = high + (high-dst_table[i].end)/2;
-      if ((localtime(&t)->tm_isdst?True:False) == is_dst)
-	dst_table[i].end = t;
-      else
-	high = t;
-    }    
-
-/*
-    DEBUG(1,("Added DST entry from %s ",
-	     asctime(localtime(&dst_table[i].start))));
-    DEBUG(1,("to %s (%d)\n",asctime(localtime(&dst_table[i].end)),
-	     dst_table[i].is_dst));
-*/
-  }
-#endif
-
-  return((is_dst?60*60:0) - (extra_time_offset*60));
-}
-
-/****************************************************************************
-return the difference between local and GMT time
-****************************************************************************/
-int TimeDiff(time_t t)
-{
-  static BOOL initialised = False;
-  if (!initialised) {initialised=True; TimeInit();}
-  return(timediff - DSTDiff(t));
-}
-
-/****************************************************************************
-try to optimise the localtime call, it can be quite expenive on some machines
-timemul is normally LOCAL_TO_GMT, GMT_TO_LOCAL or 0
-****************************************************************************/
-struct tm *LocalTime(time_t *t,int timemul)
-{
-  time_t t2 = *t;
-
-  if (timemul)
-    t2 += timemul * TimeDiff(t2);
-
-  return(gmtime(&t2));
-}
-
-
-/****************************************************************************
-determine if a file descriptor is in fact a socket
-****************************************************************************/
-BOOL is_a_socket(int fd)
-{
-  int v,l;
-  l = sizeof(int);
-  return(getsockopt(fd, SOL_SOCKET, SO_TYPE, (char *)&v, &l) == 0);
-}
-
-
-static char *last_ptr=NULL;
-
-/****************************************************************************
-  Get the next token from a string, return False if none found
-  handles double-quotes. 
-Based on a routine by GJC@VILLAGE.COM. 
-Extensively modified by Andrew.Tridgell@anu.edu.au
-****************************************************************************/
-BOOL next_token(char **ptr,char *buff,char *sep)
-{
-  char *s;
-  BOOL quoted;
-
-  if (!ptr) ptr = &last_ptr;
-  if (!ptr) return(False);
-
-  s = *ptr;
-
-  /* default to simple separators */
-  if (!sep) sep = " \t\n\r";
-
-  /* find the first non sep char */
-  while(*s && strchr(sep,*s)) s++;
-
-  /* nothing left? */
-  if (! *s) return(False);
-
-  /* copy over the token */
-  for (quoted = False; *s && (quoted || !strchr(sep,*s)); s++)
-    {
-      if (*s == '\"') 
-	quoted = !quoted;
-      else
-	*buff++ = *s;
-    }
-
-  *ptr = (*s) ? s+1 : s;  
-  *buff = 0;
-  last_ptr = *ptr;
-
-  return(True);
+  char *p;
+	if ((p = getenv("TMPDIR")))
+    return p;
+  return "/tmp";
 }
 
 /****************************************************************************
-Convert list of tokens to array; dependent on above routine.
-Uses last_ptr from above - bit of a hack.
+ Determine whether we are in the specified group.
 ****************************************************************************/
-char **toktocliplist(int *ctok, char *sep)
-{
-  char *s=last_ptr;
-  int ictok=0;
-  char **ret, **iret;
-
-  if (!sep) sep = " \t\n\r";
 
-  while(*s && strchr(sep,*s)) s++;
-
-  /* nothing left? */
-  if (!*s) return(NULL);
-
-  do {
-    ictok++;
-    while(*s && (!strchr(sep,*s))) s++;
-    while(*s && strchr(sep,*s)) *s++=0;
-  } while(*s);
-
-  *ctok=ictok;
-  s=last_ptr;
-
-  if (!(ret=iret=malloc(ictok*sizeof(char *)))) return NULL;
-  
-  while(ictok--) {    
-    *iret++=s;
-    while(*s++);
-    while(!*s) s++;
-  }
-
-  return ret;
-}
-
-#ifndef HAVE_MEMMOVE
-/*******************************************************************
-safely copies memory, ensuring no overlap problems.
-this is only used if the machine does not have it's own memmove().
-this is not the fastest algorithm in town, but it will do for our
-needs.
-********************************************************************/
-void *MemMove(void *dest,void *src,int size)
+BOOL in_group(gid_t group, gid_t current_gid, int ngroups, gid_t *groups)
 {
-  unsigned long d,s;
-  int i;
-  if (dest==src || !size) return(dest);
+	int i;
 
-  d = (unsigned long)dest;
-  s = (unsigned long)src;
+	if (group == current_gid)
+		return(True);
 
-  if ((d >= (s+size)) || (s >= (d+size))) {
-    /* no overlap */
-    memcpy(dest,src,size);
-    return(dest);
-  }
+	for (i=0;i<ngroups;i++)
+		if (group == groups[i])
+			return(True);
 
-  if (d < s)
-    {
-      /* we can forward copy */
-      if (s-d >= sizeof(int) && 
-	  !(s%sizeof(int)) && !(d%sizeof(int)) && !(size%sizeof(int))) {
-	/* do it all as words */
-	int *idest = (int *)dest;
-	int *isrc = (int *)src;
-	size /= sizeof(int);
-	for (i=0;i<size;i++) idest[i] = isrc[i];
-      } else {
-	/* simplest */
-	char *cdest = (char *)dest;
-	char *csrc = (char *)src;
-	for (i=0;i<size;i++) cdest[i] = csrc[i];
-      }
-    }
-  else
-    {
-      /* must backward copy */
-      if (d-s >= sizeof(int) && 
-	  !(s%sizeof(int)) && !(d%sizeof(int)) && !(size%sizeof(int))) {
-	/* do it all as words */
-	int *idest = (int *)dest;
-	int *isrc = (int *)src;
-	size /= sizeof(int);
-	for (i=size-1;i>=0;i--) idest[i] = isrc[i];
-      } else {
-	/* simplest */
-	char *cdest = (char *)dest;
-	char *csrc = (char *)src;
-	for (i=size-1;i>=0;i--) cdest[i] = csrc[i];
-      }      
-    }
-  return(dest);
+	return(False);
 }
-#endif
-
 
 /****************************************************************************
-prompte a dptr (to make it recently used)
+ Like atoi but gets the value up to the separator character.
 ****************************************************************************/
-void array_promote(char *array,int elsize,int element)
-{
-  char *p;
-  if (element == 0)
-    return;
 
-  p = (char *)malloc(elsize);
-
-  if (!p)
-    {
-      DEBUG(5,("Ahh! Can't malloc\n"));
-      return;
-    }
-  memcpy(p,array + element * elsize, elsize);
-  memmove(array + elsize,array,elsize*element);
-  memcpy(array,p,elsize);
-  free(p);
-}
-
-enum SOCK_OPT_TYPES {OPT_BOOL,OPT_INT,OPT_ON};
-
-struct
+char *Atoic(char *p, int *n, char *c)
 {
-  char *name;
-  int level;
-  int option;
-  int value;
-  int opttype;
-} socket_options[] = {
-  {"SO_KEEPALIVE",      SOL_SOCKET,    SO_KEEPALIVE,    0,                 OPT_BOOL},
-  {"SO_REUSEADDR",      SOL_SOCKET,    SO_REUSEADDR,    0,                 OPT_BOOL},
-  {"SO_BROADCAST",      SOL_SOCKET,    SO_BROADCAST,    0,                 OPT_BOOL},
-#ifdef TCP_NODELAY
-  {"TCP_NODELAY",       IPPROTO_TCP,   TCP_NODELAY,     0,                 OPT_BOOL},
-#endif
-#ifdef IPTOS_LOWDELAY
-  {"IPTOS_LOWDELAY",    IPPROTO_IP,    IP_TOS,          IPTOS_LOWDELAY,    OPT_ON},
-#endif
-#ifdef IPTOS_THROUGHPUT
-  {"IPTOS_THROUGHPUT",  IPPROTO_IP,    IP_TOS,          IPTOS_THROUGHPUT,  OPT_ON},
-#endif
-#ifdef SO_SNDBUF
-  {"SO_SNDBUF",         SOL_SOCKET,    SO_SNDBUF,       0,                 OPT_INT},
-#endif
-#ifdef SO_RCVBUF
-  {"SO_RCVBUF",         SOL_SOCKET,    SO_RCVBUF,       0,                 OPT_INT},
-#endif
-#ifdef SO_SNDLOWAT
-  {"SO_SNDLOWAT",       SOL_SOCKET,    SO_SNDLOWAT,     0,                 OPT_INT},
-#endif
-#ifdef SO_RCVLOWAT
-  {"SO_RCVLOWAT",       SOL_SOCKET,    SO_RCVLOWAT,     0,                 OPT_INT},
-#endif
-  {NULL,0,0,0,0}};
-
-	
-
-/****************************************************************************
-set user socket options
-****************************************************************************/
-void set_socket_options(int fd, char *options)
-{
-  string tok;
-
-  while (next_token(&options,tok," \t,"))
-    {
-      int ret=0,i;
-      int value = 1;
-      char *p;
-      BOOL got_value = False;
-
-      if ((p = strchr(tok,'=')))
-	{
-	  *p = 0;
-	  value = atoi(p+1);
-	  got_value = True;
+	if (!isdigit((int)*p)) {
+		DEBUG(5, ("Atoic: malformed number\n"));
+		return NULL;
 	}
 
-      for (i=0;socket_options[i].name;i++)
-	if (strequal(socket_options[i].name,tok))
-	  break;
+	(*n) = atoi(p);
 
-      if (!socket_options[i].name)
-	{
-	  DEBUG(0,("Unknown socket option %s\n",tok));
-	  continue;
-	}
+	while ((*p) && isdigit((int)*p))
+		p++;
 
-      switch (socket_options[i].opttype)
+	if (strchr_m(c, *p) == NULL)
 	{
-	case OPT_BOOL:
-	case OPT_INT:
-	  ret = setsockopt(fd,socket_options[i].level,
-			   socket_options[i].option,(char *)&value,sizeof(int));
-	  break;
-
-	case OPT_ON:
-	  if (got_value)
-	    DEBUG(0,("syntax error - %s does not take a value\n",tok));
-
-	  {
-	    int on = socket_options[i].value;
-	    ret = setsockopt(fd,socket_options[i].level,
-			     socket_options[i].option,(char *)&on,sizeof(int));
-	  }
-	  break;	  
+		DEBUG(5, ("Atoic: no separator characters (%s) not found\n", c));
+		return NULL;
 	}
-      
-      if (ret != 0)
-	DEBUG(0,("Failed to set socket option %s\n",tok));
-    }
-}
-
 
-
-/****************************************************************************
-  close the socket communication
-****************************************************************************/
-void close_sockets(void )
-{
-  close(Client);
-  Client = 0;
+	return p;
 }
 
-/****************************************************************************
-  return the date and time as a string
-****************************************************************************/
-char *timestring(void )
-{
-  static char TimeBuf[100];
-  time_t t;
-  t = time(NULL);
-#ifdef NO_STRFTIME
-  strcpy(TimeBuf, asctime(LocalTime(&t,GMT_TO_LOCAL)));
-#elif defined(CLIX) || defined(CONVEX)
-  strftime(TimeBuf,100,"%m/%d/%y %I:%M:%S %p",LocalTime(&t,GMT_TO_LOCAL));
-#elif defined(AMPM)
-  strftime(TimeBuf,100,"%D %r",LocalTime(&t,GMT_TO_LOCAL));
-#elif defined(TZ_TIME)
-  {
-    strftime(TimeBuf,100,"%D:%T",LocalTime(&t,0));
-    sprintf(TimeBuf+strlen(TimeBuf)," %+03d%02d",
-	    -TimeDiff(t)/(60*60),-(TimeDiff(t)/60)%60);
-  }
-#else
-  strftime(TimeBuf,100,"%D %T",LocalTime(&t,GMT_TO_LOCAL));
-#endif
-  return(TimeBuf);
-}
+/*************************************************************************
+ Reads a list of numbers.
+ *************************************************************************/
 
-/****************************************************************************
-determine whether we are in the specified group
-****************************************************************************/
-BOOL in_group(gid_t group, int current_gid, int ngroups, int *groups)
+char *get_numlist(char *p, uint32 **num, int *count)
 {
-  int i;
-
-  if (group == current_gid) return(True);
+	int val;
 
-  for (i=0;i<ngroups;i++)
-    if (group == groups[i])
-      return(True);
-
-  return(False);
-}
-
-/****************************************************************************
-this is a safer strcpy(), meant to prevent core dumps when nasty things happen
-****************************************************************************/
-char *StrCpy(char *dest,char *src)
-{
-  char *d = dest;
+	if (num == NULL || count == NULL)
+		return NULL;
 
-#if AJT
-  /* I don't want to get lazy with these ... */
-  if (!dest || !src) {
-    DEBUG(0,("ERROR: NULL StrCpy() called!\n"));
-    ajt_panic();
-  }
-#endif
+	(*count) = 0;
+	(*num  ) = NULL;
 
-  if (!dest) return(NULL);
-  if (!src) {
-    *dest = 0;
-    return(dest);
-  }
-  while ((*d++ = *src++)) ;
-  return(dest);
-}
+	while ((p = Atoic(p, &val, ":,")) != NULL && (*p) != ':') {
+		uint32 *tn;
+		
+		tn = Realloc((*num), ((*count)+1) * sizeof(uint32));
+		if (tn == NULL)
+		{
+			SAFE_FREE(*num);
+			return NULL;
+		} else
+			(*num) = tn;
+		(*num)[(*count)] = val;
+		(*count)++;
+		p++;
+	}
 
-/****************************************************************************
-line strncpy but always null terminates. Make sure there is room!
-****************************************************************************/
-char *StrnCpy(char *dest,const char *src,int n)
-{
-  char *d = dest;
-  if (!dest) return(NULL);
-  if (!src) {
-    *dest = 0;
-    return(dest);
-  }
-  while (n-- && (*d++ = *src++)) ;
-  *d = 0;
-  return(dest);
+	return p;
 }
 
-
 /*******************************************************************
-copy an IP address from one buffer to another
+ Check if a file exists - call vfs_file_exist for samba files.
 ********************************************************************/
-void putip(void *dest,void *src)
-{
-  memcpy(dest,src,4);
-}
-
 
-/****************************************************************************
-interpret the weird netbios "name". Return the name type
-****************************************************************************/
-static int name_interpret(char *in,char *out)
+BOOL file_exist(const char *fname,SMB_STRUCT_STAT *sbuf)
 {
-  int ret;
-  int len = (*in++) / 2;
-
-  *out=0;
-
-  if (len > 30 || len<1) return(0);
-
-  while (len--)
-    {
-      if (in[0] < 'A' || in[0] > 'P' || in[1] < 'A' || in[1] > 'P') {
-	*out = 0;
-	return(0);
-      }
-      *out = ((in[0]-'A')<<4) + (in[1]-'A');
-      in += 2;
-      out++;
-    }
-  *out = 0;
-  ret = out[-1];
-
-#ifdef NETBIOS_SCOPE
-  /* Handle any scope names */
-  while(*in) 
-    {
-      *out++ = '.'; /* Scope names are separated by periods */
-      len = *(unsigned char *)in++;
-      StrnCpy(out, in, len);
-      out += len;
-      *out=0;
-      in += len;
-    }
-#endif
-  return(ret);
-}
-
-/****************************************************************************
-mangle a name into netbios format
-****************************************************************************/
-int name_mangle(char *In,char *Out,char name_type)
-{
-  fstring name;
-  char buf[20];
-  char *in = (char *)&buf[0];
-  char *out = (char *)Out;
-  char *p, *label;
-  int i;
-
-  if (In[0] != '*') {
-    StrnCpy(name,In,sizeof(name)-1);
-    sprintf(buf,"%-15.15s%c",name,name_type);
-  } else {
-    buf[0]='*';
-    memset(&buf[1],0,16);
-  }
-
-  *out++ = 32;
-  for (i=0;i<16;i++) {
-    char c = toupper(in[i]);
-    out[i*2] = (c>>4) + 'A';
-    out[i*2+1] = (c & 0xF) + 'A';
-  }
-  out[32]=0;
-  out += 32;
-  
-  label = scope;
-  while (*label)
-    {
-      p = strchr(label, '.');
-      if (p == 0)
-	p = label + strlen(label);
-      *out++ = p - label;
-      memcpy(out, label, p - label);
-      out += p - label;
-      label += p - label + (*p == '.');
-    }
-  *out = 0;
-  return(name_len(Out));
-}
-
-
-/*******************************************************************
-  check if a file exists
-********************************************************************/
-BOOL file_exist(char *fname,struct stat *sbuf)
-{
-  struct stat st;
-  if (!sbuf) sbuf = &st;
+  SMB_STRUCT_STAT st;
+	if (!sbuf)
+		sbuf = &st;
   
   if (sys_stat(fname,sbuf) != 0) 
     return(False);
@@ -996,11 +194,12 @@ BOOL file_exist(char *fname,struct stat *sbuf)
 }
 
 /*******************************************************************
-check a files mod time
+ Check a files mod time.
 ********************************************************************/
-time_t file_modtime(char *fname)
+
+time_t file_modtime(const char *fname)
 {
-  struct stat st;
+  SMB_STRUCT_STAT st;
   
   if (sys_stat(fname,&st) != 0) 
     return(0);
@@ -1009,444 +208,99 @@ time_t file_modtime(char *fname)
 }
 
 /*******************************************************************
-  check if a directory exists
+ Check if a directory exists.
 ********************************************************************/
-BOOL directory_exist(char *dname,struct stat *st)
+
+BOOL directory_exist(char *dname,SMB_STRUCT_STAT *st)
 {
-  struct stat st2;
+  SMB_STRUCT_STAT st2;
+  BOOL ret;
+
   if (!st) st = &st2;
 
   if (sys_stat(dname,st) != 0) 
     return(False);
 
-  return(S_ISDIR(st->st_mode));
+  ret = S_ISDIR(st->st_mode);
+  if(!ret)
+    errno = ENOTDIR;
+  return ret;
 }
 
 /*******************************************************************
 returns the size in bytes of the named file
 ********************************************************************/
-uint32 file_size(char *file_name)
+SMB_OFF_T get_file_size(char *file_name)
 {
-  struct stat buf;
+  SMB_STRUCT_STAT buf;
   buf.st_size = 0;
-  sys_stat(file_name,&buf);
+  if(sys_stat(file_name,&buf) != 0)
+    return (SMB_OFF_T)-1;
   return(buf.st_size);
 }
 
-/****************************************************************************
-check if it's a null mtime
-****************************************************************************/
-static BOOL null_mtime(time_t mtime)
-{
-  if (mtime == 0 || mtime == 0xFFFFFFFF)
-    return(True);
-  return(False);
-}
-
-/*******************************************************************
-  create a 16 bit dos packed date
-********************************************************************/
-static uint16 make_dos_date1(time_t unixdate,struct tm *t)
-{
-  uint16 ret=0;
-  ret = (((unsigned)(t->tm_mon+1)) >> 3) | ((t->tm_year-80) << 1);
-  ret = ((ret&0xFF)<<8) | (t->tm_mday | (((t->tm_mon+1) & 0x7) << 5));
-  return(ret);
-}
-
-/*******************************************************************
-  create a 16 bit dos packed time
-********************************************************************/
-static uint16 make_dos_time1(time_t unixdate,struct tm *t)
-{
-  uint16 ret=0;
-  ret = ((((unsigned)t->tm_min >> 3)&0x7) | (((unsigned)t->tm_hour) << 3));
-  ret = ((ret&0xFF)<<8) | ((t->tm_sec/2) | ((t->tm_min & 0x7) << 5));
-  return(ret);
-}
-
-/*******************************************************************
-  create a 32 bit dos packed date/time from some parameters
-  This takes a GMT time and returns a packed localtime structure
-********************************************************************/
-static uint32 make_dos_date(time_t unixdate)
-{
-  struct tm *t;
-  uint32 ret=0;
-
-  t = LocalTime(&unixdate,GMT_TO_LOCAL);
-
-  ret = make_dos_date1(unixdate,t);
-  ret = ((ret&0xFFFF)<<16) | make_dos_time1(unixdate,t);
-
-  return(ret);
-}
-
-/*******************************************************************
-put a dos date into a buffer (time/date format)
-This takes GMT time and puts local time in the buffer
-********************************************************************/
-void put_dos_date(char *buf,int offset,time_t unixdate)
-{
-  uint32 x = make_dos_date(unixdate);
-  SIVAL(buf,offset,x);
-}
-
-/*******************************************************************
-put a dos date into a buffer (date/time format)
-This takes GMT time and puts local time in the buffer
-********************************************************************/
-void put_dos_date2(char *buf,int offset,time_t unixdate)
-{
-  uint32 x = make_dos_date(unixdate);
-  x = ((x&0xFFFF)<<16) | ((x&0xFFFF0000)>>16);
-  SIVAL(buf,offset,x);
-}
-
-/*******************************************************************
-put a dos 32 bit "unix like" date into a buffer. This routine takes
-GMT and converts it to LOCAL time before putting it (most SMBs assume
-localtime for this sort of date)
-********************************************************************/
-void put_dos_date3(char *buf,int offset,time_t unixdate)
-{
-  if (!null_mtime(unixdate))
-    unixdate += GMT_TO_LOCAL*TimeDiff(unixdate);
-  SIVAL(buf,offset,unixdate);
-}
-
-/*******************************************************************
-  interpret a 32 bit dos packed date/time to some parameters
-********************************************************************/
-static void interpret_dos_date(uint32 date,int *year,int *month,int *day,int *hour,int *minute,int *second)
-{
-  uint32 p0,p1,p2,p3;
-
-  p0=date&0xFF; p1=((date&0xFF00)>>8)&0xFF; 
-  p2=((date&0xFF0000)>>16)&0xFF; p3=((date&0xFF000000)>>24)&0xFF;
-
-  *second = 2*(p0 & 0x1F);
-  *minute = ((p0>>5)&0xFF) + ((p1&0x7)<<3);
-  *hour = (p1>>3)&0xFF;
-  *day = (p2&0x1F);
-  *month = ((p2>>5)&0xFF) + ((p3&0x1)<<3) - 1;
-  *year = ((p3>>1)&0xFF) + 80;
-}
-
-/*******************************************************************
-  create a unix date (int GMT) from a dos date (which is actually in
-  localtime)
-********************************************************************/
-time_t make_unix_date(void *date_ptr)
-{
-  uint32 dos_date=0;
-  struct tm t;
-  time_t ret;
-
-  dos_date = IVAL(date_ptr,0);
-
-  if (dos_date == 0) return(0);
-  
-  interpret_dos_date(dos_date,&t.tm_year,&t.tm_mon,
-		     &t.tm_mday,&t.tm_hour,&t.tm_min,&t.tm_sec);
-  t.tm_wday = 1;
-  t.tm_yday = 1;
-  t.tm_isdst = -1;
-  
-  /* mktime() also does the local to GMT time conversion for us. XXXXX
-     Do all unixes do this the same?? */
-  ret = mktime(&t);
-
-  return(ret);
-}
-
-/*******************************************************************
-like make_unix_date() but the words are reversed
-********************************************************************/
-time_t make_unix_date2(void *date_ptr)
-{
-  uint32 x,x2;
-
-  x = IVAL(date_ptr,0);
-  x2 = ((x&0xFFFF)<<16) | ((x&0xFFFF0000)>>16);
-  SIVAL(&x,0,x2);
-
-  return(make_unix_date((void *)&x));
-}
-
-/*******************************************************************
-  create a unix GMT date from a dos date in 32 bit "unix like" format
-these generally arrive as localtimes, with corresponding DST
-********************************************************************/
-time_t make_unix_date3(void *date_ptr)
-{
-  time_t t = IVAL(date_ptr,0);
-  if (!null_mtime(t))
-    t += LOCAL_TO_GMT*TimeDiff(t);
-  return(t);
-}
-
 /*******************************************************************
 return a string representing an attribute for a file
 ********************************************************************/
-char *attrib_string(int mode)
+char *attrib_string(uint16 mode)
 {
-  static char attrstr[10];
+  static fstring attrstr;
 
   attrstr[0] = 0;
 
-  if (mode & aVOLID) strcat(attrstr,"V");
-  if (mode & aDIR) strcat(attrstr,"D");
-  if (mode & aARCH) strcat(attrstr,"A");
-  if (mode & aHIDDEN) strcat(attrstr,"H");
-  if (mode & aSYSTEM) strcat(attrstr,"S");
-  if (mode & aRONLY) strcat(attrstr,"R");	  
+  if (mode & aVOLID) fstrcat(attrstr,"V");
+  if (mode & aDIR) fstrcat(attrstr,"D");
+  if (mode & aARCH) fstrcat(attrstr,"A");
+  if (mode & aHIDDEN) fstrcat(attrstr,"H");
+  if (mode & aSYSTEM) fstrcat(attrstr,"S");
+  if (mode & aRONLY) fstrcat(attrstr,"R");	  
 
   return(attrstr);
 }
 
-
 /*******************************************************************
-  case insensitive string compararison
-********************************************************************/
-int StrCaseCmp(char *s, char *t)
-{
-  for (; tolower(*s) == tolower(*t); ++s, ++t)
-    if (!*s) return 0;
-
-  return tolower(*s) - tolower(*t);
-}
-
-/*******************************************************************
-  case insensitive string compararison, length limited
-********************************************************************/
-int StrnCaseCmp(char *s, char *t, int n)
-{
-  while (n-- && *s && *t) {
-    if (tolower(*s) != tolower(*t)) return(tolower(*s) - tolower(*t));
-    s++; t++;
-  }
-  if (n) return(tolower(*s) - tolower(*t));
-
-  return(0);
-}
-
-/*******************************************************************
-  compare 2 strings 
-********************************************************************/
-BOOL strequal(char *s1,char *s2)
-{
-  if (s1 == s2) return(True);
-  if (!s1 || !s2) return(False);
-  
-  return(StrCaseCmp(s1,s2)==0);
-}
-
-/*******************************************************************
-  compare 2 strings up to and including the nth char.
-  ******************************************************************/
-BOOL strnequal(char *s1,char *s2,int n)
-{
-  if (s1 == s2) return(True);
-  if (!s1 || !s2 || !n) return(False);
-  
-  return(StrnCaseCmp(s1,s2,n)==0);
-}
-
-/*******************************************************************
-  compare 2 strings (case sensitive)
-********************************************************************/
-BOOL strcsequal(char *s1,char *s2)
-{
-  if (s1 == s2) return(True);
-  if (!s1 || !s2) return(False);
-  
-  return(strcmp(s1,s2)==0);
-}
-
-
-/*******************************************************************
-  convert a string to lower case
-********************************************************************/
-void strlower(char *s)
-{
-  while (*s)
-    {
-#ifdef KANJI
-	if (is_shift_jis (*s)) {
-	    s += 2;
-	} else if (is_kana (*s)) {
-	    s++;
-	} else {
-	    if (isupper(*s))
-		*s = tolower(*s);
-	    s++;
-	}
-#else
-      if (isupper(*s))
-	  *s = tolower(*s);
-      s++;
-#endif /* KANJI */
-    }
-}
-
-/*******************************************************************
-  convert a string to upper case
+  show a smb message structure
 ********************************************************************/
-void strupper(char *s)
+void show_msg(char *buf)
 {
-  while (*s)
-    {
-#ifdef KANJI
-	if (is_shift_jis (*s)) {
-	    s += 2;
-	} else if (is_kana (*s)) {
-	    s++;
-	} else {
-	    if (islower(*s))
-		*s = toupper(*s);
-	    s++;
+	int i;
+	int bcc=0;
+
+	if (DEBUGLEVEL < 5) return;
+
+	DEBUG(5,("size=%d\nsmb_com=0x%x\nsmb_rcls=%d\nsmb_reh=%d\nsmb_err=%d\nsmb_flg=%d\nsmb_flg2=%d\n",
+			smb_len(buf),
+			(int)CVAL(buf,smb_com),
+			(int)CVAL(buf,smb_rcls),
+			(int)CVAL(buf,smb_reh),
+			(int)SVAL(buf,smb_err),
+			(int)CVAL(buf,smb_flg),
+			(int)SVAL(buf,smb_flg2)));
+	DEBUG(5,("smb_tid=%d\nsmb_pid=%d\nsmb_uid=%d\nsmb_mid=%d\nsmt_wct=%d\n",
+			(int)SVAL(buf,smb_tid),
+			(int)SVAL(buf,smb_pid),
+			(int)SVAL(buf,smb_uid),
+			(int)SVAL(buf,smb_mid),
+			(int)CVAL(buf,smb_wct)));
+
+	for (i=0;i<(int)CVAL(buf,smb_wct);i++)
+	{
+		DEBUG(5,("smb_vwv[%d]=%d (0x%X)\n",i,
+			SVAL(buf,smb_vwv+2*i),SVAL(buf,smb_vwv+2*i)));
 	}
-#else
-      if (islower(*s))
-	*s = toupper(*s);
-      s++;
-#endif
-    }
-}
 
-/*******************************************************************
-  convert a string to "normal" form
-********************************************************************/
-void strnorm(char *s)
-{
-  if (case_default == CASE_UPPER)
-    strupper(s);
-  else
-    strlower(s);
-}
+	bcc = (int)SVAL(buf,smb_vwv+2*(CVAL(buf,smb_wct)));
 
-/*******************************************************************
-check if a string is in "normal" case
-********************************************************************/
-BOOL strisnormal(char *s)
-{
-  if (case_default == CASE_UPPER)
-    return(!strhaslower(s));
-
-  return(!strhasupper(s));
-}
+	DEBUG(5,("smb_bcc=%d\n",bcc));
 
+	if (DEBUGLEVEL < 10) return;
 
-/****************************************************************************
-  string replace
-****************************************************************************/
-void string_replace(char *s,char oldc,char newc)
-{
-  while (*s)
-    {
-#ifdef KANJI
-	if (is_shift_jis (*s)) {
-	    s += 2;
-	} else if (is_kana (*s)) {
-	    s++;
-	} else {
-	    if (oldc == *s)
-		*s = newc;
-	    s++;
+	if (DEBUGLEVEL < 50)
+	{
+		bcc = MIN(bcc, 512);
 	}
-#else
-      if (oldc == *s)
-	*s = newc;
-      s++;
-#endif /* KANJI */
-    }
-}
 
-/****************************************************************************
-  make a file into unix format
-****************************************************************************/
-void unix_format(char *fname)
-{
-  pstring namecopy;
-  string_replace(fname,'\\','/');
-#ifndef KANJI
-  dos2unix_format(fname, True);
-#endif /* KANJI */
-
-  if (*fname == '/')
-    {
-      strcpy(namecopy,fname);
-      strcpy(fname,".");
-      strcat(fname,namecopy);
-    }  
-}
-
-/****************************************************************************
-  make a file into dos format
-****************************************************************************/
-void dos_format(char *fname)
-{
-#ifndef KANJI
-  unix2dos_format(fname, True);
-#endif /* KANJI */
-  string_replace(fname,'/','\\');
-}
-
-
-/*******************************************************************
-  show a smb message structure
-********************************************************************/
-void show_msg(char *buf)
-{
-  int i;
-  int bcc=0;
-  if (DEBUGLEVEL < 5)
-    return;
-
-  DEBUG(5,("size=%d\nsmb_com=0x%x\nsmb_rcls=%d\nsmb_reh=%d\nsmb_err=%d\nsmb_flg=%d\nsmb_flg2=%d\n",
-	  smb_len(buf),
-	  (int)CVAL(buf,smb_com),
-	  (int)CVAL(buf,smb_rcls),
-	  (int)CVAL(buf,smb_reh),
-	  (int)SVAL(buf,smb_err),
-	  (int)CVAL(buf,smb_flg),
-	  (int)SVAL(buf,smb_flg2)));
-  DEBUG(5,("smb_tid=%d\nsmb_pid=%d\nsmb_uid=%d\nsmb_mid=%d\nsmt_wct=%d\n",
-	  (int)SVAL(buf,smb_tid),
-	  (int)SVAL(buf,smb_pid),
-	  (int)SVAL(buf,smb_uid),
-	  (int)SVAL(buf,smb_mid),
-	  (int)CVAL(buf,smb_wct)));
-  for (i=0;i<(int)CVAL(buf,smb_wct);i++)
-    DEBUG(5,("smb_vwv[%d]=%d (0x%X)\n",i,
-	  SVAL(buf,smb_vwv+2*i),SVAL(buf,smb_vwv+2*i)));
-  bcc = (int)SVAL(buf,smb_vwv+2*(CVAL(buf,smb_wct)));
-  DEBUG(5,("smb_bcc=%d\n",bcc));
-  if (DEBUGLEVEL < 10)
-    return;
-  for (i=0;i<MIN(bcc,128);i++)
-    DEBUG(10,("%X ",CVAL(smb_buf(buf),i)));
-  DEBUG(10,("\n"));  
-}
-
-/*******************************************************************
-  return the length of an smb packet
-********************************************************************/
-int smb_len(char *buf)
-{
-  return( PVAL(buf,3) | (PVAL(buf,2)<<8) | ((PVAL(buf,1)&1)<<16) );
-}
-
-/*******************************************************************
-  set the length of an smb packet
-********************************************************************/
-void _smb_setlen(char *buf,int len)
-{
-  buf[0] = 0;
-  buf[1] = (len&0x10000)>>16;
-  buf[2] = (len&0xFF00)>>8;
-  buf[3] = len&0xFF;
+	dump_data(10, smb_buf(buf), bcc);
 }
 
 /*******************************************************************
@@ -1456,10 +310,10 @@ void smb_setlen(char *buf,int len)
 {
   _smb_setlen(buf,len);
 
-  CVAL(buf,4) = 0xFF;
-  CVAL(buf,5) = 'S';
-  CVAL(buf,6) = 'M';
-  CVAL(buf,7) = 'B';
+  SCVAL(buf,4,0xFF);
+  SCVAL(buf,5,'S');
+  SCVAL(buf,6,'M');
+  SCVAL(buf,7,'B');
 }
 
 /*******************************************************************
@@ -1467,93 +321,35 @@ void smb_setlen(char *buf,int len)
 ********************************************************************/
 int set_message(char *buf,int num_words,int num_bytes,BOOL zero)
 {
-  if (zero)
-    bzero(buf + smb_size,num_words*2 + num_bytes);
-  CVAL(buf,smb_wct) = num_words;
-  SSVAL(buf,smb_vwv + num_words*SIZEOFWORD,num_bytes);  
-  smb_setlen(buf,smb_size + num_words*2 + num_bytes - 4);
-  return (smb_size + num_words*2 + num_bytes);
+	if (zero)
+		memset(buf + smb_size,'\0',num_words*2 + num_bytes);
+	SCVAL(buf,smb_wct,num_words);
+	SSVAL(buf,smb_vwv + num_words*SIZEOFWORD,num_bytes);  
+	smb_setlen(buf,smb_size + num_words*2 + num_bytes - 4);
+	return (smb_size + num_words*2 + num_bytes);
 }
 
 /*******************************************************************
-return the number of smb words
+  setup only the byte count for a smb message
 ********************************************************************/
-int smb_numwords(char *buf)
+int set_message_bcc(char *buf,int num_bytes)
 {
-  return (CVAL(buf,smb_wct));
+	int num_words = CVAL(buf,smb_wct);
+	SSVAL(buf,smb_vwv + num_words*SIZEOFWORD,num_bytes);  
+	smb_setlen(buf,smb_size + num_words*2 + num_bytes - 4);
+	return (smb_size + num_words*2 + num_bytes);
 }
 
 /*******************************************************************
-return the size of the smb_buf region of a message
+  setup only the byte count for a smb message, using the end of the
+  message as a marker
 ********************************************************************/
-int smb_buflen(char *buf)
+int set_message_end(void *outbuf,void *end_ptr)
 {
-  return(SVAL(buf,smb_vwv0 + smb_numwords(buf)*2));
+	return set_message_bcc((char *)outbuf,PTR_DIFF(end_ptr,smb_buf((char *)outbuf)));
 }
 
 /*******************************************************************
-  return a pointer to the smb_buf data area
-********************************************************************/
-int smb_buf_ofs(char *buf)
-{
-  return (smb_size + CVAL(buf,smb_wct)*2);
-}
-
-/*******************************************************************
-  return a pointer to the smb_buf data area
-********************************************************************/
-char *smb_buf(char *buf)
-{
-  return (buf + smb_buf_ofs(buf));
-}
-
-/*******************************************************************
-return the SMB offset into an SMB buffer
-********************************************************************/
-int smb_offset(char *p,char *buf)
-{
-  return(PTR_DIFF(p,buf+4));
-}
-
-
-/*******************************************************************
-skip past some strings in a buffer
-********************************************************************/
-char *skip_string(char *buf,int n)
-{
-  while (n--)
-    buf += strlen(buf) + 1;
-  return(buf);
-}
-
-/*******************************************************************
-trim the specified elements off the front and back of a string
-********************************************************************/
-BOOL trim_string(char *s,char *front,char *back)
-{
-  BOOL ret = False;
-  while (front && *front && strncmp(s,front,strlen(front)) == 0)
-    {
-      char *p = s;
-      ret = True;
-      while (1)
-	{
-	  if (!(*p = p[strlen(front)]))
-	    break;
-	  p++;
-	}
-    }
-  while (back && *back && strlen(s) >= strlen(back) && 
-	 (strncmp(s+strlen(s)-strlen(back),back,strlen(back))==0))  
-    {
-      ret = True;
-      s[strlen(s)-strlen(back)] = 0;
-    }
-  return(ret);
-}
-
-
-/*******************************************************************
 reduce a file name, removing .. elements.
 ********************************************************************/
 void dos_clean_name(char *s)
@@ -1563,25 +359,25 @@ void dos_clean_name(char *s)
   DEBUG(3,("dos_clean_name [%s]\n",s));
 
   /* remove any double slashes */
-  string_sub(s, "\\\\", "\\");
+  all_string_sub(s, "\\\\", "\\", 0);
 
   while ((p = strstr(s,"\\..\\")) != NULL)
     {
       pstring s1;
 
       *p = 0;
-      strcpy(s1,p+3);
+      pstrcpy(s1,p+3);
 
-      if ((p=strrchr(s,'\\')) != NULL)
+      if ((p=strrchr_m(s,'\\')) != NULL)
 	*p = 0;
       else
 	*s = 0;
-      strcat(s,s1);
+      pstrcat(s,s1);
     }  
 
   trim_string(s,NULL,"\\..");
 
-  string_sub(s, "\\.\\", "\\");
+  all_string_sub(s, "\\.\\", "\\", 0);
 }
 
 /*******************************************************************
@@ -1594,474 +390,119 @@ void unix_clean_name(char *s)
   DEBUG(3,("unix_clean_name [%s]\n",s));
 
   /* remove any double slashes */
-  string_sub(s, "//","/");
+  all_string_sub(s, "//","/", 0);
+
+  /* Remove leading ./ characters */
+  if(strncmp(s, "./", 2) == 0) {
+    trim_string(s, "./", NULL);
+    if(*s == 0)
+      pstrcpy(s,"./");
+  }
 
   while ((p = strstr(s,"/../")) != NULL)
     {
       pstring s1;
 
       *p = 0;
-      strcpy(s1,p+3);
+      pstrcpy(s1,p+3);
 
-      if ((p=strrchr(s,'/')) != NULL)
+      if ((p=strrchr_m(s,'/')) != NULL)
 	*p = 0;
       else
 	*s = 0;
-      strcat(s,s1);
+      pstrcat(s,s1);
     }  
 
   trim_string(s,NULL,"/..");
 }
 
-
 /*******************************************************************
-a wrapper for the normal chdir() function
+convert '\' to '/'
+reduce a file name, removing or reducing /../ , /./ , // elements.
+remove also any trailing . and /
+return a new allocated string.
 ********************************************************************/
-int ChDir(char *path)
-{
-  int res;
-  static pstring LastDir="";
-
-  if (strcsequal(path,".")) return(0);
-
-  if (*path == '/' && strcsequal(LastDir,path)) return(0);
-  DEBUG(3,("chdir to %s\n",path));
-  res = sys_chdir(path);
-  if (!res)
-    strcpy(LastDir,path);
-  return(res);
-}
-
-
-/*******************************************************************
-  return the absolute current directory path. A dumb version.
-********************************************************************/
-static char *Dumb_GetWd(char *s)
-{
-#ifdef USE_GETCWD
-    return ((char *)getcwd(s,sizeof(pstring)));
-#else
-    return ((char *)getwd(s));
-#endif
-}
-
-
-/* number of list structures for a caching GetWd function. */
-#define MAX_GETWDCACHE (50)
-
-struct
-{
-  ino_t inode;
-  dev_t dev;
-  char *text;
-  BOOL valid;
-} ino_list[MAX_GETWDCACHE];
-
-BOOL use_getwd_cache=True;
-
-/*******************************************************************
-  return the absolute current directory path
-********************************************************************/
-char *GetWd(char *str)
-{
-  pstring s;
-  static BOOL getwd_cache_init = False;
-  struct stat st, st2;
-  int i;
-
-  *s = 0;
-
-  if (!use_getwd_cache)
-    return(Dumb_GetWd(str));
-
-  /* init the cache */
-  if (!getwd_cache_init)
-    {
-      getwd_cache_init = True;
-      for (i=0;i<MAX_GETWDCACHE;i++)
-	{
-	  string_init(&ino_list[i].text,"");
-	  ino_list[i].valid = False;
+smb_ucs2_t *unix_clean_path(const smb_ucs2_t *s)
+{
+	smb_ucs2_t *ns;
+	smb_ucs2_t *p, *r, *t;
+
+	DEBUG(3, ("unix_clean_path\n")); /*  [%unicode]\n")); */
+	if(!s) return NULL;
+
+	/* convert '\' to '/' */
+	ns = strdup_w(s);
+	if (!ns) return NULL;
+	unix_format_w(ns);
+
+	/* remove all double slashes */
+	p = ns;
+	ns = all_string_sub_wa(p, "//", "/");
+	SAFE_FREE(p);
+	if (!ns) return NULL;
+
+	/* remove any /./ */
+	p = ns;
+	ns = all_string_sub_wa(p, "/./", "/");
+	SAFE_FREE(p);
+	if (!ns) return NULL;
+
+	/* reduce any /../ */
+	t = ns;
+	while (*t && (r = strstr_wa(t, "/.."))) {
+		t = &(r[3]);
+		if (*t == UCS2_CHAR('/') || *t == 0) {
+			*r = 0;
+			p = strrchr_w(ns, UCS2_CHAR('/'));
+			if (!p) p = ns;
+			if (*t == 0) *p = 0;
+			else memmove(p, t, (strlen_w(t) + 1) * sizeof(smb_ucs2_t));
+			t = p;
+		}
 	}
-    }
-
-  /*  Get the inode of the current directory, if this doesn't work we're
-      in trouble :-) */
-
-  if (stat(".",&st) == -1) 
-    {
-      DEBUG(0,("Very strange, couldn't stat \".\"\n"));
-      return(Dumb_GetWd(str));
-    }
-
-
-  for (i=0; i<MAX_GETWDCACHE; i++)
-    if (ino_list[i].valid)
-      {
-
-	/*  If we have found an entry with a matching inode and dev number
-	    then find the inode number for the directory in the cached string.
-	    If this agrees with that returned by the stat for the current
-	    directory then all is o.k. (but make sure it is a directory all
-	    the same...) */
-      
-	if (st.st_ino == ino_list[i].inode &&
-	    st.st_dev == ino_list[i].dev)
-	  {
-	    if (stat(ino_list[i].text,&st2) == 0)
-	      {
-		if (st.st_ino == st2.st_ino &&
-		    st.st_dev == st2.st_dev &&
-		    (st2.st_mode & S_IFMT) == S_IFDIR)
-		  {
-		    strcpy (str, ino_list[i].text);
-
-		    /* promote it for future use */
-		    array_promote((char *)&ino_list[0],sizeof(ino_list[0]),i);
-		    return (str);
-		  }
-		else
-		  {
-		    /*  If the inode is different then something's changed, 
-			scrub the entry and start from scratch. */
-		    ino_list[i].valid = False;
-		  }
-	      }
-	  }
-      }
 
+	/* remove any leading ./ trailing /. */
+	trim_string_wa(ns, "./", "/.");
 
-  /*  We don't have the information to hand so rely on traditional methods.
-      The very slow getcwd, which spawns a process on some systems, or the
-      not quite so bad getwd. */
-
-  if (!Dumb_GetWd(s))
-    {
-      DEBUG(0,("Getwd failed, errno %d\n",errno));
-      return (NULL);
-    }
+	/* remove any leading and trailing / */
+	trim_string_wa(ns, "/", "/");
 
-  strcpy(str,s);
-
-  DEBUG(5,("GetWd %s, inode %d, dev %x\n",s,(int)st.st_ino,(int)st.st_dev));
-
-  /* add it to the cache */
-  i = MAX_GETWDCACHE - 1;
-  string_set(&ino_list[i].text,s);
-  ino_list[i].dev = st.st_dev;
-  ino_list[i].inode = st.st_ino;
-  ino_list[i].valid = True;
-
-  /* put it at the top of the list */
-  array_promote((char *)&ino_list[0],sizeof(ino_list[0]),i);
-
-  return (str);
+	return ns;
 }
 
-
-
-/*******************************************************************
-reduce a file name, removing .. elements and checking that 
-it is below dir in the heirachy. This uses GetWd() and so must be run
-on the system that has the referenced file system.
-
-widelinks are allowed if widelinks is true
-********************************************************************/
-BOOL reduce_name(char *s,char *dir,BOOL widelinks)
-{
-#ifndef REDUCE_PATHS
-  return True;
-#else
-  pstring dir2;
-  pstring wd;
-  pstring basename;
-  pstring newname;
-  char *p=NULL;
-  BOOL relative = (*s != '/');
-
-  *dir2 = *wd = *basename = *newname = 0;
-
-  if (widelinks)
-    {
-      unix_clean_name(s);
-      /* can't have a leading .. */
-      if (strncmp(s,"..",2) == 0 && (s[2]==0 || s[2]=='/'))
-	{
-	  DEBUG(3,("Illegal file name? (%s)\n",s));
-	  return(False);
-	}
-      return(True);
-    }
-  
-  DEBUG(3,("reduce_name [%s] [%s]\n",s,dir));
-
-  /* remove any double slashes */
-  string_sub(s,"//","/");
-
-  strcpy(basename,s);
-  p = strrchr(basename,'/');
-
-  if (!p)
-    return(True);
-
-  if (!GetWd(wd))
-    {
-      DEBUG(0,("couldn't getwd for %s %s\n",s,dir));
-      return(False);
-    }
-
-  if (ChDir(dir) != 0)
-    {
-      DEBUG(0,("couldn't chdir to %s\n",dir));
-      return(False);
-    }
-
-  if (!GetWd(dir2))
-    {
-      DEBUG(0,("couldn't getwd for %s\n",dir));
-      ChDir(wd);
-      return(False);
-    }
-
-
-    if (p && (p != basename))
-      {
-	*p = 0;
-	if (strcmp(p+1,".")==0)
-	  p[1]=0;
-	if (strcmp(p+1,"..")==0)
-	  *p = '/';
-      }
-
-  if (ChDir(basename) != 0)
-    {
-      ChDir(wd);
-      DEBUG(3,("couldn't chdir for %s %s basename=%s\n",s,dir,basename));
-      return(False);
-    }
-
-  if (!GetWd(newname))
-    {
-      ChDir(wd);
-      DEBUG(2,("couldn't get wd for %s %s\n",s,dir2));
-      return(False);
-    }
-
-  if (p && (p != basename))
-    {
-      strcat(newname,"/");
-      strcat(newname,p+1);
-    }
-
-  {
-    int l = strlen(dir2);    
-    if (dir2[l-1] == '/')
-      l--;
-
-    if (strncmp(newname,dir2,l) != 0)
-      {
-	ChDir(wd);
-	DEBUG(2,("Bad access attempt? s=%s dir=%s newname=%s l=%d\n",s,dir2,newname,l));
-	return(False);
-      }
-
-    if (relative)
-      {
-	if (newname[l] == '/')
-	  strcpy(s,newname + l + 1);
-	else
-	  strcpy(s,newname+l);
-      }
-    else
-      strcpy(s,newname);
-  }
-
-  ChDir(wd);
-
-  if (strlen(s) == 0)
-    strcpy(s,"./");
-
-  DEBUG(3,("reduced to %s\n",s));
-  return(True);
-#endif
-}
-
-/****************************************************************************
-expand some *s 
-****************************************************************************/
-static void expand_one(char *Mask,int len)
-{
-  char *p1;
-  while ((p1 = strchr(Mask,'*')) != NULL)
-    {
-      int lfill = (len+1) - strlen(Mask);
-      int l1= (p1 - Mask);
-      pstring tmp;
-      strcpy(tmp,Mask);  
-      memset(tmp+l1,'?',lfill);
-      strcpy(tmp + l1 + lfill,Mask + l1 + 1);	
-      strcpy(Mask,tmp);      
-    }
-}
-
-/****************************************************************************
-expand a wildcard expression, replacing *s with ?s
-****************************************************************************/
-void expand_mask(char *Mask,BOOL doext)
-{
-  pstring mbeg,mext;
-  pstring dirpart;
-  pstring filepart;
-  BOOL hasdot = False;
-  char *p1;
-  BOOL absolute = (*Mask == '\\');
-
-  *mbeg = *mext = *dirpart = *filepart = 0;
-
-  /* parse the directory and filename */
-  if (strchr(Mask,'\\'))
-    dirname_dos(Mask,dirpart);
-
-  filename_dos(Mask,filepart);
-
-  strcpy(mbeg,filepart);
-  if ((p1 = strchr(mbeg,'.')) != NULL)
-    {
-      hasdot = True;
-      *p1 = 0;
-      p1++;
-      strcpy(mext,p1);
-    }
-  else
-    {
-      strcpy(mext,"");
-      if (strlen(mbeg) > 8)
-	{
-	  strcpy(mext,mbeg + 8);
-	  mbeg[8] = 0;
-	}
-    }
-
-  if (*mbeg == 0)
-    strcpy(mbeg,"????????");
-  if ((*mext == 0) && doext && !hasdot)
-    strcpy(mext,"???");
-
-  if (strequal(mbeg,"*") && *mext==0) 
-    strcpy(mext,"*");
-
-  /* expand *'s */
-  expand_one(mbeg,8);
-  if (*mext)
-    expand_one(mext,3);
-
-  strcpy(Mask,dirpart);
-  if (*dirpart || absolute) strcat(Mask,"\\");
-  strcat(Mask,mbeg);
-  strcat(Mask,".");
-  strcat(Mask,mext);
-
-  DEBUG(6,("Mask expanded to [%s]\n",Mask));
-}  
-
-
-/****************************************************************************
-does a string have any uppercase chars in it?
-****************************************************************************/
-BOOL strhasupper(char *s)
-{
-  while (*s) 
-    {
-#ifdef KANJI
-	if (is_shift_jis (*s)) {
-	    s += 2;
-	} else if (is_kana (*s)) {
-	    s++;
-	} else {
-	    if (isupper(*s)) return(True);
-	    s++;
-	}
-#else 
-      if (isupper(*s)) return(True);
-      s++;
-#endif /* KANJI */
-    }
-  return(False);
-}
-
-/****************************************************************************
-does a string have any lowercase chars in it?
-****************************************************************************/
-BOOL strhaslower(char *s)
-{
-  while (*s) 
-    {
-#ifdef KANJI
-	if (is_shift_jis (*s)) {
-	    s += 2;
-	} else if (is_kana (*s)) {
-	    s++;
-	} else {
-	    if (islower(*s)) return(True);
-	    s++;
-	}
-#else 
-      if (islower(*s)) return(True);
-      s++;
-#endif /* KANJI */
-    }
-  return(False);
-}
-
-/****************************************************************************
-find the number of chars in a string
-****************************************************************************/
-int count_chars(char *s,char c)
-{
-  int count=0;
-  while (*s) 
-    {
-      if (*s == c)
-	count++;
-      s++;
-    }
-  return(count);
-}
-
-
 /****************************************************************************
   make a dir struct
 ****************************************************************************/
-void make_dir_struct(char *buf,char *mask,char *fname,unsigned int size,int mode,time_t date)
+void make_dir_struct(char *buf,char *mask,char *fname,SMB_OFF_T size,int mode,time_t date)
 {  
   char *p;
   pstring mask2;
 
-  strcpy(mask2,mask);
+  pstrcpy(mask2,mask);
 
   if ((mode & aDIR) != 0)
     size = 0;
 
   memset(buf+1,' ',11);
-  if ((p = strchr(mask2,'.')) != NULL)
+  if ((p = strchr_m(mask2,'.')) != NULL)
     {
       *p = 0;
-      memcpy(buf+1,mask2,MIN(strlen(mask2),8));
-      memcpy(buf+9,p+1,MIN(strlen(p+1),3));
+      push_ascii(buf+1,mask2,8, 0);
+      push_ascii(buf+9,p+1,3, 0);
       *p = '.';
     }
   else
-    memcpy(buf+1,mask2,MIN(strlen(mask2),11));
+      push_ascii(buf+1,mask2,11, 0);
 
-  bzero(buf+21,DIR_STRUCT_SIZE-21);
-  CVAL(buf,21) = mode;
+  memset(buf+21,'\0',DIR_STRUCT_SIZE-21);
+  SCVAL(buf,21,mode);
   put_dos_date(buf,22,date);
   SSVAL(buf,26,size & 0xFFFF);
-  SSVAL(buf,28,size >> 16);
-  StrnCpy(buf+30,fname,12);
+  SSVAL(buf,28,(size >> 16)&0xFFFF);
+  push_ascii(buf+30,fname,12, 0);
   if (!case_sensitive)
     strupper(buf+30);
-  DEBUG(8,("put name [%s] into dir struct\n",buf+30));
+  DEBUG(8,("put name [%s] from [%s] into dir struct\n",buf+30, fname));
 }
 
 
@@ -2072,12 +513,15 @@ void close_low_fds(void)
 {
   int fd;
   int i;
-  close(0); close(1); close(2);
+  close(0); close(1); 
+#ifndef __INSURE__
+  close(2);
+#endif
   /* try and use up these file descriptors, so silly
      library routines writing to stdout etc won't cause havoc */
   for (i=0;i<3;i++) {
-    fd = open("/dev/null",O_RDWR,0);
-    if (fd < 0) fd = open("/dev/null",O_WRONLY,0);
+    fd = sys_open("/dev/null",O_RDWR,0);
+    if (fd < 0) fd = sys_open("/dev/null",O_WRONLY,0);
     if (fd < 0) {
       DEBUG(0,("Can't open /dev/null\n"));
       return;
@@ -2089,48 +533,6 @@ void close_low_fds(void)
   }
 }
 
-
-/****************************************************************************
-write to a socket
-****************************************************************************/
-int write_socket(int fd,char *buf,int len)
-{
-  int ret=0;
-
-  if (passive)
-    return(len);
-  DEBUG(6,("write_socket(%d,%d)\n",fd,len));
-  ret = write_data(fd,buf,len);
-      
-  DEBUG(6,("write_socket(%d,%d) wrote %d\n",fd,len,ret));
-  return(ret);
-}
-
-/****************************************************************************
-read from a socket
-****************************************************************************/
-int read_udp_socket(int fd,char *buf,int len)
-{
-  int ret;
-  struct sockaddr sock;
-  int socklen;
-  
-  socklen = sizeof(sock);
-  bzero((char *)&sock,socklen);
-  bzero((char *)&lastip,sizeof(lastip));
-  ret = recvfrom(fd,buf,len,0,&sock,&socklen);
-  if (ret <= 0)
-    {
-      DEBUG(2,("read socket failed. ERRNO=%d\n",errno));
-      return(0);
-    }
-
-  lastip = *(struct in_addr *) &sock.sa_data[2];
-  lastport = ntohs(((struct sockaddr_in *)&sock)->sin_port);
-
-  return(ret);
-}
-
 /****************************************************************************
 Set a fd into blocking/nonblocking mode. Uses POSIX O_NONBLOCK if available,
 else
@@ -2139,7 +541,7 @@ if BSD use FNDELAY
 ****************************************************************************/
 int set_blocking(int fd, BOOL set)
 {
-int val;
+  int val;
 #ifdef O_NONBLOCK
 #define FLAG_TO_SET O_NONBLOCK
 #else
@@ -2150,7 +552,7 @@ int val;
 #endif
 #endif
 
-  if((val = fcntl(fd, F_GETFL, 0))==-1)
+  if((val = fcntl(fd, F_GETFL, 0)) == -1)
 	return -1;
   if(set) /* Turn blocking on - ie. clear nonblock flag */
 	val &= ~FLAG_TO_SET;
@@ -2160,2351 +562,1656 @@ int val;
 #undef FLAG_TO_SET
 }
 
-
 /****************************************************************************
-Calculate the difference in timeout values. Return 1 if val1 > val2,
-0 if val1 == val2, -1 if val1 < val2. Stores result in retval. retval
-may be == val1 or val2
+ Transfer some data between two fd's.
 ****************************************************************************/
-static int tval_sub( struct timeval *retval, struct timeval *val1, struct timeval *val2)
-{
-  int usecdiff = val1->tv_usec - val2->tv_usec;
-  int secdiff = val1->tv_sec - val2->tv_sec;
-  if(usecdiff < 0) {
-    usecdiff = 1000000 + usecdiff;
-    secdiff--;
-  }
-  retval->tv_sec = secdiff;
-  retval->tv_usec = usecdiff;
-  if(secdiff < 0)
-    return -1;
-  if(secdiff > 0)
-    return 1;
-  return (usecdiff < 0 ) ? -1 : ((usecdiff > 0 ) ? 1 : 0);
-}
 
-/****************************************************************************
-read data from a device with a timout in msec.
-mincount = if timeout, minimum to read before returning
-maxcount = number to be read.
-****************************************************************************/
-int read_with_timeout(int fd,char *buf,int mincnt,int maxcnt,long time_out,BOOL exact)
-{
-  fd_set fds;
-  int selrtn;
-  int readret;
-  int nread = 0;
-  struct timeval timeout, tval1, tval2, tvaldiff;
-  int error_limit = 5;
+#ifndef TRANSFER_BUF_SIZE
+#define TRANSFER_BUF_SIZE 65536
+#endif
 
-  /* just checking .... */
-  if (maxcnt <= 0) return(0);
+ssize_t transfer_file_internal(int infd, int outfd, size_t n, ssize_t (*read_fn)(int, void *, size_t),
+						ssize_t (*write_fn)(int, const void *, size_t))
+{
+	char *buf;
+	size_t total = 0;
+	ssize_t read_ret;
+	ssize_t write_ret;
+	size_t num_to_read_thistime;
+	size_t num_written = 0;
 
-  if(time_out == -2)
-    time_out = DEFAULT_PIPE_TIMEOUT;
+	if ((buf = malloc(TRANSFER_BUF_SIZE)) == NULL)
+		return -1;
 
-  /* Blocking read */
-  if(time_out < 0) {
-    if (mincnt == 0) mincnt = maxcnt;
+	while (total < n) {
+		num_to_read_thistime = MIN((n - total), TRANSFER_BUF_SIZE);
 
-    while (nread < mincnt)
-      {
-	readret = read(fd, buf + nread, maxcnt - nread);
-	if (readret <= 0) return(nread);
-	nread += readret;
-      }
-    return(nread);
-  }
-  
-  /* Non blocking read */
-  if(time_out == 0) {
-    set_blocking(fd, False);
-    nread = read_data(fd, buf, mincnt);
-    if (nread < maxcnt)
-      nread += read(fd,buf+nread,maxcnt-nread);
-    if(nread == -1 && errno == EWOULDBLOCK)
-      nread = 0;
-    set_blocking(fd,True);
-    return nread;
-  }
+		read_ret = (*read_fn)(infd, buf, num_to_read_thistime);
+		if (read_ret == -1) {
+			DEBUG(0,("transfer_file_internal: read failure. Error = %s\n", strerror(errno) ));
+			SAFE_FREE(buf);
+			return -1;
+		}
+		if (read_ret == 0)
+			break;
 
-  /* Most difficult - timeout read */
-  /* If this is ever called on a disk file and 
-	 mincnt is greater then the filesize then
-	 system performance will suffer severely as 
-	 select always return true on disk files */
-
-  /* Set initial timeout */
-  timeout.tv_sec = time_out / 1000;
-  timeout.tv_usec = 1000 * (time_out % 1000);
-
-  /* As most UNIXes don't modify the value of timeout
-     when they return from select we need to get the timeofday (in usec)
-     now, and also after the select returns so we know
-     how much time has elapsed */
-
-  if (exact)
-    GetTimeOfDay( &tval1);
-  nread = 0; /* Number of bytes we have read */
-
-  for(;;) 
-    {      
-      FD_ZERO(&fds);
-      FD_SET(fd,&fds);
-      
-      selrtn = sys_select(&fds,&timeout);
-      
-      /* Check if error */
-      if(selrtn == -1) {
-	errno = EBADF;
-	return -1;
-      }
-      
-      /* Did we timeout ? */
-      if (selrtn == 0) {
-	if (nread < mincnt) return -1;
-	break; /* Yes */
-      }
-      
-      readret = read(fd, buf+nread, maxcnt-nread);
-      if (readret == 0 && nread < mincnt) {
-	/* error_limit should not really be needed, but some systems
-	   do strange things ...  I don't want to just continue
-	   indefinately in case we get an infinite loop */
-	if (error_limit--) continue;
-	return(-1);
-      }
+		num_written = 0;
+ 
+		while (num_written < read_ret) {
+			write_ret = (*write_fn)(outfd,buf + num_written, read_ret - num_written);
+ 
+			if (write_ret == -1) {
+				DEBUG(0,("transfer_file_internal: write failure. Error = %s\n", strerror(errno) ));
+				SAFE_FREE(buf);
+				return -1;
+			}
+			if (write_ret == 0)
+				return (ssize_t)total;
+ 
+			num_written += (size_t)write_ret;
+		}
 
-      if (readret < 0) {
-	/* force a particular error number for
-	   portability */
-	DEBUG(5,("read gave error %s\n",strerror(errno)));
-	errno = EBADF;
-	return -1;
-      }
-      
-      nread += readret;
-      
-      /* If we have read more than mincnt then return */
-      if (nread >= mincnt)
-	break;
-
-      /* We need to do another select - but first reduce the
-	 time_out by the amount of time already elapsed - if
-	 this is less than zero then return */
-      if (exact) {
-	GetTimeOfDay(&tval2);
-	(void)tval_sub( &tvaldiff, &tval2, &tval1);
-      
-	if (tval_sub(&timeout, &timeout, &tvaldiff) <= 0) 
-	  break; /* We timed out */
-      }
-      
-      /* Save the time of day as we need to do the select 
-	 again (saves a system call) */
-      tval1 = tval2;
-    }
+		total += (size_t)read_ret;
+	}
 
-  /* Return the number we got */
-  return(nread);
+	SAFE_FREE(buf);
+	return (ssize_t)total;		
 }
 
-/****************************************************************************
-read data from the client. Maxtime is in milliseconds
-****************************************************************************/
-int read_max_udp(int fd,char *buffer,int bufsize,int maxtime)
+SMB_OFF_T transfer_file(int infd,int outfd,SMB_OFF_T n)
 {
-  fd_set fds;
-  int selrtn;
-  int nread;
-  struct timeval timeout;
- 
-  FD_ZERO(&fds);
-  FD_SET(fd,&fds);
-
-  timeout.tv_sec = maxtime / 1000;
-  timeout.tv_usec = (maxtime % 1000) * 1000;
-
-  selrtn = sys_select(&fds,maxtime>0?&timeout:NULL);
-
-  if (!FD_ISSET(fd,&fds))
-    return 0;
-
-  nread = read_udp_socket(fd, buffer, bufsize);
-
-  /* return the number got */
-  return(nread);
+	return (SMB_OFF_T)transfer_file_internal(infd, outfd, (size_t)n, read, write);
 }
 
 /*******************************************************************
-find the difference in milliseconds between two struct timeval
-values
+ Sleep for a specified number of milliseconds.
 ********************************************************************/
-int TvalDiff(struct timeval *tvalold,struct timeval *tvalnew)
-{
-  return((tvalnew->tv_sec - tvalold->tv_sec)*1000 + 
-	 ((int)tvalnew->tv_usec - (int)tvalold->tv_usec)/1000);	 
-}
 
-/****************************************************************************
-send a keepalive packet (rfc1002)
-****************************************************************************/
-BOOL send_keepalive(int client)
+void msleep(unsigned int t)
 {
-  unsigned char buf[4];
-
-  buf[0] = 0x85;
-  buf[1] = buf[2] = buf[3] = 0;
+	unsigned int tdiff=0;
+	struct timeval tval,t1,t2;  
+	fd_set fds;
 
-  return(write_data(client,(char *)buf,4) == 4);
+	GetTimeOfDay(&t1);
+	GetTimeOfDay(&t2);
+  
+	while (tdiff < t) {
+		tval.tv_sec = (t-tdiff)/1000;
+		tval.tv_usec = 1000*((t-tdiff)%1000);
+
+		/* Never wait for more than 1 sec. */
+		if (tval.tv_sec > 1) {
+			tval.tv_sec = 1; 
+			tval.tv_usec = 0;
+		}
+
+		FD_ZERO(&fds);
+		errno = 0;
+		sys_select_intr(0,&fds,NULL,NULL,&tval);
+
+		GetTimeOfDay(&t2);
+		if (t2.tv_sec < t1.tv_sec) {
+			/* Someone adjusted time... */
+			t1 = t2;
+		}
+
+		tdiff = TvalDiff(&t1,&t2);
+	}
 }
 
-
-
 /****************************************************************************
-  read data from the client, reading exactly N bytes. 
+ Become a daemon, discarding the controlling terminal.
 ****************************************************************************/
-int read_data(int fd,char *buffer,int N)
+
+void become_daemon(void)
 {
-  int  ret;
-  int total=0;  
- 
-  while (total < N)
-    {
-      ret = read(fd,buffer + total,N - total);
+	if (sys_fork()) {
+		_exit(0);
+	}
 
-      /* this is for portability */
-      if (ret < 0)
-	errno = EBADF;
+  /* detach from the terminal */
+#ifdef HAVE_SETSID
+	setsid();
+#elif defined(TIOCNOTTY)
+	{
+		int i = sys_open("/dev/tty", O_RDWR, 0);
+		if (i != -1) {
+			ioctl(i, (int) TIOCNOTTY, (char *)0);      
+			close(i);
+		}
+	}
+#endif /* HAVE_SETSID */
 
-      if (ret <= 0)
-	return total;
-      total += ret;
-    }
-  return total;
+	/* Close fd's 0,1,2. Needed if started by rsh */
+	close_low_fds();
 }
 
 
 /****************************************************************************
-  write data to a fd 
+put up a yes/no prompt
 ****************************************************************************/
-int write_data(int fd,char *buffer,int N)
+BOOL yesno(char *p)
 {
-  int total=0;
-  int ret;
+  pstring ans;
+  printf("%s",p);
 
-  while (total < N)
-    {
-      ret = write(fd,buffer + total,N - total);
+  if (!fgets(ans,sizeof(ans)-1,stdin))
+    return(False);
 
-      if (ret <= 0)
-	return total;
+  if (*ans == 'y' || *ans == 'Y')
+    return(True);
 
-      total += ret;
-    }
-  return total;
+  return(False);
 }
 
-
-/* variables used by the read prediction module */
-int rp_fd = -1;
-int rp_offset = 0;
-int rp_length = 0;
-int rp_alloced = 0;
-int rp_predict_fd = -1;
-int rp_predict_offset = 0;
-int rp_predict_length = 0;
-int rp_timeout = 5;
-time_t rp_time = 0;
-char *rp_buffer = NULL;
-BOOL predict_skip=False;
-time_t smb_last_time=(time_t)0;
-
 /****************************************************************************
-handle read prediction on a file
+ Expand a pointer to be a particular size.
 ****************************************************************************/
-int read_predict(int fd,int offset,char *buf,char **ptr,int num)
-{
-  int ret = 0;
-  int possible = rp_length - (offset - rp_offset);
-
-  possible = MIN(possible,num);
-
-  /* give data if possible */
-  if (fd == rp_fd && 
-      offset >= rp_offset && 
-      possible>0 &&
-      smb_last_time-rp_time < rp_timeout)
-    {
-      ret = possible;
-      if (buf)
-	memcpy(buf,rp_buffer + (offset-rp_offset),possible);
-      else
-	*ptr = rp_buffer + (offset-rp_offset);
-      DEBUG(5,("read-prediction gave %d bytes of %d\n",ret,num));
-    }
 
-  if (ret == num) {
-    predict_skip = True;
-  } else {
-    predict_skip = False;
+void *Realloc(void *p,size_t size)
+{
+  void *ret=NULL;
 
-    /* prepare the next prediction */
-    rp_predict_fd = fd;
-    rp_predict_offset = offset + num;
-    rp_predict_length = num;
+  if (size == 0) {
+    SAFE_FREE(p);
+    DEBUG(5,("Realloc asked for 0 bytes\n"));
+    return NULL;
   }
 
-  if (ret < 0) ret = 0;
+  if (!p)
+    ret = (void *)malloc(size);
+  else
+    ret = (void *)realloc(p,size);
+
+  if (!ret)
+    DEBUG(0,("Memory allocation error: failed to expand to %d bytes\n",(int)size));
 
   return(ret);
 }
 
 /****************************************************************************
-pre-read some data
+ Free memory, checks for NULL.
+use directly SAFE_FREE()
+exist only because we need to pass a function pointer somewhere --SSS
 ****************************************************************************/
-void do_read_prediction()
+
+void safe_free(void *p)
 {
-  if (predict_skip) return;
+	SAFE_FREE(p);
+}
 
-  if (rp_predict_fd == -1) 
-    return;
+/****************************************************************************
+ Get my own name and IP.
+****************************************************************************/
 
-  rp_fd = rp_predict_fd;
-  rp_offset = rp_predict_offset;
-  rp_length = 0;
+BOOL get_myname(char *my_name)
+{
+	pstring hostname;
 
-  rp_predict_fd = -1;
+	*hostname = 0;
 
-  rp_predict_length = MIN(rp_predict_length,2*ReadSize);
-  rp_predict_length = MAX(rp_predict_length,1024);
-  rp_offset = (rp_offset/1024)*1024;
-  rp_predict_length = (rp_predict_length/1024)*1024;
+	/* get my host name */
+	if (gethostname(hostname, sizeof(hostname)) == -1) {
+		DEBUG(0,("gethostname failed\n"));
+		return False;
+	} 
 
-  if (rp_predict_length > rp_alloced)
-    {
-      rp_buffer = Realloc(rp_buffer,rp_predict_length);
-      rp_alloced = rp_predict_length;
-      if (!rp_buffer)
-	{
-	  DEBUG(0,("can't allocate read-prediction buffer\n"));
-	  rp_predict_fd = -1;
-	  rp_fd = -1;
-	  rp_alloced = 0;
-	  return;
-	}
-    }
+	/* Ensure null termination. */
+	hostname[sizeof(hostname)-1] = '\0';
 
-  if (lseek(rp_fd,rp_offset,SEEK_SET) != rp_offset) {
-    rp_fd = -1;
-    rp_predict_fd = -1;
-    return;
-  }
+	if (my_name) {
+		/* split off any parts after an initial . */
+		char *p = strchr_m(hostname,'.');
 
-  rp_length = read(rp_fd,rp_buffer,rp_predict_length);
-  rp_time = time(NULL);
-  if (rp_length < 0)
-    rp_length = 0;
+		if (p)
+			*p = 0;
+		
+		fstrcpy(my_name,hostname);
+	}
+	
+	return(True);
 }
 
 /****************************************************************************
-invalidate read-prediction on a fd
+ Interpret a protocol description string, with a default.
 ****************************************************************************/
-void invalidate_read_prediction(int fd)
+
+int interpret_protocol(char *str,int def)
 {
- if (rp_fd == fd) 
-   rp_fd = -1;
- if (rp_predict_fd == fd)
-   rp_predict_fd = -1;
+  if (strequal(str,"NT1"))
+    return(PROTOCOL_NT1);
+  if (strequal(str,"LANMAN2"))
+    return(PROTOCOL_LANMAN2);
+  if (strequal(str,"LANMAN1"))
+    return(PROTOCOL_LANMAN1);
+  if (strequal(str,"CORE"))
+    return(PROTOCOL_CORE);
+  if (strequal(str,"COREPLUS"))
+    return(PROTOCOL_COREPLUS);
+  if (strequal(str,"CORE+"))
+    return(PROTOCOL_COREPLUS);
+  
+  DEBUG(0,("Unrecognised protocol level %s\n",str));
+  
+  return(def);
 }
 
-
 /****************************************************************************
-transfer some data between two fd's
+ Return true if a string could be a pure IP address.
 ****************************************************************************/
-int transfer_file(int infd,int outfd,int n,char *header,int headlen,int align)
+
+BOOL is_ipaddress(const char *str)
 {
-  static char *buf=NULL;  
-  char *buf1,*abuf;
-  static int size = 0;
-  int total = 0;
+  BOOL pure_address = True;
+  int i;
+  
+  for (i=0; pure_address && str[i]; i++)
+    if (!(isdigit((int)str[i]) || str[i] == '.'))
+      pure_address = False;
 
-  DEBUG(4,("transfer_file %d  (head=%d) called\n",n,headlen));
+  /* Check that a pure number is not misinterpreted as an IP */
+  pure_address = pure_address && (strchr_m(str, '.') != NULL);
 
-  if ((size < ReadSize) && buf) {
-    free(buf);
-    buf = NULL;
-  }
+  return pure_address;
+}
 
-  size = MAX(ReadSize,1024);
+/****************************************************************************
+interpret an internet address or name into an IP address in 4 byte form
+****************************************************************************/
 
-  while (!buf && size>0) {
-    buf = (char *)Realloc(buf,size+8);
-    if (!buf) size /= 2;
-  }
-  if (!buf) {
-    DEBUG(0,("Can't allocate transfer buffer!\n"));
-    exit(1);
-  }
+uint32 interpret_addr(const char *str)
+{
+  struct hostent *hp;
+  uint32 res;
 
-  abuf = buf + (align%8);
+  if (strcmp(str,"0.0.0.0") == 0) return(0);
+  if (strcmp(str,"255.255.255.255") == 0) return(0xFFFFFFFF);
 
-  if (header)
-    n += headlen;
+  /* if it's in the form of an IP address then get the lib to interpret it */
+  if (is_ipaddress(str)) {
+    res = inet_addr(str);
+  } else {
+    /* otherwise assume it's a network name of some sort and use 
+       sys_gethostbyname */
+    if ((hp = sys_gethostbyname(str)) == 0) {
+      DEBUG(3,("sys_gethostbyname: Unknown host. %s\n",str));
+      return 0;
+    }
+    if(hp->h_addr == NULL) {
+      DEBUG(3,("sys_gethostbyname: host address is invalid for host %s\n",str));
+      return 0;
+    }
+    putip((char *)&res,(char *)hp->h_addr);
+  }
 
-  while (n > 0)
-    {
-      int s = MIN(n,size);
-      int ret,ret2=0;
-
-      ret = 0;
-
-      if (header && (headlen >= MIN(s,1024))) {
-	buf1 = header;
-	s = headlen;
-	ret = headlen;
-	headlen = 0;
-	header = NULL;
-      } else {
-	buf1 = abuf;
-      }
+  if (res == (uint32)-1) return(0);
 
-      if (header && headlen > 0)
-	{
-	  ret = MIN(headlen,size);
-	  memcpy(buf1,header,ret);
-	  headlen -= ret;
-	  header += ret;
-	  if (headlen <= 0) header = NULL;
-	}
+  return(res);
+}
 
-      if (s > ret)
-	ret += read(infd,buf1+ret,s-ret);
+/*******************************************************************
+  a convenient addition to interpret_addr()
+  ******************************************************************/
+struct in_addr *interpret_addr2(const char *str)
+{
+  static struct in_addr ret;
+  uint32 a = interpret_addr(str);
+  ret.s_addr = a;
+  return(&ret);
+}
 
-      if (ret > 0)
-	{
-	  ret2 = (outfd>=0?write_data(outfd,buf1,ret):ret);
-	  if (ret2 > 0) total += ret2;
-	  /* if we can't write then dump excess data */
-	  if (ret2 != ret)
-	    transfer_file(infd,-1,n-(ret+headlen),NULL,0,0);
-	}
-      if (ret <= 0 || ret2 != ret)
-	return(total);
-      n -= ret;
-    }
-  return(total);
+/*******************************************************************
+  check if an IP is the 0.0.0.0
+  ******************************************************************/
+BOOL is_zero_ip(struct in_addr ip)
+{
+  uint32 a;
+  putip((char *)&a,(char *)&ip);
+  return(a == 0);
 }
 
+/* Set an IP to 0.0.0.0 */
 
-/****************************************************************************
-read 4 bytes of a smb packet and return the smb length of the packet
-possibly store the result in the buffer
-****************************************************************************/
-int read_smb_length(int fd,char *inbuf,int timeout)
+void zero_ip(struct in_addr *ip)
 {
-  char *buffer;
-  char buf[4];
-  int len=0, msg_type;
-  BOOL ok=False;
+        static BOOL init;
+        static struct in_addr ipzero;
 
-  if (inbuf)
-    buffer = inbuf;
-  else
-    buffer = buf;
+        if (!init) {
+                ipzero = *interpret_addr2("0.0.0.0");
+                init = True;
+        }
 
-  while (!ok)
-    {
-      if (timeout > 0)
-	ok = (read_with_timeout(fd,buffer,4,4,timeout,False) == 4);
-      else	
-	ok = (read_data(fd,buffer,4) == 4);
+        *ip = ipzero;
+}
 
-      if (!ok)
-	{
-	  if (timeout>0)
-	    {
-	      DEBUG(10,("select timeout (%d)\n", timeout));
-	      return(-1);
-	    }
-	  else
-	    {
-	      DEBUG(6,("couldn't read from client\n"));
-	      exit(1);
-	    }
-	}
+#if (defined(HAVE_NETGROUP) && defined(WITH_AUTOMOUNT))
+/******************************************************************
+ Remove any mount options such as -rsize=2048,wsize=2048 etc.
+ Based on a fix from <Thomas.Hepper@icem.de>.
+*******************************************************************/
 
-      len = smb_len(buffer);
-      msg_type = CVAL(buffer,0);
+static void strip_mount_options( pstring *str)
+{
+  if (**str == '-')
+  { 
+    char *p = *str;
+    while(*p && !isspace(*p))
+      p++;
+    while(*p && isspace(*p))
+      p++;
+    if(*p) {
+      pstring tmp_str;
 
-      if (msg_type == 0x85) 
-	{
-	  DEBUG(5,( "Got keepalive packet\n"));
-	  ok = False;
-	}
+      pstrcpy(tmp_str, p);
+      pstrcpy(*str, tmp_str);
     }
-
-  DEBUG(10,("got smb length of %d\n",len));
-
-  return(len);
+  }
 }
 
+/*******************************************************************
+ Patch from jkf@soton.ac.uk
+ Split Luke's automount_server into YP lookup and string splitter
+ so can easily implement automount_path(). 
+ As we may end up doing both, cache the last YP result. 
+*******************************************************************/
 
-
-/****************************************************************************
-  read an smb from a fd and return it's length
-The timeout is in milli seconds
-****************************************************************************/
-BOOL receive_smb(int fd,char *buffer,int timeout)
+#ifdef WITH_NISPLUS_HOME
+char *automount_lookup(const char *user_name)
 {
-  int len;
-  BOOL ok;
-
-  bzero(buffer,smb_size + 100);
-
-  len = read_smb_length(fd,buffer,timeout);
-  if (len == -1)
-    return(False);
-
-  if (len > BUFFER_SIZE)
+  static fstring last_key = "";
+  static pstring last_value = "";
+ 
+  char *nis_map = (char *)lp_nis_home_map_name();
+ 
+  char buffer[NIS_MAXATTRVAL + 1];
+  nis_result *result;
+  nis_object *object;
+  entry_obj  *entry;
+ 
+  if (strcmp(user_name, last_key))
+  {
+    slprintf(buffer, sizeof(buffer)-1, "[key=%s],%s", user_name, nis_map);
+    DEBUG(5, ("NIS+ querystring: %s\n", buffer));
+ 
+    if (result = nis_list(buffer, FOLLOW_PATH|EXPAND_NAME|HARD_LOOKUP, NULL, NULL))
     {
-      DEBUG(0,("Invalid packet length! (%d bytes)\n",len));
-      if (len > BUFFER_SIZE + (SAFETY_MARGIN/2))
-	exit(1);
+       if (result->status != NIS_SUCCESS)
+      {
+        DEBUG(3, ("NIS+ query failed: %s\n", nis_sperrno(result->status)));
+        fstrcpy(last_key, ""); pstrcpy(last_value, "");
+      }
+      else
+      {
+        object = result->objects.objects_val;
+        if (object->zo_data.zo_type == ENTRY_OBJ)
+        {
+           entry = &object->zo_data.objdata_u.en_data;
+           DEBUG(5, ("NIS+ entry type: %s\n", entry->en_type));
+           DEBUG(3, ("NIS+ result: %s\n", entry->en_cols.en_cols_val[1].ec_value.ec_value_val));
+ 
+           pstrcpy(last_value, entry->en_cols.en_cols_val[1].ec_value.ec_value_val);
+           pstring_sub(last_value, "&", user_name);
+           fstrcpy(last_key, user_name);
+        }
+      }
     }
+    nis_freeresult(result);
+  }
 
-  ok = (read_data(fd,buffer+4,len) == len);
+  strip_mount_options(&last_value);
 
-  if (!ok)
-    {
-      close_sockets();
-      exit(1);
-    }
-
-  return(True);
+  DEBUG(4, ("NIS+ Lookup: %s resulted in %s\n", user_name, last_value));
+  return last_value;
 }
+#else /* WITH_NISPLUS_HOME */
+char *automount_lookup(const char *user_name)
+{
+  static fstring last_key = "";
+  static pstring last_value = "";
 
+  int nis_error;        /* returned by yp all functions */
+  char *nis_result;     /* yp_match inits this */
+  int nis_result_len;  /* and set this */
+  char *nis_domain;     /* yp_get_default_domain inits this */
+  char *nis_map = (char *)lp_nis_home_map_name();
 
-/****************************************************************************
-  send an smb to a fd 
-****************************************************************************/
-BOOL send_smb(int fd,char *buffer)
-{
-  int len;
-  int ret,nwritten=0;
-  len = smb_len(buffer) + 4;
+  if ((nis_error = yp_get_default_domain(&nis_domain)) != 0) {
+    DEBUG(3, ("YP Error: %s\n", yperr_string(nis_error)));
+    return last_value;
+  }
 
-  while (nwritten < len)
-    {
-      ret = write_socket(fd,buffer+nwritten,len - nwritten);
-      if (ret <= 0)
-	{
-	  DEBUG(0,("Error writing %d bytes to client. %d. Exiting\n",len,ret));
-          close_sockets();
-	  exit(1);
-	}
-      nwritten += ret;
+  DEBUG(5, ("NIS Domain: %s\n", nis_domain));
+
+  if (!strcmp(user_name, last_key)) {
+	nis_result = last_value;
+    nis_result_len = strlen(last_value);
+    nis_error = 0;
+
+  } else {
+
+    if ((nis_error = yp_match(nis_domain, nis_map,
+                              user_name, strlen(user_name),
+                              &nis_result, &nis_result_len)) == 0) {
+       if (!nis_error && nis_result_len >= sizeof(pstring)) {
+               nis_result_len = sizeof(pstring)-1;
+       }
+       fstrcpy(last_key, user_name);
+       strncpy(last_value, nis_result, nis_result_len);
+       last_value[nis_result_len] = '\0';
+        strip_mount_options(&last_value);
+
+    } else if(nis_error == YPERR_KEY) {
+
+    /* If Key lookup fails user home server is not in nis_map 
+       use default information for server, and home directory */
+       last_value[0] = 0;
+       DEBUG(3, ("YP Key not found:  while looking up \"%s\" in map \"%s\"\n", 
+                user_name, nis_map));
+       DEBUG(3, ("using defaults for server and home directory\n"));
+    } else {
+       DEBUG(3, ("YP Error: \"%s\" while looking up \"%s\" in map \"%s\"\n", 
+               yperr_string(nis_error), user_name, nis_map));
     }
+  }
 
 
-  return True;
+  DEBUG(4, ("YP Lookup: %s resulted in %s\n", user_name, last_value));
+  return last_value;
 }
+#endif /* WITH_NISPLUS_HOME */
+#endif
 
 
-/****************************************************************************
-find a pointer to a netbios name
-****************************************************************************/
-char *name_ptr(char *buf,int ofs)
+/*******************************************************************
+are two IPs on the same subnet?
+********************************************************************/
+BOOL same_net(struct in_addr ip1,struct in_addr ip2,struct in_addr mask)
 {
-  unsigned char c = *(unsigned char *)(buf+ofs);
+  uint32 net1,net2,nmask;
 
-  if ((c & 0xC0) == 0xC0)
-    {
-      uint16 l;
-      char p[2];
-      memcpy(p,buf+ofs,2);
-      p[0] &= ~0xC0;
-      l = RSVAL(p,0);
-      DEBUG(5,("name ptr to pos %d from %d is %s\n",l,ofs,buf+l));
-      return(buf + l);
-    }
-  else
-    return(buf+ofs);
-}  
+  nmask = ntohl(mask.s_addr);
+  net1  = ntohl(ip1.s_addr);
+  net2  = ntohl(ip2.s_addr);
+            
+  return((net1 & nmask) == (net2 & nmask));
+}
 
-/****************************************************************************
-extract a netbios name from a buf
-****************************************************************************/
-int name_extract(char *buf,int ofs,char *name)
-{
-  char *p = name_ptr(buf,ofs);
-  int d = PTR_DIFF(p,buf+ofs);
-  strcpy(name,"");
-  if (d < -50 || d > 50) return(0);
-  return(name_interpret(p,name));
-}  
-  
 
 /****************************************************************************
-return the total storage length of a mangled name
+check if a process exists. Does this work on all unixes?
 ****************************************************************************/
-int name_len(char *s)
-{
-  char *s0=s;
-  unsigned char c = *(unsigned char *)s;
-  if ((c & 0xC0) == 0xC0)
-    return(2);
-  while (*s) s += (*s)+1;
-  return(PTR_DIFF(s,s0)+1);
-}
 
-/****************************************************************************
-send a single packet to a port on another machine
-****************************************************************************/
-BOOL send_one_packet(char *buf,int len,struct in_addr ip,int port,int type)
+BOOL process_exists(pid_t pid)
 {
-  BOOL ret;
-  int out_fd;
-  struct sockaddr_in sock_out;
+	/* Doing kill with a non-positive pid causes messages to be
+	 * sent to places we don't want. */
+	SMB_ASSERT(pid > 0);
+	return(kill(pid,0) == 0 || errno != ESRCH);
+}
 
-  if (passive)
-    return(True);
 
-  /* create a socket to write to */
-  out_fd = socket(AF_INET, type, 0);
-  if (out_fd == -1) 
-    {
-      DEBUG(0,("socket failed"));
-      return False;
-    }
-
-  /* set the address and port */
-  bzero((char *)&sock_out,sizeof(sock_out));
-  putip((char *)&sock_out.sin_addr,(char *)&ip);
-  sock_out.sin_port = htons( port );
-  sock_out.sin_family = AF_INET;
-  
-  if (DEBUGLEVEL > 0)
-    DEBUG(3,("sending a packet of len %d to (%s) on port %d of type %s\n",
-	     len,inet_ntoa(ip),port,type==SOCK_DGRAM?"DGRAM":"STREAM"));
-	
-  /* send it */
-  ret = (sendto(out_fd,buf,len,0,(struct sockaddr *)&sock_out,sizeof(sock_out)) >= 0);
+/*******************************************************************
+ Convert a uid into a user name.
+********************************************************************/
 
-  if (!ret)
-    DEBUG(0,("Packet send to %s(%d) failed ERRNO=%d\n",
-	     inet_ntoa(ip),port,errno));
+char *uidtoname(uid_t uid)
+{
+	static fstring name;
+	struct passwd *pass;
 
-  close(out_fd);
-  return(ret);
+	pass = sys_getpwuid(uid);
+	if (pass) return(pass->pw_name);
+	slprintf(name, sizeof(name) - 1, "%d",(int)uid);
+	return(name);
 }
 
+
 /*******************************************************************
-sleep for a specified number of milliseconds
+ Convert a gid into a group name.
 ********************************************************************/
-void msleep(int t)
-{
-  int tdiff=0;
-  struct timeval tval,t1,t2;  
-  fd_set fds;
 
-  GetTimeOfDay(&t1);
-  GetTimeOfDay(&t2);
-  
-  while (tdiff < t) {
-    tval.tv_sec = (t-tdiff)/1000;
-    tval.tv_usec = 1000*((t-tdiff)%1000);
- 
-    FD_ZERO(&fds);
-    errno = 0;
-    sys_select(&fds,&tval);
+char *gidtoname(gid_t gid)
+{
+	static fstring name;
+	struct group *grp;
 
-    GetTimeOfDay(&t2);
-    tdiff = TvalDiff(&t1,&t2);
-  }
+	grp = getgrgid(gid);
+	if (grp) return(grp->gr_name);
+	slprintf(name,sizeof(name) - 1, "%d",(int)gid);
+	return(name);
 }
 
-/****************************************************************************
-check if a string is part of a list
-****************************************************************************/
-BOOL in_list(char *s,char *list,BOOL casesensitive)
+/*******************************************************************
+ Convert a user name into a uid. If winbindd is present uses this.
+********************************************************************/
+
+uid_t nametouid(char *name)
 {
-  pstring tok;
-  char *p=list;
+	struct passwd *pass;
+	char *p;
+	uid_t u;
 
-  if (!list) return(False);
+	u = (uid_t)strtol(name, &p, 0);
+	if ((p != name) && (*p == '\0'))
+		return u;
 
-  while (next_token(&p,tok,LIST_SEP))
-    {
-      if (casesensitive) {
-	if (strcmp(tok,s) == 0)
-	  return(True);
-      } else {
-	if (StrCaseCmp(tok,s) == 0)
-	  return(True);
-      }
-    }
-  return(False);
+	pass = getpwnam_alloc(name);
+	if (pass) {
+		return(pass->pw_uid);
+		passwd_free(&pass);
+	}
+	return (uid_t)-1;
 }
 
-/* this is used to prevent lots of mallocs of size 1 */
-static char *null_string = NULL;
+/*******************************************************************
+ Convert a name to a gid_t if possible. Return -1 if not a group. If winbindd
+ is present does a shortcut lookup...
+********************************************************************/
 
-/****************************************************************************
-set a string value, allocing the space for the string
-****************************************************************************/
-BOOL string_init(char **dest,char *src)
+gid_t nametogid(const char *name)
 {
-  int l;
-  if (!src)     
-    src = "";
+	struct group *grp;
+	char *p;
+	gid_t g;
 
-  l = strlen(src);
+	g = (gid_t)strtol(name, &p, 0);
+	if ((p != name) && (*p == '\0'))
+		return g;
 
-  if (l == 0)
-    {
-      if (!null_string)
-	null_string = (char *)malloc(1);
-
-      *null_string = 0;
-      *dest = null_string;
-    }
-  else
-    {
-      *dest = (char *)malloc(l+1);
-      strcpy(*dest,src);
-    }
-  return(True);
+	grp = getgrnam(name);
+	if (grp)
+		return(grp->gr_gid);
+	return (gid_t)-1;
 }
 
-/****************************************************************************
-free a string value
-****************************************************************************/
-void string_free(char **s)
+/*******************************************************************
+something really nasty happened - panic!
+********************************************************************/
+void smb_panic(char *why)
 {
-  if (!s || !(*s)) return;
-  if (*s == null_string)
-    *s = NULL;
-  if (*s) free(*s);
-  *s = NULL;
+	char *cmd = lp_panic_action();
+	if (cmd && *cmd) {
+		system(cmd);
+	}
+	DEBUG(0,("PANIC: %s\n", why));
+	dbgflush();
+	abort();
 }
 
-/****************************************************************************
-set a string value, allocing the space for the string, and deallocating any 
-existing space
-****************************************************************************/
-BOOL string_set(char **dest,char *src)
-{
-  string_free(dest);
-
-  return(string_init(dest,src));
-}
 
-/****************************************************************************
-substitute a string for a pattern in another string. Make sure there is 
-enough room!
+/*******************************************************************
+a readdir wrapper which just returns the file name
+********************************************************************/
+char *readdirname(DIR *p)
+{
+	SMB_STRUCT_DIRENT *ptr;
+	char *dname;
 
-This routine looks for pattern in s and replaces it with 
-insert. It may do multiple replacements.
+	if (!p) return(NULL);
+  
+	ptr = (SMB_STRUCT_DIRENT *)sys_readdir(p);
+	if (!ptr) return(NULL);
 
-return True if a substitution was done.
-****************************************************************************/
-BOOL string_sub(char *s,char *pattern,char *insert)
-{
-  BOOL ret = False;
-  char *p;
-  int ls,lp,li;
+	dname = ptr->d_name;
 
-  if (!insert || !pattern || !s) return(False);
+#ifdef NEXT2
+	if (telldir(p) < 0) return(NULL);
+#endif
 
-  ls = strlen(s);
-  lp = strlen(pattern);
-  li = strlen(insert);
+#ifdef HAVE_BROKEN_READDIR
+	/* using /usr/ucb/cc is BAD */
+	dname = dname - 2;
+#endif
 
-  if (!*pattern) return(False);
+	{
+		static pstring buf;
+		int len = NAMLEN(ptr);
+		memcpy(buf, dname, len);
+		buf[len] = 0;
+		dname = buf;
+	}
 
-  while (lp <= ls && (p = strstr(s,pattern)))
-    {
-      ret = True;
-      memmove(p+li,p+lp,ls + 1 - (PTR_DIFF(p,s) + lp));
-      memcpy(p,insert,li);
-      s = p + li;
-      ls = strlen(s);
-    }
-  return(ret);
+	return(dname);
 }
 
+/*******************************************************************
+ Utility function used to decide if the last component 
+ of a path matches a (possibly wildcarded) entry in a namelist.
+********************************************************************/
 
-
-/*********************************************************
-* Recursive routine that is called by mask_match.
-* Does the actual matching.
-*********************************************************/
-BOOL do_match(char *str, char *regexp, int case_sig)
+BOOL is_in_path(char *name, name_compare_entry *namelist)
 {
+  pstring last_component;
   char *p;
 
-  for( p = regexp; *p && *str; ) {
-    switch(*p) {
-    case '?':
-      str++; p++;
-      break;
+  DEBUG(8, ("is_in_path: %s\n", name));
 
-    case '*':
-      /* Look for a character matching 
-	 the one after the '*' */
-      p++;
-      if(!*p)
-	return True; /* Automatic match */
-      while(*str) {
-	while(*str && (case_sig ? (*p != *str) : (toupper(*p)!=toupper(*str))))
-	  str++;
-	if(do_match(str,p,case_sig))
-	  return True;
-	if(!*str)
-	  return False;
-	else
-	  str++;
-      }
-      return False;
-
-    default:
-      if(case_sig) {
-	if(*str != *p)
-	  return False;
-      } else {
-	if(toupper(*str) != toupper(*p))
-	  return False;
-      }
-      str++, p++;
-      break;
-    }
+  /* if we have no list it's obviously not in the path */
+  if((namelist == NULL ) || ((namelist != NULL) && (namelist[0].name == NULL))) 
+  {
+    DEBUG(8,("is_in_path: no name list.\n"));
+    return False;
   }
-  if(!*p && !*str)
-    return True;
 
-  if (!*p && str[0] == '.' && str[1] == 0)
-    return(True);
-  
-  if (!*str && *p == '?')
+  /* Get the last component of the unix name. */
+  p = strrchr_m(name, '/');
+  strncpy(last_component, p ? ++p : name, sizeof(last_component)-1);
+  last_component[sizeof(last_component)-1] = '\0'; 
+
+  for(; namelist->name != NULL; namelist++)
+  {
+    if(namelist->is_wild)
     {
-      while (*p == '?') p++;
-      return(!*p);
+      if (mask_match(last_component, namelist->name, case_sensitive))
+      {
+         DEBUG(8,("is_in_path: mask match succeeded\n"));
+         return True;
+      }
     }
-
-  if(!*str && (*p == '*' && p[1] == '\0'))
-    return True;
+    else
+    {
+      if((case_sensitive && (strcmp(last_component, namelist->name) == 0))||
+       (!case_sensitive && (StrCaseCmp(last_component, namelist->name) == 0)))
+        {
+         DEBUG(8,("is_in_path: match succeeded\n"));
+         return True;
+        }
+    }
+  }
+  DEBUG(8,("is_in_path: match not found\n"));
+ 
   return False;
 }
 
-
-/*********************************************************
-* Routine to match a given string with a regexp - uses
-* simplified regexp that takes * and ? only. Case can be
-* significant or not.
-*********************************************************/
-BOOL mask_match(char *str, char *regexp, int case_sig,BOOL trans2)
+/*******************************************************************
+ Strip a '/' separated list into an array of 
+ name_compare_enties structures suitable for 
+ passing to is_in_path(). We do this for
+ speed so we can pre-parse all the names in the list 
+ and don't do it for each call to is_in_path().
+ namelist is modified here and is assumed to be 
+ a copy owned by the caller.
+ We also check if the entry contains a wildcard to
+ remove a potentially expensive call to mask_match
+ if possible.
+********************************************************************/
+ 
+void set_namearray(name_compare_entry **ppname_array, char *namelist)
 {
-  char *p;
-  pstring p1, p2;
-  fstring ebase,eext,sbase,sext;
-
-  BOOL matched;
-
-  /* Make local copies of str and regexp */
-  StrnCpy(p1,regexp,sizeof(pstring)-1);
-  StrnCpy(p2,str,sizeof(pstring)-1);
+  char *name_end;
+  char *nameptr = namelist;
+  int num_entries = 0;
+  int i;
 
-  if (!strchr(p2,'.')) {
-    strcat(p2,".");
-  }
+  (*ppname_array) = NULL;
 
-/*
-  if (!strchr(p1,'.')) {
-    strcat(p1,".");
-  }
-*/
+  if((nameptr == NULL ) || ((nameptr != NULL) && (*nameptr == '\0'))) 
+    return;
 
-#if 0
-  if (strchr(p1,'.'))
+  /* We need to make two passes over the string. The
+     first to count the number of elements, the second
+     to split it.
+   */
+  while(*nameptr) 
     {
-      string_sub(p1,"*.*","*");
-      string_sub(p1,".*","*");
-    }
-#endif
-
-  /* Remove any *? and ** as they are meaningless */
-  for(p = p1; *p; p++)
-    while( *p == '*' && (p[1] == '?' ||p[1] == '*'))
-      (void)strcpy( &p[1], &p[2]);
-
-  if (strequal(p1,"*")) return(True);
+      if ( *nameptr == '/' ) 
+        {
+          /* cope with multiple (useless) /s) */
+          nameptr++;
+          continue;
+        }
+      /* find the next / */
+      name_end = strchr_m(nameptr, '/');
 
-  DEBUG(5,("mask_match str=<%s> regexp=<%s>, case_sig = %d\n", p2, p1, case_sig));
+      /* oops - the last check for a / didn't find one. */
+      if (name_end == NULL)
+        break;
 
-  if (trans2) {
-    strcpy(ebase,p1);
-    strcpy(sbase,p2);
-  } else {
-    if ((p=strrchr(p1,'.'))) {
-      *p = 0;
-      strcpy(ebase,p1);
-      strcpy(eext,p+1);
-    } else {
-      strcpy(ebase,p1);
-      eext[0] = 0;
+      /* next segment please */
+      nameptr = name_end + 1;
+      num_entries++;
     }
 
-  if (!strequal(p2,".") && !strequal(p2,"..") && (p=strrchr(p2,'.'))) {
-    *p = 0;
-    strcpy(sbase,p2);
-    strcpy(sext,p+1);
-  } else {
-    strcpy(sbase,p2);
-    strcpy(sext,"");
-  }
-  }
+  if(num_entries == 0)
+    return;
 
-  matched = do_match(sbase,ebase,case_sig) && 
-    (trans2 || do_match(sext,eext,case_sig));
+  if(( (*ppname_array) = (name_compare_entry *)malloc( 
+           (num_entries + 1) * sizeof(name_compare_entry))) == NULL)
+        {
+    DEBUG(0,("set_namearray: malloc fail\n"));
+    return;
+        }
+
+  /* Now copy out the names */
+  nameptr = namelist;
+  i = 0;
+  while(*nameptr)
+             {
+      if ( *nameptr == '/' ) 
+      {
+          /* cope with multiple (useless) /s) */
+          nameptr++;
+          continue;
+      }
+      /* find the next / */
+      if ((name_end = strchr_m(nameptr, '/')) != NULL) 
+      {
+          *name_end = 0;
+         }
 
-  DEBUG(5,("mask_match returning %d\n", matched));
+      /* oops - the last check for a / didn't find one. */
+      if(name_end == NULL) 
+        break;
 
-  return matched;
-}
+      (*ppname_array)[i].is_wild = ms_has_wild(nameptr);
+      if(((*ppname_array)[i].name = strdup(nameptr)) == NULL)
+      {
+        DEBUG(0,("set_namearray: malloc fail (1)\n"));
+        return;
+      }
 
+      /* next segment please */
+      nameptr = name_end + 1;
+      i++;
+    }
+  
+  (*ppname_array)[i].name = NULL;
 
+  return;
+}
 
 /****************************************************************************
-become a daemon, discarding the controlling terminal
+routine to free a namearray.
 ****************************************************************************/
-void become_daemon(void)
+
+void free_namearray(name_compare_entry *name_array)
 {
-#ifndef NO_FORK_DEBUG
-  if (fork())
-    exit(0);
+  if(name_array == NULL)
+    return;
 
-  /* detach from the terminal */
-#ifdef USE_SETSID
-  setsid();
-#else
-#ifdef TIOCNOTTY
-  {
-    int i = open("/dev/tty", O_RDWR);
-    if (i >= 0) 
-      {
-	ioctl(i, (int) TIOCNOTTY, (char *)0);      
-	close(i);
-      }
-  }
-#endif
-#endif
-#endif
+  SAFE_FREE(name_array->name);
+  SAFE_FREE(name_array);
 }
 
 /****************************************************************************
-calculate the default netmask for an address
+ Simple routine to do POSIX file locking. Cruft in NFS and 64->32 bit mapping
+ is dealt with in posix.c
 ****************************************************************************/
-static void default_netmask(struct in_addr *inm, struct in_addr *iad)
-{
-  unsigned long ad = ntohl(iad->s_addr);
-  unsigned long nm;
-  /*
-  ** Guess a netmask based on the class of the IP address given.
-  */
-  if ( (ad & 0x80000000) == 0 ) {
-    /* class A address */
-    nm = 0xFF000000;
-  } else if ( (ad & 0xC0000000) == 0x80000000 ) {
-    /* class B address */
-    nm = 0xFFFF0000;
-  } else if ( (ad & 0xE0000000) == 0xC0000000 ) {
-    /* class C address */
-    nm = 0xFFFFFF00;
-  }  else {
-    /* class D or E; netmask doesn't make much sense - guess 4 bits */
-    nm =  0xFFFFFFF0;
-  }
-  inm->s_addr = htonl(nm);
-}
 
-/****************************************************************************
-  get the broadcast address for our address 
-(troyer@saifr00.ateng.az.honeywell.com)
-****************************************************************************/
-void get_broadcast(struct in_addr *if_ipaddr,
-                    struct in_addr *if_bcast,
-                    struct in_addr *if_nmask)
-{  
-  BOOL found = False;
-#ifndef NO_GET_BROADCAST
-  int sock = -1;               /* AF_INET raw socket desc */
-  char buff[1024];
-  struct ifreq *ifr=NULL;
-  int i;
+BOOL fcntl_lock(int fd, int op, SMB_OFF_T offset, SMB_OFF_T count, int type)
+{
+  SMB_STRUCT_FLOCK lock;
+  int ret;
 
-#if defined(EVEREST)
-  int n_interfaces;
-  struct ifconf ifc;
-  struct ifreq  *ifreqs;
-#elif defined(USE_IFREQ)
-  struct ifreq ifreq;
-  struct strioctl strioctl;
-  struct ifconf *ifc;
-#else
-  struct ifconf ifc;
-#endif
-#endif
+  DEBUG(8,("fcntl_lock %d %d %.0f %.0f %d\n",fd,op,(double)offset,(double)count,type));
 
-  /* get a default netmask and broadcast */
-  default_netmask(if_nmask, if_ipaddr);
+  lock.l_type = type;
+  lock.l_whence = SEEK_SET;
+  lock.l_start = offset;
+  lock.l_len = count;
+  lock.l_pid = 0;
 
-#ifndef NO_GET_BROADCAST  
-  /* Create a socket to the INET kernel. */
-#if USE_SOCKRAW
-  if ((sock = socket(AF_INET, SOCK_RAW, PF_INET )) < 0)
-#else
-    if ((sock = socket(AF_INET, SOCK_DGRAM, 0 )) < 0)
-#endif
-      {
-        DEBUG(0,( "Unable to open socket to get broadcast address\n"));
-        return;
-      }
-  
-  /* Get a list of the configured interfaces */
-#ifdef EVEREST
-  /* This is part of SCO Openserver 5: The ioctls are no longer part
-     if the lower level STREAMS interface glue. They are now real
-     ioctl calls */
-
-  if (ioctl(sock, SIOCGIFANUM, &n_interfaces) < 0) {
-    DEBUG(0,( "SIOCGIFANUM: %s\n", strerror(errno)));
-  } else {
-    DEBUG(0,( "number of interfaces returned is: %d\n", n_interfaces));
+  errno = 0;
 
-    ifc.ifc_len = sizeof(struct ifreq) * n_interfaces;
-    ifc.ifc_buf = (caddr_t) alloca(ifc.ifc_len);
+  ret = fcntl(fd,op,&lock);
 
-    if (ioctl(sock, SIOCGIFCONF, &ifc) < 0)
-      DEBUG(0, ( "SIOCGIFCONF: %s\n", strerror(errno)));
-    else {
-      ifr = ifc.ifc_req;
+  if (errno != 0)
+    DEBUG(3,("fcntl_lock: fcntl lock gave errno %d (%s)\n",errno,strerror(errno)));
 
-      for (i = 0; i < n_interfaces; ++i) {
-	if (if_ipaddr->s_addr ==
-	    ((struct sockaddr_in *) &ifr[i].ifr_addr)->sin_addr.s_addr) {
-	  found = True;
-	  break;
-	}
-      }
-    }
-  }
-#elif defined(USE_IFREQ)
-  ifc = (struct ifconf *)buff;
-  ifc->ifc_len = BUFSIZ - sizeof(struct ifconf);
-  strioctl.ic_cmd = SIOCGIFCONF;
-  strioctl.ic_dp  = (char *)ifc;
-  strioctl.ic_len = sizeof(buff);
-  if (ioctl(sock, I_STR, &strioctl) < 0) {
-    DEBUG(0,( "I_STR/SIOCGIFCONF: %s\n", strerror(errno)));
-  } else {
-    ifr = (struct ifreq *)ifc->ifc_req;  
-
-    /* Loop through interfaces, looking for given IP address */
-    for (i = ifc->ifc_len / sizeof(struct ifreq); --i >= 0; ifr++) {
-      if (if_ipaddr->s_addr ==
-	  (*(struct sockaddr_in *) &ifr->ifr_addr).sin_addr.s_addr) {
-	found = True;
-	break;
-      }
-    }
-  }
-#elif defined(__FreeBSD__) || defined(NETBSD)
-  ifc.ifc_len = sizeof(buff);
-  ifc.ifc_buf = buff;
-  if (ioctl(sock, SIOCGIFCONF, &ifc) < 0) {
-    DEBUG(0,("SIOCGIFCONF: %s\n", strerror(errno)));
-  } else {
-    ifr = ifc.ifc_req;
-    /* Loop through interfaces, looking for given IP address */
-    i = ifc.ifc_len;
-    while (i > 0) {
-      if (if_ipaddr->s_addr ==
-	  (*(struct sockaddr_in *) &ifr->ifr_addr).sin_addr.s_addr) {
-	found = True;
-	break;
-      }
-      i -= ifr->ifr_addr.sa_len + IFNAMSIZ;
-      ifr = (struct ifreq*) ((char*) ifr + ifr->ifr_addr.sa_len + IFNAMSIZ);
-    }
-  }
-#else
-  ifc.ifc_len = sizeof(buff);
-  ifc.ifc_buf = buff;
-  if (ioctl(sock, SIOCGIFCONF, &ifc) < 0) {
-    DEBUG(0,("SIOCGIFCONF: %s\n", strerror(errno)));
-  } else {
-    ifr = ifc.ifc_req;
-  
-    /* Loop through interfaces, looking for given IP address */
-    for (i = ifc.ifc_len / sizeof(struct ifreq); --i >= 0; ifr++) {
-#ifdef BSDI
-      if (ioctl(sock, SIOCGIFADDR, ifr) < 0) break;
-#endif
-      if (if_ipaddr->s_addr ==
-	  (*(struct sockaddr_in *) &ifr->ifr_addr).sin_addr.s_addr) {
-	found = True;
-	break;
-      }
+  /* a lock query */
+  if (op == SMB_F_GETLK)
+  {
+    if ((ret != -1) &&
+        (lock.l_type != F_UNLCK) && 
+        (lock.l_pid != 0) && 
+        (lock.l_pid != sys_getpid()))
+    {
+      DEBUG(3,("fcntl_lock: fd %d is locked by pid %d\n",fd,(int)lock.l_pid));
+      return(True);
     }
-  }
-#endif
-  
-  if (!found) {
-    DEBUG(0,("No interface found for address %s\n", inet_ntoa(*if_ipaddr)));
-  } else {
-    /* Get the netmask address from the kernel */
-#ifdef USE_IFREQ
-    ifreq = *ifr;
-  
-    strioctl.ic_cmd = SIOCGIFNETMASK;
-    strioctl.ic_dp  = (char *)&ifreq;
-    strioctl.ic_len = sizeof(struct ifreq);
-    if (ioctl(sock, I_STR, &strioctl) < 0)
-      DEBUG(0,("Failed I_STR/SIOCGIFNETMASK: %s\n", strerror(errno)));
-    else
-      *if_nmask = ((struct sockaddr_in *)&ifreq.ifr_addr)->sin_addr;
-#else
-    if (ioctl(sock, SIOCGIFNETMASK, ifr) < 0)
-      DEBUG(0,("SIOCGIFNETMASK failed\n"));
-    else
-      *if_nmask = ((struct sockaddr_in *)&ifr->ifr_addr)->sin_addr;
-#endif
 
-    DEBUG(2,("Netmask for %s = %s\n", ifr->ifr_name,
-	     inet_ntoa(*if_nmask)));
+    /* it must be not locked or locked by me */
+    return(False);
   }
 
-  /* Close up shop */
-  (void) close(sock);
-  
-#endif
-
-  /* sanity check on the netmask */
+  /* a lock set or unset */
+  if (ret == -1)
   {
-    unsigned long nm = ntohl(if_nmask->s_addr);
-    if ((nm >> 24) != 0xFF) {
-      DEBUG(0,("Impossible netmask %s - using defaults\n",inet_ntoa(*if_nmask)));
-      default_netmask(if_nmask, if_ipaddr);      
-    }
+    DEBUG(3,("fcntl_lock: lock failed at offset %.0f count %.0f op %d type %d (%s)\n",
+          (double)offset,(double)count,op,type,strerror(errno)));
+    return(False);
   }
 
-  /* derive the broadcast assuming a 1's broadcast, as this is what
-     all MS operating systems do, we have to comply even if the unix
-     box is setup differently */
-  {
-    unsigned long ad = ntohl(if_ipaddr->s_addr);
-    unsigned long nm = ntohl(if_nmask->s_addr);
-    unsigned long bc = (ad & nm) | (0xffffffff & ~nm);
-    if_bcast->s_addr = htonl(bc);
-  }
-  
-  DEBUG(2,("Derived broadcast address %s\n", inet_ntoa(*if_bcast)));
-}  /* get_broadcast */
+  /* everything went OK */
+  DEBUG(8,("fcntl_lock: Lock call successful\n"));
 
+  return(True);
+}
 
-/****************************************************************************
-put up a yes/no prompt
-****************************************************************************/
-BOOL yesno(char *p)
+/*******************************************************************
+is the name specified one of my netbios names
+returns true is it is equal, false otherwise
+********************************************************************/
+BOOL is_myname(char *s)
 {
-  pstring ans;
-  printf("%s",p);
-
-  if (!fgets(ans,sizeof(ans)-1,stdin))
-    return(False);
-
-  if (*ans == 'y' || *ans == 'Y')
-    return(True);
+  int n;
+  BOOL ret = False;
 
-  return(False);
+  for (n=0; my_netbios_names[n]; n++) {
+    if (strequal(my_netbios_names[n], s))
+      ret=True;
+  }
+  DEBUG(8, ("is_myname(\"%s\") returns %d\n", s, ret));
+  return(ret);
 }
 
-/****************************************************************************
-read a line from a file with possible \ continuation chars. 
-Blanks at the start or end of a line are stripped.
-The string will be allocated if s2 is NULL
-****************************************************************************/
-char *fgets_slash(char *s2,int maxlen,FILE *f)
+BOOL is_myname_or_ipaddr(char *s)
 {
-  char *s=s2;
-  int len = 0;
-  int c;
-  BOOL start_of_line = True;
-
-  if (feof(f))
-    return(NULL);
-
-  if (!s2)
-    {
-      maxlen = MIN(maxlen,8);
-      s = (char *)Realloc(s,maxlen);
-    }
-
-  if (!s || maxlen < 2) return(NULL);
-
-  *s = 0;
+	char **ptr;
+	
+	/* optimize for the common case */
+	if (strequal(s, global_myname)) 
+		return True;
 
-  while (len < maxlen-1)
-    {
-      c = getc(f);
-      switch (c)
+	/* maybe its an IP address? */
+	if (is_ipaddress(s))
 	{
-	case '\r':
-	  break;
-	case '\n':
-	  while (len > 0 && s[len-1] == ' ')
-	    {
-	      s[--len] = 0;
-	    }
-	  if (len > 0 && s[len-1] == '\\')
-	    {
-	      s[--len] = 0;
-	      start_of_line = True;
-	      break;
-	    }
-	  return(s);
-	case EOF:
-	  if (len <= 0 && !s2) 
-	    free(s);
-	  return(len>0?s:NULL);
-	case ' ':
-	  if (start_of_line)
-	    break;
-	default:
-	  start_of_line = False;
-	  s[len++] = c;
-	  s[len] = 0;
-	}
-      if (!s2 && len > maxlen-3)
+		struct iface_struct nics[MAX_INTERFACES];
+		int i, n;
+		uint32 ip;
+		
+		ip = interpret_addr(s);
+		if ((ip==0) || (ip==0xffffffff))
+			return False;
+			
+		n = get_interfaces(nics, MAX_INTERFACES);
+		for (i=0; i<n; i++) {
+			if (ip == nics[i].ip.s_addr)
+				return True;
+		}
+	}	
+
+	/* check for an alias */
+  	ptr = lp_netbios_aliases();
+	for ( ; *ptr; ptr++ )
 	{
-	  maxlen *= 2;
-	  s = (char *)Realloc(s,maxlen);
-	  if (!s) return(NULL);
+		if (StrCaseCmp(s, *ptr) == 0)
+			return True;
 	}
-    }
-  return(s);
-}
-
-
-
-/****************************************************************************
-set the length of a file from a filedescriptor.
-Returns 0 on success, -1 on failure.
-****************************************************************************/
-int set_filelen(int fd, long len)
-{
-/* According to W. R. Stevens advanced UNIX prog. Pure 4.3 BSD cannot
-   extend a file with ftruncate. Provide alternate implementation
-   for this */
-
-#if FTRUNCATE_CAN_EXTEND
-  return ftruncate(fd, len);
-#else
-  struct stat st;
-  char c = 0;
-  long currpos = lseek(fd, 0L, SEEK_CUR);
-
-  if(currpos < 0)
-    return -1;
-  /* Do an fstat to see if the file is longer than
-     the requested size (call ftruncate),
-     or shorter, in which case seek to len - 1 and write 1
-     byte of zero */
-  if(fstat(fd, &st)<0)
-    return -1;
-
-#ifdef S_ISFIFO
-  if (S_ISFIFO(st.st_mode)) return 0;
-#endif
+	
+	
+	/* no match */
+	return False;
 
-  if(st.st_size == len)
-    return 0;
-  if(st.st_size > len)
-    return ftruncate(fd, len);
-
-  if(lseek(fd, len-1, SEEK_SET) != len -1)
-    return -1;
-  if(write(fd, &c, 1)!=1)
-    return -1;
-  /* Seek to where we were */
-  lseek(fd, currpos, SEEK_SET);
-  return 0;
-#endif
 }
 
 
-/****************************************************************************
-return the byte checksum of some data
-****************************************************************************/
-int byte_checksum(char *buf,int len)
+/*******************************************************************
+set the horrid remote_arch string based on an enum.
+********************************************************************/
+void set_remote_arch(enum remote_arch_types type)
 {
-  unsigned char *p = (unsigned char *)buf;
-  int ret = 0;
-  while (len--)
-    ret += *p++;
-  return(ret);
+  extern fstring remote_arch;
+  ra_type = type;
+  switch( type )
+  {
+  case RA_WFWG:
+    fstrcpy(remote_arch, "WfWg");
+    return;
+  case RA_OS2:
+    fstrcpy(remote_arch, "OS2");
+    return;
+  case RA_WIN95:
+    fstrcpy(remote_arch, "Win95");
+    return;
+  case RA_WINNT:
+    fstrcpy(remote_arch, "WinNT");
+    return;
+  case RA_WIN2K:
+    fstrcpy(remote_arch, "Win2K");
+    return;
+  case RA_SAMBA:
+    fstrcpy(remote_arch,"Samba");
+    return;
+  default:
+    ra_type = RA_UNKNOWN;
+    fstrcpy(remote_arch, "UNKNOWN");
+    break;
+  }
 }
 
-
-
-#ifdef HPUX
-/****************************************************************************
-this is a version of setbuffer() for those machines that only have setvbuf
-****************************************************************************/
-void setbuffer(FILE *f,char *buf,int bufsize)
+/*******************************************************************
+ Get the remote_arch type.
+********************************************************************/
+enum remote_arch_types get_remote_arch(void)
 {
-  setvbuf(f,buf,_IOFBF,bufsize);
+  return ra_type;
 }
-#endif
 
 
-/****************************************************************************
-parse out a directory name from a path name. Assumes dos style filenames.
-****************************************************************************/
-char *dirname_dos(char *path,char *buf)
+void out_ascii(FILE *f, unsigned char *buf,int len)
 {
-  char *p = strrchr(path,'\\');
-
-  if (!p)
-    strcpy(buf,path);
-  else
-    {
-      *p = 0;
-      strcpy(buf,path);
-      *p = '\\';
-    }
-
-  return(buf);
+	int i;
+	for (i=0;i<len;i++)
+	{
+		fprintf(f, "%c", isprint(buf[i])?buf[i]:'.');
+	}
 }
 
-
-/****************************************************************************
-parse out a filename from a path name. Assumes dos style filenames.
-****************************************************************************/
-static char *filename_dos(char *path,char *buf)
+void out_data(FILE *f,char *buf1,int len, int per_line)
 {
-  char *p = strrchr(path,'\\');
-
-  if (!p)
-    strcpy(buf,path);
-  else
-    strcpy(buf,p+1);
+	unsigned char *buf = (unsigned char *)buf1;
+	int i=0;
+	if (len<=0)
+	{
+		return;
+	}
 
-  return(buf);
+	fprintf(f, "[%03X] ",i);
+	for (i=0;i<len;)
+	{
+		fprintf(f, "%02X ",(int)buf[i]);
+		i++;
+		if (i%(per_line/2) == 0) fprintf(f, " ");
+		if (i%per_line == 0)
+		{      
+			out_ascii(f,&buf[i-per_line  ],per_line/2); fprintf(f, " ");
+			out_ascii(f,&buf[i-per_line/2],per_line/2); fprintf(f, "\n");
+			if (i<len) fprintf(f, "[%03X] ",i);
+		}
+	}
+	if ((i%per_line) != 0)
+	{
+		int n;
+
+		n = per_line - (i%per_line);
+		fprintf(f, " ");
+		if (n>(per_line/2)) fprintf(f, " ");
+		while (n--)
+		{
+			fprintf(f, "   ");
+		}
+		n = MIN(per_line/2,i%per_line);
+		out_ascii(f,&buf[i-(i%per_line)],n); fprintf(f, " ");
+		n = (i%per_line) - n;
+		if (n>0) out_ascii(f,&buf[i-n],n); 
+		fprintf(f, "\n");    
+	}
 }
 
-
-
-/****************************************************************************
-expand a pointer to be a particular size
-****************************************************************************/
-void *Realloc(void *p,int size)
+void print_asc(int level, const unsigned char *buf,int len)
 {
-  void *ret=NULL;
-  if (!p)
-    ret = (void *)malloc(size);
-  else
-    ret = (void *)realloc(p,size);
-
-  if (!ret)
-    DEBUG(0,("Memory allocation error: failed to expand to %d bytes\n",size));
-
-  return(ret);
+	int i;
+	for (i=0;i<len;i++)
+		DEBUG(level,("%c", isprint(buf[i])?buf[i]:'.'));
 }
 
-/****************************************************************************
-set the time on a file
-****************************************************************************/
-BOOL set_filetime(char *fname,time_t mtime)
-{  
-  struct utimbuf times;
-
-  if (null_mtime(mtime)) return(True);
-
-  times.modtime = times.actime = mtime;
+void dump_data(int level, const char *buf1,int len)
+{
+  const unsigned char *buf = (const unsigned char *)buf1;
+  int i=0;
+  if (len<=0) return;
 
-  if (sys_utime(fname,&times)) {
-    DEBUG(4,("set_filetime(%s) failed: %s\n",fname,strerror(errno)));
+  DEBUG(level,("[%03X] ",i));
+  for (i=0;i<len;) {
+    DEBUG(level,("%02X ",(int)buf[i]));
+    i++;
+    if (i%8 == 0) DEBUG(level,(" "));
+    if (i%16 == 0) {      
+      print_asc(level,&buf[i-16],8); DEBUG(level,(" "));
+      print_asc(level,&buf[i-8],8); DEBUG(level,("\n"));
+      if (i<len) DEBUG(level,("[%03X] ",i));
+    }
+  }
+  if (i%16) {
+    int n;
+
+    n = 16 - (i%16);
+    DEBUG(level,(" "));
+    if (n>8) DEBUG(level,(" "));
+    while (n--) DEBUG(level,("   "));
+
+    n = MIN(8,i%16);
+    print_asc(level,&buf[i-(i%16)],n); DEBUG(level,(" "));
+    n = (i%16) - n;
+    if (n>0) print_asc(level,&buf[i-n],n); 
+    DEBUG(level,("\n"));    
   }
-    
-  return(True);
 }
 
-
-#ifdef NOSTRDUP
-/****************************************************************************
-duplicate a string
-****************************************************************************/
-char *strdup(char *s)
+char *tab_depth(int depth)
 {
-  char *ret = NULL;
-  if (!s) return(NULL);
-  ret = (char *)malloc(strlen(s)+1);
-  if (!ret) return(NULL);
-  strcpy(ret,s);
-  return(ret);
+	static pstring spaces;
+	memset(spaces, ' ', depth * 4);
+	spaces[depth * 4] = 0;
+	return spaces;
 }
-#endif
 
-
-/****************************************************************************
-  Signal handler for SIGPIPE (write on a disconnected socket) 
-****************************************************************************/
-void Abort(void )
+/*****************************************************************************
+ * Provide a checksum on a string
+ *
+ *  Input:  s - the null-terminated character string for which the checksum
+ *              will be calculated.
+ *
+ *  Output: The checksum value calculated for s.
+ *
+ * ****************************************************************************
+ */
+int str_checksum(const char *s)
 {
-  DEBUG(0,("Probably got SIGPIPE\nExiting\n"));
-  exit(2);
-}
-
+	int res = 0;
+	int c;
+	int i=0;
+	
+	while(*s) {
+		c = *s;
+		res ^= (c << (i % 15)) ^ (c >> (15-(i%15)));
+		s++;
+		i++;
+	}
+	return(res);
+} /* str_checksum */
 
-#ifdef REPLACE_STRLEN
-/****************************************************************************
-a replacement strlen() that returns int for solaris
-****************************************************************************/
-int Strlen(char *s)
-{
-  int ret=0;
-  if (!s) return(0);
-  while (*s++) ret++;
-  return(ret);
-}
-#endif
 
 
-/****************************************************************************
-return a time at the start of the current month
-****************************************************************************/
-time_t start_of_month(void)
+/*****************************************************************
+zero a memory area then free it. Used to catch bugs faster
+*****************************************************************/  
+void zero_free(void *p, size_t size)
 {
-  time_t t = time(NULL);
-  struct tm *t2;
-  
-  t2 = gmtime(&t);
-  
-  t2->tm_mday = 1;
-  t2->tm_hour = 0;
-  t2->tm_min = 0;
-  t2->tm_sec = 0;
-  
-  return(mktime(t2));
+	memset(p, 0, size);
+	SAFE_FREE(p);
 }
 
 
-/*******************************************************************
-  check for a sane unix date
-********************************************************************/
-BOOL sane_unix_date(time_t unixdate)
+/*****************************************************************
+set our open file limit to a requested max and return the limit
+*****************************************************************/  
+int set_maxfiles(int requested_max)
 {
-  struct tm t,today;
-  time_t t_today = time(NULL);
-  
-  t = *(LocalTime(&unixdate,LOCAL_TO_GMT));
-  today = *(LocalTime(&t_today,LOCAL_TO_GMT));
-  
-  if (t.tm_year < 80)
-    return(False);
-  
-  if (t.tm_year >  today.tm_year)
-    return(False);
-  
-  if (t.tm_year == today.tm_year &&
-      t.tm_mon > today.tm_mon)
-    return(False);
-  
-  
-  if (t.tm_year == today.tm_year &&
-      t.tm_mon == today.tm_mon &&
-      t.tm_mday > (today.tm_mday+1))
-    return(False);
-  
-  return(True);
-}
+#if (defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE))
+	struct rlimit rlp;
+	int saved_current_limit;
 
+	if(getrlimit(RLIMIT_NOFILE, &rlp)) {
+		DEBUG(0,("set_maxfiles: getrlimit (1) for RLIMIT_NOFILE failed with error %s\n",
+			strerror(errno) ));
+		/* just guess... */
+		return requested_max;
+	}
 
+	/* 
+     * Set the fd limit to be real_max_open_files + MAX_OPEN_FUDGEFACTOR to
+	 * account for the extra fd we need 
+	 * as well as the log files and standard
+	 * handles etc. Save the limit we want to set in case
+	 * we are running on an OS that doesn't support this limit (AIX)
+	 * which always returns RLIM_INFINITY for rlp.rlim_max.
+	 */
 
-#ifdef NO_FTRUNCATE
- /*******************************************************************
-ftruncate for operating systems that don't have it
-********************************************************************/
-int ftruncate(int f,long l)
-{
-      struct  flock   fl;
+	/* Try raising the hard (max) limit to the requested amount. */
 
-      fl.l_whence = 0;
-      fl.l_len = 0;
-      fl.l_start = l;
-      fl.l_type = F_WRLCK;
-      return fcntl(f, F_FREESP, &fl);
-}
-#endif
+#if defined(RLIM_INFINITY)
+	if (rlp.rlim_max != RLIM_INFINITY) {
+		int orig_max = rlp.rlim_max;
 
+		if ( rlp.rlim_max < requested_max )
+			rlp.rlim_max = requested_max;
 
+		/* This failing is not an error - many systems (Linux) don't
+			support our default request of 10,000 open files. JRA. */
 
-/****************************************************************************
-get my own name and IP
-****************************************************************************/
-BOOL get_myname(char *myname,struct in_addr *ip)
-{
-  struct hostent *hp;
-  pstring hostname;
+		if(setrlimit(RLIMIT_NOFILE, &rlp)) {
+			DEBUG(3,("set_maxfiles: setrlimit for RLIMIT_NOFILE for %d max files failed with error %s\n", 
+				(int)rlp.rlim_max, strerror(errno) ));
 
-  *hostname = 0;
+			/* Set failed - restore original value from get. */
+			rlp.rlim_max = orig_max;
+		}
+	}
+#endif
 
-  /* get my host name */
-  if (gethostname(hostname, MAXHOSTNAMELEN) == -1) 
-    {
-      DEBUG(0,("gethostname failed\n"));
-      return False;
-    } 
+	/* Now try setting the soft (current) limit. */
 
-  /* get host info */
-  if ((hp = Get_Hostbyname(hostname)) == 0) 
-    {
-      DEBUG(0,( "Get_Hostbyname: Unknown host %s.\n",hostname));
-      return False;
-    }
+	saved_current_limit = rlp.rlim_cur = MIN(requested_max,rlp.rlim_max);
 
-  if (myname)
-    {
-      /* split off any parts after an initial . */
-      char *p = strchr(hostname,'.');
-      if (p) *p = 0;
+	if(setrlimit(RLIMIT_NOFILE, &rlp)) {
+		DEBUG(0,("set_maxfiles: setrlimit for RLIMIT_NOFILE for %d files failed with error %s\n", 
+			(int)rlp.rlim_cur, strerror(errno) ));
+		/* just guess... */
+		return saved_current_limit;
+	}
 
-      strcpy(myname,hostname);
+	if(getrlimit(RLIMIT_NOFILE, &rlp)) {
+		DEBUG(0,("set_maxfiles: getrlimit (2) for RLIMIT_NOFILE failed with error %s\n",
+			strerror(errno) ));
+		/* just guess... */
+		return saved_current_limit;
     }
 
-  if (ip)
-    putip((char *)ip,(char *)hp->h_addr);
-
-  return(True);
-}
+#if defined(RLIM_INFINITY)
+	if(rlp.rlim_cur == RLIM_INFINITY)
+		return saved_current_limit;
+#endif
 
+    if((int)rlp.rlim_cur > saved_current_limit)
+		return saved_current_limit;
 
-/****************************************************************************
-true if two IP addresses are equal
-****************************************************************************/
-BOOL ip_equal(struct in_addr ip1,struct in_addr ip2)
-{
-  unsigned long a1,a2;
-  a1 = ntohl(ip1.s_addr);
-  a2 = ntohl(ip2.s_addr);
-  return(a1 == a2);
+	return rlp.rlim_cur;
+#else /* !defined(HAVE_GETRLIMIT) || !defined(RLIMIT_NOFILE) */
+	/*
+	 * No way to know - just guess...
+	 */
+	return requested_max;
+#endif
 }
 
-
-/****************************************************************************
-open a socket of the specified type, port and address for incoming data
-****************************************************************************/
-int open_socket_in(int type, int port, int dlevel)
+/*****************************************************************
+ splits out the start of the key (HKLM or HKU) and the rest of the key
+ *****************************************************************/  
+BOOL reg_split_key(char *full_keyname, uint32 *reg_type, char *key_name)
 {
-  struct hostent *hp;
-  struct sockaddr_in sock;
-  pstring host_name;
-  int res;
-
-  /* get my host name */
-#ifdef MAXHOSTNAMELEN
-  if (gethostname(host_name, MAXHOSTNAMELEN) == -1) 
-#else
-  if (gethostname(host_name, sizeof(host_name)) == -1) 
-#endif
-    { DEBUG(0,("gethostname failed\n")); return -1; } 
+	pstring tmp;
 
-  /* get host info */
-  if ((hp = Get_Hostbyname(host_name)) == 0) 
-    {
-      DEBUG(0,( "Get_Hostbyname: Unknown host. %s\n",host_name));
-      return -1;
-    }
-  
-  bzero((char *)&sock,sizeof(sock));
-  memcpy((char *)&sock.sin_addr,(char *)hp->h_addr, hp->h_length);
-#if defined(__FreeBSD__) || defined(NETBSD) /* XXX not the right ifdef */
-  sock.sin_len = sizeof(sock);
-#endif
-  sock.sin_port = htons( port );
-  sock.sin_family = hp->h_addrtype;
-  sock.sin_addr.s_addr = INADDR_ANY;
-  res = socket(hp->h_addrtype, type, 0);
-  if (res == -1) 
-    { DEBUG(0,("socket failed\n")); return -1; }
-
-  {
-    int one=1;
-    setsockopt(res,SOL_SOCKET,SO_REUSEADDR,(char *)&one,sizeof(one));
-  }
+	if (!next_token(&full_keyname, tmp, "\\", sizeof(tmp)))
+	{
+		return False;
+	}
 
-  /* now we've got a socket - we need to bind it */
-  if (bind(res, (struct sockaddr * ) &sock,sizeof(sock)) < 0) 
-    { 
-      if (port) {
-	if (port == 139 || port == 137)
-	  DEBUG(dlevel,("bind failed on port %d (%s)\n",
-			port,strerror(errno))); 
-	close(res); 
+	(*reg_type) = 0;
 
-	if (dlevel > 0 && port < 1000)
-	  port = 7999;
+	DEBUG(10, ("reg_split_key: hive %s\n", tmp));
 
-	if (port >= 1000 && port < 9000)
-	  return(open_socket_in(type,port+1,dlevel));
-      }
+	if (strequal(tmp, "HKLM") || strequal(tmp, "HKEY_LOCAL_MACHINE"))
+	{
+		(*reg_type) = HKEY_LOCAL_MACHINE;
+	}
+	else if (strequal(tmp, "HKU") || strequal(tmp, "HKEY_USERS"))
+	{
+		(*reg_type) = HKEY_USERS;
+	}
+	else
+	{
+		DEBUG(10,("reg_split_key: unrecognised hive key %s\n", tmp));
+		return False;
+	}
+	
+	if (next_token(&full_keyname, tmp, "\n\r", sizeof(tmp)))
+	{
+		fstrcpy(key_name, tmp);
+	}
+	else
+	{
+		key_name[0] = 0;
+	}
 
-      return(-1); 
-    }
-  DEBUG(3,("bind succeeded on port %d\n",port));
+	DEBUG(10, ("reg_split_key: name %s\n", key_name));
 
-  return res;
+	return True;
 }
 
 
-/****************************************************************************
-  create an outgoing socket
-  **************************************************************************/
-int open_socket_out(int type, struct in_addr *addr, int port )
+/*****************************************************************
+possibly replace mkstemp if it is broken
+*****************************************************************/  
+int smb_mkstemp(char *template)
 {
-  struct sockaddr_in sock_out;
-  int res;
-
-  /* create a socket to write to */
-  res = socket(PF_INET, type, 0);
-  if (res == -1) 
-    { DEBUG(0,("socket error\n")); return -1; }
-
-  if (type != SOCK_STREAM) return(res);
-  
-  bzero((char *)&sock_out,sizeof(sock_out));
-  putip((char *)&sock_out.sin_addr,(char *)addr);
-  
-  sock_out.sin_port = htons( port );
-  sock_out.sin_family = PF_INET;
-
-  DEBUG(3,("Connecting to %s at port %d\n",inet_ntoa(*addr),port));
-  
-  /* and connect it to the destination */
-  if (connect(res,(struct sockaddr *)&sock_out,sizeof(sock_out))<0) {
-    DEBUG(0,("connect error: %s\n",strerror(errno))); 
-    close(res); 
-    return(-1);
-  }
-
-  return res;
+#if HAVE_SECURE_MKSTEMP
+	return mkstemp(template);
+#else
+	/* have a reasonable go at emulating it. Hope that
+	   the system mktemp() isn't completly hopeless */
+	char *p = mktemp(template);
+	if (!p) return -1;
+	return open(p, O_CREAT|O_EXCL|O_RDWR, 0600);
+#endif
 }
 
 
-/****************************************************************************
-interpret a protocol description string, with a default
-****************************************************************************/
-int interpret_protocol(char *str,int def)
+/**
+ malloc that aborts with smb_panic on fail or zero size.
+**/
+void *smb_xmalloc(size_t size)
 {
-  if (strequal(str,"NT1"))
-    return(PROTOCOL_NT1);
-  if (strequal(str,"LANMAN2"))
-    return(PROTOCOL_LANMAN2);
-  if (strequal(str,"LANMAN1"))
-    return(PROTOCOL_LANMAN1);
-  if (strequal(str,"CORE"))
-    return(PROTOCOL_CORE);
-  if (strequal(str,"COREPLUS"))
-    return(PROTOCOL_COREPLUS);
-  if (strequal(str,"CORE+"))
-    return(PROTOCOL_COREPLUS);
-  
-  DEBUG(0,("Unrecognised protocol level %s\n",str));
-  
-  return(def);
+	void *p;
+	if (size == 0)
+		smb_panic("smb_xmalloc: called with zero size.\n");
+	if ((p = malloc(size)) == NULL)
+		smb_panic("smb_xmalloc: malloc fail.\n");
+	return p;
 }
 
-/****************************************************************************
-interpret a security level
-****************************************************************************/
-int interpret_security(char *str,int def)
+/**
+ Memdup with smb_panic on fail.
+**/
+void *smb_xmemdup(const void *p, size_t size)
 {
-  if (strequal(str,"SERVER"))
-    return(SEC_SERVER);
-  if (strequal(str,"USER"))
-    return(SEC_USER);
-  if (strequal(str,"SHARE"))
-    return(SEC_SHARE);
-  
-  DEBUG(0,("Unrecognised security level %s\n",str));
-  
-  return(def);
+	void *p2;
+	p2 = smb_xmalloc(size);
+	memcpy(p2, p, size);
+	return p2;
 }
 
-
-/****************************************************************************
-interpret an internet address or name into an IP address in 4 byte form
-****************************************************************************/
-unsigned long interpret_addr(char *str)
+/**
+ strdup that aborts on malloc fail.
+**/
+char *smb_xstrdup(const char *s)
 {
-  struct hostent *hp;
-  unsigned long res;
-
-  if (strcmp(str,"0.0.0.0") == 0) return(0);
-  if (strcmp(str,"255.255.255.255") == 0) return(0xFFFFFFFF);
-
-  /* if it's in the form of an IP address then get the lib to interpret it */
-  if (isdigit(str[0])) {
-    res = inet_addr(str);
-  } else {
-    /* otherwise assume it's a network name of some sort and use Get_Hostbyname */
-    if ((hp = Get_Hostbyname(str)) == 0) {
-      DEBUG(3,("Get_Hostbyname: Unknown host. %s\n",str));
-      return 0;
-    }
-    putip((char *)&res,(char *)hp->h_addr);
-  }
-
-  if (res == (unsigned long)-1) return(0);
-
-  return(res);
+	char *s1 = strdup(s);
+	if (!s1)
+		smb_panic("smb_xstrdup: malloc fail\n");
+	return s1;
 }
 
-/*******************************************************************
-  a convenient addition to interpret_addr()
-  ******************************************************************/
-struct in_addr *interpret_addr2(char *str)
+/*
+  vasprintf that aborts on malloc fail
+*/
+int smb_xvasprintf(char **ptr, const char *format, va_list ap)
 {
-  static struct in_addr ret;
-  unsigned long a = interpret_addr(str);
-  putip((char *)&ret,(char *)&a);
-  return(&ret);
+	int n;
+	n = vasprintf(ptr, format, ap);
+	if (n == -1 || ! *ptr) {
+		smb_panic("smb_xvasprintf: out of memory");
+	}
+	return n;
 }
 
-/*******************************************************************
-  check if an IP is the 0.0.0.0
-  ******************************************************************/
-BOOL zero_ip(struct in_addr ip)
+/*****************************************************************
+like strdup but for memory
+ *****************************************************************/  
+void *memdup(const void *p, size_t size)
 {
-  unsigned long a;
-  putip((char *)&a,(char *)&ip);
-  return(a == 0);
+	void *p2;
+	if (size == 0) return NULL;
+	p2 = malloc(size);
+	if (!p2) return NULL;
+	memcpy(p2, p, size);
+	return p2;
 }
 
-#define TIME_FIXUP_CONSTANT (369.0*365.25*24*60*60-(3.0*24*60*60+6.0*60*60))
-
-/****************************************************************************
-interpret an 8 byte "filetime" structure to a time_t
-It's originally in "100ns units since jan 1st 1601"
-
-It appears to be kludge-GMT (at least for file listings). This means
-its the GMT you get by taking a localtime and adding the
-serverzone. This is NOT the same as GMT in some cases. This routine
-converts this to real GMT.
-****************************************************************************/
-time_t interpret_long_date(char *p)
+/*****************************************************************
+get local hostname and cache result
+ *****************************************************************/  
+char *myhostname(void)
 {
-  double d;
-  time_t ret;
-  uint32 tlow,thigh;
-  tlow = IVAL(p,0);
-  thigh = IVAL(p,4);
-
-  if (thigh == 0) return(0);
-
-  d = ((double)thigh)*4.0*(double)(1<<30);
-  d += (tlow&0xFFF00000);
-  d *= 1.0e-7;
- 
-  /* now adjust by 369 years to make the secs since 1970 */
-  d -= TIME_FIXUP_CONSTANT;
-
-  if (d>=MAXINT)
-    return(0);
-
-  ret = (time_t)(d+0.5);
-
-  /* this takes us from kludge-GMT to real GMT */
-  ret += TimeDiff(ret) - serverzone;
-
-  return(ret);
+	static pstring ret;
+	if (ret[0] == 0) {
+		get_myname(ret);
+	}
+	return ret;
 }
 
 
-/****************************************************************************
-put a 8 byte filetime from a time_t
-This takes real GMT as input and converts to kludge-GMT
-****************************************************************************/
-void put_long_date(char *p,time_t t)
+/*****************************************************************
+a useful function for returning a path in the Samba lock directory
+ *****************************************************************/  
+char *lock_path(char *name)
 {
-  uint32 tlow,thigh;
-  double d;
-
-  if (t==0) {
-    SIVAL(p,0,0); SIVAL(p,4,0);
-    return;
-  }
-
-  /* this converts GMT to kludge-GMT */
-  t -= TimeDiff(t) - serverzone; 
-
-  d = (double) (t);
+	static pstring fname;
 
-  d += TIME_FIXUP_CONSTANT;
+	pstrcpy(fname,lp_lockdir());
+	trim_string(fname,"","/");
+	
+	if (!directory_exist(fname,NULL)) {
+		mkdir(fname,0755);
+	}
+	
+	pstrcat(fname,"/");
+	pstrcat(fname,name);
 
-  d *= 1.0e7;
+	return fname;
+}
 
-  thigh = (uint32)(d * (1.0/(4.0*(double)(1<<30))));
-  tlow = (uint32)(d - ((double)thigh)*4.0*(double)(1<<30));
 
-  SIVAL(p,0,tlow);
-  SIVAL(p,4,thigh);
+/**
+ * @brief Returns an absolute path to a file in the Samba lib directory.
+ *
+ * @param name File to find, relative to LIBDIR.
+ *
+ * @retval Pointer to a static #pstring containing the full path.
+ **/
+char *lib_path(char *name)
+{
+	static pstring fname;
+	snprintf(fname, sizeof(fname), "%s/%s", dyn_LIBDIR, name);
+	return fname;
 }
 
 /*******************************************************************
-sub strings with useful parameters
+ Given a filename - get its directory name
+ NB: Returned in static storage.  Caveats:
+ o  Not safe in thread environment.
+ o  Caller must not free.
+ o  If caller wishes to preserve, they should copy.
 ********************************************************************/
-void standard_sub_basic(char *s)
-{
-  if (!strchr(s,'%')) return;
-
-  string_sub(s,"%R",remote_proto);
-  string_sub(s,"%a",remote_arch);
-  string_sub(s,"%m",remote_machine);
-  string_sub(s,"%L",local_machine);
 
-  if (!strchr(s,'%')) return;
-
-  string_sub(s,"%v",VERSION);
-  string_sub(s,"%h",myhostname);
-  string_sub(s,"%U",sesssetup_user);
-
-  if (!strchr(s,'%')) return;
-
-  string_sub(s,"%I",Client_info.addr);
-  string_sub(s,"%M",Client_info.name);
-  string_sub(s,"%T",timestring());
-
-  if (!strchr(s,'%')) return;
-
-  {
-    char pidstr[10];
-    sprintf(pidstr,"%d",(int)getpid());
-    string_sub(s,"%d",pidstr);
-  }
+char *parent_dirname(const char *path)
+{
+	static pstring dirpath;
+	char *p;
 
-  if (!strchr(s,'%')) return;
+	if (!path)
+		return(NULL);
 
-  {
-    struct passwd *pass = Get_Pwnam(sesssetup_user,False);
-    if (pass) {
-      string_sub(s,"%G",gidtoname(pass->pw_gid));
-    }
-  }
+	pstrcpy(dirpath, path);
+	p = strrchr_m(dirpath, '/');  /* Find final '/', if any */
+	if (!p) {
+		pstrcpy(dirpath, ".");    /* No final "/", so dir is "." */
+	} else {
+		if (p == dirpath)
+			++p;    /* For root "/", leave "/" in place */
+		*p = '\0';
+	}
+	return dirpath;
 }
 
 
 /*******************************************************************
-write a string in unicoode format
-********************************************************************/
-int PutUniCode(char *dst,char *src)
+determine if a pattern contains any Microsoft wildcard characters
+ *******************************************************************/
+BOOL ms_has_wild(char *s)
 {
-  int ret = 0;
-  while (*src) {
-    dst[ret++] = src[0];
-    dst[ret++] = 0;    
-    src++;
-  }
-  dst[ret++]=0;
-  dst[ret++]=0;
-  return(ret);
+	char c;
+	while ((c = *s++)) {
+		switch (c) {
+		case '*':
+		case '?':
+		case '<':
+		case '>':
+		case '"':
+			return True;
+		}
+	}
+	return False;
+}
+
+BOOL ms_has_wild_w(const smb_ucs2_t *s)
+{
+	smb_ucs2_t c;
+	if (!s) return False;
+	while ((c = *s++)) {
+		switch (c) {
+		case UCS2_CHAR('*'):
+		case UCS2_CHAR('?'):
+		case UCS2_CHAR('<'):
+		case UCS2_CHAR('>'):
+		case UCS2_CHAR('"'):
+			return True;
+		}
+	}
+	return False;
 }
 
-
-pstring smbrun_path = SMBRUN;
-
-/****************************************************************************
-run a command via system() using smbrun
-****************************************************************************/
-int smbrun(char *cmd,char *outfile)
+/*******************************************************************
+ a wrapper that handles case sensitivity and the special handling
+   of the ".." name
+ *******************************************************************/
+BOOL mask_match(char *string, char *pattern, BOOL is_case_sensitive)
 {
-  int ret;
-  pstring syscmd;  
+	fstring p2, s2;
 
-  if (!file_exist(smbrun_path,NULL))
-    {
-      DEBUG(0,("SMBRUN ERROR: Can't find %s. Installation problem?\n",smbrun_path));
-      return(1);
-    }
-
-  sprintf(syscmd,"%s \"(%s 2>&1) > %s\"",
-	  smbrun_path,cmd,
-	  outfile?outfile:"/dev/null");
+	if (strcmp(string,"..") == 0) string = ".";
+	if (strcmp(pattern,".") == 0) return False;
+	
+	if (is_case_sensitive) {
+		return ms_fnmatch(pattern, string, Protocol) == 0;
+	}
 
-  DEBUG(5,("smbrun - running %s ",syscmd));
-  ret = system(syscmd);
-  DEBUG(5,("gave %d\n",ret));
-  return(ret);
+	fstrcpy(p2, pattern);
+	fstrcpy(s2, string);
+	strlower(p2); 
+	strlower(s2);
+	return ms_fnmatch(p2, s2, Protocol) == 0;
 }
 
+/*********************************************************
+ Recursive routine that is called by unix_wild_match.
+*********************************************************/
 
-/****************************************************************************
-a wrapper for gethostbyname() that tries with all lower and all upper case 
-if the initial name fails
-****************************************************************************/
-struct hostent *Get_Hostbyname(char *name)
-{
-  char *name2 = strdup(name);
-  struct hostent *ret;
-
-  if (!name2)
-    {
-      DEBUG(0,("Memory allocation error in Get_Hostbyname! panic\n"));
-      exit(0);
-    }
+static BOOL unix_do_match(char *regexp, char *str)
+{
+	char *p;
+
+	for( p = regexp; *p && *str; ) {
+
+		switch(*p) {
+			case '?':
+				str++;
+				p++;
+				break;
+
+			case '*':
+
+				/*
+				 * Look for a character matching 
+				 * the one after the '*'.
+				 */
+				p++;
+				if(!*p)
+					return True; /* Automatic match */
+				while(*str) {
+
+					while(*str && (*p != *str))
+						str++;
+
+					/*
+					 * Patch from weidel@multichart.de. In the case of the regexp
+					 * '*XX*' we want to ensure there are at least 2 'X' characters
+					 * in the string after the '*' for a match to be made.
+					 */
+
+					{
+						int matchcount=0;
+
+						/*
+						 * Eat all the characters that match, but count how many there were.
+						 */
+
+						while(*str && (*p == *str)) {
+							str++;
+							matchcount++;
+						}
+
+						/*
+						 * Now check that if the regexp had n identical characters that
+						 * matchcount had at least that many matches.
+						 */
+
+						while ( *(p+1) && (*(p+1) == *p)) {
+							p++;
+							matchcount--;
+						}
+
+						if ( matchcount <= 0 )
+							return False;
+					}
+
+					str--; /* We've eaten the match char after the '*' */
+
+					if(unix_do_match(p, str))
+						return True;
+
+					if(!*str)
+						return False;
+					else
+						str++;
+				}
+				return False;
+
+			default:
+				if(*str != *p)
+					return False;
+				str++;
+				p++;
+				break;
+		}
+	}
 
-  if (!isalnum(*name2))
-    {
-      free(name2);
-      return(NULL);
-    }
+	if(!*p && !*str)
+		return True;
 
-  ret = gethostbyname(name2);
-  if (ret != NULL)
-    {
-      free(name2);
-      return(ret);
-    }
+	if (!*p && str[0] == '.' && str[1] == 0)
+		return(True);
+  
+	if (!*str && *p == '?') {
+		while (*p == '?')
+			p++;
+		return(!*p);
+	}
 
-  /* try with all lowercase */
-  strlower(name2);
-  ret = gethostbyname(name2);
-  if (ret != NULL)
-    {
-      free(name2);
-      return(ret);
-    }
+	if(!*str && (*p == '*' && p[1] == '\0'))
+		return True;
 
-  /* try with all uppercase */
-  strupper(name2);
-  ret = gethostbyname(name2);
-  if (ret != NULL)
-    {
-      free(name2);
-      return(ret);
-    }
-  
-  /* nothing works :-( */
-  free(name2);
-  return(NULL);
+	return False;
 }
 
+/*******************************************************************
+ Simple case insensitive interface to a UNIX wildcard matcher.
+*******************************************************************/
 
-/****************************************************************************
-check if a process exists. Does this work on all unixes?
-****************************************************************************/
-BOOL process_exists(int pid)
+BOOL unix_wild_match(char *pattern, char *string)
 {
-#ifdef LINUX
-  fstring s;
-  sprintf(s,"/proc/%d",pid);
-  return(directory_exist(s,NULL));
-#else
-  {
-    static BOOL tested=False;
-    static BOOL ok=False;
-    fstring s;
-    if (!tested) {
-      tested = True;
-      sprintf(s,"/proc/%05d",getpid());
-      ok = file_exist(s,NULL);
-    }
-    if (ok) {
-      sprintf(s,"/proc/%05d",pid);
-      return(file_exist(s,NULL));
-    }
-  }
-
-  /* a best guess for non root access */
-  if (geteuid() != 0) return(True);
+	pstring p2, s2;
+	char *p;
 
-  /* otherwise use kill */
-  return(pid == getpid() || kill(pid,0) == 0);
-#endif
-}
+	pstrcpy(p2, pattern);
+	pstrcpy(s2, string);
+	strlower(p2);
+	strlower(s2);
 
+	/* Remove any *? and ** from the pattern as they are meaningless */
+	for(p = p2; *p; p++)
+		while( *p == '*' && (p[1] == '?' ||p[1] == '*'))
+			pstrcpy( &p[1], &p[2]);
+ 
+	if (strequal(p2,"*"))
+		return True;
 
-/*******************************************************************
-turn a uid into a user name
-********************************************************************/
-char *uidtoname(int uid)
-{
-  static char name[40];
-  struct passwd *pass = getpwuid(uid);
-  if (pass) return(pass->pw_name);
-  sprintf(name,"%d",uid);
-  return(name);
+	return unix_do_match(p2, s2) == 0;	
 }
 
 /*******************************************************************
-turn a gid into a group name
-********************************************************************/
-char *gidtoname(int gid)
+ free() a data blob
+*******************************************************************/
+static void free_data_blob(DATA_BLOB *d)
 {
-  static char name[40];
-  struct group *grp = getgrgid(gid);
-  if (grp) return(grp->gr_name);
-  sprintf(name,"%d",gid);
-  return(name);
+	if ((d) && (d->free)) {
+		SAFE_FREE(d->data);
+	}
 }
 
 /*******************************************************************
-block sigs
-********************************************************************/
-void BlockSignals(BOOL block)
+ construct a data blob, must be freed with data_blob_free()
+ you can pass NULL for p and get a blank data blob
+*******************************************************************/
+DATA_BLOB data_blob(const void *p, size_t length)
 {
-#ifdef USE_SIGBLOCK
-  int block_mask = (sigmask(SIGTERM)|sigmask(SIGQUIT)|sigmask(SIGSEGV)
-		    |sigmask(SIGCHLD)|sigmask(SIGQUIT)|sigmask(SIGBUS)|
-		    sigmask(SIGINT));
-  if (block) 
-    sigblock(block_mask);
-  else
-    sigunblock(block_mask);
-#endif
-}
+	DATA_BLOB ret;
 
-#if AJT
-/*******************************************************************
-my own panic function - not suitable for general use
-********************************************************************/
-void ajt_panic(void)
-{
-  pstring cmd = "/usr/bin/X11/xedit -display :0 /tmp/ERROR_FAULT &";
-  smbrun(cmd,NULL);
-}
-#endif
+	if (!length) {
+		ZERO_STRUCT(ret);
+		return ret;
+	}
 
-#ifdef USE_DIRECT
-#define DIRECT direct
-#else
-#define DIRECT dirent
-#endif
+	if (p) {
+		ret.data = smb_xmemdup(p, length);
+	} else {
+		ret.data = smb_xmalloc(length);
+	}
+	ret.length = length;
+	ret.free = free_data_blob;
+	return ret;
+}
 
 /*******************************************************************
-a readdir wrapper which just returns the file name
-also return the inode number if requested
-********************************************************************/
-char *readdirname(void *p)
+ construct a data blob, using supplied TALLOC_CTX
+*******************************************************************/
+DATA_BLOB data_blob_talloc(TALLOC_CTX *mem_ctx, const void *p, size_t length)
 {
-  struct DIRECT *ptr;
-  char *dname;
-
-  if (!p) return(NULL);
-  
-  ptr = (struct DIRECT *)readdir(p);
-  if (!ptr) return(NULL);
-
-  dname = ptr->d_name;
-
-#ifdef KANJI
-  {
-    static pstring buf;
-    strcpy(buf, dname);
-    unix_to_dos(buf, True);
-    dname = buf;
-  }
-#endif
-
-#ifdef NEXT2
-  if (telldir(p) < 0) return(NULL);
-#endif
-
-#ifdef SUNOS5
-  /* this handles a broken compiler setup, causing a mixture
-   of BSD and SYSV headers and libraries */
-  {
-    static BOOL broken_readdir = False;
-    if (!broken_readdir && !(*(dname)) && strequal("..",dname-2))
-      {
-	DEBUG(0,("Your readdir() is broken. You have somehow mixed SYSV and BSD headers and libraries\n"));
-	broken_readdir = True;
-      }
-    if (broken_readdir)
-      return(dname-2);
-  }
-#endif
-
-  return(dname);
-}
-
-
-
-#if (defined(SecureWare) && defined(SCO))
-/* This is needed due to needing the nap() function but we don't want
-   to include the Xenix libraries since that will break other things...
-   BTW: system call # 0x0c28 is the same as calling nap() */
-long nap(long milliseconds) {
-  return syscall(0x0c28, milliseconds);
-}
-#endif
-
-#ifdef NO_INITGROUPS
-#include <sys/types.h>
-#include <limits.h>
-#include <grp.h>
-
-#ifndef NULL
-#define NULL (void *)0
-#endif
+	DATA_BLOB ret;
 
-/****************************************************************************
- some systems don't have an initgroups call 
-****************************************************************************/
-int initgroups(char *name,gid_t id)
-{
-#ifdef NO_SETGROUPS
-  /* yikes! no SETGROUPS or INITGROUPS? how can this work? */
-  return(0);
-#else
-  gid_t  grouplst[NGROUPS_MAX];
-  int    i,j;
-  struct group *g;
-  char   *gr;
-
-  grouplst[0] = id;
-  i = 1;
-  while (i < NGROUPS_MAX && 
-	 ((g = (struct group *)getgrent()) != (struct group *)NULL)) 
-    {
-      if (g->gr_gid == id)
-	continue;
-      j = 0;
-      gr = g->gr_mem[0];
-      while (gr && (*gr != (char)NULL)) {
-	if (strcmp(name,gr) == 0) {
-	  grouplst[i] = g->gr_gid;
-	  i++;
-	  gr = (char *)NULL;
-	  break;
+	if (!p || !length) {
+		ZERO_STRUCT(ret);
+		return ret;
 	}
-	gr = g->gr_mem[++j];
-      }
-    }
-  endgrent();
-  return(setgroups(i,grouplst));
-#endif
-}
-#endif
-
-
-#if WRAP_MALLOC
-
-/* undo the wrapping temporarily */
-#undef malloc
-#undef realloc
-#undef free
 
-/****************************************************************************
-wrapper for malloc() to catch memory errors
-****************************************************************************/
-void *malloc_wrapped(int size,char *file,int line)
-{
-#ifdef xx_old_malloc
-  void *res = xx_old_malloc(size);
-#else
-  void *res = malloc(size);
-#endif
-  DEBUG(3,("Malloc called from %s(%d) with size=%d gave ptr=0x%X\n",
-	file,line,
-	size,(unsigned int)res));
-  return(res);
-}
+	ret.data = talloc_memdup(mem_ctx, p, length);
+	if (ret.data == NULL)
+		smb_panic("data_blob_talloc: talloc_memdup failed.\n");
 
-/****************************************************************************
-wrapper for realloc() to catch memory errors
-****************************************************************************/
-void *realloc_wrapped(void *ptr,int size,char *file,int line)
-{
-#ifdef xx_old_realloc
-  void *res = xx_old_realloc(ptr,size);
-#else
-  void *res = realloc(ptr,size);
-#endif
-  DEBUG(3,("Realloc\n"));
-  DEBUG(3,("free called from %s(%d) with ptr=0x%X\n",
-	file,line,
-	(unsigned int)ptr));
-  DEBUG(3,("Malloc called from %s(%d) with size=%d gave ptr=0x%X\n",
-	file,line,
-	size,(unsigned int)res));
-  return(res);
+	ret.length = length;
+	ret.free = NULL;
+	return ret;
 }
 
-/****************************************************************************
-wrapper for free() to catch memory errors
-****************************************************************************/
-void free_wrapped(void *ptr,char *file,int line)
-{
-#ifdef xx_old_free
-  xx_old_free(ptr);
-#else
-  free(ptr);
-#endif
-  DEBUG(3,("free called from %s(%d) with ptr=0x%X\n",
-	file,line,(unsigned int)ptr));
-  return;
-}
-
-/* and re-do the define for spots lower in this file */
-#define malloc(size) malloc_wrapped(size,__FILE__,__LINE__)
-#define realloc(ptr,size) realloc_wrapped(ptr,size,__FILE__,__LINE__)
-#define free(ptr) free_wrapped(ptr,__FILE__,__LINE__)
-
-#endif
-
-#ifdef REPLACE_STRSTR
-/****************************************************************************
-Mips version of strstr doesn't seem to work correctly.
-There is a #define in includes.h to redirect calls to this function.
-****************************************************************************/
-char *Strstr(char *s, char *p)
+/*******************************************************************
+free a data blob
+*******************************************************************/
+void data_blob_free(DATA_BLOB *d)
 {
-	int len = strlen(p);
-
-	while ( *s != '\0' ) {
-		if ( strncmp(s, p, len) == 0 )
-		return s;
-		s++;
+	if (d) {
+		if (d->free) {
+			(d->free)(d);
+		}
+		ZERO_STRUCTP(d);
 	}
-
-	return NULL;
 }
-#endif /* REPLACE_STRSTR */
 
-
-#ifdef REPLACE_MKTIME
 /*******************************************************************
-a mktime() replacement for those who don't have it - contributed by 
-C.A. Lademann <cal@zls.com>
-********************************************************************/
-#define  MINUTE  60
-#define  HOUR    60*MINUTE
-#define  DAY             24*HOUR
-#define  YEAR    365*DAY
-time_t Mktime(struct tm      *t)
-{
-  struct tm       *u;
-  time_t  epoch = 0;
-  int             mon [] = { 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 },
-  y, m, i;
-
-  if(t->tm_year < 70)
-    return((time_t)-1);
-
-  epoch = (t->tm_year - 70) * YEAR + 
-    (t->tm_year / 4 - 70 / 4 - t->tm_year / 100) * DAY;
-
-  y = t->tm_year;
-  m = 0;
-
-  for(i = 0; i < t->tm_mon; i++) {
-    epoch += mon [m] * DAY;
-    if(m == 1 && y % 4 == 0 && (y % 100 != 0 || y % 400 == 0))
-      epoch += DAY;
-    
-    if(++m > 11) {
-      m = 0;
-      y++;
-    }
-  }
-
-  epoch += (t->tm_mday - 1) * DAY;
-  epoch += t->tm_hour * HOUR + t->tm_min * MINUTE + t->tm_sec;
-  
-  if((u = localtime(&epoch)) != NULL) {
-    t->tm_sec = u->tm_sec;
-    t->tm_min = u->tm_min;
-    t->tm_hour = u->tm_hour;
-    t->tm_mday = u->tm_mday;
-    t->tm_mon = u->tm_mon;
-    t->tm_year = u->tm_year;
-    t->tm_wday = u->tm_wday;
-    t->tm_yday = u->tm_yday;
-    t->tm_isdst = u->tm_isdst;
-#ifndef NO_TM_NAME
-    memcpy(t->tm_name, u->tm_name, LTZNMAX);
-#endif
-  }
-
-  return(epoch);
-}
-#endif /* REPLACE_MKTIME */
-
-
-
-#ifdef REPLACE_RENAME
-/* Rename a file. (from libiberty in GNU binutils)  */
-int
-rename (zfrom, zto)
-     const char *zfrom;
-     const char *zto;
+clear a DATA_BLOB's contents
+*******************************************************************/
+void data_blob_clear(DATA_BLOB *d)
 {
-  if (link (zfrom, zto) < 0)
-    {
-      if (errno != EEXIST)
-	return -1;
-      if (unlink (zto) < 0
-	  || link (zfrom, zto) < 0)
-	return -1;
-    }
-  return unlink (zfrom);
+	if (d->data) {
+		memset(d->data, 0, d->length);
+	}
 }
-#endif
-
 
-#ifdef REPLACE_INNETGR
-/*
- * Search for a match in a netgroup. This replaces it on broken systems.
- */
-int InNetGr(group, host, user, dom)
-        char *group, *host, *user, *dom;
+/*******************************************************************
+free a data blob and clear its contents
+*******************************************************************/
+void data_blob_clear_free(DATA_BLOB *d)
 {
-  char *hst, *usr, *dm;
-  
-  setnetgrent(group);
-  while (getnetgrent(&hst, &usr, &dm))
-    if (((host == 0) || (hst == 0) || !strcmp(host, hst)) &&
-	((user == 0) || (usr == 0) || !strcmp(user, usr)) &&
-	((dom == 0) || (dm == 0) || !strcmp(dom, dm))) {
-      endnetgrent();
-      return (1);
-    }
-  endnetgrent();
-  return (0);
+	data_blob_clear(d);
+	data_blob_free(d);
 }
-#endif
 
+#ifdef __INSURE__
 
-#if WRAP_MEMCPY
-#undef memcpy
 /*******************************************************************
-a wrapper around memcpy for diagnostic purposes
+This routine is a trick to immediately catch errors when debugging
+with insure. A xterm with a gdb is popped up when insure catches
+a error. It is Linux specific.
 ********************************************************************/
-void *memcpy_wrapped(void *d,void *s,int l,char *fname,int line)
-{
-  if (l>64 && (((int)d)%4) != (((int)s)%4))
-    DEBUG(4,("Misaligned memcpy(0x%X,0x%X,%d) at %s(%d)\n",d,s,l,fname,line));
-#ifdef xx_old_memcpy  
-  return(xx_old_memcpy(d,s,l));
-#else
-  return(memcpy(d,s,l));
-#endif
-}
-#define memcpy(d,s,l) memcpy_wrapped(d,s,l,__FILE__,__LINE__)
-#endif
+int _Insure_trap_error(int a1, int a2, int a3, int a4, int a5, int a6)
+{
+	static int (*fn)();
+	int ret;
+	char pidstr[10];
+	/* you can get /usr/bin/backtrace from 
+           http://samba.org/ftp/unpacked/junkcode/backtrace */
+	pstring cmd = "/usr/bin/backtrace %d";
+
+	slprintf(pidstr, sizeof(pidstr)-1, "%d", sys_getpid());
+	pstring_sub(cmd, "%d", pidstr);
+
+	if (!fn) {
+		static void *h;
+		h = dlopen("/usr/local/parasoft/insure++lite/lib.linux2/libinsure.so", RTLD_LAZY);
+		fn = dlsym(h, "_Insure_trap_error");
+
+		if (!h || h == _Insure_trap_error) {
+			h = dlopen("/usr/local/parasoft/lib.linux2/libinsure.so", RTLD_LAZY);
+			fn = dlsym(h, "_Insure_trap_error");
+		}		
+	}
 
+	ret = fn(a1, a2, a3, a4, a5, a6);
 
+	system(cmd);
 
+	return ret;
+}
+#endif
diff --git a/source3/lib/util_file.c b/source3/lib/util_file.c
new file mode 100644
index 0000000000..e80267f84b
--- /dev/null
+++ b/source3/lib/util_file.c
@@ -0,0 +1,595 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * SMB parameters and setup
+ * Copyright (C) Andrew Tridgell 1992-1998 Modified by Jeremy Allison 1995.
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 675
+ * Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+static int gotalarm;
+
+/***************************************************************
+ Signal function to tell us we timed out.
+****************************************************************/
+
+static void gotalarm_sig(void)
+{
+  gotalarm = 1;
+}
+
+/***************************************************************
+ Lock or unlock a fd for a known lock type. Abandon after waitsecs 
+ seconds.
+****************************************************************/
+
+BOOL do_file_lock(int fd, int waitsecs, int type)
+{
+  SMB_STRUCT_FLOCK lock;
+  int             ret;
+
+  gotalarm = 0;
+  CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig);
+
+  lock.l_type = type;
+  lock.l_whence = SEEK_SET;
+  lock.l_start = 0;
+  lock.l_len = 1;
+  lock.l_pid = 0;
+
+  alarm(waitsecs);
+  ret = fcntl(fd, SMB_F_SETLKW, &lock);
+  alarm(0);
+  CatchSignal(SIGALRM, SIGNAL_CAST SIG_IGN);
+
+  if (gotalarm) {
+    DEBUG(0, ("do_file_lock: failed to %s file.\n",
+                type == F_UNLCK ? "unlock" : "lock"));
+    return False;
+  }
+
+  return (ret == 0);
+}
+
+
+/***************************************************************
+ Lock an fd. Abandon after waitsecs seconds.
+****************************************************************/
+
+BOOL file_lock(int fd, int type, int secs, int *plock_depth)
+{
+  if (fd < 0)
+    return False;
+
+  (*plock_depth)++;
+
+  if ((*plock_depth) == 0)
+  {
+    if (!do_file_lock(fd, secs, type)) {
+      DEBUG(10,("file_lock: locking file failed, error = %s.\n",
+                 strerror(errno)));
+      return False;
+    }
+  }
+
+  return True;
+}
+
+/***************************************************************
+ Unlock an fd. Abandon after waitsecs seconds.
+****************************************************************/
+
+BOOL file_unlock(int fd, int *plock_depth)
+{
+  BOOL ret=True;
+
+  if(*plock_depth == 1)
+    ret = do_file_lock(fd, 5, F_UNLCK);
+
+  (*plock_depth)--;
+
+  if(!ret)
+    DEBUG(10,("file_unlock: unlocking file failed, error = %s.\n",
+                 strerror(errno)));
+  return ret;
+}
+
+/***************************************************************
+ locks a file for enumeration / modification.
+ update to be set = True if modification is required.
+****************************************************************/
+
+void *startfilepwent(char *pfile, char *s_readbuf, int bufsize,
+				int *file_lock_depth, BOOL update)
+{
+  FILE *fp = NULL;
+
+  if (!*pfile)
+ {
+    DEBUG(0, ("startfilepwent: No file set\n"));
+    return (NULL);
+  }
+  DEBUG(10, ("startfilepwent: opening file %s\n", pfile));
+
+  fp = sys_fopen(pfile, update ? "r+b" : "rb");
+
+  if (fp == NULL) {
+    DEBUG(0, ("startfilepwent: unable to open file %s\n", pfile));
+    return NULL;
+  }
+
+  /* Set a buffer to do more efficient reads */
+  setvbuf(fp, s_readbuf, _IOFBF, bufsize);
+
+  if (!file_lock(fileno(fp), (update ? F_WRLCK : F_RDLCK), 5, file_lock_depth))
+  {
+    DEBUG(0, ("startfilepwent: unable to lock file %s\n", pfile));
+    fclose(fp);
+    return NULL;
+  }
+
+  /* Make sure it is only rw by the owner */
+  chmod(pfile, 0600);
+
+  /* We have a lock on the file. */
+  return (void *)fp;
+}
+
+/***************************************************************
+ End enumeration of the file.
+****************************************************************/
+void endfilepwent(void *vp, int *file_lock_depth)
+{
+  FILE *fp = (FILE *)vp;
+
+  file_unlock(fileno(fp), file_lock_depth);
+  fclose(fp);
+  DEBUG(7, ("endfilepwent: closed file.\n"));
+}
+
+/*************************************************************************
+ Return the current position in the file list as an SMB_BIG_UINT.
+ This must be treated as an opaque token.
+*************************************************************************/
+SMB_BIG_UINT getfilepwpos(void *vp)
+{
+  return (SMB_BIG_UINT)sys_ftell((FILE *)vp);
+}
+
+/*************************************************************************
+ Set the current position in the file list from an SMB_BIG_UINT.
+ This must be treated as an opaque token.
+*************************************************************************/
+BOOL setfilepwpos(void *vp, SMB_BIG_UINT tok)
+{
+  return !sys_fseek((FILE *)vp, (SMB_OFF_T)tok, SEEK_SET);
+}
+
+/*************************************************************************
+ gets a line out of a file.
+ line is of format "xxxx:xxxxxx:xxxxx:".
+ lines with "#" at the front are ignored.
+*************************************************************************/
+int getfileline(void *vp, char *linebuf, int linebuf_size)
+{
+	/* Static buffers we will return. */
+	FILE *fp = (FILE *)vp;
+	unsigned char   c;
+	unsigned char  *p;
+	size_t            linebuf_len;
+
+	if (fp == NULL)
+	{
+		DEBUG(0,("getfileline: Bad file pointer.\n"));
+		return -1;
+	}
+
+	/*
+	 * Scan the file, a line at a time.
+	 */
+	while (!feof(fp))
+	{
+		linebuf[0] = '\0';
+
+		fgets(linebuf, linebuf_size, fp);
+		if (ferror(fp))
+		{
+			return -1;
+		}
+
+		/*
+		 * Check if the string is terminated with a newline - if not
+		 * then we must keep reading and discard until we get one.
+		 */
+
+		linebuf_len = strlen(linebuf);
+		if (linebuf_len == 0)
+		{
+			linebuf[0] = '\0';
+			return 0;
+		}
+
+		if (linebuf[linebuf_len - 1] != '\n')
+		{
+			c = '\0';
+			while (!ferror(fp) && !feof(fp))
+			{
+				c = fgetc(fp);
+				if (c == '\n')
+				{
+					break;
+				}
+			}
+		}
+		else
+		{
+			linebuf[linebuf_len - 1] = '\0';
+		}
+
+#ifdef DEBUG_PASSWORD
+		DEBUG(100, ("getfileline: got line |%s|\n", linebuf));
+#endif
+		if ((linebuf[0] == 0) && feof(fp))
+		{
+			DEBUG(4, ("getfileline: end of file reached\n"));
+			return 0;
+		}
+
+		if (linebuf[0] == '#' || linebuf[0] == '\0')
+		{
+			DEBUG(6, ("getfileline: skipping comment or blank line\n"));
+			continue;
+		}
+
+		p = (unsigned char *) strchr_m(linebuf, ':');
+		if (p == NULL)
+		{
+			DEBUG(0, ("getfileline: malformed line entry (no :)\n"));
+			continue;
+		}
+		return linebuf_len;
+	}
+	return -1;
+}
+
+
+/****************************************************************************
+read a line from a file with possible \ continuation chars. 
+Blanks at the start or end of a line are stripped.
+The string will be allocated if s2 is NULL
+****************************************************************************/
+char *fgets_slash(char *s2,int maxlen,XFILE *f)
+{
+  char *s=s2;
+  int len = 0;
+  int c;
+  BOOL start_of_line = True;
+
+  if (x_feof(f))
+    return(NULL);
+
+  if (maxlen <2) return(NULL);
+
+  if (!s2)
+    {
+      maxlen = MIN(maxlen,8);
+      s = (char *)malloc(maxlen);
+    }
+
+  if (!s) return(NULL);
+
+  *s = 0;
+
+  while (len < maxlen-1)
+    {
+      c = x_getc(f);
+      switch (c)
+	{
+	case '\r':
+	  break;
+	case '\n':
+	  while (len > 0 && s[len-1] == ' ')
+	    {
+	      s[--len] = 0;
+	    }
+	  if (len > 0 && s[len-1] == '\\')
+	    {
+	      s[--len] = 0;
+	      start_of_line = True;
+	      break;
+	    }
+	  return(s);
+	case EOF:
+	  if (len <= 0 && !s2) 
+	    SAFE_FREE(s);
+	  return(len>0?s:NULL);
+	case ' ':
+	  if (start_of_line)
+	    break;
+	default:
+	  start_of_line = False;
+	  s[len++] = c;
+	  s[len] = 0;
+	}
+      if (!s2 && len > maxlen-3)
+	{
+	  char *t;
+	  
+	  maxlen *= 2;
+	  t = (char *)Realloc(s,maxlen);
+	  if (!t) {
+	    DEBUG(0,("fgets_slash: failed to expand buffer!\n"));
+	    SAFE_FREE(s);
+	    return(NULL);
+	  } else s = t;
+	}
+    }
+  return(s);
+}
+
+
+/****************************************************************************
+load from a pipe into memory
+****************************************************************************/
+char *file_pload(char *syscmd, size_t *size)
+{
+	int fd, n;
+	char *p, *tp;
+	pstring buf;
+	size_t total;
+	
+	fd = sys_popen(syscmd);
+	if (fd == -1) return NULL;
+
+	p = NULL;
+	total = 0;
+
+	while ((n = read(fd, buf, sizeof(buf))) > 0) {
+		tp = Realloc(p, total + n + 1);
+		if (!tp) {
+		        DEBUG(0,("file_pload: failed to exand buffer!\n"));
+			close(fd);
+			SAFE_FREE(p);
+			return NULL;
+		} else p = tp;
+		memcpy(p+total, buf, n);
+		total += n;
+	}
+	if (p) p[total] = 0;
+
+	sys_pclose(fd);
+
+	if (size) *size = total;
+
+	return p;
+}
+
+/****************************************************************************
+load a file into memory from a fd.
+****************************************************************************/ 
+
+char *fd_load(int fd, size_t *size)
+{
+	SMB_STRUCT_STAT sbuf;
+	char *p;
+
+	if (sys_fstat(fd, &sbuf) != 0) return NULL;
+
+	p = (char *)malloc(sbuf.st_size+1);
+	if (!p) return NULL;
+
+	if (read(fd, p, sbuf.st_size) != sbuf.st_size) {
+		SAFE_FREE(p);
+		return NULL;
+	}
+	p[sbuf.st_size] = 0;
+
+	if (size) *size = sbuf.st_size;
+
+	return p;
+}
+
+/****************************************************************************
+load a file into memory
+****************************************************************************/
+char *file_load(const char *fname, size_t *size)
+{
+	int fd;
+	char *p;
+
+	if (!fname || !*fname) return NULL;
+	
+	fd = open(fname,O_RDONLY);
+	if (fd == -1) return NULL;
+
+	p = fd_load(fd, size);
+
+	close(fd);
+
+	return p;
+}
+
+
+/*******************************************************************
+mmap (if possible) or read a file
+********************************************************************/
+void *map_file(char *fname, size_t size)
+{
+	size_t s2 = 0;
+	void *p = NULL;
+#ifdef HAVE_MMAP
+	if (lp_use_mmap()) {
+		int fd;
+		fd = open(fname, O_RDONLY, 0);
+		if (fd == -1) {
+			DEBUG(2,("Failed to load %s - %s\n", fname, strerror(errno)));
+			return NULL;
+		}
+		p = mmap(NULL, size, PROT_READ, MAP_SHARED|MAP_FILE, fd, 0);
+		close(fd);
+		if (p == MAP_FAILED) {
+			DEBUG(1,("Failed to mmap %s - %s\n", fname, strerror(errno)));
+			return NULL;
+		}
+	}
+#endif
+	if (!p) {
+		p = file_load(fname, &s2);
+		if (!p || s2 != size) {
+			DEBUG(1,("incorrect size for %s - got %d expected %d\n",
+				 fname, s2, size));
+			if (p) free(p);
+			return NULL;
+		}
+	}
+
+	return p;
+}
+
+
+/****************************************************************************
+parse a buffer into lines
+****************************************************************************/
+static char **file_lines_parse(char *p, size_t size, int *numlines)
+{
+	int i;
+	char *s, **ret;
+
+	if (!p) return NULL;
+
+	for (s = p, i=0; s < p+size; s++) {
+		if (s[0] == '\n') i++;
+	}
+
+	ret = (char **)malloc(sizeof(ret[0])*(i+2));
+	if (!ret) {
+		SAFE_FREE(p);
+		return NULL;
+	}	
+	memset(ret, 0, sizeof(ret[0])*(i+2));
+	if (numlines) *numlines = i;
+
+	ret[0] = p;
+	for (s = p, i=0; s < p+size; s++) {
+		if (s[0] == '\n') {
+			s[0] = 0;
+			i++;
+			ret[i] = s+1;
+		}
+		if (s[0] == '\r') s[0] = 0;
+	}
+
+	return ret;
+}
+
+
+/****************************************************************************
+load a file into memory and return an array of pointers to lines in the file
+must be freed with file_lines_free(). 
+****************************************************************************/
+char **file_lines_load(const char *fname, int *numlines)
+{
+	char *p;
+	size_t size;
+
+	p = file_load(fname, &size);
+	if (!p) return NULL;
+
+	return file_lines_parse(p, size, numlines);
+}
+
+/****************************************************************************
+load a fd into memory and return an array of pointers to lines in the file
+must be freed with file_lines_free(). If convert is true calls unix_to_dos on
+the list.
+****************************************************************************/
+char **fd_lines_load(int fd, int *numlines)
+{
+	char *p;
+	size_t size;
+
+	p = fd_load(fd, &size);
+	if (!p) return NULL;
+
+	return file_lines_parse(p, size, numlines);
+}
+
+
+/****************************************************************************
+load a pipe into memory and return an array of pointers to lines in the data
+must be freed with file_lines_free(). 
+****************************************************************************/
+char **file_lines_pload(char *syscmd, int *numlines)
+{
+	char *p;
+	size_t size;
+
+	p = file_pload(syscmd, &size);
+	if (!p) return NULL;
+
+	return file_lines_parse(p, size, numlines);
+}
+
+/****************************************************************************
+free lines loaded with file_lines_load
+****************************************************************************/
+void file_lines_free(char **lines)
+{
+	if (!lines) return;
+	SAFE_FREE(lines[0]);
+	SAFE_FREE(lines);
+}
+
+
+/****************************************************************************
+take a lislist of lines and modify them to produce a list where \ continues
+a line
+****************************************************************************/
+void file_lines_slashcont(char **lines)
+{
+	int i, j;
+
+	for (i=0; lines[i];) {
+		int len = strlen(lines[i]);
+		if (lines[i][len-1] == '\\') {
+			lines[i][len-1] = ' ';
+			if (lines[i+1]) {
+				char *p = &lines[i][len];
+				while (p < lines[i+1]) *p++ = ' ';
+				for (j = i+1; lines[j]; j++) lines[j] = lines[j+1];
+			}
+		} else {
+			i++;
+		}
+	}
+}
+
+/*
+  save a lump of data into a file. Mostly used for debugging 
+*/
+BOOL file_save(const char *fname, void *packet, size_t length)
+{
+	int fd;
+	fd = open(fname, O_WRONLY|O_CREAT|O_TRUNC, 0644);
+	if (fd == -1) {
+		return False;
+	}
+	if (write(fd, packet, length) != length) {
+		return False;
+	}
+	close(fd);
+	return True;
+}
diff --git a/source3/lib/util_getent.c b/source3/lib/util_getent.c
new file mode 100644
index 0000000000..02e4b932de
--- /dev/null
+++ b/source3/lib/util_getent.c
@@ -0,0 +1,318 @@
+/*
+   Unix SMB/CIFS implementation.
+   Samba utility functions
+   Copyright (C) Simo Sorce 2001
+   Copyright (C) Jeremy Allison 2001
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+#if 0
+static void print_grent_list(struct sys_grent *glist)
+{
+	DEBUG(100, ("print_grent_list: %x\n", glist ));
+	while (glist) {
+		DEBUG(100,("glist: %x ", glist));
+		if (glist->gr_name)
+			DEBUG(100,(": gr_name = (%x) %s ", glist->gr_name, glist->gr_name));
+		if (glist->gr_passwd)
+			DEBUG(100,(": gr_passwd = (%x) %s ", glist->gr_passwd, glist->gr_passwd));
+		if (glist->gr_mem) {
+			int i;
+			for (i = 0; glist->gr_mem[i]; i++)
+				DEBUG(100,(" : gr_mem[%d] = (%x) %s ", i, glist->gr_mem[i], glist->gr_mem[i]));
+		}
+		DEBUG(100,(": gr_next = %x\n", glist->next ));
+		glist = glist->next;
+	}
+	DEBUG(100,("FINISHED !\n\n"));
+}
+#endif
+
+/****************************************************************
+ Returns a single linked list of group entries.
+ Use grent_free() to free it after use.
+****************************************************************/
+
+struct sys_grent * getgrent_list(void)
+{
+	struct sys_grent *glist;
+	struct sys_grent *gent;
+	struct group *grp;
+	
+	gent = (struct sys_grent *) malloc(sizeof(struct sys_grent));
+	if (gent == NULL) {
+		DEBUG (0, ("Out of memory in getgrent_list!\n"));
+		return NULL;
+	}
+	memset(gent, '\0', sizeof(struct sys_grent));
+	glist = gent;
+	
+	setgrent();
+	grp = getgrent();
+	if (grp == NULL) {
+		endgrent();
+		SAFE_FREE(glist);
+		return NULL;
+	}
+
+	while (grp != NULL) {
+		int i,num;
+		
+		if (grp->gr_name) {
+			if ((gent->gr_name = strdup(grp->gr_name)) == NULL)
+				goto err;
+		}
+		if (grp->gr_passwd) {
+			if ((gent->gr_passwd = strdup(grp->gr_passwd)) == NULL)
+				goto err;
+		}
+		gent->gr_gid = grp->gr_gid;
+		
+		/* number of strings in gr_mem */
+		for (num = 0; grp->gr_mem[num];	num++)
+			;
+		
+		/* alloc space for gr_mem string pointers */
+		if ((gent->gr_mem = (char **) malloc((num+1) * sizeof(char *))) == NULL)
+			goto err;
+
+		memset(gent->gr_mem, '\0', (num+1) * sizeof(char *));
+
+		for (i=0; i < num; i++) {
+			if ((gent->gr_mem[i] = strdup(grp->gr_mem[i])) == NULL)
+				goto err;
+		}
+		gent->gr_mem[num] = NULL;
+		
+		grp = getgrent();
+		if (grp) {
+			gent->next = (struct sys_grent *) malloc(sizeof(struct sys_grent));
+			if (gent->next == NULL)
+				goto err;
+			gent = gent->next;
+			memset(gent, '\0', sizeof(struct sys_grent));
+		}
+	}
+	
+	endgrent();
+	return glist;
+
+  err:
+
+	endgrent();
+	DEBUG(0, ("Out of memory in getgrent_list!\n"));
+	grent_free(glist);
+	return NULL;
+}
+
+/****************************************************************
+ Free the single linked list of group entries made by
+ getgrent_list()
+****************************************************************/
+
+void grent_free (struct sys_grent *glist)
+{
+	while (glist) {
+		struct sys_grent *prev;
+		
+		SAFE_FREE(glist->gr_name);
+		SAFE_FREE(glist->gr_passwd);
+		if (glist->gr_mem) {
+			int i;
+			for (i = 0; glist->gr_mem[i]; i++)
+				SAFE_FREE(glist->gr_mem[i]);
+			SAFE_FREE(glist->gr_mem);
+		}
+		prev = glist;
+		glist = glist->next;
+		SAFE_FREE(prev);
+	}
+}
+
+/****************************************************************
+ Returns a single linked list of passwd entries.
+ Use pwent_free() to free it after use.
+****************************************************************/
+
+struct sys_pwent * getpwent_list(void)
+{
+	struct sys_pwent *plist;
+	struct sys_pwent *pent;
+	struct passwd *pwd;
+	
+	pent = (struct sys_pwent *) malloc(sizeof(struct sys_pwent));
+	if (pent == NULL) {
+		DEBUG (0, ("Out of memory in getpwent_list!\n"));
+		return NULL;
+	}
+	plist = pent;
+	
+	setpwent();
+	pwd = getpwent();
+	while (pwd != NULL) {
+		memset(pent, '\0', sizeof(struct sys_pwent));
+		if (pwd->pw_name) {
+			if ((pent->pw_name = strdup(pwd->pw_name)) == NULL)
+				goto err;
+		}
+		if (pwd->pw_passwd) {
+			if ((pent->pw_passwd = strdup(pwd->pw_passwd)) == NULL)
+				goto err;
+		}
+		pent->pw_uid = pwd->pw_uid;
+		pent->pw_gid = pwd->pw_gid;
+		if (pwd->pw_gecos) {
+			if ((pent->pw_name = strdup(pwd->pw_gecos)) == NULL)
+				goto err;
+		}
+		if (pwd->pw_dir) {
+			if ((pent->pw_name = strdup(pwd->pw_dir)) == NULL)
+				goto err;
+		}
+		if (pwd->pw_shell) {
+			if ((pent->pw_name = strdup(pwd->pw_shell)) == NULL)
+				goto err;
+		}
+
+		pwd = getpwent();
+		if (pwd) {
+			pent->next = (struct sys_pwent *) malloc(sizeof(struct sys_pwent));
+			if (pent->next == NULL)
+				goto err;
+			pent = pent->next;
+		}
+	}
+	
+	endpwent();
+	return plist;
+
+  err:
+
+	endpwent();
+	DEBUG(0, ("Out of memory in getpwent_list!\n"));
+	pwent_free(plist);
+	return NULL;
+}
+
+/****************************************************************
+ Free the single linked list of passwd entries made by
+ getpwent_list()
+****************************************************************/
+
+void pwent_free (struct sys_pwent *plist)
+{
+	while (plist) {
+		struct sys_pwent *prev;
+		
+		SAFE_FREE(plist->pw_name);
+		SAFE_FREE(plist->pw_passwd);
+		SAFE_FREE(plist->pw_gecos);
+		SAFE_FREE(plist->pw_dir);
+		SAFE_FREE(plist->pw_shell);
+
+		prev = plist;
+		plist = plist->next;
+		SAFE_FREE(prev);
+	}
+}
+
+/****************************************************************
+ Add the individual group users onto the list.
+****************************************************************/
+
+static struct sys_userlist *add_members_to_userlist(struct sys_userlist *list_head, const struct group *grp)
+{
+	size_t num_users, i;
+
+	/* Count the number of users. */
+	for (num_users = 0; grp->gr_mem[num_users]; num_users++)
+		;
+
+	for (i = 0; i < num_users; i++) {
+		struct sys_userlist *entry = (struct sys_userlist *)malloc(sizeof(*entry));
+		size_t len = strlen(grp->gr_mem[i])+1;
+		if (entry == NULL) {
+			free_userlist(list_head);
+			return NULL;
+		}
+		entry->unix_name = (char *)malloc(len);
+		if (entry->unix_name == NULL) {
+			SAFE_FREE(entry);
+			free_userlist(list_head);
+			return NULL;
+		}
+		safe_strcpy(entry->unix_name, grp->gr_mem[i],len);
+		DLIST_ADD(list_head, entry);
+	}
+	return list_head;
+}
+
+/****************************************************************
+ Get the list of UNIX users in a group.
+ We have to enumerate the /etc/group file as some UNIX getgrnam()
+ calls won't do that for us (notably Tru64 UNIX).
+****************************************************************/
+
+struct sys_userlist *get_users_in_group(const char *gname)
+{
+	struct sys_userlist *list_head = NULL;
+	struct group *gptr;
+	fstring domain;
+	fstring groupname;
+	DOM_SID sid;
+	enum SID_NAME_USE name_type;
+
+	(void) split_domain_and_name(gname, domain, groupname);
+
+	/*
+	 * If we're doing this via winbindd, don't do the
+	 * entire group list enumeration as we know this is
+	 * pointless (and slow).
+	 */
+
+	if (winbind_lookup_name(domain, groupname, &sid, &name_type) && name_type == SID_NAME_DOM_GRP) {
+		if ((gptr = (struct group *)getgrnam(gname)) == NULL)
+			return NULL;
+		return add_members_to_userlist(list_head, gptr);
+	}
+
+	setgrent();
+	while((gptr = getgrent()) != NULL) {
+		if (strequal(gname, gptr->gr_name)) {
+			list_head = add_members_to_userlist(list_head, gptr);
+			if (list_head == NULL)
+				return NULL;
+		}
+	}
+	endgrent();
+	return list_head;
+}
+
+/****************************************************************
+ Free list allocated above.
+****************************************************************/
+
+void free_userlist(struct sys_userlist *list_head)
+{
+	while (list_head) {
+		struct sys_userlist *old_head = list_head;
+		DLIST_REMOVE(list_head, list_head);
+		SAFE_FREE(old_head->unix_name);
+		SAFE_FREE(old_head);
+	}
+}
diff --git a/source3/lib/util_pw.c b/source3/lib/util_pw.c
new file mode 100644
index 0000000000..259649a064
--- /dev/null
+++ b/source3/lib/util_pw.c
@@ -0,0 +1,133 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Safe versions of getpw* calls
+
+   Copyright (C) Andrew Bartlett 2002
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+struct passwd *make_modifyable_passwd(const struct passwd *from)
+{
+	struct passwd *ret = smb_xmalloc(sizeof(*ret));
+/*  This is the assumed shape of the members by certain parts of the code...
+	fstring 	pw_name;
+	fstring 	pw_passwd;
+	fstring		pw_gecos;
+	pstring		pw_dir;
+	pstring		pw_shell;
+*/
+	char *pw_name = smb_xmalloc(sizeof(fstring));
+	char *pw_passwd = smb_xmalloc(sizeof(fstring));
+	char *pw_gecos = smb_xmalloc(sizeof(fstring));
+	char *pw_dir = smb_xmalloc(sizeof(pstring));
+	char *pw_shell = smb_xmalloc(sizeof(pstring));
+
+	ZERO_STRUCTP(ret);
+
+	/* 
+	 * Now point the struct's members as the 
+	 * newly allocated buffers:
+	 */
+
+	ret->pw_name = pw_name;
+	fstrcpy(ret->pw_name, from->pw_name);
+
+	ret->pw_passwd = pw_passwd;
+	fstrcpy(ret->pw_passwd, from->pw_passwd);
+
+	ret->pw_uid = from->pw_uid;
+	ret->pw_gid = from->pw_gid;
+
+	ret->pw_gecos = pw_gecos;
+	fstrcpy(ret->pw_gecos, from->pw_gecos);
+
+	ret->pw_dir = pw_dir;
+	pstrcpy(ret->pw_dir, from->pw_dir);
+
+	ret->pw_shell = pw_shell;
+	pstrcpy(ret->pw_shell, from->pw_shell);
+
+	return ret;
+}
+
+static struct passwd *alloc_copy_passwd(const struct passwd *from) 
+{
+	struct passwd *ret = smb_xmalloc(sizeof(struct passwd));
+	ZERO_STRUCTP(ret);
+	ret->pw_name = smb_xstrdup(from->pw_name);
+	ret->pw_passwd = smb_xstrdup(from->pw_passwd);
+	ret->pw_uid = from->pw_uid;
+	ret->pw_gid = from->pw_gid;
+	ret->pw_gecos = smb_xstrdup(from->pw_gecos);
+	ret->pw_dir = smb_xstrdup(from->pw_dir);
+	ret->pw_shell = smb_xstrdup(from->pw_shell);
+	return ret;
+}
+
+void passwd_free (struct passwd **buf)
+{
+	if (!*buf) {
+		DEBUG(0, ("attempted double-free of allocated passwd\n"));
+		return;
+	}
+
+	SAFE_FREE((*buf)->pw_name);
+	SAFE_FREE((*buf)->pw_passwd);
+	SAFE_FREE((*buf)->pw_gecos);
+	SAFE_FREE((*buf)->pw_dir);
+	SAFE_FREE((*buf)->pw_shell);
+
+	SAFE_FREE(*buf);
+}
+
+struct passwd *getpwnam_alloc(const char *name) 
+{
+	struct passwd *temp;
+
+	temp = getpwnam(name);
+	
+	if (!temp) {
+#if 0
+		if (errno == ENOMEM) {
+			/* what now? */
+		}
+#endif
+		return NULL;
+	}
+
+	return alloc_copy_passwd(temp);
+}
+
+struct passwd *getpwuid_alloc(uid_t uid) 
+{
+	struct passwd *temp;
+
+	temp = getpwuid(uid);
+	
+	if (!temp) {
+#if 0
+		if (errno == ENOMEM) {
+			/* what now? */
+		}
+#endif
+		return NULL;
+	}
+
+	return alloc_copy_passwd(temp);
+}
diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c
new file mode 100644
index 0000000000..8ed266aced
--- /dev/null
+++ b/source3/lib/util_seaccess.c
@@ -0,0 +1,446 @@
+/*
+   Unix SMB/CIFS implementation.
+   Copyright (C) Luke Kenneth Casson Leighton 1996-2000.
+   Copyright (C) Tim Potter 2000.
+   Copyright (C) Re-written by Jeremy Allison 2000.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "nterr.h"
+#include "sids.h"
+
+/**********************************************************************************
+ Check if this ACE has a SID in common with the token.
+**********************************************************************************/
+
+static BOOL token_sid_in_ace(const NT_USER_TOKEN *token, const SEC_ACE *ace)
+{
+	size_t i;
+
+	for (i = 0; i < token->num_sids; i++) {
+		if (sid_equal(&ace->trustee, &token->user_sids[i]))
+			return True;
+	}
+
+	return False;
+}
+
+/*********************************************************************************
+ Check an ACE against a SID.  We return the remaining needed permission
+ bits not yet granted. Zero means permission allowed (no more needed bits).
+**********************************************************************************/
+
+static uint32 check_ace(SEC_ACE *ace, NT_USER_TOKEN *token, uint32 acc_desired, 
+			NTSTATUS *status)
+{
+	uint32 mask = ace->info.mask;
+
+	/*
+	 * Inherit only is ignored.
+	 */
+
+	if (ace->flags & SEC_ACE_FLAG_INHERIT_ONLY) {
+		return acc_desired;
+	}
+
+	/*
+	 * If this ACE has no SID in common with the token,
+	 * ignore it as it cannot be used to make an access
+	 * determination.
+	 */
+
+	if (!token_sid_in_ace( token, ace))
+		return acc_desired;	
+
+	switch (ace->type) {
+		case SEC_ACE_TYPE_ACCESS_ALLOWED:
+			/*
+			 * This is explicitly allowed.
+			 * Remove the bits from the remaining
+			 * access required. Return the remaining
+			 * bits needed.
+			 */
+			acc_desired &= ~mask;
+			break;
+		case SEC_ACE_TYPE_ACCESS_DENIED:
+			/*
+			 * This is explicitly denied.
+			 * If any bits match terminate here,
+			 * we are denied.
+			 */
+			if (acc_desired & mask) {
+				*status = NT_STATUS_ACCESS_DENIED;
+				return 0xFFFFFFFF;
+			}
+			break;
+		case SEC_ACE_TYPE_SYSTEM_ALARM:
+		case SEC_ACE_TYPE_SYSTEM_AUDIT:
+			*status = NT_STATUS_NOT_IMPLEMENTED;
+			return 0xFFFFFFFF;
+		default:
+			*status = NT_STATUS_INVALID_PARAMETER;
+			return 0xFFFFFFFF;
+	}
+
+	return acc_desired;
+}
+
+/*********************************************************************************
+ Maximum access was requested. Calculate the max possible. Fail if it doesn't
+ include other bits requested.
+**********************************************************************************/ 
+
+static BOOL get_max_access( SEC_ACL *the_acl, NT_USER_TOKEN *token, uint32 *granted, 
+			    uint32 desired, 
+			    NTSTATUS *status)
+{
+	uint32 acc_denied = 0;
+	uint32 acc_granted = 0;
+	size_t i;
+	
+	for ( i = 0 ; i < the_acl->num_aces; i++) {
+		SEC_ACE *ace = &the_acl->ace[i];
+		uint32 mask = ace->info.mask;
+
+		if (!token_sid_in_ace( token, ace))
+			continue;
+
+		switch (ace->type) {
+			case SEC_ACE_TYPE_ACCESS_ALLOWED:
+				acc_granted |= (mask & ~acc_denied);
+				break;
+			case SEC_ACE_TYPE_ACCESS_DENIED:
+				acc_denied |= (mask & ~acc_granted);
+				break;
+			case SEC_ACE_TYPE_SYSTEM_ALARM:
+			case SEC_ACE_TYPE_SYSTEM_AUDIT:
+				*status = NT_STATUS_NOT_IMPLEMENTED;
+				*granted = 0;
+				return False;
+			default:
+				*status = NT_STATUS_INVALID_PARAMETER;
+				*granted = 0;
+				return False;
+		}                           
+	}
+
+	/*
+	 * If we were granted no access, or we desired bits that we
+	 * didn't get, then deny.
+	 */
+
+	if ((acc_granted == 0) || ((acc_granted & desired) != desired)) {
+		*status = NT_STATUS_ACCESS_DENIED;
+		*granted = 0;
+		return False;
+	}
+
+	/*
+	 * Return the access we did get.
+	 */
+
+	*granted = acc_granted;
+	*status = NT_STATUS_OK;
+	return True;
+}
+
+/* Map generic access rights to object specific rights.  This technique is
+   used to give meaning to assigning read, write, execute and all access to
+   objects.  Each type of object has its own mapping of generic to object
+   specific access rights. */
+
+void se_map_generic(uint32 *access_mask, struct generic_mapping *mapping)
+{
+	uint32 old_mask = *access_mask;
+
+	if (*access_mask & GENERIC_READ_ACCESS) {
+		*access_mask &= ~GENERIC_READ_ACCESS;
+		*access_mask |= mapping->generic_read;
+	}
+
+	if (*access_mask & GENERIC_WRITE_ACCESS) {
+		*access_mask &= ~GENERIC_WRITE_ACCESS;
+		*access_mask |= mapping->generic_write;
+	}
+
+	if (*access_mask & GENERIC_EXECUTE_ACCESS) {
+		*access_mask &= ~GENERIC_EXECUTE_ACCESS;
+		*access_mask |= mapping->generic_execute;
+	}
+
+	if (*access_mask & GENERIC_ALL_ACCESS) {
+		*access_mask &= ~GENERIC_ALL_ACCESS;
+		*access_mask |= mapping->generic_all;
+	}
+
+	if (old_mask != *access_mask) {
+		DEBUG(10, ("se_map_generic(): mapped mask 0x%08x to 0x%08x\n",
+			   old_mask, *access_mask));
+	}
+}
+
+/* Map standard access rights to object specific rights.  This technique is
+   used to give meaning to assigning read, write, execute and all access to
+   objects.  Each type of object has its own mapping of standard to object
+   specific access rights. */
+
+void se_map_standard(uint32 *access_mask, struct standard_mapping *mapping)
+{
+	uint32 old_mask = *access_mask;
+
+	if (*access_mask & READ_CONTROL_ACCESS) {
+		*access_mask &= ~READ_CONTROL_ACCESS;
+		*access_mask |= mapping->std_read;
+	}
+
+	if (*access_mask & (DELETE_ACCESS|WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS|SYNCHRONIZE_ACCESS)) {
+		*access_mask &= ~(DELETE_ACCESS|WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS|SYNCHRONIZE_ACCESS);
+		*access_mask |= mapping->std_all;
+	}
+
+	if (old_mask != *access_mask) {
+		DEBUG(10, ("se_map_standard(): mapped mask 0x%08x to 0x%08x\n",
+			   old_mask, *access_mask));
+	}
+}
+
+/*****************************************************************************
+ Check access rights of a user against a security descriptor.  Look at
+ each ACE in the security descriptor until an access denied ACE denies
+ any of the desired rights to the user or any of the users groups, or one
+ or more ACEs explicitly grant all requested access rights.  See
+ "Access-Checking" document in MSDN.
+*****************************************************************************/ 
+
+BOOL se_access_check(SEC_DESC *sd, NT_USER_TOKEN *token,
+		     uint32 acc_desired, uint32 *acc_granted, 
+		     NTSTATUS *status)
+{
+	extern NT_USER_TOKEN anonymous_token;
+	size_t i;
+	SEC_ACL *the_acl;
+	fstring sid_str;
+	uint32 tmp_acc_desired = acc_desired;
+
+	if (!status || !acc_granted)
+		return False;
+
+	if (!token)
+		token = &anonymous_token;
+
+	*status = NT_STATUS_OK;
+	*acc_granted = 0;
+
+	DEBUG(10,("se_access_check: requested access 0x%08x, for NT token with %u entries and first sid %s.\n",
+		 (unsigned int)acc_desired, (unsigned int)token->num_sids,
+		sid_to_string(sid_str, &token->user_sids[0])));
+
+	/*
+	 * No security descriptor or security descriptor with no DACL
+	 * present allows all access.
+	 */
+
+	/* ACL must have something in it */
+
+	if (!sd || (sd && (!(sd->type & SEC_DESC_DACL_PRESENT) || sd->dacl == NULL))) {
+		*status = NT_STATUS_OK;
+		*acc_granted = acc_desired;
+		DEBUG(5, ("se_access_check: no sd or blank DACL, access allowed\n"));
+		return True;
+	}
+
+	/* The user sid is the first in the token */
+
+	DEBUG(3, ("se_access_check: user sid is %s\n", sid_to_string(sid_str, &token->user_sids[PRIMARY_USER_SID_INDEX]) ));
+
+	for (i = 1; i < token->num_sids; i++) {
+		DEBUG(3, ("se_access_check: also %s\n",
+			  sid_to_string(sid_str, &token->user_sids[i])));
+	}
+
+	/* Is the token the owner of the SID ? */
+
+	if (sd->owner_sid) {
+		for (i = 0; i < token->num_sids; i++) {
+			if (sid_equal(&token->user_sids[i], sd->owner_sid)) {
+				/*
+				 * The owner always has SEC_RIGHTS_WRITE_DAC & READ_CONTROL.
+				 */
+				if (tmp_acc_desired & WRITE_DAC_ACCESS)
+					tmp_acc_desired &= ~WRITE_DAC_ACCESS;
+				if (tmp_acc_desired & READ_CONTROL_ACCESS)
+					tmp_acc_desired &= ~READ_CONTROL_ACCESS;
+			}
+		}
+	}
+
+	the_acl = sd->dacl;
+
+	if (tmp_acc_desired & MAXIMUM_ALLOWED_ACCESS) {
+		tmp_acc_desired &= ~MAXIMUM_ALLOWED_ACCESS;
+		return get_max_access( the_acl, token, acc_granted, tmp_acc_desired, 
+				       status);
+	}
+
+	for ( i = 0 ; i < the_acl->num_aces && tmp_acc_desired != 0; i++) {
+		SEC_ACE *ace = &the_acl->ace[i];
+
+		DEBUG(10,("se_access_check: ACE %u: type %d, flags = 0x%02x, SID = %s mask = %x, current desired = %x\n",
+			  (unsigned int)i, ace->type, ace->flags,
+			  sid_to_string(sid_str, &ace->trustee),
+			  (unsigned int) ace->info.mask, 
+			  (unsigned int)tmp_acc_desired ));
+
+		tmp_acc_desired = check_ace( ace, token, tmp_acc_desired, status);
+		if (NT_STATUS_V(*status)) {
+			*acc_granted = 0;
+			DEBUG(5,("se_access_check: ACE %u denied with status %s.\n", (unsigned int)i, nt_errstr(*status)));
+			return False;
+		}
+	}
+
+	/*
+	 * If there are no more desired permissions left then
+	 * access was allowed.
+	 */
+
+	if (tmp_acc_desired == 0) {
+		*acc_granted = acc_desired;
+		*status = NT_STATUS_OK;
+		DEBUG(5,("se_access_check: access (%x) granted.\n", (unsigned int)acc_desired ));
+		return True;
+	}
+		
+	*acc_granted = 0;
+	*status = NT_STATUS_ACCESS_DENIED;
+	DEBUG(5,("se_access_check: access (%x) denied.\n", (unsigned int)acc_desired ));
+	return False;
+}
+
+/* Create a child security descriptor using another security descriptor as
+   the parent container.  This child object can either be a container or
+   non-container object. */
+
+SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr, 
+				      BOOL child_container)
+{
+	SEC_DESC_BUF *sdb;
+	SEC_DESC *sd;
+	SEC_ACL *new_dacl, *the_acl;
+	SEC_ACE *new_ace_list = NULL;
+	int new_ace_list_ndx = 0, i;
+	size_t size;
+
+	/* Currently we only process the dacl when creating the child.  The
+	   sacl should also be processed but this is left out as sacls are
+	   not implemented in Samba at the moment.*/
+
+	the_acl = parent_ctr->dacl;
+
+	if (!(new_ace_list = talloc(ctx, sizeof(SEC_ACE) * the_acl->num_aces))) 
+		return NULL;
+
+	for (i = 0; the_acl && i < the_acl->num_aces; i++) {
+		SEC_ACE *ace = &the_acl->ace[i];
+		SEC_ACE *new_ace = &new_ace_list[new_ace_list_ndx];
+		uint8 new_flags = 0;
+		BOOL inherit = False;
+		fstring sid_str;
+
+		/* The OBJECT_INHERIT_ACE flag causes the ACE to be
+		   inherited by non-container children objects.  Container
+		   children objects will inherit it as an INHERIT_ONLY
+		   ACE. */
+
+		if (ace->flags & SEC_ACE_FLAG_OBJECT_INHERIT) {
+
+			if (!child_container) {
+				new_flags |= SEC_ACE_FLAG_OBJECT_INHERIT;
+			} else {
+				new_flags |= SEC_ACE_FLAG_INHERIT_ONLY;
+			}
+
+			inherit = True;
+		}
+
+		/* The CONAINER_INHERIT_ACE flag means all child container
+		   objects will inherit and use the ACE. */
+
+		if (ace->flags & SEC_ACE_FLAG_CONTAINER_INHERIT) {
+			if (!child_container) {
+				inherit = False;
+			} else {
+				new_flags |= SEC_ACE_FLAG_CONTAINER_INHERIT;
+			}
+		}
+
+		/* The INHERIT_ONLY_ACE is not used by the se_access_check()
+		   function for the parent container, but is inherited by
+		   all child objects as a normal ACE. */
+
+		if (ace->flags & SEC_ACE_FLAG_INHERIT_ONLY) {
+			/* Move along, nothing to see here */
+		}
+
+		/* The SEC_ACE_FLAG_NO_PROPAGATE_INHERIT flag means the ACE
+		   is inherited by child objects but not grandchildren
+		   objects.  We clear the object inherit and container
+		   inherit flags in the inherited ACE. */
+
+		if (ace->flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT) {
+			new_flags &= ~(SEC_ACE_FLAG_OBJECT_INHERIT |
+				       SEC_ACE_FLAG_CONTAINER_INHERIT);
+		}
+
+		/* Add ACE to ACE list */
+
+		if (!inherit)
+			continue;
+
+		init_sec_access(&new_ace->info, ace->info.mask);
+		init_sec_ace(new_ace, &ace->trustee, ace->type,
+			     new_ace->info, new_flags);
+
+		sid_to_string(sid_str, &ace->trustee);
+
+		DEBUG(5, ("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x "
+			  " inherited as %s:%d/0x%02x/0x%08x\n", sid_str,
+			  ace->type, ace->flags, ace->info.mask,
+			  sid_str, new_ace->type, new_ace->flags,
+			  new_ace->info.mask));
+
+		new_ace_list_ndx++;
+	}
+
+	/* Create child security descriptor to return */
+	
+	new_dacl = make_sec_acl(ctx, ACL_REVISION, new_ace_list_ndx, new_ace_list);
+
+	/* Use the existing user and group sids.  I don't think this is
+	   correct.  Perhaps the user and group should be passed in as
+	   parameters by the caller? */
+
+	sd = make_sec_desc(ctx, SEC_DESC_REVISION,
+			   parent_ctr->owner_sid,
+			   parent_ctr->grp_sid,
+			   parent_ctr->sacl,
+			   new_dacl, &size);
+
+	sdb = make_sec_desc_buf(ctx, size, sd);
+
+	return sdb;
+}
diff --git a/source3/lib/util_sec.c b/source3/lib/util_sec.c
new file mode 100644
index 0000000000..d59b1b0471
--- /dev/null
+++ b/source3/lib/util_sec.c
@@ -0,0 +1,422 @@
+/*
+   Unix SMB/CIFS implementation.
+   Copyright (C) Jeremy Allison 1998.
+   rewritten for version 2.0.6 by Tridge
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef AUTOCONF_TEST
+#include "includes.h"
+#else
+/* we are running this code in autoconf test mode to see which type of setuid
+   function works */
+#if defined(HAVE_UNISTD_H)
+#include <unistd.h>
+#endif
+#include <stdlib.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <errno.h>
+
+#ifdef HAVE_SYS_PRIV_H
+#include <sys/priv.h>
+#endif
+#ifdef HAVE_SYS_ID_H
+#include <sys/id.h>
+#endif
+
+#define DEBUG(x, y) printf y
+#define smb_panic(x) exit(1)
+#define BOOL int
+#endif
+
+/* are we running as non-root? This is used by the regresison test code,
+   and potentially also for sites that want non-root smbd */
+static uid_t initial_uid;
+static gid_t initial_gid;
+
+/****************************************************************************
+remember what uid we got started as - this allows us to run correctly
+as non-root while catching trapdoor systems
+****************************************************************************/
+void sec_init(void)
+{
+	initial_uid = geteuid();
+	initial_gid = getegid();
+}
+
+/****************************************************************************
+some code (eg. winbindd) needs to know what uid we started as
+****************************************************************************/
+uid_t sec_initial_uid(void)
+{
+	return initial_uid;
+}
+
+/****************************************************************************
+some code (eg. winbindd, profiling shm) needs to know what gid we started as
+****************************************************************************/
+gid_t sec_initial_gid(void)
+{
+	return initial_gid;
+}
+
+/****************************************************************************
+are we running in non-root mode?
+****************************************************************************/
+BOOL non_root_mode(void)
+{
+	return (initial_uid != (uid_t)0);
+}
+
+/****************************************************************************
+abort if we haven't set the uid correctly
+****************************************************************************/
+static void assert_uid(uid_t ruid, uid_t euid)
+{
+	if ((euid != (uid_t)-1 && geteuid() != euid) ||
+	    (ruid != (uid_t)-1 && getuid() != ruid)) {
+		if (!non_root_mode()) {
+			DEBUG(0,("Failed to set uid privileges to (%d,%d) now set to (%d,%d)\n",
+				 (int)ruid, (int)euid,
+				 (int)getuid(), (int)geteuid()));
+			smb_panic("failed to set uid\n");
+			exit(1);
+		}
+	}
+}
+
+/****************************************************************************
+abort if we haven't set the gid correctly
+****************************************************************************/
+static void assert_gid(gid_t rgid, gid_t egid)
+{
+	if ((egid != (gid_t)-1 && getegid() != egid) ||
+	    (rgid != (gid_t)-1 && getgid() != rgid)) {
+		if (!non_root_mode()) {
+			DEBUG(0,("Failed to set gid privileges to (%d,%d) now set to (%d,%d) uid=(%d,%d)\n",
+				 (int)rgid, (int)egid,
+				 (int)getgid(), (int)getegid(),
+				 (int)getuid(), (int)geteuid()));
+			smb_panic("failed to set gid\n");
+			exit(1);
+		}
+	}
+}
+
+/****************************************************************************
+ Gain root privilege before doing something. 
+ We want to end up with ruid==euid==0
+****************************************************************************/
+void gain_root_privilege(void)
+{	
+#if USE_SETRESUID
+	setresuid(0,0,0);
+#endif
+    
+#if USE_SETEUID
+	seteuid(0);
+#endif
+
+#if USE_SETREUID
+	setreuid(0, 0);
+#endif
+
+#if USE_SETUIDX
+	setuidx(ID_EFFECTIVE, 0);
+	setuidx(ID_REAL, 0);
+#endif
+
+	/* this is needed on some systems */
+	setuid(0);
+
+	assert_uid(0, 0);
+}
+
+
+/****************************************************************************
+ Ensure our real and effective groups are zero.
+ we want to end up with rgid==egid==0
+****************************************************************************/
+void gain_root_group_privilege(void)
+{
+#if USE_SETRESUID
+	setresgid(0,0,0);
+#endif
+
+#if USE_SETREUID
+	setregid(0,0);
+#endif
+
+#if USE_SETEUID
+	setegid(0);
+#endif
+
+#if USE_SETUIDX
+	setgidx(ID_EFFECTIVE, 0);
+	setgidx(ID_REAL, 0);
+#endif
+
+	setgid(0);
+
+	assert_gid(0, 0);
+}
+
+
+/****************************************************************************
+ Set *only* the effective uid.
+ we want to end up with ruid==0 and euid==uid
+****************************************************************************/
+void set_effective_uid(uid_t uid)
+{
+#if USE_SETRESUID
+	setresuid(-1,uid,-1);
+#endif
+
+#if USE_SETREUID
+	setreuid(-1,uid);
+#endif
+
+#if USE_SETEUID
+	seteuid(uid);
+#endif
+
+#if USE_SETUIDX
+	setuidx(ID_EFFECTIVE, uid);
+#endif
+
+	assert_uid(-1, uid);
+}
+
+/****************************************************************************
+ Set *only* the effective gid.
+ we want to end up with rgid==0 and egid==gid
+****************************************************************************/
+void set_effective_gid(gid_t gid)
+{
+#if USE_SETRESUID
+	setresgid(-1,gid,-1);
+#endif
+
+#if USE_SETREUID
+	setregid(-1,gid);
+#endif
+
+#if USE_SETEUID
+	setegid(gid);
+#endif
+
+#if USE_SETUIDX
+	setgidx(ID_EFFECTIVE, gid);
+#endif
+
+	assert_gid(-1, gid);
+}
+
+static uid_t saved_euid, saved_ruid;
+
+/****************************************************************************
+ save the real and effective uid for later restoration. Used by the quotas
+ code
+****************************************************************************/
+void save_re_uid(void)
+{
+	saved_ruid = getuid();
+	saved_euid = geteuid();
+}
+
+
+/****************************************************************************
+ and restore them!
+****************************************************************************/
+void restore_re_uid(void)
+{
+	set_effective_uid(0);
+
+#if USE_SETRESUID
+	setresuid(saved_ruid, saved_euid, -1);
+#elif USE_SETREUID
+	setreuid(saved_ruid, -1);
+	setreuid(-1,saved_euid);
+#elif USE_SETUIDX
+	setuidx(ID_REAL, saved_ruid);
+	setuidx(ID_EFFECTIVE, saved_euid);
+#else
+	set_effective_uid(saved_euid);
+	if (getuid() != saved_ruid)
+		setuid(saved_ruid);
+	set_effective_uid(saved_euid);
+#endif
+
+	assert_uid(saved_ruid, saved_euid);
+}
+
+/****************************************************************************
+ set the real AND effective uid to the current effective uid in a way that
+ allows root to be regained.
+ This is only possible on some platforms.
+****************************************************************************/
+int set_re_uid(void)
+{
+	uid_t uid = geteuid();
+
+#if USE_SETRESUID
+	setresuid(geteuid(), -1, -1);
+#endif
+
+#if USE_SETREUID
+	setreuid(0, 0);
+	setreuid(uid, -1);
+	setreuid(-1, uid);
+#endif
+
+#if USE_SETEUID
+	/* can't be done */
+	return -1;
+#endif
+
+#if USE_SETUIDX
+	/* can't be done */
+	return -1;
+#endif
+
+	assert_uid(uid, uid);
+	return 0;
+}
+
+
+/****************************************************************************
+ Become the specified uid and gid - permanently !
+ there should be no way back if possible
+****************************************************************************/
+void become_user_permanently(uid_t uid, gid_t gid)
+{
+	/*
+	 * First - gain root privilege. We do this to ensure
+	 * we can lose it again.
+	 */
+
+	gain_root_privilege();
+	gain_root_group_privilege();
+
+#if USE_SETRESUID
+	setresgid(gid,gid,gid);
+	setgid(gid);
+	setresuid(uid,uid,uid);
+	setuid(uid);
+#endif
+
+#if USE_SETREUID
+	setregid(gid,gid);
+	setgid(gid);
+	setreuid(uid,uid);
+	setuid(uid);
+#endif
+
+#if USE_SETEUID
+	setegid(gid);
+	setgid(gid);
+	setuid(uid);
+	seteuid(uid);
+	setuid(uid);
+#endif
+
+#if USE_SETUIDX
+	setgidx(ID_REAL, gid);
+	setgidx(ID_EFFECTIVE, gid);
+	setgid(gid);
+	setuidx(ID_REAL, uid);
+	setuidx(ID_EFFECTIVE, uid);
+	setuid(uid);
+#endif
+	
+	assert_uid(uid, uid);
+	assert_gid(gid, gid);
+}
+
+#ifdef AUTOCONF_TEST
+
+/****************************************************************************
+this function just checks that we don't get ENOSYS back
+****************************************************************************/
+static int have_syscall(void)
+{
+	errno = 0;
+
+#if USE_SETRESUID
+	setresuid(-1,-1,-1);
+#endif
+
+#if USE_SETREUID
+	setreuid(-1,-1);
+#endif
+
+#if USE_SETEUID
+	seteuid(-1);
+#endif
+
+#if USE_SETUIDX
+	setuidx(ID_EFFECTIVE, -1);
+#endif
+
+	if (errno == ENOSYS) return -1;
+	
+	return 0;
+}
+
+main()
+{
+        if (getuid() != 0) {
+#if (defined(AIX) && defined(USE_SETREUID))
+		/* setreuid is badly broken on AIX 4.1, we avoid it completely */
+                fprintf(stderr,"avoiding possibly broken setreuid\n");
+		exit(1);
+#endif
+
+		/* if not running as root then at least check to see if we get ENOSYS - this 
+		   handles Linux 2.0.x with glibc 2.1 */
+                fprintf(stderr,"not running as root: checking for ENOSYS\n");
+		exit(have_syscall());
+	}
+
+	gain_root_privilege();
+	gain_root_group_privilege();
+	set_effective_gid(1);
+	set_effective_uid(1);
+	save_re_uid();
+	restore_re_uid();
+	gain_root_privilege();
+	gain_root_group_privilege();
+	become_user_permanently(1, 1);
+	setuid(0);
+	if (getuid() == 0) {
+		fprintf(stderr,"uid not set permanently\n");
+		exit(1);
+	}
+
+	printf("OK\n");
+
+	exit(0);
+}
+#endif
+
+/****************************************************************************
+Check if we are setuid root.  Used in libsmb and smbpasswd paranoia checks.
+****************************************************************************/
+BOOL is_setuid_root(void) 
+{
+	return (geteuid() == (uid_t)0) && (getuid() != (uid_t)0);
+}
diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
new file mode 100644
index 0000000000..cd7b64bb70
--- /dev/null
+++ b/source3/lib/util_sid.c
@@ -0,0 +1,720 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Samba utility functions
+   Copyright (C) Andrew Tridgell 1992-1998
+   Copyright (C) Luke Kenneth Caseson Leighton 1998-1999
+   Copyright (C) Jeremy Allison  1999
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/* NOTE! the global_sam_sid is the SID of our local SAM. This is only
+   equal to the domain SID when we are a DC, otherwise its our
+   workstation SID */
+DOM_SID global_sam_sid;
+extern pstring global_myname;
+extern fstring global_myworkgroup;
+
+/*
+ * Some useful sids
+ */
+
+DOM_SID global_sid_Builtin; 				/* Local well-known domain */
+DOM_SID global_sid_World_Domain;	    	/* Everyone domain */
+DOM_SID global_sid_World;    				/* Everyone */
+DOM_SID global_sid_Creator_Owner_Domain;    /* Creator Owner domain */
+DOM_SID global_sid_Creator_Owner;    		/* Creator Owner */
+DOM_SID global_sid_Creator_Group;              /* Creator Group */
+DOM_SID global_sid_NT_Authority;    		/* NT Authority */
+DOM_SID global_sid_NULL;            		/* NULL sid */
+DOM_SID global_sid_Builtin_Guests;			/* Builtin guest users */
+DOM_SID global_sid_Authenticated_Users;		/* All authenticated rids */
+DOM_SID global_sid_Network;					/* Network rids */
+DOM_SID global_sid_Anonymous;				/* Anonymous login */
+
+const DOM_SID *global_sid_everyone = &global_sid_World;
+
+typedef struct _known_sid_users {
+	uint32 rid;
+	enum SID_NAME_USE sid_name_use;
+	char *known_user_name;
+} known_sid_users;
+
+/* static known_sid_users no_users[] = {{0, 0, NULL}}; */
+
+static known_sid_users everyone_users[] = {
+	{ 0, SID_NAME_WKN_GRP, "Everyone" },
+	{0, (enum SID_NAME_USE)0, NULL}};
+
+static known_sid_users creator_owner_users[] = {
+	{ 0, SID_NAME_ALIAS, "Creator Owner" },
+	{0, (enum SID_NAME_USE)0, NULL}};
+
+static known_sid_users nt_authority_users[] = {
+	{  1, SID_NAME_ALIAS, "Dialup" },
+	{  2, SID_NAME_ALIAS, "Network"},
+	{  3, SID_NAME_ALIAS, "Batch"},
+	{  4, SID_NAME_ALIAS, "Interactive"},
+	{  6, SID_NAME_ALIAS, "Service"},
+	{  7, SID_NAME_ALIAS, "AnonymousLogon"},
+	{  8, SID_NAME_ALIAS, "Proxy"},
+	{  9, SID_NAME_ALIAS, "ServerLogon"},
+	{ 11, SID_NAME_ALIAS, "Authenticated Users"},
+	{ 18, SID_NAME_ALIAS, "SYSTEM"},
+	{  0, (enum SID_NAME_USE)0, NULL}};
+
+static known_sid_users builtin_groups[] = {
+	{ BUILTIN_ALIAS_RID_ADMINS, SID_NAME_ALIAS, "Administrators" },
+	{ BUILTIN_ALIAS_RID_USERS, SID_NAME_ALIAS, "Users" },
+	{ BUILTIN_ALIAS_RID_GUESTS, SID_NAME_ALIAS, "Guests" },
+	{ BUILTIN_ALIAS_RID_ACCOUNT_OPS, SID_NAME_ALIAS, "Account Operators" },
+	{ BUILTIN_ALIAS_RID_SYSTEM_OPS, SID_NAME_ALIAS, "Server Operators" },
+	{ BUILTIN_ALIAS_RID_PRINT_OPS, SID_NAME_ALIAS, "Print Operators" },
+	{ BUILTIN_ALIAS_RID_BACKUP_OPS, SID_NAME_ALIAS, "Backup Operators" },
+	{  0, (enum SID_NAME_USE)0, NULL}};
+
+#define MAX_SID_NAMES	7
+
+static struct sid_name_map_info
+{
+	DOM_SID *sid;
+	char *name;
+	known_sid_users *known_users;
+} sid_name_map[MAX_SID_NAMES];
+
+static BOOL sid_name_map_initialized = False;
+
+/*
+ * An NT compatible anonymous token.
+ */
+
+static DOM_SID anon_sid_array[3];
+
+NT_USER_TOKEN anonymous_token = {
+    3,
+    anon_sid_array
+};
+
+/**************************************************************************
+ quick init function
+ *************************************************************************/
+static void init_sid_name_map (void)
+{
+	int i = 0;
+	
+	if (sid_name_map_initialized) return;
+	
+
+	if ((lp_security() == SEC_USER) && lp_domain_logons()) {
+		sid_name_map[i].sid = &global_sam_sid;
+		sid_name_map[i].name = global_myworkgroup;
+		sid_name_map[i].known_users = NULL;
+		i++;
+		sid_name_map[i].sid = &global_sam_sid;
+		sid_name_map[i].name = global_myname;
+		sid_name_map[i].known_users = NULL;
+		i++;
+	}
+	else {
+		sid_name_map[i].sid = &global_sam_sid;
+		sid_name_map[i].name = global_myname;
+		sid_name_map[i].known_users = NULL;
+		i++;
+	}
+
+	sid_name_map[i].sid = &global_sid_Builtin;
+	sid_name_map[i].name = "BUILTIN";
+	sid_name_map[i].known_users = &builtin_groups[0];
+	i++;
+	
+	sid_name_map[i].sid = &global_sid_World_Domain;
+	sid_name_map[i].name = "";
+	sid_name_map[i].known_users = &everyone_users[0];
+	i++;
+
+	sid_name_map[i].sid = &global_sid_Creator_Owner_Domain;
+	sid_name_map[i].name = "";
+	sid_name_map[i].known_users = &creator_owner_users[0];
+	i++;
+		
+	sid_name_map[i].sid = &global_sid_NT_Authority;
+	sid_name_map[i].name = "NT Authority";
+	sid_name_map[i].known_users = &nt_authority_users[0];
+	i++;
+		
+
+	/* end of array */
+	sid_name_map[i].sid = NULL;
+	sid_name_map[i].name = NULL;
+	sid_name_map[i].known_users = NULL;
+	
+	sid_name_map_initialized = True;
+		
+	return;
+
+}
+
+/****************************************************************************
+ Creates some useful well known sids
+****************************************************************************/
+
+void generate_wellknown_sids(void)
+{
+	string_to_sid(&global_sid_Builtin, "S-1-5-32");
+	string_to_sid(&global_sid_Builtin_Guests, "S-1-5-32-546");
+	string_to_sid(&global_sid_World_Domain, "S-1-1");
+	string_to_sid(&global_sid_World, "S-1-1-0");
+	string_to_sid(&global_sid_Creator_Owner_Domain, "S-1-3");
+	string_to_sid(&global_sid_Creator_Owner, "S-1-3-0");
+	string_to_sid(&global_sid_Creator_Group, "S-1-3-1");
+	string_to_sid(&global_sid_NT_Authority, "S-1-5");
+	string_to_sid(&global_sid_NULL, "S-1-0-0");
+	string_to_sid(&global_sid_Authenticated_Users, "S-1-5-11");
+	string_to_sid(&global_sid_Network, "S-1-5-2");
+	string_to_sid(&global_sid_Anonymous, "S-1-5-7");
+
+	/* Create the anon token. */
+	sid_copy( &anonymous_token.user_sids[0], &global_sid_World);
+	sid_copy( &anonymous_token.user_sids[1], &global_sid_Network);
+	sid_copy( &anonymous_token.user_sids[2], &global_sid_Anonymous);
+}
+
+/**************************************************************************
+ Turns a domain SID into a name, returned in the nt_domain argument.
+***************************************************************************/
+
+BOOL map_domain_sid_to_name(DOM_SID *sid, char *nt_domain)
+{
+	fstring sid_str;
+	int i = 0;
+	
+	sid_to_string(sid_str, sid);
+
+	if (!sid_name_map_initialized) 
+		init_sid_name_map();
+
+	DEBUG(5,("map_domain_sid_to_name: %s\n", sid_str));
+
+	if (nt_domain == NULL)
+		return False;
+
+	while (sid_name_map[i].sid != NULL) {
+		sid_to_string(sid_str, sid_name_map[i].sid);
+		DEBUG(5,("map_domain_sid_to_name: compare: %s\n", sid_str));
+		if (sid_equal(sid_name_map[i].sid, sid)) {		
+			fstrcpy(nt_domain, sid_name_map[i].name);
+			DEBUG(5,("map_domain_sid_to_name: found '%s'\n", nt_domain));
+			return True;
+		}
+		i++;
+	}
+
+	DEBUG(5,("map_domain_sid_to_name: mapping for %s not found\n", sid_str));
+
+    return False;
+}
+
+/**************************************************************************
+ Looks up a known username from one of the known domains.
+***************************************************************************/
+
+BOOL lookup_known_rid(DOM_SID *sid, uint32 rid, char *name, enum SID_NAME_USE *psid_name_use)
+{
+	int i = 0;
+	struct sid_name_map_info *psnm;
+
+	if (!sid_name_map_initialized) 
+		init_sid_name_map();
+
+	for(i = 0; sid_name_map[i].sid != NULL; i++) {
+		psnm = &sid_name_map[i];
+		if(sid_equal(psnm->sid, sid)) {
+			int j;
+			for(j = 0; psnm->known_users && psnm->known_users[j].known_user_name != NULL; j++) {
+				if(rid == psnm->known_users[j].rid) {
+					DEBUG(5,("lookup_builtin_rid: rid = %u, domain = '%s', user = '%s'\n",
+						(unsigned int)rid, psnm->name, psnm->known_users[j].known_user_name ));
+					fstrcpy( name, psnm->known_users[j].known_user_name);
+					*psid_name_use = psnm->known_users[j].sid_name_use;
+					return True;
+				}
+			}
+		}
+	}
+
+	return False;
+}
+
+/**************************************************************************
+ Turns a domain name into a SID.
+ *** side-effect: if the domain name is NULL, it is set to our domain ***
+***************************************************************************/
+
+BOOL map_domain_name_to_sid(DOM_SID *sid, char *nt_domain)
+{
+	int i = 0;
+
+	if (nt_domain == NULL) {
+		DEBUG(5,("map_domain_name_to_sid: mapping NULL domain to our SID.\n"));
+		sid_copy(sid, &global_sam_sid);
+		return True;
+	}
+
+	if (nt_domain[0] == 0) {
+		fstrcpy(nt_domain, global_myname);
+		DEBUG(5,("map_domain_name_to_sid: overriding blank name to %s\n", nt_domain));
+		sid_copy(sid, &global_sam_sid);
+		return True;
+	}
+
+	DEBUG(5,("map_domain_name_to_sid: %s\n", nt_domain));
+
+	if (!sid_name_map_initialized) 
+		init_sid_name_map();
+
+	while (sid_name_map[i].name != NULL) {
+		DEBUG(5,("map_domain_name_to_sid: compare: %s\n", sid_name_map[i].name));
+		if (strequal(sid_name_map[i].name, nt_domain)) {
+			fstring sid_str;
+			sid_copy(sid, sid_name_map[i].sid);
+			sid_to_string(sid_str, sid_name_map[i].sid);
+			DEBUG(5,("map_domain_name_to_sid: found %s\n", sid_str));
+			return True;
+		}
+		i++;
+	}
+
+	DEBUG(0,("map_domain_name_to_sid: mapping to %s not found.\n", nt_domain));
+	return False;
+}
+
+/**************************************************************************
+ Splits a name of format \DOMAIN\name or name into its two components.
+ Sets the DOMAIN name to global_myname if it has not been specified.
+***************************************************************************/
+
+void split_domain_name(const char *fullname, char *domain, char *name)
+{
+	pstring full_name;
+	char *p, *sep;
+
+	sep = lp_winbind_separator();
+
+	*domain = *name = '\0';
+
+	if (fullname[0] == sep[0] || fullname[0] == '\\')
+		fullname++;
+
+	pstrcpy(full_name, fullname);
+	p = strchr_m(full_name+1, '\\');
+	if (!p) p = strchr_m(full_name+1, sep[0]);
+
+	if (p != NULL) {
+		*p = 0;
+		fstrcpy(domain, full_name);
+		fstrcpy(name, p+1);
+	} else {
+		fstrcpy(domain, global_myname);
+		fstrcpy(name, full_name);
+	}
+
+	DEBUG(10,("split_domain_name:name '%s' split into domain :'%s' and user :'%s'\n",
+			fullname, domain, name));
+}
+
+/*****************************************************************
+ Convert a SID to an ascii string.
+*****************************************************************/
+
+char *sid_to_string(fstring sidstr_out, DOM_SID *sid)
+{
+  char subauth[16];
+  int i;
+  /* BIG NOTE: this function only does SIDS where the identauth is not >= 2^32 */
+  uint32 ia = (sid->id_auth[5]) +
+              (sid->id_auth[4] << 8 ) +
+              (sid->id_auth[3] << 16) +
+              (sid->id_auth[2] << 24);
+
+  slprintf(sidstr_out, sizeof(fstring) - 1, "S-%u-%lu", (unsigned int)sid->sid_rev_num, (unsigned long)ia);
+
+  for (i = 0; i < sid->num_auths; i++) {
+    slprintf(subauth, sizeof(subauth)-1, "-%lu", (unsigned long)sid->sub_auths[i]);
+    fstrcat(sidstr_out, subauth);
+  }
+
+  return sidstr_out;
+}
+
+/*
+  useful function for debug lines
+*/
+const char *sid_string_static(DOM_SID *sid)
+{
+	static fstring sid_str;
+	sid_to_string(sid_str, sid);
+	return sid_str;
+}
+
+/*****************************************************************
+ Convert a string to a SID. Returns True on success, False on fail.
+*****************************************************************/  
+   
+BOOL string_to_sid(DOM_SID *sidout, const char *sidstr)
+{
+  pstring tok;
+  char *p, *q;
+  /* BIG NOTE: this function only does SIDS where the identauth is not >= 2^32 */
+  uint32 ia;
+  
+  if (StrnCaseCmp( sidstr, "S-", 2)) {
+    DEBUG(0,("string_to_sid: Sid %s does not start with 'S-'.\n", sidstr));
+    return False;
+  }
+
+  memset((char *)sidout, '\0', sizeof(DOM_SID));
+
+  q = p = strdup(sidstr + 2);
+  if (p == NULL) {
+    DEBUG(0, ("string_to_sid: out of memory!\n"));
+    return False;
+  }
+
+  if (!next_token(&p, tok, "-", sizeof(tok))) {
+    DEBUG(0,("string_to_sid: Sid %s is not in a valid format.\n", sidstr));
+    SAFE_FREE(q);
+    return False;
+  }
+
+  /* Get the revision number. */
+  sidout->sid_rev_num = (uint8)strtoul(tok, NULL, 10);
+
+  if (!next_token(&p, tok, "-", sizeof(tok))) {
+    DEBUG(0,("string_to_sid: Sid %s is not in a valid format.\n", sidstr));
+    SAFE_FREE(q);
+    return False;
+  }
+
+  /* identauth in decimal should be <  2^32 */
+  ia = (uint32)strtoul(tok, NULL, 10);
+
+  /* NOTE - the ia value is in big-endian format. */
+  sidout->id_auth[0] = 0;
+  sidout->id_auth[1] = 0;
+  sidout->id_auth[2] = (ia & 0xff000000) >> 24;
+  sidout->id_auth[3] = (ia & 0x00ff0000) >> 16;
+  sidout->id_auth[4] = (ia & 0x0000ff00) >> 8;
+  sidout->id_auth[5] = (ia & 0x000000ff);
+
+  sidout->num_auths = 0;
+
+  while(next_token(&p, tok, "-", sizeof(tok)) && 
+	sidout->num_auths < MAXSUBAUTHS) {
+    /* 
+     * NOTE - the subauths are in native machine-endian format. They
+     * are converted to little-endian when linearized onto the wire.
+     */
+	sid_append_rid(sidout, (uint32)strtoul(tok, NULL, 10));
+  }
+
+  SAFE_FREE(q);
+  return True;
+}
+
+/*****************************************************************
+ Add a rid to the end of a sid
+*****************************************************************/  
+
+BOOL sid_append_rid(DOM_SID *sid, uint32 rid)
+{
+	if (sid->num_auths < MAXSUBAUTHS) {
+		sid->sub_auths[sid->num_auths++] = rid;
+		return True;
+	}
+	return False;
+}
+
+/*****************************************************************
+ Removes the last rid from the end of a sid
+*****************************************************************/  
+
+BOOL sid_split_rid(DOM_SID *sid, uint32 *rid)
+{
+	if (sid->num_auths > 0) {
+		sid->num_auths--;
+		*rid = sid->sub_auths[sid->num_auths];
+		return True;
+	}
+	return False;
+}
+
+/*****************************************************************
+ Return the last rid from the end of a sid
+*****************************************************************/  
+
+BOOL sid_peek_rid(DOM_SID *sid, uint32 *rid)
+{
+	if (sid->num_auths > 0) {
+		*rid = sid->sub_auths[sid->num_auths - 1];
+		return True;
+	}
+	return False;
+}
+
+/*****************************************************************
+ Copies a sid
+*****************************************************************/  
+
+void sid_copy(DOM_SID *dst, const DOM_SID *src)
+{
+	int i;
+
+	memset((char *)dst, '\0', sizeof(DOM_SID));
+
+	dst->sid_rev_num = src->sid_rev_num;
+	dst->num_auths = src->num_auths;
+
+	memcpy(&dst->id_auth[0], &src->id_auth[0], sizeof(src->id_auth));
+
+	for (i = 0; i < src->num_auths; i++)
+		dst->sub_auths[i] = src->sub_auths[i];
+}
+
+/*****************************************************************
+ Duplicates a sid - mallocs the target.
+*****************************************************************/
+
+DOM_SID *sid_dup(DOM_SID *src)
+{
+  DOM_SID *dst;
+
+  if(!src)
+    return NULL;
+
+  if((dst = malloc(sizeof(DOM_SID))) != NULL) {
+	memset(dst, '\0', sizeof(DOM_SID));
+	sid_copy( dst, src);
+  }
+
+  return dst;
+}
+
+/*****************************************************************
+ Write a sid out into on-the-wire format.
+*****************************************************************/  
+BOOL sid_linearize(char *outbuf, size_t len, DOM_SID *sid)
+{
+	size_t i;
+
+	if (len < sid_size(sid))
+		return False;
+
+	SCVAL(outbuf,0,sid->sid_rev_num);
+	SCVAL(outbuf,1,sid->num_auths);
+	memcpy(&outbuf[2], sid->id_auth, 6);
+	for(i = 0; i < sid->num_auths; i++)
+		SIVAL(outbuf, 8 + (i*4), sid->sub_auths[i]);
+
+	return True;
+}
+
+/*****************************************************************
+ parse a on-the-wire SID to a DOM_SID
+*****************************************************************/  
+BOOL sid_parse(char *inbuf, size_t len, DOM_SID *sid)
+{
+	int i;
+	if (len < 8) return False;
+	sid->sid_rev_num = CVAL(inbuf, 0);
+	sid->num_auths = CVAL(inbuf, 1);
+	memcpy(sid->id_auth, inbuf+2, 6);
+	if (len < 8 + sid->num_auths*4) return False;
+	for (i=0;i<sid->num_auths;i++) {
+		sid->sub_auths[i] = IVAL(inbuf, 8+i*4);
+	}
+	return True;
+}
+
+
+/*****************************************************************
+ Compare the auth portion of two sids.
+*****************************************************************/  
+int sid_compare_auth(const DOM_SID *sid1, const DOM_SID *sid2)
+{
+	int i;
+
+	if (sid1 == sid2) return 0;
+	if (!sid1) return -1;
+	if (!sid2) return 1;
+
+	if (sid1->sid_rev_num != sid2->sid_rev_num)
+		return sid1->sid_rev_num - sid2->sid_rev_num;
+
+	for (i = 0; i < 6; i++)
+		if (sid1->id_auth[i] != sid2->id_auth[i])
+			return sid1->id_auth[i] - sid2->id_auth[i];
+
+	return 0;
+}
+
+/*****************************************************************
+ Compare two sids.
+*****************************************************************/  
+int sid_compare(const DOM_SID *sid1, const DOM_SID *sid2)
+{
+	int i;
+
+	if (sid1 == sid2) return 0;
+	if (!sid1) return -1;
+	if (!sid2) return 1;
+
+	/* compare most likely different rids, first: i.e start at end */
+	if (sid1->num_auths != sid2->num_auths)
+		return sid1->num_auths - sid2->num_auths;
+
+	for (i = sid1->num_auths-1; i >= 0; --i)
+		if (sid1->sub_auths[i] != sid2->sub_auths[i])
+			return sid1->sub_auths[i] - sid2->sub_auths[i];
+
+	return sid_compare_auth(sid1, sid2);
+}
+
+/*****************************************************************
+see if 2 SIDs are in the same domain
+this just compares the leading sub-auths
+*****************************************************************/  
+int sid_compare_domain(const DOM_SID *sid1, const DOM_SID *sid2)
+{
+	int n, i;
+
+	n = MIN(sid1->num_auths, sid2->num_auths);
+
+	for (i = n-1; i >= 0; --i)
+		if (sid1->sub_auths[i] != sid2->sub_auths[i])
+			return sid1->sub_auths[i] - sid2->sub_auths[i];
+
+	return sid_compare_auth(sid1, sid2);
+}
+
+/*****************************************************************
+ Compare two sids.
+*****************************************************************/  
+BOOL sid_equal(const DOM_SID *sid1, const DOM_SID *sid2)
+{
+	return sid_compare(sid1, sid2) == 0;
+}
+
+
+/*****************************************************************
+ Check if the SID is our domain SID (S-1-5-21-x-y-z).
+*****************************************************************/  
+BOOL sid_check_is_domain(const DOM_SID *sid)
+{
+	return sid_equal(sid, &global_sam_sid);
+}
+
+
+/*****************************************************************
+ Check if the SID is the builtin SID (S-1-5-32).
+*****************************************************************/  
+BOOL sid_check_is_builtin(const DOM_SID *sid)
+{
+	return sid_equal(sid, &global_sid_Builtin);
+}
+
+
+/*****************************************************************
+ Check if the SID is our domain SID (S-1-5-21-x-y-z).
+*****************************************************************/  
+BOOL sid_check_is_in_our_domain(const DOM_SID *sid)
+{
+	DOM_SID dom_sid;
+	uint32 rid;
+
+	sid_copy(&dom_sid, sid);
+	sid_split_rid(&dom_sid, &rid);
+	
+	return sid_equal(&dom_sid, &global_sam_sid);
+}
+
+/*****************************************************************
+ Check if the SID is our domain SID (S-1-5-21-x-y-z).
+*****************************************************************/  
+BOOL sid_check_is_in_builtin(const DOM_SID *sid)
+{
+	DOM_SID dom_sid;
+	uint32 rid;
+
+	sid_copy(&dom_sid, sid);
+	sid_split_rid(&dom_sid, &rid);
+	
+	return sid_equal(&dom_sid, &global_sid_Builtin);
+}
+
+
+/*****************************************************************
+ Calculates size of a sid.
+*****************************************************************/  
+
+size_t sid_size(DOM_SID *sid)
+{
+	if (sid == NULL)
+		return 0;
+
+	return sid->num_auths * sizeof(uint32) + 8;
+}
+
+/*****************************************************************
+ Returns true if SID is internal (and non-mappable).
+*****************************************************************/
+
+BOOL non_mappable_sid(DOM_SID *sid)
+{
+	DOM_SID dom;
+	uint32 rid;
+
+	sid_copy(&dom, sid);
+	sid_split_rid(&dom, &rid);
+
+	if (sid_equal(&dom, &global_sid_Builtin))
+		return True;
+
+	if (sid_equal(&dom, &global_sid_Creator_Owner_Domain))
+		return True;
+ 
+	if (sid_equal(&dom, &global_sid_NT_Authority))
+		return True;
+
+	return False;
+}
+
+/*
+  return the binary string representation of a DOM_SID
+  caller must free
+*/
+char *sid_binstring(DOM_SID *sid)
+{
+	char *buf, *s;
+	int len = sid_size(sid);
+	buf = malloc(len);
+	if (!buf) return NULL;
+	sid_linearize(buf, len, sid);
+	s = binary_string(buf, len);
+	free(buf);
+	return s;
+}
+
diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c
new file mode 100644
index 0000000000..af3182264d
--- /dev/null
+++ b/source3/lib/util_sock.c
@@ -0,0 +1,1340 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Samba utility functions
+   Copyright (C) Andrew Tridgell 1992-1998
+   Copyright (C) Tim Potter      2000-2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+#ifdef WITH_SSL
+#include <openssl/ssl.h>
+#undef Realloc  /* SSLeay defines this and samba has a function of this name */
+extern SSL  *ssl;
+extern int  sslFd;
+#endif  /* WITH_SSL */
+
+/* the last IP received from */
+struct in_addr lastip;
+
+/* the last port received from */
+int lastport=0;
+
+int smb_read_error = 0;
+
+/****************************************************************************
+ Determine if a file descriptor is in fact a socket.
+****************************************************************************/
+
+BOOL is_a_socket(int fd)
+{
+  int v,l;
+  l = sizeof(int);
+  return(getsockopt(fd, SOL_SOCKET, SO_TYPE, (char *)&v, &l) == 0);
+}
+
+enum SOCK_OPT_TYPES {OPT_BOOL,OPT_INT,OPT_ON};
+
+typedef struct smb_socket_option
+{
+  char *name;
+  int level;
+  int option;
+  int value;
+  int opttype;
+} smb_socket_option;
+
+smb_socket_option socket_options[] = {
+  {"SO_KEEPALIVE",      SOL_SOCKET,    SO_KEEPALIVE,    0,                 OPT_BOOL},
+  {"SO_REUSEADDR",      SOL_SOCKET,    SO_REUSEADDR,    0,                 OPT_BOOL},
+  {"SO_BROADCAST",      SOL_SOCKET,    SO_BROADCAST,    0,                 OPT_BOOL},
+#ifdef TCP_NODELAY
+  {"TCP_NODELAY",       IPPROTO_TCP,   TCP_NODELAY,     0,                 OPT_BOOL},
+#endif
+#ifdef IPTOS_LOWDELAY
+  {"IPTOS_LOWDELAY",    IPPROTO_IP,    IP_TOS,          IPTOS_LOWDELAY,    OPT_ON},
+#endif
+#ifdef IPTOS_THROUGHPUT
+  {"IPTOS_THROUGHPUT",  IPPROTO_IP,    IP_TOS,          IPTOS_THROUGHPUT,  OPT_ON},
+#endif
+#ifdef SO_REUSEPORT
+  {"SO_REUSEPORT",      SOL_SOCKET,    SO_REUSEPORT,    0,                 OPT_BOOL},
+#endif
+#ifdef SO_SNDBUF
+  {"SO_SNDBUF",         SOL_SOCKET,    SO_SNDBUF,       0,                 OPT_INT},
+#endif
+#ifdef SO_RCVBUF
+  {"SO_RCVBUF",         SOL_SOCKET,    SO_RCVBUF,       0,                 OPT_INT},
+#endif
+#ifdef SO_SNDLOWAT
+  {"SO_SNDLOWAT",       SOL_SOCKET,    SO_SNDLOWAT,     0,                 OPT_INT},
+#endif
+#ifdef SO_RCVLOWAT
+  {"SO_RCVLOWAT",       SOL_SOCKET,    SO_RCVLOWAT,     0,                 OPT_INT},
+#endif
+#ifdef SO_SNDTIMEO
+  {"SO_SNDTIMEO",       SOL_SOCKET,    SO_SNDTIMEO,     0,                 OPT_INT},
+#endif
+#ifdef SO_RCVTIMEO
+  {"SO_RCVTIMEO",       SOL_SOCKET,    SO_RCVTIMEO,     0,                 OPT_INT},
+#endif
+  {NULL,0,0,0,0}};
+
+/****************************************************************************
+ Print socket options.
+****************************************************************************/
+static void print_socket_options(int s)
+{
+	int value, vlen = 4;
+	smb_socket_option *p = &socket_options[0];
+
+	for (; p->name != NULL; p++) {
+		if (getsockopt(s, p->level, p->option, (void *)&value, &vlen) == -1) {
+			DEBUG(5,("Could not test socket option %s.\n", p->name));
+		} else {
+			DEBUG(5,("socket option %s = %d\n",p->name,value));
+		}
+	}
+ }
+
+/****************************************************************************
+ Set user socket options.
+****************************************************************************/
+
+void set_socket_options(int fd, char *options)
+{
+	fstring tok;
+
+	while (next_token(&options,tok," \t,", sizeof(tok))) {
+		int ret=0,i;
+		int value = 1;
+		char *p;
+		BOOL got_value = False;
+
+		if ((p = strchr_m(tok,'='))) {
+			*p = 0;
+			value = atoi(p+1);
+			got_value = True;
+		}
+
+		for (i=0;socket_options[i].name;i++)
+			if (strequal(socket_options[i].name,tok))
+				break;
+
+		if (!socket_options[i].name) {
+			DEBUG(0,("Unknown socket option %s\n",tok));
+			continue;
+		}
+
+		switch (socket_options[i].opttype) {
+		case OPT_BOOL:
+		case OPT_INT:
+			ret = setsockopt(fd,socket_options[i].level,
+						socket_options[i].option,(char *)&value,sizeof(int));
+			break;
+
+		case OPT_ON:
+			if (got_value)
+				DEBUG(0,("syntax error - %s does not take a value\n",tok));
+
+			{
+				int on = socket_options[i].value;
+				ret = setsockopt(fd,socket_options[i].level,
+							socket_options[i].option,(char *)&on,sizeof(int));
+			}
+			break;	  
+		}
+      
+		if (ret != 0)
+			DEBUG(0,("Failed to set socket option %s (Error %s)\n",tok, strerror(errno) ));
+	}
+
+	print_socket_options(fd);
+}
+
+/****************************************************************************
+ Read from a socket.
+****************************************************************************/
+
+ssize_t read_udp_socket(int fd,char *buf,size_t len)
+{
+	ssize_t ret;
+	struct sockaddr_in sock;
+	socklen_t socklen = sizeof(sock);
+
+	memset((char *)&sock,'\0',socklen);
+	memset((char *)&lastip,'\0',sizeof(lastip));
+	ret = (ssize_t)recvfrom(fd,buf,len,0,(struct sockaddr *)&sock,&socklen);
+	if (ret <= 0) {
+		DEBUG(2,("read socket failed. ERRNO=%s\n",strerror(errno)));
+		return(0);
+	}
+
+	lastip = sock.sin_addr;
+	lastport = ntohs(sock.sin_port);
+
+	DEBUG(10,("read_udp_socket: lastip %s lastport %d read: %d\n",
+			inet_ntoa(lastip), lastport, ret));
+
+	return(ret);
+}
+
+/*******************************************************************
+ checks if read data is outstanding.
+ ********************************************************************/
+int read_data_outstanding(int fd, unsigned int time_out)
+{
+	int selrtn;
+	fd_set fds;
+	struct timeval timeout;
+
+	FD_ZERO(&fds);
+	FD_SET(fd, &fds);
+
+	timeout.tv_sec = (time_t) (time_out / 1000);
+	timeout.tv_usec = (long)(1000 * (time_out % 1000));
+
+	selrtn = sys_select_intr(fd + 1, &fds, NULL, NULL, &timeout);
+
+	if (selrtn <= 0)
+	{
+		return selrtn;
+	}
+	return FD_ISSET(fd, &fds) ? 1 : 0;
+}
+
+/****************************************************************************
+ Read data from a socket with a timout in msec.
+ mincount = if timeout, minimum to read before returning
+ maxcount = number to be read.
+ time_out = timeout in milliseconds
+****************************************************************************/
+
+static ssize_t read_socket_with_timeout(int fd,char *buf,size_t mincnt,size_t maxcnt,unsigned int time_out)
+{
+	fd_set fds;
+	int selrtn;
+	ssize_t readret;
+	size_t nread = 0;
+	struct timeval timeout;
+	
+	/* just checking .... */
+	if (maxcnt <= 0)
+		return(0);
+	
+	smb_read_error = 0;
+	
+	/* Blocking read */
+	if (time_out <= 0) {
+		if (mincnt == 0) mincnt = maxcnt;
+		
+		while (nread < mincnt) {
+#ifdef WITH_SSL
+			if (fd == sslFd) {
+				readret = SSL_read(ssl, buf + nread, maxcnt - nread);
+			} else {
+				readret = read(fd, buf + nread, maxcnt - nread);
+			}
+#else /* WITH_SSL */
+			readret = read(fd, buf + nread, maxcnt - nread);
+#endif /* WITH_SSL */
+			
+			if (readret == 0) {
+				DEBUG(5,("read_socket_with_timeout: blocking read. EOF from client.\n"));
+				smb_read_error = READ_EOF;
+				return -1;
+			}
+			
+			if (readret == -1) {
+				DEBUG(0,("read_socket_with_timeout: read error = %s.\n", strerror(errno) ));
+				smb_read_error = READ_ERROR;
+				return -1;
+			}
+			nread += readret;
+		}
+		return((ssize_t)nread);
+	}
+	
+	/* Most difficult - timeout read */
+	/* If this is ever called on a disk file and 
+	   mincnt is greater then the filesize then
+	   system performance will suffer severely as 
+	   select always returns true on disk files */
+	
+	/* Set initial timeout */
+	timeout.tv_sec = (time_t)(time_out / 1000);
+	timeout.tv_usec = (long)(1000 * (time_out % 1000));
+	
+	for (nread=0; nread < mincnt; ) {      
+		FD_ZERO(&fds);
+		FD_SET(fd,&fds);
+		
+		selrtn = sys_select_intr(fd+1,&fds,NULL,NULL,&timeout);
+		
+		/* Check if error */
+		if (selrtn == -1) {
+			/* something is wrong. Maybe the socket is dead? */
+			DEBUG(0,("read_socket_with_timeout: timeout read. select error = %s.\n", strerror(errno) ));
+			smb_read_error = READ_ERROR;
+			return -1;
+		}
+		
+		/* Did we timeout ? */
+		if (selrtn == 0) {
+			DEBUG(10,("read_socket_with_timeout: timeout read. select timed out.\n"));
+			smb_read_error = READ_TIMEOUT;
+			return -1;
+		}
+		
+#ifdef WITH_SSL
+		if (fd == sslFd) {
+			readret = SSL_read(ssl, buf + nread, maxcnt - nread);
+		}else{
+			readret = read(fd, buf + nread, maxcnt - nread);
+		}
+#else /* WITH_SSL */
+		readret = read(fd, buf+nread, maxcnt-nread);
+#endif /* WITH_SSL */
+		
+		if (readret == 0) {
+			/* we got EOF on the file descriptor */
+			DEBUG(5,("read_socket_with_timeout: timeout read. EOF from client.\n"));
+			smb_read_error = READ_EOF;
+			return -1;
+		}
+		
+		if (readret == -1) {
+			/* the descriptor is probably dead */
+			DEBUG(0,("read_socket_with_timeout: timeout read. read error = %s.\n", strerror(errno) ));
+			smb_read_error = READ_ERROR;
+			return -1;
+		}
+		
+		nread += readret;
+	}
+	
+	/* Return the number we got */
+	return (ssize_t)nread;
+}
+
+/****************************************************************************
+ Read data from a fd with a timout in msec.
+ mincount = if timeout, minimum to read before returning
+ maxcount = number to be read.
+ time_out = timeout in milliseconds
+****************************************************************************/
+
+ssize_t read_with_timeout(int fd, char *buf, size_t mincnt, size_t maxcnt,
+			  unsigned int time_out)
+{
+	ssize_t readret;
+	size_t nread = 0;
+	
+	/* just checking .... */
+	if (maxcnt <= 0)
+		return(0);
+	
+	/* Blocking read */
+	if (time_out <= 0) {
+		if (mincnt == 0) mincnt = maxcnt;
+		
+		while (nread < mincnt) {
+#ifdef WITH_SSL
+			if(fd == sslFd){
+				readret = SSL_read(ssl, buf + nread, maxcnt - nread);
+			}else{
+				readret = read(fd, buf + nread, maxcnt - nread);
+			}
+#else /* WITH_SSL */
+			readret = read(fd, buf + nread, maxcnt - nread);
+#endif /* WITH_SSL */
+			
+			if (readret <= 0)
+				return readret;
+			
+			nread += readret;
+		}
+		return((ssize_t)nread);
+	}
+	
+	/* Most difficult - timeout read */
+	/* If this is ever called on a disk file and 
+	   mincnt is greater then the filesize then
+	   system performance will suffer severely as 
+	   select always returns true on disk files */
+	
+	for (nread=0; nread < mincnt; ) {      
+		int selrtn = read_data_outstanding(fd, time_out);
+		
+		if(selrtn <= 0)
+			return selrtn;
+		
+#ifdef WITH_SSL
+		if(fd == sslFd){
+			readret = SSL_read(ssl, buf + nread, maxcnt - nread);
+		}else{
+			readret = read(fd, buf + nread, maxcnt - nread);
+		}
+#else /* WITH_SSL */
+		readret = read(fd, buf+nread, maxcnt-nread);
+#endif /* WITH_SSL */
+		
+		if (readret <= 0)
+			return readret;
+		
+		nread += readret;
+	}
+	
+	/* Return the number we got */
+	return((ssize_t)nread);
+}
+
+/****************************************************************************
+send a keepalive packet (rfc1002)
+****************************************************************************/
+
+BOOL send_keepalive(int client)
+{
+  unsigned char buf[4];
+
+  buf[0] = SMBkeepalive;
+  buf[1] = buf[2] = buf[3] = 0;
+
+  return(write_socket_data(client,(char *)buf,4) == 4);
+}
+
+/****************************************************************************
+  read data from the client, reading exactly N bytes. 
+****************************************************************************/
+
+ssize_t read_data(int fd,char *buffer,size_t N)
+{
+  ssize_t  ret;
+  size_t total=0;  
+ 
+  smb_read_error = 0;
+
+  while (total < N)
+  {
+#ifdef WITH_SSL
+    if(fd == sslFd){
+      ret = SSL_read(ssl, buffer + total, N - total);
+    }else{
+      ret = read(fd,buffer + total,N - total);
+    }
+#else /* WITH_SSL */
+    ret = read(fd,buffer + total,N - total);
+#endif /* WITH_SSL */
+
+    if (ret == 0)
+    {
+      DEBUG(10,("read_data: read of %d returned 0. Error = %s\n", (int)(N - total), strerror(errno) ));
+      smb_read_error = READ_EOF;
+      return 0;
+    }
+    if (ret == -1)
+    {
+      DEBUG(0,("read_data: read failure for %d. Error = %s\n", (int)(N - total), strerror(errno) ));
+      smb_read_error = READ_ERROR;
+      return -1;
+    }
+    total += ret;
+  }
+  return (ssize_t)total;
+}
+
+/****************************************************************************
+ Read data from a socket, reading exactly N bytes. 
+****************************************************************************/
+
+static ssize_t read_socket_data(int fd,char *buffer,size_t N)
+{
+  ssize_t  ret;
+  size_t total=0;  
+ 
+  smb_read_error = 0;
+
+  while (total < N)
+  {
+#ifdef WITH_SSL
+    if(fd == sslFd){
+      ret = SSL_read(ssl, buffer + total, N - total);
+    }else{
+      ret = read(fd,buffer + total,N - total);
+    }
+#else /* WITH_SSL */
+    ret = read(fd,buffer + total,N - total);
+#endif /* WITH_SSL */
+
+    if (ret == 0)
+    {
+      DEBUG(10,("read_socket_data: recv of %d returned 0. Error = %s\n", (int)(N - total), strerror(errno) ));
+      smb_read_error = READ_EOF;
+      return 0;
+    }
+    if (ret == -1)
+    {
+      DEBUG(0,("read_socket_data: recv failure for %d. Error = %s\n", (int)(N - total), strerror(errno) ));
+      smb_read_error = READ_ERROR;
+      return -1;
+    }
+    total += ret;
+  }
+  return (ssize_t)total;
+}
+
+/****************************************************************************
+ Write data to a fd.
+****************************************************************************/
+
+ssize_t write_data(int fd,char *buffer,size_t N)
+{
+  size_t total=0;
+  ssize_t ret;
+
+  while (total < N)
+  {
+#ifdef WITH_SSL
+    if(fd == sslFd){
+      ret = SSL_write(ssl,buffer + total,N - total);
+    }else{
+      ret = write(fd,buffer + total,N - total);
+    }
+#else /* WITH_SSL */
+    ret = write(fd,buffer + total,N - total);
+#endif /* WITH_SSL */
+
+    if (ret == -1) {
+      DEBUG(0,("write_data: write failure. Error = %s\n", strerror(errno) ));
+      return -1;
+    }
+    if (ret == 0) return total;
+
+    total += ret;
+  }
+  return (ssize_t)total;
+}
+
+/****************************************************************************
+ Write data to a socket - use send rather than write.
+****************************************************************************/
+
+ssize_t write_socket_data(int fd,char *buffer,size_t N)
+{
+  size_t total=0;
+  ssize_t ret;
+
+  while (total < N)
+  {
+#ifdef WITH_SSL
+    if(fd == sslFd){
+      ret = SSL_write(ssl,buffer + total,N - total);
+    }else{
+      ret = send(fd,buffer + total,N - total, 0);
+    }
+#else /* WITH_SSL */
+    ret = send(fd,buffer + total,N - total,0);
+#endif /* WITH_SSL */
+
+    if (ret == -1) {
+      DEBUG(0,("write_socket_data: write failure. Error = %s\n", strerror(errno) ));
+      return -1;
+    }
+    if (ret == 0) return total;
+
+    total += ret;
+  }
+  return (ssize_t)total;
+}
+
+/****************************************************************************
+write to a socket
+****************************************************************************/
+
+ssize_t write_socket(int fd,char *buf,size_t len)
+{
+  ssize_t ret=0;
+
+  DEBUG(6,("write_socket(%d,%d)\n",fd,(int)len));
+  ret = write_socket_data(fd,buf,len);
+      
+  DEBUG(6,("write_socket(%d,%d) wrote %d\n",fd,(int)len,(int)ret));
+  if(ret <= 0)
+    DEBUG(0,("write_socket: Error writing %d bytes to socket %d: ERRNO = %s\n", 
+       (int)len, fd, strerror(errno) ));
+
+  return(ret);
+}
+
+/****************************************************************************
+read 4 bytes of a smb packet and return the smb length of the packet
+store the result in the buffer
+This version of the function will return a length of zero on receiving
+a keepalive packet.
+timeout is in milliseconds.
+****************************************************************************/
+
+static ssize_t read_smb_length_return_keepalive(int fd,char *inbuf,unsigned int timeout)
+{
+  ssize_t len=0;
+  int msg_type;
+  BOOL ok = False;
+
+  while (!ok)
+  {
+    if (timeout > 0)
+      ok = (read_socket_with_timeout(fd,inbuf,4,4,timeout) == 4);
+    else 
+      ok = (read_socket_data(fd,inbuf,4) == 4);
+
+    if (!ok)
+      return(-1);
+
+    len = smb_len(inbuf);
+    msg_type = CVAL(inbuf,0);
+
+    if (msg_type == SMBkeepalive) 
+      DEBUG(5,("Got keepalive packet\n"));
+  }
+
+  DEBUG(10,("got smb length of %d\n",len));
+
+  return(len);
+}
+
+/****************************************************************************
+read 4 bytes of a smb packet and return the smb length of the packet
+store the result in the buffer. This version of the function will
+never return a session keepalive (length of zero).
+timeout is in milliseconds.
+****************************************************************************/
+
+ssize_t read_smb_length(int fd,char *inbuf,unsigned int timeout)
+{
+  ssize_t len;
+
+  for(;;)
+  {
+    len = read_smb_length_return_keepalive(fd, inbuf, timeout);
+
+    if(len < 0)
+      return len;
+
+    /* Ignore session keepalives. */
+    if(CVAL(inbuf,0) != SMBkeepalive)
+      break;
+  }
+
+  DEBUG(10,("read_smb_length: got smb length of %d\n",len));
+
+  return len;
+}
+
+/****************************************************************************
+  read an smb from a fd. Note that the buffer *MUST* be of size
+  BUFFER_SIZE+SAFETY_MARGIN.
+  The timeout is in milliseconds. 
+  This function will return on a
+  receipt of a session keepalive packet.
+****************************************************************************/
+
+BOOL receive_smb(int fd,char *buffer, unsigned int timeout)
+{
+	ssize_t len,ret;
+
+	smb_read_error = 0;
+
+	memset(buffer,'\0',smb_size + 100);
+
+	len = read_smb_length_return_keepalive(fd,buffer,timeout);
+	if (len < 0) {
+		DEBUG(10,("receive_smb: length < 0!\n"));
+
+		/*
+		 * Correct fix. smb_read_error may have already been
+		 * set. Only set it here if not already set. Global
+		 * variables still suck :-). JRA.
+		 */
+
+		if (smb_read_error == 0)
+			smb_read_error = READ_ERROR;
+		return False;
+	}
+
+	/*
+	 * A WRITEX with CAP_LARGE_WRITEX can be 64k worth of data plus 65 bytes
+	 * of header. Don't print the error if this fits.... JRA.
+	 */
+
+	if (len > (BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE)) {
+		DEBUG(0,("Invalid packet length! (%d bytes).\n",len));
+		if (len > BUFFER_SIZE + (SAFETY_MARGIN/2)) {
+
+			/*
+			 * Correct fix. smb_read_error may have already been
+			 * set. Only set it here if not already set. Global
+			 * variables still suck :-). JRA.
+			 */
+
+			if (smb_read_error == 0)
+				smb_read_error = READ_ERROR;
+			return False;
+		}
+	}
+
+	if(len > 0) {
+		ret = read_socket_data(fd,buffer+4,len);
+		if (ret != len) {
+			if (smb_read_error == 0)
+				smb_read_error = READ_ERROR;
+			return False;
+		}
+	}
+
+	return(True);
+}
+
+/****************************************************************************
+  read an smb from a fd ignoring all keepalive packets. Note that the buffer 
+  *MUST* be of size BUFFER_SIZE+SAFETY_MARGIN.
+  The timeout is in milliseconds
+
+  This is exactly the same as receive_smb except that it never returns
+  a session keepalive packet (just as receive_smb used to do).
+  receive_smb was changed to return keepalives as the oplock processing means this call
+  should never go into a blocking read.
+****************************************************************************/
+
+BOOL client_receive_smb(int fd,char *buffer, unsigned int timeout)
+{
+  BOOL ret;
+
+  for(;;)
+  {
+    ret = receive_smb(fd, buffer, timeout);
+
+    if (!ret)
+    {
+      DEBUG(10,("client_receive_smb failed\n"));
+      show_msg(buffer);
+      return ret;
+    }
+
+    /* Ignore session keepalive packets. */
+    if(CVAL(buffer,0) != SMBkeepalive)
+      break;
+  }
+  show_msg(buffer);
+  return ret;
+}
+
+/****************************************************************************
+  send an smb to a fd 
+****************************************************************************/
+
+BOOL send_smb(int fd,char *buffer)
+{
+	size_t len;
+	size_t nwritten=0;
+	ssize_t ret;
+	len = smb_len(buffer) + 4;
+
+	while (nwritten < len) {
+		ret = write_socket(fd,buffer+nwritten,len - nwritten);
+		if (ret <= 0) {
+			DEBUG(0,("Error writing %d bytes to client. %d. (%s)\n",
+				(int)len,(int)ret, strerror(errno) ));
+			return False;
+		}
+		nwritten += ret;
+	}
+
+	return True;
+}
+
+/****************************************************************************
+send a single packet to a port on another machine
+****************************************************************************/
+
+BOOL send_one_packet(char *buf,int len,struct in_addr ip,int port,int type)
+{
+  BOOL ret;
+  int out_fd;
+  struct sockaddr_in sock_out;
+
+  /* create a socket to write to */
+  out_fd = socket(AF_INET, type, 0);
+  if (out_fd == -1) 
+    {
+      DEBUG(0,("socket failed"));
+      return False;
+    }
+
+  /* set the address and port */
+  memset((char *)&sock_out,'\0',sizeof(sock_out));
+  putip((char *)&sock_out.sin_addr,(char *)&ip);
+  sock_out.sin_port = htons( port );
+  sock_out.sin_family = AF_INET;
+  
+  if (DEBUGLEVEL > 0)
+    DEBUG(3,("sending a packet of len %d to (%s) on port %d of type %s\n",
+	     len,inet_ntoa(ip),port,type==SOCK_DGRAM?"DGRAM":"STREAM"));
+	
+  /* send it */
+  ret = (sendto(out_fd,buf,len,0,(struct sockaddr *)&sock_out,sizeof(sock_out)) >= 0);
+
+  if (!ret)
+    DEBUG(0,("Packet send to %s(%d) failed ERRNO=%s\n",
+	     inet_ntoa(ip),port,strerror(errno)));
+
+  close(out_fd);
+  return(ret);
+}
+
+/****************************************************************************
+ Open a socket of the specified type, port, and address for incoming data.
+****************************************************************************/
+
+int open_socket_in( int type, int port, int dlevel, uint32 socket_addr, BOOL rebind )
+{
+	struct sockaddr_in sock;
+	int res;
+
+	memset( (char *)&sock, '\0', sizeof(sock) );
+
+#ifdef HAVE_SOCK_SIN_LEN
+	sock.sin_len         = sizeof(sock);
+#endif
+	sock.sin_port        = htons( port );
+	sock.sin_family      = AF_INET;
+	sock.sin_addr.s_addr = socket_addr;
+
+	res = socket( AF_INET, type, 0 );
+	if( res == -1 ) {
+		if( DEBUGLVL(0) ) {
+			dbgtext( "open_socket_in(): socket() call failed: " );
+			dbgtext( "%s\n", strerror( errno ) );
+		}
+		return -1;
+	}
+
+	/* This block sets/clears the SO_REUSEADDR and possibly SO_REUSEPORT. */
+	{
+		int val = rebind ? 1 : 0;
+		if( setsockopt(res,SOL_SOCKET,SO_REUSEADDR,(char *)&val,sizeof(val)) == -1 ) {
+			if( DEBUGLVL( dlevel ) ) {
+				dbgtext( "open_socket_in(): setsockopt: " );
+				dbgtext( "SO_REUSEADDR = %s ", val?"True":"False" );
+				dbgtext( "on port %d failed ", port );
+				dbgtext( "with error = %s\n", strerror(errno) );
+			}
+		}
+#ifdef SO_REUSEPORT
+		if( setsockopt(res,SOL_SOCKET,SO_REUSEPORT,(char *)&val,sizeof(val)) == -1 ) {
+			if( DEBUGLVL( dlevel ) ) {
+				dbgtext( "open_socket_in(): setsockopt: ");
+				dbgtext( "SO_REUSEPORT = %s ", val?"True":"False" );
+				dbgtext( "on port %d failed ", port );
+				dbgtext( "with error = %s\n", strerror(errno) );
+			}
+		}
+#endif /* SO_REUSEPORT */
+	}
+
+	/* now we've got a socket - we need to bind it */
+	if( bind( res, (struct sockaddr *)&sock, sizeof(sock) ) == -1 ) {
+		if( DEBUGLVL(dlevel) && (port == SMB_PORT || port == NMB_PORT) ) {
+			dbgtext( "bind failed on port %d ", port );
+			dbgtext( "socket_addr = %s.\n", inet_ntoa( sock.sin_addr ) );
+			dbgtext( "Error = %s\n", strerror(errno) );
+		}
+		close( res ); 
+		return( -1 ); 
+	}
+
+	DEBUG( 3, ( "bind succeeded on port %d\n", port ) );
+
+	return( res );
+ }
+
+/****************************************************************************
+  create an outgoing socket. timeout is in milliseconds.
+  **************************************************************************/
+
+int open_socket_out(int type, struct in_addr *addr, int port ,int timeout)
+{
+  struct sockaddr_in sock_out;
+  int res,ret;
+  int connect_loop = 250; /* 250 milliseconds */
+  int loops = (timeout) / connect_loop;
+
+  /* create a socket to write to */
+  res = socket(PF_INET, type, 0);
+  if (res == -1) 
+    { DEBUG(0,("socket error\n")); return -1; }
+
+  if (type != SOCK_STREAM) return(res);
+  
+  memset((char *)&sock_out,'\0',sizeof(sock_out));
+  putip((char *)&sock_out.sin_addr,(char *)addr);
+  
+  sock_out.sin_port = htons( port );
+  sock_out.sin_family = PF_INET;
+
+  /* set it non-blocking */
+  set_blocking(res,False);
+
+  DEBUG(3,("Connecting to %s at port %d\n",inet_ntoa(*addr),port));
+  
+  /* and connect it to the destination */
+connect_again:
+  ret = connect(res,(struct sockaddr *)&sock_out,sizeof(sock_out));
+
+  /* Some systems return EAGAIN when they mean EINPROGRESS */
+  if (ret < 0 && (errno == EINPROGRESS || errno == EALREADY ||
+        errno == EAGAIN) && loops--) {
+    msleep(connect_loop);
+    goto connect_again;
+  }
+
+  if (ret < 0 && (errno == EINPROGRESS || errno == EALREADY ||
+         errno == EAGAIN)) {
+      DEBUG(1,("timeout connecting to %s:%d\n",inet_ntoa(*addr),port));
+      close(res);
+      return -1;
+  }
+
+#ifdef EISCONN
+  if (ret < 0 && errno == EISCONN) {
+    errno = 0;
+    ret = 0;
+  }
+#endif
+
+  if (ret < 0) {
+    DEBUG(2,("error connecting to %s:%d (%s)\n",
+	     inet_ntoa(*addr),port,strerror(errno)));
+    close(res);
+    return -1;
+  }
+
+  /* set it blocking again */
+  set_blocking(res,True);
+
+  return res;
+}
+
+/*
+  open a connected UDP socket to host on port
+*/
+int open_udp_socket(const char *host, int port)
+{
+	int type = SOCK_DGRAM;
+	struct sockaddr_in sock_out;
+	int res;
+	struct in_addr *addr;
+
+	addr = interpret_addr2(host);
+
+	res = socket(PF_INET, type, 0);
+	if (res == -1) {
+		return -1;
+	}
+
+	memset((char *)&sock_out,'\0',sizeof(sock_out));
+	putip((char *)&sock_out.sin_addr,(char *)addr);
+	sock_out.sin_port = htons(port);
+	sock_out.sin_family = PF_INET;
+
+	if (connect(res,(struct sockaddr *)&sock_out,sizeof(sock_out))) {
+		close(res);
+		return -1;
+	}
+
+	return res;
+}
+
+
+/* the following 3 client_*() functions are nasty ways of allowing
+   some generic functions to get info that really should be hidden in
+   particular modules */
+static int client_fd = -1;
+
+void client_setfd(int fd)
+{
+	client_fd = fd;
+}
+
+char *client_name(void)
+{
+	return get_socket_name(client_fd);
+}
+
+char *client_addr(void)
+{
+	return get_socket_addr(client_fd);
+}
+
+/*******************************************************************
+ matchname - determine if host name matches IP address. Used to
+ confirm a hostname lookup to prevent spoof attacks
+ ******************************************************************/
+static BOOL matchname(char *remotehost,struct in_addr  addr)
+{
+	struct hostent *hp;
+	int     i;
+	
+	if ((hp = sys_gethostbyname(remotehost)) == 0) {
+		DEBUG(0,("sys_gethostbyname(%s): lookup failure.\n", remotehost));
+		return False;
+	} 
+
+	/*
+	 * Make sure that gethostbyname() returns the "correct" host name.
+	 * Unfortunately, gethostbyname("localhost") sometimes yields
+	 * "localhost.domain". Since the latter host name comes from the
+	 * local DNS, we just have to trust it (all bets are off if the local
+	 * DNS is perverted). We always check the address list, though.
+	 */
+	
+	if (strcasecmp(remotehost, hp->h_name)
+	    && strcasecmp(remotehost, "localhost")) {
+		DEBUG(0,("host name/name mismatch: %s != %s\n",
+			 remotehost, hp->h_name));
+		return False;
+	}
+	
+	/* Look up the host address in the address list we just got. */
+	for (i = 0; hp->h_addr_list[i]; i++) {
+		if (memcmp(hp->h_addr_list[i], (caddr_t) & addr, sizeof(addr)) == 0)
+			return True;
+	}
+	
+	/*
+	 * The host name does not map to the original host address. Perhaps
+	 * someone has compromised a name server. More likely someone botched
+	 * it, but that could be dangerous, too.
+	 */
+	
+	DEBUG(0,("host name/address mismatch: %s != %s\n",
+		 inet_ntoa(addr), hp->h_name));
+	return False;
+}
+
+ 
+/*******************************************************************
+ return the DNS name of the remote end of a socket
+ ******************************************************************/
+char *get_socket_name(int fd)
+{
+	static pstring name_buf;
+	static fstring addr_buf;
+	struct hostent *hp;
+	struct in_addr addr;
+	char *p;
+
+	/* reverse lookups can be *very* expensive, and in many
+	   situations won't work because many networks don't link dhcp
+	   with dns. To avoid the delay we avoid the lookup if
+	   possible */
+	if (!lp_hostname_lookups()) {
+		return get_socket_addr(fd);
+	}
+	
+	p = get_socket_addr(fd);
+
+	/* it might be the same as the last one - save some DNS work */
+	if (strcmp(p, addr_buf) == 0) return name_buf;
+
+	pstrcpy(name_buf,"UNKNOWN");
+	if (fd == -1) return name_buf;
+
+	fstrcpy(addr_buf, p);
+
+	addr = *interpret_addr2(p);
+	
+	/* Look up the remote host name. */
+	if ((hp = gethostbyaddr((char *)&addr.s_addr, sizeof(addr.s_addr), AF_INET)) == 0) {
+		DEBUG(1,("Gethostbyaddr failed for %s\n",p));
+		pstrcpy(name_buf, p);
+	} else {
+		pstrcpy(name_buf,(char *)hp->h_name);
+		if (!matchname(name_buf, addr)) {
+			DEBUG(0,("Matchname failed on %s %s\n",name_buf,p));
+			pstrcpy(name_buf,"UNKNOWN");
+		}
+	}
+
+	alpha_strcpy(name_buf, name_buf, "_-.", sizeof(name_buf));
+	if (strstr(name_buf,"..")) {
+		pstrcpy(name_buf, "UNKNOWN");
+	}
+
+	return name_buf;
+}
+
+/*******************************************************************
+ return the IP addr of the remote end of a socket as a string 
+ ******************************************************************/
+char *get_socket_addr(int fd)
+{
+	struct sockaddr sa;
+	struct sockaddr_in *sockin = (struct sockaddr_in *) (&sa);
+	int     length = sizeof(sa);
+	static fstring addr_buf;
+
+	fstrcpy(addr_buf,"0.0.0.0");
+
+	if (fd == -1) {
+		return addr_buf;
+	}
+	
+	if (getpeername(fd, &sa, &length) < 0) {
+		DEBUG(0,("getpeername failed. Error was %s\n", strerror(errno) ));
+		return addr_buf;
+	}
+	
+	fstrcpy(addr_buf,(char *)inet_ntoa(sockin->sin_addr));
+	
+	return addr_buf;
+}
+
+/*******************************************************************
+ opens and connects to a unix pipe socket
+ ******************************************************************/
+int open_pipe_sock(char *path)
+{
+	int sock;
+	struct sockaddr_un sa;
+
+	sock = socket(AF_UNIX, SOCK_STREAM, 0);
+
+	if (sock < 0)
+	{
+		DEBUG(0, ("unix socket open failed\n"));
+		return sock;
+	}
+
+	ZERO_STRUCT(sa);
+	sa.sun_family = AF_UNIX;
+	safe_strcpy(sa.sun_path, path, sizeof(sa.sun_path)-1);
+
+	DEBUG(10, ("socket open succeeded.  file name: %s\n", sa.sun_path));
+
+	if (connect(sock, (struct sockaddr*) &sa, sizeof(sa)) < 0)
+	{
+		DEBUG(0,("socket connect to %s failed\n", sa.sun_path));
+		close(sock);
+		return -1;
+	}
+
+	return sock;
+}
+
+/*******************************************************************
+ Create protected unix domain socket.
+
+ some unixen cannot set permissions on a ux-dom-sock, so we
+ have to make sure that the directory contains the protection
+ permissions, instead.
+ ******************************************************************/
+int create_pipe_sock(const char *socket_dir,
+					const char *socket_name,
+					mode_t dir_perms)
+{
+        struct sockaddr_un sunaddr;
+        struct stat st;
+        int sock;
+        mode_t old_umask;
+        pstring path;
+        
+        /* Create the socket directory or reuse the existing one */
+        
+        if (lstat(socket_dir, &st) == -1) {
+                
+                if (errno == ENOENT) {
+                        
+                        /* Create directory */
+                        
+                        if (mkdir(socket_dir, dir_perms) == -1) {
+                                DEBUG(0, ("error creating socket directory "
+                                          "%s: %s\n", socket_dir, 
+                                          strerror(errno)));
+                                return -1;
+                        }
+                        
+                } else {
+                        
+                        DEBUG(0, ("lstat failed on socket directory %s: %s\n",
+                                  socket_dir, strerror(errno)));
+                        return -1;
+                }
+                
+        } else {
+                
+                /* Check ownership and permission on existing directory */
+                
+                if (!S_ISDIR(st.st_mode)) {
+                        DEBUG(0, ("socket directory %s isn't a directory\n",
+                                  socket_dir));
+                        return -1;
+                }
+                
+                if ((st.st_uid != sec_initial_uid()) || 
+                    ((st.st_mode & 0777) != dir_perms)) {
+                        DEBUG(0, ("invalid permissions on socket directory "
+                                  "%s\n", socket_dir));
+                        return -1;
+                }
+        }
+        
+        /* Create the socket file */
+        
+        old_umask = umask(0);
+        
+        sock = socket(AF_UNIX, SOCK_STREAM, 0);
+        
+        if (sock == -1) {
+                perror("socket");
+		umask(old_umask);
+                return -1;
+        }
+        
+        snprintf(path, sizeof(path), "%s/%s", socket_dir, socket_name);
+        
+        unlink(path);
+        memset(&sunaddr, 0, sizeof(sunaddr));
+        sunaddr.sun_family = AF_UNIX;
+        safe_strcpy(sunaddr.sun_path, path, sizeof(sunaddr.sun_path)-1);
+        
+        if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) == -1) {
+                DEBUG(0, ("bind failed on pipe socket %s: %s\n",
+                          path,
+                          strerror(errno)));
+                close(sock);
+		umask(old_umask);
+                return -1;
+        }
+        
+        if (listen(sock, 5) == -1) {
+                DEBUG(0, ("listen failed on pipe socket %s: %s\n",
+                          path,
+                          strerror(errno)));
+                close(sock);
+		umask(old_umask);
+                return -1;
+        }
+        
+        umask(old_umask);
+        
+        /* Success! */
+        
+        return sock;
+}
+
+/*******************************************************************
+this is like socketpair but uses tcp. It is used by the Samba
+regression test code
+The function guarantees that nobody else can attach to the socket,
+or if they do that this function fails and the socket gets closed
+returns 0 on success, -1 on failure
+the resulting file descriptors are symmetrical
+ ******************************************************************/
+static int socketpair_tcp(int fd[2])
+{
+	int listener;
+	struct sockaddr_in sock;
+	struct sockaddr_in sock2;
+	socklen_t socklen = sizeof(sock);
+	int connect_done = 0;
+	
+	fd[0] = fd[1] = listener = -1;
+
+	memset(&sock, 0, sizeof(sock));
+	
+	if ((listener = socket(PF_INET, SOCK_STREAM, 0)) == -1) goto failed;
+
+        memset(&sock2, 0, sizeof(sock2));
+#ifdef HAVE_SOCK_SIN_LEN
+        sock2.sin_len = sizeof(sock2);
+#endif
+        sock2.sin_family = PF_INET;
+
+        bind(listener, (struct sockaddr *)&sock2, sizeof(sock2));
+
+	if (listen(listener, 1) != 0) goto failed;
+
+	if (getsockname(listener, (struct sockaddr *)&sock, &socklen) != 0) goto failed;
+
+	if ((fd[1] = socket(PF_INET, SOCK_STREAM, 0)) == -1) goto failed;
+
+	set_blocking(fd[1], 0);
+
+	sock.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+
+	if (connect(fd[1],(struct sockaddr *)&sock,sizeof(sock)) == -1) {
+		if (errno != EINPROGRESS) goto failed;
+	} else {
+		connect_done = 1;
+	}
+
+	if ((fd[0] = accept(listener, (struct sockaddr *)&sock, &socklen)) == -1) goto failed;
+
+	close(listener);
+	if (connect_done == 0) {
+		if (connect(fd[1],(struct sockaddr *)&sock,sizeof(sock)) != 0
+		    && errno != EISCONN) goto failed;
+	}
+
+	set_blocking(fd[1], 1);
+
+	/* all OK! */
+	return 0;
+
+ failed:
+	if (fd[0] != -1) close(fd[0]);
+	if (fd[1] != -1) close(fd[1]);
+	if (listener != -1) close(listener);
+	return -1;
+}
+
+
+/*******************************************************************
+run a program on a local tcp socket, this is used to launch smbd
+when regression testing
+the return value is a socket which is attached to a subprocess
+running "prog". stdin and stdout are attached. stderr is left
+attached to the original stderr
+ ******************************************************************/
+int sock_exec(const char *prog)
+{
+	int fd[2];
+	if (socketpair_tcp(fd) != 0) {
+		DEBUG(0,("socketpair_tcp failed (%s)\n", strerror(errno)));
+		return -1;
+	}
+	if (fork() == 0) {
+		close(fd[0]);
+		close(0);
+		close(1);
+		dup(fd[1]);
+		dup(fd[1]);
+		exit(system(prog));
+	}
+	close(fd[1]);
+	return fd[0];
+}
diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c
new file mode 100644
index 0000000000..6fdca658cd
--- /dev/null
+++ b/source3/lib/util_str.c
@@ -0,0 +1,1003 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Samba utility functions
+   Copyright (C) Andrew Tridgell 1992-2001
+   Copyright (C) Simo Sorce      2001-2002
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/****************************************************************************
+  Get the next token from a string, return False if none found
+  handles double-quotes. 
+Based on a routine by GJC@VILLAGE.COM. 
+Extensively modified by Andrew.Tridgell@anu.edu.au
+****************************************************************************/
+BOOL next_token(char **ptr,char *buff,char *sep, size_t bufsize)
+{
+	char *s;
+	BOOL quoted;
+	size_t len=1;
+
+	if (!ptr) return(False);
+
+	s = *ptr;
+
+	/* default to simple separators */
+	if (!sep) sep = " \t\n\r";
+
+	/* find the first non sep char */
+	while (*s && strchr_m(sep,*s)) s++;
+	
+	/* nothing left? */
+	if (! *s) return(False);
+	
+	/* copy over the token */
+	for (quoted = False; len < bufsize && *s && (quoted || !strchr_m(sep,*s)); s++) {
+		if (*s == '\"') {
+			quoted = !quoted;
+		} else {
+			len++;
+			*buff++ = *s;
+		}
+	}
+	
+	*ptr = (*s) ? s+1 : s;  
+	*buff = 0;
+	
+	return(True);
+}
+
+
+
+/****************************************************************************
+This is like next_token but is not re-entrant and "remembers" the first 
+parameter so you can pass NULL. This is useful for user interface code
+but beware the fact that it is not re-entrant!
+****************************************************************************/
+static char *last_ptr=NULL;
+
+BOOL next_token_nr(char **ptr,char *buff,char *sep, size_t bufsize)
+{
+	BOOL ret;
+	if (!ptr) ptr = &last_ptr;
+
+	ret = next_token(ptr, buff, sep, bufsize);
+	last_ptr = *ptr;
+	return ret;	
+}
+
+static uint16 tmpbuf[sizeof(pstring)];
+
+void set_first_token(char *ptr)
+{
+	last_ptr = ptr;
+}
+
+
+/****************************************************************************
+Convert list of tokens to array; dependent on above routine.
+Uses last_ptr from above - bit of a hack.
+****************************************************************************/
+char **toktocliplist(int *ctok, char *sep)
+{
+	char *s=last_ptr;
+	int ictok=0;
+	char **ret, **iret;
+
+	if (!sep) sep = " \t\n\r";
+
+	while(*s && strchr_m(sep,*s)) s++;
+
+	/* nothing left? */
+	if (!*s) return(NULL);
+
+	do {
+		ictok++;
+		while(*s && (!strchr_m(sep,*s))) s++;
+		while(*s && strchr_m(sep,*s)) *s++=0;
+	} while(*s);
+	
+	*ctok=ictok;
+	s=last_ptr;
+	
+	if (!(ret=iret=malloc(ictok*sizeof(char *)))) return NULL;
+	
+	while(ictok--) {    
+		*iret++=s;
+		while(*s++);
+		while(!*s) s++;
+	}
+
+	return ret;
+}
+
+/*******************************************************************
+  case insensitive string compararison
+********************************************************************/
+int StrCaseCmp(const char *s, const char *t)
+{
+	pstring buf1, buf2;
+	unix_strupper(s, strlen(s)+1, buf1, sizeof(buf1));
+	unix_strupper(t, strlen(t)+1, buf2, sizeof(buf2));
+	return strcmp(buf1,buf2);
+}
+
+/*******************************************************************
+  case insensitive string compararison, length limited
+********************************************************************/
+int StrnCaseCmp(const char *s, const char *t, size_t n)
+{
+	pstring buf1, buf2;
+	unix_strupper(s, strlen(s)+1, buf1, sizeof(buf1));
+	unix_strupper(t, strlen(t)+1, buf2, sizeof(buf2));
+	return strncmp(buf1,buf2,n);
+}
+
+/*******************************************************************
+  compare 2 strings 
+********************************************************************/
+BOOL strequal(const char *s1, const char *s2)
+{
+	if (s1 == s2) return(True);
+	if (!s1 || !s2) return(False);
+  
+	return(StrCaseCmp(s1,s2)==0);
+}
+
+/*******************************************************************
+  compare 2 strings up to and including the nth char.
+  ******************************************************************/
+BOOL strnequal(const char *s1,const char *s2,size_t n)
+{
+  if (s1 == s2) return(True);
+  if (!s1 || !s2 || !n) return(False);
+  
+  return(StrnCaseCmp(s1,s2,n)==0);
+}
+
+/*******************************************************************
+  compare 2 strings (case sensitive)
+********************************************************************/
+BOOL strcsequal(const char *s1,const char *s2)
+{
+  if (s1 == s2) return(True);
+  if (!s1 || !s2) return(False);
+  
+  return(strcmp(s1,s2)==0);
+}
+
+/***************************************************************************
+Do a case-insensitive, whitespace-ignoring string compare.
+***************************************************************************/
+int strwicmp(const char *psz1, const char *psz2)
+{
+	/* if BOTH strings are NULL, return TRUE, if ONE is NULL return */
+	/* appropriate value. */
+	if (psz1 == psz2)
+		return (0);
+	else if (psz1 == NULL)
+		return (-1);
+	else if (psz2 == NULL)
+		return (1);
+
+	/* sync the strings on first non-whitespace */
+	while (1)
+	{
+		while (isspace((int)*psz1))
+			psz1++;
+		while (isspace((int)*psz2))
+			psz2++;
+		if (toupper(*psz1) != toupper(*psz2) || *psz1 == '\0'
+		    || *psz2 == '\0')
+			break;
+		psz1++;
+		psz2++;
+	}
+	return (*psz1 - *psz2);
+}
+
+
+/*******************************************************************
+  convert a string to "normal" form
+********************************************************************/
+void strnorm(char *s)
+{
+  extern int case_default;
+  if (case_default == CASE_UPPER)
+    strupper(s);
+  else
+    strlower(s);
+}
+
+/*******************************************************************
+check if a string is in "normal" case
+********************************************************************/
+BOOL strisnormal(char *s)
+{
+	extern int case_default;
+	if (case_default == CASE_UPPER)
+		return(!strhaslower(s));
+	
+	return(!strhasupper(s));
+}
+
+
+/****************************************************************************
+  string replace
+  NOTE: oldc and newc must be 7 bit characters
+****************************************************************************/
+void string_replace(char *s,char oldc,char newc)
+{
+	push_ucs2(NULL, tmpbuf,s, sizeof(tmpbuf), STR_TERMINATE);
+	string_replace_w(tmpbuf, UCS2_CHAR(oldc), UCS2_CHAR(newc));
+	pull_ucs2(NULL, s, tmpbuf, -1, sizeof(tmpbuf), STR_TERMINATE);
+}
+
+
+/*******************************************************************
+skip past some strings in a buffer
+********************************************************************/
+char *skip_string(char *buf,size_t n)
+{
+	while (n--)
+		buf += strlen(buf) + 1;
+	return(buf);
+}
+
+/*******************************************************************
+ Count the number of characters in a string. Normally this will
+ be the same as the number of bytes in a string for single byte strings,
+ but will be different for multibyte.
+********************************************************************/
+size_t str_charnum(const char *s)
+{
+	push_ucs2(NULL, tmpbuf,s, sizeof(tmpbuf), STR_TERMINATE);
+	return strlen_w(tmpbuf);
+}
+
+/*******************************************************************
+trim the specified elements off the front and back of a string
+********************************************************************/
+
+BOOL trim_string(char *s,const char *front,const char *back)
+{
+	BOOL ret = False;
+	size_t front_len;
+	size_t back_len;
+	size_t len;
+
+	/* Ignore null or empty strings. */
+	if (!s || (s[0] == '\0'))
+		return False;
+
+	front_len	= front? strlen(front) : 0;
+	back_len	= back? strlen(back) : 0;
+
+	len = strlen(s);
+
+	if (front_len) {
+		while (len && strncmp(s, front, front_len)==0) {
+			memcpy(s, s+front_len, (len-front_len)+1);
+			len -= front_len;
+			ret=True;
+		}
+	}
+	
+	if (back_len) {
+		while (strncmp(s+len-back_len,back,back_len)==0) {
+			s[len-back_len]='\0';
+			len -= back_len;
+			ret=True;
+		}
+	}
+	return ret;
+}
+
+
+/****************************************************************************
+does a string have any uppercase chars in it?
+****************************************************************************/
+BOOL strhasupper(const char *s)
+{
+	smb_ucs2_t *ptr;
+	push_ucs2(NULL, tmpbuf,s, sizeof(tmpbuf), STR_TERMINATE);
+	for(ptr=tmpbuf;*ptr;ptr++)
+		if(isupper_w(*ptr)) return True;
+	return(False);
+}
+
+/****************************************************************************
+does a string have any lowercase chars in it?
+****************************************************************************/
+BOOL strhaslower(const char *s)
+{
+	smb_ucs2_t *ptr;
+	push_ucs2(NULL, tmpbuf,s, sizeof(tmpbuf), STR_TERMINATE);
+	for(ptr=tmpbuf;*ptr;ptr++)
+		if(islower_w(*ptr)) return True;
+	return(False);
+}
+
+/****************************************************************************
+find the number of 'c' chars in a string
+****************************************************************************/
+size_t count_chars(const char *s,char c)
+{
+	smb_ucs2_t *ptr;
+	int count;
+	push_ucs2(NULL, tmpbuf,s, sizeof(tmpbuf), STR_TERMINATE);
+	for(count=0,ptr=tmpbuf;*ptr;ptr++) if(*ptr==UCS2_CHAR(c)) count++;
+	return(count);
+}
+
+/*******************************************************************
+Return True if a string consists only of one particular character.
+********************************************************************/
+
+BOOL str_is_all(const char *s,char c)
+{
+	smb_ucs2_t *ptr;
+
+	if(s == NULL) return False;
+	if(!*s) return False;
+  
+	push_ucs2(NULL, tmpbuf,s, sizeof(tmpbuf), STR_TERMINATE);
+	for(ptr=tmpbuf;*ptr;ptr++) if(*ptr!=UCS2_CHAR(c)) return False;
+
+	return True;
+}
+
+/*******************************************************************
+safe string copy into a known length string. maxlength does not
+include the terminating zero.
+********************************************************************/
+
+char *safe_strcpy(char *dest,const char *src, size_t maxlength)
+{
+	size_t len;
+
+	if (!dest) {
+		DEBUG(0,("ERROR: NULL dest in safe_strcpy\n"));
+		return NULL;
+	}
+
+	if (!src) {
+		*dest = 0;
+		return dest;
+	}  
+
+	len = strlen(src);
+
+	if (len > maxlength) {
+		DEBUG(0,("ERROR: string overflow by %d in safe_strcpy [%.50s]\n",
+			 (int)(len-maxlength), src));
+		len = maxlength;
+	}
+      
+	memmove(dest, src, len);
+	dest[len] = 0;
+	return dest;
+}  
+
+/*******************************************************************
+safe string cat into a string. maxlength does not
+include the terminating zero.
+********************************************************************/
+
+char *safe_strcat(char *dest, const char *src, size_t maxlength)
+{
+	size_t src_len, dest_len;
+
+	if (!dest) {
+		DEBUG(0,("ERROR: NULL dest in safe_strcat\n"));
+		return NULL;
+	}
+
+	if (!src) {
+		return dest;
+	}  
+	
+	src_len = strlen(src);
+	dest_len = strlen(dest);
+	
+	if (src_len + dest_len > maxlength) {
+		DEBUG(0,("ERROR: string overflow by %d in safe_strcat [%.50s]\n",
+			 (int)(src_len + dest_len - maxlength), src));
+		src_len = maxlength - dest_len;
+	}
+	
+	memcpy(&dest[dest_len], src, src_len);
+	dest[dest_len + src_len] = 0;
+	return dest;
+}
+
+/*******************************************************************
+ Paranoid strcpy into a buffer of given length (includes terminating
+ zero. Strips out all but 'a-Z0-9' and the character in other_safe_chars
+ and replaces with '_'. Deliberately does *NOT* check for multibyte
+ characters. Don't change it !
+********************************************************************/
+
+char *alpha_strcpy(char *dest, const char *src, const char *other_safe_chars, size_t maxlength)
+{
+	size_t len, i;
+
+	if (!dest) {
+		DEBUG(0,("ERROR: NULL dest in alpha_strcpy\n"));
+		return NULL;
+	}
+
+	if (!src) {
+		*dest = 0;
+		return dest;
+	}  
+
+	len = strlen(src);
+	if (len >= maxlength)
+		len = maxlength - 1;
+
+	if (!other_safe_chars)
+		other_safe_chars = "";
+
+	for(i = 0; i < len; i++) {
+		int val = (src[i] & 0xff);
+		if(isupper(val) || islower(val) || isdigit(val) || strchr_m(other_safe_chars, val))
+			dest[i] = src[i];
+		else
+			dest[i] = '_';
+	}
+
+	dest[i] = '\0';
+
+	return dest;
+}
+
+/****************************************************************************
+ Like strncpy but always null terminates. Make sure there is room!
+ The variable n should always be one less than the available size.
+****************************************************************************/
+
+char *StrnCpy(char *dest,const char *src,size_t n)
+{
+	char *d = dest;
+	if (!dest) return(NULL);
+	if (!src) {
+		*dest = 0;
+		return(dest);
+	}
+	while (n-- && (*d++ = *src++)) ;
+	*d = 0;
+	return(dest);
+}
+
+/****************************************************************************
+like strncpy but copies up to the character marker.  always null terminates.
+returns a pointer to the character marker in the source string (src).
+****************************************************************************/
+char *strncpyn(char *dest, const char *src,size_t n, char c)
+{
+	char *p;
+	size_t str_len;
+
+	p = strchr_m(src, c);
+	if (p == NULL)
+	{
+		DEBUG(5, ("strncpyn: separator character (%c) not found\n", c));
+		return NULL;
+	}
+
+	str_len = PTR_DIFF(p, src);
+	strncpy(dest, src, MIN(n, str_len));
+	dest[str_len] = '\0';
+
+	return p;
+}
+
+
+/*************************************************************
+ Routine to get hex characters and turn them into a 16 byte array.
+ the array can be variable length, and any non-hex-numeric
+ characters are skipped.  "0xnn" or "0Xnn" is specially catered
+ for.
+
+ valid examples: "0A5D15"; "0x15, 0x49, 0xa2"; "59\ta9\te3\n"
+
+**************************************************************/
+size_t strhex_to_str(char *p, size_t len, const char *strhex)
+{
+	size_t i;
+	size_t num_chars = 0;
+	unsigned char   lonybble, hinybble;
+	char           *hexchars = "0123456789ABCDEF";
+	char           *p1 = NULL, *p2 = NULL;
+
+	for (i = 0; i < len && strhex[i] != 0; i++)
+	{
+		if (strnequal(hexchars, "0x", 2))
+		{
+			i++; /* skip two chars */
+			continue;
+		}
+
+		if (!(p1 = strchr_m(hexchars, toupper(strhex[i]))))
+		{
+			break;
+		}
+
+		i++; /* next hex digit */
+
+		if (!(p2 = strchr_m(hexchars, toupper(strhex[i]))))
+		{
+			break;
+		}
+
+		/* get the two nybbles */
+		hinybble = PTR_DIFF(p1, hexchars);
+		lonybble = PTR_DIFF(p2, hexchars);
+
+		p[num_chars] = (hinybble << 4) | lonybble;
+		num_chars++;
+
+		p1 = NULL;
+		p2 = NULL;
+	}
+	return num_chars;
+}
+
+/****************************************************************************
+check if a string is part of a list
+****************************************************************************/
+BOOL in_list(char *s,char *list,BOOL casesensitive)
+{
+  pstring tok;
+  char *p=list;
+
+  if (!list) return(False);
+
+  while (next_token(&p,tok,LIST_SEP,sizeof(tok))) {
+    if (casesensitive) {
+      if (strcmp(tok,s) == 0)
+        return(True);
+    } else {
+      if (StrCaseCmp(tok,s) == 0)
+        return(True);
+    }
+  }
+  return(False);
+}
+
+/* this is used to prevent lots of mallocs of size 1 */
+static char *null_string = NULL;
+
+/****************************************************************************
+set a string value, allocing the space for the string
+****************************************************************************/
+static BOOL string_init(char **dest,const char *src)
+{
+  size_t l;
+  if (!src)     
+    src = "";
+
+  l = strlen(src);
+
+  if (l == 0)
+    {
+      if (!null_string) {
+        if((null_string = (char *)malloc(1)) == NULL) {
+          DEBUG(0,("string_init: malloc fail for null_string.\n"));
+          return False;
+        }
+        *null_string = 0;
+      }
+      *dest = null_string;
+    }
+  else
+    {
+      (*dest) = (char *)malloc(l+1);
+      if ((*dest) == NULL) {
+	      DEBUG(0,("Out of memory in string_init\n"));
+	      return False;
+      }
+
+      pstrcpy(*dest,src);
+    }
+  return(True);
+}
+
+/****************************************************************************
+free a string value
+****************************************************************************/
+void string_free(char **s)
+{
+  if (!s || !(*s)) return;
+  if (*s == null_string)
+    *s = NULL;
+  SAFE_FREE(*s);
+}
+
+/****************************************************************************
+set a string value, allocing the space for the string, and deallocating any 
+existing space
+****************************************************************************/
+BOOL string_set(char **dest,const char *src)
+{
+  string_free(dest);
+
+  return(string_init(dest,src));
+}
+
+
+/****************************************************************************
+substitute a string for a pattern in another string. Make sure there is 
+enough room!
+
+This routine looks for pattern in s and replaces it with 
+insert. It may do multiple replacements.
+
+any of " ; ' $ or ` in the insert string are replaced with _
+if len==0 then no length check is performed
+****************************************************************************/
+void string_sub(char *s,const char *pattern,const char *insert, size_t len)
+{
+	char *p;
+	ssize_t ls,lp,li, i;
+
+	if (!insert || !pattern || !s) return;
+
+	ls = (ssize_t)strlen(s);
+	lp = (ssize_t)strlen(pattern);
+	li = (ssize_t)strlen(insert);
+
+	if (!*pattern) return;
+	
+	while (lp <= ls && (p = strstr(s,pattern))) {
+		if (len && (ls + (li-lp) >= len)) {
+			DEBUG(0,("ERROR: string overflow by %d in string_sub(%.50s, %d)\n", 
+				 (int)(ls + (li-lp) - len),
+				 pattern, (int)len));
+			break;
+		}
+		if (li != lp) {
+			memmove(p+li,p+lp,strlen(p+lp)+1);
+		}
+		for (i=0;i<li;i++) {
+			switch (insert[i]) {
+			case '`':
+			case '"':
+			case '\'':
+			case ';':
+			case '$':
+			case '%':
+			case '\r':
+			case '\n':
+				p[i] = '_';
+				break;
+			default:
+				p[i] = insert[i];
+			}
+		}
+		s = p + li;
+		ls += (li-lp);
+	}
+}
+
+void fstring_sub(char *s,const char *pattern,const char *insert)
+{
+	string_sub(s, pattern, insert, sizeof(fstring));
+}
+
+void pstring_sub(char *s,const char *pattern,const char *insert)
+{
+	string_sub(s, pattern, insert, sizeof(pstring));
+}
+
+/****************************************************************************
+similar to string_sub() but allows for any character to be substituted. 
+Use with caution!
+if len==0 then no length check is performed
+****************************************************************************/
+void all_string_sub(char *s,const char *pattern,const char *insert, size_t len)
+{
+	char *p;
+	ssize_t ls,lp,li;
+
+	if (!insert || !pattern || !s) return;
+
+	ls = (ssize_t)strlen(s);
+	lp = (ssize_t)strlen(pattern);
+	li = (ssize_t)strlen(insert);
+
+	if (!*pattern) return;
+	
+	while (lp <= ls && (p = strstr(s,pattern))) {
+		if (len && (ls + (li-lp) >= len)) {
+			DEBUG(0,("ERROR: string overflow by %d in all_string_sub(%.50s, %d)\n", 
+				 (int)(ls + (li-lp) - len),
+				 pattern, (int)len));
+			break;
+		}
+		if (li != lp) {
+			memmove(p+li,p+lp,strlen(p+lp)+1);
+		}
+		memcpy(p, insert, li);
+		s = p + li;
+		ls += (li-lp);
+	}
+}
+
+/****************************************************************************
+similar to all_string_sub but for unicode strings.
+return a new allocate unicode string.
+len is the number of bytes, not chars
+  similar to string_sub() but allows for any character to be substituted.
+  Use with caution!
+  if len==0 then no length check is performed
+****************************************************************************/
+
+smb_ucs2_t *all_string_sub_w(const smb_ucs2_t *s, const smb_ucs2_t *pattern,
+				const smb_ucs2_t *insert)
+{
+	smb_ucs2_t *r, *rp, *sp;
+	size_t	lr, lp, li, lt;
+
+	if (!insert || !pattern || !*pattern || !s) return NULL;
+
+	lt = (size_t)strlen_w(s);
+	lp = (size_t)strlen_w(pattern);
+	li = (size_t)strlen_w(insert);
+
+	if (li > lp) {
+		smb_ucs2_t *st = s;
+		int ld = li - lp;
+		while ((sp = strstr_w(st, pattern))) {
+			st = sp + lp;
+			lt += ld;
+		}
+	}
+
+	r = rp = (smb_ucs2_t *)malloc((lt + 1)*(sizeof(smb_ucs2_t)));
+	if (!r) {
+		DEBUG(0, ("all_string_sub_w: out of memory!\n"));
+		return NULL;
+	}
+
+	while ((sp = strstr_w(s, pattern))) {
+		memcpy(rp, s, (sp - s));
+		rp += ((sp - s) / sizeof(smb_ucs2_t));
+		memcpy(rp, insert, (li * sizeof(smb_ucs2_t)));
+		s = sp + lp;
+		rp += li;
+	}
+	lr = ((rp - r) / sizeof(smb_ucs2_t));
+	if (lr < lt) {
+		memcpy(rp, s, ((lt - lr) * sizeof(smb_ucs2_t)));
+		rp += (lt - lr);
+	}
+	*rp = 0;
+
+	return r;
+}
+
+smb_ucs2_t *all_string_sub_wa(smb_ucs2_t *s, const char *pattern,
+					     const char *insert)
+{
+	wpstring p, i;
+
+	if (!insert || !pattern || !s) return NULL;
+	push_ucs2(NULL, p, pattern, sizeof(wpstring) - 1, STR_TERMINATE);
+	push_ucs2(NULL, i, insert, sizeof(wpstring) - 1, STR_TERMINATE);
+	return all_string_sub_w(s, p, i);
+}
+
+/****************************************************************************
+ splits out the front and back at a separator.
+****************************************************************************/
+void split_at_last_component(char *path, char *front, char sep, char *back)
+{
+	char *p = strrchr_m(path, sep);
+
+	if (p != NULL)
+	{
+		*p = 0;
+	}
+	if (front != NULL)
+	{
+		pstrcpy(front, path);
+	}
+	if (p != NULL)
+	{
+		if (back != NULL)
+		{
+			pstrcpy(back, p+1);
+		}
+		*p = '\\';
+	}
+	else
+	{
+		if (back != NULL)
+		{
+			back[0] = 0;
+		}
+	}
+}
+
+
+/****************************************************************************
+write an octal as a string
+****************************************************************************/
+char *octal_string(int i)
+{
+	static char ret[64];
+	if (i == -1) {
+		return "-1";
+	}
+	slprintf(ret, sizeof(ret)-1, "0%o", i);
+	return ret;
+}
+
+
+/****************************************************************************
+truncate a string at a specified length
+****************************************************************************/
+char *string_truncate(char *s, int length)
+{
+	if (s && strlen(s) > length) {
+		s[length] = 0;
+	}
+	return s;
+}
+
+
+/****************************************************************************
+strchr and strrchr_m are very hard to do on general multi-byte strings. 
+we convert via ucs2 for now
+****************************************************************************/
+char *strchr_m(const char *s, char c)
+{
+	wpstring ws;
+	pstring s2;
+	smb_ucs2_t *p;
+
+	push_ucs2(NULL, ws, s, sizeof(ws), STR_TERMINATE);
+	p = strchr_w(ws, UCS2_CHAR(c));
+	if (!p) return NULL;
+	*p = 0;
+	pull_ucs2_pstring(s2, ws);
+	return (char *)(s+strlen(s2));
+}
+
+char *strrchr_m(const char *s, char c)
+{
+	wpstring ws;
+	pstring s2;
+	smb_ucs2_t *p;
+
+	push_ucs2(NULL, ws, s, sizeof(ws), STR_TERMINATE);
+	p = strrchr_w(ws, UCS2_CHAR(c));
+	if (!p) return NULL;
+	*p = 0;
+	pull_ucs2_pstring(s2, ws);
+	return (char *)(s+strlen(s2));
+}
+
+/*******************************************************************
+  convert a string to lower case
+********************************************************************/
+void strlower_m(char *s)
+{
+	/* this is quite a common operation, so we want it to be
+	   fast. We optimise for the ascii case, knowing that all our
+	   supported multi-byte character sets are ascii-compatible
+	   (ie. they match for the first 128 chars) */
+	while (*s && !(((unsigned char)s[0]) & 0x7F)) {
+		*s++ = tolower((unsigned char)*s);
+	}
+
+	if (!*s) return;
+
+	/* I assume that lowercased string takes the same number of bytes
+	 * as source string even in UTF-8 encoding. (VIV) */
+	unix_strlower(s,strlen(s)+1,s,strlen(s)+1);	
+}
+
+/*******************************************************************
+  convert a string to upper case
+********************************************************************/
+void strupper_m(char *s)
+{
+	/* this is quite a common operation, so we want it to be
+	   fast. We optimise for the ascii case, knowing that all our
+	   supported multi-byte character sets are ascii-compatible
+	   (ie. they match for the first 128 chars) */
+	while (*s && !(((unsigned char)s[0]) & 0x7F)) {
+		*s++ = toupper((unsigned char)*s);
+	}
+
+	if (!*s) return;
+
+	/* I assume that lowercased string takes the same number of bytes
+	 * as source string even in multibyte encoding. (VIV) */
+	unix_strupper(s,strlen(s)+1,s,strlen(s)+1);	
+}
+
+/*
+  return a RFC2254 binary string representation of a buffer
+  used in LDAP filters
+  caller must free
+*/
+char *binary_string(char *buf, int len)
+{
+	char *s;
+	int i, j;
+	const char *hex = "0123456789ABCDEF";
+	s = malloc(len * 3 + 1);
+	if (!s) return NULL;
+	for (j=i=0;i<len;i++) {
+		s[j] = '\\';
+		s[j+1] = hex[((unsigned char)buf[i]) >> 4];
+		s[j+2] = hex[((unsigned char)buf[i]) & 0xF];
+		j += 3;
+	}
+	s[j] = 0;
+	return s;
+}
+
+
+/* Just a typesafety wrapper for snprintf into a pstring */
+int pstr_sprintf(pstring s, const char *fmt, ...)
+{
+	va_list ap;
+	int ret;
+
+	va_start(ap, fmt);
+	ret = vsnprintf(s, PSTRING_LEN, fmt, ap);
+	va_end(ap);
+	return ret;
+}
+
+
+/* Just a typesafety wrapper for snprintf into a fstring */
+int fstr_sprintf(fstring s, const char *fmt, ...)
+{
+	va_list ap;
+	int ret;
+
+	va_start(ap, fmt);
+	ret = vsnprintf(s, FSTRING_LEN, fmt, ap);
+	va_end(ap);
+	return ret;
+}
+
+
+#ifndef HAVE_STRNDUP
+/*******************************************************************
+some platforms don't have strndup
+********************************************************************/
+ char *strndup(const char *s, size_t n)
+{
+	char *ret;
+	int i;
+	for (i=0;s[i] && i<n;i++) ;
+
+	ret = malloc(i+1);
+	if (!ret) return NULL;
+	memcpy(ret, s, i);
+	ret[i] = 0;
+	return ret;
+}
+#endif
diff --git a/source3/lib/util_unistr.c b/source3/lib/util_unistr.c
new file mode 100644
index 0000000000..a1cff26169
--- /dev/null
+++ b/source3/lib/util_unistr.c
@@ -0,0 +1,777 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Samba utility functions
+   Copyright (C) Andrew Tridgell 1992-2001
+   Copyright (C) Simo Sorce 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+#ifndef MAXUNI
+#define MAXUNI 1024
+#endif
+
+/* these 3 tables define the unicode case handling.  They are loaded
+   at startup either via mmap() or read() from the lib directory */
+static smb_ucs2_t *upcase_table;
+static smb_ucs2_t *lowcase_table;
+static uint8 *valid_table;
+
+
+/*******************************************************************
+load the case handling tables
+********************************************************************/
+void load_case_tables(void)
+{
+	static int initialised;
+	int i;
+
+	if (initialised) return;
+	initialised = 1;
+
+	upcase_table = map_file(lib_path("upcase.dat"), 0x20000);
+	lowcase_table = map_file(lib_path("lowcase.dat"), 0x20000);
+
+	/* we would like Samba to limp along even if these tables are
+	   not available */
+	if (!upcase_table) {
+		DEBUG(1,("creating lame upcase table\n"));
+		upcase_table = malloc(0x20000);
+		for (i=0;i<0x10000;i++) {
+			smb_ucs2_t v;
+			SSVAL(&v, 0, i);
+			upcase_table[v] = i;
+		}
+		for (i=0;i<256;i++) {
+			smb_ucs2_t v;
+			SSVAL(&v, 0, UCS2_CHAR(i));
+			upcase_table[v] = UCS2_CHAR(islower(i)?toupper(i):i);
+		}
+	}
+
+	if (!lowcase_table) {
+		DEBUG(1,("creating lame lowcase table\n"));
+		lowcase_table = malloc(0x20000);
+		for (i=0;i<0x10000;i++) {
+			smb_ucs2_t v;
+			SSVAL(&v, 0, i);
+			lowcase_table[v] = i;
+		}
+		for (i=0;i<256;i++) {
+			smb_ucs2_t v;
+			SSVAL(&v, 0, UCS2_CHAR(i));
+			lowcase_table[v] = UCS2_CHAR(isupper(i)?tolower(i):i);
+		}
+	}
+}
+
+/*
+  see if a ucs2 character can be mapped correctly to a dos character
+  and mapped back to the same character in ucs2
+*/
+static int check_dos_char(smb_ucs2_t c)
+{
+	char buf[10];
+	smb_ucs2_t c2 = 0;
+	int len1, len2;
+	len1 = convert_string(CH_UCS2, CH_DOS, &c, 2, buf, sizeof(buf));
+	if (len1 == 0) return 0;
+	len2 = convert_string(CH_DOS, CH_UCS2, buf, len1, &c2, 2);
+	if (len2 != 2) return 0;
+	return (c == c2);
+}
+
+/*******************************************************************
+load the valid character map table
+********************************************************************/
+void init_valid_table(void)
+{
+	static int initialised;
+	static int mapped_file;
+	int i;
+	const char *allowed = ".!#$%&'()_-@^`~";
+
+	if (initialised && mapped_file) return;
+	initialised = 1;
+
+	valid_table = map_file(lib_path("valid.dat"), 0x10000);
+	if (valid_table) {
+		mapped_file = 1;
+		return;
+	}
+
+	if (valid_table) free(valid_table);
+
+	DEBUG(2,("creating default valid table\n"));
+	valid_table = malloc(0x10000);
+	for (i=0;i<128;i++) valid_table[i] = isalnum(i) || 
+				    strchr(allowed,i);
+	for (;i<0x10000;i++) {
+		smb_ucs2_t c;
+		SSVAL(&c, 0, i);
+		valid_table[i] = check_dos_char(c);
+	}
+}
+
+
+/*******************************************************************
+ Write a string in (little-endian) unicode format. src is in
+ the current DOS codepage. len is the length in bytes of the
+ string pointed to by dst.
+
+ if null_terminate is True then null terminate the packet (adds 2 bytes)
+
+ the return value is the length in bytes consumed by the string, including the
+ null termination if applied
+********************************************************************/
+
+size_t dos_PutUniCode(char *dst,const char *src, ssize_t len, BOOL null_terminate)
+{
+	return push_ucs2(NULL, dst, src, len, 
+			 STR_UNICODE|STR_NOALIGN | (null_terminate?STR_TERMINATE:0));
+}
+
+
+/*******************************************************************
+ Skip past a unicode string, but not more than len. Always move
+ past a terminating zero if found.
+********************************************************************/
+
+char *skip_unibuf(char *src, size_t len)
+{
+    char *srcend = src + len;
+
+    while (src < srcend && SVAL(src,0))
+        src += 2;
+
+    if(!SVAL(src,0))
+        src += 2;
+
+    return src;
+}
+
+/* Copy a string from little-endian or big-endian unicode source (depending
+ * on flags) to internal samba format destination
+ */ 
+int rpcstr_pull(char* dest, void *src, int dest_len, int src_len, int flags)
+{
+	if(dest_len==-1) dest_len=MAXUNI-3;
+	return pull_ucs2(NULL, dest, src, dest_len, src_len, flags|STR_UNICODE|STR_NOALIGN);
+}
+
+/* Copy a string from a unistr2 source to internal samba format
+   destination.  Use this instead of direct calls to rpcstr_pull() to avoid
+   having to determine whether the source string is null terminated. */
+
+int rpcstr_pull_unistr2_fstring(char *dest, UNISTR2 *src)
+{
+        return pull_ucs2(NULL, dest, src->buffer, sizeof(fstring),
+                         src->uni_str_len * 2, 0);
+}
+
+/* Converts a string from internal samba format to unicode
+ */ 
+int rpcstr_push(void* dest, const char *src, int dest_len, int flags)
+{
+	return push_ucs2(NULL, dest, src, dest_len, flags|STR_UNICODE|STR_NOALIGN);
+}
+
+/*******************************************************************
+ Return a DOS codepage version of a little-endian unicode string.
+ len is the filename length (ignoring any terminating zero) in uin16
+ units. Always null terminates.
+ Hack alert: uses fixed buffer(s).
+********************************************************************/
+char *dos_unistrn2(const uint16 *src, int len)
+{
+	static char lbufs[8][MAXUNI];
+	static int nexti;
+	char *lbuf = lbufs[nexti];
+	nexti = (nexti+1)%8;
+	pull_ucs2(NULL, lbuf, src, MAXUNI-3, len*2, STR_NOALIGN);
+	return lbuf;
+}
+
+/*******************************************************************
+ Convert a (little-endian) UNISTR2 structure to an ASCII string
+********************************************************************/
+void unistr2_to_ascii(char *dest, const UNISTR2 *str, size_t maxlen)
+{
+	if (str == NULL) {
+		*dest='\0';
+		return;
+	}
+	pull_ucs2(NULL, dest, str->buffer, maxlen, str->uni_str_len*2, STR_NOALIGN);
+}
+
+
+/*******************************************************************
+ duplicate a UNISTR2 string into a null terminated char*
+ using a talloc context
+********************************************************************/
+char *unistr2_tdup(TALLOC_CTX *ctx, const UNISTR2 *str)
+{
+	char *s;
+	int maxlen = (str->uni_str_len+1)*4;
+	if (!str->buffer) return NULL;
+	s = (char *)talloc(ctx, maxlen); /* convervative */
+	if (!s) return NULL;
+	pull_ucs2(NULL, s, str->buffer, maxlen, str->uni_str_len*2, 
+		  STR_NOALIGN);
+	return s;
+}
+
+
+/*******************************************************************
+Return a number stored in a buffer
+********************************************************************/
+
+uint32 buffer2_to_uint32(BUFFER2 *str)
+{
+	if (str->buf_len == 4)
+		return IVAL(str->buffer, 0);
+	else
+		return 0;
+}
+
+/*******************************************************************
+ Convert a wchar to upper case.
+********************************************************************/
+
+smb_ucs2_t toupper_w(smb_ucs2_t val)
+{
+	return upcase_table[SVAL(&val,0)];
+}
+
+/*******************************************************************
+ Convert a wchar to lower case.
+********************************************************************/
+
+smb_ucs2_t tolower_w( smb_ucs2_t val )
+{
+	return lowcase_table[SVAL(&val,0)];
+
+}
+
+/*******************************************************************
+determine if a character is lowercase
+********************************************************************/
+BOOL islower_w(smb_ucs2_t c)
+{
+	return upcase_table[SVAL(&c,0)] != c;
+}
+
+/*******************************************************************
+determine if a character is uppercase
+********************************************************************/
+BOOL isupper_w(smb_ucs2_t c)
+{
+	return lowcase_table[SVAL(&c,0)] != c;
+}
+
+
+/*******************************************************************
+determine if a character is valid in a 8.3 name
+********************************************************************/
+BOOL isvalid83_w(smb_ucs2_t c)
+{
+	return valid_table[SVAL(&c,0)] != 0;
+}
+
+/*******************************************************************
+ Count the number of characters in a smb_ucs2_t string.
+********************************************************************/
+size_t strlen_w(const smb_ucs2_t *src)
+{
+	size_t len;
+
+	for(len = 0; *src++; len++) ;
+
+	return len;
+}
+
+/*******************************************************************
+ Count up to max number of characters in a smb_ucs2_t string.
+********************************************************************/
+size_t strnlen_w(const smb_ucs2_t *src, size_t max)
+{
+	size_t len;
+
+	for(len = 0; *src++ && (len < max); len++) ;
+
+	return len;
+}
+
+/*******************************************************************
+wide strchr()
+********************************************************************/
+smb_ucs2_t *strchr_w(const smb_ucs2_t *s, smb_ucs2_t c)
+{
+	while (*s != 0) {
+		if (c == *s) return (smb_ucs2_t *)s;
+		s++;
+	}
+	return NULL;
+}
+
+smb_ucs2_t *strchr_wa(const smb_ucs2_t *s, char c)
+{
+	return strchr_w(s, UCS2_CHAR(c));
+}
+
+smb_ucs2_t *strrchr_w(const smb_ucs2_t *s, smb_ucs2_t c)
+{
+	const smb_ucs2_t *p = s;
+	int len = strlen_w(s);
+	if (len == 0) return NULL;
+	p += (len - 1);
+	do {
+		if (c == *p) return (smb_ucs2_t *)p;
+	} while (p-- != s);
+	return NULL;
+}
+
+/*******************************************************************
+wide strstr()
+********************************************************************/
+smb_ucs2_t *strstr_w(const smb_ucs2_t *s, const smb_ucs2_t *ins)
+{
+	smb_ucs2_t *r;
+	size_t slen, inslen;
+
+	if (!s || !*s || !ins || !*ins) return NULL;
+	slen = strlen_w(s);
+	inslen = strlen_w(ins);
+	r = (smb_ucs2_t *)s;
+	while ((r = strchr_w(r, *ins))) {
+		if (strncmp_w(r, ins, inslen) == 0) return r;
+		r++;
+	}
+	return NULL;
+}
+
+/*******************************************************************
+ Convert a string to lower case.
+ return True if any char is converted
+********************************************************************/
+BOOL strlower_w(smb_ucs2_t *s)
+{
+	BOOL ret = False;
+	while (*s) {
+		smb_ucs2_t v = tolower_w(*s);
+		if (v != *s) {
+			*s = v;
+			ret = True;
+		}
+		s++;
+	}
+	return ret;
+}
+
+/*******************************************************************
+ Convert a string to upper case.
+ return True if any char is converted
+********************************************************************/
+BOOL strupper_w(smb_ucs2_t *s)
+{
+	BOOL ret = False;
+	while (*s) {
+		smb_ucs2_t v = toupper_w(*s);
+		if (v != *s) {
+			*s = v;
+			ret = True;
+		}
+		s++;
+	}
+	return ret;
+}
+
+/*******************************************************************
+  convert a string to "normal" form
+********************************************************************/
+void strnorm_w(smb_ucs2_t *s)
+{
+  extern int case_default;
+  if (case_default == CASE_UPPER)
+    strupper_w(s);
+  else
+    strlower_w(s);
+}
+
+int strcmp_w(const smb_ucs2_t *a, const smb_ucs2_t *b)
+{
+	while (*b && *a == *b) { a++; b++; }
+	return (*a - *b);
+	/* warning: if *a != *b and both are not 0 we retrun a random
+		greater or lesser than 0 number not realted to which
+		string is longer */
+}
+
+int strncmp_w(const smb_ucs2_t *a, const smb_ucs2_t *b, size_t len)
+{
+	size_t n = 0;
+	while ((n < len) && *b && *a == *b) { a++; b++; n++;}
+	return (len - n)?(*a - *b):0;	
+}
+
+/*******************************************************************
+case insensitive string comparison
+********************************************************************/
+int strcasecmp_w(const smb_ucs2_t *a, const smb_ucs2_t *b)
+{
+	while (*b && toupper_w(*a) == toupper_w(*b)) { a++; b++; }
+	return (tolower_w(*a) - tolower_w(*b));
+}
+
+/*******************************************************************
+case insensitive string comparison, lenght limited
+********************************************************************/
+int strncasecmp_w(const smb_ucs2_t *a, const smb_ucs2_t *b, size_t len)
+{
+	size_t n = 0;
+	while ((n < len) && *b && (toupper_w(*a) == toupper_w(*b))) { a++; b++; n++; }
+	return (len - n)?(tolower_w(*a) - tolower_w(*b)):0;
+}
+
+/*******************************************************************
+  compare 2 strings 
+********************************************************************/
+BOOL strequal_w(const smb_ucs2_t *s1, const smb_ucs2_t *s2)
+{
+	if (s1 == s2) return(True);
+	if (!s1 || !s2) return(False);
+  
+	return(strcasecmp_w(s1,s2)==0);
+}
+
+/*******************************************************************
+  compare 2 strings up to and including the nth char.
+  ******************************************************************/
+BOOL strnequal_w(const smb_ucs2_t *s1,const smb_ucs2_t *s2,size_t n)
+{
+  if (s1 == s2) return(True);
+  if (!s1 || !s2 || !n) return(False);
+  
+  return(strncasecmp_w(s1,s2,n)==0);
+}
+
+/*******************************************************************
+duplicate string
+********************************************************************/
+smb_ucs2_t *strdup_w(const smb_ucs2_t *src)
+{
+	return strndup_w(src, 0);
+}
+
+/* if len == 0 then duplicate the whole string */
+smb_ucs2_t *strndup_w(const smb_ucs2_t *src, size_t len)
+{
+	smb_ucs2_t *dest;
+	
+	if (!len) len = strlen_w(src);
+	dest = (smb_ucs2_t *)malloc((len + 1) * sizeof(smb_ucs2_t));
+	if (!dest) {
+		DEBUG(0,("strdup_w: out of memory!\n"));
+		return NULL;
+	}
+
+	memcpy(dest, src, len * sizeof(smb_ucs2_t));
+	dest[len] = 0;
+	
+	return dest;
+}
+
+/*******************************************************************
+copy a string with max len
+********************************************************************/
+
+smb_ucs2_t *strncpy_w(smb_ucs2_t *dest, const smb_ucs2_t *src, const size_t max)
+{
+	size_t len;
+	
+	if (!dest || !src) return NULL;
+	
+	for (len = 0; (src[len] != 0) && (len < max); len++)
+		dest[len] = src[len];
+	while (len < max)
+		dest[len++] = 0;
+	
+	return dest;
+}
+
+
+/*******************************************************************
+append a string of len bytes and add a terminator
+********************************************************************/
+
+smb_ucs2_t *strncat_w(smb_ucs2_t *dest, const smb_ucs2_t *src, const size_t max)
+{	
+	size_t start;
+	size_t len;	
+	
+	if (!dest || !src) return NULL;
+	
+	start = strlen_w(dest);
+	len = strnlen_w(src, max);
+
+	memcpy(&dest[start], src, len*sizeof(smb_ucs2_t));			
+	dest[start+len] = 0;
+	
+	return dest;
+}
+
+smb_ucs2_t *strcat_w(smb_ucs2_t *dest, const smb_ucs2_t *src)
+{	
+	size_t start;
+	size_t len;	
+	
+	if (!dest || !src) return NULL;
+	
+	start = strlen_w(dest);
+	len = strlen_w(src);
+
+	memcpy(&dest[start], src, len*sizeof(smb_ucs2_t));			
+	dest[start+len] = 0;
+	
+	return dest;
+}
+
+
+/*******************************************************************
+replace any occurence of oldc with newc in unicode string
+********************************************************************/
+
+void string_replace_w(smb_ucs2_t *s, smb_ucs2_t oldc, smb_ucs2_t newc)
+{
+	for(;*s;s++) {
+		if(*s==oldc) *s=newc;
+	}
+}
+
+/*******************************************************************
+trim unicode string
+********************************************************************/
+
+BOOL trim_string_w(smb_ucs2_t *s, const smb_ucs2_t *front,
+				  const smb_ucs2_t *back)
+{
+	BOOL ret = False;
+	size_t len, front_len, back_len;
+
+	if (!s || !*s) return False;
+
+	len = strlen_w(s);
+
+	if (front && *front) {
+		front_len = strlen_w(front);
+		while (len && strncmp_w(s, front, front_len) == 0) {
+			memmove(s, (s + front_len), (len - front_len + 1) * sizeof(smb_ucs2_t));
+			len -= front_len;
+			ret = True;
+		}
+	}
+	
+	if (back && *back) {
+		back_len = strlen_w(back);
+		while (len && strncmp_w((s + (len - back_len)), back, back_len) == 0) {
+			s[len - back_len] = 0;
+			len -= back_len;
+			ret = True;
+		}
+	}
+
+	return ret;
+}
+
+/*
+  The *_wa() functions take a combination of 7 bit ascii
+  and wide characters They are used so that you can use string
+  functions combining C string constants with ucs2 strings
+
+  The char* arguments must NOT be multibyte - to be completely sure
+  of this only pass string constants */
+
+
+void pstrcpy_wa(smb_ucs2_t *dest, const char *src)
+{
+	int i;
+	for (i=0;i<PSTRING_LEN;i++) {
+		dest[i] = UCS2_CHAR(src[i]);
+		if (src[i] == 0) return;
+	}
+}
+
+int strcmp_wa(const smb_ucs2_t *a, const char *b)
+{
+	while (*b && *a == UCS2_CHAR(*b)) { a++; b++; }
+	return (*a - UCS2_CHAR(*b));
+}
+
+int strncmp_wa(const smb_ucs2_t *a, const char *b, size_t len)
+{
+	size_t n = 0;
+	while ((n < len) && *b && *a == UCS2_CHAR(*b)) { a++; b++; n++;}
+	return (len - n)?(*a - UCS2_CHAR(*b)):0;
+}
+
+smb_ucs2_t *strpbrk_wa(const smb_ucs2_t *s, const char *p)
+{
+	while (*s != 0) {
+		int i;
+		for (i=0; p[i] && *s != UCS2_CHAR(p[i]); i++) 
+			;
+		if (p[i]) return (smb_ucs2_t *)s;
+		s++;
+	}
+	return NULL;
+}
+
+smb_ucs2_t *strstr_wa(const smb_ucs2_t *s, const char *ins)
+{
+	smb_ucs2_t *r;
+	size_t slen, inslen;
+
+	if (!s || !*s || !ins || !*ins) return NULL;
+	slen = strlen_w(s);
+	inslen = strlen(ins);
+	r = (smb_ucs2_t *)s;
+	while ((r = strchr_w(r, UCS2_CHAR(*ins)))) {
+		if (strncmp_wa(r, ins, inslen) == 0) return r;
+		r++;
+	}
+	return NULL;
+}
+
+/*******************************************************************
+copy a string with max len
+********************************************************************/
+
+smb_ucs2_t *strncpy_wa(smb_ucs2_t *dest, const char *src, const size_t max)
+{
+	smb_ucs2_t *ucs2_src;
+
+	if (!dest || !src) return NULL;
+	if (!(ucs2_src = acnv_uxu2(src)))
+		return NULL;
+	
+	strncpy_w(dest, ucs2_src, max);
+	SAFE_FREE(ucs2_src);
+	return dest;
+}
+
+/*******************************************************************
+convert and duplicate an ascii string
+********************************************************************/
+smb_ucs2_t *strdup_wa(const char *src)
+{
+	return strndup_wa(src, 0);
+}
+
+/* if len == 0 then duplicate the whole string */
+smb_ucs2_t *strndup_wa(const char *src, size_t len)
+{
+	smb_ucs2_t *dest, *s;
+
+	s = acnv_dosu2(src);	
+	if (!len) len = strlen_w(s);
+	dest = (smb_ucs2_t *)malloc((len + 1) * sizeof(smb_ucs2_t));
+	if (!dest) {
+		DEBUG(0,("strdup_w: out of memory!\n"));
+		SAFE_FREE(s);
+		return NULL;
+	}
+
+	memcpy(dest, src, len * sizeof(smb_ucs2_t));
+	dest[len] = 0;
+
+	SAFE_FREE(s);
+	return dest;
+}
+
+/*******************************************************************
+append a string of len bytes and add a terminator
+********************************************************************/
+
+smb_ucs2_t *strncat_wa(smb_ucs2_t *dest, const char *src, const size_t max)
+{
+	smb_ucs2_t *ucs2_src;
+
+	if (!dest || !src) return NULL;
+	if (!(ucs2_src = acnv_uxu2(src)))
+		return NULL;
+	
+	strncat_w(dest, ucs2_src, max);
+	SAFE_FREE(ucs2_src);
+	return dest;
+}
+
+smb_ucs2_t *strcat_wa(smb_ucs2_t *dest, const char *src)
+{	
+	smb_ucs2_t *ucs2_src;
+	
+	if (!dest || !src) return NULL;
+	if (!(ucs2_src = acnv_uxu2(src)))
+		return NULL;
+	
+	strcat_w(dest, ucs2_src);
+	SAFE_FREE(ucs2_src);
+	return dest;
+}
+
+BOOL trim_string_wa(smb_ucs2_t *s, const char *front,
+				  const char *back)
+{
+	wpstring f, b;
+
+	if (front) push_ucs2(NULL, f, front, sizeof(wpstring) - 1, STR_TERMINATE);
+	else *f = 0;
+	if (back) push_ucs2(NULL, b, back, sizeof(wpstring) - 1, STR_TERMINATE);
+	else *b = 0;
+	return trim_string_w(s, f, b);
+}
+
+/*******************************************************************
+ returns the length in number of wide characters
+ ******************************************************************/
+int unistrlen(uint16 *s)
+{
+	int len;
+
+	if (!s)
+		return -1;
+
+	for (len=0; *s; s++,len++);
+
+	return len;
+}
+
+/*******************************************************************
+ Strcpy for unicode strings.  returns length (in num of wide chars)
+********************************************************************/
+
+int unistrcpy(uint16 *dst, uint16 *src)
+{
+	int num_wchars = 0;
+
+	while (*src) {
+		*dst++ = *src++;
+		num_wchars++;
+	}
+	*dst = 0;
+
+	return num_wchars;
+}
diff --git a/source3/lib/wins_srv.c b/source3/lib/wins_srv.c
new file mode 100644
index 0000000000..0181ee0956
--- /dev/null
+++ b/source3/lib/wins_srv.c
@@ -0,0 +1,339 @@
+/*
+   Unix SMB/CIFS implementation.
+   Samba utility functions
+   Copyright (C) Andrew Tridgell 1992-1998
+   Copyright (C) Christopher R. Hertel 2000
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/* -------------------------------------------------------------------------- **
+ * Discussion...
+ *
+ * This module implements WINS failover.
+ *
+ * Microsoft's WINS servers provide a feature called WINS replication,
+ * which synchronises the WINS name databases between two or more servers. 
+ * This means that the two servers can be used interchangably (more or
+ * less). WINS replication is particularly useful if you are trying to
+ * synchronise the WINS namespace between servers in remote locations, or
+ * if your WINS servers tend to crash a lot. 
+ *
+ * WINS failover allows the client to 'switch' to a different WINS server
+ * if the current WINS server mysteriously disappears.  On Windows
+ * systems, this is typically represented as 'primary' and 'secondary'
+ * WINS servers. 
+ *
+ * Failover only works if the WINS servers are synced.  If they are not,
+ * then
+ *   a) if the primary WINS server never fails the client will never 'see'
+ *      the secondary (or tertiary or...) WINS server name space.
+ *   b) if the primary *does* fail, the client will be entering an
+ *      unfamiliar namespace.  The client itself will not be registered in
+ *      that namespace and any names which match names in the previous
+ *      space will likely resolve to different host IP addresses.
+ *
+ * One key thing to remember regarding WINS failover is that Samba does
+ * not (yet) implement WINS replication.  For those interested, sniff port
+ * 42 (TCP? UDP? ...dunno off hand) and see what two MS WINS servers do. 
+ *
+ * At this stage, only failover is implemented.  The next thing is to add
+ * support for multi-WINS server registration and query (multi-membership).
+ *
+ * Multi-membership is a little wierd.  The idea is that the client can
+ * register itself with multiple non-replicated WINS servers, and query
+ * all of those servers (in a prescribed sequence) to resolve a name. 
+ *
+ * The implications of multi-membership are not quite clear.  Worth
+ * trying, I suppose.  Changes will be needed in the name query and
+ * registration code to accomodate this feature.  Also, there will need to
+ * be some sort of syntax extension for the 'wins server' parameter in
+ * smb.conf.  I'm thinking that a colon could be used as a separator. 
+ *
+ * Of course, for each WINS namespace there might be multiple, synced WINS
+ * servers.  The change to this module would likely be the addition of a
+ * linked list of linked lists.
+ *
+ * crh@samba.org
+ */
+
+/* -------------------------------------------------------------------------- **
+ * Defines... 
+ *
+ *   NECROMANCYCLE - The dead server retry period, in seconds.  When a WINS
+ *                   server is declared dead, wait this many seconds before
+ *                   attempting to communicate with it.
+ */
+
+#define NECROMANCYCLE 600   /* 600 seconds == 10 minutes. */
+
+/* -------------------------------------------------------------------------- **
+ * Typedefs...
+ */
+
+typedef struct
+  {
+  ubi_slNode     node;      /* Linked list node structure.                  */
+  time_t         mourning;  /* If > current time then server is dead, Jim.  */
+  char          *server;    /* DNS name or IP of NBNS server to query.      */
+  struct in_addr ip_addr;   /* Cache translated IP.                         */
+  } list_entry;
+
+/* -------------------------------------------------------------------------- **
+ * Private, static variables.
+ */
+
+static ubi_slNewList( wins_srv_list );
+
+/* -------------------------------------------------------------------------- **
+ * Functions...
+ */
+
+
+BOOL wins_srv_load_list( char *src )
+  /* ------------------------------------------------------------------------ **
+   * Create or recreate the linked list of failover WINS servers.
+   *
+   *  Input:  src - String of DNS names and/or IP addresses delimited by the
+   *                characters listed in LIST_SEP (see include/local.h).
+   *
+   *  Output: True if at least one name or IP could be parsed out of the
+   *          list, else False.
+   *
+   *  Notes:  There is no syntax checking done on the names or IPs.  We do
+   *          check to see if the field is an IP, in which case we copy it
+   *          to the ip_addr field of the entry.  Don't bother to to a host
+   *          name lookup on all names now.  They're done as needed in
+   *          wins_srv_ip().
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  list_entry   *entry;
+  char         *p = src;
+  pstring       wins_id_bufr;
+  unsigned long count;
+
+  /* Empty the list. */
+  while( NULL != (entry =(list_entry *)ubi_slRemHead( wins_srv_list )) )
+    {
+    SAFE_FREE( entry->server );
+    SAFE_FREE( entry );
+    }
+  (void)ubi_slInitList( wins_srv_list );  /* shouldn't be needed */
+
+  /* Parse out the DNS names or IP addresses of the WINS servers. */
+  DEBUG( 4, ("wins_srv_load_list(): Building WINS server list:\n") );
+  while( next_token( &p, wins_id_bufr, LIST_SEP, sizeof( wins_id_bufr ) ) )
+    {
+    entry = (list_entry *)malloc( sizeof( list_entry ) );
+    if( NULL == entry )
+      {
+      DEBUG( 0, ("wins_srv_load_list(): malloc(list_entry) failed.\n") );
+      }
+    else
+      {
+      entry->mourning = 0;
+      /* Create a copy of the server name and store it in the list. */
+      if( NULL == (entry->server = strdup( wins_id_bufr )) )
+        {
+        SAFE_FREE( entry );
+        DEBUG( 0,
+          ("wins_srv_load_list(): strdup(\"%s\") failed.\n", wins_id_bufr) );
+        }
+      else
+        {
+        /* Add server to list.
+         * If the server name was actually an IP address we will store that
+         * too.  It it was a DNS name, we will wait until we need to use
+         * the WINS server before doing the DNS lookup.  Since this may be
+         * a list, and since we will reload the list whenever smb.conf is
+         * reloaded, there's no point in trying to look up names until we
+         * need them.  ...of course, once we do the lookup we will cache
+         * the result.  See wins_srv_ip().
+         */
+        if( is_ipaddress( wins_id_bufr ) )
+          entry->ip_addr = *interpret_addr2( wins_id_bufr );
+        else
+          entry->ip_addr = *interpret_addr2( "0.0.0.0" );
+        (void)ubi_slAddTail( wins_srv_list, entry );
+        DEBUGADD( 4, ("%s,\n", wins_id_bufr) );
+        }
+      }
+    }
+
+  count = ubi_slCount( wins_srv_list );
+  DEBUGADD( 4,
+    ( "%d WINS server%s listed.\n", (int)count, (1==count)?"":"s" ) );
+
+  return( (count > 0) ? True : False );
+  } /* wins_srv_load_list */
+
+
+struct in_addr wins_srv_ip( void )
+  /* ------------------------------------------------------------------------ **
+   * Return the IP address of an NBNS (WINS) server thought to be active.
+   *
+   *  Input:  none.
+   *
+   *  Output: An IP address in struct in_addr form.
+   *
+   *  Notes:  This function will return the IP address of the first available
+   *          NBNS (WINS) server.  The order of the list is determined in
+   *          smb.conf.  If all of the WINS servers have been marked 'dead'
+   *          then the zero IP (0.0.0.0) is returned.  The zero IP is not a
+   *          valid Unicast address on any system.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  time_t      now     = time(NULL);
+  list_entry *entry   = (list_entry *)ubi_slFirst( wins_srv_list );
+
+  while( NULL != entry )
+    {
+    if( now >= entry->mourning )        /* Found a live one. */
+      {
+      /* If we don't have the IP, look it up. */
+      if( is_zero_ip( entry->ip_addr ) )
+        entry->ip_addr = *interpret_addr2( entry->server );
+
+      /* If we still don't have the IP then kill it, else return it. */
+      if( is_zero_ip( entry->ip_addr ) )
+        entry->mourning = now + NECROMANCYCLE;
+      else
+        return( entry->ip_addr );
+      }
+    entry = (list_entry *)ubi_slNext( entry );
+    }
+
+  /* If there are no live entries, return the zero IP. */
+  return( *interpret_addr2( "0.0.0.0" ) );
+  } /* wins_srv_ip */
+
+
+char *wins_srv_name( void )
+  /* ------------------------------------------------------------------------ **
+   * Return the name of first live WINS server in the list.
+   *
+   *  Input:  none.
+   *
+   *  Output: A pointer to a string containing either the DNS name or IP
+   *          address of the WINS server as given in the WINS SERVER
+   *          parameter in smb.conf, or NULL if no (live) WINS servers are
+   *          in the list.
+   *
+   *  Notes:  This function will return the name of the first available
+   *          NBNS (WINS) server.  The order of the list is determined in
+   *          smb.conf.  If all of the WINS servers have been marked 'dead'
+   *          then NULL is returned.
+   *
+   *        - This function does not verify that the name can be mapped to
+   *          an IP address, or that the WINS server is running.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  time_t      now     = time(NULL);
+  list_entry *entry   = (list_entry *)ubi_slFirst( wins_srv_list );
+   
+  while( NULL != entry )
+    {
+    if( now >= entry->mourning )
+      return( entry->server );          /* Found a live one. */
+    entry = (list_entry *)ubi_slNext( entry );
+    }
+   
+  /* If there are no live entries, return NULL. */
+  return( NULL );
+  } /* wins_srv_name */
+
+
+void wins_srv_died( struct in_addr boothill_ip )
+  /* ------------------------------------------------------------------------ **
+   * Called to indicate that a specific WINS server has died.
+   *
+   *  Input:  boothill_ip - IP address of an NBNS (WINS) server that has
+   *                        failed.
+   *
+   *  Notes:  This function marks the record 'dead' for NECROMANCYCLE
+   *          seconds.  
+   *
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  list_entry *entry;
+
+  if( is_zero_ip( boothill_ip ) )
+    {
+    DEBUG( 4, ("wins_srv_died(): Invalid request to mark zero IP down.\n") );
+    return;
+    }
+
+  entry = (list_entry *)ubi_slFirst( wins_srv_list );
+  while( NULL != entry )
+    {
+    /* Match based on IP. */
+    if( ip_equal( boothill_ip, entry->ip_addr ) )
+      {
+      entry->mourning = time(NULL) + NECROMANCYCLE;
+      entry->ip_addr.s_addr = 0;  /* Force a re-lookup at re-birth. */
+      DEBUG( 2, ( "wins_srv_died(): WINS server %s appears to be down.\n", 
+                  entry->server ) );
+      return;
+      }
+    entry = (list_entry *)ubi_slNext( entry );
+    }
+
+  if( DEBUGLVL( 1 ) )
+    {
+    dbgtext( "wins_srv_died(): Could not mark WINS server %s down.\n",
+              inet_ntoa( boothill_ip ) );
+    dbgtext( "Address not found in server list.\n" );
+    }
+  } /* wins_srv_died */
+
+
+unsigned long wins_srv_count( void )
+  /* ------------------------------------------------------------------------ **
+   * Return the total number of entries in the list, dead or alive.
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  unsigned long count = ubi_slCount( wins_srv_list );
+
+  if( DEBUGLVL( 8 ) )
+    {
+    list_entry *entry = (list_entry *)ubi_slFirst( wins_srv_list );
+    time_t      now   = time(NULL);
+
+    dbgtext( "wins_srv_count: WINS status: %ld servers.\n", count );
+    while( NULL != entry )
+      {
+      dbgtext( "  %s <%s>: ", entry->server, inet_ntoa( entry->ip_addr ) );
+      if( now >= entry->mourning )
+        dbgtext( "alive\n" );
+      else
+        dbgtext( "dead for %d more seconds\n", (int)(entry->mourning - now) );
+
+      entry = (list_entry *)ubi_slNext( entry );
+      }
+    }
+
+  return( count );
+  } /* wins_srv_count */
+
+/* ========================================================================== */
diff --git a/source3/lib/xfile.c b/source3/lib/xfile.c
new file mode 100644
index 0000000000..00ea6e5cac
--- /dev/null
+++ b/source3/lib/xfile.c
@@ -0,0 +1,339 @@
+/* 
+   Unix SMB/CIFS implementation.
+   stdio replacement
+   Copyright (C) Andrew Tridgell 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+/*
+  stdio is very convenient, but on some systems the file descriptor
+  in FILE* is 8 bits, so it fails when more than 255 files are open. 
+
+  XFILE replaces stdio. It is less efficient, but at least it works
+  when you have lots of files open
+
+  The main restriction on XFILE is that it doesn't support seeking,
+  and doesn't support O_RDWR. That keeps the code simple.
+*/
+
+#include "includes.h"
+
+static XFILE _x_stdin =  { 0, NULL, NULL, 0, 0, O_RDONLY, X_IOFBF, 0 };
+static XFILE _x_stdout = { 1, NULL, NULL, 0, 0, O_WRONLY, X_IOLBF, 0 };
+static XFILE _x_stderr = { 2, NULL, NULL, 0, 0, O_WRONLY, X_IONBF, 0 };
+
+XFILE *x_stdin = &_x_stdin;
+XFILE *x_stdout = &_x_stdout;
+XFILE *x_stderr = &_x_stderr;
+
+#define XBUFSIZE BUFSIZ
+
+#define X_FLAG_EOF 1
+#define X_FLAG_ERROR 2
+
+/* simulate setvbuf() */
+int x_setvbuf(XFILE *f, char *buf, int mode, size_t size)
+{
+	x_fflush(f);
+	if (f->bufused) return -1;
+
+	/* on files being read full buffering is the only option */
+	if ((f->open_flags & O_ACCMODE) == O_RDONLY) {
+		mode = X_IOFBF;
+	}
+
+	/* destroy any earlier buffer */
+	SAFE_FREE(f->buf);
+	f->buf = 0;
+	f->bufsize = 0;
+	f->next = NULL;
+	f->bufused = 0;
+	f->buftype = mode;
+
+	if (f->buftype == X_IONBF) return 0;
+
+	/* if buffering then we need some size */
+	if (size == 0) size = XBUFSIZE;
+
+	f->bufsize = size;
+	f->bufused = 0;
+
+	return 0;
+}
+
+/* allocate the buffer */
+static int x_allocate_buffer(XFILE *f)
+{
+	if (f->buf) return 1;
+	if (f->bufsize == 0) return 0;
+	f->buf = malloc(f->bufsize);
+	if (!f->buf) return 0;
+	f->next = f->buf;
+	return 1;
+}
+
+
+/* this looks more like open() than fopen(), but that is quite deliberate.
+   I want programmers to *think* about O_EXCL, O_CREAT etc not just
+   get them magically added 
+*/
+XFILE *x_fopen(const char *fname, int flags, mode_t mode)
+{
+	XFILE *ret;
+
+	ret = (XFILE *)malloc(sizeof(XFILE));
+	if (!ret) return NULL;
+
+	memset(ret, 0, sizeof(XFILE));
+
+	if ((flags & O_ACCMODE) == O_RDWR) {
+		/* we don't support RDWR in XFILE - use file 
+		   descriptors instead */
+		errno = EINVAL;
+		return NULL;
+	}
+
+	ret->open_flags = flags;
+
+	ret->fd = sys_open(fname, flags, mode);
+	if (ret->fd == -1) {
+		SAFE_FREE(ret);
+		return NULL;
+	}
+
+	x_setvbuf(ret, NULL, X_IOFBF, XBUFSIZE);
+	
+	return ret;
+}
+
+/* simulate fclose() */
+int x_fclose(XFILE *f)
+{
+	int ret;
+
+	/* make sure we flush any buffered data */
+	x_fflush(f);
+
+	ret = close(f->fd);
+	f->fd = -1;
+	if (f->buf) {
+		/* make sure data can't leak into a later malloc */
+		memset(f->buf, 0, f->bufsize);
+		SAFE_FREE(f->buf);
+	}
+	SAFE_FREE(f);
+	return ret;
+}
+
+/* simulate fwrite() */
+int x_fwrite(const void *p, size_t size, size_t nmemb, XFILE *f)
+{
+	int ret, total=0;
+
+	/* we might be writing unbuffered */
+	if (f->buftype == X_IONBF || 
+	    (!f->buf && !x_allocate_buffer(f))) {
+		ret = write(f->fd, p, size*nmemb);
+		if (ret == -1) return -1;
+		return ret/size;
+	} 
+
+
+	while (total < size*nmemb) {
+		int n = f->bufsize - f->bufused;
+		n = MIN(n, (size*nmemb)-total);
+
+		if (n == 0) {
+			/* it's full, flush it */
+			x_fflush(f);
+			continue;
+		}
+
+		memcpy(f->buf + f->bufused, total+(const char *)p, n);
+		f->bufused += n;
+		total += n;
+	}
+
+	/* when line buffered we need to flush at the last linefeed. This can
+	   flush a bit more than necessary, but that is harmless */
+	if (f->buftype == X_IOLBF && f->bufused) {
+		int i;
+		for (i=size-1; i>=0; i--) {
+			if (*(i+(const char *)p) == '\n') {
+				x_fflush(f);
+				break;
+			}
+		}
+	}
+
+	return total/size;
+}
+
+/* thank goodness for asprintf() */
+int x_vfprintf(XFILE *f, const char *format, va_list ap)
+{
+	char *p;
+	int len, ret;
+	len = vasprintf(&p, format, ap);
+	if (len <= 0) return len;
+	ret = x_fwrite(p, 1, len, f);
+	SAFE_FREE(p);
+	return ret;
+}
+
+int x_fprintf(XFILE *f, const char *format, ...)
+{
+	va_list ap;
+	int ret;
+
+	va_start(ap, format);
+	ret = x_vfprintf(f, format, ap);
+	va_end(ap);
+	return ret;
+}
+
+/* at least fileno() is simple! */
+int x_fileno(XFILE *f)
+{
+	return f->fd;
+}
+
+/* simulate fflush() */
+int x_fflush(XFILE *f)
+{
+	int ret;
+
+	if (f->flags & X_FLAG_ERROR) return -1;
+
+	if ((f->open_flags & O_ACCMODE) != O_WRONLY) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	if (f->bufused == 0) return 0;
+
+	ret = write(f->fd, f->buf, f->bufused);
+	if (ret == -1) return -1;
+	
+	f->bufused -= ret;
+	if (f->bufused > 0) {
+		f->flags |= X_FLAG_ERROR;
+		memmove(f->buf, ret + (char *)f->buf, f->bufused);
+		return -1;
+	}
+
+	return 0;
+}
+
+/* simulate setbuffer() */
+void x_setbuffer(XFILE *f, char *buf, size_t size)
+{
+	x_setvbuf(f, buf, buf?X_IOFBF:X_IONBF, size);
+}
+
+/* simulate setbuf() */
+void x_setbuf(XFILE *f, char *buf)
+{
+	x_setvbuf(f, buf, buf?X_IOFBF:X_IONBF, XBUFSIZE);
+}
+
+/* simulate setlinebuf() */
+void x_setlinebuf(XFILE *f)
+{
+	x_setvbuf(f, NULL, X_IOLBF, 0);
+}
+
+
+/* simulate feof() */
+int x_feof(XFILE *f)
+{
+	if (f->flags & X_FLAG_EOF) return 1;
+	return 0;
+}
+
+/* simulate ferror() */
+int x_ferror(XFILE *f)
+{
+	if (f->flags & X_FLAG_ERROR) return 1;
+	return 0;
+}
+
+/* fill the read buffer */
+static void x_fillbuf(XFILE *f)
+{
+	int n;
+
+	if (f->bufused) return;
+
+	if (!f->buf && !x_allocate_buffer(f)) return;
+
+	n = read(f->fd, f->buf, f->bufsize);
+	if (n <= 0) return;
+	f->bufused = n;
+	f->next = f->buf;
+}
+
+/* simulate fgetc() */
+int x_fgetc(XFILE *f)
+{
+	int ret;
+
+	if (f->flags & (X_FLAG_EOF | X_FLAG_ERROR)) return EOF;
+	
+	if (f->bufused == 0) x_fillbuf(f);
+
+	if (f->bufused == 0) {
+		f->flags |= X_FLAG_EOF;
+		return EOF;
+	}
+
+	ret = *(unsigned char *)(f->next);
+	f->next++;
+	f->bufused--;
+	return ret;
+}
+
+/* simulate fread */
+size_t x_fread(void *p, size_t size, size_t nmemb, XFILE *f)
+{
+	size_t total = 0;
+	while (total < size*nmemb) {
+		int c = x_fgetc(f);
+		if (c == EOF) break;
+		(total+(char *)p)[0] = (char)c;
+		total++;
+	}
+	return total/size;
+}
+
+/* simulate fgets() */
+char *x_fgets(char *s, int size, XFILE *stream) 
+{
+	char *s0 = s;
+	int l = size;
+	while (l>1) {
+		int c = x_fgetc(stream);
+		if (c == EOF) break;
+		*s++ = (char)c;
+		l--;
+		if (c == '\n') break;
+	}
+	if (l==size || x_ferror(stream)) {
+		return 0;
+	}
+	*s = 0;
+	return s0;
+}
diff --git a/source3/libads/.cvsignore b/source3/libads/.cvsignore
new file mode 100644
index 0000000000..5f2a5c4cf7
--- /dev/null
+++ b/source3/libads/.cvsignore
@@ -0,0 +1,2 @@
+*.po
+*.po32
diff --git a/source3/libads/ads_status.c b/source3/libads/ads_status.c
new file mode 100644
index 0000000000..2d1830435f
--- /dev/null
+++ b/source3/libads/ads_status.c
@@ -0,0 +1,95 @@
+/* 
+   Unix SMB/CIFS implementation.
+   ads (active directory) utility library
+   Copyright (C) Andrew Tridgell 2001
+   Copyright (C) Remus Koos 2001
+   Copyright (C) Andrew Bartlett 2001
+   
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/*
+  build a ADS_STATUS structure
+*/
+ADS_STATUS ads_build_error(enum ads_error_type etype, 
+			   int rc, int minor_status)
+{
+	ADS_STATUS ret;
+	ret.error_type = etype;
+	ret.rc = rc;
+	ret.minor_status = minor_status;
+	return ret;
+}
+
+/*
+  do a rough conversion between ads error codes and NT status codes
+  we'll need to fill this in more
+*/
+NTSTATUS ads_ntstatus(ADS_STATUS rc)
+{
+	if (ADS_ERR_OK(rc)) return NT_STATUS_OK;
+	return NT_STATUS_UNSUCCESSFUL;
+}
+
+/*
+  return a string for an error from a ads routine
+*/
+const char *ads_errstr(ADS_STATUS status)
+{
+	int msg_ctx;
+	static char *ret;
+
+	SAFE_FREE(ret);
+	msg_ctx = 0;
+
+	switch (status.error_type) {
+	case ADS_ERROR_SYSTEM:
+		return strerror(status.rc);
+#ifdef HAVE_LDAP
+	case ADS_ERROR_LDAP:
+		return ldap_err2string(status.rc);
+#endif
+#ifdef HAVE_KRB5
+	case ADS_ERROR_KRB5: 
+		return error_message(status.rc);
+#endif
+#ifdef HAVE_GSSAPI
+	case ADS_ERROR_GSS:
+	{
+		uint32 minor;
+		
+		gss_buffer_desc msg1, msg2;
+		msg1.value = NULL;
+		msg2.value = NULL;
+		gss_display_status(&minor, status.rc, GSS_C_GSS_CODE,
+				   GSS_C_NULL_OID, &msg_ctx, &msg1);
+		gss_display_status(&minor, status.minor_status, GSS_C_MECH_CODE,
+				   GSS_C_NULL_OID, &msg_ctx, &msg2);
+		asprintf(&ret, "%s : %s", (char *)msg1.value, (char *)msg2.value);
+		gss_release_buffer(&minor, &msg1);
+		gss_release_buffer(&minor, &msg2);
+		return ret;
+	}
+#endif
+	default:
+		return "Unknown ADS error type!? (not compiled in?)";
+	}
+
+}
+
+
diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c
new file mode 100644
index 0000000000..489f301ae2
--- /dev/null
+++ b/source3/libads/ads_struct.c
@@ -0,0 +1,175 @@
+/* 
+   Unix SMB/CIFS implementation.
+   ads (active directory) utility library
+   Copyright (C) Andrew Tridgell 2001
+   Copyright (C) Andrew Bartlett 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/* return a ldap dn path from a string, given separators and field name
+   caller must free
+*/
+char *ads_build_path(const char *realm, const char *sep, const char *field, int reverse)
+{
+	char *p, *r;
+	int numbits = 0;
+	char *ret;
+	int len;
+	
+	r = strdup(realm);
+
+	if (!r || !*r) return r;
+
+	for (p=r; *p; p++) {
+		if (strchr(sep, *p)) numbits++;
+	}
+
+	len = (numbits+1)*(strlen(field)+1) + strlen(r) + 1;
+
+	ret = malloc(len);
+	strlcpy(ret,field, len);
+	p=strtok(r,sep); 
+	strlcat(ret, p, len);
+
+	while ((p=strtok(NULL,sep))) {
+		char *s;
+		if (reverse) {
+			asprintf(&s, "%s%s,%s", field, p, ret);
+		} else {
+			asprintf(&s, "%s,%s%s", ret, field, p);
+		}
+		free(ret);
+		ret = s;
+	}
+
+	free(r);
+
+	return ret;
+}
+
+/* return a dn of the form "dc=AA,dc=BB,dc=CC" from a 
+   realm of the form AA.BB.CC 
+   caller must free
+*/
+char *ads_build_dn(const char *realm)
+{
+	return ads_build_path(realm, ".", "dc=", 0);
+}
+
+
+#ifdef HAVE_LDAP
+/*
+  find the ldap server from DNS
+*/
+static char *find_ldap_server(ADS_STRUCT *ads)
+{
+	char *list = NULL;
+	struct in_addr ip;
+
+	if (ads->realm && 
+	    ldap_domain2hostlist(ads->realm, &list) == LDAP_SUCCESS) {
+		char *p;
+		p = strchr(list, ':');
+		if (p) *p = 0;
+		return list;
+	}
+
+	/* get desperate, find the domain controller IP */
+	if (resolve_name(lp_workgroup(), &ip, 0x1B)) {
+		return strdup(inet_ntoa(ip));
+	}
+
+	return NULL;
+}
+
+#else 
+
+static char *find_ldap_server(ADS_STRUCT *ads)
+{
+	/* Without LDAP this doesn't make much sense */
+	return NULL;
+}
+
+#endif 
+
+#ifndef LDAP_PORT
+#define LDAP_PORT 389
+#endif
+
+/*
+  initialise a ADS_STRUCT, ready for some ads_ ops
+*/
+ADS_STRUCT *ads_init(const char *realm, 
+		     const char *ldap_server,
+		     const char *bind_path,
+		     const char *password)
+{
+	ADS_STRUCT *ads;
+	
+	ads = (ADS_STRUCT *)smb_xmalloc(sizeof(*ads));
+	ZERO_STRUCTP(ads);
+	
+	ads->realm = realm? strdup(realm) : NULL;
+	ads->ldap_server = ldap_server? strdup(ldap_server) : NULL;
+	ads->bind_path = bind_path? strdup(bind_path) : NULL;
+	ads->ldap_port = LDAP_PORT;
+	if (password) ads->password = strdup(password);
+
+	if (!ads->realm) {
+		ads->realm = strdup(lp_realm());
+		if (!ads->realm[0]) {
+			SAFE_FREE(ads->realm);
+		}
+	}
+	if (!ads->bind_path && ads->realm) {
+		ads->bind_path = ads_build_dn(ads->realm);
+	}
+	if (!ads->ldap_server) {
+		ads->ldap_server = strdup(lp_ads_server());
+		if (!ads->ldap_server[0]) {
+			ads->ldap_server = find_ldap_server(ads);
+		}
+	}
+	if (!ads->kdc_server) {
+		/* assume its the same as LDAP */
+		ads->kdc_server = ads->ldap_server? strdup(ads->ldap_server) : NULL;
+	}
+
+	return ads;
+}
+
+/*
+  free the memory used by the ADS structure initialized with 'ads_init(...)'
+*/
+void ads_destroy(ADS_STRUCT **ads)
+{
+	if (ads && *ads) {
+#if HAVE_LDAP
+		if ((*ads)->ld) ldap_unbind((*ads)->ld);
+#endif
+		SAFE_FREE((*ads)->realm);
+		SAFE_FREE((*ads)->ldap_server);
+		SAFE_FREE((*ads)->ldap_server_name);
+		SAFE_FREE((*ads)->kdc_server);
+		SAFE_FREE((*ads)->bind_path);
+		SAFE_FREE((*ads)->password);
+		SAFE_FREE((*ads)->user_name);
+		ZERO_STRUCTP(*ads);
+		SAFE_FREE(*ads);
+	}
+}
diff --git a/source3/libads/disp_sec.c b/source3/libads/disp_sec.c
new file mode 100644
index 0000000000..ab8ceecb0c
--- /dev/null
+++ b/source3/libads/disp_sec.c
@@ -0,0 +1,174 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Samba utility functions. ADS stuff
+   Copyright (C) Alexey Kotovich 2002
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful, 
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+#ifdef HAVE_ADS
+
+static struct perm_mask_str {
+	uint32  mask;
+	char   *str;
+} perms[] = {
+	{SEC_RIGHTS_FULL_CTRL,		"[Full Control]"},
+
+	{SEC_RIGHTS_LIST_CONTENTS,	"[List Contents]"},
+	{SEC_RIGHTS_LIST_OBJECT,	"[List Object]"},
+
+	{SEC_RIGHTS_READ_ALL_PROP,	"[Read All Properties]"},	
+	{SEC_RIGHTS_READ_PERMS,		"[Read Permissions]"},	
+
+	{SEC_RIGHTS_WRITE_ALL_VALID,	"[All validate writes]"},
+	{SEC_RIGHTS_WRITE_ALL_PROP,  	"[Write All Properties]"},
+
+	{SEC_RIGHTS_MODIFY_PERMS,	"[Modify Permissions]"},
+	{SEC_RIGHTS_MODIFY_OWNER,	"[Modify Owner]"},
+
+	{SEC_RIGHTS_CREATE_CHILD,	"[Create All Child Objects]"},
+
+	{SEC_RIGHTS_DELETE,		"[Delete]"},
+	{SEC_RIGHTS_DELETE_SUBTREE,	"[Delete Subtree]"},
+	{SEC_RIGHTS_DELETE_CHILD,	"[Delete All Child Objects]"},
+
+	{SEC_RIGHTS_CHANGE_PASSWD,	"[Change Password]"},	
+	{SEC_RIGHTS_RESET_PASSWD,	"[Reset Password]"},
+	{0,				0}
+};
+
+/* convert a security permissions into a string */
+void ads_disp_perms(uint32 type)
+{
+	int i = 0;
+	int j = 0;
+
+	printf("Permissions: ");
+	
+	if (type == SEC_RIGHTS_FULL_CTRL) {
+		printf("%s\n", perms[j].str);
+		return;
+	}
+
+	for (i = 0; i < 32; i++) {
+		if (type & (1 << i)) {
+			for (j = 1; perms[j].str; j ++) {
+				if (perms[j].mask == (((unsigned) 1) << i)) {
+					printf("\n\t%s", perms[j].str);
+				}	
+			}
+			type &= ~(1 << i);
+		}
+	}
+
+	/* remaining bits get added on as-is */
+	if (type != 0) {
+		printf("[%08x]", type);
+	}
+	puts("");
+}
+
+/* Check if ACE has OBJECT type */
+BOOL ads_ace_object(uint8 type)
+{
+	if (type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT ||
+            type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT ||
+            type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT ||
+            type == SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT) {
+		return True;
+	}
+	return False;
+}
+
+/* display ACE */
+void ads_disp_ace(SEC_ACE *sec_ace)
+{
+	char *access_type = "UNKNOWN";
+
+	if (!sec_ace_object(sec_ace->type)) {
+		printf("------- ACE (type: 0x%02x, flags: 0x%02x, size: 0x%02x, mask: 0x%x)\n", 
+		  sec_ace->type,
+		  sec_ace->flags,
+		  sec_ace->size,
+		  sec_ace->info.mask);			
+	} else {
+		printf("------- ACE (type: 0x%02x, flags: 0x%02x, size: 0x%02x, mask: 0x%x, object flags: 0x%x)\n", 
+		  sec_ace->type,
+		  sec_ace->flags,
+		  sec_ace->size,
+		  sec_ace->info.mask,
+		  sec_ace->obj_flags);
+	}
+	
+	if (sec_ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED) {
+		access_type = "ALLOWED";
+	} else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_DENIED) {
+		access_type = "DENIED";
+	} else if (sec_ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT) {
+		access_type = "SYSTEM AUDIT";
+	} else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT) {
+		access_type = "ALLOWED OBJECT";
+	} else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT) {
+		access_type = "DEINED OBJECT";
+	} else if (sec_ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT) {
+		access_type = "AUDIT OBJECT";
+	}
+
+	printf("access SID:  %s\naccess type: %s\n", 
+               sid_string_static(&sec_ace->trustee), access_type);
+
+	ads_disp_perms(sec_ace->info.mask);
+}
+
+/* display ACL */
+void ads_disp_acl(SEC_ACL *sec_acl, char *type)
+{
+        if (!sec_acl)
+		printf("------- (%s) ACL not present\n", type);
+	else {
+		printf("------- (%s) ACL (revision: %d, size: %d, number of ACEs: %d)\n", 
+    	    	       type,
+        	       sec_acl->revision,
+	               sec_acl->size,
+    		       sec_acl->num_aces);			
+	}
+}
+
+/* display SD */
+void ads_disp_sd(SEC_DESC *sd)
+{
+	int i;
+	
+	printf("-------------- Security Descriptor (revision: %d, type: 0x%02x)\n", 
+               sd->revision,
+               sd->type);
+	printf("owner SID: %s\n", sid_string_static(sd->owner_sid));
+	printf("group SID: %s\n", sid_string_static(sd->grp_sid));
+
+	ads_disp_acl(sd->sacl, "system");
+	for (i = 0; i < sd->sacl->num_aces; i ++)
+		ads_disp_ace(&sd->sacl->ace[i]);
+	
+	ads_disp_acl(sd->dacl, "user");
+	for (i = 0; i < sd->dacl->num_aces; i ++)
+		ads_disp_ace(&sd->dacl->ace[i]);
+
+	printf("-------------- End Of Security Descriptor\n");
+}
+
+#endif
+
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
new file mode 100644
index 0000000000..194a71275e
--- /dev/null
+++ b/source3/libads/kerberos.c
@@ -0,0 +1,238 @@
+/* 
+   Unix SMB/CIFS implementation.
+   kerberos utility library
+   Copyright (C) Andrew Tridgell 2001
+   Copyright (C) Remus Koos 2001
+   
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+#ifdef HAVE_KRB5
+
+/*
+  simulate a kinit, putting the tgt in the default cache location
+  remus@snapserver.com
+*/
+int kerberos_kinit_password(const char *principal, const char *password)
+{
+	krb5_context ctx;
+	krb5_error_code code = 0;
+	krb5_ccache cc;
+	krb5_principal me;
+	krb5_creds my_creds;
+
+	if (! *password) {
+		/* kerberos dies on an empty password! */
+		return KRB5_PARSE_MALFORMED;
+	}
+
+	if ((code = krb5_init_context(&ctx)))
+		return code;
+	
+	if ((code = krb5_cc_default(ctx, &cc))) {
+		krb5_free_context(ctx);
+		return code;
+	}
+	
+	if ((code = krb5_parse_name(ctx, principal, &me))) {
+		krb5_free_context(ctx);	
+		return code;
+	}
+	
+	if ((code = krb5_get_init_creds_password(ctx, &my_creds, me, (char*)password, NULL, 
+						NULL, 0, NULL, NULL))) {
+		krb5_free_principal(ctx, me);
+		krb5_free_context(ctx);		
+		return code;
+	}
+	
+	if ((code = krb5_cc_initialize(ctx, cc, me))) {
+		krb5_free_cred_contents(ctx, &my_creds);
+		krb5_free_principal(ctx, me);
+		krb5_free_context(ctx);		
+		return code;
+	}
+	
+	if ((code = krb5_cc_store_cred(ctx, cc, &my_creds))) {
+		krb5_cc_close(ctx, cc);
+		krb5_free_cred_contents(ctx, &my_creds);
+		krb5_free_principal(ctx, me);
+		krb5_free_context(ctx);		
+		return code;
+	}
+	
+	krb5_cc_close(ctx, cc);
+	krb5_free_cred_contents(ctx, &my_creds);
+	krb5_free_principal(ctx, me);
+	krb5_free_context(ctx);		
+	
+	return 0;
+}
+
+
+
+/* run kinit to setup our ccache */
+int ads_kinit_password(ADS_STRUCT *ads)
+{
+	char *s;
+	int ret;
+
+	if (!ads->user_name) {
+		/* by default use the machine account */
+		extern pstring global_myname;
+		fstring myname;
+		fstrcpy(myname, global_myname);
+		strlower(myname);
+		asprintf(&ads->user_name, "HOST/%s", global_myname);
+	}
+	asprintf(&s, "%s@%s", ads->user_name, ads->realm);
+	ret = kerberos_kinit_password(s, ads->password);
+
+	if (ret) {
+		DEBUG(0,("kerberos_kinit_password %s failed: %s\n", 
+			 s, error_message(ret)));
+	}
+	free(s);
+	return ret;
+}
+
+/*
+  verify an incoming ticket and parse out the principal name and 
+  authorization_data if available 
+*/
+NTSTATUS ads_verify_ticket(ADS_STRUCT *ads, const DATA_BLOB *ticket, 
+			   char **principal, DATA_BLOB *auth_data)
+{
+	krb5_context context;
+	krb5_auth_context auth_context = NULL;
+	krb5_keytab keytab = NULL;
+	krb5_data packet;
+	krb5_ticket *tkt = NULL;
+	krb5_data salt;
+	krb5_encrypt_block eblock;
+	int ret;
+	krb5_keyblock * key;
+	krb5_principal host_princ;
+	char *host_princ_s;
+	extern pstring global_myname;
+	fstring myname;
+	char *password_s;
+	krb5_data password;
+
+	if (!secrets_init()) {
+		DEBUG(1,("secrets_init failed\n"));
+		return NT_STATUS_LOGON_FAILURE;
+	}
+
+	password_s = secrets_fetch_machine_password();
+	if (!password_s) {
+		DEBUG(1,("failed to fetch machine password\n"));
+		return NT_STATUS_LOGON_FAILURE;
+	}
+
+	password.data = password_s;
+	password.length = strlen(password_s);
+
+	ret = krb5_init_context(&context);
+	if (ret) {
+		DEBUG(1,("krb5_init_context failed (%s)\n", error_message(ret)));
+		return NT_STATUS_LOGON_FAILURE;
+	}
+
+	ret = krb5_set_default_realm(context, ads->realm);
+	if (ret) {
+		DEBUG(1,("krb5_set_default_realm failed (%s)\n", error_message(ret)));
+		ads_destroy(&ads);
+		return NT_STATUS_LOGON_FAILURE;
+	}
+
+	/* this whole process is far more complex than I would
+           like. We have to go through all this to allow us to store
+           the secret internally, instead of using /etc/krb5.keytab */
+	ret = krb5_auth_con_init(context, &auth_context);
+	if (ret) {
+		DEBUG(1,("krb5_auth_con_init failed (%s)\n", error_message(ret)));
+		return NT_STATUS_LOGON_FAILURE;
+	}
+
+	fstrcpy(myname, global_myname);
+	strlower(myname);
+	asprintf(&host_princ_s, "HOST/%s@%s", myname, lp_realm());
+	ret = krb5_parse_name(context, host_princ_s, &host_princ);
+	if (ret) {
+		DEBUG(1,("krb5_parse_name(%s) failed (%s)\n", host_princ_s, error_message(ret)));
+		return NT_STATUS_LOGON_FAILURE;
+	}
+
+	ret = krb5_principal2salt(context, host_princ, &salt);
+	if (ret) {
+		DEBUG(1,("krb5_principal2salt failed (%s)\n", error_message(ret)));
+		return NT_STATUS_LOGON_FAILURE;
+	}
+    
+	if (!(key = (krb5_keyblock *)malloc(sizeof(*key)))) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	
+	krb5_use_enctype(context, &eblock, ENCTYPE_DES_CBC_MD5);
+	
+	ret = krb5_string_to_key(context, &eblock, key, &password, &salt);
+	if (ret) {
+		DEBUG(1,("krb5_string_to_key failed (%s)\n", error_message(ret)));
+		return NT_STATUS_LOGON_FAILURE;
+	}
+
+	krb5_auth_con_setuseruserkey(context, auth_context, key);
+
+	packet.length = ticket->length;
+	packet.data = (krb5_pointer)ticket->data;
+
+#if 0
+	file_save("/tmp/ticket.dat", ticket->data, ticket->length);
+#endif
+
+	if ((ret = krb5_rd_req(context, &auth_context, &packet, 
+			       NULL, keytab, NULL, &tkt))) {
+		DEBUG(3,("krb5_rd_req with auth failed (%s)\n", 
+			 error_message(ret)));
+		return NT_STATUS_LOGON_FAILURE;
+	}
+
+	if (tkt->enc_part2) {
+		*auth_data = data_blob(tkt->enc_part2->authorization_data[0]->contents,
+				       tkt->enc_part2->authorization_data[0]->length);
+	}
+
+#if 0
+	if (tkt->enc_part2) {
+		file_save("/tmp/authdata.dat", 
+			  tkt->enc_part2->authorization_data[0]->contents,
+			  tkt->enc_part2->authorization_data[0]->length);
+	}
+#endif
+
+	if ((ret = krb5_unparse_name(context, tkt->enc_part2->client, principal))) {
+		DEBUG(3,("krb5_unparse_name failed (%s)\n", 
+			 error_message(ret)));
+		return NT_STATUS_LOGON_FAILURE;
+	}
+
+	return NT_STATUS_OK;
+}
+
+#endif
diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c
new file mode 100644
index 0000000000..ec79a8658f
--- /dev/null
+++ b/source3/libads/krb5_setpw.c
@@ -0,0 +1,468 @@
+/* 
+   Unix SMB/CIFS implementation.
+   krb5 set password implementation
+   Copyright (C) Andrew Tridgell 2001
+   Copyright (C) Remus Koos 2001 (remuskoos@yahoo.com)
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+#ifdef HAVE_KRB5
+
+#define DEFAULT_KPASSWD_PORT	464
+#define KRB5_KPASSWD_VERS_CHANGEPW	1
+#define KRB5_KPASSWD_VERS_SETPW		0xff80
+#define KRB5_KPASSWD_ACCESSDENIED	5
+#define KRB5_KPASSWD_BAD_VERSION	6
+
+/* This implements the Kerb password change protocol as specifed in
+ * kerb-chg-password-02.txt
+ */
+static DATA_BLOB encode_krb5_setpw(const char *principal, const char *password)
+{
+        char* princ_part1 = NULL;
+	char* princ_part2 = NULL;
+	char* realm = NULL;
+	char* c;
+	char* princ;
+
+	ASN1_DATA req;
+	DATA_BLOB ret;
+
+
+	princ = strdup(principal);
+
+	if ((c = strchr(princ, '/')) == NULL) {
+	    c = princ; 
+	} else {
+	    *c = '\0';
+	    c++;
+	    princ_part1 = princ;
+	}
+
+	princ_part2 = c;
+
+	if ((c = strchr(c, '@')) != NULL) {
+	    *c = '\0';
+	    c++;
+	    realm = c;
+	}
+
+	memset(&req, 0, sizeof(req));
+	
+	asn1_push_tag(&req, ASN1_SEQUENCE(0));
+	asn1_push_tag(&req, ASN1_CONTEXT(0));
+	asn1_write_OctetString(&req, password, strlen(password));
+	asn1_pop_tag(&req);
+
+	asn1_push_tag(&req, ASN1_CONTEXT(1));
+	asn1_push_tag(&req, ASN1_SEQUENCE(0));
+
+	asn1_push_tag(&req, ASN1_CONTEXT(0));
+	asn1_write_Integer(&req, 1);
+	asn1_pop_tag(&req);
+
+	asn1_push_tag(&req, ASN1_CONTEXT(1));
+	asn1_push_tag(&req, ASN1_SEQUENCE(0));
+
+	if (princ_part1) 
+	    asn1_write_GeneralString(&req, princ_part1);
+	
+	asn1_write_GeneralString(&req, princ_part2);
+	asn1_pop_tag(&req);
+	asn1_pop_tag(&req);
+	asn1_pop_tag(&req);
+	asn1_pop_tag(&req);
+
+	asn1_push_tag(&req, ASN1_CONTEXT(2));
+	asn1_write_GeneralString(&req, realm);
+	asn1_pop_tag(&req);
+	asn1_pop_tag(&req);
+
+	ret = data_blob(req.data, req.length);
+	asn1_free(&req);
+
+	free(princ);
+
+	return ret;
+}	
+
+static krb5_error_code build_setpw_request(krb5_context context,
+					   krb5_auth_context auth_context,
+					   krb5_data *ap_req,
+					   const char *princ,
+					   const char *passwd,
+					   krb5_data *packet)
+{
+	krb5_error_code ret;
+	krb5_data cipherpw;
+	krb5_data encoded_setpw;
+	krb5_replay_data replay;
+	char *p;
+	DATA_BLOB setpw;
+
+	ret = krb5_auth_con_setflags(context,
+				     auth_context,KRB5_AUTH_CONTEXT_DO_SEQUENCE);
+	if (ret) {
+		DEBUG(1,("krb5_auth_con_setflags failed (%s)\n",
+			 error_message(ret)));
+		return ret;
+	}
+
+	setpw = encode_krb5_setpw(princ, passwd);
+
+	encoded_setpw.data = setpw.data;
+	encoded_setpw.length = setpw.length;
+
+	ret = krb5_mk_priv(context, auth_context,
+			   &encoded_setpw, &cipherpw, &replay);
+	
+	data_blob_free(&setpw); 	/*from 'encode_krb5_setpw(...)' */
+	
+	if (ret) {
+		DEBUG(1,("krb5_mk_priv failed (%s)\n", error_message(ret)));
+		return ret;
+	}
+
+	packet->data = (char *)malloc(ap_req->length + cipherpw.length + 6);
+
+	/* see the RFC for details */
+	p = packet->data + 2;
+	RSSVAL(p, 0, 0xff80); p += 2;
+	RSSVAL(p, 0, ap_req->length); p += 2;
+	memcpy(p, ap_req->data, ap_req->length); p += ap_req->length;
+	memcpy(p, cipherpw.data, cipherpw.length); p += cipherpw.length;
+	packet->length = PTR_DIFF(p,packet->data);
+	RSSVAL(packet->data, 0, packet->length);
+	
+	free(cipherpw.data);    /* from 'krb5_mk_priv(...)' */
+
+	return 0;
+}
+
+static krb5_error_code parse_setpw_reply(krb5_context context, 
+					 krb5_auth_context auth_context,
+					 krb5_data *packet)
+{
+	krb5_data ap_rep;
+	char *p;
+	int vnum, ret, res_code;
+	krb5_data cipherresult;
+	krb5_data clearresult;
+	krb5_ap_rep_enc_part *ap_rep_enc;
+	krb5_replay_data replay;
+	
+	if (packet->length < 4) {
+		return KRB5KRB_AP_ERR_MODIFIED;
+	}
+	
+	p = packet->data;
+	
+	if (packet->data[0] == 0x7e || packet->data[0] == 0x5e) {
+		/* it's an error packet. We should parse it ... */
+		DEBUG(1,("Got error packet 0x%x from kpasswd server\n",
+			 packet->data[0]));
+		return KRB5KRB_AP_ERR_MODIFIED;
+	}
+	
+	if (RSVAL(p, 0) != packet->length) {
+		DEBUG(1,("Bad packet length (%d/%d) from kpasswd server\n",
+			 RSVAL(p, 0), packet->length));
+		return KRB5KRB_AP_ERR_MODIFIED;
+	}
+
+	p += 2;
+
+	vnum = RSVAL(p, 0); p += 2;
+	
+	if (vnum != KRB5_KPASSWD_VERS_SETPW && vnum != KRB5_KPASSWD_VERS_CHANGEPW) {
+		DEBUG(1,("Bad vnum (%d) from kpasswd server\n", vnum));
+		return KRB5KDC_ERR_BAD_PVNO;
+	}
+	
+	ap_rep.length = RSVAL(p, 0); p += 2;
+	
+	if (p + ap_rep.length >= packet->data + packet->length) {
+		DEBUG(1,("ptr beyond end of packet from kpasswd server\n"));
+		return KRB5KRB_AP_ERR_MODIFIED;
+	}
+	
+	if (ap_rep.length == 0) {
+		DEBUG(1,("got unencrypted setpw result?!\n"));
+		return KRB5KRB_AP_ERR_MODIFIED;
+	}
+
+	/* verify ap_rep */
+	ap_rep.data = p;
+	p += ap_rep.length;
+	
+	ret = krb5_rd_rep(context, auth_context, &ap_rep, &ap_rep_enc);
+	if (ret) {
+		DEBUG(1,("failed to rd setpw reply (%s)\n", error_message(ret)));
+		return KRB5KRB_AP_ERR_MODIFIED;
+	}
+	
+	krb5_free_ap_rep_enc_part(context, ap_rep_enc);
+	
+	cipherresult.data = p;
+	cipherresult.length = (packet->data + packet->length) - p;
+		
+	ret = krb5_rd_priv(context, auth_context, &cipherresult, &clearresult,
+			   &replay);
+	if (ret) {
+		DEBUG(1,("failed to decrypt setpw reply (%s)\n", error_message(ret)));
+		return KRB5KRB_AP_ERR_MODIFIED;
+	}
+
+	if (clearresult.length < 2) {
+	        free(clearresult.data);
+		ret = KRB5KRB_AP_ERR_MODIFIED;
+		return KRB5KRB_AP_ERR_MODIFIED;
+	}
+	
+	p = clearresult.data;
+	
+	res_code = RSVAL(p, 0);
+	
+	free(clearresult.data);
+
+	if ((res_code < KRB5_KPASSWD_SUCCESS) || 
+	    (res_code >= KRB5_KPASSWD_ACCESSDENIED)) {
+		return KRB5KRB_AP_ERR_MODIFIED;
+	}
+	
+	return 0;
+}
+
+ADS_STATUS krb5_set_password(const char *kdc_host, const char *princ, const char *newpw)
+{
+	krb5_context context;
+	krb5_auth_context auth_context = NULL;
+	krb5_principal principal;
+	char *princ_name;
+	char *realm;
+	krb5_creds creds, *credsp;
+	krb5_ccache ccache;
+	krb5_data ap_req, chpw_req, chpw_rep;
+	int ret, sock, addr_len;
+	struct sockaddr remote_addr, local_addr;
+	krb5_address local_kaddr, remote_kaddr;
+
+	ret = krb5_init_context(&context);
+	if (ret) {
+		DEBUG(1,("Failed to init krb5 context (%s)\n", error_message(ret)));
+		return ADS_ERROR_KRB5(ret);
+	}
+	
+	ret = krb5_cc_default(context, &ccache);
+	if (ret) {
+	        krb5_free_context(context);
+		DEBUG(1,("Failed to get default creds (%s)\n", error_message(ret)));
+		return ADS_ERROR_KRB5(ret);
+	}
+
+	ZERO_STRUCT(creds);
+	
+	realm = strchr(princ, '@');
+	realm++;
+
+	asprintf(&princ_name, "kadmin/changepw@%s", realm);
+	ret = krb5_parse_name(context, princ_name, &creds.server);
+	if (ret) {
+                krb5_free_context(context);
+		DEBUG(1,("Failed to parse kadmin/changepw (%s)\n", error_message(ret)));
+		return ADS_ERROR_KRB5(ret);
+	}
+	free(princ_name);
+
+	/* parse the principal we got as a function argument */
+	ret = krb5_parse_name(context, princ, &principal);
+	if (ret) {
+                krb5_free_context(context);
+		DEBUG(1,("Failed to parse %s (%s)\n", princ_name, error_message(ret)));
+		return ADS_ERROR_KRB5(ret);
+	}
+
+	krb5_princ_set_realm(context, creds.server,
+			     krb5_princ_realm(context, principal));
+	
+	ret = krb5_cc_get_principal(context, ccache, &creds.client);
+	if (ret) {
+	        krb5_free_principal(context, principal);
+                krb5_free_context(context);
+		DEBUG(1,("Failed to get principal from ccache (%s)\n", 
+			 error_message(ret)));
+		return ADS_ERROR_KRB5(ret);
+	}
+	
+	ret = krb5_get_credentials(context, 0, ccache, &creds, &credsp);
+	if (ret) {
+	        krb5_free_principal(context, creds.client);
+	        krb5_free_principal(context, principal);
+	        krb5_free_context(context);
+		DEBUG(1,("krb5_get_credentials failed (%s)\n", error_message(ret)));
+		return ADS_ERROR_KRB5(ret);
+	}
+	
+	/* we might have to call krb5_free_creds(...) from now on ... */
+	ret = krb5_mk_req_extended(context, &auth_context, AP_OPTS_USE_SUBKEY,
+				   NULL, credsp, &ap_req);
+	if (ret) {
+	        krb5_free_creds(context, credsp);
+	        krb5_free_principal(context, creds.client);
+	        krb5_free_principal(context, principal);
+	        krb5_free_context(context);
+		DEBUG(1,("krb5_mk_req_extended failed (%s)\n", error_message(ret)));
+		return ADS_ERROR_KRB5(ret);
+	}
+	
+	sock = open_udp_socket(kdc_host, DEFAULT_KPASSWD_PORT);
+	if (sock == -1) {
+		int rc = errno;
+	        free(ap_req.data);
+	        krb5_free_creds(context, credsp);
+		krb5_free_principal(context, creds.client);
+		krb5_free_principal(context, principal);
+		krb5_free_context(context);
+		DEBUG(1,("failed to open kpasswd socket to %s (%s)\n", 
+			 kdc_host, strerror(errno)));
+		return ADS_ERROR_SYSTEM(rc);
+	}
+	
+	addr_len = sizeof(remote_addr);
+	getpeername(sock, &remote_addr, &addr_len);
+	addr_len = sizeof(local_addr);
+	getsockname(sock, &local_addr, &addr_len);
+	
+	remote_kaddr.addrtype = ADDRTYPE_INET;
+	remote_kaddr.length = sizeof(((struct sockaddr_in *)&remote_addr)->sin_addr);
+	remote_kaddr.contents = (char *)&(((struct sockaddr_in *)&remote_addr)->sin_addr);
+	local_kaddr.addrtype = ADDRTYPE_INET;
+	local_kaddr.length = sizeof(((struct sockaddr_in *)&local_addr)->sin_addr);
+	local_kaddr.contents = (char *)&(((struct sockaddr_in *)&local_addr)->sin_addr);
+
+	ret = krb5_auth_con_setaddrs(context, auth_context, &local_kaddr, NULL);
+	if (ret) {
+	        close(sock);
+	        free(ap_req.data);
+	        krb5_free_creds(context, credsp);
+	        krb5_free_principal(context, creds.client);
+	        krb5_free_principal(context, principal);
+	        krb5_free_context(context);
+		DEBUG(1,("krb5_auth_con_setaddrs failed (%s)\n", error_message(ret)));
+		return ADS_ERROR_KRB5(ret);
+	}
+
+	ret = build_setpw_request(context, auth_context, &ap_req,
+				  princ, newpw, &chpw_req);
+	if (ret) {
+	        close(sock);
+	        free(ap_req.data);
+	        krb5_free_creds(context, credsp);
+	        krb5_free_principal(context, creds.client);
+	        krb5_free_principal(context, principal);
+	        krb5_free_context(context);
+		DEBUG(1,("build_setpw_request failed (%s)\n", error_message(ret)));
+		return ADS_ERROR_KRB5(ret);
+	}
+
+	if (write(sock, chpw_req.data, chpw_req.length) != chpw_req.length) {
+	        close(sock);
+		free(chpw_req.data);
+	        free(ap_req.data);
+	        krb5_free_creds(context, credsp);
+		krb5_free_principal(context, creds.client);
+		krb5_free_principal(context, principal);
+		krb5_free_context(context);
+		DEBUG(1,("send of chpw failed (%s)\n", strerror(errno)));
+		return ADS_ERROR_SYSTEM(errno);
+	}
+
+	free(chpw_req.data);
+
+	chpw_rep.length = 1500;
+	chpw_rep.data = (char *) malloc(chpw_rep.length);
+
+	ret = read(sock, chpw_rep.data, chpw_rep.length);
+	if (ret < 0) {
+	        close(sock);
+		free(chpw_rep.data);
+		free(ap_req.data);
+	        krb5_free_creds(context, credsp);
+		krb5_free_principal(context, creds.client);
+		krb5_free_principal(context, principal);
+		krb5_free_context(context);
+		DEBUG(1,("recv of chpw reply failed (%s)\n", strerror(errno)));
+		return ADS_ERROR_SYSTEM(errno);
+	}
+
+	close(sock);
+	chpw_rep.length = ret;
+
+	ret = krb5_auth_con_setaddrs(context, auth_context, NULL,&remote_kaddr);
+	if (ret) {
+	        free(chpw_rep.data);
+	        free(ap_req.data);
+	        krb5_free_creds(context, credsp);
+		krb5_free_principal(context, creds.client);
+		krb5_free_principal(context, principal);
+		krb5_free_context(context);
+		DEBUG(1,("krb5_auth_con_setaddrs on reply failed (%s)\n", 
+			 error_message(ret)));
+		return ADS_ERROR_KRB5(ret);
+	}
+
+	ret = parse_setpw_reply(context, auth_context, &chpw_rep);
+	free(chpw_rep.data);
+
+	if (ret) {
+	        free(ap_req.data);
+	        krb5_free_creds(context, credsp);
+		krb5_free_principal(context, creds.client);
+		krb5_free_principal(context, principal);
+		krb5_free_context(context);
+		DEBUG(1,("parse_setpw_reply failed (%s)\n", 
+			 error_message(ret)));
+		return ADS_ERROR_KRB5(ret);
+	}
+
+	free(ap_req.data);
+	krb5_free_creds(context, credsp);
+	krb5_free_principal(context, creds.client);
+	krb5_free_principal(context, principal);
+	krb5_free_context(context);
+
+	return ADS_SUCCESS;
+}
+
+
+ADS_STATUS kerberos_set_password(const char *kpasswd_server, 
+				 const char *auth_principal, const char *auth_password,
+				 const char *target_principal, const char *new_password)
+{
+    int ret;
+
+    if ((ret = kerberos_kinit_password(auth_principal, auth_password))) {
+	DEBUG(1,("Failed kinit for principal %s (%s)\n", auth_principal, error_message(ret)));
+	return ADS_ERROR_KRB5(ret);
+    }
+
+    return krb5_set_password(kpasswd_server, target_principal, new_password);
+}
+
+
+#endif
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
new file mode 100644
index 0000000000..e2e351bd4b
--- /dev/null
+++ b/source3/libads/ldap.c
@@ -0,0 +1,1501 @@
+/* 
+   Unix SMB/CIFS implementation.
+   ads (active directory) utility library
+   Copyright (C) Andrew Tridgell 2001
+   Copyright (C) Remus Koos 2001
+   Copyright (C) Jim McDonough 2002
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+#ifdef HAVE_ADS
+
+/**
+ * @file ldap.c
+ * @brief basic ldap client-side routines for ads server communications
+ *
+ * The routines contained here should do the necessary ldap calls for
+ * ads setups.
+ **/
+
+/**
+ * Connect to the LDAP server
+ * @param ads Pointer to an existing ADS_STRUCT
+ * @return status of connection
+ **/
+ADS_STATUS ads_connect(ADS_STRUCT *ads)
+{
+	int version = LDAP_VERSION3;
+	int code;
+	ADS_STATUS status;
+
+	ads->last_attempt = time(NULL);
+
+	ads->ld = ldap_open(ads->ldap_server, ads->ldap_port);
+	if (!ads->ld) {
+		return ADS_ERROR_SYSTEM(errno);
+	}
+	status = ads_server_info(ads);
+	if (!ADS_ERR_OK(status)) {
+		DEBUG(1,("Failed to get ldap server info\n"));
+		return status;
+	}
+
+	ldap_set_option(ads->ld, LDAP_OPT_PROTOCOL_VERSION, &version);
+
+#if KRB5_DNS_HACK
+	/* this is a really nasty hack to avoid ADS DNS problems. It needs a patch
+	   to MIT kerberos to work (tridge) */
+	{
+		char *env;
+		asprintf(&env, "KRB5_KDC_ADDRESS_%s", ads->server_realm);
+		setenv(env, inet_ntoa(*interpret_addr2(ads->ldap_server)), 1);
+		free(env);
+	}
+#endif
+
+	if (ads->password) {
+		if ((code = ads_kinit_password(ads)))
+			return ADS_ERROR_KRB5(code);
+	}
+
+	return ads_sasl_bind(ads);
+}
+
+
+/**
+ * Do a search with paged results.  cookie must be null on the first
+ *  call, and then returned on each subsequent call.  It will be null
+ *  again when the entire search is complete 
+ * @param ads connection to ads server 
+ * @param bind_path Base dn for the search
+ * @param scope Scope of search (LDAP_BASE | LDAP_ONE | LDAP_SUBTREE)
+ * @param exp Search expression
+ * @param attrs Attributes to retrieve
+ * @param res ** which will contain results - free res* with ads_msgfree()
+ * @param count Number of entries retrieved on this page
+ * @param cookie The paged results cookie to be returned on subsequent calls
+ * @return status of search
+ **/
+ADS_STATUS ads_do_paged_search(ADS_STRUCT *ads, const char *bind_path,
+			       int scope, const char *exp,
+			       const char **attrs, void **res, 
+			       int *count, void **cookie)
+{
+	int rc;
+	int version;
+	LDAPControl PagedResults; 
+	LDAPControl NoReferrals;
+	BerElement *cookie_be = NULL;
+	struct berval *cookie_bv= NULL;
+	LDAPControl *controls[3];
+	LDAPControl **rcontrols;
+	int i;
+
+	*res = NULL;
+
+	ldap_get_option(ads->ld, LDAP_OPT_PROTOCOL_VERSION, &version);
+
+		/* Paged results only available on ldap v3 or later, so check
+		   version first before using, since at connect time we're
+		   only v2.  Not sure exactly why... */
+	if (version < LDAP_VERSION3) 
+		return ADS_ERROR(LDAP_NOT_SUPPORTED);
+
+	cookie_be = ber_alloc_t(LBER_USE_DER);
+	if (cookie && *cookie) {
+		ber_printf(cookie_be, "{iO}", (ber_int_t) 1000, *cookie);
+		ber_bvfree(*cookie); /* don't need it from last time */
+		*cookie = NULL;
+	} else {
+		ber_printf(cookie_be, "{io}", (ber_int_t) 1000, "", 0);
+	}
+	ber_flatten(cookie_be, &cookie_bv);
+	PagedResults.ldctl_oid = ADS_PAGE_CTL_OID;
+	PagedResults.ldctl_iscritical = (char) 1;
+	PagedResults.ldctl_value.bv_len = cookie_bv->bv_len;
+	PagedResults.ldctl_value.bv_val = cookie_bv->bv_val;
+
+	NoReferrals.ldctl_oid = ADS_NO_REFERRALS_OID;
+	NoReferrals.ldctl_iscritical = (char) 0;
+	NoReferrals.ldctl_value.bv_len = 0;
+	NoReferrals.ldctl_value.bv_val = "";
+
+
+	controls[0] = &NoReferrals;
+	controls[1] = &PagedResults;
+	controls[2] = NULL;
+
+	*res = NULL;
+
+	/* we need to disable referrals as the openldap libs don't
+	   seem to handle them correctly. They result in the result
+	   record containing the server control being removed from the
+	   result list (tridge) 
+	
+	   leaving this in despite the control that says don't generate
+	   referrals, in case the server doesn't support it (jmcd)
+	*/
+	ldap_set_option(ads->ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF);
+
+	rc = ldap_search_ext_s(ads->ld, bind_path, scope, exp, 
+			       (char **) attrs, 0, controls, NULL,
+			       NULL, LDAP_NO_LIMIT,
+			       (LDAPMessage **)res);
+
+	ber_free(cookie_be, 1);
+	ber_bvfree(cookie_bv);
+
+	if (rc) {
+		DEBUG(3,("ldap_search_ext_s(%s) -> %s\n", exp, ldap_err2string(rc)));
+		return ADS_ERROR(rc);
+	}
+
+	rc = ldap_parse_result(ads->ld, *res, NULL, NULL, NULL,
+					NULL, &rcontrols,  0);
+
+	if (!rcontrols) {
+		return ADS_ERROR(rc);
+	}
+
+	for (i=0; rcontrols[i]; i++) {
+		if (strcmp(ADS_PAGE_CTL_OID, rcontrols[i]->ldctl_oid) == 0) {
+			cookie_be = ber_init(&rcontrols[i]->ldctl_value);
+			ber_scanf(cookie_be,"{iO}", (ber_int_t *) count,
+				  &cookie_bv);
+			/* the berval is the cookie, but must be freed when
+			   it is all done */
+			if (cookie_bv->bv_len) /* still more to do */
+				*cookie=ber_bvdup(cookie_bv);
+			else
+				*cookie=NULL;
+			ber_bvfree(cookie_bv);
+			ber_free(cookie_be, 1);
+			break;
+		}
+	}
+	ldap_controls_free(rcontrols);
+			
+	return ADS_ERROR(rc);
+}
+
+
+/**
+ * Get all results for a search.  This uses ads_do_paged_search() to return 
+ * all entries in a large search.
+ * @param ads connection to ads server 
+ * @param bind_path Base dn for the search
+ * @param scope Scope of search (LDAP_BASE | LDAP_ONE | LDAP_SUBTREE)
+ * @param exp Search expression
+ * @param attrs Attributes to retrieve
+ * @param res ** which will contain results - free res* with ads_msgfree()
+ * @return status of search
+ **/
+ADS_STATUS ads_do_search_all(ADS_STRUCT *ads, const char *bind_path,
+			     int scope, const char *exp,
+			     const char **attrs, void **res)
+{
+	void *cookie = NULL;
+	int count = 0;
+	ADS_STATUS status;
+
+	status = ads_do_paged_search(ads, bind_path, scope, exp, attrs, res,
+				     &count, &cookie);
+
+	if (!ADS_ERR_OK(status)) return status;
+
+	while (cookie) {
+		void *res2 = NULL;
+		ADS_STATUS status2;
+		LDAPMessage *msg, *next;
+
+		status2 = ads_do_paged_search(ads, bind_path, scope, exp, 
+					      attrs, &res2, &count, &cookie);
+
+		if (!ADS_ERR_OK(status2)) break;
+
+		/* this relies on the way that ldap_add_result_entry() works internally. I hope
+		   that this works on all ldap libs, but I have only tested with openldap */
+		for (msg = ads_first_entry(ads, res2); msg; msg = next) {
+			next = ads_next_entry(ads, msg);
+			ldap_add_result_entry((LDAPMessage **)res, msg);
+		}
+
+		/* note that we do not free res2, as the memory is now
+                   part of the main returned list */
+	}
+
+	return status;
+}
+
+/**
+ * Run a function on all results for a search.  Uses ads_do_paged_search() and
+ *  runs the function as each page is returned, using ads_process_results()
+ * @param ads connection to ads server
+ * @param bind_path Base dn for the search
+ * @param scope Scope of search (LDAP_BASE | LDAP_ONE | LDAP_SUBTREE)
+ * @param exp Search expression
+ * @param attrs Attributes to retrieve
+ * @param fn Function which takes attr name, values list, and data_area
+ * @param data_area Pointer which is passed to function on each call
+ * @return status of search
+ **/
+ADS_STATUS ads_do_search_all_fn(ADS_STRUCT *ads, const char *bind_path,
+				int scope, const char *exp, const char **attrs,
+				void(*fn)(char *, void **, void *), 
+				void *data_area)
+{
+	void *cookie = NULL;
+	int count = 0;
+	ADS_STATUS status;
+	void *res;
+
+	status = ads_do_paged_search(ads, bind_path, scope, exp, attrs, &res,
+				     &count, &cookie);
+
+	if (!ADS_ERR_OK(status)) return status;
+
+	ads_process_results(ads, res, fn, data_area);
+	ads_msgfree(ads, res);
+
+	while (cookie) {
+		status = ads_do_paged_search(ads, bind_path, scope, exp, attrs,
+					     &res, &count, &cookie);
+
+		if (!ADS_ERR_OK(status)) break;
+		
+		ads_process_results(ads, res, fn, data_area);
+		ads_msgfree(ads, res);
+	}
+
+	return status;
+}
+
+/**
+ * Do a search with a timeout.
+ * @param ads connection to ads server
+ * @param bind_path Base dn for the search
+ * @param scope Scope of search (LDAP_BASE | LDAP_ONE | LDAP_SUBTREE)
+ * @param exp Search expression
+ * @param attrs Attributes to retrieve
+ * @param res ** which will contain results - free res* with ads_msgfree()
+ * @return status of search
+ **/
+ADS_STATUS ads_do_search(ADS_STRUCT *ads, const char *bind_path, int scope, 
+			 const char *exp,
+			 const char **attrs, void **res)
+{
+	struct timeval timeout;
+	int rc;
+
+	timeout.tv_sec = ADS_SEARCH_TIMEOUT;
+	timeout.tv_usec = 0;
+	*res = NULL;
+
+	rc = ldap_search_ext_s(ads->ld, 
+			       bind_path, scope,
+			       exp, (char **) attrs, 0, NULL, NULL, 
+			       &timeout, LDAP_NO_LIMIT, (LDAPMessage **)res);
+
+	if (rc == LDAP_SIZELIMIT_EXCEEDED) {
+		DEBUG(3,("Warning! sizelimit exceeded in ldap. Truncating.\n"));
+		rc = 0;
+	}
+
+	return ADS_ERROR(rc);
+}
+/**
+ * Do a general ADS search
+ * @param ads connection to ads server
+ * @param res ** which will contain results - free res* with ads_msgfree()
+ * @param exp Search expression
+ * @param attrs Attributes to retrieve
+ * @return status of search
+ **/
+ADS_STATUS ads_search(ADS_STRUCT *ads, void **res, 
+		      const char *exp, 
+		      const char **attrs)
+{
+	return ads_do_search(ads, ads->bind_path, LDAP_SCOPE_SUBTREE, 
+			     exp, attrs, res);
+}
+
+/**
+ * Do a search on a specific DistinguishedName
+ * @param ads connection to ads server
+ * @param res ** which will contain results - free res* with ads_msgfree()
+ * @param dn DistinguishName to search
+ * @param attrs Attributes to retrieve
+ * @return status of search
+ **/
+ADS_STATUS ads_search_dn(ADS_STRUCT *ads, void **res, 
+			 const char *dn, 
+			 const char **attrs)
+{
+	return ads_do_search(ads, dn, LDAP_SCOPE_BASE, "(objectclass=*)", attrs, res);
+}
+
+/**
+ * Free up memory from a ads_search
+ * @param ads connection to ads server
+ * @param msg Search results to free
+ **/
+void ads_msgfree(ADS_STRUCT *ads, void *msg)
+{
+	if (!msg) return;
+	ldap_msgfree(msg);
+}
+
+/**
+ * Free up memory from various ads requests
+ * @param ads connection to ads server
+ * @param mem Area to free
+ **/
+void ads_memfree(ADS_STRUCT *ads, void *mem)
+{
+	if (!mem) return;
+	ldap_memfree(mem);
+}
+
+/**
+ * Get a dn from search results
+ * @param ads connection to ads server
+ * @param res Search results
+ * @return dn string
+ **/
+char *ads_get_dn(ADS_STRUCT *ads, void *res)
+{
+	return ldap_get_dn(ads->ld, res);
+}
+
+/**
+ * Find a machine account given a hostname
+ * @param ads connection to ads server
+ * @param res ** which will contain results - free res* with ads_msgfree()
+ * @param host Hostname to search for
+ * @return status of search
+ **/
+ADS_STATUS ads_find_machine_acct(ADS_STRUCT *ads, void **res, const char *host)
+{
+	ADS_STATUS status;
+	char *exp;
+	const char *attrs[] = {"*", "nTSecurityDescriptor", NULL};
+
+	/* the easiest way to find a machine account anywhere in the tree
+	   is to look for hostname$ */
+	asprintf(&exp, "(samAccountName=%s$)", host);
+	status = ads_search(ads, res, exp, attrs);
+	free(exp);
+	return status;
+}
+
+/*
+  duplicate an already-assembled list of values so that it can be
+  freed as part of the standard msgfree call
+*/
+static char **ads_dup_values(TALLOC_CTX *ctx, char **values)
+{
+	char **newvals;
+	int i;
+#define ADS_MAX_NUM_VALUES 32
+
+	for (i=0; values[i] && i<ADS_MAX_NUM_VALUES; i++);
+	if (!(newvals = talloc_zero(ctx, (i+1)*sizeof(char *))))
+		return NULL;
+	for (i=0; values[i] && i<ADS_MAX_NUM_VALUES; i++)
+		newvals[i] = values[i];
+	newvals[i] = NULL;
+	return newvals;
+}
+
+/**
+ * Initialize a list of mods to be used in a modify request
+ * @param ctx An initialized TALLOC_CTX
+ * @return allocated ADS_MODLIST
+ **/
+ADS_MODLIST ads_init_mods(TALLOC_CTX *ctx)
+{
+#define ADS_MODLIST_ALLOC_SIZE 10
+	LDAPMod **mods;
+	
+	if ((mods = (LDAPMod **) talloc_zero(ctx, sizeof(LDAPMod *) * 
+					     (ADS_MODLIST_ALLOC_SIZE + 1))))
+		/* -1 is safety to make sure we don't go over the end.
+		   need to reset it to NULL before doing ldap modify */
+		mods[ADS_MODLIST_ALLOC_SIZE] = (LDAPMod *) -1;
+	
+	return mods;
+}
+
+/*
+  add an attribute to the list, with values list already constructed
+*/
+static ADS_STATUS ads_modlist_add(TALLOC_CTX *ctx, ADS_MODLIST *mods, 
+				  int mod_op, const char *name, char **values)
+{
+	int curmod;
+	LDAPMod **modlist = (LDAPMod **) *mods;
+
+	/* find the first empty slot */
+	for (curmod=0; modlist[curmod] && modlist[curmod] != (LDAPMod *) -1;
+	     curmod++);
+	if (modlist[curmod] == (LDAPMod *) -1) {
+		if (!(modlist = talloc_realloc(ctx, modlist, 
+			(curmod+ADS_MODLIST_ALLOC_SIZE+1)*sizeof(LDAPMod *))))
+			return ADS_ERROR(LDAP_NO_MEMORY);
+		memset(&modlist[curmod], 0, 
+		       ADS_MODLIST_ALLOC_SIZE*sizeof(LDAPMod *));
+		modlist[curmod+ADS_MODLIST_ALLOC_SIZE] = (LDAPMod *) -1;
+		*mods = modlist;
+	}
+		
+	if (!(modlist[curmod] = talloc_zero(ctx, sizeof(LDAPMod))))
+		return ADS_ERROR(LDAP_NO_MEMORY);
+	modlist[curmod]->mod_type = name;
+	if (mod_op & LDAP_MOD_BVALUES)
+		modlist[curmod]->mod_bvalues = (struct berval **) values;
+	else
+		modlist[curmod]->mod_values = values;
+	modlist[curmod]->mod_op = mod_op;
+	return ADS_ERROR(LDAP_SUCCESS);
+}
+
+/**
+ * Add an already-constructed list of values to a mod list for an ADD
+ * @param ctx An initialized TALLOC_CTX
+ * @param mods An initialized ADS_MODLIST
+ * @param name The attribute name to add
+ * @param values Constructed values list to add
+ * @return ADS STATUS indicating success of add
+ **/
+ADS_STATUS ads_mod_add_list(TALLOC_CTX *ctx, ADS_MODLIST *mods, 
+			    char *name, char **values)
+{
+	char **newvals = ads_dup_values(ctx, values);
+	if (newvals)
+		return ads_modlist_add(ctx, mods, LDAP_MOD_ADD, name, newvals);
+	else
+		return ADS_ERROR(LDAP_NO_MEMORY);
+}
+
+/**
+ * Add an already-constructed list of values to a mod list for a REPLACE
+ * @param ctx An initialized TALLOC_CTX
+ * @param mods An initialized ADS_MODLIST
+ * @param name The attribute name to add
+ * @param values Constructed values list to add
+ * @return ADS STATUS indicating success of add
+ **/
+ADS_STATUS ads_mod_repl_list(TALLOC_CTX *ctx, ADS_MODLIST *mods,
+			     char *name, char **values)
+{
+	char **newvals;
+	if (values && *values) {
+		if (!(newvals = ads_dup_values(ctx, values)))
+			return ADS_ERROR(LDAP_NO_MEMORY);
+		else
+			return ads_modlist_add(ctx, mods, LDAP_MOD_REPLACE,
+						name, newvals);
+	}
+	else
+		return ads_modlist_add(ctx, mods, LDAP_MOD_DELETE, name, NULL);
+}
+
+/**
+ * Add any number of string values to a mod list - for ADD or REPLACE
+ * @param ctx An initialized TALLOC_CTX
+ * @param mods An initialized ADS_MODLIST
+ * @param mod_op Operation to perform (LDAP_MOD_ADD | LDAP_MOD_REPLACE)
+ * @param name The attribute name to add
+ * @param ... Any number of values, in (char *) form
+ * @return ADS STATUS indicating success of add
+ **/
+ADS_STATUS ads_mod_add_var(TALLOC_CTX *ctx, ADS_MODLIST *mods, 
+			   int mod_op, const char *name, ...)
+{
+	va_list ap;
+	int num_vals, i, do_op;
+	char *value, **values;
+
+	/* count the number of values */
+	va_start(ap, name);
+	for (num_vals=0; va_arg(ap, char *); num_vals++);
+	va_end(ap);
+
+	if (num_vals) {
+		if (!(values = talloc_zero(ctx, sizeof(char *)*(num_vals+1))))
+			return ADS_ERROR(LDAP_NO_MEMORY);
+		va_start(ap, name);
+		for (i=0; (value = (char *) va_arg(ap, char *)) &&
+			     i < num_vals; i++)
+			values[i] = value;
+		va_end(ap);
+		values[i] = NULL;
+		do_op = mod_op;
+	} else {
+		do_op = LDAP_MOD_DELETE;
+		values = NULL;
+	}
+	return ads_modlist_add(ctx, mods, do_op, name, values);
+}
+
+/**
+ * Add any number of ber values to a mod list - for ADD or REPLACE
+ * @param ctx An initialized TALLOC_CTX
+ * @param mods An initialized ADS_MODLIST
+ * @param mod_op Operation to perform (LDAP_MOD_ADD | LDAP_MOD_REPLACE)
+ * @param name The attribute name to add
+ * @param ... Any number of values, in (struct berval *) form
+ * @return ADS STATUS indicating success of add
+ **/
+ADS_STATUS ads_mod_add_ber(TALLOC_CTX *ctx, ADS_MODLIST *mods, 
+			   int mod_op, const char *name, ...)
+{
+	va_list ap;
+	int num_vals, i, do_op;
+	char *value, **values;
+
+	/* count the number of values */
+	va_start(ap, name);
+	for (num_vals=0; va_arg(ap, struct berval *); num_vals++);
+	va_end(ap);
+
+	if (num_vals) {
+		if (!(values = talloc_zero(ctx, sizeof(struct berval) * 
+					   (num_vals + 1))))
+			return ADS_ERROR(LDAP_NO_MEMORY);
+		va_start(ap, name);
+		for (i=0; (value = (char *) va_arg(ap, char *)) &&
+			     i < num_vals; i++)
+			values[i] = value;
+		va_end(ap);
+		values[i] = NULL;
+		do_op = mod_op;
+	} else {
+		do_op = LDAP_MOD_DELETE;
+		values = NULL;
+	}
+	do_op |= LDAP_MOD_BVALUES;
+	return ads_modlist_add(ctx, mods, do_op, name, values);
+}
+
+/**
+ * Add a single string value to a mod list - for REPLACE
+ * @param ctx An initialized TALLOC_CTX
+ * @param mods An initialized ADS_MODLIST
+ * @param name The attribute name to replace
+ * @param val The value to add
+ * @return ADS STATUS indicating success of add
+ **/
+ADS_STATUS ads_mod_repl(TALLOC_CTX *ctx, ADS_MODLIST *mods, 
+			char *name, char *val)
+{
+	if (val)
+		return ads_mod_add_var(ctx, mods, LDAP_MOD_REPLACE,
+				       name, val, NULL);
+	else
+		return ads_mod_add_var(ctx, mods, LDAP_MOD_DELETE, name, NULL);
+}
+
+/**
+ * Add a single string value to a mod list - for ADD
+ * @param ctx An initialized TALLOC_CTX
+ * @param mods An initialized ADS_MODLIST
+ * @param name The attribute name to add
+ * @param val The value to add
+ * @return ADS STATUS indicating success of add
+ **/
+ADS_STATUS ads_mod_add(TALLOC_CTX *ctx, ADS_MODLIST *mods, 
+		       const char *name, const char *val)
+{
+	return ads_mod_add_var(ctx, mods, LDAP_MOD_ADD, name, val, NULL);
+}
+
+/**
+ * Add a single berval value to a mod list - for ADD
+ * @param ctx An initialized TALLOC_CTX
+ * @param mods An initialized ADS_MODLIST
+ * @param name The attribute name to add
+ * @param size The size of of the value
+ * @param val The value to add
+ * @return ADS STATUS indicating success of add
+ **/
+ADS_STATUS ads_mod_add_len(TALLOC_CTX *ctx, ADS_MODLIST *mods,
+			   char *name, size_t size, char *val)
+{
+	struct berval *bval = NULL;
+
+	if (!(bval = talloc_zero(ctx, sizeof(struct berval *))))
+		return ADS_ERROR(LDAP_NO_MEMORY);
+	if (!(bval->bv_val = talloc_zero(ctx, sizeof(char *))))
+		return ADS_ERROR(LDAP_NO_MEMORY);
+
+	bval->bv_val = val;
+	bval->bv_len = size;
+	return ads_mod_add_ber(ctx, mods, LDAP_MOD_ADD, name, bval, NULL);
+}
+
+/**
+ * Add a single berval value to a mod list - for REPLACE
+ * @param ctx An initialized TALLOC_CTX
+ * @param mods An initialized ADS_MODLIST
+ * @param name The attribute name to replace
+ * @param size The size of of the value
+ * @param val The value to add
+ * @return ADS STATUS indicating success of add
+ **/
+ADS_STATUS ads_mod_repl_len(TALLOC_CTX *ctx, ADS_MODLIST *mods,
+			    const char *name, size_t size, char *val)
+{
+	struct berval *bval = NULL;
+
+	if (!(bval = talloc_zero(ctx, sizeof(struct berval *))))
+		return ADS_ERROR(LDAP_NO_MEMORY);
+
+	if (!val)
+		return ads_mod_add_ber(ctx, mods, LDAP_MOD_DELETE, name, NULL);
+	else {
+		if (!(bval->bv_val = talloc_zero(ctx, sizeof(char *))))
+			return ADS_ERROR(LDAP_NO_MEMORY);
+		bval->bv_val = val;
+		bval->bv_len = size;
+		return ads_mod_add_ber(ctx, mods, LDAP_MOD_REPLACE, name, 
+				       bval, NULL);
+	}
+}
+
+/**
+ * Perform an ldap modify
+ * @param ads connection to ads server
+ * @param mod_dn DistinguishedName to modify
+ * @param mods list of modifications to perform
+ * @return status of modify
+ **/
+ADS_STATUS ads_gen_mod(ADS_STRUCT *ads, const char *mod_dn, ADS_MODLIST mods)
+{
+	int ret,i;
+	/* 
+	   this control is needed to modify that contains a currently 
+	   non-existent attribute (but allowable for the object) to run
+	*/
+	LDAPControl PermitModify = {
+		"1.2.840.113556.1.4.1413",
+		{0, NULL},
+		(char) 1};
+	LDAPControl *controls[2];
+
+	controls[0] = &PermitModify;
+	controls[1] = NULL;
+
+	/* find the end of the list, marked by NULL or -1 */
+	for(i=0;(mods[i]!=0)&&(mods[i]!=(LDAPMod *) -1);i++);
+	/* make sure the end of the list is NULL */
+	mods[i] = NULL;
+	ret = ldap_modify_ext_s(ads->ld, mod_dn, (LDAPMod **) mods,
+				controls, NULL);
+	return ADS_ERROR(ret);
+}
+
+/**
+ * Perform an ldap add
+ * @param ads connection to ads server
+ * @param new_dn DistinguishedName to add
+ * @param mods list of attributes and values for DN
+ * @return status of add
+ **/
+ADS_STATUS ads_gen_add(ADS_STRUCT *ads, const char *new_dn, ADS_MODLIST mods)
+{
+	int i;
+
+	/* find the end of the list, marked by NULL or -1 */
+	for(i=0;(mods[i]!=0)&&(mods[i]!=(LDAPMod *) -1);i++);
+	/* make sure the end of the list is NULL */
+	mods[i] = NULL;
+
+	return ADS_ERROR(ldap_add_s(ads->ld, new_dn, mods));
+}
+
+/**
+ * Delete a DistinguishedName
+ * @param ads connection to ads server
+ * @param new_dn DistinguishedName to delete
+ * @return status of delete
+ **/
+ADS_STATUS ads_del_dn(ADS_STRUCT *ads, char *del_dn)
+{
+	return ADS_ERROR(ldap_delete(ads->ld, del_dn));
+}
+
+/**
+ * Build an org unit string
+ *  if org unit is Computers or blank then assume a container, otherwise
+ *  assume a \ separated list of organisational units
+ * @param org_unit Organizational unit
+ * @return org unit string - caller must free
+ **/
+char *ads_ou_string(const char *org_unit)
+{	
+	if (!org_unit || !*org_unit || strcasecmp(org_unit, "Computers") == 0) {
+		return strdup("cn=Computers");
+	}
+
+	return ads_build_path(org_unit, "\\/", "ou=", 1);
+}
+
+
+
+/*
+  add a machine account to the ADS server
+*/
+static ADS_STATUS ads_add_machine_acct(ADS_STRUCT *ads, const char *hostname, 
+				       const char *org_unit)
+{
+	ADS_STATUS ret;
+	char *host_spn, *host_upn, *new_dn, *samAccountName, *controlstr;
+	char *ou_str;
+	TALLOC_CTX *ctx;
+	ADS_MODLIST mods;
+
+	if (!(ctx = talloc_init_named("machine_account")))
+		return ADS_ERROR(LDAP_NO_MEMORY);
+
+	ret = ADS_ERROR(LDAP_NO_MEMORY);
+
+	if (!(host_spn = talloc_asprintf(ctx, "HOST/%s", hostname)))
+		goto done;
+	if (!(host_upn = talloc_asprintf(ctx, "%s@%s", host_spn, ads->realm)))
+		goto done;
+	ou_str = ads_ou_string(org_unit);
+	new_dn = talloc_asprintf(ctx, "cn=%s,%s,%s", hostname, ou_str, 
+				 ads->bind_path);
+	free(ou_str);
+	if (!new_dn)
+		goto done;
+
+	if (!(samAccountName = talloc_asprintf(ctx, "%s$", hostname)))
+		goto done;
+	if (!(controlstr = talloc_asprintf(ctx, "%u", 
+		   UF_DONT_EXPIRE_PASSWD | UF_WORKSTATION_TRUST_ACCOUNT | 
+		   UF_TRUSTED_FOR_DELEGATION | UF_USE_DES_KEY_ONLY)))
+		goto done;
+
+	if (!(mods = ads_init_mods(ctx)))
+		goto done;
+	
+	ads_mod_add(ctx, &mods, "cn", hostname);
+	ads_mod_add(ctx, &mods, "sAMAccountName", samAccountName);
+	ads_mod_add_var(ctx, &mods, LDAP_MOD_ADD, "objectClass",
+			"top", "person", "organizationalPerson",
+			"user", "computer", NULL);
+	ads_mod_add(ctx, &mods, "userPrincipalName", host_upn);
+	ads_mod_add(ctx, &mods, "servicePrincipalName", host_spn);
+	ads_mod_add(ctx, &mods, "dNSHostName", hostname);
+	ads_mod_add(ctx, &mods, "userAccountControl", controlstr);
+	ads_mod_add(ctx, &mods, "operatingSystem", "Samba");
+	ads_mod_add(ctx, &mods, "operatingSystemVersion", VERSION);
+
+	ads_gen_add(ads, new_dn, mods);
+	ret = ads_set_machine_sd(ads, hostname, new_dn);
+
+done:
+	talloc_destroy(ctx);
+	return ret;
+}
+
+/*
+  dump a binary result from ldap
+*/
+static void dump_binary(const char *field, struct berval **values)
+{
+	int i, j;
+	for (i=0; values[i]; i++) {
+		printf("%s: ", field);
+		for (j=0; j<values[i]->bv_len; j++) {
+			printf("%02X", (unsigned char)values[i]->bv_val[j]);
+		}
+		printf("\n");
+	}
+}
+
+/*
+  dump a sid result from ldap
+*/
+static void dump_sid(const char *field, struct berval **values)
+{
+	int i;
+	for (i=0; values[i]; i++) {
+		DOM_SID sid;
+		sid_parse(values[i]->bv_val, values[i]->bv_len, &sid);
+		printf("%s: %s\n", field, sid_string_static(&sid));
+	}
+}
+
+/*
+  dump ntSecurityDescriptor
+*/
+static void dump_sd(const char *filed, struct berval **values)
+{
+	prs_struct ps;
+	
+	SEC_DESC   *psd = 0;
+	TALLOC_CTX *ctx = 0;
+
+	if (!(ctx = talloc_init_named("sec_io_desc")))
+		return;
+
+	/* prepare data */
+	prs_init(&ps, values[0]->bv_len, ctx, UNMARSHALL);
+	prs_append_data(&ps, values[0]->bv_val, values[0]->bv_len);
+	ps.data_offset = 0;
+
+	/* parse secdesc */
+	if (!sec_io_desc("sd", &psd, &ps, 1)) {
+		prs_mem_free(&ps);
+		talloc_destroy(ctx);
+		return;
+	}
+	if (psd) ads_disp_sd(psd);
+
+	prs_mem_free(&ps);
+	talloc_destroy(ctx);
+}
+
+/*
+  dump a string result from ldap
+*/
+static void dump_string(const char *field, struct berval **values)
+{
+	int i;
+	for (i=0; values[i]; i++) {
+		printf("%s: %s\n", field, values[i]->bv_val);
+	}
+}
+
+/*
+  dump a field from LDAP on stdout
+  used for debugging
+*/
+
+static void ads_dump_field(char *field, void **values, void *data_area)
+{
+	struct {
+		char *name;
+		void (*handler)(const char *, struct berval **);
+	} handlers[] = {
+		{"objectGUID", dump_binary},
+		{"nTSecurityDescriptor", dump_sd},
+		{"objectSid", dump_sid},
+		{NULL, NULL}
+	};
+	int i;
+
+	if (!field) { /* must be end of an entry */
+		printf("\n");
+		return;
+	}
+
+	for (i=0; handlers[i].name; i++) {
+		if (StrCaseCmp(handlers[i].name, field) == 0) {
+			handlers[i].handler(field, (struct berval **) values);
+			break;
+		}
+	}
+	if (!handlers[i].name) {
+		dump_string(field, (struct berval **) values);
+	}
+}
+
+/**
+ * Dump a result from LDAP on stdout
+ *  used for debugging
+ * @param ads connection to ads server
+ * @param res Results to dump
+ **/
+
+void ads_dump(ADS_STRUCT *ads, void *res)
+{
+	ads_process_results(ads, res, ads_dump_field, NULL);
+}
+
+/**
+ * Walk through results, calling a function for each entry found.
+ *  The function receives a field name, a berval * array of values,
+ *  and a data area passed through from the start.  The function is
+ *  called once with null for field and values at the end of each
+ *  entry.
+ * @param ads connection to ads server
+ * @param res Results to process
+ * @param fn Function for processing each result
+ * @param data_area user-defined area to pass to function
+ **/
+void ads_process_results(ADS_STRUCT *ads, void *res,
+			 void(*fn)(char *, void **, void *),
+			 void *data_area)
+{
+	void *msg;
+
+	for (msg = ads_first_entry(ads, res); msg; 
+	     msg = ads_next_entry(ads, msg)) {
+		char *field;
+		BerElement *b;
+	
+		for (field = ldap_first_attribute(ads->ld, (LDAPMessage *)msg, &b); 
+		     field;
+		     field = ldap_next_attribute(ads->ld, (LDAPMessage *)msg, b)) {
+			struct berval **values;
+			
+			values = ldap_get_values_len(ads->ld, (LDAPMessage *)msg, field);
+			fn(field, (void **) values, data_area);
+
+			ldap_value_free_len(values);
+			ldap_memfree(field);
+		}
+		ber_free(b, 0);
+		fn(NULL, NULL, data_area); /* completed an entry */
+
+	}
+}
+
+/**
+ * Walk through an entry, calling a function for each attribute found.
+ *  The function receives a field name, a berval * array of values,
+ *  and a data area passed through from the start.
+ * @param ads connection to ads server
+ * @param res Results to process
+ * @param fn Function for processing each result
+ * @param data_area user-defined area to pass to function
+ **/
+void ads_process_entry(ADS_STRUCT *ads, void *msg,
+		       void(*fn)(ADS_STRUCT *, char *, void **, void *),
+		       void *data_area)
+{
+	char *field;
+	BerElement *b;
+	
+	for (field = ldap_first_attribute(ads->ld, (LDAPMessage *)msg, &b); 
+	     field;
+	     field = ldap_next_attribute(ads->ld, (LDAPMessage *)msg, b)) {
+		struct berval **values;
+
+		values = ldap_get_values_len(ads->ld, (LDAPMessage *)msg, field);
+		fn(ads, field, (void **) values, data_area);
+
+		ldap_value_free_len(values);
+		ldap_memfree(field);
+	}
+	ber_free(b, 0);
+}
+/**
+ * count how many replies are in a LDAPMessage
+ * @param ads connection to ads server
+ * @param res Results to count
+ * @return number of replies
+ **/
+int ads_count_replies(ADS_STRUCT *ads, void *res)
+{
+	return ldap_count_entries(ads->ld, (LDAPMessage *)res);
+}
+
+/**
+ * Join a machine to a realm
+ *  Creates the machine account and sets the machine password
+ * @param ads connection to ads server
+ * @param hostname name of host to add
+ * @param org_unit Organizational unit to place machine in
+ * @return status of join
+ **/
+ADS_STATUS ads_join_realm(ADS_STRUCT *ads, const char *hostname, const char *org_unit)
+{
+	ADS_STATUS status;
+	LDAPMessage *res;
+	char *host;
+
+	/* hostname must be lowercase */
+	host = strdup(hostname);
+	strlower(host);
+
+	status = ads_find_machine_acct(ads, (void **)&res, host);
+	if (ADS_ERR_OK(status) && ads_count_replies(ads, res) == 1) {
+		DEBUG(0, ("Host account for %s already exists - deleting old account\n", host));
+		status = ads_leave_realm(ads, host);
+		if (!ADS_ERR_OK(status)) {
+			DEBUG(0, ("Failed to delete host '%s' from the '%s' realm.\n", 
+				  host, ads->realm));
+			return status;
+		}
+	}
+
+	status = ads_add_machine_acct(ads, host, org_unit);
+	if (!ADS_ERR_OK(status)) {
+		DEBUG(0, ("ads_add_machine_acct: %s\n", ads_errstr(status)));
+		return status;
+	}
+
+	status = ads_find_machine_acct(ads, (void **)&res, host);
+	if (!ADS_ERR_OK(status)) {
+		DEBUG(0, ("Host account test failed\n"));
+		return status;
+	}
+
+	free(host);
+
+	return status;
+}
+
+/**
+ * Delete a machine from the realm
+ * @param ads connection to ads server
+ * @param hostname Machine to remove
+ * @return status of delete
+ **/
+ADS_STATUS ads_leave_realm(ADS_STRUCT *ads, const char *hostname)
+{
+	ADS_STATUS status;
+	void *res;
+	char *hostnameDN, *host; 
+	int rc;
+
+	/* hostname must be lowercase */
+	host = strdup(hostname);
+	strlower(host);
+
+	status = ads_find_machine_acct(ads, &res, host);
+	if (!ADS_ERR_OK(status)) {
+	    DEBUG(0, ("Host account for %s does not exist.\n", host));
+	    return status;
+	}
+
+	hostnameDN = ads_get_dn(ads, (LDAPMessage *)res);
+	rc = ldap_delete_s(ads->ld, hostnameDN);
+	ads_memfree(ads, hostnameDN);
+	if (rc != LDAP_SUCCESS) {
+		return ADS_ERROR(rc);
+	}
+
+	status = ads_find_machine_acct(ads, &res, host);
+	if (ADS_ERR_OK(status) && ads_count_replies(ads, res) == 1) {
+		DEBUG(0, ("Failed to remove host account.\n"));
+		return status;
+	}
+
+	free(host);
+
+	return status;
+}
+
+/**
+ * add machine account to existing security descriptor 
+ * @param ads connection to ads server
+ * @param hostname machine to add
+ * @param dn DN of security descriptor
+ * @return status
+ **/
+ADS_STATUS ads_set_machine_sd(ADS_STRUCT *ads, const char *hostname, char *dn)
+{
+	const char     *attrs[] = {"ntSecurityDescriptor", "objectSid", 0};
+	char           *exp     = 0;
+	size_t          sd_size = 0;
+	struct berval **bvals   = 0;
+	prs_struct      ps;
+	prs_struct      ps_wire;
+
+	LDAPMessage *res  = 0;
+	LDAPMessage *msg  = 0;
+	ADS_MODLIST  mods = 0;
+
+	NTSTATUS    status;
+	ADS_STATUS  ret;
+	DOM_SID     sid;
+	SEC_DESC   *psd = 0;
+	TALLOC_CTX *ctx = 0;	
+
+	if (!ads) return ADS_ERROR(LDAP_SERVER_DOWN);
+
+	ret = ADS_ERROR(LDAP_SUCCESS);
+
+	asprintf(&exp, "(samAccountName=%s$)", hostname);
+	ret = ads_search(ads, (void *) &res, exp, attrs);
+
+	if (!ADS_ERR_OK(ret)) return ret;
+
+	msg   = ads_first_entry(ads, res);
+	bvals = ldap_get_values_len(ads->ld, msg, attrs[0]);
+	ads_pull_sid(ads, msg, attrs[1], &sid);	
+	ads_msgfree(ads, res);
+#if 0
+	file_save("/tmp/sec_desc.old", bvals[0]->bv_val, bvals[0]->bv_len);
+#endif
+	if (!(ctx = talloc_init_named("sec_io_desc")))
+		return ADS_ERROR(LDAP_NO_MEMORY);
+
+	prs_init(&ps, bvals[0]->bv_len, ctx, UNMARSHALL);
+	prs_append_data(&ps, bvals[0]->bv_val, bvals[0]->bv_len);
+	ps.data_offset = 0;
+	ldap_value_free_len(bvals);
+
+	if (!sec_io_desc("sd", &psd, &ps, 1))
+		goto ads_set_sd_error;
+
+	status = sec_desc_add_sid(ctx, &psd, &sid, SEC_RIGHTS_FULL_CTRL, &sd_size);
+
+	if (!NT_STATUS_IS_OK(status))
+		goto ads_set_sd_error;
+
+	prs_init(&ps_wire, sd_size, ctx, MARSHALL);
+	if (!sec_io_desc("sd_wire", &psd, &ps_wire, 1))
+		goto ads_set_sd_error;
+
+#if 0
+	file_save("/tmp/sec_desc.new", ps_wire.data_p, sd_size);
+#endif
+	if (!(mods = ads_init_mods(ctx))) return ADS_ERROR(LDAP_NO_MEMORY);
+
+	ads_mod_repl_len(ctx, &mods, attrs[0], sd_size, ps_wire.data_p);
+	ret = ads_gen_mod(ads, dn, mods);
+
+	prs_mem_free(&ps);
+	prs_mem_free(&ps_wire);
+	talloc_destroy(ctx);
+	return ret;
+
+ads_set_sd_error:
+	prs_mem_free(&ps);
+	prs_mem_free(&ps_wire);
+	talloc_destroy(ctx);
+	return ADS_ERROR(LDAP_NO_MEMORY);
+}
+
+/**
+ * Set the machine account password
+ * @param ads connection to ads server
+ * @param hostname machine whose password is being set
+ * @param password new password
+ * @return status of password change
+ **/
+ADS_STATUS ads_set_machine_password(ADS_STRUCT *ads,
+				    const char *hostname, 
+				    const char *password)
+{
+	ADS_STATUS status;
+	char *host = strdup(hostname);
+	char *principal; 
+
+        if (!ads->kdc_server) {
+		DEBUG(0, ("Unable to find KDC server\n"));
+		return ADS_ERROR(LDAP_SERVER_DOWN);
+	}
+
+	strlower(host);
+
+	asprintf(&principal, "%s@%s", host, ads->realm);
+	
+	status = krb5_set_password(ads->kdc_server, principal, password);
+	
+	free(host);
+	free(principal);
+
+	return status;
+}
+
+/**
+ * pull the first entry from a ADS result
+ * @param ads connection to ads server
+ * @param res Results of search
+ * @return first entry from result
+ **/
+void *ads_first_entry(ADS_STRUCT *ads, void *res)
+{
+	return (void *)ldap_first_entry(ads->ld, (LDAPMessage *)res);
+}
+
+/**
+ * pull the next entry from a ADS result
+ * @param ads connection to ads server
+ * @param res Results of search
+ * @return next entry from result
+ **/
+void *ads_next_entry(ADS_STRUCT *ads, void *res)
+{
+	return (void *)ldap_next_entry(ads->ld, (LDAPMessage *)res);
+}
+
+/**
+ * pull a single string from a ADS result
+ * @param ads connection to ads server
+ * @param mem_ctx TALLOC_CTX to use for allocating result string
+ * @param msg Results of search
+ * @param field Attribute to retrieve
+ * @return Result string in talloc context
+ **/
+char *ads_pull_string(ADS_STRUCT *ads, 
+		      TALLOC_CTX *mem_ctx, void *msg, const char *field)
+{
+	char **values;
+	char *ret = NULL;
+
+	values = ldap_get_values(ads->ld, msg, field);
+	if (!values) return NULL;
+	
+	if (values[0]) {
+		ret = talloc_strdup(mem_ctx, values[0]);
+	}
+	ldap_value_free(values);
+	return ret;
+}
+
+/**
+ * pull a single uint32 from a ADS result
+ * @param ads connection to ads server
+ * @param msg Results of search
+ * @param field Attribute to retrieve
+ * @param v Pointer to int to store result
+ * @return boolean inidicating success
+*/
+BOOL ads_pull_uint32(ADS_STRUCT *ads, 
+		     void *msg, const char *field, uint32 *v)
+{
+	char **values;
+
+	values = ldap_get_values(ads->ld, msg, field);
+	if (!values) return False;
+	if (!values[0]) {
+		ldap_value_free(values);
+		return False;
+	}
+
+	*v = atoi(values[0]);
+	ldap_value_free(values);
+	return True;
+}
+
+/**
+ * pull a single DOM_SID from a ADS result
+ * @param ads connection to ads server
+ * @param msg Results of search
+ * @param field Attribute to retrieve
+ * @param sid Pointer to sid to store result
+ * @return boolean inidicating success
+*/
+BOOL ads_pull_sid(ADS_STRUCT *ads, 
+		  void *msg, const char *field, DOM_SID *sid)
+{
+	struct berval **values;
+	BOOL ret = False;
+
+	values = ldap_get_values_len(ads->ld, msg, field);
+
+	if (!values) return False;
+
+	if (values[0]) {
+		ret = sid_parse(values[0]->bv_val, values[0]->bv_len, sid);
+	}
+	
+	ldap_value_free_len(values);
+	return ret;
+}
+
+/**
+ * pull an array of DOM_SIDs from a ADS result
+ * @param ads connection to ads server
+ * @param mem_ctx TALLOC_CTX for allocating sid array
+ * @param msg Results of search
+ * @param field Attribute to retrieve
+ * @param sids pointer to sid array to allocate
+ * @return the count of SIDs pulled
+ **/
+int ads_pull_sids(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx,
+		  void *msg, const char *field, DOM_SID **sids)
+{
+	struct berval **values;
+	BOOL ret;
+	int count, i;
+
+	values = ldap_get_values_len(ads->ld, msg, field);
+
+	if (!values) return 0;
+
+	for (i=0; values[i]; i++) /* nop */ ;
+
+	(*sids) = talloc(mem_ctx, sizeof(DOM_SID) * i);
+
+	count = 0;
+	for (i=0; values[i]; i++) {
+		ret = sid_parse(values[i]->bv_val, values[i]->bv_len, &(*sids)[count]);
+		if (ret) count++;
+	}
+	
+	ldap_value_free_len(values);
+	return count;
+}
+
+
+/**
+ * find the update serial number - this is the core of the ldap cache
+ * @param ads connection to ads server
+ * @param ads connection to ADS server
+ * @param usn Pointer to retrieved update serial number
+ * @return status of search
+ **/
+ADS_STATUS ads_USN(ADS_STRUCT *ads, uint32 *usn)
+{
+	const char *attrs[] = {"highestCommittedUSN", NULL};
+	ADS_STATUS status;
+	void *res;
+
+	status = ads_do_search(ads, "", LDAP_SCOPE_BASE, "(objectclass=*)", attrs, &res);
+	if (!ADS_ERR_OK(status)) return status;
+
+	if (ads_count_replies(ads, res) != 1) {
+		return ADS_ERROR(LDAP_NO_RESULTS_RETURNED);
+	}
+
+	ads_pull_uint32(ads, res, "highestCommittedUSN", usn);
+	ads_msgfree(ads, res);
+	return ADS_SUCCESS;
+}
+
+
+/**
+ * Find the servers name and realm - this can be done before authentication 
+ *  The ldapServiceName field on w2k  looks like this:
+ *    vnet3.home.samba.org:win2000-vnet3$@VNET3.HOME.SAMBA.ORG
+ * @param ads connection to ads server
+ * @return status of search
+ **/
+ADS_STATUS ads_server_info(ADS_STRUCT *ads)
+{
+	const char *attrs[] = {"ldapServiceName", NULL};
+	ADS_STATUS status;
+	void *res;
+	char **values;
+	char *p;
+
+	status = ads_do_search(ads, "", LDAP_SCOPE_BASE, "(objectclass=*)", attrs, &res);
+	if (!ADS_ERR_OK(status)) return status;
+
+	values = ldap_get_values(ads->ld, res, "ldapServiceName");
+	if (!values || !values[0]) return ADS_ERROR(LDAP_NO_RESULTS_RETURNED);
+
+	p = strchr(values[0], ':');
+	if (!p) {
+		ldap_value_free(values);
+		ldap_msgfree(res);
+		return ADS_ERROR(LDAP_DECODING_ERROR);
+	}
+
+	SAFE_FREE(ads->ldap_server_name);
+
+	ads->ldap_server_name = strdup(p+1);
+	p = strchr(ads->ldap_server_name, '$');
+	if (!p || p[1] != '@') {
+		ldap_value_free(values);
+		ldap_msgfree(res);
+		SAFE_FREE(ads->ldap_server_name);
+		return ADS_ERROR(LDAP_DECODING_ERROR);
+	}
+
+	*p = 0;
+
+	SAFE_FREE(ads->server_realm);
+	SAFE_FREE(ads->bind_path);
+
+	ads->server_realm = strdup(p+2);
+	ads->bind_path = ads_build_dn(ads->server_realm);
+
+	/* in case the realm isn't configured in smb.conf */
+	if (!ads->realm || !ads->realm[0]) {
+		SAFE_FREE(ads->realm);
+		ads->realm = strdup(ads->server_realm);
+	}
+
+	DEBUG(3,("got ldap server name %s@%s\n", 
+		 ads->ldap_server_name, ads->realm));
+
+	return ADS_SUCCESS;
+}
+
+
+/**
+ * find the list of trusted domains
+ * @param ads connection to ads server
+ * @param mem_ctx TALLOC_CTX for allocating results
+ * @param num_trusts pointer to number of trusts
+ * @param names pointer to trusted domain name list
+ * @param sids pointer to list of sids of trusted domains
+ * @return the count of SIDs pulled
+ **/
+ADS_STATUS ads_trusted_domains(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, 
+			       int *num_trusts, char ***names, DOM_SID **sids)
+{
+	const char *attrs[] = {"flatName", "securityIdentifier", NULL};
+	ADS_STATUS status;
+	void *res, *msg;
+	int count, i;
+
+	*num_trusts = 0;
+
+	status = ads_search(ads, &res, "(objectcategory=trustedDomain)", attrs);
+	if (!ADS_ERR_OK(status)) return status;
+
+	count = ads_count_replies(ads, res);
+	if (count == 0) {
+		ads_msgfree(ads, res);
+		return ADS_ERROR(LDAP_NO_RESULTS_RETURNED);
+	}
+
+	(*names) = talloc(mem_ctx, sizeof(char *) * count);
+	(*sids) = talloc(mem_ctx, sizeof(DOM_SID) * count);
+	if (! *names || ! *sids) return ADS_ERROR(LDAP_NO_MEMORY);
+
+	for (i=0, msg = ads_first_entry(ads, res); msg; msg = ads_next_entry(ads, msg)) {
+		(*names)[i] = ads_pull_string(ads, mem_ctx, msg, "flatName");
+		if (ads_pull_sid(ads, msg, "securityIdentifier", &(*sids)[i])) {
+			i++;
+		}
+	}
+
+	ads_msgfree(ads, res);
+
+	*num_trusts = i;
+
+	return ADS_SUCCESS;
+}
+
+/**
+ * find the domain sid for our domain
+ * @param ads connection to ads server
+ * @param sid Pointer to domain sid
+ * @return status of search
+ **/
+ADS_STATUS ads_domain_sid(ADS_STRUCT *ads, DOM_SID *sid)
+{
+	const char *attrs[] = {"objectSid", NULL};
+	void *res;
+	ADS_STATUS rc;
+
+	rc = ads_do_search(ads, ads->bind_path, LDAP_SCOPE_BASE, "(objectclass=*)", 
+			   attrs, &res);
+	if (!ADS_ERR_OK(rc)) return rc;
+	if (!ads_pull_sid(ads, res, "objectSid", sid)) {
+		return ADS_ERROR_SYSTEM(ENOENT);
+	}
+	ads_msgfree(ads, res);
+	
+	return ADS_SUCCESS;
+}
+
+#endif
diff --git a/source3/libads/ldap_printer.c b/source3/libads/ldap_printer.c
new file mode 100644
index 0000000000..52771ba39a
--- /dev/null
+++ b/source3/libads/ldap_printer.c
@@ -0,0 +1,197 @@
+/* 
+   Unix SMB/CIFS implementation.
+   ads (active directory) printer utility library
+   Copyright (C) Jim McDonough 2002
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+#ifdef HAVE_ADS
+
+/*
+  find a printer given the name and the hostname
+    Note that results "res" may be allocated on return so that the
+    results can be used.  It should be freed using ads_msgfree.
+*/
+ADS_STATUS ads_find_printer_on_server(ADS_STRUCT *ads, void **res,
+				      char *printer, char *servername)
+{
+	ADS_STATUS status;
+	char *srv_dn, *exp;
+	const char *attrs[] = {"*", "nTSecurityDescriptor", NULL};
+
+	status = ads_find_machine_acct(ads, res, servername);
+	if (!ADS_ERR_OK(status)) {
+		DEBUG(1, ("ads_add_printer: cannot find host %s in ads\n",
+			  servername));
+		return status;
+	}
+	srv_dn = ldap_get_dn(ads->ld, *res);
+	ads_msgfree(ads, *res);
+
+	asprintf(&exp, "(printerName=%s)", printer);
+	status = ads_do_search(ads, srv_dn, LDAP_SCOPE_SUBTREE, 
+			       exp, attrs, res);
+
+	free(exp);
+	return status;	
+}
+
+/*
+  modify an entire printer entry in the directory
+*/
+ADS_STATUS ads_mod_printer_entry(ADS_STRUCT *ads, char *prt_dn,
+				 const ADS_PRINTER_ENTRY *prt)
+{
+	ADS_MODLIST mods;
+	ADS_STATUS status;
+	TALLOC_CTX *ctx;
+
+	if (!(ctx = talloc_init_named("mod_printer_entry")))
+		return ADS_ERROR(LDAP_NO_MEMORY);
+
+	/* allocate the list */
+	mods = ads_init_mods(ctx);
+
+	/* add the attributes to the list - required ones first */
+	ads_mod_repl(ctx, &mods, "printerName", prt->printerName);
+	ads_mod_repl(ctx, &mods, "serverName", prt->serverName);
+	ads_mod_repl(ctx, &mods, "shortServerName", prt->shortServerName);
+	ads_mod_repl(ctx, &mods, "uNCName", prt->uNCName);
+	ads_mod_repl(ctx, &mods, "versionNumber", prt->versionNumber);
+
+	/* now the optional ones */
+	ads_mod_repl_list(ctx, &mods, "description", prt->description);
+	ads_mod_repl(ctx, &mods, "assetNumber",prt->assetNumber);
+	ads_mod_repl(ctx, &mods, "bytesPerMinute",prt->bytesPerMinute);
+	ads_mod_repl(ctx, &mods, "defaultPriority",prt->defaultPriority);
+	ads_mod_repl(ctx, &mods, "driverName", prt->driverName);
+	ads_mod_repl(ctx, &mods, "driverVersion",prt->driverVersion);
+	ads_mod_repl(ctx, &mods, "location", prt->location);
+	ads_mod_repl(ctx, &mods, "operatingSystem",prt->operatingSystem);
+	ads_mod_repl(ctx, &mods, "operatingSystemHotfix",
+		     prt->operatingSystemHotfix);
+	ads_mod_repl(ctx, &mods, "operatingSystemServicePack",
+		     prt->operatingSystemServicePack);
+	ads_mod_repl(ctx, &mods, "operatingSystemVersion",
+		     prt->operatingSystemVersion);
+	ads_mod_repl(ctx, &mods, "physicalLocationObject",
+		     prt->physicalLocationObject);
+	ads_mod_repl_list(ctx, &mods, "portName", prt->portName);
+	ads_mod_repl(ctx, &mods, "printStartTime", prt->printStartTime);
+	ads_mod_repl(ctx, &mods, "printEndTime", prt->printEndTime);
+	ads_mod_repl_list(ctx, &mods, "printBinNames", prt->printBinNames);
+	/*... and many others */
+
+	/* do the ldap modify */
+	status = ads_gen_mod(ads, prt_dn, mods);
+
+	/* free mod list, mods, and values */
+	talloc_destroy(ctx); 
+
+	return status;
+}
+	
+
+/*
+  add a printer to the directory
+*/
+static ADS_STATUS ads_add_printer_entry(ADS_STRUCT *ads, char *prt_dn,
+					const ADS_PRINTER_ENTRY *prt)
+{
+        ADS_STATUS status;
+	TALLOC_CTX *ctx;
+	ADS_MODLIST mods;
+
+	if (!(ctx = talloc_init_named("add_printer_entry")))
+		return ADS_ERROR(LDAP_NO_MEMORY);
+
+	if (!(mods = ads_init_mods(ctx)))
+		return ADS_ERROR(LDAP_NO_MEMORY);
+
+	/* These are the fields a printQueue must contain */
+	ads_mod_add(ctx, &mods, "uNCName", prt->uNCName);
+	ads_mod_add(ctx, &mods, "versionNumber", prt->versionNumber);
+	ads_mod_add(ctx, &mods, "serverName", prt->serverName);
+	ads_mod_add(ctx, &mods, "shortServerName", prt->shortServerName);
+	ads_mod_add(ctx, &mods, "printerName", prt->printerName);
+	ads_mod_add(ctx, &mods, "objectClass", "printQueue");
+
+
+	status = ads_gen_add(ads, prt_dn, mods);
+
+	talloc_destroy(ctx);
+
+        return status;
+}
+
+/*
+  publish a printer in the ADS
+*/
+
+ADS_STATUS ads_add_printer(ADS_STRUCT *ads, const ADS_PRINTER_ENTRY *prt)
+{
+	ADS_STATUS status;
+	void *res;
+	char *host_dn, *prt_dn;
+	const char *attrs[] = {"*", "nTSecurityDescriptor", NULL};
+
+	status = ads_find_machine_acct(ads, (void **)&res,
+				       prt->shortServerName);
+	if (!ADS_ERR_OK(status)) {
+		DEBUG(1, ("ads_add_printer: cannot find host %s in ads\n",
+			  prt->shortServerName));
+		return status;
+	}
+	host_dn = ldap_get_dn(ads->ld, res);
+	ads_msgfree(ads, res);
+
+	/* printer dn is cn=server-printer followed by host dn */
+	asprintf(&prt_dn, "cn=%s-%s,%s", prt->shortServerName,
+		 prt->printerName, host_dn);
+
+	status = ads_search_dn(ads, &res, prt_dn, attrs);
+
+	if (ADS_ERR_OK(status) && ads_count_replies(ads, res)) {
+		DEBUG(1, ("ads_add_printer: printer %s already exists\n",
+			  prt->printerName));
+		/* nothing to do, just free results */
+		ads_msgfree(ads, res);
+	} else {
+		ads_msgfree(ads, res);
+		status = ads_add_printer_entry(ads, prt_dn, prt);
+		if (!ADS_ERR_OK(status)) {
+			DEBUG(0, ("ads_add_printer: ads_add_printer_entry failed\n"));
+			return status;
+		}
+	}
+
+	status = ads_search_dn(ads, &res, prt_dn, attrs);
+
+	if (ADS_ERR_OK(status) && ads_count_replies(ads, res)) {
+		/* need to retrieve GUID from results
+		   prt->GUID */
+		status = ads_mod_printer_entry(ads, prt_dn, prt);
+	}
+
+	ads_msgfree(ads, res);
+
+
+	return status;
+}
+
+#endif
diff --git a/source3/libads/ldap_user.c b/source3/libads/ldap_user.c
new file mode 100644
index 0000000000..13e68eb82e
--- /dev/null
+++ b/source3/libads/ldap_user.c
@@ -0,0 +1,80 @@
+/* 
+   Unix SMB/CIFS implementation.
+   ads (active directory) utility library
+   Copyright (C) Jim McDonough 2002
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+#ifdef HAVE_ADS
+
+/*
+  find a user account
+*/
+ADS_STATUS ads_find_user_acct(ADS_STRUCT *ads, void **res, const char *user)
+{
+	ADS_STATUS status;
+	char *exp;
+	const char *attrs[] = {"*", NULL};
+
+	asprintf(&exp, "(samAccountName=%s)", user);
+	status = ads_search(ads, res, exp, attrs);
+	free(exp);
+	return status;
+}
+
+ADS_STATUS ads_add_user_acct(ADS_STRUCT *ads, const char *user, 
+			     const char *fullname)
+{
+	TALLOC_CTX *ctx;
+	ADS_MODLIST mods;
+	ADS_STATUS status;
+	char *upn, *new_dn, *name, *controlstr;
+
+	if (fullname && *fullname) name = fullname;
+	else name = user;
+
+	if (!(ctx = talloc_init_named("ads_add_user_acct")))
+		return ADS_ERROR(LDAP_NO_MEMORY);
+
+	status = ADS_ERROR(LDAP_NO_MEMORY);
+
+	if (!(upn = talloc_asprintf(ctx, "%s@%s", user, ads->realm)))
+		goto done;
+	if (!(new_dn = talloc_asprintf(ctx, "cn=%s,cn=Users,%s", name, 
+				       ads->bind_path)))
+		goto done;
+	if (!(controlstr = talloc_asprintf(ctx, "%u", UF_NORMAL_ACCOUNT)))
+		goto done;
+	if (!(mods = ads_init_mods(ctx)))
+		goto done;
+
+	ads_mod_add(ctx, &mods, "cn", name);
+	ads_mod_add_var(ctx, &mods, LDAP_MOD_ADD, "objectClass", "top",
+			"person", "organizationalPerson", "user", NULL);
+	ads_mod_add(ctx, &mods, "userPrincipalName", upn);
+	ads_mod_add(ctx, &mods, "name", name);
+	ads_mod_add(ctx, &mods, "displayName", name);
+	ads_mod_add(ctx, &mods, "sAMAccountName", user);
+	ads_mod_add(ctx, &mods, "userAccountControl", controlstr);
+	status = ads_gen_add(ads, new_dn, mods);
+
+ done:
+	talloc_destroy(ctx);
+	return status;
+}
+#endif
diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
new file mode 100644
index 0000000000..eb29c71fce
--- /dev/null
+++ b/source3/libads/sasl.c
@@ -0,0 +1,216 @@
+/* 
+   Unix SMB/CIFS implementation.
+   ads sasl code
+   Copyright (C) Andrew Tridgell 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+#ifdef HAVE_ADS
+
+#if USE_CYRUS_SASL
+/*
+  this is a minimal interact function, just enough for SASL to talk
+  GSSAPI/kerberos to W2K
+  Error handling is a bit of a problem. I can't see how to get Cyrus-sasl
+  to give sensible errors
+*/
+static int sasl_interact(LDAP *ld,unsigned flags,void *defaults,void *in)
+{
+	sasl_interact_t *interact = in;
+
+	while (interact->id != SASL_CB_LIST_END) {
+		interact->result = strdup("");
+		interact->len = strlen(interact->result);
+		interact++;
+	}
+	
+	return LDAP_SUCCESS;
+}
+#endif
+
+
+#define MAX_GSS_PASSES 3
+
+/* this performs a SASL/gssapi bind
+   we avoid using cyrus-sasl to make Samba more robust. cyrus-sasl
+   is very dependent on correctly configured DNS whereas
+   this routine is much less fragile
+   see RFC2078 for details
+*/
+ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads)
+{
+	int minor_status;
+	gss_name_t serv_name;
+	gss_buffer_desc input_name;
+	gss_ctx_id_t context_handle;
+	gss_OID mech_type = GSS_C_NULL_OID;
+	gss_buffer_desc output_token, input_token;
+	OM_uint32 ret_flags, conf_state;
+	struct berval cred;
+	struct berval *scred;
+	int i=0;
+	int gss_rc, rc;
+	uint8 *p;
+	uint32 max_msg_size;
+	char *sname;
+	ADS_STATUS status;
+	krb5_principal principal;
+	krb5_context ctx;
+	krb5_enctype enc_types[] = {ENCTYPE_DES_CBC_MD5, ENCTYPE_NULL};
+	gss_OID_desc nt_principal = 
+	{10, "\052\206\110\206\367\022\001\002\002\002"};
+
+	/* we need to fetch a service ticket as the ldap user in the
+	   servers realm, regardless of our realm */
+	asprintf(&sname, "ldap/%s@%s", ads->ldap_server_name, ads->server_realm);
+	krb5_init_context(&ctx);
+	krb5_set_default_tgs_ktypes(ctx, enc_types);
+	krb5_parse_name(ctx, sname, &principal);
+	free(sname);
+	krb5_free_context(ctx);	
+
+	input_name.value = &principal;
+	input_name.length = sizeof(principal);
+
+	gss_rc = gss_import_name(&minor_status,&input_name,&nt_principal, &serv_name);
+	if (gss_rc) {
+		return ADS_ERROR_GSS(gss_rc, minor_status);
+	}
+
+	context_handle = GSS_C_NO_CONTEXT;
+
+	input_token.value = NULL;
+	input_token.length = 0;
+
+	for (i=0; i < MAX_GSS_PASSES; i++) {
+		gss_rc = gss_init_sec_context(&minor_status,
+					  GSS_C_NO_CREDENTIAL,
+					  &context_handle,
+					  serv_name,
+					  mech_type,
+					  GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG,
+					  0,
+					  NULL,
+					  &input_token,
+					  NULL,
+					  &output_token,
+					  &ret_flags,
+					  NULL);
+
+		if (input_token.value) {
+			gss_release_buffer(&minor_status, &input_token);
+		}
+
+		if (gss_rc && gss_rc != GSS_S_CONTINUE_NEEDED) {
+			status = ADS_ERROR_GSS(gss_rc, minor_status);
+			goto failed;
+		}
+
+		cred.bv_val = output_token.value;
+		cred.bv_len = output_token.length;
+
+		rc = ldap_sasl_bind_s(ads->ld, NULL, "GSSAPI", &cred, NULL, NULL, 
+				      &scred);
+		if (rc != LDAP_SASL_BIND_IN_PROGRESS) {
+			status = ADS_ERROR(rc);
+			goto failed;
+		}
+
+		if (output_token.value) {
+			gss_release_buffer(&minor_status, &output_token);
+		}
+
+		if (scred) {
+			input_token.value = scred->bv_val;
+			input_token.length = scred->bv_len;
+		} else {
+			input_token.value = NULL;
+			input_token.length = 0;
+		}
+
+		if (gss_rc == 0) break;
+	}
+
+	gss_release_name(&minor_status, &serv_name);
+
+	gss_rc = gss_unwrap(&minor_status,context_handle,&input_token,&output_token,
+			    &conf_state,NULL);
+	if (gss_rc) {
+		status = ADS_ERROR_GSS(gss_rc, minor_status);
+		goto failed;
+	}
+
+	gss_release_buffer(&minor_status, &input_token);
+
+	p = (uint8 *)output_token.value;
+
+	max_msg_size = (p[1]<<16) | (p[2]<<8) | p[3];
+
+	gss_release_buffer(&minor_status, &output_token);
+
+	output_token.value = malloc(strlen(ads->bind_path) + 8);
+	p = output_token.value;
+
+	*p++ = 1; /* no sign or seal */
+	/* choose the same size as the server gave us */
+	*p++ = max_msg_size>>16;
+	*p++ = max_msg_size>>8;
+	*p++ = max_msg_size;
+	snprintf(p, strlen(ads->bind_path)+1, "dn:%s", ads->bind_path);
+	p += strlen(ads->bind_path);
+
+	output_token.length = strlen(ads->bind_path) + 8;
+
+	gss_rc = gss_wrap(&minor_status, context_handle,0,GSS_C_QOP_DEFAULT,
+			  &output_token, &conf_state,
+			  &input_token);
+	if (gss_rc) {
+		status = ADS_ERROR_GSS(gss_rc, minor_status);
+		goto failed;
+	}
+
+	free(output_token.value);
+
+	cred.bv_val = input_token.value;
+	cred.bv_len = input_token.length;
+
+	rc = ldap_sasl_bind_s(ads->ld, NULL, "GSSAPI", &cred, NULL, NULL, 
+			      &scred);
+	status = ADS_ERROR(rc);
+
+	gss_release_buffer(&minor_status, &input_token);
+
+failed:
+	return status;
+}
+
+ADS_STATUS ads_sasl_bind(ADS_STRUCT *ads)
+{
+#if USE_CYRUS_SASL
+	int rc;
+	rc = ldap_sasl_interactive_bind_s(ads->ld, NULL, NULL, NULL, NULL, 
+					  LDAP_SASL_QUIET,
+					  sasl_interact, NULL);
+	return ADS_ERROR(rc);
+#else
+	return ads_sasl_gssapi_bind(ads);
+#endif
+}
+
+#endif
+
diff --git a/source3/libads/util.c b/source3/libads/util.c
new file mode 100644
index 0000000000..d48eb10b71
--- /dev/null
+++ b/source3/libads/util.c
@@ -0,0 +1,58 @@
+/* 
+   Unix SMB/CIFS implementation.
+   krb5 set password implementation
+   Copyright (C) Remus Koos 2001 (remuskoos@yahoo.com)
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+#ifdef HAVE_KRB5
+
+ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_principal)
+{
+    char *tmp_password;
+    char *password;
+    char *new_password;
+    char *service_principal;
+    ADS_STATUS ret;
+     
+    if ((password = secrets_fetch_machine_password()) == NULL) {
+	DEBUG(1,("Failed to retrieve password for principal %s\n", host_principal));
+	return ADS_ERROR_SYSTEM(ENOENT);
+    }
+
+    tmp_password = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH);
+    new_password = strdup(tmp_password);
+    asprintf(&service_principal, "HOST/%s", host_principal);
+    
+    ret = kerberos_set_password(ads->kdc_server, host_principal, password, 
+				service_principal, new_password);
+
+    if (!secrets_store_machine_password(new_password)) {
+	    DEBUG(1,("Failed to save machine password\n"));
+	    return ADS_ERROR_SYSTEM(EACCES);
+    }
+
+    SAFE_FREE(service_principal);
+    SAFE_FREE(new_password);
+
+    return ret;
+}
+
+
+
+#endif
diff --git a/source3/libsmb/.cvsignore b/source3/libsmb/.cvsignore
new file mode 100644
index 0000000000..07da2225c7
--- /dev/null
+++ b/source3/libsmb/.cvsignore
@@ -0,0 +1,3 @@
+*.po
+*.po32
+
diff --git a/source3/libsmb/asn1.c b/source3/libsmb/asn1.c
new file mode 100644
index 0000000000..b4ad3ad0b8
--- /dev/null
+++ b/source3/libsmb/asn1.c
@@ -0,0 +1,408 @@
+/* 
+   Unix SMB/CIFS implementation.
+   simple SPNEGO routines
+   Copyright (C) Andrew Tridgell 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/* free an asn1 structure */
+void asn1_free(ASN1_DATA *data)
+{
+	SAFE_FREE(data->data);
+}
+
+/* write to the ASN1 buffer, advancing the buffer pointer */
+BOOL asn1_write(ASN1_DATA *data, const void *p, int len)
+{
+	if (data->has_error) return False;
+	if (data->length < data->ofs+len) {
+		uint8 *newp;
+		newp = Realloc(data->data, data->ofs+len);
+		if (!newp) {
+			SAFE_FREE(data->data);
+			data->has_error = True;
+			return False;
+		}
+		data->data = newp;
+		data->length = data->ofs+len;
+	}
+	memcpy(data->data + data->ofs, p, len);
+	data->ofs += len;
+	return True;
+}
+
+/* useful fn for writing a uint8 */
+BOOL asn1_write_uint8(ASN1_DATA *data, uint8 v)
+{
+	return asn1_write(data, &v, 1);
+}
+
+/* push a tag onto the asn1 data buffer. Used for nested structures */
+BOOL asn1_push_tag(ASN1_DATA *data, uint8 tag)
+{
+	struct nesting *nesting;
+
+	asn1_write_uint8(data, tag);
+	nesting = (struct nesting *)malloc(sizeof(struct nesting));
+	if (!nesting) {
+		data->has_error = True;
+		return False;
+	}
+
+	nesting->start = data->ofs;
+	nesting->next = data->nesting;
+	data->nesting = nesting;
+	return asn1_write_uint8(data, 0xff);
+}
+
+/* pop a tag */
+BOOL asn1_pop_tag(ASN1_DATA *data)
+{
+	struct nesting *nesting;
+	size_t len;
+
+	nesting = data->nesting;
+
+	if (!nesting) {
+		data->has_error = True;
+		return False;
+	}
+	len = data->ofs - (nesting->start+1);
+	/* yes, this is ugly. We don't know in advance how many bytes the length
+	   of a tag will take, so we assumed 1 byte. If we were wrong then we 
+	   need to correct our mistake */
+	if (len > 255) {
+		data->data[nesting->start] = 0x82;
+		if (!asn1_write_uint8(data, 0)) return False;
+		if (!asn1_write_uint8(data, 0)) return False;
+		memmove(data->data+nesting->start+3, data->data+nesting->start+1, len);
+		data->data[nesting->start+1] = len>>8;
+		data->data[nesting->start+2] = len&0xff;
+	} else if (len > 127) {
+		data->data[nesting->start] = 0x81;
+		if (!asn1_write_uint8(data, 0)) return False;
+		memmove(data->data+nesting->start+2, data->data+nesting->start+1, len);
+		data->data[nesting->start+1] = len;
+	} else {
+		data->data[nesting->start] = len;
+	}
+
+	data->nesting = nesting->next;
+	free(nesting);
+	return True;
+}
+
+
+/* write an integer */
+BOOL asn1_write_Integer(ASN1_DATA *data, int i)
+{
+	if (!asn1_push_tag(data, ASN1_INTEGER)) return False;
+	do {
+		asn1_write_uint8(data, i);
+		i = i >> 8;
+	} while (i);
+	return asn1_pop_tag(data);
+}
+
+/* write an object ID to a ASN1 buffer */
+BOOL asn1_write_OID(ASN1_DATA *data, const char *OID)
+{
+	unsigned v, v2;
+	const char *p = (const char *)OID;
+	char *newp;
+
+	if (!asn1_push_tag(data, ASN1_OID))
+		return False;
+	v = strtol(p, &newp, 10);
+	p = newp;
+	v2 = strtol(p, &newp, 10);
+	p = newp;
+	if (!asn1_write_uint8(data, 40*v + v2))
+		return False;
+
+	while (*p) {
+		v = strtol(p, &newp, 10);
+		p = newp;
+		if (v >= (1<<28)) asn1_write_uint8(data, 0x80 | ((v>>28)&0xff));
+		if (v >= (1<<21)) asn1_write_uint8(data, 0x80 | ((v>>21)&0xff));
+		if (v >= (1<<14)) asn1_write_uint8(data, 0x80 | ((v>>14)&0xff));
+		if (v >= (1<<7)) asn1_write_uint8(data, 0x80 | ((v>>7)&0xff));
+		if (!asn1_write_uint8(data, v&0x7f))
+			return False;
+	}
+	return asn1_pop_tag(data);
+}
+
+/* write an octet string */
+BOOL asn1_write_OctetString(ASN1_DATA *data, const void *p, size_t length)
+{
+	asn1_push_tag(data, ASN1_OCTET_STRING);
+	asn1_write(data, p, length);
+	asn1_pop_tag(data);
+	return !data->has_error;
+}
+
+/* write a general string */
+BOOL asn1_write_GeneralString(ASN1_DATA *data, const char *s)
+{
+	asn1_push_tag(data, ASN1_GENERAL_STRING);
+	asn1_write(data, s, strlen(s));
+	asn1_pop_tag(data);
+	return !data->has_error;
+}
+
+/* write a BOOLEAN */
+BOOL asn1_write_BOOLEAN(ASN1_DATA *data, BOOL v)
+{
+	asn1_write_uint8(data, ASN1_BOOLEAN);
+	asn1_write_uint8(data, v);
+	return !data->has_error;
+}
+
+/* check a BOOLEAN */
+BOOL asn1_check_BOOLEAN(ASN1_DATA *data, BOOL v)
+{
+	uint8 b = 0;
+
+	asn1_read_uint8(data, &b);
+	if (b != ASN1_BOOLEAN) {
+		data->has_error = True;
+		return False;
+	}
+	asn1_read_uint8(data, &b);
+	if (b != v) {
+		data->has_error = True;
+		return False;
+	}
+	return !data->has_error;
+}
+
+
+/* load a ASN1_DATA structure with a lump of data, ready to be parsed */
+BOOL asn1_load(ASN1_DATA *data, DATA_BLOB blob)
+{
+	ZERO_STRUCTP(data);
+	data->data = memdup(blob.data, blob.length);
+	if (!data->data) {
+		data->has_error = True;
+		return False;
+	}
+	data->length = blob.length;
+	return True;
+}
+
+/* read from a ASN1 buffer, advancing the buffer pointer */
+BOOL asn1_read(ASN1_DATA *data, void *p, int len)
+{
+	if (data->ofs + len > data->length) {
+		data->has_error = True;
+		return False;
+	}
+	memcpy(p, data->data + data->ofs, len);
+	data->ofs += len;
+	return True;
+}
+
+/* read a uint8 from a ASN1 buffer */
+BOOL asn1_read_uint8(ASN1_DATA *data, uint8 *v)
+{
+	return asn1_read(data, v, 1);
+}
+
+/* start reading a nested asn1 structure */
+BOOL asn1_start_tag(ASN1_DATA *data, uint8 tag)
+{
+	uint8 b;
+	struct nesting *nesting;
+	
+	asn1_read_uint8(data, &b);
+	if (b != tag) {
+		data->has_error = True;
+		return False;
+	}
+	nesting = (struct nesting *)malloc(sizeof(struct nesting));
+	if (!nesting) {
+		data->has_error = True;
+		return False;
+	}
+
+	asn1_read_uint8(data, &b);
+	if (b & 0x80) {
+		int n = b & 0x7f;
+		if (n > 2) {
+			data->has_error = True;
+			return False;
+		}
+		asn1_read_uint8(data, &b);
+		nesting->taglen = b;
+		if (n == 2) {
+			asn1_read_uint8(data, &b);
+			nesting->taglen = (nesting->taglen << 8) | b;
+		}
+	} else {
+		nesting->taglen = b;
+	}
+	nesting->start = data->ofs;
+	nesting->next = data->nesting;
+	data->nesting = nesting;
+	return !data->has_error;
+}
+
+
+/* stop reading a tag */
+BOOL asn1_end_tag(ASN1_DATA *data)
+{
+	struct nesting *nesting;
+
+	/* make sure we read it all */
+	if (asn1_tag_remaining(data) != 0) {
+		data->has_error = True;
+		return False;
+	}
+
+	nesting = data->nesting;
+
+	if (!nesting) {
+		data->has_error = True;
+		return False;
+	}
+
+	data->nesting = nesting->next;
+	free(nesting);
+	return True;
+}
+
+/* work out how many bytes are left in this nested tag */
+int asn1_tag_remaining(ASN1_DATA *data)
+{
+	if (!data->nesting) {
+		data->has_error = True;
+		return -1;
+	}
+	return data->nesting->taglen - (data->ofs - data->nesting->start);
+}
+
+/* read an object ID from a ASN1 buffer */
+BOOL asn1_read_OID(ASN1_DATA *data, char **OID)
+{
+	uint8 b;
+	pstring oid;
+	fstring el;
+
+	if (!asn1_start_tag(data, ASN1_OID)) return False;
+	asn1_read_uint8(data, &b);
+
+	oid[0] = 0;
+	snprintf(el, sizeof(el), "%u",  b/40);
+	pstrcat(oid, el);
+	snprintf(el, sizeof(el), " %u",  b%40);
+	pstrcat(oid, el);
+
+	while (asn1_tag_remaining(data) > 0) {
+		unsigned v = 0;
+		do {
+			asn1_read_uint8(data, &b);
+			v = (v<<7) | (b&0x7f);
+		} while (!data->has_error && b & 0x80);
+		snprintf(el, sizeof(el), " %u",  v);
+		pstrcat(oid, el);
+	}
+
+	asn1_end_tag(data);
+
+	*OID = strdup(oid);
+
+	return !data->has_error;
+}
+
+/* check that the next object ID is correct */
+BOOL asn1_check_OID(ASN1_DATA *data, char *OID)
+{
+	char *id;
+
+	if (!asn1_read_OID(data, &id)) return False;
+
+	if (strcmp(id, OID) != 0) {
+		data->has_error = True;
+		return False;
+	}
+	free(id);
+	return True;
+}
+
+/* read a GeneralString from a ASN1 buffer */
+BOOL asn1_read_GeneralString(ASN1_DATA *data, char **s)
+{
+	int len;
+	if (!asn1_start_tag(data, ASN1_GENERAL_STRING)) return False;
+	len = asn1_tag_remaining(data);
+	*s = malloc(len+1);
+	if (! *s) {
+		data->has_error = True;
+		return False;
+	}
+	asn1_read(data, *s, len);
+	(*s)[len] = 0;
+	asn1_end_tag(data);
+	return !data->has_error;
+}
+
+/* read a octet string blob */
+BOOL asn1_read_OctetString(ASN1_DATA *data, DATA_BLOB *blob)
+{
+	int len;
+	if (!asn1_start_tag(data, ASN1_OCTET_STRING)) return False;
+	len = asn1_tag_remaining(data);
+	*blob = data_blob(NULL, len);
+	asn1_read(data, blob->data, len);
+	asn1_end_tag(data);
+	return !data->has_error;
+}
+
+/* read an interger */
+BOOL asn1_read_Integer(ASN1_DATA *data, int *i)
+{
+	uint8 b;
+	*i = 0;
+	
+	if (!asn1_start_tag(data, ASN1_INTEGER)) return False;
+	while (asn1_tag_remaining(data)>0) {
+		*i = (*i << 8) + asn1_read_uint8(data, &b);
+	}
+	return asn1_end_tag(data);	
+	
+}
+
+/* check a enumarted value is correct */
+BOOL asn1_check_enumerated(ASN1_DATA *data, int v)
+{
+	uint8 b;
+	if (!asn1_start_tag(data, ASN1_ENUMERATED)) return False;
+	asn1_read_uint8(data, &b);
+	asn1_end_tag(data);
+	return !data->has_error && (v == b);
+}
+
+/* check a enumarted value is correct */
+BOOL asn1_write_enumerated(ASN1_DATA *data, uint8 v)
+{
+	if (!asn1_push_tag(data, ASN1_ENUMERATED)) return False;
+	asn1_write_uint8(data, v);
+	asn1_pop_tag(data);
+	return !data->has_error;
+}
diff --git a/source3/libsmb/cli_dfs.c b/source3/libsmb/cli_dfs.c
new file mode 100644
index 0000000000..312275926c
--- /dev/null
+++ b/source3/libsmb/cli_dfs.c
@@ -0,0 +1,253 @@
+/* 
+   Unix SMB/CIFS implementation.
+   RPC pipe client
+   Copyright (C) Tim Potter                        2000-2001,
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/* Opens a SMB connection to the netdfs pipe */
+
+struct cli_state *cli_dfs_initialise(struct cli_state *cli, char *system_name,
+				     struct ntuser_creds *creds)
+{
+        return cli_pipe_initialise(cli, system_name, PIPE_NETDFS, creds);
+}
+
+/* Query DFS support */
+
+NTSTATUS cli_dfs_exist(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+                       BOOL *dfs_exists)
+{
+	prs_struct qbuf, rbuf;
+	DFS_Q_DFS_EXIST q;
+	DFS_R_DFS_EXIST r;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+        init_dfs_q_dfs_exist(&q);
+
+	if (!dfs_io_q_dfs_exist("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, DFS_EXIST, &qbuf, &rbuf)) {
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!dfs_io_r_dfs_exist("", &r, &rbuf, 0)) {
+		goto done;
+	}
+
+	/* Return result */
+
+	*dfs_exists = (r.status != 0);
+
+	result = NT_STATUS_OK;
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+NTSTATUS cli_dfs_add(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+                     char *entrypath, char *servername, char *sharename,
+                     char *comment, uint32 flags)
+{
+	prs_struct qbuf, rbuf;
+	DFS_Q_DFS_ADD q;
+	DFS_R_DFS_ADD r;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+        init_dfs_q_dfs_add(&q, entrypath, servername, sharename, comment,
+			   flags);
+
+	if (!dfs_io_q_dfs_add("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, DFS_ADD, &qbuf, &rbuf)) {
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!dfs_io_r_dfs_add("", &r, &rbuf, 0)) {
+		goto done;
+	}
+
+	/* Return result */
+
+        result = werror_to_ntstatus(r.status);
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+NTSTATUS cli_dfs_remove(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+                        char *entrypath, char *servername, char *sharename)
+{
+	prs_struct qbuf, rbuf;
+	DFS_Q_DFS_REMOVE q;
+	DFS_R_DFS_REMOVE r;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+        init_dfs_q_dfs_remove(&q, entrypath, servername, sharename);
+
+	if (!dfs_io_q_dfs_remove("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, DFS_REMOVE, &qbuf, &rbuf)) {
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!dfs_io_r_dfs_remove("", &r, &rbuf, 0)) {
+		goto done;
+	}
+
+	/* Return result */
+
+	result = werror_to_ntstatus(r.status);
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+NTSTATUS cli_dfs_get_info(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+                          char *entrypath, char *servername, char *sharename,
+                          uint32 info_level, DFS_INFO_CTR *ctr)
+
+{
+	prs_struct qbuf, rbuf;
+	DFS_Q_DFS_GET_INFO q;
+	DFS_R_DFS_GET_INFO r;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+        init_dfs_q_dfs_get_info(&q, entrypath, servername, sharename,
+				info_level);
+
+	if (!dfs_io_q_dfs_get_info("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, DFS_GET_INFO, &qbuf, &rbuf)) {
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!dfs_io_r_dfs_get_info("", &r, &rbuf, 0)) {
+		goto done;
+	}
+
+	/* Return result */
+
+	result = werror_to_ntstatus(r.status);
+	*ctr = r.ctr;
+	
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/* Enumerate dfs shares */
+
+NTSTATUS cli_dfs_enum(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+                      uint32 info_level, DFS_INFO_CTR *ctr)
+{
+	prs_struct qbuf, rbuf;
+	DFS_Q_DFS_ENUM q;
+	DFS_R_DFS_ENUM r;
+        NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+        init_dfs_q_dfs_enum(&q, info_level, ctr);
+
+	if (!dfs_io_q_dfs_enum("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, DFS_ENUM, &qbuf, &rbuf)) {
+		goto done;
+	}
+
+	/* Unmarshall response */
+	
+	r.ctr = ctr;
+
+	if (!dfs_io_r_dfs_enum("", &r, &rbuf, 0)) {
+		goto done;
+	}
+
+	/* Return result */
+
+	result = werror_to_ntstatus(r.status);
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
diff --git a/source3/libsmb/cli_lsarpc.c b/source3/libsmb/cli_lsarpc.c
new file mode 100644
index 0000000000..3216854608
--- /dev/null
+++ b/source3/libsmb/cli_lsarpc.c
@@ -0,0 +1,1167 @@
+/* 
+   Unix SMB/CIFS implementation.
+   RPC pipe client
+   Copyright (C) Tim Potter                        2000-2001,
+   Copyright (C) Andrew Tridgell              1992-1997,2000,
+   Copyright (C) Luke Kenneth Casson Leighton 1996-1997,2000,
+   Copyright (C) Paul Ashton                       1997,2000,
+   Copyright (C) Elrond                                 2000.
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/** @defgroup lsa LSA - Local Security Architecture
+ *  @ingroup rpc_client
+ *
+ * @{
+ **/
+
+/**
+ * @file cli_lsarpc.c
+ *
+ * RPC client routines for the LSA RPC pipe.  LSA means "local
+ * security authority", which is half of a password database.
+ **/
+
+/** Opens a SMB connection and connects to the LSARPC pipe.
+ *
+ * @param cli Uninitialised client handle.
+ * @param system_name NETBIOS name of the machine to connect to.
+ * @param creds User credentials to connect as.
+ * @returns Initialised client handle.
+ */
+struct cli_state *cli_lsa_initialise(struct cli_state *cli, char *system_name,
+				     struct ntuser_creds *creds)
+{
+        return cli_pipe_initialise(cli, system_name, PIPE_LSARPC, creds);
+}
+
+/** Open a LSA policy handle
+ *
+ * @param cli Handle on an initialised SMB connection */
+
+NTSTATUS cli_lsa_open_policy(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+                             BOOL sec_qos, uint32 des_access, POLICY_HND *pol)
+{
+	prs_struct qbuf, rbuf;
+	LSA_Q_OPEN_POL q;
+	LSA_R_OPEN_POL r;
+	LSA_SEC_QOS qos;
+	NTSTATUS result;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Initialise input parameters */
+
+	if (sec_qos) {
+		init_lsa_sec_qos(&qos, 2, 1, 0);
+		init_q_open_pol(&q, '\\', 0, des_access, &qos);
+	} else {
+		init_q_open_pol(&q, '\\', 0, des_access, NULL);
+	}
+
+	/* Marshall data and send request */
+
+	if (!lsa_io_q_open_pol("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, LSA_OPENPOLICY, &qbuf, &rbuf)) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!lsa_io_r_open_pol("", &r, &rbuf, 0)) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	/* Return output parameters */
+
+	if (NT_STATUS_IS_OK(result = r.status)) {
+		*pol = r.pol;
+#ifdef __INSURE__
+		pol->marker = malloc(1);
+#endif
+	}
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/** Open a LSA policy handle
+  *
+  * @param cli Handle on an initialised SMB connection 
+  */
+
+NTSTATUS cli_lsa_open_policy2(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+                              BOOL sec_qos, uint32 des_access, POLICY_HND *pol)
+{
+	prs_struct qbuf, rbuf;
+	LSA_Q_OPEN_POL2 q;
+	LSA_R_OPEN_POL2 r;
+	LSA_SEC_QOS qos;
+	NTSTATUS result;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Initialise input parameters */
+
+	if (sec_qos) {
+		init_lsa_sec_qos(&qos, 2, 1, 0);
+		init_q_open_pol2(&q, cli->srv_name_slash, 0, des_access, 
+                                 &qos);
+	} else {
+		init_q_open_pol2(&q, cli->srv_name_slash, 0, des_access, 
+                                 NULL);
+	}
+
+	/* Marshall data and send request */
+
+	if (!lsa_io_q_open_pol2("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, LSA_OPENPOLICY2, &qbuf, &rbuf)) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!lsa_io_r_open_pol2("", &r, &rbuf, 0)) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	/* Return output parameters */
+
+	if (NT_STATUS_IS_OK(result = r.status)) {
+		*pol = r.pol;
+#ifdef __INSURE__
+		pol->marker = (char *)malloc(1);
+#endif
+	}
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/** Close a LSA policy handle */
+
+NTSTATUS cli_lsa_close(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+                       POLICY_HND *pol)
+{
+	prs_struct qbuf, rbuf;
+	LSA_Q_CLOSE q;
+	LSA_R_CLOSE r;
+	NTSTATUS result;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+	init_lsa_q_close(&q, pol);
+
+	if (!lsa_io_q_close("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, LSA_CLOSE, &qbuf, &rbuf)) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!lsa_io_r_close("", &r, &rbuf, 0)) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	/* Return output parameters */
+
+	if (NT_STATUS_IS_OK(result = r.status)) {
+#ifdef __INSURE__
+		SAFE_FREE(pol->marker);
+#endif
+		*pol = r.pol;
+	}
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/** Lookup a list of sids */
+
+NTSTATUS cli_lsa_lookup_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+                             POLICY_HND *pol, int num_sids, DOM_SID *sids, 
+                             char ***domains, char ***names, uint32 **types, int *num_names)
+{
+	prs_struct qbuf, rbuf;
+	LSA_Q_LOOKUP_SIDS q;
+	LSA_R_LOOKUP_SIDS r;
+	DOM_R_REF ref;
+	LSA_TRANS_NAME_ENUM t_names;
+	NTSTATUS result;
+	int i;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+	init_q_lookup_sids(mem_ctx, &q, pol, num_sids, sids, 1);
+
+	if (!lsa_io_q_lookup_sids("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, LSA_LOOKUPSIDS, &qbuf, &rbuf)) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	ZERO_STRUCT(ref);
+	ZERO_STRUCT(t_names);
+
+	r.dom_ref = &ref;
+	r.names = &t_names;
+
+	if (!lsa_io_r_lookup_sids("", &r, &rbuf, 0)) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	result = r.status;
+
+	if (!NT_STATUS_IS_OK(result) &&
+		NT_STATUS_V(result) != NT_STATUS_V(NT_STATUS_FILES_OPEN)) {
+		/* An actual error occured */
+
+		goto done;
+	}
+
+
+	/* Return output parameters */
+
+	if (r.mapped_count == 0) {
+		result = NT_STATUS_NONE_MAPPED;
+		goto done;
+	}
+
+	(*num_names) = r.mapped_count;
+	result = NT_STATUS_OK;
+
+	if (!((*domains) = (char **)talloc(mem_ctx, sizeof(char *) * r.mapped_count))) {
+		DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	if (!((*names) = (char **)talloc(mem_ctx, sizeof(char *) * r.mapped_count))) {
+		DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	if (!((*types) = (uint32 *)talloc(mem_ctx, sizeof(uint32) * r.mapped_count))) {
+		DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+		
+	for (i = 0; i < r.mapped_count; i++) {
+		fstring name, dom_name;
+		uint32 dom_idx = t_names.name[i].domain_idx;
+
+		/* Translate optimised name through domain index array */
+
+		if (dom_idx != 0xffffffff) {
+
+			rpcstr_pull_unistr2_fstring(
+                                dom_name, &ref.ref_dom[dom_idx].uni_dom_name);
+			rpcstr_pull_unistr2_fstring(
+                                name, &t_names.uni_name[i]);
+
+			(*names)[i] = talloc_strdup(mem_ctx, name);
+			(*domains)[i] = talloc_strdup(mem_ctx, dom_name);
+			(*types)[i] = t_names.name[i].sid_name_use;
+			
+			if (((*names)[i] == NULL) || ((*domains)[i] == NULL)) {
+				DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
+				result = NT_STATUS_UNSUCCESSFUL;
+				goto done;
+			}
+
+		} else {
+			(*names)[i] = NULL;
+			(*types)[i] = SID_NAME_UNKNOWN;
+		}
+	}
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/** Lookup a list of names */
+
+NTSTATUS cli_lsa_lookup_names(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+                              POLICY_HND *pol, int num_names, const char **names, 
+                              DOM_SID **sids, uint32 **types, int *num_sids)
+{
+	prs_struct qbuf, rbuf;
+	LSA_Q_LOOKUP_NAMES q;
+	LSA_R_LOOKUP_NAMES r;
+	DOM_R_REF ref;
+	NTSTATUS result;
+	int i;
+	
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+	init_q_lookup_names(mem_ctx, &q, pol, num_names, names);
+
+	if (!lsa_io_q_lookup_names("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, LSA_LOOKUPNAMES, &qbuf, &rbuf)) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+	
+	/* Unmarshall response */
+
+	ZERO_STRUCT(ref);
+	r.dom_ref = &ref;
+
+	if (!lsa_io_r_lookup_names("", &r, &rbuf, 0)) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	result = r.status;
+
+	if (!NT_STATUS_IS_OK(result)) {
+		/* An actual error occured */
+
+		goto done;
+	}
+
+
+	/* Return output parameters */
+
+	if (r.mapped_count == 0) {
+		result = NT_STATUS_NONE_MAPPED;
+		goto done;
+	}
+
+	(*num_sids) = r.mapped_count;
+	result = NT_STATUS_OK;
+
+	if (!((*sids = (DOM_SID *)talloc(mem_ctx, sizeof(DOM_SID) * r.mapped_count)))) {
+		DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	if (!((*types = (uint32 *)talloc(mem_ctx, sizeof(uint32) * r.mapped_count)))) {
+		DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	for (i = 0; i < r.mapped_count; i++) {
+		DOM_RID2 *t_rids = r.dom_rid;
+		uint32 dom_idx = t_rids[i].rid_idx;
+		uint32 dom_rid = t_rids[i].rid;
+		DOM_SID *sid = &(*sids)[i];
+
+		/* Translate optimised sid through domain index array */
+
+		if (dom_idx != 0xffffffff) {
+
+			sid_copy(sid, &ref.ref_dom[dom_idx].ref_dom.sid);
+
+			if (dom_rid != 0xffffffff) {
+				sid_append_rid(sid, dom_rid);
+			}
+
+			(*types)[i] = t_rids[i].type;
+		} else {
+			ZERO_STRUCTP(sid);
+			(*types)[i] = SID_NAME_UNKNOWN;
+		}
+	}
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/** Query info policy
+ *
+ *  @param domain_sid - returned remote server's domain sid */
+
+NTSTATUS cli_lsa_query_info_policy(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+                                   POLICY_HND *pol, uint16 info_class, 
+                                   fstring domain_name, DOM_SID *domain_sid)
+{
+	prs_struct qbuf, rbuf;
+	LSA_Q_QUERY_INFO q;
+	LSA_R_QUERY_INFO r;
+	NTSTATUS result;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+	init_q_query(&q, pol, info_class);
+
+	if (!lsa_io_q_query("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, LSA_QUERYINFOPOLICY, &qbuf, &rbuf)) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!lsa_io_r_query("", &r, &rbuf, 0)) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	if (!NT_STATUS_IS_OK(result = r.status)) {
+		goto done;
+	}
+
+	/* Return output parameters */
+
+	ZERO_STRUCTP(domain_sid);
+	domain_name[0] = '\0';
+
+	switch (info_class) {
+
+	case 3:
+		if (r.dom.id3.buffer_dom_name != 0) {
+			unistr2_to_ascii(domain_name,
+					 &r.dom.id3.
+					 uni_domain_name,
+					 sizeof (fstring) - 1);
+		}
+
+		if (r.dom.id3.buffer_dom_sid != 0) {
+			*domain_sid = r.dom.id3.dom_sid.sid;
+		}
+
+		break;
+
+	case 5:
+		
+		if (r.dom.id5.buffer_dom_name != 0) {
+			unistr2_to_ascii(domain_name, &r.dom.id5.
+					 uni_domain_name,
+					 sizeof (fstring) - 1);
+		}
+			
+		if (r.dom.id5.buffer_dom_sid != 0) {
+			*domain_sid = r.dom.id5.dom_sid.sid;
+		}
+
+		break;
+		
+	default:
+		DEBUG(3, ("unknown info class %d\n", info_class));
+		break;		      
+	}
+	
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/** Enumerate list of trusted domains */
+
+NTSTATUS cli_lsa_enum_trust_dom(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+                                POLICY_HND *pol, uint32 *enum_ctx, 
+                                uint32 *num_domains, char ***domain_names, 
+                                DOM_SID **domain_sids)
+{
+	prs_struct qbuf, rbuf;
+	LSA_Q_ENUM_TRUST_DOM q;
+	LSA_R_ENUM_TRUST_DOM r;
+	NTSTATUS result;
+	int i;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+        init_q_enum_trust_dom(&q, pol, *enum_ctx, 0xffffffff);
+
+	if (!lsa_io_q_enum_trust_dom("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, LSA_ENUMTRUSTDOM, &qbuf, &rbuf)) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!lsa_io_r_enum_trust_dom("", &r, &rbuf, 0)) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	result = r.status;
+
+	if (!NT_STATUS_IS_OK(result) && 
+	    NT_STATUS_V(result) != NT_STATUS_V(NT_STATUS_NO_MORE_ENTRIES)) {
+
+		/* An actual error ocured */
+
+		goto done;
+	}
+
+	result = NT_STATUS_OK;
+
+	/* Return output parameters */
+
+	if (r.num_domains) {
+
+		/* Allocate memory for trusted domain names and sids */
+
+		*domain_names = (char **)talloc(mem_ctx, sizeof(char *) *
+						r.num_domains);
+
+		if (!*domain_names) {
+			DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n"));
+			result = NT_STATUS_UNSUCCESSFUL;
+			goto done;
+		}
+
+		*domain_sids = (DOM_SID *)talloc(mem_ctx, sizeof(DOM_SID) *
+						 r.num_domains);
+		if (!domain_sids) {
+			DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n"));
+			result = NT_STATUS_UNSUCCESSFUL;
+			goto done;
+		}
+
+		/* Copy across names and sids */
+
+		for (i = 0; i < r.num_domains; i++) {
+			fstring tmp;
+
+			unistr2_to_ascii(tmp, &r.uni_domain_name[i], 
+					 sizeof(tmp) - 1);
+			(*domain_names)[i] = talloc_strdup(mem_ctx, tmp);
+			sid_copy(&(*domain_sids)[i], &r.domain_sid[i].sid);
+		}
+	}
+
+	*num_domains = r.num_domains;
+	*enum_ctx = r.enum_context;
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/** Enumerate privileges*/
+
+NTSTATUS cli_lsa_enum_privilege(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+                                POLICY_HND *pol, uint32 *enum_context, uint32 pref_max_length,
+				uint32 *count, char ***privs_name, uint32 **privs_high, uint32 **privs_low)
+{
+	prs_struct qbuf, rbuf;
+	LSA_Q_ENUM_PRIVS q;
+	LSA_R_ENUM_PRIVS r;
+	NTSTATUS result;
+	int i;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+	init_q_enum_privs(&q, pol, *enum_context, pref_max_length);
+
+	if (!lsa_io_q_enum_privs("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, LSA_ENUM_PRIVS, &qbuf, &rbuf)) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!lsa_io_r_enum_privs("", &r, &rbuf, 0)) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	if (!NT_STATUS_IS_OK(result = r.status)) {
+		goto done;
+	}
+
+	/* Return output parameters */
+
+	*enum_context = r.enum_context;
+	*count = r.count;
+
+	if (!((*privs_name = (char **)talloc(mem_ctx, sizeof(char *) * r.count)))) {
+		DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n"));
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	if (!((*privs_high = (uint32 *)talloc(mem_ctx, sizeof(uint32) * r.count)))) {
+		DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n"));
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	if (!((*privs_low = (uint32 *)talloc(mem_ctx, sizeof(uint32) * r.count)))) {
+		DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n"));
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	for (i = 0; i < r.count; i++) {
+		fstring name;
+
+		rpcstr_pull_unistr2_fstring( name, &r.privs[i].name);
+
+		(*privs_name)[i] = talloc_strdup(mem_ctx, name);
+
+		(*privs_high)[i] = r.privs[i].luid_high;
+		(*privs_low)[i] = r.privs[i].luid_low;
+	}
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/** Get privilege name */
+
+NTSTATUS cli_lsa_get_dispname(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+			      POLICY_HND *pol, char *name, uint16 lang_id, uint16 lang_id_sys,
+			      fstring description, uint16 *lang_id_desc)
+{
+	prs_struct qbuf, rbuf;
+	LSA_Q_PRIV_GET_DISPNAME q;
+	LSA_R_PRIV_GET_DISPNAME r;
+	NTSTATUS result;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+	init_lsa_priv_get_dispname(&q, pol, name, lang_id, lang_id_sys);
+
+	if (!lsa_io_q_priv_get_dispname("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, LSA_PRIV_GET_DISPNAME, &qbuf, &rbuf)) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!lsa_io_r_priv_get_dispname("", &r, &rbuf, 0)) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	if (!NT_STATUS_IS_OK(result = r.status)) {
+		goto done;
+	}
+
+	/* Return output parameters */
+	
+	rpcstr_pull_unistr2_fstring(description , &r.desc);
+	*lang_id_desc = r.lang_id;
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/** Enumerate list of SIDs  */
+
+NTSTATUS cli_lsa_enum_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+                                POLICY_HND *pol, uint32 *enum_ctx, uint32 pref_max_length, 
+                                uint32 *num_sids, DOM_SID **sids)
+{
+	prs_struct qbuf, rbuf;
+	LSA_Q_ENUM_ACCOUNTS q;
+	LSA_R_ENUM_ACCOUNTS r;
+	NTSTATUS result;
+	int i;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+        init_lsa_q_enum_accounts(&q, pol, *enum_ctx, pref_max_length);
+
+	if (!lsa_io_q_enum_accounts("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, LSA_ENUM_ACCOUNTS, &qbuf, &rbuf)) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!lsa_io_r_enum_accounts("", &r, &rbuf, 0)) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	result = r.status;
+
+	if (!NT_STATUS_IS_OK(result = r.status)) {
+		goto done;
+	}
+
+	if (r.sids.num_entries==0)
+		goto done;
+
+	/* Return output parameters */
+
+	*sids = (DOM_SID *)talloc(mem_ctx, sizeof(DOM_SID) * r.sids.num_entries);
+	if (!*sids) {
+		DEBUG(0, ("(cli_lsa_enum_sids): out of memory\n"));
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	/* Copy across names and sids */
+
+	for (i = 0; i < r.sids.num_entries; i++) {
+		sid_copy(&(*sids)[i], &r.sids.sid[i].sid);
+	}
+
+	*num_sids= r.sids.num_entries;
+	*enum_ctx = r.enum_context;
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/** Open a LSA user handle
+ *
+ * @param cli Handle on an initialised SMB connection */
+
+NTSTATUS cli_lsa_open_account(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+                             POLICY_HND *dom_pol, DOM_SID *sid, uint32 des_access, 
+			     POLICY_HND *user_pol)
+{
+	prs_struct qbuf, rbuf;
+	LSA_Q_OPENACCOUNT q;
+	LSA_R_OPENACCOUNT r;
+	NTSTATUS result;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Initialise input parameters */
+
+	init_lsa_q_open_account(&q, dom_pol, sid, des_access);
+
+	/* Marshall data and send request */
+
+	if (!lsa_io_q_open_account("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, LSA_OPENACCOUNT, &qbuf, &rbuf)) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!lsa_io_r_open_account("", &r, &rbuf, 0)) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	/* Return output parameters */
+
+	if (NT_STATUS_IS_OK(result = r.status)) {
+		*user_pol = r.pol;
+	}
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/** Enumerate user privileges
+ *
+ * @param cli Handle on an initialised SMB connection */
+
+NTSTATUS cli_lsa_enum_privsaccount(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+                             POLICY_HND *pol, uint32 *count, LUID_ATTR **set)
+{
+	prs_struct qbuf, rbuf;
+	LSA_Q_ENUMPRIVSACCOUNT q;
+	LSA_R_ENUMPRIVSACCOUNT r;
+	NTSTATUS result;
+	int i;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Initialise input parameters */
+
+	init_lsa_q_enum_privsaccount(&q, pol);
+
+	/* Marshall data and send request */
+
+	if (!lsa_io_q_enum_privsaccount("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, LSA_ENUMPRIVSACCOUNT, &qbuf, &rbuf)) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!lsa_io_r_enum_privsaccount("", &r, &rbuf, 0)) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	/* Return output parameters */
+
+	if (!NT_STATUS_IS_OK(result = r.status)) {
+		goto done;
+	}
+
+	if (r.count == 0)
+		goto done;
+
+	if (!((*set = (LUID_ATTR *)talloc(mem_ctx, sizeof(LUID_ATTR) * r.count)))) {
+		DEBUG(0, ("(cli_lsa_enum_privsaccount): out of memory\n"));
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	for (i=0; i<r.count; i++) {
+		(*set)[i].luid.low = r.set.set[i].luid.low;
+		(*set)[i].luid.high = r.set.set[i].luid.high;
+		(*set)[i].attr = r.set.set[i].attr;
+	}
+
+	*count=r.count;
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/** Get a privilege value given its name */
+
+NTSTATUS cli_lsa_lookupprivvalue(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+			      POLICY_HND *pol, char *name, LUID *luid)
+{
+	prs_struct qbuf, rbuf;
+	LSA_Q_LOOKUPPRIVVALUE q;
+	LSA_R_LOOKUPPRIVVALUE r;
+	NTSTATUS result;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+	init_lsa_q_lookupprivvalue(&q, pol, name);
+
+	if (!lsa_io_q_lookupprivvalue("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, LSA_LOOKUPPRIVVALUE, &qbuf, &rbuf)) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!lsa_io_r_lookupprivvalue("", &r, &rbuf, 0)) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	if (!NT_STATUS_IS_OK(result = r.status)) {
+		goto done;
+	}
+
+	/* Return output parameters */
+
+	(*luid).low=r.luid.low;
+	(*luid).high=r.luid.high;
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/** Query LSA security object */
+
+NTSTATUS cli_lsa_query_secobj(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+			      POLICY_HND *pol, uint32 sec_info, 
+			      SEC_DESC_BUF **psdb)
+{
+	prs_struct qbuf, rbuf;
+	LSA_Q_QUERY_SEC_OBJ q;
+	LSA_R_QUERY_SEC_OBJ r;
+	NTSTATUS result;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+	init_q_query_sec_obj(&q, pol, sec_info);
+
+	if (!lsa_io_q_query_sec_obj("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, LSA_QUERYSECOBJ, &qbuf, &rbuf)) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!lsa_io_r_query_sec_obj("", &r, &rbuf, 0)) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	if (!NT_STATUS_IS_OK(result = r.status)) {
+		goto done;
+	}
+
+	/* Return output parameters */
+
+	if (psdb)
+		*psdb = r.buf;
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+#if 0
+
+/** An example of how to use the routines in this file.  Fetch a DOMAIN
+    sid. Does complete cli setup / teardown anonymously. */
+
+BOOL fetch_domain_sid( char *domain, char *remote_machine, DOM_SID *psid)
+{
+	extern pstring global_myname;
+	struct cli_state cli;
+	NTSTATUS result;
+	POLICY_HND lsa_pol;
+	BOOL ret = False;
+ 
+	ZERO_STRUCT(cli);
+	if(cli_initialise(&cli) == False) {
+		DEBUG(0,("fetch_domain_sid: unable to initialize client connection.\n"));
+		return False;
+	}
+ 
+	if(!resolve_name( remote_machine, &cli.dest_ip, 0x20)) {
+		DEBUG(0,("fetch_domain_sid: Can't resolve address for %s\n", remote_machine));
+		goto done;
+	}
+ 
+	if (!cli_connect(&cli, remote_machine, &cli.dest_ip)) {
+		DEBUG(0,("fetch_domain_sid: unable to connect to SMB server on \
+machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
+		goto done;
+	}
+
+	if (!attempt_netbios_session_request(&cli, global_myname, remote_machine, &cli.dest_ip)) {
+		DEBUG(0,("fetch_domain_sid: machine %s rejected the NetBIOS session request.\n", 
+			remote_machine));
+		goto done;
+	}
+ 
+	cli.protocol = PROTOCOL_NT1;
+ 
+	if (!cli_negprot(&cli)) {
+		DEBUG(0,("fetch_domain_sid: machine %s rejected the negotiate protocol. \
+Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
+		goto done;
+	}
+ 
+	if (cli.protocol != PROTOCOL_NT1) {
+		DEBUG(0,("fetch_domain_sid: machine %s didn't negotiate NT protocol.\n",
+			remote_machine));
+		goto done;
+	}
+ 
+	/*
+	 * Do an anonymous session setup.
+	 */
+ 
+	if (!cli_session_setup(&cli, "", "", 0, "", 0, "")) {
+		DEBUG(0,("fetch_domain_sid: machine %s rejected the session setup. \
+Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
+		goto done;
+	}
+ 
+	if (!(cli.sec_mode & 1)) {
+		DEBUG(0,("fetch_domain_sid: machine %s isn't in user level security mode\n",
+			remote_machine));
+		goto done;
+	}
+
+	if (!cli_send_tconX(&cli, "IPC$", "IPC", "", 1)) {
+		DEBUG(0,("fetch_domain_sid: machine %s rejected the tconX on the IPC$ share. \
+Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
+		goto done;
+	}
+
+	/* Fetch domain sid */
+ 
+	if (!cli_nt_session_open(&cli, PIPE_LSARPC)) {
+		DEBUG(0, ("fetch_domain_sid: Error connecting to SAM pipe\n"));
+		goto done;
+	}
+ 
+	result = cli_lsa_open_policy(&cli, cli.mem_ctx, True, SEC_RIGHTS_QUERY_VALUE, &lsa_pol);
+	if (!NT_STATUS_IS_OK(result)) {
+		DEBUG(0, ("fetch_domain_sid: Error opening lsa policy handle. %s\n",
+			nt_errstr(result) ));
+		goto done;
+	}
+ 
+	result = cli_lsa_query_info_policy(&cli, cli.mem_ctx, &lsa_pol, 5, domain, psid);
+	if (!NT_STATUS_IS_OK(result)) {
+		DEBUG(0, ("fetch_domain_sid: Error querying lsa policy handle. %s\n",
+			nt_errstr(result) ));
+		goto done;
+	}
+ 
+	ret = True;
+
+  done:
+
+	cli_shutdown(&cli);
+	return ret;
+}
+
+#endif
+
+/** @} **/
diff --git a/source3/libsmb/cli_netlogon.c b/source3/libsmb/cli_netlogon.c
new file mode 100644
index 0000000000..125590b6d3
--- /dev/null
+++ b/source3/libsmb/cli_netlogon.c
@@ -0,0 +1,673 @@
+/* 
+   Unix SMB/CIFS implementation.
+   NT Domain Authentication SMB / MSRPC client
+   Copyright (C) Andrew Tridgell 1992-2000
+   Copyright (C) Luke Kenneth Casson Leighton 1996-2000
+   Copyright (C) Tim Potter 2001
+   Copyright (C) Paul Ashton                       1997.
+   Copyright (C) Jeremy Allison                    1998.
+   Copyright (C) Andrew Bartlett                   2001.
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/* Opens a SMB connection to the netlogon pipe */
+
+struct cli_state *cli_netlogon_initialise(struct cli_state *cli, 
+					  char *system_name,
+					  struct ntuser_creds *creds)
+{
+        return cli_pipe_initialise(cli, system_name, PIPE_NETLOGON, creds);
+}
+
+/* LSA Request Challenge. Sends our challenge to server, then gets
+   server response. These are used to generate the credentials. */
+
+NTSTATUS new_cli_net_req_chal(struct cli_state *cli, DOM_CHAL *clnt_chal, 
+                              DOM_CHAL *srv_chal)
+{
+        prs_struct qbuf, rbuf;
+        NET_Q_REQ_CHAL q;
+        NET_R_REQ_CHAL r;
+        NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+        extern pstring global_myname;
+
+        prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
+        prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+        
+        /* create and send a MSRPC command with api NET_REQCHAL */
+
+        DEBUG(4,("cli_net_req_chal: LSA Request Challenge from %s to %s: %s\n",
+                 cli->desthost, global_myname, credstr(clnt_chal->data)));
+        
+        /* store the parameters */
+        init_q_req_chal(&q, cli->srv_name_slash, global_myname, clnt_chal);
+        
+        /* Marshall data and send request */
+
+        if (!net_io_q_req_chal("", &q,  &qbuf, 0) ||
+            !rpc_api_pipe_req(cli, NET_REQCHAL, &qbuf, &rbuf)) {
+                goto done;
+        }
+
+        /* Unmarhall response */
+
+        if (!net_io_r_req_chal("", &r, &rbuf, 0)) {
+                goto done;
+        }
+
+        result = r.status;
+
+        /* Return result */
+
+        if (NT_STATUS_IS_OK(result)) {
+                memcpy(srv_chal, r.srv_chal.data, sizeof(srv_chal->data));
+        }
+        
+ done:
+        prs_mem_free(&qbuf);
+        prs_mem_free(&rbuf);
+        
+        return result;
+}
+
+/****************************************************************************
+LSA Authenticate 2
+
+Send the client credential, receive back a server credential.
+Ensure that the server credential returned matches the session key 
+encrypt of the server challenge originally received. JRA.
+****************************************************************************/
+
+NTSTATUS new_cli_net_auth2(struct cli_state *cli, 
+			   uint16 sec_chan, 
+                           uint32 neg_flags, DOM_CHAL *srv_chal)
+{
+        prs_struct qbuf, rbuf;
+        NET_Q_AUTH_2 q;
+        NET_R_AUTH_2 r;
+        NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	extern pstring global_myname;
+
+        prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
+        prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+
+        /* create and send a MSRPC command with api NET_AUTH2 */
+
+        DEBUG(4,("cli_net_auth2: srv:%s acct:%s sc:%x mc: %s chal %s neg: %x\n",
+                 cli->srv_name_slash, cli->mach_acct, sec_chan, global_myname,
+                 credstr(cli->clnt_cred.challenge.data), neg_flags));
+
+        /* store the parameters */
+        init_q_auth_2(&q, cli->srv_name_slash, cli->mach_acct, 
+                      sec_chan, global_myname, &cli->clnt_cred.challenge, 
+                      neg_flags);
+
+        /* turn parameters into data stream */
+
+        if (!net_io_q_auth_2("", &q,  &qbuf, 0) ||
+            !rpc_api_pipe_req(cli, NET_AUTH2, &qbuf, &rbuf)) {
+                goto done;
+        }
+        
+        /* Unmarshall response */
+        
+        if (!net_io_r_auth_2("", &r, &rbuf, 0)) {
+                goto done;
+        }
+
+        result = r.status;
+
+        if (NT_STATUS_IS_OK(result)) {
+                UTIME zerotime;
+                
+                /*
+                 * Check the returned value using the initial
+                 * server received challenge.
+                 */
+
+                zerotime.time = 0;
+                if (cred_assert( &r.srv_chal, cli->sess_key, srv_chal, 
+                                 zerotime) == 0) {
+
+                        /*
+                         * Server replied with bad credential. Fail.
+                         */
+                        DEBUG(0,("cli_net_auth2: server %s replied with bad credential (bad machine \
+password ?).\n", cli->desthost ));
+                        result = NT_STATUS_ACCESS_DENIED;
+                        goto done;
+                }
+        }
+
+ done:
+        prs_mem_free(&qbuf);
+        prs_mem_free(&rbuf);
+        
+        return result;
+}
+
+/* Initialize domain session credentials */
+
+NTSTATUS new_cli_nt_setup_creds(struct cli_state *cli, 
+				uint16 sec_chan,
+                                const unsigned char mach_pwd[16])
+{
+        DOM_CHAL clnt_chal;
+        DOM_CHAL srv_chal;
+        UTIME zerotime;
+        NTSTATUS result;
+
+        /******************* Request Challenge ********************/
+
+        generate_random_buffer(clnt_chal.data, 8, False);
+	
+        /* send a client challenge; receive a server challenge */
+        result = new_cli_net_req_chal(cli, &clnt_chal, &srv_chal);
+
+        if (!NT_STATUS_IS_OK(result)) {
+                DEBUG(0,("cli_nt_setup_creds: request challenge failed\n"));
+                return result;
+        }
+        
+        /**************** Long-term Session key **************/
+
+        /* calculate the session key */
+        cred_session_key(&clnt_chal, &srv_chal, mach_pwd, 
+                         cli->sess_key);
+        memset((char *)cli->sess_key+8, '\0', 8);
+
+        /******************* Authenticate 2 ********************/
+
+        /* calculate auth-2 credentials */
+        zerotime.time = 0;
+        cred_create(cli->sess_key, &clnt_chal, zerotime, 
+                    &cli->clnt_cred.challenge);
+
+        /*  
+         * Send client auth-2 challenge.
+         * Receive an auth-2 challenge response and check it.
+         */
+        
+	result = new_cli_net_auth2(cli, sec_chan, 0x000001ff, 
+				   &srv_chal);
+	if (!NT_STATUS_IS_OK(result)) {
+                DEBUG(0,("cli_nt_setup_creds: auth2 challenge failed %s\n",
+			 nt_errstr(result)));
+        }
+
+        return result;
+}
+
+/* Logon Control 2 */
+
+NTSTATUS cli_netlogon_logon_ctrl2(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+                                  uint32 query_level)
+{
+	prs_struct qbuf, rbuf;
+	NET_Q_LOGON_CTRL2 q;
+	NET_R_LOGON_CTRL2 r;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Initialise input parameters */
+
+	init_net_q_logon_ctrl2(&q, cli->srv_name_slash, query_level);
+
+	/* Marshall data and send request */
+
+	if (!net_io_q_logon_ctrl2("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, NET_LOGON_CTRL2, &qbuf, &rbuf)) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!net_io_r_logon_ctrl2("", &r, &rbuf, 0)) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	result = r.status;
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/****************************************************************************
+Generate the next creds to use.  Yuck - this is a cut&paste from another
+file.  They should be combined at some stage.  )-:
+****************************************************************************/
+
+static void gen_next_creds( struct cli_state *cli, DOM_CRED *new_clnt_cred)
+{
+  /*
+   * Create the new client credentials.
+   */
+
+  cli->clnt_cred.timestamp.time = time(NULL);
+
+  memcpy(new_clnt_cred, &cli->clnt_cred, sizeof(*new_clnt_cred));
+
+  /* Calculate the new credentials. */
+  cred_create(cli->sess_key, &(cli->clnt_cred.challenge),
+              new_clnt_cred->timestamp, &(new_clnt_cred->challenge));
+
+}
+
+/* Sam synchronisation */
+
+NTSTATUS cli_netlogon_sam_sync(struct cli_state *cli, TALLOC_CTX *mem_ctx, DOM_CRED *ret_creds,
+                               uint32 database_id, uint32 *num_deltas,
+                               SAM_DELTA_HDR **hdr_deltas, 
+                               SAM_DELTA_CTR **deltas)
+{
+	prs_struct qbuf, rbuf;
+	NET_Q_SAM_SYNC q;
+	NET_R_SAM_SYNC r;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+        DOM_CRED clnt_creds;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Initialise input parameters */
+
+        gen_next_creds(cli, &clnt_creds);
+
+	init_net_q_sam_sync(&q, cli->srv_name_slash, cli->clnt_name_slash + 2,
+                            &clnt_creds, ret_creds, database_id);
+
+	/* Marshall data and send request */
+
+	if (!net_io_q_sam_sync("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, NET_SAM_SYNC, &qbuf, &rbuf)) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!net_io_r_sam_sync("", cli->sess_key, &r, &rbuf, 0)) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+        /* Return results */
+
+	result = r.status;
+        *num_deltas = r.num_deltas2;
+        *hdr_deltas = r.hdr_deltas;
+        *deltas = r.deltas;
+
+	memcpy(ret_creds, &r.srv_creds, sizeof(*ret_creds));
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/* Sam synchronisation */
+
+NTSTATUS cli_netlogon_sam_deltas(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+                                 uint32 database_id, UINT64_S seqnum,
+                                 uint32 *num_deltas, 
+                                 SAM_DELTA_HDR **hdr_deltas, 
+                                 SAM_DELTA_CTR **deltas)
+{
+	prs_struct qbuf, rbuf;
+	NET_Q_SAM_DELTAS q;
+	NET_R_SAM_DELTAS r;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+        DOM_CRED clnt_creds;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Initialise input parameters */
+
+        gen_next_creds(cli, &clnt_creds);
+
+	init_net_q_sam_deltas(&q, cli->srv_name_slash, 
+                              cli->clnt_name_slash + 2, &clnt_creds, 
+                              database_id, seqnum);
+
+	/* Marshall data and send request */
+
+	if (!net_io_q_sam_deltas("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, NET_SAM_DELTAS, &qbuf, &rbuf)) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!net_io_r_sam_deltas("", cli->sess_key, &r, &rbuf, 0)) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+        /* Return results */
+
+	result = r.status;
+        *num_deltas = r.num_deltas2;
+        *hdr_deltas = r.hdr_deltas;
+        *deltas = r.deltas;
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/* Logon domain user */
+
+NTSTATUS cli_netlogon_sam_logon(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+                                char *username, char *password,
+                                int logon_type)
+{
+	prs_struct qbuf, rbuf;
+	NET_Q_SAM_LOGON q;
+	NET_R_SAM_LOGON r;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+        DOM_CRED clnt_creds, dummy_rtn_creds;
+        extern pstring global_myname;
+        NET_ID_INFO_CTR ctr;
+        NET_USER_INFO_3 user;
+        int validation_level = 3;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+        /* Initialise input parameters */
+
+        gen_next_creds(cli, &clnt_creds);
+
+        q.validation_level = validation_level;
+
+	memset(&dummy_rtn_creds, '\0', sizeof(dummy_rtn_creds));
+	dummy_rtn_creds.timestamp.time = time(NULL);
+
+        ctr.switch_value = logon_type;
+
+        switch (logon_type) {
+        case INTERACTIVE_LOGON_TYPE: {
+                unsigned char lm_owf_user_pwd[16], nt_owf_user_pwd[16];
+
+                nt_lm_owf_gen(password, nt_owf_user_pwd, lm_owf_user_pwd);
+
+                init_id_info1(&ctr.auth.id1, lp_workgroup(), 
+                              0, /* param_ctrl */
+                              0xdead, 0xbeef, /* LUID? */
+                              username, cli->clnt_name_slash,
+                              cli->sess_key, lm_owf_user_pwd,
+                              nt_owf_user_pwd);
+
+                break;
+        }
+        case NET_LOGON_TYPE: {
+                uint8 chal[8];
+                unsigned char local_lm_response[24];
+                unsigned char local_nt_response[24];
+
+                generate_random_buffer(chal, 8, False);
+
+                SMBencrypt(password, chal, local_lm_response);
+                SMBNTencrypt(password, chal, local_nt_response);
+
+                init_id_info2(&ctr.auth.id2, lp_workgroup(), 
+                              0, /* param_ctrl */
+                              0xdead, 0xbeef, /* LUID? */
+                              username, cli->clnt_name_slash, chal,
+                              local_lm_response, 24, local_nt_response, 24);
+                break;
+        }
+        default:
+                DEBUG(0, ("switch value %d not supported\n", 
+                          ctr.switch_value));
+                goto done;
+        }
+
+        init_sam_info(&q.sam_id, cli->srv_name_slash, global_myname,
+                      &clnt_creds, &dummy_rtn_creds, logon_type,
+                      &ctr);
+
+        /* Marshall data and send request */
+
+	if (!net_io_q_sam_logon("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, NET_SAMLOGON, &qbuf, &rbuf)) {
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+        r.user = &user;
+
+	if (!net_io_r_sam_logon("", &r, &rbuf, 0)) {
+		goto done;
+	}
+
+        /* Return results */
+
+	result = r.status;
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+        return result;
+}
+
+
+/** 
+ * Logon domain user with an 'network' SAM logon 
+ *
+ * @param info3 Pointer to a NET_USER_INFO_3 already allocated by the caller.
+ **/
+
+NTSTATUS cli_netlogon_sam_network_logon(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+					const char *username, const char *domain, const char *workstation, 
+					const uint8 chal[8],
+					DATA_BLOB lm_response, DATA_BLOB nt_response,
+					NET_USER_INFO_3 *info3)
+
+{
+	prs_struct qbuf, rbuf;
+	NET_Q_SAM_LOGON q;
+	NET_R_SAM_LOGON r;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+        DOM_CRED clnt_creds, dummy_rtn_creds;
+	NET_ID_INFO_CTR ctr;
+	extern pstring global_myname;
+	int validation_level = 3;
+	char *workstation_name_slash;
+	
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	workstation_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", workstation);
+	
+	if (!workstation_name_slash) {
+		DEBUG(0, ("talloc_asprintf failed!\n"));
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Initialise input parameters */
+
+	gen_next_creds(cli, &clnt_creds);
+
+	q.validation_level = validation_level;
+
+	memset(&dummy_rtn_creds, '\0', sizeof(dummy_rtn_creds));
+	dummy_rtn_creds.timestamp.time = time(NULL);
+
+        ctr.switch_value = NET_LOGON_TYPE;
+
+	init_id_info2(&ctr.auth.id2, domain,
+		      0, /* param_ctrl */
+		      0xdead, 0xbeef, /* LUID? */
+		      username, workstation_name_slash, (const uchar*)chal,
+		      lm_response.data, lm_response.length, nt_response.data, nt_response.length);
+ 
+        init_sam_info(&q.sam_id, cli->srv_name_slash, global_myname,
+                      &clnt_creds, &dummy_rtn_creds, NET_LOGON_TYPE,
+                      &ctr);
+
+        /* Marshall data and send request */
+
+	if (!net_io_q_sam_logon("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, NET_SAMLOGON, &qbuf, &rbuf)) {
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+        r.user = info3;
+
+	if (!net_io_r_sam_logon("", &r, &rbuf, 0)) {
+		goto done;
+	}
+
+        /* Return results */
+
+	result = r.status;
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+        return result;
+}
+
+/***************************************************************************
+LSA Server Password Set.
+****************************************************************************/
+
+NTSTATUS cli_net_srv_pwset(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+			   char* machine_name, uint8 hashed_mach_pwd[16])
+{
+	prs_struct rbuf;
+	prs_struct qbuf; 
+	DOM_CRED new_clnt_cred;
+	NET_Q_SRV_PWSET q_s;
+	uint16 sec_chan_type = 2;
+	NTSTATUS nt_status;
+	char *mach_acct;
+
+	gen_next_creds( cli, &new_clnt_cred);
+	
+	prs_init(&qbuf , 1024, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0,    mem_ctx, UNMARSHALL);
+	
+	/* create and send a MSRPC command with api NET_SRV_PWSET */
+	
+	mach_acct = talloc_asprintf(mem_ctx, "%s$", machine_name);
+	
+	if (!mach_acct) {
+		DEBUG(0,("talloc_asprintf failed!\n"));
+		nt_status = NT_STATUS_NO_MEMORY;
+		goto done;
+	}
+
+	DEBUG(4,("cli_net_srv_pwset: srv:%s acct:%s sc: %d mc: %s clnt %s %x\n",
+		 cli->srv_name_slash, mach_acct, sec_chan_type, machine_name,
+		 credstr(new_clnt_cred.challenge.data), new_clnt_cred.timestamp.time));
+	
+        /* store the parameters */
+	init_q_srv_pwset(&q_s, cli->srv_name_slash, cli->sess_key,
+			 mach_acct, sec_chan_type, machine_name, 
+			 &new_clnt_cred, (char *)hashed_mach_pwd);
+	
+	/* turn parameters into data stream */
+	if(!net_io_q_srv_pwset("", &q_s,  &qbuf, 0)) {
+		DEBUG(0,("cli_net_srv_pwset: Error : failed to marshall NET_Q_SRV_PWSET struct.\n"));
+		nt_status = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+	
+	/* send the data on \PIPE\ */
+	if (rpc_api_pipe_req(cli, NET_SRVPWSET, &qbuf, &rbuf))
+	{
+		NET_R_SRV_PWSET r_s;
+		
+		if (!net_io_r_srv_pwset("", &r_s, &rbuf, 0)) {
+			nt_status =  NT_STATUS_UNSUCCESSFUL;
+			goto done;
+		}
+		
+		nt_status = r_s.status;
+
+		if (!NT_STATUS_IS_OK(r_s.status))
+		{
+			/* report error code */
+			DEBUG(0,("cli_net_srv_pwset: %s\n", nt_errstr(nt_status)));
+			goto done;
+		}
+
+		/* Update the credentials. */
+		if (!clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), &(r_s.srv_cred)))
+		{
+			/*
+			 * Server replied with bad credential. Fail.
+			 */
+			DEBUG(0,("cli_net_srv_pwset: server %s replied with bad credential (bad machine \
+password ?).\n", cli->desthost ));
+			nt_status = NT_STATUS_UNSUCCESSFUL;
+		}
+	}
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+	
+	return nt_status;
+}
+
diff --git a/source3/libsmb/cli_pipe_util.c b/source3/libsmb/cli_pipe_util.c
new file mode 100644
index 0000000000..de1c832e44
--- /dev/null
+++ b/source3/libsmb/cli_pipe_util.c
@@ -0,0 +1,82 @@
+/* 
+   Unix SMB/CIFS implementation.
+   RPC pipe client utility functions
+   Copyright (C) Tim Potter                        2001,
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/** \defgroup rpc_client RPC Client routines
+ */
+
+/* Opens a SMB connection to a named pipe */
+
+struct cli_state *cli_pipe_initialise(struct cli_state *cli, char *system_name,
+				      char *pipe_name, 
+                                      struct ntuser_creds *creds)
+{
+	struct in_addr dest_ip;
+	struct nmb_name calling, called;
+	fstring dest_host;
+	extern pstring global_myname;
+	struct ntuser_creds anon;
+
+	/* Initialise cli_state information */
+
+	if (!cli_initialise(cli)) {
+		return NULL;
+	}
+
+	if (!creds) {
+		ZERO_STRUCT(anon);
+		anon.pwd.null_pwd = 1;
+		creds = &anon;
+	}
+
+	cli_init_creds(cli, creds);
+
+	/* Establish a SMB connection */
+
+	if (!resolve_srv_name(system_name, dest_host, &dest_ip)) {
+		return NULL;
+	}
+
+	make_nmb_name(&called, dns_to_netbios_name(dest_host), 0x20);
+	make_nmb_name(&calling, dns_to_netbios_name(global_myname), 0);
+
+	if (!cli_establish_connection(cli, dest_host, &dest_ip, &calling, 
+				      &called, "IPC$", "IPC", False, True)) {
+		return NULL;
+	}
+
+	/* Open a NT session thingy */
+
+	if (!cli_nt_session_open(cli, pipe_name)) {
+		cli_shutdown(cli);
+		return NULL;
+	}
+
+	return cli;
+}
+
+/* Shut down a SMB connection to the SAMR pipe */
+
+void cli_pipe_shutdown(struct cli_state *cli)
+{
+	if (cli->fd != -1) cli_ulogoff(cli);
+	cli_shutdown(cli);
+}
diff --git a/source3/libsmb/cli_reg.c b/source3/libsmb/cli_reg.c
new file mode 100644
index 0000000000..c09ccabb29
--- /dev/null
+++ b/source3/libsmb/cli_reg.c
@@ -0,0 +1,111 @@
+/* 
+   Unix SMB/CIFS implementation.
+   RPC Pipe client
+ 
+   Copyright (C) Andrew Tridgell              1992-1998,
+   Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
+   Copyright (C) Paul Ashton                  1997-1998.
+   Copyright (C) Jeremy Allison                    1999.
+   Copyright (C) Simo Sorce                        2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/* Opens a SMB connection to the WINREG pipe */
+
+struct cli_state *cli_winreg_initialise(struct cli_state *cli, 
+                                        char *system_name,
+                                        struct ntuser_creds *creds)
+{
+        return cli_pipe_initialise(cli, system_name, PIPE_WINREG, creds);
+}
+
+/* Shutdown a server */
+
+NTSTATUS cli_reg_shutdown(struct cli_state * cli, TALLOC_CTX *mem_ctx,
+                          const char *msg, uint32 timeout, uint16 flags)
+{
+	prs_struct qbuf;
+	prs_struct rbuf; 
+	REG_Q_SHUTDOWN q_s;
+	REG_R_SHUTDOWN r_s;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	if (msg == NULL) return NT_STATUS_INVALID_PARAMETER;
+
+	ZERO_STRUCT (q_s);
+	ZERO_STRUCT (r_s);
+
+	prs_init(&qbuf , MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+	init_reg_q_shutdown(&q_s, msg, timeout, flags);
+
+	if (!reg_io_q_shutdown("", &q_s, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, REG_SHUTDOWN, &qbuf, &rbuf))
+		goto done;
+	
+	/* Unmarshall response */
+	
+	if(reg_io_r_shutdown("", &r_s, &rbuf, 0))
+		result = r_s.status;
+
+done:
+	prs_mem_free(&rbuf);
+	prs_mem_free(&qbuf);
+
+	return result;
+}
+
+
+/* Abort a server shutdown */
+
+NTSTATUS cli_reg_abort_shutdown(struct cli_state * cli, TALLOC_CTX *mem_ctx)
+{
+	prs_struct rbuf;
+	prs_struct qbuf; 
+	REG_Q_ABORT_SHUTDOWN q_s;
+	REG_R_ABORT_SHUTDOWN r_s;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	ZERO_STRUCT (q_s);
+	ZERO_STRUCT (r_s);
+
+	prs_init(&qbuf , MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+	
+	/* Marshall data and send request */
+
+	init_reg_q_abort_shutdown(&q_s);
+
+	if (!reg_io_q_abort_shutdown("", &q_s, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, REG_ABORT_SHUTDOWN, &qbuf, &rbuf))
+	    	goto done;
+	
+		/* Unmarshall response */
+	
+	if (reg_io_r_abort_shutdown("", &r_s, &rbuf, 0))
+		result = r_s.status;
+
+done:
+	prs_mem_free(&rbuf);
+	prs_mem_free(&qbuf );
+
+	return result;
+}
diff --git a/source3/libsmb/cli_samr.c b/source3/libsmb/cli_samr.c
new file mode 100644
index 0000000000..85a7375f99
--- /dev/null
+++ b/source3/libsmb/cli_samr.c
@@ -0,0 +1,1274 @@
+/* 
+   Unix SMB/CIFS implementation.
+   RPC pipe client
+   Copyright (C) Tim Potter                        2000-2001,
+   Copyright (C) Andrew Tridgell              1992-1997,2000,
+   Copyright (C) Luke Kenneth Casson Leighton 1996-1997,2000,
+   Copyright (C) Paul Ashton                       1997,2000,
+   Copyright (C) Elrond                                 2000.
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/* Opens a SMB connection to the SAMR pipe */
+
+struct cli_state *cli_samr_initialise(struct cli_state *cli, char *system_name,
+				      struct ntuser_creds *creds)
+{
+        return cli_pipe_initialise(cli, system_name, PIPE_SAMR, creds);
+}
+
+/* Connect to SAMR database */
+
+NTSTATUS cli_samr_connect(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+                          uint32 access_mask, POLICY_HND *connect_pol)
+{
+	prs_struct qbuf, rbuf;
+	SAMR_Q_CONNECT q;
+	SAMR_R_CONNECT r;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+	init_samr_q_connect(&q, cli->desthost, access_mask);
+
+	if (!samr_io_q_connect("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SAMR_CONNECT, &qbuf, &rbuf)) {
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!samr_io_r_connect("", &r, &rbuf, 0)) {
+		goto done;
+	}
+
+	/* Return output parameters */
+
+	if (NT_STATUS_IS_OK(result = r.status)) {
+		*connect_pol = r.connect_pol;
+#ifdef __INSURE__
+		connect_pol->marker = malloc(1);
+#endif
+	}
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/* Close SAMR handle */
+
+NTSTATUS cli_samr_close(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+                        POLICY_HND *connect_pol)
+{
+	prs_struct qbuf, rbuf;
+	SAMR_Q_CLOSE_HND q;
+	SAMR_R_CLOSE_HND r;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+	init_samr_q_close_hnd(&q, connect_pol);
+
+	if (!samr_io_q_close_hnd("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SAMR_CLOSE_HND, &qbuf, &rbuf)) {
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!samr_io_r_close_hnd("", &r, &rbuf, 0)) {
+		goto done;
+	}
+
+	/* Return output parameters */
+
+	if (NT_STATUS_IS_OK(result = r.status)) {
+#ifdef __INSURE__
+		SAFE_FREE(connect_pol->marker);
+#endif
+		*connect_pol = r.pol;
+	}
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/* Open handle on a domain */
+
+NTSTATUS cli_samr_open_domain(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+                              POLICY_HND *connect_pol, uint32 access_mask, 
+                              const DOM_SID *domain_sid, POLICY_HND *domain_pol)
+{
+	prs_struct qbuf, rbuf;
+	SAMR_Q_OPEN_DOMAIN q;
+	SAMR_R_OPEN_DOMAIN r;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+	init_samr_q_open_domain(&q, connect_pol, access_mask, domain_sid);
+
+	if (!samr_io_q_open_domain("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SAMR_OPEN_DOMAIN, &qbuf, &rbuf)) {
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!samr_io_r_open_domain("", &r, &rbuf, 0)) {
+		goto done;
+	}
+
+	/* Return output parameters */
+
+	if (NT_STATUS_IS_OK(result = r.status)) {
+		*domain_pol = r.domain_pol;
+#ifdef __INSURE__
+		domain_pol->marker = malloc(1);
+#endif
+	}
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/* Open handle on a user */
+
+NTSTATUS cli_samr_open_user(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+                            POLICY_HND *domain_pol, uint32 access_mask, 
+                            uint32 user_rid, POLICY_HND *user_pol)
+{
+	prs_struct qbuf, rbuf;
+	SAMR_Q_OPEN_USER q;
+	SAMR_R_OPEN_USER r;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+	init_samr_q_open_user(&q, domain_pol, access_mask, user_rid);
+
+	if (!samr_io_q_open_user("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SAMR_OPEN_USER, &qbuf, &rbuf)) {
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!samr_io_r_open_user("", &r, &rbuf, 0)) {
+		goto done;
+	}
+
+	/* Return output parameters */
+
+	if (NT_STATUS_IS_OK(result = r.status)) {
+		*user_pol = r.user_pol;
+#ifdef __INSURE__
+		user_pol->marker = malloc(1);
+#endif
+	}
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/* Open handle on a group */
+
+NTSTATUS cli_samr_open_group(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+                             POLICY_HND *domain_pol, uint32 access_mask, 
+                             uint32 group_rid, POLICY_HND *group_pol)
+{
+	prs_struct qbuf, rbuf;
+	SAMR_Q_OPEN_GROUP q;
+	SAMR_R_OPEN_GROUP r;
+	NTSTATUS result =  NT_STATUS_UNSUCCESSFUL;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+	init_samr_q_open_group(&q, domain_pol, access_mask, group_rid);
+
+	if (!samr_io_q_open_group("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SAMR_OPEN_GROUP, &qbuf, &rbuf)) {
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!samr_io_r_open_group("", &r, &rbuf, 0)) {
+		goto done;
+	}
+
+	/* Return output parameters */
+
+	if (NT_STATUS_IS_OK(result = r.status)) {
+		*group_pol = r.pol;
+#ifdef __INSURE__
+		group_pol->marker = malloc(1);
+#endif
+	}
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/* Query user info */
+
+NTSTATUS cli_samr_query_userinfo(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+                                 POLICY_HND *user_pol, uint16 switch_value, 
+                                 SAM_USERINFO_CTR **ctr)
+{
+	prs_struct qbuf, rbuf;
+	SAMR_Q_QUERY_USERINFO q;
+	SAMR_R_QUERY_USERINFO r;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+	init_samr_q_query_userinfo(&q, user_pol, switch_value);
+
+	if (!samr_io_q_query_userinfo("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SAMR_QUERY_USERINFO, &qbuf, &rbuf)) {
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!samr_io_r_query_userinfo("", &r, &rbuf, 0)) {
+		goto done;
+	}
+
+	/* Return output parameters */
+
+	result = r.status;
+	*ctr = r.ctr;
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/* Query group info */
+
+NTSTATUS cli_samr_query_groupinfo(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+                                  POLICY_HND *group_pol, uint32 info_level, 
+                                  GROUP_INFO_CTR *ctr)
+{
+	prs_struct qbuf, rbuf;
+	SAMR_Q_QUERY_GROUPINFO q;
+	SAMR_R_QUERY_GROUPINFO r;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+	init_samr_q_query_groupinfo(&q, group_pol, info_level);
+
+	if (!samr_io_q_query_groupinfo("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SAMR_QUERY_GROUPINFO, &qbuf, &rbuf)) {
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	r.ctr = ctr;
+
+	if (!samr_io_r_query_groupinfo("", &r, &rbuf, 0)) {
+		goto done;
+	}
+
+	/* Return output parameters */
+
+	result = r.status;
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/* Query user groups */
+
+NTSTATUS cli_samr_query_usergroups(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+                                   POLICY_HND *user_pol, uint32 *num_groups, 
+                                   DOM_GID **gid)
+{
+	prs_struct qbuf, rbuf;
+	SAMR_Q_QUERY_USERGROUPS q;
+	SAMR_R_QUERY_USERGROUPS r;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+	init_samr_q_query_usergroups(&q, user_pol);
+
+	if (!samr_io_q_query_usergroups("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SAMR_QUERY_USERGROUPS, &qbuf, &rbuf)) {
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!samr_io_r_query_usergroups("", &r, &rbuf, 0)) {
+		goto done;
+	}
+
+	/* Return output parameters */
+
+	if (NT_STATUS_IS_OK(result = r.status)) {
+		*num_groups = r.num_entries;
+		*gid = r.gid;
+	}
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/* Query user aliases */
+
+NTSTATUS cli_samr_query_useraliases(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+                                   POLICY_HND *user_pol, uint32 num_sids, DOM_SID2 *sid,
+				   uint32 *num_aliases, uint32 **als_rids)
+{
+	prs_struct qbuf, rbuf;
+	SAMR_Q_QUERY_USERALIASES q;
+	SAMR_R_QUERY_USERALIASES r;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	uint ptr=1;
+	
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+	init_samr_q_query_useraliases(&q, user_pol, num_sids, &ptr, sid);
+
+	if (!samr_io_q_query_useraliases("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SAMR_QUERY_USERALIASES, &qbuf, &rbuf)) {
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!samr_io_r_query_useraliases("", &r, &rbuf, 0)) {
+		goto done;
+	}
+
+	/* Return output parameters */
+
+	if (NT_STATUS_IS_OK(result = r.status)) {
+		*num_aliases = r.num_entries;
+		*als_rids = r.rid;
+	}
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/* Query user groups */
+
+NTSTATUS cli_samr_query_groupmem(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+                                 POLICY_HND *group_pol, uint32 *num_mem, 
+                                 uint32 **rid, uint32 **attr)
+{
+	prs_struct qbuf, rbuf;
+	SAMR_Q_QUERY_GROUPMEM q;
+	SAMR_R_QUERY_GROUPMEM r;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+	init_samr_q_query_groupmem(&q, group_pol);
+
+	if (!samr_io_q_query_groupmem("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SAMR_QUERY_GROUPMEM, &qbuf, &rbuf)) {
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!samr_io_r_query_groupmem("", &r, &rbuf, 0)) {
+		goto done;
+	}
+
+	/* Return output parameters */
+
+	if (NT_STATUS_IS_OK(result = r.status)) {
+		*num_mem = r.num_entries;
+		*rid = r.rid;
+		*attr = r.attr;
+	}
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/* Enumerate domain groups */
+
+NTSTATUS cli_samr_enum_dom_groups(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+                                  POLICY_HND *pol, uint32 *start_idx, 
+                                  uint32 size, struct acct_info **dom_groups,
+                                  uint32 *num_dom_groups)
+{
+	prs_struct qbuf, rbuf;
+	SAMR_Q_ENUM_DOM_GROUPS q;
+	SAMR_R_ENUM_DOM_GROUPS r;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	uint32 name_idx, i;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+	init_samr_q_enum_dom_groups(&q, pol, *start_idx, size);
+
+	if (!samr_io_q_enum_dom_groups("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SAMR_ENUM_DOM_GROUPS, &qbuf, &rbuf)) {
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!samr_io_r_enum_dom_groups("", &r, &rbuf, 0)) {
+		goto done;
+	}
+
+	/* Return output parameters */
+
+	result = r.status;
+
+	if (!NT_STATUS_IS_OK(result) &&
+	    NT_STATUS_V(result) != NT_STATUS_V(STATUS_MORE_ENTRIES)) {
+		goto done;
+	}
+
+	*num_dom_groups = r.num_entries2;
+
+	if (!((*dom_groups) = (struct acct_info *)
+	      talloc(mem_ctx, sizeof(struct acct_info) * *num_dom_groups))) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	memset(*dom_groups, 0, sizeof(struct acct_info) * *num_dom_groups);
+
+	name_idx = 0;
+
+	for (i = 0; i < *num_dom_groups; i++) {
+
+		(*dom_groups)[i].rid = r.sam[i].rid;
+
+		if (r.sam[i].hdr_name.buffer) {
+			unistr2_to_ascii((*dom_groups)[i].acct_name,
+					 &r.uni_grp_name[name_idx],
+					 sizeof(fstring) - 1);
+			name_idx++;
+		}
+
+		*start_idx = r.next_idx;
+	}
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/* Enumerate domain groups */
+
+NTSTATUS cli_samr_enum_als_groups(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+                                  POLICY_HND *pol, uint32 *start_idx, 
+                                  uint32 size, struct acct_info **dom_groups,
+                                  uint32 *num_dom_groups)
+{
+	prs_struct qbuf, rbuf;
+	SAMR_Q_ENUM_DOM_ALIASES q;
+	SAMR_R_ENUM_DOM_ALIASES r;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	uint32 name_idx, i;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+	init_samr_q_enum_dom_aliases(&q, pol, *start_idx, size);
+
+	if (!samr_io_q_enum_dom_aliases("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SAMR_ENUM_DOM_ALIASES, &qbuf, &rbuf)) {
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!samr_io_r_enum_dom_aliases("", &r, &rbuf, 0)) {
+		goto done;
+	}
+
+	/* Return output parameters */
+
+	result = r.status;
+
+	if (!NT_STATUS_IS_OK(result) &&
+	    NT_STATUS_V(result) != NT_STATUS_V(STATUS_MORE_ENTRIES)) {
+		goto done;
+	}
+
+	*num_dom_groups = r.num_entries2;
+
+	if (!((*dom_groups) = (struct acct_info *)
+	      talloc(mem_ctx, sizeof(struct acct_info) * *num_dom_groups))) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	memset(*dom_groups, 0, sizeof(struct acct_info) * *num_dom_groups);
+
+	name_idx = 0;
+
+	for (i = 0; i < *num_dom_groups; i++) {
+
+		(*dom_groups)[i].rid = r.sam[i].rid;
+
+		if (r.sam[i].hdr_name.buffer) {
+			unistr2_to_ascii((*dom_groups)[i].acct_name,
+					 &r.uni_grp_name[name_idx],
+					 sizeof(fstring) - 1);
+			name_idx++;
+		}
+
+		*start_idx = r.next_idx;
+	}
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/* Query alias members */
+
+NTSTATUS cli_samr_query_aliasmem(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+                                 POLICY_HND *alias_pol, uint32 *num_mem, 
+                                 DOM_SID **sids)
+{
+	prs_struct qbuf, rbuf;
+	SAMR_Q_QUERY_ALIASMEM q;
+	SAMR_R_QUERY_ALIASMEM r;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	uint32 i;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+	init_samr_q_query_aliasmem(&q, alias_pol);
+
+	if (!samr_io_q_query_aliasmem("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SAMR_QUERY_ALIASMEM, &qbuf, &rbuf)) {
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!samr_io_r_query_aliasmem("", &r, &rbuf, 0)) {
+		goto done;
+	}
+
+	/* Return output parameters */
+
+	if (!NT_STATUS_IS_OK(result = r.status)) {
+		goto done;
+	}
+
+	*num_mem = r.num_sids;
+
+	if (!(*sids = talloc(mem_ctx, sizeof(DOM_SID) * *num_mem))) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	for (i = 0; i < *num_mem; i++) {
+		(*sids)[i] = r.sid[i].sid;
+	}
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/* Open handle on an alias */
+
+NTSTATUS cli_samr_open_alias(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+                             POLICY_HND *domain_pol, uint32 access_mask, 
+                             uint32 alias_rid, POLICY_HND *alias_pol)
+{
+	prs_struct qbuf, rbuf;
+	SAMR_Q_OPEN_ALIAS q;
+	SAMR_R_OPEN_ALIAS r;
+	NTSTATUS result;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+	init_samr_q_open_alias(&q, domain_pol, access_mask, alias_rid);
+
+	if (!samr_io_q_open_alias("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SAMR_OPEN_ALIAS, &qbuf, &rbuf)) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!samr_io_r_open_alias("", &r, &rbuf, 0)) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	/* Return output parameters */
+
+	if (NT_STATUS_IS_OK(result = r.status)) {
+		*alias_pol = r.pol;
+#ifdef __INSURE__
+		alias_pol->marker = malloc(1);
+#endif
+	}
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/* Query domain info */
+
+NTSTATUS cli_samr_query_dom_info(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+                                 POLICY_HND *domain_pol, uint16 switch_value,
+                                 SAM_UNK_CTR *ctr)
+{
+	prs_struct qbuf, rbuf;
+	SAMR_Q_QUERY_DOMAIN_INFO q;
+	SAMR_R_QUERY_DOMAIN_INFO r;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+	init_samr_q_query_dom_info(&q, domain_pol, switch_value);
+
+	if (!samr_io_q_query_dom_info("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SAMR_QUERY_DOMAIN_INFO, &qbuf, &rbuf)) {
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	r.ctr = ctr;
+
+	if (!samr_io_r_query_dom_info("", &r, &rbuf, 0)) {
+		goto done;
+	}
+
+	/* Return output parameters */
+
+	if (!NT_STATUS_IS_OK(result = r.status)) {
+		goto done;
+	}
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/* Query display info */
+
+NTSTATUS cli_samr_query_dispinfo(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+                                 POLICY_HND *domain_pol, uint32 *start_idx,
+                                 uint16 switch_value, uint32 *num_entries,
+                                 uint32 max_entries, SAM_DISPINFO_CTR *ctr)
+{
+	prs_struct qbuf, rbuf;
+	SAMR_Q_QUERY_DISPINFO q;
+	SAMR_R_QUERY_DISPINFO r;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+	init_samr_q_query_dispinfo(&q, domain_pol, switch_value,
+				   *start_idx, max_entries);
+
+	if (!samr_io_q_query_dispinfo("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SAMR_QUERY_DISPINFO, &qbuf, &rbuf)) {
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	r.ctr = ctr;
+
+	if (!samr_io_r_query_dispinfo("", &r, &rbuf, 0)) {
+		goto done;
+	}
+
+	/* Return output parameters */
+
+        result = r.status;
+
+	if (!NT_STATUS_IS_OK(result) &&
+	    NT_STATUS_V(result) != NT_STATUS_V(STATUS_MORE_ENTRIES)) {
+		goto done;
+	}
+
+	*num_entries = r.num_entries;
+	*start_idx += r.num_entries;  /* No next_idx in this structure! */
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/* Lookup rids.  Note that NT4 seems to crash if more than ~1000 rids are
+   looked up in one packet. */
+
+NTSTATUS cli_samr_lookup_rids(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+                              POLICY_HND *domain_pol, uint32 flags,
+                              uint32 num_rids, uint32 *rids, 
+                              uint32 *num_names, char ***names,
+                              uint32 **name_types)
+{
+	prs_struct qbuf, rbuf;
+	SAMR_Q_LOOKUP_RIDS q;
+	SAMR_R_LOOKUP_RIDS r;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	uint32 i;
+
+        if (num_rids > 1000) {
+                DEBUG(2, ("cli_samr_lookup_rids: warning: NT4 can crash if "
+                          "more than ~1000 rids are looked up at once.\n"));
+        }
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+	init_samr_q_lookup_rids(mem_ctx, &q, domain_pol, flags,
+				num_rids, rids);
+
+	if (!samr_io_q_lookup_rids("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SAMR_LOOKUP_RIDS, &qbuf, &rbuf)) {
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!samr_io_r_lookup_rids("", &r, &rbuf, 0)) {
+		goto done;
+	}
+
+	/* Return output parameters */
+
+	if (!NT_STATUS_IS_OK(result = r.status)) {
+		goto done;
+	}
+
+	if (r.num_names1 == 0) {
+		*num_names = 0;
+		*names = NULL;
+		goto done;
+	}
+
+	*num_names = r.num_names1;
+	*names = talloc(mem_ctx, sizeof(char *) * r.num_names1);
+	*name_types = talloc(mem_ctx, sizeof(uint32) * r.num_names1);
+
+	for (i = 0; i < r.num_names1; i++) {
+		fstring tmp;
+
+		unistr2_to_ascii(tmp, &r.uni_name[i], sizeof(tmp) - 1);
+		(*names)[i] = talloc_strdup(mem_ctx, tmp);
+		(*name_types)[i] = r.type[i];
+	}
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/* Lookup names */
+
+NTSTATUS cli_samr_lookup_names(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+                               POLICY_HND *domain_pol, uint32 flags,
+                               uint32 num_names, char **names,
+                               uint32 *num_rids, uint32 **rids,
+                               uint32 **rid_types)
+{
+	prs_struct qbuf, rbuf;
+	SAMR_Q_LOOKUP_NAMES q;
+	SAMR_R_LOOKUP_NAMES r;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	uint32 i;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+	init_samr_q_lookup_names(mem_ctx, &q, domain_pol, flags,
+				 num_names, names);
+
+	if (!samr_io_q_lookup_names("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SAMR_LOOKUP_NAMES, &qbuf, &rbuf)) {
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!samr_io_r_lookup_names("", &r, &rbuf, 0)) {
+		goto done;
+	}
+
+	/* Return output parameters */
+
+	if (!NT_STATUS_IS_OK(result = r.status)) {
+		goto done;
+	}
+
+	if (r.num_rids1 == 0) {
+		*num_rids = 0;
+		goto done;
+	}
+
+	*num_rids = r.num_rids1;
+	*rids = talloc(mem_ctx, sizeof(uint32) * r.num_rids1);
+	*rid_types = talloc(mem_ctx, sizeof(uint32) * r.num_rids1);
+
+	for (i = 0; i < r.num_rids1; i++) {
+		(*rids)[i] = r.rids[i];
+		(*rid_types)[i] = r.types[i];
+	}
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/* Create a domain user */
+
+NTSTATUS cli_samr_create_dom_user(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+                                  POLICY_HND *domain_pol, const char *acct_name,
+                                  uint32 acb_info, uint32 unknown, 
+                                  POLICY_HND *user_pol, uint32 *rid)
+{
+	prs_struct qbuf, rbuf;
+	SAMR_Q_CREATE_USER q;
+	SAMR_R_CREATE_USER r;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+	init_samr_q_create_user(&q, domain_pol, acct_name, acb_info, unknown);
+
+	if (!samr_io_q_create_user("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SAMR_CREATE_USER, &qbuf, &rbuf)) {
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!samr_io_r_create_user("", &r, &rbuf, 0)) {
+		goto done;
+	}
+
+	/* Return output parameters */
+
+	if (!NT_STATUS_IS_OK(result = r.status)) {
+		goto done;
+	}
+
+	if (user_pol)
+		*user_pol = r.user_pol;
+
+	if (rid)
+		*rid = r.user_rid;
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/* Set userinfo */
+
+NTSTATUS cli_samr_set_userinfo(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+                               POLICY_HND *user_pol, uint16 switch_value,
+                               uchar sess_key[16], SAM_USERINFO_CTR *ctr)
+{
+	prs_struct qbuf, rbuf;
+	SAMR_Q_SET_USERINFO q;
+	SAMR_R_SET_USERINFO r;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+	q.ctr = ctr;
+
+	init_samr_q_set_userinfo(&q, user_pol, sess_key, switch_value, 
+				 ctr->info.id);
+
+	if (!samr_io_q_set_userinfo("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SAMR_SET_USERINFO, &qbuf, &rbuf)) {
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!samr_io_r_set_userinfo("", &r, &rbuf, 0)) {
+		goto done;
+	}
+
+	/* Return output parameters */
+
+	if (!NT_STATUS_IS_OK(result = r.status)) {
+		goto done;
+	}
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/* Set userinfo2 */
+
+NTSTATUS cli_samr_set_userinfo2(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+                                POLICY_HND *user_pol, uint16 switch_value,
+                                uchar sess_key[16], SAM_USERINFO_CTR *ctr)
+{
+	prs_struct qbuf, rbuf;
+	SAMR_Q_SET_USERINFO2 q;
+	SAMR_R_SET_USERINFO2 r;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+	init_samr_q_set_userinfo2(&q, user_pol, sess_key, switch_value, ctr);
+
+	if (!samr_io_q_set_userinfo2("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SAMR_SET_USERINFO2, &qbuf, &rbuf)) {
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!samr_io_r_set_userinfo2("", &r, &rbuf, 0)) {
+		goto done;
+	}
+
+	/* Return output parameters */
+
+	if (!NT_STATUS_IS_OK(result = r.status)) {
+		goto done;
+	}
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/* Delete domain user */
+
+NTSTATUS cli_samr_delete_dom_user(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+                                  POLICY_HND *user_pol)
+{
+	prs_struct qbuf, rbuf;
+	SAMR_Q_DELETE_DOM_USER q;
+	SAMR_R_DELETE_DOM_USER r;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+	init_samr_q_delete_dom_user(&q, user_pol);
+
+	if (!samr_io_q_delete_dom_user("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SAMR_DELETE_DOM_USER, &qbuf, &rbuf)) {
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!samr_io_r_delete_dom_user("", &r, &rbuf, 0)) {
+		goto done;
+	}
+
+	/* Return output parameters */
+
+	result = r.status;
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/* Query user security object */
+
+NTSTATUS cli_samr_query_sec_obj(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+                                 POLICY_HND *user_pol, uint16 switch_value, 
+                                 TALLOC_CTX *ctx, SEC_DESC_BUF **sec_desc_buf)
+{
+	prs_struct qbuf, rbuf;
+	SAMR_Q_QUERY_SEC_OBJ q;
+	SAMR_R_QUERY_SEC_OBJ r;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+	init_samr_q_query_sec_obj(&q, user_pol, switch_value);
+
+	if (!samr_io_q_query_sec_obj("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SAMR_QUERY_SEC_OBJECT, &qbuf, &rbuf)) {
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!samr_io_r_query_sec_obj("", &r, &rbuf, 0)) {
+		goto done;
+	}
+
+	/* Return output parameters */
+
+	result = r.status;
+	*sec_desc_buf=dup_sec_desc_buf(ctx, r.buf);
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
diff --git a/source3/libsmb/cli_spoolss.c b/source3/libsmb/cli_spoolss.c
new file mode 100644
index 0000000000..cf356ef815
--- /dev/null
+++ b/source3/libsmb/cli_spoolss.c
@@ -0,0 +1,1590 @@
+/*
+   Unix SMB/CIFS implementation.
+   RPC pipe client
+
+   Copyright (C) Gerald Carter                2001-2002,
+   Copyright (C) Tim Potter                   2000-2002,
+   Copyright (C) Andrew Tridgell              1994-2000,
+   Copyright (C) Luke Kenneth Casson Leighton 1996-2000,
+   Copyright (C) Jean-Francois Micouleau      1999-2000.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/** @defgroup spoolss SPOOLSS - NT printing routines
+ *  @ingroup rpc_client
+ *
+ * @{
+ **/
+
+/** Opens a SMB connection and connects to the SPOOLSS pipe.
+ *
+ * @param cli Uninitialised client handle.
+ * @param system_name NETBIOS name of the machine to connect to.
+ * @param creds User credentials to connect as.
+ * @returns Initialised client handle.
+ */
+struct cli_state *cli_spoolss_initialise(struct cli_state *cli,
+					 char *system_name,
+					 struct ntuser_creds *creds)
+{
+        return cli_pipe_initialise(cli, system_name, PIPE_SPOOLSS, creds);
+}
+
+/**********************************************************************
+ Initialize a new spoolss buff for use by a client rpc
+**********************************************************************/
+static void init_buffer(NEW_BUFFER *buffer, uint32 size, TALLOC_CTX *ctx)
+{
+	buffer->ptr = (size != 0);
+	buffer->size = size;
+	buffer->string_at_end = size;
+	prs_init(&buffer->prs, size, ctx, MARSHALL);
+	buffer->struct_start = prs_offset(&buffer->prs);
+}
+
+/*********************************************************************
+ Decode various spoolss rpc's and info levels
+ ********************************************************************/
+
+/**********************************************************************
+**********************************************************************/
+static void decode_printer_info_0(TALLOC_CTX *mem_ctx, NEW_BUFFER *buffer,
+				uint32 returned, PRINTER_INFO_0 **info)
+{
+        uint32 i;
+        PRINTER_INFO_0  *inf;
+
+        inf=(PRINTER_INFO_0 *)talloc(mem_ctx, returned*sizeof(PRINTER_INFO_0));
+
+        buffer->prs.data_offset=0;
+
+        for (i=0; i<returned; i++) {
+                smb_io_printer_info_0("", buffer, &inf[i], 0);
+        }
+
+        *info=inf;
+}
+
+/**********************************************************************
+**********************************************************************/
+static void decode_printer_info_1(TALLOC_CTX *mem_ctx, NEW_BUFFER *buffer,
+				uint32 returned, PRINTER_INFO_1 **info)
+{
+        uint32 i;
+        PRINTER_INFO_1  *inf;
+
+        inf=(PRINTER_INFO_1 *)talloc(mem_ctx, returned*sizeof(PRINTER_INFO_1));
+
+        buffer->prs.data_offset=0;
+
+        for (i=0; i<returned; i++) {
+                smb_io_printer_info_1("", buffer, &inf[i], 0);
+        }
+
+        *info=inf;
+}
+
+/**********************************************************************
+**********************************************************************/
+static void decode_printer_info_2(TALLOC_CTX *mem_ctx, NEW_BUFFER *buffer, 
+				uint32 returned, PRINTER_INFO_2 **info)
+{
+        uint32 i;
+        PRINTER_INFO_2  *inf;
+
+        inf=(PRINTER_INFO_2 *)talloc(mem_ctx, returned*sizeof(PRINTER_INFO_2));
+
+        buffer->prs.data_offset=0;
+
+        for (i=0; i<returned; i++) {
+		/* a little initialization as we go */
+		inf[i].secdesc = NULL;
+                smb_io_printer_info_2("", buffer, &inf[i], 0);
+        }
+
+        *info=inf;
+}
+
+/**********************************************************************
+**********************************************************************/
+static void decode_printer_info_3(TALLOC_CTX *mem_ctx, NEW_BUFFER *buffer, 
+				uint32 returned, PRINTER_INFO_3 **info)
+{
+        uint32 i;
+        PRINTER_INFO_3  *inf;
+
+        inf=(PRINTER_INFO_3 *)talloc(mem_ctx, returned*sizeof(PRINTER_INFO_3));
+
+        buffer->prs.data_offset=0;
+
+        for (i=0; i<returned; i++) {
+		inf[i].secdesc = NULL;
+                smb_io_printer_info_3("", buffer, &inf[i], 0);
+        }
+
+        *info=inf;
+}
+
+/**********************************************************************
+**********************************************************************/
+static void decode_port_info_1(TALLOC_CTX *mem_ctx, NEW_BUFFER *buffer, 
+			uint32 returned, PORT_INFO_1 **info)
+{
+        uint32 i;
+        PORT_INFO_1 *inf;
+
+        inf=(PORT_INFO_1*)talloc(mem_ctx, returned*sizeof(PORT_INFO_1));
+
+        prs_set_offset(&buffer->prs, 0);
+
+        for (i=0; i<returned; i++) {
+                smb_io_port_info_1("", buffer, &(inf[i]), 0);
+        }
+
+        *info=inf;
+}
+
+/**********************************************************************
+**********************************************************************/
+static void decode_port_info_2(TALLOC_CTX *mem_ctx, NEW_BUFFER *buffer, 
+			uint32 returned, PORT_INFO_2 **info)
+{
+        uint32 i;
+        PORT_INFO_2 *inf;
+
+        inf=(PORT_INFO_2*)talloc(mem_ctx, returned*sizeof(PORT_INFO_2));
+
+        prs_set_offset(&buffer->prs, 0);
+
+        for (i=0; i<returned; i++) {
+                smb_io_port_info_2("", buffer, &(inf[i]), 0);
+        }
+
+        *info=inf;
+}
+
+/**********************************************************************
+**********************************************************************/
+static void decode_printer_driver_1(TALLOC_CTX *mem_ctx, NEW_BUFFER *buffer, 
+			uint32 returned, DRIVER_INFO_1 **info)
+{
+        uint32 i;
+        DRIVER_INFO_1 *inf;
+
+        inf=(DRIVER_INFO_1 *)talloc(mem_ctx, returned*sizeof(DRIVER_INFO_1));
+
+        buffer->prs.data_offset=0;
+
+        for (i=0; i<returned; i++) {
+                smb_io_printer_driver_info_1("", buffer, &(inf[i]), 0);
+        }
+
+        *info=inf;
+}
+
+/**********************************************************************
+**********************************************************************/
+static void decode_printer_driver_2(TALLOC_CTX *mem_ctx, NEW_BUFFER *buffer, 
+			uint32 returned, DRIVER_INFO_2 **info)
+{
+        uint32 i;
+        DRIVER_INFO_2 *inf;
+
+        inf=(DRIVER_INFO_2 *)talloc(mem_ctx, returned*sizeof(DRIVER_INFO_2));
+
+        buffer->prs.data_offset=0;
+
+        for (i=0; i<returned; i++) {
+                smb_io_printer_driver_info_2("", buffer, &(inf[i]), 0);
+        }
+
+        *info=inf;
+}
+
+/**********************************************************************
+**********************************************************************/
+static void decode_printer_driver_3(TALLOC_CTX *mem_ctx, NEW_BUFFER *buffer, 
+			uint32 returned, DRIVER_INFO_3 **info)
+{
+        uint32 i;
+        DRIVER_INFO_3 *inf;
+
+        inf=(DRIVER_INFO_3 *)talloc(mem_ctx, returned*sizeof(DRIVER_INFO_3));
+
+        buffer->prs.data_offset=0;
+
+        for (i=0; i<returned; i++) {
+                smb_io_printer_driver_info_3("", buffer, &(inf[i]), 0);
+        }
+
+        *info=inf;
+}
+
+/**********************************************************************
+**********************************************************************/
+static void decode_printerdriverdir_1 (TALLOC_CTX *mem_ctx, NEW_BUFFER *buffer,
+			uint32 returned, DRIVER_DIRECTORY_1 **info
+)
+{
+	DRIVER_DIRECTORY_1 *inf;
+ 
+        inf=(DRIVER_DIRECTORY_1 *)talloc(mem_ctx, sizeof(DRIVER_DIRECTORY_1));
+
+        prs_set_offset(&buffer->prs, 0);
+
+        smb_io_driverdir_1("", buffer, inf, 0);
+ 
+	*info=inf;
+}
+
+/** Return a handle to the specified printer or print server.
+ *
+ * @param cli              Pointer to client state structure which is open
+ * on the SPOOLSS pipe.
+ *
+ * @param mem_ctx          Pointer to an initialised talloc context.
+ *
+ * @param printername      The name of the printer or print server to be
+ * opened in UNC format.
+ *
+ * @param datatype         Specifies the default data type for the printer.
+ *
+ * @param access_required  The access rights requested on the printer or
+ * print server.
+ *
+ * @param station          The UNC name of the requesting workstation.
+ *
+ * @param username         The name of the user requesting the open.
+ *
+ * @param pol              Returned policy handle.
+ */
+
+/*********************************************************************************
+ Win32 API - OpenPrinter()
+ ********************************************************************************/
+
+WERROR cli_spoolss_open_printer_ex(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+				char *printername, char *datatype, uint32 access_required,
+				char *station, char *username, POLICY_HND *pol)
+{
+	prs_struct qbuf, rbuf;
+	SPOOL_Q_OPEN_PRINTER_EX q;
+	SPOOL_R_OPEN_PRINTER_EX r;
+	WERROR result = W_ERROR(ERRgeneral);
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Initialise input parameters */
+
+        make_spoolss_q_open_printer_ex(&q, printername, datatype,
+                                       access_required, station, username);
+
+	/* Marshall data and send request */
+
+	if (!spoolss_io_q_open_printer_ex("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SPOOLSS_OPENPRINTEREX, &qbuf, &rbuf))
+		goto done;
+
+	/* Unmarshall response */
+
+	if (!spoolss_io_r_open_printer_ex("", &r, &rbuf, 0))
+		goto done;
+
+	/* Return output parameters */
+
+	result = r.status;
+
+	if (W_ERROR_IS_OK(result))
+		*pol = r.handle;
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/** Close a printer handle
+ *
+ * @param cli              Pointer to client state structure which is open
+ * on the SPOOLSS pipe.
+ *
+ * @param mem_ctx          Pointer to an initialised talloc context.
+ *
+ * @param pol              Policy handle of printer or print server to close.
+ */
+/*********************************************************************************
+ Win32 API - ClosePrinter()
+ ********************************************************************************/
+
+WERROR cli_spoolss_close_printer(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+				 POLICY_HND *pol)
+{
+	prs_struct qbuf, rbuf;
+	SPOOL_Q_CLOSEPRINTER q;
+	SPOOL_R_CLOSEPRINTER r;
+	WERROR result = W_ERROR(ERRgeneral);
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Initialise input parameters */
+
+        make_spoolss_q_closeprinter(&q, pol);
+
+	/* Marshall data and send request */
+
+	if (!spoolss_io_q_closeprinter("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SPOOLSS_CLOSEPRINTER, &qbuf, &rbuf))
+		goto done;
+
+	/* Unmarshall response */
+
+	if (!spoolss_io_r_closeprinter("", &r, &rbuf, 0))
+		goto done;
+
+	/* Return output parameters */
+
+	result = r.status;
+
+	if (W_ERROR_IS_OK(result))
+		*pol = r.handle;
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/** Enumerate printers on a print server.
+ *
+ * @param cli              Pointer to client state structure which is open
+ *                         on the SPOOLSS pipe.
+ * @param mem_ctx          Pointer to an initialised talloc context.
+ *
+ * @param offered          Buffer size offered in the request.
+ * @param needed           Number of bytes needed to complete the request.
+ *                         may be NULL.
+ *
+ * @param flags            Selected from PRINTER_ENUM_* flags.
+ * @param level            Request information level.
+ *
+ * @param num_printers     Pointer to number of printers returned.  May be
+ *                         NULL.
+ * @param ctr              Return structure for printer information.  May
+ *                         be NULL.
+ */
+/*********************************************************************************
+ Win32 API - EnumPrinters()
+ ********************************************************************************/
+
+WERROR cli_spoolss_enum_printers(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+				 uint32 offered, uint32 *needed,
+				 uint32 flags, uint32 level,
+				 uint32 *num_printers, PRINTER_INFO_CTR *ctr)
+{
+	prs_struct qbuf, rbuf;
+	SPOOL_Q_ENUMPRINTERS q;
+        SPOOL_R_ENUMPRINTERS r;
+	NEW_BUFFER buffer;
+	WERROR result = W_ERROR(ERRgeneral);
+	fstring server;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	fstrcpy (server, cli->desthost);
+	strupper (server);
+	
+	/* Initialise input parameters */
+
+	init_buffer(&buffer, offered, mem_ctx);
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	make_spoolss_q_enumprinters(&q, flags, server, level, &buffer, 
+				    offered);
+
+	/* Marshall data and send request */
+	
+	if (!spoolss_io_q_enumprinters("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SPOOLSS_ENUMPRINTERS, &qbuf, &rbuf))
+		goto done;
+
+	/* Unmarshall response */
+
+	if (spoolss_io_r_enumprinters("", &r, &rbuf, 0)) {
+		if (needed)
+			*needed = r.needed;
+	}
+	
+	result = r.status;
+
+	/* Return output parameters */
+
+	if (!W_ERROR_IS_OK(r.status))
+		goto done;
+
+	if (num_printers)
+		*num_printers = r.returned;
+
+	if (!ctr)
+		goto done;
+
+	switch (level) {
+	case 0:
+		decode_printer_info_0(mem_ctx, r.buffer, r.returned, 
+				      &ctr->printers_0);
+		break;
+	case 1:
+		decode_printer_info_1(mem_ctx, r.buffer, r.returned, 
+				      &ctr->printers_1);
+		break;
+	case 2:
+		decode_printer_info_2(mem_ctx, r.buffer, r.returned, 
+				      &ctr->printers_2);
+		break;
+	case 3:
+		decode_printer_info_3(mem_ctx, r.buffer, r.returned, 
+				      &ctr->printers_3);
+		break;
+	}			
+	
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;	
+}
+
+/*********************************************************************************
+ Win32 API - EnumPorts()
+ ********************************************************************************/
+/** Enumerate printer ports on a print server.
+ *
+ * @param cli              Pointer to client state structure which is open
+ *                         on the SPOOLSS pipe.
+ * @param mem_ctx          Pointer to an initialised talloc context.
+ *
+ * @param offered          Buffer size offered in the request.
+ * @param needed           Number of bytes needed to complete the request.
+ *                         May be NULL.
+ *
+ * @param level            Requested information level.
+ *
+ * @param num_ports        Pointer to number of ports returned.  May be NULL.
+ * @param ctr              Pointer to structure holding port information.
+ *                         May be NULL.
+ */
+
+WERROR cli_spoolss_enum_ports(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+			      uint32 offered, uint32 *needed,
+			      uint32 level, int *num_ports, PORT_INFO_CTR *ctr)
+{
+	prs_struct qbuf, rbuf;
+	SPOOL_Q_ENUMPORTS q;
+        SPOOL_R_ENUMPORTS r;
+	NEW_BUFFER buffer;
+	WERROR result = W_ERROR(ERRgeneral);
+	fstring server;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+        slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
+        strupper (server);
+
+	/* Initialise input parameters */
+	
+	init_buffer(&buffer, offered, mem_ctx);
+	
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+	
+	make_spoolss_q_enumports(&q, server, level, &buffer, offered);
+	
+	/* Marshall data and send request */
+
+	if (!spoolss_io_q_enumports("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SPOOLSS_ENUMPORTS, &qbuf, &rbuf))
+		goto done;
+
+	/* Unmarshall response */
+
+	if (spoolss_io_r_enumports("", &r, &rbuf, 0)) {
+		if (needed)
+			*needed = r.needed;
+	}
+		
+	result = r.status;
+
+	/* Return output parameters */
+
+	if (!W_ERROR_IS_OK(result))
+		goto done;
+
+	if (num_ports)
+		*num_ports = r.returned;
+
+	if (!ctr)
+		goto done;
+	
+	switch (level) {
+	case 1:
+		decode_port_info_1(mem_ctx, r.buffer, r.returned, 
+				   &ctr->port.info_1);
+		break;
+	case 2:
+		decode_port_info_2(mem_ctx, r.buffer, r.returned, 
+				   &ctr->port.info_2);
+		break;
+	}			
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+	
+	return result;	
+}
+
+/*********************************************************************************
+ Win32 API - GetPrinter()
+ ********************************************************************************/
+
+WERROR cli_spoolss_getprinter(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+			      uint32 offered, uint32 *needed,
+			      POLICY_HND *pol, uint32 level, 
+			      PRINTER_INFO_CTR *ctr)
+{
+	prs_struct qbuf, rbuf;
+	SPOOL_Q_GETPRINTER q;
+	SPOOL_R_GETPRINTER r;
+	NEW_BUFFER buffer;
+	WERROR result = W_ERROR(ERRgeneral);
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise input parameters */
+
+	init_buffer(&buffer, offered, mem_ctx);
+	
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	make_spoolss_q_getprinter(mem_ctx, &q, pol, level, &buffer, offered);
+	
+	/* Marshall data and send request */
+
+	if (!spoolss_io_q_getprinter("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SPOOLSS_GETPRINTER, &qbuf, &rbuf))
+		goto done;
+
+	/* Unmarshall response */
+
+	if (!spoolss_io_r_getprinter("", &r, &rbuf, 0))
+		goto done;
+
+	if (needed)
+		*needed = r.needed;
+	
+	/* Return output parameters */
+
+	result = r.status;
+
+	if (NT_STATUS_IS_OK(result)) {
+		switch (level) {
+		case 0:
+			decode_printer_info_0(mem_ctx, r.buffer, 1, &ctr->printers_0);
+			break;
+		case 1:
+			decode_printer_info_1(mem_ctx, r.buffer, 1, &ctr->printers_1);
+			break;
+		case 2:
+			decode_printer_info_2(mem_ctx, r.buffer, 1, &ctr->printers_2);
+			break;
+		case 3:
+			decode_printer_info_3(mem_ctx, r.buffer, 1, &ctr->printers_3);
+			break;
+		}			
+	}
+	
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;	
+}
+
+/*********************************************************************************
+ Win32 API - SetPrinter()
+ ********************************************************************************/
+/** Set printer info 
+ *
+ * @param cli              Pointer to client state structure which is open
+ *                         on the SPOOLSS pipe.
+ * @param mem_ctx          Pointer to an initialised talloc context.
+ *
+ * @param pol              Policy handle on printer to set info.
+ * @param level            Information level to set.
+ * @param ctr              Pointer to structure holding printer information.
+ * @param command          Specifies the action performed.  See
+ * http://msdn.microsoft.com/library/default.asp?url=/library/en-us/gdi/prntspol_13ua.asp 
+ * for details.
+ *
+ */
+
+WERROR cli_spoolss_setprinter(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+			      POLICY_HND *pol, uint32 level, 
+			      PRINTER_INFO_CTR *ctr, uint32 command)
+{
+	prs_struct qbuf, rbuf;
+	SPOOL_Q_SETPRINTER q;
+	SPOOL_R_SETPRINTER r;
+	WERROR result = W_ERROR(ERRgeneral);
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise input parameters */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+		
+	make_spoolss_q_setprinter(mem_ctx, &q, pol, level, ctr, command);
+
+	/* Marshall data and send request */
+
+	if (!spoolss_io_q_setprinter("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SPOOLSS_SETPRINTER, &qbuf, &rbuf))
+		goto done;
+
+	/* Unmarshall response */
+
+	if (!spoolss_io_r_setprinter("", &r, &rbuf, 0))
+		goto done;
+	
+	result = r.status;
+
+done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;	
+}
+
+/*********************************************************************************
+ Win32 API - GetPrinterDriver()
+ ********************************************************************************/
+/** Get installed printer drivers for a given printer
+ *
+ * @param cli              Pointer to client state structure which is open
+ * on the SPOOLSS pipe.
+ *
+ * @param mem_ctx          Pointer to an initialised talloc context.
+ *
+ * @param offered          Buffer size offered in the request.
+ * @param needed           Number of bytes needed to complete the request.
+ *                         may be NULL.
+ *
+ * @param pol              Pointer to an open policy handle for the printer
+ *                         opened with cli_spoolss_open_printer_ex().
+ * @param level            Requested information level.
+ * @param env              The print environment or archictecture.  This is
+ *                         "Windows NT x86" for NT4.
+ * @param ctr              Returned printer driver information.
+ */
+
+WERROR cli_spoolss_getprinterdriver(struct cli_state *cli, 
+				    TALLOC_CTX *mem_ctx, 
+				    uint32 offered, uint32 *needed,
+				    POLICY_HND *pol, uint32 level, 
+				    char *env, PRINTER_DRIVER_CTR *ctr)
+{
+	prs_struct qbuf, rbuf;
+	SPOOL_Q_GETPRINTERDRIVER2 q;
+        SPOOL_R_GETPRINTERDRIVER2 r;
+	NEW_BUFFER buffer;
+	WERROR result = W_ERROR(ERRgeneral);
+	fstring server;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	fstrcpy (server, cli->desthost);
+	strupper (server);
+
+	/* Initialise input parameters */
+
+	init_buffer(&buffer, offered, mem_ctx);
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	make_spoolss_q_getprinterdriver2(&q, pol, env, level, 2, 2,
+					 &buffer, offered);
+
+	/* Marshall data and send request */
+
+	if (!spoolss_io_q_getprinterdriver2 ("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req (cli, SPOOLSS_GETPRINTERDRIVER2, &qbuf, &rbuf)) 
+		goto done;
+
+	/* Unmarshall response */
+
+	if (spoolss_io_r_getprinterdriver2 ("", &r, &rbuf, 0)) {
+		if (needed)
+			*needed = r.needed;
+	}
+
+	result = r.status;
+
+	/* Return output parameters */
+
+	if (!W_ERROR_IS_OK(result))
+		goto done;
+
+	if (!ctr)
+		goto done;
+
+	switch (level) {
+	case 1:
+		decode_printer_driver_1(mem_ctx, r.buffer, 1, &ctr->info1);
+		break;
+	case 2:
+		decode_printer_driver_2(mem_ctx, r.buffer, 1, &ctr->info2);
+		break;
+	case 3:
+		decode_printer_driver_3(mem_ctx, r.buffer, 1, &ctr->info3);
+		break;
+	}
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+		
+	return result;	
+}
+
+/*********************************************************************************
+ Win32 API - EnumPrinterDrivers()
+ ********************************************************************************/
+/**********************************************************************
+ * Get installed printer drivers for a given printer
+ */
+WERROR cli_spoolss_enumprinterdrivers (struct cli_state *cli, 
+				       TALLOC_CTX *mem_ctx,
+				       uint32 offered, uint32 *needed,
+				       uint32 level, char *env,
+				       uint32 *num_drivers,
+				       PRINTER_DRIVER_CTR *ctr)
+{
+	prs_struct qbuf, rbuf;
+	SPOOL_Q_ENUMPRINTERDRIVERS q;
+        SPOOL_R_ENUMPRINTERDRIVERS r;
+	NEW_BUFFER buffer;
+	WERROR result = W_ERROR(ERRgeneral);
+	fstring server;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+        slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
+        strupper (server);
+
+	/* Initialise input parameters */
+
+	init_buffer(&buffer, offered, mem_ctx);
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Write the request */
+
+	make_spoolss_q_enumprinterdrivers(&q, server, env, level, &buffer, 
+					  offered);
+	
+	/* Marshall data and send request */
+	
+	if (!spoolss_io_q_enumprinterdrivers ("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req (cli, SPOOLSS_ENUMPRINTERDRIVERS, &qbuf, &rbuf))
+		goto done;
+
+	/* Unmarshall response */
+
+	if (!spoolss_io_r_enumprinterdrivers ("", &r, &rbuf, 0))
+		goto done;
+
+	if (needed)
+		*needed = r.needed;
+
+	if (num_drivers)
+		*num_drivers = r.returned;
+
+	result = r.status;
+
+	/* Return output parameters */
+
+	if (W_ERROR_IS_OK(result) && (r.returned != 0)) {
+		*num_drivers = r.returned;
+
+		switch (level) {
+		case 1:
+			decode_printer_driver_1(mem_ctx, r.buffer, r.returned, &ctr->info1);
+			break;
+		case 2:
+			decode_printer_driver_2(mem_ctx, r.buffer, r.returned, &ctr->info2);
+			break;
+		case 3:
+			decode_printer_driver_3(mem_ctx, r.buffer, r.returned, &ctr->info3);
+			break;
+		}
+	}
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+		
+	return result;
+}
+
+
+/*********************************************************************************
+ Win32 API - GetPrinterDriverDirectory()
+ ********************************************************************************/
+/**********************************************************************
+ * Get installed printer drivers for a given printer
+ */
+WERROR cli_spoolss_getprinterdriverdir (struct cli_state *cli, 
+					TALLOC_CTX *mem_ctx,
+					uint32 offered, uint32 *needed,
+					uint32 level, char *env,
+					DRIVER_DIRECTORY_CTR *ctr)
+{
+	prs_struct 			qbuf, rbuf;
+	SPOOL_Q_GETPRINTERDRIVERDIR 	q;
+        SPOOL_R_GETPRINTERDRIVERDIR 	r;
+	NEW_BUFFER 			buffer;
+	WERROR result = W_ERROR(ERRgeneral);
+	fstring 			server;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+        slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
+        strupper (server);
+
+	/* Initialise input parameters */
+
+	init_buffer(&buffer, offered, mem_ctx);
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Write the request */
+
+	make_spoolss_q_getprinterdriverdir(&q, server, env, level, &buffer, 
+					   offered);
+
+	/* Marshall data and send request */
+
+	if (!spoolss_io_q_getprinterdriverdir ("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req (cli, SPOOLSS_GETPRINTERDRIVERDIRECTORY,
+			       &qbuf, &rbuf)) 
+		goto done;
+
+	/* Unmarshall response */
+
+	if (spoolss_io_r_getprinterdriverdir ("", &r, &rbuf, 0)) {
+		if (needed)
+			*needed = r.needed;
+	}
+		
+	/* Return output parameters */
+
+	result = r.status;
+
+	if (W_ERROR_IS_OK(result)) {
+		switch (level) {
+		case 1:
+			decode_printerdriverdir_1(mem_ctx, r.buffer, 1, 
+						  &ctr->info1);
+			break;
+		}			
+	}
+		
+	done:
+		prs_mem_free(&qbuf);
+		prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/*********************************************************************************
+ Win32 API - AddPrinterDriver()
+ ********************************************************************************/
+/**********************************************************************
+ * Install a printer driver
+ */
+WERROR cli_spoolss_addprinterdriver (struct cli_state *cli, 
+				     TALLOC_CTX *mem_ctx, uint32 level,
+				     PRINTER_DRIVER_CTR *ctr)
+{
+	prs_struct 			qbuf, rbuf;
+	SPOOL_Q_ADDPRINTERDRIVER 	q;
+        SPOOL_R_ADDPRINTERDRIVER 	r;
+	WERROR result = W_ERROR(ERRgeneral);
+	fstring 			server;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+	
+        slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
+        strupper (server);
+
+	/* Initialise input parameters */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Write the request */
+
+	make_spoolss_q_addprinterdriver (mem_ctx, &q, server, level, ctr);
+
+	/* Marshall data and send request */
+
+	if (!spoolss_io_q_addprinterdriver ("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req (cli, SPOOLSS_ADDPRINTERDRIVER, &qbuf, &rbuf))
+		goto done;
+
+	/* Unmarshall response */
+
+	if (!spoolss_io_r_addprinterdriver ("", &r, &rbuf, 0))
+		goto done;
+		
+	/* Return output parameters */
+
+	result = r.status;
+
+done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+	
+	return result;	
+}
+
+/*********************************************************************************
+ Win32 API - AddPrinter()
+ ********************************************************************************/
+/**********************************************************************
+ * Install a printer
+ */
+WERROR cli_spoolss_addprinterex (struct cli_state *cli, TALLOC_CTX *mem_ctx,
+				 uint32 level, PRINTER_INFO_CTR*ctr)
+{
+	prs_struct 			qbuf, rbuf;
+	SPOOL_Q_ADDPRINTEREX 		q;
+        SPOOL_R_ADDPRINTEREX 		r;
+	WERROR result = W_ERROR(ERRgeneral);
+	fstring 			server,
+					client,
+					user;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+        slprintf (client, sizeof(fstring)-1, "\\\\%s", cli->desthost);
+        strupper (client);
+        slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
+        strupper (server);
+	fstrcpy  (user, cli->user_name);
+
+	/* Initialise input parameters */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Write the request */
+
+	make_spoolss_q_addprinterex (mem_ctx, &q, server, client, user,
+				     level, ctr);
+
+	/* Marshall data and send request */
+
+	if (!spoolss_io_q_addprinterex ("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req (cli, SPOOLSS_ADDPRINTEREX, &qbuf, &rbuf)) 
+		goto done;
+		
+	/* Unmarshall response */
+
+	if (!spoolss_io_r_addprinterex ("", &r, &rbuf, 0))
+		goto done;
+		
+	/* Return output parameters */
+
+	result = r.status;
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;	
+}
+
+/*********************************************************************************
+ Win32 API - DeltePrinterDriver()
+ ********************************************************************************/
+/**********************************************************************
+ * Delete a Printer Driver from the server (does not remove 
+ * the driver files
+ */
+WERROR cli_spoolss_deleteprinterdriver (struct cli_state *cli, 
+					TALLOC_CTX *mem_ctx, char *arch,
+					char *driver)
+{
+	prs_struct 			qbuf, rbuf;
+	SPOOL_Q_DELETEPRINTERDRIVER	q;
+        SPOOL_R_DELETEPRINTERDRIVER	r;
+	WERROR result = W_ERROR(ERRgeneral);
+	fstring				server;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+
+	/* Initialise input parameters */
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+        slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
+        strupper (server);
+
+	/* Write the request */
+
+	make_spoolss_q_deleteprinterdriver(mem_ctx, &q, server, arch, driver);
+
+	/* Marshall data and send request */
+
+	if (!spoolss_io_q_deleteprinterdriver ("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req (cli,SPOOLSS_DELETEPRINTERDRIVER , &qbuf, &rbuf))
+		goto done;
+
+	/* Unmarshall response */
+
+	if (!spoolss_io_r_deleteprinterdriver ("", &r, &rbuf, 0))
+		goto done;
+		
+	/* Return output parameters */
+
+	result = r.status;
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;	
+}
+
+/*********************************************************************************
+ Win32 API - GetPrinterProcessorDirectory()
+ ********************************************************************************/
+
+WERROR cli_spoolss_getprintprocessordirectory(struct cli_state *cli,
+					      TALLOC_CTX *mem_ctx,
+					      uint32 offered, uint32 *needed,
+					      char *name, char *environment,
+					      fstring procdir)
+{
+	prs_struct qbuf, rbuf;
+	SPOOL_Q_GETPRINTPROCESSORDIRECTORY q;
+	SPOOL_R_GETPRINTPROCESSORDIRECTORY r;
+	int level = 1;
+	WERROR result = W_ERROR(ERRgeneral);
+	NEW_BUFFER buffer;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Initialise input parameters */
+
+	init_buffer(&buffer, offered, mem_ctx);
+
+	make_spoolss_q_getprintprocessordirectory(
+		&q, name, environment, level, &buffer, offered);
+
+	/* Marshall data and send request */
+
+	if (!spoolss_io_q_getprintprocessordirectory("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SPOOLSS_GETPRINTPROCESSORDIRECTORY,
+			      &qbuf, &rbuf))
+		goto done;
+		
+	/* Unmarshall response */
+		
+	if (!spoolss_io_r_getprintprocessordirectory("", &r, &rbuf, 0))
+		goto done;
+
+	/* Return output parameters */
+		
+	result = r.status;
+
+	if (needed)
+		*needed = r.needed;
+
+	if (W_ERROR_IS_OK(result))
+		fstrcpy(procdir, "Not implemented!");
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/** Add a form to a printer.
+ *
+ * @param cli              Pointer to client state structure which is open
+ *                         on the SPOOLSS pipe.
+ * @param mem_ctx          Pointer to an initialised talloc context.
+ *
+ * @param handle           Policy handle opened with cli_spoolss_open_printer_ex
+ *                         or cli_spoolss_addprinterex.
+ * @param level            Form info level to add - should always be 1.
+ * @param form             A pointer to the form to be added.
+ *
+ */
+
+WERROR cli_spoolss_addform(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+			   POLICY_HND *handle, uint32 level, FORM *form)
+{
+	prs_struct qbuf, rbuf;
+	SPOOL_Q_ADDFORM q;
+	SPOOL_R_ADDFORM r;
+	WERROR result = W_ERROR(ERRgeneral);
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Initialise input parameters */
+
+        make_spoolss_q_addform(&q, handle, level, form);
+	
+	/* Marshall data and send request */
+
+	if (!spoolss_io_q_addform("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SPOOLSS_ADDFORM, &qbuf, &rbuf))
+		goto done;
+
+	/* Unmarshall response */
+
+	if (!spoolss_io_r_addform("", &r, &rbuf, 0))
+		goto done;
+
+	/* Return output parameters */
+
+	result = r.status;
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/** Set a form on a printer.
+ *
+ * @param cli              Pointer to client state structure which is open
+ *                         on the SPOOLSS pipe.
+ * @param mem_ctx          Pointer to an initialised talloc context.
+ *
+ * @param handle           Policy handle opened with cli_spoolss_open_printer_ex 
+ *                         or cli_spoolss_addprinterex.
+ * @param level            Form info level to set - should always be 1.
+ * @param form             A pointer to the form to be set.
+ *
+ */
+
+WERROR cli_spoolss_setform(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+			   POLICY_HND *handle, uint32 level, char *form_name,
+			   FORM *form)
+{
+	prs_struct qbuf, rbuf;
+	SPOOL_Q_SETFORM q;
+	SPOOL_R_SETFORM r;
+	WERROR result = W_ERROR(ERRgeneral);
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Initialise input parameters */
+
+        make_spoolss_q_setform(&q, handle, level, form_name, form);
+	
+	/* Marshall data and send request */
+
+	if (!spoolss_io_q_setform("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SPOOLSS_SETFORM, &qbuf, &rbuf))
+		goto done;
+
+	/* Unmarshall response */
+
+	if (!spoolss_io_r_setform("", &r, &rbuf, 0))
+		goto done;
+
+	/* Return output parameters */
+
+	result = r.status;
+
+	if (!W_ERROR_IS_OK(result))
+		goto done;
+
+
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/** Get a form on a printer.
+ *
+ * @param cli              Pointer to client state structure which is open
+ *                         on the SPOOLSS pipe.
+ * @param mem_ctx          Pointer to an initialised talloc context.
+ *
+ * @param handle           Policy handle opened with cli_spoolss_open_printer_ex 
+ *                         or cli_spoolss_addprinterex.
+ * @param formname         Name of the form to get
+ * @param level            Form info level to get - should always be 1.
+ *
+ */
+
+WERROR cli_spoolss_getform(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+			   uint32 offered, uint32 *needed,
+			   POLICY_HND *handle, char *formname, uint32 level, 
+			   FORM_1 *form)
+{
+	prs_struct qbuf, rbuf;
+	SPOOL_Q_GETFORM q;
+	SPOOL_R_GETFORM r;
+	WERROR result = W_ERROR(ERRgeneral);
+	NEW_BUFFER buffer;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	init_buffer(&buffer, offered, mem_ctx);
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Initialise input parameters */
+
+        make_spoolss_q_getform(&q, handle, formname, level, &buffer, offered);
+	
+	/* Marshall data and send request */
+
+	if (!spoolss_io_q_getform("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SPOOLSS_GETFORM, &qbuf, &rbuf))
+		goto done;
+
+	/* Unmarshall response */
+
+	if (!spoolss_io_r_getform("", &r, &rbuf, 0))
+		goto done;
+
+	/* Return output parameters */
+
+	result = r.status;
+
+	if (needed)
+		*needed = r.needed;
+
+	if (W_ERROR_IS_OK(result)) 
+		smb_io_form_1("", r.buffer, form, 0);
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/** Delete a form on a printer.
+ *
+ * @param cli              Pointer to client state structure which is open
+ *                         on the SPOOLSS pipe.
+ * @param mem_ctx          Pointer to an initialised talloc context.
+ *
+ * @param handle           Policy handle opened with cli_spoolss_open_printer_ex 
+ *                         or cli_spoolss_addprinterex.
+ * @param form             The name of the form to delete.
+ *
+ */
+
+WERROR cli_spoolss_deleteform(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+			      POLICY_HND *handle, char *form_name)
+{
+	prs_struct qbuf, rbuf;
+	SPOOL_Q_DELETEFORM q;
+	SPOOL_R_DELETEFORM r;
+	WERROR result = W_ERROR(ERRgeneral);
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Initialise input parameters */
+
+        make_spoolss_q_deleteform(&q, handle, form_name);
+	
+	/* Marshall data and send request */
+
+	if (!spoolss_io_q_deleteform("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SPOOLSS_DELETEFORM, &qbuf, &rbuf))
+		goto done;
+
+	/* Unmarshall response */
+
+	if (!spoolss_io_r_deleteform("", &r, &rbuf, 0))
+		goto done;
+
+	/* Return output parameters */
+
+	result = r.status;
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+static void decode_forms_1(TALLOC_CTX *mem_ctx, NEW_BUFFER *buffer, 
+			   uint32 num_forms, FORM_1 **forms)
+{
+	int i;
+
+	*forms = (FORM_1 *)talloc(mem_ctx, num_forms * sizeof(FORM_1));
+	buffer->prs.data_offset = 0;
+
+	for (i = 0; i < num_forms; i++)
+		smb_io_form_1("", buffer, &((*forms)[i]), 0);
+}
+
+/** Enumerate forms
+ *
+ * @param cli              Pointer to client state structure which is open
+ *                         on the SPOOLSS pipe.
+ * @param mem_ctx          Pointer to an initialised talloc context.
+ *
+ * @param offered          Buffer size offered in the request.
+ * @param needed           Number of bytes needed to complete the request.
+ *                         may be NULL.
+ *                         or cli_spoolss_addprinterex.
+ * @param level            Form info level to get - should always be 1.
+ * @param handle           Open policy handle
+ *
+ */
+
+WERROR cli_spoolss_enumforms(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+			     uint32 offered, uint32 *needed,
+			     POLICY_HND *handle, int level, uint32 *num_forms,
+			     FORM_1 **forms)
+{
+	prs_struct qbuf, rbuf;
+	SPOOL_Q_ENUMFORMS q;
+	SPOOL_R_ENUMFORMS r;
+	WERROR result = W_ERROR(ERRgeneral);
+	NEW_BUFFER buffer;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	init_buffer(&buffer, offered, mem_ctx);
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Initialise input parameters */
+
+        make_spoolss_q_enumforms(&q, handle, level, &buffer, offered);
+
+	/* Marshall data and send request */
+
+	if (!spoolss_io_q_enumforms("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SPOOLSS_ENUMFORMS, &qbuf, &rbuf))
+		goto done;
+
+	/* Unmarshall response */
+
+	if (!spoolss_io_r_enumforms("", &r, &rbuf, 0))
+		goto done;
+
+	/* Return output parameters */
+
+	result = r.status;
+
+	if (needed)
+		*needed = r.needed;
+
+	if (num_forms)
+		*num_forms = r.numofforms;
+
+	decode_forms_1(mem_ctx, r.buffer, *num_forms, forms);
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/*********************************************************************************
+ Win32 API - SetPrinterData()
+ ********************************************************************************/
+
+WERROR cli_spoolss_setprinterdata (struct cli_state *cli, TALLOC_CTX *mem_ctx,
+					POLICY_HND *pol, char* valname, char* value)
+{
+	prs_struct qbuf, rbuf;
+	SPOOL_Q_SETPRINTERDATA q;
+        SPOOL_R_SETPRINTERDATA r;
+	WERROR result = W_ERROR(ERRgeneral);
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise input parameters */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+
+	/* write the request */
+	make_spoolss_q_setprinterdata(&q, mem_ctx, pol, valname, value);
+
+	/* Marshall data and send request */
+	if (!spoolss_io_q_setprinterdata ("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req (cli, SPOOLSS_SETPRINTERDATA, &qbuf, &rbuf))
+		goto done;
+
+	/* Unmarshall response */
+	if (spoolss_io_r_setprinterdata ("", &r, &rbuf, 0))
+		goto done;
+		
+	result = r.status;
+
+done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/* Enumerate jobs */
+
+WERROR cli_spoolss_enumjobs(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+			    uint32 offered, uint32 *needed,
+			    POLICY_HND *hnd, uint32 firstjob, uint32 numofjobs,
+			    uint32 level)
+{
+	prs_struct qbuf, rbuf;
+	SPOOL_Q_ENUMJOBS q;
+	SPOOL_R_ENUMJOBS r;
+	WERROR result = W_ERROR(ERRgeneral);
+	NEW_BUFFER buffer;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	init_buffer(&buffer, offered, mem_ctx);
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Initialise input parameters */
+
+        make_spoolss_q_enumjobs(&q, hnd, firstjob, numofjobs, level, &buffer, 
+				offered);
+
+	/* Marshall data and send request */
+
+	if (!spoolss_io_q_enumjobs("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SPOOLSS_ENUMJOBS, &qbuf, &rbuf))
+		goto done;
+
+	/* Unmarshall response */
+
+	if (!spoolss_io_r_enumjobs("", &r, &rbuf, 0))
+		goto done;
+
+	/* Return output parameters */
+
+	result = r.status;
+
+	if (needed)
+		*needed = r.needed;
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/** @} **/
diff --git a/source3/libsmb/cli_srvsvc.c b/source3/libsmb/cli_srvsvc.c
new file mode 100644
index 0000000000..9d33149540
--- /dev/null
+++ b/source3/libsmb/cli_srvsvc.c
@@ -0,0 +1,79 @@
+/* 
+   Unix SMB/CIFS implementation.
+   NT Domain Authentication SMB / MSRPC client
+   Copyright (C) Andrew Tridgell 1994-2000
+   Copyright (C) Luke Kenneth Casson Leighton 1996-2000
+   Copyright (C) Tim Potter 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/* Opens a SMB connection to the svrsvc pipe */
+
+struct cli_state *cli_svrsvc_initialise(struct cli_state *cli, 
+					char *system_name,
+					struct ntuser_creds *creds)
+{
+        return cli_pipe_initialise(cli, system_name, PIPE_SRVSVC, creds);
+}
+
+NTSTATUS cli_srvsvc_net_srv_get_info(struct cli_state *cli, 
+                                     TALLOC_CTX *mem_ctx,
+                                     uint32 switch_value, SRV_INFO_CTR *ctr)
+{
+	prs_struct qbuf, rbuf;
+	SRV_Q_NET_SRV_GET_INFO q;
+	SRV_R_NET_SRV_GET_INFO r;
+	NTSTATUS result;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Initialise input parameters */
+
+	init_srv_q_net_srv_get_info(&q, cli->srv_name_slash, switch_value);
+
+	/* Marshall data and send request */
+
+	if (!srv_io_q_net_srv_get_info("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SRV_NET_SRV_GET_INFO, &qbuf, &rbuf)) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	r.ctr = ctr;
+
+	if (!srv_io_r_net_srv_get_info("", &r, &rbuf, 0)) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	result = werror_to_ntstatus(r.status);
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
diff --git a/source3/libsmb/cli_wkssvc.c b/source3/libsmb/cli_wkssvc.c
new file mode 100644
index 0000000000..2a84e6b698
--- /dev/null
+++ b/source3/libsmb/cli_wkssvc.c
@@ -0,0 +1,112 @@
+/* 
+   Unix SMB/CIFS implementation.
+   NT Domain Authentication SMB / MSRPC client
+   Copyright (C) Andrew Tridgell 1994-2000
+   Copyright (C) Luke Kenneth Casson Leighton 1996-2000
+   Copyright (C) Tim Potter 2001
+   Copytight (C) Rafal Szczesniak 2002
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/**
+ * Opens a SMB connection to the wkssvc pipe
+ *
+ * @param cli client structure (not yet initialised)
+ * @param system_name called rpc server name
+ * @param creds user credentials
+ *
+ * @return client structure with opened pipe
+ **/
+
+struct cli_state *cli_wkssvc_initialise(struct cli_state *cli, 
+					char *system_name,
+					struct ntuser_creds *creds)
+{
+        return cli_pipe_initialise(cli, system_name, PIPE_WKSSVC, creds);
+}
+
+
+/**
+ * WksQueryInfo rpc call (like query for server's capabilities)
+ *
+ * @param initialised client structure with \PIPE\wkssvc opened
+ * @param mem_ctx memory context assigned to this rpc binding
+ * @param wks100 WksQueryInfo structure
+ *
+ * @return NTSTATUS of rpc call
+ */
+ 
+NTSTATUS cli_wks_query_info(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+			    WKS_INFO_100 *wks100)
+{
+	prs_struct buf;
+	prs_struct rbuf;
+	WKS_Q_QUERY_INFO q_o;
+	WKS_R_QUERY_INFO r_o;
+	NTSTATUS nt_status;
+
+	if (cli == NULL || wks100 == NULL)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	/* init rpc parse structures */
+	prs_init(&buf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	DEBUG(4, ("WksQueryInfo\n"));
+	
+	/* init query structure with rpc call arguments */
+	init_wks_q_query_info(&q_o, cli->desthost, 100);
+	
+	/* marshall data */
+	if (!wks_io_q_query_info("", &q_o, &buf, 0)) {
+		prs_mem_free(&buf);
+		prs_mem_free(&rbuf);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+	
+	/* actual rpc call over \PIPE\wkssvc */
+	if (!rpc_api_pipe_req(cli, WKS_QUERY_INFO, &buf, &rbuf)) {
+		prs_mem_free(&buf);
+		prs_mem_free(&rbuf);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+	
+	prs_mem_free(&buf);
+
+	r_o.wks100 = wks100;
+
+	/* get call results from response buffer */
+	if (!wks_io_r_query_info("", &r_o, &rbuf, 0)) {
+		prs_mem_free(&rbuf);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+	
+	/* check returnet status code */
+	if (NT_STATUS_IS_ERR(r_o.status)) {
+		/* report the error */
+		DEBUG(0,("WKS_R_QUERY_INFO: %s\n", nt_errstr(r_o.status)));
+		prs_mem_free(&rbuf);
+		return r_o.status;
+	}
+	
+	/* do clean up */
+	prs_mem_free(&rbuf);
+	
+	return nt_status;
+}
+
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
new file mode 100644
index 0000000000..8ddd116679
--- /dev/null
+++ b/source3/libsmb/cliconnect.c
@@ -0,0 +1,1348 @@
+/* 
+   Unix SMB/CIFS implementation.
+   client connect/disconnect routines
+   Copyright (C) Andrew Tridgell 1994-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#define NO_SYSLOG
+
+#include "includes.h"
+
+
+static const struct {
+    int prot;
+    const char *name;
+  }
+prots[] = 
+    {
+      {PROTOCOL_CORE,"PC NETWORK PROGRAM 1.0"},
+      {PROTOCOL_COREPLUS,"MICROSOFT NETWORKS 1.03"},
+      {PROTOCOL_LANMAN1,"MICROSOFT NETWORKS 3.0"},
+      {PROTOCOL_LANMAN1,"LANMAN1.0"},
+      {PROTOCOL_LANMAN2,"LM1.2X002"},
+      {PROTOCOL_LANMAN2,"Samba"},
+      {PROTOCOL_NT1,"NT LANMAN 1.0"},
+      {PROTOCOL_NT1,"NT LM 0.12"},
+      {-1,NULL}
+    };
+
+
+/****************************************************************************
+do an old lanman2 style session setup
+****************************************************************************/
+static BOOL cli_session_setup_lanman2(struct cli_state *cli, char *user, 
+				      char *pass, int passlen)
+{
+	fstring pword;
+	char *p;
+
+	if (passlen > sizeof(pword)-1) {
+		return False;
+	}
+
+	/* if in share level security then don't send a password now */
+	if (!(cli->sec_mode & 1)) {
+		passlen = 0;
+	}
+
+	if (passlen > 0 && (cli->sec_mode & 2) && passlen != 24) {
+		/* Encrypted mode needed, and non encrypted password supplied. */
+		passlen = 24;
+		clistr_push(cli, pword, pass, -1, STR_TERMINATE);
+		SMBencrypt((uchar *)pword,cli->secblob.data,(uchar *)pword);
+	} else if ((cli->sec_mode & 2) && passlen == 24) {
+		/* Encrypted mode needed, and encrypted password supplied. */
+		memcpy(pword, pass, passlen);
+	} else if (passlen > 0) {
+		/* Plaintext mode needed, assume plaintext supplied. */
+		passlen = clistr_push(cli, pword, pass, -1, STR_TERMINATE);
+	}
+
+	/* send a session setup command */
+	memset(cli->outbuf,'\0',smb_size);
+	set_message(cli->outbuf,10, 0, True);
+	SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
+	cli_setup_packet(cli);
+	
+	SCVAL(cli->outbuf,smb_vwv0,0xFF);
+	SSVAL(cli->outbuf,smb_vwv2,cli->max_xmit);
+	SSVAL(cli->outbuf,smb_vwv3,2);
+	SSVAL(cli->outbuf,smb_vwv4,1);
+	SIVAL(cli->outbuf,smb_vwv5,cli->sesskey);
+	SSVAL(cli->outbuf,smb_vwv7,passlen);
+
+	p = smb_buf(cli->outbuf);
+	memcpy(p,pword,passlen);
+	p += passlen;
+	p += clistr_push(cli, p, user, -1, STR_TERMINATE);
+	cli_setup_bcc(cli, p);
+
+	cli_send_smb(cli);
+	if (!cli_receive_smb(cli))
+		return False;
+
+	show_msg(cli->inbuf);
+
+	if (cli_is_error(cli)) {
+		return False;
+	}
+	
+	/* use the returned vuid from now on */
+	cli->vuid = SVAL(cli->inbuf,smb_uid);	
+	fstrcpy(cli->user_name, user);
+
+	return True;
+}
+
+
+/****************************************************************************
+work out suitable capabilities to offer the server
+****************************************************************************/
+static uint32 cli_session_setup_capabilities(struct cli_state *cli)
+{
+	uint32 capabilities = CAP_NT_SMBS;
+
+	if (!cli->force_dos_errors) {
+		capabilities |= CAP_STATUS32;
+	}
+
+	if (cli->use_level_II_oplocks) {
+		capabilities |= CAP_LEVEL_II_OPLOCKS;
+	}
+
+	if (cli->capabilities & CAP_UNICODE) {
+		capabilities |= CAP_UNICODE;
+	}
+
+	return capabilities;
+}
+
+
+/****************************************************************************
+do a NT1 guest session setup
+****************************************************************************/
+static BOOL cli_session_setup_guest(struct cli_state *cli)
+{
+	char *p;
+	uint32 capabilities = cli_session_setup_capabilities(cli);
+
+	set_message(cli->outbuf,13,0,True);
+	SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
+	cli_setup_packet(cli);
+			
+	SCVAL(cli->outbuf,smb_vwv0,0xFF);
+	SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE);
+	SSVAL(cli->outbuf,smb_vwv3,2);
+	SSVAL(cli->outbuf,smb_vwv4,cli->pid);
+	SIVAL(cli->outbuf,smb_vwv5,cli->sesskey);
+	SSVAL(cli->outbuf,smb_vwv7,0);
+	SSVAL(cli->outbuf,smb_vwv8,0);
+	SIVAL(cli->outbuf,smb_vwv11,capabilities); 
+	p = smb_buf(cli->outbuf);
+	p += clistr_push(cli, p, "", -1, STR_TERMINATE); /* username */
+	p += clistr_push(cli, p, "", -1, STR_TERMINATE); /* workgroup */
+	p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
+	p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE);
+	cli_setup_bcc(cli, p);
+
+	cli_send_smb(cli);
+	if (!cli_receive_smb(cli))
+	      return False;
+	
+	show_msg(cli->inbuf);
+	
+	if (cli_is_error(cli)) {
+		return False;
+	}
+
+	cli->vuid = SVAL(cli->inbuf,smb_uid);
+
+	p = smb_buf(cli->inbuf);
+	p += clistr_pull(cli, cli->server_os, p, sizeof(fstring), -1, STR_TERMINATE);
+	p += clistr_pull(cli, cli->server_type, p, sizeof(fstring), -1, STR_TERMINATE);
+	p += clistr_pull(cli, cli->server_domain, p, sizeof(fstring), -1, STR_TERMINATE);
+
+	fstrcpy(cli->user_name, "");
+
+	return True;
+}
+
+
+/****************************************************************************
+do a NT1 plaintext session setup
+****************************************************************************/
+static BOOL cli_session_setup_plaintext(struct cli_state *cli, char *user, 
+					char *pass, char *workgroup)
+{
+	uint32 capabilities = cli_session_setup_capabilities(cli);
+	fstring pword;
+	int passlen;
+	char *p;
+
+	passlen = clistr_push(cli, pword, pass, sizeof(pword), STR_TERMINATE|STR_ASCII);
+
+	set_message(cli->outbuf,13,0,True);
+	SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
+	cli_setup_packet(cli);
+			
+	SCVAL(cli->outbuf,smb_vwv0,0xFF);
+	SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE);
+	SSVAL(cli->outbuf,smb_vwv3,2);
+	SSVAL(cli->outbuf,smb_vwv4,cli->pid);
+	SIVAL(cli->outbuf,smb_vwv5,cli->sesskey);
+	SSVAL(cli->outbuf,smb_vwv7,passlen);
+	SSVAL(cli->outbuf,smb_vwv8,0);
+	SIVAL(cli->outbuf,smb_vwv11,capabilities); 
+	p = smb_buf(cli->outbuf);
+	memcpy(p, pword, passlen);
+	p += passlen;
+	p += clistr_push(cli, p, user, -1, STR_TERMINATE); /* username */
+	p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE); /* workgroup */
+	p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
+	p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE);
+	cli_setup_bcc(cli, p);
+
+	cli_send_smb(cli);
+	if (!cli_receive_smb(cli))
+	      return False;
+	
+	show_msg(cli->inbuf);
+	
+	if (cli_is_error(cli)) {
+		return False;
+	}
+
+	cli->vuid = SVAL(cli->inbuf,smb_uid);
+	p = smb_buf(cli->inbuf);
+	p += clistr_pull(cli, cli->server_os, p, sizeof(fstring), -1, STR_TERMINATE);
+	p += clistr_pull(cli, cli->server_type, p, sizeof(fstring), -1, STR_TERMINATE);
+	p += clistr_pull(cli, cli->server_domain, p, sizeof(fstring), -1, STR_TERMINATE);
+	fstrcpy(cli->user_name, user);
+
+	return True;
+}
+
+
+/****************************************************************************
+do a NT1 NTLM/LM encrypted session setup
+****************************************************************************/
+static BOOL cli_session_setup_nt1(struct cli_state *cli, char *user, 
+				  char *pass, int passlen,
+				  char *ntpass, int ntpasslen,
+				  char *workgroup)
+{
+	uint32 capabilities = cli_session_setup_capabilities(cli);
+	fstring pword, ntpword;
+	char *p;
+
+	if (passlen > sizeof(pword)-1 || ntpasslen > sizeof(ntpword)-1) {
+		return False;
+	}
+
+	if (passlen != 24) {
+		/* non encrypted password supplied. Ignore ntpass. */
+		passlen = 24;
+		ntpasslen = 24;
+		clistr_push(cli, pword, 
+			    pass?pass:"", sizeof(pword), STR_TERMINATE|STR_ASCII);
+		clistr_push(cli, ntpword, 
+			    pass?pass:"", sizeof(ntpword), STR_TERMINATE|STR_ASCII);
+		SMBencrypt((uchar *)pword,cli->secblob.data,(uchar *)pword);
+		SMBNTencrypt((uchar *)ntpword,cli->secblob.data,(uchar *)ntpword);
+	} else {
+		memcpy(pword, pass, passlen);
+		memcpy(ntpword, ntpass, ntpasslen);
+	}
+
+	/* send a session setup command */
+	memset(cli->outbuf,'\0',smb_size);
+
+	set_message(cli->outbuf,13,0,True);
+	SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
+	cli_setup_packet(cli);
+			
+	SCVAL(cli->outbuf,smb_vwv0,0xFF);
+	SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE);
+	SSVAL(cli->outbuf,smb_vwv3,2);
+	SSVAL(cli->outbuf,smb_vwv4,cli->pid);
+	SIVAL(cli->outbuf,smb_vwv5,cli->sesskey);
+	SSVAL(cli->outbuf,smb_vwv7,passlen);
+	SSVAL(cli->outbuf,smb_vwv8,ntpasslen);
+	SIVAL(cli->outbuf,smb_vwv11,capabilities); 
+	p = smb_buf(cli->outbuf);
+	memcpy(p,pword,passlen); p += passlen;
+	memcpy(p,ntpword,ntpasslen); p += ntpasslen;
+	p += clistr_push(cli, p, user, -1, STR_TERMINATE|STR_UPPER);
+	p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE|STR_UPPER);
+	p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
+	p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE);
+	cli_setup_bcc(cli, p);
+
+	cli_send_smb(cli);
+	if (!cli_receive_smb(cli))
+		return False;
+
+	show_msg(cli->inbuf);
+
+	if (cli_is_error(cli)) {
+		return False;
+	}
+	
+	/* use the returned vuid from now on */
+	cli->vuid = SVAL(cli->inbuf,smb_uid);
+	
+	p = smb_buf(cli->inbuf);
+	p += clistr_pull(cli, cli->server_os, p, sizeof(fstring), -1, STR_TERMINATE);
+	p += clistr_pull(cli, cli->server_type, p, sizeof(fstring), -1, STR_TERMINATE);
+	p += clistr_pull(cli, cli->server_domain, p, sizeof(fstring), -1, STR_TERMINATE);
+
+	fstrcpy(cli->user_name, user);
+
+	return True;
+}
+
+
+/****************************************************************************
+send a extended security session setup blob, returning a reply blob
+****************************************************************************/
+static DATA_BLOB cli_session_setup_blob(struct cli_state *cli, DATA_BLOB blob)
+{
+	uint32 capabilities = cli_session_setup_capabilities(cli);
+	char *p;
+	DATA_BLOB blob2;
+	uint32 len;
+
+	blob2 = data_blob(NULL, 0);
+
+	capabilities |= CAP_EXTENDED_SECURITY;
+
+	/* send a session setup command */
+	memset(cli->outbuf,'\0',smb_size);
+
+	set_message(cli->outbuf,12,0,True);
+	SCVAL(cli->outbuf,smb_com,SMBsesssetupX);
+	cli_setup_packet(cli);
+			
+	SCVAL(cli->outbuf,smb_vwv0,0xFF);
+	SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE);
+	SSVAL(cli->outbuf,smb_vwv3,2);
+	SSVAL(cli->outbuf,smb_vwv4,1);
+	SIVAL(cli->outbuf,smb_vwv5,0);
+	SSVAL(cli->outbuf,smb_vwv7,blob.length);
+	SIVAL(cli->outbuf,smb_vwv10,capabilities); 
+	p = smb_buf(cli->outbuf);
+	memcpy(p, blob.data, blob.length);
+	p += blob.length;
+	p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE);
+	p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE);
+	cli_setup_bcc(cli, p);
+
+	cli_send_smb(cli);
+	if (!cli_receive_smb(cli))
+		return blob2;
+
+	show_msg(cli->inbuf);
+
+	if (cli_is_error(cli) && !NT_STATUS_EQUAL(cli_nt_error(cli),
+						  NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+		return blob2;
+	}
+	
+	/* use the returned vuid from now on */
+	cli->vuid = SVAL(cli->inbuf,smb_uid);
+	
+	p = smb_buf(cli->inbuf);
+
+	blob2 = data_blob(p, SVAL(cli->inbuf, smb_vwv3));
+
+	p += blob2.length;
+	p += clistr_pull(cli, cli->server_os, p, sizeof(fstring), -1, STR_TERMINATE);
+
+	/* w2k with kerberos doesn't properly null terminate this field */
+	len = smb_buflen(cli->inbuf) - PTR_DIFF(p, smb_buf(cli->inbuf));
+	p += clistr_pull(cli, cli->server_type, p, sizeof(fstring), len, 0);
+
+	return blob2;
+}
+
+
+#ifdef HAVE_KRB5
+/****************************************************************************
+do a spnego/kerberos encrypted session setup
+****************************************************************************/
+static BOOL cli_session_setup_kerberos(struct cli_state *cli, char *principal, char *workgroup)
+{
+	DATA_BLOB blob2, negTokenTarg;
+
+	DEBUG(2,("Doing kerberos session setup\n"));
+
+	/* generate the encapsulated kerberos5 ticket */
+	negTokenTarg = spnego_gen_negTokenTarg(cli, principal);
+
+	if (!negTokenTarg.data) return False;
+
+#if 0
+	file_save("negTokenTarg.dat", negTokenTarg.data, negTokenTarg.length);
+#endif
+
+	blob2 = cli_session_setup_blob(cli, negTokenTarg);
+
+	/* we don't need this blob for kerberos */
+	data_blob_free(&blob2);
+
+	data_blob_free(&negTokenTarg);
+
+	return !cli_is_error(cli);
+}
+#endif
+
+/****************************************************************************
+do a spnego/NTLMSSP encrypted session setup
+****************************************************************************/
+static BOOL cli_session_setup_ntlmssp(struct cli_state *cli, char *user, 
+				      char *pass, char *workgroup)
+{
+	const char *mechs[] = {OID_NTLMSSP, NULL};
+	DATA_BLOB msg1;
+	DATA_BLOB blob, chal1, chal2, auth;
+	uint8 challenge[8];
+	uint8 nthash[24], lmhash[24], sess_key[16];
+	uint32 neg_flags;
+
+	neg_flags = NTLMSSP_NEGOTIATE_UNICODE | 
+		NTLMSSP_NEGOTIATE_LM_KEY | 
+		NTLMSSP_NEGOTIATE_NTLM;
+
+	memset(sess_key, 0, 16);
+
+	/* generate the ntlmssp negotiate packet */
+	msrpc_gen(&blob, "CddB",
+		  "NTLMSSP",
+		  NTLMSSP_NEGOTIATE,
+		  neg_flags,
+		  sess_key, 16);
+
+	/* and wrap it in a SPNEGO wrapper */
+	msg1 = gen_negTokenTarg(mechs, blob);
+	data_blob_free(&blob);
+
+	/* now send that blob on its way */
+	blob = cli_session_setup_blob(cli, msg1);
+
+	data_blob_free(&msg1);
+
+	if (!NT_STATUS_EQUAL(cli_nt_error(cli), NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+		return False;
+	}
+
+#if 0
+	file_save("chal.dat", blob.data, blob.length);
+#endif
+
+	/* the server gives us back two challenges */
+	if (!spnego_parse_challenge(blob, &chal1, &chal2)) {
+		DEBUG(3,("Failed to parse challenges\n"));
+		return False;
+	}
+
+	data_blob_free(&blob);
+
+	/* encrypt the password with the challenge */
+	memcpy(challenge, chal1.data + 24, 8);
+	SMBencrypt((unsigned char *)pass, challenge,lmhash);
+	SMBNTencrypt((unsigned char *)pass, challenge,nthash);
+
+#if 0
+	file_save("nthash.dat", nthash, 24);
+	file_save("lmhash.dat", lmhash, 24);
+	file_save("chal1.dat", chal1.data, chal1.length);
+#endif
+
+	data_blob_free(&chal1);
+	data_blob_free(&chal2);
+
+	/* this generates the actual auth packet */
+	msrpc_gen(&blob, "CdBBUUUBd", 
+		  "NTLMSSP", 
+		  NTLMSSP_AUTH, 
+		  lmhash, 24,
+		  nthash, 24,
+		  workgroup, 
+		  user, 
+		  cli->calling.name,
+		  sess_key, 16,
+		  neg_flags);
+
+	/* wrap it in SPNEGO */
+	auth = spnego_gen_auth(blob);
+
+	data_blob_free(&blob);
+
+	/* now send the auth packet and we should be done */
+	blob = cli_session_setup_blob(cli, auth);
+
+	data_blob_free(&auth);
+	data_blob_free(&blob);
+
+	return !cli_is_error(cli);
+}
+
+
+/****************************************************************************
+do a spnego encrypted session setup
+****************************************************************************/
+static BOOL cli_session_setup_spnego(struct cli_state *cli, char *user, 
+				     char *pass, char *workgroup)
+{
+	char *principal;
+	char *OIDs[ASN1_MAX_OIDS];
+	uint8 guid[16];
+	int i;
+	BOOL got_kerberos_mechanism = False;
+
+	DEBUG(2,("Doing spnego session setup (blob length=%d)\n", cli->secblob.length));
+
+	/* the server might not even do spnego */
+	if (cli->secblob.length == 16) {
+		DEBUG(3,("server didn't supply a full spnego negprot\n"));
+		goto ntlmssp;
+	}
+
+#if 0
+	file_save("negprot.dat", cli->secblob.data, cli->secblob.length);
+#endif
+
+	/* the server sent us the first part of the SPNEGO exchange in the negprot 
+	   reply */
+	if (!spnego_parse_negTokenInit(cli->secblob, guid, OIDs, &principal)) {
+		return False;
+	}
+
+	/* make sure the server understands kerberos */
+	for (i=0;OIDs[i];i++) {
+		DEBUG(3,("got OID=%s\n", OIDs[i]));
+		if (strcmp(OIDs[i], OID_KERBEROS5_OLD) == 0 ||
+		    strcmp(OIDs[i], OID_KERBEROS5) == 0) {
+			got_kerberos_mechanism = True;
+		}
+		free(OIDs[i]);
+	}
+	DEBUG(3,("got principal=%s\n", principal));
+
+	fstrcpy(cli->user_name, user);
+
+#ifdef HAVE_KRB5
+	if (got_kerberos_mechanism && cli->use_kerberos) {
+		return cli_session_setup_kerberos(cli, principal, workgroup);
+	}
+#endif
+
+	free(principal);
+
+ntlmssp:
+
+	return cli_session_setup_ntlmssp(cli, user, pass, workgroup);
+}
+
+
+/****************************************************************************
+ Send a session setup. The username and workgroup is in UNIX character
+ format and must be converted to DOS codepage format before sending. If the
+ password is in plaintext, the same should be done.
+****************************************************************************/
+BOOL cli_session_setup(struct cli_state *cli, 
+		       char *user, 
+		       char *pass, int passlen,
+		       char *ntpass, int ntpasslen,
+		       char *workgroup)
+{
+	char *p;
+	fstring user2;
+
+	/* allow for workgroups as part of the username */
+	fstrcpy(user2, user);
+	if ((p=strchr_m(user2,'\\')) || (p=strchr_m(user2,'/')) ||
+	    (p=strchr_m(user2,*lp_winbind_separator()))) {
+		*p = 0;
+		user = p+1;
+		workgroup = user2;
+	}
+
+	if (cli->protocol < PROTOCOL_LANMAN1)
+		return True;
+
+	/* now work out what sort of session setup we are going to
+           do. I have split this into separate functions to make the
+           flow a bit easier to understand (tridge) */
+
+	/* if its an older server then we have to use the older request format */
+	if (cli->protocol < PROTOCOL_NT1) {
+		return cli_session_setup_lanman2(cli, user, pass, passlen);
+	}
+
+	/* if no user is supplied then we have to do an anonymous connection.
+	   passwords are ignored */
+	if (!user || !*user) {
+		return cli_session_setup_guest(cli);
+	}
+
+	/* if the server is share level then send a plaintext null
+           password at this point. The password is sent in the tree
+           connect */
+	if ((cli->sec_mode & 1) == 0) {
+		return cli_session_setup_plaintext(cli, user, "", workgroup);
+	}
+
+	/* if the server doesn't support encryption then we have to use plaintext. The 
+	   second password is ignored */
+	if ((cli->sec_mode & 2) == 0) {
+		return cli_session_setup_plaintext(cli, user, pass, workgroup);
+	}
+
+	/* if the server supports extended security then use SPNEGO */
+	if (cli->capabilities & CAP_EXTENDED_SECURITY) {
+		return cli_session_setup_spnego(cli, user, pass, workgroup);
+	}
+
+	/* otherwise do a NT1 style session setup */
+	return cli_session_setup_nt1(cli, user, 
+				     pass, passlen, ntpass, ntpasslen,
+				     workgroup);	
+}
+
+/****************************************************************************
+ Send a uloggoff.
+*****************************************************************************/
+
+BOOL cli_ulogoff(struct cli_state *cli)
+{
+        memset(cli->outbuf,'\0',smb_size);
+        set_message(cli->outbuf,2,0,True);
+        SCVAL(cli->outbuf,smb_com,SMBulogoffX);
+        cli_setup_packet(cli);
+	SSVAL(cli->outbuf,smb_vwv0,0xFF);
+	SSVAL(cli->outbuf,smb_vwv2,0);  /* no additional info */
+
+        cli_send_smb(cli);
+        if (!cli_receive_smb(cli))
+                return False;
+
+        return !cli_is_error(cli);
+}
+
+/****************************************************************************
+send a tconX
+****************************************************************************/
+BOOL cli_send_tconX(struct cli_state *cli, 
+		    const char *share, const char *dev, const char *pass, int passlen)
+{
+	fstring fullshare, pword, dos_pword;
+	char *p;
+	memset(cli->outbuf,'\0',smb_size);
+	memset(cli->inbuf,'\0',smb_size);
+
+	fstrcpy(cli->share, share);
+
+	/* in user level security don't send a password now */
+	if (cli->sec_mode & 1) {
+		passlen = 1;
+		pass = "";
+	}
+
+	if ((cli->sec_mode & 2) && *pass && passlen != 24) {
+		/*
+		 * Non-encrypted passwords - convert to DOS codepage before encryption.
+		 */
+		passlen = 24;
+		clistr_push(cli, dos_pword, pass, -1, STR_TERMINATE);
+		SMBencrypt((uchar *)dos_pword,cli->secblob.data,(uchar *)pword);
+	} else {
+		if((cli->sec_mode & 3) == 0) {
+			/*
+			 * Non-encrypted passwords - convert to DOS codepage before using.
+			 */
+			passlen = clistr_push(cli, pword, pass, -1, STR_TERMINATE);
+		} else {
+			memcpy(pword, pass, passlen);
+		}
+	}
+
+	if (cli->port == 445) {
+		slprintf(fullshare, sizeof(fullshare)-1,
+			 "%s", share);
+	} else {
+		slprintf(fullshare, sizeof(fullshare)-1,
+			 "\\\\%s\\%s", cli->desthost, share);
+	}
+
+	set_message(cli->outbuf,4, 0, True);
+	SCVAL(cli->outbuf,smb_com,SMBtconX);
+	cli_setup_packet(cli);
+
+	SSVAL(cli->outbuf,smb_vwv0,0xFF);
+	SSVAL(cli->outbuf,smb_vwv3,passlen);
+
+	p = smb_buf(cli->outbuf);
+	memcpy(p,pword,passlen);
+	p += passlen;
+	p += clistr_push(cli, p, fullshare, -1, STR_TERMINATE |STR_UPPER);
+	fstrcpy(p, dev); p += strlen(dev)+1;
+
+	cli_setup_bcc(cli, p);
+
+	cli_send_smb(cli);
+	if (!cli_receive_smb(cli))
+		return False;
+
+	if (cli_is_error(cli)) {
+		return False;
+	}
+
+	clistr_pull(cli, cli->dev, smb_buf(cli->inbuf), sizeof(fstring), -1, STR_TERMINATE|STR_ASCII);
+
+	if (strcasecmp(share,"IPC$")==0) {
+		fstrcpy(cli->dev, "IPC");
+	}
+
+	if (cli->protocol >= PROTOCOL_NT1 &&
+	    smb_buflen(cli->inbuf) == 3) {
+		/* almost certainly win95 - enable bug fixes */
+		cli->win95 = True;
+	}
+
+	cli->cnum = SVAL(cli->inbuf,smb_tid);
+	return True;
+}
+
+
+/****************************************************************************
+send a tree disconnect
+****************************************************************************/
+BOOL cli_tdis(struct cli_state *cli)
+{
+	memset(cli->outbuf,'\0',smb_size);
+	set_message(cli->outbuf,0,0,True);
+	SCVAL(cli->outbuf,smb_com,SMBtdis);
+	SSVAL(cli->outbuf,smb_tid,cli->cnum);
+	cli_setup_packet(cli);
+	
+	cli_send_smb(cli);
+	if (!cli_receive_smb(cli))
+		return False;
+	
+	return !cli_is_error(cli);
+}
+
+
+/****************************************************************************
+send a negprot command
+****************************************************************************/
+void cli_negprot_send(struct cli_state *cli)
+{
+	char *p;
+	int numprots;
+
+	memset(cli->outbuf,'\0',smb_size);
+
+	/* setup the protocol strings */
+	set_message(cli->outbuf,0,0,True);
+
+	p = smb_buf(cli->outbuf);
+	for (numprots=0;
+	     prots[numprots].name && prots[numprots].prot<=cli->protocol;
+	     numprots++) {
+		*p++ = 2;
+		p += clistr_push(cli, p, prots[numprots].name, -1, STR_TERMINATE);
+	}
+
+	SCVAL(cli->outbuf,smb_com,SMBnegprot);
+	cli_setup_bcc(cli, p);
+	cli_setup_packet(cli);
+
+	SCVAL(smb_buf(cli->outbuf),0,2);
+
+	cli_send_smb(cli);
+}
+
+
+/****************************************************************************
+send a negprot command
+****************************************************************************/
+BOOL cli_negprot(struct cli_state *cli)
+{
+	char *p;
+	int numprots;
+	int plength;
+
+	memset(cli->outbuf,'\0',smb_size);
+
+	/* setup the protocol strings */
+	for (plength=0,numprots=0;
+	     prots[numprots].name && prots[numprots].prot<=cli->protocol;
+	     numprots++)
+		plength += strlen(prots[numprots].name)+2;
+    
+	set_message(cli->outbuf,0,plength,True);
+
+	p = smb_buf(cli->outbuf);
+	for (numprots=0;
+	     prots[numprots].name && prots[numprots].prot<=cli->protocol;
+	     numprots++) {
+		*p++ = 2;
+		p += clistr_push(cli, p, prots[numprots].name, -1, STR_TERMINATE);
+	}
+
+	SCVAL(cli->outbuf,smb_com,SMBnegprot);
+	cli_setup_packet(cli);
+
+	SCVAL(smb_buf(cli->outbuf),0,2);
+
+	cli_send_smb(cli);
+	if (!cli_receive_smb(cli))
+		return False;
+
+	show_msg(cli->inbuf);
+
+	if (cli_is_error(cli) ||
+	    ((int)SVAL(cli->inbuf,smb_vwv0) >= numprots)) {
+		return(False);
+	}
+
+	cli->protocol = prots[SVAL(cli->inbuf,smb_vwv0)].prot;
+
+	if (cli->protocol >= PROTOCOL_NT1) {    
+		/* NT protocol */
+		cli->sec_mode = CVAL(cli->inbuf,smb_vwv1);
+		cli->max_mux = SVAL(cli->inbuf, smb_vwv1+1);
+		cli->max_xmit = IVAL(cli->inbuf,smb_vwv3+1);
+		cli->sesskey = IVAL(cli->inbuf,smb_vwv7+1);
+		cli->serverzone = SVALS(cli->inbuf,smb_vwv15+1);
+		cli->serverzone *= 60;
+		/* this time arrives in real GMT */
+		cli->servertime = interpret_long_date(cli->inbuf+smb_vwv11+1);
+		cli->secblob = data_blob(smb_buf(cli->inbuf),smb_buflen(cli->inbuf));
+		cli->capabilities = IVAL(cli->inbuf,smb_vwv9+1);
+		if (cli->capabilities & CAP_RAW_MODE) {
+			cli->readbraw_supported = True;
+			cli->writebraw_supported = True;      
+		}
+		/* work out if they sent us a workgroup */
+		if (!(cli->capabilities & CAP_EXTENDED_SECURITY) &&
+		    smb_buflen(cli->inbuf) > 8) {
+			clistr_pull(cli, cli->server_domain, 
+				    smb_buf(cli->inbuf)+8, sizeof(cli->server_domain),
+				    smb_buflen(cli->inbuf)-8, STR_UNICODE|STR_NOALIGN);
+		}
+	} else if (cli->protocol >= PROTOCOL_LANMAN1) {
+		cli->sec_mode = SVAL(cli->inbuf,smb_vwv1);
+		cli->max_xmit = SVAL(cli->inbuf,smb_vwv2);
+		cli->sesskey = IVAL(cli->inbuf,smb_vwv6);
+		cli->serverzone = SVALS(cli->inbuf,smb_vwv10);
+		cli->serverzone *= 60;
+		/* this time is converted to GMT by make_unix_date */
+		cli->servertime = make_unix_date(cli->inbuf+smb_vwv8);
+		cli->readbraw_supported = ((SVAL(cli->inbuf,smb_vwv5) & 0x1) != 0);
+		cli->writebraw_supported = ((SVAL(cli->inbuf,smb_vwv5) & 0x2) != 0);
+		cli->secblob = data_blob(smb_buf(cli->inbuf),smb_buflen(cli->inbuf));
+	} else {
+		/* the old core protocol */
+		cli->sec_mode = 0;
+		cli->serverzone = TimeDiff(time(NULL));
+	}
+
+	cli->max_xmit = MIN(cli->max_xmit, CLI_BUFFER_SIZE);
+
+	/* a way to force ascii SMB */
+	if (getenv("CLI_FORCE_ASCII")) {
+		cli->capabilities &= ~CAP_UNICODE;
+	}
+
+	return True;
+}
+
+
+/****************************************************************************
+  send a session request.  see rfc1002.txt 4.3 and 4.3.2
+****************************************************************************/
+BOOL cli_session_request(struct cli_state *cli,
+			 struct nmb_name *calling, struct nmb_name *called)
+{
+	char *p;
+	int len = 4;
+	extern pstring user_socket_options;
+
+	/* 445 doesn't have session request */
+	if (cli->port == 445) return True;
+
+	/* send a session request (RFC 1002) */
+	memcpy(&(cli->calling), calling, sizeof(*calling));
+	memcpy(&(cli->called ), called , sizeof(*called ));
+  
+	/* put in the destination name */
+	p = cli->outbuf+len;
+	name_mangle(cli->called .name, p, cli->called .name_type);
+	len += name_len(p);
+
+	/* and my name */
+	p = cli->outbuf+len;
+	name_mangle(cli->calling.name, p, cli->calling.name_type);
+	len += name_len(p);
+
+	/* setup the packet length */
+	_smb_setlen(cli->outbuf,len);
+	SCVAL(cli->outbuf,0,0x81);
+
+#ifdef WITH_SSL
+retry:
+#endif /* WITH_SSL */
+
+	cli_send_smb(cli);
+	DEBUG(5,("Sent session request\n"));
+
+	if (!cli_receive_smb(cli))
+		return False;
+
+	if (CVAL(cli->inbuf,0) == 0x84) {
+		/* C. Hoch  9/14/95 Start */
+		/* For information, here is the response structure.
+		 * We do the byte-twiddling to for portability.
+		struct RetargetResponse{
+		unsigned char type;
+		unsigned char flags;
+		int16 length;
+		int32 ip_addr;
+		int16 port;
+		};
+		*/
+		int port = (CVAL(cli->inbuf,8)<<8)+CVAL(cli->inbuf,9);
+		/* SESSION RETARGET */
+		putip((char *)&cli->dest_ip,cli->inbuf+4);
+
+		cli->fd = open_socket_out(SOCK_STREAM, &cli->dest_ip, port, LONG_CONNECT_TIMEOUT);
+		if (cli->fd == -1)
+			return False;
+
+		DEBUG(3,("Retargeted\n"));
+
+		set_socket_options(cli->fd,user_socket_options);
+
+		/* Try again */
+		{
+			static int depth;
+			BOOL ret;
+			if (depth > 4) {
+				DEBUG(0,("Retarget recursion - failing\n"));
+				return False;
+			}
+			depth++;
+			ret = cli_session_request(cli, calling, called);
+			depth--;
+			return ret;
+		}
+	} /* C. Hoch 9/14/95 End */
+
+#ifdef WITH_SSL
+    if (CVAL(cli->inbuf,0) == 0x83 && CVAL(cli->inbuf,4) == 0x8e){ /* use ssl */
+        if (!sslutil_fd_is_ssl(cli->fd)){
+            if (sslutil_connect(cli->fd) == 0)
+                goto retry;
+        }
+    }
+#endif /* WITH_SSL */
+
+	if (CVAL(cli->inbuf,0) != 0x82) {
+                /* This is the wrong place to put the error... JRA. */
+		cli->rap_error = CVAL(cli->inbuf,4);
+		return False;
+	}
+	return(True);
+}
+
+/****************************************************************************
+open the client sockets
+****************************************************************************/
+BOOL cli_connect(struct cli_state *cli, const char *host, struct in_addr *ip)
+{
+	extern pstring user_socket_options;
+	int name_type = 0x20;
+	char *p;
+
+	/* reasonable default hostname */
+	if (!host) host = "*SMBSERVER";
+
+	fstrcpy(cli->desthost, host);
+
+	/* allow hostnames of the form NAME#xx and do a netbios lookup */
+	if ((p = strchr(cli->desthost, '#'))) {
+		name_type = strtol(p+1, NULL, 16);		
+		*p = 0;
+	}
+	
+	if (!ip || is_zero_ip(*ip)) {
+                if (!resolve_name(cli->desthost, &cli->dest_ip, name_type)) {
+                        return False;
+                }
+		if (ip) *ip = cli->dest_ip;
+	} else {
+		cli->dest_ip = *ip;
+	}
+
+	if (getenv("LIBSMB_PROG")) {
+		cli->fd = sock_exec(getenv("LIBSMB_PROG"));
+	} else {
+		/* try 445 first, then 139 */
+		int port = cli->port?cli->port:445;
+		cli->fd = open_socket_out(SOCK_STREAM, &cli->dest_ip, 
+					  port, cli->timeout);
+		if (cli->fd == -1 && cli->port == 0) {
+			port = 139;
+			cli->fd = open_socket_out(SOCK_STREAM, &cli->dest_ip, 
+						  port, cli->timeout);
+		}
+		if (cli->fd != -1) cli->port = port;
+	}
+	if (cli->fd == -1) {
+		DEBUG(1,("Error connecting to %s (%s)\n",
+			 inet_ntoa(*ip),strerror(errno)));
+		return False;
+	}
+
+	set_socket_options(cli->fd,user_socket_options);
+
+	return True;
+}
+
+/****************************************************************************
+establishes a connection right up to doing tconX, password in cache.
+****************************************************************************/
+BOOL cli_establish_connection(struct cli_state *cli, 
+				char *dest_host, struct in_addr *dest_ip,
+				struct nmb_name *calling, struct nmb_name *called,
+				char *service, char *service_type,
+				BOOL do_shutdown, BOOL do_tcon)
+{
+	DEBUG(5,("cli_establish_connection: %s connecting to %s (%s) - %s [%s]\n",
+		          nmb_namestr(calling), nmb_namestr(called), inet_ntoa(*dest_ip),
+	              cli->user_name, cli->domain));
+
+	/* establish connection */
+
+	if ((!cli->initialised))
+	{
+		return False;
+	}
+
+	/* cli_establish_connection() can't handle spnego yet. Once we get rid of
+	   pwd_cache and other horrors we can get rid of this */
+	cli->use_spnego = False;
+
+	if (cli->fd == -1)
+	{
+		if (!cli_connect(cli, dest_host, dest_ip))
+		{
+			DEBUG(1,("cli_establish_connection: failed to connect to %s (%s)\n",
+					  nmb_namestr(called), inet_ntoa(*dest_ip)));
+			return False;
+		}
+	}
+
+	if (!cli_session_request(cli, calling, called))
+	{
+		DEBUG(1,("failed session request\n"));
+		if (do_shutdown)
+			cli_shutdown(cli);
+		return False;
+	}
+
+	if (!cli_negprot(cli))
+	{
+		DEBUG(1,("failed negprot\n"));
+		if (do_shutdown)
+          		cli_shutdown(cli);
+		return False;
+	}
+
+	if (cli->pwd.cleartext || cli->pwd.null_pwd)
+	{
+		fstring passwd;
+		int pass_len;
+
+		if (cli->pwd.null_pwd)
+		{
+			/* attempt null session */
+			passwd[0] = 0;
+			pass_len = 1;
+		}
+		else
+		{
+			/* attempt clear-text session */
+			pwd_get_cleartext(&(cli->pwd), passwd);
+			pass_len = strlen(passwd);
+		}
+
+		/* attempt clear-text session */
+		if (!cli_session_setup(cli, cli->user_name,
+	                       passwd, pass_len,
+	                       NULL, 0,
+	                       cli->domain))
+		{
+			DEBUG(1,("failed session setup\n"));
+			if (do_shutdown)
+			{
+				cli_shutdown(cli);
+			}
+			return False;
+		}
+		if (do_tcon)
+		{
+			if (!cli_send_tconX(cli, service, service_type,
+			                    (char*)passwd, strlen(passwd)))
+			{
+				DEBUG(1,("failed tcon_X\n"));
+				if (do_shutdown)
+				{
+					cli_shutdown(cli);
+				}
+				return False;
+			}
+		}
+	}
+	else
+	{
+		/* attempt encrypted session */
+		unsigned char nt_sess_pwd[24];
+		unsigned char lm_sess_pwd[24];
+
+		/* creates (storing a copy of) and then obtains a 24 byte password OWF */
+		pwd_make_lm_nt_owf(&(cli->pwd), cli->secblob.data);
+		pwd_get_lm_nt_owf(&(cli->pwd), lm_sess_pwd, nt_sess_pwd);
+
+		/* attempt encrypted session */
+		if (!cli_session_setup(cli, cli->user_name,
+	                       (char*)lm_sess_pwd, sizeof(lm_sess_pwd),
+	                       (char*)nt_sess_pwd, sizeof(nt_sess_pwd),
+	                       cli->domain))
+		{
+			DEBUG(1,("failed session setup\n"));
+			if (do_shutdown)
+		              cli_shutdown(cli);
+			return False;
+		}
+
+    		DEBUG(1,("session setup ok\n"));
+    
+    		if (*cli->server_domain || *cli->server_os || *cli->server_type)
+    		{
+    			DEBUG(1,("Domain=[%s] OS=[%s] Server=[%s]\n",
+				 cli->server_domain,
+				 cli->server_os,
+				 cli->server_type));
+    		}
+		
+		if (do_tcon)
+		{
+			if (!cli_send_tconX(cli, service, service_type,
+			                    (char*)nt_sess_pwd, sizeof(nt_sess_pwd)))
+			{
+				DEBUG(1,("failed tcon_X\n"));
+				if (do_shutdown)
+					cli_shutdown(cli);
+				return False;
+			}
+		}
+	}
+
+	if (do_shutdown)
+		cli_shutdown(cli);
+
+	return True;
+}
+
+/* Initialise client credentials for authenticated pipe access */
+
+static void init_creds(struct ntuser_creds *creds, char* username,
+		       char* domain, char* password, int pass_len)
+{
+	ZERO_STRUCTP(creds);
+
+	pwd_set_cleartext(&creds->pwd, password);
+
+	fstrcpy(creds->user_name, username);
+	fstrcpy(creds->domain, domain);
+
+	if (!*username) {
+		creds->pwd.null_pwd = True;
+	}
+}
+
+/****************************************************************************
+establishes a connection right up to doing tconX, password specified.
+****************************************************************************/
+NTSTATUS cli_full_connection(struct cli_state **output_cli, 
+			     const char *my_name, const char *dest_host, 
+			     struct in_addr *dest_ip, int port,
+			     char *service, char *service_type,
+			     char *user, char *domain, 
+			     char *password, int pass_len) 
+{
+	struct ntuser_creds creds;
+	NTSTATUS nt_status;
+	struct nmb_name calling;
+	struct nmb_name called;
+	struct cli_state *cli;
+	struct in_addr ip;
+	
+	if (!output_cli)
+		DEBUG(0, ("output_cli is NULL!?!"));
+
+	*output_cli = NULL;
+	
+	make_nmb_name(&calling, my_name, 0x0);
+	make_nmb_name(&called , dest_host, 0x20);
+
+again:
+
+	if (!(cli = cli_initialise(NULL)))
+		return NT_STATUS_NO_MEMORY;
+	
+	if (cli_set_port(cli, port) != port) {
+		cli_shutdown(cli);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	ip = *dest_ip;
+	
+	DEBUG(3,("Connecting to host=%s share=%s\n", dest_host, service));
+	
+	if (!cli_connect(cli, dest_host, &ip)) {
+		DEBUG(1,("cli_establish_connection: failed to connect to %s (%s)\n",
+			 nmb_namestr(&called), inet_ntoa(*dest_ip)));
+		cli_shutdown(cli);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	if (!cli_session_request(cli, &calling, &called)) {
+		char *p;
+		DEBUG(1,("session request to %s failed (%s)\n", 
+			 called.name, cli_errstr(cli)));
+		cli_shutdown(cli);
+		if ((p=strchr(called.name, '.'))) {
+			*p = 0;
+			goto again;
+		}
+		if (strcmp(called.name, "*SMBSERVER")) {
+			make_nmb_name(&called , "*SMBSERVER", 0x20);
+			goto again;
+		}
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	if (!cli_negprot(cli)) {
+		DEBUG(1,("failed negprot\n"));
+		nt_status = NT_STATUS_UNSUCCESSFUL;
+		cli_shutdown(cli);
+		return nt_status;
+	}
+
+	if (!cli_session_setup(cli, user, password, pass_len, password, pass_len, 
+			       domain)) {
+		DEBUG(1,("failed session setup\n"));
+		nt_status = cli_nt_error(cli);
+		cli_shutdown(cli);
+		if (NT_STATUS_IS_OK(nt_status)) 
+			nt_status = NT_STATUS_UNSUCCESSFUL;
+		return nt_status;
+	} 
+
+	if (service) {
+		if (!cli_send_tconX(cli, service, service_type,
+				    (char*)password, pass_len)) {
+			DEBUG(1,("failed tcon_X\n"));
+			nt_status = cli_nt_error(cli);
+			cli_shutdown(cli);
+			if (NT_STATUS_IS_OK(nt_status)) 
+				nt_status = NT_STATUS_UNSUCCESSFUL;
+			return nt_status;
+		}
+	}
+
+	init_creds(&creds, user, domain, password, pass_len);
+	cli_init_creds(cli, &creds);
+
+	*output_cli = cli;
+	return NT_STATUS_OK;
+}
+
+/****************************************************************************
+ Attempt a NetBIOS session request, falling back to *SMBSERVER if needed.
+****************************************************************************/
+
+BOOL attempt_netbios_session_request(struct cli_state *cli, char *srchost, char *desthost,
+                                     struct in_addr *pdest_ip)
+{
+  struct nmb_name calling, called;
+
+  make_nmb_name(&calling, srchost, 0x0);
+
+  /*
+   * If the called name is an IP address
+   * then use *SMBSERVER immediately.
+   */
+
+  if(is_ipaddress(desthost))
+    make_nmb_name(&called, "*SMBSERVER", 0x20);
+  else
+    make_nmb_name(&called, desthost, 0x20);
+
+  if (!cli_session_request(cli, &calling, &called)) {
+    struct nmb_name smbservername;
+
+    make_nmb_name(&smbservername , "*SMBSERVER", 0x20);
+
+    /*
+     * If the name wasn't *SMBSERVER then
+     * try with *SMBSERVER if the first name fails.
+     */
+
+    if (nmb_name_equal(&called, &smbservername)) {
+
+        /*
+         * The name used was *SMBSERVER, don't bother with another name.
+         */
+
+        DEBUG(0,("attempt_netbios_session_request: %s rejected the session for name *SMBSERVER \
+with error %s.\n", desthost, cli_errstr(cli) ));
+	cli_shutdown(cli);
+	return False;
+    }
+
+    cli_shutdown(cli);
+
+    if (!cli_initialise(cli) ||
+        !cli_connect(cli, desthost, pdest_ip) ||
+        !cli_session_request(cli, &calling, &smbservername)) {
+          DEBUG(0,("attempt_netbios_session_request: %s rejected the session for \
+name *SMBSERVER with error %s\n", desthost, cli_errstr(cli) ));
+          cli_shutdown(cli);
+          return False;
+    }
+  }
+
+  return True;
+}
+
+
diff --git a/source3/libsmb/clidgram.c b/source3/libsmb/clidgram.c
new file mode 100644
index 0000000000..8f4bdf7be6
--- /dev/null
+++ b/source3/libsmb/clidgram.c
@@ -0,0 +1,267 @@
+/* 
+   Unix SMB/CIFS implementation.
+   client dgram calls
+   Copyright (C) Andrew Tridgell 1994-1998
+   Copyright (C) Richard Sharpe 2001
+   Copyright (C) John Terpstra 2001
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/*
+ * cli_send_mailslot, send a mailslot for client code ...
+ */
+
+int cli_send_mailslot(int dgram_sock, BOOL unique, char *mailslot, 
+		      char *buf, int len,
+		      const char *srcname, int src_type, 
+		      const char *dstname, int dest_type,
+		      struct in_addr dest_ip, struct in_addr src_ip,
+		      int dest_port, int src_port)
+{
+  struct packet_struct p;
+  struct dgram_packet *dgram = &p.packet.dgram;
+  char *ptr, *p2;
+  char tmp[4];
+
+  memset((char *)&p, '\0', sizeof(p));
+
+  /*
+   * Next, build the DGRAM ...
+   */
+
+  /* DIRECT GROUP or UNIQUE datagram. */
+  dgram->header.msg_type = unique ? 0x10 : 0x11; 
+  dgram->header.flags.node_type = M_NODE;
+  dgram->header.flags.first = True;
+  dgram->header.flags.more = False;
+  dgram->header.dgm_id = ((unsigned)time(NULL)%(unsigned)0x7FFF) + ((unsigned)sys_getpid()%(unsigned)100);
+  dgram->header.source_ip.s_addr = src_ip.s_addr;
+  dgram->header.source_port = ntohs(src_port);
+  dgram->header.dgm_length = 0; /* Let build_dgram() handle this. */
+  dgram->header.packet_offset = 0;
+  
+  make_nmb_name(&dgram->source_name,srcname,src_type);
+  make_nmb_name(&dgram->dest_name,dstname,dest_type);
+
+  ptr = &dgram->data[0];
+
+  /* Setup the smb part. */
+  ptr -= 4; /* XXX Ugliness because of handling of tcp SMB length. */
+  memcpy(tmp,ptr,4);
+  set_message(ptr,17,17 + len,True);
+  memcpy(ptr,tmp,4);
+
+  SCVAL(ptr,smb_com,SMBtrans);
+  SSVAL(ptr,smb_vwv1,len);
+  SSVAL(ptr,smb_vwv11,len);
+  SSVAL(ptr,smb_vwv12,70 + strlen(mailslot));
+  SSVAL(ptr,smb_vwv13,3);
+  SSVAL(ptr,smb_vwv14,1);
+  SSVAL(ptr,smb_vwv15,1);
+  SSVAL(ptr,smb_vwv16,2);
+  p2 = smb_buf(ptr);
+  pstrcpy(p2,mailslot);
+  p2 = skip_string(p2,1);
+
+  memcpy(p2,buf,len);
+  p2 += len;
+
+  dgram->datasize = PTR_DIFF(p2,ptr+4); /* +4 for tcp length. */
+
+  p.ip = dest_ip;
+  p.port = dest_port;
+  p.fd = dgram_sock;
+  p.timestamp = time(NULL);
+  p.packet_type = DGRAM_PACKET;
+
+  DEBUG(4,("send_mailslot: Sending to mailslot %s from %s IP %s ", mailslot,
+                    nmb_namestr(&dgram->source_name), inet_ntoa(src_ip)));
+  DEBUG(4,("to %s IP %s\n", nmb_namestr(&dgram->dest_name), inet_ntoa(dest_ip)));
+
+  return send_packet(&p);
+
+}
+
+/*
+ * cli_get_response: Get a response ...
+ */
+int cli_get_response(int dgram_sock, BOOL unique, char *mailslot, char *buf, int bufsiz)
+{
+  struct packet_struct *packet;
+
+  packet = receive_dgram_packet(dgram_sock, 5, mailslot);
+
+  if (packet) { /* We got one, pull what we want out of the SMB data ... */
+
+    struct dgram_packet *dgram = &packet->packet.dgram;
+
+    /*
+     * We should probably parse the SMB, but for now, we will pull what
+     * from fixed, known locations ...
+     */
+
+    /* Copy the data to buffer, respecting sizes ... */
+
+    memcpy(buf, &dgram->data[92], MIN(bufsiz, (dgram->datasize - 92)));
+
+  }
+  else 
+    return -1;
+
+  return 0;
+
+}
+
+/*
+ * cli_get_backup_list: Send a get backup list request ...
+ */
+
+static char cli_backup_list[1024];
+
+int cli_get_backup_list(const char *myname, const char *send_to_name)
+{
+  char outbuf[15];
+  char *p;
+  struct in_addr sendto_ip, my_ip;
+  int dgram_sock;
+  struct sockaddr_in sock_out;
+  socklen_t name_size;
+
+  if (!resolve_name(send_to_name, &sendto_ip, 0x1d)) {
+
+    DEBUG(0, ("Could not resolve name: %s<1D>\n", send_to_name));
+    return False;
+
+  }
+
+  my_ip.s_addr = inet_addr("0.0.0.0");
+ 
+  if (!resolve_name(myname, &my_ip, 0x00)) { /* FIXME: Call others here */
+
+    DEBUG(0, ("Could not resolve name: %s<00>\n", myname));
+
+  }
+
+  if ((dgram_sock = open_socket_out(SOCK_DGRAM, &sendto_ip, 138, LONG_CONNECT_TIMEOUT)) < 0) {
+
+    DEBUG(4, ("open_sock_out failed ..."));
+    return False;
+
+  }
+
+  /* Make it a broadcast socket ... */
+
+  set_socket_options(dgram_sock, "SO_BROADCAST");
+
+  /* Make it non-blocking??? */
+
+  if (fcntl(dgram_sock, F_SETFL, O_NONBLOCK) < 0) {
+
+    DEBUG(0, ("Unable to set non blocking on dgram sock\n"));
+
+  }
+
+  /* Now, bind a local addr to it ... Try port 138 first ... */
+
+  memset((char *)&sock_out, '\0', sizeof(sock_out));
+  sock_out.sin_addr.s_addr = INADDR_ANY;
+  sock_out.sin_port = htons(138);
+  sock_out.sin_family = AF_INET;
+
+  if (bind(dgram_sock, (struct sockaddr *)&sock_out, sizeof(sock_out)) < 0) {
+
+    /* Try again on any port ... */
+
+    sock_out.sin_port = INADDR_ANY;
+
+    if (bind(dgram_sock, (struct sockaddr *)&sock_out, sizeof(sock_out)) < 0) {
+
+      DEBUG(4, ("failed to bind socket to address ...\n"));
+      return False;
+	
+    }
+
+  }
+
+  /* Now, figure out what socket name we were bound to. We want the port */
+
+  name_size = sizeof(sock_out);
+
+  getsockname(dgram_sock, (struct sockaddr *)&sock_out, &name_size);
+
+  DEBUG(5, ("Socket bound to IP:%s, port: %d\n", inet_ntoa(sock_out.sin_addr), ntohs(sock_out.sin_port)));
+
+  /* Now, build the request */
+
+  memset(cli_backup_list, '\0', sizeof(cli_backup_list));
+  memset(outbuf, '\0', sizeof(outbuf));
+
+  p = outbuf;
+
+  SCVAL(p, 0, ANN_GetBackupListReq);
+  p++;
+
+  SCVAL(p, 0, 1); /* Count pointer ... */
+  p++;
+
+  SIVAL(p, 0, 1); /* The sender's token ... */
+  p += 4;
+
+  cli_send_mailslot(dgram_sock, True, "\\MAILSLOT\\BROWSE", outbuf, 
+		    PTR_DIFF(p, outbuf), myname, 0, send_to_name, 
+		    0x1d, sendto_ip, my_ip, 138, sock_out.sin_port);
+
+  /* We should check the error and return if we got one */
+
+  /* Now, get the response ... */
+
+  cli_get_response(dgram_sock, True, "\\MAILSLOT\\BROWSE", cli_backup_list, sizeof(cli_backup_list));
+
+  /* Should check the response here ... FIXME */
+
+  close(dgram_sock);
+
+  return True;
+
+}
+
+/*
+ * cli_get_backup_server: Get the backup list and retrieve a server from it
+ */
+
+int cli_get_backup_server(char *my_name, char *target, char *servername, int namesize)
+{
+
+  /* Get the backup list first. We could pull this from the cache later */
+
+  cli_get_backup_list(my_name, target);  /* FIXME: Check the response */
+
+  if (!cli_backup_list[0]) { /* Empty list ... try again */
+
+    cli_get_backup_list(my_name, target);
+
+  }
+
+  strncpy(servername, cli_backup_list, MIN(16, namesize));
+
+  return True;
+
+}
+
+
+
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
new file mode 100644
index 0000000000..ba7a327344
--- /dev/null
+++ b/source3/libsmb/clientgen.c
@@ -0,0 +1,280 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB client generic functions
+   Copyright (C) Andrew Tridgell 1994-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#define NO_SYSLOG
+
+#include "includes.h"
+
+/*
+ * Change the port number used to call on 
+ */
+int cli_set_port(struct cli_state *cli, int port)
+{
+	cli->port = port;
+	return port;
+}
+
+/****************************************************************************
+recv an smb
+****************************************************************************/
+BOOL cli_receive_smb(struct cli_state *cli)
+{
+	BOOL ret;
+
+	/* fd == -1 causes segfaults -- Tom (tom@ninja.nl) */
+	if (cli->fd == -1) return False; 
+
+ again:
+	ret = client_receive_smb(cli->fd,cli->inbuf,cli->timeout);
+	
+	if (ret) {
+		/* it might be an oplock break request */
+		if (!(CVAL(cli->inbuf, smb_flg) & FLAG_REPLY) &&
+		    CVAL(cli->inbuf,smb_com) == SMBlockingX &&
+		    SVAL(cli->inbuf,smb_vwv6) == 0 &&
+		    SVAL(cli->inbuf,smb_vwv7) == 0) {
+			if (cli->oplock_handler) {
+				int fnum = SVAL(cli->inbuf,smb_vwv2);
+				unsigned char level = CVAL(cli->inbuf,smb_vwv3+1);
+				if (!cli->oplock_handler(cli, fnum, level)) return False;
+			}
+			/* try to prevent loops */
+			SCVAL(cli->inbuf,smb_com,0xFF);
+			goto again;
+		}
+	}
+
+        /* If the server is not responding, note that now */
+
+        if (!ret) {
+                close(cli->fd);
+                cli->fd = -1;
+        }
+
+	return ret;
+}
+
+/****************************************************************************
+  send an smb to a fd.
+****************************************************************************/
+
+BOOL cli_send_smb(struct cli_state *cli)
+{
+	size_t len;
+	size_t nwritten=0;
+	ssize_t ret;
+
+	/* fd == -1 causes segfaults -- Tom (tom@ninja.nl) */
+	if (cli->fd == -1) return False;
+
+	len = smb_len(cli->outbuf) + 4;
+
+	while (nwritten < len) {
+		ret = write_socket(cli->fd,cli->outbuf+nwritten,len - nwritten);
+		if (ret <= 0) {
+                        close(cli->fd);
+                        cli->fd = -1;
+			DEBUG(0,("Error writing %d bytes to client. %d\n",
+				 (int)len,(int)ret));
+			return False;
+		}
+		nwritten += ret;
+	}
+	
+	return True;
+}
+
+/****************************************************************************
+setup basics in a outgoing packet
+****************************************************************************/
+void cli_setup_packet(struct cli_state *cli)
+{
+        cli->rap_error = 0;
+	SSVAL(cli->outbuf,smb_pid,cli->pid);
+	SSVAL(cli->outbuf,smb_uid,cli->vuid);
+	SSVAL(cli->outbuf,smb_mid,cli->mid);
+	if (cli->protocol > PROTOCOL_CORE) {
+		uint16 flags2;
+		SCVAL(cli->outbuf,smb_flg,0x8);
+		flags2 = FLAGS2_LONG_PATH_COMPONENTS;
+		if (cli->capabilities & CAP_UNICODE) {
+			flags2 |= FLAGS2_UNICODE_STRINGS;
+		}
+		if (cli->capabilities & CAP_STATUS32) {
+			flags2 |= FLAGS2_32_BIT_ERROR_CODES;
+		}
+		if (cli->use_spnego) {
+			flags2 |= FLAGS2_EXTENDED_SECURITY;
+		}
+		SSVAL(cli->outbuf,smb_flg2, flags2);
+	}
+}
+
+/****************************************************************************
+setup the bcc length of the packet from a pointer to the end of the data
+****************************************************************************/
+void cli_setup_bcc(struct cli_state *cli, void *p)
+{
+	set_message_bcc(cli->outbuf, PTR_DIFF(p, smb_buf(cli->outbuf)));
+}
+
+
+
+/****************************************************************************
+initialise credentials of a client structure
+****************************************************************************/
+void cli_init_creds(struct cli_state *cli, const struct ntuser_creds *usr)
+{
+        /* copy_nt_creds(&cli->usr, usr); */
+	safe_strcpy(cli->domain   , usr->domain   , sizeof(usr->domain   )-1);
+	safe_strcpy(cli->user_name, usr->user_name, sizeof(usr->user_name)-1);
+	memcpy(&cli->pwd, &usr->pwd, sizeof(usr->pwd));
+        cli->ntlmssp_flags = usr->ntlmssp_flags;
+        cli->ntlmssp_cli_flgs = usr != NULL ? usr->ntlmssp_flags : 0;
+
+        DEBUG(10,("cli_init_creds: user %s domain %s flgs: %x\nntlmssp_cli_flgs:%x\n",
+               cli->user_name, cli->domain,
+               cli->ntlmssp_flags,cli->ntlmssp_cli_flgs));
+}
+
+
+/****************************************************************************
+initialise a client structure
+****************************************************************************/
+struct cli_state *cli_initialise(struct cli_state *cli)
+{
+        BOOL alloced_cli = False;
+
+	/* Check the effective uid - make sure we are not setuid */
+	if (is_setuid_root()) {
+		DEBUG(0,("libsmb based programs must *NOT* be setuid root.\n"));
+		return NULL;
+	}
+
+	if (!cli) {
+		cli = (struct cli_state *)malloc(sizeof(*cli));
+		if (!cli)
+			return NULL;
+		ZERO_STRUCTP(cli);
+                alloced_cli = True;
+	}
+
+	if (cli->initialised) {
+		cli_shutdown(cli);
+	}
+
+	ZERO_STRUCTP(cli);
+
+	cli->port = 0;
+	cli->fd = -1;
+	cli->cnum = -1;
+	cli->pid = (uint16)sys_getpid();
+	cli->mid = 1;
+	cli->vuid = UID_FIELD_INVALID;
+	cli->protocol = PROTOCOL_NT1;
+	cli->timeout = 20000; /* Timeout is in milliseconds. */
+	cli->bufsize = CLI_BUFFER_SIZE+4;
+	cli->max_xmit = cli->bufsize;
+	cli->outbuf = (char *)malloc(cli->bufsize);
+	cli->inbuf = (char *)malloc(cli->bufsize);
+	cli->oplock_handler = cli_oplock_ack;
+	cli->use_spnego = True;
+
+	/* Set the CLI_FORCE_DOSERR environment variable to test
+	   client routines using DOS errors instead of STATUS32
+	   ones.  This intended only as a temporary hack. */	
+	if (getenv("CLI_FORCE_DOSERR")) {
+		cli->force_dos_errors = True;
+	}
+
+	if (!cli->outbuf || !cli->inbuf)
+                goto error;
+
+	if ((cli->mem_ctx = talloc_init_named("cli based talloc")) == NULL)
+                goto error;
+
+	memset(cli->outbuf, 0, cli->bufsize);
+	memset(cli->inbuf, 0, cli->bufsize);
+
+	cli->nt_pipe_fnum = 0;
+
+	cli->initialised = 1;
+	cli->allocated = alloced_cli;
+
+	return cli;
+
+        /* Clean up after malloc() error */
+
+ error:
+
+        SAFE_FREE(cli->inbuf);
+        SAFE_FREE(cli->outbuf);
+
+        if (alloced_cli)
+                SAFE_FREE(cli);
+
+        return NULL;
+}
+
+/****************************************************************************
+shutdown a client structure
+****************************************************************************/
+void cli_shutdown(struct cli_state *cli)
+{
+	BOOL allocated;
+	SAFE_FREE(cli->outbuf);
+	SAFE_FREE(cli->inbuf);
+
+	data_blob_free(&cli->secblob);
+
+	if (cli->mem_ctx)
+		talloc_destroy(cli->mem_ctx);
+
+#ifdef WITH_SSL
+	if (cli->fd != -1)
+		sslutil_disconnect(cli->fd);
+#endif /* WITH_SSL */
+	if (cli->fd != -1) 
+		close(cli->fd);
+	allocated = cli->allocated;
+	ZERO_STRUCTP(cli);
+	if (allocated) {
+		free(cli);
+	} 
+}
+
+
+/****************************************************************************
+set socket options on a open connection
+****************************************************************************/
+void cli_sockopt(struct cli_state *cli, char *options)
+{
+	set_socket_options(cli->fd, options);
+}
+
+/****************************************************************************
+set the PID to use for smb messages. Return the old pid.
+****************************************************************************/
+uint16 cli_setpid(struct cli_state *cli, uint16 pid)
+{
+	uint16 ret = cli->pid;
+	cli->pid = pid;
+	return ret;
+}
diff --git a/source3/libsmb/clierror.c b/source3/libsmb/clierror.c
new file mode 100644
index 0000000000..591c04db22
--- /dev/null
+++ b/source3/libsmb/clierror.c
@@ -0,0 +1,281 @@
+/* 
+   Unix SMB/CIFS implementation.
+   client error handling routines
+   Copyright (C) Andrew Tridgell 1994-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#define NO_SYSLOG
+
+#include "includes.h"
+
+/*****************************************************
+ RAP error codes - a small start but will be extended.
+
+ XXX: Perhaps these should move into a common function because they're
+ duplicated in clirap2.c
+
+*******************************************************/
+
+static const struct
+{
+  int err;
+  char *message;
+} rap_errmap[] =
+{
+  {5,    "RAP5: User has insufficient privilege" },
+  {50,   "RAP50: Not supported by server" },
+  {65,   "RAP65: Access denied" },
+  {86,   "RAP86: The specified password is invalid" },
+  {2220, "RAP2220: Group does not exist" },
+  {2221, "RAP2221: User does not exist" },
+  {2226, "RAP2226: Operation only permitted on a Primary Domain Controller"  },
+  {2237, "RAP2237: User is not in group" },
+  {2242, "RAP2242: The password of this user has expired." },
+  {2243, "RAP2243: The password of this user cannot change." },
+  {2244, "RAP2244: This password cannot be used now (password history conflict)." },
+  {2245, "RAP2245: The password is shorter than required." },
+  {2246, "RAP2246: The password of this user is too recent to change."},
+
+  /* these really shouldn't be here ... */
+  {0x80, "Not listening on called name"},
+  {0x81, "Not listening for calling name"},
+  {0x82, "Called name not present"},
+  {0x83, "Called name present, but insufficient resources"},
+
+  {0, NULL}
+};  
+
+/****************************************************************************
+  return a description of an SMB error
+****************************************************************************/
+static char *cli_smb_errstr(struct cli_state *cli)
+{
+	return smb_dos_errstr(cli->inbuf);
+}
+
+/***************************************************************************
+ Return an error message - either an NT error, SMB error or a RAP error.
+ Note some of the NT errors are actually warnings or "informational" errors
+ in which case they can be safely ignored.
+****************************************************************************/
+    
+char *cli_errstr(struct cli_state *cli)
+{   
+	static fstring cli_error_message;
+	uint32 flgs2 = SVAL(cli->inbuf,smb_flg2), errnum;
+	uint8 errclass;
+	int i;
+
+	if (!cli->initialised) {
+		fstrcpy(cli_error_message, "[Programmer's error] cli_errstr called on unitialized cli_stat struct!\n");
+		return cli_error_message;
+	}
+
+	/* Case #1: RAP error */
+	if (cli->rap_error) {
+		for (i = 0; rap_errmap[i].message != NULL; i++) {
+			if (rap_errmap[i].err == cli->rap_error) {
+				return rap_errmap[i].message;
+			}
+		}
+
+		slprintf(cli_error_message, sizeof(cli_error_message) - 1, "RAP code %d",
+			cli->rap_error);
+
+		return cli_error_message;
+	}
+
+	/* Case #2: 32-bit NT errors */
+	if (flgs2 & FLAGS2_32_BIT_ERROR_CODES) {
+		NTSTATUS status = NT_STATUS(IVAL(cli->inbuf,smb_rcls));
+
+		return nt_errstr(status);
+        }
+
+	cli_dos_error(cli, &errclass, &errnum);
+
+	/* Case #3: SMB error */
+
+	return cli_smb_errstr(cli);
+}
+
+
+/* Return the 32-bit NT status code from the last packet */
+NTSTATUS cli_nt_error(struct cli_state *cli)
+{
+        int flgs2 = SVAL(cli->inbuf,smb_flg2);
+
+	if (!(flgs2 & FLAGS2_32_BIT_ERROR_CODES)) {
+		int class  = CVAL(cli->inbuf,smb_rcls);
+		int code  = SVAL(cli->inbuf,smb_err);
+		return dos_to_ntstatus(class, code);
+        }
+
+        return NT_STATUS(IVAL(cli->inbuf,smb_rcls));
+}
+
+
+/* Return the DOS error from the last packet - an error class and an error
+   code. */
+void cli_dos_error(struct cli_state *cli, uint8 *eclass, uint32 *ecode)
+{
+	int  flgs2;
+	char rcls;
+	int code;
+
+	if(!cli->initialised) return;
+
+	flgs2 = SVAL(cli->inbuf,smb_flg2);
+
+	if (flgs2 & FLAGS2_32_BIT_ERROR_CODES) {
+		NTSTATUS ntstatus = NT_STATUS(IVAL(cli->inbuf, smb_rcls));
+		ntstatus_to_dos(ntstatus, eclass, ecode);
+                return;
+        }
+
+	rcls  = CVAL(cli->inbuf,smb_rcls);
+	code  = SVAL(cli->inbuf,smb_err);
+
+	if (eclass) *eclass = rcls;
+	if (ecode) *ecode    = code;
+}
+
+/* Return a UNIX errno from a dos error class, error number tuple */
+
+int cli_errno_from_dos(uint8 eclass, uint32 num)
+{
+	if (eclass == ERRDOS) {
+		switch (num) {
+		case ERRbadfile: return ENOENT;
+		case ERRbadpath: return ENOTDIR;
+		case ERRnoaccess: return EACCES;
+		case ERRfilexists: return EEXIST;
+		case ERRrename: return EEXIST;
+		case ERRbadshare: return EBUSY;
+		case ERRlock: return EBUSY;
+		case ERRinvalidname: return ENOENT;
+		case ERRnosuchshare: return ENODEV;
+		}
+	}
+
+	if (eclass == ERRSRV) {
+		switch (num) {
+		case ERRbadpw: return EPERM;
+		case ERRaccess: return EACCES;
+		case ERRnoresource: return ENOMEM;
+		case ERRinvdevice: return ENODEV;
+		case ERRinvnetname: return ENODEV;
+		}
+	}
+
+	/* for other cases */
+	return EINVAL;
+}
+
+/* Return a UNIX errno from a NT status code */
+static struct {
+	NTSTATUS status;
+	int error;
+} nt_errno_map[] = {
+        {NT_STATUS_ACCESS_VIOLATION, EACCES},
+        {NT_STATUS_NO_SUCH_FILE, ENOENT},
+        {NT_STATUS_NO_SUCH_DEVICE, ENODEV},
+        {NT_STATUS_INVALID_HANDLE, EBADF},
+        {NT_STATUS_NO_MEMORY, ENOMEM},
+        {NT_STATUS_ACCESS_DENIED, EACCES},
+        {NT_STATUS_OBJECT_NAME_NOT_FOUND, ENOENT},
+        {NT_STATUS_SHARING_VIOLATION, EBUSY},
+        {NT_STATUS_OBJECT_PATH_INVALID, ENOTDIR},
+        {NT_STATUS_OBJECT_NAME_COLLISION, EEXIST},
+        {NT_STATUS_PATH_NOT_COVERED, ENOENT},
+	{NT_STATUS(0), 0}
+};
+
+int cli_errno_from_nt(NTSTATUS status)
+{
+	int i;
+        DEBUG(10,("cli_errno_from_nt: 32 bit codes: code=%08x\n", NT_STATUS_V(status)));
+
+        /* Status codes without this bit set are not errors */
+
+        if (!(NT_STATUS_V(status) & 0xc0000000))
+                return 0;
+
+	for (i=0;nt_errno_map[i].error;i++) {
+		if (NT_STATUS_V(nt_errno_map[i].status) ==
+		    NT_STATUS_V(status)) return nt_errno_map[i].error;
+	}
+
+        /* for all other cases - a default code */
+        return EINVAL;
+}
+
+/* Return a UNIX errno appropriate for the error received in the last
+   packet. */
+
+int cli_errno(struct cli_state *cli)
+{
+        NTSTATUS status;
+
+        if (cli_is_dos_error(cli)) {
+                uint8 eclass;
+                uint32 ecode;
+
+                cli_dos_error(cli, &eclass, &ecode);
+                return cli_errno_from_dos(eclass, ecode);
+        }
+
+        status = cli_nt_error(cli);
+
+        return cli_errno_from_nt(status);
+}
+
+/* Return true if the last packet was in error */
+
+BOOL cli_is_error(struct cli_state *cli)
+{
+	uint32 flgs2 = SVAL(cli->inbuf,smb_flg2), rcls = 0;
+
+        if (flgs2 & FLAGS2_32_BIT_ERROR_CODES) {
+                /* Return error is error bits are set */
+                rcls = IVAL(cli->inbuf, smb_rcls);
+                return (rcls & 0xF0000000) == 0xC0000000;
+        }
+                
+        /* Return error if error class in non-zero */
+
+        rcls = CVAL(cli->inbuf, smb_rcls);
+        return rcls != 0;
+}
+
+/* Return true if the last error was an NT error */
+
+BOOL cli_is_nt_error(struct cli_state *cli)
+{
+	uint32 flgs2 = SVAL(cli->inbuf,smb_flg2);
+
+        return cli_is_error(cli) && (flgs2 & FLAGS2_32_BIT_ERROR_CODES);
+}
+
+/* Return true if the last error was a DOS error */
+
+BOOL cli_is_dos_error(struct cli_state *cli)
+{
+	uint32 flgs2 = SVAL(cli->inbuf,smb_flg2);
+
+        return cli_is_error(cli) && !(flgs2 & FLAGS2_32_BIT_ERROR_CODES);
+}
diff --git a/source3/libsmb/clifile.c b/source3/libsmb/clifile.c
new file mode 100644
index 0000000000..05843ac5de
--- /dev/null
+++ b/source3/libsmb/clifile.c
@@ -0,0 +1,1051 @@
+/* 
+   Unix SMB/CIFS implementation.
+   client file operations
+   Copyright (C) Andrew Tridgell 1994-1998
+   Copyright (C) Jeremy Allison 2001-2002
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#define NO_SYSLOG
+
+#include "includes.h"
+
+/****************************************************************************
+ Hard/Symlink a file (UNIX extensions).
+****************************************************************************/
+
+static BOOL cli_link_internal(struct cli_state *cli, const char *fname_src, const char *fname_dst, BOOL hard_link)
+{
+	int data_len = 0;
+	int param_len = 0;
+	uint16 setup = TRANSACT2_SETPATHINFO;
+	char param[sizeof(pstring)+6];
+	pstring data;
+	char *rparam=NULL, *rdata=NULL;
+	char *p;
+
+	memset(param, 0, sizeof(param));
+	SSVAL(param,0,hard_link ? SMB_SET_FILE_UNIX_HLINK : SMB_SET_FILE_UNIX_LINK);
+	p = &param[6];
+
+	p += clistr_push(cli, p, fname_src, -1, STR_TERMINATE);
+	param_len = PTR_DIFF(p, param);
+
+	p = data;
+	p += clistr_push(cli, p, fname_dst, -1, STR_TERMINATE);
+	data_len = PTR_DIFF(p, data);
+
+	if (!cli_send_trans(cli, SMBtrans2,
+		NULL,                        /* name */
+		-1, 0,                          /* fid, flags */
+		&setup, 1, 0,                   /* setup, length, max */
+		param, param_len, 2,            /* param, length, max */
+		(char *)&data,  data_len, cli->max_xmit /* data, length, max */
+		)) {
+			return False;
+	}
+
+	if (!cli_receive_trans(cli, SMBtrans2,
+		&rparam, &param_len,
+		&rdata, &data_len)) {
+			return False;
+	}
+
+	SAFE_FREE(rdata);
+	SAFE_FREE(rparam);
+
+	return True;
+}
+
+/****************************************************************************
+ Map standard UNIX permissions onto wire representations.
+****************************************************************************/
+
+uint32  unix_perms_to_wire(mode_t perms)
+{
+        uint ret = 0;
+
+        ret |= ((perms & S_IXOTH) ?  UNIX_X_OTH : 0);
+        ret |= ((perms & S_IWOTH) ?  UNIX_W_OTH : 0);
+        ret |= ((perms & S_IROTH) ?  UNIX_R_OTH : 0);
+        ret |= ((perms & S_IXGRP) ?  UNIX_X_GRP : 0);
+        ret |= ((perms & S_IWGRP) ?  UNIX_W_GRP : 0);
+        ret |= ((perms & S_IRGRP) ?  UNIX_R_GRP : 0);
+        ret |= ((perms & S_IXUSR) ?  UNIX_X_USR : 0);
+        ret |= ((perms & S_IWUSR) ?  UNIX_W_USR : 0);
+        ret |= ((perms & S_IRUSR) ?  UNIX_R_USR : 0);
+#ifdef S_ISVTX
+        ret |= ((perms & S_ISVTX) ?  UNIX_STICKY : 0);
+#endif
+#ifdef S_ISGID
+        ret |= ((perms & S_ISGID) ?  UNIX_SET_GID : 0);
+#endif
+#ifdef S_ISUID
+        ret |= ((perms & S_ISVTX) ?  UNIX_SET_UID : 0);
+#endif
+        return ret;
+}
+
+/****************************************************************************
+ Symlink a file (UNIX extensions).
+****************************************************************************/
+
+BOOL cli_unix_symlink(struct cli_state *cli, const char *fname_src, const char *fname_dst)
+{
+	return cli_link_internal(cli, fname_src, fname_dst, False);
+}
+
+/****************************************************************************
+ Hard a file (UNIX extensions).
+****************************************************************************/
+
+BOOL cli_unix_hardlink(struct cli_state *cli, const char *fname_src, const char *fname_dst)
+{
+	return cli_link_internal(cli, fname_src, fname_dst, True);
+}
+
+/****************************************************************************
+ Chmod or chown a file internal (UNIX extensions).
+****************************************************************************/
+
+static BOOL cli_unix_chmod_chown_internal(struct cli_state *cli, const char *fname, uint32 mode, uint32 uid, uint32 gid)
+{
+	int data_len = 0;
+	int param_len = 0;
+	uint16 setup = TRANSACT2_SETPATHINFO;
+	char param[sizeof(pstring)+6];
+	char data[100];
+	char *rparam=NULL, *rdata=NULL;
+	char *p;
+
+	memset(param, 0, sizeof(param));
+	memset(data, 0, sizeof(data));
+	SSVAL(param,0,SMB_SET_FILE_UNIX_BASIC);
+	p = &param[6];
+
+	p += clistr_push(cli, p, fname, -1, STR_TERMINATE);
+	param_len = PTR_DIFF(p, param);
+
+	SIVAL(data,40,uid);
+	SIVAL(data,48,gid);
+	SIVAL(data,84,mode);
+
+	data_len = 100;
+
+	if (!cli_send_trans(cli, SMBtrans2,
+		NULL,                        /* name */
+		-1, 0,                          /* fid, flags */
+		&setup, 1, 0,                   /* setup, length, max */
+		param, param_len, 2,            /* param, length, max */
+		(char *)&data,  data_len, cli->max_xmit /* data, length, max */
+		)) {
+			return False;
+	}
+
+	if (!cli_receive_trans(cli, SMBtrans2,
+		&rparam, &param_len,
+		&rdata, &data_len)) {
+			return False;
+	}
+
+	SAFE_FREE(rdata);
+	SAFE_FREE(rparam);
+
+	return True;
+}
+
+/****************************************************************************
+ chmod a file (UNIX extensions).
+****************************************************************************/
+
+BOOL cli_unix_chmod(struct cli_state *cli, const char *fname, mode_t mode)
+{
+	return cli_unix_chmod_chown_internal(cli, fname, 
+		unix_perms_to_wire(mode), SMB_UID_NO_CHANGE, SMB_GID_NO_CHANGE);
+}
+
+/****************************************************************************
+ chown a file (UNIX extensions).
+****************************************************************************/
+
+BOOL cli_unix_chown(struct cli_state *cli, const char *fname, uid_t uid, gid_t gid)
+{
+	return cli_unix_chmod_chown_internal(cli, fname, SMB_MODE_NO_CHANGE, (uint32)uid, (uint32)gid);
+}
+
+/****************************************************************************
+ Rename a file.
+****************************************************************************/
+
+BOOL cli_rename(struct cli_state *cli, const char *fname_src, const char *fname_dst)
+{
+	char *p;
+
+	memset(cli->outbuf,'\0',smb_size);
+	memset(cli->inbuf,'\0',smb_size);
+
+	set_message(cli->outbuf,1, 0, True);
+
+	SCVAL(cli->outbuf,smb_com,SMBmv);
+	SSVAL(cli->outbuf,smb_tid,cli->cnum);
+	cli_setup_packet(cli);
+
+	SSVAL(cli->outbuf,smb_vwv0,aSYSTEM | aHIDDEN | aDIR);
+
+	p = smb_buf(cli->outbuf);
+	*p++ = 4;
+	p += clistr_push(cli, p, fname_src, -1, STR_TERMINATE);
+	*p++ = 4;
+	p += clistr_push(cli, p, fname_dst, -1, STR_TERMINATE);
+
+	cli_setup_bcc(cli, p);
+
+	cli_send_smb(cli);
+	if (!cli_receive_smb(cli))
+		return False;
+
+	if (cli_is_error(cli))
+		return False;
+
+	return True;
+}
+
+/****************************************************************************
+ Delete a file.
+****************************************************************************/
+
+BOOL cli_unlink(struct cli_state *cli, const char *fname)
+{
+	char *p;
+
+	memset(cli->outbuf,'\0',smb_size);
+	memset(cli->inbuf,'\0',smb_size);
+
+	set_message(cli->outbuf,1, 0,True);
+
+	SCVAL(cli->outbuf,smb_com,SMBunlink);
+	SSVAL(cli->outbuf,smb_tid,cli->cnum);
+	cli_setup_packet(cli);
+
+	SSVAL(cli->outbuf,smb_vwv0,aSYSTEM | aHIDDEN);
+  
+	p = smb_buf(cli->outbuf);
+	*p++ = 4;      
+	p += clistr_push(cli, p, fname, -1, STR_TERMINATE);
+
+	cli_setup_bcc(cli, p);
+	cli_send_smb(cli);
+	if (!cli_receive_smb(cli)) {
+		return False;
+	}
+
+	if (cli_is_error(cli)) {
+		return False;
+	}
+
+	return True;
+}
+
+/****************************************************************************
+ Create a directory.
+****************************************************************************/
+
+BOOL cli_mkdir(struct cli_state *cli, const char *dname)
+{
+	char *p;
+
+	memset(cli->outbuf,'\0',smb_size);
+	memset(cli->inbuf,'\0',smb_size);
+
+	set_message(cli->outbuf,0, 0,True);
+
+	SCVAL(cli->outbuf,smb_com,SMBmkdir);
+	SSVAL(cli->outbuf,smb_tid,cli->cnum);
+	cli_setup_packet(cli);
+
+	p = smb_buf(cli->outbuf);
+	*p++ = 4;      
+	p += clistr_push(cli, p, dname, -1, STR_TERMINATE);
+
+	cli_setup_bcc(cli, p);
+
+	cli_send_smb(cli);
+	if (!cli_receive_smb(cli)) {
+		return False;
+	}
+
+	if (cli_is_error(cli)) {
+		return False;
+	}
+
+	return True;
+}
+
+/****************************************************************************
+ Remove a directory.
+****************************************************************************/
+
+BOOL cli_rmdir(struct cli_state *cli, const char *dname)
+{
+	char *p;
+
+	memset(cli->outbuf,'\0',smb_size);
+	memset(cli->inbuf,'\0',smb_size);
+
+	set_message(cli->outbuf,0, 0, True);
+
+	SCVAL(cli->outbuf,smb_com,SMBrmdir);
+	SSVAL(cli->outbuf,smb_tid,cli->cnum);
+	cli_setup_packet(cli);
+
+	p = smb_buf(cli->outbuf);
+	*p++ = 4;      
+	p += clistr_push(cli, p, dname, -1, STR_TERMINATE);
+
+	cli_setup_bcc(cli, p);
+
+	cli_send_smb(cli);
+	if (!cli_receive_smb(cli)) {
+		return False;
+	}
+
+	if (cli_is_error(cli)) {
+		return False;
+	}
+
+	return True;
+}
+
+/****************************************************************************
+ Set or clear the delete on close flag.
+****************************************************************************/
+
+int cli_nt_delete_on_close(struct cli_state *cli, int fnum, BOOL flag)
+{
+	int data_len = 1;
+	int param_len = 6;
+	uint16 setup = TRANSACT2_SETFILEINFO;
+	pstring param;
+	unsigned char data;
+	char *rparam=NULL, *rdata=NULL;
+
+	memset(param, 0, param_len);
+	SSVAL(param,0,fnum);
+	SSVAL(param,2,SMB_SET_FILE_DISPOSITION_INFO);
+
+	data = flag ? 1 : 0;
+
+	if (!cli_send_trans(cli, SMBtrans2,
+						NULL,                        /* name */
+						-1, 0,                          /* fid, flags */
+						&setup, 1, 0,                   /* setup, length, max */
+						param, param_len, 2,            /* param, length, max */
+						(char *)&data,  data_len, cli->max_xmit /* data, length, max */
+						)) {
+		return False;
+	}
+
+	if (!cli_receive_trans(cli, SMBtrans2,
+						&rparam, &param_len,
+						&rdata, &data_len)) {
+		return False;
+	}
+
+	SAFE_FREE(rdata);
+	SAFE_FREE(rparam);
+
+	return True;
+}
+
+/****************************************************************************
+ Open a file - exposing the full horror of the NT API :-).
+ Used in smbtorture.
+****************************************************************************/
+
+int cli_nt_create_full(struct cli_state *cli, const char *fname, uint32 DesiredAccess,
+		 uint32 FileAttributes, uint32 ShareAccess,
+		 uint32 CreateDisposition, uint32 CreateOptions)
+{
+	char *p;
+	int len;
+
+	memset(cli->outbuf,'\0',smb_size);
+	memset(cli->inbuf,'\0',smb_size);
+
+	set_message(cli->outbuf,24,0,True);
+
+	SCVAL(cli->outbuf,smb_com,SMBntcreateX);
+	SSVAL(cli->outbuf,smb_tid,cli->cnum);
+	cli_setup_packet(cli);
+
+	SSVAL(cli->outbuf,smb_vwv0,0xFF);
+	if (cli->use_oplocks)
+		SIVAL(cli->outbuf,smb_ntcreate_Flags, REQUEST_OPLOCK|REQUEST_BATCH_OPLOCK);
+	else
+		SIVAL(cli->outbuf,smb_ntcreate_Flags, 0);
+	SIVAL(cli->outbuf,smb_ntcreate_RootDirectoryFid, 0x0);
+	SIVAL(cli->outbuf,smb_ntcreate_DesiredAccess, DesiredAccess);
+	SIVAL(cli->outbuf,smb_ntcreate_FileAttributes, FileAttributes);
+	SIVAL(cli->outbuf,smb_ntcreate_ShareAccess, ShareAccess);
+	SIVAL(cli->outbuf,smb_ntcreate_CreateDisposition, CreateDisposition);
+	SIVAL(cli->outbuf,smb_ntcreate_CreateOptions, CreateOptions);
+	SIVAL(cli->outbuf,smb_ntcreate_ImpersonationLevel, 0x02);
+
+	p = smb_buf(cli->outbuf);
+	/* this alignment and termination is critical for netapp filers. Don't change */
+	p += clistr_align_out(cli, p, 0);
+	len = clistr_push(cli, p, fname, -1, 0);
+	p += len;
+	SSVAL(cli->outbuf,smb_ntcreate_NameLength, len);
+	/* sigh. this copes with broken netapp filer behaviour */
+	p += clistr_push(cli, p, "", -1, STR_TERMINATE);
+
+	cli_setup_bcc(cli, p);
+
+	cli_send_smb(cli);
+	if (!cli_receive_smb(cli)) {
+		return -1;
+	}
+
+	if (cli_is_error(cli)) {
+		return -1;
+	}
+
+	return SVAL(cli->inbuf,smb_vwv2 + 1);
+}
+
+/****************************************************************************
+ Open a file.
+****************************************************************************/
+
+int cli_nt_create(struct cli_state *cli, const char *fname, uint32 DesiredAccess)
+{
+	return cli_nt_create_full(cli, fname, DesiredAccess, 0,
+				FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_EXISTS_OPEN, 0x0);
+}
+
+/****************************************************************************
+ Open a file
+ WARNING: if you open with O_WRONLY then getattrE won't work!
+****************************************************************************/
+
+int cli_open(struct cli_state *cli, const char *fname, int flags, int share_mode)
+{
+	char *p;
+	unsigned openfn=0;
+	unsigned accessmode=0;
+
+	if (flags & O_CREAT)
+		openfn |= (1<<4);
+	if (!(flags & O_EXCL)) {
+		if (flags & O_TRUNC)
+			openfn |= (1<<1);
+		else
+			openfn |= (1<<0);
+	}
+
+	accessmode = (share_mode<<4);
+
+	if ((flags & O_ACCMODE) == O_RDWR) {
+		accessmode |= 2;
+	} else if ((flags & O_ACCMODE) == O_WRONLY) {
+		accessmode |= 1;
+	} 
+
+#if defined(O_SYNC)
+	if ((flags & O_SYNC) == O_SYNC) {
+		accessmode |= (1<<14);
+	}
+#endif /* O_SYNC */
+
+	if (share_mode == DENY_FCB) {
+		accessmode = 0xFF;
+	}
+
+	memset(cli->outbuf,'\0',smb_size);
+	memset(cli->inbuf,'\0',smb_size);
+
+	set_message(cli->outbuf,15,0,True);
+
+	SCVAL(cli->outbuf,smb_com,SMBopenX);
+	SSVAL(cli->outbuf,smb_tid,cli->cnum);
+	cli_setup_packet(cli);
+
+	SSVAL(cli->outbuf,smb_vwv0,0xFF);
+	SSVAL(cli->outbuf,smb_vwv2,0);  /* no additional info */
+	SSVAL(cli->outbuf,smb_vwv3,accessmode);
+	SSVAL(cli->outbuf,smb_vwv4,aSYSTEM | aHIDDEN);
+	SSVAL(cli->outbuf,smb_vwv5,0);
+	SSVAL(cli->outbuf,smb_vwv8,openfn);
+
+	if (cli->use_oplocks) {
+		/* if using oplocks then ask for a batch oplock via
+                   core and extended methods */
+		SCVAL(cli->outbuf,smb_flg, CVAL(cli->outbuf,smb_flg)|
+			FLAG_REQUEST_OPLOCK|FLAG_REQUEST_BATCH_OPLOCK);
+		SSVAL(cli->outbuf,smb_vwv2,SVAL(cli->outbuf,smb_vwv2) | 6);
+	}
+  
+	p = smb_buf(cli->outbuf);
+	p += clistr_push(cli, p, fname, -1, STR_TERMINATE);
+
+	cli_setup_bcc(cli, p);
+
+	cli_send_smb(cli);
+	if (!cli_receive_smb(cli)) {
+		return -1;
+	}
+
+	if (cli_is_error(cli)) {
+		return -1;
+	}
+
+	return SVAL(cli->inbuf,smb_vwv2);
+}
+
+/****************************************************************************
+ Close a file.
+****************************************************************************/
+
+BOOL cli_close(struct cli_state *cli, int fnum)
+{
+	memset(cli->outbuf,'\0',smb_size);
+	memset(cli->inbuf,'\0',smb_size);
+
+	set_message(cli->outbuf,3,0,True);
+
+	SCVAL(cli->outbuf,smb_com,SMBclose);
+	SSVAL(cli->outbuf,smb_tid,cli->cnum);
+	cli_setup_packet(cli);
+
+	SSVAL(cli->outbuf,smb_vwv0,fnum);
+	SIVALS(cli->outbuf,smb_vwv1,-1);
+
+	cli_send_smb(cli);
+	if (!cli_receive_smb(cli)) {
+		return False;
+	}
+
+	return !cli_is_error(cli);
+}
+
+
+/****************************************************************************
+ send a lock with a specified locktype 
+ this is used for testing LOCKING_ANDX_CANCEL_LOCK
+****************************************************************************/
+NTSTATUS cli_locktype(struct cli_state *cli, int fnum, 
+		      uint32 offset, uint32 len, int timeout, unsigned char locktype)
+{
+	char *p;
+	int saved_timeout = cli->timeout;
+
+	memset(cli->outbuf,'\0',smb_size);
+	memset(cli->inbuf,'\0', smb_size);
+
+	set_message(cli->outbuf,8,0,True);
+
+	SCVAL(cli->outbuf,smb_com,SMBlockingX);
+	SSVAL(cli->outbuf,smb_tid,cli->cnum);
+	cli_setup_packet(cli);
+
+	SCVAL(cli->outbuf,smb_vwv0,0xFF);
+	SSVAL(cli->outbuf,smb_vwv2,fnum);
+	SCVAL(cli->outbuf,smb_vwv3,locktype);
+	SIVALS(cli->outbuf, smb_vwv4, timeout);
+	SSVAL(cli->outbuf,smb_vwv6,0);
+	SSVAL(cli->outbuf,smb_vwv7,1);
+
+	p = smb_buf(cli->outbuf);
+	SSVAL(p, 0, cli->pid);
+	SIVAL(p, 2, offset);
+	SIVAL(p, 6, len);
+
+	p += 10;
+
+	cli_setup_bcc(cli, p);
+
+	cli_send_smb(cli);
+
+	if (timeout != 0) {
+		cli->timeout = (timeout == -1) ? 0x7FFFFFFF : (timeout + 2*1000);
+	}
+
+	if (!cli_receive_smb(cli)) {
+		cli->timeout = saved_timeout;
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	cli->timeout = saved_timeout;
+
+	return cli_nt_error(cli);
+}
+
+
+/****************************************************************************
+ Lock a file.
+****************************************************************************/
+
+BOOL cli_lock(struct cli_state *cli, int fnum, 
+	      uint32 offset, uint32 len, int timeout, enum brl_type lock_type)
+{
+	char *p;
+	int saved_timeout = cli->timeout;
+
+	memset(cli->outbuf,'\0',smb_size);
+	memset(cli->inbuf,'\0', smb_size);
+
+	set_message(cli->outbuf,8,0,True);
+
+	SCVAL(cli->outbuf,smb_com,SMBlockingX);
+	SSVAL(cli->outbuf,smb_tid,cli->cnum);
+	cli_setup_packet(cli);
+
+	SCVAL(cli->outbuf,smb_vwv0,0xFF);
+	SSVAL(cli->outbuf,smb_vwv2,fnum);
+	SCVAL(cli->outbuf,smb_vwv3,(lock_type == READ_LOCK? 1 : 0));
+	SIVALS(cli->outbuf, smb_vwv4, timeout);
+	SSVAL(cli->outbuf,smb_vwv6,0);
+	SSVAL(cli->outbuf,smb_vwv7,1);
+
+	p = smb_buf(cli->outbuf);
+	SSVAL(p, 0, cli->pid);
+	SIVAL(p, 2, offset);
+	SIVAL(p, 6, len);
+
+	p += 10;
+
+	cli_setup_bcc(cli, p);
+
+	cli_send_smb(cli);
+
+	if (timeout != 0) {
+		cli->timeout = (timeout == -1) ? 0x7FFFFFFF : (timeout + 2*1000);
+	}
+
+	if (!cli_receive_smb(cli)) {
+		cli->timeout = saved_timeout;
+		return False;
+	}
+
+	cli->timeout = saved_timeout;
+
+	if (cli_is_error(cli)) {
+		return False;
+	}
+
+	return True;
+}
+
+/****************************************************************************
+ Unlock a file.
+****************************************************************************/
+
+BOOL cli_unlock(struct cli_state *cli, int fnum, uint32 offset, uint32 len)
+{
+	char *p;
+
+	memset(cli->outbuf,'\0',smb_size);
+	memset(cli->inbuf,'\0',smb_size);
+
+	set_message(cli->outbuf,8,0,True);
+
+	SCVAL(cli->outbuf,smb_com,SMBlockingX);
+	SSVAL(cli->outbuf,smb_tid,cli->cnum);
+	cli_setup_packet(cli);
+
+	SCVAL(cli->outbuf,smb_vwv0,0xFF);
+	SSVAL(cli->outbuf,smb_vwv2,fnum);
+	SCVAL(cli->outbuf,smb_vwv3,0);
+	SIVALS(cli->outbuf, smb_vwv4, 0);
+	SSVAL(cli->outbuf,smb_vwv6,1);
+	SSVAL(cli->outbuf,smb_vwv7,0);
+
+	p = smb_buf(cli->outbuf);
+	SSVAL(p, 0, cli->pid);
+	SIVAL(p, 2, offset);
+	SIVAL(p, 6, len);
+	p += 10;
+	cli_setup_bcc(cli, p);
+	cli_send_smb(cli);
+	if (!cli_receive_smb(cli)) {
+		return False;
+	}
+
+	if (cli_is_error(cli)) {
+		return False;
+	}
+
+	return True;
+}
+
+/****************************************************************************
+ Lock a file with 64 bit offsets.
+****************************************************************************/
+
+BOOL cli_lock64(struct cli_state *cli, int fnum, 
+		SMB_BIG_UINT offset, SMB_BIG_UINT len, int timeout, enum brl_type lock_type)
+{
+	char *p;
+        int saved_timeout = cli->timeout;
+	int ltype;
+
+	if (! (cli->capabilities & CAP_LARGE_FILES)) {
+		return cli_lock(cli, fnum, offset, len, timeout, lock_type);
+	}
+
+	ltype = (lock_type == READ_LOCK? 1 : 0);
+	ltype |= LOCKING_ANDX_LARGE_FILES;
+
+	memset(cli->outbuf,'\0',smb_size);
+	memset(cli->inbuf,'\0', smb_size);
+
+	set_message(cli->outbuf,8,0,True);
+
+	SCVAL(cli->outbuf,smb_com,SMBlockingX);
+	SSVAL(cli->outbuf,smb_tid,cli->cnum);
+	cli_setup_packet(cli);
+
+	SCVAL(cli->outbuf,smb_vwv0,0xFF);
+	SSVAL(cli->outbuf,smb_vwv2,fnum);
+	SCVAL(cli->outbuf,smb_vwv3,ltype);
+	SIVALS(cli->outbuf, smb_vwv4, timeout);
+	SSVAL(cli->outbuf,smb_vwv6,0);
+	SSVAL(cli->outbuf,smb_vwv7,1);
+
+	p = smb_buf(cli->outbuf);
+	SIVAL(p, 0, cli->pid);
+	SOFF_T_R(p, 4, offset);
+	SOFF_T_R(p, 12, len);
+	p += 20;
+
+	cli_setup_bcc(cli, p);
+	cli_send_smb(cli);
+
+	if (timeout != 0) {
+		cli->timeout = (timeout == -1) ? 0x7FFFFFFF : (timeout + 5*1000);
+	}
+
+	if (!cli_receive_smb(cli)) {
+                cli->timeout = saved_timeout;
+		return False;
+	}
+
+	cli->timeout = saved_timeout;
+
+	if (cli_is_error(cli)) {
+		return False;
+	}
+
+	return True;
+}
+
+/****************************************************************************
+ Unlock a file with 64 bit offsets.
+****************************************************************************/
+
+BOOL cli_unlock64(struct cli_state *cli, int fnum, SMB_BIG_UINT offset, SMB_BIG_UINT len)
+{
+	char *p;
+
+	if (! (cli->capabilities & CAP_LARGE_FILES)) {
+		return cli_unlock(cli, fnum, offset, len);
+	}
+
+	memset(cli->outbuf,'\0',smb_size);
+	memset(cli->inbuf,'\0',smb_size);
+
+	set_message(cli->outbuf,8,0,True);
+
+	SCVAL(cli->outbuf,smb_com,SMBlockingX);
+	SSVAL(cli->outbuf,smb_tid,cli->cnum);
+	cli_setup_packet(cli);
+
+	SCVAL(cli->outbuf,smb_vwv0,0xFF);
+	SSVAL(cli->outbuf,smb_vwv2,fnum);
+	SCVAL(cli->outbuf,smb_vwv3,LOCKING_ANDX_LARGE_FILES);
+	SIVALS(cli->outbuf, smb_vwv4, 0);
+	SSVAL(cli->outbuf,smb_vwv6,1);
+	SSVAL(cli->outbuf,smb_vwv7,0);
+
+	p = smb_buf(cli->outbuf);
+	SIVAL(p, 0, cli->pid);
+	SOFF_T_R(p, 4, offset);
+	SOFF_T_R(p, 12, len);
+	p += 20;
+	cli_setup_bcc(cli, p);
+	cli_send_smb(cli);
+	if (!cli_receive_smb(cli)) {
+		return False;
+	}
+
+	if (cli_is_error(cli)) {
+		return False;
+	}
+
+	return True;
+}
+
+
+/****************************************************************************
+ Do a SMBgetattrE call.
+****************************************************************************/
+
+BOOL cli_getattrE(struct cli_state *cli, int fd, 
+		  uint16 *attr, size_t *size, 
+		  time_t *c_time, time_t *a_time, time_t *m_time)
+{
+	memset(cli->outbuf,'\0',smb_size);
+	memset(cli->inbuf,'\0',smb_size);
+
+	set_message(cli->outbuf,1,0,True);
+
+	SCVAL(cli->outbuf,smb_com,SMBgetattrE);
+	SSVAL(cli->outbuf,smb_tid,cli->cnum);
+	cli_setup_packet(cli);
+
+	SSVAL(cli->outbuf,smb_vwv0,fd);
+
+	cli_send_smb(cli);
+	if (!cli_receive_smb(cli)) {
+		return False;
+	}
+	
+	if (cli_is_error(cli)) {
+		return False;
+	}
+
+	if (size) {
+		*size = IVAL(cli->inbuf, smb_vwv6);
+	}
+
+	if (attr) {
+		*attr = SVAL(cli->inbuf,smb_vwv10);
+	}
+
+	if (c_time) {
+		*c_time = make_unix_date3(cli->inbuf+smb_vwv0);
+	}
+
+	if (a_time) {
+		*a_time = make_unix_date3(cli->inbuf+smb_vwv2);
+	}
+
+	if (m_time) {
+		*m_time = make_unix_date3(cli->inbuf+smb_vwv4);
+	}
+
+	return True;
+}
+
+/****************************************************************************
+ Do a SMBgetatr call
+****************************************************************************/
+
+BOOL cli_getatr(struct cli_state *cli, const char *fname, 
+		uint16 *attr, size_t *size, time_t *t)
+{
+	char *p;
+
+	memset(cli->outbuf,'\0',smb_size);
+	memset(cli->inbuf,'\0',smb_size);
+
+	set_message(cli->outbuf,0,0,True);
+
+	SCVAL(cli->outbuf,smb_com,SMBgetatr);
+	SSVAL(cli->outbuf,smb_tid,cli->cnum);
+	cli_setup_packet(cli);
+
+	p = smb_buf(cli->outbuf);
+	*p++ = 4;
+	p += clistr_push(cli, p, fname, -1, STR_TERMINATE);
+
+	cli_setup_bcc(cli, p);
+
+	cli_send_smb(cli);
+	if (!cli_receive_smb(cli)) {
+		return False;
+	}
+	
+	if (cli_is_error(cli)) {
+		return False;
+	}
+
+	if (size) {
+		*size = IVAL(cli->inbuf, smb_vwv3);
+	}
+
+	if (t) {
+		*t = make_unix_date3(cli->inbuf+smb_vwv1);
+	}
+
+	if (attr) {
+		*attr = SVAL(cli->inbuf,smb_vwv0);
+	}
+
+
+	return True;
+}
+
+/****************************************************************************
+ Do a SMBsetatr call.
+****************************************************************************/
+
+BOOL cli_setatr(struct cli_state *cli, const char *fname, uint16 attr, time_t t)
+{
+	char *p;
+
+	memset(cli->outbuf,'\0',smb_size);
+	memset(cli->inbuf,'\0',smb_size);
+
+	set_message(cli->outbuf,8,0,True);
+
+	SCVAL(cli->outbuf,smb_com,SMBsetatr);
+	SSVAL(cli->outbuf,smb_tid,cli->cnum);
+	cli_setup_packet(cli);
+
+	SSVAL(cli->outbuf,smb_vwv0, attr);
+	put_dos_date3(cli->outbuf,smb_vwv1, t);
+
+	p = smb_buf(cli->outbuf);
+	*p++ = 4;
+	p += clistr_push(cli, p, fname, -1, STR_TERMINATE);
+	*p++ = 4;
+
+	cli_setup_bcc(cli, p);
+
+	cli_send_smb(cli);
+	if (!cli_receive_smb(cli)) {
+		return False;
+	}
+	
+	if (cli_is_error(cli)) {
+		return False;
+	}
+
+	return True;
+}
+
+/****************************************************************************
+ Check for existance of a dir.
+****************************************************************************/
+
+BOOL cli_chkpath(struct cli_state *cli, const char *path)
+{
+	pstring path2;
+	char *p;
+	
+	safe_strcpy(path2,path,sizeof(pstring));
+	trim_string(path2,NULL,"\\");
+	if (!*path2) *path2 = '\\';
+	
+	memset(cli->outbuf,'\0',smb_size);
+	set_message(cli->outbuf,0,0,True);
+	SCVAL(cli->outbuf,smb_com,SMBchkpth);
+	SSVAL(cli->outbuf,smb_tid,cli->cnum);
+	cli_setup_packet(cli);
+	p = smb_buf(cli->outbuf);
+	*p++ = 4;
+	p += clistr_push(cli, p, path2, -1, STR_TERMINATE);
+
+	cli_setup_bcc(cli, p);
+
+	cli_send_smb(cli);
+	if (!cli_receive_smb(cli)) {
+		return False;
+	}
+
+	if (cli_is_error(cli)) return False;
+
+	return True;
+}
+
+/****************************************************************************
+ Query disk space.
+****************************************************************************/
+
+BOOL cli_dskattr(struct cli_state *cli, int *bsize, int *total, int *avail)
+{
+	memset(cli->outbuf,'\0',smb_size);
+	set_message(cli->outbuf,0,0,True);
+	SCVAL(cli->outbuf,smb_com,SMBdskattr);
+	SSVAL(cli->outbuf,smb_tid,cli->cnum);
+	cli_setup_packet(cli);
+
+	cli_send_smb(cli);
+	if (!cli_receive_smb(cli)) {
+		return False;
+	}
+
+	*bsize = SVAL(cli->inbuf,smb_vwv1)*SVAL(cli->inbuf,smb_vwv2);
+	*total = SVAL(cli->inbuf,smb_vwv0);
+	*avail = SVAL(cli->inbuf,smb_vwv3);
+	
+	return True;
+}
+
+/****************************************************************************
+ Create and open a temporary file.
+****************************************************************************/
+
+int cli_ctemp(struct cli_state *cli, const char *path, char **tmp_path)
+{
+	int len;
+	char *p;
+
+	memset(cli->outbuf,'\0',smb_size);
+	memset(cli->inbuf,'\0',smb_size);
+
+	set_message(cli->outbuf,3,0,True);
+
+	SCVAL(cli->outbuf,smb_com,SMBctemp);
+	SSVAL(cli->outbuf,smb_tid,cli->cnum);
+	cli_setup_packet(cli);
+
+	SSVAL(cli->outbuf,smb_vwv0,0);
+	SIVALS(cli->outbuf,smb_vwv1,-1);
+
+	p = smb_buf(cli->outbuf);
+	*p++ = 4;
+	p += clistr_push(cli, p, path, -1, STR_TERMINATE);
+
+	cli_setup_bcc(cli, p);
+
+	cli_send_smb(cli);
+	if (!cli_receive_smb(cli)) {
+		return -1;
+	}
+
+	if (cli_is_error(cli)) {
+		return -1;
+	}
+
+	/* despite the spec, the result has a -1, followed by
+	   length, followed by name */
+	p = smb_buf(cli->inbuf);
+	p += 4;
+	len = smb_buflen(cli->inbuf) - 4;
+	if (len <= 0) return -1;
+
+	if (tmp_path) {
+		pstring path2;
+		clistr_pull(cli, path2, p, 
+			    sizeof(path2), len, STR_ASCII);
+		*tmp_path = strdup(path2);
+	}
+
+	return SVAL(cli->inbuf,smb_vwv0);
+}
diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
new file mode 100644
index 0000000000..685c4a25e0
--- /dev/null
+++ b/source3/libsmb/clikrb5.c
@@ -0,0 +1,145 @@
+/* 
+   Unix SMB/CIFS implementation.
+   simple kerberos5 routines for active directory
+   Copyright (C) Andrew Tridgell 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+#ifdef HAVE_KRB5
+/*
+  we can't use krb5_mk_req because w2k wants the service to be in a particular format
+*/
+static krb5_error_code krb5_mk_req2(krb5_context context, 
+				    krb5_auth_context *auth_context, 
+				    const krb5_flags ap_req_options,
+				    const char *principal,
+				    krb5_ccache ccache, 
+				    krb5_data *outbuf)
+{
+	krb5_error_code 	  retval;
+	krb5_principal	  server;
+	krb5_creds 		* credsp;
+	krb5_creds 		  creds;
+	krb5_data in_data;
+	
+	retval = krb5_parse_name(context, principal, &server);
+	if (retval) {
+		DEBUG(1,("Failed to parse principal %s\n", principal));
+		return retval;
+	}
+	
+	/* obtain ticket & session key */
+	memset((char *)&creds, 0, sizeof(creds));
+	if ((retval = krb5_copy_principal(context, server, &creds.server))) {
+		DEBUG(1,("krb5_copy_principal failed (%s)\n", 
+			 error_message(retval)));
+		goto cleanup_princ;
+	}
+	
+	if ((retval = krb5_cc_get_principal(context, ccache, &creds.client))) {
+		DEBUG(1,("krb5_cc_get_principal failed (%s)\n", 
+			 error_message(retval)));
+		goto cleanup_creds;
+	}
+
+	if ((retval = krb5_get_credentials(context, 0,
+					   ccache, &creds, &credsp))) {
+		DEBUG(1,("krb5_get_credentials failed for %s (%s)\n", 
+			 principal, error_message(retval)));
+		goto cleanup_creds;
+	}
+
+	in_data.length = 0;
+	retval = krb5_mk_req_extended(context, auth_context, ap_req_options, 
+				      &in_data, credsp, outbuf);
+	if (retval) {
+		DEBUG(1,("krb5_mk_req_extended failed (%s)\n", 
+			 error_message(retval)));
+	}
+	
+	krb5_free_creds(context, credsp);
+
+cleanup_creds:
+	krb5_free_cred_contents(context, &creds);
+
+cleanup_princ:
+	krb5_free_principal(context, server);
+
+	return retval;
+}
+
+/*
+  get a kerberos5 ticket for the given service 
+*/
+DATA_BLOB krb5_get_ticket(char *principal)
+{
+	krb5_error_code retval;
+	krb5_data packet;
+	krb5_ccache ccdef;
+	krb5_context context;
+	krb5_auth_context auth_context = NULL;
+	DATA_BLOB ret;
+	krb5_enctype enc_types[] = {ENCTYPE_DES_CBC_MD5, ENCTYPE_NULL};
+
+	retval = krb5_init_context(&context);
+	if (retval) {
+		DEBUG(1,("krb5_init_context failed (%s)\n", 
+			 error_message(retval)));
+		goto failed;
+	}
+
+	if ((retval = krb5_cc_default(context, &ccdef))) {
+		DEBUG(1,("krb5_cc_default failed (%s)\n",
+			 error_message(retval)));
+		goto failed;
+	}
+
+	if ((retval = krb5_set_default_tgs_ktypes(context, enc_types))) {
+		DEBUG(1,("krb5_set_default_tgs_ktypes failed (%s)\n",
+			 error_message(retval)));
+		goto failed;
+	}
+
+	if ((retval = krb5_mk_req2(context, 
+				   &auth_context, 
+				   0, 
+				   principal,
+				   ccdef, &packet))) {
+		goto failed;
+	}
+
+	ret = data_blob(packet.data, packet.length);
+/* Hmm, heimdal dooesn't have this - what's the correct call? */
+/* 	krb5_free_data_contents(context, &packet); */
+	krb5_free_context(context);
+	return ret;
+
+failed:
+	krb5_free_context(context);
+	return data_blob(NULL, 0);
+}
+
+
+#else /* HAVE_KRB5 */
+ /* this saves a few linking headaches */
+ DATA_BLOB krb5_get_ticket(char *principal)
+ {
+	 DEBUG(0,("NO KERBEROS SUPPORT\n"));
+	 return data_blob(NULL, 0);
+ }
+#endif
diff --git a/source3/libsmb/clilist.c b/source3/libsmb/clilist.c
new file mode 100644
index 0000000000..8b28e05a47
--- /dev/null
+++ b/source3/libsmb/clilist.c
@@ -0,0 +1,464 @@
+/* 
+   Unix SMB/CIFS implementation.
+   client directory list routines
+   Copyright (C) Andrew Tridgell 1994-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#define NO_SYSLOG
+
+#include "includes.h"
+
+
+/****************************************************************************
+interpret a long filename structure - this is mostly guesses at the moment
+The length of the structure is returned
+The structure of a long filename depends on the info level. 260 is used
+by NT and 2 is used by OS/2
+****************************************************************************/
+static int interpret_long_filename(struct cli_state *cli,
+				   int level,char *p,file_info *finfo)
+{
+	extern file_info def_finfo;
+	file_info finfo2;
+	int len;
+	char *base = p;
+
+	if (!finfo) finfo = &finfo2;
+
+	memcpy(finfo,&def_finfo,sizeof(*finfo));
+
+	switch (level)
+		{
+		case 1: /* OS/2 understands this */
+			/* these dates are converted to GMT by
+                           make_unix_date */
+			finfo->ctime = make_unix_date2(p+4);
+			finfo->atime = make_unix_date2(p+8);
+			finfo->mtime = make_unix_date2(p+12);
+			finfo->size = IVAL(p,16);
+			finfo->mode = CVAL(p,24);
+			len = CVAL(p, 26);
+			p += 27;
+			p += clistr_align_in(cli, p, 0);
+			p += clistr_pull(cli, finfo->name, p,
+				    sizeof(finfo->name),
+				    len, 
+				    STR_TERMINATE);
+			return PTR_DIFF(p, base);
+
+		case 2: /* this is what OS/2 uses mostly */
+			/* these dates are converted to GMT by
+                           make_unix_date */
+			finfo->ctime = make_unix_date2(p+4);
+			finfo->atime = make_unix_date2(p+8);
+			finfo->mtime = make_unix_date2(p+12);
+			finfo->size = IVAL(p,16);
+			finfo->mode = CVAL(p,24);
+			len = CVAL(p, 30);
+			p += 31;
+			/* check for unisys! */
+			p += clistr_pull(cli, finfo->name, p,
+					 sizeof(finfo->name),
+					 len, 
+					 STR_NOALIGN);
+			return PTR_DIFF(p, base) + 1;
+			
+		case 260: /* NT uses this, but also accepts 2 */
+		{
+			int namelen, slen;
+			p += 4; /* next entry offset */
+			p += 4; /* fileindex */
+				
+			/* these dates appear to arrive in a
+			   weird way. It seems to be localtime
+			   plus the serverzone given in the
+			   initial connect. This is GMT when
+			   DST is not in effect and one hour
+			   from GMT otherwise. Can this really
+			   be right??
+			   
+			   I suppose this could be called
+			   kludge-GMT. Is is the GMT you get
+			   by using the current DST setting on
+			   a different localtime. It will be
+			   cheap to calculate, I suppose, as
+			   no DST tables will be needed */
+			
+			finfo->ctime = interpret_long_date(p); p += 8;
+			finfo->atime = interpret_long_date(p); p += 8;
+			finfo->mtime = interpret_long_date(p); p += 8; p += 8;
+			finfo->size = IVAL(p,0); p += 8;
+			p += 8; /* alloc size */
+			finfo->mode = CVAL(p,0); p += 4;
+			namelen = IVAL(p,0); p += 4;
+			p += 4; /* EA size */
+			slen = SVAL(p, 0);
+			p += 2; 
+			{
+				/* stupid NT bugs. grr */
+				int flags = 0;
+				if (p[1] == 0 && namelen > 1) flags |= STR_UNICODE;
+				clistr_pull(cli, finfo->short_name, p,
+					    sizeof(finfo->short_name),
+					    slen, flags);
+			}
+			p += 24; /* short name? */	  
+			clistr_pull(cli, finfo->name, p,
+				    sizeof(finfo->name),
+				    namelen, 0);
+			return SVAL(base, 0);
+		}
+		}
+	
+	DEBUG(1,("Unknown long filename format %d\n",level));
+	return(SVAL(p,0));
+}
+
+
+/****************************************************************************
+  do a directory listing, calling fn on each file found
+  ****************************************************************************/
+int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute, 
+		 void (*fn)(file_info *, const char *, void *), void *state)
+{
+	int max_matches = 512;
+	int info_level;
+	char *p, *p2;
+	pstring mask;
+	file_info finfo;
+	int i;
+	char *tdl, *dirlist = NULL;
+	int dirlist_len = 0;
+	int total_received = -1;
+	BOOL First = True;
+	int ff_searchcount=0;
+	int ff_eos=0;
+	int ff_lastname=0;
+	int ff_dir_handle=0;
+	int loop_count = 0;
+	char *rparam=NULL, *rdata=NULL;
+	int param_len, data_len;	
+	uint16 setup;
+	pstring param;
+
+	/* NT uses 260, OS/2 uses 2. Both accept 1. */
+	info_level = (cli->capabilities&CAP_NT_SMBS)?260:1;
+
+	pstrcpy(mask,Mask);
+	
+	while (ff_eos == 0) {
+		loop_count++;
+		if (loop_count > 200) {
+			DEBUG(0,("Error: Looping in FIND_NEXT??\n"));
+			break;
+		}
+
+		if (First) {
+			setup = TRANSACT2_FINDFIRST;
+			SSVAL(param,0,attribute); /* attribute */
+			SSVAL(param,2,max_matches); /* max count */
+			SSVAL(param,4,4+2);	/* resume required + close on end */
+			SSVAL(param,6,info_level); 
+			SIVAL(param,8,0);
+			p = param+12;
+			p += clistr_push(cli, param+12, mask, -1, 
+					 STR_TERMINATE);
+		} else {
+			setup = TRANSACT2_FINDNEXT;
+			SSVAL(param,0,ff_dir_handle);
+			SSVAL(param,2,max_matches); /* max count */
+			SSVAL(param,4,info_level); 
+			SIVAL(param,6,0); /* ff_resume_key */
+			SSVAL(param,10,8+4+2);	/* continue + resume required + close on end */
+			p = param+12;
+			p += clistr_push(cli, param+12, mask, -1, 
+					 STR_TERMINATE);
+		}
+
+		param_len = PTR_DIFF(p, param);
+
+		if (!cli_send_trans(cli, SMBtrans2, 
+				    NULL,                   /* Name */
+				    -1, 0,                  /* fid, flags */
+				    &setup, 1, 0,           /* setup, length, max */
+				    param, param_len, 10,   /* param, length, max */
+				    NULL, 0, 
+				    cli->max_xmit /* data, length, max */
+				    )) {
+			break;
+		}
+
+		if (!cli_receive_trans(cli, SMBtrans2, 
+				       &rparam, &param_len,
+				       &rdata, &data_len) &&
+                    cli_is_dos_error(cli)) {
+			/* we need to work around a Win95 bug - sometimes
+			   it gives ERRSRV/ERRerror temprarily */
+			uint8 eclass;
+			uint32 ecode;
+			cli_dos_error(cli, &eclass, &ecode);
+			if (eclass != ERRSRV || ecode != ERRerror) break;
+			msleep(100);
+			continue;
+		}
+
+                if (cli_is_error(cli) || !rdata || !rparam) 
+			break;
+
+		if (total_received == -1) total_received = 0;
+
+		/* parse out some important return info */
+		p = rparam;
+		if (First) {
+			ff_dir_handle = SVAL(p,0);
+			ff_searchcount = SVAL(p,2);
+			ff_eos = SVAL(p,4);
+			ff_lastname = SVAL(p,8);
+		} else {
+			ff_searchcount = SVAL(p,0);
+			ff_eos = SVAL(p,2);
+			ff_lastname = SVAL(p,6);
+		}
+
+		if (ff_searchcount == 0) 
+			break;
+
+		/* point to the data bytes */
+		p = rdata;
+
+		/* we might need the lastname for continuations */
+		if (ff_lastname > 0) {
+			switch(info_level)
+				{
+				case 260:
+					clistr_pull(cli, mask, p+ff_lastname,
+						    sizeof(mask), 
+						    data_len-ff_lastname,
+						    STR_TERMINATE);
+					break;
+				case 1:
+					clistr_pull(cli, mask, p+ff_lastname+1,
+						    sizeof(mask), 
+						    -1,
+						    STR_TERMINATE);
+					break;
+				}
+		} else {
+			pstrcpy(mask,"");
+		}
+ 
+		/* and add them to the dirlist pool */
+		tdl = Realloc(dirlist,dirlist_len + data_len);
+
+		if (!tdl) {
+			DEBUG(0,("cli_list_new: Failed to expand dirlist\n"));
+			break;
+		}
+		else dirlist = tdl;
+
+		/* put in a length for the last entry, to ensure we can chain entries 
+		   into the next packet */
+		for (p2=p,i=0;i<(ff_searchcount-1);i++)
+			p2 += interpret_long_filename(cli,info_level,p2,NULL);
+		SSVAL(p2,0,data_len - PTR_DIFF(p2,p));
+
+		/* grab the data for later use */
+		memcpy(dirlist+dirlist_len,p,data_len);
+		dirlist_len += data_len;
+
+		total_received += ff_searchcount;
+
+		SAFE_FREE(rdata);
+		SAFE_FREE(rparam);
+
+		DEBUG(3,("received %d entries (eos=%d)\n",
+			 ff_searchcount,ff_eos));
+
+		if (ff_searchcount > 0) loop_count = 0;
+
+		First = False;
+	}
+
+	for (p=dirlist,i=0;i<total_received;i++) {
+		p += interpret_long_filename(cli,info_level,p,&finfo);
+		fn(&finfo, Mask, state);
+	}
+
+	/* free up the dirlist buffer */
+	SAFE_FREE(dirlist);
+	return(total_received);
+}
+
+
+
+/****************************************************************************
+interpret a short filename structure
+The length of the structure is returned
+****************************************************************************/
+static int interpret_short_filename(struct cli_state *cli, char *p,file_info *finfo)
+{
+	extern file_info def_finfo;
+
+	*finfo = def_finfo;
+
+	finfo->mode = CVAL(p,21);
+	
+	/* this date is converted to GMT by make_unix_date */
+	finfo->ctime = make_unix_date(p+22);
+	finfo->mtime = finfo->atime = finfo->ctime;
+	finfo->size = IVAL(p,26);
+	clistr_pull(cli, finfo->name, p+30, sizeof(finfo->name), 12, STR_ASCII);
+	if (strcmp(finfo->name, "..") && strcmp(finfo->name, "."))
+		fstrcpy(finfo->short_name,finfo->name);
+	
+	return(DIR_STRUCT_SIZE);
+}
+
+
+/****************************************************************************
+  do a directory listing, calling fn on each file found
+  this uses the old SMBsearch interface. It is needed for testing Samba,
+  but should otherwise not be used
+  ****************************************************************************/
+int cli_list_old(struct cli_state *cli,const char *Mask,uint16 attribute, 
+		 void (*fn)(file_info *, const char *, void *), void *state)
+{
+	char *p;
+	int received = 0;
+	BOOL first = True;
+	char status[21];
+	int num_asked = (cli->max_xmit - 100)/DIR_STRUCT_SIZE;
+	int num_received = 0;
+	int i;
+	char *tdl, *dirlist = NULL;
+	pstring mask;
+	
+	ZERO_ARRAY(status);
+
+	pstrcpy(mask,Mask);
+  
+	while (1) {
+		memset(cli->outbuf,'\0',smb_size);
+		memset(cli->inbuf,'\0',smb_size);
+
+		set_message(cli->outbuf,2,0,True);
+
+		SCVAL(cli->outbuf,smb_com,SMBsearch);
+
+		SSVAL(cli->outbuf,smb_tid,cli->cnum);
+		cli_setup_packet(cli);
+
+		SSVAL(cli->outbuf,smb_vwv0,num_asked);
+		SSVAL(cli->outbuf,smb_vwv1,attribute);
+  
+		p = smb_buf(cli->outbuf);
+		*p++ = 4;
+      
+		p += clistr_push(cli, p, first?mask:"", -1, STR_TERMINATE);
+		*p++ = 5;
+		if (first) {
+			SSVAL(p,0,0);
+			p += 2;
+		} else {
+			SSVAL(p,0,21);
+			p += 2;
+			memcpy(p,status,21);
+			p += 21;
+		}
+
+		cli_setup_bcc(cli, p);
+		cli_send_smb(cli);
+		if (!cli_receive_smb(cli)) break;
+
+		received = SVAL(cli->inbuf,smb_vwv0);
+		if (received <= 0) break;
+
+		first = False;
+
+		tdl = Realloc(dirlist,(num_received + received)*DIR_STRUCT_SIZE);
+
+		if (!tdl) {
+			DEBUG(0,("cli_list_old: failed to expand dirlist"));
+			SAFE_FREE(dirlist);
+			return 0;
+		}
+		else dirlist = tdl;
+
+		p = smb_buf(cli->inbuf) + 3;
+
+		memcpy(dirlist+num_received*DIR_STRUCT_SIZE,
+		       p,received*DIR_STRUCT_SIZE);
+		
+		memcpy(status,p + ((received-1)*DIR_STRUCT_SIZE),21);
+		
+		num_received += received;
+		
+		if (cli_is_error(cli)) break;
+	}
+
+	if (!first) {
+		memset(cli->outbuf,'\0',smb_size);
+		memset(cli->inbuf,'\0',smb_size);
+
+		set_message(cli->outbuf,2,0,True);
+		SCVAL(cli->outbuf,smb_com,SMBfclose);
+		SSVAL(cli->outbuf,smb_tid,cli->cnum);
+		cli_setup_packet(cli);
+
+		SSVAL(cli->outbuf, smb_vwv0, 0); /* find count? */
+		SSVAL(cli->outbuf, smb_vwv1, attribute);
+
+		p = smb_buf(cli->outbuf);
+		*p++ = 4;
+		fstrcpy(p, "");
+		p += strlen(p) + 1;
+		*p++ = 5;
+		SSVAL(p, 0, 21);
+		p += 2;
+		memcpy(p,status,21);
+		p += 21;
+		
+		cli_setup_bcc(cli, p);
+		cli_send_smb(cli);
+		if (!cli_receive_smb(cli)) {
+			DEBUG(0,("Error closing search: %s\n",cli_errstr(cli)));
+		}
+	}
+
+	for (p=dirlist,i=0;i<num_received;i++) {
+		file_info finfo;
+		p += interpret_short_filename(cli, p,&finfo);
+		fn(&finfo, Mask, state);
+	}
+
+	SAFE_FREE(dirlist);
+	return(num_received);
+}
+
+
+/****************************************************************************
+  do a directory listing, calling fn on each file found
+  this auto-switches between old and new style
+  ****************************************************************************/
+int cli_list(struct cli_state *cli,const char *Mask,uint16 attribute, 
+	     void (*fn)(file_info *, const char *, void *), void *state)
+{
+	if (cli->protocol <= PROTOCOL_LANMAN1) {
+		return cli_list_old(cli, Mask, attribute, fn, state);
+	}
+	return cli_list_new(cli, Mask, attribute, fn, state);
+}
diff --git a/source3/libsmb/climessage.c b/source3/libsmb/climessage.c
new file mode 100644
index 0000000000..1587e6f4cd
--- /dev/null
+++ b/source3/libsmb/climessage.c
@@ -0,0 +1,120 @@
+/* 
+   Unix SMB/CIFS implementation.
+   client message handling routines
+   Copyright (C) Andrew Tridgell 1994-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#define NO_SYSLOG
+
+#include "includes.h"
+
+
+/****************************************************************************
+start a message sequence
+****************************************************************************/
+BOOL cli_message_start(struct cli_state *cli, char *host, char *username, 
+			      int *grp)
+{
+	char *p;
+
+	/* send a SMBsendstrt command */
+	memset(cli->outbuf,'\0',smb_size);
+	set_message(cli->outbuf,0,0,True);
+	SCVAL(cli->outbuf,smb_com,SMBsendstrt);
+	SSVAL(cli->outbuf,smb_tid,cli->cnum);
+	cli_setup_packet(cli);
+	
+	p = smb_buf(cli->outbuf);
+	*p++ = 4;
+	p += clistr_push(cli, p, username, -1, STR_TERMINATE);
+	*p++ = 4;
+	p += clistr_push(cli, p, host, -1, STR_TERMINATE);
+	
+	cli_setup_bcc(cli, p);
+	
+	cli_send_smb(cli);	
+	
+	if (!cli_receive_smb(cli)) {
+		return False;
+	}
+
+	if (cli_is_error(cli)) return False;
+
+	*grp = SVAL(cli->inbuf,smb_vwv0);
+
+	return True;
+}
+
+
+/****************************************************************************
+send a message 
+****************************************************************************/
+BOOL cli_message_text(struct cli_state *cli, char *msg, int len, int grp)
+{
+	char *p;
+
+	memset(cli->outbuf,'\0',smb_size);
+	set_message(cli->outbuf,1,0,True);
+	SCVAL(cli->outbuf,smb_com,SMBsendtxt);
+	SSVAL(cli->outbuf,smb_tid,cli->cnum);
+	cli_setup_packet(cli);
+
+	SSVAL(cli->outbuf,smb_vwv0,grp);
+	
+	p = smb_buf(cli->outbuf);
+	*p++ = 1;
+	SSVAL(p,0,len); p += 2;
+	memcpy(p,msg,len);
+	p += len;
+
+	cli_setup_bcc(cli, p);
+	cli_send_smb(cli);
+
+	if (!cli_receive_smb(cli)) {
+		return False;
+	}
+
+	if (cli_is_error(cli)) return False;
+
+	return True;
+}      
+
+/****************************************************************************
+end a message 
+****************************************************************************/
+BOOL cli_message_end(struct cli_state *cli, int grp)
+{
+	memset(cli->outbuf,'\0',smb_size);
+	set_message(cli->outbuf,1,0,True);
+	SCVAL(cli->outbuf,smb_com,SMBsendend);
+	SSVAL(cli->outbuf,smb_tid,cli->cnum);
+
+	SSVAL(cli->outbuf,smb_vwv0,grp);
+
+	cli_setup_packet(cli);
+	
+	cli_send_smb(cli);
+
+	if (!cli_receive_smb(cli)) {
+		return False;
+	}
+
+	if (cli_is_error(cli)) return False;
+
+	return True;
+}      
+
diff --git a/source3/libsmb/clioplock.c b/source3/libsmb/clioplock.c
new file mode 100644
index 0000000000..0ffeb1926b
--- /dev/null
+++ b/source3/libsmb/clioplock.c
@@ -0,0 +1,68 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB client oplock functions
+   Copyright (C) Andrew Tridgell 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#define NO_SYSLOG
+
+#include "includes.h"
+
+/****************************************************************************
+send an ack for an oplock break request
+****************************************************************************/
+BOOL cli_oplock_ack(struct cli_state *cli, int fnum, unsigned char level)
+{
+	char *oldbuf = cli->outbuf;
+	pstring buf;
+	BOOL ret;
+
+	cli->outbuf = buf;
+
+        memset(buf,'\0',smb_size);
+        set_message(buf,8,0,True);
+
+        SCVAL(buf,smb_com,SMBlockingX);
+	SSVAL(buf,smb_tid, cli->cnum);
+        cli_setup_packet(cli);
+	SSVAL(buf,smb_vwv0,0xFF);
+	SSVAL(buf,smb_vwv1,0);
+	SSVAL(buf,smb_vwv2,fnum);
+	if (level == 1)
+		SSVAL(buf,smb_vwv3,0x102); /* levelII oplock break ack */
+	else
+		SSVAL(buf,smb_vwv3,2); /* exclusive oplock break ack */
+	SIVAL(buf,smb_vwv4,0); /* timoeut */
+	SSVAL(buf,smb_vwv6,0); /* unlockcount */
+	SSVAL(buf,smb_vwv7,0); /* lockcount */
+
+        ret = cli_send_smb(cli);	
+
+	cli->outbuf = oldbuf;
+
+	return ret;
+}
+
+
+/****************************************************************************
+set the oplock handler for a connection
+****************************************************************************/
+void cli_oplock_handler(struct cli_state *cli, 
+			BOOL (*handler)(struct cli_state *, int, unsigned char))
+{
+	cli->oplock_handler = handler;
+}
diff --git a/source3/libsmb/cliprint.c b/source3/libsmb/cliprint.c
new file mode 100644
index 0000000000..92fbf02e91
--- /dev/null
+++ b/source3/libsmb/cliprint.c
@@ -0,0 +1,157 @@
+/* 
+   Unix SMB/CIFS implementation.
+   client print routines
+   Copyright (C) Andrew Tridgell 1994-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#define NO_SYSLOG
+
+#include "includes.h"
+
+/*****************************************************************************
+ Convert a character pointer in a cli_call_api() response to a form we can use.
+ This function contains code to prevent core dumps if the server returns 
+ invalid data.
+*****************************************************************************/
+static char *fix_char_ptr(unsigned int datap, unsigned int converter, 
+			  char *rdata, int rdrcnt)
+{
+	if (datap == 0)	{	/* turn NULL pointers into zero length strings */
+		return "";
+	} else {
+		unsigned int offset = datap - converter;
+
+		if (offset >= rdrcnt) {
+			DEBUG(1,("bad char ptr: datap=%u, converter=%u rdrcnt=%d>",
+				 datap, converter, rdrcnt));
+			return "<ERROR>";
+		} else {
+			return &rdata[offset];
+		}
+	}
+}
+
+
+/****************************************************************************
+call fn() on each entry in a print queue
+****************************************************************************/
+int cli_print_queue(struct cli_state *cli, 
+		    void (*fn)(struct print_job_info *))
+{
+	char *rparam = NULL;
+	char *rdata = NULL;
+	char *p;
+	int rdrcnt, rprcnt;
+	pstring param;
+	int result_code=0;
+	int i = -1;
+	
+	memset(param,'\0',sizeof(param));
+
+	p = param;
+	SSVAL(p,0,76);         /* API function number 76 (DosPrintJobEnum) */
+	p += 2;
+	pstrcpy(p,"zWrLeh");   /* parameter description? */
+	p = skip_string(p,1);
+	pstrcpy(p,"WWzWWDDzz");  /* returned data format */
+	p = skip_string(p,1);
+	pstrcpy(p,cli->share);    /* name of queue */
+	p = skip_string(p,1);
+	SSVAL(p,0,2);   /* API function level 2, PRJINFO_2 data structure */
+	SSVAL(p,2,1000); /* size of bytes of returned data buffer */
+	p += 4;
+	pstrcpy(p,"");   /* subformat */
+	p = skip_string(p,1);
+
+	DEBUG(4,("doing cli_print_queue for %s\n", cli->share));
+
+	if (cli_api(cli, 
+		    param, PTR_DIFF(p,param), 1024,  /* Param, length, maxlen */
+		    NULL, 0, CLI_BUFFER_SIZE,            /* data, length, maxlen */
+		    &rparam, &rprcnt,                /* return params, length */
+		    &rdata, &rdrcnt)) {               /* return data, length */
+		int converter;
+		result_code = SVAL(rparam,0);
+		converter = SVAL(rparam,2);       /* conversion factor */
+
+		if (result_code == 0) {
+			struct print_job_info job;
+			
+			p = rdata; 
+
+			for (i = 0; i < SVAL(rparam,4); ++i) {
+				job.id = SVAL(p,0);
+				job.priority = SVAL(p,2);
+				fstrcpy(job.user,
+					fix_char_ptr(SVAL(p,4), converter, 
+						     rdata, rdrcnt));
+				job.t = make_unix_date3(p + 12);
+				job.size = IVAL(p,16);
+				fstrcpy(job.name,fix_char_ptr(SVAL(p,24), 
+							      converter, 
+							      rdata, rdrcnt));
+				fn(&job);				
+				p += 28;
+			}
+		}
+	}
+
+	/* If any parameters or data were returned, free the storage. */
+	SAFE_FREE(rparam);
+	SAFE_FREE(rdata);
+
+	return i;
+}
+
+/****************************************************************************
+  cancel a print job
+  ****************************************************************************/
+int cli_printjob_del(struct cli_state *cli, int job)
+{
+	char *rparam = NULL;
+	char *rdata = NULL;
+	char *p;
+	int rdrcnt,rprcnt, ret = -1;
+	pstring param;
+
+	memset(param,'\0',sizeof(param));
+
+	p = param;
+	SSVAL(p,0,81);		/* DosPrintJobDel() */
+	p += 2;
+	pstrcpy(p,"W");
+	p = skip_string(p,1);
+	pstrcpy(p,"");
+	p = skip_string(p,1);
+	SSVAL(p,0,job);     
+	p += 2;
+	
+	if (cli_api(cli, 
+		    param, PTR_DIFF(p,param), 1024,  /* Param, length, maxlen */
+		    NULL, 0, CLI_BUFFER_SIZE,            /* data, length, maxlen */
+		    &rparam, &rprcnt,                /* return params, length */
+		    &rdata, &rdrcnt)) {               /* return data, length */
+		ret = SVAL(rparam,0);
+	}
+
+	SAFE_FREE(rparam);
+	SAFE_FREE(rdata);
+
+	return ret;
+}
+
+
diff --git a/source3/libsmb/clirap.c b/source3/libsmb/clirap.c
new file mode 100644
index 0000000000..a2b6c8bb8b
--- /dev/null
+++ b/source3/libsmb/clirap.c
@@ -0,0 +1,738 @@
+/* 
+   Unix SMB/CIFS implementation.
+   client RAP calls
+   Copyright (C) Andrew Tridgell 1994-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#define NO_SYSLOG
+
+#include "includes.h"
+
+
+/****************************************************************************
+Call a remote api on an arbitrary pipe.  takes param, data and setup buffers.
+****************************************************************************/
+BOOL cli_api_pipe(struct cli_state *cli, char *pipe_name, 
+                  uint16 *setup, uint32 setup_count, uint32 max_setup_count,
+                  char *params, uint32 param_count, uint32 max_param_count,
+                  char *data, uint32 data_count, uint32 max_data_count,
+                  char **rparam, uint32 *rparam_count,
+                  char **rdata, uint32 *rdata_count)
+{
+  cli_send_trans(cli, SMBtrans, 
+                 pipe_name, 
+                 0,0,                         /* fid, flags */
+                 setup, setup_count, max_setup_count,
+                 params, param_count, max_param_count,
+                 data, data_count, max_data_count);
+
+  return (cli_receive_trans(cli, SMBtrans, 
+                            rparam, (int *)rparam_count,
+                            rdata, (int *)rdata_count));
+}
+
+/****************************************************************************
+call a remote api
+****************************************************************************/
+BOOL cli_api(struct cli_state *cli,
+	     char *param, int prcnt, int mprcnt,
+	     char *data, int drcnt, int mdrcnt,
+	     char **rparam, int *rprcnt,
+	     char **rdata, int *rdrcnt)
+{
+  cli_send_trans(cli,SMBtrans,
+                 PIPE_LANMAN,             /* Name */
+                 0,0,                     /* fid, flags */
+                 NULL,0,0,                /* Setup, length, max */
+                 param, prcnt, mprcnt,    /* Params, length, max */
+                 data, drcnt, mdrcnt      /* Data, length, max */ 
+                );
+
+  return (cli_receive_trans(cli,SMBtrans,
+                            rparam, rprcnt,
+                            rdata, rdrcnt));
+}
+
+
+/****************************************************************************
+perform a NetWkstaUserLogon
+****************************************************************************/
+BOOL cli_NetWkstaUserLogon(struct cli_state *cli,char *user, char *workstation)
+{
+	char *rparam = NULL;
+	char *rdata = NULL;
+	char *p;
+	int rdrcnt,rprcnt;
+	pstring param;
+
+	memset(param, 0, sizeof(param));
+	
+	/* send a SMBtrans command with api NetWkstaUserLogon */
+	p = param;
+	SSVAL(p,0,132); /* api number */
+	p += 2;
+	pstrcpy(p,"OOWb54WrLh");
+	p = skip_string(p,1);
+	pstrcpy(p,"WB21BWDWWDDDDDDDzzzD");
+	p = skip_string(p,1);
+	SSVAL(p,0,1);
+	p += 2;
+	pstrcpy(p,user);
+	strupper(p);
+	p += 21;
+	p++;
+	p += 15;
+	p++; 
+	pstrcpy(p, workstation); 
+	strupper(p);
+	p += 16;
+	SSVAL(p, 0, CLI_BUFFER_SIZE);
+	p += 2;
+	SSVAL(p, 0, CLI_BUFFER_SIZE);
+	p += 2;
+	
+	if (cli_api(cli, 
+                    param, PTR_DIFF(p,param),1024,  /* param, length, max */
+                    NULL, 0, CLI_BUFFER_SIZE,           /* data, length, max */
+                    &rparam, &rprcnt,               /* return params, return size */
+                    &rdata, &rdrcnt                 /* return data, return size */
+                   )) {
+		cli->rap_error = rparam? SVAL(rparam,0) : -1;
+		p = rdata;
+		
+		if (cli->rap_error == 0) {
+			DEBUG(4,("NetWkstaUserLogon success\n"));
+			cli->privileges = SVAL(p, 24);
+			fstrcpy(cli->eff_name,p+2);
+		} else {
+			DEBUG(1,("NetwkstaUserLogon gave error %d\n", cli->rap_error));
+		}
+	}
+	
+	SAFE_FREE(rparam);
+	SAFE_FREE(rdata);
+	return (cli->rap_error == 0);
+}
+
+/****************************************************************************
+call a NetShareEnum - try and browse available connections on a host
+****************************************************************************/
+int cli_RNetShareEnum(struct cli_state *cli, void (*fn)(const char *, uint32, const char *, void *), void *state)
+{
+	char *rparam = NULL;
+	char *rdata = NULL;
+	char *p;
+	int rdrcnt,rprcnt;
+	pstring param;
+	int count = -1;
+
+	/* now send a SMBtrans command with api RNetShareEnum */
+	p = param;
+	SSVAL(p,0,0); /* api number */
+	p += 2;
+	pstrcpy(p,"WrLeh");
+	p = skip_string(p,1);
+	pstrcpy(p,"B13BWz");
+	p = skip_string(p,1);
+	SSVAL(p,0,1);
+	/*
+	 * Win2k needs a *smaller* buffer than 0xFFFF here -
+	 * it returns "out of server memory" with 0xFFFF !!! JRA.
+	 */
+	SSVAL(p,2,0xFFE0);
+	p += 4;
+	
+	if (cli_api(cli, 
+		    param, PTR_DIFF(p,param), 1024,  /* Param, length, maxlen */
+		    NULL, 0, 0xFFE0,            /* data, length, maxlen - Win2k needs a small buffer here too ! */
+		    &rparam, &rprcnt,                /* return params, length */
+		    &rdata, &rdrcnt))                /* return data, length */
+		{
+			int res = rparam? SVAL(rparam,0) : -1;
+			
+			if (res == 0 || res == ERRmoredata) {
+				int converter=SVAL(rparam,2);
+				int i;
+				
+				count=SVAL(rparam,4);
+				p = rdata;
+				
+				for (i=0;i<count;i++,p+=20) {
+					char *sname = p;
+					int type = SVAL(p,14);
+					int comment_offset = IVAL(p,16) & 0xFFFF;
+					char *cmnt = comment_offset?(rdata+comment_offset-converter):"";
+					pstring s1, s2;
+
+					pull_ascii_pstring(s1, sname);
+					pull_ascii_pstring(s2, cmnt);
+
+					fn(s1, type, s2, state);
+				}
+			} else {
+				DEBUG(4,("NetShareEnum res=%d\n", res));
+			}      
+		} else {
+			DEBUG(4,("NetShareEnum failed\n"));
+		}
+  
+	SAFE_FREE(rparam);
+	SAFE_FREE(rdata);
+	
+	return count;
+}
+
+
+/****************************************************************************
+call a NetServerEnum for the specified workgroup and servertype mask.  This
+function then calls the specified callback function for each name returned.
+
+The callback function takes 4 arguments: the machine name, the server type,
+the comment and a state pointer.
+****************************************************************************/
+BOOL cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32 stype,
+		       void (*fn)(const char *, uint32, const char *, void *),
+		       void *state)
+{
+	char *rparam = NULL;
+	char *rdata = NULL;
+	int rdrcnt,rprcnt;
+	char *p;
+	pstring param;
+	int uLevel = 1;
+	int count = -1;
+
+	/* send a SMBtrans command with api NetServerEnum */
+	p = param;
+	SSVAL(p,0,0x68); /* api number */
+	p += 2;
+	pstrcpy(p,"WrLehDz");
+	p = skip_string(p,1);
+  
+	pstrcpy(p,"B16BBDz");
+
+	p = skip_string(p,1);
+	SSVAL(p,0,uLevel);
+	SSVAL(p,2,CLI_BUFFER_SIZE);
+	p += 4;
+	SIVAL(p,0,stype);
+	p += 4;
+
+	p += push_pstring(p, workgroup);
+	
+	if (cli_api(cli, 
+                    param, PTR_DIFF(p,param), 8,        /* params, length, max */
+                    NULL, 0, CLI_BUFFER_SIZE,               /* data, length, max */
+                    &rparam, &rprcnt,                   /* return params, return size */
+                    &rdata, &rdrcnt                     /* return data, return size */
+                   )) {
+		int res = rparam? SVAL(rparam,0) : -1;
+			
+		if (res == 0 || res == ERRmoredata) {
+			int i;
+			int converter=SVAL(rparam,2);
+
+			count=SVAL(rparam,4);
+			p = rdata;
+					
+			for (i = 0;i < count;i++, p += 26) {
+				char *sname = p;
+				int comment_offset = (IVAL(p,22) & 0xFFFF)-converter;
+				char *cmnt = comment_offset?(rdata+comment_offset):"";
+				pstring s1, s2;
+
+				if (comment_offset < 0 || comment_offset > rdrcnt) continue;
+
+				stype = IVAL(p,18) & ~SV_TYPE_LOCAL_LIST_ONLY;
+
+				pull_ascii_pstring(s1, sname);
+				pull_ascii_pstring(s2, cmnt);
+				fn(s1, stype, s2, state);
+			}
+		}
+	}
+  
+	SAFE_FREE(rparam);
+	SAFE_FREE(rdata);
+	
+	return(count > 0);
+}
+
+
+
+/****************************************************************************
+Send a SamOEMChangePassword command
+****************************************************************************/
+BOOL cli_oem_change_password(struct cli_state *cli, const char *user, const char *new_password,
+                             const char *old_password)
+{
+  char param[16+sizeof(fstring)];
+  char data[532];
+  char *p = param;
+  fstring upper_case_old_pw;
+  fstring upper_case_new_pw;
+  unsigned char old_pw_hash[16];
+  unsigned char new_pw_hash[16];
+  int data_len;
+  int param_len = 0;
+  char *rparam = NULL;
+  char *rdata = NULL;
+  int rprcnt, rdrcnt;
+  pstring dos_new_password;
+
+  if (strlen(user) >= sizeof(fstring)-1) {
+    DEBUG(0,("cli_oem_change_password: user name %s is too long.\n", user));
+    return False;
+  }
+
+  SSVAL(p,0,214); /* SamOEMChangePassword command. */
+  p += 2;
+  pstrcpy(p, "zsT");
+  p = skip_string(p,1);
+  pstrcpy(p, "B516B16");
+  p = skip_string(p,1);
+  pstrcpy(p,user);
+  p = skip_string(p,1);
+  SSVAL(p,0,532);
+  p += 2;
+
+  param_len = PTR_DIFF(p,param);
+
+  /*
+   * Get the Lanman hash of the old password, we
+   * use this as the key to make_oem_passwd_hash().
+   */
+  memset(upper_case_old_pw, '\0', sizeof(upper_case_old_pw));
+  clistr_push(cli, upper_case_old_pw, old_password, -1,STR_TERMINATE|STR_UPPER|STR_ASCII);
+  E_P16((uchar *)upper_case_old_pw, old_pw_hash);
+
+  clistr_push(cli, dos_new_password, new_password, -1, STR_TERMINATE|STR_ASCII);
+
+  if (!make_oem_passwd_hash( data, dos_new_password, old_pw_hash, False))
+    return False;
+
+  /* 
+   * Now place the old password hash in the data.
+   */
+  memset(upper_case_new_pw, '\0', sizeof(upper_case_new_pw));
+  clistr_push(cli, upper_case_new_pw, new_password, -1, STR_TERMINATE|STR_UPPER|STR_ASCII);
+
+  E_P16((uchar *)upper_case_new_pw, new_pw_hash);
+
+  E_old_pw_hash( new_pw_hash, old_pw_hash, (uchar *)&data[516]);
+
+  data_len = 532;
+    
+  if (cli_send_trans(cli,SMBtrans,
+                    PIPE_LANMAN,                          /* name */
+                    0,0,                                  /* fid, flags */
+                    NULL,0,0,                             /* setup, length, max */
+                    param,param_len,2,                    /* param, length, max */
+                    data,data_len,0                       /* data, length, max */
+                   ) == False) {
+    DEBUG(0,("cli_oem_change_password: Failed to send password change for user %s\n",
+              user ));
+    return False;
+  }
+
+  if (cli_receive_trans(cli,SMBtrans,
+                       &rparam, &rprcnt,
+                       &rdata, &rdrcnt)) {
+    if (rparam)
+      cli->rap_error = SVAL(rparam,0);
+  }
+
+  SAFE_FREE(rparam);
+  SAFE_FREE(rdata);
+
+  return (cli->rap_error == 0);
+}
+
+
+/****************************************************************************
+send a qpathinfo call
+****************************************************************************/
+BOOL cli_qpathinfo(struct cli_state *cli, const char *fname, 
+		   time_t *c_time, time_t *a_time, time_t *m_time, 
+		   size_t *size, uint16 *mode)
+{
+	int data_len = 0;
+	int param_len = 0;
+	int rparam_len, rdata_len;
+	uint16 setup = TRANSACT2_QPATHINFO;
+	pstring param;
+	char *rparam=NULL, *rdata=NULL;
+	int count=8;
+	BOOL ret;
+	time_t (*date_fn)(void *);
+	char *p;
+
+	p = param;
+	memset(p, 0, 6);
+	SSVAL(p, 0, SMB_INFO_STANDARD);
+	p += 6;
+	p += clistr_push(cli, p, fname, sizeof(pstring)-6, STR_TERMINATE);
+
+	param_len = PTR_DIFF(p, param);
+
+	do {
+		ret = (cli_send_trans(cli, SMBtrans2, 
+				      NULL,           /* Name */
+				      -1, 0,          /* fid, flags */
+				      &setup, 1, 0,   /* setup, length, max */
+				      param, param_len, 10, /* param, length, max */
+				      NULL, data_len, cli->max_xmit /* data, length, max */
+				      ) &&
+		       cli_receive_trans(cli, SMBtrans2, 
+					 &rparam, &rparam_len,
+					 &rdata, &rdata_len));
+		if (!cli_is_dos_error(cli)) break;
+		if (!ret) {
+			/* we need to work around a Win95 bug - sometimes
+			   it gives ERRSRV/ERRerror temprarily */
+			uint8 eclass;
+			uint32 ecode;
+			cli_dos_error(cli, &eclass, &ecode);
+			if (eclass != ERRSRV || ecode != ERRerror) break;
+			msleep(100);
+		}
+	} while (count-- && ret==False);
+
+	if (!ret || !rdata || rdata_len < 22) {
+		return False;
+	}
+
+	if (cli->win95) {
+		date_fn = make_unix_date;
+	} else {
+		date_fn = make_unix_date2;
+	}
+
+	if (c_time) {
+		*c_time = date_fn(rdata+0);
+	}
+	if (a_time) {
+		*a_time = date_fn(rdata+4);
+	}
+	if (m_time) {
+		*m_time = date_fn(rdata+8);
+	}
+	if (size) {
+		*size = IVAL(rdata, 12);
+	}
+	if (mode) {
+		*mode = SVAL(rdata,l1_attrFile);
+	}
+
+	SAFE_FREE(rdata);
+	SAFE_FREE(rparam);
+	return True;
+}
+
+/****************************************************************************
+send a qpathinfo call with the SMB_QUERY_FILE_ALL_INFO info level
+****************************************************************************/
+BOOL cli_qpathinfo2(struct cli_state *cli, const char *fname, 
+		    time_t *c_time, time_t *a_time, time_t *m_time, 
+		    time_t *w_time, size_t *size, uint16 *mode,
+		    SMB_INO_T *ino)
+{
+	int data_len = 0;
+	int param_len = 0;
+	uint16 setup = TRANSACT2_QPATHINFO;
+	pstring param;
+	char *rparam=NULL, *rdata=NULL;
+	char *p;
+
+	p = param;
+	memset(p, 0, 6);
+	SSVAL(p, 0, SMB_QUERY_FILE_ALL_INFO);
+	p += 6;
+	p += clistr_push(cli, p, fname, sizeof(pstring)-6, STR_TERMINATE);
+
+	param_len = PTR_DIFF(p, param);
+
+	if (!cli_send_trans(cli, SMBtrans2, 
+                            NULL,                         /* name */
+                            -1, 0,                        /* fid, flags */
+                            &setup, 1, 0,                 /* setup, length, max */
+                            param, param_len, 10,         /* param, length, max */
+                            NULL, data_len, cli->max_xmit /* data, length, max */
+                           )) {
+		return False;
+	}
+
+	if (!cli_receive_trans(cli, SMBtrans2,
+                               &rparam, &param_len,
+                               &rdata, &data_len)) {
+		return False;
+	}
+
+	if (!rdata || data_len < 22) {
+		return False;
+	}
+
+	if (c_time) {
+		*c_time = interpret_long_date(rdata+0) - cli->serverzone;
+	}
+	if (a_time) {
+		*a_time = interpret_long_date(rdata+8) - cli->serverzone;
+	}
+	if (m_time) {
+		*m_time = interpret_long_date(rdata+16) - cli->serverzone;
+	}
+	if (w_time) {
+		*w_time = interpret_long_date(rdata+24) - cli->serverzone;
+	}
+	if (mode) {
+		*mode = SVAL(rdata, 32);
+	}
+	if (size) {
+		*size = IVAL(rdata, 48);
+	}
+	if (ino) {
+		*ino = IVAL(rdata, 64);
+	}
+
+	SAFE_FREE(rdata);
+	SAFE_FREE(rparam);
+	return True;
+}
+
+
+/****************************************************************************
+send a qfileinfo QUERY_FILE_NAME_INFO call
+****************************************************************************/
+BOOL cli_qfilename(struct cli_state *cli, int fnum, 
+		   pstring name)
+{
+	int data_len = 0;
+	int param_len = 0;
+	uint16 setup = TRANSACT2_QFILEINFO;
+	pstring param;
+	char *rparam=NULL, *rdata=NULL;
+
+	param_len = 4;
+	memset(param, 0, param_len);
+	SSVAL(param, 0, fnum);
+	SSVAL(param, 2, SMB_QUERY_FILE_NAME_INFO);
+
+	if (!cli_send_trans(cli, SMBtrans2, 
+                            NULL,                           /* name */
+                            -1, 0,                          /* fid, flags */
+                            &setup, 1, 0,                   /* setup, length, max */
+                            param, param_len, 2,            /* param, length, max */
+                            NULL, data_len, cli->max_xmit   /* data, length, max */
+                           )) {
+		return False;
+	}
+
+	if (!cli_receive_trans(cli, SMBtrans2,
+                               &rparam, &param_len,
+                               &rdata, &data_len)) {
+		return False;
+	}
+
+	if (!rdata || data_len < 4) {
+		return False;
+	}
+
+	clistr_pull(cli, name, rdata+4, sizeof(pstring), IVAL(rdata, 0), STR_UNICODE);
+
+	return True;
+}
+
+
+/****************************************************************************
+send a qfileinfo call
+****************************************************************************/
+BOOL cli_qfileinfo(struct cli_state *cli, int fnum, 
+		   uint16 *mode, size_t *size,
+		   time_t *c_time, time_t *a_time, time_t *m_time, 
+		   time_t *w_time, SMB_INO_T *ino)
+{
+	int data_len = 0;
+	int param_len = 0;
+	uint16 setup = TRANSACT2_QFILEINFO;
+	pstring param;
+	char *rparam=NULL, *rdata=NULL;
+
+	/* if its a win95 server then fail this - win95 totally screws it
+	   up */
+	if (cli->win95) return False;
+
+	param_len = 4;
+
+	memset(param, 0, param_len);
+	SSVAL(param, 0, fnum);
+	SSVAL(param, 2, SMB_QUERY_FILE_ALL_INFO);
+
+	if (!cli_send_trans(cli, SMBtrans2, 
+                            NULL,                           /* name */
+                            -1, 0,                          /* fid, flags */
+                            &setup, 1, 0,                   /* setup, length, max */
+                            param, param_len, 2,            /* param, length, max */
+                            NULL, data_len, cli->max_xmit   /* data, length, max */
+                           )) {
+		return False;
+	}
+
+	if (!cli_receive_trans(cli, SMBtrans2,
+                               &rparam, &param_len,
+                               &rdata, &data_len)) {
+		return False;
+	}
+
+	if (!rdata || data_len < 68) {
+		return False;
+	}
+
+	if (c_time) {
+		*c_time = interpret_long_date(rdata+0) - cli->serverzone;
+	}
+	if (a_time) {
+		*a_time = interpret_long_date(rdata+8) - cli->serverzone;
+	}
+	if (m_time) {
+		*m_time = interpret_long_date(rdata+16) - cli->serverzone;
+	}
+	if (w_time) {
+		*w_time = interpret_long_date(rdata+24) - cli->serverzone;
+	}
+	if (mode) {
+		*mode = SVAL(rdata, 32);
+	}
+	if (size) {
+		*size = IVAL(rdata, 48);
+	}
+	if (ino) {
+		*ino = IVAL(rdata, 64);
+	}
+
+	SAFE_FREE(rdata);
+	SAFE_FREE(rparam);
+	return True;
+}
+
+/****************************************************************************
+send a qfileinfo call
+****************************************************************************/
+BOOL cli_qfileinfo_test(struct cli_state *cli, int fnum, int level, char *outdata)
+{
+	int data_len = 0;
+	int param_len = 0;
+	uint16 setup = TRANSACT2_QFILEINFO;
+	pstring param;
+	char *rparam=NULL, *rdata=NULL;
+
+	/* if its a win95 server then fail this - win95 totally screws it
+	   up */
+	if (cli->win95) return False;
+
+	param_len = 4;
+
+	memset(param, 0, param_len);
+	SSVAL(param, 0, fnum);
+	SSVAL(param, 2, level);
+
+	if (!cli_send_trans(cli, SMBtrans2, 
+                            NULL,                           /* name */
+                            -1, 0,                          /* fid, flags */
+                            &setup, 1, 0,                   /* setup, length, max */
+                            param, param_len, 2,            /* param, length, max */
+                            NULL, data_len, cli->max_xmit   /* data, length, max */
+                           )) {
+		return False;
+	}
+
+	if (!cli_receive_trans(cli, SMBtrans2,
+                               &rparam, &param_len,
+                               &rdata, &data_len)) {
+		return False;
+	}
+
+	memcpy(outdata, rdata, data_len);
+
+	SAFE_FREE(rdata);
+	SAFE_FREE(rparam);
+	return True;
+}
+
+
+
+/****************************************************************************
+send a qpathinfo SMB_QUERY_FILE_ALT_NAME_INFO call
+****************************************************************************/
+NTSTATUS cli_qpathinfo_alt_name(struct cli_state *cli, const char *fname, fstring alt_name)
+{
+	int data_len = 0;
+	int param_len = 0;
+	uint16 setup = TRANSACT2_QPATHINFO;
+	pstring param;
+	char *rparam=NULL, *rdata=NULL;
+	int count=8;
+	char *p;
+	BOOL ret;
+	int len;
+
+	p = param;
+	memset(p, 0, 6);
+	SSVAL(p, 0, SMB_QUERY_FILE_ALT_NAME_INFO);
+	p += 6;
+	p += clistr_push(cli, p, fname, sizeof(pstring)-6, STR_TERMINATE);
+
+	param_len = PTR_DIFF(p, param);
+
+	do {
+		ret = (cli_send_trans(cli, SMBtrans2, 
+				      NULL,           /* Name */
+				      -1, 0,          /* fid, flags */
+				      &setup, 1, 0,   /* setup, length, max */
+				      param, param_len, 10, /* param, length, max */
+				      NULL, data_len, cli->max_xmit /* data, length, max */
+				      ) &&
+		       cli_receive_trans(cli, SMBtrans2, 
+					 &rparam, &param_len,
+					 &rdata, &data_len));
+		if (!ret && cli_is_dos_error(cli)) {
+			/* we need to work around a Win95 bug - sometimes
+			   it gives ERRSRV/ERRerror temprarily */
+			uint8 eclass;
+			uint32 ecode;
+			cli_dos_error(cli, &eclass, &ecode);
+			if (eclass != ERRSRV || ecode != ERRerror) break;
+			msleep(100);
+		}
+	} while (count-- && ret==False);
+
+	if (!ret || !rdata || data_len < 4) {
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	len = IVAL(rdata, 0);
+
+	if (len > data_len - 4) {
+		return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	}
+
+	clistr_pull(cli, alt_name, rdata+4, sizeof(fstring), len, 0);
+
+	SAFE_FREE(rdata);
+	SAFE_FREE(rparam);
+
+	return NT_STATUS_OK;
+}
diff --git a/source3/libsmb/clirap2.c b/source3/libsmb/clirap2.c
new file mode 100644
index 0000000000..00cd4b15f3
--- /dev/null
+++ b/source3/libsmb/clirap2.c
@@ -0,0 +1,1961 @@
+/* 
+   Samba Unix/Linux SMB client library 
+   More client RAP (SMB Remote Procedure Calls) functions
+   Copyright (C) 2001 Steve French (sfrench@us.ibm.com)
+   Copyright (C) 2001 Jim McDonough (jmcd@us.ibm.com)
+                    
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+/*****************************************************/
+/*                                                   */
+/*   Additional RAP functionality                    */
+/*                                                   */
+/*   RAP is the original SMB RPC, documented         */
+/*   by Microsoft and X/Open in the 1990s and        */
+/*   supported by most SMB/CIFS servers although     */
+/*   it is unlikely that any one implementation      */
+/*   supports all RAP command codes since some       */
+/*   are quite obsolete and a few are specific       */
+/*   to a particular network operating system        */
+/*                                                   */ 
+/*   Although it has largely been replaced           */ 
+/*   for complex remote admistration and management  */
+/*   (of servers) by the relatively newer            */
+/*   DCE/RPC based remote API (which better handles  */
+/*   large >64K data structures), there are many     */
+/*   important administrative and resource location  */
+/*   tasks and user tasks (e.g. password change)     */
+/*   that are performed via RAP.                     */
+/*                                                   */
+/*   Although a few of the RAP calls are implemented */
+/*   in the Samba client library already (clirap.c)  */
+/*   the new ones are in clirap2.c for easy patching */
+/*   and integration and a corresponding header      */
+/*   file, rap.h, has been created.                  */
+/*                                                   */
+/*   This is based on data from the CIFS spec        */
+/*   and the LAN Server and LAN Manager              */
+/*   Programming Reference books and published       */
+/*   RAP document and CIFS forum postings and        */
+/*   lots of trial and error                         */
+/*                                                   */
+/*   Function names changed from API_ (as they are   */
+/*   in the CIFS specification) to RAP_ in order     */
+/*   to avoid confusion with other API calls         */
+/*   sent via DCE RPC                                */
+/*                                                   */
+/*****************************************************/
+
+/*****************************************************/
+/*                                                   */
+/* cifsrap.c already includes support for:           */
+/*                                                   */
+/* WshareEnum ( API number 0, level 1)               */
+/* NetServerEnum2 (API num 104, level 1)             */
+/* WWkstaUserLogon (132)                             */
+/* SamOEMchgPasswordUser2_P (214)                    */
+/*                                                   */
+/* cifsprint.c already includes support for:         */
+/*                                                   */
+/* WPrintJobEnum (API num 76, level 2)               */
+/* WPrintJobDel  (API num 81)                        */
+/*                                                   */
+/*****************************************************/ 
+
+#define NO_SYSLOG
+
+#include "includes.h" 
+
+#define WORDSIZE 2
+#define DWORDSIZE 4
+
+#define PUTBYTE(p,b) do {SCVAL(p,0,b); p++;} while(0)
+#define GETBYTE(p,b) do {b = CVAL(p,0); p++;} while(0)
+#define PUTWORD(p,w) do {SSVAL(p,0,w); p += WORDSIZE;} while(0)
+#define GETWORD(p,w) do {w = SVAL(p,0); p += WORDSIZE;} while(0)
+#define PUTDWORD(p,d) do {SIVAL(p,0,d); p += DWORDSIZE;} while(0)
+#define GETDWORD(p,d) do {d = IVAL(p,0); p += DWORDSIZE;} while(0)
+#define GETRES(p) p ? SVAL(p,0) : -1
+/* put string s at p with max len n and increment p past string */
+#define PUTSTRING(p,s,n) do {\
+  push_ascii(p,s?s:"",n?n:256,STR_TERMINATE);\
+  p = skip_string(p,1);\
+  } while(0)
+/* put string s and p, using fixed len l, and increment p by l */
+#define PUTSTRINGF(p,s,l) do {\
+  push_ascii(p,s?s:"",l,STR_TERMINATE);\
+  p += l;\
+  } while (0)
+/* put string pointer at p, supplying offset o from rdata r, store   */
+/* dword offset at p, increment p by 4 and o by length of s.  This   */
+/* means on the first call, you must calc the offset yourself!       */
+#define PUTSTRINGP(p,s,r,o) do {\
+  if (s) {\
+    push_ascii(r+o,s,strlen(s)+1,STR_TERMINATE);\
+    PUTDWORD(p,o);\
+    o += strlen(s) + 1;\
+  } else PUTDWORD(p,0);\
+  }while(0);
+/* get asciiz string s from p, increment p past string */
+#define GETSTRING(p,s) do {\
+  pull_ascii_pstring(s,p);\
+  p = skip_string(p,1);\
+  } while(0)
+/* get fixed length l string s from p, increment p by l */
+#define GETSTRINGF(p,s,l) do {\
+  pull_ascii_pstring(s,p);\
+  p += l;\
+  } while(0)
+/* get string s from offset (obtained at p) from rdata r - converter c */
+#define GETSTRINGP(p,s,r,c) do {\
+  uint32 off;\
+  GETDWORD(p,off);\
+  off &= 0x0000FFFF; /* mask the obsolete segment number from the offset */ \
+  pull_ascii_pstring(s, off?(r+off-c):"");\
+  } while(0)
+
+static char *make_header(char *param, uint16 apinum, char *reqfmt, char *datafmt)
+{
+  PUTWORD(param,apinum);
+  if (reqfmt) 
+    PUTSTRING(param,reqfmt,0);
+  else 
+    *param++ = (char) 0;
+
+  if (datafmt)
+    PUTSTRING(param,datafmt,0);
+  else
+    *param++ = (char) 0;
+
+  return param;
+}
+    
+
+/****************************************************************************
+ call a NetGroupDelete - delete user group from remote server
+****************************************************************************/
+int cli_NetGroupDelete(struct cli_state *cli, const char *group_name )
+{
+  char *rparam = NULL;
+  char *rdata = NULL;
+  char *p;
+  int rdrcnt,rprcnt, res;
+  char param[WORDSIZE                    /* api number    */
+	    +sizeof(RAP_NetGroupDel_REQ) /* parm string   */
+	    +1                           /* no ret string */
+	    +RAP_GROUPNAME_LEN           /* group to del  */
+	    +WORDSIZE];                  /* reserved word */
+
+  /* now send a SMBtrans command with api GroupDel */
+  p = make_header(param, RAP_WGroupDel, RAP_NetGroupDel_REQ, NULL);  
+  PUTSTRING(p, group_name, RAP_GROUPNAME_LEN);
+  PUTWORD(p,0);  /* reserved word MBZ on input */
+        	 
+  if (cli_api(cli, 
+	      param, PTR_DIFF(p,param), 1024, /* Param, length, maxlen */
+	      NULL, 0, 200,       /* data, length, maxlen */
+	      &rparam, &rprcnt,   /* return params, length */
+	      &rdata, &rdrcnt))   /* return data, length */
+    {
+      res = GETRES(rparam);
+			
+      if (res == 0) {
+	/* nothing to do */		
+      }
+      else if ((res == 5) || (res == 65)) {
+          DEBUG(1, ("Access Denied\n"));
+      }
+      else if (res == 2220) {
+         DEBUG (1, ("Group does not exist\n"));
+      }
+      else {
+	DEBUG(4,("NetGroupDelete res=%d\n", res));
+      }      
+    } else {
+      res = -1;
+      DEBUG(4,("NetGroupDelete failed\n"));
+    }
+  
+  SAFE_FREE(rparam);
+  SAFE_FREE(rdata);
+  
+  return res;
+}
+
+/****************************************************************************
+ call a NetGroupAdd - add user group to remote server
+****************************************************************************/
+int cli_NetGroupAdd(struct cli_state *cli, RAP_GROUP_INFO_1 * grinfo )
+{
+  char *rparam = NULL;
+  char *rdata = NULL;
+  char *p;
+  int rdrcnt,rprcnt,res;
+  char param[WORDSIZE                    /* api number    */
+	    +sizeof(RAP_NetGroupAdd_REQ) /* req string    */
+	    +sizeof(RAP_GROUP_INFO_L1)   /* return string */
+	    +WORDSIZE                    /* info level    */
+	    +WORDSIZE];                  /* reserved word */
+
+  char data[1024];
+    
+  /* offset into data of free format strings.  Will be updated */
+  /* by PUTSTRINGP macro and end up with total data length.    */
+  int soffset = RAP_GROUPNAME_LEN + 1 + DWORDSIZE; 
+
+  /* now send a SMBtrans command with api WGroupAdd */
+  
+  p = make_header(param, RAP_WGroupAdd,
+		  RAP_NetGroupAdd_REQ, RAP_GROUP_INFO_L1); 
+  PUTWORD(p, 1); /* info level */
+  PUTWORD(p, 0); /* reserved word 0 */
+  
+  p = data;
+  PUTSTRINGF(p, grinfo->group_name, RAP_GROUPNAME_LEN);
+  PUTBYTE(p, 0); /* pad byte 0 */
+  PUTSTRINGP(p, grinfo->comment, data, soffset);
+  
+  if (cli_api(cli, 
+	      param, sizeof(param), 1024, /* Param, length, maxlen */
+	      data, soffset, sizeof(data), /* data, length, maxlen */
+	      &rparam, &rprcnt,   /* return params, length */
+	      &rdata, &rdrcnt))   /* return data, length */
+    {
+      res = GETRES(rparam);
+      
+      if (res == 0) {
+	/* nothing to do */		
+      } else if ((res == 5) || (res == 65)) {
+        DEBUG(1, ("Access Denied\n"));
+      }
+      else if (res == 2223) {
+        DEBUG (1, ("Group already exists\n"));
+      }
+      else {
+    	DEBUG(4,("NetGroupAdd res=%d\n", res));
+      }
+    } else {
+      res = -1;
+      DEBUG(4,("NetGroupAdd failed\n"));
+    }
+  
+  SAFE_FREE(rparam);
+  SAFE_FREE(rdata);
+
+  return res;
+}
+
+/****************************************************************************
+call a NetGroupEnum - try and list user groups on a different host
+****************************************************************************/
+int cli_RNetGroupEnum(struct cli_state *cli, void (*fn)(const char *, const char *, void *), void *state)
+{
+  char param[WORDSIZE                     /* api number    */
+	    +sizeof(RAP_NetGroupEnum_REQ) /* parm string   */
+	    +sizeof(RAP_GROUP_INFO_L1)    /* return string */
+	    +WORDSIZE                     /* info level    */
+	    +WORDSIZE];                   /* buffer size   */
+  char *p;
+  char *rparam = NULL;
+  char *rdata = NULL; 
+  int rprcnt, rdrcnt;
+  int res = -1;
+  
+  
+  memset(param, '\0', sizeof(param));
+  p = make_header(param, RAP_WGroupEnum,
+		  RAP_NetGroupEnum_REQ, RAP_GROUP_INFO_L1);
+  PUTWORD(p,1); /* Info level 1 */  /* add level 0 */
+  PUTWORD(p,0xFFE0); /* Return buffer size */
+
+  if (cli_api(cli,
+	      param, PTR_DIFF(p,param),8,
+	      NULL, 0, 0xFFE0 /* data area size */,
+	      &rparam, &rprcnt,
+	      &rdata, &rdrcnt)) {
+    res = GETRES(rparam);
+    cli->rap_error = res;
+    if(cli->rap_error == 234) 
+        DEBUG(1,("Not all group names were returned (such as those longer than 21 characters)\n"));
+    else if (cli->rap_error != 0) {
+      DEBUG(1,("NetGroupEnum gave error %d\n", cli->rap_error));
+    }
+  }
+
+  if (rdata) {
+    if (res == 0 || res == ERRmoredata) {
+      int i, converter, count;
+
+      p = rparam + WORDSIZE; /* skip result */
+      GETWORD(p, converter);
+      GETWORD(p, count);
+
+      for (i=0,p=rdata;i<count;i++) {
+	    pstring comment;
+	    char groupname[RAP_GROUPNAME_LEN];
+
+	    GETSTRINGF(p, groupname, RAP_GROUPNAME_LEN);
+	    p++; /* pad byte */
+	    GETSTRINGP(p, comment, rdata, converter);
+
+	    fn(groupname, comment, cli);
+      }	
+    } else {
+      DEBUG(4,("NetGroupEnum res=%d\n", res));
+    }
+  } else {
+    DEBUG(4,("NetGroupEnum no data returned\n"));
+  }
+    
+  SAFE_FREE(rparam);
+  SAFE_FREE(rdata);
+
+  return res;
+}
+
+int cli_NetGroupDelUser(struct cli_state * cli, const char *group_name, const char *user_name)
+{
+  char *rparam = NULL;
+  char *rdata = NULL;
+  char *p;
+  int rdrcnt,rprcnt,res;
+  char param[WORDSIZE                        /* api number    */
+	    +sizeof(RAP_NetGroupDelUser_REQ) /* parm string   */
+	    +1                               /* no ret string */
+	    +RAP_GROUPNAME_LEN               /* group name    */
+	    +RAP_USERNAME_LEN];              /* user to del   */
+
+  /* now send a SMBtrans command with api GroupMemberAdd */
+  p = make_header(param, RAP_WGroupDelUser, RAP_NetGroupDelUser_REQ, NULL);
+  PUTSTRING(p,group_name,RAP_GROUPNAME_LEN);
+  PUTSTRING(p,user_name,RAP_USERNAME_LEN);
+
+  if (cli_api(cli, 
+	      param, PTR_DIFF(p,param), 1024, /* Param, length, maxlen */
+	      NULL, 0, 200,       /* data, length, maxlen */
+	      &rparam, &rprcnt,   /* return params, length */
+	      &rdata, &rdrcnt))   /* return data, length */
+    {
+      res = GETRES(rparam);
+      
+      switch(res) {
+        case 0:
+	  break;
+        case 5:
+        case 65:
+	  DEBUG(1, ("Access Denied\n"));
+	  break;
+        case 50:
+	  DEBUG(1, ("Not supported by server\n"));
+	  break;
+        case 2220:
+	  DEBUG(1, ("Group does not exist\n"));
+	  break;
+        case 2221:
+	  DEBUG(1, ("User does not exist\n"));
+	  break;
+        case 2237:
+	  DEBUG(1, ("User is not in group\n"));
+	  break;
+        default:
+	  DEBUG(4,("NetGroupDelUser res=%d\n", res));
+      }
+    } else {
+      res = -1;
+      DEBUG(4,("NetGroupDelUser failed\n"));
+    }
+  
+  SAFE_FREE(rparam);
+  SAFE_FREE(rdata);
+	
+  return res; 
+}
+
+int cli_NetGroupAddUser(struct cli_state * cli, const char *group_name, const char *user_name)
+{
+  char *rparam = NULL;
+  char *rdata = NULL;
+  char *p;
+  int rdrcnt,rprcnt,res;
+  char param[WORDSIZE                        /* api number    */
+	    +sizeof(RAP_NetGroupAddUser_REQ) /* parm string   */
+	    +1                               /* no ret string */
+	    +RAP_GROUPNAME_LEN               /* group name    */
+	    +RAP_USERNAME_LEN];              /* user to add   */
+
+  /* now send a SMBtrans command with api GroupMemberAdd */
+  p = make_header(param, RAP_WGroupAddUser, RAP_NetGroupAddUser_REQ, NULL);
+  PUTSTRING(p,group_name,RAP_GROUPNAME_LEN);
+  PUTSTRING(p,user_name,RAP_USERNAME_LEN);
+
+  if (cli_api(cli, 
+	      param, PTR_DIFF(p,param), 1024, /* Param, length, maxlen */
+	      NULL, 0, 200,       /* data, length, maxlen */
+	      &rparam, &rprcnt,   /* return params, length */
+	      &rdata, &rdrcnt))   /* return data, length */
+    {
+      res = GETRES(rparam);
+      
+      switch(res) {
+        case 0:
+	  break;
+        case 5:
+        case 65:
+	  DEBUG(1, ("Access Denied\n"));
+	  break;
+        case 50:
+	  DEBUG(1, ("Not supported by server\n"));
+	  break;
+        case 2220:
+	  DEBUG(1, ("Group does not exist\n"));
+	  break;
+        case 2221:
+	  DEBUG(1, ("User does not exist\n"));
+	  break;
+        default:
+	  DEBUG(4,("NetGroupAddUser res=%d\n", res));
+      }
+    } else {
+      res = -1;
+      DEBUG(4,("NetGroupAddUser failed\n"));
+    }
+  
+  SAFE_FREE(rparam);
+  SAFE_FREE(rdata);
+	
+  return res;
+}
+
+
+int cli_NetGroupGetUsers(struct cli_state * cli, const char *group_name, void (*fn)(const char *, void *), void *state )
+{
+  char *rparam = NULL;
+  char *rdata = NULL;
+  char *p;
+  int rdrcnt,rprcnt;
+  int res = -1;
+  char param[WORDSIZE                        /* api number    */
+	    +sizeof(RAP_NetGroupGetUsers_REQ)/* parm string   */
+	    +sizeof(RAP_GROUP_USERS_INFO_0)  /* return string */
+	    +RAP_GROUPNAME_LEN               /* group name    */
+	    +WORDSIZE                        /* info level    */
+	    +WORDSIZE];                      /* buffer size   */
+
+  /* now send a SMBtrans command with api GroupGetUsers */
+  p = make_header(param, RAP_WGroupGetUsers,
+		  RAP_NetGroupGetUsers_REQ, RAP_GROUP_USERS_INFO_0);
+  PUTSTRING(p,group_name,RAP_GROUPNAME_LEN-1);
+  PUTWORD(p,0); /* info level 0 */
+  PUTWORD(p,0xFFE0); /* return buffer size */
+
+  if (cli_api(cli,
+	      param, PTR_DIFF(p,param),PTR_DIFF(p,param),
+	      NULL, 0, CLI_BUFFER_SIZE,
+	      &rparam, &rprcnt,
+	      &rdata, &rdrcnt)) {
+    res = GETRES(rparam);
+    cli->rap_error = res;
+    if (res != 0) {
+      DEBUG(1,("NetGroupGetUsers gave error %d\n", res));
+    }
+  }
+  if (rdata) {
+    if (res == 0 || res == ERRmoredata) {
+      int i, converter, count;
+      fstring username;
+      p = rparam +WORDSIZE;
+      GETWORD(p, converter);
+      GETWORD(p, count);
+
+      for (i=0,p=rdata; i<count; i++) {
+	GETSTRINGF(p, username, RAP_USERNAME_LEN);
+	fn(username, state);
+      }
+    } else {
+      DEBUG(4,("NetGroupGetUsers res=%d\n", res));
+    }
+  } else {
+    DEBUG(4,("NetGroupGetUsers no data returned\n"));
+  }
+  SAFE_FREE(rdata);
+  SAFE_FREE(rparam);
+  return res;
+}
+
+int cli_NetUserGetGroups(struct cli_state * cli, const char *user_name, void (*fn)(const char *, void *), void *state )
+{
+  char *rparam = NULL;
+  char *rdata = NULL;
+  char *p;
+  int rdrcnt,rprcnt;
+  int res = -1;
+  char param[WORDSIZE                        /* api number    */
+	    +sizeof(RAP_NetUserGetGroups_REQ)/* parm string   */
+	    +sizeof(RAP_GROUP_USERS_INFO_0)  /* return string */
+	    +RAP_USERNAME_LEN               /* user name    */
+	    +WORDSIZE                        /* info level    */
+	    +WORDSIZE];                      /* buffer size   */
+
+  /* now send a SMBtrans command with api GroupGetUsers */
+  p = make_header(param, RAP_WUserGetGroups,
+		  RAP_NetUserGetGroups_REQ, RAP_GROUP_USERS_INFO_0);
+  PUTSTRING(p,user_name,RAP_USERNAME_LEN-1);
+  PUTWORD(p,0); /* info level 0 */
+  PUTWORD(p,0xFFE0); /* return buffer size */
+
+  if (cli_api(cli,
+	      param, PTR_DIFF(p,param),PTR_DIFF(p,param),
+	      NULL, 0, CLI_BUFFER_SIZE,
+	      &rparam, &rprcnt,
+	      &rdata, &rdrcnt)) {
+    res = GETRES(rparam);
+    cli->rap_error = res;
+    if (res != 0) {
+      DEBUG(1,("NetUserGetGroups gave error %d\n", res));
+    }
+  }
+  if (rdata) {
+    if (res == 0 || res == ERRmoredata) {
+      int i, converter, count;
+      fstring groupname;
+      p = rparam +WORDSIZE;
+      GETWORD(p, converter);
+      GETWORD(p, count);
+
+      for (i=0,p=rdata; i<count; i++) {
+    	GETSTRINGF(p, groupname, RAP_USERNAME_LEN);
+	    fn(groupname, state);
+      }
+    } else {
+      DEBUG(4,("NetUserGetGroups res=%d\n", res));
+    }
+  } else {
+    DEBUG(4,("NetUserGetGroups no data returned\n"));
+  }
+  SAFE_FREE(rdata);
+  SAFE_FREE(rparam);
+  return res;
+}
+
+
+/****************************************************************************
+ call a NetUserDelete - delete user from remote server
+****************************************************************************/
+int cli_NetUserDelete(struct cli_state *cli, const char * user_name )
+{
+  char *rparam = NULL;
+  char *rdata = NULL;
+  char *p;
+  int rdrcnt,rprcnt, res;
+  char param[WORDSIZE                    /* api number    */
+	    +sizeof(RAP_NetGroupDel_REQ) /* parm string   */
+	    +1                           /* no ret string */
+	    +RAP_USERNAME_LEN            /* user to del   */
+	    +WORDSIZE];                  /* reserved word */
+
+  /* now send a SMBtrans command with api UserDel */
+  p = make_header(param, RAP_WUserDel, RAP_NetGroupDel_REQ, NULL);  
+  PUTSTRING(p, user_name, RAP_USERNAME_LEN);
+  PUTWORD(p,0);  /* reserved word MBZ on input */
+        	 
+  if (cli_api(cli, 
+	      param, PTR_DIFF(p,param), 1024, /* Param, length, maxlen */
+	      NULL, 0, 200,       /* data, length, maxlen */
+	      &rparam, &rprcnt,   /* return params, length */
+	      &rdata, &rdrcnt))   /* return data, length */
+    {
+      res = GETRES(rparam);
+      
+      if (res == 0) {
+	/* nothing to do */		
+      }
+      else if ((res == 5) || (res == 65)) {
+         DEBUG(1, ("Access Denied\n"));
+      }
+      else if (res == 2221) {
+         DEBUG (1, ("User does not exist\n"));
+      }
+      else {
+          DEBUG(4,("NetUserDelete res=%d\n", res));
+      }      
+    } else {
+      res = -1;
+      DEBUG(4,("NetUserDelete failed\n"));
+    }
+  
+  SAFE_FREE(rparam);
+  SAFE_FREE(rdata);
+	
+  return res;
+}
+
+/****************************************************************************
+ call a NetUserAdd - add user to remote server
+****************************************************************************/
+int cli_NetUserAdd(struct cli_state *cli, RAP_USER_INFO_1 * userinfo )
+{
+   
+
+
+  char *rparam = NULL;
+  char *rdata = NULL;
+  char *p;                                          
+  int rdrcnt,rprcnt,res;
+  char param[WORDSIZE                    /* api number    */
+	    +sizeof(RAP_NetUserAdd2_REQ) /* req string    */
+	    +sizeof(RAP_USER_INFO_L1)    /* data string   */
+	    +WORDSIZE                    /* info level    */
+	    +WORDSIZE                    /* buffer length */
+	    +WORDSIZE];                  /* reserved      */
+ 
+  char data[1024];
+  /* offset into data of free format strings.  Will be updated */
+  /* by PUTSTRINGP macro and end up with total data length.    */
+  int soffset=RAP_USERNAME_LEN+1 /* user name + pad */
+    + RAP_UPASSWD_LEN            /* password        */
+    + DWORDSIZE                  /* password age    */
+    + WORDSIZE                   /* privilege       */
+    + DWORDSIZE                  /* home dir ptr    */
+    + DWORDSIZE                  /* comment ptr     */
+    + WORDSIZE                   /* flags           */
+    + DWORDSIZE;                 /* login script ptr*/
+
+  /* now send a SMBtrans command with api NetUserAdd */
+  p = make_header(param, RAP_WUserAdd2,
+		  RAP_NetUserAdd2_REQ, RAP_USER_INFO_L1);
+  PUTWORD(p, 1); /* info level */
+
+  PUTWORD(p, 0); /* pwencrypt */
+  if(userinfo->passwrd)
+    PUTWORD(p,MIN(strlen(userinfo->passwrd), RAP_UPASSWD_LEN));
+  else
+    PUTWORD(p, 0); /* password length */
+
+  p = data;
+  memset(data, '\0', soffset);
+
+  PUTSTRINGF(p, userinfo->user_name, RAP_USERNAME_LEN);
+  PUTBYTE(p, 0); /* pad byte 0 */
+  PUTSTRINGF(p, userinfo->passwrd, RAP_UPASSWD_LEN);
+  PUTDWORD(p, 0); /* pw age - n.a. on user add */
+  PUTWORD(p, userinfo->priv);
+  PUTSTRINGP(p, userinfo->home_dir, data, soffset);
+  PUTSTRINGP(p, userinfo->comment, data, soffset);
+  PUTWORD(p, userinfo->userflags);
+  PUTSTRINGP(p, userinfo->logon_script, data, soffset);
+
+  if (cli_api(cli, 
+	      param, sizeof(param), 1024, /* Param, length, maxlen */
+	      data, soffset, sizeof(data), /* data, length, maxlen */
+	      &rparam, &rprcnt,   /* return params, length */
+	      &rdata, &rdrcnt))   /* return data, length */
+    {
+      res = GETRES(rparam);
+      
+      if (res == 0) {
+	/* nothing to do */		
+      }       
+      else if ((res == 5) || (res == 65)) {
+        DEBUG(1, ("Access Denied\n"));
+      }
+      else if (res == 2224) {
+        DEBUG (1, ("User already exists\n"));
+      }
+      else {
+	    DEBUG(4,("NetUserAdd res=%d\n", res));
+      }
+    } else {
+      res = -1;
+      DEBUG(4,("NetUserAdd failed\n"));
+    }
+  
+  SAFE_FREE(rparam);
+  SAFE_FREE(rdata);
+
+  return res;
+}
+
+/****************************************************************************
+call a NetUserEnum - try and list users on a different host
+****************************************************************************/
+int cli_RNetUserEnum(struct cli_state *cli, void (*fn)(const char *, const char *, const char *, const char *, void *), void *state)
+{
+  char param[WORDSIZE                 /* api number    */
+	    +sizeof(RAP_NetUserEnum_REQ) /* parm string   */
+	    +sizeof(RAP_USER_INFO_L1)    /* return string */
+	    +WORDSIZE                 /* info level    */
+	    +WORDSIZE];               /* buffer size   */
+  char *p;
+  char *rparam = NULL;
+  char *rdata = NULL; 
+  int rprcnt, rdrcnt;
+  int res = -1;
+  
+
+  memset(param, '\0', sizeof(param));
+  p = make_header(param, RAP_WUserEnum,
+		  RAP_NetUserEnum_REQ, RAP_USER_INFO_L1);
+  PUTWORD(p,1); /* Info level 1 */
+  PUTWORD(p,0xFF00); /* Return buffer size */
+
+/* BB Fix handling of large numbers of users to be returned */
+  if (cli_api(cli,
+	      param, PTR_DIFF(p,param),8,
+	      NULL, 0, CLI_BUFFER_SIZE,
+	      &rparam, &rprcnt,
+	      &rdata, &rdrcnt)) {
+    res = GETRES(rparam);
+    cli->rap_error = res;
+    if (cli->rap_error != 0) {
+      DEBUG(1,("NetUserEnum gave error %d\n", cli->rap_error));
+    }
+  }
+  if (rdata) {
+    if (res == 0 || res == ERRmoredata) {
+      int i, converter, count;
+      char username[RAP_USERNAME_LEN];
+      char userpw[RAP_UPASSWD_LEN];
+      pstring comment, homedir, logonscript;
+      int pwage, priv, flags;
+
+      p = rparam + WORDSIZE; /* skip result */
+      GETWORD(p, converter);
+      GETWORD(p, count);
+
+      for (i=0,p=rdata;i<count;i++) {
+        GETSTRINGF(p, username, RAP_USERNAME_LEN);
+        p++; /* pad byte */
+        GETSTRINGF(p, userpw, RAP_UPASSWD_LEN);
+        GETDWORD(p, pwage); /* password age */
+        GETWORD(p, priv); /* 0=guest, 1=user, 2=admin */
+        GETSTRINGP(p, homedir, rdata, converter);
+        GETSTRINGP(p, comment, rdata, converter);
+        GETWORD(p, flags);
+        GETSTRINGP(p, logonscript, rdata, converter);
+
+        fn(username, comment, homedir, logonscript, cli);
+      }
+    } else {
+      DEBUG(4,("NetUserEnum res=%d\n", res));
+    }
+  } else {
+    DEBUG(4,("NetUserEnum no data returned\n"));
+  }
+    
+  SAFE_FREE(rparam);
+  SAFE_FREE(rdata);
+
+  return res;
+}
+
+/****************************************************************************
+ call a NetFileClose2 - close open file on another session to server
+****************************************************************************/
+int cli_NetFileClose(struct cli_state *cli, uint32 file_id )
+{
+  char *rparam = NULL;
+  char *rdata = NULL;
+  char *p;
+  int rdrcnt,rprcnt;
+  char param[WORDSIZE                    /* api number    */
+	    +sizeof(RAP_WFileClose2_REQ) /* req string    */
+	    +1                           /* no ret string */
+	    +DWORDSIZE];                 /* file ID          */
+  int res = -1;
+
+  /* now send a SMBtrans command with api RNetShareEnum */
+  p = make_header(param, RAP_WFileClose2, RAP_WFileClose2_REQ, NULL);
+  PUTDWORD(p, file_id);  
+        	 
+  if (cli_api(cli, 
+	      param, PTR_DIFF(p,param), 1024, /* Param, length, maxlen */
+	      NULL, 0, 200,       /* data, length, maxlen */
+	      &rparam, &rprcnt,   /* return params, length */
+	      &rdata, &rdrcnt))   /* return data, length */
+    {
+      res = GETRES(rparam);
+      
+      if (res == 0) {
+	/* nothing to do */		
+      } else if (res == 2314){
+         DEBUG(1, ("NetFileClose2 - attempt to close non-existant file open instance\n"));
+      } else {
+	DEBUG(4,("NetFileClose2 res=%d\n", res));
+      }      
+    } else {
+      res = -1;
+      DEBUG(4,("NetFileClose2 failed\n"));
+    }
+  
+  SAFE_FREE(rparam);
+  SAFE_FREE(rdata);
+  
+  return res;
+}
+
+/****************************************************************************
+call a NetFileGetInfo - get information about server file opened from other
+     workstation
+****************************************************************************/
+int cli_NetFileGetInfo(struct cli_state *cli, uint32 file_id, void (*fn)(const char *, const char *, uint16, uint16, uint32))
+{
+  char *rparam = NULL;
+  char *rdata = NULL;
+  char *p;
+  int rdrcnt,rprcnt, res;
+  char param[WORDSIZE                      /* api number      */
+	    +sizeof(RAP_WFileGetInfo2_REQ) /* req string      */
+	    +sizeof(RAP_FILE_INFO_L3)      /* return string   */
+	    +DWORDSIZE                     /* file ID          */
+	    +WORDSIZE                      /* info level      */
+	    +WORDSIZE];                    /* buffer size     */
+
+  /* now send a SMBtrans command with api RNetShareEnum */
+  p = make_header(param, RAP_WFileGetInfo2,
+		  RAP_WFileGetInfo2_REQ, RAP_FILE_INFO_L3); 
+  PUTDWORD(p, file_id);
+  PUTWORD(p, 3);  /* info level */
+  PUTWORD(p, 0x1000);   /* buffer size */ 
+  if (cli_api(cli, 
+	      param, PTR_DIFF(p,param), 1024, /* Param, length, maxlen */
+	      NULL, 0, 0x1000,  /* data, length, maxlen */
+	      &rparam, &rprcnt,               /* return params, length */
+	      &rdata, &rdrcnt))               /* return data, length */
+    {
+      res = GETRES(rparam);
+      if (res == 0 || res == ERRmoredata) {
+	int converter,id, perms, locks;
+	pstring fpath, fuser;
+	  
+	p = rparam + WORDSIZE; /* skip result */
+	GETWORD(p, converter);
+
+	p = rdata;
+	GETDWORD(p, id);
+	GETWORD(p, perms);
+	GETWORD(p, locks);
+	GETSTRINGP(p, fpath, rdata, converter);
+	GETSTRINGP(p, fuser, rdata, converter);
+	
+	fn(fpath, fuser, perms, locks, id);
+      } else {
+	DEBUG(4,("NetFileGetInfo2 res=%d\n", res));
+      }      
+    } else {
+      res = -1;
+      DEBUG(4,("NetFileGetInfo2 failed\n"));
+    }
+  
+  SAFE_FREE(rparam);
+  SAFE_FREE(rdata);
+  
+  return res;
+}
+
+/****************************************************************************
+* Call a NetFileEnum2 - list open files on an SMB server
+* 
+* PURPOSE:  Remotes a NetFileEnum API call to the current server or target 
+*           server listing the files open via the network (and their
+*           corresponding open instance ids)
+*          
+* Dependencies: none
+*
+* Parameters: 
+*             cli    - pointer to cli_state structure
+*             user   - if present, return only files opened by this remote user
+*             base_path - if present, return only files opened below this 
+*                         base path
+*             fn     - display function to invoke for each entry in the result
+*                        
+*
+* Returns:
+*             True      - success
+*             False     - failure
+*
+****************************************************************************/
+int cli_NetFileEnum(struct cli_state *cli, char * user, char * base_path, void (*fn)(const char *, const char *, uint16, uint16, uint32))
+{
+  char *rparam = NULL;
+  char *rdata = NULL;
+  char *p;
+  int rdrcnt,rprcnt;
+  char param[WORDSIZE                   /* api number      */
+	    +sizeof(RAP_WFileEnum2_REQ) /* req string      */
+	    +sizeof(RAP_FILE_INFO_L3)   /* return string   */
+	    +256                        /* base path (opt) */
+	    +RAP_USERNAME_LEN           /* user name (opt) */
+	    +WORDSIZE                   /* info level      */
+	    +WORDSIZE                   /* buffer size     */
+	    +DWORDSIZE                  /* resume key ?    */
+	    +DWORDSIZE];                /* resume key ?    */
+  int count = -1;
+
+  /* now send a SMBtrans command with api RNetShareEnum */
+  p = make_header(param, RAP_WFileEnum2,
+		  RAP_WFileEnum2_REQ, RAP_FILE_INFO_L3); 
+
+  PUTSTRING(p, base_path, 256);
+  PUTSTRING(p, user, RAP_USERNAME_LEN);
+  PUTWORD(p, 3); /* info level */
+  PUTWORD(p, 0xFF00);  /* buffer size */ 
+  PUTDWORD(p, 0);  /* zero out the resume key */
+  PUTDWORD(p, 0);  /* or is this one the resume key? */
+        	 
+  if (cli_api(cli, 
+	      param, PTR_DIFF(p,param), 1024, /* Param, length, maxlen */
+	      NULL, 0, 0xFF00,  /* data, length, maxlen */
+	      &rparam, &rprcnt,               /* return params, length */
+	      &rdata, &rdrcnt))               /* return data, length */
+    {
+      int res = GETRES(rparam);
+      
+      if (res == 0 || res == ERRmoredata) {
+	int converter, i;
+
+	p = rparam + WORDSIZE; /* skip result */
+	GETWORD(p, converter);
+	GETWORD(p, count);
+	
+	p = rdata;
+	for (i=0; i<count; i++) {
+	  int id, perms, locks;
+	  pstring fpath, fuser;
+	  
+	  GETDWORD(p, id);
+	  GETWORD(p, perms);
+	  GETWORD(p, locks);
+	  GETSTRINGP(p, fpath, rdata, converter);
+	  GETSTRINGP(p, fuser, rdata, converter);
+
+	  fn(fpath, fuser, perms, locks, id);
+	}  /* BB fix ERRmoredata case to send resume request */
+      } else {
+	DEBUG(4,("NetFileEnum2 res=%d\n", res));
+      }      
+    } else {
+      DEBUG(4,("NetFileEnum2 failed\n"));
+    }
+  
+  SAFE_FREE(rparam);
+  SAFE_FREE(rdata);
+  
+  return count;
+}
+
+/****************************************************************************
+ call a NetShareAdd - share/export directory on remote server
+****************************************************************************/
+int cli_NetShareAdd(struct cli_state *cli, RAP_SHARE_INFO_2 * sinfo )
+{
+  char *rparam = NULL;
+  char *rdata = NULL;
+  char *p;
+  int rdrcnt,rprcnt,res;
+  char param[WORDSIZE                  /* api number    */
+	    +sizeof(RAP_WShareAdd_REQ) /* req string    */
+	    +sizeof(RAP_SHARE_INFO_L2) /* return string */
+	    +WORDSIZE                  /* info level    */
+	    +WORDSIZE];                /* reserved word */
+  char data[1024];
+  /* offset to free format string section following fixed length data.  */
+  /* will be updated by PUTSTRINGP macro and will end up with total len */
+  int soffset = RAP_SHARENAME_LEN + 1 /* share name + pad   */
+    + WORDSIZE                        /* share type    */
+    + DWORDSIZE                       /* comment pointer */
+    + WORDSIZE                        /* permissions */
+    + WORDSIZE                        /* max users */
+    + WORDSIZE                        /* active users */
+    + DWORDSIZE                       /* share path */
+    + RAP_SPASSWD_LEN + 1;            /* share password + pad */
+
+  memset(param,'\0',sizeof(param));
+  /* now send a SMBtrans command with api RNetShareAdd */
+  p = make_header(param, RAP_WshareAdd,
+		  RAP_WShareAdd_REQ, RAP_SHARE_INFO_L2); 
+  PUTWORD(p, 2); /* info level */
+  PUTWORD(p, 0); /* reserved word 0 */
+
+  p = data;
+  PUTSTRINGF(p, sinfo->share_name, RAP_SHARENAME_LEN);
+  PUTBYTE(p, 0); /* pad byte 0 */
+
+  PUTWORD(p, sinfo->share_type);
+  PUTSTRINGP(p, sinfo->comment, data, soffset);
+  PUTWORD(p, sinfo->perms);
+  PUTWORD(p, sinfo->maximum_users);
+  PUTWORD(p, sinfo->active_users);
+  PUTSTRINGP(p, sinfo->path, data, soffset);
+  PUTSTRINGF(p, sinfo->password, RAP_SPASSWD_LEN);
+  SCVAL(p,-1,0x0A); /* required 0x0A at end of password */
+  
+  if (cli_api(cli, 
+	      param, sizeof(param), 1024, /* Param, length, maxlen */
+	      data, soffset, sizeof(data), /* data, length, maxlen */
+	      &rparam, &rprcnt,   /* return params, length */
+	      &rdata, &rdrcnt))   /* return data, length */
+    {
+      res = rparam? SVAL(rparam,0) : -1;
+			
+      if (res == 0) {
+	/* nothing to do */		
+      }
+      else {
+	DEBUG(4,("NetShareAdd res=%d\n", res));
+      }      
+    } else {
+      res = -1;
+      DEBUG(4,("NetShareAdd failed\n"));
+    }
+  
+  SAFE_FREE(rparam);
+  SAFE_FREE(rdata);
+  
+  return res;
+}
+/****************************************************************************
+ call a NetShareDelete - unshare exported directory on remote server
+****************************************************************************/
+int cli_NetShareDelete(struct cli_state *cli, const char * share_name )
+{
+  char *rparam = NULL;
+  char *rdata = NULL;
+  char *p;
+  int rdrcnt,rprcnt, res;
+  char param[WORDSIZE                  /* api number    */
+	    +sizeof(RAP_WShareDel_REQ) /* req string    */
+	    +1                         /* no ret string */
+	    +RAP_SHARENAME_LEN         /* share to del  */
+	    +WORDSIZE];                /* reserved word */
+	    
+
+  /* now send a SMBtrans command with api RNetShareDelete */
+  p = make_header(param, RAP_WshareDel, RAP_WShareDel_REQ, NULL);
+  PUTSTRING(p,share_name,RAP_SHARENAME_LEN);
+  PUTWORD(p,0);  /* reserved word MBZ on input */
+        	 
+  if (cli_api(cli, 
+	      param, PTR_DIFF(p,param), 1024, /* Param, length, maxlen */
+	      NULL, 0, 200,       /* data, length, maxlen */
+	      &rparam, &rprcnt,   /* return params, length */
+	      &rdata, &rdrcnt))   /* return data, length */
+    {
+      res = GETRES(rparam);
+			
+      if (res == 0) {
+	/* nothing to do */		
+      }
+      else {
+	DEBUG(4,("NetShareDelete res=%d\n", res));
+      }      
+    } else {
+      res = -1;
+      DEBUG(4,("NetShareDelete failed\n"));
+    }
+  
+  SAFE_FREE(rparam);
+  SAFE_FREE(rdata);
+	
+  return res;
+}
+/*************************************************************************
+*
+* Function Name:  cli_get_pdc_name
+*
+* PURPOSE:  Remotes a NetServerEnum API call to the current server
+*           requesting the name of a server matching the server
+*           type of SV_TYPE_DOMAIN_CTRL (PDC).
+*
+* Dependencies: none
+*
+* Parameters: 
+*             cli       - pointer to cli_state structure
+*             workgroup - pointer to string containing name of domain
+*             pdc_name  - pointer to string that will contain PDC name
+*                         on successful return
+*
+* Returns:
+*             True      - success
+*             False     - failure
+*
+************************************************************************/
+BOOL cli_get_pdc_name(struct cli_state *cli, char *workgroup, char *pdc_name)
+{
+  char *rparam = NULL;
+  char *rdata = NULL;
+  int rdrcnt,rprcnt;
+  char *p;
+  char param[WORDSIZE                       /* api number    */
+	    +sizeof(RAP_NetServerEnum2_REQ) /* req string    */
+	    +sizeof(RAP_SERVER_INFO_L1)     /* return string */
+	    +WORDSIZE                       /* info level    */
+	    +WORDSIZE                       /* buffer size   */
+	    +DWORDSIZE                      /* server type   */
+	    +RAP_MACHNAME_LEN];             /* workgroup     */
+  int count = -1;
+  
+  *pdc_name = '\0';
+
+  /* send a SMBtrans command with api NetServerEnum */
+  p = make_header(param, RAP_NetServerEnum2,
+		  RAP_NetServerEnum2_REQ, RAP_SERVER_INFO_L1);
+  PUTWORD(p, 1); /* info level */
+  PUTWORD(p, CLI_BUFFER_SIZE);
+  PUTDWORD(p, SV_TYPE_DOMAIN_CTRL);
+  PUTSTRING(p, workgroup, RAP_MACHNAME_LEN);
+	
+  if (cli_api(cli, 
+	      param, PTR_DIFF(p,param), 8,        /* params, length, max */
+	      NULL, 0, CLI_BUFFER_SIZE,               /* data, length, max */
+	      &rparam, &rprcnt,                   /* return params, return size */
+	      &rdata, &rdrcnt                     /* return data, return size */
+	      )) {
+    cli->rap_error = GETRES(rparam);
+			
+        /*
+         * We only really care to copy a name if the
+         * API succeeded and we got back a name.
+         */
+    if (cli->rap_error == 0) {
+      p = rparam + WORDSIZE + WORDSIZE; /* skip result and converter */
+      GETWORD(p, count);
+      p = rdata;
+      
+      if (count > 0)
+	GETSTRING(p, pdc_name);
+    }
+    else {
+	DEBUG(4,("cli_get_pdc_name: machine %s failed the NetServerEnum call. "
+		 "Error was : %s.\n", cli->desthost, cli_errstr(cli) ));
+    }
+  }
+  
+  SAFE_FREE(rparam);
+  SAFE_FREE(rdata);
+  
+  return(count > 0);
+}
+
+
+/*************************************************************************
+*
+* Function Name:  cli_get_server_domain
+*
+* PURPOSE:  Remotes a NetWkstaGetInfo API call to the current server
+*           requesting wksta_info_10 level information to determine
+*           the domain the server belongs to. On success, this
+*           routine sets the server_domain field in the cli_state structure
+*           to the server's domain name.
+*
+* Dependencies: none
+*
+* Parameters: 
+*             cli       - pointer to cli_state structure
+*
+* Returns:
+*             True      - success
+*             False     - failure
+*
+* Origins:  samba 2.0.6 source/libsmb/clientgen.c cli_NetServerEnum()
+*
+************************************************************************/
+BOOL cli_get_server_domain(struct cli_state *cli)
+{
+  char *rparam = NULL;
+  char *rdata = NULL;
+  int rdrcnt,rprcnt;
+  char *p;
+  char param[WORDSIZE                      /* api number    */
+	    +sizeof(RAP_WWkstaGetInfo_REQ) /* req string    */
+	    +sizeof(RAP_WKSTA_INFO_L10)    /* return string */
+	    +WORDSIZE                      /* info level    */
+	    +WORDSIZE];                    /* buffer size   */
+  int res = -1;
+  
+  /* send a SMBtrans command with api NetWkstaGetInfo */
+  p = make_header(param, RAP_WWkstaGetInfo,
+		  RAP_WWkstaGetInfo_REQ, RAP_WKSTA_INFO_L10);
+  PUTWORD(p, 10); /* info level */
+  PUTWORD(p, CLI_BUFFER_SIZE);
+	
+  if (cli_api(cli, param, PTR_DIFF(p,param), 8, /* params, length, max */
+	      NULL, 0, CLI_BUFFER_SIZE,         /* data, length, max */
+	      &rparam, &rprcnt,         /* return params, return size */
+	      &rdata, &rdrcnt)) {       /* return data, return size */
+    res = GETRES(rparam);
+    p = rdata;		
+    
+    if (res == 0) {
+      int converter;
+
+      p = rparam + WORDSIZE;
+      GETWORD(p, converter);
+      
+      p = rdata + DWORDSIZE + DWORDSIZE; /* skip computer & user names */
+      GETSTRINGP(p, cli->server_domain, rdata, converter);
+    }
+  }
+  
+  SAFE_FREE(rparam);
+  SAFE_FREE(rdata);
+  
+  return(res == 0);
+}
+
+
+/*************************************************************************
+*
+* Function Name:  cli_get_server_type
+*
+* PURPOSE:  Remotes a NetServerGetInfo API call to the current server
+*           requesting server_info_1 level information to retrieve
+*           the server type.
+*
+* Dependencies: none
+*
+* Parameters: 
+*             cli       - pointer to cli_state structure
+*             pstype    - pointer to uint32 to contain returned server type
+*
+* Returns:
+*             True      - success
+*             False     - failure
+*
+* Origins:  samba 2.0.6 source/libsmb/clientgen.c cli_NetServerEnum()
+*
+************************************************************************/
+BOOL cli_get_server_type(struct cli_state *cli, uint32 *pstype)
+{
+  char *rparam = NULL;
+  char *rdata = NULL;
+  int rdrcnt,rprcnt;
+  char *p;
+  char param[WORDSIZE                       /* api number    */
+	    +sizeof(RAP_WserverGetInfo_REQ) /* req string    */
+	    +sizeof(RAP_SERVER_INFO_L1)     /* return string */
+	    +WORDSIZE                       /* info level    */
+            +WORDSIZE];                     /* buffer size   */
+  int res = -1;
+  
+  /* send a SMBtrans command with api NetServerGetInfo */
+  p = make_header(param, RAP_WserverGetInfo,
+		  RAP_WserverGetInfo_REQ, RAP_SERVER_INFO_L1);
+  PUTWORD(p, 1); /* info level */
+  PUTWORD(p, CLI_BUFFER_SIZE);
+	
+  if (cli_api(cli, 
+	      param, PTR_DIFF(p,param), 8, /* params, length, max */
+	      NULL, 0, CLI_BUFFER_SIZE, /* data, length, max */
+	      &rparam, &rprcnt,         /* return params, return size */
+	      &rdata, &rdrcnt           /* return data, return size */
+	      )) {
+    
+    res = GETRES(rparam);
+    
+    if (res == 0 || res == ERRmoredata) {
+      p = rdata;					
+      *pstype = IVAL(p,18) & ~SV_TYPE_LOCAL_LIST_ONLY;
+    }
+  }
+  
+  SAFE_FREE(rparam);
+  SAFE_FREE(rdata);
+  
+  return(res == 0 || res == ERRmoredata);
+}
+
+
+/*************************************************************************
+*
+* Function Name:  cli_ns_check_server_type
+*
+* PURPOSE:  Remotes a NetServerEnum2 API call to the current server
+*           requesting server_info_0 level information of machines
+*           matching the given server type. If the returned server
+*           list contains the machine name contained in cli->desthost
+*           then we conclude the server type checks out. This routine
+*           is useful to retrieve list of server's of a certain
+*           type when all you have is a null session connection and
+*           can't remote API calls such as NetWkstaGetInfo or 
+*           NetServerGetInfo.
+*
+* Dependencies: none
+*
+* Parameters: 
+*             cli       - pointer to cli_state structure
+*             workgroup - pointer to string containing domain
+*             stype     - server type
+*
+* Returns:
+*             True      - success
+*             False     - failure
+*
+************************************************************************/
+BOOL cli_ns_check_server_type(struct cli_state *cli, char *workgroup, uint32 stype)
+{
+  char *rparam = NULL;
+  char *rdata = NULL;
+  int rdrcnt,rprcnt;
+  char *p;
+  char param[WORDSIZE                       /* api number    */
+	    +sizeof(RAP_NetServerEnum2_REQ) /* req string    */
+	    +sizeof(RAP_SERVER_INFO_L0)     /* return string */
+	    +WORDSIZE                       /* info level    */
+	    +WORDSIZE                       /* buffer size   */
+	    +DWORDSIZE                      /* server type   */
+	    +RAP_MACHNAME_LEN];             /* workgroup     */
+  BOOL found_server = False;
+  int res = -1;
+  
+  /* send a SMBtrans command with api NetServerEnum */
+  p = make_header(param, RAP_NetServerEnum2,
+		  RAP_NetServerEnum2_REQ, RAP_SERVER_INFO_L0);
+  PUTWORD(p, 0); /* info level 0 */
+  PUTWORD(p, CLI_BUFFER_SIZE);
+  PUTDWORD(p, stype);
+  PUTSTRING(p, workgroup, RAP_MACHNAME_LEN);
+	
+  if (cli_api(cli, 
+	      param, PTR_DIFF(p,param), 8, /* params, length, max */
+	      NULL, 0, CLI_BUFFER_SIZE,  /* data, length, max */
+	      &rparam, &rprcnt,          /* return params, return size */
+	      &rdata, &rdrcnt            /* return data, return size */
+	      )) {
+	
+    res = GETRES(rparam);
+    cli->rap_error = res;
+
+    if (res == 0 || res == ERRmoredata) {
+      int i, converter, count;
+
+      p = rparam + WORDSIZE;
+      GETWORD(p, converter);
+      GETWORD(p, count);
+
+      p = rdata;
+      for (i = 0;i < count;i++, p += 16) {
+	char ret_server[RAP_MACHNAME_LEN];
+
+	GETSTRINGF(p, ret_server, RAP_MACHNAME_LEN);
+	if (strequal(ret_server, cli->desthost)) {
+	  found_server = True;
+	  break;
+	}
+      }
+    }
+    else {
+      DEBUG(4,("cli_ns_check_server_type: machine %s failed the NetServerEnum call. "
+	       "Error was : %s.\n", cli->desthost, cli_errstr(cli) ));
+    }
+  }
+  
+  SAFE_FREE(rparam);
+  SAFE_FREE(rdata);
+	
+  return found_server;
+ }
+
+
+/****************************************************************************
+ perform a NetWkstaUserLogoff
+****************************************************************************/
+BOOL cli_NetWkstaUserLogoff(struct cli_state *cli,char *user, char *workstation)
+{
+  char *rparam = NULL;
+  char *rdata = NULL;
+  char *p;
+  int rdrcnt,rprcnt;
+  char param[WORDSIZE                           /* api number    */
+	    +sizeof(RAP_NetWkstaUserLogoff_REQ) /* req string    */
+	    +sizeof(RAP_USER_LOGOFF_INFO_L1)    /* return string */
+	    +RAP_USERNAME_LEN+1                 /* user name+pad */
+	    +RAP_MACHNAME_LEN                   /* wksta name    */
+	    +WORDSIZE                           /* buffer size   */
+	    +WORDSIZE];                         /* buffer size?  */
+  fstring upperbuf;
+  
+  memset(param, 0, sizeof(param));
+
+  /* send a SMBtrans command with api NetWkstaUserLogoff */
+  p = make_header(param, RAP_WWkstaUserLogoff,
+		  RAP_NetWkstaUserLogoff_REQ, RAP_USER_LOGOFF_INFO_L1);
+  PUTDWORD(p, 0); /* Null pointer */
+  PUTDWORD(p, 0); /* Null pointer */
+  fstrcpy(upperbuf, user);
+  strupper(upperbuf);
+  PUTSTRINGF(p, upperbuf, RAP_USERNAME_LEN);
+  p++; /* strange format, but ok */
+  fstrcpy(upperbuf, workstation);
+  strupper(upperbuf);
+  PUTSTRINGF(p, upperbuf, RAP_MACHNAME_LEN);
+  PUTWORD(p, CLI_BUFFER_SIZE);
+  PUTWORD(p, CLI_BUFFER_SIZE);
+  
+  if (cli_api(cli,
+	      param, PTR_DIFF(p,param),1024,  /* param, length, max */
+	      NULL, 0, CLI_BUFFER_SIZE,       /* data, length, max */
+	      &rparam, &rprcnt,               /* return params, return size */
+	      &rdata, &rdrcnt                 /* return data, return size */
+	      )) {
+    cli->rap_error = GETRES(rparam);
+    
+    if (cli->rap_error != 0) {
+      DEBUG(4,("NetwkstaUserLogoff gave error %d\n", cli->rap_error));
+    }
+  }
+  
+  SAFE_FREE(rparam);
+  SAFE_FREE(rdata);
+  return (cli->rap_error == 0);
+}
+ 
+int cli_NetPrintQEnum(struct cli_state *cli,
+		void (*qfn)(const char*,uint16,uint16,uint16,const char*,const char*,const char*,const char*,const char*,uint16,uint16),
+		void (*jfn)(uint16,const char*,const char*,const char*,const char*,uint16,uint16,const char*,uint,uint,const char*))
+{
+  char param[WORDSIZE                         /* api number    */
+	    +sizeof(RAP_NetPrintQEnum_REQ)    /* req string    */
+	    +sizeof(RAP_PRINTQ_INFO_L2)       /* return string */
+	    +WORDSIZE                         /* info level    */
+	    +WORDSIZE                         /* buffer size   */
+	    +sizeof(RAP_SMB_PRINT_JOB_L1)];   /* more ret data */
+  char *p;
+  char *rparam = NULL;
+  char *rdata = NULL; 
+  int rprcnt, rdrcnt;
+  int res = -1;
+  
+
+  memset(param, '\0',sizeof(param));
+  p = make_header(param, RAP_WPrintQEnum, 
+		  RAP_NetPrintQEnum_REQ, RAP_PRINTQ_INFO_L2);
+  PUTWORD(p,2); /* Info level 2 */
+  PUTWORD(p,0xFFE0); /* Return buffer size */
+  PUTSTRING(p, RAP_SMB_PRINT_JOB_L1, 0);
+
+  if (cli_api(cli,
+	      param, PTR_DIFF(p,param),1024,
+	      NULL, 0, CLI_BUFFER_SIZE,
+	      &rparam, &rprcnt,
+	      &rdata, &rdrcnt)) {
+    res = GETRES(rparam);
+    cli->rap_error = res;
+    if (res != 0) {
+      DEBUG(1,("NetPrintQEnum gave error %d\n", res));
+    }
+  }
+
+  if (rdata) {
+    if (res == 0 || res == ERRmoredata) {
+      int i, converter, count;
+
+      p = rparam + WORDSIZE;
+      GETWORD(p, converter);
+      GETWORD(p, count);
+
+      p = rdata;
+      for (i=0;i<count;i++) {
+	pstring qname, sep_file, print_proc, dest, parms, comment;
+	uint16 jobcount, priority, start_time, until_time, status;
+
+	GETSTRINGF(p, qname, RAP_SHARENAME_LEN);
+	p++; /* pad */
+	GETWORD(p, priority);
+	GETWORD(p, start_time);
+	GETWORD(p, until_time);
+	GETSTRINGP(p, sep_file, rdata, converter);
+	GETSTRINGP(p, print_proc, rdata, converter);
+	GETSTRINGP(p, dest, rdata, converter);
+	GETSTRINGP(p, parms, rdata, converter);
+	GETSTRINGP(p, parms, comment, converter);
+	GETWORD(p, status);
+	GETWORD(p, jobcount);
+
+	qfn(qname, priority, start_time, until_time, sep_file, print_proc,
+	    dest, parms, comment, status, jobcount);
+
+	if (jobcount) {
+	  int j;
+	  for (j=0;j<jobcount;j++) {
+	    uint16 jid, pos, fsstatus;
+	    pstring ownername, notifyname, datatype, jparms, jstatus, jcomment;
+	    uint submitted, jsize;
+	    
+	    GETWORD(p, jid);
+	    GETSTRINGF(p, ownername, RAP_USERNAME_LEN);
+	    p++; /* pad byte */
+	    GETSTRINGF(p, notifyname, RAP_MACHNAME_LEN);
+	    GETSTRINGF(p, datatype, RAP_DATATYPE_LEN);
+	    GETSTRINGP(p, jparms, rdata, converter);
+	    GETWORD(p, pos);
+	    GETWORD(p, fsstatus);
+	    GETSTRINGP(p, jstatus, rdata, converter);
+	    GETDWORD(p, submitted);
+	    GETDWORD(p, jsize);
+	    GETSTRINGP(p, jcomment, rdata, converter);
+	  
+	    jfn(jid, ownername, notifyname, datatype, jparms, pos, fsstatus,
+		jstatus, submitted, jsize, jcomment);
+	  }
+	}
+      }
+    } else {
+      DEBUG(4,("NetPrintQEnum res=%d\n", res));
+    }
+  } else {
+    DEBUG(4,("NetPrintQEnum no data returned\n"));
+  }
+    
+  SAFE_FREE(rparam);
+  SAFE_FREE(rdata);
+
+  return res;  
+}
+
+int cli_NetPrintQGetInfo(struct cli_state *cli, const char *printer,
+	void (*qfn)(const char*,uint16,uint16,uint16,const char*,const char*,const char*,const char*,const char*,uint16,uint16),
+	void (*jfn)(uint16,const char*,const char*,const char*,const char*,uint16,uint16,const char*,uint,uint,const char*))
+{
+  char param[WORDSIZE                         /* api number    */
+	    +sizeof(RAP_NetPrintQGetInfo_REQ) /* req string    */
+	    +sizeof(RAP_PRINTQ_INFO_L2)       /* return string */ 
+	    +RAP_SHARENAME_LEN                /* printer name  */
+	    +WORDSIZE                         /* info level    */
+	    +WORDSIZE                         /* buffer size   */
+	    +sizeof(RAP_SMB_PRINT_JOB_L1)];   /* more ret data */
+  char *p;
+  char *rparam = NULL;
+  char *rdata = NULL; 
+  int rprcnt, rdrcnt;
+  int res = -1;
+  
+
+  memset(param, '\0',sizeof(param));
+  p = make_header(param, RAP_WPrintQGetInfo,
+		  RAP_NetPrintQGetInfo_REQ, RAP_PRINTQ_INFO_L2);
+  PUTSTRING(p, printer, RAP_SHARENAME_LEN-1);
+  PUTWORD(p, 2);     /* Info level 2 */
+  PUTWORD(p,0xFFE0); /* Return buffer size */
+  PUTSTRING(p, RAP_SMB_PRINT_JOB_L1, 0);
+
+  if (cli_api(cli,
+	      param, PTR_DIFF(p,param),1024,
+	      NULL, 0, CLI_BUFFER_SIZE,
+	      &rparam, &rprcnt,
+	      &rdata, &rdrcnt)) {
+    res = GETRES(rparam);
+    cli->rap_error = res;
+    if (res != 0) {
+      DEBUG(1,("NetPrintQGetInfo gave error %d\n", res));
+    }
+  }
+
+  if (rdata) {
+    if (res == 0 || res == ERRmoredata) {
+      int rsize, converter;
+      pstring qname, sep_file, print_proc, dest, parms, comment;
+      uint16 jobcount, priority, start_time, until_time, status;
+      
+      p = rparam + WORDSIZE;
+      GETWORD(p, converter);
+      GETWORD(p, rsize);
+
+      p = rdata;
+      GETSTRINGF(p, qname, RAP_SHARENAME_LEN);
+      p++; /* pad */
+      GETWORD(p, priority);
+      GETWORD(p, start_time);
+      GETWORD(p, until_time);
+      GETSTRINGP(p, sep_file, rdata, converter);
+      GETSTRINGP(p, print_proc, rdata, converter);
+      GETSTRINGP(p, dest, rdata, converter);
+      GETSTRINGP(p, parms, rdata, converter);
+      GETSTRINGP(p, comment, rdata, converter);
+      GETWORD(p, status);
+      GETWORD(p, jobcount);
+      qfn(qname, priority, start_time, until_time, sep_file, print_proc,
+	  dest, parms, comment, status, jobcount);
+      if (jobcount) {
+	int j;
+	for (j=0;(j<jobcount)&&(PTR_DIFF(p,rdata)< rsize);j++) {
+	  uint16 jid, pos, fsstatus;
+	  pstring ownername, notifyname, datatype, jparms, jstatus, jcomment;
+	  uint submitted, jsize;
+
+	  GETWORD(p, jid);
+	  GETSTRINGF(p, ownername, RAP_USERNAME_LEN);
+	  p++; /* pad byte */
+	  GETSTRINGF(p, notifyname, RAP_MACHNAME_LEN);
+	  GETSTRINGF(p, datatype, RAP_DATATYPE_LEN);
+	  GETSTRINGP(p, jparms, rdata, converter);
+	  GETWORD(p, pos);
+	  GETWORD(p, fsstatus);
+	  GETSTRINGP(p, jstatus, rdata, converter);
+	  GETDWORD(p, submitted);
+	  GETDWORD(p, jsize);
+	  GETSTRINGP(p, jcomment, rdata, converter);
+	  
+	  jfn(jid, ownername, notifyname, datatype, jparms, pos, fsstatus,
+	      jstatus, submitted, jsize, jcomment);
+	}
+      }
+    } else {
+      DEBUG(4,("NetPrintQGetInfo res=%d\n", res));
+    }
+  } else {
+    DEBUG(4,("NetPrintQGetInfo no data returned\n"));
+  }
+    
+  SAFE_FREE(rparam);
+  SAFE_FREE(rdata);
+
+  return res;  
+}
+
+/****************************************************************************
+call a NetServiceEnum - list running services on a different host
+****************************************************************************/
+int cli_RNetServiceEnum(struct cli_state *cli, void (*fn)(const char *, const char *, void *), void *state)
+{
+  char param[WORDSIZE                     /* api number    */
+	    +sizeof(RAP_NetServiceEnum_REQ) /* parm string   */
+	    +sizeof(RAP_SERVICE_INFO_L2)    /* return string */
+	    +WORDSIZE                     /* info level    */
+	    +WORDSIZE];                   /* buffer size   */
+  char *p;
+  char *rparam = NULL;
+  char *rdata = NULL; 
+  int rprcnt, rdrcnt;
+  int res = -1;
+  
+  
+  memset(param, '\0', sizeof(param));
+  p = make_header(param, RAP_WServiceEnum,
+		  RAP_NetServiceEnum_REQ, RAP_SERVICE_INFO_L2);
+  PUTWORD(p,2); /* Info level 2 */  
+  PUTWORD(p,0xFFE0); /* Return buffer size */
+
+  if (cli_api(cli,
+	      param, PTR_DIFF(p,param),8,
+	      NULL, 0, 0xFFE0 /* data area size */,
+	      &rparam, &rprcnt,
+	      &rdata, &rdrcnt)) {
+    res = GETRES(rparam);
+    cli->rap_error = res;
+    if(cli->rap_error == 234) 
+        DEBUG(1,("Not all service names were returned (such as those longer than 15 characters)\n"));
+    else if (cli->rap_error != 0) {
+      DEBUG(1,("NetServiceEnum gave error %d\n", cli->rap_error));
+    }
+  }
+
+  if (rdata) {
+    if (res == 0 || res == ERRmoredata) {
+      int i, converter, count;
+
+      p = rparam + WORDSIZE; /* skip result */
+      GETWORD(p, converter);
+      GETWORD(p, count);
+
+      for (i=0,p=rdata;i<count;i++) {
+	    pstring comment;
+	    char servicename[RAP_SRVCNAME_LEN];
+
+	    GETSTRINGF(p, servicename, RAP_SRVCNAME_LEN);
+	    p+=8; /* pass status words */
+	    GETSTRINGF(p, comment, RAP_SRVCCMNT_LEN);
+
+	    fn(servicename, comment, cli);  /* BB add status too */
+      }	
+    } else {
+      DEBUG(4,("NetServiceEnum res=%d\n", res));
+    }
+  } else {
+    DEBUG(4,("NetServiceEnum no data returned\n"));
+  }
+    
+  SAFE_FREE(rparam);
+  SAFE_FREE(rdata);
+
+  return res;
+}
+
+
+/****************************************************************************
+call a NetSessionEnum - list workstations with sessions to an SMB server
+****************************************************************************/
+int cli_NetSessionEnum(struct cli_state *cli, void (*fn)(char *, char *, uint16, uint16, uint16, uint, uint, uint, char *))
+{
+  char param[WORDSIZE                       /* api number    */
+	    +sizeof(RAP_NetSessionEnum_REQ) /* parm string   */
+	    +sizeof(RAP_SESSION_INFO_L2)    /* return string */
+	    +WORDSIZE                       /* info level    */
+	    +WORDSIZE];                     /* buffer size   */
+  char *p;
+  char *rparam = NULL;
+  char *rdata = NULL; 
+  int rprcnt, rdrcnt;
+  int res = -1;
+  
+  memset(param, '\0', sizeof(param));
+  p = make_header(param, RAP_WsessionEnum, 
+		  RAP_NetSessionEnum_REQ, RAP_SESSION_INFO_L2);
+  PUTWORD(p,2);    /* Info level 2 */
+  PUTWORD(p,0xFF); /* Return buffer size */
+
+  if (cli_api(cli,
+	      param, PTR_DIFF(p,param),8,
+	      NULL, 0, CLI_BUFFER_SIZE,
+	      &rparam, &rprcnt,
+	      &rdata, &rdrcnt)) {
+    res = GETRES(rparam);
+    cli->rap_error = res;
+    if (res != 0) {
+      DEBUG(1,("NetSessionEnum gave error %d\n", res));
+    }
+  }
+
+  if (rdata) {
+    if (res == 0 || res == ERRmoredata) {
+      int i, converter, count;
+      
+      p = rparam + WORDSIZE;
+      GETWORD(p, converter);
+      GETWORD(p, count);
+
+      for (i=0,p=rdata;i<count;i++) {
+	pstring wsname, username, clitype_name;
+	uint16  num_conns, num_opens, num_users;
+	uint    sess_time, idle_time, user_flags;
+
+	GETSTRINGP(p, wsname, rdata, converter);
+	GETSTRINGP(p, username, rdata, converter);
+	GETWORD(p, num_conns);
+	GETWORD(p, num_opens);
+	GETWORD(p, num_users);
+	GETDWORD(p, sess_time);
+	GETDWORD(p, idle_time);
+	GETDWORD(p, user_flags);
+	GETSTRINGP(p, clitype_name, rdata, converter);
+
+	fn(wsname, username, num_conns, num_opens, num_users, sess_time,
+	   idle_time, user_flags, clitype_name);
+      }
+	
+    } else {
+      DEBUG(4,("NetSessionEnum res=%d\n", res));
+    }
+  } else {
+    DEBUG(4,("NetSesssionEnum no data returned\n"));
+  }
+    
+  SAFE_FREE(rparam);
+  SAFE_FREE(rdata);
+
+  return res;
+}
+
+/****************************************************************************
+ Call a NetSessionGetInfo - get information about other session to an SMB server.
+****************************************************************************/
+
+int cli_NetSessionGetInfo(struct cli_state *cli, const char *workstation, void (*fn)(const char *, const char *, uint16, uint16, uint16, uint, uint, uint, const char *))
+{
+  char param[WORDSIZE                          /* api number    */
+	    +sizeof(RAP_NetSessionGetInfo_REQ) /* req string    */
+	    +sizeof(RAP_SESSION_INFO_L2)       /* return string */ 
+	    +RAP_MACHNAME_LEN                  /* wksta name    */
+	    +WORDSIZE                          /* info level    */
+	    +WORDSIZE];                        /* buffer size   */
+  char *p;
+  char *rparam = NULL;
+  char *rdata = NULL; 
+  int rprcnt, rdrcnt;
+  int res = -1;
+  
+
+  memset(param, '\0', sizeof(param));
+  p = make_header(param, RAP_WsessionGetInfo, 
+		  RAP_NetSessionGetInfo_REQ, RAP_SESSION_INFO_L2);
+  PUTSTRING(p, workstation, RAP_MACHNAME_LEN-1);
+  PUTWORD(p,2); /* Info level 2 */
+  PUTWORD(p,0xFF); /* Return buffer size */
+
+  if (cli_api(cli,
+	      param, PTR_DIFF(p,param),PTR_DIFF(p,param),
+	      NULL, 0, CLI_BUFFER_SIZE,
+	      &rparam, &rprcnt,
+	      &rdata, &rdrcnt)) {
+    cli->rap_error = SVAL(rparam,0);
+    if (cli->rap_error != 0) {
+      DEBUG(1,("NetSessionGetInfo gave error %d\n", cli->rap_error));
+    }
+  }
+
+  if (rdata) {
+    res = GETRES(rparam);
+    
+    if (res == 0 || res == ERRmoredata) {
+      int rsize, converter;
+      pstring wsname, username, clitype_name;
+      uint16  num_conns, num_opens, num_users;
+      uint    sess_time, idle_time, user_flags;
+
+      p = rparam + WORDSIZE;
+      GETWORD(p, converter);
+      GETWORD(p, rsize);
+
+      p = rdata;
+      GETSTRINGP(p, wsname, rdata, converter);
+      GETSTRINGP(p, username, rdata, converter);
+      GETWORD(p, num_conns);
+      GETWORD(p, num_opens);
+      GETWORD(p, num_users);
+      GETDWORD(p, sess_time);
+      GETDWORD(p, idle_time);
+      GETDWORD(p, user_flags);
+      GETSTRINGP(p, clitype_name, rdata, converter);
+      
+      fn(wsname, username, num_conns, num_opens, num_users, sess_time,
+	 idle_time, user_flags, clitype_name);
+    } else {
+      DEBUG(4,("NetSessionGetInfo res=%d\n", res));
+    }
+  } else {
+    DEBUG(4,("NetSessionGetInfo no data returned\n"));
+  }
+    
+  SAFE_FREE(rparam);
+  SAFE_FREE(rdata);
+
+  return res;  
+}
+
+/****************************************************************************
+call a NetSessionDel - close a session to an SMB server
+****************************************************************************/
+int cli_NetSessionDel(struct cli_state *cli, const char *workstation)
+{
+  char param[WORDSIZE                      /* api number       */
+	    +sizeof(RAP_NetSessionDel_REQ) /* req string       */
+	    +1                             /* no return string */
+	    +RAP_MACHNAME_LEN              /* workstation name */
+	    +WORDSIZE];                    /* reserved (0)     */
+  char *p;
+  char *rparam = NULL;
+  char *rdata = NULL;
+  int rprcnt, rdrcnt;
+  int res;
+
+  memset(param, '\0', sizeof(param));
+  p = make_header(param, RAP_WsessionDel, RAP_NetSessionDel_REQ, NULL);
+  PUTSTRING(p, workstation, RAP_MACHNAME_LEN-1);
+  PUTWORD(p,0); /* reserved word of 0 */
+  if (cli_api(cli, 
+	      param, PTR_DIFF(p,param), 1024, /* Param, length, maxlen */
+	      NULL, 0, 200,       /* data, length, maxlen */
+	      &rparam, &rprcnt,   /* return params, length */
+	      &rdata, &rdrcnt))   /* return data, length */
+    {
+      res = GETRES(rparam);
+      cli->rap_error = res;
+      
+      if (res == 0) {
+	/* nothing to do */		
+      }
+      else {
+	DEBUG(4,("NetFileClose2 res=%d\n", res));
+      }      
+    } else {
+      res = -1;
+      DEBUG(4,("NetFileClose2 failed\n"));
+    }
+  
+  SAFE_FREE(rparam);
+  SAFE_FREE(rdata);
+
+  return res;
+}
+  
+
+int cli_NetConnectionEnum(struct cli_state *cli, const char *qualifier, void (*fn)(uint16 conid, uint16 contype, uint16 numopens, uint16 numusers, uint32 contime, const char *username, const char *netname))
+{
+  char param[WORDSIZE                          /* api number    */
+	    +sizeof(RAP_NetConnectionEnum_REQ) /* req string    */
+	    +sizeof(RAP_CONNECTION_INFO_L1)    /* return string */ 
+	    +RAP_MACHNAME_LEN                  /* wksta name    */
+	    +WORDSIZE                          /* info level    */
+	    +WORDSIZE];                        /* buffer size   */
+  char *p;
+  char *rparam = NULL;
+  char *rdata = NULL; 
+  int rprcnt, rdrcnt;
+  int res = -1;
+
+  memset(param, '\0', sizeof(param));
+  p = make_header(param, RAP_WconnectionEnum,
+		  RAP_NetConnectionEnum_REQ, RAP_CONNECTION_INFO_L1);
+  PUTSTRING(p, qualifier, RAP_MACHNAME_LEN-1);/* Workstation name */
+  PUTWORD(p,1);            /* Info level 1 */
+  PUTWORD(p,0xFFE0);       /* Return buffer size */
+
+  if (cli_api(cli,
+	      param, PTR_DIFF(p,param),PTR_DIFF(p,param),
+	      NULL, 0, CLI_BUFFER_SIZE,
+	      &rparam, &rprcnt,
+	      &rdata, &rdrcnt)) {
+    res = GETRES(rparam);
+    cli->rap_error = res;
+    if (res != 0) {
+      DEBUG(1,("NetConnectionEnum gave error %d\n", res));
+    }
+  }
+  if (rdata) {
+    if (res == 0 || res == ERRmoredata) {
+      int i, converter, count;
+
+      p = rparam + WORDSIZE;
+      GETWORD(p, converter);
+      GETWORD(p, count);
+
+      for (i=0,p=rdata;i<count;i++) {
+	pstring netname, username;
+	uint16  conn_id, conn_type, num_opens, num_users;
+	uint    conn_time;
+
+	GETWORD(p,conn_id);
+	GETWORD(p,conn_type);
+	GETWORD(p,num_opens);
+	GETWORD(p,num_users);
+	GETDWORD(p,conn_time);
+	GETSTRINGP(p, username, rdata, converter);
+	GETSTRINGP(p, netname, rdata, converter);
+
+	fn(conn_id, conn_type, num_opens, num_users, conn_time,
+	   username, netname);
+      }
+	
+    } else {
+      DEBUG(4,("NetConnectionEnum res=%d\n", res));
+    }
+  } else {
+    DEBUG(4,("NetConnectionEnum no data returned\n"));
+  }
+  SAFE_FREE(rdata);
+  SAFE_FREE(rparam);
+  return res;
+}
diff --git a/source3/libsmb/clireadwrite.c b/source3/libsmb/clireadwrite.c
new file mode 100644
index 0000000000..0a9569fc69
--- /dev/null
+++ b/source3/libsmb/clireadwrite.c
@@ -0,0 +1,374 @@
+/* 
+   Unix SMB/CIFS implementation.
+   client file read/write routines
+   Copyright (C) Andrew Tridgell 1994-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#define NO_SYSLOG
+
+#include "includes.h"
+
+/****************************************************************************
+Issue a single SMBread and don't wait for a reply.
+****************************************************************************/
+
+static BOOL cli_issue_read(struct cli_state *cli, int fnum, off_t offset, 
+			   size_t size, int i)
+{
+	memset(cli->outbuf,'\0',smb_size);
+	memset(cli->inbuf,'\0',smb_size);
+
+	set_message(cli->outbuf,10,0,True);
+		
+	SCVAL(cli->outbuf,smb_com,SMBreadX);
+	SSVAL(cli->outbuf,smb_tid,cli->cnum);
+	cli_setup_packet(cli);
+
+	SCVAL(cli->outbuf,smb_vwv0,0xFF);
+	SSVAL(cli->outbuf,smb_vwv2,fnum);
+	SIVAL(cli->outbuf,smb_vwv3,offset);
+	SSVAL(cli->outbuf,smb_vwv5,size);
+	SSVAL(cli->outbuf,smb_vwv6,size);
+	SSVAL(cli->outbuf,smb_mid,cli->mid + i);
+
+	return cli_send_smb(cli);
+}
+
+/****************************************************************************
+Issue a single SMBreadraw and don't wait for a reply.
+****************************************************************************/
+
+static BOOL cli_issue_readraw(struct cli_state *cli, int fnum, off_t offset, 
+			   size_t size, int i)
+{
+	memset(cli->outbuf,'\0',smb_size);
+	memset(cli->inbuf,'\0',smb_size);
+
+	set_message(cli->outbuf,10,0,True);
+		
+	SCVAL(cli->outbuf,smb_com,SMBreadbraw);
+	SSVAL(cli->outbuf,smb_tid,cli->cnum);
+	cli_setup_packet(cli);
+
+	SSVAL(cli->outbuf,smb_vwv0,fnum);
+	SIVAL(cli->outbuf,smb_vwv1,offset);
+	SSVAL(cli->outbuf,smb_vwv2,size);
+	SSVAL(cli->outbuf,smb_vwv3,size);
+	SSVAL(cli->outbuf,smb_mid,cli->mid + i);
+
+	return cli_send_smb(cli);
+}
+
+/****************************************************************************
+  Read size bytes at offset offset using SMBreadX.
+****************************************************************************/
+
+ssize_t cli_read(struct cli_state *cli, int fnum, char *buf, off_t offset, size_t size)
+{
+	char *p;
+	int size2;
+	int readsize;
+	ssize_t total = 0;
+
+	if (size == 0) 
+		return 0;
+
+	/*
+	 * Set readsize to the maximum size we can handle in one readX,
+	 * rounded down to a multiple of 1024.
+	 */
+
+	readsize = (cli->max_xmit - (smb_size+32)) & ~1023;
+
+	while (total < size) {
+		readsize = MIN(readsize, size-total);
+
+		/* Issue a read and receive a reply */
+
+		if (!cli_issue_read(cli, fnum, offset, readsize, 0))
+			return -1;
+
+		if (!cli_receive_smb(cli))
+			return -1;
+
+		/* Check for error.  Make sure to check for DOS and NT
+                   errors. */
+
+                if (cli_is_error(cli)) {
+                        NTSTATUS status = NT_STATUS_OK;
+                        uint8 eclass = 0;
+			uint32 ecode = 0;
+
+                        if (cli_is_nt_error(cli))
+                                status = cli_nt_error(cli);
+                        else
+                                cli_dos_error(cli, &eclass, &ecode);
+
+                        if ((eclass == ERRDOS && ecode == ERRmoredata) ||
+                            NT_STATUS_V(status) == NT_STATUS_V(STATUS_MORE_ENTRIES))
+                                return -1;
+		}
+
+		size2 = SVAL(cli->inbuf, smb_vwv5);
+
+		if (size2 > readsize) {
+			DEBUG(5,("server returned more than we wanted!\n"));
+			return -1;
+		} else if (size2 < 0) {
+			DEBUG(5,("read return < 0!\n"));
+			return -1;
+		}
+
+		/* Copy data into buffer */
+
+		p = smb_base(cli->inbuf) + SVAL(cli->inbuf,smb_vwv6);
+		memcpy(buf + total, p, size2);
+
+		total += size2;
+		offset += size2;
+
+		/*
+		 * If the server returned less than we asked for we're at EOF.
+		 */
+
+		if (size2 < readsize)
+			break;
+	}
+
+	return total;
+}
+
+/****************************************************************************
+ Tester for the readraw call.
+****************************************************************************/
+
+ssize_t cli_readraw(struct cli_state *cli, int fnum, char *buf, off_t offset, size_t size)
+{
+	char *p;
+	int size2;
+	size_t readsize;
+	ssize_t total = 0;
+
+	if (size == 0) 
+		return 0;
+
+	/*
+	 * Set readsize to the maximum size we can handle in one readraw.
+	 */
+
+	readsize = 0xFFFF;
+
+	while (total < size) {
+		readsize = MIN(readsize, size-total);
+
+		/* Issue a read and receive a reply */
+
+		if (!cli_issue_readraw(cli, fnum, offset, readsize, 0))
+			return -1;
+
+		if (!client_receive_smb(cli->fd, cli->inbuf, cli->timeout))
+			return -1;
+
+		size2 = smb_len(cli->inbuf);
+
+		if (size2 > readsize) {
+			DEBUG(5,("server returned more than we wanted!\n"));
+			return -1;
+		} else if (size2 < 0) {
+			DEBUG(5,("read return < 0!\n"));
+			return -1;
+		}
+
+		/* Copy data into buffer */
+
+		if (size2) {
+			p = cli->inbuf + 4;
+			memcpy(buf + total, p, size2);
+		}
+
+		total += size2;
+		offset += size2;
+
+		/*
+		 * If the server returned less than we asked for we're at EOF.
+		 */
+
+		if (size2 < readsize)
+			break;
+	}
+
+	return total;
+}
+
+/****************************************************************************
+issue a single SMBwrite and don't wait for a reply
+****************************************************************************/
+
+static BOOL cli_issue_write(struct cli_state *cli, int fnum, off_t offset, uint16 mode, char *buf,
+			    size_t size, int i)
+{
+	char *p;
+
+	if (size > cli->bufsize) {
+		cli->outbuf = realloc(cli->outbuf, size + 1024);
+		cli->inbuf = realloc(cli->inbuf, size + 1024);
+		if (cli->outbuf == NULL || cli->inbuf == NULL)
+			return False;
+		cli->bufsize = size + 1024;
+	}
+
+	memset(cli->outbuf,'\0',smb_size);
+	memset(cli->inbuf,'\0',smb_size);
+
+	if (size > 0xFFFF)
+		set_message(cli->outbuf,14,0,True);
+	else
+		set_message(cli->outbuf,12,0,True);
+	
+	SCVAL(cli->outbuf,smb_com,SMBwriteX);
+	SSVAL(cli->outbuf,smb_tid,cli->cnum);
+	cli_setup_packet(cli);
+	
+	SCVAL(cli->outbuf,smb_vwv0,0xFF);
+	SSVAL(cli->outbuf,smb_vwv2,fnum);
+
+	SIVAL(cli->outbuf,smb_vwv3,offset);
+	SIVAL(cli->outbuf,smb_vwv5,(mode & 0x0008) ? 0xFFFFFFFF : 0);
+	SSVAL(cli->outbuf,smb_vwv7,mode);
+
+	SSVAL(cli->outbuf,smb_vwv8,(mode & 0x0008) ? size : 0);
+	SSVAL(cli->outbuf,smb_vwv9,((size>>16)&1));
+	SSVAL(cli->outbuf,smb_vwv10,size);
+	SSVAL(cli->outbuf,smb_vwv11,
+	      smb_buf(cli->outbuf) - smb_base(cli->outbuf));
+	
+	p = smb_base(cli->outbuf) + SVAL(cli->outbuf,smb_vwv11);
+	memcpy(p, buf, size);
+	cli_setup_bcc(cli, p+size);
+
+	SSVAL(cli->outbuf,smb_mid,cli->mid + i);
+	
+	show_msg(cli->outbuf);
+	return cli_send_smb(cli);
+}
+
+/****************************************************************************
+  write to a file
+  write_mode: 0x0001 disallow write cacheing
+              0x0002 return bytes remaining
+              0x0004 use raw named pipe protocol
+              0x0008 start of message mode named pipe protocol
+****************************************************************************/
+
+ssize_t cli_write(struct cli_state *cli,
+		  int fnum, uint16 write_mode,
+		  char *buf, off_t offset, size_t size)
+{
+	int bwritten = 0;
+	int issued = 0;
+	int received = 0;
+	int mpx = MAX(cli->max_mux-1, 1);
+	int block = (cli->max_xmit - (smb_size+32)) & ~1023;
+	int blocks = (size + (block-1)) / block;
+
+	while (received < blocks) {
+
+		while ((issued - received < mpx) && (issued < blocks)) {
+			int bsent = issued * block;
+			int size1 = MIN(block, size - bsent);
+
+			if (!cli_issue_write(cli, fnum, offset + bsent,
+			                write_mode,
+			                buf + bsent,
+					size1, issued))
+				return -1;
+			issued++;
+		}
+
+		if (!cli_receive_smb(cli))
+			return bwritten;
+
+		received++;
+
+		if (cli_is_error(cli))
+			break;
+
+		bwritten += SVAL(cli->inbuf, smb_vwv2);
+		bwritten += (((int)(SVAL(cli->inbuf, smb_vwv4)))>>16);
+	}
+
+	while (received < issued && cli_receive_smb(cli))
+		received++;
+	
+	return bwritten;
+}
+
+/****************************************************************************
+  write to a file using a SMBwrite and not bypassing 0 byte writes
+****************************************************************************/
+
+ssize_t cli_smbwrite(struct cli_state *cli,
+		     int fnum, char *buf, off_t offset, size_t size1)
+{
+	char *p;
+	ssize_t total = 0;
+
+	do {
+		size_t size = MIN(size1, cli->max_xmit - 48);
+		
+		memset(cli->outbuf,'\0',smb_size);
+		memset(cli->inbuf,'\0',smb_size);
+
+		set_message(cli->outbuf,5, 0,True);
+
+		SCVAL(cli->outbuf,smb_com,SMBwrite);
+		SSVAL(cli->outbuf,smb_tid,cli->cnum);
+		cli_setup_packet(cli);
+		
+		SSVAL(cli->outbuf,smb_vwv0,fnum);
+		SSVAL(cli->outbuf,smb_vwv1,size);
+		SIVAL(cli->outbuf,smb_vwv2,offset);
+		SSVAL(cli->outbuf,smb_vwv4,0);
+		
+		p = smb_buf(cli->outbuf);
+		*p++ = 1;
+		SSVAL(p, 0, size); p += 2;
+		memcpy(p, buf, size); p += size;
+
+		cli_setup_bcc(cli, p);
+		
+		if (!cli_send_smb(cli))
+			return -1;
+
+		if (!cli_receive_smb(cli))
+			return -1;
+		
+		if (cli_is_error(cli))
+			return -1;
+
+		size = SVAL(cli->inbuf,smb_vwv0);
+		if (size == 0)
+			break;
+
+		size1 -= size;
+		total += size;
+		offset += size;
+
+	} while (size1);
+
+	return total;
+}
diff --git a/source3/libsmb/clisecdesc.c b/source3/libsmb/clisecdesc.c
new file mode 100644
index 0000000000..5de67b1e05
--- /dev/null
+++ b/source3/libsmb/clisecdesc.c
@@ -0,0 +1,131 @@
+/* 
+   Unix SMB/CIFS implementation.
+   client security descriptor functions
+   Copyright (C) Andrew Tridgell 2000
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/****************************************************************************
+  query the security descriptor for a open file
+ ****************************************************************************/
+SEC_DESC *cli_query_secdesc(struct cli_state *cli, int fnum, 
+			    TALLOC_CTX *mem_ctx)
+{
+	char param[8];
+	char *rparam=NULL, *rdata=NULL;
+	int rparam_count=0, rdata_count=0;
+	prs_struct pd;
+	SEC_DESC *psd = NULL;
+
+	SIVAL(param, 0, fnum);
+	SSVAL(param, 4, 0x7);
+
+	if (!cli_send_nt_trans(cli, 
+			       NT_TRANSACT_QUERY_SECURITY_DESC, 
+			       0, 
+			       NULL, 0, 0,
+			       param, 8, 4,
+			       NULL, 0, 0x10000)) {
+		DEBUG(1,("Failed to send NT_TRANSACT_QUERY_SECURITY_DESC\n"));
+		goto cleanup;
+	}
+
+
+	if (!cli_receive_nt_trans(cli, 
+				  &rparam, &rparam_count,
+				  &rdata, &rdata_count)) {
+		DEBUG(1,("Failed to recv NT_TRANSACT_QUERY_SECURITY_DESC\n"));
+		goto cleanup;
+	}
+
+	prs_init(&pd, rdata_count, mem_ctx, UNMARSHALL);
+	prs_append_data(&pd, rdata, rdata_count);
+	pd.data_offset = 0;
+
+	if (!sec_io_desc("sd data", &psd, &pd, 1)) {
+		DEBUG(1,("Failed to parse secdesc\n"));
+		goto cleanup;
+	}
+
+ cleanup:
+
+	SAFE_FREE(rparam);
+	SAFE_FREE(rdata);
+
+	prs_mem_free(&pd);
+	return psd;
+}
+
+/****************************************************************************
+  set the security descriptor for a open file
+ ****************************************************************************/
+BOOL cli_set_secdesc(struct cli_state *cli, int fnum, SEC_DESC *sd)
+{
+	char param[8];
+	char *rparam=NULL, *rdata=NULL;
+	int rparam_count=0, rdata_count=0;
+	TALLOC_CTX *mem_ctx;
+	prs_struct pd;
+	BOOL ret = False;
+
+	if ((mem_ctx = talloc_init()) == NULL) {
+		DEBUG(0,("talloc_init failed.\n"));
+		goto cleanup;
+	}
+
+	prs_init(&pd, 0, mem_ctx, MARSHALL);
+	prs_give_memory(&pd, NULL, 0, True);
+
+	if (!sec_io_desc("sd data", &sd, &pd, 1)) {
+		DEBUG(1,("Failed to marshall secdesc\n"));
+		goto cleanup;
+	}
+
+	SIVAL(param, 0, fnum);
+	SSVAL(param, 4, 0x7);
+
+	if (!cli_send_nt_trans(cli, 
+			       NT_TRANSACT_SET_SECURITY_DESC, 
+			       0, 
+			       NULL, 0, 0,
+			       param, 8, 0,
+			       pd.data_p, pd.data_offset, 0)) {
+		DEBUG(1,("Failed to send NT_TRANSACT_SET_SECURITY_DESC\n"));
+		goto cleanup;
+	}
+
+
+	if (!cli_receive_nt_trans(cli, 
+				  &rparam, &rparam_count,
+				  &rdata, &rdata_count)) {
+		DEBUG(1,("NT_TRANSACT_SET_SECURITY_DESC failed\n"));
+		goto cleanup;
+	}
+
+	ret = True;
+
+  cleanup:
+
+	SAFE_FREE(rparam);
+	SAFE_FREE(rdata);
+
+	talloc_destroy(mem_ctx);
+
+	prs_mem_free(&pd);
+	return ret;
+}
diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c
new file mode 100644
index 0000000000..a4fcfa5d9a
--- /dev/null
+++ b/source3/libsmb/clispnego.c
@@ -0,0 +1,622 @@
+/* 
+   Unix SMB/CIFS implementation.
+   simple kerberos5/SPNEGO routines
+   Copyright (C) Andrew Tridgell 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/*
+  generate a negTokenInit packet given a GUID, a list of supported
+  OIDs (the mechanisms) and a principal name string 
+*/
+DATA_BLOB spnego_gen_negTokenInit(uint8 guid[16], 
+				  const char *OIDs[], 
+				  const char *principal)
+{
+	int i;
+	ASN1_DATA data;
+	DATA_BLOB ret;
+
+	memset(&data, 0, sizeof(data));
+
+	asn1_write(&data, guid, 16);
+	asn1_push_tag(&data,ASN1_APPLICATION(0));
+	asn1_write_OID(&data,OID_SPNEGO);
+	asn1_push_tag(&data,ASN1_CONTEXT(0));
+	asn1_push_tag(&data,ASN1_SEQUENCE(0));
+
+	asn1_push_tag(&data,ASN1_CONTEXT(0));
+	asn1_push_tag(&data,ASN1_SEQUENCE(0));
+	for (i=0; OIDs[i]; i++) {
+		asn1_write_OID(&data,OIDs[i]);
+	}
+	asn1_pop_tag(&data);
+	asn1_pop_tag(&data);
+
+	asn1_push_tag(&data, ASN1_CONTEXT(3));
+	asn1_push_tag(&data, ASN1_SEQUENCE(0));
+	asn1_push_tag(&data, ASN1_CONTEXT(0));
+	asn1_write_GeneralString(&data,principal);
+	asn1_pop_tag(&data);
+	asn1_pop_tag(&data);
+	asn1_pop_tag(&data);
+
+	asn1_pop_tag(&data);
+	asn1_pop_tag(&data);
+
+	asn1_pop_tag(&data);
+
+	if (data.has_error) {
+		DEBUG(1,("Failed to build negTokenInit at offset %d\n", (int)data.ofs));
+		asn1_free(&data);
+	}
+
+	ret = data_blob(data.data, data.length);
+	asn1_free(&data);
+
+	return ret;
+}
+
+
+/*
+  parse a negTokenInit packet giving a GUID, a list of supported
+  OIDs (the mechanisms) and a principal name string 
+*/
+BOOL spnego_parse_negTokenInit(DATA_BLOB blob,
+			       uint8 guid[16], 
+			       char *OIDs[ASN1_MAX_OIDS], 
+			       char **principal)
+{
+	int i;
+	BOOL ret;
+	ASN1_DATA data;
+
+	asn1_load(&data, blob);
+
+	asn1_read(&data, guid, 16);
+	asn1_start_tag(&data,ASN1_APPLICATION(0));
+	asn1_check_OID(&data,OID_SPNEGO);
+	asn1_start_tag(&data,ASN1_CONTEXT(0));
+	asn1_start_tag(&data,ASN1_SEQUENCE(0));
+
+	asn1_start_tag(&data,ASN1_CONTEXT(0));
+	asn1_start_tag(&data,ASN1_SEQUENCE(0));
+	for (i=0; asn1_tag_remaining(&data) > 0 && i < ASN1_MAX_OIDS; i++) {
+		char *oid = NULL;
+		asn1_read_OID(&data,&oid);
+		OIDs[i] = oid;
+	}
+	OIDs[i] = NULL;
+	asn1_end_tag(&data);
+	asn1_end_tag(&data);
+
+	asn1_start_tag(&data, ASN1_CONTEXT(3));
+	asn1_start_tag(&data, ASN1_SEQUENCE(0));
+	asn1_start_tag(&data, ASN1_CONTEXT(0));
+	asn1_read_GeneralString(&data,principal);
+	asn1_end_tag(&data);
+	asn1_end_tag(&data);
+	asn1_end_tag(&data);
+
+	asn1_end_tag(&data);
+	asn1_end_tag(&data);
+
+	asn1_end_tag(&data);
+
+	ret = !data.has_error;
+	asn1_free(&data);
+	return ret;
+}
+
+
+/*
+  generate a negTokenTarg packet given a list of OIDs and a security blob
+*/
+DATA_BLOB gen_negTokenTarg(const char *OIDs[], DATA_BLOB blob)
+{
+	int i;
+	ASN1_DATA data;
+	DATA_BLOB ret;
+
+	memset(&data, 0, sizeof(data));
+
+	asn1_push_tag(&data, ASN1_APPLICATION(0));
+	asn1_write_OID(&data,OID_SPNEGO);
+	asn1_push_tag(&data, ASN1_CONTEXT(0));
+	asn1_push_tag(&data, ASN1_SEQUENCE(0));
+
+	asn1_push_tag(&data, ASN1_CONTEXT(0));
+	asn1_push_tag(&data, ASN1_SEQUENCE(0));
+	for (i=0; OIDs[i]; i++) {
+		asn1_write_OID(&data,OIDs[i]);
+	}
+	asn1_pop_tag(&data);
+	asn1_pop_tag(&data);
+
+	asn1_push_tag(&data, ASN1_CONTEXT(2));
+	asn1_write_OctetString(&data,blob.data,blob.length);
+	asn1_pop_tag(&data);
+
+	asn1_pop_tag(&data);
+	asn1_pop_tag(&data);
+
+	asn1_pop_tag(&data);
+
+	if (data.has_error) {
+		DEBUG(1,("Failed to build negTokenTarg at offset %d\n", (int)data.ofs));
+		asn1_free(&data);
+	}
+
+	ret = data_blob(data.data, data.length);
+	asn1_free(&data);
+
+	return ret;
+}
+
+
+/*
+  parse a negTokenTarg packet giving a list of OIDs and a security blob
+*/
+BOOL parse_negTokenTarg(DATA_BLOB blob, char *OIDs[ASN1_MAX_OIDS], DATA_BLOB *secblob)
+{
+	int i;
+	ASN1_DATA data;
+
+	asn1_load(&data, blob);
+	asn1_start_tag(&data, ASN1_APPLICATION(0));
+	asn1_check_OID(&data,OID_SPNEGO);
+	asn1_start_tag(&data, ASN1_CONTEXT(0));
+	asn1_start_tag(&data, ASN1_SEQUENCE(0));
+
+	asn1_start_tag(&data, ASN1_CONTEXT(0));
+	asn1_start_tag(&data, ASN1_SEQUENCE(0));
+	for (i=0; asn1_tag_remaining(&data) > 0 && i < ASN1_MAX_OIDS; i++) {
+		char *oid = NULL;
+		asn1_read_OID(&data,&oid);
+		OIDs[i] = oid;
+	}
+	OIDs[i] = NULL;
+	asn1_end_tag(&data);
+	asn1_end_tag(&data);
+
+	asn1_start_tag(&data, ASN1_CONTEXT(2));
+	asn1_read_OctetString(&data,secblob);
+	asn1_end_tag(&data);
+
+	asn1_end_tag(&data);
+	asn1_end_tag(&data);
+
+	asn1_end_tag(&data);
+
+	if (data.has_error) {
+		DEBUG(1,("Failed to parse negTokenTarg at offset %d\n", (int)data.ofs));
+		asn1_free(&data);
+		return False;
+	}
+
+	asn1_free(&data);
+	return True;
+}
+
+/*
+  generate a krb5 GSS-API wrapper packet given a ticket
+*/
+DATA_BLOB spnego_gen_krb5_wrap(DATA_BLOB ticket)
+{
+	ASN1_DATA data;
+	DATA_BLOB ret;
+
+	memset(&data, 0, sizeof(data));
+
+	asn1_push_tag(&data, ASN1_APPLICATION(0));
+	asn1_write_OID(&data, OID_KERBEROS5);
+	asn1_write_BOOLEAN(&data, 0);
+	asn1_write(&data, ticket.data, ticket.length);
+	asn1_pop_tag(&data);
+
+	if (data.has_error) {
+		DEBUG(1,("Failed to build krb5 wrapper at offset %d\n", (int)data.ofs));
+		asn1_free(&data);
+	}
+
+	ret = data_blob(data.data, data.length);
+	asn1_free(&data);
+
+	return ret;
+}
+
+/*
+  parse a krb5 GSS-API wrapper packet giving a ticket
+*/
+BOOL spnego_parse_krb5_wrap(DATA_BLOB blob, DATA_BLOB *ticket)
+{
+	BOOL ret;
+	ASN1_DATA data;
+	int data_remaining;
+
+	asn1_load(&data, blob);
+	asn1_start_tag(&data, ASN1_APPLICATION(0));
+	asn1_check_OID(&data, OID_KERBEROS5);
+	asn1_check_BOOLEAN(&data, 0);
+
+	data_remaining = asn1_tag_remaining(&data);
+
+	if (data_remaining < 1) {
+		data.has_error = True;
+	} else {
+		
+		*ticket = data_blob(data.data, data_remaining);
+		asn1_read(&data, ticket->data, ticket->length);
+	}
+
+	asn1_end_tag(&data);
+
+	ret = !data.has_error;
+
+	asn1_free(&data);
+
+	return ret;
+}
+
+
+/* 
+   generate a SPNEGO negTokenTarg packet, ready for a EXTENDED_SECURITY
+   kerberos session setup 
+*/
+DATA_BLOB spnego_gen_negTokenTarg(struct cli_state *cli, char *principal)
+{
+	DATA_BLOB tkt, tkt_wrapped, targ;
+	const char *krb_mechs[] = {OID_KERBEROS5_OLD, OID_NTLMSSP, NULL};
+
+	/* get a kerberos ticket for the service */
+	tkt = krb5_get_ticket(principal);
+
+	/* wrap that up in a nice GSS-API wrapping */
+	tkt_wrapped = spnego_gen_krb5_wrap(tkt);
+
+	/* and wrap that in a shiny SPNEGO wrapper */
+	targ = gen_negTokenTarg(krb_mechs, tkt_wrapped);
+
+	data_blob_free(&tkt_wrapped);
+	data_blob_free(&tkt);
+
+	return targ;
+}
+
+
+/*
+  parse a spnego NTLMSSP challenge packet giving two security blobs
+*/
+BOOL spnego_parse_challenge(DATA_BLOB blob,
+			    DATA_BLOB *chal1, DATA_BLOB *chal2)
+{
+	BOOL ret;
+	ASN1_DATA data;
+
+	ZERO_STRUCTP(chal1);
+	ZERO_STRUCTP(chal2);
+
+	asn1_load(&data, blob);
+	asn1_start_tag(&data,ASN1_CONTEXT(1));
+	asn1_start_tag(&data,ASN1_SEQUENCE(0));
+
+	asn1_start_tag(&data,ASN1_CONTEXT(0));
+	asn1_check_enumerated(&data,1);
+	asn1_end_tag(&data);
+
+	asn1_start_tag(&data,ASN1_CONTEXT(1));
+	asn1_check_OID(&data, OID_NTLMSSP);
+	asn1_end_tag(&data);
+
+	asn1_start_tag(&data,ASN1_CONTEXT(2));
+	asn1_read_OctetString(&data, chal1);
+	asn1_end_tag(&data);
+
+	/* the second challenge is optional (XP doesn't send it) */
+	if (asn1_tag_remaining(&data)) {
+		asn1_start_tag(&data,ASN1_CONTEXT(3));
+		asn1_read_OctetString(&data, chal2);
+		asn1_end_tag(&data);
+	}
+
+	asn1_end_tag(&data);
+	asn1_end_tag(&data);
+
+	ret = !data.has_error;
+	asn1_free(&data);
+	return ret;
+}
+
+
+/*
+  generate a spnego NTLMSSP challenge packet given two security blobs
+  The second challenge is optional
+*/
+BOOL spnego_gen_challenge(DATA_BLOB *blob,
+			  DATA_BLOB *chal1, DATA_BLOB *chal2)
+{
+	ASN1_DATA data;
+
+	ZERO_STRUCT(data);
+
+	asn1_push_tag(&data,ASN1_CONTEXT(1));
+	asn1_push_tag(&data,ASN1_SEQUENCE(0));
+
+	asn1_push_tag(&data,ASN1_CONTEXT(0));
+	asn1_write_enumerated(&data,1);
+	asn1_pop_tag(&data);
+
+	asn1_push_tag(&data,ASN1_CONTEXT(1));
+	asn1_write_OID(&data, OID_NTLMSSP);
+	asn1_pop_tag(&data);
+
+	asn1_push_tag(&data,ASN1_CONTEXT(2));
+	asn1_write_OctetString(&data, chal1->data, chal1->length);
+	asn1_pop_tag(&data);
+
+	/* the second challenge is optional (XP doesn't send it) */
+	if (chal2) {
+		asn1_push_tag(&data,ASN1_CONTEXT(3));
+		asn1_write_OctetString(&data, chal2->data, chal2->length);
+		asn1_pop_tag(&data);
+	}
+
+	asn1_pop_tag(&data);
+	asn1_pop_tag(&data);
+
+	if (data.has_error) {
+		return False;
+	}
+
+	*blob = data_blob(data.data, data.length);
+	asn1_free(&data);
+	return True;
+}
+
+/*
+ generate a SPNEGO NTLMSSP auth packet. This will contain the encrypted passwords
+*/
+DATA_BLOB spnego_gen_auth(DATA_BLOB blob)
+{
+	ASN1_DATA data;
+	DATA_BLOB ret;
+
+	memset(&data, 0, sizeof(data));
+
+	asn1_push_tag(&data, ASN1_CONTEXT(1));
+	asn1_push_tag(&data, ASN1_SEQUENCE(0));
+	asn1_push_tag(&data, ASN1_CONTEXT(2));
+	asn1_write_OctetString(&data,blob.data,blob.length);	
+	asn1_pop_tag(&data);
+	asn1_pop_tag(&data);
+	asn1_pop_tag(&data);
+
+	ret = data_blob(data.data, data.length);
+
+	asn1_free(&data);
+
+	return ret;
+}
+
+/*
+ parse a SPNEGO NTLMSSP auth packet. This contains the encrypted passwords
+*/
+BOOL spnego_parse_auth(DATA_BLOB blob, DATA_BLOB *auth)
+{
+	ASN1_DATA data;
+
+	asn1_load(&data, blob);
+	asn1_start_tag(&data, ASN1_CONTEXT(1));
+	asn1_start_tag(&data, ASN1_SEQUENCE(0));
+	asn1_start_tag(&data, ASN1_CONTEXT(2));
+	asn1_read_OctetString(&data,auth);
+	asn1_end_tag(&data);
+	asn1_end_tag(&data);
+	asn1_end_tag(&data);
+
+	if (data.has_error) {
+		DEBUG(3,("spnego_parse_auth failed at %d\n", (int)data.ofs));
+		asn1_free(&data);
+		return False;
+	}
+
+	asn1_free(&data);
+	return True;
+}
+
+
+/*
+  this is a tiny msrpc packet generator. I am only using this to
+  avoid tying this code to a particular varient of our rpc code. This
+  generator is not general enough for all our rpc needs, its just
+  enough for the spnego/ntlmssp code
+
+  format specifiers are:
+
+  U = unicode string (input is unix string)
+  B = data blob (pointer + length)
+  b = data blob in header (pointer + length)
+  d = word (4 bytes)
+  C = constant ascii string
+ */
+BOOL msrpc_gen(DATA_BLOB *blob,
+	       const char *format, ...)
+{
+	int i, n;
+	va_list ap;
+	char *s;
+	uint8 *b;
+	int head_size=0, data_size=0;
+	int head_ofs, data_ofs;
+
+	/* first scan the format to work out the header and body size */
+	va_start(ap, format);
+	for (i=0; format[i]; i++) {
+		switch (format[i]) {
+		case 'U':
+			s = va_arg(ap, char *);
+			head_size += 8;
+			data_size += str_charnum(s) * 2;
+			break;
+		case 'B':
+			b = va_arg(ap, uint8 *);
+			head_size += 8;
+			data_size += va_arg(ap, int);
+			break;
+		case 'b':
+			b = va_arg(ap, uint8 *);
+			head_size += va_arg(ap, int);
+			break;
+		case 'd':
+			n = va_arg(ap, int);
+			head_size += 4;
+			break;
+		case 'C':
+			s = va_arg(ap, char *);
+			head_size += str_charnum(s) + 1;
+			break;
+		}
+	}
+	va_end(ap);
+
+	/* allocate the space, then scan the format again to fill in the values */
+	*blob = data_blob(NULL, head_size + data_size);
+
+	head_ofs = 0;
+	data_ofs = head_size;
+
+	va_start(ap, format);
+	for (i=0; format[i]; i++) {
+		switch (format[i]) {
+		case 'U':
+			s = va_arg(ap, char *);
+			n = str_charnum(s);
+			SSVAL(blob->data, head_ofs, n*2); head_ofs += 2;
+			SSVAL(blob->data, head_ofs, n*2); head_ofs += 2;
+			SIVAL(blob->data, head_ofs, data_ofs); head_ofs += 4;
+			push_string(NULL, blob->data+data_ofs, s, n*2, STR_UNICODE|STR_NOALIGN);
+			data_ofs += n*2;
+			break;
+		case 'B':
+			b = va_arg(ap, uint8 *);
+			n = va_arg(ap, int);
+			SSVAL(blob->data, head_ofs, n); head_ofs += 2;
+			SSVAL(blob->data, head_ofs, n); head_ofs += 2;
+			SIVAL(blob->data, head_ofs, data_ofs); head_ofs += 4;
+			memcpy(blob->data+data_ofs, b, n);
+			data_ofs += n;
+			break;
+		case 'd':
+			n = va_arg(ap, int);
+			SIVAL(blob->data, head_ofs, n); head_ofs += 4;
+			break;
+		case 'b':
+			b = va_arg(ap, uint8 *);
+			n = va_arg(ap, int);
+			memcpy(blob->data + head_ofs, b, n);
+			head_ofs += n;
+			break;
+		case 'C':
+			s = va_arg(ap, char *);
+			head_ofs += push_string(NULL, blob->data+head_ofs, s, -1, 
+						STR_ASCII|STR_TERMINATE);
+			break;
+		}
+	}
+	va_end(ap);
+
+	return True;
+}
+
+
+/*
+  this is a tiny msrpc packet parser. This the the partner of msrpc_gen
+
+  format specifiers are:
+
+  U = unicode string (input is unix string)
+  B = data blob
+  b = data blob in header
+  d = word (4 bytes)
+  C = constant ascii string
+ */
+BOOL msrpc_parse(DATA_BLOB *blob,
+		 const char *format, ...)
+{
+	int i;
+	va_list ap;
+	char **ps, *s;
+	DATA_BLOB *b;
+	int head_ofs = 0;
+	uint16 len1, len2;
+	uint32 ptr;
+	uint32 *v;
+	pstring p;
+
+	va_start(ap, format);
+	for (i=0; format[i]; i++) {
+		switch (format[i]) {
+		case 'U':
+			len1 = SVAL(blob->data, head_ofs); head_ofs += 2;
+			len2 = SVAL(blob->data, head_ofs); head_ofs += 2;
+			ptr =  IVAL(blob->data, head_ofs); head_ofs += 4;
+			/* make sure its in the right format - be strict */
+			if (len1 != len2 || (len1&1) || ptr + len1 > blob->length) {
+				return False;
+			}
+			ps = va_arg(ap, char **);
+			pull_string(NULL, p, blob->data + ptr, -1, len1, 
+				    STR_UNICODE|STR_NOALIGN);
+			(*ps) = strdup(p);
+			break;
+		case 'B':
+			len1 = SVAL(blob->data, head_ofs); head_ofs += 2;
+			len2 = SVAL(blob->data, head_ofs); head_ofs += 2;
+			ptr =  IVAL(blob->data, head_ofs); head_ofs += 4;
+			/* make sure its in the right format - be strict */
+			if (len1 != len2 || ptr + len1 > blob->length) {
+				return False;
+			}
+			b = (DATA_BLOB *)va_arg(ap, void *);
+			*b = data_blob(blob->data + ptr, len1);
+			break;
+		case 'b':
+			b = (DATA_BLOB *)va_arg(ap, void *);
+			len1 = va_arg(ap, unsigned);
+			*b = data_blob(blob->data + head_ofs, len1);
+			head_ofs += len1;
+			break;
+		case 'd':
+			v = va_arg(ap, uint32 *);
+			*v = IVAL(blob->data, head_ofs); head_ofs += 4;
+			break;
+		case 'C':
+			s = va_arg(ap, char *);
+			head_ofs += pull_string(NULL, p, blob->data+head_ofs, -1, 
+						blob->length - head_ofs, 
+						STR_ASCII|STR_TERMINATE);
+			if (strcmp(s, p) != 0) {
+				return False;
+			}
+			break;
+		}
+	}
+	va_end(ap);
+
+	return True;
+}
diff --git a/source3/libsmb/clistr.c b/source3/libsmb/clistr.c
new file mode 100644
index 0000000000..3c9964368e
--- /dev/null
+++ b/source3/libsmb/clistr.c
@@ -0,0 +1,43 @@
+/* 
+   Unix SMB/CIFS implementation.
+   client string routines
+   Copyright (C) Andrew Tridgell 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+int clistr_push(struct cli_state *cli, void *dest, const char *src, int dest_len, int flags)
+{
+	return push_string(cli->outbuf, dest, src, dest_len, flags);
+}
+
+int clistr_pull(struct cli_state *cli, char *dest, const void *src, int dest_len, int src_len, 
+		int flags)
+{
+	return pull_string(cli->inbuf, dest, src, dest_len, src_len, flags);
+}
+
+
+int clistr_align_out(struct cli_state *cli, const void *p, int flags)
+{
+	return align_string(cli->outbuf, p, flags);
+}
+
+int clistr_align_in(struct cli_state *cli, const void *p, int flags)
+{
+	return align_string(cli->inbuf, p, flags);
+}
diff --git a/source3/libsmb/clitrans.c b/source3/libsmb/clitrans.c
new file mode 100644
index 0000000000..3d862a1796
--- /dev/null
+++ b/source3/libsmb/clitrans.c
@@ -0,0 +1,468 @@
+/* 
+   Unix SMB/CIFS implementation.
+   client transaction calls
+   Copyright (C) Andrew Tridgell 1994-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#define NO_SYSLOG
+
+#include "includes.h"
+
+
+/****************************************************************************
+  send a SMB trans or trans2 request
+  ****************************************************************************/
+BOOL cli_send_trans(struct cli_state *cli, int trans, 
+		    const char *pipe_name, 
+		    int fid, int flags,
+		    uint16 *setup, int lsetup, int msetup,
+		    char *param, int lparam, int mparam,
+		    char *data, int ldata, int mdata)
+{
+	int i;
+	int this_ldata,this_lparam;
+	int tot_data=0,tot_param=0;
+	char *outdata,*outparam;
+	char *p;
+	int pipe_name_len=0;
+
+	this_lparam = MIN(lparam,cli->max_xmit - (500+lsetup*2)); /* hack */
+	this_ldata = MIN(ldata,cli->max_xmit - (500+lsetup*2+this_lparam));
+
+	memset(cli->outbuf,'\0',smb_size);
+	set_message(cli->outbuf,14+lsetup,0,True);
+	SCVAL(cli->outbuf,smb_com,trans);
+	SSVAL(cli->outbuf,smb_tid, cli->cnum);
+	cli_setup_packet(cli);
+
+	if (pipe_name) {
+		pipe_name_len = clistr_push(cli, smb_buf(cli->outbuf), pipe_name, -1, STR_TERMINATE);
+	}
+
+	outparam = smb_buf(cli->outbuf)+(trans==SMBtrans ? pipe_name_len : 3);
+	outdata = outparam+this_lparam;
+
+	/* primary request */
+	SSVAL(cli->outbuf,smb_tpscnt,lparam);	/* tpscnt */
+	SSVAL(cli->outbuf,smb_tdscnt,ldata);	/* tdscnt */
+	SSVAL(cli->outbuf,smb_mprcnt,mparam);	/* mprcnt */
+	SSVAL(cli->outbuf,smb_mdrcnt,mdata);	/* mdrcnt */
+	SCVAL(cli->outbuf,smb_msrcnt,msetup);	/* msrcnt */
+	SSVAL(cli->outbuf,smb_flags,flags);	/* flags */
+	SIVAL(cli->outbuf,smb_timeout,0);		/* timeout */
+	SSVAL(cli->outbuf,smb_pscnt,this_lparam);	/* pscnt */
+	SSVAL(cli->outbuf,smb_psoff,smb_offset(outparam,cli->outbuf)); /* psoff */
+	SSVAL(cli->outbuf,smb_dscnt,this_ldata);	/* dscnt */
+	SSVAL(cli->outbuf,smb_dsoff,smb_offset(outdata,cli->outbuf)); /* dsoff */
+	SCVAL(cli->outbuf,smb_suwcnt,lsetup);	/* suwcnt */
+	for (i=0;i<lsetup;i++)		/* setup[] */
+		SSVAL(cli->outbuf,smb_setup+i*2,setup[i]);
+	p = smb_buf(cli->outbuf);
+	if (trans != SMBtrans) {
+		*p++ = 0;  /* put in a null smb_name */
+		*p++ = 'D'; *p++ = ' ';	/* observed in OS/2 */
+	}
+	if (this_lparam)			/* param[] */
+		memcpy(outparam,param,this_lparam);
+	if (this_ldata)			/* data[] */
+		memcpy(outdata,data,this_ldata);
+	cli_setup_bcc(cli, outdata+this_ldata);
+
+	show_msg(cli->outbuf);
+	cli_send_smb(cli);
+
+	if (this_ldata < ldata || this_lparam < lparam) {
+		/* receive interim response */
+		if (!cli_receive_smb(cli) || 
+		    cli_is_error(cli)) {
+			return(False);
+		}      
+
+		tot_data = this_ldata;
+		tot_param = this_lparam;
+		
+		while (tot_data < ldata || tot_param < lparam)  {
+			this_lparam = MIN(lparam-tot_param,cli->max_xmit - 500); /* hack */
+			this_ldata = MIN(ldata-tot_data,cli->max_xmit - (500+this_lparam));
+
+			set_message(cli->outbuf,trans==SMBtrans?8:9,0,True);
+			SCVAL(cli->outbuf,smb_com,(trans==SMBtrans ? SMBtranss : SMBtranss2));
+			
+			outparam = smb_buf(cli->outbuf);
+			outdata = outparam+this_lparam;
+			
+			/* secondary request */
+			SSVAL(cli->outbuf,smb_tpscnt,lparam);	/* tpscnt */
+			SSVAL(cli->outbuf,smb_tdscnt,ldata);	/* tdscnt */
+			SSVAL(cli->outbuf,smb_spscnt,this_lparam);	/* pscnt */
+			SSVAL(cli->outbuf,smb_spsoff,smb_offset(outparam,cli->outbuf)); /* psoff */
+			SSVAL(cli->outbuf,smb_spsdisp,tot_param);	/* psdisp */
+			SSVAL(cli->outbuf,smb_sdscnt,this_ldata);	/* dscnt */
+			SSVAL(cli->outbuf,smb_sdsoff,smb_offset(outdata,cli->outbuf)); /* dsoff */
+			SSVAL(cli->outbuf,smb_sdsdisp,tot_data);	/* dsdisp */
+			if (trans==SMBtrans2)
+				SSVALS(cli->outbuf,smb_sfid,fid);		/* fid */
+			if (this_lparam)			/* param[] */
+				memcpy(outparam,param+tot_param,this_lparam);
+			if (this_ldata)			/* data[] */
+				memcpy(outdata,data+tot_data,this_ldata);
+			cli_setup_bcc(cli, outdata+this_ldata);
+			
+			show_msg(cli->outbuf);
+			cli_send_smb(cli);
+			
+			tot_data += this_ldata;
+			tot_param += this_lparam;
+		}
+	}
+
+	return(True);
+}
+
+
+/****************************************************************************
+  receive a SMB trans or trans2 response allocating the necessary memory
+  ****************************************************************************/
+BOOL cli_receive_trans(struct cli_state *cli,int trans,
+                              char **param, int *param_len,
+                              char **data, int *data_len)
+{
+	int total_data=0;
+	int total_param=0;
+	int this_data,this_param;
+	NTSTATUS status;
+	char *tdata;
+	char *tparam;
+
+	*data_len = *param_len = 0;
+
+	if (!cli_receive_smb(cli))
+		return False;
+
+	show_msg(cli->inbuf);
+	
+	/* sanity check */
+	if (CVAL(cli->inbuf,smb_com) != trans) {
+		DEBUG(0,("Expected %s response, got command 0x%02x\n",
+			 trans==SMBtrans?"SMBtrans":"SMBtrans2", 
+			 CVAL(cli->inbuf,smb_com)));
+		return(False);
+	}
+
+	/*
+	 * An NT RPC pipe call can return ERRDOS, ERRmoredata
+	 * to a trans call. This is not an error and should not
+	 * be treated as such.
+	 */
+	status = cli_nt_error(cli);
+	
+	if (NT_STATUS_IS_ERR(status)) {
+		return False;
+	}
+
+	/* parse out the lengths */
+	total_data = SVAL(cli->inbuf,smb_tdrcnt);
+	total_param = SVAL(cli->inbuf,smb_tprcnt);
+
+	/* allocate it */
+	if (total_data!=0) {
+		tdata = Realloc(*data,total_data);
+		if (!tdata) {
+			DEBUG(0,("cli_receive_trans: failed to enlarge data buffer\n"));
+			return False;
+		}
+		else
+			*data = tdata;
+	}
+
+	if (total_param!=0) {
+		tparam = Realloc(*param,total_param);
+		if (!tparam) {
+			DEBUG(0,("cli_receive_trans: failed to enlarge param buffer\n"));
+			return False;
+		}
+		else
+			*param = tparam;
+	}
+
+	while (1)  {
+		this_data = SVAL(cli->inbuf,smb_drcnt);
+		this_param = SVAL(cli->inbuf,smb_prcnt);
+
+		if (this_data + *data_len > total_data ||
+		    this_param + *param_len > total_param) {
+			DEBUG(1,("Data overflow in cli_receive_trans\n"));
+			return False;
+		}
+
+		if (this_data)
+			memcpy(*data + SVAL(cli->inbuf,smb_drdisp),
+			       smb_base(cli->inbuf) + SVAL(cli->inbuf,smb_droff),
+			       this_data);
+		if (this_param)
+			memcpy(*param + SVAL(cli->inbuf,smb_prdisp),
+			       smb_base(cli->inbuf) + SVAL(cli->inbuf,smb_proff),
+			       this_param);
+		*data_len += this_data;
+		*param_len += this_param;
+
+		/* parse out the total lengths again - they can shrink! */
+		total_data = SVAL(cli->inbuf,smb_tdrcnt);
+		total_param = SVAL(cli->inbuf,smb_tprcnt);
+		
+		if (total_data <= *data_len && total_param <= *param_len)
+			break;
+		
+		if (!cli_receive_smb(cli))
+			return False;
+
+		show_msg(cli->inbuf);
+		
+		/* sanity check */
+		if (CVAL(cli->inbuf,smb_com) != trans) {
+			DEBUG(0,("Expected %s response, got command 0x%02x\n",
+				 trans==SMBtrans?"SMBtrans":"SMBtrans2", 
+				 CVAL(cli->inbuf,smb_com)));
+			return(False);
+		}
+		if (NT_STATUS_IS_ERR(cli_nt_error(cli))) {
+			return(False);
+		}
+	}
+	
+	return(True);
+}
+
+
+
+
+/****************************************************************************
+  send a SMB nttrans request
+  ****************************************************************************/
+BOOL cli_send_nt_trans(struct cli_state *cli, 
+		       int function, 
+		       int flags,
+		       uint16 *setup, int lsetup, int msetup,
+		       char *param, int lparam, int mparam,
+		       char *data, int ldata, int mdata)
+{
+	int i;
+	int this_ldata,this_lparam;
+	int tot_data=0,tot_param=0;
+	char *outdata,*outparam;
+
+	this_lparam = MIN(lparam,cli->max_xmit - (500+lsetup*2)); /* hack */
+	this_ldata = MIN(ldata,cli->max_xmit - (500+lsetup*2+this_lparam));
+
+	memset(cli->outbuf,'\0',smb_size);
+	set_message(cli->outbuf,19+lsetup,0,True);
+	SCVAL(cli->outbuf,smb_com,SMBnttrans);
+	SSVAL(cli->outbuf,smb_tid, cli->cnum);
+	cli_setup_packet(cli);
+
+	outparam = smb_buf(cli->outbuf)+3;
+	outdata = outparam+this_lparam;
+
+	/* primary request */
+	SCVAL(cli->outbuf,smb_nt_MaxSetupCount,msetup);
+	SCVAL(cli->outbuf,smb_nt_Flags,flags);
+	SIVAL(cli->outbuf,smb_nt_TotalParameterCount, lparam);
+	SIVAL(cli->outbuf,smb_nt_TotalDataCount, ldata);
+	SIVAL(cli->outbuf,smb_nt_MaxParameterCount, mparam);
+	SIVAL(cli->outbuf,smb_nt_MaxDataCount, mdata);
+	SIVAL(cli->outbuf,smb_nt_ParameterCount, this_lparam);
+	SIVAL(cli->outbuf,smb_nt_ParameterOffset, smb_offset(outparam,cli->outbuf));
+	SIVAL(cli->outbuf,smb_nt_DataCount, this_ldata);
+	SIVAL(cli->outbuf,smb_nt_DataOffset, smb_offset(outdata,cli->outbuf));
+	SIVAL(cli->outbuf,smb_nt_SetupCount, lsetup);
+	SIVAL(cli->outbuf,smb_nt_Function, function);
+	for (i=0;i<lsetup;i++)		/* setup[] */
+		SSVAL(cli->outbuf,smb_nt_SetupStart+i*2,setup[i]);
+	
+	if (this_lparam)			/* param[] */
+		memcpy(outparam,param,this_lparam);
+	if (this_ldata)			/* data[] */
+		memcpy(outdata,data,this_ldata);
+
+	cli_setup_bcc(cli, outdata+this_ldata);
+
+	show_msg(cli->outbuf);
+	cli_send_smb(cli);
+
+	if (this_ldata < ldata || this_lparam < lparam) {
+		/* receive interim response */
+		if (!cli_receive_smb(cli) || 
+		    cli_is_error(cli)) {
+			return(False);
+		}      
+
+		tot_data = this_ldata;
+		tot_param = this_lparam;
+		
+		while (tot_data < ldata || tot_param < lparam)  {
+			this_lparam = MIN(lparam-tot_param,cli->max_xmit - 500); /* hack */
+			this_ldata = MIN(ldata-tot_data,cli->max_xmit - (500+this_lparam));
+
+			set_message(cli->outbuf,18,0,True);
+			SCVAL(cli->outbuf,smb_com,SMBnttranss);
+
+			/* XXX - these should probably be aligned */
+			outparam = smb_buf(cli->outbuf);
+			outdata = outparam+this_lparam;
+			
+			/* secondary request */
+			SIVAL(cli->outbuf,smb_nts_TotalParameterCount,lparam);
+			SIVAL(cli->outbuf,smb_nts_TotalDataCount,ldata);
+			SIVAL(cli->outbuf,smb_nts_ParameterCount,this_lparam);
+			SIVAL(cli->outbuf,smb_nts_ParameterOffset,smb_offset(outparam,cli->outbuf));
+			SIVAL(cli->outbuf,smb_nts_ParameterDisplacement,tot_param);
+			SIVAL(cli->outbuf,smb_nts_DataCount,this_ldata);
+			SIVAL(cli->outbuf,smb_nts_DataOffset,smb_offset(outdata,cli->outbuf));
+			SIVAL(cli->outbuf,smb_nts_DataDisplacement,tot_data);
+			if (this_lparam)			/* param[] */
+				memcpy(outparam,param+tot_param,this_lparam);
+			if (this_ldata)			/* data[] */
+				memcpy(outdata,data+tot_data,this_ldata);
+			cli_setup_bcc(cli, outdata+this_ldata);
+			
+			show_msg(cli->outbuf);
+			cli_send_smb(cli);
+			
+			tot_data += this_ldata;
+			tot_param += this_lparam;
+		}
+	}
+
+	return(True);
+}
+
+
+
+/****************************************************************************
+  receive a SMB nttrans response allocating the necessary memory
+  ****************************************************************************/
+BOOL cli_receive_nt_trans(struct cli_state *cli,
+			  char **param, int *param_len,
+			  char **data, int *data_len)
+{
+	int total_data=0;
+	int total_param=0;
+	int this_data,this_param;
+	uint8 eclass;
+	uint32 ecode;
+	char *tdata;
+	char *tparam;
+
+	*data_len = *param_len = 0;
+
+	if (!cli_receive_smb(cli))
+		return False;
+
+	show_msg(cli->inbuf);
+	
+	/* sanity check */
+	if (CVAL(cli->inbuf,smb_com) != SMBnttrans) {
+		DEBUG(0,("Expected SMBnttrans response, got command 0x%02x\n",
+			 CVAL(cli->inbuf,smb_com)));
+		return(False);
+	}
+
+	/*
+	 * An NT RPC pipe call can return ERRDOS, ERRmoredata
+	 * to a trans call. This is not an error and should not
+	 * be treated as such.
+	 */
+	if (cli_is_dos_error(cli)) {
+                cli_dos_error(cli, &eclass, &ecode);
+		if (cli->nt_pipe_fnum == 0 || !(eclass == ERRDOS && ecode == ERRmoredata))
+			return(False);
+	}
+
+	/* parse out the lengths */
+	total_data = SVAL(cli->inbuf,smb_ntr_TotalDataCount);
+	total_param = SVAL(cli->inbuf,smb_ntr_TotalParameterCount);
+
+	/* allocate it */
+	if (total_data) {
+		tdata = Realloc(*data,total_data);
+		if (!tdata) {
+			DEBUG(0,("cli_receive_nt_trans: failed to enlarge data buffer to %d\n",total_data));
+			return False;
+		} else {
+			*data = tdata;
+		}
+	}
+
+	if (total_param) {
+		tparam = Realloc(*param,total_param);
+		if (!tparam) {
+			DEBUG(0,("cli_receive_nt_trans: failed to enlarge param buffer to %d\n", total_param));
+			return False;
+		} else {
+			*param = tparam;
+		}
+	}
+
+	while (1)  {
+		this_data = SVAL(cli->inbuf,smb_ntr_DataCount);
+		this_param = SVAL(cli->inbuf,smb_ntr_ParameterCount);
+
+		if (this_data + *data_len > total_data ||
+		    this_param + *param_len > total_param) {
+			DEBUG(1,("Data overflow in cli_receive_trans\n"));
+			return False;
+		}
+
+		if (this_data)
+			memcpy(*data + SVAL(cli->inbuf,smb_ntr_DataDisplacement),
+			       smb_base(cli->inbuf) + SVAL(cli->inbuf,smb_ntr_DataOffset),
+			       this_data);
+		if (this_param)
+			memcpy(*param + SVAL(cli->inbuf,smb_ntr_ParameterDisplacement),
+			       smb_base(cli->inbuf) + SVAL(cli->inbuf,smb_ntr_ParameterOffset),
+			       this_param);
+		*data_len += this_data;
+		*param_len += this_param;
+
+		/* parse out the total lengths again - they can shrink! */
+		total_data = SVAL(cli->inbuf,smb_ntr_TotalDataCount);
+		total_param = SVAL(cli->inbuf,smb_ntr_TotalParameterCount);
+		
+		if (total_data <= *data_len && total_param <= *param_len)
+			break;
+		
+		if (!cli_receive_smb(cli))
+			return False;
+
+		show_msg(cli->inbuf);
+		
+		/* sanity check */
+		if (CVAL(cli->inbuf,smb_com) != SMBnttrans) {
+			DEBUG(0,("Expected SMBnttrans response, got command 0x%02x\n",
+				 CVAL(cli->inbuf,smb_com)));
+			return(False);
+		}
+		if (cli_is_dos_error(cli)) {
+                        cli_dos_error(cli, &eclass, &ecode);
+			if(cli->nt_pipe_fnum == 0 || 
+                           !(eclass == ERRDOS && ecode == ERRmoredata))
+				return(False);
+		}
+	}
+	
+	return(True);
+}
diff --git a/source3/libsmb/credentials.c b/source3/libsmb/credentials.c
new file mode 100644
index 0000000000..0d521bae8a
--- /dev/null
+++ b/source3/libsmb/credentials.c
@@ -0,0 +1,215 @@
+/* 
+   Unix SMB/CIFS implementation.
+   code to manipulate domain credentials
+   Copyright (C) Andrew Tridgell 1997-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/****************************************************************************
+represent a credential as a string
+****************************************************************************/
+char *credstr(const uchar *cred)
+{
+	static fstring buf;
+	slprintf(buf, sizeof(buf) - 1, "%02X%02X%02X%02X%02X%02X%02X%02X",
+		cred[0], cred[1], cred[2], cred[3], 
+		cred[4], cred[5], cred[6], cred[7]);
+	return buf;
+}
+
+
+/****************************************************************************
+  setup the session key. 
+Input: 8 byte challenge block
+       8 byte server challenge block
+      16 byte md4 encrypted password
+Output:
+      8 byte session key
+****************************************************************************/
+void cred_session_key(const DOM_CHAL *clnt_chal, const DOM_CHAL *srv_chal, const uchar *pass, 
+		      uchar session_key[8])
+{
+	uint32 sum[2];
+	unsigned char sum2[8];
+
+	sum[0] = IVAL(clnt_chal->data, 0) + IVAL(srv_chal->data, 0);
+	sum[1] = IVAL(clnt_chal->data, 4) + IVAL(srv_chal->data, 4);
+
+	SIVAL(sum2,0,sum[0]);
+	SIVAL(sum2,4,sum[1]);
+
+	cred_hash1(session_key, sum2, pass);
+
+	/* debug output */
+	DEBUG(4,("cred_session_key\n"));
+
+	DEBUG(5,("	clnt_chal: %s\n", credstr(clnt_chal->data)));
+	DEBUG(5,("	srv_chal : %s\n", credstr(srv_chal->data)));
+	DEBUG(5,("	clnt+srv : %s\n", credstr(sum2)));
+	DEBUG(5,("	sess_key : %s\n", credstr(session_key)));
+}
+
+
+/****************************************************************************
+create a credential
+
+Input:
+      8 byte sesssion key
+      8 byte stored credential
+      4 byte timestamp
+
+Output:
+      8 byte credential
+****************************************************************************/
+void cred_create(uchar session_key[8], DOM_CHAL *stor_cred, UTIME timestamp, 
+		 DOM_CHAL *cred)
+{
+	DOM_CHAL time_cred;
+
+	SIVAL(time_cred.data, 0, IVAL(stor_cred->data, 0) + timestamp.time);
+	SIVAL(time_cred.data, 4, IVAL(stor_cred->data, 4));
+
+	cred_hash2(cred->data, time_cred.data, session_key);
+
+	/* debug output*/
+	DEBUG(4,("cred_create\n"));
+
+	DEBUG(5,("	sess_key : %s\n", credstr(session_key)));
+	DEBUG(5,("	stor_cred: %s\n", credstr(stor_cred->data)));
+	DEBUG(5,("	timestamp: %x\n"    , timestamp.time));
+	DEBUG(5,("	timecred : %s\n", credstr(time_cred.data)));
+	DEBUG(5,("	calc_cred: %s\n", credstr(cred->data)));
+}
+
+
+/****************************************************************************
+  check a supplied credential
+
+Input:
+      8 byte received credential
+      8 byte sesssion key
+      8 byte stored credential
+      4 byte timestamp
+
+Output:
+      returns 1 if computed credential matches received credential
+      returns 0 otherwise
+****************************************************************************/
+int cred_assert(DOM_CHAL *cred, uchar session_key[8], DOM_CHAL *stored_cred,
+		UTIME timestamp)
+{
+	DOM_CHAL cred2;
+
+	cred_create(session_key, stored_cred, timestamp, &cred2);
+
+	/* debug output*/
+	DEBUG(4,("cred_assert\n"));
+
+	DEBUG(5,("	challenge : %s\n", credstr(cred->data)));
+	DEBUG(5,("	calculated: %s\n", credstr(cred2.data)));
+
+	if (memcmp(cred->data, cred2.data, 8) == 0)
+	{
+		DEBUG(5, ("credentials check ok\n"));
+		return True;
+	}
+	else
+	{
+		DEBUG(5, ("credentials check wrong\n"));
+		return False;
+	}
+}
+
+
+/****************************************************************************
+  checks credentials; generates next step in the credential chain
+****************************************************************************/
+BOOL clnt_deal_with_creds(uchar sess_key[8],
+			  DOM_CRED *sto_clnt_cred, DOM_CRED *rcv_srv_cred)
+{
+	UTIME new_clnt_time;
+	uint32 new_cred;
+
+	DEBUG(5,("clnt_deal_with_creds: %d\n", __LINE__));
+
+	/* increment client time by one second */
+	new_clnt_time.time = sto_clnt_cred->timestamp.time + 1;
+
+	/* check that the received server credentials are valid */
+	if (!cred_assert(&rcv_srv_cred->challenge, sess_key,
+			 &sto_clnt_cred->challenge, new_clnt_time))
+	{
+		return False;
+	}
+
+	/* first 4 bytes of the new seed is old client 4 bytes + clnt time + 1 */
+	new_cred = IVAL(sto_clnt_cred->challenge.data, 0);
+	new_cred += new_clnt_time.time;
+
+	/* store new seed in client credentials */
+	SIVAL(sto_clnt_cred->challenge.data, 0, new_cred);
+
+	DEBUG(5,("	new clnt cred: %s\n", credstr(sto_clnt_cred->challenge.data)));
+	return True;
+}
+
+
+/****************************************************************************
+  checks credentials; generates next step in the credential chain
+****************************************************************************/
+BOOL deal_with_creds(uchar sess_key[8],
+		     DOM_CRED *sto_clnt_cred, 
+		     DOM_CRED *rcv_clnt_cred, DOM_CRED *rtn_srv_cred)
+{
+	UTIME new_clnt_time;
+	uint32 new_cred;
+
+	DEBUG(5,("deal_with_creds: %d\n", __LINE__));
+
+	/* check that the received client credentials are valid */
+	if (!cred_assert(&rcv_clnt_cred->challenge, sess_key,
+                    &sto_clnt_cred->challenge, rcv_clnt_cred->timestamp))
+	{
+		return False;
+	}
+
+	/* increment client time by one second */
+	new_clnt_time.time = rcv_clnt_cred->timestamp.time + 1;
+
+	/* first 4 bytes of the new seed is old client 4 bytes + clnt time + 1 */
+	new_cred = IVAL(sto_clnt_cred->challenge.data, 0);
+	new_cred += new_clnt_time.time;
+
+	DEBUG(5,("deal_with_creds: new_cred[0]=%x\n", new_cred));
+
+	/* doesn't matter that server time is 0 */
+	rtn_srv_cred->timestamp.time = 0;
+
+	DEBUG(5,("deal_with_creds: new_clnt_time=%x\n", new_clnt_time.time));
+
+	/* create return credentials for inclusion in the reply */
+	cred_create(sess_key, &sto_clnt_cred->challenge, new_clnt_time,
+	            &rtn_srv_cred->challenge);
+	
+	DEBUG(5,("deal_with_creds: clnt_cred=%s\n", credstr(sto_clnt_cred->challenge.data)));
+
+	/* store new seed in client credentials */
+	SIVAL(sto_clnt_cred->challenge.data, 0, new_cred);
+
+	return True;
+}
diff --git a/source3/libsmb/doserr.c b/source3/libsmb/doserr.c
new file mode 100644
index 0000000000..adc001bf29
--- /dev/null
+++ b/source3/libsmb/doserr.c
@@ -0,0 +1,89 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  DOS error routines
+ *  Copyright (C) Tim Potter 2002.
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+/* DOS error codes.  please read doserr.h */
+
+#include "includes.h"
+
+typedef const struct
+{
+	char *dos_errstr;
+	WERROR werror;
+} werror_code_struct;
+
+werror_code_struct dos_errs[] =
+{
+	{ "WERR_OK", WERR_OK },
+	{ "WERR_BADFILE", WERR_BADFILE },
+	{ "WERR_ACCESS_DENIED", WERR_ACCESS_DENIED },
+	{ "WERR_BADFID", WERR_BADFID },
+	{ "WERR_BADFUNC", WERR_BADFUNC },
+	{ "WERR_INSUFFICIENT_BUFFER", WERR_INSUFFICIENT_BUFFER },
+	{ "WERR_NO_SUCH_SHARE", WERR_NO_SUCH_SHARE },
+	{ "WERR_ALREADY_EXISTS", WERR_ALREADY_EXISTS },
+	{ "WERR_INVALID_PARAM", WERR_INVALID_PARAM },
+	{ "WERR_NOT_SUPPORTED", WERR_NOT_SUPPORTED },
+	{ "WERR_BAD_PASSWORD", WERR_BAD_PASSWORD },
+	{ "WERR_NOMEM", WERR_NOMEM },
+	{ "WERR_INVALID_NAME", WERR_INVALID_NAME },
+	{ "WERR_UNKNOWN_LEVEL", WERR_UNKNOWN_LEVEL },
+	{ "WERR_OBJECT_PATH_INVALID", WERR_OBJECT_PATH_INVALID },
+	{ "WERR_NO_MORE_ITEMS", WERR_NO_MORE_ITEMS },
+	{ "WERR_MORE_DATA", WERR_MORE_DATA },
+	{ "WERR_UNKNOWN_PRINTER_DRIVER", WERR_UNKNOWN_PRINTER_DRIVER },
+	{ "WERR_INVALID_PRINTER_NAME", WERR_INVALID_PRINTER_NAME },
+	{ "WERR_PRINTER_ALREADY_EXISTS", WERR_PRINTER_ALREADY_EXISTS },
+	{ "WERR_INVALID_DATATYPE", WERR_INVALID_DATATYPE },
+	{ "WERR_INVALID_ENVIRONMENT", WERR_INVALID_ENVIRONMENT },
+	{ "WERR_INVALID_FORM_NAME", WERR_INVALID_FORM_NAME },
+	{ "WERR_INVALID_FORM_SIZE", WERR_INVALID_FORM_SIZE },
+	{ "WERR_BUF_TOO_SMALL", WERR_BUF_TOO_SMALL },
+	{ "WERR_JOB_NOT_FOUND", WERR_JOB_NOT_FOUND },
+	{ "WERR_DEST_NOT_FOUND", WERR_DEST_NOT_FOUND },
+	{ "WERR_NOT_LOCAL_DOMAIN", WERR_NOT_LOCAL_DOMAIN },
+	{ "WERR_PRINTER_DRIVER_IN_USE", WERR_PRINTER_DRIVER_IN_USE },
+	{ "WERR_STATUS_MORE_ENTRIES  ", WERR_STATUS_MORE_ENTRIES },
+	{ "WERR_DFS_NO_SUCH_VOL", WERR_DFS_NO_SUCH_VOL },
+	{ "WERR_DFS_NO_SUCH_SHARE", WERR_DFS_NO_SUCH_SHARE },
+	{ "WERR_DFS_NO_SUCH_SERVER", WERR_DFS_NO_SUCH_SERVER },
+	{ "WERR_DFS_INTERNAL_ERROR", WERR_DFS_INTERNAL_ERROR },
+	{ "WERR_DFS_CANT_CREATE_JUNCT", WERR_DFS_CANT_CREATE_JUNCT },
+	{ NULL, W_ERROR(0) }
+};
+
+/*****************************************************************************
+ returns a DOS error message.  not amazingly helpful, but better than a number.
+ *****************************************************************************/
+char *dos_errstr(WERROR werror)
+{
+        static pstring msg;
+        int idx = 0;
+
+	slprintf(msg, sizeof(msg), "DOS code 0x%08x", W_ERROR_V(werror));
+
+	while (dos_errs[idx].dos_errstr != NULL) {
+		if (W_ERROR_V(dos_errs[idx].werror) == 
+                    W_ERROR_V(werror))
+                        return dos_errs[idx].dos_errstr;
+		idx++;
+	}
+
+        return msg;
+}
diff --git a/source3/libsmb/errormap.c b/source3/libsmb/errormap.c
new file mode 100644
index 0000000000..c30db3ad95
--- /dev/null
+++ b/source3/libsmb/errormap.c
@@ -0,0 +1,1483 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  error mapping functions
+ *  Copyright (C) Andrew Tridgell 2001
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+/* This map was extracted by the ERRMAPEXTRACT smbtorture command. 
+   The setup was a Samba HEAD (2002-01-03) PDC and an Win2k member 
+   workstation.  The PDC was modified (by using the 'name_to_nt_status'
+   authentication module) to convert the username (in hex) into the
+   corresponding NTSTATUS error return. 
+
+   By opening two nbt sessions to the Win2k workstation, one negotiating
+   DOS and one negotiating NT errors it was possible to extract the
+   error mapping.  (Because the server only supplies NT errors, the 
+   NT4 workstation had to use its own error tables to convert these
+   to dos errors). 
+
+   Some errors show up as 'squashed' because the NT error connection
+   got back a different error to the one it sent, so a mapping could
+   not be determined (a guess has been made in this case, to map the
+   error as squashed).  This is done mainly to prevent users from getting
+   NT_STATUS_WRONG_PASSWORD and NT_STATUS_NO_SUCH_USER errors (they get
+   NT_STATUS_LOGON_FAILURE instead.
+
+   -- abartlet (2002-01-03)
+*/
+
+/* NT status -> dos error map */
+const static struct {
+	uint8 dos_class;
+	uint32 dos_code;
+	NTSTATUS ntstatus;
+} ntstatus_to_dos_map[] = {
+	{ERRDOS,	ERRgeneral,	NT_STATUS_UNSUCCESSFUL},
+	{ERRDOS,	ERRbadfunc,	NT_STATUS_NOT_IMPLEMENTED},
+	{ERRDOS,	87,	NT_STATUS_INVALID_INFO_CLASS},
+	{ERRDOS,	24,	NT_STATUS_INFO_LENGTH_MISMATCH},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_ACCESS_VIOLATION},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_IN_PAGE_ERROR},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_PAGEFILE_QUOTA},
+	{ERRDOS,	ERRbadfid,	NT_STATUS_INVALID_HANDLE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_BAD_INITIAL_STACK},
+	{ERRDOS,	193,	NT_STATUS_BAD_INITIAL_PC},
+	{ERRDOS,	87,	NT_STATUS_INVALID_CID},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_TIMER_NOT_CANCELED},
+	{ERRDOS,	87,	NT_STATUS_INVALID_PARAMETER},
+	{ERRDOS,	ERRbadfile,	NT_STATUS_NO_SUCH_DEVICE},
+	{ERRDOS,	ERRbadfile,	NT_STATUS_NO_SUCH_FILE},
+	{ERRDOS,	ERRbadfunc,	NT_STATUS_INVALID_DEVICE_REQUEST},
+	{ERRDOS,	38,	NT_STATUS_END_OF_FILE},
+	{ERRDOS,	34,	NT_STATUS_WRONG_VOLUME},
+	{ERRDOS,	21,	NT_STATUS_NO_MEDIA_IN_DEVICE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_UNRECOGNIZED_MEDIA},
+	{ERRDOS,	27,	NT_STATUS_NONEXISTENT_SECTOR},
+/** Session setup succeeded.  This shouldn't happen...*/
+/** Session setup succeeded.  This shouldn't happen...*/
+/** NT error on DOS connection! (NT_STATUS_OK) */
+/*	{ This NT error code was 'sqashed'
+	 from NT_STATUS_MORE_PROCESSING_REQUIRED to NT_STATUS_OK 
+	 during the session setup }
+*/
+#if 0
+	{SUCCESS,	0,	NT_STATUS_OK},
+#endif
+	{ERRDOS,	ERRnomem,	NT_STATUS_NO_MEMORY},
+	{ERRDOS,	487,	NT_STATUS_CONFLICTING_ADDRESSES},
+	{ERRDOS,	487,	NT_STATUS_NOT_MAPPED_VIEW},
+	{ERRDOS,	87,	NT_STATUS_UNABLE_TO_FREE_VM},
+	{ERRDOS,	87,	NT_STATUS_UNABLE_TO_DELETE_SECTION},
+	{ERRDOS,	2142,	NT_STATUS_INVALID_SYSTEM_SERVICE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_ILLEGAL_INSTRUCTION},
+	{ERRDOS,	ERRnoaccess,	NT_STATUS_INVALID_LOCK_SEQUENCE},
+	{ERRDOS,	ERRnoaccess,	NT_STATUS_INVALID_VIEW_SIZE},
+	{ERRDOS,	193,	NT_STATUS_INVALID_FILE_FOR_SECTION},
+	{ERRDOS,	ERRnoaccess,	NT_STATUS_ALREADY_COMMITTED},
+/*	{ This NT error code was 'sqashed'
+	 from NT_STATUS_ACCESS_DENIED to NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE 
+	 during the session setup }
+*/
+	{ERRDOS,	ERRnoaccess,	NT_STATUS_ACCESS_DENIED},
+	{ERRDOS,	111,	NT_STATUS_BUFFER_TOO_SMALL},
+	{ERRDOS,	ERRbadfid,	NT_STATUS_OBJECT_TYPE_MISMATCH},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_NONCONTINUABLE_EXCEPTION},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_INVALID_DISPOSITION},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_UNWIND},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_BAD_STACK},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_INVALID_UNWIND_TARGET},
+	{ERRDOS,	158,	NT_STATUS_NOT_LOCKED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_PARITY_ERROR},
+	{ERRDOS,	487,	NT_STATUS_UNABLE_TO_DECOMMIT_VM},
+	{ERRDOS,	487,	NT_STATUS_NOT_COMMITTED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_INVALID_PORT_ATTRIBUTES},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_PORT_MESSAGE_TOO_LONG},
+	{ERRDOS,	87,	NT_STATUS_INVALID_PARAMETER_MIX},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_INVALID_QUOTA_LOWER},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_DISK_CORRUPT_ERROR},
+	{ERRDOS,	ERRinvalidname,	NT_STATUS_OBJECT_NAME_INVALID},
+	{ERRDOS,	ERRbadfile,	NT_STATUS_OBJECT_NAME_NOT_FOUND},
+	{ERRDOS,	183,	NT_STATUS_OBJECT_NAME_COLLISION},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_HANDLE_NOT_WAITABLE},
+	{ERRDOS,	ERRbadfid,	NT_STATUS_PORT_DISCONNECTED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_DEVICE_ALREADY_ATTACHED},
+	{ERRDOS,	161,	NT_STATUS_OBJECT_PATH_INVALID},
+	{ERRDOS,	ERRbadpath,	NT_STATUS_OBJECT_PATH_NOT_FOUND},
+	{ERRDOS,	161,	NT_STATUS_OBJECT_PATH_SYNTAX_BAD},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_DATA_OVERRUN},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_DATA_LATE_ERROR},
+	{ERRDOS,	23,	NT_STATUS_DATA_ERROR},
+	{ERRDOS,	23,	NT_STATUS_CRC_ERROR},
+	{ERRDOS,	ERRnomem,	NT_STATUS_SECTION_TOO_BIG},
+	{ERRDOS,	ERRnoaccess,	NT_STATUS_PORT_CONNECTION_REFUSED},
+	{ERRDOS,	ERRbadfid,	NT_STATUS_INVALID_PORT_HANDLE},
+	{ERRDOS,	ERRbadshare,	NT_STATUS_SHARING_VIOLATION},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_QUOTA_EXCEEDED},
+	{ERRDOS,	87,	NT_STATUS_INVALID_PAGE_PROTECTION},
+	{ERRDOS,	288,	NT_STATUS_MUTANT_NOT_OWNED},
+	{ERRDOS,	298,	NT_STATUS_SEMAPHORE_LIMIT_EXCEEDED},
+	{ERRDOS,	87,	NT_STATUS_PORT_ALREADY_SET},
+	{ERRDOS,	87,	NT_STATUS_SECTION_NOT_IMAGE},
+	{ERRDOS,	156,	NT_STATUS_SUSPEND_COUNT_EXCEEDED},
+	{ERRDOS,	ERRnoaccess,	NT_STATUS_THREAD_IS_TERMINATING},
+	{ERRDOS,	87,	NT_STATUS_BAD_WORKING_SET_LIMIT},
+	{ERRDOS,	87,	NT_STATUS_INCOMPATIBLE_FILE_MAP},
+	{ERRDOS,	87,	NT_STATUS_SECTION_PROTECTION},
+	{ERRDOS,	282,	NT_STATUS_EAS_NOT_SUPPORTED},
+	{ERRDOS,	255,	NT_STATUS_EA_TOO_LARGE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_NONEXISTENT_EA_ENTRY},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_NO_EAS_ON_FILE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_EA_CORRUPT_ERROR},
+	{ERRDOS,	ERRlock,	NT_STATUS_FILE_LOCK_CONFLICT},
+	{ERRDOS,	ERRlock,	NT_STATUS_LOCK_NOT_GRANTED},
+	{ERRDOS,	ERRnoaccess,	NT_STATUS_DELETE_PENDING},
+	{ERRDOS,	ERRunsup,	NT_STATUS_CTL_FILE_NOT_SUPPORTED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_UNKNOWN_REVISION},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_REVISION_MISMATCH},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_INVALID_OWNER},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_INVALID_PRIMARY_GROUP},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_NO_IMPERSONATION_TOKEN},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_CANT_DISABLE_MANDATORY},
+	{ERRDOS,	2215,	NT_STATUS_NO_LOGON_SERVERS},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_NO_SUCH_LOGON_SESSION},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_NO_SUCH_PRIVILEGE},
+	{ERRDOS,	ERRnoaccess,	NT_STATUS_PRIVILEGE_NOT_HELD},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_INVALID_ACCOUNT_NAME},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_USER_EXISTS},
+/*	{ This NT error code was 'sqashed'
+	 from NT_STATUS_NO_SUCH_USER to NT_STATUS_LOGON_FAILURE 
+	 during the session setup }
+*/
+	{ERRDOS,	ERRnoaccess,	NT_STATUS_NO_SUCH_USER},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_GROUP_EXISTS},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_NO_SUCH_GROUP},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_MEMBER_IN_GROUP},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_MEMBER_NOT_IN_GROUP},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_LAST_ADMIN},
+/*	{ This NT error code was 'sqashed'
+	 from NT_STATUS_WRONG_PASSWORD to NT_STATUS_LOGON_FAILURE 
+	 during the session setup }
+*/
+	{ERRSRV,	ERRbadpw,	NT_STATUS_WRONG_PASSWORD},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_ILL_FORMED_PASSWORD},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_PASSWORD_RESTRICTION},
+	{ERRDOS,	ERRnoaccess,	NT_STATUS_LOGON_FAILURE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_ACCOUNT_RESTRICTION},
+	{ERRSRV,	2241,	NT_STATUS_INVALID_LOGON_HOURS},
+	{ERRSRV,	2240,	NT_STATUS_INVALID_WORKSTATION},
+	{ERRSRV,	2242,	NT_STATUS_PASSWORD_EXPIRED},
+	{ERRSRV,	2239,	NT_STATUS_ACCOUNT_DISABLED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_NONE_MAPPED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_TOO_MANY_LUIDS_REQUESTED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_LUIDS_EXHAUSTED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_INVALID_SUB_AUTHORITY},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_INVALID_ACL},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_INVALID_SID},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_INVALID_SECURITY_DESCR},
+	{ERRDOS,	127,	NT_STATUS_PROCEDURE_NOT_FOUND},
+	{ERRDOS,	193,	NT_STATUS_INVALID_IMAGE_FORMAT},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_NO_TOKEN},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_BAD_INHERITANCE_ACL},
+	{ERRDOS,	158,	NT_STATUS_RANGE_NOT_LOCKED},
+	{ERRDOS,	112,	NT_STATUS_DISK_FULL},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_SERVER_DISABLED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_SERVER_NOT_DISABLED},
+	{ERRDOS,	68,	NT_STATUS_TOO_MANY_GUIDS_REQUESTED},
+	{ERRDOS,	259,	NT_STATUS_GUIDS_EXHAUSTED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_INVALID_ID_AUTHORITY},
+	{ERRDOS,	259,	NT_STATUS_AGENTS_EXHAUSTED},
+	{ERRDOS,	154,	NT_STATUS_INVALID_VOLUME_LABEL},
+	{ERRDOS,	ERRres,	NT_STATUS_SECTION_NOT_EXTENDED},
+	{ERRDOS,	487,	NT_STATUS_NOT_MAPPED_DATA},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_RESOURCE_DATA_NOT_FOUND},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_RESOURCE_TYPE_NOT_FOUND},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_RESOURCE_NAME_NOT_FOUND},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_ARRAY_BOUNDS_EXCEEDED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_FLOAT_DENORMAL_OPERAND},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_FLOAT_DIVIDE_BY_ZERO},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_FLOAT_INEXACT_RESULT},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_FLOAT_INVALID_OPERATION},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_FLOAT_OVERFLOW},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_FLOAT_STACK_CHECK},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_FLOAT_UNDERFLOW},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_INTEGER_DIVIDE_BY_ZERO},
+	{ERRDOS,	534,	NT_STATUS_INTEGER_OVERFLOW},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_PRIVILEGED_INSTRUCTION},
+	{ERRDOS,	ERRnomem,	NT_STATUS_TOO_MANY_PAGING_FILES},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_FILE_INVALID},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_ALLOTTED_SPACE_EXCEEDED},
+/*	{ This NT error code was 'sqashed'
+	 from NT_STATUS_INSUFFICIENT_RESOURCES to NT_STATUS_INSUFF_SERVER_RESOURCES 
+	 during the session setup }
+*/
+	{ERRDOS,	ERRnomem,	NT_STATUS_INSUFFICIENT_RESOURCES},
+	{ERRDOS,	ERRbadpath,	NT_STATUS_DFS_EXIT_PATH_FOUND},
+	{ERRDOS,	23,	NT_STATUS_DEVICE_DATA_ERROR},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_DEVICE_NOT_CONNECTED},
+	{ERRDOS,	21,	NT_STATUS_DEVICE_POWER_FAILURE},
+	{ERRDOS,	487,	NT_STATUS_FREE_VM_NOT_AT_BASE},
+	{ERRDOS,	487,	NT_STATUS_MEMORY_NOT_ALLOCATED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_WORKING_SET_QUOTA},
+	{ERRDOS,	19,	NT_STATUS_MEDIA_WRITE_PROTECTED},
+	{ERRDOS,	21,	NT_STATUS_DEVICE_NOT_READY},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_INVALID_GROUP_ATTRIBUTES},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_BAD_IMPERSONATION_LEVEL},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_CANT_OPEN_ANONYMOUS},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_BAD_VALIDATION_CLASS},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_BAD_TOKEN_TYPE},
+	{ERRDOS,	87,	NT_STATUS_BAD_MASTER_BOOT_RECORD},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_INSTRUCTION_MISALIGNMENT},
+	{ERRDOS,	ERRpipebusy,	NT_STATUS_INSTANCE_NOT_AVAILABLE},
+	{ERRDOS,	ERRpipebusy,	NT_STATUS_PIPE_NOT_AVAILABLE},
+	{ERRDOS,	ERRbadpipe,	NT_STATUS_INVALID_PIPE_STATE},
+	{ERRDOS,	ERRpipebusy,	NT_STATUS_PIPE_BUSY},
+	{ERRDOS,	ERRbadfunc,	NT_STATUS_ILLEGAL_FUNCTION},
+	{ERRDOS,	ERRnotconnected,	NT_STATUS_PIPE_DISCONNECTED},
+	{ERRDOS,	ERRpipeclosing,	NT_STATUS_PIPE_CLOSING},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_PIPE_CONNECTED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_PIPE_LISTENING},
+	{ERRDOS,	ERRbadpipe,	NT_STATUS_INVALID_READ_MODE},
+	{ERRDOS,	121,	NT_STATUS_IO_TIMEOUT},
+	{ERRDOS,	38,	NT_STATUS_FILE_FORCED_CLOSED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_PROFILING_NOT_STARTED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_PROFILING_NOT_STOPPED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_COULD_NOT_INTERPRET},
+	{ERRDOS,	ERRnoaccess,	NT_STATUS_FILE_IS_A_DIRECTORY},
+	{ERRDOS,	ERRunsup,	NT_STATUS_NOT_SUPPORTED},
+	{ERRDOS,	51,	NT_STATUS_REMOTE_NOT_LISTENING},
+	{ERRDOS,	52,	NT_STATUS_DUPLICATE_NAME},
+	{ERRDOS,	53,	NT_STATUS_BAD_NETWORK_PATH},
+	{ERRDOS,	54,	NT_STATUS_NETWORK_BUSY},
+	{ERRDOS,	55,	NT_STATUS_DEVICE_DOES_NOT_EXIST},
+	{ERRDOS,	56,	NT_STATUS_TOO_MANY_COMMANDS},
+	{ERRDOS,	57,	NT_STATUS_ADAPTER_HARDWARE_ERROR},
+	{ERRDOS,	58,	NT_STATUS_INVALID_NETWORK_RESPONSE},
+	{ERRDOS,	59,	NT_STATUS_UNEXPECTED_NETWORK_ERROR},
+	{ERRDOS,	60,	NT_STATUS_BAD_REMOTE_ADAPTER},
+	{ERRDOS,	61,	NT_STATUS_PRINT_QUEUE_FULL},
+	{ERRDOS,	62,	NT_STATUS_NO_SPOOL_SPACE},
+	{ERRDOS,	63,	NT_STATUS_PRINT_CANCELLED},
+	{ERRDOS,	64,	NT_STATUS_NETWORK_NAME_DELETED},
+	{ERRDOS,	65,	NT_STATUS_NETWORK_ACCESS_DENIED},
+	{ERRDOS,	66,	NT_STATUS_BAD_DEVICE_TYPE},
+	{ERRDOS,	ERRnosuchshare,	NT_STATUS_BAD_NETWORK_NAME},
+	{ERRDOS,	68,	NT_STATUS_TOO_MANY_NAMES},
+	{ERRDOS,	69,	NT_STATUS_TOO_MANY_SESSIONS},
+	{ERRDOS,	70,	NT_STATUS_SHARING_PAUSED},
+	{ERRDOS,	71,	NT_STATUS_REQUEST_NOT_ACCEPTED},
+	{ERRDOS,	72,	NT_STATUS_REDIRECTOR_PAUSED},
+	{ERRDOS,	88,	NT_STATUS_NET_WRITE_FAULT},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_PROFILING_AT_LIMIT},
+	{ERRDOS,	ERRdiffdevice,	NT_STATUS_NOT_SAME_DEVICE},
+	{ERRDOS,	ERRnoaccess,	NT_STATUS_FILE_RENAMED},
+	{ERRDOS,	240,	NT_STATUS_VIRTUAL_CIRCUIT_CLOSED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_NO_SECURITY_ON_OBJECT},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_CANT_WAIT},
+	{ERRDOS,	ERRpipeclosing,	NT_STATUS_PIPE_EMPTY},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_CANT_ACCESS_DOMAIN_INFO},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_CANT_TERMINATE_SELF},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_INVALID_SERVER_STATE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_INVALID_DOMAIN_STATE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_INVALID_DOMAIN_ROLE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_NO_SUCH_DOMAIN},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_DOMAIN_EXISTS},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_DOMAIN_LIMIT_EXCEEDED},
+	{ERRDOS,	300,	NT_STATUS_OPLOCK_NOT_GRANTED},
+	{ERRDOS,	301,	NT_STATUS_INVALID_OPLOCK_PROTOCOL},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_INTERNAL_DB_CORRUPTION},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_INTERNAL_ERROR},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_GENERIC_NOT_MAPPED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_BAD_DESCRIPTOR_FORMAT},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_INVALID_USER_BUFFER},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_UNEXPECTED_IO_ERROR},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_UNEXPECTED_MM_CREATE_ERR},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_UNEXPECTED_MM_MAP_ERROR},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_UNEXPECTED_MM_EXTEND_ERR},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_NOT_LOGON_PROCESS},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_LOGON_SESSION_EXISTS},
+	{ERRDOS,	87,	NT_STATUS_INVALID_PARAMETER_1},
+	{ERRDOS,	87,	NT_STATUS_INVALID_PARAMETER_2},
+	{ERRDOS,	87,	NT_STATUS_INVALID_PARAMETER_3},
+	{ERRDOS,	87,	NT_STATUS_INVALID_PARAMETER_4},
+	{ERRDOS,	87,	NT_STATUS_INVALID_PARAMETER_5},
+	{ERRDOS,	87,	NT_STATUS_INVALID_PARAMETER_6},
+	{ERRDOS,	87,	NT_STATUS_INVALID_PARAMETER_7},
+	{ERRDOS,	87,	NT_STATUS_INVALID_PARAMETER_8},
+	{ERRDOS,	87,	NT_STATUS_INVALID_PARAMETER_9},
+	{ERRDOS,	87,	NT_STATUS_INVALID_PARAMETER_10},
+	{ERRDOS,	87,	NT_STATUS_INVALID_PARAMETER_11},
+	{ERRDOS,	87,	NT_STATUS_INVALID_PARAMETER_12},
+	{ERRDOS,	ERRbadpath,	NT_STATUS_REDIRECTOR_NOT_STARTED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_REDIRECTOR_STARTED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_STACK_OVERFLOW},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_NO_SUCH_PACKAGE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_BAD_FUNCTION_TABLE},
+	{ERRDOS,	203,	NT_STATUS(0xc0000100)},
+	{ERRDOS,	145,	NT_STATUS_DIRECTORY_NOT_EMPTY},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_FILE_CORRUPT_ERROR},
+	{ERRDOS,	267,	NT_STATUS_NOT_A_DIRECTORY},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_BAD_LOGON_SESSION_STATE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_LOGON_SESSION_COLLISION},
+	{ERRDOS,	206,	NT_STATUS_NAME_TOO_LONG},
+	{ERRDOS,	2401,	NT_STATUS_FILES_OPEN},
+	{ERRDOS,	2404,	NT_STATUS_CONNECTION_IN_USE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_MESSAGE_NOT_FOUND},
+	{ERRDOS,	ERRnoaccess,	NT_STATUS_PROCESS_IS_TERMINATING},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_INVALID_LOGON_TYPE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_NO_GUID_TRANSLATION},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_CANNOT_IMPERSONATE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_IMAGE_ALREADY_LOADED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_ABIOS_NOT_PRESENT},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_ABIOS_LID_NOT_EXIST},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_ABIOS_LID_ALREADY_OWNED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_ABIOS_NOT_LID_OWNER},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_ABIOS_INVALID_COMMAND},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_ABIOS_INVALID_LID},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_ABIOS_SELECTOR_NOT_AVAILABLE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_ABIOS_INVALID_SELECTOR},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_NO_LDT},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_INVALID_LDT_SIZE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_INVALID_LDT_OFFSET},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_INVALID_LDT_DESCRIPTOR},
+	{ERRDOS,	193,	NT_STATUS_INVALID_IMAGE_NE_FORMAT},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_RXACT_INVALID_STATE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_RXACT_COMMIT_FAILURE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_MAPPED_FILE_SIZE_ZERO},
+	{ERRDOS,	ERRnofids,	NT_STATUS_TOO_MANY_OPENED_FILES},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_CANCELLED},
+	{ERRDOS,	ERRnoaccess,	NT_STATUS_CANNOT_DELETE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_INVALID_COMPUTER_NAME},
+	{ERRDOS,	ERRnoaccess,	NT_STATUS_FILE_DELETED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_SPECIAL_ACCOUNT},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_SPECIAL_GROUP},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_SPECIAL_USER},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_MEMBERS_PRIMARY_GROUP},
+	{ERRDOS,	ERRbadfid,	NT_STATUS_FILE_CLOSED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_TOO_MANY_THREADS},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_THREAD_NOT_IN_PROCESS},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_TOKEN_ALREADY_IN_USE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_PAGEFILE_QUOTA_EXCEEDED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_COMMITMENT_LIMIT},
+	{ERRDOS,	193,	NT_STATUS_INVALID_IMAGE_LE_FORMAT},
+	{ERRDOS,	193,	NT_STATUS_INVALID_IMAGE_NOT_MZ},
+	{ERRDOS,	193,	NT_STATUS_INVALID_IMAGE_PROTECT},
+	{ERRDOS,	193,	NT_STATUS_INVALID_IMAGE_WIN_16},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_LOGON_SERVER_CONFLICT},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_TIME_DIFFERENCE_AT_DC},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_SYNCHRONIZATION_REQUIRED},
+	{ERRDOS,	126,	NT_STATUS_DLL_NOT_FOUND},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_OPEN_FAILED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_IO_PRIVILEGE_FAILED},
+	{ERRDOS,	182,	NT_STATUS_ORDINAL_NOT_FOUND},
+	{ERRDOS,	127,	NT_STATUS_ENTRYPOINT_NOT_FOUND},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_CONTROL_C_EXIT},
+	{ERRDOS,	64,	NT_STATUS_LOCAL_DISCONNECT},
+	{ERRDOS,	64,	NT_STATUS_REMOTE_DISCONNECT},
+	{ERRDOS,	51,	NT_STATUS_REMOTE_RESOURCES},
+	{ERRDOS,	59,	NT_STATUS_LINK_FAILED},
+	{ERRDOS,	59,	NT_STATUS_LINK_TIMEOUT},
+	{ERRDOS,	59,	NT_STATUS_INVALID_CONNECTION},
+	{ERRDOS,	59,	NT_STATUS_INVALID_ADDRESS},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_DLL_INIT_FAILED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_MISSING_SYSTEMFILE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_UNHANDLED_EXCEPTION},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_APP_INIT_FAILURE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_PAGEFILE_CREATE_FAILED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_NO_PAGEFILE},
+	{ERRDOS,	124,	NT_STATUS_INVALID_LEVEL},
+	{ERRDOS,	86,	NT_STATUS_WRONG_PASSWORD_CORE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_ILLEGAL_FLOAT_CONTEXT},
+	{ERRDOS,	109,	NT_STATUS_PIPE_BROKEN},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_REGISTRY_CORRUPT},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_REGISTRY_IO_FAILED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_NO_EVENT_PAIR},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_UNRECOGNIZED_VOLUME},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_SERIAL_NO_DEVICE_INITED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_NO_SUCH_ALIAS},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_MEMBER_NOT_IN_ALIAS},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_MEMBER_IN_ALIAS},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_ALIAS_EXISTS},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_LOGON_NOT_GRANTED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_TOO_MANY_SECRETS},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_SECRET_TOO_LONG},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_INTERNAL_DB_ERROR},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_FULLSCREEN_MODE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_TOO_MANY_CONTEXT_IDS},
+	{ERRDOS,	ERRnoaccess,	NT_STATUS_LOGON_TYPE_NOT_GRANTED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_NOT_REGISTRY_FILE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_NT_CROSS_ENCRYPTION_REQUIRED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_DOMAIN_CTRLR_CONFIG_ERROR},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_FT_MISSING_MEMBER},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_ILL_FORMED_SERVICE_ENTRY},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_ILLEGAL_CHARACTER},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_UNMAPPABLE_CHARACTER},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_UNDEFINED_CHARACTER},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_FLOPPY_VOLUME},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_FLOPPY_ID_MARK_NOT_FOUND},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_FLOPPY_WRONG_CYLINDER},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_FLOPPY_UNKNOWN_ERROR},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_FLOPPY_BAD_REGISTERS},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_DISK_RECALIBRATE_FAILED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_DISK_OPERATION_FAILED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_DISK_RESET_FAILED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_SHARED_IRQ_BUSY},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_FT_ORPHANING},
+	{ERRHRD,	ERRgeneral,	NT_STATUS(0xc000016e)},
+	{ERRHRD,	ERRgeneral,	NT_STATUS(0xc000016f)},
+	{ERRHRD,	ERRgeneral,	NT_STATUS(0xc0000170)},
+	{ERRHRD,	ERRgeneral,	NT_STATUS(0xc0000171)},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_PARTITION_FAILURE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_INVALID_BLOCK_LENGTH},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_DEVICE_NOT_PARTITIONED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_UNABLE_TO_LOCK_MEDIA},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_UNABLE_TO_UNLOAD_MEDIA},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_EOM_OVERFLOW},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_NO_MEDIA},
+	{ERRHRD,	ERRgeneral,	NT_STATUS(0xc0000179)},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_NO_SUCH_MEMBER},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_INVALID_MEMBER},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_KEY_DELETED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_NO_LOG_SPACE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_TOO_MANY_SIDS},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_LM_CROSS_ENCRYPTION_REQUIRED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_KEY_HAS_CHILDREN},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_CHILD_MUST_BE_VOLATILE},
+	{ERRDOS,	87,	NT_STATUS_DEVICE_CONFIGURATION_ERROR},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_DRIVER_INTERNAL_ERROR},
+	{ERRDOS,	22,	NT_STATUS_INVALID_DEVICE_STATE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_IO_DEVICE_ERROR},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_DEVICE_PROTOCOL_ERROR},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_BACKUP_CONTROLLER},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_LOG_FILE_FULL},
+	{ERRDOS,	19,	NT_STATUS_TOO_LATE},
+	{ERRDOS,	ERRnoaccess,	NT_STATUS_NO_TRUST_LSA_SECRET},
+/*	{ This NT error code was 'sqashed'
+	 from NT_STATUS_NO_TRUST_SAM_ACCOUNT to NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE 
+	 during the session setup }
+*/
+	{ERRDOS,	ERRnoaccess,	NT_STATUS_NO_TRUST_SAM_ACCOUNT},
+	{ERRDOS,	ERRnoaccess,	NT_STATUS_TRUSTED_DOMAIN_FAILURE},
+	{ERRDOS,	ERRnoaccess,	NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_EVENTLOG_FILE_CORRUPT},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_EVENTLOG_CANT_START},
+	{ERRDOS,	ERRnoaccess,	NT_STATUS_TRUST_FAILURE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_MUTANT_LIMIT_EXCEEDED},
+	{ERRDOS,	ERRinvgroup,	NT_STATUS_NETLOGON_NOT_STARTED},
+	{ERRSRV,	2239,	NT_STATUS_ACCOUNT_EXPIRED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_POSSIBLE_DEADLOCK},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_NETWORK_CREDENTIAL_CONFLICT},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_REMOTE_SESSION_LIMIT},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_EVENTLOG_FILE_CHANGED},
+	{ERRDOS,	ERRnoaccess,	NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT},
+	{ERRDOS,	ERRnoaccess,	NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT},
+	{ERRDOS,	ERRnoaccess,	NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT},
+/*	{ This NT error code was 'sqashed'
+	 from NT_STATUS_DOMAIN_TRUST_INCONSISTENT to NT_STATUS_LOGON_FAILURE 
+	 during the session setup }
+*/
+	{ERRDOS,	ERRnoaccess,	NT_STATUS_DOMAIN_TRUST_INCONSISTENT},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_FS_DRIVER_REQUIRED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_NO_USER_SESSION_KEY},
+	{ERRDOS,	59,	NT_STATUS_USER_SESSION_DELETED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_RESOURCE_LANG_NOT_FOUND},
+	{ERRDOS,	ERRnomem,	NT_STATUS_INSUFF_SERVER_RESOURCES},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_INVALID_BUFFER_SIZE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_INVALID_ADDRESS_COMPONENT},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_INVALID_ADDRESS_WILDCARD},
+	{ERRDOS,	68,	NT_STATUS_TOO_MANY_ADDRESSES},
+	{ERRDOS,	52,	NT_STATUS_ADDRESS_ALREADY_EXISTS},
+	{ERRDOS,	64,	NT_STATUS_ADDRESS_CLOSED},
+	{ERRDOS,	64,	NT_STATUS_CONNECTION_DISCONNECTED},
+	{ERRDOS,	64,	NT_STATUS_CONNECTION_RESET},
+	{ERRDOS,	68,	NT_STATUS_TOO_MANY_NODES},
+	{ERRDOS,	59,	NT_STATUS_TRANSACTION_ABORTED},
+	{ERRDOS,	59,	NT_STATUS_TRANSACTION_TIMED_OUT},
+	{ERRDOS,	59,	NT_STATUS_TRANSACTION_NO_RELEASE},
+	{ERRDOS,	59,	NT_STATUS_TRANSACTION_NO_MATCH},
+	{ERRDOS,	59,	NT_STATUS_TRANSACTION_RESPONDED},
+	{ERRDOS,	59,	NT_STATUS_TRANSACTION_INVALID_ID},
+	{ERRDOS,	59,	NT_STATUS_TRANSACTION_INVALID_TYPE},
+	{ERRDOS,	ERRunsup,	NT_STATUS_NOT_SERVER_SESSION},
+	{ERRDOS,	ERRunsup,	NT_STATUS_NOT_CLIENT_SESSION},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_CANNOT_LOAD_REGISTRY_FILE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_DEBUG_ATTACH_FAILED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_SYSTEM_PROCESS_TERMINATED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_DATA_NOT_ACCEPTED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_NO_BROWSER_SERVERS_FOUND},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_VDM_HARD_ERROR},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_DRIVER_CANCEL_TIMEOUT},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_REPLY_MESSAGE_MISMATCH},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_MAPPED_ALIGNMENT},
+	{ERRDOS,	193,	NT_STATUS_IMAGE_CHECKSUM_MISMATCH},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_LOST_WRITEBEHIND_DATA},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_CLIENT_SERVER_PARAMETERS_INVALID},
+	{ERRSRV,	2242,	NT_STATUS_PASSWORD_MUST_CHANGE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_NOT_FOUND},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_NOT_TINY_STREAM},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_RECOVERY_FAILURE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_STACK_OVERFLOW_READ},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_FAIL_CHECK},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_DUPLICATE_OBJECTID},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_OBJECTID_EXISTS},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_CONVERT_TO_LARGE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_RETRY},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_FOUND_OUT_OF_SCOPE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_ALLOCATE_BUCKET},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_PROPSET_NOT_FOUND},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_MARSHALL_OVERFLOW},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_INVALID_VARIANT},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND},
+	{ERRDOS,	ERRnoaccess,	NT_STATUS_ACCOUNT_LOCKED_OUT},
+	{ERRDOS,	ERRbadfid,	NT_STATUS_HANDLE_NOT_CLOSABLE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_CONNECTION_REFUSED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_GRACEFUL_DISCONNECT},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_ADDRESS_ALREADY_ASSOCIATED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_ADDRESS_NOT_ASSOCIATED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_CONNECTION_INVALID},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_CONNECTION_ACTIVE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_NETWORK_UNREACHABLE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_HOST_UNREACHABLE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_PROTOCOL_UNREACHABLE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_PORT_UNREACHABLE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_REQUEST_ABORTED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_CONNECTION_ABORTED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_BAD_COMPRESSION_BUFFER},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_USER_MAPPED_FILE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_AUDIT_FAILED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_TIMER_RESOLUTION_NOT_SET},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_CONNECTION_COUNT_LIMIT},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_LOGIN_TIME_RESTRICTION},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_LOGIN_WKSTA_RESTRICTION},
+	{ERRDOS,	193,	NT_STATUS_IMAGE_MP_UP_MISMATCH},
+	{ERRHRD,	ERRgeneral,	NT_STATUS(0xc000024a)},
+	{ERRHRD,	ERRgeneral,	NT_STATUS(0xc000024b)},
+	{ERRHRD,	ERRgeneral,	NT_STATUS(0xc000024c)},
+	{ERRHRD,	ERRgeneral,	NT_STATUS(0xc000024d)},
+	{ERRHRD,	ERRgeneral,	NT_STATUS(0xc000024e)},
+	{ERRHRD,	ERRgeneral,	NT_STATUS(0xc000024f)},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_INSUFFICIENT_LOGON_INFO},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_BAD_DLL_ENTRYPOINT},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_BAD_SERVICE_ENTRYPOINT},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_LPC_REPLY_LOST},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_IP_ADDRESS_CONFLICT1},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_IP_ADDRESS_CONFLICT2},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_REGISTRY_QUOTA_LIMIT},
+	{ERRSRV,	ERRbadtype,	NT_STATUS_PATH_NOT_COVERED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_NO_CALLBACK_ACTIVE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_LICENSE_QUOTA_EXCEEDED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_PWD_TOO_SHORT},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_PWD_TOO_RECENT},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_PWD_HISTORY_CONFLICT},
+	{ERRHRD,	ERRgeneral,	NT_STATUS(0xc000025d)},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_PLUGPLAY_NO_DEVICE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_UNSUPPORTED_COMPRESSION},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_INVALID_HW_PROFILE},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_INVALID_PLUGPLAY_DEVICE_PATH},
+	{ERRDOS,	182,	NT_STATUS_DRIVER_ORDINAL_NOT_FOUND},
+	{ERRDOS,	127,	NT_STATUS_DRIVER_ENTRYPOINT_NOT_FOUND},
+	{ERRDOS,	288,	NT_STATUS_RESOURCE_NOT_OWNED},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_TOO_MANY_LINKS},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_QUOTA_LIST_INCONSISTENT},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_FILE_IS_OFFLINE},
+	{ERRDOS,	21,	NT_STATUS(0xc000026e)},
+	{ERRDOS,	161,	NT_STATUS(0xc0000281)},
+	{ERRDOS,	ERRnoaccess,	NT_STATUS(0xc000028a)},
+	{ERRDOS,	ERRnoaccess,	NT_STATUS(0xc000028b)},
+	{ERRHRD,	ERRgeneral,	NT_STATUS(0xc000028c)},
+	{ERRDOS,	ERRnoaccess,	NT_STATUS(0xc000028d)},
+	{ERRDOS,	ERRnoaccess,	NT_STATUS(0xc000028e)},
+	{ERRDOS,	ERRnoaccess,	NT_STATUS(0xc000028f)},
+	{ERRDOS,	ERRnoaccess,	NT_STATUS(0xc0000290)},
+	{ERRDOS,	ERRbadfunc,	NT_STATUS(0xc000029c)},
+};
+
+
+/* dos -> nt status error map */
+const static struct {
+	uint8 dos_class;
+	uint32 dos_code;
+	NTSTATUS ntstatus;
+} dos_to_ntstatus_map[] = {
+	{ERRDOS,	ERRbadfunc,	NT_STATUS_NOT_IMPLEMENTED},
+	{ERRDOS,	ERRbadfile,	NT_STATUS_NO_SUCH_FILE},
+	{ERRDOS,	ERRbadpath,	NT_STATUS_OBJECT_PATH_NOT_FOUND},
+	{ERRDOS,	ERRnofids,	NT_STATUS_TOO_MANY_OPENED_FILES},
+	{ERRDOS,	ERRnoaccess,	NT_STATUS_ACCESS_DENIED},
+	{ERRDOS,	ERRbadfid,	NT_STATUS_INVALID_HANDLE},
+	{ERRDOS,	ERRnomem,	NT_STATUS_INSUFFICIENT_RESOURCES},
+	{ERRDOS,	ERRbadaccess,	NT_STATUS_INVALID_LOCK_SEQUENCE},
+	{ERRDOS,	ERRbaddata,	NT_STATUS_DATA_ERROR},
+	{ERRDOS,	14,	NT_STATUS_SECTION_NOT_EXTENDED},
+	{ERRDOS,	ERRremcd,	NT_STATUS_DIRECTORY_NOT_EMPTY},
+	{ERRDOS,	ERRdiffdevice,	NT_STATUS_NOT_SAME_DEVICE},
+	{ERRDOS,	ERRnofiles,	NT_STATUS(0x80000006)},
+	{ERRDOS,	19,	NT_STATUS_MEDIA_WRITE_PROTECTED},
+	{ERRDOS,	21,	NT_STATUS_NO_MEDIA_IN_DEVICE},
+	{ERRDOS,	22,	NT_STATUS_INVALID_DEVICE_STATE},
+	{ERRDOS,	23,	NT_STATUS_DATA_ERROR},
+	{ERRDOS,	24,	NT_STATUS_DATA_ERROR},
+	{ERRDOS,	26,	NT_STATUS_DISK_CORRUPT_ERROR},
+	{ERRDOS,	27,	NT_STATUS_NONEXISTENT_SECTOR},
+	{ERRDOS,	28,	NT_STATUS(0x8000000e)},
+	{ERRDOS,	31,	NT_STATUS_UNSUCCESSFUL},
+	{ERRDOS,	ERRbadshare,	NT_STATUS_SHARING_VIOLATION},
+	{ERRDOS,	ERRlock,	NT_STATUS_FILE_LOCK_CONFLICT},
+	{ERRDOS,	34,	NT_STATUS_WRONG_VOLUME},
+	{ERRDOS,	38,	NT_STATUS_END_OF_FILE},
+	{ERRDOS,	ERRunsup,	NT_STATUS_CTL_FILE_NOT_SUPPORTED},
+	{ERRDOS,	51,	NT_STATUS_REMOTE_NOT_LISTENING},
+	{ERRDOS,	52,	NT_STATUS_DUPLICATE_NAME},
+	{ERRDOS,	53,	NT_STATUS_BAD_NETWORK_PATH},
+	{ERRDOS,	54,	NT_STATUS_NETWORK_BUSY},
+	{ERRDOS,	55,	NT_STATUS_DEVICE_DOES_NOT_EXIST},
+	{ERRDOS,	56,	NT_STATUS_TOO_MANY_COMMANDS},
+	{ERRDOS,	57,	NT_STATUS_ADAPTER_HARDWARE_ERROR},
+	{ERRDOS,	58,	NT_STATUS_INVALID_NETWORK_RESPONSE},
+	{ERRDOS,	59,	NT_STATUS_UNEXPECTED_NETWORK_ERROR},
+	{ERRDOS,	60,	NT_STATUS_BAD_REMOTE_ADAPTER},
+	{ERRDOS,	61,	NT_STATUS_PRINT_QUEUE_FULL},
+	{ERRDOS,	62,	NT_STATUS_NO_SPOOL_SPACE},
+	{ERRDOS,	63,	NT_STATUS_PRINT_CANCELLED},
+	{ERRDOS,	64,	NT_STATUS_NETWORK_NAME_DELETED},
+	{ERRDOS,	65,	NT_STATUS_NETWORK_ACCESS_DENIED},
+	{ERRDOS,	66,	NT_STATUS_BAD_DEVICE_TYPE},
+	{ERRDOS,	ERRnosuchshare,	NT_STATUS_BAD_NETWORK_NAME},
+	{ERRDOS,	68,	NT_STATUS_TOO_MANY_GUIDS_REQUESTED},
+	{ERRDOS,	69,	NT_STATUS_TOO_MANY_SESSIONS},
+	{ERRDOS,	70,	NT_STATUS_SHARING_PAUSED},
+	{ERRDOS,	71,	NT_STATUS_REQUEST_NOT_ACCEPTED},
+	{ERRDOS,	72,	NT_STATUS_REDIRECTOR_PAUSED},
+	{ERRDOS,	ERRfilexists,	NT_STATUS_OBJECT_NAME_COLLISION},
+	{ERRDOS,	86,	NT_STATUS_WRONG_PASSWORD},
+	{ERRDOS,	87,	NT_STATUS_INVALID_INFO_CLASS},
+	{ERRDOS,	88,	NT_STATUS_NET_WRITE_FAULT},
+	{ERRDOS,	109,	NT_STATUS_PIPE_BROKEN},
+	{ERRDOS,	111,	STATUS_MORE_ENTRIES},
+	{ERRDOS,	112,	NT_STATUS_DISK_FULL},
+	{ERRDOS,	121,	NT_STATUS_IO_TIMEOUT},
+	{ERRDOS,	122,	NT_STATUS_BUFFER_TOO_SMALL},
+	{ERRDOS,	ERRinvalidname,	NT_STATUS_OBJECT_NAME_INVALID},
+	{ERRDOS,	124,	NT_STATUS_INVALID_LEVEL},
+	{ERRDOS,	126,	NT_STATUS_DLL_NOT_FOUND},
+	{ERRDOS,	127,	NT_STATUS_PROCEDURE_NOT_FOUND},
+	{ERRDOS,	145,	NT_STATUS_DIRECTORY_NOT_EMPTY},
+	{ERRDOS,	154,	NT_STATUS_INVALID_VOLUME_LABEL},
+	{ERRDOS,	156,	NT_STATUS_SUSPEND_COUNT_EXCEEDED},
+	{ERRDOS,	158,	NT_STATUS_NOT_LOCKED},
+	{ERRDOS,	161,	NT_STATUS_OBJECT_PATH_INVALID},
+	{ERRDOS,	170,	NT_STATUS(0x80000011)},
+	{ERRDOS,	182,	NT_STATUS_ORDINAL_NOT_FOUND},
+	{ERRDOS,	183,	NT_STATUS_OBJECT_NAME_COLLISION},
+	{ERRDOS,	193,	NT_STATUS_BAD_INITIAL_PC},
+	{ERRDOS,	203,	NT_STATUS(0xc0000100)},
+	{ERRDOS,	206,	NT_STATUS_NAME_TOO_LONG},
+	{ERRDOS,	ERRbadpipe,	NT_STATUS_INVALID_INFO_CLASS},
+	{ERRDOS,	ERRpipebusy,	NT_STATUS_INSTANCE_NOT_AVAILABLE},
+	{ERRDOS,	ERRpipeclosing,	NT_STATUS_PIPE_CLOSING},
+	{ERRDOS,	ERRnotconnected,	NT_STATUS_PIPE_DISCONNECTED},
+	{ERRDOS,	ERRmoredata,	NT_STATUS_MORE_PROCESSING_REQUIRED},
+	{ERRDOS,	240,	NT_STATUS_VIRTUAL_CIRCUIT_CLOSED},
+	{ERRDOS,	254,	NT_STATUS(0x80000013)},
+	{ERRDOS,	255,	NT_STATUS_EA_TOO_LARGE},
+	{ERRDOS,	259,	NT_STATUS_GUIDS_EXHAUSTED},
+	{ERRDOS,	267,	NT_STATUS_NOT_A_DIRECTORY},
+	{ERRDOS,	275,	NT_STATUS_EA_TOO_LARGE},
+	{ERRDOS,	276,	NT_STATUS_NONEXISTENT_EA_ENTRY},
+	{ERRDOS,	277,	NT_STATUS_NONEXISTENT_EA_ENTRY},
+	{ERRDOS,	278,	NT_STATUS_NONEXISTENT_EA_ENTRY},
+	{ERRDOS,	282,	NT_STATUS_EAS_NOT_SUPPORTED},
+	{ERRDOS,	288,	NT_STATUS_MUTANT_NOT_OWNED},
+	{ERRDOS,	298,	NT_STATUS_SEMAPHORE_LIMIT_EXCEEDED},
+	{ERRDOS,	299,	NT_STATUS(0x8000000d)},
+	{ERRDOS,	300,	NT_STATUS_OPLOCK_NOT_GRANTED},
+	{ERRDOS,	301,	NT_STATUS_INVALID_OPLOCK_PROTOCOL},
+	{ERRDOS,	487,	NT_STATUS_CONFLICTING_ADDRESSES},
+	{ERRDOS,	534,	NT_STATUS_INTEGER_OVERFLOW},
+	{ERRDOS,	535,	NT_STATUS_PIPE_CONNECTED},
+	{ERRDOS,	536,	NT_STATUS_PIPE_LISTENING},
+	{ERRDOS,	995,	NT_STATUS_CANCELLED},
+	{ERRDOS,	997,	NT_STATUS(0x00000103)},
+	{ERRDOS,	998,	NT_STATUS_ACCESS_VIOLATION},
+	{ERRDOS,	999,	NT_STATUS_IN_PAGE_ERROR},
+	{ERRDOS,	1001,	NT_STATUS_BAD_INITIAL_STACK},
+	{ERRDOS,	1005,	NT_STATUS_UNRECOGNIZED_VOLUME},
+	{ERRDOS,	1006,	NT_STATUS_FILE_INVALID},
+	{ERRDOS,	1007,	NT_STATUS_FULLSCREEN_MODE},
+	{ERRDOS,	1008,	NT_STATUS_NO_TOKEN},
+	{ERRDOS,	1009,	NT_STATUS_REGISTRY_CORRUPT},
+	{ERRDOS,	1016,	NT_STATUS_REGISTRY_IO_FAILED},
+	{ERRDOS,	1017,	NT_STATUS_NOT_REGISTRY_FILE},
+	{ERRDOS,	1018,	NT_STATUS_KEY_DELETED},
+	{ERRDOS,	1019,	NT_STATUS_NO_LOG_SPACE},
+	{ERRDOS,	1020,	NT_STATUS_KEY_HAS_CHILDREN},
+	{ERRDOS,	1021,	NT_STATUS_CHILD_MUST_BE_VOLATILE},
+	{ERRDOS,	1022,	NT_STATUS(0x0000010c)},
+	{ERRSRV,	ERRbadpw,	NT_STATUS_WRONG_PASSWORD},
+	{ERRSRV,	ERRbadtype,	NT_STATUS_BAD_DEVICE_TYPE},
+	{ERRSRV,	ERRaccess,	NT_STATUS_NETWORK_ACCESS_DENIED},
+	{ERRSRV,	ERRinvnid,	NT_STATUS_NETWORK_NAME_DELETED},
+	{ERRSRV,	ERRinvnetname,	NT_STATUS_BAD_NETWORK_NAME},
+	{ERRSRV,	ERRinvdevice,	NT_STATUS_BAD_DEVICE_TYPE},
+	{ERRSRV,	ERRqfull,	NT_STATUS_PRINT_QUEUE_FULL},
+	{ERRSRV,	ERRqtoobig,	NT_STATUS_NO_SPOOL_SPACE},
+	{ERRSRV,	ERRinvpfid,	NT_STATUS_PRINT_CANCELLED},
+	{ERRSRV,	ERRsmbcmd,	NT_STATUS_NOT_IMPLEMENTED},
+	{ERRSRV,	ERRbadpermits,	NT_STATUS_NETWORK_ACCESS_DENIED},
+	{ERRSRV,	ERRpaused,	NT_STATUS_SHARING_PAUSED},
+	{ERRSRV,	ERRmsgoff,	NT_STATUS_REQUEST_NOT_ACCEPTED},
+	{ERRSRV,	ERRnoroom,	NT_STATUS_DISK_FULL},
+	{ERRSRV,	ERRnoresource,	NT_STATUS_REQUEST_NOT_ACCEPTED},
+	{ERRSRV,	ERRtoomanyuids,	NT_STATUS_TOO_MANY_SESSIONS},
+	{ERRSRV,	123,	NT_STATUS_OBJECT_NAME_INVALID},
+	{ERRSRV,	206,	NT_STATUS_OBJECT_NAME_INVALID},
+	{ERRHRD,	1,	NT_STATUS_NOT_IMPLEMENTED},
+	{ERRHRD,	2,	NT_STATUS_NO_SUCH_DEVICE},
+	{ERRHRD,	3,	NT_STATUS_OBJECT_PATH_NOT_FOUND},
+	{ERRHRD,	4,	NT_STATUS_TOO_MANY_OPENED_FILES},
+	{ERRHRD,	5,	NT_STATUS_INVALID_LOCK_SEQUENCE},
+	{ERRHRD,	6,	NT_STATUS_INVALID_HANDLE},
+	{ERRHRD,	8,	NT_STATUS_INSUFFICIENT_RESOURCES},
+	{ERRHRD,	12,	NT_STATUS_INVALID_LOCK_SEQUENCE},
+	{ERRHRD,	13,	NT_STATUS_DATA_ERROR},
+	{ERRHRD,	14,	NT_STATUS_SECTION_NOT_EXTENDED},
+	{ERRHRD,	16,	NT_STATUS_DIRECTORY_NOT_EMPTY},
+	{ERRHRD,	17,	NT_STATUS_NOT_SAME_DEVICE},
+	{ERRHRD,	18,	NT_STATUS(0x80000006)},
+	{ERRHRD,	ERRnowrite,	NT_STATUS_MEDIA_WRITE_PROTECTED},
+	{ERRHRD,	ERRnotready,	NT_STATUS_NO_MEDIA_IN_DEVICE},
+	{ERRHRD,	ERRbadcmd,	NT_STATUS_INVALID_DEVICE_STATE},
+	{ERRHRD,	ERRdata,	NT_STATUS_DATA_ERROR},
+	{ERRHRD,	ERRbadreq,	NT_STATUS_DATA_ERROR},
+	{ERRHRD,	ERRbadmedia,	NT_STATUS_DISK_CORRUPT_ERROR},
+	{ERRHRD,	ERRbadsector,	NT_STATUS_NONEXISTENT_SECTOR},
+	{ERRHRD,	ERRnopaper,	NT_STATUS(0x8000000e)},
+	{ERRHRD,	ERRgeneral,	NT_STATUS_UNSUCCESSFUL},
+	{ERRHRD,	ERRbadshare,	NT_STATUS_SHARING_VIOLATION},
+	{ERRHRD,	ERRlock,	NT_STATUS_FILE_LOCK_CONFLICT},
+	{ERRHRD,	ERRwrongdisk,	NT_STATUS_WRONG_VOLUME},
+	{ERRHRD,	38,	NT_STATUS_END_OF_FILE},
+	{ERRHRD,	ERRdiskfull,	NT_STATUS_DISK_FULL},
+	{ERRHRD,	50,	NT_STATUS_CTL_FILE_NOT_SUPPORTED},
+	{ERRHRD,	51,	NT_STATUS_REMOTE_NOT_LISTENING},
+	{ERRHRD,	52,	NT_STATUS_DUPLICATE_NAME},
+	{ERRHRD,	53,	NT_STATUS_BAD_NETWORK_PATH},
+	{ERRHRD,	54,	NT_STATUS_NETWORK_BUSY},
+	{ERRHRD,	55,	NT_STATUS_DEVICE_DOES_NOT_EXIST},
+	{ERRHRD,	56,	NT_STATUS_TOO_MANY_COMMANDS},
+	{ERRHRD,	57,	NT_STATUS_ADAPTER_HARDWARE_ERROR},
+	{ERRHRD,	58,	NT_STATUS_INVALID_NETWORK_RESPONSE},
+	{ERRHRD,	59,	NT_STATUS_UNEXPECTED_NETWORK_ERROR},
+	{ERRHRD,	60,	NT_STATUS_BAD_REMOTE_ADAPTER},
+	{ERRHRD,	61,	NT_STATUS_PRINT_QUEUE_FULL},
+	{ERRHRD,	62,	NT_STATUS_NO_SPOOL_SPACE},
+	{ERRHRD,	63,	NT_STATUS_PRINT_CANCELLED},
+	{ERRHRD,	64,	NT_STATUS_NETWORK_NAME_DELETED},
+	{ERRHRD,	65,	NT_STATUS_NETWORK_ACCESS_DENIED},
+	{ERRHRD,	66,	NT_STATUS_BAD_DEVICE_TYPE},
+	{ERRHRD,	67,	NT_STATUS_BAD_NETWORK_NAME},
+	{ERRHRD,	68,	NT_STATUS_TOO_MANY_GUIDS_REQUESTED},
+	{ERRHRD,	69,	NT_STATUS_TOO_MANY_SESSIONS},
+	{ERRHRD,	70,	NT_STATUS_SHARING_PAUSED},
+	{ERRHRD,	71,	NT_STATUS_REQUEST_NOT_ACCEPTED},
+	{ERRHRD,	72,	NT_STATUS_REDIRECTOR_PAUSED},
+	{ERRHRD,	80,	NT_STATUS_OBJECT_NAME_COLLISION},
+	{ERRHRD,	86,	NT_STATUS_WRONG_PASSWORD},
+	{ERRHRD,	87,	NT_STATUS_INVALID_INFO_CLASS},
+	{ERRHRD,	88,	NT_STATUS_NET_WRITE_FAULT},
+	{ERRHRD,	109,	NT_STATUS_PIPE_BROKEN},
+	{ERRHRD,	111,	STATUS_MORE_ENTRIES},
+	{ERRHRD,	112,	NT_STATUS_DISK_FULL},
+	{ERRHRD,	121,	NT_STATUS_IO_TIMEOUT},
+	{ERRHRD,	122,	NT_STATUS_BUFFER_TOO_SMALL},
+	{ERRHRD,	123,	NT_STATUS_OBJECT_NAME_INVALID},
+	{ERRHRD,	124,	NT_STATUS_INVALID_LEVEL},
+	{ERRHRD,	126,	NT_STATUS_DLL_NOT_FOUND},
+	{ERRHRD,	127,	NT_STATUS_PROCEDURE_NOT_FOUND},
+	{ERRHRD,	145,	NT_STATUS_DIRECTORY_NOT_EMPTY},
+	{ERRHRD,	154,	NT_STATUS_INVALID_VOLUME_LABEL},
+	{ERRHRD,	156,	NT_STATUS_SUSPEND_COUNT_EXCEEDED},
+	{ERRHRD,	158,	NT_STATUS_NOT_LOCKED},
+	{ERRHRD,	161,	NT_STATUS_OBJECT_PATH_INVALID},
+	{ERRHRD,	170,	NT_STATUS(0x80000011)},
+	{ERRHRD,	182,	NT_STATUS_ORDINAL_NOT_FOUND},
+	{ERRHRD,	183,	NT_STATUS_OBJECT_NAME_COLLISION},
+	{ERRHRD,	193,	NT_STATUS_BAD_INITIAL_PC},
+	{ERRHRD,	203,	NT_STATUS(0xc0000100)},
+	{ERRHRD,	206,	NT_STATUS_NAME_TOO_LONG},
+	{ERRHRD,	230,	NT_STATUS_INVALID_INFO_CLASS},
+	{ERRHRD,	231,	NT_STATUS_INSTANCE_NOT_AVAILABLE},
+	{ERRHRD,	232,	NT_STATUS_PIPE_CLOSING},
+	{ERRHRD,	233,	NT_STATUS_PIPE_DISCONNECTED},
+	{ERRHRD,	234,	STATUS_MORE_ENTRIES},
+	{ERRHRD,	240,	NT_STATUS_VIRTUAL_CIRCUIT_CLOSED},
+	{ERRHRD,	254,	NT_STATUS(0x80000013)},
+	{ERRHRD,	255,	NT_STATUS_EA_TOO_LARGE},
+	{ERRHRD,	259,	NT_STATUS_GUIDS_EXHAUSTED},
+	{ERRHRD,	267,	NT_STATUS_NOT_A_DIRECTORY},
+	{ERRHRD,	275,	NT_STATUS_EA_TOO_LARGE},
+	{ERRHRD,	276,	NT_STATUS_NONEXISTENT_EA_ENTRY},
+	{ERRHRD,	277,	NT_STATUS_NONEXISTENT_EA_ENTRY},
+	{ERRHRD,	278,	NT_STATUS_NONEXISTENT_EA_ENTRY},
+	{ERRHRD,	282,	NT_STATUS_EAS_NOT_SUPPORTED},
+	{ERRHRD,	288,	NT_STATUS_MUTANT_NOT_OWNED},
+	{ERRHRD,	298,	NT_STATUS_SEMAPHORE_LIMIT_EXCEEDED},
+	{ERRHRD,	299,	NT_STATUS(0x8000000d)},
+	{ERRHRD,	300,	NT_STATUS_OPLOCK_NOT_GRANTED},
+	{ERRHRD,	301,	NT_STATUS_INVALID_OPLOCK_PROTOCOL},
+	{ERRHRD,	487,	NT_STATUS_CONFLICTING_ADDRESSES},
+	{ERRHRD,	534,	NT_STATUS_INTEGER_OVERFLOW},
+	{ERRHRD,	535,	NT_STATUS_PIPE_CONNECTED},
+	{ERRHRD,	536,	NT_STATUS_PIPE_LISTENING},
+	{ERRHRD,	995,	NT_STATUS_CANCELLED},
+	{ERRHRD,	997,	NT_STATUS(0x00000103)},
+	{ERRHRD,	998,	NT_STATUS_ACCESS_VIOLATION},
+	{ERRHRD,	999,	NT_STATUS_IN_PAGE_ERROR},
+	{ERRHRD,	1001,	NT_STATUS_BAD_INITIAL_STACK},
+	{ERRHRD,	1005,	NT_STATUS_UNRECOGNIZED_VOLUME},
+	{ERRHRD,	1006,	NT_STATUS_FILE_INVALID},
+	{ERRHRD,	1007,	NT_STATUS_FULLSCREEN_MODE},
+	{ERRHRD,	1008,	NT_STATUS_NO_TOKEN},
+	{ERRHRD,	1009,	NT_STATUS_REGISTRY_CORRUPT},
+	{ERRHRD,	1016,	NT_STATUS_REGISTRY_IO_FAILED},
+	{ERRHRD,	1017,	NT_STATUS_NOT_REGISTRY_FILE},
+	{ERRHRD,	1018,	NT_STATUS_KEY_DELETED},
+	{ERRHRD,	1019,	NT_STATUS_NO_LOG_SPACE},
+	{ERRHRD,	1020,	NT_STATUS_KEY_HAS_CHILDREN},
+	{ERRHRD,	1021,	NT_STATUS_CHILD_MUST_BE_VOLATILE},
+	{ERRHRD,	1022,	NT_STATUS(0x0000010c)},
+};
+
+/* errmap NTSTATUS->Win32 */
+const static struct {
+	NTSTATUS ntstatus;
+	WERROR werror;
+} ntstatus_to_werror_map[] = {
+	{NT_STATUS(0x103), W_ERROR(0x3e5)},
+	{NT_STATUS(0x105), W_ERROR(0xea)},
+	{NT_STATUS(0x106), W_ERROR(0x514)},
+	{NT_STATUS(0x107), W_ERROR(0x515)},
+	{NT_STATUS(0x10c), W_ERROR(0x3fe)},
+	{NT_STATUS(0x10d), W_ERROR(0x516)},
+	{NT_STATUS(0x121), W_ERROR(0x2009)},
+	{NT_STATUS(0xc0000001), W_ERROR(0x1f)},
+	{NT_STATUS(0xc0000002), W_ERROR(0x1)},
+	{NT_STATUS(0xc0000003), W_ERROR(0x57)},
+	{NT_STATUS(0xc0000004), W_ERROR(0x18)},
+	{NT_STATUS(0xc0000005), W_ERROR(0x3e6)},
+	{NT_STATUS(0xc0000006), W_ERROR(0x3e7)},
+	{NT_STATUS(0xc0000007), W_ERROR(0x5ae)},
+	{NT_STATUS(0xc0000008), W_ERROR(0x6)},
+	{NT_STATUS(0xc0000009), W_ERROR(0x3e9)},
+	{NT_STATUS(0xc000000a), W_ERROR(0xc1)},
+	{NT_STATUS(0xc000000b), W_ERROR(0x57)},
+	{NT_STATUS(0xc000000d), W_ERROR(0x57)},
+	{NT_STATUS(0xc000000e), W_ERROR(0x2)},
+	{NT_STATUS(0xc000000f), W_ERROR(0x2)},
+	{NT_STATUS(0xc0000010), W_ERROR(0x1)},
+	{NT_STATUS(0xc0000011), W_ERROR(0x26)},
+	{NT_STATUS(0xc0000012), W_ERROR(0x22)},
+	{NT_STATUS(0xc0000013), W_ERROR(0x15)},
+	{NT_STATUS(0xc0000014), W_ERROR(0x6f9)},
+	{NT_STATUS(0xc0000015), W_ERROR(0x1b)},
+	{NT_STATUS(0xc0000016), W_ERROR(0xea)},
+	{NT_STATUS(0xc0000017), W_ERROR(0x8)},
+	{NT_STATUS(0xc0000018), W_ERROR(0x1e7)},
+	{NT_STATUS(0xc0000019), W_ERROR(0x1e7)},
+	{NT_STATUS(0xc000001a), W_ERROR(0x57)},
+	{NT_STATUS(0xc000001b), W_ERROR(0x57)},
+	{NT_STATUS(0xc000001c), W_ERROR(0x1)},
+	{NT_STATUS(0xc000001d), W_ERROR(0xc000001d)},
+	{NT_STATUS(0xc000001e), W_ERROR(0x5)},
+	{NT_STATUS(0xc000001f), W_ERROR(0x5)},
+	{NT_STATUS(0xc0000020), W_ERROR(0xc1)},
+	{NT_STATUS(0xc0000021), W_ERROR(0x5)},
+	{NT_STATUS(0xc0000022), W_ERROR(0x5)},
+	{NT_STATUS(0xc0000023), W_ERROR(0x7a)},
+	{NT_STATUS(0xc0000024), W_ERROR(0x6)},
+	{NT_STATUS(0xc0000025), W_ERROR(0xc0000025)},
+	{NT_STATUS(0xc0000026), W_ERROR(0xc0000026)},
+	{NT_STATUS(0xc000002a), W_ERROR(0x9e)},
+	{NT_STATUS(0xc000002b), W_ERROR(0xc000002b)},
+	{NT_STATUS(0xc000002c), W_ERROR(0x1e7)},
+	{NT_STATUS(0xc000002d), W_ERROR(0x1e7)},
+	{NT_STATUS(0xc0000030), W_ERROR(0x57)},
+	{NT_STATUS(0xc0000032), W_ERROR(0x571)},
+	{NT_STATUS(0xc0000033), W_ERROR(0x7b)},
+	{NT_STATUS(0xc0000034), W_ERROR(0x2)},
+	{NT_STATUS(0xc0000035), W_ERROR(0xb7)},
+	{NT_STATUS(0xc0000037), W_ERROR(0x6)},
+	{NT_STATUS(0xc0000039), W_ERROR(0xa1)},
+	{NT_STATUS(0xc000003a), W_ERROR(0x3)},
+	{NT_STATUS(0xc000003b), W_ERROR(0xa1)},
+	{NT_STATUS(0xc000003c), W_ERROR(0x45d)},
+	{NT_STATUS(0xc000003d), W_ERROR(0x45d)},
+	{NT_STATUS(0xc000003e), W_ERROR(0x17)},
+	{NT_STATUS(0xc000003f), W_ERROR(0x17)},
+	{NT_STATUS(0xc0000040), W_ERROR(0x8)},
+	{NT_STATUS(0xc0000041), W_ERROR(0x5)},
+	{NT_STATUS(0xc0000042), W_ERROR(0x6)},
+	{NT_STATUS(0xc0000043), W_ERROR(0x20)},
+	{NT_STATUS(0xc0000044), W_ERROR(0x718)},
+	{NT_STATUS(0xc0000045), W_ERROR(0x57)},
+	{NT_STATUS(0xc0000046), W_ERROR(0x120)},
+	{NT_STATUS(0xc0000047), W_ERROR(0x12a)},
+	{NT_STATUS(0xc0000048), W_ERROR(0x57)},
+	{NT_STATUS(0xc0000049), W_ERROR(0x57)},
+	{NT_STATUS(0xc000004a), W_ERROR(0x9c)},
+	{NT_STATUS(0xc000004b), W_ERROR(0x5)},
+	{NT_STATUS(0xc000004c), W_ERROR(0x57)},
+	{NT_STATUS(0xc000004d), W_ERROR(0x57)},
+	{NT_STATUS(0xc000004e), W_ERROR(0x57)},
+	{NT_STATUS(0xc000004f), W_ERROR(0x11a)},
+	{NT_STATUS(0xc0000050), W_ERROR(0xff)},
+	{NT_STATUS(0xc0000051), W_ERROR(0x570)},
+	{NT_STATUS(0xc0000052), W_ERROR(0x570)},
+	{NT_STATUS(0xc0000053), W_ERROR(0x570)},
+	{NT_STATUS(0xc0000054), W_ERROR(0x21)},
+	{NT_STATUS(0xc0000055), W_ERROR(0x21)},
+	{NT_STATUS(0xc0000056), W_ERROR(0x5)},
+	{NT_STATUS(0xc0000057), W_ERROR(0x32)},
+	{NT_STATUS(0xc0000058), W_ERROR(0x519)},
+	{NT_STATUS(0xc0000059), W_ERROR(0x51a)},
+	{NT_STATUS(0xc000005a), W_ERROR(0x51b)},
+	{NT_STATUS(0xc000005b), W_ERROR(0x51c)},
+	{NT_STATUS(0xc000005c), W_ERROR(0x51d)},
+	{NT_STATUS(0xc000005d), W_ERROR(0x51e)},
+	{NT_STATUS(0xc000005e), W_ERROR(0x51f)},
+	{NT_STATUS(0xc000005f), W_ERROR(0x520)},
+	{NT_STATUS(0xc0000060), W_ERROR(0x521)},
+	{NT_STATUS(0xc0000061), W_ERROR(0x522)},
+	{NT_STATUS(0xc0000062), W_ERROR(0x523)},
+	{NT_STATUS(0xc0000063), W_ERROR(0x524)},
+	{NT_STATUS(0xc0000064), W_ERROR(0x525)},
+	{NT_STATUS(0xc0000065), W_ERROR(0x526)},
+	{NT_STATUS(0xc0000066), W_ERROR(0x527)},
+	{NT_STATUS(0xc0000067), W_ERROR(0x528)},
+	{NT_STATUS(0xc0000068), W_ERROR(0x529)},
+	{NT_STATUS(0xc0000069), W_ERROR(0x52a)},
+	{NT_STATUS(0xc000006a), W_ERROR(0x56)},
+	{NT_STATUS(0xc000006b), W_ERROR(0x52c)},
+	{NT_STATUS(0xc000006c), W_ERROR(0x52d)},
+	{NT_STATUS(0xc000006d), W_ERROR(0x52e)},
+	{NT_STATUS(0xc000006e), W_ERROR(0x52f)},
+	{NT_STATUS(0xc000006f), W_ERROR(0x530)},
+	{NT_STATUS(0xc0000070), W_ERROR(0x531)},
+	{NT_STATUS(0xc0000071), W_ERROR(0x532)},
+	{NT_STATUS(0xc0000072), W_ERROR(0x533)},
+	{NT_STATUS(0xc0000073), W_ERROR(0x534)},
+	{NT_STATUS(0xc0000074), W_ERROR(0x535)},
+	{NT_STATUS(0xc0000075), W_ERROR(0x536)},
+	{NT_STATUS(0xc0000076), W_ERROR(0x537)},
+	{NT_STATUS(0xc0000077), W_ERROR(0x538)},
+	{NT_STATUS(0xc0000078), W_ERROR(0x539)},
+	{NT_STATUS(0xc0000079), W_ERROR(0x53a)},
+	{NT_STATUS(0xc000007a), W_ERROR(0x7f)},
+	{NT_STATUS(0xc000007b), W_ERROR(0xc1)},
+	{NT_STATUS(0xc000007c), W_ERROR(0x3f0)},
+	{NT_STATUS(0xc000007d), W_ERROR(0x53c)},
+	{NT_STATUS(0xc000007e), W_ERROR(0x9e)},
+	{NT_STATUS(0xc000007f), W_ERROR(0x70)},
+	{NT_STATUS(0xc0000080), W_ERROR(0x53d)},
+	{NT_STATUS(0xc0000081), W_ERROR(0x53e)},
+	{NT_STATUS(0xc0000082), W_ERROR(0x44)},
+	{NT_STATUS(0xc0000083), W_ERROR(0x103)},
+	{NT_STATUS(0xc0000084), W_ERROR(0x53f)},
+	{NT_STATUS(0xc0000085), W_ERROR(0x103)},
+	{NT_STATUS(0xc0000086), W_ERROR(0x9a)},
+	{NT_STATUS(0xc0000087), W_ERROR(0xe)},
+	{NT_STATUS(0xc0000088), W_ERROR(0x1e7)},
+	{NT_STATUS(0xc0000089), W_ERROR(0x714)},
+	{NT_STATUS(0xc000008a), W_ERROR(0x715)},
+	{NT_STATUS(0xc000008b), W_ERROR(0x716)},
+	{NT_STATUS(0xc000008c), W_ERROR(0xc000008c)},
+	{NT_STATUS(0xc000008d), W_ERROR(0xc000008d)},
+	{NT_STATUS(0xc000008e), W_ERROR(0xc000008e)},
+	{NT_STATUS(0xc000008f), W_ERROR(0xc000008f)},
+	{NT_STATUS(0xc0000090), W_ERROR(0xc0000090)},
+	{NT_STATUS(0xc0000091), W_ERROR(0xc0000091)},
+	{NT_STATUS(0xc0000092), W_ERROR(0xc0000092)},
+	{NT_STATUS(0xc0000093), W_ERROR(0xc0000093)},
+	{NT_STATUS(0xc0000094), W_ERROR(0xc0000094)},
+	{NT_STATUS(0xc0000095), W_ERROR(0x216)},
+	{NT_STATUS(0xc0000096), W_ERROR(0xc0000096)},
+	{NT_STATUS(0xc0000097), W_ERROR(0x8)},
+	{NT_STATUS(0xc0000098), W_ERROR(0x3ee)},
+	{NT_STATUS(0xc0000099), W_ERROR(0x540)},
+	{NT_STATUS(0xc000009a), W_ERROR(0x5aa)},
+	{NT_STATUS(0xc000009b), W_ERROR(0x3)},
+	{NT_STATUS(0xc000009c), W_ERROR(0x17)},
+	{NT_STATUS(0xc000009d), W_ERROR(0x48f)},
+	{NT_STATUS(0xc000009e), W_ERROR(0x15)},
+	{NT_STATUS(0xc000009f), W_ERROR(0x1e7)},
+	{NT_STATUS(0xc00000a0), W_ERROR(0x1e7)},
+	{NT_STATUS(0xc00000a1), W_ERROR(0x5ad)},
+	{NT_STATUS(0xc00000a2), W_ERROR(0x13)},
+	{NT_STATUS(0xc00000a3), W_ERROR(0x15)},
+	{NT_STATUS(0xc00000a4), W_ERROR(0x541)},
+	{NT_STATUS(0xc00000a5), W_ERROR(0x542)},
+	{NT_STATUS(0xc00000a6), W_ERROR(0x543)},
+	{NT_STATUS(0xc00000a7), W_ERROR(0x544)},
+	{NT_STATUS(0xc00000a8), W_ERROR(0x545)},
+	{NT_STATUS(0xc00000a9), W_ERROR(0x57)},
+	{NT_STATUS(0xc00000ab), W_ERROR(0xe7)},
+	{NT_STATUS(0xc00000ac), W_ERROR(0xe7)},
+	{NT_STATUS(0xc00000ad), W_ERROR(0xe6)},
+	{NT_STATUS(0xc00000ae), W_ERROR(0xe7)},
+	{NT_STATUS(0xc00000af), W_ERROR(0x1)},
+	{NT_STATUS(0xc00000b0), W_ERROR(0xe9)},
+	{NT_STATUS(0xc00000b1), W_ERROR(0xe8)},
+	{NT_STATUS(0xc00000b2), W_ERROR(0x217)},
+	{NT_STATUS(0xc00000b3), W_ERROR(0x218)},
+	{NT_STATUS(0xc00000b4), W_ERROR(0xe6)},
+	{NT_STATUS(0xc00000b5), W_ERROR(0x79)},
+	{NT_STATUS(0xc00000b6), W_ERROR(0x26)},
+	{NT_STATUS(0xc00000ba), W_ERROR(0x5)},
+	{NT_STATUS(0xc00000bb), W_ERROR(0x32)},
+	{NT_STATUS(0xc00000bc), W_ERROR(0x33)},
+	{NT_STATUS(0xc00000bd), W_ERROR(0x34)},
+	{NT_STATUS(0xc00000be), W_ERROR(0x35)},
+	{NT_STATUS(0xc00000bf), W_ERROR(0x36)},
+	{NT_STATUS(0xc00000c0), W_ERROR(0x37)},
+	{NT_STATUS(0xc00000c1), W_ERROR(0x38)},
+	{NT_STATUS(0xc00000c2), W_ERROR(0x39)},
+	{NT_STATUS(0xc00000c3), W_ERROR(0x3a)},
+	{NT_STATUS(0xc00000c4), W_ERROR(0x3b)},
+	{NT_STATUS(0xc00000c5), W_ERROR(0x3c)},
+	{NT_STATUS(0xc00000c6), W_ERROR(0x3d)},
+	{NT_STATUS(0xc00000c7), W_ERROR(0x3e)},
+	{NT_STATUS(0xc00000c8), W_ERROR(0x3f)},
+	{NT_STATUS(0xc00000c9), W_ERROR(0x40)},
+	{NT_STATUS(0xc00000ca), W_ERROR(0x41)},
+	{NT_STATUS(0xc00000cb), W_ERROR(0x42)},
+	{NT_STATUS(0xc00000cc), W_ERROR(0x43)},
+	{NT_STATUS(0xc00000cd), W_ERROR(0x44)},
+	{NT_STATUS(0xc00000ce), W_ERROR(0x45)},
+	{NT_STATUS(0xc00000cf), W_ERROR(0x46)},
+	{NT_STATUS(0xc00000d0), W_ERROR(0x47)},
+	{NT_STATUS(0xc00000d1), W_ERROR(0x48)},
+	{NT_STATUS(0xc00000d2), W_ERROR(0x58)},
+	{NT_STATUS(0xc00000d4), W_ERROR(0x11)},
+	{NT_STATUS(0xc00000d5), W_ERROR(0x5)},
+	{NT_STATUS(0xc00000d6), W_ERROR(0xf0)},
+	{NT_STATUS(0xc00000d7), W_ERROR(0x546)},
+	{NT_STATUS(0xc00000d9), W_ERROR(0xe8)},
+	{NT_STATUS(0xc00000da), W_ERROR(0x547)},
+	{NT_STATUS(0xc00000dc), W_ERROR(0x548)},
+	{NT_STATUS(0xc00000dd), W_ERROR(0x549)},
+	{NT_STATUS(0xc00000de), W_ERROR(0x54a)},
+	{NT_STATUS(0xc00000df), W_ERROR(0x54b)},
+	{NT_STATUS(0xc00000e0), W_ERROR(0x54c)},
+	{NT_STATUS(0xc00000e1), W_ERROR(0x54d)},
+	{NT_STATUS(0xc00000e2), W_ERROR(0x12c)},
+	{NT_STATUS(0xc00000e3), W_ERROR(0x12d)},
+	{NT_STATUS(0xc00000e4), W_ERROR(0x54e)},
+	{NT_STATUS(0xc00000e5), W_ERROR(0x54f)},
+	{NT_STATUS(0xc00000e6), W_ERROR(0x550)},
+	{NT_STATUS(0xc00000e7), W_ERROR(0x551)},
+	{NT_STATUS(0xc00000e8), W_ERROR(0x6f8)},
+	{NT_STATUS(0xc00000ed), W_ERROR(0x552)},
+	{NT_STATUS(0xc00000ee), W_ERROR(0x553)},
+	{NT_STATUS(0xc00000ef), W_ERROR(0x57)},
+	{NT_STATUS(0xc00000f0), W_ERROR(0x57)},
+	{NT_STATUS(0xc00000f1), W_ERROR(0x57)},
+	{NT_STATUS(0xc00000f2), W_ERROR(0x57)},
+	{NT_STATUS(0xc00000f3), W_ERROR(0x57)},
+	{NT_STATUS(0xc00000f4), W_ERROR(0x57)},
+	{NT_STATUS(0xc00000f5), W_ERROR(0x57)},
+	{NT_STATUS(0xc00000f6), W_ERROR(0x57)},
+	{NT_STATUS(0xc00000f7), W_ERROR(0x57)},
+	{NT_STATUS(0xc00000f8), W_ERROR(0x57)},
+	{NT_STATUS(0xc00000f9), W_ERROR(0x57)},
+	{NT_STATUS(0xc00000fa), W_ERROR(0x57)},
+	{NT_STATUS(0xc00000fb), W_ERROR(0x3)},
+	{NT_STATUS(0xc00000fd), W_ERROR(0x3e9)},
+	{NT_STATUS(0xc00000fe), W_ERROR(0x554)},
+	{NT_STATUS(0xc0000100), W_ERROR(0xcb)},
+	{NT_STATUS(0xc0000101), W_ERROR(0x91)},
+	{NT_STATUS(0xc0000102), W_ERROR(0x570)},
+	{NT_STATUS(0xc0000103), W_ERROR(0x10b)},
+	{NT_STATUS(0xc0000104), W_ERROR(0x555)},
+	{NT_STATUS(0xc0000105), W_ERROR(0x556)},
+	{NT_STATUS(0xc0000106), W_ERROR(0xce)},
+	{NT_STATUS(0xc0000107), W_ERROR(0x961)},
+	{NT_STATUS(0xc0000108), W_ERROR(0x964)},
+	{NT_STATUS(0xc000010a), W_ERROR(0x5)},
+	{NT_STATUS(0xc000010b), W_ERROR(0x557)},
+	{NT_STATUS(0xc000010d), W_ERROR(0x558)},
+	{NT_STATUS(0xc000010e), W_ERROR(0x420)},
+	{NT_STATUS(0xc0000117), W_ERROR(0x5a4)},
+	{NT_STATUS(0xc000011b), W_ERROR(0xc1)},
+	{NT_STATUS(0xc000011c), W_ERROR(0x559)},
+	{NT_STATUS(0xc000011d), W_ERROR(0x55a)},
+	{NT_STATUS(0xc000011e), W_ERROR(0x3ee)},
+	{NT_STATUS(0xc000011f), W_ERROR(0x4)},
+	{NT_STATUS(0xc0000120), W_ERROR(0x3e3)},
+	{NT_STATUS(0xc0000121), W_ERROR(0x5)},
+	{NT_STATUS(0xc0000122), W_ERROR(0x4ba)},
+	{NT_STATUS(0xc0000123), W_ERROR(0x5)},
+	{NT_STATUS(0xc0000124), W_ERROR(0x55b)},
+	{NT_STATUS(0xc0000125), W_ERROR(0x55c)},
+	{NT_STATUS(0xc0000126), W_ERROR(0x55d)},
+	{NT_STATUS(0xc0000127), W_ERROR(0x55e)},
+	{NT_STATUS(0xc0000128), W_ERROR(0x6)},
+	{NT_STATUS(0xc000012b), W_ERROR(0x55f)},
+	{NT_STATUS(0xc000012d), W_ERROR(0x5af)},
+	{NT_STATUS(0xc000012e), W_ERROR(0xc1)},
+	{NT_STATUS(0xc000012f), W_ERROR(0xc1)},
+	{NT_STATUS(0xc0000130), W_ERROR(0xc1)},
+	{NT_STATUS(0xc0000131), W_ERROR(0xc1)},
+	{NT_STATUS(0xc0000133), W_ERROR(0x576)},
+	{NT_STATUS(0xc0000135), W_ERROR(0x7e)},
+	{NT_STATUS(0xc0000138), W_ERROR(0xb6)},
+	{NT_STATUS(0xc0000139), W_ERROR(0x7f)},
+	{NT_STATUS(0xc000013b), W_ERROR(0x40)},
+	{NT_STATUS(0xc000013c), W_ERROR(0x40)},
+	{NT_STATUS(0xc000013d), W_ERROR(0x33)},
+	{NT_STATUS(0xc000013e), W_ERROR(0x3b)},
+	{NT_STATUS(0xc000013f), W_ERROR(0x3b)},
+	{NT_STATUS(0xc0000140), W_ERROR(0x3b)},
+	{NT_STATUS(0xc0000141), W_ERROR(0x3b)},
+	{NT_STATUS(0xc0000142), W_ERROR(0x45a)},
+	{NT_STATUS(0xc0000148), W_ERROR(0x7c)},
+	{NT_STATUS(0xc0000149), W_ERROR(0x56)},
+	{NT_STATUS(0xc000014b), W_ERROR(0x6d)},
+	{NT_STATUS(0xc000014c), W_ERROR(0x3f1)},
+	{NT_STATUS(0xc000014d), W_ERROR(0x3f8)},
+	{NT_STATUS(0xc000014f), W_ERROR(0x3ed)},
+	{NT_STATUS(0xc0000150), W_ERROR(0x45e)},
+	{NT_STATUS(0xc0000151), W_ERROR(0x560)},
+	{NT_STATUS(0xc0000152), W_ERROR(0x561)},
+	{NT_STATUS(0xc0000153), W_ERROR(0x562)},
+	{NT_STATUS(0xc0000154), W_ERROR(0x563)},
+	{NT_STATUS(0xc0000155), W_ERROR(0x564)},
+	{NT_STATUS(0xc0000156), W_ERROR(0x565)},
+	{NT_STATUS(0xc0000157), W_ERROR(0x566)},
+	{NT_STATUS(0xc0000158), W_ERROR(0x567)},
+	{NT_STATUS(0xc0000159), W_ERROR(0x3ef)},
+	{NT_STATUS(0xc000015a), W_ERROR(0x568)},
+	{NT_STATUS(0xc000015b), W_ERROR(0x569)},
+	{NT_STATUS(0xc000015c), W_ERROR(0x3f9)},
+	{NT_STATUS(0xc000015d), W_ERROR(0x56a)},
+	{NT_STATUS(0xc000015f), W_ERROR(0x45d)},
+	{NT_STATUS(0xc0000162), W_ERROR(0x459)},
+	{NT_STATUS(0xc0000165), W_ERROR(0x462)},
+	{NT_STATUS(0xc0000166), W_ERROR(0x463)},
+	{NT_STATUS(0xc0000167), W_ERROR(0x464)},
+	{NT_STATUS(0xc0000168), W_ERROR(0x465)},
+	{NT_STATUS(0xc0000169), W_ERROR(0x466)},
+	{NT_STATUS(0xc000016a), W_ERROR(0x467)},
+	{NT_STATUS(0xc000016b), W_ERROR(0x468)},
+	{NT_STATUS(0xc000016c), W_ERROR(0x45f)},
+	{NT_STATUS(0xc000016d), W_ERROR(0x45d)},
+	{NT_STATUS(0xc0000172), W_ERROR(0x451)},
+	{NT_STATUS(0xc0000173), W_ERROR(0x452)},
+	{NT_STATUS(0xc0000174), W_ERROR(0x453)},
+	{NT_STATUS(0xc0000175), W_ERROR(0x454)},
+	{NT_STATUS(0xc0000176), W_ERROR(0x455)},
+	{NT_STATUS(0xc0000177), W_ERROR(0x469)},
+	{NT_STATUS(0xc0000178), W_ERROR(0x458)},
+	{NT_STATUS(0xc000017a), W_ERROR(0x56b)},
+	{NT_STATUS(0xc000017b), W_ERROR(0x56c)},
+	{NT_STATUS(0xc000017c), W_ERROR(0x3fa)},
+	{NT_STATUS(0xc000017d), W_ERROR(0x3fb)},
+	{NT_STATUS(0xc000017e), W_ERROR(0x56d)},
+	{NT_STATUS(0xc000017f), W_ERROR(0x56e)},
+	{NT_STATUS(0xc0000180), W_ERROR(0x3fc)},
+	{NT_STATUS(0xc0000181), W_ERROR(0x3fd)},
+	{NT_STATUS(0xc0000182), W_ERROR(0x57)},
+	{NT_STATUS(0xc0000183), W_ERROR(0x45d)},
+	{NT_STATUS(0xc0000184), W_ERROR(0x16)},
+	{NT_STATUS(0xc0000185), W_ERROR(0x45d)},
+	{NT_STATUS(0xc0000186), W_ERROR(0x45d)},
+	{NT_STATUS(0xc0000188), W_ERROR(0x5de)},
+	{NT_STATUS(0xc0000189), W_ERROR(0x13)},
+	{NT_STATUS(0xc000018a), W_ERROR(0x6fa)},
+	{NT_STATUS(0xc000018b), W_ERROR(0x6fb)},
+	{NT_STATUS(0xc000018c), W_ERROR(0x6fc)},
+	{NT_STATUS(0xc000018d), W_ERROR(0x6fd)},
+	{NT_STATUS(0xc000018e), W_ERROR(0x5dc)},
+	{NT_STATUS(0xc000018f), W_ERROR(0x5dd)},
+	{NT_STATUS(0xc0000190), W_ERROR(0x6fe)},
+	{NT_STATUS(0xc0000192), W_ERROR(0x700)},
+	{NT_STATUS(0xc0000193), W_ERROR(0x701)},
+	{NT_STATUS(0xc0000194), W_ERROR(0x46b)},
+	{NT_STATUS(0xc0000195), W_ERROR(0x4c3)},
+	{NT_STATUS(0xc0000196), W_ERROR(0x4c4)},
+	{NT_STATUS(0xc0000197), W_ERROR(0x5df)},
+	{NT_STATUS(0xc0000198), W_ERROR(0x70f)},
+	{NT_STATUS(0xc0000199), W_ERROR(0x710)},
+	{NT_STATUS(0xc000019a), W_ERROR(0x711)},
+	{NT_STATUS(0xc000019b), W_ERROR(0x712)},
+	{NT_STATUS(0xc0000202), W_ERROR(0x572)},
+	{NT_STATUS(0xc0000203), W_ERROR(0x3b)},
+	{NT_STATUS(0xc0000204), W_ERROR(0x717)},
+	{NT_STATUS(0xc0000205), W_ERROR(0x46a)},
+	{NT_STATUS(0xc0000206), W_ERROR(0x6f8)},
+	{NT_STATUS(0xc0000207), W_ERROR(0x4be)},
+	{NT_STATUS(0xc0000208), W_ERROR(0x4be)},
+	{NT_STATUS(0xc0000209), W_ERROR(0x44)},
+	{NT_STATUS(0xc000020a), W_ERROR(0x34)},
+	{NT_STATUS(0xc000020b), W_ERROR(0x40)},
+	{NT_STATUS(0xc000020c), W_ERROR(0x40)},
+	{NT_STATUS(0xc000020d), W_ERROR(0x40)},
+	{NT_STATUS(0xc000020e), W_ERROR(0x44)},
+	{NT_STATUS(0xc000020f), W_ERROR(0x3b)},
+	{NT_STATUS(0xc0000210), W_ERROR(0x3b)},
+	{NT_STATUS(0xc0000211), W_ERROR(0x3b)},
+	{NT_STATUS(0xc0000212), W_ERROR(0x3b)},
+	{NT_STATUS(0xc0000213), W_ERROR(0x3b)},
+	{NT_STATUS(0xc0000214), W_ERROR(0x3b)},
+	{NT_STATUS(0xc0000215), W_ERROR(0x3b)},
+	{NT_STATUS(0xc0000216), W_ERROR(0x32)},
+	{NT_STATUS(0xc0000217), W_ERROR(0x32)},
+	{NT_STATUS(0xc000021c), W_ERROR(0x17e6)},
+	{NT_STATUS(0xc0000220), W_ERROR(0x46c)},
+	{NT_STATUS(0xc0000221), W_ERROR(0xc1)},
+	{NT_STATUS(0xc0000224), W_ERROR(0x773)},
+	{NT_STATUS(0xc0000225), W_ERROR(0x490)},
+	{NT_STATUS(0xc000022a), W_ERROR(0xc000022a)},
+	{NT_STATUS(0xc000022b), W_ERROR(0xc000022b)},
+	{NT_STATUS(0xc000022d), W_ERROR(0x4d5)},
+	{NT_STATUS(0xc0000230), W_ERROR(0x492)},
+	{NT_STATUS(0xc0000233), W_ERROR(0x774)},
+	{NT_STATUS(0xc0000234), W_ERROR(0x775)},
+	{NT_STATUS(0xc0000235), W_ERROR(0x6)},
+	{NT_STATUS(0xc0000236), W_ERROR(0x4c9)},
+	{NT_STATUS(0xc0000237), W_ERROR(0x4ca)},
+	{NT_STATUS(0xc0000238), W_ERROR(0x4cb)},
+	{NT_STATUS(0xc0000239), W_ERROR(0x4cc)},
+	{NT_STATUS(0xc000023a), W_ERROR(0x4cd)},
+	{NT_STATUS(0xc000023b), W_ERROR(0x4ce)},
+	{NT_STATUS(0xc000023c), W_ERROR(0x4cf)},
+	{NT_STATUS(0xc000023d), W_ERROR(0x4d0)},
+	{NT_STATUS(0xc000023e), W_ERROR(0x4d1)},
+	{NT_STATUS(0xc000023f), W_ERROR(0x4d2)},
+	{NT_STATUS(0xc0000240), W_ERROR(0x4d3)},
+	{NT_STATUS(0xc0000241), W_ERROR(0x4d4)},
+	{NT_STATUS(0xc0000243), W_ERROR(0x4c8)},
+	{NT_STATUS(0xc0000246), W_ERROR(0x4d6)},
+	{NT_STATUS(0xc0000247), W_ERROR(0x4d7)},
+	{NT_STATUS(0xc0000248), W_ERROR(0x4d8)},
+	{NT_STATUS(0xc0000249), W_ERROR(0xc1)},
+	{NT_STATUS(0xc0000253), W_ERROR(0x54f)},
+	{NT_STATUS(0xc0000257), W_ERROR(0x4d0)},
+	{NT_STATUS(0xc0000259), W_ERROR(0x573)},
+	{NT_STATUS(0xc000025e), W_ERROR(0x422)},
+	{NT_STATUS(0xc0000262), W_ERROR(0xb6)},
+	{NT_STATUS(0xc0000263), W_ERROR(0x7f)},
+	{NT_STATUS(0xc0000264), W_ERROR(0x120)},
+	{NT_STATUS(0xc0000265), W_ERROR(0x476)},
+	{NT_STATUS(0xc0000267), W_ERROR(0x10fe)},
+	{NT_STATUS(0xc000026c), W_ERROR(0x7d1)},
+	{NT_STATUS(0xc000026d), W_ERROR(0x4b1)},
+	{NT_STATUS(0xc000026e), W_ERROR(0x15)},
+	{NT_STATUS(0xc0000272), W_ERROR(0x491)},
+	{NT_STATUS(0xc0000275), W_ERROR(0x1126)},
+	{NT_STATUS(0xc0000276), W_ERROR(0x1129)},
+	{NT_STATUS(0xc0000277), W_ERROR(0x112a)},
+	{NT_STATUS(0xc0000278), W_ERROR(0x1128)},
+	{NT_STATUS(0xc0000279), W_ERROR(0x780)},
+	{NT_STATUS(0xc0000280), W_ERROR(0x781)},
+	{NT_STATUS(0xc0000281), W_ERROR(0xa1)},
+	{NT_STATUS(0xc0000283), W_ERROR(0x488)},
+	{NT_STATUS(0xc0000284), W_ERROR(0x489)},
+	{NT_STATUS(0xc0000285), W_ERROR(0x48a)},
+	{NT_STATUS(0xc0000286), W_ERROR(0x48b)},
+	{NT_STATUS(0xc0000287), W_ERROR(0x48c)},
+	{NT_STATUS(0xc000028a), W_ERROR(0x5)},
+	{NT_STATUS(0xc000028b), W_ERROR(0x5)},
+	{NT_STATUS(0xc000028d), W_ERROR(0x5)},
+	{NT_STATUS(0xc000028e), W_ERROR(0x5)},
+	{NT_STATUS(0xc000028f), W_ERROR(0x5)},
+	{NT_STATUS(0xc0000290), W_ERROR(0x5)},
+	{NT_STATUS(0xc0000291), W_ERROR(0x1777)},
+	{NT_STATUS(0xc0000292), W_ERROR(0x1778)},
+	{NT_STATUS(0xc0000293), W_ERROR(0x1772)},
+	{NT_STATUS(0xc0000295), W_ERROR(0x1068)},
+	{NT_STATUS(0xc0000296), W_ERROR(0x1069)},
+	{NT_STATUS(0xc0000297), W_ERROR(0x106a)},
+	{NT_STATUS(0xc0000298), W_ERROR(0x106b)},
+	{NT_STATUS(0xc0000299), W_ERROR(0x201a)},
+	{NT_STATUS(0xc000029a), W_ERROR(0x201b)},
+	{NT_STATUS(0xc000029b), W_ERROR(0x201c)},
+	{NT_STATUS(0xc000029c), W_ERROR(0x1)},
+	{NT_STATUS(0xc000029d), W_ERROR(0x10ff)},
+	{NT_STATUS(0xc000029e), W_ERROR(0x1100)},
+	{NT_STATUS(0xc000029f), W_ERROR(0x494)},
+	{NT_STATUS(0xc00002a1), W_ERROR(0x200a)},
+	{NT_STATUS(0xc00002a2), W_ERROR(0x200b)},
+	{NT_STATUS(0xc00002a3), W_ERROR(0x200c)},
+	{NT_STATUS(0xc00002a4), W_ERROR(0x200d)},
+	{NT_STATUS(0xc00002a5), W_ERROR(0x200e)},
+	{NT_STATUS(0xc00002a6), W_ERROR(0x200f)},
+	{NT_STATUS(0xc00002a7), W_ERROR(0x2010)},
+	{NT_STATUS(0xc00002a8), W_ERROR(0x2011)},
+	{NT_STATUS(0xc00002a9), W_ERROR(0x2012)},
+	{NT_STATUS(0xc00002aa), W_ERROR(0x2013)},
+	{NT_STATUS(0xc00002ab), W_ERROR(0x2014)},
+	{NT_STATUS(0xc00002ac), W_ERROR(0x2015)},
+	{NT_STATUS(0xc00002ad), W_ERROR(0x2016)},
+	{NT_STATUS(0xc00002ae), W_ERROR(0x2017)},
+	{NT_STATUS(0xc00002af), W_ERROR(0x2018)},
+	{NT_STATUS(0xc00002b0), W_ERROR(0x2019)},
+	{NT_STATUS(0xc00002b1), W_ERROR(0x211e)},
+	{NT_STATUS(0xc00002b2), W_ERROR(0x1127)},
+	{NT_STATUS(0xc00002b6), W_ERROR(0x651)},
+	{NT_STATUS(0xc00002b7), W_ERROR(0x49a)},
+	{NT_STATUS(0xc00002b8), W_ERROR(0x49b)},
+	{NT_STATUS(0xc00002c1), W_ERROR(0x2024)},
+	{NT_STATUS(0xc00002c3), W_ERROR(0x575)},
+	{NT_STATUS(0xc00002c5), W_ERROR(0x3e6)},
+	{NT_STATUS(0xc00002c6), W_ERROR(0x1075)},
+	{NT_STATUS(0xc00002c7), W_ERROR(0x1076)},
+	{NT_STATUS(0xc00002ca), W_ERROR(0x10e8)},
+	{NT_STATUS(0xc00002cb), W_ERROR(0x2138)},
+	{NT_STATUS(0xc00002cc), W_ERROR(0x4e3)},
+	{NT_STATUS(0xc00002cd), W_ERROR(0x2139)},
+	{NT_STATUS(0xc00002cf), W_ERROR(0x49d)},
+	{NT_STATUS(0xc00002d0), W_ERROR(0x213a)},
+	{NT_STATUS(0xc00002d4), W_ERROR(0x2141)},
+	{NT_STATUS(0xc00002d5), W_ERROR(0x2142)},
+	{NT_STATUS(0xc00002d6), W_ERROR(0x2143)},
+	{NT_STATUS(0xc00002d7), W_ERROR(0x2144)},
+	{NT_STATUS(0xc00002d8), W_ERROR(0x2145)},
+	{NT_STATUS(0xc00002d9), W_ERROR(0x2146)},
+	{NT_STATUS(0xc00002da), W_ERROR(0x2147)},
+	{NT_STATUS(0xc00002db), W_ERROR(0x2148)},
+	{NT_STATUS(0xc00002dc), W_ERROR(0x2149)},
+	{NT_STATUS(0xc00002dd), W_ERROR(0x32)},
+	{NT_STATUS(0xc00002df), W_ERROR(0x2151)},
+	{NT_STATUS(0xc00002e0), W_ERROR(0x2152)},
+	{NT_STATUS(0xc00002e1), W_ERROR(0x2153)},
+	{NT_STATUS(0xc00002e2), W_ERROR(0x2154)},
+	{NT_STATUS(0xc00002e3), W_ERROR(0x215d)},
+	{NT_STATUS(0xc00002e4), W_ERROR(0x2163)},
+	{NT_STATUS(0xc00002e5), W_ERROR(0x2164)},
+	{NT_STATUS(0xc00002e6), W_ERROR(0x2165)},
+	{NT_STATUS(0xc00002e7), W_ERROR(0x216d)},
+	{NT_STATUS(0xc00002fe), W_ERROR(0x45b)},
+	{NT_STATUS(0xc00002ff), W_ERROR(0x4e7)},
+	{NT_STATUS(0xc0000300), W_ERROR(0x4e6)},
+	{NT_STATUS(0x80000001), W_ERROR(0x80000001)},
+	{NT_STATUS(0x80000002), W_ERROR(0x3e6)},
+	{NT_STATUS(0x80000003), W_ERROR(0x80000003)},
+	{NT_STATUS(0x80000004), W_ERROR(0x80000004)},
+	{NT_STATUS(0x80000005), W_ERROR(0xea)},
+	{NT_STATUS(0x80000006), W_ERROR(0x12)},
+	{NT_STATUS(0x8000000b), W_ERROR(0x56f)},
+	{NT_STATUS(0x8000000d), W_ERROR(0x12b)},
+	{NT_STATUS(0x8000000e), W_ERROR(0x1c)},
+	{NT_STATUS(0x8000000f), W_ERROR(0x15)},
+	{NT_STATUS(0x80000010), W_ERROR(0x15)},
+	{NT_STATUS(0x80000011), W_ERROR(0xaa)},
+	{NT_STATUS(0x80000012), W_ERROR(0x103)},
+	{NT_STATUS(0x80000013), W_ERROR(0xfe)},
+	{NT_STATUS(0x80000014), W_ERROR(0xff)},
+	{NT_STATUS(0x80000015), W_ERROR(0xff)},
+	{NT_STATUS(0x80000016), W_ERROR(0x456)},
+	{NT_STATUS(0x8000001a), W_ERROR(0x103)},
+	{NT_STATUS(0x8000001b), W_ERROR(0x44d)},
+	{NT_STATUS(0x8000001c), W_ERROR(0x456)},
+	{NT_STATUS(0x8000001d), W_ERROR(0x457)},
+	{NT_STATUS(0x8000001e), W_ERROR(0x44c)},
+	{NT_STATUS(0x8000001f), W_ERROR(0x44e)},
+	{NT_STATUS(0x80000021), W_ERROR(0x44f)},
+	{NT_STATUS(0x80000022), W_ERROR(0x450)},
+	{NT_STATUS(0x80000025), W_ERROR(0x962)},
+	{NT_STATUS(0x80000288), W_ERROR(0x48d)},
+	{NT_STATUS(0x80000289), W_ERROR(0x48e)},
+	{NT_STATUS_OK, WERR_OK}};
+
+
+/*****************************************************************************
+convert a dos eclas/ecode to a NT status32 code
+ *****************************************************************************/
+NTSTATUS dos_to_ntstatus(int eclass, int ecode)
+{
+	int i;
+	if (eclass == 0 && ecode == 0) return NT_STATUS_OK;
+	for (i=0; NT_STATUS_V(dos_to_ntstatus_map[i].ntstatus); i++) {
+		if (eclass == dos_to_ntstatus_map[i].dos_class &&
+		    ecode == dos_to_ntstatus_map[i].dos_code) {
+			return dos_to_ntstatus_map[i].ntstatus;
+		}
+	}
+	return NT_STATUS_UNSUCCESSFUL;
+}
+
+
+/*****************************************************************************
+convert a NT status code to a dos class/code
+ *****************************************************************************/
+void ntstatus_to_dos(NTSTATUS ntstatus, uint8 *eclass, uint32 *ecode)
+{
+	int i;
+	if (NT_STATUS_IS_OK(ntstatus)) {
+		*eclass = 0;
+		*ecode = 0;
+		return;
+	}
+	for (i=0; NT_STATUS_V(ntstatus_to_dos_map[i].ntstatus); i++) {
+		if (NT_STATUS_V(ntstatus) == 
+		    NT_STATUS_V(ntstatus_to_dos_map[i].ntstatus)) {
+			*eclass = ntstatus_to_dos_map[i].dos_class;
+			*ecode = ntstatus_to_dos_map[i].dos_code;
+			return;
+		}
+	}
+	*eclass = ERRHRD;
+	*ecode = ERRgeneral;
+}
+
+
+/*****************************************************************************
+convert a WERROR to a NT status32 code
+ *****************************************************************************/
+NTSTATUS werror_to_ntstatus(WERROR error)
+{
+	int i;
+	if (W_ERROR_IS_OK(error)) return NT_STATUS_OK;
+	for (i=0; NT_STATUS_V(ntstatus_to_werror_map[i].ntstatus); i++) {
+		if (W_ERROR_V(error) == 
+		    W_ERROR_V(ntstatus_to_werror_map[i].werror)) {
+			return ntstatus_to_werror_map[i].ntstatus;
+		}
+	}
+
+	/* just guess ... */
+	return NT_STATUS(W_ERROR_V(error) | 0xc0000000);
+}
+
+/*****************************************************************************
+convert a NTSTATUS to a WERROR
+ *****************************************************************************/
+WERROR ntstatus_to_werror(NTSTATUS error)
+{
+	int i;
+	if (NT_STATUS_IS_OK(error)) return WERR_OK;
+	for (i=0; NT_STATUS_V(ntstatus_to_werror_map[i].ntstatus); i++) {
+		if (NT_STATUS_V(error) == 
+		    NT_STATUS_V(ntstatus_to_werror_map[i].ntstatus)) {
+			return ntstatus_to_werror_map[i].werror;
+		}
+	}
+
+	/* a lame guess */
+	return W_ERROR(NT_STATUS_V(error) & 0xffff);
+}
diff --git a/source3/libsmb/libsmbclient.c b/source3/libsmb/libsmbclient.c
new file mode 100644
index 0000000000..237701b968
--- /dev/null
+++ b/source3/libsmb/libsmbclient.c
@@ -0,0 +1,2581 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB client library implementation
+   Copyright (C) Andrew Tridgell 1998
+   Copyright (C) Richard Sharpe 2000
+   Copyright (C) John Terpstra 2000
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "libsmbclient.h"
+
+/* Structure for servers ... Held here so we don't need an include ...
+ * May be better to put in an include file
+ */
+
+struct smbc_server {
+	struct smbc_server *next, *prev;
+	struct cli_state cli;
+	dev_t dev;
+	char *server_name;
+	char *share_name;
+	char *workgroup;
+	char *username;
+	BOOL no_pathinfo2;
+};
+
+/* Keep directory entries in a list */
+struct smbc_dir_list {
+	struct smbc_dir_list *next;
+	struct smbc_dirent *dirent;
+};
+
+struct smbc_file {
+	int cli_fd; 
+	int smbc_fd;
+	char *fname;
+	off_t offset;
+	struct smbc_server *srv;
+	BOOL file;
+	struct smbc_dir_list *dir_list, *dir_end, *dir_next;
+	int dir_type, dir_error;
+};
+
+int smbc_fstatdir(int fd, struct stat *st); /* Forward decl */
+BOOL smbc_getatr(struct smbc_server *srv, char *path, 
+		 uint16 *mode, size_t *size, 
+		 time_t *c_time, time_t *a_time, time_t *m_time,
+		 SMB_INO_T *ino);
+
+extern BOOL in_client;
+extern pstring global_myname;
+static int smbc_initialized = 0;
+static smbc_get_auth_data_fn smbc_auth_fn = NULL;
+/*static int smbc_debug;*/
+static int smbc_start_fd;
+static struct smbc_file **smbc_file_table;
+static struct smbc_server *smbc_srvs;
+static pstring  my_netbios_name;
+static pstring smbc_user;
+
+/*
+ * Function to parse a path and turn it into components
+ *
+ * We accept smb://[[[domain;]user[:password@]]server[/share[/path[/file]]]]
+ * 
+ * smb://       means show all the workgroups
+ * smb://name/  means, if name<1D> exists, list servers in workgroup,
+ *              else, if name<20> exists, list all shares for server ...
+ */
+
+static const char *smbc_prefix = "smb:";
+
+static int
+smbc_parse_path(const char *fname, char *server, char *share, char *path,
+		char *user, char *password) /* FIXME, lengths of strings */
+{
+	static pstring s;
+	pstring userinfo;
+	char *p;
+	char *q, *r;
+	int len;
+
+	server[0] = share[0] = path[0] = user[0] = password[0] = (char)0;
+	pstrcpy(s, fname);
+
+	/*  clean_fname(s);  causing problems ... */
+
+	/* see if it has the right prefix */
+	len = strlen(smbc_prefix);
+	if (strncmp(s,smbc_prefix,len) || 
+	    (s[len] != '/' && s[len] != 0)) return -1; /* What about no smb: ? */
+
+	p = s + len;
+
+	/* Watch the test below, we are testing to see if we should exit */
+
+	if (strncmp(p, "//", 2) && strncmp(p, "\\\\", 2)) {
+
+		return -1;
+
+	}
+
+	p += 2;  /* Skip the // or \\  */
+
+	if (*p == (char)0)
+		return 0;
+
+	if (*p == '/') {
+
+		strncpy(server, (char *)lp_workgroup(), 16); /* FIXME: Danger here */
+		return 0;
+		
+	}
+
+	/*
+	 * ok, its for us. Now parse out the server, share etc. 
+	 *
+	 * However, we want to parse out [[domain;]user[:password]@] if it
+	 * exists ...
+	 */
+
+	/* check that '@' occurs before '/', if '/' exists at all */
+	q = strchr_m(p, '@');
+	r = strchr_m(p, '/');
+	if (q && (!r || q < r)) {
+		pstring username, passwd, domain;
+		char *u = userinfo;
+
+		next_token(&p, userinfo, "@", sizeof(fstring));
+
+		username[0] = passwd[0] = domain[0] = 0;
+
+		if (strchr_m(u, ';')) {
+      
+			next_token(&u, domain, ";", sizeof(fstring));
+			
+		}
+
+		if (strchr_m(u, ':')) {
+
+			next_token(&u, username, ":", sizeof(fstring));
+
+			pstrcpy(passwd, u);
+
+		}
+		else {
+
+			pstrcpy(username, u);
+
+		}
+
+		if (username[0])
+			strncpy(user, username, sizeof(fstring));  /* FIXME, size and domain */
+
+		if (passwd[0])
+			strncpy(password, passwd, sizeof(fstring)); /* FIXME, size */
+
+	}
+
+	if (!next_token(&p, server, "/", sizeof(fstring))) {
+		
+		return -1;
+		
+	}
+
+	if (*p == (char)0) return 0;  /* That's it ... */
+  
+	if (!next_token(&p, share, "/", sizeof(fstring))) {
+
+		return -1;
+
+	}
+
+	pstrcpy(path, p);
+  
+	all_string_sub(path, "/", "\\", 0);
+
+	return 0;
+}
+
+/*
+ * Convert an SMB error into a UNIX error ...
+ */
+
+int smbc_errno(struct cli_state *c)
+{
+	int ret;
+
+        if (cli_is_dos_error(c)) {
+                uint8 eclass;
+                uint32 ecode;
+
+                cli_dos_error(c, &eclass, &ecode);
+                ret = cli_errno_from_dos(eclass, ecode);
+                
+                DEBUG(3,("smbc_error %d %d (0x%x) -> %d\n", 
+                         (int)eclass, (int)ecode, (int)ecode, ret));
+        } else {
+                NTSTATUS status;
+
+                status = cli_nt_error(c);
+                ret = cli_errno_from_nt(status);
+
+                DEBUG(3,("smbc errno %s -> %d\n",
+                         nt_errstr(status), ret));
+        }
+
+	return ret;
+}
+
+/*
+ * Connect to a server, possibly on an existing connection
+ *
+ * Here, what we want to do is: If the server and username
+ * match an existing connection, reuse that, otherwise, establish a 
+ * new connection.
+ *
+ * If we have to create a new connection, call the auth_fn to get the
+ * info we need, unless the username and password were passed in.
+ */
+
+struct smbc_server *smbc_server(char *server, char *share, 
+				char *workgroup, char *username, 
+				char *password)
+{
+	struct smbc_server *srv=NULL;
+	struct cli_state c;
+	struct nmb_name called, calling;
+	char *p, *server_n = server;
+	fstring group;
+	pstring ipenv;
+	struct in_addr ip;
+  
+        zero_ip(&ip);
+	ZERO_STRUCT(c);
+
+	/* try to use an existing connection */
+	for (srv=smbc_srvs;srv;srv=srv->next) {
+		if (strcmp(server,srv->server_name)==0 &&
+		    strcmp(share,srv->share_name)==0 &&
+		    strcmp(workgroup,srv->workgroup)==0 &&
+		    strcmp(username, srv->username) == 0) 
+			return srv;
+	}
+
+	if (server[0] == 0) {
+		errno = EPERM;
+		return NULL;
+	}
+
+	/* 
+	 * Pick up the auth info here, once we know we need to connect
+	 * But only if we do not have a username and password ...
+	 */
+
+	if (!username[0] || !password[0])
+		smbc_auth_fn(server, share, workgroup, sizeof(fstring),
+			     username, sizeof(fstring), password, sizeof(fstring));
+
+	/* 
+	 * However, smbc_auth_fn may have picked up info relating to an 
+	 * existing connection, so try for an existing connection again ...
+	 */
+
+	for (srv=smbc_srvs;srv;srv=srv->next) {
+		if (strcmp(server,srv->server_name)==0 &&
+		    strcmp(share,srv->share_name)==0 &&
+		    strcmp(workgroup,srv->workgroup)==0 &&
+		    strcmp(username, srv->username) == 0) 
+			return srv;
+	}
+
+	make_nmb_name(&calling, my_netbios_name, 0x0);
+	make_nmb_name(&called , server, 0x20);
+
+	DEBUG(4,("smbc_server: server_n=[%s] server=[%s]\n", server_n, server));
+  
+	if ((p=strchr_m(server_n,'#')) && 
+	    (strcmp(p+1,"1D")==0 || strcmp(p+1,"01")==0)) {
+    
+		fstrcpy(group, server_n);
+		p = strchr_m(group,'#');
+		*p = 0;
+		
+	}
+
+	DEBUG(4,(" -> server_n=[%s] server=[%s]\n", server_n, server));
+
+ again:
+	slprintf(ipenv,sizeof(ipenv)-1,"HOST_%s", server_n);
+
+        zero_ip(&ip);
+
+	/* have to open a new connection */
+	if (!cli_initialise(&c) || !cli_connect(&c, server_n, &ip)) {
+		if (c.initialised) cli_shutdown(&c);
+		errno = ENOENT;
+		return NULL;
+	}
+
+	if (!cli_session_request(&c, &calling, &called)) {
+		cli_shutdown(&c);
+		if (strcmp(called.name, "*SMBSERVER")) {
+			make_nmb_name(&called , "*SMBSERVER", 0x20);
+			goto again;
+		}
+		errno = ENOENT;
+		return NULL;
+	}
+  
+	DEBUG(4,(" session request ok\n"));
+  
+	if (!cli_negprot(&c)) {
+		cli_shutdown(&c);
+		errno = ENOENT;
+		return NULL;
+	}
+
+	if (!cli_session_setup(&c, username, 
+			       password, strlen(password),
+			       password, strlen(password),
+			       workgroup) &&
+	    /* try an anonymous login if it failed */
+	    !cli_session_setup(&c, "", "", 1,"", 0, workgroup)) {
+		cli_shutdown(&c);
+		errno = EPERM;
+		return NULL;
+	}
+
+	DEBUG(4,(" session setup ok\n"));
+
+	if (!cli_send_tconX(&c, share, "?????",
+			    password, strlen(password)+1)) {
+		errno = smbc_errno(&c);
+		cli_shutdown(&c);
+		return NULL;
+	}
+  
+	DEBUG(4,(" tconx ok\n"));
+  
+	srv = (struct smbc_server *)malloc(sizeof(*srv));
+	if (!srv) {
+		errno = ENOMEM;
+		goto failed;
+	}
+
+	ZERO_STRUCTP(srv);
+
+	srv->cli = c;
+
+	srv->dev = (dev_t)(str_checksum(server) ^ str_checksum(share));
+
+	srv->server_name = strdup(server);
+	if (!srv->server_name) {
+		errno = ENOMEM;
+		goto failed;
+	}
+
+	srv->share_name = strdup(share);
+	if (!srv->share_name) {
+		errno = ENOMEM;
+		goto failed;
+	}
+
+	srv->workgroup = strdup(workgroup);
+	if (!srv->workgroup) {
+		errno = ENOMEM;
+		goto failed;
+	}
+
+	srv->username = strdup(username);
+	if (!srv->username) {
+		errno = ENOMEM;
+		goto failed;
+	}
+
+	DLIST_ADD(smbc_srvs, srv);
+
+	return srv;
+
+ failed:
+	cli_shutdown(&c);
+	if (!srv) return NULL;
+  
+	SAFE_FREE(srv->server_name);
+	SAFE_FREE(srv->share_name);
+	SAFE_FREE(srv->workgroup);
+	SAFE_FREE(srv->username);
+	SAFE_FREE(srv);
+	return NULL;
+}
+
+/* 
+ *Remove a server from the list smbc_srvs if it's unused -- Tom (tom@ninja.nl)
+ *
+ * We accept a *srv 
+ */
+BOOL smbc_remove_unused_server(struct smbc_server * s)
+{
+	int p;
+
+	/* are we being fooled ? */
+	if (!s) return False;
+
+	/* close all open files/directories on this server */
+	for (p = 0; p < SMBC_MAX_FD; p++) {
+		if (smbc_file_table[p] &&
+		    smbc_file_table[p]->srv == s) {
+			/* Still used .. DARN */
+			DEBUG(3, ("smbc_remove_usused_server: %x still used by %s (%d).\n", (int) s, 
+				  smbc_file_table[p]->fname, smbc_file_table[p]->smbc_fd));
+			return False;
+		}
+	}
+
+	cli_shutdown(&s->cli);
+	
+	SAFE_FREE(s->username);
+	SAFE_FREE(s->workgroup);
+	SAFE_FREE(s->server_name);
+	SAFE_FREE(s->share_name);
+	DLIST_REMOVE(smbc_srvs, s);
+	DEBUG(3, ("smbc_remove_usused_server: %x removed.\n", (int) s));
+	SAFE_FREE(s);
+	return True;
+}
+
+/*
+ *Initialise the library etc 
+ *
+ * We accept valid values for debug from 0 to 100,
+ * and insist that fn must be non-null.
+ */
+
+int smbc_init(smbc_get_auth_data_fn fn, int debug)
+{
+	pstring conf;
+	int p, pid;
+	char *user = NULL, *home = NULL, *pname="libsmbclient";
+
+	if (!fn || debug < 0 || debug > 100) {
+
+		errno = EINVAL;
+		return -1;
+
+	}
+
+	if (smbc_initialized) { /* Don't go through this if we have already done it */
+
+		return 0;
+
+	}
+
+	smbc_initialized = 1;
+	smbc_auth_fn = fn;
+	/*  smbc_debug = debug; */
+
+	DEBUGLEVEL = -1;
+
+	setup_logging(pname, False);
+
+	/* Here we would open the smb.conf file if needed ... */
+
+	home = getenv("HOME");
+
+	slprintf(conf, sizeof(conf), "%s/.smb/smb.conf", home);
+
+	load_interfaces();  /* Load the list of interfaces ... */
+
+	in_client = True; /* FIXME, make a param */
+
+	if (!lp_load(conf, True, False, False)) {
+
+		/*
+		 * Hmmm, what the hell do we do here ... we could not parse the
+		 * config file ... We must return an error ... and keep info around
+		 * about why we failed
+		 */
+    
+		errno = ENOENT; /* FIXME: Figure out the correct error response */
+		return -1;
+
+	}
+
+	reopen_logs();  /* Get logging working ... */
+
+	/*
+	 * FIXME: Is this the best way to get the user info? 
+	 */
+
+	user = getenv("USER");
+	/* walk around as "guest" if no username can be found */
+	if (!user) user = strdup("guest");
+	pstrcpy(smbc_user, user); /* Save for use elsewhere */
+	
+	/*
+	 * We try to get our netbios name from the config. If that fails we fall
+	 * back on constructing our netbios name from our hostname etc
+	 */
+	if (global_myname) {
+		pstrcpy(my_netbios_name, global_myname);
+	}
+	else {
+		/*
+		 * Hmmm, I want to get hostname as well, but I am too lazy for the moment
+		 */
+		pid = sys_getpid();
+		slprintf(my_netbios_name, 16, "smbc%s%d", user, pid);
+	}
+	DEBUG(0,("Using netbios name %s.\n", my_netbios_name));
+
+	name_register_wins(my_netbios_name, 0);
+
+	/* 
+	 * Now initialize the file descriptor array and figure out what the
+	 * max open files is, so we can return FD's that are above the max
+	 * open file, and separated by a guard band
+	 */
+
+#if (defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE))
+	do {
+		struct rlimit rlp;
+
+		if (getrlimit(RLIMIT_NOFILE, &rlp)) {
+
+			DEBUG(0, ("smbc_init: getrlimit(1) for RLIMIT_NOFILE failed with error %s\n", strerror(errno)));
+
+			smbc_start_fd = 1000000;
+
+		}
+		else {
+      
+			smbc_start_fd = rlp.rlim_max + 10000; /* Leave a guard space of 10,000 */
+
+		}
+	} while ( 0 );
+#else /* !defined(HAVE_GETRLIMIT) || !defined(RLIMIT_NOFILE) */
+
+	smbc_start_fd = 1000000;
+
+#endif
+
+	smbc_file_table = malloc(SMBC_MAX_FD * sizeof(struct smbc_file *));
+
+	for (p = 0; p < SMBC_MAX_FD; p++)
+		smbc_file_table[p] = NULL;
+
+	if (!smbc_file_table)
+		return ENOMEM;
+
+	return 0;  /* Success */
+
+}
+
+/*
+ * Routine to open() a file ...
+ */
+
+int smbc_open(const char *fname, int flags, mode_t mode)
+{
+	fstring server, share, user, password, workgroup;
+	pstring path;
+	struct smbc_server *srv = NULL;
+	int fd;
+
+	if (!smbc_initialized) {
+
+		errno = EINVAL;  /* Best I can think of ... */
+		return -1;
+
+	}
+
+	if (!fname) {
+
+		errno = EINVAL;
+		return -1;
+
+	}
+
+	smbc_parse_path(fname, server, share, path, user, password); /* FIXME, check errors */
+
+	if (user[0] == (char)0) pstrcpy(user, smbc_user);
+
+	pstrcpy(workgroup, lp_workgroup());
+
+	srv = smbc_server(server, share, workgroup, user, password);
+
+	if (!srv) {
+
+		if (errno == EPERM) errno = EACCES;
+		return -1;  /* smbc_server sets errno */
+
+	}
+
+	/* Hmmm, the test for a directory is suspect here ... FIXME */
+
+	if (strlen(path) > 0 && path[strlen(path) - 1] == '\\') {
+    
+		fd = -1;
+
+	}
+	else {
+
+		int slot = 0;
+
+		/* Find a free slot first */
+
+		while (smbc_file_table[slot])
+			slot++;
+
+		if (slot > SMBC_MAX_FD) {
+
+			errno = ENOMEM; /* FIXME, is this best? */
+			return -1;
+
+		}
+
+		smbc_file_table[slot] = malloc(sizeof(struct smbc_file));
+
+		if (!smbc_file_table[slot]) {
+
+			errno = ENOMEM;
+			return -1;
+
+		}
+
+		if ((fd = cli_open(&srv->cli, path, flags, DENY_NONE)) < 0) {
+
+			/* Handle the error ... */
+
+			SAFE_FREE(smbc_file_table[slot]);
+			errno = smbc_errno(&srv->cli);
+			return -1;
+
+		}
+
+		/* Fill in file struct */
+
+		smbc_file_table[slot]->cli_fd  = fd;
+		smbc_file_table[slot]->smbc_fd = slot + smbc_start_fd;
+		smbc_file_table[slot]->fname   = strdup(fname);
+		smbc_file_table[slot]->srv     = srv;
+		smbc_file_table[slot]->offset  = 0;
+		smbc_file_table[slot]->file    = True;
+
+		return smbc_file_table[slot]->smbc_fd;
+
+	}
+
+	/* Check if opendir needed ... */
+
+	if (fd == -1) {
+		int eno = 0;
+
+		eno = smbc_errno(&srv->cli);
+		fd = smbc_opendir(fname);
+		if (fd < 0) errno = eno;
+		return fd;
+
+	}
+
+	return 1;  /* Success, with fd ... */
+
+}
+
+/*
+ * Routine to create a file 
+ */
+
+static int creat_bits = O_WRONLY | O_CREAT | O_TRUNC; /* FIXME: Do we need this */
+
+int smbc_creat(const char *path, mode_t mode)
+{
+
+	if (!smbc_initialized) {
+
+		errno = EINVAL;
+		return -1;
+
+	}
+
+	return smbc_open(path, creat_bits, mode);
+}
+
+/*
+ * Routine to read() a file ...
+ */
+
+ssize_t smbc_read(int fd, void *buf, size_t count)
+{
+	struct smbc_file *fe;
+	int ret;
+
+	if (!smbc_initialized) {
+
+		errno = EINVAL;
+		return -1;
+
+	}
+
+	DEBUG(4, ("smbc_read(%d, %d)\n", fd, (int)count));
+
+	if (fd < smbc_start_fd || fd >= (smbc_start_fd + SMBC_MAX_FD)) {
+
+		errno = EBADF;
+		return -1;
+
+	}
+
+	/* Check that the buffer exists ... */
+
+	if (buf == NULL) {
+
+		errno = EINVAL;
+		return -1;
+
+	}
+
+	fe = smbc_file_table[fd - smbc_start_fd];
+
+	if (!fe || !fe->file) {
+
+		errno = EBADF;
+		return -1;
+
+	}
+
+	ret = cli_read(&fe->srv->cli, fe->cli_fd, buf, fe->offset, count);
+
+	if (ret < 0) {
+
+		errno = smbc_errno(&fe->srv->cli);
+		return -1;
+
+	}
+
+	fe->offset += ret;
+
+	DEBUG(4, ("  --> %d\n", ret));
+
+	return ret;  /* Success, ret bytes of data ... */
+
+}
+
+/*
+ * Routine to write() a file ...
+ */
+
+ssize_t smbc_write(int fd, void *buf, size_t count)
+{
+	int ret;
+	struct smbc_file *fe;
+
+	if (!smbc_initialized) {
+
+		errno = EINVAL;
+		return -1;
+
+	}
+
+	if (fd < smbc_start_fd || fd >= (smbc_start_fd + SMBC_MAX_FD)) {
+
+		errno = EBADF;
+		return -1;
+    
+	}
+
+	/* Check that the buffer exists ... */
+
+	if (buf == NULL) {
+
+		errno = EINVAL;
+		return -1;
+
+	}
+
+	fe = smbc_file_table[fd - smbc_start_fd];
+
+	if (!fe || !fe->file) {
+
+		errno = EBADF;
+		return -1;
+
+	}
+
+	ret = cli_write(&fe->srv->cli, fe->cli_fd, 0, buf, fe->offset, count);
+
+	if (ret <= 0) {
+
+		errno = smbc_errno(&fe->srv->cli);
+		return -1;
+
+	}
+
+	fe->offset += ret;
+
+	return ret;  /* Success, 0 bytes of data ... */
+}
+ 
+/*
+ * Routine to close() a file ...
+ */
+
+int smbc_close(int fd)
+{
+	struct smbc_file *fe;
+	struct smbc_server *srv;
+
+	if (!smbc_initialized) {
+
+		errno = EINVAL;
+		return -1;
+
+	}
+
+	if (fd < smbc_start_fd || fd >= (smbc_start_fd + SMBC_MAX_FD)) {
+   
+		errno = EBADF;
+		return -1;
+
+	}
+
+	fe = smbc_file_table[fd - smbc_start_fd];
+
+	if (!fe) {
+
+		errno = EBADF;
+		return -1;
+
+	}
+
+	if (!fe->file) {
+
+		return smbc_closedir(fd);
+
+	}
+
+	if (!cli_close(&fe->srv->cli, fe->cli_fd)) {
+
+		DEBUG(3, ("cli_close failed on %s (%d). purging server.\n", 
+			  fe->fname, fe->smbc_fd));
+		/* Deallocate slot and remove the server 
+		 * from the server cache if unused */
+		errno = smbc_errno(&fe->srv->cli);  
+		srv = fe->srv;
+		SAFE_FREE(fe->fname);
+		SAFE_FREE(fe);
+		smbc_file_table[fd - smbc_start_fd] = NULL;
+		smbc_remove_unused_server(srv);
+
+		return -1;
+
+	}
+
+	SAFE_FREE(fe->fname);
+	SAFE_FREE(fe);
+	smbc_file_table[fd - smbc_start_fd] = NULL;
+
+	return 0;
+}
+
+/*
+ * Routine to unlink() a file
+ */
+
+int smbc_unlink(const char *fname)
+{
+	fstring server, share, user, password, workgroup;
+	pstring path;
+	struct smbc_server *srv = NULL;
+
+	if (!smbc_initialized) {
+
+		errno = EINVAL;  /* Best I can think of ... */
+		return -1;
+
+	}
+
+	if (!fname) {
+
+		errno = EINVAL;
+		return -1;
+
+	}
+
+	smbc_parse_path(fname, server, share, path, user, password); /* FIXME, check errors */
+
+	if (user[0] == (char)0) pstrcpy(user, smbc_user);
+
+	pstrcpy(workgroup, lp_workgroup());
+
+	srv = smbc_server(server, share, workgroup, user, password);
+
+	if (!srv) {
+
+		return -1;  /* smbc_server sets errno */
+
+	}
+
+	/*  if (strncmp(srv->cli.dev, "LPT", 3) == 0) {
+
+	    int job = smbc_stat_printjob(srv, path, NULL, NULL);
+	    if (job == -1) {
+
+	    return -1;
+
+	    }
+	    if ((err = cli_printjob_del(&srv->cli, job)) != 0) {
+
+    
+	    return -1;
+
+	    }
+	    } else */
+
+	if (!cli_unlink(&srv->cli, path)) {
+
+		errno = smbc_errno(&srv->cli);
+
+		if (errno == EACCES) { /* Check if the file is a directory */
+
+			int saverr = errno;
+			size_t size = 0;
+			uint16 mode = 0;
+			time_t m_time = 0, a_time = 0, c_time = 0;
+			SMB_INO_T ino = 0;
+
+			if (!smbc_getatr(srv, path, &mode, &size,
+					 &c_time, &a_time, &m_time, &ino)) {
+
+				/* Hmmm, bad error ... What? */
+
+				errno = smbc_errno(&srv->cli);
+				return -1;
+
+			}
+			else {
+
+				if (IS_DOS_DIR(mode))
+					errno = EISDIR;
+				else
+					errno = saverr;  /* Restore this */
+
+			}
+		}
+
+		return -1;
+
+	}
+
+	return 0;  /* Success ... */
+
+}
+
+/*
+ * Routine to rename() a file
+ */
+
+int smbc_rename(const char *oname, const char *nname)
+{
+	fstring server1, share1, server2, share2, user1, user2, password1, password2, workgroup;
+	pstring path1, path2;
+	struct smbc_server *srv = NULL;
+
+	if (!smbc_initialized) {
+
+		errno = EINVAL;  /* Best I can think of ... */
+		return -1;
+
+	}
+
+	if (!oname || !nname) {
+
+		errno = EINVAL;
+		return -1;
+
+	}
+  
+	DEBUG(4, ("smbc_rename(%s,%s)\n", oname, nname));
+
+	smbc_parse_path(oname, server1, share1, path1, user1, password1);
+
+	if (user1[0] == (char)0) pstrcpy(user1, smbc_user);
+
+	smbc_parse_path(nname, server2, share2, path2, user2, password2);
+
+	if (user2[0] == (char)0) pstrcpy(user2, smbc_user);
+
+	if (strcmp(server1, server2) || strcmp(share1, share2) ||
+	    strcmp(user1, user2)) {
+
+		/* Can't rename across file systems, or users?? */
+
+		errno = EXDEV;
+		return -1;
+
+	}
+
+	pstrcpy(workgroup, lp_workgroup());
+
+	srv = smbc_server(server1, share1, workgroup, user1, password1);
+	if (!srv) {
+
+		return -1;
+
+	}
+
+	if (!cli_rename(&srv->cli, path1, path2)) {
+		int eno = smbc_errno(&srv->cli);
+
+		if (eno != EEXIST ||
+		    !cli_unlink(&srv->cli, path2) ||
+		    !cli_rename(&srv->cli, path1, path2)) {
+
+			errno = eno;
+			return -1;
+
+		}
+	}
+
+	return 0; /* Success */
+
+}
+
+/*
+ * A routine to lseek() a file
+ */
+
+off_t smbc_lseek(int fd, off_t offset, int whence)
+{
+	struct smbc_file *fe;
+	size_t size;
+
+	if (!smbc_initialized) {
+
+		errno = EINVAL;
+		return -1;
+
+	}
+
+	if (fd < smbc_start_fd || fd >= (smbc_start_fd + SMBC_MAX_FD)) {
+
+		errno = EBADF;
+		return -1;
+
+	}
+
+	fe = smbc_file_table[fd - smbc_start_fd];
+
+	if (!fe) {
+
+		errno = EBADF;
+		return -1;
+
+	}
+
+	if (!fe->file) {
+
+		errno = EINVAL;
+		return -1;      /* Can't lseek a dir ... */
+
+	}
+
+	switch (whence) {
+	case SEEK_SET:
+		fe->offset = offset;
+		break;
+
+	case SEEK_CUR:
+		fe->offset += offset;
+		break;
+
+	case SEEK_END:
+		if (!cli_qfileinfo(&fe->srv->cli, fe->cli_fd, NULL, &size, NULL, NULL,
+				   NULL, NULL, NULL) &&
+		    !cli_getattrE(&fe->srv->cli, fe->cli_fd, NULL, &size, NULL, NULL,
+				  NULL)) {
+
+			errno = EINVAL;
+			return -1;
+		}
+		fe->offset = size + offset;
+		break;
+
+	default:
+		errno = EINVAL;
+		break;
+
+	}
+
+	return fe->offset;
+
+}
+
+/* 
+ * Generate an inode number from file name for those things that need it
+ */
+
+static
+ino_t smbc_inode(const char *name)
+{
+
+	if (!*name) return 2; /* FIXME, why 2 ??? */
+	return (ino_t)str_checksum(name);
+
+}
+
+/*
+ * Routine to put basic stat info into a stat structure ... Used by stat and
+ * fstat below.
+ */
+
+static
+int smbc_setup_stat(struct stat *st, char *fname, size_t size, int mode)
+{
+
+	st->st_mode = 0;
+
+	if (IS_DOS_DIR(mode)) {
+		st->st_mode = SMBC_DIR_MODE;
+	} else {
+		st->st_mode = SMBC_FILE_MODE;
+	}
+
+	if (IS_DOS_ARCHIVE(mode)) st->st_mode |= S_IXUSR;
+	if (IS_DOS_SYSTEM(mode)) st->st_mode |= S_IXGRP;
+	if (IS_DOS_HIDDEN(mode)) st->st_mode |= S_IXOTH;
+	if (!IS_DOS_READONLY(mode)) st->st_mode |= S_IWUSR;
+
+	st->st_size = size;
+	st->st_blksize = 512;
+	st->st_blocks = (size+511)/512;
+	st->st_uid = getuid();
+	st->st_gid = getgid();
+
+	if (IS_DOS_DIR(mode)) {
+		st->st_nlink = 2;
+	} else {
+		st->st_nlink = 1;
+	}
+
+	if (st->st_ino == 0) {
+		st->st_ino = smbc_inode(fname);
+	}
+
+	return True;  /* FIXME: Is this needed ? */
+
+}
+
+/*
+ * Get info from an SMB server on a file. Use a qpathinfo call first
+ * and if that fails, use getatr, as Win95 sometimes refuses qpathinfo
+ */
+
+BOOL smbc_getatr(struct smbc_server *srv, char *path, 
+		 uint16 *mode, size_t *size, 
+		 time_t *c_time, time_t *a_time, time_t *m_time,
+		 SMB_INO_T *ino)
+{
+
+	if (!smbc_initialized) {
+
+		errno = EINVAL;
+		return -1;
+
+	}
+
+	DEBUG(4,("smbc_getatr: sending qpathinfo\n"));
+  
+	if (!srv->no_pathinfo2 &&
+	    cli_qpathinfo2(&srv->cli, path, c_time, a_time, m_time, NULL,
+			   size, mode, ino)) return True;
+
+	/* if this is NT then don't bother with the getatr */
+	if (srv->cli.capabilities & CAP_NT_SMBS) return False;
+
+	if (cli_getatr(&srv->cli, path, mode, size, m_time)) {
+		a_time = c_time = m_time;
+		srv->no_pathinfo2 = True;
+		return True;
+	}
+	return False;
+}
+
+/*
+ * Routine to stat a file given a name
+ */
+
+int smbc_stat(const char *fname, struct stat *st)
+{
+	struct smbc_server *srv;
+	fstring server, share, user, password, workgroup;
+	pstring path;
+	time_t m_time = 0, a_time = 0, c_time = 0;
+	size_t size = 0;
+	uint16 mode = 0;
+	SMB_INO_T ino = 0;
+
+	if (!smbc_initialized) {
+
+		errno = EINVAL;  /* Best I can think of ... */
+		return -1;
+
+	}
+
+	if (!fname) {
+
+		errno = EINVAL;
+		return -1;
+
+	}
+  
+	DEBUG(4, ("smbc_stat(%s)\n", fname));
+
+	smbc_parse_path(fname, server, share, path, user, password); /*FIXME, errors*/
+
+	if (user[0] == (char)0) pstrcpy(user, smbc_user);
+
+	pstrcpy(workgroup, lp_workgroup());
+
+	srv = smbc_server(server, share, workgroup, user, password);
+
+	if (!srv) {
+
+		return -1;  /* errno set by smbc_server */
+
+	}
+
+	/* if (strncmp(srv->cli.dev, "IPC", 3) == 0) {
+
+	   mode = aDIR | aRONLY;
+
+	   }
+	   else if (strncmp(srv->cli.dev, "LPT", 3) == 0) {
+
+	   if (strcmp(path, "\\") == 0) {
+
+	   mode = aDIR | aRONLY;
+
+	   }
+	   else {
+
+	   mode = aRONLY;
+	   smbc_stat_printjob(srv, path, &size, &m_time);
+	   c_time = a_time = m_time;
+
+	   }
+	   else { */
+
+	if (!smbc_getatr(srv, path, &mode, &size, 
+			 &c_time, &a_time, &m_time, &ino)) {
+
+		errno = smbc_errno(&srv->cli);
+		return -1;
+
+	}
+
+	/* } */
+
+	st->st_ino = ino;
+
+	smbc_setup_stat(st, path, size, mode);
+
+	st->st_atime = a_time;
+	st->st_ctime = c_time;
+	st->st_mtime = m_time;
+	st->st_dev   = srv->dev;
+
+	return 0;
+
+}
+
+/*
+ * Routine to stat a file given an fd
+ */
+
+int smbc_fstat(int fd, struct stat *st)
+{
+	struct smbc_file *fe;
+	time_t c_time, a_time, m_time;
+	size_t size;
+	uint16 mode;
+	SMB_INO_T ino = 0;
+
+	if (!smbc_initialized) {
+
+		errno = EINVAL;
+		return -1;
+
+	}
+
+	if (fd < smbc_start_fd || fd >= (smbc_start_fd + SMBC_MAX_FD)) {
+
+		errno = EBADF;
+		return -1;
+
+	}
+
+	fe = smbc_file_table[fd - smbc_start_fd];
+
+	if (!fe) {
+
+		errno = EBADF;
+		return -1;
+
+	}
+
+	if (!fe->file) {
+
+		return smbc_fstatdir(fd, st);
+
+	}
+
+	if (!cli_qfileinfo(&fe->srv->cli, fe->cli_fd,
+			   &mode, &size, &c_time, &a_time, &m_time, NULL, &ino) &&
+	    !cli_getattrE(&fe->srv->cli, fe->cli_fd,
+			  &mode, &size, &c_time, &a_time, &m_time)) {
+
+		errno = EINVAL;
+		return -1;
+
+	}
+
+	st->st_ino = ino;
+
+	smbc_setup_stat(st, fe->fname, size, mode);
+
+	st->st_atime = a_time;
+	st->st_ctime = c_time;
+	st->st_mtime = m_time;
+	st->st_dev = fe->srv->dev;
+
+	return 0;
+
+}
+
+/*
+ * Routine to open a directory
+ *
+ * We want to allow:
+ *
+ * smb: which should list all the workgroups available
+ * smb:workgroup
+ * smb:workgroup//server
+ * smb://server
+ * smb://server/share
+ * smb://<IP-addr> which should list shares on server
+ * smb://<IP-addr>/share which should list files on share
+ */
+
+static void smbc_remove_dir(struct smbc_file *dir)
+{
+	struct smbc_dir_list *d,*f;
+
+	d = dir->dir_list;
+	while (d) {
+
+		f = d; d = d->next;
+
+		SAFE_FREE(f->dirent);
+		SAFE_FREE(f);
+
+	}
+
+	dir->dir_list = dir->dir_end = dir->dir_next = NULL;
+
+}
+
+static int add_dirent(struct smbc_file *dir, const char *name, const char *comment, uint32 type)
+{
+	struct smbc_dirent *dirent;
+	int size;
+
+	/*
+	 * Allocate space for the dirent, which must be increased by the 
+	 * size of the name and the comment and 1 for the null on the comment.
+	 * The null on the name is already accounted for.
+	 */
+
+	size = sizeof(struct smbc_dirent) + (name?strlen(name):0) +
+		(comment?strlen(comment):0) + 1; 
+    
+	dirent = malloc(size);
+
+	if (!dirent) {
+
+		dir->dir_error = ENOMEM;
+		return -1;
+
+	}
+
+	if (dir->dir_list == NULL) {
+
+		dir->dir_list = malloc(sizeof(struct smbc_dir_list));
+		if (!dir->dir_list) {
+
+			SAFE_FREE(dirent);
+			dir->dir_error = ENOMEM;
+			return -1;
+
+		}
+
+		dir->dir_end = dir->dir_next = dir->dir_list;
+  
+	}
+	else {
+
+		dir->dir_end->next = malloc(sizeof(struct smbc_dir_list));
+
+		if (!dir->dir_end) {
+
+			SAFE_FREE(dirent);
+			dir->dir_error = ENOMEM;
+			return -1;
+
+		}
+
+		dir->dir_end = dir->dir_end->next;
+
+	}
+
+	dir->dir_end->next = NULL;
+	dir->dir_end->dirent = dirent;
+
+	dirent->smbc_type = type;
+	dirent->namelen = (name?strlen(name):0);
+	dirent->commentlen = (comment?strlen(comment):0);
+	dirent->dirlen = size;
+  
+	strncpy(dirent->name, (name?name:""), dirent->namelen + 1);
+
+	dirent->comment = (char *)(&dirent->name + dirent->namelen + 1);
+	strncpy(dirent->comment, (comment?comment:""), dirent->commentlen + 1);
+
+	return 0;
+
+}
+
+static void
+list_fn(const char *name, uint32 type, const char *comment, void *state)
+{
+	struct smbc_file *dir = (struct smbc_file *)state;
+	int dirent_type;
+
+	/* We need to process the type a little ... */
+
+	if (dir->dir_type == SMBC_FILE_SHARE) {
+
+		switch (type) {
+		case 0: /* Directory tree */
+			dirent_type = SMBC_FILE_SHARE;
+			break;
+
+		case 1:
+			dirent_type = SMBC_PRINTER_SHARE;
+			break;
+
+		case 2:
+			dirent_type = SMBC_COMMS_SHARE;
+			break;
+
+		case 3:
+			dirent_type = SMBC_IPC_SHARE;
+			break;
+
+		default:
+			dirent_type = SMBC_FILE_SHARE; /* FIXME, error? */
+			break;
+		}
+
+	}
+	else dirent_type = dir->dir_type;
+
+	if (add_dirent(dir, name, comment, dirent_type) < 0) {
+
+		/* An error occurred, what do we do? */
+		/* FIXME: Add some code here */
+
+	}
+
+}
+
+static void
+dir_list_fn(file_info *finfo, const char *mask, void *state)
+{
+
+	if (add_dirent((struct smbc_file *)state, finfo->name, "", 
+		       (finfo->mode&aDIR?SMBC_DIR:SMBC_FILE)) < 0) {
+
+		/* Handle an error ... */
+		/* FIXME: Add some code ... */
+
+	} 
+
+}
+
+int smbc_opendir(const char *fname)
+{
+	fstring server, share, user, password, workgroup;
+	pstring path;
+	struct smbc_server *srv = NULL;
+	struct in_addr rem_ip;
+	int slot = 0;
+
+	if (!smbc_initialized) {
+
+		errno = EINVAL;
+		return -1;
+
+	}
+
+	if (!fname) {
+    
+		errno = EINVAL;
+		return -1;
+
+	}
+
+	if (smbc_parse_path(fname, server, share, path, user, password)) {
+
+		errno = EINVAL;
+		return -1;
+
+	}
+
+	if (user[0] == (char)0) pstrcpy(user, smbc_user);
+
+	pstrcpy(workgroup, lp_workgroup());
+
+	/* Get a file entry ... */
+
+	slot = 0;
+
+	while (smbc_file_table[slot])
+		slot++;
+
+	if (slot > SMBC_MAX_FD) {
+
+		errno = ENOMEM;
+		return -1; /* FIXME, ... move into a func */
+      
+	}
+
+	smbc_file_table[slot] = malloc(sizeof(struct smbc_file));
+
+	if (!smbc_file_table[slot]) {
+
+		errno = ENOMEM;
+		return -1;
+
+	}
+
+	smbc_file_table[slot]->cli_fd   = 0;
+	smbc_file_table[slot]->smbc_fd  = slot + smbc_start_fd;
+	smbc_file_table[slot]->fname    = strdup(fname);
+	smbc_file_table[slot]->srv      = NULL;
+	smbc_file_table[slot]->offset   = 0;
+	smbc_file_table[slot]->file     = False;
+	smbc_file_table[slot]->dir_list = 
+		smbc_file_table[slot]->dir_next =
+		smbc_file_table[slot]->dir_end = NULL;
+
+	if (server[0] == (char)0) {
+
+		if (share[0] != (char)0 || path[0] != (char)0) {
+    
+			errno = EINVAL;
+			if (smbc_file_table[slot]) {
+				SAFE_FREE(smbc_file_table[slot]->fname);
+				SAFE_FREE(smbc_file_table[slot]);
+			}
+			return -1;
+
+		}
+
+		/* We have server and share and path empty ... so list the workgroups */
+
+		if (!resolve_name(lp_workgroup(), &rem_ip, 0x1d)) {
+      
+			errno = EINVAL;  /* Something wrong with smb.conf? */
+			return -1;
+
+		}
+
+		smbc_file_table[slot]->dir_type = SMBC_WORKGROUP;
+
+		/* find the name of the server ... */
+
+		if (!name_status_find("*", 0, 0, rem_ip, server)) {
+
+			DEBUG(0, ("Could not get the name of local master browser for server %s\n", server));
+			errno = EINVAL;
+			return -1;
+
+		}
+
+		/*
+		 * Get a connection to IPC$ on the server if we do not already have one
+		 */
+
+		srv = smbc_server(server, "IPC$", workgroup, user, password);
+
+		if (!srv) {
+
+			if (smbc_file_table[slot]) {
+				SAFE_FREE(smbc_file_table[slot]->fname);
+				SAFE_FREE(smbc_file_table[slot]);
+			}
+			return -1;
+
+		}
+
+		smbc_file_table[slot]->srv = srv;
+
+		/* Now, list the stuff ... */
+
+		if (!cli_NetServerEnum(&srv->cli, workgroup, 0x80000000, list_fn,
+				       (void *)smbc_file_table[slot])) {
+
+			if (smbc_file_table[slot]) {
+				SAFE_FREE(smbc_file_table[slot]->fname);
+				SAFE_FREE(smbc_file_table[slot]);
+			}
+			errno = cli_errno(&srv->cli);
+			return -1;
+
+		}
+	}
+	else { /* Server not an empty string ... Check the rest and see what gives */
+
+		if (share[0] == (char)0) {
+
+			if (path[0] != (char)0) { /* Should not have empty share with path */
+
+				errno = EINVAL;
+				if (smbc_file_table[slot]) {
+					SAFE_FREE(smbc_file_table[slot]->fname);
+					SAFE_FREE(smbc_file_table[slot]);
+				}
+				return -1;
+	
+			}
+
+			/* Check to see if <server><1D> translates, or <server><20> translates */
+			/* However, we check to see if <server> is an IP address first */
+
+			if (!is_ipaddress(server) &&  /* Not an IP addr so check next */
+			    resolve_name(server, &rem_ip, 0x1d)) { /* Found LMB */
+				pstring buserver;
+
+				smbc_file_table[slot]->dir_type = SMBC_SERVER;
+
+				/*
+				 * Get the backup list ...
+				 */
+
+
+				if (!name_status_find("*", 0, 0, rem_ip, buserver)) {
+
+					DEBUG(0, ("Could not get name of local master browser %s\n", server));
+					errno = EPERM;  /* FIXME, is this correct */
+					return -1;
+
+				}
+
+				/*
+				 * Get a connection to IPC$ on the server if we do not already have one
+				 */
+
+				srv = smbc_server(buserver, "IPC$", workgroup, user, password);
+
+				if (!srv) {
+
+					if (smbc_file_table[slot]) {
+						SAFE_FREE(smbc_file_table[slot]->fname);
+						SAFE_FREE(smbc_file_table[slot]);
+					}
+					return -1;
+
+				}
+
+				smbc_file_table[slot]->srv = srv;
+
+				/* Now, list the servers ... */
+
+				if (!cli_NetServerEnum(&srv->cli, server, 0x0000FFFE, list_fn,
+						       (void *)smbc_file_table[slot])) {
+
+					if (smbc_file_table[slot]) {
+						SAFE_FREE(smbc_file_table[slot]->fname);
+						SAFE_FREE(smbc_file_table[slot]);
+					}
+					errno = cli_errno(&srv->cli);
+					return -1;
+
+				}
+
+			}
+			else {
+
+				if (resolve_name(server, &rem_ip, 0x20)) {
+
+					/* Now, list the shares ... */
+
+					smbc_file_table[slot]->dir_type = SMBC_FILE_SHARE;
+
+					srv = smbc_server(server, "IPC$", workgroup, user, password);
+
+					if (!srv) {
+
+						if (smbc_file_table[slot]) {
+							SAFE_FREE(smbc_file_table[slot]->fname);
+							SAFE_FREE(smbc_file_table[slot]);
+						}
+						return -1;
+
+					}
+
+					smbc_file_table[slot]->srv = srv;
+
+					/* Now, list the servers ... */
+
+					if (cli_RNetShareEnum(&srv->cli, list_fn, 
+							      (void *)smbc_file_table[slot]) < 0) {
+
+						errno = cli_errno(&srv->cli);
+						if (smbc_file_table[slot]) {
+							SAFE_FREE(smbc_file_table[slot]->fname);
+							SAFE_FREE(smbc_file_table[slot]);
+						}
+						return -1;
+
+					}
+
+				}
+				else {
+
+					errno = ENODEV;   /* Neither the workgroup nor server exists */
+					if (smbc_file_table[slot]) {
+						SAFE_FREE(smbc_file_table[slot]->fname);
+						SAFE_FREE(smbc_file_table[slot]);
+					}
+					return -1;
+
+				}
+
+			}
+
+		}
+		else { /* The server and share are specified ... work from there ... */
+
+			/* Well, we connect to the server and list the directory */
+
+			smbc_file_table[slot]->dir_type = SMBC_FILE_SHARE;
+
+			srv = smbc_server(server, share, workgroup, user, password);
+
+			if (!srv) {
+
+				if (smbc_file_table[slot]) {
+					SAFE_FREE(smbc_file_table[slot]->fname);
+					SAFE_FREE(smbc_file_table[slot]);
+				}
+				return -1;
+
+			}
+
+			smbc_file_table[slot]->srv = srv;
+
+			/* Now, list the files ... */
+
+			pstrcat(path, "\\*");
+
+			if (cli_list(&srv->cli, path, aDIR | aSYSTEM | aHIDDEN, dir_list_fn, 
+				     (void *)smbc_file_table[slot]) < 0) {
+
+				if (smbc_file_table[slot]) {
+					SAFE_FREE(smbc_file_table[slot]->fname);
+					SAFE_FREE(smbc_file_table[slot]);
+				}
+				errno = smbc_errno(&srv->cli);
+				return -1;
+
+			}
+		}
+
+	}
+
+	return smbc_file_table[slot]->smbc_fd;
+
+}
+
+/*
+ * Routine to close a directory
+ */
+
+int smbc_closedir(int fd)
+{
+	struct smbc_file *fe;
+
+	if (!smbc_initialized) {
+
+		errno = EINVAL;
+		return -1;
+
+	}
+
+	if (fd < smbc_start_fd || fd >= (smbc_start_fd + SMBC_MAX_FD)) {
+
+		errno = EBADF;
+		return -1;
+
+	}
+
+	fe = smbc_file_table[fd - smbc_start_fd];
+
+	if (!fe) {
+
+		errno = EBADF;  
+		return -1;
+
+	}
+
+	smbc_remove_dir(fe); /* Clean it up */
+
+	if (fe) {
+
+		SAFE_FREE(fe->fname);
+		SAFE_FREE(fe);    /* Free the space too */
+
+	}
+
+	smbc_file_table[fd - smbc_start_fd] = NULL;
+
+	return 0;
+
+}
+
+/*
+ * Routine to get a directory entry
+ */
+
+static char smbc_local_dirent[512];  /* Make big enough */
+
+struct smbc_dirent *smbc_readdir(unsigned int fd)
+{
+	struct smbc_file *fe;
+	struct smbc_dirent *dirp, *dirent;
+
+	/* Check that all is ok first ... */
+
+	if (!smbc_initialized) {
+
+		errno = EINVAL;
+		return NULL;
+
+	}
+
+	if (fd < smbc_start_fd || fd >= (smbc_start_fd + SMBC_MAX_FD)) {
+
+		errno = EBADF;
+		return NULL;
+
+	}
+
+	fe = smbc_file_table[fd - smbc_start_fd];
+
+	if (!fe) {
+
+		errno = EBADF;
+		return NULL;
+
+	}
+
+	if (fe->file != False) { /* FIXME, should be dir, perhaps */
+
+		errno = ENOTDIR;
+		return NULL;
+
+	}
+
+	if (!fe->dir_next)
+		return NULL;
+	else {
+
+		dirent = fe->dir_next->dirent;
+
+		if (!dirent) {
+
+			errno = ENOENT;
+			return NULL;
+
+		}
+
+		/* Hmmm, do I even need to copy it? */
+
+		memcpy(smbc_local_dirent, dirent, dirent->dirlen); /* Copy the dirent */
+
+		dirp = (struct smbc_dirent *)smbc_local_dirent;
+
+		dirp->comment = (char *)(&dirp->name + dirent->namelen + 1);
+    
+		fe->dir_next = fe->dir_next->next;
+
+		return (struct smbc_dirent *)smbc_local_dirent;
+	}
+
+}
+
+/*
+ * Routine to get directory entries
+ */
+
+int smbc_getdents(unsigned int fd, struct smbc_dirent *dirp, int count)
+{
+	struct smbc_file *fe;
+	struct smbc_dir_list *dir;
+	int rem = count, reqd;
+	char *ndir = (char *)dirp;
+
+	/* Check that all is ok first ... */
+
+	if (!smbc_initialized) {
+
+		errno = EINVAL;
+		return -1;
+
+	}
+
+	if (fd < smbc_start_fd || fd >= (smbc_start_fd + SMBC_MAX_FD)) {
+
+		errno = EBADF;
+		return -1;
+
+	}
+
+	fe = smbc_file_table[fd - smbc_start_fd];
+
+	if (!fe) {
+
+		errno = EBADF;
+		return -1;
+
+	}
+
+	if (fe->file != False) { /* FIXME, should be dir, perhaps */
+
+		errno = ENOTDIR;
+		return -1;
+
+	}
+
+	/* 
+	 * Now, retrieve the number of entries that will fit in what was passed
+	 * We have to figure out if the info is in the list, or we need to 
+	 * send a request to the server to get the info.
+	 */
+
+	while ((dir = fe->dir_next)) {
+		struct smbc_dirent *dirent;
+
+		if (!dir->dirent) {
+
+			errno = ENOENT;  /* Bad error */
+			return -1;
+
+		}
+
+		if (rem < (reqd = (sizeof(struct smbc_dirent) + dir->dirent->namelen + 
+				   dir->dirent->commentlen + 1))) {
+
+			if (rem < count) { /* We managed to copy something */
+
+				errno = 0;
+				return count - rem;
+
+			}
+			else { /* Nothing copied ... */
+
+				errno = EINVAL;  /* Not enough space ... */
+				return -1;
+
+			}
+
+		}
+
+		dirent = dir->dirent;
+
+		memcpy(ndir, dirent, reqd); /* Copy the data in ... */
+    
+		((struct smbc_dirent *)ndir)->comment = 
+			(char *)(&((struct smbc_dirent *)ndir)->name + dirent->namelen + 1);
+
+		ndir += reqd;
+
+		rem -= reqd;
+
+		fe->dir_next = dir = dir -> next;
+	}
+
+	if (rem == count)
+		return 0;
+	else 
+		return count - rem;
+
+}
+
+/*
+ * Routine to create a directory ...
+ */
+
+int smbc_mkdir(const char *fname, mode_t mode)
+{
+	struct smbc_server *srv;
+	fstring server, share, user, password, workgroup;
+	pstring path;
+
+	if (!smbc_initialized) {
+
+		errno = EINVAL;
+		return -1;
+
+	}
+
+	if (!fname) {
+
+		errno = EINVAL;
+		return -1;
+
+	}
+  
+	DEBUG(4, ("smbc_mkdir(%s)\n", fname));
+
+	smbc_parse_path(fname, server, share, path, user, password); /*FIXME, errors*/
+
+	if (user[0] == (char)0) pstrcpy(user, smbc_user);
+
+	pstrcpy(workgroup, lp_workgroup());
+
+	srv = smbc_server(server, share, workgroup, user, password);
+
+	if (!srv) {
+
+		return -1;  /* errno set by smbc_server */
+
+	}
+
+	/* if (strncmp(srv->cli.dev, "IPC", 3) == 0) {
+
+	   mode = aDIR | aRONLY;
+
+	   }
+	   else if (strncmp(srv->cli.dev, "LPT", 3) == 0) {
+
+	   if (strcmp(path, "\\") == 0) {
+
+	   mode = aDIR | aRONLY;
+
+	   }
+	   else {
+
+	   mode = aRONLY;
+	   smbc_stat_printjob(srv, path, &size, &m_time);
+	   c_time = a_time = m_time;
+
+	   }
+	   else { */
+
+	if (!cli_mkdir(&srv->cli, path)) {
+
+		errno = smbc_errno(&srv->cli);
+		return -1;
+
+	} 
+
+	return 0;
+
+}
+
+/*
+ * Our list function simply checks to see if a directory is not empty
+ */
+
+static int smbc_rmdir_dirempty = True;
+
+static void rmdir_list_fn(file_info *finfo, const char *mask, void *state)
+{
+
+	if (strncmp(finfo->name, ".", 1) != 0 && strncmp(finfo->name, "..", 2) != 0)
+		smbc_rmdir_dirempty = False;
+
+}
+
+/*
+ * Routine to remove a directory
+ */
+
+int smbc_rmdir(const char *fname)
+{
+	struct smbc_server *srv;
+	fstring server, share, user, password, workgroup;
+	pstring path;
+
+	if (!smbc_initialized) {
+
+		errno = EINVAL;
+		return -1;
+
+	}
+
+	if (!fname) {
+
+		errno = EINVAL;
+		return -1;
+
+	}
+  
+	DEBUG(4, ("smbc_rmdir(%s)\n", fname));
+
+	smbc_parse_path(fname, server, share, path, user, password); /*FIXME, errors*/
+
+	if (user[0] == (char)0) pstrcpy(user, smbc_user);
+
+	pstrcpy(workgroup, lp_workgroup());
+
+	srv = smbc_server(server, share, workgroup, user, password);
+
+	if (!srv) {
+
+		return -1;  /* errno set by smbc_server */
+
+	}
+
+	/* if (strncmp(srv->cli.dev, "IPC", 3) == 0) {
+
+	   mode = aDIR | aRONLY;
+
+	   }
+	   else if (strncmp(srv->cli.dev, "LPT", 3) == 0) {
+
+	   if (strcmp(path, "\\") == 0) {
+
+	   mode = aDIR | aRONLY;
+
+	   }
+	   else {
+
+	   mode = aRONLY;
+	   smbc_stat_printjob(srv, path, &size, &m_time);
+	   c_time = a_time = m_time;
+
+	   }
+	   else { */
+
+	if (!cli_rmdir(&srv->cli, path)) {
+
+		errno = smbc_errno(&srv->cli);
+
+		if (errno == EACCES) {  /* Check if the dir empty or not */
+
+			pstring lpath; /* Local storage to avoid buffer overflows */
+
+			smbc_rmdir_dirempty = True;  /* Make this so ... */
+
+			pstrcpy(lpath, path);
+			pstrcat(lpath, "\\*");
+
+			if (cli_list(&srv->cli, lpath, aDIR | aSYSTEM | aHIDDEN, rmdir_list_fn,
+				     NULL) < 0) {
+
+				/* Fix errno to ignore latest error ... */
+
+				DEBUG(5, ("smbc_rmdir: cli_list returned an error: %d\n", 
+					  smbc_errno(&srv->cli)));
+				errno = EACCES;
+
+			}
+
+			if (smbc_rmdir_dirempty)
+				errno = EACCES;
+			else
+				errno = ENOTEMPTY;
+
+		}
+
+		return -1;
+
+	} 
+
+	return 0;
+
+}
+
+/*
+ * Routine to return the current directory position
+ */
+
+off_t smbc_telldir(int fd)
+{
+	struct smbc_file *fe;
+
+	if (!smbc_initialized) {
+
+		errno = EINVAL;
+		return -1;
+
+	}
+
+	if (fd < smbc_start_fd || fd >= (smbc_start_fd + SMBC_MAX_FD)) {
+
+		errno = EBADF;
+		return -1;
+
+	}
+
+	fe = smbc_file_table[fd - smbc_start_fd];
+
+	if (!fe) {
+
+		errno = EBADF;
+		return -1;
+
+	}
+
+	if (fe->file != False) { /* FIXME, should be dir, perhaps */
+
+		errno = ENOTDIR;
+		return -1;
+
+	}
+
+	return (off_t) fe->dir_next;
+
+}
+
+/*
+ * A routine to run down the list and see if the entry is OK
+ */
+
+struct smbc_dir_list *smbc_check_dir_ent(struct smbc_dir_list *list, 
+					 struct smbc_dirent *dirent)
+{
+
+	/* Run down the list looking for what we want */
+
+	if (dirent) {
+
+		struct smbc_dir_list *tmp = list;
+
+		while (tmp) {
+
+			if (tmp->dirent == dirent)
+				return tmp;
+
+			tmp = tmp->next;
+
+		}
+
+	}
+
+	return NULL;  /* Not found, or an error */
+
+}
+
+
+/*
+ * Routine to seek on a directory
+ */
+
+int smbc_lseekdir(int fd, off_t offset)
+{
+	struct smbc_file *fe;
+	struct smbc_dirent *dirent = (struct smbc_dirent *)offset;
+	struct smbc_dir_list *list_ent = NULL;
+
+	if (!smbc_initialized) {
+
+		errno = EINVAL;
+		return -1;
+
+	}
+
+	if (fd < smbc_start_fd || fd >= (smbc_start_fd + SMBC_MAX_FD)) {
+
+		errno = EBADF;
+		return -1;
+
+	}
+
+	fe = smbc_file_table[fd - smbc_start_fd];
+
+	if (!fe) {
+
+		errno = EBADF;
+		return -1;
+
+	}
+
+	if (fe->file != False) { /* FIXME, should be dir, perhaps */
+
+		errno = ENOTDIR;
+		return -1;
+
+	}
+
+	/* Now, check what we were passed and see if it is OK ... */
+
+	if (dirent == NULL) {  /* Seek to the begining of the list */
+
+		fe->dir_next = fe->dir_list;
+		return 0;
+
+	}
+
+	/* Now, run down the list and make sure that the entry is OK       */
+	/* This may need to be changed if we change the format of the list */
+
+	if ((list_ent = smbc_check_dir_ent(fe->dir_list, dirent)) == NULL) {
+
+		errno = EINVAL;   /* Bad entry */
+		return -1;
+
+	}
+
+	fe->dir_next = list_ent;
+
+	return 0; 
+
+}
+
+/*
+ * Routine to fstat a dir
+ */
+
+int smbc_fstatdir(int fd, struct stat *st)
+{
+
+	if (!smbc_initialized) {
+
+		errno = EINVAL;
+		return -1;
+
+	}
+
+	/* No code yet ... */
+
+	return 0;
+
+}
+
+/*
+ * Routine to print a file on a remote server ...
+ *
+ * We open the file, which we assume to be on a remote server, and then
+ * copy it to a print file on the share specified by printq.
+ */
+
+int smbc_print_file(const char *fname, const char *printq)
+{
+	int fid1, fid2, bytes, saverr, tot_bytes = 0;
+	char buf[4096];
+
+	if (!smbc_initialized) {
+
+		errno = EINVAL;
+		return -1;
+
+	}
+
+	if (!fname && !printq) {
+
+		errno = EINVAL;
+		return -1;
+
+	}
+
+	/* Try to open the file for reading ... */
+
+	if ((fid1 = smbc_open(fname, O_RDONLY, 0666)) < 0) {
+
+		DEBUG(3, ("Error, fname=%s, errno=%i\n", fname, errno));
+		return -1;  /* smbc_open sets errno */
+
+	}
+
+	/* Now, try to open the printer file for writing */
+
+	if ((fid2 = smbc_open_print_job(printq)) < 0) {
+
+		saverr = errno;  /* Save errno */
+		smbc_close(fid1);
+		errno = saverr;
+		return -1;
+
+	}
+
+	while ((bytes = smbc_read(fid1, buf, sizeof(buf))) > 0) {
+
+		tot_bytes += bytes;
+
+		if ((smbc_write(fid2, buf, bytes)) < 0) {
+
+			saverr = errno;
+			smbc_close(fid1);
+			smbc_close(fid2);
+			errno = saverr;
+
+		}
+
+	}
+
+	saverr = errno;
+
+	smbc_close(fid1);  /* We have to close these anyway */
+	smbc_close(fid2);
+
+	if (bytes < 0) {
+
+		errno = saverr;
+		return -1;
+
+	}
+
+	return tot_bytes;
+
+}
+
+/*
+ * Open a print file to be written to by other calls
+ */
+
+int smbc_open_print_job(const char *fname)
+{
+	fstring server, share, user, password;
+	pstring path;
+
+	if (!smbc_initialized) {
+
+		errno = EINVAL;
+		return -1;
+
+	}
+
+	if (!fname) {
+
+		errno = EINVAL;
+		return -1;
+
+	}
+  
+	DEBUG(4, ("smbc_open_print_job(%s)\n", fname));
+
+	smbc_parse_path(fname, server, share, path, user, password); /*FIXME, errors*/
+
+	/* What if the path is empty, or the file exists? */
+
+	return smbc_open(fname, O_WRONLY, 666);
+
+}
+
+/*
+ * Routine to list print jobs on a printer share ...
+ */
+
+int smbc_list_print_jobs(const char *fname, void (*fn)(struct print_job_info *))
+{
+	struct smbc_server *srv;
+	fstring server, share, user, password, workgroup;
+	pstring path;
+
+	if (!smbc_initialized) {
+
+		errno = EINVAL;
+		return -1;
+
+	}
+
+	if (!fname) {
+
+		errno = EINVAL;
+		return -1;
+
+	}
+  
+	DEBUG(4, ("smbc_list_print_jobs(%s)\n", fname));
+
+	smbc_parse_path(fname, server, share, path, user, password); /*FIXME, errors*/
+
+	if (user[0] == (char)0) pstrcpy(user, smbc_user);
+
+	pstrcpy(workgroup, lp_workgroup());
+
+	srv = smbc_server(server, share, workgroup, user, password);
+
+	if (!srv) {
+
+		return -1;  /* errno set by smbc_server */
+
+	}
+
+	if (cli_print_queue(&srv->cli, fn) < 0) {
+
+		errno = smbc_errno(&srv->cli);
+		return -1;
+
+	}
+
+	return 0;
+
+}
+
+/*
+ * Delete a print job from a remote printer share
+ */
+
+int smbc_unlink_print_job(const char *fname, int id)
+{
+	struct smbc_server *srv;
+	fstring server, share, user, password, workgroup;
+	pstring path;
+	int err;
+
+	if (!smbc_initialized) {
+
+		errno = EINVAL;
+		return -1;
+
+	}
+
+	if (!fname) {
+
+		errno = EINVAL;
+		return -1;
+
+	}
+  
+	DEBUG(4, ("smbc_unlink_print_job(%s)\n", fname));
+
+	smbc_parse_path(fname, server, share, path, user, password); /*FIXME, errors*/
+
+	if (user[0] == (char)0) pstrcpy(user, smbc_user);
+
+	pstrcpy(workgroup, lp_workgroup());
+
+	srv = smbc_server(server, share, workgroup, user, password);
+
+	if (!srv) {
+
+		return -1;  /* errno set by smbc_server */
+
+	}
+
+	if ((err = cli_printjob_del(&srv->cli, id)) != 0) {
+
+		if (err < 0)
+			errno = smbc_errno(&srv->cli);
+		else if (err == ERRnosuchprintjob)
+			errno = EINVAL;
+		return -1;
+
+
+	}
+
+	return 0;
+
+}
+
diff --git a/source3/libsmb/namequery.c b/source3/libsmb/namequery.c
new file mode 100644
index 0000000000..7928d44652
--- /dev/null
+++ b/source3/libsmb/namequery.c
@@ -0,0 +1,1330 @@
+/* 
+   Unix SMB/CIFS implementation.
+   name query routines
+   Copyright (C) Andrew Tridgell 1994-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   
+*/
+
+#include "includes.h"
+
+/* nmbd.c sets this to True. */
+BOOL global_in_nmbd = False;
+
+/****************************************************************************
+generate a random trn_id
+****************************************************************************/
+static int generate_trn_id(void)
+{
+	static int trn_id;
+
+	if (trn_id == 0) {
+		sys_srandom(sys_getpid());
+	}
+
+	trn_id = sys_random();
+
+	return trn_id % (unsigned)0x7FFF;
+}
+
+
+/****************************************************************************
+ parse a node status response into an array of structures
+****************************************************************************/
+static struct node_status *parse_node_status(char *p, int *num_names)
+{
+	struct node_status *ret;
+	int i;
+
+	*num_names = CVAL(p,0);
+
+	if (*num_names == 0) return NULL;
+
+	ret = (struct node_status *)malloc(sizeof(struct node_status)* (*num_names));
+	if (!ret) return NULL;
+
+	p++;
+	for (i=0;i< *num_names;i++) {
+		StrnCpy(ret[i].name,p,15);
+		trim_string(ret[i].name,NULL," ");
+		ret[i].type = CVAL(p,15);
+		ret[i].flags = p[16];
+		p += 18;
+		DEBUG(10, ("%s#%02x: flags = 0x%02x\n", ret[i].name, 
+			   ret[i].type, ret[i].flags));
+	}
+	return ret;
+}
+
+
+/****************************************************************************
+do a NBT node status query on an open socket and return an array of
+structures holding the returned names or NULL if the query failed
+**************************************************************************/
+struct node_status *node_status_query(int fd,struct nmb_name *name,
+				      struct in_addr to_ip, int *num_names)
+{
+	BOOL found=False;
+	int retries = 2;
+	int retry_time = 2000;
+	struct timeval tval;
+	struct packet_struct p;
+	struct packet_struct *p2;
+	struct nmb_packet *nmb = &p.packet.nmb;
+	struct node_status *ret;
+
+	ZERO_STRUCT(p);
+
+	nmb->header.name_trn_id = generate_trn_id();
+	nmb->header.opcode = 0;
+	nmb->header.response = False;
+	nmb->header.nm_flags.bcast = False;
+	nmb->header.nm_flags.recursion_available = False;
+	nmb->header.nm_flags.recursion_desired = False;
+	nmb->header.nm_flags.trunc = False;
+	nmb->header.nm_flags.authoritative = False;
+	nmb->header.rcode = 0;
+	nmb->header.qdcount = 1;
+	nmb->header.ancount = 0;
+	nmb->header.nscount = 0;
+	nmb->header.arcount = 0;
+	nmb->question.question_name = *name;
+	nmb->question.question_type = 0x21;
+	nmb->question.question_class = 0x1;
+
+	p.ip = to_ip;
+	p.port = NMB_PORT;
+	p.fd = fd;
+	p.timestamp = time(NULL);
+	p.packet_type = NMB_PACKET;
+	
+	GetTimeOfDay(&tval);
+  
+	if (!send_packet(&p)) 
+		return NULL;
+
+	retries--;
+
+	while (1) {
+		struct timeval tval2;
+		GetTimeOfDay(&tval2);
+		if (TvalDiff(&tval,&tval2) > retry_time) {
+			if (!retries)
+				break;
+			if (!found && !send_packet(&p))
+				return NULL;
+			GetTimeOfDay(&tval);
+			retries--;
+		}
+
+		if ((p2=receive_nmb_packet(fd,90,nmb->header.name_trn_id))) {     
+			struct nmb_packet *nmb2 = &p2->packet.nmb;
+			debug_nmb_packet(p2);
+			
+			if (nmb2->header.opcode != 0 ||
+			    nmb2->header.nm_flags.bcast ||
+			    nmb2->header.rcode ||
+			    !nmb2->header.ancount ||
+			    nmb2->answers->rr_type != 0x21) {
+				/* XXXX what do we do with this? could be a
+				   redirect, but we'll discard it for the
+				   moment */
+				free_packet(p2);
+				continue;
+			}
+
+			ret = parse_node_status(&nmb2->answers->rdata[0], num_names);
+			free_packet(p2);
+			return ret;
+		}
+	}
+	
+	return NULL;
+}
+
+
+/****************************************************************************
+find the first type XX name in a node status reply - used for finding
+a servers name given its IP
+return the matched name in *name
+**************************************************************************/
+
+BOOL name_status_find(const char *q_name, int q_type, int type, struct in_addr to_ip, char *name)
+{
+	struct node_status *status = NULL;
+	struct nmb_name nname;
+	int count, i;
+	int sock;
+	BOOL result = False;
+
+	DEBUG(10, ("name_status_find: looking up %s#%02x at %s\n", q_name, 
+		   q_type, inet_ntoa(to_ip)));
+
+	sock = open_socket_in(SOCK_DGRAM, 0, 3, interpret_addr(lp_socket_address()), True);
+	if (sock == -1)
+		goto done;
+
+	/* W2K PDC's seem not to respond to '*'#0. JRA */
+	make_nmb_name(&nname, q_name, q_type);
+	status = node_status_query(sock, &nname, to_ip, &count);
+	close(sock);
+	if (!status)
+		goto done;
+
+	for (i=0;i<count;i++) {
+		if (status[i].type == type)
+			break;
+	}
+	if (i == count)
+		goto done;
+
+	pull_ascii(name, status[i].name, 15, 0, STR_TERMINATE);
+	result = True;
+
+ done:
+	SAFE_FREE(status);
+
+	DEBUG(10, ("name_status_find: name %sfound", result ? "" : "not "));
+
+	if (result)
+		DEBUGADD(10, (", ip address is %s", inet_ntoa(to_ip)));
+
+	DEBUG(10, ("\n"));	
+
+	return result;
+}
+
+/****************************************************************************
+ Do a NetBIOS name registation to try to claim a name ...
+***************************************************************************/
+BOOL name_register(int fd, const char *name, int name_type,
+		   struct in_addr name_ip, int opcode,
+		   BOOL bcast, 
+		   struct in_addr to_ip, int *count)
+{
+  int retries = 3;
+  struct timeval tval;
+  struct packet_struct p;
+  struct packet_struct *p2;
+  struct nmb_packet *nmb = &p.packet.nmb;
+  struct in_addr register_ip;
+
+  DEBUG(4, ("name_register: %s as %s on %s\n", name, inet_ntoa(name_ip), inet_ntoa(to_ip)));
+
+  register_ip.s_addr = name_ip.s_addr;  /* Fix this ... */
+  
+  memset((char *)&p, '\0', sizeof(p));
+
+  *count = 0;
+
+  nmb->header.name_trn_id = generate_trn_id();
+  nmb->header.opcode = opcode;
+  nmb->header.response = False;
+  nmb->header.nm_flags.bcast = False;
+  nmb->header.nm_flags.recursion_available = False;
+  nmb->header.nm_flags.recursion_desired = True;  /* ? */
+  nmb->header.nm_flags.trunc = False;
+  nmb->header.nm_flags.authoritative = True;
+
+  nmb->header.qdcount = 1;
+  nmb->header.ancount = 0;
+  nmb->header.nscount = 0;
+  nmb->header.arcount = 1;
+
+  make_nmb_name(&nmb->question.question_name, name, name_type);
+
+  nmb->question.question_type = 0x20;
+  nmb->question.question_class = 0x1;
+
+  /* Now, create the additional stuff for a registration request */
+
+  if ((nmb->additional = (struct res_rec *)malloc(sizeof(struct res_rec))) == NULL) {
+
+    DEBUG(0, ("name_register: malloc fail for additional record.\n"));
+    return False;
+
+  }
+
+  memset((char *)nmb->additional, '\0', sizeof(struct res_rec));
+
+  nmb->additional->rr_name  = nmb->question.question_name;
+  nmb->additional->rr_type  = RR_TYPE_NB;
+  nmb->additional->rr_class = RR_CLASS_IN;
+
+  /* See RFC 1002, sections 5.1.1.1, 5.1.1.2 and 5.1.1.3 */
+  if (nmb->header.nm_flags.bcast)
+    nmb->additional->ttl = PERMANENT_TTL;
+  else
+    nmb->additional->ttl = lp_max_ttl();
+
+  nmb->additional->rdlength = 6;
+
+  nmb->additional->rdata[0] = NB_MFLAG & 0xFF;
+
+  /* Set the address for the name we are registering. */
+  putip(&nmb->additional->rdata[2], &register_ip);
+
+  p.ip = to_ip;
+  p.port = NMB_PORT;
+  p.fd = fd;
+  p.timestamp = time(NULL);
+  p.packet_type = NMB_PACKET;
+
+  GetTimeOfDay(&tval);
+
+  if (!send_packet(&p))
+    return False;
+
+  retries--;
+
+  if ((p2 = receive_nmb_packet(fd, 10, nmb->header.name_trn_id))) {
+    debug_nmb_packet(p2);
+    SAFE_FREE(p2);  /* No memory leaks ... */
+  }
+
+  return True;
+}
+
+/****************************************************************************
+ Do a netbios name query to find someones IP.
+ Returns an array of IP addresses or NULL if none.
+ *count will be set to the number of addresses returned.
+****************************************************************************/
+struct in_addr *name_query(int fd,const char *name,int name_type, 
+			   BOOL bcast,BOOL recurse,
+			   struct in_addr to_ip, int *count)
+{
+  BOOL found=False;
+  int i, retries = 3;
+  int retry_time = bcast?250:2000;
+  struct timeval tval;
+  struct packet_struct p;
+  struct packet_struct *p2;
+  struct nmb_packet *nmb = &p.packet.nmb;
+  struct in_addr *ip_list = NULL;
+
+  memset((char *)&p,'\0',sizeof(p));
+  (*count) = 0;
+
+  nmb->header.name_trn_id = generate_trn_id();
+  nmb->header.opcode = 0;
+  nmb->header.response = False;
+  nmb->header.nm_flags.bcast = bcast;
+  nmb->header.nm_flags.recursion_available = False;
+  nmb->header.nm_flags.recursion_desired = recurse;
+  nmb->header.nm_flags.trunc = False;
+  nmb->header.nm_flags.authoritative = False;
+  nmb->header.rcode = 0;
+  nmb->header.qdcount = 1;
+  nmb->header.ancount = 0;
+  nmb->header.nscount = 0;
+  nmb->header.arcount = 0;
+
+  make_nmb_name(&nmb->question.question_name,name,name_type);
+
+  nmb->question.question_type = 0x20;
+  nmb->question.question_class = 0x1;
+
+  p.ip = to_ip;
+  p.port = NMB_PORT;
+  p.fd = fd;
+  p.timestamp = time(NULL);
+  p.packet_type = NMB_PACKET;
+
+  GetTimeOfDay(&tval);
+
+  if (!send_packet(&p)) 
+    return NULL;
+
+  retries--;
+
+	while (1) {
+	  struct timeval tval2;
+      struct in_addr *tmp_ip_list;
+
+	  GetTimeOfDay(&tval2);
+	  if (TvalDiff(&tval,&tval2) > retry_time) {
+		  if (!retries)
+			  break;
+		  if (!found && !send_packet(&p))
+			  return NULL;
+		  GetTimeOfDay(&tval);
+		  retries--;
+	  }
+	  
+	  if ((p2=receive_nmb_packet(fd,90,nmb->header.name_trn_id))) {     
+		  struct nmb_packet *nmb2 = &p2->packet.nmb;
+		  debug_nmb_packet(p2);
+
+		  /* If we get a Negative Name Query Response from a WINS
+		   * server, we should report it and give up.
+		   */
+		  if( 0 == nmb2->header.opcode		/* A query response   */
+		      && !(bcast)			/* from a WINS server */
+		      && nmb2->header.rcode		/* Error returned     */
+		    ) {
+
+		    if( DEBUGLVL( 3 ) ) {
+		      /* Only executed if DEBUGLEVEL >= 3 */
+					dbgtext( "Negative name query response, rcode 0x%02x: ", nmb2->header.rcode );
+		      switch( nmb2->header.rcode ) {
+		        case 0x01:
+			  dbgtext( "Request was invalidly formatted.\n" );
+			  break;
+		        case 0x02:
+			  dbgtext( "Problem with NBNS, cannot process name.\n");
+			  break;
+		        case 0x03:
+			  dbgtext( "The name requested does not exist.\n" );
+			  break;
+		        case 0x04:
+			  dbgtext( "Unsupported request error.\n" );
+			  break;
+		        case 0x05:
+			  dbgtext( "Query refused error.\n" );
+			  break;
+		        default:
+			  dbgtext( "Unrecognized error code.\n" );
+			  break;
+		      }
+		    }
+	            free_packet(p2);
+		    return( NULL );
+		  }
+
+		  if (nmb2->header.opcode != 0 ||
+		      nmb2->header.nm_flags.bcast ||
+		      nmb2->header.rcode ||
+		      !nmb2->header.ancount) {
+			  /* 
+			   * XXXX what do we do with this? Could be a
+			   * redirect, but we'll discard it for the
+				 * moment.
+				 */
+			  free_packet(p2);
+			  continue;
+		  }
+
+          tmp_ip_list = (struct in_addr *)Realloc( ip_list, sizeof( ip_list[0] )
+                                                * ( (*count) + nmb2->answers->rdlength/6 ) );
+ 
+          if (!tmp_ip_list) {
+              DEBUG(0,("name_query: Realloc failed.\n"));
+              SAFE_FREE(ip_list);
+          }
+ 
+          ip_list = tmp_ip_list;
+
+		  if (ip_list) {
+				DEBUG(2,("Got a positive name query response from %s ( ", inet_ntoa(p2->ip)));
+			  for (i=0;i<nmb2->answers->rdlength/6;i++) {
+				  putip((char *)&ip_list[(*count)],&nmb2->answers->rdata[2+i*6]);
+				  DEBUGADD(2,("%s ",inet_ntoa(ip_list[(*count)])));
+				  (*count)++;
+			  }
+			  DEBUGADD(2,(")\n"));
+		  }
+
+		  found=True;
+		  retries=0;
+		  free_packet(p2);
+		  /*
+		   * If we're doing a unicast lookup we only
+		   * expect one reply. Don't wait the full 2
+		   * seconds if we got one. JRA.
+		   */
+		  if(!bcast && found)
+			  break;
+	  }
+  }
+
+  /* Reach here if we've timed out waiting for replies.. */
+	if( !bcast && !found ) {
+    /* Timed out wating for WINS server to respond.  Mark it dead. */
+    wins_srv_died( to_ip );
+    }
+
+  return ip_list;
+}
+
+/********************************************************
+ Start parsing the lmhosts file.
+*********************************************************/
+
+XFILE *startlmhosts(char *fname)
+{
+	XFILE *fp = x_fopen(fname,O_RDONLY, 0);
+	if (!fp) {
+		DEBUG(4,("startlmhosts: Can't open lmhosts file %s. Error was %s\n",
+			 fname, strerror(errno)));
+		return NULL;
+	}
+	return fp;
+}
+
+/********************************************************
+ Parse the next line in the lmhosts file.
+*********************************************************/
+
+BOOL getlmhostsent( XFILE *fp, pstring name, int *name_type, struct in_addr *ipaddr)
+{
+  pstring line;
+
+  while(!x_feof(fp) && !x_ferror(fp)) {
+    pstring ip,flags,extra;
+    char *ptr;
+    int count = 0;
+
+    *name_type = -1;
+
+    if (!fgets_slash(line,sizeof(pstring),fp))
+      continue;
+
+    if (*line == '#')
+      continue;
+
+    pstrcpy(ip,"");
+    pstrcpy(name,"");
+    pstrcpy(flags,"");
+
+    ptr = line;
+
+    if (next_token(&ptr,ip   ,NULL,sizeof(ip)))
+      ++count;
+    if (next_token(&ptr,name ,NULL, sizeof(pstring)))
+      ++count;
+    if (next_token(&ptr,flags,NULL, sizeof(flags)))
+      ++count;
+    if (next_token(&ptr,extra,NULL, sizeof(extra)))
+      ++count;
+
+    if (count <= 0)
+      continue;
+
+    if (count > 0 && count < 2)
+    {
+      DEBUG(0,("getlmhostsent: Ill formed hosts line [%s]\n",line));
+      continue;
+    }
+
+    if (count >= 4)
+    {
+      DEBUG(0,("getlmhostsent: too many columns in lmhosts file (obsolete syntax)\n"));
+      continue;
+    }
+
+    DEBUG(4, ("getlmhostsent: lmhost entry: %s %s %s\n", ip, name, flags));
+
+    if (strchr_m(flags,'G') || strchr_m(flags,'S'))
+    {
+      DEBUG(0,("getlmhostsent: group flag in lmhosts ignored (obsolete)\n"));
+      continue;
+    }
+
+    *ipaddr = *interpret_addr2(ip);
+
+    /* Extra feature. If the name ends in '#XX', where XX is a hex number,
+       then only add that name type. */
+    if((ptr = strchr_m(name, '#')) != NULL)
+    {
+      char *endptr;
+
+      ptr++;
+      *name_type = (int)strtol(ptr, &endptr, 16);
+
+      if(!*ptr || (endptr == ptr))
+      {
+        DEBUG(0,("getlmhostsent: invalid name %s containing '#'.\n", name));
+        continue;
+      }
+
+      *(--ptr) = '\0'; /* Truncate at the '#' */
+    }
+
+    return True;
+  }
+
+  return False;
+}
+
+/********************************************************
+ Finish parsing the lmhosts file.
+*********************************************************/
+
+void endlmhosts(XFILE *fp)
+{
+	x_fclose(fp);
+}
+
+BOOL name_register_wins(const char *name, int name_type)
+{
+  int sock, i, return_count;
+  int num_interfaces = iface_count();
+  struct in_addr sendto_ip;
+
+  /* 
+   * Check if we have any interfaces, prevents a segfault later
+   */
+
+  if (num_interfaces <= 0)
+    return False;         /* Should return some indication of the problem */
+
+  /*
+   * Do a broadcast register ...
+   */
+
+  if (0 == wins_srv_count())
+    return False;
+
+  if( DEBUGLVL( 4 ) )
+    {
+    dbgtext( "name_register_wins: Registering my name %s ", name );
+    dbgtext( "with WINS server %s.\n", wins_srv_name() );
+    }
+
+  sock = open_socket_in( SOCK_DGRAM, 0, 3, 
+			 interpret_addr("0.0.0.0"), True );
+
+  if (sock == -1) return False;
+
+  set_socket_options(sock, "SO_BROADCAST");     /* ????! crh */
+
+  sendto_ip = wins_srv_ip();
+
+  if (num_interfaces > 1) {
+
+    for (i = 0; i < num_interfaces; i++) {
+      
+      if (!name_register(sock, name, name_type, *iface_n_ip(i), 
+			 NMB_NAME_MULTIHOMED_REG_OPCODE,
+			 True, sendto_ip, &return_count)) {
+
+	close(sock);
+	return False;
+
+      }
+
+    }
+
+  }
+  else {
+
+    if (!name_register(sock, name, name_type, *iface_n_ip(0),
+		       NMB_NAME_REG_OPCODE,
+		       True, sendto_ip, &return_count)) {
+
+      close(sock);
+      return False;
+
+    }
+
+  }
+
+  close(sock);
+
+  return True;
+
+}
+
+/********************************************************
+ Resolve via "bcast" method.
+*********************************************************/
+
+BOOL name_resolve_bcast(const char *name, int name_type,
+			struct in_addr **return_ip_list, int *return_count)
+{
+	int sock, i;
+	int num_interfaces = iface_count();
+
+	*return_ip_list = NULL;
+	*return_count = 0;
+	
+	/*
+	 * "bcast" means do a broadcast lookup on all the local interfaces.
+	 */
+
+	DEBUG(3,("name_resolve_bcast: Attempting broadcast lookup for name %s<0x%x>\n", name, name_type));
+
+	sock = open_socket_in( SOCK_DGRAM, 0, 3,
+			       interpret_addr(lp_socket_address()), True );
+
+	if (sock == -1) return False;
+
+	set_socket_options(sock,"SO_BROADCAST");
+	/*
+	 * Lookup the name on all the interfaces, return on
+	 * the first successful match.
+	 */
+	for( i = num_interfaces-1; i >= 0; i--) {
+		struct in_addr sendto_ip;
+		/* Done this way to fix compiler error on IRIX 5.x */
+		sendto_ip = *iface_n_bcast(i);
+		*return_ip_list = name_query(sock, name, name_type, True, 
+				    True, sendto_ip, return_count);
+		if(*return_ip_list != NULL) {
+			close(sock);
+			return True;
+		}
+	}
+
+	close(sock);
+	return False;
+}
+
+/********************************************************
+ Resolve via "wins" method.
+*********************************************************/
+
+static BOOL resolve_wins(const char *name, int name_type,
+                         struct in_addr **return_iplist, int *return_count)
+{
+	int sock;
+	struct in_addr wins_ip;
+	BOOL wins_ismyip;
+
+	*return_iplist = NULL;
+	*return_count = 0;
+	
+	/*
+	 * "wins" means do a unicast lookup to the WINS server.
+	 * Ignore if there is no WINS server specified or if the
+	 * WINS server is one of our interfaces (if we're being
+	 * called from within nmbd - we can't do this call as we
+	 * would then block).
+	 */
+
+	DEBUG(3,("resolve_wins: Attempting wins lookup for name %s<0x%x>\n", name, name_type));
+
+	if (lp_wins_support()) {
+		/*
+		 * We're providing WINS support. Call ourselves so
+		 * long as we're not nmbd.
+		 */
+		extern struct in_addr loopback_ip;
+		wins_ip = loopback_ip;
+		wins_ismyip = True;
+	} else if( wins_srv_count() < 1 ) {
+		DEBUG(3,("resolve_wins: WINS server resolution selected and no WINS servers listed.\n"));
+		return False;
+	} else {
+		wins_ip     = wins_srv_ip();
+		wins_ismyip = ismyip(wins_ip);
+	}
+
+	DEBUG(3, ("resolve_wins: WINS server == <%s>\n", inet_ntoa(wins_ip)) );
+	if((wins_ismyip && !global_in_nmbd) || !wins_ismyip) {
+		sock = open_socket_in(  SOCK_DGRAM, 0, 3,
+					interpret_addr(lp_socket_address()),
+					True );
+		if (sock != -1) {
+			*return_iplist = name_query( sock,      name,
+						     name_type, False, 
+						     True,      wins_ip,
+						     return_count);
+			if(*return_iplist != NULL) {
+				close(sock);
+				return True;
+			}
+			close(sock);
+		}
+	}
+
+	return False;
+}
+
+/********************************************************
+ Resolve via "lmhosts" method.
+*********************************************************/
+
+static BOOL resolve_lmhosts(const char *name, int name_type,
+                         struct in_addr **return_iplist, int *return_count)
+{
+	/*
+	 * "lmhosts" means parse the local lmhosts file.
+	 */
+	
+	XFILE *fp;
+	pstring lmhost_name;
+	int name_type2;
+	struct in_addr return_ip;
+
+	*return_iplist = NULL;
+	*return_count = 0;
+
+	DEBUG(3,("resolve_lmhosts: Attempting lmhosts lookup for name %s<0x%x>\n", name, name_type));
+
+	fp = startlmhosts(dyn_LMHOSTSFILE);
+	if(fp) {
+		while (getlmhostsent(fp, lmhost_name, &name_type2, &return_ip)) {
+			if (strequal(name, lmhost_name) && 
+                ((name_type2 == -1) || (name_type == name_type2))
+               ) {
+				endlmhosts(fp);
+				*return_iplist = (struct in_addr *)malloc(sizeof(struct in_addr));
+				if(*return_iplist == NULL) {
+					DEBUG(3,("resolve_lmhosts: malloc fail !\n"));
+					return False;
+				}
+				**return_iplist = return_ip;
+				*return_count = 1;
+				return True; 
+			}
+		}
+		endlmhosts(fp);
+	}
+	return False;
+}
+
+
+/********************************************************
+ Resolve via "hosts" method.
+*********************************************************/
+
+static BOOL resolve_hosts(const char *name,
+                         struct in_addr **return_iplist, int *return_count)
+{
+	/*
+	 * "host" means do a localhost, or dns lookup.
+	 */
+	struct hostent *hp;
+
+	*return_iplist = NULL;
+	*return_count = 0;
+
+	DEBUG(3,("resolve_hosts: Attempting host lookup for name %s<0x20>\n", name));
+	
+	if (((hp = sys_gethostbyname(name)) != NULL) && (hp->h_addr != NULL)) {
+		struct in_addr return_ip;
+		putip((char *)&return_ip,(char *)hp->h_addr);
+		*return_iplist = (struct in_addr *)malloc(sizeof(struct in_addr));
+		if(*return_iplist == NULL) {
+			DEBUG(3,("resolve_hosts: malloc fail !\n"));
+			return False;
+		}
+		**return_iplist = return_ip;
+		*return_count = 1;
+		return True;
+	}
+	return False;
+}
+
+/********************************************************
+ Internal interface to resolve a name into an IP address.
+ Use this function if the string is either an IP address, DNS
+ or host name or NetBIOS name. This uses the name switch in the
+ smb.conf to determine the order of name resolution.
+*********************************************************/
+
+static BOOL internal_resolve_name(const char *name, int name_type,
+                         		struct in_addr **return_iplist, int *return_count)
+{
+  pstring name_resolve_list;
+  fstring tok;
+  char *ptr;
+  BOOL allones = (strcmp(name,"255.255.255.255") == 0);
+  BOOL allzeros = (strcmp(name,"0.0.0.0") == 0);
+  BOOL is_address = is_ipaddress(name);
+  BOOL result = False;
+  struct in_addr *nodupes_iplist;
+  int i;
+
+  *return_iplist = NULL;
+  *return_count = 0;
+
+  DEBUG(10, ("internal_resolve_name: looking up %s#%x\n", name, name_type));
+
+  if (allzeros || allones || is_address) {
+	*return_iplist = (struct in_addr *)malloc(sizeof(struct in_addr));
+	if(*return_iplist == NULL) {
+		DEBUG(3,("internal_resolve_name: malloc fail !\n"));
+		return False;
+	}
+	if(is_address) { 
+		/* if it's in the form of an IP address then get the lib to interpret it */
+		(*return_iplist)->s_addr = inet_addr(name);
+    } else {
+		(*return_iplist)->s_addr = allones ? 0xFFFFFFFF : 0;
+		*return_count = 1;
+	}
+    return True;
+  }
+  
+  pstrcpy(name_resolve_list, lp_name_resolve_order());
+  ptr = name_resolve_list;
+  if (!ptr || !*ptr)
+    ptr = "host";
+
+  while (next_token(&ptr, tok, LIST_SEP, sizeof(tok))) {
+	  if((strequal(tok, "host") || strequal(tok, "hosts"))) {
+		  if (name_type == 0x20 && resolve_hosts(name, return_iplist, return_count)) {
+		    result = True;
+		    goto done;
+		  }
+	  } else if(strequal( tok, "lmhosts")) {
+		  if (resolve_lmhosts(name, name_type, return_iplist, return_count)) {
+		    result = True;
+		    goto done;
+		  }
+	  } else if(strequal( tok, "wins")) {
+		  /* don't resolve 1D via WINS */
+		  if (name_type != 0x1D &&
+		      resolve_wins(name, name_type, return_iplist, return_count)) {
+		    result = True;
+		    goto done;
+		  }
+	  } else if(strequal( tok, "bcast")) {
+		  if (name_resolve_bcast(name, name_type, return_iplist, return_count)) {
+		    result = True;
+		    goto done;
+		  }
+	  } else {
+		  DEBUG(0,("resolve_name: unknown name switch type %s\n", tok));
+	  }
+  }
+
+  /* All of the resolve_* functions above have returned false. */
+
+  SAFE_FREE(*return_iplist);
+  *return_count = 0;
+
+  return False;
+
+ done:
+
+  /* Remove duplicate entries.  Some queries, notably #1c (domain
+     controllers) return the PDC in iplist[0] and then all domain
+     controllers including the PDC in iplist[1..n].  Iterating over
+     the iplist when the PDC is down will cause two sets of timeouts. */
+
+  if (*return_count && (nodupes_iplist = (struct in_addr *)
+       malloc(sizeof(struct in_addr) * (*return_count)))) {
+	  int nodupes_count = 0;
+
+	  /* Iterate over return_iplist looking for duplicates */
+
+	  for (i = 0; i < *return_count; i++) {
+		  BOOL is_dupe = False;
+		  int j;
+
+		  for (j = i + 1; j < *return_count; j++) {
+			  if (ip_equal((*return_iplist)[i], 
+				       (*return_iplist)[j])) {
+				  is_dupe = True;
+				  break;
+			  }
+		  }
+
+		  if (!is_dupe) {
+
+			  /* This one not a duplicate */
+
+			  nodupes_iplist[nodupes_count] = (*return_iplist)[i];
+			  nodupes_count++;
+		  }
+	  }
+	  
+	  /* Switcheroo with original list */
+	  
+	  free(*return_iplist);
+
+	  *return_iplist = nodupes_iplist;
+	  *return_count = nodupes_count;
+  }
+
+  /* Display some debugging info */
+
+  DEBUG(10, ("internal_resolve_name: returning %d addresses: ", 
+	     *return_count));
+
+  for (i = 0; i < *return_count; i++)
+	  DEBUGADD(10, ("%s ", inet_ntoa((*return_iplist)[i])));
+
+  DEBUG(10, ("\n"));
+
+  return result;
+}
+
+/********************************************************
+ Internal interface to resolve a name into one IP address.
+ Use this function if the string is either an IP address, DNS
+ or host name or NetBIOS name. This uses the name switch in the
+ smb.conf to determine the order of name resolution.
+*********************************************************/
+
+BOOL resolve_name(const char *name, struct in_addr *return_ip, int name_type)
+{
+	struct in_addr *ip_list = NULL;
+	int count = 0;
+
+	if (is_ipaddress(name)) {
+		*return_ip = *interpret_addr2(name);
+		return True;
+	}
+
+	if (internal_resolve_name(name, name_type, &ip_list, &count)) {
+		int i;
+		/* only return valid addresses for TCP connections */
+		for (i=0; i<count; i++) {
+			char *ip_str = inet_ntoa(ip_list[i]);
+			if (ip_str &&
+			    strcmp(ip_str, "255.255.255.255") != 0 &&
+			    strcmp(ip_str, "0.0.0.0") != 0) {
+				*return_ip = ip_list[i];
+				SAFE_FREE(ip_list);
+				return True;
+			}
+		}
+	}
+	SAFE_FREE(ip_list);
+	return False;
+}
+
+
+/********************************************************
+ resolve a name of format \\server_name or \\ipaddress
+ into a name.  also, cut the \\ from the front for us.
+*********************************************************/
+
+BOOL resolve_srv_name(const char* srv_name, fstring dest_host,
+                                struct in_addr *ip)
+{
+        BOOL ret;
+        const char *sv_name = srv_name;
+
+        DEBUG(10,("resolve_srv_name: %s\n", srv_name));
+
+        if (srv_name == NULL || strequal("\\\\.", srv_name))
+        {
+                extern pstring global_myname;
+                fstrcpy(dest_host, global_myname);
+                ip = interpret_addr2("127.0.0.1");
+                return True;
+        }
+
+        if (strnequal("\\\\", srv_name, 2))
+        {
+                sv_name = &srv_name[2];
+        }
+
+        fstrcpy(dest_host, sv_name);
+        /* treat the '*' name specially - it is a magic name for the PDC */
+        if (strcmp(dest_host,"*") == 0) {
+                extern pstring global_myname;
+                ret = resolve_name(lp_workgroup(), ip, 0x1B);
+                lookup_dc_name(global_myname, lp_workgroup(), ip, dest_host);
+        } else {
+                ret = resolve_name(dest_host, ip, 0x20);
+        }
+        
+        if (is_ipaddress(dest_host))
+        {
+                fstrcpy(dest_host, "*SMBSERVER");
+        }
+        
+        return ret;
+}
+
+
+/********************************************************
+ Find the IP address of the master browser or DMB for a workgroup.
+*********************************************************/
+
+BOOL find_master_ip(char *group, struct in_addr *master_ip)
+{
+	struct in_addr *ip_list = NULL;
+	int count = 0;
+
+	if (internal_resolve_name(group, 0x1D, &ip_list, &count)) {
+		*master_ip = ip_list[0];
+		SAFE_FREE(ip_list);
+		return True;
+	}
+	if(internal_resolve_name(group, 0x1B, &ip_list, &count)) {
+		*master_ip = ip_list[0];
+		SAFE_FREE(ip_list);
+		return True;
+	}
+
+	SAFE_FREE(ip_list);
+	return False;
+}
+
+/********************************************************
+ Lookup a DC name given a Domain name and IP address.
+*********************************************************/
+
+BOOL lookup_dc_name(const char *srcname, const char *domain, 
+		    struct in_addr *dc_ip, char *ret_name)
+{
+#if !defined(I_HATE_WINDOWS_REPLY_CODE)
+	
+	fstring dc_name;
+	BOOL ret;
+	
+	/*
+	 * Due to the fact win WinNT *sucks* we must do a node status
+	 * query here... JRA.
+	 */
+	
+	*dc_name = '\0';
+	
+	ret = name_status_find(domain, 0x1c, 0x20, *dc_ip, dc_name);
+
+	if(ret && *dc_name) {
+		fstrcpy(ret_name, dc_name);
+		return True;
+	}
+	
+	return False;
+
+#else /* defined(I_HATE_WINDOWS_REPLY_CODE) */
+
+JRA - This code is broken with BDC rollover - we need to do a full
+NT GETDC call, UNICODE, NT domain SID and uncle tom cobbley and all...
+
+	int retries = 3;
+	int retry_time = 2000;
+	struct timeval tval;
+	struct packet_struct p;
+	struct dgram_packet *dgram = &p.packet.dgram;
+	char *ptr,*p2;
+	char tmp[4];
+	int len;
+	struct sockaddr_in sock_name;
+	int sock_len = sizeof(sock_name);
+	const char *mailslot = NET_LOGON_MAILSLOT;
+	char *mailslot_name;
+	char buffer[1024];
+	char *bufp;
+	int dgm_id = generate_trn_id();
+	int sock = open_socket_in(SOCK_DGRAM, 0, 3, interpret_addr(lp_socket_address()), True );
+	
+	if(sock == -1)
+		return False;
+	
+	/* Find out the transient UDP port we have been allocated. */
+	if(getsockname(sock, (struct sockaddr *)&sock_name, &sock_len)<0) {
+		DEBUG(0,("lookup_pdc_name: Failed to get local UDP port. Error was %s\n",
+			 strerror(errno)));
+		close(sock);
+		return False;
+	}
+
+	/*
+	 * Create the request data.
+	 */
+
+	memset(buffer,'\0',sizeof(buffer));
+	bufp = buffer;
+	SSVAL(bufp,0,QUERYFORPDC);
+	bufp += 2;
+	fstrcpy(bufp,srcname);
+	bufp += (strlen(bufp) + 1);
+	slprintf(bufp, sizeof(fstring)-1, "\\MAILSLOT\\NET\\GETDC%d", dgm_id);
+	mailslot_name = bufp;
+	bufp += (strlen(bufp) + 1);
+	bufp = ALIGN2(bufp, buffer);
+	bufp += push_ucs2(NULL, bufp, srcname, sizeof(buffer) - (bufp - buffer), STR_TERMINATE);	
+	
+	SIVAL(bufp,0,1);
+	SSVAL(bufp,4,0xFFFF); 
+	SSVAL(bufp,6,0xFFFF); 
+	bufp += 8;
+	len = PTR_DIFF(bufp,buffer);
+
+	memset((char *)&p,'\0',sizeof(p));
+
+	/* DIRECT GROUP or UNIQUE datagram. */
+	dgram->header.msg_type = 0x10;
+	dgram->header.flags.node_type = M_NODE;
+	dgram->header.flags.first = True;
+	dgram->header.flags.more = False;
+	dgram->header.dgm_id = dgm_id;
+	dgram->header.source_ip = *iface_ip(*pdc_ip);
+	dgram->header.source_port = ntohs(sock_name.sin_port);
+	dgram->header.dgm_length = 0; /* Let build_dgram() handle this. */
+	dgram->header.packet_offset = 0;
+	
+	make_nmb_name(&dgram->source_name,srcname,0);
+	make_nmb_name(&dgram->dest_name,domain,0x1C);
+	
+	ptr = &dgram->data[0];
+	
+	/* Setup the smb part. */
+	ptr -= 4; /* XXX Ugliness because of handling of tcp SMB length. */
+	memcpy(tmp,ptr,4);
+	set_message(ptr,17,17 + len,True);
+	memcpy(ptr,tmp,4);
+
+	CVAL(ptr,smb_com) = SMBtrans;
+	SSVAL(ptr,smb_vwv1,len);
+	SSVAL(ptr,smb_vwv11,len);
+	SSVAL(ptr,smb_vwv12,70 + strlen(mailslot));
+	SSVAL(ptr,smb_vwv13,3);
+	SSVAL(ptr,smb_vwv14,1);
+	SSVAL(ptr,smb_vwv15,1);
+	SSVAL(ptr,smb_vwv16,2);
+	p2 = smb_buf(ptr);
+	pstrcpy(p2,mailslot);
+	p2 = skip_string(p2,1);
+	
+	memcpy(p2,buffer,len);
+	p2 += len;
+	
+	dgram->datasize = PTR_DIFF(p2,ptr+4); /* +4 for tcp length. */
+	
+	p.ip = *pdc_ip;
+	p.port = DGRAM_PORT;
+	p.fd = sock;
+	p.timestamp = time(NULL);
+	p.packet_type = DGRAM_PACKET;
+	
+	GetTimeOfDay(&tval);
+	
+	if (!send_packet(&p)) {
+		DEBUG(0,("lookup_pdc_name: send_packet failed.\n"));
+		close(sock);
+		return False;
+	}
+	
+	retries--;
+	
+	while (1) {
+		struct timeval tval2;
+		struct packet_struct *p_ret;
+		
+		GetTimeOfDay(&tval2);
+		if (TvalDiff(&tval,&tval2) > retry_time) {
+			if (!retries)
+				break;
+			if (!send_packet(&p)) {
+				DEBUG(0,("lookup_pdc_name: send_packet failed.\n"));
+				close(sock);
+				return False;
+			}
+			GetTimeOfDay(&tval);
+			retries--;
+		}
+
+		if ((p_ret = receive_dgram_packet(sock,90,mailslot_name))) {
+			struct dgram_packet *dgram2 = &p_ret->packet.dgram;
+			char *buf;
+			char *buf2;
+
+			buf = &dgram2->data[0];
+			buf -= 4;
+
+			if (CVAL(buf,smb_com) != SMBtrans) {
+				DEBUG(0,("lookup_pdc_name: datagram type %u != SMBtrans(%u)\n", (unsigned int)
+					 CVAL(buf,smb_com), (unsigned int)SMBtrans ));
+				free_packet(p_ret);
+				continue;
+			}
+			
+			len = SVAL(buf,smb_vwv11);
+			buf2 = smb_base(buf) + SVAL(buf,smb_vwv12);
+			
+			if (len <= 0) {
+				DEBUG(0,("lookup_pdc_name: datagram len < 0 (%d)\n", len ));
+				free_packet(p_ret);
+				continue;
+			}
+
+			DEBUG(4,("lookup_pdc_name: datagram reply from %s to %s IP %s for %s of type %d len=%d\n",
+				 nmb_namestr(&dgram2->source_name),nmb_namestr(&dgram2->dest_name),
+				 inet_ntoa(p_ret->ip), smb_buf(buf),SVAL(buf2,0),len));
+
+			if(SVAL(buf2,0) != QUERYFORPDC_R) {
+				DEBUG(0,("lookup_pdc_name: datagram type (%u) != QUERYFORPDC_R(%u)\n",
+					 (unsigned int)SVAL(buf,0), (unsigned int)QUERYFORPDC_R ));
+				free_packet(p_ret);
+				continue;
+			}
+
+			buf2 += 2;
+			/* Note this is safe as it is a bounded strcpy. */
+			fstrcpy(ret_name, buf2);
+			ret_name[sizeof(fstring)-1] = '\0';
+			close(sock);
+			free_packet(p_ret);
+			return True;
+		}
+	}
+	
+	close(sock);
+	return False;
+#endif /* defined(I_HATE_WINDOWS_REPLY_CODE) */
+}
+
+/********************************************************
+  Get the IP address list of the Local Master Browsers
+ ********************************************************/ 
+
+BOOL get_lmb_list(struct in_addr **ip_list, int *count)
+{
+    return internal_resolve_name( MSBROWSE, 0x1, ip_list, count);
+}
+
+/********************************************************
+ Get the IP address list of the PDC/BDC's of a Domain.
+*********************************************************/
+
+BOOL get_dc_list(BOOL pdc_only, const char *group, struct in_addr **ip_list, int *count)
+{
+	int name_type = pdc_only ? 0x1B : 0x1C;
+
+	/*
+	 * If it's our domain then
+	 * use the 'password server' parameter.
+	 */
+
+	if (strequal(group, lp_workgroup())) {
+		char *p;
+		char *pserver = lp_passwordserver();
+		fstring name;
+		int num_adresses = 0;
+		struct in_addr *return_iplist = NULL;
+
+		if (! *pserver)
+			return internal_resolve_name(group, name_type, ip_list, count);
+
+		p = pserver;
+		while (next_token(&p,name,LIST_SEP,sizeof(name))) {
+			if (strequal(name, "*"))
+				return internal_resolve_name(group, name_type, ip_list, count);
+			num_adresses++;
+		}
+		if (num_adresses == 0)
+			return internal_resolve_name(group, name_type, ip_list, count);
+
+		return_iplist = (struct in_addr *)malloc(num_adresses * sizeof(struct in_addr));
+		if(return_iplist == NULL) {
+			DEBUG(3,("get_dc_list: malloc fail !\n"));
+			return False;
+		}
+		p = pserver;
+		*count = 0;
+		while (next_token(&p,name,LIST_SEP,sizeof(name))) {
+			struct in_addr name_ip;
+			if (resolve_name( name, &name_ip, 0x20) == False)
+				continue;
+			return_iplist[(*count)++] = name_ip;
+		}
+		*ip_list = return_iplist;
+		return (*count != 0);
+	} else
+		return internal_resolve_name(group, name_type, ip_list, count);
+}
diff --git a/source3/libsmb/netlogon_unigrp.c b/source3/libsmb/netlogon_unigrp.c
new file mode 100644
index 0000000000..979ff52bd3
--- /dev/null
+++ b/source3/libsmb/netlogon_unigrp.c
@@ -0,0 +1,157 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Universal groups helpers
+   Copyright (C) Alexander Bokovoy                    2002.
+   Copyright (C) Andrew Bartlett                      2002.
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   
+   This work was sponsored by Optifacio Software Services, Inc.
+*/
+
+#include "includes.h"
+
+/*
+    Handle for netlogon_unigrp.tdb database. It is used internally
+    in cli_store_uni_groups_*() and cli_fetch_uni_groups()
+    and is initialized on first call to cli_store_uni_groups_*()
+*/
+static TDB_CONTEXT *netlogon_unigrp_tdb = NULL;
+
+/*
+    Store universal groups info into netlogon_unigrp.tdb for
+    later usage. We use 'domain_SID/user_rid' as key and
+    array of uint32 where array[0] is number of elements
+    and elements are array[1] ... array[array[0]]
+*/
+
+BOOL uni_group_cache_init(void)
+{
+	if (!netlogon_unigrp_tdb) {
+		netlogon_unigrp_tdb = tdb_open_log(lock_path("netlogon_unigrp.tdb"), 0,
+						   TDB_DEFAULT, O_RDWR | O_CREAT, 0644);
+	}
+
+	return (netlogon_unigrp_tdb != NULL);
+}
+
+void uni_group_cache_store_netlogon(TALLOC_CTX *mem_ctx, NET_USER_INFO_3 *user)
+{
+	TDB_DATA key,data;
+        fstring keystr;
+        int i;
+
+	if (!uni_group_cache_init()) {
+		DEBUG(0,("uni_group_cache_store_netlogon: cannot open netlogon_unigrp.tdb for write!\n"));
+		return;
+	}
+
+	/* Prepare key as DOMAIN-SID/USER-RID string */
+	slprintf(keystr, sizeof(keystr), "%s/%d", 
+		 sid_string_static(&user->dom_sid.sid), user->user_rid);
+	key.dptr = keystr;
+	key.dsize = strlen(keystr) + 1;
+	
+	/* Prepare data */
+	data.dsize = (user->num_groups2+1)*sizeof(uint32);
+	data.dptr = talloc(mem_ctx, data.dsize);
+	if(!data.dptr) {
+		DEBUG(0,("uni_group_cache_store_netlogon: cannot allocate memory!\n"));
+		talloc_destroy(mem_ctx);
+		return;
+	}
+	
+	/* Store data in byteorder-independent format */
+	SIVAL(&((uint32*)data.dptr)[0],0,user->num_groups2);
+	for(i=1; i<=user->num_groups2; i++) {
+		SIVAL(&((uint32*)data.dptr)[i],0,user->gids[i-1].g_rid);
+	}
+	tdb_store(netlogon_unigrp_tdb, key, data, TDB_REPLACE);	
+}
+
+/*
+    Fetch universal groups info from netlogon_unigrp.tdb for given
+    domain sid and user rid and allocate it using given mem_ctx.
+    Universal groups are returned as array of uint32 elements 
+    and elements are array[0] ... array[num_elements-1]
+    
+*/
+uint32* uni_group_cache_fetch(DOM_SID *domain, uint32 user_rid,
+			      TALLOC_CTX *mem_ctx, uint32 *num_groups)
+{
+	TDB_DATA key,data;
+	fstring keystr;
+	uint32 *groups;
+	uint32 i;
+	uint32 group_count;
+	
+	if (!domain) {
+		DEBUG(1,("uni_group_cache_fetch: expected non-null domain sid\n"));
+		return NULL;
+	}
+	if (!mem_ctx) {
+		DEBUG(1,("uni_group_cache_fetch: expected non-null memory context\n"));
+		return NULL;
+	}
+	if (!num_groups) {
+		DEBUG(1,("uni_group_cache_fetch: expected non-null num_groups\n"));
+		return NULL;
+	}
+	if (!netlogon_unigrp_tdb) {
+		netlogon_unigrp_tdb = tdb_open_log(lock_path("netlogon_unigrp.tdb"), 0,
+                				    TDB_DEFAULT, O_RDWR, 0644);
+	}
+	if (!netlogon_unigrp_tdb) {
+		DEBUG(5,("uni_group_cache_fetch: cannot open netlogon_unigrp.tdb for read - normal if not created yet\n"));
+		return NULL;
+	}
+	
+	*num_groups = 0;
+	
+	/* Fetch universal groups */
+	slprintf(keystr, sizeof(keystr), "%s/%d", 
+		 sid_string_static(domain), user_rid);
+	key.dptr = keystr;
+	key.dsize = strlen(keystr) + 1;
+	data = tdb_fetch(netlogon_unigrp_tdb, key);
+	
+	/* There is no cached universal groups in netlogon_unigrp.tdb */
+	/* for this user. */
+	if (!data.dptr) return NULL;
+	
+	/* Transfer data to receiver's memory context */
+	group_count = IVAL(&((uint32*)data.dptr)[0],0);
+	groups = talloc(mem_ctx, (group_count)*sizeof(uint32));
+	if (groups) {
+		for(i=0; i<group_count; i++) {
+			groups[i] = IVAL(&((uint32*)data.dptr)[i+1],0);
+		}
+		
+	} else {
+		DEBUG(1,("uni_group_cache_fetch: cannot allocate uni groups in receiver's memory context\n"));
+	}
+	SAFE_FREE(data.dptr);
+	*num_groups = group_count;
+	return groups;
+}
+
+/* Shutdown netlogon_unigrp database */
+void uni_group_cache_shutdown(void)
+{
+	if(netlogon_unigrp_tdb) {
+		tdb_close(netlogon_unigrp_tdb);
+	}
+}
+
diff --git a/source3/libsmb/nmblib.c b/source3/libsmb/nmblib.c
index 6743227173..c78946fa09 100644
--- a/source3/libsmb/nmblib.c
+++ b/source3/libsmb/nmblib.c
@@ -1,8 +1,7 @@
 /* 
-   Unix SMB/Netbios implementation.
-   Version 1.9.
+   Unix SMB/CIFS implementation.
    NBT netbios library routines
-   Copyright (C) Andrew Tridgell 1994-1995
+   Copyright (C) Andrew Tridgell 1994-1998
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -21,24 +20,141 @@
 */
 
 #include "includes.h"
-#include "nameserv.h"
 
-extern int DEBUGLEVEL;
+int num_good_sends = 0;
+int num_good_receives = 0;
+
+static const struct opcode_names {
+	char *nmb_opcode_name;
+	int opcode;
+} nmb_header_opcode_names[] = {
+      {"Query",           0 },
+      {"Registration",      5 },
+      {"Release",           6 },
+      {"WACK",              7 },
+      {"Refresh",           8 },
+      {"Refresh(altcode)",  9 },
+      {"Multi-homed Registration", 15 },
+      {0, -1 }
+};
 
-int num_good_sends=0;
-int  num_good_receives=0;
-static uint16 name_trn_id = 0;
-BOOL CanRecurse = True;
-extern pstring scope;
+/****************************************************************************
+ * Lookup a nmb opcode name.
+ ****************************************************************************/
+static const char *lookup_opcode_name( int opcode )
+{
+  const struct opcode_names *op_namep;
+  int i;
+
+  for(i = 0; nmb_header_opcode_names[i].nmb_opcode_name != 0; i++) {
+    op_namep = &nmb_header_opcode_names[i];
+    if(opcode == op_namep->opcode)
+      return op_namep->nmb_opcode_name;
+  }
+  return "<unknown opcode>";
+}
+
+/****************************************************************************
+  print out a res_rec structure
+  ****************************************************************************/
+static void debug_nmb_res_rec(struct res_rec *res, char *hdr)
+{
+  int i, j;
+
+  DEBUGADD( 4, ( "    %s: nmb_name=%s rr_type=%d rr_class=%d ttl=%d\n",
+                 hdr,
+                 nmb_namestr(&res->rr_name),
+                 res->rr_type,
+                 res->rr_class,
+                 res->ttl ) );
+
+  if( res->rdlength == 0 || res->rdata == NULL )
+    return;
+
+  for (i = 0; i < res->rdlength; i+= 16)
+    {
+      DEBUGADD(4, ("    %s %3x char ", hdr, i));
+
+      for (j = 0; j < 16; j++)
+	{
+	  uchar x = res->rdata[i+j];
+	  if (x < 32 || x > 127) x = '.';
+	  
+	  if (i+j >= res->rdlength) break;
+	  DEBUGADD(4, ("%c", x));
+	}
+      
+      DEBUGADD(4, ("   hex "));
+
+      for (j = 0; j < 16; j++)
+	{
+	  if (i+j >= res->rdlength) break;
+	  DEBUGADD(4, ("%02X", (uchar)res->rdata[i+j]));
+	}
+      
+      DEBUGADD(4, ("\n"));
+    }
+}
+
+/****************************************************************************
+  process a nmb packet
+  ****************************************************************************/
+void debug_nmb_packet(struct packet_struct *p)
+{
+  struct nmb_packet *nmb = &p->packet.nmb;
+
+  if( DEBUGLVL( 4 ) )
+    {
+    dbgtext( "nmb packet from %s(%d) header: id=%d opcode=%s(%d) response=%s\n",
+             inet_ntoa(p->ip), p->port,
+             nmb->header.name_trn_id,
+             lookup_opcode_name(nmb->header.opcode),
+             nmb->header.opcode,
+             BOOLSTR(nmb->header.response) );
+    dbgtext( "    header: flags: bcast=%s rec_avail=%s rec_des=%s trunc=%s auth=%s\n",
+             BOOLSTR(nmb->header.nm_flags.bcast),
+             BOOLSTR(nmb->header.nm_flags.recursion_available),
+             BOOLSTR(nmb->header.nm_flags.recursion_desired),
+             BOOLSTR(nmb->header.nm_flags.trunc),
+             BOOLSTR(nmb->header.nm_flags.authoritative) );
+    dbgtext( "    header: rcode=%d qdcount=%d ancount=%d nscount=%d arcount=%d\n",
+             nmb->header.rcode,
+             nmb->header.qdcount,
+             nmb->header.ancount,
+             nmb->header.nscount,
+             nmb->header.arcount );
+    }
+
+  if (nmb->header.qdcount)
+    {
+      DEBUGADD( 4, ( "    question: q_name=%s q_type=%d q_class=%d\n",
+                     nmb_namestr(&nmb->question.question_name),
+                     nmb->question.question_type,
+                     nmb->question.question_class) );
+    }
+
+  if (nmb->answers && nmb->header.ancount)
+    {
+      debug_nmb_res_rec(nmb->answers,"answers");
+    }
+  if (nmb->nsrecs && nmb->header.nscount)
+    {
+      debug_nmb_res_rec(nmb->nsrecs,"nsrecs");
+    }
+  if (nmb->additional && nmb->header.arcount)
+    {
+      debug_nmb_res_rec(nmb->additional,"additional");
+    }
+}
 
 /*******************************************************************
   handle "compressed" name pointers
   ******************************************************************/
-static BOOL handle_name_ptrs(unsigned char *ubuf,int *offset,int length,
+static BOOL handle_name_ptrs(uchar *ubuf,int *offset,int length,
 			     BOOL *got_pointer,int *ret)
 {
   int loop_count=0;
-
+  
   while ((ubuf[*offset] & 0xC0) == 0xC0) {
     if (!*got_pointer) (*ret) += 2;
     (*got_pointer)=True;
@@ -54,34 +170,41 @@ static BOOL handle_name_ptrs(unsigned char *ubuf,int *offset,int length,
   parse a nmb name from "compressed" format to something readable
   return the space taken by the name, or 0 if the name is invalid
   ******************************************************************/
-static int parse_nmb_name(char *inbuf,int offset,int length,
-			  struct nmb_name *name)
+static int parse_nmb_name(char *inbuf,int ofs,int length, struct nmb_name *name)
 {
   int m,n=0;
-  unsigned char *ubuf = (unsigned char *)inbuf;
+  uchar *ubuf = (uchar *)inbuf;
   int ret = 0;
   BOOL got_pointer=False;
+  int loop_count=0;
+  int offset = ofs;
 
-  if (length - offset < 2) return(0);  
+  if (length - offset < 2)
+    return(0);  
 
   /* handle initial name pointers */
-  if (!handle_name_ptrs(ubuf,&offset,length,&got_pointer,&ret)) return(0);
+  if (!handle_name_ptrs(ubuf,&offset,length,&got_pointer,&ret))
+    return(0);
   
   m = ubuf[offset];
 
-  if (!m) return(0);
-  if ((m & 0xC0) || offset+m+2 > length) return(0);
+  if (!m)
+    return(0);
+  if ((m & 0xC0) || offset+m+2 > length)
+    return(0);
 
-  bzero((char *)name,sizeof(*name));
+  memset((char *)name,'\0',sizeof(*name));
 
   /* the "compressed" part */
-  if (!got_pointer) ret += m + 2;
+  if (!got_pointer)
+    ret += m + 2;
   offset++;
-  while (m) {
-    unsigned char c1,c2;
+  while (m > 0) {
+    uchar c1,c2;
     c1 = ubuf[offset++]-'A';
     c2 = ubuf[offset++]-'A';
-    if ((c1 & 0xF0) || (c2 & 0xF0)) return(0);
+    if ((c1 & 0xF0) || (c2 & 0xF0) || (n > sizeof(name->name)-1))
+      return(0);
     name->name[n++] = (c1<<4) | c2;
     m -= 2;
   }
@@ -90,25 +213,43 @@ static int parse_nmb_name(char *inbuf,int offset,int length,
   if (n==16) {
     /* parse out the name type, 
        its always in the 16th byte of the name */
-    name->name_type = name->name[15];
+    name->name_type = ((uchar)name->name[15]) & 0xff;
   
     /* remove trailing spaces */
     name->name[15] = 0;
     n = 14;
-    while (n && name->name[n]==' ') name->name[n--] = 0;  
+    while (n && name->name[n]==' ')
+      name->name[n--] = 0;  
   }
 
   /* now the domain parts (if any) */
   n = 0;
-  while ((m=ubuf[offset])) {
+  while (ubuf[offset]) {
     /* we can have pointers within the domain part as well */
-    if (!handle_name_ptrs(ubuf,&offset,length,&got_pointer,&ret)) return(0);
-
-    if (!got_pointer) ret += m+1;
-    if (n) name->scope[n++] = '.';
-    if (m+2+offset>length || n+m+1>sizeof(name->scope)) return(0);
+    if (!handle_name_ptrs(ubuf,&offset,length,&got_pointer,&ret))
+      return(0);
+
+    m = ubuf[offset];
+    /*
+     * Don't allow null domain parts.
+     */
+    if (!m)
+      return(0);
+    if (!got_pointer)
+      ret += m+1;
+    if (n)
+      name->scope[n++] = '.';
+    if (m+2+offset>length || n+m+1>sizeof(name->scope))
+      return(0);
     offset++;
-    while (m--) name->scope[n++] = (char)ubuf[offset++];
+    while (m--)
+      name->scope[n++] = (char)ubuf[offset++];
+
+    /*
+     * Watch for malicious loops.
+     */
+    if (loop_count++ == 10)
+      return 0;
   }
   name->scope[n++] = 0;  
 
@@ -130,12 +271,13 @@ static int put_nmb_name(char *buf,int offset,struct nmb_name *name)
   fstring buf1;
   char *p;
 
-  if (name->name[0] == '*') {
+  if (strcmp(name->name,"*") == 0) {
     /* special case for wildcard name */
-    bzero(buf1,20);
+    memset(buf1,'\0',20);
     buf1[0] = '*';
+    buf1[15] = name->name_type;
   } else {
-    sprintf(buf1,"%-15.15s%c",name->name,name->name_type);
+    slprintf(buf1, sizeof(buf1) - 1,"%-15.15s%c",name->name,name->name_type);
   }
 
   buf[offset] = 0x20;
@@ -153,12 +295,12 @@ static int put_nmb_name(char *buf,int offset,struct nmb_name *name)
   if (name->scope[0]) {
     /* XXXX this scope handling needs testing */
     ret += strlen(name->scope) + 1;
-    strcpy(&buf[offset+1],name->scope);  
+    pstrcpy(&buf[offset+1],name->scope);  
   
     p = &buf[offset+1];
-    while ((p = strchr(p,'.'))) {
-      buf[offset] = PTR_DIFF(p,&buf[offset]);
-      offset += buf[offset];
+    while ((p = strchr_m(p,'.'))) {
+      buf[offset] = PTR_DIFF(p,&buf[offset+1]);
+      offset += (buf[offset] + 1);
       p = &buf[offset+1];
     }
     buf[offset] = strlen(&buf[offset+1]);
@@ -170,39 +312,38 @@ static int put_nmb_name(char *buf,int offset,struct nmb_name *name)
 /*******************************************************************
   useful for debugging messages
   ******************************************************************/
-char *namestr(struct nmb_name *n)
+char *nmb_namestr(struct nmb_name *n)
 {
   static int i=0;
   static fstring ret[4];
   char *p = ret[i];
 
   if (!n->scope[0])
-    sprintf(p,"%s(%x)",n->name,n->name_type);
+    slprintf(p,sizeof(fstring)-1, "%s<%02x>",n->name,n->name_type);
   else
-    sprintf(p,"%s(%x).%s",n->name,n->name_type,n->scope);
+    slprintf(p,sizeof(fstring)-1, "%s<%02x>.%s",n->name,n->name_type,n->scope);
 
   i = (i+1)%4;
   return(p);
 }
 
 /*******************************************************************
-  allocate are parse some resource records
+  allocate and parse some resource records
   ******************************************************************/
 static BOOL parse_alloc_res_rec(char *inbuf,int *offset,int length,
-				struct res_rec **recs,
-				int count)
+				struct res_rec **recs, int count)
 {
   int i;
   *recs = (struct res_rec *)malloc(sizeof(**recs)*count);
   if (!*recs) return(False);
 
-  bzero(*recs,sizeof(**recs)*count);
+  memset((char *)*recs,'\0',sizeof(**recs)*count);
 
   for (i=0;i<count;i++) {
     int l = parse_nmb_name(inbuf,*offset,length,&(*recs)[i].rr_name);
     (*offset) += l;
     if (!l || (*offset)+10 > length) {
-      free(*recs);
+      SAFE_FREE(*recs);
       return(False);
     }
     (*recs)[i].rr_type = RSVAL(inbuf,(*offset));
@@ -212,7 +353,7 @@ static BOOL parse_alloc_res_rec(char *inbuf,int *offset,int length,
     (*offset) += 10;
     if ((*recs)[i].rdlength>sizeof((*recs)[i].rdata) || 
 	(*offset)+(*recs)[i].rdlength > length) {
-      free(*recs);
+      SAFE_FREE(*recs);
       return(False);
     }
     memcpy((*recs)[i].rdata,inbuf+(*offset),(*recs)[i].rdlength);
@@ -246,6 +387,27 @@ static int put_res_rec(char *buf,int offset,struct res_rec *recs,int count)
 }
 
 /*******************************************************************
+  put a compressed name pointer record into a packet
+  ******************************************************************/
+static int put_compressed_name_ptr(uchar *buf,int offset,struct res_rec *rec,int ptr_offset)
+{  
+  int ret=0;
+  buf[offset] = (0xC0 | ((ptr_offset >> 8) & 0xFF));
+  buf[offset+1] = (ptr_offset & 0xFF);
+  offset += 2;
+  ret += 2;
+  RSSVAL(buf,offset,rec->rr_type);
+  RSSVAL(buf,offset+2,rec->rr_class);
+  RSIVAL(buf,offset+4,rec->ttl);
+  RSSVAL(buf,offset+8,rec->rdlength);
+  memcpy(buf+offset+10,rec->rdata,rec->rdlength);
+  offset += 10+rec->rdlength;
+  ret += 10+rec->rdlength;
+    
+  return(ret);
+}
+
+/*******************************************************************
   parse a dgram packet. Return False if the packet can't be parsed 
   or is invalid for some reason, True otherwise 
 
@@ -256,7 +418,7 @@ static BOOL parse_dgram(char *inbuf,int length,struct dgram_packet *dgram)
   int offset;
   int flags;
 
-  bzero((char *)dgram,sizeof(*dgram));
+  memset((char *)dgram,'\0',sizeof(*dgram));
 
   if (length < 14) return(False);
 
@@ -298,12 +460,15 @@ static BOOL parse_nmb(char *inbuf,int length,struct nmb_packet *nmb)
 {
   int nm_flags,offset;
 
-  bzero((char *)nmb,sizeof(*nmb));
+  memset((char *)nmb,'\0',sizeof(*nmb));
 
   if (length < 12) return(False);
 
   /* parse the header */
   nmb->header.name_trn_id = RSVAL(inbuf,0);
+
+  DEBUG(10,("parse_nmb: packet id = %d\n", nmb->header.name_trn_id));
+
   nmb->header.opcode = (CVAL(inbuf,2) >> 3) & 0xF;
   nmb->header.response = ((CVAL(inbuf,2)>>7)&1)?True:False;
   nm_flags = ((CVAL(inbuf,2) & 0x7) << 4) + (CVAL(inbuf,3)>>4);
@@ -311,7 +476,7 @@ static BOOL parse_nmb(char *inbuf,int length,struct nmb_packet *nmb)
   nmb->header.nm_flags.recursion_available = (nm_flags&8)?True:False;
   nmb->header.nm_flags.recursion_desired = (nm_flags&0x10)?True:False;
   nmb->header.nm_flags.trunc = (nm_flags&0x20)?True:False;
-  nmb->header.nm_flags.authoritative = (nm_flags&0x40)?True:False;
+  nmb->header.nm_flags.authoritative = (nm_flags&0x40)?True:False;  
   nmb->header.rcode = CVAL(inbuf,3) & 0xF;
   nmb->header.qdcount = RSVAL(inbuf,4);
   nmb->header.ancount = RSVAL(inbuf,6);
@@ -351,13 +516,128 @@ static BOOL parse_nmb(char *inbuf,int length,struct nmb_packet *nmb)
 }
 
 /*******************************************************************
+  'Copy constructor' for an nmb packet
+  ******************************************************************/
+static struct packet_struct *copy_nmb_packet(struct packet_struct *packet)
+{  
+  struct nmb_packet *nmb;
+  struct nmb_packet *copy_nmb;
+  struct packet_struct *pkt_copy;
+
+  if(( pkt_copy = (struct packet_struct *)malloc(sizeof(*packet))) == NULL)
+  {
+    DEBUG(0,("copy_nmb_packet: malloc fail.\n"));
+    return NULL;
+  }
+
+  /* Structure copy of entire thing. */
+
+  *pkt_copy = *packet;
+
+  /* Ensure this copy is not locked. */
+  pkt_copy->locked = False;
+
+  /* Ensure this copy has no resource records. */
+  nmb = &packet->packet.nmb;
+  copy_nmb = &pkt_copy->packet.nmb;
+
+  copy_nmb->answers = NULL;
+  copy_nmb->nsrecs = NULL;
+  copy_nmb->additional = NULL;
+
+  /* Now copy any resource records. */
+
+  if (nmb->answers)
+  {
+    if((copy_nmb->answers = (struct res_rec *)
+                  malloc(nmb->header.ancount * sizeof(struct res_rec))) == NULL)
+      goto free_and_exit;
+    memcpy((char *)copy_nmb->answers, (char *)nmb->answers, 
+           nmb->header.ancount * sizeof(struct res_rec));
+  }
+  if (nmb->nsrecs)
+  {
+    if((copy_nmb->nsrecs = (struct res_rec *)
+                  malloc(nmb->header.nscount * sizeof(struct res_rec))) == NULL)
+      goto free_and_exit;
+    memcpy((char *)copy_nmb->nsrecs, (char *)nmb->nsrecs, 
+           nmb->header.nscount * sizeof(struct res_rec));
+  }
+  if (nmb->additional)
+  {
+    if((copy_nmb->additional = (struct res_rec *)
+                  malloc(nmb->header.arcount * sizeof(struct res_rec))) == NULL)
+      goto free_and_exit;
+    memcpy((char *)copy_nmb->additional, (char *)nmb->additional, 
+           nmb->header.arcount * sizeof(struct res_rec));
+  }
+
+  return pkt_copy;
+
+free_and_exit:
+
+  SAFE_FREE(copy_nmb->answers);
+  SAFE_FREE(copy_nmb->nsrecs);
+  SAFE_FREE(copy_nmb->additional);
+  SAFE_FREE(pkt_copy);
+
+  DEBUG(0,("copy_nmb_packet: malloc fail in resource records.\n"));
+  return NULL;
+}
+
+/*******************************************************************
+  'Copy constructor' for a dgram packet
+  ******************************************************************/
+static struct packet_struct *copy_dgram_packet(struct packet_struct *packet)
+{ 
+  struct packet_struct *pkt_copy;
+
+  if(( pkt_copy = (struct packet_struct *)malloc(sizeof(*packet))) == NULL)
+  {
+    DEBUG(0,("copy_dgram_packet: malloc fail.\n"));
+    return NULL;
+  }
+
+  /* Structure copy of entire thing. */
+
+  *pkt_copy = *packet;
+
+  /* Ensure this copy is not locked. */
+  pkt_copy->locked = False;
+
+  /* There are no additional pointers in a dgram packet,
+     we are finished. */
+  return pkt_copy;
+}
+
+/*******************************************************************
+  'Copy constructor' for a generic packet
+  ******************************************************************/
+struct packet_struct *copy_packet(struct packet_struct *packet)
+{  
+  if(packet->packet_type == NMB_PACKET)
+    return copy_nmb_packet(packet);
+  else if (packet->packet_type == DGRAM_PACKET)
+    return copy_dgram_packet(packet);
+  return NULL;
+}
+ 
+/*******************************************************************
   free up any resources associated with an nmb packet
   ******************************************************************/
-void free_nmb_packet(struct nmb_packet *nmb)
+static void free_nmb_packet(struct nmb_packet *nmb)
 {  
-  if (nmb->answers) free(nmb->answers);
-  if (nmb->nsrecs) free(nmb->nsrecs);
-  if (nmb->additional) free(nmb->additional);
+  SAFE_FREE(nmb->answers);
+  SAFE_FREE(nmb->nsrecs);
+  SAFE_FREE(nmb->additional);
+}
+
+/*******************************************************************
+  free up any resources associated with a dgram packet
+  ******************************************************************/
+static void free_dgram_packet(struct dgram_packet *nmb)
+{  
+  /* We have nothing to do for a dgram packet. */
 }
 
 /*******************************************************************
@@ -365,58 +645,80 @@ void free_nmb_packet(struct nmb_packet *nmb)
   ******************************************************************/
 void free_packet(struct packet_struct *packet)
 {  
+  if (packet->locked) 
+    return;
   if (packet->packet_type == NMB_PACKET)
     free_nmb_packet(&packet->packet.nmb);
-  free(packet);
+  else if (packet->packet_type == DGRAM_PACKET)
+    free_dgram_packet(&packet->packet.dgram);
+  ZERO_STRUCTPN(packet);
+  SAFE_FREE(packet);
 }
 
 /*******************************************************************
-  read a packet from a socket and parse it, returning a packet ready
-  to be used or put on the queue. This assumes a UDP socket
+parse a packet buffer into a packet structure
   ******************************************************************/
-struct packet_struct *read_packet(int fd,enum packet_type packet_type)
+struct packet_struct *parse_packet(char *buf,int length,
+				   enum packet_type packet_type)
 {
-  extern struct in_addr lastip;
-  extern int lastport;
-  struct packet_struct *packet;
-  char buf[MAX_DGRAM_SIZE];
-  int length;
-  BOOL ok=False;
-
-  length = read_udp_socket(fd,buf,sizeof(buf));
-  if (length < MIN_DGRAM_SIZE) return(NULL);
-
-  packet = (struct packet_struct *)malloc(sizeof(*packet));
-  if (!packet) return(NULL);
-
-  packet->next = NULL;
-  packet->prev = NULL;
-  packet->ip = lastip;
-  packet->port = lastport;
-  packet->fd = fd;
-  packet->timestamp = time(NULL);
-  packet->packet_type = packet_type;
-  switch (packet_type) 
-    {
-    case NMB_PACKET:
-      ok = parse_nmb(buf,length,&packet->packet.nmb);
-      break;
+	extern struct in_addr lastip;
+	extern int lastport;
+	struct packet_struct *p;
+	BOOL ok=False;
+
+	p = (struct packet_struct *)malloc(sizeof(*p));
+	if (!p) return(NULL);
+
+	p->next = NULL;
+	p->prev = NULL;
+	p->ip = lastip;
+	p->port = lastport;
+	p->locked = False;
+	p->timestamp = time(NULL);
+	p->packet_type = packet_type;
+
+	switch (packet_type) {
+	case NMB_PACKET:
+		ok = parse_nmb(buf,length,&p->packet.nmb);
+		break;
+		
+	case DGRAM_PACKET:
+		ok = parse_dgram(buf,length,&p->packet.dgram);
+		break;
+	}
 
-    case DGRAM_PACKET:
-      ok = parse_dgram(buf,length,&packet->packet.dgram);
-      break;
-    }
-  if (!ok) {
-    free(packet);
-    return(NULL);
-  }
+	if (!ok) {
+		free_packet(p);
+		return NULL;
+	}
 
-  num_good_receives++;
+	return p;
+}
 
-  DEBUG(4,("%s received a packet of len %d from (%s) port %d\n",
-	   timestring(),length,inet_ntoa(packet->ip),packet->port));
+/*******************************************************************
+  read a packet from a socket and parse it, returning a packet ready
+  to be used or put on the queue. This assumes a UDP socket
+  ******************************************************************/
+struct packet_struct *read_packet(int fd,enum packet_type packet_type)
+{
+	struct packet_struct *packet;
+	char buf[MAX_DGRAM_SIZE];
+	int length;
+	
+	length = read_udp_socket(fd,buf,sizeof(buf));
+	if (length < MIN_DGRAM_SIZE) return(NULL);
+	
+	packet = parse_packet(buf, length, packet_type);
+	if (!packet) return NULL;
 
-  return(packet);
+	packet->fd = fd;
+	
+	num_good_receives++;
+	
+	DEBUG(5,("Received a packet of len %d from (%s) port %d\n",
+		 length, inet_ntoa(packet->ip), packet->port ) );
+	
+	return(packet);
 }
 					 
 
@@ -425,20 +727,28 @@ struct packet_struct *read_packet(int fd,enum packet_type packet_type)
   ******************************************************************/
 static BOOL send_udp(int fd,char *buf,int len,struct in_addr ip,int port)
 {
-  BOOL ret;
+  BOOL ret = False;
+  int i;
   struct sockaddr_in sock_out;
 
   /* set the address and port */
-  bzero((char *)&sock_out,sizeof(sock_out));
+  memset((char *)&sock_out,'\0',sizeof(sock_out));
   putip((char *)&sock_out.sin_addr,(char *)&ip);
   sock_out.sin_port = htons( port );
   sock_out.sin_family = AF_INET;
   
-  DEBUG(4,("%s sending a packet of len %d to (%s) on port %d\n",
-	   timestring(),len,inet_ntoa(ip),port));
+  DEBUG( 5, ( "Sending a packet of len %d to (%s) on port %d\n",
+	      len, inet_ntoa(ip), port ) );
+
+  /*
+   * Patch to fix asynch error notifications from Linux kernel.
+   */
 	
-  ret = (sendto(fd,buf,len,0,(struct sockaddr *)&sock_out,
-		sizeof(sock_out)) >= 0);
+  for (i = 0; i < 5; i++) {
+    ret = (sendto(fd,buf,len,0,(struct sockaddr *)&sock_out, sizeof(sock_out)) >= 0);
+    if (ret || errno != ECONNREFUSED)
+      break;
+  }
 
   if (!ret)
     DEBUG(0,("Packet send failed to %s(%d) ERRNO=%s\n",
@@ -460,7 +770,7 @@ static BOOL send_udp(int fd,char *buf,int len,struct in_addr ip,int port)
 static int build_dgram(char *buf,struct packet_struct *p)
 {
   struct dgram_packet *dgram = &p->packet.dgram;
-  unsigned char *ubuf = (unsigned char *)buf;
+  uchar *ubuf = (uchar *)buf;
   int offset=0;
 
   /* put in the header */
@@ -494,15 +804,27 @@ static int build_dgram(char *buf,struct packet_struct *p)
 
 /*******************************************************************
   build a nmb name
-  ******************************************************************/
-void make_nmb_name(struct nmb_name *n,char *name,int type,char *this_scope)
+ *******************************************************************/
+void make_nmb_name( struct nmb_name *n, const char *name, int type)
 {
-  strcpy(n->name,name);
-  strupper(n->name);
-  n->name_type = type;
-  strcpy(n->scope,this_scope);
+	extern pstring global_scope;
+	memset( (char *)n, '\0', sizeof(struct nmb_name) );
+	push_ascii(n->name, name, 16, STR_TERMINATE|STR_UPPER);
+	n->name_type = (unsigned int)type & 0xFF;
+	StrnCpy( n->scope, global_scope, 63 );
+	strupper( n->scope );
 }
 
+/*******************************************************************
+  Compare two nmb names
+  ******************************************************************/
+
+BOOL nmb_name_equal(struct nmb_name *n1, struct nmb_name *n2)
+{
+  return ((n1->name_type == n2->name_type) &&
+         strequal(n1->name ,n2->name ) &&
+         strequal(n1->scope,n2->scope));
+}
 
 /*******************************************************************
   build a nmb packet ready for sending
@@ -515,19 +837,22 @@ void make_nmb_name(struct nmb_name *n,char *name,int type,char *this_scope)
 static int build_nmb(char *buf,struct packet_struct *p)
 {
   struct nmb_packet *nmb = &p->packet.nmb;
-  unsigned char *ubuf = (unsigned char *)buf;
+  uchar *ubuf = (uchar *)buf;
   int offset=0;
 
   /* put in the header */
   RSSVAL(ubuf,offset,nmb->header.name_trn_id);
   ubuf[offset+2] = (nmb->header.opcode & 0xF) << 3;
   if (nmb->header.response) ubuf[offset+2] |= (1<<7);
-  if (nmb->header.nm_flags.authoritative) ubuf[offset+2] |= 0x4;
+  if (nmb->header.nm_flags.authoritative && 
+      nmb->header.response) ubuf[offset+2] |= 0x4;
   if (nmb->header.nm_flags.trunc) ubuf[offset+2] |= 0x2;
   if (nmb->header.nm_flags.recursion_desired) ubuf[offset+2] |= 0x1;
-  if (nmb->header.nm_flags.recursion_available) ubuf[offset+3] |= 0x80;
+  if (nmb->header.nm_flags.recursion_available &&
+      nmb->header.response) ubuf[offset+3] |= 0x80;
   if (nmb->header.nm_flags.bcast) ubuf[offset+3] |= 0x10;
   ubuf[offset+3] |= (nmb->header.rcode & 0xF);
+
   RSSVAL(ubuf,offset+4,nmb->header.qdcount);
   RSSVAL(ubuf,offset+6,nmb->header.ancount);
   RSSVAL(ubuf,offset+8,nmb->header.nscount);
@@ -550,15 +875,52 @@ static int build_nmb(char *buf,struct packet_struct *p)
     offset += put_res_rec((char *)ubuf,offset,nmb->nsrecs,
 			  nmb->header.nscount);
 
-  if (nmb->header.arcount)
+  /*
+   * The spec says we must put compressed name pointers
+   * in the following outgoing packets :
+   * NAME_REGISTRATION_REQUEST, NAME_REFRESH_REQUEST,
+   * NAME_RELEASE_REQUEST.
+   */
+
+  if((nmb->header.response == False) &&
+     ((nmb->header.opcode == NMB_NAME_REG_OPCODE) ||
+      (nmb->header.opcode == NMB_NAME_RELEASE_OPCODE) ||
+      (nmb->header.opcode == NMB_NAME_REFRESH_OPCODE_8) ||
+      (nmb->header.opcode == NMB_NAME_REFRESH_OPCODE_9) ||
+      (nmb->header.opcode == NMB_NAME_MULTIHOMED_REG_OPCODE)) &&
+     (nmb->header.arcount == 1)) {
+
+    offset += put_compressed_name_ptr(ubuf,offset,nmb->additional,12);
+
+  } else if (nmb->header.arcount) {
     offset += put_res_rec((char *)ubuf,offset,nmb->additional,
 			  nmb->header.arcount);  
-
+  }
   return(offset);
 }
 
 
 /*******************************************************************
+linearise a packet
+  ******************************************************************/
+int build_packet(char *buf, struct packet_struct *p)
+{
+	int len = 0;
+
+	switch (p->packet_type) {
+	case NMB_PACKET:
+		len = build_nmb(buf,p);
+		break;
+
+	case DGRAM_PACKET:
+		len = build_dgram(buf,p);
+		break;
+	}
+
+	return len;
+}
+
+/*******************************************************************
   send a packet_struct
   ******************************************************************/
 BOOL send_packet(struct packet_struct *p)
@@ -566,18 +928,9 @@ BOOL send_packet(struct packet_struct *p)
   char buf[1024];
   int len=0;
 
-  bzero(buf,sizeof(buf));
-
-  switch (p->packet_type) 
-    {
-    case NMB_PACKET:
-      len = build_nmb(buf,p);
-      break;
+  memset(buf,'\0',sizeof(buf));
 
-    case DGRAM_PACKET:
-      len = build_dgram(buf,p);
-      break;
-    }
+  len = build_packet(buf, p);
 
   if (!len) return(False);
 
@@ -590,347 +943,327 @@ BOOL send_packet(struct packet_struct *p)
   ***************************************************************************/
 struct packet_struct *receive_packet(int fd,enum packet_type type,int t)
 {
-  fd_set fds;
-  struct timeval timeout;
+	fd_set fds;
+	struct timeval timeout;
+	int ret;
+
+	FD_ZERO(&fds);
+	FD_SET(fd,&fds);
+	timeout.tv_sec = t/1000;
+	timeout.tv_usec = 1000*(t%1000);
+
+	if ((ret = sys_select_intr(fd+1,&fds,NULL,NULL,&timeout)) == -1) {
+		/* errno should be EBADF or EINVAL. */
+		DEBUG(0,("select returned -1, errno = %s (%d)\n", strerror(errno), errno));
+		return NULL;
+	}
 
-  FD_ZERO(&fds);
-  FD_SET(fd,&fds);
-  timeout.tv_sec = t/1000;
-  timeout.tv_usec = 1000*(t%1000);
+	if (ret == 0) /* timeout */
+		return NULL;
 
-  sys_select(&fds,&timeout);
+	if (FD_ISSET(fd,&fds)) 
+		return(read_packet(fd,type));
+	
+	return(NULL);
+}
 
-  if (FD_ISSET(fd,&fds)) 
-    return(read_packet(fd,type));
 
-  return(NULL);
-}
+/****************************************************************************
+  receive a UDP/137 packet either via UDP or from the unexpected packet
+  queue. The packet must be a reply packet and have the specified trn_id
+  The timeout is in milliseconds
+  ***************************************************************************/
+struct packet_struct *receive_nmb_packet(int fd, int t, int trn_id)
+{
+	struct packet_struct *p;
 
+	p = receive_packet(fd, NMB_PACKET, t);
+
+	if (p && p->packet.nmb.header.response &&
+	    p->packet.nmb.header.name_trn_id == trn_id) {
+		return p;
+	}
+	if (p) free_packet(p);
+
+	/* try the unexpected packet queue */
+	return receive_unexpected(NMB_PACKET, trn_id, NULL);
+}
 
 /****************************************************************************
-interpret a node status response
-****************************************************************************/
-static void interpret_node_status(char *p, char *master,char *rname)
+  receive a UDP/138 packet either via UDP or from the unexpected packet
+  queue. The packet must be a reply packet and have the specified mailslot name
+  The timeout is in milliseconds
+  ***************************************************************************/
+struct packet_struct *receive_dgram_packet(int fd, int t, char *mailslot_name)
 {
-  int level = (master||rname)?4:0;
-  int numnames = CVAL(p,0);
-  DEBUG(level,("received %d names\n",numnames));
+	struct packet_struct *p;
 
-  if (rname) *rname = 0;
-  if (master) *master = 0;
+	p = receive_packet(fd, DGRAM_PACKET, t);
 
-  p += 1;
-  while (numnames--)
-    {
-      char qname[17];
-      int type;
-      fstring flags;
-      *flags = 0;
-      StrnCpy(qname,p,15);
-      type = CVAL(p,15);
-      p += 16;
-
-      if (p[0] & 0x80) strcat(flags,"<GROUP> ");
-      if ((p[0] & 0x60) == 0) strcat(flags,"B ");
-      if ((p[0] & 0x60) == 1) strcat(flags,"P ");
-      if ((p[0] & 0x60) == 2) strcat(flags,"M ");
-      if ((p[0] & 0x60) == 3) strcat(flags,"_ ");
-      if (p[0] & 0x10) strcat(flags,"<DEREGISTERING> ");
-      if (p[0] & 0x08) strcat(flags,"<CONFLICT> ");
-      if (p[0] & 0x04) strcat(flags,"<ACTIVE> ");
-      if (p[0] & 0x02) strcat(flags,"<PERMANENT> ");
-
-      if (master && !*master && type == 0x1d) {
-	StrnCpy(master,qname,15);
-	trim_string(master,NULL," ");
-      }
+	if (p && match_mailslot_name(p, mailslot_name)) {
+		return p;
+	}
+	if (p) free_packet(p);
 
-      if (rname && !*rname && type == 0x20 && !(p[0]&0x80)) {
-	StrnCpy(rname,qname,15);
-	trim_string(rname,NULL," ");
-      }
-      
-      DEBUG(level,("\t%s (type=0x%x)\t%s\n",qname,type,flags));
-      p+=2;
-    }
-  DEBUG(level,("num_good_sends=%d num_good_receives=%d\n",
-	       IVAL(p,20),IVAL(p,24)));
+	/* try the unexpected packet queue */
+	return receive_unexpected(DGRAM_PACKET, 0, mailslot_name);
 }
 
 
 /****************************************************************************
-  do a netbios name status query on a host
-
-  the "master" parameter is a hack used for finding workgroups.
-  **************************************************************************/
-BOOL name_status(int fd,char *name,int name_type,BOOL recurse,
-		 struct in_addr to_ip,char *master,char *rname,
-		 void (*fn)())
-{
-  BOOL found=False;
-  int retries = 2;
-  int retry_time = 5000;
-  struct timeval tval;
-  struct packet_struct p;
-  struct packet_struct *p2;
-  struct nmb_packet *nmb = &p.packet.nmb;
-
-  bzero((char *)&p,sizeof(p));
-
-  if (!name_trn_id) name_trn_id = (time(NULL)%(unsigned)0x7FFF) + 
-    (getpid()%(unsigned)100);
-  name_trn_id = (name_trn_id+1) % (unsigned)0x7FFF;
-
-  nmb->header.name_trn_id = name_trn_id;
-  nmb->header.opcode = 0;
-  nmb->header.response = False;
-  nmb->header.nm_flags.bcast = False;
-  nmb->header.nm_flags.recursion_available = CanRecurse;
-  nmb->header.nm_flags.recursion_desired = recurse;
-  nmb->header.nm_flags.trunc = False;
-  nmb->header.nm_flags.authoritative = False;
-  nmb->header.rcode = 0;
-  nmb->header.qdcount = 1;
-  nmb->header.ancount = 0;
-  nmb->header.nscount = 0;
-  nmb->header.arcount = 0;
-
-  make_nmb_name(&nmb->question.question_name,name,name_type,scope);
-
-  nmb->question.question_type = 0x21;
-  nmb->question.question_class = 0x1;
-
-  p.ip = to_ip;
-  p.port = NMB_PORT;
-  p.fd = fd;
-  p.timestamp = time(NULL);
-  p.packet_type = NMB_PACKET;
-
-  GetTimeOfDay(&tval);
-
-  if (!send_packet(&p)) 
-    return(False);
+ see if a datagram has the right mailslot name
+***************************************************************************/
+BOOL match_mailslot_name(struct packet_struct *p, char *mailslot_name)
+{
+	struct dgram_packet *dgram = &p->packet.dgram;
+	char *buf;
 
-  retries--;
+	buf = &dgram->data[0];
+	buf -= 4;
 
-  while (1)
-    {
-      struct timeval tval2;
-      GetTimeOfDay(&tval2);
-      if (TvalDiff(&tval,&tval2) > retry_time) {
-	if (!retries) break;
-	if (!found && !send_packet(&p))
-	  return False;
-	GetTimeOfDay(&tval);
-	retries--;
-      }
+	buf = smb_buf(buf);
 
-      if ((p2=receive_packet(fd,NMB_PACKET,90)))
-	{     
-	  struct nmb_packet *nmb2 = &p2->packet.nmb;
-	  if (nmb->header.name_trn_id != nmb2->header.name_trn_id ||
-	      !nmb2->header.response) {
-	    /* its not for us - maybe deal with it later */
-	    if (fn) 
-	      fn(p2);
-	    else
-	      free_packet(p2);
-	    continue;
-	  }
-	  
-	  if (nmb2->header.opcode != 0 ||
-	      nmb2->header.nm_flags.bcast ||
-	      nmb2->header.rcode ||
-	      !nmb2->header.ancount ||
-	      nmb2->answers->rr_type != 0x21) {
-	    /* XXXX what do we do with this? could be a redirect, but
-	       we'll discard it for the moment */
-	    free_packet(p2);
-	    continue;
-	  }
-
-	  interpret_node_status(&nmb2->answers->rdata[0], master,rname);
-	  free_packet(p2);
-	  return(True);
+	if (memcmp(buf, mailslot_name, strlen(mailslot_name)+1) == 0) {
+		return True;
 	}
-    }
-  
 
-  DEBUG(0,("No status response (this is not unusual)\n"));
+	return False;
+}
+
+
+/****************************************************************************
+return the number of bits that match between two 4 character buffers
+  ***************************************************************************/
+static int matching_bits(uchar *p1, uchar *p2)
+{
+	int i, j, ret = 0;
+	for (i=0; i<4; i++) {
+		if (p1[i] != p2[i]) break;
+		ret += 8;
+	}
+
+	if (i==4) return ret;
+
+	for (j=0; j<8; j++) {
+		if ((p1[i] & (1<<(7-j))) != (p2[i] & (1<<(7-j)))) break;
+		ret++;
+	}	
+	
+	return ret;
+}
+
+
+static uchar sort_ip[4];
+
+/****************************************************************************
+compare two query reply records
+  ***************************************************************************/
+static int name_query_comp(uchar *p1, uchar *p2)
+{
+	return matching_bits(p2+2, sort_ip) - matching_bits(p1+2, sort_ip);
+}
+
+/****************************************************************************
+sort a set of 6 byte name query response records so that the IPs that
+have the most leading bits in common with the specified address come first
+  ***************************************************************************/
+void sort_query_replies(char *data, int n, struct in_addr ip)
+{
+	if (n <= 1) return;
+
+	putip(sort_ip, (char *)&ip);
 
-  return(False);
+	qsort(data, n, 6, QSORT_CAST name_query_comp);
+}
+
+
+#define TRUNCATE_NETBIOS_NAME 1
+
+/*******************************************************************
+ convert, possibly using a stupid microsoft-ism which has destroyed
+ the transport independence of netbios (for CIFS vendors that usually
+ use the Win95-type methods, not for NT to NT communication, which uses
+ DCE/RPC and therefore full-length unicode strings...) a dns name into
+ a netbios name.
+
+ the netbios name (NOT necessarily null-terminated) is truncated to 15
+ characters.
+
+ ******************************************************************/
+char *dns_to_netbios_name(char *dns_name)
+{
+	static char netbios_name[16];
+	int i;
+	StrnCpy(netbios_name, dns_name, 15);
+	netbios_name[15] = 0;
+	
+#ifdef TRUNCATE_NETBIOS_NAME
+	/* ok.  this is because of a stupid microsoft-ism.  if the called host
+	   name contains a '.', microsoft clients expect you to truncate the
+	   netbios name up to and including the '.'  this even applies, by
+	   mistake, to workgroup (domain) names, which is _really_ daft.
+	 */
+	for (i = 15; i >= 0; i--)
+	{
+		if (netbios_name[i] == '.')
+		{
+			netbios_name[i] = 0;
+			break;
+		}
+	}
+#endif /* TRUNCATE_NETBIOS_NAME */
+
+	return netbios_name;
 }
 
 
 /****************************************************************************
-  do a netbios name query to find someones IP
-  ****************************************************************************/
-BOOL name_query(int fd,char *name,int name_type, 
-		BOOL bcast,BOOL recurse,
-		struct in_addr to_ip, struct in_addr *ip,void (*fn)())
-{
-  BOOL found=False;
-  int retries = 3;
-  int retry_time = bcast?250:2000;
-  struct timeval tval;
-  struct packet_struct p;
-  struct packet_struct *p2;
-  struct nmb_packet *nmb = &p.packet.nmb;
-
-  bzero((char *)&p,sizeof(p));
-
-  if (!name_trn_id) name_trn_id = (time(NULL)%(unsigned)0x7FFF) + 
-    (getpid()%(unsigned)100);
-  name_trn_id = (name_trn_id+1) % (unsigned)0x7FFF;
-
-  nmb->header.name_trn_id = name_trn_id;
-  nmb->header.opcode = 0;
-  nmb->header.response = False;
-  nmb->header.nm_flags.bcast = bcast;
-  nmb->header.nm_flags.recursion_available = CanRecurse;
-  nmb->header.nm_flags.recursion_desired = recurse;
-  nmb->header.nm_flags.trunc = False;
-  nmb->header.nm_flags.authoritative = False;
-  nmb->header.rcode = 0;
-  nmb->header.qdcount = 1;
-  nmb->header.ancount = 0;
-  nmb->header.nscount = 0;
-  nmb->header.arcount = 0;
-
-  make_nmb_name(&nmb->question.question_name,name,name_type,scope);
-
-  nmb->question.question_type = 0x20;
-  nmb->question.question_class = 0x1;
-
-  p.ip = to_ip;
-  p.port = NMB_PORT;
-  p.fd = fd;
-  p.timestamp = time(NULL);
-  p.packet_type = NMB_PACKET;
-
-  GetTimeOfDay(&tval);
-
-  if (!send_packet(&p)) 
-    return(False);
+interpret the weird netbios "name". Return the name type
+****************************************************************************/
+static int name_interpret(char *in,char *out)
+{
+  int ret;
+  int len = (*in++) / 2;
 
-  retries--;
+  *out=0;
 
-  while (1)
+  if (len > 30 || len<1) return(0);
+
+  while (len--)
     {
-      struct timeval tval2;
-      GetTimeOfDay(&tval2);
-      if (TvalDiff(&tval,&tval2) > retry_time) {
-	if (!retries) break;
-	if (!found && !send_packet(&p))
-	  return False;
-	GetTimeOfDay(&tval);
-	retries--;
+      if (in[0] < 'A' || in[0] > 'P' || in[1] < 'A' || in[1] > 'P') {
+	*out = 0;
+	return(0);
       }
-
-      if ((p2=receive_packet(fd,NMB_PACKET,90)))
-	{     
-	  struct nmb_packet *nmb2 = &p2->packet.nmb;
-	  if (nmb->header.name_trn_id != nmb2->header.name_trn_id ||
-	      !nmb2->header.response) {
-	    /* its not for us - maybe deal with it later 
-	       (put it on the queue?) */
-	    if (fn) 
-	      fn(p2);
-	    else
-	      free_packet(p2);
-	    continue;
-	  }
-	  
-	  if (nmb2->header.opcode != 0 ||
-	      nmb2->header.nm_flags.bcast ||
-	      nmb2->header.rcode ||
-	      !nmb2->header.ancount) {
-	    /* XXXX what do we do with this? could be a redirect, but
-	       we'll discard it for the moment */
-	    free_packet(p2);
-	    continue;
-	  }
-
-	  if (ip) {
-	    putip((char *)ip,&nmb2->answers->rdata[2]);
-	    DEBUG(fn?3:2,("Got a positive name query response from %s",
-			  inet_ntoa(p2->ip)));
-	    DEBUG(fn?3:2,(" (%s)\n",inet_ntoa(*ip)));
-	  }
-	  found=True; retries=0;
-	  free_packet(p2);
-	  if (fn) break;
-	}
+      *out = ((in[0]-'A')<<4) + (in[1]-'A');
+      in += 2;
+      out++;
     }
+  *out = 0;
+  ret = out[-1];
 
-  return(found);
+#ifdef NETBIOS_SCOPE
+  /* Handle any scope names */
+  while(*in) 
+    {
+      *out++ = '.'; /* Scope names are separated by periods */
+      len = *(uchar *)in++;
+      StrnCpy(out, in, len);
+      out += len;
+      *out=0;
+      in += len;
+    }
+#endif
+  return(ret);
 }
 
-
 /****************************************************************************
-  construct and send a netbios DGRAM
-
-  Note that this currently sends all answers to port 138. thats the
-  wrong things to do! I should send to the requestors port. XXX
-  **************************************************************************/
-BOOL send_mailslot_reply(char *mailslot,int fd,char *buf,int len,
-			 char *srcname,char *dstname,
-			 int src_type,int dest_type,
-			 struct in_addr dest_ip,
-			 struct in_addr src_ip)
-{
-  struct packet_struct p;
-  struct dgram_packet *dgram = &p.packet.dgram;
-  char *ptr,*p2;
-  char tmp[4];
-
-  bzero((char *)&p,sizeof(p));
-
-  dgram->header.msg_type = 0x11; /* DIRECT GROUP DATAGRAM */
-  dgram->header.flags.node_type = M_NODE;
-  dgram->header.flags.first = True;
-  dgram->header.flags.more = False;
-  dgram->header.dgm_id = name_trn_id++;
-  dgram->header.source_ip = src_ip;
-  dgram->header.source_port = DGRAM_PORT;
-  dgram->header.dgm_length = 0; /* let build_dgram() handle this */
-  dgram->header.packet_offset = 0;
-  
-  make_nmb_name(&dgram->source_name,srcname,src_type,scope);
-  make_nmb_name(&dgram->dest_name,dstname,dest_type,scope);
+mangle a name into netbios format
 
-  ptr = &dgram->data[0];
+  Note:  <Out> must be (33 + strlen(scope) + 2) bytes long, at minimum.
+****************************************************************************/
+int name_mangle( char *In, char *Out, char name_type )
+  {
+  int   i;
+  int   c;
+  int   len;
+  char  buf[20];
+  char *p = Out;
+  extern pstring global_scope;
+
+  /* Safely copy the input string, In, into buf[]. */
+  (void)memset( buf, 0, 20 );
+  if (strcmp(In,"*") == 0)
+    buf[0] = '*';
+  else
+    (void)slprintf( buf, sizeof(buf) - 1, "%-15.15s%c", In, name_type );
 
-  /* now setup the smb part */
-  ptr -= 4; /* XXX ugliness because of handling of tcp SMB length */
-  memcpy(tmp,ptr,4);
-  set_message(ptr,17,17 + len,True);
-  memcpy(ptr,tmp,4);
+  /* Place the length of the first field into the output buffer. */
+  p[0] = 32;
+  p++;
 
-  CVAL(ptr,smb_com) = SMBtrans;
-  SSVAL(ptr,smb_vwv1,len);
-  SSVAL(ptr,smb_vwv11,len);
-  SSVAL(ptr,smb_vwv12,70 + strlen(mailslot));
-  SSVAL(ptr,smb_vwv13,3);
-  SSVAL(ptr,smb_vwv14,1);
-  SSVAL(ptr,smb_vwv15,1);
-  SSVAL(ptr,smb_vwv16,2);
-  p2 = smb_buf(ptr);
-  strcpy(p2,mailslot);
-  p2 = skip_string(p2,1);
+  /* Now convert the name to the rfc1001/1002 format. */
+  for( i = 0; i < 16; i++ )
+    {
+    c = toupper( buf[i] );
+    p[i*2]     = ( (c >> 4) & 0x000F ) + 'A';
+    p[(i*2)+1] = (c & 0x000F) + 'A';
+    }
+  p += 32;
+  p[0] = '\0';
 
-  memcpy(p2,buf,len);
-  p2 += len;
+  /* Add the scope string. */
+  for( i = 0, len = 0; NULL != global_scope; i++, len++ )
+    {
+    switch( global_scope[i] )
+      {
+      case '\0':
+        p[0]     = len;
+        if( len > 0 )
+          p[len+1] = 0;
+        return( name_len(Out) );
+      case '.':
+        p[0] = len;
+        p   += (len + 1);
+        len  = -1;
+        break;
+      default:
+        p[len+1] = global_scope[i];
+        break;
+      }
+    }
 
-  dgram->datasize = PTR_DIFF(p2,ptr+4); /* +4 for tcp length */
+  return( name_len(Out) );
+  } /* name_mangle */
 
-  p.ip = dest_ip;
-  p.port = DGRAM_PORT;
-  p.fd = fd;
-  p.timestamp = time(NULL);
-  p.packet_type = DGRAM_PACKET;
 
-  return(send_packet(&p));
-}
+/****************************************************************************
+find a pointer to a netbios name
+****************************************************************************/
+static char *name_ptr(char *buf,int ofs)
+{
+  uchar c = *(uchar *)(buf+ofs);
+
+  if ((c & 0xC0) == 0xC0)
+    {
+      uint16 l = RSVAL(buf, ofs) & 0x3FFF;
+      DEBUG(5,("name ptr to pos %d from %d is %s\n",l,ofs,buf+l));
+      return(buf + l);
+    }
+  else
+    return(buf+ofs);
+}  
 
+/****************************************************************************
+extract a netbios name from a buf
+****************************************************************************/
+int name_extract(char *buf,int ofs,char *name)
+{
+  char *p = name_ptr(buf,ofs);
+  int d = PTR_DIFF(p,buf+ofs);
+  pstrcpy(name,"");
+  if (d < -50 || d > 50) return(0);
+  return(name_interpret(p,name));
+}
+  
+/****************************************************************************
+return the total storage length of a mangled name
+****************************************************************************/
+int name_len(char *s1)
+{
+	/* NOTE: this argument _must_ be unsigned */
+	uchar *s = (uchar *)s1;
+	int len;
+
+	/* If the two high bits of the byte are set, return 2. */
+	if (0xC0 == (*s & 0xC0))
+		return(2);
+
+	/* Add up the length bytes. */
+	for (len = 1; (*s); s += (*s) + 1) {
+		len += *s + 1;
+		SMB_ASSERT(len < 80);
+	}
 
+	return(len);
+} /* name_len */
diff --git a/source3/libsmb/nterr.c b/source3/libsmb/nterr.c
new file mode 100644
index 0000000000..b74dde9b14
--- /dev/null
+++ b/source3/libsmb/nterr.c
@@ -0,0 +1,596 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Luke Kenneth Casson Leighton 1997-2001.
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+/* NT error codes.  please read nterr.h */
+
+#include "includes.h"
+
+typedef const struct
+{
+	char *nt_errstr;
+	NTSTATUS nt_errcode;
+} nt_err_code_struct;
+
+nt_err_code_struct nt_errs[] =
+{
+	{ "NT_STATUS_OK", NT_STATUS_OK },
+	{ "NT_STATUS_UNSUCCESSFUL", NT_STATUS_UNSUCCESSFUL },
+	{ "NT_STATUS_NOT_IMPLEMENTED", NT_STATUS_NOT_IMPLEMENTED },
+	{ "NT_STATUS_INVALID_INFO_CLASS", NT_STATUS_INVALID_INFO_CLASS },
+	{ "NT_STATUS_INFO_LENGTH_MISMATCH", NT_STATUS_INFO_LENGTH_MISMATCH },
+	{ "NT_STATUS_ACCESS_VIOLATION", NT_STATUS_ACCESS_VIOLATION },
+	{ "STATUS_BUFFER_OVERFLOW", STATUS_BUFFER_OVERFLOW },
+	{ "NT_STATUS_IN_PAGE_ERROR", NT_STATUS_IN_PAGE_ERROR },
+	{ "NT_STATUS_PAGEFILE_QUOTA", NT_STATUS_PAGEFILE_QUOTA },
+	{ "NT_STATUS_INVALID_HANDLE", NT_STATUS_INVALID_HANDLE },
+	{ "NT_STATUS_BAD_INITIAL_STACK", NT_STATUS_BAD_INITIAL_STACK },
+	{ "NT_STATUS_BAD_INITIAL_PC", NT_STATUS_BAD_INITIAL_PC },
+	{ "NT_STATUS_INVALID_CID", NT_STATUS_INVALID_CID },
+	{ "NT_STATUS_TIMER_NOT_CANCELED", NT_STATUS_TIMER_NOT_CANCELED },
+	{ "NT_STATUS_INVALID_PARAMETER", NT_STATUS_INVALID_PARAMETER },
+	{ "NT_STATUS_NO_SUCH_DEVICE", NT_STATUS_NO_SUCH_DEVICE },
+	{ "NT_STATUS_NO_SUCH_FILE", NT_STATUS_NO_SUCH_FILE },
+	{ "NT_STATUS_INVALID_DEVICE_REQUEST", NT_STATUS_INVALID_DEVICE_REQUEST },
+	{ "NT_STATUS_END_OF_FILE", NT_STATUS_END_OF_FILE },
+	{ "NT_STATUS_WRONG_VOLUME", NT_STATUS_WRONG_VOLUME },
+	{ "NT_STATUS_NO_MEDIA_IN_DEVICE", NT_STATUS_NO_MEDIA_IN_DEVICE },
+	{ "NT_STATUS_UNRECOGNIZED_MEDIA", NT_STATUS_UNRECOGNIZED_MEDIA },
+	{ "NT_STATUS_NONEXISTENT_SECTOR", NT_STATUS_NONEXISTENT_SECTOR },
+	{ "NT_STATUS_MORE_PROCESSING_REQUIRED", NT_STATUS_MORE_PROCESSING_REQUIRED },
+	{ "NT_STATUS_NO_MEMORY", NT_STATUS_NO_MEMORY },
+	{ "NT_STATUS_CONFLICTING_ADDRESSES", NT_STATUS_CONFLICTING_ADDRESSES },
+	{ "NT_STATUS_NOT_MAPPED_VIEW", NT_STATUS_NOT_MAPPED_VIEW },
+	{ "NT_STATUS_UNABLE_TO_FREE_VM", NT_STATUS_UNABLE_TO_FREE_VM },
+	{ "NT_STATUS_UNABLE_TO_DELETE_SECTION", NT_STATUS_UNABLE_TO_DELETE_SECTION },
+	{ "NT_STATUS_INVALID_SYSTEM_SERVICE", NT_STATUS_INVALID_SYSTEM_SERVICE },
+	{ "NT_STATUS_ILLEGAL_INSTRUCTION", NT_STATUS_ILLEGAL_INSTRUCTION },
+	{ "NT_STATUS_INVALID_LOCK_SEQUENCE", NT_STATUS_INVALID_LOCK_SEQUENCE },
+	{ "NT_STATUS_INVALID_VIEW_SIZE", NT_STATUS_INVALID_VIEW_SIZE },
+	{ "NT_STATUS_INVALID_FILE_FOR_SECTION", NT_STATUS_INVALID_FILE_FOR_SECTION },
+	{ "NT_STATUS_ALREADY_COMMITTED", NT_STATUS_ALREADY_COMMITTED },
+	{ "NT_STATUS_ACCESS_DENIED", NT_STATUS_ACCESS_DENIED },
+	{ "NT_STATUS_BUFFER_TOO_SMALL", NT_STATUS_BUFFER_TOO_SMALL },
+	{ "NT_STATUS_OBJECT_TYPE_MISMATCH", NT_STATUS_OBJECT_TYPE_MISMATCH },
+	{ "NT_STATUS_NONCONTINUABLE_EXCEPTION", NT_STATUS_NONCONTINUABLE_EXCEPTION },
+	{ "NT_STATUS_INVALID_DISPOSITION", NT_STATUS_INVALID_DISPOSITION },
+	{ "NT_STATUS_UNWIND", NT_STATUS_UNWIND },
+	{ "NT_STATUS_BAD_STACK", NT_STATUS_BAD_STACK },
+	{ "NT_STATUS_INVALID_UNWIND_TARGET", NT_STATUS_INVALID_UNWIND_TARGET },
+	{ "NT_STATUS_NOT_LOCKED", NT_STATUS_NOT_LOCKED },
+	{ "NT_STATUS_PARITY_ERROR", NT_STATUS_PARITY_ERROR },
+	{ "NT_STATUS_UNABLE_TO_DECOMMIT_VM", NT_STATUS_UNABLE_TO_DECOMMIT_VM },
+	{ "NT_STATUS_NOT_COMMITTED", NT_STATUS_NOT_COMMITTED },
+	{ "NT_STATUS_INVALID_PORT_ATTRIBUTES", NT_STATUS_INVALID_PORT_ATTRIBUTES },
+	{ "NT_STATUS_PORT_MESSAGE_TOO_LONG", NT_STATUS_PORT_MESSAGE_TOO_LONG },
+	{ "NT_STATUS_INVALID_PARAMETER_MIX", NT_STATUS_INVALID_PARAMETER_MIX },
+	{ "NT_STATUS_INVALID_QUOTA_LOWER", NT_STATUS_INVALID_QUOTA_LOWER },
+	{ "NT_STATUS_DISK_CORRUPT_ERROR", NT_STATUS_DISK_CORRUPT_ERROR },
+	{ "NT_STATUS_OBJECT_NAME_INVALID", NT_STATUS_OBJECT_NAME_INVALID },
+	{ "NT_STATUS_OBJECT_NAME_NOT_FOUND", NT_STATUS_OBJECT_NAME_NOT_FOUND },
+	{ "NT_STATUS_OBJECT_NAME_COLLISION", NT_STATUS_OBJECT_NAME_COLLISION },
+	{ "NT_STATUS_HANDLE_NOT_WAITABLE", NT_STATUS_HANDLE_NOT_WAITABLE },
+	{ "NT_STATUS_PORT_DISCONNECTED", NT_STATUS_PORT_DISCONNECTED },
+	{ "NT_STATUS_DEVICE_ALREADY_ATTACHED", NT_STATUS_DEVICE_ALREADY_ATTACHED },
+	{ "NT_STATUS_OBJECT_PATH_INVALID", NT_STATUS_OBJECT_PATH_INVALID },
+	{ "NT_STATUS_OBJECT_PATH_NOT_FOUND", NT_STATUS_OBJECT_PATH_NOT_FOUND },
+	{ "NT_STATUS_OBJECT_PATH_SYNTAX_BAD", NT_STATUS_OBJECT_PATH_SYNTAX_BAD },
+	{ "NT_STATUS_DATA_OVERRUN", NT_STATUS_DATA_OVERRUN },
+	{ "NT_STATUS_DATA_LATE_ERROR", NT_STATUS_DATA_LATE_ERROR },
+	{ "NT_STATUS_DATA_ERROR", NT_STATUS_DATA_ERROR },
+	{ "NT_STATUS_CRC_ERROR", NT_STATUS_CRC_ERROR },
+	{ "NT_STATUS_SECTION_TOO_BIG", NT_STATUS_SECTION_TOO_BIG },
+	{ "NT_STATUS_PORT_CONNECTION_REFUSED", NT_STATUS_PORT_CONNECTION_REFUSED },
+	{ "NT_STATUS_INVALID_PORT_HANDLE", NT_STATUS_INVALID_PORT_HANDLE },
+	{ "NT_STATUS_SHARING_VIOLATION", NT_STATUS_SHARING_VIOLATION },
+	{ "NT_STATUS_QUOTA_EXCEEDED", NT_STATUS_QUOTA_EXCEEDED },
+	{ "NT_STATUS_INVALID_PAGE_PROTECTION", NT_STATUS_INVALID_PAGE_PROTECTION },
+	{ "NT_STATUS_MUTANT_NOT_OWNED", NT_STATUS_MUTANT_NOT_OWNED },
+	{ "NT_STATUS_SEMAPHORE_LIMIT_EXCEEDED", NT_STATUS_SEMAPHORE_LIMIT_EXCEEDED },
+	{ "NT_STATUS_PORT_ALREADY_SET", NT_STATUS_PORT_ALREADY_SET },
+	{ "NT_STATUS_SECTION_NOT_IMAGE", NT_STATUS_SECTION_NOT_IMAGE },
+	{ "NT_STATUS_SUSPEND_COUNT_EXCEEDED", NT_STATUS_SUSPEND_COUNT_EXCEEDED },
+	{ "NT_STATUS_THREAD_IS_TERMINATING", NT_STATUS_THREAD_IS_TERMINATING },
+	{ "NT_STATUS_BAD_WORKING_SET_LIMIT", NT_STATUS_BAD_WORKING_SET_LIMIT },
+	{ "NT_STATUS_INCOMPATIBLE_FILE_MAP", NT_STATUS_INCOMPATIBLE_FILE_MAP },
+	{ "NT_STATUS_SECTION_PROTECTION", NT_STATUS_SECTION_PROTECTION },
+	{ "NT_STATUS_EAS_NOT_SUPPORTED", NT_STATUS_EAS_NOT_SUPPORTED },
+	{ "NT_STATUS_EA_TOO_LARGE", NT_STATUS_EA_TOO_LARGE },
+	{ "NT_STATUS_NONEXISTENT_EA_ENTRY", NT_STATUS_NONEXISTENT_EA_ENTRY },
+	{ "NT_STATUS_NO_EAS_ON_FILE", NT_STATUS_NO_EAS_ON_FILE },
+	{ "NT_STATUS_EA_CORRUPT_ERROR", NT_STATUS_EA_CORRUPT_ERROR },
+	{ "NT_STATUS_FILE_LOCK_CONFLICT", NT_STATUS_FILE_LOCK_CONFLICT },
+	{ "NT_STATUS_LOCK_NOT_GRANTED", NT_STATUS_LOCK_NOT_GRANTED },
+	{ "NT_STATUS_DELETE_PENDING", NT_STATUS_DELETE_PENDING },
+	{ "NT_STATUS_CTL_FILE_NOT_SUPPORTED", NT_STATUS_CTL_FILE_NOT_SUPPORTED },
+	{ "NT_STATUS_UNKNOWN_REVISION", NT_STATUS_UNKNOWN_REVISION },
+	{ "NT_STATUS_REVISION_MISMATCH", NT_STATUS_REVISION_MISMATCH },
+	{ "NT_STATUS_INVALID_OWNER", NT_STATUS_INVALID_OWNER },
+	{ "NT_STATUS_INVALID_PRIMARY_GROUP", NT_STATUS_INVALID_PRIMARY_GROUP },
+	{ "NT_STATUS_NO_IMPERSONATION_TOKEN", NT_STATUS_NO_IMPERSONATION_TOKEN },
+	{ "NT_STATUS_CANT_DISABLE_MANDATORY", NT_STATUS_CANT_DISABLE_MANDATORY },
+	{ "NT_STATUS_NO_LOGON_SERVERS", NT_STATUS_NO_LOGON_SERVERS },
+	{ "NT_STATUS_NO_SUCH_LOGON_SESSION", NT_STATUS_NO_SUCH_LOGON_SESSION },
+	{ "NT_STATUS_NO_SUCH_PRIVILEGE", NT_STATUS_NO_SUCH_PRIVILEGE },
+	{ "NT_STATUS_PRIVILEGE_NOT_HELD", NT_STATUS_PRIVILEGE_NOT_HELD },
+	{ "NT_STATUS_INVALID_ACCOUNT_NAME", NT_STATUS_INVALID_ACCOUNT_NAME },
+	{ "NT_STATUS_USER_EXISTS", NT_STATUS_USER_EXISTS },
+	{ "NT_STATUS_NO_SUCH_USER", NT_STATUS_NO_SUCH_USER },
+	{ "NT_STATUS_GROUP_EXISTS", NT_STATUS_GROUP_EXISTS },
+	{ "NT_STATUS_NO_SUCH_GROUP", NT_STATUS_NO_SUCH_GROUP },
+	{ "NT_STATUS_MEMBER_IN_GROUP", NT_STATUS_MEMBER_IN_GROUP },
+	{ "NT_STATUS_MEMBER_NOT_IN_GROUP", NT_STATUS_MEMBER_NOT_IN_GROUP },
+	{ "NT_STATUS_LAST_ADMIN", NT_STATUS_LAST_ADMIN },
+	{ "NT_STATUS_WRONG_PASSWORD", NT_STATUS_WRONG_PASSWORD },
+	{ "NT_STATUS_ILL_FORMED_PASSWORD", NT_STATUS_ILL_FORMED_PASSWORD },
+	{ "NT_STATUS_PASSWORD_RESTRICTION", NT_STATUS_PASSWORD_RESTRICTION },
+	{ "NT_STATUS_LOGON_FAILURE", NT_STATUS_LOGON_FAILURE },
+	{ "NT_STATUS_ACCOUNT_RESTRICTION", NT_STATUS_ACCOUNT_RESTRICTION },
+	{ "NT_STATUS_INVALID_LOGON_HOURS", NT_STATUS_INVALID_LOGON_HOURS },
+	{ "NT_STATUS_INVALID_WORKSTATION", NT_STATUS_INVALID_WORKSTATION },
+	{ "NT_STATUS_PASSWORD_EXPIRED", NT_STATUS_PASSWORD_EXPIRED },
+	{ "NT_STATUS_ACCOUNT_DISABLED", NT_STATUS_ACCOUNT_DISABLED },
+	{ "NT_STATUS_NONE_MAPPED", NT_STATUS_NONE_MAPPED },
+	{ "NT_STATUS_TOO_MANY_LUIDS_REQUESTED", NT_STATUS_TOO_MANY_LUIDS_REQUESTED },
+	{ "NT_STATUS_LUIDS_EXHAUSTED", NT_STATUS_LUIDS_EXHAUSTED },
+	{ "NT_STATUS_INVALID_SUB_AUTHORITY", NT_STATUS_INVALID_SUB_AUTHORITY },
+	{ "NT_STATUS_INVALID_ACL", NT_STATUS_INVALID_ACL },
+	{ "NT_STATUS_INVALID_SID", NT_STATUS_INVALID_SID },
+	{ "NT_STATUS_INVALID_SECURITY_DESCR", NT_STATUS_INVALID_SECURITY_DESCR },
+	{ "NT_STATUS_PROCEDURE_NOT_FOUND", NT_STATUS_PROCEDURE_NOT_FOUND },
+	{ "NT_STATUS_INVALID_IMAGE_FORMAT", NT_STATUS_INVALID_IMAGE_FORMAT },
+	{ "NT_STATUS_NO_TOKEN", NT_STATUS_NO_TOKEN },
+	{ "NT_STATUS_BAD_INHERITANCE_ACL", NT_STATUS_BAD_INHERITANCE_ACL },
+	{ "NT_STATUS_RANGE_NOT_LOCKED", NT_STATUS_RANGE_NOT_LOCKED },
+	{ "NT_STATUS_DISK_FULL", NT_STATUS_DISK_FULL },
+	{ "NT_STATUS_SERVER_DISABLED", NT_STATUS_SERVER_DISABLED },
+	{ "NT_STATUS_SERVER_NOT_DISABLED", NT_STATUS_SERVER_NOT_DISABLED },
+	{ "NT_STATUS_TOO_MANY_GUIDS_REQUESTED", NT_STATUS_TOO_MANY_GUIDS_REQUESTED },
+	{ "NT_STATUS_GUIDS_EXHAUSTED", NT_STATUS_GUIDS_EXHAUSTED },
+	{ "NT_STATUS_INVALID_ID_AUTHORITY", NT_STATUS_INVALID_ID_AUTHORITY },
+	{ "NT_STATUS_AGENTS_EXHAUSTED", NT_STATUS_AGENTS_EXHAUSTED },
+	{ "NT_STATUS_INVALID_VOLUME_LABEL", NT_STATUS_INVALID_VOLUME_LABEL },
+	{ "NT_STATUS_SECTION_NOT_EXTENDED", NT_STATUS_SECTION_NOT_EXTENDED },
+	{ "NT_STATUS_NOT_MAPPED_DATA", NT_STATUS_NOT_MAPPED_DATA },
+	{ "NT_STATUS_RESOURCE_DATA_NOT_FOUND", NT_STATUS_RESOURCE_DATA_NOT_FOUND },
+	{ "NT_STATUS_RESOURCE_TYPE_NOT_FOUND", NT_STATUS_RESOURCE_TYPE_NOT_FOUND },
+	{ "NT_STATUS_RESOURCE_NAME_NOT_FOUND", NT_STATUS_RESOURCE_NAME_NOT_FOUND },
+	{ "NT_STATUS_ARRAY_BOUNDS_EXCEEDED", NT_STATUS_ARRAY_BOUNDS_EXCEEDED },
+	{ "NT_STATUS_FLOAT_DENORMAL_OPERAND", NT_STATUS_FLOAT_DENORMAL_OPERAND },
+	{ "NT_STATUS_FLOAT_DIVIDE_BY_ZERO", NT_STATUS_FLOAT_DIVIDE_BY_ZERO },
+	{ "NT_STATUS_FLOAT_INEXACT_RESULT", NT_STATUS_FLOAT_INEXACT_RESULT },
+	{ "NT_STATUS_FLOAT_INVALID_OPERATION", NT_STATUS_FLOAT_INVALID_OPERATION },
+	{ "NT_STATUS_FLOAT_OVERFLOW", NT_STATUS_FLOAT_OVERFLOW },
+	{ "NT_STATUS_FLOAT_STACK_CHECK", NT_STATUS_FLOAT_STACK_CHECK },
+	{ "NT_STATUS_FLOAT_UNDERFLOW", NT_STATUS_FLOAT_UNDERFLOW },
+	{ "NT_STATUS_INTEGER_DIVIDE_BY_ZERO", NT_STATUS_INTEGER_DIVIDE_BY_ZERO },
+	{ "NT_STATUS_INTEGER_OVERFLOW", NT_STATUS_INTEGER_OVERFLOW },
+	{ "NT_STATUS_PRIVILEGED_INSTRUCTION", NT_STATUS_PRIVILEGED_INSTRUCTION },
+	{ "NT_STATUS_TOO_MANY_PAGING_FILES", NT_STATUS_TOO_MANY_PAGING_FILES },
+	{ "NT_STATUS_FILE_INVALID", NT_STATUS_FILE_INVALID },
+	{ "NT_STATUS_ALLOTTED_SPACE_EXCEEDED", NT_STATUS_ALLOTTED_SPACE_EXCEEDED },
+	{ "NT_STATUS_INSUFFICIENT_RESOURCES", NT_STATUS_INSUFFICIENT_RESOURCES },
+	{ "NT_STATUS_DFS_EXIT_PATH_FOUND", NT_STATUS_DFS_EXIT_PATH_FOUND },
+	{ "NT_STATUS_DEVICE_DATA_ERROR", NT_STATUS_DEVICE_DATA_ERROR },
+	{ "NT_STATUS_DEVICE_NOT_CONNECTED", NT_STATUS_DEVICE_NOT_CONNECTED },
+	{ "NT_STATUS_DEVICE_POWER_FAILURE", NT_STATUS_DEVICE_POWER_FAILURE },
+	{ "NT_STATUS_FREE_VM_NOT_AT_BASE", NT_STATUS_FREE_VM_NOT_AT_BASE },
+	{ "NT_STATUS_MEMORY_NOT_ALLOCATED", NT_STATUS_MEMORY_NOT_ALLOCATED },
+	{ "NT_STATUS_WORKING_SET_QUOTA", NT_STATUS_WORKING_SET_QUOTA },
+	{ "NT_STATUS_MEDIA_WRITE_PROTECTED", NT_STATUS_MEDIA_WRITE_PROTECTED },
+	{ "NT_STATUS_DEVICE_NOT_READY", NT_STATUS_DEVICE_NOT_READY },
+	{ "NT_STATUS_INVALID_GROUP_ATTRIBUTES", NT_STATUS_INVALID_GROUP_ATTRIBUTES },
+	{ "NT_STATUS_BAD_IMPERSONATION_LEVEL", NT_STATUS_BAD_IMPERSONATION_LEVEL },
+	{ "NT_STATUS_CANT_OPEN_ANONYMOUS", NT_STATUS_CANT_OPEN_ANONYMOUS },
+	{ "NT_STATUS_BAD_VALIDATION_CLASS", NT_STATUS_BAD_VALIDATION_CLASS },
+	{ "NT_STATUS_BAD_TOKEN_TYPE", NT_STATUS_BAD_TOKEN_TYPE },
+	{ "NT_STATUS_BAD_MASTER_BOOT_RECORD", NT_STATUS_BAD_MASTER_BOOT_RECORD },
+	{ "NT_STATUS_INSTRUCTION_MISALIGNMENT", NT_STATUS_INSTRUCTION_MISALIGNMENT },
+	{ "NT_STATUS_INSTANCE_NOT_AVAILABLE", NT_STATUS_INSTANCE_NOT_AVAILABLE },
+	{ "NT_STATUS_PIPE_NOT_AVAILABLE", NT_STATUS_PIPE_NOT_AVAILABLE },
+	{ "NT_STATUS_INVALID_PIPE_STATE", NT_STATUS_INVALID_PIPE_STATE },
+	{ "NT_STATUS_PIPE_BUSY", NT_STATUS_PIPE_BUSY },
+	{ "NT_STATUS_ILLEGAL_FUNCTION", NT_STATUS_ILLEGAL_FUNCTION },
+	{ "NT_STATUS_PIPE_DISCONNECTED", NT_STATUS_PIPE_DISCONNECTED },
+	{ "NT_STATUS_PIPE_CLOSING", NT_STATUS_PIPE_CLOSING },
+	{ "NT_STATUS_PIPE_CONNECTED", NT_STATUS_PIPE_CONNECTED },
+	{ "NT_STATUS_PIPE_LISTENING", NT_STATUS_PIPE_LISTENING },
+	{ "NT_STATUS_INVALID_READ_MODE", NT_STATUS_INVALID_READ_MODE },
+	{ "NT_STATUS_IO_TIMEOUT", NT_STATUS_IO_TIMEOUT },
+	{ "NT_STATUS_FILE_FORCED_CLOSED", NT_STATUS_FILE_FORCED_CLOSED },
+	{ "NT_STATUS_PROFILING_NOT_STARTED", NT_STATUS_PROFILING_NOT_STARTED },
+	{ "NT_STATUS_PROFILING_NOT_STOPPED", NT_STATUS_PROFILING_NOT_STOPPED },
+	{ "NT_STATUS_COULD_NOT_INTERPRET", NT_STATUS_COULD_NOT_INTERPRET },
+	{ "NT_STATUS_FILE_IS_A_DIRECTORY", NT_STATUS_FILE_IS_A_DIRECTORY },
+	{ "NT_STATUS_NOT_SUPPORTED", NT_STATUS_NOT_SUPPORTED },
+	{ "NT_STATUS_REMOTE_NOT_LISTENING", NT_STATUS_REMOTE_NOT_LISTENING },
+	{ "NT_STATUS_DUPLICATE_NAME", NT_STATUS_DUPLICATE_NAME },
+	{ "NT_STATUS_BAD_NETWORK_PATH", NT_STATUS_BAD_NETWORK_PATH },
+	{ "NT_STATUS_NETWORK_BUSY", NT_STATUS_NETWORK_BUSY },
+	{ "NT_STATUS_DEVICE_DOES_NOT_EXIST", NT_STATUS_DEVICE_DOES_NOT_EXIST },
+	{ "NT_STATUS_TOO_MANY_COMMANDS", NT_STATUS_TOO_MANY_COMMANDS },
+	{ "NT_STATUS_ADAPTER_HARDWARE_ERROR", NT_STATUS_ADAPTER_HARDWARE_ERROR },
+	{ "NT_STATUS_INVALID_NETWORK_RESPONSE", NT_STATUS_INVALID_NETWORK_RESPONSE },
+	{ "NT_STATUS_UNEXPECTED_NETWORK_ERROR", NT_STATUS_UNEXPECTED_NETWORK_ERROR },
+	{ "NT_STATUS_BAD_REMOTE_ADAPTER", NT_STATUS_BAD_REMOTE_ADAPTER },
+	{ "NT_STATUS_PRINT_QUEUE_FULL", NT_STATUS_PRINT_QUEUE_FULL },
+	{ "NT_STATUS_NO_SPOOL_SPACE", NT_STATUS_NO_SPOOL_SPACE },
+	{ "NT_STATUS_PRINT_CANCELLED", NT_STATUS_PRINT_CANCELLED },
+	{ "NT_STATUS_NETWORK_NAME_DELETED", NT_STATUS_NETWORK_NAME_DELETED },
+	{ "NT_STATUS_NETWORK_ACCESS_DENIED", NT_STATUS_NETWORK_ACCESS_DENIED },
+	{ "NT_STATUS_BAD_DEVICE_TYPE", NT_STATUS_BAD_DEVICE_TYPE },
+	{ "NT_STATUS_BAD_NETWORK_NAME", NT_STATUS_BAD_NETWORK_NAME },
+	{ "NT_STATUS_TOO_MANY_NAMES", NT_STATUS_TOO_MANY_NAMES },
+	{ "NT_STATUS_TOO_MANY_SESSIONS", NT_STATUS_TOO_MANY_SESSIONS },
+	{ "NT_STATUS_SHARING_PAUSED", NT_STATUS_SHARING_PAUSED },
+	{ "NT_STATUS_REQUEST_NOT_ACCEPTED", NT_STATUS_REQUEST_NOT_ACCEPTED },
+	{ "NT_STATUS_REDIRECTOR_PAUSED", NT_STATUS_REDIRECTOR_PAUSED },
+	{ "NT_STATUS_NET_WRITE_FAULT", NT_STATUS_NET_WRITE_FAULT },
+	{ "NT_STATUS_PROFILING_AT_LIMIT", NT_STATUS_PROFILING_AT_LIMIT },
+	{ "NT_STATUS_NOT_SAME_DEVICE", NT_STATUS_NOT_SAME_DEVICE },
+	{ "NT_STATUS_FILE_RENAMED", NT_STATUS_FILE_RENAMED },
+	{ "NT_STATUS_VIRTUAL_CIRCUIT_CLOSED", NT_STATUS_VIRTUAL_CIRCUIT_CLOSED },
+	{ "NT_STATUS_NO_SECURITY_ON_OBJECT", NT_STATUS_NO_SECURITY_ON_OBJECT },
+	{ "NT_STATUS_CANT_WAIT", NT_STATUS_CANT_WAIT },
+	{ "NT_STATUS_PIPE_EMPTY", NT_STATUS_PIPE_EMPTY },
+	{ "NT_STATUS_CANT_ACCESS_DOMAIN_INFO", NT_STATUS_CANT_ACCESS_DOMAIN_INFO },
+	{ "NT_STATUS_CANT_TERMINATE_SELF", NT_STATUS_CANT_TERMINATE_SELF },
+	{ "NT_STATUS_INVALID_SERVER_STATE", NT_STATUS_INVALID_SERVER_STATE },
+	{ "NT_STATUS_INVALID_DOMAIN_STATE", NT_STATUS_INVALID_DOMAIN_STATE },
+	{ "NT_STATUS_INVALID_DOMAIN_ROLE", NT_STATUS_INVALID_DOMAIN_ROLE },
+	{ "NT_STATUS_NO_SUCH_DOMAIN", NT_STATUS_NO_SUCH_DOMAIN },
+	{ "NT_STATUS_DOMAIN_EXISTS", NT_STATUS_DOMAIN_EXISTS },
+	{ "NT_STATUS_DOMAIN_LIMIT_EXCEEDED", NT_STATUS_DOMAIN_LIMIT_EXCEEDED },
+	{ "NT_STATUS_OPLOCK_NOT_GRANTED", NT_STATUS_OPLOCK_NOT_GRANTED },
+	{ "NT_STATUS_INVALID_OPLOCK_PROTOCOL", NT_STATUS_INVALID_OPLOCK_PROTOCOL },
+	{ "NT_STATUS_INTERNAL_DB_CORRUPTION", NT_STATUS_INTERNAL_DB_CORRUPTION },
+	{ "NT_STATUS_INTERNAL_ERROR", NT_STATUS_INTERNAL_ERROR },
+	{ "NT_STATUS_GENERIC_NOT_MAPPED", NT_STATUS_GENERIC_NOT_MAPPED },
+	{ "NT_STATUS_BAD_DESCRIPTOR_FORMAT", NT_STATUS_BAD_DESCRIPTOR_FORMAT },
+	{ "NT_STATUS_INVALID_USER_BUFFER", NT_STATUS_INVALID_USER_BUFFER },
+	{ "NT_STATUS_UNEXPECTED_IO_ERROR", NT_STATUS_UNEXPECTED_IO_ERROR },
+	{ "NT_STATUS_UNEXPECTED_MM_CREATE_ERR", NT_STATUS_UNEXPECTED_MM_CREATE_ERR },
+	{ "NT_STATUS_UNEXPECTED_MM_MAP_ERROR", NT_STATUS_UNEXPECTED_MM_MAP_ERROR },
+	{ "NT_STATUS_UNEXPECTED_MM_EXTEND_ERR", NT_STATUS_UNEXPECTED_MM_EXTEND_ERR },
+	{ "NT_STATUS_NOT_LOGON_PROCESS", NT_STATUS_NOT_LOGON_PROCESS },
+	{ "NT_STATUS_LOGON_SESSION_EXISTS", NT_STATUS_LOGON_SESSION_EXISTS },
+	{ "NT_STATUS_INVALID_PARAMETER_1", NT_STATUS_INVALID_PARAMETER_1 },
+	{ "NT_STATUS_INVALID_PARAMETER_2", NT_STATUS_INVALID_PARAMETER_2 },
+	{ "NT_STATUS_INVALID_PARAMETER_3", NT_STATUS_INVALID_PARAMETER_3 },
+	{ "NT_STATUS_INVALID_PARAMETER_4", NT_STATUS_INVALID_PARAMETER_4 },
+	{ "NT_STATUS_INVALID_PARAMETER_5", NT_STATUS_INVALID_PARAMETER_5 },
+	{ "NT_STATUS_INVALID_PARAMETER_6", NT_STATUS_INVALID_PARAMETER_6 },
+	{ "NT_STATUS_INVALID_PARAMETER_7", NT_STATUS_INVALID_PARAMETER_7 },
+	{ "NT_STATUS_INVALID_PARAMETER_8", NT_STATUS_INVALID_PARAMETER_8 },
+	{ "NT_STATUS_INVALID_PARAMETER_9", NT_STATUS_INVALID_PARAMETER_9 },
+	{ "NT_STATUS_INVALID_PARAMETER_10", NT_STATUS_INVALID_PARAMETER_10 },
+	{ "NT_STATUS_INVALID_PARAMETER_11", NT_STATUS_INVALID_PARAMETER_11 },
+	{ "NT_STATUS_INVALID_PARAMETER_12", NT_STATUS_INVALID_PARAMETER_12 },
+	{ "NT_STATUS_REDIRECTOR_NOT_STARTED", NT_STATUS_REDIRECTOR_NOT_STARTED },
+	{ "NT_STATUS_REDIRECTOR_STARTED", NT_STATUS_REDIRECTOR_STARTED },
+	{ "NT_STATUS_STACK_OVERFLOW", NT_STATUS_STACK_OVERFLOW },
+	{ "NT_STATUS_NO_SUCH_PACKAGE", NT_STATUS_NO_SUCH_PACKAGE },
+	{ "NT_STATUS_BAD_FUNCTION_TABLE", NT_STATUS_BAD_FUNCTION_TABLE },
+	{ "NT_STATUS_DIRECTORY_NOT_EMPTY", NT_STATUS_DIRECTORY_NOT_EMPTY },
+	{ "NT_STATUS_FILE_CORRUPT_ERROR", NT_STATUS_FILE_CORRUPT_ERROR },
+	{ "NT_STATUS_NOT_A_DIRECTORY", NT_STATUS_NOT_A_DIRECTORY },
+	{ "NT_STATUS_BAD_LOGON_SESSION_STATE", NT_STATUS_BAD_LOGON_SESSION_STATE },
+	{ "NT_STATUS_LOGON_SESSION_COLLISION", NT_STATUS_LOGON_SESSION_COLLISION },
+	{ "NT_STATUS_NAME_TOO_LONG", NT_STATUS_NAME_TOO_LONG },
+	{ "NT_STATUS_FILES_OPEN", NT_STATUS_FILES_OPEN },
+	{ "NT_STATUS_CONNECTION_IN_USE", NT_STATUS_CONNECTION_IN_USE },
+	{ "NT_STATUS_MESSAGE_NOT_FOUND", NT_STATUS_MESSAGE_NOT_FOUND },
+	{ "NT_STATUS_PROCESS_IS_TERMINATING", NT_STATUS_PROCESS_IS_TERMINATING },
+	{ "NT_STATUS_INVALID_LOGON_TYPE", NT_STATUS_INVALID_LOGON_TYPE },
+	{ "NT_STATUS_NO_GUID_TRANSLATION", NT_STATUS_NO_GUID_TRANSLATION },
+	{ "NT_STATUS_CANNOT_IMPERSONATE", NT_STATUS_CANNOT_IMPERSONATE },
+	{ "NT_STATUS_IMAGE_ALREADY_LOADED", NT_STATUS_IMAGE_ALREADY_LOADED },
+	{ "NT_STATUS_ABIOS_NOT_PRESENT", NT_STATUS_ABIOS_NOT_PRESENT },
+	{ "NT_STATUS_ABIOS_LID_NOT_EXIST", NT_STATUS_ABIOS_LID_NOT_EXIST },
+	{ "NT_STATUS_ABIOS_LID_ALREADY_OWNED", NT_STATUS_ABIOS_LID_ALREADY_OWNED },
+	{ "NT_STATUS_ABIOS_NOT_LID_OWNER", NT_STATUS_ABIOS_NOT_LID_OWNER },
+	{ "NT_STATUS_ABIOS_INVALID_COMMAND", NT_STATUS_ABIOS_INVALID_COMMAND },
+	{ "NT_STATUS_ABIOS_INVALID_LID", NT_STATUS_ABIOS_INVALID_LID },
+	{ "NT_STATUS_ABIOS_SELECTOR_NOT_AVAILABLE", NT_STATUS_ABIOS_SELECTOR_NOT_AVAILABLE },
+	{ "NT_STATUS_ABIOS_INVALID_SELECTOR", NT_STATUS_ABIOS_INVALID_SELECTOR },
+	{ "NT_STATUS_NO_LDT", NT_STATUS_NO_LDT },
+	{ "NT_STATUS_INVALID_LDT_SIZE", NT_STATUS_INVALID_LDT_SIZE },
+	{ "NT_STATUS_INVALID_LDT_OFFSET", NT_STATUS_INVALID_LDT_OFFSET },
+	{ "NT_STATUS_INVALID_LDT_DESCRIPTOR", NT_STATUS_INVALID_LDT_DESCRIPTOR },
+	{ "NT_STATUS_INVALID_IMAGE_NE_FORMAT", NT_STATUS_INVALID_IMAGE_NE_FORMAT },
+	{ "NT_STATUS_RXACT_INVALID_STATE", NT_STATUS_RXACT_INVALID_STATE },
+	{ "NT_STATUS_RXACT_COMMIT_FAILURE", NT_STATUS_RXACT_COMMIT_FAILURE },
+	{ "NT_STATUS_MAPPED_FILE_SIZE_ZERO", NT_STATUS_MAPPED_FILE_SIZE_ZERO },
+	{ "NT_STATUS_TOO_MANY_OPENED_FILES", NT_STATUS_TOO_MANY_OPENED_FILES },
+	{ "NT_STATUS_CANCELLED", NT_STATUS_CANCELLED },
+	{ "NT_STATUS_CANNOT_DELETE", NT_STATUS_CANNOT_DELETE },
+	{ "NT_STATUS_INVALID_COMPUTER_NAME", NT_STATUS_INVALID_COMPUTER_NAME },
+	{ "NT_STATUS_FILE_DELETED", NT_STATUS_FILE_DELETED },
+	{ "NT_STATUS_SPECIAL_ACCOUNT", NT_STATUS_SPECIAL_ACCOUNT },
+	{ "NT_STATUS_SPECIAL_GROUP", NT_STATUS_SPECIAL_GROUP },
+	{ "NT_STATUS_SPECIAL_USER", NT_STATUS_SPECIAL_USER },
+	{ "NT_STATUS_MEMBERS_PRIMARY_GROUP", NT_STATUS_MEMBERS_PRIMARY_GROUP },
+	{ "NT_STATUS_FILE_CLOSED", NT_STATUS_FILE_CLOSED },
+	{ "NT_STATUS_TOO_MANY_THREADS", NT_STATUS_TOO_MANY_THREADS },
+	{ "NT_STATUS_THREAD_NOT_IN_PROCESS", NT_STATUS_THREAD_NOT_IN_PROCESS },
+	{ "NT_STATUS_TOKEN_ALREADY_IN_USE", NT_STATUS_TOKEN_ALREADY_IN_USE },
+	{ "NT_STATUS_PAGEFILE_QUOTA_EXCEEDED", NT_STATUS_PAGEFILE_QUOTA_EXCEEDED },
+	{ "NT_STATUS_COMMITMENT_LIMIT", NT_STATUS_COMMITMENT_LIMIT },
+	{ "NT_STATUS_INVALID_IMAGE_LE_FORMAT", NT_STATUS_INVALID_IMAGE_LE_FORMAT },
+	{ "NT_STATUS_INVALID_IMAGE_NOT_MZ", NT_STATUS_INVALID_IMAGE_NOT_MZ },
+	{ "NT_STATUS_INVALID_IMAGE_PROTECT", NT_STATUS_INVALID_IMAGE_PROTECT },
+	{ "NT_STATUS_INVALID_IMAGE_WIN_16", NT_STATUS_INVALID_IMAGE_WIN_16 },
+	{ "NT_STATUS_LOGON_SERVER_CONFLICT", NT_STATUS_LOGON_SERVER_CONFLICT },
+	{ "NT_STATUS_TIME_DIFFERENCE_AT_DC", NT_STATUS_TIME_DIFFERENCE_AT_DC },
+	{ "NT_STATUS_SYNCHRONIZATION_REQUIRED", NT_STATUS_SYNCHRONIZATION_REQUIRED },
+	{ "NT_STATUS_DLL_NOT_FOUND", NT_STATUS_DLL_NOT_FOUND },
+	{ "NT_STATUS_OPEN_FAILED", NT_STATUS_OPEN_FAILED },
+	{ "NT_STATUS_IO_PRIVILEGE_FAILED", NT_STATUS_IO_PRIVILEGE_FAILED },
+	{ "NT_STATUS_ORDINAL_NOT_FOUND", NT_STATUS_ORDINAL_NOT_FOUND },
+	{ "NT_STATUS_ENTRYPOINT_NOT_FOUND", NT_STATUS_ENTRYPOINT_NOT_FOUND },
+	{ "NT_STATUS_CONTROL_C_EXIT", NT_STATUS_CONTROL_C_EXIT },
+	{ "NT_STATUS_LOCAL_DISCONNECT", NT_STATUS_LOCAL_DISCONNECT },
+	{ "NT_STATUS_REMOTE_DISCONNECT", NT_STATUS_REMOTE_DISCONNECT },
+	{ "NT_STATUS_REMOTE_RESOURCES", NT_STATUS_REMOTE_RESOURCES },
+	{ "NT_STATUS_LINK_FAILED", NT_STATUS_LINK_FAILED },
+	{ "NT_STATUS_LINK_TIMEOUT", NT_STATUS_LINK_TIMEOUT },
+	{ "NT_STATUS_INVALID_CONNECTION", NT_STATUS_INVALID_CONNECTION },
+	{ "NT_STATUS_INVALID_ADDRESS", NT_STATUS_INVALID_ADDRESS },
+	{ "NT_STATUS_DLL_INIT_FAILED", NT_STATUS_DLL_INIT_FAILED },
+	{ "NT_STATUS_MISSING_SYSTEMFILE", NT_STATUS_MISSING_SYSTEMFILE },
+	{ "NT_STATUS_UNHANDLED_EXCEPTION", NT_STATUS_UNHANDLED_EXCEPTION },
+	{ "NT_STATUS_APP_INIT_FAILURE", NT_STATUS_APP_INIT_FAILURE },
+	{ "NT_STATUS_PAGEFILE_CREATE_FAILED", NT_STATUS_PAGEFILE_CREATE_FAILED },
+	{ "NT_STATUS_NO_PAGEFILE", NT_STATUS_NO_PAGEFILE },
+	{ "NT_STATUS_INVALID_LEVEL", NT_STATUS_INVALID_LEVEL },
+	{ "NT_STATUS_WRONG_PASSWORD_CORE", NT_STATUS_WRONG_PASSWORD_CORE },
+	{ "NT_STATUS_ILLEGAL_FLOAT_CONTEXT", NT_STATUS_ILLEGAL_FLOAT_CONTEXT },
+	{ "NT_STATUS_PIPE_BROKEN", NT_STATUS_PIPE_BROKEN },
+	{ "NT_STATUS_REGISTRY_CORRUPT", NT_STATUS_REGISTRY_CORRUPT },
+	{ "NT_STATUS_REGISTRY_IO_FAILED", NT_STATUS_REGISTRY_IO_FAILED },
+	{ "NT_STATUS_NO_EVENT_PAIR", NT_STATUS_NO_EVENT_PAIR },
+	{ "NT_STATUS_UNRECOGNIZED_VOLUME", NT_STATUS_UNRECOGNIZED_VOLUME },
+	{ "NT_STATUS_SERIAL_NO_DEVICE_INITED", NT_STATUS_SERIAL_NO_DEVICE_INITED },
+	{ "NT_STATUS_NO_SUCH_ALIAS", NT_STATUS_NO_SUCH_ALIAS },
+	{ "NT_STATUS_MEMBER_NOT_IN_ALIAS", NT_STATUS_MEMBER_NOT_IN_ALIAS },
+	{ "NT_STATUS_MEMBER_IN_ALIAS", NT_STATUS_MEMBER_IN_ALIAS },
+	{ "NT_STATUS_ALIAS_EXISTS", NT_STATUS_ALIAS_EXISTS },
+	{ "NT_STATUS_LOGON_NOT_GRANTED", NT_STATUS_LOGON_NOT_GRANTED },
+	{ "NT_STATUS_TOO_MANY_SECRETS", NT_STATUS_TOO_MANY_SECRETS },
+	{ "NT_STATUS_SECRET_TOO_LONG", NT_STATUS_SECRET_TOO_LONG },
+	{ "NT_STATUS_INTERNAL_DB_ERROR", NT_STATUS_INTERNAL_DB_ERROR },
+	{ "NT_STATUS_FULLSCREEN_MODE", NT_STATUS_FULLSCREEN_MODE },
+	{ "NT_STATUS_TOO_MANY_CONTEXT_IDS", NT_STATUS_TOO_MANY_CONTEXT_IDS },
+	{ "NT_STATUS_LOGON_TYPE_NOT_GRANTED", NT_STATUS_LOGON_TYPE_NOT_GRANTED },
+	{ "NT_STATUS_NOT_REGISTRY_FILE", NT_STATUS_NOT_REGISTRY_FILE },
+	{ "NT_STATUS_NT_CROSS_ENCRYPTION_REQUIRED", NT_STATUS_NT_CROSS_ENCRYPTION_REQUIRED },
+	{ "NT_STATUS_DOMAIN_CTRLR_CONFIG_ERROR", NT_STATUS_DOMAIN_CTRLR_CONFIG_ERROR },
+	{ "NT_STATUS_FT_MISSING_MEMBER", NT_STATUS_FT_MISSING_MEMBER },
+	{ "NT_STATUS_ILL_FORMED_SERVICE_ENTRY", NT_STATUS_ILL_FORMED_SERVICE_ENTRY },
+	{ "NT_STATUS_ILLEGAL_CHARACTER", NT_STATUS_ILLEGAL_CHARACTER },
+	{ "NT_STATUS_UNMAPPABLE_CHARACTER", NT_STATUS_UNMAPPABLE_CHARACTER },
+	{ "NT_STATUS_UNDEFINED_CHARACTER", NT_STATUS_UNDEFINED_CHARACTER },
+	{ "NT_STATUS_FLOPPY_VOLUME", NT_STATUS_FLOPPY_VOLUME },
+	{ "NT_STATUS_FLOPPY_ID_MARK_NOT_FOUND", NT_STATUS_FLOPPY_ID_MARK_NOT_FOUND },
+	{ "NT_STATUS_FLOPPY_WRONG_CYLINDER", NT_STATUS_FLOPPY_WRONG_CYLINDER },
+	{ "NT_STATUS_FLOPPY_UNKNOWN_ERROR", NT_STATUS_FLOPPY_UNKNOWN_ERROR },
+	{ "NT_STATUS_FLOPPY_BAD_REGISTERS", NT_STATUS_FLOPPY_BAD_REGISTERS },
+	{ "NT_STATUS_DISK_RECALIBRATE_FAILED", NT_STATUS_DISK_RECALIBRATE_FAILED },
+	{ "NT_STATUS_DISK_OPERATION_FAILED", NT_STATUS_DISK_OPERATION_FAILED },
+	{ "NT_STATUS_DISK_RESET_FAILED", NT_STATUS_DISK_RESET_FAILED },
+	{ "NT_STATUS_SHARED_IRQ_BUSY", NT_STATUS_SHARED_IRQ_BUSY },
+	{ "NT_STATUS_FT_ORPHANING", NT_STATUS_FT_ORPHANING },
+	{ "NT_STATUS_PARTITION_FAILURE", NT_STATUS_PARTITION_FAILURE },
+	{ "NT_STATUS_INVALID_BLOCK_LENGTH", NT_STATUS_INVALID_BLOCK_LENGTH },
+	{ "NT_STATUS_DEVICE_NOT_PARTITIONED", NT_STATUS_DEVICE_NOT_PARTITIONED },
+	{ "NT_STATUS_UNABLE_TO_LOCK_MEDIA", NT_STATUS_UNABLE_TO_LOCK_MEDIA },
+	{ "NT_STATUS_UNABLE_TO_UNLOAD_MEDIA", NT_STATUS_UNABLE_TO_UNLOAD_MEDIA },
+	{ "NT_STATUS_EOM_OVERFLOW", NT_STATUS_EOM_OVERFLOW },
+	{ "NT_STATUS_NO_MEDIA", NT_STATUS_NO_MEDIA },
+	{ "NT_STATUS_NO_SUCH_MEMBER", NT_STATUS_NO_SUCH_MEMBER },
+	{ "NT_STATUS_INVALID_MEMBER", NT_STATUS_INVALID_MEMBER },
+	{ "NT_STATUS_KEY_DELETED", NT_STATUS_KEY_DELETED },
+	{ "NT_STATUS_NO_LOG_SPACE", NT_STATUS_NO_LOG_SPACE },
+	{ "NT_STATUS_TOO_MANY_SIDS", NT_STATUS_TOO_MANY_SIDS },
+	{ "NT_STATUS_LM_CROSS_ENCRYPTION_REQUIRED", NT_STATUS_LM_CROSS_ENCRYPTION_REQUIRED },
+	{ "NT_STATUS_KEY_HAS_CHILDREN", NT_STATUS_KEY_HAS_CHILDREN },
+	{ "NT_STATUS_CHILD_MUST_BE_VOLATILE", NT_STATUS_CHILD_MUST_BE_VOLATILE },
+	{ "NT_STATUS_DEVICE_CONFIGURATION_ERROR", NT_STATUS_DEVICE_CONFIGURATION_ERROR },
+	{ "NT_STATUS_DRIVER_INTERNAL_ERROR", NT_STATUS_DRIVER_INTERNAL_ERROR },
+	{ "NT_STATUS_INVALID_DEVICE_STATE", NT_STATUS_INVALID_DEVICE_STATE },
+	{ "NT_STATUS_IO_DEVICE_ERROR", NT_STATUS_IO_DEVICE_ERROR },
+	{ "NT_STATUS_DEVICE_PROTOCOL_ERROR", NT_STATUS_DEVICE_PROTOCOL_ERROR },
+	{ "NT_STATUS_BACKUP_CONTROLLER", NT_STATUS_BACKUP_CONTROLLER },
+	{ "NT_STATUS_LOG_FILE_FULL", NT_STATUS_LOG_FILE_FULL },
+	{ "NT_STATUS_TOO_LATE", NT_STATUS_TOO_LATE },
+	{ "NT_STATUS_NO_TRUST_LSA_SECRET", NT_STATUS_NO_TRUST_LSA_SECRET },
+	{ "NT_STATUS_NO_TRUST_SAM_ACCOUNT", NT_STATUS_NO_TRUST_SAM_ACCOUNT },
+	{ "NT_STATUS_TRUSTED_DOMAIN_FAILURE", NT_STATUS_TRUSTED_DOMAIN_FAILURE },
+	{ "NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE", NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE },
+	{ "NT_STATUS_EVENTLOG_FILE_CORRUPT", NT_STATUS_EVENTLOG_FILE_CORRUPT },
+	{ "NT_STATUS_EVENTLOG_CANT_START", NT_STATUS_EVENTLOG_CANT_START },
+	{ "NT_STATUS_TRUST_FAILURE", NT_STATUS_TRUST_FAILURE },
+	{ "NT_STATUS_MUTANT_LIMIT_EXCEEDED", NT_STATUS_MUTANT_LIMIT_EXCEEDED },
+	{ "NT_STATUS_NETLOGON_NOT_STARTED", NT_STATUS_NETLOGON_NOT_STARTED },
+	{ "NT_STATUS_ACCOUNT_EXPIRED", NT_STATUS_ACCOUNT_EXPIRED },
+	{ "NT_STATUS_POSSIBLE_DEADLOCK", NT_STATUS_POSSIBLE_DEADLOCK },
+	{ "NT_STATUS_NETWORK_CREDENTIAL_CONFLICT", NT_STATUS_NETWORK_CREDENTIAL_CONFLICT },
+	{ "NT_STATUS_REMOTE_SESSION_LIMIT", NT_STATUS_REMOTE_SESSION_LIMIT },
+	{ "NT_STATUS_EVENTLOG_FILE_CHANGED", NT_STATUS_EVENTLOG_FILE_CHANGED },
+	{ "NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT", NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT },
+	{ "NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT", NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT },
+	{ "NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT", NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT },
+	{ "NT_STATUS_DOMAIN_TRUST_INCONSISTENT", NT_STATUS_DOMAIN_TRUST_INCONSISTENT },
+	{ "NT_STATUS_FS_DRIVER_REQUIRED", NT_STATUS_FS_DRIVER_REQUIRED },
+	{ "NT_STATUS_NO_USER_SESSION_KEY", NT_STATUS_NO_USER_SESSION_KEY },
+	{ "NT_STATUS_USER_SESSION_DELETED", NT_STATUS_USER_SESSION_DELETED },
+	{ "NT_STATUS_RESOURCE_LANG_NOT_FOUND", NT_STATUS_RESOURCE_LANG_NOT_FOUND },
+	{ "NT_STATUS_INSUFF_SERVER_RESOURCES", NT_STATUS_INSUFF_SERVER_RESOURCES },
+	{ "NT_STATUS_INVALID_BUFFER_SIZE", NT_STATUS_INVALID_BUFFER_SIZE },
+	{ "NT_STATUS_INVALID_ADDRESS_COMPONENT", NT_STATUS_INVALID_ADDRESS_COMPONENT },
+	{ "NT_STATUS_INVALID_ADDRESS_WILDCARD", NT_STATUS_INVALID_ADDRESS_WILDCARD },
+	{ "NT_STATUS_TOO_MANY_ADDRESSES", NT_STATUS_TOO_MANY_ADDRESSES },
+	{ "NT_STATUS_ADDRESS_ALREADY_EXISTS", NT_STATUS_ADDRESS_ALREADY_EXISTS },
+	{ "NT_STATUS_ADDRESS_CLOSED", NT_STATUS_ADDRESS_CLOSED },
+	{ "NT_STATUS_CONNECTION_DISCONNECTED", NT_STATUS_CONNECTION_DISCONNECTED },
+	{ "NT_STATUS_CONNECTION_RESET", NT_STATUS_CONNECTION_RESET },
+	{ "NT_STATUS_TOO_MANY_NODES", NT_STATUS_TOO_MANY_NODES },
+	{ "NT_STATUS_TRANSACTION_ABORTED", NT_STATUS_TRANSACTION_ABORTED },
+	{ "NT_STATUS_TRANSACTION_TIMED_OUT", NT_STATUS_TRANSACTION_TIMED_OUT },
+	{ "NT_STATUS_TRANSACTION_NO_RELEASE", NT_STATUS_TRANSACTION_NO_RELEASE },
+	{ "NT_STATUS_TRANSACTION_NO_MATCH", NT_STATUS_TRANSACTION_NO_MATCH },
+	{ "NT_STATUS_TRANSACTION_RESPONDED", NT_STATUS_TRANSACTION_RESPONDED },
+	{ "NT_STATUS_TRANSACTION_INVALID_ID", NT_STATUS_TRANSACTION_INVALID_ID },
+	{ "NT_STATUS_TRANSACTION_INVALID_TYPE", NT_STATUS_TRANSACTION_INVALID_TYPE },
+	{ "NT_STATUS_NOT_SERVER_SESSION", NT_STATUS_NOT_SERVER_SESSION },
+	{ "NT_STATUS_NOT_CLIENT_SESSION", NT_STATUS_NOT_CLIENT_SESSION },
+	{ "NT_STATUS_CANNOT_LOAD_REGISTRY_FILE", NT_STATUS_CANNOT_LOAD_REGISTRY_FILE },
+	{ "NT_STATUS_DEBUG_ATTACH_FAILED", NT_STATUS_DEBUG_ATTACH_FAILED },
+	{ "NT_STATUS_SYSTEM_PROCESS_TERMINATED", NT_STATUS_SYSTEM_PROCESS_TERMINATED },
+	{ "NT_STATUS_DATA_NOT_ACCEPTED", NT_STATUS_DATA_NOT_ACCEPTED },
+	{ "NT_STATUS_NO_BROWSER_SERVERS_FOUND", NT_STATUS_NO_BROWSER_SERVERS_FOUND },
+	{ "NT_STATUS_VDM_HARD_ERROR", NT_STATUS_VDM_HARD_ERROR },
+	{ "NT_STATUS_DRIVER_CANCEL_TIMEOUT", NT_STATUS_DRIVER_CANCEL_TIMEOUT },
+	{ "NT_STATUS_REPLY_MESSAGE_MISMATCH", NT_STATUS_REPLY_MESSAGE_MISMATCH },
+	{ "NT_STATUS_MAPPED_ALIGNMENT", NT_STATUS_MAPPED_ALIGNMENT },
+	{ "NT_STATUS_IMAGE_CHECKSUM_MISMATCH", NT_STATUS_IMAGE_CHECKSUM_MISMATCH },
+	{ "NT_STATUS_LOST_WRITEBEHIND_DATA", NT_STATUS_LOST_WRITEBEHIND_DATA },
+	{ "NT_STATUS_CLIENT_SERVER_PARAMETERS_INVALID", NT_STATUS_CLIENT_SERVER_PARAMETERS_INVALID },
+	{ "NT_STATUS_PASSWORD_MUST_CHANGE", NT_STATUS_PASSWORD_MUST_CHANGE },
+	{ "NT_STATUS_NOT_FOUND", NT_STATUS_NOT_FOUND },
+	{ "NT_STATUS_NOT_TINY_STREAM", NT_STATUS_NOT_TINY_STREAM },
+	{ "NT_STATUS_RECOVERY_FAILURE", NT_STATUS_RECOVERY_FAILURE },
+	{ "NT_STATUS_STACK_OVERFLOW_READ", NT_STATUS_STACK_OVERFLOW_READ },
+	{ "NT_STATUS_FAIL_CHECK", NT_STATUS_FAIL_CHECK },
+	{ "NT_STATUS_DUPLICATE_OBJECTID", NT_STATUS_DUPLICATE_OBJECTID },
+	{ "NT_STATUS_OBJECTID_EXISTS", NT_STATUS_OBJECTID_EXISTS },
+	{ "NT_STATUS_CONVERT_TO_LARGE", NT_STATUS_CONVERT_TO_LARGE },
+	{ "NT_STATUS_RETRY", NT_STATUS_RETRY },
+	{ "NT_STATUS_FOUND_OUT_OF_SCOPE", NT_STATUS_FOUND_OUT_OF_SCOPE },
+	{ "NT_STATUS_ALLOCATE_BUCKET", NT_STATUS_ALLOCATE_BUCKET },
+	{ "NT_STATUS_PROPSET_NOT_FOUND", NT_STATUS_PROPSET_NOT_FOUND },
+	{ "NT_STATUS_MARSHALL_OVERFLOW", NT_STATUS_MARSHALL_OVERFLOW },
+	{ "NT_STATUS_INVALID_VARIANT", NT_STATUS_INVALID_VARIANT },
+	{ "NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND", NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND },
+	{ "NT_STATUS_ACCOUNT_LOCKED_OUT", NT_STATUS_ACCOUNT_LOCKED_OUT },
+	{ "NT_STATUS_HANDLE_NOT_CLOSABLE", NT_STATUS_HANDLE_NOT_CLOSABLE },
+	{ "NT_STATUS_CONNECTION_REFUSED", NT_STATUS_CONNECTION_REFUSED },
+	{ "NT_STATUS_GRACEFUL_DISCONNECT", NT_STATUS_GRACEFUL_DISCONNECT },
+	{ "NT_STATUS_ADDRESS_ALREADY_ASSOCIATED", NT_STATUS_ADDRESS_ALREADY_ASSOCIATED },
+	{ "NT_STATUS_ADDRESS_NOT_ASSOCIATED", NT_STATUS_ADDRESS_NOT_ASSOCIATED },
+	{ "NT_STATUS_CONNECTION_INVALID", NT_STATUS_CONNECTION_INVALID },
+	{ "NT_STATUS_CONNECTION_ACTIVE", NT_STATUS_CONNECTION_ACTIVE },
+	{ "NT_STATUS_NETWORK_UNREACHABLE", NT_STATUS_NETWORK_UNREACHABLE },
+	{ "NT_STATUS_HOST_UNREACHABLE", NT_STATUS_HOST_UNREACHABLE },
+	{ "NT_STATUS_PROTOCOL_UNREACHABLE", NT_STATUS_PROTOCOL_UNREACHABLE },
+	{ "NT_STATUS_PORT_UNREACHABLE", NT_STATUS_PORT_UNREACHABLE },
+	{ "NT_STATUS_REQUEST_ABORTED", NT_STATUS_REQUEST_ABORTED },
+	{ "NT_STATUS_CONNECTION_ABORTED", NT_STATUS_CONNECTION_ABORTED },
+	{ "NT_STATUS_BAD_COMPRESSION_BUFFER", NT_STATUS_BAD_COMPRESSION_BUFFER },
+	{ "NT_STATUS_USER_MAPPED_FILE", NT_STATUS_USER_MAPPED_FILE },
+	{ "NT_STATUS_AUDIT_FAILED", NT_STATUS_AUDIT_FAILED },
+	{ "NT_STATUS_TIMER_RESOLUTION_NOT_SET", NT_STATUS_TIMER_RESOLUTION_NOT_SET },
+	{ "NT_STATUS_CONNECTION_COUNT_LIMIT", NT_STATUS_CONNECTION_COUNT_LIMIT },
+	{ "NT_STATUS_LOGIN_TIME_RESTRICTION", NT_STATUS_LOGIN_TIME_RESTRICTION },
+	{ "NT_STATUS_LOGIN_WKSTA_RESTRICTION", NT_STATUS_LOGIN_WKSTA_RESTRICTION },
+	{ "NT_STATUS_IMAGE_MP_UP_MISMATCH", NT_STATUS_IMAGE_MP_UP_MISMATCH },
+	{ "NT_STATUS_INSUFFICIENT_LOGON_INFO", NT_STATUS_INSUFFICIENT_LOGON_INFO },
+	{ "NT_STATUS_BAD_DLL_ENTRYPOINT", NT_STATUS_BAD_DLL_ENTRYPOINT },
+	{ "NT_STATUS_BAD_SERVICE_ENTRYPOINT", NT_STATUS_BAD_SERVICE_ENTRYPOINT },
+	{ "NT_STATUS_LPC_REPLY_LOST", NT_STATUS_LPC_REPLY_LOST },
+	{ "NT_STATUS_IP_ADDRESS_CONFLICT1", NT_STATUS_IP_ADDRESS_CONFLICT1 },
+	{ "NT_STATUS_IP_ADDRESS_CONFLICT2", NT_STATUS_IP_ADDRESS_CONFLICT2 },
+	{ "NT_STATUS_REGISTRY_QUOTA_LIMIT", NT_STATUS_REGISTRY_QUOTA_LIMIT },
+	{ "NT_STATUS_PATH_NOT_COVERED", NT_STATUS_PATH_NOT_COVERED },
+	{ "NT_STATUS_NO_CALLBACK_ACTIVE", NT_STATUS_NO_CALLBACK_ACTIVE },
+	{ "NT_STATUS_LICENSE_QUOTA_EXCEEDED", NT_STATUS_LICENSE_QUOTA_EXCEEDED },
+	{ "NT_STATUS_PWD_TOO_SHORT", NT_STATUS_PWD_TOO_SHORT },
+	{ "NT_STATUS_PWD_TOO_RECENT", NT_STATUS_PWD_TOO_RECENT },
+	{ "NT_STATUS_PWD_HISTORY_CONFLICT", NT_STATUS_PWD_HISTORY_CONFLICT },
+	{ "NT_STATUS_PLUGPLAY_NO_DEVICE", NT_STATUS_PLUGPLAY_NO_DEVICE },
+	{ "NT_STATUS_UNSUPPORTED_COMPRESSION", NT_STATUS_UNSUPPORTED_COMPRESSION },
+	{ "NT_STATUS_INVALID_HW_PROFILE", NT_STATUS_INVALID_HW_PROFILE },
+	{ "NT_STATUS_INVALID_PLUGPLAY_DEVICE_PATH", NT_STATUS_INVALID_PLUGPLAY_DEVICE_PATH },
+	{ "NT_STATUS_DRIVER_ORDINAL_NOT_FOUND", NT_STATUS_DRIVER_ORDINAL_NOT_FOUND },
+	{ "NT_STATUS_DRIVER_ENTRYPOINT_NOT_FOUND", NT_STATUS_DRIVER_ENTRYPOINT_NOT_FOUND },
+	{ "NT_STATUS_RESOURCE_NOT_OWNED", NT_STATUS_RESOURCE_NOT_OWNED },
+	{ "NT_STATUS_TOO_MANY_LINKS", NT_STATUS_TOO_MANY_LINKS },
+	{ "NT_STATUS_QUOTA_LIST_INCONSISTENT", NT_STATUS_QUOTA_LIST_INCONSISTENT },
+	{ "NT_STATUS_FILE_IS_OFFLINE", NT_STATUS_FILE_IS_OFFLINE },
+        { "NT_STATUS_NO_MORE_ENTRIES", NT_STATUS_NO_MORE_ENTRIES },
+	{ NULL, NT_STATUS(0) }
+};
+
+/*****************************************************************************
+ returns an NT error message.  not amazingly helpful, but better than a number.
+ *****************************************************************************/
+char *nt_errstr(NTSTATUS nt_code)
+{
+        static pstring msg;
+        int idx = 0;
+
+	slprintf(msg, sizeof(msg), "NT code 0x%08x", NT_STATUS_V(nt_code));
+
+	while (nt_errs[idx].nt_errstr != NULL) {
+		if (NT_STATUS_V(nt_errs[idx].nt_errcode) == 
+                    NT_STATUS_V(nt_code)) {
+                        return nt_errs[idx].nt_errstr;
+		}
+		idx++;
+	}
+
+        return msg;
+}
+
+/*****************************************************************************
+ returns an NT_STATUS constant as a string for inclusion in autogen C code
+ *****************************************************************************/
+char *get_nt_error_c_code(NTSTATUS nt_code)
+{
+        static pstring out;
+        int idx = 0;
+
+	while (nt_errs[idx].nt_errstr != NULL) {
+		if (NT_STATUS_V(nt_errs[idx].nt_errcode) == 
+                    NT_STATUS_V(nt_code)) {
+                        return nt_errs[idx].nt_errstr;
+		}
+		idx++;
+	}
+
+	slprintf(out, sizeof(out), "NT_STATUS(0x%08x)", NT_STATUS_V(nt_code));
+
+        return out;
+}
+
+/*****************************************************************************
+ returns the NT_STATUS constant matching the string supplied (as an NTSTATUS)
+ *****************************************************************************/
+NTSTATUS nt_status_string_to_code(char *nt_status_str)
+{
+        int idx = 0;
+
+	while (nt_errs[idx].nt_errstr != NULL) {
+		if (strcmp(nt_errs[idx].nt_errstr, nt_status_str) == 0) {
+                        return nt_errs[idx].nt_errcode;
+		}
+		idx++;
+	}
+	return NT_STATUS_UNSUCCESSFUL;
+}
diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange.c
new file mode 100644
index 0000000000..b96bdc95a1
--- /dev/null
+++ b/source3/libsmb/passchange.c
@@ -0,0 +1,101 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB client password change routine
+   Copyright (C) Andrew Tridgell 1994-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+
+extern pstring global_myname;
+
+/*************************************************************
+change a password on a remote machine using IPC calls
+*************************************************************/
+BOOL remote_password_change(const char *remote_machine, const char *user_name, 
+			    const char *old_passwd, const char *new_passwd,
+			    char *err_str, size_t err_str_len)
+{
+	struct nmb_name calling, called;
+	struct cli_state cli;
+	struct in_addr ip;
+
+	*err_str = '\0';
+
+	if(!resolve_name( remote_machine, &ip, 0x20)) {
+		slprintf(err_str, err_str_len-1, "unable to find an IP address for machine %s.\n",
+			remote_machine );
+		return False;
+	}
+ 
+	ZERO_STRUCT(cli);
+ 
+	if (!cli_initialise(&cli) || !cli_connect(&cli, remote_machine, &ip)) {
+		slprintf(err_str, err_str_len-1, "unable to connect to SMB server on machine %s. Error was : %s.\n",
+			remote_machine, cli_errstr(&cli) );
+		return False;
+	}
+  
+	make_nmb_name(&calling, global_myname , 0x0);
+	make_nmb_name(&called , remote_machine, 0x20);
+	
+	if (!cli_session_request(&cli, &calling, &called)) {
+		slprintf(err_str, err_str_len-1, "machine %s rejected the session setup. Error was : %s.\n",
+			remote_machine, cli_errstr(&cli) );
+		cli_shutdown(&cli);
+		return False;
+	}
+  
+	cli.protocol = PROTOCOL_NT1;
+
+	if (!cli_negprot(&cli)) {
+		slprintf(err_str, err_str_len-1, "machine %s rejected the negotiate protocol. Error was : %s.\n",        
+			remote_machine, cli_errstr(&cli) );
+		cli_shutdown(&cli);
+		return False;
+	}
+  
+	/*
+	 * We should connect as the anonymous user here, in case
+	 * the server has "must change password" checked...
+	 * Thanks to <Nicholas.S.Jenkins@cdc.com> for this fix.
+	 */
+
+	if (!cli_session_setup(&cli, "", "", 0, "", 0, "")) {
+		slprintf(err_str, err_str_len-1, "machine %s rejected the session setup. Error was : %s.\n",        
+			remote_machine, cli_errstr(&cli) );
+		cli_shutdown(&cli);
+		return False;
+	}               
+
+	if (!cli_send_tconX(&cli, "IPC$", "IPC", "", 1)) {
+		slprintf(err_str, err_str_len-1, "machine %s rejected the tconX on the IPC$ share. Error was : %s.\n",
+			remote_machine, cli_errstr(&cli) );
+		cli_shutdown(&cli);
+		return False;
+	}
+
+	if(!cli_oem_change_password(&cli, user_name, new_passwd, old_passwd)) {
+		slprintf(err_str, err_str_len-1, "machine %s rejected the password change: Error was : %s.\n",
+			remote_machine, cli_errstr(&cli) );
+		cli_shutdown(&cli);
+		return False;
+	}
+	
+	cli_shutdown(&cli);
+	return True;
+}
diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c
new file mode 100644
index 0000000000..7d1185d9a7
--- /dev/null
+++ b/source3/libsmb/pwd_cache.c
@@ -0,0 +1,249 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Password cacheing.  obfuscation is planned
+   Copyright (C) Luke Kenneth Casson Leighton 1996-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/****************************************************************************
+ Initialises a password structure.
+****************************************************************************/
+
+void pwd_init(struct pwd_info *pwd)
+{
+	memset((char *)pwd->password  , '\0', sizeof(pwd->password  ));
+	memset((char *)pwd->smb_lm_pwd, '\0', sizeof(pwd->smb_lm_pwd));
+	memset((char *)pwd->smb_nt_pwd, '\0', sizeof(pwd->smb_nt_pwd));
+	memset((char *)pwd->smb_lm_owf, '\0', sizeof(pwd->smb_lm_owf));
+	memset((char *)pwd->smb_nt_owf, '\0', sizeof(pwd->smb_nt_owf));
+
+	pwd->null_pwd  = True; /* safest option... */
+	pwd->cleartext = False;
+	pwd->crypted   = False;
+}
+
+/****************************************************************************
+ Returns NULL password flag.
+****************************************************************************/
+
+BOOL pwd_is_nullpwd(const struct pwd_info *pwd)
+{
+        return pwd->null_pwd;
+}
+
+/****************************************************************************
+ Compares two passwords.  hmm, not as trivial as expected.  hmm.
+****************************************************************************/
+
+BOOL pwd_compare(const struct pwd_info *pwd1, const struct pwd_info *pwd2)
+{
+	if (pwd1->cleartext && pwd2->cleartext) {
+		if (strequal(pwd1->password, pwd2->password))
+			return True;
+	}
+	if (pwd1->null_pwd && pwd2->null_pwd)
+		return True;
+
+	if (!pwd1->null_pwd  && !pwd2->null_pwd &&
+	    !pwd1->cleartext && !pwd2->cleartext) {
+#ifdef DEBUG_PASSWORD
+		DEBUG(100,("pwd compare: nt#\n"));
+		dump_data(100, pwd1->smb_nt_pwd, 16);
+		dump_data(100, pwd2->smb_nt_pwd, 16);
+#endif
+		if (memcmp(pwd1->smb_nt_pwd, pwd2->smb_nt_pwd, 16) == 0)
+			return True;
+#ifdef DEBUG_PASSWORD
+		DEBUG(100,("pwd compare: lm#\n"));
+		dump_data(100, pwd1->smb_lm_pwd, 16);
+		dump_data(100, pwd2->smb_lm_pwd, 16);
+#endif
+		if (memcmp(pwd1->smb_lm_pwd, pwd2->smb_lm_pwd, 16) == 0)
+			return True;
+	}
+	return False;
+}
+
+/****************************************************************************
+ Reads a password.
+****************************************************************************/
+
+void pwd_read(struct pwd_info *pwd, char *passwd_report, BOOL do_encrypt)
+{
+	/* grab a password */
+	char *user_pass;
+
+	pwd_init(pwd);
+
+	user_pass = (char*)getpass(passwd_report);
+
+	/*
+	 * Do not assume that an empty string is a NULL password.
+	 * If you do this will break the session key generation for
+	 * and account with an emtpy password.  If you wish to use
+	 * a NULL password, use the -N option to smbclient and rpcclient
+	 * --jerry
+	 */
+#if 0
+	if (user_pass == NULL || user_pass[0] == 0)
+		pwd_set_nullpwd(pwd);
+	else if (do_encrypt)
+#endif
+	if (do_encrypt)
+		pwd_make_lm_nt_16(pwd, user_pass);
+	else
+		pwd_set_cleartext(pwd, user_pass);
+}
+
+/****************************************************************************
+ Stores a cleartext password.
+****************************************************************************/
+
+void pwd_set_nullpwd(struct pwd_info *pwd)
+{
+	pwd_init(pwd);
+
+	pwd->cleartext = False;
+	pwd->null_pwd  = True;
+	pwd->crypted   = False;
+}
+
+/****************************************************************************
+ Stores a cleartext password.
+****************************************************************************/
+
+void pwd_set_cleartext(struct pwd_info *pwd, char *clr)
+{
+	pwd_init(pwd);
+	push_ascii_fstring(pwd->password, clr);
+	pwd->cleartext = True;
+	pwd->null_pwd  = False;
+	pwd->crypted   = False;
+	pwd_make_lm_nt_16(pwd, clr);
+}
+
+/****************************************************************************
+ Gets a cleartext password.
+****************************************************************************/
+
+void pwd_get_cleartext(struct pwd_info *pwd, char *clr)
+{
+	if (pwd->cleartext)
+		fstrcpy(clr, pwd->password);
+	else
+		clr[0] = 0;
+
+}
+
+/****************************************************************************
+ Stores lm and nt hashed passwords.
+****************************************************************************/
+
+void pwd_set_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16])
+{
+	pwd_init(pwd);
+
+	if (lm_pwd)
+		memcpy(pwd->smb_lm_pwd, lm_pwd, 16);
+	else
+		memset((char *)pwd->smb_lm_pwd, '\0', 16);
+
+	if (nt_pwd)
+		memcpy(pwd->smb_nt_pwd, nt_pwd, 16);
+	else
+		memset((char *)pwd->smb_nt_pwd, '\0', 16);
+
+	pwd->null_pwd  = False;
+	pwd->cleartext = False;
+	pwd->crypted   = False;
+}
+
+/****************************************************************************
+ Gets lm and nt hashed passwords.
+****************************************************************************/
+
+void pwd_get_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16])
+{
+	if (lm_pwd != NULL)
+		memcpy(lm_pwd, pwd->smb_lm_pwd, 16);
+	if (nt_pwd != NULL)
+		memcpy(nt_pwd, pwd->smb_nt_pwd, 16);
+}
+
+/****************************************************************************
+ Makes lm and nt hashed passwords.
+****************************************************************************/
+
+void pwd_make_lm_nt_16(struct pwd_info *pwd, char *clr)
+{
+	pstring dos_passwd;
+
+	pwd_init(pwd);
+
+	push_ascii_pstring(dos_passwd, clr);
+
+	nt_lm_owf_gen(dos_passwd, pwd->smb_nt_pwd, pwd->smb_lm_pwd);
+	pwd->null_pwd  = False;
+	pwd->cleartext = False;
+	pwd->crypted = False;
+}
+
+/****************************************************************************
+ Makes lm and nt OWF crypts.
+****************************************************************************/
+
+void pwd_make_lm_nt_owf(struct pwd_info *pwd, uchar cryptkey[8])
+{
+
+#ifdef DEBUG_PASSWORD
+	DEBUG(100,("client cryptkey: "));
+	dump_data(100, (char *)cryptkey, 8);
+#endif
+
+	SMBOWFencrypt(pwd->smb_nt_pwd, cryptkey, pwd->smb_nt_owf);
+
+#ifdef DEBUG_PASSWORD
+	DEBUG(100,("nt_owf_passwd: "));
+	dump_data(100, (char *)pwd->smb_nt_owf, sizeof(pwd->smb_nt_owf));
+	DEBUG(100,("nt_sess_pwd: "));
+	dump_data(100, (char *)pwd->smb_nt_pwd, sizeof(pwd->smb_nt_pwd));
+#endif
+
+	SMBOWFencrypt(pwd->smb_lm_pwd, cryptkey, pwd->smb_lm_owf);
+
+#ifdef DEBUG_PASSWORD
+	DEBUG(100,("lm_owf_passwd: "));
+	dump_data(100, (char *)pwd->smb_lm_owf, sizeof(pwd->smb_lm_owf));
+	DEBUG(100,("lm_sess_pwd: "));
+	dump_data(100, (char *)pwd->smb_lm_pwd, sizeof(pwd->smb_lm_pwd));
+#endif
+
+	pwd->crypted = True;
+}
+
+/****************************************************************************
+ Gets lm and nt crypts.
+****************************************************************************/
+
+void pwd_get_lm_nt_owf(struct pwd_info *pwd, uchar lm_owf[24], uchar nt_owf[24])
+{
+	if (lm_owf != NULL)
+		memcpy(lm_owf, pwd->smb_lm_owf, 24);
+	if (nt_owf != NULL)
+		memcpy(nt_owf, pwd->smb_nt_owf, 24);
+}
diff --git a/source3/libsmb/smbdes.c b/source3/libsmb/smbdes.c
new file mode 100644
index 0000000000..cde77f94a3
--- /dev/null
+++ b/source3/libsmb/smbdes.c
@@ -0,0 +1,415 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   a partial implementation of DES designed for use in the 
+   SMB authentication protocol
+
+   Copyright (C) Andrew Tridgell 1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/* NOTES: 
+
+   This code makes no attempt to be fast! In fact, it is a very
+   slow implementation 
+
+   This code is NOT a complete DES implementation. It implements only
+   the minimum necessary for SMB authentication, as used by all SMB
+   products (including every copy of Microsoft Windows95 ever sold)
+
+   In particular, it can only do a unchained forward DES pass. This
+   means it is not possible to use this code for encryption/decryption
+   of data, instead it is only useful as a "hash" algorithm.
+
+   There is no entry point into this code that allows normal DES operation.
+
+   I believe this means that this code does not come under ITAR
+   regulations but this is NOT a legal opinion. If you are concerned
+   about the applicability of ITAR regulations to this code then you
+   should confirm it for yourself (and maybe let me know if you come
+   up with a different answer to the one above)
+*/
+
+
+#define uchar unsigned char
+
+static const uchar perm1[56] = {57, 49, 41, 33, 25, 17,  9,
+			 1, 58, 50, 42, 34, 26, 18,
+			10,  2, 59, 51, 43, 35, 27,
+			19, 11,  3, 60, 52, 44, 36,
+			63, 55, 47, 39, 31, 23, 15,
+			 7, 62, 54, 46, 38, 30, 22,
+			14,  6, 61, 53, 45, 37, 29,
+			21, 13,  5, 28, 20, 12,  4};
+
+static const uchar perm2[48] = {14, 17, 11, 24,  1,  5,
+                         3, 28, 15,  6, 21, 10,
+                        23, 19, 12,  4, 26,  8,
+                        16,  7, 27, 20, 13,  2,
+                        41, 52, 31, 37, 47, 55,
+                        30, 40, 51, 45, 33, 48,
+                        44, 49, 39, 56, 34, 53,
+                        46, 42, 50, 36, 29, 32};
+
+static const uchar perm3[64] = {58, 50, 42, 34, 26, 18, 10,  2,
+			60, 52, 44, 36, 28, 20, 12,  4,
+			62, 54, 46, 38, 30, 22, 14,  6,
+			64, 56, 48, 40, 32, 24, 16,  8,
+			57, 49, 41, 33, 25, 17,  9,  1,
+			59, 51, 43, 35, 27, 19, 11,  3,
+			61, 53, 45, 37, 29, 21, 13,  5,
+			63, 55, 47, 39, 31, 23, 15,  7};
+
+static const uchar perm4[48] = {   32,  1,  2,  3,  4,  5,
+                            4,  5,  6,  7,  8,  9,
+                            8,  9, 10, 11, 12, 13,
+                           12, 13, 14, 15, 16, 17,
+                           16, 17, 18, 19, 20, 21,
+                           20, 21, 22, 23, 24, 25,
+                           24, 25, 26, 27, 28, 29,
+                           28, 29, 30, 31, 32,  1};
+
+static const uchar perm5[32] = {      16,  7, 20, 21,
+                              29, 12, 28, 17,
+                               1, 15, 23, 26,
+                               5, 18, 31, 10,
+                               2,  8, 24, 14,
+                              32, 27,  3,  9,
+                              19, 13, 30,  6,
+                              22, 11,  4, 25};
+
+
+static const uchar perm6[64] ={ 40,  8, 48, 16, 56, 24, 64, 32,
+                        39,  7, 47, 15, 55, 23, 63, 31,
+                        38,  6, 46, 14, 54, 22, 62, 30,
+                        37,  5, 45, 13, 53, 21, 61, 29,
+                        36,  4, 44, 12, 52, 20, 60, 28,
+                        35,  3, 43, 11, 51, 19, 59, 27,
+                        34,  2, 42, 10, 50, 18, 58, 26,
+                        33,  1, 41,  9, 49, 17, 57, 25};
+
+
+static const uchar sc[16] = {1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1};
+
+static const uchar sbox[8][4][16] = {
+	{{14,  4, 13,  1,  2, 15, 11,  8,  3, 10,  6, 12,  5,  9,  0,  7},
+	 {0, 15,  7,  4, 14,  2, 13,  1, 10,  6, 12, 11,  9,  5,  3,  8},
+	 {4,  1, 14,  8, 13,  6,  2, 11, 15, 12,  9,  7,  3, 10,  5,  0},
+	 {15, 12,  8,  2,  4,  9,  1,  7,  5, 11,  3, 14, 10,  0,  6, 13}},
+
+	{{15,  1,  8, 14,  6, 11,  3,  4,  9,  7,  2, 13, 12,  0,  5, 10},
+	 {3, 13,  4,  7, 15,  2,  8, 14, 12,  0,  1, 10,  6,  9, 11,  5},
+	 {0, 14,  7, 11, 10,  4, 13,  1,  5,  8, 12,  6,  9,  3,  2, 15},
+	 {13,  8, 10,  1,  3, 15,  4,  2, 11,  6,  7, 12,  0,  5, 14,  9}},
+
+	{{10,  0,  9, 14,  6,  3, 15,  5,  1, 13, 12,  7, 11,  4,  2,  8},
+	 {13,  7,  0,  9,  3,  4,  6, 10,  2,  8,  5, 14, 12, 11, 15,  1},
+	 {13,  6,  4,  9,  8, 15,  3,  0, 11,  1,  2, 12,  5, 10, 14,  7},
+	 {1, 10, 13,  0,  6,  9,  8,  7,  4, 15, 14,  3, 11,  5,  2, 12}},
+
+	{{7, 13, 14,  3,  0,  6,  9, 10,  1,  2,  8,  5, 11, 12,  4, 15},
+	 {13,  8, 11,  5,  6, 15,  0,  3,  4,  7,  2, 12,  1, 10, 14,  9},
+	 {10,  6,  9,  0, 12, 11,  7, 13, 15,  1,  3, 14,  5,  2,  8,  4},
+	 {3, 15,  0,  6, 10,  1, 13,  8,  9,  4,  5, 11, 12,  7,  2, 14}},
+
+	{{2, 12,  4,  1,  7, 10, 11,  6,  8,  5,  3, 15, 13,  0, 14,  9},
+	 {14, 11,  2, 12,  4,  7, 13,  1,  5,  0, 15, 10,  3,  9,  8,  6},
+	 {4,  2,  1, 11, 10, 13,  7,  8, 15,  9, 12,  5,  6,  3,  0, 14},
+	 {11,  8, 12,  7,  1, 14,  2, 13,  6, 15,  0,  9, 10,  4,  5,  3}},
+
+	{{12,  1, 10, 15,  9,  2,  6,  8,  0, 13,  3,  4, 14,  7,  5, 11},
+	 {10, 15,  4,  2,  7, 12,  9,  5,  6,  1, 13, 14,  0, 11,  3,  8},
+	 {9, 14, 15,  5,  2,  8, 12,  3,  7,  0,  4, 10,  1, 13, 11,  6},
+	 {4,  3,  2, 12,  9,  5, 15, 10, 11, 14,  1,  7,  6,  0,  8, 13}},
+
+	{{4, 11,  2, 14, 15,  0,  8, 13,  3, 12,  9,  7,  5, 10,  6,  1},
+	 {13,  0, 11,  7,  4,  9,  1, 10, 14,  3,  5, 12,  2, 15,  8,  6},
+	 {1,  4, 11, 13, 12,  3,  7, 14, 10, 15,  6,  8,  0,  5,  9,  2},
+	 {6, 11, 13,  8,  1,  4, 10,  7,  9,  5,  0, 15, 14,  2,  3, 12}},
+
+	{{13,  2,  8,  4,  6, 15, 11,  1, 10,  9,  3, 14,  5,  0, 12,  7},
+	 {1, 15, 13,  8, 10,  3,  7,  4, 12,  5,  6, 11,  0, 14,  9,  2},
+	 {7, 11,  4,  1,  9, 12, 14,  2,  0,  6, 10, 13, 15,  3,  5,  8},
+	 {2,  1, 14,  7,  4, 10,  8, 13, 15, 12,  9,  0,  3,  5,  6, 11}}};
+
+static void permute(char *out, const char *in, const uchar *p, int n)
+{
+	int i;
+	for (i=0;i<n;i++)
+		out[i] = in[p[i]-1];
+}
+
+static void lshift(char *d, int count, int n)
+{
+	char out[64];
+	int i;
+	for (i=0;i<n;i++)
+		out[i] = d[(i+count)%n];
+	for (i=0;i<n;i++)
+		d[i] = out[i];
+}
+
+static void concat(char *out, char *in1, char *in2, int l1, int l2)
+{
+	while (l1--)
+		*out++ = *in1++;
+	while (l2--)
+		*out++ = *in2++;
+}
+
+static void xor(char *out, char *in1, char *in2, int n)
+{
+	int i;
+	for (i=0;i<n;i++)
+		out[i] = in1[i] ^ in2[i];
+}
+
+static void dohash(char *out, char *in, char *key, int forw)
+{
+	int i, j, k;
+	char pk1[56];
+	char c[28];
+	char d[28];
+	char cd[56];
+	char ki[16][48];
+	char pd1[64];
+	char l[32], r[32];
+	char rl[64];
+
+	permute(pk1, key, perm1, 56);
+
+	for (i=0;i<28;i++)
+		c[i] = pk1[i];
+	for (i=0;i<28;i++)
+		d[i] = pk1[i+28];
+
+	for (i=0;i<16;i++) {
+		lshift(c, sc[i], 28);
+		lshift(d, sc[i], 28);
+
+		concat(cd, c, d, 28, 28); 
+		permute(ki[i], cd, perm2, 48); 
+	}
+
+	permute(pd1, in, perm3, 64);
+
+	for (j=0;j<32;j++) {
+		l[j] = pd1[j];
+		r[j] = pd1[j+32];
+	}
+
+	for (i=0;i<16;i++) {
+		char er[48];
+		char erk[48];
+		char b[8][6];
+		char cb[32];
+		char pcb[32];
+		char r2[32];
+
+		permute(er, r, perm4, 48);
+
+		xor(erk, er, ki[forw ? i : 15 - i], 48);
+
+		for (j=0;j<8;j++)
+			for (k=0;k<6;k++)
+				b[j][k] = erk[j*6 + k];
+
+		for (j=0;j<8;j++) {
+			int m, n;
+			m = (b[j][0]<<1) | b[j][5];
+
+			n = (b[j][1]<<3) | (b[j][2]<<2) | (b[j][3]<<1) | b[j][4]; 
+
+			for (k=0;k<4;k++) 
+				b[j][k] = (sbox[j][m][n] & (1<<(3-k)))?1:0; 
+		}
+
+		for (j=0;j<8;j++)
+			for (k=0;k<4;k++)
+				cb[j*4+k] = b[j][k];
+		permute(pcb, cb, perm5, 32);
+
+		xor(r2, l, pcb, 32);
+
+		for (j=0;j<32;j++)
+			l[j] = r[j];
+
+		for (j=0;j<32;j++)
+			r[j] = r2[j];
+	}
+
+	concat(rl, r, l, 32, 32);
+
+	permute(out, rl, perm6, 64);
+}
+
+static void str_to_key(const unsigned char *str,unsigned char *key)
+{
+	int i;
+
+	key[0] = str[0]>>1;
+	key[1] = ((str[0]&0x01)<<6) | (str[1]>>2);
+	key[2] = ((str[1]&0x03)<<5) | (str[2]>>3);
+	key[3] = ((str[2]&0x07)<<4) | (str[3]>>4);
+	key[4] = ((str[3]&0x0F)<<3) | (str[4]>>5);
+	key[5] = ((str[4]&0x1F)<<2) | (str[5]>>6);
+	key[6] = ((str[5]&0x3F)<<1) | (str[6]>>7);
+	key[7] = str[6]&0x7F;
+	for (i=0;i<8;i++) {
+		key[i] = (key[i]<<1);
+	}
+}
+
+
+static void smbhash(unsigned char *out, const unsigned char *in, const unsigned char *key, int forw)
+{
+	int i;
+	char outb[64];
+	char inb[64];
+	char keyb[64];
+	unsigned char key2[8];
+
+	str_to_key(key, key2);
+
+	for (i=0;i<64;i++) {
+		inb[i] = (in[i/8] & (1<<(7-(i%8)))) ? 1 : 0;
+		keyb[i] = (key2[i/8] & (1<<(7-(i%8)))) ? 1 : 0;
+		outb[i] = 0;
+	}
+
+	dohash(outb, inb, keyb, forw);
+
+	for (i=0;i<8;i++) {
+		out[i] = 0;
+	}
+
+	for (i=0;i<64;i++) {
+		if (outb[i])
+			out[i/8] |= (1<<(7-(i%8)));
+	}
+}
+
+void E_P16(const unsigned char *p14,unsigned char *p16)
+{
+	unsigned char sp8[8] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};
+	smbhash(p16, sp8, p14, 1);
+	smbhash(p16+8, sp8, p14+7, 1);
+}
+
+void E_P24(const unsigned char *p21, const unsigned char *c8, unsigned char *p24)
+{
+	smbhash(p24, c8, p21, 1);
+	smbhash(p24+8, c8, p21+7, 1);
+	smbhash(p24+16, c8, p21+14, 1);
+}
+
+void D_P16(const unsigned char *p14, const unsigned char *in, unsigned char *out)
+{
+	smbhash(out, in, p14, 0);
+        smbhash(out+8, in+8, p14+7, 0);
+}
+
+void E_old_pw_hash( unsigned char *p14, const unsigned char *in, unsigned char *out)
+{
+        smbhash(out, in, p14, 1);
+        smbhash(out+8, in+8, p14+7, 1);
+}
+
+void cred_hash1(unsigned char *out, const unsigned char *in, const unsigned char *key)
+{
+	unsigned char buf[8];
+
+	smbhash(buf, in, key, 1);
+	smbhash(out, buf, key+9, 1);
+}
+
+void cred_hash2(unsigned char *out, const unsigned char *in, const unsigned char *key)
+{
+	unsigned char buf[8];
+	static unsigned char key2[8];
+
+	smbhash(buf, in, key, 1);
+	key2[0] = key[7];
+	smbhash(out, buf, key2, 1);
+}
+
+void cred_hash3(unsigned char *out, unsigned char *in, const unsigned char *key, int forw)
+{
+        static unsigned char key2[8];
+
+        smbhash(out, in, key, forw);
+        key2[0] = key[7];
+        smbhash(out + 8, in + 8, key2, forw);
+}
+
+void SamOEMhash( unsigned char *data, const unsigned char *key, int val)
+{
+  unsigned char s_box[256];
+  unsigned char index_i = 0;
+  unsigned char index_j = 0;
+  unsigned char j = 0;
+  int ind;
+
+  for (ind = 0; ind < 256; ind++)
+  {
+    s_box[ind] = (unsigned char)ind;
+  }
+
+  for( ind = 0; ind < 256; ind++)
+  {
+     unsigned char tc;
+
+     j += (s_box[ind] + key[ind%16]);
+
+     tc = s_box[ind];
+     s_box[ind] = s_box[j];
+     s_box[j] = tc;
+  }
+  for( ind = 0; ind < val; ind++)
+  {
+    unsigned char tc;
+    unsigned char t;
+
+    index_i++;
+    index_j += s_box[index_i];
+
+    tc = s_box[index_i];
+    s_box[index_i] = s_box[index_j];
+    s_box[index_j] = tc;
+
+    t = s_box[index_i] + s_box[index_j];
+    data[ind] = data[ind] ^ s_box[t];
+  }
+}
+
+/* Decode a sam password hash into a password.  The password hash is the
+   same method used to store passwords in the NT registry.  The DES key
+   used is based on the RID of the user. */
+
+void sam_pwd_hash(unsigned int rid, const uchar *in, uchar *out, int forw)
+{
+	uchar s[14];
+
+	s[0] = s[4] = s[8] = s[12] = (uchar)(rid & 0xFF);
+	s[1] = s[5] = s[9] = s[13] = (uchar)((rid >> 8) & 0xFF);
+	s[2] = s[6] = s[10]        = (uchar)((rid >> 16) & 0xFF);
+	s[3] = s[7] = s[11]        = (uchar)((rid >> 24) & 0xFF);
+
+	smbhash(out, in, s, forw);
+	smbhash(out+8, in+8, s+7, forw);
+}
diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c
index a0683b5d28..6fa8de418a 100644
--- a/source3/libsmb/smbencrypt.c
+++ b/source3/libsmb/smbencrypt.c
@@ -1,10 +1,10 @@
-#ifdef SMB_PASSWD
 /* 
-   Unix SMB/Netbios implementation.
-   Version 1.9.
+   Unix SMB/CIFS implementation.
    SMB parameters and setup
-   Copyright (C) Andrew Tridgell 1992-1995
+   Copyright (C) Andrew Tridgell 1992-1998
    Modified by Jeremy Allison 1995.
+   Copyright (C) Jeremy Allison 1995-2000.
+   Copyright (C) Luke Kennethc Casson Leighton 1996-2000.
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -22,181 +22,322 @@
 */
 
 #include "includes.h"
-#include "loadparm.h"
-#include "des.h"
-#include "md4.h"
-
-extern int DEBUGLEVEL;
-
-#ifndef uchar
-#define uchar unsigned char
-#endif
-#ifndef int16
-#define int16 unsigned short
-#endif
-#ifndef uint16
-#define uint16 unsigned short
-#endif
-#ifndef uint32
-#define uint32 unsigned int
-#endif
-
 #include "byteorder.h"
 
-void str_to_key(uchar *str,uchar *key)
+/*
+   This implements the X/Open SMB password encryption
+   It takes a password, a 8 byte "crypt key" and puts 24 bytes of 
+   encrypted password into p24 */
+void SMBencrypt(const uchar *passwd, const uchar *c8, uchar *p24)
 {
-  void des_set_odd_parity(des_cblock *);
-  int i;
-
-  key[0] = str[0]>>1;
-  key[1] = ((str[0]&0x01)<<6) | (str[1]>>2);
-  key[2] = ((str[1]&0x03)<<5) | (str[2]>>3);
-  key[3] = ((str[2]&0x07)<<4) | (str[3]>>4);
-  key[4] = ((str[3]&0x0F)<<3) | (str[4]>>5);
-  key[5] = ((str[4]&0x1F)<<2) | (str[5]>>6);
-  key[6] = ((str[5]&0x3F)<<1) | (str[6]>>7);
-  key[7] = str[6]&0x7F;
-  for (i=0;i<8;i++) {
-    key[i] = (key[i]<<1);
-  }
-  des_set_odd_parity((des_cblock *)key);
-}
+	uchar p14[15], p21[21];
 
-void D1(uchar *k, uchar *d, uchar *out)
-{
-  des_key_schedule ks;
-  des_cblock deskey;
+	memset(p21,'\0',21);
+	memset(p14,'\0',14);
+	StrnCpy((char *)p14,(const char *)passwd,14);
 
-  str_to_key(k,(uchar *)deskey);
-  des_set_key(deskey,ks);
-  des_ecb_encrypt(d, out, ks, DES_DECRYPT);
-}
+	strupper((char *)p14);
+	E_P16(p14, p21); 
 
-void E1(uchar *k, uchar *d, uchar *out)
-{
-  des_key_schedule ks;
-  des_cblock deskey;
+	SMBOWFencrypt(p21, c8, p24);
 
-  str_to_key(k,(uchar *)deskey);
-  des_set_key(deskey,ks);
-  des_ecb_encrypt(d, out, ks, DES_ENCRYPT);
+#ifdef DEBUG_PASSWORD
+	DEBUG(100,("SMBencrypt: lm#, challenge, response\n"));
+	dump_data(100, (char *)p21, 16);
+	dump_data(100, (const char *)c8, 8);
+	dump_data(100, (char *)p24, 24);
+#endif
 }
+
+/* 
+ * Creates the MD4 Hash of the users password in NT UNICODE.
+ */
  
-void E_P16(uchar *p14,uchar *p16)
+void E_md4hash(const uchar *passwd, uchar *p16)
 {
-  uchar sp7[7];
-  /* the following constant makes us compatible with other
-  implementations. Note that publishing this constant does not reduce the
-  security of the encryption mechanism */
-  uchar sp8[] = {0xAA,0xD3,0xB4,0x35,0xB5,0x14,0x4,0xEE};
-  uchar x[8];
-
-  memset(sp7,'\0',7);
-
-  D1(sp7, sp8, x);
-  E1(p14, x, p16);
-  E1(p14+7, x, p16+8);
+	int len;
+	smb_ucs2_t wpwd[129];
+	
+	/* Password cannot be longer than 128 characters */
+	len = strlen((const char *)passwd);
+	if(len > 128)
+		len = 128;
+	/* Password must be converted to NT unicode - null terminated. */
+	push_ucs2(NULL, wpwd, (const char *)passwd, 256, STR_UNICODE|STR_NOALIGN|STR_TERMINATE);
+	/* Calculate length in bytes */
+	len = strlen_w(wpwd) * sizeof(int16);
+
+	mdfour(p16, (unsigned char *)wpwd, len);
 }
 
-void E_P24(uchar *p21, uchar *c8, uchar *p24)
+/* Does both the NT and LM owfs of a user's password */
+void nt_lm_owf_gen(const char *pwd, uchar nt_p16[16], uchar p16[16])
 {
-  E1(p21, c8, p24);
-  E1(p21+7, c8, p24+8);
-  E1(p21+14, c8, p24+16);
-}
+	char passwd[514];
 
+	memset(passwd,'\0',514);
+	safe_strcpy( passwd, pwd, sizeof(passwd)-1);
 
-/*
-   This implements the X/Open SMB password encryption
-   It takes a password, a 8 byte "crypt key" and puts 24 bytes of 
-   encrypted password into p24 */
-void SMBencrypt(uchar *passwd, uchar *c8, uchar *p24)
-{
-  uchar p14[15], p21[21];
+	/* Calculate the MD4 hash (NT compatible) of the password */
+	memset(nt_p16, '\0', 16);
+	E_md4hash((uchar *)passwd, nt_p16);
+
+#ifdef DEBUG_PASSWORD
+	DEBUG(100,("nt_lm_owf_gen: pwd, nt#\n"));
+	dump_data(120, passwd, strlen(passwd));
+	dump_data(100, (char *)nt_p16, 16);
+#endif
 
-  memset(p21,'\0',21);
-  memset(p14,'\0',14);
-  StrnCpy((char *)p14,(char *)passwd,14);
+	/* Mangle the passwords into Lanman format */
+	passwd[14] = '\0';
+	strupper(passwd);
 
-  strupper((char *)p14);
-  E_P16(p14, p21); 
-  E_P24(p21, c8, p24);
+	/* Calculate the SMB (lanman) hash functions of the password */
+
+	memset(p16, '\0', 16);
+	E_P16((uchar *) passwd, (uchar *)p16);
+
+#ifdef DEBUG_PASSWORD
+	DEBUG(100,("nt_lm_owf_gen: pwd, lm#\n"));
+	dump_data(120, passwd, strlen(passwd));
+	dump_data(100, (char *)p16, 16);
+#endif
+	/* clear out local copy of user's password (just being paranoid). */
+	memset(passwd, '\0', sizeof(passwd));
 }
 
-/* Routines for Windows NT MD4 Hash functions. */
-static int _my_wcslen(int16 *str)
+/* Does both the NTLMv2 owfs of a user's password */
+void ntv2_owf_gen(const uchar owf[16],
+		  const char *user_n, const char *domain_n, uchar kr_buf[16])
 {
-	int len = 0;
-	while(*str++ != 0)
-		len++;
-	return len;
+	pstring user_u;
+	pstring dom_u;
+	HMACMD5Context ctx;
+
+	int user_l = strlen(user_n);
+	int domain_l = strlen(domain_n);
+
+	push_ucs2(NULL, user_u, user_n, (user_l+1)*2, STR_UNICODE|STR_NOALIGN|STR_TERMINATE|STR_UPPER);
+	push_ucs2(NULL, dom_u, domain_n, (domain_l+1)*2, STR_UNICODE|STR_NOALIGN|STR_TERMINATE|STR_UPPER);
+
+	hmac_md5_init_limK_to_64(owf, 16, &ctx);
+	hmac_md5_update((const unsigned char *)user_u, user_l * 2, &ctx);
+	hmac_md5_update((const unsigned char *)dom_u, domain_l * 2, &ctx);
+	hmac_md5_final(kr_buf, &ctx);
+
+#ifdef DEBUG_PASSWORD
+	DEBUG(100, ("ntv2_owf_gen: user, domain, owfkey, kr\n"));
+	dump_data(100, user_u, user_l * 2);
+	dump_data(100, dom_u, domain_l * 2);
+	dump_data(100, owf, 16);
+	dump_data(100, kr_buf, 16);
+#endif
 }
 
-/*
- * Convert a string into an NT UNICODE string.
- * Note that regardless of processor type 
- * this must be in intel (little-endian)
- * format.
- */
- 
-static int _my_mbstowcs(int16 *dst, uchar *src, int len)
+/* Does the des encryption from the NT or LM MD4 hash. */
+void SMBOWFencrypt(const uchar passwd[16], const uchar *c8, uchar p24[24])
 {
-	int i;
-	int16 val;
+	uchar p21[21];
  
-	for(i = 0; i < len; i++) {
-		val = *src;
-		SSVAL(dst,0,val);
-		dst++;
-		src++;
-		if(val == 0)
-			break;
-	}
-	return i;
+	memset(p21,'\0',21);
+ 
+	memcpy(p21, passwd, 16);    
+	E_P24(p21, c8, p24);
 }
 
-/* 
- * Creates the MD4 Hash of the users password in NT UNICODE.
- */
- 
-void E_md4hash(uchar *passwd, uchar *p16)
+/* Does the des encryption from the FIRST 8 BYTES of the NT or LM MD4 hash. */
+void NTLMSSPOWFencrypt(const uchar passwd[8], const uchar *ntlmchalresp, uchar p24[24])
 {
-	int i, len;
-	int16 wpwd[129];
-	MDstruct MD;
- 
-	/* Password cannot be longer than 128 characters */
-	len = strlen(passwd);
-	if(len > 128)
-		len = 128;
-	/* Password must be converted to NT unicode */
-	_my_mbstowcs( wpwd, passwd, len);
-	wpwd[len] = 0; /* Ensure string is null terminated */
-	/* Calculate length in bytes */
-	len = _my_wcslen(wpwd) * sizeof(int16);
+	uchar p21[21];
  
-	MDbegin(&MD);
-	for(i = 0; i + 64 <= len; i += 64)
-		MDupdate(&MD,wpwd + (i/2), 512);
-	MDupdate(&MD,wpwd + (i/2),(len-i)*8);
-	SIVAL(p16,0,MD.buffer[0]);
-	SIVAL(p16,4,MD.buffer[1]);
-	SIVAL(p16,8,MD.buffer[2]);
-	SIVAL(p16,12,MD.buffer[3]);
+	memset(p21,'\0',21);
+	memcpy(p21, passwd, 8);    
+	memset(p21 + 8, 0xbd, 8);    
+
+	E_P24(p21, ntlmchalresp, p24);
+#ifdef DEBUG_PASSWORD
+	DEBUG(100,("NTLMSSPOWFencrypt: p21, c8, p24\n"));
+	dump_data(100, (char *)p21, 21);
+	dump_data(100, (const char *)ntlmchalresp, 8);
+	dump_data(100, (char *)p24, 24);
+#endif
 }
 
+
 /* Does the NT MD4 hash then des encryption. */
  
-void SMBNTencrypt(uchar *passwd, uchar *c8, uchar *p24)
+void SMBNTencrypt(const uchar *passwd, uchar *c8, uchar *p24)
 {
 	uchar p21[21];
  
 	memset(p21,'\0',21);
  
 	E_md4hash(passwd, p21);    
-	E_P24(p21, c8, p24);
+	SMBOWFencrypt(p21, c8, p24);
+
+#ifdef DEBUG_PASSWORD
+	DEBUG(100,("SMBNTencrypt: nt#, challenge, response\n"));
+	dump_data(100, (char *)p21, 16);
+	dump_data(100, (char *)c8, 8);
+	dump_data(100, (char *)p24, 24);
+#endif
+}
+
+BOOL make_oem_passwd_hash(char data[516], const char *passwd, uchar old_pw_hash[16], BOOL unicode)
+{
+	int new_pw_len = strlen(passwd) * (unicode ? 2 : 1);
+
+	if (new_pw_len > 512)
+	{
+		DEBUG(0,("make_oem_passwd_hash: new password is too long.\n"));
+		return False;
+	}
+
+	/*
+	 * Now setup the data area.
+	 * We need to generate a random fill
+	 * for this area to make it harder to
+	 * decrypt. JRA.
+	 */
+	generate_random_buffer((unsigned char *)data, 516, False);
+	push_string(NULL, &data[512 - new_pw_len], passwd, new_pw_len, 
+		    STR_NOALIGN | (unicode?STR_UNICODE:STR_ASCII));
+	SIVAL(data, 512, new_pw_len);
+
+#ifdef DEBUG_PASSWORD
+	DEBUG(100,("make_oem_passwd_hash\n"));
+	dump_data(100, data, 516);
+#endif
+	SamOEMhash( (unsigned char *)data, (unsigned char *)old_pw_hash, 516);
+
+	return True;
+}
+
+/* Does the md5 encryption from the NT hash for NTLMv2. */
+void SMBOWFencrypt_ntv2(const uchar kr[16],
+			const DATA_BLOB srv_chal,
+			const DATA_BLOB cli_chal,
+			char resp_buf[16])
+{
+	HMACMD5Context ctx;
+
+	hmac_md5_init_limK_to_64(kr, 16, &ctx);
+	hmac_md5_update(srv_chal.data, srv_chal.length, &ctx);
+	hmac_md5_update(cli_chal.data, cli_chal.length, &ctx);
+	hmac_md5_final((unsigned char *)resp_buf, &ctx);
+
+#ifdef DEBUG_PASSWORD
+	DEBUG(100, ("SMBOWFencrypt_ntv2: srv_chal, cli_chal, resp_buf\n"));
+	dump_data(100, srv_chal.data, srv_chal.length);
+	dump_data(100, cli_chal.data, cli_chal.length);
+	dump_data(100, resp_buf, 16);
+#endif
+}
+
+void SMBsesskeygen_ntv2(const uchar kr[16],
+			const uchar * nt_resp, uint8 sess_key[16])
+{
+	HMACMD5Context ctx;
+
+	hmac_md5_init_limK_to_64(kr, 16, &ctx);
+	hmac_md5_update(nt_resp, 16, &ctx);
+	hmac_md5_final((unsigned char *)sess_key, &ctx);
+
+#ifdef DEBUG_PASSWORD
+	DEBUG(100, ("SMBsesskeygen_ntv2:\n"));
+	dump_data(100, sess_key, 16);
+#endif
+}
+
+void SMBsesskeygen_ntv1(const uchar kr[16],
+			const uchar * nt_resp, uint8 sess_key[16])
+{
+	mdfour((unsigned char *)sess_key, kr, 16);
+
+#ifdef DEBUG_PASSWORD
+	DEBUG(100, ("SMBsesskeygen_ntv1:\n"));
+	dump_data(100, sess_key, 16);
+#endif
 }
 
-#else
-void smbencrypt_dummy(void){}
+/***********************************************************
+ encode a password buffer.  The caller gets to figure out 
+ what to put in it.
+************************************************************/
+BOOL encode_pw_buffer(char buffer[516], char *new_pw, int new_pw_length)
+{
+	generate_random_buffer((unsigned char *)buffer, 516, True);
+
+	memcpy(&buffer[512 - new_pw_length], new_pw, new_pw_length);
+
+	/* 
+	 * The length of the new password is in the last 4 bytes of
+	 * the data buffer.
+	 */
+	SIVAL(buffer, 512, new_pw_length);
+
+	return True;
+}
+
+/***********************************************************
+ decode a password buffer
+ *new_pw_len is the length in bytes of the possibly mulitbyte
+ returned password including termination.
+************************************************************/
+BOOL decode_pw_buffer(char in_buffer[516], char *new_pwrd,
+		      int new_pwrd_size, uint32 *new_pw_len)
+{
+	int byte_len=0;
+
+	/*
+	  Warning !!! : This function is called from some rpc call.
+	  The password IN the buffer is a UNICODE string.
+	  The password IN new_pwrd is an ASCII string
+	  If you reuse that code somewhere else check first.
+	*/
+
+	/* The length of the new password is in the last 4 bytes of the data buffer. */
+
+	byte_len = IVAL(in_buffer, 512);
+
+#ifdef DEBUG_PASSWORD
+	dump_data(100, in_buffer, 516);
 #endif
+
+	/* Password cannot be longer than 128 characters */
+	if ( (byte_len < 0) || (byte_len > new_pwrd_size - 1)) {
+		DEBUG(0, ("decode_pw_buffer: incorrect password length (%d).\n", byte_len));
+		DEBUG(0, ("decode_pw_buffer: check that 'encrypt passwords = yes'\n"));
+		return False;
+	}
+
+	/* decode into the return buffer.  Buffer must be a pstring */
+ 	*new_pw_len = pull_string(NULL, new_pwrd, &in_buffer[512 - byte_len], new_pwrd_size, byte_len, STR_UNICODE);
+
+#ifdef DEBUG_PASSWORD
+	DEBUG(100,("decode_pw_buffer: new_pwrd: "));
+	dump_data(100, (char *)new_pwrd, *new_pw_len);
+	DEBUG(100,("multibyte len:%d\n", *new_pw_len));
+	DEBUG(100,("original char len:%d\n", byte_len/2));
+#endif
+	
+	return True;
+
+}
+
+/* Calculate the NT owfs of a user's password */
+void nt_owf_genW(const UNISTR2 *pwd, uchar nt_p16[16])
+{
+	char buf[512];
+	int i;
+
+	for (i = 0; i < MIN(pwd->uni_str_len, sizeof(buf) / 2); i++)
+	{
+		SIVAL(buf, i * 2, pwd->buffer[i]);
+	}
+	/* Calculate the MD4 hash (NT compatible) of the password */
+	mdfour(nt_p16, (const unsigned char *)buf, pwd->uni_str_len * 2);
+
+	/* clear out local copy of user's password (just being paranoid). */
+	ZERO_STRUCT(buf);
+}
diff --git a/source3/libsmb/smberr.c b/source3/libsmb/smberr.c
new file mode 100644
index 0000000000..84b3f507e6
--- /dev/null
+++ b/source3/libsmb/smberr.c
@@ -0,0 +1,255 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Copyright (C) Andrew Tridgell 1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#define NO_SYSLOG
+
+#include "includes.h"
+
+/* error code stuff - put together by Merik Karman
+   merik@blackadder.dsh.oz.au */
+
+
+/* There is a big list of error codes and their meanings at:
+
+   http://msdn.microsoft.com/library/default.asp?url=/library/en-us/debug/errlist_7oz7.asp
+
+   and if you don't like MSDN try:
+
+   http://www.siris.gr/computers/library/error.htm
+
+*/
+
+typedef const struct
+{
+  char *name;
+  int code;
+  char *message;
+} err_code_struct;
+
+/* Dos Error Messages */
+err_code_struct dos_msgs[] = {
+  {"ERRbadfunc",ERRbadfunc,"Invalid function."},
+  {"ERRbadfile",ERRbadfile,"File not found."},
+  {"ERRbadpath",ERRbadpath,"Directory invalid."},
+  {"ERRnofids",ERRnofids,"No file descriptors available"},
+  {"ERRnoaccess",ERRnoaccess,"Access denied."},
+  {"ERRbadfid",ERRbadfid,"Invalid file handle."},
+  {"ERRbadmcb",ERRbadmcb,"Memory control blocks destroyed."},
+  {"ERRnomem",ERRnomem,"Insufficient server memory to perform the requested function."},
+  {"ERRbadmem",ERRbadmem,"Invalid memory block address."},
+  {"ERRbadenv",ERRbadenv,"Invalid environment."},
+  {"ERRbadformat",11,"Invalid format."},
+  {"ERRbadaccess",ERRbadaccess,"Invalid open mode."},
+  {"ERRbaddata",ERRbaddata,"Invalid data."},
+  {"ERRres",ERRres,"reserved."},
+  {"ERRbaddrive",ERRbaddrive,"Invalid drive specified."},
+  {"ERRremcd",ERRremcd,"A Delete Directory request attempted  to  remove  the  server's  current directory."},
+  {"ERRdiffdevice",ERRdiffdevice,"Not same device."},
+  {"ERRnofiles",ERRnofiles,"A File Search command can find no more files matching the specified criteria."},
+  {"ERRbadshare",ERRbadshare,"The sharing mode specified for an Open conflicts with existing  FIDs  on the file."},
+  {"ERRlock",ERRlock,"A Lock request conflicted with an existing lock or specified an  invalid mode,  or an Unlock requested attempted to remove a lock held by another process."},
+  {"ERRunsup", ERRunsup, "The operation is unsupported"},
+  {"ERRnosuchshare", ERRnosuchshare, "You specified an invalid share name"},
+  {"ERRfilexists",ERRfilexists,"The file named in a Create Directory, Make  New  File  or  Link  request already exists."},
+  {"ERRinvalidname",ERRinvalidname, "Invalid name"},
+  {"ERRbadpipe",ERRbadpipe,"Pipe invalid."},
+  {"ERRpipebusy",ERRpipebusy,"All instances of the requested pipe are busy."},
+  {"ERRpipeclosing",ERRpipeclosing,"Pipe close in progress."},
+  {"ERRnotconnected",ERRnotconnected,"No process on other end of pipe."},
+  {"ERRmoredata",ERRmoredata,"There is more data to be returned."},
+  {"ERRinvgroup",ERRinvgroup,"Invalid workgroup (try the -W option)"},
+  {"ERRlogonfailure",ERRlogonfailure,"Logon failure"},
+  {"ERRdiskfull",ERRdiskfull,"Disk full"},
+  {"ERRgeneral",ERRgeneral, "General failure"},
+  {NULL,-1,NULL}};
+
+/* Server Error Messages */
+err_code_struct server_msgs[] = {
+  {"ERRerror",1,"Non-specific error code."},
+  {"ERRbadpw",2,"Bad password - name/password pair in a Tree Connect or Session Setup are invalid."},
+  {"ERRbadtype",3,"reserved."},
+  {"ERRaccess",4,"The requester does not have  the  necessary  access  rights  within  the specified  context for the requested function. The context is defined by the TID or the UID."},
+  {"ERRinvnid",5,"The tree ID (TID) specified in a command was invalid."},
+  {"ERRinvnetname",6,"Invalid network name in tree connect."},
+  {"ERRinvdevice",7,"Invalid device - printer request made to non-printer connection or  non-printer request made to printer connection."},
+  {"ERRqfull",49,"Print queue full (files) -- returned by open print file."},
+  {"ERRqtoobig",50,"Print queue full -- no space."},
+  {"ERRqeof",51,"EOF on print queue dump."},
+  {"ERRinvpfid",52,"Invalid print file FID."},
+  {"ERRsmbcmd",64,"The server did not recognize the command received."},
+  {"ERRsrverror",65,"The server encountered an internal error, e.g., system file unavailable."},
+  {"ERRfilespecs",67,"The file handle (FID) and pathname parameters contained an invalid  combination of values."},
+  {"ERRreserved",68,"reserved."},
+  {"ERRbadpermits",69,"The access permissions specified for a file or directory are not a valid combination.  The server cannot set the requested attribute."},
+  {"ERRreserved",70,"reserved."},
+  {"ERRsetattrmode",71,"The attribute mode in the Set File Attribute request is invalid."},
+  {"ERRpaused",81,"Server is paused."},
+  {"ERRmsgoff",82,"Not receiving messages."},
+  {"ERRnoroom",83,"No room to buffer message."},
+  {"ERRrmuns",87,"Too many remote user names."},
+  {"ERRtimeout",88,"Operation timed out."},
+  {"ERRnoresource",89,"No resources currently available for request."},
+  {"ERRtoomanyuids",90,"Too many UIDs active on this session."},
+  {"ERRbaduid",91,"The UID is not known as a valid ID on this session."},
+  {"ERRusempx",250,"Temp unable to support Raw, use MPX mode."},
+  {"ERRusestd",251,"Temp unable to support Raw, use standard read/write."},
+  {"ERRcontmpx",252,"Continue in MPX mode."},
+  {"ERRreserved",253,"reserved."},
+  {"ERRreserved",254,"reserved."},
+  {"ERRnosupport",0xFFFF,"Function not supported."},
+  {NULL,-1,NULL}};
+
+/* Hard Error Messages */
+err_code_struct hard_msgs[] = {
+  {"ERRnowrite",19,"Attempt to write on write-protected diskette."},
+  {"ERRbadunit",20,"Unknown unit."},
+  {"ERRnotready",21,"Drive not ready."},
+  {"ERRbadcmd",22,"Unknown command."},
+  {"ERRdata",23,"Data error (CRC)."},
+  {"ERRbadreq",24,"Bad request structure length."},
+  {"ERRseek",25 ,"Seek error."},
+  {"ERRbadmedia",26,"Unknown media type."},
+  {"ERRbadsector",27,"Sector not found."},
+  {"ERRnopaper",28,"Printer out of paper."},
+  {"ERRwrite",29,"Write fault."},
+  {"ERRread",30,"Read fault."},
+  {"ERRgeneral",31,"General failure."},
+  {"ERRbadshare",32,"An open conflicts with an existing open."},
+  {"ERRlock",33,"A Lock request conflicted with an existing lock or specified an invalid mode, or an Unlock requested attempted to remove a lock held by another process."},
+  {"ERRwrongdisk",34,"The wrong disk was found in a drive."},
+  {"ERRFCBUnavail",35,"No FCBs are available to process request."},
+  {"ERRsharebufexc",36,"A sharing buffer has been exceeded."},
+  {NULL,-1,NULL}};
+
+
+const struct
+{
+  int code;
+  char *class;
+  err_code_struct *err_msgs;
+} err_classes[] = { 
+  {0,"SUCCESS",NULL},
+  {0x01,"ERRDOS",dos_msgs},
+  {0x02,"ERRSRV",server_msgs},
+  {0x03,"ERRHRD",hard_msgs},
+  {0x04,"ERRXOS",NULL},
+  {0xE1,"ERRRMX1",NULL},
+  {0xE2,"ERRRMX2",NULL},
+  {0xE3,"ERRRMX3",NULL},
+  {0xFF,"ERRCMD",NULL},
+  {-1,NULL,NULL}};
+
+
+/****************************************************************************
+return a SMB error name from a class and code
+****************************************************************************/
+char *smb_dos_err_name(uint8 class, uint16 num)
+{
+	static pstring ret;
+	int i,j;
+	
+	for (i=0;err_classes[i].class;i++)
+		if (err_classes[i].code == class) {
+			if (err_classes[i].err_msgs) {
+				err_code_struct *err = err_classes[i].err_msgs;
+				for (j=0;err[j].name;j++)
+					if (num == err[j].code) {
+						return err[j].name;
+					}
+			}
+			slprintf(ret, sizeof(ret) - 1, "%d",num);
+			return ret;
+		}
+	
+	slprintf(ret, sizeof(ret) - 1, "Error: Unknown error class (%d,%d)",class,num);
+	return(ret);
+}
+
+/* Return a string for a DOS error */
+
+char *get_dos_error_msg(WERROR result)
+{
+	uint16 errnum;
+
+	errnum = W_ERROR_V(result);
+
+	return smb_dos_err_name(ERRDOS, errnum);
+}
+
+/****************************************************************************
+return a SMB error class name as a string.
+****************************************************************************/
+char *smb_dos_err_class(uint8 class)
+{
+	static pstring ret;
+	int i;
+	
+	for (i=0;err_classes[i].class;i++) {
+		if (err_classes[i].code == class) {
+			return err_classes[i].class;
+		}
+	}
+		
+	slprintf(ret, sizeof(ret) - 1, "Error: Unknown class (%d)",class);
+	return(ret);
+}
+
+/****************************************************************************
+return a SMB string from an SMB buffer
+****************************************************************************/
+char *smb_dos_errstr(char *inbuf)
+{
+	static pstring ret;
+	int class = CVAL(inbuf,smb_rcls);
+	int num = SVAL(inbuf,smb_err);
+	int i,j;
+	
+	for (i=0;err_classes[i].class;i++)
+		if (err_classes[i].code == class) {
+			if (err_classes[i].err_msgs) {
+				err_code_struct *err = err_classes[i].err_msgs;
+				for (j=0;err[j].name;j++)
+					if (num == err[j].code) {
+						if (DEBUGLEVEL > 0)
+							slprintf(ret, sizeof(ret) - 1, "%s - %s (%s)",
+								 err_classes[i].class,
+								 err[j].name,err[j].message);
+						else
+							slprintf(ret, sizeof(ret) - 1, "%s - %s",
+								 err_classes[i].class,err[j].name);
+						return ret;
+					}
+			}
+			
+			slprintf(ret, sizeof(ret) - 1, "%s - %d",err_classes[i].class,num);
+			return ret;
+		}
+	
+	slprintf(ret, sizeof(ret) - 1, "Error: Unknown error (%d,%d)",class,num);
+	return(ret);
+}
+
+/*****************************************************************************
+map a unix errno to a win32 error
+ *****************************************************************************/
+WERROR map_werror_from_unix(int error)
+{
+	NTSTATUS status = map_nt_error_from_unix(error);
+	return ntstatus_to_werror(status);
+}
diff --git a/source3/libsmb/trust_passwd.c b/source3/libsmb/trust_passwd.c
new file mode 100644
index 0000000000..51ffa1dd95
--- /dev/null
+++ b/source3/libsmb/trust_passwd.c
@@ -0,0 +1,115 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  Routines to change trust account passwords.
+ *  Copyright (C) Andrew Bartlett                   2001.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+extern pstring global_myname;
+
+/*********************************************************
+ Change the domain password on the PDC.
+
+ Just changes the password betwen the two values specified.
+
+ Caller must have the cli connected to the netlogon pipe
+ already.
+**********************************************************/
+static NTSTATUS just_change_the_password(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+					 unsigned char orig_trust_passwd_hash[16],
+					 unsigned char new_trust_passwd_hash[16])
+{
+	NTSTATUS result;
+	result = new_cli_nt_setup_creds(cli, (lp_server_role() == ROLE_DOMAIN_MEMBER) ?
+				   SEC_CHAN_WKSTA : SEC_CHAN_BDC, orig_trust_passwd_hash);
+	
+	if (!NT_STATUS_IS_OK(result)) {
+		DEBUG(0,("just_change_the_password: unable to setup creds (%s)!\n",
+			 nt_errstr(result)));
+		return result;
+	}
+
+	result = cli_net_srv_pwset(cli, mem_ctx, global_myname, new_trust_passwd_hash);
+
+	if (!NT_STATUS_IS_OK(result)) {
+		DEBUG(0,("just_change_the_password: unable to change password (%s)!\n",
+			 nt_errstr(result)));
+	}
+	return result;
+}
+
+/*********************************************************
+ Change the domain password on the PDC.
+ Store the password ourselves, but use the supplied password
+ Caller must have already setup the connection to the NETLOGON pipe
+**********************************************************/
+
+NTSTATUS trust_pw_change_and_store_it(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+				      unsigned char orig_trust_passwd_hash[16])
+{
+	unsigned char new_trust_passwd_hash[16];
+	char *new_trust_passwd;
+	char *str;
+	NTSTATUS nt_status;
+		
+	/* Create a random machine account password */
+	str = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH);
+	new_trust_passwd = talloc_strdup(mem_ctx, str);
+	
+	E_md4hash((uchar *)new_trust_passwd, new_trust_passwd_hash);
+
+	nt_status = just_change_the_password(cli, mem_ctx, orig_trust_passwd_hash,
+					     new_trust_passwd_hash);
+	
+	if (NT_STATUS_IS_OK(nt_status)) {
+		DEBUG(3,("%s : change_trust_account_password: Changed password.\n", timestring(False)));
+		/*
+		 * Return the result of trying to write the new password
+		 * back into the trust account file.
+		 */
+		if (!secrets_store_machine_password(new_trust_passwd)) {
+			nt_status = NT_STATUS_UNSUCCESSFUL;
+		}
+	}
+
+	return nt_status;
+}
+
+/*********************************************************
+ Change the domain password on the PDC.
+ Do most of the legwork ourselfs.  Caller must have
+ already setup the connection to the NETLOGON pipe
+**********************************************************/
+
+NTSTATUS trust_pw_find_change_and_store_it(struct cli_state *cli, TALLOC_CTX *mem_ctx, char *domain) 
+{
+	unsigned char old_trust_passwd_hash[16];
+	char *up_domain;
+	
+	up_domain = talloc_strdup(mem_ctx, domain);
+
+	if (!secrets_fetch_trust_account_password(domain,
+						  old_trust_passwd_hash, 
+						  NULL)) {
+		DEBUG(0, ("could not fetch domain secrets for domain %s!\n", domain));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+	
+	return trust_pw_change_and_store_it(cli, mem_ctx, old_trust_passwd_hash);
+	
+}					 
diff --git a/source3/libsmb/unexpected.c b/source3/libsmb/unexpected.c
new file mode 100644
index 0000000000..f74a05f75f
--- /dev/null
+++ b/source3/libsmb/unexpected.c
@@ -0,0 +1,164 @@
+/* 
+   Unix SMB/CIFS implementation.
+   handle unexpected packets
+   Copyright (C) Andrew Tridgell 2000
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   
+*/
+
+#include "includes.h"
+
+static TDB_CONTEXT *tdbd = NULL;
+
+/* the key type used in the unexpeceted packet database */
+struct unexpected_key {
+	enum packet_type packet_type;
+	time_t timestamp;
+	int count;
+};
+
+
+
+/****************************************************************************
+ all unexpected packets are passed in here, to be stored in a unexpected
+ packet database. This allows nmblookup and other tools to receive packets
+ erroneoously sent to the wrong port by broken MS systems
+  **************************************************************************/
+void unexpected_packet(struct packet_struct *p)
+{
+	static int count;
+	TDB_DATA kbuf, dbuf;
+	struct unexpected_key key;
+	char buf[1024];
+	int len=0;
+
+	if (!tdbd) {
+		tdbd = tdb_open_log(lock_path("unexpected.tdb"), 1, 
+			       TDB_CLEAR_IF_FIRST|TDB_DEFAULT,
+			       O_RDWR | O_CREAT, 0644);
+		if (!tdbd) {
+			DEBUG(0,("Failed to open unexpected.tdb\n"));
+			return;
+		}
+	}
+
+	memset(buf,'\0',sizeof(buf));
+	
+	len = build_packet(buf, p);
+
+	key.packet_type = p->packet_type;
+	key.timestamp = p->timestamp;
+	key.count = count++;
+
+	kbuf.dptr = (char *)&key;
+	kbuf.dsize = sizeof(key);
+	dbuf.dptr = buf;
+	dbuf.dsize = len;
+
+	tdb_store(tdbd, kbuf, dbuf, TDB_REPLACE);
+}
+
+
+static time_t lastt;
+
+/****************************************************************************
+delete the record if it is too old
+  **************************************************************************/
+static int traverse_fn(TDB_CONTEXT *ttdb, TDB_DATA kbuf, TDB_DATA dbuf, void *state)
+{
+	struct unexpected_key key;
+
+	memcpy(&key, kbuf.dptr, sizeof(key));
+
+	if (lastt - key.timestamp > NMBD_UNEXPECTED_TIMEOUT) {
+		tdb_delete(ttdb, kbuf);
+	}
+
+	return 0;
+}
+
+
+/****************************************************************************
+delete all old unexpected packets
+  **************************************************************************/
+void clear_unexpected(time_t t)
+{
+	if (!tdbd) return;
+
+	if ((lastt != 0) && (t < lastt + NMBD_UNEXPECTED_TIMEOUT))
+		return;
+
+	lastt = t;
+
+	tdb_traverse(tdbd, traverse_fn, NULL);
+}
+
+
+static struct packet_struct *matched_packet;
+static int match_id;
+static enum packet_type match_type;
+static char *match_name;
+
+/****************************************************************************
+tdb traversal fn to find a matching 137 packet
+  **************************************************************************/
+static int traverse_match(TDB_CONTEXT *ttdb, TDB_DATA kbuf, TDB_DATA dbuf, void *state)
+{
+	struct unexpected_key key;
+	struct packet_struct *p;
+
+	memcpy(&key, kbuf.dptr, sizeof(key));
+
+	if (key.packet_type != match_type) return 0;
+
+	p = parse_packet(dbuf.dptr, dbuf.dsize, match_type);
+
+	if ((match_type == NMB_PACKET && 
+	     p->packet.nmb.header.name_trn_id == match_id) ||
+	    (match_type == DGRAM_PACKET && 
+	     match_mailslot_name(p, match_name))) {
+		matched_packet = p;
+		return -1;
+	}
+
+	free_packet(p);
+
+	return 0;
+}
+
+
+/****************************************************************************
+check for a particular packet in the unexpected packet queue
+  **************************************************************************/
+struct packet_struct *receive_unexpected(enum packet_type packet_type, int id, 
+					 char *mailslot_name)
+{
+	TDB_CONTEXT *tdb2;
+
+	tdb2 = tdb_open_log(lock_path("unexpected.tdb"), 0, 0, O_RDONLY, 0);
+	if (!tdb2) return NULL;
+
+	matched_packet = NULL;
+	match_id = id;
+	match_type = packet_type;
+	match_name = mailslot_name;
+
+	tdb_traverse(tdb2, traverse_match, NULL);
+
+	tdb_close(tdb2);
+
+	return matched_packet;
+}
diff --git a/source3/locking/brlock.c b/source3/locking/brlock.c
new file mode 100644
index 0000000000..e7fa4022f6
--- /dev/null
+++ b/source3/locking/brlock.c
@@ -0,0 +1,610 @@
+/* 
+   Unix SMB/CIFS implementation.
+   byte range locking code
+   Updated to handle range splits/merges.
+
+   Copyright (C) Andrew Tridgell 1992-2000
+   Copyright (C) Jeremy Allison 1992-2000
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+/* This module implements a tdb based byte range locking service,
+   replacing the fcntl() based byte range locking previously
+   used. This allows us to provide the same semantics as NT */
+
+#include "includes.h"
+
+#define ZERO_ZERO 0
+
+/* This contains elements that differentiate locks. The smbpid is a
+   client supplied pid, and is essentially the locking context for
+   this client */
+
+struct lock_context {
+	uint16 smbpid;
+	uint16 tid;
+	pid_t pid;
+};
+
+/* The data in brlock records is an unsorted linear array of these
+   records.  It is unnecessary to store the count as tdb provides the
+   size of the record */
+
+struct lock_struct {
+	struct lock_context context;
+	br_off start;
+	br_off size;
+	int fnum;
+	enum brl_type lock_type;
+};
+
+/* The key used in the brlock database. */
+
+struct lock_key {
+	SMB_DEV_T device;
+	SMB_INO_T inode;
+};
+
+/* The open brlock.tdb database. */
+
+static TDB_CONTEXT *tdb;
+
+/****************************************************************************
+ Create a locking key - ensuring zero filled for pad purposes.
+****************************************************************************/
+
+static TDB_DATA locking_key(SMB_DEV_T dev, SMB_INO_T inode)
+{
+        static struct lock_key key;
+        TDB_DATA kbuf;
+
+        memset(&key, '\0', sizeof(key));
+        key.device = dev;
+        key.inode = inode;
+        kbuf.dptr = (char *)&key;
+        kbuf.dsize = sizeof(key);
+        return kbuf;
+}
+
+/****************************************************************************
+ See if two locking contexts are equal.
+****************************************************************************/
+
+static BOOL brl_same_context(struct lock_context *ctx1, 
+			     struct lock_context *ctx2)
+{
+	return (ctx1->pid == ctx2->pid) &&
+		(ctx1->smbpid == ctx2->smbpid) &&
+		(ctx1->tid == ctx2->tid);
+}
+
+/****************************************************************************
+ See if lock2 can be added when lock1 is in place.
+****************************************************************************/
+
+static BOOL brl_conflict(struct lock_struct *lck1, 
+			 struct lock_struct *lck2)
+{
+	if (lck1->lock_type == READ_LOCK && lck2->lock_type == READ_LOCK) {
+		return False;
+	}
+
+	if (brl_same_context(&lck1->context, &lck2->context) &&
+	    lck2->lock_type == READ_LOCK && lck1->fnum == lck2->fnum) {
+		return False;
+	}
+
+	if (lck1->start >= (lck2->start + lck2->size) ||
+	    lck2->start >= (lck1->start + lck1->size)) {
+		return False;
+	}
+	    
+	return True;
+} 
+
+#if ZERO_ZERO
+static BOOL brl_conflict1(struct lock_struct *lck1, 
+			 struct lock_struct *lck2)
+{
+	if (lck1->lock_type == READ_LOCK && lck2->lock_type == READ_LOCK) {
+		return False;
+	}
+
+	if (brl_same_context(&lck1->context, &lck2->context) &&
+	    lck2->lock_type == READ_LOCK && lck1->fnum == lck2->fnum) {
+		return False;
+	}
+
+	if (lck2->start == 0 && lck2->size == 0 && lck1->size != 0) {
+		return True;
+	}
+
+	if (lck1->start >= (lck2->start + lck2->size) ||
+	    lck2->start >= (lck1->start + lck1->size)) {
+		return False;
+	}
+	    
+	return True;
+} 
+#endif
+
+/****************************************************************************
+ Check to see if this lock conflicts, but ignore our own locks on the
+ same fnum only.
+****************************************************************************/
+
+static BOOL brl_conflict_other(struct lock_struct *lck1, struct lock_struct *lck2)
+{
+	if (lck1->lock_type == READ_LOCK && lck2->lock_type == READ_LOCK) 
+		return False;
+
+	if (brl_same_context(&lck1->context, &lck2->context) &&
+				lck1->fnum == lck2->fnum)
+		return False;
+
+	if (lck1->start >= (lck2->start + lck2->size) ||
+	    lck2->start >= (lck1->start + lck1->size)) return False;
+	    
+	return True;
+} 
+
+
+/****************************************************************************
+ Delete a record if it is for a dead process, if check_self is true, then
+ delete any records belonging to this pid also (there shouldn't be any).
+****************************************************************************/
+
+static int delete_fn(TDB_CONTEXT *ttdb, TDB_DATA kbuf, TDB_DATA dbuf, void *state)
+{
+	struct lock_struct *locks;
+	int count, i;
+	BOOL check_self = *(BOOL *)state;
+	pid_t mypid = sys_getpid();
+
+	tdb_chainlock(tdb, kbuf);
+
+	locks = (struct lock_struct *)dbuf.dptr;
+
+	count = dbuf.dsize / sizeof(*locks);
+	for (i=0; i<count; i++) {
+		struct lock_struct *lock = &locks[i];
+
+		/* If check_self is true we want to remove our own records. */
+		if (check_self && (mypid == lock->context.pid)) {
+
+			DEBUG(0,("brlock : delete_fn. LOGIC ERROR ! Shutting down and a record for my pid (%u) exists !\n",
+					(unsigned int)lock->context.pid ));
+
+		} else if (process_exists(lock->context.pid)) {
+
+			DEBUG(10,("brlock : delete_fn. pid %u exists.\n", (unsigned int)lock->context.pid ));
+			continue;
+		}
+
+		DEBUG(10,("brlock : delete_fn. Deleting record for process %u\n",
+				(unsigned int)lock->context.pid ));
+
+		if (count > 1 && i < count-1) {
+			memmove(&locks[i], &locks[i+1], 
+				sizeof(*locks)*((count-1) - i));
+		}
+		count--;
+		i--;
+	}
+
+	if (count == 0) {
+		tdb_delete(tdb, kbuf);
+	} else if (count < (dbuf.dsize / sizeof(*locks))) {
+		dbuf.dsize = count * sizeof(*locks);
+		tdb_store(tdb, kbuf, dbuf, TDB_REPLACE);
+	}
+
+	tdb_chainunlock(tdb, kbuf);
+	return 0;
+}
+
+/****************************************************************************
+ Open up the brlock.tdb database.
+****************************************************************************/
+
+void brl_init(int read_only)
+{
+	BOOL check_self = False;
+
+	if (tdb)
+		return;
+	tdb = tdb_open_log(lock_path("brlock.tdb"), 0,  TDB_DEFAULT|(read_only?0x0:TDB_CLEAR_IF_FIRST),
+		       read_only?O_RDONLY:(O_RDWR|O_CREAT), 0644);
+	if (!tdb) {
+		DEBUG(0,("Failed to open byte range locking database\n"));
+		return;
+	}
+
+	/* delete any dead locks */
+	if (!read_only)
+		tdb_traverse(tdb, delete_fn, &check_self);
+}
+
+/****************************************************************************
+ Close down the brlock.tdb database.
+****************************************************************************/
+
+void brl_shutdown(int read_only)
+{
+	BOOL check_self = True;
+
+	if (!tdb)
+		return;
+
+	/* delete any dead locks */
+	if (!read_only)
+		tdb_traverse(tdb, delete_fn, &check_self);
+
+	tdb_close(tdb);
+}
+
+#if ZERO_ZERO
+/****************************************************************************
+compare two locks for sorting
+****************************************************************************/
+static int lock_compare(struct lock_struct *lck1, 
+			 struct lock_struct *lck2)
+{
+	if (lck1->start != lck2->start) return (lck1->start - lck2->start);
+	if (lck2->size != lck1->size) {
+		return ((int)lck1->size - (int)lck2->size);
+	}
+	return 0;
+}
+#endif
+
+/****************************************************************************
+ Lock a range of bytes.
+****************************************************************************/
+
+NTSTATUS brl_lock(SMB_DEV_T dev, SMB_INO_T ino, int fnum,
+		  uint16 smbpid, pid_t pid, uint16 tid,
+		  br_off start, br_off size, 
+		  enum brl_type lock_type)
+{
+	TDB_DATA kbuf, dbuf;
+	int count, i;
+	struct lock_struct lock, *locks;
+	char *tp;
+	NTSTATUS status = NT_STATUS_OK;
+	static int last_failed = -1;
+	static br_off last_failed_start;
+
+	kbuf = locking_key(dev,ino);
+
+	dbuf.dptr = NULL;
+
+#if !ZERO_ZERO
+	if (start == 0 && size == 0) {
+		DEBUG(0,("client sent 0/0 lock - please report this\n"));
+	}
+#endif
+
+	tdb_chainlock(tdb, kbuf);
+	dbuf = tdb_fetch(tdb, kbuf);
+
+	lock.context.smbpid = smbpid;
+	lock.context.pid = pid;
+	lock.context.tid = tid;
+	lock.start = start;
+	lock.size = size;
+	lock.fnum = fnum;
+	lock.lock_type = lock_type;
+
+	if (dbuf.dptr) {
+		/* there are existing locks - make sure they don't conflict */
+		locks = (struct lock_struct *)dbuf.dptr;
+		count = dbuf.dsize / sizeof(*locks);
+		for (i=0; i<count; i++) {
+			if (brl_conflict(&locks[i], &lock)) {
+				status = NT_STATUS_LOCK_NOT_GRANTED;
+				goto fail;
+			}
+#if ZERO_ZERO
+			if (lock.start == 0 && lock.size == 0 && 
+			    locks[i].size == 0) {
+				break;
+			}
+#endif
+		}
+	}
+
+	/* no conflicts - add it to the list of locks */
+	tp = Realloc(dbuf.dptr, dbuf.dsize + sizeof(*locks));
+	if (!tp) {
+		status = NT_STATUS_NO_MEMORY;
+		goto fail;
+	} else {
+		dbuf.dptr = tp;
+	}
+	memcpy(dbuf.dptr + dbuf.dsize, &lock, sizeof(lock));
+	dbuf.dsize += sizeof(lock);
+
+#if ZERO_ZERO
+	/* sort the lock list */
+	qsort(dbuf.dptr, dbuf.dsize/sizeof(lock), sizeof(lock), lock_compare);
+#endif
+
+	tdb_store(tdb, kbuf, dbuf, TDB_REPLACE);
+
+	SAFE_FREE(dbuf.dptr);
+	tdb_chainunlock(tdb, kbuf);
+	return NT_STATUS_OK;
+
+ fail:
+	/* this is a nasty hack to try to simulate the lock result cache code in w2k.
+	   It isn't completely accurate as I haven't yet worked out the correct
+	   semantics (tridge)
+	*/
+	if (last_failed == fnum &&
+	    last_failed_start == start &&
+	    NT_STATUS_EQUAL(status, NT_STATUS_LOCK_NOT_GRANTED)) {
+		status = NT_STATUS_FILE_LOCK_CONFLICT;
+	}
+	last_failed = fnum;
+	last_failed_start = start;
+
+	SAFE_FREE(dbuf.dptr);
+	tdb_chainunlock(tdb, kbuf);
+	return status;
+}
+
+/****************************************************************************
+ Unlock a range of bytes.
+****************************************************************************/
+
+BOOL brl_unlock(SMB_DEV_T dev, SMB_INO_T ino, int fnum,
+		uint16 smbpid, pid_t pid, uint16 tid,
+		br_off start, br_off size)
+{
+	TDB_DATA kbuf, dbuf;
+	int count, i;
+	struct lock_struct *locks;
+	struct lock_context context;
+
+	kbuf = locking_key(dev,ino);
+
+	dbuf.dptr = NULL;
+
+	tdb_chainlock(tdb, kbuf);
+	dbuf = tdb_fetch(tdb, kbuf);
+
+	if (!dbuf.dptr) {
+		DEBUG(10,("brl_unlock: tdb_fetch failed !\n"));
+		goto fail;
+	}
+
+	context.smbpid = smbpid;
+	context.pid = pid;
+	context.tid = tid;
+
+	/* there are existing locks - find a match */
+	locks = (struct lock_struct *)dbuf.dptr;
+	count = dbuf.dsize / sizeof(*locks);
+
+#if ZERO_ZERO
+	for (i=0; i<count; i++) {
+		struct lock_struct *lock = &locks[i];
+
+		if (lock->lock_type == WRITE_LOCK &&
+		    brl_same_context(&lock->context, &context) &&
+		    lock->fnum == fnum &&
+		    lock->start == start &&
+		    lock->size == size) {
+			/* found it - delete it */
+			if (count == 1) {
+				tdb_delete(tdb, kbuf);
+			} else {
+				if (i < count-1) {
+					memmove(&locks[i], &locks[i+1], 
+						sizeof(*locks)*((count-1) - i));
+				}
+				dbuf.dsize -= sizeof(*locks);
+				tdb_store(tdb, kbuf, dbuf, TDB_REPLACE);
+			}
+
+			SAFE_FREE(dbuf.dptr);
+			tdb_chainunlock(tdb, kbuf);
+			return True;
+		}
+	}
+#endif
+
+	locks = (struct lock_struct *)dbuf.dptr;
+	count = dbuf.dsize / sizeof(*locks);
+	for (i=0; i<count; i++) {
+		struct lock_struct *lock = &locks[i];
+
+		if (brl_same_context(&lock->context, &context) &&
+		    lock->fnum == fnum &&
+		    lock->start == start &&
+		    lock->size == size) {
+			/* found it - delete it */
+			if (count == 1) {
+				tdb_delete(tdb, kbuf);
+			} else {
+				if (i < count-1) {
+					memmove(&locks[i], &locks[i+1], 
+						sizeof(*locks)*((count-1) - i));
+				}
+				dbuf.dsize -= sizeof(*locks);
+				tdb_store(tdb, kbuf, dbuf, TDB_REPLACE);
+			}
+
+			SAFE_FREE(dbuf.dptr);
+			tdb_chainunlock(tdb, kbuf);
+			return True;
+		}
+	}
+
+	/* we didn't find it */
+
+ fail:
+	SAFE_FREE(dbuf.dptr);
+	tdb_chainunlock(tdb, kbuf);
+	return False;
+}
+
+
+/****************************************************************************
+ Test if we could add a lock if we wanted to.
+****************************************************************************/
+
+BOOL brl_locktest(SMB_DEV_T dev, SMB_INO_T ino, int fnum,
+		  uint16 smbpid, pid_t pid, uint16 tid,
+		  br_off start, br_off size, 
+		  enum brl_type lock_type, int check_self)
+{
+	TDB_DATA kbuf, dbuf;
+	int count, i;
+	struct lock_struct lock, *locks;
+
+	kbuf = locking_key(dev,ino);
+
+	dbuf.dptr = NULL;
+
+	tdb_chainlock(tdb, kbuf);
+	dbuf = tdb_fetch(tdb, kbuf);
+
+	lock.context.smbpid = smbpid;
+	lock.context.pid = pid;
+	lock.context.tid = tid;
+	lock.start = start;
+	lock.size = size;
+	lock.fnum = fnum;
+	lock.lock_type = lock_type;
+
+	if (dbuf.dptr) {
+		/* there are existing locks - make sure they don't conflict */
+		locks = (struct lock_struct *)dbuf.dptr;
+		count = dbuf.dsize / sizeof(*locks);
+		for (i=0; i<count; i++) {
+			if (check_self) {
+				if (brl_conflict(&locks[i], &lock))
+					goto fail;
+			} else {
+				/*
+				 * Our own locks don't conflict.
+				 */
+				if (brl_conflict_other(&locks[i], &lock))
+					goto fail;
+			}
+		}
+	}
+
+	/* no conflicts - we could have added it */
+	SAFE_FREE(dbuf.dptr);
+	tdb_chainunlock(tdb, kbuf);
+	return True;
+
+ fail:
+	SAFE_FREE(dbuf.dptr);
+	tdb_chainunlock(tdb, kbuf);
+	return False;
+}
+
+/****************************************************************************
+ Remove any locks associated with a open file.
+****************************************************************************/
+
+void brl_close(SMB_DEV_T dev, SMB_INO_T ino, pid_t pid, int tid, int fnum)
+{
+	TDB_DATA kbuf, dbuf;
+	int count, i, dcount=0;
+	struct lock_struct *locks;
+
+	kbuf = locking_key(dev,ino);
+
+	dbuf.dptr = NULL;
+
+	tdb_chainlock(tdb, kbuf);
+	dbuf = tdb_fetch(tdb, kbuf);
+
+	if (!dbuf.dptr) goto fail;
+
+	/* there are existing locks - remove any for this fnum */
+	locks = (struct lock_struct *)dbuf.dptr;
+	count = dbuf.dsize / sizeof(*locks);
+	for (i=0; i<count; i++) {
+		struct lock_struct *lock = &locks[i];
+
+		if (lock->context.tid == tid &&
+		    lock->context.pid == pid &&
+		    lock->fnum == fnum) {
+			/* found it - delete it */
+			if (count > 1 && i < count-1) {
+				memmove(&locks[i], &locks[i+1], 
+					sizeof(*locks)*((count-1) - i));
+			}
+			count--;
+			i--;
+			dcount++;
+		}
+	}
+
+	if (count == 0) {
+		tdb_delete(tdb, kbuf);
+	} else if (count < (dbuf.dsize / sizeof(*locks))) {
+		dbuf.dsize -= dcount * sizeof(*locks);
+		tdb_store(tdb, kbuf, dbuf, TDB_REPLACE);
+	}
+
+	/* we didn't find it */
+ fail:
+	SAFE_FREE(dbuf.dptr);
+	tdb_chainunlock(tdb, kbuf);
+}
+
+/****************************************************************************
+ Traverse the whole database with this function, calling traverse_callback
+ on each lock.
+****************************************************************************/
+
+static int traverse_fn(TDB_CONTEXT *ttdb, TDB_DATA kbuf, TDB_DATA dbuf, void *state)
+{
+	struct lock_struct *locks;
+	struct lock_key *key;
+	int i;
+
+	BRLOCK_FN(traverse_callback) = (BRLOCK_FN_CAST())state;
+
+	locks = (struct lock_struct *)dbuf.dptr;
+	key = (struct lock_key *)kbuf.dptr;
+
+	for (i=0;i<dbuf.dsize/sizeof(*locks);i++) {
+		traverse_callback(key->device, key->inode,
+				  locks[i].context.pid,
+				  locks[i].lock_type,
+				  locks[i].start,
+				  locks[i].size);
+	}
+	return 0;
+}
+
+/*******************************************************************
+ Call the specified function on each lock in the database.
+********************************************************************/
+
+int brl_forall(BRLOCK_FN(fn))
+{
+	if (!tdb) return 0;
+	return tdb_traverse(tdb, traverse_fn, (void *)fn);
+}
diff --git a/source3/locking/locking.c b/source3/locking/locking.c
index 6ff3ab5d12..87df805250 100644
--- a/source3/locking/locking.c
+++ b/source3/locking/locking.c
@@ -1,8 +1,8 @@
 /* 
-   Unix SMB/Netbios implementation.
-   Version 1.9.
+   Unix SMB/CIFS implementation.
    Locking functions
-   Copyright (C) Andrew Tridgell 1992-1995
+   Copyright (C) Andrew Tridgell 1992-2000
+   Copyright (C) Jeremy Allison 1992-2000
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -17,314 +17,830 @@
    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+   Revision History:
+
+   12 aug 96: Erik.Devriendt@te6.siemens.be
+   added support for shared memory implementation of share mode locking
+
+   May 1997. Jeremy Allison (jallison@whistle.com). Modified share mode
+   locking to deal with multiple share modes per open file.
+
+   September 1997. Jeremy Allison (jallison@whistle.com). Added oplock
+   support.
+
+   rewrtten completely to use new tdb code. Tridge, Dec '99
+
+   Added POSIX locking support. Jeremy Allison (jeremy@valinux.com), Apr. 2000.
 */
 
 #include "includes.h"
-#include "loadparm.h"
-extern int DEBUGLEVEL;
-extern connection_struct Connections[];
-extern files_struct Files[];
+uint16 global_smbpid;
+
+/* the locking database handle */
+static TDB_CONTEXT *tdb;
 
-pstring share_del_pending="";
+/****************************************************************************
+ Debugging aid :-).
+****************************************************************************/
 
+static const char *lock_type_name(enum brl_type lock_type)
+{
+	return (lock_type == READ_LOCK) ? "READ" : "WRITE";
+}
 
 /****************************************************************************
-  utility function called to see if a file region is locked
+ Utility function called to see if a file region is locked.
+ If check_self is True, then checks on our own fd with the same locking context
+ are still made. If check_self is False, then checks are not made on our own fd
+ with the same locking context are not made.
 ****************************************************************************/
-BOOL is_locked(int fnum,int cnum,uint32 count,uint32 offset)
+
+BOOL is_locked(files_struct *fsp,connection_struct *conn,
+	       SMB_BIG_UINT count,SMB_BIG_UINT offset, 
+	       enum brl_type lock_type, BOOL check_self)
 {
-  int snum = SNUM(cnum);
+	int snum = SNUM(conn);
+	BOOL ret;
+	
+	if (count == 0)
+		return(False);
+
+	if (!lp_locking(snum) || !lp_strict_locking(snum))
+		return(False);
+
+	ret = !brl_locktest(fsp->dev, fsp->inode, fsp->fnum,
+			     global_smbpid, sys_getpid(), conn->cnum, 
+			     offset, count, lock_type, check_self);
 
-  if (count == 0)
-    return(False);
+	DEBUG(10,("is_locked: brl start=%.0f len=%.0f %s for file %s\n",
+			(double)offset, (double)count, ret ? "locked" : "unlocked",
+			fsp->fsp_name ));
 
-  if (!lp_locking(snum) || !lp_strict_locking(snum))
-    return(False);
+	/*
+	 * There is no lock held by an SMB daemon, check to
+	 * see if there is a POSIX lock from a UNIX or NFS process.
+	 */
 
-  return(fcntl_lock(Files[fnum].fd,F_GETLK,offset,count,
-		    (Files[fnum].can_write?F_WRLCK:F_RDLCK)));
+	if(!ret && lp_posix_locking(snum)) {
+		ret = is_posix_locked(fsp, offset, count, lock_type);
+
+		DEBUG(10,("is_locked: posix start=%.0f len=%.0f %s for file %s\n",
+				(double)offset, (double)count, ret ? "locked" : "unlocked",
+				fsp->fsp_name ));
+	}
+
+	return ret;
 }
 
+/****************************************************************************
+ Utility function called by locking requests.
+****************************************************************************/
+
+static NTSTATUS do_lock(files_struct *fsp,connection_struct *conn, uint16 lock_pid,
+		 SMB_BIG_UINT count,SMB_BIG_UINT offset,enum brl_type lock_type)
+{
+	NTSTATUS status;
+
+	if (!lp_locking(SNUM(conn)))
+		return NT_STATUS_OK;
+
+	/* NOTE! 0 byte long ranges ARE allowed and should be stored  */
+
+
+	DEBUG(10,("do_lock: lock type %s start=%.0f len=%.0f requested for file %s\n",
+		  lock_type_name(lock_type), (double)offset, (double)count, fsp->fsp_name ));
+
+	if (OPEN_FSP(fsp) && fsp->can_lock && (fsp->conn == conn)) {
+		status = brl_lock(fsp->dev, fsp->inode, fsp->fnum,
+				  lock_pid, sys_getpid(), conn->cnum, 
+				  offset, count, 
+				  lock_type);
+
+		if (NT_STATUS_IS_OK(status) && lp_posix_locking(SNUM(conn))) {
+
+			/*
+			 * Try and get a POSIX lock on this range.
+			 * Note that this is ok if it is a read lock
+			 * overlapping on a different fd. JRA.
+			 */
+
+			if (!set_posix_lock(fsp, offset, count, lock_type)) {
+				status = NT_STATUS_LOCK_NOT_GRANTED;
+				/*
+				 * We failed to map - we must now remove the brl
+				 * lock entry.
+				 */
+				(void)brl_unlock(fsp->dev, fsp->inode, fsp->fnum,
+								lock_pid, sys_getpid(), conn->cnum, 
+								offset, count);
+			}
+		}
+	}
+
+	return status;
+}
 
 /****************************************************************************
-  utility function called by locking requests
+ Utility function called by locking requests. This is *DISGISTING*. It also
+ appears to be "What Windows Does" (tm). Andrew, ever wonder why Windows 2000
+ is so slow on the locking tests...... ? This is the reason. Much though I hate
+ it, we need this. JRA.
 ****************************************************************************/
-BOOL do_lock(int fnum,int cnum,uint32 count,uint32 offset,int *eclass,uint32 *ecode)
+
+NTSTATUS do_lock_spin(files_struct *fsp,connection_struct *conn, uint16 lock_pid,
+		 SMB_BIG_UINT count,SMB_BIG_UINT offset,enum brl_type lock_type)
 {
-  BOOL ok = False;
-
-  if (!lp_locking(SNUM(cnum)))
-    return(True);
-
-  if (count == 0) {
-    *eclass = ERRDOS;
-    *ecode = ERRnoaccess;
-    return False;
-  }
-
-  if (Files[fnum].can_lock && OPEN_FNUM(fnum) && (Files[fnum].cnum == cnum))
-    ok = fcntl_lock(Files[fnum].fd,F_SETLK,offset,count,
-		    (Files[fnum].can_write?F_WRLCK:F_RDLCK));
-
-  if (!ok) {
-    *eclass = ERRDOS;
-    *ecode = ERRlock;
-    return False;
-  }
-  return True; /* Got lock */
+	int j, maxj = lp_lock_spin_count();
+	int sleeptime = lp_lock_sleep_time();
+	NTSTATUS status, ret;
+
+	if (maxj <= 0)
+		maxj = 1;
+
+	ret = NT_STATUS_OK; /* to keep dumb compilers happy */
+
+	for (j = 0; j < maxj; j++) {
+		status = do_lock(fsp, conn, lock_pid, count, offset, lock_type);
+		if (!NT_STATUS_EQUAL(status, NT_STATUS_LOCK_NOT_GRANTED) &&
+		    !NT_STATUS_EQUAL(status, NT_STATUS_FILE_LOCK_CONFLICT)) {
+			return status;
+		}
+		/* if we do fail then return the first error code we got */
+		if (j == 0) {
+			ret = status;
+		}
+		if (sleeptime)
+			sys_usleep(sleeptime);
+	}
+	return ret;
 }
 
+/****************************************************************************
+ Utility function called by unlocking requests.
+****************************************************************************/
+
+NTSTATUS do_unlock(files_struct *fsp,connection_struct *conn, uint16 lock_pid,
+		   SMB_BIG_UINT count,SMB_BIG_UINT offset)
+{
+	BOOL ok = False;
+	
+	if (!lp_locking(SNUM(conn)))
+		return NT_STATUS_OK;
+	
+	if (!OPEN_FSP(fsp) || !fsp->can_lock || (fsp->conn != conn)) {
+		return NT_STATUS_INVALID_HANDLE;
+	}
+	
+	DEBUG(10,("do_unlock: unlock start=%.0f len=%.0f requested for file %s\n",
+		  (double)offset, (double)count, fsp->fsp_name ));
+
+	/*
+	 * Remove the existing lock record from the tdb lockdb
+	 * before looking at POSIX locks. If this record doesn't
+	 * match then don't bother looking to remove POSIX locks.
+	 */
+
+	ok = brl_unlock(fsp->dev, fsp->inode, fsp->fnum,
+			lock_pid, sys_getpid(), conn->cnum, offset, count);
+   
+	if (!ok) {
+		DEBUG(10,("do_unlock: returning ERRlock.\n" ));
+		return NT_STATUS_RANGE_NOT_LOCKED;
+	}
+
+	if (!lp_posix_locking(SNUM(conn)))
+		return NT_STATUS_OK;
+
+	(void)release_posix_lock(fsp, offset, count);
+
+	return NT_STATUS_OK;
+}
 
 /****************************************************************************
-  utility function called by unlocking requests
+ Remove any locks on this fd. Called from file_close().
 ****************************************************************************/
-BOOL do_unlock(int fnum,int cnum,uint32 count,uint32 offset,int *eclass,uint32 *ecode)
+
+void locking_close_file(files_struct *fsp)
 {
-  BOOL ok = False;
+	pid_t pid = sys_getpid();
 
-  if (!lp_locking(SNUM(cnum)))
-    return(True);
+	if (!lp_locking(SNUM(fsp->conn)))
+		return;
 
-  if (Files[fnum].can_lock && OPEN_FNUM(fnum) && (Files[fnum].cnum == cnum))
-    ok = fcntl_lock(Files[fnum].fd,F_SETLK,offset,count,F_UNLCK);
-   
-  if (!ok) {
-    *eclass = ERRDOS;
-    *ecode = ERRlock;
-    return False;
-  }
-  return True; /* Did unlock */
+	/*
+	 * Just release all the brl locks, no need to release individually.
+	 */
+
+	brl_close(fsp->dev, fsp->inode, pid, fsp->conn->cnum, fsp->fnum);
+
+	if(lp_posix_locking(SNUM(fsp->conn))) {
+
+	 	/* 
+		 * Release all the POSIX locks.
+		 */
+		posix_locking_close_file(fsp);
+
+	}
+}
+
+/****************************************************************************
+ Initialise the locking functions.
+****************************************************************************/
+
+static int open_read_only;
+
+BOOL locking_init(int read_only)
+{
+	brl_init(read_only);
+
+	if (tdb)
+		return True;
+
+	tdb = tdb_open_log(lock_path("locking.tdb"), 
+		       0, TDB_DEFAULT|(read_only?0x0:TDB_CLEAR_IF_FIRST), 
+		       read_only?O_RDONLY:O_RDWR|O_CREAT,
+		       0644);
+
+	if (!tdb) {
+		DEBUG(0,("ERROR: Failed to initialise locking database\n"));
+		return False;
+	}
+	
+	if (!posix_locking_init(read_only))
+		return False;
+
+	open_read_only = read_only;
+
+	return True;
 }
 
 /*******************************************************************
-  name a share file
-  ******************************************************************/
-static BOOL share_name(int cnum,struct stat *st,char *name)
+ Deinitialize the share_mode management.
+******************************************************************/
+
+BOOL locking_end(void)
 {
-  strcpy(name,lp_lockdir());
-  standard_sub(cnum,name);
-  trim_string(name,"","/");
-  if (!*name) return(False);
-  name += strlen(name);
-  
-  sprintf(name,"/share.%d.%d",(int)st->st_dev,(int)st->st_ino);
-  return(True);
+
+	brl_shutdown(open_read_only);
+	if (tdb) {
+
+		if (tdb_close(tdb) != 0)
+			return False;
+	}
+
+	return True;
 }
 
 /*******************************************************************
-  use the fnum to get the share file name
-  ******************************************************************/
-static BOOL share_name_fnum(int fnum,char *name)
+ Form a static locking key for a dev/inode pair.
+******************************************************************/
+
+static TDB_DATA locking_key(SMB_DEV_T dev, SMB_INO_T inode)
 {
-  struct stat st;
-  if (fstat(Files[fnum].fd,&st) != 0) return(False);
-  return(share_name(Files[fnum].cnum,&st,name));
+	static struct locking_key key;
+	TDB_DATA kbuf;
+
+	memset(&key, '\0', sizeof(key));
+	key.dev = dev;
+	key.inode = inode;
+	kbuf.dptr = (char *)&key;
+	kbuf.dsize = sizeof(key);
+	return kbuf;
 }
 
+static TDB_DATA locking_key_fsp(files_struct *fsp)
+{
+	return locking_key(fsp->dev, fsp->inode);
+}
 
 /*******************************************************************
-  get the share mode of a file using the fnum
-  ******************************************************************/
-int get_share_mode_by_fnum(int cnum,int fnum,int *pid)
+ Lock a hash bucket entry.
+******************************************************************/
+
+BOOL lock_share_entry(connection_struct *conn,
+		      SMB_DEV_T dev, SMB_INO_T inode)
 {
-  struct stat sbuf;
-  if (fstat(Files[fnum].fd,&sbuf) == -1) return(0);
-  return(get_share_mode(cnum,&sbuf,pid));
+	return tdb_chainlock(tdb, locking_key(dev, inode)) == 0;
 }
 
 /*******************************************************************
-  get the share mode of a file using the files name
-  ******************************************************************/
-int get_share_mode_byname(int cnum,char *fname,int *pid)
+ Unlock a hash bucket entry.
+******************************************************************/
+
+void unlock_share_entry(connection_struct *conn,
+			SMB_DEV_T dev, SMB_INO_T inode)
 {
-  struct stat sbuf;
-  if (stat(fname,&sbuf) == -1) return(0);
-  return(get_share_mode(cnum,&sbuf,pid));
-}  
+	tdb_chainunlock(tdb, locking_key(dev, inode));
+}
 
+/*******************************************************************
+ Lock a hash bucket entry. use a fsp for convenience
+******************************************************************/
+
+BOOL lock_share_entry_fsp(files_struct *fsp)
+{
+	return tdb_chainlock(tdb, locking_key(fsp->dev, fsp->inode)) == 0;
+}
 
 /*******************************************************************
-get the share mode of a file
+ Unlock a hash bucket entry.
+******************************************************************/
+
+void unlock_share_entry_fsp(files_struct *fsp)
+{
+	tdb_chainunlock(tdb, locking_key(fsp->dev, fsp->inode));
+}
+
+/*******************************************************************
+ Print out a share mode.
 ********************************************************************/
-int get_share_mode(int cnum,struct stat *sbuf,int *pid)
+
+static char *share_mode_str(int num, share_mode_entry *e)
 {
-  pstring fname;
-  int fd2;
-  char buf[16];
-  int ret;
-  time_t t;
-
-  *pid = 0;
-
-  if (!share_name(cnum,sbuf,fname)) return(0);
-
-  fd2 = open(fname,O_RDONLY,0);
-  if (fd2 < 0) return(0);
-
-  if (read(fd2,buf,16) != 16) {
-    close(fd2);
-    unlink(fname);
-    return(0);
-  }
-  close(fd2);
-
-  t = IVAL(buf,0);
-  ret = IVAL(buf,4);
-  *pid = IVAL(buf,8);
-  
-  if (IVAL(buf,12) != LOCKING_VERSION) {    
-    if (!unlink(fname)) DEBUG(2,("Deleted old locking file %s",fname));
-    *pid = 0;
-    return(0);
-  }
-
-  if (*pid && !process_exists(*pid)) {
-    ret=0;
-    *pid = 0;
-  }
-
-  if (! *pid) unlink(fname); /* XXXXX race, race */
-
-  if (*pid)
-    DEBUG(5,("Read share file %s mode 0x%X pid=%d\n",fname,ret,*pid));
-
-  return(ret);
+	static pstring share_str;
+
+	slprintf(share_str, sizeof(share_str)-1, "share_mode_entry[%d]: \
+pid = %u, share_mode = 0x%x, desired_access = 0x%x, port = 0x%x, type= 0x%x, file_id = %lu, dev = 0x%x, inode = %.0f",
+	num, e->pid, e->share_mode, (unsigned int)e->desired_access, e->op_port, e->op_type, e->share_file_id,
+	(unsigned int)e->dev, (double)e->inode );
+
+	return share_str;
 }
 
+/*******************************************************************
+ Print out a share mode table.
+********************************************************************/
+
+static void print_share_mode_table(struct locking_data *data)
+{
+	int num_share_modes = data->u.num_share_mode_entries;
+	share_mode_entry *shares = (share_mode_entry *)(data + 1);
+	int i;
+
+	for (i = 0; i < num_share_modes; i++) {
+		share_mode_entry *entry_p = &shares[i];
+		DEBUG(10,("print_share_mode_table: %s\n", share_mode_str(i, entry_p) ));
+	}
+}
 
 /*******************************************************************
-del the share mode of a file, if we set it last
+ Get all share mode entries for a dev/inode pair.
 ********************************************************************/
-void del_share_mode(int fnum)
+
+int get_share_modes(connection_struct *conn, 
+		    SMB_DEV_T dev, SMB_INO_T inode, 
+		    share_mode_entry **pp_shares)
 {
-  pstring fname;
-  int fd2;
-  char buf[16];
-  time_t t=0;
-  int pid=0;
-  BOOL del = False;
-
-  if (!share_name_fnum(fnum,fname)) return;
-
-  fd2 = open(fname,O_RDONLY,0);
-  if (fd2 < 0) return;
-  if (read(fd2,buf,16) != 16)
-    del = True;
-  close(fd2);
-
-  if (!del) {
-    t = IVAL(buf,0);
-    pid = IVAL(buf,8);
-  }
-
-  if (!del)
-    if (IVAL(buf,12) != LOCKING_VERSION || !pid || !process_exists(pid))
-      del = True;
-
-  if (!del && t == Files[fnum].open_time && pid==(int)getpid())
-    del = True;
-
-  if (del) {
-    if (!unlink(fname)) 
-      DEBUG(2,("Deleted share file %s\n",fname));
-    else {
-      DEBUG(3,("Pending delete share file %s\n",fname));
-      if (*share_del_pending) DEBUG(0,("Share del clash!\n"));
-      strcpy(share_del_pending,fname);
-    }
-  }
+	TDB_DATA dbuf;
+	struct locking_data *data;
+	int num_share_modes;
+	share_mode_entry *shares = NULL;
+
+	*pp_shares = NULL;
+
+	dbuf = tdb_fetch(tdb, locking_key(dev, inode));
+	if (!dbuf.dptr)
+		return 0;
+
+	data = (struct locking_data *)dbuf.dptr;
+	num_share_modes = data->u.num_share_mode_entries;
+	if(num_share_modes) {
+		int i;
+		int del_count = 0;
+
+		shares = (share_mode_entry *)memdup(dbuf.dptr + sizeof(*data),	
+						num_share_modes * sizeof(share_mode_entry));
+
+		if (!shares) {
+			SAFE_FREE(dbuf.dptr);
+			return 0;
+		}
+
+		/*
+		 * Ensure that each entry has a real process attached.
+		 */
+
+		for (i = 0; i < num_share_modes; ) {
+			share_mode_entry *entry_p = &shares[i];
+			if (process_exists(entry_p->pid)) {
+				DEBUG(10,("get_share_modes: %s\n", share_mode_str(i, entry_p) ));
+				i++;
+			} else {
+				DEBUG(10,("get_share_modes: deleted %s\n", share_mode_str(i, entry_p) ));
+				memcpy( &shares[i], &shares[i+1],
+					sizeof(share_mode_entry) * (num_share_modes - i - 1));
+				num_share_modes--;
+				del_count++;
+			}
+		}
+
+		/* Did we delete any ? If so, re-store in tdb. */
+		if (del_count) {
+			data->u.num_share_mode_entries = num_share_modes;
+			
+			if (num_share_modes)
+				memcpy(dbuf.dptr + sizeof(*data), shares,
+						num_share_modes * sizeof(share_mode_entry));
+
+			/* The record has shrunk a bit */
+			dbuf.dsize -= del_count * sizeof(share_mode_entry);
+
+			if (tdb_store(tdb, locking_key(dev, inode), dbuf, TDB_REPLACE) == -1) {
+				SAFE_FREE(shares);
+				SAFE_FREE(dbuf.dptr);
+				return 0;
+			}
+		}
+	}
+
+	SAFE_FREE(dbuf.dptr);
+	*pp_shares = shares;
+	return num_share_modes;
 }
-  
 
 /*******************************************************************
-set the share mode of a file
+ Fill a share mode entry.
 ********************************************************************/
-BOOL set_share_mode(int fnum,int mode)
+
+static void fill_share_mode(char *p, files_struct *fsp, uint16 port, uint16 op_type)
 {
-  pstring fname;
-  int fd2;
-  char buf[16];
-  int pid = (int)getpid();
+	share_mode_entry *e = (share_mode_entry *)p;
+	void *x = &e->time; /* Needed to force alignment. p may not be aligned.... */
+
+	memset(e, '\0', sizeof(share_mode_entry));
+	e->pid = sys_getpid();
+	e->share_mode = fsp->share_mode;
+	e->desired_access = fsp->desired_access;
+	e->op_port = port;
+	e->op_type = op_type;
+	memcpy(x, &fsp->open_time, sizeof(struct timeval));
+	e->share_file_id = fsp->file_id;
+	e->dev = fsp->dev;
+	e->inode = fsp->inode;
+}
+
+/*******************************************************************
+ Check if two share mode entries are identical, ignoring oplock 
+ and port info and desired_access.
+********************************************************************/
+
+BOOL share_modes_identical( share_mode_entry *e1, share_mode_entry *e2)
+{
+#if 1 /* JRA PARANOIA TEST - REMOVE LATER */
+	if (e1->pid == e2->pid &&
+		e1->share_file_id == e2->share_file_id &&
+		e1->dev == e2->dev &&
+		e1->inode == e2->inode &&
+		(e1->share_mode & ~DELETE_ON_CLOSE_FLAG) != (e2->share_mode & ~DELETE_ON_CLOSE_FLAG)) {
+			DEBUG(0,("PANIC: share_modes_identical: share_mode missmatch (e1 = %u, e2 = %u). Logic error.\n",
+				(unsigned int)(e1->share_mode & ~DELETE_ON_CLOSE_FLAG),
+				(unsigned int)(e2->share_mode & ~DELETE_ON_CLOSE_FLAG) ));
+		smb_panic("PANIC: share_modes_identical logic error.\n");
+	}
+#endif
+
+	return (e1->pid == e2->pid &&
+		(e1->share_mode & ~DELETE_ON_CLOSE_FLAG) == (e2->share_mode & ~DELETE_ON_CLOSE_FLAG) &&
+		e1->dev == e2->dev &&
+		e1->inode == e2->inode &&
+		e1->share_file_id == e2->share_file_id );
+}
+
+/*******************************************************************
+ Delete a specific share mode. Return the number
+ of entries left, and a memdup'ed copy of the entry deleted (if required).
+ Ignore if no entry deleted.
+********************************************************************/
+
+ssize_t del_share_entry( SMB_DEV_T dev, SMB_INO_T inode,
+			share_mode_entry *entry, share_mode_entry **ppse)
+{
+	TDB_DATA dbuf;
+	struct locking_data *data;
+	int i, del_count=0;
+	share_mode_entry *shares;
+	ssize_t count = 0;
+
+	if (ppse)
+		*ppse = NULL;
+
+	/* read in the existing share modes */
+	dbuf = tdb_fetch(tdb, locking_key(dev, inode));
+	if (!dbuf.dptr)
+		return -1;
+
+	data = (struct locking_data *)dbuf.dptr;
+	shares = (share_mode_entry *)(dbuf.dptr + sizeof(*data));
+
+	/*
+	 * Find any with this pid and delete it
+	 * by overwriting with the rest of the data 
+	 * from the record.
+	 */
+
+	DEBUG(10,("del_share_entry: num_share_modes = %d\n", data->u.num_share_mode_entries ));
+
+	for (i=0;i<data->u.num_share_mode_entries;) {
+		if (share_modes_identical(&shares[i], entry)) {
+			DEBUG(10,("del_share_entry: deleted %s\n",
+				share_mode_str(i, &shares[i]) ));
+			if (ppse)
+				*ppse = memdup(&shares[i], sizeof(*shares));
+			data->u.num_share_mode_entries--;
+			memmove(&shares[i], &shares[i+1], 
+				dbuf.dsize - (sizeof(*data) + (i+1)*sizeof(*shares)));
+			del_count++;
+
+			DEBUG(10,("del_share_entry: deleting entry %d\n", i ));
+
+		} else {
+			i++;
+		}
+	}
+
+	if (del_count) {
+		/* the record may have shrunk a bit */
+		dbuf.dsize -= del_count * sizeof(*shares);
+
+		count = (ssize_t)data->u.num_share_mode_entries;
+
+		/* store it back in the database */
+		if (data->u.num_share_mode_entries == 0) {
+			if (tdb_delete(tdb, locking_key(dev, inode)) == -1)
+				count = -1;
+		} else {
+			if (tdb_store(tdb, locking_key(dev, inode), dbuf, TDB_REPLACE) == -1)
+				count = -1;
+		}
+	}
+	DEBUG(10,("del_share_entry: Remaining table.\n"));
+	print_share_mode_table((struct locking_data *)dbuf.dptr);
+	SAFE_FREE(dbuf.dptr);
+	return count;
+}
+
+/*******************************************************************
+ Del the share mode of a file for this process. Return the number
+ of entries left, and a memdup'ed copy of the entry deleted.
+********************************************************************/
+
+ssize_t del_share_mode(files_struct *fsp, share_mode_entry **ppse)
+{
+	share_mode_entry entry;
+
+	/*
+	 * Fake up a share_mode_entry for comparisons.
+	 */
 
-  if (!share_name_fnum(fnum,fname)) return(False);
+	fill_share_mode((char *)&entry, fsp, 0, 0);
+	return del_share_entry(fsp->dev, fsp->inode, &entry, ppse);
+}
 
-  {
-    int old_umask = umask(0);
-    fd2 = open(fname,O_WRONLY|O_CREAT|O_TRUNC,0644);
-    umask(old_umask);
-  }
-  if (fd2 < 0) {
-    DEBUG(2,("Failed to create share file %s\n",fname));
-    return(False);
-  }
+/*******************************************************************
+ Set the share mode of a file. Return False on fail, True on success.
+********************************************************************/
 
-  SIVAL(buf,0,Files[fnum].open_time);
-  SIVAL(buf,4,mode);
-  SIVAL(buf,8,pid);
-  SIVAL(buf,12,LOCKING_VERSION);
+BOOL set_share_mode(files_struct *fsp, uint16 port, uint16 op_type)
+{
+	TDB_DATA dbuf;
+	struct locking_data *data;
+	char *p=NULL;
+	int size;
+	BOOL ret = True;
+		
+	/* read in the existing share modes if any */
+	dbuf = tdb_fetch(tdb, locking_key_fsp(fsp));
+	if (!dbuf.dptr) {
+		/* we'll need to create a new record */
+		pstring fname;
+
+		pstrcpy(fname, fsp->conn->connectpath);
+		pstrcat(fname, "/");
+		pstrcat(fname, fsp->fsp_name);
+
+		size = sizeof(*data) + sizeof(share_mode_entry) + strlen(fname) + 1;
+		p = (char *)malloc(size);
+		if (!p)
+			return False;
+		data = (struct locking_data *)p;
+		data->u.num_share_mode_entries = 1;
+	
+		DEBUG(10,("set_share_mode: creating entry for file %s. num_share_modes = 1\n",
+			fsp->fsp_name ));
+
+		pstrcpy(p + sizeof(*data) + sizeof(share_mode_entry), fname);
+		fill_share_mode(p + sizeof(*data), fsp, port, op_type);
+		dbuf.dptr = p;
+		dbuf.dsize = size;
+		if (tdb_store(tdb, locking_key_fsp(fsp), dbuf, TDB_REPLACE) == -1)
+			ret = False;
+
+		print_share_mode_table((struct locking_data *)p);
+
+		SAFE_FREE(p);
+		return ret;
+	}
+
+	/* we're adding to an existing entry - this is a bit fiddly */
+	data = (struct locking_data *)dbuf.dptr;
+
+	data->u.num_share_mode_entries++;
+	
+	DEBUG(10,("set_share_mode: adding entry for file %s. new num_share_modes = %d\n",
+		fsp->fsp_name, data->u.num_share_mode_entries ));
+
+	size = dbuf.dsize + sizeof(share_mode_entry);
+	p = malloc(size);
+	if (!p)
+		return False;
+	memcpy(p, dbuf.dptr, sizeof(*data));
+	fill_share_mode(p + sizeof(*data), fsp, port, op_type);
+	memcpy(p + sizeof(*data) + sizeof(share_mode_entry), dbuf.dptr + sizeof(*data),
+	       dbuf.dsize - sizeof(*data));
+	SAFE_FREE(dbuf.dptr);
+	dbuf.dptr = p;
+	dbuf.dsize = size;
+	if (tdb_store(tdb, locking_key_fsp(fsp), dbuf, TDB_REPLACE) == -1)
+		ret = False;
+	print_share_mode_table((struct locking_data *)p);
+	SAFE_FREE(p);
+	return ret;
+}
 
-  if (write(fd2,buf,16) != 16) {
-    close(fd2);
-    unlink(fname);
-    return(False);
-  }
+/*******************************************************************
+ A generic in-place modification call for share mode entries.
+********************************************************************/
+
+static BOOL mod_share_mode( SMB_DEV_T dev, SMB_INO_T inode, share_mode_entry *entry,
+			   void (*mod_fn)(share_mode_entry *, SMB_DEV_T, SMB_INO_T, void *),
+			   void *param)
+{
+	TDB_DATA dbuf;
+	struct locking_data *data;
+	int i;
+	share_mode_entry *shares;
+	BOOL need_store=False;
+
+	/* read in the existing share modes */
+	dbuf = tdb_fetch(tdb, locking_key(dev, inode));
+	if (!dbuf.dptr)
+		return False;
+
+	data = (struct locking_data *)dbuf.dptr;
+	shares = (share_mode_entry *)(dbuf.dptr + sizeof(*data));
+
+	/* find any with our pid and call the supplied function */
+	for (i=0;i<data->u.num_share_mode_entries;i++) {
+		if (share_modes_identical(entry, &shares[i])) {
+			mod_fn(&shares[i], dev, inode, param);
+			need_store=True;
+		}
+	}
+
+	/* if the mod fn was called then store it back */
+	if (need_store) {
+		if (data->u.num_share_mode_entries == 0) {
+			if (tdb_delete(tdb, locking_key(dev, inode)) == -1)
+				need_store = False;
+		} else {
+			if (tdb_store(tdb, locking_key(dev, inode), dbuf, TDB_REPLACE) == -1)
+				need_store = False;
+		}
+	}
+
+	SAFE_FREE(dbuf.dptr);
+	return need_store;
+}
 
-  write(fd2,Files[fnum].name,strlen(Files[fnum].name)+1);
+/*******************************************************************
+ Static function that actually does the work for the generic function
+ below.
+********************************************************************/
 
-  close(fd2);
+static void remove_share_oplock_fn(share_mode_entry *entry, SMB_DEV_T dev, SMB_INO_T inode, 
+                                   void *param)
+{
+	DEBUG(10,("remove_share_oplock_fn: removing oplock info for entry dev=%x ino=%.0f\n",
+		  (unsigned int)dev, (double)inode ));
+	/* Delete the oplock info. */
+	entry->op_port = 0;
+	entry->op_type = NO_OPLOCK;
+}
 
-  DEBUG(3,("Created share file %s with mode 0x%X pid=%d\n",fname,mode,pid));
+/*******************************************************************
+ Remove an oplock port and mode entry from a share mode.
+********************************************************************/
 
-  return(True);
+BOOL remove_share_oplock(files_struct *fsp)
+{
+	share_mode_entry entry;
+	/*
+	 * Fake up an entry for comparisons...
+	 */
+	fill_share_mode((char *)&entry, fsp, 0, 0);
+	return mod_share_mode(fsp->dev, fsp->inode, &entry, remove_share_oplock_fn, NULL);
 }
-  
 
 /*******************************************************************
-cleanup any stale share files
+ Static function that actually does the work for the generic function
+ below.
 ********************************************************************/
-void clean_share_files(void)
+
+static void downgrade_share_oplock_fn(share_mode_entry *entry, SMB_DEV_T dev, SMB_INO_T inode, 
+                                   void *param)
 {
-  char *lockdir = lp_lockdir();
-  void *dir;
-  char *s;
+	DEBUG(10,("downgrade_share_oplock_fn: downgrading oplock info for entry dev=%x ino=%.0f\n",
+		  (unsigned int)dev, (double)inode ));
+	entry->op_type = LEVEL_II_OPLOCK;
+}
 
-  if (!*lockdir) return;
+/*******************************************************************
+ Downgrade a oplock type from exclusive to level II.
+********************************************************************/
 
-  dir = opendir(lockdir);
-  if (!dir) return;
+BOOL downgrade_share_oplock(files_struct *fsp)
+{
+	share_mode_entry entry;
+	/*
+	 * Fake up an entry for comparisons...
+	 */
+	fill_share_mode((char *)&entry, fsp, 0, 0);
+	return mod_share_mode(fsp->dev, fsp->inode, &entry, downgrade_share_oplock_fn, NULL);
+}
 
-  while ((s=readdirname(dir))) {
-    char buf[16];
-    int pid;
-    int fd;
-    pstring lname;
-    int dev,inode;
+/*******************************************************************
+ Get/Set the delete on close flag in a set of share modes.
+ Return False on fail, True on success.
+********************************************************************/
 
-    if (sscanf(s,"share.%d.%d",&dev,&inode)!=2) continue;
+BOOL modify_delete_flag( SMB_DEV_T dev, SMB_INO_T inode, BOOL delete_on_close)
+{
+	TDB_DATA dbuf;
+	struct locking_data *data;
+	int i;
+	share_mode_entry *shares;
+
+	/* read in the existing share modes */
+	dbuf = tdb_fetch(tdb, locking_key(dev, inode));
+	if (!dbuf.dptr)
+		return False;
+
+	data = (struct locking_data *)dbuf.dptr;
+	shares = (share_mode_entry *)(dbuf.dptr + sizeof(*data));
+
+	/* Set/Unset the delete on close element. */
+	for (i=0;i<data->u.num_share_mode_entries;i++,shares++) {
+		shares->share_mode = (delete_on_close ?
+                            (shares->share_mode | DELETE_ON_CLOSE_FLAG) :
+                            (shares->share_mode & ~DELETE_ON_CLOSE_FLAG) );
+	}
+
+	/* store it back */
+	if (data->u.num_share_mode_entries) {
+		if (tdb_store(tdb, locking_key(dev,inode), dbuf, TDB_REPLACE)==-1) {
+			SAFE_FREE(dbuf.dptr);
+			return False;
+		}
+	}
+
+	SAFE_FREE(dbuf.dptr);
+	return True;
+}
 
-    strcpy(lname,lp_lockdir());
-    trim_string(lname,NULL,"/");
-    strcat(lname,"/");
-    strcat(lname,s);
+/****************************************************************************
+ Traverse the whole database with this function, calling traverse_callback
+ on each share mode
+****************************************************************************/
+
+static int traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf, 
+                       void* state)
+{
+	struct locking_data *data;
+	share_mode_entry *shares;
+	char *name;
+	int i;
 
-    fd = open(lname,O_RDONLY,0);
-    if (fd < 0) continue;
+	SHAREMODE_FN(traverse_callback) = (SHAREMODE_FN_CAST())state;
 
-    if (read(fd,buf,16) != 16) {
-      close(fd);
-      if (!unlink(lname))
-	printf("Deleted corrupt share file %s\n",s);
-      continue;
-    }
-    close(fd);
+	data = (struct locking_data *)dbuf.dptr;
+	shares = (share_mode_entry *)(dbuf.dptr + sizeof(*data));
+	name = dbuf.dptr + sizeof(*data) + data->u.num_share_mode_entries*sizeof(*shares);
 
-    pid = IVAL(buf,8);
+	for (i=0;i<data->u.num_share_mode_entries;i++) {
+		traverse_callback(&shares[i], name);
+	}
+	return 0;
+}
 
-    if (IVAL(buf,12) != LOCKING_VERSION || !process_exists(pid)) {
-      if (!unlink(lname))
-	printf("Deleted stale share file %s\n",s);
-    }
-  }
+/*******************************************************************
+ Call the specified function on each entry under management by the
+ share mode system.
+********************************************************************/
 
-  closedir(dir);
+int share_mode_forall(SHAREMODE_FN(fn))
+{
+	if (!tdb)
+		return 0;
+	return tdb_traverse(tdb, traverse_fn, (void*)fn);
 }
diff --git a/source3/locking/posix.c b/source3/locking/posix.c
new file mode 100644
index 0000000000..f7a8cd3d39
--- /dev/null
+++ b/source3/locking/posix.c
@@ -0,0 +1,1315 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Locking functions
+   Copyright (C) Jeremy Allison 1992-2000
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+   Revision History:
+
+   POSIX locking support. Jeremy Allison (jeremy@valinux.com), Apr. 2000.
+*/
+
+#include "includes.h"
+
+/*
+ * The POSIX locking database handle.
+ */
+
+static TDB_CONTEXT *posix_lock_tdb;
+
+/*
+ * The pending close database handle.
+ */
+
+static TDB_CONTEXT *posix_pending_close_tdb;
+
+/*
+ * The data in POSIX lock records is an unsorted linear array of these
+ * records.  It is unnecessary to store the count as tdb provides the
+ * size of the record.
+ */
+
+struct posix_lock {
+	int fd;
+	SMB_OFF_T start;
+	SMB_OFF_T size;
+	int lock_type;
+};
+
+/*
+ * The data in POSIX pending close records is an unsorted linear array of int
+ * records.  It is unnecessary to store the count as tdb provides the
+ * size of the record.
+ */
+
+/* The key used in both the POSIX databases. */
+
+struct posix_lock_key {
+	SMB_DEV_T device;
+	SMB_INO_T inode;
+}; 
+
+/*******************************************************************
+ Form a static locking key for a dev/inode pair.
+******************************************************************/
+
+static TDB_DATA locking_key(SMB_DEV_T dev, SMB_INO_T inode)
+{
+	static struct posix_lock_key key;
+	TDB_DATA kbuf;
+
+	memset(&key, '\0', sizeof(key));
+	key.device = dev;
+	key.inode = inode;
+	kbuf.dptr = (char *)&key;
+	kbuf.dsize = sizeof(key);
+	return kbuf;
+}
+
+/*******************************************************************
+ Convenience function to get a key from an fsp.
+******************************************************************/
+
+static TDB_DATA locking_key_fsp(files_struct *fsp)
+{
+	return locking_key(fsp->dev, fsp->inode);
+}
+
+/****************************************************************************
+ Add an fd to the pending close tdb.
+****************************************************************************/
+
+static BOOL add_fd_to_close_entry(files_struct *fsp)
+{
+	TDB_DATA kbuf = locking_key_fsp(fsp);
+	TDB_DATA dbuf;
+	char *tp;
+
+	dbuf.dptr = NULL;
+
+	dbuf = tdb_fetch(posix_pending_close_tdb, kbuf);
+
+	tp = Realloc(dbuf.dptr, dbuf.dsize + sizeof(int));
+	if (!tp) {
+		DEBUG(0,("add_fd_to_close_entry: Realloc fail !\n"));
+		SAFE_FREE(dbuf.dptr);
+		return False;
+	} else
+		dbuf.dptr = tp;
+
+	memcpy(dbuf.dptr + dbuf.dsize, &fsp->fd, sizeof(int));
+	dbuf.dsize += sizeof(int);
+
+	if (tdb_store(posix_pending_close_tdb, kbuf, dbuf, TDB_REPLACE) == -1) {
+		DEBUG(0,("add_fd_to_close_entry: tdb_store fail !\n"));
+	}
+
+	SAFE_FREE(dbuf.dptr);
+	return True;
+}
+
+/****************************************************************************
+ Remove all fd entries for a specific dev/inode pair from the tdb.
+****************************************************************************/
+
+static void delete_close_entries(files_struct *fsp)
+{
+	TDB_DATA kbuf = locking_key_fsp(fsp);
+
+	if (tdb_delete(posix_pending_close_tdb, kbuf) == -1)
+		DEBUG(0,("delete_close_entries: tdb_delete fail !\n"));
+}
+
+/****************************************************************************
+ Get the array of POSIX pending close records for an open fsp. Caller must
+ free. Returns number of entries.
+****************************************************************************/
+
+static size_t get_posix_pending_close_entries(files_struct *fsp, int **entries)
+{
+	TDB_DATA kbuf = locking_key_fsp(fsp);
+	TDB_DATA dbuf;
+	size_t count = 0;
+
+	*entries = NULL;
+	dbuf.dptr = NULL;
+
+	dbuf = tdb_fetch(posix_pending_close_tdb, kbuf);
+
+    if (!dbuf.dptr) {
+		return 0;
+	}
+
+	*entries = (int *)dbuf.dptr;
+	count = (size_t)(dbuf.dsize / sizeof(int));
+
+	return count;
+}
+
+/****************************************************************************
+ Get the array of POSIX locks for an fsp. Caller must free. Returns
+ number of entries.
+****************************************************************************/
+
+static size_t get_posix_lock_entries(files_struct *fsp, struct posix_lock **entries)
+{
+	TDB_DATA kbuf = locking_key_fsp(fsp);
+	TDB_DATA dbuf;
+	size_t count = 0;
+
+	*entries = NULL;
+
+	dbuf.dptr = NULL;
+
+	dbuf = tdb_fetch(posix_lock_tdb, kbuf);
+
+    if (!dbuf.dptr) {
+		return 0;
+	}
+
+	*entries = (struct posix_lock *)dbuf.dptr;
+	count = (size_t)(dbuf.dsize / sizeof(struct posix_lock));
+
+	return count;
+}
+
+/****************************************************************************
+ Deal with pending closes needed by POSIX locking support.
+ Note that posix_locking_close_file() is expected to have been called
+ to delete all locks on this fsp before this function is called.
+****************************************************************************/
+
+int fd_close_posix(struct connection_struct *conn, files_struct *fsp)
+{
+	int saved_errno = 0;
+	int ret;
+	size_t count, i;
+	struct posix_lock *entries = NULL;
+	int *fd_array = NULL;
+	BOOL locks_on_other_fds = False;
+
+	if (!lp_posix_locking(SNUM(conn))) {
+		/*
+		 * No POSIX to worry about, just close.
+		 */
+		ret = conn->vfs_ops.close(fsp,fsp->fd);
+		fsp->fd = -1;
+		return ret;
+	}
+
+	/*
+	 * Get the number of outstanding POSIX locks on this dev/inode pair.
+	 */
+
+	count = get_posix_lock_entries(fsp, &entries);
+
+	/*
+	 * Check if there are any outstanding locks belonging to
+	 * other fd's. This should never be the case if posix_locking_close_file()
+	 * has been called first, but it never hurts to be *sure*.
+	 */
+
+	for (i = 0; i < count; i++) {
+		if (entries[i].fd != fsp->fd) {
+			locks_on_other_fds = True;
+			break;
+		}
+	}
+
+	if (locks_on_other_fds) {
+
+		/*
+		 * There are outstanding locks on this dev/inode pair on other fds.
+		 * Add our fd to the pending close tdb and set fsp->fd to -1.
+		 */
+
+		if (!add_fd_to_close_entry(fsp)) {
+			SAFE_FREE(entries);
+			return False;
+		}
+
+		SAFE_FREE(entries);
+		fsp->fd = -1;
+		return 0;
+	}
+
+	SAFE_FREE(entries);
+
+	/*
+	 * No outstanding POSIX locks. Get the pending close fd's
+	 * from the tdb and close them all.
+	 */
+
+	count = get_posix_pending_close_entries(fsp, &fd_array);
+
+	if (count) {
+		DEBUG(10,("fd_close_posix: doing close on %u fd's.\n", (unsigned int)count ));
+
+		for(i = 0; i < count; i++) {
+			if (conn->vfs_ops.close(fsp,fd_array[i]) == -1) {
+				saved_errno = errno;
+			}
+		}
+
+		/*
+		 * Delete all fd's stored in the tdb
+		 * for this dev/inode pair.
+		 */
+
+		delete_close_entries(fsp);
+	}
+
+	SAFE_FREE(fd_array);
+
+	/*
+	 * Finally close the fd associated with this fsp.
+	 */
+
+	ret = conn->vfs_ops.close(fsp,fsp->fd);
+
+	if (saved_errno != 0) {
+        errno = saved_errno;
+		ret = -1;
+    } 
+
+	fsp->fd = -1;
+
+	return ret;
+}
+
+/****************************************************************************
+ Debugging aid :-).
+****************************************************************************/
+
+static const char *posix_lock_type_name(int lock_type)
+{
+	return (lock_type == F_RDLCK) ? "READ" : "WRITE";
+}
+
+/****************************************************************************
+ Delete a POSIX lock entry by index number. Used if the tdb add succeeds, but
+ then the POSIX fcntl lock fails.
+****************************************************************************/
+
+static BOOL delete_posix_lock_entry_by_index(files_struct *fsp, size_t entry)
+{
+	TDB_DATA kbuf = locking_key_fsp(fsp);
+	TDB_DATA dbuf;
+	struct posix_lock *locks;
+	size_t count;
+
+	dbuf.dptr = NULL;
+	
+	dbuf = tdb_fetch(posix_lock_tdb, kbuf);
+
+	if (!dbuf.dptr) {
+		DEBUG(10,("delete_posix_lock_entry_by_index: tdb_fetch failed !\n"));
+		goto fail;
+	}
+
+	count = (size_t)(dbuf.dsize / sizeof(struct posix_lock));
+	locks = (struct posix_lock *)dbuf.dptr;
+
+	if (count == 1) {
+		tdb_delete(posix_lock_tdb, kbuf);
+	} else {
+		if (entry < count-1) {
+			memmove(&locks[entry], &locks[entry+1], sizeof(*locks)*((count-1) - entry));
+		}
+		dbuf.dsize -= sizeof(*locks);
+		tdb_store(posix_lock_tdb, kbuf, dbuf, TDB_REPLACE);
+	}
+
+	SAFE_FREE(dbuf.dptr);
+
+	return True;
+
+ fail:
+    SAFE_FREE(dbuf.dptr);
+    return False;
+}
+
+/****************************************************************************
+ Add an entry into the POSIX locking tdb. We return the index number of the
+ added lock (used in case we need to delete *exactly* this entry). Returns
+ False on fail, True on success.
+****************************************************************************/
+
+static BOOL add_posix_lock_entry(files_struct *fsp, SMB_OFF_T start, SMB_OFF_T size, int lock_type, size_t *pentry_num)
+{
+	TDB_DATA kbuf = locking_key_fsp(fsp);
+	TDB_DATA dbuf;
+	struct posix_lock pl;
+	char *tp;
+
+	dbuf.dptr = NULL;
+
+	dbuf = tdb_fetch(posix_lock_tdb, kbuf);
+
+	*pentry_num = (size_t)(dbuf.dsize / sizeof(pl));
+
+	/*
+	 * Add new record.
+	 */
+
+	pl.fd = fsp->fd;
+	pl.start = start;
+	pl.size = size;
+	pl.lock_type = lock_type;
+
+	tp = Realloc(dbuf.dptr, dbuf.dsize + sizeof(pl));
+	if (!tp) {
+		DEBUG(0,("add_posix_lock_entry: Realloc fail !\n"));
+		goto fail;
+	} else
+		dbuf.dptr = tp;
+
+	memcpy(dbuf.dptr + dbuf.dsize, &pl, sizeof(pl));
+	dbuf.dsize += sizeof(pl);
+
+	if (tdb_store(posix_lock_tdb, kbuf, dbuf, TDB_REPLACE) == -1) {
+		DEBUG(0,("add_posix_lock: Failed to add lock entry on file %s\n", fsp->fsp_name));
+		goto fail;
+	}
+
+    SAFE_FREE(dbuf.dptr);
+
+	DEBUG(10,("add_posix_lock: File %s: type = %s: start=%.0f size=%.0f: dev=%.0f inode=%.0f\n",
+			fsp->fsp_name, posix_lock_type_name(lock_type), (double)start, (double)size,
+			(double)fsp->dev, (double)fsp->inode ));
+
+    return True;
+
+ fail:
+    SAFE_FREE(dbuf.dptr);
+    return False;
+}
+
+/****************************************************************************
+ Calculate if locks have any overlap at all.
+****************************************************************************/
+
+static BOOL does_lock_overlap(SMB_OFF_T start1, SMB_OFF_T size1, SMB_OFF_T start2, SMB_OFF_T size2)
+{
+	if (start1 >= start2 && start1 <= start2 + size2)
+		return True;
+
+	if (start1 < start2 && start1 + size1 > start2)
+		return True;
+
+	return False;
+}
+
+/****************************************************************************
+ Delete an entry from the POSIX locking tdb. Returns a copy of the entry being
+ deleted and the number of records that are overlapped by this one, or -1 on error.
+****************************************************************************/
+
+static int delete_posix_lock_entry(files_struct *fsp, SMB_OFF_T start, SMB_OFF_T size, struct posix_lock *pl)
+{
+	TDB_DATA kbuf = locking_key_fsp(fsp);
+	TDB_DATA dbuf;
+	struct posix_lock *locks;
+	size_t i, count;
+	BOOL found = False;
+	int num_overlapping_records = 0;
+
+	dbuf.dptr = NULL;
+	
+	dbuf = tdb_fetch(posix_lock_tdb, kbuf);
+
+	if (!dbuf.dptr) {
+		DEBUG(10,("delete_posix_lock_entry: tdb_fetch failed !\n"));
+		goto fail;
+	}
+
+	/* There are existing locks - find a match. */
+	locks = (struct posix_lock *)dbuf.dptr;
+	count = (size_t)(dbuf.dsize / sizeof(*locks));
+
+	/*
+	 * Search for and delete the first record that matches the
+	 * unlock criteria.
+	 */
+
+	for (i=0; i<count; i++) { 
+		struct posix_lock *entry = &locks[i];
+
+		if (entry->fd == fsp->fd &&
+			entry->start == start &&
+			entry->size == size) {
+
+			/* Make a copy if requested. */
+			if (pl)
+				*pl = *entry;
+
+			/* Found it - delete it. */
+			if (count == 1) {
+				tdb_delete(posix_lock_tdb, kbuf);
+			} else {
+				if (i < count-1) {
+					memmove(&locks[i], &locks[i+1], sizeof(*locks)*((count-1) - i));
+				}
+				dbuf.dsize -= sizeof(*locks);
+				tdb_store(posix_lock_tdb, kbuf, dbuf, TDB_REPLACE);
+			}
+			count--;
+			found = True;
+			break;
+		}
+	}
+
+	if (!found)
+		goto fail;
+
+	/*
+	 * Count the number of entries that are
+	 * overlapped by this unlock request.
+	 */
+
+	for (i = 0; i < count; i++) {
+		struct posix_lock *entry = &locks[i];
+
+		if (fsp->fd == entry->fd &&
+			does_lock_overlap( start, size, entry->start, entry->size))
+				num_overlapping_records++;
+	}
+
+	DEBUG(10,("delete_posix_lock_entry: type = %s: start=%.0f size=%.0f, num_records = %d\n",
+			posix_lock_type_name(pl->lock_type), (double)pl->start, (double)pl->size,
+				(unsigned int)num_overlapping_records ));
+
+    SAFE_FREE(dbuf.dptr);
+
+	return num_overlapping_records;
+
+ fail:
+    SAFE_FREE(dbuf.dptr);
+    return -1;
+}
+
+/****************************************************************************
+ Utility function to map a lock type correctly depending on the open
+ mode of a file.
+****************************************************************************/
+
+static int map_posix_lock_type( files_struct *fsp, enum brl_type lock_type)
+{
+	if((lock_type == WRITE_LOCK) && !fsp->can_write) {
+		/*
+		 * Many UNIX's cannot get a write lock on a file opened read-only.
+		 * Win32 locking semantics allow this.
+		 * Do the best we can and attempt a read-only lock.
+		 */
+		DEBUG(10,("map_posix_lock_type: Downgrading write lock to read due to read-only file.\n"));
+		return F_RDLCK;
+	} else if((lock_type == READ_LOCK) && !fsp->can_read) {
+		/*
+		 * Ditto for read locks on write only files.
+		 */
+		DEBUG(10,("map_posix_lock_type: Changing read lock to write due to write-only file.\n"));
+		return F_WRLCK;
+	}
+
+  /*
+   * This return should be the most normal, as we attempt
+   * to always open files read/write.
+   */
+
+  return (lock_type == READ_LOCK) ? F_RDLCK : F_WRLCK;
+}
+
+/****************************************************************************
+ Check to see if the given unsigned lock range is within the possible POSIX
+ range. Modifies the given args to be in range if possible, just returns
+ False if not.
+****************************************************************************/
+
+static BOOL posix_lock_in_range(SMB_OFF_T *offset_out, SMB_OFF_T *count_out,
+								SMB_BIG_UINT u_offset, SMB_BIG_UINT u_count)
+{
+	SMB_OFF_T offset = (SMB_OFF_T)u_offset;
+	SMB_OFF_T count = (SMB_OFF_T)u_count;
+
+	/*
+	 * For the type of system we are, attempt to
+	 * find the maximum positive lock offset as an SMB_OFF_T.
+	 */
+
+#if defined(LARGE_SMB_OFF_T) && !defined(HAVE_BROKEN_FCNTL64_LOCKS)
+
+	/*
+	 * In this case SMB_OFF_T is 64 bits,
+	 * and the underlying system can handle 64 bit signed locks.
+	 */
+
+    SMB_OFF_T mask2 = ((SMB_OFF_T)0x4) << (SMB_OFF_T_BITS-4);
+    SMB_OFF_T mask = (mask2<<1);
+    SMB_OFF_T max_positive_lock_offset = ~mask;
+
+#else /* !LARGE_SMB_OFF_T || HAVE_BROKEN_FCNTL64_LOCKS */
+
+	/*
+	 * In this case either SMB_OFF_T is 32 bits,
+	 * or the underlying system cannot handle 64 bit signed locks.
+	 * All offsets & counts must be 2^31 or less.
+	 */
+
+    SMB_OFF_T max_positive_lock_offset = 0x7FFFFFFF;
+
+#endif /* !LARGE_SMB_OFF_T || HAVE_BROKEN_FCNTL64_LOCKS */
+
+	/*
+	 * POSIX locks of length zero mean lock to end-of-file.
+	 * Win32 locks of length zero are point probes. Ignore
+	 * any Win32 locks of length zero. JRA.
+	 */
+
+	if (count == (SMB_OFF_T)0) {
+		DEBUG(10,("posix_lock_in_range: count = 0, ignoring.\n"));
+		return False;
+	}
+
+	/*
+	 * If the given offset was > max_positive_lock_offset then we cannot map this at all
+	 * ignore this lock.
+	 */
+
+	if (u_offset & ~((SMB_BIG_UINT)max_positive_lock_offset)) {
+		DEBUG(10,("posix_lock_in_range: (offset = %.0f) offset > %.0f and we cannot handle this. Ignoring lock.\n",
+				(double)u_offset, (double)((SMB_BIG_UINT)max_positive_lock_offset) ));
+		return False;
+	}
+
+	/*
+	 * We must truncate the offset and count to less than max_positive_lock_offset.
+	 */
+
+	offset &= max_positive_lock_offset;
+	count &= max_positive_lock_offset;
+
+
+	/*
+	 * Deal with a very common case of count of all ones.
+	 * (lock entire file).
+	 */
+
+	if(count == (SMB_OFF_T)-1)
+		count = max_positive_lock_offset;
+
+	/*
+	 * Truncate count to end at max lock offset.
+	 */
+
+	if (offset + count < 0 || offset + count > max_positive_lock_offset)
+		count = max_positive_lock_offset - offset;
+
+	/*
+	 * If we ate all the count, ignore this lock.
+	 */
+
+	if (count == 0) {
+		DEBUG(10,("posix_lock_in_range: Count = 0. Ignoring lock u_offset = %.0f, u_count = %.0f\n",
+				(double)u_offset, (double)u_count ));
+		return False;
+	}
+
+	/*
+	 * The mapping was successful.
+	 */
+
+	DEBUG(10,("posix_lock_in_range: offset_out = %.0f, count_out = %.0f\n",
+			(double)offset, (double)count ));
+
+	*offset_out = offset;
+	*count_out = count;
+	
+	return True;
+}
+
+/****************************************************************************
+ Actual function that does POSIX locks. Copes with 64 -> 32 bit cruft and
+ broken NFS implementations.
+****************************************************************************/
+
+static BOOL posix_fcntl_lock(files_struct *fsp, int op, SMB_OFF_T offset, SMB_OFF_T count, int type)
+{
+	int ret;
+	struct connection_struct *conn = fsp->conn;
+
+	DEBUG(8,("posix_fcntl_lock %d %d %.0f %.0f %d\n",fsp->fd,op,(double)offset,(double)count,type));
+
+	ret = conn->vfs_ops.lock(fsp,fsp->fd,op,offset,count,type);
+
+	if (!ret && ((errno == EFBIG) || (errno == ENOLCK) || (errno ==  EINVAL))) {
+
+		DEBUG(0,("posix_fcntl_lock: WARNING: lock request at offset %.0f, length %.0f returned\n",
+					(double)offset,(double)count));
+		DEBUG(0,("an %s error. This can happen when using 64 bit lock offsets\n", strerror(errno)));
+		DEBUG(0,("on 32 bit NFS mounted file systems.\n"));
+
+		/*
+		 * If the offset is > 0x7FFFFFFF then this will cause problems on
+		 * 32 bit NFS mounted filesystems. Just ignore it.
+		 */
+
+		if (offset & ~((SMB_OFF_T)0x7fffffff)) {
+			DEBUG(0,("Offset greater than 31 bits. Returning success.\n"));
+			return True;
+		}
+
+		if (count & ~((SMB_OFF_T)0x7fffffff)) {
+			/* 32 bit NFS file system, retry with smaller offset */
+			DEBUG(0,("Count greater than 31 bits - retrying with 31 bit truncated length.\n"));
+			errno = 0;
+			count &= 0x7fffffff;
+			ret = conn->vfs_ops.lock(fsp,fsp->fd,op,offset,count,type);
+		}
+	}
+
+	DEBUG(8,("posix_fcntl_lock: Lock call %s\n", ret ? "successful" : "failed"));
+
+	return ret;
+}
+
+/****************************************************************************
+ POSIX function to see if a file region is locked. Returns True if the
+ region is locked, False otherwise.
+****************************************************************************/
+
+BOOL is_posix_locked(files_struct *fsp, SMB_BIG_UINT u_offset, SMB_BIG_UINT u_count, enum brl_type lock_type)
+{
+	SMB_OFF_T offset;
+	SMB_OFF_T count;
+	int posix_lock_type = map_posix_lock_type(fsp,lock_type);
+
+	DEBUG(10,("is_posix_locked: File %s, offset = %.0f, count = %.0f, type = %s\n",
+			fsp->fsp_name, (double)u_offset, (double)u_count, posix_lock_type_name(lock_type) ));
+
+	/*
+	 * If the requested lock won't fit in the POSIX range, we will
+	 * never set it, so presume it is not locked.
+	 */
+
+	if(!posix_lock_in_range(&offset, &count, u_offset, u_count))
+		return False;
+
+	/*
+	 * Note that most UNIX's can *test* for a write lock on
+	 * a read-only fd, just not *set* a write lock on a read-only
+	 * fd. So we don't need to use map_lock_type here.
+	 */ 
+
+	return posix_fcntl_lock(fsp,SMB_F_GETLK,offset,count,posix_lock_type);
+}
+
+/*
+ * Structure used when splitting a lock range
+ * into a POSIX lock range. Doubly linked list.
+ */
+
+struct lock_list {
+    struct lock_list *next;
+    struct lock_list *prev;
+    SMB_OFF_T start;
+    SMB_OFF_T size;
+};
+
+/****************************************************************************
+ Create a list of lock ranges that don't overlap a given range. Used in calculating
+ POSIX locks and unlocks. This is a difficult function that requires ASCII art to
+ understand it :-).
+****************************************************************************/
+
+static struct lock_list *posix_lock_list(TALLOC_CTX *ctx, struct lock_list *lhead, files_struct *fsp)
+{
+	TDB_DATA kbuf = locking_key_fsp(fsp);
+	TDB_DATA dbuf;
+	struct posix_lock *locks;
+	size_t num_locks, i;
+
+	dbuf.dptr = NULL;
+
+	dbuf = tdb_fetch(posix_lock_tdb, kbuf);
+
+	if (!dbuf.dptr)
+		return lhead;
+	
+	locks = (struct posix_lock *)dbuf.dptr;
+	num_locks = (size_t)(dbuf.dsize / sizeof(*locks));
+
+	/*
+	 * Check the current lock list on this dev/inode pair.
+	 * Quit if the list is deleted.
+	 */
+
+	DEBUG(10,("posix_lock_list: curr: start=%.0f,size=%.0f\n",
+		(double)lhead->start, (double)lhead->size ));
+
+	for (i=0; i<num_locks && lhead; i++) {
+
+		struct posix_lock *lock = &locks[i];
+		struct lock_list *l_curr;
+
+		/*
+		 * Walk the lock list, checking for overlaps. Note that
+		 * the lock list can expand within this loop if the current
+		 * range being examined needs to be split.
+		 */
+
+		for (l_curr = lhead; l_curr;) {
+
+			DEBUG(10,("posix_lock_list: lock: fd=%d: start=%.0f,size=%.0f:type=%s", lock->fd,
+				(double)lock->start, (double)lock->size, posix_lock_type_name(lock->lock_type) ));
+
+			if ( (l_curr->start >= (lock->start + lock->size)) ||
+				 (lock->start >= (l_curr->start + l_curr->size))) {
+
+				/* No overlap with this lock - leave this range alone. */
+/*********************************************
+                                             +---------+
+                                             | l_curr  |
+                                             +---------+
+                                +-------+
+                                | lock  |
+                                +-------+
+OR....
+             +---------+
+             |  l_curr |
+             +---------+
+**********************************************/
+
+				DEBUG(10,("no overlap case.\n" ));
+
+				l_curr = l_curr->next;
+
+			} else if ( (l_curr->start >= lock->start) &&
+						(l_curr->start + l_curr->size <= lock->start + lock->size) ) {
+
+				/*
+				 * This unlock is completely overlapped by this existing lock range
+				 * and thus should have no effect (not be unlocked). Delete it from the list.
+				 */
+/*********************************************
+                +---------+
+                |  l_curr |
+                +---------+
+        +---------------------------+
+        |       lock                |
+        +---------------------------+
+**********************************************/
+				/* Save the next pointer */
+				struct lock_list *ul_next = l_curr->next;
+
+				DEBUG(10,("delete case.\n" ));
+
+				DLIST_REMOVE(lhead, l_curr);
+				if(lhead == NULL)
+					break; /* No more list... */
+
+				l_curr = ul_next;
+				
+			} else if ( (l_curr->start >= lock->start) &&
+						(l_curr->start < lock->start + lock->size) &&
+						(l_curr->start + l_curr->size > lock->start + lock->size) ) {
+
+				/*
+				 * This unlock overlaps the existing lock range at the high end.
+				 * Truncate by moving start to existing range end and reducing size.
+				 */
+/*********************************************
+                +---------------+
+                |  l_curr       |
+                +---------------+
+        +---------------+
+        |    lock       |
+        +---------------+
+BECOMES....
+                        +-------+
+                        | l_curr|
+                        +-------+
+**********************************************/
+
+				l_curr->size = (l_curr->start + l_curr->size) - (lock->start + lock->size);
+				l_curr->start = lock->start + lock->size;
+
+				DEBUG(10,("truncate high case: start=%.0f,size=%.0f\n",
+								(double)l_curr->start, (double)l_curr->size ));
+
+				l_curr = l_curr->next;
+
+			} else if ( (l_curr->start < lock->start) &&
+						(l_curr->start + l_curr->size > lock->start) &&
+						(l_curr->start + l_curr->size <= lock->start + lock->size) ) {
+
+				/*
+				 * This unlock overlaps the existing lock range at the low end.
+				 * Truncate by reducing size.
+				 */
+/*********************************************
+   +---------------+
+   |  l_curr       |
+   +---------------+
+           +---------------+
+           |    lock       |
+           +---------------+
+BECOMES....
+   +-------+
+   | l_curr|
+   +-------+
+**********************************************/
+
+				l_curr->size = lock->start - l_curr->start;
+
+				DEBUG(10,("truncate low case: start=%.0f,size=%.0f\n",
+								(double)l_curr->start, (double)l_curr->size ));
+
+				l_curr = l_curr->next;
+		
+			} else if ( (l_curr->start < lock->start) &&
+						(l_curr->start + l_curr->size > lock->start + lock->size) ) {
+				/*
+				 * Worst case scenario. Unlock request completely overlaps an existing
+				 * lock range. Split the request into two, push the new (upper) request
+				 * into the dlink list, and continue with the entry after ul_new (as we
+				 * know that ul_new will not overlap with this lock).
+				 */
+/*********************************************
+        +---------------------------+
+        |        l_curr             |
+        +---------------------------+
+                +---------+
+                | lock    |
+                +---------+
+BECOMES.....
+        +-------+         +---------+
+        | l_curr|         | l_new   |
+        +-------+         +---------+
+**********************************************/
+				struct lock_list *l_new = (struct lock_list *)talloc(ctx,
+													sizeof(struct lock_list));
+
+				if(l_new == NULL) {
+					DEBUG(0,("posix_lock_list: talloc fail.\n"));
+					return NULL; /* The talloc_destroy takes care of cleanup. */
+				}
+
+				ZERO_STRUCTP(l_new);
+				l_new->start = lock->start + lock->size;
+				l_new->size = l_curr->start + l_curr->size - l_new->start;
+
+				/* Truncate the l_curr. */
+				l_curr->size = lock->start - l_curr->start;
+
+				DEBUG(10,("split case: curr: start=%.0f,size=%.0f \
+new: start=%.0f,size=%.0f\n", (double)l_curr->start, (double)l_curr->size,
+								(double)l_new->start, (double)l_new->size ));
+
+				/*
+				 * Add into the dlink list after the l_curr point - NOT at lhead. 
+				 * Note we can't use DLINK_ADD here as this inserts at the head of the given list.
+				 */
+
+				l_new->prev = l_curr;
+				l_new->next = l_curr->next;
+				l_curr->next = l_new;
+
+				/* And move after the link we added. */
+				l_curr = l_new->next;
+
+			} else {
+
+				/*
+				 * This logic case should never happen. Ensure this is the
+				 * case by forcing an abort.... Remove in production.
+				 */
+				pstring msg;
+
+				slprintf(msg, sizeof(msg)-1, "logic flaw in cases: l_curr: start = %.0f, size = %.0f : \
+lock: start = %.0f, size = %.0f\n", (double)l_curr->start, (double)l_curr->size, (double)lock->start, (double)lock->size );
+
+				smb_panic(msg);
+			}
+		} /* end for ( l_curr = lhead; l_curr;) */
+	} /* end for (i=0; i<num_locks && ul_head; i++) */
+
+	SAFE_FREE(dbuf.dptr);
+	
+	return lhead;
+}
+
+/****************************************************************************
+ POSIX function to acquire a lock. Returns True if the
+ lock could be granted, False if not.
+****************************************************************************/
+
+BOOL set_posix_lock(files_struct *fsp, SMB_BIG_UINT u_offset, SMB_BIG_UINT u_count, enum brl_type lock_type)
+{
+	SMB_OFF_T offset;
+	SMB_OFF_T count;
+	BOOL ret = True;
+	size_t entry_num = 0;
+	size_t lock_count;
+	TALLOC_CTX *l_ctx = NULL;
+	struct lock_list *llist = NULL;
+	struct lock_list *ll = NULL;
+	int posix_lock_type = map_posix_lock_type(fsp,lock_type);
+
+	DEBUG(5,("set_posix_lock: File %s, offset = %.0f, count = %.0f, type = %s\n",
+			fsp->fsp_name, (double)u_offset, (double)u_count, posix_lock_type_name(lock_type) ));
+
+	/*
+	 * If the requested lock won't fit in the POSIX range, we will
+	 * pretend it was successful.
+	 */
+
+	if(!posix_lock_in_range(&offset, &count, u_offset, u_count))
+		return True;
+
+	/*
+	 * Windows is very strange. It allows read locks to be overlayed
+	 * (even over a write lock), but leaves the write lock in force until the first
+	 * unlock. It also reference counts the locks. This means the following sequence :
+	 *
+	 * process1                                      process2
+	 * ------------------------------------------------------------------------
+	 * WRITE LOCK : start = 2, len = 10
+	 *                                            READ LOCK: start =0, len = 10 - FAIL
+	 * READ LOCK : start = 0, len = 14 
+	 *                                            READ LOCK: start =0, len = 10 - FAIL
+	 * UNLOCK : start = 2, len = 10
+	 *                                            READ LOCK: start =0, len = 10 - OK
+	 *
+	 * Under POSIX, the same sequence in steps 1 and 2 would not be reference counted, but
+	 * would leave a single read lock over the 0-14 region. In order to
+	 * re-create Windows semantics mapped to POSIX locks, we create multiple TDB
+	 * entries, one for each overlayed lock request. We are guarenteed by the brlock
+	 * semantics that if a write lock is added, then it will be first in the array.
+	 */
+	
+	if ((l_ctx = talloc_init()) == NULL) {
+		DEBUG(0,("set_posix_lock: unable to init talloc context.\n"));
+		return True; /* Not a fatal error. */
+	}
+
+	if ((ll = (struct lock_list *)talloc(l_ctx, sizeof(struct lock_list))) == NULL) {
+		DEBUG(0,("set_posix_lock: unable to talloc unlock list.\n"));
+		talloc_destroy(l_ctx);
+		return True; /* Not a fatal error. */
+	}
+
+	/*
+	 * Create the initial list entry containing the
+	 * lock we want to add.
+	 */
+
+	ZERO_STRUCTP(ll);
+	ll->start = offset;
+	ll->size = count;
+
+	DLIST_ADD(llist, ll);
+
+	/*
+	 * The following call calculates if there are any
+	 * overlapping locks held by this process on
+	 * fd's open on the same file and splits this list
+	 * into a list of lock ranges that do not overlap with existing
+	 * POSIX locks.
+	 */
+
+	llist = posix_lock_list(l_ctx, llist, fsp);
+
+	/*
+	 * Now we have the list of ranges to lock it is safe to add the
+	 * entry into the POSIX lock tdb. We take note of the entry we
+	 * added here in case we have to remove it on POSIX lock fail.
+	 */
+
+	if (!add_posix_lock_entry(fsp,offset,count,posix_lock_type,&entry_num)) {
+		DEBUG(0,("set_posix_lock: Unable to create posix lock entry !\n"));
+		talloc_destroy(l_ctx);
+		return False;
+	}
+
+	/*
+	 * Add the POSIX locks on the list of ranges returned.
+	 * As the lock is supposed to be added atomically, we need to
+	 * back out all the locks if any one of these calls fail.
+	 */
+
+	for (lock_count = 0, ll = llist; ll; ll = ll->next, lock_count++) {
+		offset = ll->start;
+		count = ll->size;
+
+		DEBUG(5,("set_posix_lock: Real lock: Type = %s: offset = %.0f, count = %.0f\n",
+			posix_lock_type_name(posix_lock_type), (double)offset, (double)count ));
+
+		if (!posix_fcntl_lock(fsp,SMB_F_SETLK,offset,count,posix_lock_type)) {
+			DEBUG(5,("set_posix_lock: Lock fail !: Type = %s: offset = %.0f, count = %.0f. Errno = %s\n",
+				posix_lock_type_name(posix_lock_type), (double)offset, (double)count, strerror(errno) ));
+			ret = False;
+			break;
+		}
+	}
+
+	if (!ret) {
+
+		/*
+		 * Back out all the POSIX locks we have on fail.
+		 */
+
+		for (ll = llist; lock_count; ll = ll->next, lock_count--) {
+			offset = ll->start;
+			count = ll->size;
+
+			DEBUG(5,("set_posix_lock: Backing out locks: Type = %s: offset = %.0f, count = %.0f\n",
+				posix_lock_type_name(posix_lock_type), (double)offset, (double)count ));
+
+			posix_fcntl_lock(fsp,SMB_F_SETLK,offset,count,F_UNLCK);
+		}
+
+		/*
+		 * Remove the tdb entry for this lock.
+		 */
+
+		delete_posix_lock_entry_by_index(fsp,entry_num);
+	}
+
+	talloc_destroy(l_ctx);
+	return ret;
+}
+
+/****************************************************************************
+ POSIX function to release a lock. Returns True if the
+ lock could be released, False if not.
+****************************************************************************/
+
+BOOL release_posix_lock(files_struct *fsp, SMB_BIG_UINT u_offset, SMB_BIG_UINT u_count)
+{
+	SMB_OFF_T offset;
+	SMB_OFF_T count;
+	BOOL ret = True;
+	TALLOC_CTX *ul_ctx = NULL;
+	struct lock_list *ulist = NULL;
+	struct lock_list *ul = NULL;
+	struct posix_lock deleted_lock;
+	int num_overlapped_entries;
+
+	DEBUG(5,("release_posix_lock: File %s, offset = %.0f, count = %.0f\n",
+		fsp->fsp_name, (double)u_offset, (double)u_count ));
+
+	/*
+	 * If the requested lock won't fit in the POSIX range, we will
+	 * pretend it was successful.
+	 */
+
+	if(!posix_lock_in_range(&offset, &count, u_offset, u_count))
+		return True;
+
+	/*
+	 * We treat this as one unlock request for POSIX accounting purposes even
+	 * if it may later be split into multiple smaller POSIX unlock ranges.
+	 * num_overlapped_entries is the number of existing locks that have any
+	 * overlap with this unlock request.
+	 */ 
+
+	num_overlapped_entries = delete_posix_lock_entry(fsp, offset, count, &deleted_lock);
+
+	if (num_overlapped_entries == -1) {
+        smb_panic("release_posix_lock: unable find entry to delete !\n");
+	}
+
+	/*
+	 * If num_overlapped_entries is > 0, and the lock_type we just deleted from the tdb was
+	 * a POSIX write lock, then before doing the unlock we need to downgrade
+	 * the POSIX lock to a read lock. This allows any overlapping read locks
+	 * to be atomically maintained.
+	 */
+
+	if (num_overlapped_entries > 0 && deleted_lock.lock_type == F_WRLCK) {
+		if (!posix_fcntl_lock(fsp,SMB_F_SETLK,offset,count,F_RDLCK)) {
+			DEBUG(0,("release_posix_lock: downgrade of lock failed with error %s !\n", strerror(errno) ));
+			return False;
+		}
+	}
+
+	if ((ul_ctx = talloc_init()) == NULL) {
+		DEBUG(0,("release_posix_lock: unable to init talloc context.\n"));
+		return True; /* Not a fatal error. */
+	}
+
+	if ((ul = (struct lock_list *)talloc(ul_ctx, sizeof(struct lock_list))) == NULL) {
+		DEBUG(0,("release_posix_lock: unable to talloc unlock list.\n"));
+		talloc_destroy(ul_ctx);
+		return True; /* Not a fatal error. */
+	}
+
+	/*
+	 * Create the initial list entry containing the
+	 * lock we want to remove.
+	 */
+
+	ZERO_STRUCTP(ul);
+	ul->start = offset;
+	ul->size = count;
+
+	DLIST_ADD(ulist, ul);
+
+	/*
+	 * The following call calculates if there are any
+	 * overlapping locks held by this process on
+	 * fd's open on the same file and creates a
+	 * list of unlock ranges that will allow
+	 * POSIX lock ranges to remain on the file whilst the
+	 * unlocks are performed.
+	 */
+
+	ulist = posix_lock_list(ul_ctx, ulist, fsp);
+
+	/*
+	 * Release the POSIX locks on the list of ranges returned.
+	 */
+
+	for(; ulist; ulist = ulist->next) {
+		offset = ulist->start;
+		count = ulist->size;
+
+		DEBUG(5,("release_posix_lock: Real unlock: offset = %.0f, count = %.0f\n",
+			(double)offset, (double)count ));
+
+		if (!posix_fcntl_lock(fsp,SMB_F_SETLK,offset,count,F_UNLCK))
+			ret = False;
+	}
+
+	talloc_destroy(ul_ctx);
+
+	return ret;
+}
+
+/****************************************************************************
+ Remove all lock entries for a specific dev/inode pair from the tdb.
+****************************************************************************/
+
+static void delete_posix_lock_entries(files_struct *fsp)
+{
+	TDB_DATA kbuf = locking_key_fsp(fsp);
+
+	if (tdb_delete(posix_lock_tdb, kbuf) == -1)
+		DEBUG(0,("delete_close_entries: tdb_delete fail !\n"));
+}
+
+/****************************************************************************
+ Debug function.
+****************************************************************************/
+
+static void dump_entry(struct posix_lock *pl)
+{
+	DEBUG(10,("entry: start=%.0f, size=%.0f, type=%d, fd=%i\n",
+		(double)pl->start, (double)pl->size, (int)pl->lock_type, pl->fd ));
+}
+
+/****************************************************************************
+ Remove any locks on this fd. Called from file_close().
+****************************************************************************/
+
+void posix_locking_close_file(files_struct *fsp)
+{
+	struct posix_lock *entries = NULL;
+	size_t count, i;
+
+	/*
+	 * Optimization for the common case where we are the only
+	 * opener of a file. If all fd entries are our own, we don't
+	 * need to explicitly release all the locks via the POSIX functions,
+	 * we can just remove all the entries in the tdb and allow the
+	 * close to remove the real locks.
+	 */
+
+	count = get_posix_lock_entries(fsp, &entries);
+
+	if (count == 0) {
+		DEBUG(10,("posix_locking_close_file: file %s has no outstanding locks.\n", fsp->fsp_name ));
+		return;
+	}
+
+	for (i = 0; i < count; i++) {
+		if (entries[i].fd != fsp->fd )
+			break;
+
+		dump_entry(&entries[i]);
+	}
+
+	if (i == count) {
+		/* All locks are ours. */
+		DEBUG(10,("posix_locking_close_file: file %s has %u outstanding locks, but all on one fd.\n", 
+			fsp->fsp_name, (unsigned int)count ));
+		SAFE_FREE(entries);
+		delete_posix_lock_entries(fsp);
+		return;
+	}
+
+	/*
+	 * Difficult case. We need to delete all our locks, whilst leaving
+	 * all other POSIX locks in place.
+	 */
+
+	for (i = 0; i < count; i++) {
+		struct posix_lock *pl = &entries[i];
+		if (pl->fd == fsp->fd)
+			release_posix_lock(fsp, (SMB_BIG_UINT)pl->start, (SMB_BIG_UINT)pl->size );
+	}
+	SAFE_FREE(entries);
+}
+
+/*******************************************************************
+ Create the in-memory POSIX lock databases.
+********************************************************************/
+
+BOOL posix_locking_init(int read_only)
+{
+	if (posix_lock_tdb && posix_pending_close_tdb)
+		return True;
+	
+	if (!posix_lock_tdb)
+		posix_lock_tdb = tdb_open_log(NULL, 0, TDB_INTERNAL,
+					  read_only?O_RDONLY:(O_RDWR|O_CREAT), 0644);
+	if (!posix_lock_tdb) {
+		DEBUG(0,("Failed to open POSIX byte range locking database.\n"));
+		return False;
+	}
+	if (!posix_pending_close_tdb)
+		posix_pending_close_tdb = tdb_open_log(NULL, 0, TDB_INTERNAL,
+						   read_only?O_RDONLY:(O_RDWR|O_CREAT), 0644);
+	if (!posix_pending_close_tdb) {
+		DEBUG(0,("Failed to open POSIX pending close database.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ Delete the in-memory POSIX lock databases.
+********************************************************************/
+
+BOOL posix_locking_end(void)
+{
+    if (posix_lock_tdb && tdb_close(posix_lock_tdb) != 0)
+		return False;
+    if (posix_pending_close_tdb && tdb_close(posix_pending_close_tdb) != 0)
+		return False;
+	return True;
+}
diff --git a/source3/mainpage.dox b/source3/mainpage.dox
new file mode 100644
index 0000000000..8b72f80462
--- /dev/null
+++ b/source3/mainpage.dox
@@ -0,0 +1,7 @@
+/**
+
+@mainpage
+
+@li \ref CodingSuggestions
+
+**/
diff --git a/source3/md4.h b/source3/md4.h
deleted file mode 100644
index 3f60d75fe3..0000000000
--- a/source3/md4.h
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
-   This code is from rfc1186. 
-*/
-
- /*
- ** ********************************************************************
- ** md4.h -- Header file for implementation of                        **
- ** MD4 Message Digest Algorithm                                      **
- ** Updated: 2/13/90 by Ronald L. Rivest                              **
- ** (C) 1990 RSA Data Security, Inc.                                  **
- ** ********************************************************************
- */
-
- /* MDstruct is the data structure for a message digest computation.
- */
- typedef struct {
-   unsigned int buffer[4]; /* Holds 4-word result of MD computation */
-   unsigned char count[8]; /* Number of bits processed so far */
-   unsigned int done;      /* Nonzero means MD computation finished */
- } MDstruct, *MDptr;
-
- /* MDbegin(MD)
-
-
-
- ** Input: MD -- an MDptr
- ** Initialize the MDstruct prepatory to doing a message digest
- ** computation.
- */
- extern void MDbegin();
-
- /* MDupdate(MD,X,count)
- ** Input: MD -- an MDptr
- **        X -- a pointer to an array of unsigned characters.
- **        count -- the number of bits of X to use (an unsigned int).
- ** Updates MD using the first "count" bits of X.
- ** The array pointed to by X is not modified.
- ** If count is not a multiple of 8, MDupdate uses high bits of
- ** last byte.
- ** This is the basic input routine for a user.
- ** The routine terminates the MD computation when count < 512, so
- ** every MD computation should end with one call to MDupdate with a
- ** count less than 512.  Zero is OK for a count.
- */
- extern void MDupdate();
-
- /* MDprint(MD)
- ** Input: MD -- an MDptr
- ** Prints message digest buffer MD as 32 hexadecimal digits.
- ** Order is from low-order byte of buffer[0] to high-order byte
- ** of buffer[3].
- ** Each byte is printed with high-order hexadecimal digit first.
- */
- extern void MDprint();
-
- /*
- ** End of md4.h
- */
diff --git a/source3/msdfs/README b/source3/msdfs/README
new file mode 100644
index 0000000000..0e924b31dc
--- /dev/null
+++ b/source3/msdfs/README
@@ -0,0 +1,32 @@
+Setting up MS Dfs in Samba
+kalele@veritas.com March 2000
+
+Currently, MS Dfs support is a configure time parameter (--with-msdfs). Can be changed later to always compile it in..
+
+To have a server announce itself as a Dfs server, add a "host msdfs=yes" entry to smb.conf.
+
+To make a share a Dfs root, add a "msdfs root=yes" entry to the share definition 
+in the smb.conf file.
+e.g. 
+[pub]
+	path = /export/publicsmb
+	msdfs root = yes
+
+To create dfs volumes/junctions in the share, create symbolic links of the
+format msdfs:server1\share1,server2\share2 and so on.
+
+In the above example, create a dfs volume "dfsstorage" in the [pub] share as:
+cd /export/publicsmb
+ln -s msdfs:serverA\\share dfsstorage
+
+Clicking on dfsstorage from a dfs-aware client will show you the contents of 
+\\serverA\share
+
+Shares with "msdfs root = no" (which is the default) entries are served as normal 
+shares and the client stops talking Dfs with Samba after a tconX.
+
+NOTES: 
+* Windows clients need to be rebooted if a non-dfs root is made a dfs root or
+  vice versa. A better option is to introduce a new share and make it the dfs root.
+* Currently there's a restriction that msdfs symlink names should be all 
+  lowercase.
diff --git a/source3/msdfs/msdfs.c b/source3/msdfs/msdfs.c
new file mode 100644
index 0000000000..5ddf7f84f8
--- /dev/null
+++ b/source3/msdfs/msdfs.c
@@ -0,0 +1,737 @@
+/* 
+   Unix SMB/CIFS implementation.
+   MSDfs services for Samba
+   Copyright (C) Shirish Kalele 2000
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+extern pstring global_myname;
+
+/**********************************************************************
+ Create a tcon relative path from a dfs_path structure
+ **********************************************************************/
+
+static void create_nondfs_path(char* pathname, struct dfs_path* pdp)
+{
+	pstrcpy(pathname,pdp->volumename); 
+	pstrcat(pathname,"\\"); 
+	pstrcat(pathname,pdp->restofthepath); 
+}
+
+/**********************************************************************
+  Parse the pathname  of the form \hostname\service\volume\restofthepath
+  into the dfs_path structure 
+ **********************************************************************/
+
+static BOOL parse_dfs_path(char* pathname, struct dfs_path* pdp)
+{
+	pstring pathname_local;
+	char* p,*temp;
+
+	pstrcpy(pathname_local,pathname);
+	p = temp = pathname_local;
+
+	ZERO_STRUCTP(pdp);
+
+	trim_string(temp,"\\","\\");
+	DEBUG(10,("temp in parse_dfs_path: .%s. after trimming \\'s\n",temp));
+
+	/* now tokenize */
+	/* parse out hostname */
+	p = strchr_m(temp,'\\');
+	if(p == NULL)
+		return False;
+	*p = '\0';
+	pstrcpy(pdp->hostname,temp);
+	DEBUG(10,("hostname: %s\n",pdp->hostname));
+
+	/* parse out servicename */
+	temp = p+1;
+	p = strchr_m(temp,'\\');
+	if(p == NULL) {
+		pstrcpy(pdp->servicename,temp);
+		return True;
+	}
+	*p = '\0';
+	pstrcpy(pdp->servicename,temp);
+	DEBUG(10,("servicename: %s\n",pdp->servicename));
+
+	/* parse out volumename */
+	temp = p+1;
+	p = strchr_m(temp,'\\');
+	if(p == NULL) {
+		pstrcpy(pdp->volumename,temp);
+		return True;
+	}
+	*p = '\0';
+	pstrcpy(pdp->volumename,temp);
+	DEBUG(10,("volumename: %s\n",pdp->volumename));
+
+	/* remaining path .. */
+	pstrcpy(pdp->restofthepath,p+1);
+	DEBUG(10,("rest of the path: %s\n",pdp->restofthepath));
+	return True;
+}
+
+/********************************************************
+ Fake up a connection struct for the VFS layer.
+*********************************************************/
+
+static BOOL create_conn_struct( connection_struct *conn, int snum, char *path)
+{
+	ZERO_STRUCTP(conn);
+	conn->service = snum;
+	conn->connectpath = path;
+
+	if (!smbd_vfs_init(conn)) {
+		DEBUG(0,("create_conn_struct: vfs init failed.\n"));
+		return False;
+	}
+	return True;
+}
+
+/**********************************************************************
+ Forms a valid Unix pathname from the junction 
+ **********************************************************************/
+
+static BOOL form_path_from_junction(struct junction_map* jn, char* path, int max_pathlen,
+								connection_struct *conn)
+{
+	int snum;
+
+	if(!path || !jn)
+		return False;
+
+	snum = lp_servicenumber(jn->service_name);
+	if(snum < 0)
+		return False;
+
+	safe_strcpy(path, lp_pathname(snum), max_pathlen-1);
+	safe_strcat(path, "/", max_pathlen-1);
+	strlower(jn->volume_name);
+	safe_strcat(path, jn->volume_name, max_pathlen-1);
+
+	if (!create_conn_struct(conn, snum, path))
+		return False;
+
+	return True;
+}
+
+/**********************************************************************
+ Creates a junction structure from the Dfs pathname
+ **********************************************************************/
+
+BOOL create_junction(char* pathname, struct junction_map* jn)
+{
+	struct dfs_path dp;
+  
+	parse_dfs_path(pathname,&dp);
+
+	/* check if path is dfs : check hostname is the first token */
+	if(global_myname && (strcasecmp(global_myname,dp.hostname)!=0)) {
+		DEBUG(4,("create_junction: Invalid hostname %s in dfs path %s\n", dp.hostname, pathname));
+		return False;
+	}
+
+	/* Check for a non-DFS share */
+	if(!lp_msdfs_root(lp_servicenumber(dp.servicename))) {
+		DEBUG(4,("create_junction: %s is not an msdfs root.\n", dp.servicename));
+		return False;
+	}
+
+	pstrcpy(jn->service_name,dp.servicename);
+	pstrcpy(jn->volume_name,dp.volumename);
+	return True;
+}
+
+/**********************************************************************
+ Parse the contents of a symlink to verify if it is an msdfs referral
+ A valid referral is of the form: msdfs:server1\share1,server2\share2
+ **********************************************************************/
+
+static BOOL parse_symlink(char* buf,struct referral** preflist, int* refcount)
+{
+	pstring temp;
+	char* prot;
+	char* alt_path[MAX_REFERRAL_COUNT];
+	int count=0, i;
+	struct referral* reflist;
+
+	pstrcpy(temp,buf);
+  
+	prot = strtok(temp,":");
+
+	if(!strequal(prot, "msdfs"))
+		return False;
+
+	/* It's an msdfs referral */
+	if(!preflist) 
+		return True;
+
+	/* parse out the alternate paths */
+	while(((alt_path[count] = strtok(NULL,",")) != NULL) && count<MAX_REFERRAL_COUNT)
+		count++;
+
+	DEBUG(10,("parse_symlink: count=%d\n", count));
+
+	reflist = *preflist = (struct referral*) malloc(count * sizeof(struct referral));
+	if(reflist == NULL) {
+		DEBUG(0,("parse_symlink: Malloc failed!\n"));
+		return False;
+	}
+  
+	for(i=0;i<count;i++) {
+		/* replace / in the alternate path by a \ */
+		char* p = strchr_m(alt_path[i],'/');
+		if(p)
+			*p = '\\'; 
+
+		pstrcpy(reflist[i].alternate_path, "\\");
+		pstrcat(reflist[i].alternate_path, alt_path[i]);
+		reflist[i].proximity = 0;
+		reflist[i].ttl = REFERRAL_TTL;
+		DEBUG(10, ("parse_symlink: Created alt path: %s\n", reflist[i].alternate_path));
+	}
+
+	if(refcount)
+		*refcount = count;
+
+	return True;
+}
+ 
+/**********************************************************************
+ Returns true if the unix path is a valid msdfs symlink
+ **********************************************************************/
+
+BOOL is_msdfs_link(connection_struct* conn, char* path)
+{
+	SMB_STRUCT_STAT st;
+	pstring referral;
+	int referral_len = 0;
+
+	if(!path || !conn)
+		return False;
+
+	strlower(path);
+
+	if(conn->vfs_ops.lstat(conn,path,&st) != 0) {
+		DEBUG(5,("is_msdfs_link: %s does not exist.\n",path));
+		return False;
+	}
+  
+	if(S_ISLNK(st.st_mode)) {
+		/* open the link and read it */
+		referral_len = conn->vfs_ops.readlink(conn, path, referral, sizeof(pstring));
+		if(referral_len == -1)
+			DEBUG(0,("is_msdfs_link: Error reading msdfs link %s: %s\n", path, strerror(errno)));
+
+		referral[referral_len] = '\0';
+		DEBUG(5,("is_msdfs_link: %s -> %s\n",path,referral));
+		if(parse_symlink(referral, NULL, NULL))
+			return True;
+	}
+	return False;
+}
+
+/**********************************************************************
+ Fills in the junction_map struct with the referrals from the 
+ symbolic link
+ **********************************************************************/
+
+BOOL get_referred_path(struct junction_map* junction)
+{
+	pstring path;
+	pstring buf;
+	SMB_STRUCT_STAT st;
+	connection_struct conns;
+ 	connection_struct *conn = &conns;
+ 
+	if(!form_path_from_junction(junction, path, sizeof(path), conn))
+		return False;
+
+	DEBUG(5,("get_referred_path: lstat target: %s\n", path));
+  
+	if(conn->vfs_ops.lstat(conn,path,&st) != 0) {
+		DEBUG(5,("get_referred_path: %s does not exist.\n",path));
+		return False;
+	}
+  
+	if(S_ISLNK(st.st_mode)) {
+		/* open the link and read it to get the dfs referral */
+		int linkcnt = 0;
+		linkcnt = conn->vfs_ops.readlink(conn, path, buf, sizeof(buf));
+		buf[linkcnt] = '\0';
+		DEBUG(5,("get_referred_path: Referral: %s\n",buf));
+		if(parse_symlink(buf, &junction->referral_list, &junction->referral_count))
+			return True;
+	}
+	return False;
+}
+
+/**************************************************************
+Decides if given pathname is Dfs and if it should be redirected
+Converts pathname to non-dfs format if Dfs redirection not required 
+**************************************************************/
+
+BOOL dfs_redirect(char* pathname, connection_struct* conn)
+{
+	struct dfs_path dp;
+	pstring temp;
+	fstring path;
+
+	pstrcpy(temp,pathname);
+
+	if(!lp_msdfs_root(SNUM(conn)) )
+		return False;
+
+	parse_dfs_path(pathname,&dp);
+
+	if(global_myname && (strcasecmp(global_myname,dp.hostname)!=0))
+		return False;
+
+	/* check if need to redirect */
+	fstrcpy(path, conn->connectpath);
+	fstrcat(path, "/");
+	fstrcat(path, dp.volumename);
+	if(is_msdfs_link(conn, path)) {
+		DEBUG(4,("dfs_redirect: Redirecting %s\n",temp));
+		return True;
+	} else {
+		create_nondfs_path(pathname,&dp);
+		DEBUG(4,("dfs_redirect: Not redirecting %s. Converted to non-dfs pathname \'%s\'\n",
+				temp,pathname));
+		return False;
+	}
+}
+
+/*
+  Special DFS redirect call for findfirst's. 
+  If the findfirst is for the dfs junction, then no redirection,
+  if it is for the underlying directory contents, redirect.
+  */
+
+BOOL dfs_findfirst_redirect(char* pathname, connection_struct* conn)
+{
+	struct dfs_path dp;
+  
+	pstring temp;
+
+	pstrcpy(temp,pathname);
+
+	/* Is the path Dfs-redirectable? */
+	if(!dfs_redirect(temp,conn)) {
+		pstrcpy(pathname,temp);
+		return False;
+	}
+
+	parse_dfs_path(pathname,&dp);
+	DEBUG(8,("dfs_findfirst_redirect: path %s is in Dfs. dp.restofthepath=.%s.\n",
+				pathname,dp.restofthepath));
+	if(!(*(dp.restofthepath))) {
+		create_nondfs_path(pathname,&dp);
+		return False;
+	}
+
+	return True;
+}
+
+static int setup_ver2_dfs_referral(char* pathname, char** ppdata, 
+				   struct junction_map* junction,
+				   BOOL self_referral)
+{
+	char* pdata = *ppdata;
+
+	unsigned char uni_requestedpath[1024];
+	int uni_reqpathoffset1,uni_reqpathoffset2;
+	int uni_curroffset;
+	int requestedpathlen=0;
+	int offset;
+	int reply_size = 0;
+	int i=0;
+
+	DEBUG(10,("setting up version2 referral\nRequested path:\n"));
+
+        requestedpathlen = rpcstr_push(uni_requestedpath, pathname, -1,
+                                       STR_TERMINATE);
+
+	dump_data(10,(const char *)uni_requestedpath,requestedpathlen);
+
+	DEBUG(10,("ref count = %u\n",junction->referral_count));
+
+	uni_reqpathoffset1 = REFERRAL_HEADER_SIZE + 
+			VERSION2_REFERRAL_SIZE * junction->referral_count;
+
+	uni_reqpathoffset2 = uni_reqpathoffset1 + requestedpathlen;
+
+	uni_curroffset = uni_reqpathoffset2 + requestedpathlen;
+
+	reply_size = REFERRAL_HEADER_SIZE + VERSION2_REFERRAL_SIZE*junction->referral_count +
+					2 * requestedpathlen;
+	DEBUG(10,("reply_size: %u\n",reply_size));
+
+	/* add up the unicode lengths of all the referral paths */
+	for(i=0;i<junction->referral_count;i++) {
+		DEBUG(10,("referral %u : %s\n",i,junction->referral_list[i].alternate_path));
+		reply_size += (strlen(junction->referral_list[i].alternate_path)+1)*2;
+	}
+
+	DEBUG(10,("reply_size = %u\n",reply_size));
+	/* add the unexplained 0x16 bytes */
+	reply_size += 0x16;
+
+	pdata = Realloc(pdata,reply_size);
+	if(pdata == NULL) {
+		DEBUG(0,("malloc failed for Realloc!\n"));
+		return -1;
+	}
+	else *ppdata = pdata;
+
+	/* copy in the dfs requested paths.. required for offset calculations */
+	memcpy(pdata+uni_reqpathoffset1,uni_requestedpath,requestedpathlen);
+	memcpy(pdata+uni_reqpathoffset2,uni_requestedpath,requestedpathlen);
+
+	/* create the header */
+	SSVAL(pdata,0,requestedpathlen-2); /* path consumed */
+	SSVAL(pdata,2,junction->referral_count); /* number of referral in this pkt */
+	if(self_referral)
+		SIVAL(pdata,4,DFSREF_REFERRAL_SERVER | DFSREF_STORAGE_SERVER); 
+	else
+		SIVAL(pdata,4,DFSREF_STORAGE_SERVER);
+
+	offset = 8;
+	/* add the referral elements */
+	for(i=0;i<junction->referral_count;i++) {
+		struct referral* ref = &(junction->referral_list[i]);
+		int unilen;
+
+		SSVAL(pdata,offset,2); /* version 2 */
+		SSVAL(pdata,offset+2,VERSION2_REFERRAL_SIZE);
+		if(self_referral)
+			SSVAL(pdata,offset+4,1);
+		else
+			SSVAL(pdata,offset+4,0);
+		SSVAL(pdata,offset+6,0); /* ref_flags :use path_consumed bytes? */
+		SIVAL(pdata,offset+8,ref->proximity);
+		SIVAL(pdata,offset+12,ref->ttl);
+
+		SSVAL(pdata,offset+16,uni_reqpathoffset1-offset);
+		SSVAL(pdata,offset+18,uni_reqpathoffset2-offset);
+		/* copy referred path into current offset */
+                unilen = rpcstr_push(pdata+uni_curroffset, ref->alternate_path,
+                                     -1, STR_UNICODE);
+		SSVAL(pdata,offset+20,uni_curroffset-offset);
+
+		uni_curroffset += unilen;
+		offset += VERSION2_REFERRAL_SIZE;
+	}
+	/* add in the unexplained 22 (0x16) bytes at the end */
+	memset(pdata+uni_curroffset,'\0',0x16);
+	SAFE_FREE(junction->referral_list);
+	return reply_size;
+}
+
+static int setup_ver3_dfs_referral(char* pathname, char** ppdata, 
+				   struct junction_map* junction,
+				   BOOL self_referral)
+{
+	char* pdata = *ppdata;
+
+	unsigned char uni_reqpath[1024];
+	int uni_reqpathoffset1, uni_reqpathoffset2;
+	int uni_curroffset;
+	int reply_size = 0;
+
+	int reqpathlen = 0;
+	int offset,i=0;
+	
+	DEBUG(10,("setting up version3 referral\n"));
+
+        reqpathlen = rpcstr_push(uni_reqpath, pathname, -1, STR_TERMINATE);
+
+	dump_data(10,(const char *)uni_reqpath,reqpathlen);
+
+	uni_reqpathoffset1 = REFERRAL_HEADER_SIZE + VERSION3_REFERRAL_SIZE * junction->referral_count;
+	uni_reqpathoffset2 = uni_reqpathoffset1 + reqpathlen;
+	reply_size = uni_curroffset = uni_reqpathoffset2 + reqpathlen;
+
+	for(i=0;i<junction->referral_count;i++) {
+		DEBUG(10,("referral %u : %s\n",i,junction->referral_list[i].alternate_path));
+		reply_size += (strlen(junction->referral_list[i].alternate_path)+1)*2;
+	}
+
+	pdata = Realloc(pdata,reply_size);
+	if(pdata == NULL) {
+		DEBUG(0,("version3 referral setup: malloc failed for Realloc!\n"));
+		return -1;
+	}
+	else *ppdata = pdata;
+	
+	/* create the header */
+	SSVAL(pdata,0,reqpathlen-2); /* path consumed */
+	SSVAL(pdata,2,junction->referral_count); /* number of referral in this pkt */
+	if(self_referral)
+		SIVAL(pdata,4,DFSREF_REFERRAL_SERVER | DFSREF_STORAGE_SERVER); 
+	else
+		SIVAL(pdata,4,DFSREF_STORAGE_SERVER);
+	
+	/* copy in the reqpaths */
+	memcpy(pdata+uni_reqpathoffset1,uni_reqpath,reqpathlen);
+	memcpy(pdata+uni_reqpathoffset2,uni_reqpath,reqpathlen);
+	
+	offset = 8;
+	for(i=0;i<junction->referral_count;i++) {
+		struct referral* ref = &(junction->referral_list[i]);
+		int unilen;
+
+		SSVAL(pdata,offset,3); /* version 3 */
+		SSVAL(pdata,offset+2,VERSION3_REFERRAL_SIZE);
+		if(self_referral)
+			SSVAL(pdata,offset+4,1);
+		else
+			SSVAL(pdata,offset+4,0);
+
+		SSVAL(pdata,offset+6,0); /* ref_flags :use path_consumed bytes? */
+		SIVAL(pdata,offset+8,ref->ttl);
+	    
+		SSVAL(pdata,offset+12,uni_reqpathoffset1-offset);
+		SSVAL(pdata,offset+14,uni_reqpathoffset2-offset);
+		/* copy referred path into current offset */
+
+                unilen = rpcstr_push(pdata+uni_curroffset, ref->alternate_path,
+                                     -1, STR_UNICODE|STR_TERMINATE);
+		SSVAL(pdata,offset+16,uni_curroffset-offset);
+		/* copy 0x10 bytes of 00's in the ServiceSite GUID */
+		memset(pdata+offset+18,'\0',16);
+
+		uni_curroffset += unilen;
+		offset += VERSION3_REFERRAL_SIZE;
+	}
+	SAFE_FREE(junction->referral_list);
+	return reply_size;
+}
+
+/******************************************************************
+ * Set up the Dfs referral for the dfs pathname
+ ******************************************************************/
+
+int setup_dfs_referral(char* pathname, int max_referral_level, char** ppdata)
+{
+	struct junction_map junction;
+
+	BOOL self_referral;
+
+	int reply_size = 0;
+
+	ZERO_STRUCT(junction);
+
+	if(!create_junction(pathname, &junction))
+		return -1;
+
+	/* get the junction entry */
+	if(!get_referred_path(&junction)) {
+    
+		/* refer the same pathname, create a standard referral struct */
+		struct referral* ref;
+		self_referral = True;
+		junction.referral_count = 1;
+		if((ref = (struct referral*) malloc(sizeof(struct referral))) == NULL) {
+			DEBUG(0,("malloc failed for referral\n"));
+			return -1;
+		}
+      
+		pstrcpy(ref->alternate_path,pathname);
+		ref->proximity = 0;
+		ref->ttl = REFERRAL_TTL;
+		junction.referral_list = ref;
+	} else {
+		self_referral = False;
+		if( DEBUGLVL( 3 ) ) {
+			int i=0;
+			dbgtext("setup_dfs_referral: Path %s to alternate path(s):",pathname);
+			for(i=0;i<junction.referral_count;i++)
+				dbgtext(" %s",junction.referral_list[i].alternate_path);
+			dbgtext(".\n");
+		}
+	}
+      
+	/* create the referral depeding on version */
+	DEBUG(10,("max_referral_level :%d\n",max_referral_level));
+	if(max_referral_level<2 || max_referral_level>3)
+		max_referral_level = 2;
+
+	switch(max_referral_level) {
+	case 2:
+		{
+		reply_size = setup_ver2_dfs_referral(pathname, ppdata, &junction, self_referral);
+		break;
+		}
+	case 3:
+		{
+		reply_size = setup_ver3_dfs_referral(pathname, ppdata, &junction, self_referral);
+		break;
+		}
+	default:
+		{
+		DEBUG(0,("setup_dfs_referral: Invalid dfs referral version: %d\n", max_referral_level));
+		return -1;
+		}
+	}
+      
+	DEBUG(10,("DFS Referral pdata:\n"));
+	dump_data(10,*ppdata,reply_size);
+	return reply_size;
+}
+
+/**********************************************************************
+ The following functions are called by the NETDFS RPC pipe functions
+ **********************************************************************/
+
+BOOL create_msdfs_link(struct junction_map* jn, BOOL exists)
+{
+	pstring path;
+	pstring msdfs_link;
+	connection_struct conns;
+ 	connection_struct *conn = &conns;
+	int i=0;
+
+	if(!form_path_from_junction(jn, path, sizeof(path), conn))
+		return False;
+  
+	/* form the msdfs_link contents */
+	pstrcpy(msdfs_link, "msdfs:");
+	for(i=0; i<jn->referral_count; i++) {
+		char* refpath = jn->referral_list[i].alternate_path;
+      
+		trim_string(refpath, "\\", "\\");
+		if(*refpath == '\0')
+			continue;
+      
+		if(i>0)
+			pstrcat(msdfs_link, ",");
+      
+		pstrcat(msdfs_link, refpath);
+	}
+
+	DEBUG(5,("create_msdfs_link: Creating new msdfs link: %s -> %s\n", path, msdfs_link));
+
+	if(exists)
+		if(conn->vfs_ops.unlink(conn,path)!=0)
+			return False;
+
+	if(conn->vfs_ops.symlink(conn, msdfs_link, path) < 0) {
+		DEBUG(1,("create_msdfs_link: symlink failed %s -> %s\nError: %s\n", 
+				path, msdfs_link, strerror(errno)));
+		return False;
+	}
+	return True;
+}
+
+BOOL remove_msdfs_link(struct junction_map* jn)
+{
+	pstring path;
+	connection_struct conns;
+ 	connection_struct *conn = &conns;
+
+	if(!form_path_from_junction(jn, path, sizeof(path), conn))
+		return False;
+     
+	if(conn->vfs_ops.unlink(conn, path)!=0)
+		return False;
+  
+	return True;
+}
+
+static BOOL form_junctions(int snum, struct junction_map* jn, int* jn_count)
+{
+	int cnt = *jn_count;
+	DIR *dirp;
+	char* dname;
+	pstring connect_path;
+	char* service_name = lp_servicename(snum);
+	connection_struct conns;
+	connection_struct *conn = &conns;
+ 
+	pstrcpy(connect_path,lp_pathname(snum));
+
+	if(*connect_path == '\0')
+		return False;
+
+	/*
+	 * Fake up a connection struct for the VFS layer.
+	 */
+
+	if (!create_conn_struct(conn, snum, connect_path))
+		return False;
+
+	/* form a junction for the msdfs root - convention */ 
+	/*
+		pstrpcy(jn[cnt].service_name, service_name);
+		jn[cnt].volume_name[0] = '\0';
+		jn[cnt].referral_count = 1;
+  
+		slprintf(alt_path,sizeof(alt_path)-1"\\\\%s\\%s", global_myname, service_name);
+		jn[cnt].referral_l
+	*/
+
+	dirp = conn->vfs_ops.opendir(conn, connect_path);
+	if(!dirp)
+		return False;
+
+	while((dname = vfs_readdirname(conn, dirp)) != NULL) {
+		SMB_STRUCT_STAT st;
+		pstring pathreal;
+		fstring buf;
+		int buflen = 0;
+		pstrcpy(pathreal, connect_path);
+		pstrcat(pathreal, "/");
+		pstrcat(pathreal, dname);
+ 
+		if(conn->vfs_ops.lstat(conn,pathreal,&st) != 0) {
+			DEBUG(4,("lstat error for %s: %s\n",pathreal, strerror(errno)));
+			continue;
+		}
+		if(S_ISLNK(st.st_mode)) {
+			buflen = conn->vfs_ops.readlink(conn, pathreal, buf, sizeof(fstring));
+			buf[buflen] = '\0';
+			if(parse_symlink(buf, &(jn[cnt].referral_list), &(jn[cnt].referral_count))) {
+				pstrcpy(jn[cnt].service_name, service_name);
+				pstrcpy(jn[cnt].volume_name, dname);
+				cnt++;
+			}
+		}
+	}
+  
+	conn->vfs_ops.closedir(conn,dirp);
+	*jn_count = cnt;
+	return True;
+}
+
+int enum_msdfs_links(struct junction_map* jn)
+{
+	int i=0;
+	int jn_count = 0;
+
+	if(!lp_host_msdfs())
+		return -1;
+
+	for(i=0;*lp_servicename(i);i++) {
+		if(lp_msdfs_root(i)) 
+			form_junctions(i,jn,&jn_count);
+	}
+	return jn_count;
+}
diff --git a/source3/nameserv.c b/source3/nameserv.c
deleted file mode 100644
index 802b98ec0a..0000000000
--- a/source3/nameserv.c
+++ /dev/null
@@ -1,2318 +0,0 @@
-/* 
-   Unix SMB/Netbios implementation.
-   Version 1.9.
-   NBT netbios routines and daemon - version 2
-   Copyright (C) Andrew Tridgell 1994-1995
-   
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2 of the License, or
-   (at your option) any later version.
-   
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-   
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-   
-*/
-
-#include "includes.h"
-#include "loadparm.h"
-#include "nameserv.h"
-
-
-static void queue_packet(struct packet_struct *packet);
-void process(void);
-static void dump_names(void);
-static void announce_request(char *group);
-void sync_browse_lists(char *name,int name_type,char *myname,
-		       char *domain,struct in_addr ip);
-
-extern int DEBUGLEVEL;
-
-extern pstring debugf;
-pstring servicesf = CONFIGFILE;
-
-extern pstring scope;
-
-extern BOOL CanRecurse;
-
-extern struct in_addr myip;
-extern struct in_addr bcast_ip;
-extern struct in_addr Netmask;
-extern pstring myhostname;
-static pstring host_file;
-static pstring myname="";
-
-static int ClientNMB= -1;
-static int ClientDGRAM= -1;
-
-static BOOL needannounce=True;
-
-/* this is our name database */
-static struct name_record *namelist = NULL;
-
-/* list of servers to be returned by NetServerEnum */
-static struct server_record *serverlist = NULL;
-
-/* this is the domain list. For the moment we will assume that our
-   primary domain is the first one listed in this list */
-static struct domain_record *domainlist = NULL;
-
-/* are we running as a daemon ? */
-static BOOL is_daemon = False;
-
-/* machine comment for host announcements */
-static pstring ServerComment="";
-
-static BOOL got_bcast = False;
-static BOOL got_myip = False;
-static BOOL got_nmask = False;
-
-static BOOL updatedlists = False;
-static int  updatecount=0;
-
-/* what server type are we currently */
-static int ServerType = 
-SV_TYPE_WORKSTATION | SV_TYPE_SERVER | SV_TYPE_TIME_SOURCE |
-SV_TYPE_SERVER_UNIX |
-SV_TYPE_PRINTQ_SERVER | SV_TYPE_POTENTIAL_BROWSER;
-
-/* here are my election parameters */
-
-/* NTAS uses 2, NT uses 1, WfWg uses 0 */
-#define MAINTAIN_LIST 1
-#define ELECTION_VERSION 1
-
-static BOOL RunningElection = False;
-static BOOL needelection = False;
-static int ElectionCount = 0;
-static int StartupTime =0;
-
-
-/* WfWg uses 01040b01 */
-/* Win95 uses 01041501 */
-/* NTAS uses ?? */
-static uint32 ElectionCriterion = (MAINTAIN_LIST<<1)|(ELECTION_VERSION<<8);
-
-/* we currently support being the master for just one group. Being the
-   master for more than one group might be tricky as NetServerEnum is
-   often asked for a list without naming the group */
-static fstring PrimaryGroup="";
-
-#define AM_MASTER (PrimaryGroup[0] && (ServerType & SV_TYPE_MASTER_BROWSER))
-
-#define MSBROWSE "\001\002__MSBROWSE__\002"
-
-#define GET_TTL(ttl) ((ttl)?MIN(ttl,lp_max_ttl()):lp_max_ttl())
-
-#define BROWSE_MAILSLOT "\\MAILSLOT\\BROWSE"
-
-/****************************************************************************
-catch a sighup
-****************************************************************************/
-static int sig_hup()
-{
-  BlockSignals(True);
-
-  DEBUG(0,("Got SIGHUP (reload not implemented)\n"));
-  dump_names();
-  reload_services(True);
-
-  BlockSignals(False);
-#ifndef DONT_REINSTALL_SIG
-  signal(SIGHUP,SIGNAL_CAST sig_hup);
-#endif
-  return(0);
-}
-
-/****************************************************************************
-catch a sigpipe
-****************************************************************************/
-static int sig_pipe()
-{
-  BlockSignals(True);
-
-  DEBUG(0,("Got SIGPIPE\n"));
-  if (!is_daemon)
-    exit(1);
-  BlockSignals(False);
-  return(0);
-}
-
-#if DUMP_CORE
-/*******************************************************************
-prepare to dump a core file - carefully!
-********************************************************************/
-static BOOL dump_core(void)
-{
-  char *p;
-  pstring dname;
-  strcpy(dname,debugf);
-  if ((p=strrchr(dname,'/'))) *p=0;
-  strcat(dname,"/corefiles");
-  mkdir(dname,0700);
-  sys_chown(dname,getuid(),getgid());
-  chmod(dname,0700);
-  if (chdir(dname)) return(False);
-  umask(~(0700));
-
-#ifndef NO_GETRLIMIT
-#ifdef RLIMIT_CORE
-  {
-    struct rlimit rlp;
-    getrlimit(RLIMIT_CORE, &rlp);
-    rlp.rlim_cur = MAX(4*1024*1024,rlp.rlim_cur);
-    setrlimit(RLIMIT_CORE, &rlp);
-    getrlimit(RLIMIT_CORE, &rlp);
-    DEBUG(3,("Core limits now %d %d\n",rlp.rlim_cur,rlp.rlim_max));
-  }
-#endif
-#endif
-
-
-  DEBUG(0,("Dumping core in %s\n",dname));
-  return(True);
-}
-#endif
-
-
-/****************************************************************************
-possibly continue after a fault
-****************************************************************************/
-static void fault_continue(void)
-{
-  static int errcount=1;
-
-  errcount--;
-
-  if (is_daemon && errcount)
-    process();
-
-#if DUMP_CORE
-    if (dump_core()) return;
-#endif
-
-  return;
-}
-
-
-/*******************************************************************
-  wrapper to get the DC
-  ******************************************************************/
-static char *domain_controller(void)
-{
-  char *dc = lp_domain_controller();
-  /* so many people mistake this for a bool that we need to handle it. sigh. */
-  if (!*dc || strequal(dc,"yes") || strequal(dc,"true"))
-    strcpy(dc,myname);
-  return(dc);
-}
-
-
-
-/****************************************************************************
-  true if two netbios names are equal
-****************************************************************************/
-static BOOL name_equal(struct nmb_name *n1,struct nmb_name *n2)
-{
-  if (n1->name_type != n2->name_type) return(False);
-
-  return(strequal(n1->name,n2->name) && strequal(n1->scope,n2->scope));
-}
-
-/****************************************************************************
-  add a netbios name into the namelist
-  **************************************************************************/
-static void add_name(struct name_record *n)
-{
-  struct name_record *n2;
-
-  if (!namelist) {
-    namelist = n;
-    n->prev = NULL;
-    n->next = NULL;
-    return;
-  }
-
-  for (n2 = namelist; n2->next; n2 = n2->next) ;
-
-  n2->next = n;
-  n->next = NULL;
-  n->prev = n2;
-}
-
-/****************************************************************************
-  add a domain into the list
-  **************************************************************************/
-static void add_domain(struct domain_record *d)
-{
-  struct domain_record *d2;
-
-  if (!domainlist) {
-    domainlist = d;
-    d->prev = NULL;
-    d->next = NULL;
-    return;
-  }
-
-  for (d2 = domainlist; d2->next; d2 = d2->next) ;
-
-  d2->next = d;
-  d->next = NULL;
-  d->prev = d2;
-}
-
-
-/****************************************************************************
-  add a server into the list
-  **************************************************************************/
-static void add_server(struct server_record *s)
-{
-  struct server_record *s2;
-
-  if (!serverlist) {
-    serverlist = s;
-    s->prev = NULL;
-    s->next = NULL;
-    return;
-  }
-
-  for (s2 = serverlist; s2->next; s2 = s2->next) ;
-
-  s2->next = s;
-  s->next = NULL;
-  s->prev = s2;
-}
-
-/****************************************************************************
-  remove a name from the namelist. The pointer must be an element just 
-  retrieved
-  **************************************************************************/
-static void remove_name(struct name_record *n)
-{
-  struct name_record *nlist = namelist;
-  while (nlist && nlist != n) nlist = nlist->next;
-  if (nlist) {
-    if (nlist->next) nlist->next->prev = nlist->prev;
-    if (nlist->prev) nlist->prev->next = nlist->next;
-    free(nlist);
-  }
-}
-
-/****************************************************************************
-  find a name in the namelist 
-  **************************************************************************/
-static struct name_record *find_name(struct nmb_name *n)
-{
-  struct name_record *ret;
-  for (ret = namelist; ret; ret = ret->next)
-    if (name_equal(&ret->name,n)) return(ret);
-
-  return(NULL);
-}
-
-/****************************************************************************
-  dump a copy of the name table
-  **************************************************************************/
-static void dump_names(void)
-{
-  time_t t = time(NULL);
-  struct name_record *n;
-  struct domain_record *d;
-
-  DEBUG(3,("Dump of local name table:\n"));
-
-  for (n = namelist; n; n = n->next) {
-    DEBUG(3,("%s %s TTL=%d Unique=%s\n",
-	     namestr(&n->name),
-	     inet_ntoa(n->ip),
-	     n->death_time?n->death_time-t:0,
-	     BOOLSTR(n->unique)));
-    }
-
-  DEBUG(3,("\nDump of domain list:\n"));
-  for (d = domainlist; d; d = d->next)
-    DEBUG(3,("%s %s\n",d->name,inet_ntoa(d->bcast_ip)));
-}
-
-
-/****************************************************************************
-  add a host entry to the name list
-  ****************************************************************************/
-static struct name_record *add_host_entry(char *name,int type,BOOL unique,int ttl,
-					  enum name_source source,
-					  struct in_addr ip)
-{
-  struct name_record *n;
-  struct name_record *n2=NULL;
-
-  n = (struct name_record *)malloc(sizeof(*n));
-  if (!n) return(NULL);
-
-  bzero((char *)n,sizeof(*n));
-
-  make_nmb_name(&n->name,name,type,scope);
-  if ((n2=find_name(&n->name))) {
-    free(n);
-    n = n2;
-  }
-
-  if (ttl) n->death_time = time(NULL)+ttl*3;
-  n->ip = ip;
-  n->unique = unique;
-  n->source = source;
-  
-  if (!n2) add_name(n);
-
-  DEBUG(3,("Added host entry %s at %s ttl=%d unique=%s\n",
-	   namestr(&n->name),inet_ntoa(ip),ttl,BOOLSTR(unique)));
-
-  return(n);
-}
-
-
-/****************************************************************************
-  add a domain entry
-  ****************************************************************************/
-static struct domain_record *add_domain_entry(char *name,struct in_addr ip)
-{
-  struct domain_record *d;
-
-  d = (struct domain_record *)malloc(sizeof(*d));
-
-  if (!d) return(NULL);
-
-  bzero((char *)d,sizeof(*d));
-
-  if (zero_ip(ip)) ip = bcast_ip;
-
-  StrnCpy(d->name,name,sizeof(d->name)-1);
-  d->bcast_ip = ip;
-
-  if (!PrimaryGroup[0] && ip_equal(bcast_ip,ip) && name[0] != '*') {
-    strcpy(PrimaryGroup,name);
-    strupper(PrimaryGroup);
-    DEBUG(3,("Setting primary group to %s (%s)\n",PrimaryGroup,inet_ntoa(ip)));
-  }
-
-  add_domain(d);
-
-  ip = *interpret_addr2("255.255.255.255");
-  if (name[0] != '*') add_host_entry(name,0x1e,False,0,SELF,ip);	  
-
-  DEBUG(3,("Added domain entry %s at %s\n",
-	   name,inet_ntoa(ip)));
-
-  return(d);
-}
-
-/****************************************************************************
-  add a server entry
-  ****************************************************************************/
-struct server_record *add_server_entry(char *name,int servertype,
-				       int ttl,char *comment,BOOL replace)
-{
-  BOOL newentry=False;
-  struct server_record *s;
-
-  for (s = serverlist; s; s = s->next)
-    if (strequal(name,s->name)) break;
-
-  if (s && !replace) {
-    DEBUG(4,("Not replacing %s\n",name));
-    return(s);
-  }
-
-  updatedlists=True;
-
-  if (!s) {
-    newentry = True;
-    s = (struct server_record *)malloc(sizeof(*s));
-
-    if (!s) return(NULL);
-
-    bzero((char *)s,sizeof(*s));
-  }
-
-  /* update the entry */
-  StrnCpy(s->name,name,sizeof(s->name)-1);
-  StrnCpy(s->comment,comment,sizeof(s->comment)-1);
-  s->servertype = servertype;
-  s->death_time = ttl?time(NULL)+ttl*3:0;
-  strupper(s->name);
-  if (s->servertype & SV_TYPE_DOMAIN_ENUM) strupper(s->comment);
-
-  if (!newentry) return(s);
-
-  add_server(s);
-
-  if (newentry) {
-    DEBUG(3,("Added server entry %s of type %x (%s)\n",
-	     name,servertype,comment));
-  } else {
-    DEBUG(3,("Updated server entry %s of type %x (%s)\n",
-	     name,servertype,comment));
-  }
-
-  return(s);
-}
-
-
-/****************************************************************************
-  add the magic samba names, useful for finding samba servers
-  **************************************************************************/
-static void add_my_names(void)
-{
-  struct in_addr ip;
-
-  ip = *interpret_addr2("0.0.0.0");
-
-  add_host_entry(myname,0x20,True,0,SELF,ip);
-  add_host_entry(myname,0x0,True,0,SELF,ip);
-  add_host_entry(myname,0x1f,True,0,SELF,ip); /* used for chat?? */
-  add_host_entry(myname,0x3,True,0,SELF,ip); /* used for winpopup */
-						
-  if (!domainlist)
-    add_domain_entry(lp_workgroup(),bcast_ip);
-  add_server_entry(myname,
-		   ServerType,
-		   0,ServerComment,True);
-
-  add_host_entry("__SAMBA__",0x20,True,0,SELF,ip);
-  add_host_entry("__SAMBA__",0x0,True,0,SELF,ip);
-
-  if (lp_preferred_master()) {
-    DEBUG(3,("Preferred master startup\n"));
-    needelection = True;
-    ElectionCriterion |= (1<<3);
-  }
-
-  ElectionCriterion |= (lp_os_level() << 24);
-}
-
-
-/*******************************************************************
-  write out browse.dat
-  ******************************************************************/
-static void write_browse_list(void)
-{
-  struct server_record *s;
-  pstring fname,fnamenew;
-  FILE *f;
-  
-  updatecount++;
-
-  strcpy(fname,lp_lockdir());
-  trim_string(fname,NULL,"/");
-  strcat(fname,"/");
-  strcat(fname,SERVER_LIST);
-  strcpy(fnamenew,fname);
-  strcat(fnamenew,".");
-  
-  f = fopen(fnamenew,"w");
-  
-  if (!f) {
-    DEBUG(4,("Can't open %s - %s\n",fnamenew,strerror(errno)));
-    return;
-  }
-  
-  for (s=serverlist; s ; s = s->next) {
-    /* don't list domains I don't have a master for */
-    if ((s->servertype & SV_TYPE_DOMAIN_ENUM) && !s->comment[0]) continue;
-	
-    fprintf(f,"\"%s\"\t%08x\t\"%s\"\n",s->name,s->servertype,s->comment);
-  }
-  
-  
-  fclose(f);
-  chmod(fnamenew,0644);
-  /* unlink(fname); */
-  rename(fnamenew,fname);   
-  DEBUG(3,("Wrote browse list %s\n",fname));
-}
-
-/*******************************************************************
-  expire old names in the namelist and serverlist
-  ******************************************************************/
-static void expire_names(void)
-{
-  static time_t lastrun=0;
-  time_t t = time(NULL);
-  struct name_record *n;
-  struct name_record *next;
-  struct server_record *s;
-  struct server_record *nexts;
-
-  if (!lastrun) lastrun = t;
-  if (t < lastrun + 5) return;
-  lastrun = t;
-
-  /* expire old names */
-  for (n = namelist; n; n = next) {
-    if (n->death_time && n->death_time < t) {
-      DEBUG(3,("Removing dead name %s\n",
-	       namestr(&n->name)));
-      next = n->next;
-      if (n->prev) n->prev->next = n->next;
-      if (n->next) n->next->prev = n->prev;
-      if (namelist == n) namelist = n->next; 
-      free(n);
-    } else {
-      next = n->next;
-    }
-  }
-
-  /* expire old entries in the serverlist */
-  for (s = serverlist; s; s = nexts) {
-    if (s->death_time && s->death_time < t) {
-      DEBUG(3,("Removing dead server %s\n",s->name));
-      updatedlists = True;
-      nexts = s->next;
-      if (s->prev) s->prev->next = s->next;
-      if (s->next) s->next->prev = s->prev;
-      if (serverlist == s) serverlist = s->next; 
-      free(s);
-    } else {
-      nexts = s->next;
-    }
-  }
-}
-
-
-/*******************************************************************
-  delete old names from the namelist
-  ******************************************************************/
-static void housekeeping(void)
-{
-  time_t t = time(NULL);
-
-  expire_names();
-
-  /* write out the browse.dat database for smbd to get */
-  if (updatedlists) {
-    write_browse_list();
-    updatedlists = False;
-  }
-
-  {
-    /* occasionally check to see if the master browser is around */
-    static time_t lastrun=0;
-    if (!lastrun) lastrun = t;
-    if (t < lastrun + 5*60) return;
-    lastrun = t;
-
-    if (!AM_MASTER && PrimaryGroup[0] &&
-	!name_query(ClientNMB,PrimaryGroup,0x1d,True,False,
-		    bcast_ip,NULL,queue_packet)) {
-      DEBUG(2,("Forcing election on %s\n",PrimaryGroup));
-      needelection = True;
-    }
-  }
-}
-
-
-/****************************************************************************
-  reload the services file
-  **************************************************************************/
-BOOL reload_services(BOOL test)
-{
-  BOOL ret;
-  extern fstring remote_machine;
-
-  strcpy(remote_machine,"nmbd");
-
-  if (lp_loaded())
-    {
-      pstring fname;
-      strcpy(fname,lp_configfile());
-      if (file_exist(fname,NULL) && !strcsequal(fname,servicesf))
-	{
-	  strcpy(servicesf,fname);
-	  test = False;
-	}
-    }
-
-  if (test && !lp_file_list_changed())
-    return(True);
-
-  ret = lp_load(servicesf,True);
-
-  /* perhaps the config filename is now set */
-  if (!test)
-    reload_services(True);
-
-  return(ret);
-}
-
-
-
-/****************************************************************************
-load a netbios hosts file
-****************************************************************************/
-static void load_hosts_file(char *fname)
-{
-  FILE *f = fopen(fname,"r");
-  pstring line;
-  if (!f) {
-    DEBUG(2,("Can't open lmhosts file %s\n",fname));
-    return;
-  }
-
-  while (!feof(f))
-    {
-      if (!fgets_slash(line,sizeof(pstring),f)) continue;
-      
-      if (*line == '#') continue;
-
-      {
-	BOOL group=False;
-	string ip,name,flags,extra;
-	char *ptr;
-	int count = 0;
-	struct in_addr ipaddr;
-	enum name_source source = LMHOSTS;
-
-	*ip = *name = *flags = *extra = 0;
-
-	ptr = line;
-
-	if (next_token(&ptr,ip,NULL)) ++count;
-	if (next_token(&ptr,name,NULL)) ++count;
-	if (next_token(&ptr,flags,NULL)) ++count;
-	if (next_token(&ptr,extra,NULL)) ++count;
-
-	if (count <= 0) continue;
-
-	if (count > 0 && count < 2)
-	  {
-	    DEBUG(0,("Ill formed hosts line [%s]\n",line));	    
-	    continue;
-	  }
-
-	if (strchr(flags,'G') || strchr(flags,'S'))
-	  group = True;
-
-	if (strchr(flags,'M') && !group) {
-	  source = SELF;
-	  strcpy(myname,name);
-	}
-
-	ipaddr = *interpret_addr2(ip);
-
-	if (group) {
-	  add_domain_entry(name,ipaddr);
-	} else {
-	  add_host_entry(name,0x20,True,0,source,ipaddr);
-	}
-      }
-    }
-
-  fclose(f);
-}
-
-/*******************************************************************
-  check if 2 IPs are on the same net
-  we will assume the local netmask, although this could be wrong XXXX
-  ******************************************************************/
-static BOOL same_net(struct in_addr ip1,struct in_addr ip2)
-{
-  unsigned long net1,net2,nmask;
-
-  nmask = ntohl(Netmask.s_addr);
-  net1 = ntohl(ip1.s_addr);
-  net2 = ntohl(ip2.s_addr);
-	    
-  return((net1 & nmask) == (net2 & nmask));
-}
-
-/****************************************************************************
-  send an election packet
-  **************************************************************************/
-static void send_election(char *group,uint32 criterion,int timeup,char *name)
-{
-  pstring outbuf;
-  char *p;
-
-  DEBUG(2,("Sending election to %s for workgroup %s\n",
-	   inet_ntoa(bcast_ip),group));	   
-
-  bzero(outbuf,sizeof(outbuf));
-  p = outbuf;
-  CVAL(p,0) = 8; /* election */
-  p++;
-
-  CVAL(p,0) = ELECTION_VERSION;
-  SIVAL(p,1,criterion);
-  SIVAL(p,5,timeup*1000); /* ms - despite the spec */
-  p += 13;
-  strcpy(p,name);
-  strupper(p);
-  p = skip_string(p,1);
-
-  send_mailslot_reply(BROWSE_MAILSLOT,ClientDGRAM,outbuf,PTR_DIFF(p,outbuf),
-		      name,group,0,0x1e,bcast_ip,myip);
-}
-
-
-/****************************************************************************
-  send a backup list response
-  **************************************************************************/
-static void send_backup_list(char *name,int token,struct nmb_name *to,
-			     struct in_addr ip)
-{
-  pstring outbuf;
-  char *p;
-
-  DEBUG(2,("Sending backup list to %s for workgroup %s\n",
-	   inet_ntoa(ip),PrimaryGroup));	   
-
-  bzero(outbuf,sizeof(outbuf));
-  p = outbuf;
-  CVAL(p,0) = 10; /* backup list response */
-  p++;
-
-  CVAL(p,0) = 1; /* count */
-  SIVAL(p,1,token);
-  p += 5; 
-  strcpy(p,name);
-  strupper(p);
-  p = skip_string(p,1) + 1;
-
-  send_mailslot_reply(BROWSE_MAILSLOT,ClientDGRAM,outbuf,PTR_DIFF(p,outbuf),
-		      myname,to->name,0,to->name_type,ip,myip);
-}
-
-
-/*******************************************************************
-  become the master browser
-  ******************************************************************/
-static void become_master(void)
-{
-  uint32 domain_type = SV_TYPE_DOMAIN_ENUM | SV_TYPE_SERVER_UNIX;
-  DEBUG(2,("Becoming master for %s\n",PrimaryGroup));
-
-  ServerType |= SV_TYPE_MASTER_BROWSER;
-  ServerType |= SV_TYPE_BACKUP_BROWSER;
-  ElectionCriterion |= 0x5;
-
-  add_host_entry(PrimaryGroup,0x1d,True,0,SELF,myip);
-  add_host_entry(PrimaryGroup,0x0,False,0,SELF,myip);
-  add_host_entry(MSBROWSE,1,False,0,SELF,myip);
-
-  if (lp_domain_master()) {
-    add_host_entry(myname,0x1b,True,0,SELF,myip);
-    add_host_entry(PrimaryGroup,0x1b,True,0,SELF,myip);
-    add_host_entry(PrimaryGroup,0x1c,False,0,SELF,myip);
-    ServerType |= SV_TYPE_DOMAIN_MASTER;
-    if (lp_domain_logons()) {
-      ServerType |= SV_TYPE_DOMAIN_CTRL;
-      ServerType |= SV_TYPE_DOMAIN_MEMBER;
-      domain_type |= SV_TYPE_DOMAIN_CTRL;
-    }
-  }
-
-  add_server_entry(PrimaryGroup,domain_type,0,myname,True);
-  add_server_entry(myname,ServerType,0,ServerComment,True);
-
-  announce_request(PrimaryGroup);
-
-  needannounce = True;
-}
-
-
-/*******************************************************************
-  unbecome the master browser
-  ******************************************************************/
-static void become_nonmaster(void)
-{
-  struct name_record *n;
-  struct nmb_name nn;
-
-  DEBUG(2,("Becoming non-master for %s\n",PrimaryGroup));
-
-  ServerType &= ~SV_TYPE_MASTER_BROWSER;
-  ServerType &= ~SV_TYPE_DOMAIN_CTRL;
-  ServerType &= ~SV_TYPE_DOMAIN_MASTER;
-
-  ElectionCriterion &= ~0x4;
-
-  make_nmb_name(&nn,PrimaryGroup,0x1d,scope);
-  n = find_name(&nn);
-  if (n && n->source == SELF) remove_name(n);
-
-  make_nmb_name(&nn,PrimaryGroup,0x1b,scope);
-  n = find_name(&nn);
-  if (n && n->source == SELF) remove_name(n);
-
-  make_nmb_name(&nn,MSBROWSE,1,scope);
-  n = find_name(&nn);
-  if (n && n->source == SELF) remove_name(n);
-}
-
-
-/*******************************************************************
-  run the election
-  ******************************************************************/
-static void run_election(void)
-{
-  time_t t = time(NULL);
-  static time_t lastime = 0;
-
-  if (!PrimaryGroup[0] || !RunningElection) return;
-
-  /* send election packets once a second */
-  if (lastime &&
-      t-lastime <= 0) return;
-
-  lastime = t;
-
-  send_election(PrimaryGroup,ElectionCriterion,t-StartupTime,myname);
-
-  if (ElectionCount++ < 4) return;
-   
-  /* I won! now what :-) */
-  RunningElection = False;
-  DEBUG(2,(">>> Won election on %s <<<\n",PrimaryGroup));
-  become_master();
-}
-
-
-/****************************************************************************
-  construct a host announcement unicast
-  **************************************************************************/
-static void announce_host(struct domain_record *d,char *my_name,char *comment)
-{
-  time_t t = time(NULL);
-  pstring outbuf;
-  char *p;
-  char *namep;
-  char *stypep;
-  char *commentp;
-  uint32 stype = ServerType;
-
-  if (needannounce) {
-    /* drop back to a max 3 minute announce - this is to prevent a
-       single lost packet from stuffing things up for too long */
-    d->announce_interval = MIN(d->announce_interval,3*60);
-    d->lastannounce_time = t - (d->announce_interval+1);
-  }
-
-  /* announce every minute at first then progress to every 12 mins */
-  if (d->lastannounce_time && 
-      (t - d->lastannounce_time) < d->announce_interval)
-    return;
-
-  if (d->announce_interval < 12*60) d->announce_interval += 60;
-  d->lastannounce_time = t;
-
-  DEBUG(2,("Sending announcement to %s for workgroup %s\n",
-	   inet_ntoa(d->bcast_ip),d->name));
-
-  if (!strequal(PrimaryGroup,d->name) ||
-      !ip_equal(bcast_ip,d->bcast_ip)) {
-    stype &= ~(SV_TYPE_POTENTIAL_BROWSER | SV_TYPE_MASTER_BROWSER |
-	       SV_TYPE_DOMAIN_MASTER | SV_TYPE_BACKUP_BROWSER |
-	       SV_TYPE_DOMAIN_CTRL | SV_TYPE_DOMAIN_MEMBER);
-  }
-
-  if (!*comment) comment = "NoComment";
-  if (!*my_name) my_name = "NoName";
-
-  if (strlen(comment) > 43) comment[43] = 0;  
-
-  bzero(outbuf,sizeof(outbuf));
-  CVAL(outbuf,0) = 1; /* host announce */
-  p = outbuf+1;
-
-  CVAL(p,0) = updatecount;
-  SIVAL(p,1,d->announce_interval*1000); /* ms - despite the spec */
-  namep = p+5;
-  StrnCpy(p+5,my_name,16);
-  strupper(p+5);
-  CVAL(p,21) = 2; /* major version */
-  CVAL(p,22) = 2; /* minor version */
-  stypep = p+23;
-  SIVAL(p,23,stype);
-  SSVAL(p,27,0xaa55); /* browse signature */
-  SSVAL(p,29,1); /* browse version */
-  commentp = p+31;
-  strcpy(p+31,comment);
-  p += 31;
-  p = skip_string(p,1);
-
-  send_mailslot_reply(BROWSE_MAILSLOT,ClientDGRAM,outbuf,PTR_DIFF(p,outbuf),
-		      my_name,d->name,0,0x1d,d->bcast_ip,myip);
-
-  /* if I'm the master then I also need to do a local master and
-     domain announcement */
-
-  if (AM_MASTER &&
-      strequal(d->name,PrimaryGroup) &&
-      ip_equal(bcast_ip,d->bcast_ip)) {
-
-    /* do master announcements as well */
-    SIVAL(stypep,0,ServerType);
-
-    CVAL(outbuf,0) = 15; /* local master announce */
-    send_mailslot_reply(BROWSE_MAILSLOT,ClientDGRAM,outbuf,PTR_DIFF(p,outbuf),
-			my_name,PrimaryGroup,0,0x1e,d->bcast_ip,myip);
-
-    CVAL(outbuf,0) = 12; /* domain announce */
-    StrnCpy(namep,PrimaryGroup,15);
-    strupper(namep);
-    StrnCpy(commentp,myname,15);
-    strupper(commentp);
-    SIVAL(stypep,0,(unsigned)0x80000000);
-    p = commentp + strlen(commentp) + 1;
-
-    send_mailslot_reply(BROWSE_MAILSLOT,ClientDGRAM,outbuf,PTR_DIFF(p,outbuf),
-			my_name,MSBROWSE,0,1,d->bcast_ip,myip);
-  }
-}
-
-
-/****************************************************************************
-  send a announce request to the local net
-  **************************************************************************/
-static void announce_request(char *group)
-{
-  pstring outbuf;
-  char *p;
-
-  DEBUG(2,("Sending announce request to %s for workgroup %s\n",
-	   inet_ntoa(bcast_ip),group));
-
-  bzero(outbuf,sizeof(outbuf));
-  p = outbuf;
-  CVAL(p,0) = 2; /* announce request */
-  p++;
-
-  CVAL(p,0) = 0; /* flags?? */
-  p++;
-  StrnCpy(p,myname,16);
-  strupper(p);
-  p = skip_string(p,1);
-
-  send_mailslot_reply(BROWSE_MAILSLOT,ClientDGRAM,outbuf,PTR_DIFF(p,outbuf),
-		      myname,group,0,0,bcast_ip,myip);
-}
-
-/****************************************************************************
-  announce myself as a master to the PDC
-  **************************************************************************/
-static void announce_master(char *group)
-{
-  static time_t last=0;
-  time_t t = time(NULL);
-  pstring outbuf;
-  char *p;
-  struct in_addr ip,pdc_ip;
-  fstring pdcname;
-  *pdcname = 0;
-
-  if (strequal(domain_controller(),myname)) return;
-
-  if (!AM_MASTER || (last && (t-last < 10*60))) return;
-  last = t;
-
-  ip = *interpret_addr2(domain_controller());
-
-  if (zero_ip(ip)) ip = bcast_ip;
-
-  if (!name_query(ClientNMB,PrimaryGroup,
-		  0x1b,False,False,ip,&pdc_ip,queue_packet)) {
-    DEBUG(2,("Failed to find PDC at %s\n",domain_controller()));
-    return;
-  }
-
-  name_status(ClientNMB,PrimaryGroup,0x1b,False,
-	      pdc_ip,NULL,pdcname,queue_packet);
-
-  if (!pdcname[0]) {
-    DEBUG(3,("Can't find netbios name of PDC at %s\n",inet_ntoa(pdc_ip)));
-  } else {
-    sync_browse_lists(pdcname,0x20,myname,PrimaryGroup,pdc_ip);
-  }
-
-
-  DEBUG(2,("Sending master announce to %s for workgroup %s\n",
-	   inet_ntoa(pdc_ip),group));
-
-  bzero(outbuf,sizeof(outbuf));
-  p = outbuf;
-  CVAL(p,0) = 13; /* announce request */
-  p++;
-
-  StrnCpy(p,myname,16);
-  strupper(p);
-  p = skip_string(p,1);
-
-  send_mailslot_reply(BROWSE_MAILSLOT,ClientDGRAM,outbuf,PTR_DIFF(p,outbuf),
-		      myname,PrimaryGroup,0x1b,0,pdc_ip,myip);
-}
-
-
-/*******************************************************************
-  am I listening on a name. Should check name_type as well 
-
-  This is primarily used to prevent us gathering server lists from
-  other workgroups we aren't a part of
-  ******************************************************************/
-static BOOL listening(struct nmb_name *n)
-{
-  if (!strequal(n->scope,scope)) return(False);
-
-  if (strequal(n->name,myname) ||
-      strequal(n->name,PrimaryGroup) ||
-      strequal(n->name,MSBROWSE))
-    return(True);
-
-  return(False);
-}
-
-
-/*******************************************************************
-  process a domain announcement frame
-
-  Announce frames come in 3 types. Servers send host announcements
-  (command=1) to let the master browswer know they are
-  available. Master browsers send local master announcements
-  (command=15) to let other masters and backups that they are the
-  master. They also send domain announcements (command=12) to register
-  the domain
-
-  The comment field of domain announcements contains the master
-  browser name. The servertype is used by NetServerEnum to select
-  resources. We just have to pass it to smbd (via browser.dat) and let
-  the client choose using bit masks.
-  ******************************************************************/
-static void process_announce(struct packet_struct *p,int command,char *buf)
-{
-  struct dgram_packet *dgram = &p->packet.dgram;
-  int update_count = CVAL(buf,0);
-  int ttl = IVAL(buf,1)/1000;
-  char *name = buf+5;
-  int osmajor=CVAL(buf,21);
-  int osminor=CVAL(buf,22);
-  uint32 servertype = IVAL(buf,23);
-  char *comment = buf+31;
-
-  name[15] = 0;  
-  comment[43] = 0;
-  
-  DEBUG(3,("Announce(%d) %s count=%d ttl=%d OS=(%d,%d) type=%08x comment=%s\n",
-	   command,name,update_count,ttl,osmajor,osminor,
-	   servertype,comment));
-
-  if (strequal(dgram->source_name.name,myname)) return;
-
-  if (!listening(&dgram->dest_name)) return;
-
-  ttl = GET_TTL(ttl);
-
-  /* add them to our browse list */
-  add_server_entry(name,servertype,ttl,comment,True);
-
-}
-
-/*******************************************************************
-  process a master announcement frame
-  ******************************************************************/
-static void process_master_announce(struct packet_struct *p,char *buf)
-{
-  struct dgram_packet *dgram = &p->packet.dgram;
-  char *name = buf;
-
-  name[15] = 0;
-  
-  DEBUG(3,("Master Announce from %s (%s)\n",name,inet_ntoa(p->ip)));
-
-  if (strequal(dgram->source_name.name,myname)) return;
-
-  if (!AM_MASTER || !listening(&dgram->dest_name)) return;
-
-  /* merge browse lists with them */
-  if (lp_domain_master())
-    sync_browse_lists(name,0x20,myname,PrimaryGroup,p->ip);
-}
-
-
-/*******************************************************************
-  process a backup list request
-
-  A client send a backup list request to ask for a list of servers on
-  the net that maintain server lists for a domain. A server is then
-  chosen from this list to send NetServerEnum commands to to list
-  available servers.
-
-  Currently samba only sends back one name in the backup list, its
-  wn. For larger nets we'll have to add backups and send "become
-  backup" requests occasionally.
-  ******************************************************************/
-static void process_backup_list(struct packet_struct *p,char *buf)
-{
-  struct dgram_packet *dgram = &p->packet.dgram;
-  int count = CVAL(buf,0);
-  int token = IVAL(buf,1);
-  
-  DEBUG(3,("Backup request to %s token=%d\n",
-	   namestr(&dgram->dest_name),
-	   token));
-
-  if (strequal(dgram->source_name.name,myname)) return;
-
-  if (count <= 0) return;
-
-  if (!AM_MASTER || 
-      !strequal(PrimaryGroup,dgram->dest_name.name))
-    return;
-
-  if (!listening(&dgram->dest_name)) return;
-
-  send_backup_list(myname,token,
-		   &dgram->source_name,
-		   p->ip);
-}
-
-
-/*******************************************************************
-  work out if I win an election
-  ******************************************************************/
-static BOOL win_election(int version,uint32 criterion,int timeup,char *name)
-{  
-  time_t t = time(NULL);
-  uint32 mycriterion;
-  if (version > ELECTION_VERSION) return(False);
-  if (version < ELECTION_VERSION) return(True);
-  
-  mycriterion = ElectionCriterion;
-
-  if (criterion > mycriterion) return(False);
-  if (criterion < mycriterion) return(True);
-
-  if (timeup > (t - StartupTime)) return(False);
-  if (timeup < (t - StartupTime)) return(True);
-
-  if (strcasecmp(myname,name) > 0) return(False);
-  
-  return(True);
-}
-
-
-/*******************************************************************
-  process a election packet
-
-  An election dynamically decides who will be the master. 
-  ******************************************************************/
-static void process_election(struct packet_struct *p,char *buf)
-{
-  struct dgram_packet *dgram = &p->packet.dgram;
-  int version = CVAL(buf,0);
-  uint32 criterion = IVAL(buf,1);
-  int timeup = IVAL(buf,5)/1000;
-  char *name = buf+13;
-
-  name[15] = 0;  
-  
-  DEBUG(3,("Election request from %s vers=%d criterion=%08x timeup=%d\n",
-	   name,version,criterion,timeup));
-
-  if (strequal(dgram->source_name.name,myname)) return;
-
-  if (!listening(&dgram->dest_name)) return;
-
-  if (win_election(version,criterion,timeup,name)) {
-    if (!RunningElection) {
-      needelection = True;
-      ElectionCount=0;
-    }
-  } else {
-    needelection = False;
-    if (RunningElection) {
-      RunningElection = False;
-      DEBUG(3,(">>> Lost election on %s <<<\n",PrimaryGroup));
-
-      /* if we are the master then remove our masterly names */
-      if (AM_MASTER)
-	become_nonmaster();
-    }
-  }
-}
-
-
-/*******************************************************************
-  process a announcement request
-
-  clients send these when they want everyone to send an announcement
-  immediately. This can cause quite a storm of packets!
-  ******************************************************************/
-static void process_announce_request(struct packet_struct *p,char *buf)
-{
-  struct dgram_packet *dgram = &p->packet.dgram;
-  int flags = CVAL(buf,0);
-  char *name = buf+1;
-
-  name[15] = 0;
-
-  DEBUG(3,("Announce request from %s flags=0x%X\n",name,flags));
-
-  if (strequal(dgram->source_name.name,myname)) return;
-
-  needannounce = True;
-}
-
-
-/****************************************************************************
-process a browse frame
-****************************************************************************/
-static void process_browse_packet(struct packet_struct *p,char *buf,int len)
-{
-  int command = CVAL(buf,0);
-  switch (command) 
-    {
-    case 1: /* host announce */
-    case 12: /* domain announce */
-    case 15: /* local master announce */
-      process_announce(p,command,buf+1);
-      break;
-
-    case 2: /* announce request */
-      process_announce_request(p,buf+1);
-      break;
-
-    case 8: /* election */
-      process_election(p,buf+1);
-      break;
-
-    case 9: /* get backup list */
-      process_backup_list(p,buf+1);
-      break;
-
-    case 13: /* master announcement */
-      process_master_announce(p,buf+1);
-      break;
-    }
-}
-
-
-/****************************************************************************
-  process a domain logon packet
-  **************************************************************************/
-static void process_logon_packet(struct packet_struct *p,char *buf,int len)
-{
-  char *logname,*q;
-  pstring outbuf;
-  struct dgram_packet *dgram = &p->packet.dgram;
-  int code;
-
-  if (!lp_domain_logons()) {
-    DEBUG(3,("No domain logons\n"));
-    return;
-  }
-  if (!listening(&dgram->dest_name)) {
-    DEBUG(4,("Not listening to that domain\n"));
-    return;
-  }
-
-  q = outbuf;
-  bzero(outbuf,sizeof(outbuf));
-
-  code = SVAL(buf,0);
-  switch (code) {
-  case 0:    
-    {
-      char *machine = buf+2;
-      char *user = skip_string(machine,1);
-      logname = skip_string(user,1);
-
-      SSVAL(q,0,6);
-      q += 2;
-      strcpy(q,"\\\\");
-      q += 2;
-      StrnCpy(q,myname,16);
-      strupper(q);
-      q = skip_string(q,1);
-      SSVAL(q,0,0xFFFF);
-      q += 2;
-
-      DEBUG(3,("Domain login request from %s(%s) user=%s\n",
-	       machine,inet_ntoa(p->ip),user));
-    }
-    break;
-  case 7:    
-    {
-      char *machine = buf+2;
-      logname = skip_string(machine,1);
-
-      SSVAL(q,0,0xc);
-      q += 2;
-      StrnCpy(q,domain_controller(),16);
-      strupper(q);
-      q = skip_string(q,1);
-      q += PutUniCode(q,domain_controller());
-      q += PutUniCode(q,dgram->dest_name.name);
-      SSVAL(q,0,0xFFFF);
-      q += 2;
-
-      DEBUG(3,("GETDC request from %s(%s)\n",
-	       machine,inet_ntoa(p->ip)));
-    }
-    break;
-  default:
-    DEBUG(3,("Unknown domain request %d\n",code));
-    return;
-  }
-
-
-  send_mailslot_reply(logname,ClientDGRAM,outbuf,PTR_DIFF(q,outbuf),
-		      myname,&dgram->source_name.name[0],0,0,p->ip,myip);  
-}
-
-/****************************************************************************
-process udp 138 datagrams
-****************************************************************************/
-static void process_dgram(struct packet_struct *p)
-{
-  char *buf;
-  char *buf2;
-  int len;
-  struct dgram_packet *dgram = &p->packet.dgram;
-
-  if (dgram->header.msg_type != 0x10 &&
-      dgram->header.msg_type != 0x11 &&
-      dgram->header.msg_type != 0x12) {
-    /* don't process error packets etc yet */
-    return;
-  }
-
-  buf = &dgram->data[0];
-  buf -= 4; /* XXXX for the pseudo tcp length - 
-	       someday I need to get rid of this */
-
-  if (CVAL(buf,smb_com) != SMBtrans) return;
-
-  len = SVAL(buf,smb_vwv11);
-  buf2 = smb_base(buf) + SVAL(buf,smb_vwv12);
-
-  DEBUG(3,("datagram from %s to %s for %s of type %d len=%d\n",
-	   namestr(&dgram->source_name),namestr(&dgram->dest_name),
-	   smb_buf(buf),CVAL(buf2,0),len));
-
-  if (len <= 0) return;
-
-  if (strequal(smb_buf(buf),"\\MAILSLOT\\BROWSE")) {
-    process_browse_packet(p,buf2,len);
-  } else if (strequal(smb_buf(buf),"\\MAILSLOT\\NET\\NETLOGON")) {
-    process_logon_packet(p,buf2,len);
-  }
-
-}
-
-/*******************************************************************
-  find a workgroup using the specified broadcast
-  ******************************************************************/
-static BOOL find_workgroup(char *name,struct in_addr ip)
-{
-  fstring name1;
-  BOOL ret;
-  struct in_addr ipout;
-
-  strcpy(name1,MSBROWSE);
-
-  ret = name_query(ClientNMB,name1,0x1,True,False,ip,&ipout,queue_packet);
-  if (!ret) return(False);
-
-  name_status(ClientNMB,name1,0x1,False,ipout,name,NULL,queue_packet);
-
-  if (name[0] != '*') {
-    DEBUG(2,("Found workgroup %s on broadcast %s\n",name,inet_ntoa(ip)));
-  } else {
-    DEBUG(3,("Failed to find workgroup %s on broadcast %s\n",name,inet_ntoa(ip)));
-  }
-  return(name[0] != '*');
-}
-
-
-/****************************************************************************
-  a hook for announce handling - called every minute
-  **************************************************************************/
-static void do_announcements(void)
-{
-  struct domain_record *d;
-
-  for (d = domainlist; d; d = d->next) {
-    /* if the ip address is 0 then set to the broadcast */
-    if (zero_ip(d->bcast_ip)) d->bcast_ip = bcast_ip;
-
-    /* if the workgroup is '*' then find a workgroup to be part of */
-    if (d->name[0] == '*') {
-      if (!find_workgroup(d->name,d->bcast_ip)) continue;
-      add_host_entry(d->name,0x1e,False,0,SELF,
-		     *interpret_addr2("255.255.255.255"));
-      if (!PrimaryGroup[0] && ip_equal(bcast_ip,d->bcast_ip)) {
-	strcpy(PrimaryGroup,d->name);
-	strupper(PrimaryGroup);
-      }
-    }
-
-    announce_host(d,myname,ServerComment);
-  }
-
-  /* if I have a domain controller then announce to it */
-  if (AM_MASTER)
-    announce_master(PrimaryGroup);
-
-  needannounce=False;
-}
-
-/*******************************************************************
-  check if someone still owns a name
-  ******************************************************************/
-static BOOL confirm_name(struct name_record *n)
-{
-  struct in_addr ipout;
-  BOOL ret = name_query(ClientNMB,n->name.name,
-			n->name.name_type,False,
-			False,n->ip,&ipout,queue_packet);
-  return(ret && ip_equal(ipout,n->ip));
-}
-
-/****************************************************************************
-reply to a name release
-****************************************************************************/
-static void reply_name_release(struct packet_struct *p)
-{
-  struct nmb_packet *nmb = &p->packet.nmb;
-  struct packet_struct p2;
-  struct nmb_packet *nmb2;
-  struct res_rec answer_rec;
-  struct in_addr ip;
-  int rcode=0;
-  int nb_flags = nmb->additional->rdata[0];
-  BOOL bcast = nmb->header.nm_flags.bcast;
-  
-
-  putip((char *)&ip,&nmb->additional->rdata[2]);  
-
-  {
-    struct name_record *n = find_name(&nmb->question.question_name);
-    if (n && n->unique && n->source == REGISTER &&
-	ip_equal(ip,n->ip)) {
-      remove_name(n); n = NULL;
-    }
-
-    /* XXXX under what conditions should we reject the removal?? */
-  }
-
-  DEBUG(3,("Name release on name %s rcode=%d\n",
-	   namestr(&nmb->question.question_name),rcode));
-
-  if (bcast) return;
-
-  /* Send a NAME RELEASE RESPONSE */
-  p2 = *p;
-  nmb2 = &p2.packet.nmb;
-
-  nmb2->header.response = True;
-  nmb2->header.nm_flags.bcast = False;
-  nmb2->header.nm_flags.recursion_available = CanRecurse;
-  nmb2->header.nm_flags.trunc = False;
-  nmb2->header.nm_flags.authoritative = True; 
-  nmb2->header.qdcount = 0;
-  nmb2->header.ancount = 1;
-  nmb2->header.nscount = 0;
-  nmb2->header.arcount = 0;
-  nmb2->header.rcode = rcode;
-
-  nmb2->answers = &answer_rec;
-  bzero((char *)nmb2->answers,sizeof(*nmb2->answers));
-  
-  nmb2->answers->rr_name = nmb->question.question_name;
-  nmb2->answers->rr_type = nmb->question.question_type;
-  nmb2->answers->rr_class = nmb->question.question_class;
-  nmb2->answers->ttl = 0; 
-  nmb2->answers->rdlength = 6;
-  nmb2->answers->rdata[0] = nb_flags;
-  putip(&nmb2->answers->rdata[2],(char *)&ip);
-
-  send_packet(&p2);
-}
-
-/****************************************************************************
-  reply to a reg request
-  **************************************************************************/
-static void reply_name_reg(struct packet_struct *p)
-{
-  struct nmb_packet *nmb = &p->packet.nmb;
-  char *qname = nmb->question.question_name.name;
-  BOOL wildcard = (qname[0] == '*'); 
-  BOOL bcast = nmb->header.nm_flags.bcast;
-  int ttl = GET_TTL(nmb->additional->ttl);
-  int name_type = nmb->question.question_name.name_type;
-  int nb_flags = nmb->additional->rdata[0];
-  struct packet_struct p2;
-  struct nmb_packet *nmb2;
-  struct res_rec answer_rec;
-  struct in_addr ip;
-  BOOL group = (nb_flags&0x80)?True:False;
-  int rcode = 0;  
-
-  if (wildcard) return;
-
-  putip((char *)&ip,&nmb->additional->rdata[2]);
-
-  if (group) {
-    /* apparently we should return 255.255.255.255 for group queries (email from MS) */
-    ip = *interpret_addr2("255.255.255.255");
-  }
-
-  {
-    struct name_record *n = find_name(&nmb->question.question_name);
-
-    if (n) {
-      if (!group && !ip_equal(ip,n->ip)) {
-	/* check if the previous owner still wants it, 
-	   if so reject the registration, otherwise change the owner 
-	   and refresh */
-	if (n->source != REGISTER || confirm_name(n)) {
-	  rcode = 6;
-	} else {
-	  n->ip = ip;
-	  n->death_time = ttl?p->timestamp+ttl*3:0;
-	  DEBUG(3,("%s changed owner to %s\n",
-		   namestr(&n->name),inet_ntoa(n->ip)));
-	}
-      } else {
-	/* refresh the name */
-	if (n->source != SELF)
-	  n->death_time = ttl?p->timestamp + ttl*3:0;
-      }
-    } else {
-      /* add the name to our database */
-      n = add_host_entry(qname,name_type,!group,ttl,REGISTER,ip);
-    }
-  }
-
-  if (bcast) return;
-
-  DEBUG(3,("Name registration for name %s at %s rcode=%d\n",
-	   namestr(&nmb->question.question_name),
-	   inet_ntoa(ip),rcode));
-
-  /* Send a NAME REGISTRATION RESPONSE */
-  /* a lot of fields get copied from the query. This gives us the IP
-     and port the reply will be sent to etc */
-  p2 = *p;
-  nmb2 = &p2.packet.nmb;
-
-  nmb2->header.opcode = 5; 
-  nmb2->header.response = True;
-  nmb2->header.nm_flags.bcast = False;
-  nmb2->header.nm_flags.recursion_available = CanRecurse;
-  nmb2->header.nm_flags.trunc = False;
-  nmb2->header.nm_flags.authoritative = True; 
-  nmb2->header.qdcount = 0;
-  nmb2->header.ancount = 1;
-  nmb2->header.nscount = 0;
-  nmb2->header.arcount = 0;
-  nmb2->header.rcode = rcode;
-
-  nmb2->answers = &answer_rec;
-  bzero((char *)nmb2->answers,sizeof(*nmb2->answers));
-  
-  nmb2->answers->rr_name = nmb->question.question_name;
-  nmb2->answers->rr_type = nmb->question.question_type;
-  nmb2->answers->rr_class = nmb->question.question_class;
-
-  nmb2->answers->ttl = ttl; 
-  nmb2->answers->rdlength = 6;
-  nmb2->answers->rdata[0] = nb_flags;
-  putip(&nmb2->answers->rdata[2],(char *)&ip);
-
-  send_packet(&p2);  
-}
-
-
-/****************************************************************************
-reply to a name status query
-****************************************************************************/
-static void reply_name_status(struct packet_struct *p)
-{
-  struct nmb_packet *nmb = &p->packet.nmb;
-  char *qname = nmb->question.question_name.name;
-  BOOL wildcard = (qname[0] == '*'); 
-  struct packet_struct p2;
-  struct nmb_packet *nmb2;
-  struct res_rec answer_rec;
-  char *buf;
-  int count;
-  int rcode = 0;
-  struct name_record *n = find_name(&nmb->question.question_name);
-
-  DEBUG(3,("Name status for name %s\n",
-	   namestr(&nmb->question.question_name)));
-
-  if (!wildcard && (!n || n->source != SELF)) 
-    return;
-
-  /* Send a POSITIVE NAME STATUS RESPONSE */
-  /* a lot of fields get copied from the query. This gives us the IP
-     and port the reply will be sent to etc */
-  p2 = *p;
-  nmb2 = &p2.packet.nmb;
-
-  nmb2->header.response = True;
-  nmb2->header.nm_flags.bcast = False;
-  nmb2->header.nm_flags.recursion_available = CanRecurse;
-  nmb2->header.nm_flags.trunc = False;
-  nmb2->header.nm_flags.authoritative = True; /* WfWg ignores 
-						 non-authoritative answers */
-  nmb2->header.qdcount = 0;
-  nmb2->header.ancount = 1;
-  nmb2->header.nscount = 0;
-  nmb2->header.arcount = 0;
-  nmb2->header.rcode = rcode;
-
-  nmb2->answers = &answer_rec;
-  bzero((char *)nmb2->answers,sizeof(*nmb2->answers));
-  
-
-  nmb2->answers->rr_name = nmb->question.question_name;
-  nmb2->answers->rr_type = nmb->question.question_type;
-  nmb2->answers->rr_class = nmb->question.question_class;
-  nmb2->answers->ttl = 0; 
-
-  for (count=0, n = namelist ; n; n = n->next) {
-    if (n->source != SELF) continue;
-    count++;
-  }
-
-  count = MIN(count,400/18); /* XXXX hack, we should calculate exactly
-				how many will fit */
-
-  
-  buf = &nmb2->answers->rdata[0];
-  SCVAL(buf,0,count);
-  buf += 1;
-
-  for (n = namelist ; n; n = n->next) 
-    {
-      if (n->source != SELF) continue;
-
-      bzero(buf,18);
-      strcpy(buf,n->name.name);
-      strupper(buf);
-      buf[15] = n->name.name_type;
-      buf += 16;
-      buf[0] = 0x4; /* active */
-      if (!n->unique) buf[0] |= 0x80; /* group */
-      buf += 2;
-      count--;
-    }
-
-  /* XXXXXXX we should fill in more fields of the statistics structure */
-  bzero(buf,64);
-  {
-    extern int num_good_sends,num_good_receives;
-    SIVAL(buf,20,num_good_sends);
-    SIVAL(buf,24,num_good_receives);
-  }
-  SIVAL(buf,46,0xFFB8E5); /* undocumented - used by NT */
-
-  buf += 64;
-
-  nmb2->answers->rdlength = PTR_DIFF(buf,&nmb2->answers->rdata[0]);
-
-  send_packet(&p2);
-}
-
-
-
-/****************************************************************************
-reply to a name query
-****************************************************************************/
-static void reply_name_query(struct packet_struct *p)
-{
-  struct nmb_packet *nmb = &p->packet.nmb;
-  char *qname = nmb->question.question_name.name;
-  BOOL wildcard = (qname[0] == '*'); 
-  BOOL bcast = nmb->header.nm_flags.bcast;
-  struct in_addr retip;
-  int name_type = nmb->question.question_name.name_type;
-  struct packet_struct p2;
-  struct nmb_packet *nmb2;
-  struct res_rec answer_rec;
-  int ttl=0;
-  int rcode=0;
-  BOOL unique = True;
-
-  DEBUG(3,("Name query for %s from %s (bcast=%s) - ",
-	   namestr(&nmb->question.question_name),
-	   inet_ntoa(p->ip),
-	   BOOLSTR(bcast)));
-
-  if (wildcard)
-    retip = myip;
-
-  if (!wildcard) {
-    struct name_record *n = find_name(&nmb->question.question_name);
-
-    if (!n) {
-      struct in_addr ip;
-      unsigned long a;
-
-      /* only do DNS lookups if the query is for type 0x20 or type 0x0 */
-      if (name_type != 0x20 && name_type != 0) {
-	DEBUG(3,("not found\n"));
-	return;
-      }
-
-      /* look it up with DNS */      
-      a = interpret_addr(qname);
-
-      putip((char *)&ip,(char *)&a);
-
-      if (!a) {
-	/* no luck with DNS. We could possibly recurse here XXXX */
-	/* if this isn't a bcast then we should send a negative reply XXXX */
-	DEBUG(3,("no recursion\n"));
-	add_host_entry(qname,name_type,True,60*60,DNSFAIL,ip);
-	return;
-      }
-
-      /* add it to our cache of names. give it 2 hours in the cache */
-      n = add_host_entry(qname,name_type,True,2*60*60,DNS,ip);
-
-      /* failed to add it? yikes! */
-      if (!n) return;
-    }
-
-    /* don't respond to bcast queries for group names unless we own them */
-    if (bcast && !n->unique && !n->source == SELF) {
-      DEBUG(3,("no bcast replies\n"));
-      return;
-    }
-
-    /* don't respond to bcast queries for addresses on the same net as the 
-       machine doing the querying unless its our IP */
-    if (bcast && 
-	n->source != SELF && 
-	same_net(n->ip,p->ip)) {
-      DEBUG(3,("same net\n"));      
-      return;
-    }
-
-    /* is our entry already dead? */
-    if (n->death_time) {
-      if (n->death_time < p->timestamp) return;
-      ttl = n->death_time - p->timestamp;
-    }
-
-    retip = n->ip;
-    unique = n->unique;
-
-    /* it may have been an earlier failure */
-    if (n->source == DNSFAIL) {
-      DEBUG(3,("DNSFAIL\n"));
-      return;
-    }
-  }
-
-  /* if the IP is 0 then substitute my IP - we should see which one is on the 
-     right interface for the caller to do this right XXX */
-  if (zero_ip(retip)) retip = myip;
-  
-  DEBUG(3,("OK %s rcode=%d\n",inet_ntoa(retip),rcode));      
-
-  /* a lot of fields get copied from the query. This gives us the IP
-     and port the reply will be sent to etc */
-  p2 = *p;
-  nmb2 = &p2.packet.nmb;
-
-  nmb2->header.response = True;
-  nmb2->header.nm_flags.bcast = False;
-  nmb2->header.nm_flags.recursion_available = CanRecurse;
-  nmb2->header.nm_flags.trunc = False;
-  nmb2->header.nm_flags.authoritative = True; /* WfWg ignores 
-						 non-authoritative answers */
-  nmb2->header.qdcount = 0;
-  nmb2->header.ancount = 1;
-  nmb2->header.nscount = 0;
-  nmb2->header.arcount = 0;
-  nmb2->header.rcode = rcode;
-
-  nmb2->answers = &answer_rec;
-  bzero((char *)nmb2->answers,sizeof(*nmb2->answers));
-
-  nmb2->answers->rr_name = nmb->question.question_name;
-  nmb2->answers->rr_type = nmb->question.question_type;
-  nmb2->answers->rr_class = nmb->question.question_class;
-  nmb2->answers->ttl = ttl;
-  nmb2->answers->rdlength = 6;
-  nmb2->answers->rdata[0] = unique?0:0x80; 
-  nmb2->answers->rdata[1] = 0; 
-  putip(&nmb2->answers->rdata[2],(char *)&retip);
-
-  send_packet(&p2);
-}
-
-
-
-/* the global packet linked-list. incoming entries are added to the
-   end of this list.  it is supposed to remain fairly short so we
-   won't bother with an end pointer. */
-static struct packet_struct *packet_queue = NULL;
-
-
-/*******************************************************************
-  queue a packet into the packet queue
-  ******************************************************************/
-static void queue_packet(struct packet_struct *packet)
-{
-  struct packet_struct *p;
-  if (!packet_queue) {
-    packet->prev = NULL;
-    packet->next = NULL;
-    packet_queue = packet;
-    return;
-  }
-  
-  /* find the bottom */
-  for (p=packet_queue;p->next;p=p->next) ;
-
-  p->next = packet;
-  packet->next = NULL;
-  packet->prev = p;
-}
-
-/****************************************************************************
-  process a nmb packet
-  ****************************************************************************/
-static void process_nmb(struct packet_struct *p)
-{
-  struct nmb_packet *nmb = &p->packet.nmb;
-
-  /* if this is a response then ignore it */
-  if (nmb->header.response) return;
-
-  switch (nmb->header.opcode) 
-    {
-    case 5:
-    case 8:
-    case 9:
-      if (nmb->header.qdcount>0 && 
-	  nmb->header.arcount>0) {
-	reply_name_reg(p);
-	return;
-      }
-      break;
-
-    case 0:
-      if (nmb->header.qdcount>0) 
-	{
-	  switch (nmb->question.question_type)
-	    {
-	    case 0x20:
-	      reply_name_query(p);
-	      break;
-
-	    case 0x21:
-	      reply_name_status(p);
-	      break;
-	    }
-	  return;
-	}
-      break;
-
-    case 6:
-      if (nmb->header.qdcount>0 && 
-	  nmb->header.arcount>0) {
-	reply_name_release(p);
-	return;
-      }
-      break;
-    }
-
-}
-
-
-
-/*******************************************************************
-  run elements off the packet queue till its empty
-  ******************************************************************/
-static void run_packet_queue(void)
-{
-  struct packet_struct *p;
-
-  while ((p=packet_queue)) {
-    switch (p->packet_type)
-      {
-      case NMB_PACKET:
-	process_nmb(p);
-	break;
-
-      case DGRAM_PACKET:
-	process_dgram(p);
-	break;
-      }
-
-    packet_queue = packet_queue->next;
-    if (packet_queue) packet_queue->prev = NULL;
-    free_packet(p);
-  }
-}
-
-
-/****************************************************************************
-  The main select loop, listen for packets and respond
-  ***************************************************************************/
-void process(void)
-{
-
-  while (True)
-    {
-      fd_set fds;
-      int selrtn;
-      struct timeval timeout;
-
-      if (needelection && PrimaryGroup[0] && !RunningElection) {
-	DEBUG(3,(">>> Starting election on %s <<<\n",PrimaryGroup));
-	ElectionCount = 0;
-	RunningElection = True;
-	needelection = False;
-      }
-
-      FD_ZERO(&fds);
-      FD_SET(ClientNMB,&fds);
-      FD_SET(ClientDGRAM,&fds);
-      /* during elections we need to send election packets at one
-         second intervals */
-      timeout.tv_sec = RunningElection?1:NMBD_SELECT_LOOP;
-      timeout.tv_usec = 0;
-
-      selrtn = sys_select(&fds,&timeout);
-
-      if (FD_ISSET(ClientNMB,&fds)) {
-	struct packet_struct *packet = read_packet(ClientNMB,NMB_PACKET);
-	if (packet) queue_packet(packet);
-      }
-
-      if (FD_ISSET(ClientDGRAM,&fds)) {
-	struct packet_struct *packet = read_packet(ClientDGRAM,DGRAM_PACKET);
-	if (packet) queue_packet(packet);
-      }
-
-      if (RunningElection) 
-	run_election();
-
-      run_packet_queue();
-
-      do_announcements();
-
-      housekeeping();
-    }
-}
-
-
-/****************************************************************************
-  open the socket communication
-****************************************************************************/
-static BOOL open_sockets(BOOL isdaemon,int port)
-{
-  struct hostent *hp;
- 
-  /* get host info */
-  if ((hp = Get_Hostbyname(myhostname)) == 0) 
-    {
-      DEBUG(0,( "Get_Hostbyname: Unknown host. %s\n",myhostname));
-      return False;
-    }   
-
-  if (isdaemon)
-    ClientNMB = open_socket_in(SOCK_DGRAM, port,0);
-  else
-    ClientNMB = 0;
-
-  ClientDGRAM = open_socket_in(SOCK_DGRAM,DGRAM_PORT,3);
-
-  if (ClientNMB == -1)
-    return(False);
-
-  signal(SIGPIPE, SIGNAL_CAST sig_pipe);
-
-  set_socket_options(ClientNMB,"SO_BROADCAST");
-  set_socket_options(ClientDGRAM,"SO_BROADCAST");
-
-  DEBUG(3, ("Socket opened.\n"));
-  return True;
-}
-
-
-/*******************************************************************
-  check that a IP, bcast and netmask and consistent. Must be a 1s
-  broadcast
-  ******************************************************************/
-static BOOL ip_consistent(struct in_addr ip,struct in_addr bcast,
-			  struct in_addr nmask)
-{
-  unsigned long a_ip,a_bcast,a_nmask;
-
-  a_ip = ntohl(ip.s_addr);
-  a_bcast = ntohl(bcast.s_addr);
-  a_nmask = ntohl(nmask.s_addr);
-
-  /* check the netmask is sane */
-  if (((a_nmask>>24)&0xFF) != 0xFF) {
-    DEBUG(0,("Insane netmask %s\n",inet_ntoa(nmask)));
-    return(False);
-  }
-
-  /* check the IP and bcast are on the same net */
-  if ((a_ip&a_nmask) != (a_bcast&a_nmask)) {
-    DEBUG(0,("IP and broadcast are on different nets!\n"));
-    return(False);
-  }
-
-  /* check the IP and bcast are on the same net */
-  if ((a_bcast|a_nmask) != 0xFFFFFFFF) {
-    DEBUG(0,("Not a ones based broadcast %s\n",inet_ntoa(bcast)));
-    return(False);
-  }
-
-  return(True);
-}
-
-/****************************************************************************
-  initialise connect, service and file structs
-****************************************************************************/
-static BOOL init_structs(void )
-{
-  if (!get_myname(myhostname,got_myip?NULL:&myip))
-    return(False);
-
-  /* Read the broadcast address from the interface */
-  {
-    struct in_addr ip0,ip1,ip2;
-
-    ip0 = myip;
-
-    if (!(got_bcast && got_nmask))
-      {
-	get_broadcast(&ip0,&ip1,&ip2);
-
-	if (!got_myip)
-	  myip = ip0;
-    
-	if (!got_bcast)
-	  bcast_ip = ip1;
-    
-	if (!got_nmask)
-	  Netmask = ip2;   
-      } 
-
-    DEBUG(1,("Using IP %s  ",inet_ntoa(myip))); 
-    DEBUG(1,("broadcast %s  ",inet_ntoa(bcast_ip)));
-    DEBUG(1,("netmask %s\n",inet_ntoa(Netmask)));    
-
-    if (!ip_consistent(myip,bcast_ip,Netmask)) {
-      DEBUG(0,("WARNING: The IP address, broadcast and Netmask are not consistent\n"));
-      DEBUG(0,("You are likely to experience problems with this setup!\n"));
-    }
-  }
-
-  if (! *myname) {
-    char *p;
-    strcpy(myname,myhostname);
-    p = strchr(myname,'.');
-    if (p) *p = 0;
-  }
-
-  {
-    extern fstring local_machine;
-    strcpy(local_machine,myname);
-    strupper(local_machine);
-  }
-
-  return True;
-}
-
-/****************************************************************************
-usage on the program
-****************************************************************************/
-static void usage(char *pname)
-{
-  DEBUG(0,("Incorrect program usage - is the command line correct?\n"));
-
-  printf("Usage: %s [-n name] [-B bcast address] [-D] [-p port] [-d debuglevel] [-l log basename]\n",pname);
-  printf("Version %s\n",VERSION);
-  printf("\t-D                    become a daemon\n");
-  printf("\t-p port               listen on the specified port\n");
-  printf("\t-d debuglevel         set the debuglevel\n");
-  printf("\t-l log basename.      Basename for log/debug files\n");
-  printf("\t-n netbiosname.       the netbios name to advertise for this host\n");
-  printf("\t-B broadcast address  the address to use for broadcasts\n");
-  printf("\t-N netmask           the netmask to use for subnet determination\n");
-  printf("\t-H hosts file        load a netbios hosts file\n");
-  printf("\t-I ip-address        override the IP address\n");
-  printf("\t-G group name        add a group name to be part of\n");
-  printf("\t-C comment           sets the machine comment that appears in browse lists\n");
-  printf("\n");
-}
-
-
-/****************************************************************************
-  main program
-  **************************************************************************/
-int main(int argc,char *argv[])
-{
-  int port = NMB_PORT;
-  int opt;
-  extern FILE *dbf;
-  extern char *optarg;
-
-  *host_file = 0;
-
-#if 0
-  sleep(10);
-#endif
-
-  StartupTime = time(NULL);
-
-  TimeInit();
-
-  strcpy(debugf,NMBLOGFILE);
-
-  setup_logging(argv[0],False);
-
-  charset_initialise();
-
-#ifdef LMHOSTSFILE
-  strcpy(host_file,LMHOSTSFILE);
-#endif
-
-  /* this is for people who can't start the program correctly */
-  while (argc > 1 && (*argv[1] != '-'))
-    {
-      argv++;
-      argc--;
-    }
-
-  fault_setup(fault_continue);
-
-  signal(SIGHUP,SIGNAL_CAST sig_hup);
-
-  bcast_ip = *interpret_addr2("0.0.0.0");
-  myip = *interpret_addr2("0.0.0.0");
-
-  while ((opt = getopt (argc, argv, "s:T:I:C:bAi:B:N:Rn:l:d:Dp:hSH:G:")) != EOF)
-    switch (opt)
-      {
-      case 's':
-	strcpy(servicesf,optarg);
-	break;
-      case 'C':
-	strcpy(ServerComment,optarg);
-	break;
-      case 'G':
-	add_domain_entry(optarg,bcast_ip);
-	break;
-      case 'H':
-	strcpy(host_file,optarg);
-	break;
-      case 'I':
-	myip = *interpret_addr2(optarg);
-	got_myip = True;
-	break;
-      case 'B':
-	bcast_ip = *interpret_addr2(optarg);
-	got_bcast = True;
-	break;
-      case 'N':
-	Netmask = *interpret_addr2(optarg);
-	got_nmask = True;
-	break;
-      case 'n':
-	strcpy(myname,optarg);
-	break;
-      case 'l':
-	sprintf(debugf,"%s.nmb",optarg);
-	break;
-      case 'i':
-	strcpy(scope,optarg);
-	strupper(scope);
-	break;
-      case 'D':
-	is_daemon = True;
-	break;
-      case 'd':
-	DEBUGLEVEL = atoi(optarg);
-	break;
-      case 'p':
-	port = atoi(optarg);
-	break;
-      case 'h':
-	usage(argv[0]);
-	exit(0);
-	break;
-      default:
-	if (!is_a_socket(0))
-	  usage(argv[0]);
-	break;
-      }
-  
-  DEBUG(1,("%s netbios nameserver version %s started\n",timestring(),VERSION));
-  DEBUG(1,("Copyright Andrew Tridgell 1994\n"));
-
-  init_structs();
-
-  if (!reload_services(False))
-    return(-1);	
-
-  if (*host_file)
-    {
-      load_hosts_file(host_file);
-      DEBUG(3,("Loaded hosts file\n"));
-    }
-
-  if (!*ServerComment)
-    strcpy(ServerComment,"Samba %v");
-  string_sub(ServerComment,"%v",VERSION);
-  string_sub(ServerComment,"%h",myhostname);
-
-  add_my_names();
-
-  DEBUG(3,("Checked names\n"));
-  
-  dump_names();
-
-  DEBUG(3,("Dumped names\n"));
-
-  if (!is_daemon && !is_a_socket(0)) {
-    DEBUG(0,("standard input is not a socket, assuming -D option\n"));
-    is_daemon = True;
-  }
-  
-
-  if (is_daemon) {
-    DEBUG(2,("%s becoming a daemon\n",timestring()));
-    become_daemon();
-  }
-
-
-  DEBUG(3,("Opening sockets\n"));
-
-  if (open_sockets(is_daemon,port))
-    {
-      process();
-      close_sockets();
-    }
-
-  if (dbf)
-    fclose(dbf);
-  return(0);
-}
diff --git a/source3/nmbd/.cvsignore b/source3/nmbd/.cvsignore
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/source3/nmbd/.cvsignore
diff --git a/source3/nmbd/asyncdns.c b/source3/nmbd/asyncdns.c
new file mode 100644
index 0000000000..6c2f8de3b1
--- /dev/null
+++ b/source3/nmbd/asyncdns.c
@@ -0,0 +1,348 @@
+/*
+   Unix SMB/CIFS implementation.
+   a async DNS handler
+   Copyright (C) Andrew Tridgell 1997-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   */
+
+#include "includes.h"
+
+/***************************************************************************
+  Add a DNS result to the name cache.
+****************************************************************************/
+
+static struct name_record *add_dns_result(struct nmb_name *question, struct in_addr addr)
+{
+  int name_type = question->name_type;
+  char *qname = question->name;
+  
+  
+  if (!addr.s_addr) {
+    /* add the fail to WINS cache of names. give it 1 hour in the cache */
+    DEBUG(3,("add_dns_result: Negative DNS answer for %s\n", qname));
+    (void)add_name_to_subnet( wins_server_subnet, qname, name_type,
+                              NB_ACTIVE, 60*60, DNSFAIL_NAME, 1, &addr );
+    return( NULL );
+  }
+
+  /* add it to our WINS cache of names. give it 2 hours in the cache */
+  DEBUG(3,("add_dns_result: DNS gave answer for %s of %s\n", qname, inet_ntoa(addr)));
+
+  return( add_name_to_subnet( wins_server_subnet, qname, name_type,
+                              NB_ACTIVE, 2*60*60, DNS_NAME, 1, &addr ) );
+}
+
+
+
+#ifndef SYNC_DNS
+
+static int fd_in = -1, fd_out = -1;
+static pid_t child_pid = -1;
+static int in_dns;
+
+/* this is the structure that is passed between the parent and child */
+struct query_record {
+	struct nmb_name name;
+	struct in_addr result;
+};
+
+/* a queue of pending requests waiting to be sent to the DNS child */
+static struct packet_struct *dns_queue;
+
+/* the packet currently being processed by the dns child */
+static struct packet_struct *dns_current;
+
+
+/***************************************************************************
+  return the fd used to gather async dns replies. This is added to the select
+  loop
+  ****************************************************************************/
+int asyncdns_fd(void)
+{
+	return fd_in;
+}
+
+/***************************************************************************
+  handle DNS queries arriving from the parent
+  ****************************************************************************/
+static void asyncdns_process(void)
+{
+	struct query_record r;
+	fstring qname;
+
+	DEBUGLEVEL = -1;
+
+	while (1) {
+		if (read_data(fd_in, (char *)&r, sizeof(r)) != sizeof(r)) 
+			break;
+
+		fstrcpy(qname, r.name.name);
+
+		r.result.s_addr = interpret_addr(qname);
+
+		if (write_data(fd_out, (char *)&r, sizeof(r)) != sizeof(r))
+			break;
+	}
+
+	_exit(0);
+}
+
+/**************************************************************************** **
+  catch a sigterm (in the child process - the parent has a different handler
+  see nmbd.c for details).
+  We need a separate term handler here so we don't release any 
+  names that our parent is going to release, or overwrite a 
+  WINS db that our parent is going to write.
+ **************************************************************************** */
+
+static void sig_term(int sig)
+{
+  _exit(0);
+}
+
+/***************************************************************************
+ Called by the parent process when it receives a SIGTERM - also kills the
+ child so we don't get child async dns processes lying around, causing trouble.
+  ****************************************************************************/
+
+void kill_async_dns_child(void)
+{
+	if (child_pid > 0) {
+		kill(child_pid, SIGTERM);
+	}
+}
+
+/***************************************************************************
+  create a child process to handle DNS lookups
+  ****************************************************************************/
+void start_async_dns(void)
+{
+	int fd1[2], fd2[2];
+
+	CatchChild();
+
+	if (pipe(fd1) || pipe(fd2)) {
+		DEBUG(0,("can't create asyncdns pipes\n"));
+		return;
+	}
+
+	child_pid = sys_fork();
+
+	if (child_pid) {
+		fd_in = fd1[0];
+		fd_out = fd2[1];
+		close(fd1[1]);
+		close(fd2[0]);
+		DEBUG(0,("started asyncdns process %d\n", (int)child_pid));
+		return;
+	}
+
+	fd_in = fd2[0];
+	fd_out = fd1[1];
+
+	CatchSignal(SIGUSR2, SIG_IGN);
+	CatchSignal(SIGUSR1, SIG_IGN);
+	CatchSignal(SIGHUP, SIG_IGN);
+        CatchSignal(SIGTERM, SIGNAL_CAST sig_term );
+
+	asyncdns_process();
+}
+
+
+/***************************************************************************
+check if a particular name is already being queried
+  ****************************************************************************/
+static BOOL query_current(struct query_record *r)
+{
+	return dns_current &&
+		nmb_name_equal(&r->name, 
+			   &dns_current->packet.nmb.question.question_name);
+}
+
+
+/***************************************************************************
+  write a query to the child process
+  ****************************************************************************/
+static BOOL write_child(struct packet_struct *p)
+{
+	struct query_record r;
+
+	r.name = p->packet.nmb.question.question_name;
+
+	return write_data(fd_out, (char *)&r, sizeof(r)) == sizeof(r);
+}
+
+/***************************************************************************
+  check the DNS queue
+  ****************************************************************************/
+void run_dns_queue(void)
+{
+	struct query_record r;
+	struct packet_struct *p, *p2;
+	struct name_record *namerec;
+	int size;
+
+	if (fd_in == -1)
+		return;
+
+        /* Allow SIGTERM to kill us. */
+        BlockSignals(False, SIGTERM);
+
+	if (!process_exists(child_pid)) {
+		close(fd_in);
+		start_async_dns();
+	}
+
+	if ((size=read_data(fd_in, (char *)&r, sizeof(r))) != sizeof(r)) {
+		if (size) {
+			DEBUG(0,("Incomplete DNS answer from child!\n"));
+			fd_in = -1;
+		}
+                BlockSignals(True, SIGTERM);
+		return;
+	}
+
+        BlockSignals(True, SIGTERM);
+
+	namerec = add_dns_result(&r.name, r.result);
+
+	if (dns_current) {
+		if (query_current(&r)) {
+			DEBUG(3,("DNS calling send_wins_name_query_response\n"));
+			in_dns = 1;
+                        if(namerec == NULL)
+                          send_wins_name_query_response(NAM_ERR, dns_current, NULL);
+                        else
+			  send_wins_name_query_response(0,dns_current,namerec);
+			in_dns = 0;
+		}
+
+		dns_current->locked = False;
+		free_packet(dns_current);
+		dns_current = NULL;
+	}
+
+	/* loop over the whole dns queue looking for entries that
+	   match the result we just got */
+	for (p = dns_queue; p;) {
+		struct nmb_packet *nmb = &p->packet.nmb;
+		struct nmb_name *question = &nmb->question.question_name;
+
+		if (nmb_name_equal(question, &r.name)) {
+			DEBUG(3,("DNS calling send_wins_name_query_response\n"));
+			in_dns = 1;
+                        if(namerec == NULL)
+			  send_wins_name_query_response(NAM_ERR, p, NULL);
+                        else
+                          send_wins_name_query_response(0,p,namerec);
+			in_dns = 0;
+			p->locked = False;
+
+			if (p->prev)
+				p->prev->next = p->next;
+			else
+				dns_queue = p->next;
+			if (p->next)
+				p->next->prev = p->prev;
+			p2 = p->next;
+			free_packet(p);
+			p = p2;
+		} else {
+			p = p->next;
+		}
+	}
+
+	if (dns_queue) {
+		dns_current = dns_queue;
+		dns_queue = dns_queue->next;
+		if (dns_queue) dns_queue->prev = NULL;
+		dns_current->next = NULL;
+
+		if (!write_child(dns_current)) {
+			DEBUG(3,("failed to send DNS query to child!\n"));
+			return;
+		}
+	}
+
+}
+
+/***************************************************************************
+queue a DNS query
+  ****************************************************************************/
+BOOL queue_dns_query(struct packet_struct *p,struct nmb_name *question,
+		     struct name_record **n)
+{
+	if (in_dns || fd_in == -1)
+		return False;
+
+	if (!dns_current) {
+		if (!write_child(p)) {
+			DEBUG(3,("failed to send DNS query to child!\n"));
+			return False;
+		}
+		dns_current = p;
+		p->locked = True;
+	} else {
+		p->locked = True;
+		p->next = dns_queue;
+		p->prev = NULL;
+		if (p->next)
+			p->next->prev = p;
+		dns_queue = p;
+	}
+
+	DEBUG(3,("added DNS query for %s\n", nmb_namestr(question)));
+	return True;
+}
+
+#else
+
+
+/***************************************************************************
+  we use this when we can't do async DNS lookups
+  ****************************************************************************/
+BOOL queue_dns_query(struct packet_struct *p,struct nmb_name *question,
+		     struct name_record **n)
+{
+	char *qname = question->name;
+	struct in_addr dns_ip;
+
+	DEBUG(3,("DNS search for %s - ", nmb_namestr(question)));
+
+        /* Unblock TERM signal so we can be killed in DNS lookup. */
+        BlockSignals(False, SIGTERM);
+
+	dns_ip.s_addr = interpret_addr(qname);
+
+        /* Re-block TERM signal. */
+        BlockSignals(True, SIGTERM);
+
+	*n = add_dns_result(question, dns_ip);
+        if(*n == NULL)
+          send_wins_name_query_response(NAM_ERR, p, NULL);
+        else
+          send_wins_name_query_response(0, p, *n);
+	return False;
+}
+
+/***************************************************************************
+ With sync dns there is no child to kill on SIGTERM.
+  ****************************************************************************/
+void kill_async_dns_child(void)
+{
+  return;
+}
+#endif
diff --git a/source3/nmbd/nmbd.c b/source3/nmbd/nmbd.c
new file mode 100644
index 0000000000..051991f46d
--- /dev/null
+++ b/source3/nmbd/nmbd.c
@@ -0,0 +1,919 @@
+/*
+   Unix SMB/CIFS implementation.
+   NBT netbios routines and daemon - version 2
+   Copyright (C) Andrew Tridgell 1994-1998
+   Copyright (C) Jeremy Allison 1997-2002
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   
+*/
+
+#include "includes.h"
+
+int ClientNMB       = -1;
+int ClientDGRAM     = -1;
+int global_nmb_port = -1;
+
+extern pstring global_myname;
+extern fstring global_myworkgroup;
+extern char **my_netbios_names;
+
+extern BOOL global_in_nmbd;
+
+/* are we running as a daemon ? */
+static BOOL is_daemon = False;
+
+/* have we found LanMan clients yet? */
+BOOL found_lm_clients = False;
+
+/* what server type are we currently */
+
+time_t StartupTime = 0;
+
+/**************************************************************************** **
+ Handle a SIGTERM in band.
+ **************************************************************************** */
+
+static void terminate(void)
+{
+	DEBUG(0,("Got SIGTERM: going down...\n"));
+  
+	/* Write out wins.dat file if samba is a WINS server */
+	wins_write_database(False);
+  
+	/* Remove all SELF registered names. */
+	release_my_names();
+  
+	/* Announce all server entries as 0 time-to-live, 0 type. */
+	announce_my_servers_removed();
+
+	/* If there was an async dns child - kill it. */
+	kill_async_dns_child();
+
+	exit(0);
+}
+
+/**************************************************************************** **
+ Handle a SHUTDOWN message from smbcontrol.
+ **************************************************************************** */
+
+static void nmbd_terminate(int msg_type, pid_t src, void *buf, size_t len)
+{
+	terminate();
+}
+
+/**************************************************************************** **
+ Catch a SIGTERM signal.
+ **************************************************************************** */
+
+static VOLATILE sig_atomic_t got_sig_term;
+
+static void sig_term(int sig)
+{
+	got_sig_term = 1;
+	sys_select_signal();
+}
+
+/**************************************************************************** **
+ Catch a SIGHUP signal.
+ **************************************************************************** */
+
+static VOLATILE sig_atomic_t reload_after_sighup;
+
+static void sig_hup(int sig)
+{
+	reload_after_sighup = 1;
+	sys_select_signal();
+}
+
+#if DUMP_CORE
+/**************************************************************************** **
+ Prepare to dump a core file - carefully!
+ **************************************************************************** */
+
+static BOOL dump_core(void)
+{
+	char *p;
+	pstring dname;
+	pstrcpy( dname, lp_logfile() );
+	if ((p=strrchr_m(dname,'/')))
+		*p=0;
+	pstrcat( dname, "/corefiles" );
+	mkdir( dname, 0700 );
+	sys_chown( dname, getuid(), getgid() );
+	chmod( dname, 0700 );
+	if ( chdir(dname) )
+		return( False );
+	umask( ~(0700) );
+
+#ifdef HAVE_GETRLIMIT
+#ifdef RLIMIT_CORE
+	{
+		struct rlimit rlp;
+		getrlimit( RLIMIT_CORE, &rlp );
+		rlp.rlim_cur = MAX( 4*1024*1024, rlp.rlim_cur );
+		setrlimit( RLIMIT_CORE, &rlp );
+		getrlimit( RLIMIT_CORE, &rlp );
+		DEBUG( 3, ( "Core limits now %d %d\n", (int)rlp.rlim_cur, (int)rlp.rlim_max ) );
+	}
+#endif
+#endif
+
+
+	DEBUG(0,("Dumping core in %s\n",dname));
+	abort();
+	return( True );
+}
+#endif
+
+/**************************************************************************** **
+ Possibly continue after a fault.
+ **************************************************************************** */
+
+static void fault_continue(void)
+{
+#if DUMP_CORE
+	dump_core();
+#endif
+}
+
+/**************************************************************************** **
+ Expire old names from the namelist and server list.
+ **************************************************************************** */
+
+static void expire_names_and_servers(time_t t)
+{
+	static time_t lastrun = 0;
+  
+	if ( !lastrun )
+		lastrun = t;
+	if ( t < (lastrun + 5) )
+		return;
+	lastrun = t;
+
+	/*
+	 * Expire any timed out names on all the broadcast
+	 * subnets and those registered with the WINS server.
+	 * (nmbd_namelistdb.c)
+	 */
+
+	expire_names(t);
+
+	/*
+	 * Go through all the broadcast subnets and for each
+	 * workgroup known on that subnet remove any expired
+	 * server names. If a workgroup has an empty serverlist
+	 * and has itself timed out then remove the workgroup.
+	 * (nmbd_workgroupdb.c)
+	 */
+
+	expire_workgroups_and_servers(t);
+}
+
+/************************************************************************** **
+ Reload the list of network interfaces.
+ ************************************************************************** */
+
+static BOOL reload_interfaces(time_t t)
+{
+	static time_t lastt;
+	int n;
+	struct subnet_record *subrec;
+	extern BOOL rescan_listen_set;
+	extern struct in_addr loopback_ip;
+
+	if (t && ((t - lastt) < NMBD_INTERFACES_RELOAD)) return False;
+	lastt = t;
+
+	if (!interfaces_changed()) return False;
+
+	/* the list of probed interfaces has changed, we may need to add/remove
+	   some subnets */
+	load_interfaces();
+
+	/* find any interfaces that need adding */
+	for (n=iface_count() - 1; n >= 0; n--) {
+		struct interface *iface = get_interface(n);
+
+		/*
+		 * We don't want to add a loopback interface, in case
+		 * someone has added 127.0.0.1 for smbd, nmbd needs to
+		 * ignore it here. JRA.
+		 */
+
+		if (ip_equal(iface->ip, loopback_ip)) {
+			DEBUG(2,("reload_interfaces: Ignoring loopback interface %s\n", inet_ntoa(iface->ip)));
+			continue;
+		}
+
+		for (subrec=subnetlist; subrec; subrec=subrec->next) {
+			if (ip_equal(iface->ip, subrec->myip) &&
+			    ip_equal(iface->nmask, subrec->mask_ip)) break;
+		}
+
+		if (!subrec) {
+			/* it wasn't found! add it */
+			DEBUG(2,("Found new interface %s\n", 
+				 inet_ntoa(iface->ip)));
+			subrec = make_normal_subnet(iface);
+			if (subrec) register_my_workgroup_one_subnet(subrec);
+		}
+	}
+
+	/* find any interfaces that need deleting */
+	for (subrec=subnetlist; subrec; subrec=subrec->next) {
+		for (n=iface_count() - 1; n >= 0; n--) {
+			struct interface *iface = get_interface(n);
+			if (ip_equal(iface->ip, subrec->myip) &&
+			    ip_equal(iface->nmask, subrec->mask_ip)) break;
+		}
+		if (n == -1) {
+			/* oops, an interface has disapeared. This is
+			 tricky, we don't dare actually free the
+			 interface as it could be being used, so
+			 instead we just wear the memory leak and
+			 remove it from the list of interfaces without
+			 freeing it */
+			DEBUG(2,("Deleting dead interface %s\n", 
+				 inet_ntoa(subrec->myip)));
+			close_subnet(subrec);
+		}
+	}
+	
+	rescan_listen_set = True;
+
+	/* We need to shutdown if there are no subnets... */
+	if (FIRST_SUBNET == NULL) {
+		DEBUG(0,("reload_interfaces: No subnets to listen to. Shutting down...\n"));
+		return True;
+	}
+	return False;
+}
+
+/**************************************************************************** **
+ Reload the services file.
+ **************************************************************************** */
+
+static BOOL reload_nmbd_services(BOOL test)
+{
+	BOOL ret;
+	extern fstring remote_machine;
+
+	fstrcpy( remote_machine, "nmbd" );
+
+	if ( lp_loaded() ) {
+		pstring fname;
+		pstrcpy( fname,lp_configfile());
+		if (file_exist(fname,NULL) && !strcsequal(fname,dyn_CONFIGFILE)) {
+			pstrcpy(dyn_CONFIGFILE,fname);
+			test = False;
+		}
+	}
+
+	if ( test && !lp_file_list_changed() )
+		return(True);
+
+	ret = lp_load( dyn_CONFIGFILE, True , False, False);
+
+	/* perhaps the config filename is now set */
+	if ( !test ) {
+		DEBUG( 3, ( "services not loaded\n" ) );
+		reload_nmbd_services( True );
+	}
+
+	/* Do a sanity check for a misconfigured nmbd */
+	if( lp_wins_support() && wins_srv_count() ) {
+		if( DEBUGLVL(0) ) {
+			dbgtext( "ERROR: 'wins support = true' and 'wins server = <server>'\n" );
+			dbgtext( "are conflicting settings.  nmbd aborting.\n" );
+		}
+		exit(10);
+	}
+
+	return(ret);
+}
+
+/**************************************************************************** **
+ The main select loop.
+ **************************************************************************** */
+
+static void process(void)
+{
+	BOOL run_election;
+
+	while( True ) {
+		time_t t = time(NULL);
+
+		/* Check for internal messages */
+
+		message_dispatch();
+
+		/*
+		 * Check all broadcast subnets to see if
+		 * we need to run an election on any of them.
+		 * (nmbd_elections.c)
+		 */
+
+		run_election = check_elections();
+
+		/*
+		 * Read incoming UDP packets.
+		 * (nmbd_packets.c)
+		 */
+
+		if(listen_for_packets(run_election))
+			return;
+
+		/*
+		 * Handle termination inband.
+		 */
+
+		if (got_sig_term) {
+			got_sig_term = 0;
+			terminate();
+		}
+
+		/*
+		 * Process all incoming packets
+		 * read above. This calls the success and
+		 * failure functions registered when response
+		 * packets arrrive, and also deals with request
+		 * packets from other sources.
+		 * (nmbd_packets.c)
+		 */
+
+		run_packet_queue();
+
+		/*
+		 * Run any elections - initiate becoming
+		 * a local master browser if we have won.
+		 * (nmbd_elections.c)
+		 */
+
+		run_elections(t);
+
+		/*
+		 * Send out any broadcast announcements
+		 * of our server names. This also announces
+		 * the workgroup name if we are a local
+		 * master browser.
+		 * (nmbd_sendannounce.c)
+		 */
+
+		announce_my_server_names(t);
+
+		/*
+		 * Send out any LanMan broadcast announcements
+		 * of our server names.
+		 * (nmbd_sendannounce.c)
+		 */
+
+		announce_my_lm_server_names(t);
+
+		/*
+		 * If we are a local master browser, periodically
+		 * announce ourselves to the domain master browser.
+		 * This also deals with syncronising the domain master
+		 * browser server lists with ourselves as a local
+		 * master browser.
+		 * (nmbd_sendannounce.c)
+		 */
+
+		announce_myself_to_domain_master_browser(t);
+
+		/*
+		 * Fullfill any remote announce requests.
+		 * (nmbd_sendannounce.c)
+		 */
+
+		announce_remote(t);
+
+		/*
+		 * Fullfill any remote browse sync announce requests.
+		 * (nmbd_sendannounce.c)
+		 */
+
+		browse_sync_remote(t);
+
+		/*
+		 * Scan the broadcast subnets, and WINS client
+		 * namelists and refresh any that need refreshing.
+		 * (nmbd_mynames.c)
+		 */
+
+		refresh_my_names(t);
+
+		/*
+		 * Scan the subnet namelists and server lists and
+		 * expire thos that have timed out.
+		 * (nmbd.c)
+		 */
+
+		expire_names_and_servers(t);
+
+		/*
+		 * Write out a snapshot of our current browse list into
+		 * the browse.dat file. This is used by smbd to service
+		 * incoming NetServerEnum calls - used to synchronise
+		 * browse lists over subnets.
+		 * (nmbd_serverlistdb.c)
+		 */
+
+		write_browse_list(t, False);
+
+		/*
+		 * If we are a domain master browser, we have a list of
+		 * local master browsers we should synchronise browse
+		 * lists with (these are added by an incoming local
+		 * master browser announcement packet). Expire any of
+		 * these that are no longer current, and pull the server
+		 * lists from each of these known local master browsers.
+		 * (nmbd_browsesync.c)
+		 */
+
+		dmb_expire_and_sync_browser_lists(t);
+
+		/*
+		 * Check that there is a local master browser for our
+		 * workgroup for all our broadcast subnets. If one
+		 * is not found, start an election (which we ourselves
+		 * may or may not participate in, depending on the
+		 * setting of the 'local master' parameter.
+		 * (nmbd_elections.c)
+		 */
+
+		check_master_browser_exists(t);
+
+		/*
+		 * If we are configured as a logon server, attempt to
+		 * register the special NetBIOS names to become such
+		 * (WORKGROUP<1c> name) on all broadcast subnets and
+		 * with the WINS server (if used). If we are configured
+		 * to become a domain master browser, attempt to register
+		 * the special NetBIOS name (WORKGROUP<1b> name) to
+		 * become such.
+		 * (nmbd_become_dmb.c)
+		 */
+
+		add_domain_names(t);
+
+		/*
+		 * If we are a WINS server, do any timer dependent
+		 * processing required.
+		 * (nmbd_winsserver.c)
+		 */
+
+		initiate_wins_processing(t);
+
+		/*
+		 * If we are a domain master browser, attempt to contact the
+		 * WINS server to get a list of all known WORKGROUPS/DOMAINS.
+		 * This will only work to a Samba WINS server.
+		 * (nmbd_browsesync.c)
+		 */
+
+		if (lp_enhanced_browsing())
+			collect_all_workgroup_names_from_wins_server(t);
+
+		/*
+		 * Go through the response record queue and time out or re-transmit
+		 * and expired entries.
+		 * (nmbd_packets.c)
+		 */
+
+		retransmit_or_expire_response_records(t);
+
+		/*
+		 * check to see if any remote browse sync child processes have completed
+		 */
+
+		sync_check_completion();
+
+		/*
+		 * regularly sync with any other DMBs we know about 
+		 */
+
+		if (lp_enhanced_browsing())
+			sync_all_dmbs(t);
+
+		/*
+		 * clear the unexpected packet queue 
+		 */
+
+		clear_unexpected(t);
+
+		/*
+		 * Reload the services file if we got a sighup.
+		 */
+
+		if(reload_after_sighup) {
+			DEBUG( 0, ( "Got SIGHUP dumping debug info.\n" ) );
+			write_browse_list( 0, True );
+			dump_all_namelists();
+			reload_nmbd_services( True );
+			reopen_logs();
+			if(reload_interfaces(0))
+				return;
+			reload_after_sighup = 0;
+		}
+
+		/* check for new network interfaces */
+
+		if(reload_interfaces(t))
+			return;
+
+		/* free up temp memory */
+			lp_talloc_free();
+	}
+}
+
+/**************************************************************************** **
+ Open the socket communication.
+ **************************************************************************** */
+
+static BOOL open_sockets(BOOL isdaemon, int port)
+{
+	/*
+	 * The sockets opened here will be used to receive broadcast
+	 * packets *only*. Interface specific sockets are opened in
+	 * make_subnet() in namedbsubnet.c. Thus we bind to the
+	 * address "0.0.0.0". The parameter 'socket address' is
+	 * now deprecated.
+	 */
+
+	if ( isdaemon )
+		ClientNMB = open_socket_in(SOCK_DGRAM, port,0,0,True);
+	else
+		ClientNMB = 0;
+  
+	ClientDGRAM = open_socket_in(SOCK_DGRAM,DGRAM_PORT,3,0,True);
+
+	if ( ClientNMB == -1 )
+		return( False );
+
+	/* we are never interested in SIGPIPE */
+	BlockSignals(True,SIGPIPE);
+
+	set_socket_options( ClientNMB,   "SO_BROADCAST" );
+	set_socket_options( ClientDGRAM, "SO_BROADCAST" );
+
+	DEBUG( 3, ( "open_sockets: Broadcast sockets opened.\n" ) );
+	return( True );
+}
+
+/**************************************************************************** **
+ Initialise connect, service and file structs.
+ **************************************************************************** */
+
+static BOOL init_structs(void)
+{
+  extern fstring local_machine;
+  char *p, **ptr;
+  int namecount;
+  int n;
+  int nodup;
+  char *nbname;
+
+  if (! *global_myname)
+  {
+    fstrcpy( global_myname, myhostname() );
+    p = strchr_m( global_myname, '.' );
+    if (p)
+      *p = 0;
+  }
+  strupper( global_myname );
+
+  /* Add any NETBIOS name aliases. Ensure that the first entry
+     is equal to global_myname.
+   */
+  /* Work out the max number of netbios aliases that we have */
+  ptr = lp_netbios_aliases();
+  namecount = 0;
+  if (ptr)
+    for( ; *ptr; namecount++,ptr++ )
+      ;
+  if ( *global_myname )
+    namecount++;
+
+  /* Allocate space for the netbios aliases */
+  my_netbios_names = (char **)malloc( sizeof(char *) * (namecount+1) );
+  if( NULL == my_netbios_names )
+  {
+     DEBUG( 0, ( "init_structs: malloc fail.\n" ) );
+     return( False );
+  }
+ 
+  /* Use the global_myname string first */
+  namecount=0;
+  if ( *global_myname )
+    my_netbios_names[namecount++] = global_myname;
+  
+  ptr = lp_netbios_aliases();
+  if (ptr)
+  {
+    while ( *ptr )
+    {
+      nbname = strdup(*ptr);
+      if (nbname == NULL)
+      {
+        DEBUG(0,("init_structs: malloc fail when allocating names.\n"));
+        return False;
+      }
+      strupper( nbname );
+      /* Look for duplicates */
+      nodup=1;
+      for( n=0; n<namecount; n++ )
+      {
+        if( 0 == strcmp( nbname, my_netbios_names[n] ) )
+          nodup=0;
+      }
+      if (nodup)
+        my_netbios_names[namecount++] = nbname;
+      else
+        SAFE_FREE(nbname);
+
+      ptr++;
+    }
+  }
+  
+  /* Terminate name list */
+  my_netbios_names[namecount++] = NULL;
+  
+  fstrcpy( local_machine, global_myname );
+  trim_string( local_machine, " ", " " );
+  p = strchr_m( local_machine, ' ' );
+  if (p)
+    *p = 0;
+  strlower( local_machine );
+
+  DEBUG( 5, ("Netbios name list:-\n") );
+  for( n=0; my_netbios_names[n]; n++ )
+    DEBUGADD( 5, ( "my_netbios_names[%d]=\"%s\"\n", n, my_netbios_names[n] ) );
+
+  return( True );
+}
+
+/**************************************************************************** **
+ Usage on the program.
+ **************************************************************************** */
+
+static void usage(char *pname)
+{
+
+  printf( "Usage: %s [-DaiohV] [-H lmhosts file] [-d debuglevel] [-l log basename]\n", pname );
+  printf( "       [-n name] [-p port] [-s configuration file]\n" );
+  printf( "\t-D                    Become a daemon (default)\n" );
+  printf( "\t-a                    Append to log file (default)\n" );
+  printf( "\t-i                    Run interactive (not a daemon)\n" );
+  printf( "\t-o                    Overwrite log file, don't append\n" );
+  printf( "\t-h                    Print usage\n" );
+  printf( "\t-V                    Print version\n" );
+  printf( "\t-H hosts file         Load a netbios hosts file\n" );
+  printf( "\t-d debuglevel         Set the debuglevel\n" );
+  printf( "\t-l log basename.      Basename for log/debug files\n" );
+  printf( "\t-n netbiosname.       Primary netbios name\n" );
+  printf( "\t-p port               Listen on the specified port\n" );
+  printf( "\t-s configuration file Configuration file name\n" );
+  printf( "\n");
+}
+
+
+/**************************************************************************** **
+ main program
+ **************************************************************************** */
+ int main(int argc,char *argv[])
+{
+  int opt;
+  extern char *optarg;
+  extern BOOL  append_log;
+  BOOL opt_interactive = False;
+  pstring logfile;
+
+  append_log = True;  /* Default, override with '-o' option. */
+
+  global_nmb_port = NMB_PORT;
+  global_in_nmbd = True;
+
+  StartupTime = time(NULL);
+
+  sys_srandom(time(NULL) ^ sys_getpid());
+
+  slprintf(logfile, sizeof(logfile)-1, "%s/log.nmbd", dyn_LOGFILEBASE);
+  lp_set_logfile(logfile);
+
+  /* this is for people who can't start the program correctly */
+  while (argc > 1 && (*argv[1] != '-'))
+  {
+    argv++;
+    argc--;
+  }
+
+  fault_setup((void (*)(void *))fault_continue );
+
+  /* POSIX demands that signals are inherited. If the invoking process has
+   * these signals masked, we will have problems, as we won't recieve them. */
+  BlockSignals(False, SIGHUP);
+  BlockSignals(False, SIGUSR1);
+  BlockSignals(False, SIGTERM);
+
+  CatchSignal( SIGHUP,  SIGNAL_CAST sig_hup );
+  CatchSignal( SIGTERM, SIGNAL_CAST sig_term );
+
+#if defined(SIGFPE)
+  /* we are never interested in SIGFPE */
+  BlockSignals(True,SIGFPE);
+#endif
+
+  /* We no longer use USR2... */
+#if defined(SIGUSR2)
+  BlockSignals(True, SIGUSR2);
+#endif
+
+  while( EOF != 
+         (opt = getopt( argc, argv, "Vaos:T:I:C:bAB:N:Rn:l:d:Dp:hSH:G:f:i" )) )
+    {
+      switch (opt)
+        {
+        case 's':
+          pstrcpy(dyn_CONFIGFILE, optarg);
+          break;          
+        case 'N':
+        case 'B':
+        case 'I':
+        case 'C':
+        case 'G':
+          DEBUG(0,("Obsolete option '%c' used\n",opt));
+          break;
+        case 'i':
+          opt_interactive = True;
+          break;
+        case 'H':
+          pstrcpy(dyn_LMHOSTSFILE, optarg);
+          break;
+        case 'n':
+          pstrcpy(global_myname,optarg);
+          strupper(global_myname);
+          break;
+        case 'l':
+          slprintf(logfile, sizeof(logfile)-1, "%s/log.nmbd", optarg);
+          lp_set_logfile(logfile);
+          break;
+        case 'a':
+          append_log = True;
+          break;
+        case 'o':
+          append_log = False;
+          break;
+        case 'D':
+          is_daemon = True;
+          break;
+        case 'd':
+          DEBUGLEVEL = atoi(optarg);
+          break;
+        case 'p':
+          global_nmb_port = atoi(optarg);
+          break;
+        case 'h':
+          usage(argv[0]);
+          exit(0);
+          break;
+        case 'V':
+	  printf( "Version %s\n", VERSION );
+          exit(0);
+          break;
+        default:
+          if( !is_a_socket(0) )
+          {
+	    DEBUG(0,("Incorrect program usage - is the command line correct?\n"));
+            usage(argv[0]);
+            exit(0);
+          }
+          break;
+        }
+    }
+
+  setup_logging( argv[0], opt_interactive );
+
+  reopen_logs();
+
+  DEBUG( 0, ( "Netbios nameserver version %s started.\n", VERSION ) );
+  DEBUGADD( 0, ( "Copyright Andrew Tridgell and the Samba Team 1994-2002\n" ) );
+
+  if ( !reload_nmbd_services(False) )
+    return(-1);
+
+  if(!init_structs())
+    return -1;
+
+  reload_nmbd_services( True );
+
+  fstrcpy( global_myworkgroup, lp_workgroup() );
+
+  if (strequal(global_myworkgroup,"*"))
+  {
+    DEBUG(0,("ERROR: a workgroup name of * is no longer supported\n"));
+    exit(1);
+  }
+
+  set_samba_nb_type();
+
+  if (!is_daemon && !is_a_socket(0))
+  {
+    DEBUG(0,("standard input is not a socket, assuming -D option\n"));
+    is_daemon = True;
+  }
+  
+  if (is_daemon && !opt_interactive)
+  {
+    DEBUG( 2, ( "Becoming a daemon.\n" ) );
+    become_daemon();
+  }
+
+#if HAVE_SETPGID
+  /*
+   * If we're interactive we want to set our own process group for 
+   * signal management.
+   */
+  if (opt_interactive)
+    setpgid( (pid_t)0, (pid_t)0 );
+#endif
+
+#ifndef SYNC_DNS
+  /* Setup the async dns. We do it here so it doesn't have all the other
+     stuff initialised and thus chewing memory and sockets */
+  if(lp_we_are_a_wins_server()) {
+	  start_async_dns();
+  }
+#endif
+
+  if (!directory_exist(lp_lockdir(), NULL)) {
+	  mkdir(lp_lockdir(), 0755);
+  }
+
+  pidfile_create("nmbd");
+  message_init();
+  message_register(MSG_FORCE_ELECTION, nmbd_message_election);
+  message_register(MSG_WINS_NEW_ENTRY, nmbd_wins_new_entry);
+  message_register(MSG_SHUTDOWN, nmbd_terminate);
+
+  DEBUG( 3, ( "Opening sockets %d\n", global_nmb_port ) );
+
+  if ( !open_sockets( is_daemon, global_nmb_port ) )
+    return 1;
+
+  /* Determine all the IP addresses we have. */
+  load_interfaces();
+
+  /* Create an nmbd subnet record for each of the above. */
+  if( False == create_subnets() )
+  {
+    DEBUG(0,("ERROR: Failed when creating subnet lists. Exiting.\n"));
+    exit(1);
+  }
+
+  /* Load in any static local names. */ 
+  load_lmhosts_file(dyn_LMHOSTSFILE);
+  DEBUG(3,("Loaded hosts file %s\n", dyn_LMHOSTSFILE));
+
+  /* If we are acting as a WINS server, initialise data structures. */
+  if( !initialise_wins() )
+  {
+    DEBUG( 0, ( "nmbd: Failed when initialising WINS server.\n" ) );
+    exit(1);
+  }
+
+  /* 
+   * Register nmbd primary workgroup and nmbd names on all
+   * the broadcast subnets, and on the WINS server (if specified).
+   * Also initiate the startup of our primary workgroup (start
+   * elections if we are setup as being able to be a local
+   * master browser.
+   */
+
+  if( False == register_my_workgroup_and_names() )
+  {
+    DEBUG(0,("ERROR: Failed when creating my my workgroup. Exiting.\n"));
+    exit(1);
+  }
+
+  /* We can only take signals in the select. */
+  BlockSignals( True, SIGTERM );
+
+  process();
+
+  if (dbf)
+    x_fclose(dbf);
+  return(0);
+}
diff --git a/source3/nmbd/nmbd_become_dmb.c b/source3/nmbd/nmbd_become_dmb.c
new file mode 100644
index 0000000000..7f4a7a2144
--- /dev/null
+++ b/source3/nmbd/nmbd_become_dmb.c
@@ -0,0 +1,399 @@
+/* 
+   Unix SMB/CIFS implementation.
+   NBT netbios routines and daemon - version 2
+   Copyright (C) Andrew Tridgell 1994-1998
+   Copyright (C) Luke Kenneth Casson Leighton 1994-1998
+   Copyright (C) Jeremy Allison 1994-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   
+*/
+
+#include "includes.h"
+
+extern pstring global_myname;
+extern fstring global_myworkgroup;
+extern char **my_netbios_names;
+extern struct in_addr allones_ip;
+
+extern uint16 samba_nb_type; /* Samba's NetBIOS type. */
+
+static void become_domain_master_browser_bcast(char *);
+
+/****************************************************************************
+  Fail to become a Domain Master Browser on a subnet.
+  ****************************************************************************/
+
+static void become_domain_master_fail(struct subnet_record *subrec,
+                                      struct response_record *rrec,
+                                      struct nmb_name *fail_name)
+{
+  struct work_record *work = find_workgroup_on_subnet(subrec, fail_name->name);
+  struct server_record *servrec;
+
+  if(!work)
+  {
+    DEBUG(0,("become_domain_master_fail: Error - cannot find \
+workgroup %s on subnet %s\n", fail_name->name, subrec->subnet_name));
+    return;
+  }
+
+  /* Set the state back to DOMAIN_NONE. */
+  work->dom_state = DOMAIN_NONE;
+
+  if((servrec = find_server_in_workgroup( work, global_myname)) == NULL)
+  {
+    DEBUG(0,("become_domain_master_fail: Error - cannot find server %s \
+in workgroup %s on subnet %s\n",
+       global_myname, work->work_group, subrec->subnet_name));
+    return;
+  }
+
+  /* Update our server status. */
+  servrec->serv.type &= ~SV_TYPE_DOMAIN_MASTER;
+
+  /* Tell the namelist writer to write out a change. */
+  subrec->work_changed = True;
+
+  DEBUG(0,("become_domain_master_fail: Failed to become a domain master browser for \
+workgroup %s on subnet %s. Couldn't register name %s.\n",
+       work->work_group, subrec->subnet_name, nmb_namestr(fail_name)));
+}
+
+/****************************************************************************
+  Become a Domain Master Browser on a subnet.
+  ****************************************************************************/
+
+static void become_domain_master_stage2(struct subnet_record *subrec, 
+                                        struct userdata_struct *userdata,
+                                        struct nmb_name *registered_name,
+                                        uint16 nb_flags,
+                                        int ttl, struct in_addr registered_ip)
+{
+  struct work_record *work = find_workgroup_on_subnet( subrec, registered_name->name);
+  struct server_record *servrec;
+
+  if(!work)
+  {
+    DEBUG(0,("become_domain_master_stage2: Error - cannot find \
+workgroup %s on subnet %s\n", registered_name->name, subrec->subnet_name));
+    return;
+  }
+
+  if((servrec = find_server_in_workgroup( work, global_myname)) == NULL)
+  {
+    DEBUG(0,("become_domain_master_stage2: Error - cannot find server %s \
+in workgroup %s on subnet %s\n", 
+       global_myname, registered_name->name, subrec->subnet_name));
+    work->dom_state = DOMAIN_NONE;
+    return;
+  }
+
+  /* Set the state in the workgroup structure. */
+  work->dom_state = DOMAIN_MST; /* Become domain master. */
+
+  /* Update our server status. */
+  servrec->serv.type |= (SV_TYPE_NT|SV_TYPE_DOMAIN_MASTER);
+
+  /* Tell the namelist writer to write out a change. */
+  subrec->work_changed = True;
+
+  if( DEBUGLVL( 0 ) )
+    {
+    dbgtext( "*****\n\nSamba server %s ", global_myname );
+    dbgtext( "is now a domain master browser for " );
+    dbgtext( "workgroup %s ", work->work_group );
+    dbgtext( "on subnet %s\n\n*****\n", subrec->subnet_name );
+    }
+
+  if( subrec == unicast_subnet )
+  {
+    struct nmb_name nmbname;
+    struct in_addr my_first_ip;
+
+    /* Put our name and first IP address into the 
+       workgroup struct as domain master browser. This
+       will stop us syncing with ourself if we are also
+       a local master browser. */
+
+    make_nmb_name(&nmbname, global_myname, 0x20);
+
+    work->dmb_name = nmbname;
+    /* Pick the first interface ip address as the domain master browser ip. */
+    my_first_ip = *iface_n_ip(0);
+
+    putip((char *)&work->dmb_addr, &my_first_ip);
+
+    /* We successfully registered by unicast with the
+       WINS server.  We now expect to become the domain
+       master on the local subnets. If this fails, it's
+       probably a 1.9.16p2 to 1.9.16p11 server's fault.
+
+       This is a configuration issue that should be addressed
+       by the network administrator - you shouldn't have
+       several machines configured as a domain master browser
+       for the same WINS scope (except if they are 1.9.17 or
+       greater, and you know what you're doing.
+
+       see docs/DOMAIN.txt.
+
+     */
+    become_domain_master_browser_bcast(work->work_group);
+  }
+  else
+  {
+    /*
+     * Now we are a domain master on a broadcast subnet, we need to add
+     * the WORKGROUP<1b> name to the unicast subnet so that we can answer
+     * unicast requests sent to this name. This bug wasn't found for a while
+     * as it is strange to have a DMB without using WINS. JRA.
+     */
+    insert_permanent_name_into_unicast(subrec, registered_name, nb_flags);
+  }
+}
+
+/****************************************************************************
+  Start the name registration process when becoming a Domain Master Browser
+  on a subnet.
+  ****************************************************************************/
+
+static void become_domain_master_stage1(struct subnet_record *subrec, char *wg_name)
+{ 
+  struct work_record *work;
+
+  DEBUG(2,("become_domain_master_stage1: Becoming domain master browser for \
+workgroup %s on subnet %s\n", wg_name, subrec->subnet_name));
+
+  /* First, find the workgroup on the subnet. */
+  if((work = find_workgroup_on_subnet( subrec, wg_name )) == NULL)
+  {
+    DEBUG(0,("become_domain_master_stage1: Error - unable to find workgroup %s on subnet %s.\n",
+          wg_name, subrec->subnet_name));
+    return;
+  }
+
+  DEBUG(3,("become_domain_master_stage1: go to first stage: register <1b> name\n"));
+  work->dom_state = DOMAIN_WAIT;
+
+  /* WORKGROUP<1b> is the domain master browser name. */
+  register_name(subrec, work->work_group,0x1b,samba_nb_type,
+                become_domain_master_stage2,
+                become_domain_master_fail, NULL);
+}
+
+/****************************************************************************
+  Function called when a query for a WORKGROUP<1b> name succeeds.
+  This is normally a fail condition as it means there is already
+  a domain master browser for a workgroup and we were trying to
+  become one.
+****************************************************************************/
+
+static void become_domain_master_query_success(struct subnet_record *subrec,
+                        struct userdata_struct *userdata,
+                        struct nmb_name *nmbname, struct in_addr ip, 
+                        struct res_rec *rrec)
+{
+  /* If the given ip is not ours, then we can't become a domain
+     controler as the name is already registered.
+   */
+
+ /* BUG note. Samba 1.9.16p11 servers seem to return the broadcast
+    address or zero ip for this query. Pretend this is ok. */
+
+  if(ismyip(ip) || ip_equal(allones_ip, ip) || is_zero_ip(ip))
+  {
+    if( DEBUGLVL( 3 ) )
+    {
+      dbgtext( "become_domain_master_query_success():\n" );
+      dbgtext( "Our address (%s) ", inet_ntoa(ip) );
+      dbgtext( "returned in query for name %s ", nmb_namestr(nmbname) );
+      dbgtext( "(domain master browser name) " );
+      dbgtext( "on subnet %s.\n", subrec->subnet_name );
+      dbgtext( "Continuing with domain master code.\n" );
+    }
+
+    become_domain_master_stage1(subrec, nmbname->name);
+  }
+  else
+  {
+    if( DEBUGLVL( 0 ) )
+      {
+      dbgtext( "become_domain_master_query_success:\n" );
+      dbgtext( "There is already a domain master browser at " );
+      dbgtext( "IP %s for workgroup %s ", inet_ntoa(ip), nmbname->name );
+      dbgtext( "registered on subnet %s.\n", subrec->subnet_name );
+      }
+  }
+}
+
+/****************************************************************************
+  Function called when a query for a WORKGROUP<1b> name fails.
+  This is normally a success condition as it then allows us to register
+  our own Domain Master Browser name.
+  ****************************************************************************/
+
+static void become_domain_master_query_fail(struct subnet_record *subrec,
+                                    struct response_record *rrec,
+                                    struct nmb_name *question_name, int fail_code)
+{
+  /* If the query was unicast, and the error is not NAM_ERR (name didn't exist),
+     then this is a failure. Otherwise, not finding the name is what we want. */
+  if((subrec == unicast_subnet) && (fail_code != NAM_ERR))
+  {
+    DEBUG(0,("become_domain_master_query_fail: Error %d returned when \
+querying WINS server for name %s.\n", 
+                  fail_code, nmb_namestr(question_name)));
+    return;
+  }
+
+  /* Otherwise - not having the name allows us to register it. */
+  become_domain_master_stage1(subrec, question_name->name);
+}
+
+/****************************************************************************
+  Attempt to become a domain master browser on all broadcast subnets.
+  ****************************************************************************/
+
+static void become_domain_master_browser_bcast(char *workgroup_name)
+{
+  struct subnet_record *subrec;
+
+  for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec))
+  { 
+    struct work_record *work = find_workgroup_on_subnet(subrec, workgroup_name);
+
+    if (work && (work->dom_state == DOMAIN_NONE))
+    {
+      struct nmb_name nmbname;
+      make_nmb_name(&nmbname,workgroup_name,0x1b);
+
+      /*
+       * Check for our name on the given broadcast subnet first, only initiate
+       * further processing if we cannot find it.
+       */
+
+      if (find_name_on_subnet(subrec, &nmbname, FIND_SELF_NAME) == NULL)
+      {
+        if( DEBUGLVL( 0 ) )
+          {
+          dbgtext( "become_domain_master_browser_bcast:\n" );
+          dbgtext( "Attempting to become domain master browser on " );
+          dbgtext( "workgroup %s on subnet %s\n",
+                    workgroup_name, subrec->subnet_name );
+          }
+
+        /* Send out a query to establish whether there's a 
+           domain controller on the local subnet. If not,
+           we can become a domain controller. 
+         */
+
+        DEBUG(0,("become_domain_master_browser_bcast: querying subnet %s \
+for domain master browser on workgroup %s\n", subrec->subnet_name, workgroup_name));
+
+        query_name(subrec, nmbname.name, nmbname.name_type,
+                   become_domain_master_query_success, 
+                   become_domain_master_query_fail,
+                   NULL);
+      }
+    }
+  }
+}
+
+/****************************************************************************
+  Attempt to become a domain master browser by registering with WINS.
+  ****************************************************************************/
+
+static void become_domain_master_browser_wins(char *workgroup_name)
+{
+  struct work_record *work;
+
+  work = find_workgroup_on_subnet(unicast_subnet, workgroup_name);
+
+  if (work && (work->dom_state == DOMAIN_NONE))
+  {
+    struct nmb_name nmbname;
+
+    make_nmb_name(&nmbname,workgroup_name,0x1b);
+
+    /*
+     * Check for our name on the unicast subnet first, only initiate
+     * further processing if we cannot find it.
+     */
+
+    if (find_name_on_subnet(unicast_subnet, &nmbname, FIND_SELF_NAME) == NULL)
+    {
+      if( DEBUGLVL( 0 ) )
+        {
+        dbgtext( "become_domain_master_browser_wins:\n" );
+        dbgtext( "Attempting to become domain master browser " );
+        dbgtext( "on workgroup %s, subnet %s.\n",
+                  workgroup_name, unicast_subnet->subnet_name );
+        }
+
+      /* Send out a query to establish whether there's a 
+         domain master broswer registered with WINS. If not,
+         we can become a domain master browser. 
+       */
+
+      DEBUG(0,("become_domain_master_browser_wins: querying WINS server at IP %s \
+for domain master browser name %s on workgroup %s\n",
+         inet_ntoa(unicast_subnet->myip), nmb_namestr(&nmbname), workgroup_name));
+
+      query_name(unicast_subnet, nmbname.name, nmbname.name_type,
+                   become_domain_master_query_success,
+                   become_domain_master_query_fail,
+                   NULL);
+    }
+  }
+}
+
+/****************************************************************************
+  Add the domain logon server and domain master browser names
+  if we are set up to do so.
+  **************************************************************************/
+
+void add_domain_names(time_t t)
+{
+  static time_t lastrun = 0;
+
+  if ((lastrun != 0) && (t < lastrun + (CHECK_TIME_ADD_DOM_NAMES * 60)))
+    return;
+
+  lastrun = t;
+
+  /* Do the "internet group" - <1c> names. */
+  if (lp_domain_logons())
+    add_logon_names();
+
+  /* Do the domain master names. */
+  if(lp_server_role() == ROLE_DOMAIN_PDC)
+  {
+    if(we_are_a_wins_client())
+    {
+      /* We register the WORKGROUP<1b> name with the WINS
+         server first, and call add_domain_master_bcast()
+         only if this is successful.
+
+         This results in domain logon services being gracefully provided,
+         as opposed to the aggressive nature of 1.9.16p2 to 1.9.16p11.
+         1.9.16p2 to 1.9.16p11 - due to a bug in namelogon.c,
+         cannot provide domain master / domain logon services.
+       */
+      become_domain_master_browser_wins(global_myworkgroup);
+    }
+    else
+      become_domain_master_browser_bcast(global_myworkgroup);
+  }
+}
diff --git a/source3/nmbd/nmbd_become_lmb.c b/source3/nmbd/nmbd_become_lmb.c
new file mode 100644
index 0000000000..3e0884567e
--- /dev/null
+++ b/source3/nmbd/nmbd_become_lmb.c
@@ -0,0 +1,607 @@
+/* 
+   Unix SMB/CIFS implementation.
+   NBT netbios routines and daemon - version 2
+   Copyright (C) Andrew Tridgell 1994-1998
+   Copyright (C) Luke Kenneth Casson Leighton 1994-1998
+   Copyright (C) Jeremy Allison 1994-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   
+*/
+
+#include "includes.h"
+
+extern pstring global_myname;
+
+extern uint16 samba_nb_type; /* Samba's NetBIOS name type. */
+
+/*******************************************************************
+ Utility function to add a name to the unicast subnet, or add in
+ our IP address if it already exists.
+******************************************************************/
+
+void insert_permanent_name_into_unicast( struct subnet_record *subrec, 
+                                                struct nmb_name *nmbname, uint16 nb_type )
+{
+  struct name_record *namerec;
+
+  if((namerec = find_name_on_subnet(unicast_subnet, nmbname, FIND_SELF_NAME)) == NULL)
+  {
+    /* The name needs to be created on the unicast subnet. */
+    (void)add_name_to_subnet( unicast_subnet, nmbname->name,
+                              nmbname->name_type, nb_type,
+                              PERMANENT_TTL, PERMANENT_NAME, 1, &subrec->myip);
+  }
+  else
+  {
+    /* The name already exists on the unicast subnet. Add our local
+       IP for the given broadcast subnet to the name. */
+    add_ip_to_name_record( namerec, subrec->myip);
+  }
+}
+
+/*******************************************************************
+ Utility function to remove a name from the unicast subnet.
+******************************************************************/
+
+static void remove_permanent_name_from_unicast( struct subnet_record *subrec,
+                                                struct nmb_name *nmbname )
+{
+  struct name_record *namerec;
+
+  if((namerec = find_name_on_subnet(unicast_subnet, nmbname, FIND_SELF_NAME)) != NULL)
+  {
+    /* Remove this broadcast subnet IP address from the name. */
+    remove_ip_from_name_record( namerec, subrec->myip);
+    if(namerec->data.num_ips == 0)
+      remove_name_from_namelist( unicast_subnet, namerec);
+  }
+}
+
+/*******************************************************************
+ Utility function always called to set our workgroup and server
+ state back to potential browser, or none.
+******************************************************************/
+
+static void reset_workgroup_state( struct subnet_record *subrec, char *workgroup_name,
+                                   BOOL force_new_election )
+{
+  struct work_record *work;
+  struct server_record *servrec;
+  struct nmb_name nmbname;
+
+  if((work = find_workgroup_on_subnet( subrec, workgroup_name)) == NULL)
+  {
+    DEBUG(0,("reset_workgroup_state: Error - cannot find workgroup %s on \
+subnet %s.\n", workgroup_name, subrec->subnet_name ));
+    return;
+  }
+
+  if((servrec = find_server_in_workgroup( work, global_myname)) == NULL)
+  {
+    DEBUG(0,("reset_workgroup_state: Error - cannot find server %s \
+in workgroup %s on subnet %s\n",
+       global_myname, work->work_group, subrec->subnet_name));
+    work->mst_state = lp_local_master() ? MST_POTENTIAL : MST_NONE;
+    return;
+  }
+
+  /* Update our server status - remove any master flag and replace
+   it with the potential browser flag. */
+  servrec->serv.type &= ~SV_TYPE_MASTER_BROWSER;
+  servrec->serv.type |= (lp_local_master() ? SV_TYPE_POTENTIAL_BROWSER : 0);
+
+  /* Tell the namelist writer to write out a change. */
+  subrec->work_changed = True;
+
+  /* Reset our election flags. */
+  work->ElectionCriterion &= ~0x4;
+
+  work->mst_state = lp_local_master() ? MST_POTENTIAL : MST_NONE;
+
+  /* Forget who the local master browser was for
+     this workgroup. */
+
+  set_workgroup_local_master_browser_name( work, "");
+
+  /*
+   * Ensure the IP address of this subnet is not registered as one
+   * of the IP addresses of the WORKGROUP<1d> name on the unicast
+   * subnet. This undoes what we did below when we became a local
+   * master browser.
+   */
+
+  make_nmb_name(&nmbname, work->work_group, 0x1d);
+
+  remove_permanent_name_from_unicast( subrec, &nmbname);
+
+  if(force_new_election)
+    work->needelection = True;
+}
+
+/*******************************************************************
+  Unbecome the local master browser name release success function.
+******************************************************************/
+
+static void unbecome_local_master_success(struct subnet_record *subrec,
+                             struct userdata_struct *userdata,
+                             struct nmb_name *released_name,
+                             struct in_addr released_ip)
+{ 
+  BOOL force_new_election = False;
+
+  memcpy((char *)&force_new_election, userdata->data, sizeof(BOOL));
+
+  DEBUG(3,("unbecome_local_master_success: released name %s.\n",
+             nmb_namestr(released_name)));
+
+  /* Now reset the workgroup and server state. */
+  reset_workgroup_state( subrec, released_name->name, force_new_election );
+
+  if( DEBUGLVL( 0 ) )
+  {
+    dbgtext( "*****\n\n" );
+    dbgtext( "Samba name server %s ", global_myname );
+    dbgtext( "has stopped being a local master browser " );
+    dbgtext( "for workgroup %s ", released_name->name );
+    dbgtext( "on subnet %s\n\n*****\n", subrec->subnet_name );
+  }
+
+}
+
+/*******************************************************************
+  Unbecome the local master browser name release fail function.
+******************************************************************/
+
+static void unbecome_local_master_fail(struct subnet_record *subrec, struct response_record *rrec,
+                       struct nmb_name *fail_name)
+{
+  struct name_record *namerec;
+  struct userdata_struct *userdata = rrec->userdata;
+  BOOL force_new_election = False;
+
+  memcpy((char *)&force_new_election, userdata->data, sizeof(BOOL));
+
+  DEBUG(0,("unbecome_local_master_fail: failed to release name %s. \
+Removing from namelist anyway.\n", nmb_namestr(fail_name)));
+
+  /* Do it anyway. */
+  namerec = find_name_on_subnet(subrec, fail_name, FIND_SELF_NAME);
+  if(namerec)
+    remove_name_from_namelist(subrec, namerec);
+
+  /* Now reset the workgroup and server state. */
+  reset_workgroup_state( subrec, fail_name->name, force_new_election );
+
+  if( DEBUGLVL( 0 ) )
+  {
+    dbgtext( "*****\n\n" );
+    dbgtext( "Samba name server %s ", global_myname );
+    dbgtext( "has stopped being a local master browser " );
+    dbgtext( "for workgroup %s ", fail_name->name );
+    dbgtext( "on subnet %s\n\n*****\n", subrec->subnet_name );
+  }
+}
+
+/*******************************************************************
+ Utility function to remove the WORKGROUP<1d> name.
+******************************************************************/
+
+static void release_1d_name( struct subnet_record *subrec, char *workgroup_name,
+                             BOOL force_new_election)
+{
+  struct nmb_name nmbname;
+  struct name_record *namerec;
+
+  make_nmb_name(&nmbname, workgroup_name, 0x1d);
+  if((namerec = find_name_on_subnet( subrec, &nmbname, FIND_SELF_NAME))!=NULL)
+  {
+    struct userdata_struct *userdata;
+    int size = sizeof(struct userdata_struct) + sizeof(BOOL);
+
+    if((userdata = (struct userdata_struct *)malloc(size)) == NULL)
+    {
+      DEBUG(0,("release_1d_name: malloc fail.\n"));
+      return;
+    }
+
+    userdata->copy_fn = NULL;
+    userdata->free_fn = NULL;
+    userdata->userdata_len = sizeof(BOOL);
+    memcpy((char *)userdata->data, &force_new_election, sizeof(BOOL));
+
+    release_name(subrec, namerec,
+                 unbecome_local_master_success,
+                 unbecome_local_master_fail,
+                 userdata);
+
+    zero_free(userdata, size);
+  }
+}
+
+/*******************************************************************
+ Unbecome the local master browser MSBROWSE name release success function.
+******************************************************************/
+
+static void release_msbrowse_name_success(struct subnet_record *subrec,
+                      struct userdata_struct *userdata,
+                      struct nmb_name *released_name,
+                      struct in_addr released_ip)
+{
+  DEBUG(4,("release_msbrowse_name_success: Released name %s on subnet %s\n.",
+           nmb_namestr(released_name), subrec->subnet_name ));
+
+  /* Remove the permanent MSBROWSE name added into the unicast subnet. */
+  remove_permanent_name_from_unicast( subrec, released_name);
+}
+
+/*******************************************************************
+ Unbecome the local master browser MSBROWSE name release fail function.
+******************************************************************/
+
+static void release_msbrowse_name_fail( struct subnet_record *subrec, 
+                       struct response_record *rrec,
+                       struct nmb_name *fail_name)
+{
+  struct name_record *namerec;
+
+  DEBUG(4,("release_msbrowse_name_fail: Failed to release name %s on subnet %s\n.",
+           nmb_namestr(fail_name), subrec->subnet_name ));
+
+  /* Release the name anyway. */
+  namerec = find_name_on_subnet(subrec, fail_name, FIND_SELF_NAME);
+  if(namerec)
+    remove_name_from_namelist(subrec, namerec);
+
+  /* Remove the permanent MSBROWSE name added into the unicast subnet. */
+  remove_permanent_name_from_unicast( subrec, fail_name);
+}
+
+/*******************************************************************
+  Unbecome the local master browser. If force_new_election is true, restart
+  the election process after we've unbecome the local master.
+******************************************************************/
+
+void unbecome_local_master_browser(struct subnet_record *subrec, struct work_record *work,
+                                   BOOL force_new_election)
+{
+  struct name_record *namerec;
+  struct nmb_name nmbname;
+
+  /* Sanity check. */
+
+  DEBUG(2,("unbecome_local_master_browser: unbecoming local master for workgroup %s \
+on subnet %s\n",work->work_group, subrec->subnet_name));
+  
+  if(find_server_in_workgroup( work, global_myname) == NULL)
+  {
+    DEBUG(0,("unbecome_local_master_browser: Error - cannot find server %s \
+in workgroup %s on subnet %s\n",
+       global_myname, work->work_group, subrec->subnet_name));
+    work->mst_state = lp_local_master() ? MST_POTENTIAL : MST_NONE;
+    return;
+  }
+  
+  /* Set the state to unbecoming. */
+  work->mst_state = MST_UNBECOMING_MASTER;
+
+  /*
+   * Release the WORKGROUP<1d> name asap to allow another machine to
+   * claim it.
+   */
+
+  release_1d_name( subrec, work->work_group, force_new_election);
+
+  /* Deregister any browser names we may have. */
+  make_nmb_name(&nmbname, MSBROWSE, 0x1);
+  if((namerec = find_name_on_subnet( subrec, &nmbname, FIND_SELF_NAME))!=NULL)
+  {
+    release_name(subrec, namerec,
+                 release_msbrowse_name_success,
+                 release_msbrowse_name_fail,
+                 NULL);
+  }
+
+  /*
+   * Ensure we have sent and processed these release packets
+   * before returning - we don't want to process any election
+   * packets before dealing with the 1d release.
+   */
+
+  retransmit_or_expire_response_records(time(NULL));
+}
+
+/****************************************************************************
+  Success in registering the WORKGROUP<1d> name.
+  We are now *really* a local master browser.
+  ****************************************************************************/
+
+static void become_local_master_stage2(struct subnet_record *subrec,
+                                        struct userdata_struct *userdata,
+                                        struct nmb_name *registered_name,
+                                        uint16 nb_flags,
+                                        int ttl, struct in_addr registered_ip)
+{
+  int i = 0;
+  struct server_record *sl;
+  struct work_record *work = find_workgroup_on_subnet( subrec, registered_name->name);
+  struct server_record *servrec;
+
+  if(!work)
+  {
+    DEBUG(0,("become_local_master_stage2: Error - cannot find \
+workgroup %s on subnet %s\n", registered_name->name, subrec->subnet_name));
+    return;
+  }
+
+  if((servrec = find_server_in_workgroup( work, global_myname)) == NULL)
+  {
+    DEBUG(0,("become_local_master_stage2: Error - cannot find server %s \
+in workgroup %s on subnet %s\n",
+       global_myname, registered_name->name, subrec->subnet_name));
+    work->mst_state = lp_local_master() ? MST_POTENTIAL : MST_NONE;
+    return;
+  }
+  
+  DEBUG(3,("become_local_master_stage2: registered as master browser for workgroup %s \
+on subnet %s\n", work->work_group, subrec->subnet_name));
+
+  work->mst_state = MST_BROWSER; /* registering WORKGROUP(1d) succeeded */
+
+  /* update our server status */
+  servrec->serv.type |= SV_TYPE_MASTER_BROWSER;
+  servrec->serv.type &= ~SV_TYPE_POTENTIAL_BROWSER;
+
+  /* Tell the namelist writer to write out a change. */
+  subrec->work_changed = True;
+
+  /* Add this name to the workgroup as local master browser. */
+  set_workgroup_local_master_browser_name( work, global_myname);
+
+  /* Count the number of servers we have on our list. If it's
+     less than 10 (just a heuristic) request the servers
+     to announce themselves.
+   */
+  for( sl = work->serverlist; sl != NULL; sl = sl->next)
+    i++;
+
+  if (i < 10)
+  {
+    /* Ask all servers on our local net to announce to us. */
+    broadcast_announce_request(subrec, work);
+  }
+
+  /*
+   * Now we are a local master on a broadcast subnet, we need to add
+   * the WORKGROUP<1d> name to the unicast subnet so that we can answer
+   * unicast requests sent to this name. We can create this name directly on
+   * the unicast subnet as a WINS server always returns true when registering
+   * this name, and discards the registration. We use the number of IP
+   * addresses registered to this name as a reference count, as we
+   * remove this broadcast subnet IP address from it when we stop becoming a local
+   * master browser for this broadcast subnet.
+   */
+
+  insert_permanent_name_into_unicast( subrec, registered_name, nb_flags);
+
+  /* Reset the announce master browser timer so that we try and tell a domain
+     master browser as soon as possible that we are a local master browser. */
+  reset_announce_timer();
+
+  if( DEBUGLVL( 0 ) )
+  {
+    dbgtext( "*****\n\n" );
+    dbgtext( "Samba name server %s ", global_myname );
+    dbgtext( "is now a local master browser " );
+    dbgtext( "for workgroup %s ", work->work_group );
+    dbgtext( "on subnet %s\n\n*****\n", subrec->subnet_name );
+  }
+
+}
+
+/****************************************************************************
+  Failed to register the WORKGROUP<1d> name.
+  ****************************************************************************/
+static void become_local_master_fail2(struct subnet_record *subrec,
+                                      struct response_record *rrec,
+                                      struct nmb_name *fail_name)
+{
+  struct work_record *work = find_workgroup_on_subnet( subrec, fail_name->name);
+
+  DEBUG(0,("become_local_master_fail2: failed to register name %s on subnet %s. \
+Failed to become a local master browser.\n", nmb_namestr(fail_name), subrec->subnet_name));
+
+  if(!work)
+  {
+    DEBUG(0,("become_local_master_fail2: Error - cannot find \
+workgroup %s on subnet %s\n", fail_name->name, subrec->subnet_name));
+    return;
+  }
+
+  /* Roll back all the way by calling unbecome_local_master_browser(). */
+  unbecome_local_master_browser(subrec, work, False);
+}
+
+/****************************************************************************
+  Success in registering the MSBROWSE name.
+  ****************************************************************************/
+
+static void become_local_master_stage1(struct subnet_record *subrec,
+                                        struct userdata_struct *userdata,
+                                        struct nmb_name *registered_name,
+                                        uint16 nb_flags,
+                                        int ttl, struct in_addr registered_ip)
+{
+  char *work_name = userdata->data;
+  struct work_record *work = find_workgroup_on_subnet( subrec, work_name);
+
+  if(!work)
+  {
+    DEBUG(0,("become_local_master_stage1: Error - cannot find \
+workgroup %s on subnet %s\n", work_name, subrec->subnet_name));
+    return;
+  }
+
+  DEBUG(3,("become_local_master_stage1: go to stage 2: register the %s<1d> name.\n",
+            work->work_group));
+
+  work->mst_state = MST_MSB; /* Registering MSBROWSE was successful. */
+
+  /*
+   * We registered the MSBROWSE name on a broadcast subnet, now need to add
+   * the MSBROWSE name to the unicast subnet so that we can answer
+   * unicast requests sent to this name. We create this name directly on
+   * the unicast subnet.
+   */
+
+  insert_permanent_name_into_unicast( subrec, registered_name, nb_flags);
+
+  /* Attempt to register the WORKGROUP<1d> name. */
+  register_name(subrec, work->work_group,0x1d,samba_nb_type,
+                become_local_master_stage2,
+                become_local_master_fail2,
+                NULL);
+}
+
+/****************************************************************************
+  Failed to register the MSBROWSE name.
+  ****************************************************************************/
+
+static void become_local_master_fail1(struct subnet_record *subrec,
+                                      struct response_record *rrec,
+                                      struct nmb_name *fail_name)
+{
+  char *work_name = rrec->userdata->data;
+  struct work_record *work = find_workgroup_on_subnet(subrec, work_name);
+
+  if(!work)
+  {
+    DEBUG(0,("become_local_master_fail1: Error - cannot find \
+workgroup %s on subnet %s\n", work_name, subrec->subnet_name));
+    return;
+  }
+
+  if(find_server_in_workgroup(work, global_myname) == NULL)
+  {
+    DEBUG(0,("become_local_master_fail1: Error - cannot find server %s \
+in workgroup %s on subnet %s\n",
+       global_myname, work->work_group, subrec->subnet_name));
+    return;
+  }
+
+  reset_workgroup_state( subrec, work->work_group, False );
+
+  DEBUG(0,("become_local_master_fail1: Failed to become a local master browser for \
+workgroup %s on subnet %s. Couldn't register name %s.\n",
+       work->work_group, subrec->subnet_name, nmb_namestr(fail_name)));
+}
+
+/******************************************************************
+  Become the local master browser on a subnet.
+  This gets called if we win an election on this subnet.
+
+  Stage 1: mst_state was MST_POTENTIAL - go to MST_BACK register ^1^2__MSBROWSE__^2^1.
+  Stage 2: mst_state was MST_BACKUP  - go to MST_MSB  and register WORKGROUP<1d>.
+  Stage 3: mst_state was MST_MSB  - go to MST_BROWSER.
+******************************************************************/
+
+void become_local_master_browser(struct subnet_record *subrec, struct work_record *work)
+{
+  struct userdata_struct *userdata;
+  int size = sizeof(struct userdata_struct) + sizeof(fstring) + 1;
+
+  /* Sanity check. */
+  if (!lp_local_master())
+  { 
+    DEBUG(0,("become_local_master_browser: Samba not configured as a local master browser.\n"));
+    return;
+  }
+
+  if(!AM_POTENTIAL_MASTER_BROWSER(work))
+  {
+    DEBUG(2,("become_local_master_browser: Awaiting potential browser state. Current state is %d\n",
+              work->mst_state ));
+    return;
+  }
+
+  if(find_server_in_workgroup( work, global_myname) == NULL)
+  {
+    DEBUG(0,("become_local_master_browser: Error - cannot find server %s \
+in workgroup %s on subnet %s\n",
+       global_myname, work->work_group, subrec->subnet_name));
+    return;
+  }
+
+  DEBUG(2,("become_local_master_browser: Starting to become a master browser for workgroup \
+%s on subnet %s\n", work->work_group, subrec->subnet_name));
+  
+  DEBUG(3,("become_local_master_browser: first stage - attempt to register ^1^2__MSBROWSE__^2^1\n"));
+  work->mst_state = MST_BACKUP; /* an election win was successful */
+
+  work->ElectionCriterion |= 0x5;
+
+  /* Tell the namelist writer to write out a change. */
+  subrec->work_changed = True;
+
+  /* Setup the userdata_struct. */
+  if((userdata = (struct userdata_struct *)malloc(size)) == NULL)
+  {
+    DEBUG(0,("become_local_master_browser: malloc fail.\n"));
+    return;
+  }
+
+  userdata->copy_fn = NULL;
+  userdata->free_fn = NULL;
+  userdata->userdata_len = strlen(work->work_group)+1;
+  pstrcpy(userdata->data, work->work_group);
+
+  /* Register the special browser group name. */
+  register_name(subrec, MSBROWSE, 0x01, samba_nb_type|NB_GROUP,
+                become_local_master_stage1,
+                become_local_master_fail1,
+                userdata);
+
+  zero_free(userdata, size);
+}
+
+/***************************************************************
+ Utility function to set the local master browser name. Does
+ some sanity checking as old versions of Samba seem to sometimes
+ say that the master browser name for a workgroup is the same
+ as the workgroup name.
+****************************************************************/
+
+void set_workgroup_local_master_browser_name( struct work_record *work, char *newname)
+{
+  DEBUG(5,("set_workgroup_local_master_browser_name: setting local master name to '%s' \
+for workgroup %s.\n", newname, work->work_group ));
+
+#if 0
+  /*
+   * Apparently some sites use the workgroup name as the local
+   * master browser name. Arrrrggghhhhh ! (JRA).
+   */
+  if(strequal( work->work_group, newname))
+  {
+    DEBUG(5, ("set_workgroup_local_master_browser_name: Refusing to set \
+local_master_browser_name for workgroup %s to workgroup name.\n",
+         work->work_group ));
+    return;
+  }
+#endif
+
+  StrnCpy(work->local_master_browser_name, newname,
+            sizeof(work->local_master_browser_name)-1);
+}
diff --git a/source3/nmbd/nmbd_browserdb.c b/source3/nmbd/nmbd_browserdb.c
new file mode 100644
index 0000000000..a4ef98e265
--- /dev/null
+++ b/source3/nmbd/nmbd_browserdb.c
@@ -0,0 +1,182 @@
+/* 
+   Unix SMB/CIFS implementation.
+   NBT netbios routines and daemon - version 2
+   Copyright (C) Andrew Tridgell 1994-1998
+   Copyright (C) Luke Kenneth Casson Leighton 1994-1998
+   Copyright (C) Jeremy Allison 1994-1998
+   Copyright (C) Christopher R. Hertel 1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   
+*/
+/* -------------------------------------------------------------------------- **
+ * Modified July 1998 by CRH.
+ *  I converted this module to use the canned doubly-linked lists.  I also
+ *  added comments above the functions where possible.
+ */
+
+#include "includes.h"
+
+/* -------------------------------------------------------------------------- **
+ * Variables...
+ *
+ *  lmb_browserlist - This is our local master browser list. 
+ */
+
+ubi_dlNewList( lmb_browserlist );
+
+
+/* -------------------------------------------------------------------------- **
+ * Functions...
+ */
+
+/* ************************************************************************** **
+ * Remove and free a browser list entry.
+ *
+ *  Input:  browc - A pointer to the entry to be removed from the list and
+ *                  freed.
+ *  Output: none.
+ *
+ * ************************************************************************** **
+ */
+static void remove_lmb_browser_entry( struct browse_cache_record *browc )
+  {
+  safe_free( ubi_dlRemThis( lmb_browserlist, browc ) );
+  } /* remove_lmb_browser_entry */
+
+/* ************************************************************************** **
+ * Update a browser death time.
+ *
+ *  Input:  browc - Pointer to the entry to be updated.
+ *  Output: none.
+ *
+ * ************************************************************************** **
+ */
+void update_browser_death_time( struct browse_cache_record *browc )
+  {
+  /* Allow the new lmb to miss an announce period before we remove it. */
+  browc->death_time = time(NULL) + ( (CHECK_TIME_MST_ANNOUNCE + 2) * 60 );
+  } /* update_browser_death_time */
+
+/* ************************************************************************** **
+ * Create a browser entry and add it to the local master browser list.
+ *
+ *  Input:  work_name
+ *          browser_name
+ *          ip
+ *
+ *  Output: Pointer to the new entry, or NULL if malloc() failed.
+ *
+ * ************************************************************************** **
+ */
+struct browse_cache_record *create_browser_in_lmb_cache( char *work_name, 
+                                                         char *browser_name, 
+                                                         struct in_addr ip )
+  {
+  struct browse_cache_record *browc;
+  time_t now = time( NULL );
+
+  browc = (struct browse_cache_record *)malloc( sizeof( *browc ) );
+
+  if( NULL == browc )
+    {
+    DEBUG( 0, ("create_browser_in_lmb_cache: malloc fail !\n") );
+    return( NULL );
+    }
+
+  memset( (char *)browc, '\0', sizeof( *browc ) );
+  
+  /* For a new lmb entry we want to sync with it after one minute. This
+     will allow it time to send out a local announce and build its
+     browse list.
+   */
+  browc->sync_time = now + 60;
+
+  /* Allow the new lmb to miss an announce period before we remove it. */
+  browc->death_time = now + ( (CHECK_TIME_MST_ANNOUNCE + 2) * 60 );
+
+  StrnCpy(  browc->lmb_name, browser_name, sizeof(browc->lmb_name)-1 );
+  StrnCpy(  browc->work_group, work_name, sizeof(browc->work_group)-1 );
+  strupper( browc->lmb_name );
+  strupper( browc->work_group );
+  
+  browc->ip = ip;
+ 
+  (void)ubi_dlAddTail( lmb_browserlist, browc );
+
+  if( DEBUGLVL( 3 ) )
+    {
+    Debug1( "nmbd_browserdb:create_browser_in_lmb_cache()\n" );
+    Debug1( "  Added lmb cache entry for workgroup %s ", browc->work_group );
+    Debug1( "name %s IP %s ", browc->lmb_name, inet_ntoa(ip) );
+    Debug1( "ttl %d\n", (int)browc->death_time );
+    }
+  
+  return( browc );
+  } /* create_browser_in_lmb_cache */
+
+/* ************************************************************************** **
+ * Find a browser entry in the local master browser list.
+ *
+ *  Input:  browser_name  - The name for which to search.
+ *
+ *  Output: A pointer to the matching entry, or NULL if no match was found.
+ *
+ * ************************************************************************** **
+ */
+struct browse_cache_record *find_browser_in_lmb_cache( char *browser_name )
+  {
+  struct browse_cache_record *browc;
+
+  for( browc = (struct browse_cache_record *)ubi_dlFirst( lmb_browserlist );
+       browc;
+       browc = (struct browse_cache_record *)ubi_dlNext( browc ) )
+    if( strequal( browser_name, browc->lmb_name ) )
+      break;
+
+  return( browc );
+  } /* find_browser_in_lmb_cache */
+
+/* ************************************************************************** **
+ *  Expire timed out browsers in the browserlist.
+ *
+ *  Input:  t - Expiration time.  Entries with death times less than this
+ *              value will be removed from the list.
+ *  Output: none.
+ *
+ * ************************************************************************** **
+ */
+void expire_lmb_browsers( time_t t )
+  {
+  struct browse_cache_record *browc;
+  struct browse_cache_record *nextbrowc;
+
+  for( browc = (struct browse_cache_record *)ubi_dlFirst( lmb_browserlist );
+       browc;
+       browc = nextbrowc )
+    {
+    nextbrowc = (struct browse_cache_record *)ubi_dlNext( browc );
+
+    if( browc->death_time < t )
+      {
+      if( DEBUGLVL( 3 ) )
+        {
+        Debug1( "nmbd_browserdb:expire_lmb_browsers()\n" );
+        Debug1( "  Removing timed out lmb entry %s\n", browc->lmb_name );
+        }
+      remove_lmb_browser_entry( browc );
+      }
+    }
+  } /* expire_lmb_browsers */
diff --git a/source3/nmbd/nmbd_browsesync.c b/source3/nmbd/nmbd_browsesync.c
new file mode 100644
index 0000000000..5dcc8cce19
--- /dev/null
+++ b/source3/nmbd/nmbd_browsesync.c
@@ -0,0 +1,703 @@
+/* 
+   Unix SMB/CIFS implementation.
+   NBT netbios routines and daemon - version 2
+   Copyright (C) Andrew Tridgell 1994-1998
+   Copyright (C) Luke Kenneth Casson Leighton 1994-1998
+   Copyright (C) Jeremy Allison 1994-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   
+*/
+
+#include "includes.h"
+#include "smb.h"
+
+extern pstring global_myname;
+extern fstring global_myworkgroup;
+
+/* This is our local master browser list database. */
+extern ubi_dlList lmb_browserlist[];
+
+/****************************************************************************
+As a domain master browser, do a sync with a local master browser.
+**************************************************************************/
+static void sync_with_lmb(struct browse_cache_record *browc)
+{                     
+  struct work_record *work;
+
+  if( !(work = find_workgroup_on_subnet(unicast_subnet, browc->work_group)) )
+  {
+    if( DEBUGLVL( 0 ) )
+    {
+      dbgtext( "sync_with_lmb:\n" );
+      dbgtext( "Failed to get a workgroup for a local master browser " );
+      dbgtext( "cache entry workgroup " );
+      dbgtext( "%s, server %s\n", browc->work_group, browc->lmb_name );
+    }
+    return;
+  }
+
+  /* We should only be doing this if we are a domain master browser for
+     the given workgroup. Ensure this is so. */
+
+  if(!AM_DOMAIN_MASTER_BROWSER(work))
+  {
+    if( DEBUGLVL( 0 ) )
+    {
+      dbgtext( "sync_with_lmb:\n" );
+      dbgtext( "We are trying to sync with a local master browser " );
+      dbgtext( "%s for workgroup %s\n", browc->lmb_name, browc->work_group );
+      dbgtext( "and we are not a domain master browser on this workgroup.\n" );
+      dbgtext( "Error!\n" );
+    }
+    return;
+  }
+
+  if( DEBUGLVL( 2 ) )
+  {
+    dbgtext( "sync_with_lmb:\n" );
+    dbgtext( "Initiating sync with local master browser " );
+    dbgtext( "%s<0x20> at IP %s ", browc->lmb_name, inet_ntoa(browc->ip) );
+    dbgtext( "for workgroup %s\n", browc->work_group );
+  }
+
+  sync_browse_lists(work, browc->lmb_name, 0x20, browc->ip, True, True);
+
+  browc->sync_time += (CHECK_TIME_DMB_TO_LMB_SYNC * 60);
+}
+
+/****************************************************************************
+Sync or expire any local master browsers.
+**************************************************************************/
+void dmb_expire_and_sync_browser_lists(time_t t)
+{
+  static time_t last_run = 0;
+  struct browse_cache_record *browc;
+
+  /* Only do this every 20 seconds. */  
+  if (t - last_run < 20) 
+   return;
+
+  last_run = t;
+
+  expire_lmb_browsers(t);
+
+  for( browc = (struct browse_cache_record *)ubi_dlFirst( lmb_browserlist );
+       browc;
+       browc = (struct browse_cache_record *)ubi_dlNext( browc ) )
+  {
+    if (browc->sync_time < t)
+      sync_with_lmb(browc);
+  }
+}
+
+/****************************************************************************
+As a local master browser, send an announce packet to the domain master browser.
+**************************************************************************/
+
+static void announce_local_master_browser_to_domain_master_browser( struct work_record *work)
+{
+  pstring outbuf;
+  char *p;
+
+  if(ismyip(work->dmb_addr))
+  {
+    if( DEBUGLVL( 2 ) )
+    {
+      dbgtext( "announce_local_master_browser_to_domain_master_browser:\n" );
+      dbgtext( "We are both a domain and a local master browser for " );
+      dbgtext( "workgroup %s.  ", work->work_group );
+      dbgtext( "Do not announce to ourselves.\n" );
+    }
+    return;
+  }
+
+  memset(outbuf,'\0',sizeof(outbuf));
+  p = outbuf;
+  SCVAL(p,0,ANN_MasterAnnouncement);
+  p++;
+
+  StrnCpy(p,global_myname,15);
+  strupper(p);
+  p = skip_string(p,1);
+
+  if( DEBUGLVL( 4 ) )
+  {
+    dbgtext( "announce_local_master_browser_to_domain_master_browser:\n" );
+    dbgtext( "Sending local master announce to " );
+    dbgtext( "%s for workgroup %s.\n", nmb_namestr(&work->dmb_name),
+                                       work->work_group );
+  }
+
+  send_mailslot(True, BROWSE_MAILSLOT, outbuf,PTR_DIFF(p,outbuf),
+		global_myname, 0x0, work->dmb_name.name, 0x0, 
+		work->dmb_addr, FIRST_SUBNET->myip, DGRAM_PORT);
+
+}
+
+/****************************************************************************
+As a local master browser, do a sync with a domain master browser.
+**************************************************************************/
+
+static void sync_with_dmb(struct work_record *work)
+{
+  if( DEBUGLVL( 2 ) )
+  {
+    dbgtext( "sync_with_dmb:\n" );
+    dbgtext( "Initiating sync with domain master browser " );
+    dbgtext( "%s ", nmb_namestr(&work->dmb_name) );
+    dbgtext( "at IP %s ", inet_ntoa(work->dmb_addr) );
+    dbgtext( "for workgroup %s\n", work->work_group );
+  }
+
+  sync_browse_lists(work, work->dmb_name.name, work->dmb_name.name_type, 
+                    work->dmb_addr, False, True);
+}
+
+/****************************************************************************
+  Function called when a node status query to a domain master browser IP succeeds.
+****************************************************************************/
+
+static void domain_master_node_status_success(struct subnet_record *subrec,
+                                              struct userdata_struct *userdata,
+                                              struct res_rec *answers,
+                                              struct in_addr from_ip)
+{
+  struct work_record *work = find_workgroup_on_subnet( subrec, userdata->data);
+
+  if( work == NULL )
+  {
+    if( DEBUGLVL( 0 ) )
+    {
+      dbgtext( "domain_master_node_status_success:\n" );
+      dbgtext( "Unable to find workgroup " );
+      dbgtext( "%s on subnet %s.\n", userdata->data, subrec->subnet_name );
+    }
+    return;
+  }
+
+  if( DEBUGLVL( 3 ) )
+  {
+    dbgtext( "domain_master_node_status_success:\n" );
+    dbgtext( "Success in node status for workgroup " );
+    dbgtext( "%s from ip %s\n", work->work_group, inet_ntoa(from_ip) );
+  }
+
+  /* Go through the list of names found at answers->rdata and look for
+     the first SERVER<0x20> name. */
+
+  if(answers->rdata != NULL)
+  {
+    char *p = answers->rdata;
+    int numnames = CVAL(p, 0);
+
+    p += 1;
+
+    while (numnames--)
+    {
+      char qname[17];
+      uint16 nb_flags;
+      int name_type;
+
+      StrnCpy(qname,p,15);
+      name_type = CVAL(p,15);
+      nb_flags = get_nb_flags(&p[16]);
+      trim_string(qname,NULL," ");
+
+      p += 18;
+
+      if(!(nb_flags & NB_GROUP) && (name_type == 0x20))
+      {
+        struct nmb_name nmbname;
+
+        make_nmb_name(&nmbname, qname, name_type);
+
+        /* Copy the dmb name and IP address
+           into the workgroup struct. */
+
+        work->dmb_name = nmbname;
+        putip((char *)&work->dmb_addr, &from_ip);
+
+        /* Do the local master browser announcement to the domain
+           master browser name and IP. */
+        announce_local_master_browser_to_domain_master_browser( work );
+
+        /* Now synchronise lists with the domain master browser. */
+        sync_with_dmb(work);
+        break;
+      }
+    }
+  }
+  else
+    if( DEBUGLVL( 0 ) )
+    {
+      dbgtext( "domain_master_node_status_success:\n" );
+      dbgtext( "Failed to find a SERVER<0x20> name in reply from IP " );
+      dbgtext( "%s.\n", inet_ntoa(from_ip) );
+    }
+}
+
+/****************************************************************************
+  Function called when a node status query to a domain master browser IP fails.
+****************************************************************************/
+
+static void domain_master_node_status_fail(struct subnet_record *subrec,
+                       struct response_record *rrec)
+{
+  struct userdata_struct *userdata = rrec->userdata;
+
+  if( DEBUGLVL( 0 ) )
+  {
+    dbgtext( "domain_master_node_status_fail:\n" );
+    dbgtext( "Doing a node status request to the domain master browser\n" );
+    dbgtext( "for workgroup %s ", userdata->data );
+    dbgtext( "at IP %s failed.\n", inet_ntoa(rrec->packet->ip) );
+    dbgtext( "Cannot sync browser lists.\n" );
+  }
+}
+
+/****************************************************************************
+  Function called when a query for a WORKGROUP<1b> name succeeds.
+****************************************************************************/
+
+static void find_domain_master_name_query_success(struct subnet_record *subrec,
+                        struct userdata_struct *userdata_in,
+                        struct nmb_name *q_name, struct in_addr answer_ip, struct res_rec *rrec)
+{
+  /* 
+   * Unfortunately, finding the IP address of the Domain Master Browser,
+   * as we have here, is not enough. We need to now do a sync to the
+   * SERVERNAME<0x20> NetBIOS name, as only recent NT servers will
+   * respond to the SMBSERVER name. To get this name from IP
+   * address we do a Node status request, and look for the first
+   * NAME<0x20> in the response, and take that as the server name.
+   * We also keep a cache of the Domain Master Browser name for this
+   * workgroup in the Workgroup struct, so that if the same IP addess
+   * is returned every time, we don't need to do the node status
+   * request.
+   */
+
+  struct work_record *work;
+  struct nmb_name nmbname;
+  struct userdata_struct *userdata;
+  int size = sizeof(struct userdata_struct) + sizeof(fstring)+1;
+
+  if( !(work = find_workgroup_on_subnet(subrec, q_name->name)) )
+  {
+    if( DEBUGLVL( 0 ) )
+      {
+      dbgtext( "find_domain_master_name_query_success:\n" );
+      dbgtext( "Failed to find workgroup %s\n", q_name->name );
+      }
+    return;
+  }
+
+  /* First check if we already have a dmb for this workgroup. */
+
+  if(!is_zero_ip(work->dmb_addr) && ip_equal(work->dmb_addr, answer_ip))
+  {
+    /* Do the local master browser announcement to the domain
+       master browser name and IP. */
+    announce_local_master_browser_to_domain_master_browser( work );
+
+    /* Now synchronise lists with the domain master browser. */
+    sync_with_dmb(work);
+    return;
+  }
+  else
+    zero_ip(&work->dmb_addr);
+
+  /* Now initiate the node status request. */
+  make_nmb_name(&nmbname,"*",0x0);
+
+  /* Put the workgroup name into the userdata so we know
+     what workgroup we're talking to when the reply comes
+     back. */
+
+  /* Setup the userdata_struct - this is copied so we can use
+     a stack variable for this. */
+  if((userdata = (struct userdata_struct *)malloc(size)) == NULL)
+  {
+    DEBUG(0, ("find_domain_master_name_query_success: malloc fail.\n"));
+    return;
+  }
+
+  userdata->copy_fn = NULL;
+  userdata->free_fn = NULL;
+  userdata->userdata_len = strlen(work->work_group)+1;
+  pstrcpy(userdata->data, work->work_group);
+
+  node_status( subrec, &nmbname, answer_ip, 
+               domain_master_node_status_success,
+               domain_master_node_status_fail,
+               userdata);
+
+  zero_free(userdata, size);
+}
+
+/****************************************************************************
+  Function called when a query for a WORKGROUP<1b> name fails.
+  ****************************************************************************/
+static void find_domain_master_name_query_fail(struct subnet_record *subrec,
+                                    struct response_record *rrec,
+                                    struct nmb_name *question_name, int fail_code)
+{
+  if( DEBUGLVL( 0 ) )
+  {
+    dbgtext( "find_domain_master_name_query_fail:\n" );
+    dbgtext( "Unable to find the Domain Master Browser name " );
+    dbgtext( "%s for the workgroup %s.\n",
+             nmb_namestr(question_name), question_name->name );
+    dbgtext( "Unable to sync browse lists in this workgroup.\n" );
+  }
+}
+
+/****************************************************************************
+As a local master browser for a workgroup find the domain master browser
+name, announce ourselves as local master browser to it and then pull the
+full domain browse lists from it onto the given subnet.
+**************************************************************************/
+
+void announce_and_sync_with_domain_master_browser( struct subnet_record *subrec,
+                                                   struct work_record *work)
+{
+  struct nmb_name nmbname;
+
+  /* Only do this if we are using a WINS server. */
+  if(we_are_a_wins_client() == False)
+  {
+    if( DEBUGLVL( 10 ) )
+    {
+      dbgtext( "announce_and_sync_with_domain_master_browser:\n" );
+      dbgtext( "Ignoring, as we are not a WINS client.\n" );
+    }
+    return;
+  }
+
+  make_nmb_name(&nmbname,work->work_group,0x1b);
+
+  /* First, query for the WORKGROUP<1b> name from the WINS server. */
+  query_name(unicast_subnet, nmbname.name, nmbname.name_type,
+             find_domain_master_name_query_success,
+             find_domain_master_name_query_fail,
+             NULL);
+
+}
+
+/****************************************************************************
+  Function called when a node status query to a domain master browser IP succeeds.
+  This function is only called on query to a Samba 1.9.18 or above WINS server.
+
+  Note that adding the workgroup name is enough for this workgroup to be
+  browsable by clients, as clients query the WINS server or broadcast 
+  nets for the WORKGROUP<1b> name when they want to browse a workgroup
+  they are not in. We do not need to do a sync with this Domain Master
+  Browser in order for our browse clients to see machines in this workgroup.
+  JRA.
+****************************************************************************/
+
+static void get_domain_master_name_node_status_success(struct subnet_record *subrec,
+                                              struct userdata_struct *userdata,
+                                              struct res_rec *answers,
+                                              struct in_addr from_ip)
+{
+  struct work_record *work;
+  fstring server_name;
+
+  server_name[0] = 0;
+
+  if( DEBUGLVL( 3 ) )
+  {
+    dbgtext( "get_domain_master_name_node_status_success:\n" );
+    dbgtext( "Success in node status from ip %s\n", inet_ntoa(from_ip) );
+  }
+
+  /* 
+   * Go through the list of names found at answers->rdata and look for
+   * the first WORKGROUP<0x1b> name.
+   */
+
+  if(answers->rdata != NULL)
+  {
+    char *p = answers->rdata;
+    int numnames = CVAL(p, 0);
+
+    p += 1;
+
+    while (numnames--)
+    {
+      char qname[17];
+      uint16 nb_flags;
+      int name_type;
+
+      StrnCpy(qname,p,15);
+      name_type = CVAL(p,15);
+      nb_flags = get_nb_flags(&p[16]);
+      trim_string(qname,NULL," ");
+
+      p += 18;
+
+      if(!(nb_flags & NB_GROUP) && (name_type == 0x00) && 
+	 server_name[0] == 0) {
+	      /* this is almost certainly the server netbios name */
+	      fstrcpy(server_name, qname);
+	      continue;
+      }
+
+      if(!(nb_flags & NB_GROUP) && (name_type == 0x1b))
+      {
+        if( DEBUGLVL( 5 ) )
+        {
+          dbgtext( "get_domain_master_name_node_status_success:\n" );
+          dbgtext( "%s(%s) ", server_name, inet_ntoa(from_ip) );
+          dbgtext( "is a domain master browser for workgroup " );
+          dbgtext( "%s. Adding this name.\n", qname );
+        }
+
+        /* 
+         * If we don't already know about this workgroup, add it
+         * to the workgroup list on the unicast_subnet.
+         */
+        if((work = find_workgroup_on_subnet( subrec, qname)) == NULL)
+	{
+		struct nmb_name nmbname;
+		/* 
+		 * Add it - with an hour in the cache.
+		 */
+		if(!(work= create_workgroup_on_subnet(subrec, qname, 60*60)))
+			return;
+
+		/* remember who the master is */
+		fstrcpy(work->local_master_browser_name, server_name);
+		make_nmb_name(&nmbname, server_name, 0x20);
+		work->dmb_name = nmbname;
+		work->dmb_addr = from_ip;
+        }
+        break;
+      }
+    }
+  }
+  else
+    if( DEBUGLVL( 0 ) )
+    {
+      dbgtext( "get_domain_master_name_node_status_success:\n" );
+      dbgtext( "Failed to find a WORKGROUP<0x1b> name in reply from IP " );
+      dbgtext( "%s.\n", inet_ntoa(from_ip) );
+    }
+}
+
+/****************************************************************************
+  Function called when a node status query to a domain master browser IP fails.
+****************************************************************************/
+
+static void get_domain_master_name_node_status_fail(struct subnet_record *subrec,
+                       struct response_record *rrec)
+{
+  if( DEBUGLVL( 0 ) )
+  {
+    dbgtext( "get_domain_master_name_node_status_fail:\n" );
+    dbgtext( "Doing a node status request to the domain master browser " );
+    dbgtext( "at IP %s failed.\n", inet_ntoa(rrec->packet->ip) );
+    dbgtext( "Cannot get workgroup name.\n" );
+  }
+}
+
+/****************************************************************************
+  Function called when a query for *<1b> name succeeds.
+****************************************************************************/
+
+static void find_all_domain_master_names_query_success(struct subnet_record *subrec,
+                        struct userdata_struct *userdata_in,
+                        struct nmb_name *q_name, struct in_addr answer_ip, struct res_rec *rrec)
+{
+  /* 
+   * We now have a list of all the domain master browsers for all workgroups
+   * that have registered with the WINS server. Now do a node status request
+   * to each one and look for the first 1b name in the reply. This will be
+   * the workgroup name that we will add to the unicast subnet as a 'non-local'
+   * workgroup.
+   */
+
+  struct nmb_name nmbname;
+  struct in_addr send_ip;
+  int i;
+
+  if( DEBUGLVL( 5 ) )
+  {
+    dbgtext( "find_all_domain_master_names_query_succes:\n" );
+    dbgtext( "Got answer from WINS server of %d ", (rrec->rdlength / 6) );
+    dbgtext( "IP addresses for Domain Master Browsers.\n" );
+  }
+
+  for(i = 0; i < rrec->rdlength / 6; i++)
+  {
+    /* Initiate the node status requests. */
+    make_nmb_name(&nmbname, "*", 0);
+
+    putip((char *)&send_ip, (char *)&rrec->rdata[(i*6) + 2]);
+
+    /* 
+     * Don't send node status requests to ourself.
+     */
+
+    if(ismyip( send_ip ))
+    {
+      if( DEBUGLVL( 5 ) )
+      {
+        dbgtext( "find_all_domain_master_names_query_succes:\n" );
+        dbgtext( "Not sending node status to our own IP " );
+        dbgtext( "%s.\n", inet_ntoa(send_ip) );
+      }
+      continue;
+    }
+
+    if( DEBUGLVL( 5 ) )
+    {
+      dbgtext( "find_all_domain_master_names_query_success:\n" );
+      dbgtext( "Sending node status request to IP %s.\n", inet_ntoa(send_ip) );
+    }
+
+    node_status( subrec, &nmbname, send_ip, 
+                 get_domain_master_name_node_status_success,
+                 get_domain_master_name_node_status_fail,
+                 NULL);
+  }
+}
+
+/****************************************************************************
+  Function called when a query for *<1b> name fails.
+  ****************************************************************************/
+static void find_all_domain_master_names_query_fail(struct subnet_record *subrec,
+                                    struct response_record *rrec,
+                                    struct nmb_name *question_name, int fail_code)
+{
+  if( DEBUGLVL( 10 ) )
+  {
+    dbgtext( "find_domain_master_name_query_fail:\n" );
+    dbgtext( "WINS server did not reply to a query for name " );
+    dbgtext( "%s.\nThis means it ", nmb_namestr(question_name) );
+    dbgtext( "is probably not a Samba 1.9.18 or above WINS server.\n" );
+  }
+}
+
+/****************************************************************************
+ If we are a domain master browser on the unicast subnet, do a query to the
+ WINS server for the *<1b> name. This will only work to a Samba WINS server,
+ so ignore it if we fail. If we succeed, contact each of the IP addresses in
+ turn and do a node status request to them. If this succeeds then look for a
+ <1b> name in the reply - this is the workgroup name. Add this to the unicast
+ subnet. This is expensive, so we only do this every 15 minutes.
+**************************************************************************/
+void collect_all_workgroup_names_from_wins_server(time_t t)
+{
+  static time_t lastrun = 0;
+  struct work_record *work;
+  struct nmb_name nmbname;
+
+  /* Only do this if we are using a WINS server. */
+  if(we_are_a_wins_client() == False)
+    return;
+
+  /* Check to see if we are a domain master browser on the unicast subnet. */
+  if((work = find_workgroup_on_subnet( unicast_subnet, global_myworkgroup)) == NULL)
+  {
+    if( DEBUGLVL( 0 ) )
+    {
+      dbgtext( "collect_all_workgroup_names_from_wins_server:\n" );
+      dbgtext( "Cannot find my workgroup %s ", global_myworkgroup );
+      dbgtext( "on subnet %s.\n", unicast_subnet->subnet_name );
+    }
+    return;
+  }
+
+  if(!AM_DOMAIN_MASTER_BROWSER(work))
+    return;
+
+  if ((lastrun != 0) && (t < lastrun + (15 * 60)))
+    return;
+     
+  lastrun = t;
+
+  make_nmb_name(&nmbname,"*",0x1b);
+
+  /* First, query for the *<1b> name from the WINS server. */
+  query_name(unicast_subnet, nmbname.name, nmbname.name_type,
+             find_all_domain_master_names_query_success,
+             find_all_domain_master_names_query_fail,
+             NULL);
+} 
+
+
+/****************************************************************************
+ If we are a domain master browser on the unicast subnet, do a regular sync
+ with all other DMBs that we know of on that subnet.
+
+To prevent exponential network traffic with large numbers of workgroups
+we use a randomised system where sync probability is inversely proportional
+to the number of known workgroups
+**************************************************************************/
+void sync_all_dmbs(time_t t)
+{
+	static time_t lastrun = 0;
+	struct work_record *work;
+	int count=0;
+
+	/* Only do this if we are using a WINS server. */
+	if(we_are_a_wins_client() == False)
+		return;
+
+	/* Check to see if we are a domain master browser on the
+           unicast subnet. */
+	work = find_workgroup_on_subnet(unicast_subnet, global_myworkgroup);
+	if (!work) return;
+
+	if (!AM_DOMAIN_MASTER_BROWSER(work))
+		return;
+
+	if ((lastrun != 0) && (t < lastrun + (5 * 60)))
+		return;
+     
+	/* count how many syncs we might need to do */
+	for (work=unicast_subnet->workgrouplist; work; work = work->next) {
+		if (strcmp(global_myworkgroup, work->work_group)) {
+			count++;
+		}
+	}
+
+	/* sync with a probability of 1/count */
+	for (work=unicast_subnet->workgrouplist; work; work = work->next) {
+		if (strcmp(global_myworkgroup, work->work_group)) {
+			if (((unsigned)sys_random()) % count != 0) continue;
+
+			lastrun = t;
+
+			if (!work->dmb_name.name[0]) {
+				/* we don't know the DMB - assume it is
+				   the same as the unicast local master */
+				make_nmb_name(&work->dmb_name, 
+					      work->local_master_browser_name,
+					      0x20);
+			}
+
+			DEBUG(3,("Initiating DMB<->DMB sync with %s(%s)\n",
+				 work->dmb_name.name, 
+				 inet_ntoa(work->dmb_addr)));
+			sync_browse_lists(work, 
+					  work->dmb_name.name,
+					  work->dmb_name.name_type, 
+					  work->dmb_addr, False, False);
+		}
+	}
+} 
diff --git a/source3/nmbd/nmbd_elections.c b/source3/nmbd/nmbd_elections.c
new file mode 100644
index 0000000000..acff7a72e8
--- /dev/null
+++ b/source3/nmbd/nmbd_elections.c
@@ -0,0 +1,406 @@
+/* 
+   Unix SMB/CIFS implementation.
+   NBT netbios routines and daemon - version 2
+   Copyright (C) Andrew Tridgell 1994-1998
+   Copyright (C) Luke Kenneth Casson Leighton 1994-1998
+   Copyright (C) Jeremy Allison 1994-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   
+*/
+
+#include "includes.h"
+
+extern pstring global_myname;
+extern fstring global_myworkgroup;
+
+/* Election parameters. */
+extern time_t StartupTime;
+
+/****************************************************************************
+  Send an election datagram packet.
+**************************************************************************/
+static void send_election_dgram(struct subnet_record *subrec, char *workgroup_name,
+                                uint32 criterion, int timeup,char *server_name)
+{
+  pstring outbuf;
+  char *p;
+
+  DEBUG(2,("send_election_dgram: Sending election packet for workgroup %s on subnet %s\n",
+	workgroup_name, subrec->subnet_name ));
+
+  memset(outbuf,'\0',sizeof(outbuf));
+  p = outbuf;
+  SCVAL(p,0,ANN_Election); /* Election opcode. */
+  p++;
+
+  SCVAL(p,0,((criterion == 0 && timeup == 0) ? 0 : ELECTION_VERSION));
+  SIVAL(p,1,criterion);
+  SIVAL(p,5,timeup*1000); /* ms - Despite what the spec says. */
+  p += 13;
+  pstrcpy(p,server_name);
+  strupper(p);
+  p = skip_string(p,1);
+  
+  send_mailslot(False, BROWSE_MAILSLOT, outbuf, PTR_DIFF(p,outbuf),
+                global_myname, 0,
+                workgroup_name, 0x1e,
+                subrec->bcast_ip, subrec->myip, DGRAM_PORT);
+}
+
+/*******************************************************************
+ We found a current master browser on one of our broadcast interfaces.
+******************************************************************/
+
+static void check_for_master_browser_success(struct subnet_record *subrec,
+                                 struct userdata_struct *userdata,
+                                 struct nmb_name *answer_name,
+                                 struct in_addr answer_ip, struct res_rec *rrec)
+{
+  DEBUG(3,("check_for_master_browser_success: Local master browser for workgroup %s exists at \
+IP %s (just checking).\n", answer_name->name, inet_ntoa(answer_ip) ));
+}
+
+/*******************************************************************
+ We failed to find a current master browser on one of our broadcast interfaces.
+******************************************************************/
+
+static void check_for_master_browser_fail( struct subnet_record *subrec,
+                                           struct response_record *rrec,
+                                           struct nmb_name *question_name,
+                                           int fail_code)
+{
+  char *workgroup_name = question_name->name;
+  struct work_record *work = find_workgroup_on_subnet(subrec, workgroup_name);
+
+  if(work == NULL)
+  {
+    DEBUG(0,("check_for_master_browser_fail: Unable to find workgroup %s on subnet %s.=\n",
+          workgroup_name, subrec->subnet_name ));
+    return;
+  }
+
+  if (strequal(work->work_group, global_myworkgroup))
+  {
+
+    if (lp_local_master())
+    {
+      /* We have discovered that there is no local master
+         browser, and we are configured to initiate
+         an election that we will participate in.
+       */
+      DEBUG(2,("check_for_master_browser_fail: Forcing election on workgroup %s subnet %s\n",
+               work->work_group, subrec->subnet_name ));
+
+      /* Setting this means we will participate when the
+         election is run in run_elections(). */
+      work->needelection = True;
+    }
+    else
+    {
+      /* We need to force an election, because we are configured
+         not to become the local master, but we still need one,
+         having detected that one doesn't exist.
+       */
+      send_election_dgram(subrec, work->work_group, 0, 0, "");
+    }
+  }
+}
+
+/*******************************************************************
+  Ensure there is a local master browser for a workgroup on our
+  broadcast interfaces.
+******************************************************************/
+
+void check_master_browser_exists(time_t t)
+{
+  static time_t lastrun=0;
+  struct subnet_record *subrec;
+  char *workgroup_name = global_myworkgroup;
+
+  if (!lastrun)
+    lastrun = t;
+
+  if (t < (lastrun + (CHECK_TIME_MST_BROWSE * 60)))
+    return;
+
+  lastrun = t;
+
+  dump_workgroups(False);
+
+  for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec))
+  {
+    struct work_record *work;
+
+    for (work = subrec->workgrouplist; work; work = work->next)
+    {
+      if (strequal(work->work_group, workgroup_name) && !AM_LOCAL_MASTER_BROWSER(work))
+      {
+        /* Do a name query for the local master browser on this net. */
+        query_name( subrec, work->work_group, 0x1d,
+                    check_for_master_browser_success,
+                    check_for_master_browser_fail,
+                    NULL);
+      }
+    }
+  }
+}
+
+/*******************************************************************
+  Run an election.
+******************************************************************/
+
+void run_elections(time_t t)
+{
+  static time_t lastime = 0;
+  
+  struct subnet_record *subrec;
+  
+  /* Send election packets once every 2 seconds - note */
+  if (lastime && (t - lastime < 2))
+    return;
+  
+  lastime = t;
+  
+  START_PROFILE(run_elections);
+  for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec))
+  {
+    struct work_record *work;
+
+    for (work = subrec->workgrouplist; work; work = work->next)
+    {
+      if (work->RunningElection)
+      {
+        /*
+         * We can only run an election for a workgroup if we have
+         * registered the WORKGROUP<1e> name, as that's the name
+         * we must listen to.
+         */
+        struct nmb_name nmbname;
+
+        make_nmb_name(&nmbname, work->work_group, 0x1e);
+        if(find_name_on_subnet( subrec, &nmbname, FIND_SELF_NAME)==NULL) {
+          DEBUG(8,("run_elections: Cannot send election packet yet as name %s not \
+yet registered on subnet %s\n", nmb_namestr(&nmbname), subrec->subnet_name ));
+          continue;
+        }
+
+        send_election_dgram(subrec, work->work_group, work->ElectionCriterion,
+                      t - StartupTime, global_myname);
+	      
+        if (work->ElectionCount++ >= 4)
+        {
+          /* Won election (4 packets were sent out uncontested. */
+          DEBUG(2,("run_elections: >>> Won election for workgroup %s on subnet %s <<<\n",
+                    work->work_group, subrec->subnet_name ));
+
+          work->RunningElection = False;
+
+          become_local_master_browser(subrec, work);
+        }
+      }
+    }
+  }
+  END_PROFILE(run_elections);
+}
+
+/*******************************************************************
+  Determine if I win an election.
+******************************************************************/
+
+static BOOL win_election(struct work_record *work, int version,
+                         uint32 criterion, int timeup, char *server_name)
+{  
+  int mytimeup = time(NULL) - StartupTime;
+  uint32 mycriterion = work->ElectionCriterion;
+
+  /* If local master is false then never win
+     in election broadcasts. */
+  if(!lp_local_master())
+  {
+    DEBUG(3,("win_election: Losing election as local master == False\n"));
+    return False;
+  }
+ 
+  DEBUG(4,("win_election: election comparison: %x:%x %x:%x %d:%d %s:%s\n",
+        version, ELECTION_VERSION,
+        criterion, mycriterion,
+        timeup, mytimeup,
+        server_name, global_myname));
+
+  if (version > ELECTION_VERSION)
+    return(False);
+  if (version < ELECTION_VERSION)
+    return(True);
+  
+  if (criterion > mycriterion)
+    return(False);
+  if (criterion < mycriterion)
+    return(True);
+
+  if (timeup > mytimeup)
+    return(False);
+  if (timeup < mytimeup)
+    return(True);
+
+  if (strcasecmp(global_myname, server_name) > 0)
+    return(False);
+  
+  return(True);
+}
+
+/*******************************************************************
+  Process an incoming election datagram packet.
+******************************************************************/
+
+void process_election(struct subnet_record *subrec, struct packet_struct *p, char *buf)
+{
+  struct dgram_packet *dgram = &p->packet.dgram;
+  int version = CVAL(buf,0);
+  uint32 criterion = IVAL(buf,1);
+  int timeup = IVAL(buf,5)/1000;
+  char *server_name = buf+13;
+  struct work_record *work;
+  char *workgroup_name = dgram->dest_name.name;
+
+  START_PROFILE(election);
+  server_name[15] = 0;  
+
+  DEBUG(3,("process_election: Election request from %s at IP %s on subnet %s for workgroup %s.\n",
+      server_name,inet_ntoa(p->ip), subrec->subnet_name, workgroup_name ));
+
+  DEBUG(5,("process_election: vers=%d criterion=%08x timeup=%d\n", version,criterion,timeup));
+
+  if(( work = find_workgroup_on_subnet(subrec, workgroup_name)) == NULL)
+  {
+    DEBUG(0,("process_election: Cannot find workgroup %s on subnet %s.\n",
+          workgroup_name, subrec->subnet_name ));
+    goto done;
+  }
+
+  if (!strequal(work->work_group, global_myworkgroup))
+  {
+    DEBUG(3,("process_election: ignoring election request for workgroup %s on subnet %s as this \
+is not my workgroup.\n", work->work_group, subrec->subnet_name ));
+    goto done;
+  }
+
+  if (win_election(work, version,criterion,timeup,server_name))
+  {
+    /* We take precedence over the requesting server. */
+    if (!work->RunningElection)
+    {
+      /* We weren't running an election - start running one. */
+
+      work->needelection = True;
+      work->ElectionCount=0;
+    }
+
+    /* Note that if we were running an election for this workgroup on this
+       subnet already, we just ignore the server we take precedence over. */
+  }
+  else
+  {
+    /* We lost. Stop participating. */
+    work->needelection = False;
+
+    if (work->RunningElection || AM_LOCAL_MASTER_BROWSER(work))
+    {
+      work->RunningElection = False;
+      DEBUG(3,("process_election: >>> Lost election for workgroup %s on subnet %s <<<\n",
+            work->work_group, subrec->subnet_name ));
+      if (AM_LOCAL_MASTER_BROWSER(work))
+        unbecome_local_master_browser(subrec, work, False);
+    }
+  }
+done:
+  END_PROFILE(election);
+}
+
+/****************************************************************************
+  This function looks over all the workgroups known on all the broadcast
+  subnets and decides if a browser election is to be run on that workgroup.
+  It returns True if any election packets need to be sent (this will then
+  be done by run_elections().
+***************************************************************************/
+
+BOOL check_elections(void)
+{
+  struct subnet_record *subrec;
+  BOOL run_any_election = False;
+
+  for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec))
+  {
+    struct work_record *work;
+    for (work = subrec->workgrouplist; work; work = work->next)
+    {
+      run_any_election |= work->RunningElection;
+
+      /* 
+       * Start an election if we have any chance of winning.
+       * Note this is a change to the previous code, that would
+       * only run an election if nmbd was in the potential browser
+       * state. We need to run elections in any state if we're told
+       * to. JRA.
+       */
+
+      if (work->needelection && !work->RunningElection && lp_local_master())
+      {
+        /*
+         * We can only run an election for a workgroup if we have
+         * registered the WORKGROUP<1e> name, as that's the name
+         * we must listen to.
+         */
+        struct nmb_name nmbname;
+
+        make_nmb_name(&nmbname, work->work_group, 0x1e);
+        if(find_name_on_subnet( subrec, &nmbname, FIND_SELF_NAME)==NULL) {
+          DEBUG(8,("check_elections: Cannot send election packet yet as name %s not \
+yet registered on subnet %s\n", nmb_namestr(&nmbname), subrec->subnet_name ));
+          continue;
+        }
+
+        DEBUG(3,("check_elections: >>> Starting election for workgroup %s on subnet %s <<<\n",
+              work->work_group, subrec->subnet_name ));
+
+        work->ElectionCount = 0;
+        work->RunningElection = True;
+        work->needelection = False;
+      }
+    }
+  }
+  return run_any_election;
+}
+
+
+
+/****************************************************************************
+process a internal Samba message forcing an election
+***************************************************************************/
+void nmbd_message_election(int msg_type, pid_t src, void *buf, size_t len)
+{
+	struct subnet_record *subrec;
+
+	for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) {
+		struct work_record *work;
+		for (work = subrec->workgrouplist; work; work = work->next) {
+			if (strequal(work->work_group, global_myworkgroup)) {
+				work->needelection = True;
+				work->ElectionCount=0;
+				work->mst_state = lp_local_master() ? MST_POTENTIAL : MST_NONE;
+			}
+		}
+	}
+}
diff --git a/source3/nmbd/nmbd_incomingdgrams.c b/source3/nmbd/nmbd_incomingdgrams.c
new file mode 100644
index 0000000000..261200b4c5
--- /dev/null
+++ b/source3/nmbd/nmbd_incomingdgrams.c
@@ -0,0 +1,860 @@
+/* 
+   Unix SMB/CIFS implementation.
+   NBT netbios routines and daemon - version 2
+   Copyright (C) Andrew Tridgell 1994-1998
+   Copyright (C) Luke Kenneth Casson Leighton 1994-1998
+   Copyright (C) Jeremy Allison 1994-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   
+*/
+
+#include "includes.h"
+
+extern pstring global_myname;
+extern fstring global_myworkgroup;
+extern BOOL found_lm_clients;
+
+#if 0
+
+/* XXXX note: This function is currently unsuitable for use, as it
+   does not properly check that a server is in a fit state to become
+   a backup browser before asking it to be one.
+   The code is left here to be worked on at a later date.
+*/
+
+/****************************************************************************
+Tell a server to become a backup browser
+**************************************************************************/
+
+void tell_become_backup(void)
+{
+  struct subnet_record *subrec;
+  for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec))
+  {
+    struct work_record *work;
+    for (work = subrec->workgrouplist; work; work = work->next)
+    {
+      struct server_record *servrec;
+      int num_servers = 0;
+      int num_backups = 0;
+	  
+      for (servrec = work->serverlist; servrec; servrec = servrec->next)
+      {
+        num_servers++;
+	      
+        if (is_myname(servrec->serv.name))
+          continue;
+	      
+        if (servrec->serv.type & SV_TYPE_BACKUP_BROWSER) 
+        {
+          num_backups++;
+          continue;
+        }
+	      
+        if (servrec->serv.type & SV_TYPE_MASTER_BROWSER)
+          continue;
+	      
+        if (!(servrec->serv.type & SV_TYPE_POTENTIAL_BROWSER))
+          continue;
+	      
+        DEBUG(3,("num servers: %d num backups: %d\n", 
+              num_servers, num_backups));
+	      
+        /* make first server a backup server. thereafter make every
+           tenth server a backup server */
+        if (num_backups != 0 && (num_servers+9) / num_backups > 10)
+          continue;
+	      
+        DEBUG(2,("sending become backup to %s %s for %s\n",
+             servrec->serv.name, inet_ntoa(subrec->bcast_ip),
+             work->work_group));
+	      
+        /* type 11 request from MYNAME(20) to WG(1e) for SERVER */
+        do_announce_request(servrec->serv.name, work->work_group,
+              ANN_BecomeBackup, 0x20, 0x1e, subrec->bcast_ip);
+      }
+    }
+  }
+}
+#endif
+
+/*******************************************************************
+  Process an incoming host announcement packet.
+*******************************************************************/
+
+void process_host_announce(struct subnet_record *subrec, struct packet_struct *p, char *buf)
+{
+  struct dgram_packet *dgram = &p->packet.dgram;
+  int ttl = IVAL(buf,1)/1000;
+  char *announce_name = buf+5;
+  uint32 servertype = IVAL(buf,23);
+  char *comment = buf+31;
+  struct work_record *work;
+  struct server_record *servrec;
+  char *work_name;
+  char *source_name = dgram->source_name.name;
+
+  START_PROFILE(host_announce);
+  comment[43] = 0;
+  
+  DEBUG(3,("process_host_announce: from %s<%02x> IP %s to \
+%s for server %s.\n", source_name, source_name[15], inet_ntoa(p->ip),
+              nmb_namestr(&dgram->dest_name),announce_name));
+
+  DEBUG(5,("process_host_announce: ttl=%d server type=%08x comment=%s\n",
+	   ttl, servertype,comment));
+
+  /* Filter servertype to remove impossible bits. */
+  servertype &= ~(SV_TYPE_LOCAL_LIST_ONLY|SV_TYPE_DOMAIN_ENUM);
+
+  /* A host announcement must be sent to the name WORKGROUP<1d>. */
+  if(dgram->dest_name.name_type != 0x1d)
+  {
+    DEBUG(2,("process_host_announce: incorrect name type for destination from IP %s \
+(was %02x) should be 0x1d. Allowing packet anyway.\n",
+              inet_ntoa(p->ip), dgram->dest_name.name_type));
+    /* Change it so it was. */
+    dgram->dest_name.name_type = 0x1d;
+  }
+
+  /* For a host announce the workgroup name is the destination name. */
+  work_name = dgram->dest_name.name;
+
+  /*
+   * Syntax servers version 5.1 send HostAnnounce packets to
+   * *THE WRONG NAME*. They send to LOCAL_MASTER_BROWSER_NAME<00>
+   * instead of WORKGROUP<1d> name. So to fix this we check if
+   * the workgroup name is our own name, and if so change it
+   * to be our primary workgroup name.
+   */
+
+  if(strequal(work_name, global_myname))
+    work_name = global_myworkgroup;
+
+  /*
+   * We are being very agressive here in adding a workgroup
+   * name on the basis of a host announcing itself as being
+   * in that workgroup. Maybe we should wait for the workgroup
+   * announce instead ? JRA.
+   */
+
+  work = find_workgroup_on_subnet(subrec, work_name);
+
+  if(servertype != 0)
+  {
+    if (work ==NULL )
+    {
+      /* We have no record of this workgroup. Add it. */
+      if((work = create_workgroup_on_subnet(subrec, work_name, ttl))==NULL)
+        goto done;
+    }
+  
+    if((servrec = find_server_in_workgroup( work, announce_name))==NULL)
+    {
+      /* If this server is not already in the workgroup, add it. */
+      create_server_on_workgroup(work, announce_name, 
+                                 servertype|SV_TYPE_LOCAL_LIST_ONLY, 
+                                 ttl, comment);
+    }
+    else
+    {
+      /* Update the record. */
+      servrec->serv.type = servertype|SV_TYPE_LOCAL_LIST_ONLY;
+      update_server_ttl( servrec, ttl);
+      StrnCpy(servrec->serv.comment,comment,sizeof(servrec->serv.comment)-1);
+    }
+  }
+  else
+  {
+    /*
+     * This server is announcing it is going down. Remove it from the 
+     * workgroup.
+     */
+    if(!is_myname(announce_name) && (work != NULL) &&
+       ((servrec = find_server_in_workgroup( work, announce_name))!=NULL)
+      )
+    {
+      remove_server_from_workgroup( work, servrec);
+    }
+  }
+  subrec->work_changed = True;
+done:
+  END_PROFILE(host_announce);
+}
+
+/*******************************************************************
+  Process an incoming WORKGROUP announcement packet.
+*******************************************************************/
+
+void process_workgroup_announce(struct subnet_record *subrec, struct packet_struct *p, char *buf)
+{
+  struct dgram_packet *dgram = &p->packet.dgram;
+  int ttl = IVAL(buf,1)/1000;
+  char *workgroup_announce_name = buf+5;
+  uint32 servertype = IVAL(buf,23);
+  char *master_name = buf+31;
+  struct work_record *work;
+  char *source_name = dgram->source_name.name;
+
+  START_PROFILE(workgroup_announce);
+  master_name[43] = 0;
+
+  DEBUG(3,("process_workgroup_announce: from %s<%02x> IP %s to \
+%s for workgroup %s.\n", source_name, source_name[15], inet_ntoa(p->ip),
+              nmb_namestr(&dgram->dest_name),workgroup_announce_name));
+
+  DEBUG(5,("process_workgroup_announce: ttl=%d server type=%08x master browser=%s\n",
+           ttl, servertype, master_name));
+
+  /* Workgroup announcements must only go to the MSBROWSE name. */
+  if (!strequal(dgram->dest_name.name, MSBROWSE) || (dgram->dest_name.name_type != 0x1))
+  {
+    DEBUG(0,("process_workgroup_announce: from IP %s should be to __MSBROWSE__<0x01> not %s\n",
+              inet_ntoa(p->ip), nmb_namestr(&dgram->dest_name)));
+    goto done;
+  }
+
+  if ((work = find_workgroup_on_subnet(subrec, workgroup_announce_name))==NULL)
+  {
+    /* We have no record of this workgroup. Add it. */
+    if((work = create_workgroup_on_subnet(subrec, workgroup_announce_name, ttl))==NULL)
+      goto done;
+  }
+  else
+  {
+    /* Update the workgroup death_time. */
+    update_workgroup_ttl(work, ttl);
+  }
+
+  if(*work->local_master_browser_name == '\0')
+  {
+    /* Set the master browser name. */
+    set_workgroup_local_master_browser_name( work, master_name );
+  }
+
+  subrec->work_changed = True;
+done:
+  END_PROFILE(workgroup_announce);
+}
+
+/*******************************************************************
+  Process an incoming local master browser announcement packet.
+*******************************************************************/
+
+void process_local_master_announce(struct subnet_record *subrec, struct packet_struct *p, char *buf)
+{
+  struct dgram_packet *dgram = &p->packet.dgram;
+  int ttl = IVAL(buf,1)/1000;
+  char *server_name = buf+5;
+  uint32 servertype = IVAL(buf,23);
+  char *comment = buf+31;
+  char *work_name;
+  struct work_record *work;
+  struct server_record *servrec;
+  char *source_name = dgram->source_name.name;
+
+  START_PROFILE(local_master_announce);
+  comment[43] = 0;
+
+  DEBUG(3,("process_local_master_announce: from %s<%02x> IP %s to \
+%s for server %s.\n", source_name, source_name[15], inet_ntoa(p->ip),
+              nmb_namestr(&dgram->dest_name),server_name));
+
+  DEBUG(5,("process_local_master_announce: ttl=%d server type=%08x comment=%s\n",
+           ttl, servertype, comment));
+
+  /* A local master announcement must be sent to the name WORKGROUP<1e>. */
+  if(dgram->dest_name.name_type != 0x1e)
+  {
+    DEBUG(0,("process_local_master_announce: incorrect name type for destination from IP %s \
+(was %02x) should be 0x1e. Ignoring packet.\n",
+              inet_ntoa(p->ip), dgram->dest_name.name_type));
+    goto done;
+  }
+
+  /* Filter servertype to remove impossible bits. */
+  servertype &= ~(SV_TYPE_LOCAL_LIST_ONLY|SV_TYPE_DOMAIN_ENUM);
+
+  /* For a local master announce the workgroup name is the destination name. */
+  work_name = dgram->dest_name.name;
+
+  if ((work = find_workgroup_on_subnet(subrec, work_name))==NULL)
+  {
+    /* Don't bother adding if it's a local master release announce. */
+    if(servertype == 0)
+      goto done;
+
+    /* We have no record of this workgroup. Add it. */
+    if((work = create_workgroup_on_subnet(subrec, work_name, ttl))==NULL)
+      goto done;
+  }
+
+  /* If we think we're the local master browser for this workgroup,
+     we should never have got this packet. We don't see our own
+     packets.
+   */
+  if(AM_LOCAL_MASTER_BROWSER(work))
+  {
+    DEBUG(0,("process_local_master_announce: Server %s at IP %s is announcing itself as \
+a local master browser for workgroup %s and we think we are master. Forcing election.\n",
+      server_name, inet_ntoa(p->ip), work_name));
+
+    /* Samba nmbd versions 1.9.17 to 1.9.17p4 have a bug in that when
+       they have become a local master browser once, they will never
+       stop sending local master announcements. To fix this we send
+       them a reset browser packet, with level 0x2 on the __SAMBA__
+       name that only they should be listening to. */
+   
+    send_browser_reset( 0x2, "__SAMBA__" , 0x20, p->ip);
+
+    /* We should demote ourself and force an election. */
+
+    unbecome_local_master_browser( subrec, work, True);
+
+    /* The actual election requests are handled in
+       nmbd_election.c */
+    goto done;
+  }  
+
+  /* Find the server record on this workgroup. If it doesn't exist, add it. */
+
+  if(servertype != 0)
+  {
+    if((servrec = find_server_in_workgroup( work, server_name))==NULL)
+    {
+      /* If this server is not already in the workgroup, add it. */
+      create_server_on_workgroup(work, server_name, 
+                                 servertype|SV_TYPE_LOCAL_LIST_ONLY, 
+                                 ttl, comment);
+    }
+    else
+    {
+      /* Update the record. */
+      servrec->serv.type = servertype|SV_TYPE_LOCAL_LIST_ONLY;
+      update_server_ttl(servrec, ttl);
+      StrnCpy(servrec->serv.comment,comment,sizeof(servrec->serv.comment)-1);
+    }
+
+    set_workgroup_local_master_browser_name( work, server_name );
+  }
+  else
+  {
+    /*
+     * This server is announcing it is going down. Remove it from the
+     * workgroup.
+     */
+    if(!is_myname(server_name) && (work != NULL) &&
+       ((servrec = find_server_in_workgroup( work, server_name))!=NULL)
+      )
+    {
+      remove_server_from_workgroup( work, servrec);
+    }
+  }
+
+  subrec->work_changed = True;
+done:
+  END_PROFILE(local_master_announce);
+}
+
+/*******************************************************************
+  Process a domain master announcement frame.
+  Domain master browsers receive these from local masters. The Domain
+  master should then issue a sync with the local master, asking for
+  that machines local server list.
+******************************************************************/
+
+void process_master_browser_announce(struct subnet_record *subrec, 
+                                     struct packet_struct *p,char *buf)
+{
+  char *local_master_name = buf;
+  struct work_record *work;
+  struct browse_cache_record *browrec;
+
+  START_PROFILE(master_browser_announce);
+  local_master_name[15] = 0;
+  
+  DEBUG(3,("process_master_browser_announce: Local master announce from %s IP %s.\n",
+           local_master_name, inet_ntoa(p->ip)));
+  
+  if (!lp_domain_master()) 
+  {
+    DEBUG(0,("process_master_browser_announce: Not configured as domain \
+master - ignoring master announce.\n"));
+    goto done;
+  }
+  
+  if((work = find_workgroup_on_subnet(subrec, global_myworkgroup)) == NULL)
+  {
+    DEBUG(0,("process_master_browser_announce: Cannot find workgroup %s on subnet %s\n",
+           global_myworkgroup, subrec->subnet_name));
+    goto done;
+  }
+
+  if(!AM_DOMAIN_MASTER_BROWSER(work))
+  {
+    DEBUG(0,("process_master_browser_announce: Local master announce made to us from \
+%s IP %s and we are not a domain master browser.\n", local_master_name, inet_ntoa(p->ip)));
+    goto done;
+  }
+
+  /* Add this host as a local master browser entry on the browse lists.
+     This causes a sync request to be made to it at a later date.
+   */
+
+  if((browrec = find_browser_in_lmb_cache( local_master_name )) == NULL)
+  {
+    /* Add it. */
+    create_browser_in_lmb_cache( work->work_group, local_master_name, p->ip);
+  }
+  else
+    update_browser_death_time(browrec);
+done:
+  END_PROFILE(master_browser_announce);
+}
+
+/*******************************************************************
+  Process an incoming LanMan host announcement packet.
+*******************************************************************/
+
+void process_lm_host_announce(struct subnet_record *subrec, struct packet_struct *p, char *buf)
+{
+  struct dgram_packet *dgram = &p->packet.dgram;
+  uint32 servertype = IVAL(buf,1);
+  int osmajor=CVAL(buf,5);           /* major version of node software */
+  int osminor=CVAL(buf,6);           /* minor version of node software */
+  int ttl = SVAL(buf,7);
+  char *announce_name = buf+9;
+  struct work_record *work;
+  struct server_record *servrec;
+  char *work_name;
+  char *source_name = dgram->source_name.name;
+  pstring comment;
+  char *s = buf+9;
+
+  START_PROFILE(lm_host_announce);
+  s = skip_string(s,1);
+  StrnCpy(comment, s, 43);
+
+  DEBUG(3,("process_lm_host_announce: LM Announcement from %s<%02x> IP %s to \
+%s for server %s.\n", source_name, source_name[15], inet_ntoa(p->ip),
+              nmb_namestr(&dgram->dest_name),announce_name));
+
+  DEBUG(5,("process_lm_host_announce: os=(%d,%d) ttl=%d server type=%08x comment=%s\n",
+          osmajor, osminor, ttl, servertype,comment));
+
+  if ((osmajor < 36) || (osmajor > 38) || (osminor !=0))
+  {
+    DEBUG(5,("process_lm_host_announce: LM Announcement packet does not \
+originate from OS/2 Warp client. Ignoring packet.\n"));
+    /* Could have been from a Windows machine (with its LM Announce enabled),
+       or a Samba server. Then don't disrupt the current browse list. */
+    goto done;
+  }
+
+  /* Filter servertype to remove impossible bits. */
+  servertype &= ~(SV_TYPE_LOCAL_LIST_ONLY|SV_TYPE_DOMAIN_ENUM);
+
+  /* A LanMan host announcement must be sent to the name WORKGROUP<00>. */
+  if(dgram->dest_name.name_type != 0x00)
+  {
+    DEBUG(2,("process_lm_host_announce: incorrect name type for destination from IP %s \
+(was %02x) should be 0x00. Allowing packet anyway.\n",
+              inet_ntoa(p->ip), dgram->dest_name.name_type));
+    /* Change it so it was. */
+    dgram->dest_name.name_type = 0x00;
+  }
+
+  /* For a LanMan host announce the workgroup name is the destination name. */
+  work_name = dgram->dest_name.name;
+
+  /*
+   * Syntax servers version 5.1 send HostAnnounce packets to
+   * *THE WRONG NAME*. They send to LOCAL_MASTER_BROWSER_NAME<00>
+   * instead of WORKGROUP<1d> name. So to fix this we check if
+   * the workgroup name is our own name, and if so change it
+   * to be our primary workgroup name. This code is probably
+   * not needed in the LanMan announce code, but it won't hurt.
+   */
+
+  if(strequal(work_name, global_myname))
+    work_name = global_myworkgroup;
+
+  /*
+   * We are being very agressive here in adding a workgroup
+   * name on the basis of a host announcing itself as being
+   * in that workgroup. Maybe we should wait for the workgroup
+   * announce instead ? JRA.
+   */
+
+  work = find_workgroup_on_subnet(subrec, work_name);
+
+  if(servertype != 0)
+  {
+    if (work == NULL)
+    {
+      /* We have no record of this workgroup. Add it. */
+      if((work = create_workgroup_on_subnet(subrec, work_name, ttl))==NULL)
+        goto done;
+    }
+
+    if((servrec = find_server_in_workgroup( work, announce_name))==NULL)
+    {
+      /* If this server is not already in the workgroup, add it. */
+      create_server_on_workgroup(work, announce_name,
+                                 servertype|SV_TYPE_LOCAL_LIST_ONLY,
+                                 ttl, comment);
+    }
+    else
+    {
+      /* Update the record. */
+      servrec->serv.type = servertype|SV_TYPE_LOCAL_LIST_ONLY;
+      update_server_ttl( servrec, ttl);
+      StrnCpy(servrec->serv.comment,comment,sizeof(servrec->serv.comment)-1);
+    }
+  }
+  else
+  {
+    /*
+     * This server is announcing it is going down. Remove it from the
+     * workgroup.
+     */
+    if(!is_myname(announce_name) && (work != NULL) &&
+       ((servrec = find_server_in_workgroup( work, announce_name))!=NULL)
+      )
+    {
+      remove_server_from_workgroup( work, servrec);
+    }
+  }
+
+  subrec->work_changed = True;
+  found_lm_clients = True;
+done:
+  END_PROFILE(lm_host_announce);
+}
+
+/****************************************************************************
+  Send a backup list response.
+*****************************************************************************/
+static void send_backup_list_response(struct subnet_record *subrec, 
+				      struct work_record *work,
+				      struct nmb_name *send_to_name,
+				      unsigned char max_number_requested,
+				      uint32 token, struct in_addr sendto_ip,
+				      int port)
+{                     
+  char outbuf[1024];
+  char *p, *countptr;
+  unsigned int count = 0;
+#if 0
+  struct server_record *servrec;
+#endif
+
+  memset(outbuf,'\0',sizeof(outbuf));
+
+  DEBUG(3,("send_backup_list_response: sending backup list for workgroup %s to %s IP %s\n",
+	   work->work_group, nmb_namestr(send_to_name), inet_ntoa(sendto_ip)));
+  
+  p = outbuf;
+  
+  SCVAL(p,0,ANN_GetBackupListResp); /* Backup list response opcode. */
+  p++;
+
+  countptr = p;
+  p++;
+
+  SIVAL(p,0,token); /* The sender's unique info. */
+  p += 4;
+  
+  /* We always return at least one name - our own. */
+  count = 1;
+  StrnCpy(p,global_myname,15);
+  strupper(p);
+  p = skip_string(p,1);
+
+  /* Look for backup browsers in this workgroup. */
+
+#if 0
+  /* we don't currently send become_backup requests so we should never
+     send any other servers names out as backups for our
+     workgroup. That's why this is commented out (tridge) */
+
+  /*
+   * NB. Note that the struct work_record here is not neccessarily
+   * attached to the subnet *subrec.
+   */
+
+  for (servrec = work->serverlist; servrec; servrec = servrec->next)
+  { 
+    int len = PTR_DIFF(p, outbuf);
+    if((sizeof(outbuf) - len) < 16)
+      break;
+
+    if(count >= (unsigned int)max_number_requested)
+      break;
+
+    if(strnequal(servrec->serv.name, global_myname,15))
+      continue;
+
+    if(!(servrec->serv.type & SV_TYPE_BACKUP_BROWSER))
+      continue;
+
+    StrnCpy(p, servrec->serv.name, 15);
+    strupper(p);
+    count++;
+
+    DEBUG(5,("send_backup_list_response: Adding server %s number %d\n",
+              p, count));
+
+    p = skip_string(p,1);
+  }
+#endif
+
+  SCVAL(countptr, 0, count);
+
+  DEBUG(4,("send_backup_list_response: sending response to %s<00> IP %s with %d servers.\n",
+          send_to_name->name, inet_ntoa(sendto_ip), count));
+
+  send_mailslot(True, BROWSE_MAILSLOT,
+                outbuf,PTR_DIFF(p,outbuf),
+                global_myname, 0, 
+                send_to_name->name,0,
+                sendto_ip, subrec->myip, port);
+}
+
+/*******************************************************************
+  Process a send backup list request packet.
+
+  A client sends a backup list request to ask for a list of servers on
+  the net that maintain server lists for a domain. A server is then
+  chosen from this list to send NetServerEnum commands to to list
+  available servers.
+
+********************************************************************/
+
+void process_get_backup_list_request(struct subnet_record *subrec,
+                                     struct packet_struct *p,char *buf)
+{
+  struct dgram_packet *dgram = &p->packet.dgram;
+  struct work_record *work;
+  unsigned char max_number_requested = CVAL(buf,0);
+  uint32 token = IVAL(buf,1); /* Sender's key index for the workgroup. */
+  int name_type = dgram->dest_name.name_type;
+  char *workgroup_name = dgram->dest_name.name;
+  struct subnet_record *search_subrec = subrec;
+
+  START_PROFILE(get_backup_list);
+  DEBUG(3,("process_get_backup_list_request: request from %s IP %s to %s.\n",
+           nmb_namestr(&dgram->source_name), inet_ntoa(p->ip),
+           nmb_namestr(&dgram->dest_name)));
+  
+  /* We have to be a master browser, or a domain master browser
+     for the requested workgroup. That means it must be our
+     workgroup. */
+
+  if(strequal(workgroup_name, global_myworkgroup) == False)
+  {
+    DEBUG(7,("process_get_backup_list_request: Ignoring announce request for workgroup %s.\n",
+           workgroup_name));
+    goto done;
+  }
+
+  if((work = find_workgroup_on_subnet(search_subrec, workgroup_name)) == NULL)
+  {
+    DEBUG(0,("process_get_backup_list_request: Cannot find workgroup %s on \
+subnet %s.\n", workgroup_name, search_subrec->subnet_name));
+    goto done;
+  }
+
+  /* 
+   * If the packet was sent to WORKGROUP<1b> instead
+   * of WORKGROUP<1d> then it was unicast to us a domain master
+   * browser. Change search subrec to unicast.
+   */
+
+  if(name_type == 0x1b)
+  {
+    /* We must be a domain master browser in order to
+       process this packet. */
+
+    if(!AM_DOMAIN_MASTER_BROWSER(work))
+    {
+      DEBUG(0,("process_get_backup_list_request: domain list requested for workgroup %s \
+and I am not a domain master browser.\n", workgroup_name));
+      goto done;
+    }
+
+    search_subrec = unicast_subnet;
+  }
+  else if (name_type == 0x1d)
+  {
+    /* We must be a local master browser in order to
+       process this packet. */
+
+    if(!AM_LOCAL_MASTER_BROWSER(work))
+    {
+      DEBUG(0,("process_get_backup_list_request: domain list requested for workgroup %s \
+and I am not a local master browser.\n", workgroup_name));
+      goto done;
+    }
+  }
+  else
+  {
+    DEBUG(0,("process_get_backup_list_request: Invalid name type %x - should be 0x1b or 0x1d.\n",
+            name_type));
+    goto done;
+  }
+
+  send_backup_list_response(subrec, work, &dgram->source_name, 
+                            max_number_requested, token, p->ip, p->port);
+done:
+  END_PROFILE(get_backup_list);
+}
+
+/*******************************************************************
+  Process a reset browser state packet.
+
+  Diagnostic packet:
+  0x1 - Stop being a master browser and become a backup browser.
+  0x2 - Discard browse lists, stop being a master browser, try again.
+  0x4 - Stop being a master browser forever.
+         
+******************************************************************/
+
+void process_reset_browser(struct subnet_record *subrec,
+                                  struct packet_struct *p,char *buf)
+{
+  struct dgram_packet *dgram = &p->packet.dgram;
+  int state = CVAL(buf,0);
+  struct subnet_record *sr;
+
+  START_PROFILE(reset_browser);
+  DEBUG(1,("process_reset_browser: received diagnostic browser reset \
+request from %s IP %s state=0x%X\n",
+             nmb_namestr(&dgram->source_name), inet_ntoa(p->ip), state));
+
+  /* Stop being a local master browser on all our broadcast subnets. */
+  if (state & 0x1)
+  {
+    for (sr = FIRST_SUBNET; sr; sr = NEXT_SUBNET_EXCLUDING_UNICAST(sr))
+    {
+      struct work_record *work;
+      for (work = sr->workgrouplist; work; work = work->next)
+      {
+        if (AM_LOCAL_MASTER_BROWSER(work))
+          unbecome_local_master_browser(sr, work, True);
+      }
+    }
+  }
+  
+  /* Discard our browse lists. */
+  if (state & 0x2)
+  {
+    /*
+     * Calling expire_workgroups_and_servers with a -1
+     * time causes all servers not marked with a PERMANENT_TTL
+     * on the workgroup lists to be discarded, and all 
+     * workgroups with empty server lists to be discarded.
+     * This means we keep our own server names and workgroup
+     * as these have a PERMANENT_TTL.
+     */
+
+    expire_workgroups_and_servers(-1);
+  }
+  
+  /* Request to stop browsing altogether. */
+  if (state & 0x4)
+    DEBUG(1,("process_reset_browser: ignoring request to stop being a browser.\n"));
+
+  END_PROFILE(reset_browser);
+}
+
+/*******************************************************************
+  Process an announcement request packet.
+  We don't respond immediately, we just check it's a request for
+  our workgroup and then set the flag telling the announce code
+  in nmbd_sendannounce.c:announce_my_server_names that an 
+  announcement is needed soon.
+******************************************************************/
+
+void process_announce_request(struct subnet_record *subrec, struct packet_struct *p, char *buf)
+{
+  struct dgram_packet *dgram = &p->packet.dgram;
+  struct work_record *work;
+  char *workgroup_name = dgram->dest_name.name;
+ 
+  START_PROFILE(announce_request);
+  DEBUG(3,("process_announce_request: Announce request from %s IP %s to %s.\n",
+           nmb_namestr(&dgram->source_name), inet_ntoa(p->ip),
+           nmb_namestr(&dgram->dest_name)));
+  
+  /* We only send announcement requests on our workgroup. */
+  if(strequal(workgroup_name, global_myworkgroup) == False)
+  {
+    DEBUG(7,("process_announce_request: Ignoring announce request for workgroup %s.\n",
+           workgroup_name));
+    goto done;
+  }
+
+  if((work = find_workgroup_on_subnet(subrec, workgroup_name)) == NULL)
+  {
+    DEBUG(0,("process_announce_request: Unable to find workgroup %s on subnet !\n",
+            workgroup_name));
+    goto done;
+  }
+
+  work->needannounce = True;
+done:
+  END_PROFILE(lm_host_announce);
+}
+
+/*******************************************************************
+  Process a LanMan announcement request packet.
+  We don't respond immediately, we just check it's a request for
+  our workgroup and then set the flag telling that we have found
+  a LanMan client (DOS or OS/2) and that we will have to start
+  sending LanMan announcements (unless specifically disabled
+  through the "lm announce" parameter in smb.conf)
+******************************************************************/
+
+void process_lm_announce_request(struct subnet_record *subrec, struct packet_struct *p, char *buf)
+{
+  struct dgram_packet *dgram = &p->packet.dgram;
+  char *workgroup_name = dgram->dest_name.name;
+
+  START_PROFILE(lm_announce_request);
+  DEBUG(3,("process_lm_announce_request: Announce request from %s IP %s to %s.\n",
+           nmb_namestr(&dgram->source_name), inet_ntoa(p->ip),
+           nmb_namestr(&dgram->dest_name)));
+
+  /* We only send announcement requests on our workgroup. */
+  if(strequal(workgroup_name, global_myworkgroup) == False)
+  {
+    DEBUG(7,("process_lm_announce_request: Ignoring announce request for workgroup %s.\n",
+           workgroup_name));
+    goto done;
+  }
+
+  if(find_workgroup_on_subnet(subrec, workgroup_name) == NULL)
+  {
+    DEBUG(0,("process_announce_request: Unable to find workgroup %s on subnet !\n",
+            workgroup_name));
+    goto done;
+  }
+
+  found_lm_clients = True;
+done:
+  END_PROFILE(lm_host_announce);
+}
diff --git a/source3/nmbd/nmbd_incomingrequests.c b/source3/nmbd/nmbd_incomingrequests.c
new file mode 100644
index 0000000000..3f2b921074
--- /dev/null
+++ b/source3/nmbd/nmbd_incomingrequests.c
@@ -0,0 +1,623 @@
+/* 
+   Unix SMB/CIFS implementation.
+   NBT netbios routines and daemon - version 2
+   Copyright (C) Andrew Tridgell 1994-1998
+   Copyright (C) Luke Kenneth Casson Leighton 1994-1998
+   Copyright (C) Jeremy Allison 1994-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   
+   This file contains all the code to process NetBIOS requests coming
+   in on port 137. It does not deal with the code needed to service
+   WINS server requests, but only broadcast and unicast requests.
+
+*/
+
+#include "includes.h"
+
+extern fstring global_myworkgroup;
+
+/****************************************************************************
+Send a name release response.
+**************************************************************************/
+
+static void send_name_release_response(int rcode, struct packet_struct *p)
+{
+  struct nmb_packet *nmb = &p->packet.nmb;
+  char rdata[6];
+
+  memcpy(&rdata[0], &nmb->additional->rdata[0], 6);
+  
+  reply_netbios_packet(p,                            /* Packet to reply to. */
+                       rcode,                        /* Result code. */
+                       NMB_REL,                      /* nmbd type code. */
+                       NMB_NAME_RELEASE_OPCODE,      /* opcode. */
+                       0,                            /* ttl. */
+                       rdata,                        /* data to send. */
+                       6);                           /* data length. */
+}
+
+/****************************************************************************
+Process a name release packet on a broadcast subnet.
+Ignore it if it's not one of our names.
+****************************************************************************/
+
+void process_name_release_request(struct subnet_record *subrec, 
+                                  struct packet_struct *p)
+{
+  struct nmb_packet *nmb = &p->packet.nmb;
+  struct in_addr owner_ip;
+  struct nmb_name *question = &nmb->question.question_name;
+  BOOL bcast = nmb->header.nm_flags.bcast;
+  uint16 nb_flags = get_nb_flags(nmb->additional->rdata);
+  BOOL group = (nb_flags & NB_GROUP) ? True : False;
+  struct name_record *namerec;
+  int rcode = 0;
+  
+  putip((char *)&owner_ip,&nmb->additional->rdata[2]);  
+  
+  if(!bcast)
+  {
+    /* We should only get broadcast name release packets here.
+       Anyone trying to release unicast should be going to a WINS
+       server. If the code gets here, then either we are not a wins
+       server and they sent it anyway, or we are a WINS server and
+       the request was malformed. Either way, log an error here.
+       and send an error reply back.
+     */
+    DEBUG(0,("process_name_release_request: unicast name release request \
+received for name %s from IP %s on subnet %s. Error - should be sent to WINS server\n",
+          nmb_namestr(question), inet_ntoa(owner_ip), subrec->subnet_name));      
+
+    send_name_release_response(FMT_ERR, p);
+    return;
+  }
+
+  DEBUG(3,("process_name_release_request: Name release on name %s, \
+subnet %s from owner IP %s\n",
+           nmb_namestr(&nmb->question.question_name),
+           subrec->subnet_name, inet_ntoa(owner_ip)));
+  
+  /* If someone is releasing a broadcast group name, just ignore it. */
+  if( group && !ismyip(owner_ip) )
+    return;
+
+  /*
+   * Code to work around a bug in FTP OnNet software NBT implementation.
+   * They do a broadcast name release for WORKGROUP<0> and WORKGROUP<1e>
+   * names and *don't set the group bit* !!!!!
+   */
+
+  if( !group && !ismyip(owner_ip) && strequal(question->name, global_myworkgroup) && 
+      ((question->name_type == 0x0) || (question->name_type == 0x1e)))
+  {
+    DEBUG(6,("process_name_release_request: FTP OnNet bug workaround. Ignoring \
+group release name %s from IP %s on subnet %s with no group bit set.\n",
+        nmb_namestr(question), inet_ntoa(owner_ip), subrec->subnet_name ));
+    return;
+  }
+
+  namerec = find_name_on_subnet(subrec, &nmb->question.question_name, FIND_ANY_NAME);
+
+  /* We only care about someone trying to release one of our names. */
+  if( namerec
+   && ( (namerec->data.source == SELF_NAME)
+     || (namerec->data.source == PERMANENT_NAME) ) )
+  {
+    rcode = ACT_ERR;
+    DEBUG(0, ("process_name_release_request: Attempt to release name %s from IP %s \
+on subnet %s being rejected as it is one of our names.\n", 
+          nmb_namestr(&nmb->question.question_name), inet_ntoa(owner_ip), subrec->subnet_name));
+  }
+
+  if(rcode == 0)
+    return;
+
+  /* Send a NAME RELEASE RESPONSE (pos/neg) see rfc1002.txt 4.2.10-11 */
+  send_name_release_response(rcode, p);
+}
+
+/****************************************************************************
+Send a name registration response.
+**************************************************************************/
+
+static void send_name_registration_response(int rcode, int ttl, struct packet_struct *p)
+{
+  struct nmb_packet *nmb = &p->packet.nmb;
+  char rdata[6];
+
+  memcpy(&rdata[0], &nmb->additional->rdata[0], 6);
+  
+  reply_netbios_packet(p,                             /* Packet to reply to. */
+                       rcode,                         /* Result code. */
+                       NMB_REG,                       /* nmbd type code. */
+                       NMB_NAME_REG_OPCODE,           /* opcode. */
+                       ttl,                           /* ttl. */
+                       rdata,                         /* data to send. */
+                       6);                            /* data length. */
+}
+
+/****************************************************************************
+Process a name refresh request on a broadcast subnet.
+**************************************************************************/
+     
+void process_name_refresh_request(struct subnet_record *subrec,
+                                  struct packet_struct *p)
+{    
+     
+  struct nmb_packet *nmb = &p->packet.nmb;
+  struct nmb_name *question = &nmb->question.question_name;
+  BOOL bcast = nmb->header.nm_flags.bcast;
+  struct in_addr from_ip;
+  
+  putip((char *)&from_ip,&nmb->additional->rdata[2]);
+
+  if(!bcast)
+  { 
+    /* We should only get broadcast name refresh packets here.
+       Anyone trying to refresh unicast should be going to a WINS
+       server. If the code gets here, then either we are not a wins
+       server and they sent it anyway, or we are a WINS server and
+       the request was malformed. Either way, log an error here.
+       and send an error reply back.
+     */
+    DEBUG(0,("process_name_refresh_request: unicast name registration request \
+received for name %s from IP %s on subnet %s.\n",
+          nmb_namestr(question), inet_ntoa(from_ip), subrec->subnet_name));
+    DEBUG(0,("Error - should be sent to WINS server\n"));
+    
+    send_name_registration_response(FMT_ERR, 0, p);
+    return;
+  } 
+
+  /* Just log a message. We really don't care about broadcast name
+     refreshes. */
+     
+  DEBUG(3,("process_name_refresh_request: Name refresh for name %s \
+IP %s on subnet %s\n", nmb_namestr(question), inet_ntoa(from_ip), subrec->subnet_name));
+     
+}
+    
+/****************************************************************************
+Process a name registration request on a broadcast subnet.
+**************************************************************************/
+
+void process_name_registration_request(struct subnet_record *subrec, 
+                                       struct packet_struct *p)
+{
+  struct nmb_packet *nmb = &p->packet.nmb;
+  struct nmb_name *question = &nmb->question.question_name;
+  BOOL bcast = nmb->header.nm_flags.bcast;
+  uint16 nb_flags = get_nb_flags(nmb->additional->rdata);
+  BOOL group = (nb_flags & NB_GROUP) ? True : False;
+  struct name_record *namerec = NULL;
+  int ttl = nmb->additional->ttl;
+  struct in_addr from_ip;
+  
+  putip((char *)&from_ip,&nmb->additional->rdata[2]);
+  
+  if(!bcast)
+  {
+    /* We should only get broadcast name registration packets here.
+       Anyone trying to register unicast should be going to a WINS
+       server. If the code gets here, then either we are not a wins
+       server and they sent it anyway, or we are a WINS server and
+       the request was malformed. Either way, log an error here.
+       and send an error reply back.
+     */
+    DEBUG(0,("process_name_registration_request: unicast name registration request \
+received for name %s from IP %s on subnet %s. Error - should be sent to WINS server\n",
+          nmb_namestr(question), inet_ntoa(from_ip), subrec->subnet_name));      
+
+    send_name_registration_response(FMT_ERR, 0, p);
+    return;
+  }
+
+  DEBUG(3,("process_name_registration_request: Name registration for name %s \
+IP %s on subnet %s\n", nmb_namestr(question), inet_ntoa(from_ip), subrec->subnet_name));
+  
+  /* See if the name already exists. */
+  namerec = find_name_on_subnet(subrec, question, FIND_ANY_NAME);
+ 
+  /* 
+   * If the name being registered exists and is a WINS_PROXY_NAME 
+   * then delete the WINS proxy name entry so we don't reply erroneously
+   * later to queries.
+   */
+
+  if((namerec != NULL) && (namerec->data.source == WINS_PROXY_NAME))
+  {
+    remove_name_from_namelist( subrec, namerec );
+    namerec = NULL;
+  }
+
+  if (!group)
+  {
+    /* Unique name. */
+
+    if( (namerec != NULL)
+     && ( (namerec->data.source == SELF_NAME)
+       || (namerec->data.source == PERMANENT_NAME)
+       || NAME_GROUP(namerec) ) )
+    {
+      /* No-one can register one of Samba's names, nor can they
+         register a name that's a group name as a unique name */
+
+      send_name_registration_response(ACT_ERR, 0, p);
+      return;
+    }
+    else if(namerec != NULL)
+    {
+      /* Update the namelist record with the new information. */
+      namerec->data.ip[0] = from_ip;
+      update_name_ttl(namerec, ttl);
+
+      DEBUG(3,("process_name_registration_request: Updated name record %s \
+with IP %s on subnet %s\n",nmb_namestr(&namerec->name),inet_ntoa(from_ip), subrec->subnet_name));
+      return;
+    }
+  }
+  else
+  {
+    /* Group name. */
+
+    if( (namerec != NULL)
+     && !NAME_GROUP(namerec)
+     && ( (namerec->data.source == SELF_NAME)
+       || (namerec->data.source == PERMANENT_NAME) ) )
+    {
+      /* Disallow group names when we have a unique name. */
+      send_name_registration_response(ACT_ERR, 0, p);  
+      return;  
+    }  
+  }
+}
+
+/****************************************************************************
+This is used to sort names for a name status into a sensible order.
+We put our own names first, then in alphabetical order.
+**************************************************************************/
+
+static int status_compare(char *n1,char *n2)
+{
+  extern pstring global_myname;
+  int l1,l2,l3;
+
+  /* It's a bit tricky because the names are space padded */
+  for (l1=0;l1<15 && n1[l1] && n1[l1] != ' ';l1++) ;
+  for (l2=0;l2<15 && n2[l2] && n2[l2] != ' ';l2++) ;
+  l3 = strlen(global_myname);
+
+  if ((l1==l3) && strncmp(n1,global_myname,l3) == 0 && 
+      (l2!=l3 || strncmp(n2,global_myname,l3) != 0))
+    return -1;
+
+  if ((l2==l3) && strncmp(n2,global_myname,l3) == 0 && 
+      (l1!=l3 || strncmp(n1,global_myname,l3) != 0))
+    return 1;
+
+  return memcmp(n1,n2,18);
+}
+
+
+/****************************************************************************
+  Process a node status query
+  ****************************************************************************/
+
+void process_node_status_request(struct subnet_record *subrec, struct packet_struct *p)
+{
+  struct nmb_packet *nmb = &p->packet.nmb;
+  char *qname   = nmb->question.question_name.name;
+  int ques_type = nmb->question.question_name.name_type;
+  char rdata[MAX_DGRAM_SIZE];
+  char *countptr, *buf, *bufend, *buf0;
+  int names_added,i;
+  struct name_record *namerec;
+
+  DEBUG(3,("process_node_status_request: status request for name %s from IP %s on \
+subnet %s.\n", nmb_namestr(&nmb->question.question_name), inet_ntoa(p->ip),
+          subrec->subnet_name));
+
+  if((namerec = find_name_on_subnet(subrec, &nmb->question.question_name,
+                                    FIND_SELF_NAME)) == 0)
+  {
+    DEBUG(1,("process_node_status_request: status request for name %s from IP %s on \
+subnet %s - name not found.\n", nmb_namestr(&nmb->question.question_name),
+          inet_ntoa(p->ip), subrec->subnet_name));
+
+    return;
+  }
+ 
+  /* this is not an exact calculation. the 46 is for the stats buffer
+     and the 60 is to leave room for the header etc */
+  bufend = &rdata[MAX_DGRAM_SIZE] - (18 + 46 + 60);
+  countptr = buf = rdata;
+  buf += 1;
+  buf0 = buf;
+
+  names_added = 0;
+
+  namerec = (struct name_record *)ubi_trFirst( subrec->namelist );
+
+  while (buf < bufend) 
+  {
+    if( (namerec->data.source == SELF_NAME)
+     || (namerec->data.source == PERMANENT_NAME) )
+    {
+      int name_type = namerec->name.name_type;
+      
+      if (!strequal(namerec->name.name,"*") &&
+          !strequal(namerec->name.name,"__SAMBA__") &&
+          (name_type < 0x1b || name_type >= 0x20 || 
+           ques_type < 0x1b || ques_type >= 0x20 ||
+           strequal(qname, namerec->name.name)))
+      {
+        /* Start with the name. */
+        memset(buf,'\0',18);
+        slprintf(buf, 17, "%-15.15s",namerec->name.name);
+        strupper(buf);
+        
+        /* Put the name type and netbios flags in the buffer. */
+        buf[15] = name_type;
+        set_nb_flags( &buf[16],namerec->data.nb_flags );
+        buf[16] |= NB_ACTIVE; /* all our names are active */
+
+        buf += 18;
+
+        names_added++;
+      }
+    }
+
+    /* Remove duplicate names. */
+    if (names_added > 1) {
+	    qsort( buf0, names_added, 18, QSORT_CAST status_compare );
+    }
+
+    for( i=1; i < names_added ; i++ )
+    {
+      if (memcmp(buf0 + 18*i,buf0 + 18*(i-1),16) == 0) 
+      {
+        names_added--;
+        if (names_added == i)
+          break;
+        memmove(buf0 + 18*i,buf0 + 18*(i+1),18*(names_added-i));
+        i--;
+      }
+    }
+
+    buf = buf0 + 18*names_added;
+
+    namerec = (struct name_record *)ubi_trNext( namerec );
+
+    if (!namerec)
+    {
+      /* End of the subnet specific name list. Now 
+         add the names on the unicast subnet . */
+      struct subnet_record *uni_subrec = unicast_subnet;
+
+      if (uni_subrec != subrec)
+      {
+        subrec = uni_subrec;
+        namerec = (struct name_record *)ubi_trFirst( subrec->namelist );
+      }
+    }
+    if (!namerec)
+      break;
+
+  }
+  
+  SCVAL(countptr,0,names_added);
+  
+  /* We don't send any stats as they could be used to attack
+     the protocol. */
+  memset(buf,'\0',46);
+  
+  buf += 46;
+  
+  /* Send a NODE STATUS RESPONSE */
+  reply_netbios_packet(p,                            /* Packet to reply to. */
+                       0,                            /* Result code. */
+                       NMB_STATUS,                   /* nmbd type code. */
+                       NMB_NAME_QUERY_OPCODE,        /* opcode. */
+		       0,                            /* ttl. */
+                       rdata,                        /* data to send. */
+                       PTR_DIFF(buf,rdata));         /* data length. */
+}
+
+
+/***************************************************************************
+Process a name query.
+
+For broadcast name queries:
+
+  - Only reply if the query is for one of YOUR names.
+  - NEVER send a negative response to a broadcast query.
+
+****************************************************************************/
+
+void process_name_query_request(struct subnet_record *subrec, struct packet_struct *p)
+{
+  struct nmb_packet *nmb = &p->packet.nmb;
+  struct nmb_name *question = &nmb->question.question_name;
+  int name_type = question->name_type;
+  BOOL bcast = nmb->header.nm_flags.bcast;
+  int ttl=0;
+  int rcode = 0;
+  char *prdata = NULL;
+  char rdata[6];
+  BOOL success = False;
+  struct name_record *namerec = NULL;
+  int reply_data_len = 0;
+  int i;
+ 
+  DEBUG(3,("process_name_query_request: Name query from %s on subnet %s for name %s\n", 
+            inet_ntoa(p->ip), subrec->subnet_name, nmb_namestr(question)));
+  
+  /* Look up the name in the cache - if the request is a broadcast request that
+     came from a subnet we don't know about then search all the broadcast subnets
+     for a match (as we don't know what interface the request came in on). */
+
+  if(subrec == remote_broadcast_subnet)
+    namerec = find_name_for_remote_broadcast_subnet( question, FIND_ANY_NAME);
+  else
+    namerec = find_name_on_subnet(subrec, question, FIND_ANY_NAME);
+
+
+  /* Check if it is a name that expired */
+  if( namerec
+   && ( (namerec->data.death_time != PERMANENT_TTL)
+     && (namerec->data.death_time < p->timestamp) ) )
+  {
+    DEBUG(5,("process_name_query_request: expired name %s\n", nmb_namestr(&namerec->name)));
+    namerec = NULL;
+  }
+
+  if (namerec)
+  {
+
+    /* 
+     * Always respond to unicast queries.
+     * Don't respond to broadcast queries unless the query is for
+     * a name we own, a Primary Domain Controller name, or a WINS_PROXY 
+     * name with type 0 or 0x20. WINS_PROXY names are only ever added
+     * into the namelist if we were configured as a WINS proxy.
+     */
+
+    if( !bcast
+     || ( bcast
+       && ( (name_type == 0x1b)
+         || (namerec->data.source == SELF_NAME)
+         || (namerec->data.source == PERMANENT_NAME)
+         || ( (namerec->data.source == WINS_PROXY_NAME)
+           && ( (name_type == 0) || (name_type == 0x20) ) 
+            )
+          )
+        )
+      )
+    {
+      
+      /* The requested name is a directed query, or it's SELF or PERMANENT or WINS_PROXY, 
+         or it's a Domain Master type. */
+
+      /*
+       * If this is a WINS_PROXY_NAME, then ceck that none of the IP 
+       * addresses we are returning is on the same broadcast subnet 
+       * as the requesting packet. If it is then don't reply as the 
+       * actual machine will be replying also and we don't want two 
+       * replies to a broadcast query.
+       */
+
+      if( namerec->data.source == WINS_PROXY_NAME )
+      {
+        for( i = 0; i < namerec->data.num_ips; i++)
+        {
+          if(same_net( namerec->data.ip[i], subrec->myip, subrec->mask_ip ))    
+          {
+            DEBUG(5,("process_name_query_request: name %s is a WINS proxy name and is also \
+on the same subnet (%s) as the requestor. Not replying.\n", 
+                   nmb_namestr(&namerec->name), subrec->subnet_name ));
+            return;
+          }
+        }   
+      }     
+
+      ttl = (namerec->data.death_time != PERMANENT_TTL) ?
+                     namerec->data.death_time - p->timestamp : lp_max_ttl();
+
+      /* Copy all known ip addresses into the return data. */
+      /* Optimise for the common case of one IP address so 
+         we don't need a malloc. */
+
+      if( namerec->data.num_ips == 1 )
+        prdata = rdata;
+      else
+      {
+        if((prdata = (char *)malloc( namerec->data.num_ips * 6 )) == NULL)
+        {
+          DEBUG(0,("process_name_query_request: malloc fail !\n"));
+          return;
+        }
+      }
+
+      for( i = 0; i < namerec->data.num_ips; i++ )
+      {
+        set_nb_flags(&prdata[i*6],namerec->data.nb_flags);
+        putip((char *)&prdata[2+(i*6)], &namerec->data.ip[i]);
+      }
+
+      sort_query_replies(prdata, i, p->ip);
+      
+      reply_data_len = namerec->data.num_ips * 6;
+      success = True;
+    }
+  }
+
+  /*
+   * If a machine is broadcasting a name lookup request and we have lp_wins_proxy()
+   * set we should initiate a WINS query here. On success we add the resolved name 
+   * into our namelist with a type of WINS_PROXY_NAME and then reply to the query.
+   */
+
+  if(!success && (namerec == NULL) && we_are_a_wins_client() && lp_wins_proxy() && 
+     bcast && (subrec != remote_broadcast_subnet))
+  {
+    make_wins_proxy_name_query_request( subrec, p, question );
+    return;
+  }
+
+  if (!success && bcast)
+  {
+    if(prdata != rdata)
+      SAFE_FREE(prdata);
+    return; /* Never reply with a negative response to broadcasts. */
+  }
+
+  /* 
+   * Final check. From observation, if a unicast packet is sent
+   * to a non-WINS server with the recursion desired bit set
+   * then never send a negative response.
+   */
+
+  if(!success && !bcast && nmb->header.nm_flags.recursion_desired)
+  {
+    if(prdata != rdata)
+      SAFE_FREE(prdata);
+    return;
+  }
+
+  if (success)
+  {
+      rcode = 0;
+      DEBUG(3,("OK\n"));
+  }
+  else
+  {
+      rcode = NAM_ERR;
+      DEBUG(3,("UNKNOWN\n"));      
+  }
+
+  /* See rfc1002.txt 4.2.13. */
+
+  reply_netbios_packet(p,                              /* Packet to reply to. */
+                       rcode,                          /* Result code. */
+                       NMB_QUERY,                      /* nmbd type code. */
+                       NMB_NAME_QUERY_OPCODE,          /* opcode. */
+                       ttl,                            /* ttl. */
+                       prdata,                         /* data to send. */
+                       reply_data_len);                /* data length. */
+
+  if(prdata != rdata)
+    SAFE_FREE(prdata);
+}
diff --git a/source3/nmbd/nmbd_lmhosts.c b/source3/nmbd/nmbd_lmhosts.c
new file mode 100644
index 0000000000..3c067d8ed4
--- /dev/null
+++ b/source3/nmbd/nmbd_lmhosts.c
@@ -0,0 +1,98 @@
+/*
+   Unix SMB/CIFS implementation.
+   NBT netbios routines and daemon - version 2
+   Copyright (C) Jeremy Allison 1994-1998
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+   Revision History:
+
+   Handle lmhosts file reading.
+
+*/
+
+#include "includes.h"
+
+/****************************************************************************
+Load a lmhosts file.
+****************************************************************************/
+void load_lmhosts_file(char *fname)
+{  
+  pstring name;
+  int name_type;
+  struct in_addr ipaddr;
+  XFILE *fp = startlmhosts( fname );
+
+  if (!fp) {
+    DEBUG(2,("load_lmhosts_file: Can't open lmhosts file %s. Error was %s\n",
+             fname, strerror(errno)));
+    return;
+  }
+   
+  while (getlmhostsent(fp, name, &name_type, &ipaddr) )
+  {
+    struct subnet_record *subrec = NULL;
+    enum name_source source = LMHOSTS_NAME;
+
+    /* We find a relevent subnet to put this entry on, then add it. */
+    /* Go through all the broadcast subnets and see if the mask matches. */
+    for (subrec = FIRST_SUBNET; subrec ; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec))
+    {
+      if(same_net(ipaddr, subrec->bcast_ip, subrec->mask_ip))
+        break;
+    }
+  
+    /* If none match add the name to the remote_broadcast_subnet. */
+    if(subrec == NULL)
+      subrec = remote_broadcast_subnet;
+
+    if(name_type == -1)
+    {
+      /* Add the (0) and (0x20) names directly into the namelist for this subnet. */
+      (void)add_name_to_subnet(subrec,name,0x00,(uint16)NB_ACTIVE,PERMANENT_TTL,source,1,&ipaddr);
+      (void)add_name_to_subnet(subrec,name,0x20,(uint16)NB_ACTIVE,PERMANENT_TTL,source,1,&ipaddr);
+    }
+    else
+    {
+      /* Add the given name type to the subnet namelist. */
+      (void)add_name_to_subnet(subrec,name,name_type,(uint16)NB_ACTIVE,PERMANENT_TTL,source,1,&ipaddr);
+    }
+  }
+   
+  endlmhosts(fp);
+}
+
+/****************************************************************************
+  Find a name read from the lmhosts file. We secretly check the names on
+  the remote_broadcast_subnet as if the name was added to a regular broadcast
+  subnet it will be found by normal name query processing.
+****************************************************************************/
+
+BOOL find_name_in_lmhosts(struct nmb_name *nmbname, struct name_record **namerecp)
+{
+  struct name_record *namerec;
+
+  *namerecp = NULL;
+
+  if((namerec = find_name_on_subnet(remote_broadcast_subnet, nmbname, 
+                                 FIND_ANY_NAME))==NULL)
+    return False;
+
+  if(!NAME_IS_ACTIVE(namerec) || (namerec->data.source != LMHOSTS_NAME))
+    return False;
+
+  *namerecp = namerec;
+  return True;
+}
diff --git a/source3/nmbd/nmbd_logonnames.c b/source3/nmbd/nmbd_logonnames.c
new file mode 100644
index 0000000000..1406515d6b
--- /dev/null
+++ b/source3/nmbd/nmbd_logonnames.c
@@ -0,0 +1,165 @@
+/* 
+   Unix SMB/CIFS implementation.
+   NBT netbios routines and daemon - version 2
+   Copyright (C) Andrew Tridgell 1994-1998
+   Copyright (C) Luke Kenneth Casson Leighton 1994-1998
+   Copyright (C) Jeremy Allison 1994-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   
+*/
+
+#include "includes.h"
+
+extern pstring global_myname;
+extern fstring global_myworkgroup;
+extern char **my_netbios_names;
+extern struct in_addr allones_ip;
+
+extern uint16 samba_nb_type; /* Samba's NetBIOS type. */
+
+/****************************************************************************
+  Fail to become a Logon server on a subnet.
+  ****************************************************************************/
+static void become_logon_server_fail(struct subnet_record *subrec,
+                                      struct response_record *rrec,
+                                      struct nmb_name *fail_name)
+{
+  struct work_record *work = find_workgroup_on_subnet(subrec, fail_name->name);
+  struct server_record *servrec;
+
+  if(!work)
+  {
+    DEBUG(0,("become_logon_server_fail: Error - cannot find \
+workgroup %s on subnet %s\n", fail_name->name, subrec->subnet_name));
+    return;
+  }
+
+  if((servrec = find_server_in_workgroup( work, global_myname)) == NULL)
+  {
+    DEBUG(0,("become_logon_server_fail: Error - cannot find server %s \
+in workgroup %s on subnet %s\n",
+       global_myname, fail_name->name, subrec->subnet_name));
+    work->log_state = LOGON_NONE;
+    return;
+  }
+
+  /* Set the state back to LOGON_NONE. */
+  work->log_state = LOGON_NONE;
+
+  servrec->serv.type &= ~SV_TYPE_DOMAIN_CTRL;
+
+  DEBUG(0,("become_logon_server_fail: Failed to become a domain master for \
+workgroup %s on subnet %s. Couldn't register name %s.\n",
+       work->work_group, subrec->subnet_name, nmb_namestr(fail_name)));
+
+}
+
+/****************************************************************************
+  Become a Logon server on a subnet.
+  ****************************************************************************/
+
+static void become_logon_server_success(struct subnet_record *subrec,
+                                        struct userdata_struct *userdata,
+                                        struct nmb_name *registered_name,
+                                        uint16 nb_flags,
+                                        int ttl, struct in_addr registered_ip)
+{
+  struct work_record *work = find_workgroup_on_subnet( subrec, registered_name->name);
+  struct server_record *servrec;
+
+  if(!work)
+  {
+    DEBUG(0,("become_logon_server_success: Error - cannot find \
+workgroup %s on subnet %s\n", registered_name->name, subrec->subnet_name));
+    return;
+  }
+
+  if((servrec = find_server_in_workgroup( work, global_myname)) == NULL)
+  {
+    DEBUG(0,("become_logon_server_success: Error - cannot find server %s \
+in workgroup %s on subnet %s\n",
+       global_myname, registered_name->name, subrec->subnet_name));
+    work->log_state = LOGON_NONE;
+    return;
+  }
+
+  /* Set the state in the workgroup structure. */
+  work->log_state = LOGON_SRV; /* Become domain master. */
+
+  /* Update our server status. */
+  servrec->serv.type |= (SV_TYPE_NT|SV_TYPE_DOMAIN_MEMBER);
+  /* To allow Win95 policies to load we need to set type domain
+     controller.
+   */
+  servrec->serv.type |= SV_TYPE_DOMAIN_CTRL;
+
+  /* Tell the namelist writer to write out a change. */
+  subrec->work_changed = True;
+
+  DEBUG(0,("become_logon_server_success: Samba is now a logon server \
+for workgroup %s on subnet %s\n", work->work_group, subrec->subnet_name));
+}
+
+/*******************************************************************
+  Become a logon server by attempting to register the WORKGROUP<1c>
+  group name.
+******************************************************************/
+
+static void become_logon_server(struct subnet_record *subrec,
+                                struct work_record *work)
+{
+  DEBUG(2,("become_logon_server: Atempting to become logon server for workgroup %s \
+on subnet %s\n", work->work_group,subrec->subnet_name));
+
+  DEBUG(3,("become_logon_server: go to first stage: register %s<1c> name\n",
+          work->work_group));
+  work->log_state = LOGON_WAIT;
+
+  register_name(subrec, work->work_group,0x1c,samba_nb_type|NB_GROUP,
+                become_logon_server_success,
+                become_logon_server_fail, NULL);
+}
+
+/*****************************************************************************
+  Add the internet group <1c> logon names by unicast and broadcast.
+  ****************************************************************************/
+void add_logon_names(void)
+{
+  struct subnet_record *subrec;
+
+  for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_INCLUDING_UNICAST(subrec))
+  {
+    struct work_record *work = find_workgroup_on_subnet(subrec, global_myworkgroup);
+
+    if (work && (work->log_state == LOGON_NONE))
+    {
+      struct nmb_name nmbname;
+      make_nmb_name(&nmbname,global_myworkgroup,0x1c);
+
+      if (find_name_on_subnet(subrec, &nmbname, FIND_SELF_NAME) == NULL)
+      {
+        if( DEBUGLVL( 0 ) )
+        {
+          dbgtext( "add_domain_logon_names:\n" );
+          dbgtext( "Attempting to become logon server " );
+          dbgtext( "for workgroup %s ", global_myworkgroup );
+          dbgtext( "on subnet %s\n", subrec->subnet_name );
+        }
+        become_logon_server(subrec, work);
+      }
+    }
+  }
+}
diff --git a/source3/nmbd/nmbd_mynames.c b/source3/nmbd/nmbd_mynames.c
new file mode 100644
index 0000000000..aac188db2b
--- /dev/null
+++ b/source3/nmbd/nmbd_mynames.c
@@ -0,0 +1,250 @@
+/* 
+   Unix SMB/CIFS implementation.
+   NBT netbios routines and daemon - version 2
+   Copyright (C) Andrew Tridgell 1994-1998
+   Copyright (C) Luke Kenneth Casson Leighton 1994-1998
+   Copyright (C) Jeremy Allison 1994-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   
+*/
+
+#include "includes.h"
+
+extern char **my_netbios_names;
+extern fstring global_myworkgroup;
+
+extern uint16 samba_nb_type; /* Samba's NetBIOS type. */
+
+/****************************************************************************
+ Fail funtion when registering my netbios names.
+  **************************************************************************/
+
+static void my_name_register_failed(struct subnet_record *subrec,
+                              struct response_record *rrec, struct nmb_name *nmbname)
+{
+  DEBUG(0,("my_name_register_failed: Failed to register my name %s on subnet %s.\n",
+            nmb_namestr(nmbname), subrec->subnet_name));
+}
+
+
+/****************************************************************************
+  Add my workgroup and my given names to one subnet
+  Also add the magic Samba names.
+  **************************************************************************/
+void register_my_workgroup_one_subnet(struct subnet_record *subrec)
+{
+	int i;
+
+	struct work_record *work;
+
+	/* Create the workgroup on the subnet. */
+	if((work = create_workgroup_on_subnet(subrec, global_myworkgroup, 
+					      PERMANENT_TTL)) == NULL) {
+		DEBUG(0,("register_my_workgroup_and_names: Failed to create my workgroup %s on subnet %s. \
+Exiting.\n", global_myworkgroup, subrec->subnet_name));
+		return;
+	}
+
+	/* Each subnet entry, except for the wins_server_subnet has
+           the magic Samba names. */
+	add_samba_names_to_subnet(subrec);
+
+	/* Register all our names including aliases. */
+	for (i=0; my_netbios_names[i]; i++) {
+		register_name(subrec, my_netbios_names[i],0x20,samba_nb_type,
+			      NULL,
+			      my_name_register_failed, NULL);
+		register_name(subrec, my_netbios_names[i],0x03,samba_nb_type,
+			      NULL,
+			      my_name_register_failed, NULL);
+		register_name(subrec, my_netbios_names[i],0x00,samba_nb_type,
+			      NULL,
+			      my_name_register_failed, NULL);
+	}
+	
+	/* Initiate election processing, register the workgroup names etc. */
+	initiate_myworkgroup_startup(subrec, work);
+}
+
+/*******************************************************************
+ Utility function to add a name to the unicast subnet, or add in
+ our IP address if it already exists.
+******************************************************************/
+
+static void insert_refresh_name_into_unicast( struct subnet_record *subrec,
+                                                struct nmb_name *nmbname, uint16 nb_type )
+{
+  struct name_record *namerec;
+
+  if (!we_are_a_wins_client()) {
+    insert_permanent_name_into_unicast(subrec, nmbname, nb_type);
+    return;
+  }
+
+  if((namerec = find_name_on_subnet(unicast_subnet, nmbname, FIND_SELF_NAME)) == NULL)
+  {
+    /* The name needs to be created on the unicast subnet. */
+    (void)add_name_to_subnet( unicast_subnet, nmbname->name,
+                              nmbname->name_type, nb_type,
+                              MIN(lp_max_ttl(), MAX_REFRESH_TIME), SELF_NAME, 1, &subrec->myip);
+  }
+  else
+  {
+    /* The name already exists on the unicast subnet. Add our local
+       IP for the given broadcast subnet to the name. */
+    add_ip_to_name_record( namerec, subrec->myip);
+  }
+}
+
+/****************************************************************************
+  Add my workgroup and my given names to the subnet lists.
+  Also add the magic Samba names.
+  **************************************************************************/
+
+BOOL register_my_workgroup_and_names(void)
+{
+  struct subnet_record *subrec;
+  int i;
+
+  for(subrec = FIRST_SUBNET; 
+      subrec; 
+      subrec = NEXT_SUBNET_INCLUDING_UNICAST(subrec))
+  {
+	  register_my_workgroup_one_subnet(subrec);
+  }
+
+  /* We still need to add the magic Samba
+     names and the netbios names to the unicast subnet directly. This is
+     to allow unicast node status requests and queries to still work
+     in a broadcast only environment. */
+
+  add_samba_names_to_subnet(unicast_subnet);
+
+  for (i=0; my_netbios_names[i]; i++)
+  {
+    for(subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec))
+    {
+      /*
+       * Ensure all the IP addresses are added if we are multihomed.
+       */
+      struct nmb_name nmbname;
+
+      make_nmb_name(&nmbname, my_netbios_names[i],0x20);
+      insert_refresh_name_into_unicast(subrec, &nmbname, samba_nb_type);
+
+      make_nmb_name(&nmbname, my_netbios_names[i],0x3);
+      insert_refresh_name_into_unicast(subrec, &nmbname, samba_nb_type);
+
+      make_nmb_name(&nmbname, my_netbios_names[i],0x0);
+      insert_refresh_name_into_unicast(subrec, &nmbname, samba_nb_type);
+    }
+  }
+
+  /*
+   * Add the WORKGROUP<0> and WORKGROUP<1e> group names to the unicast subnet
+   * also for the same reasons.
+   */
+
+  for(subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec))
+  {
+    /*
+     * Ensure all the IP addresses are added if we are multihomed.
+     */
+    struct nmb_name nmbname;
+
+    make_nmb_name(&nmbname, global_myworkgroup, 0x0);
+    insert_refresh_name_into_unicast(subrec, &nmbname, samba_nb_type|NB_GROUP);
+
+    make_nmb_name(&nmbname, global_myworkgroup, 0x1e);
+    insert_refresh_name_into_unicast(subrec, &nmbname, samba_nb_type|NB_GROUP);
+  }
+
+  /*
+   * We need to add the Samba names to the remote broadcast subnet,
+   * as NT 4.x does directed broadcast requests to the *<0x0> name.
+   */
+  add_samba_names_to_subnet(remote_broadcast_subnet);
+
+  return True;
+}
+
+/****************************************************************************
+  Remove all the names we registered.
+**************************************************************************/
+
+void release_my_names(void)
+{
+#if 0 /*JRR: do WINS server only, otherwise clients ignore us when we come back up*/
+  struct subnet_record *subrec;
+
+  for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_INCLUDING_UNICAST(subrec))
+#else
+  struct subnet_record *subrec = unicast_subnet;
+#endif
+  {
+    struct name_record *namerec, *nextnamerec;
+
+    for (namerec = (struct name_record *)ubi_trFirst( subrec->namelist );
+         namerec;
+         namerec = nextnamerec)
+    {
+      nextnamerec = (struct name_record *)ubi_trNext( namerec );
+      if( (namerec->data.source == SELF_NAME)
+       && !NAME_IS_DEREGISTERING(namerec) )
+        release_name( subrec, namerec, standard_success_release,
+                      NULL, NULL);
+    }
+  }
+}
+
+/*******************************************************************
+  Refresh our registered names.
+  ******************************************************************/
+
+void refresh_my_names(time_t t)
+{
+  struct subnet_record *subrec;
+
+  for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_INCLUDING_UNICAST(subrec))
+  {
+    struct name_record *namerec;
+	  
+    /* B nodes don't send out name refresh requests, see RFC 1001, 15.5.1 */
+    if (subrec != unicast_subnet)
+      continue;
+          
+    for( namerec = (struct name_record *)ubi_trFirst( subrec->namelist );
+         namerec;
+         namerec = (struct name_record *)ubi_trNext( namerec ) )
+    {
+      /* Each SELF name has an individual time to be refreshed. */
+      if( (namerec->data.source == SELF_NAME)
+       && (namerec->data.refresh_time < t)
+       && ( namerec->data.death_time != PERMANENT_TTL) )
+      {
+        /* We cheat here and pretend the refresh is going to be
+           successful & update the refresh times. This stops
+           multiple refresh calls being done. We actually
+           deal with refresh failure in the fail_fn.
+         */
+        if( !is_refresh_already_queued( subrec, namerec) )
+          refresh_name( subrec, namerec, NULL, NULL, NULL );
+        namerec->data.death_time = t + lp_max_ttl();
+        namerec->data.refresh_time = t + MIN(lp_max_ttl(), MAX_REFRESH_TIME);
+      }
+    }
+  }
+}
diff --git a/source3/nmbd/nmbd_namelistdb.c b/source3/nmbd/nmbd_namelistdb.c
new file mode 100644
index 0000000000..68b44d618f
--- /dev/null
+++ b/source3/nmbd/nmbd_namelistdb.c
@@ -0,0 +1,626 @@
+/* 
+   Unix SMB/CIFS implementation.
+   NBT netbios routines and daemon - version 2
+   Copyright (C) Andrew Tridgell 1994-1998
+   Copyright (C) Luke Kenneth Casson Leighton 1994-1998
+   Copyright (C) Jeremy Allison 1994-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   
+*/
+
+#include "includes.h"
+
+extern char **my_netbios_names;
+
+uint16 samba_nb_type = 0; /* samba's NetBIOS name type */
+
+
+/* ************************************************************************** **
+ * Set Samba's NetBIOS name type.
+ * ************************************************************************** **
+ */
+void set_samba_nb_type(void)
+  {
+  if( lp_wins_support() || wins_srv_count() )
+    samba_nb_type = NB_MFLAG;               /* samba is a 'hybrid' node type. */
+  else
+    samba_nb_type = NB_BFLAG;           /* samba is broadcast-only node type. */
+  } /* set_samba_nb_type */
+
+/* ************************************************************************** **
+ * Convert a NetBIOS name to upper case.
+ * ************************************************************************** **
+ */
+static void upcase_name( struct nmb_name *target, struct nmb_name *source )
+  {
+  int i;
+
+  if( NULL != source )
+    (void)memcpy( target, source, sizeof( struct nmb_name ) );
+
+  strupper( target->name );
+  strupper( target->scope );
+
+  /* fudge... We're using a byte-by-byte compare, so we must be sure that
+   * unused space doesn't have garbage in it.
+   */
+  for( i = strlen( target->name ); i < sizeof( target->name ); i++ )
+    target->name[i] = '\0';
+  for( i = strlen( target->scope ); i < sizeof( target->scope ); i++ )
+    target->scope[i] = '\0';
+  } /* upcase_name */
+
+/* ************************************************************************** **
+ * Add a new or overwrite an existing namelist entry.
+ * ************************************************************************** **
+ */
+static void update_name_in_namelist( struct subnet_record *subrec,
+                              struct name_record   *namerec )
+  {
+  struct name_record *oldrec = NULL;
+
+  (void)ubi_trInsert( subrec->namelist, namerec, &(namerec->name), &oldrec );
+  if( oldrec )
+    {
+    SAFE_FREE( oldrec->data.ip );
+    SAFE_FREE( oldrec );
+    }
+  } /* update_name_in_namelist */
+
+/* ************************************************************************** **
+ * Remove a name from the namelist.
+ * ************************************************************************** **
+ */
+void remove_name_from_namelist( struct subnet_record *subrec, 
+                                struct name_record   *namerec )
+  {
+  (void)ubi_trRemove( subrec->namelist, namerec );
+
+  SAFE_FREE(namerec->data.ip);
+
+  ZERO_STRUCTP(namerec);
+  SAFE_FREE(namerec);
+
+  subrec->namelist_changed = True;
+  } /* remove_name_from_namelist */
+
+/* ************************************************************************** **
+ * Find a name in a subnet.
+ * ************************************************************************** **
+ */
+struct name_record *find_name_on_subnet( struct subnet_record *subrec,
+                                         struct nmb_name      *nmbname,
+                                         BOOL                  self_only )
+  {
+  struct nmb_name     uc_name[1];
+  struct name_record *name_ret;
+
+  upcase_name( uc_name, nmbname );
+  name_ret = (struct name_record *)ubi_trFind( subrec->namelist, uc_name );
+  if( name_ret )
+    {
+    /* Self names only - these include permanent names. */
+    if( self_only
+     && (name_ret->data.source != SELF_NAME)
+     && (name_ret->data.source != PERMANENT_NAME) )
+      {
+      DEBUG( 9, 
+             ( "find_name_on_subnet: on subnet %s - self name %s NOT FOUND\n",
+               subrec->subnet_name, nmb_namestr(nmbname) ) );
+      return( NULL );
+      }
+    DEBUG( 9, ("find_name_on_subnet: on subnet %s - found name %s source=%d\n",
+               subrec->subnet_name, nmb_namestr(nmbname), name_ret->data.source) );
+    return( name_ret );
+    }
+  DEBUG( 9, 
+         ( "find_name_on_subnet: on subnet %s - name %s NOT FOUND\n",
+           subrec->subnet_name, nmb_namestr(nmbname) ) );
+  return( NULL );
+  } /* find_name_on_subnet */
+
+/* ************************************************************************** **
+ * Find a name over all known broadcast subnets.
+ * ************************************************************************** **
+ */
+struct name_record *find_name_for_remote_broadcast_subnet(
+                                                   struct nmb_name *nmbname,
+                                                   BOOL             self_only )
+  {
+  struct subnet_record *subrec;
+  struct name_record   *namerec = NULL;
+
+  for( subrec = FIRST_SUBNET;
+       subrec;
+       subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec) )
+    {
+    if( NULL != (namerec = find_name_on_subnet(subrec, nmbname, self_only)) )
+      break;
+    }
+
+  return( namerec );
+  } /* find_name_for_remote_broadcast_subnet */
+  
+/* ************************************************************************** **
+ * Update the ttl of an entry in a subnet name list.
+ * ************************************************************************** **
+ */
+void update_name_ttl( struct name_record *namerec, int ttl )
+{
+  time_t time_now = time(NULL);
+
+  if( namerec->data.death_time != PERMANENT_TTL )
+    namerec->data.death_time = time_now + ttl;
+
+  namerec->data.refresh_time = time_now + MIN((ttl/2), MAX_REFRESH_TIME);
+
+  namerec->subnet->namelist_changed = True;
+} /* update_name_ttl */
+
+/* ************************************************************************** **
+ * Add an entry to a subnet name list.
+ * ************************************************************************** **
+ */
+struct name_record *add_name_to_subnet( struct subnet_record *subrec,
+                                        char                 *name,
+                                        int                   type,
+                                        uint16                nb_flags,
+                                        int                   ttl,
+                                        enum name_source      source,
+                                        int                   num_ips,
+                                        struct in_addr       *iplist)
+{
+  struct name_record *namerec;
+  time_t time_now = time(NULL);
+
+  namerec = (struct name_record *)malloc( sizeof(*namerec) );
+  if( NULL == namerec )
+  {
+    DEBUG( 0, ( "add_name_to_subnet: malloc fail.\n" ) );
+    return( NULL );
+  }
+
+  memset( (char *)namerec, '\0', sizeof(*namerec) );
+  namerec->data.ip = (struct in_addr *)malloc( sizeof(struct in_addr) 
+                                               * num_ips );
+  if( NULL == namerec->data.ip )
+  {
+     DEBUG( 0, ( "add_name_to_subnet: malloc fail when creating ip_flgs.\n" ) );
+
+     ZERO_STRUCTP(namerec);
+     SAFE_FREE(namerec);
+     return NULL;
+  }
+
+  namerec->subnet = subrec;
+
+  make_nmb_name(&namerec->name, name, type);
+  upcase_name(&namerec->name, NULL );
+
+  /* Enter the name as active. */
+  namerec->data.nb_flags = nb_flags | NB_ACTIVE;
+  namerec->data.wins_flags = WINS_ACTIVE;
+
+  /* If it's our primary name, flag it as so. */
+  if( strequal( my_netbios_names[0], name ) )
+    namerec->data.nb_flags |= NB_PERM;
+
+  /* Copy the IPs. */
+  namerec->data.num_ips = num_ips;
+  memcpy( (namerec->data.ip), iplist, num_ips * sizeof(struct in_addr) );
+
+  /* Data source. */
+  namerec->data.source = source;
+
+  /* Setup the death_time and refresh_time. */
+  if( ttl == PERMANENT_TTL )
+    namerec->data.death_time = PERMANENT_TTL;
+  else
+    namerec->data.death_time = time_now + ttl;
+
+  namerec->data.refresh_time = time_now + MIN((ttl/2), MAX_REFRESH_TIME);
+
+  /* Now add the record to the name list. */    
+  update_name_in_namelist( subrec, namerec );
+
+  DEBUG( 3, ( "add_name_to_subnet: Added netbios name %s with first IP %s \
+ttl=%d nb_flags=%2x to subnet %s\n",
+	    nmb_namestr( &namerec->name ),
+            inet_ntoa( *iplist ),
+            ttl,
+            (unsigned int)nb_flags,
+            subrec->subnet_name ) );
+
+  subrec->namelist_changed = True;
+
+  return(namerec);
+}
+
+/*******************************************************************
+ Utility function automatically called when a name refresh or register 
+ succeeds. By definition this is a SELF_NAME (or we wouldn't be registering
+ it).
+ ******************************************************************/
+
+void standard_success_register(struct subnet_record *subrec, 
+                             struct userdata_struct *userdata,
+                             struct nmb_name *nmbname, uint16 nb_flags, int ttl,
+                             struct in_addr registered_ip)
+{
+  struct name_record *namerec;
+
+  namerec = find_name_on_subnet( subrec, nmbname, FIND_SELF_NAME );
+  if( NULL == namerec )
+    (void)add_name_to_subnet( subrec, nmbname->name, nmbname->name_type,
+                              nb_flags, ttl, SELF_NAME, 1, &registered_ip );
+  else
+    update_name_ttl( namerec, ttl );
+}
+
+/*******************************************************************
+ Utility function automatically called when a name refresh or register 
+ fails. Note that this is only ever called on a broadcast subnet with
+ one IP address per name. This is why it can just delete the name 
+ without enumerating the IP adresses. JRA.
+ ******************************************************************/
+
+void standard_fail_register( struct subnet_record   *subrec,
+                             struct response_record *rrec,
+                             struct nmb_name        *nmbname )
+{
+  struct name_record *namerec;
+
+  namerec = find_name_on_subnet( subrec, nmbname, FIND_SELF_NAME );
+
+  DEBUG( 0, ( "standard_fail_register: Failed to register/refresh name %s \
+on subnet %s\n",
+            nmb_namestr(nmbname), subrec->subnet_name) );
+
+  /* Remove the name from the subnet. */
+  if( namerec )
+    remove_name_from_namelist(subrec, namerec);
+}
+
+/*******************************************************************
+ Utility function to remove an IP address from a name record.
+ ******************************************************************/
+
+static void remove_nth_ip_in_record( struct name_record *namerec, int ind)
+{
+  if( ind != namerec->data.num_ips )
+    memmove( (char *)(&namerec->data.ip[ind]),
+             (char *)(&namerec->data.ip[ind+1]), 
+             ( namerec->data.num_ips - ind - 1) * sizeof(struct in_addr) );
+
+  namerec->data.num_ips--;
+  namerec->subnet->namelist_changed = True;
+}
+
+/*******************************************************************
+ Utility function to check if an IP address exists in a name record.
+ ******************************************************************/
+
+BOOL find_ip_in_name_record( struct name_record *namerec, struct in_addr ip )
+{
+  int i;
+
+  for(i = 0; i < namerec->data.num_ips; i++)
+    if(ip_equal( namerec->data.ip[i], ip))
+      return True;
+
+  return False;
+}
+
+/*******************************************************************
+ Utility function to add an IP address to a name record.
+ ******************************************************************/
+
+void add_ip_to_name_record( struct name_record *namerec, struct in_addr new_ip )
+{
+  struct in_addr *new_list;
+
+  /* Don't add one we already have. */
+  if( find_ip_in_name_record( namerec, new_ip ) )
+    return;
+  
+  new_list = (struct in_addr *)malloc( (namerec->data.num_ips + 1)
+                                       * sizeof(struct in_addr) );
+  if( NULL == new_list )
+  {
+    DEBUG(0,("add_ip_to_name_record: Malloc fail !\n"));
+    return;
+  }
+
+  memcpy( (char *)new_list,
+          (char *)namerec->data.ip,
+          namerec->data.num_ips * sizeof(struct in_addr) );
+  new_list[namerec->data.num_ips] = new_ip;
+
+  SAFE_FREE(namerec->data.ip);
+  namerec->data.ip = new_list;
+  namerec->data.num_ips += 1;
+
+  namerec->subnet->namelist_changed = True;
+}
+
+/*******************************************************************
+ Utility function to remove an IP address from a name record.
+ ******************************************************************/
+
+void remove_ip_from_name_record( struct name_record *namerec,
+                                 struct in_addr      remove_ip )
+{
+  /* Try and find the requested ip address - remove it. */
+  int i;
+  int orig_num = namerec->data.num_ips;
+
+  for(i = 0; i < orig_num; i++)
+    if( ip_equal( remove_ip, namerec->data.ip[i]) )
+    {
+      remove_nth_ip_in_record( namerec, i);
+      break;
+    }
+}
+
+/*******************************************************************
+ Utility function that release_name callers can plug into as the
+ success function when a name release is successful. Used to save
+ duplication of success_function code.
+ ******************************************************************/
+
+void standard_success_release( struct subnet_record   *subrec,
+                               struct userdata_struct *userdata,
+                               struct nmb_name        *nmbname,
+                               struct in_addr          released_ip )
+{
+  struct name_record *namerec;
+
+  namerec = find_name_on_subnet( subrec, nmbname, FIND_ANY_NAME );
+
+  if( namerec == NULL )
+  {
+    DEBUG( 0, ( "standard_success_release: Name release for name %s IP %s \
+on subnet %s. Name was not found on subnet.\n",
+                nmb_namestr(nmbname),
+                inet_ntoa(released_ip),
+                subrec->subnet_name) );
+    return;
+  }
+  else
+  {
+    int orig_num = namerec->data.num_ips;
+
+    remove_ip_from_name_record( namerec, released_ip );
+
+    if( namerec->data.num_ips == orig_num )
+      DEBUG( 0, ( "standard_success_release: Name release for name %s IP %s \
+on subnet %s. This ip is not known for this name.\n",
+                nmb_namestr(nmbname),
+                inet_ntoa(released_ip),
+                subrec->subnet_name ) );
+  }
+
+  if( namerec->data.num_ips == 0 )
+    remove_name_from_namelist( subrec, namerec );
+}
+
+/*******************************************************************
+  Expires old names in a subnet namelist.
+  ******************************************************************/
+
+void expire_names_on_subnet(struct subnet_record *subrec, time_t t)
+{
+  struct name_record *namerec;
+  struct name_record *next_namerec;
+
+  for( namerec = (struct name_record *)ubi_trFirst( subrec->namelist );
+       namerec;
+       namerec = next_namerec )
+  {
+    next_namerec = (struct name_record *)ubi_trNext( namerec );
+    if( (namerec->data.death_time != PERMANENT_TTL)
+     && (namerec->data.death_time < t) )
+    {
+      if( namerec->data.source == SELF_NAME )
+      {
+        DEBUG( 3, ( "expire_names_on_subnet: Subnet %s not expiring SELF \
+name %s\n", 
+                    subrec->subnet_name, nmb_namestr(&namerec->name) ) );
+        namerec->data.death_time += 300;
+        namerec->subnet->namelist_changed = True;
+        continue;
+      }
+      DEBUG(3,("expire_names_on_subnet: Subnet %s - removing expired name %s\n",
+                 subrec->subnet_name, nmb_namestr(&namerec->name)));
+  
+      remove_name_from_namelist( subrec, namerec );
+    }
+  }
+}
+
+/*******************************************************************
+  Expires old names in all subnet namelists.
+  ******************************************************************/
+
+void expire_names(time_t t)
+{
+  struct subnet_record *subrec;
+
+  for( subrec = FIRST_SUBNET;
+       subrec;
+       subrec = NEXT_SUBNET_INCLUDING_UNICAST(subrec) )
+  {
+    expire_names_on_subnet( subrec, t );
+  }
+}
+
+/****************************************************************************
+  Add the magic samba names, useful for finding samba servers.
+  These go directly into the name list for a particular subnet,
+  without going through the normal registration process.
+  When adding them to the unicast subnet, add them as a list of
+  all broadcast subnet IP addresses.
+**************************************************************************/
+
+void add_samba_names_to_subnet( struct subnet_record *subrec )
+{
+  struct in_addr *iplist = &subrec->myip;
+  int num_ips = 1;
+
+  /* These names are added permanently (ttl of zero) and will NOT be
+     refreshed.  */
+
+  if( (subrec == unicast_subnet)
+   || (subrec == wins_server_subnet)
+   || (subrec == remote_broadcast_subnet) )
+  {
+    struct subnet_record *bcast_subrecs;
+    int i;
+    /* Create an IP list containing all our known subnets. */
+
+    num_ips = iface_count();
+    iplist = (struct in_addr *)malloc( num_ips * sizeof(struct in_addr) );
+    if( NULL == iplist )
+    {
+      DEBUG(0,("add_samba_names_to_subnet: Malloc fail !\n"));
+      return;
+    }
+
+    for( bcast_subrecs = FIRST_SUBNET, i = 0;
+         bcast_subrecs; 
+         bcast_subrecs = NEXT_SUBNET_EXCLUDING_UNICAST(bcast_subrecs), i++ )
+      iplist[i] = bcast_subrecs->myip;
+
+  }
+
+  (void)add_name_to_subnet(subrec,"*",0x0,samba_nb_type, PERMANENT_TTL,
+                           PERMANENT_NAME, num_ips, iplist);
+  (void)add_name_to_subnet(subrec,"*",0x20,samba_nb_type,PERMANENT_TTL,
+                           PERMANENT_NAME, num_ips, iplist);
+  (void)add_name_to_subnet(subrec,"__SAMBA__",0x20,samba_nb_type,PERMANENT_TTL,
+                           PERMANENT_NAME, num_ips, iplist);
+  (void)add_name_to_subnet(subrec,"__SAMBA__",0x00,samba_nb_type,PERMANENT_TTL,
+                           PERMANENT_NAME, num_ips, iplist);
+
+  if(iplist != &subrec->myip)
+    SAFE_FREE(iplist);
+}
+
+/****************************************************************************
+ Dump the contents of the namelists on all the subnets (including unicast)
+ into a file. Initiated by SIGHUP - used to debug the state of the namelists.
+**************************************************************************/
+
+static void dump_subnet_namelist( struct subnet_record *subrec, XFILE *fp)
+{
+  struct name_record *namerec;
+  char *src_type;
+  struct tm *tm;
+  int i;
+
+  x_fprintf(fp, "Subnet %s\n----------------------\n", subrec->subnet_name);
+  for( namerec = (struct name_record *)ubi_trFirst( subrec->namelist );
+       namerec;
+       namerec = (struct name_record *)ubi_trNext( namerec ) )
+  {
+    x_fprintf(fp,"\tName = %s\t", nmb_namestr(&namerec->name));
+    switch(namerec->data.source)
+    {
+      case LMHOSTS_NAME:
+        src_type = "LMHOSTS_NAME";
+        break;
+      case WINS_PROXY_NAME:
+        src_type = "WINS_PROXY_NAME";
+        break;
+      case REGISTER_NAME:
+        src_type = "REGISTER_NAME";
+        break;
+      case SELF_NAME:
+        src_type = "SELF_NAME";
+        break;
+      case DNS_NAME:
+        src_type = "DNS_NAME";
+        break;
+      case DNSFAIL_NAME:
+        src_type = "DNSFAIL_NAME";
+        break;
+      case PERMANENT_NAME:
+        src_type = "PERMANENT_NAME";
+        break;
+      default:
+        src_type = "unknown!";
+        break;
+    }
+    x_fprintf(fp,"Source = %s\nb_flags = %x\t", src_type, namerec->data.nb_flags);
+
+    if(namerec->data.death_time != PERMANENT_TTL)
+    {
+      tm = LocalTime(&namerec->data.death_time);
+      x_fprintf(fp, "death_time = %s\t", asctime(tm));
+    }
+    else
+      x_fprintf(fp, "death_time = PERMANENT\t");
+
+    if(namerec->data.refresh_time != PERMANENT_TTL)
+    {
+      tm = LocalTime(&namerec->data.refresh_time);
+      x_fprintf(fp, "refresh_time = %s\n", asctime(tm));
+    }
+    else
+      x_fprintf(fp, "refresh_time = PERMANENT\n");
+
+    x_fprintf(fp, "\t\tnumber of IPS = %d", namerec->data.num_ips);
+    for(i = 0; i < namerec->data.num_ips; i++)
+      x_fprintf(fp, "\t%s", inet_ntoa(namerec->data.ip[i]));
+
+    x_fprintf(fp, "\n\n");
+  }
+}
+
+/****************************************************************************
+ Dump the contents of the namelists on all the subnets (including unicast)
+ into a file. Initiated by SIGHUP - used to debug the state of the namelists.
+**************************************************************************/
+
+void dump_all_namelists(void)
+{
+  XFILE *fp; 
+  struct subnet_record *subrec;
+
+  fp = x_fopen(lock_path("namelist.debug"),O_WRONLY|O_CREAT|O_TRUNC, 0644);
+     
+  if (!fp)
+  { 
+    DEBUG(0,("dump_all_namelists: Can't open file %s. Error was %s\n",
+              "namelist.debug",strerror(errno)));
+    return;
+  }
+      
+  for( subrec = FIRST_SUBNET;
+       subrec;
+       subrec = NEXT_SUBNET_INCLUDING_UNICAST(subrec) )
+    dump_subnet_namelist( subrec, fp );
+
+  if( !we_are_a_wins_client() )
+    dump_subnet_namelist( unicast_subnet, fp );
+
+  if( remote_broadcast_subnet->namelist != NULL )
+    dump_subnet_namelist( remote_broadcast_subnet, fp );
+
+  if( wins_server_subnet != NULL )
+    dump_subnet_namelist( wins_server_subnet, fp );
+  x_fclose( fp );
+}
diff --git a/source3/nmbd/nmbd_namequery.c b/source3/nmbd/nmbd_namequery.c
new file mode 100644
index 0000000000..aeb9984180
--- /dev/null
+++ b/source3/nmbd/nmbd_namequery.c
@@ -0,0 +1,295 @@
+/* 
+   Unix SMB/CIFS implementation.
+   NBT netbios routines and daemon - version 2
+   Copyright (C) Andrew Tridgell 1994-1998
+   Copyright (C) Luke Kenneth Casson Leighton 1994-1998
+   Copyright (C) Jeremy Allison 1994-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   
+*/
+
+#include "includes.h"
+
+/****************************************************************************
+ Deal with a response packet when querying a name.
+****************************************************************************/
+
+static void query_name_response( struct subnet_record   *subrec,
+                                 struct response_record *rrec,
+                                 struct packet_struct   *p)
+{
+  struct nmb_packet *nmb = &p->packet.nmb;
+  BOOL success = False;
+  struct nmb_name *question_name = 
+                           &rrec->packet->packet.nmb.question.question_name;
+  struct in_addr answer_ip;
+
+  zero_ip(&answer_ip);
+
+  /* Ensure we don't retry the query but leave the response record cleanup
+     to the timeout code. We may get more answer responses in which case
+     we should mark the name in conflict.. */
+  rrec->repeat_count = 0;
+
+  if(rrec->num_msgs == 1)
+  {
+    /* This is the first response. */
+
+    if(nmb->header.opcode == NMB_WACK_OPCODE)
+    {
+      /* WINS server is telling us to wait. Pretend we didn't get
+         the response but don't send out any more query requests. */
+
+      if( DEBUGLVL( 5 ) )
+        {
+        dbgtext( "query_name_response: " );
+        dbgtext( "WACK from WINS server %s ", inet_ntoa(p->ip) );
+        dbgtext( "in querying name %s ", nmb_namestr(question_name) );
+        dbgtext( "on subnet %s.\n", subrec->subnet_name );
+        }
+  
+      rrec->repeat_count = 0;
+      /* How long we should wait for. */
+      rrec->repeat_time = p->timestamp + nmb->answers->ttl;
+      rrec->num_msgs--;
+      return;
+    }
+    else if(nmb->header.rcode != 0)
+    {
+      success = False;
+
+      if( DEBUGLVL( 5 ) )
+        {
+        dbgtext( "query_name_response: On subnet %s ", subrec->subnet_name );
+        dbgtext( "- negative response from IP %s ", inet_ntoa(p->ip) );
+        dbgtext( "for name %s. ", nmb_namestr(question_name) );
+        dbgtext( "Error code was %d.\n", nmb->header.rcode );
+        }
+    }
+    else
+    {
+      success = True;
+
+      putip((char *)&answer_ip,&nmb->answers->rdata[2]);
+      if( DEBUGLVL( 5 ) )
+        {
+        dbgtext( "query_name_response: On subnet %s ", subrec->subnet_name );
+        dbgtext( "- positive response from IP %s ", inet_ntoa(p->ip) );
+        dbgtext( "for name %s.  ", nmb_namestr(question_name) );
+        dbgtext( "IP of that name is %s\n", inet_ntoa(answer_ip) );
+        }
+
+      /* Interestingly, we could add these names to our namelists, and
+         change nmbd to a model that checked its own name cache first,
+         before sending out a query. This is a task for another day, though.
+       */
+    }
+  }
+  else if( rrec->num_msgs > 1)
+  {
+    if( DEBUGLVL( 0 ) )
+      {
+      putip( (char *)&answer_ip, &nmb->answers->rdata[2] );
+      dbgtext( "query_name_response: " );
+      dbgtext( "Multiple (%d) responses ", rrec->num_msgs );
+      dbgtext( "received for a query on subnet %s ", subrec->subnet_name );
+      dbgtext( "for name %s.\nThis response ", nmb_namestr(question_name) );
+      dbgtext( "was from IP %s, reporting", inet_ntoa(p->ip) );
+      dbgtext( "an IP address of %s.\n", inet_ntoa(answer_ip) );
+      }
+
+    /* We have already called the success or fail function, so we
+       don't call again here. Leave the response record around in
+       case we get more responses. */
+
+    return; 
+  }
+  
+  if(success && rrec->success_fn)
+    (*(query_name_success_function)rrec->success_fn)(subrec, rrec->userdata, question_name, answer_ip, nmb->answers);
+  else if( rrec->fail_fn)
+    (*(query_name_fail_function)rrec->fail_fn)(subrec, rrec, question_name, nmb->header.rcode);
+
+}
+
+/****************************************************************************
+ Deal with a timeout when querying a name.
+****************************************************************************/
+
+static void query_name_timeout_response(struct subnet_record *subrec,
+                       struct response_record *rrec)
+{
+  struct nmb_packet *sent_nmb = &rrec->packet->packet.nmb;
+  /* We can only fail here, never succeed. */
+  BOOL failed = True;
+  struct nmb_name *question_name = &sent_nmb->question.question_name;
+
+  if(rrec->num_msgs != 0)
+  {
+    /* We got at least one response, and have called the success/fail
+       function already. */
+
+    failed = False; 
+  }
+
+  if(failed)
+  {
+    if( DEBUGLVL( 5 ) )
+      {
+      dbgtext( "query_name_timeout_response: No response to " );
+      dbgtext( "query for name %s ", nmb_namestr(question_name) );
+      dbgtext( "on subnet %s.\n", subrec->subnet_name );
+      }
+    if(rrec->fail_fn)
+      (*(query_name_fail_function)rrec->fail_fn)(subrec, rrec, question_name, 0);
+  }
+
+  remove_response_record(subrec, rrec);
+}
+
+/****************************************************************************
+ Lookup a name on our local namelists. We check the lmhosts file first. If the
+ name is not there we look for the name on the given subnet.
+****************************************************************************/
+
+static BOOL query_local_namelists(struct subnet_record *subrec, struct nmb_name *nmbname,
+                                  struct name_record **namerecp) 
+{
+  struct name_record *namerec;
+
+  *namerecp = NULL;
+
+  if(find_name_in_lmhosts(nmbname, namerecp))
+    return True;
+  
+  if((namerec = find_name_on_subnet(subrec, nmbname, FIND_ANY_NAME))==NULL)
+    return False;
+
+  if( NAME_IS_ACTIVE(namerec)
+   && ( (namerec->data.source == SELF_NAME)
+     || (namerec->data.source == LMHOSTS_NAME) ) )
+  {
+    *namerecp = namerec;
+    return True;
+  } 
+  return False;
+}
+
+/****************************************************************************
+ Try and query for a name.
+****************************************************************************/
+
+BOOL query_name(struct subnet_record *subrec, char *name, int type,
+                   query_name_success_function success_fn,
+                   query_name_fail_function fail_fn, 
+                   struct userdata_struct *userdata)
+{
+  struct nmb_name nmbname;
+  struct name_record *namerec;
+
+  make_nmb_name(&nmbname, name, type);
+
+  /*
+   * We need to check our local namelists first.
+   * It may be an magic name, lmhosts name or just
+   * a name we have registered.
+   */
+
+  if(query_local_namelists(subrec, &nmbname, &namerec) == True)
+  {
+    struct res_rec rrec;
+    int i;
+
+    memset((char *)&rrec, '\0', sizeof(struct res_rec));
+
+    /* Fake up the needed res_rec just in case it's used. */
+    rrec.rr_name = nmbname;
+    rrec.rr_type = RR_TYPE_NB;
+    rrec.rr_class = RR_CLASS_IN;
+    rrec.ttl = PERMANENT_TTL;
+    rrec.rdlength = namerec->data.num_ips * 6;
+    if(rrec.rdlength > MAX_DGRAM_SIZE)
+    {
+      if( DEBUGLVL( 0 ) )
+        {
+        dbgtext( "query_name: nmbd internal error - " );
+        dbgtext( "there are %d ip addresses ", namerec->data.num_ips );
+        dbgtext( "for name %s.\n", nmb_namestr(&nmbname) );
+        }
+      return False;
+    }
+
+    for( i = 0; i < namerec->data.num_ips; i++)
+    {
+      set_nb_flags( &rrec.rdata[i*6], namerec->data.nb_flags );
+      putip( &rrec.rdata[(i*6) + 2], (char *)&namerec->data.ip[i]);
+    }
+
+    /* Call the success function directly. */
+    if(success_fn)
+      (*(query_name_success_function)success_fn)(subrec, userdata, &nmbname, namerec->data.ip[0], &rrec);
+    return False;
+  }
+
+  if(queue_query_name( subrec,
+        query_name_response,
+        query_name_timeout_response,
+        success_fn,
+        fail_fn,
+        userdata,
+        &nmbname) == NULL)
+  {
+    if( DEBUGLVL( 0 ) )
+      {
+      dbgtext( "query_name: Failed to send packet " );
+      dbgtext( "trying to query name %s\n", nmb_namestr(&nmbname) );
+      }
+    return True;
+  }
+  return False;
+}
+
+/****************************************************************************
+ Try and query for a name from nmbd acting as a WINS server.
+****************************************************************************/
+
+BOOL query_name_from_wins_server(struct in_addr ip_to, 
+                   char *name, int type,
+                   query_name_success_function success_fn,
+                   query_name_fail_function fail_fn, 
+                   struct userdata_struct *userdata)
+{
+  struct nmb_name nmbname;
+
+  make_nmb_name(&nmbname, name, type);
+
+  if(queue_query_name_from_wins_server( ip_to,
+        query_name_response,
+        query_name_timeout_response,
+        success_fn,
+        fail_fn,
+        userdata,
+        &nmbname) == NULL)
+  {
+    if( DEBUGLVL( 0 ) )
+      {
+      dbgtext( "query_name_from_wins_server: Failed to send packet " );
+      dbgtext( "trying to query name %s\n", nmb_namestr(&nmbname) );
+      }
+    return True;
+  }
+  return False;
+}
diff --git a/source3/nmbd/nmbd_nameregister.c b/source3/nmbd/nmbd_nameregister.c
new file mode 100644
index 0000000000..cbc72fe2a9
--- /dev/null
+++ b/source3/nmbd/nmbd_nameregister.c
@@ -0,0 +1,399 @@
+/* 
+   Unix SMB/CIFS implementation.
+   NBT netbios routines and daemon - version 2
+   Copyright (C) Andrew Tridgell 1994-1998
+   Copyright (C) Luke Kenneth Casson Leighton 1994-1998
+   Copyright (C) Jeremy Allison 1994-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   
+*/
+
+#include "includes.h"
+
+extern fstring global_myworkgroup;
+
+/****************************************************************************
+ Deal with a response packet when registering one of our names.
+****************************************************************************/
+
+static void register_name_response(struct subnet_record *subrec,
+                       struct response_record *rrec, struct packet_struct *p)
+{
+  /* 
+   * If we are registering broadcast, then getting a response is an
+   * error - we do not have the name. If we are registering unicast,
+   * then we expect to get a response.
+   */
+
+  struct nmb_packet *nmb = &p->packet.nmb;
+  BOOL bcast = nmb->header.nm_flags.bcast;
+  BOOL success = True;
+  struct nmb_name *question_name = &rrec->packet->packet.nmb.question.question_name;
+  struct nmb_name *answer_name = &nmb->answers->rr_name;
+  int ttl = 0;
+  uint16 nb_flags = 0;
+  struct in_addr registered_ip;
+
+  /* Sanity check. Ensure that the answer name in the incoming packet is the
+     same as the requested name in the outgoing packet. */
+
+  if(!question_name || !answer_name)
+  {
+    DEBUG(0,("register_name_response: malformed response (%s is NULL).\n",
+           question_name ? "question_name" : "answer_name" ));
+    return;
+  }
+
+  if(!nmb_name_equal(question_name, answer_name))
+  {
+    DEBUG(0,("register_name_response: Answer name %s differs from question \
+name %s.\n", nmb_namestr(answer_name), nmb_namestr(question_name)));
+    return;
+  }
+
+  if(bcast)
+  {
+    /*
+     * Special hack to cope with old Samba nmbd's.
+     * Earlier versions of Samba (up to 1.9.16p11) respond 
+     * to a broadcast name registration of WORKGROUP<1b> when 
+     * they should not. Hence, until these versions are gone, 
+     * we should treat such errors as success for this particular
+     * case only. jallison@whistle.com.
+     */
+
+#if 1 /* OLD_SAMBA_SERVER_HACK */
+    if((nmb->header.rcode == ACT_ERR) && strequal(global_myworkgroup, answer_name->name) &&
+         (answer_name->name_type == 0x1b))
+    {
+      /* Pretend we did not get this. */
+      rrec->num_msgs--;
+
+      DEBUG(5,("register_name_response: Ignoring broadcast response to \
+registration of name %s due to old Samba server bug.\n", nmb_namestr(answer_name)));
+      return;
+    }
+#endif /* OLD_SAMBA_SERVER_HACK */
+
+    /* Someone else has the name. Log the problem. */
+    DEBUG(1,("register_name_response: Failed to register \
+name %s on subnet %s via broadcast. Error code was %d. Reject came from IP %s\n", 
+              nmb_namestr(answer_name), 
+              subrec->subnet_name, nmb->header.rcode, inet_ntoa(p->ip)));
+    success = False;
+  }
+  else
+  {
+    /* Unicast - check to see if the response allows us to have the name. */
+    if(nmb->header.rcode != 0)
+    {
+      /* Error code - we didn't get the name. */
+      success = False;
+
+      DEBUG(0,("register_name_response: server at IP %s rejected our \
+name registration of %s with error code %d.\n", inet_ntoa(p->ip), 
+                  nmb_namestr(answer_name), nmb->header.rcode));
+
+    }
+    else if(nmb->header.opcode == NMB_WACK_OPCODE)
+    {
+      /* WINS server is telling us to wait. Pretend we didn't get
+         the response but don't send out any more register requests. */
+
+      DEBUG(5,("register_name_response: WACK from WINS server %s in registering \
+name %s on subnet %s.\n", inet_ntoa(p->ip), nmb_namestr(answer_name), subrec->subnet_name));
+
+      rrec->repeat_count = 0;
+      /* How long we should wait for. */
+      rrec->repeat_time = p->timestamp + nmb->answers->ttl;
+      rrec->num_msgs--;
+      return;
+    }
+    else
+    {
+      success = True;
+      /* Get the data we need to pass to the success function. */
+      nb_flags = get_nb_flags(nmb->answers->rdata);
+      putip((char*)&registered_ip,&nmb->answers->rdata[2]);
+      ttl = nmb->answers->ttl;
+    }
+  } 
+
+  DEBUG(5,("register_name_response: %s in registering name %s on subnet %s.\n",
+        success ? "success" : "failure", nmb_namestr(answer_name), subrec->subnet_name));
+
+  if(success)
+  {
+    /* Enter the registered name into the subnet name database before calling
+       the success function. */
+    standard_success_register(subrec, rrec->userdata, answer_name, nb_flags, ttl, registered_ip);
+    if( rrec->success_fn)
+      (*(register_name_success_function)rrec->success_fn)(subrec, rrec->userdata, answer_name, nb_flags, ttl, registered_ip);
+  }
+  else
+  {
+    if( rrec->fail_fn)
+      (*(register_name_fail_function)rrec->fail_fn)(subrec, rrec, question_name);
+    /* Remove the name. */
+    standard_fail_register( subrec, rrec, question_name);
+  }
+
+  /* Ensure we don't retry. */
+  remove_response_record(subrec, rrec);
+}
+
+/****************************************************************************
+ Deal with a timeout when registering one of our names.
+****************************************************************************/
+
+static void register_name_timeout_response(struct subnet_record *subrec,
+                       struct response_record *rrec)
+{
+  /*
+   * If we are registering unicast, then NOT getting a response is an
+   * error - we do not have the name. If we are registering broadcast,
+   * then we don't expect to get a response.
+   */
+
+  struct nmb_packet *sent_nmb = &rrec->packet->packet.nmb;
+  BOOL bcast = sent_nmb->header.nm_flags.bcast;
+  BOOL success = False;
+  struct nmb_name *question_name = &sent_nmb->question.question_name;
+  uint16 nb_flags = 0;
+  int ttl = 0;
+  struct in_addr registered_ip;
+
+  if(bcast)
+  {
+    if(rrec->num_msgs == 0)
+    {
+      /* Not receiving a message is success for broadcast registration. */
+      success = True; 
+
+      /* Pull the success values from the original request packet. */
+      nb_flags = get_nb_flags(sent_nmb->additional->rdata);
+      ttl = sent_nmb->additional->ttl;
+      putip(&registered_ip,&sent_nmb->additional->rdata[2]);
+    }
+  }
+  else
+  {
+    /* Unicast - if no responses then it's an error. */
+    if(rrec->num_msgs == 0)
+    {
+      DEBUG(2,("register_name_timeout_response: WINS server at address %s is not \
+responding.\n", inet_ntoa(rrec->packet->ip)));
+
+      /* Keep trying to contact the WINS server periodically. This allows
+         us to work correctly if the WINS server is down temporarily when
+         we come up. */
+
+      /* Reset the number of attempts to zero and double the interval between
+         retries. Max out at 5 minutes. */
+      rrec->repeat_count = 3;
+      rrec->repeat_interval *= 2;
+      if(rrec->repeat_interval > (5 * 60))
+        rrec->repeat_interval = (5 * 60);
+      rrec->repeat_time = time(NULL) + rrec->repeat_interval;
+      rrec->in_expiration_processing = False;
+
+      DEBUG(5,("register_name_timeout_response: increasing WINS timeout to %d seconds.\n",
+              (int)rrec->repeat_interval));
+      return; /* Don't remove the response record. */
+    }
+  }
+
+  DEBUG(5,("register_name_timeout_response: %s in registering name %s on subnet %s.\n",
+        success ? "success" : "failure", nmb_namestr(question_name), subrec->subnet_name));
+  if(success)
+  {
+    /* Enter the registered name into the subnet name database before calling
+       the success function. */
+    standard_success_register(subrec, rrec->userdata, question_name, nb_flags, ttl, registered_ip);
+    if( rrec->success_fn)
+      (*(register_name_success_function)rrec->success_fn)(subrec, rrec->userdata, question_name, nb_flags, ttl, registered_ip);
+  }
+  else
+  {
+    if( rrec->fail_fn)
+      (*(register_name_fail_function)rrec->fail_fn)(subrec, rrec, question_name);
+    /* Remove the name. */
+    standard_fail_register( subrec, rrec, question_name);
+  }
+
+  /* Ensure we don't retry. */
+  remove_response_record(subrec, rrec);
+}
+
+/****************************************************************************
+ Try and register one of our names on the unicast subnet - multihomed.
+****************************************************************************/
+
+static BOOL multihomed_register_name( struct nmb_name *nmbname, uint16 nb_flags,
+                                      register_name_success_function success_fn,
+                                      register_name_fail_function fail_fn,
+                                      struct userdata_struct *userdata)
+{
+  /*
+     If we are adding a group name, we just send multiple
+     register name packets to the WINS server (this is an
+     internet group name.
+
+     If we are adding a unique name, We need first to add 
+     our names to the unicast subnet namelist. This is 
+     because when a WINS server receives a multihomed 
+     registration request, the first thing it does is to 
+     send a name query to the registering machine, to see 
+     if it has put the name in it's local namelist.
+     We need the name there so the query response code in
+     nmbd_incomingrequests.c will find it.
+
+     We are adding this name prematurely (we don't really
+     have it yet), but as this is on the unicast subnet
+     only we will get away with this (only the WINS server
+     will ever query names from us on this subnet).
+   */
+
+  int num_ips=0;
+  int i;
+  struct in_addr *ip_list = NULL;
+  struct subnet_record *subrec;
+
+  for(subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec) )
+    num_ips++;
+
+  if((ip_list = (struct in_addr *)malloc(num_ips * sizeof(struct in_addr)))==NULL)
+  {
+    DEBUG(0,("multihomed_register_name: malloc fail !\n"));
+    return True;
+  }
+
+  for( subrec = FIRST_SUBNET, i = 0; 
+       subrec;
+       subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec), i++ )
+    ip_list[i] = subrec->myip;
+
+  (void)add_name_to_subnet( unicast_subnet, nmbname->name, nmbname->name_type,
+                            nb_flags, lp_max_ttl(), SELF_NAME,
+                            num_ips, ip_list);
+
+  /* Now try and register the name, num_ips times. On the last time use
+     the given success and fail functions. */
+
+  for( i = 0; i < num_ips; i++)
+  {
+    if(queue_register_multihomed_name( unicast_subnet,
+        register_name_response,
+        register_name_timeout_response,
+        (i == num_ips - 1) ? success_fn : NULL,
+        (i == num_ips - 1) ? fail_fn : NULL,
+        (i == num_ips - 1) ? userdata : NULL,
+        nmbname,
+        nb_flags,
+        ip_list[i]) == NULL)
+    {
+      DEBUG(0,("multihomed_register_name: Failed to send packet trying to \
+register name %s IP %s\n", nmb_namestr(nmbname), inet_ntoa(ip_list[i]) ));
+
+      SAFE_FREE(ip_list);
+      return True;
+    }
+  }
+
+  SAFE_FREE(ip_list);
+
+  return False;
+}
+
+/****************************************************************************
+ Try and register one of our names.
+****************************************************************************/
+
+BOOL register_name(struct subnet_record *subrec,
+                   char *name, int type, uint16 nb_flags,
+                   register_name_success_function success_fn,
+                   register_name_fail_function fail_fn,
+                   struct userdata_struct *userdata)
+{
+  struct nmb_name nmbname;
+
+  make_nmb_name(&nmbname, name, type);
+
+  /* Always set the NB_ACTIVE flag on the name we are
+     registering. Doesn't make sense without it.
+   */
+
+  nb_flags |= NB_ACTIVE;
+
+  /* If this is the unicast subnet, and we are a multi-homed
+     host, then register a multi-homed name. */
+
+  if( (subrec == unicast_subnet) && we_are_multihomed())
+    return multihomed_register_name(&nmbname, nb_flags,
+                                    success_fn, fail_fn,
+                                    userdata);
+
+  if(queue_register_name( subrec,
+        register_name_response,
+        register_name_timeout_response,
+        success_fn,
+        fail_fn,
+        userdata,
+        &nmbname,
+        nb_flags) == NULL)
+  {
+    DEBUG(0,("register_name: Failed to send packet trying to register name %s\n",
+          nmb_namestr(&nmbname)));
+    return True;
+  }
+  return False;
+}
+
+/****************************************************************************
+ Try and refresh one of our names.
+****************************************************************************/
+
+BOOL refresh_name(struct subnet_record *subrec, struct name_record *namerec,
+                  refresh_name_success_function success_fn,
+                  refresh_name_fail_function fail_fn,
+                  struct userdata_struct *userdata)
+{
+  int i;
+
+  /* 
+   * Go through and refresh the name for all known ip addresses.
+   * Only call the success/fail function on the last one (it should
+   * only be done once).
+   */
+
+  for( i = 0; i < namerec->data.num_ips; i++)
+  {
+    if(queue_refresh_name( subrec,
+        register_name_response,
+        register_name_timeout_response,
+        (i == (namerec->data.num_ips - 1)) ? success_fn : NULL,
+        (i == (namerec->data.num_ips - 1)) ? fail_fn : NULL,
+        (i == (namerec->data.num_ips - 1)) ? userdata : NULL,
+        namerec,
+        namerec->data.ip[i]) == NULL)
+    {
+      DEBUG(0,("refresh_name: Failed to send packet trying to refresh name %s\n",
+            nmb_namestr(&namerec->name)));
+      return True;
+    }
+  }
+  return False;
+}
diff --git a/source3/nmbd/nmbd_namerelease.c b/source3/nmbd/nmbd_namerelease.c
new file mode 100644
index 0000000000..fd35181f33
--- /dev/null
+++ b/source3/nmbd/nmbd_namerelease.c
@@ -0,0 +1,233 @@
+/* 
+   Unix SMB/CIFS implementation.
+   NBT netbios routines and daemon - version 2
+   Copyright (C) Andrew Tridgell 1994-1998
+   Copyright (C) Luke Kenneth Casson Leighton 1994-1998
+   Copyright (C) Jeremy Allison 1994-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   
+*/
+
+#include "includes.h"
+
+/****************************************************************************
+ Deal with a response packet when releasing one of our names.
+****************************************************************************/
+
+static void release_name_response(struct subnet_record *subrec,
+                       struct response_record *rrec, struct packet_struct *p)
+{
+  /* 
+   * If we are releasing broadcast, then getting a response is an
+   * error. If we are releasing unicast, then we expect to get a response.
+   */
+
+  struct nmb_packet *nmb = &p->packet.nmb;
+  BOOL bcast = nmb->header.nm_flags.bcast;
+  BOOL success = True;
+  struct nmb_name *question_name = &rrec->packet->packet.nmb.question.question_name;
+  struct nmb_name *answer_name = &nmb->answers->rr_name;
+  struct in_addr released_ip;
+
+  /* Sanity check. Ensure that the answer name in the incoming packet is the
+     same as the requested name in the outgoing packet. */
+
+  if(!nmb_name_equal(question_name, answer_name))
+  {
+    DEBUG(0,("release_name_response: Answer name %s differs from question \
+name %s.\n", nmb_namestr(answer_name), nmb_namestr(question_name)));
+    return;
+  }
+
+  if(bcast)
+  {
+    /* Someone sent a response. This shouldn't happen/ */
+    DEBUG(1,("release_name_response: A response for releasing name %s was received on a \
+broadcast subnet %s. This should not happen !\n", nmb_namestr(answer_name), subrec->subnet_name));
+    return;
+  }
+  else
+  {
+    /* Unicast - check to see if the response allows us to release the name. */
+    if(nmb->header.rcode != 0)
+    {
+      /* Error code - we were told not to release the name ! What now ! */
+      success = False;
+
+      DEBUG(0,("release_name_response: WINS server at IP %s rejected our \
+name release of name %s with error code %d.\n", inet_ntoa(p->ip), 
+                  nmb_namestr(answer_name), nmb->header.rcode));
+
+    }
+    else if(nmb->header.opcode == NMB_WACK_OPCODE)
+    {
+      /* WINS server is telling us to wait. Pretend we didn't get
+         the response but don't send out any more release requests. */
+
+      DEBUG(5,("release_name_response: WACK from WINS server %s in releasing \
+name %s on subnet %s.\n", inet_ntoa(p->ip), nmb_namestr(answer_name), subrec->subnet_name));
+
+      rrec->repeat_count = 0;
+      /* How long we should wait for. */
+      rrec->repeat_time = p->timestamp + nmb->answers->ttl;
+      rrec->num_msgs--;
+      return;
+    }
+  } 
+
+  DEBUG(5,("release_name_response: %s in releasing name %s on subnet %s.\n",
+        success ? "success" : "failure", nmb_namestr(answer_name), subrec->subnet_name));
+
+  if(success)
+  {
+    putip((char*)&released_ip ,&nmb->answers->rdata[2]);
+
+    if(rrec->success_fn)
+      (*(release_name_success_function)rrec->success_fn)(subrec, rrec->userdata, answer_name, released_ip);
+    standard_success_release( subrec, rrec->userdata, answer_name, released_ip);
+  }
+  else
+  {
+    /* We have no standard_fail_release - maybe we should add one ? */
+    if(rrec->fail_fn)
+      (*(release_name_fail_function)rrec->fail_fn)(subrec, rrec, answer_name);
+  }
+
+  remove_response_record(subrec, rrec);
+}
+
+/****************************************************************************
+ Deal with a timeout when releasing one of our names.
+****************************************************************************/
+
+static void release_name_timeout_response(struct subnet_record *subrec,
+                       struct response_record *rrec)
+{
+  /*
+   * If we are releasing unicast, then NOT getting a response is an
+   * error - we could not release the name. If we are releasing broadcast,
+   * then we don't expect to get a response.
+   */
+
+  struct nmb_packet *sent_nmb = &rrec->packet->packet.nmb;
+  BOOL bcast = sent_nmb->header.nm_flags.bcast;
+  BOOL success = False;
+  struct nmb_name *question_name = &sent_nmb->question.question_name;
+  struct in_addr released_ip;
+
+  if(bcast)
+  {
+    if(rrec->num_msgs == 0)
+    {
+      /* Not receiving a message is success for broadcast release. */
+      success = True; 
+
+      /* Get the ip address we were trying to release. */
+      putip((char*)&released_ip ,&sent_nmb->additional->rdata[2]);
+    }
+  }
+  else
+  {
+    /* Unicast - if no responses then it's an error. */
+    if(rrec->num_msgs == 0)
+    {
+      DEBUG(2,("release_name_timeout_response: WINS server at address %s is not \
+responding.\n", inet_ntoa(rrec->packet->ip)));
+
+      /* Keep trying to contact the WINS server periodically. This allows
+         us to work correctly if the WINS server is down temporarily when
+         we want to delete the name. */
+
+      /* Reset the number of attempts to zero and double the interval between
+         retries. Max out at 5 minutes. */
+      rrec->repeat_count = 3;
+      rrec->repeat_interval *= 2;
+      if(rrec->repeat_interval > (5 * 60))
+        rrec->repeat_interval = (5 * 60);
+      rrec->repeat_time = time(NULL) + rrec->repeat_interval;
+
+      DEBUG(5,("release_name_timeout_response: increasing WINS timeout to %d seconds.\n",
+              (int)rrec->repeat_interval));
+      return; /* Don't remove the response record. */
+    }
+  }
+
+  DEBUG(5,("release_name_timeout_response: %s in releasing name %s on subnet %s.\n",
+        success ? "success" : "failure", nmb_namestr(question_name), subrec->subnet_name));
+
+  if(success && rrec->success_fn)
+  {
+    if(rrec->success_fn)
+      (*(release_name_success_function)rrec->success_fn)(subrec, rrec->userdata, question_name, released_ip);
+    standard_success_release( subrec, rrec->userdata, question_name, released_ip);
+  }
+  else 
+  {
+    /* We have no standard_fail_release - maybe we should add one ? */
+    if( rrec->fail_fn)
+      (*(release_name_fail_function)rrec->fail_fn)(subrec, rrec, question_name);
+  }
+
+  remove_response_record(subrec, rrec);
+}
+
+/****************************************************************************
+ Try and release one of our names.
+****************************************************************************/
+
+BOOL release_name(struct subnet_record *subrec, struct name_record *namerec,
+                   release_name_success_function success_fn,
+                   release_name_fail_function fail_fn,
+                   struct userdata_struct *userdata)
+{
+  int i;
+
+  /* Ensure it's a SELF name, and in the ACTIVE state. */
+  if((namerec->data.source != SELF_NAME) || !NAME_IS_ACTIVE(namerec))
+  {
+    DEBUG(0,("release_name: Cannot release name %s from subnet %s. Source was %d \n",
+          nmb_namestr(&namerec->name), subrec->subnet_name, namerec->data.source)); 
+    return True;
+  }
+
+  /* Set the name into the deregistering state. */
+  namerec->data.nb_flags |= NB_DEREG;
+
+  /*  
+   * Go through and release the name for all known ip addresses.
+   * Only call the success/fail function on the last one (it should
+   * only be done once).
+   */
+
+  for( i = 0; i < namerec->data.num_ips; i++)
+  {
+    if(queue_release_name( subrec,
+        release_name_response,
+        release_name_timeout_response,
+        (i == (namerec->data.num_ips - 1)) ? success_fn : NULL,
+        (i == (namerec->data.num_ips - 1)) ? fail_fn : NULL,
+        (i == (namerec->data.num_ips - 1)) ? userdata : NULL,
+        &namerec->name,
+        namerec->data.nb_flags,
+        namerec->data.ip[i]) == NULL)
+    {
+      DEBUG(0,("release_name: Failed to send packet trying to release name %s IP %s\n",
+            nmb_namestr(&namerec->name), inet_ntoa(namerec->data.ip[i]) ));
+      return True;
+    }
+  }
+  return False;
+}
diff --git a/source3/nmbd/nmbd_nodestatus.c b/source3/nmbd/nmbd_nodestatus.c
new file mode 100644
index 0000000000..993e4d9d17
--- /dev/null
+++ b/source3/nmbd/nmbd_nodestatus.c
@@ -0,0 +1,94 @@
+/* 
+   Unix SMB/CIFS implementation.
+   NBT netbios routines and daemon - version 2
+   Copyright (C) Andrew Tridgell 1994-1998
+   Copyright (C) Luke Kenneth Casson Leighton 1994-1998
+   Copyright (C) Jeremy Allison 1994-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   
+*/
+
+#include "includes.h"
+
+/****************************************************************************
+ Deal with a successful node status response.
+****************************************************************************/
+static void node_status_response(struct subnet_record *subrec,
+                       struct response_record *rrec, struct packet_struct *p)
+{
+  struct nmb_packet *nmb = &p->packet.nmb;
+  struct nmb_name *question_name = &rrec->packet->packet.nmb.question.question_name;
+  struct nmb_name *answer_name = &nmb->answers->rr_name;
+
+  /* Sanity check. Ensure that the answer name in the incoming packet is the
+     same as the requested name in the outgoing packet. */
+
+  if(!nmb_name_equal(question_name, answer_name))
+  {
+    DEBUG(0,("node_status_response: Answer name %s differs from question \
+name %s.\n", nmb_namestr(answer_name), nmb_namestr(question_name)));
+    return;
+  }
+
+  DEBUG(5,("node_status_response: response from name %s on subnet %s.\n",
+        nmb_namestr(answer_name), subrec->subnet_name));
+
+  /* Just send the whole answer resource record for the success function
+     to parse. */
+  if(rrec->success_fn)
+    (*(node_status_success_function)rrec->success_fn)(subrec, rrec->userdata, nmb->answers, p->ip);
+
+  /* Ensure we don't retry. */
+  remove_response_record(subrec, rrec);
+}
+
+/****************************************************************************
+ Deal with a timeout when requesting a node status.
+****************************************************************************/
+static void node_status_timeout_response(struct subnet_record *subrec,
+                       struct response_record *rrec)
+{
+  struct nmb_packet *sent_nmb = &rrec->packet->packet.nmb;
+  struct nmb_name *question_name = &sent_nmb->question.question_name;
+
+  DEBUG(5,("node_status_timeout_response: failed to get node status from name %s on subnet %s\n",
+           nmb_namestr(question_name), subrec->subnet_name));
+
+  if( rrec->fail_fn)
+    (*rrec->fail_fn)(subrec, rrec);
+
+  /* Ensure we don't retry. */
+  remove_response_record(subrec, rrec);
+}
+
+/****************************************************************************
+ Try and do a node status to a name - given the name & IP address.
+****************************************************************************/
+ 
+BOOL node_status(struct subnet_record *subrec, struct nmb_name *nmbname,
+                 struct in_addr send_ip, node_status_success_function success_fn, 
+                 node_status_fail_function fail_fn, struct userdata_struct *userdata)
+{
+  if(queue_node_status( subrec, 
+              node_status_response, node_status_timeout_response,
+              success_fn, fail_fn, userdata, nmbname, send_ip)==NULL)
+  {
+    DEBUG(0,("node_status: Failed to send packet trying to get node status for \
+name %s, IP address %s\n", nmb_namestr(nmbname), inet_ntoa(send_ip)));
+    return True;
+  } 
+  return False;
+}
diff --git a/source3/nmbd/nmbd_packets.c b/source3/nmbd/nmbd_packets.c
new file mode 100644
index 0000000000..a11b30b1dc
--- /dev/null
+++ b/source3/nmbd/nmbd_packets.c
@@ -0,0 +1,1978 @@
+/* 
+   Unix SMB/CIFS implementation.
+   NBT netbios routines and daemon - version 2
+   Copyright (C) Andrew Tridgell 1994-1998
+   Copyright (C) Luke Kenneth Casson Leighton 1994-1998
+   Copyright (C) Jeremy Allison 1994-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   
+*/
+
+#include "includes.h"
+
+extern int ClientNMB;
+extern int ClientDGRAM;
+extern int global_nmb_port;
+
+extern int num_response_packets;
+
+extern struct in_addr loopback_ip;
+
+static void queue_packet(struct packet_struct *packet);
+
+BOOL rescan_listen_set = False;
+
+
+/*******************************************************************
+  The global packet linked-list. Incoming entries are 
+  added to the end of this list. It is supposed to remain fairly 
+  short so we won't bother with an end pointer.
+******************************************************************/
+
+static struct packet_struct *packet_queue = NULL;
+
+/***************************************************************************
+Utility function to find the specific fd to send a packet out on.
+**************************************************************************/
+
+static int find_subnet_fd_for_address( struct in_addr local_ip )
+{
+  struct subnet_record *subrec;
+
+  for( subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec))
+    if(ip_equal(local_ip, subrec->myip))
+      return subrec->nmb_sock;
+
+  return ClientNMB;
+}
+
+/***************************************************************************
+Utility function to find the specific fd to send a mailslot packet out on.
+**************************************************************************/
+
+static int find_subnet_mailslot_fd_for_address( struct in_addr local_ip )
+{
+  struct subnet_record *subrec;
+
+  for( subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec))
+    if(ip_equal(local_ip, subrec->myip))
+      return subrec->dgram_sock;
+
+  return ClientDGRAM;
+}
+
+/***************************************************************************
+Get/Set problematic nb_flags as network byte order 16 bit int.
+**************************************************************************/
+
+uint16 get_nb_flags(char *buf)
+{
+  return ((((uint16)*buf)&0xFFFF) & NB_FLGMSK);
+}
+
+void set_nb_flags(char *buf, uint16 nb_flags)
+{
+  *buf++ = ((nb_flags & NB_FLGMSK) & 0xFF);
+  *buf = '\0';
+}
+
+/***************************************************************************
+Dumps out the browse packet data.
+**************************************************************************/
+
+static void debug_browse_data(char *outbuf, int len)
+{
+  int i,j;
+
+  DEBUG( 4, ( "debug_browse_data():\n" ) );
+  for (i = 0; i < len; i+= 16)
+  {
+    DEBUGADD( 4, ( "%3x char ", i ) );
+
+    for (j = 0; j < 16; j++)
+    {
+      unsigned char x;
+      if (i+j >= len)
+        break;
+
+      x = outbuf[i+j];
+      if (x < 32 || x > 127) 
+        x = '.';
+	    
+      DEBUGADD( 4, ( "%c", x ) );
+    }
+
+    DEBUGADD( 4, ( "%*s hex", 16-j, "" ) );
+
+    for (j = 0; j < 16; j++)
+    {
+      if (i+j >= len) 
+        break;
+      DEBUGADD( 4, ( " %02x", (unsigned char)outbuf[i+j] ) );
+    }
+
+    DEBUGADD( 4, ("\n") );
+  }
+}
+
+/***************************************************************************
+  Generates the unique transaction identifier
+**************************************************************************/
+
+static uint16 name_trn_id=0;
+
+static uint16 generate_name_trn_id(void)
+{
+
+  if (!name_trn_id)
+  {
+    name_trn_id = ((unsigned)time(NULL)%(unsigned)0x7FFF) + ((unsigned)sys_getpid()%(unsigned)100);
+  }
+  name_trn_id = (name_trn_id+1) % (unsigned)0x7FFF;
+  return name_trn_id;
+}
+
+/***************************************************************************
+ Either loops back or sends out a completed NetBIOS packet.
+**************************************************************************/
+
+static BOOL send_netbios_packet(struct packet_struct *p)
+{
+  BOOL loopback_this_packet = False;
+
+  /* Check if we are sending to or from ourselves as a WINS server. */
+  if(ismyip(p->ip) && (p->port == global_nmb_port))
+    loopback_this_packet = True;
+
+  if(loopback_this_packet)
+  {
+    struct packet_struct *lo_packet = NULL;
+    DEBUG(5,("send_netbios_packet: sending packet to ourselves.\n"));
+    if((lo_packet = copy_packet(p)) == NULL)
+      return False;
+    queue_packet(lo_packet);
+  }
+  else if (!send_packet(p))
+  {
+    DEBUG(0,("send_netbios_packet: send_packet() to IP %s port %d failed\n",
+                         inet_ntoa(p->ip),p->port));
+    return False;
+  }
+  
+  return True;
+} 
+
+/***************************************************************************
+ Sets up the common elements of an outgoing NetBIOS packet.
+
+ Note: do not attempt to rationalise whether rec_des should be set or not
+ in a particular situation. Just follow rfc_1002 or look at examples from WinXX.
+ It does NOT follow the rule that requests to the wins server always have
+ rec_des true. See for example name releases and refreshes
+**************************************************************************/
+
+static struct packet_struct *create_and_init_netbios_packet(struct nmb_name *nmbname,
+                                                            BOOL bcast, BOOL rec_des,
+                                                            struct in_addr to_ip)
+{
+  struct packet_struct *packet = NULL;
+  struct nmb_packet *nmb = NULL;
+
+  /* Allocate the packet_struct we will return. */
+  if((packet = (struct packet_struct *)malloc(sizeof(*packet))) == NULL)
+  {
+    DEBUG(0,("create_and_init_netbios_packet: malloc fail (1) for packet struct.\n"));
+    return NULL;
+  }
+    
+  memset((char *)packet,'\0',sizeof(*packet));
+
+  nmb = &packet->packet.nmb;
+
+  nmb->header.name_trn_id = generate_name_trn_id();
+  nmb->header.response = False;
+  nmb->header.nm_flags.recursion_desired = rec_des;
+  nmb->header.nm_flags.recursion_available = False;
+  nmb->header.nm_flags.trunc = False;
+  nmb->header.nm_flags.authoritative = False;
+  nmb->header.nm_flags.bcast = bcast;
+  
+  nmb->header.rcode = 0;
+  nmb->header.qdcount = 1;
+  nmb->header.ancount = 0;
+  nmb->header.nscount = 0;
+
+  nmb->question.question_name = *nmbname;
+  nmb->question.question_type = QUESTION_TYPE_NB_QUERY;
+  nmb->question.question_class = QUESTION_CLASS_IN;
+
+  packet->ip = to_ip;
+  packet->port = NMB_PORT;
+  packet->fd = ClientNMB;
+  packet->timestamp = time(NULL);
+  packet->packet_type = NMB_PACKET;
+  packet->locked = False;
+  
+  return packet; /* Caller must free. */
+}
+
+/***************************************************************************
+ Sets up the common elements of register, refresh or release packet.
+**************************************************************************/
+
+static BOOL create_and_init_additional_record(struct packet_struct *packet,
+                                                     uint16 nb_flags,
+                                                     struct in_addr *register_ip)
+{
+  struct nmb_packet *nmb = &packet->packet.nmb;
+
+  if((nmb->additional = (struct res_rec *)malloc(sizeof(struct res_rec))) == NULL)
+  {
+    DEBUG(0,("initiate_name_register_packet: malloc fail for additional record.\n"));
+    return False;
+  }
+
+  memset((char *)nmb->additional,'\0',sizeof(struct res_rec));
+
+  nmb->additional->rr_name  = nmb->question.question_name;
+  nmb->additional->rr_type  = RR_TYPE_NB;
+  nmb->additional->rr_class = RR_CLASS_IN;
+
+  /* See RFC 1002, sections 5.1.1.1, 5.1.1.2 and 5.1.1.3 */
+  if (nmb->header.nm_flags.bcast)
+    nmb->additional->ttl = PERMANENT_TTL;
+  else
+    nmb->additional->ttl = lp_max_ttl();
+
+  nmb->additional->rdlength = 6;
+
+  set_nb_flags(nmb->additional->rdata,nb_flags);
+
+  /* Set the address for the name we are registering. */
+  putip(&nmb->additional->rdata[2], register_ip);
+
+  /* Ensure that we send out the file descriptor to give us the
+     the specific source address we are registering as our
+     IP source address. */
+
+  packet->fd = find_subnet_fd_for_address( *register_ip );
+
+  return True;
+}
+
+/***************************************************************************
+ Sends out a name query.
+**************************************************************************/
+
+static BOOL initiate_name_query_packet( struct packet_struct *packet)
+{
+  struct nmb_packet *nmb = NULL;
+
+  nmb = &packet->packet.nmb;
+
+  nmb->header.opcode = NMB_NAME_QUERY_OPCODE;
+  nmb->header.arcount = 0;
+
+  nmb->header.nm_flags.recursion_desired = True;
+
+  DEBUG(4,("initiate_name_query_packet: sending query for name %s (bcast=%s) to IP %s\n",
+	   nmb_namestr(&nmb->question.question_name), 
+           BOOLSTR(nmb->header.nm_flags.bcast), inet_ntoa(packet->ip)));
+
+  return send_netbios_packet( packet );
+}
+
+/***************************************************************************
+ Sends out a name query - from a WINS server. 
+**************************************************************************/
+
+static BOOL initiate_name_query_packet_from_wins_server( struct packet_struct *packet)
+{   
+  struct nmb_packet *nmb = NULL;
+  
+  nmb = &packet->packet.nmb;
+
+  nmb->header.opcode = NMB_NAME_QUERY_OPCODE;
+  nmb->header.arcount = 0;
+    
+  nmb->header.nm_flags.recursion_desired = False;
+  
+  DEBUG(4,("initiate_name_query_packet_from_wins_server: sending query for name %s (bcast=%s) to IP %s\n",
+           nmb_namestr(&nmb->question.question_name),
+           BOOLSTR(nmb->header.nm_flags.bcast), inet_ntoa(packet->ip)));
+    
+  return send_netbios_packet( packet );
+} 
+
+/***************************************************************************
+ Sends out a name register.
+**************************************************************************/
+
+static BOOL initiate_name_register_packet( struct packet_struct *packet,
+                                    uint16 nb_flags, struct in_addr *register_ip)
+{
+  struct nmb_packet *nmb = &packet->packet.nmb;
+
+  nmb->header.opcode = NMB_NAME_REG_OPCODE;
+  nmb->header.arcount = 1;
+
+  nmb->header.nm_flags.recursion_desired = True;
+
+  if(create_and_init_additional_record(packet, nb_flags, register_ip) == False)
+    return False;
+
+  DEBUG(4,("initiate_name_register_packet: sending registration for name %s (bcast=%s) to IP %s\n",
+	   nmb_namestr(&nmb->additional->rr_name),
+           BOOLSTR(nmb->header.nm_flags.bcast), inet_ntoa(packet->ip)));
+
+  return send_netbios_packet( packet );
+}
+
+/***************************************************************************
+ Sends out a multihomed name register.
+**************************************************************************/
+
+static BOOL initiate_multihomed_name_register_packet( struct packet_struct *packet,
+                                    uint16 nb_flags, struct in_addr *register_ip)
+{
+  struct nmb_packet *nmb = &packet->packet.nmb;
+  fstring second_ip_buf;
+
+  fstrcpy(second_ip_buf, inet_ntoa(packet->ip));
+
+  nmb->header.opcode = NMB_NAME_MULTIHOMED_REG_OPCODE;
+  nmb->header.arcount = 1;
+
+  nmb->header.nm_flags.recursion_desired = True;
+
+  if(create_and_init_additional_record(packet, nb_flags, register_ip) == False)
+    return False;
+
+  DEBUG(4,("initiate_multihomed_name_register_packet: sending registration \
+for name %s IP %s (bcast=%s) to IP %s\n",
+	   nmb_namestr(&nmb->additional->rr_name), inet_ntoa(*register_ip),
+           BOOLSTR(nmb->header.nm_flags.bcast), second_ip_buf ));
+
+  return send_netbios_packet( packet );
+} 
+
+/***************************************************************************
+ Sends out a name refresh.
+**************************************************************************/
+
+static BOOL initiate_name_refresh_packet( struct packet_struct *packet,
+                                   uint16 nb_flags, struct in_addr *refresh_ip)
+{
+  struct nmb_packet *nmb = &packet->packet.nmb;
+
+  nmb->header.opcode = NMB_NAME_REFRESH_OPCODE_8;
+  nmb->header.arcount = 1;
+
+  nmb->header.nm_flags.recursion_desired = False;
+
+  if(create_and_init_additional_record(packet, nb_flags, refresh_ip) == False)
+    return False;
+
+  DEBUG(4,("initiate_name_refresh_packet: sending refresh for name %s (bcast=%s) to IP %s\n",
+	   nmb_namestr(&nmb->additional->rr_name),
+           BOOLSTR(nmb->header.nm_flags.bcast), inet_ntoa(packet->ip)));
+
+  return send_netbios_packet( packet );
+} 
+
+/***************************************************************************
+ Sends out a name release.
+**************************************************************************/
+
+static BOOL initiate_name_release_packet( struct packet_struct *packet,
+                                   uint16 nb_flags, struct in_addr *release_ip)
+{
+  struct nmb_packet *nmb = &packet->packet.nmb;
+
+  nmb->header.opcode = NMB_NAME_RELEASE_OPCODE;
+  nmb->header.arcount = 1;
+
+  nmb->header.nm_flags.recursion_desired = False;
+
+  if(create_and_init_additional_record(packet, nb_flags, release_ip) == False)
+    return False;
+
+  DEBUG(4,("initiate_name_release_packet: sending release for name %s (bcast=%s) to IP %s\n",
+	   nmb_namestr(&nmb->additional->rr_name),
+           BOOLSTR(nmb->header.nm_flags.bcast), inet_ntoa(packet->ip)));
+
+  return send_netbios_packet( packet );
+} 
+
+/***************************************************************************
+ Sends out a node status.
+**************************************************************************/
+
+static BOOL initiate_node_status_packet( struct packet_struct *packet )
+{
+  struct nmb_packet *nmb = &packet->packet.nmb;
+
+  nmb->header.opcode = NMB_NAME_QUERY_OPCODE;
+  nmb->header.arcount = 0;
+
+  nmb->header.nm_flags.recursion_desired = False;
+
+  nmb->question.question_type = QUESTION_TYPE_NB_STATUS;
+
+  DEBUG(4,("initiate_node_status_packet: sending node status request for name %s to IP %s\n",
+	   nmb_namestr(&nmb->question.question_name),
+           inet_ntoa(packet->ip)));
+
+  return send_netbios_packet( packet );
+}
+
+/****************************************************************************
+  Simplification functions for queuing standard packets.
+  These should be the only publicly callable functions for sending
+  out packets.
+****************************************************************************/
+
+/****************************************************************************
+ Assertion - we should never be sending nmbd packets on the remote
+ broadcast subnet.
+****************************************************************************/
+
+static BOOL assert_check_subnet(struct subnet_record *subrec)
+{
+  if( subrec == remote_broadcast_subnet)
+  {
+    DEBUG(0,("assert_check_subnet: Attempt to send packet on remote broadcast subnet. \
+This is a bug.\n"));
+    return True;
+  }
+  return False;
+}
+
+/****************************************************************************
+ Queue a register name packet to the broadcast address of a subnet.
+****************************************************************************/
+
+struct response_record *queue_register_name( struct subnet_record *subrec,
+                          response_function resp_fn,
+                          timeout_response_function timeout_fn,
+                          register_name_success_function success_fn,
+                          register_name_fail_function fail_fn,
+                          struct userdata_struct *userdata,
+                          struct nmb_name *nmbname,
+                          uint16 nb_flags)
+{
+  struct packet_struct *p;
+  struct response_record *rrec;
+
+  if(assert_check_subnet(subrec))
+    return NULL;
+
+  /* note that all name registration requests have RD set (rfc1002 -
+     section 4.2.2 */
+  if ((p = create_and_init_netbios_packet(nmbname, (subrec != unicast_subnet), True,
+					  subrec->bcast_ip)) == NULL)
+    return NULL;
+
+  if(initiate_name_register_packet( p, nb_flags, 
+                                    iface_ip(subrec->bcast_ip)) == False)
+  {
+    p->locked = False;
+    free_packet(p);
+    return NULL;
+  }
+
+  if((rrec = make_response_record(subrec,           /* subnet record. */
+           p,                     /* packet we sent. */
+           resp_fn,               /* function to call on response. */
+           timeout_fn,            /* function to call on timeout. */
+           (success_function)success_fn,            /* function to call on operation success. */
+           (fail_function)fail_fn,               /* function to call on operation fail. */
+           userdata)) == NULL)  
+  {
+    p->locked = False;
+    free_packet(p);
+    return NULL;
+  }
+
+  return rrec;
+}
+
+/****************************************************************************
+ Queue a multihomed register name packet to the broadcast address of a subnet.
+****************************************************************************/
+
+struct response_record *queue_register_multihomed_name( struct subnet_record *subrec,
+                          response_function resp_fn,
+                          timeout_response_function timeout_fn,
+                          register_name_success_function success_fn,
+                          register_name_fail_function fail_fn,
+                          struct userdata_struct *userdata,
+                          struct nmb_name *nmbname,
+                          uint16 nb_flags,
+                          struct in_addr register_ip)
+{
+  struct packet_struct *p;
+  struct response_record *rrec;
+  BOOL ret;
+     
+  /* Sanity check. */
+  if(subrec != unicast_subnet)
+  {
+    DEBUG(0,("queue_register_multihomed_name: should only be done on \
+unicast subnet. subnet is %s\n.", subrec->subnet_name ));
+    return NULL;
+  }
+
+  if(assert_check_subnet(subrec))
+    return NULL;
+     
+  if(( p = create_and_init_netbios_packet(nmbname, False, True,
+					  subrec->bcast_ip)) == NULL)
+    return NULL;
+
+  if (nb_flags & NB_GROUP)
+    ret = initiate_name_register_packet( p, nb_flags, &register_ip);
+  else
+    ret = initiate_multihomed_name_register_packet( p, nb_flags, &register_ip);
+
+  if(ret == False)
+  {  
+    p->locked = False;
+    free_packet(p);
+    return NULL;
+  }  
+  
+  if((rrec = make_response_record(subrec,    /* subnet record. */
+                p,                     /* packet we sent. */
+                resp_fn,               /* function to call on response. */
+                timeout_fn,            /* function to call on timeout. */
+                (success_function)success_fn,            /* function to call on operation success. */
+                (fail_function)fail_fn,               /* function to call on operation fail. */
+                userdata)) == NULL)
+  {  
+    p->locked = False;
+    free_packet(p);
+    return NULL;
+  }  
+  
+  return rrec;
+}
+
+/****************************************************************************
+ Queue a release name packet to the broadcast address of a subnet.
+****************************************************************************/
+
+struct response_record *queue_release_name( struct subnet_record *subrec,
+                          response_function resp_fn,
+                          timeout_response_function timeout_fn,
+                          release_name_success_function success_fn,
+                          release_name_fail_function fail_fn,
+                          struct userdata_struct *userdata,
+                          struct nmb_name *nmbname,
+                          uint16 nb_flags,
+                          struct in_addr release_ip)
+{
+  struct packet_struct *p;
+  struct response_record *rrec;
+
+  if(assert_check_subnet(subrec))
+    return NULL;
+
+  if ((p = create_and_init_netbios_packet(nmbname, (subrec != unicast_subnet), False,
+                     subrec->bcast_ip)) == NULL)
+    return NULL;
+
+  if(initiate_name_release_packet( p, nb_flags, &release_ip) == False)
+  {
+    p->locked = False;
+    free_packet(p);
+    return NULL;
+  }
+
+  if((rrec = make_response_record(subrec,           /* subnet record. */
+                    p,                     /* packet we sent. */
+                    resp_fn,               /* function to call on response. */
+                    timeout_fn,            /* function to call on timeout. */
+                    (success_function)success_fn,            /* function to call on operation success. */
+                    (fail_function)fail_fn,               /* function to call on operation fail. */
+                    userdata)) == NULL)  
+  {
+    p->locked = False;
+    free_packet(p);
+    return NULL;
+  }
+
+  /*
+   * For a broadcast release packet, only send once.
+   * This will cause us to remove the name asap. JRA.
+   */
+
+  if (subrec != unicast_subnet) {
+	  rrec->repeat_count = 0;
+	  rrec->repeat_time = 0;
+  }
+
+  return rrec;
+}
+
+/****************************************************************************
+ Queue a refresh name packet to the broadcast address of a subnet.
+****************************************************************************/
+
+struct response_record *queue_refresh_name( struct subnet_record *subrec,
+                          response_function resp_fn,
+                          timeout_response_function timeout_fn,
+                          refresh_name_success_function success_fn,
+                          refresh_name_fail_function fail_fn,
+                          struct userdata_struct *userdata,
+                          struct name_record *namerec,
+                          struct in_addr refresh_ip)
+{
+  struct packet_struct *p;
+  struct response_record *rrec;
+
+  if(assert_check_subnet(subrec))
+    return NULL;
+
+  if(( p = create_and_init_netbios_packet(&namerec->name, (subrec != unicast_subnet), False,
+                     subrec->bcast_ip)) == NULL)
+    return NULL;
+
+  if( !initiate_name_refresh_packet( p, namerec->data.nb_flags, &refresh_ip ) )
+  {
+    p->locked = False;
+    free_packet(p);
+    return NULL;
+  }
+
+  if((rrec = make_response_record(subrec,           /* subnet record. */
+                  p,                     /* packet we sent. */
+                  resp_fn,               /* function to call on response. */
+                  timeout_fn,            /* function to call on timeout. */
+                  (success_function)success_fn,            /* function to call on operation success. */
+                  (fail_function)fail_fn,               /* function to call on operation fail. */
+                  userdata)) == NULL)
+  {
+    p->locked = False;
+    free_packet(p);
+    return NULL;
+  }
+  
+  return rrec;
+}
+
+/****************************************************************************
+ Queue a query name packet to the broadcast address of a subnet.
+****************************************************************************/
+ 
+struct response_record *queue_query_name( struct subnet_record *subrec,
+                          response_function resp_fn,
+                          timeout_response_function timeout_fn,
+                          query_name_success_function success_fn,
+                          query_name_fail_function fail_fn,
+                          struct userdata_struct *userdata,
+                          struct nmb_name *nmbname)
+{
+  struct packet_struct *p;
+  struct response_record *rrec;
+
+  if(assert_check_subnet(subrec))
+    return NULL;
+
+  if(( p = create_and_init_netbios_packet(nmbname, 
+					  (subrec != unicast_subnet), 
+					  (subrec == unicast_subnet), 
+					  subrec->bcast_ip)) == NULL)
+    return NULL;
+
+  if(lp_bind_interfaces_only()) {
+    int i;
+
+    DEBUG(10,("queue_query_name: bind_interfaces_only is set, looking for suitable source IP\n"));
+    for(i = 0; i < iface_count(); i++) {
+      struct in_addr *ifip = iface_n_ip(i);
+
+      if(ifip == NULL) {
+        DEBUG(0,("queue_query_name: interface %d has NULL IP address !\n", i));
+        continue;
+      }
+
+      if (ip_equal(*ifip,loopback_ip)) {
+        DEBUG(5,("queue_query_name: ignoring loopback interface (%d)\n", i));
+        continue;
+      }
+
+      DEBUG(10,("queue_query_name: using source IP %s\n",inet_ntoa(*ifip)));
+      p->fd = find_subnet_fd_for_address( *ifip );
+      break;
+    }
+  }
+
+  if(initiate_name_query_packet( p ) == False) {
+    p->locked = False;
+    free_packet(p);
+    return NULL;
+  }
+
+  if((rrec = make_response_record(subrec,           /* subnet record. */
+               p,                     /* packet we sent. */
+               resp_fn,               /* function to call on response. */
+               timeout_fn,            /* function to call on timeout. */
+               (success_function)success_fn,            /* function to call on operation success. */
+               (fail_function)fail_fn,               /* function to call on operation fail. */
+               userdata)) == NULL)
+  {
+    p->locked = False;
+    free_packet(p);
+    return NULL;
+  }
+
+  return rrec;
+}
+
+/****************************************************************************
+ Queue a query name packet to a given address from the WINS subnet.
+****************************************************************************/
+ 
+struct response_record *queue_query_name_from_wins_server( struct in_addr to_ip,
+                          response_function resp_fn,
+                          timeout_response_function timeout_fn,
+                          query_name_success_function success_fn,
+                          query_name_fail_function fail_fn,
+                          struct userdata_struct *userdata,
+                          struct nmb_name *nmbname)
+{
+  struct packet_struct *p;
+  struct response_record *rrec;
+
+  if ((p = create_and_init_netbios_packet(nmbname, False, False, to_ip)) == NULL)
+    return NULL;
+
+  if(initiate_name_query_packet_from_wins_server( p ) == False)
+  {
+    p->locked = False;
+    free_packet(p);
+    return NULL;
+  }
+
+  if((rrec = make_response_record(wins_server_subnet,           /* subnet record. */
+               p,                     /* packet we sent. */
+               resp_fn,               /* function to call on response. */
+               timeout_fn,            /* function to call on timeout. */
+               (success_function)success_fn,            /* function to call on operation success. */
+               (fail_function)fail_fn,               /* function to call on operation fail. */
+               userdata)) == NULL)
+  {
+    p->locked = False;
+    free_packet(p);
+    return NULL;
+  }
+
+  return rrec;
+}
+
+/****************************************************************************
+ Queue a node status packet to a given name and address.
+****************************************************************************/
+ 
+struct response_record *queue_node_status( struct subnet_record *subrec,
+                          response_function resp_fn,
+                          timeout_response_function timeout_fn,
+                          node_status_success_function success_fn,
+                          node_status_fail_function fail_fn,
+                          struct userdata_struct *userdata,
+                          struct nmb_name *nmbname,
+                          struct in_addr send_ip)
+{
+  struct packet_struct *p;
+  struct response_record *rrec;
+
+  /* Sanity check. */
+  if(subrec != unicast_subnet)
+  {
+    DEBUG(0,("queue_register_multihomed_name: should only be done on \
+unicast subnet. subnet is %s\n.", subrec->subnet_name ));
+    return NULL;
+  }
+
+  if(assert_check_subnet(subrec))
+    return NULL;
+
+  if(( p = create_and_init_netbios_packet(nmbname, False, False,
+					  send_ip)) == NULL)
+    return NULL;
+
+  if(initiate_node_status_packet(p) == False)
+  {
+    p->locked = False;
+    free_packet(p);
+    return NULL;
+  } 
+
+  if((rrec = make_response_record(subrec,           /* subnet record. */
+                   p,                     /* packet we sent. */
+                   resp_fn,               /* function to call on response. */
+                   timeout_fn,            /* function to call on timeout. */
+                   (success_function)success_fn,            /* function to call on operation success. */
+                   (fail_function)fail_fn,               /* function to call on operation fail. */
+                   userdata)) == NULL)
+  {
+    p->locked = False;
+    free_packet(p);
+    return NULL;
+  }
+
+  return rrec;
+}
+
+/****************************************************************************
+  Reply to a netbios name packet.  see rfc1002.txt
+****************************************************************************/
+
+void reply_netbios_packet(struct packet_struct *orig_packet,
+                          int rcode, enum netbios_reply_type_code rcv_code, int opcode,
+                          int ttl, char *data,int len)
+{
+  struct packet_struct packet;
+  struct nmb_packet *nmb = NULL;
+  struct res_rec answers;
+  struct nmb_packet *orig_nmb = &orig_packet->packet.nmb;
+  BOOL loopback_this_packet = False;
+  char *packet_type = "unknown";
+  
+  /* Check if we are sending to or from ourselves. */
+  if(ismyip(orig_packet->ip) && (orig_packet->port == global_nmb_port))
+    loopback_this_packet = True;
+  
+  nmb = &packet.packet.nmb;
+
+  /* Do a partial copy of the packet. We clear the locked flag and
+     the resource record pointers. */
+  packet = *orig_packet;   /* Full structure copy. */
+  packet.locked = False;
+  nmb->answers = NULL;
+  nmb->nsrecs = NULL;
+  nmb->additional = NULL;
+
+  switch (rcv_code)
+  {
+    case NMB_STATUS:
+    {
+      packet_type = "nmb_status";
+      nmb->header.nm_flags.recursion_desired = False;
+      nmb->header.nm_flags.recursion_available = False;
+      break;
+    }
+    case NMB_QUERY:
+    {
+      packet_type = "nmb_query";
+      nmb->header.nm_flags.recursion_desired = True;
+      nmb->header.nm_flags.recursion_available = True;
+      break;
+    }
+    case NMB_REG:
+    case NMB_REG_REFRESH:
+    {
+      packet_type = "nmb_reg";
+      nmb->header.nm_flags.recursion_desired = True;
+      nmb->header.nm_flags.recursion_available = True;
+      break;
+    }
+    case NMB_REL:
+    {
+      packet_type = "nmb_rel";
+      nmb->header.nm_flags.recursion_desired = False;
+      nmb->header.nm_flags.recursion_available = False;
+      break;
+    }
+    case NMB_WAIT_ACK:
+    {
+      packet_type = "nmb_wack";
+      nmb->header.nm_flags.recursion_desired = False;
+      nmb->header.nm_flags.recursion_available = False;
+      break;
+    }
+    case WINS_REG:
+    {
+      packet_type = "wins_reg";
+      nmb->header.nm_flags.recursion_desired = True;
+      nmb->header.nm_flags.recursion_available = True;
+      break;
+    }
+    case WINS_QUERY:
+    {
+      packet_type = "wins_query";
+      nmb->header.nm_flags.recursion_desired = True;
+      nmb->header.nm_flags.recursion_available = True;
+      break;
+    }
+
+    default:
+    {
+      DEBUG(0,("reply_netbios_packet: Unknown packet type: %s %s to ip %s\n",
+	            packet_type, nmb_namestr(&orig_nmb->question.question_name),
+                    inet_ntoa(packet.ip)));
+
+      return;
+    }
+  }
+
+  DEBUG(4,("reply_netbios_packet: sending a reply of packet type: %s %s to ip %s \
+for id %hu\n",
+	   packet_type, nmb_namestr(&orig_nmb->question.question_name),
+           inet_ntoa(packet.ip), orig_nmb->header.name_trn_id));
+
+  nmb->header.name_trn_id = orig_nmb->header.name_trn_id;
+  nmb->header.opcode = opcode;
+  nmb->header.response = True;
+  nmb->header.nm_flags.bcast = False;
+  nmb->header.nm_flags.trunc = False;
+  nmb->header.nm_flags.authoritative = True;
+  
+  nmb->header.rcode = rcode;
+  nmb->header.qdcount = 0;
+  nmb->header.ancount = 1;
+  nmb->header.nscount = 0;
+  nmb->header.arcount = 0;
+  
+  memset((char*)&nmb->question,'\0',sizeof(nmb->question));
+  
+  nmb->answers = &answers;
+  memset((char*)nmb->answers,'\0',sizeof(*nmb->answers));
+  
+  nmb->answers->rr_name  = orig_nmb->question.question_name;
+  nmb->answers->rr_type  = orig_nmb->question.question_type;
+  nmb->answers->rr_class = orig_nmb->question.question_class;
+  nmb->answers->ttl      = ttl;
+  
+  if (data && len)
+  {
+    nmb->answers->rdlength = len;
+    memcpy(nmb->answers->rdata, data, len);
+  }
+  
+  packet.packet_type = NMB_PACKET;
+  /* Ensure we send out on the same fd that the original
+     packet came in on to give the correct source IP address. */
+  packet.fd = orig_packet->fd;
+  packet.timestamp = time(NULL);
+
+  debug_nmb_packet(&packet);
+  
+  if(loopback_this_packet)
+  {
+    struct packet_struct *lo_packet;
+    DEBUG(5,("reply_netbios_packet: sending packet to ourselves.\n"));
+    if((lo_packet = copy_packet(&packet)) == NULL)
+      return;
+    queue_packet(lo_packet);
+  }
+  else if (!send_packet(&packet)) 
+  {
+    DEBUG(0,("reply_netbios_packet: send_packet to IP %s port %d failed\n",
+                 inet_ntoa(packet.ip),packet.port));
+  }
+}
+
+/*******************************************************************
+  Queue a packet into a packet queue
+******************************************************************/
+static void queue_packet(struct packet_struct *packet)
+{
+  struct packet_struct *p;
+
+  if (!packet_queue) 
+  {
+    packet->prev = NULL;
+    packet->next = NULL;
+    packet_queue = packet;
+    return;
+  }
+  
+  /* find the bottom */
+  for (p=packet_queue;p->next;p=p->next) 
+    ;
+
+  p->next = packet;
+  packet->next = NULL;
+  packet->prev = p;
+}
+
+/****************************************************************************
+ Try and find a matching subnet record for a datagram port 138 packet.
+****************************************************************************/
+
+static struct subnet_record *find_subnet_for_dgram_browse_packet(struct packet_struct *p)
+{
+  struct subnet_record *subrec;
+
+  /* Go through all the broadcast subnets and see if the mask matches. */
+  for (subrec = FIRST_SUBNET; subrec ; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec))
+  {
+    if(same_net(p->ip, subrec->bcast_ip, subrec->mask_ip))
+      return subrec;
+  }
+
+  /* If the subnet record is the remote announce broadcast subnet,
+     hack it here to be the first subnet. This is really gross and
+     is needed due to people turning on port 137/138 broadcast
+     forwarding on their routers. May fire and brimstone rain
+     down upon them...
+   */
+
+  return FIRST_SUBNET;
+}
+
+/****************************************************************************
+Dispatch a browse frame from port 138 to the correct processing function.
+****************************************************************************/
+static void process_browse_packet(struct packet_struct *p, char *buf,int len)
+{
+  struct dgram_packet *dgram = &p->packet.dgram;
+  int command = CVAL(buf,0);
+  struct subnet_record *subrec = find_subnet_for_dgram_browse_packet(p);
+  extern pstring global_scope;
+
+  /* Drop the packet if it's a different NetBIOS scope, or
+     the source is from one of our names. */
+
+  if (!strequal(dgram->dest_name.scope, global_scope))
+  {
+    DEBUG(7,("process_browse_packet: Discarding datagram from IP %s. Scope (%s) \
+mismatch with our scope (%s).\n", inet_ntoa(p->ip), dgram->dest_name.scope, global_scope));
+    return;
+  }
+
+  if (is_myname(dgram->source_name.name))
+  {
+    DEBUG(0,("process_browse_packet: Discarding datagram from IP %s. Source name \
+%s is one of our names !\n", inet_ntoa(p->ip), nmb_namestr(&dgram->source_name)));
+    return;
+  }
+
+  switch (command)
+  {
+    case ANN_HostAnnouncement:
+    {
+      debug_browse_data(buf, len);
+      process_host_announce(subrec, p, buf+1);
+      break;
+    }
+    case ANN_DomainAnnouncement:
+    {
+      debug_browse_data(buf, len);
+      process_workgroup_announce(subrec, p, buf+1);
+      break;
+    }
+    case ANN_LocalMasterAnnouncement:
+    {
+      debug_browse_data(buf, len);
+      process_local_master_announce(subrec, p, buf+1);
+      break;
+    }
+    case ANN_AnnouncementRequest:
+    {
+      debug_browse_data(buf, len);
+      process_announce_request(subrec, p, buf+1);
+      break;
+    }
+    case ANN_Election:
+    {
+      debug_browse_data(buf, len);
+      process_election(subrec, p, buf+1);
+      break;
+    }
+    case ANN_GetBackupListReq:
+    {
+      debug_browse_data(buf, len);
+      process_get_backup_list_request(subrec, p, buf+1);
+      break;
+    }
+    case ANN_GetBackupListResp:
+    {
+      debug_browse_data(buf, len);
+      /* We never send ANN_GetBackupListReq so we
+         should never get these. */
+      DEBUG(0,("process_browse_packet: Discarding GetBackupListResponse \
+packet from %s IP %s\n", nmb_namestr(&dgram->source_name), inet_ntoa(p->ip)));
+      break;
+    }
+    case ANN_ResetBrowserState:
+    {
+      debug_browse_data(buf, len);
+      process_reset_browser(subrec, p, buf+1);
+      break;
+    }
+    case ANN_MasterAnnouncement:
+    {
+      /* Master browser datagrams must be processed
+         on the unicast subnet. */
+      subrec = unicast_subnet;
+
+      debug_browse_data(buf, len);
+      process_master_browser_announce(subrec, p, buf+1);
+      break;
+    }
+    case ANN_BecomeBackup:
+    {
+      /* 
+       * We don't currently implement this. Log it just in case.
+       */
+      debug_browse_data(buf, len);
+      DEBUG(10,("process_browse_packet: On subnet %s ignoring browse packet \
+command ANN_BecomeBackup from %s IP %s to %s\n",
+            subrec->subnet_name, nmb_namestr(&dgram->source_name),
+            inet_ntoa(p->ip), nmb_namestr(&dgram->dest_name)));
+      break;
+    }
+    default:
+    {
+      debug_browse_data(buf, len);
+      DEBUG(0,("process_browse_packet: On subnet %s ignoring browse packet \
+command code %d from %s IP %s to %s\n", 
+            subrec->subnet_name, command, nmb_namestr(&dgram->source_name),
+            inet_ntoa(p->ip), nmb_namestr(&dgram->dest_name)));
+    }
+  } 
+}
+
+/****************************************************************************
+ Dispatch a LanMan browse frame from port 138 to the correct processing function.
+****************************************************************************/
+static void process_lanman_packet(struct packet_struct *p, char *buf,int len)
+{
+  struct dgram_packet *dgram = &p->packet.dgram;
+  int command = SVAL(buf,0);
+  struct subnet_record *subrec = find_subnet_for_dgram_browse_packet(p);
+  extern pstring global_scope;
+
+  /* Drop the packet if it's a different NetBIOS scope, or
+     the source is from one of our names. */
+
+  if (!strequal(dgram->dest_name.scope, global_scope))
+  {
+    DEBUG(7,("process_lanman_packet: Discarding datagram from IP %s. Scope (%s) \
+mismatch with our scope (%s).\n", inet_ntoa(p->ip), dgram->dest_name.scope, global_scope));
+    return;
+  }
+
+  if (is_myname(dgram->source_name.name))
+  {
+    DEBUG(0,("process_lanman_packet: Discarding datagram from IP %s. Source name \
+%s is one of our names !\n", inet_ntoa(p->ip), nmb_namestr(&dgram->source_name)));
+    return;
+  }
+
+  switch (command)
+  {
+    case ANN_HostAnnouncement:
+    {
+      debug_browse_data(buf, len);
+      process_lm_host_announce(subrec, p, buf+1);
+      break;
+    }
+    case ANN_AnnouncementRequest:
+    {
+      process_lm_announce_request(subrec, p, buf+1);
+      break;
+    }
+    default:
+    {
+      DEBUG(0,("process_lanman_packet: On subnet %s ignoring browse packet \
+command code %d from %s IP %s to %s\n",
+            subrec->subnet_name, command, nmb_namestr(&dgram->source_name),
+            inet_ntoa(p->ip), nmb_namestr(&dgram->dest_name)));
+    }
+  }
+}
+
+/****************************************************************************
+  Determine if a packet is for us on port 138. Note that to have any chance of
+  being efficient we need to drop as many packets as possible at this
+  stage as subsequent processing is expensive. 
+****************************************************************************/
+
+static BOOL listening(struct packet_struct *p,struct nmb_name *nbname)
+{
+  struct subnet_record *subrec = NULL;
+
+  for (subrec = FIRST_SUBNET; subrec ; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec))
+  {
+    if(same_net(p->ip, subrec->bcast_ip, subrec->mask_ip))
+      break;
+  }
+
+  if(subrec == NULL)
+    subrec = unicast_subnet;
+
+  return (find_name_on_subnet(subrec, nbname, FIND_SELF_NAME) != NULL);
+}
+
+/****************************************************************************
+  Process udp 138 datagrams
+****************************************************************************/
+static void process_dgram(struct packet_struct *p)
+{
+  char *buf;
+  char *buf2;
+  int len;
+  struct dgram_packet *dgram = &p->packet.dgram;
+
+  /* If we aren't listening to the destination name then ignore the packet */
+  if (!listening(p,&dgram->dest_name))
+  {
+	  unexpected_packet(p);
+	  DEBUG(5,("process_dgram: ignoring dgram packet sent to name %s from %s\n",
+		   nmb_namestr(&dgram->dest_name), inet_ntoa(p->ip)));
+	  return;
+  }
+
+  if (dgram->header.msg_type != 0x10 &&
+      dgram->header.msg_type != 0x11 &&
+      dgram->header.msg_type != 0x12) 
+  {
+	  unexpected_packet(p);
+	  /* Don't process error packets etc yet */
+	  DEBUG(5,("process_dgram: ignoring dgram packet sent to name %s from IP %s as it is \
+an error packet of type %x\n",
+		   nmb_namestr(&dgram->dest_name), inet_ntoa(p->ip), dgram->header.msg_type));
+	  return;
+  }
+
+  buf = &dgram->data[0];
+  buf -= 4; /* XXXX for the pseudo tcp length - 
+	       someday I need to get rid of this */
+
+  if (CVAL(buf,smb_com) != SMBtrans)
+    return;
+
+  len = SVAL(buf,smb_vwv11);
+  buf2 = smb_base(buf) + SVAL(buf,smb_vwv12);
+
+  if (len <= 0)
+    return;
+
+  if (buf2 + len > buf + sizeof(dgram->data)) {
+    DEBUG(2,("process_dgram: datagram from %s to %s IP %s for %s len=%d too long.\n",
+		nmb_namestr(&dgram->source_name),nmb_namestr(&dgram->dest_name),
+		inet_ntoa(p->ip), smb_buf(buf),len));
+	len = (buf + sizeof(dgram->data)) - buf;
+  }
+
+  DEBUG(4,("process_dgram: datagram from %s to %s IP %s for %s of type %d len=%d\n",
+	   nmb_namestr(&dgram->source_name),nmb_namestr(&dgram->dest_name),
+	   inet_ntoa(p->ip), smb_buf(buf),CVAL(buf2,0),len));
+
+ 
+  /* Datagram packet received for the browser mailslot */
+  if (strequal(smb_buf(buf),BROWSE_MAILSLOT))
+  {
+    process_browse_packet(p,buf2,len);
+    return;
+  }
+
+  /* Datagram packet received for the LAN Manager mailslot */
+  if (strequal(smb_buf(buf),LANMAN_MAILSLOT)) {
+    process_lanman_packet(p,buf2,len);
+    return;
+  }
+
+  /* Datagram packet received for the domain logon mailslot */
+  if (strequal(smb_buf(buf),NET_LOGON_MAILSLOT))
+  {
+    process_logon_packet(p,buf2,len,NET_LOGON_MAILSLOT);
+    return;
+  }
+
+  /* Datagram packet received for the NT domain logon mailslot */
+  if (strequal(smb_buf(buf),NT_LOGON_MAILSLOT))
+  {
+    process_logon_packet(p,buf2,len,NT_LOGON_MAILSLOT);
+    return;
+  }
+
+  unexpected_packet(p);
+}
+
+/****************************************************************************
+  Validate a response nmb packet.
+****************************************************************************/
+
+static BOOL validate_nmb_response_packet( struct nmb_packet *nmb )
+{
+  BOOL ignore = False;
+
+  switch (nmb->header.opcode) 
+  {
+    case NMB_NAME_REG_OPCODE:
+    case NMB_NAME_REFRESH_OPCODE_8: /* ambiguity in rfc1002 about which is correct. */
+    case NMB_NAME_REFRESH_OPCODE_9: /* WinNT uses 8 by default. */
+      if (nmb->header.ancount == 0)
+      {
+        DEBUG(0,("validate_nmb_response_packet: Bad REG/REFRESH Packet. "));
+        ignore = True;
+      }
+      break;
+
+    case NMB_NAME_QUERY_OPCODE:
+      if ((nmb->header.ancount != 0) && (nmb->header.ancount != 1))
+      {
+        DEBUG(0,("validate_nmb_response_packet: Bad QUERY Packet. "));
+        ignore = True;
+      }
+      break;
+    case NMB_NAME_RELEASE_OPCODE:
+      if (nmb->header.ancount == 0)
+      {
+        DEBUG(0,("validate_nmb_response_packet: Bad RELEASE Packet. "));
+        ignore = True;
+      }
+      break;
+    case NMB_WACK_OPCODE:
+      /* Check WACK response here. */
+      if (nmb->header.ancount != 1)
+      {
+        DEBUG(0,("validate_nmb_response_packet: Bad WACK Packet. "));
+        ignore = True;
+      }
+      break;
+    default:
+      DEBUG(0,("validate_nmb_response_packet: Ignoring packet with unknown opcode %d.\n",
+        nmb->header.opcode));
+      return True;
+  }
+
+  if(ignore)
+    DEBUG(0,("Ignoring response packet with opcode %d.\n", nmb->header.opcode));
+
+  return ignore;
+}
+ 
+/****************************************************************************
+  Validate a request nmb packet.
+****************************************************************************/
+
+static BOOL validate_nmb_packet( struct nmb_packet *nmb )
+{
+  BOOL ignore = False;
+
+  switch (nmb->header.opcode) 
+  {
+    case NMB_NAME_REG_OPCODE:
+    case NMB_NAME_REFRESH_OPCODE_8: /* ambiguity in rfc1002 about which is correct. */
+    case NMB_NAME_REFRESH_OPCODE_9: /* WinNT uses 8 by default. */
+    case NMB_NAME_MULTIHOMED_REG_OPCODE:
+      if (nmb->header.qdcount==0 || nmb->header.arcount==0)
+      {
+        DEBUG(0,("validate_nmb_packet: Bad REG/REFRESH Packet. "));
+        ignore = True;
+      }
+      break;
+
+    case NMB_NAME_QUERY_OPCODE:
+      if ((nmb->header.qdcount == 0) || 
+         ((nmb->question.question_type != QUESTION_TYPE_NB_QUERY) &&
+         (nmb->question.question_type != QUESTION_TYPE_NB_STATUS)))
+      {
+        DEBUG(0,("validate_nmb_packet: Bad QUERY Packet. "));
+        ignore = True;
+      }
+      break;
+
+    case NMB_NAME_RELEASE_OPCODE:
+      if (nmb->header.qdcount==0 || nmb->header.arcount==0)
+      {
+        DEBUG(0,("validate_nmb_packet: Bad RELEASE Packet. "));
+        ignore = True;
+      }
+      break;
+    default:
+      DEBUG(0,("validate_nmb_packet: Ignoring packet with unknown opcode %d.\n",
+        nmb->header.opcode));
+      return True;
+  }
+
+  if(ignore)
+    DEBUG(0,("validate_nmb_packet: Ignoring request packet with opcode %d.\n", nmb->header.opcode));
+
+  return ignore;
+}
+
+/****************************************************************************
+  Find a subnet (and potentially a response record) for a packet.
+****************************************************************************/
+
+static struct subnet_record *find_subnet_for_nmb_packet( struct packet_struct *p,
+                                                         struct response_record **pprrec)
+{
+  struct nmb_packet *nmb = &p->packet.nmb;
+  struct response_record *rrec = NULL;
+  struct subnet_record *subrec = NULL;
+
+  if(pprrec != NULL)
+    *pprrec = NULL;
+
+  if(nmb->header.response)
+  {
+    /* It's a response packet. Find a record for it or it's an error. */
+
+    rrec = find_response_record( &subrec, nmb->header.name_trn_id);
+    if(rrec == NULL)
+    {
+      DEBUG(3,("find_subnet_for_nmb_packet: response record not found for response id %hu\n",
+               nmb->header.name_trn_id));
+      unexpected_packet(p);
+      return NULL;
+    }
+
+    if(subrec == NULL)
+    {
+      DEBUG(0,("find_subnet_for_nmb_packet: subnet record not found for response id %hu\n",
+               nmb->header.name_trn_id));
+      return NULL;
+    }
+
+    if(pprrec != NULL)
+      *pprrec = rrec;
+    return subrec;
+  }
+
+  /* Try and see what subnet this packet belongs to. */
+
+  /* WINS server ? */
+  if(packet_is_for_wins_server(p))
+    return wins_server_subnet;
+
+  /* If it wasn't a broadcast packet then send to the UNICAST subnet. */
+  if(nmb->header.nm_flags.bcast == False)
+    return unicast_subnet;
+
+  /* Go through all the broadcast subnets and see if the mask matches. */
+  for (subrec = FIRST_SUBNET; subrec ; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec))
+  {
+    if(same_net(p->ip, subrec->bcast_ip, subrec->mask_ip))
+      return subrec;
+  }
+
+  /* If none match it must have been a directed broadcast - assign
+     the remote_broadcast_subnet. */
+  return remote_broadcast_subnet;
+}
+
+/****************************************************************************
+  Process a nmb request packet - validate the packet and route it.
+****************************************************************************/
+
+static void process_nmb_request(struct packet_struct *p)
+{
+  struct nmb_packet *nmb = &p->packet.nmb;
+  struct subnet_record *subrec = NULL;
+
+  debug_nmb_packet(p);
+
+  /* Ensure we have a good packet. */
+  if(validate_nmb_packet(nmb))
+    return;
+
+  /* Allocate a subnet to this packet - if we cannot - fail. */
+  if((subrec = find_subnet_for_nmb_packet(p, NULL))==NULL)
+    return;
+
+  switch (nmb->header.opcode) 
+  {
+    case NMB_NAME_REG_OPCODE:
+      if(subrec == wins_server_subnet)
+        wins_process_name_registration_request(subrec, p);
+      else
+        process_name_registration_request(subrec, p);
+      break;
+
+    case NMB_NAME_REFRESH_OPCODE_8: /* ambiguity in rfc1002 about which is correct. */
+    case NMB_NAME_REFRESH_OPCODE_9:
+      if(subrec == wins_server_subnet)
+        wins_process_name_refresh_request(subrec, p);
+      else
+        process_name_refresh_request(subrec, p);
+      break;
+
+    case NMB_NAME_MULTIHOMED_REG_OPCODE:
+      if(subrec == wins_server_subnet)
+        wins_process_multihomed_name_registration_request(subrec, p);
+      else
+      {
+        DEBUG(0,("process_nmb_request: Multihomed registration request must be \
+directed at a WINS server.\n"));
+      }
+      break;
+
+    case NMB_NAME_QUERY_OPCODE:
+      switch (nmb->question.question_type)
+      {
+        case QUESTION_TYPE_NB_QUERY:
+        {
+          if(subrec == wins_server_subnet)
+            wins_process_name_query_request(subrec, p);
+          else
+            process_name_query_request(subrec, p);
+          break;
+        }
+        case QUESTION_TYPE_NB_STATUS:
+        {
+          if(subrec == wins_server_subnet)
+          {
+            DEBUG(0,("process_nmb_request: NB_STATUS request directed at WINS server is \
+not allowed.\n"));
+            break;
+          }
+          else
+            process_node_status_request(subrec, p);
+          break;
+        }
+      }
+      break;
+      
+    case NMB_NAME_RELEASE_OPCODE:
+      if(subrec == wins_server_subnet)
+        wins_process_name_release_request(subrec, p);
+      else
+        process_name_release_request(subrec, p);
+      break;
+  }
+}
+
+/****************************************************************************
+  Process a nmb response packet - validate the packet and route it.
+  to either the WINS server or a normal response.
+****************************************************************************/
+
+static void process_nmb_response(struct packet_struct *p)
+{
+  struct nmb_packet *nmb = &p->packet.nmb;
+  struct subnet_record *subrec = NULL;
+  struct response_record *rrec = NULL;
+
+  debug_nmb_packet(p);
+
+  if(validate_nmb_response_packet(nmb))
+    return;
+
+  if((subrec = find_subnet_for_nmb_packet(p, &rrec))==NULL)
+    return;
+
+  if(rrec == NULL)
+  {
+    DEBUG(0,("process_nmb_response: response packet received but no response record \
+found for id = %hu. Ignoring packet.\n", nmb->header.name_trn_id));
+    return;
+  }
+
+  /* Increment the number of responses received for this record. */
+  rrec->num_msgs++;
+  /* Ensure we don't re-send the request. */
+  rrec->repeat_count = 0;
+  
+  /* Call the response received function for this packet. */
+  (*rrec->resp_fn)(subrec, rrec, p);
+}
+
+
+/*******************************************************************
+  Run elements off the packet queue till its empty
+******************************************************************/
+
+void run_packet_queue(void)
+{
+  struct packet_struct *p;
+
+  while ((p = packet_queue))
+  {
+    packet_queue = p->next;
+    if (packet_queue)
+      packet_queue->prev = NULL;
+    p->next = p->prev = NULL;
+
+    switch (p->packet_type)
+    {
+      case NMB_PACKET:
+        if(p->packet.nmb.header.response)
+          process_nmb_response(p);
+        else
+          process_nmb_request(p);
+        break;
+
+      case DGRAM_PACKET:
+        process_dgram(p);
+        break;
+    }
+    free_packet(p);
+  }
+} 
+
+/*******************************************************************
+ Retransmit or timeout elements from all the outgoing subnet response
+ record queues. NOTE that this code must also check the WINS server
+ subnet for response records to timeout as the WINS server code
+ can send requests to check if a client still owns a name.
+ (Patch from Andrey Alekseyev <fetch@muffin.arcadia.spb.ru>).
+******************************************************************/
+
+void retransmit_or_expire_response_records(time_t t)
+{
+  struct subnet_record *subrec;
+
+  for (subrec = FIRST_SUBNET; subrec; 
+               subrec = get_next_subnet_maybe_unicast_or_wins_server(subrec))
+  {
+    struct response_record *rrec, *nextrrec;
+
+    for (rrec = subrec->responselist; rrec; rrec = nextrrec)
+    {
+      nextrrec = rrec->next;
+   
+      if (rrec->repeat_time <= t) 
+      {
+        if (rrec->repeat_count > 0)
+        {
+          /* Resend while we have a non-zero repeat_count. */
+          if(!send_packet(rrec->packet))
+          {
+            DEBUG(0,("retransmit_or_expire_response_records: Failed to resend packet id %hu \
+to IP %s on subnet %s\n", rrec->response_id, inet_ntoa(rrec->packet->ip), 
+                          subrec->subnet_name));
+          }
+          rrec->repeat_time += rrec->repeat_interval;
+          rrec->repeat_count--;
+        }
+        else
+        {
+          DEBUG(4,("retransmit_or_expire_response_records: timeout for packet id %hu to IP %s \
+on subnet %s\n", rrec->response_id, inet_ntoa(rrec->packet->ip), 
+                 subrec->subnet_name));
+
+          /*
+           * Check the flag in this record to prevent recursion if we end
+           * up in this function again via the timeout function call.
+           */
+
+          if(!rrec->in_expiration_processing)
+          {
+
+            /*
+             * Set the recursion protection flag in this record.
+             */
+
+            rrec->in_expiration_processing = True;
+
+            /* Call the timeout function. This will deal with removing the
+               timed out packet. */
+            if(rrec->timeout_fn)
+              (*rrec->timeout_fn)(subrec, rrec);
+            else
+            {
+              /* We must remove the record ourself if there is
+                 no timeout function. */
+              remove_response_record(subrec, rrec);
+            }
+          } /* !rrec->in_expitation_processing */
+        } /* rrec->repeat_count > 0 */
+      } /* rrec->repeat_time <= t */
+    } /* end for rrec */
+  } /* end for subnet */
+}
+
+/****************************************************************************
+  Create an fd_set containing all the sockets in the subnet structures,
+  plus the broadcast sockets.
+***************************************************************************/
+
+static BOOL create_listen_fdset(fd_set **ppset, int **psock_array, int *listen_number)
+{
+  int *sock_array = NULL;
+  struct subnet_record *subrec = NULL;
+  int count = 0;
+  int num = 0;
+  fd_set *pset = (fd_set *)malloc(sizeof(fd_set));
+
+  if(pset == NULL)
+  {
+    DEBUG(0,("create_listen_fdset: malloc fail !\n"));
+    return True;
+  }
+
+  /* Check that we can add all the fd's we need. */
+  for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec))
+    count++;
+
+  if((count*2) + 2 > FD_SETSIZE)
+  {
+    DEBUG(0,("create_listen_fdset: Too many file descriptors needed (%d). We can \
+only use %d.\n", (count*2) + 2, FD_SETSIZE));
+    return True;
+  }
+
+  if((sock_array = (int *)malloc(((count*2) + 2)*sizeof(int))) == NULL)
+  {
+    DEBUG(0,("create_listen_fdset: malloc fail for socket array.\n"));
+    return True;
+  }
+
+  FD_ZERO(pset);
+
+  /* Add in the broadcast socket on 137. */
+  FD_SET(ClientNMB,pset);
+  sock_array[num++] = ClientNMB;
+
+  /* Add in the 137 sockets on all the interfaces. */
+  for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec))
+  {
+    FD_SET(subrec->nmb_sock,pset);
+    sock_array[num++] = subrec->nmb_sock;
+  }
+
+  /* Add in the broadcast socket on 138. */
+  FD_SET(ClientDGRAM,pset);
+  sock_array[num++] = ClientDGRAM;
+
+  /* Add in the 138 sockets on all the interfaces. */
+  for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec))
+  {
+    FD_SET(subrec->dgram_sock,pset);
+    sock_array[num++] = subrec->dgram_sock;
+  }
+
+  *listen_number = (count*2) + 2;
+
+  SAFE_FREE(*ppset);
+  SAFE_FREE(*psock_array);
+
+  *ppset = pset;
+  *psock_array = sock_array;
+ 
+  return False;
+}
+
+/****************************************************************************
+  Listens for NMB or DGRAM packets, and queues them.
+  return True if the socket is dead
+***************************************************************************/
+
+BOOL listen_for_packets(BOOL run_election)
+{
+  static fd_set *listen_set = NULL;
+  static int listen_number = 0;
+  static int *sock_array = NULL;
+  int i;
+
+  fd_set fds;
+  int selrtn;
+  struct timeval timeout;
+#ifndef SYNC_DNS
+  int dns_fd;
+#endif
+
+  if(listen_set == NULL || rescan_listen_set)
+  {
+    if(create_listen_fdset(&listen_set, &sock_array, &listen_number))
+    {
+      DEBUG(0,("listen_for_packets: Fatal error. unable to create listen set. Exiting.\n"));
+      return True;
+    }
+    rescan_listen_set = False;
+  }
+
+  memcpy((char *)&fds, (char *)listen_set, sizeof(fd_set));
+
+#ifndef SYNC_DNS
+  dns_fd = asyncdns_fd();
+  if (dns_fd != -1) {
+	  FD_SET(dns_fd, &fds);
+  }
+#endif
+
+
+  /* 
+   * During elections and when expecting a netbios response packet we
+   * need to send election packets at tighter intervals.
+   * Ideally it needs to be the interval (in ms) between time now and
+   * the time we are expecting the next netbios packet.
+   */
+
+  timeout.tv_sec = (run_election||num_response_packets) ? 1 : NMBD_SELECT_LOOP;
+  timeout.tv_usec = 0;
+
+  /* Prepare for the select - allow certain signals. */
+
+  BlockSignals(False, SIGTERM);
+
+  selrtn = sys_select(FD_SETSIZE,&fds,NULL,NULL,&timeout);
+
+  /* We can only take signals when we are in the select - block them again here. */
+
+  BlockSignals(True, SIGTERM);
+
+  if(selrtn == -1) {
+	  return False;
+  }
+
+#ifndef SYNC_DNS
+  if (dns_fd != -1 && FD_ISSET(dns_fd,&fds)) {
+	  run_dns_queue();
+  }
+#endif
+
+  for(i = 0; i < listen_number; i++) {
+	  if (i < (listen_number/2)) {
+		  /* Processing a 137 socket. */
+		  if (FD_ISSET(sock_array[i],&fds)) {
+			  struct packet_struct *packet = read_packet(sock_array[i], NMB_PACKET);
+			  if (packet) {
+				  /*
+				   * If we got a packet on the broadcast socket and interfaces
+				   * only is set then check it came from one of our local nets. 
+				   */
+				  if(lp_bind_interfaces_only() && (sock_array[i] == ClientNMB) && 
+				     (!is_local_net(packet->ip))) {
+					  DEBUG(7,("discarding nmb packet sent to broadcast socket from %s:%d\n",
+						   inet_ntoa(packet->ip),packet->port));	  
+					  free_packet(packet);
+				  } else if ((ip_equal(loopback_ip, packet->ip) || 
+					      ismyip(packet->ip)) && packet->port == global_nmb_port) {
+					  DEBUG(7,("discarding own packet from %s:%d\n",
+						   inet_ntoa(packet->ip),packet->port));	  
+					  free_packet(packet);
+				  } else {
+					  /* Save the file descriptor this packet came in on. */
+					  packet->fd = sock_array[i];
+					  queue_packet(packet);
+				  }
+			  }
+		  }
+	  } else {
+		  /* Processing a 138 socket. */
+		  if (FD_ISSET(sock_array[i],&fds)) {
+			  struct packet_struct *packet = read_packet(sock_array[i], DGRAM_PACKET);
+			  if (packet) {
+				  /*
+				   * If we got a packet on the broadcast socket and interfaces
+				   * only is set then check it came from one of our local nets. 
+				   */
+				  if(lp_bind_interfaces_only() && (sock_array[i] == ClientDGRAM) && 
+				     (!is_local_net(packet->ip))) {
+					  DEBUG(7,("discarding dgram packet sent to broadcast socket from %s:%d\n",
+						   inet_ntoa(packet->ip),packet->port));	  
+					  free_packet(packet);
+				  } else if ((ip_equal(loopback_ip, packet->ip) || 
+					      ismyip(packet->ip)) && packet->port == DGRAM_PORT) {
+					  DEBUG(7,("discarding own packet from %s:%d\n",
+						   inet_ntoa(packet->ip),packet->port));	  
+					  free_packet(packet);
+				  } else {
+					  /* Save the file descriptor this packet came in on. */
+					  packet->fd = sock_array[i];
+					  queue_packet(packet);
+				  }
+			  }
+		  }
+	  } /* end processing 138 socket. */
+  } /* end for */
+  return False;
+}
+
+/****************************************************************************
+  Construct and send a netbios DGRAM.
+**************************************************************************/
+BOOL send_mailslot(BOOL unique, char *mailslot,char *buf,int len,
+                   char *srcname, int src_type,
+                   char *dstname, int dest_type,
+                   struct in_addr dest_ip,struct in_addr src_ip,
+		   int dest_port)
+{
+  BOOL loopback_this_packet = False;
+  struct packet_struct p;
+  struct dgram_packet *dgram = &p.packet.dgram;
+  char *ptr,*p2;
+  char tmp[4];
+
+  memset((char *)&p,'\0',sizeof(p));
+
+  if(ismyip(dest_ip) && (dest_port == DGRAM_PORT)) /* Only if to DGRAM_PORT */
+    loopback_this_packet = True;
+
+  /* generate_name_trn_id(); */ /* Not used, so gone, RJS */
+
+  /* DIRECT GROUP or UNIQUE datagram. */
+  dgram->header.msg_type = unique ? 0x10 : 0x11; 
+  dgram->header.flags.node_type = M_NODE;
+  dgram->header.flags.first = True;
+  dgram->header.flags.more = False;
+  dgram->header.dgm_id = generate_name_trn_id();
+  dgram->header.source_ip = src_ip;
+  dgram->header.source_port = DGRAM_PORT;
+  dgram->header.dgm_length = 0; /* Let build_dgram() handle this. */
+  dgram->header.packet_offset = 0;
+  
+  make_nmb_name(&dgram->source_name,srcname,src_type);
+  make_nmb_name(&dgram->dest_name,dstname,dest_type);
+
+  ptr = &dgram->data[0];
+
+  /* Setup the smb part. */
+  ptr -= 4; /* XXX Ugliness because of handling of tcp SMB length. */
+  memcpy(tmp,ptr,4);
+  set_message(ptr,17,17 + len,True);
+  memcpy(ptr,tmp,4);
+
+  SCVAL(ptr,smb_com,SMBtrans);
+  SSVAL(ptr,smb_vwv1,len);
+  SSVAL(ptr,smb_vwv11,len);
+  SSVAL(ptr,smb_vwv12,70 + strlen(mailslot));
+  SSVAL(ptr,smb_vwv13,3);
+  SSVAL(ptr,smb_vwv14,1);
+  SSVAL(ptr,smb_vwv15,1);
+  SSVAL(ptr,smb_vwv16,2);
+  p2 = smb_buf(ptr);
+  pstrcpy(p2,mailslot);
+  p2 = skip_string(p2,1);
+
+  memcpy(p2,buf,len);
+  p2 += len;
+
+  dgram->datasize = PTR_DIFF(p2,ptr+4); /* +4 for tcp length. */
+
+  p.ip = dest_ip;
+  p.port = dest_port;
+  p.fd = find_subnet_mailslot_fd_for_address( src_ip );
+  p.timestamp = time(NULL);
+  p.packet_type = DGRAM_PACKET;
+
+  DEBUG(4,("send_mailslot: Sending to mailslot %s from %s IP %s ", mailslot,
+                    nmb_namestr(&dgram->source_name), inet_ntoa(src_ip)));
+  DEBUG(4,("to %s IP %s\n", nmb_namestr(&dgram->dest_name), inet_ntoa(dest_ip)));
+
+  debug_browse_data(buf, len);
+
+  if(loopback_this_packet)
+  {
+    struct packet_struct *lo_packet = NULL;
+    DEBUG(5,("send_mailslot: sending packet to ourselves.\n"));
+    if((lo_packet = copy_packet(&p)) == NULL)
+      return False;
+    queue_packet(lo_packet);
+    return True;
+  }
+  else
+    return(send_packet(&p));
+}
diff --git a/source3/nmbd/nmbd_processlogon.c b/source3/nmbd/nmbd_processlogon.c
new file mode 100644
index 0000000000..23e4f935ca
--- /dev/null
+++ b/source3/nmbd/nmbd_processlogon.c
@@ -0,0 +1,389 @@
+/* 
+   Unix SMB/CIFS implementation.
+   NBT netbios routines and daemon - version 2
+   Copyright (C) Andrew Tridgell 1994-1998
+   Copyright (C) Luke Kenneth Casson Leighton 1994-1998
+   Copyright (C) Jeremy Allison 1994-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   
+   Revision History:
+
+*/
+
+#include "includes.h"
+
+extern pstring global_myname;
+extern fstring global_myworkgroup;
+
+struct sam_database_info {
+        uint32 index;
+        uint32 serial_lo, serial_hi;
+        uint32 date_lo, date_hi;
+};
+
+/****************************************************************************
+Send a message to smbd to do a sam delta sync
+**************************************************************************/
+static void send_repl_message(uint32 low_serial)
+{
+        TDB_CONTEXT *tdb;
+
+        tdb = tdb_open_log(lock_path("connections.tdb"), 0,
+                           TDB_DEFAULT, O_RDONLY, 0);
+
+        if (!tdb) {
+                DEBUG(3, ("send_repl_message(): failed to open connections "
+                          "database\n"));
+                return;
+        }
+
+        DEBUG(3, ("sending replication message, serial = 0x%04x\n", 
+                  low_serial));
+        
+        message_send_all(tdb, MSG_SMB_SAM_REPL, &low_serial,
+                         sizeof(low_serial), False, NULL);
+
+        tdb_close(tdb);
+}
+
+/****************************************************************************
+Process a domain logon packet
+**************************************************************************/
+
+void process_logon_packet(struct packet_struct *p,char *buf,int len, 
+                          char *mailslot)
+{
+  struct dgram_packet *dgram = &p->packet.dgram;
+  pstring my_name;
+  fstring reply_name;
+  pstring outbuf;
+  int code;
+  uint16 token = 0;
+  uint32 ntversion = 0;
+  uint16 lmnttoken = 0;
+  uint16 lm20token = 0;
+  uint32 domainsidsize;
+  BOOL short_request = False;
+  char *getdc;
+  char *uniuser; /* Unicode user name. */
+  pstring ascuser;
+  char *unicomp; /* Unicode computer name. */
+
+  memset(outbuf, 0, sizeof(outbuf));
+
+  if (!lp_domain_logons())
+  {
+    DEBUG(3,("process_logon_packet: Logon packet received from IP %s and domain \
+logons are not enabled.\n", inet_ntoa(p->ip) ));
+    return;
+  }
+
+  pstrcpy(my_name, global_myname);
+  strupper(my_name);
+
+  code = SVAL(buf,0);
+  DEBUG(1,("process_logon_packet: Logon from %s: code = 0x%x\n", inet_ntoa(p->ip), code));
+
+  switch (code)
+  {
+    case 0:    
+    {
+      char *q = buf + 2;
+      char *machine = q;
+      char *user = skip_string(machine,1);
+
+      getdc = skip_string(user,1);
+      q = skip_string(getdc,1);
+      token = SVAL(q,3);
+
+      fstrcpy(reply_name,my_name); 
+
+      DEBUG(3,("process_logon_packet: Domain login request from %s at IP %s user=%s token=%x\n",
+             machine,inet_ntoa(p->ip),user,token));
+
+      q = outbuf;
+      SSVAL(q, 0, 6);
+      q += 2;
+
+      fstrcpy(reply_name, "\\\\");
+      fstrcat(reply_name, my_name);
+      fstrcpy(q, reply_name); q = skip_string(q, 1); /* PDC name */
+
+      SSVAL(q, 0, token);
+      q += 2;
+
+      dump_data(4, outbuf, PTR_DIFF(q, outbuf));
+
+      send_mailslot(True, getdc, 
+                    outbuf,PTR_DIFF(q,outbuf),
+		    global_myname, 0x0,
+					machine,
+                    dgram->source_name.name_type,
+                    p->ip, *iface_ip(p->ip), p->port);  
+      break;
+    }
+
+    case QUERYFORPDC:
+    {
+      char *q = buf + 2;
+      char *machine = q;
+
+      if (!lp_domain_master())
+      {  
+         /* We're not Primary Domain Controller -- ignore this */
+         return;
+      }
+
+      getdc = skip_string(machine,1);
+      q = skip_string(getdc,1);
+      q = ALIGN2(q, buf);
+
+      /* at this point we can work out if this is a W9X or NT style
+         request. Experiments show that the difference is wether the
+         packet ends here. For a W9X request we now end with a pair of
+         bytes (usually 0xFE 0xFF) whereas with NT we have two further
+         strings - the following is a simple way of detecting this */
+      if (len - PTR_DIFF(q, buf) <= 3) {
+	      short_request = True;
+      } else {
+	      unicomp = q;
+
+	      /* A full length (NT style) request */
+	      q = skip_unibuf(unicomp, PTR_DIFF(buf + len, unicomp));
+
+	      if (len - PTR_DIFF(q, buf) > 8) {
+					/* with NT5 clients we can sometimes
+					   get additional data - a length specificed string
+					   containing the domain name, then 16 bytes of
+					   data (no idea what it is) */
+					int dom_len = CVAL(q, 0);
+					q++;
+					if (dom_len != 0) {
+						q += dom_len + 1;
+					}
+					q += 16;
+	      }
+	      ntversion = IVAL(q, 0);
+	      lmnttoken = SVAL(q, 4);
+	      lm20token = SVAL(q, 6);
+      }
+
+      /* Construct reply. */
+      q = outbuf;
+      SSVAL(q, 0, QUERYFORPDC_R);
+      q += 2;
+
+      fstrcpy(reply_name,my_name);
+      fstrcpy(q, reply_name);
+      q = skip_string(q, 1); /* PDC name */
+
+      /* PDC and domain name */
+      if (!short_request)  /* Make a full reply */
+      {
+        q = ALIGN2(q, outbuf);
+
+        q += dos_PutUniCode(q, my_name, sizeof(pstring), True); /* PDC name */
+        q += dos_PutUniCode(q, global_myworkgroup,sizeof(pstring), True); /* Domain name*/
+        SIVAL(q, 0, 1); /* our nt version */
+        SSVAL(q, 4, 0xffff); /* our lmnttoken */
+        SSVAL(q, 6, 0xffff); /* our lm20token */
+        q += 8;
+      }
+
+      /* RJS, 21-Feb-2000, we send a short reply if the request was short */
+
+      DEBUG(3,("process_logon_packet: GETDC request from %s at IP %s, \
+reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n",
+            machine,inet_ntoa(p->ip), reply_name, global_myworkgroup,
+            QUERYFORPDC_R, (uint32)ntversion, (uint32)lmnttoken,
+            (uint32)lm20token ));
+
+      dump_data(4, outbuf, PTR_DIFF(q, outbuf));
+
+      send_mailslot(True, getdc,
+                  outbuf,PTR_DIFF(q,outbuf),
+		    global_myname, 0x0,
+                  dgram->source_name.name,
+                  dgram->source_name.name_type,
+                  p->ip, *iface_ip(p->ip), p->port);  
+      return;
+    }
+
+    case SAMLOGON:
+    {
+      char *q = buf + 2;
+      fstring asccomp;
+
+      q += 2;
+      unicomp = q;
+      uniuser = skip_unibuf(unicomp, PTR_DIFF(buf+len, unicomp));
+      getdc = skip_unibuf(uniuser,PTR_DIFF(buf+len, uniuser));
+      q = skip_string(getdc,1);
+      q += 4; /* Account Control Bits - indicating username type */
+      domainsidsize = IVAL(q, 0);
+      q += 4;
+
+      DEBUG(3,("process_logon_packet: SAMLOGON sidsize %d, len = %d\n", domainsidsize, len));
+
+      if (domainsidsize < (len - PTR_DIFF(q, buf)) && (domainsidsize != 0)) {
+	      q += domainsidsize;
+	      q = ALIGN4(q, buf);
+      }
+
+      DEBUG(3,("process_logon_packet: len = %d PTR_DIFF(q, buf) = %d\n", len, PTR_DIFF(q, buf) ));
+
+      if (len - PTR_DIFF(q, buf) > 8) {
+	      /* with NT5 clients we can sometimes
+		 get additional data - a length specificed string
+		 containing the domain name, then 16 bytes of
+		 data (no idea what it is) */
+	      int dom_len = CVAL(q, 0);
+	      q++;
+	      if (dom_len < (len - PTR_DIFF(q, buf)) && (dom_len != 0)) {
+		      q += dom_len + 1;
+	      }
+	      q += 16;
+      }
+
+      ntversion = IVAL(q, 0);
+      lmnttoken = SVAL(q, 4);
+      lm20token = SVAL(q, 6);
+      q += 8;
+
+      DEBUG(3,("process_logon_packet: SAMLOGON sidsize %d ntv %d\n", domainsidsize, ntversion));
+
+      /*
+       * we respond regadless of whether the machine is in our password 
+       * database. If it isn't then we let smbd send an appropriate error.
+       * Let's ignore the SID.
+       */
+      pull_ucs2_pstring(ascuser, uniuser);
+      pull_ucs2_fstring(asccomp, unicomp);
+      DEBUG(3,("process_logon_packet: SAMLOGON user %s\n", ascuser));
+
+      fstrcpy(reply_name,"\\\\"); /* Here it wants \\LOGONSERVER. */
+      fstrcpy(reply_name+2,my_name); 
+
+      DEBUG(3,("process_logon_packet: SAMLOGON request from %s(%s) for %s, returning logon svr %s domain %s code %x token=%x\n",
+	       asccomp,inet_ntoa(p->ip), ascuser, reply_name, global_myworkgroup,
+	       SAMLOGON_R ,lmnttoken));
+
+      /* Construct reply. */
+
+      q = outbuf;
+      if (SVAL(uniuser, 0) == 0) {
+	      SSVAL(q, 0, SAMLOGON_UNK_R);	/* user unknown */
+      }	else {
+	      SSVAL(q, 0, SAMLOGON_R);
+      }
+      q += 2;
+
+      q += dos_PutUniCode(q, reply_name,sizeof(pstring), True);
+      q += dos_PutUniCode(q, ascuser, sizeof(pstring), True);
+      q += dos_PutUniCode(q, global_myworkgroup,sizeof(pstring), True);
+
+      /* tell the client what version we are */
+      SIVAL(q, 0, 1); /* our ntversion */
+      SSVAL(q, 4, 0xffff); /* our lmnttoken */ 
+      SSVAL(q, 6, 0xffff); /* our lm20token */
+      q += 8;
+
+      dump_data(4, outbuf, PTR_DIFF(q, outbuf));
+
+      send_mailslot(True, getdc,
+                   outbuf,PTR_DIFF(q,outbuf),
+		    global_myname, 0x0,
+                   dgram->source_name.name,
+                   dgram->source_name.name_type,
+                   p->ip, *iface_ip(p->ip), p->port);  
+      break;
+    }
+
+    /* Announce change to UAS or SAM.  Send by the domain controller when a
+       replication event is required. */
+
+  case SAM_UAS_CHANGE: {
+          struct sam_database_info *db_info;
+          char *q = buf + 2;
+          int i, db_count;
+          uint32 low_serial;
+          
+          /* Header */
+          
+          low_serial = IVAL(q, 0); q += 4;     /* Low serial number */
+
+          q += 4;                   /* Date/time */
+          q += 4;                   /* Pulse */
+          q += 4;                   /* Random */
+          
+          /* Domain info */
+          
+          q = skip_string(q, 1);    /* PDC name */
+          q = skip_string(q, 1);    /* Domain name */
+          q = skip_unibuf(q, PTR_DIFF(buf + len, q)); /* Unicode PDC name */
+          q = skip_unibuf(q, PTR_DIFF(buf + len, q)); /* Unicode domain name */
+          
+          /* Database info */
+          
+          db_count = SVAL(q, 0); q += 2;
+          
+          db_info = (struct sam_database_info *)
+                  malloc(sizeof(struct sam_database_info) * db_count);
+
+          if (db_info == NULL) {
+                  DEBUG(3, ("out of memory allocating info for %d databases\n",
+                            db_count));
+                  return;
+          }
+          
+          for (i = 0; i < db_count; i++) {
+                  db_info[i].index = IVAL(q, 0);
+                  db_info[i].serial_lo = IVAL(q, 4);
+                  db_info[i].serial_hi = IVAL(q, 8);
+                  db_info[i].date_lo = IVAL(q, 12);
+                  db_info[i].date_hi = IVAL(q, 16);
+                  q += 20;
+          }
+
+          /* Domain SID */
+
+          q += IVAL(q, 0) + 4;  /* 4 byte length plus data */
+          
+          q += 2;               /* Alignment? */
+
+          /* Misc other info */
+
+          q += 4;               /* NT version (0x1) */
+          q += 2;               /* LMNT token (0xff) */
+          q += 2;               /* LM20 token (0xff) */
+
+          SAFE_FREE(db_info);        /* Not sure whether we need to do anything
+                                   useful with these */
+
+          /* Send message to smbd */
+
+          send_repl_message(low_serial);
+
+          break;
+  }
+
+    default:
+    {
+      DEBUG(3,("process_logon_packet: Unknown domain request %d\n",code));
+      return;
+    }
+  }
+}
diff --git a/source3/nmbd/nmbd_responserecordsdb.c b/source3/nmbd/nmbd_responserecordsdb.c
new file mode 100644
index 0000000000..a2da5ddf4a
--- /dev/null
+++ b/source3/nmbd/nmbd_responserecordsdb.c
@@ -0,0 +1,264 @@
+/* 
+   Unix SMB/CIFS implementation.
+   NBT netbios library routines
+   Copyright (C) Andrew Tridgell 1994-1998
+   Copyright (C) Luke Kenneth Casson Leighton 1994-1998
+   Copyright (C) Jeremy Allison 1994-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   
+*/
+
+#include "includes.h"
+
+extern int ClientNMB;
+
+int num_response_packets = 0;
+
+/***************************************************************************
+  Add an expected response record into the list
+  **************************************************************************/
+
+static void add_response_record(struct subnet_record *subrec,
+				struct response_record *rrec)
+{
+  struct response_record *rrec2;
+
+  num_response_packets++; /* count of total number of packets still around */
+
+  DEBUG(4,("add_response_record: adding response record id:%hu to subnet %s. num_records:%d\n",
+            rrec->response_id, subrec->subnet_name, num_response_packets));
+
+  if (!subrec->responselist)
+  {
+    subrec->responselist = rrec;
+    rrec->prev = NULL;
+    rrec->next = NULL;
+    return;
+  }
+  
+  for (rrec2 = subrec->responselist; rrec2->next; rrec2 = rrec2->next) 
+    ;
+  
+  rrec2->next = rrec;
+  rrec->next = NULL;
+  rrec->prev = rrec2;
+}
+
+/***************************************************************************
+  Remove an expected response record from the list
+  **************************************************************************/
+
+void remove_response_record(struct subnet_record *subrec,
+				struct response_record *rrec)
+{
+  if (rrec->prev)
+    rrec->prev->next = rrec->next;
+  if (rrec->next)
+    rrec->next->prev = rrec->prev;
+
+  if (subrec->responselist == rrec) 
+    subrec->responselist = rrec->next; 
+
+  if(rrec->userdata)
+  {
+	  if(rrec->userdata->free_fn) {
+		  (*rrec->userdata->free_fn)(rrec->userdata);
+	  } else {
+		  ZERO_STRUCTP(rrec->userdata);
+		  SAFE_FREE(rrec->userdata);
+	  }
+  }
+
+  /* Ensure we can delete. */
+  rrec->packet->locked = False;
+  free_packet(rrec->packet);
+
+  ZERO_STRUCTP(rrec);
+  SAFE_FREE(rrec);
+
+  num_response_packets--; /* count of total number of packets still around */
+}
+
+/****************************************************************************
+  Create a response record for an outgoing packet.
+  **************************************************************************/
+
+struct response_record *make_response_record( struct subnet_record *subrec,
+                    struct packet_struct *p,
+                    response_function resp_fn,
+                    timeout_response_function timeout_fn,
+                    success_function success_fn,
+                    fail_function fail_fn,
+                    struct userdata_struct *userdata)
+{
+  struct response_record *rrec;
+  struct nmb_packet *nmb = &p->packet.nmb;
+
+  if (!(rrec = (struct response_record *)malloc(sizeof(*rrec)))) 
+  {
+    DEBUG(0,("make_response_queue_record: malloc fail for response_record.\n"));
+    return NULL;
+  }
+
+  memset((char *)rrec, '\0', sizeof(*rrec));
+
+  rrec->response_id = nmb->header.name_trn_id;
+
+  rrec->resp_fn = resp_fn;
+  rrec->timeout_fn = timeout_fn;
+  rrec->success_fn = success_fn;
+  rrec->fail_fn = fail_fn;
+
+  rrec->packet = p;
+
+  if(userdata)
+  {
+    /* Intelligent userdata. */
+    if(userdata->copy_fn)
+    {
+      if((rrec->userdata = (*userdata->copy_fn)(userdata)) == NULL)
+      {
+        DEBUG(0,("make_response_queue_record: copy fail for userdata.\n"));
+	ZERO_STRUCTP(rrec);
+        SAFE_FREE(rrec);
+        return NULL;
+      }
+    }
+    else
+    {
+      /* Primitive userdata, do a memcpy. */
+      if((rrec->userdata = (struct userdata_struct *)
+           malloc(sizeof(struct userdata_struct)+userdata->userdata_len)) == NULL)
+      {
+        DEBUG(0,("make_response_queue_record: malloc fail for userdata.\n"));
+	ZERO_STRUCTP(rrec);
+        SAFE_FREE(rrec);
+        return NULL;
+      }
+      rrec->userdata->copy_fn = userdata->copy_fn;
+      rrec->userdata->free_fn = userdata->free_fn;
+      rrec->userdata->userdata_len = userdata->userdata_len;
+      memcpy(rrec->userdata->data, userdata->data, userdata->userdata_len);
+    }
+  }
+  else
+    rrec->userdata = NULL;
+
+  rrec->num_msgs = 0;
+
+  if(!nmb->header.nm_flags.bcast)
+    rrec->repeat_interval = 5; /* 5 seconds for unicast packets. */
+  else
+    rrec->repeat_interval = 1; /* XXXX should be in ms */
+  rrec->repeat_count = 3; /* 3 retries */
+  rrec->repeat_time = time(NULL) + rrec->repeat_interval; /* initial retry time */
+
+  /* This packet is not being processed. */
+  rrec->in_expiration_processing = False;
+
+  /* Lock the packet so we won't lose it while it's on the list. */
+  p->locked = True;
+
+  add_response_record(subrec, rrec);
+
+  return rrec;
+}
+
+/****************************************************************************
+  Find a response in a subnet's name query response list. 
+  **************************************************************************/
+
+static struct response_record *find_response_record_on_subnet(
+                                struct subnet_record *subrec, uint16 id)
+{  
+  struct response_record *rrec = NULL;
+
+  for (rrec = subrec->responselist; rrec; rrec = rrec->next)
+  {
+    if (rrec->response_id == id) 
+    {
+      DEBUG(4, ("find_response_record: found response record id = %hu on subnet %s\n",
+               id, subrec->subnet_name));
+      break;
+    }
+  }
+  return rrec;
+}
+
+/****************************************************************************
+  Find a response in any subnet's name query response list. 
+  **************************************************************************/
+
+struct response_record *find_response_record(struct subnet_record **ppsubrec,
+				uint16 id)
+{  
+  struct response_record *rrec = NULL;
+
+  for ((*ppsubrec) = FIRST_SUBNET; (*ppsubrec); 
+                  (*ppsubrec) = NEXT_SUBNET_INCLUDING_UNICAST(*ppsubrec))
+  {
+    if((rrec = find_response_record_on_subnet(*ppsubrec, id)) != NULL)
+      return rrec;
+  }
+
+  /* There should never be response records on the remote_broadcast subnet.
+     Sanity check to ensure this is so. */
+  if(remote_broadcast_subnet->responselist != NULL)
+  {
+    DEBUG(0,("find_response_record: response record found on subnet %s. This should \
+never happen !\n", remote_broadcast_subnet->subnet_name));
+  }
+
+  /* Now check the WINS server subnet if it exists. */
+  if(wins_server_subnet != NULL)
+  {
+    *ppsubrec = wins_server_subnet;
+    if((rrec = find_response_record_on_subnet(*ppsubrec, id))!= NULL)
+      return rrec;
+  }
+
+  DEBUG(0,("find_response_record: response packet id %hu received with no \
+matching record.\n", id));
+ 
+  *ppsubrec = NULL;
+
+  return NULL;
+}
+
+/****************************************************************************
+  Check if a refresh is queued for a particular name on a particular subnet.
+  **************************************************************************/
+   
+BOOL is_refresh_already_queued(struct subnet_record *subrec, struct name_record *namerec)
+{  
+  struct response_record *rrec = NULL;
+   
+  for (rrec = subrec->responselist; rrec; rrec = rrec->next)
+  {
+    struct packet_struct *p = rrec->packet;
+    struct nmb_packet *nmb = &p->packet.nmb;
+
+    if((nmb->header.opcode == NMB_NAME_REFRESH_OPCODE_8) ||
+       (nmb->header.opcode == NMB_NAME_REFRESH_OPCODE_9))
+    {
+      /* Yes it's a queued refresh - check if the name is correct. */
+      if(nmb_name_equal(&nmb->question.question_name, &namerec->name))
+        return True;
+    }
+  }
+
+  return False;
+} 
diff --git a/source3/nmbd/nmbd_sendannounce.c b/source3/nmbd/nmbd_sendannounce.c
new file mode 100644
index 0000000000..d4a7070042
--- /dev/null
+++ b/source3/nmbd/nmbd_sendannounce.c
@@ -0,0 +1,605 @@
+/* 
+   Unix SMB/CIFS implementation.
+   NBT netbios routines and daemon - version 2
+   Copyright (C) Andrew Tridgell 1994-1998
+   Copyright (C) Luke Kenneth Casson Leighton 1994-1998
+   Copyright (C) Jeremy Allison 1994-1998
+
+   SMB Version handling
+   Copyright (C) John H Terpstra 1995-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   
+*/
+
+#include "includes.h"
+
+extern pstring global_myname;
+extern fstring global_myworkgroup;
+extern char **my_netbios_names;
+extern int  updatecount;
+extern BOOL found_lm_clients;
+
+/****************************************************************************
+ Send a browser reset packet.
+**************************************************************************/
+
+void send_browser_reset(int reset_type, char *to_name, int to_type, struct in_addr to_ip)
+{
+  pstring outbuf;
+  char *p;
+
+  DEBUG(3,("send_browser_reset: sending reset request type %d to %s<%02x> IP %s.\n",
+       reset_type, to_name, to_type, inet_ntoa(to_ip) ));
+
+  memset(outbuf,'\0',sizeof(outbuf));
+  p = outbuf;
+  SCVAL(p,0,ANN_ResetBrowserState);
+  p++;
+  SCVAL(p,0,reset_type);
+  p++;
+
+  send_mailslot(True, BROWSE_MAILSLOT, outbuf,PTR_DIFF(p,outbuf),
+                global_myname, 0x0, to_name, to_type, to_ip, 
+		FIRST_SUBNET->myip, DGRAM_PORT);
+}
+
+/****************************************************************************
+  Broadcast a packet to the local net requesting that all servers in this
+  workgroup announce themselves to us.
+  **************************************************************************/
+
+void broadcast_announce_request(struct subnet_record *subrec, struct work_record *work)
+{
+  pstring outbuf;
+  char *p;
+
+  work->needannounce = True;
+
+  DEBUG(3,("broadcast_announce_request: sending announce request for workgroup %s \
+to subnet %s\n", work->work_group, subrec->subnet_name));
+
+  memset(outbuf,'\0',sizeof(outbuf));
+  p = outbuf;
+  SCVAL(p,0,ANN_AnnouncementRequest);
+  p++;
+
+  SCVAL(p,0,work->token); /* (local) Unique workgroup token id. */
+  p++;
+  p +=  push_string(NULL, p+1, global_myname, 15, STR_ASCII|STR_UPPER|STR_TERMINATE);
+  
+  send_mailslot(False, BROWSE_MAILSLOT, outbuf,PTR_DIFF(p,outbuf),
+                global_myname, 0x0, work->work_group,0x1e, subrec->bcast_ip, 
+		subrec->myip, DGRAM_PORT);
+}
+
+/****************************************************************************
+  Broadcast an announcement.
+  **************************************************************************/
+
+static void send_announcement(struct subnet_record *subrec, int announce_type,
+                              char *from_name, char *to_name, int to_type, struct in_addr to_ip,
+                              time_t announce_interval,
+                              char *server_name, int server_type, char *server_comment)
+{
+  pstring outbuf;
+  char *p;
+
+  memset(outbuf,'\0',sizeof(outbuf));
+  p = outbuf+1;
+
+  SCVAL(outbuf,0,announce_type);
+
+  /* Announcement parameters. */
+  SCVAL(p,0,updatecount);
+  SIVAL(p,1,announce_interval*1000); /* Milliseconds - despite the spec. */
+
+  push_string(NULL, p+5, server_name, 15, STR_ASCII|STR_UPPER|STR_TERMINATE);
+
+  SCVAL(p,21,lp_major_announce_version()); /* Major version. */
+  SCVAL(p,22,lp_minor_announce_version()); /* Minor version. */
+
+  SIVAL(p,23,server_type & ~SV_TYPE_LOCAL_LIST_ONLY);
+  /* Browse version: got from NT/AS 4.00  - Value defined in smb.h (JHT). */
+  SSVAL(p,27,BROWSER_ELECTION_VERSION);
+  SSVAL(p,29,BROWSER_CONSTANT); /* Browse signature. */
+
+  p += 31 + push_string(NULL, p+31, server_comment, -1, STR_ASCII|STR_TERMINATE);
+
+  send_mailslot(False,BROWSE_MAILSLOT, outbuf, PTR_DIFF(p,outbuf),
+                from_name, 0x0, to_name, to_type, to_ip, subrec->myip,
+		DGRAM_PORT);
+}
+
+/****************************************************************************
+  Broadcast a LanMan announcement.
+**************************************************************************/
+
+static void send_lm_announcement(struct subnet_record *subrec, int announce_type,
+                              char *from_name, char *to_name, int to_type, struct in_addr to_ip,
+                              time_t announce_interval,
+                              char *server_name, int server_type, char *server_comment)
+{
+  pstring outbuf;
+  char *p=outbuf;
+
+  memset(outbuf,'\0',sizeof(outbuf));
+
+  SSVAL(p,0,announce_type);
+  SIVAL(p,2,server_type & ~SV_TYPE_LOCAL_LIST_ONLY);
+  SCVAL(p,6,lp_major_announce_version()); /* Major version. */
+  SCVAL(p,7,lp_minor_announce_version()); /* Minor version. */
+  SSVAL(p,8,announce_interval);            /* In seconds - according to spec. */
+
+  p += 10;
+  /*StrnCpy(p,server_name,15);
+  strupper(p);
+  p = skip_string(p,1);
+  pstrcpy(p,server_comment);
+  p = skip_string(p,1);*/
+  p += push_string(NULL, p, server_name, 15, STR_ASCII|STR_UPPER|STR_TERMINATE);
+  p += push_string(NULL, p, server_comment, sizeof(pstring)-15, STR_ASCII|STR_UPPER|STR_TERMINATE);
+
+  send_mailslot(False,LANMAN_MAILSLOT, outbuf, PTR_DIFF(p,outbuf),
+                from_name, 0x0, to_name, to_type, to_ip, subrec->myip,
+		DGRAM_PORT);
+}
+
+/****************************************************************************
+ We are a local master browser. Announce this to WORKGROUP<1e>.
+****************************************************************************/
+
+static void send_local_master_announcement(struct subnet_record *subrec, struct work_record *work,
+                                           struct server_record *servrec)
+{
+  /* Ensure we don't have the prohibited bit set. */
+  uint32 type = servrec->serv.type & ~SV_TYPE_LOCAL_LIST_ONLY;
+
+  DEBUG(3,("send_local_master_announcement: type %x for name %s on subnet %s for workgroup %s\n",
+            type, global_myname, subrec->subnet_name, work->work_group));
+
+  send_announcement(subrec, ANN_LocalMasterAnnouncement,
+                    global_myname,                   /* From nbt name. */
+                    work->work_group, 0x1e,          /* To nbt name. */
+                    subrec->bcast_ip,                /* To ip. */
+                    work->announce_interval,         /* Time until next announce. */
+                    global_myname,                   /* Name to announce. */
+                    type,                            /* Type field. */
+                    servrec->serv.comment);
+}
+
+/****************************************************************************
+ Announce the workgroup WORKGROUP to MSBROWSE<01>.
+****************************************************************************/
+
+static void send_workgroup_announcement(struct subnet_record *subrec, struct work_record *work)
+{
+  DEBUG(3,("send_workgroup_announcement: on subnet %s for workgroup %s\n",
+            subrec->subnet_name, work->work_group));
+
+  send_announcement(subrec, ANN_DomainAnnouncement,
+                    global_myname,                   /* From nbt name. */
+                    MSBROWSE, 0x1,                   /* To nbt name. */
+                    subrec->bcast_ip,                /* To ip. */
+                    work->announce_interval,         /* Time until next announce. */
+                    work->work_group,                /* Name to announce. */
+                    SV_TYPE_DOMAIN_ENUM|SV_TYPE_NT,  /* workgroup announce flags. */
+                    global_myname);                  /* From name as comment. */
+}
+
+/****************************************************************************
+ Announce the given host to WORKGROUP<1d>.
+****************************************************************************/
+
+static void send_host_announcement(struct subnet_record *subrec, struct work_record *work,
+                                   struct server_record *servrec)
+{
+  /* Ensure we don't have the prohibited bits set. */
+  uint32 type = servrec->serv.type & ~SV_TYPE_LOCAL_LIST_ONLY;
+
+  DEBUG(3,("send_host_announcement: type %x for host %s on subnet %s for workgroup %s\n",
+            type, servrec->serv.name, subrec->subnet_name, work->work_group));
+
+  send_announcement(subrec, ANN_HostAnnouncement,
+                    servrec->serv.name,              /* From nbt name. */
+                    work->work_group, 0x1d,          /* To nbt name. */
+                    subrec->bcast_ip,                /* To ip. */
+                    work->announce_interval,         /* Time until next announce. */
+                    servrec->serv.name,              /* Name to announce. */
+                    type,                            /* Type field. */
+                    servrec->serv.comment);
+}
+
+/****************************************************************************
+ Announce the given LanMan host
+****************************************************************************/
+
+static void send_lm_host_announcement(struct subnet_record *subrec, struct work_record *work,
+                                   struct server_record *servrec, int lm_interval)
+{
+  /* Ensure we don't have the prohibited bits set. */
+  uint32 type = servrec->serv.type & ~SV_TYPE_LOCAL_LIST_ONLY;
+
+  DEBUG(3,("send_lm_host_announcement: type %x for host %s on subnet %s for workgroup %s, ttl: %d\n",
+            type, servrec->serv.name, subrec->subnet_name, work->work_group, lm_interval));
+
+  send_lm_announcement(subrec, ANN_HostAnnouncement,
+                    servrec->serv.name,              /* From nbt name. */
+                    work->work_group, 0x00,          /* To nbt name. */
+                    subrec->bcast_ip,                /* To ip. */
+                    lm_interval,                     /* Time until next announce. */
+                    servrec->serv.name,              /* Name to announce. */
+                    type,                            /* Type field. */
+                    servrec->serv.comment);
+}
+
+/****************************************************************************
+  Announce a server record.
+  ****************************************************************************/
+
+static void announce_server(struct subnet_record *subrec, struct work_record *work,
+                     struct server_record *servrec)
+{
+  /* Only do domain announcements if we are a master and it's
+     our primary name we're being asked to announce. */
+
+  if (AM_LOCAL_MASTER_BROWSER(work) && strequal(global_myname,servrec->serv.name))
+  {
+    send_local_master_announcement(subrec, work, servrec);
+    send_workgroup_announcement(subrec, work);
+  }
+  else
+  {
+    send_host_announcement(subrec, work, servrec);
+  }
+}
+
+/****************************************************************************
+  Go through all my registered names on all broadcast subnets and announce
+  them if the timeout requires it.
+  **************************************************************************/
+
+void announce_my_server_names(time_t t)
+{
+  struct subnet_record *subrec;
+
+  for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec))
+  {
+    struct work_record *work = find_workgroup_on_subnet(subrec, global_myworkgroup);
+
+    if(work)
+    {
+      struct server_record *servrec;
+
+      if (work->needannounce)
+      {
+        /* Drop back to a max 3 minute announce. This is to prevent a
+           single lost packet from breaking things for too long. */
+
+        work->announce_interval = MIN(work->announce_interval,
+                                    CHECK_TIME_MIN_HOST_ANNCE*60);
+        work->lastannounce_time = t - (work->announce_interval+1);
+        work->needannounce = False;
+      }
+
+      /* Announce every minute at first then progress to every 12 mins */
+      if ((t - work->lastannounce_time) < work->announce_interval)
+        continue;
+
+      if (work->announce_interval < (CHECK_TIME_MAX_HOST_ANNCE * 60))
+        work->announce_interval += 60;
+
+      work->lastannounce_time = t;
+
+      for (servrec = work->serverlist; servrec; servrec = servrec->next)
+      {
+        if (is_myname(servrec->serv.name))
+          announce_server(subrec, work, servrec);
+      }
+    } /* if work */
+  } /* for subrec */
+}
+
+/****************************************************************************
+  Go through all my registered names on all broadcast subnets and announce
+  them as a LanMan server if the timeout requires it.
+**************************************************************************/
+
+void announce_my_lm_server_names(time_t t)
+{
+  struct subnet_record *subrec;
+  static time_t last_lm_announce_time=0;
+  int announce_interval = lp_lm_interval();
+  int lm_announce = lp_lm_announce();
+
+  if ((announce_interval <= 0) || (lm_announce <= 0))
+  {
+    /* user absolutely does not want LM announcements to be sent. */
+    return;
+  }
+
+  if ((lm_announce >= 2) && (!found_lm_clients))
+  {
+    /* has been set to 2 (Auto) but no LM clients detected (yet). */
+    return;
+  }
+
+  /* Otherwise: must have been set to 1 (Yes), or LM clients *have*
+     been detected. */
+
+  for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec))
+  {
+    struct work_record *work = find_workgroup_on_subnet(subrec, global_myworkgroup);
+
+    if(work)
+    {
+      struct server_record *servrec;
+
+      if (last_lm_announce_time && ((t - last_lm_announce_time) < announce_interval ))
+        continue;
+
+      last_lm_announce_time = t;
+
+      for (servrec = work->serverlist; servrec; servrec = servrec->next)
+      {
+        if (is_myname(servrec->serv.name))
+          /* skipping equivalent of announce_server() */
+          send_lm_host_announcement(subrec, work, servrec, announce_interval);
+      }
+    } /* if work */
+  } /* for subrec */
+}
+
+/* Announce timer. Moved into global static so it can be reset
+   when a machine becomes a local master browser. */
+static time_t announce_timer_last=0;
+
+/****************************************************************************
+ Reset the announce_timer so that a local master browser announce will be done
+ immediately.
+ ****************************************************************************/
+
+void reset_announce_timer(void)
+{
+  announce_timer_last = time(NULL) - (CHECK_TIME_MST_ANNOUNCE * 60);
+}
+
+/****************************************************************************
+  Announce myself as a local master browser to a domain master browser.
+  **************************************************************************/
+
+void announce_myself_to_domain_master_browser(time_t t)
+{
+  struct subnet_record *subrec;
+  struct work_record *work;
+
+  if(!we_are_a_wins_client())
+  {
+    DEBUG(10,("announce_myself_to_domain_master_browser: no unicast subnet, ignoring.\n"));
+    return;
+  }
+
+  if (!announce_timer_last)
+    announce_timer_last = t;
+
+  if ((t-announce_timer_last) < (CHECK_TIME_MST_ANNOUNCE * 60))
+  {
+    DEBUG(10,("announce_myself_to_domain_master_browser: t (%d) - last(%d) < %d\n",
+	      (int)t, (int)announce_timer_last, 
+	      CHECK_TIME_MST_ANNOUNCE * 60 ));
+    return;
+  }
+
+  announce_timer_last = t;
+
+  /* Look over all our broadcast subnets to see if any of them
+     has the state set as local master browser. */
+
+  for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec))
+  {
+    for (work = subrec->workgrouplist; work; work = work->next)
+    {
+      if (AM_LOCAL_MASTER_BROWSER(work))
+      {
+        DEBUG(4,( "announce_myself_to_domain_master_browser: I am a local master browser for \
+workgroup %s on subnet %s\n", work->work_group, subrec->subnet_name));
+
+        /* Look in nmbd_browsersync.c for the rest of this code. */
+        announce_and_sync_with_domain_master_browser(subrec, work);
+      }
+    }
+  }
+}
+
+/****************************************************************************
+Announce all samba's server entries as 'gone'.
+This must *only* be called on shutdown.
+****************************************************************************/
+
+void announce_my_servers_removed(void)
+{
+  int announce_interval = lp_lm_interval();
+  int lm_announce = lp_lm_announce();
+  struct subnet_record *subrec; 
+
+  for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec))
+  {
+    struct work_record *work;
+    for (work = subrec->workgrouplist; work; work = work->next)
+    {
+      struct server_record *servrec;
+
+      work->announce_interval = 0;
+      for (servrec = work->serverlist; servrec; servrec = servrec->next)
+      {
+        if (!is_myname(servrec->serv.name))
+          continue;
+        servrec->serv.type = 0;
+        if(AM_LOCAL_MASTER_BROWSER(work))
+          send_local_master_announcement(subrec, work, servrec);
+        send_host_announcement(subrec, work, servrec);
+
+
+        if ((announce_interval <= 0) || (lm_announce <= 0))
+        {
+          /* user absolutely does not want LM announcements to be sent. */
+          continue;
+        }
+
+        if ((lm_announce >= 2) && (!found_lm_clients))
+        {
+          /* has been set to 2 (Auto) but no LM clients detected (yet). */
+          continue;
+        }
+
+        /* 
+         * lm announce was set or we have seen lm announcements, so do
+         * a lm announcement of host removed.
+         */
+
+        send_lm_host_announcement(subrec, work, servrec, 0);
+      }
+    }
+  }
+}
+
+/****************************************************************************
+  Do all the "remote" announcements. These are used to put ourselves
+  on a remote browse list. They are done blind, no checking is done to
+  see if there is actually a local master browser at the other end.
+  **************************************************************************/
+
+void announce_remote(time_t t)
+{
+  char *s,*ptr;
+  static time_t last_time = 0;
+  pstring s2;
+  struct in_addr addr;
+  char *comment;
+  int stype = lp_default_server_announce();
+
+  if (last_time && (t < (last_time + REMOTE_ANNOUNCE_INTERVAL)))
+    return;
+
+  last_time = t;
+
+  s = lp_remote_announce();
+  if (!*s)
+    return;
+
+  comment = string_truncate(lp_serverstring(), MAX_SERVER_STRING_LENGTH);
+
+  for (ptr=s; next_token(&ptr,s2,NULL,sizeof(s2)); ) 
+  {
+    /* The entries are of the form a.b.c.d/WORKGROUP with 
+       WORKGROUP being optional */
+    char *wgroup;
+    int i;
+
+    wgroup = strchr_m(s2,'/');
+    if (wgroup)
+      *wgroup++ = 0;
+    if (!wgroup || !*wgroup)
+      wgroup = global_myworkgroup;
+
+    addr = *interpret_addr2(s2);
+    
+    /* Announce all our names including aliases */
+    /* Give the ip address as the address of our first
+       broadcast subnet. */
+
+    for(i=0; my_netbios_names[i]; i++) 
+    {
+      char *name = my_netbios_names[i];
+
+      DEBUG(5,("announce_remote: Doing remote announce for server %s to IP %s.\n",
+                 name, inet_ntoa(addr) ));
+
+      send_announcement(FIRST_SUBNET, ANN_HostAnnouncement,
+                    name,                      /* From nbt name. */
+                    wgroup, 0x1d,              /* To nbt name. */
+                    addr,                      /* To ip. */
+                    REMOTE_ANNOUNCE_INTERVAL,  /* Time until next announce. */
+                    name,                      /* Name to announce. */
+                    stype,                     /* Type field. */
+                    comment);
+    }
+  }
+}
+
+/****************************************************************************
+  Implement the 'remote browse sync' feature Andrew added.
+  These are used to put our browse lists into remote browse lists.
+  **************************************************************************/
+
+void browse_sync_remote(time_t t)
+{  
+  char *s,*ptr;
+  static time_t last_time = 0; 
+  pstring s2;
+  struct in_addr addr;
+  struct work_record *work;
+  pstring outbuf;
+  char *p;
+ 
+  if (last_time && (t < (last_time + REMOTE_ANNOUNCE_INTERVAL)))
+    return;
+   
+  last_time = t;
+
+  s = lp_remote_browse_sync();
+  if (!*s)
+    return;
+
+  /*
+   * We only do this if we are the local master browser
+   * for our workgroup on the firsst subnet.
+   */
+
+  if((work = find_workgroup_on_subnet(FIRST_SUBNET, global_myworkgroup)) == NULL)
+  {   
+    DEBUG(0,("browse_sync_remote: Cannot find workgroup %s on subnet %s\n",
+           global_myworkgroup, FIRST_SUBNET->subnet_name ));
+    return;
+  }   
+         
+  if(!AM_LOCAL_MASTER_BROWSER(work))
+  {
+    DEBUG(5,("browse_sync_remote: We can only do this if we are a local master browser \
+for workgroup %s on subnet %s.\n", global_myworkgroup, FIRST_SUBNET->subnet_name ));
+    return;
+  } 
+
+  memset(outbuf,'\0',sizeof(outbuf));
+  p = outbuf;
+  SCVAL(p,0,ANN_MasterAnnouncement);
+  p++;
+
+  StrnCpy(p,global_myname,15);
+  strupper(p);
+  p = skip_string(p,1);
+
+  for (ptr=s; next_token(&ptr,s2,NULL,sizeof(s2)); ) 
+  {
+    /* The entries are of the form a.b.c.d */
+    addr = *interpret_addr2(s2);
+
+    DEBUG(5,("announce_remote: Doing remote browse sync announce for server %s to IP %s.\n",
+                 global_myname, inet_ntoa(addr) ));
+
+    send_mailslot(True, BROWSE_MAILSLOT, outbuf,PTR_DIFF(p,outbuf),
+          global_myname, 0x0, "*", 0x0, addr, FIRST_SUBNET->myip, DGRAM_PORT);
+  }
+}
diff --git a/source3/nmbd/nmbd_serverlistdb.c b/source3/nmbd/nmbd_serverlistdb.c
new file mode 100644
index 0000000000..a315d80afe
--- /dev/null
+++ b/source3/nmbd/nmbd_serverlistdb.c
@@ -0,0 +1,452 @@
+/* 
+   Unix SMB/CIFS implementation.
+   NBT netbios routines and daemon - version 2
+   Copyright (C) Andrew Tridgell 1994-1998
+   Copyright (C) Luke Kenneth Casson Leighton 1994-1998
+   Copyright (C) Jeremy Allison 1994-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   
+*/
+
+#include "includes.h"
+#include "smb.h"
+
+extern int ClientNMB;
+
+extern fstring global_myworkgroup;
+extern char **my_netbios_names;
+
+int updatecount = 0;
+
+/*******************************************************************
+  Remove all the servers in a work group.
+  ******************************************************************/
+
+void remove_all_servers(struct work_record *work)
+{
+  struct server_record *servrec;
+  struct server_record *nexts;
+
+  for (servrec = work->serverlist; servrec; servrec = nexts)
+  {
+    DEBUG(7,("remove_all_servers: Removing server %s\n",servrec->serv.name));
+    nexts = servrec->next;
+
+    if (servrec->prev)
+      servrec->prev->next = servrec->next;
+    if (servrec->next)
+      servrec->next->prev = servrec->prev;
+
+    if (work->serverlist == servrec)
+      work->serverlist = servrec->next;
+
+    ZERO_STRUCTP(servrec);
+    SAFE_FREE(servrec);
+
+  }
+
+  work->subnet->work_changed = True;
+}
+
+/***************************************************************************
+  Add a server into the a workgroup serverlist.
+  **************************************************************************/
+
+static void add_server_to_workgroup(struct work_record *work,
+                             struct server_record *servrec)
+{
+  struct server_record *servrec2;
+
+  if (!work->serverlist)
+  {
+    work->serverlist = servrec;
+    servrec->prev = NULL;
+    servrec->next = NULL;
+    return;
+  }
+
+  for (servrec2 = work->serverlist; servrec2->next; servrec2 = servrec2->next)
+    ;
+
+  servrec2->next = servrec;
+  servrec->next = NULL;
+  servrec->prev = servrec2;
+  work->subnet->work_changed = True;
+}
+
+/****************************************************************************
+  Find a server in a server list.
+  **************************************************************************/
+
+struct server_record *find_server_in_workgroup(struct work_record *work, char *name)
+{
+  struct server_record *ret;
+  
+  for (ret = work->serverlist; ret; ret = ret->next)
+  {
+    if (strequal(ret->serv.name,name))
+      return ret;
+  }
+  return NULL;
+}
+
+
+/****************************************************************************
+  Remove a server entry from this workgroup.
+  ****************************************************************************/
+
+void remove_server_from_workgroup(struct work_record *work, struct server_record *servrec)
+{
+  if (servrec->prev)
+    servrec->prev->next = servrec->next;
+  if (servrec->next)
+    servrec->next->prev = servrec->prev;
+
+  if (work->serverlist == servrec) 
+    work->serverlist = servrec->next; 
+
+  ZERO_STRUCTP(servrec);
+  SAFE_FREE(servrec);
+  work->subnet->work_changed = True;
+}
+
+/****************************************************************************
+  Create a server entry on this workgroup.
+  ****************************************************************************/
+
+struct server_record *create_server_on_workgroup(struct work_record *work,
+                                                 char *name,int servertype, 
+                                                 int ttl,char *comment)
+{
+  struct server_record *servrec;
+  
+  if (name[0] == '*')
+  {
+      DEBUG(7,("create_server_on_workgroup: not adding name starting with '*' (%s)\n",
+             name));
+      return (NULL);
+  }
+  
+  if((servrec = find_server_in_workgroup(work, name)) != NULL)
+  {
+    DEBUG(0,("create_server_on_workgroup: Server %s already exists on \
+workgroup %s. This is a bug.\n", name, work->work_group));
+    return NULL;
+  }
+  
+  if((servrec = (struct server_record *)malloc(sizeof(*servrec))) == NULL)
+  {
+    DEBUG(0,("create_server_entry_on_workgroup: malloc fail !\n"));
+    return NULL;
+  }
+
+  memset((char *)servrec,'\0',sizeof(*servrec));
+ 
+  servrec->subnet = work->subnet;
+ 
+  StrnCpy(servrec->serv.name,name,sizeof(servrec->serv.name)-1);
+  StrnCpy(servrec->serv.comment,comment,sizeof(servrec->serv.comment)-1);
+  strupper(servrec->serv.name);
+  servrec->serv.type  = servertype;
+
+  update_server_ttl(servrec, ttl);
+  
+  add_server_to_workgroup(work, servrec);
+      
+  DEBUG(3,("create_server_on_workgroup: Created server entry %s of type %x (%s) on \
+workgroup %s.\n", name,servertype,comment, work->work_group));
+ 
+  work->subnet->work_changed = True;
+ 
+  return(servrec);
+}
+
+/*******************************************************************
+ Update the ttl field of a server record.
+*******************************************************************/
+
+void update_server_ttl(struct server_record *servrec, int ttl)
+{
+  if(ttl > lp_max_ttl())
+    ttl = lp_max_ttl();
+
+  if(is_myname(servrec->serv.name))
+    servrec->death_time = PERMANENT_TTL;
+  else
+    servrec->death_time = (ttl != PERMANENT_TTL) ? time(NULL)+(ttl*3) : PERMANENT_TTL;
+
+  servrec->subnet->work_changed = True;
+}
+
+/*******************************************************************
+  Expire old servers in the serverlist. A time of -1 indicates 
+  everybody dies except those with a death_time of PERMANENT_TTL (which is 0).
+  This should only be called from expire_workgroups_and_servers().
+  ******************************************************************/
+
+void expire_servers(struct work_record *work, time_t t)
+{
+  struct server_record *servrec;
+  struct server_record *nexts;
+  
+  for (servrec = work->serverlist; servrec; servrec = nexts)
+  {
+    nexts = servrec->next;
+
+    if ((servrec->death_time != PERMANENT_TTL) && ((t == -1) || (servrec->death_time < t)))
+    {
+      DEBUG(3,("expire_old_servers: Removing timed out server %s\n",servrec->serv.name));
+      remove_server_from_workgroup(work, servrec);
+      work->subnet->work_changed = True;
+    }
+  }
+}
+
+/*******************************************************************
+ Decide if we should write out a server record for this server.
+ We return zero if we should not. Check if we've already written
+ out this server record from an earlier subnet.
+******************************************************************/
+
+static uint32 write_this_server_name( struct subnet_record *subrec,
+                                      struct work_record *work,
+                                      struct server_record *servrec)
+{
+  struct subnet_record *ssub;
+  struct work_record *iwork;
+
+  /* Go through all the subnets we have already seen. */
+  for (ssub = FIRST_SUBNET; ssub != subrec; ssub = NEXT_SUBNET_INCLUDING_UNICAST(ssub)) 
+  {
+    for(iwork = ssub->workgrouplist; iwork; iwork = iwork->next)
+    {
+      if(find_server_in_workgroup( iwork, servrec->serv.name) != NULL)
+      {
+        /*
+         * We have already written out this server record, don't
+         * do it again. This gives precedence to servers we have seen
+         * on the broadcast subnets over servers that may have been
+         * added via a sync on the unicast_subet.
+         *
+         * The correct way to do this is to have a serverlist file
+         * per subnet - this means changes to smbd as well. I may
+         * add this at a later date (JRA).
+         */
+
+        return 0;
+      }
+    }
+  }
+
+  return servrec->serv.type;
+}
+
+/*******************************************************************
+ Decide if we should write out a workgroup record for this workgroup.
+ We return zero if we should not. Don't write out global_myworkgroup (we've
+ already done it) and also don't write out a second workgroup record
+ on the unicast subnet that we've already written out on one of the
+ broadcast subnets.
+******************************************************************/
+
+static uint32 write_this_workgroup_name( struct subnet_record *subrec, 
+                                         struct work_record *work)
+{
+  struct subnet_record *ssub;
+
+  if(strequal(global_myworkgroup, work->work_group))
+    return 0;
+
+  /* This is a workgroup we have seen on a broadcast subnet. All
+     these have the same type. */
+
+  if(subrec != unicast_subnet)
+    return (SV_TYPE_DOMAIN_ENUM|SV_TYPE_NT|SV_TYPE_LOCAL_LIST_ONLY);
+
+  for(ssub = FIRST_SUBNET; ssub;  ssub = NEXT_SUBNET_EXCLUDING_UNICAST(ssub))
+  {
+    /* This is the unicast subnet so check if we've already written out
+       this subnet when we passed over the broadcast subnets. */
+
+    if(find_workgroup_on_subnet( ssub, work->work_group) != NULL)
+      return 0;
+  }
+
+  /* All workgroups on the unicast subnet (except our own, which we
+     have already written out) cannot be local. */
+
+  return (SV_TYPE_DOMAIN_ENUM|SV_TYPE_NT);
+}
+
+/*******************************************************************
+  Write out the browse.dat file.
+  ******************************************************************/
+
+void write_browse_list_entry(XFILE *fp, fstring name, uint32 rec_type,
+		fstring local_master_browser_name, fstring description)
+{
+	fstring tmp;
+
+	slprintf(tmp,sizeof(tmp)-1, "\"%s\"", name);
+	x_fprintf(fp, "%-25s ", tmp);
+	x_fprintf(fp, "%08x ", rec_type);
+	slprintf(tmp, sizeof(tmp)-1, "\"%s\" ", local_master_browser_name);
+	x_fprintf(fp, "%-30s", tmp);
+	x_fprintf(fp, "\"%s\"\n", description);
+}
+
+void write_browse_list(time_t t, BOOL force_write)
+{   
+  struct subnet_record *subrec;
+  struct work_record *work;
+  struct server_record *servrec;
+  pstring fname,fnamenew;
+  uint32 stype;
+  int i;
+  XFILE *fp;
+  BOOL list_changed = force_write;
+  static time_t lasttime = 0;
+    
+  /* Always dump if we're being told to by a signal. */
+  if(force_write == False)
+  {
+    if (!lasttime)
+      lasttime = t;
+    if (t - lasttime < 5)
+      return;
+  }
+
+  lasttime = t;
+
+  dump_workgroups(force_write);
+ 
+  for (subrec = FIRST_SUBNET; subrec ; subrec = NEXT_SUBNET_INCLUDING_UNICAST(subrec))
+  {
+    if(subrec->work_changed)
+    {
+      list_changed = True;
+      break;
+    }
+  }
+
+  if(!list_changed)
+    return;
+
+  updatecount++;
+    
+  pstrcpy(fname,lp_lockdir());
+  trim_string(fname,NULL,"/");
+  pstrcat(fname,"/");
+  pstrcat(fname,SERVER_LIST);
+  pstrcpy(fnamenew,fname);
+  pstrcat(fnamenew,".");
+ 
+  fp = x_fopen(fnamenew,O_WRONLY|O_CREAT|O_TRUNC, 0644);
+ 
+  if (!fp)
+  {
+    DEBUG(0,("write_browse_list: Can't open file %s. Error was %s\n",
+              fnamenew,strerror(errno)));
+    return;
+  } 
+  
+  /*
+   * Write out a record for our workgroup. Use the record from the first
+   * subnet.
+   */
+
+  if((work = find_workgroup_on_subnet(FIRST_SUBNET, global_myworkgroup)) == NULL)
+  { 
+    DEBUG(0,("write_browse_list: Fatal error - cannot find my workgroup %s\n",
+             global_myworkgroup));
+    x_fclose(fp);
+    return;
+  }
+
+  write_browse_list_entry(fp, work->work_group,
+     SV_TYPE_DOMAIN_ENUM|SV_TYPE_NT|SV_TYPE_LOCAL_LIST_ONLY,
+     work->local_master_browser_name, work->work_group);
+
+  /* 
+   * We need to do something special for our own names.
+   * This is due to the fact that we may be a local master browser on
+   * one of our broadcast subnets, and a domain master on the unicast
+   * subnet. We iterate over the subnets and only write out the name
+   * once.
+   */
+
+  for (i=0; my_netbios_names[i]; i++)
+  {
+    stype = 0;
+    for (subrec = FIRST_SUBNET; subrec ; subrec = NEXT_SUBNET_INCLUDING_UNICAST(subrec))
+    {
+      if((work = find_workgroup_on_subnet( subrec, global_myworkgroup )) == NULL)
+        continue;
+      if((servrec = find_server_in_workgroup( work, my_netbios_names[i])) == NULL)
+        continue;
+
+      stype |= servrec->serv.type;
+    }
+
+    /* Output server details, plus what workgroup they're in. */
+    write_browse_list_entry(fp, my_netbios_names[i], stype,
+        string_truncate(lp_serverstring(), MAX_SERVER_STRING_LENGTH), global_myworkgroup);
+  }
+      
+  for (subrec = FIRST_SUBNET; subrec ; subrec = NEXT_SUBNET_INCLUDING_UNICAST(subrec)) 
+  { 
+    subrec->work_changed = False;
+
+    for (work = subrec->workgrouplist; work ; work = work->next)
+    {
+      /* Write out a workgroup record for a workgroup. */
+      uint32 wg_type = write_this_workgroup_name( subrec, work);
+
+      if(wg_type)
+      {
+        write_browse_list_entry(fp, work->work_group, wg_type,
+                                work->local_master_browser_name,
+                                work->work_group);
+      }
+
+      /* Now write out any server records a workgroup may have. */
+
+      for (servrec = work->serverlist; servrec ; servrec = servrec->next)
+      {
+        uint32 serv_type;
+
+        /* We have already written our names here. */
+        if(is_myname(servrec->serv.name))
+          continue; 
+
+        serv_type = write_this_server_name(subrec, work, servrec);
+
+        if(serv_type)
+        {
+          /* Output server details, plus what workgroup they're in. */
+          write_browse_list_entry(fp, servrec->serv.name, serv_type,
+                                 servrec->serv.comment, work->work_group);
+        }
+      }
+    }
+  } 
+  
+  x_fclose(fp);
+  unlink(fname);
+  chmod(fnamenew,0644);
+  rename(fnamenew,fname);
+  DEBUG(3,("write_browse_list: Wrote browse list into file %s\n",fname));
+}
diff --git a/source3/nmbd/nmbd_subnetdb.c b/source3/nmbd/nmbd_subnetdb.c
new file mode 100644
index 0000000000..6c6e7adbb8
--- /dev/null
+++ b/source3/nmbd/nmbd_subnetdb.c
@@ -0,0 +1,394 @@
+/* 
+   Unix SMB/CIFS implementation.
+   NBT netbios routines and daemon - version 2
+   Copyright (C) Andrew Tridgell 1994-1998
+   Copyright (C) Luke Kenneth Casson Leighton 1994-1998
+   Copyright (C) Jeremy Allison 1994-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   
+   Revision History:
+
+*/
+
+#include "includes.h"
+#include "smb.h"
+
+extern int ClientNMB;
+extern int ClientDGRAM;
+extern int global_nmb_port;
+
+extern fstring myworkgroup;
+extern char **my_netbios_names;
+
+/* This is the broadcast subnets database. */
+struct subnet_record *subnetlist = NULL;
+
+/* Extra subnets - keep these separate so enumeration code doesn't
+   run onto it by mistake. */
+
+struct subnet_record *unicast_subnet = NULL;
+struct subnet_record *remote_broadcast_subnet = NULL;
+struct subnet_record *wins_server_subnet = NULL;
+
+extern uint16 samba_nb_type; /* Samba's NetBIOS name type. */
+
+/****************************************************************************
+  Add a subnet into the list.
+  **************************************************************************/
+
+static void add_subnet(struct subnet_record *subrec)
+{
+	DLIST_ADD(subnetlist, subrec);
+}
+
+/* ************************************************************************** **
+ * Comparison routine for ordering the splay-tree based namelists assoicated
+ * with each subnet record.
+ *
+ *  Input:  Item  - Pointer to the comparison key.
+ *          Node  - Pointer to a node the splay tree.
+ *
+ *  Output: The return value will be <0 , ==0, or >0 depending upon the
+ *          ordinal relationship of the two keys.
+ *
+ * ************************************************************************** **
+ */
+static int namelist_entry_compare( ubi_trItemPtr Item, ubi_trNodePtr Node )
+  {
+  struct name_record *NR = (struct name_record *)Node;
+
+  if( DEBUGLVL( 10 ) )
+    {
+    struct nmb_name *Iname = (struct nmb_name *)Item;
+
+    Debug1( "nmbd_subnetdb:namelist_entry_compare()\n" );
+    Debug1( "%d == memcmp( \"%s\", \"%s\", %d )\n",
+            memcmp( Item, &(NR->name), sizeof(struct nmb_name) ),
+            nmb_namestr(Iname), nmb_namestr(&NR->name), (int)sizeof(struct nmb_name) );
+    }
+
+  return( memcmp( Item, &(NR->name), sizeof(struct nmb_name) ) ); 
+  } /* namelist_entry_compare */
+
+
+/****************************************************************************
+stop listening on a subnet
+we don't free the record as we don't have proper reference counting for it
+yet and it may be in use by a response record
+  ****************************************************************************/
+void close_subnet(struct subnet_record *subrec)
+{
+	DLIST_REMOVE(subnetlist, subrec);
+
+	if (subrec->dgram_sock != -1) {
+		close(subrec->dgram_sock);
+		subrec->dgram_sock = -1;
+	}
+	if (subrec->nmb_sock != -1) {
+		close(subrec->nmb_sock);
+		subrec->nmb_sock = -1;
+	}
+}
+
+
+
+/****************************************************************************
+  Create a subnet entry.
+  ****************************************************************************/
+
+static struct subnet_record *make_subnet(char *name, enum subnet_type type,
+					 struct in_addr myip, struct in_addr bcast_ip, 
+					 struct in_addr mask_ip)
+{
+  struct subnet_record *subrec = NULL;
+  int nmb_sock, dgram_sock;
+
+  /* Check if we are creating a non broadcast subnet - if so don't create
+     sockets.
+   */
+
+  if(type != NORMAL_SUBNET)
+  {
+    nmb_sock = -1;
+    dgram_sock = -1;
+  }
+  else
+  {
+    /*
+     * Attempt to open the sockets on port 137/138 for this interface
+     * and bind them.
+     * Fail the subnet creation if this fails.
+     */
+
+    if((nmb_sock = open_socket_in(SOCK_DGRAM, global_nmb_port,0, myip.s_addr,True)) == -1)
+    {
+      if( DEBUGLVL( 0 ) )
+      {
+        Debug1( "nmbd_subnetdb:make_subnet()\n" );
+        Debug1( "  Failed to open nmb socket on interface %s ", inet_ntoa(myip) );
+        Debug1( "for port %d.  ", global_nmb_port );
+        Debug1( "Error was %s\n", strerror(errno) );
+      }
+      return NULL;
+    }
+
+    if((dgram_sock = open_socket_in(SOCK_DGRAM,DGRAM_PORT,3, myip.s_addr,True)) == -1)
+    {
+      if( DEBUGLVL( 0 ) )
+      {
+        Debug1( "nmbd_subnetdb:make_subnet()\n" );
+        Debug1( "  Failed to open dgram socket on interface %s ", inet_ntoa(myip) );
+        Debug1( "for port %d.  ", DGRAM_PORT );
+        Debug1( "Error was %s\n", strerror(errno) );
+      }
+      return NULL;
+    }
+
+    /* Make sure we can broadcast from these sockets. */
+    set_socket_options(nmb_sock,"SO_BROADCAST");
+    set_socket_options(dgram_sock,"SO_BROADCAST");
+
+  }
+
+  subrec = (struct subnet_record *)malloc(sizeof(*subrec));
+  
+  if (!subrec) 
+  {
+    DEBUG(0,("make_subnet: malloc fail !\n"));
+    close(nmb_sock);
+    close(dgram_sock);
+    return(NULL);
+  }
+  
+  memset( (char *)subrec, '\0', sizeof(*subrec) );
+  (void)ubi_trInitTree( subrec->namelist,
+                        namelist_entry_compare,
+                        ubi_trOVERWRITE );
+
+  if((subrec->subnet_name = strdup(name)) == NULL)
+  {
+    DEBUG(0,("make_subnet: malloc fail for subnet name !\n"));
+    close(nmb_sock);
+    close(dgram_sock);
+    ZERO_STRUCTP(subrec);
+    SAFE_FREE(subrec);
+    return(NULL);
+  }
+
+  DEBUG(2, ("making subnet name:%s ", name ));
+  DEBUG(2, ("Broadcast address:%s ", inet_ntoa(bcast_ip)));
+  DEBUG(2, ("Subnet mask:%s\n", inet_ntoa(mask_ip)));
+ 
+  subrec->namelist_changed = False;
+  subrec->work_changed = False;
+ 
+  subrec->bcast_ip = bcast_ip;
+  subrec->mask_ip  = mask_ip;
+  subrec->myip = myip;
+  subrec->type = type;
+  subrec->nmb_sock = nmb_sock;
+  subrec->dgram_sock = dgram_sock;
+  
+  return subrec;
+}
+
+
+/****************************************************************************
+  Create a normal subnet
+**************************************************************************/
+struct subnet_record *make_normal_subnet(struct interface *iface)
+{
+	struct subnet_record *subrec;
+
+	subrec = make_subnet(inet_ntoa(iface->ip), NORMAL_SUBNET,
+			     iface->ip, iface->bcast, iface->nmask);
+	if (subrec) {
+		add_subnet(subrec);
+	}
+	return subrec;
+}
+
+
+/****************************************************************************
+  Create subnet entries.
+**************************************************************************/
+
+BOOL create_subnets(void)
+{    
+  int num_interfaces = iface_count();
+  int i;
+  struct in_addr unicast_ip, ipzero;
+  extern struct in_addr loopback_ip;
+
+  if(num_interfaces == 0)
+  {
+    DEBUG(0,("create_subnets: No local interfaces !\n"));
+    return False;
+  }
+
+  /* 
+   * Create subnets from all the local interfaces and thread them onto
+   * the linked list. 
+   */
+
+  for (i = 0 ; i < num_interfaces; i++)
+  {
+    struct interface *iface = get_interface(i);
+
+    /*
+     * We don't want to add a loopback interface, in case
+     * someone has added 127.0.0.1 for smbd, nmbd needs to
+     * ignore it here. JRA.
+     */
+
+    if (ip_equal(iface->ip, loopback_ip)) {
+      DEBUG(2,("create_subnets: Ignoring loopback interface.\n" ));
+      continue;
+    }
+
+    if (!make_normal_subnet(iface)) return False;
+  }
+
+  /* 
+   * If we have been configured to use a WINS server, then try and
+   * get the ip address of it here. If we are the WINS server then
+   * set the unicast subnet address to be the first of our own real
+   * addresses.
+   *
+   * NOTE: I'm not sure of the implications of WINS server failover
+   *       on this bit of code.  Because of failover, the WINS
+   *       server address can change.  crh
+   */
+
+  if( wins_srv_count() )
+  {
+    struct in_addr real_wins_ip;
+    real_wins_ip = wins_srv_ip();
+
+    if (!is_zero_ip(real_wins_ip))
+    {
+      unicast_ip = real_wins_ip;
+    }
+    else
+    {
+      /* wins_srv_ip() can return a zero IP if all servers are
+       * either down or incorrectly entered in smb.conf.  crh
+       */
+      DEBUG(0,("No 'live' WINS servers found.  Check 'wins server' parameter.\n"));
+      return False;
+    }
+  } 
+  else if(lp_we_are_a_wins_server())
+  {
+    /* Pick the first interface ip address as the WINS server ip. */
+    unicast_ip = *iface_n_ip(0);
+  }
+  else
+  {
+    /* We should not be using a WINS server at all. Set the
+      ip address of the subnet to be zero. */
+    zero_ip(&unicast_ip);
+  }
+
+  /*
+   * Create the unicast and remote broadcast subnets.
+   * Don't put these onto the linked list.
+   * The ip address of the unicast subnet is set to be
+   * the WINS server address, if it exists, or ipzero if not.
+   */
+
+  unicast_subnet = make_subnet( "UNICAST_SUBNET", UNICAST_SUBNET, 
+                                 unicast_ip, unicast_ip, unicast_ip);
+
+  zero_ip(&ipzero);
+
+  remote_broadcast_subnet = make_subnet( "REMOTE_BROADCAST_SUBNET",
+                                         REMOTE_BROADCAST_SUBNET,
+                                         ipzero, ipzero, ipzero);
+
+  if((unicast_subnet == NULL) || (remote_broadcast_subnet == NULL))
+    return False;
+
+  /* 
+   * If we are WINS server, create the WINS_SERVER_SUBNET - don't put on
+   * the linked list.
+   */
+
+  if (lp_we_are_a_wins_server())
+  {
+    if( (wins_server_subnet = make_subnet( "WINS_SERVER_SUBNET",
+                                           WINS_SERVER_SUBNET, 
+                                           ipzero, ipzero, ipzero )) == NULL )
+      return False;
+  }
+
+  return True;
+}
+
+/*******************************************************************
+Function to tell us if we can use the unicast subnet.
+******************************************************************/
+
+BOOL we_are_a_wins_client(void)
+{
+  static int cache_we_are_a_wins_client = -1;
+
+  if(cache_we_are_a_wins_client == -1)
+    cache_we_are_a_wins_client = (is_zero_ip(unicast_subnet->myip) ? 
+                                  False : True);
+
+  return cache_we_are_a_wins_client;
+}
+
+/*******************************************************************
+Access function used by NEXT_SUBNET_INCLUDING_UNICAST
+******************************************************************/
+
+struct subnet_record *get_next_subnet_maybe_unicast(struct subnet_record *subrec)
+{
+  if(subrec == unicast_subnet)
+    return NULL;
+  else if((subrec->next == NULL) && we_are_a_wins_client())
+    return unicast_subnet;
+  else
+    return subrec->next;
+}
+
+/*******************************************************************
+ Access function used by retransmit_or_expire_response_records() in
+ nmbd_packets.c. Patch from Andrey Alekseyev <fetch@muffin.arcadia.spb.ru>
+ Needed when we need to enumerate all the broadcast, unicast and
+ WINS subnets.
+******************************************************************/
+
+struct subnet_record *get_next_subnet_maybe_unicast_or_wins_server(struct subnet_record *subrec)
+{
+  if(subrec == unicast_subnet)
+  {
+    if(wins_server_subnet)
+      return wins_server_subnet;
+    else
+      return NULL;
+  }
+
+  if(wins_server_subnet && subrec == wins_server_subnet)
+    return NULL;
+
+  if((subrec->next == NULL) && we_are_a_wins_client())
+    return unicast_subnet;
+  else
+    return subrec->next;
+}
diff --git a/source3/nmbd/nmbd_synclists.c b/source3/nmbd/nmbd_synclists.c
new file mode 100644
index 0000000000..bf03d4d1cf
--- /dev/null
+++ b/source3/nmbd/nmbd_synclists.c
@@ -0,0 +1,297 @@
+/* 
+   Unix SMB/CIFS implementation.
+   NBT netbios routines and daemon - version 2
+   Copyright (C) Andrew Tridgell 1994-1998
+   Copyright (C) Luke Kenneth Casson Leighton 1994-1998
+   Copyright (C) Jeremy Allison 1994-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   
+*/
+
+/* this file handles asynchronous browse synchronisation requests. The
+   requests are done by forking and putting the result in a file in the
+   locks directory. We do it this way because we don't want nmbd to be
+   blocked waiting for some server to respond on a TCP connection. This
+   also allows us to have more than 1 sync going at once (tridge) */
+
+#include "includes.h"
+#include "smb.h"
+
+struct sync_record {
+	struct sync_record *next, *prev;
+	fstring workgroup;
+	fstring server;
+	pstring fname;
+	struct in_addr ip;
+	pid_t pid;
+};
+
+/* a linked list of current sync connections */
+static struct sync_record *syncs;
+
+static XFILE *fp;
+
+/*******************************************************************
+  This is the NetServerEnum callback.
+  Note sname and comment are in UNIX codepage format.
+  ******************************************************************/
+static void callback(const char *sname, uint32 stype, 
+                     const char *comment, void *state)
+{
+	x_fprintf(fp,"\"%s\" %08X \"%s\"\n", sname, stype, comment);
+}
+
+/*******************************************************************
+  Synchronise browse lists with another browse server.
+  Log in on the remote server's SMB port to their IPC$ service,
+  do a NetServerEnum and record the results in fname
+******************************************************************/
+static void sync_child(char *name, int nm_type, 
+		       char *workgroup,
+		       struct in_addr ip, BOOL local, BOOL servers,
+		       char *fname)
+{
+	extern fstring local_machine;
+	fstring unix_workgroup;
+	static struct cli_state cli;
+	uint32 local_type = local ? SV_TYPE_LOCAL_LIST_ONLY : 0;
+	struct nmb_name called, calling;
+
+	if (!cli_initialise(&cli) || !cli_connect(&cli, name, &ip)) {
+		return;
+	}
+
+	make_nmb_name(&calling, local_machine, 0x0);
+	make_nmb_name(&called , name         , nm_type);
+
+	if (!cli_session_request(&cli, &calling, &called))
+	{
+		cli_shutdown(&cli);
+		return;
+	}
+
+	if (!cli_negprot(&cli)) {
+		cli_shutdown(&cli);
+		return;
+	}
+
+	if (!cli_session_setup(&cli, "", "", 1, "", 0, workgroup)) {
+		cli_shutdown(&cli);
+		return;
+	}
+
+	if (!cli_send_tconX(&cli, "IPC$", "IPC", "", 1)) {
+		cli_shutdown(&cli);
+		return;
+	}
+
+	/* All the cli_XX functions take UNIX character set. */
+	fstrcpy(unix_workgroup, cli.server_domain?cli.server_domain:workgroup);
+
+	/* Fetch a workgroup list. */
+	cli_NetServerEnum(&cli, unix_workgroup,
+			  local_type|SV_TYPE_DOMAIN_ENUM, 
+			  callback, NULL);
+	
+	/* Now fetch a server list. */
+	if (servers) {
+		fstrcpy(unix_workgroup, workgroup);
+		cli_NetServerEnum(&cli, unix_workgroup, 
+				  local?SV_TYPE_LOCAL_LIST_ONLY:SV_TYPE_ALL,
+				  callback, NULL);
+	}
+	
+	cli_shutdown(&cli);
+}
+
+
+/*******************************************************************
+  initialise a browse sync with another browse server.  Log in on the
+  remote server's SMB port to their IPC$ service, do a NetServerEnum
+  and record the results
+******************************************************************/
+void sync_browse_lists(struct work_record *work,
+		       char *name, int nm_type, 
+		       struct in_addr ip, BOOL local, BOOL servers)
+{
+	struct sync_record *s;
+	static int counter;
+
+	START_PROFILE(sync_browse_lists);
+	/* Check we're not trying to sync with ourselves. This can
+	   happen if we are a domain *and* a local master browser. */
+	if (ismyip(ip)) {
+done:
+		END_PROFILE(sync_browse_lists);
+		return;
+	}
+
+	s = (struct sync_record *)malloc(sizeof(*s));
+	if (!s) goto done;
+
+	ZERO_STRUCTP(s);
+	
+	fstrcpy(s->workgroup, work->work_group);
+	fstrcpy(s->server, name);
+	s->ip = ip;
+
+	slprintf(s->fname, sizeof(pstring)-1,
+		 "%s/sync.%d", lp_lockdir(), counter++);
+	all_string_sub(s->fname,"//", "/", 0);
+	
+	DLIST_ADD(syncs, s);
+
+	/* the parent forks and returns, leaving the child to do the
+	   actual sync and call END_PROFILE*/
+	CatchChild();
+	if ((s->pid = sys_fork())) return;
+
+	BlockSignals( False, SIGTERM );
+
+	DEBUG(2,("Initiating browse sync for %s to %s(%s)\n",
+		 work->work_group, name, inet_ntoa(ip)));
+
+	fp = x_fopen(s->fname,O_WRONLY|O_CREAT|O_TRUNC, 0644);
+	if (!fp) {
+		END_PROFILE(sync_browse_lists);
+		_exit(1);	
+	}
+
+	sync_child(name, nm_type, work->work_group, ip, local, servers,
+		   s->fname);
+
+	x_fclose(fp);
+	END_PROFILE(sync_browse_lists);
+	_exit(0);
+}
+
+/**********************************************************************
+handle one line from a completed sync file
+ **********************************************************************/
+static void complete_one(struct sync_record *s, 
+			 char *sname, uint32 stype, char *comment)
+{
+	struct work_record *work;
+	struct server_record *servrec;
+
+	stype &= ~SV_TYPE_LOCAL_LIST_ONLY;
+
+	if (stype & SV_TYPE_DOMAIN_ENUM) {
+		/* See if we can find the workgroup on this subnet. */
+		if((work=find_workgroup_on_subnet(unicast_subnet, sname))) {
+			/* We already know about this workgroup -
+                           update the ttl. */
+			update_workgroup_ttl(work,lp_max_ttl());
+		} else {
+			/* Create the workgroup on the subnet. */
+			work = create_workgroup_on_subnet(unicast_subnet, 
+							  sname, lp_max_ttl());
+			if (work) {
+				/* remember who the master is */
+				fstrcpy(work->local_master_browser_name, 
+					comment);
+			}
+		}
+		return;
+	} 
+
+	work = find_workgroup_on_subnet(unicast_subnet, s->workgroup);
+	if (!work) {
+		DEBUG(3,("workgroup %s doesn't exist on unicast subnet?\n",
+			 s->workgroup));
+		return;
+	}
+
+	if ((servrec = find_server_in_workgroup( work, sname))) {
+		/* Check that this is not a locally known
+		   server - if so ignore the entry. */
+		if(!(servrec->serv.type & SV_TYPE_LOCAL_LIST_ONLY)) {
+			/* We already know about this server - update
+                           the ttl. */
+			update_server_ttl(servrec, lp_max_ttl());
+			/* Update the type. */
+			servrec->serv.type = stype;
+		}
+		return;
+	} 
+
+	/* Create the server in the workgroup. */ 
+	create_server_on_workgroup(work, sname,stype, lp_max_ttl(), comment);
+}
+		
+
+/**********************************************************************
+read the completed sync info
+ **********************************************************************/
+static void complete_sync(struct sync_record *s)
+{
+	XFILE *f;
+	fstring server, type_str;
+	unsigned type;
+	pstring comment;
+	pstring line;
+	char *ptr;
+	int count=0;
+
+	f = x_fopen(s->fname,O_RDONLY, 0);
+
+	if (!f) return;
+	
+	while (!x_feof(f)) {
+		
+		if (!fgets_slash(line,sizeof(pstring),f)) continue;
+		
+		ptr = line;
+
+		if (!next_token(&ptr,server,NULL,sizeof(server)) ||
+		    !next_token(&ptr,type_str,NULL, sizeof(type_str)) ||
+		    !next_token(&ptr,comment,NULL, sizeof(comment))) {
+			continue;
+		}
+
+		sscanf(type_str, "%X", &type);
+
+		complete_one(s, server, type, comment);
+
+		count++;
+	}
+
+	x_fclose(f);
+
+	unlink(s->fname);
+
+	DEBUG(2,("sync with %s(%s) for workgroup %s completed (%d records)\n",
+		 s->server, inet_ntoa(s->ip), s->workgroup, count));
+}
+
+/**********************************************************************
+check for completion of any of the child processes
+ **********************************************************************/
+void sync_check_completion(void)
+{
+	struct sync_record *s, *next;
+
+	for (s=syncs;s;s=next) {
+		next = s->next;
+		if (!process_exists(s->pid)) {
+			/* it has completed - grab the info */
+			complete_sync(s);
+			DLIST_REMOVE(syncs, s);
+			ZERO_STRUCTP(s);
+			SAFE_FREE(s);
+		}
+	}
+}
diff --git a/source3/nmbd/nmbd_winsproxy.c b/source3/nmbd/nmbd_winsproxy.c
new file mode 100644
index 0000000000..2e65ebb612
--- /dev/null
+++ b/source3/nmbd/nmbd_winsproxy.c
@@ -0,0 +1,221 @@
+/* 
+   Unix SMB/CIFS implementation.
+   NBT netbios routines and daemon - version 2
+
+   Copyright (C) Jeremy Allison 1994-1998
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   
+*/
+
+#include "includes.h"
+
+/****************************************************************************
+Function called when the name lookup succeeded.
+****************************************************************************/
+
+static void wins_proxy_name_query_request_success( struct subnet_record *subrec,
+                        struct userdata_struct *userdata,
+                        struct nmb_name *nmbname, struct in_addr ip, struct res_rec *rrec)
+{
+  struct packet_struct *original_packet;
+  struct subnet_record *orig_broadcast_subnet;
+  struct name_record *namerec;
+  uint16 nb_flags;
+  int num_ips;
+  int i;
+  int ttl = 3600; /* By default one hour in the cache. */
+  struct in_addr *iplist;
+
+  /* Extract the original packet and the original broadcast subnet from
+     the userdata. */
+
+  memcpy( (char *)&orig_broadcast_subnet, userdata->data, sizeof(struct subnet_record *) );
+  memcpy( (char *)&original_packet, &userdata->data[sizeof(struct subnet_record *)],
+          sizeof(struct packet_struct *) );
+
+  nb_flags = get_nb_flags( rrec->rdata );
+
+  num_ips = rrec->rdlength / 6;
+  if(num_ips == 0)
+  {
+    DEBUG(0,("wins_proxy_name_query_request_success: Invalid number of IP records (0) \
+returned for name %s.\n", nmb_namestr(nmbname) ));
+    return;
+  }
+
+  if(num_ips == 1)
+    iplist = &ip;
+  else
+  {
+    if((iplist = (struct in_addr *)malloc( num_ips * sizeof(struct in_addr) )) == NULL)
+    {
+      DEBUG(0,("wins_proxy_name_query_request_success: malloc fail !\n"));
+      return;
+    }
+
+    for(i = 0; i < num_ips; i++)
+      putip( (char *)&iplist[i], (char *)&rrec->rdata[ (i*6) + 2]);
+  }
+
+  /* Add the queried name to the original subnet as a WINS_PROXY_NAME. */
+
+  if(rrec == PERMANENT_TTL)
+    ttl = lp_max_ttl();
+
+  namerec = add_name_to_subnet( orig_broadcast_subnet, nmbname->name,
+                                nmbname->name_type, nb_flags, ttl,
+                                WINS_PROXY_NAME, num_ips, iplist );
+
+  if(iplist != &ip)
+    SAFE_FREE(iplist);
+
+  /*
+   * Check that none of the IP addresses we are returning is on the
+   * same broadcast subnet as the original requesting packet. If it
+   * is then don't reply (although we still need to add the name
+   * to the cache) as the actual machine will be replying also
+   * and we don't want two replies to a broadcast query.
+   */
+
+  if(namerec && original_packet->packet.nmb.header.nm_flags.bcast)
+  {
+    for( i = 0; i < namerec->data.num_ips; i++)
+    {
+      if( same_net( namerec->data.ip[i],
+                    orig_broadcast_subnet->myip,
+                    orig_broadcast_subnet->mask_ip ) )
+      {
+        DEBUG( 5, ( "wins_proxy_name_query_request_success: name %s is a WINS \
+proxy name and is also on the same subnet (%s) as the requestor. \
+Not replying.\n",
+                    nmb_namestr(&namerec->name),
+                    orig_broadcast_subnet->subnet_name ) );
+        return;
+      }
+    }
+  }
+
+  /* Finally reply to the original name query. */
+  reply_netbios_packet(original_packet,                /* Packet to reply to. */
+                       0,                              /* Result code. */
+                       NMB_QUERY,                      /* nmbd type code. */
+                       NMB_NAME_QUERY_OPCODE,          /* opcode. */
+                       ttl,                            /* ttl. */
+                       rrec->rdata,                    /* data to send. */
+                       rrec->rdlength);                /* data length. */
+}
+
+/****************************************************************************
+Function called when the name lookup failed.
+****************************************************************************/
+
+static void wins_proxy_name_query_request_fail(struct subnet_record *subrec,
+                                    struct response_record *rrec,
+                                    struct nmb_name *question_name, int fail_code)
+{
+  DEBUG(4,("wins_proxy_name_query_request_fail: WINS server returned error code %d for lookup \
+of name %s.\n", fail_code, nmb_namestr(question_name) ));
+}
+
+/****************************************************************************
+Function to make a deep copy of the userdata we will need when the WINS
+proxy query returns.
+****************************************************************************/
+
+static struct userdata_struct *wins_proxy_userdata_copy_fn(struct userdata_struct *userdata)
+{
+  struct packet_struct *p, *copy_of_p;
+  struct userdata_struct *new_userdata = 
+        (struct userdata_struct *)malloc( userdata->userdata_len );
+
+  if(new_userdata == NULL)
+    return NULL;
+
+  new_userdata->copy_fn = userdata->copy_fn;
+  new_userdata->free_fn = userdata->free_fn;
+  new_userdata->userdata_len = userdata->userdata_len;
+
+  /* Copy the subnet_record pointer. */
+  memcpy( new_userdata->data, userdata->data, sizeof(struct subnet_record *) );
+
+  /* Extract the pointer to the packet struct */
+  memcpy((char *)&p, &userdata->data[sizeof(struct subnet_record *)],
+         sizeof(struct packet_struct *) );
+
+  /* Do a deep copy of the packet. */
+  if((copy_of_p = copy_packet(p)) == NULL)
+  {
+    SAFE_FREE(new_userdata);
+    return NULL;
+  }
+
+  /* Lock the copy. */
+  copy_of_p->locked = True;
+
+  memcpy( &new_userdata->data[sizeof(struct subnet_record *)], (char *)&copy_of_p,
+          sizeof(struct packet_struct *) );
+
+  return new_userdata;
+}
+
+/****************************************************************************
+Function to free the deep copy of the userdata we used when the WINS
+proxy query returned.
+****************************************************************************/
+
+static void wins_proxy_userdata_free_fn(struct userdata_struct *userdata)
+{
+  struct packet_struct *p;
+
+  /* Extract the pointer to the packet struct */
+  memcpy((char *)&p, &userdata->data[sizeof(struct subnet_record *)],
+         sizeof(struct packet_struct *));
+
+  /* Unlock the packet. */
+  p->locked = False;
+
+  free_packet(p);
+  ZERO_STRUCTP(userdata);
+  SAFE_FREE(userdata);
+}
+
+/****************************************************************************
+ Make a WINS query on behalf of a broadcast client name query request.
+****************************************************************************/
+
+void make_wins_proxy_name_query_request( struct subnet_record *subrec, 
+                                         struct packet_struct *incoming_packet,
+                                         struct nmb_name *question_name)
+{
+  long *ud[(sizeof(struct userdata_struct) + sizeof(struct subrec *) + 
+          sizeof(struct packet_struct *))/sizeof(long *) + 1];
+  struct userdata_struct *userdata = (struct userdata_struct *)ud;
+
+  memset(ud, '\0', sizeof(ud));
+ 
+  userdata->copy_fn = wins_proxy_userdata_copy_fn;
+  userdata->free_fn = wins_proxy_userdata_free_fn;
+  userdata->userdata_len = sizeof(ud);
+  memcpy( userdata->data, (char *)&subrec, sizeof(struct subnet_record *));
+  memcpy( &userdata->data[sizeof(struct subnet_record *)], (char *)&incoming_packet,
+          sizeof(struct packet_struct *));
+
+  /* Now use the unicast subnet to query the name with the WINS server. */
+  query_name( unicast_subnet, question_name->name, question_name->name_type,
+              wins_proxy_name_query_request_success,
+              wins_proxy_name_query_request_fail,
+              userdata);
+}
diff --git a/source3/nmbd/nmbd_winsserver.c b/source3/nmbd/nmbd_winsserver.c
new file mode 100644
index 0000000000..3332e99e9d
--- /dev/null
+++ b/source3/nmbd/nmbd_winsserver.c
@@ -0,0 +1,1998 @@
+/* 
+   Unix SMB/CIFS implementation.
+   NBT netbios routines and daemon - version 2
+
+   Copyright (C) Jeremy Allison 1994-1998
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   
+*/
+
+#include "includes.h"
+
+#define WINS_LIST "wins.tdb"
+#define WINS_VERSION 1
+
+/****************************************************************************
+change the wins owner address in the record.
+*****************************************************************************/
+static void update_wins_owner(struct name_record *namerec, struct in_addr wins_ip)
+{
+	if (namerec==NULL)
+		return;
+	namerec->data.wins_ip=wins_ip;
+}
+
+/****************************************************************************
+create the wins flags based on the nb flags and the input value.
+*****************************************************************************/
+static void update_wins_flag(struct name_record *namerec, int flags)
+{
+	if (namerec==NULL)
+		return;
+
+	namerec->data.wins_flags=0x0;
+
+	/* if it's a group, it can be a normal or a special one */
+	if (namerec->data.nb_flags & NB_GROUP) {
+		if (namerec->name.name_type==0x1C)
+			namerec->data.wins_flags|=WINS_SGROUP;
+		else
+			if (namerec->data.num_ips>1)
+				namerec->data.wins_flags|=WINS_SGROUP;
+			else
+				namerec->data.wins_flags|=WINS_NGROUP;
+	} else {
+		/* can be unique or multi-homed */
+		if (namerec->data.num_ips>1)
+			namerec->data.wins_flags|=WINS_MHOMED;
+		else
+			namerec->data.wins_flags|=WINS_UNIQUE;
+	}
+
+	/* the node type are the same bits */
+	namerec->data.wins_flags|=namerec->data.nb_flags&NB_NODETYPEMASK;
+
+	/* the static bit is elsewhere */
+	if (namerec->data.death_time == PERMANENT_TTL)
+		namerec->data.wins_flags|=WINS_STATIC;
+
+	/* and add the given bits */
+	namerec->data.wins_flags|=flags;
+
+	DEBUG(8,("update_wins_flag: nbflags: 0x%x, ttl: 0x%d, flags: 0x%x, winsflags: 0x%x\n", 
+		 namerec->data.nb_flags, (int)namerec->data.death_time, flags, namerec->data.wins_flags));
+
+}
+
+/****************************************************************************
+return the general ID value and increase it if requested
+*****************************************************************************/
+static void get_global_id_and_update(SMB_BIG_UINT *current_id, BOOL update)
+{
+	/*
+	 * it's kept as a static here, to prevent people from messing
+	 * with the value directly
+	 */
+
+	static SMB_BIG_UINT general_id = 1;
+
+	DEBUG(5,("get_global_id_and_update: updating version ID: %d\n", (int)general_id));
+	
+	*current_id = general_id;
+	
+	if (update)
+		general_id++;
+}
+
+/****************************************************************************
+possibly call the WINS hook external program when a WINS change is made
+*****************************************************************************/
+static void wins_hook(char *operation, struct name_record *namerec, int ttl)
+{
+	pstring command;
+	char *cmd = lp_wins_hook();
+	char *p;
+	int i;
+
+	if (!cmd || !*cmd) return;
+
+	for (p=namerec->name.name; *p; p++) {
+		if (!(isalnum((int)*p) || strchr_m("._-",*p))) {
+			DEBUG(3,("not calling wins hook for invalid name %s\n", nmb_namestr(&namerec->name)));
+			return;
+		}
+	}
+	
+	p = command;
+	p += slprintf(p, sizeof(command)-1, "%s %s %s %02x %d", 
+		      cmd,
+		      operation, 
+		      namerec->name.name,
+		      namerec->name.name_type,
+		      ttl);
+
+	for (i=0;i<namerec->data.num_ips;i++) {
+		p += slprintf(p, sizeof(command) - (p-command) -1, " %s", inet_ntoa(namerec->data.ip[i]));
+	}
+
+	DEBUG(3,("calling wins hook for %s\n", nmb_namestr(&namerec->name)));
+	smbrun(command, NULL);
+}
+
+
+/****************************************************************************
+Determine if this packet should be allocated to the WINS server.
+*****************************************************************************/
+
+BOOL packet_is_for_wins_server(struct packet_struct *packet)
+{
+  struct nmb_packet *nmb = &packet->packet.nmb;
+
+  /* Only unicast packets go to a WINS server. */
+  if((wins_server_subnet == NULL) || (nmb->header.nm_flags.bcast == True))
+  {
+    DEBUG(10, ("packet_is_for_wins_server: failing WINS test #1.\n"));
+    return False;
+  }
+
+  /* Check for node status requests. */
+  if (nmb->question.question_type != QUESTION_TYPE_NB_QUERY)
+    return False;
+
+  switch(nmb->header.opcode)
+  { 
+    /*
+     * A WINS server issues WACKS, not receives them.
+     */
+    case NMB_WACK_OPCODE:
+      DEBUG(10, ("packet_is_for_wins_server: failing WINS test #2 (WACK).\n"));
+      return False;
+    /*
+     * A WINS server only processes registration and
+     * release requests, not responses.
+     */
+    case NMB_NAME_REG_OPCODE:
+    case NMB_NAME_MULTIHOMED_REG_OPCODE:
+    case NMB_NAME_REFRESH_OPCODE_8: /* ambiguity in rfc1002 about which is correct. */
+    case NMB_NAME_REFRESH_OPCODE_9: /* WinNT uses 8 by default. */
+      if(nmb->header.response)
+      {
+        DEBUG(10, ("packet_is_for_wins_server: failing WINS test #3 (response = 1).\n"));
+        return False;
+      }
+      break;
+
+    case NMB_NAME_RELEASE_OPCODE:
+      if(nmb->header.response)
+      {
+        DEBUG(10, ("packet_is_for_wins_server: failing WINS test #4 (response = 1).\n"));
+        return False;
+      }
+      break;
+
+    /*
+     * Only process unicast name queries with rd = 1.
+     */
+    case NMB_NAME_QUERY_OPCODE:
+      if(!nmb->header.response && !nmb->header.nm_flags.recursion_desired)
+      {
+        DEBUG(10, ("packet_is_for_wins_server: failing WINS test #5 (response = 1).\n"));
+        return False;
+      }
+      break;
+  }
+
+  return True;
+}
+
+/****************************************************************************
+Utility function to decide what ttl to give a register/refresh request.
+*****************************************************************************/
+
+static int get_ttl_from_packet(struct nmb_packet *nmb)
+{
+  int ttl = nmb->additional->ttl;
+
+  if(ttl < lp_min_wins_ttl() )
+    ttl = lp_min_wins_ttl();
+
+  if(ttl > lp_max_wins_ttl() )
+    ttl = lp_max_wins_ttl();
+
+  return ttl;
+}
+
+/****************************************************************************
+Load or create the WINS database.
+*****************************************************************************/
+
+BOOL initialise_wins(void)
+{
+	time_t time_now = time(NULL);
+	TDB_CONTEXT *tdb;
+	TDB_DATA kbuf, dbuf, newkey;
+	struct name_record *namerec = NULL;
+	struct in_addr our_fake_ip = *interpret_addr2("0.0.0.0");
+
+	DEBUG(2,("initialise_wins: started\n"));
+
+	if(!lp_we_are_a_wins_server())
+		return True;
+
+	add_samba_names_to_subnet(wins_server_subnet);
+
+	tdb = tdb_open_log(lock_path(WINS_LIST), 0, TDB_DEFAULT, O_RDONLY, 0600);
+	if (!tdb) {
+		DEBUG(2,("initialise_wins: Can't open wins database file %s. Error was %s\n", WINS_LIST, strerror(errno) ));
+		return True;
+	}
+
+	if (tdb_fetch_int32(tdb, INFO_VERSION) != WINS_VERSION) {
+		DEBUG(0,("Discarding invalid wins.dat file\n"));
+		tdb_close(tdb);
+		return True;
+	}
+
+	for (kbuf = tdb_firstkey(tdb); 
+	     kbuf.dptr; 
+	     newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) {
+
+		pstring name_type, name, ip_str;
+		char *p;
+		int type = 0;
+		int nb_flags;
+		int ttl;
+		unsigned int num_ips;
+		int high, low;
+		struct in_addr wins_ip;
+		struct in_addr *ip_list;
+		int wins_flags;
+		int len,i;
+
+		if (strncmp(kbuf.dptr, ENTRY_PREFIX, strlen(ENTRY_PREFIX)) != 0)
+			continue;
+				
+		dbuf = tdb_fetch(tdb, kbuf);
+		if (!dbuf.dptr) continue;
+
+		fstrcpy(name_type, kbuf.dptr+strlen(ENTRY_PREFIX));
+
+ 		pstrcpy(name, name_type);
+
+		if((p = strchr(name,'#')) != NULL) {
+			*p = 0;
+			sscanf(p+1,"%x",&type);
+		}
+
+		len = tdb_unpack(dbuf.dptr, dbuf.dsize, "dddfddd",
+				&nb_flags, &high, &low,
+				ip_str, &ttl, &num_ips, &wins_flags);
+
+		wins_ip=*interpret_addr2(ip_str);
+
+		/* Don't reload replica records */
+		if (!ip_equal(wins_ip, our_fake_ip))
+			continue;
+
+		/* Don't reload released or tombstoned records */
+		if ((wins_flags&WINS_STATE_MASK) != WINS_ACTIVE)
+			continue;
+
+ 		/* Allocate the space for the ip_list. */
+		if((ip_list = (struct in_addr *)malloc( num_ips * sizeof(struct in_addr))) == NULL) {
+			DEBUG(0,("initialise_wins: Malloc fail !\n"));
+			return False;
+		}
+
+		for (i = 0; i < num_ips; i++) {
+			len += tdb_unpack(dbuf.dptr+len, dbuf.dsize-len, "f", ip_str);
+			ip_list[i] = *interpret_addr2(ip_str);
+		}
+
+		/* add all entries that have 60 seconds or more to live */
+		if ((ttl - 60) > time_now || ttl == PERMANENT_TTL) {
+			if(ttl != PERMANENT_TTL)
+				ttl -= time_now;
+    
+			DEBUG( 4, ("initialise_wins: add name: %s#%02x ttl = %d first IP %s flags = %2x\n",
+			    	   name, type, ttl, inet_ntoa(ip_list[0]), nb_flags));
+
+			namerec=add_name_to_subnet( wins_server_subnet, name, type, nb_flags, 
+					  	ttl, REGISTER_NAME, num_ips, ip_list);
+			if (namerec!=NULL) {
+				update_wins_owner(namerec, wins_ip);
+				update_wins_flag(namerec, wins_flags);
+				/* we don't reload the ID, on startup we restart at 1 */
+				get_global_id_and_update(&namerec->data.id, True);
+			}
+
+		} else {
+			DEBUG(4, ("initialise_wins: not adding name (ttl problem) %s#%02x ttl = %d first IP %s flags = %2x\n",
+				  name, type, ttl, inet_ntoa(ip_list[0]), nb_flags));
+		}
+
+		SAFE_FREE(ip_list);
+	}
+    
+	tdb_close(tdb);
+	DEBUG(2,("initialise_wins: done\n"));
+	return True;
+}
+
+/****************************************************************************
+Send a WINS WACK (Wait ACKnowledgement) response.
+**************************************************************************/
+
+static void send_wins_wack_response(int ttl, struct packet_struct *p)
+{
+  struct nmb_packet *nmb = &p->packet.nmb;
+  unsigned char rdata[2];
+
+  rdata[0] = rdata[1] = 0;
+
+  /* Taken from nmblib.c - we need to send back almost
+     identical bytes from the requesting packet header. */
+
+  rdata[0] = (nmb->header.opcode & 0xF) << 3;
+  if (nmb->header.nm_flags.authoritative &&
+      nmb->header.response) rdata[0] |= 0x4;
+  if (nmb->header.nm_flags.trunc) rdata[0] |= 0x2;
+  if (nmb->header.nm_flags.recursion_desired) rdata[0] |= 0x1;
+  if (nmb->header.nm_flags.recursion_available &&
+      nmb->header.response) rdata[1] |= 0x80;
+  if (nmb->header.nm_flags.bcast) rdata[1] |= 0x10;
+
+  reply_netbios_packet(p,                             /* Packet to reply to. */
+                       0,                             /* Result code. */
+                       NMB_WAIT_ACK,                  /* nmbd type code. */
+                       NMB_WACK_OPCODE,               /* opcode. */
+                       ttl,                           /* ttl. */
+                       (char *)rdata,                 /* data to send. */
+                       2);                            /* data length. */
+}
+
+/****************************************************************************
+Send a WINS name registration response.
+**************************************************************************/
+
+static void send_wins_name_registration_response(int rcode, int ttl, struct packet_struct *p)
+{
+  struct nmb_packet *nmb = &p->packet.nmb;
+  char rdata[6];
+
+  memcpy(&rdata[0], &nmb->additional->rdata[0], 6);
+
+  reply_netbios_packet(p,                             /* Packet to reply to. */
+                       rcode,                         /* Result code. */
+                       WINS_REG,                      /* nmbd type code. */
+                       NMB_NAME_REG_OPCODE,           /* opcode. */
+                       ttl,                           /* ttl. */
+                       rdata,                         /* data to send. */
+                       6);                            /* data length. */
+}
+
+/***********************************************************************
+ Deal with a name refresh request to a WINS server.
+************************************************************************/
+
+void wins_process_name_refresh_request(struct subnet_record *subrec,
+                                            struct packet_struct *p)
+{
+  struct nmb_packet *nmb = &p->packet.nmb;
+  struct nmb_name *question = &nmb->question.question_name;
+  BOOL bcast = nmb->header.nm_flags.bcast;
+  uint16 nb_flags = get_nb_flags(nmb->additional->rdata);
+  BOOL group = (nb_flags & NB_GROUP) ? True : False;
+  struct name_record *namerec = NULL;
+  int ttl = get_ttl_from_packet(nmb);
+  struct in_addr from_ip;
+  struct in_addr our_fake_ip = *interpret_addr2("0.0.0.0");
+
+  putip((char *)&from_ip,&nmb->additional->rdata[2]);
+
+  if(bcast)
+  {
+    /*
+     * We should only get unicast name refresh packets here.
+     * Anyone trying to refresh broadcast should not be going to a WINS
+     * server. Log an error here.
+     */
+
+    DEBUG(0,("wins_process_name_refresh_request: broadcast name refresh request \
+received for name %s from IP %s on subnet %s. Error - should not be sent to WINS server\n",
+          nmb_namestr(question), inet_ntoa(from_ip), subrec->subnet_name));
+    return;
+  }
+
+  DEBUG(3,("wins_process_name_refresh_request: Name refresh for name %s \
+IP %s\n", nmb_namestr(question), inet_ntoa(from_ip) ));
+
+  /* 
+   * See if the name already exists.
+   */
+
+  namerec = find_name_on_subnet(subrec, question, FIND_ANY_NAME);
+
+  /*
+   * If this is a refresh request and the name doesn't exist then
+   * treat it like a registration request. This allows us to recover 
+   * from errors (tridge)
+   */
+
+  if(namerec == NULL)
+  {
+    DEBUG(3,("wins_process_name_refresh_request: Name refresh for name %s and \
+the name does not exist. Treating as registration.\n", nmb_namestr(question) ));
+    wins_process_name_registration_request(subrec,p);
+    return;
+  }
+
+  /*
+   * if the name is present but not active,
+   * simply remove it and treat the request
+   * as a registration
+   */
+  if (namerec != NULL && !WINS_STATE_ACTIVE(namerec))
+  {
+    DEBUG(5,("wins_process_name_refresh_request: Name (%s) in WINS was \
+not active - removing it.\n", nmb_namestr(question) ));
+    remove_name_from_namelist( subrec, namerec );
+    namerec = NULL;
+    wins_process_name_registration_request(subrec,p);
+    return;
+  }
+
+  /*
+   * Check that the group bits for the refreshing name and the
+   * name in our database match.
+   */
+
+  if((namerec != NULL) && ((group && !NAME_GROUP(namerec)) || (!group && NAME_GROUP(namerec))) )
+  {
+    DEBUG(3,("wins_process_name_refresh_request: Name %s group bit = %s \
+does not match group bit in WINS for this name.\n", nmb_namestr(question), group ? "True" : "False" ));
+    send_wins_name_registration_response(RFS_ERR, 0, p);
+    return;
+  }
+
+  /*
+   * For a unique name check that the person refreshing the name is one of the registered IP
+   * addresses. If not - fail the refresh. Do the same for group names with a type of 0x1c.
+   * Just return success for unique 0x1d refreshes. For normal group names update the ttl
+   * and return success.
+   */
+
+  if((!group || (group && (question->name_type == 0x1c))) && find_ip_in_name_record(namerec, from_ip ))
+  {
+    /*
+     * Update the ttl.
+     */
+    update_name_ttl(namerec, ttl);
+
+    /*
+     * if the record is a replica:
+     * we take ownership and update the version ID.
+     */
+    if (!ip_equal(namerec->data.wins_ip, our_fake_ip)) {
+    	update_wins_owner(namerec, our_fake_ip);
+	get_global_id_and_update(&namerec->data.id, True);
+    }
+
+    send_wins_name_registration_response(0, ttl, p);
+    wins_hook("refresh", namerec, ttl);
+    return;
+  }
+  else if(group)
+  {
+    /* 
+     * Normal groups are all registered with an IP address of 255.255.255.255 
+     * so we can't search for the IP address.
+     */
+    update_name_ttl(namerec, ttl);
+    send_wins_name_registration_response(0, ttl, p);
+    return;
+  }
+  else if(!group && (question->name_type == 0x1d))
+  {
+    /*
+     * Special name type - just pretend the refresh succeeded.
+     */
+    send_wins_name_registration_response(0, ttl, p);
+    return;
+  }
+  else
+  {
+    /*
+     * Fail the refresh.
+     */
+
+    DEBUG(3,("wins_process_name_refresh_request: Name refresh for name %s with IP %s and \
+is IP is not known to the name.\n", nmb_namestr(question), inet_ntoa(from_ip) ));
+    send_wins_name_registration_response(RFS_ERR, 0, p);
+    return;
+  }
+}
+
+/***********************************************************************
+ Deal with a name registration request query success to a client that
+ owned the name.
+
+ We have a locked pointer to the original packet stashed away in the
+ userdata pointer. The success here is actually a failure as it means
+ the client we queried wants to keep the name, so we must return
+ a registration failure to the original requestor.
+************************************************************************/
+
+static void wins_register_query_success(struct subnet_record *subrec,
+                                             struct userdata_struct *userdata,
+                                             struct nmb_name *question_name,
+                                             struct in_addr ip,
+                                             struct res_rec *answers)
+{
+  struct packet_struct *orig_reg_packet;
+
+  memcpy((char *)&orig_reg_packet, userdata->data, sizeof(struct packet_struct *));
+
+  DEBUG(3,("wins_register_query_success: Original client at IP %s still wants the \
+name %s. Rejecting registration request.\n", inet_ntoa(ip), nmb_namestr(question_name) ));
+
+  send_wins_name_registration_response(RFS_ERR, 0, orig_reg_packet);
+
+  orig_reg_packet->locked = False;
+  free_packet(orig_reg_packet);
+}
+
+/***********************************************************************
+ Deal with a name registration request query failure to a client that
+ owned the name.
+
+ We have a locked pointer to the original packet stashed away in the
+ userdata pointer. The failure here is actually a success as it means
+ the client we queried didn't want to keep the name, so we can remove
+ the old name record and then successfully add the new name.
+************************************************************************/
+
+static void wins_register_query_fail(struct subnet_record *subrec,
+                                          struct response_record *rrec,
+                                          struct nmb_name *question_name,
+                                          int rcode)
+{
+  struct userdata_struct *userdata = rrec->userdata;
+  struct packet_struct *orig_reg_packet;
+  struct name_record *namerec = NULL;
+
+  memcpy((char *)&orig_reg_packet, userdata->data, sizeof(struct packet_struct *));
+
+  /*
+   * We want to just add the name, as we now know the original owner
+   * didn't want it. But we can't just do that as an arbitary
+   * amount of time may have taken place between the name query
+   * request and this timeout/error response. So we check that
+   * the name still exists and is in the same state - if so
+   * we remove it and call wins_process_name_registration_request()
+   * as we know it will do the right thing now.
+   */
+
+  namerec = find_name_on_subnet(subrec, question_name, FIND_ANY_NAME);
+
+  if( (namerec != NULL)
+   && (namerec->data.source == REGISTER_NAME)
+   && ip_equal(rrec->packet->ip, *namerec->data.ip) )
+  {
+    remove_name_from_namelist( subrec, namerec);
+    namerec = NULL;
+  }
+
+  if(namerec == NULL)
+    wins_process_name_registration_request(subrec, orig_reg_packet);
+  else
+    DEBUG(2,("wins_register_query_fail: The state of the WINS database changed between \
+querying for name %s in order to replace it and this reply.\n", nmb_namestr(question_name) ));
+
+  orig_reg_packet->locked = False;
+  free_packet(orig_reg_packet);
+}
+
+/***********************************************************************
+ Deal with a name registration request to a WINS server.
+
+ Use the following pseudocode :
+
+ registering_group
+     |
+     |
+     +--------name exists
+     |                  |
+     |                  |
+     |                  +--- existing name is group
+     |                  |                      |
+     |                  |                      |
+     |                  |                      +--- add name (return).
+     |                  |
+     |                  |
+     |                  +--- exiting name is unique
+     |                                         |
+     |                                         |
+     |                                         +--- query existing owner (return).
+     |
+     |
+     +--------name doesn't exist
+                        |
+                        |
+                        +--- add name (return).
+
+ registering_unique
+     |
+     |
+     +--------name exists
+     |                  |
+     |                  |
+     |                  +--- existing name is group 
+     |                  |                      |
+     |                  |                      |
+     |                  |                      +--- fail add (return).
+     |                  | 
+     |                  |
+     |                  +--- exiting name is unique
+     |                                         |
+     |                                         |
+     |                                         +--- query existing owner (return).
+     |
+     |
+     +--------name doesn't exist
+                        |
+                        |
+                        +--- add name (return).
+
+ As can be seen from the above, the two cases may be collapsed onto each
+ other with the exception of the case where the name already exists and
+ is a group name. This case we handle with an if statement.
+ 
+************************************************************************/
+
+void wins_process_name_registration_request(struct subnet_record *subrec,
+                                            struct packet_struct *p)
+{
+  struct nmb_packet *nmb = &p->packet.nmb;
+  struct nmb_name *question = &nmb->question.question_name;
+  BOOL bcast = nmb->header.nm_flags.bcast;
+  uint16 nb_flags = get_nb_flags(nmb->additional->rdata);
+  int ttl = get_ttl_from_packet(nmb);
+  struct name_record *namerec = NULL;
+  struct in_addr from_ip;
+  BOOL registering_group_name = (nb_flags & NB_GROUP) ? True : False;
+  struct in_addr our_fake_ip = *interpret_addr2("0.0.0.0");
+
+  putip((char *)&from_ip,&nmb->additional->rdata[2]);
+
+  if(bcast)
+  {
+    /*
+     * We should only get unicast name registration packets here.
+     * Anyone trying to register broadcast should not be going to a WINS
+     * server. Log an error here.
+     */
+
+    DEBUG(0,("wins_process_name_registration_request: broadcast name registration request \
+received for name %s from IP %s on subnet %s. Error - should not be sent to WINS server\n",
+          nmb_namestr(question), inet_ntoa(from_ip), subrec->subnet_name));
+    return;
+  }
+
+  DEBUG(3,("wins_process_name_registration_request: %s name registration for name %s \
+IP %s\n", registering_group_name ? "Group" : "Unique", nmb_namestr(question), inet_ntoa(from_ip) ));
+
+  /*
+   * See if the name already exists.
+   */
+
+  namerec = find_name_on_subnet(subrec, question, FIND_ANY_NAME);
+
+  /*
+   * if the record exists but NOT in active state,
+   * consider it dead.
+   */
+  if ( (namerec != NULL) && !WINS_STATE_ACTIVE(namerec))
+  {
+    DEBUG(5,("wins_process_name_registration_request: Name (%s) in WINS was \
+not active - removing it.\n", nmb_namestr(question) ));
+    remove_name_from_namelist( subrec, namerec );
+    namerec = NULL;
+  }
+
+  /*
+   * Deal with the case where the name found was a dns entry.
+   * Remove it as we now have a NetBIOS client registering the
+   * name.
+   */
+
+  if( (namerec != NULL)
+   && ( (namerec->data.source == DNS_NAME)
+     || (namerec->data.source == DNSFAIL_NAME) ) )
+  {
+    DEBUG(5,("wins_process_name_registration_request: Name (%s) in WINS was \
+a dns lookup - removing it.\n", nmb_namestr(question) ));
+    remove_name_from_namelist( subrec, namerec );
+    namerec = NULL;
+  }
+
+  /*
+   * Reject if the name exists and is not a REGISTER_NAME.
+   * (ie. Don't allow any static names to be overwritten.
+   */
+
+  if((namerec != NULL) && (namerec->data.source != REGISTER_NAME))
+  {
+    DEBUG( 3, ( "wins_process_name_registration_request: Attempt \
+to register name %s. Name already exists in WINS with source type %d.\n",
+                nmb_namestr(question), namerec->data.source ));
+    send_wins_name_registration_response(RFS_ERR, 0, p);
+    return;
+  }
+
+  /*
+   * Special policy decisions based on MS documentation.
+   * 1). All group names (except names ending in 0x1c) are added as 255.255.255.255.
+   * 2). All unique names ending in 0x1d are ignored, although a positive response is sent.
+   */
+
+  /*
+   * A group name is always added as the local broadcast address, except
+   * for group names ending in 0x1c.
+   * Group names with type 0x1c are registered with individual IP addresses.
+   */
+
+  if(registering_group_name && (question->name_type != 0x1c))
+    from_ip = *interpret_addr2("255.255.255.255");
+
+  /*
+   * Ignore all attempts to register a unique 0x1d name, although return success.
+   */
+
+  if(!registering_group_name && (question->name_type == 0x1d))
+  {
+    DEBUG(3,("wins_process_name_registration_request: Ignoring request \
+to register name %s from IP %s.\n", nmb_namestr(question), inet_ntoa(p->ip) ));
+    send_wins_name_registration_response(0, ttl, p);
+    return;
+  }
+
+  /*
+   * Next two cases are the 'if statement' mentioned above.
+   */
+
+  if((namerec != NULL) && NAME_GROUP(namerec))
+  {
+    if(registering_group_name)
+    {
+      /*
+       * If we are adding a group name, the name exists and is also a group entry just add this
+       * IP address to it and update the ttl.
+       */
+
+      DEBUG(3,("wins_process_name_registration_request: Adding IP %s to group name %s.\n",
+            inet_ntoa(from_ip), nmb_namestr(question) ));
+      /* 
+       * Check the ip address is not already in the group.
+       */
+      if(!find_ip_in_name_record(namerec, from_ip)) {
+        add_ip_to_name_record(namerec, from_ip);
+	/* we need to update the record for replication */
+        get_global_id_and_update(&namerec->data.id, True);
+
+	/*
+	 * if the record is a replica, we must change
+	 * the wins owner to us to make the replication updates
+	 * it on the other wins servers.
+	 * And when the partner will receive this record,
+	 * it will update its own record.
+	 */
+
+	update_wins_owner(namerec, our_fake_ip);
+
+      }
+      update_name_ttl(namerec, ttl);
+      send_wins_name_registration_response(0, ttl, p);
+      return;
+    }
+    else
+    {
+      /*
+       * If we are adding a unique name, the name exists in the WINS db 
+       * and is a group name then reject the registration.
+       *
+       * explanation: groups have a higher priority than unique names.
+       */
+
+      DEBUG(3,("wins_process_name_registration_request: Attempt to register name %s. Name \
+already exists in WINS as a GROUP name.\n", nmb_namestr(question) ));
+      send_wins_name_registration_response(RFS_ERR, 0, p);
+      return;
+    } 
+  }
+
+  /*
+   * From here on down we know that if the name exists in the WINS db it is
+   * a unique name, not a group name.
+   */
+
+  /* 
+   * If the name exists and is one of our names then check the
+   * registering IP address. If it's not one of ours then automatically
+   * reject without doing the query - we know we will reject it.
+   */
+
+  if((namerec != NULL) && (is_myname(namerec->name.name)) )
+  {
+    if(!ismyip(from_ip))
+    {
+      DEBUG(3,("wins_process_name_registration_request: Attempt to register name %s. Name \
+is one of our (WINS server) names. Denying registration.\n", nmb_namestr(question) ));
+      send_wins_name_registration_response(RFS_ERR, 0, p);
+      return;
+    }
+    else
+    {
+      /*
+       * It's one of our names and one of our IP's - update the ttl.
+       */
+      update_name_ttl(namerec, ttl);
+      send_wins_name_registration_response(0, ttl, p);
+      wins_hook("refresh", namerec, ttl);
+      return;
+    }
+  }
+
+  /*
+   * If the name exists and it is a unique registration and the registering IP 
+   * is the same as the (single) already registered IP then just update the ttl.
+   *
+   * But not if the record is an active replica. IF it's a replica, it means it can be
+   * the same client which has moved and not yet expired. So we don't update
+   * the ttl in this case and go beyond to do a WACK and query the old client
+   */
+
+  if( !registering_group_name
+   && (namerec != NULL)
+   && (namerec->data.num_ips == 1)
+   && ip_equal( namerec->data.ip[0], from_ip )
+   && ip_equal(namerec->data.wins_ip, our_fake_ip) )
+  {
+    update_name_ttl( namerec, ttl );
+    send_wins_name_registration_response( 0, ttl, p );
+    wins_hook("refresh", namerec, ttl);
+    return;
+  }
+
+  /*
+   * Finally if the name exists do a query to the registering machine 
+   * to see if they still claim to have the name.
+   */
+
+  if( namerec != NULL )
+  {
+    long *ud[(sizeof(struct userdata_struct) + sizeof(struct packet_struct *))/sizeof(long *) + 1];
+    struct userdata_struct *userdata = (struct userdata_struct *)ud;
+
+    /*
+     * First send a WACK to the registering machine.
+     */
+
+    send_wins_wack_response(60, p);
+
+    /*
+     * When the reply comes back we need the original packet.
+     * Lock this so it won't be freed and then put it into
+     * the userdata structure.
+     */
+
+    p->locked = True;
+
+    userdata = (struct userdata_struct *)ud;
+
+    userdata->copy_fn = NULL;
+    userdata->free_fn = NULL;
+    userdata->userdata_len = sizeof(struct packet_struct *);
+    memcpy(userdata->data, (char *)&p, sizeof(struct packet_struct *) );
+
+    /*
+     * Use the new call to send a query directly to an IP address.
+     * This sends the query directly to the IP address, and ensures
+     * the recursion desired flag is not set (you were right Luke :-).
+     * This function should *only* be called from the WINS server
+     * code. JRA.
+     */
+
+    query_name_from_wins_server( *namerec->data.ip,
+                                  question->name,
+                                  question->name_type, 
+                                  wins_register_query_success,
+                                  wins_register_query_fail,
+                                  userdata );
+    return;
+  }
+
+  /*
+   * Name did not exist - add it.
+   */
+
+  (void)add_name_to_subnet( subrec, question->name, question->name_type,
+                            nb_flags, ttl, REGISTER_NAME, 1, &from_ip);
+  if ((namerec = find_name_on_subnet(subrec, question, FIND_ANY_NAME))) {
+	get_global_id_and_update(&namerec->data.id, True);
+	update_wins_owner(namerec, our_fake_ip);
+	update_wins_flag(namerec, WINS_ACTIVE);
+	wins_hook("add", namerec, ttl);
+  }
+
+  send_wins_name_registration_response(0, ttl, p);
+}
+
+/***********************************************************************
+ Deal with a mutihomed name query success to the machine that
+ requested the multihomed name registration.
+
+ We have a locked pointer to the original packet stashed away in the
+ userdata pointer.
+************************************************************************/
+
+static void wins_multihomed_register_query_success(struct subnet_record *subrec,
+                                             struct userdata_struct *userdata,
+                                             struct nmb_name *question_name,
+                                             struct in_addr ip,
+                                             struct res_rec *answers)
+{
+  struct packet_struct *orig_reg_packet;
+  struct nmb_packet *nmb;
+  struct name_record *namerec = NULL;
+  struct in_addr from_ip;
+  int ttl;
+  struct in_addr our_fake_ip = *interpret_addr2("0.0.0.0");
+
+  memcpy((char *)&orig_reg_packet, userdata->data, sizeof(struct packet_struct *));
+
+  nmb = &orig_reg_packet->packet.nmb;
+
+  putip((char *)&from_ip,&nmb->additional->rdata[2]);
+  ttl = get_ttl_from_packet(nmb);
+
+  /*
+   * We want to just add the new IP, as we now know the requesting
+   * machine claims to own it. But we can't just do that as an arbitary
+   * amount of time may have taken place between the name query
+   * request and this response. So we check that
+   * the name still exists and is in the same state - if so
+   * we just add the extra IP and update the ttl.
+   */
+
+  namerec = find_name_on_subnet(subrec, question_name, FIND_ANY_NAME);
+
+  if( (namerec == NULL) || (namerec->data.source != REGISTER_NAME) || !WINS_STATE_ACTIVE(namerec) )
+  {
+    DEBUG(3,("wins_multihomed_register_query_success: name %s is not in the correct state to add \
+a subsequent IP addess.\n", nmb_namestr(question_name) ));
+    send_wins_name_registration_response(RFS_ERR, 0, orig_reg_packet);
+
+    orig_reg_packet->locked = False;
+    free_packet(orig_reg_packet);
+
+    return;
+  }
+
+  if(!find_ip_in_name_record(namerec, from_ip))
+    add_ip_to_name_record(namerec, from_ip);
+
+  get_global_id_and_update(&namerec->data.id, True);
+  update_wins_owner(namerec, our_fake_ip);
+  update_wins_flag(namerec, WINS_ACTIVE);
+  update_name_ttl(namerec, ttl);
+  send_wins_name_registration_response(0, ttl, orig_reg_packet);
+  wins_hook("add", namerec, ttl);
+
+  orig_reg_packet->locked = False;
+  free_packet(orig_reg_packet);
+}
+
+/***********************************************************************
+ Deal with a name registration request query failure to a client that
+ owned the name.
+
+ We have a locked pointer to the original packet stashed away in the
+ userdata pointer.
+************************************************************************/
+
+static void wins_multihomed_register_query_fail(struct subnet_record *subrec,
+                                          struct response_record *rrec,
+                                          struct nmb_name *question_name,
+                                          int rcode)
+{
+  struct userdata_struct *userdata = rrec->userdata;
+  struct packet_struct *orig_reg_packet;
+
+  memcpy((char *)&orig_reg_packet, userdata->data, sizeof(struct packet_struct *));
+
+  DEBUG(3,("wins_multihomed_register_query_fail: Registering machine at IP %s failed to answer \
+query successfully for name %s.\n", inet_ntoa(orig_reg_packet->ip), nmb_namestr(question_name) ));
+  send_wins_name_registration_response(RFS_ERR, 0, orig_reg_packet);
+
+  orig_reg_packet->locked = False;
+  free_packet(orig_reg_packet);
+  return;
+}
+
+/***********************************************************************
+ Deal with a multihomed name registration request to a WINS server.
+ These cannot be group name registrations.
+***********************************************************************/
+
+void wins_process_multihomed_name_registration_request( struct subnet_record *subrec,
+                                                        struct packet_struct *p)
+{
+  struct nmb_packet *nmb = &p->packet.nmb;
+  struct nmb_name *question = &nmb->question.question_name;
+  BOOL bcast = nmb->header.nm_flags.bcast;
+  uint16 nb_flags = get_nb_flags(nmb->additional->rdata);
+  int ttl = get_ttl_from_packet(nmb);
+  struct name_record *namerec = NULL;
+  struct in_addr from_ip;
+  BOOL group = (nb_flags & NB_GROUP) ? True : False;
+  struct in_addr our_fake_ip = *interpret_addr2("0.0.0.0");
+
+  putip((char *)&from_ip,&nmb->additional->rdata[2]);
+
+  if(bcast)
+  {
+    /*
+     * We should only get unicast name registration packets here.
+     * Anyone trying to register broadcast should not be going to a WINS
+     * server. Log an error here.
+     */
+
+    DEBUG(0,("wins_process_multihomed_name_registration_request: broadcast name registration request \
+received for name %s from IP %s on subnet %s. Error - should not be sent to WINS server\n",
+          nmb_namestr(question), inet_ntoa(from_ip), subrec->subnet_name));
+    return;
+  }
+
+  /*
+   * Only unique names should be registered multihomed.
+   */
+
+  if(group)
+  {
+    DEBUG(0,("wins_process_multihomed_name_registration_request: group name registration request \
+received for name %s from IP %s on subnet %s. Errror - group names should not be multihomed.\n",
+          nmb_namestr(question), inet_ntoa(from_ip), subrec->subnet_name));
+    return;
+  }
+
+  DEBUG(3,("wins_process_multihomed_name_registration_request: name registration for name %s \
+IP %s\n", nmb_namestr(question), inet_ntoa(from_ip) ));
+
+  /*
+   * Deal with policy regarding 0x1d names.
+   */
+
+  if(question->name_type == 0x1d)
+  {
+    DEBUG(3,("wins_process_multihomed_name_registration_request: Ignoring request \
+to register name %s from IP %s.", nmb_namestr(question), inet_ntoa(p->ip) ));
+    send_wins_name_registration_response(0, ttl, p);  
+    return;
+  }
+
+  /*
+   * See if the name already exists.
+   */
+
+  namerec = find_name_on_subnet(subrec, question, FIND_ANY_NAME);
+
+  /*
+   * Deal with the case where the name found was a dns entry.
+   * Remove it as we now have a NetBIOS client registering the
+   * name.
+   */
+
+  if( (namerec != NULL)
+   && ( (namerec->data.source == DNS_NAME)
+     || (namerec->data.source == DNSFAIL_NAME) ) )
+  {
+    DEBUG(5,("wins_process_multihomed_name_registration_request: Name (%s) in WINS was a dns lookup \
+- removing it.\n", nmb_namestr(question) ));
+    remove_name_from_namelist( subrec, namerec);
+    namerec = NULL;
+  }
+
+  /*
+   * Reject if the name exists and is not a REGISTER_NAME.
+   * (ie. Don't allow any static names to be overwritten.
+   */
+
+  if( (namerec != NULL) && (namerec->data.source != REGISTER_NAME) )
+  {
+    DEBUG( 3, ( "wins_process_multihomed_name_registration_request: Attempt \
+to register name %s. Name already exists in WINS with source type %d.\n",
+    nmb_namestr(question), namerec->data.source ));
+    send_wins_name_registration_response(RFS_ERR, 0, p);
+    return;
+  }
+
+  /*
+   * Reject if the name exists and is a GROUP name and is active.
+   */
+
+  if((namerec != NULL) && NAME_GROUP(namerec) && WINS_STATE_ACTIVE(namerec))
+  {
+    DEBUG(3,("wins_process_multihomed_name_registration_request: Attempt to register name %s. Name \
+already exists in WINS as a GROUP name.\n", nmb_namestr(question) ));
+    send_wins_name_registration_response(RFS_ERR, 0, p);
+    return;
+  } 
+
+  /*
+   * From here on down we know that if the name exists in the WINS db it is
+   * a unique name, not a group name.
+   */
+
+  /*
+   * If the name exists and is one of our names then check the
+   * registering IP address. If it's not one of ours then automatically
+   * reject without doing the query - we know we will reject it.
+   */
+
+  if((namerec != NULL) && (is_myname(namerec->name.name)) )
+  {
+    if(!ismyip(from_ip))
+    {
+      DEBUG(3,("wins_process_multihomed_name_registration_request: Attempt to register name %s. Name \
+is one of our (WINS server) names. Denying registration.\n", nmb_namestr(question) ));
+      send_wins_name_registration_response(RFS_ERR, 0, p);
+      return;
+    }
+    else
+    {
+      /*
+       * It's one of our names and one of our IP's. Ensure the IP is in the record and
+       *  update the ttl. Update the version ID to force replication.
+       */
+	    if(!find_ip_in_name_record(namerec, from_ip)) {
+		    get_global_id_and_update(&namerec->data.id, True);
+		    update_wins_owner(namerec, our_fake_ip);
+		    update_wins_flag(namerec, WINS_ACTIVE);
+
+		    add_ip_to_name_record(namerec, from_ip);
+		    wins_hook("add", namerec, ttl);
+	    } else {
+		    wins_hook("refresh", namerec, ttl);
+	    }
+
+	    update_name_ttl(namerec, ttl);
+	    send_wins_name_registration_response(0, ttl, p);
+	    return;
+    }
+  }
+
+  /*
+   * If the name exists and is active, check if the IP address is already registered
+   * to that name. If so then update the ttl and reply success.
+   */
+
+  if((namerec != NULL) && find_ip_in_name_record(namerec, from_ip) && WINS_STATE_ACTIVE(namerec))
+  {
+    update_name_ttl(namerec, ttl);
+    /*
+     * If it's a replica, we need to become the wins owner
+     * to force the replication
+     */
+    if (!ip_equal(namerec->data.wins_ip, our_fake_ip)) {
+      get_global_id_and_update(&namerec->data.id, True);
+      update_wins_owner(namerec, our_fake_ip);
+      update_wins_flag(namerec, WINS_ACTIVE);
+    }
+    
+    send_wins_name_registration_response(0, ttl, p);
+    wins_hook("refresh", namerec, ttl);
+    return;
+  }
+
+  /*
+   * If the name exists do a query to the owner
+   * to see if they still want the name.
+   */
+
+  if(namerec != NULL)
+  {
+    long *ud[(sizeof(struct userdata_struct) + sizeof(struct packet_struct *))/sizeof(long *) + 1];
+    struct userdata_struct *userdata = (struct userdata_struct *)ud;
+
+    /*
+     * First send a WACK to the registering machine.
+     */
+
+    send_wins_wack_response(60, p);
+
+    /*
+     * When the reply comes back we need the original packet.
+     * Lock this so it won't be freed and then put it into
+     * the userdata structure.
+     */
+
+    p->locked = True;
+
+    userdata = (struct userdata_struct *)ud;
+
+    userdata->copy_fn = NULL;
+    userdata->free_fn = NULL;
+    userdata->userdata_len = sizeof(struct packet_struct *);
+    memcpy(userdata->data, (char *)&p, sizeof(struct packet_struct *) );
+
+    /* 
+     * Use the new call to send a query directly to an IP address.
+     * This sends the query directly to the IP address, and ensures
+     * the recursion desired flag is not set (you were right Luke :-).
+     * This function should *only* be called from the WINS server
+     * code. JRA.
+     *
+     * Note that this packet is sent to the current owner of the name,
+     * not the person who sent the packet 
+     */
+
+    query_name_from_wins_server( namerec->data.ip[0],
+                                 question->name,
+                                 question->name_type, 
+                                 wins_multihomed_register_query_success,
+                                 wins_multihomed_register_query_fail,
+                                 userdata );
+
+    return;
+  }
+
+  /*
+   * Name did not exist - add it.
+   */
+
+  (void)add_name_to_subnet( subrec, question->name, question->name_type,
+                            nb_flags, ttl, REGISTER_NAME, 1, &from_ip);
+
+  if ((namerec = find_name_on_subnet(subrec, question, FIND_ANY_NAME))) {
+	  get_global_id_and_update(&namerec->data.id, True);
+	  update_wins_owner(namerec, our_fake_ip);
+	  update_wins_flag(namerec, WINS_ACTIVE);
+	  wins_hook("add", namerec, ttl);
+  }
+
+  send_wins_name_registration_response(0, ttl, p);
+}
+
+/***********************************************************************
+ Deal with the special name query for *<1b>.
+***********************************************************************/
+   
+static void process_wins_dmb_query_request(struct subnet_record *subrec,  
+                                           struct packet_struct *p)
+{  
+  struct name_record *namerec = NULL;
+  char *prdata;
+  int num_ips;
+
+  /*
+   * Go through all the ACTIVE names in the WINS db looking for those
+   * ending in <1b>. Use this to calculate the number of IP
+   * addresses we need to return.
+   */
+
+  num_ips = 0;
+  for( namerec = (struct name_record *)ubi_trFirst( subrec->namelist );
+       namerec;
+       namerec = (struct name_record *)ubi_trNext( namerec ) )
+  {
+    if(WINS_STATE_ACTIVE(namerec) && namerec->name.name_type == 0x1b )
+      num_ips += namerec->data.num_ips;
+  }
+
+  if(num_ips == 0)
+  {
+    /*
+     * There are no 0x1b names registered. Return name query fail.
+     */
+    send_wins_name_query_response(NAM_ERR, p, NULL);
+    return;
+  }
+
+  if((prdata = (char *)malloc( num_ips * 6 )) == NULL)
+  {
+    DEBUG(0,("process_wins_dmb_query_request: Malloc fail !.\n"));
+    return;
+  }
+
+  /*
+   * Go through all the names again in the WINS db looking for those
+   * ending in <1b>. Add their IP addresses into the list we will
+   * return.
+   */ 
+
+  num_ips = 0;
+  for( namerec = (struct name_record *)ubi_trFirst( subrec->namelist );
+       namerec;
+       namerec = (struct name_record *)ubi_trNext( namerec ) )
+  {
+    if(WINS_STATE_ACTIVE(namerec) && namerec->name.name_type == 0x1b)
+    {
+      int i;
+      for(i = 0; i < namerec->data.num_ips; i++)
+      {
+        set_nb_flags(&prdata[num_ips * 6],namerec->data.nb_flags);
+        putip((char *)&prdata[(num_ips * 6) + 2], &namerec->data.ip[i]);
+        num_ips++;
+      }
+    }
+  }
+
+  /*
+   * Send back the reply containing the IP list.
+   */
+
+  reply_netbios_packet(p,                             /* Packet to reply to. */
+                       0,                             /* Result code. */
+                       WINS_QUERY,                    /* nmbd type code. */
+                       NMB_NAME_QUERY_OPCODE,         /* opcode. */
+                       lp_min_wins_ttl(),             /* ttl. */
+                       prdata,                        /* data to send. */
+                       num_ips*6);                    /* data length. */
+
+  SAFE_FREE(prdata);
+}
+
+/****************************************************************************
+Send a WINS name query response.
+**************************************************************************/
+
+void send_wins_name_query_response(int rcode, struct packet_struct *p, 
+                                          struct name_record *namerec)
+{
+  char rdata[6];
+  char *prdata = rdata;
+  int reply_data_len = 0;
+  int ttl = 0;
+  int i;
+
+  memset(rdata,'\0',6);
+
+  if(rcode == 0)
+  {
+    ttl = (namerec->data.death_time != PERMANENT_TTL) ?
+             namerec->data.death_time - p->timestamp : lp_max_wins_ttl();
+
+    /* Copy all known ip addresses into the return data. */
+    /* Optimise for the common case of one IP address so
+       we don't need a malloc. */
+
+    if( namerec->data.num_ips == 1 )
+      prdata = rdata;
+    else
+    {
+      if((prdata = (char *)malloc( namerec->data.num_ips * 6 )) == NULL)
+      {
+        DEBUG(0,("send_wins_name_query_response: malloc fail !\n"));
+        return;
+      }
+    }
+
+    for(i = 0; i < namerec->data.num_ips; i++)
+    {
+      set_nb_flags(&prdata[i*6],namerec->data.nb_flags);
+      putip((char *)&prdata[2+(i*6)], &namerec->data.ip[i]);
+    }
+
+    sort_query_replies(prdata, i, p->ip);
+
+    reply_data_len = namerec->data.num_ips * 6;
+  }
+
+  reply_netbios_packet(p,                             /* Packet to reply to. */
+                       rcode,                         /* Result code. */
+                       WINS_QUERY,                    /* nmbd type code. */
+                       NMB_NAME_QUERY_OPCODE,         /* opcode. */
+                       ttl,                           /* ttl. */
+                       prdata,                        /* data to send. */
+                       reply_data_len);               /* data length. */
+
+  if(prdata != rdata)
+    SAFE_FREE(prdata);
+}
+
+/***********************************************************************
+ Deal with a name query.
+***********************************************************************/
+
+void wins_process_name_query_request(struct subnet_record *subrec, 
+                                     struct packet_struct *p)
+{
+  struct nmb_packet *nmb = &p->packet.nmb;
+  struct nmb_name *question = &nmb->question.question_name;
+  struct name_record *namerec = NULL;
+
+  DEBUG(3,("wins_process_name_query: name query for name %s from IP %s\n", 
+            nmb_namestr(question), inet_ntoa(p->ip) ));
+
+  /*
+   * Special name code. If the queried name is *<1b> then search
+   * the entire WINS database and return a list of all the IP addresses
+   * registered to any <1b> name. This is to allow domain master browsers
+   * to discover other domains that may not have a presence on their subnet.
+   */
+
+  if(strequal( question->name, "*") && (question->name_type == 0x1b))
+  {
+    process_wins_dmb_query_request( subrec, p);
+    return;
+  }
+
+  namerec = find_name_on_subnet(subrec, question, FIND_ANY_NAME);
+
+  if(namerec != NULL)
+  {
+    /*
+     * If the name is not anymore in active state then reply not found.
+     * it's fair even if we keep it in the cache for days.
+     */
+    if (!WINS_STATE_ACTIVE(namerec))
+    {
+      DEBUG(3,("wins_process_name_query: name query for name %s - name expired. Returning fail.\n",
+             nmb_namestr(question) ));
+      send_wins_name_query_response(NAM_ERR, p, namerec);
+      return;
+    }
+    /* 
+     * If it's a DNSFAIL_NAME then reply name not found.
+     */
+
+    if( namerec->data.source == DNSFAIL_NAME )
+    {
+      DEBUG(3,("wins_process_name_query: name query for name %s returning DNS fail.\n",
+             nmb_namestr(question) ));
+      send_wins_name_query_response(NAM_ERR, p, namerec);
+      return;
+    }
+
+    /*
+     * If the name has expired then reply name not found.
+     */
+
+    if( (namerec->data.death_time != PERMANENT_TTL)
+     && (namerec->data.death_time < p->timestamp) )
+    {
+      DEBUG(3,("wins_process_name_query: name query for name %s - name expired. Returning fail.\n",
+                nmb_namestr(question) ));
+      send_wins_name_query_response(NAM_ERR, p, namerec);
+      return;
+    }
+
+    DEBUG(3,("wins_process_name_query: name query for name %s returning first IP %s.\n",
+           nmb_namestr(question), inet_ntoa(namerec->data.ip[0]) ));
+
+    send_wins_name_query_response(0, p, namerec);
+    return;
+  }
+
+  /* 
+   * Name not found in WINS - try a dns query if it's a 0x20 name.
+   */
+
+  if(lp_dns_proxy() && 
+     ((question->name_type == 0x20) || question->name_type == 0))
+  {
+
+    DEBUG(3,("wins_process_name_query: name query for name %s not found - doing dns lookup.\n",
+              nmb_namestr(question) ));
+
+    queue_dns_query(p, question, &namerec);
+    return;
+  }
+
+  /*
+   * Name not found - return error.
+   */
+
+  send_wins_name_query_response(NAM_ERR, p, NULL);
+}
+
+/****************************************************************************
+Send a WINS name release response.
+**************************************************************************/
+
+static void send_wins_name_release_response(int rcode, struct packet_struct *p)
+{
+  struct nmb_packet *nmb = &p->packet.nmb;
+  char rdata[6];
+
+  memcpy(&rdata[0], &nmb->additional->rdata[0], 6);
+
+  reply_netbios_packet(p,                            /* Packet to reply to. */
+                       rcode,                        /* Result code. */
+                       NMB_REL,                      /* nmbd type code. */
+                       NMB_NAME_RELEASE_OPCODE,      /* opcode. */
+                       0,                            /* ttl. */
+                       rdata,                        /* data to send. */
+                       6);                           /* data length. */
+}
+
+/***********************************************************************
+ Deal with a name release.
+***********************************************************************/
+
+void wins_process_name_release_request(struct subnet_record *subrec,
+                                       struct packet_struct *p)
+{
+  struct nmb_packet *nmb = &p->packet.nmb;
+  struct nmb_name *question = &nmb->question.question_name;
+  BOOL bcast = nmb->header.nm_flags.bcast;
+  uint16 nb_flags = get_nb_flags(nmb->additional->rdata);
+  struct name_record *namerec = NULL;
+  struct in_addr from_ip;
+  BOOL releasing_group_name = (nb_flags & NB_GROUP) ? True : False;;
+
+  putip((char *)&from_ip,&nmb->additional->rdata[2]);
+
+  if(bcast)
+  {
+    /*
+     * We should only get unicast name registration packets here.
+     * Anyone trying to register broadcast should not be going to a WINS
+     * server. Log an error here.
+     */
+
+    DEBUG(0,("wins_process_name_release_request: broadcast name registration request \
+received for name %s from IP %s on subnet %s. Error - should not be sent to WINS server\n",
+          nmb_namestr(question), inet_ntoa(from_ip), subrec->subnet_name));
+    return;
+  }
+  
+  DEBUG(3,("wins_process_name_release_request: %s name release for name %s \
+IP %s\n", releasing_group_name ? "Group" : "Unique", nmb_namestr(question), inet_ntoa(from_ip) ));
+    
+  /*
+   * Deal with policy regarding 0x1d names.
+   */
+
+  if(!releasing_group_name && (question->name_type == 0x1d))
+  {
+    DEBUG(3,("wins_process_name_release_request: Ignoring request \
+to release name %s from IP %s.", nmb_namestr(question), inet_ntoa(p->ip) ));
+    send_wins_name_release_response(0, p);
+    return;
+  }
+
+  /*
+   * See if the name already exists.
+   */
+    
+  namerec = find_name_on_subnet(subrec, question, FIND_ANY_NAME);
+
+  if( (namerec == NULL)
+   || ((namerec != NULL) && (namerec->data.source != REGISTER_NAME)) )
+  {
+    send_wins_name_release_response(NAM_ERR, p);
+    return;
+  }
+
+  /* 
+   * Check that the sending machine has permission to release this name.
+   * If it's a group name not ending in 0x1c then just say yes and let
+   * the group time out.
+   */
+
+  if(releasing_group_name && (question->name_type != 0x1c))
+  {
+    send_wins_name_release_response(0, p);
+    return;
+  }
+
+  /* 
+   * Check that the releasing node is on the list of IP addresses
+   * for this name. Disallow the release if not.
+   */
+
+  if(!find_ip_in_name_record(namerec, from_ip))
+  {
+    DEBUG(3,("wins_process_name_release_request: Refusing request to \
+release name %s as IP %s is not one of the known IP's for this name.\n",
+           nmb_namestr(question), inet_ntoa(from_ip) ));
+    send_wins_name_release_response(NAM_ERR, p);
+    return;
+  }    
+
+  /*
+   * Check if the record is active. IF it's already released
+   * or tombstoned, refuse the release.
+   */
+  if (!WINS_STATE_ACTIVE(namerec)) {
+    DEBUG(3,("wins_process_name_release_request: Refusing request to \
+release name %s as this record is not anymore active.\n",
+           nmb_namestr(question) ));
+    send_wins_name_release_response(NAM_ERR, p);
+    return;
+  }    
+
+  /* 
+   * Send a release response.
+   * Flag the name as released and update the ttl
+   */
+
+  send_wins_name_release_response(0, p);
+  
+  namerec->data.wins_flags |= WINS_RELEASED;
+  update_name_ttl(namerec, EXTINCTION_INTERVAL);
+
+  wins_hook("delete", namerec, 0);
+}
+
+/*******************************************************************
+ WINS time dependent processing.
+******************************************************************/
+
+void initiate_wins_processing(time_t t)
+{
+	static time_t lasttime = 0;
+	struct name_record *namerec;
+	struct name_record *next_namerec;
+	struct in_addr our_fake_ip = *interpret_addr2("0.0.0.0");
+
+	if (!lasttime)
+		lasttime = t;
+	if (t - lasttime < 20)
+		return;
+
+	lasttime = t;
+
+	if(!lp_we_are_a_wins_server())
+		return;
+
+	for( namerec = (struct name_record *)ubi_trFirst( wins_server_subnet->namelist );
+	     namerec;
+	     namerec = next_namerec ) {
+		next_namerec = (struct name_record *)ubi_trNext( namerec );
+
+		if( (namerec->data.death_time != PERMANENT_TTL)
+		     && (namerec->data.death_time < t) ) {
+
+			if( namerec->data.source == SELF_NAME ) {
+				DEBUG( 3, ( "expire_names_on_subnet: Subnet %s not expiring SELF name %s\n", 
+				           wins_server_subnet->subnet_name, nmb_namestr(&namerec->name) ) );
+				namerec->data.death_time += 300;
+				namerec->subnet->namelist_changed = True;
+				continue;
+			}
+
+			/* handle records, samba is the wins owner */
+			if (ip_equal(namerec->data.wins_ip, our_fake_ip)) {
+				switch (namerec->data.wins_flags | WINS_STATE_MASK) {
+					case WINS_ACTIVE:
+						namerec->data.wins_flags&=~WINS_STATE_MASK;
+						namerec->data.wins_flags|=WINS_RELEASED;
+						namerec->data.death_time = t + EXTINCTION_INTERVAL;
+						DEBUG(3,("initiate_wins_processing: expiring %s\n", nmb_namestr(&namerec->name)));
+						break;
+					case WINS_RELEASED:
+						namerec->data.wins_flags&=~WINS_STATE_MASK;
+						namerec->data.wins_flags|=WINS_TOMBSTONED;
+						namerec->data.death_time = t + EXTINCTION_TIMEOUT;
+						get_global_id_and_update(&namerec->data.id, True);
+						DEBUG(3,("initiate_wins_processing: tombstoning %s\n", nmb_namestr(&namerec->name)));
+						break;
+					case WINS_TOMBSTONED:
+						DEBUG(3,("initiate_wins_processing: deleting %s\n", nmb_namestr(&namerec->name)));
+						remove_name_from_namelist( wins_server_subnet, namerec );
+						break;
+				}
+			} else {
+				switch (namerec->data.wins_flags | WINS_STATE_MASK) {
+					case WINS_ACTIVE:
+						/* that's not as MS says it should be */
+						namerec->data.wins_flags&=~WINS_STATE_MASK;
+						namerec->data.wins_flags|=WINS_TOMBSTONED;
+						namerec->data.death_time = t + EXTINCTION_TIMEOUT;
+						DEBUG(3,("initiate_wins_processing: tombstoning %s\n", nmb_namestr(&namerec->name)));
+					case WINS_TOMBSTONED:
+						DEBUG(3,("initiate_wins_processing: deleting %s\n", nmb_namestr(&namerec->name)));
+						remove_name_from_namelist( wins_server_subnet, namerec );
+						break;
+					case WINS_RELEASED:
+						DEBUG(0,("initiate_wins_processing: %s is in released state and\
+we are not the wins owner !\n", nmb_namestr(&namerec->name)));
+						break;
+				}
+			}
+
+		}
+	}
+
+	if(wins_server_subnet->namelist_changed)
+		wins_write_database(True);
+
+	wins_server_subnet->namelist_changed = False;
+}
+
+/*******************************************************************
+ Write out the current WINS database.
+******************************************************************/
+void wins_write_database(BOOL background)
+{
+	struct name_record *namerec;
+	pstring fname, fnamenew;
+	TDB_CONTEXT *tdb;
+	TDB_DATA kbuf, dbuf;
+	pstring key, buf;
+	int len;
+	int num_record=0;
+	SMB_BIG_UINT id;
+
+	if(!lp_we_are_a_wins_server())
+		return;
+
+	/* we will do the writing in a child process to ensure that the parent
+	  doesn't block while this is done */
+	if (background) {
+		CatchChild();
+		if (sys_fork()) {
+			return;
+		}
+	}
+
+	slprintf(fname,sizeof(fname)-1,"%s/%s", lp_lockdir(), WINS_LIST);
+	all_string_sub(fname,"//", "/", 0);
+	slprintf(fnamenew,sizeof(fnamenew)-1,"%s.%u", fname, (unsigned int)sys_getpid());
+
+	tdb = tdb_open_log(fnamenew, 0, TDB_DEFAULT, O_RDWR|O_CREAT|O_TRUNC, 0644);
+	if (!tdb) {
+		DEBUG(0,("wins_write_database: Can't open %s. Error was %s\n", fnamenew, strerror(errno)));
+		if (background)
+			_exit(0);
+		return;
+	}
+
+	DEBUG(3,("wins_write_database: Dump of WINS name list.\n"));
+
+	tdb_store_int32(tdb, INFO_VERSION, WINS_VERSION);
+
+	for (namerec = (struct name_record *)ubi_trFirst( wins_server_subnet->namelist );
+	     namerec;
+	     namerec = (struct name_record *)ubi_trNext( namerec ) ) {
+
+		int i;
+		struct tm *tm;
+
+		DEBUGADD(3,("%-19s ", nmb_namestr(&namerec->name) ));
+
+		if( namerec->data.death_time != PERMANENT_TTL ) {
+			char *ts, *nl;
+
+			tm = LocalTime(&namerec->data.death_time);
+			ts = asctime(tm);
+			nl = strrchr_m( ts, '\n' );
+			if( NULL != nl )
+				*nl = '\0';
+
+			DEBUGADD(3,("TTL = %s  ", ts ));
+		} else
+			DEBUGADD(3,("TTL = PERMANENT                 "));
+
+		for (i = 0; i < namerec->data.num_ips; i++)
+			DEBUGADD(0,("%15s ", inet_ntoa(namerec->data.ip[i]) ));
+
+		DEBUGADD(3,("0x%2x 0x%2x %15s\n", namerec->data.nb_flags, namerec->data.wins_flags, inet_ntoa(namerec->data.wins_ip)));
+
+		if( namerec->data.source == REGISTER_NAME ) {
+		
+			/* store the type in the key to make the name unique */
+			slprintf(key, sizeof(key), "%s%s#%02x", ENTRY_PREFIX, namerec->name.name, namerec->name.name_type);
+
+			len = tdb_pack(buf, sizeof(buf), "dddfddd",
+					(int)namerec->data.nb_flags,
+					(int)(namerec->data.id>>32),
+					(int)(namerec->data.id&0xffffffff),
+					inet_ntoa(namerec->data.wins_ip),
+					(int)namerec->data.death_time, 
+					namerec->data.num_ips,
+					namerec->data.wins_flags);
+
+			for (i = 0; i < namerec->data.num_ips; i++)
+				len += tdb_pack(buf+len, sizeof(buf)-len, "f", inet_ntoa(namerec->data.ip[i]));
+			
+			kbuf.dsize = strlen(key)+1;
+			kbuf.dptr = key;
+			dbuf.dsize = len;
+			dbuf.dptr = buf;
+			if (tdb_store(tdb, kbuf, dbuf, TDB_INSERT) != 0) return;
+
+			num_record++;
+		}
+	}
+
+	/* store the number of records */
+	tdb_store_int32(tdb, INFO_COUNT, num_record);
+
+	/* get and store the last used ID */
+	get_global_id_and_update(&id, False);
+	tdb_store_int32(tdb, INFO_ID_HIGH, id>>32);
+	tdb_store_int32(tdb, INFO_ID_LOW, id&0xffffffff);
+
+	tdb_close(tdb);
+
+	chmod(fnamenew,0644);
+	unlink(fname);
+	rename(fnamenew,fname);
+
+	if (background)
+		_exit(0);
+}
+
+/****************************************************************************
+process a internal Samba message receiving a wins record
+***************************************************************************/
+void nmbd_wins_new_entry(int msg_type, pid_t src, void *buf, size_t len)
+{
+	WINS_RECORD *record;
+	struct name_record *namerec = NULL;
+	struct name_record *new_namerec = NULL;
+	struct nmb_name question;
+	BOOL overwrite=False;
+	struct in_addr our_fake_ip = *interpret_addr2("0.0.0.0");
+	int i;
+
+	if (buf==NULL)
+		return;
+	
+	record=(WINS_RECORD *)buf;
+	
+	ZERO_STRUCT(question);
+	memcpy(question.name, record->name, 16);
+	question.name_type=record->type;
+
+	namerec = find_name_on_subnet(wins_server_subnet, &question, FIND_ANY_NAME);
+
+	/* record doesn't exist, add it */
+	if (namerec == NULL) {
+		DEBUG(3,("nmbd_wins_new_entry: adding new replicated record: %s<%02x> for wins server: %s\n", 
+			  record->name, record->type, inet_ntoa(record->wins_ip)));
+
+		new_namerec=add_name_to_subnet( wins_server_subnet, record->name, record->type, record->nb_flags, 
+						EXTINCTION_INTERVAL, REGISTER_NAME, record->num_ips, record->ip);
+		if (new_namerec!=NULL) {
+				update_wins_owner(new_namerec, record->wins_ip);
+				update_wins_flag(new_namerec, record->wins_flags);
+				new_namerec->data.id=record->id;
+
+				wins_server_subnet->namelist_changed = True;
+			}
+	}
+
+	/* check if we have a conflict */
+	if (namerec != NULL) {
+		/* both records are UNIQUE */
+		if (namerec->data.wins_flags&WINS_UNIQUE && record->wins_flags&WINS_UNIQUE) {
+
+			/* the database record is a replica */
+			if (!ip_equal(namerec->data.wins_ip, our_fake_ip)) {
+				if (namerec->data.wins_flags&WINS_ACTIVE && record->wins_flags&WINS_TOMBSTONED) {
+					if (ip_equal(namerec->data.wins_ip, record->wins_ip))
+						overwrite=True;
+				} else
+					overwrite=True;
+			} else {
+			/* we are the wins owner of the database record */
+				/* the 2 records have the same IP address */
+				if (ip_equal(namerec->data.ip[0], record->ip[0])) {
+					if (namerec->data.wins_flags&WINS_ACTIVE && record->wins_flags&WINS_TOMBSTONED)
+						get_global_id_and_update(&namerec->data.id, True);
+					else
+						overwrite=True;
+				
+				} else {
+				/* the 2 records have different IP address */
+					if (namerec->data.wins_flags&WINS_ACTIVE) {
+						if (record->wins_flags&WINS_TOMBSTONED)
+							get_global_id_and_update(&namerec->data.id, True);
+						if (record->wins_flags&WINS_ACTIVE)
+							/* send conflict challenge to the replica node */
+							;
+					} else
+						overwrite=True;
+				}
+
+			}
+		}
+		
+		/* the replica is a standard group */
+		if (record->wins_flags&WINS_NGROUP || record->wins_flags&WINS_SGROUP) {
+			/* if the database record is unique and active force a name release */
+			if (namerec->data.wins_flags&WINS_UNIQUE)
+				/* send a release name to the unique node */
+				;
+			overwrite=True;
+		
+		}
+	
+		/* the replica is a special group */
+		if (record->wins_flags&WINS_SGROUP && namerec->data.wins_flags&WINS_SGROUP) {
+			if (namerec->data.wins_flags&WINS_ACTIVE) {
+				for (i=0; i<record->num_ips; i++)
+					if(!find_ip_in_name_record(namerec, record->ip[i]))
+						add_ip_to_name_record(namerec, record->ip[i]);
+			}
+			else
+				overwrite=True;
+		}
+		
+		/* the replica is a multihomed host */
+		
+		/* I'm giving up on multi homed. Too much complex to understand */
+		
+		if (record->wins_flags&WINS_MHOMED) {
+			if (! namerec->data.wins_flags&WINS_ACTIVE) {
+				if ( !namerec->data.wins_flags&WINS_RELEASED && !namerec->data.wins_flags&WINS_NGROUP)
+					overwrite=True;
+			}
+			else {
+				if (ip_equal(record->wins_ip, namerec->data.wins_ip))
+					overwrite=True;
+				
+				if (ip_equal(namerec->data.wins_ip, our_fake_ip))
+					if (namerec->data.wins_flags&WINS_UNIQUE)
+						get_global_id_and_update(&namerec->data.id, True);
+				
+			}
+			
+			if (record->wins_flags&WINS_ACTIVE && namerec->data.wins_flags&WINS_ACTIVE)
+				if (namerec->data.wins_flags&WINS_UNIQUE ||
+				    namerec->data.wins_flags&WINS_MHOMED)
+					if (ip_equal(record->wins_ip, namerec->data.wins_ip))
+						overwrite=True;
+				
+		}
+
+		if (overwrite == False)
+			DEBUG(3, ("nmbd_wins_new_entry: conflict in adding record: %s<%02x> from wins server: %s\n", 
+				  record->name, record->type, inet_ntoa(record->wins_ip)));
+		else {
+			DEBUG(3, ("nmbd_wins_new_entry: replacing record: %s<%02x> from wins server: %s\n", 
+				  record->name, record->type, inet_ntoa(record->wins_ip)));
+
+			/* remove the old record and add a new one */
+			remove_name_from_namelist( wins_server_subnet, namerec );
+			new_namerec=add_name_to_subnet( wins_server_subnet, record->name, record->type, record->nb_flags, 
+						EXTINCTION_INTERVAL, REGISTER_NAME, record->num_ips, record->ip);
+			if (new_namerec!=NULL) {
+				update_wins_owner(new_namerec, record->wins_ip);
+				update_wins_flag(new_namerec, record->wins_flags);
+				new_namerec->data.id=record->id;
+
+				wins_server_subnet->namelist_changed = True;
+			}
+
+			wins_server_subnet->namelist_changed = True;
+		}
+
+	}
+}
+
+
+
+
+
+
+
+
diff --git a/source3/nmbd/nmbd_workgroupdb.c b/source3/nmbd/nmbd_workgroupdb.c
new file mode 100644
index 0000000000..d1cfc24a31
--- /dev/null
+++ b/source3/nmbd/nmbd_workgroupdb.c
@@ -0,0 +1,346 @@
+/* 
+   Unix SMB/CIFS implementation.
+   NBT netbios routines and daemon - version 2
+   Copyright (C) Andrew Tridgell 1994-1998
+   Copyright (C) Luke Kenneth Casson Leighton 1994-1998
+   Copyright (C) Jeremy Allison 1994-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   
+*/
+
+#include "includes.h"
+#include "smb.h"
+
+extern int ClientNMB;
+
+extern pstring global_myname;
+extern fstring global_myworkgroup;
+extern char **my_netbios_names;
+extern uint16 samba_nb_type;
+
+int workgroup_count = 0; /* unique index key: one for each workgroup */
+
+/****************************************************************************
+  Add a workgroup into the list.
+  **************************************************************************/
+
+static void add_workgroup(struct subnet_record *subrec, struct work_record *work)
+{
+	work->subnet = subrec;
+	DLIST_ADD(subrec->workgrouplist, work);
+	subrec->work_changed = True;
+}
+
+/****************************************************************************
+  Create an empty workgroup.
+  **************************************************************************/
+
+static struct work_record *create_workgroup(const char *name, int ttl)
+{
+  struct work_record *work;
+  struct subnet_record *subrec;
+  int t = -1;
+  
+  if((work = (struct work_record *)malloc(sizeof(*work))) == NULL)
+  {
+    DEBUG(0,("create_workgroup: malloc fail !\n"));
+    return NULL;
+  }
+  memset((char *)work, '\0', sizeof(*work));
+ 
+  StrnCpy(work->work_group,name,sizeof(work->work_group)-1);
+  work->serverlist = NULL;
+  
+  work->RunningElection = False;
+  work->ElectionCount = 0;
+  work->announce_interval = 0;
+  work->needelection = False;
+  work->needannounce = True;
+  work->lastannounce_time = time(NULL);
+  work->mst_state = lp_local_master() ? MST_POTENTIAL : MST_NONE;
+  work->dom_state = DOMAIN_NONE;
+  work->log_state = LOGON_NONE;
+  
+  work->death_time = (ttl != PERMANENT_TTL) ? time(NULL)+(ttl*3) : PERMANENT_TTL;
+
+  /* Make sure all token representations of workgroups are unique. */
+  
+  for (subrec = FIRST_SUBNET; subrec && (t == -1); 
+           subrec = NEXT_SUBNET_INCLUDING_UNICAST(subrec))
+  {
+    struct work_record *w;
+    for (w = subrec->workgrouplist; w && t == -1; w = w->next)
+    {
+      if (strequal(w->work_group, work->work_group))
+        t = w->token;
+    }
+  }
+  
+  if (t == -1)
+    work->token = ++workgroup_count;
+  else
+    work->token = t;
+  
+  /* No known local master browser as yet. */
+  *work->local_master_browser_name = '\0';
+
+  /* No known domain master browser as yet. */
+  *work->dmb_name.name = '\0';
+  zero_ip(&work->dmb_addr);
+
+  /* WfWg  uses 01040b01 */
+  /* Win95 uses 01041501 */
+  /* NTAS  uses ???????? */
+  work->ElectionCriterion  = (MAINTAIN_LIST)|(BROWSER_ELECTION_VERSION<<8); 
+  work->ElectionCriterion |= (lp_os_level() << 24);
+  if (lp_domain_master())
+    work->ElectionCriterion |= 0x80;
+  
+  return work;
+}
+
+/*******************************************************************
+  Remove a workgroup.
+  ******************************************************************/
+
+static struct work_record *remove_workgroup_from_subnet(struct subnet_record *subrec, 
+                                     struct work_record *work)
+{
+  struct work_record *ret_work = NULL;
+  
+  DEBUG(3,("remove_workgroup: Removing workgroup %s\n", work->work_group));
+  
+  ret_work = work->next;
+
+  remove_all_servers(work);
+  
+  if (!work->serverlist)
+  {
+    if (work->prev)
+      work->prev->next = work->next;
+    if (work->next)
+      work->next->prev = work->prev;
+  
+    if (subrec->workgrouplist == work)
+      subrec->workgrouplist = work->next; 
+  
+    ZERO_STRUCTP(work);
+    SAFE_FREE(work);
+  }
+  
+  subrec->work_changed = True;
+
+  return ret_work;
+}
+
+
+/****************************************************************************
+  Find a workgroup in the workgroup list of a subnet.
+  **************************************************************************/
+
+struct work_record *find_workgroup_on_subnet(struct subnet_record *subrec, 
+                                             const char *name)
+{
+  struct work_record *ret;
+  
+  DEBUG(4, ("find_workgroup_on_subnet: workgroup search for %s on subnet %s: ",
+            name, subrec->subnet_name));
+  
+  for (ret = subrec->workgrouplist; ret; ret = ret->next)
+  {
+    if (!strcmp(ret->work_group,name))
+    {
+      DEBUGADD(4, ("found.\n"));
+      return(ret);
+    }
+  }
+  DEBUGADD(4, ("not found.\n"));
+  return NULL;
+}
+
+/****************************************************************************
+  Create a workgroup in the workgroup list of the subnet.
+  **************************************************************************/
+
+struct work_record *create_workgroup_on_subnet(struct subnet_record *subrec,
+                                               const char *name, int ttl)
+{
+  struct work_record *work = NULL;
+
+  DEBUG(4,("create_workgroup_on_subnet: creating group %s on subnet %s\n",
+           name, subrec->subnet_name));
+  
+  if ((work = create_workgroup(name, ttl)))
+  {
+    add_workgroup(subrec, work);
+
+    subrec->work_changed = True;
+
+    return(work);
+  }
+
+  return NULL;
+}
+
+/****************************************************************************
+  Update a workgroup ttl.
+  **************************************************************************/
+
+void update_workgroup_ttl(struct work_record *work, int ttl)
+{
+  if(work->death_time != PERMANENT_TTL)
+    work->death_time = time(NULL)+(ttl*3);
+  work->subnet->work_changed = True;
+}
+
+/****************************************************************************
+ Fail function called if we cannot register the WORKGROUP<0> and
+ WORKGROUP<1e> names on the net.
+**************************************************************************/
+     
+static void fail_register(struct subnet_record *subrec, struct response_record *rrec,
+                          struct nmb_name *nmbname)
+{  
+  DEBUG(0,("fail_register: Failed to register name %s on subnet %s.\n",
+            nmb_namestr(nmbname), subrec->subnet_name));
+}  
+
+/****************************************************************************
+ If the workgroup is our primary workgroup, add the required names to it.
+**************************************************************************/
+
+void initiate_myworkgroup_startup(struct subnet_record *subrec, struct work_record *work)
+{
+  int i;
+
+  if(!strequal(global_myworkgroup, work->work_group))
+    return;
+
+  /* If this is a broadcast subnet then start elections on it
+     if we are so configured. */
+
+  if ((subrec != unicast_subnet) && (subrec != remote_broadcast_subnet) &&
+      (subrec != wins_server_subnet) && lp_preferred_master() &&
+      lp_local_master())
+  {
+    DEBUG(3, ("initiate_myworkgroup_startup: preferred master startup for \
+workgroup %s on subnet %s\n", work->work_group, subrec->subnet_name));
+    work->needelection = True;
+    work->ElectionCriterion |= (1<<3);
+  }  
+  
+  /* Register the WORKGROUP<0> and WORKGROUP<1e> names on the network. */
+
+  register_name(subrec,global_myworkgroup,0x0,samba_nb_type|NB_GROUP,
+                NULL,
+                fail_register,NULL);
+     
+  register_name(subrec,global_myworkgroup,0x1e,samba_nb_type|NB_GROUP,
+                NULL,
+                fail_register,NULL);
+     
+  for( i = 0; my_netbios_names[i]; i++)
+  {
+    char *name = my_netbios_names[i];
+    int stype = lp_default_server_announce() | (lp_local_master() ?
+                        SV_TYPE_POTENTIAL_BROWSER : 0 );
+   
+    if(!strequal(global_myname, name))
+        stype &= ~(SV_TYPE_MASTER_BROWSER|SV_TYPE_POTENTIAL_BROWSER|
+                   SV_TYPE_DOMAIN_MASTER|SV_TYPE_DOMAIN_MEMBER);
+   
+    create_server_on_workgroup(work,name,stype|SV_TYPE_LOCAL_LIST_ONLY,
+			       PERMANENT_TTL, 
+			       string_truncate(lp_serverstring(), MAX_SERVER_STRING_LENGTH));
+    DEBUG(3,("initiate_myworkgroup_startup: Added server name entry %s \
+on subnet %s\n", name, subrec->subnet_name));
+  }
+} 
+
+/****************************************************************************
+  Dump a copy of the workgroup database into the log file.
+  **************************************************************************/
+
+void dump_workgroups(BOOL force_write)
+{
+  struct subnet_record *subrec;
+  int debuglevel = force_write ? 0 : 4;
+ 
+  for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_INCLUDING_UNICAST(subrec))
+  {
+    if (subrec->workgrouplist)
+    {
+      struct work_record *work;
+
+      if( DEBUGLVL( debuglevel ) )
+      {
+        dbgtext( "dump_workgroups()\n " );
+        dbgtext( "dump workgroup on subnet %15s: ", subrec->subnet_name );
+        dbgtext( "netmask=%15s:\n", inet_ntoa(subrec->mask_ip) );
+      }
+	  
+      for (work = subrec->workgrouplist; work; work = work->next)
+      {
+        DEBUGADD( debuglevel, ( "\t%s(%d) current master browser = %s\n",
+                                work->work_group,
+                                work->token, 
+                               *work->local_master_browser_name
+                              ? work->local_master_browser_name : "UNKNOWN" ) );
+        if (work->serverlist)
+        {
+          struct server_record *servrec;		  
+          for (servrec = work->serverlist; servrec; servrec = servrec->next)
+          {
+            DEBUGADD( debuglevel, ( "\t\t%s %8x (%s)\n",
+                                    servrec->serv.name,
+                                    servrec->serv.type,
+                                    servrec->serv.comment ) );
+          }
+        }
+      }
+    }
+  }
+}
+
+/****************************************************************************
+  Expire any dead servers on all workgroups. If the workgroup has expired
+  remove it.
+  **************************************************************************/
+
+void expire_workgroups_and_servers(time_t t)
+{
+  struct subnet_record *subrec;
+   
+  for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_INCLUDING_UNICAST(subrec))
+  {
+    struct work_record *work;
+    struct work_record *nextwork;
+
+    for (work = subrec->workgrouplist; work; work = nextwork)
+    {
+      nextwork = work->next;
+      expire_servers(work, t);
+
+      if ((work->serverlist == NULL) && (work->death_time != PERMANENT_TTL) && 
+                     ((t == -1) || (work->death_time < t)))
+      {
+        DEBUG(3,("expire_workgroups_and_servers: Removing timed out workgroup %s\n",
+                  work->work_group));
+        remove_workgroup_from_subnet(subrec, work);
+      }
+    }
+  }
+}
diff --git a/source3/nmbsync.c b/source3/nmbsync.c
deleted file mode 100644
index 5a77d6cc48..0000000000
--- a/source3/nmbsync.c
+++ /dev/null
@@ -1,303 +0,0 @@
-/* 
-   Unix SMB/Netbios implementation.
-   Version 1.9.
-   NBT netbios routines to synchronise browse lists
-   Copyright (C) Andrew Tridgell 1994-1995
-   
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2 of the License, or
-   (at your option) any later version.
-   
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-   
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-   
-*/
-
-#include "includes.h"
-#include "loadparm.h"
-#include "nameserv.h"
-
-extern int DEBUGLEVEL;
-
-struct server_record *add_server_entry(char *name,int servertype,
-				       int ttl,char *comment,BOOL replace);
-
-
-/****************************************************************************
-call a remote api
-****************************************************************************/
-static BOOL call_remote_api(int fd,int cnum,int uid,int timeout,
-			    char *inbuf,char *outbuf,
-			    int prcnt,int drcnt,
-			    int mprcnt,int mdrcnt,
-			    int *rprcnt,int *rdrcnt,
-			    char *param,char *data,
-			    char **rparam,char **rdata)
-{
-  char *p1,*p2;
-
-  /* send a SMBtrans command */
-  bzero(outbuf,smb_size);
-  set_message(outbuf,14,0,True);
-  CVAL(outbuf,smb_com) = SMBtrans;
-  SSVAL(outbuf,smb_tid,cnum);
-  SSVAL(outbuf,smb_uid,uid);
-
-  p1 = smb_buf(outbuf);
-  strcpy(p1,"\\PIPE\\LANMAN");
-  p1 = skip_string(p1,1);
-  p2 = p1 + prcnt;
-
-  if (prcnt > 0)
-    memcpy(p1,param,prcnt);
-  if (drcnt > 0)
-    memcpy(p2,data,drcnt);
-
-  SSVAL(outbuf,smb_vwv0,prcnt); /* param count */
-  SSVAL(outbuf,smb_vwv1,drcnt); /* data count */
-  SSVAL(outbuf,smb_vwv2,mprcnt); /* mprcnt */
-  SSVAL(outbuf,smb_vwv3,mdrcnt); /* mdrcnt */
-  SSVAL(outbuf,smb_vwv4,0); /* msrcnt */
-  SSVAL(outbuf,smb_vwv5,0); /* flags */
-  SSVAL(outbuf,smb_vwv9,prcnt); /* pscnt */
-  SSVAL(outbuf,smb_vwv10,smb_offset(p1,outbuf)); /* psoff */
-  SSVAL(outbuf,smb_vwv11,drcnt); /* dscnt */
-  SSVAL(outbuf,smb_vwv12,smb_offset(p2,outbuf)); /* dsoff */
-  CVAL(outbuf,smb_vwv13) = 0; /* suwcnt */
-
-  set_message(outbuf,14,PTR_DIFF(p2+drcnt,smb_buf(outbuf)),False);
-
-  send_smb(fd,outbuf);
-  
-  if (receive_smb(fd,inbuf,timeout) &&
-      CVAL(inbuf,smb_rcls) == 0)
-    {
-      if (rparam)
-	*rparam = inbuf+4 + SVAL(inbuf,smb_vwv4);
-      if (rdata)
-	*rdata = inbuf+4 + SVAL(inbuf,smb_vwv7);
-      if (rprcnt)
-	*rprcnt = SVAL(inbuf,smb_vwv3);
-      if (rdrcnt)
-	*rdrcnt = SVAL(inbuf,smb_vwv6);
-      return(True);
-    }
-
-  return(False);
-}
-
-
-/*******************************************************************
-  synchronise browse lists with another browse server
-  ******************************************************************/
-void sync_browse_lists(char *name,int name_type,char *myname,
-		       char *domain,struct in_addr ip)
-{
-  char *protocol = "LM1.2X002";
-  char *service = "IPC$";
-  char *dev = "IPC";
-  int timeout=2000;
-  char *inbuf=NULL;
-  pstring outbuf;
-  char *p;
-  int len;
-  uint32 sesskey;
-  int cnum,uid;
-  BOOL ret;
-
-  int fd = open_socket_out(SOCK_STREAM, &ip, SMB_PORT);
-  if (fd < 0) {
-    DEBUG(3,("Failed to connect to %s at %s\n",name,inet_ntoa(ip)));
-    return;
-  }
-
-  if (!(inbuf = (char *)malloc(0xFFFF+1024))) return;  
-
-  /* put in the destination name */
-  len = 4;
-  p = outbuf+len;
-  name_mangle(name,p,name_type);
-  len += name_len(p);
-
-  /* and my name */
-  p = outbuf+len;
-  name_mangle(myname,p,0x20);
-  len += name_len(p);
-
-  _smb_setlen(outbuf,len);
-  CVAL(outbuf,0) = 0x81;
-
-  send_smb(fd,outbuf);
-  receive_smb(fd,inbuf,5000);
-  
-  bzero(outbuf,smb_size);
-
-  /* setup the protocol string */
-  set_message(outbuf,0,strlen(protocol)+2,True);
-  p = smb_buf(outbuf);
-  *p++ = 2;
-  strcpy(p,protocol);
-
-  CVAL(outbuf,smb_com) = SMBnegprot;
-  CVAL(outbuf,smb_flg) = 0x8;
-  SSVAL(outbuf,smb_flg2,0x1);
-
-  send_smb(fd,outbuf);
-  bzero(inbuf,smb_size);
-  ret = receive_smb(fd,inbuf,timeout);
-  
-  if (!ret || CVAL(inbuf,smb_rcls) || SVAL(inbuf,smb_vwv0)) {
-    DEBUG(3,("%s rejected the protocol\n",name));
-    close(fd);
-    if (inbuf) free(inbuf);
-    return;
-  }
-
-  sesskey = IVAL(inbuf,smb_vwv6);
-
-  bzero(outbuf,smb_size);
-  set_message(outbuf,10,2,True);
-  CVAL(outbuf,smb_com) = SMBsesssetupX;
-
-  CVAL(outbuf,smb_vwv0) = 0xFF;
-  SSVAL(outbuf,smb_vwv2,0xFFFF);
-  SSVAL(outbuf,smb_vwv3,2);
-  SSVAL(outbuf,smb_vwv4,1);
-  SIVAL(outbuf,smb_vwv5,sesskey);
-  SSVAL(outbuf,smb_vwv7,1);
-
-  send_smb(fd,outbuf);
-  bzero(inbuf,smb_size);
-  ret = receive_smb(fd,inbuf,timeout);
-  if (!ret || CVAL(inbuf,smb_rcls)) {
-    DEBUG(3,("%s rejected session setup\n",name));
-    close(fd);
-    if (inbuf) free(inbuf);
-    return;
-  }
-
-  uid = SVAL(inbuf,smb_uid);
-
-  bzero(outbuf,smb_size);
-  set_message(outbuf,4,2 + (2 + strlen(name) + 1 + strlen(service)) +
-       1 + strlen(dev),True);
-  CVAL(outbuf,smb_com) = SMBtconX;
-  SSVAL(outbuf,smb_uid,uid);
-
-  SSVAL(outbuf,smb_vwv0,0xFF);
-  SSVAL(outbuf,smb_vwv3,1);
-
-  p = smb_buf(outbuf) + 1;
-  strcpy(p, "\\\\");
-  strcat(p, name);
-  strcat(p, "\\");
-  strcat(p,service);
-  p = skip_string(p,1);
-  strcpy(p,dev);
-
-  send_smb(fd,outbuf);
-  bzero(inbuf,smb_size);
-  ret = receive_smb(fd,inbuf,timeout);
-  if (!ret || CVAL(inbuf,smb_rcls)) {
-    DEBUG(3,("%s rejected IPC connect (%d,%d)\n",name,
-	     CVAL(inbuf,smb_rcls),SVAL(inbuf,smb_err)));
-    close(fd);
-    if (inbuf) free(inbuf);
-    return;
-  }
-
-  cnum = SVAL(inbuf,smb_tid);
-  
-  /* now I need to send a NetServerEnum */
-  {
-    fstring param;
-    uint32 *typep;
-    char *rparam,*rdata;
-
-    p = param;
-    SSVAL(p,0,0x68); /* api number */
-    p += 2;
-    strcpy(p,"WrLehDz");
-    p = skip_string(p,1);
-
-    strcpy(p,"B16BBDz");
-
-    p = skip_string(p,1);
-    SSVAL(p,0,1); /* level 1 */
-    SSVAL(p,2,0xFFFF - 500); /* buf length */
-    p += 4;
-    typep = (uint32 *)p;
-    p += 4;
-    strcpy(p,domain);
-    strupper(p);
-    p = skip_string(p,1);
-
-    SIVAL(typep,0,0x80000000); /* domain list */
-
-    if (call_remote_api(fd,cnum,uid,timeout,inbuf,outbuf,
-			PTR_DIFF(p,param),0,
-			8,0xFFFF - 500,
-			NULL,NULL,
-			param,NULL,
-			&rparam,&rdata) && SVAL(rparam,0)==0)
-    {
-      int converter=SVAL(rparam,2);
-      int count=SVAL(rparam,4);
-      int i;
-      char *p2 = rdata;
-      for (i=0;i<count;i++) {
-	char *sname = p2;
-	uint32 type = IVAL(p2,18);
-	int comment_offset = IVAL(p2,22) & 0xFFFF;
-	char *comment = comment_offset?(rdata+comment_offset-converter):"";
-
-	add_server_entry(sname,type,lp_max_ttl(),comment,False);
-	p2 += 26;
-      }
-    }
-
-    SIVAL(typep,0,0xFFFFFFFF); /* server list */
-
-    if (call_remote_api(fd,cnum,uid,timeout,inbuf,outbuf,
-			PTR_DIFF(p,param),0,
-			8,0xFFFF - 500,
-			NULL,NULL,
-			param,NULL,
-			&rparam,&rdata) && SVAL(rparam,0)==0)
-    {
-      int converter=SVAL(rparam,2);
-      int count=SVAL(rparam,4);
-      int i;
-
-      p = rdata;
-      for (i=0;i<count;i++) {
-	char *sname = p;
-	uint32 type = IVAL(p,18);
-	int comment_offset = IVAL(p,22) & 0xFFFF;
-	char *comment = comment_offset?(rdata+comment_offset-converter):"";
-
-	add_server_entry(sname,type,lp_max_ttl(),comment,False);
-	p += 26;
-      }
-    }
-  }
-
-  /* close up */
-  bzero(outbuf,smb_size);
-  set_message(outbuf,0,0,True);
-  CVAL(outbuf,smb_com) = SMBtdis;
-  SSVAL(outbuf,smb_uid,uid);
-  SSVAL(outbuf,smb_tid,cnum);
-  send_smb(fd,outbuf);
-  receive_smb(fd,inbuf,1000);
-  
-  close(fd);
-  if (inbuf) free(inbuf);
-}
diff --git a/source3/nsswitch/.cvsignore b/source3/nsswitch/.cvsignore
new file mode 100644
index 0000000000..090b859b37
--- /dev/null
+++ b/source3/nsswitch/.cvsignore
@@ -0,0 +1,3 @@
+*.po
+*.po32
+diffs
diff --git a/source3/nsswitch/README b/source3/nsswitch/README
new file mode 100644
index 0000000000..9f0c581df6
--- /dev/null
+++ b/source3/nsswitch/README
@@ -0,0 +1,13 @@
+This extension provides a "wins" module for NSS on glibc2/Linux.  This
+allows you to use a WINS entry in /etc/nsswitch.conf for hostname
+resolution, allowing you to resolve netbios names via start unix
+gethostbyname() calls. The end result is that you can use netbios
+names as host names in unix apps.
+
+1) run configure
+2) run "make nsswitch"
+3) cp nsswitch/libnss_wins.so /lib/libnss_wins.so.2
+4) add a wins entry to the hosts line in /etc/nsswitch.conf
+5) use it
+
+tridge@linuxcare.com
diff --git a/source3/nsswitch/hp_nss_common.h b/source3/nsswitch/hp_nss_common.h
new file mode 100644
index 0000000000..5f39e9abb0
--- /dev/null
+++ b/source3/nsswitch/hp_nss_common.h
@@ -0,0 +1,47 @@
+#ifndef _HP_NSS_COMMON_H
+#define _HP_NSS_COMMON_H
+ 
+/*
+   Unix SMB/CIFS implementation.
+ 
+   Donated by HP to enable Winbindd to build on HPUX 11.x.
+   Copyright (C) Jeremy Allison 2002.
+ 
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Library General Public
+   License as published by the Free Software Foundation; either
+   version 2 of the License, or (at your option) any later version.
+ 
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Library General Public License for more details.
+ 
+   You should have received a copy of the GNU Library General Public
+   License along with this library; if not, write to the
+   Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA  02111-1307, USA.
+*/
+ 
+#include <synch.h>
+#include <pthread.h>
+ 
+typedef enum {
+	NSS_SUCCESS,
+	NSS_NOTFOUND,
+	NSS_UNAVAIL,
+	NSS_TRYAGAIN
+} nss_status_t;
+ 
+struct nss_backend;
+ 
+typedef nss_status_t (*nss_backend_op_t)(struct nss_backend *, void *args);
+ 
+struct nss_backend {
+	nss_backend_op_t *ops;
+	int n_ops;
+};
+typedef struct nss_backend nss_backend_t;
+typedef int nss_dbop_t;
+
+#endif /* _HP_NSS_COMMON_H */
diff --git a/source3/nsswitch/hp_nss_dbdefs.h b/source3/nsswitch/hp_nss_dbdefs.h
new file mode 100644
index 0000000000..bd24772e33
--- /dev/null
+++ b/source3/nsswitch/hp_nss_dbdefs.h
@@ -0,0 +1,105 @@
+#ifndef _HP_NSS_DBDEFS_H
+#define _HP_NSS_DBDEFS_H
+
+/*
+   Unix SMB/CIFS implementation.
+ 
+   Donated by HP to enable Winbindd to build on HPUX 11.x.
+   Copyright (C) Jeremy Allison 2002.
+ 
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Library General Public
+   License as published by the Free Software Foundation; either
+   version 2 of the License, or (at your option) any later version.
+ 
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Library General Public License for more details.
+ 
+   You should have received a copy of the GNU Library General Public
+   License along with this library; if not, write to the
+   Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA  02111-1307, USA.
+*/
+
+#include <errno.h>
+#include <netdb.h>
+#include <limits.h>
+ 
+#ifndef NSS_INCLUDE_UNSAFE
+#define NSS_INCLUDE_UNSAFE      1       /* Build old, MT-unsafe interfaces, */
+#endif  /* NSS_INCLUDE_UNSAFE */
+ 
+enum nss_netgr_argn {
+	NSS_NETGR_MACHINE,
+	NSS_NETGR_USER,
+	NSS_NETGR_DOMAIN,
+	NSS_NETGR_N
+};
+ 
+enum nss_netgr_status {
+	NSS_NETGR_FOUND,
+	NSS_NETGR_NO,
+	NSS_NETGR_NOMEM
+};
+ 
+typedef unsigned nss_innetgr_argc;
+typedef char **nss_innetgr_argv;
+ 
+struct nss_innetgr_1arg {
+	nss_innetgr_argc argc;
+	nss_innetgr_argv argv;
+};
+ 
+typedef struct {
+	void *result;        /* "result" parameter to getXbyY_r() */
+	char *buffer;        /* "buffer"     "             "      */
+	int buflen;         /* "buflen"     "             "      */
+} nss_XbyY_buf_t;
+ 
+extern nss_XbyY_buf_t *_nss_XbyY_buf_alloc(int struct_size, int buffer_size);
+extern void _nss_XbyY_buf_free(nss_XbyY_buf_t *);
+ 
+union nss_XbyY_key {
+	uid_t uid;
+	gid_t gid;
+	const char *name;
+	int number;
+	struct {
+		long net;
+		int type;
+	} netaddr;
+	struct {
+		const char *addr;
+		int len;
+		int type;
+	} hostaddr;
+	struct {
+		union {
+			const char *name;
+			int port;
+		} serv;
+		const char *proto;
+	} serv;
+	void *ether;
+};
+ 
+typedef struct nss_XbyY_args {
+	nss_XbyY_buf_t  buf;
+	int stayopen;
+	/*
+	 * Support for setXXXent(stayopen)
+	 * Used only in hosts, protocols,
+	 * networks, rpc, and services.
+	 */
+	int (*str2ent)(const char *instr, int instr_len, void *ent, char *buffer, int buflen);
+	union nss_XbyY_key key;
+ 
+	void *returnval;
+	int erange;
+	int h_errno;
+	nss_status_t status;
+} nss_XbyY_args_t;
+ 
+#endif /* _NSS_DBDEFS_H */
diff --git a/source3/nsswitch/nss.h b/source3/nsswitch/nss.h
new file mode 100644
index 0000000000..e021b013b5
--- /dev/null
+++ b/source3/nsswitch/nss.h
@@ -0,0 +1,104 @@
+#ifndef _NSSWITCH_NSS_H
+#define _NSSWITCH_NSS_H
+/* 
+   Unix SMB/CIFS implementation.
+
+   a common place to work out how to define NSS_STATUS on various
+   platforms
+
+   Copyright (C) Tim Potter 2000
+   
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Library General Public
+   License as published by the Free Software Foundation; either
+   version 2 of the License, or (at your option) any later version.
+   
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Library General Public License for more details.
+   
+   You should have received a copy of the GNU Library General Public
+   License along with this library; if not, write to the
+   Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA  02111-1307, USA.   
+*/
+
+#ifdef HAVE_NSS_COMMON_H
+
+/* Sun Solaris */
+
+#include <nss_common.h>
+#include <nss_dbdefs.h>
+#include <nsswitch.h>
+
+typedef nss_status_t NSS_STATUS;
+
+#define NSS_STATUS_SUCCESS     NSS_SUCCESS
+#define NSS_STATUS_NOTFOUND    NSS_NOTFOUND
+#define NSS_STATUS_UNAVAIL     NSS_UNAVAIL
+#define NSS_STATUS_TRYAGAIN    NSS_TRYAGAIN
+
+#elif HAVE_NSS_H
+
+/* GNU */
+
+#include <nss.h>
+
+typedef enum nss_status NSS_STATUS;
+
+#elif HAVE_NS_API_H
+
+/* SGI IRIX */
+
+/* following required to prevent warnings of double definition
+ * of datum from ns_api.h
+*/
+#ifdef DATUM
+#define _DATUM_DEFINED
+#endif
+
+#include <ns_api.h>
+
+typedef enum
+{
+  NSS_STATUS_SUCCESS=NS_SUCCESS,
+  NSS_STATUS_NOTFOUND=NS_NOTFOUND,
+  NSS_STATUS_UNAVAIL=NS_UNAVAIL,
+  NSS_STATUS_TRYAGAIN=NS_TRYAGAIN
+} NSS_STATUS;
+
+#define NSD_MEM_STATIC 0
+#define NSD_MEM_VOLATILE 1
+#define NSD_MEM_DYNAMIC 2
+
+#elif defined(HPUX)
+/* HP-UX 11 */
+
+#include "nsswitch/hp_nss_common.h"
+#include "nsswitch/hp_nss_dbdefs.h"
+#include <nsswitch.h>
+
+#ifndef _HAVE_TYPEDEF_NSS_STATUS
+#define _HAVE_TYPEDEF_NSS_STATUS
+typedef nss_status_t NSS_STATUS;
+
+#define NSS_STATUS_SUCCESS     NSS_SUCCESS
+#define NSS_STATUS_NOTFOUND    NSS_NOTFOUND
+#define NSS_STATUS_UNAVAIL     NSS_UNAVAIL
+#define NSS_STATUS_TRYAGAIN    NSS_TRYAGAIN
+#endif /* HPUX */
+
+#else /* Nothing's defined. Neither gnu nor sun nor hp */
+
+typedef enum
+{
+  NSS_STATUS_SUCCESS=0,
+  NSS_STATUS_NOTFOUND=1,
+  NSS_STATUS_UNAVAIL=2,
+  NSS_STATUS_TRYAGAIN=3
+} NSS_STATUS;
+
+#endif
+
+#endif /* _NSSWITCH_NSS_H */
diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c
new file mode 100644
index 0000000000..b192a347f4
--- /dev/null
+++ b/source3/nsswitch/pam_winbind.c
@@ -0,0 +1,721 @@
+/* pam_winbind module
+
+   Copyright Andrew Tridgell <tridge@samba.org> 2000
+   Copyright Tim Potter <tpot@samba.org> 2000
+   Copyright Andrew Bartlett <abartlet@samba.org> 2002
+
+   largely based on pam_userdb by Christian Gafton <gafton@redhat.com> 
+   also contains large slabs of code from pam_unix by Elliot Lee <sopwith@redhat.com>
+   (see copyright below for full details)
+*/
+
+#include "pam_winbind.h"
+
+/* prototypes from common.c */
+void init_request(struct winbindd_request *req,int rq_type);
+int write_sock(void *buffer, int count);
+int read_reply(struct winbindd_response *response);
+
+/* data tokens */
+
+#define MAX_PASSWD_TRIES	3
+
+/* some syslogging */
+static void _pam_log(int err, const char *format, ...)
+{
+	va_list args;
+
+	va_start(args, format);
+	openlog(MODULE_NAME, LOG_CONS|LOG_PID, LOG_AUTH);
+	vsyslog(err, format, args);
+	va_end(args);
+	closelog();
+}
+
+static int _pam_parse(int argc, const char **argv)
+{
+	int ctrl;
+	/* step through arguments */
+	for (ctrl = 0; argc-- > 0; ++argv) {
+
+		/* generic options */
+		
+		if (!strcmp(*argv,"debug"))
+			ctrl |= WINBIND_DEBUG_ARG;
+		else if (!strcasecmp(*argv, "use_authtok"))
+			ctrl |= WINBIND_USE_AUTHTOK_ARG;
+		else if (!strcasecmp(*argv, "use_first_pass"))
+			ctrl |= WINBIND_USE_FIRST_PASS_ARG;
+		else if (!strcasecmp(*argv, "try_first_pass"))
+			ctrl |= WINBIND_TRY_FIRST_PASS_ARG;
+		else if (!strcasecmp(*argv, "unknown_ok"))
+			ctrl |= WINBIND_UNKNOWN_OK_ARG;
+		else {
+			_pam_log(LOG_ERR, "pam_parse: unknown option; %s", *argv);
+		}
+	}
+	
+	return ctrl;
+}
+
+/* --- authentication management functions --- */
+
+/* Attempt a conversation */
+
+static int converse(pam_handle_t *pamh, int nargs,
+		    struct pam_message **message,
+		    struct pam_response **response)
+{
+    int retval;
+    struct pam_conv *conv;
+
+    retval = pam_get_item(pamh, PAM_CONV, (const void **) &conv ) ;
+    if (retval == PAM_SUCCESS) {
+	retval = conv->conv(nargs, (const struct pam_message **)message,
+			    response, conv->appdata_ptr);
+    }
+	
+    return retval; /* propagate error status */
+}
+
+
+int _make_remark(pam_handle_t * pamh, int type, const char *text)
+{
+	int retval = PAM_SUCCESS;
+
+	struct pam_message *pmsg[1], msg[1];
+	struct pam_response *resp;
+	
+	pmsg[0] = &msg[0];
+	msg[0].msg = text;
+	msg[0].msg_style = type;
+	
+	resp = NULL;
+	retval = converse(pamh, 1, pmsg, &resp);
+	
+	if (resp) {
+		_pam_drop_reply(resp, 1);
+	}
+	return retval;
+}
+
+static int winbind_request(enum winbindd_cmd req_type,
+                           struct winbindd_request *request,
+                           struct winbindd_response *response)
+{
+	/* Fill in request and send down pipe */
+	init_request(request, req_type);
+	
+	if (write_sock(request, sizeof(*request)) == -1) {
+		_pam_log(LOG_ERR, "write to socket failed!");
+		return PAM_SERVICE_ERR;
+	}
+	
+	/* Wait for reply */
+	if (read_reply(response) == -1) {
+		_pam_log(LOG_ERR, "read from socket failed!");
+		return PAM_SERVICE_ERR;
+	}
+
+	/* Copy reply data from socket */
+	if (response->result != WINBINDD_OK) {
+		if (response->data.auth.pam_error != PAM_SUCCESS) {
+			_pam_log(LOG_ERR, "request failed, PAM error was %d, NT error was %s", 
+				 response->data.auth.pam_error,
+				 response->data.auth.nt_status_string);
+			return response->data.auth.pam_error;
+		} else {
+			_pam_log(LOG_ERR, "request failed, but PAM error 0!");
+			return PAM_SERVICE_ERR;
+		}
+	}
+	
+	return PAM_SUCCESS;
+}
+
+/* talk to winbindd */
+static int winbind_auth_request(const char *user, const char *pass, int ctrl)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+	int retval;
+
+	ZERO_STRUCT(request);
+
+	strncpy(request.data.auth.user, user, 
+                sizeof(request.data.auth.user)-1);
+
+	strncpy(request.data.auth.pass, pass, 
+                sizeof(request.data.auth.pass)-1);
+	
+        retval = winbind_request(WINBINDD_PAM_AUTH, &request, &response);
+
+	switch (retval) {
+	case PAM_AUTH_ERR:
+		/* incorrect password */
+		_pam_log(LOG_WARNING, "user `%s' denied access (incorrect password)", user);
+		return retval;
+	case PAM_USER_UNKNOWN:
+		/* the user does not exist */
+		if (ctrl & WINBIND_DEBUG_ARG)
+			_pam_log(LOG_NOTICE, "user `%s' not found",
+				 user);
+		if (ctrl & WINBIND_UNKNOWN_OK_ARG) {
+			return PAM_IGNORE;
+		}	 
+		return retval;
+	case PAM_SUCCESS:
+		/* Otherwise, the authentication looked good */
+		_pam_log(LOG_NOTICE, "user '%s' granted acces", user);
+		return retval;
+	default:
+		/* we don't know anything about this return value */
+		_pam_log(LOG_ERR, "internal module error (retval = %d, user = `%s'",
+			 retval, user);
+		return retval;
+	}
+     /* should not be reached */
+}
+
+/* talk to winbindd */
+static int winbind_chauthtok_request(const char *user, const char *oldpass,
+                                     const char *newpass)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+
+	ZERO_STRUCT(request);
+
+        if (request.data.chauthtok.user == NULL) return -2;
+
+	strncpy(request.data.chauthtok.user, user, 
+                sizeof(request.data.chauthtok.user) - 1);
+
+        if (oldpass != NULL) {
+            strncpy(request.data.chauthtok.oldpass, oldpass, 
+                    sizeof(request.data.chauthtok.oldpass) - 1);
+        } else {
+            request.data.chauthtok.oldpass[0] = '\0';
+        }
+	
+        if (newpass != NULL) {
+            strncpy(request.data.chauthtok.newpass, newpass, 
+                    sizeof(request.data.chauthtok.newpass) - 1);
+        } else {
+            request.data.chauthtok.newpass[0] = '\0';
+        }
+	
+        return winbind_request(WINBINDD_PAM_CHAUTHTOK, &request, &response);
+}
+
+/*
+ * Checks if a user has an account
+ *
+ * return values:
+ *	 1  = User not found
+ *	 0  = OK
+ * 	-1  = System error
+ */
+static int valid_user(const char *user)
+{
+	if (getpwnam(user)) return 0;
+	return 1;
+}
+
+static char *_pam_delete(register char *xx)
+{
+    _pam_overwrite(xx);
+    _pam_drop(xx);
+    return NULL;
+}
+
+/*
+ * obtain a password from the user
+ */
+
+int _winbind_read_password(pam_handle_t * pamh
+			,unsigned int ctrl
+			,const char *comment
+			,const char *prompt1
+			,const char *prompt2
+			,const char **pass)
+{
+	int authtok_flag;
+	int retval;
+	const char *item;
+	char *token;
+
+	/*
+	 * make sure nothing inappropriate gets returned
+	 */
+
+	*pass = token = NULL;
+
+	/*
+	 * which authentication token are we getting?
+	 */
+
+	authtok_flag = on(WINBIND__OLD_PASSWORD, ctrl) ? PAM_OLDAUTHTOK : PAM_AUTHTOK;
+
+	/*
+	 * should we obtain the password from a PAM item ?
+	 */
+
+	if (on(WINBIND_TRY_FIRST_PASS_ARG, ctrl) || on(WINBIND_USE_FIRST_PASS_ARG, ctrl)) {
+		retval = pam_get_item(pamh, authtok_flag, (const void **) &item);
+		if (retval != PAM_SUCCESS) {
+			/* very strange. */
+			_pam_log(LOG_ALERT, 
+				 "pam_get_item returned error to unix-read-password"
+			    );
+			return retval;
+		} else if (item != NULL) {	/* we have a password! */
+			*pass = item;
+			item = NULL;
+			return PAM_SUCCESS;
+		} else if (on(WINBIND_USE_FIRST_PASS_ARG, ctrl)) {
+			return PAM_AUTHTOK_RECOVER_ERR;		/* didn't work */
+		} else if (on(WINBIND_USE_AUTHTOK_ARG, ctrl)
+			   && off(WINBIND__OLD_PASSWORD, ctrl)) {
+			return PAM_AUTHTOK_RECOVER_ERR;
+		}
+	}
+	/*
+	 * getting here implies we will have to get the password from the
+	 * user directly.
+	 */
+
+	{
+		struct pam_message msg[3], *pmsg[3];
+		struct pam_response *resp;
+		int i, replies;
+
+		/* prepare to converse */
+
+		if (comment != NULL) {
+			pmsg[0] = &msg[0];
+			msg[0].msg_style = PAM_TEXT_INFO;
+			msg[0].msg = comment;
+			i = 1;
+		} else {
+			i = 0;
+		}
+
+		pmsg[i] = &msg[i];
+		msg[i].msg_style = PAM_PROMPT_ECHO_OFF;
+		msg[i++].msg = prompt1;
+		replies = 1;
+
+		if (prompt2 != NULL) {
+			pmsg[i] = &msg[i];
+			msg[i].msg_style = PAM_PROMPT_ECHO_OFF;
+			msg[i++].msg = prompt2;
+			++replies;
+		}
+		/* so call the conversation expecting i responses */
+		resp = NULL;
+		retval = converse(pamh, i, pmsg, &resp);
+
+		if (resp != NULL) {
+
+			/* interpret the response */
+
+			if (retval == PAM_SUCCESS) {	/* a good conversation */
+
+				token = x_strdup(resp[i - replies].resp);
+				if (token != NULL) {
+					if (replies == 2) {
+
+						/* verify that password entered correctly */
+						if (!resp[i - 1].resp
+						    || strcmp(token, resp[i - 1].resp)) {
+							_pam_delete(token);	/* mistyped */
+							retval = PAM_AUTHTOK_RECOVER_ERR;
+							_make_remark(pamh								    ,PAM_ERROR_MSG, MISTYPED_PASS);
+						}
+					}
+				} else {
+					_pam_log(LOG_NOTICE
+						 ,"could not recover authentication token");
+				}
+
+			}
+			/*
+			 * tidy up the conversation (resp_retcode) is ignored
+			 * -- what is it for anyway? AGM
+			 */
+
+			_pam_drop_reply(resp, i);
+
+		} else {
+			retval = (retval == PAM_SUCCESS)
+			    ? PAM_AUTHTOK_RECOVER_ERR : retval;
+		}
+	}
+
+	if (retval != PAM_SUCCESS) {
+		if (on(WINBIND_DEBUG_ARG, ctrl))
+			_pam_log(LOG_DEBUG,
+			         "unable to obtain a password");
+		return retval;
+	}
+	/* 'token' is the entered password */
+
+	/* we store this password as an item */
+	
+	retval = pam_set_item(pamh, authtok_flag, token);
+	_pam_delete(token);	/* clean it up */
+	if (retval != PAM_SUCCESS
+	    || (retval = pam_get_item(pamh, authtok_flag
+				      ,(const void **) &item))
+	    != PAM_SUCCESS) {
+		
+		_pam_log(LOG_CRIT, "error manipulating password");
+		return retval;
+		
+	}
+
+	*pass = item;
+	item = NULL;		/* break link to password */
+
+	return PAM_SUCCESS;
+}
+
+PAM_EXTERN
+int pam_sm_authenticate(pam_handle_t *pamh, int flags,
+			int argc, const char **argv)
+{
+     const char *username;
+     const char *password;
+     int retval = PAM_AUTH_ERR;
+    
+     /* parse arguments */
+     int ctrl = _pam_parse(argc, argv);
+
+     /* Get the username */
+     retval = pam_get_user(pamh, &username, NULL);
+     if ((retval != PAM_SUCCESS) || (!username)) {
+        if (ctrl & WINBIND_DEBUG_ARG)
+            _pam_log(LOG_DEBUG,"can not get the username");
+        return PAM_SERVICE_ERR;
+     }
+     
+     retval = _winbind_read_password(pamh, ctrl, NULL, 
+				     "Password: ", NULL,
+				     &password);
+     
+     if (retval != PAM_SUCCESS) {
+	 _pam_log(LOG_ERR, "Could not retrieve user's password");
+	 return PAM_AUTHTOK_ERR;
+     }
+     
+     if (ctrl & WINBIND_DEBUG_ARG) {
+
+	     /* Let's not give too much away in the log file */
+
+#ifdef DEBUG_PASSWORD
+	 _pam_log(LOG_INFO, "Verify user `%s' with password `%s'",
+		  username, password);
+#else
+	 _pam_log(LOG_INFO, "Verify user `%s'", username);
+#endif
+     }
+
+     /* Now use the username to look up password */
+     return winbind_auth_request(username, password, ctrl);
+}
+
+PAM_EXTERN
+int pam_sm_setcred(pam_handle_t *pamh, int flags,
+		   int argc, const char **argv)
+{
+    return PAM_SUCCESS;
+}
+
+/*
+ * Account management. We want to verify that the account exists 
+ * before returning PAM_SUCCESS
+ */
+PAM_EXTERN
+int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
+		   int argc, const char **argv)
+{
+    const char *username;
+    int retval = PAM_USER_UNKNOWN;
+
+    /* parse arguments */
+    int ctrl = _pam_parse(argc, argv);
+
+    /* Get the username */
+    retval = pam_get_user(pamh, &username, NULL);
+    if ((retval != PAM_SUCCESS) || (!username)) {
+	if (ctrl & WINBIND_DEBUG_ARG)
+	    _pam_log(LOG_DEBUG,"can not get the username");
+	return PAM_SERVICE_ERR;
+    }
+
+    /* Verify the username */
+    retval = valid_user(username);
+    switch (retval) {
+	case -1:
+	    /* some sort of system error. The log was already printed */
+	    return PAM_SERVICE_ERR;
+	case 1:
+	    /* the user does not exist */
+	    if (ctrl & WINBIND_DEBUG_ARG)
+		_pam_log(LOG_NOTICE, "user `%s' not found",
+			 username);
+	    if (ctrl & WINBIND_UNKNOWN_OK_ARG)
+		return PAM_IGNORE;
+	    return PAM_USER_UNKNOWN;
+	case 0:
+	    /* Otherwise, the authentication looked good */
+	    _pam_log(LOG_NOTICE, "user '%s' granted acces", username);
+	    return PAM_SUCCESS;
+	default:
+	    /* we don't know anything about this return value */
+	    _pam_log(LOG_ERR, "internal module error (retval = %d, user = `%s'",
+		     retval, username);
+	    return PAM_SERVICE_ERR;
+    }
+    
+    /* should not be reached */
+    return PAM_IGNORE;
+}
+PAM_EXTERN
+int pam_sm_open_session(pam_handle_t *pamh, int flags,
+                int argc, const char **argv)
+{
+        /* parse arguments */
+        int ctrl = _pam_parse(argc, argv);
+        if (ctrl & WINBIND_DEBUG_ARG)
+              _pam_log(LOG_DEBUG,"libpam_winbind:pam_sm_open_session handler");
+        return PAM_SUCCESS;
+}
+PAM_EXTERN
+int pam_sm_close_session(pam_handle_t *pamh, int flags,
+                int argc, const char **argv)
+{
+        /* parse arguments */
+        int ctrl = _pam_parse(argc, argv);
+        if (ctrl & WINBIND_DEBUG_ARG)
+              _pam_log(LOG_DEBUG,"libpam_winbind:pam_sm_close_session handler");
+        return PAM_SUCCESS;
+}
+
+
+
+PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
+				int argc, const char **argv)
+{
+	unsigned int lctrl;
+	int retval;
+	unsigned int ctrl = _pam_parse(argc, argv);
+
+	/* <DO NOT free() THESE> */
+	const char *user;
+	char *pass_old, *pass_new;
+	/* </DO NOT free() THESE> */
+
+	char *Announce;
+	
+	int retry = 0;
+
+	/*
+	 * First get the name of a user
+	 */
+	retval = pam_get_user(pamh, &user, "Username: ");
+	if (retval == PAM_SUCCESS) {
+		if (user == NULL) {
+			_pam_log(LOG_ERR, "username was NULL!");
+			return PAM_USER_UNKNOWN;
+		}
+		if (retval == PAM_SUCCESS && on(WINBIND_DEBUG_ARG, ctrl))
+			_pam_log(LOG_DEBUG, "username [%s] obtained",
+				 user);
+	} else {
+		if (on(WINBIND_DEBUG_ARG, ctrl))
+			_pam_log(LOG_DEBUG,
+				 "password - could not identify user");
+		return retval;
+	}
+
+	/*
+	 * obtain and verify the current password (OLDAUTHTOK) for
+	 * the user.
+	 */
+
+	if (flags & PAM_PRELIM_CHECK) {
+		
+		/* instruct user what is happening */
+#define greeting "Changing password for "
+		Announce = (char *) malloc(sizeof(greeting) + strlen(user));
+		if (Announce == NULL) {
+		_pam_log(LOG_CRIT, 
+			 "password - out of memory");
+		return PAM_BUF_ERR;
+		}
+		(void) strcpy(Announce, greeting);
+		(void) strcpy(Announce + sizeof(greeting) - 1, user);
+#undef greeting
+		
+		lctrl = ctrl | WINBIND__OLD_PASSWORD;
+		retval = _winbind_read_password(pamh, lctrl
+						,Announce
+						,"(current) NT password: "
+						,NULL
+						,(const char **) &pass_old);
+		free(Announce);
+		
+		if (retval != PAM_SUCCESS) {
+			_pam_log(LOG_NOTICE
+				 ,"password - (old) token not obtained");
+			return retval;
+		}
+		/* verify that this is the password for this user */
+		
+		retval = winbind_auth_request(user, pass_old, ctrl);
+		
+		if (retval != PAM_ACCT_EXPIRED 
+		    && retval != PAM_NEW_AUTHTOK_REQD 
+		    && retval != PAM_SUCCESS) {
+			pass_old = NULL;
+			return retval;
+		}
+		
+		retval = pam_set_item(pamh, PAM_OLDAUTHTOK, (const void *) pass_old);
+		pass_old = NULL;
+		if (retval != PAM_SUCCESS) {
+			_pam_log(LOG_CRIT, 
+				 "failed to set PAM_OLDAUTHTOK");
+		}
+	} else if (flags & PAM_UPDATE_AUTHTOK) {
+	
+		/*
+		 * obtain the proposed password
+		 */
+		
+		/*
+		 * get the old token back. 
+		 */
+		
+		retval = pam_get_item(pamh, PAM_OLDAUTHTOK
+				      ,(const void **) &pass_old);
+		
+		if (retval != PAM_SUCCESS) {
+			_pam_log(LOG_NOTICE, "user not authenticated");
+			return retval;
+		}
+		
+		lctrl = ctrl;
+		
+		if (on(WINBIND_USE_AUTHTOK_ARG, lctrl)) {
+			ctrl = WINBIND_USE_FIRST_PASS_ARG | lctrl;
+		}
+		retry = 0;
+		retval = PAM_AUTHTOK_ERR;
+		while ((retval != PAM_SUCCESS) && (retry++ < MAX_PASSWD_TRIES)) {
+			/*
+			 * use_authtok is to force the use of a previously entered
+			 * password -- needed for pluggable password strength checking
+			 */
+			
+			retval = _winbind_read_password(pamh, lctrl
+							,NULL
+							,"Enter new NT password: "
+							,"Retype new NT password: "
+							,(const char **) &pass_new);
+			
+			if (retval != PAM_SUCCESS) {
+				if (on(WINBIND_DEBUG_ARG, ctrl)) {
+					_pam_log(LOG_ALERT
+						 ,"password - new password not obtained");
+				}
+				pass_old = NULL;/* tidy up */
+				return retval;
+			}
+
+			/*
+			 * At this point we know who the user is and what they
+			 * propose as their new password. Verify that the new
+			 * password is acceptable.
+			 */
+			
+			if (pass_new[0] == '\0') {/* "\0" password = NULL */
+				pass_new = NULL;
+			}
+		}
+		
+		/*
+		 * By reaching here we have approved the passwords and must now
+		 * rebuild the password database file.
+		 */
+
+		retval = winbind_chauthtok_request(user, pass_old, pass_new);
+		_pam_overwrite(pass_new);
+		_pam_overwrite(pass_old);
+		pass_old = pass_new = NULL;
+	} else {
+		retval = PAM_SERVICE_ERR;
+	}
+	
+	return retval;
+}
+
+#ifdef PAM_STATIC
+
+/* static module data */
+
+struct pam_module _pam_winbind_modstruct = {
+     MODULE_NAME,
+     pam_sm_authenticate,
+     pam_sm_setcred,
+     pam_sm_acct_mgmt,
+     pam_sm_open_session,
+     pam_sm_close_session,
+     pam_sm_chauthtok
+};
+
+#endif
+
+/*
+ * Copyright (c) Andrew Tridgell  <tridge@samba.org>   2000
+ * Copyright (c) Tim Potter       <tpot@samba.org>     2000
+ * Copyright (c) Andrew Bartlettt <abartlet@samba.org> 2002
+ * Copyright (c) Jan Rêkorajski 1999.
+ * Copyright (c) Andrew G. Morgan 1996-8.
+ * Copyright (c) Alex O. Yuriev, 1996.
+ * Copyright (c) Cristian Gafton 1996.
+ * Copyright (C) Elliot Lee <sopwith@redhat.com> 1996, Red Hat Software. 
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, and the entire permission notice in its entirety,
+ *    including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior
+ *    written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions.  (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED `AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
diff --git a/source3/nsswitch/pam_winbind.h b/source3/nsswitch/pam_winbind.h
new file mode 100644
index 0000000000..9897249e16
--- /dev/null
+++ b/source3/nsswitch/pam_winbind.h
@@ -0,0 +1,94 @@
+/* pam_winbind header file 
+   (Solaris needs some macros from Linux for common PAM code)
+
+   Shirish Kalele 2000
+*/
+
+#ifdef HAVE_FEATURES_H
+#include <features.h>
+#endif
+
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <syslog.h>
+#include <stdarg.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <errno.h>
+
+#include <config.h>
+
+#define MODULE_NAME "pam_winbind"
+#define PAM_SM_AUTH
+#define PAM_SM_ACCOUNT
+#define PAM_SM_PASSWORD
+
+#if defined(SUNOS5) || defined(SUNOS4) || defined(HPUX)
+
+/* Solaris always uses dynamic pam modules */
+#define PAM_EXTERN extern
+#include <security/pam_appl.h> 
+
+#define PAM_AUTHTOK_RECOVER_ERR PAM_AUTHTOK_RECOVERY_ERR
+#endif
+
+#ifdef HAVE_SECURITY_PAM_MODULES_H
+#include <security/pam_modules.h>
+#endif
+
+#ifdef HAVE_SECURITY__PAM_MACROS_H
+#include <security/_pam_macros.h>
+#else
+/* Define required macros from (Linux PAM 0.68) security/_pam_macros.h */
+#define _pam_drop_reply(/* struct pam_response * */ reply, /* int */ replies) \
+do {                                              \
+    int reply_i;                                  \
+                                                  \
+    for (reply_i=0; reply_i<replies; ++reply_i) { \
+        if (reply[reply_i].resp) {                \
+            _pam_overwrite(reply[reply_i].resp);  \
+            free(reply[reply_i].resp);            \
+        }                                         \
+    }                                             \
+    if (reply)                                    \
+        free(reply);                              \
+} while (0)
+
+#define _pam_overwrite(x)        \
+do {                             \
+     register char *__xx__;      \
+     if ((__xx__=(x)))           \
+          while (*__xx__)        \
+               *__xx__++ = '\0'; \
+} while (0)
+
+/*
+ * Don't just free it, forget it too.
+ */
+
+#define _pam_drop(X) SAFE_FREE(X)
+
+#define  x_strdup(s)  ( (s) ? strdup(s):NULL )     
+#endif
+
+#define WINBIND_DEBUG_ARG (1<<0)
+#define WINBIND_USE_AUTHTOK_ARG (1<<1)
+#define WINBIND_UNKNOWN_OK_ARG (1<<2)
+#define WINBIND_TRY_FIRST_PASS_ARG (1<<3)
+#define WINBIND_USE_FIRST_PASS_ARG (1<<4)
+#define WINBIND__OLD_PASSWORD (1<<5)
+
+/*
+ * here is the string to inform the user that the new passwords they
+ * typed were not the same.
+ */
+
+#define MISTYPED_PASS "Sorry, passwords do not match"
+
+#define on(x, y) (x & y)
+#define off(x, y) (!(x & y))
+
+#include "winbind_nss_config.h"
+#include "winbindd_nss.h"
diff --git a/source3/nsswitch/wb_client.c b/source3/nsswitch/wb_client.c
new file mode 100644
index 0000000000..53550ca353
--- /dev/null
+++ b/source3/nsswitch/wb_client.c
@@ -0,0 +1,299 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   winbind client code
+
+   Copyright (C) Tim Potter 2000
+   Copyright (C) Andrew Tridgell 2000
+   
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Library General Public
+   License as published by the Free Software Foundation; either
+   version 2 of the License, or (at your option) any later version.
+   
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Library General Public License for more details.
+   
+   You should have received a copy of the GNU Library General Public
+   License along with this library; if not, write to the
+   Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA  02111-1307, USA.   
+*/
+
+#include "includes.h"
+#include "nsswitch/nss.h"
+
+NSS_STATUS winbindd_request(int req_type,
+                                 struct winbindd_request *request,
+                                 struct winbindd_response *response);
+
+/* Call winbindd to convert a name to a sid */
+
+BOOL winbind_lookup_name(const char *dom_name, const char *name, DOM_SID *sid, 
+                         enum SID_NAME_USE *name_type)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+	NSS_STATUS result;
+	
+	if (!sid || !name_type)
+		return False;
+
+	/* Send off request */
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	fstrcpy(request.data.name.dom_name, dom_name);
+	fstrcpy(request.data.name.name, name);
+
+	if ((result = winbindd_request(WINBINDD_LOOKUPNAME, &request, 
+				       &response)) == NSS_STATUS_SUCCESS) {
+		string_to_sid(sid, response.data.sid.sid);
+		*name_type = (enum SID_NAME_USE)response.data.sid.type;
+	}
+
+	return result == NSS_STATUS_SUCCESS;
+}
+
+/* Call winbindd to convert sid to name */
+
+BOOL winbind_lookup_sid(DOM_SID *sid, 
+			fstring dom_name, fstring name, 
+                        enum SID_NAME_USE *name_type)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+	NSS_STATUS result;
+	fstring sid_str;
+	
+	/* Initialise request */
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	sid_to_string(sid_str, sid);
+	fstrcpy(request.data.sid, sid_str);
+	
+	/* Make request */
+
+	result = winbindd_request(WINBINDD_LOOKUPSID, &request, &response);
+
+	/* Copy out result */
+
+	if (result == NSS_STATUS_SUCCESS) {
+		fstrcpy(dom_name, response.data.name.dom_name);
+		fstrcpy(name, response.data.name.name);
+		*name_type = (enum SID_NAME_USE)response.data.name.type;
+
+		DEBUG(10, ("winbind_lookup_sid: SUCCESS: SID %s -> %s %s\n", 
+                           sid_str, dom_name, name));
+	}
+
+	return (result == NSS_STATUS_SUCCESS);
+}
+
+/* Call winbindd to convert SID to uid */
+
+BOOL winbind_sid_to_uid(uid_t *puid, DOM_SID *sid)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+	int result;
+	fstring sid_str;
+
+	if (!puid)
+		return False;
+
+	/* Initialise request */
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	sid_to_string(sid_str, sid);
+	fstrcpy(request.data.sid, sid_str);
+	
+	/* Make request */
+
+	result = winbindd_request(WINBINDD_SID_TO_UID, &request, &response);
+
+	/* Copy out result */
+
+	if (result == NSS_STATUS_SUCCESS) {
+		*puid = response.data.uid;
+	}
+
+	return (result == NSS_STATUS_SUCCESS);
+}
+
+/* Call winbindd to convert uid to sid */
+
+BOOL winbind_uid_to_sid(DOM_SID *sid, uid_t uid)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+	int result;
+
+	if (!sid)
+		return False;
+
+	/* Initialise request */
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	request.data.uid = uid;
+
+	/* Make request */
+
+	result = winbindd_request(WINBINDD_UID_TO_SID, &request, &response);
+
+	/* Copy out result */
+
+	if (result == NSS_STATUS_SUCCESS) {
+		string_to_sid(sid, response.data.sid.sid);
+	} else {
+		sid_copy(sid, &global_sid_NULL);
+	}
+
+	return (result == NSS_STATUS_SUCCESS);
+}
+
+/* Call winbindd to convert SID to gid */
+
+BOOL winbind_sid_to_gid(gid_t *pgid, DOM_SID *sid)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+	int result;
+	fstring sid_str;
+
+	if (!pgid)
+		return False;
+
+	/* Initialise request */
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	sid_to_string(sid_str, sid);
+	fstrcpy(request.data.sid, sid_str);
+	
+	/* Make request */
+
+	result = winbindd_request(WINBINDD_SID_TO_GID, &request, &response);
+
+	/* Copy out result */
+
+	if (result == NSS_STATUS_SUCCESS) {
+		*pgid = response.data.gid;
+	}
+
+	return (result == NSS_STATUS_SUCCESS);
+}
+
+/* Call winbindd to convert gid to sid */
+
+BOOL winbind_gid_to_sid(DOM_SID *sid, gid_t gid)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+	int result;
+
+	if (!sid)
+		return False;
+
+	/* Initialise request */
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	request.data.gid = gid;
+
+	/* Make request */
+
+	result = winbindd_request(WINBINDD_GID_TO_SID, &request, &response);
+
+	/* Copy out result */
+
+	if (result == NSS_STATUS_SUCCESS) {
+		string_to_sid(sid, response.data.sid.sid);
+	} else {
+		sid_copy(sid, &global_sid_NULL);
+	}
+
+	return (result == NSS_STATUS_SUCCESS);
+}
+
+/* Fetch the list of groups a user is a member of from winbindd.  This is
+   used by winbind_getgroups. */
+
+static int wb_getgroups(const char *user, gid_t **groups)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+	int result;
+
+	/* Call winbindd */
+
+	fstrcpy(request.data.username, user);
+
+	ZERO_STRUCT(response);
+
+	result = winbindd_request(WINBINDD_GETGROUPS, &request, &response);
+
+	if (result == NSS_STATUS_SUCCESS) {
+		
+		/* Return group list.  Don't forget to free the group list
+		   when finished. */
+
+		*groups = (gid_t *)response.extra_data;
+		return response.data.num_entries;
+	}
+
+	return -1;
+}
+
+/* Return a list of groups the user is a member of.  This function is
+   useful for large systems where inverting the group database would be too
+   time consuming.  If size is zero, list is not modified and the total
+   number of groups for the user is returned. */
+
+int winbind_getgroups(const char *user, int size, gid_t *list)
+{
+	gid_t *groups = NULL;
+	int result, i;
+
+	/*
+	 * Don't do the lookup if the name has no separator _and_ we are not in
+	 * 'winbind use default domain' mode.
+	 */
+
+	if (!(strchr(user, *lp_winbind_separator()) || lp_winbind_use_default_domain()))
+		return -1;
+
+	/* Fetch list of groups */
+
+	result = wb_getgroups(user, &groups);
+
+	if (size == 0)
+		goto done;
+
+	if (result > size) {
+		result = -1;
+		errno = EINVAL; /* This is what getgroups() does */
+		goto done;
+	}
+
+	/* Copy list of groups across */
+
+	for (i = 0; i < result; i++) {
+		list[i] = groups[i];
+	}
+
+ done:
+	SAFE_FREE(groups);
+	return result;
+}
diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c
new file mode 100644
index 0000000000..6a2143f8f0
--- /dev/null
+++ b/source3/nsswitch/wb_common.c
@@ -0,0 +1,395 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   winbind client common code
+
+   Copyright (C) Tim Potter 2000
+   Copyright (C) Andrew Tridgell 2000
+   
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Library General Public
+   License as published by the Free Software Foundation; either
+   version 2 of the License, or (at your option) any later version.
+   
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Library General Public License for more details.
+   
+   You should have received a copy of the GNU Library General Public
+   License along with this library; if not, write to the
+   Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA  02111-1307, USA.   
+*/
+
+#include "winbind_nss_config.h"
+#include "winbindd_nss.h"
+
+/* Global variables.  These are effectively the client state information */
+
+int winbindd_fd = -1;           /* fd for winbindd socket */
+static char *excluded_domain;
+
+/* Free a response structure */
+
+void free_response(struct winbindd_response *response)
+{
+	/* Free any allocated extra_data */
+
+	if (response)
+		SAFE_FREE(response->extra_data);
+}
+
+/*
+  smbd needs to be able to exclude lookups for its own domain
+*/
+void winbind_exclude_domain(const char *domain)
+{
+	SAFE_FREE(excluded_domain);
+	excluded_domain = strdup(domain);
+}
+
+
+/* Initialise a request structure */
+
+void init_request(struct winbindd_request *request, int request_type)
+{
+        static char *domain_env;
+        static BOOL initialised;
+
+	request->length = sizeof(struct winbindd_request);
+
+	request->cmd = (enum winbindd_cmd)request_type;
+	request->pid = getpid();
+	request->domain[0] = '\0';
+
+	if (!initialised) {
+		initialised = True;
+		domain_env = getenv(WINBINDD_DOMAIN_ENV);
+	}
+
+	if (domain_env) {
+		strncpy(request->domain, domain_env,
+			sizeof(request->domain) - 1);
+		request->domain[sizeof(request->domain) - 1] = '\0';
+	}
+}
+
+/* Initialise a response structure */
+
+void init_response(struct winbindd_response *response)
+{
+	/* Initialise return value */
+
+	response->result = WINBINDD_ERROR;
+}
+
+/* Close established socket */
+
+void close_sock(void)
+{
+	if (winbindd_fd != -1) {
+		close(winbindd_fd);
+		winbindd_fd = -1;
+	}
+}
+
+/* Connect to winbindd socket */
+
+int winbind_open_pipe_sock(void)
+{
+	struct sockaddr_un sunaddr;
+	static pid_t our_pid;
+	struct stat st;
+	pstring path;
+	
+	if (our_pid != getpid()) {
+		close_sock();
+		our_pid = getpid();
+	}
+	
+	if (winbindd_fd != -1) {
+		return winbindd_fd;
+	}
+	
+	/* Check permissions on unix socket directory */
+	
+	if (lstat(WINBINDD_SOCKET_DIR, &st) == -1) {
+		return -1;
+	}
+	
+	if (!S_ISDIR(st.st_mode) || 
+	    (st.st_uid != 0 && st.st_uid != geteuid())) {
+		return -1;
+	}
+	
+	/* Connect to socket */
+	
+	strncpy(path, WINBINDD_SOCKET_DIR, sizeof(path) - 1);
+	path[sizeof(path) - 1] = '\0';
+	
+	strncat(path, "/", sizeof(path) - 1);
+	path[sizeof(path) - 1] = '\0';
+	
+	strncat(path, WINBINDD_SOCKET_NAME, sizeof(path) - 1);
+	path[sizeof(path) - 1] = '\0';
+	
+	ZERO_STRUCT(sunaddr);
+	sunaddr.sun_family = AF_UNIX;
+	strncpy(sunaddr.sun_path, path, sizeof(sunaddr.sun_path) - 1);
+	
+	/* If socket file doesn't exist, don't bother trying to connect
+	   with retry.  This is an attempt to make the system usable when
+	   the winbindd daemon is not running. */
+
+	if (lstat(path, &st) == -1) {
+		return -1;
+	}
+	
+	/* Check permissions on unix socket file */
+	
+	if (!S_ISSOCK(st.st_mode) || 
+	    (st.st_uid != 0 && st.st_uid != geteuid())) {
+		return -1;
+	}
+	
+	/* Connect to socket */
+	
+	if ((winbindd_fd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
+		return -1;
+	}
+	
+	if (connect(winbindd_fd, (struct sockaddr *)&sunaddr, 
+		    sizeof(sunaddr)) == -1) {
+		close_sock();
+		return -1;
+	}
+        
+	return winbindd_fd;
+}
+
+/* Write data to winbindd socket with timeout */
+
+int write_sock(void *buffer, int count)
+{
+	int result, nwritten;
+	
+	/* Open connection to winbind daemon */
+	
+ restart:
+	
+	if (winbind_open_pipe_sock() == -1) {
+		return -1;
+	}
+	
+	/* Write data to socket */
+	
+	nwritten = 0;
+	
+	while(nwritten < count) {
+		struct timeval tv;
+		fd_set r_fds;
+		
+		/* Catch pipe close on other end by checking if a read()
+		   call would not block by calling select(). */
+
+		FD_ZERO(&r_fds);
+		FD_SET(winbindd_fd, &r_fds);
+		ZERO_STRUCT(tv);
+		
+		if (select(winbindd_fd + 1, &r_fds, NULL, NULL, &tv) == -1) {
+			close_sock();
+			return -1;                   /* Select error */
+		}
+		
+		/* Write should be OK if fd not available for reading */
+		
+		if (!FD_ISSET(winbindd_fd, &r_fds)) {
+			
+			/* Do the write */
+			
+			result = write(winbindd_fd,
+				       (char *)buffer + nwritten, 
+				       count - nwritten);
+			
+			if ((result == -1) || (result == 0)) {
+				
+				/* Write failed */
+				
+				close_sock();
+				return -1;
+			}
+			
+			nwritten += result;
+			
+		} else {
+			
+			/* Pipe has closed on remote end */
+			
+			close_sock();
+			goto restart;
+		}
+	}
+	
+	return nwritten;
+}
+
+/* Read data from winbindd socket with timeout */
+
+static int read_sock(void *buffer, int count)
+{
+	int result = 0, nread = 0;
+
+	/* Read data from socket */
+	
+	while(nread < count) {
+		
+		result = read(winbindd_fd, (char *)buffer + nread, 
+			      count - nread);
+		
+		if ((result == -1) || (result == 0)) {
+			
+			/* Read failed.  I think the only useful thing we
+			   can do here is just return -1 and fail since the
+			   transaction has failed half way through. */
+			
+			close_sock();
+			return -1;
+		}
+		
+		nread += result;
+	}
+	
+	return result;
+}
+
+/* Read reply */
+
+int read_reply(struct winbindd_response *response)
+{
+	int result1, result2 = 0;
+
+	if (!response) {
+		return -1;
+	}
+	
+	/* Read fixed length response */
+	
+	if ((result1 = read_sock(response, sizeof(struct winbindd_response)))
+	    == -1) {
+		
+		return -1;
+	}
+	
+	/* We actually send the pointer value of the extra_data field from
+	   the server.  This has no meaning in the client's address space
+	   so we clear it out. */
+
+	response->extra_data = NULL;
+
+	/* Read variable length response */
+	
+	if (response->length > sizeof(struct winbindd_response)) {
+		int extra_data_len = response->length - 
+			sizeof(struct winbindd_response);
+		
+		/* Mallocate memory for extra data */
+		
+		if (!(response->extra_data = malloc(extra_data_len))) {
+			return -1;
+		}
+		
+		if ((result2 = read_sock(response->extra_data, extra_data_len))
+		    == -1) {
+			free_response(response);
+			return -1;
+		}
+	}
+	
+	/* Return total amount of data read */
+	
+	return result1 + result2;
+}
+
+/* 
+ * send simple types of requests 
+ */
+
+NSS_STATUS winbindd_send_request(int req_type, struct winbindd_request *request)
+{
+	struct winbindd_request lrequest;
+
+	/* Check for our tricky environment variable */
+
+	if (getenv(WINBINDD_DONT_ENV)) {
+		return NSS_STATUS_NOTFOUND;
+	}
+
+	/* smbd may have excluded this domain */
+	if (excluded_domain && 
+	    strcasecmp(excluded_domain, request->domain) == 0) {
+		return NSS_STATUS_NOTFOUND;
+	}
+
+	if (!request) {
+		ZERO_STRUCT(lrequest);
+		request = &lrequest;
+	}
+	
+	/* Fill in request and send down pipe */
+
+	init_request(request, req_type);
+	
+	if (write_sock(request, sizeof(*request)) == -1) {
+		return NSS_STATUS_UNAVAIL;
+	}
+	
+	return NSS_STATUS_SUCCESS;
+}
+
+/*
+ * Get results from winbindd request
+ */
+
+NSS_STATUS winbindd_get_response(struct winbindd_response *response)
+{
+	struct winbindd_response lresponse;
+
+	if (!response) {
+		ZERO_STRUCT(lresponse);
+		response = &lresponse;
+	}
+
+	init_response(response);
+
+	/* Wait for reply */
+	if (read_reply(response) == -1) {
+		return NSS_STATUS_UNAVAIL;
+	}
+
+	/* Throw away extra data if client didn't request it */
+	if (response == &lresponse) {
+		free_response(response);
+	}
+
+	/* Copy reply data from socket */
+	if (response->result != WINBINDD_OK) {
+		return NSS_STATUS_NOTFOUND;
+	}
+	
+	return NSS_STATUS_SUCCESS;
+}
+
+/* Handle simple types of requests */
+
+NSS_STATUS winbindd_request(int req_type, 
+				 struct winbindd_request *request,
+				 struct winbindd_response *response)
+{
+	NSS_STATUS status;
+
+	status = winbindd_send_request(req_type, request);
+	if (status != NSS_STATUS_SUCCESS) 
+		return(status);
+	return winbindd_get_response(response);
+}
diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c
new file mode 100644
index 0000000000..4ea1e6a30a
--- /dev/null
+++ b/source3/nsswitch/wbinfo.c
@@ -0,0 +1,873 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Winbind status program.
+
+   Copyright (C) Tim Potter      2000
+   Copyright (C) Andrew Bartlett 2002
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "winbindd.h"
+#include "debug.h"
+
+/* Prototypes from common.h */
+
+NSS_STATUS winbindd_request(int req_type, 
+			    struct winbindd_request *request,
+			    struct winbindd_response *response);
+
+static char winbind_separator(void)
+{
+	struct winbindd_response response;
+	static BOOL got_sep;
+	static char sep;
+
+	if (got_sep)
+		return sep;
+
+	ZERO_STRUCT(response);
+
+	/* Send off request */
+
+	if (winbindd_request(WINBINDD_INFO, NULL, &response) !=
+	    NSS_STATUS_SUCCESS) {
+		d_printf("could not obtain winbind separator!\n");
+		/* HACK: (this module should not call lp_ funtions) */
+		return *lp_winbind_separator();
+	}
+
+	sep = response.data.info.winbind_separator;
+	got_sep = True;
+
+	if (!sep) {
+		d_printf("winbind separator was NULL!\n");
+		/* HACK: (this module should not call lp_ funtions) */
+		sep = *lp_winbind_separator();
+	}
+	
+	return sep;
+}
+
+static char *get_winbind_domain(void)
+{
+	struct winbindd_response response;
+	static fstring winbind_domain;
+
+	ZERO_STRUCT(response);
+
+	/* Send off request */
+
+	if (winbindd_request(WINBINDD_DOMAIN_NAME, NULL, &response) !=
+	    NSS_STATUS_SUCCESS) {
+		d_printf("could not obtain winbind domain name!\n");
+		
+		/* HACK: (this module should not call lp_ funtions) */
+		return lp_workgroup();
+	}
+
+	fstrcpy(winbind_domain, response.data.domain_name);
+
+	return winbind_domain;
+
+}
+
+/* Copy of parse_domain_user from winbindd_util.c.  Parse a string of the
+   form DOMAIN/user into a domain and a user */
+
+static BOOL parse_wbinfo_domain_user(const char *domuser, fstring domain, 
+				     fstring user)
+{
+
+	char *p = strchr(domuser,winbind_separator());
+
+	if (!p) {
+		fstrcpy(user, domuser);
+		fstrcpy(domain, get_winbind_domain());
+		return True;
+	}
+        
+	fstrcpy(user, p+1);
+	fstrcpy(domain, domuser);
+	domain[PTR_DIFF(p, domuser)] = 0;
+	strupper(domain);
+
+	return True;
+}
+
+/* List groups a user is a member of */
+
+static BOOL wbinfo_get_usergroups(char *user)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+	NSS_STATUS result;
+	int i;
+	
+	ZERO_STRUCT(response);
+
+	/* Send request */
+
+	fstrcpy(request.data.username, user);
+
+	result = winbindd_request(WINBINDD_GETGROUPS, &request, &response);
+
+	if (result != NSS_STATUS_SUCCESS)
+		return False;
+
+	for (i = 0; i < response.data.num_entries; i++)
+		d_printf("%d\n", (int)((gid_t *)response.extra_data)[i]);
+
+	SAFE_FREE(response.extra_data);
+
+	return True;
+}
+
+/* Convert NetBIOS name to IP */
+
+static BOOL wbinfo_wins_byname(char *name)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	/* Send request */
+
+	fstrcpy(request.data.winsreq, name);
+
+	if (winbindd_request(WINBINDD_WINS_BYNAME, &request, &response) !=
+	    NSS_STATUS_SUCCESS) {
+		return False;
+	}
+
+	/* Display response */
+
+	printf("%s\n", response.data.winsresp);
+
+	return True;
+}
+
+/* Convert IP to NetBIOS name */
+
+static BOOL wbinfo_wins_byip(char *ip)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	/* Send request */
+
+	fstrcpy(request.data.winsreq, ip);
+
+	if (winbindd_request(WINBINDD_WINS_BYIP, &request, &response) !=
+	    NSS_STATUS_SUCCESS) {
+		return False;
+	}
+
+	/* Display response */
+
+	printf("%s\n", response.data.winsresp);
+
+	return True;
+}
+
+/* List trusted domains */
+
+static BOOL wbinfo_list_domains(void)
+{
+	struct winbindd_response response;
+	fstring name;
+
+	ZERO_STRUCT(response);
+
+	/* Send request */
+
+	if (winbindd_request(WINBINDD_LIST_TRUSTDOM, NULL, &response) !=
+	    NSS_STATUS_SUCCESS)
+		return False;
+
+	/* Display response */
+
+	if (response.extra_data) {
+		char *extra_data = (char *)response.extra_data;
+
+		while(next_token(&extra_data, name, ",", sizeof(fstring)))
+			d_printf("%s\n", name);
+
+		SAFE_FREE(response.extra_data);
+	}
+
+	return True;
+}
+
+
+/* show sequence numbers */
+static BOOL wbinfo_show_sequence(void)
+{
+	struct winbindd_response response;
+
+	ZERO_STRUCT(response);
+
+	/* Send request */
+
+	if (winbindd_request(WINBINDD_SHOW_SEQUENCE, NULL, &response) !=
+	    NSS_STATUS_SUCCESS)
+		return False;
+
+	/* Display response */
+
+	if (response.extra_data) {
+		char *extra_data = (char *)response.extra_data;
+		d_printf("%s", extra_data);
+		SAFE_FREE(response.extra_data);
+	}
+
+	return True;
+}
+
+/* Check trust account password */
+
+static BOOL wbinfo_check_secret(void)
+{
+        struct winbindd_response response;
+        BOOL result;
+
+        ZERO_STRUCT(response);
+
+        result = winbindd_request(WINBINDD_CHECK_MACHACC, NULL, &response) ==
+                NSS_STATUS_SUCCESS;
+
+        if (result) {
+
+                if (response.data.num_entries == 0)
+                        d_printf("Secret is good\n");
+                else
+                        d_printf("Secret is bad\n0x%08x\n", 
+			       response.data.num_entries);
+
+                return True;
+        }
+
+        return False;
+}
+
+/* Convert uid to sid */
+
+static BOOL wbinfo_uid_to_sid(uid_t uid)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	/* Send request */
+
+	request.data.uid = uid;
+
+	if (winbindd_request(WINBINDD_UID_TO_SID, &request, &response) !=
+	    NSS_STATUS_SUCCESS)
+		return False;
+
+	/* Display response */
+
+	d_printf("%s\n", response.data.sid.sid);
+
+	return True;
+}
+
+/* Convert gid to sid */
+
+static BOOL wbinfo_gid_to_sid(gid_t gid)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	/* Send request */
+
+	request.data.gid = gid;
+
+	if (winbindd_request(WINBINDD_GID_TO_SID, &request, &response) !=
+	    NSS_STATUS_SUCCESS)
+		return False;
+
+	/* Display response */
+
+	d_printf("%s\n", response.data.sid.sid);
+
+	return True;
+}
+
+/* Convert sid to uid */
+
+static BOOL wbinfo_sid_to_uid(char *sid)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	/* Send request */
+
+	fstrcpy(request.data.sid, sid);
+
+	if (winbindd_request(WINBINDD_SID_TO_UID, &request, &response) !=
+	    NSS_STATUS_SUCCESS)
+		return False;
+
+	/* Display response */
+
+	d_printf("%d\n", (int)response.data.uid);
+
+	return True;
+}
+
+static BOOL wbinfo_sid_to_gid(char *sid)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	/* Send request */
+
+	fstrcpy(request.data.sid, sid);
+
+	if (winbindd_request(WINBINDD_SID_TO_GID, &request, &response) !=
+	    NSS_STATUS_SUCCESS)
+		return False;
+
+	/* Display response */
+
+	d_printf("%d\n", (int)response.data.gid);
+
+	return True;
+}
+
+/* Convert sid to string */
+
+static BOOL wbinfo_lookupsid(char *sid)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	/* Send off request */
+
+	fstrcpy(request.data.sid, sid);
+
+	if (winbindd_request(WINBINDD_LOOKUPSID, &request, &response) !=
+	    NSS_STATUS_SUCCESS)
+		return False;
+
+	/* Display response */
+
+	d_printf("%s%c%s %d\n", response.data.name.dom_name, 
+		 winbind_separator(), response.data.name.name, 
+		 response.data.name.type);
+
+	return True;
+}
+
+/* Convert string to sid */
+
+static BOOL wbinfo_lookupname(char *name)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+
+	/* Send off request */
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	parse_wbinfo_domain_user(name, request.data.name.dom_name, 
+				 request.data.name.name);
+
+	if (winbindd_request(WINBINDD_LOOKUPNAME, &request, &response) !=
+	    NSS_STATUS_SUCCESS)
+		return False;
+
+	/* Display response */
+
+	d_printf("%s %d\n", response.data.sid.sid, response.data.sid.type);
+
+	return True;
+}
+
+/* Authenticate a user with a plaintext password */
+
+static BOOL wbinfo_auth(char *username)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+        NSS_STATUS result;
+        char *p;
+
+	/* Send off request */
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+        p = strchr(username, '%');
+
+        if (p) {
+                *p = 0;
+                fstrcpy(request.data.auth.user, username);
+                fstrcpy(request.data.auth.pass, p + 1);
+                *p = '%';
+        } else
+                fstrcpy(request.data.auth.user, username);
+
+	result = winbindd_request(WINBINDD_PAM_AUTH, &request, &response);
+
+	/* Display response */
+
+        d_printf("plaintext password authentication %s\n", 
+               (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
+
+	d_printf("error code was %s (0x%x)\n", 
+		 response.data.auth.nt_status_string, 
+		 response.data.auth.nt_status);
+
+        return result == NSS_STATUS_SUCCESS;
+}
+
+/* Authenticate a user with a challenge/response */
+
+static BOOL wbinfo_auth_crap(char *username)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+        NSS_STATUS result;
+        fstring name_user;
+        fstring name_domain;
+        fstring pass;
+        char *p;
+
+	/* Send off request */
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+        p = strchr(username, '%');
+
+        if (p) {
+                *p = 0;
+                fstrcpy(pass, p + 1);
+	}
+		
+	parse_wbinfo_domain_user(username, name_domain, name_user);
+
+	fstrcpy(request.data.auth_crap.user, name_user);
+
+	fstrcpy(request.data.auth_crap.domain, name_domain);
+
+	generate_random_buffer(request.data.auth_crap.chal, 8, False);
+        
+        SMBencrypt((uchar *)pass, request.data.auth_crap.chal, 
+                   (uchar *)request.data.auth_crap.lm_resp);
+        SMBNTencrypt((uchar *)pass, request.data.auth_crap.chal,
+                     (uchar *)request.data.auth_crap.nt_resp);
+
+        request.data.auth_crap.lm_resp_len = 24;
+        request.data.auth_crap.nt_resp_len = 24;
+
+	result = winbindd_request(WINBINDD_PAM_AUTH_CRAP, &request, &response);
+
+	/* Display response */
+
+        d_printf("challenge/response password authentication %s\n", 
+               (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
+
+	d_printf("error code was %s (0x%x)\n", 
+	       response.data.auth.nt_status_string, 
+	       response.data.auth.nt_status);
+
+        return result == NSS_STATUS_SUCCESS;
+}
+
+/* Print domain users */
+
+static BOOL print_domain_users(void)
+{
+	struct winbindd_response response;
+	char *extra_data;
+	fstring name;
+
+	/* Send request to winbind daemon */
+
+	ZERO_STRUCT(response);
+
+	if (winbindd_request(WINBINDD_LIST_USERS, NULL, &response) !=
+	    NSS_STATUS_SUCCESS)
+		return False;
+
+	/* Look through extra data */
+
+	if (!response.extra_data)
+		return False;
+
+	extra_data = (char *)response.extra_data;
+
+	while(next_token(&extra_data, name, ",", sizeof(fstring)))
+		d_printf("%s\n", name);
+	
+	SAFE_FREE(response.extra_data);
+
+	return True;
+}
+
+/* Print domain groups */
+
+static BOOL print_domain_groups(void)
+{
+	struct winbindd_response response;
+	char *extra_data;
+	fstring name;
+
+	ZERO_STRUCT(response);
+
+	if (winbindd_request(WINBINDD_LIST_GROUPS, NULL, &response) !=
+	    NSS_STATUS_SUCCESS)
+		return False;
+
+	/* Look through extra data */
+
+	if (!response.extra_data)
+		return False;
+
+	extra_data = (char *)response.extra_data;
+
+	while(next_token(&extra_data, name, ",", sizeof(fstring)))
+		d_printf("%s\n", name);
+
+	SAFE_FREE(response.extra_data);
+	
+	return True;
+}
+
+/* Set the authorised user for winbindd access in secrets.tdb */
+
+static BOOL wbinfo_set_auth_user(char *username)
+{
+	char *password;
+	fstring user, domain;
+
+	/* Separate into user and password */
+
+	parse_wbinfo_domain_user(username, domain, user);
+
+	password = strchr(user, '%');
+
+	if (password) {
+		*password = 0;
+		password++;
+	} else
+		password = "";
+
+	/* Store in secrets.tdb */
+
+	if (!secrets_store(SECRETS_AUTH_USER, username, 
+			   strlen(username) + 1) ||
+	    !secrets_store(SECRETS_AUTH_DOMAIN, domain, 
+			   strlen(domain) + 1) ||
+	    !secrets_store(SECRETS_AUTH_PASSWORD, password,
+			   strlen(password) + 1)) {
+		d_fprintf(stderr, "error storing authenticated user info\n");
+		return False;
+	}
+
+	return True;
+}
+
+static BOOL wbinfo_ping(void)
+{
+        NSS_STATUS result;
+	
+	result = winbindd_request(WINBINDD_PING, NULL, NULL);
+
+	/* Display response */
+
+        d_printf("'ping' to winbindd %s\n", 
+               (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
+
+        return result == NSS_STATUS_SUCCESS;
+}
+
+/* Print program usage */
+
+static void usage(void)
+{
+	d_printf("Usage: wbinfo -ug | -n name | -sSY sid | -UG uid/gid | -tm "
+               "| -a user%%password\n");
+	d_printf("\t-u\t\t\tlists all domain users\n");
+	d_printf("\t-g\t\t\tlists all domain groups\n");
+	d_printf("\t-n name\t\t\tconverts name to sid\n");
+	d_printf("\t-s sid\t\t\tconverts sid to name\n");
+	d_printf("\t-N name\t\t\tconverts NetBIOS name to IP (WINS)\n");
+	d_printf("\t-I name\t\t\tconverts IP address to NetBIOS name (WINS)\n");
+	d_printf("\t-U uid\t\t\tconverts uid to sid\n");
+	d_printf("\t-G gid\t\t\tconverts gid to sid\n");
+	d_printf("\t-S sid\t\t\tconverts sid to uid\n");
+	d_printf("\t-Y sid\t\t\tconverts sid to gid\n");
+	d_printf("\t-t\t\t\tcheck shared secret\n");
+	d_printf("\t-m\t\t\tlist trusted domains\n");
+	d_printf("\t-r user\t\t\tget user groups\n");
+	d_printf("\t-a user%%password\tauthenticate user\n");
+	d_printf("\t-p 'ping' winbindd to see if it is alive\n");
+	d_printf("\t--sequence\t\tshow sequence numbers of all domains\n");
+}
+
+/* Main program */
+
+enum {
+	OPT_SET_AUTH_USER = 1000,
+	OPT_SEQUENCE,
+};
+
+int main(int argc, char **argv)
+{
+	extern pstring global_myname;
+	int opt;
+
+	poptContext pc;
+	static char *string_arg;
+	static int int_arg;
+	BOOL got_command = False;
+	int result = 1;
+
+	struct poptOption long_options[] = {
+
+		/* longName, shortName, argInfo, argPtr, value, descrip, 
+		   argDesc */
+
+		{ "help", 'h', POPT_ARG_NONE, 0, 'h' },
+		{ "domain-users", 'u', POPT_ARG_NONE, 0, 'u' },
+		{ "domain-groups", 'g', POPT_ARG_NONE, 0, 'g' },
+		{ "WINS-by-name", 'N', POPT_ARG_STRING, &string_arg, 'N' },
+		{ "WINS-by-ip", 'I', POPT_ARG_STRING, &string_arg, 'I' },
+		{ "name-to-sid", 'n', POPT_ARG_STRING, &string_arg, 'n' },
+		{ "sid-to-name", 's', POPT_ARG_STRING, &string_arg, 's' },
+		{ "uid-to-sid", 'U', POPT_ARG_INT, &int_arg, 'U' },
+		{ "gid-to-sid", 'G', POPT_ARG_INT, &int_arg, 'G' },
+		{ "sid-to-uid", 'S', POPT_ARG_STRING, &string_arg, 'S' },
+		{ "sid-to-gid", 'Y', POPT_ARG_STRING, &string_arg, 'Y' },
+		{ "check-secret", 't', POPT_ARG_NONE, 0, 't' },
+		{ "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm' },
+		{ "sequence", 0, POPT_ARG_NONE, 0, OPT_SEQUENCE },
+		{ "user-groups", 'r', POPT_ARG_STRING, &string_arg, 'r' },
+ 		{ "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a' },
+		{ "set-auth-user", 0, POPT_ARG_STRING, &string_arg, OPT_SET_AUTH_USER },
+		{ "ping", 'p', POPT_ARG_NONE, 0, 'p' },
+		{ 0, 0, 0, 0 }
+	};
+
+	/* Samba client initialisation */
+
+	if (!*global_myname) {
+		char *p;
+
+		fstrcpy(global_myname, myhostname());
+		p = strchr(global_myname, '.');
+		if (p)
+			*p = 0;
+	}
+
+	if (!lp_load(dyn_CONFIGFILE, True, False, False)) {
+		d_fprintf(stderr, "wbinfo: error opening config file %s. Error was %s\n",
+			dyn_CONFIGFILE, strerror(errno));
+		exit(1);
+	}
+
+	load_interfaces();
+
+	/* Parse command line options */
+
+	if (argc == 1) {
+		usage();
+		return 1;
+	}
+
+	/* Parse options */
+
+	pc = poptGetContext("wbinfo", argc, (const char **)argv, long_options, 0);
+
+	while((opt = poptGetNextOpt(pc)) != -1) {
+		if (got_command) {
+			d_fprintf(stderr, "No more than one command may be specified at once.\n");
+			exit(1);
+		}
+		got_command = True;
+	}
+
+	poptFreeContext(pc);
+
+	pc = poptGetContext(NULL, argc, (const char **)argv, long_options, 
+			    POPT_CONTEXT_KEEP_FIRST);
+
+	while((opt = poptGetNextOpt(pc)) != -1) {
+		switch (opt) {
+		case 'h':
+			usage();
+			result = 0;
+			goto done;
+		case 'u':
+			if (!print_domain_users()) {
+				d_printf("Error looking up domain users\n");
+				goto done;
+			}
+			break;
+		case 'g':
+			if (!print_domain_groups()) {
+				d_printf("Error looking up domain groups\n");
+				goto done;
+			}
+			break;
+		case 's':
+			if (!wbinfo_lookupsid(string_arg)) {
+				d_printf("Could not lookup sid %s\n", string_arg);
+				goto done;
+			}
+			break;
+		case 'n':
+			if (!wbinfo_lookupname(string_arg)) {
+				d_printf("Could not lookup name %s\n", string_arg);
+				goto done;
+			}
+			break;
+		case 'N':
+			if (!wbinfo_wins_byname(string_arg)) {
+				d_printf("Could not lookup WINS by name %s\n", string_arg);
+				goto done;
+			}
+			break;
+		case 'I':
+			if (!wbinfo_wins_byip(string_arg)) {
+				d_printf("Could not lookup WINS by IP %s\n", string_arg);
+				goto done;
+			}
+			break;
+		case 'U':
+			if (!wbinfo_uid_to_sid(int_arg)) {
+				d_printf("Could not convert uid %d to sid\n", int_arg);
+				goto done;
+			}
+			break;
+		case 'G':
+			if (!wbinfo_gid_to_sid(int_arg)) {
+				d_printf("Could not convert gid %d to sid\n",
+				       int_arg);
+				goto done;
+			}
+			break;
+		case 'S':
+			if (!wbinfo_sid_to_uid(string_arg)) {
+				d_printf("Could not convert sid %s to uid\n",
+				       string_arg);
+				goto done;
+			}
+			break;
+		case 'Y':
+			if (!wbinfo_sid_to_gid(string_arg)) {
+				d_printf("Could not convert sid %s to gid\n",
+				       string_arg);
+				goto done;
+			}
+			break;
+		case 't':
+			if (!wbinfo_check_secret()) {
+				d_printf("Could not check secret\n");
+				goto done;
+			}
+			break;
+		case 'm':
+			if (!wbinfo_list_domains()) {
+				d_printf("Could not list trusted domains\n");
+				goto done;
+			}
+			break;
+		case OPT_SEQUENCE:
+			if (!wbinfo_show_sequence()) {
+				d_printf("Could not show sequence numbers\n");
+				goto done;
+			}
+			break;
+		case 'r':
+			if (!wbinfo_get_usergroups(string_arg)) {
+				d_printf("Could not get groups for user %s\n", 
+				       string_arg);
+				goto done;
+			}
+			break;
+                case 'a': {
+                        BOOL got_error = False;
+
+                        if (!wbinfo_auth(string_arg)) {
+                                d_printf("Could not authenticate user %s with "
+                                       "plaintext password\n", string_arg);
+                                got_error = True;
+                        }
+
+                        if (!wbinfo_auth_crap(string_arg)) {
+                                d_printf("Could not authenticate user %s with "
+                                       "challenge/response\n", string_arg);
+                                got_error = True;
+                        }
+			
+                        if (got_error)
+                                goto done;
+                        break;
+		}
+                case 'p': {
+
+                        if (!wbinfo_ping()) {
+                                d_printf("could not ping winbindd!\n");
+                                goto done;
+			}
+                        break;
+		}
+		case OPT_SET_AUTH_USER:
+			if (!(wbinfo_set_auth_user(string_arg)))
+				goto done;
+			break;
+		default:
+			d_fprintf(stderr, "Invalid option\n");
+			usage();
+			goto done;
+		}
+	}
+
+	result = 0;
+
+	/* Exit code */
+
+ done:
+	poptFreeContext(pc);
+	return result;
+}
diff --git a/source3/nsswitch/winbind_nss.c b/source3/nsswitch/winbind_nss.c
new file mode 100644
index 0000000000..0a49f5ec96
--- /dev/null
+++ b/source3/nsswitch/winbind_nss.c
@@ -0,0 +1,1324 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Windows NT Domain nsswitch module
+
+   Copyright (C) Tim Potter 2000
+   
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Library General Public
+   License as published by the Free Software Foundation; either
+   version 2 of the License, or (at your option) any later version.
+   
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Library General Public License for more details.
+   
+   You should have received a copy of the GNU Library General Public
+   License along with this library; if not, write to the
+   Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA  02111-1307, USA.   
+*/
+
+#include "winbind_nss_config.h"
+#include "winbindd_nss.h"
+
+#ifdef HAVE_NS_API_H
+#undef VOLATILE
+
+#include <ns_daemon.h>
+#endif
+
+#define MAX_GETPWENT_USERS 250
+#define MAX_GETGRENT_USERS 250
+
+/* Prototypes from wb_common.c */
+
+extern int winbindd_fd;
+
+void init_request(struct winbindd_request *req,int rq_type);
+NSS_STATUS winbindd_send_request(int req_type,
+				 struct winbindd_request *request);
+NSS_STATUS winbindd_get_response(struct winbindd_response *response);
+NSS_STATUS winbindd_request(int req_type, 
+				 struct winbindd_request *request,
+				 struct winbindd_response *response);
+int winbind_open_pipe_sock(void);
+int write_sock(void *buffer, int count);
+int read_reply(struct winbindd_response *response);
+void free_response(struct winbindd_response *response);
+
+#ifdef HAVE_NS_API_H
+/* IRIX version */
+
+static int send_next_request(nsd_file_t *, struct winbindd_request *);
+static int do_list(int state, nsd_file_t *rq);
+
+static nsd_file_t *current_rq = NULL;
+static int current_winbind_xid = 0;
+static int next_winbind_xid = 0;
+
+typedef struct winbind_xid {
+	int			xid;
+	nsd_file_t		*rq;
+	struct winbindd_request *request;
+	struct winbind_xid	*next;
+} winbind_xid_t;
+
+static winbind_xid_t *winbind_xids = (winbind_xid_t *)0;
+
+static int
+winbind_xid_new(int xid, nsd_file_t *rq, struct winbindd_request *request)
+{
+	winbind_xid_t *new;
+
+	nsd_logprintf(NSD_LOG_LOW,
+		"entering winbind_xid_new xid = %d rq = 0x%x, request = 0x%x\n",
+		xid, rq, request);
+	new = (winbind_xid_t *)nsd_calloc(1,sizeof(winbind_xid_t));
+	if (!new) {
+		nsd_logprintf(NSD_LOG_RESOURCE,"winbind_xid_new: failed malloc\n");
+		return NSD_ERROR;
+	}
+
+	new->xid = xid;
+	new->rq = rq;
+	new->request = request;
+	new->next = winbind_xids;
+	winbind_xids = new;
+
+	return NSD_CONTINUE;
+}
+
+/*
+** This routine will look down the xid list and return the request
+** associated with an xid.  We remove the record if it is found.
+*/
+nsd_file_t *
+winbind_xid_lookup(int xid, struct winbindd_request **requestp)
+{
+        winbind_xid_t **last, *dx;
+        nsd_file_t *result=0;
+
+        for (last = &winbind_xids, dx = winbind_xids; dx && (dx->xid != xid);
+            last = &dx->next, dx = dx->next);
+        if (dx) {
+                *last = dx->next;
+                result = dx->rq;
+		*requestp = dx->request;
+                SAFE_FREE(dx);
+        }
+	nsd_logprintf(NSD_LOG_LOW,
+		"entering winbind_xid_lookup xid = %d rq = 0x%x, request = 0x%x\n",
+		xid, result, dx->request);
+
+        return result;
+}
+
+static int
+winbind_startnext_timeout(nsd_file_t **rqp, nsd_times_t *to)
+{
+	nsd_file_t *rq;
+	struct winbindd_request *request;
+
+	nsd_logprintf(NSD_LOG_MIN, "timeout (winbind startnext)\n");
+	rq = to->t_file;
+	*rqp = rq;
+	nsd_timeout_remove(rq);
+	request = to->t_clientdata;
+	return(send_next_request(rq, request));
+}
+
+static void
+dequeue_request()
+{
+	nsd_file_t *rq;
+	struct winbindd_request *request;
+
+	/*
+	 * Check for queued requests
+	 */
+	if (winbind_xids) {
+	    nsd_logprintf(NSD_LOG_MIN, "timeout (winbind) unqueue xid %d\n",
+			current_winbind_xid);
+	    rq = winbind_xid_lookup(current_winbind_xid++, &request);
+	    /* cause a timeout on the queued request so we can send it */
+	    nsd_timeout_new(rq,1,winbind_startnext_timeout,request);
+	}
+}
+
+static int
+do_request(nsd_file_t *rq, struct winbindd_request *request)
+{
+	if (winbind_xids == NULL) {
+		/*
+		 * No outstanding requests.
+		 * Send off the request to winbindd
+		 */
+		nsd_logprintf(NSD_LOG_MIN, "lookup (winbind) sending request\n");
+		return(send_next_request(rq, request));
+	} else {
+		/*
+		 * Just queue it up for now - previous callout or timout
+		 * will start it up
+		 */
+		nsd_logprintf(NSD_LOG_MIN,
+			"lookup (winbind): queue request xid = %d\n",
+			next_winbind_xid);
+		return(winbind_xid_new(next_winbind_xid++, rq, request));
+	}
+}
+
+static int 
+winbind_callback(nsd_file_t **rqp, int fd)
+{
+	struct winbindd_response response;
+	struct winbindd_pw *pw = &response.data.pw;
+	struct winbindd_gr *gr = &response.data.gr;
+	nsd_file_t *rq;
+	NSS_STATUS status;
+	fstring result;
+	char *members;
+	int i, maxlen;
+
+	dequeue_request();
+
+	nsd_logprintf(NSD_LOG_MIN, "entering callback (winbind)\n");
+
+	rq = current_rq;
+	*rqp = rq;
+
+	nsd_timeout_remove(rq);
+	nsd_callback_remove(fd);
+
+	ZERO_STRUCT(response);
+	status = winbindd_get_response(&response);
+
+	if (status != NSS_STATUS_SUCCESS) {
+		/* free any extra data area in response structure */
+		free_response(&response);
+		nsd_logprintf(NSD_LOG_MIN, 
+			"callback (winbind) returning not found, status = %d\n",
+			status);
+		rq->f_status = NS_NOTFOUND;
+		return NSD_NEXT;
+	}
+
+	maxlen = sizeof(result) - 1;
+
+	switch ((int)rq->f_cmd_data) {
+	    case WINBINDD_WINS_BYNAME:
+	    case WINBINDD_WINS_BYIP:
+		snprintf(result,maxlen,"%s\n",response.data.winsresp);
+		break;
+	    case WINBINDD_GETPWUID:
+	    case WINBINDD_GETPWNAM:
+		snprintf(result,maxlen,"%s:%s:%d:%d:%s:%s:%s\n",
+			pw->pw_name,
+			pw->pw_passwd,
+			pw->pw_uid,
+			pw->pw_gid,
+			pw->pw_gecos,
+			pw->pw_dir,
+			pw->pw_shell);
+		break;
+	    case WINBINDD_GETGRNAM:
+	    case WINBINDD_GETGRGID:
+		if (gr->num_gr_mem && response.extra_data)
+			members = response.extra_data;
+		else
+			members = "";
+		snprintf(result,maxlen,"%s:%s:%d:%s\n",
+			gr->gr_name, gr->gr_passwd, gr->gr_gid, members);
+		break;
+	    case WINBINDD_SETGRENT:
+	    case WINBINDD_SETPWENT:
+		nsd_logprintf(NSD_LOG_MIN, "callback (winbind) - SETPWENT/SETGRENT\n");
+		free_response(&response);
+		return(do_list(1,rq));
+	    case WINBINDD_GETGRENT:
+		nsd_logprintf(NSD_LOG_MIN, 
+			"callback (winbind) - %d GETGRENT responses\n",
+			response.data.num_entries);
+		if (response.data.num_entries) {
+		    gr = (struct winbindd_gr *)response.extra_data;
+		    if (! gr ) {
+			nsd_logprintf(NSD_LOG_MIN, "     no extra_data\n");
+			free_response(&response);
+			return NSD_ERROR;
+		    }
+		    members = (char *)response.extra_data + 
+				(response.data.num_entries * sizeof(struct winbindd_gr));
+		    for (i = 0; i < response.data.num_entries; i++) {
+			snprintf(result,maxlen,"%s:%s:%d:%s\n",
+				gr->gr_name, gr->gr_passwd, gr->gr_gid, 
+				&members[gr->gr_mem_ofs]);
+			nsd_logprintf(NSD_LOG_MIN, "     GETGRENT %s\n",result);
+			nsd_append_element(rq,NS_SUCCESS,result,strlen(result));
+			gr++;
+		    }
+		}
+		i = response.data.num_entries;
+		free_response(&response);
+		if (i < MAX_GETPWENT_USERS)
+		    return(do_list(2,rq));
+		else
+		    return(do_list(1,rq));
+	    case WINBINDD_GETPWENT:
+		nsd_logprintf(NSD_LOG_MIN, 
+			"callback (winbind) - %d GETPWENT responses\n",
+			response.data.num_entries);
+		if (response.data.num_entries) {
+		    pw = (struct winbindd_pw *)response.extra_data;
+		    if (! pw ) {
+			nsd_logprintf(NSD_LOG_MIN, "     no extra_data\n");
+			free_response(&response);
+			return NSD_ERROR;
+		    }
+		    for (i = 0; i < response.data.num_entries; i++) {
+			snprintf(result,maxlen,"%s:%s:%d:%d:%s:%s:%s",
+				pw->pw_name,
+				pw->pw_passwd,
+				pw->pw_uid,
+				pw->pw_gid,
+				pw->pw_gecos,
+				pw->pw_dir,
+				pw->pw_shell);
+			nsd_logprintf(NSD_LOG_MIN, "     GETPWENT %s\n",result);
+			nsd_append_element(rq,NS_SUCCESS,result,strlen(result));
+			pw++;
+		    }
+		}
+		i = response.data.num_entries;
+		free_response(&response);
+		if (i < MAX_GETPWENT_USERS)
+		    return(do_list(2,rq));
+		else
+		    return(do_list(1,rq));
+	    case WINBINDD_ENDGRENT:
+	    case WINBINDD_ENDPWENT:
+		nsd_logprintf(NSD_LOG_MIN, "callback (winbind) - ENDPWENT/ENDGRENT\n");
+		nsd_append_element(rq,NS_SUCCESS,"\n",1);
+		free_response(&response);
+		return NSD_NEXT;
+	    default:
+		free_response(&response);
+		nsd_logprintf(NSD_LOG_MIN, "callback (winbind) - no valid command\n");
+		return NSD_NEXT;
+	}
+	nsd_logprintf(NSD_LOG_MIN, "callback (winbind) %s\n", result);
+	/* free any extra data area in response structure */
+	free_response(&response);
+	nsd_set_result(rq,NS_SUCCESS,result,strlen(result),VOLATILE);
+	return NSD_OK;
+}
+
+static int 
+winbind_timeout(nsd_file_t **rqp, nsd_times_t *to)
+{
+	nsd_file_t *rq;
+
+	dequeue_request();
+
+	nsd_logprintf(NSD_LOG_MIN, "timeout (winbind)\n");
+
+	rq = to->t_file;
+	*rqp = rq;
+
+	/* Remove the callback and timeout */
+	nsd_callback_remove(winbindd_fd);
+	nsd_timeout_remove(rq);
+
+	rq->f_status = NS_NOTFOUND;
+	return NSD_NEXT;
+}
+
+static int
+send_next_request(nsd_file_t *rq, struct winbindd_request *request)
+{
+	NSS_STATUS status;
+	long timeout;
+
+	timeout = 1000;
+
+	nsd_logprintf(NSD_LOG_MIN, "send_next_request (winbind) %d to = %d\n",
+			rq->f_cmd_data, timeout);
+	status = winbindd_send_request((int)rq->f_cmd_data,request);
+	SAFE_FREE(request);
+
+	if (status != NSS_STATUS_SUCCESS) {
+		nsd_logprintf(NSD_LOG_MIN, 
+			"send_next_request (winbind) error status = %d\n",status);
+		rq->f_status = status;
+		return NSD_NEXT;
+	}
+
+	current_rq = rq;
+
+	/*
+	 * Set up callback and timeouts
+	 */
+	nsd_logprintf(NSD_LOG_MIN, "send_next_request (winbind) fd = %d\n",winbindd_fd);
+	nsd_callback_new(winbindd_fd,winbind_callback,NSD_READ);
+	nsd_timeout_new(rq,timeout,winbind_timeout,(void *)0);
+	return NSD_CONTINUE;
+}
+
+int init(void)
+{
+	nsd_logprintf(NSD_LOG_MIN, "entering init (winbind)\n");
+	return(NSD_OK);
+}
+
+int lookup(nsd_file_t *rq)
+{
+	char *map;
+	char *key;
+	struct winbindd_request *request;
+
+	nsd_logprintf(NSD_LOG_MIN, "entering lookup (winbind)\n");
+	if (! rq)
+		return NSD_ERROR;
+
+	map = nsd_attr_fetch_string(rq->f_attrs, "table", (char*)0);
+	key = nsd_attr_fetch_string(rq->f_attrs, "key", (char*)0);
+	if (! map || ! key) {
+		nsd_logprintf(NSD_LOG_MIN, "lookup (winbind) table or key not defined\n");
+		rq->f_status = NS_BADREQ;
+		return NSD_ERROR;
+	}
+
+	nsd_logprintf(NSD_LOG_MIN, "lookup (winbind %s)\n",map);
+
+	request = (struct winbindd_request *)nsd_calloc(1,sizeof(struct winbindd_request));
+	if (! request) {
+		nsd_logprintf(NSD_LOG_RESOURCE,
+			"lookup (winbind): failed malloc\n");
+		return NSD_ERROR;
+	}
+
+	if (strcasecmp(map,"passwd.byuid") == 0) {
+	    request->data.uid = atoi(key);
+	    rq->f_cmd_data = (void *)WINBINDD_GETPWUID;
+	} else if (strcasecmp(map,"passwd.byname") == 0) {
+	    strncpy(request->data.username, key, 
+		sizeof(request->data.username) - 1);
+	    request->data.username[sizeof(request->data.username) - 1] = '\0';
+	    rq->f_cmd_data = (void *)WINBINDD_GETPWNAM; 
+	} else if (strcasecmp(map,"group.byname") == 0) {
+	    strncpy(request->data.groupname, key, 
+		sizeof(request->data.groupname) - 1);
+	    request->data.groupname[sizeof(request->data.groupname) - 1] = '\0';
+	    rq->f_cmd_data = (void *)WINBINDD_GETGRNAM; 
+	} else if (strcasecmp(map,"group.bygid") == 0) {
+	    request->data.gid = atoi(key);
+	    rq->f_cmd_data = (void *)WINBINDD_GETGRGID;
+	} else if (strcasecmp(map,"hosts.byname") == 0) {
+	    strncpy(request->data.winsreq, key, sizeof(request->data.winsreq) - 1);
+	    request->data.winsreq[sizeof(request->data.winsreq) - 1] = '\0';
+	    rq->f_cmd_data = (void *)WINBINDD_WINS_BYNAME;
+	} else if (strcasecmp(map,"hosts.byaddr") == 0) {
+	    strncpy(request->data.winsreq, key, sizeof(request->data.winsreq) - 1);
+	    request->data.winsreq[sizeof(request->data.winsreq) - 1] = '\0';
+	    rq->f_cmd_data = (void *)WINBINDD_WINS_BYIP;
+	} else {
+		/*
+		 * Don't understand this map - just return not found
+		 */
+		nsd_logprintf(NSD_LOG_MIN, "lookup (winbind) unknown table\n");
+		SAFE_FREE(request);
+		rq->f_status = NS_NOTFOUND;
+		return NSD_NEXT;
+	}
+
+	return(do_request(rq, request));
+}
+
+int list(nsd_file_t *rq)
+{
+	char *map;
+
+	nsd_logprintf(NSD_LOG_MIN, "entering list (winbind)\n");
+	if (! rq)
+		return NSD_ERROR;
+
+	map = nsd_attr_fetch_string(rq->f_attrs, "table", (char*)0);
+	if (! map ) {
+		nsd_logprintf(NSD_LOG_MIN, "list (winbind) table not defined\n");
+		rq->f_status = NS_BADREQ;
+		return NSD_ERROR;
+	}
+
+	nsd_logprintf(NSD_LOG_MIN, "list (winbind %s)\n",map);
+
+	return (do_list(0,rq));
+}
+
+static int
+do_list(int state, nsd_file_t *rq)
+{
+	char *map;
+	struct winbindd_request *request;
+
+	nsd_logprintf(NSD_LOG_MIN, "entering do_list (winbind) state = %d\n",state);
+
+	map = nsd_attr_fetch_string(rq->f_attrs, "table", (char*)0);
+	request = (struct winbindd_request *)nsd_calloc(1,sizeof(struct winbindd_request));
+	if (! request) {
+		nsd_logprintf(NSD_LOG_RESOURCE,
+			"do_list (winbind): failed malloc\n");
+		return NSD_ERROR;
+	}
+
+	if (strcasecmp(map,"passwd.byname") == 0) {
+	    switch (state) {
+		case 0:
+		    rq->f_cmd_data = (void *)WINBINDD_SETPWENT;
+		    break;
+		case 1:
+		    request->data.num_entries = MAX_GETPWENT_USERS;
+		    rq->f_cmd_data = (void *)WINBINDD_GETPWENT;
+		    break;
+		case 2:
+		    rq->f_cmd_data = (void *)WINBINDD_ENDPWENT;
+		    break;
+		default:
+		    nsd_logprintf(NSD_LOG_MIN, "do_list (winbind) unknown state\n");
+		    SAFE_FREE(request);
+		    rq->f_status = NS_NOTFOUND;
+		    return NSD_NEXT;
+	    }
+	} else if (strcasecmp(map,"group.byname") == 0) {
+	    switch (state) {
+		case 0:
+		    rq->f_cmd_data = (void *)WINBINDD_SETGRENT;
+		    break;
+		case 1:
+		    request->data.num_entries = MAX_GETGRENT_USERS;
+		    rq->f_cmd_data = (void *)WINBINDD_GETGRENT;
+		    break;
+		case 2:
+		    rq->f_cmd_data = (void *)WINBINDD_ENDGRENT;
+		    break;
+		default:
+		    nsd_logprintf(NSD_LOG_MIN, "do_list (winbind) unknown state\n");
+		    SAFE_FREE(request);
+		    rq->f_status = NS_NOTFOUND;
+		    return NSD_NEXT;
+	    }
+	} else {
+		/*
+		 * Don't understand this map - just return not found
+		 */
+		nsd_logprintf(NSD_LOG_MIN, "do_list (winbind) unknown table\n");
+		SAFE_FREE(request);
+		rq->f_status = NS_NOTFOUND;
+		return NSD_NEXT;
+	}
+
+	return(do_request(rq, request));
+}
+
+#else
+
+/* Allocate some space from the nss static buffer.  The buffer and buflen
+   are the pointers passed in by the C library to the _nss_ntdom_*
+   functions. */
+
+static char *get_static(char **buffer, int *buflen, int len)
+{
+	char *result;
+
+	/* Error check.  We return false if things aren't set up right, or
+	   there isn't enough buffer space left. */
+	
+	if ((buffer == NULL) || (buflen == NULL) || (*buflen < len)) {
+		return NULL;
+	}
+
+	/* Return an index into the static buffer */
+
+	result = *buffer;
+	*buffer += len;
+	*buflen -= len;
+
+	return result;
+}
+
+/* I've copied the strtok() replacement function next_token() from
+   lib/util_str.c as I really don't want to have to link in any other
+   objects if I can possibly avoid it. */
+
+BOOL next_token(char **ptr,char *buff,char *sep, size_t bufsize)
+{
+	char *s;
+	BOOL quoted;
+	size_t len=1;
+
+	if (!ptr) return(False);
+
+	s = *ptr;
+
+	/* default to simple separators */
+	if (!sep) sep = " \t\n\r";
+
+	/* find the first non sep char */
+	while (*s && strchr(sep,*s)) s++;
+	
+	/* nothing left? */
+	if (! *s) return(False);
+	
+	/* copy over the token */
+	for (quoted = False; len < bufsize && *s && (quoted || !strchr(sep,*s)); s++) {
+		if (*s == '\"') {
+			quoted = !quoted;
+		} else {
+			len++;
+			*buff++ = *s;
+		}
+	}
+	
+	*ptr = (*s) ? s+1 : s;  
+	*buff = 0;
+	
+	return(True);
+}
+
+
+/* Fill a pwent structure from a winbindd_response structure.  We use
+   the static data passed to us by libc to put strings and stuff in.
+   Return NSS_STATUS_TRYAGAIN if we run out of memory. */
+
+static NSS_STATUS fill_pwent(struct passwd *result,
+				  struct winbindd_pw *pw,
+				  char **buffer, int *buflen)
+{
+	/* User name */
+
+	if ((result->pw_name = 
+	     get_static(buffer, buflen, strlen(pw->pw_name) + 1)) == NULL) {
+
+		/* Out of memory */
+
+		return NSS_STATUS_TRYAGAIN;
+	}
+
+	strcpy(result->pw_name, pw->pw_name);
+
+	/* Password */
+
+	if ((result->pw_passwd = 
+	     get_static(buffer, buflen, strlen(pw->pw_passwd) + 1)) == NULL) {
+
+		/* Out of memory */
+
+		return NSS_STATUS_TRYAGAIN;
+	}
+
+	strcpy(result->pw_passwd, pw->pw_passwd);
+        
+	/* [ug]id */
+
+	result->pw_uid = pw->pw_uid;
+	result->pw_gid = pw->pw_gid;
+
+	/* GECOS */
+
+	if ((result->pw_gecos = 
+	     get_static(buffer, buflen, strlen(pw->pw_gecos) + 1)) == NULL) {
+
+		/* Out of memory */
+
+		return NSS_STATUS_TRYAGAIN;
+	}
+
+	strcpy(result->pw_gecos, pw->pw_gecos);
+	
+	/* Home directory */
+	
+	if ((result->pw_dir = 
+	     get_static(buffer, buflen, strlen(pw->pw_dir) + 1)) == NULL) {
+
+		/* Out of memory */
+
+		return NSS_STATUS_TRYAGAIN;
+	}
+
+	strcpy(result->pw_dir, pw->pw_dir);
+
+	/* Logon shell */
+	
+	if ((result->pw_shell = 
+	     get_static(buffer, buflen, strlen(pw->pw_shell) + 1)) == NULL) {
+		
+		/* Out of memory */
+
+		return NSS_STATUS_TRYAGAIN;
+	}
+
+	strcpy(result->pw_shell, pw->pw_shell);
+
+	return NSS_STATUS_SUCCESS;
+}
+
+/* Fill a grent structure from a winbindd_response structure.  We use
+   the static data passed to us by libc to put strings and stuff in.
+   Return NSS_STATUS_TRYAGAIN if we run out of memory. */
+
+static int fill_grent(struct group *result, struct winbindd_gr *gr,
+		      char *gr_mem, char **buffer, int *buflen)
+{
+	fstring name;
+	int i;
+	char *tst;
+
+	/* Group name */
+
+	if ((result->gr_name =
+	     get_static(buffer, buflen, strlen(gr->gr_name) + 1)) == NULL) {
+
+		/* Out of memory */
+
+		return NSS_STATUS_TRYAGAIN;
+	}
+
+	strcpy(result->gr_name, gr->gr_name);
+
+	/* Password */
+
+	if ((result->gr_passwd =
+	     get_static(buffer, buflen, strlen(gr->gr_passwd) + 1)) == NULL) {
+
+		/* Out of memory */
+		
+		return NSS_STATUS_TRYAGAIN;
+	}
+
+	strcpy(result->gr_passwd, gr->gr_passwd);
+
+	/* gid */
+
+	result->gr_gid = gr->gr_gid;
+
+	/* Group membership */
+
+	if ((gr->num_gr_mem < 0) || !gr_mem) {
+		gr->num_gr_mem = 0;
+	}
+
+	/* this next value is a pointer to a pointer so let's align it */
+
+	/* Calculate number of extra bytes needed to align on pointer size boundry */
+	if ((i = (int)*buffer % sizeof(char*)) != 0)
+		i = sizeof(char*) - i;
+	
+	if ((tst = get_static(buffer, buflen, ((gr->num_gr_mem + 1) * 
+				 sizeof(char *)+i))) == NULL) {
+
+		/* Out of memory */
+
+		return NSS_STATUS_TRYAGAIN;
+	}
+	result->gr_mem = (char **)(tst + i);
+
+	if (gr->num_gr_mem == 0) {
+
+		/* Group is empty */
+
+		*(result->gr_mem) = NULL;
+		return NSS_STATUS_SUCCESS;
+	}
+
+	/* Start looking at extra data */
+
+	i = 0;
+
+	while(next_token((char **)&gr_mem, name, ",", sizeof(fstring))) {
+        
+		/* Allocate space for member */
+        
+		if (((result->gr_mem)[i] = 
+		     get_static(buffer, buflen, strlen(name) + 1)) == NULL) {
+            
+			/* Out of memory */
+            
+			return NSS_STATUS_TRYAGAIN;
+		}        
+        
+		strcpy((result->gr_mem)[i], name);
+		i++;
+	}
+
+	/* Terminate list */
+
+	(result->gr_mem)[i] = NULL;
+
+	return NSS_STATUS_SUCCESS;
+}
+
+/*
+ * NSS user functions
+ */
+
+static struct winbindd_response getpwent_response;
+
+static int ndx_pw_cache;                 /* Current index into pwd cache */
+static int num_pw_cache;                 /* Current size of pwd cache */
+
+/* Rewind "file pointer" to start of ntdom password database */
+
+NSS_STATUS
+_nss_winbind_setpwent(void)
+{
+#ifdef DEBUG_NSS
+	fprintf(stderr, "[%5d]: setpwent\n", getpid());
+#endif
+
+	if (num_pw_cache > 0) {
+		ndx_pw_cache = num_pw_cache = 0;
+		free_response(&getpwent_response);
+	}
+
+	return winbindd_request(WINBINDD_SETPWENT, NULL, NULL);
+}
+
+/* Close ntdom password database "file pointer" */
+
+NSS_STATUS
+_nss_winbind_endpwent(void)
+{
+#ifdef DEBUG_NSS
+	fprintf(stderr, "[%5d]: endpwent\n", getpid());
+#endif
+
+	if (num_pw_cache > 0) {
+		ndx_pw_cache = num_pw_cache = 0;
+		free_response(&getpwent_response);
+	}
+
+	return winbindd_request(WINBINDD_ENDPWENT, NULL, NULL);
+}
+
+/* Fetch the next password entry from ntdom password database */
+
+NSS_STATUS
+_nss_winbind_getpwent_r(struct passwd *result, char *buffer, 
+			size_t buflen, int *errnop)
+{
+	NSS_STATUS ret;
+	struct winbindd_request request;
+	static int called_again;
+
+#ifdef DEBUG_NSS
+	fprintf(stderr, "[%5d]: getpwent\n", getpid());
+#endif
+
+	/* Return an entry from the cache if we have one, or if we are
+	   called again because we exceeded our static buffer.  */
+
+	if ((ndx_pw_cache < num_pw_cache) || called_again) {
+		goto return_result;
+	}
+
+	/* Else call winbindd to get a bunch of entries */
+	
+	if (num_pw_cache > 0) {
+		free_response(&getpwent_response);
+	}
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(getpwent_response);
+
+	request.data.num_entries = MAX_GETPWENT_USERS;
+
+	ret = winbindd_request(WINBINDD_GETPWENT, &request, 
+			       &getpwent_response);
+
+	if (ret == NSS_STATUS_SUCCESS) {
+		struct winbindd_pw *pw_cache;
+
+		/* Fill cache */
+
+		ndx_pw_cache = 0;
+		num_pw_cache = getpwent_response.data.num_entries;
+
+		/* Return a result */
+
+	return_result:
+
+		pw_cache = getpwent_response.extra_data;
+
+		/* Check data is valid */
+
+		if (pw_cache == NULL) {
+			return NSS_STATUS_NOTFOUND;
+		}
+
+		ret = fill_pwent(result, &pw_cache[ndx_pw_cache],
+				 &buffer, &buflen);
+		
+		/* Out of memory - try again */
+
+		if (ret == NSS_STATUS_TRYAGAIN) {
+			called_again = True;
+			*errnop = errno = ERANGE;
+			return ret;
+		}
+
+		*errnop = errno = 0;
+		called_again = False;
+		ndx_pw_cache++;
+
+		/* If we've finished with this lot of results free cache */
+
+		if (ndx_pw_cache == num_pw_cache) {
+			ndx_pw_cache = num_pw_cache = 0;
+			free_response(&getpwent_response);
+		}
+	}
+
+	return ret;
+}
+
+/* Return passwd struct from uid */
+
+NSS_STATUS
+_nss_winbind_getpwuid_r(uid_t uid, struct passwd *result, char *buffer,
+			size_t buflen, int *errnop)
+{
+	NSS_STATUS ret;
+	static struct winbindd_response response;
+	struct winbindd_request request;
+	static int keep_response=0;
+
+	/* If our static buffer needs to be expanded we are called again */
+	if (!keep_response) {
+
+		/* Call for the first time */
+
+		ZERO_STRUCT(response);
+		ZERO_STRUCT(request);
+
+		request.data.uid = uid;
+
+		ret = winbindd_request(WINBINDD_GETPWUID, &request, &response);
+
+		if (ret == NSS_STATUS_SUCCESS) {
+			ret = fill_pwent(result, &response.data.pw, 
+					 &buffer, &buflen);
+
+			if (ret == NSS_STATUS_TRYAGAIN) {
+				keep_response = True;
+				*errnop = errno = ERANGE;
+				return ret;
+			}
+		}
+
+	} else {
+
+		/* We've been called again */
+
+		ret = fill_pwent(result, &response.data.pw, &buffer, &buflen);
+
+		if (ret == NSS_STATUS_TRYAGAIN) {
+			keep_response = True;
+			*errnop = errno = ERANGE;
+			return ret;
+		}
+
+		keep_response = False;
+		*errnop = errno = 0;
+	}
+
+	free_response(&response);
+	return ret;
+}
+
+/* Return passwd struct from username */
+
+NSS_STATUS
+_nss_winbind_getpwnam_r(const char *name, struct passwd *result, char *buffer,
+			size_t buflen, int *errnop)
+{
+	NSS_STATUS ret;
+	static struct winbindd_response response;
+	struct winbindd_request request;
+	static int keep_response;
+
+#ifdef DEBUG_NSS
+	fprintf(stderr, "[%5d]: getpwnam %s\n", getpid(), name);
+#endif
+
+	/* If our static buffer needs to be expanded we are called again */
+
+	if (!keep_response) {
+
+		/* Call for the first time */
+
+		ZERO_STRUCT(response);
+		ZERO_STRUCT(request);
+
+		strncpy(request.data.username, name, 
+			sizeof(request.data.username) - 1);
+		request.data.username
+			[sizeof(request.data.username) - 1] = '\0';
+
+		ret = winbindd_request(WINBINDD_GETPWNAM, &request, &response);
+
+		if (ret == NSS_STATUS_SUCCESS) {
+			ret = fill_pwent(result, &response.data.pw, &buffer,
+					 &buflen);
+
+			if (ret == NSS_STATUS_TRYAGAIN) {
+				keep_response = True;
+				*errnop = errno = ERANGE;
+				return ret;
+			}
+		}
+
+	} else {
+
+		/* We've been called again */
+
+		ret = fill_pwent(result, &response.data.pw, &buffer, &buflen);
+
+		if (ret == NSS_STATUS_TRYAGAIN) {
+			keep_response = True;
+			*errnop = errno = ERANGE;
+			return ret;
+		}
+
+		keep_response = False;
+		*errnop = errno = 0;
+	}
+
+	free_response(&response);
+	return ret;
+}
+
+/*
+ * NSS group functions
+ */
+
+static struct winbindd_response getgrent_response;
+
+static int ndx_gr_cache;                 /* Current index into grp cache */
+static int num_gr_cache;                 /* Current size of grp cache */
+
+/* Rewind "file pointer" to start of ntdom group database */
+
+NSS_STATUS
+_nss_winbind_setgrent(void)
+{
+#ifdef DEBUG_NSS
+	fprintf(stderr, "[%5d]: setgrent\n", getpid());
+#endif
+
+	if (num_gr_cache > 0) {
+		ndx_gr_cache = num_gr_cache = 0;
+		free_response(&getgrent_response);
+	}
+
+	return winbindd_request(WINBINDD_SETGRENT, NULL, NULL);
+}
+
+/* Close "file pointer" for ntdom group database */
+
+NSS_STATUS
+_nss_winbind_endgrent(void)
+{
+#ifdef DEBUG_NSS
+	fprintf(stderr, "[%5d]: endgrent\n", getpid());
+#endif
+
+	if (num_gr_cache > 0) {
+		ndx_gr_cache = num_gr_cache = 0;
+		free_response(&getgrent_response);
+	}
+
+	return winbindd_request(WINBINDD_ENDGRENT, NULL, NULL);
+}
+
+/* Get next entry from ntdom group database */
+
+NSS_STATUS
+_nss_winbind_getgrent_r(struct group *result,
+			char *buffer, size_t buflen, int *errnop)
+{
+	NSS_STATUS ret;
+	static struct winbindd_request request;
+	static int called_again;
+
+#ifdef DEBUG_NSS
+	fprintf(stderr, "[%5d]: getgrent\n", getpid());
+#endif
+
+	/* Return an entry from the cache if we have one, or if we are
+	   called again because we exceeded our static buffer.  */
+
+	if ((ndx_gr_cache < num_gr_cache) || called_again) {
+		goto return_result;
+	}
+
+	/* Else call winbindd to get a bunch of entries */
+	
+	if (num_gr_cache > 0) {
+		free_response(&getgrent_response);
+	}
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(getgrent_response);
+
+	request.data.num_entries = MAX_GETGRENT_USERS;
+
+	ret = winbindd_request(WINBINDD_GETGRENT, &request, 
+			       &getgrent_response);
+
+	if (ret == NSS_STATUS_SUCCESS) {
+		struct winbindd_gr *gr_cache;
+		int mem_ofs;
+
+		/* Fill cache */
+
+		ndx_gr_cache = 0;
+		num_gr_cache = getgrent_response.data.num_entries;
+
+		/* Return a result */
+
+	return_result:
+
+		gr_cache = getgrent_response.extra_data;
+
+		/* Check data is valid */
+
+		if (gr_cache == NULL) {
+			return NSS_STATUS_NOTFOUND;
+		}
+
+		/* Fill group membership.  The offset into the extra data
+		   for the group membership is the reported offset plus the
+		   size of all the winbindd_gr records returned. */
+
+		mem_ofs = gr_cache[ndx_gr_cache].gr_mem_ofs +
+			num_gr_cache * sizeof(struct winbindd_gr);
+
+		ret = fill_grent(result, &gr_cache[ndx_gr_cache],
+				 ((char *)getgrent_response.extra_data)+mem_ofs,
+				 &buffer, &buflen);
+		
+		/* Out of memory - try again */
+
+		if (ret == NSS_STATUS_TRYAGAIN) {
+			called_again = True;
+			*errnop = errno = ERANGE;
+			return ret;
+		}
+
+		*errnop = 0;
+		called_again = False;
+		ndx_gr_cache++;
+
+		/* If we've finished with this lot of results free cache */
+
+		if (ndx_gr_cache == num_gr_cache) {
+			ndx_gr_cache = num_gr_cache = 0;
+			free_response(&getgrent_response);
+		}
+	}
+
+	return ret;
+}
+
+/* Return group struct from group name */
+
+NSS_STATUS
+_nss_winbind_getgrnam_r(const char *name,
+			struct group *result, char *buffer,
+			size_t buflen, int *errnop)
+{
+	NSS_STATUS ret;
+	static struct winbindd_response response;
+	struct winbindd_request request;
+	static int keep_response;
+	
+#ifdef DEBUG_NSS
+	fprintf(stderr, "[%5d]: getgrnam %s\n", getpid(), name);
+#endif
+
+	/* If our static buffer needs to be expanded we are called again */
+	
+	if (!keep_response) {
+
+		/* Call for the first time */
+
+		ZERO_STRUCT(request);
+		ZERO_STRUCT(response);
+
+		strncpy(request.data.groupname, name, 
+			sizeof(request.data.groupname));
+		request.data.groupname
+			[sizeof(request.data.groupname) - 1] = '\0';
+
+		ret = winbindd_request(WINBINDD_GETGRNAM, &request, &response);
+
+		if (ret == NSS_STATUS_SUCCESS) {
+			ret = fill_grent(result, &response.data.gr, 
+					 response.extra_data,
+					 &buffer, &buflen);
+
+			if (ret == NSS_STATUS_TRYAGAIN) {
+				keep_response = True;
+				*errnop = errno = ERANGE;
+				return ret;
+			}
+		}
+
+	} else {
+		
+		/* We've been called again */
+		
+		ret = fill_grent(result, &response.data.gr, 
+				 response.extra_data, &buffer, &buflen);
+		
+		if (ret == NSS_STATUS_TRYAGAIN) {
+			keep_response = True;
+			*errnop = errno = ERANGE;
+			return ret;
+		}
+
+		keep_response = False;
+		*errnop = 0;
+	}
+
+	free_response(&response);
+	return ret;
+}
+
+/* Return group struct from gid */
+
+NSS_STATUS
+_nss_winbind_getgrgid_r(gid_t gid,
+			struct group *result, char *buffer,
+			size_t buflen, int *errnop)
+{
+	NSS_STATUS ret;
+	static struct winbindd_response response;
+	struct winbindd_request request;
+	static int keep_response;
+
+#ifdef DEBUG_NSS
+	fprintf(stderr, "[%5d]: getgrgid %d\n", getpid(), gid);
+#endif
+
+	/* If our static buffer needs to be expanded we are called again */
+
+	if (!keep_response) {
+
+		/* Call for the first time */
+
+		ZERO_STRUCT(request);
+		ZERO_STRUCT(response);
+
+		request.data.gid = gid;
+
+		ret = winbindd_request(WINBINDD_GETGRGID, &request, &response);
+
+		if (ret == NSS_STATUS_SUCCESS) {
+
+			ret = fill_grent(result, &response.data.gr, 
+					 response.extra_data, 
+					 &buffer, &buflen);
+
+			if (ret == NSS_STATUS_TRYAGAIN) {
+				keep_response = True;
+				*errnop = errno = ERANGE;
+				return ret;
+			}
+		}
+
+	} else {
+
+		/* We've been called again */
+
+		ret = fill_grent(result, &response.data.gr, 
+				 response.extra_data, &buffer, &buflen);
+
+		if (ret == NSS_STATUS_TRYAGAIN) {
+			keep_response = True;
+			*errnop = errno = ERANGE;
+			return ret;
+		}
+
+		keep_response = False;
+		*errnop = 0;
+	}
+
+	free_response(&response);
+	return ret;
+}
+
+/* Initialise supplementary groups */
+
+NSS_STATUS
+_nss_winbind_initgroups_dyn(char *user, gid_t group, long int *start,
+			    long int *size, gid_t **groups, long int limit,
+			    int *errnop)
+{
+	NSS_STATUS ret;
+	struct winbindd_request request;
+	struct winbindd_response response;
+	int i;
+
+#ifdef DEBUG_NSS
+	fprintf(stderr, "[%5d]: initgroups %s (%d)\n", getpid(),
+		user, group);
+#endif
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	strncpy(request.data.username, user,
+		sizeof(request.data.username) - 1);
+
+	ret = winbindd_request(WINBINDD_GETGROUPS, &request, &response);
+
+	if (ret == NSS_STATUS_SUCCESS) {
+		int num_gids = response.data.num_entries;
+		gid_t *gid_list = (gid_t *)response.extra_data;
+
+		/* Copy group list to client */
+
+		for (i = 0; i < num_gids; i++) {
+
+			/* Skip primary group */
+
+			if (gid_list[i] == group) continue;
+
+			/* Add to buffer */
+
+			if (*start == *size && limit <= 0) {
+				(*groups) = realloc(
+					(*groups), (2 * (*size) + 1) * sizeof(**groups));
+				if (! *groups) goto done;
+				*size = 2 * (*size) + 1;
+			}
+
+			if (*start == *size) goto done;
+
+			(*groups)[*start] = gid_list[i];
+			*start += 1;
+
+			/* Filled buffer? */
+
+			if (*start == limit) goto done;
+		}
+	}
+	
+	/* Back to your regularly scheduled programming */
+
+ done:
+	return ret;
+}
+
+#endif
diff --git a/source3/nsswitch/winbind_nss_config.h b/source3/nsswitch/winbind_nss_config.h
new file mode 100644
index 0000000000..0de63878be
--- /dev/null
+++ b/source3/nsswitch/winbind_nss_config.h
@@ -0,0 +1,147 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Winbind daemon for ntdom nss module
+
+   Copyright (C) Tim Potter 2000
+   
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Library General Public
+   License as published by the Free Software Foundation; either
+   version 2 of the License, or (at your option) any later version.
+   
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Library General Public License for more details.
+   
+   You should have received a copy of the GNU Library General Public
+   License along with this library; if not, write to the
+   Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA  02111-1307, USA.   
+*/
+
+#ifndef _WINBIND_NSS_CONFIG_H
+#define _WINBIND_NSS_CONFIG_H
+
+/* Include header files from data in config.h file */
+
+#include <config.h>
+
+#include <stdio.h>
+
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+
+#ifdef HAVE_UNIXSOCKET
+#include <sys/un.h>
+#endif
+
+#ifdef HAVE_SYS_TIME_H
+#include <sys/time.h>
+#endif
+
+#ifdef HAVE_GRP_H
+#include <grp.h>
+#endif
+
+#ifdef HAVE_STRING_H
+#include <string.h>
+#endif
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <errno.h>
+#include <pwd.h>
+#include "nsswitch/nss.h"
+
+/* Declarations for functions in winbind_nss.c
+   needed in winbind_nss_solaris.c (solaris wrapper to nss) */
+
+NSS_STATUS _nss_winbind_setpwent(void);
+NSS_STATUS _nss_winbind_endpwent(void);
+NSS_STATUS _nss_winbind_getpwent_r(struct passwd* result, char* buffer,
+				   size_t buflen, int* errnop);
+NSS_STATUS _nss_winbind_getpwuid_r(uid_t, struct passwd*, char* buffer,
+				   size_t buflen, int* errnop);
+NSS_STATUS _nss_winbind_getpwnam_r(const char* name, struct passwd* result,
+				   char* buffer, size_t buflen, int* errnop);
+
+NSS_STATUS _nss_winbind_setgrent(void);
+NSS_STATUS _nss_winbind_endgrent(void);
+NSS_STATUS _nss_winbind_getgrent_r(struct group* result, char* buffer,
+				   size_t buflen, int* errnop);
+NSS_STATUS _nss_winbind_getgrnam_r(const char *name,
+				   struct group *result, char *buffer,
+				   size_t buflen, int *errnop);
+NSS_STATUS _nss_winbind_getgrgid_r(gid_t gid,
+				   struct group *result, char *buffer,
+				   size_t buflen, int *errnop);
+
+/* I'm trying really hard not to include anything from smb.h with the
+   result of some silly looking redeclaration of structures. */
+
+#ifndef _PSTRING
+#define _PSTRING
+#define PSTRING_LEN 1024
+#define FSTRING_LEN 256
+typedef char pstring[PSTRING_LEN];
+typedef char fstring[FSTRING_LEN];
+#endif
+
+#ifndef _BOOL
+#define _BOOL			/* So we don't typedef BOOL again in vfs.h */
+#define False (0)
+#define True (1)
+#define Auto (2)
+typedef int BOOL;
+#endif
+
+#if !defined(uint32)
+#if (SIZEOF_INT == 4)
+#define uint32 unsigned int
+#elif (SIZEOF_LONG == 4)
+#define uint32 unsigned long
+#elif (SIZEOF_SHORT == 4)
+#define uint32 unsigned short
+#endif
+#endif
+
+#if !defined(uint16)
+#if (SIZEOF_SHORT == 4)
+#define uint16 __ERROR___CANNOT_DETERMINE_TYPE_FOR_INT16;
+#else /* SIZEOF_SHORT != 4 */
+#define uint16 unsigned short
+#endif /* SIZEOF_SHORT != 4 */
+#endif
+
+#ifndef uint8
+#define uint8 unsigned char
+#endif
+
+/* zero a structure */
+#define ZERO_STRUCT(x) memset((char *)&(x), 0, sizeof(x))
+
+/* zero a structure given a pointer to the structure */
+#define ZERO_STRUCTP(x) { if ((x) != NULL) memset((char *)(x), 0, sizeof(*(x))); }
+    
+/* Some systems (SCO) treat UNIX domain sockets as FIFOs */
+
+#ifndef S_IFSOCK
+#define S_IFSOCK S_IFIFO
+#endif
+
+#ifndef S_ISSOCK
+#define S_ISSOCK(mode)  ((mode & S_IFSOCK) == S_IFSOCK)
+#endif
+
+#endif
diff --git a/source3/nsswitch/winbind_nss_solaris.c b/source3/nsswitch/winbind_nss_solaris.c
new file mode 100644
index 0000000000..8bf1487f5a
--- /dev/null
+++ b/source3/nsswitch/winbind_nss_solaris.c
@@ -0,0 +1,281 @@
+/*
+  Solaris NSS wrapper for winbind 
+  - Shirish Kalele 2000
+
+  Based on Luke Howard's ldap_nss module for Solaris 
+  */
+
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/param.h>
+#include <string.h>
+#include <pwd.h>
+#include "includes.h"
+#include <syslog.h>
+#if !defined(HPUX)
+#include <sys/syslog.h>
+#endif /*hpux*/
+#include "winbind_nss_config.h"
+
+#if defined(HAVE_NSS_COMMON_H) || defined(HPUX) 
+
+#undef NSS_DEBUG
+
+#ifdef NSS_DEBUG
+#define NSS_DEBUG(str) syslog(LOG_DEBUG, "nss_winbind: %s", str);
+#else
+#define NSS_DEBUG(str) ;
+#endif
+
+#define NSS_ARGS(args) ((nss_XbyY_args_t *)args)
+
+#define make_pwent_str(dest, src) 					\
+{									\
+  if((dest = get_static(buffer, buflen, strlen(src)+1)) == NULL)	\
+    {									\
+      *errnop = ERANGE;							\
+      NSS_DEBUG("ERANGE error");					\
+      return NSS_STATUS_TRYAGAIN; 		       			\
+    }									\
+  strcpy(dest, src);							\
+}
+
+static NSS_STATUS _nss_winbind_setpwent_solwrap (nss_backend_t* be, void* args)
+{
+	NSS_DEBUG("_nss_winbind_setpwent_solwrap");
+	return _nss_winbind_setpwent();
+}
+
+static NSS_STATUS
+_nss_winbind_endpwent_solwrap (nss_backend_t * be, void *args)
+{
+	NSS_DEBUG("_nss_winbind_endpwent_solwrap");
+	return _nss_winbind_endpwent();
+}
+
+static NSS_STATUS
+_nss_winbind_getpwent_solwrap (nss_backend_t* be, void *args)
+{
+	NSS_STATUS ret;
+	char* buffer = NSS_ARGS(args)->buf.buffer;
+	int buflen = NSS_ARGS(args)->buf.buflen;
+	struct passwd* result = (struct passwd*) NSS_ARGS(args)->buf.result;
+	int* errnop = &NSS_ARGS(args)->erange;
+	char logmsg[80];
+
+	ret = _nss_winbind_getpwent_r(result, buffer, 
+				      buflen, errnop);
+
+	if(ret == NSS_STATUS_SUCCESS)
+		{
+			snprintf(logmsg, 79, "_nss_winbind_getpwent_solwrap: Returning user: %s\n",
+				 result->pw_name);
+			NSS_DEBUG(logmsg);
+			NSS_ARGS(args)->returnval = (void*) result;
+		} else {
+			snprintf(logmsg, 79, "_nss_winbind_getpwent_solwrap: Returning error: %d.\n",ret);
+			NSS_DEBUG(logmsg);
+		}
+    
+	return ret;
+}
+
+static NSS_STATUS
+_nss_winbind_getpwnam_solwrap (nss_backend_t* be, void* args)
+{
+	NSS_STATUS ret;
+	struct passwd* result = (struct passwd*) NSS_ARGS(args)->buf.result;
+
+	NSS_DEBUG("_nss_winbind_getpwnam_solwrap");
+
+	ret = _nss_winbind_getpwnam_r (NSS_ARGS(args)->key.name,
+						result,
+						NSS_ARGS(args)->buf.buffer,
+						NSS_ARGS(args)->buf.buflen,
+						&NSS_ARGS(args)->erange);
+	if(ret == NSS_STATUS_SUCCESS)
+		NSS_ARGS(args)->returnval = (void*) result;
+  
+	return ret;
+}
+
+static NSS_STATUS
+_nss_winbind_getpwuid_solwrap(nss_backend_t* be, void* args)
+{
+	NSS_STATUS ret;
+	struct passwd* result = (struct passwd*) NSS_ARGS(args)->buf.result;
+  
+	NSS_DEBUG("_nss_winbind_getpwuid_solwrap");
+	ret = _nss_winbind_getpwuid_r (NSS_ARGS(args)->key.uid,
+				       result,
+				       NSS_ARGS(args)->buf.buffer,
+				       NSS_ARGS(args)->buf.buflen,
+				       &NSS_ARGS(args)->erange);
+	if(ret == NSS_STATUS_SUCCESS)
+		NSS_ARGS(args)->returnval = (void*) result;
+  
+	return ret;
+}
+
+static NSS_STATUS _nss_winbind_passwd_destr (nss_backend_t * be, void *args)
+{
+	SAFE_FREE(be);
+	NSS_DEBUG("_nss_winbind_passwd_destr");
+	return NSS_STATUS_SUCCESS;
+}
+
+static nss_backend_op_t passwd_ops[] =
+{
+	_nss_winbind_passwd_destr,
+	_nss_winbind_endpwent_solwrap,		/* NSS_DBOP_ENDENT */
+	_nss_winbind_setpwent_solwrap,		/* NSS_DBOP_SETENT */
+	_nss_winbind_getpwent_solwrap,		/* NSS_DBOP_GETENT */
+	_nss_winbind_getpwnam_solwrap,		/* NSS_DBOP_PASSWD_BYNAME */
+	_nss_winbind_getpwuid_solwrap		/* NSS_DBOP_PASSWD_BYUID */
+};
+
+nss_backend_t*
+_nss_winbind_passwd_constr (const char* db_name,
+			    const char* src_name,
+			    const char* cfg_args)
+{
+	nss_backend_t *be;
+  
+	if(!(be = (nss_backend_t*) malloc(sizeof(nss_backend_t))) )
+		return NULL;
+
+	be->ops = passwd_ops;
+	be->n_ops = sizeof(passwd_ops) / sizeof(nss_backend_op_t);
+
+	NSS_DEBUG("Initialized nss_winbind passwd backend");
+	return be;
+}
+
+/*****************************************************************
+ GROUP database backend
+ *****************************************************************/
+
+static NSS_STATUS _nss_winbind_setgrent_solwrap (nss_backend_t* be, void* args)
+{
+	NSS_DEBUG("_nss_winbind_setgrent_solwrap");
+	return _nss_winbind_setgrent();
+}
+
+static NSS_STATUS
+_nss_winbind_endgrent_solwrap (nss_backend_t * be, void *args)
+{
+	NSS_DEBUG("_nss_winbind_endgrent_solwrap");
+	return _nss_winbind_endgrent();
+}
+
+static NSS_STATUS
+_nss_winbind_getgrent_solwrap(nss_backend_t* be, void* args)
+{
+	NSS_STATUS ret;
+	char* buffer = NSS_ARGS(args)->buf.buffer;
+	int buflen = NSS_ARGS(args)->buf.buflen;
+	struct group* result = (struct group*) NSS_ARGS(args)->buf.result;
+	int* errnop = &NSS_ARGS(args)->erange;
+	char logmsg[80];
+
+	ret = _nss_winbind_getgrent_r(result, buffer, 
+				      buflen, errnop);
+
+	if(ret == NSS_STATUS_SUCCESS)
+		{
+			snprintf(logmsg, 79, "_nss_winbind_getgrent_solwrap: Returning group: %s\n", result->gr_name);
+			NSS_DEBUG(logmsg);
+			NSS_ARGS(args)->returnval = (void*) result;
+		} else {
+			snprintf(logmsg, 79, "_nss_winbind_getgrent_solwrap: Returning error: %d.\n", ret);
+			NSS_DEBUG(logmsg);
+		}
+
+	return ret;
+	
+}
+
+static NSS_STATUS
+_nss_winbind_getgrnam_solwrap(nss_backend_t* be, void* args)
+{
+	NSS_STATUS ret;
+	struct group* result = (struct group*) NSS_ARGS(args)->buf.result;
+
+	NSS_DEBUG("_nss_winbind_getgrnam_solwrap");
+	ret = _nss_winbind_getgrnam_r(NSS_ARGS(args)->key.name,
+				      result,
+				      NSS_ARGS(args)->buf.buffer,
+				      NSS_ARGS(args)->buf.buflen,
+				      &NSS_ARGS(args)->erange);
+
+	if(ret == NSS_STATUS_SUCCESS)
+		NSS_ARGS(args)->returnval = (void*) result;
+  
+	return ret;
+}
+  
+static NSS_STATUS
+_nss_winbind_getgrgid_solwrap(nss_backend_t* be, void* args)
+{
+	NSS_STATUS ret;
+	struct group* result = (struct group*) NSS_ARGS(args)->buf.result;
+
+	NSS_DEBUG("_nss_winbind_getgrgid_solwrap");
+	ret = _nss_winbind_getgrgid_r (NSS_ARGS(args)->key.gid,
+				       result,
+				       NSS_ARGS(args)->buf.buffer,
+				       NSS_ARGS(args)->buf.buflen,
+				       &NSS_ARGS(args)->erange);
+
+	if(ret == NSS_STATUS_SUCCESS)
+		NSS_ARGS(args)->returnval = (void*) result;
+
+	return ret;
+}
+
+static NSS_STATUS
+_nss_winbind_getgroupsbymember_solwrap(nss_backend_t* be, void* args)
+{
+	NSS_DEBUG("_nss_winbind_getgroupsbymember");
+	return NSS_STATUS_NOTFOUND;
+}
+
+static NSS_STATUS
+_nss_winbind_group_destr (nss_backend_t* be, void* args)
+{
+	SAFE_FREE(be);
+	NSS_DEBUG("_nss_winbind_group_destr");
+	return NSS_STATUS_SUCCESS;
+}
+
+static nss_backend_op_t group_ops[] = 
+{
+	_nss_winbind_group_destr,
+	_nss_winbind_endgrent_solwrap,
+	_nss_winbind_setgrent_solwrap,
+	_nss_winbind_getgrent_solwrap,
+	_nss_winbind_getgrnam_solwrap,
+	_nss_winbind_getgrgid_solwrap,
+	_nss_winbind_getgroupsbymember_solwrap
+}; 
+
+nss_backend_t*
+_nss_winbind_group_constr (const char* db_name,
+			   const char* src_name,
+			   const char* cfg_args)
+{
+	nss_backend_t* be;
+
+	if(!(be = (nss_backend_t*) malloc(sizeof(nss_backend_t))) )
+		return NULL;
+
+	be->ops = group_ops;
+	be->n_ops = sizeof(group_ops) / sizeof(nss_backend_op_t);
+  
+	NSS_DEBUG("Initialized nss_winbind group backend");
+	return be;
+}
+
+#endif /* SUN_NSS */
+
+
diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c
new file mode 100644
index 0000000000..e9ee2a7693
--- /dev/null
+++ b/source3/nsswitch/winbindd.c
@@ -0,0 +1,849 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Winbind daemon for ntdom nss module
+
+   Copyright (C) by Tim Potter 2000, 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "winbindd.h"
+
+/* List of all connected clients */
+
+struct winbindd_cli_state *client_list;
+static int num_clients;
+BOOL opt_nocache;
+
+/* Reload configuration */
+
+static BOOL reload_services_file(BOOL test)
+{
+	BOOL ret;
+	pstring logfile;
+
+	if (lp_loaded()) {
+		pstring fname;
+
+		pstrcpy(fname,lp_configfile());
+		if (file_exist(fname,NULL) && !strcsequal(fname,dyn_CONFIGFILE)) {
+			pstrcpy(dyn_CONFIGFILE,fname);
+			test = False;
+		}
+	}
+
+	snprintf(logfile, sizeof(logfile), "%s/log.winbindd", dyn_LOGFILEBASE);
+	lp_set_logfile(logfile);
+
+	reopen_logs();
+	ret = lp_load(dyn_CONFIGFILE,False,False,True);
+
+	snprintf(logfile, sizeof(logfile), "%s/log.winbindd", dyn_LOGFILEBASE);
+	lp_set_logfile(logfile);
+
+	reopen_logs();
+	load_interfaces();
+
+	return(ret);
+}
+
+#if DUMP_CORE
+
+/**************************************************************************** **
+ Prepare to dump a core file - carefully!
+ **************************************************************************** */
+
+static BOOL dump_core(void)
+{
+	char *p;
+	pstring dname;
+	pstrcpy( dname, lp_logfile() );
+	if ((p=strrchr(dname,'/')))
+		*p=0;
+	pstrcat( dname, "/corefiles" );
+	mkdir( dname, 0700 );
+	sys_chown( dname, getuid(), getgid() );
+	chmod( dname, 0700 );
+	if ( chdir(dname) )
+		return( False );
+	umask( ~(0700) );
+ 
+#ifdef HAVE_GETRLIMIT
+#ifdef RLIMIT_CORE
+	{
+		struct rlimit rlp;
+		getrlimit( RLIMIT_CORE, &rlp );
+		rlp.rlim_cur = MAX( 4*1024*1024, rlp.rlim_cur );
+		setrlimit( RLIMIT_CORE, &rlp );
+		getrlimit( RLIMIT_CORE, &rlp );
+		DEBUG( 3, ( "Core limits now %d %d\n", (int)rlp.rlim_cur, (int)rlp.rlim_max ) );
+	}
+#endif
+#endif
+ 
+	DEBUG(0,("Dumping core in %s\n",dname));
+	abort();
+	return( True );
+} /* dump_core */
+#endif
+
+/**************************************************************************** **
+ Handle a fault..
+ **************************************************************************** */
+
+static void fault_quit(void)
+{
+#if DUMP_CORE
+	dump_core();
+#endif
+}
+
+static void winbindd_status(void)
+{
+	struct winbindd_cli_state *tmp;
+
+	DEBUG(0, ("winbindd status:\n"));
+
+	/* Print client state information */
+	
+	DEBUG(0, ("\t%d clients currently active\n", num_clients));
+	
+	if (DEBUGLEVEL >= 2 && num_clients) {
+		DEBUG(2, ("\tclient list:\n"));
+		for(tmp = client_list; tmp; tmp = tmp->next) {
+			DEBUG(2, ("\t\tpid %d, sock %d, rbl %d, wbl %d\n",
+				  tmp->pid, tmp->sock, tmp->read_buf_len, 
+				  tmp->write_buf_len));
+		}
+	}
+}
+
+/* Print winbindd status to log file */
+
+static void print_winbindd_status(void)
+{
+	winbindd_status();
+	winbindd_idmap_status();
+	winbindd_cm_status();
+}
+
+/* Flush client cache */
+
+static void flush_caches(void)
+{
+	/* Clear cached user and group enumation info */	
+	wcache_flush_cache();
+}
+
+/* Handle the signal by unlinking socket and exiting */
+
+static void terminate(void)
+{
+	pstring path;
+
+	winbindd_idmap_close();
+	
+	/* Remove socket file */
+	snprintf(path, sizeof(path), "%s/%s", 
+		 WINBINDD_SOCKET_DIR, WINBINDD_SOCKET_NAME);
+	unlink(path);
+	exit(0);
+}
+
+static BOOL do_sigterm;
+
+static void termination_handler(int signum)
+{
+	do_sigterm = True;
+	sys_select_signal();
+}
+
+static BOOL do_sigusr2;
+
+static void sigusr2_handler(int signum)
+{
+	do_sigusr2 = True;
+	sys_select_signal();
+}
+
+static BOOL do_sighup;
+
+static void sighup_handler(int signum)
+{
+	do_sighup = True;
+	sys_select_signal();
+}
+
+/* Create winbindd socket */
+
+static int create_sock(void)
+{
+	return create_pipe_sock( WINBINDD_SOCKET_DIR,
+				 WINBINDD_SOCKET_NAME, 0755);
+}
+
+struct dispatch_table {
+	enum winbindd_cmd cmd;
+	enum winbindd_result (*fn)(struct winbindd_cli_state *state);
+	char *winbindd_cmd_name;
+};
+
+static struct dispatch_table dispatch_table[] = {
+	
+	/* User functions */
+
+	{ WINBINDD_GETPWNAM, winbindd_getpwnam, "GETPWNAM" },
+	{ WINBINDD_GETPWUID, winbindd_getpwuid, "GETPWUID" },
+
+	{ WINBINDD_SETPWENT, winbindd_setpwent, "SETPWENT" },
+	{ WINBINDD_ENDPWENT, winbindd_endpwent, "ENDPWENT" },
+	{ WINBINDD_GETPWENT, winbindd_getpwent, "GETPWENT" },
+
+	{ WINBINDD_GETGROUPS, winbindd_getgroups, "GETGROUPS" },
+
+	/* Group functions */
+
+	{ WINBINDD_GETGRNAM, winbindd_getgrnam, "GETGRNAM" },
+	{ WINBINDD_GETGRGID, winbindd_getgrgid, "GETGRGID" },
+	{ WINBINDD_SETGRENT, winbindd_setgrent, "SETGRENT" },
+	{ WINBINDD_ENDGRENT, winbindd_endgrent, "ENDGRENT" },
+	{ WINBINDD_GETGRENT, winbindd_getgrent, "GETGRENT" },
+
+	/* PAM auth functions */
+
+	{ WINBINDD_PAM_AUTH, winbindd_pam_auth, "PAM_AUTH" },
+	{ WINBINDD_PAM_AUTH_CRAP, winbindd_pam_auth_crap, "AUTH_CRAP" },
+	{ WINBINDD_PAM_CHAUTHTOK, winbindd_pam_chauthtok, "CHAUTHTOK" },
+
+	/* Enumeration functions */
+
+	{ WINBINDD_LIST_USERS, winbindd_list_users, "LIST_USERS" },
+	{ WINBINDD_LIST_GROUPS, winbindd_list_groups, "LIST_GROUPS" },
+	{ WINBINDD_LIST_TRUSTDOM, winbindd_list_trusted_domains, "LIST_TRUSTDOM" },
+	{ WINBINDD_SHOW_SEQUENCE, winbindd_show_sequence, "SHOW_SEQUENCE" },
+
+	/* SID related functions */
+
+	{ WINBINDD_LOOKUPSID, winbindd_lookupsid, "LOOKUPSID" },
+	{ WINBINDD_LOOKUPNAME, winbindd_lookupname, "LOOKUPNAME" },
+
+	/* Lookup related functions */
+
+	{ WINBINDD_SID_TO_UID, winbindd_sid_to_uid, "SID_TO_UID" },
+	{ WINBINDD_SID_TO_GID, winbindd_sid_to_gid, "SID_TO_GID" },
+	{ WINBINDD_GID_TO_SID, winbindd_gid_to_sid, "GID_TO_SID" },
+	{ WINBINDD_UID_TO_SID, winbindd_uid_to_sid, "UID_TO_SID" },
+
+	/* Miscellaneous */
+
+	{ WINBINDD_CHECK_MACHACC, winbindd_check_machine_acct, "CHECK_MACHACC" },
+	{ WINBINDD_PING, winbindd_ping, "PING" },
+	{ WINBINDD_INFO, winbindd_info, "INFO" },
+	{ WINBINDD_INTERFACE_VERSION, winbindd_interface_version, "INTERFACE_VERSION" },
+	{ WINBINDD_DOMAIN_NAME, winbindd_domain_name, "DOMAIN_NAME" },
+
+	/* WINS functions */
+
+	{ WINBINDD_WINS_BYNAME, winbindd_wins_byname, "WINS_BYNAME" },
+	{ WINBINDD_WINS_BYIP, winbindd_wins_byip, "WINS_BYIP" },
+
+	/* End of list */
+
+	{ WINBINDD_NUM_CMDS, NULL, "NONE" }
+};
+
+static void process_request(struct winbindd_cli_state *state)
+{
+	struct dispatch_table *table = dispatch_table;
+
+	/* Free response data - we may be interrupted and receive another
+	   command before being able to send this data off. */
+
+	SAFE_FREE(state->response.extra_data);  
+
+	ZERO_STRUCT(state->response);
+
+	state->response.result = WINBINDD_ERROR;
+	state->response.length = sizeof(struct winbindd_response);
+
+	/* Process command */
+
+	for (table = dispatch_table; table->fn; table++) {
+		if (state->request.cmd == table->cmd) {
+			DEBUG(10,("process_request: request fn %s\n", table->winbindd_cmd_name ));
+			state->response.result = table->fn(state);
+			break;
+		}
+	}
+
+	if (!table->fn)
+		DEBUG(10,("process_request: unknown request fn number %d\n", (int)state->request.cmd ));
+
+	/* In case extra data pointer is NULL */
+
+	if (!state->response.extra_data)
+		state->response.length = sizeof(struct winbindd_response);
+}
+
+/* Process a new connection by adding it to the client connection list */
+
+static void new_connection(int accept_sock)
+{
+	struct sockaddr_un sunaddr;
+	struct winbindd_cli_state *state;
+	socklen_t len;
+	int sock;
+	
+	/* Accept connection */
+	
+	len = sizeof(sunaddr);
+
+	do {
+		sock = accept(accept_sock, (struct sockaddr *)&sunaddr, &len);
+	} while (sock == -1 && errno == EINTR);
+
+	if (sock == -1)
+		return;
+	
+	DEBUG(6,("accepted socket %d\n", sock));
+	
+	/* Create new connection structure */
+	
+	if ((state = (struct winbindd_cli_state *) 
+             malloc(sizeof(*state))) == NULL)
+		return;
+	
+	ZERO_STRUCTP(state);
+	state->sock = sock;
+	
+	/* Add to connection list */
+	
+	DLIST_ADD(client_list, state);
+	num_clients++;
+}
+
+/* Remove a client connection from client connection list */
+
+static void remove_client(struct winbindd_cli_state *state)
+{
+	/* It's a dead client - hold a funeral */
+	
+	if (state != NULL) {
+		
+		/* Close socket */
+		
+		close(state->sock);
+		
+		/* Free any getent state */
+		
+		free_getent_state(state->getpwent_state);
+		free_getent_state(state->getgrent_state);
+		
+		/* We may have some extra data that was not freed if the
+		   client was killed unexpectedly */
+
+		SAFE_FREE(state->response.extra_data);
+		
+		/* Remove from list and free */
+		
+		DLIST_REMOVE(client_list, state);
+		SAFE_FREE(state);
+		num_clients--;
+	}
+}
+
+/* Process a complete received packet from a client */
+
+static void process_packet(struct winbindd_cli_state *state)
+{
+	/* Process request */
+	
+	state->pid = state->request.pid;
+	
+	process_request(state);
+
+	/* Update client state */
+	
+	state->read_buf_len = 0;
+	state->write_buf_len = sizeof(struct winbindd_response);
+}
+
+/* Read some data from a client connection */
+
+static void client_read(struct winbindd_cli_state *state)
+{
+	int n;
+    
+	/* Read data */
+
+	do {
+
+		n = read(state->sock, state->read_buf_len + 
+			 (char *)&state->request, 
+			 sizeof(state->request) - state->read_buf_len);
+
+	} while (n == -1 && errno == EINTR);
+	
+	DEBUG(10,("client_read: read %d bytes. Need %d more for a full request.\n", n, sizeof(state->request) - n - state->read_buf_len ));
+
+	/* Read failed, kill client */
+	
+	if (n == -1 || n == 0) {
+		DEBUG(5,("read failed on sock %d, pid %d: %s\n",
+			 state->sock, state->pid, 
+			 (n == -1) ? strerror(errno) : "EOF"));
+		
+		state->finished = True;
+		return;
+	}
+	
+	/* Update client state */
+	
+	state->read_buf_len += n;
+}
+
+/* Write some data to a client connection */
+
+static void client_write(struct winbindd_cli_state *state)
+{
+	char *data;
+	int num_written;
+	
+	/* Write some data */
+	
+	if (!state->write_extra_data) {
+
+		/* Write response structure */
+		
+		data = (char *)&state->response + sizeof(state->response) - 
+			state->write_buf_len;
+
+	} else {
+
+		/* Write extra data */
+		
+		data = (char *)state->response.extra_data + 
+			state->response.length - 
+			sizeof(struct winbindd_response) - 
+			state->write_buf_len;
+	}
+	
+	do {
+		num_written = write(state->sock, data, state->write_buf_len);
+	} while (num_written == -1 && errno == EINTR);
+	
+	DEBUG(10,("client_write: wrote %d bytes.\n", num_written ));
+
+	/* Write failed, kill cilent */
+	
+	if (num_written == -1 || num_written == 0) {
+		
+		DEBUG(3,("write failed on sock %d, pid %d: %s\n",
+			 state->sock, state->pid, 
+			 (num_written == -1) ? strerror(errno) : "EOF"));
+		
+		state->finished = True;
+
+		SAFE_FREE(state->response.extra_data);
+
+		return;
+	}
+	
+	/* Update client state */
+	
+	state->write_buf_len -= num_written;
+	
+	/* Have we written all data? */
+	
+	if (state->write_buf_len == 0) {
+		
+		/* Take care of extra data */
+		
+		if (state->write_extra_data) {
+
+			SAFE_FREE(state->response.extra_data);
+
+			state->write_extra_data = False;
+
+			DEBUG(10,("client_write: client_write: complete response written.\n"));
+
+		} else if (state->response.length > 
+			   sizeof(struct winbindd_response)) {
+			
+			/* Start writing extra data */
+
+			state->write_buf_len = 
+				state->response.length -
+				sizeof(struct winbindd_response);
+			
+			DEBUG(10,("client_write: need to write %d extra data bytes.\n", (int)state->write_buf_len));
+
+			state->write_extra_data = True;
+		}
+	}
+}
+
+/* Process incoming clients on accept_sock.  We use a tricky non-blocking,
+   non-forking, non-threaded model which allows us to handle many
+   simultaneous connections while remaining impervious to many denial of
+   service attacks. */
+
+static void process_loop(int accept_sock)
+{
+	/* We'll be doing this a lot */
+
+	while (1) {
+		struct winbindd_cli_state *state;
+		fd_set r_fds, w_fds;
+		int maxfd = accept_sock, selret;
+		struct timeval timeout;
+
+		/* Handle messages */
+
+		message_dispatch();
+
+		/* Free up temporary memory */
+
+		lp_talloc_free();
+		main_loop_talloc_free();
+
+		/* Initialise fd lists for select() */
+
+		FD_ZERO(&r_fds);
+		FD_ZERO(&w_fds);
+		FD_SET(accept_sock, &r_fds);
+
+		timeout.tv_sec = WINBINDD_ESTABLISH_LOOP;
+		timeout.tv_usec = 0;
+
+		/* Set up client readers and writers */
+
+		state = client_list;
+
+		while (state) {
+
+			/* Dispose of client connection if it is marked as 
+			   finished */ 
+
+			if (state->finished) {
+				struct winbindd_cli_state *next = state->next;
+
+				remove_client(state);
+				state = next;
+				continue;
+			}
+
+			/* Select requires we know the highest fd used */
+
+			if (state->sock > maxfd)
+				maxfd = state->sock;
+
+			/* Add fd for reading */
+
+			if (state->read_buf_len != sizeof(state->request))
+				FD_SET(state->sock, &r_fds);
+
+			/* Add fd for writing */
+
+			if (state->write_buf_len)
+				FD_SET(state->sock, &w_fds);
+
+			state = state->next;
+		}
+
+		/* Call select */
+        
+		selret = sys_select(maxfd + 1, &r_fds, &w_fds, NULL, &timeout);
+
+		if (selret == 0)
+			continue;
+
+		if ((selret == -1 && errno != EINTR) || selret == 0) {
+
+			/* Select error, something is badly wrong */
+
+			perror("select");
+			exit(1);
+		}
+
+		/* Create a new connection if accept_sock readable */
+
+		if (selret > 0) {
+
+			if (FD_ISSET(accept_sock, &r_fds))
+				new_connection(accept_sock);
+            
+			/* Process activity on client connections */
+            
+			for (state = client_list; state; state = state->next) {
+                
+				/* Data available for reading */
+                
+				if (FD_ISSET(state->sock, &r_fds)) {
+                    
+					/* Read data */
+                    
+					client_read(state);
+
+					/* 
+					 * If we have the start of a
+					 * packet, then check the
+					 * length field to make sure
+					 * the client's not talking
+					 * Mock Swedish.
+					 */
+
+					if (state->read_buf_len >= sizeof(uint32)
+					    && *(uint32 *) &state->request != sizeof(state->request)) {
+						DEBUG(0,("process_loop: Invalid request size (%d) send, should be (%d)\n",
+								*(uint32 *) &state->request, sizeof(state->request)));
+
+						remove_client(state);
+						break;
+					}
+
+					/* A request packet might be 
+					   complete */
+                    
+					if (state->read_buf_len == 
+					    sizeof(state->request)) {
+						process_packet(state);
+					}
+				}
+                
+				/* Data available for writing */
+                
+				if (FD_ISSET(state->sock, &w_fds))
+					client_write(state);
+			}
+		}
+
+#if 0
+		winbindd_check_cache_size(time(NULL));
+#endif
+
+		/* Check signal handling things */
+
+		if (do_sigterm)
+			terminate();
+
+		if (do_sighup) {
+
+			/* Flush winbindd cache */
+
+			flush_caches();
+			reload_services_file(True);
+			do_sighup = False;
+		}
+
+		if (do_sigusr2) {
+			print_winbindd_status();
+			do_sigusr2 = False;
+		}
+	}
+}
+
+/* Main function */
+
+struct winbindd_state server_state;   /* Server state information */
+
+
+static void usage(void)
+{
+	printf("Usage: winbindd [options]\n");
+	printf("\t-i                interactive mode\n");
+	printf("\t-n                disable cacheing\n");
+	printf("\t-d level          set debug level\n");
+	printf("\t-s configfile     choose smb.conf location\n");
+	printf("\t-h                show this help message\n");
+}
+
+int main(int argc, char **argv)
+{
+	extern BOOL AllowDebugChange;
+	extern pstring global_myname;
+	extern fstring global_myworkgroup;
+	extern BOOL append_log;
+	pstring logfile;
+	int accept_sock;
+	BOOL interactive = False;
+	int opt;
+
+	/* glibc (?) likes to print "User defined signal 1" and exit if a
+	   SIGUSR[12] is received before a handler is installed */
+
+ 	CatchSignal(SIGUSR1, SIG_IGN);
+ 	CatchSignal(SIGUSR2, SIG_IGN);
+
+	fault_setup((void (*)(void *))fault_quit );
+
+	/* Append to log file by default as we are a single process daemon
+	   program. */
+
+	append_log = True;
+
+	snprintf(logfile, sizeof(logfile), "%s/log.winbindd", dyn_LOGFILEBASE);
+	lp_set_logfile(logfile);
+
+	/* Initialise for running in non-root mode */
+
+	sec_init();
+
+	/* Set environment variable so we don't recursively call ourselves.
+	   This may also be useful interactively. */
+
+	SETENV(WINBINDD_DONT_ENV, "1", 1);
+
+	/* Initialise samba/rpc client stuff */
+
+	while ((opt = getopt(argc, argv, "id:s:nh")) != EOF) {
+		switch (opt) {
+
+			/* Don't become a daemon */
+		case 'i':
+			interactive = True;
+			break;
+
+			/* disable cacheing */
+		case 'n':
+			opt_nocache = True;
+			break;
+
+			/* Run with specified debug level */
+		case 'd':
+			DEBUGLEVEL = atoi(optarg);
+			AllowDebugChange = False;
+			break;
+
+			/* Load a different smb.conf file */
+		case 's':
+			pstrcpy(dyn_CONFIGFILE,optarg);
+			break;
+
+		case 'h':
+			usage();
+			exit(0);
+
+		default:
+			printf("Unknown option %c\n", (char)opt);
+			exit(1);
+		}
+	}
+
+	snprintf(logfile, sizeof(logfile), "%s/log.winbindd", dyn_LOGFILEBASE);
+	lp_set_logfile(logfile);
+	setup_logging("winbindd", interactive);
+	reopen_logs();
+
+	DEBUG(1, ("winbindd version %s started.\n", VERSION ) );
+	DEBUGADD( 1, ( "Copyright The Samba Team 2000-2001\n" ) );
+
+	if (!reload_services_file(False)) {
+		DEBUG(0, ("error opening config file\n"));
+		exit(1);
+	}
+
+	pidfile_create("winbindd");
+
+	/* Setup names. */
+
+	if (!*global_myname) {
+		char *p;
+
+		fstrcpy(global_myname, myhostname());
+		p = strchr(global_myname, '.');
+		if (p)
+			*p = 0;
+	}
+
+        fstrcpy(global_myworkgroup, lp_workgroup());
+
+	if (!interactive)
+		become_daemon();
+
+#if HAVE_SETPGID
+	/*
+	 * If we're interactive we want to set our own process group for
+	 * signal management.
+	 */
+	if (interactive)
+		setpgid( (pid_t)0, (pid_t)0);
+#endif
+
+	load_interfaces();
+
+	secrets_init();
+
+	/* Get list of domains we look up requests for.  This includes the
+	   domain which we are a member of as well as any trusted
+	   domains. */ 
+
+	init_domain_list();
+
+	ZERO_STRUCT(server_state);
+
+	/* Winbind daemon initialisation */
+
+	if (!winbindd_param_init())
+		return 1;
+
+	if (!winbindd_idmap_init())
+		return 1;
+
+	/* Unblock all signals we are interested in as they may have been
+	   blocked by the parent process. */
+
+	BlockSignals(False, SIGINT);
+	BlockSignals(False, SIGQUIT);
+	BlockSignals(False, SIGTERM);
+	BlockSignals(False, SIGUSR1);
+	BlockSignals(False, SIGUSR2);
+	BlockSignals(False, SIGHUP);
+
+	/* Setup signal handlers */
+	
+	CatchSignal(SIGINT, termination_handler);      /* Exit on these sigs */
+	CatchSignal(SIGQUIT, termination_handler);
+	CatchSignal(SIGTERM, termination_handler);
+
+	CatchSignal(SIGPIPE, SIG_IGN);                 /* Ignore sigpipe */
+
+	CatchSignal(SIGUSR2, sigusr2_handler);         /* Debugging sigs */
+	CatchSignal(SIGHUP, sighup_handler);
+
+	/* Initialise messaging system */
+
+	if (!message_init()) {
+		DEBUG(0, ("unable to initialise messaging system\n"));
+		exit(1);
+	}
+
+	register_msg_pool_usage();
+
+	/* Create UNIX domain socket */
+	
+	if ((accept_sock = create_sock()) == -1) {
+		DEBUG(0, ("failed to create socket\n"));
+		return 1;
+	}
+
+	/* Loop waiting for requests */
+
+	process_loop(accept_sock);
+
+	uni_group_cache_shutdown();
+	return 0;
+}
diff --git a/source3/nsswitch/winbindd.h b/source3/nsswitch/winbindd.h
new file mode 100644
index 0000000000..4d35c27c21
--- /dev/null
+++ b/source3/nsswitch/winbindd.h
@@ -0,0 +1,206 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Winbind daemon for ntdom nss module
+
+   Copyright (C) Tim Potter 2000
+   
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Library General Public
+   License as published by the Free Software Foundation; either
+   version 2 of the License, or (at your option) any later version.
+   
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Library General Public License for more details.
+   
+   You should have received a copy of the GNU Library General Public
+   License along with this library; if not, write to the
+   Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA  02111-1307, USA.   
+*/
+
+#ifndef _WINBINDD_H
+#define _WINBINDD_H
+
+#include "includes.h"
+#include "nterr.h"
+
+#include "winbindd_nss.h"
+
+/* Client state structure */
+
+struct winbindd_cli_state {
+    struct winbindd_cli_state *prev, *next;   /* Linked list pointers */
+    int sock;                                 /* Open socket from client */
+    pid_t pid;                                /* pid of client */
+    int read_buf_len, write_buf_len;          /* Indexes in request/response */
+    BOOL finished;                            /* Can delete from list */
+    BOOL write_extra_data;                    /* Write extra_data field */
+    struct winbindd_request request;          /* Request from client */
+    struct winbindd_response response;        /* Respose to client */
+    struct getent_state *getpwent_state;      /* State for getpwent() */
+    struct getent_state *getgrent_state;      /* State for getgrent() */
+};
+
+/* State between get{pw,gr}ent() calls */
+
+struct getent_state {
+	struct getent_state *prev, *next;
+	void *sam_entries;
+	uint32 sam_entry_index, num_sam_entries;
+	BOOL got_sam_entries;
+	fstring domain_name;
+};
+
+/* Storage for cached getpwent() user entries */
+
+struct getpwent_user {
+	fstring name;                        /* Account name */
+	fstring gecos;                       /* User information */
+	uint32 user_rid, group_rid;          /* NT user and group rids */
+};
+
+/* Server state structure */
+
+struct winbindd_state {
+
+	/* User and group id pool */
+
+	uid_t uid_low, uid_high;               /* Range of uids to allocate */
+	gid_t gid_low, gid_high;               /* Range of gids to allocate */
+};
+
+extern struct winbindd_state server_state;  /* Server information */
+
+typedef struct {
+	char *acct_name;
+	char *full_name;
+	uint32 user_rid;
+	uint32 group_rid; /* primary group */
+} WINBIND_USERINFO;
+
+/* Structures to hold per domain information */
+
+struct winbindd_domain {
+	fstring name;                          /* Domain name */	
+	fstring full_name;                     /* full Domain name (realm) */	
+	DOM_SID sid;                           /* SID for this domain */
+
+	/* Lookup methods for this domain (LDAP or RPC) */
+
+	struct winbindd_methods *methods;
+
+        /* Private data for the backends (used for connection cache) */
+
+	void *private; 
+
+	/* Sequence number stuff */
+
+	time_t last_seq_check;
+	uint32 sequence_number;
+
+	/* Linked list info */
+
+	struct winbindd_domain *prev, *next;
+};
+
+/* per-domain methods. This is how LDAP vs RPC is selected
+ */
+struct winbindd_methods {
+	/* does this backend provide a consistent view of the data? (ie. is the primary group
+	   always correct) */
+	BOOL consistent;
+
+	/* get a list of users, returning a WINBIND_USERINFO for each one */
+	NTSTATUS (*query_user_list)(struct winbindd_domain *domain,
+				   TALLOC_CTX *mem_ctx,
+				   uint32 *num_entries, 
+				   WINBIND_USERINFO **info);
+
+	/* get a list of groups */
+	NTSTATUS (*enum_dom_groups)(struct winbindd_domain *domain,
+				    TALLOC_CTX *mem_ctx,
+				    uint32 *num_entries, 
+				    struct acct_info **info);
+
+	/* convert one user or group name to a sid */
+	NTSTATUS (*name_to_sid)(struct winbindd_domain *domain,
+				const char *name,
+				DOM_SID *sid,
+				enum SID_NAME_USE *type);
+
+	/* convert a sid to a user or group name */
+	NTSTATUS (*sid_to_name)(struct winbindd_domain *domain,
+				TALLOC_CTX *mem_ctx,
+				DOM_SID *sid,
+				char **name,
+				enum SID_NAME_USE *type);
+
+	/* lookup user info for a given rid */
+	NTSTATUS (*query_user)(struct winbindd_domain *domain, 
+			       TALLOC_CTX *mem_ctx, 
+			       uint32 user_rid, 
+			       WINBIND_USERINFO *user_info);
+
+	/* lookup all groups that a user is a member of. The backend
+	   can also choose to lookup by username or rid for this
+	   function */
+	NTSTATUS (*lookup_usergroups)(struct winbindd_domain *domain,
+				      TALLOC_CTX *mem_ctx,
+				      uint32 user_rid, 
+				      uint32 *num_groups, uint32 **user_gids);
+
+	/* find all members of the group with the specified group_rid */
+	NTSTATUS (*lookup_groupmem)(struct winbindd_domain *domain,
+				    TALLOC_CTX *mem_ctx,
+				    uint32 group_rid, uint32 *num_names, 
+				    uint32 **rid_mem, char ***names, 
+				    uint32 **name_types);
+
+	/* return the current global sequence number */
+	NTSTATUS (*sequence_number)(struct winbindd_domain *domain, uint32 *seq);
+
+	/* enumerate trusted domains */
+	NTSTATUS (*trusted_domains)(struct winbindd_domain *domain,
+				    TALLOC_CTX *mem_ctx,
+				    uint32 *num_domains,
+				    char ***names,
+				    DOM_SID **dom_sids);
+
+	/* find the domain sid */
+	NTSTATUS (*domain_sid)(struct winbindd_domain *domain,
+			       DOM_SID *sid);
+};
+
+/* Used to glue a policy handle and cli_state together */
+
+typedef struct {
+	struct cli_state *cli;
+	POLICY_HND pol;
+} CLI_POLICY_HND;
+
+#include "winbindd_proto.h"
+
+#include "rpc_parse.h"
+#include "rpc_client.h"
+
+#define WINBINDD_ESTABLISH_LOOP 30
+#define DOM_SEQUENCE_NONE ((uint32)-1)
+
+/* SETENV */
+#if HAVE_SETENV
+#define SETENV(name, value, overwrite) setenv(name,value,overwrite)
+#elif HAVE_PUTENV
+#define SETENV(name, value, overwrite)					 \
+{									 \
+	fstring envvar;							 \
+	slprintf(envvar, sizeof(fstring), "%s=%s", name, value);	 \
+	putenv(envvar);							 \
+}
+#else
+#define SETENV(name, value, overwrite) ;
+#endif
+
+#endif /* _WINBINDD_H */
diff --git a/source3/nsswitch/winbindd_ads.c b/source3/nsswitch/winbindd_ads.c
new file mode 100644
index 0000000000..22bad667c3
--- /dev/null
+++ b/source3/nsswitch/winbindd_ads.c
@@ -0,0 +1,802 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Winbind ADS backend functions
+
+   Copyright (C) Andrew Tridgell 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "winbindd.h"
+
+#ifdef HAVE_ADS
+
+/* the realm of our primary LDAP server */
+static char *primary_realm;
+
+
+/*
+  a wrapper around ldap_search_s that retries depending on the error code
+  this is supposed to catch dropped connections and auto-reconnect
+*/
+ADS_STATUS ads_do_search_retry(ADS_STRUCT *ads, const char *bind_path, int scope, 
+			       const char *exp,
+			       const char **attrs, void **res)
+{
+	ADS_STATUS status;
+	int count = 3;
+	char *bp;
+
+	if (!ads->ld &&
+	    time(NULL) - ads->last_attempt < ADS_RECONNECT_TIME) {
+		return ADS_ERROR(LDAP_SERVER_DOWN);
+	}
+
+	bp = strdup(bind_path);
+
+	while (count--) {
+		status = ads_do_search_all(ads, bp, scope, exp, attrs, res);
+		if (ADS_ERR_OK(status)) {
+			DEBUG(5,("Search for %s gave %d replies\n",
+				 exp, ads_count_replies(ads, *res)));
+			free(bp);
+			return status;
+		}
+
+		if (*res) ads_msgfree(ads, *res);
+		*res = NULL;
+		DEBUG(1,("Reopening ads connection to %s after error %s\n", 
+			 ads->ldap_server, ads_errstr(status)));
+		if (ads->ld) {
+			ldap_unbind(ads->ld); 
+		}
+		ads->ld = NULL;
+		status = ads_connect(ads);
+		if (!ADS_ERR_OK(status)) {
+			DEBUG(1,("ads_search_retry: failed to reconnect (%s)\n",
+				 ads_errstr(status)));
+			ads_destroy(&ads);
+			free(bp);
+			return status;
+		}
+	}
+	free(bp);
+
+	DEBUG(1,("ads reopen failed after error %s\n", ads_errstr(status)));
+	return status;
+}
+
+
+ADS_STATUS ads_search_retry(ADS_STRUCT *ads, void **res, 
+			    const char *exp, 
+			    const char **attrs)
+{
+	return ads_do_search_retry(ads, ads->bind_path, LDAP_SCOPE_SUBTREE,
+				   exp, attrs, res);
+}
+
+ADS_STATUS ads_search_retry_dn(ADS_STRUCT *ads, void **res, 
+			       const char *dn, 
+			       const char **attrs)
+{
+	return ads_do_search_retry(ads, dn, LDAP_SCOPE_BASE,
+				   "(objectclass=*)", attrs, res);
+}
+
+/*
+  return our ads connections structure for a domain. We keep the connection
+  open to make things faster
+*/
+static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain)
+{
+	ADS_STRUCT *ads;
+	ADS_STATUS status;
+	char *ccache;
+	struct in_addr server_ip;
+	char *sname;
+
+	if (domain->private) {
+		return (ADS_STRUCT *)domain->private;
+	}
+
+	/* we don't want this to affect the users ccache */
+	ccache = lock_path("winbindd_ccache");
+	SETENV("KRB5CCNAME", ccache, 1);
+	unlink(ccache);
+
+	if (resolve_name(domain->name, &server_ip, 0x1b)) {
+		sname = inet_ntoa(server_ip);
+	} else {
+		if (strcasecmp(domain->name, lp_workgroup()) != 0) {
+			DEBUG(1,("can't find domain controller for %s\n", domain->name));
+			return NULL;
+		}
+		sname = NULL;
+	}
+
+	ads = ads_init(primary_realm, sname, NULL, NULL);
+	if (!ads) {
+		DEBUG(1,("ads_init for domain %s failed\n", domain->name));
+		return NULL;
+	}
+
+	/* the machine acct password might have change - fetch it every time */
+	SAFE_FREE(ads->password);
+	ads->password = secrets_fetch_machine_password();
+
+	status = ads_connect(ads);
+	if (!ADS_ERR_OK(status)) {
+		extern struct winbindd_methods msrpc_methods;
+		DEBUG(1,("ads_connect for domain %s failed: %s\n", 
+			 domain->name, ads_errstr(status)));
+		ads_destroy(&ads);
+
+		/* if we get ECONNREFUSED then it might be a NT4
+                   server, fall back to MSRPC */
+		if (status.error_type == ADS_ERROR_SYSTEM &&
+		    status.rc == ECONNREFUSED) {
+			DEBUG(1,("Trying MSRPC methods\n"));
+			domain->methods = &msrpc_methods;
+		}
+		return NULL;
+	}
+
+	/* remember our primary realm for trusted domain support */
+	if (!primary_realm) {
+		primary_realm = strdup(ads->realm);
+	}
+
+	fstrcpy(domain->full_name, ads->server_realm);
+
+	domain->private = (void *)ads;
+	return ads;
+}
+
+/* useful utility */
+static void sid_from_rid(struct winbindd_domain *domain, uint32 rid, DOM_SID *sid)
+{
+	sid_copy(sid, &domain->sid);
+	sid_append_rid(sid, rid);
+}
+
+/* turn a sAMAccountType into a SID_NAME_USE */
+static enum SID_NAME_USE ads_atype_map(uint32 atype)
+{
+	switch (atype & 0xF0000000) {
+	case ATYPE_GROUP:
+		return SID_NAME_DOM_GRP;
+	case ATYPE_USER:
+		return SID_NAME_USER;
+	default:
+		DEBUG(1,("hmm, need to map account type 0x%x\n", atype));
+	}
+	return SID_NAME_UNKNOWN;
+}
+
+/* Query display info for a realm. This is the basic user list fn */
+static NTSTATUS query_user_list(struct winbindd_domain *domain,
+			       TALLOC_CTX *mem_ctx,
+			       uint32 *num_entries, 
+			       WINBIND_USERINFO **info)
+{
+	ADS_STRUCT *ads = NULL;
+	const char *attrs[] = {"sAMAccountName", "name", "objectSid", "primaryGroupID", 
+			       "sAMAccountType", NULL};
+	int i, count;
+	ADS_STATUS rc;
+	void *res = NULL;
+	void *msg = NULL;
+	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+
+	*num_entries = 0;
+
+	DEBUG(3,("ads: query_user_list\n"));
+
+	ads = ads_cached_connection(domain);
+	if (!ads) goto done;
+
+	rc = ads_search_retry(ads, &res, "(objectCategory=user)", attrs);
+	if (!ADS_ERR_OK(rc)) {
+		DEBUG(1,("query_user_list ads_search: %s\n", ads_errstr(rc)));
+		goto done;
+	}
+
+	count = ads_count_replies(ads, res);
+	if (count == 0) {
+		DEBUG(1,("query_user_list: No users found\n"));
+		goto done;
+	}
+
+	(*info) = talloc_zero(mem_ctx, count * sizeof(**info));
+	if (!*info) {
+		status = NT_STATUS_NO_MEMORY;
+		goto done;
+	}
+
+	i = 0;
+
+	for (msg = ads_first_entry(ads, res); msg; msg = ads_next_entry(ads, msg)) {
+		char *name, *gecos;
+		DOM_SID sid;
+		uint32 rid, group;
+		uint32 atype;
+
+		if (!ads_pull_uint32(ads, msg, "sAMAccountType", &atype) ||
+		    ads_atype_map(atype) != SID_NAME_USER) {
+			DEBUG(1,("Not a user account? atype=0x%x\n", atype));
+			continue;
+		}
+
+		name = ads_pull_string(ads, mem_ctx, msg, "sAMAccountName");
+		gecos = ads_pull_string(ads, mem_ctx, msg, "name");
+		if (!ads_pull_sid(ads, msg, "objectSid", &sid)) {
+			DEBUG(1,("No sid for %s !?\n", name));
+			continue;
+		}
+		if (!ads_pull_uint32(ads, msg, "primaryGroupID", &group)) {
+			DEBUG(1,("No primary group for %s !?\n", name));
+			continue;
+		}
+
+		if (!sid_peek_rid(&sid, &rid)) {
+			DEBUG(1,("No rid for %s !?\n", name));
+			continue;
+		}
+
+		(*info)[i].acct_name = name;
+		(*info)[i].full_name = gecos;
+		(*info)[i].user_rid = rid;
+		(*info)[i].group_rid = group;
+		i++;
+	}
+
+	(*num_entries) = i;
+	status = NT_STATUS_OK;
+
+	DEBUG(3,("ads query_user_list gave %d entries\n", (*num_entries)));
+
+done:
+	if (res) ads_msgfree(ads, res);
+
+	return status;
+}
+
+/* list all domain groups */
+static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
+				TALLOC_CTX *mem_ctx,
+				uint32 *num_entries, 
+				struct acct_info **info)
+{
+	ADS_STRUCT *ads = NULL;
+	const char *attrs[] = {"sAMAccountName", "name", "objectSid", 
+			       "sAMAccountType", NULL};
+	int i, count;
+	ADS_STATUS rc;
+	void *res = NULL;
+	void *msg = NULL;
+	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+
+	*num_entries = 0;
+
+	DEBUG(3,("ads: enum_dom_groups\n"));
+
+	ads = ads_cached_connection(domain);
+	if (!ads) goto done;
+
+	rc = ads_search_retry(ads, &res, "(objectCategory=group)", attrs);
+	if (!ADS_ERR_OK(rc)) {
+		DEBUG(1,("query_user_list ads_search: %s\n", ads_errstr(rc)));
+		goto done;
+	}
+
+	count = ads_count_replies(ads, res);
+	if (count == 0) {
+		DEBUG(1,("query_user_list: No users found\n"));
+		goto done;
+	}
+
+	(*info) = talloc_zero(mem_ctx, count * sizeof(**info));
+	if (!*info) {
+		status = NT_STATUS_NO_MEMORY;
+		goto done;
+	}
+
+	i = 0;
+
+	for (msg = ads_first_entry(ads, res); msg; msg = ads_next_entry(ads, msg)) {
+		char *name, *gecos;
+		DOM_SID sid;
+		uint32 rid;
+		uint32 account_type;
+
+		if (!ads_pull_uint32(ads, msg, "sAMAccountType", 
+				     &account_type) ||
+		    !(account_type & ATYPE_GROUP)) continue;
+
+		name = ads_pull_string(ads, mem_ctx, msg, "sAMAccountName");
+		gecos = ads_pull_string(ads, mem_ctx, msg, "name");
+		if (!ads_pull_sid(ads, msg, "objectSid", &sid)) {
+			DEBUG(1,("No sid for %s !?\n", name));
+			continue;
+		}
+
+		if (!sid_peek_rid(&sid, &rid)) {
+			DEBUG(1,("No rid for %s !?\n", name));
+			continue;
+		}
+
+		fstrcpy((*info)[i].acct_name, name);
+		fstrcpy((*info)[i].acct_desc, gecos);
+		(*info)[i].rid = rid;
+		i++;
+	}
+
+	(*num_entries) = i;
+
+	status = NT_STATUS_OK;
+
+	DEBUG(3,("ads enum_dom_groups gave %d entries\n", (*num_entries)));
+
+done:
+	if (res) ads_msgfree(ads, res);
+
+	return status;
+}
+
+
+/* convert a single name to a sid in a domain */
+static NTSTATUS name_to_sid(struct winbindd_domain *domain,
+			    const char *name,
+			    DOM_SID *sid,
+			    enum SID_NAME_USE *type)
+{
+	ADS_STRUCT *ads = NULL;
+	const char *attrs[] = {"objectSid", "sAMAccountType", NULL};
+	int count;
+	ADS_STATUS rc;
+	void *res = NULL;
+	char *exp;
+	uint32 t;
+	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+
+	DEBUG(3,("ads: name_to_sid\n"));
+
+	ads = ads_cached_connection(domain);
+	if (!ads) goto done;
+
+	asprintf(&exp, "(sAMAccountName=%s)", name);
+	rc = ads_search_retry(ads, &res, exp, attrs);
+	free(exp);
+	if (!ADS_ERR_OK(rc)) {
+		DEBUG(1,("name_to_sid ads_search: %s\n", ads_errstr(rc)));
+		goto done;
+	}
+
+	count = ads_count_replies(ads, res);
+	if (count != 1) {
+		DEBUG(1,("name_to_sid: %s not found\n", name));
+		goto done;
+	}
+
+	if (!ads_pull_sid(ads, res, "objectSid", sid)) {
+		DEBUG(1,("No sid for %s !?\n", name));
+		goto done;
+	}
+
+	if (!ads_pull_uint32(ads, res, "sAMAccountType", &t)) {
+		DEBUG(1,("No sAMAccountType for %s !?\n", name));
+		goto done;
+	}
+
+	*type = ads_atype_map(t);
+
+	status = NT_STATUS_OK;
+
+	DEBUG(3,("ads name_to_sid mapped %s\n", name));
+
+done:
+	if (res) ads_msgfree(ads, res);
+
+	return status;
+}
+
+/* convert a sid to a user or group name */
+static NTSTATUS sid_to_name(struct winbindd_domain *domain,
+			    TALLOC_CTX *mem_ctx,
+			    DOM_SID *sid,
+			    char **name,
+			    enum SID_NAME_USE *type)
+{
+	ADS_STRUCT *ads = NULL;
+	const char *attrs[] = {"sAMAccountName", "sAMAccountType", NULL};
+	ADS_STATUS rc;
+	void *msg = NULL;
+	char *exp;
+	char *sidstr;
+	uint32 atype;
+	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+
+	DEBUG(3,("ads: sid_to_name\n"));
+
+	ads = ads_cached_connection(domain);
+	if (!ads) goto done;
+
+	sidstr = sid_binstring(sid);
+	asprintf(&exp, "(objectSid=%s)", sidstr);
+	rc = ads_search_retry(ads, &msg, exp, attrs);
+	free(exp);
+	free(sidstr);
+	if (!ADS_ERR_OK(rc)) {
+		DEBUG(1,("sid_to_name ads_search: %s\n", ads_errstr(rc)));
+		goto done;
+	}
+
+	if (!ads_pull_uint32(ads, msg, "sAMAccountType", &atype)) {
+		goto done;
+	}
+
+	*name = ads_pull_string(ads, mem_ctx, msg, "sAMAccountName");
+	*type = ads_atype_map(atype);
+
+	status = NT_STATUS_OK;
+
+	DEBUG(3,("ads sid_to_name mapped %s\n", *name));
+
+done:
+	if (msg) ads_msgfree(ads, msg);
+
+	return status;
+}
+
+
+/* convert a sid to a distnguished name */
+static NTSTATUS sid_to_distinguished_name(struct winbindd_domain *domain,
+					  TALLOC_CTX *mem_ctx,
+					  DOM_SID *sid,
+					  char **dn)
+{
+	ADS_STRUCT *ads = NULL;
+	const char *attrs[] = {"distinguishedName", NULL};
+	ADS_STATUS rc;
+	void *msg = NULL;
+	char *exp;
+	char *sidstr;
+	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+
+	DEBUG(3,("ads: sid_to_distinguished_name\n"));
+
+	ads = ads_cached_connection(domain);
+	if (!ads) goto done;
+
+	sidstr = sid_binstring(sid);
+	asprintf(&exp, "(objectSid=%s)", sidstr);
+	rc = ads_search_retry(ads, &msg, exp, attrs);
+	free(exp);
+	free(sidstr);
+	if (!ADS_ERR_OK(rc)) {
+		DEBUG(1,("sid_to_distinguished_name ads_search: %s\n", ads_errstr(rc)));
+		goto done;
+	}
+
+	*dn = ads_pull_string(ads, mem_ctx, msg, "distinguishedName");
+
+	status = NT_STATUS_OK;
+
+	DEBUG(3,("ads sid_to_distinguished_name mapped %s\n", *dn));
+
+done:
+	if (msg) ads_msgfree(ads, msg);
+
+	return status;
+}
+
+
+/* Lookup user information from a rid */
+static NTSTATUS query_user(struct winbindd_domain *domain, 
+			   TALLOC_CTX *mem_ctx, 
+			   uint32 user_rid, 
+			   WINBIND_USERINFO *info)
+{
+	ADS_STRUCT *ads = NULL;
+	const char *attrs[] = {"sAMAccountName", "name", "objectSid", 
+			       "primaryGroupID", NULL};
+	ADS_STATUS rc;
+	int count;
+	void *msg = NULL;
+	char *exp;
+	DOM_SID sid;
+	char *sidstr;
+	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+
+	DEBUG(3,("ads: query_user\n"));
+
+	sid_from_rid(domain, user_rid, &sid);
+
+	ads = ads_cached_connection(domain);
+	if (!ads) goto done;
+
+	sidstr = sid_binstring(&sid);
+	asprintf(&exp, "(objectSid=%s)", sidstr);
+	rc = ads_search_retry(ads, &msg, exp, attrs);
+	free(exp);
+	free(sidstr);
+	if (!ADS_ERR_OK(rc)) {
+		DEBUG(1,("query_user(rid=%d) ads_search: %s\n", user_rid, ads_errstr(rc)));
+		goto done;
+	}
+
+	count = ads_count_replies(ads, msg);
+	if (count != 1) {
+		DEBUG(1,("query_user(rid=%d): Not found\n", user_rid));
+		goto done;
+	}
+
+	info->acct_name = ads_pull_string(ads, mem_ctx, msg, "sAMAccountName");
+	info->full_name = ads_pull_string(ads, mem_ctx, msg, "name");
+	if (!ads_pull_sid(ads, msg, "objectSid", &sid)) {
+		DEBUG(1,("No sid for %d !?\n", user_rid));
+		goto done;
+	}
+	if (!ads_pull_uint32(ads, msg, "primaryGroupID", &info->group_rid)) {
+		DEBUG(1,("No primary group for %d !?\n", user_rid));
+		goto done;
+	}
+	
+	if (!sid_peek_rid(&sid, &info->user_rid)) {
+		DEBUG(1,("No rid for %d !?\n", user_rid));
+		goto done;
+	}
+
+	status = NT_STATUS_OK;
+
+	DEBUG(3,("ads query_user gave %s\n", info->acct_name));
+done:
+	if (msg) ads_msgfree(ads, msg);
+
+	return status;
+}
+
+
+/* Lookup groups a user is a member of. */
+static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
+				  TALLOC_CTX *mem_ctx,
+				  uint32 user_rid, 
+				  uint32 *num_groups, uint32 **user_gids)
+{
+	ADS_STRUCT *ads = NULL;
+	const char *attrs[] = {"distinguishedName", NULL};
+	const char *attrs2[] = {"tokenGroups", "primaryGroupID", NULL};
+	ADS_STATUS rc;
+	int count;
+	void *msg = NULL;
+	char *exp;
+	char *user_dn;
+	DOM_SID *sids;
+	int i;
+	uint32 primary_group;
+	DOM_SID sid;
+	char *sidstr;
+	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+
+	*num_groups = 0;
+
+	DEBUG(3,("ads: lookup_usergroups\n"));
+
+	(*num_groups) = 0;
+
+	sid_from_rid(domain, user_rid, &sid);
+
+	ads = ads_cached_connection(domain);
+	if (!ads) goto done;
+
+	sidstr = sid_binstring(&sid);
+	asprintf(&exp, "(objectSid=%s)", sidstr);
+	rc = ads_search_retry(ads, &msg, exp, attrs);
+	free(exp);
+	free(sidstr);
+	if (!ADS_ERR_OK(rc)) {
+		DEBUG(1,("lookup_usergroups(rid=%d) ads_search: %s\n", user_rid, ads_errstr(rc)));
+		goto done;
+	}
+
+	user_dn = ads_pull_string(ads, mem_ctx, msg, "distinguishedName");
+
+	if (msg) ads_msgfree(ads, msg);
+
+	rc = ads_search_retry_dn(ads, &msg, user_dn, attrs2);
+	if (!ADS_ERR_OK(rc)) {
+		DEBUG(1,("lookup_usergroups(rid=%d) ads_search tokenGroups: %s\n", user_rid, ads_errstr(rc)));
+		goto done;
+	}
+
+	if (!ads_pull_uint32(ads, msg, "primaryGroupID", &primary_group)) {
+		DEBUG(1,("%s: No primary group for rid=%d !?\n", domain->name, user_rid));
+		goto done;
+	}
+
+	count = ads_pull_sids(ads, mem_ctx, msg, "tokenGroups", &sids) + 1;
+	(*user_gids) = (uint32 *)talloc_zero(mem_ctx, sizeof(uint32) * count);
+	(*user_gids)[(*num_groups)++] = primary_group;
+
+	for (i=1;i<count;i++) {
+		uint32 rid;
+		if (!sid_peek_rid(&sids[i-1], &rid)) continue;
+		(*user_gids)[*num_groups] = rid;
+		(*num_groups)++;
+	}
+
+	status = NT_STATUS_OK;
+	DEBUG(3,("ads lookup_usergroups for rid=%d\n", user_rid));
+done:
+	if (msg) ads_msgfree(ads, msg);
+
+	return status;
+}
+
+
+static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
+				TALLOC_CTX *mem_ctx,
+				uint32 group_rid, uint32 *num_names, 
+				uint32 **rid_mem, char ***names, 
+				uint32 **name_types)
+{
+	DOM_SID group_sid;
+	const char *attrs[] = {"sAMAccountName", "objectSid", "sAMAccountType", NULL};
+	ADS_STATUS rc;
+	int count;
+	void *res=NULL, *msg=NULL;
+	ADS_STRUCT *ads = NULL;
+	char *exp, *dn = NULL;
+	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+
+	*num_names = 0;
+
+	ads = ads_cached_connection(domain);
+	if (!ads) goto done;
+
+	sid_from_rid(domain, group_rid, &group_sid);
+	status = sid_to_distinguished_name(domain, mem_ctx, &group_sid, &dn);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(3,("Failed to find distinguishedName for %s\n", sid_string_static(&group_sid)));
+		return status;
+	}
+
+	/* search for all users who have that group sid as primary group or as member */
+	asprintf(&exp, "(&(objectCategory=user)(|(primaryGroupID=%d)(memberOf=%s)))",
+		 group_rid, dn);
+	rc = ads_search_retry(ads, &res, exp, attrs);
+	free(exp);
+	if (!ADS_ERR_OK(rc)) {
+		DEBUG(1,("query_user_list ads_search: %s\n", ads_errstr(rc)));
+		goto done;
+	}
+
+	count = ads_count_replies(ads, res);
+	if (count == 0) {
+		status = NT_STATUS_OK;
+		goto done;
+	}
+
+	(*rid_mem) = talloc_zero(mem_ctx, sizeof(uint32) * count);
+	(*name_types) = talloc_zero(mem_ctx, sizeof(uint32) * count);
+	(*names) = talloc_zero(mem_ctx, sizeof(char *) * count);
+
+	for (msg = ads_first_entry(ads, res); msg; msg = ads_next_entry(ads, msg)) {
+		uint32 atype, rid;
+		DOM_SID sid;
+
+		(*names)[*num_names] = ads_pull_string(ads, mem_ctx, msg, "sAMAccountName");
+		if (!ads_pull_uint32(ads, msg, "sAMAccountType", &atype)) {
+			continue;
+		}
+		(*name_types)[*num_names] = ads_atype_map(atype);
+		if (!ads_pull_sid(ads, msg, "objectSid", &sid)) {
+			DEBUG(1,("No sid for %s !?\n", (*names)[*num_names]));
+			continue;
+		}
+		if (!sid_peek_rid(&sid, &rid)) {
+			DEBUG(1,("No rid for %s !?\n", (*names)[*num_names]));
+			continue;
+		}
+		(*rid_mem)[*num_names] = rid;
+		(*num_names)++;
+	}	
+
+	status = NT_STATUS_OK;
+	DEBUG(3,("ads lookup_groupmem for rid=%d\n", group_rid));
+done:
+	if (res) ads_msgfree(ads, res);
+
+	return status;
+}
+
+/* find the sequence number for a domain */
+static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
+{
+	ADS_STRUCT *ads = NULL;
+	ADS_STATUS rc;
+
+	*seq = DOM_SEQUENCE_NONE;
+
+	ads = ads_cached_connection(domain);
+	if (!ads) return NT_STATUS_UNSUCCESSFUL;
+
+	rc = ads_USN(ads, seq);
+	if (!ADS_ERR_OK(rc)) {
+		/* its a dead connection */
+		ads_destroy(&ads);
+		domain->private = NULL;
+	}
+	return ads_ntstatus(rc);
+}
+
+/* get a list of trusted domains */
+static NTSTATUS trusted_domains(struct winbindd_domain *domain,
+				TALLOC_CTX *mem_ctx,
+				uint32 *num_domains,
+				char ***names,
+				DOM_SID **dom_sids)
+{
+	ADS_STRUCT *ads;
+	ADS_STATUS rc;
+
+	*num_domains = 0;
+	*names = NULL;
+
+	ads = ads_cached_connection(domain);
+	if (!ads) return NT_STATUS_UNSUCCESSFUL;
+
+	rc = ads_trusted_domains(ads, mem_ctx, num_domains, names, dom_sids);
+
+	return ads_ntstatus(rc);
+}
+
+/* find the domain sid for a domain */
+static NTSTATUS domain_sid(struct winbindd_domain *domain, DOM_SID *sid)
+{
+	ADS_STRUCT *ads;
+	ADS_STATUS rc;
+
+	ads = ads_cached_connection(domain);
+	if (!ads) return NT_STATUS_UNSUCCESSFUL;
+
+	rc = ads_domain_sid(ads, sid);
+
+	if (!ADS_ERR_OK(rc)) {
+		/* its a dead connection */
+		ads_destroy(&ads);
+		domain->private = NULL;
+	}
+
+	return ads_ntstatus(rc);
+}
+
+/* the ADS backend methods are exposed via this structure */
+struct winbindd_methods ads_methods = {
+	True,
+	query_user_list,
+	enum_dom_groups,
+	name_to_sid,
+	sid_to_name,
+	query_user,
+	lookup_usergroups,
+	lookup_groupmem,
+	sequence_number,
+	trusted_domains,
+	domain_sid
+};
+
+#endif
diff --git a/source3/nsswitch/winbindd_cache.c b/source3/nsswitch/winbindd_cache.c
new file mode 100644
index 0000000000..9bd95fdd86
--- /dev/null
+++ b/source3/nsswitch/winbindd_cache.c
@@ -0,0 +1,882 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Winbind cache backend functions
+
+   Copyright (C) Andrew Tridgell 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "winbindd.h"
+
+struct winbind_cache {
+	struct winbindd_methods *backend;
+	TDB_CONTEXT *tdb;
+};
+
+struct cache_entry {
+	NTSTATUS status;
+	uint32 sequence_number;
+	uint8 *data;
+	uint32 len, ofs;
+};
+
+#define WINBINDD_MAX_CACHE_SIZE (50*1024*1024)
+
+static struct winbind_cache *wcache;
+
+/* flush the cache */
+void wcache_flush_cache(void)
+{
+	extern BOOL opt_nocache;
+
+	if (!wcache) return;
+	if (wcache->tdb) {
+		tdb_close(wcache->tdb);
+		wcache->tdb = NULL;
+	}
+	if (opt_nocache) return;
+
+	wcache->tdb = tdb_open_log(lock_path("winbindd_cache.tdb"), 5000, 
+				   TDB_DEFAULT, O_RDWR | O_CREAT | O_TRUNC, 0600);
+
+	if (!wcache->tdb) {
+		DEBUG(0,("Failed to open winbindd_cache.tdb!\n"));
+	}
+}
+
+void winbindd_check_cache_size(time_t t)
+{
+	static time_t last_check_time;
+	struct stat st;
+
+	if (last_check_time == (time_t)0)
+		last_check_time = t;
+
+	if (t - last_check_time < 60 && t - last_check_time > 0)
+		return;
+
+	if (wcache == NULL || wcache->tdb == NULL) {
+		DEBUG(0, ("Unable to check size of tdb cache - cache not open !\n"));
+		return;
+	}
+
+	if (fstat(wcache->tdb->fd, &st) == -1) {
+		DEBUG(0, ("Unable to check size of tdb cache %s!\n", strerror(errno) ));
+		return;
+	}
+
+	if (st.st_size > WINBINDD_MAX_CACHE_SIZE) {
+		DEBUG(10,("flushing cache due to size (%lu) > (%lu)\n",
+			(unsigned long)st.st_size,
+			(unsigned long)WINBINDD_MAX_CACHE_SIZE));
+		wcache_flush_cache();
+	}
+}
+
+/* get the winbind_cache structure */
+static struct winbind_cache *get_cache(struct winbindd_domain *domain)
+{
+	extern struct winbindd_methods msrpc_methods;
+	struct winbind_cache *ret = wcache;
+
+	if (ret) return ret;
+	
+	ret = smb_xmalloc(sizeof(*ret));
+	ZERO_STRUCTP(ret);
+	switch (lp_security()) {
+#ifdef HAVE_ADS
+	case SEC_ADS: {
+		extern struct winbindd_methods ads_methods;
+		ret->backend = &ads_methods;
+		break;
+	}
+#endif
+	default:
+		ret->backend = &msrpc_methods;
+	}
+
+	wcache = ret;
+	wcache_flush_cache();
+
+	return ret;
+}
+
+/*
+  free a centry structure
+*/
+static void centry_free(struct cache_entry *centry)
+{
+	if (!centry) return;
+	SAFE_FREE(centry->data);
+	free(centry);
+}
+
+
+/*
+  pull a uint32 from a cache entry 
+*/
+static uint32 centry_uint32(struct cache_entry *centry)
+{
+	uint32 ret;
+	if (centry->len - centry->ofs < 4) {
+		DEBUG(0,("centry corruption? needed 4 bytes, have %d\n", 
+			 centry->len - centry->ofs));
+		smb_panic("centry_uint32");
+	}
+	ret = IVAL(centry->data, centry->ofs);
+	centry->ofs += 4;
+	return ret;
+}
+
+/*
+  pull a uint8 from a cache entry 
+*/
+static uint8 centry_uint8(struct cache_entry *centry)
+{
+	uint8 ret;
+	if (centry->len - centry->ofs < 1) {
+		DEBUG(0,("centry corruption? needed 1 bytes, have %d\n", 
+			 centry->len - centry->ofs));
+		smb_panic("centry_uint32");
+	}
+	ret = CVAL(centry->data, centry->ofs);
+	centry->ofs += 1;
+	return ret;
+}
+
+/* pull a string from a cache entry, using the supplied
+   talloc context 
+*/
+static char *centry_string(struct cache_entry *centry, TALLOC_CTX *mem_ctx)
+{
+	uint32 len;
+	char *ret;
+
+	len = centry_uint8(centry);
+
+	if (len == 0xFF) {
+		/* a deliberate NULL string */
+		return NULL;
+	}
+
+	if (centry->len - centry->ofs < len) {
+		DEBUG(0,("centry corruption? needed %d bytes, have %d\n", 
+			 len, centry->len - centry->ofs));
+		smb_panic("centry_string");
+	}
+
+	ret = talloc(mem_ctx, len+1);
+	if (!ret) {
+		smb_panic("centry_string out of memory\n");
+	}
+	memcpy(ret,centry->data + centry->ofs, len);
+	ret[len] = 0;
+	centry->ofs += len;
+	return ret;
+}
+
+/* the server is considered down if it can't give us a sequence number */
+static BOOL wcache_server_down(struct winbindd_domain *domain)
+{
+	if (!wcache->tdb) return False;
+	return (domain->sequence_number == DOM_SEQUENCE_NONE);
+}
+
+
+/*
+  refresh the domain sequence number. If force is True
+  then always refresh it, no matter how recently we fetched it
+*/
+static void refresh_sequence_number(struct winbindd_domain *domain, BOOL force)
+{
+	NTSTATUS status;
+	unsigned time_diff;
+
+	time_diff = time(NULL) - domain->last_seq_check;
+
+	/* see if we have to refetch the domain sequence number */
+	if (!force && (time_diff < lp_winbind_cache_time())) {
+		return;
+	}
+
+	status = wcache->backend->sequence_number(domain, &domain->sequence_number);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		domain->sequence_number = DOM_SEQUENCE_NONE;
+	}
+
+	domain->last_seq_check = time(NULL);
+}
+
+/*
+  decide if a cache entry has expired
+*/
+static BOOL centry_expired(struct winbindd_domain *domain, struct cache_entry *centry)
+{
+	/* if the server is OK and our cache entry came from when it was down then
+	   the entry is invalid */
+	if (domain->sequence_number != DOM_SEQUENCE_NONE && 
+	    centry->sequence_number == DOM_SEQUENCE_NONE) {
+		return True;
+	}
+
+	/* if the server is down or the cache entry is not older than the
+	   current sequence number then it is OK */
+	if (wcache_server_down(domain) || 
+	    centry->sequence_number == domain->sequence_number) {
+		return False;
+	}
+
+	/* it's expired */
+	return True;
+}
+
+/*
+  fetch an entry from the cache, with a varargs key. auto-fetch the sequence
+  number and return status
+*/
+static struct cache_entry *wcache_fetch(struct winbind_cache *cache, 
+					struct winbindd_domain *domain,
+					const char *format, ...)
+{
+	va_list ap;
+	char *kstr;
+	TDB_DATA data;
+	struct cache_entry *centry;
+	TDB_DATA key;
+
+	refresh_sequence_number(domain, False);
+
+	va_start(ap, format);
+	smb_xvasprintf(&kstr, format, ap);
+	va_end(ap);
+	
+	key.dptr = kstr;
+	key.dsize = strlen(kstr);
+	data = tdb_fetch(wcache->tdb, key);
+	free(kstr);
+	if (!data.dptr) {
+		/* a cache miss */
+		return NULL;
+	}
+
+	centry = smb_xmalloc(sizeof(*centry));
+	centry->data = data.dptr;
+	centry->len = data.dsize;
+	centry->ofs = 0;
+
+	if (centry->len < 8) {
+		/* huh? corrupt cache? */
+		centry_free(centry);
+		return NULL;
+	}
+	
+	centry->status = NT_STATUS(centry_uint32(centry));
+	centry->sequence_number = centry_uint32(centry);
+
+	if (centry_expired(domain, centry)) {
+		centry_free(centry);
+		return NULL;
+	}
+
+	return centry;
+}
+
+/*
+  make sure we have at least len bytes available in a centry 
+*/
+static void centry_expand(struct cache_entry *centry, uint32 len)
+{
+	uint8 *p;
+	if (centry->len - centry->ofs >= len) return;
+	centry->len *= 2;
+	p = realloc(centry->data, centry->len);
+	if (!p) {
+		DEBUG(0,("out of memory: needed %d bytes in centry_expand\n", centry->len));
+		smb_panic("out of memory in centry_expand");
+	}
+	centry->data = p;
+}
+
+/*
+  push a uint32 into a centry 
+*/
+static void centry_put_uint32(struct cache_entry *centry, uint32 v)
+{
+	centry_expand(centry, 4);
+	SIVAL(centry->data, centry->ofs, v);
+	centry->ofs += 4;
+}
+
+/*
+  push a uint8 into a centry 
+*/
+static void centry_put_uint8(struct cache_entry *centry, uint8 v)
+{
+	centry_expand(centry, 1);
+	SCVAL(centry->data, centry->ofs, v);
+	centry->ofs += 1;
+}
+
+/* 
+   push a string into a centry 
+ */
+static void centry_put_string(struct cache_entry *centry, const char *s)
+{
+	int len;
+
+	if (!s) {
+		/* null strings are marked as len 0xFFFF */
+		centry_put_uint8(centry, 0xFF);
+		return;
+	}
+
+	len = strlen(s);
+	/* can't handle more than 254 char strings. Truncating is probably best */
+	if (len > 254) len = 254;
+	centry_put_uint8(centry, len);
+	centry_expand(centry, len);
+	memcpy(centry->data + centry->ofs, s, len);
+	centry->ofs += len;
+}
+
+/*
+  start a centry for output. When finished, call centry_end()
+*/
+struct cache_entry *centry_start(struct winbindd_domain *domain, NTSTATUS status)
+{
+	struct cache_entry *centry;
+
+	if (!wcache->tdb) return NULL;
+
+	centry = smb_xmalloc(sizeof(*centry));
+
+	centry->len = 8192; /* reasonable default */
+	centry->data = smb_xmalloc(centry->len);
+	centry->ofs = 0;
+	centry->sequence_number = domain->sequence_number;
+	centry_put_uint32(centry, NT_STATUS_V(status));
+	centry_put_uint32(centry, centry->sequence_number);
+	return centry;
+}
+
+/*
+  finish a centry and write it to the tdb
+*/
+static void centry_end(struct cache_entry *centry, const char *format, ...)
+{
+	va_list ap;
+	char *kstr;
+	TDB_DATA key, data;
+
+	va_start(ap, format);
+	smb_xvasprintf(&kstr, format, ap);
+	va_end(ap);
+
+	key.dptr = kstr;
+	key.dsize = strlen(kstr);
+	data.dptr = centry->data;
+	data.dsize = centry->ofs;
+
+	tdb_store(wcache->tdb, key, data, TDB_REPLACE);
+	free(kstr);
+}
+
+/* form a sid from the domain plus rid */
+static DOM_SID *form_sid(struct winbindd_domain *domain, uint32 rid)
+{
+	static DOM_SID sid;
+	sid_copy(&sid, &domain->sid);
+	sid_append_rid(&sid, rid);
+	return &sid;
+}
+
+static void wcache_save_name_to_sid(struct winbindd_domain *domain, NTSTATUS status, 
+				    const char *name, DOM_SID *sid, enum SID_NAME_USE type)
+{
+	struct cache_entry *centry;
+	uint32 len;
+
+	centry = centry_start(domain, status);
+	if (!centry) return;
+	len = sid_size(sid);
+	centry_expand(centry, len);
+	centry_put_uint32(centry, type);
+	sid_linearize(centry->data + centry->ofs, len, sid);
+	centry->ofs += len;
+	centry_end(centry, "NS/%s/%s", domain->name, name);
+	centry_free(centry);
+}
+
+static void wcache_save_sid_to_name(struct winbindd_domain *domain, NTSTATUS status, 
+				    DOM_SID *sid, const char *name, enum SID_NAME_USE type, uint32 rid)
+{
+	struct cache_entry *centry;
+
+	centry = centry_start(domain, status);
+	if (!centry) return;
+	if (NT_STATUS_IS_OK(status)) {
+		centry_put_uint32(centry, type);
+		centry_put_string(centry, name);
+	}
+	centry_end(centry, "SN/%s/%d", domain->name, rid);
+	centry_free(centry);
+}
+
+
+static void wcache_save_user(struct winbindd_domain *domain, NTSTATUS status, WINBIND_USERINFO *info)
+{
+	struct cache_entry *centry;
+
+	centry = centry_start(domain, status);
+	if (!centry) return;
+	centry_put_string(centry, info->acct_name);
+	centry_put_string(centry, info->full_name);
+	centry_put_uint32(centry, info->user_rid);
+	centry_put_uint32(centry, info->group_rid);
+	centry_end(centry, "U/%s/%x", domain->name, info->user_rid);
+	centry_free(centry);
+}
+
+
+/* Query display info. This is the basic user list fn */
+static NTSTATUS query_user_list(struct winbindd_domain *domain,
+				TALLOC_CTX *mem_ctx,
+				uint32 *num_entries, 
+				WINBIND_USERINFO **info)
+{
+	struct winbind_cache *cache = get_cache(domain);
+	struct cache_entry *centry = NULL;
+	NTSTATUS status;
+	int i;
+
+	if (!cache->tdb) goto do_query;
+
+	centry = wcache_fetch(cache, domain, "UL/%s", domain->name);
+	if (!centry) goto do_query;
+
+	*num_entries = centry_uint32(centry);
+	
+	if (*num_entries == 0) goto do_cached;
+
+	(*info) = talloc(mem_ctx, sizeof(**info) * (*num_entries));
+	if (! (*info)) smb_panic("query_user_list out of memory");
+	for (i=0; i<(*num_entries); i++) {
+		(*info)[i].acct_name = centry_string(centry, mem_ctx);
+		(*info)[i].full_name = centry_string(centry, mem_ctx);
+		(*info)[i].user_rid = centry_uint32(centry);
+		(*info)[i].group_rid = centry_uint32(centry);
+	}
+
+do_cached:	
+	status = centry->status;
+	centry_free(centry);
+	return status;
+
+do_query:
+	*num_entries = 0;
+	*info = NULL;
+
+	if (wcache_server_down(domain)) {
+		return NT_STATUS_SERVER_DISABLED;
+	}
+
+	status = cache->backend->query_user_list(domain, mem_ctx, num_entries, info);
+
+	/* and save it */
+	refresh_sequence_number(domain, True);
+	centry = centry_start(domain, status);
+	if (!centry) goto skip_save;
+	centry_put_uint32(centry, *num_entries);
+	for (i=0; i<(*num_entries); i++) {
+		centry_put_string(centry, (*info)[i].acct_name);
+		centry_put_string(centry, (*info)[i].full_name);
+		centry_put_uint32(centry, (*info)[i].user_rid);
+		centry_put_uint32(centry, (*info)[i].group_rid);
+		if (cache->backend->consistent) {
+			/* when the backend is consistent we can pre-prime some mappings */
+			wcache_save_name_to_sid(domain, NT_STATUS_OK, 
+						(*info)[i].acct_name, 
+						form_sid(domain, (*info)[i].user_rid),
+						SID_NAME_USER);
+			wcache_save_sid_to_name(domain, NT_STATUS_OK, 
+						form_sid(domain, (*info)[i].user_rid),
+						(*info)[i].acct_name, 
+						SID_NAME_USER, (*info)[i].user_rid);
+			wcache_save_user(domain, NT_STATUS_OK, &(*info)[i]);
+		}
+	}	
+	centry_end(centry, "UL/%s", domain->name);
+	centry_free(centry);
+
+skip_save:
+	return status;
+}
+
+/* list all domain groups */
+static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
+				TALLOC_CTX *mem_ctx,
+				uint32 *num_entries, 
+				struct acct_info **info)
+{
+	struct winbind_cache *cache = get_cache(domain);
+	struct cache_entry *centry = NULL;
+	NTSTATUS status;
+	int i;
+
+	if (!cache->tdb) goto do_query;
+
+	centry = wcache_fetch(cache, domain, "GL/%s", domain->name);
+	if (!centry) goto do_query;
+
+	*num_entries = centry_uint32(centry);
+	
+	if (*num_entries == 0) goto do_cached;
+
+	(*info) = talloc(mem_ctx, sizeof(**info) * (*num_entries));
+	if (! (*info)) smb_panic("enum_dom_groups out of memory");
+	for (i=0; i<(*num_entries); i++) {
+		fstrcpy((*info)[i].acct_name, centry_string(centry, mem_ctx));
+		fstrcpy((*info)[i].acct_desc, centry_string(centry, mem_ctx));
+		(*info)[i].rid = centry_uint32(centry);
+	}
+
+do_cached:	
+	status = centry->status;
+	centry_free(centry);
+	return status;
+
+do_query:
+	*num_entries = 0;
+	*info = NULL;
+
+	if (wcache_server_down(domain)) {
+		return NT_STATUS_SERVER_DISABLED;
+	}
+
+	status = cache->backend->enum_dom_groups(domain, mem_ctx, num_entries, info);
+
+	/* and save it */
+	refresh_sequence_number(domain, True);
+	centry = centry_start(domain, status);
+	if (!centry) goto skip_save;
+	centry_put_uint32(centry, *num_entries);
+	for (i=0; i<(*num_entries); i++) {
+		centry_put_string(centry, (*info)[i].acct_name);
+		centry_put_string(centry, (*info)[i].acct_desc);
+		centry_put_uint32(centry, (*info)[i].rid);
+	}	
+	centry_end(centry, "GL/%s", domain->name);
+	centry_free(centry);
+
+skip_save:
+	return status;
+}
+
+
+/* convert a single name to a sid in a domain */
+static NTSTATUS name_to_sid(struct winbindd_domain *domain,
+			    const char *name,
+			    DOM_SID *sid,
+			    enum SID_NAME_USE *type)
+{
+	struct winbind_cache *cache = get_cache(domain);
+	struct cache_entry *centry = NULL;
+	NTSTATUS status;
+
+	if (!cache->tdb) goto do_query;
+
+	centry = wcache_fetch(cache, domain, "NS/%s/%s", domain->name, name);
+	if (!centry) goto do_query;
+	*type = centry_uint32(centry);
+	sid_parse(centry->data + centry->ofs, centry->len - centry->ofs, sid);
+
+	status = centry->status;
+	centry_free(centry);
+	return status;
+
+do_query:
+	ZERO_STRUCTP(sid);
+
+	if (wcache_server_down(domain)) {
+		return NT_STATUS_SERVER_DISABLED;
+	}
+	status = cache->backend->name_to_sid(domain, name, sid, type);
+
+	/* and save it */
+	wcache_save_name_to_sid(domain, status, name, sid, *type);
+
+	return status;
+}
+
+/* convert a sid to a user or group name. The sid is guaranteed to be in the domain
+   given */
+static NTSTATUS sid_to_name(struct winbindd_domain *domain,
+			    TALLOC_CTX *mem_ctx,
+			    DOM_SID *sid,
+			    char **name,
+			    enum SID_NAME_USE *type)
+{
+	struct winbind_cache *cache = get_cache(domain);
+	struct cache_entry *centry = NULL;
+	NTSTATUS status;
+	uint32 rid = 0;
+
+	sid_peek_rid(sid, &rid);
+
+	if (!cache->tdb) goto do_query;
+
+	centry = wcache_fetch(cache, domain, "SN/%s/%d", domain->name, rid);
+	if (!centry) goto do_query;
+	if (NT_STATUS_IS_OK(centry->status)) {
+		*type = centry_uint32(centry);
+		*name = centry_string(centry, mem_ctx);
+	}
+	status = centry->status;
+	centry_free(centry);
+	return status;
+
+do_query:
+	*name = NULL;
+
+	if (wcache_server_down(domain)) {
+		return NT_STATUS_SERVER_DISABLED;
+	}
+	status = cache->backend->sid_to_name(domain, mem_ctx, sid, name, type);
+
+	/* and save it */
+	refresh_sequence_number(domain, True);
+	wcache_save_sid_to_name(domain, status, sid, *name, *type, rid);
+
+	return status;
+}
+
+
+/* Lookup user information from a rid */
+static NTSTATUS query_user(struct winbindd_domain *domain, 
+			   TALLOC_CTX *mem_ctx, 
+			   uint32 user_rid, 
+			   WINBIND_USERINFO *info)
+{
+	struct winbind_cache *cache = get_cache(domain);
+	struct cache_entry *centry = NULL;
+	NTSTATUS status;
+
+	if (!cache->tdb) goto do_query;
+
+	centry = wcache_fetch(cache, domain, "U/%s/%x", domain->name, user_rid);
+	if (!centry) goto do_query;
+
+	info->acct_name = centry_string(centry, mem_ctx);
+	info->full_name = centry_string(centry, mem_ctx);
+	info->user_rid = centry_uint32(centry);
+	info->group_rid = centry_uint32(centry);
+	status = centry->status;
+	centry_free(centry);
+	return status;
+
+do_query:
+	ZERO_STRUCTP(info);
+
+	if (wcache_server_down(domain)) {
+		return NT_STATUS_SERVER_DISABLED;
+	}
+	
+	status = cache->backend->query_user(domain, mem_ctx, user_rid, info);
+
+	/* and save it */
+	refresh_sequence_number(domain, True);
+	wcache_save_user(domain, status, info);
+
+	return status;
+}
+
+
+/* Lookup groups a user is a member of. */
+static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
+				  TALLOC_CTX *mem_ctx,
+				  uint32 user_rid, 
+				  uint32 *num_groups, uint32 **user_gids)
+{
+	struct winbind_cache *cache = get_cache(domain);
+	struct cache_entry *centry = NULL;
+	NTSTATUS status;
+	int i;
+
+	if (!cache->tdb) goto do_query;
+
+	centry = wcache_fetch(cache, domain, "UG/%s/%x", domain->name, user_rid);
+	if (!centry) goto do_query;
+
+	*num_groups = centry_uint32(centry);
+	
+	if (*num_groups == 0) goto do_cached;
+
+	(*user_gids) = talloc(mem_ctx, sizeof(**user_gids) * (*num_groups));
+	if (! (*user_gids)) smb_panic("lookup_usergroups out of memory");
+	for (i=0; i<(*num_groups); i++) {
+		(*user_gids)[i] = centry_uint32(centry);
+	}
+
+do_cached:	
+	status = centry->status;
+	centry_free(centry);
+	return status;
+
+do_query:
+	(*num_groups) = 0;
+	(*user_gids) = NULL;
+
+	if (wcache_server_down(domain)) {
+		return NT_STATUS_SERVER_DISABLED;
+	}
+	status = cache->backend->lookup_usergroups(domain, mem_ctx, user_rid, num_groups, user_gids);
+
+	/* and save it */
+	refresh_sequence_number(domain, True);
+	centry = centry_start(domain, status);
+	if (!centry) goto skip_save;
+	centry_put_uint32(centry, *num_groups);
+	for (i=0; i<(*num_groups); i++) {
+		centry_put_uint32(centry, (*user_gids)[i]);
+	}	
+	centry_end(centry, "UG/%s/%x", domain->name, user_rid);
+	centry_free(centry);
+
+skip_save:
+	return status;
+}
+
+
+static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
+				TALLOC_CTX *mem_ctx,
+				uint32 group_rid, uint32 *num_names, 
+				uint32 **rid_mem, char ***names, 
+				uint32 **name_types)
+{
+	struct winbind_cache *cache = get_cache(domain);
+	struct cache_entry *centry = NULL;
+	NTSTATUS status;
+	int i;
+
+	if (!cache->tdb) goto do_query;
+
+	centry = wcache_fetch(cache, domain, "GM/%s/%x", domain->name, group_rid);
+	if (!centry) goto do_query;
+
+	*num_names = centry_uint32(centry);
+	
+	if (*num_names == 0) goto do_cached;
+
+	(*rid_mem) = talloc(mem_ctx, sizeof(**rid_mem) * (*num_names));
+	(*names) = talloc(mem_ctx, sizeof(**names) * (*num_names));
+	(*name_types) = talloc(mem_ctx, sizeof(**name_types) * (*num_names));
+
+	if (! (*rid_mem) || ! (*names) || ! (*name_types)) {
+		smb_panic("lookup_groupmem out of memory");
+	}
+
+	for (i=0; i<(*num_names); i++) {
+		(*rid_mem)[i] = centry_uint32(centry);
+		(*names)[i] = centry_string(centry, mem_ctx);
+		(*name_types)[i] = centry_uint32(centry);
+	}
+
+do_cached:	
+	status = centry->status;
+	centry_free(centry);
+	return status;
+
+do_query:
+	(*num_names) = 0;
+	(*rid_mem) = NULL;
+	(*names) = NULL;
+	(*name_types) = NULL;
+	
+
+	if (wcache_server_down(domain)) {
+		return NT_STATUS_SERVER_DISABLED;
+	}
+	status = cache->backend->lookup_groupmem(domain, mem_ctx, group_rid, num_names, 
+						 rid_mem, names, name_types);
+
+	/* and save it */
+	refresh_sequence_number(domain, True);
+	centry = centry_start(domain, status);
+	if (!centry) goto skip_save;
+	centry_put_uint32(centry, *num_names);
+	for (i=0; i<(*num_names); i++) {
+		centry_put_uint32(centry, (*rid_mem)[i]);
+		centry_put_string(centry, (*names)[i]);
+		centry_put_uint32(centry, (*name_types)[i]);
+	}	
+	centry_end(centry, "GM/%s/%x", domain->name, group_rid);
+	centry_free(centry);
+
+skip_save:
+	return status;
+}
+
+/* find the sequence number for a domain */
+static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
+{
+	refresh_sequence_number(domain, False);
+
+	*seq = domain->sequence_number;
+
+	return NT_STATUS_OK;
+}
+
+/* enumerate trusted domains */
+static NTSTATUS trusted_domains(struct winbindd_domain *domain,
+				TALLOC_CTX *mem_ctx,
+				uint32 *num_domains,
+				char ***names,
+				DOM_SID **dom_sids)
+{
+	struct winbind_cache *cache = get_cache(domain);
+
+	/* we don't cache this call */
+	return cache->backend->trusted_domains(domain, mem_ctx, num_domains, 
+					       names, dom_sids);
+}
+
+/* find the domain sid */
+static NTSTATUS domain_sid(struct winbindd_domain *domain, DOM_SID *sid)
+{
+	struct winbind_cache *cache = get_cache(domain);
+
+	/* we don't cache this call */
+	return cache->backend->domain_sid(domain, sid);
+}
+
+/* the ADS backend methods are exposed via this structure */
+struct winbindd_methods cache_methods = {
+	True,
+	query_user_list,
+	enum_dom_groups,
+	name_to_sid,
+	sid_to_name,
+	query_user,
+	lookup_usergroups,
+	lookup_groupmem,
+	sequence_number,
+	trusted_domains,
+	domain_sid
+};
+
+
diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c
new file mode 100644
index 0000000000..ce484795f8
--- /dev/null
+++ b/source3/nsswitch/winbindd_cm.c
@@ -0,0 +1,856 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Winbind daemon connection manager
+
+   Copyright (C) Tim Potter 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	 See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+/*
+   We need to manage connections to domain controllers without having to
+   mess up the main winbindd code with other issues.  The aim of the
+   connection manager is to:
+  
+       - make connections to domain controllers and cache them
+       - re-establish connections when networks or servers go down
+       - centralise the policy on connection timeouts, domain controller
+	 selection etc
+       - manage re-entrancy for when winbindd becomes able to handle
+	 multiple outstanding rpc requests
+  
+   Why not have connection management as part of the rpc layer like tng?
+   Good question.  This code may morph into libsmb/rpc_cache.c or something
+   like that but at the moment it's simply staying as part of winbind.	I
+   think the TNG architecture of forcing every user of the rpc layer to use
+   the connection caching system is a bad idea.	 It should be an optional
+   method of using the routines.
+
+   The TNG design is quite good but I disagree with some aspects of the
+   implementation. -tpot
+
+ */
+
+/*
+   TODO:
+
+     - I'm pretty annoyed by all the make_nmb_name() stuff.  It should be
+       moved down into another function.
+
+     - There needs to be a utility function in libsmb/namequery.c that does
+       cm_get_dc_name() 
+
+     - Take care when destroying cli_structs as they can be shared between
+       various sam handles.
+
+ */
+
+#include "winbindd.h"
+
+/* Global list of connections.	Initially a DLIST but can become a hash
+   table or whatever later. */
+
+struct winbindd_cm_conn {
+	struct winbindd_cm_conn *prev, *next;
+	fstring domain;
+	fstring controller;
+	fstring pipe_name;
+	struct cli_state *cli;
+	POLICY_HND pol;
+};
+
+static struct winbindd_cm_conn *cm_conns = NULL;
+
+/* Get a domain controller name.  Cache positive and negative lookups so we
+   don't go to the network too often when something is badly broken. */
+
+#define GET_DC_NAME_CACHE_TIMEOUT 30 /* Seconds between dc lookups */
+
+struct get_dc_name_cache {
+	fstring domain_name;
+	fstring srv_name;
+	time_t lookup_time;
+	struct get_dc_name_cache *prev, *next;
+};
+
+static BOOL cm_get_dc_name(const char *domain, fstring srv_name, struct in_addr *ip_out)
+{
+	static struct get_dc_name_cache *get_dc_name_cache;
+	struct get_dc_name_cache *dcc;
+	struct in_addr *ip_list, dc_ip;
+	int count, i;
+
+	/* Check the cache for previous lookups */
+
+	for (dcc = get_dc_name_cache; dcc; dcc = dcc->next) {
+
+		if (!strequal(domain, dcc->domain_name))
+			continue; /* Not our domain */
+
+		if ((time(NULL) - dcc->lookup_time) > 
+		    GET_DC_NAME_CACHE_TIMEOUT) {
+
+			/* Cache entry has expired, delete it */
+
+			DEBUG(10, ("get_dc_name_cache entry expired for %s\n", domain));
+
+			DLIST_REMOVE(get_dc_name_cache, dcc);
+			SAFE_FREE(dcc);
+
+			break;
+		}
+
+		/* Return a positive or negative lookup for this domain */
+
+		if (dcc->srv_name[0]) {
+			DEBUG(10, ("returning positive get_dc_name_cache entry for %s\n", domain));
+			fstrcpy(srv_name, dcc->srv_name);
+			return True;
+		} else {
+			DEBUG(10, ("returning negative get_dc_name_cache entry for %s\n", domain));
+			return False;
+		}
+	}
+
+	/* Add cache entry for this lookup. */
+
+	DEBUG(10, ("Creating get_dc_name_cache entry for %s\n", domain));
+
+	if (!(dcc = (struct get_dc_name_cache *) 
+	      malloc(sizeof(struct get_dc_name_cache))))
+		return False;
+
+	ZERO_STRUCTP(dcc);
+
+	fstrcpy(dcc->domain_name, domain);
+	dcc->lookup_time = time(NULL);
+
+	DLIST_ADD(get_dc_name_cache, dcc);
+
+	/* Lookup domain controller name. Try the real PDC first to avoid
+	   SAM sync delays */
+	if (!get_dc_list(True, domain, &ip_list, &count)) {
+		if (!get_dc_list(False, domain, &ip_list, &count)) {
+			DEBUG(3, ("Could not look up dc's for domain %s\n", domain));
+			return False;
+		}
+	}
+
+	/* Pick a nice close server */
+	/* Look for DC on local net */
+
+	for (i = 0; i < count; i++) {
+		if (!is_local_net(ip_list[i]))
+			continue;
+		
+		if (name_status_find(domain, 0x1c, 0x20, ip_list[i], srv_name)) {
+			dc_ip = ip_list[i];
+			goto done;
+		}
+		zero_ip(&ip_list[i]);
+	}
+
+	/*
+	 * Secondly try and contact a random PDC/BDC.
+	 */
+
+	i = (sys_random() % count);
+
+	if (!is_zero_ip(ip_list[i]) &&
+	    name_status_find(domain, 0x1c, 0x20,
+			     ip_list[i], srv_name)) {
+		dc_ip = ip_list[i];
+		goto done;
+	}
+	zero_ip(&ip_list[i]); /* Tried and failed. */
+
+	/* Finally return first DC that we can contact */
+
+	for (i = 0; i < count; i++) {
+		if (is_zero_ip(ip_list[i]))
+			continue;
+
+		if (name_status_find(domain, 0x1c, 0x20, ip_list[i], srv_name)) {
+			dc_ip = ip_list[i];
+			goto done;
+		}
+	}
+
+	/* No-one to talk to )-: */
+	return False;		/* Boo-hoo */
+	
+ done:
+	/* We have the netbios name and IP address of a domain controller.
+	   Ideally we should sent a SAMLOGON request to determine whether
+	   the DC is alive and kicking.  If we can catch a dead DC before
+	   performing a cli_connect() we can avoid a 30-second timeout. */
+
+	/* We have a name so make the cache entry positive now */
+
+	fstrcpy(dcc->srv_name, srv_name);
+
+	DEBUG(3, ("cm_get_dc_name: Returning DC %s (%s) for domain %s\n", srv_name,
+		  inet_ntoa(dc_ip), domain));
+
+	*ip_out = dc_ip;
+
+	SAFE_FREE(ip_list);
+
+	return True;
+}
+
+/* Choose between anonymous or authenticated connections.  We need to use
+   an authenticated connection if DCs have the RestrictAnonymous registry
+   entry set > 0, or the "Additional restrictions for anonymous
+   connections" set in the win2k Local Security Policy. 
+   
+   Caller to free() result in domain, username, password
+*/
+
+static void cm_get_ipc_userpass(char **username, char **domain, char **password)
+{
+	*username = secrets_fetch(SECRETS_AUTH_USER, NULL);
+	*domain = secrets_fetch(SECRETS_AUTH_DOMAIN, NULL);
+	*password = secrets_fetch(SECRETS_AUTH_PASSWORD, NULL);
+	
+	if (*username && **username) {
+		if (!*domain || !**domain) {
+			*domain = smb_xstrdup(lp_workgroup());
+		}
+		
+		DEBUG(3, ("IPC$ connections done by user %s\\%s\n", *domain, *username));
+	} else {
+		DEBUG(3, ("IPC$ connections done anonymously\n"));
+		*username = smb_xstrdup("");
+		*domain = smb_xstrdup("");
+		*password = smb_xstrdup("");
+	}
+}
+
+/* Open a new smb pipe connection to a DC on a given domain.  Cache
+   negative creation attempts so we don't try and connect to broken
+   machines too often. */
+
+#define FAILED_CONNECTION_CACHE_TIMEOUT 30 /* Seconds between attempts */
+
+struct failed_connection_cache {
+	fstring domain_name;
+	fstring controller;
+	time_t lookup_time;
+	NTSTATUS nt_status;
+	struct failed_connection_cache *prev, *next;
+};
+
+static struct failed_connection_cache *failed_connection_cache;
+
+/* Add an entry to the failed conneciton cache */
+
+static void add_failed_connection_entry(struct winbindd_cm_conn *new_conn, NTSTATUS result) {
+	struct failed_connection_cache *fcc;
+
+	SMB_ASSERT(!NT_STATUS_IS_OK(result));
+
+	/* Create negative lookup cache entry for this domain and controller */
+
+	if (!(fcc = (struct failed_connection_cache *)
+	      malloc(sizeof(struct failed_connection_cache)))) {
+		DEBUG(0, ("malloc failed in add_failed_connection_entry!\n"));
+		return;
+	}
+	
+	ZERO_STRUCTP(fcc);
+	
+	fstrcpy(fcc->domain_name, new_conn->domain);
+	fstrcpy(fcc->controller, new_conn->controller);
+	fcc->lookup_time = time(NULL);
+	fcc->nt_status = result;
+	
+	DLIST_ADD(failed_connection_cache, fcc);
+}
+	
+/* Open a connction to the remote server, cache failures for 30 seconds */
+
+static NTSTATUS cm_open_connection(const char *domain,const char *pipe_name,
+			       struct winbindd_cm_conn *new_conn)
+{
+	struct failed_connection_cache *fcc;
+	extern pstring global_myname;
+	NTSTATUS result;
+	char *ipc_username, *ipc_domain, *ipc_password;
+	struct in_addr dc_ip;
+
+	ZERO_STRUCT(dc_ip);
+
+	fstrcpy(new_conn->domain, domain);
+	fstrcpy(new_conn->pipe_name, pipe_name);
+	
+	/* Look for a domain controller for this domain.  Negative results
+	   are cached so don't bother applying the caching for this
+	   function just yet.  */
+
+	if (!cm_get_dc_name(domain, new_conn->controller, &dc_ip)) {
+		result = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
+		add_failed_connection_entry(new_conn, result);
+		return result;
+	}
+		
+	/* Return false if we have tried to look up this domain and netbios
+	   name before and failed. */
+
+	for (fcc = failed_connection_cache; fcc; fcc = fcc->next) {
+		
+		if (!(strequal(domain, fcc->domain_name) &&
+		      strequal(new_conn->controller, fcc->controller)))
+			continue; /* Not our domain */
+
+		if ((time(NULL) - fcc->lookup_time) > 
+		    FAILED_CONNECTION_CACHE_TIMEOUT) {
+
+			/* Cache entry has expired, delete it */
+
+			DEBUG(10, ("cm_open_connection cache entry expired for %s, %s\n", domain, new_conn->controller));
+
+			DLIST_REMOVE(failed_connection_cache, fcc);
+			free(fcc);
+
+			break;
+		}
+
+		/* The timeout hasn't expired yet so return false */
+
+		DEBUG(10, ("returning negative open_connection_cache entry for %s, %s\n", domain, new_conn->controller));
+
+		result = fcc->nt_status;
+		SMB_ASSERT(!NT_STATUS_IS_OK(result));
+		return result;
+	}
+
+	/* Initialise SMB connection */
+
+	cm_get_ipc_userpass(&ipc_username, &ipc_domain, &ipc_password);
+
+	DEBUG(5, ("connecting to %s from %s with username [%s]\\[%s]\n", 
+	      new_conn->controller, global_myname, ipc_domain, ipc_username));
+
+	result = cli_full_connection(&(new_conn->cli), global_myname, new_conn->controller, 
+				     &dc_ip, 0, "IPC$", 
+				     "IPC", ipc_username, ipc_domain, 
+				     ipc_password, strlen(ipc_password));
+
+	SAFE_FREE(ipc_username);
+	SAFE_FREE(ipc_domain);
+	SAFE_FREE(ipc_password);
+
+	if (!NT_STATUS_IS_OK(result)) {
+		add_failed_connection_entry(new_conn, result);
+		return result;
+	}
+	
+	if (!cli_nt_session_open (new_conn->cli, pipe_name)) {
+		result = NT_STATUS_PIPE_NOT_AVAILABLE;
+		add_failed_connection_entry(new_conn, result);
+		cli_shutdown(new_conn->cli);
+		return result;
+	}
+
+	return NT_STATUS_OK;
+}
+
+/* Return true if a connection is still alive */
+
+static BOOL connection_ok(struct winbindd_cm_conn *conn)
+{
+	if (!conn) {
+		smb_panic("Invalid paramater passed to conneciton_ok():  conn was NULL!\n");
+		return False;
+	}
+
+	if (!conn->cli) {
+		DEBUG(0, ("Connection to %s for domain %s (pipe %s) has NULL conn->cli!\n", 
+			  conn->controller, conn->domain, conn->pipe_name));
+		smb_panic("connection_ok: conn->cli was null!");
+		return False;
+	}
+
+	if (!conn->cli->initialised) {
+		DEBUG(0, ("Connection to %s for domain %s (pipe %s) was never initialised!\n", 
+			  conn->controller, conn->domain, conn->pipe_name));
+		smb_panic("connection_ok: conn->cli->initialised is False!");
+		return False;
+	}
+
+	if (conn->cli->fd == -1) {
+		DEBUG(3, ("Connection to %s for domain %s (pipe %s) has died or was never started (fd == -1)\n", 
+			  conn->controller, conn->domain, conn->pipe_name));
+		return False;
+	}
+	
+	return True;
+}
+
+/* Get a connection to the remote DC and open the pipe.  If there is already a connection, use that */
+
+static NTSTATUS get_connection_from_cache(const char *domain, const char *pipe_name, struct winbindd_cm_conn **conn_out) 
+{
+	struct winbindd_cm_conn *conn, conn_temp;
+	NTSTATUS result;
+
+	for (conn = cm_conns; conn; conn = conn->next) {
+		if (strequal(conn->domain, domain) && 
+		    strequal(conn->pipe_name, pipe_name)) {
+			if (!connection_ok(conn)) {
+				if (conn->cli) {
+					cli_shutdown(conn->cli);
+				}
+				ZERO_STRUCT(conn_temp);
+				conn_temp.next = conn->next;
+				DLIST_REMOVE(cm_conns, conn);
+				SAFE_FREE(conn);
+				conn = &conn_temp;  /* Just to keep the loop moving */
+			} else {
+				break;
+			}
+		}
+	}
+	
+	if (!conn) {
+		if (!(conn = malloc(sizeof(*conn))))
+			return NT_STATUS_NO_MEMORY;
+		
+		ZERO_STRUCTP(conn);
+		
+		if (!NT_STATUS_IS_OK(result = cm_open_connection(domain, pipe_name, conn))) {
+			DEBUG(3, ("Could not open a connection to %s for %s (%s)\n", 
+				  domain, pipe_name, nt_errstr(result)));
+		        SAFE_FREE(conn);
+			return result;
+		}
+		DLIST_ADD(cm_conns, conn);		
+	}
+	
+	*conn_out = conn;
+	return NT_STATUS_OK;
+}
+
+/* Return a LSA policy handle on a domain */
+
+CLI_POLICY_HND *cm_get_lsa_handle(char *domain)
+{
+	struct winbindd_cm_conn *conn;
+	uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
+	NTSTATUS result;
+	static CLI_POLICY_HND hnd;
+
+	/* Look for existing connections */
+
+	if (!NT_STATUS_IS_OK(result = get_connection_from_cache(domain, PIPE_LSARPC, &conn))) {
+		return NULL;
+	}
+
+	/* This *shitty* code needs scrapping ! JRA */
+	if (policy_handle_is_valid(&conn->pol)) {
+		hnd.pol = conn->pol;
+		hnd.cli = conn->cli;
+		return &hnd;
+	}
+	
+	result = cli_lsa_open_policy(conn->cli, conn->cli->mem_ctx, False, 
+				     des_access, &conn->pol);
+
+	if (!NT_STATUS_IS_OK(result)) {
+		/* Hit the cache code again.  This cleans out the old connection and gets a new one */
+		if (conn->cli->fd == -1) { /* Try again, if the remote host disapeared */
+			if (!NT_STATUS_IS_OK(result = get_connection_from_cache(domain, PIPE_LSARPC, &conn))) {
+				return NULL;
+			}
+
+			result = cli_lsa_open_policy(conn->cli, conn->cli->mem_ctx, False, 
+						     des_access, &conn->pol);
+		}
+
+		if (!NT_STATUS_IS_OK(result)) {
+			cli_shutdown(conn->cli);
+			DLIST_REMOVE(cm_conns, conn);
+			SAFE_FREE(conn);
+			return NULL;
+		}
+	}	
+
+	hnd.pol = conn->pol;
+	hnd.cli = conn->cli;
+
+	return &hnd;
+}
+
+/* Return a SAM policy handle on a domain */
+
+CLI_POLICY_HND *cm_get_sam_handle(char *domain)
+{ 
+	struct winbindd_cm_conn *conn;
+	uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
+	NTSTATUS result;
+	static CLI_POLICY_HND hnd;
+
+	/* Look for existing connections */
+
+	if (!NT_STATUS_IS_OK(result = get_connection_from_cache(domain, PIPE_SAMR, &conn))) {
+		return NULL;
+	}
+	
+	/* This *shitty* code needs scrapping ! JRA */
+	if (policy_handle_is_valid(&conn->pol)) {
+		hnd.pol = conn->pol;
+		hnd.cli = conn->cli;
+		return &hnd;
+	}
+	result = cli_samr_connect(conn->cli, conn->cli->mem_ctx,
+				  des_access, &conn->pol);
+
+	if (!NT_STATUS_IS_OK(result)) {
+		/* Hit the cache code again.  This cleans out the old connection and gets a new one */
+		if (conn->cli->fd == -1) { /* Try again, if the remote host disapeared */
+			if (!NT_STATUS_IS_OK(result = get_connection_from_cache(domain, PIPE_SAMR, &conn))) {
+				return NULL;
+			}
+
+			result = cli_samr_connect(conn->cli, conn->cli->mem_ctx,
+						  des_access, &conn->pol);
+		}
+
+		if (!NT_STATUS_IS_OK(result)) {
+			cli_shutdown(conn->cli);
+			DLIST_REMOVE(cm_conns, conn);
+			SAFE_FREE(conn);
+			return NULL;
+		}
+	}	
+
+	hnd.pol = conn->pol;
+	hnd.cli = conn->cli;
+
+	return &hnd;
+}
+
+#if 0  /* This code now *well* out of date */
+
+/* Return a SAM domain policy handle on a domain */
+
+CLI_POLICY_HND *cm_get_sam_dom_handle(char *domain, DOM_SID *domain_sid)
+{
+	struct winbindd_cm_conn *conn, *basic_conn = NULL;
+	static CLI_POLICY_HND hnd;
+	NTSTATUS result;
+	uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
+
+	/* Look for existing connections */
+
+	for (conn = cm_conns; conn; conn = conn->next) {
+		if (strequal(conn->domain, domain) &&
+		    strequal(conn->pipe_name, PIPE_SAMR) &&
+		    conn->pipe_data.samr.pipe_type == SAM_PIPE_DOM) {
+
+			if (!connection_ok(conn)) {
+				/* Shutdown cli?  Free conn?  Allow retry of DC? */
+				DLIST_REMOVE(cm_conns, conn);
+				return NULL;
+			}
+
+			goto ok;
+		}
+	}
+
+	/* Create a basic handle to open a domain handle from */
+
+	if (!cm_get_sam_handle(domain))
+		return False;
+
+	for (conn = cm_conns; conn; conn = conn->next) {
+		if (strequal(conn->domain, domain) &&
+		    strequal(conn->pipe_name, PIPE_SAMR) &&
+		    conn->pipe_data.samr.pipe_type == SAM_PIPE_BASIC)
+			basic_conn = conn;
+	}
+	
+	if (!(conn = (struct winbindd_cm_conn *)
+	      malloc(sizeof(struct winbindd_cm_conn))))
+		return NULL;
+	
+	ZERO_STRUCTP(conn);
+
+	fstrcpy(conn->domain, basic_conn->domain);
+	fstrcpy(conn->controller, basic_conn->controller);
+	fstrcpy(conn->pipe_name, basic_conn->pipe_name);
+
+	conn->pipe_data.samr.pipe_type = SAM_PIPE_DOM;
+	conn->cli = basic_conn->cli;
+
+	result = cli_samr_open_domain(conn->cli, conn->cli->mem_ctx,
+				      &basic_conn->pol, des_access, 
+				      domain_sid, &conn->pol);
+
+	if (!NT_STATUS_IS_OK(result))
+		return NULL;
+
+	/* Add to list */
+
+	DLIST_ADD(cm_conns, conn);
+
+ ok:
+	hnd.pol = conn->pol;
+	hnd.cli = conn->cli;
+
+	return &hnd;
+}
+
+/* Return a SAM policy handle on a domain user */
+
+CLI_POLICY_HND *cm_get_sam_user_handle(char *domain, DOM_SID *domain_sid,
+				       uint32 user_rid)
+{
+	struct winbindd_cm_conn *conn, *basic_conn = NULL;
+	static CLI_POLICY_HND hnd;
+	NTSTATUS result;
+	uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
+
+	/* Look for existing connections */
+
+	for (conn = cm_conns; conn; conn = conn->next) {
+		if (strequal(conn->domain, domain) &&
+		    strequal(conn->pipe_name, PIPE_SAMR) &&
+		    conn->pipe_data.samr.pipe_type == SAM_PIPE_USER &&
+		    conn->pipe_data.samr.rid == user_rid) {
+
+			if (!connection_ok(conn)) {
+				/* Shutdown cli?  Free conn?  Allow retry of DC? */
+				DLIST_REMOVE(cm_conns, conn);
+				return NULL;
+			}
+		
+			goto ok;
+		}
+	}
+
+	/* Create a domain handle to open a user handle from */
+
+	if (!cm_get_sam_dom_handle(domain, domain_sid))
+		return NULL;
+
+	for (conn = cm_conns; conn; conn = conn->next) {
+		if (strequal(conn->domain, domain) &&
+		    strequal(conn->pipe_name, PIPE_SAMR) &&
+		    conn->pipe_data.samr.pipe_type == SAM_PIPE_DOM)
+			basic_conn = conn;
+	}
+	
+	if (!basic_conn) {
+		DEBUG(0, ("No domain sam handle was created!\n"));
+		return NULL;
+	}
+
+	if (!(conn = (struct winbindd_cm_conn *)
+	      malloc(sizeof(struct winbindd_cm_conn))))
+		return NULL;
+	
+	ZERO_STRUCTP(conn);
+
+	fstrcpy(conn->domain, basic_conn->domain);
+	fstrcpy(conn->controller, basic_conn->controller);
+	fstrcpy(conn->pipe_name, basic_conn->pipe_name);
+	
+	conn->pipe_data.samr.pipe_type = SAM_PIPE_USER;
+	conn->cli = basic_conn->cli;
+	conn->pipe_data.samr.rid = user_rid;
+
+	result = cli_samr_open_user(conn->cli, conn->cli->mem_ctx,
+				    &basic_conn->pol, des_access, user_rid,
+				    &conn->pol);
+
+	if (!NT_STATUS_IS_OK(result))
+		return NULL;
+
+	/* Add to list */
+
+	DLIST_ADD(cm_conns, conn);
+
+ ok:
+	hnd.pol = conn->pol;
+	hnd.cli = conn->cli;
+
+	return &hnd;
+}
+
+/* Return a SAM policy handle on a domain group */
+
+CLI_POLICY_HND *cm_get_sam_group_handle(char *domain, DOM_SID *domain_sid,
+					uint32 group_rid)
+{
+	struct winbindd_cm_conn *conn, *basic_conn = NULL;
+	static CLI_POLICY_HND hnd;
+	NTSTATUS result;
+	uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
+
+	/* Look for existing connections */
+
+	for (conn = cm_conns; conn; conn = conn->next) {
+		if (strequal(conn->domain, domain) &&
+		    strequal(conn->pipe_name, PIPE_SAMR) &&
+		    conn->pipe_data.samr.pipe_type == SAM_PIPE_GROUP &&
+		    conn->pipe_data.samr.rid == group_rid) {
+
+			if (!connection_ok(conn)) {
+				/* Shutdown cli?  Free conn?  Allow retry of DC? */
+				DLIST_REMOVE(cm_conns, conn);
+				return NULL;
+			}
+		
+			goto ok;
+		}
+	}
+
+	/* Create a domain handle to open a user handle from */
+
+	if (!cm_get_sam_dom_handle(domain, domain_sid))
+		return NULL;
+
+	for (conn = cm_conns; conn; conn = conn->next) {
+		if (strequal(conn->domain, domain) &&
+		    strequal(conn->pipe_name, PIPE_SAMR) &&
+		    conn->pipe_data.samr.pipe_type == SAM_PIPE_DOM)
+			basic_conn = conn;
+	}
+	
+	if (!basic_conn) {
+		DEBUG(0, ("No domain sam handle was created!\n"));
+		return NULL;
+	}
+
+	if (!(conn = (struct winbindd_cm_conn *)
+	      malloc(sizeof(struct winbindd_cm_conn))))
+		return NULL;
+	
+	ZERO_STRUCTP(conn);
+
+	fstrcpy(conn->domain, basic_conn->domain);
+	fstrcpy(conn->controller, basic_conn->controller);
+	fstrcpy(conn->pipe_name, basic_conn->pipe_name);
+	
+	conn->pipe_data.samr.pipe_type = SAM_PIPE_GROUP;
+	conn->cli = basic_conn->cli;
+	conn->pipe_data.samr.rid = group_rid;
+
+	result = cli_samr_open_group(conn->cli, conn->cli->mem_ctx,
+				    &basic_conn->pol, des_access, group_rid,
+				    &conn->pol);
+
+	if (!NT_STATUS_IS_OK(result))
+		return NULL;
+
+	/* Add to list */
+
+	DLIST_ADD(cm_conns, conn);
+
+ ok:
+	hnd.pol = conn->pol;
+	hnd.cli = conn->cli;
+
+	return &hnd;
+}
+
+#endif
+
+/* Get a handle on a netlogon pipe.  This is a bit of a hack to re-use the
+   netlogon pipe as no handle is returned. */
+
+NTSTATUS cm_get_netlogon_cli(char *domain, unsigned char *trust_passwd,
+			     struct cli_state **cli)
+{
+	NTSTATUS result = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
+	struct winbindd_cm_conn *conn;
+
+	if (!cli) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	/* Open an initial conection */
+
+	if (!NT_STATUS_IS_OK(result = get_connection_from_cache(domain, PIPE_NETLOGON, &conn))) {
+		return result;
+	}
+	
+	result = new_cli_nt_setup_creds(conn->cli, (lp_server_role() == ROLE_DOMAIN_MEMBER) ?
+					SEC_CHAN_WKSTA : SEC_CHAN_BDC, trust_passwd);
+
+	if (!NT_STATUS_IS_OK(result)) {
+		DEBUG(0, ("error connecting to domain password server: %s\n",
+			  nt_errstr(result)));
+		
+		/* Hit the cache code again.  This cleans out the old connection and gets a new one */
+		if (conn->cli->fd == -1) {
+			if (!NT_STATUS_IS_OK(result = get_connection_from_cache(domain, PIPE_NETLOGON, &conn))) {
+				return result;
+			}
+			
+			/* Try again */
+			result = new_cli_nt_setup_creds(conn->cli, (lp_server_role() == ROLE_DOMAIN_MEMBER) ?
+							SEC_CHAN_WKSTA : SEC_CHAN_BDC, trust_passwd);
+		}
+		
+		if (!NT_STATUS_IS_OK(result)) {
+			cli_shutdown(conn->cli);
+			DLIST_REMOVE(cm_conns, conn);
+			SAFE_FREE(conn);
+			return result;
+		}
+	}
+
+	*cli = conn->cli;
+
+	return result;
+}
+
+/* Dump the current connection status */
+
+static void dump_conn_list(void)
+{
+	struct winbindd_cm_conn *con;
+
+	DEBUG(0, ("\tDomain	     Controller	     Pipe\n"));
+
+	for(con = cm_conns; con; con = con->next) {
+		char *msg;
+
+		/* Display pipe info */
+		
+		if (asprintf(&msg, "\t%-15s %-15s %-16s", con->domain, con->controller, con->pipe_name) < 0) {
+			DEBUG(0, ("Error: not enough memory!\n"));
+		} else {
+			DEBUG(0, ("%s\n", msg));
+			SAFE_FREE(msg);
+		}
+	}
+}
+
+void winbindd_cm_status(void)
+{
+	/* List open connections */
+
+	DEBUG(0, ("winbindd connection manager status:\n"));
+
+	if (cm_conns)
+		dump_conn_list();
+	else
+		DEBUG(0, ("\tNo active connections\n"));
+}
diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c
new file mode 100644
index 0000000000..4ef57513bb
--- /dev/null
+++ b/source3/nsswitch/winbindd_group.c
@@ -0,0 +1,842 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Winbind daemon for ntdom nss module
+
+   Copyright (C) Tim Potter 2000
+   Copyright (C) Jeremy Allison 2001.
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "winbindd.h"
+
+/***************************************************************
+ Empty static struct for negative caching.
+****************************************************************/
+
+/* Fill a grent structure from various other information */
+
+static BOOL fill_grent(struct winbindd_gr *gr, const char *dom_name, 
+		       const char *gr_name, gid_t unix_gid)
+{
+	fstring full_group_name;
+	/* Fill in uid/gid */
+	fill_domain_username(full_group_name, dom_name, gr_name);
+
+	gr->gr_gid = unix_gid;
+    
+	/* Group name and password */
+    
+	safe_strcpy(gr->gr_name, full_group_name, sizeof(gr->gr_name) - 1);
+	safe_strcpy(gr->gr_passwd, "x", sizeof(gr->gr_passwd) - 1);
+
+	return True;
+}
+
+/* Fill in the group membership field of a NT group given by group_rid */
+
+static BOOL fill_grent_mem(struct winbindd_domain *domain,
+			   uint32 group_rid, 
+			   enum SID_NAME_USE group_name_type, 
+			   int *num_gr_mem, char **gr_mem, int *gr_mem_len)
+{
+	uint32 *rid_mem = NULL, num_names = 0;
+	uint32 *name_types = NULL;
+	int buf_len, buf_ndx, i;
+	char **names = NULL, *buf;
+	BOOL result = False;
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS status;
+
+	if (!(mem_ctx = talloc_init_named("fill_grent_mem(%s)", domain->name)))
+		return False;
+
+	/* Initialise group membership information */
+	
+	DEBUG(10, ("group %s rid 0x%x\n", domain ? domain->name : "NULL", 
+		   group_rid));
+
+	*num_gr_mem = 0;
+	
+	if (group_name_type != SID_NAME_DOM_GRP) {
+		DEBUG(1, ("rid %d in domain %s isn't a " "domain group\n", 
+			  group_rid, domain->name));
+                goto done;
+	}
+
+	/* Lookup group members */
+	status = domain->methods->lookup_groupmem(domain, mem_ctx, group_rid, &num_names, 
+						  &rid_mem, &names, &name_types);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(1, ("could not lookup membership for group rid %d in domain %s\n", 
+			  group_rid, domain->name));
+
+		goto done;
+	}
+
+	DEBUG(10, ("looked up %d names\n", num_names));
+
+	if (DEBUGLEVEL >= 10) {
+		for (i = 0; i < num_names; i++)
+			DEBUG(10, ("\t%20s %x %d\n", names[i], rid_mem[i],
+				   name_types[i]));
+	}
+
+	/* Add members to list */
+
+	buf = NULL;
+	buf_len = buf_ndx = 0;
+
+ again:
+
+	for (i = 0; i < num_names; i++) {
+		char *the_name;
+		fstring name;
+		int len;
+			
+		the_name = names[i];
+
+		DEBUG(10, ("processing name %s\n", the_name));
+
+		/* FIXME: need to cope with groups within groups.  These
+                   occur in Universal groups on a Windows 2000 native mode
+                   server. */
+
+		if (name_types[i] != SID_NAME_USER) {
+			DEBUG(3, ("name %s isn't a domain user\n", the_name));
+			continue;
+		}
+
+		/* Don't bother with machine accounts */
+		
+		if (the_name[strlen(the_name) - 1] == '$') {
+			DEBUG(10, ("%s is machine account\n", the_name));
+			continue;
+		}
+
+		/* Append domain name */
+
+		fill_domain_username(name, domain->name, the_name);
+
+		len = strlen(name);
+		
+		/* Add to list or calculate buffer length */
+
+		if (!buf) {
+			buf_len += len + 1; /* List is comma separated */
+			(*num_gr_mem)++;
+			DEBUG(10, ("buf_len + %d = %d\n", len + 1, buf_len));
+		} else {
+			DEBUG(10, ("appending %s at ndx %d\n", name, len));
+			safe_strcpy(&buf[buf_ndx], name, len);
+			buf_ndx += len;
+			buf[buf_ndx] = ',';
+			buf_ndx++;
+		}
+	}
+
+	/* Allocate buffer */
+
+	if (!buf && buf_len != 0) {
+		if (!(buf = malloc(buf_len))) {
+			DEBUG(1, ("out of memory\n"));
+			result = False;
+			goto done;
+		}
+		memset(buf, 0, buf_len);
+		goto again;
+	}
+
+	if (buf && buf_ndx > 0) {
+		buf[buf_ndx - 1] = '\0';
+	}
+
+	*gr_mem = buf;
+	*gr_mem_len = buf_len;
+
+	DEBUG(10, ("num_mem = %d, len = %d, mem = %s\n", *num_gr_mem, 
+		   buf_len, *num_gr_mem ? buf : "NULL")); 
+	result = True;
+
+done:
+
+	talloc_destroy(mem_ctx);
+	
+	DEBUG(10, ("fill_grent_mem returning %d\n", result));
+
+	return result;
+}
+
+/* Return a group structure from a group name */
+
+enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state)
+{
+	DOM_SID group_sid;
+	struct winbindd_domain *domain;
+	enum SID_NAME_USE name_type;
+	uint32 group_rid;
+	fstring name_domain, name_group;
+	char *tmp, *gr_mem;
+	gid_t gid;
+	int gr_mem_len;
+	
+	DEBUG(3, ("[%5d]: getgrnam %s\n", state->pid,
+		  state->request.data.groupname));
+
+	/* Parse domain and groupname */
+	
+	memset(name_group, 0, sizeof(fstring));
+
+	tmp = state->request.data.groupname;
+	if (!parse_domain_user(tmp, name_domain, name_group))
+		return WINBINDD_ERROR;
+
+	/* Get info for the domain */
+
+	if ((domain = find_domain_from_name(name_domain)) == NULL) {
+		DEBUG(0, ("could not get domain sid for domain %s\n",
+			  name_domain));
+		return WINBINDD_ERROR;
+	}
+
+	/* Get rid and name type from name */
+        
+	if (!winbindd_lookup_sid_by_name(domain, name_group, &group_sid, 
+					 &name_type)) {
+		DEBUG(1, ("group %s in domain %s does not exist\n", 
+			  name_group, name_domain));
+		return WINBINDD_ERROR;
+	}
+
+	if ((name_type != SID_NAME_ALIAS) && (name_type != SID_NAME_DOM_GRP)) {
+		DEBUG(1, ("name '%s' is not a local or domain group: %d\n", 
+			  name_group, name_type));
+		return WINBINDD_ERROR;
+	}
+
+	/* Fill in group structure */
+	sid_peek_rid(&group_sid, &group_rid);
+
+	if (!winbindd_idmap_get_gid_from_sid(&group_sid, &gid)) {
+		DEBUG(1, ("error converting unix gid to sid\n"));
+		return WINBINDD_ERROR;
+	}
+
+	if (!fill_grent(&state->response.data.gr, name_domain,
+			name_group, gid) ||
+	    !fill_grent_mem(domain, group_rid, name_type,
+			    &state->response.data.gr.num_gr_mem,
+			    &gr_mem, &gr_mem_len)) {
+		return WINBINDD_ERROR;
+	}
+
+	/* Group membership lives at start of extra data */
+
+	state->response.data.gr.gr_mem_ofs = 0;
+
+	state->response.length += gr_mem_len;
+	state->response.extra_data = gr_mem;
+
+	return WINBINDD_OK;
+}
+
+/* Return a group structure from a gid number */
+
+enum winbindd_result winbindd_getgrgid(struct winbindd_cli_state *state)
+{
+	struct winbindd_domain *domain;
+	DOM_SID group_sid;
+	enum SID_NAME_USE name_type;
+	fstring dom_name;
+	fstring group_name;
+	uint32 group_rid;
+	int gr_mem_len;
+	char *gr_mem;
+
+	DEBUG(3, ("[%5d]: getgrgid %d\n", state->pid, 
+		  state->request.data.gid));
+
+	/* Bug out if the gid isn't in the winbind range */
+
+	if ((state->request.data.gid < server_state.gid_low) ||
+	    (state->request.data.gid > server_state.gid_high))
+		return WINBINDD_ERROR;
+
+	/* Get rid from gid */
+
+	if (!winbindd_idmap_get_rid_from_gid(state->request.data.gid, 
+					     &group_rid, &domain)) {
+		DEBUG(1, ("could not convert gid %d to rid\n", 
+			  state->request.data.gid));
+		return WINBINDD_ERROR;
+	}
+
+	/* Get sid from gid */
+
+	sid_copy(&group_sid, &domain->sid);
+	sid_append_rid(&group_sid, group_rid);
+
+	if (!winbindd_lookup_name_by_sid(&group_sid, dom_name, group_name, &name_type)) {
+		DEBUG(1, ("could not lookup sid\n"));
+		return WINBINDD_ERROR;
+	}
+
+	if (!((name_type == SID_NAME_ALIAS) || 
+	      (name_type == SID_NAME_DOM_GRP))) {
+		DEBUG(1, ("name '%s' is not a local or domain group: %d\n", 
+			  group_name, name_type));
+		return WINBINDD_ERROR;
+	}
+
+	/* Fill in group structure */
+
+	if (!fill_grent(&state->response.data.gr, dom_name, group_name, 
+			state->request.data.gid) ||
+	    !fill_grent_mem(domain, group_rid, name_type,
+			    &state->response.data.gr.num_gr_mem,
+			    &gr_mem, &gr_mem_len))
+		return WINBINDD_ERROR;
+
+	/* Group membership lives at start of extra data */
+
+	state->response.data.gr.gr_mem_ofs = 0;
+
+	state->response.length += gr_mem_len;
+	state->response.extra_data = gr_mem;
+
+	return WINBINDD_OK;
+}
+
+/*
+ * set/get/endgrent functions
+ */
+
+/* "Rewind" file pointer for group database enumeration */
+
+enum winbindd_result winbindd_setgrent(struct winbindd_cli_state *state)
+{
+	struct winbindd_domain *domain;
+
+	DEBUG(3, ("[%5d]: setgrent\n", state->pid));
+
+	/* Check user has enabled this */
+
+	if (!lp_winbind_enum_groups())
+		return WINBINDD_ERROR;
+
+	/* Free old static data if it exists */
+	
+	if (state->getgrent_state != NULL) {
+		free_getent_state(state->getgrent_state);
+		state->getgrent_state = NULL;
+	}
+	
+	/* Create sam pipes for each domain we know about */
+	
+	for (domain = domain_list(); domain != NULL; domain = domain->next) {
+		struct getent_state *domain_state;
+		
+		/* Skip domains other than WINBINDD_DOMAIN environment 
+		   variable */
+		
+		if ((strcmp(state->request.domain, "") != 0) &&
+		    !check_domain_env(state->request.domain, domain->name))
+			continue;
+		
+		/* Create a state record for this domain */
+		
+		if ((domain_state = (struct getent_state *)
+		     malloc(sizeof(struct getent_state))) == NULL)
+			return WINBINDD_ERROR;
+		
+		ZERO_STRUCTP(domain_state);
+		
+		fstrcpy(domain_state->domain_name, domain->name);
+
+		/* Add to list of open domains */
+		
+		DLIST_ADD(state->getgrent_state, domain_state);
+	}
+	
+	return WINBINDD_OK;
+}
+
+/* Close file pointer to ntdom group database */
+
+enum winbindd_result winbindd_endgrent(struct winbindd_cli_state *state)
+{
+	DEBUG(3, ("[%5d]: endgrent\n", state->pid));
+
+	free_getent_state(state->getgrent_state);
+	state->getgrent_state = NULL;
+	
+	return WINBINDD_OK;
+}
+
+/* Get the list of domain groups and domain aliases for a domain.  We fill in
+   the sam_entries and num_sam_entries fields with domain group information.  
+   The dispinfo_ndx field is incremented to the index of the next group to 
+   fetch. Return True if some groups were returned, False otherwise. */
+
+#define MAX_FETCH_SAM_ENTRIES 100
+
+static BOOL get_sam_group_entries(struct getent_state *ent)
+{
+	NTSTATUS status;
+	uint32 num_entries;
+	struct acct_info *name_list = NULL;
+	TALLOC_CTX *mem_ctx;
+	BOOL result = False;
+	struct acct_info *sam_grp_entries = NULL;
+	struct winbindd_domain *domain;
+        
+	if (ent->got_sam_entries)
+		return False;
+
+	if (!(mem_ctx = talloc_init_named("get_sam_group_entries(%s)",
+					  ent->domain_name)))
+		return False;
+		
+	/* Free any existing group info */
+
+	SAFE_FREE(ent->sam_entries);
+	ent->num_sam_entries = 0;
+	ent->got_sam_entries = True;
+
+	/* Enumerate domain groups */
+
+	num_entries = 0;
+
+	if (!(domain = find_domain_from_name(ent->domain_name))) {
+		DEBUG(3, ("no such domain %s in get_sam_group_entries\n", ent->domain_name));
+		goto done;
+	}
+
+	status = domain->methods->enum_dom_groups(domain,
+						  mem_ctx, 
+						  &num_entries,
+						  &sam_grp_entries);
+	
+	if (!NT_STATUS_IS_OK(status)) {
+		result = False;
+		goto done;
+	}
+
+	/* Copy entries into return buffer */
+
+	if (num_entries) {
+		name_list = malloc(sizeof(struct acct_info) * num_entries);
+		memcpy(name_list, sam_grp_entries, 
+		       num_entries * sizeof(struct acct_info));
+	}
+	
+	ent->num_sam_entries = num_entries;
+		
+	/* Fill in remaining fields */
+
+	ent->sam_entries = name_list;
+	ent->sam_entry_index = 0;
+
+	result = (ent->num_sam_entries > 0);
+
+ done:
+	talloc_destroy(mem_ctx);
+
+	return result;
+}
+
+/* Fetch next group entry from ntdom database */
+
+#define MAX_GETGRENT_GROUPS 500
+
+enum winbindd_result winbindd_getgrent(struct winbindd_cli_state *state)
+{
+	struct getent_state *ent;
+	struct winbindd_gr *group_list = NULL;
+	int num_groups, group_list_ndx = 0, i, gr_mem_list_len = 0;
+	char *new_extra_data, *gr_mem_list = NULL;
+
+	DEBUG(3, ("[%5d]: getgrent\n", state->pid));
+
+	/* Check user has enabled this */
+
+	if (!lp_winbind_enum_groups())
+		return WINBINDD_ERROR;
+
+	num_groups = MIN(MAX_GETGRENT_GROUPS, state->request.data.num_entries);
+
+	if ((state->response.extra_data = 
+	     malloc(num_groups * sizeof(struct winbindd_gr))) == NULL)
+		return WINBINDD_ERROR;
+
+	state->response.data.num_entries = 0;
+
+	group_list = (struct winbindd_gr *)state->response.extra_data;
+
+	if (!(ent = state->getgrent_state))
+		return WINBINDD_ERROR;
+
+	/* Start sending back groups */
+
+	for (i = 0; i < num_groups; i++) {
+		struct acct_info *name_list = NULL;
+		fstring domain_group_name;
+		uint32 result;
+		gid_t group_gid;
+		int gr_mem_len;
+		char *gr_mem, *new_gr_mem_list;
+		
+		/* Do we need to fetch another chunk of groups? */
+
+	tryagain:
+
+		DEBUG(10, ("entry_index = %d, num_entries = %d\n",
+			   ent->sam_entry_index, ent->num_sam_entries));
+
+		if (ent->num_sam_entries == ent->sam_entry_index) {
+
+			while(ent && !get_sam_group_entries(ent)) {
+				struct getent_state *next_ent;
+
+				DEBUG(10, ("freeing state info for domain %s\n", ent->domain_name)); 
+
+				/* Free state information for this domain */
+
+				SAFE_FREE(ent->sam_entries);
+
+				next_ent = ent->next;
+				DLIST_REMOVE(state->getgrent_state, ent);
+				
+				SAFE_FREE(ent);
+				ent = next_ent;
+			}
+
+			/* No more domains */
+
+			if (!ent) 
+                                break;
+		}
+		
+		name_list = ent->sam_entries;
+		
+		/* Lookup group info */
+		
+		if (!winbindd_idmap_get_gid_from_rid(
+			ent->domain_name,
+			name_list[ent->sam_entry_index].rid,
+			&group_gid)) {
+			
+			DEBUG(1, ("could not look up gid for group %s\n", 
+				  name_list[ent->sam_entry_index].acct_name));
+
+			ent->sam_entry_index++;
+			goto tryagain;
+		}
+
+		DEBUG(10, ("got gid %d for group %x\n", group_gid,
+			   name_list[ent->sam_entry_index].rid));
+		
+		/* Fill in group entry */
+
+		fill_domain_username(domain_group_name, ent->domain_name, 
+			 name_list[ent->sam_entry_index].acct_name);
+
+		result = fill_grent(&group_list[group_list_ndx], 
+				    ent->domain_name,
+				    name_list[ent->sam_entry_index].acct_name,
+				    group_gid);
+
+		/* Fill in group membership entry */
+
+		if (result) {
+			struct winbindd_domain *domain;
+
+			if (!(domain = 
+			      find_domain_from_name(ent->domain_name))) {
+				DEBUG(3, ("No such domain %s in winbindd_getgrent\n", ent->domain_name));
+				result = False;
+				goto done;
+			}
+
+			/* Get group membership */
+			
+			result = fill_grent_mem(
+				domain,
+				name_list[ent->sam_entry_index].rid,
+				SID_NAME_DOM_GRP,
+				&group_list[group_list_ndx].num_gr_mem, 
+				&gr_mem, &gr_mem_len);
+		}
+
+		if (result) {
+			/* Append to group membership list */
+			new_gr_mem_list = Realloc(
+				gr_mem_list,
+				gr_mem_list_len + gr_mem_len);
+
+			if (!new_gr_mem_list && (group_list[group_list_ndx].num_gr_mem != 0)) {
+				DEBUG(0, ("out of memory\n"));
+				SAFE_FREE(gr_mem_list);
+				gr_mem_list_len = 0;
+				break;
+			}
+
+			DEBUG(10, ("list_len = %d, mem_len = %d\n",
+				   gr_mem_list_len, gr_mem_len));
+
+			gr_mem_list = new_gr_mem_list;
+
+			memcpy(&gr_mem_list[gr_mem_list_len], gr_mem,
+			       gr_mem_len);
+
+			SAFE_FREE(gr_mem);
+
+			group_list[group_list_ndx].gr_mem_ofs = 
+				gr_mem_list_len;
+
+			gr_mem_list_len += gr_mem_len;
+		}
+
+		ent->sam_entry_index++;
+		
+		/* Add group to return list */
+		
+		if (result) {
+
+			DEBUG(10, ("adding group num_entries = %d\n",
+				   state->response.data.num_entries));
+
+			group_list_ndx++;
+			state->response.data.num_entries++;
+			
+			state->response.length +=
+				sizeof(struct winbindd_gr);
+			
+		} else {
+			DEBUG(0, ("could not lookup domain group %s\n", 
+				  domain_group_name));
+		}
+	}
+
+	/* Copy the list of group memberships to the end of the extra data */
+
+	if (group_list_ndx == 0)
+		goto done;
+
+	new_extra_data = Realloc(
+		state->response.extra_data,
+		group_list_ndx * sizeof(struct winbindd_gr) + gr_mem_list_len);
+
+	if (!new_extra_data) {
+		DEBUG(0, ("out of memory\n"));
+		group_list_ndx = 0;
+		SAFE_FREE(state->response.extra_data);
+		SAFE_FREE(gr_mem_list);
+
+		return WINBINDD_ERROR;
+	}
+
+	state->response.extra_data = new_extra_data;
+
+	memcpy(&((char *)state->response.extra_data)
+	       [group_list_ndx * sizeof(struct winbindd_gr)], 
+	       gr_mem_list, gr_mem_list_len);
+
+       	SAFE_FREE(gr_mem_list);
+
+	state->response.length += gr_mem_list_len;
+
+	DEBUG(10, ("returning %d groups, length = %d\n",
+		   group_list_ndx, gr_mem_list_len));
+
+	/* Out of domains */
+
+ done:
+
+	return (group_list_ndx > 0) ? WINBINDD_OK : WINBINDD_ERROR;
+}
+
+/* List domain groups without mapping to unix ids */
+
+enum winbindd_result winbindd_list_groups(struct winbindd_cli_state *state)
+{
+	uint32 total_entries = 0;
+	struct winbindd_domain *domain;
+	char *extra_data = NULL;
+	char *ted = NULL;
+	int extra_data_len = 0, i;
+
+	DEBUG(3, ("[%5d]: list groups\n", state->pid));
+
+	/* Enumerate over trusted domains */
+
+	for (domain = domain_list(); domain; domain = domain->next) {
+		struct getent_state groups;
+
+		ZERO_STRUCT(groups);
+
+		/* Skip domains other than WINBINDD_DOMAIN environment
+		   variable */ 
+		if ((strcmp(state->request.domain, "") != 0) &&
+		    !check_domain_env(state->request.domain, domain->name))
+			continue;
+
+		/* Get list of sam groups */
+		ZERO_STRUCT(groups);
+		fstrcpy(groups.domain_name, domain->name);
+
+		get_sam_group_entries(&groups);
+			
+		if (groups.num_sam_entries == 0) {
+			/* this domain is empty or in an error state */
+			continue;
+		}
+
+		/* keep track the of the total number of groups seen so 
+		   far over all domains */
+		total_entries += groups.num_sam_entries;
+		
+		/* Allocate some memory for extra data.  Note that we limit
+		   account names to sizeof(fstring) = 128 characters.  */		
+                ted = Realloc(extra_data, sizeof(fstring) * total_entries);
+ 
+		if (!ted) {
+			DEBUG(0,("failed to enlarge buffer!\n"));
+			SAFE_FREE(extra_data);
+			return WINBINDD_ERROR;
+		} else
+			extra_data = ted;
+
+		/* Pack group list into extra data fields */
+		for (i = 0; i < groups.num_sam_entries; i++) {
+			char *group_name = ((struct acct_info *)
+					    groups.sam_entries)[i].acct_name; 
+			fstring name;
+
+			fill_domain_username(name, domain->name, group_name);
+			/* Append to extra data */			
+			memcpy(&extra_data[extra_data_len], name, 
+                               strlen(name));
+			extra_data_len += strlen(name);
+			extra_data[extra_data_len++] = ',';
+		}
+
+		free(groups.sam_entries);
+	}
+
+	/* Assign extra_data fields in response structure */
+	if (extra_data) {
+		extra_data[extra_data_len - 1] = '\0';
+		state->response.extra_data = extra_data;
+		state->response.length += extra_data_len;
+	}
+
+	/* No domains may have responded but that's still OK so don't
+	   return an error. */
+
+	return WINBINDD_OK;
+}
+
+/* Get user supplementary groups.  This is much quicker than trying to
+   invert the groups database. */
+
+enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state)
+{
+	fstring name_domain, name_user;
+	DOM_SID user_sid;
+	enum SID_NAME_USE name_type;
+	uint32 user_rid, num_groups, num_gids;
+	NTSTATUS status;
+	uint32 *user_gids;
+	struct winbindd_domain *domain;
+	enum winbindd_result result = WINBINDD_ERROR;
+	gid_t *gid_list;
+	int i;
+	TALLOC_CTX *mem_ctx;
+	
+	DEBUG(3, ("[%5d]: getgroups %s\n", state->pid,
+		  state->request.data.username));
+
+	if (!(mem_ctx = talloc_init_named("winbindd_getgroups(%s)",
+					  state->request.data.username)))
+		return WINBINDD_ERROR;
+
+	/* Parse domain and username */
+
+	if (!parse_domain_user(state->request.data.username, name_domain, 
+			  name_user))
+		goto done;
+
+	/* Get info for the domain */
+	
+	if ((domain = find_domain_from_name(name_domain)) == NULL) {
+		DEBUG(0, ("could not find domain entry for domain %s\n", 
+			  name_domain));
+		goto done;
+	}
+
+	/* Get rid and name type from name.  The following costs 1 packet */
+
+	if (!winbindd_lookup_sid_by_name(domain, name_user, &user_sid, 
+					 &name_type)) {
+		DEBUG(1, ("user '%s' does not exist\n", name_user));
+		goto done;
+	}
+
+	if (name_type != SID_NAME_USER) {
+		DEBUG(1, ("name '%s' is not a user name: %d\n", 
+			  name_user, name_type));
+		goto done;
+	}
+
+	sid_split_rid(&user_sid, &user_rid);
+
+	status = domain->methods->lookup_usergroups(domain, mem_ctx, user_rid, &num_groups, &user_gids);
+	if (!NT_STATUS_IS_OK(status)) goto done;
+
+	/* Copy data back to client */
+
+	num_gids = 0;
+	gid_list = malloc(sizeof(gid_t) * num_groups);
+
+	if (state->response.extra_data)
+		goto done;
+
+	for (i = 0; i < num_groups; i++) {
+		if (!winbindd_idmap_get_gid_from_rid(domain->name, 
+						     user_gids[i], 
+						     &gid_list[num_gids])) {
+
+			DEBUG(1, ("unable to convert group rid %d to gid\n", 
+				  user_gids[i]));
+			continue;
+		}
+			
+		num_gids++;
+	}
+
+	state->response.data.num_entries = num_gids;
+	state->response.extra_data = gid_list;
+	state->response.length += num_gids * sizeof(gid_t);
+
+	result = WINBINDD_OK;
+
+ done:
+
+	talloc_destroy(mem_ctx);
+
+	return result;
+}
diff --git a/source3/nsswitch/winbindd_idmap.c b/source3/nsswitch/winbindd_idmap.c
new file mode 100644
index 0000000000..bae61449ee
--- /dev/null
+++ b/source3/nsswitch/winbindd_idmap.c
@@ -0,0 +1,519 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Winbind daemon - user related function
+
+   Copyright (C) Tim Potter 2000
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "winbindd.h"
+
+/* High water mark keys */
+
+#define HWM_GROUP  "GROUP HWM"
+#define HWM_USER   "USER HWM"
+
+/* idmap version determines auto-conversion */
+#define IDMAP_VERSION 2
+
+/* Globals */
+
+static TDB_CONTEXT *idmap_tdb;
+
+/* Allocate either a user or group id from the pool */
+
+static BOOL allocate_id(uid_t *id, BOOL isgroup)
+{
+    int hwm;
+
+    /* Get current high water mark */
+
+    if ((hwm = tdb_fetch_int32(idmap_tdb, 
+                             isgroup ? HWM_GROUP : HWM_USER)) == -1) {
+        return False;
+    }
+
+    /* Return next available uid in list */
+
+    if ((isgroup && (hwm > server_state.gid_high)) ||
+        (!isgroup && (hwm > server_state.uid_high))) {
+        DEBUG(0, ("winbind %sid range full!\n", isgroup ? "g" : "u"));
+        return False;
+    }
+
+    if (id) {
+        *id = hwm;
+    }
+
+    hwm++;
+
+    /* Store new high water mark */
+
+    tdb_store_int32(idmap_tdb, isgroup ? HWM_GROUP : HWM_USER, hwm);
+
+    return True;
+}
+
+/* Get an id from a rid */
+static BOOL get_id_from_sid(DOM_SID *sid, uid_t *id, BOOL isgroup)
+{
+    TDB_DATA data, key;
+    fstring keystr;
+    BOOL result = False;
+
+    /* Check if sid is present in database */
+    sid_to_string(keystr, sid);
+    
+    key.dptr = keystr;
+    key.dsize = strlen(keystr) + 1;
+
+    data = tdb_fetch(idmap_tdb, key);
+
+    if (data.dptr) {
+        fstring scanstr;
+        int the_id;
+
+        /* Parse and return existing uid */
+        fstrcpy(scanstr, isgroup ? "GID" : "UID");
+        fstrcat(scanstr, " %d");
+
+        if (sscanf(data.dptr, scanstr, &the_id) == 1) {
+            /* Store uid */
+            if (id) {
+		    *id = the_id;
+            }
+
+            result = True;
+        }
+
+        SAFE_FREE(data.dptr);
+    } else {
+
+        /* Allocate a new id for this sid */
+
+        if (id && allocate_id(id, isgroup)) {
+            fstring keystr2;
+
+            /* Store new id */
+            
+            slprintf(keystr2, sizeof(keystr2), "%s %d", isgroup ? "GID" : "UID", *id);
+
+            data.dptr = keystr2;
+            data.dsize = strlen(keystr2) + 1;
+
+            tdb_store(idmap_tdb, key, data, TDB_REPLACE);
+            tdb_store(idmap_tdb, data, key, TDB_REPLACE);
+
+            result = True;
+        }
+    }
+
+    return result;
+}
+
+/* Get a uid from a user sid */
+BOOL winbindd_idmap_get_uid_from_sid(DOM_SID *sid, uid_t *uid)
+{
+    return get_id_from_sid(sid, uid, False);
+}
+
+/* Get a gid from a group sid */
+BOOL winbindd_idmap_get_gid_from_sid(DOM_SID *sid, gid_t *gid)
+{
+    return get_id_from_sid(sid, gid, True);
+}
+
+/* Get a uid from a user rid */
+BOOL winbindd_idmap_get_uid_from_rid(const char *dom_name, uint32 rid, uid_t *uid)
+{
+	struct winbindd_domain *domain;
+	DOM_SID sid;
+
+	if (!(domain = find_domain_from_name(dom_name))) {
+		return False;
+	}
+
+	sid_copy(&sid, &domain->sid);
+	sid_append_rid(&sid, rid);
+
+	return get_id_from_sid(&sid, uid, False);
+}
+
+/* Get a gid from a group rid */
+BOOL winbindd_idmap_get_gid_from_rid(const char *dom_name, uint32 rid, gid_t *gid)
+{
+	struct winbindd_domain *domain;
+	DOM_SID sid;
+
+	if (!(domain = find_domain_from_name(dom_name))) {
+		return False;
+	}
+
+	sid_copy(&sid, &domain->sid);
+	sid_append_rid(&sid, rid);
+
+	return get_id_from_sid(&sid, gid, True);
+}
+
+
+BOOL get_sid_from_id(int id, DOM_SID *sid, BOOL isgroup)
+{
+    TDB_DATA key, data;
+    fstring keystr;
+    BOOL result = False;
+
+    slprintf(keystr, sizeof(keystr), "%s %d", isgroup ? "GID" : "UID", id);
+
+    key.dptr = keystr;
+    key.dsize = strlen(keystr) + 1;
+
+    data = tdb_fetch(idmap_tdb, key);
+
+    if (data.dptr) {
+	    result = string_to_sid(sid, data.dptr);
+	    SAFE_FREE(data.dptr);
+    }
+
+    return result;
+}
+
+/* Get a sid from a uid */
+BOOL winbindd_idmap_get_sid_from_uid(uid_t uid, DOM_SID *sid)
+{
+	return get_sid_from_id((int)uid, sid, False);
+}
+
+/* Get a sid from a gid */
+BOOL winbindd_idmap_get_sid_from_gid(gid_t gid, DOM_SID *sid)
+{
+	return get_sid_from_id((int)gid, sid, True);
+}
+
+/* Get a user rid from a uid */
+BOOL winbindd_idmap_get_rid_from_uid(uid_t uid, uint32 *user_rid,
+                                     struct winbindd_domain **domain)
+{
+	DOM_SID sid;
+
+	if (!get_sid_from_id((int)uid, &sid, False)) {
+		return False;
+	}
+
+	*domain = find_domain_from_sid(&sid);
+	if (! *domain) return False;
+
+	sid_split_rid(&sid, user_rid);
+
+	return True;
+}
+
+/* Get a group rid from a gid */
+
+BOOL winbindd_idmap_get_rid_from_gid(gid_t gid, uint32 *group_rid, 
+                                     struct winbindd_domain **domain)
+{
+	DOM_SID sid;
+
+	if (!get_sid_from_id((int)gid, &sid, True)) {
+		return False;
+	}
+
+	*domain = find_domain_from_sid(&sid);
+	if (! *domain) return False;
+
+	sid_split_rid(&sid, group_rid);
+
+	return True;
+}
+
+/* convert one record to the new format */
+static int convert_fn(TDB_CONTEXT *tdb, TDB_DATA key, TDB_DATA data, void *ignored)
+{
+	struct winbindd_domain *domain;
+	char *p;
+	DOM_SID sid;
+	uint32 rid;
+	fstring keystr;
+	fstring dom_name;
+	TDB_DATA key2;
+
+	p = strchr(key.dptr, '/');
+	if (!p)
+		return 0;
+
+	*p = 0;
+	fstrcpy(dom_name, key.dptr);
+	*p++ = '/';
+
+	domain = find_domain_from_name(dom_name);
+	if (!domain) {
+		/* We must delete the old record. */
+		DEBUG(0,("winbindd: convert_fn : Unable to find domain %s\n", dom_name ));
+		DEBUG(0,("winbindd: convert_fn : deleting record %s\n", key.dptr ));
+		tdb_delete(idmap_tdb, key);
+		return 0;
+	}
+
+	rid = atoi(p);
+
+	sid_copy(&sid, &domain->sid);
+	sid_append_rid(&sid, rid);
+
+	sid_to_string(keystr, &sid);
+	key2.dptr = keystr;
+	key2.dsize = strlen(keystr) + 1;
+
+	if (tdb_store(idmap_tdb, key2, data, TDB_INSERT) != 0) {
+		/* not good! */
+		DEBUG(0,("winbindd: convert_fn : Unable to update record %s\n", key2.dptr ));
+		DEBUG(0,("winbindd: convert_fn : conversion failed - idmap corrupt ?\n"));
+		return -1;
+	}
+
+	if (tdb_store(idmap_tdb, data, key2, TDB_REPLACE) != 0) {
+		/* not good! */
+		DEBUG(0,("winbindd: convert_fn : Unable to update record %s\n", data.dptr ));
+		DEBUG(0,("winbindd: convert_fn : conversion failed - idmap corrupt ?\n"));
+		return -1;
+	}
+
+	tdb_delete(idmap_tdb, key);
+
+	return 0;
+}
+
+#if 0
+/*****************************************************************************
+ Make a backup copy of the old idmap just to be safe.... JRA.
+*****************************************************************************/
+
+static BOOL backup_old_idmap(const char *idmap_name)
+{
+	pstring new_name;
+	int outfd = -1;
+	SMB_OFF_T size;
+	struct stat st;
+
+	pstrcpy(new_name, idmap_name);
+	pstrcat(new_name, ".bak");
+
+	DEBUG(10,("backup_old_idmap: backing up %s to %s before upgrade.\n",
+			idmap_name, new_name ));
+
+	if (tdb_lockall(idmap_tdb) == -1) {
+		DEBUG(10,("backup_old_idmap: failed to lock %s. Error %s\n",
+			idmap_name, tdb_errorstr(idmap_tdb) ));
+		return False;
+	}
+	if ((outfd = open(new_name, O_CREAT|O_EXCL|O_RDWR, 0600)) == -1) {
+		DEBUG(10,("backup_old_idmap: failed to open %s. Error %s\n",
+			new_name, strerror(errno) ));
+		goto fail;
+	}
+
+	if (fstat(idmap_tdb->fd, &st) == -1) {
+		DEBUG(10,("backup_old_idmap: failed to fstat %s. Error %s\n",
+			idmap_name, strerror(errno) ));
+		goto fail;
+	}
+
+	size = (SMB_OFF_T)st.st_size;
+
+	if (transfer_file(idmap_tdb->fd, outfd, size) != size ) {
+		DEBUG(10,("backup_old_idmap: failed to copy %s. Error %s\n",
+			idmap_name, strerror(errno) ));
+		goto fail;
+	}
+
+	if (close(outfd) == -1) {
+		DEBUG(10,("backup_old_idmap: failed to close %s. Error %s\n",
+			idmap_name, strerror(errno) ));
+		outfd = -1;
+		goto fail;
+	}
+	tdb_unlockall(idmap_tdb);
+	return True;
+
+fail:
+
+	if (outfd != -1)
+		close(outfd);
+	tdb_unlockall(idmap_tdb);
+	return False;
+}
+#endif
+
+/*****************************************************************************
+ Convert the idmap database from an older version.
+*****************************************************************************/
+
+static BOOL idmap_convert(const char *idmap_name)
+{
+	int32 vers = tdb_fetch_int32(idmap_tdb, "IDMAP_VERSION");
+
+	if (vers == IDMAP_VERSION)
+		return True;
+
+#if 0
+	/* Make a backup copy before doing anything else.... */
+	if (!backup_old_idmap(idmap_name))
+		return False;
+#endif
+
+	if (IREV(vers) == IDMAP_VERSION) {
+		/* Arrggghh ! Bytereversed - make order independent ! */
+		int32 wm;
+
+		wm = tdb_fetch_int32(idmap_tdb, HWM_USER);
+
+		if (wm != -1)
+			wm = IREV(wm);
+		else
+			wm = server_state.uid_low;
+
+		if (tdb_store_int32(idmap_tdb, HWM_USER, server_state.uid_low) == -1) {
+			DEBUG(0, ("idmap_convert: Unable to byteswap user hwm in idmap database\n"));
+			return False;
+		}
+
+		wm = tdb_fetch_int32(idmap_tdb, HWM_GROUP);
+		if (wm != -1)
+			wm = IREV(wm);
+		else
+			wm = server_state.gid_low;
+		if (tdb_store_int32(idmap_tdb, HWM_GROUP, server_state.gid_low) == -1) {
+			DEBUG(0, ("idmap_convert: Unable to byteswap group hwm in idmap database\n"));
+			return False;
+		}
+	}
+
+	/* the old format stored as DOMAIN/rid - now we store the SID direct */
+	tdb_traverse(idmap_tdb, convert_fn, NULL);
+
+        if (tdb_store_int32(idmap_tdb, "IDMAP_VERSION", IDMAP_VERSION) == -1) {
+		DEBUG(0, ("idmap_convert: Unable to byteswap group hwm in idmap database\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*****************************************************************************
+ Initialise idmap database. 
+*****************************************************************************/
+
+BOOL winbindd_idmap_init(void)
+{
+	/* Open tdb cache */
+
+	if (!(idmap_tdb = tdb_open_log(lock_path("winbindd_idmap.tdb"), 0,
+				TDB_DEFAULT, O_RDWR | O_CREAT, 0600))) {
+		DEBUG(0, ("winbindd_idmap_init: Unable to open idmap database\n"));
+		return False;
+	}
+
+	/* possibly convert from an earlier version */
+	if (!idmap_convert(lock_path("winbindd_idmap.tdb"))) {
+		DEBUG(0, ("winbindd_idmap_init: Unable to open idmap database\n"));
+		return False;
+	}
+
+	/* Create high water marks for group and user id */
+
+	if (tdb_fetch_int32(idmap_tdb, HWM_USER) == -1) {
+		if (tdb_store_int32(idmap_tdb, HWM_USER, server_state.uid_low) == -1) {
+			DEBUG(0, ("winbindd_idmap_init: Unable to initialise user hwm in idmap database\n"));
+			return False;
+		}
+	}
+
+	if (tdb_fetch_int32(idmap_tdb, HWM_GROUP) == -1) {
+		if (tdb_store_int32(idmap_tdb, HWM_GROUP, server_state.gid_low) == -1) {
+			DEBUG(0, ("winbindd_idmap_init: Unable to initialise group hwm in idmap database\n"));
+			return False;
+		}
+	}
+
+	return True;   
+}
+
+BOOL winbindd_idmap_close(void)
+{
+	if (idmap_tdb)
+		return (tdb_close(idmap_tdb) == 0);
+	return True;
+}
+
+/* Dump status information to log file.  Display different stuff based on
+   the debug level:
+
+   Debug Level        Information Displayed
+   =================================================================
+   0                  Percentage of [ug]id range allocated
+   0                  High water marks (next allocated ids)
+*/
+
+#define DUMP_INFO 0
+
+void winbindd_idmap_status(void)
+{
+	int user_hwm, group_hwm;
+
+	DEBUG(0, ("winbindd idmap status:\n"));
+
+	/* Get current high water marks */
+
+	if ((user_hwm = tdb_fetch_int32(idmap_tdb, HWM_USER)) == -1) {
+		DEBUG(DUMP_INFO, ("\tCould not get userid high water mark!\n"));
+	}
+
+	if ((group_hwm = tdb_fetch_int32(idmap_tdb, HWM_GROUP)) == -1) {
+		DEBUG(DUMP_INFO, ("\tCould not get groupid high water mark!\n"));
+	}
+
+	/* Display next ids to allocate */
+
+	if (user_hwm != -1) {
+		DEBUG(DUMP_INFO, ("\tNext userid to allocate is %d\n", user_hwm));
+	}
+
+	if (group_hwm != -1) {
+		DEBUG(DUMP_INFO, ("\tNext groupid to allocate is %d\n", group_hwm));
+	}
+
+	/* Display percentage of id range already allocated. */
+
+	if (user_hwm != -1) {
+		int num_users = user_hwm - server_state.uid_low;
+		int total_users = server_state.uid_high - server_state.uid_low;
+
+		DEBUG(DUMP_INFO, ("\tUser id range is %d%% full (%d of %d)\n", 
+				num_users * 100 / total_users, num_users,
+				total_users));
+	}
+
+	if (group_hwm != -1) {
+		int num_groups = group_hwm - server_state.gid_low;
+		int total_groups = server_state.gid_high - server_state.gid_low;
+
+		DEBUG(DUMP_INFO, ("\tGroup id range is %d%% full (%d of %d)\n",
+				num_groups * 100 / total_groups, num_groups,
+				total_groups));
+	}
+
+	/* Display complete mapping of users and groups to rids */
+}
diff --git a/source3/nsswitch/winbindd_misc.c b/source3/nsswitch/winbindd_misc.c
new file mode 100644
index 0000000000..5678bdaa5a
--- /dev/null
+++ b/source3/nsswitch/winbindd_misc.c
@@ -0,0 +1,224 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Winbind daemon - miscellaneous other functions
+
+   Copyright (C) Tim Potter      2000
+   Copyright (C) Andrew Bartlett 2002
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "winbindd.h"
+
+extern pstring global_myname;
+
+/************************************************************************
+ Routine to get the trust account password for a domain
+************************************************************************/
+static BOOL _get_trust_account_password(char *domain, unsigned char *ret_pwd, 
+					time_t *pass_last_set_time)
+{
+	if (!secrets_fetch_trust_account_password(domain, ret_pwd, pass_last_set_time)) {
+                return False;
+	}
+
+	return True;
+}
+
+/* Check the machine account password is valid */
+
+enum winbindd_result winbindd_check_machine_acct(struct winbindd_cli_state *state)
+{
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	uchar trust_passwd[16];
+        int num_retries = 0;
+        struct cli_state *cli;
+	DEBUG(3, ("[%5d]: check machine account\n", state->pid));
+
+	/* Get trust account password */
+
+ again:
+	if (!_get_trust_account_password(lp_workgroup(), trust_passwd, 
+                                         NULL)) {
+		result = NT_STATUS_INTERNAL_ERROR;
+		goto done;
+	}
+
+        /* This call does a cli_nt_setup_creds() which implicitly checks
+           the trust account password. */
+
+	/* Don't shut this down - it belongs to the connection cache code */
+        result = cm_get_netlogon_cli(lp_workgroup(), trust_passwd, &cli);
+
+        if (!NT_STATUS_IS_OK(result)) {
+                DEBUG(3, ("could not open handle to NETLOGON pipe\n"));
+                goto done;
+        }
+
+        /* There is a race condition between fetching the trust account
+           password and the periodic machine password change.  So it's 
+	   possible that the trust account password has been changed on us.  
+	   We are returned NT_STATUS_ACCESS_DENIED if this happens. */
+
+#define MAX_RETRIES 8
+
+        if ((num_retries < MAX_RETRIES) && 
+            NT_STATUS_V(result) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED)) {
+                num_retries++;
+                goto again;
+        }
+
+	/* Pass back result code - zero for success, other values for
+	   specific failures. */
+
+	DEBUG(3, ("secret is %s\n", NT_STATUS_IS_OK(result) ?  
+                  "good" : "bad"));
+
+ done:
+	state->response.data.num_entries = NT_STATUS_V(result);
+
+	return WINBINDD_OK;
+}
+
+enum winbindd_result winbindd_list_trusted_domains(struct winbindd_cli_state
+						   *state)
+{
+	struct winbindd_domain *domain;
+	int total_entries = 0, extra_data_len = 0;
+	char *ted, *extra_data = NULL;
+
+	DEBUG(3, ("[%5d]: list trusted domains\n", state->pid));
+
+	/* We need to refresh the trusted domain list as the domains may
+	   have changed since we last looked.  There may be a sequence
+	   number or something we should use but I haven't found it yet. */
+
+	init_domain_list();
+
+	for(domain = domain_list(); domain; domain = domain->next) {
+
+		/* Skip own domain */
+
+		if (strequal(domain->name, lp_workgroup())) continue;
+
+		/* Add domain to list */
+
+		total_entries++;
+		ted = Realloc(extra_data, sizeof(fstring) * 
+                              total_entries);
+
+		if (!ted) {
+			DEBUG(0,("winbindd_list_trusted_domains: failed to enlarge buffer!\n"));
+			SAFE_FREE(extra_data);
+			return WINBINDD_ERROR;
+		} else 
+                        extra_data = ted;
+
+		memcpy(&extra_data[extra_data_len], domain->name,
+		       strlen(domain->name));
+
+		extra_data_len  += strlen(domain->name);
+		extra_data[extra_data_len++] = ',';
+	}
+
+	if (extra_data) {
+		if (extra_data_len > 1) 
+                        extra_data[extra_data_len - 1] = '\0';
+		state->response.extra_data = extra_data;
+		state->response.length += extra_data_len;
+	}
+
+	return WINBINDD_OK;
+}
+
+
+enum winbindd_result winbindd_show_sequence(struct winbindd_cli_state *state)
+{
+	struct winbindd_domain *domain;
+	char *extra_data = NULL;
+
+	DEBUG(3, ("[%5d]: show sequence\n", state->pid));
+
+	extra_data = strdup("");
+
+	/* this makes for a very simple data format, and is easily parsable as well
+	   if that is ever needed */
+	for (domain = domain_list(); domain; domain = domain->next) {
+		char *s;
+
+		domain->methods->sequence_number(domain, &domain->sequence_number);
+		
+		if (DOM_SEQUENCE_NONE == (unsigned)domain->sequence_number) {
+			asprintf(&s,"%s%s : DISCONNECTED\n", extra_data, 
+				 domain->name);
+		} else {
+			asprintf(&s,"%s%s : %u\n", extra_data, 
+				 domain->name, (unsigned)domain->sequence_number);
+		}
+		free(extra_data);
+		extra_data = s;
+	}
+
+	state->response.extra_data = extra_data;
+	state->response.length += strlen(extra_data);
+
+	return WINBINDD_OK;
+}
+
+enum winbindd_result winbindd_ping(struct winbindd_cli_state
+						   *state)
+{
+	DEBUG(3, ("[%5d]: ping\n", state->pid));
+
+	return WINBINDD_OK;
+}
+
+/* List various tidbits of information */
+
+enum winbindd_result winbindd_info(struct winbindd_cli_state *state)
+{
+
+	DEBUG(3, ("[%5d]: request misc info\n", state->pid));
+
+	state->response.data.info.winbind_separator = *lp_winbind_separator();
+	fstrcpy(state->response.data.info.samba_version, VERSION);
+
+	return WINBINDD_OK;
+}
+
+/* Tell the client the current interface version */
+
+enum winbindd_result winbindd_interface_version(struct winbindd_cli_state *state)
+{
+
+	DEBUG(3, ("[%5d]: request interface version\n", state->pid));
+	
+	state->response.data.interface_version = WINBIND_INTERFACE_VERSION;
+
+	return WINBINDD_OK;
+}
+
+/* What domain are we a member of? */
+
+enum winbindd_result winbindd_domain_name(struct winbindd_cli_state *state)
+{
+
+	DEBUG(3, ("[%5d]: request domain name\n", state->pid));
+	
+	fstrcpy(state->response.data.domain_name, lp_workgroup());
+
+	return WINBINDD_OK;
+}
diff --git a/source3/nsswitch/winbindd_nss.h b/source3/nsswitch/winbindd_nss.h
new file mode 100644
index 0000000000..023d72306b
--- /dev/null
+++ b/source3/nsswitch/winbindd_nss.h
@@ -0,0 +1,224 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Winbind daemon for ntdom nss module
+
+   Copyright (C) Tim Potter 2000
+   
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Library General Public
+   License as published by the Free Software Foundation; either
+   version 2 of the License, or (at your option) any later version.
+   
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Library General Public License for more details.
+   
+   You should have received a copy of the GNU Library General Public
+   License along with this library; if not, write to the
+   Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA  02111-1307, USA.   
+*/
+
+#ifndef SAFE_FREE
+#define SAFE_FREE(x) do { if(x) {free(x); x=NULL;} } while(0)
+#endif
+
+#ifndef _WINBINDD_NTDOM_H
+#define _WINBINDD_NTDOM_H
+
+#define WINBINDD_SOCKET_NAME "pipe"            /* Name of PF_UNIX socket */
+#define WINBINDD_SOCKET_DIR  "/tmp/.winbindd"  /* Name of PF_UNIX dir */
+
+#define WINBINDD_DOMAIN_ENV  "WINBINDD_DOMAIN" /* Environment variables */
+#define WINBINDD_DONT_ENV    "_NO_WINBINDD"
+
+/* Update this when you change the interface.  */
+
+#define WINBIND_INTERFACE_VERSION 4
+
+/* Socket commands */
+
+enum winbindd_cmd {
+
+	WINBINDD_INTERFACE_VERSION,    /* Always a well known value */
+
+	/* Get users and groups */
+
+	WINBINDD_GETPWNAM,
+	WINBINDD_GETPWUID,
+	WINBINDD_GETGRNAM,
+	WINBINDD_GETGRGID,
+	WINBINDD_GETGROUPS,
+
+	/* Enumerate users and groups */
+
+	WINBINDD_SETPWENT,
+	WINBINDD_ENDPWENT,
+	WINBINDD_GETPWENT,
+	WINBINDD_SETGRENT,
+	WINBINDD_ENDGRENT,
+	WINBINDD_GETGRENT,
+
+	/* PAM authenticate and password change */
+
+	WINBINDD_PAM_AUTH,
+	WINBINDD_PAM_AUTH_CRAP,
+	WINBINDD_PAM_CHAUTHTOK,
+
+	/* List various things */
+
+	WINBINDD_LIST_USERS,         /* List w/o rid->id mapping */
+	WINBINDD_LIST_GROUPS,        /* Ditto */
+	WINBINDD_LIST_TRUSTDOM,
+
+	/* SID conversion */
+
+	WINBINDD_LOOKUPSID,
+	WINBINDD_LOOKUPNAME,
+
+	/* Lookup functions */
+
+	WINBINDD_SID_TO_UID,       
+	WINBINDD_SID_TO_GID,
+	WINBINDD_UID_TO_SID,
+	WINBINDD_GID_TO_SID,
+
+	/* Miscellaneous other stuff */
+
+	WINBINDD_CHECK_MACHACC,     /* Check machine account pw works */
+	WINBINDD_PING,              /* Just tell me winbind is running */
+	WINBINDD_INFO,              /* Various bit of info.  Currently just tidbits */
+	WINBINDD_DOMAIN_NAME,       /* The domain this winbind server is a member of (lp_workgroup()) */
+
+	WINBINDD_SHOW_SEQUENCE, /* display sequence numbers of domains */
+
+	/* WINS commands */
+
+	WINBINDD_WINS_BYIP,
+	WINBINDD_WINS_BYNAME,
+
+	/* Placeholder for end of cmd list */
+
+	WINBINDD_NUM_CMDS
+};
+
+/* Winbind request structure */
+
+struct winbindd_request {
+	uint32 length;
+	enum winbindd_cmd cmd;   /* Winbindd command to execute */
+	pid_t pid;               /* pid of calling process */
+
+	union {
+		fstring winsreq;     /* WINS request */
+		fstring username;    /* getpwnam */
+		fstring groupname;   /* getgrnam */
+		uid_t uid;           /* getpwuid, uid_to_sid */
+		gid_t gid;           /* getgrgid, gid_to_sid */
+		struct {
+			fstring user;
+			fstring pass;
+		} auth;              /* pam_winbind auth module */
+                struct {
+                        unsigned char chal[8];
+                        fstring user;
+                        fstring domain;
+                        fstring lm_resp;
+                        uint16 lm_resp_len;
+                        fstring nt_resp;
+                        uint16 nt_resp_len;
+                } auth_crap;
+                struct {
+                    fstring user;
+                    fstring oldpass;
+                    fstring newpass;
+                } chauthtok;         /* pam_winbind passwd module */
+		fstring sid;         /* lookupsid, sid_to_[ug]id */
+		struct {
+			fstring dom_name;       /* lookupname */
+			fstring name;       
+		} name;
+		uint32 num_entries;  /* getpwent, getgrent */
+	} data;
+	fstring domain;      /* {set,get,end}{pw,gr}ent() */
+};
+
+/* Response values */
+
+enum winbindd_result {
+	WINBINDD_ERROR,
+	WINBINDD_OK
+};
+
+/* Winbind response structure */
+
+struct winbindd_response {
+    
+	/* Header information */
+
+	uint32 length;                        /* Length of response */
+	enum winbindd_result result;          /* Result code */
+
+	/* Fixed length return data */
+	
+	union {
+		int interface_version;  /* Try to ensure this is always in the same spot... */
+		
+		fstring winsresp;		/* WINS response */
+
+		/* getpwnam, getpwuid */
+		
+		struct winbindd_pw {
+			fstring pw_name;
+			fstring pw_passwd;
+			uid_t pw_uid;
+			gid_t pw_gid;
+			fstring pw_gecos;
+			fstring pw_dir;
+			fstring pw_shell;
+		} pw;
+
+		/* getgrnam, getgrgid */
+
+		struct winbindd_gr {
+			fstring gr_name;
+			fstring gr_passwd;
+			gid_t gr_gid;
+			int num_gr_mem;
+			int gr_mem_ofs;   /* offset to group membership */
+		} gr;
+
+		uint32 num_entries; /* getpwent, getgrent */
+		struct winbindd_sid {
+			fstring sid;        /* lookupname, [ug]id_to_sid */
+			int type;
+		} sid;
+		struct winbindd_name {
+			fstring dom_name;       /* lookupsid */
+			fstring name;       
+			int type;
+		} name;
+		uid_t uid;          /* sid_to_uid */
+		gid_t gid;          /* sid_to_gid */
+		struct winbindd_info {
+			char winbind_separator;
+			fstring samba_version;
+		} info;
+		fstring domain_name;
+
+		struct auth_reply {
+			uint32 nt_status;
+			fstring nt_status_string;
+			fstring error_string;
+			int pam_error;
+		} auth;
+	} data;
+
+	/* Variable length return data */
+
+	void *extra_data;               /* getgrnam, getgrgid, getgrent */
+};
+
+#endif
diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c
new file mode 100644
index 0000000000..f7959c2feb
--- /dev/null
+++ b/source3/nsswitch/winbindd_pam.c
@@ -0,0 +1,276 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Winbind daemon - pam auth funcions
+
+   Copyright (C) Andrew Tridgell 2000
+   Copyright (C) Tim Potter 2001
+   Copyright (C) Andrew Bartlett 2001-2002
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "winbindd.h"
+
+/* Return a password structure from a username.  */
+
+enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) 
+{
+	NTSTATUS result;
+	fstring name_domain, name_user;
+	int passlen;
+	unsigned char trust_passwd[16];
+	time_t last_change_time;
+        uint32 smb_uid_low;
+        NET_USER_INFO_3 info3;
+        struct cli_state *cli = NULL;
+	uchar chal[8];
+	TALLOC_CTX *mem_ctx = NULL;
+	DATA_BLOB lm_resp;
+	DATA_BLOB nt_resp;
+
+	extern pstring global_myname;
+
+	DEBUG(3, ("[%5d]: pam auth %s\n", state->pid,
+		  state->request.data.auth.user));
+
+	if (!(mem_ctx = talloc_init_named("winbind pam auth for %s", state->request.data.auth.user))) {
+		DEBUG(0, ("winbindd_pam_auth: could not talloc_init()!\n"));
+		result = NT_STATUS_NO_MEMORY;
+		goto done;
+	}
+
+	/* Parse domain and username */
+	
+	if (!parse_domain_user(state->request.data.auth.user, name_domain, 
+			       name_user)) {
+		DEBUG(5,("no domain separator (%s) in username (%s) - failing auth\n", lp_winbind_separator(), state->request.data.auth.user));
+		result = NT_STATUS_INVALID_PARAMETER;
+		goto done;
+	}
+
+	passlen = strlen(state->request.data.auth.pass);
+		
+	{
+		unsigned char local_lm_response[24];
+		unsigned char local_nt_response[24];
+		
+		generate_random_buffer(chal, 8, False);
+		SMBencrypt( (const uchar *)state->request.data.auth.pass, chal, local_lm_response);
+		
+		SMBNTencrypt((const uchar *)state->request.data.auth.pass, chal, local_nt_response);
+
+		lm_resp = data_blob_talloc(mem_ctx, local_lm_response, sizeof(local_lm_response));
+		nt_resp = data_blob_talloc(mem_ctx, local_nt_response, sizeof(local_nt_response));
+	}
+	
+	/*
+	 * Get the machine account password for our primary domain
+	 */
+
+	if (!secrets_fetch_trust_account_password(
+                lp_workgroup(), trust_passwd, &last_change_time)) {
+		DEBUG(0, ("winbindd_pam_auth: could not fetch trust account "
+                          "password for domain %s\n", lp_workgroup()));
+		result = NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+		goto done;
+	}
+
+	/* We really don't care what LUID we give the user. */
+
+	generate_random_buffer( (unsigned char *)&smb_uid_low, 4, False);
+
+	ZERO_STRUCT(info3);
+	
+	/* Don't shut this down - it belongs to the connection cache code */
+        result = cm_get_netlogon_cli(lp_workgroup(), trust_passwd, &cli);
+
+        if (!NT_STATUS_IS_OK(result)) {
+                DEBUG(3, ("could not open handle to NETLOGON pipe\n"));
+                goto done;
+        }
+
+	result = cli_netlogon_sam_network_logon(cli, mem_ctx,
+						name_user, name_domain, 
+						global_myname, chal, 
+						lm_resp, nt_resp, 
+						&info3);
+        
+	uni_group_cache_store_netlogon(mem_ctx, &info3);
+done:
+
+	state->response.data.auth.nt_status = NT_STATUS_V(result);
+	fstrcpy(state->response.data.auth.nt_status_string, nt_errstr(result));
+	fstrcpy(state->response.data.auth.error_string, nt_errstr(result));
+	state->response.data.auth.pam_error = nt_status_to_pam(result);
+
+	DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, ("Plain-text authenticaion for user %s returned %s (PAM: %d)\n", 
+	      state->request.data.auth.user, 
+	      state->response.data.auth.nt_status_string,
+	      state->response.data.auth.pam_error));	      
+
+	if (mem_ctx) 
+		talloc_destroy(mem_ctx);
+	
+	return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR;
+}
+	
+/* Challenge Response Authentication Protocol */
+
+enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state) 
+{
+	NTSTATUS result;
+	unsigned char trust_passwd[16];
+	time_t last_change_time;
+        NET_USER_INFO_3 info3;
+        struct cli_state *cli = NULL;
+	TALLOC_CTX *mem_ctx = NULL;
+	const char *domain = NULL;
+
+	DATA_BLOB lm_resp, nt_resp;
+
+	extern pstring global_myname;
+
+	DEBUG(3, ("[%5d]: pam auth crap domain: %s user: %s\n", state->pid,
+		  state->request.data.auth_crap.domain, state->request.data.auth_crap.user));
+
+	if (!(mem_ctx = talloc_init_named("winbind pam auth crap for %s", state->request.data.auth.user))) {
+		DEBUG(0, ("winbindd_pam_auth_crap: could not talloc_init()!\n"));
+		result = NT_STATUS_NO_MEMORY;
+		goto done;
+	}
+
+	if (*state->request.data.auth_crap.domain) {
+		domain = talloc_strdup(mem_ctx, state->request.data.auth_crap.domain);
+	} else if (lp_winbind_use_default_domain()) {
+		domain = talloc_strdup(mem_ctx, lp_workgroup());
+	} else {
+		DEBUG(5,("no domain specified with username (%s) - failing auth\n", state->request.data.auth.user));
+		result = NT_STATUS_INVALID_PARAMETER;
+		goto done;
+	}
+
+	if (!domain) {
+		DEBUG(0,("winbindd_pam_auth_crap: talloc_strdup failed!\n"));
+		result = NT_STATUS_NO_MEMORY;
+		goto done;
+	}
+
+	lm_resp = data_blob_talloc(mem_ctx, state->request.data.auth_crap.lm_resp, state->request.data.auth_crap.lm_resp_len);
+	nt_resp = data_blob_talloc(mem_ctx, state->request.data.auth_crap.nt_resp, state->request.data.auth_crap.nt_resp_len);
+	
+	/*
+	 * Get the machine account password for our primary domain
+	 */
+
+	if (!secrets_fetch_trust_account_password(
+                lp_workgroup(), trust_passwd, &last_change_time)) {
+		DEBUG(0, ("winbindd_pam_auth: could not fetch trust account "
+                          "password for domain %s\n", lp_workgroup()));
+		result = NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+		goto done;
+	}
+
+	ZERO_STRUCT(info3);
+
+	/* Don't shut this down - it belongs to the connection cache code */
+        result = cm_get_netlogon_cli(lp_workgroup(), trust_passwd, &cli);
+
+        if (!NT_STATUS_IS_OK(result)) {
+                DEBUG(3, ("could not open handle to NETLOGON pipe (error: %s)\n", nt_errstr(result)));
+                goto done;
+        }
+
+	result = cli_netlogon_sam_network_logon(cli, mem_ctx,
+						state->request.data.auth_crap.user, domain,
+						global_myname, state->request.data.auth_crap.chal, 
+						lm_resp, nt_resp, 
+						&info3);
+        
+	if (NT_STATUS_IS_OK(result)) {
+		uni_group_cache_store_netlogon(mem_ctx, &info3);
+	}
+
+done:
+
+	state->response.data.auth.nt_status = NT_STATUS_V(result);
+	fstrcpy(state->response.data.auth.nt_status_string, nt_errstr(result));
+	fstrcpy(state->response.data.auth.error_string, nt_errstr(result));
+	state->response.data.auth.pam_error = nt_status_to_pam(result);
+
+	DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, ("NTLM CRAP authenticaion for user [%s]\\[%s] returned %s (PAM: %d)\n", 
+	      state->request.data.auth_crap.domain, 
+	      state->request.data.auth_crap.user, 
+	      state->response.data.auth.nt_status_string,
+	      state->response.data.auth.pam_error));	      
+
+	if (mem_ctx) 
+		talloc_destroy(mem_ctx);
+	
+	return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR;
+}
+
+/* Change a user password */
+
+enum winbindd_result winbindd_pam_chauthtok(struct winbindd_cli_state *state)
+{
+	NTSTATUS result;
+	char *oldpass, *newpass;
+	fstring domain, user;
+	CLI_POLICY_HND *hnd;
+
+	DEBUG(3, ("[%5d]: pam chauthtok %s\n", state->pid,
+		state->request.data.chauthtok.user));
+
+	/* Setup crap */
+
+	if (state == NULL)
+		return WINBINDD_ERROR;
+
+	if (!parse_domain_user(state->request.data.chauthtok.user, domain, 
+			       user)) {
+		result = NT_STATUS_INVALID_PARAMETER;
+		goto done;
+	}
+
+	/* Change password */
+
+	oldpass = state->request.data.chauthtok.oldpass;
+	newpass = state->request.data.chauthtok.newpass;
+
+	/* Get sam handle */
+
+	if (!(hnd = cm_get_sam_handle(domain))) {
+		DEBUG(1, ("could not get SAM handle on DC for %s\n", domain));
+		result = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
+		goto done;
+	}
+
+	if (!cli_oem_change_password(hnd->cli, user, newpass, oldpass)) {
+		DEBUG(1, ("password change failed for user %s/%s\n", domain, 
+			  user));
+		result = NT_STATUS_WRONG_PASSWORD;
+	} else {
+		result = NT_STATUS_OK;
+	}
+
+done:    
+	state->response.data.auth.nt_status = NT_STATUS_V(result);
+	fstrcpy(state->response.data.auth.nt_status_string, nt_errstr(result));
+	fstrcpy(state->response.data.auth.error_string, nt_errstr(result));
+	state->response.data.auth.pam_error = nt_status_to_pam(result);
+
+	return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR;
+}
diff --git a/source3/nsswitch/winbindd_proto.h b/source3/nsswitch/winbindd_proto.h
new file mode 100644
index 0000000000..f3830cd63c
--- /dev/null
+++ b/source3/nsswitch/winbindd_proto.h
@@ -0,0 +1,133 @@
+#ifndef _WINBINDD_PROTO_H_
+#define _WINBINDD_PROTO_H_
+
+/* This file is automatically generated with "make proto". DO NOT EDIT */
+
+
+/* The following definitions come from nsswitch/winbindd.c  */
+
+int main(int argc, char **argv);
+
+/* The following definitions come from nsswitch/winbindd_ads.c  */
+
+ADS_STATUS ads_do_search_retry(ADS_STRUCT *ads, const char *bind_path, int scope, 
+			       const char *exp,
+			       const char **attrs, void **res);
+ADS_STATUS ads_search_retry(ADS_STRUCT *ads, void **res, 
+			    const char *exp, 
+			    const char **attrs);
+ADS_STATUS ads_search_retry_dn(ADS_STRUCT *ads, void **res, 
+			       const char *dn, 
+			       const char **attrs);
+
+/* The following definitions come from nsswitch/winbindd_cache.c  */
+
+void wcache_flush_cache(void);
+void winbindd_check_cache_size(time_t t);
+struct cache_entry *centry_start(struct winbindd_domain *domain, NTSTATUS status);
+
+/* The following definitions come from nsswitch/winbindd_cm.c  */
+
+CLI_POLICY_HND *cm_get_lsa_handle(char *domain);
+CLI_POLICY_HND *cm_get_sam_handle(char *domain);
+CLI_POLICY_HND *cm_get_sam_dom_handle(char *domain, DOM_SID *domain_sid);
+CLI_POLICY_HND *cm_get_sam_user_handle(char *domain, DOM_SID *domain_sid,
+				       uint32 user_rid);
+CLI_POLICY_HND *cm_get_sam_group_handle(char *domain, DOM_SID *domain_sid,
+					uint32 group_rid);
+NTSTATUS cm_get_netlogon_cli(char *domain, unsigned char *trust_passwd,
+			     struct cli_state **cli);
+void winbindd_cm_status(void);
+
+/* The following definitions come from nsswitch/winbindd_group.c  */
+
+enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state);
+enum winbindd_result winbindd_getgrgid(struct winbindd_cli_state *state);
+enum winbindd_result winbindd_setgrent(struct winbindd_cli_state *state);
+enum winbindd_result winbindd_endgrent(struct winbindd_cli_state *state);
+enum winbindd_result winbindd_getgrent(struct winbindd_cli_state *state);
+enum winbindd_result winbindd_list_groups(struct winbindd_cli_state *state);
+enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state);
+
+/* The following definitions come from nsswitch/winbindd_idmap.c  */
+
+BOOL winbindd_idmap_get_uid_from_sid(DOM_SID *sid, uid_t *uid);
+BOOL winbindd_idmap_get_gid_from_sid(DOM_SID *sid, gid_t *gid);
+BOOL winbindd_idmap_get_uid_from_rid(const char *dom_name, uint32 rid, uid_t *uid);
+BOOL winbindd_idmap_get_gid_from_rid(const char *dom_name, uint32 rid, gid_t *gid);
+BOOL get_sid_from_id(int id, DOM_SID *sid, BOOL isgroup);
+BOOL winbindd_idmap_get_sid_from_uid(uid_t uid, DOM_SID *sid);
+BOOL winbindd_idmap_get_sid_from_gid(gid_t gid, DOM_SID *sid);
+BOOL winbindd_idmap_get_rid_from_uid(uid_t uid, uint32 *user_rid,
+                                     struct winbindd_domain **domain);
+BOOL winbindd_idmap_get_rid_from_gid(gid_t gid, uint32 *group_rid, 
+                                     struct winbindd_domain **domain);
+BOOL winbindd_idmap_init(void);
+BOOL winbindd_idmap_close(void);
+void winbindd_idmap_status(void);
+
+/* The following definitions come from nsswitch/winbindd_misc.c  */
+
+enum winbindd_result winbindd_check_machine_acct(struct winbindd_cli_state *state);
+enum winbindd_result winbindd_list_trusted_domains(struct winbindd_cli_state
+						   *state);
+enum winbindd_result winbindd_show_sequence(struct winbindd_cli_state *state);
+enum winbindd_result winbindd_ping(struct winbindd_cli_state
+						   *state);
+enum winbindd_result winbindd_info(struct winbindd_cli_state *state);
+enum winbindd_result winbindd_interface_version(struct winbindd_cli_state *state);
+enum winbindd_result winbindd_domain_name(struct winbindd_cli_state *state);
+
+/* The following definitions come from nsswitch/winbindd_pam.c  */
+
+enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) ;
+enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state) ;
+enum winbindd_result winbindd_pam_chauthtok(struct winbindd_cli_state *state);
+
+/* The following definitions come from nsswitch/winbindd_rpc.c  */
+
+
+/* The following definitions come from nsswitch/winbindd_sid.c  */
+
+enum winbindd_result winbindd_lookupsid(struct winbindd_cli_state *state);
+enum winbindd_result winbindd_lookupname(struct winbindd_cli_state *state);
+enum winbindd_result winbindd_sid_to_uid(struct winbindd_cli_state *state);
+enum winbindd_result winbindd_sid_to_gid(struct winbindd_cli_state *state);
+enum winbindd_result winbindd_uid_to_sid(struct winbindd_cli_state *state);
+enum winbindd_result winbindd_gid_to_sid(struct winbindd_cli_state *state);
+
+/* The following definitions come from nsswitch/winbindd_user.c  */
+
+enum winbindd_result winbindd_getpwnam(struct winbindd_cli_state *state) ;
+enum winbindd_result winbindd_getpwuid(struct winbindd_cli_state *state);
+enum winbindd_result winbindd_setpwent(struct winbindd_cli_state *state);
+enum winbindd_result winbindd_endpwent(struct winbindd_cli_state *state);
+enum winbindd_result winbindd_getpwent(struct winbindd_cli_state *state);
+enum winbindd_result winbindd_list_users(struct winbindd_cli_state *state);
+
+/* The following definitions come from nsswitch/winbindd_util.c  */
+
+struct winbindd_domain *domain_list(void);
+void free_domain_list(void);
+BOOL init_domain_list(void);
+struct winbindd_domain *find_domain_from_name(const char *domain_name);
+struct winbindd_domain *find_domain_from_sid(DOM_SID *sid);
+BOOL winbindd_lookup_sid_by_name(struct winbindd_domain *domain, 
+				 const char *name, DOM_SID *sid, 
+				 enum SID_NAME_USE *type);
+BOOL winbindd_lookup_name_by_sid(DOM_SID *sid,
+				 fstring dom_name,
+				 fstring name,
+				 enum SID_NAME_USE *type);
+void free_getent_state(struct getent_state *state);
+BOOL winbindd_param_init(void);
+BOOL check_domain_env(char *domain_env, char *domain);
+BOOL parse_domain_user(const char *domuser, fstring domain, fstring user);
+void fill_domain_username(fstring name, const char *domain, const char *user);
+
+/* The following definitions come from nsswitch/winbindd_wins.c  */
+
+enum winbindd_result winbindd_wins_byip(struct winbindd_cli_state *state);
+enum winbindd_result winbindd_wins_byname(struct winbindd_cli_state *state);
+
+#endif /*  _WINBINDD_PROTO_H_  */
diff --git a/source3/nsswitch/winbindd_rpc.c b/source3/nsswitch/winbindd_rpc.c
new file mode 100644
index 0000000000..5af42ee041
--- /dev/null
+++ b/source3/nsswitch/winbindd_rpc.c
@@ -0,0 +1,612 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Winbind rpc backend functions
+
+   Copyright (C) Tim Potter 2000-2001
+   Copyright (C) Andrew Tridgell 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "winbindd.h"
+
+/* Query display info for a domain.  This returns enough information plus a
+   bit extra to give an overview of domain users for the User Manager
+   application. */
+static NTSTATUS query_user_list(struct winbindd_domain *domain,
+			       TALLOC_CTX *mem_ctx,
+			       uint32 *num_entries, 
+			       WINBIND_USERINFO **info)
+{
+	CLI_POLICY_HND *hnd;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	POLICY_HND dom_pol;
+	BOOL got_dom_pol = False;
+	uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
+	int i;
+
+	*num_entries = 0;
+	*info = NULL;
+
+	/* Get sam handle */
+
+	if (!(hnd = cm_get_sam_handle(domain->name)))
+		goto done;
+
+	/* Get domain handle */
+
+	result = cli_samr_open_domain(hnd->cli, mem_ctx, &hnd->pol,
+					des_access, &domain->sid, &dom_pol);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	got_dom_pol = True;
+
+	i = 0;
+	do {
+		SAM_DISPINFO_CTR ctr;
+		SAM_DISPINFO_1 info1;
+		uint32 count = 0, start=i;
+		int j;
+		TALLOC_CTX *ctx2;
+
+		ctr.sam.info1 = &info1;
+
+		ctx2 = talloc_init_named("winbindd dispinfo");
+		if (!ctx2) {
+			result = NT_STATUS_NO_MEMORY;
+			goto done;
+		}
+		
+		/* Query display info level 1 */
+		result = cli_samr_query_dispinfo(hnd->cli, ctx2,
+						 &dom_pol, &start, 1,
+						 &count, 0xFFFF, &ctr);
+
+		if (!NT_STATUS_IS_OK(result) && 
+		    !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) break;
+
+		(*num_entries) += count;
+
+		/* now map the result into the WINBIND_USERINFO structure */
+		(*info) = talloc_realloc(mem_ctx, *info,
+					 (*num_entries)*sizeof(WINBIND_USERINFO));
+		if (!(*info)) {
+			result = NT_STATUS_NO_MEMORY;
+			talloc_destroy(ctx2);
+			goto done;
+		}
+
+		for (j=0;j<count;i++, j++) {
+			(*info)[i].acct_name = unistr2_tdup(mem_ctx, &info1.str[j].uni_acct_name);
+			(*info)[i].full_name = unistr2_tdup(mem_ctx, &info1.str[j].uni_full_name);
+			(*info)[i].user_rid = info1.sam[j].rid_user;
+			/* For the moment we set the primary group for
+			   every user to be the Domain Users group.
+			   There are serious problems with determining
+			   the actual primary group for large domains.
+			   This should really be made into a 'winbind
+			   force group' smb.conf parameter or
+			   something like that. */
+			(*info)[i].group_rid = DOMAIN_GROUP_RID_USERS;
+		}
+
+		talloc_destroy(ctx2);
+	} while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
+
+ done:
+
+	if (got_dom_pol)
+		cli_samr_close(hnd->cli, mem_ctx, &dom_pol);
+
+	return result;
+}
+
+/* list all domain groups */
+static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
+				TALLOC_CTX *mem_ctx,
+				uint32 *num_entries, 
+				struct acct_info **info)
+{
+	uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
+	CLI_POLICY_HND *hnd;
+	POLICY_HND dom_pol;
+	NTSTATUS status;
+
+	*num_entries = 0;
+	*info = NULL;
+
+	if (!(hnd = cm_get_sam_handle(domain->name))) {
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	status = cli_samr_open_domain(hnd->cli, mem_ctx,
+				      &hnd->pol, des_access, &domain->sid, &dom_pol);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	do {
+		struct acct_info *info2 = NULL;
+		uint32 count = 0, start = *num_entries;
+		TALLOC_CTX *mem_ctx2;
+
+		mem_ctx2 = talloc_init_named("enum_dom_groups[rpc]");
+
+		status = cli_samr_enum_dom_groups(hnd->cli, mem_ctx2, &dom_pol,
+						  &start,
+						  0xFFFF, /* buffer size? */
+						  &info2, &count);
+
+		if (!NT_STATUS_IS_OK(status) && 
+		    !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
+			talloc_destroy(mem_ctx2);
+			break;
+		}
+
+		(*info) = talloc_realloc(mem_ctx, *info, 
+					 sizeof(**info) * ((*num_entries) + count));
+		if (! *info) {
+			talloc_destroy(mem_ctx2);
+			cli_samr_close(hnd->cli, mem_ctx, &dom_pol);
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		memcpy(&(*info)[*num_entries], info2, count*sizeof(*info2));
+		(*num_entries) += count;
+		talloc_destroy(mem_ctx2);
+	} while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
+
+	cli_samr_close(hnd->cli, mem_ctx, &dom_pol);
+
+	return status;
+}
+
+/* convert a single name to a sid in a domain */
+static NTSTATUS name_to_sid(struct winbindd_domain *domain,
+			    const char *name,
+			    DOM_SID *sid,
+			    enum SID_NAME_USE *type)
+{
+	TALLOC_CTX *mem_ctx;
+	CLI_POLICY_HND *hnd;
+	NTSTATUS status;
+	DOM_SID *sids = NULL;
+	uint32 *types = NULL;
+	int num_sids;
+	const char *full_name;
+
+	if (!(mem_ctx = talloc_init_named("name_to_sid[rpc] for [%s]\\[%s]", domain->name, name))) {
+		DEBUG(0, ("talloc_init failed!\n"));
+		return NT_STATUS_NO_MEMORY;
+	}
+        
+	if (!(hnd = cm_get_lsa_handle(domain->name))) {
+		talloc_destroy(mem_ctx);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+        
+	full_name = talloc_asprintf(mem_ctx, "%s\\%s", domain->name, name);
+	
+	if (!full_name) {
+		DEBUG(0, ("talloc_asprintf failed!\n"));
+		talloc_destroy(mem_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	status = cli_lsa_lookup_names(hnd->cli, mem_ctx, &hnd->pol, 1, 
+				      &full_name, &sids, &types, &num_sids);
+        
+	/* Return rid and type if lookup successful */        
+	if (NT_STATUS_IS_OK(status)) {
+		sid_copy(sid, &sids[0]);
+		*type = types[0];
+	}
+
+	talloc_destroy(mem_ctx);
+	return status;
+}
+
+/*
+  convert a domain SID to a user or group name
+*/
+static NTSTATUS sid_to_name(struct winbindd_domain *domain,
+			    TALLOC_CTX *mem_ctx,
+			    DOM_SID *sid,
+			    char **name,
+			    enum SID_NAME_USE *type)
+{
+	CLI_POLICY_HND *hnd;
+	char **domains;
+	char **names;
+	uint32 *types;
+	int num_names;
+	NTSTATUS status;
+
+	if (!(hnd = cm_get_lsa_handle(domain->name)))
+		return NT_STATUS_UNSUCCESSFUL;
+        
+	status = cli_lsa_lookup_sids(hnd->cli, mem_ctx, &hnd->pol,
+				     1, sid, &domains, &names, &types, 
+				     &num_names);
+
+	if (NT_STATUS_IS_OK(status)) {
+		*type = types[0];
+		*name = names[0];
+		DEBUG(5,("Mapped sid to [%s]\\[%s]\n", domains[0], *name));
+
+		/* Paranoia */
+		if (strcasecmp(domain->name, domains[0]) != 0) {
+			DEBUG(1, ("domain name from domain param and PDC lookup return differ! (%s vs %s)\n", domain->name, domains[0]));
+			return NT_STATUS_UNSUCCESSFUL;
+		}
+	}
+	return status;
+}
+
+/* Lookup user information from a rid or username. */
+static NTSTATUS query_user(struct winbindd_domain *domain, 
+			   TALLOC_CTX *mem_ctx, 
+			   uint32 user_rid, 
+			   WINBIND_USERINFO *user_info)
+{
+	CLI_POLICY_HND *hnd;
+	NTSTATUS result;
+	POLICY_HND dom_pol, user_pol;
+	BOOL got_dom_pol = False, got_user_pol = False;
+	SAM_USERINFO_CTR *ctr;
+
+	/* Get sam handle */
+	if (!(hnd = cm_get_sam_handle(domain->name)))
+		goto done;
+
+	/* Get domain handle */
+
+	result = cli_samr_open_domain(hnd->cli, mem_ctx, &hnd->pol,
+				      SEC_RIGHTS_MAXIMUM_ALLOWED, 
+				      &domain->sid, &dom_pol);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	got_dom_pol = True;
+
+	/* Get user handle */
+	result = cli_samr_open_user(hnd->cli, mem_ctx, &dom_pol,
+				    SEC_RIGHTS_MAXIMUM_ALLOWED, user_rid, &user_pol);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	got_user_pol = True;
+
+	/* Get user info */
+	result = cli_samr_query_userinfo(hnd->cli, mem_ctx, &user_pol, 
+					 0x15, &ctr);
+
+	cli_samr_close(hnd->cli, mem_ctx, &user_pol);
+	got_user_pol = False;
+
+	user_info->group_rid = ctr->info.id21->group_rid;
+	user_info->acct_name = unistr2_tdup(mem_ctx, 
+					    &ctr->info.id21->uni_user_name);
+	user_info->full_name = unistr2_tdup(mem_ctx, 
+					    &ctr->info.id21->uni_full_name);
+
+ done:
+	/* Clean up policy handles */
+	if (got_user_pol)
+		cli_samr_close(hnd->cli, mem_ctx, &user_pol);
+
+	if (got_dom_pol)
+		cli_samr_close(hnd->cli, mem_ctx, &dom_pol);
+
+	return result;
+}                                   
+
+/* Lookup groups a user is a member of.  I wish Unix had a call like this! */
+static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
+				  TALLOC_CTX *mem_ctx,
+				  uint32 user_rid, 
+				  uint32 *num_groups, uint32 **user_gids)
+{
+	CLI_POLICY_HND *hnd;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	POLICY_HND dom_pol, user_pol;
+	uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
+	BOOL got_dom_pol = False, got_user_pol = False;
+	DOM_GID *user_groups;
+	int i;
+
+	*num_groups = 0;
+
+	/* First try cached universal groups from logon */
+	*user_gids = uni_group_cache_fetch(&domain->sid, user_rid, mem_ctx, num_groups);
+	if((*num_groups > 0) && *user_gids) {
+		return NT_STATUS_OK;
+	} else {
+	    *user_gids = NULL;
+	    *num_groups = 0;
+	}
+
+	/* Get sam handle */
+	if (!(hnd = cm_get_sam_handle(domain->name)))
+		goto done;
+
+	/* Get domain handle */
+	result = cli_samr_open_domain(hnd->cli, mem_ctx, &hnd->pol,
+					des_access, &domain->sid, &dom_pol);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	got_dom_pol = True;
+
+	/* Get user handle */
+	result = cli_samr_open_user(hnd->cli, mem_ctx, &dom_pol,
+					des_access, user_rid, &user_pol);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	got_user_pol = True;
+
+	/* Query user rids */
+	result = cli_samr_query_usergroups(hnd->cli, mem_ctx, &user_pol, 
+					   num_groups, &user_groups);
+
+	if (!NT_STATUS_IS_OK(result) || (*num_groups) == 0)
+		goto done;
+
+	(*user_gids) = talloc(mem_ctx, sizeof(uint32) * (*num_groups));
+	for (i=0;i<(*num_groups);i++) {
+		(*user_gids)[i] = user_groups[i].g_rid;
+	}
+	
+ done:
+	/* Clean up policy handles */
+	if (got_user_pol)
+		cli_samr_close(hnd->cli, mem_ctx, &user_pol);
+
+	if (got_dom_pol)
+		cli_samr_close(hnd->cli, mem_ctx, &dom_pol);
+
+	return result;
+}
+
+
+/* Lookup group membership given a rid.   */
+static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
+				TALLOC_CTX *mem_ctx,
+				uint32 group_rid, uint32 *num_names, 
+				uint32 **rid_mem, char ***names, 
+				uint32 **name_types)
+{
+        CLI_POLICY_HND *hnd;
+        NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+        uint32 i, total_names = 0;
+        POLICY_HND dom_pol, group_pol;
+        uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
+        BOOL got_dom_pol = False, got_group_pol = False;
+
+	*num_names = 0;
+
+        /* Get sam handle */
+
+        if (!(hnd = cm_get_sam_handle(domain->name)))
+                goto done;
+
+        /* Get domain handle */
+
+        result = cli_samr_open_domain(hnd->cli, mem_ctx, &hnd->pol,
+                                      des_access, &domain->sid, &dom_pol);
+
+        if (!NT_STATUS_IS_OK(result))
+                goto done;
+
+        got_dom_pol = True;
+
+        /* Get group handle */
+
+        result = cli_samr_open_group(hnd->cli, mem_ctx, &dom_pol,
+                                     des_access, group_rid, &group_pol);
+
+        if (!NT_STATUS_IS_OK(result))
+                goto done;
+
+        got_group_pol = True;
+
+        /* Step #1: Get a list of user rids that are the members of the
+           group. */
+
+        result = cli_samr_query_groupmem(hnd->cli, mem_ctx,
+                                         &group_pol, num_names, rid_mem,
+                                         name_types);
+
+        if (!NT_STATUS_IS_OK(result))
+                goto done;
+
+        /* Step #2: Convert list of rids into list of usernames.  Do this
+           in bunches of ~1000 to avoid crashing NT4.  It looks like there
+           is a buffer overflow or something like that lurking around
+           somewhere. */
+
+#define MAX_LOOKUP_RIDS 900
+
+        *names = talloc_zero(mem_ctx, *num_names * sizeof(char *));
+        *name_types = talloc_zero(mem_ctx, *num_names * sizeof(uint32));
+
+        for (i = 0; i < *num_names; i += MAX_LOOKUP_RIDS) {
+                int num_lookup_rids = MIN(*num_names - i, MAX_LOOKUP_RIDS);
+                uint32 tmp_num_names = 0;
+                char **tmp_names = NULL;
+                uint32 *tmp_types = NULL;
+
+                /* Lookup a chunk of rids */
+
+                result = cli_samr_lookup_rids(hnd->cli, mem_ctx,
+                                              &dom_pol, 1000, /* flags */
+                                              num_lookup_rids,
+                                              &(*rid_mem)[i],
+                                              &tmp_num_names,
+                                              &tmp_names, &tmp_types);
+
+                if (!NT_STATUS_IS_OK(result))
+                        goto done;
+
+                /* Copy result into array.  The talloc system will take
+                   care of freeing the temporary arrays later on. */
+
+                memcpy(&(*names)[i], tmp_names, sizeof(char *) * 
+                       tmp_num_names);
+
+                memcpy(&(*name_types)[i], tmp_types, sizeof(uint32) *
+                       tmp_num_names);
+
+                total_names += tmp_num_names;
+        }
+
+        *num_names = total_names;
+
+ done:
+        if (got_group_pol)
+                cli_samr_close(hnd->cli, mem_ctx, &group_pol);
+
+        if (got_dom_pol)
+                cli_samr_close(hnd->cli, mem_ctx, &dom_pol);
+
+        return result;
+}
+
+/* find the sequence number for a domain */
+static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
+{
+	TALLOC_CTX *mem_ctx;
+	CLI_POLICY_HND *hnd;
+	SAM_UNK_CTR ctr;
+	uint16 switch_value = 2;
+	NTSTATUS result;
+	uint32 seqnum = DOM_SEQUENCE_NONE;
+	POLICY_HND dom_pol;
+	BOOL got_dom_pol = False;
+	uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
+
+	*seq = DOM_SEQUENCE_NONE;
+
+	if (!(mem_ctx = talloc_init_named("sequence_number[rpc]")))
+		return NT_STATUS_NO_MEMORY;
+
+	/* Get sam handle */
+
+	if (!(hnd = cm_get_sam_handle(domain->name)))
+		goto done;
+
+	/* Get domain handle */
+
+	result = cli_samr_open_domain(hnd->cli, mem_ctx, &hnd->pol, 
+				      des_access, &domain->sid, &dom_pol);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	got_dom_pol = True;
+
+	/* Query domain info */
+
+	result = cli_samr_query_dom_info(hnd->cli, mem_ctx, &dom_pol,
+					 switch_value, &ctr);
+
+	if (NT_STATUS_IS_OK(result)) {
+		seqnum = ctr.info.inf2.seq_num;
+		DEBUG(10,("domain_sequence_number: for domain %s is %u\n", domain->name, (unsigned)seqnum ));
+	} else {
+		DEBUG(10,("domain_sequence_number: failed to get sequence number (%u) for domain %s\n",
+			(unsigned)seqnum, domain->name ));
+	}
+
+  done:
+
+	if (got_dom_pol)
+		cli_samr_close(hnd->cli, mem_ctx, &dom_pol);
+
+	talloc_destroy(mem_ctx);
+
+	*seq = seqnum;
+
+	return result;
+}
+
+/* get a list of trusted domains */
+static NTSTATUS trusted_domains(struct winbindd_domain *domain,
+				TALLOC_CTX *mem_ctx,
+				uint32 *num_domains,
+				char ***names,
+				DOM_SID **dom_sids)
+{
+	CLI_POLICY_HND *hnd;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	uint32 enum_ctx = 0;
+
+	*num_domains = 0;
+
+	if (!(hnd = cm_get_lsa_handle(lp_workgroup())))
+		goto done;
+
+	result = cli_lsa_enum_trust_dom(hnd->cli, mem_ctx,
+					&hnd->pol, &enum_ctx, num_domains, 
+					names, dom_sids);
+done:
+	return result;
+}
+
+/* find the domain sid for a domain */
+static NTSTATUS domain_sid(struct winbindd_domain *domain, DOM_SID *sid)
+{
+	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+	TALLOC_CTX *mem_ctx;
+	CLI_POLICY_HND *hnd;
+	fstring level5_dom;
+
+	if (!(mem_ctx = talloc_init_named("domain_sid[rpc]")))
+		return NT_STATUS_NO_MEMORY;
+
+	/* Get sam handle */
+	if (!(hnd = cm_get_lsa_handle(domain->name)))
+		goto done;
+
+	status = cli_lsa_query_info_policy(hnd->cli, mem_ctx,
+					   &hnd->pol, 0x05, level5_dom, sid);
+
+done:
+	talloc_destroy(mem_ctx);
+	return status;
+}
+
+/* the rpc backend methods are exposed via this structure */
+struct winbindd_methods msrpc_methods = {
+	False,
+	query_user_list,
+	enum_dom_groups,
+	name_to_sid,
+	sid_to_name,
+	query_user,
+	lookup_usergroups,
+	lookup_groupmem,
+	sequence_number,
+	trusted_domains,
+	domain_sid
+};
diff --git a/source3/nsswitch/winbindd_sid.c b/source3/nsswitch/winbindd_sid.c
new file mode 100644
index 0000000000..a41bf75916
--- /dev/null
+++ b/source3/nsswitch/winbindd_sid.c
@@ -0,0 +1,216 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Winbind daemon - sid related functions
+
+   Copyright (C) Tim Potter 2000
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "winbindd.h"
+#include "sids.h"
+
+/* Convert a string  */
+
+enum winbindd_result winbindd_lookupsid(struct winbindd_cli_state *state)
+{
+	extern DOM_SID global_sid_Builtin;
+	enum SID_NAME_USE type;
+	DOM_SID sid, tmp_sid;
+	uint32 rid;
+	fstring name;
+	fstring dom_name;
+
+	DEBUG(3, ("[%5d]: lookupsid %s\n", state->pid, 
+		  state->request.data.sid));
+
+	/* Lookup sid from PDC using lsa_lookup_sids() */
+
+	if (!string_to_sid(&sid, state->request.data.sid)) {
+		DEBUG(5, ("%s not a SID\n", state->request.data.sid));
+		return WINBINDD_ERROR;
+	}
+
+	/* Don't look up BUILTIN sids */
+
+	sid_copy(&tmp_sid, &sid);
+	sid_split_rid(&tmp_sid, &rid);
+
+	if (sid_equal(&tmp_sid, &global_sid_Builtin)) {
+		return WINBINDD_ERROR;
+	}
+
+	/* Lookup the sid */
+
+	if (!winbindd_lookup_name_by_sid(&sid, dom_name, name, &type)) {
+		return WINBINDD_ERROR;
+	}
+
+	fstrcpy(state->response.data.name.dom_name, dom_name);
+	fstrcpy(state->response.data.name.name, name);
+
+	state->response.data.name.type = type;
+
+	return WINBINDD_OK;
+}
+
+/* Convert a sid to a string */
+
+enum winbindd_result winbindd_lookupname(struct winbindd_cli_state *state)
+{
+	enum SID_NAME_USE type;
+	fstring sid_str;
+	char *name_domain, *name_user;
+	DOM_SID sid;
+	struct winbindd_domain *domain;
+
+	DEBUG(3, ("[%5d]: lookupname %s%s%s\n", state->pid,
+		  state->request.data.name.dom_name, 
+		  lp_winbind_separator(),
+		  state->request.data.name.name));
+
+	name_domain = state->request.data.name.dom_name;
+	name_user = state->request.data.name.name;
+
+	if ((domain = find_domain_from_name(name_domain)) == NULL) {
+		DEBUG(0, ("could not find domain entry for domain %s\n", 
+			  name_domain));
+		return WINBINDD_ERROR;
+	}
+
+	/* Lookup name from PDC using lsa_lookup_names() */
+	if (!winbindd_lookup_sid_by_name(domain, name_user, &sid, &type)) {
+		return WINBINDD_ERROR;
+	}
+
+	sid_to_string(sid_str, &sid);
+	fstrcpy(state->response.data.sid.sid, sid_str);
+	state->response.data.sid.type = type;
+
+	return WINBINDD_OK;
+}
+
+/* Convert a sid to a uid.  We assume we only have one rid attached to the
+   sid. */
+
+enum winbindd_result winbindd_sid_to_uid(struct winbindd_cli_state *state)
+{
+	DOM_SID sid;
+
+	DEBUG(3, ("[%5d]: sid to uid %s\n", state->pid,
+		  state->request.data.sid));
+
+	/* Split sid into domain sid and user rid */
+	if (!string_to_sid(&sid, state->request.data.sid)) {
+		DEBUG(1, ("Could not get convert sid %s from string\n",
+			  state->request.data.sid));
+		return WINBINDD_ERROR;
+	}
+
+	/* Find uid for this sid and return it */
+	if (!winbindd_idmap_get_uid_from_sid(&sid, &state->response.data.uid)) {
+		DEBUG(1, ("Could not get uid for sid %s\n",
+			  state->request.data.sid));
+		return WINBINDD_ERROR;
+	}
+
+	return WINBINDD_OK;
+}
+
+/* Convert a sid to a gid.  We assume we only have one rid attached to the
+   sid.*/
+
+enum winbindd_result winbindd_sid_to_gid(struct winbindd_cli_state *state)
+{
+	DOM_SID sid;
+
+	DEBUG(3, ("[%5d]: sid to gid %s\n", state->pid, 
+		  state->request.data.sid));
+
+	if (!string_to_sid(&sid, state->request.data.sid)) {
+		DEBUG(1, ("Could not cvt string to sid %s\n",
+			  state->request.data.sid));
+		return WINBINDD_ERROR;
+	}
+
+	/* Find gid for this sid and return it */
+	if (!winbindd_idmap_get_gid_from_sid(&sid, &state->response.data.gid)) {
+		DEBUG(1, ("Could not get gid for sid %s\n",
+			  state->request.data.sid));
+		return WINBINDD_ERROR;
+	}
+
+	return WINBINDD_OK;
+}
+
+/* Convert a uid to a sid */
+
+enum winbindd_result winbindd_uid_to_sid(struct winbindd_cli_state *state)
+{
+	DOM_SID sid;
+
+	/* Bug out if the uid isn't in the winbind range */
+
+	if ((state->request.data.uid < server_state.uid_low ) ||
+	    (state->request.data.uid > server_state.uid_high)) {
+		return WINBINDD_ERROR;
+	}
+
+	DEBUG(3, ("[%5d]: uid to sid %d\n", state->pid, 
+		  state->request.data.uid));
+
+	/* Lookup rid for this uid */
+	if (!winbindd_idmap_get_sid_from_uid(state->request.data.uid, &sid)) {
+		DEBUG(1, ("Could not convert uid %d to rid\n",
+			  state->request.data.uid));
+		return WINBINDD_ERROR;
+	}
+
+	sid_to_string(state->response.data.sid.sid, &sid);
+	state->response.data.sid.type = SID_NAME_USER;
+
+	return WINBINDD_OK;
+}
+
+/* Convert a gid to a sid */
+
+enum winbindd_result winbindd_gid_to_sid(struct winbindd_cli_state *state)
+{
+	DOM_SID sid;
+
+	/* Bug out if the gid isn't in the winbind range */
+
+	if ((state->request.data.gid < server_state.gid_low) ||
+	    (state->request.data.gid > server_state.gid_high)) {
+		return WINBINDD_ERROR;
+	}
+
+	DEBUG(3, ("[%5d]: gid to sid %d\n", state->pid,
+		  state->request.data.gid));
+
+	/* Lookup sid for this uid */
+	if (!winbindd_idmap_get_sid_from_gid(state->request.data.gid, &sid)) {
+		DEBUG(1, ("Could not convert gid %d to sid\n",
+			  state->request.data.gid));
+		return WINBINDD_ERROR;
+	}
+
+	/* Construct sid and return it */
+	sid_to_string(state->response.data.sid.sid, &sid);
+	state->response.data.sid.type = SID_NAME_DOM_GRP;
+
+	return WINBINDD_OK;
+}
diff --git a/source3/nsswitch/winbindd_user.c b/source3/nsswitch/winbindd_user.c
new file mode 100644
index 0000000000..d89717ad47
--- /dev/null
+++ b/source3/nsswitch/winbindd_user.c
@@ -0,0 +1,615 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Winbind daemon - user related functions
+
+   Copyright (C) Tim Potter 2000
+   Copyright (C) Jeremy Allison 2001.
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "winbindd.h"
+
+/* Fill a pwent structure with information we have obtained */
+
+static BOOL winbindd_fill_pwent(char *dom_name, char *user_name, 
+				uint32 user_rid, uint32 group_rid, 
+				char *full_name, struct winbindd_pw *pw)
+{
+	extern userdom_struct current_user_info;
+	fstring output_username;
+	pstring homedir;
+	
+	if (!pw || !dom_name || !user_name)
+		return False;
+	
+	/* Resolve the uid number */
+	
+	if (!winbindd_idmap_get_uid_from_rid(dom_name, user_rid, 
+					     &pw->pw_uid)) {
+		DEBUG(1, ("error getting user id for rid %d\n", user_rid));
+		return False;
+	}
+	
+	/* Resolve the gid number */   
+	
+	if (!winbindd_idmap_get_gid_from_rid(dom_name, group_rid, 
+					     &pw->pw_gid)) {
+		DEBUG(1, ("error getting group id for rid %d\n", group_rid));
+		return False;
+	}
+
+	/* Username */
+
+	fill_domain_username(output_username, dom_name, user_name); 
+
+	safe_strcpy(pw->pw_name, output_username, sizeof(pw->pw_name) - 1);
+	
+	/* Full name (gecos) */
+	
+	safe_strcpy(pw->pw_gecos, full_name, sizeof(pw->pw_gecos) - 1);
+
+	/* Home directory and shell - use template config parameters.  The
+	   defaults are /tmp for the home directory and /bin/false for
+	   shell. */
+	
+	/* The substitution of %U and %D in the 'template homedir' is done
+	   by lp_string() calling standard_sub_basic(). */
+
+	fstrcpy(current_user_info.smb_name, user_name);
+	fstrcpy(current_user_info.domain, dom_name);
+
+	pstrcpy(homedir, lp_template_homedir());
+	
+	safe_strcpy(pw->pw_dir, homedir, sizeof(pw->pw_dir) - 1);
+	
+	safe_strcpy(pw->pw_shell, lp_template_shell(), 
+		    sizeof(pw->pw_shell) - 1);
+	
+	/* Password - set to "x" as we can't generate anything useful here.
+	   Authentication can be done using the pam_winbind module. */
+
+	safe_strcpy(pw->pw_passwd, "x", sizeof(pw->pw_passwd) - 1);
+	
+	return True;
+}
+
+/* Return a password structure from a username.  */
+
+enum winbindd_result winbindd_getpwnam(struct winbindd_cli_state *state) 
+{
+	uint32 user_rid;
+	WINBIND_USERINFO user_info;
+	DOM_SID user_sid;
+	NTSTATUS status;
+	fstring name_domain, name_user;
+	enum SID_NAME_USE name_type;
+	struct winbindd_domain *domain;
+	TALLOC_CTX *mem_ctx;
+	
+	DEBUG(3, ("[%5d]: getpwnam %s\n", state->pid,
+		  state->request.data.username));
+	
+	/* Parse domain and username */
+
+	if (!parse_domain_user(state->request.data.username, name_domain, 
+			       name_user))
+		return WINBINDD_ERROR;
+	
+	if ((domain = find_domain_from_name(name_domain)) == NULL) {
+		DEBUG(5, ("no such domain: %s\n", name_domain));
+		return WINBINDD_ERROR;
+	}
+	
+	/* Get rid and name type from name */
+
+	if (!winbindd_lookup_sid_by_name(domain, name_user, &user_sid, &name_type)) {
+		DEBUG(1, ("user '%s' does not exist\n", name_user));
+		return WINBINDD_ERROR;
+	}
+
+	if (name_type != SID_NAME_USER) {
+		DEBUG(1, ("name '%s' is not a user name: %d\n", name_user, 
+			  name_type));
+		return WINBINDD_ERROR;
+	}
+	
+	/* Get some user info.  Split the user rid from the sid obtained
+	   from the winbind_lookup_by_name() call and use it in a
+	   winbind_lookup_userinfo() */
+    
+	if (!(mem_ctx = talloc_init_named("winbindd_getpwnam([%s]\\[%s])", 
+					  name_domain, name_user))) {
+		DEBUG(1, ("out of memory\n"));
+		return WINBINDD_ERROR;
+	}
+
+	sid_split_rid(&user_sid, &user_rid);
+
+	status = domain->methods->query_user(domain, mem_ctx, user_rid, 
+					     &user_info);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(1, ("error getting user info for user '[%s]\\[%s]'\n", 
+			  name_domain, name_user));
+		talloc_destroy(mem_ctx);
+		return WINBINDD_ERROR;
+	}
+    
+	/* Now take all this information and fill in a passwd structure */	
+	if (!winbindd_fill_pwent(name_domain, name_user, 
+				 user_rid, user_info.group_rid, 
+				 user_info.full_name,
+				 &state->response.data.pw)) {
+		talloc_destroy(mem_ctx);
+		return WINBINDD_ERROR;
+	}
+
+	talloc_destroy(mem_ctx);
+	
+	return WINBINDD_OK;
+}       
+
+/* Return a password structure given a uid number */
+
+enum winbindd_result winbindd_getpwuid(struct winbindd_cli_state *state)
+{
+	DOM_SID user_sid;
+	struct winbindd_domain *domain;
+	uint32 user_rid;
+	fstring dom_name;
+	fstring user_name;
+	enum SID_NAME_USE name_type;
+	WINBIND_USERINFO user_info;
+	gid_t gid;
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS status;
+	
+	/* Bug out if the uid isn't in the winbind range */
+
+	if ((state->request.data.uid < server_state.uid_low ) ||
+	    (state->request.data.uid > server_state.uid_high))
+		return WINBINDD_ERROR;
+
+	DEBUG(3, ("[%5d]: getpwuid %d\n", state->pid, 
+		  state->request.data.uid));
+	
+	/* Get rid from uid */
+
+	if (!winbindd_idmap_get_rid_from_uid(state->request.data.uid, 
+					     &user_rid, &domain)) {
+		DEBUG(1, ("could not convert uid %d to rid\n", 
+			  state->request.data.uid));
+		return WINBINDD_ERROR;
+	}
+	
+	/* Get name and name type from rid */
+
+	sid_copy(&user_sid, &domain->sid);
+	sid_append_rid(&user_sid, user_rid);
+	
+	if (!winbindd_lookup_name_by_sid(&user_sid, dom_name, user_name, &name_type)) {
+		fstring temp;
+		
+		sid_to_string(temp, &user_sid);
+		DEBUG(1, ("could not lookup sid %s\n", temp));
+		return WINBINDD_ERROR;
+	}
+	
+	/* Get some user info */
+	
+	if (!(mem_ctx = talloc_init_named("winbind_getpwuid(%d)",
+					  state->request.data.uid))) {
+
+		DEBUG(1, ("out of memory\n"));
+		return WINBINDD_ERROR;
+	}
+
+	status = domain->methods->query_user(domain, mem_ctx, user_rid, 
+					     &user_info);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(1, ("error getting user info for user '%s'\n", 
+			  user_name));
+		talloc_destroy(mem_ctx);
+		return WINBINDD_ERROR;
+	}
+	
+	/* Resolve gid number */
+
+	if (!winbindd_idmap_get_gid_from_rid(domain->name, user_info.group_rid, &gid)) {
+		DEBUG(1, ("error getting group id for user %s\n", user_name));
+		talloc_destroy(mem_ctx);
+		return WINBINDD_ERROR;
+	}
+
+	/* Fill in password structure */
+
+	if (!winbindd_fill_pwent(domain->name, user_name, user_rid, user_info.group_rid,
+				 user_info.full_name, &state->response.data.pw)) {
+		talloc_destroy(mem_ctx);
+		return WINBINDD_ERROR;
+	}
+	
+	talloc_destroy(mem_ctx);
+
+	return WINBINDD_OK;
+}
+
+/*
+ * set/get/endpwent functions
+ */
+
+/* Rewind file pointer for ntdom passwd database */
+
+enum winbindd_result winbindd_setpwent(struct winbindd_cli_state *state)
+{
+	struct winbindd_domain *domain;
+        
+	DEBUG(3, ("[%5d]: setpwent\n", state->pid));
+        
+	/* Check user has enabled this */
+        
+	if (!lp_winbind_enum_users())
+		return WINBINDD_ERROR;
+
+	/* Free old static data if it exists */
+        
+	if (state->getpwent_state != NULL) {
+		free_getent_state(state->getpwent_state);
+		state->getpwent_state = NULL;
+	}
+        
+	/* Create sam pipes for each domain we know about */
+        
+	for(domain = domain_list(); domain != NULL; domain = domain->next) {
+		struct getent_state *domain_state;
+                
+		/*
+		 * Skip domains other than WINBINDD_DOMAIN environment
+		 * variable.
+		 */
+                
+		if ((strcmp(state->request.domain, "") != 0) &&
+				!check_domain_env(state->request.domain, 
+						  domain->name))
+			continue;
+
+		/* Create a state record for this domain */
+                
+		if ((domain_state = (struct getent_state *)
+		     malloc(sizeof(struct getent_state))) == NULL)
+			return WINBINDD_ERROR;
+                
+		ZERO_STRUCTP(domain_state);
+
+		fstrcpy(domain_state->domain_name, domain->name);
+
+		/* Add to list of open domains */
+                
+		DLIST_ADD(state->getpwent_state, domain_state);
+	}
+        
+	return WINBINDD_OK;
+}
+
+/* Close file pointer to ntdom passwd database */
+
+enum winbindd_result winbindd_endpwent(struct winbindd_cli_state *state)
+{
+	DEBUG(3, ("[%5d]: endpwent\n", state->pid));
+
+	free_getent_state(state->getpwent_state);    
+	state->getpwent_state = NULL;
+        
+	return WINBINDD_OK;
+}
+
+/* Get partial list of domain users for a domain.  We fill in the sam_entries,
+   and num_sam_entries fields with domain user information.  The dispinfo_ndx
+   field is incremented to the index of the next user to fetch.  Return True if
+   some users were returned, False otherwise. */
+
+#define MAX_FETCH_SAM_ENTRIES 100
+
+static BOOL get_sam_user_entries(struct getent_state *ent)
+{
+	NTSTATUS status;
+	uint32 num_entries;
+	WINBIND_USERINFO *info;
+	struct getpwent_user *name_list = NULL;
+	BOOL result = False;
+	TALLOC_CTX *mem_ctx;
+	struct winbindd_domain *domain;
+	struct winbindd_methods *methods;
+	int i;
+
+	if (ent->num_sam_entries)
+		return False;
+
+	if (!(mem_ctx = talloc_init_named("get_sam_user_entries(%s)",
+					  ent->domain_name)))
+		return False;
+
+	if (!(domain = find_domain_from_name(ent->domain_name))) {
+		DEBUG(3, ("no such domain %s in get_sam_user_entries\n",
+			  ent->domain_name));
+		return False;
+	}
+
+	methods = domain->methods;
+
+	/* Free any existing user info */
+
+	SAFE_FREE(ent->sam_entries);
+	ent->num_sam_entries = 0;
+	
+	/* Call query_user_list to get a list of usernames and user rids */
+
+	num_entries = 0;
+
+	status = methods->query_user_list(domain, mem_ctx, &num_entries, 
+					  &info);
+		
+	if (num_entries) {
+		struct getpwent_user *tnl;
+		
+		tnl = (struct getpwent_user *)Realloc(name_list, 
+						      sizeof(struct getpwent_user) *
+						      (ent->num_sam_entries + 
+						       num_entries));
+		
+		if (!tnl) {
+			DEBUG(0,("get_sam_user_entries realloc failed.\n"));
+			SAFE_FREE(name_list);
+			goto done;
+		} else
+			name_list = tnl;
+	}
+
+	for (i = 0; i < num_entries; i++) {
+		/* Store account name and gecos */
+		if (!info[i].acct_name) {
+			fstrcpy(name_list[ent->num_sam_entries + i].name, "");
+		} else {
+			fstrcpy(name_list[ent->num_sam_entries + i].name, 
+				info[i].acct_name); 
+		}
+		if (!info[i].full_name) {
+			fstrcpy(name_list[ent->num_sam_entries + i].gecos, "");
+		} else {
+			fstrcpy(name_list[ent->num_sam_entries + i].gecos, 
+				info[i].full_name); 
+		}
+		
+		/* User and group ids */
+		name_list[ent->num_sam_entries+i].user_rid = info[i].user_rid;
+		name_list[ent->num_sam_entries+i].group_rid = info[i].group_rid;
+	}
+		
+	ent->num_sam_entries += num_entries;
+	
+	/* Fill in remaining fields */
+	
+	ent->sam_entries = name_list;
+	ent->sam_entry_index = 0;
+	result = ent->num_sam_entries > 0;
+
+ done:
+
+	talloc_destroy(mem_ctx);
+
+	return result;
+}
+
+/* Fetch next passwd entry from ntdom database */
+
+#define MAX_GETPWENT_USERS 500
+
+enum winbindd_result winbindd_getpwent(struct winbindd_cli_state *state)
+{
+	struct getent_state *ent;
+	struct winbindd_pw *user_list;
+	int num_users, user_list_ndx = 0, i;
+
+	DEBUG(3, ("[%5d]: getpwent\n", state->pid));
+
+	/* Check user has enabled this */
+
+	if (!lp_winbind_enum_users())
+		return WINBINDD_ERROR;
+
+	/* Allocate space for returning a chunk of users */
+
+	num_users = MIN(MAX_GETPWENT_USERS, state->request.data.num_entries);
+	
+	if ((state->response.extra_data = 
+	     malloc(num_users * sizeof(struct winbindd_pw))) == NULL)
+		return WINBINDD_ERROR;
+
+	memset(state->response.extra_data, 0, num_users * 
+	       sizeof(struct winbindd_pw));
+
+	user_list = (struct winbindd_pw *)state->response.extra_data;
+	
+	if (!(ent = state->getpwent_state))
+		return WINBINDD_ERROR;
+
+	/* Start sending back users */
+
+	for (i = 0; i < num_users; i++) {
+		struct getpwent_user *name_list = NULL;
+		fstring domain_user_name;
+		uint32 result;
+
+		/* Do we need to fetch another chunk of users? */
+
+		if (ent->num_sam_entries == ent->sam_entry_index) {
+
+			while(ent && !get_sam_user_entries(ent)) {
+				struct getent_state *next_ent;
+
+				/* Free state information for this domain */
+
+				SAFE_FREE(ent->sam_entries);
+
+				next_ent = ent->next;
+				DLIST_REMOVE(state->getpwent_state, ent);
+
+				SAFE_FREE(ent);
+				ent = next_ent;
+			}
+ 
+			/* No more domains */
+
+			if (!ent) 
+				break;
+		}
+
+		name_list = ent->sam_entries;
+
+		/* Skip machine accounts */
+
+		if (name_list[ent->sam_entry_index].
+		    name[strlen(name_list[ent->sam_entry_index].name) - 1] 
+		    == '$') {
+			ent->sam_entry_index++;
+			continue;
+		}
+
+		/* Lookup user info */
+		
+		result = winbindd_fill_pwent(
+			ent->domain_name, 
+			name_list[ent->sam_entry_index].name,
+			name_list[ent->sam_entry_index].user_rid,
+			name_list[ent->sam_entry_index].group_rid,
+			name_list[ent->sam_entry_index].gecos,
+			&user_list[user_list_ndx]);
+		
+		ent->sam_entry_index++;
+		
+		/* Add user to return list */
+		
+		if (result) {
+				
+			user_list_ndx++;
+			state->response.data.num_entries++;
+			state->response.length += 
+				sizeof(struct winbindd_pw);
+
+		} else
+			DEBUG(1, ("could not lookup domain user %s\n",
+				  domain_user_name));
+	}
+
+	/* Out of domains */
+
+	return (user_list_ndx > 0) ? WINBINDD_OK : WINBINDD_ERROR;
+}
+
+/* List domain users without mapping to unix ids */
+
+enum winbindd_result winbindd_list_users(struct winbindd_cli_state *state)
+{
+	struct winbindd_domain *domain;
+	WINBIND_USERINFO *info;
+	uint32 num_entries = 0, total_entries = 0;
+	char *ted, *extra_data = NULL;
+	int extra_data_len = 0;
+	TALLOC_CTX *mem_ctx;
+	enum winbindd_result rv = WINBINDD_ERROR;
+
+	DEBUG(3, ("[%5d]: list users\n", state->pid));
+
+	if (!(mem_ctx = talloc_init_named("winbindd_list_users")))
+		return WINBINDD_ERROR;
+
+	/* Enumerate over trusted domains */
+
+	for (domain = domain_list(); domain; domain = domain->next) {
+		NTSTATUS status;
+		struct winbindd_methods *methods;
+		int i;
+
+		/* Skip domains other than WINBINDD_DOMAIN environment
+		   variable */ 
+
+		if ((strcmp(state->request.domain, "") != 0) &&
+		    !check_domain_env(state->request.domain, domain->name))
+			continue;
+
+		methods = domain->methods;
+
+		/* Query display info */
+		status = methods->query_user_list(domain, mem_ctx, 
+						  &num_entries, &info);
+
+		if (num_entries == 0)
+			continue;
+
+		/* Allocate some memory for extra data */
+		total_entries += num_entries;
+			
+		ted = Realloc(extra_data, sizeof(fstring) * total_entries);
+			
+		if (!ted) {
+			DEBUG(0,("failed to enlarge buffer!\n"));
+			SAFE_FREE(extra_data);
+			goto done;
+		} else 
+			extra_data = ted;
+			
+		/* Pack user list into extra data fields */
+			
+		for (i = 0; i < num_entries; i++) {
+			fstring acct_name, name;
+			
+			if (!info[i].acct_name) {
+				fstrcpy(acct_name, "");
+			} else {
+				fstrcpy(acct_name, info[i].acct_name);
+			}
+			
+			fill_domain_username(name, domain->name, acct_name);
+			
+				/* Append to extra data */
+			memcpy(&extra_data[extra_data_len], name, 
+			       strlen(name));
+			extra_data_len += strlen(name);
+			extra_data[extra_data_len++] = ',';
+		}   
+        }
+
+	/* Assign extra_data fields in response structure */
+
+	if (extra_data) {
+		extra_data[extra_data_len - 1] = '\0';
+		state->response.extra_data = extra_data;
+		state->response.length += extra_data_len;
+	}
+
+	/* No domains responded but that's still OK so don't return an
+	   error. */
+
+	rv = WINBINDD_OK;
+
+ done:
+
+	talloc_destroy(mem_ctx);
+
+	return rv;
+}
diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c
new file mode 100644
index 0000000000..06804b3b43
--- /dev/null
+++ b/source3/nsswitch/winbindd_util.c
@@ -0,0 +1,393 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Winbind daemon for ntdom nss module
+
+   Copyright (C) Tim Potter 2000-2001
+   Copyright (C) 2001 by Martin Pool <mbp@samba.org>
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "winbindd.h"
+#include "sids.h"
+
+/**
+ * @file winbindd_util.c
+ *
+ * Winbind daemon for NT domain authentication nss module.
+ **/
+
+
+/**
+ * Used to clobber name fields that have an undefined value.
+ *
+ * Correct code should never look at a field that has this value.
+ **/
+
+static const fstring name_deadbeef = "<deadbeef>";
+
+/* The list of trusted domains.  Note that the list can be deleted and
+   recreated using the init_domain_list() function so pointers to
+   individual winbindd_domain structures cannot be made.  Keep a copy of
+   the domain name instead. */
+
+static struct winbindd_domain *_domain_list;
+
+struct winbindd_domain *domain_list(void)
+{
+	/* Initialise list */
+
+	if (!_domain_list)
+		init_domain_list();
+
+	return _domain_list;
+}
+
+/* Free all entries in the trusted domain list */
+
+void free_domain_list(void)
+{
+	struct winbindd_domain *domain = _domain_list;
+
+	while(domain) {
+		struct winbindd_domain *next = domain->next;
+		
+		DLIST_REMOVE(_domain_list, domain);
+		SAFE_FREE(domain);
+		domain = next;
+	}
+}
+
+/* Add a trusted domain to our list of domains */
+
+static struct winbindd_domain *add_trusted_domain(char *domain_name,
+						  struct winbindd_methods *methods)
+{
+	struct winbindd_domain *domain;
+        
+	/* We can't call domain_list() as this function is called from
+	   init_domain_list() and we'll get stuck in a loop. */
+
+	for (domain = _domain_list; domain; domain = domain->next) {
+		if (strcmp(domain_name, domain->name) == 0) {
+			DEBUG(3, ("domain %s already in domain list\n", 
+				  domain_name));
+			return domain;
+		}
+	}
+        
+	/* Create new domain entry */
+
+	if ((domain = (struct winbindd_domain *)
+	     malloc(sizeof(*domain))) == NULL)
+		return NULL;
+
+	/* Fill in fields */
+        
+	ZERO_STRUCTP(domain);
+
+	fstrcpy(domain->name, domain_name);
+        domain->methods = methods;
+	domain->sequence_number = DOM_SEQUENCE_NONE;
+	domain->last_seq_check = 0;
+
+	/* Link to domain list */
+        
+	DLIST_ADD(_domain_list, domain);
+        
+	return domain;
+}
+
+/* Look up global info for the winbind daemon */
+
+BOOL init_domain_list(void)
+{
+	NTSTATUS result;
+	TALLOC_CTX *mem_ctx;
+	extern struct winbindd_methods cache_methods;
+	struct winbindd_domain *domain;
+	DOM_SID *dom_sids;
+	char **names;
+	int num_domains = 0;
+
+	if (!(mem_ctx = talloc_init_named("init_domain_list")))
+		return False;
+
+	/* Free existing list */
+
+	free_domain_list();
+
+	/* Add ourselves as the first entry */
+
+	domain = add_trusted_domain(lp_workgroup(), &cache_methods);
+
+	/* Now we *must* get the domain sid for our primary domain. Go into
+	   a holding pattern until that is available */
+
+	result = cache_methods.domain_sid(domain, &domain->sid);
+	while (!NT_STATUS_IS_OK(result)) {
+		sleep(10);
+		DEBUG(1,("Retrying startup domain sid fetch for %s\n",
+			 domain->name));
+		result = cache_methods.domain_sid(domain, &domain->sid);
+	}
+       
+	DEBUG(1,("Added domain %s (%s)\n", 
+		 domain->name, 
+		 sid_string_static(&domain->sid)));
+
+	DEBUG(1, ("getting trusted domain list\n"));
+
+	result = cache_methods.trusted_domains(domain, mem_ctx, &num_domains,
+					       &names, &dom_sids);
+
+	/* Add each domain to the trusted domain list */
+	if (NT_STATUS_IS_OK(result)) {
+		int i;
+		for(i = 0; i < num_domains; i++) {
+			domain = add_trusted_domain(names[i], &cache_methods);
+			if (!domain) continue;
+			sid_copy(&domain->sid, &dom_sids[i]);
+			DEBUG(1,("Added domain %s (%s)\n", 
+				 domain->name, 
+				 sid_string_static(&domain->sid)));
+
+			/* this primes the connection */
+			cache_methods.domain_sid(domain, &domain->sid);
+		}
+	}
+
+	talloc_destroy(mem_ctx);
+	return True;
+}
+
+/* Given a domain name, return the struct winbindd domain info for it 
+   if it is actually working. */
+
+struct winbindd_domain *find_domain_from_name(const char *domain_name)
+{
+	struct winbindd_domain *domain;
+
+	/* Search through list */
+
+	for (domain = domain_list(); domain != NULL; domain = domain->next) {
+		if (strequal(domain_name, domain->name) ||
+		    strequal(domain_name, domain->full_name))
+			return domain;
+	}
+
+	/* Not found */
+
+	return NULL;
+}
+
+/* Given a domain sid, return the struct winbindd domain info for it */
+
+struct winbindd_domain *find_domain_from_sid(DOM_SID *sid)
+{
+	struct winbindd_domain *domain;
+
+	/* Search through list */
+
+	for (domain = domain_list(); domain != NULL; domain = domain->next) {
+		if (sid_compare_domain(sid, &domain->sid) == 0)
+			return domain;
+	}
+
+	/* Not found */
+
+	return NULL;
+}
+
+/* Lookup a sid in a domain from a name */
+
+BOOL winbindd_lookup_sid_by_name(struct winbindd_domain *domain, 
+				 const char *name, DOM_SID *sid, 
+				 enum SID_NAME_USE *type)
+{
+	NTSTATUS result;
+        
+	/* Don't bother with machine accounts */
+        
+	if (name[strlen(name) - 1] == '$')
+		return False;
+
+	/* Lookup name */
+	result = domain->methods->name_to_sid(domain, name, sid, type);
+        
+	/* Return rid and type if lookup successful */
+	if (!NT_STATUS_IS_OK(result)) {
+		*type = SID_NAME_UNKNOWN;
+	}
+
+	return NT_STATUS_IS_OK(result);
+}
+
+/**
+ * @brief Lookup a name in a domain from a sid.
+ *
+ * @param sid Security ID you want to look up.
+ *
+ * @param name On success, set to the name corresponding to @p sid.
+ * 
+ * @param dom_name On success, set to the 'domain name' corresponding to @p sid.
+ * 
+ * @param type On success, contains the type of name: alias, group or
+ * user.
+ *
+ * @retval True if the name exists, in which case @p name and @p type
+ * are set, otherwise False.
+ **/
+BOOL winbindd_lookup_name_by_sid(DOM_SID *sid,
+				 fstring dom_name,
+				 fstring name,
+				 enum SID_NAME_USE *type)
+{
+	char *names;
+	NTSTATUS result;
+	TALLOC_CTX *mem_ctx;
+	BOOL rv = False;
+	struct winbindd_domain *domain;
+
+	domain = find_domain_from_sid(sid);
+
+	if (!domain) {
+		DEBUG(1,("Can't find domain from sid\n"));
+		return False;
+	}
+
+	/* Lookup name */
+
+	if (!(mem_ctx = talloc_init_named("winbindd_lookup_name_by_sid")))
+		return False;
+        
+	result = domain->methods->sid_to_name(domain, mem_ctx, sid, &names, type);
+
+	/* Return name and type if successful */
+        
+	if ((rv = NT_STATUS_IS_OK(result))) {
+		fstrcpy(dom_name, domain->name);
+		fstrcpy(name, names);
+	} else {
+		*type = SID_NAME_UNKNOWN;
+		fstrcpy(name, name_deadbeef);
+	}
+        
+	talloc_destroy(mem_ctx);
+
+	return rv;
+}
+
+
+/* Free state information held for {set,get,end}{pw,gr}ent() functions */
+
+void free_getent_state(struct getent_state *state)
+{
+	struct getent_state *temp;
+
+	/* Iterate over state list */
+
+	temp = state;
+
+	while(temp != NULL) {
+		struct getent_state *next;
+
+		/* Free sam entries then list entry */
+
+		SAFE_FREE(state->sam_entries);
+		DLIST_REMOVE(state, state);
+		next = temp->next;
+
+		SAFE_FREE(temp);
+		temp = next;
+	}
+}
+
+/* Initialise trusted domain info */
+
+BOOL winbindd_param_init(void)
+{
+	/* Parse winbind uid and winbind_gid parameters */
+
+	if (!lp_winbind_uid(&server_state.uid_low, &server_state.uid_high)) {
+		DEBUG(0, ("winbind uid range missing or invalid\n"));
+		return False;
+	}
+	
+	if (!lp_winbind_gid(&server_state.gid_low, &server_state.gid_high)) {
+		DEBUG(0, ("winbind gid range missing or invalid\n"));
+		return False;
+	}
+	
+	return True;
+}
+
+/* Check if a domain is present in a comma-separated list of domains */
+
+BOOL check_domain_env(char *domain_env, char *domain)
+{
+	fstring name;
+	char *tmp = domain_env;
+
+	while(next_token(&tmp, name, ",", sizeof(fstring))) {
+		if (strequal(name, domain))
+			return True;
+	}
+
+	return False;
+}
+
+/* Parse a string of the form DOMAIN/user into a domain and a user */
+extern fstring global_myworkgroup;
+
+BOOL parse_domain_user(const char *domuser, fstring domain, fstring user)
+{
+	char *p = strchr(domuser,*lp_winbind_separator());
+
+	if (!(p || lp_winbind_use_default_domain()))
+		return False;
+	
+	if(!p && lp_winbind_use_default_domain()) {
+		fstrcpy(user, domuser);
+		fstrcpy(domain, global_myworkgroup);
+	} else {
+		fstrcpy(user, p+1);
+		fstrcpy(domain, domuser);
+		domain[PTR_DIFF(p, domuser)] = 0;
+	}
+	strupper(domain);
+	return True;
+}
+
+/*
+    Fill DOMAIN\\USERNAME entry accounting 'winbind use default domain' and
+    'winbind separator' options.
+    This means:
+	- omit DOMAIN when 'winbind use default domain = true' and DOMAIN is
+	global_myworkgroup
+	 
+*/
+void fill_domain_username(fstring name, const char *domain, const char *user)
+{
+	if(lp_winbind_use_default_domain() &&
+	    !strcmp(global_myworkgroup, domain)) {
+		strlcpy(name, user, sizeof(fstring));
+	} else {
+		slprintf(name, sizeof(fstring) - 1, "%s%s%s",
+			 domain, lp_winbind_separator(),
+			 user);
+	}
+}
diff --git a/source3/nsswitch/winbindd_wins.c b/source3/nsswitch/winbindd_wins.c
new file mode 100644
index 0000000000..af624170eb
--- /dev/null
+++ b/source3/nsswitch/winbindd_wins.c
@@ -0,0 +1,210 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Winbind daemon - WINS related functions
+
+   Copyright (C) Andrew Tridgell 1999
+   Copyright (C) Herb Lewis 2002
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "winbindd.h"
+
+/* Use our own create socket code so we don't recurse.... */
+
+static int wins_lookup_open_socket_in(void)
+{
+	struct sockaddr_in sock;
+	int val=1;
+	int res;
+
+	memset((char *)&sock,'\0',sizeof(sock));
+
+#ifdef HAVE_SOCK_SIN_LEN
+	sock.sin_len = sizeof(sock);
+#endif
+	sock.sin_port = 0;
+	sock.sin_family = AF_INET;
+	sock.sin_addr.s_addr = interpret_addr("0.0.0.0");
+	res = socket(AF_INET, SOCK_DGRAM, 0);
+	if (res == -1)
+		return -1;
+
+	setsockopt(res,SOL_SOCKET,SO_REUSEADDR,(char *)&val,sizeof(val));
+#ifdef SO_REUSEPORT
+	setsockopt(res,SOL_SOCKET,SO_REUSEPORT,(char *)&val,sizeof(val));
+#endif /* SO_REUSEPORT */
+
+	/* now we've got a socket - we need to bind it */
+
+	if (bind(res, (struct sockaddr * ) &sock,sizeof(sock)) < 0) {
+		close(res);
+		return(-1);
+	}
+
+	set_socket_options(res,"SO_BROADCAST");
+
+	return res;
+}
+
+
+static struct node_status *lookup_byaddr_backend(char *addr, int *count)
+{
+	int fd;
+	struct in_addr  ip;
+	struct nmb_name nname;
+	struct node_status *status;
+
+	fd = wins_lookup_open_socket_in();
+	if (fd == -1)
+		return NULL;
+
+	make_nmb_name(&nname, "*", 0);
+	ip = *interpret_addr2(addr);
+	status = node_status_query(fd,&nname,ip, count);
+
+	close(fd);
+	return status;
+}
+
+static struct in_addr *lookup_byname_backend(const char *name, int *count)
+{
+	int fd;
+	struct in_addr *ret = NULL;
+	struct in_addr  p;
+	int j;
+
+	*count = 0;
+
+	fd = wins_lookup_open_socket_in();
+	if (fd == -1)
+		return NULL;
+
+	p = wins_srv_ip();
+	if( !is_zero_ip(p) ) {
+		ret = name_query(fd,name,0x20,False,True, p, count);
+		goto out;
+	}
+
+	if (lp_wins_support()) {
+		/* we are our own WINS server */
+		ret = name_query(fd,name,0x20,False,True, *interpret_addr2("127.0.0.1"), count);
+		goto out;
+	}
+
+	/* uggh, we have to broadcast to each interface in turn */
+	for (j=iface_count() - 1;
+	     j >= 0;
+	     j--) {
+		struct in_addr *bcast = iface_n_bcast(j);
+		ret = name_query(fd,name,0x20,True,True,*bcast,count);
+		if (ret) break;
+	}
+
+ out:
+
+	close(fd);
+	return ret;
+}
+
+/* Get hostname from IP  */
+
+enum winbindd_result winbindd_wins_byip(struct winbindd_cli_state *state)
+{
+	fstring response;
+	int i, count, maxlen, size;
+	struct node_status *status;
+
+	DEBUG(3, ("[%5d]: wins_byip %s\n", state->pid,
+		state->request.data.winsreq));
+
+	*response = '\0';
+	maxlen = sizeof(response) - 1;
+
+	if ((status = lookup_byaddr_backend(state->request.data.winsreq, &count))){
+	    size = strlen(state->request.data.winsreq);
+	    if (size > maxlen) {
+		SAFE_FREE(status);
+		return WINBINDD_ERROR;
+	    }
+	    safe_strcat(response,state->request.data.winsreq,maxlen);
+	    safe_strcat(response,"\t",maxlen);
+	    for (i = 0; i < count; i++) {
+		/* ignore group names */
+		if (status[i].flags & 0x80) continue;
+		if (status[i].type == 0x20) {
+			size = sizeof(status[i].name) + strlen(response);
+			if (size > maxlen) {
+			    SAFE_FREE(status);
+			    return WINBINDD_ERROR;
+			}
+			safe_strcat(response, status[i].name, maxlen);
+			safe_strcat(response, " ", maxlen);
+		}
+	    }
+	    /* make last character a newline */
+	    response[strlen(response)-1] = '\n';
+	    SAFE_FREE(status);
+	}
+	fstrcpy(state->response.data.winsresp,response);
+	return WINBINDD_OK;
+}
+
+/* Get IP from hostname */
+
+enum winbindd_result winbindd_wins_byname(struct winbindd_cli_state *state)
+{
+	struct in_addr *ip_list;
+	int i, count, maxlen, size;
+	fstring response;
+	char * addr;
+
+	DEBUG(3, ("[%5d]: wins_byname %s\n", state->pid,
+		state->request.data.winsreq));
+
+	*response = '\0';
+	maxlen = sizeof(response) - 1;
+
+	if ((ip_list = lookup_byname_backend(state->request.data.winsreq,&count))){
+		for (i = count; i ; i--) {
+		    addr = inet_ntoa(ip_list[i-1]);
+		    size = strlen(addr);
+		    if (size > maxlen) {
+			SAFE_FREE(ip_list);
+			return WINBINDD_ERROR;
+		    }
+		    if (i != 0) {
+			/* Clear out the newline character */
+			response[strlen(response)-1] = ' '; 
+		    }
+		    safe_strcat(response,addr,maxlen);
+		    safe_strcat(response,"\t",maxlen);
+		}
+		size = strlen(state->request.data.winsreq) + strlen(response);
+		if (size > maxlen) {
+		    SAFE_FREE(ip_list);
+		    return WINBINDD_ERROR;
+		}   
+		safe_strcat(response,state->request.data.winsreq,maxlen);
+		safe_strcat(response,"\n",maxlen);
+		SAFE_FREE(ip_list);
+	} else
+		return WINBINDD_ERROR;
+
+	fstrcpy(state->response.data.winsresp,response);
+
+	return WINBINDD_OK;
+}
diff --git a/source3/nsswitch/wins.c b/source3/nsswitch/wins.c
new file mode 100644
index 0000000000..2133f817d1
--- /dev/null
+++ b/source3/nsswitch/wins.c
@@ -0,0 +1,323 @@
+/* 
+   Unix SMB/CIFS implementation.
+   a WINS nsswitch module 
+   Copyright (C) Andrew Tridgell 1999
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   
+*/
+
+#define NO_SYSLOG
+
+#include "includes.h"
+#ifdef HAVE_NS_API_H
+#undef VOLATILE
+
+#include <ns_daemon.h>
+#endif
+
+#ifndef INADDRSZ
+#define INADDRSZ 4
+#endif
+
+static int initialised;
+
+extern BOOL AllowDebugChange;
+
+/* Use our own create socket code so we don't recurse.... */
+
+static int wins_lookup_open_socket_in(void)
+{
+	struct sockaddr_in sock;
+	int val=1;
+	int res;
+
+	memset((char *)&sock,'\0',sizeof(sock));
+
+#ifdef HAVE_SOCK_SIN_LEN
+	sock.sin_len = sizeof(sock);
+#endif
+	sock.sin_port = 0;
+	sock.sin_family = AF_INET;
+	sock.sin_addr.s_addr = interpret_addr("0.0.0.0");
+	res = socket(AF_INET, SOCK_DGRAM, 0);
+	if (res == -1)
+		return -1;
+
+	setsockopt(res,SOL_SOCKET,SO_REUSEADDR,(char *)&val,sizeof(val));
+#ifdef SO_REUSEPORT
+	setsockopt(res,SOL_SOCKET,SO_REUSEPORT,(char *)&val,sizeof(val));
+#endif /* SO_REUSEPORT */
+
+	/* now we've got a socket - we need to bind it */
+
+	if (bind(res, (struct sockaddr * ) &sock,sizeof(sock)) < 0) {
+		close(res);
+		return(-1);
+	}
+
+	set_socket_options(res,"SO_BROADCAST");
+
+	return res;
+}
+
+
+static void nss_wins_init(void)
+{
+	initialised = 1;
+	DEBUGLEVEL = 0;
+	AllowDebugChange = False;
+
+	/* needed for lp_xx() functions */
+	charset_initialise();
+
+	TimeInit();
+	setup_logging("nss_wins",False);
+	lp_load(dyn_CONFIGFILE,True,False,False);
+	load_interfaces();
+	codepage_initialise(lp_client_code_page());
+}
+
+static struct node_status *lookup_byaddr_backend(char *addr, int *count)
+{
+	int fd;
+	struct in_addr  ip;
+	struct nmb_name nname;
+	struct node_status *status;
+
+	if (!initialised) {
+		nss_wins_init();
+	}
+
+	fd = wins_lookup_open_socket_in();
+	if (fd == -1)
+		return NULL;
+
+	make_nmb_name(&nname, "*", 0);
+	ip = *interpret_addr2(addr);
+	status = node_status_query(fd,&nname,ip, count);
+
+	close(fd);
+	return status;
+}
+
+static struct in_addr *lookup_byname_backend(const char *name, int *count)
+{
+	int fd;
+	struct in_addr *ret = NULL;
+	struct in_addr  p;
+	int j;
+
+	if (!initialised) {
+		nss_wins_init();
+	}
+
+	*count = 0;
+
+	fd = wins_lookup_open_socket_in();
+	if (fd == -1)
+		return NULL;
+
+	p = wins_srv_ip();
+	if( !is_zero_ip(p) ) {
+		ret = name_query(fd,name,0x20,False,True, p, count);
+		goto out;
+	}
+
+	if (lp_wins_support()) {
+		/* we are our own WINS server */
+		ret = name_query(fd,name,0x20,False,True, *interpret_addr2("127.0.0.1"), count);
+		goto out;
+	}
+
+	/* uggh, we have to broadcast to each interface in turn */
+	for (j=iface_count() - 1;
+	     j >= 0;
+	     j--) {
+		struct in_addr *bcast = iface_n_bcast(j);
+		ret = name_query(fd,name,0x20,True,True,*bcast,count);
+		if (ret) break;
+	}
+
+ out:
+
+	close(fd);
+	return ret;
+}
+
+
+#ifdef HAVE_NS_API_H
+/* IRIX version */
+
+int init(void)
+{
+	nsd_logprintf(NSD_LOG_MIN, "entering init (wins)\n");
+	nss_wins_init();
+	return NSD_OK;
+}
+
+int lookup(nsd_file_t *rq)
+{
+	char *map;
+	char *key;
+	char *addr;
+	struct in_addr *ip_list;
+	struct node_status *status;
+	int i, count, len, size;
+	char response[1024];
+	BOOL found = False;
+
+	nsd_logprintf(NSD_LOG_MIN, "entering lookup (wins)\n");
+	if (! rq) 
+		return NSD_ERROR;
+
+	map = nsd_attr_fetch_string(rq->f_attrs, "table", (char*)0);
+	if (! map) {
+		rq->f_status = NS_FATAL;
+		return NSD_ERROR;
+	}
+
+	key = nsd_attr_fetch_string(rq->f_attrs, "key", (char*)0);
+	if (! key || ! *key) {
+		rq->f_status = NS_FATAL;
+		return NSD_ERROR;
+	}
+
+	response[0] = '\0';
+	len = sizeof(response) - 2;
+
+	/* 
+	 * response needs to be a string of the following format
+	 * ip_address[ ip_address]*\tname[ alias]*
+	 */
+	if (strcasecmp(map,"hosts.byaddr") == 0) {
+		if ( status = lookup_byaddr_backend(key, &count)) {
+		    size = strlen(key) + 1;
+		    if (size > len) {
+			free(status);
+			return NSD_ERROR;
+		    }
+		    len -= size;
+		    strncat(response,key,size);
+		    strncat(response,"\t",1);
+		    for (i = 0; i < count; i++) {
+			/* ignore group names */
+			if (status[i].flags & 0x80) continue;
+			if (status[i].type == 0x20) {
+				size = sizeof(status[i].name) + 1;
+				if (size > len) {
+				    free(status);
+				    return NSD_ERROR;
+				}
+				len -= size;
+				strncat(response, status[i].name, size);
+				strncat(response, " ", 1);
+				found = True;
+			}
+		    }
+		    response[strlen(response)-1] = '\n';
+		    free(status);
+		}
+	} else if (strcasecmp(map,"hosts.byname") == 0) {
+	    if (ip_list = lookup_byname_backend(key, &count)) {
+		for (i = count; i ; i--) {
+		    addr = inet_ntoa(ip_list[i-1]);
+		    size = strlen(addr) + 1;
+		    if (size > len) {
+			free(ip_list);
+			return NSD_ERROR;
+		    }
+		    len -= size;
+		    if (i != 0)
+			response[strlen(response)-1] = ' ';
+		    strncat(response,addr,size);
+		    strncat(response,"\t",1);
+		}
+		size = strlen(key) + 1;
+		if (size > len) {
+		    free(ip_list);
+		    return NSD_ERROR;
+		}   
+		strncat(response,key,size);
+		strncat(response,"\n",1);
+		found = True;
+		free(ip_list);
+	    }
+	}
+
+	if (found) {
+	    nsd_logprintf(NSD_LOG_LOW, "lookup (wins %s) %s\n",map,response);
+	    nsd_set_result(rq,NS_SUCCESS,response,strlen(response),VOLATILE);
+	    return NSD_OK;
+	}
+	nsd_logprintf(NSD_LOG_LOW, "lookup (wins) not found\n");
+	rq->f_status = NS_NOTFOUND;
+	return NSD_NEXT;
+}
+
+#else
+/****************************************************************************
+gethostbyname() - we ignore any domain portion of the name and only
+handle names that are at most 15 characters long
+  **************************************************************************/
+NSS_STATUS
+_nss_wins_gethostbyname_r(const char *name, struct hostent *he,
+			  char *buffer, size_t buflen, int *errnop,
+			  int *h_errnop)
+{
+	char **host_addresses;
+	struct in_addr *ip_list;
+	int i, count;
+	size_t namelen = strlen(name) + 1;
+		
+	memset(he, '\0', sizeof(*he));
+
+	ip_list = lookup_byname_backend(name, &count);
+	if (!ip_list) {
+		return NSS_STATUS_NOTFOUND;
+	}
+
+	if (buflen < namelen + (2*count+1)*INADDRSZ) {
+		/* no ENOMEM error type?! */
+		return NSS_STATUS_NOTFOUND;
+	}
+
+
+	host_addresses = (char **)buffer;
+	he->h_addr_list = host_addresses;
+	host_addresses[count] = NULL;
+	buffer += (count + 1) * INADDRSZ;
+	buflen += (count + 1) * INADDRSZ;
+	he->h_addrtype = AF_INET;
+	he->h_length = INADDRSZ;
+
+	for (i=0;i<count;i++) {
+		memcpy(buffer, &ip_list[i].s_addr, INADDRSZ);
+		*host_addresses = buffer;
+		buffer += INADDRSZ;
+		buflen -= INADDRSZ;
+		host_addresses++;
+	}
+
+	if (ip_list)
+		free(ip_list);
+
+	memcpy(buffer, name, namelen);
+	he->h_name = buffer;
+
+	return NSS_STATUS_SUCCESS;
+}
+#endif
+
diff --git a/source3/pam_smbpass/CHANGELOG b/source3/pam_smbpass/CHANGELOG
new file mode 100644
index 0000000000..96ef784008
--- /dev/null
+++ b/source3/pam_smbpass/CHANGELOG
@@ -0,0 +1,31 @@
+version 0.7.5  25 Mar 2001
+   - Use Samba 2.2.0 (alpha) as the target codebase, since it doesn't look
+     like Samba will be offering shared libraries in the near future.
+   - added a Makefile and support scripts to make the build process easier.
+   - imported some Solaris fixes that I've been sitting on.
+
+version 0.7.4  20 Jan 2000
+   - added a 'migrate' option to the authentication code which makes no
+     effort to authenticate the user, or even to ask for a password, but
+     it can be useful for filling in an SMB password db.
+
+version 0.7.3  19 Jan 2000
+   - updated to use the SAMBA_TNG Samba branch, allowing us to dynamically
+     link against Luke's new shared libs (libsamba, libsmb).
+
+version 0.7.2  20 Jul 1999
+   - miscellaneous bugfixes.  Cleanup of legacy pam_pwdb code.
+   - fixed return value of pam_sm_setcred function.
+   - fix to autoconf support
+   - clarified some of the messages being logged
+
+version 0.6,  15 Jul 1999
+   - updated to use the new Samba (2.0) password database API.
+   - added autoconf support. May now theoretically compile on more
+     platforms than PAM itself does.
+   - added support for account management functions (i.e., disabled
+     accounts)
+
+version 0.5,  4 Apr 1998
+   - added support for hashed passwords as input.  Now capable of serving
+     as an authentication agent for encrypted network transactions.
diff --git a/source3/pam_smbpass/README b/source3/pam_smbpass/README
new file mode 100644
index 0000000000..cf208a9914
--- /dev/null
+++ b/source3/pam_smbpass/README
@@ -0,0 +1,66 @@
+25 Mar 2001
+
+pam_smbpass is a PAM module which can be used on conforming systems to
+keep the smbpasswd (Samba password) database in sync with the unix
+password file. PAM (Pluggable Authentication Modules) is an API supported
+under some Unices, such as Solaris, HPUX and Linux, that provides a
+generic interface to authentication mechanisms.
+
+For more information on PAM, see http://ftp.kernel.org/pub/linux/libs/pam/
+
+This module authenticates a local smbpasswd user database.  If you require
+support for authenticating against a remote SMB server, or if you're
+concerned about the presence of suid root binaries on your system, it is
+recommended that you use one of the other two following modules
+
+  pam_smb - http://www.csn.ul.ie/~airlied/pam_smb/
+    authenticates against any remote SMB server
+
+  pam_ntdom - ftp://ftp.samba.org/pub/samba/pam_ntdom/
+    authenticates against an NT or Samba domain controller
+
+Options recognized by this module are as follows:
+
+	debug		-	log more debugging info
+	audit		-	like debug, but also logs unknown usernames
+	use_first_pass	-	don't prompt the user for passwords;
+				take them from PAM_ items instead
+	try_first_pass  -	try to get the password from a previous
+				PAM module, fall back to prompting the user
+	use_authtok	-	like try_first_pass, but *fail* if the new
+				PAM_AUTHTOK has not been previously set.
+				(intended for stacking password modules only)
+	not_set_pass    -	don't make passwords used by this module
+				available to other modules.
+	nodelay		-	don't insert ~1 second delays on authentication
+				failure.
+	nullok		-	null passwords are allowed.
+	nonull		-	null passwords are not allowed. Used to
+				override the Samba configuration.
+	migrate		-	only meaningful in an "auth" context;
+				used to update smbpasswd file with a
+				password used for successful authentication.
+	smbconf=<file>	-	specify an alternate path to the smb.conf
+				file.
+
+See the samples/ directory for example PAM configurations using this
+module.
+
+Thanks go to the following people:
+
+* Andrew Morgan <morgan@transmeta.com>, for providing the Linux-PAM
+framework, without which none of this would have happened
+
+* Christian Gafton <gafton@redhat.com> and Andrew Morgan again, for the
+pam_pwdb module upon which pam_smbpass was originally based
+
+* Luke Leighton <lkcl@switchboard.net> for being receptive to the idea,
+and for the occasional good-natured complaint about the project's status
+that keep me working on it :)
+
+* and of course, all the other members of the Samba team 
+<http://www.samba.org/samba/team.html>, for creating a great product 
+and for giving this project a purpose
+
+---------------------
+Stephen Langasek <vorlon@netexpress.net>
diff --git a/source3/pam_smbpass/TODO b/source3/pam_smbpass/TODO
new file mode 100644
index 0000000000..20cf4fb098
--- /dev/null
+++ b/source3/pam_smbpass/TODO
@@ -0,0 +1,7 @@
+This is a tentative TODO file which will probably get much longer before
+it gets much shorter.
+
+- Recognizing (and overriding) debug options in the smb.conf file
+- Support for 'name=value' parameters in the PAM config
+- Compliant handling of unrecognized PAM parameters (i.e., fail on error)
+- 
diff --git a/source3/pam_smbpass/general.h b/source3/pam_smbpass/general.h
new file mode 100644
index 0000000000..0291146cbb
--- /dev/null
+++ b/source3/pam_smbpass/general.h
@@ -0,0 +1,123 @@
+#ifndef LINUX
+/* This is only needed by modules in the Sun implementation. */
+#include <security/pam_appl.h>
+#endif  /* LINUX */
+
+#include <security/pam_modules.h>
+
+#ifndef PAM_AUTHTOK_RECOVER_ERR  
+#define PAM_AUTHTOK_RECOVER_ERR PAM_AUTHTOK_RECOVERY_ERR
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <syslog.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/wait.h>
+
+/*
+ * here is the string to inform the user that the new passwords they
+ * typed were not the same.
+ */
+
+#define MISTYPED_PASS "Sorry, passwords do not match"
+
+/* type definition for the control options */
+
+typedef struct {
+     const char *token;
+     unsigned int mask;            /* shall assume 32 bits of flags */
+     unsigned int flag;
+} SMB_Ctrls;
+
+#ifndef False
+#define False (0)
+#endif
+
+#ifndef True
+#define True (1)
+#endif
+
+/* macro to determine if a given flag is on */
+#define on(x,ctrl)  (smb_args[x].flag & ctrl)
+
+/* macro to determine that a given flag is NOT on */
+#define off(x,ctrl) (!on(x,ctrl))
+
+/* macro to turn on/off a ctrl flag manually */
+#define set(x,ctrl)   (ctrl = ((ctrl)&smb_args[x].mask)|smb_args[x].flag)
+#define unset(x,ctrl) (ctrl &= ~(smb_args[x].flag))
+
+#ifndef __linux__
+#define strncasecmp(s1,s2,n) StrnCaseCmp(s1,s2,n)
+#endif
+
+/* the generic mask */
+#define _ALL_ON_  (~0U)
+
+/* end of macro definitions definitions for the control flags */
+
+/*
+ * These are the options supported by the smb password module, very
+ * similar to the pwdb options
+ */
+
+#define SMB__OLD_PASSWD		 0	/* internal */
+#define SMB__VERIFY_PASSWD	 1	/* internal */
+
+#define SMB_AUDIT		 2	/* print more things than debug..
+					   some information may be sensitive */
+#define SMB_USE_FIRST_PASS	 3
+#define SMB_TRY_FIRST_PASS	 4
+#define SMB_NOT_SET_PASS	 5	/* don't set the AUTHTOK items */
+
+#define SMB__NONULL		 6	/* internal */
+#define SMB__QUIET		 7	/* internal */
+#define SMB_USE_AUTHTOK		 8	/* insist on reading PAM_AUTHTOK */
+#define SMB__NULLOK		 9	/* Null token ok */
+#define SMB_DEBUG		10	/* send more info to syslog(3) */
+#define SMB_NODELAY		11	/* admin does not want a fail-delay */
+#define SMB_MIGRATE		12	/* Does no authentication, just
+					   updates the smb database. */
+#define SMB_CONF_FILE		13	/* Alternate location of smb.conf */
+
+#define SMB_CTRLS_		14	/* number of ctrl arguments defined */
+
+static const SMB_Ctrls smb_args[SMB_CTRLS_] = {
+/* symbol                 token name          ctrl mask      ctrl       *
+ * ------------------     ------------------  -------------- ---------- */
+
+/* SMB__OLD_PASSWD */	 {  NULL,            _ALL_ON_,              01 },
+/* SMB__VERIFY_PASSWD */ {  NULL,            _ALL_ON_,              02 },
+/* SMB_AUDIT */		 { "audit",          _ALL_ON_,              04 },
+/* SMB_USE_FIRST_PASS */ { "use_first_pass", _ALL_ON_^(030),       010 },
+/* SMB_TRY_FIRST_PASS */ { "try_first_pass", _ALL_ON_^(030),       020 },
+/* SMB_NOT_SET_PASS */	 { "not_set_pass",   _ALL_ON_,             040 },
+/* SMB__NONULL */	 {  "nonull",        _ALL_ON_,            0100 },
+/* SMB__QUIET */	 {  NULL,            _ALL_ON_,            0200 },
+/* SMB_USE_AUTHTOK */	 { "use_authtok",    _ALL_ON_,            0400 },
+/* SMB__NULLOK */	 { "nullok",         _ALL_ON_^(0100),        0 },
+/* SMB_DEBUG */		 { "debug",          _ALL_ON_,           01000 },
+/* SMB_NODELAY */	 { "nodelay",        _ALL_ON_,           02000 },
+/* SMB_MIGRATE */	 { "migrate",        _ALL_ON_^(0100),	 04000 },
+/* SMB_CONF_FILE */	 { "smbconf=",       _ALL_ON_,		     0 },
+};
+
+#define SMB_DEFAULTS  (smb_args[SMB__NONULL].flag)
+
+/*
+ * the following is used to keep track of the number of times a user fails
+ * to authenticate themself.
+ */
+
+#define FAIL_PREFIX			"-SMB-FAIL-"
+#define SMB_MAX_RETRIES			3
+
+struct _pam_failed_auth {
+    char *user;                 /* user that's failed to be authenticated */
+    int id;                     /* uid of requested user */
+    char *agent;                /* attempt from user with name */
+    int count;                  /* number of failures so far */
+};
diff --git a/source3/pam_smbpass/pam_smb_acct.c b/source3/pam_smbpass/pam_smb_acct.c
new file mode 100644
index 0000000000..8d91c456bf
--- /dev/null
+++ b/source3/pam_smbpass/pam_smb_acct.c
@@ -0,0 +1,115 @@
+/* Unix NT password database implementation, version 0.7.5.
+ *
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 675
+ * Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+/* indicate the following groups are defined */
+#define PAM_SM_ACCT
+
+#include "includes.h"
+
+#ifndef LINUX
+
+/* This is only used in the Sun implementation. */
+#include <security/pam_appl.h>
+
+#endif  /* LINUX */
+
+#include <security/pam_modules.h>
+
+#include "general.h"
+
+#include "support.h"
+
+/*
+ * pam_sm_acct_mgmt() verifies whether or not the account is disabled.
+ *
+ */
+
+int pam_sm_acct_mgmt( pam_handle_t *pamh, int flags,
+                      int argc, const char **argv )
+{
+    unsigned int ctrl;
+    int retval;
+
+    const char *name;
+    const char *p;
+    SAM_ACCOUNT *sampass = NULL;
+
+    extern BOOL in_client;
+
+    /* Samba initialization. */
+    setup_logging( "pam_smbpass", False );
+    charset_initialise();
+    codepage_initialise(lp_client_code_page());
+    in_client = True;
+
+    ctrl = set_ctrl( flags, argc, argv );
+
+    /* get the username */
+
+    retval = pam_get_user( pamh, &name, "Username: " );
+    if (retval != PAM_SUCCESS) {
+        if (on( SMB_DEBUG, ctrl )) {
+	    _log_err( LOG_DEBUG, "acct: could not identify user" );
+        }
+        return retval;
+    }
+    if (on( SMB_DEBUG, ctrl )) {
+        _log_err( LOG_DEBUG, "acct: username [%s] obtained", name );
+    }
+
+    if (!initialize_password_db(True)) {
+        _log_err( LOG_ALERT, "Cannot access samba password database" );
+        return PAM_AUTHINFO_UNAVAIL;
+    }
+
+    /* Get the user's record. */
+    pdb_init_sam(&sampass);
+    pdb_getsampwnam(sampass, name );
+
+    if (!sampass)
+        return PAM_USER_UNKNOWN;
+
+    if (pdb_get_acct_ctrl(sampass) & ACB_DISABLED) {
+        if (on( SMB_DEBUG, ctrl )) {
+            _log_err( LOG_DEBUG
+                      , "acct: account %s is administratively disabled", name );
+        }
+        make_remark( pamh, ctrl, PAM_ERROR_MSG
+                     , "Your account has been disabled; "
+                       "please see your system administrator." );
+
+        return PAM_ACCT_EXPIRED;
+    }
+
+    /* TODO: support for expired passwords. */
+
+    return PAM_SUCCESS;
+}
+
+/* static module data */
+#ifdef PAM_STATIC
+struct pam_module _pam_smbpass_acct_modstruct = {
+     "pam_smbpass",
+     NULL,
+     NULL,
+     pam_sm_acct_mgmt,
+     NULL,
+     NULL,
+     NULL
+};
+#endif
+
diff --git a/source3/pam_smbpass/pam_smb_auth.c b/source3/pam_smbpass/pam_smb_auth.c
new file mode 100644
index 0000000000..9952eb94db
--- /dev/null
+++ b/source3/pam_smbpass/pam_smb_auth.c
@@ -0,0 +1,250 @@
+/* Unix NT password database implementation, version 0.7.5.
+ *
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 675
+ * Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+/* indicate the following groups are defined */
+#define PAM_SM_AUTH
+
+#include "includes.h"
+#include "debug.h"
+
+#ifndef LINUX
+
+/* This is only used in the Sun implementation. */
+#include <security/pam_appl.h>
+
+#endif  /* LINUX */
+
+#include <security/pam_modules.h>
+
+#include "general.h"
+
+#include "support.h"
+
+#define AUTH_RETURN						\
+do {								\
+	if(ret_data) {						\
+		*ret_data = retval;				\
+		pam_set_data( pamh, "smb_setcred_return"	\
+		              , (void *) ret_data, NULL );	\
+	}							\
+	return retval;						\
+} while (0)
+
+static int _smb_add_user(pam_handle_t *pamh, unsigned int ctrl,
+                         const char *name, SAM_ACCOUNT *sampass, BOOL exist);
+
+/*
+ * pam_sm_authenticate() authenticates users against the samba password file.
+ *
+ *	First, obtain the password from the user. Then use a
+ *      routine in 'support.c' to authenticate the user.
+ */
+
+#define _SMB_AUTHTOK  "-SMB-PASS"
+
+int pam_sm_authenticate(pam_handle_t *pamh, int flags,
+                        int argc, const char **argv)
+{
+    unsigned int ctrl;
+    int retval, *ret_data = NULL;
+    SAM_ACCOUNT *sampass = NULL;
+    extern BOOL in_client;
+    const char *name;
+    BOOL found;
+
+    /* Points to memory managed by the PAM library. Do not free. */
+    const char *p = NULL;
+
+
+    /* Samba initialization. */
+    setup_logging("pam_smbpass",False);
+    charset_initialise();
+    codepage_initialise(lp_client_code_page());
+    in_client = True;
+
+    ctrl = set_ctrl(flags, argc, argv);
+
+    /* Get a few bytes so we can pass our return value to
+       pam_sm_setcred(). */
+    ret_data = malloc(sizeof(int));
+
+    /* get the username */
+    retval = pam_get_user( pamh, &name, "Username: " );
+    if ( retval != PAM_SUCCESS ) {
+        if (on( SMB_DEBUG, ctrl )) {
+	    _log_err(LOG_DEBUG, "auth: could not identify user");
+        }
+        AUTH_RETURN;
+    }
+    if (on( SMB_DEBUG, ctrl )) {
+        _log_err( LOG_DEBUG, "username [%s] obtained", name );
+    }
+
+    if (!initialize_password_db(True)) {
+        _log_err( LOG_ALERT, "Cannot access samba password database" );
+        retval = PAM_AUTHINFO_UNAVAIL;
+        AUTH_RETURN;
+    }
+
+    pdb_init_sam(&sampass);
+    
+    found = pdb_getsampwnam( sampass, name );
+
+    if (on( SMB_MIGRATE, ctrl )) {
+	retval = _smb_add_user(pamh, ctrl, name, sampass, found);
+	pdb_free_sam(&sampass);
+	AUTH_RETURN;
+    }
+
+    if (!found) {
+        _log_err(LOG_ALERT, "Failed to find entry for user %s.", name);
+        retval = PAM_USER_UNKNOWN;
+	pdb_free_sam(&sampass);
+	sampass = NULL;
+        AUTH_RETURN;
+    }
+   
+    /* if this user does not have a password... */
+
+    if (_smb_blankpasswd( ctrl, sampass )) {
+        pdb_free_sam(&sampass);
+        retval = PAM_SUCCESS;
+        AUTH_RETURN;
+    }
+
+    /* get this user's authentication token */
+
+    retval = _smb_read_password(pamh, ctrl, NULL, "Password: ", NULL, _SMB_AUTHTOK, &p);
+    if (retval != PAM_SUCCESS ) {
+	_log_err(LOG_CRIT, "auth: no password provided for [%s]"
+		 , name);
+        pdb_free_sam(&sampass);
+        AUTH_RETURN;
+    }
+
+    /* verify the password of this user */
+
+    retval = _smb_verify_password( pamh, sampass, p, ctrl );
+    pdb_free_sam(&sampass);
+    p = NULL;
+    AUTH_RETURN;
+}
+
+/*
+ * This function is for setting samba credentials.  If anyone comes up
+ * with any credentials they think should be set, let me know.
+ */
+
+int pam_sm_setcred(pam_handle_t *pamh, int flags,
+                   int argc, const char **argv)
+{
+    int retval, *pretval = NULL;
+
+    retval = PAM_SUCCESS;
+
+    pam_get_data(pamh, "smb_setcred_return", (const void **) &pretval);
+    if(pretval) {
+	retval = *pretval;
+	SAFE_FREE(pretval);
+    }
+    pam_set_data(pamh, "smb_setcred_return", NULL, NULL);
+
+    return retval;
+}
+
+
+/* Helper function for adding a user to the db. */
+static int _smb_add_user(pam_handle_t *pamh, unsigned int ctrl,
+                         const char *name, SAM_ACCOUNT *sampass, BOOL exist)
+{
+    pstring err_str;
+    pstring msg_str;
+    const char *pass = NULL;
+    int retval;
+
+    err_str[0] = '\0';
+    msg_str[0] = '\0';
+
+    /* Get the authtok; if we don't have one, silently fail. */
+    retval = pam_get_item( pamh, PAM_AUTHTOK, (const void **) &pass );
+
+    if (retval != PAM_SUCCESS) {
+	_log_err( LOG_ALERT
+	          , "pam_get_item returned error to pam_sm_authenticate" );
+	return PAM_AUTHTOK_RECOVER_ERR;
+    } else if (pass == NULL) {
+	return PAM_AUTHTOK_RECOVER_ERR;
+    }
+
+    /* Add the user to the db if they aren't already there. */
+   if (!exist) {
+	retval = local_password_change( name, LOCAL_ADD_USER,
+	                                 pass, err_str,
+	                                 sizeof(err_str),
+	                                 msg_str, sizeof(msg_str) );
+	if (!retval && *err_str)
+	{
+	    err_str[PSTRING_LEN-1] = '\0';
+	    make_remark( pamh, ctrl, PAM_ERROR_MSG, err_str );
+	}
+	else if (*msg_str)
+	{
+	    msg_str[PSTRING_LEN-1] = '\0';
+	    make_remark( pamh, ctrl, PAM_TEXT_INFO, msg_str );
+	}
+	pass = NULL;
+
+	return PAM_IGNORE;
+   }
+   else {
+    /* Change the user's password IFF it's null. */
+    if ((pdb_get_lanman_passwd(sampass) == NULL) && (pdb_get_acct_ctrl(sampass) & ACB_PWNOTREQ))
+    {
+	retval = local_password_change( name, 0, pass, err_str, sizeof(err_str),
+	                                 msg_str, sizeof(msg_str) );
+	if (!retval && *err_str)
+	{
+	    err_str[PSTRING_LEN-1] = '\0';
+	    make_remark( pamh, ctrl, PAM_ERROR_MSG, err_str );
+	}
+	else if (*msg_str)
+	{
+	    msg_str[PSTRING_LEN-1] = '\0';
+	    make_remark( pamh, ctrl, PAM_TEXT_INFO, msg_str );
+	}
+    }
+   }
+    
+    pass = NULL;
+
+    return PAM_IGNORE;
+}
+
+
+/* static module data */
+#ifdef PAM_STATIC
+struct pam_module _pam_smbpass_auth_modstruct = {
+     "pam_smbpass",
+     pam_sm_authenticate,
+     pam_sm_setcred,
+     NULL,
+     NULL,
+     NULL,
+     NULL
+};
+#endif
+
diff --git a/source3/pam_smbpass/pam_smb_passwd.c b/source3/pam_smbpass/pam_smb_passwd.c
new file mode 100644
index 0000000000..338d873d25
--- /dev/null
+++ b/source3/pam_smbpass/pam_smb_passwd.c
@@ -0,0 +1,329 @@
+/* Unix NT password database implementation, version 0.7.5.
+ *
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 675
+ * Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+/* indicate the following groups are defined */
+#define PAM_SM_PASSWORD
+
+#include "includes.h"
+
+#ifndef LINUX
+
+/* This is only used in the Sun implementation. */
+#include <security/pam_appl.h>
+
+#endif  /* LINUX */
+
+#include <security/pam_modules.h>
+
+#include "general.h" 
+
+#include "support.h"
+
+int smb_update_db( pam_handle_t *pamh, int ctrl, const char *user,  const char *pass_new )
+{
+ char		c;
+ int		retval, i;
+ pstring	err_str;
+ pstring	msg_str;
+
+    err_str[0] = '\0';
+    msg_str[0] = '\0';
+
+    retval = local_password_change( user, 0, pass_new, err_str, sizeof(err_str),
+			            msg_str, sizeof(msg_str) );
+
+    if (!retval) {
+        if (*err_str) {
+            err_str[PSTRING_LEN-1] = '\0';
+            make_remark( pamh, ctrl, PAM_ERROR_MSG, err_str );
+        }
+
+        /* FIXME: what value is appropriate here? */
+        retval = PAM_AUTHTOK_ERR;
+    } else {
+        if (*msg_str) {
+            msg_str[PSTRING_LEN-1] = '\0';
+            make_remark( pamh, ctrl, PAM_TEXT_INFO, msg_str );
+        }
+        retval = PAM_SUCCESS;
+    }
+
+    return retval;      
+
+}
+
+
+/* data tokens */
+
+#define _SMB_OLD_AUTHTOK  "-SMB-OLD-PASS"
+#define _SMB_NEW_AUTHTOK  "-SMB-NEW-PASS"
+
+/*
+ * FUNCTION: pam_sm_chauthtok()
+ *
+ * This function is called twice by the PAM library, once with
+ * PAM_PRELIM_CHECK set, and then again with PAM_UPDATE_AUTHTOK set.  With
+ * Linux-PAM, these two passes generally involve first checking the old
+ * token and then changing the token.  This is what we do here.
+ *
+ * Having obtained a new password. The function updates the
+ * SMB_PASSWD_FILE file (normally, $(LIBDIR)/smbpasswd).
+ */
+
+int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
+                     int argc, const char **argv)
+{
+    unsigned int ctrl;
+    int retval;
+
+    extern BOOL in_client;
+
+    SAM_ACCOUNT *sampass = NULL;
+    const char *user;
+    const char *pass_old, *pass_new;
+
+    /* Samba initialization. */
+    setup_logging( "pam_smbpass", False );
+    charset_initialise();
+    codepage_initialise(lp_client_code_page());
+    in_client = True;
+
+    ctrl = set_ctrl(flags, argc, argv);
+
+    /*
+     * First get the name of a user.  No need to do anything if we can't
+     * determine this.
+     */
+
+    retval = pam_get_user( pamh, &user, "Username: " );
+    if (retval != PAM_SUCCESS) {
+        if (on( SMB_DEBUG, ctrl )) {
+            _log_err( LOG_DEBUG, "password: could not identify user" );
+        }
+        return retval;
+    }
+    if (on( SMB_DEBUG, ctrl )) {
+        _log_err( LOG_DEBUG, "username [%s] obtained", user );
+    }
+
+    if (!initialize_password_db(True)) {
+        _log_err( LOG_ALERT, "Cannot access samba password database" );
+        return PAM_AUTHINFO_UNAVAIL;
+    }
+
+    /* obtain user record */
+    pdb_init_sam(&sampass);
+    pdb_getsampwnam(sampass,user);
+
+    if (sampass == NULL) {
+        _log_err( LOG_ALERT, "Failed to find entry for user %s.", user );
+        return PAM_USER_UNKNOWN;
+    }
+
+    if (flags & PAM_PRELIM_CHECK) {
+        /*
+         * obtain and verify the current password (OLDAUTHTOK) for
+         * the user.
+         */
+
+        char *Announce;
+
+        if (_smb_blankpasswd( ctrl, sampass )) {
+
+            pdb_free_sam(&sampass);
+            return PAM_SUCCESS;
+        }
+
+	/* Password change by root, or for an expired token, doesn't
+           require authentication.  Is this a good choice? */
+        if (getuid() != 0 && !(flags & PAM_CHANGE_EXPIRED_AUTHTOK)) {
+
+            /* tell user what is happening */
+#define greeting "Changing password for "
+            Announce = (char *) malloc(sizeof(greeting)+strlen(user));
+            if (Announce == NULL) {
+                _log_err(LOG_CRIT, "password: out of memory");
+                pdb_free_sam(&sampass);
+                return PAM_BUF_ERR;
+            }
+            strncpy( Announce, greeting, sizeof(greeting) );
+            strncpy( Announce+sizeof(greeting)-1, user, strlen(user)+1 );
+#undef greeting
+
+            set( SMB__OLD_PASSWD, ctrl );
+            retval = _smb_read_password( pamh, ctrl, Announce, "Current SMB password: ",
+                                         NULL, _SMB_OLD_AUTHTOK, &pass_old );
+            SAFE_FREE( Announce );
+
+            if (retval != PAM_SUCCESS) {
+                _log_err( LOG_NOTICE
+                          , "password - (old) token not obtained" );
+                pdb_free_sam(&sampass);
+                return retval;
+            }
+
+            /* verify that this is the password for this user */
+
+            retval = _smb_verify_password( pamh, sampass, pass_old, ctrl );
+
+        } else {
+	    pass_old = NULL;
+            retval = PAM_SUCCESS;           /* root doesn't have to */
+        }
+
+        pass_old = NULL;
+        pdb_free_sam(&sampass);
+        return retval;
+
+    } else if (flags & PAM_UPDATE_AUTHTOK) {
+
+#if 0
+        /* We used to return when this flag was set, but that breaks
+           password synchronization when /other/ tokens are expired.  For
+           now, we change the password whenever we're asked. SRL */
+        if (flags & PAM_CHANGE_EXPIRED_AUTHTOK) {
+            pdb_free_sam(&sampass);
+            return PAM_SUCCESS;
+        }
+#endif
+        /*
+         * obtain the proposed password
+         */
+
+        /*
+         * get the old token back. NULL was ok only if root [at this
+         * point we assume that this has already been enforced on a
+         * previous call to this function].
+         */
+
+        if (off( SMB_NOT_SET_PASS, ctrl )) {
+            retval = pam_get_item( pamh, PAM_OLDAUTHTOK,
+                                   (const void **)&pass_old );
+        } else {
+            retval = pam_get_data( pamh, _SMB_OLD_AUTHTOK,
+                                   (const void **)&pass_old );
+            if (retval == PAM_NO_MODULE_DATA) {
+		pass_old = NULL;
+                retval = PAM_SUCCESS;
+            }
+        }
+
+        if (retval != PAM_SUCCESS) {
+            _log_err( LOG_NOTICE, "password: user not authenticated" );
+            pdb_free_sam(&sampass);
+            return retval;
+        }
+
+        /*
+         * use_authtok is to force the use of a previously entered
+         * password -- needed for pluggable password strength checking
+	 * or other module stacking
+         */
+
+        if (on( SMB_USE_AUTHTOK, ctrl )) {
+            set( SMB_USE_FIRST_PASS, ctrl );
+        }
+
+        retval = _smb_read_password( pamh, ctrl
+                                      , NULL
+                                      , "Enter new SMB password: "
+                                      , "Retype new SMB password: "
+                                      , _SMB_NEW_AUTHTOK
+                                      , &pass_new );
+
+        if (retval != PAM_SUCCESS) {
+            if (on( SMB_DEBUG, ctrl )) {
+                _log_err( LOG_ALERT
+                          , "password: new password not obtained" );
+            }
+            pass_old = NULL;                               /* tidy up */
+            pdb_free_sam(&sampass);
+            return retval;
+        }
+
+        /*
+         * At this point we know who the user is and what they
+         * propose as their new password. Verify that the new
+         * password is acceptable.
+         */ 
+
+        if (pass_new[0] == '\0') {     /* "\0" password = NULL */
+            pass_new = NULL;
+        }
+
+        retval = _pam_smb_approve_pass(pamh, ctrl, pass_old, pass_new);
+
+        if (retval != PAM_SUCCESS) {
+            _log_err(LOG_NOTICE, "new password not acceptable");
+            pass_new = pass_old = NULL;               /* tidy up */
+            pdb_free_sam(&sampass);
+            return retval;
+        }
+
+        /*
+         * By reaching here we have approved the passwords and must now
+         * rebuild the smb password file.
+         */
+
+        /* update the password database */
+
+        retval = smb_update_db(pamh, ctrl, user, pass_new);
+        if (retval == PAM_SUCCESS) {
+            /* password updated */
+            _log_err( LOG_NOTICE, "password for (%s/%d) changed by (%s/%d)"
+                      , user, pdb_get_uid(sampass), uidtoname( getuid() )
+                      , getuid() );
+        } else {
+            _log_err( LOG_ERR, "password change failed for user %s"
+                      , user );
+        }
+
+        pass_old = pass_new = NULL;
+	if (sampass) {
+		pdb_free_sam(&sampass);
+		sampass = NULL;
+	}
+
+    } else {            /* something has broken with the library */
+
+        _log_err( LOG_ALERT, "password received unknown request" );
+        retval = PAM_ABORT;
+
+    }
+    
+    if (sampass) {
+    	pdb_free_sam(&sampass);
+	sampass = NULL;
+    }
+
+    pdb_free_sam(&sampass);
+    return retval;
+}
+
+/* static module data */
+#ifdef PAM_STATIC
+struct pam_module _pam_smbpass_passwd_modstruct = {
+     "pam_smbpass",
+     NULL,
+     NULL,
+     NULL,
+     NULL,
+     NULL,
+     pam_sm_chauthtok
+};
+#endif
+
diff --git a/source3/pam_smbpass/samples/README b/source3/pam_smbpass/samples/README
new file mode 100644
index 0000000000..d77603306f
--- /dev/null
+++ b/source3/pam_smbpass/samples/README
@@ -0,0 +1,3 @@
+This directory contains example configurations demonstrating various uses
+of pam_smbpass.  These examples use Linux-style /etc/pam.d syntax, and
+must be modified for use on Solaris systems.
diff --git a/source3/pam_smbpass/samples/kdc-pdc b/source3/pam_smbpass/samples/kdc-pdc
new file mode 100644
index 0000000000..70f1998f32
--- /dev/null
+++ b/source3/pam_smbpass/samples/kdc-pdc
@@ -0,0 +1,15 @@
+#%PAM-1.0
+# kdc-pdc
+# 
+# A sample PAM configuration that shows pam_smbpass used together with
+# pam_krb5.  This could be useful on a Samba PDC that is also a member of
+# a Kerberos realm.
+
+auth       requisite        pam_nologin.so
+auth       requisite        pam_krb5.so
+auth       optional         pam_smbpass.so migrate
+account    required         pam_krb5.so
+password   requisite        pam_cracklib.so retry=3
+password   optional         pam_smbpass.so nullok use_authtok try_first_pass
+password   required         pam_krb5.so use_authtok try_first_pass
+session    required         pam_krb5.so
diff --git a/source3/pam_smbpass/samples/password-mature b/source3/pam_smbpass/samples/password-mature
new file mode 100644
index 0000000000..6d73e0906f
--- /dev/null
+++ b/source3/pam_smbpass/samples/password-mature
@@ -0,0 +1,14 @@
+#%PAM-1.0
+# password-mature
+#
+# A sample PAM configuration for a 'mature' smbpasswd installation.
+# private/smbpasswd is fully populated, and we consider it an error if
+# the smbpasswd doesn't exist or doesn't match the Unix password.
+
+auth       requisite        pam_nologin.so
+auth       required         pam_unix.so
+account    required         pam_unix.so
+password   requisite        pam_cracklib.so retry=3
+password   requisite        pam_unix.so shadow md5 use_authtok try_first_pass
+password   required         pam_smbpass.so use_authtok use_first_pass
+session    required         pam_unix.so
diff --git a/source3/pam_smbpass/samples/password-migration b/source3/pam_smbpass/samples/password-migration
new file mode 100644
index 0000000000..305cb53858
--- /dev/null
+++ b/source3/pam_smbpass/samples/password-migration
@@ -0,0 +1,18 @@
+#%PAM-1.0
+# password-migration
+#
+# A sample PAM configuration that shows the use of pam_smbpass to migrate
+# from plaintext to encrypted passwords for Samba.  Unlike other methods,
+# this can be used for users who have never connected to Samba shares:
+# password migration takes place when users ftp in, login using ssh, pop
+# their mail, etc.
+
+auth       requisite        pam_nologin.so
+# pam_smbpass is called IFF pam_unix succeeds.
+auth       requisite        pam_unix.so
+auth       optional         pam_smbpass.so migrate
+account    required         pam_unix.so
+password   requisite        pam_cracklib.so retry=3
+password   requisite        pam_unix.so shadow md5 use_authtok try_first_pass
+password   optional         pam_smbpass.so nullok use_authtok try_first_pass
+session    required         pam_unix.so
diff --git a/source3/pam_smbpass/samples/password-sync b/source3/pam_smbpass/samples/password-sync
new file mode 100644
index 0000000000..0a950dd2e9
--- /dev/null
+++ b/source3/pam_smbpass/samples/password-sync
@@ -0,0 +1,15 @@
+#%PAM-1.0
+# password-sync
+#
+# A sample PAM configuration that shows the use of pam_smbpass to make
+# sure private/smbpasswd is kept in sync when /etc/passwd (/etc/shadow)
+# is changed.  Useful when an expired password might be changed by an
+# application (such as ssh).
+
+auth       requisite        pam_nologin.so
+auth       required         pam_unix.so
+account    required         pam_unix.so
+password   requisite        pam_cracklib.so retry=3
+password   requisite        pam_unix.so shadow md5 use_authtok try_first_pass
+password   required         pam_smbpass.so nullok use_authtok try_first_pass
+session    required         pam_unix.so
diff --git a/source3/pam_smbpass/support.c b/source3/pam_smbpass/support.c
new file mode 100644
index 0000000000..86349f8c16
--- /dev/null
+++ b/source3/pam_smbpass/support.c
@@ -0,0 +1,648 @@
+/* Unix NT password database implementation, version 0.6.
+ *
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 675
+ * Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+#include "general.h"
+
+#include "support.h"
+
+
+#define _pam_overwrite(x)        \
+do {                             \
+     register char *__xx__;      \
+     if ((__xx__=(x)))           \
+          while (*__xx__)        \
+               *__xx__++ = '\0'; \
+} while (0)
+
+/*
+ * Don't just free it, forget it too.
+ */
+
+#define _pam_drop(X) \
+do {                 \
+    if (X) {         \
+        free(X);     \
+        X=NULL;      \
+    }                \
+} while (0)
+
+#define _pam_drop_reply(/* struct pam_response * */ reply, /* int */ replies) \
+do {                                              \
+    int reply_i;                                  \
+                                                  \
+    for (reply_i=0; reply_i<replies; ++reply_i) { \
+        if (reply[reply_i].resp) {                \
+            _pam_overwrite(reply[reply_i].resp);  \
+            free(reply[reply_i].resp);            \
+        }                                         \
+    }                                             \
+    if (reply)                                    \
+        free(reply);                              \
+} while (0)
+
+
+int converse(pam_handle_t *, int, int, struct pam_message **,
+			 struct pam_response **);
+int make_remark(pam_handle_t *, unsigned int, int, const char *);
+void _cleanup(pam_handle_t *, void *, int);
+char *_pam_delete(register char *);
+
+/* syslogging function for errors and other information */
+
+void _log_err( int err, const char *format, ... )
+{
+    va_list args;
+
+    va_start( args, format );
+    openlog( "PAM_smbpass", LOG_CONS | LOG_PID, LOG_AUTH );
+    vsyslog( err, format, args );
+    va_end( args );
+    closelog();
+}
+
+/* this is a front-end for module-application conversations */
+
+int converse( pam_handle_t * pamh, int ctrl, int nargs
+              , struct pam_message **message
+              , struct pam_response **response )
+{
+	int retval;
+	struct pam_conv *conv;
+
+	retval = pam_get_item(pamh, PAM_CONV, (const void **) &conv);
+	if (retval == PAM_SUCCESS) {
+
+		retval = conv->conv(nargs, (const struct pam_message **) message
+							,response, conv->appdata_ptr);
+
+		if (retval != PAM_SUCCESS && on(SMB_DEBUG, ctrl)) {
+			_log_err(LOG_DEBUG, "conversation failure [%s]"
+					 ,pam_strerror(pamh, retval));
+		}
+	} else {
+		_log_err(LOG_ERR, "couldn't obtain coversation function [%s]"
+				 ,pam_strerror(pamh, retval));
+	}
+
+	return retval;				/* propagate error status */
+}
+
+int make_remark( pam_handle_t * pamh, unsigned int ctrl
+                 , int type, const char *text )
+{
+	if (off(SMB__QUIET, ctrl)) {
+		struct pam_message *pmsg[1], msg[1];
+		struct pam_response *resp;
+
+		pmsg[0] = &msg[0];
+		msg[0].msg = text;
+		msg[0].msg_style = type;
+		resp = NULL;
+
+		return converse(pamh, ctrl, 1, pmsg, &resp);
+	}
+	return PAM_SUCCESS;
+}
+
+
+/* set the control flags for the SMB module. */
+
+int set_ctrl( int flags, int argc, const char **argv )
+{
+    int i = 0;
+    static pstring servicesf = CONFIGFILE;
+    const char *service_file = servicesf;
+    unsigned int ctrl;
+
+    ctrl = SMB_DEFAULTS;	/* the default selection of options */
+
+    /* set some flags manually */
+
+    /* A good, sane default (matches Samba's behavior). */
+    set( SMB__NONULL, ctrl );
+
+    if (flags & PAM_SILENT) {
+        set( SMB__QUIET, ctrl );
+    }
+
+    /* Run through the arguments once, looking for an alternate smb config
+       file location */
+    while (i < argc) {
+	int j;
+
+	for (j = 0; j < SMB_CTRLS_; ++j) {
+	    if (smb_args[j].token
+	        && !strncmp(argv[i], smb_args[j].token, strlen(smb_args[j].token)))
+	    {
+		break;
+	    }
+	}
+
+	if (j == SMB_CONF_FILE) {
+	    service_file = argv[i] + 8;
+	}
+	i++;
+    }
+
+    /* Read some options from the Samba config. Can be overridden by
+       the PAM config. */
+    if(lp_load(service_file,True,False,False) == False) {
+	_log_err( LOG_ERR, "Error loading service file %s", service_file );
+    }
+
+    if (lp_null_passwords()) {
+        set( SMB__NULLOK, ctrl );
+    }
+
+    /* now parse the rest of the arguments to this module */
+
+    while (argc-- > 0) {
+        int j;
+
+        for (j = 0; j < SMB_CTRLS_; ++j) {
+            if (smb_args[j].token
+	        && !strncmp(*argv, smb_args[j].token, strlen(smb_args[j].token)))
+            {
+                break;
+            }
+        }
+
+        if (j >= SMB_CTRLS_) {
+            _log_err( LOG_ERR, "unrecognized option [%s]", *argv );
+        } else {
+            ctrl &= smb_args[j].mask;	/* for turning things off */
+            ctrl |= smb_args[j].flag;	/* for turning things on  */
+        }
+
+        ++argv;				/* step to next argument */
+    }
+
+    /* auditing is a more sensitive version of debug */
+
+    if (on( SMB_AUDIT, ctrl )) {
+        set( SMB_DEBUG, ctrl );
+    }
+    /* return the set of flags */
+
+    return ctrl;
+}
+
+/* use this to free strings. ESPECIALLY password strings */
+
+char * _pam_delete( register char *xx )
+{
+    _pam_overwrite( xx );
+    _pam_drop( xx );
+    return NULL;
+}
+
+void _cleanup( pam_handle_t * pamh, void *x, int error_status )
+{
+    x = _pam_delete( (char *) x );
+}
+
+/* JHT
+ *
+ * Safe duplication of character strings. "Paranoid"; don't leave
+ * evidence of old token around for later stack analysis.
+ *
+ */
+char * smbpXstrDup( const char *x )
+{
+    register char *new = NULL;
+
+    if (x != NULL) {
+        register int i;
+
+        for (i = 0; x[i]; ++i); /* length of string */
+        if ((new = malloc(++i)) == NULL) {
+            i = 0;
+            _log_err( LOG_CRIT, "out of memory in smbpXstrDup" );
+        } else {
+            while (i-- > 0) {
+                new[i] = x[i];
+            }
+        }
+        x = NULL;
+    }
+    return new;			/* return the duplicate or NULL on error */
+}
+
+/* ************************************************************** *
+ * Useful non-trivial functions                                   *
+ * ************************************************************** */
+
+void _cleanup_failures( pam_handle_t * pamh, void *fl, int err )
+{
+    int quiet;
+    const char *service = NULL;
+    struct _pam_failed_auth *failure;
+
+#ifdef PAM_DATA_SILENT
+    quiet = err & PAM_DATA_SILENT;	/* should we log something? */
+#else
+    quiet = 0;
+#endif
+#ifdef PAM_DATA_REPLACE
+    err &= PAM_DATA_REPLACE;	/* are we just replacing data? */
+#endif
+    failure = (struct _pam_failed_auth *) fl;
+
+    if (failure != NULL) {
+
+#ifdef PAM_DATA_SILENT
+        if (!quiet && !err) {	/* under advisement from Sun,may go away */
+#else
+        if (!quiet) {	/* under advisement from Sun,may go away */
+#endif
+
+            /* log the number of authentication failures */
+            if (failure->count != 0) {
+                pam_get_item( pamh, PAM_SERVICE, (const void **) &service );
+                _log_err( LOG_NOTICE
+                          , "%d authentication %s "
+                            "from %s for service %s as %s(%d)"
+                          , failure->count
+                          , failure->count == 1 ? "failure" : "failures"
+                          , failure->agent
+                          , service == NULL ? "**unknown**" : service 
+                          , failure->user, failure->id );
+                if (failure->count > SMB_MAX_RETRIES) {
+                    _log_err( LOG_ALERT
+                              , "service(%s) ignoring max retries; %d > %d"
+                              , service == NULL ? "**unknown**" : service
+                              , failure->count
+                              , SMB_MAX_RETRIES );
+                }
+            }
+        }
+        _pam_delete( failure->agent );	/* tidy up */
+        _pam_delete( failure->user );	/* tidy up */
+	SAFE_FREE( failure );
+    }
+}
+
+int _smb_verify_password( pam_handle_t * pamh, SAM_ACCOUNT *sampass,
+			  const char *p, unsigned int ctrl )
+{
+    uchar hash_pass[16];
+    uchar lm_pw[16];
+    uchar nt_pw[16];
+    int retval;
+    char *data_name;
+    const char *name;
+
+    if (!sampass)
+        return PAM_ABORT;
+
+    name = pdb_get_username(sampass);
+
+#ifdef HAVE_PAM_FAIL_DELAY
+    if (off( SMB_NODELAY, ctrl )) {
+        (void) pam_fail_delay( pamh, 1000000 );	/* 1 sec delay for on failure */
+    }
+#endif
+
+    if (!pdb_get_lanman_passwd(sampass))
+    {
+        _log_err( LOG_DEBUG, "user %s has null SMB password"
+                  , name );
+
+        if (off( SMB__NONULL, ctrl )
+            && (pdb_get_acct_ctrl(sampass) & ACB_PWNOTREQ))
+        { /* this means we've succeeded */
+            return PAM_SUCCESS;
+        } else {
+            const char *service;
+
+            pam_get_item( pamh, PAM_SERVICE, (const void **)&service );
+            _log_err( LOG_NOTICE
+                      , "failed auth request by %s for service %s as %s(%d)"
+                      , uidtoname( getuid() )
+                      , service ? service : "**unknown**", name
+                      , pdb_get_uid(sampass) );
+            return PAM_AUTH_ERR;
+        }
+    }
+
+    data_name = (char *) malloc( sizeof(FAIL_PREFIX) + strlen( name ));
+    if (data_name == NULL) {
+        _log_err( LOG_CRIT, "no memory for data-name" );
+    }
+    strncpy( data_name, FAIL_PREFIX, sizeof(FAIL_PREFIX) );
+    strncpy( data_name + sizeof(FAIL_PREFIX) - 1, name, strlen( name ) + 1 );
+
+    /* First we check whether we've been given the password in already
+       encrypted form. */
+    if (strlen( p ) == 16 || (strlen( p ) == 32
+         && pdb_gethexpwd( p, (char *) hash_pass ))) {
+
+        if (!memcmp( hash_pass, pdb_get_lanman_passwd(sampass), 16 )
+            || (pdb_get_nt_passwd(sampass)
+                && !memcmp( hash_pass, pdb_get_nt_passwd(sampass), 16 )))
+        {
+            retval = PAM_SUCCESS;
+            if (data_name) {	/* reset failures */
+                pam_set_data( pamh, data_name, NULL, _cleanup_failures );
+            }
+            _pam_delete( data_name );
+            memset( hash_pass, '\0', 16 );
+            return retval;
+        }
+    }
+
+    /*
+     * The password we were given wasn't an encrypted password, or it
+     * didn't match the one we have.  We encrypt the password now and try
+     * again.
+     */
+
+    nt_lm_owf_gen(p, nt_pw, lm_pw);
+
+    /* the moment of truth -- do we agree with the password? */
+
+    if (!memcmp( nt_pw, pdb_get_nt_passwd(sampass), 16 )) {
+
+        retval = PAM_SUCCESS;
+        if (data_name) {		/* reset failures */
+            pam_set_data(pamh, data_name, NULL, _cleanup_failures);
+        }
+    } else {
+
+        const char *service;
+
+        pam_get_item( pamh, PAM_SERVICE, (const void **)&service );
+
+        if (data_name != NULL) {
+            struct _pam_failed_auth *new = NULL;
+            const struct _pam_failed_auth *old = NULL;
+
+            /* get a failure recorder */
+
+            new = (struct _pam_failed_auth *)
+                      malloc( sizeof(struct _pam_failed_auth) );
+
+            if (new != NULL) {
+
+                /* any previous failures for this user ? */
+                pam_get_data(pamh, data_name, (const void **) &old);
+
+                if (old != NULL) {
+                    new->count = old->count + 1;
+                    if (new->count >= SMB_MAX_RETRIES) {
+                        retval = PAM_MAXTRIES;
+                    }
+                } else {
+                    _log_err( LOG_NOTICE
+                      , "failed auth request by %s for service %s as %s(%d)"
+                      , uidtoname( getuid() )
+                      , service ? service : "**unknown**", name
+                      , pdb_get_uid(sampass) );
+                    new->count = 1;
+                }
+                new->user = smbpXstrDup( name );
+                new->id = pdb_get_uid(sampass);
+                new->agent = smbpXstrDup( uidtoname( getuid() ) );
+                pam_set_data( pamh, data_name, new, _cleanup_failures );
+
+            } else {
+                _log_err( LOG_CRIT, "no memory for failure recorder" );
+                _log_err( LOG_NOTICE
+                      , "failed auth request by %s for service %s as %s(%d)"
+                      , uidtoname( getuid() )
+                      , service ? service : "**unknown**", name
+                      , pdb_get_uid(sampass) );
+            }
+        } else {
+            _log_err( LOG_NOTICE
+                      , "failed auth request by %s for service %s as %s(%d)"
+                      , uidtoname( getuid() )
+                      , service ? service : "**unknown**", name
+                      , pdb_get_uid(sampass) );
+            retval = PAM_AUTH_ERR;
+        }
+    }
+
+    _pam_delete( data_name );
+    
+    return retval;
+}
+
+
+/*
+ * _smb_blankpasswd() is a quick check for a blank password
+ *
+ * returns TRUE if user does not have a password
+ * - to avoid prompting for one in such cases (CG)
+ */
+
+int _smb_blankpasswd( unsigned int ctrl, SAM_ACCOUNT *sampass )
+{
+	int retval;
+
+	/*
+	 * This function does not have to be too smart if something goes
+	 * wrong, return FALSE and let this case to be treated somewhere
+	 * else (CG)
+	 */
+
+	if (on( SMB__NONULL, ctrl ))
+		return 0;		/* will fail but don't let on yet */
+
+	if (pdb_get_lanman_passwd(sampass) == NULL)
+		retval = 1;
+	else
+		retval = 0;
+
+	return retval;
+}
+
+/*
+ * obtain a password from the user
+ */
+
+int _smb_read_password( pam_handle_t * pamh, unsigned int ctrl,
+                        const char *comment, const char *prompt1,
+                        const char *prompt2, const char *data_name, char **pass )
+{
+    int authtok_flag;
+    int retval;
+    const char *item = NULL;
+    char *token;
+
+    struct pam_message msg[3], *pmsg[3];
+    struct pam_response *resp;
+    int i, expect;
+
+
+    /* make sure nothing inappropriate gets returned */
+
+    *pass = token = NULL;
+
+    /* which authentication token are we getting? */
+
+    authtok_flag = on(SMB__OLD_PASSWD, ctrl) ? PAM_OLDAUTHTOK : PAM_AUTHTOK;
+
+    /* should we obtain the password from a PAM item ? */
+
+    if (on(SMB_TRY_FIRST_PASS, ctrl) || on(SMB_USE_FIRST_PASS, ctrl)) {
+        retval = pam_get_item( pamh, authtok_flag, (const void **) &item );
+        if (retval != PAM_SUCCESS) {
+            /* very strange. */
+            _log_err( LOG_ALERT
+                      , "pam_get_item returned error to smb_read_password" );
+            return retval;
+        } else if (item != NULL) {	/* we have a password! */
+            *pass = item;
+            item = NULL;
+            return PAM_SUCCESS;
+        } else if (on( SMB_USE_FIRST_PASS, ctrl )) {
+            return PAM_AUTHTOK_RECOVER_ERR;		/* didn't work */
+        } else if (on( SMB_USE_AUTHTOK, ctrl )
+                   && off( SMB__OLD_PASSWD, ctrl ))
+        {
+            return PAM_AUTHTOK_RECOVER_ERR;
+        }
+    }
+
+    /*
+     * getting here implies we will have to get the password from the
+     * user directly.
+     */
+
+    /* prepare to converse */
+    if (comment != NULL && off(SMB__QUIET, ctrl)) {
+        pmsg[0] = &msg[0];
+        msg[0].msg_style = PAM_TEXT_INFO;
+        msg[0].msg = comment;
+        i = 1;
+    } else {
+        i = 0;
+    }
+
+    pmsg[i] = &msg[i];
+    msg[i].msg_style = PAM_PROMPT_ECHO_OFF;
+    msg[i++].msg = prompt1;
+
+    if (prompt2 != NULL) {
+        pmsg[i] = &msg[i];
+        msg[i].msg_style = PAM_PROMPT_ECHO_OFF;
+        msg[i++].msg = prompt2;
+        expect = 2;
+    } else
+        expect = 1;
+
+    resp = NULL;
+
+    retval = converse( pamh, ctrl, i, pmsg, &resp );
+
+    if (resp != NULL) {
+        int j = comment ? 1 : 0;
+        /* interpret the response */
+
+        if (retval == PAM_SUCCESS) {	/* a good conversation */
+
+            token = smbpXstrDup(resp[j++].resp);
+            if (token != NULL) {
+                if (expect == 2) {
+                    /* verify that password entered correctly */
+                    if (!resp[j].resp || strcmp( token, resp[j].resp )) {
+                        _pam_delete( token );
+                        retval = PAM_AUTHTOK_RECOVER_ERR;
+                        make_remark( pamh, ctrl, PAM_ERROR_MSG
+                                     , MISTYPED_PASS );
+                    }
+                }
+            } else {
+                _log_err(LOG_NOTICE, "could not recover authentication token");
+            }
+        }
+
+        /* tidy up */
+        _pam_drop_reply( resp, expect );
+
+    } else {
+        retval = (retval == PAM_SUCCESS) ? PAM_AUTHTOK_RECOVER_ERR : retval;
+    }
+
+    if (retval != PAM_SUCCESS) {
+        if (on( SMB_DEBUG, ctrl ))
+            _log_err( LOG_DEBUG, "unable to obtain a password" );
+        return retval;
+    }
+    /* 'token' is the entered password */
+
+    if (off( SMB_NOT_SET_PASS, ctrl )) {
+
+        /* we store this password as an item */
+
+        retval = pam_set_item( pamh, authtok_flag, (const void *)token );
+        _pam_delete( token );		/* clean it up */
+        if (retval != PAM_SUCCESS
+            || (retval = pam_get_item( pamh, authtok_flag
+                            ,(const void **)&item )) != PAM_SUCCESS)
+        {
+            _log_err( LOG_CRIT, "error manipulating password" );
+            return retval;
+        }
+    } else {
+        /*
+         * then store it as data specific to this module. pam_end()
+         * will arrange to clean it up.
+         */
+
+        retval = pam_set_data( pamh, data_name, (void *) token, _cleanup );
+        if (retval != PAM_SUCCESS
+            || (retval = pam_get_data( pamh, data_name, (const void **)&item ))
+                             != PAM_SUCCESS)
+        {
+            _log_err( LOG_CRIT, "error manipulating password data [%s]"
+                      , pam_strerror( pamh, retval ));
+            _pam_delete( token );
+            item = NULL;
+            return retval;
+        }
+        token = NULL;			/* break link to password */
+    }
+
+    *pass = item;
+    item = NULL;			/* break link to password */
+
+    return PAM_SUCCESS;
+}
+
+int _pam_smb_approve_pass(pam_handle_t * pamh,
+		unsigned int ctrl,
+		const char *pass_old,
+		const char *pass_new )
+{
+
+    /* Further checks should be handled through module stacking. -SRL */
+    if (pass_new == NULL || (pass_old && !strcmp( pass_old, pass_new )))
+    {
+	if (on(SMB_DEBUG, ctrl)) {
+	    _log_err( LOG_DEBUG,
+	              "passwd: bad authentication token (null or unchanged)" );
+	}
+	make_remark( pamh, ctrl, PAM_ERROR_MSG, pass_new == NULL ?
+				"No password supplied" : "Password unchanged" );
+	return PAM_AUTHTOK_ERR;
+    }
+
+    return PAM_SUCCESS;
+}
diff --git a/source3/pam_smbpass/support.h b/source3/pam_smbpass/support.h
new file mode 100644
index 0000000000..a13a2d0aeb
--- /dev/null
+++ b/source3/pam_smbpass/support.h
@@ -0,0 +1,50 @@
+/* syslogging function for errors and other information */
+extern void _log_err(int, const char *, ...);
+
+/* set the control flags for the UNIX module. */
+extern int set_ctrl(int, int, const char **);
+
+/* generic function for freeing pam data segments */
+extern void _cleanup(pam_handle_t *, void *, int);
+
+/*
+ * Safe duplication of character strings. "Paranoid"; don't leave
+ * evidence of old token around for later stack analysis.
+ */
+
+extern char *smbpXstrDup(const char *);
+
+/* ************************************************************** *
+ * Useful non-trivial functions                                   *
+ * ************************************************************** */
+
+extern void _cleanup_failures(pam_handle_t *, void *, int);
+
+/* compare 2 strings */
+extern BOOL strequal(const char *, const char *);
+
+extern struct smb_passwd *
+_my_get_smbpwnam(FILE *, const char *, BOOL *, BOOL *, long *);
+
+extern int _smb_verify_password( pam_handle_t *pamh , SAM_ACCOUNT *sampass, 
+	const char *p, unsigned int ctrl );
+
+/*
+ * this function obtains the name of the current user and ensures
+ * that the PAM_USER item is set to this value
+ */
+
+extern int _smb_get_user(pam_handle_t *, unsigned int,
+			 const char *, const char **);
+
+/* _smb_blankpasswd() is a quick check for a blank password */
+
+extern int _smb_blankpasswd(unsigned int, SAM_ACCOUNT *);
+
+
+/* obtain a password from the user */
+extern int _smb_read_password( pam_handle_t *, unsigned int, const char*,
+				const char *, const char *, const char *, char **);
+
+extern int _pam_smb_approve_pass(pam_handle_t *, unsigned int, const char *,
+				 const char *);
diff --git a/source3/param/.cvsignore b/source3/param/.cvsignore
new file mode 100644
index 0000000000..76e2d7ff3e
--- /dev/null
+++ b/source3/param/.cvsignore
@@ -0,0 +1,3 @@
+*.po32
+*.po
+
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index c61ab26781..bdd710f5fe 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -1,10 +1,11 @@
 /* 
-   Unix SMB/Netbios implementation.
-   Version 1.9.
+   Unix SMB/CIFS implementation.
    Parameter loading functions
-   Copyright (C) Karl Auer 1993,1994
+   Copyright (C) Karl Auer 1993-1998
 
    Largely re-written by Andrew Tridgell, September 1994
+
+   Copyright (C) Simo Sorce 2001
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -49,29 +50,19 @@
 
 #include "includes.h"
 
-#include "params.h"
-#include "loadparm.h"
-#include "pcap.h"
-
+BOOL in_client = False;		/* Not in the client by default */
 BOOL bLoaded = False;
 
-extern int DEBUGLEVEL;
-extern int ReadSize;
+extern userdom_struct current_user_info;
+extern int DEBUGLEVEL_CLASS[DBGC_LAST];
 extern pstring user_socket_options;
-extern pstring smbrun_path;
+extern pstring global_myname;
+pstring global_scope = "";
 
 #ifndef GLOBAL_NAME
 #define GLOBAL_NAME "global"
 #endif
 
-#ifndef PRINTCAP_NAME
-#ifdef AIX
-#define PRINTCAP_NAME "/etc/qconfig"
-#else
-#define PRINTCAP_NAME "/etc/printcap"
-#endif
-#endif
-
 #ifndef PRINTERS_NAME
 #define PRINTERS_NAME "printers"
 #endif
@@ -81,87 +72,211 @@ extern pstring smbrun_path;
 #endif
 
 /* some helpful bits */
-#define pSERVICE(i) ServicePtrs[i]
-#define iSERVICE(i) (*pSERVICE(i))
-#define LP_SNUM_OK(iService) (((iService) >= 0) && ((iService) < iNumServices) && iSERVICE(iService).valid)
-#define VALID(i) iSERVICE(i).valid
-
-/* these are the types of parameter we have */
-typedef enum
-{
-  P_BOOL,P_BOOLREV,P_CHAR,P_INTEGER,P_OCTAL,P_STRING,P_GSTRING
-} parm_type;
-
-typedef enum
-{
-  P_LOCAL,P_GLOBAL,P_NONE
-} parm_class;
+#define LP_SNUM_OK(i) (((i) >= 0) && ((i) < iNumServices) && ServicePtrs[(i)]->valid)
+#define VALID(i) ServicePtrs[i]->valid
 
-int keepalive=0;
-extern BOOL use_getwd_cache;
+int keepalive = DEFAULT_KEEPALIVE;
+BOOL use_getwd_cache = True;
 
 extern int extra_time_offset;
-#ifdef KANJI
-extern int coding_system;
-#endif
+
+static BOOL defaults_saved = False;
 
 /* 
  * This structure describes global (ie., server-wide) parameters.
  */
 typedef struct
 {
-   char *szPrintcapname;
-   char *szLockDir;
-   char *szRootdir;
-   char *szDefaultService;
-   char *szDfree;
-   char *szMsgCommand;
-   char *szHostsEquiv;
-   char *szServerString;
-   char *szAutoServices;
-   char *szPasswdProgram;
-   char *szPasswdChat;
-   char *szLogFile;
-   char *szConfigFile;
-   char *szSMBPasswdFile;
-   char *szPasswordServer;
-   char *szSocketOptions;
-   char *szValidChars;
-   char *szWorkGroup;
-   char *szDomainController;
-   char *szUsernameMap;
-   char *szCharacterSet;
-   char *szLogonScript;
-   int max_log_size;
-   int mangled_stack;
-   int max_xmit;
-   int max_mux;
-   int max_packet;
-   int pwordlevel;
-   int deadtime;
-   int maxprotocol;
-   int security;
-   int printing;
-   int maxdisksize;
-   int lpqcachetime;
-   int syslog;
-   int os_level;
-   int max_ttl;
-   BOOL bPreferredMaster;
-   BOOL bDomainMaster;
-   BOOL bDomainLogons;
-   BOOL bEncryptPasswords;
-   BOOL bStripDot;
-   BOOL bNullPasswords;
-   BOOL bLoadPrinters;
-   BOOL bUseRhosts;
-   BOOL bReadRaw;
-   BOOL bWriteRaw;
-   BOOL bReadPrediction;
-   BOOL bReadbmpx;
-   BOOL bSyslogOnly;
-   BOOL bBrowseList;
-} global;
+	char *dos_charset;
+	char *unix_charset;
+	char *display_charset;
+	char *szPrintcapname;
+	char *szEnumPortsCommand;
+	char *szAddPrinterCommand;
+	char *szDeletePrinterCommand;
+	char *szOs2DriverMap;
+	char *szLockDir;
+	char *szRootdir;
+	char *szDefaultService;
+	char *szDfree;
+	char *szMsgCommand;
+	char *szHostsEquiv;
+	char *szServerString;
+	char *szAutoServices;
+	char *szPasswdProgram;
+	char *szPasswdChat;
+	char *szLogFile;
+	char *szConfigFile;
+	char *szSMBPasswdFile;
+	char *szPrivateDir;
+	char *szPassdbBackend;
+	char *szPasswordServer;
+	char *szSocketOptions;
+	char *szWorkGroup;
+	char *szRealm;
+	char *szADSserver;
+	char *szUsernameMap;
+	char *szLogonScript;
+	char *szLogonPath;
+	char *szLogonDrive;
+	char *szLogonHome;
+	char *szWINSserver;
+	char **szInterfaces;
+	char *szRemoteAnnounce;
+	char *szRemoteBrowseSync;
+	char *szSocketAddress;
+	char *szNISHomeMapName;
+	char *szAnnounceVersion;	/* This is initialised in init_globals */
+	char **szNetbiosAliases;
+	char *szDomainOtherSIDs;
+	char *szNameResolveOrder;
+	char *szPanicAction;
+	char *szAddUserScript;
+	char *szDelUserScript;
+	char *szAddGroupScript;
+	char *szDelGroupScript;
+	char *szAddUserToGroupScript;
+	char *szDelUserToGroupScript;
+	char *szAddMachineScript;
+	char *szShutdownScript;
+	char *szAbortShutdownScript;
+	char *szWINSHook;
+	char *szWINSPartners;
+#ifdef WITH_UTMP
+	char *szUtmpDir;
+	char *szWtmpDir;
+	BOOL bUtmp;
+#endif
+	char *szSourceEnv;
+	char *szWinbindUID;
+	char *szWinbindGID;
+	char *szNonUnixAccountRange;
+	char *szTemplateHomedir;
+	char *szTemplateShell;
+	char *szWinbindSeparator;
+	BOOL bWinbindEnumUsers;
+	BOOL bWinbindEnumGroups;
+	BOOL bWinbindUseDefaultDomain;
+	char *szAddShareCommand;
+	char *szChangeShareCommand;
+	char *szDeleteShareCommand;
+	char *szGuestaccount;
+	char *szManglingMethod;
+	int max_log_size;
+	int mangled_stack;
+	int max_xmit;
+	int max_mux;
+	int max_open_files;
+	int max_packet;
+	int pwordlevel;
+	int unamelevel;
+	int deadtime;
+	int maxprotocol;
+	int minprotocol;
+	int security;
+	char **AuthMethods;
+	BOOL paranoid_server_security;
+	int maxdisksize;
+	int lpqcachetime;
+	int iMaxSmbdProcesses;
+	BOOL bDisableSpoolss;
+	int iTotalPrintJobs;
+	int syslog;
+	int os_level;
+	int enhanced_browsing;
+	int max_ttl;
+	int max_wins_ttl;
+	int min_wins_ttl;
+	int ReadSize;
+	int lm_announce;
+	int lm_interval;
+	int announce_as;	/* This is initialised in init_globals */
+	int machine_password_timeout;
+	int change_notify_timeout;
+	int stat_cache_size;
+	int map_to_guest;
+	int min_passwd_length;
+	int oplock_break_wait_time;
+	int winbind_cache_time;
+	int iLockSpinCount;
+	int iLockSpinTime;
+#ifdef WITH_LDAP_SAM
+	char *szLdapMachineSuffix;
+	char *szLdapUserSuffix;
+	int ldap_port;
+	int ldap_ssl;
+	char *szLdapSuffix;
+	char *szLdapFilter;
+	char *szLdapAdminDn;
+#endif				/* WITH_LDAP_SAM */
+#ifdef WITH_SSL
+	int sslVersion;
+	char **sslHostsRequire;
+	char **sslHostsResign;
+	char *sslCaCertDir;
+	char *sslCaCertFile;
+	char *sslServerCert;
+	char *sslServerPrivKey;
+	char *sslClientCert;
+	char *sslClientPrivKey;
+	char *sslCiphers;
+	char *sslEgdSocket;
+	char *sslEntropyFile;
+	int  sslEntropyBytes;
+	BOOL sslEnabled;
+	BOOL sslReqClientCert;
+	BOOL sslReqServerCert;
+	BOOL sslCompatibility;
+#endif				/* WITH_SSL */
+	BOOL bMsAddPrinterWizard;
+	BOOL bDNSproxy;
+	BOOL bWINSsupport;
+	BOOL bWINSproxy;
+	BOOL bLocalMaster;
+	BOOL bPreferredMaster;
+	BOOL bDomainMaster;
+	BOOL bDomainLogons;
+	BOOL bEncryptPasswords;
+	BOOL bUpdateEncrypt;
+	BOOL bStripDot;
+	BOOL bNullPasswords;
+	BOOL bObeyPamRestrictions;
+	BOOL bLoadPrinters;
+	BOOL bLargeReadwrite;
+	BOOL bReadRaw;
+	BOOL bWriteRaw;
+	BOOL bReadPrediction;
+	BOOL bReadbmpx;
+	BOOL bSyslogOnly;
+	BOOL bAdminLog;
+	BOOL bBrowseList;
+	BOOL bNISHomeMap;
+	BOOL bTimeServer;
+	BOOL bBindInterfacesOnly;
+	BOOL bPamPasswordChange;
+	BOOL bUnixPasswdSync;
+	BOOL bPasswdChatDebug;
+	BOOL bTimestampLogs;
+	BOOL bNTSmbSupport;
+	BOOL bNTPipeSupport;
+	BOOL bNTStatusSupport;
+	BOOL bStatCache;
+	BOOL bKernelOplocks;
+	BOOL bAllowTrustedDomains;
+	BOOL bRestrictAnonymous;
+	BOOL bLanmanAuth;
+	BOOL bNTLMAuth;
+	BOOL bDebugHiresTimestamp;
+	BOOL bDebugPid;
+	BOOL bDebugUid;
+	BOOL bHostMSDfs;
+	BOOL bHideLocalUsers;
+	BOOL bUnicode;
+	BOOL bUseMmap;
+	BOOL bHostnameLookups;
+	BOOL bUseSpnego;
+}
+global;
 
 static global Globals;
 
@@ -172,477 +287,1195 @@ static global Globals;
  */
 typedef struct
 {
-  BOOL valid;
-  char *szService;
-  char *szPath;
-  char *szUsername;
-  char *szGuestaccount;
-  char *szInvalidUsers;
-  char *szValidUsers;
-  char *szAdminUsers;
-  char *szCopy;
-  char *szInclude;
-  char *szPreExec;
-  char *szPostExec;
-  char *szRootPreExec;
-  char *szRootPostExec;
-  char *szPrintcommand;
-  char *szLpqcommand;
-  char *szLprmcommand;
-  char *szLppausecommand;
-  char *szLpresumecommand;
-  char *szPrintername;
-  char *szDontdescend;
-  char *szHostsallow;
-  char *szHostsdeny;
-  char *szMagicScript;
-  char *szMagicOutput;
-  char *szMangledMap;
-  char *comment;
-  char *force_user;
-  char *force_group;
-  char *readlist;
-  char *writelist;
-  char *volume;
-  int  iMinPrintSpace;
-  int  iCreate_mode;
-  int  iMaxConnections;
-  int  iDefaultCase;
-  BOOL bAlternatePerm;
-  BOOL bRevalidate;
-  BOOL bCaseSensitive;
-  BOOL bCasePreserve;
-  BOOL bShortCasePreserve;
-  BOOL bCaseMangle;
-  BOOL status;
-  BOOL bHideDotFiles;
-  BOOL bBrowseable;
-  BOOL bAvailable;
-  BOOL bRead_only;
-  BOOL bNo_set_dir;
-  BOOL bGuest_only;
-  BOOL bGuest_ok;
-  BOOL bPrint_ok;
-  BOOL bPostscript;
-  BOOL bMap_system;
-  BOOL bMap_hidden;
-  BOOL bMap_archive;
-  BOOL bLocking;
-  BOOL bStrictLocking;
-  BOOL bShareModes;
-  BOOL bOnlyUser;
-  BOOL bMangledNames;
-  BOOL bWidelinks;
-  BOOL bSyncAlways;
-  char magic_char;
-  BOOL *copymap;
-  char dummy[3]; /* for alignment */
-} service;
+	BOOL valid;
+	BOOL autoloaded;
+	char *szService;
+	char *szPath;
+	char *szUsername;
+	char **szInvalidUsers;
+	char **szValidUsers;
+	char **szAdminUsers;
+	char *szCopy;
+	char *szInclude;
+	char *szPreExec;
+	char *szPostExec;
+	char *szRootPreExec;
+	char *szRootPostExec;
+	char *szPrintcommand;
+	char *szLpqcommand;
+	char *szLprmcommand;
+	char *szLppausecommand;
+	char *szLpresumecommand;
+	char *szQueuepausecommand;
+	char *szQueueresumecommand;
+	char *szPrintername;
+	char *szPrinterDriver;
+	char *szPrinterDriverLocation;
+	char *szDriverFile;
+	char *szDontdescend;
+	char **szHostsallow;
+	char **szHostsdeny;
+	char *szMagicScript;
+	char *szMagicOutput;
+	char *szMangledMap;
+	char *szVetoFiles;
+	char *szHideFiles;
+	char *szVetoOplockFiles;
+	char *comment;
+	char *force_user;
+	char *force_group;
+	char **readlist;
+	char **writelist;
+	char **printer_admin;
+	char *volume;
+	char *fstype;
+	char *szVfsObjectFile;
+	char *szVfsOptions;
+	int iMinPrintSpace;
+	int iMaxPrintJobs;
+	int iWriteCacheSize;
+	int iCreate_mask;
+	int iCreate_force_mode;
+	int iSecurity_mask;
+	int iSecurity_force_mode;
+	int iDir_mask;
+	int iDir_force_mode;
+	int iDir_Security_mask;
+	int iDir_Security_force_mode;
+	int iMaxConnections;
+	int iDefaultCase;
+	int iPrinting;
+	int iOplockContentionLimit;
+	int iCSCPolicy;
+	BOOL bAlternatePerm;
+	BOOL bPreexecClose;
+	BOOL bRootpreexecClose;
+	BOOL bCaseSensitive;
+	BOOL bCasePreserve;
+	BOOL bShortCasePreserve;
+	BOOL bCaseMangle;
+	BOOL bHideDotFiles;
+	BOOL bHideUnReadable;
+	BOOL bBrowseable;
+	BOOL bAvailable;
+	BOOL bRead_only;
+	BOOL bNo_set_dir;
+	BOOL bGuest_only;
+	BOOL bGuest_ok;
+	BOOL bPrint_ok;
+	BOOL bPostscript;
+	BOOL bMap_system;
+	BOOL bMap_hidden;
+	BOOL bMap_archive;
+	BOOL bLocking;
+	BOOL bStrictLocking;
+	BOOL bPosixLocking;
+	BOOL bShareModes;
+	BOOL bOpLocks;
+	BOOL bLevel2OpLocks;
+	BOOL bOnlyUser;
+	BOOL bMangledNames;
+	BOOL bWidelinks;
+	BOOL bSymlinks;
+	BOOL bSyncAlways;
+	BOOL bStrictAllocate;
+	BOOL bStrictSync;
+	char magic_char;
+	BOOL *copymap;
+	BOOL bDeleteReadonly;
+	BOOL bFakeOplocks;
+	BOOL bDeleteVetoFiles;
+	BOOL bDosFilemode;
+	BOOL bDosFiletimes;
+	BOOL bDosFiletimeResolution;
+	BOOL bFakeDirCreateTimes;
+	BOOL bBlockingLocks;
+	BOOL bInheritPerms;
+	BOOL bInheritACLS;
+	BOOL bMSDfsRoot;
+	BOOL bUseClientDriver;
+	BOOL bDefaultDevmode;
+	BOOL bNTAclSupport;
+
+	char dummy[3];		/* for alignment */
+}
+service;
 
 
 /* This is a default service used to prime a services structure */
-static service sDefault = 
-{
-  True,   /* valid */
-  NULL,    /* szService */
-  NULL,    /* szPath */
-  NULL,    /* szUsername */
-  NULL,    /* szGuestAccount */
-  NULL,    /* szInvalidUsers */
-  NULL,    /* szValidUsers */
-  NULL,    /* szAdminUsers */
-  NULL,    /* szCopy */
-  NULL,    /* szInclude */
-  NULL,    /* szPreExec */
-  NULL,    /* szPostExec */
-  NULL,    /* szRootPreExec */
-  NULL,    /* szRootPostExec */
-  NULL,    /* szPrintcommand */
-  NULL,    /* szLpqcommand */
-  NULL,    /* szLprmcommand */
-  NULL,    /* szLppausecommand */
-  NULL,    /* szLpresumecommand */
-  NULL,    /* szPrintername */
-  NULL,    /* szDontdescend */
-  NULL,    /* szHostsallow */
-  NULL,    /* szHostsdeny */
-  NULL,    /* szMagicScript */
-  NULL,    /* szMagicOutput */
-  NULL,    /* szMangledMap */
-  NULL,    /* comment */
-  NULL,    /* force user */
-  NULL,    /* force group */
-  NULL,    /* readlist */
-  NULL,    /* writelist */
-  NULL,    /* volume */
-  0,       /* iMinPrintSpace */
-  0755,    /* iCreate_mode */
-  0,       /* iMaxConnections */
-  CASE_LOWER, /* iDefaultCase */
-  False,   /* bAlternatePerm */
-  False,   /* revalidate */
-  False,   /* case sensitive */
-  False,   /* case preserve */
-  False,   /* short case preserve */
-  False,  /* case mangle */
-  True,  /* status */
-  True,  /* bHideDotFiles */
-  True,  /* bBrowseable */
-  True,  /* bAvailable */
-  True,  /* bRead_only */
-  True,  /* bNo_set_dir */
-  False, /* bGuest_only */
-  False, /* bGuest_ok */
-  False, /* bPrint_ok */
-  False, /* bPostscript */
-  False, /* bMap_system */
-  False, /* bMap_hidden */
-  True,  /* bMap_archive */
-  True,  /* bLocking */
-  False,  /* bStrictLocking */
-  True,  /* bShareModes */
-  False, /* bOnlyUser */
-  True,  /* bMangledNames */
-  True,  /* bWidelinks */
-  False, /* bSyncAlways */
-  '~',   /* magic char */
-  NULL,  /* copymap */
-  ""     /* dummy */
+static service sDefault = {
+	True,			/* valid */
+	False,			/* not autoloaded */
+	NULL,			/* szService */
+	NULL,			/* szPath */
+	NULL,			/* szUsername */
+	NULL,			/* szInvalidUsers */
+	NULL,			/* szValidUsers */
+	NULL,			/* szAdminUsers */
+	NULL,			/* szCopy */
+	NULL,			/* szInclude */
+	NULL,			/* szPreExec */
+	NULL,			/* szPostExec */
+	NULL,			/* szRootPreExec */
+	NULL,			/* szRootPostExec */
+	NULL,			/* szPrintcommand */
+	NULL,			/* szLpqcommand */
+	NULL,			/* szLprmcommand */
+	NULL,			/* szLppausecommand */
+	NULL,			/* szLpresumecommand */
+	NULL,			/* szQueuepausecommand */
+	NULL,			/* szQueueresumecommand */
+	NULL,			/* szPrintername */
+	NULL,			/* szPrinterDriver - this is set in init_globals() */
+	NULL,			/* szPrinterDriverLocation */
+	NULL,			/* szDriverFile */
+	NULL,			/* szDontdescend */
+	NULL,			/* szHostsallow */
+	NULL,			/* szHostsdeny */
+	NULL,			/* szMagicScript */
+	NULL,			/* szMagicOutput */
+	NULL,			/* szMangledMap */
+	NULL,			/* szVetoFiles */
+	NULL,			/* szHideFiles */
+	NULL,			/* szVetoOplockFiles */
+	NULL,			/* comment */
+	NULL,			/* force user */
+	NULL,			/* force group */
+	NULL,			/* readlist */
+	NULL,			/* writelist */
+	NULL,			/* printer admin */
+	NULL,			/* volume */
+	NULL,			/* fstype */
+	NULL,			/* vfs object */
+	NULL,			/* vfs options */
+	0,			/* iMinPrintSpace */
+	1000,			/* iMaxPrintJobs */
+	0,			/* iWriteCacheSize */
+	0744,			/* iCreate_mask */
+	0000,			/* iCreate_force_mode */
+	0777,			/* iSecurity_mask */
+	0,			/* iSecurity_force_mode */
+	0755,			/* iDir_mask */
+	0000,			/* iDir_force_mode */
+	0777,			/* iDir_Security_mask */
+	0,			/* iDir_Security_force_mode */
+	0,			/* iMaxConnections */
+	CASE_LOWER,		/* iDefaultCase */
+	DEFAULT_PRINTING,	/* iPrinting */
+	2,			/* iOplockContentionLimit */
+	0,			/* iCSCPolicy */
+	False,			/* bAlternatePerm */
+	False,			/* bPreexecClose */
+	False,			/* bRootpreexecClose */
+	False,			/* case sensitive */
+	True,			/* case preserve */
+	True,			/* short case preserve */
+	False,			/* case mangle */
+	True,			/* bHideDotFiles */
+	False,			/* bHideUnReadable */
+	True,			/* bBrowseable */
+	True,			/* bAvailable */
+	True,			/* bRead_only */
+	True,			/* bNo_set_dir */
+	False,			/* bGuest_only */
+	False,			/* bGuest_ok */
+	False,			/* bPrint_ok */
+	False,			/* bPostscript */
+	False,			/* bMap_system */
+	False,			/* bMap_hidden */
+	True,			/* bMap_archive */
+	True,			/* bLocking */
+	True,			/* bStrictLocking */
+	True,			/* bPosixLocking */
+	True,			/* bShareModes */
+	True,			/* bOpLocks */
+	True,			/* bLevel2OpLocks */
+	False,			/* bOnlyUser */
+	True,			/* bMangledNames */
+	True,			/* bWidelinks */
+	True,			/* bSymlinks */
+	False,			/* bSyncAlways */
+	False,			/* bStrictAllocate */
+	False,			/* bStrictSync */
+	'~',			/* magic char */
+	NULL,			/* copymap */
+	False,			/* bDeleteReadonly */
+	False,			/* bFakeOplocks */
+	False,			/* bDeleteVetoFiles */
+	False,			/* bDosFilemode */
+	False,			/* bDosFiletimes */
+	False,			/* bDosFiletimeResolution */
+	False,			/* bFakeDirCreateTimes */
+	True,			/* bBlockingLocks */
+	False,			/* bInheritPerms */
+	False,			/* bInheritACLS */
+	False,			/* bMSDfsRoot */
+	False,			/* bUseClientDriver */
+	False,			/* bDefaultDevmode */
+	True,			/* bNTAclSupport */
+
+	""			/* dummy */
 };
 
-
-
 /* local variables */
 static service **ServicePtrs = NULL;
 static int iNumServices = 0;
 static int iServiceIndex = 0;
 static BOOL bInGlobalSection = True;
 static BOOL bGlobalOnly = False;
-
+static int server_role;
+static int default_server_announce;
 
 #define NUMPARAMETERS (sizeof(parm_table) / sizeof(struct parm_struct))
 
 /* prototypes for the special type handlers */
-static BOOL handle_valid_chars(char *pszParmValue, char **ptr);
 static BOOL handle_include(char *pszParmValue, char **ptr);
 static BOOL handle_copy(char *pszParmValue, char **ptr);
-static BOOL handle_protocol(char *pszParmValue,int *val);
-static BOOL handle_security(char *pszParmValue,int *val);
-static BOOL handle_case(char *pszParmValue,int *val);
-static BOOL handle_printing(char *pszParmValue,int *val);
-static BOOL handle_character_set(char *pszParmValue,int *val);
-#ifdef KANJI
-static BOOL handle_coding_system(char *pszParmValue,int *val);
-#endif /* KANJI */
-
-struct parm_struct
-{
-  char *label;
-  parm_type type;
-  parm_class class;
-  void *ptr;
-  BOOL (*special)();
-} parm_table[] =
-{
-  {"debuglevel",       P_INTEGER, P_GLOBAL, &DEBUGLEVEL,                NULL},
-  {"log level",        P_INTEGER, P_GLOBAL, &DEBUGLEVEL,                NULL},
-  {"syslog",           P_INTEGER, P_GLOBAL, &Globals.syslog,            NULL},
-  {"syslog only",      P_BOOL,    P_GLOBAL, &Globals.bSyslogOnly,       NULL},
-  {"protocol",         P_INTEGER, P_GLOBAL, &Globals.maxprotocol,handle_protocol},
-  {"security",         P_INTEGER, P_GLOBAL, &Globals.security,handle_security},
-  {"printing",         P_INTEGER, P_GLOBAL, &Globals.printing,handle_printing},
-  {"max disk size",    P_INTEGER, P_GLOBAL, &Globals.maxdisksize,       NULL},
-  {"lpq cache time",   P_INTEGER, P_GLOBAL, &Globals.lpqcachetime,      NULL},
-  {"encrypt passwords",P_BOOL,    P_GLOBAL, &Globals.bEncryptPasswords, NULL},
-  {"getwd cache",      P_BOOL,    P_GLOBAL, &use_getwd_cache,           NULL},
-  {"read prediction",  P_BOOL,    P_GLOBAL, &Globals.bReadPrediction,   NULL},
-  {"read bmpx",        P_BOOL,    P_GLOBAL, &Globals.bReadbmpx,         NULL},
-  {"read raw",         P_BOOL,    P_GLOBAL, &Globals.bReadRaw,          NULL},
-  {"write raw",        P_BOOL,    P_GLOBAL, &Globals.bWriteRaw,         NULL},
-  {"use rhosts",       P_BOOL,    P_GLOBAL, &Globals.bUseRhosts,        NULL},
-  {"load printers",    P_BOOL,    P_GLOBAL, &Globals.bLoadPrinters,     NULL},
-  {"null passwords",   P_BOOL,    P_GLOBAL, &Globals.bNullPasswords,    NULL},
-  {"strip dot",        P_BOOL,    P_GLOBAL, &Globals.bStripDot,         NULL},
-  {"password server",  P_STRING,  P_GLOBAL, &Globals.szPasswordServer,  NULL},
-  {"socket options",   P_GSTRING, P_GLOBAL, user_socket_options,        NULL},
-  {"smbrun",           P_GSTRING, P_GLOBAL, smbrun_path,                NULL},
-  {"log file",         P_STRING,  P_GLOBAL, &Globals.szLogFile,         NULL},
-  {"config file",      P_STRING,  P_GLOBAL, &Globals.szConfigFile,      NULL},
-  {"smb passwd file",  P_STRING,  P_GLOBAL, &Globals.szSMBPasswdFile,   NULL},
-  {"hosts equiv",      P_STRING,  P_GLOBAL, &Globals.szHostsEquiv,      NULL},
-  {"preload",          P_STRING,  P_GLOBAL, &Globals.szAutoServices,    NULL},
-  {"auto services",    P_STRING,  P_GLOBAL, &Globals.szAutoServices,    NULL},
-  {"server string",    P_STRING,  P_GLOBAL, &Globals.szServerString,    NULL},
-  {"printcap name",    P_STRING,  P_GLOBAL, &Globals.szPrintcapname,    NULL},
-  {"printcap",         P_STRING,  P_GLOBAL, &Globals.szPrintcapname,    NULL},
-  {"lock dir",         P_STRING,  P_GLOBAL, &Globals.szLockDir,         NULL},
-  {"lock directory",   P_STRING,  P_GLOBAL, &Globals.szLockDir,         NULL},
-  {"root directory",   P_STRING,  P_GLOBAL, &Globals.szRootdir,         NULL},
-  {"root dir",         P_STRING,  P_GLOBAL, &Globals.szRootdir,         NULL},
-  {"root",             P_STRING,  P_GLOBAL, &Globals.szRootdir,         NULL},
-  {"default service",  P_STRING,  P_GLOBAL, &Globals.szDefaultService,  NULL},
-  {"default",          P_STRING,  P_GLOBAL, &Globals.szDefaultService,  NULL},
-  {"message command",  P_STRING,  P_GLOBAL, &Globals.szMsgCommand,      NULL},
-  {"dfree command",    P_STRING,  P_GLOBAL, &Globals.szDfree,           NULL},
-  {"passwd program",   P_STRING,  P_GLOBAL, &Globals.szPasswdProgram,   NULL},
-  {"passwd chat",      P_STRING,  P_GLOBAL, &Globals.szPasswdChat,      NULL},
-  {"valid chars",      P_STRING,  P_GLOBAL, &Globals.szValidChars,      handle_valid_chars},
-  {"workgroup",        P_STRING,  P_GLOBAL, &Globals.szWorkGroup,       NULL},
-  {"domain controller",P_STRING,  P_GLOBAL, &Globals.szDomainController,NULL},
-  {"username map",     P_STRING,  P_GLOBAL, &Globals.szUsernameMap,     NULL},
-  {"character set",    P_STRING,  P_GLOBAL, &Globals.szCharacterSet,    handle_character_set},
-  {"logon script",     P_STRING,  P_GLOBAL, &Globals.szLogonScript,     NULL},
-  {"max log size",     P_INTEGER, P_GLOBAL, &Globals.max_log_size,      NULL},
-  {"mangled stack",    P_INTEGER, P_GLOBAL, &Globals.mangled_stack,     NULL},
-  {"max mux",          P_INTEGER, P_GLOBAL, &Globals.max_mux,           NULL},
-  {"max xmit",         P_INTEGER, P_GLOBAL, &Globals.max_xmit,          NULL},
-  {"max packet",       P_INTEGER, P_GLOBAL, &Globals.max_packet,        NULL},
-  {"packet size",      P_INTEGER, P_GLOBAL, &Globals.max_packet,        NULL},
-  {"password level",   P_INTEGER, P_GLOBAL, &Globals.pwordlevel,        NULL},
-  {"keepalive",        P_INTEGER, P_GLOBAL, &keepalive,                 NULL},
-  {"deadtime",         P_INTEGER, P_GLOBAL, &Globals.deadtime,          NULL},
-  {"time offset",      P_INTEGER, P_GLOBAL, &extra_time_offset,         NULL},
-  {"read size",        P_INTEGER, P_GLOBAL, &ReadSize,                  NULL},
-#ifdef KANJI
-  {"coding system",    P_INTEGER, P_GLOBAL, &coding_system, handle_coding_system},
-#endif /* KANJI */
-  {"os level",         P_INTEGER, P_GLOBAL, &Globals.os_level,          NULL},
-  {"max ttl",          P_INTEGER, P_GLOBAL, &Globals.max_ttl,           NULL},
-  {"preferred master", P_BOOL,    P_GLOBAL, &Globals.bPreferredMaster,  NULL},
-  {"prefered master",  P_BOOL,    P_GLOBAL, &Globals.bPreferredMaster,  NULL},
-  {"domain master",    P_BOOL,    P_GLOBAL, &Globals.bDomainMaster,     NULL},
-  {"domain logons",    P_BOOL,    P_GLOBAL, &Globals.bDomainLogons,     NULL},
-  {"browse list",      P_BOOL,    P_GLOBAL, &Globals.bBrowseList,       NULL},
-
-  {"-valid",           P_BOOL,    P_LOCAL,  &sDefault.valid,            NULL},
-  {"comment",          P_STRING,  P_LOCAL,  &sDefault.comment,          NULL},
-  {"copy",             P_STRING,  P_LOCAL,  &sDefault.szCopy,    handle_copy},
-  {"include",          P_STRING,  P_LOCAL,  &sDefault.szInclude, handle_include},
-  {"exec",             P_STRING,  P_LOCAL,  &sDefault.szPreExec,        NULL},
-  {"preexec",          P_STRING,  P_LOCAL,  &sDefault.szPreExec,        NULL},
-  {"postexec",         P_STRING,  P_LOCAL,  &sDefault.szPostExec,       NULL},
-  {"root preexec",     P_STRING,  P_LOCAL,  &sDefault.szRootPreExec,    NULL},
-  {"root postexec",    P_STRING,  P_LOCAL,  &sDefault.szRootPostExec,   NULL},
-  {"alternate permissions",P_BOOL,P_LOCAL,  &sDefault.bAlternatePerm,   NULL},
-  {"revalidate",       P_BOOL,    P_LOCAL,  &sDefault.bRevalidate,      NULL},
-  {"default case",     P_INTEGER, P_LOCAL,  &sDefault.iDefaultCase,   handle_case},
-  {"case sensitive",   P_BOOL,    P_LOCAL,  &sDefault.bCaseSensitive,   NULL},
-  {"casesignames",     P_BOOL,    P_LOCAL,  &sDefault.bCaseSensitive,   NULL},
-  {"preserve case",    P_BOOL,    P_LOCAL,  &sDefault.bCasePreserve,    NULL},
-  {"short preserve case",P_BOOL,  P_LOCAL,  &sDefault.bShortCasePreserve,NULL},
-  {"mangle case",      P_BOOL,    P_LOCAL,  &sDefault.bCaseMangle,      NULL},
-  {"mangling char",    P_CHAR,    P_LOCAL,  &sDefault.magic_char,       NULL},
-  {"browseable",       P_BOOL,    P_LOCAL,  &sDefault.bBrowseable,      NULL},
-  {"browsable",        P_BOOL,    P_LOCAL,  &sDefault.bBrowseable,      NULL},
-  {"available",        P_BOOL,    P_LOCAL,  &sDefault.bAvailable,       NULL},
-  {"path",             P_STRING,  P_LOCAL,  &sDefault.szPath,           NULL},
-  {"directory",        P_STRING,  P_LOCAL,  &sDefault.szPath,           NULL},
-  {"username",         P_STRING,  P_LOCAL,  &sDefault.szUsername,       NULL},
-  {"user",             P_STRING,  P_LOCAL,  &sDefault.szUsername,       NULL},
-  {"users",            P_STRING,  P_LOCAL,  &sDefault.szUsername,       NULL},
-  {"guest account",    P_STRING,  P_LOCAL,  &sDefault.szGuestaccount,   NULL},
-  {"invalid users",    P_STRING,  P_LOCAL,  &sDefault.szInvalidUsers,   NULL},
-  {"valid users",      P_STRING,  P_LOCAL,  &sDefault.szValidUsers,     NULL},
-  {"admin users",      P_STRING,  P_LOCAL,  &sDefault.szAdminUsers,     NULL},
-  {"read list",        P_STRING,  P_LOCAL,  &sDefault.readlist,         NULL},
-  {"write list",       P_STRING,  P_LOCAL,  &sDefault.writelist,        NULL},
-  {"volume",           P_STRING,  P_LOCAL,  &sDefault.volume,           NULL},
-  {"force user",       P_STRING,  P_LOCAL,  &sDefault.force_user,       NULL},
-  {"force group",      P_STRING,  P_LOCAL,  &sDefault.force_group,      NULL},
-  {"group",            P_STRING,  P_LOCAL,  &sDefault.force_group,      NULL},
-  {"read only",        P_BOOL,    P_LOCAL,  &sDefault.bRead_only,       NULL},
-  {"write ok",         P_BOOLREV, P_LOCAL,  &sDefault.bRead_only,       NULL},
-  {"writeable",        P_BOOLREV, P_LOCAL,  &sDefault.bRead_only,       NULL},
-  {"writable",         P_BOOLREV, P_LOCAL,  &sDefault.bRead_only,       NULL},
-  {"max connections",  P_INTEGER, P_LOCAL,  &sDefault.iMaxConnections,  NULL},
-  {"min print space",  P_INTEGER, P_LOCAL,  &sDefault.iMinPrintSpace,   NULL},
-  {"create mask",      P_OCTAL,   P_LOCAL,  &sDefault.iCreate_mode,     NULL},
-  {"create mode",      P_OCTAL,   P_LOCAL,  &sDefault.iCreate_mode,     NULL},
-  {"set directory",    P_BOOLREV, P_LOCAL,  &sDefault.bNo_set_dir,      NULL},
-  {"status",           P_BOOL,    P_LOCAL,  &sDefault.status,           NULL},
-  {"hide dot files",   P_BOOL,    P_LOCAL,  &sDefault.bHideDotFiles,    NULL},
-  {"guest only",       P_BOOL,    P_LOCAL,  &sDefault.bGuest_only,      NULL},
-  {"only guest",       P_BOOL,    P_LOCAL,  &sDefault.bGuest_only,      NULL},
-  {"guest ok",         P_BOOL,    P_LOCAL,  &sDefault.bGuest_ok,        NULL},
-  {"public",           P_BOOL,    P_LOCAL,  &sDefault.bGuest_ok,        NULL},
-  {"print ok",         P_BOOL,    P_LOCAL,  &sDefault.bPrint_ok,        NULL},
-  {"printable",        P_BOOL,    P_LOCAL,  &sDefault.bPrint_ok,        NULL},
-  {"postscript",       P_BOOL,    P_LOCAL,  &sDefault.bPostscript,      NULL},
-  {"map system",       P_BOOL,    P_LOCAL,  &sDefault.bMap_system,      NULL},
-  {"map hidden",       P_BOOL,    P_LOCAL,  &sDefault.bMap_hidden,      NULL},
-  {"map archive",      P_BOOL,    P_LOCAL,  &sDefault.bMap_archive,     NULL},
-  {"locking",          P_BOOL,    P_LOCAL,  &sDefault.bLocking,         NULL},
-  {"strict locking",   P_BOOL,    P_LOCAL,  &sDefault.bStrictLocking,   NULL},
-  {"share modes",      P_BOOL,    P_LOCAL,  &sDefault.bShareModes,      NULL},
-  {"only user",        P_BOOL,    P_LOCAL,  &sDefault.bOnlyUser,        NULL},
-  {"wide links",       P_BOOL,    P_LOCAL,  &sDefault.bWidelinks,       NULL},
-  {"sync always",      P_BOOL,    P_LOCAL,  &sDefault.bSyncAlways,      NULL},
-  {"mangled names",    P_BOOL,    P_LOCAL,  &sDefault.bMangledNames,    NULL},
-  {"print command",    P_STRING,  P_LOCAL,  &sDefault.szPrintcommand,   NULL},
-  {"lpq command",      P_STRING,  P_LOCAL,  &sDefault.szLpqcommand,     NULL},
-  {"lprm command",     P_STRING,  P_LOCAL,  &sDefault.szLprmcommand,    NULL},
-  {"lppause command",  P_STRING,  P_LOCAL,  &sDefault.szLppausecommand, NULL},
-  {"lpresume command", P_STRING,  P_LOCAL,  &sDefault.szLpresumecommand,NULL},
-  {"printer",          P_STRING,  P_LOCAL,  &sDefault.szPrintername,    NULL},
-  {"printer name",     P_STRING,  P_LOCAL,  &sDefault.szPrintername,    NULL},
-  {"hosts allow",      P_STRING,  P_LOCAL,  &sDefault.szHostsallow,     NULL},
-  {"allow hosts",      P_STRING,  P_LOCAL,  &sDefault.szHostsallow,     NULL},
-  {"hosts deny",       P_STRING,  P_LOCAL,  &sDefault.szHostsdeny,      NULL},
-  {"deny hosts",       P_STRING,  P_LOCAL,  &sDefault.szHostsdeny,      NULL},
-  {"dont descend",     P_STRING,  P_LOCAL,  &sDefault.szDontdescend,    NULL},
-  {"magic script",     P_STRING,  P_LOCAL,  &sDefault.szMagicScript,    NULL},
-  {"magic output",     P_STRING,  P_LOCAL,  &sDefault.szMagicOutput,    NULL},
-  {"mangled map",      P_STRING,  P_LOCAL,  &sDefault.szMangledMap,     NULL},
-
-  {NULL,               P_BOOL,    P_NONE,   NULL,                       NULL}
+static BOOL handle_vfs_object(char *pszParmValue, char **ptr);
+static BOOL handle_source_env(char *pszParmValue, char **ptr);
+static BOOL handle_netbios_name(char *pszParmValue, char **ptr);
+static BOOL handle_winbind_uid(char *pszParmValue, char **ptr);
+static BOOL handle_winbind_gid(char *pszParmValue, char **ptr);
+static BOOL handle_non_unix_account_range(char *pszParmValue, char **ptr);
+static BOOL handle_wins_server_list(char *pszParmValue, char **ptr);
+static BOOL handle_debug_list( char *pszParmValue, char **ptr );
+
+#if WITH_LDAP_SAM
+static BOOL handle_ldap_machine_suffix ( char *pszParmValue, char **ptr );
+static BOOL handle_ldap_user_suffix ( char *pszParmValue, char **ptr );
+static BOOL handle_ldap_suffix ( char *pszParmValue, char **ptr );
+#endif
+
+static void set_server_role(void);
+static void set_default_server_announce_type(void);
+
+static struct enum_list enum_protocol[] = {
+	{PROTOCOL_NT1, "NT1"},
+	{PROTOCOL_LANMAN2, "LANMAN2"},
+	{PROTOCOL_LANMAN1, "LANMAN1"},
+	{PROTOCOL_CORE, "CORE"},
+	{PROTOCOL_COREPLUS, "COREPLUS"},
+	{PROTOCOL_COREPLUS, "CORE+"},
+	{-1, NULL}
 };
 
+static struct enum_list enum_security[] = {
+	{SEC_SHARE, "SHARE"},
+	{SEC_USER, "USER"},
+	{SEC_SERVER, "SERVER"},
+	{SEC_DOMAIN, "DOMAIN"},
+	{SEC_ADS, "ADS"},
+	{-1, NULL}
+};
 
+static struct enum_list enum_printing[] = {
+	{PRINT_SYSV, "sysv"},
+	{PRINT_AIX, "aix"},
+	{PRINT_HPUX, "hpux"},
+	{PRINT_BSD, "bsd"},
+	{PRINT_QNX, "qnx"},
+	{PRINT_PLP, "plp"},
+	{PRINT_LPRNG, "lprng"},
+	{PRINT_SOFTQ, "softq"},
+	{PRINT_CUPS, "cups"},
+	{PRINT_LPRNT, "nt"},
+	{PRINT_LPROS2, "os2"},
+#ifdef DEVELOPER
+	{PRINT_TEST, "test"},
+	{PRINT_VLP, "vlp"},
+#endif /* DEVELOPER */
+	{-1, NULL}
+};
 
-/***************************************************************************
-Initialise the global parameter structure.
-***************************************************************************/
-static void init_globals(void)
-{
-  static BOOL done_init = False;
-  pstring s;
+#ifdef WITH_LDAP_SAM
+static struct enum_list enum_ldap_ssl[] = {
+	{LDAP_SSL_ON, "Yes"},
+	{LDAP_SSL_ON, "yes"},
+	{LDAP_SSL_ON, "on"},
+	{LDAP_SSL_ON, "On"},
+	{LDAP_SSL_OFF, "no"},
+	{LDAP_SSL_OFF, "No"},
+	{LDAP_SSL_OFF, "off"},
+	{LDAP_SSL_OFF, "Off"},
+	{LDAP_SSL_START_TLS, "start tls"},
+	{LDAP_SSL_START_TLS, "start_tls"},
+	{-1, NULL}
+};
+#endif /* WITH_LDAP_SAM */
+
+/* Types of machine we can announce as. */
+#define ANNOUNCE_AS_NT_SERVER 1
+#define ANNOUNCE_AS_WIN95 2
+#define ANNOUNCE_AS_WFW 3
+#define ANNOUNCE_AS_NT_WORKSTATION 4
+
+static struct enum_list enum_announce_as[] = {
+	{ANNOUNCE_AS_NT_SERVER, "NT"},
+	{ANNOUNCE_AS_NT_SERVER, "NT Server"},
+	{ANNOUNCE_AS_NT_WORKSTATION, "NT Workstation"},
+	{ANNOUNCE_AS_WIN95, "win95"},
+	{ANNOUNCE_AS_WFW, "WfW"},
+	{-1, NULL}
+};
+
+static struct enum_list enum_case[] = {
+	{CASE_LOWER, "lower"},
+	{CASE_UPPER, "upper"},
+	{-1, NULL}
+};
+
+static struct enum_list enum_bool_auto[] = {
+	{False, "False"},
+	{False, "No"},
+	{False, "0"},
+	{True, "True"},
+	{True, "Yes"},
+	{True, "1"},
+	{Auto, "Auto"},
+	{-1, NULL}
+};
+
+/* Client-side offline caching policy types */
+#define CSC_POLICY_MANUAL 0
+#define CSC_POLICY_DOCUMENTS 1
+#define CSC_POLICY_PROGRAMS 2
+#define CSC_POLICY_DISABLE 3
+
+static struct enum_list enum_csc_policy[] = {
+	{CSC_POLICY_MANUAL, "manual"},
+	{CSC_POLICY_DOCUMENTS, "documents"},
+	{CSC_POLICY_PROGRAMS, "programs"},
+	{CSC_POLICY_DISABLE, "disable"}
+};
 
-  if (!done_init)
-    {
-      int i;
-      bzero((void *)&Globals,sizeof(Globals));
+/* 
+   Do you want session setups at user level security with a invalid
+   password to be rejected or allowed in as guest? WinNT rejects them
+   but it can be a pain as it means "net view" needs to use a password
 
-      for (i = 0; parm_table[i].label; i++) 
-	if (parm_table[i].type == P_STRING && 
-	    parm_table[i].ptr)
-	  string_init(parm_table[i].ptr,"");
+   You have 3 choices in the setting of map_to_guest:
 
-      string_set(&sDefault.szGuestaccount, GUEST_ACCOUNT);
+   "Never" means session setups with an invalid password
+   are rejected. This is the default.
 
-      done_init = True;
-    }
+   "Bad User" means session setups with an invalid password
+   are rejected, unless the username does not exist, in which case it
+   is treated as a guest login
 
+   "Bad Password" means session setups with an invalid password
+   are treated as a guest login
 
-  DEBUG(3,("Initialising global parameters\n"));
+   Note that map_to_guest only has an effect in user or server
+   level security.
+*/
 
-#ifdef SMB_PASSWD_FILE
-  string_set(&Globals.szSMBPasswdFile, SMB_PASSWD_FILE);
+static struct enum_list enum_map_to_guest[] = {
+	{NEVER_MAP_TO_GUEST, "Never"},
+	{MAP_TO_GUEST_ON_BAD_USER, "Bad User"},
+	{MAP_TO_GUEST_ON_BAD_PASSWORD, "Bad Password"},
+	{-1, NULL}
+};
+
+#ifdef WITH_SSL
+static struct enum_list enum_ssl_version[] = {
+	{SMB_SSL_V2, "ssl2"},
+	{SMB_SSL_V3, "ssl3"},
+	{SMB_SSL_V23, "ssl2or3"},
+	{SMB_SSL_TLS1, "tls1"},
+	{-1, NULL}
+};
 #endif
-  string_set(&Globals.szPasswdChat,"*old*password* %o\\n *new*password* %n\\n *new*password* %n\\n *changed*");
-  string_set(&Globals.szWorkGroup, WORKGROUP);
-#ifdef SMB_PASSWD
-  string_set(&Globals.szPasswdProgram, SMB_PASSWD);
-#else
-  string_set(&Globals.szPasswdProgram, "/bin/passwd");
+
+/* note that we do not initialise the defaults union - it is not allowed in ANSI C */
+static struct parm_struct parm_table[] = {
+	{"Base Options", P_SEP, P_SEPARATOR},
+
+	{"dos charset", P_STRING, P_GLOBAL, &Globals.dos_charset, NULL, NULL, 0},
+	{"unix charset", P_STRING, P_GLOBAL, &Globals.unix_charset, NULL, NULL, 0},
+	{"display charset", P_STRING, P_GLOBAL, &Globals.display_charset, NULL, NULL, 0},
+	{"comment", P_STRING, P_LOCAL, &sDefault.comment, NULL, NULL, FLAG_BASIC | FLAG_SHARE | FLAG_PRINT},
+	{"path", P_STRING, P_LOCAL, &sDefault.szPath, NULL, NULL, FLAG_BASIC | FLAG_SHARE | FLAG_PRINT},
+	{"directory", P_STRING, P_LOCAL, &sDefault.szPath, NULL, NULL, 0},
+	{"workgroup", P_USTRING, P_GLOBAL, &Globals.szWorkGroup, NULL, NULL, FLAG_BASIC},
+	{"realm", P_USTRING, P_GLOBAL, &Globals.szRealm, NULL, NULL, FLAG_BASIC},
+	{"ADS server", P_STRING, P_GLOBAL, &Globals.szADSserver, NULL, NULL, FLAG_BASIC},
+	{"netbios name", P_UGSTRING, P_GLOBAL, global_myname, handle_netbios_name, NULL, FLAG_BASIC},
+	{"netbios aliases", P_LIST, P_GLOBAL, &Globals.szNetbiosAliases, NULL, NULL, 0},
+	{"netbios scope", P_UGSTRING, P_GLOBAL, global_scope, NULL, NULL, 0},
+	{"server string", P_STRING, P_GLOBAL, &Globals.szServerString, NULL, NULL, FLAG_BASIC },
+	{"interfaces", P_LIST, P_GLOBAL, &Globals.szInterfaces, NULL, NULL, FLAG_BASIC},
+	{"bind interfaces only", P_BOOL, P_GLOBAL, &Globals.bBindInterfacesOnly, NULL, NULL, 0},
+
+	{"Security Options", P_SEP, P_SEPARATOR},
+	
+	{"security", P_ENUM, P_GLOBAL, &Globals.security, NULL, enum_security, FLAG_BASIC},
+	{"auth methods", P_LIST, P_GLOBAL, &Globals.AuthMethods, NULL, NULL, FLAG_BASIC},
+	{"encrypt passwords", P_BOOL, P_GLOBAL, &Globals.bEncryptPasswords, NULL, NULL, FLAG_BASIC},
+	{"update encrypted", P_BOOL, P_GLOBAL, &Globals.bUpdateEncrypt, NULL, NULL, FLAG_BASIC},
+	{"allow trusted domains", P_BOOL, P_GLOBAL, &Globals.bAllowTrustedDomains, NULL, NULL, 0},
+	{"alternate permissions", P_BOOL, P_LOCAL, &sDefault.bAlternatePerm, NULL, NULL, FLAG_GLOBAL | FLAG_DEPRECATED},
+	{"hosts equiv", P_STRING, P_GLOBAL, &Globals.szHostsEquiv, NULL, NULL, 0},
+	{"min passwd length", P_INTEGER, P_GLOBAL, &Globals.min_passwd_length, NULL, NULL, 0},
+	{"min password length", P_INTEGER, P_GLOBAL, &Globals.min_passwd_length, NULL, NULL, 0},
+	{"map to guest", P_ENUM, P_GLOBAL, &Globals.map_to_guest, NULL, enum_map_to_guest, 0},
+	{"null passwords", P_BOOL, P_GLOBAL, &Globals.bNullPasswords, NULL, NULL, 0},
+	{"obey pam restrictions", P_BOOL, P_GLOBAL, &Globals.bObeyPamRestrictions, NULL, NULL, 0},
+	{"password server", P_STRING, P_GLOBAL, &Globals.szPasswordServer, NULL, NULL, 0},
+	{"smb passwd file", P_STRING, P_GLOBAL, &Globals.szSMBPasswdFile, NULL, NULL, 0},
+	{"private dir", P_STRING, P_GLOBAL, &Globals.szPrivateDir, NULL, NULL, 0},
+	{"passdb backend", P_STRING, P_GLOBAL, &Globals.szPassdbBackend, NULL, NULL, 0},
+	{"non unix account range", P_STRING, P_GLOBAL, &Globals.szNonUnixAccountRange, handle_non_unix_account_range, NULL, 0},
+	{"root directory", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, 0},
+	{"root dir", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, 0},
+	{"root", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, 0},
+	{"guest account", P_STRING, P_GLOBAL, &Globals.szGuestaccount, NULL, NULL, FLAG_BASIC},
+	
+	{"pam password change", P_BOOL, P_GLOBAL, &Globals.bPamPasswordChange, NULL, NULL, 0},
+	{"passwd program", P_STRING, P_GLOBAL, &Globals.szPasswdProgram, NULL, NULL, 0},
+	{"passwd chat", P_STRING, P_GLOBAL, &Globals.szPasswdChat, NULL, NULL, 0},
+	{"passwd chat debug", P_BOOL, P_GLOBAL, &Globals.bPasswdChatDebug, NULL, NULL, 0},
+	{"username map", P_STRING, P_GLOBAL, &Globals.szUsernameMap, NULL, NULL, 0},
+	{"password level", P_INTEGER, P_GLOBAL, &Globals.pwordlevel, NULL, NULL, 0},
+	{"username level", P_INTEGER, P_GLOBAL, &Globals.unamelevel, NULL, NULL, 0},
+	{"unix password sync", P_BOOL, P_GLOBAL, &Globals.bUnixPasswdSync, NULL, NULL, 0},
+	{"restrict anonymous", P_BOOL, P_GLOBAL, &Globals.bRestrictAnonymous, NULL, NULL, 0},
+	{"lanman auth", P_BOOL, P_GLOBAL, &Globals.bLanmanAuth, NULL, NULL, 0},
+	{"ntlm auth", P_BOOL, P_GLOBAL, &Globals.bNTLMAuth, NULL, NULL, 0},
+	
+	{"username", P_STRING, P_LOCAL, &sDefault.szUsername, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
+	{"user", P_STRING, P_LOCAL, &sDefault.szUsername, NULL, NULL, 0},
+	{"users", P_STRING, P_LOCAL, &sDefault.szUsername, NULL, NULL, 0},
+	
+	{"invalid users", P_LIST, P_LOCAL, &sDefault.szInvalidUsers, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
+	{"valid users", P_LIST, P_LOCAL, &sDefault.szValidUsers, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
+	{"admin users", P_LIST, P_LOCAL, &sDefault.szAdminUsers, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
+	{"read list", P_LIST, P_LOCAL, &sDefault.readlist, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
+	{"write list", P_LIST, P_LOCAL, &sDefault.writelist, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
+	{"printer admin", P_LIST, P_LOCAL, &sDefault.printer_admin, NULL, NULL, FLAG_GLOBAL | FLAG_PRINT},
+	{"force user", P_STRING, P_LOCAL, &sDefault.force_user, NULL, NULL, FLAG_SHARE},
+	{"force group", P_STRING, P_LOCAL, &sDefault.force_group, NULL, NULL, FLAG_SHARE},
+	{"group", P_STRING, P_LOCAL, &sDefault.force_group, NULL, NULL, 0},
+	
+	{"read only", P_BOOL, P_LOCAL, &sDefault.bRead_only, NULL, NULL, FLAG_BASIC | FLAG_SHARE},
+	{"write ok", P_BOOLREV, P_LOCAL, &sDefault.bRead_only, NULL, NULL, 0},
+	{"writeable", P_BOOLREV, P_LOCAL, &sDefault.bRead_only, NULL, NULL, 0},
+	{"writable", P_BOOLREV, P_LOCAL, &sDefault.bRead_only, NULL, NULL, 0},
+	
+	{"create mask", P_OCTAL, P_LOCAL, &sDefault.iCreate_mask, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
+	{"create mode", P_OCTAL, P_LOCAL, &sDefault.iCreate_mask, NULL, NULL, FLAG_GLOBAL},
+	{"force create mode", P_OCTAL, P_LOCAL, &sDefault.iCreate_force_mode, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
+	{"security mask", P_OCTAL, P_LOCAL, &sDefault.iSecurity_mask, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
+	{"force security mode", P_OCTAL, P_LOCAL, &sDefault.iSecurity_force_mode, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
+	{"directory mask", P_OCTAL, P_LOCAL, &sDefault.iDir_mask, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
+	{"directory mode", P_OCTAL, P_LOCAL, &sDefault.iDir_mask, NULL, NULL, FLAG_GLOBAL},
+	{"force directory mode", P_OCTAL, P_LOCAL, &sDefault.iDir_force_mode, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
+	{"directory security mask", P_OCTAL, P_LOCAL, &sDefault.iDir_Security_mask, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
+	{"force directory security mode", P_OCTAL, P_LOCAL, &sDefault.iDir_Security_force_mode, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
+	{"inherit permissions", P_BOOL, P_LOCAL, &sDefault.bInheritPerms, NULL, NULL, FLAG_SHARE},
+	{"inherit acls", P_BOOL, P_LOCAL, &sDefault.bInheritACLS, NULL, NULL, FLAG_SHARE},
+	{"guest only", P_BOOL, P_LOCAL, &sDefault.bGuest_only, NULL, NULL, FLAG_SHARE},
+	{"only guest", P_BOOL, P_LOCAL, &sDefault.bGuest_only, NULL, NULL, 0},
+
+	{"guest ok", P_BOOL, P_LOCAL, &sDefault.bGuest_ok, NULL, NULL, FLAG_BASIC | FLAG_SHARE | FLAG_PRINT},
+	{"public", P_BOOL, P_LOCAL, &sDefault.bGuest_ok, NULL, NULL, 0},
+	
+	{"only user", P_BOOL, P_LOCAL, &sDefault.bOnlyUser, NULL, NULL, FLAG_SHARE},
+	{"hosts allow", P_LIST, P_LOCAL, &sDefault.szHostsallow, NULL, NULL, FLAG_GLOBAL | FLAG_BASIC | FLAG_SHARE | FLAG_PRINT},
+	{"allow hosts", P_LIST, P_LOCAL, &sDefault.szHostsallow, NULL, NULL, 0},
+	{"hosts deny", P_LIST, P_LOCAL, &sDefault.szHostsdeny, NULL, NULL, FLAG_GLOBAL | FLAG_BASIC | FLAG_SHARE | FLAG_PRINT},
+	{"deny hosts", P_LIST, P_LOCAL, &sDefault.szHostsdeny, NULL, NULL, 0},
+
+#ifdef WITH_SSL
+	{"Secure Socket Layer Options", P_SEP, P_SEPARATOR},
+	{"ssl", P_BOOL, P_GLOBAL, &Globals.sslEnabled, NULL, NULL, 0},
+	
+	{"ssl hosts", P_LIST, P_GLOBAL, &Globals.sslHostsRequire, NULL, NULL, 0},
+	{"ssl hosts resign", P_LIST, P_GLOBAL, &Globals.sslHostsResign, NULL, NULL, 0},
+	{"ssl CA certDir", P_STRING, P_GLOBAL, &Globals.sslCaCertDir, NULL, NULL, 0},
+	{"ssl CA certFile", P_STRING, P_GLOBAL, &Globals.sslCaCertFile, NULL, NULL, 0},
+	{"ssl server cert", P_STRING, P_GLOBAL, &Globals.sslServerCert, NULL, NULL, 0},
+	{"ssl server key", P_STRING, P_GLOBAL, &Globals.sslServerPrivKey, NULL, NULL, 0},
+	{"ssl client cert", P_STRING, P_GLOBAL, &Globals.sslClientCert, NULL, NULL, 0},
+	{"ssl client key", P_STRING, P_GLOBAL, &Globals.sslClientPrivKey, NULL, NULL, 0},
+	{"ssl egd socket", P_STRING, P_GLOBAL, &Globals.sslEgdSocket, NULL, NULL, 0},
+	{"ssl entropy file", P_STRING, P_GLOBAL, &Globals.sslEntropyFile, NULL, NULL, 0},
+	{"ssl entropy bytes", P_INTEGER, P_GLOBAL, &Globals.sslEntropyBytes, NULL, NULL, 0},
+	{"ssl require clientcert", P_BOOL, P_GLOBAL, &Globals.sslReqClientCert, NULL, NULL, 0},
+	{"ssl require servercert", P_BOOL, P_GLOBAL, &Globals.sslReqServerCert, NULL, NULL, 0},
+	{"ssl ciphers", P_STRING, P_GLOBAL, &Globals.sslCiphers, NULL, NULL, 0},
+	{"ssl version", P_ENUM, P_GLOBAL, &Globals.sslVersion, NULL, enum_ssl_version, 0},
+	{"ssl compatibility", P_BOOL, P_GLOBAL, &Globals.sslCompatibility, NULL, NULL, 0},
+#endif /* WITH_SSL */
+
+	{"Logging Options", P_SEP, P_SEPARATOR},
+
+	{"admin log", P_BOOL, P_GLOBAL, &Globals.bAdminLog, NULL, NULL, 0},
+	{"log level", P_INTEGER, P_GLOBAL, &DEBUGLEVEL_CLASS[DBGC_ALL], handle_debug_list, NULL, 0},
+	{"debuglevel", P_INTEGER, P_GLOBAL, &DEBUGLEVEL_CLASS[DBGC_ALL], handle_debug_list, NULL, 0},
+	{"syslog", P_INTEGER, P_GLOBAL, &Globals.syslog, NULL, NULL, 0},
+	{"syslog only", P_BOOL, P_GLOBAL, &Globals.bSyslogOnly, NULL, NULL, 0},
+	{"log file", P_STRING, P_GLOBAL, &Globals.szLogFile, NULL, NULL, 0},
+	
+	{"max log size", P_INTEGER, P_GLOBAL, &Globals.max_log_size, NULL, NULL, 0},
+	{"timestamp logs", P_BOOL, P_GLOBAL, &Globals.bTimestampLogs, NULL, NULL, 0},
+	{"debug timestamp", P_BOOL, P_GLOBAL, &Globals.bTimestampLogs, NULL, NULL, 0},
+	{"debug hires timestamp", P_BOOL, P_GLOBAL, &Globals.bDebugHiresTimestamp, NULL, NULL, 0},
+	{"debug pid", P_BOOL, P_GLOBAL, &Globals.bDebugPid, NULL, NULL, 0},
+	{"debug uid", P_BOOL, P_GLOBAL, &Globals.bDebugUid, NULL, NULL, 0},
+	
+	{"Protocol Options", P_SEP, P_SEPARATOR},
+	
+	{"protocol", P_ENUM, P_GLOBAL, &Globals.maxprotocol, NULL, enum_protocol, 0},
+	{"large readwrite", P_BOOL, P_GLOBAL, &Globals.bLargeReadwrite, NULL, NULL, 0},
+	{"max protocol", P_ENUM, P_GLOBAL, &Globals.maxprotocol, NULL, enum_protocol, 0},
+	{"min protocol", P_ENUM, P_GLOBAL, &Globals.minprotocol, NULL, enum_protocol, 0},
+	{"unicode", P_BOOL, P_GLOBAL, &Globals.bUnicode, NULL, NULL, 0},
+	{"read bmpx", P_BOOL, P_GLOBAL, &Globals.bReadbmpx, NULL, NULL, 0},
+	{"read raw", P_BOOL, P_GLOBAL, &Globals.bReadRaw, NULL, NULL, 0},
+	{"write raw", P_BOOL, P_GLOBAL, &Globals.bWriteRaw, NULL, NULL, 0},
+	
+	{"nt pipe support", P_BOOL, P_GLOBAL, &Globals.bNTPipeSupport, NULL, NULL, 0},
+	{"nt acl support", P_BOOL,  P_LOCAL, &sDefault.bNTAclSupport, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE },
+	{"nt status support", P_BOOL, P_GLOBAL, &Globals.bNTStatusSupport, NULL, NULL, 0},
+	{"announce version", P_STRING, P_GLOBAL, &Globals.szAnnounceVersion, NULL, NULL, 0},
+	{"announce as", P_ENUM, P_GLOBAL, &Globals.announce_as, NULL, enum_announce_as, 0},
+	{"max mux", P_INTEGER, P_GLOBAL, &Globals.max_mux, NULL, NULL, 0},
+	{"max xmit", P_INTEGER, P_GLOBAL, &Globals.max_xmit, NULL, NULL, 0},
+	
+	{"name resolve order", P_STRING, P_GLOBAL, &Globals.szNameResolveOrder, NULL, NULL, 0},
+	{"max packet", P_INTEGER, P_GLOBAL, &Globals.max_packet, NULL, NULL, 0},
+	{"packet size", P_INTEGER, P_GLOBAL, &Globals.max_packet, NULL, NULL, 0},
+	{"max ttl", P_INTEGER, P_GLOBAL, &Globals.max_ttl, NULL, NULL, 0}, 
+	{"max wins ttl", P_INTEGER, P_GLOBAL, &Globals.max_wins_ttl, NULL, NULL, 0},
+	{"min wins ttl", P_INTEGER, P_GLOBAL, &Globals.min_wins_ttl, NULL, NULL, 0},
+	{"time server", P_BOOL, P_GLOBAL, &Globals.bTimeServer, NULL, NULL, 0},
+	{"use spnego", P_BOOL, P_GLOBAL, &Globals.bUseSpnego, NULL, NULL, 0},
+
+	{"Tuning Options", P_SEP, P_SEPARATOR},
+	
+	{"change notify timeout", P_INTEGER, P_GLOBAL, &Globals.change_notify_timeout, NULL, NULL, 0},
+	{"deadtime", P_INTEGER, P_GLOBAL, &Globals.deadtime, NULL, NULL, 0},
+	{"getwd cache", P_BOOL, P_GLOBAL, &use_getwd_cache, NULL, NULL, 0},
+	{"keepalive", P_INTEGER, P_GLOBAL, &keepalive, NULL, NULL, 0},
+	
+	{"lpq cache time", P_INTEGER, P_GLOBAL, &Globals.lpqcachetime, NULL, NULL, 0},
+	{"max smbd processes", P_INTEGER, P_GLOBAL, &Globals.iMaxSmbdProcesses, NULL, NULL, 0},
+	{"max connections", P_INTEGER, P_LOCAL, &sDefault.iMaxConnections, NULL, NULL, FLAG_SHARE},
+	{"paranoid server security", P_BOOL, P_GLOBAL, &Globals.paranoid_server_security, NULL, NULL, 0},
+	{"max disk size", P_INTEGER, P_GLOBAL, &Globals.maxdisksize, NULL, NULL, 0},
+	{"max open files", P_INTEGER, P_GLOBAL, &Globals.max_open_files, NULL, NULL, 0},
+	{"min print space", P_INTEGER, P_LOCAL, &sDefault.iMinPrintSpace, NULL, NULL, FLAG_PRINT},
+	{"read size", P_INTEGER, P_GLOBAL, &Globals.ReadSize, NULL, NULL, 0},
+	
+	{"socket options", P_GSTRING, P_GLOBAL, user_socket_options, NULL, NULL, 0},
+	{"stat cache size", P_INTEGER, P_GLOBAL, &Globals.stat_cache_size, NULL, NULL, 0},
+	{"strict allocate", P_BOOL, P_LOCAL, &sDefault.bStrictAllocate, NULL, NULL, FLAG_SHARE},
+	{"strict sync", P_BOOL, P_LOCAL, &sDefault.bStrictSync, NULL, NULL, FLAG_SHARE},
+	{"sync always", P_BOOL, P_LOCAL, &sDefault.bSyncAlways, NULL, NULL, FLAG_SHARE},
+	{"use mmap", P_BOOL, P_GLOBAL, &Globals.bUseMmap, NULL, NULL, 0},
+	{"hostname lookups", P_BOOL, P_GLOBAL, &Globals.bHostnameLookups, NULL, NULL, 0},
+	{"write cache size", P_INTEGER, P_LOCAL, &sDefault.iWriteCacheSize, NULL, NULL, FLAG_SHARE},
+
+	{"Printing Options", P_SEP, P_SEPARATOR},
+	
+	{"total print jobs", P_INTEGER, P_GLOBAL, &Globals.iTotalPrintJobs, NULL, NULL, FLAG_PRINT},
+	{"max print jobs", P_INTEGER, P_LOCAL, &sDefault.iMaxPrintJobs, NULL, NULL, FLAG_PRINT},
+	{"load printers", P_BOOL, P_GLOBAL, &Globals.bLoadPrinters, NULL, NULL, FLAG_PRINT},
+	{"printcap name", P_STRING, P_GLOBAL, &Globals.szPrintcapname, NULL, NULL, FLAG_PRINT},
+	{"printcap", P_STRING, P_GLOBAL, &Globals.szPrintcapname, NULL, NULL, 0},
+	{"printable", P_BOOL, P_LOCAL, &sDefault.bPrint_ok, NULL, NULL, FLAG_PRINT},
+	{"print ok", P_BOOL, P_LOCAL, &sDefault.bPrint_ok, NULL, NULL, 0},
+	{"postscript", P_BOOL, P_LOCAL, &sDefault.bPostscript, NULL, NULL, FLAG_PRINT},
+	{"printing", P_ENUM, P_LOCAL, &sDefault.iPrinting, NULL, enum_printing, FLAG_PRINT | FLAG_GLOBAL},
+	{"print command", P_STRING, P_LOCAL, &sDefault.szPrintcommand, NULL, NULL, FLAG_PRINT | FLAG_GLOBAL},
+	{"disable spoolss", P_BOOL, P_GLOBAL, &Globals.bDisableSpoolss, NULL, NULL, FLAG_PRINT | FLAG_GLOBAL},
+	{"lpq command", P_STRING, P_LOCAL, &sDefault.szLpqcommand, NULL, NULL, FLAG_PRINT | FLAG_GLOBAL},
+	{"lprm command", P_STRING, P_LOCAL, &sDefault.szLprmcommand, NULL, NULL, FLAG_PRINT | FLAG_GLOBAL},
+	{"lppause command", P_STRING, P_LOCAL, &sDefault.szLppausecommand, NULL, NULL, FLAG_PRINT | FLAG_GLOBAL},
+	{"lpresume command", P_STRING, P_LOCAL, &sDefault.szLpresumecommand, NULL, NULL, FLAG_PRINT | FLAG_GLOBAL},
+	{"queuepause command", P_STRING, P_LOCAL, &sDefault.szQueuepausecommand, NULL, NULL, FLAG_PRINT | FLAG_GLOBAL},
+	{"queueresume command", P_STRING, P_LOCAL, &sDefault.szQueueresumecommand, NULL, NULL, FLAG_PRINT | FLAG_GLOBAL},
+
+	{"enumports command", P_STRING, P_GLOBAL, &Globals.szEnumPortsCommand, NULL, NULL, 0},
+	{"addprinter command", P_STRING, P_GLOBAL, &Globals.szAddPrinterCommand, NULL, NULL, 0},
+	{"deleteprinter command", P_STRING, P_GLOBAL, &Globals.szDeletePrinterCommand, NULL, NULL, 0},
+	{"show add printer wizard", P_BOOL, P_GLOBAL, &Globals.bMsAddPrinterWizard, NULL, NULL, 0},
+	{"os2 driver map", P_STRING, P_GLOBAL, &Globals.szOs2DriverMap, NULL, NULL, 0},
+	
+	{"printer name", P_STRING, P_LOCAL, &sDefault.szPrintername, NULL, NULL, FLAG_PRINT},
+	{"printer", P_STRING, P_LOCAL, &sDefault.szPrintername, NULL, NULL, 0},
+	{"use client driver", P_BOOL, P_LOCAL, &sDefault.bUseClientDriver, NULL, NULL, FLAG_PRINT},
+	{"default devmode", P_BOOL, P_LOCAL, &sDefault.bDefaultDevmode, NULL, NULL, FLAG_PRINT},
+	{"printer driver", P_STRING, P_LOCAL, &sDefault.szPrinterDriver, NULL, NULL, FLAG_PRINT},
+	{"printer driver file", P_STRING, P_LOCAL, &sDefault.szDriverFile, NULL, NULL, FLAG_PRINT},
+	{"printer driver location", P_STRING, P_LOCAL, &sDefault.szPrinterDriverLocation, NULL, NULL, FLAG_PRINT | FLAG_GLOBAL},
+
+	{"Filename Handling", P_SEP, P_SEPARATOR},
+	{"strip dot", P_BOOL, P_GLOBAL, &Globals.bStripDot, NULL, NULL, 0},
+	{"mangling method", P_STRING, P_GLOBAL, &Globals.szManglingMethod, NULL, NULL, 0},
+	
+	{"mangled stack", P_INTEGER, P_GLOBAL, &Globals.mangled_stack, NULL, NULL, 0},
+	{"default case", P_ENUM, P_LOCAL, &sDefault.iDefaultCase, NULL, enum_case, FLAG_SHARE},
+	{"case sensitive", P_BOOL, P_LOCAL, &sDefault.bCaseSensitive, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
+	{"casesignames", P_BOOL, P_LOCAL, &sDefault.bCaseSensitive, NULL, NULL, 0},
+	{"preserve case", P_BOOL, P_LOCAL, &sDefault.bCasePreserve, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
+	{"short preserve case", P_BOOL, P_LOCAL, &sDefault.bShortCasePreserve, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
+	{"mangle case", P_BOOL, P_LOCAL, &sDefault.bCaseMangle, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
+	{"mangling char", P_CHAR, P_LOCAL, &sDefault.magic_char, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
+	{"hide dot files", P_BOOL, P_LOCAL, &sDefault.bHideDotFiles, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
+	{"hide unreadable", P_BOOL, P_LOCAL, &sDefault.bHideUnReadable, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
+	{"delete veto files", P_BOOL, P_LOCAL, &sDefault.bDeleteVetoFiles, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
+	{"veto files", P_STRING, P_LOCAL, &sDefault.szVetoFiles, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL },
+	{"hide files", P_STRING, P_LOCAL, &sDefault.szHideFiles, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL },
+	{"veto oplock files", P_STRING, P_LOCAL, &sDefault.szVetoOplockFiles, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL },
+	{"map system", P_BOOL, P_LOCAL, &sDefault.bMap_system, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
+	{"map hidden", P_BOOL, P_LOCAL, &sDefault.bMap_hidden, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
+	{"map archive", P_BOOL, P_LOCAL, &sDefault.bMap_archive, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
+	{"mangled names", P_BOOL, P_LOCAL, &sDefault.bMangledNames, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
+	{"mangled map", P_STRING, P_LOCAL, &sDefault.szMangledMap, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
+	{"stat cache", P_BOOL, P_GLOBAL, &Globals.bStatCache, NULL, NULL, 0},
+
+	{"Domain Options", P_SEP, P_SEPARATOR},
+	
+	{"machine password timeout", P_INTEGER, P_GLOBAL, &Globals.machine_password_timeout, NULL, NULL, 0},
+
+	{"Logon Options", P_SEP, P_SEPARATOR},
+
+	{"add user script", P_STRING, P_GLOBAL, &Globals.szAddUserScript, NULL, NULL, 0},
+	{"delete user script", P_STRING, P_GLOBAL, &Globals.szDelUserScript, NULL, NULL, 0},
+	{"add group script", P_STRING, P_GLOBAL, &Globals.szAddGroupScript, NULL, NULL, 0},
+	{"delete group script", P_STRING, P_GLOBAL, &Globals.szDelGroupScript, NULL, NULL, 0},
+	{"add user to group script", P_STRING, P_GLOBAL, &Globals.szAddUserToGroupScript, NULL, NULL, 0},
+	{"delete user from group script", P_STRING, P_GLOBAL, &Globals.szDelUserToGroupScript, NULL, NULL, 0},
+	{"add machine script", P_STRING, P_GLOBAL, &Globals.szAddMachineScript, NULL, NULL, 0},
+	{"shutdown script", P_STRING, P_GLOBAL, &Globals.szShutdownScript, NULL, NULL, 0},
+	{"abort shutdown script", P_STRING, P_GLOBAL, &Globals.szAbortShutdownScript, NULL, NULL, 0},
+
+	{"logon script", P_STRING, P_GLOBAL, &Globals.szLogonScript, NULL, NULL, 0},
+	{"logon path", P_STRING, P_GLOBAL, &Globals.szLogonPath, NULL, NULL, 0},
+	{"logon drive", P_STRING, P_GLOBAL, &Globals.szLogonDrive, NULL, NULL, 0},
+	{"logon home", P_STRING, P_GLOBAL, &Globals.szLogonHome, NULL, NULL, 0},
+	{"domain logons", P_BOOL, P_GLOBAL, &Globals.bDomainLogons, NULL, NULL, 0},
+
+	{"Browse Options", P_SEP, P_SEPARATOR},
+	
+	{"os level", P_INTEGER, P_GLOBAL, &Globals.os_level, NULL, NULL, FLAG_BASIC},
+	{"lm announce", P_ENUM, P_GLOBAL, &Globals.lm_announce, NULL, enum_bool_auto, 0},
+	{"lm interval", P_INTEGER, P_GLOBAL, &Globals.lm_interval, NULL, NULL, 0},
+	{"preferred master", P_ENUM, P_GLOBAL, &Globals.bPreferredMaster, NULL, enum_bool_auto, FLAG_BASIC},
+	{"prefered master", P_ENUM, P_GLOBAL, &Globals.bPreferredMaster, NULL, enum_bool_auto, FLAG_HIDE},
+	{"local master", P_BOOL, P_GLOBAL, &Globals.bLocalMaster, NULL, NULL, FLAG_BASIC},
+	{"domain master", P_ENUM, P_GLOBAL, &Globals.bDomainMaster, NULL, enum_bool_auto, FLAG_BASIC},
+	{"browse list", P_BOOL, P_GLOBAL, &Globals.bBrowseList, NULL, NULL, 0},
+	{"browseable", P_BOOL, P_LOCAL, &sDefault.bBrowseable, NULL, NULL, FLAG_BASIC | FLAG_SHARE | FLAG_PRINT},
+	{"browsable", P_BOOL, P_LOCAL, &sDefault.bBrowseable, NULL, NULL, 0},
+	{"enhanced browsing", P_BOOL, P_GLOBAL, &Globals.enhanced_browsing, NULL, NULL},
+
+	{"WINS Options", P_SEP, P_SEPARATOR},
+	{"dns proxy", P_BOOL, P_GLOBAL, &Globals.bDNSproxy, NULL, NULL, 0},
+	{"wins proxy", P_BOOL, P_GLOBAL, &Globals.bWINSproxy, NULL, NULL, 0},
+	
+	{"wins server", P_STRING, P_GLOBAL, &Globals.szWINSserver, handle_wins_server_list, NULL, FLAG_BASIC},
+	{"wins support", P_BOOL, P_GLOBAL, &Globals.bWINSsupport, NULL, NULL, FLAG_BASIC},
+	{"wins hook", P_STRING, P_GLOBAL, &Globals.szWINSHook, NULL, NULL, 0},
+	{"wins partners", P_STRING, P_GLOBAL, &Globals.szWINSPartners, NULL, NULL, 0},
+
+	{"Locking Options", P_SEP, P_SEPARATOR},
+	
+	{"blocking locks", P_BOOL, P_LOCAL, &sDefault.bBlockingLocks, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
+	{"csc policy", P_ENUM, P_LOCAL, &sDefault.iCSCPolicy, NULL, enum_csc_policy, FLAG_SHARE | FLAG_GLOBAL},
+	{"fake oplocks", P_BOOL, P_LOCAL, &sDefault.bFakeOplocks, NULL, NULL, FLAG_SHARE},
+	{"kernel oplocks", P_BOOL, P_GLOBAL, &Globals.bKernelOplocks, NULL, NULL, FLAG_GLOBAL},
+	{"locking", P_BOOL, P_LOCAL, &sDefault.bLocking, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
+	{"lock spin count", P_INTEGER, P_GLOBAL, &Globals.iLockSpinCount, NULL, NULL, FLAG_GLOBAL},
+	{"lock spin time", P_INTEGER, P_GLOBAL, &Globals.iLockSpinTime, NULL, NULL, FLAG_GLOBAL},
+	
+	{"oplocks", P_BOOL, P_LOCAL, &sDefault.bOpLocks, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
+	{"level2 oplocks", P_BOOL, P_LOCAL, &sDefault.bLevel2OpLocks, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
+	{"oplock break wait time", P_INTEGER, P_GLOBAL, &Globals.oplock_break_wait_time, NULL, NULL, FLAG_GLOBAL},
+	{"oplock contention limit", P_INTEGER, P_LOCAL, &sDefault.iOplockContentionLimit, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
+	{"posix locking", P_BOOL, P_LOCAL, &sDefault.bPosixLocking, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
+	{"strict locking", P_BOOL, P_LOCAL, &sDefault.bStrictLocking, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
+	{"share modes", P_BOOL, P_LOCAL, &sDefault.bShareModes, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
+
+#ifdef WITH_LDAP_SAM
+	{"Ldap Options", P_SEP, P_SEPARATOR},
+	
+        {"ldap suffix", P_STRING, P_GLOBAL, &Globals.szLdapSuffix, handle_ldap_suffix, NULL, 0},
+        {"ldap machine suffix", P_STRING, P_GLOBAL, &Globals.szLdapMachineSuffix, handle_ldap_machine_suffix, NULL, 0},
+        {"ldap user suffix", P_STRING, P_GLOBAL, &Globals.szLdapUserSuffix, handle_ldap_user_suffix, NULL, 0},
+	{"ldap filter", P_STRING, P_GLOBAL, &Globals.szLdapFilter, NULL, NULL, 0},
+	{"ldap admin dn", P_STRING, P_GLOBAL, &Globals.szLdapAdminDn, NULL, NULL, 0},
+	{"ldap ssl", P_ENUM, P_GLOBAL, &Globals.ldap_ssl, NULL, enum_ldap_ssl, 0},
+#endif /* WITH_LDAP_SAM */
+
+	{"Miscellaneous Options", P_SEP, P_SEPARATOR},
+	{"add share command", P_STRING, P_GLOBAL, &Globals.szAddShareCommand, NULL, NULL, 0},
+	{"change share command", P_STRING, P_GLOBAL, &Globals.szChangeShareCommand, NULL, NULL, 0},
+	{"delete share command", P_STRING, P_GLOBAL, &Globals.szDeleteShareCommand, NULL, NULL, 0},
+	
+	{"config file", P_STRING, P_GLOBAL, &Globals.szConfigFile, NULL, NULL, FLAG_HIDE},
+	{"preload", P_STRING, P_GLOBAL, &Globals.szAutoServices, NULL, NULL, 0},
+	{"auto services", P_STRING, P_GLOBAL, &Globals.szAutoServices, NULL, NULL, 0},
+	{"lock dir", P_STRING, P_GLOBAL, &Globals.szLockDir, NULL, NULL, 0}, 
+	{"lock directory", P_STRING, P_GLOBAL, &Globals.szLockDir, NULL, NULL, 0},
+#ifdef WITH_UTMP
+	{"utmp directory", P_STRING, P_GLOBAL, &Globals.szUtmpDir, NULL, NULL, 0},
+	{"wtmp directory", P_STRING, P_GLOBAL, &Globals.szWtmpDir, NULL, NULL, 0},
+	{"utmp",          P_BOOL, P_GLOBAL, &Globals.bUtmp, NULL, NULL, 0},
 #endif
-  string_set(&Globals.szPrintcapname, PRINTCAP_NAME);
-  string_set(&Globals.szLockDir, LOCKDIR);
-  string_set(&Globals.szRootdir, "/");
-  sprintf(s,"Samba %s",VERSION);
-  string_set(&Globals.szServerString,s);
-  Globals.bLoadPrinters = True;
-  Globals.bUseRhosts = False;
-  Globals.max_packet = 65535;
-  Globals.mangled_stack = 50;
-  Globals.max_xmit = Globals.max_packet;
-  Globals.max_mux = 2;
-  Globals.lpqcachetime = 10;
-  Globals.pwordlevel = 0;
-  Globals.deadtime = 0;
-  Globals.max_log_size = 5000;
-  Globals.maxprotocol = PROTOCOL_NT1;
-  Globals.security = SEC_SHARE;
-  Globals.bEncryptPasswords = False;
-  Globals.printing = DEFAULT_PRINTING;
-  Globals.bReadRaw = True;
-  Globals.bWriteRaw = True;
-  Globals.bReadPrediction = False;
-  Globals.bReadbmpx = True;
-  Globals.bNullPasswords = False;
-  Globals.bStripDot = False;
-  Globals.syslog = 1;
-  Globals.bSyslogOnly = False;
-  Globals.os_level = 0;
-  Globals.max_ttl = 60*60*4; /* 2 hours default */
-  Globals.bPreferredMaster = True;
-  Globals.bDomainMaster = False;
-  Globals.bDomainLogons = False;
-  Globals.bBrowseList = True;
-
-#ifdef KANJI
-  coding_system = interpret_coding_system (KANJI, SJIS_CODE);
-#endif /* KANJI */
+	
+	{"default service", P_STRING, P_GLOBAL, &Globals.szDefaultService, NULL, NULL, 0},
+	{"default", P_STRING, P_GLOBAL, &Globals.szDefaultService, NULL, NULL, 0},
+	{"message command", P_STRING, P_GLOBAL, &Globals.szMsgCommand, NULL, NULL, 0},
+	{"dfree command", P_STRING, P_GLOBAL, &Globals.szDfree, NULL, NULL, 0},
+	{"remote announce", P_STRING, P_GLOBAL, &Globals.szRemoteAnnounce, NULL, NULL, 0},
+	{"remote browse sync", P_STRING, P_GLOBAL, &Globals.szRemoteBrowseSync, NULL, NULL, 0},
+	{"socket address", P_STRING, P_GLOBAL, &Globals.szSocketAddress, NULL, NULL, 0},
+	{"homedir map", P_STRING, P_GLOBAL, &Globals.szNISHomeMapName, NULL, NULL, 0},
+	{"time offset", P_INTEGER, P_GLOBAL, &extra_time_offset, NULL, NULL, 0},
+	{"NIS homedir", P_BOOL, P_GLOBAL, &Globals.bNISHomeMap, NULL, NULL, 0},
+	{"-valid", P_BOOL, P_LOCAL, &sDefault.valid, NULL, NULL, FLAG_HIDE},
+	
+	{"copy", P_STRING, P_LOCAL, &sDefault.szCopy, handle_copy, NULL, FLAG_HIDE},
+	{"include", P_STRING, P_LOCAL, &sDefault.szInclude, handle_include, NULL, FLAG_HIDE},
+	{"exec", P_STRING, P_LOCAL, &sDefault.szPreExec, NULL, NULL, FLAG_SHARE | FLAG_PRINT},
+	{"preexec", P_STRING, P_LOCAL, &sDefault.szPreExec, NULL, NULL, 0},
+	
+	{"preexec close", P_BOOL, P_LOCAL, &sDefault.bPreexecClose, NULL, NULL, FLAG_SHARE},
+	{"postexec", P_STRING, P_LOCAL, &sDefault.szPostExec, NULL, NULL, FLAG_SHARE | FLAG_PRINT},
+	{"root preexec", P_STRING, P_LOCAL, &sDefault.szRootPreExec, NULL, NULL, FLAG_SHARE | FLAG_PRINT},
+	{"root preexec close", P_BOOL, P_LOCAL, &sDefault.bRootpreexecClose, NULL, NULL, FLAG_SHARE},
+	{"root postexec", P_STRING, P_LOCAL, &sDefault.szRootPostExec, NULL, NULL, FLAG_SHARE | FLAG_PRINT},
+	{"available", P_BOOL, P_LOCAL, &sDefault.bAvailable, NULL, NULL, FLAG_BASIC | FLAG_SHARE | FLAG_PRINT},
+	{"volume", P_STRING, P_LOCAL, &sDefault.volume, NULL, NULL, FLAG_SHARE },
+	{"fstype", P_STRING, P_LOCAL, &sDefault.fstype, NULL, NULL, FLAG_SHARE},
+	{"set directory", P_BOOLREV, P_LOCAL, &sDefault.bNo_set_dir, NULL, NULL, FLAG_SHARE},
+	{"source environment", P_STRING, P_GLOBAL, &Globals.szSourceEnv, handle_source_env, NULL, 0},
+	{"wide links", P_BOOL, P_LOCAL, &sDefault.bWidelinks, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
+	{"follow symlinks", P_BOOL, P_LOCAL, &sDefault.bSymlinks, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
+	{"dont descend", P_STRING, P_LOCAL, &sDefault.szDontdescend, NULL, NULL, FLAG_SHARE},
+	{"magic script", P_STRING, P_LOCAL, &sDefault.szMagicScript, NULL, NULL, FLAG_SHARE},
+	{"magic output", P_STRING, P_LOCAL, &sDefault.szMagicOutput, NULL, NULL, FLAG_SHARE},
+	{"delete readonly", P_BOOL, P_LOCAL, &sDefault.bDeleteReadonly, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
+	{"dos filemode", P_BOOL, P_LOCAL, &sDefault.bDosFilemode, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
+	{"dos filetimes", P_BOOL, P_LOCAL, &sDefault.bDosFiletimes, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
+	{"dos filetime resolution", P_BOOL, P_LOCAL, &sDefault.bDosFiletimeResolution, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
+
+	{"fake directory create times", P_BOOL, P_LOCAL, &sDefault.bFakeDirCreateTimes, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
+	{"panic action", P_STRING, P_GLOBAL, &Globals.szPanicAction, NULL, NULL, 0},
+	{"hide local users", P_BOOL, P_GLOBAL, &Globals.bHideLocalUsers, NULL,
+	 NULL, 0},
+
+	{"VFS module options", P_SEP, P_SEPARATOR},
+	
+	{"vfs object", P_STRING, P_LOCAL, &sDefault.szVfsObjectFile, handle_vfs_object, NULL, FLAG_SHARE},
+	{"vfs options", P_STRING, P_LOCAL, &sDefault.szVfsOptions, NULL, NULL, FLAG_SHARE},
+
+	
+	{"msdfs root", P_BOOL, P_LOCAL, &sDefault.bMSDfsRoot, NULL, NULL, FLAG_SHARE},
+	{"host msdfs", P_BOOL, P_GLOBAL, &Globals.bHostMSDfs, NULL, NULL, 0},
+
+	{"Winbind options", P_SEP, P_SEPARATOR},
+
+	{"winbind uid", P_STRING, P_GLOBAL, &Globals.szWinbindUID, handle_winbind_uid, NULL, 0},
+	{"winbind gid", P_STRING, P_GLOBAL, &Globals.szWinbindGID, handle_winbind_gid, NULL, 0},
+	{"template homedir", P_STRING, P_GLOBAL, &Globals.szTemplateHomedir, NULL, NULL, 0},
+	{"template shell", P_STRING, P_GLOBAL, &Globals.szTemplateShell, NULL, NULL, 0},
+	{"winbind separator", P_STRING, P_GLOBAL, &Globals.szWinbindSeparator, NULL, NULL, 0},
+	{"winbind cache time", P_INTEGER, P_GLOBAL, &Globals.winbind_cache_time, NULL, NULL, 0},
+	{"winbind enum users", P_BOOL, P_GLOBAL, &Globals.bWinbindEnumUsers, NULL, NULL, 0},
+	{"winbind enum groups", P_BOOL, P_GLOBAL, &Globals.bWinbindEnumGroups, NULL, NULL, 0},
+	{"winbind use default domain", P_BOOL, P_GLOBAL, &Globals.bWinbindUseDefaultDomain, NULL, NULL, 0},
+
+	{NULL, P_BOOL, P_NONE, NULL, NULL, NULL, 0}
+};
 
-}
 
 /***************************************************************************
-check if a string is initialised and if not then initialise it
+Initialise the sDefault parameter structure for the printer values.
 ***************************************************************************/
-static void string_initial(char **s,char *v)
+static void init_printer_values(void)
 {
-  if (!*s || !**s)
-    string_init(s,v);
-}
+	string_set(&sDefault.szPrinterDriver, "");
+	string_set(&sDefault.szDriverFile, dyn_DRIVERFILE);
 
+	/* choose defaults depending on the type of printing */
+	switch (sDefault.iPrinting)
+	{
+		case PRINT_BSD:
+		case PRINT_AIX:
+		case PRINT_LPRNT:
+		case PRINT_LPROS2:
+			string_set(&sDefault.szLpqcommand, "lpq -P%p");
+			string_set(&sDefault.szLprmcommand, "lprm -P%p %j");
+			string_set(&sDefault.szPrintcommand,
+				   "lpr -r -P%p %s");
+			break;
+
+		case PRINT_LPRNG:
+		case PRINT_PLP:
+			string_set(&sDefault.szLpqcommand, "lpq -P%p");
+			string_set(&sDefault.szLprmcommand, "lprm -P%p %j");
+			string_set(&sDefault.szPrintcommand,
+				   "lpr -r -P%p %s");
+			string_set(&sDefault.szQueuepausecommand,
+				   "lpc stop %p");
+			string_set(&sDefault.szQueueresumecommand,
+				   "lpc start %p");
+			string_set(&sDefault.szLppausecommand,
+				   "lpc hold %p %j");
+			string_set(&sDefault.szLpresumecommand,
+				   "lpc release %p %j");
+			break;
+
+		case PRINT_CUPS:
+#ifdef HAVE_CUPS
+			string_set(&sDefault.szLpqcommand, "");
+			string_set(&sDefault.szLprmcommand, "");
+			string_set(&sDefault.szPrintcommand, "");
+			string_set(&sDefault.szLppausecommand, "");
+			string_set(&sDefault.szLpresumecommand, "");
+			string_set(&sDefault.szQueuepausecommand, "");
+			string_set(&sDefault.szQueueresumecommand, "");
+
+	                string_set(&Globals.szPrintcapname, "cups");
+#else
+			string_set(&sDefault.szLpqcommand,
+			           "/usr/bin/lpstat -o %p");
+			string_set(&sDefault.szLprmcommand,
+			           "/usr/bin/cancel %p-%j");
+			string_set(&sDefault.szPrintcommand,
+			           "/usr/bin/lp -d %p %s; rm %s");
+			string_set(&sDefault.szLppausecommand,
+				   "lp -i %p-%j -H hold");
+			string_set(&sDefault.szLpresumecommand,
+				   "lp -i %p-%j -H resume");
+			string_set(&sDefault.szQueuepausecommand,
+			           "/usr/bin/disable %p");
+			string_set(&sDefault.szQueueresumecommand,
+			           "/usr/bin/enable %p");
+			string_set(&Globals.szPrintcapname, "lpstat");
+#endif /* HAVE_CUPS */
+			break;
+
+		case PRINT_SYSV:
+		case PRINT_HPUX:
+			string_set(&sDefault.szLpqcommand, "lpstat -o%p");
+			string_set(&sDefault.szLprmcommand, "cancel %p-%j");
+			string_set(&sDefault.szPrintcommand,
+				   "lp -c -d%p %s; rm %s");
+			string_set(&sDefault.szQueuepausecommand,
+				   "disable %p");
+			string_set(&sDefault.szQueueresumecommand,
+				   "enable %p");
+#ifndef HPUX
+			string_set(&sDefault.szLppausecommand,
+				   "lp -i %p-%j -H hold");
+			string_set(&sDefault.szLpresumecommand,
+				   "lp -i %p-%j -H resume");
+#endif /* SYSV */
+			break;
+
+		case PRINT_QNX:
+			string_set(&sDefault.szLpqcommand, "lpq -P%p");
+			string_set(&sDefault.szLprmcommand, "lprm -P%p %j");
+			string_set(&sDefault.szPrintcommand, "lp -r -P%p %s");
+			break;
+
+		case PRINT_SOFTQ:
+			string_set(&sDefault.szLpqcommand, "qstat -l -d%p");
+			string_set(&sDefault.szLprmcommand,
+				   "qstat -s -j%j -c");
+			string_set(&sDefault.szPrintcommand,
+				   "lp -d%p -s %s; rm %s");
+			string_set(&sDefault.szLppausecommand,
+				   "qstat -s -j%j -h");
+			string_set(&sDefault.szLpresumecommand,
+				   "qstat -s -j%j -r");
+			break;
+#ifdef DEVELOPER
+	case PRINT_TEST:
+	case PRINT_VLP:
+		string_set(&sDefault.szPrintcommand, "vlp print %p %s");
+		string_set(&sDefault.szLpqcommand, "vlp lpq %p");
+		string_set(&sDefault.szLprmcommand, "vlp lprm %p %j");
+		string_set(&sDefault.szLppausecommand, "vlp lppause %p %j");
+		string_set(&sDefault.szLpresumecommand, "vlp lpresum %p %j");
+		string_set(&sDefault.szQueuepausecommand, "vlp queuepause %p");
+		string_set(&sDefault.szQueueresumecommand, "vlp queueresume %p");
+		break;
+#endif /* DEVELOPER */
+
+	}
+}
 
 /***************************************************************************
-Initialise the sDefault parameter structure.
+Initialise the global parameter structure.
 ***************************************************************************/
-static void init_locals(void)
-{
-  /* choose defaults depending on the type of printing */
-  switch (Globals.printing)
-    {
-    case PRINT_BSD:
-    case PRINT_AIX:
-      string_initial(&sDefault.szLpqcommand,"lpq -P%p");
-      string_initial(&sDefault.szLprmcommand,"lprm -P%p %j");
-      string_initial(&sDefault.szPrintcommand,"lpr -r -P%p %s");
-      break;
-
-    case PRINT_SYSV:
-    case PRINT_HPUX:
-      string_initial(&sDefault.szLpqcommand,"lpstat -o%p");
-      string_initial(&sDefault.szLprmcommand,"cancel %p-%j");
-      string_initial(&sDefault.szPrintcommand,"lp -c -d%p %s; rm %s");
-#ifdef SVR4
-      string_initial(&sDefault.szLppausecommand,"lp -i %p-%j -H hold");
-      string_initial(&sDefault.szLpresumecommand,"lp -i %p-%j -H resume");
+static void init_globals(void)
+{
+	static BOOL done_init = False;
+	pstring s;
+
+	if (!done_init)
+	{
+		int i;
+		memset((void *)&Globals, '\0', sizeof(Globals));
+
+		for (i = 0; parm_table[i].label; i++)
+			if ((parm_table[i].type == P_STRING ||
+			     parm_table[i].type == P_USTRING) &&
+			    parm_table[i].ptr)
+				string_set(parm_table[i].ptr, "");
+
+		string_set(&sDefault.fstype, FSTYPE_STRING);
+
+		init_printer_values();
+
+		done_init = True;
+	}
+
+
+	DEBUG(3, ("Initialising global parameters\n"));
+
+	string_set(&Globals.szSMBPasswdFile, dyn_SMB_PASSWD_FILE);
+	string_set(&Globals.szPrivateDir, dyn_PRIVATE_DIR);
+	string_set(&Globals.szPassdbBackend, "smbpasswd");
+
+	string_set(&Globals.szGuestaccount, GUEST_ACCOUNT);
+
+	/* using UTF8 by default allows us to support all chars */
+	string_set(&Globals.unix_charset, "UTF8");
+
+	/*
+	 * Allow the default PASSWD_CHAT to be overridden in local.h.
+	 */
+	string_set(&Globals.szPasswdChat, DEFAULT_PASSWD_CHAT);
+	string_set(&Globals.szWorkGroup, WORKGROUP);
+	string_set(&Globals.szPasswdProgram, "");
+	string_set(&Globals.szPrintcapname, PRINTCAP_NAME);
+	string_set(&Globals.szLockDir, dyn_LOCKDIR);
+	string_set(&Globals.szSocketAddress, "0.0.0.0");
+	pstrcpy(s, "Samba ");
+	pstrcat(s, VERSION);
+	string_set(&Globals.szServerString, s);
+	slprintf(s, sizeof(s) - 1, "%d.%d", DEFAULT_MAJOR_VERSION,
+		 DEFAULT_MINOR_VERSION);
+	string_set(&Globals.szAnnounceVersion, s);
+
+	pstrcpy(user_socket_options, DEFAULT_SOCKET_OPTIONS);
+
+	string_set(&Globals.szLogonDrive, "");
+	/* %N is the NIS auto.home server if -DAUTOHOME is used, else same as %L */
+	string_set(&Globals.szLogonHome, "\\\\%N\\%U");
+	string_set(&Globals.szLogonPath, "\\\\%N\\%U\\profile");
+
+	string_set(&Globals.szNameResolveOrder, "lmhosts wins host bcast");
+	string_set(&Globals.szPasswordServer, "*");
+
+	Globals.bLoadPrinters = True;
+	Globals.max_packet = 65535;
+	Globals.mangled_stack = 50;
+	Globals.max_xmit = 65535;
+	Globals.max_mux = 50;	/* This is *needed* for profile support. */
+	Globals.lpqcachetime = 10;
+	Globals.bDisableSpoolss = False;
+	Globals.iMaxSmbdProcesses = 0;/* no limit specified */
+	Globals.iTotalPrintJobs = 0;  /* no limit specified */
+	Globals.pwordlevel = 0;
+	Globals.unamelevel = 0;
+	Globals.deadtime = 0;
+	Globals.bLargeReadwrite = True;
+	Globals.max_log_size = 5000;
+	Globals.max_open_files = MAX_OPEN_FILES;
+	Globals.maxprotocol = PROTOCOL_NT1;
+	Globals.minprotocol = PROTOCOL_CORE;
+	Globals.security = SEC_USER;
+	Globals.paranoid_server_security = True;
+	Globals.bEncryptPasswords = True;
+	Globals.bUpdateEncrypt = False;
+	Globals.bReadRaw = True;
+	Globals.bWriteRaw = True;
+	Globals.bReadPrediction = False;
+	Globals.bReadbmpx = False;
+	Globals.bNullPasswords = False;
+	Globals.bObeyPamRestrictions = False;
+	Globals.bStripDot = False;
+	Globals.syslog = 1;
+	Globals.bSyslogOnly = False;
+	Globals.bAdminLog = False;
+	Globals.bTimestampLogs = True;
+	Globals.bDebugHiresTimestamp = False;
+	Globals.bDebugPid = False;
+	Globals.bDebugUid = False;
+	Globals.max_ttl = 60 * 60 * 24 * 3;	/* 3 days default. */
+	Globals.max_wins_ttl = 60 * 60 * 24 * 6;	/* 6 days default. */
+	Globals.min_wins_ttl = 60 * 60 * 6;	/* 6 hours default. */
+	Globals.machine_password_timeout = 60 * 60 * 24 * 7;	/* 7 days default. */
+	Globals.change_notify_timeout = 60;	/* 1 minute default. */
+	Globals.ReadSize = 16 * 1024;
+	Globals.lm_announce = 2;	/* = Auto: send only if LM clients found */
+	Globals.lm_interval = 60;
+	Globals.stat_cache_size = 50;	/* Number of stat translations we'll keep */
+	Globals.announce_as = ANNOUNCE_AS_NT_SERVER;
+#if (defined(HAVE_NETGROUP) && defined(WITH_AUTOMOUNT))
+	Globals.bNISHomeMap = False;
+#ifdef WITH_NISPLUS_HOME
+	string_set(&Globals.szNISHomeMapName, "auto_home.org_dir");
+#else
+	string_set(&Globals.szNISHomeMapName, "auto.home");
+#endif
+#endif
+	Globals.bTimeServer = False;
+	Globals.bBindInterfacesOnly = False;
+	Globals.bUnixPasswdSync = False;
+	Globals.bPamPasswordChange = False;
+	Globals.bPasswdChatDebug = False;
+	Globals.bUnicode = True;	/* Do unicode on the wire by default */
+	Globals.bNTPipeSupport = True;	/* Do NT pipes by default. */
+	Globals.bNTStatusSupport = True; /* Use NT status by default. */
+	Globals.bStatCache = True;	/* use stat cache by default */
+	Globals.bRestrictAnonymous = False;
+	Globals.bLanmanAuth = True;	/* Do use the LanMan hash if it is available */
+	Globals.bNTLMAuth = True;	/* Do use NTLMv1 if it is available (otherwise NTLMv2) */
+	Globals.map_to_guest = 0;	/* By Default, "Never" */
+	Globals.min_passwd_length = MINPASSWDLENGTH;	/* By Default, 5. */
+	Globals.oplock_break_wait_time = 0;	/* By Default, 0 msecs. */
+	Globals.enhanced_browsing = True; 
+	Globals.iLockSpinCount = 3; /* Try 2 times. */
+	Globals.iLockSpinTime = 10; /* usec. */
+#ifdef MMAP_BLACKLIST
+	Globals.bUseMmap = False;
+#else
+	Globals.bUseMmap = True;
 #endif
-      break;
 
-    case PRINT_QNX:
-      string_initial(&sDefault.szLpqcommand,"lpq -P%p");
-      string_initial(&sDefault.szLprmcommand,"lprm -P%p %j");
-      string_initial(&sDefault.szPrintcommand,"lp -r -P%p %s");
-      break;
+	/* hostname lookups can be very expensive and are broken on
+	   a large number of sites (tridge) */
+	Globals.bHostnameLookups = False;
+
+#ifdef WITH_LDAP_SAM
+	string_set(&Globals.szLdapSuffix, "");
+	string_set(&Globals.szLdapMachineSuffix, "");
+	string_set(&Globals.szLdapUserSuffix, "");
+
+	string_set(&Globals.szLdapFilter, "(&(uid=%u)(objectclass=sambaAccount))");
+	string_set(&Globals.szLdapAdminDn, "");
+	Globals.ldap_ssl = LDAP_SSL_ON;
+#endif /* WITH_LDAP_SAM */
+
+#ifdef WITH_SSL
+	Globals.sslVersion = SMB_SSL_V23;
+	/* Globals.sslHostsRequire = NULL;
+	Globals.sslHostsResign = NULL; */
+	string_set(&Globals.sslCaCertDir, "");
+	string_set(&Globals.sslCaCertFile, "");
+	string_set(&Globals.sslServerCert, "");
+	string_set(&Globals.sslServerPrivKey, "");
+	string_set(&Globals.sslClientCert, "");
+	string_set(&Globals.sslClientPrivKey, "");
+	string_set(&Globals.sslCiphers, "");
+	string_set(&Globals.sslEgdSocket, "");
+	string_set(&Globals.sslEntropyFile, "");
+	Globals.sslEntropyBytes = 256;
+	Globals.sslEnabled = False;
+	Globals.sslReqClientCert = False;
+	Globals.sslReqServerCert = False;
+	Globals.sslCompatibility = False;
+#endif /* WITH_SSL */
+
+/* these parameters are set to defaults that are more appropriate
+   for the increasing samba install base:
+
+   as a member of the workgroup, that will possibly become a
+   _local_ master browser (lm = True).  this is opposed to a forced
+   local master browser startup (pm = True).
+
+   doesn't provide WINS server service by default (wsupp = False),
+   and doesn't provide domain master browser services by default, either.
+
+*/
+
+	Globals.bMsAddPrinterWizard = True;
+	Globals.bPreferredMaster = Auto;	/* depending on bDomainMaster */
+	Globals.os_level = 20;
+	Globals.bLocalMaster = True;
+	Globals.bDomainMaster = Auto;	/* depending on bDomainLogons */
+	Globals.bDomainLogons = False;
+	Globals.bBrowseList = True;
+	Globals.bWINSsupport = False;
+	Globals.bWINSproxy = False;
+
+	Globals.bDNSproxy = True;
+
+	/* this just means to use them if they exist */
+	Globals.bKernelOplocks = True;
+
+	Globals.bAllowTrustedDomains = True;
+
+	string_set(&Globals.szTemplateShell, "/bin/false");
+	string_set(&Globals.szTemplateHomedir, "/home/%D/%U");
+	string_set(&Globals.szWinbindSeparator, "\\");
+
+	Globals.winbind_cache_time = 15;
+	Globals.bWinbindEnumUsers = True;
+	Globals.bWinbindEnumGroups = True;
+	Globals.bWinbindUseDefaultDomain = False;
+
+	Globals.bUseSpnego = True;
 
-      
-    }
 }
 
+static TALLOC_CTX *lp_talloc;
+
+/******************************************************************* a
+free up temporary memory - called from the main loop
+********************************************************************/
+void lp_talloc_free(void)
+{
+	if (!lp_talloc)
+		return;
+	talloc_destroy(lp_talloc);
+	lp_talloc = NULL;
+}
 
 /*******************************************************************
-a convenience rooutine to grab string parameters into a rotating
-static buffer, and run standard_sub_basic on them. The buffers
-can be written to by callers
+convenience routine to grab string parameters into temporary memory
+and run standard_sub_basic on them. The buffers can be written to by
+callers without affecting the source string.
 ********************************************************************/
-char *lp_string(char *s)
+static char *lp_string(const char *s)
 {
-  static pstring bufs[10];
-  static int next=0;
-  char *ret;
-  
-  ret = &bufs[next][0];
-  next = (next+1)%10;
+	size_t len = s ? strlen(s) : 0;
+	char *ret;
 
-  if (!s) 
-    *ret = 0;
-  else
-    StrnCpy(ret,s,sizeof(pstring)-1);
+	/* The follow debug is useful for tracking down memory problems
+	   especially if you have an inner loop that is calling a lp_*()
+	   function that returns a string.  Perhaps this debug should be
+	   present all the time? */
 
-  standard_sub_basic(ret);
-  return(ret);
+#if 0
+	DEBUG(10, ("lp_string(%s)\n", s));
+#endif
+
+	if (!lp_talloc)
+		lp_talloc = talloc_init_named("lp_talloc");
+
+	ret = (char *)talloc(lp_talloc, len + 100);	/* leave room for substitution */
+
+	if (!ret)
+		return NULL;
+
+	if (!s)
+		*ret = 0;
+	else
+		StrnCpy(ret, s, len);
+
+	trim_string(ret, "\"", "\"");
+
+	standard_sub_basic(current_user_info.smb_name,ret);
+	return (ret);
 }
 
 
@@ -653,6 +1486,8 @@ char *lp_string(char *s)
 
 #define FN_GLOBAL_STRING(fn_name,ptr) \
  char *fn_name(void) {return(lp_string(*(char **)(ptr) ? *(char **)(ptr) : ""));}
+#define FN_GLOBAL_LIST(fn_name,ptr) \
+ char **fn_name(void) {return(*(char ***)(ptr));}
 #define FN_GLOBAL_BOOL(fn_name,ptr) \
  BOOL fn_name(void) {return(*(BOOL *)(ptr));}
 #define FN_GLOBAL_CHAR(fn_name,ptr) \
@@ -661,346 +1496,539 @@ char *lp_string(char *s)
  int fn_name(void) {return(*(int *)(ptr));}
 
 #define FN_LOCAL_STRING(fn_name,val) \
- char *fn_name(int i) {return(lp_string((LP_SNUM_OK(i)&&pSERVICE(i)->val)?pSERVICE(i)->val : sDefault.val));}
+ char *fn_name(int i) {return(lp_string((LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val));}
+#define FN_LOCAL_LIST(fn_name,val) \
+ char **fn_name(int i) {return(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
 #define FN_LOCAL_BOOL(fn_name,val) \
- BOOL fn_name(int i) {return(LP_SNUM_OK(i)? pSERVICE(i)->val : sDefault.val);}
+ BOOL fn_name(int i) {return(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
 #define FN_LOCAL_CHAR(fn_name,val) \
- char fn_name(int i) {return(LP_SNUM_OK(i)? pSERVICE(i)->val : sDefault.val);}
+ char fn_name(int i) {return(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
 #define FN_LOCAL_INTEGER(fn_name,val) \
- int fn_name(int i) {return(LP_SNUM_OK(i)? pSERVICE(i)->val : sDefault.val);}
-
-FN_GLOBAL_STRING(lp_logfile,&Globals.szLogFile)
-FN_GLOBAL_STRING(lp_configfile,&Globals.szConfigFile)
-FN_GLOBAL_STRING(lp_smb_passwd_file,&Globals.szSMBPasswdFile)
-FN_GLOBAL_STRING(lp_serverstring,&Globals.szServerString)
-FN_GLOBAL_STRING(lp_printcapname,&Globals.szPrintcapname)
-FN_GLOBAL_STRING(lp_lockdir,&Globals.szLockDir)
-FN_GLOBAL_STRING(lp_rootdir,&Globals.szRootdir)
-FN_GLOBAL_STRING(lp_defaultservice,&Globals.szDefaultService)
-FN_GLOBAL_STRING(lp_msg_command,&Globals.szMsgCommand)
-FN_GLOBAL_STRING(lp_dfree_command,&Globals.szDfree)
-FN_GLOBAL_STRING(lp_hosts_equiv,&Globals.szHostsEquiv)
-FN_GLOBAL_STRING(lp_auto_services,&Globals.szAutoServices)
-FN_GLOBAL_STRING(lp_passwd_program,&Globals.szPasswdProgram)
-FN_GLOBAL_STRING(lp_passwd_chat,&Globals.szPasswdChat)
-FN_GLOBAL_STRING(lp_passwordserver,&Globals.szPasswordServer)
-FN_GLOBAL_STRING(lp_workgroup,&Globals.szWorkGroup)
-FN_GLOBAL_STRING(lp_domain_controller,&Globals.szDomainController)
-FN_GLOBAL_STRING(lp_username_map,&Globals.szUsernameMap)
-FN_GLOBAL_STRING(lp_character_set,&Globals.szCharacterSet) 
-FN_GLOBAL_STRING(lp_logon_script,&Globals.szLogonScript) 
-
-FN_GLOBAL_BOOL(lp_domain_master,&Globals.bDomainMaster)
-FN_GLOBAL_BOOL(lp_domain_logons,&Globals.bDomainLogons)
-FN_GLOBAL_BOOL(lp_preferred_master,&Globals.bPreferredMaster)
-FN_GLOBAL_BOOL(lp_load_printers,&Globals.bLoadPrinters)
-FN_GLOBAL_BOOL(lp_use_rhosts,&Globals.bUseRhosts)
-FN_GLOBAL_BOOL(lp_getwdcache,&use_getwd_cache)
-FN_GLOBAL_BOOL(lp_readprediction,&Globals.bReadPrediction)
-FN_GLOBAL_BOOL(lp_readbmpx,&Globals.bReadbmpx)
-FN_GLOBAL_BOOL(lp_readraw,&Globals.bReadRaw)
-FN_GLOBAL_BOOL(lp_writeraw,&Globals.bWriteRaw)
-FN_GLOBAL_BOOL(lp_null_passwords,&Globals.bNullPasswords)
-FN_GLOBAL_BOOL(lp_strip_dot,&Globals.bStripDot)
-FN_GLOBAL_BOOL(lp_encrypted_passwords,&Globals.bEncryptPasswords)
-FN_GLOBAL_BOOL(lp_syslog_only,&Globals.bSyslogOnly)
-FN_GLOBAL_BOOL(lp_browse_list,&Globals.bBrowseList)
-
-FN_GLOBAL_INTEGER(lp_os_level,&Globals.os_level)
-FN_GLOBAL_INTEGER(lp_max_ttl,&Globals.max_ttl)
-FN_GLOBAL_INTEGER(lp_max_log_size,&Globals.max_log_size)
-FN_GLOBAL_INTEGER(lp_mangledstack,&Globals.mangled_stack)
-FN_GLOBAL_INTEGER(lp_maxxmit,&Globals.max_xmit)
-FN_GLOBAL_INTEGER(lp_maxmux,&Globals.max_mux)
-FN_GLOBAL_INTEGER(lp_maxpacket,&Globals.max_packet)
-FN_GLOBAL_INTEGER(lp_keepalive,&keepalive)
-FN_GLOBAL_INTEGER(lp_passwordlevel,&Globals.pwordlevel)
-FN_GLOBAL_INTEGER(lp_deadtime,&Globals.deadtime)
-FN_GLOBAL_INTEGER(lp_maxprotocol,&Globals.maxprotocol)
-FN_GLOBAL_INTEGER(lp_security,&Globals.security)
-FN_GLOBAL_INTEGER(lp_printing,&Globals.printing)
-FN_GLOBAL_INTEGER(lp_maxdisksize,&Globals.maxdisksize)
-FN_GLOBAL_INTEGER(lp_lpqcachetime,&Globals.lpqcachetime)
-FN_GLOBAL_INTEGER(lp_syslog,&Globals.syslog)
-
-FN_LOCAL_STRING(lp_preexec,szPreExec)
-FN_LOCAL_STRING(lp_postexec,szPostExec)
-FN_LOCAL_STRING(lp_rootpreexec,szRootPreExec)
-FN_LOCAL_STRING(lp_rootpostexec,szRootPostExec)
-FN_LOCAL_STRING(lp_servicename,szService)
-FN_LOCAL_STRING(lp_pathname,szPath)
-FN_LOCAL_STRING(lp_dontdescend,szDontdescend)
-FN_LOCAL_STRING(lp_username,szUsername)
-FN_LOCAL_STRING(lp_guestaccount,szGuestaccount)
-FN_LOCAL_STRING(lp_invalid_users,szInvalidUsers)
-FN_LOCAL_STRING(lp_valid_users,szValidUsers)
-FN_LOCAL_STRING(lp_admin_users,szAdminUsers)
-FN_LOCAL_STRING(lp_printcommand,szPrintcommand)
-FN_LOCAL_STRING(lp_lpqcommand,szLpqcommand)
-FN_LOCAL_STRING(lp_lprmcommand,szLprmcommand)
-FN_LOCAL_STRING(lp_lppausecommand,szLppausecommand)
-FN_LOCAL_STRING(lp_lpresumecommand,szLpresumecommand)
-FN_LOCAL_STRING(lp_printername,szPrintername)
-FN_LOCAL_STRING(lp_hostsallow,szHostsallow)
-FN_LOCAL_STRING(lp_hostsdeny,szHostsdeny)
-FN_LOCAL_STRING(lp_magicscript,szMagicScript)
-FN_LOCAL_STRING(lp_magicoutput,szMagicOutput)
-FN_LOCAL_STRING(lp_comment,comment)
-FN_LOCAL_STRING(lp_force_user,force_user)
-FN_LOCAL_STRING(lp_force_group,force_group)
-FN_LOCAL_STRING(lp_readlist,readlist)
-FN_LOCAL_STRING(lp_writelist,writelist)
-FN_LOCAL_STRING(lp_volume,volume)
-FN_LOCAL_STRING(lp_mangled_map,szMangledMap)
-
-FN_LOCAL_BOOL(lp_alternate_permissions,bAlternatePerm)
-FN_LOCAL_BOOL(lp_revalidate,bRevalidate)
-FN_LOCAL_BOOL(lp_casesensitive,bCaseSensitive)
-FN_LOCAL_BOOL(lp_preservecase,bCasePreserve)
-FN_LOCAL_BOOL(lp_shortpreservecase,bShortCasePreserve)
-FN_LOCAL_BOOL(lp_casemangle,bCaseMangle)
-FN_LOCAL_BOOL(lp_status,status)
-FN_LOCAL_BOOL(lp_hide_dot_files,bHideDotFiles)
-FN_LOCAL_BOOL(lp_browseable,bBrowseable)
-FN_LOCAL_BOOL(lp_readonly,bRead_only)
-FN_LOCAL_BOOL(lp_no_set_dir,bNo_set_dir)
-FN_LOCAL_BOOL(lp_guest_ok,bGuest_ok)
-FN_LOCAL_BOOL(lp_guest_only,bGuest_only)
-FN_LOCAL_BOOL(lp_print_ok,bPrint_ok)
-FN_LOCAL_BOOL(lp_postscript,bPostscript)
-FN_LOCAL_BOOL(lp_map_hidden,bMap_hidden)
-FN_LOCAL_BOOL(lp_map_archive,bMap_archive)
-FN_LOCAL_BOOL(lp_locking,bLocking)
-FN_LOCAL_BOOL(lp_strict_locking,bStrictLocking)
-FN_LOCAL_BOOL(lp_share_modes,bShareModes)
-FN_LOCAL_BOOL(lp_onlyuser,bOnlyUser)
-FN_LOCAL_BOOL(lp_manglednames,bMangledNames)
-FN_LOCAL_BOOL(lp_widelinks,bWidelinks)
-FN_LOCAL_BOOL(lp_syncalways,bSyncAlways)
-FN_LOCAL_BOOL(lp_map_system,bMap_system)
-
-FN_LOCAL_INTEGER(lp_create_mode,iCreate_mode)
-FN_LOCAL_INTEGER(lp_max_connections,iMaxConnections)
-FN_LOCAL_INTEGER(lp_defaultcase,iDefaultCase)
-FN_LOCAL_INTEGER(lp_minprintspace,iMinPrintSpace)
-
-FN_LOCAL_CHAR(lp_magicchar,magic_char)
-
-
+ int fn_name(int i) {return(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
+
+FN_GLOBAL_STRING(lp_dos_charset, &Globals.dos_charset)
+FN_GLOBAL_STRING(lp_unix_charset, &Globals.unix_charset)
+FN_GLOBAL_STRING(lp_display_charset, &Globals.display_charset)
+FN_GLOBAL_STRING(lp_logfile, &Globals.szLogFile)
+FN_GLOBAL_STRING(lp_configfile, &Globals.szConfigFile)
+FN_GLOBAL_STRING(lp_smb_passwd_file, &Globals.szSMBPasswdFile)
+FN_GLOBAL_STRING(lp_private_dir, &Globals.szPrivateDir)
+FN_GLOBAL_STRING(lp_passdb_backend, &Globals.szPassdbBackend)
+FN_GLOBAL_STRING(lp_serverstring, &Globals.szServerString)
+FN_GLOBAL_STRING(lp_printcapname, &Globals.szPrintcapname)
+FN_GLOBAL_STRING(lp_enumports_cmd, &Globals.szEnumPortsCommand)
+FN_GLOBAL_STRING(lp_addprinter_cmd, &Globals.szAddPrinterCommand)
+FN_GLOBAL_STRING(lp_deleteprinter_cmd, &Globals.szDeletePrinterCommand)
+FN_GLOBAL_STRING(lp_os2_driver_map, &Globals.szOs2DriverMap)
+FN_GLOBAL_STRING(lp_lockdir, &Globals.szLockDir)
+FN_GLOBAL_STRING(lp_mangling_method, &Globals.szManglingMethod)
+#ifdef WITH_UTMP
+FN_GLOBAL_STRING(lp_utmpdir, &Globals.szUtmpDir)
+FN_GLOBAL_STRING(lp_wtmpdir, &Globals.szWtmpDir)
+FN_GLOBAL_BOOL(lp_utmp, &Globals.bUtmp)
+#endif
+FN_GLOBAL_STRING(lp_rootdir, &Globals.szRootdir)
+FN_GLOBAL_STRING(lp_source_environment, &Globals.szSourceEnv)
+FN_GLOBAL_STRING(lp_defaultservice, &Globals.szDefaultService)
+FN_GLOBAL_STRING(lp_msg_command, &Globals.szMsgCommand)
+FN_GLOBAL_STRING(lp_dfree_command, &Globals.szDfree)
+FN_GLOBAL_STRING(lp_hosts_equiv, &Globals.szHostsEquiv)
+FN_GLOBAL_STRING(lp_auto_services, &Globals.szAutoServices)
+FN_GLOBAL_STRING(lp_passwd_program, &Globals.szPasswdProgram)
+FN_GLOBAL_STRING(lp_passwd_chat, &Globals.szPasswdChat)
+FN_GLOBAL_STRING(lp_passwordserver, &Globals.szPasswordServer)
+FN_GLOBAL_STRING(lp_name_resolve_order, &Globals.szNameResolveOrder)
+FN_GLOBAL_STRING(lp_workgroup, &Globals.szWorkGroup)
+FN_GLOBAL_STRING(lp_realm, &Globals.szRealm)
+FN_GLOBAL_STRING(lp_ads_server, &Globals.szADSserver)
+FN_GLOBAL_STRING(lp_username_map, &Globals.szUsernameMap)
+FN_GLOBAL_STRING(lp_logon_script, &Globals.szLogonScript)
+FN_GLOBAL_STRING(lp_logon_path, &Globals.szLogonPath)
+FN_GLOBAL_STRING(lp_logon_drive, &Globals.szLogonDrive)
+FN_GLOBAL_STRING(lp_logon_home, &Globals.szLogonHome)
+FN_GLOBAL_STRING(lp_remote_announce, &Globals.szRemoteAnnounce)
+FN_GLOBAL_STRING(lp_remote_browse_sync, &Globals.szRemoteBrowseSync)
+FN_GLOBAL_STRING(lp_wins_server_list, &Globals.szWINSserver)
+FN_GLOBAL_LIST(lp_interfaces, &Globals.szInterfaces)
+FN_GLOBAL_STRING(lp_socket_address, &Globals.szSocketAddress)
+FN_GLOBAL_STRING(lp_nis_home_map_name, &Globals.szNISHomeMapName)
+static FN_GLOBAL_STRING(lp_announce_version, &Globals.szAnnounceVersion)
+FN_GLOBAL_LIST(lp_netbios_aliases, &Globals.szNetbiosAliases)
+FN_GLOBAL_STRING(lp_panic_action, &Globals.szPanicAction)
+FN_GLOBAL_STRING(lp_adduser_script, &Globals.szAddUserScript)
+FN_GLOBAL_STRING(lp_deluser_script, &Globals.szDelUserScript)
+
+FN_GLOBAL_STRING(lp_guestaccount, &Globals.szGuestaccount)
+FN_GLOBAL_STRING(lp_addgroup_script, &Globals.szAddGroupScript)
+FN_GLOBAL_STRING(lp_delgroup_script, &Globals.szDelGroupScript)
+FN_GLOBAL_STRING(lp_addusertogroup_script, &Globals.szAddUserToGroupScript)
+FN_GLOBAL_STRING(lp_deluserfromgroup_script, &Globals.szDelUserToGroupScript)
+
+FN_GLOBAL_STRING(lp_addmachine_script, &Globals.szAddMachineScript)
+
+FN_GLOBAL_STRING(lp_shutdown_script, &Globals.szShutdownScript)
+FN_GLOBAL_STRING(lp_abort_shutdown_script, &Globals.szAbortShutdownScript)
+
+FN_GLOBAL_STRING(lp_wins_hook, &Globals.szWINSHook)
+FN_GLOBAL_STRING(lp_wins_partners, &Globals.szWINSPartners)
+FN_GLOBAL_STRING(lp_template_homedir, &Globals.szTemplateHomedir)
+FN_GLOBAL_STRING(lp_template_shell, &Globals.szTemplateShell)
+FN_GLOBAL_STRING(lp_winbind_separator, &Globals.szWinbindSeparator)
+FN_GLOBAL_BOOL(lp_winbind_enum_users, &Globals.bWinbindEnumUsers)
+FN_GLOBAL_BOOL(lp_winbind_enum_groups, &Globals.bWinbindEnumGroups)
+FN_GLOBAL_BOOL(lp_winbind_use_default_domain, &Globals.bWinbindUseDefaultDomain)
+#ifdef WITH_LDAP_SAM
+FN_GLOBAL_STRING(lp_ldap_suffix, &Globals.szLdapSuffix)
+FN_GLOBAL_STRING(lp_ldap_machine_suffix, &Globals.szLdapMachineSuffix)
+FN_GLOBAL_STRING(lp_ldap_user_suffix, &Globals.szLdapUserSuffix)
+FN_GLOBAL_STRING(lp_ldap_filter, &Globals.szLdapFilter)
+FN_GLOBAL_STRING(lp_ldap_admin_dn, &Globals.szLdapAdminDn)
+FN_GLOBAL_INTEGER(lp_ldap_ssl, &Globals.ldap_ssl)
+#endif /* WITH_LDAP_SAM */
+FN_GLOBAL_STRING(lp_add_share_cmd, &Globals.szAddShareCommand)
+FN_GLOBAL_STRING(lp_change_share_cmd, &Globals.szChangeShareCommand)
+FN_GLOBAL_STRING(lp_delete_share_cmd, &Globals.szDeleteShareCommand)
+
+#ifdef WITH_SSL
+FN_GLOBAL_INTEGER(lp_ssl_version, &Globals.sslVersion)
+FN_GLOBAL_LIST(lp_ssl_hosts, &Globals.sslHostsRequire)
+FN_GLOBAL_LIST(lp_ssl_hosts_resign, &Globals.sslHostsResign)
+FN_GLOBAL_STRING(lp_ssl_cacertdir, &Globals.sslCaCertDir)
+FN_GLOBAL_STRING(lp_ssl_cacertfile, &Globals.sslCaCertFile)
+FN_GLOBAL_STRING(lp_ssl_server_cert, &Globals.sslServerCert)
+FN_GLOBAL_STRING(lp_ssl_server_privkey, &Globals.sslServerPrivKey)
+FN_GLOBAL_STRING(lp_ssl_client_cert, &Globals.sslClientCert)
+FN_GLOBAL_STRING(lp_ssl_client_privkey, &Globals.sslClientPrivKey)
+FN_GLOBAL_STRING(lp_ssl_ciphers, &Globals.sslCiphers)
+FN_GLOBAL_STRING(lp_ssl_egdsocket, &Globals.sslEgdSocket)
+FN_GLOBAL_STRING(lp_ssl_entropyfile, &Globals.sslEntropyFile)
+FN_GLOBAL_INTEGER(lp_ssl_entropybytes, &Globals.sslEntropyBytes)
+FN_GLOBAL_BOOL(lp_ssl_enabled, &Globals.sslEnabled)
+FN_GLOBAL_BOOL(lp_ssl_reqClientCert, &Globals.sslReqClientCert)
+FN_GLOBAL_BOOL(lp_ssl_reqServerCert, &Globals.sslReqServerCert)
+FN_GLOBAL_BOOL(lp_ssl_compatibility, &Globals.sslCompatibility)
+#endif /* WITH_SSL */
+
+FN_GLOBAL_BOOL(lp_ms_add_printer_wizard, &Globals.bMsAddPrinterWizard)
+FN_GLOBAL_BOOL(lp_dns_proxy, &Globals.bDNSproxy)
+FN_GLOBAL_BOOL(lp_wins_support, &Globals.bWINSsupport)
+FN_GLOBAL_BOOL(lp_we_are_a_wins_server, &Globals.bWINSsupport)
+FN_GLOBAL_BOOL(lp_wins_proxy, &Globals.bWINSproxy)
+FN_GLOBAL_BOOL(lp_local_master, &Globals.bLocalMaster)
+FN_GLOBAL_BOOL(lp_domain_logons, &Globals.bDomainLogons)
+FN_GLOBAL_BOOL(lp_load_printers, &Globals.bLoadPrinters)
+FN_GLOBAL_BOOL(lp_readprediction, &Globals.bReadPrediction)
+FN_GLOBAL_BOOL(lp_readbmpx, &Globals.bReadbmpx)
+FN_GLOBAL_BOOL(lp_readraw, &Globals.bReadRaw)
+FN_GLOBAL_BOOL(lp_large_readwrite, &Globals.bLargeReadwrite)
+FN_GLOBAL_BOOL(lp_writeraw, &Globals.bWriteRaw)
+FN_GLOBAL_BOOL(lp_null_passwords, &Globals.bNullPasswords)
+FN_GLOBAL_BOOL(lp_obey_pam_restrictions, &Globals.bObeyPamRestrictions)
+FN_GLOBAL_BOOL(lp_strip_dot, &Globals.bStripDot)
+FN_GLOBAL_BOOL(lp_encrypted_passwords, &Globals.bEncryptPasswords)
+FN_GLOBAL_BOOL(lp_update_encrypted, &Globals.bUpdateEncrypt)
+FN_GLOBAL_BOOL(lp_syslog_only, &Globals.bSyslogOnly)
+FN_GLOBAL_BOOL(lp_admin_log, &Globals.bAdminLog)
+FN_GLOBAL_BOOL(lp_timestamp_logs, &Globals.bTimestampLogs)
+FN_GLOBAL_BOOL(lp_debug_hires_timestamp, &Globals.bDebugHiresTimestamp)
+FN_GLOBAL_BOOL(lp_debug_pid, &Globals.bDebugPid)
+FN_GLOBAL_BOOL(lp_debug_uid, &Globals.bDebugUid)
+FN_GLOBAL_BOOL(lp_browse_list, &Globals.bBrowseList)
+FN_GLOBAL_BOOL(lp_nis_home_map, &Globals.bNISHomeMap)
+static FN_GLOBAL_BOOL(lp_time_server, &Globals.bTimeServer)
+FN_GLOBAL_BOOL(lp_bind_interfaces_only, &Globals.bBindInterfacesOnly)
+FN_GLOBAL_BOOL(lp_pam_password_change, &Globals.bPamPasswordChange)
+FN_GLOBAL_BOOL(lp_unix_password_sync, &Globals.bUnixPasswdSync)
+FN_GLOBAL_BOOL(lp_passwd_chat_debug, &Globals.bPasswdChatDebug)
+FN_GLOBAL_BOOL(lp_unicode, &Globals.bUnicode)
+FN_GLOBAL_BOOL(lp_nt_pipe_support, &Globals.bNTPipeSupport)
+FN_GLOBAL_BOOL(lp_nt_status_support, &Globals.bNTStatusSupport)
+FN_GLOBAL_BOOL(lp_stat_cache, &Globals.bStatCache)
+FN_GLOBAL_BOOL(lp_allow_trusted_domains, &Globals.bAllowTrustedDomains)
+FN_GLOBAL_BOOL(lp_restrict_anonymous, &Globals.bRestrictAnonymous)
+FN_GLOBAL_BOOL(lp_lanman_auth, &Globals.bLanmanAuth)
+FN_GLOBAL_BOOL(lp_ntlm_auth, &Globals.bNTLMAuth)
+FN_GLOBAL_BOOL(lp_host_msdfs, &Globals.bHostMSDfs)
+FN_GLOBAL_BOOL(lp_kernel_oplocks, &Globals.bKernelOplocks)
+FN_GLOBAL_BOOL(lp_enhanced_browsing, &Globals.enhanced_browsing)
+FN_GLOBAL_BOOL(lp_use_mmap, &Globals.bUseMmap)
+FN_GLOBAL_BOOL(lp_use_spnego, &Globals.bUseSpnego)
+FN_GLOBAL_BOOL(lp_hostname_lookups, &Globals.bHostnameLookups)
+FN_GLOBAL_INTEGER(lp_os_level, &Globals.os_level)
+FN_GLOBAL_INTEGER(lp_max_ttl, &Globals.max_ttl)
+FN_GLOBAL_INTEGER(lp_max_wins_ttl, &Globals.max_wins_ttl)
+FN_GLOBAL_INTEGER(lp_min_wins_ttl, &Globals.min_wins_ttl)
+FN_GLOBAL_INTEGER(lp_max_log_size, &Globals.max_log_size)
+FN_GLOBAL_INTEGER(lp_max_open_files, &Globals.max_open_files)
+FN_GLOBAL_INTEGER(lp_maxxmit, &Globals.max_xmit)
+FN_GLOBAL_INTEGER(lp_maxmux, &Globals.max_mux)
+FN_GLOBAL_INTEGER(lp_passwordlevel, &Globals.pwordlevel)
+FN_GLOBAL_INTEGER(lp_usernamelevel, &Globals.unamelevel)
+FN_GLOBAL_INTEGER(lp_readsize, &Globals.ReadSize)
+FN_GLOBAL_INTEGER(lp_deadtime, &Globals.deadtime)
+FN_GLOBAL_INTEGER(lp_maxprotocol, &Globals.maxprotocol)
+FN_GLOBAL_INTEGER(lp_minprotocol, &Globals.minprotocol)
+FN_GLOBAL_INTEGER(lp_security, &Globals.security)
+FN_GLOBAL_LIST(lp_auth_methods, &Globals.AuthMethods)
+FN_GLOBAL_BOOL(lp_paranoid_server_security, &Globals.paranoid_server_security)
+FN_GLOBAL_INTEGER(lp_maxdisksize, &Globals.maxdisksize)
+FN_GLOBAL_INTEGER(lp_lpqcachetime, &Globals.lpqcachetime)
+FN_GLOBAL_INTEGER(lp_max_smbd_processes, &Globals.iMaxSmbdProcesses)
+FN_GLOBAL_INTEGER(lp_disable_spoolss, &Globals.bDisableSpoolss)
+FN_GLOBAL_INTEGER(lp_totalprintjobs, &Globals.iTotalPrintJobs)
+FN_GLOBAL_INTEGER(lp_syslog, &Globals.syslog)
+static FN_GLOBAL_INTEGER(lp_announce_as, &Globals.announce_as)
+FN_GLOBAL_INTEGER(lp_lm_announce, &Globals.lm_announce)
+FN_GLOBAL_INTEGER(lp_lm_interval, &Globals.lm_interval)
+FN_GLOBAL_INTEGER(lp_machine_password_timeout, &Globals.machine_password_timeout)
+FN_GLOBAL_INTEGER(lp_change_notify_timeout, &Globals.change_notify_timeout)
+FN_GLOBAL_INTEGER(lp_stat_cache_size, &Globals.stat_cache_size)
+FN_GLOBAL_INTEGER(lp_map_to_guest, &Globals.map_to_guest)
+FN_GLOBAL_INTEGER(lp_min_passwd_length, &Globals.min_passwd_length)
+FN_GLOBAL_INTEGER(lp_oplock_break_wait_time, &Globals.oplock_break_wait_time)
+FN_GLOBAL_INTEGER(lp_lock_spin_count, &Globals.iLockSpinCount)
+FN_GLOBAL_INTEGER(lp_lock_sleep_time, &Globals.iLockSpinTime)
+FN_LOCAL_STRING(lp_preexec, szPreExec)
+FN_LOCAL_STRING(lp_postexec, szPostExec)
+FN_LOCAL_STRING(lp_rootpreexec, szRootPreExec)
+FN_LOCAL_STRING(lp_rootpostexec, szRootPostExec)
+FN_LOCAL_STRING(lp_servicename, szService)
+FN_LOCAL_STRING(lp_pathname, szPath)
+FN_LOCAL_STRING(lp_dontdescend, szDontdescend)
+FN_LOCAL_STRING(lp_username, szUsername)
+FN_LOCAL_LIST(lp_invalid_users, szInvalidUsers)
+FN_LOCAL_LIST(lp_valid_users, szValidUsers)
+FN_LOCAL_LIST(lp_admin_users, szAdminUsers)
+FN_LOCAL_STRING(lp_printcommand, szPrintcommand)
+FN_LOCAL_STRING(lp_lpqcommand, szLpqcommand)
+FN_LOCAL_STRING(lp_lprmcommand, szLprmcommand)
+FN_LOCAL_STRING(lp_lppausecommand, szLppausecommand)
+FN_LOCAL_STRING(lp_lpresumecommand, szLpresumecommand)
+FN_LOCAL_STRING(lp_queuepausecommand, szQueuepausecommand)
+FN_LOCAL_STRING(lp_queueresumecommand, szQueueresumecommand)
+static FN_LOCAL_STRING(_lp_printername, szPrintername)
+FN_LOCAL_STRING(lp_driverfile, szDriverFile)
+FN_LOCAL_STRING(lp_printerdriver, szPrinterDriver)
+FN_LOCAL_LIST(lp_hostsallow, szHostsallow)
+FN_LOCAL_LIST(lp_hostsdeny, szHostsdeny)
+FN_LOCAL_STRING(lp_magicscript, szMagicScript)
+FN_LOCAL_STRING(lp_magicoutput, szMagicOutput)
+FN_LOCAL_STRING(lp_comment, comment)
+FN_LOCAL_STRING(lp_force_user, force_user)
+FN_LOCAL_STRING(lp_force_group, force_group)
+FN_LOCAL_LIST(lp_readlist, readlist)
+FN_LOCAL_LIST(lp_writelist, writelist)
+FN_LOCAL_LIST(lp_printer_admin, printer_admin)
+FN_LOCAL_STRING(lp_fstype, fstype)
+FN_LOCAL_STRING(lp_vfsobj, szVfsObjectFile)
+FN_LOCAL_STRING(lp_vfs_options, szVfsOptions)
+static FN_LOCAL_STRING(lp_volume, volume)
+FN_LOCAL_STRING(lp_mangled_map, szMangledMap)
+FN_LOCAL_STRING(lp_veto_files, szVetoFiles)
+FN_LOCAL_STRING(lp_hide_files, szHideFiles)
+FN_LOCAL_STRING(lp_veto_oplocks, szVetoOplockFiles)
+FN_LOCAL_STRING(lp_driverlocation, szPrinterDriverLocation)
+FN_LOCAL_BOOL(lp_msdfs_root, bMSDfsRoot)
+FN_LOCAL_BOOL(lp_autoloaded, autoloaded)
+FN_LOCAL_BOOL(lp_preexec_close, bPreexecClose)
+FN_LOCAL_BOOL(lp_rootpreexec_close, bRootpreexecClose)
+FN_LOCAL_BOOL(lp_casesensitive, bCaseSensitive)
+FN_LOCAL_BOOL(lp_preservecase, bCasePreserve)
+FN_LOCAL_BOOL(lp_shortpreservecase, bShortCasePreserve)
+FN_LOCAL_BOOL(lp_casemangle, bCaseMangle)
+FN_LOCAL_BOOL(lp_hide_dot_files, bHideDotFiles)
+FN_LOCAL_BOOL(lp_hideunreadable, bHideUnReadable)
+FN_LOCAL_BOOL(lp_browseable, bBrowseable)
+FN_LOCAL_BOOL(lp_readonly, bRead_only)
+FN_LOCAL_BOOL(lp_no_set_dir, bNo_set_dir)
+FN_LOCAL_BOOL(lp_guest_ok, bGuest_ok)
+FN_LOCAL_BOOL(lp_guest_only, bGuest_only)
+FN_LOCAL_BOOL(lp_print_ok, bPrint_ok)
+FN_LOCAL_BOOL(lp_postscript, bPostscript)
+FN_LOCAL_BOOL(lp_map_hidden, bMap_hidden)
+FN_LOCAL_BOOL(lp_map_archive, bMap_archive)
+FN_LOCAL_BOOL(lp_locking, bLocking)
+FN_LOCAL_BOOL(lp_strict_locking, bStrictLocking)
+FN_LOCAL_BOOL(lp_posix_locking, bPosixLocking)
+FN_LOCAL_BOOL(lp_share_modes, bShareModes)
+FN_LOCAL_BOOL(lp_oplocks, bOpLocks)
+FN_LOCAL_BOOL(lp_level2_oplocks, bLevel2OpLocks)
+FN_LOCAL_BOOL(lp_onlyuser, bOnlyUser)
+FN_LOCAL_BOOL(lp_manglednames, bMangledNames)
+FN_LOCAL_BOOL(lp_widelinks, bWidelinks)
+FN_LOCAL_BOOL(lp_symlinks, bSymlinks)
+FN_LOCAL_BOOL(lp_syncalways, bSyncAlways)
+FN_LOCAL_BOOL(lp_strict_allocate, bStrictAllocate)
+FN_LOCAL_BOOL(lp_strict_sync, bStrictSync)
+FN_LOCAL_BOOL(lp_map_system, bMap_system)
+FN_LOCAL_BOOL(lp_delete_readonly, bDeleteReadonly)
+FN_LOCAL_BOOL(lp_fake_oplocks, bFakeOplocks)
+FN_LOCAL_BOOL(lp_recursive_veto_delete, bDeleteVetoFiles)
+FN_LOCAL_BOOL(lp_dos_filemode, bDosFilemode)
+FN_LOCAL_BOOL(lp_dos_filetimes, bDosFiletimes)
+FN_LOCAL_BOOL(lp_dos_filetime_resolution, bDosFiletimeResolution)
+FN_LOCAL_BOOL(lp_fake_dir_create_times, bFakeDirCreateTimes)
+FN_LOCAL_BOOL(lp_blocking_locks, bBlockingLocks)
+FN_LOCAL_BOOL(lp_inherit_perms, bInheritPerms)
+FN_LOCAL_BOOL(lp_inherit_acls, bInheritACLS)
+FN_LOCAL_BOOL(lp_use_client_driver, bUseClientDriver)
+FN_LOCAL_BOOL(lp_default_devmode, bDefaultDevmode)
+FN_LOCAL_BOOL(lp_nt_acl_support, bNTAclSupport)
+FN_LOCAL_INTEGER(lp_create_mask, iCreate_mask)
+FN_LOCAL_INTEGER(lp_force_create_mode, iCreate_force_mode)
+FN_LOCAL_INTEGER(lp_security_mask, iSecurity_mask)
+FN_LOCAL_INTEGER(lp_force_security_mode, iSecurity_force_mode)
+FN_LOCAL_INTEGER(lp_dir_mask, iDir_mask)
+FN_LOCAL_INTEGER(lp_force_dir_mode, iDir_force_mode)
+FN_LOCAL_INTEGER(lp_dir_security_mask, iDir_Security_mask)
+FN_LOCAL_INTEGER(lp_force_dir_security_mode, iDir_Security_force_mode)
+FN_LOCAL_INTEGER(lp_max_connections, iMaxConnections)
+FN_LOCAL_INTEGER(lp_defaultcase, iDefaultCase)
+FN_LOCAL_INTEGER(lp_minprintspace, iMinPrintSpace)
+FN_LOCAL_INTEGER(lp_maxprintjobs, iMaxPrintJobs)
+FN_LOCAL_INTEGER(lp_printing, iPrinting)
+FN_LOCAL_INTEGER(lp_oplock_contention_limit, iOplockContentionLimit)
+FN_LOCAL_INTEGER(lp_csc_policy, iCSCPolicy)
+FN_LOCAL_INTEGER(lp_write_cache_size, iWriteCacheSize)
+FN_LOCAL_CHAR(lp_magicchar, magic_char)
+FN_GLOBAL_INTEGER(lp_winbind_cache_time, &Globals.winbind_cache_time)
+FN_GLOBAL_BOOL(lp_hide_local_users, &Globals.bHideLocalUsers)
 
 /* local prototypes */
-static int    strwicmp( char *psz1, char *psz2 );
-static int    map_parameter( char *pszParmName);
-static BOOL   set_boolean( BOOL *pb, char *pszParmValue );
-static int    getservicebyname(char *pszServiceName, service *pserviceDest);
-static void   copy_service( service *pserviceDest, 
-                            service *pserviceSource,
-                            BOOL *pcopymapDest );
-static BOOL   service_ok(int iService);
-static BOOL   do_parameter(char *pszParmName, char *pszParmValue);
-static BOOL   do_section(char *pszSectionName);
-static void   dump_globals(void);
-static void   dump_a_service(service *pService);
-static void init_copymap(service *pservice);
+
+static int map_parameter(char *pszParmName);
+static BOOL set_boolean(BOOL *pb, char *pszParmValue);
+static int getservicebyname(const char *pszServiceName,
+			    service * pserviceDest);
+static void copy_service(service * pserviceDest,
+			 service * pserviceSource, BOOL *pcopymapDest);
+static BOOL service_ok(int iService);
+static BOOL do_parameter(char *pszParmName, char *pszParmValue);
+static BOOL do_section(char *pszSectionName);
+static void init_copymap(service * pservice);
 
 
 /***************************************************************************
 initialise a service to the defaults
 ***************************************************************************/
-static void init_service(service *pservice)
+static void init_service(service * pservice)
 {
-  bzero((char *)pservice,sizeof(service));
-  copy_service(pservice,&sDefault,NULL);
+	memset((char *)pservice, '\0', sizeof(service));
+	copy_service(pservice, &sDefault, NULL);
 }
 
 
 /***************************************************************************
 free the dynamically allocated parts of a service struct
 ***************************************************************************/
-static void free_service(service *pservice)
+static void free_service(service * pservice)
 {
-  int i;
-  if (!pservice)
-     return;
+	int i;
+	if (!pservice)
+		return;
+
+	if (pservice->szService)
+		DEBUG(5,
+		      ("free_service: Freeing service %s\n",
+		       pservice->szService));
+
+	string_free(&pservice->szService);
+	SAFE_FREE(pservice->copymap);
 
-  for (i=0;parm_table[i].label;i++)
-    if (parm_table[i].type == P_STRING && parm_table[i].class == P_LOCAL)
-      string_free((char **)(((char *)pservice) + PTR_DIFF(parm_table[i].ptr,&sDefault)));
+	for (i = 0; parm_table[i].label; i++)
+	{
+		if ((parm_table[i].type == P_STRING ||
+		     parm_table[i].type == P_USTRING) &&
+		    parm_table[i].class == P_LOCAL)
+			string_free((char **)
+				    (((char *)pservice) +
+				     PTR_DIFF(parm_table[i].ptr, &sDefault)));
+		else if (parm_table[i].type == P_LIST &&
+			 parm_table[i].class == P_LOCAL)
+			     lp_list_free((char ***)
+			     		    (((char *)pservice) +
+					     PTR_DIFF(parm_table[i].ptr, &sDefault)));
+	}
+				
+
+	ZERO_STRUCTP(pservice);
 }
 
 /***************************************************************************
 add a new service to the services array initialising it with the given 
-service
+service. 
 ***************************************************************************/
-static int add_a_service(service *pservice, char *name)
+static int add_a_service(const service * pservice, const char *name)
 {
-  int i;
-  service tservice;
-  int num_to_alloc = iNumServices+1;
-
-  tservice = *pservice;
+	int i;
+	service tservice;
+	int num_to_alloc = iNumServices + 1;
 
-  /* it might already exist */
-  if (name) 
-    {
-      i = getservicebyname(name,NULL);
-      if (i >= 0)
-	return(i);
-    }
+	tservice = *pservice;
 
-  /* find an invalid one */
-  for (i=0;i<iNumServices;i++)
-    if (!pSERVICE(i)->valid)
-      break;
-
-  /* if not, then create one */
-  if (i == iNumServices)
-    {
-      ServicePtrs = (service **)Realloc(ServicePtrs,sizeof(service *)*num_to_alloc);
-      if (ServicePtrs)
-	pSERVICE(iNumServices) = (service *)malloc(sizeof(service));
-
-      if (!ServicePtrs || !pSERVICE(iNumServices))
-	return(-1);
+	/* it might already exist */
+	if (name)
+	{
+		i = getservicebyname(name, NULL);
+		if (i >= 0)
+			return (i);
+	}
 
-      iNumServices++;
-    }
-  else
-    free_service(pSERVICE(i));
+	/* find an invalid one */
+	for (i = 0; i < iNumServices; i++)
+		if (!ServicePtrs[i]->valid)
+			break;
 
-  pSERVICE(i)->valid = True;
+	/* if not, then create one */
+	if (i == iNumServices)
+	{
+		service **tsp;
+		
+		tsp = (service **) Realloc(ServicePtrs,
+					   sizeof(service *) *
+					   num_to_alloc);
+					   
+		if (!tsp) {
+			DEBUG(0,("add_a_service: failed to enlarge ServicePtrs!\n"));
+			return (-1);
+		}
+		else {
+			ServicePtrs = tsp;
+			ServicePtrs[iNumServices] =
+				(service *) malloc(sizeof(service));
+		}
+		if (!ServicePtrs[iNumServices]) {
+			DEBUG(0,("add_a_service: out of memory!\n"));
+			return (-1);
+		}
+
+		iNumServices++;
+	}
+	else
+		free_service(ServicePtrs[i]);
 
-  init_service(pSERVICE(i));
-  copy_service(pSERVICE(i),&tservice,NULL);
-  if (name)
-    string_set(&iSERVICE(i).szService,name);  
+	ServicePtrs[i]->valid = True;
 
-  return(i);
+	init_service(ServicePtrs[i]);
+	copy_service(ServicePtrs[i], &tservice, NULL);
+	if (name)
+	{
+		string_set(&ServicePtrs[i]->szService, name);
+	}
+	return (i);
 }
 
 /***************************************************************************
 add a new home service, with the specified home directory, defaults coming 
-from service ifrom
+from service ifrom.
 ***************************************************************************/
-BOOL lp_add_home(char *pszHomename, int iDefaultService, char *pszHomedir)
+BOOL lp_add_home(const char *pszHomename, int iDefaultService, const char *pszHomedir)
 {
-  int i = add_a_service(pSERVICE(iDefaultService),pszHomename);
+	int i;
+	SMB_STRUCT_STAT buf;
 
-  if (i < 0)
-    return(False);
+	/* if the user's home directory doesn't exist, then don't
+	   add it to the list of available shares */
+	if (sys_stat(pszHomedir, &buf))
+		return False;
 
-  if (!(*(iSERVICE(i).szPath)) || strequal(iSERVICE(i).szPath,lp_pathname(-1)))
-    string_set(&iSERVICE(i).szPath,pszHomedir);
-  if (!(*(iSERVICE(i).comment)))
-    {
-      pstring comment;
-      sprintf(comment,"Home directory of %s",pszHomename);
-      string_set(&iSERVICE(i).comment,comment);
-    }
-  iSERVICE(i).bAvailable = sDefault.bAvailable;
-  iSERVICE(i).bBrowseable = sDefault.bBrowseable;
+	i = add_a_service(ServicePtrs[iDefaultService], pszHomename);
 
-  DEBUG(3,("adding home directory %s at %s\n", pszHomename, pszHomedir));
+	if (i < 0)
+		return (False);
 
-  return(True);
+	if (!(*(ServicePtrs[i]->szPath))
+	    || strequal(ServicePtrs[i]->szPath, lp_pathname(-1)))
+		string_set(&ServicePtrs[i]->szPath, pszHomedir);
+	if (!(*(ServicePtrs[i]->comment)))
+	{
+		pstring comment;
+		slprintf(comment, sizeof(comment) - 1,
+			 "Home directory of %s", pszHomename);
+		string_set(&ServicePtrs[i]->comment, comment);
+	}
+	ServicePtrs[i]->bAvailable = sDefault.bAvailable;
+	ServicePtrs[i]->bBrowseable = sDefault.bBrowseable;
+
+	DEBUG(3,
+	      ("adding home directory %s at %s\n", pszHomename, pszHomedir));
+
+	return (True);
 }
 
 /***************************************************************************
-add a new service, based on an old one
+add a new service, based on an old one.
 ***************************************************************************/
-int lp_add_service(char *pszService, int iDefaultService)
+int lp_add_service(const char *pszService, int iDefaultService)
 {
-  return(add_a_service(pSERVICE(iDefaultService),pszService));
+	return (add_a_service(ServicePtrs[iDefaultService], pszService));
 }
 
 
 /***************************************************************************
 add the IPC service
 ***************************************************************************/
-static BOOL lp_add_ipc(void)
+static BOOL lp_add_ipc(char *ipc_name, BOOL guest_ok)
 {
-  pstring comment;
-  int i = add_a_service(&sDefault,"IPC$");
-
-  if (i < 0)
-    return(False);
-
-  sprintf(comment,"IPC Service (%s)",lp_serverstring());
-
-  string_set(&iSERVICE(i).szPath,"/tmp");
-  string_set(&iSERVICE(i).szUsername,"");
-  string_set(&iSERVICE(i).comment,comment);
-  iSERVICE(i).status = False;
-  iSERVICE(i).iMaxConnections = 0;
-  iSERVICE(i).bAvailable = True;
-  iSERVICE(i).bRead_only = True;
-  iSERVICE(i).bGuest_only = False;
-  iSERVICE(i).bGuest_ok = True;
-  iSERVICE(i).bPrint_ok = False;
-  iSERVICE(i).bBrowseable = sDefault.bBrowseable;
-
-  DEBUG(3,("adding IPC service\n"));
-
-  return(True);
+	pstring comment;
+	int i = add_a_service(&sDefault, ipc_name);
+
+	if (i < 0)
+		return (False);
+
+	slprintf(comment, sizeof(comment) - 1,
+		 "IPC Service (%s)", Globals.szServerString);
+
+	string_set(&ServicePtrs[i]->szPath, tmpdir());
+	string_set(&ServicePtrs[i]->szUsername, "");
+	string_set(&ServicePtrs[i]->comment, comment);
+	string_set(&ServicePtrs[i]->fstype, "IPC");
+	ServicePtrs[i]->iMaxConnections = 0;
+	ServicePtrs[i]->bAvailable = True;
+	ServicePtrs[i]->bRead_only = True;
+	ServicePtrs[i]->bGuest_only = False;
+	ServicePtrs[i]->bGuest_ok = guest_ok;
+	ServicePtrs[i]->bPrint_ok = False;
+	ServicePtrs[i]->bBrowseable = sDefault.bBrowseable;
+
+	DEBUG(3, ("adding IPC service\n"));
+
+	return (True);
 }
 
 
 /***************************************************************************
-add a new printer service, with defaults coming from service iFrom
+add a new printer service, with defaults coming from service iFrom.
 ***************************************************************************/
 BOOL lp_add_printer(char *pszPrintername, int iDefaultService)
 {
-  char *comment = "From Printcap";
-  int i = add_a_service(pSERVICE(iDefaultService),pszPrintername);
-  
-  if (i < 0)
-    return(False);
-  
-  /* note that we do NOT default the availability flag to True - */
-  /* we take it from the default service passed. This allows all */
-  /* dynamic printers to be disabled by disabling the [printers] */
-  /* entry (if/when the 'available' keyword is implemented!).    */
-  
-  /* the printer name is set to the service name. */
-  string_set(&iSERVICE(i).szPrintername,pszPrintername);
-  string_set(&iSERVICE(i).comment,comment);
-  iSERVICE(i).bBrowseable = sDefault.bBrowseable;
-  
-  DEBUG(3,("adding printer service %s\n",pszPrintername));
-  
-  return(True);
-}
-
-
-/***************************************************************************
-Do a case-insensitive, whitespace-ignoring string compare.
-***************************************************************************/
-static int strwicmp(char *psz1, char *psz2)
-{
-   /* if BOTH strings are NULL, return TRUE, if ONE is NULL return */
-   /* appropriate value. */
-   if (psz1 == psz2)
-      return (0);
-   else
-      if (psz1 == NULL)
-         return (-1);
-      else
-          if (psz2 == NULL)
-              return (1);
-
-   /* sync the strings on first non-whitespace */
-   while (1)
-   {
-      while (isspace(*psz1))
-         psz1++;
-      while (isspace(*psz2))
-         psz2++;
-      if (toupper(*psz1) != toupper(*psz2) || *psz1 == '\0' || *psz2 == '\0')
-         break;
-      psz1++;
-      psz2++;
-   }
-   return (*psz1 - *psz2);
+	char *comment = "From Printcap";
+	int i = add_a_service(ServicePtrs[iDefaultService], pszPrintername);
+
+	if (i < 0)
+		return (False);
+
+	/* note that we do NOT default the availability flag to True - */
+	/* we take it from the default service passed. This allows all */
+	/* dynamic printers to be disabled by disabling the [printers] */
+	/* entry (if/when the 'available' keyword is implemented!).    */
+
+	/* the printer name is set to the service name. */
+	string_set(&ServicePtrs[i]->szPrintername, pszPrintername);
+	string_set(&ServicePtrs[i]->comment, comment);
+	ServicePtrs[i]->bBrowseable = sDefault.bBrowseable;
+	/* Printers cannot be read_only. */
+	ServicePtrs[i]->bRead_only = False;
+	/* No share modes on printer services. */
+	ServicePtrs[i]->bShareModes = False;
+	/* No oplocks on printer services. */
+	ServicePtrs[i]->bOpLocks = False;
+	/* Printer services must be printable. */
+	ServicePtrs[i]->bPrint_ok = True;
+
+	DEBUG(3, ("adding printer service %s\n", pszPrintername));
+
+	return (True);
 }
 
 /***************************************************************************
@@ -1009,17 +2037,17 @@ Returns False if the parameter string is not recognised, else TRUE.
 ***************************************************************************/
 static int map_parameter(char *pszParmName)
 {
-   int iIndex;
+	int iIndex;
 
-   if (*pszParmName == '-')
-     return(-1);
+	if (*pszParmName == '-')
+		return (-1);
 
-   for (iIndex = 0; parm_table[iIndex].label; iIndex++) 
-      if (strwicmp(parm_table[iIndex].label, pszParmName) == 0)
-         return(iIndex);
+	for (iIndex = 0; parm_table[iIndex].label; iIndex++)
+		if (strwicmp(parm_table[iIndex].label, pszParmName) == 0)
+			return (iIndex);
 
-   DEBUG(0,( "Unknown parameter encountered: \"%s\"\n", pszParmName));
-   return(-1);
+	DEBUG(0, ("Unknown parameter encountered: \"%s\"\n", pszParmName));
+	return (-1);
 }
 
 
@@ -1030,44 +2058,45 @@ represent a boolean.
 ***************************************************************************/
 static BOOL set_boolean(BOOL *pb, char *pszParmValue)
 {
-   BOOL bRetval;
-
-   bRetval = True;
-   if (strwicmp(pszParmValue, "yes") == 0 ||
-       strwicmp(pszParmValue, "true") == 0 ||
-       strwicmp(pszParmValue, "1") == 0)
-      *pb = True;
-   else
-      if (strwicmp(pszParmValue, "no") == 0 ||
-          strwicmp(pszParmValue, "False") == 0 ||
-          strwicmp(pszParmValue, "0") == 0)
-         *pb = False;
-      else
-      {
-         DEBUG(0,( "Badly formed boolean in configuration file: \"%s\".\n",
-               pszParmValue));
-         bRetval = False;
-      }
-   return (bRetval);
+	BOOL bRetval;
+
+	bRetval = True;
+	if (strwicmp(pszParmValue, "yes") == 0 ||
+	    strwicmp(pszParmValue, "true") == 0 ||
+	    strwicmp(pszParmValue, "1") == 0)
+		*pb = True;
+	else
+		if (strwicmp(pszParmValue, "no") == 0 ||
+		    strwicmp(pszParmValue, "False") == 0 ||
+		    strwicmp(pszParmValue, "0") == 0)
+		*pb = False;
+	else
+	{
+		DEBUG(0,
+		      ("ERROR: Badly formed boolean in configuration file: \"%s\".\n",
+		       pszParmValue));
+		bRetval = False;
+	}
+	return (bRetval);
 }
 
 /***************************************************************************
 Find a service by name. Otherwise works like get_service.
 ***************************************************************************/
-static int getservicebyname(char *pszServiceName, service *pserviceDest)
+static int getservicebyname(const char *pszServiceName, service * pserviceDest)
 {
-   int iService;
-
-   for (iService = iNumServices - 1; iService >= 0; iService--)
-      if (VALID(iService) &&
-	  strwicmp(iSERVICE(iService).szService, pszServiceName) == 0) 
-      {
-         if (pserviceDest != NULL)
-	   copy_service(pserviceDest, pSERVICE(iService), NULL);
-         break;
-      }
-
-   return (iService);
+	int iService;
+
+	for (iService = iNumServices - 1; iService >= 0; iService--)
+		if (VALID(iService) &&
+		    strwicmp(ServicePtrs[iService]->szService, pszServiceName) == 0)
+		{
+			if (pserviceDest != NULL)
+				copy_service(pserviceDest, ServicePtrs[iService], NULL);
+			break;
+		}
+
+	return (iService);
 }
 
 
@@ -1077,54 +2106,67 @@ Copy a service structure to another
 
 If pcopymapDest is NULL then copy all fields
 ***************************************************************************/
-static void copy_service(service *pserviceDest, 
-                         service *pserviceSource,
-                         BOOL *pcopymapDest)
-{
-  int i;
-  BOOL bcopyall = (pcopymapDest == NULL);
-
-  for (i=0;parm_table[i].label;i++)
-    if (parm_table[i].ptr && parm_table[i].class == P_LOCAL && 
-	(bcopyall || pcopymapDest[i]))
-      {
-	void *def_ptr = parm_table[i].ptr;
-	void *src_ptr = 
-	  ((char *)pserviceSource) + PTR_DIFF(def_ptr,&sDefault);
-	void *dest_ptr = 
-	  ((char *)pserviceDest) + PTR_DIFF(def_ptr,&sDefault);
-
-	switch (parm_table[i].type)
-	  {
-	  case P_BOOL:
-	  case P_BOOLREV:
-	    *(BOOL *)dest_ptr = *(BOOL *)src_ptr;
-	    break;
-
-	  case P_INTEGER:
-	  case P_OCTAL:
-	    *(int *)dest_ptr = *(int *)src_ptr;
-	    break;
-
-	  case P_CHAR:
-	    *(char *)dest_ptr = *(char *)src_ptr;
-	    break;
-
-	  case P_STRING:
-	    string_set(dest_ptr,*(char **)src_ptr);
-	    break;
-	  default:
-	    break;
-	  }
-      }
-
-  if (bcopyall)
-    {
-      init_copymap(pserviceDest);
-      if (pserviceSource->copymap)
-	memcpy((void *)pserviceDest->copymap,
-	       (void *)pserviceSource->copymap,sizeof(BOOL)*NUMPARAMETERS);
-    }
+static void copy_service(service * pserviceDest,
+			 service * pserviceSource, BOOL *pcopymapDest)
+{
+	int i;
+	BOOL bcopyall = (pcopymapDest == NULL);
+
+	for (i = 0; parm_table[i].label; i++)
+		if (parm_table[i].ptr && parm_table[i].class == P_LOCAL &&
+		    (bcopyall || pcopymapDest[i]))
+		{
+			void *def_ptr = parm_table[i].ptr;
+			void *src_ptr =
+				((char *)pserviceSource) + PTR_DIFF(def_ptr,
+								    &sDefault);
+			void *dest_ptr =
+				((char *)pserviceDest) + PTR_DIFF(def_ptr,
+								  &sDefault);
+
+			switch (parm_table[i].type)
+			{
+				case P_BOOL:
+				case P_BOOLREV:
+					*(BOOL *)dest_ptr = *(BOOL *)src_ptr;
+					break;
+
+				case P_INTEGER:
+				case P_ENUM:
+				case P_OCTAL:
+					*(int *)dest_ptr = *(int *)src_ptr;
+					break;
+
+				case P_CHAR:
+					*(char *)dest_ptr = *(char *)src_ptr;
+					break;
+
+				case P_STRING:
+					string_set(dest_ptr,
+						   *(char **)src_ptr);
+					break;
+
+				case P_USTRING:
+					string_set(dest_ptr,
+						   *(char **)src_ptr);
+					strupper(*(char **)dest_ptr);
+					break;
+				case P_LIST:
+					lp_list_copy((char ***)dest_ptr, *(char ***)src_ptr);
+					break;
+				default:
+					break;
+			}
+		}
+
+	if (bcopyall)
+	{
+		init_copymap(pserviceDest);
+		if (pserviceSource->copymap)
+			memcpy((void *)pserviceDest->copymap,
+			       (void *)pserviceSource->copymap,
+			       sizeof(BOOL) * NUMPARAMETERS);
+	}
 }
 
 /***************************************************************************
@@ -1133,79 +2175,97 @@ incomplete or faulty, else True.
 ***************************************************************************/
 static BOOL service_ok(int iService)
 {
-   BOOL bRetval;
-
-   bRetval = True;
-   if (iSERVICE(iService).szService[0] == '\0')
-   {
-      DEBUG(0,( "The following message indicates an internal error:\n"));
-      DEBUG(0,( "No service name in service entry.\n"));
-      bRetval = False;
-   }
-
-   /* The [printers] entry MUST be printable. I'm all for flexibility, but */
-   /* I can't see why you'd want a non-printable printer service...        */
-   if (strwicmp(iSERVICE(iService).szService,PRINTERS_NAME) == 0)
-      if (!iSERVICE(iService).bPrint_ok)
-      {
-         DEBUG(0,( "WARNING: [%s] service MUST be printable!\n",
-               iSERVICE(iService).szService));
-	 iSERVICE(iService).bPrint_ok = True;
-      }
-
-   if (iSERVICE(iService).szPath[0] == '\0' &&
-       strwicmp(iSERVICE(iService).szService,HOMES_NAME) != 0)
-   {
-      DEBUG(0,("No path in service %s - using /tmp\n",iSERVICE(iService).szService));
-      string_set(&iSERVICE(iService).szPath,"/tmp");      
-   }
-
-   /* If a service is flagged unavailable, log the fact at level 0. */
-   if (!iSERVICE(iService).bAvailable) 
-      DEBUG(1,( "NOTE: Service %s is flagged unavailable.\n",
-            iSERVICE(iService).szService));
-
-   return (bRetval);
-}
-
-static struct file_lists {
-  struct file_lists *next;
-  char *name;
-  time_t modtime;
-} *file_lists = NULL;
+	BOOL bRetval;
+
+	bRetval = True;
+	if (ServicePtrs[iService]->szService[0] == '\0')
+	{
+		DEBUG(0,
+		      ("The following message indicates an internal error:\n"));
+		DEBUG(0, ("No service name in service entry.\n"));
+		bRetval = False;
+	}
+
+	/* The [printers] entry MUST be printable. I'm all for flexibility, but */
+	/* I can't see why you'd want a non-printable printer service...        */
+	if (strwicmp(ServicePtrs[iService]->szService, PRINTERS_NAME) == 0) {
+		if (!ServicePtrs[iService]->bPrint_ok) {
+			DEBUG(0,
+			      ("WARNING: [%s] service MUST be printable!\n",
+			       ServicePtrs[iService]->szService));
+			ServicePtrs[iService]->bPrint_ok = True;
+		}
+		/* [printers] service must also be non-browsable. */
+		if (ServicePtrs[iService]->bBrowseable)
+			ServicePtrs[iService]->bBrowseable = False;
+	}
+
+	if (ServicePtrs[iService]->szPath[0] == '\0' &&
+	    strwicmp(ServicePtrs[iService]->szService, HOMES_NAME) != 0)
+	{
+		DEBUG(0,
+		      ("No path in service %s - using %s\n",
+		       ServicePtrs[iService]->szService, tmpdir()));
+		string_set(&ServicePtrs[iService]->szPath, tmpdir());
+	}
+
+	/* If a service is flagged unavailable, log the fact at level 0. */
+	if (!ServicePtrs[iService]->bAvailable)
+		DEBUG(1, ("NOTE: Service %s is flagged unavailable.\n",
+			  ServicePtrs[iService]->szService));
+
+	return (bRetval);
+}
+
+static struct file_lists
+{
+	struct file_lists *next;
+	char *name;
+	char *subfname;
+	time_t modtime;
+}
+ *file_lists = NULL;
 
 /*******************************************************************
 keep a linked list of all config files so we know when one has changed 
 it's date and needs to be reloaded
 ********************************************************************/
-static void add_to_file_list(char *fname)
+static void add_to_file_list(const char *fname, const char *subfname)
 {
-  struct file_lists *f=file_lists;
+	struct file_lists *f = file_lists;
 
-  while (f) {
-    if (f->name && !strcmp(f->name,fname)) break;
-    f = f->next;
-  }
-
-  if (!f) {
-    f = (struct file_lists *)malloc(sizeof(file_lists[0]));
-    if (!f) return;
-    f->next = file_lists;
-    f->name = strdup(fname);
-    if (!f->name) {
-      free(f);
-      return;
-    }
-    file_lists = f;
-  }
-
-  {
-    pstring n2;
-    strcpy(n2,fname);
-    standard_sub_basic(n2);
-    f->modtime = file_modtime(n2);
-  }
+	while (f)
+	{
+		if (f->name && !strcmp(f->name, fname))
+			break;
+		f = f->next;
+	}
 
+	if (!f)
+	{
+		f = (struct file_lists *)malloc(sizeof(file_lists[0]));
+		if (!f)
+			return;
+		f->next = file_lists;
+		f->name = strdup(fname);
+		if (!f->name)
+		{
+			SAFE_FREE(f);
+			return;
+		}
+		f->subfname = strdup(subfname);
+		if (!f->subfname)
+		{
+			SAFE_FREE(f);
+			return;
+		}
+		file_lists = f;
+		f->modtime = file_modtime(subfname);
+	} else {
+		time_t t = file_modtime(subfname);
+		if (t)
+			f->modtime = t;
+	}
 }
 
 /*******************************************************************
@@ -1213,679 +2273,1816 @@ check if a config file has changed date
 ********************************************************************/
 BOOL lp_file_list_changed(void)
 {
-  struct file_lists *f = file_lists;
-  while (f) {
-    pstring n2;
-    strcpy(n2,f->name);
-    standard_sub_basic(n2);
-    if (f->modtime != file_modtime(n2)) return(True);
-    f = f->next;   
-  }
-  return(False);
+	struct file_lists *f = file_lists;
+	DEBUG(6, ("lp_file_list_changed()\n"));
+
+	while (f) {
+		pstring n2;
+		time_t mod_time;
+
+		pstrcpy(n2, f->name);
+		standard_sub_basic(current_user_info.smb_name, n2);
+
+		DEBUGADD(6, ("file %s -> %s  last mod_time: %s\n",
+			     f->name, n2, ctime(&f->modtime)));
+
+		mod_time = file_modtime(n2);
+
+		if (mod_time && ((f->modtime != mod_time) || (f->subfname == NULL) || (strcmp(n2, f->subfname) != 0))) {
+			DEBUGADD(6,
+				 ("file %s modified: %s\n", n2,
+				  ctime(&mod_time)));
+			f->modtime = mod_time;
+			SAFE_FREE(f->subfname);
+			f->subfname = strdup(n2);
+			return (True);
+		}
+		f = f->next;
+	}
+	return (False);
 }
 
-#ifdef KANJI
 /***************************************************************************
-  handle the interpretation of the coding system parameter
-  *************************************************************************/
-static BOOL handle_coding_system(char *pszParmValue,int *val)
+ Run standard_sub_basic on netbios name... needed because global_myname
+ is not accessed through any lp_ macro.
+ Note: We must *NOT* use string_set() here as ptr points to global_myname.
+***************************************************************************/
+
+static BOOL handle_netbios_name(char *pszParmValue, char **ptr)
 {
-  *val = interpret_coding_system(pszParmValue,*val);
-  return(True);
+	pstring netbios_name;
+
+	pstrcpy(netbios_name, pszParmValue);
+
+	standard_sub_basic(current_user_info.smb_name, netbios_name);
+	strupper(netbios_name);
+
+	pstrcpy(global_myname, netbios_name);
+
+	DEBUG(4,
+	      ("handle_netbios_name: set global_myname to: %s\n",
+	       global_myname));
+
+	return (True);
 }
-#endif /* KANJI */
 
 /***************************************************************************
-handle the interpretation of the character set system parameter
+ Do the work of sourcing in environment variable/value pairs.
 ***************************************************************************/
-static BOOL handle_character_set(char *pszParmValue,int *val)
+
+static BOOL source_env(char **lines)
 {
-  string_set(&Globals.szCharacterSet,pszParmValue);
-  *val = interpret_character_set(pszParmValue,*val);
-  return(True);
-}
+	char *varval;
+	size_t len;
+	int i;
+	char *p;
 
+	for (i = 0; lines[i]; i++)
+	{
+		char *line = lines[i];
+
+		if ((len = strlen(line)) == 0)
+			continue;
+
+		if (line[len - 1] == '\n')
+			line[--len] = '\0';
+
+		if ((varval = malloc(len + 1)) == NULL)
+		{
+			DEBUG(0, ("source_env: Not enough memory!\n"));
+			return (False);
+		}
+
+		DEBUG(4, ("source_env: Adding to environment: %s\n", line));
+		strncpy(varval, line, len);
+		varval[len] = '\0';
+
+		p = strchr_m(line, (int)'=');
+		if (p == NULL)
+		{
+			DEBUG(4, ("source_env: missing '=': %s\n", line));
+			continue;
+		}
+
+		if (putenv(varval))
+		{
+			DEBUG(0,
+			      ("source_env: Failed to put environment variable %s\n",
+			       varval));
+			continue;
+		}
+
+		*p = '\0';
+		p++;
+		DEBUG(4,
+		      ("source_env: getting var %s = %s\n", line,
+		       getenv(line)));
+	}
+
+	DEBUG(4, ("source_env: returning successfully\n"));
+	return (True);
+}
 
 /***************************************************************************
-handle the interpretation of the protocol parameter
+ Handle the source environment operation
 ***************************************************************************/
-static BOOL handle_protocol(char *pszParmValue,int *val)
+
+static BOOL handle_source_env(char *pszParmValue, char **ptr)
 {
-  *val = interpret_protocol(pszParmValue,*val);
-  return(True);
+	pstring fname;
+	char *p = fname;
+	BOOL result;
+	char **lines;
+
+	pstrcpy(fname, pszParmValue);
+
+	standard_sub_basic(current_user_info.smb_name, fname);
+
+	string_set(ptr, pszParmValue);
+
+	DEBUG(4, ("handle_source_env: checking env type\n"));
+
+	/*
+	 * Filename starting with '|' means popen and read from stdin.
+	 */
+
+	if (*p == '|')
+	{
+		lines = file_lines_pload(p + 1, NULL);
+	}
+	else
+	{
+		lines = file_lines_load(fname, NULL);
+	}
+
+	if (!lines)
+	{
+		DEBUG(0,
+		      ("handle_source_env: Failed to open file %s, Error was %s\n",
+		       fname, strerror(errno)));
+		return (False);
+	}
+
+	result = source_env(lines);
+	file_lines_free(lines);
+
+	return (result);
 }
 
 /***************************************************************************
-handle the interpretation of the security parameter
-***************************************************************************/
-static BOOL handle_security(char *pszParmValue,int *val)
+  handle the interpretation of the vfs object parameter
+  *************************************************************************/
+static BOOL handle_vfs_object(char *pszParmValue, char **ptr)
 {
-  *val = interpret_security(pszParmValue,*val);
-  return(True);
+	/* Set string value */
+
+	string_set(ptr, pszParmValue);
+
+	/* Do any other initialisation required for vfs.  Note that
+	   anything done here may have linking repercussions in nmbd. */
+
+	return True;
 }
 
+
 /***************************************************************************
-handle the interpretation of the default case
+handle the include operation
 ***************************************************************************/
-static BOOL handle_case(char *pszParmValue,int *val)
+
+static BOOL handle_include(char *pszParmValue, char **ptr)
 {
-  if (strequal(pszParmValue,"LOWER"))
-    *val = CASE_LOWER;
-  else if (strequal(pszParmValue,"UPPER"))
-    *val = CASE_UPPER;
-  return(True);
+	pstring fname;
+	pstrcpy(fname, pszParmValue);
+
+	standard_sub_basic(current_user_info.smb_name, fname);
+
+	add_to_file_list(pszParmValue, fname);
+
+	string_set(ptr, fname);
+
+	if (file_exist(fname, NULL))
+		return (pm_process(fname, do_section, do_parameter));
+
+	DEBUG(2, ("Can't find include file %s\n", fname));
+
+	return (False);
 }
 
+
 /***************************************************************************
-handle the interpretation of the printing system
+handle the interpretation of the copy parameter
 ***************************************************************************/
-static BOOL handle_printing(char *pszParmValue,int *val)
+static BOOL handle_copy(char *pszParmValue, char **ptr)
 {
-  if (strequal(pszParmValue,"sysv"))
-    *val = PRINT_SYSV;
-  else if (strequal(pszParmValue,"aix"))
-    *val = PRINT_AIX;
-  else if (strequal(pszParmValue,"hpux"))
-    *val = PRINT_HPUX;
-  else if (strequal(pszParmValue,"bsd"))
-    *val = PRINT_BSD;
-  else if (strequal(pszParmValue,"qnx"))
-    *val = PRINT_QNX;
-  return(True);
+	BOOL bRetval;
+	int iTemp;
+	service serviceTemp;
+
+	string_set(ptr, pszParmValue);
+
+	init_service(&serviceTemp);
+
+	bRetval = False;
+
+	DEBUG(3, ("Copying service from service %s\n", pszParmValue));
+
+	if ((iTemp = getservicebyname(pszParmValue, &serviceTemp)) >= 0)
+	{
+		if (iTemp == iServiceIndex)
+		{
+			DEBUG(0,
+			      ("Can't copy service %s - unable to copy self!\n",
+			       pszParmValue));
+		}
+		else
+		{
+			copy_service(ServicePtrs[iServiceIndex],
+				     &serviceTemp,
+				     ServicePtrs[iServiceIndex]->copymap);
+			bRetval = True;
+		}
+	}
+	else
+	{
+		DEBUG(0, ("Unable to copy service - source not found: %s\n",
+			  pszParmValue));
+		bRetval = False;
+	}
+
+	free_service(&serviceTemp);
+	return (bRetval);
 }
 
 /***************************************************************************
-handle the valid chars lines
+ Handle winbind/non unix account uid and gid allocation parameters.  The format of these
+ parameters is:
+
+ [global]
+
+        winbind uid = 1000-1999
+        winbind gid = 700-899
+
+ We only do simple parsing checks here.  The strings are parsed into useful
+ structures in the winbind daemon code.
+
 ***************************************************************************/
-static BOOL handle_valid_chars(char *pszParmValue,char **ptr)
-{ 
-  string_set(ptr,pszParmValue);
 
-  add_char_string(pszParmValue);
-  return(True);
+/* Some lp_ routines to return winbind [ug]id information */
+
+static uid_t winbind_uid_low, winbind_uid_high;
+static gid_t winbind_gid_low, winbind_gid_high;
+static uint32 non_unix_account_low, non_unix_account_high;
+
+BOOL lp_winbind_uid(uid_t *low, uid_t *high)
+{
+        if (winbind_uid_low == 0 || winbind_uid_high == 0)
+                return False;
+
+        if (low)
+                *low = winbind_uid_low;
+
+        if (high)
+                *high = winbind_uid_high;
+
+        return True;
 }
 
+BOOL lp_winbind_gid(gid_t *low, gid_t *high)
+{
+        if (winbind_gid_low == 0 || winbind_gid_high == 0)
+                return False;
 
-/***************************************************************************
-handle the include operation
-***************************************************************************/
-static BOOL handle_include(char *pszParmValue,char **ptr)
-{ 
-  pstring fname;
-  strcpy(fname,pszParmValue);
+        if (low)
+                *low = winbind_gid_low;
 
-  add_to_file_list(fname);
+        if (high)
+                *high = winbind_gid_high;
 
-  standard_sub_basic(fname);
+        return True;
+}
 
-  string_set(ptr,fname);
+BOOL lp_non_unix_account_range(uint32 *low, uint32 *high)
+{
+        if (non_unix_account_low == 0 || non_unix_account_high == 0)
+                return False;
 
-  if (file_exist(fname,NULL))
-    return(pm_process(fname, do_section, do_parameter));      
+        if (low)
+                *low = non_unix_account_low;
 
-  DEBUG(2,("Can't find include file %s\n",fname));
+        if (high)
+                *high = non_unix_account_high;
 
-  return(False);
+        return True;
 }
 
+/* Do some simple checks on "winbind [ug]id" parameter values */
+
+static BOOL handle_winbind_uid(char *pszParmValue, char **ptr)
+{
+	uint32 low, high;
+
+	if (sscanf(pszParmValue, "%u-%u", &low, &high) != 2 || high < low)
+		return False;
+
+	/* Parse OK */
+
+	string_set(ptr, pszParmValue);
+
+        winbind_uid_low = low;
+        winbind_uid_high = high;
+
+	return True;
+}
+
+static BOOL handle_winbind_gid(char *pszParmValue, char **ptr)
+{
+	uint32 low, high;
+
+	if (sscanf(pszParmValue, "%u-%u", &low, &high) != 2 || high < low)
+		return False;
+
+	/* Parse OK */
+
+	string_set(ptr, pszParmValue);
+
+        winbind_gid_low = low;
+        winbind_gid_high = high;
+
+	return True;
+}
+
+/* Do some simple checks on "non unix account range" parameter values */
+
+static BOOL handle_non_unix_account_range(char *pszParmValue, char **ptr)
+{
+	uint32 low, high;
+
+	if (sscanf(pszParmValue, "%u-%u", &low, &high) != 2 || high < low)
+		return False;
+
+	/* Parse OK */
+
+	string_set(ptr, pszParmValue);
+
+        non_unix_account_low = low;
+        non_unix_account_high = high;
+
+	return True;
+}
 
 /***************************************************************************
-handle the interpretation of the copy parameter
+ Handle the WINS SERVER list
 ***************************************************************************/
-static BOOL handle_copy(char *pszParmValue,char **ptr)
+static BOOL handle_wins_server_list( char *pszParmValue, char **ptr )
+  {
+  if( !wins_srv_load_list( pszParmValue ) )
+    return( False );  /* Parse failed. */
+
+  string_set( ptr, pszParmValue );
+  return( True );
+  }
+
+
+/***************************************************************************
+ Handle the DEBUG level list
+***************************************************************************/
+static BOOL handle_debug_list( char *pszParmValueIn, char **ptr )
 {
-   BOOL bRetval;
-   int iTemp;
-   service serviceTemp;
+	pstring pszParmValue;
+
+	pstrcpy(pszParmValue, pszParmValueIn);
+	return debug_parse_levels( pszParmValue );
+}
 
-   string_set(ptr,pszParmValue);
+#ifdef WITH_LDAP_SAM
+/***************************************************************************
+ Handle the ldap machine suffix option
+***************************************************************************/
+static BOOL handle_ldap_machine_suffix( char *pszParmValue, char **ptr)
+{
+       pstring suffix;
+       
+       pstrcpy(suffix, pszParmValue);
 
-   init_service(&serviceTemp);
+       if (! *Globals.szLdapSuffix ) {
+               string_set( ptr, suffix );
+               return True;
+       }
 
-   bRetval = False;
-   
-   DEBUG(3,("Copying service from service %s\n",pszParmValue));
-
-   if ((iTemp = getservicebyname(pszParmValue, &serviceTemp)) >= 0)
-     {
-       if (iTemp == iServiceIndex)
-	 {
-	   DEBUG(0,("Can't copy service %s - unable to copy self!\n",
-		    pszParmValue));
-	 }
-       else
-	 {
-	   copy_service(pSERVICE(iServiceIndex), 
-			&serviceTemp,
-			iSERVICE(iServiceIndex).copymap);
-	   bRetval = True;
-	 }
-     }
-   else
-     {
-       DEBUG(0,( "Unable to copy service - source not found: %s\n",
-		pszParmValue));
-       bRetval = False;
-     }
-
-   free_service(&serviceTemp);
-   return (bRetval);
+       if (! strstr(suffix, Globals.szLdapSuffix) ) {
+               if ( *pszParmValue )
+                       pstrcat(suffix, ",");
+               pstrcat(suffix, Globals.szLdapSuffix);
+       }
+       string_set( ptr, suffix );
+       return True;
 }
 
+/***************************************************************************
+ Handle the ldap user suffix option
+***************************************************************************/
+static BOOL handle_ldap_user_suffix( char *pszParmValue, char **ptr)
+{
+       pstring suffix;
+       
+       pstrcpy(suffix, pszParmValue);
+
+       if (! *Globals.szLdapSuffix ) {
+               string_set( ptr, suffix );
+               return True;
+       }
+       
+       if (! strstr(suffix, Globals.szLdapSuffix) ) {
+               if ( *pszParmValue )
+                       pstrcat(suffix, ",");
+               pstrcat(suffix, Globals.szLdapSuffix);
+       }
+       string_set( ptr, suffix );
+       return True;
+}
+
+/***************************************************************************
+ Handle setting ldap suffix and determines whether ldap machine suffix needs
+ to be set as well
+***************************************************************************/
+static BOOL handle_ldap_suffix( char *pszParmValue, char **ptr)
+{
+       pstring suffix;
+       pstring user_suffix;
+       pstring machine_suffix;
+               
+       pstrcpy(suffix, pszParmValue);
+
+       if (! *Globals.szLdapMachineSuffix )
+               string_set(&Globals.szLdapMachineSuffix, suffix);
+       if (! *Globals.szLdapUserSuffix ) 
+               string_set(&Globals.szLdapUserSuffix, suffix);
+       
+       if (! strstr(Globals.szLdapMachineSuffix, suffix)) {
+               pstrcpy(machine_suffix, Globals.szLdapMachineSuffix);
+               if ( *Globals.szLdapMachineSuffix )
+                       pstrcat(machine_suffix, ",");
+               pstrcat(machine_suffix, suffix);
+               string_set(&Globals.szLdapMachineSuffix, machine_suffix);       
+       }
+
+       if (! strstr(Globals.szLdapUserSuffix, suffix)) {
+               pstrcpy(user_suffix, Globals.szLdapUserSuffix);
+               if ( *Globals.szLdapUserSuffix )
+                       pstrcat(user_suffix, ",");
+               pstrcat(user_suffix, suffix);   
+               string_set(&Globals.szLdapUserSuffix, user_suffix);
+       } 
+
+       string_set(ptr, suffix); 
+       return True;
+}
+#endif /* WITH_LDAP_SAM */
 
 /***************************************************************************
 initialise a copymap
 ***************************************************************************/
-static void init_copymap(service *pservice)
+static void init_copymap(service * pservice)
 {
-  int i;
-  if (pservice->copymap) free(pservice->copymap);
-  pservice->copymap = (BOOL *)malloc(sizeof(BOOL)*NUMPARAMETERS);
-  if (!pservice->copymap)
-    DEBUG(0,("Couldn't allocate copymap!! (size %d)\n",NUMPARAMETERS));
+	int i;
+	SAFE_FREE(pservice->copymap);
+	pservice->copymap = (BOOL *)malloc(sizeof(BOOL) * NUMPARAMETERS);
+	if (!pservice->copymap)
+		DEBUG(0,
+		      ("Couldn't allocate copymap!! (size %d)\n",
+		       (int)NUMPARAMETERS));
+	else
+		for (i = 0; i < NUMPARAMETERS; i++)
+			pservice->copymap[i] = True;
+}
+
 
-  for (i=0;i<NUMPARAMETERS;i++)
-    pservice->copymap[i] = True;
+/***************************************************************************
+ return the local pointer to a parameter given the service number and the 
+ pointer into the default structure
+***************************************************************************/
+void *lp_local_ptr(int snum, void *ptr)
+{
+	return (void *)(((char *)ServicePtrs[snum]) + PTR_DIFF(ptr, &sDefault));
 }
 
+/***************************************************************************
+Process a parameter for a particular service number. If snum < 0
+then assume we are in the globals
+***************************************************************************/
+BOOL lp_do_parameter(int snum, char *pszParmName, char *pszParmValue)
+{
+	int parmnum, i;
+	void *parm_ptr = NULL;	/* where we are going to store the result */
+	void *def_ptr = NULL;
+
+	parmnum = map_parameter(pszParmName);
+
+	if (parmnum < 0)
+	{
+		DEBUG(0,
+		      ("Ignoring unknown parameter \"%s\"\n", pszParmName));
+		return (True);
+	}
+
+	if (parm_table[parmnum].flags & FLAG_DEPRECATED)
+	{
+		DEBUG(1, ("WARNING: The \"%s\"option is deprecated\n",
+			  pszParmName));
+	}
+
+	def_ptr = parm_table[parmnum].ptr;
+
+	/* we might point at a service, the default service or a global */
+	if (snum < 0)
+	{
+		parm_ptr = def_ptr;
+	}
+	else
+	{
+		if (parm_table[parmnum].class == P_GLOBAL)
+		{
+			DEBUG(0,
+			      ("Global parameter %s found in service section!\n",
+			       pszParmName));
+			return (True);
+		}
+		parm_ptr =
+			((char *)ServicePtrs[snum]) + PTR_DIFF(def_ptr,
+							    &sDefault);
+	}
+
+	if (snum >= 0)
+	{
+		if (!ServicePtrs[snum]->copymap)
+			init_copymap(ServicePtrs[snum]);
+
+		/* this handles the aliases - set the copymap for other entries with
+		   the same data pointer */
+		for (i = 0; parm_table[i].label; i++)
+			if (parm_table[i].ptr == parm_table[parmnum].ptr)
+				ServicePtrs[snum]->copymap[i] = False;
+	}
+
+	/* if it is a special case then go ahead */
+	if (parm_table[parmnum].special)
+	{
+		parm_table[parmnum].special(pszParmValue, (char **)parm_ptr);
+		return (True);
+	}
+
+	/* now switch on the type of variable it is */
+	switch (parm_table[parmnum].type)
+	{
+		case P_BOOL:
+			set_boolean(parm_ptr, pszParmValue);
+			break;
+
+		case P_BOOLREV:
+			set_boolean(parm_ptr, pszParmValue);
+			*(BOOL *)parm_ptr = !*(BOOL *)parm_ptr;
+			break;
+
+		case P_INTEGER:
+			*(int *)parm_ptr = atoi(pszParmValue);
+			break;
+
+		case P_CHAR:
+			*(char *)parm_ptr = *pszParmValue;
+			break;
+
+		case P_OCTAL:
+			sscanf(pszParmValue, "%o", (int *)parm_ptr);
+			break;
+
+		case P_LIST:
+			*(char ***)parm_ptr = lp_list_make(pszParmValue);
+			break;
+
+		case P_STRING:
+			string_set(parm_ptr, pszParmValue);
+			break;
+
+		case P_USTRING:
+			string_set(parm_ptr, pszParmValue);
+			strupper(*(char **)parm_ptr);
+			break;
+
+		case P_GSTRING:
+			pstrcpy((char *)parm_ptr, pszParmValue);
+			break;
+
+		case P_UGSTRING:
+			pstrcpy((char *)parm_ptr, pszParmValue);
+			strupper((char *)parm_ptr);
+			break;
+
+		case P_ENUM:
+			for (i = 0; parm_table[parmnum].enum_list[i].name;
+			     i++)
+			{
+				if (strequal
+				    (pszParmValue,
+				     parm_table[parmnum].enum_list[i].name))
+				{
+					*(int *)parm_ptr =
+						parm_table[parmnum].
+						enum_list[i].value;
+					break;
+				}
+			}
+			break;
+		case P_SEP:
+			break;
+	}
+
+	return (True);
+}
 
 /***************************************************************************
 Process a parameter.
 ***************************************************************************/
 static BOOL do_parameter(char *pszParmName, char *pszParmValue)
 {
-   int parmnum;
-   void *parm_ptr=NULL; /* where we are going to store the result */
-   void *def_ptr=NULL;
+	if (!bInGlobalSection && bGlobalOnly)
+		return (True);
 
-   if (!bInGlobalSection && bGlobalOnly) return(True);
+	DEBUGADD(4, ("doing parameter %s = %s\n", pszParmName, pszParmValue));
 
-   DEBUG(3,("doing parameter %s = %s\n",pszParmName,pszParmValue));
-   
-   parmnum = map_parameter(pszParmName);
-
-   if (parmnum < 0)
-     {
-       DEBUG(0,( "Ignoring unknown parameter \"%s\"\n", pszParmName));
-       return(True);
-     }
-
-   def_ptr = parm_table[parmnum].ptr;
-
-   /* we might point at a service, the default service or a global */
-   if (bInGlobalSection)
-     parm_ptr = def_ptr;
-   else
-     {
-       if (parm_table[parmnum].class == P_GLOBAL)
-	 {
-	   DEBUG(0,( "Global parameter %s found in service section!\n",pszParmName));
-	   return(True);
-	 }
-       parm_ptr = ((char *)pSERVICE(iServiceIndex)) + PTR_DIFF(def_ptr,&sDefault);
-     }
-
-   if (!bInGlobalSection)
-     {
-       int i;
-       if (!iSERVICE(iServiceIndex).copymap)
-	 init_copymap(pSERVICE(iServiceIndex));
-       
-       /* this handles the aliases - set the copymap for other entries with
-	  the same data pointer */
-       for (i=0;parm_table[i].label;i++)
-	 if (parm_table[i].ptr == parm_table[parmnum].ptr)
-	   iSERVICE(iServiceIndex).copymap[i] = False;
-     }
-
-   /* if it is a special case then go ahead */
-   if (parm_table[parmnum].special)
-     {
-       parm_table[parmnum].special(pszParmValue,parm_ptr);
-       return(True);
-     }
-
-   /* now switch on the type of variable it is */
-   switch (parm_table[parmnum].type)
-     {
-     case P_BOOL:
-       set_boolean(parm_ptr,pszParmValue);
-       break;
-
-     case P_BOOLREV:
-       set_boolean(parm_ptr,pszParmValue);
-       *(BOOL *)parm_ptr = ! *(BOOL *)parm_ptr;
-       break;
-
-     case P_INTEGER:
-       *(int *)parm_ptr = atoi(pszParmValue);
-       break;
-
-     case P_CHAR:
-       *(char *)parm_ptr = *pszParmValue;
-       break;
-
-     case P_OCTAL:
-       sscanf(pszParmValue,"%o",(int *)parm_ptr);
-       break;
-
-     case P_STRING:
-       string_set(parm_ptr,pszParmValue);
-       break;
-
-     case P_GSTRING:
-       strcpy((char *)parm_ptr,pszParmValue);
-       break;
-     }
-
-   return(True);
+	return (lp_do_parameter(bInGlobalSection ? -2 : iServiceIndex,
+				pszParmName, pszParmValue));
 }
 
+
 /***************************************************************************
 print a parameter of the specified type
 ***************************************************************************/
-static void print_parameter(parm_type type,void *ptr)
-{
-  switch (type)
-    {
-    case P_BOOL:
-      printf("%s",BOOLSTR(*(BOOL *)ptr));
-      break;
-      
-    case P_BOOLREV:
-      printf("%s",BOOLSTR(! *(BOOL *)ptr));
-      break;
-      
-    case P_INTEGER:
-      printf("%d",*(int *)ptr);
-      break;
-      
-    case P_CHAR:
-      printf("%c",*(char *)ptr);
-      break;
-      
-    case P_OCTAL:
-      printf("0%o",*(int *)ptr);
-      break;
-      
-    case P_GSTRING:
-      if ((char *)ptr)
-	printf("%s",(char *)ptr);
-      break;
-
-    case P_STRING:
-      if (*(char **)ptr)
-	printf("%s",*(char **)ptr);
-      break;
-    }
+static void print_parameter(struct parm_struct *p, void *ptr, FILE * f)
+{
+	int i;
+	switch (p->type)
+	{
+		case P_ENUM:
+			for (i = 0; p->enum_list[i].name; i++)
+			{
+				if (*(int *)ptr == p->enum_list[i].value)
+				{
+					fprintf(f, "%s",
+						p->enum_list[i].name);
+					break;
+				}
+			}
+			break;
+
+		case P_BOOL:
+			fprintf(f, "%s", BOOLSTR(*(BOOL *)ptr));
+			break;
+
+		case P_BOOLREV:
+			fprintf(f, "%s", BOOLSTR(!*(BOOL *)ptr));
+			break;
+
+		case P_INTEGER:
+			fprintf(f, "%d", *(int *)ptr);
+			break;
+
+		case P_CHAR:
+			fprintf(f, "%c", *(char *)ptr);
+			break;
+
+		case P_OCTAL:
+			fprintf(f, "%s", octal_string(*(int *)ptr));
+			break;
+
+		case P_LIST:
+			if ((char ***)ptr && *(char ***)ptr) {
+				char **list = *(char ***)ptr;
+				
+				for (; *list; list++)
+					fprintf(f, "%s%s", *list,
+						((*(list+1))?", ":""));
+			}
+			break;
+
+		case P_GSTRING:
+		case P_UGSTRING:
+			if ((char *)ptr) {
+				fprintf(f, "%s", (char *)ptr);
+			}
+			break;
+
+		case P_STRING:
+		case P_USTRING:
+			if (*(char **)ptr) {
+				fprintf(f, "%s", *(char **)ptr);
+			}
+			break;
+		case P_SEP:
+			break;
+	}
 }
 
 
 /***************************************************************************
 check if two parameters are equal
 ***************************************************************************/
-static BOOL equal_parameter(parm_type type,void *ptr1,void *ptr2)
-{
-  switch (type)
-    {
-    case P_BOOL:
-    case P_BOOLREV:
-      return(*((BOOL *)ptr1) == *((BOOL *)ptr2));
-
-    case P_INTEGER:
-    case P_OCTAL:
-      return(*((int *)ptr1) == *((int *)ptr2));
-      
-    case P_CHAR:
-      return(*((char *)ptr1) == *((char *)ptr2));
-
-    case P_GSTRING:
-      {
-	char *p1 = (char *)ptr1, *p2 = (char *)ptr2;
-	if (p1 && !*p1) p1 = NULL;
-	if (p2 && !*p2) p2 = NULL;
-	return(p1==p2 || strequal(p1,p2));
-      }
-    case P_STRING:
-      {
-	char *p1 = *(char **)ptr1, *p2 = *(char **)ptr2;
-	if (p1 && !*p1) p1 = NULL;
-	if (p2 && !*p2) p2 = NULL;
-	return(p1==p2 || strequal(p1,p2));
-      }
-    }
-  return(False);
+static BOOL equal_parameter(parm_type type, void *ptr1, void *ptr2)
+{
+	switch (type)
+	{
+		case P_BOOL:
+		case P_BOOLREV:
+			return (*((BOOL *)ptr1) == *((BOOL *)ptr2));
+
+		case P_INTEGER:
+		case P_ENUM:
+		case P_OCTAL:
+			return (*((int *)ptr1) == *((int *)ptr2));
+
+		case P_CHAR:
+			return (*((char *)ptr1) == *((char *)ptr2));
+		
+		case P_LIST:
+			return lp_list_compare(*(char ***)ptr1, *(char ***)ptr2);
+
+		case P_GSTRING:
+		case P_UGSTRING:
+		{
+			char *p1 = (char *)ptr1, *p2 = (char *)ptr2;
+			if (p1 && !*p1)
+				p1 = NULL;
+			if (p2 && !*p2)
+				p2 = NULL;
+			return (p1 == p2 || strequal(p1, p2));
+		}
+		case P_STRING:
+		case P_USTRING:
+		{
+			char *p1 = *(char **)ptr1, *p2 = *(char **)ptr2;
+			if (p1 && !*p1)
+				p1 = NULL;
+			if (p2 && !*p2)
+				p2 = NULL;
+			return (p1 == p2 || strequal(p1, p2));
+		}
+		case P_SEP:
+			break;
+	}
+	return (False);
+}
+
+/***************************************************************************
+ Initialize any local varients in the sDefault table.
+***************************************************************************/
+
+void init_locals(void)
+{
+	/* None as yet. */
 }
 
 /***************************************************************************
 Process a new section (service). At this stage all sections are services.
 Later we'll have special sections that permit server parameters to be set.
-Returns True on success, False on failure.
+Returns True on success, False on failure. 
 ***************************************************************************/
 static BOOL do_section(char *pszSectionName)
 {
-   BOOL bRetval;
-   BOOL isglobal = ((strwicmp(pszSectionName, GLOBAL_NAME) == 0) || 
-		    (strwicmp(pszSectionName, GLOBAL_NAME2) == 0));
-   bRetval = False;
+	BOOL bRetval;
+	BOOL isglobal = ((strwicmp(pszSectionName, GLOBAL_NAME) == 0) ||
+			 (strwicmp(pszSectionName, GLOBAL_NAME2) == 0));
+	bRetval = False;
 
-   /* if we were in a global section then do the local inits */
-   if (bInGlobalSection && !isglobal)
-     init_locals();
+	/* if we were in a global section then do the local inits */
+	if (bInGlobalSection && !isglobal)
+		init_locals();
 
-   /* if we've just struck a global section, note the fact. */
-   bInGlobalSection = isglobal;   
+	/* if we've just struck a global section, note the fact. */
+	bInGlobalSection = isglobal;
 
-   /* check for multiple global sections */
-   if (bInGlobalSection)
-   {
-     DEBUG(3,( "Processing section \"[%s]\"\n", pszSectionName));
-     return(True);
-   }
+	/* check for multiple global sections */
+	if (bInGlobalSection)
+	{
+		DEBUG(3, ("Processing section \"[%s]\"\n", pszSectionName));
+		return (True);
+	}
 
-   if (!bInGlobalSection && bGlobalOnly) return(True);
+	if (!bInGlobalSection && bGlobalOnly)
+		return (True);
 
-   /* if we have a current service, tidy it up before moving on */
-   bRetval = True;
+	/* if we have a current service, tidy it up before moving on */
+	bRetval = True;
 
-   if (iServiceIndex >= 0)
-     bRetval = service_ok(iServiceIndex);
+	if (iServiceIndex >= 0)
+		bRetval = service_ok(iServiceIndex);
 
-   /* if all is still well, move to the next record in the services array */
-   if (bRetval)
-     {
-       /* We put this here to avoid an odd message order if messages are */
-       /* issued by the post-processing of a previous section. */
-       DEBUG(2,( "Processing section \"[%s]\"\n", pszSectionName));
+	/* if all is still well, move to the next record in the services array */
+	if (bRetval)
+	{
+		/* We put this here to avoid an odd message order if messages are */
+		/* issued by the post-processing of a previous section. */
+		DEBUG(2, ("Processing section \"[%s]\"\n", pszSectionName));
+
+		if ((iServiceIndex = add_a_service(&sDefault, pszSectionName))
+		    < 0)
+		{
+			DEBUG(0, ("Failed to add a new service\n"));
+			return (False);
+		}
+	}
+
+	return (bRetval);
+}
 
-       if ((iServiceIndex=add_a_service(&sDefault,pszSectionName)) < 0)
-	 {
-	   DEBUG(0,("Failed to add a new service\n"));
-	   return(False);
-	 }
-     }
 
-   return (bRetval);
+/***************************************************************************
+determine if a partcular base parameter is currentl set to the default value.
+***************************************************************************/
+static BOOL is_default(int i)
+{
+	if (!defaults_saved)
+		return False;
+	switch (parm_table[i].type)
+	{
+		case P_LIST:
+			return lp_list_compare (parm_table[i].def.lvalue, 
+						*(char ***)parm_table[i].ptr);
+		case P_STRING:
+		case P_USTRING:
+			return strequal(parm_table[i].def.svalue,
+					*(char **)parm_table[i].ptr);
+		case P_GSTRING:
+		case P_UGSTRING:
+			return strequal(parm_table[i].def.svalue,
+					(char *)parm_table[i].ptr);
+		case P_BOOL:
+		case P_BOOLREV:
+			return parm_table[i].def.bvalue ==
+				*(BOOL *)parm_table[i].ptr;
+		case P_CHAR:
+			return parm_table[i].def.cvalue ==
+				*(char *)parm_table[i].ptr;
+		case P_INTEGER:
+		case P_OCTAL:
+		case P_ENUM:
+			return parm_table[i].def.ivalue ==
+				*(int *)parm_table[i].ptr;
+		case P_SEP:
+			break;
+	}
+	return False;
 }
 
+
 /***************************************************************************
 Display the contents of the global structure.
 ***************************************************************************/
-static void dump_globals(void)
+static void dump_globals(FILE *f)
 {
-  int i;
-  printf("Global parameters:\n");
+	int i;
+	fprintf(f, "# Global parameters\n[global]\n");
+
+	for (i = 0; parm_table[i].label; i++)
+		if (parm_table[i].class == P_GLOBAL &&
+		    parm_table[i].ptr &&
+		    (i == 0 || (parm_table[i].ptr != parm_table[i - 1].ptr)))
+		{
+			if (defaults_saved && is_default(i))
+				continue;
+			fprintf(f, "\t%s = ", parm_table[i].label);
+			print_parameter(&parm_table[i], parm_table[i].ptr, f);
+			fprintf(f, "\n");
+		}
+}
 
-  for (i=0;parm_table[i].label;i++)
-    if (parm_table[i].class == P_GLOBAL &&
-	parm_table[i].ptr &&
-	(i == 0 || (parm_table[i].ptr != parm_table[i-1].ptr)))
-      {
-	printf("\t%s: ",parm_table[i].label);
-	print_parameter(parm_table[i].type,parm_table[i].ptr);
-	printf("\n");
-      }
+/***************************************************************************
+return True if a local parameter is currently set to the global default
+***************************************************************************/
+BOOL lp_is_default(int snum, struct parm_struct *parm)
+{
+	int pdiff = PTR_DIFF(parm->ptr, &sDefault);
+
+	return equal_parameter(parm->type,
+			       ((char *)ServicePtrs[snum]) + pdiff,
+			       ((char *)&sDefault) + pdiff);
 }
 
+
 /***************************************************************************
 Display the contents of a single services record.
 ***************************************************************************/
-static void dump_a_service(service *pService)
-{
-  int i;
-  if (pService == &sDefault)
-    printf("\nDefault service parameters:\n");
-  else
-    printf("\nService parameters [%s]:\n",pService->szService);
-
-  for (i=0;parm_table[i].label;i++)
-    if (parm_table[i].class == P_LOCAL &&
-	parm_table[i].ptr && 
-	(*parm_table[i].label != '-') &&
-	(i == 0 || (parm_table[i].ptr != parm_table[i-1].ptr)))
-      {
-	int pdiff = PTR_DIFF(parm_table[i].ptr,&sDefault);
-
-	if (pService == &sDefault || !equal_parameter(parm_table[i].type,
-						      ((char *)pService) + pdiff,
-						      ((char *)&sDefault) + pdiff))
-	  {
-	    printf("\t%s: ",parm_table[i].label);
-	    print_parameter(parm_table[i].type,
-			    ((char *)pService) + pdiff);
-	    printf("\n");
-	  }
-      }
+static void dump_a_service(service * pService, FILE * f)
+{
+	int i;
+	if (pService != &sDefault)
+		fprintf(f, "\n[%s]\n", pService->szService);
+
+	for (i = 0; parm_table[i].label; i++)
+		if (parm_table[i].class == P_LOCAL &&
+		    parm_table[i].ptr &&
+		    (*parm_table[i].label != '-') &&
+		    (i == 0 || (parm_table[i].ptr != parm_table[i - 1].ptr)))
+		{
+			int pdiff = PTR_DIFF(parm_table[i].ptr, &sDefault);
+
+			if (pService == &sDefault)
+			{
+				if (defaults_saved && is_default(i))
+					continue;
+			}
+			else
+			{
+				if (equal_parameter(parm_table[i].type,
+						    ((char *)pService) +
+						    pdiff,
+						    ((char *)&sDefault) +
+						    pdiff))
+					continue;
+			}
+
+			fprintf(f, "\t%s = ", parm_table[i].label);
+			print_parameter(&parm_table[i],
+					((char *)pService) + pdiff, f);
+			fprintf(f, "\n");
+		}
+}
+
+
+/***************************************************************************
+return info about the next service  in a service. snum==-1 gives the globals
+
+return NULL when out of parameters
+***************************************************************************/
+struct parm_struct *lp_next_parameter(int snum, int *i, int allparameters)
+{
+	if (snum == -1)
+	{
+		/* do the globals */
+		for (; parm_table[*i].label; (*i)++)
+		{
+			if (parm_table[*i].class == P_SEPARATOR)
+				return &parm_table[(*i)++];
+
+			if (!parm_table[*i].ptr
+			    || (*parm_table[*i].label == '-'))
+				continue;
+
+			if ((*i) > 0
+			    && (parm_table[*i].ptr ==
+				parm_table[(*i) - 1].ptr))
+				continue;
+
+			return &parm_table[(*i)++];
+		}
+	}
+	else
+	{
+		service *pService = ServicePtrs[snum];
+
+		for (; parm_table[*i].label; (*i)++)
+		{
+			if (parm_table[*i].class == P_SEPARATOR)
+				return &parm_table[(*i)++];
+
+			if (parm_table[*i].class == P_LOCAL &&
+			    parm_table[*i].ptr &&
+			    (*parm_table[*i].label != '-') &&
+			    ((*i) == 0 ||
+			     (parm_table[*i].ptr !=
+			      parm_table[(*i) - 1].ptr)))
+			{
+				int pdiff =
+					PTR_DIFF(parm_table[*i].ptr,
+						 &sDefault);
+
+				if (allparameters ||
+				    !equal_parameter(parm_table[*i].type,
+						     ((char *)pService) +
+						     pdiff,
+						     ((char *)&sDefault) +
+						     pdiff))
+				{
+					return &parm_table[(*i)++];
+				}
+			}
+		}
+	}
+
+	return NULL;
 }
 
+
 #if 0
 /***************************************************************************
 Display the contents of a single copy structure.
 ***************************************************************************/
 static void dump_copy_map(BOOL *pcopymap)
 {
-  int i;
-  if (!pcopymap) return;
-
-  printf("\n\tNon-Copied parameters:\n");
-
-  for (i=0;parm_table[i].label;i++)
-    if (parm_table[i].class == P_LOCAL &&
-	parm_table[i].ptr && !pcopymap[i] &&
-	(i == 0 || (parm_table[i].ptr != parm_table[i-1].ptr)))
-      {
-	printf("\t\t%s\n",parm_table[i].label);
-      }
+	int i;
+	if (!pcopymap)
+		return;
+
+	printf("\n\tNon-Copied parameters:\n");
+
+	for (i = 0; parm_table[i].label; i++)
+		if (parm_table[i].class == P_LOCAL &&
+		    parm_table[i].ptr && !pcopymap[i] &&
+		    (i == 0 || (parm_table[i].ptr != parm_table[i - 1].ptr)))
+		{
+			printf("\t\t%s\n", parm_table[i].label);
+		}
 }
 #endif
 
 /***************************************************************************
 Return TRUE if the passed service number is within range.
 ***************************************************************************/
+
 BOOL lp_snum_ok(int iService)
 {
-   return (LP_SNUM_OK(iService) && iSERVICE(iService).bAvailable);
+	return (LP_SNUM_OK(iService) && ServicePtrs[iService]->bAvailable);
 }
 
-
 /***************************************************************************
-auto-load some homes and printer services
+ Auto-load some home services.
 ***************************************************************************/
+
 static void lp_add_auto_services(char *str)
 {
-  char *s;
-  char *p;
-  int homes = lp_servicenumber(HOMES_NAME);
-  int printers = lp_servicenumber(PRINTERS_NAME);
+	char *s;
+	char *p;
+	int homes;
 
-  if (!str)
-    return;
+	if (!str)
+		return;
 
-  s = strdup(str);
-  if (!s) return;
+	s = strdup(str);
+	if (!s)
+		return;
 
-  for (p=strtok(s,LIST_SEP);p;p=strtok(NULL,LIST_SEP))
-    {
-      char *home = get_home_dir(p);
+	homes = lp_servicenumber(HOMES_NAME);
 
-      if (lp_servicenumber(p) >= 0) continue;
+	for (p = strtok(s, LIST_SEP); p; p = strtok(NULL, LIST_SEP)) {
+		char *home = get_user_service_home_dir(p);
 
-      if (home && homes >= 0)
-	{
-	  lp_add_home(p,homes,home);
-	  continue;
-	}
+		if (lp_servicenumber(p) >= 0)
+			continue;
 
-      if (printers >= 0 && pcap_printername_ok(p,NULL))
-	lp_add_printer(p,printers);
-    }
-  free(s);
+		if (home && homes >= 0)
+			lp_add_home(p, homes, home);
+	}
+	SAFE_FREE(s);
 }
 
 /***************************************************************************
-auto-load one printer
+ Auto-load one printer.
 ***************************************************************************/
-static void lp_add_one_printer(char *name,char *comment)
-{
-  int printers = lp_servicenumber(PRINTERS_NAME);
-  int i;
 
-  if (lp_servicenumber(name) < 0)
-    {
-      lp_add_printer(name,printers);
-      if ((i=lp_servicenumber(name)) >= 0)
-	string_set(&iSERVICE(i).comment,comment);
-    }      
+void lp_add_one_printer(char *name, char *comment)
+{
+	int printers = lp_servicenumber(PRINTERS_NAME);
+	int i;
+
+	if (lp_servicenumber(name) < 0) {
+		lp_add_printer(name, printers);
+		if ((i = lp_servicenumber(name)) >= 0) {
+			string_set(&ServicePtrs[i]->comment, comment);
+			ServicePtrs[i]->autoloaded = True;
+		}
+	}
 }
 
-
 /***************************************************************************
-auto-load printer services
+ Have we loaded a services file yet?
 ***************************************************************************/
-static void lp_add_all_printers(void)
+
+BOOL lp_loaded(void)
 {
-  int printers = lp_servicenumber(PRINTERS_NAME);
+	return (bLoaded);
+}
 
-  if (printers < 0) return;
+/***************************************************************************
+ Unload unused services.
+***************************************************************************/
 
-  pcap_printer_fn(lp_add_one_printer);
+void lp_killunused(BOOL (*snumused) (int))
+{
+	int i;
+	for (i = 0; i < iNumServices; i++) {
+		if (!VALID(i))
+			continue;
+
+		if (!snumused || !snumused(i)) {
+			ServicePtrs[i]->valid = False;
+			free_service(ServicePtrs[i]);
+		}
+	}
 }
 
 /***************************************************************************
-have we loaded a services file yet?
+ Unload a service.
 ***************************************************************************/
-BOOL lp_loaded(void)
+
+void lp_killservice(int iServiceIn)
 {
-  return(bLoaded);
+	if (VALID(iServiceIn)) {
+		ServicePtrs[iServiceIn]->valid = False;
+		free_service(ServicePtrs[iServiceIn]);
+	}
 }
 
 /***************************************************************************
-unload unused services
+ Save the curent values of all global and sDefault parameters into the 
+ defaults union. This allows swat and testparm to show only the
+ changed (ie. non-default) parameters.
 ***************************************************************************/
-void lp_killunused(BOOL (*snumused)(int ))
+
+static void lp_save_defaults(void)
 {
-  int i;
-  for (i=0;i<iNumServices;i++)
-    if (VALID(i) && !snumused(i))
-      {
-	iSERVICE(i).valid = False;
-	free_service(pSERVICE(i));
-      }
+	int i;
+	for (i = 0; parm_table[i].label; i++) {
+		if (i > 0 && parm_table[i].ptr == parm_table[i - 1].ptr)
+			continue;
+		switch (parm_table[i].type) {
+			case P_LIST:
+				lp_list_copy(&(parm_table[i].def.lvalue),
+					    *(char ***)parm_table[i].ptr);
+				break;
+			case P_STRING:
+			case P_USTRING:
+				parm_table[i].def.svalue =
+					strdup(*(char **)parm_table[i].ptr);
+				break;
+			case P_GSTRING:
+			case P_UGSTRING:
+				parm_table[i].def.svalue =
+					strdup((char *)parm_table[i].ptr);
+				break;
+			case P_BOOL:
+			case P_BOOLREV:
+				parm_table[i].def.bvalue =
+					*(BOOL *)parm_table[i].ptr;
+				break;
+			case P_CHAR:
+				parm_table[i].def.cvalue =
+					*(char *)parm_table[i].ptr;
+				break;
+			case P_INTEGER:
+			case P_OCTAL:
+			case P_ENUM:
+				parm_table[i].def.ivalue =
+					*(int *)parm_table[i].ptr;
+				break;
+			case P_SEP:
+				break;
+		}
+	}
+	defaults_saved = True;
 }
 
+/*******************************************************************
+ Set the server type we will announce as via nmbd.
+********************************************************************/
+
+static void set_server_role(void)
+{
+	server_role = ROLE_STANDALONE;
+
+	switch (lp_security()) {
+		case SEC_SHARE:
+		{
+			if (lp_domain_logons()) {
+				DEBUG(0,
+				      ("Server's Role (logon server) conflicts with share-level security\n"));
+			}
+			break;
+		}
+		case SEC_SERVER:
+		case SEC_DOMAIN:
+		case SEC_ADS:
+		{
+			if (lp_domain_logons()) {
+				server_role = ROLE_DOMAIN_BDC;
+				break;
+			}
+			server_role = ROLE_DOMAIN_MEMBER;
+			break;
+		}
+		case SEC_USER:
+		{
+			if (lp_domain_logons()) {
+				server_role = ROLE_DOMAIN_PDC;
+				break;
+			}
+			break;
+		}
+		default:
+		{
+			DEBUG(0,
+			      ("Server's Role undefined due to unknown security mode\n"));
+		}
+	}
+}
+
+
 /***************************************************************************
 Load the services array from the services file. Return True on success, 
 False on failure.
 ***************************************************************************/
-BOOL lp_load(char *pszFname,BOOL global_only)
+BOOL lp_load(const char *pszFname, BOOL global_only, BOOL save_defaults,
+	     BOOL add_ipc)
 {
-  pstring n2;
-  BOOL bRetval;
-  
-  add_to_file_list(pszFname);
+	pstring n2;
+	BOOL bRetval;
+
+	pstrcpy(n2, pszFname);
+	standard_sub_basic(current_user_info.smb_name, n2);
+
+	add_to_file_list(pszFname, n2);
+
+	bRetval = False;
 
-  bRetval = False;
+	bInGlobalSection = True;
+	bGlobalOnly = global_only;
 
-  bInGlobalSection = True;
-  bGlobalOnly = global_only;
-  
-  init_globals();
-  
-  strcpy(n2,pszFname);
-  standard_sub_basic(n2);
+	init_globals();
 
-  /* We get sections first, so have to start 'behind' to make up */
-  iServiceIndex = -1;
-  bRetval = pm_process(n2, do_section, do_parameter);
-  
-  /* finish up the last section */
-  DEBUG(3,("pm_process() returned %s\n", BOOLSTR(bRetval)));
-  if (bRetval)
-    if (iServiceIndex >= 0)
-      bRetval = service_ok(iServiceIndex);	   
+	if (save_defaults)
+	{
+		init_locals();
+		lp_save_defaults();
+	}
+
+	/* We get sections first, so have to start 'behind' to make up */
+	iServiceIndex = -1;
+	bRetval = pm_process(n2, do_section, do_parameter);
 
-  lp_add_auto_services(lp_auto_services());
-  if (lp_load_printers())
-    lp_add_all_printers();
+	/* finish up the last section */
+	DEBUG(4, ("pm_process() returned %s\n", BOOLSTR(bRetval)));
+	if (bRetval)
+		if (iServiceIndex >= 0)
+			bRetval = service_ok(iServiceIndex);
 
-  lp_add_ipc();
+	lp_add_auto_services(lp_auto_services());
+
+	if (add_ipc) {
+		lp_add_ipc("IPC$", True);
+		lp_add_ipc("ADMIN$", False);
+	}
+
+	set_server_role();
+	set_default_server_announce_type();
+
+	bLoaded = True;
+
+	/* Now we check bWINSsupport and set szWINSserver to 127.0.0.1 */
+	/* if bWINSsupport is true and we are in the client            */
+	if (in_client && Globals.bWINSsupport) {
+		string_set(&Globals.szWINSserver, "127.0.0.1");
+	}
 
-  bLoaded = True;
+	init_iconv();
 
-  return (bRetval);
+	return (bRetval);
 }
 
 
 /***************************************************************************
+reset the max number of services
+***************************************************************************/
+void lp_resetnumservices(void)
+{
+	iNumServices = 0;
+}
+
+/***************************************************************************
 return the max number of services
 ***************************************************************************/
 int lp_numservices(void)
 {
-  return(iNumServices);
+	return (iNumServices);
 }
 
 /***************************************************************************
 Display the contents of the services array in human-readable form.
 ***************************************************************************/
-void lp_dump(void)
+void lp_dump(FILE *f, BOOL show_defaults, int maxtoprint)
 {
-   int iService;
+	int iService;
 
-   dump_globals();
-   
-   dump_a_service(&sDefault);
-
-   for (iService = 0; iService < iNumServices; iService++)
-   {
-     if (VALID(iService))
-       {
-	 if (iSERVICE(iService).szService[0] == '\0')
-	   break;
-	 dump_a_service(pSERVICE(iService));
-       }
-   }
+	if (show_defaults)
+	{
+		defaults_saved = False;
+	}
+
+	dump_globals(f);
+
+	dump_a_service(&sDefault, f);
+
+	for (iService = 0; iService < maxtoprint; iService++)
+		lp_dump_one(f, show_defaults, iService);
+}
+
+/***************************************************************************
+Display the contents of one service in human-readable form.
+***************************************************************************/
+void lp_dump_one(FILE * f, BOOL show_defaults, int snum)
+{
+	if (VALID(snum))
+	{
+		if (ServicePtrs[snum]->szService[0] == '\0')
+			return;
+		dump_a_service(ServicePtrs[snum], f);
+	}
 }
 
+
 /***************************************************************************
 Return the number of the service with the given name, or -1 if it doesn't
 exist. Note that this is a DIFFERENT ANIMAL from the internal function
 getservicebyname()! This works ONLY if all services have been loaded, and
 does not copy the found service.
 ***************************************************************************/
-int lp_servicenumber(char *pszServiceName)
+int lp_servicenumber(const char *pszServiceName)
 {
-   int iService;
+	int iService;
+        fstring serviceName;
+ 
+ 
+	for (iService = iNumServices - 1; iService >= 0; iService--)
+	{
+		if (VALID(iService) && ServicePtrs[iService]->szService)
+		{
+			/*
+			 * The substitution here is used to support %U is
+			 * service names
+			 */
+			fstrcpy(serviceName, ServicePtrs[iService]->szService);
+			standard_sub_basic(current_user_info.smb_name, serviceName);
+			if (strequal(serviceName, pszServiceName))
+				break;
+		}
+	}
 
-   for (iService = iNumServices - 1; iService >= 0; iService--)
-      if (VALID(iService) &&
-	  strwicmp(iSERVICE(iService).szService, pszServiceName) == 0) 
-         break;
+	if (iService < 0)
+		DEBUG(7,("lp_servicenumber: couldn't find %s\n", pszServiceName));
 
-   if (iService < 0)
-     DEBUG(7,("lp_servicenumber: couldn't find %s\n",pszServiceName));
-   
-   return (iService);
+	return (iService);
+}
+
+/*******************************************************************
+ A useful volume label function. Returns a string in DOS codepage.
+********************************************************************/
+
+char *volume_label(int snum)
+{
+	char *ret = lp_volume(snum);
+	if (!*ret)
+		return lp_servicename(snum);
+	return (ret);
+}
+
+
+/*******************************************************************
+ Set the server type we will announce as via nmbd.
+********************************************************************/
+static void set_default_server_announce_type(void)
+{
+	default_server_announce = 0;
+	default_server_announce |= SV_TYPE_WORKSTATION;
+	default_server_announce |= SV_TYPE_SERVER;
+	default_server_announce |= SV_TYPE_SERVER_UNIX;
+	default_server_announce |= SV_TYPE_PRINTQ_SERVER;
+
+	switch (lp_announce_as())
+	{
+		case ANNOUNCE_AS_NT_SERVER:
+		{
+			default_server_announce |= SV_TYPE_SERVER_NT;
+			/* fall through... */
+		}
+		case ANNOUNCE_AS_NT_WORKSTATION:
+		{
+			default_server_announce |= SV_TYPE_NT;
+			break;
+		}
+		case ANNOUNCE_AS_WIN95:
+		{
+			default_server_announce |= SV_TYPE_WIN95_PLUS;
+			break;
+		}
+		case ANNOUNCE_AS_WFW:
+		{
+			default_server_announce |= SV_TYPE_WFW;
+			break;
+		}
+		default:
+		{
+			break;
+		}
+	}
+
+	switch (lp_server_role())
+	{
+		case ROLE_DOMAIN_MEMBER:
+		{
+			default_server_announce |= SV_TYPE_DOMAIN_MEMBER;
+			break;
+		}
+		case ROLE_DOMAIN_PDC:
+		{
+			default_server_announce |= SV_TYPE_DOMAIN_CTRL;
+			break;
+		}
+		case ROLE_DOMAIN_BDC:
+		{
+			default_server_announce |= SV_TYPE_DOMAIN_BAKCTRL;
+			break;
+		}
+		case ROLE_STANDALONE:
+		default:
+		{
+			break;
+		}
+	}
+
+	if (lp_time_server())
+	{
+		default_server_announce |= SV_TYPE_TIME_SOURCE;
+	}
+
+	if (lp_host_msdfs())
+	{
+		default_server_announce |= SV_TYPE_DFS_SERVER;
+	}
+}
+
+/***********************************************************
+ returns role of Samba server
+************************************************************/
+
+int lp_server_role(void)
+{
+	return server_role;
 }
 
+/***********************************************************
+ If we are PDC then prefer us as DMB
+************************************************************/
+
+BOOL lp_domain_master(void)
+{
+	if (Globals.bDomainMaster == Auto)
+	{
+		return (lp_server_role() == ROLE_DOMAIN_PDC);
+	}
+
+	return Globals.bDomainMaster;
+}
+
+/***********************************************************
+ If we are DMB then prefer us as LMB
+************************************************************/
+
+BOOL lp_preferred_master(void)
+{
+	if (Globals.bPreferredMaster == Auto)
+	{
+		return (lp_local_master() && lp_domain_master());
+	}
+
+	return Globals.bPreferredMaster;
+}
 
 
 
 /*******************************************************************
-  get a workgroup - but map to standalone if '*'
-  ******************************************************************/
-char *my_workgroup(void)
+remove a service
+********************************************************************/
+void lp_remove_service(int snum)
 {
-  char *res = lp_workgroup();
-  if (*res == '*') return("STANDALONE");
-  return(res);
+	ServicePtrs[snum]->valid = False;
 }
 
 /*******************************************************************
-  a useful volume label function
-  ******************************************************************/
-char *volume_label(int snum)
+copy a service. 
+********************************************************************/
+void lp_copy_service(int snum, char *new_name)
+{
+	char *oldname = lp_servicename(snum);
+	do_section(new_name);
+	if (snum >= 0)
+	{
+		snum = lp_servicenumber(new_name);
+		if (snum >= 0)
+			lp_do_parameter(snum, "copy", oldname);
+	}
+}
+
+
+/*******************************************************************
+ Get the default server type we will announce as via nmbd.
+********************************************************************/
+int lp_default_server_announce(void)
+{
+	return default_server_announce;
+}
+
+/*******************************************************************
+ Split the announce version into major and minor numbers.
+********************************************************************/
+int lp_major_announce_version(void)
+{
+	static BOOL got_major = False;
+	static int major_version = DEFAULT_MAJOR_VERSION;
+	char *vers;
+	char *p;
+
+	if (got_major)
+		return major_version;
+
+	got_major = True;
+	if ((vers = lp_announce_version()) == NULL)
+		return major_version;
+
+	if ((p = strchr_m(vers, '.')) == 0)
+		return major_version;
+
+	*p = '\0';
+	major_version = atoi(vers);
+	return major_version;
+}
+
+int lp_minor_announce_version(void)
+{
+	static BOOL got_minor = False;
+	static int minor_version = DEFAULT_MINOR_VERSION;
+	char *vers;
+	char *p;
+
+	if (got_minor)
+		return minor_version;
+
+	got_minor = True;
+	if ((vers = lp_announce_version()) == NULL)
+		return minor_version;
+
+	if ((p = strchr_m(vers, '.')) == 0)
+		return minor_version;
+
+	p++;
+	minor_version = atoi(p);
+	return minor_version;
+}
+
+/***********************************************************
+ Set the global name resolution order (used in smbclient).
+************************************************************/
+
+void lp_set_name_resolve_order(char *new_order)
+{
+	Globals.szNameResolveOrder = new_order;
+}
+
+char *lp_printername(int snum)
+{
+	char *ret = _lp_printername(snum);
+	if (ret == NULL || (ret != NULL && *ret == '\0'))
+		ret = lp_servicename(snum);
+
+	return ret;
+}
+
+
+/***********************************************************
+ List Parameters manipulation functions
+***********************************************************/
+
+#define P_LIST_ABS 16 /* P_LIST Allocation Block Size */
+
+char **lp_list_make(char *string)
+{
+	char **list, **rlist;
+	char *str, *s;
+	int num, lsize;
+	pstring tok;
+	
+	if (!string || !*string) return NULL;
+	s = strdup(string);
+	if (!s) {
+		DEBUG(0,("lp_list_make: Unable to allocate memory"));
+		return NULL;
+	}
+	
+	num = lsize = 0;
+	list = NULL;
+	
+	str = s;
+	while (next_token(&str, tok, LIST_SEP, sizeof(pstring)))
+	{		
+		if (num == lsize) {
+			lsize += P_LIST_ABS;
+			rlist = (char **)Realloc(list, ((sizeof(char **)) * (lsize +1)));
+			if (!rlist) {
+				DEBUG(0,("lp_list_make: Unable to allocate memory"));
+				lp_list_free(&list);
+				SAFE_FREE(s);
+				return NULL;
+			}
+			else list = rlist;
+			memset (&list[num], 0, ((sizeof(char**)) * (P_LIST_ABS +1)));
+		}
+		
+		list[num] = strdup(tok);
+		if (!list[num]) {
+			DEBUG(0,("lp_list_make: Unable to allocate memory"));
+			lp_list_free(&list);
+			SAFE_FREE(s);
+			return NULL;
+		}
+	
+		num++;	
+	}
+	
+	SAFE_FREE(s);
+	return list;
+}
+
+BOOL lp_list_copy(char ***dest, char **src)
+{
+	char **list, **rlist;
+	int num, lsize;
+	
+	*dest = NULL;
+	if (!src) return False;
+	
+	num = lsize = 0;
+	list = NULL;
+		
+	while (src[num])
+	{
+		if (num == lsize) {
+			lsize += P_LIST_ABS;
+			rlist = (char **)Realloc(list, ((sizeof(char **)) * (lsize +1)));
+			if (!rlist) {
+				DEBUG(0,("lp_list_copy: Unable to allocate memory"));
+				lp_list_free(&list);
+				return False;
+			}
+			else list = rlist;
+			memset (&list[num], 0, ((sizeof(char **)) * (P_LIST_ABS +1)));
+		}
+		
+		list[num] = strdup(src[num]);
+		if (!list[num]) {
+			DEBUG(0,("lp_list_copy: Unable to allocate memory"));
+			lp_list_free(&list);
+			return False;
+		}
+
+		num++;
+	}
+	
+	*dest = list;
+	return True;	
+}
+
+/* return true if all the elemnts of the list matches exactly */
+BOOL lp_list_compare(char **list1, char **list2)
+{
+	int num;
+	
+	if (!list1 || !list2) return (list1 == list2); 
+	
+	for (num = 0; list1[num]; num++) {
+		if (!list2[num]) return False;
+		if (!strcsequal(list1[num], list2[num])) return False;
+	}
+	if (list2[num]) return False; /* if list2 has more elements than list1 fail */
+	
+	return True;
+}
+
+void lp_list_free(char ***list)
+{
+	char **tlist;
+	
+	if (!list || !*list) return;
+	tlist = *list;
+	for(; *tlist; tlist++) SAFE_FREE(*tlist);
+	SAFE_FREE(*list);
+}
+
+BOOL lp_list_substitute(char **list, const char *pattern, const char *insert)
+{
+	char *p, *s, *t;
+	ssize_t ls, lp, li, ld, i, d;
+
+	if (!list) return False;
+	if (!pattern) return False;
+	if (!insert) return False;
+
+	lp = (ssize_t)strlen(pattern);
+	li = (ssize_t)strlen(insert);
+	ld = li -lp;
+			
+	while (*list)
+	{
+		s = *list;
+		ls = (ssize_t)strlen(s);
+
+		while ((p = strstr(s, pattern)))
+		{
+			t = *list;
+			d = p -t;
+			if (ld)
+			{
+				t = (char *) malloc(ls +ld +1);
+				if (!t) {
+					DEBUG(0,("lp_list_substitute: Unable to allocate memory"));
+					return False;
+				}
+				memcpy(t, *list, d);
+				memcpy(t +d +li, p +lp, ls -d -lp +1);
+				SAFE_FREE(*list);
+				*list = t;
+				ls += ld;
+				s = t +d +li;
+			}
+			
+			for (i = 0; i < li; i++) {
+				switch (insert[i]) {
+					case '`':
+					case '"':
+					case '\'':
+					case ';':
+					case '$':
+					case '%':
+					case '\r':
+					case '\n':
+						t[d +i] = '_';
+						break;
+					default:
+						t[d +i] = insert[i];
+				}
+			}	
+		}
+		
+		list++;
+	}
+	
+	return True;
+}
+
+/****************************************************************
+ Compatibility fn. for 2.2.2 code.....
+*****************************************************************/
+
+void get_private_directory(pstring privdir)
+{
+	pstrcpy (privdir, lp_private_dir());
+}
+
+
+/****************************************************************
+ Is netbios alias or name
+*****************************************************************/
+
+BOOL is_netbios_alias_or_name(const char *name)
+{
+	char **netbios_aliases = lp_netbios_aliases();
+	
+	if (StrCaseCmp(name, global_myname) == 0) {
+		return True;
+	}
+
+	for (netbios_aliases = lp_netbios_aliases();
+	     netbios_aliases && *netbios_aliases;
+	     netbios_aliases++) {
+		if (StrCaseCmp(name, *netbios_aliases) == 0) {
+			return True;
+		}
+	}
+	
+	return False;
+}
+
+/***********************************************************
+ Allow daemons such as winbindd to fix their logfile name.
+************************************************************/
+
+void lp_set_logfile(const char *name)
+{
+	extern pstring debugf;
+	string_set(&Globals.szLogFile, name);
+	pstrcpy(debugf, name);
+}
+
+/*******************************************************************
+ Return the NetBIOS called name.
+********************************************************************/
+
+const char *get_called_name(void)
 {
-  char *ret = lp_volume(snum);
-  if (!*ret) return(lp_servicename(snum));
-  return(ret);
+	extern fstring local_machine;
+        return (*local_machine) ? local_machine : global_myname;
 }
diff --git a/source3/param/params.c b/source3/param/params.c
index b9d61382a1..bc93a1fedf 100644
--- a/source3/param/params.c
+++ b/source3/param/params.c
@@ -1,335 +1,599 @@
-/* 
-   Unix SMB/Netbios implementation.
-   Version 1.9.
-   Parameter loading utlities
-   Copyright (C) Karl Auer 1993,1994
-   
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2 of the License, or
-   (at your option) any later version.
-   
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-   
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-/**************************************************************************
-PARAMS.C
-
-Copyright (C) 1990, 1991, 1992, 1993, 1994 Karl Auer
-
-This module provides for streamlines retrieval of information from a
-Windows-like parameter files. There is a function which will search for
-all sections in the file and call a specified function with each. There is
-a similar function which will call a specified function for all parameters 
-in a section. The idea is that you pass the addresses of suitable functions
-to a single function in this module which will then enumerate all sections, 
-and within each section all parameters, to your program. 
-
-Parameter files contain text lines (newline delimited) which consist of
-either a section name in square brackets or a parameter name, delimited
-from the parameter value by an equals sign. Blank lines or lines where the
-first non-whitespace character is a colon are ignored. All whitespace in
-section names and parameter names is compressed to single spaces. Leading 
-and trailing whitespace on parameter names and parameter values is stripped.
-
-Only the first equals sign in a parameter line is significant - parameter
-values may contain equals signs, square brackets and semicolons. Internal
-whitespace is retained in parameter values. Parameter names may not start 
-with a square bracket, an equals sign or a semicolon, for obvious reasons. 
-
-A sample parameter file might look like this:
-
-[things]
-this=1
-that=2
-[other things]
-the other = 3
-
-**************************************************************************/
+/* -------------------------------------------------------------------------- **
+ * Microsoft Network Services for Unix, AKA., Andrew Tridgell's SAMBA.
+ *
+ * This module Copyright (C) 1990-1998 Karl Auer
+ *
+ * Rewritten almost completely by Christopher R. Hertel
+ * at the University of Minnesota, September, 1997.
+ * This module Copyright (C) 1997-1998 by the University of Minnesota
+ * -------------------------------------------------------------------------- **
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ * -------------------------------------------------------------------------- **
+ *
+ * Module name: params
+ *
+ * -------------------------------------------------------------------------- **
+ *
+ *  This module performs lexical analysis and initial parsing of a
+ *  Windows-like parameter file.  It recognizes and handles four token
+ *  types:  section-name, parameter-name, parameter-value, and
+ *  end-of-file.  Comments and line continuation are handled
+ *  internally.
+ *
+ *  The entry point to the module is function pm_process().  This
+ *  function opens the source file, calls the Parse() function to parse
+ *  the input, and then closes the file when either the EOF is reached
+ *  or a fatal error is encountered.
+ *
+ *  A sample parameter file might look like this:
+ *
+ *  [section one]
+ *  parameter one = value string
+ *  parameter two = another value
+ *  [section two]
+ *  new parameter = some value or t'other
+ *
+ *  The parameter file is divided into sections by section headers:
+ *  section names enclosed in square brackets (eg. [section one]).
+ *  Each section contains parameter lines, each of which consist of a
+ *  parameter name and value delimited by an equal sign.  Roughly, the
+ *  syntax is:
+ *
+ *    <file>            :==  { <section> } EOF
+ *
+ *    <section>         :==  <section header> { <parameter line> }
+ *
+ *    <section header>  :==  '[' NAME ']'
+ *
+ *    <parameter line>  :==  NAME '=' VALUE '\n'
+ *
+ *  Blank lines and comment lines are ignored.  Comment lines are lines
+ *  beginning with either a semicolon (';') or a pound sign ('#').
+ *
+ *  All whitespace in section names and parameter names is compressed
+ *  to single spaces.  Leading and trailing whitespace is stipped from
+ *  both names and values.
+ *
+ *  Only the first equals sign in a parameter line is significant.
+ *  Parameter values may contain equals signs, square brackets and
+ *  semicolons.  Internal whitespace is retained in parameter values,
+ *  with the exception of the '\r' character, which is stripped for
+ *  historic reasons.  Parameter names may not start with a left square
+ *  bracket, an equal sign, a pound sign, or a semicolon, because these
+ *  are used to identify other tokens.
+ *
+ * -------------------------------------------------------------------------- **
+ */
 
 #include "includes.h"
 
-#include "smb.h"
-#include "params.h"
-
-/* local variable pointing to passed filename */
-static char *pszParmFile = NULL;
-extern int DEBUGLEVEL;
-
-/* local prototypes */
-static BOOL enumerate_parameters(FILE *infile, PM_PARMFUNC pfunc);
-static BOOL enumerate_sections(FILE *infile, 
-			       PM_SECFUNC sfunc, PM_PARMFUNC pfunc);
-
-/* prototypes for local toolbox functions */
-static void trimleft(char *psz);
-static void trimright(char *psz);
-static void collapse_spaces(char *psz);
-static int  firstnonwhite(char *psz);
-
-/**************************************************************************
-Identifies all parameters in the current section, calls the parameter
-function for each. Ignores comment lines, stops and backs up in file when
-a section is encountered. Returns True on success, False on error.
-**************************************************************************/
-static BOOL enumerate_parameters(FILE *fileIn, PM_PARMFUNC pfunc)
+/* -------------------------------------------------------------------------- **
+ * Constants...
+ */
+
+#define BUFR_INC 1024
+
+
+/* -------------------------------------------------------------------------- **
+ * Variables...
+ *
+ *  DEBUGLEVEL  - The ubiquitous DEBUGLEVEL.  This determines which DEBUG()
+ *                messages will be produced.
+ *  bufr        - pointer to a global buffer.  This is probably a kludge,
+ *                but it was the nicest kludge I could think of (for now).
+ *  bSize       - The size of the global buffer <bufr>.
+ */
+
+static char *bufr  = NULL;
+static int   bSize = 0;
+
+/* we can't use FILE* due to the 256 fd limit - use this cheap hack
+   instead */
+typedef struct {
+	char *buf;
+	char *p;
+	size_t size;
+} myFILE;
+
+static int mygetc(myFILE *f)
 {
-   pstring szBuf;
-   char *pszTemp;
-   BOOL bRetval;
-   long lFileOffset;
-   int  cTemp;
-   BOOL bParmFound;
-
-   bRetval = False;
-   bParmFound = False;
-   while (True)
-   {
-      /* first remember where we are */
-      if ((lFileOffset = ftell(fileIn)) >= 0L)
-      {
-	 /* then get and check a line */
-	 if (fgets_slash(szBuf, sizeof(szBuf)-1, fileIn) == NULL)
-	 {
-	    /* stop - return OK unless file error */
-	    bRetval = !ferror(fileIn);
-            if (!bRetval)
-	      DEBUG(0,( "Read error on configuration file (enumerating parameters)!\n"));
-	    break;   
-	 }
-	 else
-	    /* if first non-white is a '[', stop (new section) */
-	    if ((cTemp = firstnonwhite(szBuf)) == '[')
-	    {
-	       /* restore position to start of new section */
-	       if (fseek(fileIn, lFileOffset, SEEK_SET) < 0L)
-	       {
-                  DEBUG(0,( "Seek error on configuration file!\n"));
-                  break;
-	       }
-
-	       /* return success */
-	       bRetval = True;
-	       break;
-	    }
-	    else
-	       /* if it's a semicolon or line is blank, ignore the line */
-	       if (!cTemp || strchr(";#",cTemp))
-	       {
-		  continue;
-	       }
-	       else
-		  /* if no equals sign and line contains non-whitespace */
-		  /* then line is badly formed */
-		  if ((pszTemp = strchr(szBuf, '=')) == NULL)
-		  {
-		     DEBUG(0,( "Ignoring badly formed line: %s", szBuf));
-		  }
-		  else
-		  {
-                     /* Note that we have found a parameter */
-                     bParmFound = True;
-		     /* cut line at the equals sign */
-		     *pszTemp++ = '\0';
-		     /* trim leading and trailing space from both halves */
-		     trimright(szBuf);
-		     trimleft(szBuf);
-		     trimright(pszTemp);
-		     trimleft(pszTemp);
-		     /* process the parameter iff passed pointer not NULL */
-		     if (pfunc != NULL)
-                        if (!pfunc(szBuf, pszTemp))
-			   break;
-		  }
-      }
-   }
-   return (bRetval);
+	if (f->p >= f->buf+f->size) return EOF;
+        /* be sure to return chars >127 as positive values */
+	return (int)( *(f->p++) & 0x00FF );
 }
 
+static void myfile_close(myFILE *f)
+{
+	if (!f) return;
+	SAFE_FREE(f->buf);
+	SAFE_FREE(f);
+}
 
-/***********************************************************************
-Close up s by n chars, at offset start.
-***********************************************************************/
-static void closestr(char *s, int start, int n)
+/* -------------------------------------------------------------------------- **
+ * Functions...
+ */
+
+static int EatWhitespace( myFILE *InFile )
+  /* ------------------------------------------------------------------------ **
+   * Scan past whitespace (see ctype(3C)) and return the first non-whitespace
+   * character, or newline, or EOF.
+   *
+   *  Input:  InFile  - Input source.
+   *
+   *  Output: The next non-whitespace character in the input stream.
+   *
+   *  Notes:  Because the config files use a line-oriented grammar, we
+   *          explicitly exclude the newline character from the list of
+   *          whitespace characters.
+   *        - Note that both EOF (-1) and the nul character ('\0') are
+   *          considered end-of-file markers.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  int c;
+
+  for( c = mygetc( InFile ); isspace( c ) && ('\n' != c); c = mygetc( InFile ) )
+    ;
+  return( c );
+  } /* EatWhitespace */
+
+static int EatComment( myFILE *InFile )
+  /* ------------------------------------------------------------------------ **
+   * Scan to the end of a comment.
+   *
+   *  Input:  InFile  - Input source.
+   *
+   *  Output: The character that marks the end of the comment.  Normally,
+   *          this will be a newline, but it *might* be an EOF.
+   *
+   *  Notes:  Because the config files use a line-oriented grammar, we
+   *          explicitly exclude the newline character from the list of
+   *          whitespace characters.
+   *        - Note that both EOF (-1) and the nul character ('\0') are
+   *          considered end-of-file markers.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  int c;
+
+  for( c = mygetc( InFile ); ('\n'!=c) && (EOF!=c) && (c>0); c = mygetc( InFile ) )
+    ;
+  return( c );
+  } /* EatComment */
+
+/*****************************************************************************
+ * Scan backards within a string to discover if the last non-whitespace
+ * character is a line-continuation character ('\\').
+ *
+ *  Input:  line  - A pointer to a buffer containing the string to be
+ *                  scanned.
+ *          pos   - This is taken to be the offset of the end of the
+ *                  string.  This position is *not* scanned.
+ *
+ *  Output: The offset of the '\\' character if it was found, or -1 to
+ *          indicate that it was not.
+ *
+ *****************************************************************************/
+
+static int Continuation(char *line, int pos )
 {
-   char *src;
-   char *dest;
-   int  len;
+	pos--;
+	while( (pos >= 0) && isspace((int)line[pos]))
+		pos--;
 
-   if (n > 0)
-      if ((src = dest = s) != NULL)
+	return (((pos >= 0) && ('\\' == line[pos])) ? pos : -1 );
+}
+
+
+static BOOL Section( myFILE *InFile, BOOL (*sfunc)(char *) )
+  /* ------------------------------------------------------------------------ **
+   * Scan a section name, and pass the name to function sfunc().
+   *
+   *  Input:  InFile  - Input source.
+   *          sfunc   - Pointer to the function to be called if the section
+   *                    name is successfully read.
+   *
+   *  Output: True if the section name was read and True was returned from
+   *          <sfunc>.  False if <sfunc> failed or if a lexical error was
+   *          encountered.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  int   c;
+  int   i;
+  int   end;
+  char *func  = "params.c:Section() -";
+
+  i = 0;      /* <i> is the offset of the next free byte in bufr[] and  */
+  end = 0;    /* <end> is the current "end of string" offset.  In most  */
+              /* cases these will be the same, but if the last          */
+              /* character written to bufr[] is a space, then <end>     */
+              /* will be one less than <i>.                             */
+
+  c = EatWhitespace( InFile );    /* We've already got the '['.  Scan */
+                                  /* past initial white space.        */
+
+  while( (EOF != c) && (c > 0) )
+    {
+
+    /* Check that the buffer is big enough for the next character. */
+    if( i > (bSize - 2) )
       {
-         len = strlen(s);
-         if (start >= 0 && start < len - n)
-         {
-            src += start + n;
-            dest += start;
-  
-            while (*src)
-               *dest++ = *src++;
-            *dest = '\0';
-         }
+      char *tb;
+      
+      tb = Realloc( bufr, bSize +BUFR_INC );
+      if( NULL == tb )
+        {
+        DEBUG(0, ("%s Memory re-allocation failure.", func) );
+        return( False );
+        }
+      bufr = tb;
+      bSize += BUFR_INC;
       }
-}
 
-/**************************************************************************
-Identifies all sections in the parameter file, calls passed section_func()
-for each, passing the section name, then calls enumerate_parameters(). 
-Returns True on success, False on failure. Note that the section and 
-parameter names will have all internal whitespace areas collapsed to a 
-single space for processing.
-**************************************************************************/
-static BOOL enumerate_sections(FILE *fileIn, 
-			       PM_SECFUNC sfunc, PM_PARMFUNC pfunc)
-{
-   pstring szBuf;
-   BOOL bRetval;
-   BOOL bSectionFound;
-
-   /* this makes sure we get include lines right */
-   enumerate_parameters(fileIn, pfunc);
-
-   bRetval = False;
-   bSectionFound = False;
-   while (True)
-   {
-      if (fgets_slash(szBuf, sizeof(szBuf)-1, fileIn) == NULL)
+    /* Handle a single character. */
+    switch( c )
       {
-	 /* stop - return OK unless file error */
-	 bRetval = !ferror(fileIn);
-         if (!bRetval)
-	   DEBUG(0,( "Read error on configuration file (enumerating sections)!\n"));
-	 break;   
+      case ']':                       /* Found the closing bracket.         */
+        bufr[end] = '\0';
+        if( 0 == end )                  /* Don't allow an empty name.       */
+          {
+          DEBUG(0, ("%s Empty section name in configuration file.\n", func ));
+          return( False );
+          }
+        if( !sfunc(bufr) )            /* Got a valid name.  Deal with it. */
+          return( False );
+        (void)EatComment( InFile );     /* Finish off the line.             */
+        return( True );
+
+      case '\n':                      /* Got newline before closing ']'.    */
+        i = Continuation( bufr, i );    /* Check for line continuation.     */
+        if( i < 0 )
+          {
+          bufr[end] = '\0';
+          DEBUG(0, ("%s Badly formed line in configuration file: %s\n",
+                   func, bufr ));
+          return( False );
+          }
+        end = ( (i > 0) && (' ' == bufr[i - 1]) ) ? (i - 1) : (i);
+        c = mygetc( InFile );             /* Continue with next line.         */
+        break;
+
+      default:                        /* All else are a valid name chars.   */
+        if( isspace( c ) )              /* One space per whitespace region. */
+          {
+          bufr[end] = ' ';
+          i = end + 1;
+          c = EatWhitespace( InFile );
+          }
+        else                            /* All others copy verbatim.        */
+          {
+          bufr[i++] = c;
+          end = i;
+          c = mygetc( InFile );
+          }
       }
-      else
+    }
+
+  /* We arrive here if we've met the EOF before the closing bracket. */
+  DEBUG(0, ("%s Unexpected EOF in the configuration file: %s\n", func, bufr ));
+  return( False );
+  } /* Section */
+
+static BOOL Parameter( myFILE *InFile, BOOL (*pfunc)(char *, char *), int c )
+  /* ------------------------------------------------------------------------ **
+   * Scan a parameter name and value, and pass these two fields to pfunc().
+   *
+   *  Input:  InFile  - The input source.
+   *          pfunc   - A pointer to the function that will be called to
+   *                    process the parameter, once it has been scanned.
+   *          c       - The first character of the parameter name, which
+   *                    would have been read by Parse().  Unlike a comment
+   *                    line or a section header, there is no lead-in
+   *                    character that can be discarded.
+   *
+   *  Output: True if the parameter name and value were scanned and processed
+   *          successfully, else False.
+   *
+   *  Notes:  This function is in two parts.  The first loop scans the
+   *          parameter name.  Internal whitespace is compressed, and an
+   *          equal sign (=) terminates the token.  Leading and trailing
+   *          whitespace is discarded.  The second loop scans the parameter
+   *          value.  When both have been successfully identified, they are
+   *          passed to pfunc() for processing.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  int   i       = 0;    /* Position within bufr. */
+  int   end     = 0;    /* bufr[end] is current end-of-string. */
+  int   vstart  = 0;    /* Starting position of the parameter value. */
+  char *func    = "params.c:Parameter() -";
+
+  /* Read the parameter name. */
+  while( 0 == vstart )  /* Loop until we've found the start of the value. */
+    {
+
+    if( i > (bSize - 2) )       /* Ensure there's space for next char.    */
       {
-	 trimleft(szBuf);
-	 trimright(szBuf);
-	 if (szBuf[0] == '[')
-	 {
-	    closestr(szBuf, 0, 1);
-	    if (strlen(szBuf) > 1)
-	       if (szBuf[strlen(szBuf) - 1] == ']')
-	       {  
-		  /* found a section - note the fact */
-                  bSectionFound = True;
-		  /* remove trailing metabracket */
-		  szBuf[strlen(szBuf) - 1] = '\0';
-		  /* remove leading and trailing whitespace from name */
-		  trimleft(szBuf);
-		  trimright(szBuf);
-		  /* reduce all internal whitespace to one space */
-		  collapse_spaces(szBuf);
-		  /* process it - stop if the processing fails */
-		  if (sfunc != NULL)
-                     if (!sfunc(szBuf))
-		        break;
-		  if (!enumerate_parameters(fileIn, pfunc))
-                     break;
-	       }
-	 }
+      char *tb;
+      
+      tb = Realloc( bufr, bSize + BUFR_INC );
+      if( NULL == tb )
+        {
+        DEBUG(0, ("%s Memory re-allocation failure.", func) );
+        return( False );
+        }
+      bufr = tb;
+      bSize += BUFR_INC;
       }
-   }
-
-   return (bRetval);
-}
-
-/**************************************************************************
-Process the passed parameter file.
-
-Returns True if successful, else False.
-**************************************************************************/
-BOOL pm_process(char *pszFileName, PM_SECFUNC sfunc, PM_PARMFUNC pfunc)
-{
-   FILE *fileIn;
-   BOOL bRetval;
 
-   bRetval = False;
+    switch( c )
+      {
+      case '=':                 /* Equal sign marks end of param name. */
+        if( 0 == end )              /* Don't allow an empty name.      */
+          {
+          DEBUG(0, ("%s Invalid parameter name in config. file.\n", func ));
+          return( False );
+          }
+        bufr[end++] = '\0';         /* Mark end of string & advance.   */
+        i       = end;              /* New string starts here.         */
+        vstart  = end;              /* New string is parameter value.  */
+        bufr[i] = '\0';             /* New string is nul, for now.     */
+        break;
+
+      case '\n':                /* Find continuation char, else error. */
+        i = Continuation( bufr, i );
+        if( i < 0 )
+          {
+          bufr[end] = '\0';
+          DEBUG(1,("%s Ignoring badly formed line in configuration file: %s\n",
+                   func, bufr ));
+          return( True );
+          }
+        end = ( (i > 0) && (' ' == bufr[i - 1]) ) ? (i - 1) : (i);
+        c = mygetc( InFile );       /* Read past eoln.                   */
+        break;
+
+      case '\0':                /* Shouldn't have EOF within param name. */
+      case EOF:
+        bufr[i] = '\0';
+        DEBUG(1,("%s Unexpected end-of-file at: %s\n", func, bufr ));
+        return( True );
+
+      default:
+        if( isspace( c ) )     /* One ' ' per whitespace region.       */
+          {
+          bufr[end] = ' ';
+          i = end + 1;
+          c = EatWhitespace( InFile );
+          }
+        else                   /* All others verbatim.                 */
+          {
+          bufr[i++] = c;
+          end = i;
+          c = mygetc( InFile );
+          }
+      }
+    }
 
-   /* record the filename for use in error messages one day... */
-   pszParmFile = pszFileName;
+  /* Now parse the value. */
+  c = EatWhitespace( InFile );  /* Again, trim leading whitespace. */
+  while( (EOF !=c) && (c > 0) )
+    {
 
-   if (pszParmFile == NULL || strlen(pszParmFile) < 1)
-      DEBUG(0,( "No configuration filename specified!\n"));
-   else
-      if ((fileIn = fopen(pszParmFile, "r")) == NULL)
-         DEBUG(0,( "Unable to open configuration file \"%s\"!\n", pszParmFile));
-      else
+    if( i > (bSize - 2) )       /* Make sure there's enough room. */
       {
-         DEBUG(2,( "Processing configuration file \"%s\"\n", pszParmFile));
-	 bRetval = enumerate_sections(fileIn, sfunc, pfunc);
-	 fclose(fileIn);
+      char *tb;
+      
+      tb = Realloc( bufr, bSize + BUFR_INC );
+      if( NULL == tb )
+        {
+        DEBUG(0, ("%s Memory re-allocation failure.", func) );
+        return( False );
+        }
+      bufr = tb;
+      bSize += BUFR_INC;
       }
 
-   if (!bRetval)
-     DEBUG(0,("pm_process retuned false\n"));
-   return (bRetval);
-}
-
+    switch( c )
+      {
+      case '\r':              /* Explicitly remove '\r' because the older */
+        c = mygetc( InFile );   /* version called fgets_slash() which also  */
+        break;                /* removes them.                            */
+
+      case '\n':              /* Marks end of value unless there's a '\'. */
+        i = Continuation( bufr, i );
+        if( i < 0 )
+          c = 0;
+        else
+          {
+          for( end = i; (end >= 0) && isspace((int)bufr[end]); end-- )
+            ;
+          c = mygetc( InFile );
+          }
+        break;
+
+      default:               /* All others verbatim.  Note that spaces do */
+        bufr[i++] = c;       /* not advance <end>.  This allows trimming  */
+        if( !isspace( c ) )  /* of whitespace at the end of the line.     */
+          end = i;
+        c = mygetc( InFile );
+        break;
+      }
+    }
+  bufr[end] = '\0';          /* End of value. */
+
+  return( pfunc( bufr, &bufr[vstart] ) );   /* Pass name & value to pfunc().  */
+  } /* Parameter */
+
+static BOOL Parse( myFILE *InFile,
+                   BOOL (*sfunc)(char *),
+                   BOOL (*pfunc)(char *, char *) )
+  /* ------------------------------------------------------------------------ **
+   * Scan & parse the input.
+   *
+   *  Input:  InFile  - Input source.
+   *          sfunc   - Function to be called when a section name is scanned.
+   *                    See Section().
+   *          pfunc   - Function to be called when a parameter is scanned.
+   *                    See Parameter().
+   *
+   *  Output: True if the file was successfully scanned, else False.
+   *
+   *  Notes:  The input can be viewed in terms of 'lines'.  There are four
+   *          types of lines:
+   *            Blank      - May contain whitespace, otherwise empty.
+   *            Comment    - First non-whitespace character is a ';' or '#'.
+   *                         The remainder of the line is ignored.
+   *            Section    - First non-whitespace character is a '['.
+   *            Parameter  - The default case.
+   * 
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  int    c;
+
+  c = EatWhitespace( InFile );
+  while( (EOF != c) && (c > 0) )
+    {
+    switch( c )
+      {
+      case '\n':                        /* Blank line. */
+        c = EatWhitespace( InFile );
+        break;
+
+      case ';':                         /* Comment line. */
+      case '#':
+        c = EatComment( InFile );
+        break;
+
+      case '[':                         /* Section Header. */
+        if( !Section( InFile, sfunc ) )
+          return( False );
+        c = EatWhitespace( InFile );
+        break;
+
+      case '\\':                        /* Bogus backslash. */
+        c = EatWhitespace( InFile );
+        break;
+
+      default:                          /* Parameter line. */
+        if( !Parameter( InFile, pfunc, c ) )
+          return( False );
+        c = EatWhitespace( InFile );
+        break;
+      }
+    }
+  return( True );
+  } /* Parse */
+
+static myFILE *OpenConfFile( char *FileName )
+  /* ------------------------------------------------------------------------ **
+   * Open a configuration file.
+   *
+   *  Input:  FileName  - The pathname of the config file to be opened.
+   *
+   *  Output: A pointer of type (char **) to the lines of the file
+   *
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  char *func = "params.c:OpenConfFile() -";
+  extern BOOL in_client;
+  int lvl = in_client?1:0;
+  myFILE *ret;
+
+  ret = (myFILE *)malloc(sizeof(*ret));
+  if (!ret) return NULL;
+
+  ret->buf = file_load(FileName, &ret->size);
+  if( NULL == ret->buf )
+    {
+    DEBUG( lvl,
+      ("%s Unable to open configuration file \"%s\":\n\t%s\n",
+      func, FileName, strerror(errno)) );
+    SAFE_FREE(ret);
+    return NULL;
+    }
+
+  ret->p = ret->buf;
+  return( ret );
+  } /* OpenConfFile */
+
+BOOL pm_process( char *FileName,
+                 BOOL (*sfunc)(char *),
+                 BOOL (*pfunc)(char *, char *) )
+  /* ------------------------------------------------------------------------ **
+   * Process the named parameter file.
+   *
+   *  Input:  FileName  - The pathname of the parameter file to be opened.
+   *          sfunc     - A pointer to a function that will be called when
+   *                      a section name is discovered.
+   *          pfunc     - A pointer to a function that will be called when
+   *                      a parameter name and value are discovered.
+   *
+   *  Output: TRUE if the file was successfully parsed, else FALSE.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  int   result;
+  myFILE *InFile;
+  char *func = "params.c:pm_process() -";
+
+  InFile = OpenConfFile( FileName );          /* Open the config file. */
+  if( NULL == InFile )
+    return( False );
+
+  DEBUG( 3, ("%s Processing configuration file \"%s\"\n", func, FileName) );
+
+  if( NULL != bufr )                          /* If we already have a buffer */
+    result = Parse( InFile, sfunc, pfunc );   /* (recursive call), then just */
+                                              /* use it.                     */
+
+  else                                        /* If we don't have a buffer   */
+    {                                         /* allocate one, then parse,   */
+    bSize = BUFR_INC;                         /* then free.                  */
+    bufr = (char *)malloc( bSize );
+    if( NULL == bufr )
+      {
+      DEBUG(0,("%s memory allocation failure.\n", func));
+      myfile_close(InFile);
+      return( False );
+      }
+    result = Parse( InFile, sfunc, pfunc );
+    SAFE_FREE( bufr );
+    bufr  = NULL;
+    bSize = 0;
+    }
 
-/**************************************************************************
-Strip all leading whitespace from a string.
-**************************************************************************/
-static void trimleft(char *psz)
-{
-   char *pszDest;
-
-   pszDest = psz;
-   if (psz != NULL)
-   {
-      while (*psz != '\0' && isspace(*psz))
-	 psz++;
-      while (*psz != '\0')
-	 *pszDest++ = *psz++;
-      *pszDest = '\0';
-   }
-}
+  myfile_close(InFile);
 
-/**************************************************************************
-Strip all trailing whitespace from a string.
-**************************************************************************/
-static void trimright(char *psz)
-{
-   char *pszTemp;
-
-   if (psz != NULL && psz[0] != '\0')
-   {
-      pszTemp = psz + strlen(psz) - 1;
-      while (isspace(*pszTemp))
-	 *pszTemp-- = '\0';
-   }
-}
+  if( !result )                               /* Generic failure. */
+    {
+    DEBUG(0,("%s Failed.  Error returned from params.c:parse().\n", func));
+    return( False );
+    }
 
-/***********************************************************************
-Collapse each whitespace area in a string to a single space.
-***********************************************************************/
-static void collapse_spaces(char *psz)
-{
-   while (*psz)
-      if (isspace(*psz))
-      {
-	 *psz++ = ' ';
-	 trimleft(psz);
-      }
-      else
-	 psz++;
-}
+  return( True );                             /* Generic success. */
+  } /* pm_process */
 
-/**************************************************************************
-Return the value of the first non-white character in the specified string.
-The terminating NUL counts as non-white for the purposes of this function.
-Note - no check for a NULL string! What would we return?
-**************************************************************************/
-static int firstnonwhite(char *psz)
-{
-   while (isspace(*psz) && (*psz != '\0'))
-      psz++;
-   return (*psz);
-}
+/* -------------------------------------------------------------------------- */
diff --git a/source3/parsing.doc b/source3/parsing.doc
new file mode 100644
index 0000000000..d26a64ae4e
--- /dev/null
+++ b/source3/parsing.doc
@@ -0,0 +1,363 @@
+Chris Hertel, Samba Team
+November 1997
+
+This is a quick overview of the lexical analysis, syntax, and semantics
+of the smb.conf file.
+
+Lexical Analysis:
+
+  Basically, the file is processed on a line by line basis.  There are
+  four types of lines that are recognized by the lexical analyzer
+  (params.c):
+
+  Blank lines           - Lines containing only whitespace.
+  Comment lines         - Lines beginning with either a semi-colon or a
+                          pound sign (';' or '#').
+  Section header lines  - Lines beginning with an open square bracket
+                          ('[').
+  Parameter lines       - Lines beginning with any other character.
+                          (The default line type.)
+
+  The first two are handled exclusively by the lexical analyzer, which
+  ignores them.  The latter two line types are scanned for
+
+  - Section names
+  - Parameter names
+  - Parameter values
+
+  These are the only tokens passed to the parameter loader
+  (loadparm.c).  Parameter names and values are divided from one
+  another by an equal sign: '='.
+
+
+  Handling of Whitespace:
+
+  Whitespace is defined as all characters recognized by the isspace()
+  function (see ctype(3C)) except for the newline character ('\n')
+  The newline is excluded because it identifies the end of the line.
+
+  - The lexical analyzer scans past white space at the beginning of a
+    line.
+
+  - Section and parameter names may contain internal white space.  All
+    whitespace within a name is compressed to a single space character. 
+
+  - Internal whitespace within a parameter value is kept verbatim with
+    the exception of carriage return characters ('\r'), all of which
+    are removed.
+
+  - Leading and trailing whitespace is removed from names and values.
+
+
+  Handling of Line Continuation:
+
+  Long section header and parameter lines may be extended across
+  multiple lines by use of the backslash character ('\\').  Line
+  continuation is ignored for blank and comment lines.
+
+  If the last (non-whitespace) character within a section header or on
+  a parameter line is a backslash, then the next line will be
+  (logically) concatonated with the current line by the lexical
+  analyzer.  For example:
+
+    param name = parameter value string \
+    with line continuation.
+
+  Would be read as
+
+    param name = parameter value string     with line continuation.
+
+  Note that there are five spaces following the word 'string',
+  representing the one space between 'string' and '\\' in the top
+  line, plus the four preceeding the word 'with' in the second line.
+  (Yes, I'm counting the indentation.)
+
+  Line continuation characters are ignored on blank lines and at the end
+  of comments.  They are *only* recognized within section and parameter
+  lines.
+
+
+  Line Continuation Quirks:
+  
+  Note the following example:
+
+    param name = parameter value string \
+    \
+    with line continuation.
+
+  The middle line is *not* parsed as a blank line because it is first
+  concatonated with the top line.  The result is
+
+    param name = parameter value string         with line continuation.
+
+  The same is true for comment lines.
+
+    param name = parameter value string \
+    ; comment \
+    with a comment.
+
+  This becomes:
+  
+    param name = parameter value string     ; comment     with a comment.
+
+  On a section header line, the closing bracket (']') is considered a
+  terminating character, and the rest of the line is ignored.  The lines
+  
+    [ section   name ] garbage \
+    param  name  = value
+
+  are read as
+
+    [section name]
+    param name = value
+
+
+
+Syntax:
+
+  The syntax of the smb.conf file is as follows:
+
+  <file>            :==  { <section> } EOF
+
+  <section>         :==  <section header> { <parameter line> }
+
+  <section header>  :==  '[' NAME ']'
+
+  <parameter line>  :==  NAME '=' VALUE NL
+
+
+  Basically, this means that
+  
+    - a file is made up of zero or more sections, and is terminated by
+      an EOF (we knew that).
+
+    - A section is made up of a section header followed by zero or more
+      parameter lines.
+
+    - A section header is identified by an opening bracket and
+      terminated by the closing bracket.  The enclosed NAME identifies
+      the section.
+
+    - A parameter line is divided into a NAME and a VALUE.  The *first*
+      equal sign on the line separates the NAME from the VALUE.  The
+      VALUE is terminated by a newline character (NL = '\n').
+
+
+About params.c:
+
+  The parsing of the config file is a bit unusual if you are used to
+  lex, yacc, bison, etc.  Both lexical analysis (scanning) and parsing
+  are performed by params.c.  Values are loaded via callbacks to
+  loadparm.c.
+
+--------------------------------------------------------------------------
+
+                                  Samba DEBUG
+                                       
+Chris Hertel, Samba Team
+July, 1998
+   
+   Here's the scoop on the update to the DEBUG() system.
+   
+   First, my goals are:
+     * Backward compatibility (ie., I don't want to break any Samba code
+       that already works).
+     * Debug output should be timestamped and easy to read (format-wise).
+     * Debug output should be parsable by software.
+     * There should be convenient tools for composing debug messages.
+       
+   NOTE: the Debug functionality has been moved from util.c to the new
+   debug.c module.
+   
+New Output Syntax
+
+   The syntax of a debugging log file is represented as:
+  <debugfile> :== { <debugmsg> }
+
+  <debugmsg>  :== <debughdr> '\n' <debugtext>
+
+  <debughdr>  :== '[' TIME ',' LEVEL ']' FILE ':' [FUNCTION] '(' LINE ')'
+
+  <debugtext> :== { <debugline> }
+
+  <debugline> :== TEXT '\n'
+
+   TEXT is a string of characters excluding the newline character.
+   LEVEL is the DEBUG level of the message (an integer in the range
+   0..10).
+   TIME is a timestamp.
+   FILE is the name of the file from which the debug message was
+   generated.
+   FUNCTION is the function from which the debug message was generated.
+   LINE is the line number of the debug statement that generated the
+   message.
+   
+   Basically, what that all means is:
+     * A debugging log file is made up of debug messages.
+     * Each debug message is made up of a header and text. The header is
+       separated from the text by a newline.
+     * The header begins with the timestamp and debug level of the
+       message enclosed in brackets. The filename, function, and line
+       number at which the message was generated follow. The filename is
+       terminated by a colon, and the function name is terminated by the
+       parenthesis which contain the line number. Depending upon the
+       compiler, the function name may be missing (it is generated by the
+       __FUNCTION__ macro, which is not universally implemented, dangit).
+     * The message text is made up of zero or more lines, each terminated
+       by a newline.
+       
+   Here's some example output:
+
+    [1998/08/03 12:55:25, 1] nmbd.c:(659)
+      Netbios nameserver version 1.9.19-prealpha started.
+      Copyright Andrew Tridgell 1994-1997
+    [1998/08/03 12:55:25, 3] loadparm.c:(763)
+      Initializing global parameters
+
+   Note that in the above example the function names are not listed on
+   the header line. That's because the example above was generated on an
+   SGI Indy, and the SGI compiler doesn't support the __FUNCTION__ macro.
+   
+The DEBUG() Macro
+
+   Use of the DEBUG() macro is unchanged. DEBUG() takes two parameters.
+   The first is the message level, the second is the body of a function
+   call to the Debug1() function.
+   
+   That's confusing.
+   
+   Here's an example which may help a bit. If you would write
+
+     printf( "This is a %s message.\n", "debug" );
+
+   to send the output to stdout, then you would write
+
+     DEBUG( 0, ( "This is a %s message.\n", "debug" ) );
+
+   to send the output to the debug file.  All of the normal printf()
+   formatting escapes work.
+   
+   Note that in the above example the DEBUG message level is set to 0.
+   Messages at level 0 always print.  Basically, if the message level is
+   less than or equal to the global value DEBUGLEVEL, then the DEBUG
+   statement is processed.
+   
+   The output of the above example would be something like:
+
+    [1998/07/30 16:00:51, 0] file.c:function(128)
+      This is a debug message.
+
+   Each call to DEBUG() creates a new header *unless* the output produced
+   by the previous call to DEBUG() did not end with a '\n'. Output to the
+   debug file is passed through a formatting buffer which is flushed
+   every time a newline is encountered. If the buffer is not empty when
+   DEBUG() is called, the new input is simply appended.
+
+   ...but that's really just a Kludge. It was put in place because
+   DEBUG() has been used to write partial lines. Here's a simple (dumb)
+   example of the kind of thing I'm talking about:
+
+    DEBUG( 0, ("The test returned " ) );
+    if( test() )
+      DEBUG(0, ("True") );
+    else
+      DEBUG(0, ("False") );
+    DEBUG(0, (".\n") );
+
+   Without the format buffer, the output (assuming test() returned true)
+   would look like this:
+
+    [1998/07/30 16:00:51, 0] file.c:function(256)
+      The test returned
+    [1998/07/30 16:00:51, 0] file.c:function(258)
+      True
+    [1998/07/30 16:00:51, 0] file.c:function(261)
+      .
+
+   Which isn't much use. The format buffer kludge fixes this problem.
+   
+The DEBUGADD() Macro
+
+   In addition to the kludgey solution to the broken line problem
+   described above, there is a clean solution. The DEBUGADD() macro never
+   generates a header. It will append new text to the current debug
+   message even if the format buffer is empty. The syntax of the
+   DEBUGADD() macro is the same as that of the DEBUG() macro.
+
+    DEBUG( 0, ("This is the first line.\n" ) );
+    DEBUGADD( 0, ("This is the second line.\nThis is the third line.\n" ) );
+
+   Produces
+    [1998/07/30 16:00:51, 0] file.c:function(512)
+      This is the first line.
+      This is the second line.
+      This is the third line.
+
+The DEBUGLVL() Macro
+
+   One of the problems with the DEBUG() macro was that DEBUG() lines
+   tended to get a bit long. Consider this example from
+   nmbd_sendannounce.c:
+
+  DEBUG(3,("send_local_master_announcement: type %x for name %s on subnet %s for workgroup %s\n",
+            type, global_myname, subrec->subnet_name, work->work_group));
+
+   One solution to this is to break it down using DEBUG() and DEBUGADD(),
+   as follows:
+
+  DEBUG( 3, ( "send_local_master_announcement: " ) );
+  DEBUGADD( 3, ( "type %x for name %s ", type, global_myname ) );
+  DEBUGADD( 3, ( "on subnet %s ", subrec->subnet_name ) );
+  DEBUGADD( 3, ( "for workgroup %s\n", work->work_group ) );
+
+   A similar, but arguably nicer approach is to use the DEBUGLVL() macro.
+   This macro returns True if the message level is less than or equal to
+   the global DEBUGLEVEL value, so:
+
+  if( DEBUGLVL( 3 ) )
+    {
+    dbgtext( "send_local_master_announcement: " );
+    dbgtext( "type %x for name %s ", type, global_myname );
+    dbgtext( "on subnet %s ", subrec->subnet_name );
+    dbgtext( "for workgroup %s\n", work->work_group );
+    }
+
+   (The dbgtext() function is explained below.)
+   
+   There are a few advantages to this scheme:
+     * The test is performed only once.
+     * You can allocate variables off of the stack that will only be used
+       within the DEBUGLVL() block.
+     * Processing that is only relevant to debug output can be contained
+       within the DEBUGLVL() block.
+       
+New Functions
+
+   dbgtext()
+          This function prints debug message text to the debug file (and
+          possibly to syslog) via the format buffer. The function uses a
+          variable argument list just like printf() or Debug1(). The
+          input is printed into a buffer using the vslprintf() function,
+          and then passed to format_debug_text().
+          
+          If you use DEBUGLVL() you will probably print the body of the
+          message using dbgtext(). 
+          
+   dbghdr()
+          This is the function that writes a debug message header.
+          Headers are not processed via the format buffer. Also note that
+          if the format buffer is not empty, a call to dbghdr() will not
+          produce any output. See the comments in dbghdr() for more info.
+          
+          It is not likely that this function will be called directly. It
+          is used by DEBUG() and DEBUGADD().
+          
+   format_debug_text()
+          This is a static function in debug.c. It stores the output text
+          for the body of the message in a buffer until it encounters a
+          newline. When the newline character is found, the buffer is
+          written to the debug file via the Debug1() function, and the
+          buffer is reset. This allows us to add the indentation at the
+          beginning of each line of the message body, and also ensures
+          that the output is written a line at a time (which cleans up
+          syslog output).
diff --git a/source3/passdb/.cvsignore b/source3/passdb/.cvsignore
new file mode 100644
index 0000000000..5f2a5c4cf7
--- /dev/null
+++ b/source3/passdb/.cvsignore
@@ -0,0 +1,2 @@
+*.po
+*.po32
diff --git a/source3/passdb/machine_sid.c b/source3/passdb/machine_sid.c
new file mode 100644
index 0000000000..6436a2cd05
--- /dev/null
+++ b/source3/passdb/machine_sid.c
@@ -0,0 +1,167 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Password and authentication handling
+   Copyright (C) Jeremy Allison 		1996-2002
+   Copyright (C) Andrew Tridgell		2002
+   Copyright (C) Gerald (Jerry) Carter		2000
+      
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+
+/****************************************************************************
+ Read a SID from a file. This is for compatibility with the old MACHINE.SID
+ style of SID storage
+****************************************************************************/
+static BOOL read_sid_from_file(const char *fname, DOM_SID *sid)
+{
+	char **lines;
+	int numlines;
+	BOOL ret;
+
+	lines = file_lines_load(fname, &numlines);
+	
+	if (!lines || numlines < 1) {
+		if (lines) file_lines_free(lines);
+		return False;
+	}
+	
+	ret = string_to_sid(sid, lines[0]);
+	file_lines_free(lines);
+	return ret;
+}
+
+/*
+  generate a random sid - used to build our own sid if we don't have one
+*/
+static void generate_random_sid(DOM_SID *sid)
+{
+	int i;
+	uchar raw_sid_data[12];
+
+	memset((char *)sid, '\0', sizeof(*sid));
+	sid->sid_rev_num = 1;
+	sid->id_auth[5] = 5;
+	sid->num_auths = 0;
+	sid->sub_auths[sid->num_auths++] = 21;
+
+	generate_random_buffer(raw_sid_data, 12, True);
+	for (i = 0; i < 3; i++)
+		sid->sub_auths[sid->num_auths++] = IVAL(raw_sid_data, i*4);
+}
+
+/****************************************************************************
+ Generate the global machine sid.
+****************************************************************************/
+
+BOOL pdb_generate_sam_sid(void)
+{
+	char *fname = NULL;
+	extern pstring global_myname;
+	extern fstring global_myworkgroup;
+	BOOL is_dc = False;
+
+	generate_wellknown_sids();
+
+	switch (lp_server_role()) {
+	case ROLE_DOMAIN_PDC:
+	case ROLE_DOMAIN_BDC:
+		is_dc = True;
+		break;
+	default:
+		is_dc = False;
+		break;
+	}
+
+	if (secrets_fetch_domain_sid(global_myname, &global_sam_sid)) {
+		DOM_SID domain_sid;
+
+		/* We got our sid. If not a pdc/bdc, we're done. */
+		if (!is_dc)
+			return True;
+
+		if (!secrets_fetch_domain_sid(global_myworkgroup, &domain_sid)) {
+
+			/* No domain sid and we're a pdc/bdc. Store it */
+
+			if (!secrets_store_domain_sid(global_myworkgroup, &global_sam_sid)) {
+				DEBUG(0,("pdb_generate_sam_sid: Can't store domain SID as a pdc/bdc.\n"));
+				return False;
+			}
+			return True;
+		}
+
+		if (!sid_equal(&domain_sid, &global_sam_sid)) {
+
+			/* Domain name sid doesn't match global sam sid. Re-store global sam sid as domain sid. */
+
+			DEBUG(0,("pdb_generate_sam_sid: Mismatched SIDs as a pdc/bdc.\n"));
+			if (!secrets_store_domain_sid(global_myworkgroup, &global_sam_sid)) {
+				DEBUG(0,("pdb_generate_sam_sid: Can't re-store domain SID as a pdc/bdc.\n"));
+				return False;
+			}
+			return True;
+		}
+
+		return True;
+		
+	}
+
+	/* check for an old MACHINE.SID file for backwards compatibility */
+	asprintf(&fname, "%s/MACHINE.SID", lp_private_dir());
+
+	if (read_sid_from_file(fname, &global_sam_sid)) {
+		/* remember it for future reference and unlink the old MACHINE.SID */
+		if (!secrets_store_domain_sid(global_myname, &global_sam_sid)) {
+			DEBUG(0,("pdb_generate_sam_sid: Failed to store SID from file.\n"));
+			SAFE_FREE(fname);
+			return False;
+		}
+		unlink(fname);
+		if (is_dc) {
+			if (!secrets_store_domain_sid(global_myworkgroup, &global_sam_sid)) {
+				DEBUG(0,("pdb_generate_sam_sid: Failed to store domain SID from file.\n"));
+				SAFE_FREE(fname);
+				return False;
+			}
+		}
+
+		/* Stored the old sid from MACHINE.SID successfully.
+			Patch from Stefan "metze" Metzmacher <metze@metzemix.de>*/
+		SAFE_FREE(fname);
+		return True;
+	}
+
+	SAFE_FREE(fname);
+
+	/* we don't have the SID in secrets.tdb, we will need to
+           generate one and save it */
+	generate_random_sid(&global_sam_sid);
+
+	if (!secrets_store_domain_sid(global_myname, &global_sam_sid)) {
+		DEBUG(0,("pdb_generate_sam_sid: Failed to store generated machine SID.\n"));
+		return False;
+	}
+	if (is_dc) {
+		if (!secrets_store_domain_sid(global_myworkgroup, &global_sam_sid)) {
+			DEBUG(0,("pdb_generate_sam_sid: Failed to store generated domain SID.\n"));
+			return False;
+		}
+	}
+
+	return True;
+}   
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
new file mode 100644
index 0000000000..7eecbfd2cd
--- /dev/null
+++ b/source3/passdb/passdb.c
@@ -0,0 +1,1223 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Password and authentication handling
+   Copyright (C) Jeremy Allison 		1996-2001
+   Copyright (C) Luke Kenneth Casson Leighton 	1996-1998
+   Copyright (C) Gerald (Jerry) Carter		2000-2001
+   Copyright (C) Andrew Bartlett		2001-2002
+      
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/*
+ * This is set on startup - it defines the SID for this
+ * machine, and therefore the SAM database for which it is
+ * responsible.
+ */
+
+extern DOM_SID global_sam_sid;
+
+/************************************************************
+ Fill the SAM_ACCOUNT with default values.
+ ***********************************************************/
+
+static void pdb_fill_default_sam(SAM_ACCOUNT *user)
+{
+	ZERO_STRUCT(user->private); /* Don't touch the talloc context */
+
+        /* Don't change these timestamp settings without a good reason.
+           They are important for NT member server compatibility. */
+
+	user->private.init_flag		    = FLAG_SAM_UNINIT;
+	user->private.uid = user->private.gid	    = -1;
+
+	user->private.logon_time            = (time_t)0;
+	user->private.pass_last_set_time    = (time_t)0;
+	user->private.pass_can_change_time  = (time_t)0;
+	user->private.logoff_time           = 
+	user->private.kickoff_time          = 
+	user->private.pass_must_change_time = get_time_t_max();
+	user->private.unknown_3 = 0x00ffffff; 	/* don't know */
+	user->private.logon_divs = 168; 	/* hours per week */
+	user->private.hours_len = 21; 		/* 21 times 8 bits = 168 */
+	memset(user->private.hours, 0xff, user->private.hours_len); /* available at all hours */
+	user->private.unknown_5 = 0x00000000; /* don't know */
+	user->private.unknown_6 = 0x000004ec; /* don't know */
+
+	/* Some parts of samba strlen their pdb_get...() returns, 
+	   so this keeps the interface unchanged for now. */
+	   
+	user->private.username = "";
+	user->private.domain = "";
+	user->private.nt_username = "";
+	user->private.full_name = "";
+	user->private.home_dir = "";
+	user->private.logon_script = "";
+	user->private.profile_path = "";
+	user->private.acct_desc = "";
+	user->private.workstations = "";
+	user->private.unknown_str = "";
+	user->private.munged_dial = "";
+}	
+
+static void destroy_pdb_talloc(SAM_ACCOUNT **user) 
+{
+	if (*user) {
+		talloc_destroy((*user)->mem_ctx);
+		*user = NULL;
+	}
+}
+
+
+/**********************************************************************
+ Alloc memory and initialises a struct sam_passwd on supplied mem_ctx.
+***********************************************************************/
+
+NTSTATUS pdb_init_sam_talloc(TALLOC_CTX *mem_ctx, SAM_ACCOUNT **user)
+{
+	if (*user != NULL) {
+		DEBUG(0,("pdb_init_sam: SAM_ACCOUNT was non NULL\n"));
+#if 0
+		smb_panic("non-NULL pointer passed to pdb_init_sam\n");
+#endif
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	if (!mem_ctx) {
+		DEBUG(0,("pdb_init_sam_talloc: mem_ctx was NULL!\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	*user=(SAM_ACCOUNT *)talloc(mem_ctx, sizeof(SAM_ACCOUNT));
+
+	if (*user==NULL) {
+		DEBUG(0,("pdb_init_sam: error while allocating memory\n"));
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	(*user)->mem_ctx = mem_ctx;
+
+	(*user)->free_fn = NULL;
+
+	pdb_fill_default_sam(*user);
+	
+	return NT_STATUS_OK;
+}
+
+
+/*************************************************************
+ Alloc memory and initialises a struct sam_passwd.
+ ************************************************************/
+
+NTSTATUS pdb_init_sam(SAM_ACCOUNT **user)
+{
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS nt_status;
+	
+	mem_ctx = talloc_init_named("passdb internal SAM_ACCOUNT allocation");
+
+	if (!mem_ctx) {
+		DEBUG(0,("pdb_init_sam: error while doing talloc_init()\n"));
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam_talloc(mem_ctx, user))) {
+		talloc_destroy(mem_ctx);
+		return nt_status;
+	}
+	
+	(*user)->free_fn = destroy_pdb_talloc;
+
+	return NT_STATUS_OK;
+}
+
+
+/*************************************************************
+ Initialises a struct sam_passwd with sane values.
+ ************************************************************/
+
+NTSTATUS pdb_init_sam_pw(SAM_ACCOUNT **new_sam_acct, const struct passwd *pwd)
+{
+	pstring str;
+	GROUP_MAP map;
+	uint32 rid;
+	NTSTATUS nt_status;
+
+	if (!pwd) {
+		new_sam_acct = NULL;
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam(new_sam_acct))) {
+		new_sam_acct = NULL;
+		return nt_status;
+	}
+
+	pdb_set_username(*new_sam_acct, pwd->pw_name);
+	pdb_set_fullname(*new_sam_acct, pwd->pw_gecos);
+
+	pdb_set_uid(*new_sam_acct, pwd->pw_uid);
+	pdb_set_gid(*new_sam_acct, pwd->pw_gid);
+	
+	/* let the backends set the rid!!
+	pdb_set_user_rid(*new_sam_acct, pdb_uid_to_user_rid(pwd->pw_uid));
+	-- simo */
+
+	/* call the mapping code here */
+	if(get_group_map_from_gid(pwd->pw_gid, &map, MAPPING_WITHOUT_PRIV)) {
+		sid_peek_rid(&map.sid, &rid);
+	} 
+	else {
+		rid=pdb_gid_to_group_rid(pwd->pw_gid);
+	}
+		
+	pdb_set_group_rid(*new_sam_acct, rid);
+
+	pstrcpy(str, lp_logon_path());
+	standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, pwd->pw_name, str);
+	pdb_set_profile_path(*new_sam_acct, str, False);
+	
+	pstrcpy(str, lp_logon_home());
+	standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, pwd->pw_name, str);
+	pdb_set_homedir(*new_sam_acct, str, False);
+	
+	pstrcpy(str, lp_logon_drive());
+	standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, pwd->pw_name, str);
+	pdb_set_dir_drive(*new_sam_acct, str, False);
+
+	pstrcpy(str, lp_logon_script());
+	standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, pwd->pw_name, str);
+	pdb_set_logon_script(*new_sam_acct, str, False);
+	
+	return NT_STATUS_OK;
+}
+
+
+/**
+ * Free the contets of the SAM_ACCOUNT, but not the structure.
+ *
+ * Also wipes the LM and NT hashes from memory.
+ *
+ * @param user SAM_ACCOUNT to free members of.
+ **/
+
+static void pdb_free_sam_contents(SAM_ACCOUNT *user)
+{
+	/* As we start mallocing more strings this is where  
+	   we should free them. */
+
+	data_blob_clear_free(&(user->private.lm_pw));
+	data_blob_clear_free(&(user->private.nt_pw));
+}
+
+
+/************************************************************
+ Reset the SAM_ACCOUNT and free the NT/LM hashes.
+ ***********************************************************/
+
+NTSTATUS pdb_reset_sam(SAM_ACCOUNT *user)
+{
+	if (user == NULL) {
+		DEBUG(0,("pdb_reset_sam: SAM_ACCOUNT was NULL\n"));
+#if 0
+		smb_panic("NULL pointer passed to pdb_free_sam\n");
+#endif
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+	
+	pdb_free_sam_contents(user);
+
+	pdb_fill_default_sam(user);
+
+	return NT_STATUS_OK;
+}
+
+
+/************************************************************
+ Free the SAM_ACCOUNT and the member pointers.
+ ***********************************************************/
+
+NTSTATUS pdb_free_sam(SAM_ACCOUNT **user)
+{
+	if (*user == NULL) {
+		DEBUG(0,("pdb_free_sam: SAM_ACCOUNT was NULL\n"));
+#if 0
+		smb_panic("NULL pointer passed to pdb_free_sam\n");
+#endif
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	pdb_free_sam_contents(*user);
+	
+	if ((*user)->free_fn) {
+		(*user)->free_fn(user);
+	}
+
+	return NT_STATUS_OK;	
+}
+
+
+/**********************************************************
+ Encode the account control bits into a string.
+ length = length of string to encode into (including terminating
+ null). length *MUST BE MORE THAN 2* !
+ **********************************************************/
+
+char *pdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length)
+{
+	static fstring acct_str;
+	size_t i = 0;
+
+	acct_str[i++] = '[';
+
+	if (acct_ctrl & ACB_PWNOTREQ ) acct_str[i++] = 'N';
+	if (acct_ctrl & ACB_DISABLED ) acct_str[i++] = 'D';
+	if (acct_ctrl & ACB_HOMDIRREQ) acct_str[i++] = 'H';
+	if (acct_ctrl & ACB_TEMPDUP  ) acct_str[i++] = 'T'; 
+	if (acct_ctrl & ACB_NORMAL   ) acct_str[i++] = 'U';
+	if (acct_ctrl & ACB_MNS      ) acct_str[i++] = 'M';
+	if (acct_ctrl & ACB_WSTRUST  ) acct_str[i++] = 'W';
+	if (acct_ctrl & ACB_SVRTRUST ) acct_str[i++] = 'S';
+	if (acct_ctrl & ACB_AUTOLOCK ) acct_str[i++] = 'L';
+	if (acct_ctrl & ACB_PWNOEXP  ) acct_str[i++] = 'X';
+	if (acct_ctrl & ACB_DOMTRUST ) acct_str[i++] = 'I';
+
+	for ( ; i < length - 2 ; i++ )
+		acct_str[i] = ' ';
+
+	i = length - 2;
+	acct_str[i++] = ']';
+	acct_str[i++] = '\0';
+
+	return acct_str;
+}     
+
+/**********************************************************
+ Decode the account control bits from a string.
+ **********************************************************/
+
+uint16 pdb_decode_acct_ctrl(const char *p)
+{
+	uint16 acct_ctrl = 0;
+	BOOL finished = False;
+
+	/*
+	 * Check if the account type bits have been encoded after the
+	 * NT password (in the form [NDHTUWSLXI]).
+	 */
+
+	if (*p != '[')
+		return 0;
+
+	for (p++; *p && !finished; p++) {
+		switch (*p) {
+			case 'N': { acct_ctrl |= ACB_PWNOTREQ ; break; /* 'N'o password. */ }
+			case 'D': { acct_ctrl |= ACB_DISABLED ; break; /* 'D'isabled. */ }
+			case 'H': { acct_ctrl |= ACB_HOMDIRREQ; break; /* 'H'omedir required. */ }
+			case 'T': { acct_ctrl |= ACB_TEMPDUP  ; break; /* 'T'emp account. */ } 
+			case 'U': { acct_ctrl |= ACB_NORMAL   ; break; /* 'U'ser account (normal). */ } 
+			case 'M': { acct_ctrl |= ACB_MNS      ; break; /* 'M'NS logon user account. What is this ? */ } 
+			case 'W': { acct_ctrl |= ACB_WSTRUST  ; break; /* 'W'orkstation account. */ } 
+			case 'S': { acct_ctrl |= ACB_SVRTRUST ; break; /* 'S'erver account. */ } 
+			case 'L': { acct_ctrl |= ACB_AUTOLOCK ; break; /* 'L'ocked account. */ } 
+			case 'X': { acct_ctrl |= ACB_PWNOEXP  ; break; /* No 'X'piry on password */ } 
+			case 'I': { acct_ctrl |= ACB_DOMTRUST ; break; /* 'I'nterdomain trust account. */ }
+            case ' ': { break; }
+			case ':':
+			case '\n':
+			case '\0': 
+			case ']':
+			default:  { finished = True; }
+		}
+	}
+
+	return acct_ctrl;
+}
+
+/*************************************************************
+ Routine to set 32 hex password characters from a 16 byte array.
+**************************************************************/
+
+void pdb_sethexpwd(char *p, const unsigned char *pwd, uint16 acct_ctrl)
+{
+	if (pwd != NULL) {
+		int i;
+		for (i = 0; i < 16; i++)
+			slprintf(&p[i*2], 3, "%02X", pwd[i]);
+	} else {
+		if (acct_ctrl & ACB_PWNOTREQ)
+			safe_strcpy(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 33);
+		else
+			safe_strcpy(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 33);
+	}
+}
+
+/*************************************************************
+ Routine to get the 32 hex characters and turn them
+ into a 16 byte array.
+**************************************************************/
+
+BOOL pdb_gethexpwd(const char *p, unsigned char *pwd)
+{
+	int i;
+	unsigned char   lonybble, hinybble;
+	char           *hexchars = "0123456789ABCDEF";
+	char           *p1, *p2;
+	
+	if (!p)
+		return (False);
+	
+	for (i = 0; i < 32; i += 2) {
+		hinybble = toupper(p[i]);
+		lonybble = toupper(p[i + 1]);
+
+		p1 = strchr(hexchars, hinybble);
+		p2 = strchr(hexchars, lonybble);
+
+		if (!p1 || !p2)
+			return (False);
+
+		hinybble = PTR_DIFF(p1, hexchars);
+		lonybble = PTR_DIFF(p2, hexchars);
+
+		pwd[i / 2] = (hinybble << 4) | lonybble;
+	}
+	return (True);
+}
+
+#if 0 /* seem it is not used by anyone */
+/*******************************************************************
+ Group and User RID username mapping function
+ ********************************************************************/
+
+BOOL pdb_name_to_rid(const char *user_name, uint32 *u_rid, uint32 *g_rid)
+{
+	GROUP_MAP map;
+	struct passwd *pw = Get_Pwnam(user_name);
+
+	if (u_rid == NULL || g_rid == NULL || user_name == NULL)
+		return False;
+
+	if (!pw) {
+		DEBUG(1,("Username %s is invalid on this system\n", user_name));
+		return False;
+	}
+
+	/* turn the unix UID into a Domain RID.  this is what the posix
+	   sub-system does (adds 1000 to the uid) */
+	*u_rid = fallback_pdb_uid_to_user_rid(pw->pw_uid);
+
+	/* absolutely no idea what to do about the unix GID to Domain RID mapping */
+	/* map it ! */
+	if (get_group_map_from_gid(pw->pw_gid, &map, MAPPING_WITHOUT_PRIV)) {
+		sid_peek_rid(&map.sid, g_rid);
+	} else 
+		*g_rid = pdb_gid_to_group_rid(pw->pw_gid);
+
+	return True;
+}
+#endif /* seem it is not used by anyone */
+
+/*******************************************************************
+ Converts NT user RID to a UNIX uid.
+ ********************************************************************/
+
+static uid_t fallback_pdb_user_rid_to_uid(uint32 user_rid)
+{
+	return (uid_t)(((user_rid & (~USER_RID_TYPE))- 1000)/RID_MULTIPLIER);
+}
+
+
+/*******************************************************************
+ converts UNIX uid to an NT User RID.
+ ********************************************************************/
+
+static uint32 fallback_pdb_uid_to_user_rid(uid_t uid)
+{
+	return (((((uint32)uid)*RID_MULTIPLIER) + 1000) | USER_RID_TYPE);
+}
+
+/*******************************************************************
+ Converts NT group RID to a UNIX gid.
+ ********************************************************************/
+
+gid_t pdb_group_rid_to_gid(uint32 group_rid)
+{
+	return (gid_t)(((group_rid & (~GROUP_RID_TYPE))- 1000)/RID_MULTIPLIER);
+}
+
+/*******************************************************************
+ converts NT Group RID to a UNIX uid.
+ 
+ warning: you must not call that function only
+ you must do a call to the group mapping first.
+ there is not anymore a direct link between the gid and the rid.
+ ********************************************************************/
+
+uint32 pdb_gid_to_group_rid(gid_t gid)
+{
+  return (((((uint32)gid)*RID_MULTIPLIER) + 1000) | GROUP_RID_TYPE);
+}
+
+/*******************************************************************
+ Decides if a RID is a well known RID.
+ ********************************************************************/
+
+static BOOL pdb_rid_is_well_known(uint32 rid)
+{
+  return (rid < 1000);
+}
+
+/*******************************************************************
+ Decides if a RID is a user or group RID.
+ ********************************************************************/
+
+BOOL pdb_rid_is_user(uint32 rid)
+{
+  /* lkcl i understand that NT attaches an enumeration to a RID
+   * such that it can be identified as either a user, group etc
+   * type.  there are 5 such categories, and they are documented.
+   */
+   if(pdb_rid_is_well_known(rid)) {
+      /*
+       * The only well known user RIDs are DOMAIN_USER_RID_ADMIN
+       * and DOMAIN_USER_RID_GUEST.
+       */
+     if(rid == DOMAIN_USER_RID_ADMIN || rid == DOMAIN_USER_RID_GUEST)
+       return True;
+   } else if((rid & RID_TYPE_MASK) == USER_RID_TYPE) {
+     return True;
+   }
+   return False;
+}
+
+/*******************************************************************
+ Convert a rid into a name. Used in the lookup SID rpc.
+ ********************************************************************/
+
+BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use)
+{
+	uint32 rid;
+	BOOL is_user;
+	SAM_ACCOUNT *sam_account = NULL;
+	BOOL found = False;
+
+	sid_peek_rid(sid, &rid);
+	is_user = pdb_rid_is_user(rid);
+	*psid_name_use = SID_NAME_UNKNOWN;
+
+	DEBUG(5,("local_lookup_sid: looking up %s RID %u.\n", is_user ? "user" :
+			"group", (unsigned int)rid));
+
+	if(is_user) {
+		if(rid == DOMAIN_USER_RID_ADMIN) {
+			char **admin_list = lp_admin_users(-1);
+			*psid_name_use = SID_NAME_USER;
+			if (admin_list) {
+				char *p = *admin_list;
+				if(!next_token(&p, name, NULL, sizeof(fstring)))
+					fstrcpy(name, "Administrator");
+			} else {
+				fstrcpy(name, "Administrator");
+			}
+		} else if (rid == DOMAIN_USER_RID_GUEST) {
+			char *p = lp_guestaccount();
+			*psid_name_use = SID_NAME_USER;
+			if(!next_token(&p, name, NULL, sizeof(fstring)))
+				fstrcpy(name, "Guest");
+		} else {
+			uid_t uid;
+			struct passwd *pass;
+			
+			/*
+			 * Don't try to convert the rid to a name if 
+			 * running in appliance mode
+			 */
+			if (lp_hide_local_users())
+				return False;
+
+			if (!NT_STATUS_IS_OK(pdb_init_sam(&sam_account))) {
+				return False;
+			}
+			
+			if (pdb_getsampwrid(sam_account, rid)) {
+				fstrcpy(name, pdb_get_username(sam_account));
+				*psid_name_use = SID_NAME_USER;
+				found = True;
+			}
+			
+			pdb_free_sam(&sam_account);
+			
+			if (found) {
+				return True;
+			}
+			
+			uid = fallback_pdb_user_rid_to_uid(rid);
+			pass = getpwuid_alloc(uid);
+			
+			*psid_name_use = SID_NAME_USER;
+			
+			DEBUG(5,("local_lookup_sid: looking up uid %u %s\n", (unsigned int)uid,
+				 pass ? "succeeded" : "failed" ));
+			
+			if(!pass) {
+				slprintf(name, sizeof(fstring)-1, "unix_user.%u", (unsigned int)uid);
+				return True;
+			}
+			
+			fstrcpy(name, pass->pw_name);
+			
+			DEBUG(5,("local_lookup_sid: found user %s for rid %u\n", name,
+				 (unsigned int)rid ));
+			
+			passwd_free(&pass);
+		}
+		
+	} else {
+		gid_t gid;
+		struct group *gr; 
+		GROUP_MAP map;
+		
+		/* 
+		 * Don't try to convert the rid to a name if running
+		 * in appliance mode
+		 */
+		
+		if (lp_hide_local_users()) 
+			return False;
+
+		/* check if it's a mapped group */
+		if (get_group_map_from_sid(*sid, &map, MAPPING_WITHOUT_PRIV)) {
+			if (map.gid!=-1) {
+				DEBUG(5,("local_lookup_sid: mapped group %s to gid %u\n", map.nt_name, (unsigned int)map.gid));
+				fstrcpy(name, map.nt_name);
+				*psid_name_use = map.sid_name_use;
+				return True;
+			}
+		}
+		
+		gid = pdb_group_rid_to_gid(rid);
+		gr = getgrgid(gid);
+
+		*psid_name_use = SID_NAME_ALIAS;
+
+		DEBUG(5,("local_lookup_sid: looking up gid %u %s\n", (unsigned int)gid,
+			gr ? "succeeded" : "failed" ));
+
+		if(!gr) {
+			slprintf(name, sizeof(fstring)-1, "unix_group.%u", (unsigned int)gid);
+			return False;
+		}
+
+		fstrcpy( name, gr->gr_name);
+
+		DEBUG(5,("local_lookup_sid: found group %s for rid %u\n", name,
+			(unsigned int)rid ));
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ Convert a name into a SID. Used in the lookup name rpc.
+ ********************************************************************/
+
+BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psid_name_use)
+{
+	extern DOM_SID global_sid_World_Domain;
+	struct passwd *pass = NULL;
+	DOM_SID local_sid;
+	fstring user;
+	SAM_ACCOUNT *sam_account = NULL;
+	BOOL found = False;
+	
+	*psid_name_use = SID_NAME_UNKNOWN;
+
+	/*
+	 * user may be quoted a const string, and map_username and
+	 * friends can modify it. Make a modifiable copy. JRA.
+	 */
+
+	fstrcpy(user, c_user);
+
+	sid_copy(&local_sid, &global_sam_sid);
+
+	/*
+	 * Special case for MACHINE\Everyone. Map to the world_sid.
+	 */
+
+	if(strequal(user, "Everyone")) {
+		sid_copy( psid, &global_sid_World_Domain);
+		sid_append_rid(psid, 0);
+		*psid_name_use = SID_NAME_ALIAS;
+		return True;
+	}
+
+	/* 
+	 * Don't lookup local unix users if running in appliance mode
+	 */
+	if (lp_hide_local_users()) 
+		return False;
+
+	(void)map_username(user);
+
+	if (!NT_STATUS_IS_OK(pdb_init_sam(&sam_account))) {
+		return False;
+	}
+	
+	if (pdb_getsampwnam(sam_account, user)) {
+		sid_append_rid( &local_sid, pdb_get_user_rid(sam_account));
+		*psid_name_use = SID_NAME_USER;
+		
+		sid_copy( psid, &local_sid);
+		found = True;
+	}
+
+	pdb_free_sam(&sam_account);
+
+	if (!found && (pass = Get_Pwnam(user))) {
+		sid_append_rid( &local_sid, fallback_pdb_uid_to_user_rid(pass->pw_uid));
+		*psid_name_use = SID_NAME_USER;
+		pdb_free_sam(&sam_account);
+
+	} else if (!found) {
+		/*
+		 * Maybe it was a group ?
+		 */
+		struct group *grp;
+		GROUP_MAP map;
+		
+		pdb_free_sam(&sam_account);
+
+		/* check if it's a mapped group */
+		if (get_group_map_from_ntname(user, &map, MAPPING_WITHOUT_PRIV)) {
+			if (map.gid!=-1) {
+				/* yes it's a mapped group to a valid unix group */
+				sid_copy(&local_sid, &map.sid);
+				*psid_name_use = map.sid_name_use;
+			}
+			else
+				/* it's a correct name but not mapped so it points to nothing*/
+				return False;
+		} else {
+			/* it's not a mapped group */
+			grp = getgrnam(user);
+			if(!grp)
+				return False;
+
+			/* 
+			 *check if it's mapped, if it is reply it doesn't exist
+			 *
+			 * that's to prevent this case:
+			 *
+			 * unix group ug is mapped to nt group ng
+			 * someone does a lookup on ug
+			 * we must not reply as it doesn't "exist" anymore
+			 * for NT. For NT only ng exists.
+			 * JFM, 30/11/2001
+			 */
+			
+			if(get_group_map_from_gid(grp->gr_gid, &map, MAPPING_WITHOUT_PRIV)){
+				return False;
+			}
+
+			sid_append_rid( &local_sid, pdb_gid_to_group_rid(grp->gr_gid));
+			*psid_name_use = SID_NAME_ALIAS;
+		}
+	}
+
+	sid_copy( psid, &local_sid);
+
+	return True;
+}
+
+/****************************************************************************
+ Convert a uid to SID - locally.
+****************************************************************************/
+
+DOM_SID *local_uid_to_sid(DOM_SID *psid, uid_t uid)
+{
+	extern DOM_SID global_sam_sid;
+	struct passwd *pass;
+	SAM_ACCOUNT *sam_user = NULL;
+
+	sid_copy(psid, &global_sam_sid);
+
+	if(!(pass = getpwuid_alloc(uid)))
+		return NULL;
+
+	if (NT_STATUS_IS_ERR(pdb_init_sam(&sam_user))) {
+		passwd_free(&pass);
+		return NULL;
+	}
+	
+	if (!pdb_getsampwnam(sam_user, pass->pw_name)) {
+		pdb_free_sam(&sam_user);
+		return NULL;
+	}
+
+	passwd_free(&pass);
+
+	sid_append_rid(psid, pdb_get_user_rid(sam_user));
+
+	pdb_free_sam(&sam_user);
+
+	return psid;
+}
+
+/****************************************************************************
+ Convert a SID to uid - locally.
+****************************************************************************/
+
+BOOL local_sid_to_uid(uid_t *puid, DOM_SID *psid, enum SID_NAME_USE *name_type)
+{
+	extern DOM_SID global_sam_sid;
+
+	DOM_SID dom_sid;
+	uint32 rid;
+	fstring str;
+	struct passwd *pass;
+	SAM_ACCOUNT *sam_user = NULL;
+
+	*name_type = SID_NAME_UNKNOWN;
+
+	sid_copy(&dom_sid, psid);
+	sid_split_rid(&dom_sid, &rid);
+
+	if (!pdb_rid_is_user(rid))
+		return False;
+
+	/*
+	 * We can only convert to a uid if this is our local
+	 * Domain SID (ie. we are the controling authority).
+	 */
+	if (!sid_equal(&global_sam_sid, &dom_sid))
+		return False;
+
+	if (NT_STATUS_IS_ERR(pdb_init_sam(&sam_user)))
+		return False;
+	
+	if (!pdb_getsampwrid(sam_user, rid)) {
+		pdb_free_sam(&sam_user);
+		return False;
+	}
+	
+	*puid = pdb_get_uid(sam_user);
+	if (*puid == -1)
+		return False;
+
+	pdb_free_sam(&sam_user);
+
+	/*
+	 * Ensure this uid really does exist.
+	 */
+	if(!(pass = getpwuid_alloc(*puid)))
+		return False;
+
+	DEBUG(10,("local_sid_to_uid: SID %s -> uid (%u) (%s).\n", sid_to_string( str, psid),
+		(unsigned int)*puid, pass->pw_name ));
+
+	passwd_free(&pass);
+
+	*name_type = SID_NAME_USER;
+
+	return True;
+}
+
+/****************************************************************************
+ Convert a gid to SID - locally.
+****************************************************************************/
+
+DOM_SID *local_gid_to_sid(DOM_SID *psid, gid_t gid)
+{
+	extern DOM_SID global_sam_sid;
+	GROUP_MAP map;
+
+	sid_copy(psid, &global_sam_sid);
+	
+	if (get_group_map_from_gid(gid, &map, MAPPING_WITHOUT_PRIV)) {
+		sid_copy(psid, &map.sid);
+	}
+	else {
+		sid_append_rid(psid, pdb_gid_to_group_rid(gid));
+	}
+
+	return psid;
+}
+
+/****************************************************************************
+ Convert a SID to gid - locally.
+****************************************************************************/
+
+BOOL local_sid_to_gid(gid_t *pgid, DOM_SID *psid, enum SID_NAME_USE *name_type)
+{
+	extern DOM_SID global_sam_sid;
+	DOM_SID dom_sid;
+	uint32 rid;
+	fstring str;
+	struct group *grp;
+	GROUP_MAP map;
+
+	*name_type = SID_NAME_UNKNOWN;
+
+	sid_copy(&dom_sid, psid);
+	sid_split_rid(&dom_sid, &rid);
+
+	/*
+	 * We can only convert to a gid if this is our local
+	 * Domain SID (ie. we are the controling authority).
+	 *
+	 * Or in the Builtin SID too. JFM, 11/30/2001
+	 */
+
+	if (!sid_equal(&global_sam_sid, &dom_sid))
+		return False;
+
+	if (pdb_rid_is_user(rid))
+		return False;
+
+	if (get_group_map_from_sid(*psid, &map, MAPPING_WITHOUT_PRIV)) {
+		
+		/* the SID is in the mapping table but not mapped */
+		if (map.gid==-1)
+			return False;
+
+		sid_peek_rid(&map.sid, &rid);
+		*pgid = rid;
+		*name_type = map.sid_name_use;
+	} else {
+		*pgid = pdb_group_rid_to_gid(rid);
+		*name_type = SID_NAME_ALIAS;
+	}
+
+	/*
+	 * Ensure this gid really does exist.
+	 */
+
+	if(!(grp = getgrgid(*pgid)))
+		return False;
+
+	DEBUG(10,("local_sid_to_gid: SID %s -> gid (%u) (%s).\n", sid_to_string( str, psid),
+		(unsigned int)*pgid, grp->gr_name ));
+
+	return True;
+}
+
+/** 
+ * Quick hack to do an easy ucs2 -> mulitbyte conversion 
+ * @return static buffer containing the converted string
+ **/
+
+static char *pdb_convert(const UNISTR2 *from)
+{
+	static pstring convert_buffer;
+	*convert_buffer = 0;
+	if (!from) {
+		return convert_buffer;
+	}
+
+	unistr2_to_ascii(convert_buffer, from, sizeof(pstring));
+	return convert_buffer;
+}
+
+/*************************************************************
+ Copies a SAM_USER_INFO_23 to a SAM_ACCOUNT
+ **************************************************************/
+
+void copy_id23_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_23 *from)
+{
+
+	if (from == NULL || to == NULL) 
+		return;
+
+	pdb_set_logon_time(to,nt_time_to_unix(&from->logon_time), True);
+	pdb_set_logoff_time(to,nt_time_to_unix(&from->logoff_time), True);
+	pdb_set_kickoff_time(to, nt_time_to_unix(&from->kickoff_time), True);
+	pdb_set_pass_can_change_time(to, nt_time_to_unix(&from->pass_can_change_time), True);
+	pdb_set_pass_must_change_time(to, nt_time_to_unix(&from->pass_must_change_time), True);
+
+	pdb_set_pass_last_set_time(to, nt_time_to_unix(&from->pass_last_set_time));
+
+	if (from->uni_user_name.buffer)
+		pdb_set_username(to      , pdb_convert(&from->uni_user_name   ));
+	if (from->uni_full_name.buffer)
+		pdb_set_fullname(to      , pdb_convert(&from->uni_full_name   ));
+	if (from->uni_home_dir.buffer)
+		pdb_set_homedir(to       , pdb_convert(&from->uni_home_dir    ), True);
+	if (from->uni_dir_drive.buffer)
+		pdb_set_dir_drive(to     , pdb_convert(&from->uni_dir_drive   ), True);
+	if (from->uni_logon_script.buffer)
+		pdb_set_logon_script(to  , pdb_convert(&from->uni_logon_script), True);
+	if (from->uni_profile_path.buffer)
+		pdb_set_profile_path(to  , pdb_convert(&from->uni_profile_path), True);
+	if (from->uni_acct_desc.buffer)
+		pdb_set_acct_desc(to     , pdb_convert(&from->uni_acct_desc   ));
+	if (from->uni_workstations.buffer)
+		pdb_set_workstations(to  , pdb_convert(&from->uni_workstations));
+	if (from->uni_unknown_str.buffer)
+		pdb_set_unknown_str(to   , pdb_convert(&from->uni_unknown_str ));
+	if (from->uni_munged_dial.buffer)
+		pdb_set_munged_dial(to   , pdb_convert(&from->uni_munged_dial ));
+
+	if (from->user_rid)
+		pdb_set_user_rid(to, from->user_rid);
+	if (from->group_rid)
+		pdb_set_group_rid(to, from->group_rid);
+
+	pdb_set_acct_ctrl(to, from->acb_info);
+	pdb_set_unknown_3(to, from->unknown_3);
+
+	pdb_set_logon_divs(to, from->logon_divs);
+	pdb_set_hours_len(to, from->logon_hrs.len);
+	pdb_set_hours(to, from->logon_hrs.hours);
+
+	pdb_set_unknown_5(to, from->unknown_5);
+	pdb_set_unknown_6(to, from->unknown_6);
+}
+
+
+/*************************************************************
+ Copies a sam passwd.
+ **************************************************************/
+
+void copy_id21_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_21 *from)
+{
+	if (from == NULL || to == NULL) 
+		return;
+
+	pdb_set_logon_time(to,nt_time_to_unix(&from->logon_time), True);
+	pdb_set_logoff_time(to,nt_time_to_unix(&from->logoff_time), True);
+	pdb_set_kickoff_time(to, nt_time_to_unix(&from->kickoff_time), True);
+	pdb_set_pass_can_change_time(to, nt_time_to_unix(&from->pass_can_change_time), True);
+	pdb_set_pass_must_change_time(to, nt_time_to_unix(&from->pass_must_change_time), True);
+
+	pdb_set_pass_last_set_time(to, nt_time_to_unix(&from->pass_last_set_time));
+
+	if (from->uni_user_name.buffer)
+		pdb_set_username(to      , pdb_convert(&from->uni_user_name   ));
+	if (from->uni_full_name.buffer)
+		pdb_set_fullname(to      , pdb_convert(&from->uni_full_name   ));
+	if (from->uni_home_dir.buffer)
+		pdb_set_homedir(to       , pdb_convert(&from->uni_home_dir    ), True);
+	if (from->uni_dir_drive.buffer)
+		pdb_set_dir_drive(to     , pdb_convert(&from->uni_dir_drive   ), True);
+	if (from->uni_logon_script.buffer)
+		pdb_set_logon_script(to  , pdb_convert(&from->uni_logon_script), True);
+	if (from->uni_profile_path.buffer)
+		pdb_set_profile_path(to  , pdb_convert(&from->uni_profile_path), True);
+	if (from->uni_acct_desc.buffer)
+		pdb_set_acct_desc(to     , pdb_convert(&from->uni_acct_desc   ));
+	if (from->uni_workstations.buffer)
+		pdb_set_workstations(to  , pdb_convert(&from->uni_workstations));
+	if (from->uni_unknown_str.buffer)
+		pdb_set_unknown_str(to   , pdb_convert(&from->uni_unknown_str ));
+	if (from->uni_munged_dial.buffer)
+		pdb_set_munged_dial(to   , pdb_convert(&from->uni_munged_dial ));
+
+	if (from->user_rid)
+		pdb_set_user_rid(to, from->user_rid);
+	if (from->group_rid)
+		pdb_set_group_rid(to, from->group_rid);
+
+	/* FIXME!!  Do we need to copy the passwords here as well?
+	   I don't know.  Need to figure this out   --jerry */
+
+	/* Passwords dealt with in caller --abartlet */
+
+	pdb_set_acct_ctrl(to, from->acb_info);
+	pdb_set_unknown_3(to, from->unknown_3);
+
+	pdb_set_logon_divs(to, from->logon_divs);
+	pdb_set_hours_len(to, from->logon_hrs.len);
+	pdb_set_hours(to, from->logon_hrs.hours);
+
+	pdb_set_unknown_5(to, from->unknown_5);
+	pdb_set_unknown_6(to, from->unknown_6);
+}
+
+
+/*************************************************************
+ Change a password entry in the local smbpasswd file.
+
+ FIXME!!  The function needs to be abstracted into the
+ passdb interface or something.  It is currently being called
+ by _api_samr_create_user() in rpc_server/srv_samr.c,
+ in SWAT and by smbpasswd/pdbedit.
+ 
+ --jerry
+ *************************************************************/
+
+BOOL local_password_change(const char *user_name, int local_flags,
+			   const char *new_passwd, 
+			   char *err_str, size_t err_str_len,
+			   char *msg_str, size_t msg_str_len)
+{
+	struct passwd  *pwd = NULL;
+	SAM_ACCOUNT 	*sam_pass=NULL;
+
+	*err_str = '\0';
+	*msg_str = '\0';
+
+	/* Get the smb passwd entry for this user */
+	pdb_init_sam(&sam_pass);
+	if(!pdb_getsampwnam(sam_pass, user_name)) {
+		pdb_free_sam(&sam_pass);
+		
+		if (local_flags & LOCAL_ADD_USER) {
+			pwd = getpwnam_alloc(user_name);
+		} else if (local_flags & LOCAL_DELETE_USER) {
+			/* Might not exist in /etc/passwd */
+		} else {
+			slprintf(err_str, err_str_len-1,"Failed to find entry for user %s.\n", user_name);
+			return False;
+		}
+		
+		if (pwd) {
+			/* Local user found, so init from this */
+			if (!NT_STATUS_IS_OK(pdb_init_sam_pw(&sam_pass, pwd))){
+				slprintf(err_str, err_str_len-1, "Failed initialise SAM_ACCOUNT for user %s.\n", user_name);
+				passwd_free(&pwd);
+				return False;
+			}
+		
+			passwd_free(&pwd);
+		} else {
+			if (!NT_STATUS_IS_OK(pdb_init_sam(&sam_pass))){
+				slprintf(err_str, err_str_len-1, "Failed initialise SAM_ACCOUNT for user %s.\n", user_name);
+				return False;
+			}
+
+	        	if (!pdb_set_username(sam_pass, user_name)) {
+	                	slprintf(err_str, err_str_len - 1, "Failed to set username for user %s.\n", user_name);
+	               	 	pdb_free_sam(&sam_pass);
+	               	 	return False;
+	        	}
+		}
+		if (local_flags & LOCAL_TRUST_ACCOUNT) {
+	        	if (!pdb_set_acct_ctrl(sam_pass, ACB_WSTRUST)) {
+	                	slprintf(err_str, err_str_len - 1, "Failed to set 'trusted workstation account' flags for user %s.\n", user_name);
+	                	pdb_free_sam(&sam_pass);
+	                	return False;
+	        	}
+		} else if (local_flags & LOCAL_INTERDOM_ACCOUNT) {
+	        	if (!pdb_set_acct_ctrl(sam_pass, ACB_DOMTRUST)) {
+	                	slprintf(err_str, err_str_len - 1, "Failed to set 'domain trust account' flags for user %s.\n", user_name);
+	                	pdb_free_sam(&sam_pass);
+	                	return False;
+	        	}
+		} else {
+	        	if (!pdb_set_acct_ctrl(sam_pass, ACB_NORMAL)) {
+	                	slprintf(err_str, err_str_len - 1, "Failed to set 'normal account' flags for user %s.\n", user_name);
+	               	 	pdb_free_sam(&sam_pass);
+	               	 	return False;
+	        	}
+		}
+
+	} else {
+		/* the entry already existed */
+		local_flags &= ~LOCAL_ADD_USER;
+	}
+
+	/*
+	 * We are root - just write the new password
+	 * and the valid last change time.
+	 */
+
+	if (local_flags & LOCAL_DISABLE_USER) {
+		if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_DISABLED)) {
+			slprintf(err_str, err_str_len-1, "Failed to set 'disabled' flag for user %s.\n", user_name);
+			pdb_free_sam(&sam_pass);
+			return False;
+		}
+	} else if (local_flags & LOCAL_ENABLE_USER) {
+		if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED))) {
+			slprintf(err_str, err_str_len-1, "Failed to unset 'disabled' flag for user %s.\n", user_name);
+			pdb_free_sam(&sam_pass);
+			return False;
+		}
+	}
+	
+	if (local_flags & LOCAL_SET_NO_PASSWORD) {
+		if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_PWNOTREQ)) {
+			slprintf(err_str, err_str_len-1, "Failed to set 'no password required' flag for user %s.\n", user_name);
+			pdb_free_sam(&sam_pass);
+			return False;
+		}
+	} else if (local_flags & LOCAL_SET_PASSWORD) {
+		/*
+		 * If we're dealing with setting a completely empty user account
+		 * ie. One with a password of 'XXXX', but not set disabled (like
+		 * an account created from scratch) then if the old password was
+		 * 'XX's then getsmbpwent will have set the ACB_DISABLED flag.
+		 * We remove that as we're giving this user their first password
+		 * and the decision hasn't really been made to disable them (ie.
+		 * don't create them disabled). JRA.
+		 */
+		if ((pdb_get_lanman_passwd(sam_pass)==NULL) && (pdb_get_acct_ctrl(sam_pass)&ACB_DISABLED)) {
+			if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED))) {
+				slprintf(err_str, err_str_len-1, "Failed to unset 'disabled' flag for user %s.\n", user_name);
+				pdb_free_sam(&sam_pass);
+				return False;
+			}
+		}
+		if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_PWNOTREQ))) {
+			slprintf(err_str, err_str_len-1, "Failed to unset 'no password required' flag for user %s.\n", user_name);
+			pdb_free_sam(&sam_pass);
+			return False;
+		}
+		
+		if (!pdb_set_plaintext_passwd (sam_pass, new_passwd)) {
+			slprintf(err_str, err_str_len-1, "Failed to set password for user %s.\n", user_name);
+			pdb_free_sam(&sam_pass);
+			return False;
+		}
+	}	
+
+	if (local_flags & LOCAL_ADD_USER) {
+		if (pdb_add_sam_account(sam_pass)) {
+			slprintf(msg_str, msg_str_len-1, "Added user %s.\n", user_name);
+			pdb_free_sam(&sam_pass);
+			return True;
+		} else {
+			slprintf(err_str, err_str_len-1, "Failed to add entry for user %s.\n", user_name);
+			pdb_free_sam(&sam_pass);
+			return False;
+		}
+	} else if (local_flags & LOCAL_DELETE_USER) {
+		if (!pdb_delete_sam_account(sam_pass)) {
+			slprintf(err_str,err_str_len-1, "Failed to delete entry for user %s.\n", user_name);
+			pdb_free_sam(&sam_pass);
+			return False;
+		}
+		slprintf(msg_str, msg_str_len-1, "Deleted user %s.\n", user_name);
+	} else {
+		if(!pdb_update_sam_account(sam_pass)) {
+			slprintf(err_str, err_str_len-1, "Failed to modify entry for user %s.\n", user_name);
+			pdb_free_sam(&sam_pass);
+			return False;
+		}
+		if(local_flags & LOCAL_DISABLE_USER)
+			slprintf(msg_str, msg_str_len-1, "Disabled user %s.\n", user_name);
+		else if (local_flags & LOCAL_ENABLE_USER)
+			slprintf(msg_str, msg_str_len-1, "Enabled user %s.\n", user_name);
+		else if (local_flags & LOCAL_SET_NO_PASSWORD)
+			slprintf(msg_str, msg_str_len-1, "User %s password set to none.\n", user_name);
+	}
+
+	pdb_free_sam(&sam_pass);
+	return True;
+}
diff --git a/source3/passdb/passgrp.c b/source3/passdb/passgrp.c
new file mode 100644
index 0000000000..d7ed965648
--- /dev/null
+++ b/source3/passdb/passgrp.c
@@ -0,0 +1,216 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Password and authentication handling
+   Copyright (C) Jeremy Allison 1996-1998
+   Copyright (C) Luke Kenneth Casson Leighton 1996-1998
+      
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/*
+ * NOTE. All these functions are abstracted into a structure
+ * that points to the correct function for the selected database. JRA.
+ *
+ * the API does NOT fill in the gaps if you set an API function
+ * to NULL: it will deliberately attempt to call the NULL function.
+ *
+ */
+
+static struct passgrp_ops *pwgrp_ops;
+
+/***************************************************************
+ Initialise the passgrp operations.
+***************************************************************/
+
+BOOL initialise_passgrp_db(void)
+{
+  if (pwgrp_ops)
+  {
+    return True;
+  }
+
+#ifdef WITH_NISPLUS
+  pwgrp_ops =  nisplus_initialise_password_grp();
+#elif defined(WITH_LDAP)
+  pwgrp_ops = ldap_initialize_password_grp();
+#else 
+  pwgrp_ops = file_initialise_password_grp();
+#endif 
+
+  return (pwgrp_ops != NULL);
+}
+
+/*
+ * Functions that return/manipulate a struct smb_passwd.
+ */
+
+/************************************************************************
+ Utility function to search smb passwd by rid.  
+*************************************************************************/
+
+struct smb_passwd *iterate_getsmbgrprid(uint32 user_rid,
+		uint32 **grps, int *num_grps,
+		uint32 **alss, int *num_alss)
+{
+	return iterate_getsmbgrpuid(pwdb_user_rid_to_uid(user_rid),
+	                            grps, num_grps, alss, num_alss);
+}
+
+/************************************************************************
+ Utility function to search smb passwd by uid.  use this if your database
+ does not have search facilities.
+*************************************************************************/
+
+struct smb_passwd *iterate_getsmbgrpuid(uid_t smb_userid,
+		uint32 **grps, int *num_grps,
+		uint32 **alss, int *num_alss)
+{
+	struct smb_passwd *pwd = NULL;
+	void *fp = NULL;
+
+	DEBUG(10, ("search by smb_userid: %x\n", (int)smb_userid));
+
+	/* Open the smb password database - not for update. */
+	fp = startsmbgrpent(False);
+
+	if (fp == NULL)
+	{
+		DEBUG(0, ("unable to open smb passgrp database.\n"));
+		return NULL;
+	}
+
+	while ((pwd = getsmbgrpent(fp, grps, num_grps, alss, num_alss)) != NULL && pwd->smb_userid != smb_userid)
+      ;
+
+	if (pwd != NULL)
+	{
+		DEBUG(10, ("found by smb_userid: %x\n", (int)smb_userid));
+	}
+
+	endsmbgrpent(fp);
+	return pwd;
+}
+
+/************************************************************************
+ Utility function to search smb passwd by name.  use this if your database
+ does not have search facilities.
+*************************************************************************/
+
+struct smb_passwd *iterate_getsmbgrpnam(char *name,
+		uint32 **grps, int *num_grps,
+		uint32 **alss, int *num_alss)
+{
+	struct smb_passwd *pwd = NULL;
+	void *fp = NULL;
+
+	DEBUG(10, ("search by name: %s\n", name));
+
+	/* Open the passgrp file - not for update. */
+	fp = startsmbgrpent(False);
+
+	if (fp == NULL)
+	{
+		DEBUG(0, ("unable to open smb passgrp database.\n"));
+		return NULL;
+	}
+
+	while ((pwd = getsmbgrpent(fp, grps, num_grps, alss, num_alss)) != NULL && !strequal(pwd->smb_name, name))
+      ;
+
+	if (pwd != NULL)
+	{
+		DEBUG(10, ("found by name: %s\n", name));
+	}
+
+	endsmbgrpent(fp);
+	return pwd;
+}
+
+/***************************************************************
+ Start to enumerate the smb or sam passwd list. Returns a void pointer
+ to ensure no modification outside this module.
+
+ Note that currently it is being assumed that a pointer returned
+ from this function may be used to enumerate struct sam_passwd
+ entries as well as struct smb_passwd entries. This may need
+ to change. JRA.
+
+****************************************************************/
+
+void *startsmbgrpent(BOOL update)
+{
+  return pwgrp_ops->startsmbgrpent(update);
+}
+
+/***************************************************************
+ End enumeration of the smb or sam passwd list.
+
+ Note that currently it is being assumed that a pointer returned
+ from this function may be used to enumerate struct sam_passwd
+ entries as well as struct smb_passwd entries. This may need
+ to change. JRA.
+
+****************************************************************/
+
+void endsmbgrpent(void *vp)
+{
+  pwgrp_ops->endsmbgrpent(vp);
+}
+
+/*************************************************************************
+ Routine to return the next entry in the smb passwd list.
+ *************************************************************************/
+
+struct smb_passwd *getsmbgrpent(void *vp,
+		uint32 **grps, int *num_grps,
+		uint32 **alss, int *num_alss)
+{
+	return pwgrp_ops->getsmbgrpent(vp, grps, num_grps, alss, num_alss);
+}
+
+/************************************************************************
+ Routine to search smb passwd by name.
+*************************************************************************/
+
+struct smb_passwd *getsmbgrpnam(char *name,
+		uint32 **grps, int *num_grps,
+		uint32 **alss, int *num_alss)
+{
+	return pwgrp_ops->getsmbgrpnam(name, grps, num_grps, alss, num_alss);
+}
+
+/************************************************************************
+ Routine to search smb passwd by user rid.
+*************************************************************************/
+
+struct smb_passwd *getsmbgrprid(uint32 user_rid,
+		uint32 **grps, int *num_grps,
+		uint32 **alss, int *num_alss)
+{
+	return pwgrp_ops->getsmbgrprid(user_rid, grps, num_grps, alss, num_alss);
+}
+
+/************************************************************************
+ Routine to search smb passwd by uid.
+*************************************************************************/
+
+struct smb_passwd *getsmbgrpuid(uid_t smb_userid,
+		uint32 **grps, int *num_grps,
+		uint32 **alss, int *num_alss)
+{
+	return pwgrp_ops->getsmbgrpuid(smb_userid, grps, num_grps, alss, num_alss);
+}
diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c
new file mode 100644
index 0000000000..cf77efd38f
--- /dev/null
+++ b/source3/passdb/pdb_get_set.c
@@ -0,0 +1,956 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SAM_ACCOUNT access routines
+   Copyright (C) Jeremy Allison 		1996-2001
+   Copyright (C) Luke Kenneth Casson Leighton 	1996-1998
+   Copyright (C) Gerald (Jerry) Carter		2000-2001
+   Copyright (C) Andrew Bartlett		2001-2002
+      
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/**
+ * @todo Redefine this to NULL, but this changes the API becouse
+ *       much of samba assumes that the pdb_get...() funtions 
+ *       return pstrings.  (ie not null-pointers).
+ *       See also pdb_fill_default_sam().
+ */
+
+#define PDB_NOT_QUITE_NULL ""
+
+/*********************************************************************
+ Collection of get...() functions for SAM_ACCOUNT_INFO.
+ ********************************************************************/
+
+uint16 pdb_get_acct_ctrl (const SAM_ACCOUNT *sampass)
+{
+	if (sampass)
+		return (sampass->private.acct_ctrl);
+	else
+		return (ACB_DISABLED);
+}
+
+time_t pdb_get_logon_time (const SAM_ACCOUNT *sampass)
+{
+	if (sampass)
+		return (sampass->private.logon_time);
+	else
+		return (0);
+}
+
+time_t pdb_get_logoff_time (const SAM_ACCOUNT *sampass)
+{
+	if (sampass)
+		return (sampass->private.logoff_time);
+	else
+		return (-1);
+}
+
+time_t pdb_get_kickoff_time (const SAM_ACCOUNT *sampass)
+{
+	if (sampass)
+		return (sampass->private.kickoff_time);
+	else
+		return (-1);
+}
+
+time_t pdb_get_pass_last_set_time (const SAM_ACCOUNT *sampass)
+{
+	if (sampass)
+		return (sampass->private.pass_last_set_time);
+	else
+		return (-1);
+}
+
+time_t pdb_get_pass_can_change_time (const SAM_ACCOUNT *sampass)
+{
+	if (sampass)
+		return (sampass->private.pass_can_change_time);
+	else
+		return (-1);
+}
+
+time_t pdb_get_pass_must_change_time (const SAM_ACCOUNT *sampass)
+{
+	if (sampass)
+		return (sampass->private.pass_must_change_time);
+	else
+		return (-1);
+}
+
+uint16 pdb_get_logon_divs (const SAM_ACCOUNT *sampass)
+{
+	if (sampass)
+		return (sampass->private.logon_divs);
+	else
+		return (-1);
+}
+
+uint32 pdb_get_hours_len (const SAM_ACCOUNT *sampass)
+{
+	if (sampass)
+		return (sampass->private.hours_len);
+	else
+		return (-1);
+}
+
+const uint8* pdb_get_hours (const SAM_ACCOUNT *sampass)
+{
+	if (sampass)
+		return (sampass->private.hours);
+	else
+		return (NULL);
+}
+
+const uint8* pdb_get_nt_passwd (const SAM_ACCOUNT *sampass)
+{
+	if (sampass) {
+		SMB_ASSERT((!sampass->private.nt_pw.data) 
+			   || sampass->private.nt_pw.length == NT_HASH_LEN);
+		return ((uint8*)sampass->private.nt_pw.data);
+	}
+	else
+		return (NULL);
+}
+
+const uint8* pdb_get_lanman_passwd (const SAM_ACCOUNT *sampass)
+{
+	if (sampass) {
+		SMB_ASSERT((!sampass->private.lm_pw.data) 
+			   || sampass->private.lm_pw.length == LM_HASH_LEN);
+		return ((uint8*)sampass->private.lm_pw.data);
+	}
+	else
+		return (NULL);
+}
+
+uint32 pdb_get_user_rid (const SAM_ACCOUNT *sampass)
+{
+	if (sampass)
+		return (sampass->private.user_rid);
+	else
+		return (-1);
+}
+
+uint32 pdb_get_group_rid (const SAM_ACCOUNT *sampass)
+{
+	if (sampass)
+		return (sampass->private.group_rid);
+	else
+		return (-1);
+}
+
+/**
+ * Get flags showing what is initalised in the SAM_ACCOUNT
+ * @param sampass the SAM_ACCOUNT in question
+ * @return the flags indicating the members initialised in the struct.
+ **/
+ 
+uint32 pdb_get_init_flag (const SAM_ACCOUNT *sampass)
+{
+        if (sampass)
+		return sampass->private.init_flag;
+	else 
+                return FLAG_SAM_UNINIT;
+}
+
+uid_t pdb_get_uid (const SAM_ACCOUNT *sampass)
+{
+	if (sampass)
+		return (sampass->private.uid);
+	else
+		return (-1);
+}
+
+gid_t pdb_get_gid (const SAM_ACCOUNT *sampass)
+{
+	if (sampass)
+		return (sampass->private.gid);
+	else
+		return (-1);
+}
+
+const char* pdb_get_username (const SAM_ACCOUNT *sampass)
+{
+	if (sampass)
+		return (sampass->private.username);
+	else
+		return (NULL);
+}
+
+const char* pdb_get_domain (const SAM_ACCOUNT *sampass)
+{
+	if (sampass)
+		return (sampass->private.domain);
+	else
+		return (NULL);
+}
+
+const char* pdb_get_nt_username (const SAM_ACCOUNT *sampass)
+{
+	if (sampass)
+		return (sampass->private.nt_username);
+	else
+		return (NULL);
+}
+
+const char* pdb_get_fullname (const SAM_ACCOUNT *sampass)
+{
+	if (sampass)
+		return (sampass->private.full_name);
+	else
+		return (NULL);
+}
+
+const char* pdb_get_homedir (const SAM_ACCOUNT *sampass)
+{
+	if (sampass)
+		return (sampass->private.home_dir);
+	else
+		return (NULL);
+}
+
+const char* pdb_get_dirdrive (const SAM_ACCOUNT *sampass)
+{
+	if (sampass)
+		return (sampass->private.dir_drive);
+	else
+		return (NULL);
+}
+
+const char* pdb_get_logon_script (const SAM_ACCOUNT *sampass)
+{
+	if (sampass)
+		return (sampass->private.logon_script);
+	else
+		return (NULL);
+}
+
+const char* pdb_get_profile_path (const SAM_ACCOUNT *sampass)
+{
+	if (sampass)
+		return (sampass->private.profile_path);
+	else
+		return (NULL);
+}
+
+const char* pdb_get_acct_desc (const SAM_ACCOUNT *sampass)
+{
+	if (sampass)
+		return (sampass->private.acct_desc);
+	else
+		return (NULL);
+}
+
+const char* pdb_get_workstations (const SAM_ACCOUNT *sampass)
+{
+	if (sampass)
+		return (sampass->private.workstations);
+	else
+		return (NULL);
+}
+
+const char* pdb_get_unknown_str (const SAM_ACCOUNT *sampass)
+{
+	if (sampass)
+		return (sampass->private.unknown_str);
+	else
+		return (NULL);
+}
+
+const char* pdb_get_munged_dial (const SAM_ACCOUNT *sampass)
+{
+	if (sampass)
+		return (sampass->private.munged_dial);
+	else
+		return (NULL);
+}
+
+uint32 pdb_get_unknown3 (const SAM_ACCOUNT *sampass)
+{
+	if (sampass)
+		return (sampass->private.unknown_3);
+	else
+		return (-1);
+}
+
+uint32 pdb_get_unknown5 (const SAM_ACCOUNT *sampass)
+{
+	if (sampass)
+		return (sampass->private.unknown_5);
+	else
+		return (-1);
+}
+
+uint32 pdb_get_unknown6 (const SAM_ACCOUNT *sampass)
+{
+	if (sampass)
+		return (sampass->private.unknown_6);
+	else
+		return (-1);
+}
+
+/*********************************************************************
+ Collection of set...() functions for SAM_ACCOUNT_INFO.
+ ********************************************************************/
+
+BOOL pdb_set_acct_ctrl (SAM_ACCOUNT *sampass, uint16 flags)
+{
+	if (!sampass)
+		return False;
+		
+	if (sampass) {
+		sampass->private.acct_ctrl = flags;
+		return True;
+	}
+	
+	return False;
+}
+
+BOOL pdb_set_logon_time (SAM_ACCOUNT *sampass, time_t mytime, BOOL store)
+{
+	if (!sampass)
+		return False;
+
+	sampass->private.logon_time = mytime;
+
+	if (store)
+		pdb_set_init_flag(sampass, FLAG_SAM_LOGONTIME); 
+
+	return True;
+}
+
+BOOL pdb_set_logoff_time (SAM_ACCOUNT *sampass, time_t mytime, BOOL store)
+{
+	if (!sampass)
+		return False;
+
+	sampass->private.logoff_time = mytime;
+
+	if (store)
+		pdb_set_init_flag(sampass, FLAG_SAM_LOGOFFTIME); 
+
+	return True;
+}
+
+BOOL pdb_set_kickoff_time (SAM_ACCOUNT *sampass, time_t mytime, BOOL store)
+{
+	if (!sampass)
+		return False;
+
+	sampass->private.kickoff_time = mytime;
+
+	if (store)
+		pdb_set_init_flag(sampass, FLAG_SAM_KICKOFFTIME); 
+
+	return True;
+}
+
+BOOL pdb_set_pass_can_change_time (SAM_ACCOUNT *sampass, time_t mytime, BOOL store)
+{
+	if (!sampass)
+		return False;
+
+	sampass->private.pass_can_change_time = mytime;
+
+	if (store)
+		pdb_set_init_flag(sampass, FLAG_SAM_CANCHANGETIME); 
+
+	return True;
+}
+
+BOOL pdb_set_pass_must_change_time (SAM_ACCOUNT *sampass, time_t mytime, BOOL store)
+{
+	if (!sampass)
+		return False;
+
+	sampass->private.pass_must_change_time = mytime;
+
+	if (store)
+		pdb_set_init_flag(sampass, FLAG_SAM_MUSTCHANGETIME); 
+
+	return True;
+}
+
+BOOL pdb_set_pass_last_set_time (SAM_ACCOUNT *sampass, time_t mytime)
+{
+	if (!sampass)
+		return False;
+
+	sampass->private.pass_last_set_time = mytime;
+
+	return True;
+}
+
+BOOL pdb_set_hours_len (SAM_ACCOUNT *sampass, uint32 len)
+{
+	if (!sampass)
+		return False;
+
+	sampass->private.hours_len = len;
+	return True;
+}
+
+BOOL pdb_set_logon_divs (SAM_ACCOUNT *sampass, uint16 hours)
+{
+	if (!sampass)
+		return False;
+
+	sampass->private.logon_divs = hours;
+	return True;
+}
+
+/**
+ * Set flags showing what is initalised in the SAM_ACCOUNT
+ * @param sampass the SAM_ACCOUNT in question
+ * @param flag The *new* flag to be set.  Old flags preserved
+ *             this flag is only added.  
+ **/
+ 
+BOOL pdb_set_init_flag (SAM_ACCOUNT *sampass, uint32 flag)
+{
+        if (!sampass)
+                return False;
+
+        sampass->private.init_flag |= flag;
+
+        return True;
+}
+
+BOOL pdb_set_uid (SAM_ACCOUNT *sampass, const uid_t uid)
+{
+	if (!sampass)
+		return False;
+	
+	DEBUG(10, ("pdb_set_uid: setting uid %d, was %d\n", 
+		   (int)uid, (int)sampass->private.uid));
+ 
+	sampass->private.uid = uid;
+	pdb_set_init_flag(sampass, FLAG_SAM_UID); 
+
+	return True;
+
+}
+
+BOOL pdb_set_gid (SAM_ACCOUNT *sampass, const gid_t gid)
+{
+	if (!sampass)
+		return False;
+		
+	DEBUG(10, ("pdb_set_gid: setting gid %d, was %d\n", 
+		   (int)gid, (int)sampass->private.gid));
+ 
+	sampass->private.gid = gid; 
+	pdb_set_init_flag(sampass, FLAG_SAM_GID); 
+
+	return True;
+
+}
+
+BOOL pdb_set_user_rid (SAM_ACCOUNT *sampass, uint32 rid)
+{
+	if (!sampass)
+		return False;
+
+	DEBUG(10, ("pdb_set_rid: setting user rid %d, was %d\n", 
+		   rid, sampass->private.user_rid));
+ 
+	sampass->private.user_rid = rid;
+	return True;
+}
+
+BOOL pdb_set_group_rid (SAM_ACCOUNT *sampass, uint32 grid)
+{
+	if (!sampass)
+		return False;
+
+	DEBUG(10, ("pdb_set_group_rid: setting group rid %d, was %d\n", 
+		   grid, sampass->private.group_rid));
+ 
+	sampass->private.group_rid = grid;
+	return True;
+}
+
+/*********************************************************************
+ Set the user's UNIX name.
+ ********************************************************************/
+
+BOOL pdb_set_username(SAM_ACCOUNT *sampass, const char *username)
+{	
+	if (!sampass)
+		return False;
+ 
+	if (username) { 
+		DEBUG(10, ("pdb_set_username: setting username %s, was %s\n", username,
+			(sampass->private.username)?(sampass->private.username):"NULL"));
+
+		sampass->private.username = talloc_strdup(sampass->mem_ctx, username);
+
+		if (!sampass->private.username) {
+			DEBUG(0, ("pdb_set_username: talloc_strdup() failed!\n"));
+			return False;
+		}
+
+	} else {
+		sampass->private.username = PDB_NOT_QUITE_NULL;
+	}
+
+	return True;
+}
+
+/*********************************************************************
+ Set the domain name.
+ ********************************************************************/
+
+BOOL pdb_set_domain(SAM_ACCOUNT *sampass, const char *domain)
+{	
+	if (!sampass)
+		return False;
+
+	if (domain) { 
+		DEBUG(10, ("pdb_set_domain: setting domain %s, was %s\n", domain,
+			(sampass->private.domain)?(sampass->private.domain):"NULL"));
+
+		sampass->private.domain = talloc_strdup(sampass->mem_ctx, domain);
+
+		if (!sampass->private.domain) {
+			DEBUG(0, ("pdb_set_domain: talloc_strdup() failed!\n"));
+			return False;
+		}
+
+	} else {
+		sampass->private.domain = PDB_NOT_QUITE_NULL;
+	}
+
+	return True;
+}
+
+/*********************************************************************
+ Set the user's NT name.
+ ********************************************************************/
+
+BOOL pdb_set_nt_username(SAM_ACCOUNT *sampass, const char *nt_username)
+{
+	if (!sampass)
+		return False;
+
+	if (nt_username) { 
+		DEBUG(10, ("pdb_set_nt_username: setting nt username %s, was %s\n", nt_username,
+			(sampass->private.nt_username)?(sampass->private.nt_username):"NULL"));
+ 
+		sampass->private.nt_username = talloc_strdup(sampass->mem_ctx, nt_username);
+		
+		if (!sampass->private.nt_username) {
+			DEBUG(0, ("pdb_set_nt_username: talloc_strdup() failed!\n"));
+			return False;
+		}
+
+	} else {
+		sampass->private.nt_username = PDB_NOT_QUITE_NULL;
+	}
+
+	return True;
+}
+
+/*********************************************************************
+ Set the user's full name.
+ ********************************************************************/
+
+BOOL pdb_set_fullname(SAM_ACCOUNT *sampass, const char *full_name)
+{
+	if (!sampass)
+		return False;
+
+	if (full_name) { 
+		DEBUG(10, ("pdb_set_full_name: setting full name %s, was %s\n", full_name,
+			(sampass->private.full_name)?(sampass->private.full_name):"NULL"));
+	
+		sampass->private.full_name = talloc_strdup(sampass->mem_ctx, full_name);
+
+		if (!sampass->private.full_name) {
+			DEBUG(0, ("pdb_set_fullname: talloc_strdup() failed!\n"));
+			return False;
+		}
+
+	} else {
+		sampass->private.full_name = PDB_NOT_QUITE_NULL;
+	}
+
+	return True;
+}
+
+/*********************************************************************
+ Set the user's logon script.
+ ********************************************************************/
+
+BOOL pdb_set_logon_script(SAM_ACCOUNT *sampass, const char *logon_script, BOOL store)
+{
+	if (!sampass)
+		return False;
+
+	if (logon_script) { 
+		DEBUG(10, ("pdb_set_logon_script: setting logon script %s, was %s\n", logon_script,
+			(sampass->private.logon_script)?(sampass->private.logon_script):"NULL"));
+ 
+		sampass->private.logon_script = talloc_strdup(sampass->mem_ctx, logon_script);
+
+		if (!sampass->private.logon_script) {
+			DEBUG(0, ("pdb_set_logon_script: talloc_strdup() failed!\n"));
+			return False;
+		}
+
+	} else {
+		sampass->private.logon_script = PDB_NOT_QUITE_NULL;
+	}
+	
+	if (store) {
+		DEBUG(10, ("pdb_set_logon_script: setting logon script sam flag!"));
+		pdb_set_init_flag(sampass, FLAG_SAM_LOGONSCRIPT);
+	}
+
+	return True;
+}
+
+/*********************************************************************
+ Set the user's profile path.
+ ********************************************************************/
+
+BOOL pdb_set_profile_path (SAM_ACCOUNT *sampass, const char *profile_path, BOOL store)
+{
+	if (!sampass)
+		return False;
+
+	if (profile_path) { 
+		DEBUG(10, ("pdb_set_profile_path: setting profile path %s, was %s\n", profile_path,
+			(sampass->private.profile_path)?(sampass->private.profile_path):"NULL"));
+ 
+		sampass->private.profile_path = talloc_strdup(sampass->mem_ctx, profile_path);
+		
+		if (!sampass->private.profile_path) {
+			DEBUG(0, ("pdb_set_profile_path: talloc_strdup() failed!\n"));
+			return False;
+		}
+
+	} else {
+		sampass->private.profile_path = PDB_NOT_QUITE_NULL;
+	}
+
+	if (store) {
+		DEBUG(10, ("pdb_set_profile_path: setting profile path sam flag!"));
+		pdb_set_init_flag(sampass, FLAG_SAM_PROFILE);
+	}
+
+	return True;
+}
+
+/*********************************************************************
+ Set the user's directory drive.
+ ********************************************************************/
+
+BOOL pdb_set_dir_drive (SAM_ACCOUNT *sampass, const char *dir_drive, BOOL store)
+{
+	if (!sampass)
+		return False;
+
+	if (dir_drive) { 
+		DEBUG(10, ("pdb_set_dir_drive: setting dir drive %s, was %s\n", dir_drive,
+			(sampass->private.dir_drive)?(sampass->private.dir_drive):"NULL"));
+ 
+		sampass->private.dir_drive = talloc_strdup(sampass->mem_ctx, dir_drive);
+		
+		if (!sampass->private.dir_drive) {
+			DEBUG(0, ("pdb_set_dir_drive: talloc_strdup() failed!\n"));
+			return False;
+		}
+
+	} else {
+		sampass->private.dir_drive = PDB_NOT_QUITE_NULL;
+	}
+	
+	if (store) {
+		DEBUG(10, ("pdb_set_dir_drive: setting dir drive sam flag!"));
+		pdb_set_init_flag(sampass, FLAG_SAM_DRIVE);
+	}
+
+	return True;
+}
+
+/*********************************************************************
+ Set the user's home directory.
+ ********************************************************************/
+
+BOOL pdb_set_homedir (SAM_ACCOUNT *sampass, const char *home_dir, BOOL store)
+{
+	if (!sampass)
+		return False;
+
+	if (home_dir) { 
+		DEBUG(10, ("pdb_set_homedir: setting home dir %s, was %s\n", home_dir,
+			(sampass->private.home_dir)?(sampass->private.home_dir):"NULL"));
+ 
+		sampass->private.home_dir = talloc_strdup(sampass->mem_ctx, home_dir);
+		
+		if (!sampass->private.home_dir) {
+			DEBUG(0, ("pdb_set_home_dir: talloc_strdup() failed!\n"));
+			return False;
+		}
+
+	} else {
+		sampass->private.home_dir = PDB_NOT_QUITE_NULL;
+	}
+
+	if (store) {
+		DEBUG(10, ("pdb_set_homedir: setting home dir sam flag!"));
+		pdb_set_init_flag(sampass, FLAG_SAM_SMBHOME);
+	}
+
+	return True;
+}
+
+/*********************************************************************
+ Set the user's account description.
+ ********************************************************************/
+
+BOOL pdb_set_acct_desc (SAM_ACCOUNT *sampass, const char *acct_desc)
+{
+	if (!sampass)
+		return False;
+
+	if (acct_desc) { 
+		sampass->private.acct_desc = talloc_strdup(sampass->mem_ctx, acct_desc);
+
+		if (!sampass->private.acct_desc) {
+			DEBUG(0, ("pdb_set_acct_desc: talloc_strdup() failed!\n"));
+			return False;
+		}
+
+	} else {
+		sampass->private.acct_desc = PDB_NOT_QUITE_NULL;
+	}
+
+	return True;
+}
+
+/*********************************************************************
+ Set the user's workstation allowed list.
+ ********************************************************************/
+
+BOOL pdb_set_workstations (SAM_ACCOUNT *sampass, const char *workstations)
+{
+	if (!sampass)
+		return False;
+
+	if (workstations) { 
+		DEBUG(10, ("pdb_set_workstations: setting workstations %s, was %s\n", workstations,
+			(sampass->private.workstations)?(sampass->private.workstations):"NULL"));
+ 
+		sampass->private.workstations = talloc_strdup(sampass->mem_ctx, workstations);
+
+		if (!sampass->private.workstations) {
+			DEBUG(0, ("pdb_set_workstations: talloc_strdup() failed!\n"));
+			return False;
+		}
+
+	} else {
+		sampass->private.workstations = PDB_NOT_QUITE_NULL;
+	}
+
+	return True;
+}
+
+/*********************************************************************
+ Set the user's 'unknown_str', whatever the heck this actually is...
+ ********************************************************************/
+
+BOOL pdb_set_unknown_str (SAM_ACCOUNT *sampass, const char *unknown_str)
+{
+	if (!sampass)
+		return False;
+
+	if (unknown_str) { 
+		sampass->private.unknown_str = talloc_strdup(sampass->mem_ctx, unknown_str);
+		
+		if (!sampass->private.unknown_str) {
+			DEBUG(0, ("pdb_set_unknown_str: talloc_strdup() failed!\n"));
+			return False;
+		}
+
+	} else {
+		sampass->private.unknown_str = PDB_NOT_QUITE_NULL;
+	}
+
+	return True;
+}
+
+/*********************************************************************
+ Set the user's dial string.
+ ********************************************************************/
+
+BOOL pdb_set_munged_dial (SAM_ACCOUNT *sampass, const char *munged_dial)
+{
+	if (!sampass)
+		return False;
+
+	if (munged_dial) { 
+		sampass->private.munged_dial = talloc_strdup(sampass->mem_ctx, munged_dial);
+		
+		if (!sampass->private.munged_dial) {
+			DEBUG(0, ("pdb_set_munged_dial: talloc_strdup() failed!\n"));
+			return False;
+		}
+
+	} else {
+		sampass->private.munged_dial = PDB_NOT_QUITE_NULL;
+	}
+
+	return True;
+}
+
+/*********************************************************************
+ Set the user's NT hash.
+ ********************************************************************/
+
+BOOL pdb_set_nt_passwd (SAM_ACCOUNT *sampass, const uint8 *pwd)
+{
+	if (!sampass)
+		return False;
+
+	data_blob_clear_free(&sampass->private.nt_pw);
+	
+	sampass->private.nt_pw = data_blob(pwd, NT_HASH_LEN);
+
+	return True;
+}
+
+/*********************************************************************
+ Set the user's LM hash.
+ ********************************************************************/
+
+BOOL pdb_set_lanman_passwd (SAM_ACCOUNT *sampass, const uint8 *pwd)
+{
+	if (!sampass)
+		return False;
+
+	data_blob_clear_free(&sampass->private.lm_pw);
+	
+	sampass->private.lm_pw = data_blob(pwd, LM_HASH_LEN);
+
+	return True;
+}
+
+BOOL pdb_set_unknown_3 (SAM_ACCOUNT *sampass, uint32 unkn)
+{
+	if (!sampass)
+		return False;
+
+	sampass->private.unknown_3 = unkn;
+	return True;
+}
+
+BOOL pdb_set_unknown_5 (SAM_ACCOUNT *sampass, uint32 unkn)
+{
+	if (!sampass)
+		return False;
+
+	sampass->private.unknown_5 = unkn;
+	return True;
+}
+
+BOOL pdb_set_unknown_6 (SAM_ACCOUNT *sampass, uint32 unkn)
+{
+	if (!sampass)
+		return False;
+
+	sampass->private.unknown_6 = unkn;
+	return True;
+}
+
+BOOL pdb_set_hours (SAM_ACCOUNT *sampass, const uint8 *hours)
+{
+	if (!sampass)
+		return False;
+
+	if (!hours) {
+		memset ((char *)sampass->private.hours, 0, MAX_HOURS_LEN);
+		return True;
+	}
+	
+	memcpy (sampass->private.hours, hours, MAX_HOURS_LEN);
+
+	return True;
+}
+
+
+/* Helpful interfaces to the above */
+
+/*********************************************************************
+ Sets the last changed times and must change times for a normal
+ password change.
+ ********************************************************************/
+
+BOOL pdb_set_pass_changed_now (SAM_ACCOUNT *sampass)
+{
+	uint32 expire;
+
+	if (!sampass)
+		return False;
+	
+	if (!pdb_set_pass_last_set_time (sampass, time(NULL)))
+		return False;
+
+	account_policy_get(AP_MAX_PASSWORD_AGE, &expire);
+
+	if (expire==(uint32)-1) {
+		if (!pdb_set_pass_must_change_time (sampass, get_time_t_max(), False))
+			return False;
+	} else {
+		if (!pdb_set_pass_must_change_time (sampass, 
+					    pdb_get_pass_last_set_time(sampass)
+					    + expire, True))
+			return False;
+	}
+	
+	return True;
+}
+
+/*********************************************************************
+ Set the user's PLAINTEXT password.  Used as an interface to the above.
+ Also sets the last change time to NOW.
+ ********************************************************************/
+
+BOOL pdb_set_plaintext_passwd (SAM_ACCOUNT *sampass, const char *plaintext)
+{
+	uchar new_lanman_p16[16];
+	uchar new_nt_p16[16];
+
+	if (!sampass || !plaintext)
+		return False;
+	
+	nt_lm_owf_gen (plaintext, new_nt_p16, new_lanman_p16);
+
+	if (!pdb_set_nt_passwd (sampass, new_nt_p16)) 
+		return False;
+
+	if (!pdb_set_lanman_passwd (sampass, new_lanman_p16)) 
+		return False;
+	
+	if (!pdb_set_pass_changed_now (sampass))
+		return False;
+
+	return True;
+}
+
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
new file mode 100644
index 0000000000..435b627da6
--- /dev/null
+++ b/source3/passdb/pdb_interface.c
@@ -0,0 +1,391 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Password and authentication handling
+   Copyright (C) Andrew Bartlett		    2002
+      
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/** List of various built-in passdb modules */
+
+const struct pdb_init_function_entry builtin_pdb_init_functions[] = {
+	{ "smbpasswd", pdb_init_smbpasswd },
+	{ "smbpasswd_nua", pdb_init_smbpasswd_nua },
+	{ "tdbsam", pdb_init_tdbsam },
+	{ "tdbsam_nua", pdb_init_tdbsam_nua },
+	{ "ldapsam", pdb_init_ldapsam },
+	{ "ldapsam_nua", pdb_init_ldapsam_nua },
+#if 0
+	{ "nisplus", pdb_init_nisplus },	
+	{ "unix", pdb_init_unix },
+#endif
+	{ "plugin", pdb_init_plugin },
+	{ NULL, NULL}
+};
+
+static BOOL context_setsampwent(struct pdb_context *context, BOOL update)
+{
+	if ((!context) || (!context->pdb_selected)) {
+		DEBUG(0, ("invalid pdb_context specified!\n"));
+		return False;
+	}
+	
+	return context->pdb_selected->setsampwent(context, update);
+}
+
+static void context_endsampwent(struct pdb_context *context)
+{
+	if ((!context) || (!context->pdb_selected)) {
+		DEBUG(0, ("invalid pdb_context specified!\n"));
+		return;
+	}
+	
+	context->pdb_selected->endsampwent(context);
+}
+
+static BOOL context_getsampwent(struct pdb_context *context, SAM_ACCOUNT *user)
+{
+	if ((!context) || (!context->pdb_selected)) {
+		DEBUG(0, ("invalid pdb_context specified!\n"));
+		return False;
+	}
+	
+	return context->pdb_selected->getsampwent(context, user);
+}
+
+static BOOL context_getsampwnam(struct pdb_context *context, SAM_ACCOUNT *sam_acct, const char *username)
+{
+	if ((!context) || (!context->pdb_selected)) {
+		DEBUG(0, ("invalid pdb_context specified!\n"));
+		return False;
+	}
+	
+	return context->pdb_selected->getsampwnam(context, sam_acct, username);
+}
+
+static BOOL context_getsampwrid(struct pdb_context *context, SAM_ACCOUNT *sam_acct, uint32 rid)
+{
+	if ((!context) || (!context->pdb_selected)) {
+		DEBUG(0, ("invalid pdb_context specified!\n"));
+		return False;
+	}
+	
+	return context->pdb_selected->getsampwrid(context, sam_acct, rid);
+}
+
+static BOOL context_add_sam_account(struct pdb_context *context, SAM_ACCOUNT *sam_acct)
+{
+	if ((!context) || (!context->pdb_selected)) {
+		DEBUG(0, ("invalid pdb_context specified!\n"));
+		return False;
+	}
+	
+	/** @todo  This is where a 're-read on add' should be done */
+  
+	return context->pdb_selected->add_sam_account(context, sam_acct);
+}
+
+static BOOL context_update_sam_account(struct pdb_context *context, SAM_ACCOUNT *sam_acct)
+{
+	if ((!context) || (!context->pdb_selected)) {
+		DEBUG(0, ("invalid pdb_context specified!\n"));
+		return False;
+	}
+	
+	/** @todo  This is where a 're-read on update' should be done */
+	
+	return context->pdb_selected->update_sam_account(context, sam_acct);
+}
+
+static BOOL context_delete_sam_account(struct pdb_context *context, SAM_ACCOUNT *sam_acct)
+{
+	if ((!context) || (!context->pdb_selected)) {
+		DEBUG(0, ("invalid pdb_context specified!\n"));
+		return False;
+	}
+	
+	return context->pdb_selected->delete_sam_account(context, sam_acct);
+}
+
+static void free_pdb_context(struct pdb_context **context)
+{
+	if (((*context)->pdb_selected) && ((*context)->pdb_selected->free_private_data)) {
+		(*context)->pdb_selected->free_private_data((*context)->pdb_selected->private_data);
+	}
+
+	talloc_destroy((*context)->mem_ctx);
+	*context = NULL;
+}
+
+/******************************************************************
+ Make a pdb_context from scratch.
+*******************************************************************/
+
+static NTSTATUS make_pdb_context(struct pdb_context **context) 
+{
+	TALLOC_CTX *mem_ctx;
+	
+	mem_ctx = talloc_init_named("pdb_context internal allocation context");
+
+	if (!mem_ctx) {
+		DEBUG(0, ("make_pdb_context: talloc init failed!\n"));
+		return NT_STATUS_NO_MEMORY;
+	}		
+
+	*context = talloc(mem_ctx, sizeof(**context));
+	if (!*context) {
+		DEBUG(0, ("make_pdb_context: talloc failed!\n"));
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ZERO_STRUCTP(*context);
+
+	(*context)->mem_ctx = mem_ctx;
+
+	(*context)->pdb_setsampwent = context_setsampwent;
+	(*context)->pdb_endsampwent = context_endsampwent;
+	(*context)->pdb_getsampwent = context_getsampwent;
+	(*context)->pdb_getsampwnam = context_getsampwnam;
+	(*context)->pdb_getsampwrid = context_getsampwrid;
+	(*context)->pdb_add_sam_account = context_add_sam_account;
+	(*context)->pdb_update_sam_account = context_update_sam_account;
+	(*context)->pdb_delete_sam_account = context_delete_sam_account;
+
+	(*context)->free_fn = free_pdb_context;
+	
+	return NT_STATUS_OK;
+}
+
+
+/******************************************************************
+ Make a pdb_context, given a text string.
+*******************************************************************/
+
+NTSTATUS make_pdb_context_name(struct pdb_context **context, const char *selected) 
+{
+	/* HINT: Don't store 'selected' becouse its often an lp_ string and
+	   will 'go away' */
+	NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
+	int i;
+	char *module_name = smb_xstrdup(selected);
+	char *module_location = NULL;
+	char *p;
+
+	p = strchr(module_name, ':');
+	
+	if (p) {
+		*p = 0;
+	
+		module_location = p+1;
+		
+		trim_string(module_location, " ", " ");
+	}
+
+	trim_string(module_name, " ", " ");
+
+	if (!NT_STATUS_IS_OK(nt_status = make_pdb_context(context)))
+		goto done;
+	
+	DEBUG(5,("Attempting to find an passdb backend to match %s (%s)\n", 
+		 selected, module_name));
+
+	for (i = 0; builtin_pdb_init_functions[i].name; i++) {
+		if (strequal(builtin_pdb_init_functions[i].name, 
+			     module_name)) {
+
+			DEBUG(5,("Found pdb backend %s (at pos %d)\n", 
+				 module_name, i));
+
+			if (NT_STATUS_IS_OK(nt_status = builtin_pdb_init_functions[i].init(*context, &(*context)->pdb_selected, module_location))) {
+				DEBUG(5,("pdb backend %s has a valid init\n", selected));
+			} else {
+				DEBUG(0,("pdb backend %s did not correctly init (error was %s)\n", selected, nt_errstr(nt_status)));
+				(*context)->pdb_selected = NULL;
+			}
+			break;
+		}
+	}
+    
+	if (!(*context)->pdb_selected) {
+		DEBUG(0,("failed to select passdb backed!\n"));
+		talloc_destroy((*context)->mem_ctx);
+		*context = NULL;
+		goto done;
+	}
+
+	nt_status = NT_STATUS_OK;
+
+ done:
+	SAFE_FREE(module_name);
+
+	return nt_status;
+}
+
+
+/******************************************************************
+ Return an already initialised pdb_context, to facilitate backward 
+ compatibility (see functions below).
+*******************************************************************/
+
+static struct pdb_context *pdb_get_static_context(BOOL reload) 
+{
+	static struct pdb_context *pdb_context = NULL;
+	
+	if ((pdb_context) && (reload)) {
+		pdb_context->free_fn(&pdb_context);
+		if (!NT_STATUS_IS_OK(make_pdb_context_name(&pdb_context, lp_passdb_backend()))) {
+			return NULL;
+		}
+	}
+	
+	if (!pdb_context) {
+		if (!NT_STATUS_IS_OK(make_pdb_context_name(&pdb_context, lp_passdb_backend()))) {
+			return NULL;
+		}
+	}
+	
+	return pdb_context;
+}
+
+#if !defined(WITH_NISPLUS_SAM)
+
+/******************************************************************
+ Backward compatibility functions for the original passdb interface
+*******************************************************************/
+
+BOOL pdb_setsampwent(BOOL update) 
+{
+	struct pdb_context *pdb_context = pdb_get_static_context(False);
+
+	if (!pdb_context) {
+		return False;
+	}
+
+	return pdb_context->pdb_setsampwent(pdb_context, update);
+}
+
+void pdb_endsampwent(void) 
+{
+	struct pdb_context *pdb_context = pdb_get_static_context(False);
+
+	if (!pdb_context) {
+		return;
+	}
+
+	pdb_context->pdb_endsampwent(pdb_context);
+}
+
+BOOL pdb_getsampwent(SAM_ACCOUNT *user) 
+{
+	struct pdb_context *pdb_context = pdb_get_static_context(False);
+
+	if (!pdb_context) {
+		return False;
+	}
+
+	return pdb_context->pdb_getsampwent(pdb_context, user);
+}
+
+BOOL pdb_getsampwnam(SAM_ACCOUNT *sam_acct, const char *username) 
+{
+	struct pdb_context *pdb_context = pdb_get_static_context(False);
+
+	if (!pdb_context) {
+		return False;
+	}
+
+	return pdb_context->pdb_getsampwnam(pdb_context, sam_acct, username);
+}
+
+BOOL pdb_getsampwrid(SAM_ACCOUNT *sam_acct, uint32 rid) 
+{
+	struct pdb_context *pdb_context = pdb_get_static_context(False);
+
+	if (!pdb_context) {
+		return False;
+	}
+
+	return pdb_context->pdb_getsampwrid(pdb_context, sam_acct, rid);
+}
+
+BOOL pdb_add_sam_account(SAM_ACCOUNT *sam_acct) 
+{
+	struct pdb_context *pdb_context = pdb_get_static_context(False);
+
+	if (!pdb_context) {
+		return False;
+	}
+
+	return pdb_context->pdb_add_sam_account(pdb_context, sam_acct);
+}
+
+BOOL pdb_update_sam_account(SAM_ACCOUNT *sam_acct) 
+{
+	struct pdb_context *pdb_context = pdb_get_static_context(False);
+
+	if (!pdb_context) {
+		return False;
+	}
+
+	return pdb_context->pdb_update_sam_account(pdb_context, sam_acct);
+}
+
+BOOL pdb_delete_sam_account(SAM_ACCOUNT *sam_acct) 
+{
+	struct pdb_context *pdb_context = pdb_get_static_context(False);
+	
+	if (!pdb_context) {
+		return False;
+	}
+	
+	return pdb_context->pdb_delete_sam_account(pdb_context, sam_acct);
+}
+
+#endif /* !defined(WITH_NISPLUS_SAM) */
+
+/***************************************************************
+ Initialize the static context (at smbd startup etc). 
+
+ If uninitialised, context will auto-init on first use.
+***************************************************************/
+
+BOOL initialize_password_db(BOOL reload)
+{	
+	return (pdb_get_static_context(reload) != NULL);
+}
+
+
+NTSTATUS make_pdb_methods(TALLOC_CTX *mem_ctx, PDB_METHODS **methods) 
+{
+	*methods = talloc(mem_ctx, sizeof(struct pdb_methods));
+
+	if (!*methods) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ZERO_STRUCTP(*methods);
+
+	return NT_STATUS_OK;
+}
+
+
+
+
+
+
+
+
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
new file mode 100644
index 0000000000..02bb43b7ff
--- /dev/null
+++ b/source3/passdb/pdb_ldap.c
@@ -0,0 +1,1537 @@
+/* 
+   Unix SMB/CIFS implementation.
+   LDAP protocol helper functions for SAMBA
+   Copyright (C) Gerald Carter 2001
+   Copyright (C) Shahms King 2001
+   Copyright (C) Jean François Micouleau 1998
+   Copyright (C) Andrew Bartlett 2002
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   
+*/
+
+#include "includes.h"
+
+#ifdef WITH_LDAP_SAM
+/* TODO:
+*  persistent connections: if using NSS LDAP, many connections are made
+*      however, using only one within Samba would be nice
+*  
+*  Clean up SSL stuff, compile on OpenLDAP 1.x, 2.x, and Netscape SDK
+*
+*  Other LDAP based login attributes: accountExpires, etc.
+*  (should be the domain of Samba proper, but the sam_password/SAM_ACCOUNT
+*  structures don't have fields for some of these attributes)
+*
+*  SSL is done, but can't get the certificate based authentication to work
+*  against on my test platform (Linux 2.4, OpenLDAP 2.x)
+*/
+
+/* NOTE: this will NOT work against an Active Directory server
+*  due to the fact that the two password fields cannot be retrieved
+*  from a server; recommend using security = domain in this situation
+*  and/or winbind
+*/
+
+#include <lber.h>
+#include <ldap.h>
+
+#ifndef SAM_ACCOUNT
+#define SAM_ACCOUNT struct sam_passwd
+#endif
+
+struct ldapsam_privates {
+
+	/* Former statics */
+	LDAP *ldap_struct;
+	LDAPMessage *result;
+	LDAPMessage *entry;
+	int index;
+	
+	/* retrive-once info */
+	const char *uri;
+	
+	BOOL permit_non_unix_accounts;
+	
+	uint32 low_nua_rid; 
+	uint32 high_nua_rid; 
+};
+
+static uint32 ldapsam_get_next_available_nua_rid(struct ldapsam_privates *ldap_state);
+
+/*******************************************************************
+ Converts NT user RID to a UNIX uid.
+ ********************************************************************/
+
+static uid_t pdb_user_rid_to_uid(uint32 user_rid)
+{
+	return (uid_t)(((user_rid & (~USER_RID_TYPE))- 1000)/RID_MULTIPLIER);
+}
+
+/*******************************************************************
+ converts UNIX uid to an NT User RID.
+ ********************************************************************/
+
+static uint32 pdb_uid_to_user_rid(uid_t uid)
+{
+	return (((((uint32)uid)*RID_MULTIPLIER) + 1000) | USER_RID_TYPE);
+}
+
+/*******************************************************************
+ find the ldap password
+******************************************************************/
+static BOOL fetch_ldapsam_pw(char *dn, char* pw, int len)
+{
+	fstring key;
+	char *p;
+	void *data = NULL;
+	size_t size;
+	
+	pstrcpy(key, dn);
+	for (p=key; *p; p++)
+		if (*p == ',') *p = '/';
+	
+	data=secrets_fetch(key, &size);
+	if (!size) {
+		DEBUG(0,("fetch_ldap_pw: no ldap secret retrieved!\n"));
+		return False;
+	}
+	
+	if (size > len-1)
+	{
+		DEBUG(0,("fetch_ldap_pw: ldap secret is too long (%d > %d)!\n", size, len-1));
+		return False;
+	}
+
+	memcpy(pw, data, size);
+	pw[size] = '\0';
+	
+	return True;
+}
+
+
+/*******************************************************************
+ open a connection to the ldap server.
+******************************************************************/
+static BOOL ldapsam_open_connection (struct ldapsam_privates *ldap_state, LDAP ** ldap_struct)
+{
+
+	if (geteuid() != 0) {
+		DEBUG(0, ("ldap_open_connection: cannot access LDAP when not root..\n"));
+		return False;
+	}
+	
+#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)
+	DEBUG(10, ("ldapsam_open_connection: %s\n", ldap_state->uri));
+	
+	if (ldap_initialize(ldap_struct, ldap_state->uri) != LDAP_SUCCESS) {
+		DEBUG(0, ("ldap_initialize: %s\n", strerror(errno)));
+		return (False);
+	}
+#else 
+
+	/* Parse the string manually */
+
+	{
+		int rc;
+		int tls = LDAP_OPT_X_TLS_HARD;
+		int port = 0;
+		int version;
+		fstring protocol;
+		fstring host;
+		const char *p = ldap_state->uri; 
+		SMB_ASSERT(sizeof(protocol)>10 && sizeof(host)>254);
+		
+		/* skip leading "URL:" (if any) */
+		if ( strncasecmp( p, "URL:", 4 ) == 0 ) {
+			p += 4;
+		}
+
+		sscanf(p, "%10[^:]://%254s[^:]:%d", protocol, host, &port);
+		
+		if (port == 0) {
+			if (strequal(protocol, "ldap")) {
+				port = LDAP_PORT;
+			} else if (strequal(protocol, "ldaps")) {
+				port = LDAPS_PORT;
+			} else {
+				DEBUG(0, ("unrecognised protocol (%s)!\n", protocol));
+			}
+		}
+
+		if ((*ldap_struct = ldap_init(host, port)) == NULL)	{
+			DEBUG(0, ("ldap_init failed !\n"));
+			return False;
+		}
+
+		/* Connect to older servers using SSL and V2 rather than Start TLS */
+		if (ldap_get_option(*ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS)
+		{
+			if (version != LDAP_VERSION2)
+			{
+				version = LDAP_VERSION2;
+				ldap_set_option (*ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version);
+			}
+		}
+
+		if (strequal(protocol, "ldaps")) { 
+			if (lp_ldap_ssl() == LDAP_SSL_START_TLS) {
+				if (ldap_get_option (*ldap_struct, LDAP_OPT_PROTOCOL_VERSION, 
+						     &version) == LDAP_OPT_SUCCESS)
+				{
+					if (version < LDAP_VERSION3)
+					{
+						version = LDAP_VERSION3;
+						ldap_set_option (*ldap_struct, LDAP_OPT_PROTOCOL_VERSION,
+								 &version);
+					}
+				}
+				if ((rc = ldap_start_tls_s (*ldap_struct, NULL, NULL)) != LDAP_SUCCESS)
+				{
+					DEBUG(0,("Failed to issue the StartTLS instruction: %s\n",
+						 ldap_err2string(rc)));
+					return False;
+				}
+				DEBUG (2, ("StartTLS issued: using a TLS connection\n"));
+			} else {
+				
+				if (ldap_set_option (*ldap_struct, LDAP_OPT_X_TLS, &tls) != LDAP_SUCCESS)
+				{
+					DEBUG(0, ("Failed to setup a TLS session\n"));
+				}
+			}
+		} else {
+			/* 
+			 * No special needs to setup options prior to the LDAP
+			 * bind (which should be called next via ldap_connect_system()
+			 */
+		}
+	}
+#endif
+
+	DEBUG(2, ("ldap_open_connection: connection opened\n"));
+	return True;
+}
+
+/*******************************************************************
+ connect to the ldap server under system privilege.
+******************************************************************/
+static BOOL ldapsam_connect_system(struct ldapsam_privates *ldap_state, LDAP * ldap_struct)
+{
+	int rc;
+	static BOOL got_pw = False;
+	static pstring ldap_secret;
+
+	/* get the password if we don't have it already */
+	if (!got_pw && !(got_pw=fetch_ldapsam_pw(lp_ldap_admin_dn(), ldap_secret, sizeof(pstring)))) 
+	{
+		DEBUG(0, ("ldap_connect_system: Failed to retrieve password for %s from secrets.tdb\n",
+			lp_ldap_admin_dn()));
+		return False;
+	}
+
+	/* removed the sasl_bind_s "EXTERNAL" stuff, as my testsuite 
+	   (OpenLDAP) doesnt' seem to support it */
+	   
+	DEBUG(10,("ldap_connect_system: Binding to ldap server as \"%s\"\n",
+		lp_ldap_admin_dn()));
+		
+	if ((rc = ldap_simple_bind_s(ldap_struct, lp_ldap_admin_dn(), 
+		ldap_secret)) != LDAP_SUCCESS)
+	{
+		DEBUG(0, ("Bind failed: %s\n", ldap_err2string(rc)));
+		return False;
+	}
+	
+	DEBUG(2, ("ldap_connect_system: succesful connection to the LDAP server\n"));
+	return True;
+}
+
+/*******************************************************************
+ run the search by name.
+******************************************************************/
+static int ldapsam_search_one_user (struct ldapsam_privates *ldap_state, LDAP * ldap_struct, const char *filter, LDAPMessage ** result)
+{
+	int scope = LDAP_SCOPE_SUBTREE;
+	int rc;
+
+	DEBUG(2, ("ldapsam_search_one_user: searching for:[%s]\n", filter));
+
+	rc = ldap_search_s(ldap_struct, lp_ldap_suffix (), scope, filter, NULL, 0, result);
+
+	if (rc != LDAP_SUCCESS)	{
+		DEBUG(0,("ldapsam_search_one_user: Problem during the LDAP search: %s\n", 
+			ldap_err2string (rc)));
+		DEBUG(3,("ldapsam_search_one_user: Query was: %s, %s\n", lp_ldap_suffix(), 
+			filter));
+	}
+	
+	return rc;
+}
+
+/*******************************************************************
+ run the search by name.
+******************************************************************/
+static int ldapsam_search_one_user_by_name (struct ldapsam_privates *ldap_state, LDAP * ldap_struct, const char *user,
+			     LDAPMessage ** result)
+{
+	pstring filter;
+	
+	/*
+	 * in the filter expression, replace %u with the real name
+	 * so in ldap filter, %u MUST exist :-)
+	 */
+	pstrcpy(filter, lp_ldap_filter());
+
+	/* 
+	 * have to use this here because $ is filtered out
+	   * in pstring_sub
+	 */
+	all_string_sub(filter, "%u", user, sizeof(pstring));
+
+	return ldapsam_search_one_user(ldap_state, ldap_struct, filter, result);
+}
+
+/*******************************************************************
+ run the search by uid.
+******************************************************************/
+static int ldapsam_search_one_user_by_uid(struct ldapsam_privates *ldap_state, 
+					  LDAP * ldap_struct, int uid,
+					  LDAPMessage ** result)
+{
+	struct passwd *user;
+	pstring filter;
+
+	/* Get the username from the system and look that up in the LDAP */
+	
+	if ((user = getpwuid_alloc(uid)) == NULL) {
+		DEBUG(3,("ldapsam_search_one_user_by_uid: Failed to locate uid [%d]\n", uid));
+		return LDAP_NO_SUCH_OBJECT;
+	}
+	
+	pstrcpy(filter, lp_ldap_filter());
+	
+	all_string_sub(filter, "%u", user->pw_name, sizeof(pstring));
+
+	passwd_free(&user);
+
+	return ldapsam_search_one_user(ldap_state, ldap_struct, filter, result);
+}
+
+/*******************************************************************
+ run the search by rid.
+******************************************************************/
+static int ldapsam_search_one_user_by_rid (struct ldapsam_privates *ldap_state, 
+					   LDAP * ldap_struct, uint32 rid,
+					   LDAPMessage ** result)
+{
+	pstring filter;
+	int rc;
+
+	/* check if the user rid exsists, if not, try searching on the uid */
+	
+	snprintf(filter, sizeof(filter) - 1, "rid=%i", rid);
+	rc = ldapsam_search_one_user(ldap_state, ldap_struct, filter, result);
+	
+	if (rc != LDAP_SUCCESS)
+		rc = ldapsam_search_one_user_by_uid(ldap_state, ldap_struct, 
+						    pdb_user_rid_to_uid(rid), 
+						    result);
+
+	return rc;
+}
+
+/*******************************************************************
+search an attribute and return the first value found.
+******************************************************************/
+static BOOL get_single_attribute (LDAP * ldap_struct, LDAPMessage * entry,
+				  char *attribute, char *value)
+{
+	char **values;
+
+	if ((values = ldap_get_values (ldap_struct, entry, attribute)) == NULL) {
+		value = NULL;
+		DEBUG (10, ("get_single_attribute: [%s] = [<does not exist>]\n", attribute));
+		
+		return False;
+	}
+	
+	pstrcpy(value, values[0]);
+	ldap_value_free(values);
+#ifdef DEBUG_PASSWORDS
+	DEBUG (100, ("get_single_attribute: [%s] = [%s]\n", attribute, value));
+#endif	
+	return True;
+}
+
+/************************************************************************
+Routine to manage the LDAPMod structure array
+manage memory used by the array, by each struct, and values
+
+************************************************************************/
+static void make_a_mod (LDAPMod *** modlist, int modop, const char *attribute, const char *value)
+{
+	LDAPMod **mods;
+	int i;
+	int j;
+
+	mods = *modlist;
+
+	if (attribute == NULL || *attribute == '\0')
+		return;
+
+	if (value == NULL || *value == '\0')
+		return;
+
+	if (mods == NULL) 
+	{
+		mods = (LDAPMod **) malloc(sizeof(LDAPMod *));
+		if (mods == NULL)
+		{
+			DEBUG(0, ("make_a_mod: out of memory!\n"));
+			return;
+		}
+		mods[0] = NULL;
+	}
+
+	for (i = 0; mods[i] != NULL; ++i) {
+		if (mods[i]->mod_op == modop && !strcasecmp(mods[i]->mod_type, attribute))
+			break;
+	}
+
+	if (mods[i] == NULL)
+	{
+		mods = (LDAPMod **) Realloc (mods, (i + 2) * sizeof (LDAPMod *));
+		if (mods == NULL)
+		{
+			DEBUG(0, ("make_a_mod: out of memory!\n"));
+			return;
+		}
+		mods[i] = (LDAPMod *) malloc(sizeof(LDAPMod));
+		if (mods[i] == NULL)
+		{
+			DEBUG(0, ("make_a_mod: out of memory!\n"));
+			return;
+		}
+		mods[i]->mod_op = modop;
+		mods[i]->mod_values = NULL;
+		mods[i]->mod_type = strdup(attribute);
+		mods[i + 1] = NULL;
+	}
+
+	if (value != NULL)
+	{
+		j = 0;
+		if (mods[i]->mod_values != NULL) {
+			for (; mods[i]->mod_values[j] != NULL; j++);
+		}
+		mods[i]->mod_values = (char **)Realloc(mods[i]->mod_values,
+					       (j + 2) * sizeof (char *));
+					       
+		if (mods[i]->mod_values == NULL) {
+			DEBUG (0, ("make_a_mod: Memory allocation failure!\n"));
+			return;
+		}
+		mods[i]->mod_values[j] = strdup(value);
+		mods[i]->mod_values[j + 1] = NULL;
+	}
+	*modlist = mods;
+}
+
+/* New Interface is being implemented here */
+
+/**********************************************************************
+Initialize SAM_ACCOUNT from an LDAP query
+(Based on init_sam_from_buffer in pdb_tdb.c)
+*********************************************************************/
+static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, 
+				SAM_ACCOUNT * sampass,
+				LDAP * ldap_struct, LDAPMessage * entry)
+{
+	time_t  logon_time,
+			logoff_time,
+			kickoff_time,
+			pass_last_set_time, 
+			pass_can_change_time, 
+			pass_must_change_time;
+	pstring 	username, 
+			domain,
+			nt_username,
+			fullname,
+			homedir,
+			dir_drive,
+			logon_script,
+			profile_path,
+			acct_desc,
+			munged_dial,
+			workstations;
+	struct passwd	*pw;
+	uint32 		user_rid, 
+			group_rid;
+	uint8 		smblmpwd[16],
+			smbntpwd[16];
+	uint16 		acct_ctrl, 
+			logon_divs;
+	uint32 hours_len;
+	uint8 		hours[MAX_HOURS_LEN];
+	pstring temp;
+	uid_t		uid = -1;
+	gid_t 		gid = getegid();
+
+
+	/*
+	 * do a little initialization
+	 */
+	username[0] 	= '\0';
+	domain[0] 	= '\0';
+	nt_username[0] 	= '\0';
+	fullname[0] 	= '\0';
+	homedir[0] 	= '\0';
+	dir_drive[0] 	= '\0';
+	logon_script[0] = '\0';
+	profile_path[0] = '\0';
+	acct_desc[0] 	= '\0';
+	munged_dial[0] 	= '\0';
+	workstations[0] = '\0';
+	 
+
+	if (sampass == NULL || ldap_struct == NULL || entry == NULL) {
+		DEBUG(0, ("init_sam_from_ldap: NULL parameters found!\n"));
+		return False;
+	}
+
+	get_single_attribute(ldap_struct, entry, "uid", username);
+	DEBUG(2, ("Entry found for user: %s\n", username));
+
+	pstrcpy(nt_username, username);
+
+	pstrcpy(domain, lp_workgroup());
+
+	get_single_attribute(ldap_struct, entry, "rid", temp);
+	user_rid = (uint32)atol(temp);
+	if (!get_single_attribute(ldap_struct, entry, "primaryGroupID", temp)) {
+		group_rid = 0;
+	} else {
+		group_rid = (uint32)atol(temp);
+	}
+
+	if ((ldap_state->permit_non_unix_accounts) 
+	    && (user_rid >= ldap_state->low_nua_rid)
+	    && (user_rid <= ldap_state->high_nua_rid)) {
+		
+	} else {
+		
+		/* These values MAY be in LDAP, but they can also be retrieved through 
+		 *  sys_getpw*() which is how we're doing it 
+		 */
+	
+		pw = getpwnam_alloc(username);
+		if (pw == NULL) {
+			DEBUG (2,("init_sam_from_ldap: User [%s] does not ave a uid!\n", username));
+			return False;
+		}
+		uid = pw->pw_uid;
+		gid = pw->pw_gid;
+
+		passwd_free(&pw);
+
+		pdb_set_uid(sampass, uid);
+		pdb_set_gid(sampass, gid);
+
+		if (group_rid == 0) {
+			GROUP_MAP map;
+			/* call the mapping code here */
+			if(get_group_map_from_gid(gid, &map, MAPPING_WITHOUT_PRIV)) {
+				sid_peek_rid(&map.sid, &group_rid);
+			} 
+			else {
+				group_rid=pdb_gid_to_group_rid(gid);
+			}
+		}
+	}
+
+	if (!get_single_attribute(ldap_struct, entry, "pwdLastSet", temp)) {
+		/* leave as default */
+	} else {
+		pass_last_set_time = (time_t) atol(temp);
+		pdb_set_pass_last_set_time(sampass, pass_last_set_time);
+	}
+
+	if (!get_single_attribute(ldap_struct, entry, "logonTime", temp)) {
+		/* leave as default */
+	} else {
+		logon_time = (time_t) atol(temp);
+		pdb_set_logon_time(sampass, logon_time, True);
+	}
+
+	if (!get_single_attribute(ldap_struct, entry, "logoffTime", temp)) {
+		/* leave as default */
+	} else {
+		logoff_time = (time_t) atol(temp);
+		pdb_set_logoff_time(sampass, logoff_time, True);
+	}
+
+	if (!get_single_attribute(ldap_struct, entry, "kickoffTime", temp)) {
+		/* leave as default */
+	} else {
+		kickoff_time = (time_t) atol(temp);
+		pdb_set_kickoff_time(sampass, kickoff_time, True);
+	}
+
+	if (!get_single_attribute(ldap_struct, entry, "pwdCanChange", temp)) {
+		/* leave as default */
+	} else {
+		pass_can_change_time = (time_t) atol(temp);
+		pdb_set_pass_can_change_time(sampass, pass_can_change_time, True);
+	}
+
+	if (!get_single_attribute(ldap_struct, entry, "pwdMustChange", temp)) {
+		/* leave as default */
+	} else {
+		pass_must_change_time = (time_t) atol(temp);
+		pdb_set_pass_must_change_time(sampass, pass_must_change_time, True);
+	}
+
+	/* recommend that 'gecos' and 'displayName' should refer to the same
+	 * attribute OID.  userFullName depreciated, only used by Samba
+	 * primary rules of LDAP: don't make a new attribute when one is already defined
+	 * that fits your needs; using cn then displayName rather than 'userFullName'
+	 */
+
+	if (!get_single_attribute(ldap_struct, entry, "cn", fullname)) {
+		if (!get_single_attribute(ldap_struct, entry, "displayName", fullname)) {
+			/* leave as default */
+		} else {
+			pdb_set_fullname(sampass, fullname);
+		}
+	} else {
+		pdb_set_fullname(sampass, fullname);
+	}
+
+	if (!get_single_attribute(ldap_struct, entry, "homeDrive", dir_drive)) {
+		pstrcpy(dir_drive, lp_logon_drive());
+		standard_sub_advanced(-1, username, "", gid, username, dir_drive);
+		DEBUG(5,("homeDrive fell back to %s\n",dir_drive));
+		pdb_set_dir_drive(sampass, dir_drive, False);
+	} else {
+		pdb_set_dir_drive(sampass, dir_drive, True);
+	}
+
+	if (!get_single_attribute(ldap_struct, entry, "smbHome", homedir)) {
+		pstrcpy(homedir, lp_logon_home());
+		standard_sub_advanced(-1, username, "", gid, username, homedir);
+		DEBUG(5,("smbHome fell back to %s\n",homedir));
+		pdb_set_homedir(sampass, homedir, False);
+	} else {
+		pdb_set_homedir(sampass, homedir, True);
+	}
+
+	if (!get_single_attribute(ldap_struct, entry, "scriptPath", logon_script)) {
+		pstrcpy(logon_script, lp_logon_script());
+		standard_sub_advanced(-1, username, "", gid, username, logon_script);
+		DEBUG(5,("scriptPath fell back to %s\n",logon_script));
+		pdb_set_logon_script(sampass, logon_script, False);
+	} else {
+		pdb_set_logon_script(sampass, logon_script, True);
+	}
+
+	if (!get_single_attribute(ldap_struct, entry, "profilePath", profile_path)) {
+		pstrcpy(profile_path, lp_logon_path());
+		standard_sub_advanced(-1, username, "", gid, username, profile_path);
+		DEBUG(5,("profilePath fell back to %s\n",profile_path));
+		pdb_set_profile_path(sampass, profile_path, False);
+	} else {
+		pdb_set_profile_path(sampass, profile_path, True);
+	}
+
+	if (!get_single_attribute(ldap_struct, entry, "description", acct_desc)) {
+		/* leave as default */
+	} else {
+		pdb_set_acct_desc(sampass, acct_desc);
+	}
+
+	if (!get_single_attribute(ldap_struct, entry, "userWorkstations", workstations)) {
+		/* leave as default */;
+	} else {
+		pdb_set_workstations(sampass, workstations);
+	}
+
+	/* FIXME: hours stuff should be cleaner */
+	
+	logon_divs = 168;
+	hours_len = 21;
+	memset(hours, 0xff, hours_len);
+
+	if (!get_single_attribute (ldap_struct, entry, "lmPassword", temp)) {
+		/* leave as default */
+	} else {
+		pdb_gethexpwd(temp, smblmpwd);
+		memset((char *)temp, '\0', sizeof(temp));
+		if (!pdb_set_lanman_passwd(sampass, smblmpwd))
+			return False;
+	}
+
+	if (!get_single_attribute (ldap_struct, entry, "ntPassword", temp)) {
+		/* leave as default */
+	} else {
+		pdb_gethexpwd(temp, smbntpwd);
+		memset((char *)temp, '\0', sizeof(temp));
+		if (!pdb_set_nt_passwd(sampass, smbntpwd))
+			return False;
+	}
+
+	if (!get_single_attribute (ldap_struct, entry, "acctFlags", temp)) {
+		acct_ctrl |= ACB_NORMAL;
+	} else {
+		acct_ctrl = pdb_decode_acct_ctrl(temp);
+
+		if (acct_ctrl == 0)
+			acct_ctrl |= ACB_NORMAL;
+
+		pdb_set_acct_ctrl(sampass, acct_ctrl);
+	}
+
+	pdb_set_hours_len(sampass, hours_len);
+	pdb_set_logon_divs(sampass, logon_divs);
+
+	pdb_set_user_rid(sampass, user_rid);
+	pdb_set_group_rid(sampass, group_rid);
+
+	pdb_set_username(sampass, username);
+
+	pdb_set_domain(sampass, domain);
+	pdb_set_nt_username(sampass, nt_username);
+
+	pdb_set_munged_dial(sampass, munged_dial);
+	
+	/* pdb_set_unknown_3(sampass, unknown3); */
+	/* pdb_set_unknown_5(sampass, unknown5); */
+	/* pdb_set_unknown_6(sampass, unknown6); */
+
+	pdb_set_hours(sampass, hours);
+
+	return True;
+}
+
+/**********************************************************************
+Initialize SAM_ACCOUNT from an LDAP query
+(Based on init_buffer_from_sam in pdb_tdb.c)
+*********************************************************************/
+static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state, 
+				LDAPMod *** mods, int ldap_op, 
+				const SAM_ACCOUNT * sampass)
+{
+	pstring temp;
+	uint32 rid;
+
+	if (mods == NULL || sampass == NULL) {
+		DEBUG(0, ("init_ldap_from_sam: NULL parameters found!\n"));
+		return False;
+	}
+
+	*mods = NULL;
+
+	/* 
+	 * took out adding "objectclass: sambaAccount"
+	 * do this on a per-mod basis
+	 */
+
+	make_a_mod(mods, ldap_op, "uid", pdb_get_username(sampass));
+	DEBUG(2, ("Setting entry for user: %s\n", pdb_get_username(sampass)));
+
+	if ( pdb_get_user_rid(sampass) ) {
+		rid = pdb_get_user_rid(sampass);
+	} else if (IS_SAM_SET(sampass, FLAG_SAM_UID)) {
+		rid = pdb_uid_to_user_rid(pdb_get_uid(sampass));
+	} else if (ldap_state->permit_non_unix_accounts) {
+		rid = ldapsam_get_next_available_nua_rid(ldap_state);
+		if (rid == 0) {
+			DEBUG(0, ("NO user RID specified on account %s, and findining next available NUA RID failed, cannot store!\n", pdb_get_username(sampass)));
+			return False;
+		}
+	} else {
+		DEBUG(0, ("NO user RID specified on account %s, cannot store!\n", pdb_get_username(sampass)));
+		return False;
+	}
+
+	slprintf(temp, sizeof(temp) - 1, "%i", rid);
+	make_a_mod(mods, ldap_op, "rid", temp);
+
+	if ( pdb_get_group_rid(sampass) ) {
+		rid = pdb_get_group_rid(sampass);
+	} else if (IS_SAM_SET(sampass, FLAG_SAM_GID)) {
+		rid = pdb_gid_to_group_rid(pdb_get_gid(sampass));
+	} else if (ldap_state->permit_non_unix_accounts) {
+		rid = DOMAIN_GROUP_RID_USERS;
+	} else {
+		DEBUG(0, ("NO group RID specified on account %s, cannot store!\n", pdb_get_username(sampass)));
+		return False;
+	}
+
+	slprintf(temp, sizeof(temp) - 1, "%i", rid);
+	make_a_mod(mods, ldap_op, "primaryGroupID", temp);
+
+	slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_pass_last_set_time(sampass));
+	make_a_mod(mods, ldap_op, "pwdLastSet", temp);
+
+	/* displayName, cn, and gecos should all be the same
+	   *  most easily accomplished by giving them the same OID
+	   *  gecos isn't set here b/c it should be handled by the 
+	   *  add-user script
+	 */
+
+	make_a_mod(mods, ldap_op, "displayName", pdb_get_fullname(sampass));
+	make_a_mod(mods, ldap_op, "cn", pdb_get_fullname(sampass));
+	make_a_mod(mods, ldap_op, "description", pdb_get_acct_desc(sampass));
+	make_a_mod(mods, ldap_op, "userWorkstations", pdb_get_workstations(sampass));
+
+	/*
+	 * Only updates fields which have been set (not defaults from smb.conf)
+	 */
+
+	if (IS_SAM_SET(sampass, FLAG_SAM_SMBHOME))
+		make_a_mod(mods, ldap_op, "smbHome", pdb_get_homedir(sampass));
+		
+	if (IS_SAM_SET(sampass, FLAG_SAM_DRIVE))
+		make_a_mod(mods, ldap_op, "homeDrive", pdb_get_dirdrive(sampass));
+	
+	if (IS_SAM_SET(sampass, FLAG_SAM_LOGONSCRIPT))
+		make_a_mod(mods, ldap_op, "scriptPath", pdb_get_logon_script(sampass));
+
+	if (IS_SAM_SET(sampass, FLAG_SAM_PROFILE))
+		make_a_mod(mods, ldap_op, "profilePath", pdb_get_profile_path(sampass));
+
+	if (IS_SAM_SET(sampass, FLAG_SAM_LOGONTIME)) {
+		slprintf(temp, sizeof(temp) - 1, "%li", pdb_get_logon_time(sampass));
+		make_a_mod(mods, ldap_op, "logonTime", temp);
+	}
+
+	if (IS_SAM_SET(sampass, FLAG_SAM_LOGOFFTIME)) {
+		slprintf(temp, sizeof(temp) - 1, "%li", pdb_get_logoff_time(sampass));
+		make_a_mod(mods, ldap_op, "logoffTime", temp);
+	}
+
+	if (IS_SAM_SET(sampass, FLAG_SAM_KICKOFFTIME)) {
+		slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_kickoff_time(sampass));
+		make_a_mod(mods, ldap_op, "kickoffTime", temp);
+	}
+
+	if (IS_SAM_SET(sampass, FLAG_SAM_CANCHANGETIME)) {
+		slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_pass_can_change_time(sampass));
+		make_a_mod(mods, ldap_op, "pwdCanChange", temp);
+	}
+
+	if (IS_SAM_SET(sampass, FLAG_SAM_MUSTCHANGETIME)) {
+		slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_pass_must_change_time(sampass));
+		make_a_mod(mods, ldap_op, "pwdMustChange", temp);
+	}
+
+	/* FIXME: Hours stuff goes in LDAP  */
+	pdb_sethexpwd (temp, pdb_get_lanman_passwd(sampass), pdb_get_acct_ctrl(sampass));
+	make_a_mod (mods, ldap_op, "lmPassword", temp);
+	
+	pdb_sethexpwd (temp, pdb_get_nt_passwd(sampass), pdb_get_acct_ctrl(sampass));
+	make_a_mod (mods, ldap_op, "ntPassword", temp);
+	
+	make_a_mod (mods, ldap_op, "acctFlags", pdb_encode_acct_ctrl (pdb_get_acct_ctrl(sampass),
+		NEW_PW_FORMAT_SPACE_PADDED_LEN));
+
+	return True;
+}
+
+
+/**********************************************************************
+Connect to LDAP server and find the next available RID.
+*********************************************************************/
+static uint32 check_nua_rid_is_avail(struct ldapsam_privates *ldap_state, uint32 top_rid, LDAP *ldap_struct) 
+{
+	LDAPMessage *result;
+	uint32 final_rid = (top_rid & (~USER_RID_TYPE)) + RID_MULTIPLIER;
+	if (top_rid == 0) {
+		return 0;
+	}
+	
+	if (final_rid < ldap_state->low_nua_rid || final_rid > ldap_state->high_nua_rid) {
+		return 0;
+	}
+
+	if (ldapsam_search_one_user_by_rid(ldap_state, ldap_struct, final_rid, &result) != LDAP_SUCCESS) {
+		DEBUG(0, ("Cannot allocate NUA RID %d (0x%x), as the confirmation search failed!\n", final_rid, final_rid));
+		final_rid = 0;
+		ldap_msgfree(result);
+	}
+
+	if (ldap_count_entries(ldap_struct, result) != 0)
+	{
+		DEBUG(0, ("Cannot allocate NUA RID %d (0x%x), as the RID is already in use!!\n", final_rid, final_rid));
+		final_rid = 0;
+		ldap_msgfree(result);
+	}
+
+	DEBUG(5, ("NUA RID %d (0x%x), declared valid\n", final_rid, final_rid));
+	return final_rid;
+}
+
+/**********************************************************************
+Extract the RID from an LDAP entry
+*********************************************************************/
+static uint32 entry_to_user_rid(struct ldapsam_privates *ldap_state, LDAPMessage *entry, LDAP *ldap_struct) {
+	uint32 rid;
+	SAM_ACCOUNT *user = NULL;
+	if (!NT_STATUS_IS_OK(pdb_init_sam(&user))) {
+		return 0;
+	}
+
+	if (init_sam_from_ldap(ldap_state, user, ldap_struct, entry)) {
+		rid = pdb_get_user_rid(user);
+	} else {
+		rid =0;
+	}
+     	pdb_free_sam(&user);
+	if (rid >= ldap_state->low_nua_rid && rid <= ldap_state->high_nua_rid) {
+		return rid;
+	}
+	return 0;
+}
+
+
+/**********************************************************************
+Connect to LDAP server and find the next available RID.
+*********************************************************************/
+static uint32 search_top_nua_rid(struct ldapsam_privates *ldap_state, LDAP *ldap_struct)
+{
+	int rc;
+	pstring filter;
+	LDAPMessage *result;
+	LDAPMessage *entry;
+	char *final_filter = NULL;
+	uint32 top_rid = 0;
+	uint32 count;
+	uint32 rid;
+
+	pstrcpy(filter, lp_ldap_filter());
+	all_string_sub(filter, "%u", "*", sizeof(pstring));
+
+#if 0
+	asprintf(&final_filter, "(&(%s)(&(rid>=%d)(rid<=%d)))", filter, ldap_state->low_nua_rid, ldap_state->high_nua_rid);
+#else 
+	final_filter = strdup(filter);
+#endif	
+	DEBUG(2, ("ldapsam_get_next_available_nua_rid: searching for:[%s]\n", final_filter));
+
+	rc = ldap_search_s(ldap_struct, lp_ldap_suffix(),
+			   LDAP_SCOPE_SUBTREE, final_filter, NULL, 0,
+			   &result);
+
+	if (rc != LDAP_SUCCESS)
+	{
+		
+		DEBUG(3, ("LDAP search failed! cannot find base for NUA RIDs: %s\n", ldap_err2string(rc)));
+		DEBUGADD(3, ("Query was: %s, %s\n", lp_ldap_suffix(), final_filter));
+
+		free(final_filter);
+		ldap_msgfree(result);
+		result = NULL;
+		return 0;
+	}
+	
+	count = ldap_count_entries(ldap_struct, result);
+	DEBUG(2, ("search_top_nua_rid: %d entries in the base!\n", count));
+	
+	if (count == 0) {
+		DEBUG(3, ("LDAP search returned no records, assuming no non-unix-accounts present!: %s\n", ldap_err2string(rc)));
+		DEBUGADD(3, ("Query was: %s, %s\n", lp_ldap_suffix(), final_filter));
+		free(final_filter);
+		ldap_msgfree(result);
+		result = NULL;
+		return ldap_state->low_nua_rid;
+	}
+	
+	free(final_filter);
+	entry = ldap_first_entry(ldap_struct,result);
+
+	top_rid = entry_to_user_rid(ldap_state, entry, ldap_struct);
+
+	while ((entry = ldap_next_entry(ldap_struct, entry))) {
+
+		rid = entry_to_user_rid(ldap_state, entry, ldap_struct);
+		if (rid > top_rid) {
+			top_rid = rid;
+		}
+	}
+
+	ldap_msgfree(result);
+	return top_rid;
+}
+
+/**********************************************************************
+Connect to LDAP server and find the next available RID.
+*********************************************************************/
+static uint32 ldapsam_get_next_available_nua_rid(struct ldapsam_privates *ldap_state) {
+	LDAP *ldap_struct;
+	uint32 next_nua_rid;
+	uint32 top_nua_rid;
+
+	if (!ldapsam_open_connection(ldap_state, &ldap_struct))
+	{
+		return 0;
+	}
+	if (!ldapsam_connect_system(ldap_state, ldap_struct))
+	{
+		ldap_unbind(ldap_struct);
+		return 0;
+	}
+	
+	top_nua_rid = search_top_nua_rid(ldap_state, ldap_struct);
+
+	next_nua_rid = check_nua_rid_is_avail(ldap_state, 
+					      top_nua_rid, ldap_struct);
+	
+	ldap_unbind(ldap_struct);
+	return next_nua_rid;
+}
+
+/**********************************************************************
+Connect to LDAP server for password enumeration
+*********************************************************************/
+static BOOL ldapsam_setsampwent(struct pdb_context *context, BOOL update)
+{
+	struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)context->pdb_selected->private_data;
+	int rc;
+	pstring filter;
+
+	if (!ldapsam_open_connection(ldap_state, &ldap_state->ldap_struct))
+	{
+		return False;
+	}
+	if (!ldapsam_connect_system(ldap_state, ldap_state->ldap_struct))
+	{
+		ldap_unbind(ldap_state->ldap_struct);
+		return False;
+	}
+
+	pstrcpy(filter, lp_ldap_filter());
+	all_string_sub(filter, "%u", "*", sizeof(pstring));
+
+	rc = ldap_search_s(ldap_state->ldap_struct, lp_ldap_suffix(),
+			   LDAP_SCOPE_SUBTREE, filter, NULL, 0,
+			   &ldap_state->result);
+
+	if (rc != LDAP_SUCCESS)
+	{
+		DEBUG(0, ("LDAP search failed: %s\n", ldap_err2string(rc)));
+		DEBUG(3, ("Query was: %s, %s\n", lp_ldap_suffix(), filter));
+		ldap_msgfree(ldap_state->result);
+		ldap_unbind(ldap_state->ldap_struct);
+		ldap_state->ldap_struct = NULL;
+		ldap_state->result = NULL;
+		return False;
+	}
+
+	DEBUG(2, ("ldapsam_setsampwent: %d entries in the base!\n",
+		ldap_count_entries(ldap_state->ldap_struct,
+		ldap_state->result)));
+
+	ldap_state->entry = ldap_first_entry(ldap_state->ldap_struct,
+				 ldap_state->result);
+	ldap_state->index = 0;
+
+	return True;
+}
+
+/**********************************************************************
+End enumeration of the LDAP password list 
+*********************************************************************/
+static void ldapsam_endsampwent(struct pdb_context *context)
+{
+	struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)context->pdb_selected->private_data;
+	if (ldap_state->ldap_struct && ldap_state->result)
+	{
+		ldap_msgfree(ldap_state->result);
+		ldap_unbind(ldap_state->ldap_struct);
+		ldap_state->ldap_struct = NULL;
+		ldap_state->result = NULL;
+	}
+}
+
+/**********************************************************************
+Get the next entry in the LDAP password database 
+*********************************************************************/
+static BOOL ldapsam_getsampwent(struct pdb_context *context, SAM_ACCOUNT * user)
+{
+	struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)context->pdb_selected->private_data;
+	BOOL ret = False;
+
+	while (!ret) {
+		if (!ldap_state->entry)
+			return False;
+		
+		ldap_state->index++;
+		ret = init_sam_from_ldap(ldap_state, user, ldap_state->ldap_struct,
+					 ldap_state->entry);
+		
+		ldap_state->entry = ldap_next_entry(ldap_state->ldap_struct,
+					    ldap_state->entry);
+		
+	}
+
+	return True;
+}
+
+/**********************************************************************
+Get SAM_ACCOUNT entry from LDAP by username 
+*********************************************************************/
+static BOOL ldapsam_getsampwnam(struct pdb_context *context, SAM_ACCOUNT * user, const char *sname)
+{
+	struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)context->pdb_selected->private_data;
+	LDAP *ldap_struct;
+	LDAPMessage *result;
+	LDAPMessage *entry;
+
+	if (!ldapsam_open_connection(ldap_state, &ldap_struct))
+		return False;
+	if (!ldapsam_connect_system(ldap_state, ldap_struct))
+	{
+		ldap_unbind(ldap_struct);
+		return False;
+	}
+	if (ldapsam_search_one_user_by_name(ldap_state, ldap_struct, sname, &result) != LDAP_SUCCESS)
+	{
+		ldap_unbind(ldap_struct);
+		return False;
+	}
+	if (ldap_count_entries(ldap_struct, result) < 1)
+	{
+		DEBUG(4,
+		      ("We don't find this user [%s] count=%d\n", sname,
+		       ldap_count_entries(ldap_struct, result)));
+		ldap_unbind(ldap_struct);
+		return False;
+	}
+	entry = ldap_first_entry(ldap_struct, result);
+	if (entry)
+	{
+		if (!init_sam_from_ldap(ldap_state, user, ldap_struct, entry)) {
+			DEBUG(0,("ldapsam_getsampwnam: init_sam_from_ldap failed!\n"));
+			ldap_msgfree(result);
+			ldap_unbind(ldap_struct);
+			return False;
+		}
+		ldap_msgfree(result);
+		ldap_unbind(ldap_struct);
+		return True;
+	}
+	else
+	{
+		ldap_msgfree(result);
+		ldap_unbind(ldap_struct);
+		return False;
+	}
+}
+
+/**********************************************************************
+Get SAM_ACCOUNT entry from LDAP by rid 
+*********************************************************************/
+static BOOL ldapsam_getsampwrid(struct pdb_context *context, SAM_ACCOUNT * user, uint32 rid)
+{
+	struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)context->pdb_selected->private_data;
+	LDAP *ldap_struct;
+	LDAPMessage *result;
+	LDAPMessage *entry;
+
+	if (!ldapsam_open_connection(ldap_state, &ldap_struct))
+		return False;
+
+	if (!ldapsam_connect_system(ldap_state, ldap_struct))
+	{
+		ldap_unbind(ldap_struct);
+		return False;
+	}
+	if (ldapsam_search_one_user_by_rid(ldap_state, ldap_struct, rid, &result) !=
+	    LDAP_SUCCESS)
+	{
+		ldap_unbind(ldap_struct);
+		return False;
+	}
+
+	if (ldap_count_entries(ldap_struct, result) < 1)
+	{
+		DEBUG(0,
+		      ("We don't find this rid [%i] count=%d\n", rid,
+		       ldap_count_entries(ldap_struct, result)));
+		ldap_unbind(ldap_struct);
+		return False;
+	}
+
+	entry = ldap_first_entry(ldap_struct, result);
+	if (entry)
+	{
+		if (!init_sam_from_ldap(ldap_state, user, ldap_struct, entry)) {
+			DEBUG(0,("ldapsam_getsampwrid: init_sam_from_ldap failed!\n"));
+			ldap_msgfree(result);
+			ldap_unbind(ldap_struct);
+			return False;
+		}
+		ldap_msgfree(result);
+		ldap_unbind(ldap_struct);
+		return True;
+	}
+	else
+	{
+		ldap_msgfree(result);
+		ldap_unbind(ldap_struct);
+		return False;
+	}
+}
+
+/**********************************************************************
+Delete entry from LDAP for username 
+*********************************************************************/
+static BOOL ldapsam_delete_sam_account(struct pdb_context *context, const SAM_ACCOUNT * sam_acct)
+{
+	struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)context->pdb_selected->private_data;
+	const char *sname;
+	int rc;
+	char *dn;
+	LDAP *ldap_struct;
+	LDAPMessage *entry;
+	LDAPMessage *result;
+
+	if (!sam_acct) {
+		DEBUG(0, ("sam_acct was NULL!\n"));
+		return False;
+	}
+
+	sname = pdb_get_username(sam_acct);
+
+	if (!ldapsam_open_connection(ldap_state, &ldap_struct))
+		return False;
+
+	DEBUG (3, ("Deleting user %s from LDAP.\n", sname));
+	
+	if (!ldapsam_connect_system(ldap_state, ldap_struct)) {
+		ldap_unbind (ldap_struct);
+		DEBUG(0, ("Failed to delete user %s from LDAP.\n", sname));
+		return False;
+	}
+
+	rc = ldapsam_search_one_user_by_name(ldap_state, ldap_struct, sname, &result);
+	if (ldap_count_entries (ldap_struct, result) == 0) {
+		DEBUG (0, ("User doesn't exit!\n"));
+		ldap_msgfree (result);
+		ldap_unbind (ldap_struct);
+		return False;
+	}
+
+	entry = ldap_first_entry (ldap_struct, result);
+	dn = ldap_get_dn (ldap_struct, entry);
+
+	rc = ldap_delete_s (ldap_struct, dn);
+
+	ldap_memfree (dn);
+	if (rc != LDAP_SUCCESS) {
+		char *ld_error;
+		ldap_get_option (ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error);
+		DEBUG (0,("failed to delete user with uid = %s with: %s\n\t%s\n",
+			sname, ldap_err2string (rc), ld_error));
+		free (ld_error);
+		ldap_unbind (ldap_struct);
+		return False;
+	}
+
+	DEBUG (2,("successfully deleted uid = %s from the LDAP database\n", sname));
+	ldap_unbind (ldap_struct);
+	return True;
+}
+
+/**********************************************************************
+Update SAM_ACCOUNT 
+*********************************************************************/
+static BOOL ldapsam_update_sam_account(struct pdb_context *context, const SAM_ACCOUNT * newpwd)
+{
+	struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)context->pdb_selected->private_data;
+	int rc;
+	char *dn;
+	LDAP *ldap_struct;
+	LDAPMessage *result;
+	LDAPMessage *entry;
+	LDAPMod **mods;
+
+	if (!ldapsam_open_connection(ldap_state, &ldap_struct)) /* open a connection to the server */
+		return False;
+
+	if (!ldapsam_connect_system(ldap_state, ldap_struct))	/* connect as system account */
+	{
+		ldap_unbind(ldap_struct);
+		return False;
+	}
+
+	rc = ldapsam_search_one_user_by_name(ldap_state, ldap_struct,
+					     pdb_get_username(newpwd), &result);
+
+	if (ldap_count_entries(ldap_struct, result) == 0)
+	{
+		DEBUG(0, ("No user to modify!\n"));
+		ldap_msgfree(result);
+		ldap_unbind(ldap_struct);
+		return False;
+	}
+
+	if (!init_ldap_from_sam(ldap_state, &mods, LDAP_MOD_REPLACE, newpwd)) {
+		DEBUG(0, ("ldapsam_update_sam_account: init_ldap_from_sam failed!\n"));
+		ldap_msgfree(result);
+		ldap_unbind(ldap_struct);
+		return False;
+	}
+
+	entry = ldap_first_entry(ldap_struct, result);
+	dn = ldap_get_dn(ldap_struct, entry);
+
+	rc = ldap_modify_s(ldap_struct, dn, mods);
+
+	if (rc != LDAP_SUCCESS)
+	{
+		char *ld_error;
+		ldap_get_option(ldap_struct, LDAP_OPT_ERROR_STRING,
+				&ld_error);
+		DEBUG(0,
+		      ("failed to modify user with uid = %s with: %s\n\t%s\n",
+		       pdb_get_username(newpwd), ldap_err2string(rc),
+		       ld_error));
+		free(ld_error);
+		ldap_unbind(ldap_struct);
+		return False;
+	}
+
+	DEBUG(2,
+	      ("successfully modified uid = %s in the LDAP database\n",
+	       pdb_get_username(newpwd)));
+	ldap_mods_free(mods, 1);
+	ldap_unbind(ldap_struct);
+	return True;
+}
+
+/**********************************************************************
+Add SAM_ACCOUNT to LDAP 
+*********************************************************************/
+static BOOL ldapsam_add_sam_account(struct pdb_context *context, const SAM_ACCOUNT * newpwd)
+{
+	struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)context->pdb_selected->private_data;
+	int rc;
+	pstring filter;
+	LDAP *ldap_struct = NULL;
+	LDAPMessage *result = NULL;
+	pstring dn;
+	LDAPMod **mods = NULL;
+	int 		ldap_op;
+	uint32		num_result;
+
+	const char *username = pdb_get_username(newpwd);
+	if (!username || !*username) {
+		DEBUG(0, ("Cannot add user without a username!\n"));
+		return False;
+	}
+
+	if (!ldapsam_open_connection(ldap_state, &ldap_struct))	/* open a connection to the server */
+	{
+		return False;
+	}
+
+	if (!ldapsam_connect_system(ldap_state, ldap_struct))	/* connect as system account */
+	{
+		ldap_unbind(ldap_struct);
+		return False;
+	}
+
+	rc = ldapsam_search_one_user_by_name (ldap_state, ldap_struct, username, &result);
+
+	if (ldap_count_entries(ldap_struct, result) != 0)
+	{
+		DEBUG(0,("User already in the base, with samba properties\n"));
+		ldap_msgfree(result);
+		ldap_unbind(ldap_struct);
+		return False;
+	}
+	ldap_msgfree(result);
+
+	slprintf (filter, sizeof (filter) - 1, "uid=%s", username);
+	rc = ldapsam_search_one_user(ldap_state, ldap_struct, filter, &result);
+	num_result = ldap_count_entries(ldap_struct, result);
+	
+	if (num_result > 1) {
+		DEBUG (0, ("More than one user with that uid exists: bailing out!\n"));
+		ldap_msgfree(result);
+		return False;
+	}
+	
+	/* Check if we need to update an existing entry */
+	if (num_result == 1) {
+		char *tmp;
+		LDAPMessage *entry;
+		
+		DEBUG(3,("User exists without samba properties: adding them\n"));
+		ldap_op = LDAP_MOD_REPLACE;
+		entry = ldap_first_entry (ldap_struct, result);
+		tmp = ldap_get_dn (ldap_struct, entry);
+		slprintf (dn, sizeof (dn) - 1, "%s", tmp);
+		ldap_memfree (tmp);
+	}
+	else {
+		/* Check if we need to add an entry */
+		DEBUG(3,("Adding new user\n"));
+		ldap_op = LDAP_MOD_ADD;
+		if (username[strlen(username)-1] == '$') {
+                        slprintf (dn, sizeof (dn) - 1, "uid=%s,%s", username, lp_ldap_machine_suffix ());
+                } else {
+                        slprintf (dn, sizeof (dn) - 1, "uid=%s,%s", username, lp_ldap_user_suffix ());
+                }
+	}
+
+	ldap_msgfree(result);
+
+	if (!init_ldap_from_sam(ldap_state, &mods, ldap_op, newpwd)) {
+		DEBUG(0, ("ldapsam_add_sam_account: init_ldap_from_sam failed!\n"));
+		ldap_mods_free(mods, 1);
+		ldap_unbind(ldap_struct);
+		return False;		
+	}
+	make_a_mod(&mods, LDAP_MOD_ADD, "objectclass", "sambaAccount");
+
+	if (ldap_op == LDAP_MOD_REPLACE) {
+		rc = ldap_modify_s(ldap_struct, dn, mods);
+	}
+	else {
+		rc = ldap_add_s(ldap_struct, dn, mods);
+	}
+
+	if (rc != LDAP_SUCCESS)
+	{
+		char *ld_error;
+
+		ldap_get_option (ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error);
+		DEBUG(0,("failed to modify/add user with uid = %s (dn = %s) with: %s\n\t%s\n",
+			pdb_get_username(newpwd), dn, ldap_err2string (rc), ld_error));
+		free(ld_error);
+		ldap_mods_free(mods, 1);
+		ldap_unbind(ldap_struct);
+		return False;
+	}
+	
+	DEBUG(2,("added: uid = %s in the LDAP database\n", pdb_get_username(newpwd)));
+	ldap_mods_free(mods, 1);
+	ldap_unbind(ldap_struct);
+	return True;
+}
+
+static void free_private_data(void **vp) 
+{
+	struct ldapsam_privates **ldap_state = (struct ldapsam_privates **)vp;
+
+	if ((*ldap_state)->ldap_struct) {
+		ldap_unbind((*ldap_state)->ldap_struct);
+	}
+
+	*ldap_state = NULL;
+
+	/* No need to free any further, as it is talloc()ed */
+}
+
+NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
+{
+	NTSTATUS nt_status;
+	struct ldapsam_privates *ldap_state;
+
+	if (!NT_STATUS_IS_OK(nt_status = make_pdb_methods(pdb_context->mem_ctx, pdb_method))) {
+		return nt_status;
+	}
+
+	(*pdb_method)->name = "ldapsam";
+
+	(*pdb_method)->setsampwent = ldapsam_setsampwent;
+	(*pdb_method)->endsampwent = ldapsam_endsampwent;
+	(*pdb_method)->getsampwent = ldapsam_getsampwent;
+	(*pdb_method)->getsampwnam = ldapsam_getsampwnam;
+	(*pdb_method)->getsampwrid = ldapsam_getsampwrid;
+	(*pdb_method)->add_sam_account = ldapsam_add_sam_account;
+	(*pdb_method)->update_sam_account = ldapsam_update_sam_account;
+	(*pdb_method)->delete_sam_account = ldapsam_delete_sam_account;
+
+	/* TODO: Setup private data and free */
+
+	ldap_state = talloc_zero(pdb_context->mem_ctx, sizeof(struct ldapsam_privates));
+
+	if (!ldap_state) {
+		DEBUG(0, ("talloc() failed for ldapsam private_data!\n"));
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (location) {
+		ldap_state->uri = talloc_strdup(pdb_context->mem_ctx, location);
+	} else {
+		ldap_state->uri = "ldap://localhost";
+	}
+
+	(*pdb_method)->private_data = ldap_state;
+
+	(*pdb_method)->free_private_data = free_private_data;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS pdb_init_ldapsam_nua(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
+{
+	NTSTATUS nt_status;
+	struct ldapsam_privates *ldap_state;
+	uint32 low_nua_uid, high_nua_uid;
+
+	if (!NT_STATUS_IS_OK(nt_status = pdb_init_ldapsam(pdb_context, pdb_method, location))) {
+		return nt_status;
+	}
+
+	(*pdb_method)->name = "ldapsam_nua";
+
+	ldap_state = (*pdb_method)->private_data;
+	
+	ldap_state->permit_non_unix_accounts = True;
+
+	if (!lp_non_unix_account_range(&low_nua_uid, &high_nua_uid)) {
+		DEBUG(0, ("cannot use ldapsam_nua without 'non unix account range' in smb.conf!\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	ldap_state->low_nua_rid=pdb_uid_to_user_rid(low_nua_uid);
+
+	ldap_state->high_nua_rid=pdb_uid_to_user_rid(high_nua_uid);
+
+	return NT_STATUS_OK;
+}
+
+
+#else
+
+NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
+{
+	DEBUG(0, ("ldapsam not compiled in!\n"));
+	return NT_STATUS_UNSUCCESSFUL;
+}
+
+NTSTATUS pdb_init_ldapsam_nua(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
+{
+	DEBUG(0, ("ldapsam_nua not compiled in!\n"));
+	return NT_STATUS_UNSUCCESSFUL;
+}
+
+
+#endif
diff --git a/source3/passdb/pdb_nisplus.c b/source3/passdb/pdb_nisplus.c
new file mode 100644
index 0000000000..145e1d4f0c
--- /dev/null
+++ b/source3/passdb/pdb_nisplus.c
@@ -0,0 +1,1428 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * SMB parameters and setup
+ * Copyright (C) Andrew Tridgell 1992-1998 Modified by Jeremy Allison 1995.
+ * Copyright (C) Benny Holmgren 1998 <bigfoot@astrakan.hgs.se> 
+ * Copyright (C) Luke Kenneth Casson Leighton 1996-1998.
+ * Copyright (C) Toomas Soome <tsoome@ut.ee> 2001
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 675
+ * Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+#ifdef WITH_NISPLUS_SAM
+
+#ifdef BROKEN_NISPLUS_INCLUDE_FILES
+
+/*
+ * The following lines are needed due to buggy include files
+ * in Solaris 2.6 which define GROUP in both /usr/include/sys/acl.h and
+ * also in /usr/include/rpcsvc/nis.h. The definitions conflict. JRA.
+ * Also GROUP_OBJ is defined as 0x4 in /usr/include/sys/acl.h and as
+ * an enum in /usr/include/rpcsvc/nis.h.
+ */
+
+#if defined(GROUP)
+#undef GROUP
+#endif
+
+#if defined(GROUP_OBJ)
+#undef GROUP_OBJ
+#endif
+
+#endif
+
+#include <rpcsvc/nis.h>
+
+extern int      DEBUGLEVEL;
+
+struct nisp_enum_info
+{
+	nis_result *result;
+	int enum_entry;
+};
+
+static struct nisp_enum_info global_nisp_ent;
+static VOLATILE sig_atomic_t gotalarm;
+
+/***************************************************************
+
+ the fields for the NIS+ table, generated from mknissmbpwtbl.sh, are:
+
+    	name=S,nogw=r 
+    	uid=S,nogw=r 
+		user_rid=S,nogw=r
+		smb_grpid=,nw+r
+		group_rid=,nw+r
+		acb=,nw+r
+		          
+    	lmpwd=C,nw=,g=r,o=rm 
+    	ntpwd=C,nw=,g=r,o=rm 
+		                     
+		logon_t=,nw+r 
+		logoff_t=,nw+r 
+		kick_t=,nw+r 
+		pwdlset_t=,nw+r 
+		pwdlchg_t=,nw+r 
+		pwdmchg_t=,nw+r 
+		                
+		full_name=,nw+r 
+		home_dir=,nw+r 
+		dir_drive=,nw+r 
+		logon_script=,nw+r 
+		profile_path=,nw+r 
+		acct_desc=,nw+r 
+		workstations=,nw+r 
+		                   
+		hours=,nw+r 
+
+****************************************************************/
+
+#define NPF_NAME          0
+#define NPF_UID           1
+#define NPF_USER_RID      2
+#define NPF_SMB_GRPID     3
+#define NPF_GROUP_RID     4
+#define NPF_ACB           5
+#define NPF_LMPWD         6
+#define NPF_NTPWD         7
+#define NPF_LOGON_T       8
+#define NPF_LOGOFF_T      9
+#define NPF_KICK_T        10
+#define NPF_PWDLSET_T     11
+#define NPF_PWDCCHG_T     12
+#define NPF_PWDMCHG_T     13
+#define NPF_FULL_NAME     14
+#define NPF_HOME_DIR      15
+#define NPF_DIR_DRIVE     16
+#define NPF_LOGON_SCRIPT  17
+#define NPF_PROFILE_PATH  18
+#define NPF_ACCT_DESC     19
+#define NPF_WORKSTATIONS  20
+#define NPF_HOURS         21
+
+
+/*******************************************************************
+ Converts NT user RID to a UNIX uid.
+ ********************************************************************/
+
+static uid_t pdb_user_rid_to_uid(uint32 user_rid)
+{
+	return (uid_t)(((user_rid & (~USER_RID_TYPE))- 1000)/RID_MULTIPLIER);
+}
+
+/*******************************************************************
+ converts UNIX uid to an NT User RID.
+ ********************************************************************/
+
+static uint32 pdb_uid_to_user_rid(uid_t uid)
+{
+	return (((((uint32)uid)*RID_MULTIPLIER) + 1000) | USER_RID_TYPE);
+}
+
+/***************************************************************
+ Signal function to tell us we timed out.
+****************************************************************/
+static void gotalarm_sig(void)
+{
+  gotalarm = 1;
+}
+
+/***************************************************************
+ make_nisname_from_user_rid
+ ****************************************************************/
+static char *make_nisname_from_user_rid(uint32 rid, char *pfile)
+{
+	static pstring nisname;
+
+	safe_strcpy(nisname, "[user_rid=", sizeof(nisname)-1);
+	slprintf(nisname, sizeof(nisname)-1, "%s%d", nisname, rid);
+	safe_strcat(nisname, "],", sizeof(nisname)-strlen(nisname)-1);
+	safe_strcat(nisname, pfile, sizeof(nisname)-strlen(nisname)-1);
+
+	return nisname;
+}
+
+/***************************************************************
+ make_nisname_from_uid
+ ****************************************************************/
+static char *make_nisname_from_uid(int uid, char *pfile)
+{
+	static pstring nisname;
+
+	safe_strcpy(nisname, "[uid=", sizeof(nisname)-1);
+	slprintf(nisname, sizeof(nisname)-1, "%s%d", nisname, uid);
+	safe_strcat(nisname, "],", sizeof(nisname)-strlen(nisname)-1);
+	safe_strcat(nisname, pfile, sizeof(nisname)-strlen(nisname)-1);
+
+	return nisname;
+}
+
+/***************************************************************
+ make_nisname_from_name
+ ****************************************************************/
+static char *make_nisname_from_name(const char *user_name, char *pfile)
+{
+	static pstring nisname;
+
+	safe_strcpy(nisname, "[name=", sizeof(nisname)-1);
+	safe_strcat(nisname, user_name, sizeof(nisname) - strlen(nisname) - 1);
+	safe_strcat(nisname, "],", sizeof(nisname)-strlen(nisname)-1);
+	safe_strcat(nisname, pfile, sizeof(nisname)-strlen(nisname)-1);
+
+	return nisname;
+}
+
+/*************************************************************************
+ gets a NIS+ attribute
+ *************************************************************************/
+static void get_single_attribute(const nis_object *new_obj, int col,
+				char *val, int len)
+{
+	int entry_len;
+
+	if (new_obj == NULL || val == NULL) return;
+	
+	entry_len = ENTRY_LEN(new_obj, col);
+	if (len > entry_len)
+	{
+		len = entry_len;
+	}
+
+	safe_strcpy(val, ENTRY_VAL(new_obj, col), len-1);
+}
+
+/************************************************************************
+ makes a struct sam_passwd from a NIS+ object.
+ ************************************************************************/
+static BOOL make_sam_from_nisp_object(SAM_ACCOUNT *pw_buf, const nis_object *obj)
+{
+  char *ptr;
+  pstring full_name;    /* this must be translated to dos code page */
+  pstring acct_desc;    /* this must be translated to dos code page */
+  pstring home_dir;     /* set default value from smb.conf for user */
+  pstring home_drive;   /* set default value from smb.conf for user */
+  pstring logon_script; /* set default value from smb.conf for user */
+  pstring profile_path; /* set default value from smb.conf for user */
+  pstring hours;
+  int hours_len;
+  unsigned char smbpwd[16];
+  unsigned char smbntpwd[16];
+  
+
+  /*
+   * time values. note: this code assumes 32bit time_t!
+   */
+
+  /* Don't change these timestamp settings without a good reason.  They are
+     important for NT member server compatibility. */
+
+  pdb_set_logon_time(pw_buf, (time_t)0, True);
+  ptr = (uchar *)ENTRY_VAL(obj, NPF_LOGON_T);
+  if(ptr && *ptr && (StrnCaseCmp(ptr, "LNT-", 4)==0)) {
+    int i;
+    ptr += 4;
+    for(i = 0; i < 8; i++) {
+      if(ptr[i] == '\0' || !isxdigit(ptr[i]))
+	break;
+    }
+    if(i == 8) {
+      pdb_set_logon_time(pw_buf, (time_t)strtol(ptr, NULL, 16), True);
+    }
+  }
+
+  pdb_set_logoff_time(pw_buf, get_time_t_max(), True);
+  ptr = (uchar *)ENTRY_VAL(obj, NPF_LOGOFF_T);
+  if(ptr && *ptr && (StrnCaseCmp(ptr, "LOT-", 4)==0)) {
+    int i;
+    ptr += 4;
+    for(i = 0; i < 8; i++) {
+      if(ptr[i] == '\0' || !isxdigit(ptr[i]))
+	break;
+    }
+    if(i == 8) {
+      pdb_set_logoff_time(pw_buf, (time_t)strtol(ptr, NULL, 16), True);
+    }
+  }
+
+  pdb_set_kickoff_time(pw_buf, get_time_t_max(), True);
+  ptr = (uchar *)ENTRY_VAL(obj, NPF_KICK_T);
+  if(ptr && *ptr && (StrnCaseCmp(ptr, "KOT-", 4)==0)) {
+    int i;
+    ptr += 4;
+    for(i = 0; i < 8; i++) {
+      if(ptr[i] == '\0' || !isxdigit(ptr[i]))
+	break;
+    }
+    if(i == 8) {
+      pdb_set_kickoff_time(pw_buf, (time_t)strtol(ptr, NULL, 16), True);
+    }
+  }
+
+  pdb_set_pass_last_set_time(pw_buf, (time_t)0);
+  ptr = (uchar *)ENTRY_VAL(obj, NPF_PWDLSET_T);
+  if(ptr && *ptr && (StrnCaseCmp(ptr, "LCT-", 4)==0)) {
+    int i;
+    ptr += 4;
+    for(i = 0; i < 8; i++) {
+      if(ptr[i] == '\0' || !isxdigit(ptr[i]))
+	break;
+    }
+    if(i == 8) {
+      pdb_set_pass_last_set_time(pw_buf, (time_t)strtol(ptr, NULL, 16));
+    }
+  }
+  
+  pdb_set_pass_can_change_time(pw_buf, (time_t)0, True);
+  ptr = (uchar *)ENTRY_VAL(obj, NPF_PWDCCHG_T);
+  if(ptr && *ptr && (StrnCaseCmp(ptr, "CCT-", 4)==0)) {
+    int i;
+    ptr += 4;
+    for(i = 0; i < 8; i++) {
+      if(ptr[i] == '\0' || !isxdigit(ptr[i]))
+	break;
+    }
+    if(i == 8) {
+      pdb_set_pass_can_change_time(pw_buf, (time_t)strtol(ptr, NULL, 16), True);
+    }
+  }
+  
+  pdb_set_pass_must_change_time(pw_buf, get_time_t_max(), True); /* Password never expires. */
+  ptr = (uchar *)ENTRY_VAL(obj, NPF_PWDMCHG_T);
+  if(ptr && *ptr && (StrnCaseCmp(ptr, "MCT-", 4)==0)) {
+    int i;
+    ptr += 4;
+    for(i = 0; i < 8; i++) {
+      if(ptr[i] == '\0' || !isxdigit(ptr[i]))
+	break;
+    }
+    if(i == 8) {
+      pdb_set_pass_must_change_time(pw_buf, (time_t)strtol(ptr, NULL, 16), True);
+    }
+  }
+
+  /* string values */
+  pdb_set_username(pw_buf, ENTRY_VAL(obj, NPF_NAME));
+  pdb_set_domain(pw_buf, lp_workgroup());
+  /* pdb_set_nt_username() -- cant set it here... */
+
+  get_single_attribute(obj, NPF_FULL_NAME, full_name, sizeof(pstring));
+#if 0
+  unix_to_dos(full_name, True);
+#endif
+  pdb_set_fullname(pw_buf, full_name);
+
+  pdb_set_acct_ctrl(pw_buf, pdb_decode_acct_ctrl(ENTRY_VAL(obj,
+							   NPF_ACB)));
+
+  get_single_attribute(obj, NPF_ACCT_DESC, acct_desc, sizeof(pstring));
+#if 0
+  unix_to_dos(acct_desc, True);
+#endif
+  pdb_set_acct_desc(pw_buf, acct_desc);
+
+  pdb_set_workstations(pw_buf, ENTRY_VAL(obj, NPF_WORKSTATIONS));
+  pdb_set_munged_dial(pw_buf, NULL);
+
+  pdb_set_uid(pw_buf, atoi(ENTRY_VAL(obj, NPF_UID)));
+  pdb_set_gid(pw_buf, atoi(ENTRY_VAL(obj, NPF_SMB_GRPID)));
+  pdb_set_user_rid(pw_buf, atoi(ENTRY_VAL(obj, NPF_USER_RID)));
+  pdb_set_group_rid(pw_buf, atoi(ENTRY_VAL(obj, NPF_GROUP_RID)));
+
+  /* values, must exist for user */
+  if( !(pdb_get_acct_ctrl(pw_buf) & ACB_WSTRUST) ) {
+    
+    get_single_attribute(obj, NPF_HOME_DIR, home_dir, sizeof(pstring));
+    if( !(home_dir && *home_dir) ) {
+      pstrcpy(home_dir, lp_logon_home());
+      pdb_set_homedir(pw_buf, home_dir, False);
+    }
+    else
+      pdb_set_homedir(pw_buf, home_dir, True);
+
+    get_single_attribute(obj, NPF_DIR_DRIVE, home_drive, sizeof(pstring));
+    if( !(home_drive && *home_drive) ) {
+      pstrcpy(home_drive, lp_logon_drive());
+      pdb_set_dir_drive(pw_buf, home_drive, False);
+    }
+    else
+      pdb_set_dir_drive(pw_buf, home_drive, True);
+
+    get_single_attribute(obj, NPF_LOGON_SCRIPT, logon_script,
+			 sizeof(pstring));
+    if( !(logon_script && *logon_script) ) {
+      pstrcpy(logon_script, lp_logon_script());
+    }
+    else
+      pdb_set_logon_script(pw_buf, logon_script, True);
+
+    get_single_attribute(obj, NPF_PROFILE_PATH, profile_path, sizeof(pstring));
+    if( !(profile_path && *profile_path) ) {
+      pstrcpy(profile_path, lp_logon_path());
+      pdb_set_profile_path(pw_buf, profile_path, False);
+    }
+    else
+      pdb_set_profile_path(pw_buf, profile_path, True);
+
+  } 
+  else 
+  {
+    /* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */
+    pdb_set_group_rid (pw_buf, DOMAIN_GROUP_RID_USERS); 
+  }
+
+  /* Check the lanman password column. */
+  ptr = (char *)ENTRY_VAL(obj, NPF_LMPWD);
+  if (!pdb_set_lanman_passwd(pw_buf, NULL))
+	return False;
+
+  if (!strncasecmp(ptr, "NO PASSWORD", 11)) {
+    pdb_set_acct_ctrl(pw_buf, pdb_get_acct_ctrl(pw_buf) | ACB_PWNOTREQ);
+  } else {
+    if (strlen(ptr) != 32 || !pdb_gethexpwd(ptr, smbpwd)) {
+      DEBUG(0, ("malformed LM pwd entry: %s.\n",
+		pdb_get_username(pw_buf)));
+      return False;
+    } 
+    if (!pdb_set_lanman_passwd(pw_buf, smbpwd))
+		return False;
+  }
+  
+  /* Check the NT password column. */
+  ptr = ENTRY_VAL(obj, NPF_NTPWD);
+  if (!pdb_set_nt_passwd(pw_buf, NULL))
+	return False;
+  
+  if (!(pdb_get_acct_ctrl(pw_buf) & ACB_PWNOTREQ) &&
+      strncasecmp(ptr, "NO PASSWORD", 11)) {
+    if (strlen(ptr) != 32 || !pdb_gethexpwd(ptr, smbntpwd)) {
+      DEBUG(0, ("malformed NT pwd entry:\
+ uid = %d.\n",
+		pdb_get_uid(pw_buf)));
+      return False;
+    }
+    if (!pdb_set_nt_passwd(pw_buf, smbntpwd))
+		return False;
+  }
+  
+  pdb_set_unknown_3(pw_buf, 0xffffff); /* don't know */
+  pdb_set_logon_divs(pw_buf, 168);     /* hours per week */
+		      
+		      if( (hours_len = ENTRY_LEN(obj, NPF_HOURS)) == 21 ) {
+    memcpy(hours, ENTRY_VAL(obj, NPF_HOURS), hours_len);
+  } else {
+    hours_len = 21; /* 21 times 8 bits = 168 */
+    /* available at all hours */
+    memset(hours, 0xff, hours_len);
+  }
+  pdb_set_hours_len(pw_buf, hours_len);
+  pdb_set_hours(pw_buf, hours);
+
+  pdb_set_unknown_5(pw_buf, 0x00020000); /* don't know */
+  pdb_set_unknown_6(pw_buf, 0x000004ec); /* don't know */
+
+  return True;
+}
+
+/************************************************************************
+ makes a struct sam_passwd from a NIS+ result.
+ ************************************************************************/
+static BOOL make_sam_from_nisresult(SAM_ACCOUNT *pw_buf, const nis_result *result)
+{
+	if (pw_buf == NULL || result == NULL) return False;
+
+	if (result->status != NIS_SUCCESS && result->status != NIS_NOTFOUND)
+	{
+		DEBUG(0, ("NIS+ lookup failure: %s\n",
+		           nis_sperrno(result->status)));
+		return False;
+	}
+
+	/* User not found. */
+	if (NIS_RES_NUMOBJ(result) <= 0)
+	{
+		DEBUG(10, ("user not found in NIS+\n"));
+		return False;
+	}
+
+	if (NIS_RES_NUMOBJ(result) > 1)
+	{
+		DEBUG(10, ("WARNING: Multiple entries for user in NIS+ table!\n"));
+	}
+
+	/* Grab the first hit. */
+	return make_sam_from_nisp_object(pw_buf, &NIS_RES_OBJECT(result)[0]);
+}
+
+/*************************************************************************
+ sets a NIS+ attribute
+ *************************************************************************/
+static void set_single_attribute(nis_object *new_obj, int col,
+				const char *val, int len, int flags)
+{
+	if (new_obj == NULL) return;
+
+	ENTRY_VAL(new_obj, col) = val;
+	ENTRY_LEN(new_obj, col) = len+1;
+
+	if (flags != 0)
+	{
+		new_obj->EN_data.en_cols.en_cols_val[col].ec_flags = flags;
+	}
+}
+
+/***************************************************************
+ copy or modify nis object. this object is used to add or update
+ nisplus table entry.
+ ****************************************************************/
+static BOOL init_nisp_from_sam(nis_object *obj, const SAM_ACCOUNT *sampass,
+			       nis_object *old)
+{
+  /*
+   * Fill nis_object for entry add or update.
+   * if we are updateing, we have to find out differences and set
+   * EN_MODIFIED flag. also set need_to_modify to trigger
+   * nis_modify_entry() call in pdb_update_sam_account().
+   *
+   * TODO:
+   *   get data from SAM
+   *   if (modify) get data from nis_object, compare and store if
+   *               different + set EN_MODIFIED and need_to_modify
+   *   else
+   *               store
+   */
+  BOOL need_to_modify = False;
+  const char *name = pdb_get_username(sampass);       /* from SAM */
+  /* these must be static or allocate and free entry columns! */
+  static fstring uid;                     /* from SAM */
+  static fstring user_rid;                /* from SAM */
+  static fstring gid;                     /* from SAM */
+  static fstring group_rid;               /* from SAM */
+  char *acb;                       /* from SAM */
+  static fstring smb_passwd;              /* from SAM */
+  static fstring smb_nt_passwd;           /* from SAM */
+  static fstring logon_t;                 /* from SAM */
+  static fstring logoff_t;                /* from SAM */
+  static fstring kickoff_t;               /* from SAM */
+  static fstring pwdlset_t;               /* from SAM */
+  static fstring pwdlchg_t;               /* from SAM */
+  static fstring pwdmchg_t;               /* from SAM */
+  static fstring full_name;               /* from SAM */
+  static fstring acct_desc;               /* from SAM */
+  static char empty[1];                   /* just an empty string */
+
+  slprintf(uid, sizeof(uid)-1, "%u", pdb_get_uid(sampass));
+  slprintf(user_rid, sizeof(user_rid)-1, "%u",
+	   pdb_get_user_rid(sampass)? pdb_get_user_rid(sampass):
+	   pdb_uid_to_user_rid(pdb_get_uid(sampass))); 
+  slprintf(gid, sizeof(gid)-1, "%u", pdb_get_gid(sampass));
+
+	{
+		uint32 rid;
+		GROUP_MAP map;
+	
+		rid=pdb_get_group_rid(sampass);
+
+		if (rid==0) {
+			if (get_group_map_from_gid(pdb_get_gid(sampass), &map, MAPPING_WITHOUT_PRIV)) {
+				sid_peek_rid(&map.sid, &rid);
+			} else 
+				rid=pdb_gid_to_group_rid(pdb_get_gid(sampass));
+		}
+
+  		slprintf(group_rid, sizeof(group_rid)-1, "%u", rid);
+	}
+	 
+  acb = pdb_encode_acct_ctrl(pdb_get_acct_ctrl(sampass),
+			     NEW_PW_FORMAT_SPACE_PADDED_LEN);
+  pdb_sethexpwd (smb_passwd, pdb_get_lanman_passwd(sampass),
+		 pdb_get_acct_ctrl(sampass));
+  pdb_sethexpwd (smb_nt_passwd, pdb_get_nt_passwd(sampass),
+		 pdb_get_acct_ctrl(sampass));
+  slprintf(logon_t, 13, "LNT-%08X",
+	   (uint32)pdb_get_logon_time(sampass));
+  slprintf(logoff_t, 13, "LOT-%08X",
+	   (uint32)pdb_get_logoff_time(sampass));
+  slprintf(kickoff_t, 13, "KOT-%08X",
+	   (uint32)pdb_get_kickoff_time(sampass));
+  slprintf(pwdlset_t, 13, "LCT-%08X",
+	   (uint32)pdb_get_pass_last_set_time(sampass));
+  slprintf(pwdlchg_t, 13, "CCT-%08X",
+	   (uint32)pdb_get_pass_can_change_time(sampass));
+  slprintf(pwdmchg_t, 13, "MCT-%08X",
+	   (uint32)pdb_get_pass_must_change_time(sampass));
+  safe_strcpy(full_name, pdb_get_fullname(sampass), sizeof(full_name)-1);
+  safe_strcpy(acct_desc, pdb_get_acct_desc(sampass), sizeof(acct_desc)-1);
+
+#if 0
+
+  /* Not sure what to do with these guys. -tpot */
+
+  dos_to_unix(full_name, True);
+  dos_to_unix(acct_desc, True);
+
+#endif
+
+  if( old ) {
+    /* name */
+    if(strcmp(ENTRY_VAL(old, NPF_NAME), name))
+      {
+	need_to_modify = True;
+	set_single_attribute(obj, NPF_NAME, name, strlen(name),
+			     EN_MODIFIED);
+      }
+
+
+    /* uid */
+    if(pdb_get_uid(sampass) != -1) {
+      if(!ENTRY_VAL(old, NPF_UID) || strcmp(ENTRY_VAL(old, NPF_UID), uid)) 
+	{
+	  need_to_modify = True;
+	  set_single_attribute(obj, NPF_UID, uid,
+			       strlen(uid), EN_MODIFIED);
+	}
+    }
+      
+    /* user_rid */
+    if (pdb_get_user_rid(sampass)) {
+      if(!ENTRY_VAL(old, NPF_USER_RID) ||
+	 strcmp(ENTRY_VAL(old, NPF_USER_RID), user_rid) ) {
+	need_to_modify = True;
+	set_single_attribute(obj, NPF_USER_RID, user_rid,
+			     strlen(user_rid), EN_MODIFIED);
+      }
+    }
+    
+    /* smb_grpid */
+    if (pdb_get_gid(sampass) != -1) {
+      if(!ENTRY_VAL(old, NPF_SMB_GRPID) ||
+	 strcmp(ENTRY_VAL(old, NPF_SMB_GRPID), gid) ) {
+	need_to_modify = True;
+	set_single_attribute(obj, NPF_SMB_GRPID, gid,
+			     strlen(gid), EN_MODIFIED);
+      }
+    }
+
+    /* group_rid */
+    if (pdb_get_group_rid(sampass)) {
+      if(!ENTRY_VAL(old, NPF_GROUP_RID) ||
+	 strcmp(ENTRY_VAL(old, NPF_GROUP_RID), group_rid) ) {
+	need_to_modify = True;
+	set_single_attribute(obj, NPF_GROUP_RID, group_rid,
+			     strlen(group_rid), EN_MODIFIED);
+      }
+    }
+
+    /* acb */
+    if (!ENTRY_VAL(old, NPF_ACB) || 
+	strcmp(ENTRY_VAL(old, NPF_ACB), acb)) {
+      need_to_modify = True;
+      set_single_attribute(obj, NPF_ACB, acb, strlen(acb), EN_MODIFIED);
+    }
+    
+    /* lmpwd */
+    if(!ENTRY_VAL(old, NPF_LMPWD) || 
+       strcmp(ENTRY_VAL(old, NPF_LMPWD), smb_passwd) ) {
+      need_to_modify = True;
+      set_single_attribute(obj, NPF_LMPWD, smb_passwd,
+			   strlen(smb_passwd), EN_CRYPT|EN_MODIFIED);
+    }
+
+    /* ntpwd */
+    if(!ENTRY_VAL(old, NPF_NTPWD) ||
+       strcmp(ENTRY_VAL(old, NPF_NTPWD), smb_nt_passwd) ) {
+      need_to_modify = True;
+      set_single_attribute(obj, NPF_NTPWD, smb_nt_passwd,
+			   strlen(smb_nt_passwd), EN_CRYPT|EN_MODIFIED);
+    }
+
+    /* logon_t */
+    if( pdb_get_logon_time(sampass) && 
+	(!ENTRY_VAL(old, NPF_LOGON_T) ||
+	 strcmp(ENTRY_VAL(old, NPF_LOGON_T), logon_t ))) {
+      need_to_modify = True;
+      set_single_attribute(obj, NPF_LOGON_T, logon_t,
+			   strlen(logon_t), EN_MODIFIED);
+    }
+
+    /* logoff_t */
+    if( pdb_get_logoff_time(sampass) && 
+	(!ENTRY_VAL(old, NPF_LOGOFF_T) ||
+	 strcmp(ENTRY_VAL(old, NPF_LOGOFF_T), logoff_t))) {
+      need_to_modify = True;
+      set_single_attribute(obj, NPF_LOGOFF_T, logoff_t,
+			   strlen(logoff_t), EN_MODIFIED);
+    }
+
+    /* kick_t */
+    if( pdb_get_kickoff_time(sampass) &&
+	(!ENTRY_VAL(old, NPF_KICK_T) ||
+	 strcmp(ENTRY_VAL(old, NPF_KICK_T), kickoff_t))) {
+      need_to_modify = True;
+      set_single_attribute(obj, NPF_KICK_T, kickoff_t,
+			   strlen(kickoff_t), EN_MODIFIED);
+    }
+    
+    /* pwdlset_t */
+    if( pdb_get_pass_last_set_time(sampass) &&
+	(!ENTRY_VAL(old, NPF_PWDLSET_T) ||
+	 strcmp(ENTRY_VAL(old, NPF_PWDLSET_T), pwdlset_t))) {
+      need_to_modify = True;
+      set_single_attribute(obj, NPF_PWDLSET_T, pwdlset_t,
+			   strlen(pwdlset_t), EN_MODIFIED);
+    }
+
+    /* pwdlchg_t */
+    if( pdb_get_pass_can_change_time(sampass) &&
+	(!ENTRY_VAL(old, NPF_PWDCCHG_T) ||
+	 strcmp(ENTRY_VAL(old, NPF_PWDCCHG_T), pwdlchg_t))) {
+      need_to_modify = True;
+      set_single_attribute(obj, NPF_PWDCCHG_T, pwdlchg_t,
+			   strlen(pwdlchg_t), EN_MODIFIED);
+    }
+
+    /* pwdmchg_t */
+    if( pdb_get_pass_must_change_time(sampass) &&
+	(!ENTRY_VAL(old, NPF_PWDMCHG_T) ||
+	 strcmp(ENTRY_VAL(old, NPF_PWDMCHG_T), pwdmchg_t))) {
+      need_to_modify = True;
+      set_single_attribute(obj, NPF_PWDMCHG_T, pwdmchg_t,
+			   strlen(pwdmchg_t), EN_MODIFIED);
+    }
+    
+    /* full_name */
+    /* must support set, unset and change */
+    if ( (pdb_get_fullname(sampass) &&
+	  !ENTRY_VAL(old, NPF_FULL_NAME)) ||
+	 (ENTRY_VAL(old, NPF_FULL_NAME) &&
+	  !pdb_get_fullname(sampass))  ||
+	 (ENTRY_VAL(old, NPF_FULL_NAME) &&
+	  pdb_get_fullname(sampass) && 
+	  strcmp( ENTRY_VAL(old, NPF_FULL_NAME), full_name ))) {
+      need_to_modify = True;
+      set_single_attribute(obj, NPF_FULL_NAME, full_name,
+			   strlen(full_name), EN_MODIFIED);
+    }
+    
+    /* home_dir */
+    /* must support set, unset and change */
+    if( (pdb_get_homedir(sampass) && 
+	 !ENTRY_VAL(old, NPF_HOME_DIR)) ||
+	(ENTRY_VAL(old, NPF_HOME_DIR) && 
+	 !pdb_get_homedir(sampass)) ||
+	(ENTRY_VAL(old, NPF_HOME_DIR) && 
+	 pdb_get_homedir(sampass) &&
+	 strcmp( ENTRY_VAL(old, NPF_HOME_DIR),
+		 pdb_get_homedir(sampass)))) {
+      need_to_modify = True;
+      set_single_attribute(obj, NPF_HOME_DIR, pdb_get_homedir(sampass),
+			   strlen(pdb_get_homedir(sampass)), EN_MODIFIED);
+    }
+    
+    /* dir_drive */
+    /* must support set, unset and change */
+    if( (pdb_get_dirdrive(sampass) && 
+	 !ENTRY_VAL(old, NPF_DIR_DRIVE)) ||
+	(ENTRY_VAL(old, NPF_DIR_DRIVE) && 
+	 !pdb_get_dirdrive(sampass)) ||
+	(ENTRY_VAL(old, NPF_DIR_DRIVE) && 
+	 pdb_get_dirdrive(sampass) &&
+	 strcmp( ENTRY_VAL(old, NPF_DIR_DRIVE),
+		 pdb_get_dirdrive(sampass)))) {
+      need_to_modify = True;
+      set_single_attribute(obj, NPF_DIR_DRIVE, pdb_get_dirdrive(sampass),
+			   strlen(pdb_get_dirdrive(sampass)), EN_MODIFIED);
+    }
+    
+    /* logon_script */
+    /* must support set, unset and change */
+    if( (pdb_get_logon_script(sampass) && 
+	 !ENTRY_VAL(old, NPF_LOGON_SCRIPT) ||
+	 (ENTRY_VAL(old, NPF_LOGON_SCRIPT) &&
+	  !pdb_get_logon_script(sampass)) ||
+	 ( ENTRY_VAL(old, NPF_LOGON_SCRIPT) &&
+	   pdb_get_logon_script(sampass) &&
+	   strcmp( ENTRY_VAL(old, NPF_LOGON_SCRIPT),
+		   pdb_get_logon_script(sampass))))) {
+      need_to_modify = True;
+      set_single_attribute(obj, NPF_LOGON_SCRIPT,
+			   pdb_get_logon_script(sampass),
+			   strlen(pdb_get_logon_script(sampass)),
+			   EN_MODIFIED);
+    }
+    
+    /* profile_path */
+    /* must support set, unset and change */
+    if( (pdb_get_profile_path(sampass) && 
+	 !ENTRY_VAL(old, NPF_PROFILE_PATH)) || 
+	(ENTRY_VAL(old, NPF_PROFILE_PATH) &&
+	 !pdb_get_profile_path(sampass)) ||
+	(ENTRY_VAL(old, NPF_PROFILE_PATH) &&
+	 pdb_get_profile_path(sampass) &&
+	 strcmp( ENTRY_VAL(old, NPF_PROFILE_PATH),
+		 pdb_get_profile_path(sampass) ) )) {
+      need_to_modify = True;
+      set_single_attribute(obj, NPF_PROFILE_PATH,
+			   pdb_get_profile_path(sampass),
+			   strlen(pdb_get_profile_path(sampass)),
+			   EN_MODIFIED);
+    }
+    
+    /* acct_desc */
+    /* must support set, unset and change */
+    if( (pdb_get_acct_desc(sampass) &&
+	 !ENTRY_VAL(old, NPF_ACCT_DESC)) || 
+	(ENTRY_VAL(old, NPF_ACCT_DESC) && 
+	 !pdb_get_acct_desc(sampass)) ||
+	(ENTRY_VAL(old, NPF_ACCT_DESC) && 
+	 pdb_get_acct_desc(sampass) &&
+	 strcmp( ENTRY_VAL(old, NPF_ACCT_DESC), acct_desc ) )) {
+      need_to_modify = True;
+      set_single_attribute(obj, NPF_ACCT_DESC, acct_desc,
+			   strlen(acct_desc), EN_MODIFIED);
+    }
+
+    /* workstations */
+    /* must support set, unset and change */
+    if ( (pdb_get_workstations(sampass) &&
+	  !ENTRY_VAL(old, NPF_WORKSTATIONS) ) ||
+	 (ENTRY_VAL(old, NPF_WORKSTATIONS) &&
+	  !pdb_get_workstations(sampass)) ||
+	 (ENTRY_VAL(old, NPF_WORKSTATIONS) &&
+	  pdb_get_workstations(sampass)) &&
+	 strcmp( ENTRY_VAL(old, NPF_WORKSTATIONS), 
+		 pdb_get_workstations(sampass))) {
+      need_to_modify = True;
+      set_single_attribute(obj, NPF_WORKSTATIONS,
+			   pdb_get_workstations(sampass),
+			   strlen(pdb_get_workstations(sampass)),
+			   EN_MODIFIED);
+    }
+    
+    /* hours */
+    if ((pdb_get_hours_len(sampass) != ENTRY_LEN(old, NPF_HOURS)) ||
+	memcmp(pdb_get_hours(sampass), ENTRY_VAL(old, NPF_HOURS),
+	       ENTRY_LEN(old, NPF_HOURS))) {
+      need_to_modify = True;
+      /* set_single_attribute will add 1 for len ... */
+      set_single_attribute(obj, NPF_HOURS, pdb_get_hours(sampass), 
+			   pdb_get_hours_len(sampass)-1, EN_MODIFIED);
+    }  
+  } else {
+    const char *homedir, *dirdrive, *logon_script, *profile_path, *workstations;
+
+    *empty = '\0'; /* empty string */
+
+    set_single_attribute(obj, NPF_NAME, name, strlen(name), 0);
+    set_single_attribute(obj, NPF_UID, uid, strlen(uid), 0);
+    set_single_attribute(obj, NPF_USER_RID, user_rid,
+			 strlen(user_rid), 0);
+    set_single_attribute(obj, NPF_SMB_GRPID, gid, strlen(gid), 0);
+    set_single_attribute(obj, NPF_GROUP_RID, group_rid,
+			 strlen(group_rid), 0);
+    set_single_attribute(obj, NPF_ACB, acb, strlen(acb), 0);
+    set_single_attribute(obj, NPF_LMPWD, smb_passwd,
+			 strlen(smb_passwd), EN_CRYPT);
+    set_single_attribute(obj, NPF_NTPWD, smb_nt_passwd,
+			 strlen(smb_nt_passwd), EN_CRYPT);
+    set_single_attribute(obj, NPF_LOGON_T, logon_t,
+			 strlen(logon_t), 0);
+    set_single_attribute(obj, NPF_LOGOFF_T, logoff_t,
+			 strlen(logoff_t), 0);
+    set_single_attribute(obj, NPF_KICK_T, kickoff_t,
+			 strlen(kickoff_t),0);
+    set_single_attribute(obj, NPF_PWDLSET_T, pwdlset_t, 
+			 strlen(pwdlset_t), 0);
+    set_single_attribute(obj, NPF_PWDCCHG_T, pwdlchg_t,
+			 strlen(pwdlchg_t), 0);
+    set_single_attribute(obj, NPF_PWDMCHG_T, pwdmchg_t,
+			 strlen(pwdmchg_t), 0);
+    set_single_attribute(obj, NPF_FULL_NAME     , 
+			 full_name, strlen(full_name), 0);
+
+    if(!(homedir = pdb_get_homedir(sampass)))
+      homedir = empty;
+
+    set_single_attribute(obj, NPF_HOME_DIR,
+			 homedir, strlen(homedir), 0);
+    
+    if(!(dirdrive = pdb_get_dirdrive(sampass)))
+       dirdrive = empty;
+       
+    set_single_attribute(obj, NPF_DIR_DRIVE,
+			 dirdrive, strlen(dirdrive), 0);
+    
+    if(!(logon_script = pdb_get_logon_script(sampass)))
+       logon_script = empty;
+    
+    set_single_attribute(obj, NPF_LOGON_SCRIPT,
+			 logon_script, strlen(logon_script), 0);
+    
+    if(!(profile_path = pdb_get_profile_path(sampass)))
+      profile_path = empty;
+
+    set_single_attribute(obj, NPF_PROFILE_PATH,
+			 profile_path, strlen(profile_path), 0);
+    
+    set_single_attribute(obj, NPF_ACCT_DESC,
+			 acct_desc, strlen(acct_desc), 0);
+    
+    if(!(workstations = pdb_get_workstations(sampass)))
+      workstations = empty;
+    
+    set_single_attribute(obj, NPF_WORKSTATIONS,	
+			 workstations, strlen(workstations), 0);
+    
+    /* set_single_attribute will add 1 for len ... */
+    set_single_attribute(obj, NPF_HOURS,
+			 pdb_get_hours(sampass),
+			 pdb_get_hours_len(sampass)-1, 0);
+  }
+  
+  return need_to_modify;
+}
+
+/***************************************************************
+ calls nis_list, returns results.
+ ****************************************************************/
+static nis_result *nisp_get_nis_list(const char *nis_name, unsigned int flags)
+{
+	nis_result *result;
+	int i;
+
+	if( ! flags)
+	  flags = FOLLOW_LINKS|FOLLOW_PATH|EXPAND_NAME|HARD_LOOKUP;
+
+	for(i = 0; i<2;i++ ) {
+	  alarm(60);		/* hopefully ok for long searches */
+	  result = nis_list(nis_name, flags,NULL,NULL);
+
+	  alarm(0);
+	  CatchSignal(SIGALRM, SIGNAL_CAST SIG_DFL);
+
+	  if (gotalarm)
+	  {
+		DEBUG(0,("NIS+ lookup time out\n"));
+		nis_freeresult(result);
+		return NULL;
+	  }
+	  if( !(flags & MASTER_ONLY) && NIS_RES_NUMOBJ(result) <= 0 ) {
+	    /* nis replicas are not in sync perhaps?
+             * this can happen, if account was just added.
+             */
+	    DEBUG(10,("will try master only\n"));
+            nis_freeresult(result);
+            flags |= MASTER_ONLY;
+          } else
+            break;
+	}
+	return result;
+}
+
+/***************************************************************
+ Start to enumerate the nisplus passwd list.
+ ****************************************************************/
+BOOL pdb_setsampwent(BOOL update)
+{
+	char *sp, * p = lp_smb_passwd_file();
+	pstring pfiletmp;
+
+	if( (sp = strrchr( p, '/' )) )
+	  safe_strcpy(pfiletmp, sp+1, sizeof(pfiletmp)-1);
+	else
+	  safe_strcpy(pfiletmp, p, sizeof(pfiletmp)-1);
+	safe_strcat(pfiletmp, ".org_dir", sizeof(pfiletmp)-strlen(pfiletmp)-1);
+
+	pdb_endsampwent();	/* just in case */
+	global_nisp_ent.result = nisp_get_nis_list( pfiletmp, 0 );
+	global_nisp_ent.enum_entry = 0;
+	return global_nisp_ent.result != NULL ? True : False;
+}
+
+/***************************************************************
+ End enumeration of the nisplus passwd list.
+****************************************************************/
+void pdb_endsampwent(void)
+{
+  if( global_nisp_ent.result )
+    nis_freeresult(global_nisp_ent.result);
+  global_nisp_ent.result = NULL;
+  global_nisp_ent.enum_entry = 0;
+}
+
+/*************************************************************************
+ Routine to return the next entry in the nisplus passwd list.
+ *************************************************************************/
+BOOL pdb_getsampwent(SAM_ACCOUNT *user)
+{
+  int enum_entry = (int)(global_nisp_ent.enum_entry);
+  nis_result *result = global_nisp_ent.result;
+  
+  if (user==NULL) {
+	DEBUG(0,("SAM_ACCOUNT is NULL.\n"));
+	return False;
+  }
+
+  if (result == NULL ||
+      enum_entry < 0 || enum_entry >= (NIS_RES_NUMOBJ(result) - 1))
+  {
+	return False;
+  } 
+
+  if(!make_sam_from_nisp_object(user, &NIS_RES_OBJECT(result)[enum_entry]) )
+  {
+    DEBUG(0,("Bad SAM_ACCOUNT entry returned from NIS+!\n"));
+	return False;
+  }
+  (int)(global_nisp_ent.enum_entry)++;
+  return True;
+}
+
+/*************************************************************************
+ Routine to search the nisplus passwd file for an entry matching the username
+ *************************************************************************/
+BOOL pdb_getsampwnam(SAM_ACCOUNT * user, const char *sname)
+{
+	/* Static buffers we will return. */
+	nis_result *result = NULL;
+	pstring nisname;
+	BOOL ret;
+	char *pfile = lp_smb_passwd_file();
+        int i;
+
+	if (!*pfile)
+	{
+		DEBUG(0, ("No SMB password file set\n"));
+		return False;
+	}
+	if( strrchr( pfile, '/') )
+                pfile = strrchr( pfile, '/') + 1;
+
+	slprintf(nisname, sizeof(nisname)-1, "[name=%s],%s.org_dir", sname, pfile);
+	DEBUG(10, ("search by nisname: %s\n", nisname));
+
+	/* Search the table. */
+
+	if(!(result = nisp_get_nis_list(nisname, 0)))
+	{
+		return False;
+  	}
+
+	ret = make_sam_from_nisresult(user, result);
+	nis_freeresult(result);
+
+	return ret;
+}
+
+/*************************************************************************
+ Routine to search the nisplus passwd file for an entry matching the username
+ *************************************************************************/
+BOOL pdb_getsampwrid(SAM_ACCOUNT * user, uint32 rid)
+{
+	nis_result *result;
+	char *nisname;
+	BOOL ret;
+	char *sp, *p = lp_smb_passwd_file();
+	pstring pfiletmp;
+
+	if (!*p)
+	{
+		DEBUG(0, ("no SMB password file set\n"));
+		return False;
+	}
+
+	if( (sp = strrchr( p, '/' )) )
+          safe_strcpy(pfiletmp, sp+1, sizeof(pfiletmp)-1);
+        else
+          safe_strcpy(pfiletmp, p, sizeof(pfiletmp)-1);
+        safe_strcat(pfiletmp, ".org_dir", sizeof(pfiletmp)-strlen(pfiletmp)-1);
+
+	nisname = make_nisname_from_user_rid(rid, pfiletmp);
+
+	DEBUG(10, ("search by rid: %s\n", nisname));
+
+	/* Search the table. */
+
+	if(!(result = nisp_get_nis_list(nisname, 0)))
+	{
+		return False;
+	}
+
+	ret = make_sam_from_nisresult(user, result);
+	nis_freeresult(result);
+
+	return ret;
+}
+
+/*************************************************************************
+ Routine to remove entry from the nisplus smbpasswd table
+ *************************************************************************/
+BOOL pdb_delete_sam_account(SAM_ACCOUNT * user)
+{
+  const char *sname;
+  char *pfile = lp_smb_passwd_file();
+  pstring nisname;
+  nis_result *result, *delresult;
+  nis_object *obj;
+  int i;
+ 
+  if (!user) {
+	  DEBUG(0, ("no SAM_ACCOUNT specified!\n"));
+	  return False;
+  }
+
+  sname = pdb_get_username(user);
+
+  if (!*pfile)
+    {
+      DEBUG(0, ("no SMB password file set\n"));
+      return False;
+    }
+  if( strrchr( pfile, '/') )
+	  pfile = strrchr( pfile, '/') + 1;
+  
+  slprintf(nisname, sizeof(nisname)-1, "[name=%s],%s.org_dir", sname, pfile);
+  
+  /* Search the table. */
+  
+  if( !(result = nisp_get_nis_list(nisname,
+				   MASTER_ONLY|FOLLOW_LINKS|FOLLOW_PATH|\
+				   EXPAND_NAME|HARD_LOOKUP))) {
+    return False;
+  }
+  
+  if(result->status != NIS_SUCCESS || NIS_RES_NUMOBJ(result) <= 0) {
+    /* User not found. */
+    DEBUG(0,("user not found in NIS+\n"));
+    nis_freeresult(result);
+    return False;
+  }
+
+  obj = NIS_RES_OBJECT(result);
+  slprintf(nisname, sizeof(nisname)-1, "[name=%s],%s.%s", sname, obj->zo_name,
+	   obj->zo_domain);
+
+  DEBUG(10, ("removing name: %s\n", nisname));
+  delresult = nis_remove_entry(nisname, obj, 
+    MASTER_ONLY|REM_MULTIPLE|ALL_RESULTS|FOLLOW_PATH|EXPAND_NAME|HARD_LOOKUP);
+  
+  nis_freeresult(result);
+
+  if(delresult->status != NIS_SUCCESS) {
+    DEBUG(0, ("NIS+ table update failed: %s %s\n",
+          nisname, nis_sperrno(delresult->status)));
+    nis_freeresult(delresult);
+    return False;
+  }
+  nis_freeresult(delresult);
+  return True;
+}
+
+/************************************************************************
+ Routine to add an entry to the nisplus passwd file.
+*************************************************************************/
+BOOL pdb_add_sam_account(SAM_ACCOUNT * newpwd)
+{
+  int local_user = 0;
+  char           *pfile;
+  pstring	  pfiletmp;
+  char           *nisname;
+  nis_result     *result = NULL,
+    *tblresult = NULL;
+  nis_object new_obj;
+  entry_col *ecol;
+  int ta_maxcol;
+  
+  /*
+   * 1. find user domain.
+   *   a. try nis search in passwd.org_dir - if found use domain from result.
+   *   b. try getpwnam. this may be needed if user is defined
+   *      in /etc/passwd file (or elsewere) and not in passwd.org_dir.
+   *      if found, use host default domain.
+   *   c. exit with False - no such user.
+   *
+   * 2. add user
+   *   a. find smbpasswd table
+   *      search pfile in user domain if not found, try host default
+   *      domain. 
+   *   b. smbpasswd domain is found, fill data and add entry.
+   *
+   * pfile should contain ONLY table name, org_dir will be concated.
+   * so, at first we will clear path prefix from pfile, and
+   * then we will use pfiletmp as playground to put together full
+   * nisname string.
+   * such approach will make it possible to specify samba private dir
+   * AND still use NIS+ table. as all domain related data is normally
+   * stored in org_dir.DOMAIN, this should be ok do do.
+   */
+
+  pfile = lp_smb_passwd_file();
+  if( strrchr( pfile, '/') )
+    pfile = strrchr( pfile, '/') + 1;
+
+  /*
+   * Check if user is already there.
+   */
+  safe_strcpy(pfiletmp, pfile, sizeof(pfiletmp)-1);
+  safe_strcat(pfiletmp, ".org_dir",
+	      sizeof(pfiletmp)-strlen(pfiletmp)-1);
+
+  if(pdb_get_username(newpwd) != NULL) {
+    nisname = make_nisname_from_name(pdb_get_username(newpwd),
+				     pfiletmp);
+  } else {
+    return False;
+  }
+
+  if(!(result = nisp_get_nis_list(nisname, MASTER_ONLY|FOLLOW_LINKS|\
+				  FOLLOW_PATH|EXPAND_NAME|HARD_LOOKUP))) {
+    return False;
+  }
+  if (result->status != NIS_SUCCESS && 
+      result->status != NIS_NOTFOUND) {
+    DEBUG(3, ( "nis_list failure: %s: %s\n",
+	       nisname,  nis_sperrno(result->status)));
+    nis_freeresult(result);
+    return False;
+  }   
+
+  if (result->status == NIS_SUCCESS && NIS_RES_NUMOBJ(result) > 0)
+    {
+      DEBUG(3, ("User already exists in NIS+ password db: %s\n",
+		pfile));
+      nis_freeresult(result);
+      return False;
+    }
+
+  nis_freeresult(result); /* no such user, free results */
+
+  /*
+   * check for user in unix password database. we need this to get
+   * domain, where smbpasswd entry should be stored.
+   */
+
+  nisname = make_nisname_from_name(pdb_get_username(newpwd),
+				     "passwd.org_dir");
+  
+  result = nisp_get_nis_list(nisname,
+			     MASTER_ONLY|FOLLOW_LINKS|FOLLOW_PATH|\
+			     EXPAND_NAME|HARD_LOOKUP);
+  
+  if (result->status != NIS_SUCCESS || NIS_RES_NUMOBJ(result) <= 0)
+    {
+      struct passwd *passwd;
+      DEBUG(3, ("nis_list failure: %s: %s\n", 
+		nisname,  nis_sperrno(result->status)));
+      nis_freeresult(result);
+
+      if (!(passwd = getpwnam_alloc(pdb_get_username(newpwd)))) {
+	/* no such user in system! */
+	return False;
+      }
+      passwd_free(&passwd);
+
+	/* 
+	 * user is defined, but not in passwd.org_dir.
+	 */
+      local_user = 1;
+    } else {
+      safe_strcpy(pfiletmp, pfile, sizeof(pfiletmp)-1);
+      safe_strcat(pfiletmp, ".", sizeof(pfiletmp)-strlen(pfiletmp)-1);
+      safe_strcat(pfiletmp, NIS_RES_OBJECT(result)->zo_domain,
+		  sizeof(pfiletmp)-strlen(pfiletmp)-1);
+      nis_freeresult(result); /* not needed any more */
+
+      tblresult = nisp_get_nis_list(pfiletmp,
+				    MASTER_ONLY|FOLLOW_LINKS|\
+				    FOLLOW_PATH|EXPAND_NAME|HARD_LOOKUP); 
+    }
+
+  if (local_user || tblresult->status != NIS_SUCCESS)
+    {
+      /*
+       * no user domain or
+       * smbpasswd table not found in user domain, fallback to
+       * default domain.
+       */
+      if (!local_user) /* free previous failed search result */
+	nis_freeresult(tblresult);
+      
+      safe_strcpy(pfiletmp, pfile, sizeof(pfiletmp)-1);
+      safe_strcat(pfiletmp, ".org_dir",
+		  sizeof(pfiletmp)-strlen(pfiletmp)-1);
+      tblresult = nis_lookup(pfiletmp, MASTER_ONLY|FOLLOW_LINKS|\
+			     FOLLOW_PATH|EXPAND_NAME|HARD_LOOKUP);
+      if (tblresult->status != NIS_SUCCESS)
+	{
+	    /* still nothing. bail out */
+	  nis_freeresult(tblresult);
+	  DEBUG(3, ( "nis_lookup failure: %s\n",
+		     nis_sperrno(tblresult->status)));
+	  return False;
+	}
+      /* we need full name for nis_add_entry() */
+      safe_strcpy(pfiletmp, pfile, sizeof(pfiletmp)-1);
+      safe_strcat(pfiletmp, ".", sizeof(pfiletmp)-strlen(pfiletmp)-1);
+      safe_strcat(pfiletmp, NIS_RES_OBJECT(tblresult)->zo_domain,
+		  sizeof(pfiletmp)-strlen(pfiletmp)-1);
+    }
+
+  memset((char *)&new_obj, 0, sizeof (new_obj));
+  /* fill entry headers */
+  /* we do not free these. */
+  new_obj.zo_name   = NIS_RES_OBJECT(tblresult)->zo_name;
+  new_obj.zo_owner  = NIS_RES_OBJECT(tblresult)->zo_owner;
+  new_obj.zo_group  = NIS_RES_OBJECT(tblresult)->zo_group;
+  new_obj.zo_domain = NIS_RES_OBJECT(tblresult)->zo_domain;
+  /* uints */
+  new_obj.zo_access = NIS_RES_OBJECT(tblresult)->zo_access;
+  new_obj.zo_ttl    = NIS_RES_OBJECT(tblresult)->zo_ttl;
+
+  new_obj.zo_data.zo_type = ENTRY_OBJ;
+  new_obj.EN_data.en_type =
+    NIS_RES_OBJECT(tblresult)->TA_data.ta_type;
+
+  ta_maxcol = NIS_RES_OBJECT(tblresult)->TA_data.ta_maxcol;
+  
+  if(!(ecol = (entry_col*)malloc(ta_maxcol*sizeof(entry_col)))) {
+    DEBUG(0, ("memory allocation failure\n"));
+    nis_freeresult(tblresult);
+    return False;
+  }
+  
+  memset((char *)ecol, 0, ta_maxcol*sizeof (entry_col));
+  new_obj.EN_data.en_cols.en_cols_val = ecol;
+  new_obj.EN_data.en_cols.en_cols_len = ta_maxcol;
+  
+  init_nisp_from_sam(&new_obj, newpwd, NULL);
+  
+  DEBUG(10, ( "add NIS+ entry: %s\n", nisname));
+  result = nis_add_entry(pfiletmp, &new_obj, 0);
+
+  free(ecol); /* free allocated entry space */
+  
+  if (result->status != NIS_SUCCESS)
+    {
+      DEBUG(3, ( "NIS+ table update failed: %s\n",
+		 nisname, nis_sperrno(result->status)));
+      nis_freeresult(tblresult);
+      nis_freeresult(result);
+      return False;
+    }
+  
+  nis_freeresult(tblresult);
+  nis_freeresult(result);
+  
+  return True;
+}
+
+/************************************************************************
+ Routine to modify the nisplus passwd entry.
+************************************************************************/
+BOOL pdb_update_sam_account(SAM_ACCOUNT * newpwd)
+{
+  nis_result *result, *addresult;
+  nis_object *obj;
+  nis_object new_obj;
+  entry_col *ecol;
+  int ta_maxcol;
+  char *pfile = lp_smb_passwd_file();
+  pstring nisname;
+  int i;
+
+  if (!*pfile)
+    {
+      DEBUG(0, ("no SMB password file set\n"));
+      return False;
+    }
+  if( strrchr( pfile, '/') )
+	  pfile = strrchr( pfile, '/') + 1;
+  
+  slprintf(nisname, sizeof(nisname)-1, "[name=%s],%s.org_dir",
+	   pdb_get_username(newpwd), pfile);
+  
+  DEBUG(10, ("search by name: %s\n", nisname));
+  
+  /* Search the table. */
+  
+  if( !(result = nisp_get_nis_list(nisname, MASTER_ONLY|FOLLOW_LINKS|\
+				   FOLLOW_PATH|EXPAND_NAME|HARD_LOOKUP))) {
+    return False;
+  }
+  
+  if(result->status != NIS_SUCCESS || NIS_RES_NUMOBJ(result) <= 0) {
+    /* User not found. */
+    DEBUG(0,("user not found in NIS+\n"));
+    nis_freeresult(result);
+    return False;
+  }
+
+  obj = NIS_RES_OBJECT(result);
+  DEBUG(6,("entry found in %s\n", obj->zo_domain));
+
+  /* we must create new stub object with EN_MODIFIED flag.
+     this is because obj from result is going to be freed and
+     we do not want to break it or cause memory leaks or corruption.
+  */
+  
+  memmove((char *)&new_obj, obj, sizeof (new_obj));
+  ta_maxcol = obj->TA_data.ta_maxcol;
+  
+  if(!(ecol = (entry_col*)malloc(ta_maxcol*sizeof(entry_col)))) {
+    DEBUG(0, ("memory allocation failure\n"));
+    nis_freeresult(result);
+    return False;
+  }
+
+  memmove((char *)ecol, obj->EN_data.en_cols.en_cols_val,
+	  ta_maxcol*sizeof (entry_col));
+  new_obj.EN_data.en_cols.en_cols_val = ecol;
+  new_obj.EN_data.en_cols.en_cols_len = ta_maxcol;
+
+  if ( init_nisp_from_sam(&new_obj, newpwd, obj) == True ) {
+    slprintf(nisname, sizeof(nisname)-1, "[name=%s],%s.%s",
+	   pdb_get_username(newpwd), pfile, obj->zo_domain);
+
+    DEBUG(10, ("NIS+ table update: %s\n", nisname));
+    addresult =
+      nis_modify_entry(nisname, &new_obj, 
+		  MOD_SAMEOBJ | FOLLOW_PATH | EXPAND_NAME | HARD_LOOKUP);
+  
+    if(addresult->status != NIS_SUCCESS) {
+      DEBUG(0, ("NIS+ table update failed: %s %s\n",
+		nisname, nis_sperrno(addresult->status)));
+      nis_freeresult(addresult);
+      nis_freeresult(result);
+      free(ecol);
+      return False;
+    }
+    
+    DEBUG(6,("password changed\n"));
+    nis_freeresult(addresult);
+  } else {
+    DEBUG(6,("nothing to change!\n"));
+  }
+
+  free(ecol);
+  nis_freeresult(result);
+  
+  return True;
+}
+ 
+#else
+ void nisplus_dummy_function(void);
+ void nisplus_dummy_function(void) { } /* stop some compilers complaining */
+#endif /* WITH_NISPLUSSAM */
diff --git a/source3/passdb/pdb_plugin.c b/source3/passdb/pdb_plugin.c
new file mode 100644
index 0000000000..1de61abd5f
--- /dev/null
+++ b/source3/passdb/pdb_plugin.c
@@ -0,0 +1,59 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Loadable passdb module interface.
+   Copyright (C) Jelmer Vernooij 2002
+   Copyright (C) Andrew Bartlett 2002
+      
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+NTSTATUS pdb_init_plugin(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
+{
+	void * dl_handle;
+	char *plugin_location, *plugin_name, *p;
+	pdb_init_function plugin_init;
+
+	if (location == NULL) {
+		DEBUG(0, ("The plugin module needs an argument!\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	plugin_name = smb_xstrdup(location);
+	p = strchr(plugin_name, ':');
+	if (p) {
+		*p = 0;
+		plugin_location = p+1;
+		trim_string(plugin_location, " ", " ");
+	} else plugin_location = NULL;
+	trim_string(plugin_name, " ", " ");
+
+	DEBUG(5, ("Trying to load sam plugin %s\n", plugin_name));
+	dl_handle = sys_dlopen(plugin_name, RTLD_NOW | RTLD_GLOBAL );
+	if (!dl_handle) {
+		DEBUG(0, ("Failed to load sam plugin %s using sys_dlopen (%s)\n", plugin_name, sys_dlerror()));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+    
+	plugin_init = sys_dlsym(dl_handle, "pdb_init");
+	if (!plugin_init){
+		DEBUG(0, ("Failed to find function 'pdb_init' using sys_dlsym in sam plugin %s (%s)\n", plugin_name, sys_dlerror()));	    
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	DEBUG(5, ("Starting sam plugin %s with location %s\n", plugin_name, plugin_location));
+	return plugin_init(pdb_context, pdb_method, plugin_location);
+}
diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c
new file mode 100644
index 0000000000..89a4217c3b
--- /dev/null
+++ b/source3/passdb/pdb_smbpasswd.c
@@ -0,0 +1,1660 @@
+/*
+ * Unix SMB/CIFS implementation. 
+ * SMB parameters and setup
+ * Copyright (C) Andrew Tridgell 1992-1998 
+ * Modified by Jeremy Allison 1995.
+ * Modified by Gerald (Jerry) Carter 2000-2001
+ * Modified by Andrew Bartlett 2002.
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 675
+ * Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+
+/* 
+   smb_passwd is analogous to sam_passwd used everywhere
+   else.  However, smb_passwd is limited to the information
+   stored by an smbpasswd entry 
+ */
+ 
+struct smb_passwd
+{
+        BOOL smb_userid_set;     /* this is actually the unix uid_t */
+        uint32 smb_userid;     /* this is actually the unix uid_t */
+        const char *smb_name;     /* username string */
+
+        const unsigned char *smb_passwd; /* Null if no password */
+        const unsigned char *smb_nt_passwd; /* Null if no password */
+
+        uint16 acct_ctrl; /* account info (ACB_xxxx bit-mask) */
+        time_t pass_last_set_time;    /* password last set time */
+};
+
+struct smbpasswd_privates
+{
+	/* used for maintain locks on the smbpasswd file */
+	int 	pw_file_lock_depth;
+	
+	/* Global File pointer */
+	FILE 	*pw_file;
+	
+	/* formerly static variables */
+	struct smb_passwd pw_buf;
+	pstring  user_name;
+	unsigned char smbpwd[16];
+	unsigned char smbntpwd[16];
+
+	/* retrive-once info */
+	const char *smbpasswd_file;
+
+	BOOL permit_non_unix_accounts;
+
+	uint32 low_nua_userid; 
+	uint32 high_nua_userid; 
+
+};
+
+enum pwf_access_type { PWF_READ, PWF_UPDATE, PWF_CREATE };
+
+/*******************************************************************
+ Converts NT user RID to a UNIX uid.
+ ********************************************************************/
+
+static uid_t pdb_user_rid_to_uid(uint32 user_rid)
+{
+	return (uid_t)(((user_rid & (~USER_RID_TYPE))- 1000)/RID_MULTIPLIER);
+}
+
+/*******************************************************************
+ converts UNIX uid to an NT User RID.
+ ********************************************************************/
+
+static uint32 pdb_uid_to_user_rid(uid_t uid)
+{
+	return (((((uint32)uid)*RID_MULTIPLIER) + 1000) | USER_RID_TYPE);
+}
+
+/***************************************************************
+ Lock an fd. Abandon after waitsecs seconds.
+****************************************************************/
+
+static BOOL pw_file_lock(int fd, int type, int secs, int *plock_depth)
+{
+  if (fd < 0)
+    return False;
+
+  if(*plock_depth == 0) {
+    if (!do_file_lock(fd, secs, type)) {
+      DEBUG(10,("pw_file_lock: locking file failed, error = %s.\n",
+                 strerror(errno)));
+      return False;
+    }
+  }
+
+  (*plock_depth)++;
+
+  return True;
+}
+
+/***************************************************************
+ Unlock an fd. Abandon after waitsecs seconds.
+****************************************************************/
+
+static BOOL pw_file_unlock(int fd, int *plock_depth)
+{
+  BOOL ret=True;
+
+  if(*plock_depth == 1)
+    ret = do_file_lock(fd, 5, F_UNLCK);
+
+  if (*plock_depth > 0)
+    (*plock_depth)--;
+
+  if(!ret)
+    DEBUG(10,("pw_file_unlock: unlocking file failed, error = %s.\n",
+                 strerror(errno)));
+  return ret;
+}
+
+
+/**************************************************************
+ Intialize a smb_passwd struct
+ *************************************************************/
+
+static void pdb_init_smb(struct smb_passwd *user)
+{
+	if (user == NULL) 
+		return;
+	ZERO_STRUCTP (user);
+	
+	user->pass_last_set_time = (time_t)0;
+}
+
+/***************************************************************
+ Internal fn to enumerate the smbpasswd list. Returns a void pointer
+ to ensure no modification outside this module. Checks for atomic
+ rename of smbpasswd file on update or create once the lock has
+ been granted to prevent race conditions. JRA.
+****************************************************************/
+
+static FILE *startsmbfilepwent(const char *pfile, enum pwf_access_type type, int *lock_depth)
+{
+  FILE *fp = NULL;
+  const char *open_mode = NULL;
+  int race_loop = 0;
+  int lock_type = F_RDLCK;
+
+  if (!*pfile) {
+    DEBUG(0, ("startsmbfilepwent: No SMB password file set\n"));
+    return (NULL);
+  }
+
+  switch(type) {
+  case PWF_READ:
+    open_mode = "rb";
+    lock_type = F_RDLCK;
+    break;
+  case PWF_UPDATE:
+    open_mode = "r+b";
+    lock_type = F_WRLCK;
+    break;
+  case PWF_CREATE:
+    /*
+     * Ensure atomic file creation.
+     */
+    {
+      int i, fd = -1;
+
+      for(i = 0; i < 5; i++) {
+        if((fd = sys_open(pfile, O_CREAT|O_TRUNC|O_EXCL|O_RDWR, 0600))!=-1)
+          break;
+        sys_usleep(200); /* Spin, spin... */
+      }
+      if(fd == -1) {
+        DEBUG(0,("startsmbfilepwent_internal: too many race conditions creating file %s\n", pfile));
+        return NULL;
+      }
+      close(fd);
+      open_mode = "r+b";
+      lock_type = F_WRLCK;
+      break;
+    }
+  }
+		       
+  for(race_loop = 0; race_loop < 5; race_loop++) {
+    DEBUG(10, ("startsmbfilepwent_internal: opening file %s\n", pfile));
+
+    if((fp = sys_fopen(pfile, open_mode)) == NULL) {
+      DEBUG(2, ("startsmbfilepwent_internal: unable to open file %s. Error was %s\n", pfile, strerror(errno) ));
+      return NULL;
+    }
+
+    if (!pw_file_lock(fileno(fp), lock_type, 5, lock_depth)) {
+      DEBUG(0, ("startsmbfilepwent_internal: unable to lock file %s. Error was %s\n", pfile, strerror(errno) ));
+      fclose(fp);
+      return NULL;
+    }
+
+    /*
+     * Only check for replacement races on update or create.
+     * For read we don't mind if the data is one record out of date.
+     */
+
+    if(type == PWF_READ) {
+      break;
+    } else {
+      SMB_STRUCT_STAT sbuf1, sbuf2;
+
+      /*
+       * Avoid the potential race condition between the open and the lock
+       * by doing a stat on the filename and an fstat on the fd. If the
+       * two inodes differ then someone did a rename between the open and
+       * the lock. Back off and try the open again. Only do this 5 times to
+       * prevent infinate loops. JRA.
+       */
+
+      if (sys_stat(pfile,&sbuf1) != 0) {
+        DEBUG(0, ("startsmbfilepwent_internal: unable to stat file %s. Error was %s\n", pfile, strerror(errno)));
+        pw_file_unlock(fileno(fp), lock_depth);
+        fclose(fp);
+        return NULL;
+      }
+
+      if (sys_fstat(fileno(fp),&sbuf2) != 0) {
+        DEBUG(0, ("startsmbfilepwent_internal: unable to fstat file %s. Error was %s\n", pfile, strerror(errno)));
+        pw_file_unlock(fileno(fp), lock_depth);
+        fclose(fp);
+        return NULL;
+      }
+
+      if( sbuf1.st_ino == sbuf2.st_ino) {
+        /* No race. */
+        break;
+      }
+
+      /*
+       * Race occurred - back off and try again...
+       */
+
+      pw_file_unlock(fileno(fp), lock_depth);
+      fclose(fp);
+    }
+  }
+
+  if(race_loop == 5) {
+    DEBUG(0, ("startsmbfilepwent_internal: too many race conditions opening file %s\n", pfile));
+    return NULL;
+  }
+
+  /* Set a buffer to do more efficient reads */
+  setvbuf(fp, (char *)NULL, _IOFBF, 1024);
+
+  /* Make sure it is only rw by the owner */
+  if(fchmod(fileno(fp), S_IRUSR|S_IWUSR) == -1) {
+    DEBUG(0, ("startsmbfilepwent_internal: failed to set 0600 permissions on password file %s. \
+Error was %s\n.", pfile, strerror(errno) ));
+    pw_file_unlock(fileno(fp), lock_depth);
+    fclose(fp);
+    return NULL;
+  }
+
+  /* We have a lock on the file. */
+  return fp;
+}
+
+/***************************************************************
+ End enumeration of the smbpasswd list.
+****************************************************************/
+static void endsmbfilepwent(FILE *fp, int *lock_depth)
+{
+
+  pw_file_unlock(fileno(fp), lock_depth);
+  fclose(fp);
+  DEBUG(7, ("endsmbfilepwent_internal: closed password file.\n"));
+}
+
+/*************************************************************************
+ Routine to return the next entry in the smbpasswd list.
+ *************************************************************************/
+
+static struct smb_passwd *getsmbfilepwent(struct smbpasswd_privates *smbpasswd_state, FILE *fp)
+{
+  /* Static buffers we will return. */
+  struct smb_passwd *pw_buf = &smbpasswd_state->pw_buf;
+  char  *user_name = smbpasswd_state->user_name;
+  unsigned char *smbpwd = smbpasswd_state->smbpwd;
+  unsigned char *smbntpwd = smbpasswd_state->smbntpwd;
+  char            linebuf[256];
+  unsigned char   c;
+  unsigned char  *p;
+  long            uidval;
+  size_t            linebuf_len;
+
+  if(fp == NULL) {
+    DEBUG(0,("getsmbfilepwent: Bad password file pointer.\n"));
+    return NULL;
+  }
+
+  pdb_init_smb(pw_buf);
+
+  pw_buf->acct_ctrl = ACB_NORMAL;  
+
+  /*
+   * Scan the file, a line at a time and check if the name matches.
+   */
+  while (!feof(fp)) {
+    linebuf[0] = '\0';
+
+    fgets(linebuf, 256, fp);
+    if (ferror(fp)) {
+      return NULL;
+    }
+
+    /*
+     * Check if the string is terminated with a newline - if not
+     * then we must keep reading and discard until we get one.
+     */
+    if ((linebuf_len = strlen(linebuf)) == 0)
+		continue;
+
+    if (linebuf[linebuf_len - 1] != '\n') {
+      c = '\0';
+      while (!ferror(fp) && !feof(fp)) {
+        c = fgetc(fp);
+        if (c == '\n')
+          break;
+      }
+    } else
+      linebuf[linebuf_len - 1] = '\0';
+
+#ifdef DEBUG_PASSWORD
+    DEBUG(100, ("getsmbfilepwent: got line |%s|\n", linebuf));
+#endif
+    if ((linebuf[0] == 0) && feof(fp)) {
+      DEBUG(4, ("getsmbfilepwent: end of file reached\n"));
+      break;
+    }
+    /*
+     * The line we have should be of the form :-
+     * 
+     * username:uid:32hex bytes:[Account type]:LCT-12345678....other flags presently
+     * ignored....
+     * 
+     * or,
+     *
+     * username:uid:32hex bytes:32hex bytes:[Account type]:LCT-12345678....ignored....
+     *
+     * if Windows NT compatible passwords are also present.
+     * [Account type] is an ascii encoding of the type of account.
+     * LCT-(8 hex digits) is the time_t value of the last change time.
+     */
+
+    if (linebuf[0] == '#' || linebuf[0] == '\0') {
+      DEBUG(6, ("getsmbfilepwent: skipping comment or blank line\n"));
+      continue;
+    }
+    p = (unsigned char *) strchr_m(linebuf, ':');
+    if (p == NULL) {
+      DEBUG(0, ("getsmbfilepwent: malformed password entry (no :)\n"));
+      continue;
+    }
+    /*
+     * As 256 is shorter than a pstring we don't need to check
+     * length here - if this ever changes....
+     */
+    strncpy(user_name, linebuf, PTR_DIFF(p, linebuf));
+    user_name[PTR_DIFF(p, linebuf)] = '\0';
+
+    /* Get smb uid. */
+
+    p++;		/* Go past ':' */
+
+    if(*p == '-') {
+      DEBUG(0, ("getsmbfilepwent: uids in the smbpasswd file must not be negative.\n"));
+      continue;
+    }
+
+    if (!isdigit(*p)) {
+      DEBUG(0, ("getsmbfilepwent: malformed password entry (uid not number)\n"));
+      continue;
+    }
+
+    uidval = atoi((char *) p);
+
+    while (*p && isdigit(*p))
+      p++;
+
+    if (*p != ':') {
+      DEBUG(0, ("getsmbfilepwent: malformed password entry (no : after uid)\n"));
+      continue;
+    }
+
+    pw_buf->smb_name = user_name;
+    pw_buf->smb_userid = uidval;
+
+    /*
+     * Now get the password value - this should be 32 hex digits
+     * which are the ascii representations of a 16 byte string.
+     * Get two at a time and put them into the password.
+     */
+
+    /* Skip the ':' */
+    p++;
+
+    if (*p == '*' || *p == 'X') {
+      /* Password deliberately invalid - end here. */
+      DEBUG(10, ("getsmbfilepwent: entry invalidated for user %s\n", user_name));
+      pw_buf->smb_nt_passwd = NULL;
+      pw_buf->smb_passwd = NULL;
+      pw_buf->acct_ctrl |= ACB_DISABLED;
+      return pw_buf;
+    }
+
+    if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) {
+      DEBUG(0, ("getsmbfilepwent: malformed password entry (passwd too short)\n"));
+      continue;
+    }
+
+    if (p[32] != ':') {
+      DEBUG(0, ("getsmbfilepwent: malformed password entry (no terminating :)\n"));
+      continue;
+    }
+
+    if (!strncasecmp((char *) p, "NO PASSWORD", 11)) {
+      pw_buf->smb_passwd = NULL;
+      pw_buf->acct_ctrl |= ACB_PWNOTREQ;
+    } else {
+      if (!pdb_gethexpwd((char *)p, smbpwd)) {
+        DEBUG(0, ("getsmbfilepwent: Malformed Lanman password entry (non hex chars)\n"));
+        continue;
+      }
+      pw_buf->smb_passwd = smbpwd;
+    }
+
+    /* 
+     * Now check if the NT compatible password is
+     * available.
+     */
+    pw_buf->smb_nt_passwd = NULL;
+
+    p += 33; /* Move to the first character of the line after
+                the lanman password. */
+    if ((linebuf_len >= (PTR_DIFF(p, linebuf) + 33)) && (p[32] == ':')) {
+      if (*p != '*' && *p != 'X') {
+        if(pdb_gethexpwd((char *)p,smbntpwd))
+          pw_buf->smb_nt_passwd = smbntpwd;
+      }
+      p += 33; /* Move to the first character of the line after
+                  the NT password. */
+    }
+
+    DEBUG(5,("getsmbfilepwent: returning passwd entry for user %s, uid %ld\n",
+	     user_name, uidval));
+
+    if (*p == '[')
+	{
+      unsigned char *end_p = (unsigned char *)strchr_m((char *)p, ']');
+      pw_buf->acct_ctrl = pdb_decode_acct_ctrl((char*)p);
+
+      /* Must have some account type set. */
+      if(pw_buf->acct_ctrl == 0)
+        pw_buf->acct_ctrl = ACB_NORMAL;
+
+      /* Now try and get the last change time. */
+      if(end_p)
+        p = end_p + 1;
+      if(*p == ':') {
+        p++;
+        if(*p && (StrnCaseCmp((char *)p, "LCT-", 4)==0)) {
+          int i;
+          p += 4;
+          for(i = 0; i < 8; i++) {
+            if(p[i] == '\0' || !isxdigit(p[i]))
+              break;
+          }
+          if(i == 8) {
+            /*
+             * p points at 8 characters of hex digits - 
+             * read into a time_t as the seconds since
+             * 1970 that the password was last changed.
+             */
+            pw_buf->pass_last_set_time = (time_t)strtol((char *)p, NULL, 16);
+          }
+        }
+      }
+    } else {
+      /* 'Old' style file. Fake up based on user name. */
+      /*
+       * Currently trust accounts are kept in the same
+       * password file as 'normal accounts'. If this changes
+       * we will have to fix this code. JRA.
+       */
+      if(pw_buf->smb_name[strlen(pw_buf->smb_name) - 1] == '$') {
+        pw_buf->acct_ctrl &= ~ACB_NORMAL;
+        pw_buf->acct_ctrl |= ACB_WSTRUST;
+      }
+    }
+
+    return pw_buf;
+  }
+
+  DEBUG(5,("getsmbfilepwent: end of file reached.\n"));
+  return NULL;
+}
+
+/************************************************************************
+ Create a new smbpasswd entry - malloced space returned.
+*************************************************************************/
+
+static char *format_new_smbpasswd_entry(const struct smb_passwd *newpwd)
+{
+  int new_entry_length;
+  char *new_entry;
+  char *p;
+  int i;
+
+  new_entry_length = strlen(newpwd->smb_name) + 1 + 15 + 1 + 32 + 1 + 32 + 1 + NEW_PW_FORMAT_SPACE_PADDED_LEN + 1 + 13 + 2;
+
+  if((new_entry = (char *)malloc( new_entry_length )) == NULL) {
+    DEBUG(0, ("format_new_smbpasswd_entry: Malloc failed adding entry for user %s.\n", newpwd->smb_name ));
+    return NULL;
+  }
+
+  slprintf(new_entry, new_entry_length - 1, "%s:%u:", newpwd->smb_name, (unsigned)newpwd->smb_userid);
+  p = &new_entry[strlen(new_entry)];
+
+  if(newpwd->smb_passwd != NULL) {
+    for( i = 0; i < 16; i++) {
+      slprintf((char *)&p[i*2], new_entry_length - (p - new_entry) - 1, "%02X", newpwd->smb_passwd[i]);
+    }
+  } else {
+    i=0;
+    if(newpwd->acct_ctrl & ACB_PWNOTREQ)
+      safe_strcpy((char *)p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry));
+    else
+      safe_strcpy((char *)p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry));
+  }
+  
+  p += 32;
+
+  *p++ = ':';
+
+  if(newpwd->smb_nt_passwd != NULL) {
+    for( i = 0; i < 16; i++) {
+      slprintf((char *)&p[i*2], new_entry_length - 1 - (p - new_entry), "%02X", newpwd->smb_nt_passwd[i]);
+    }
+  } else {
+    if(newpwd->acct_ctrl & ACB_PWNOTREQ)
+      safe_strcpy((char *)p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry));
+    else
+      safe_strcpy((char *)p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", new_entry_length - 1 - (p - new_entry));
+  }
+
+  p += 32;
+
+  *p++ = ':';
+
+  /* Add the account encoding and the last change time. */
+  slprintf((char *)p, new_entry_length - 1 - (p - new_entry),  "%s:LCT-%08X:\n",
+           pdb_encode_acct_ctrl(newpwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN),
+           (uint32)newpwd->pass_last_set_time);
+
+  return new_entry;
+}
+
+/************************************************************************
+ Routine to add an entry to the smbpasswd file.
+*************************************************************************/
+
+static BOOL add_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, struct smb_passwd *newpwd)
+{
+  const char *pfile = smbpasswd_state->smbpasswd_file;
+  struct smb_passwd *pwd = NULL;
+  FILE *fp = NULL;
+  int wr_len;
+  int fd;
+  size_t new_entry_length;
+  char *new_entry;
+  SMB_OFF_T offpos;
+  uint32 max_found_uid = 0;
+ 
+  /* Open the smbpassword file - for update. */
+  fp = startsmbfilepwent(pfile, PWF_UPDATE, &(smbpasswd_state->pw_file_lock_depth));
+
+  if (fp == NULL && errno == ENOENT) {
+	/* Try again - create. */
+	fp = startsmbfilepwent(pfile, PWF_CREATE, &(smbpasswd_state->pw_file_lock_depth));
+  }
+
+  if (fp == NULL) {
+    DEBUG(0, ("add_smbfilepwd_entry: unable to open file.\n"));
+    return False;
+  }
+
+  /*
+   * Scan the file, a line at a time and check if the name matches.
+   */
+
+  while ((pwd = getsmbfilepwent(smbpasswd_state, fp)) != NULL) 
+  {
+    if (strequal(newpwd->smb_name, pwd->smb_name)) 
+    {
+      	DEBUG(0, ("add_smbfilepwd_entry: entry with name %s already exists\n", pwd->smb_name));
+      	endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
+      	return False;
+    }
+    
+    /* Look for a free uid for use in non-unix accounts */
+    if (pwd->smb_userid > max_found_uid) {
+           max_found_uid = pwd->smb_userid;
+    }
+   }
+
+  /* Ok - entry doesn't exist. We can add it */
+
+  /* Account not in /etc/passwd hack!!! */
+  if (!newpwd->smb_userid_set) {
+	  if (!smbpasswd_state->permit_non_unix_accounts) {
+		  DEBUG(0, ("add_smbfilepwd_entry: cannot add account %s without unix identity\n", newpwd->smb_name));
+		  endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
+		  return False;
+	  }
+
+	  if (max_found_uid < smbpasswd_state->low_nua_userid) {
+		  newpwd->smb_userid = smbpasswd_state->low_nua_userid;
+		  newpwd->smb_userid_set = True;
+	  } else if (max_found_uid >= smbpasswd_state->high_nua_userid) {
+		  DEBUG(0, ("add_smbfilepwd_entry: cannot add machine %s, no uids are free! \n", newpwd->smb_name));
+		  endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
+		  return False;           
+	  } else {
+		  newpwd->smb_userid = max_found_uid + 1;
+		  newpwd->smb_userid_set = True;
+         }
+  }
+
+
+  /* Create a new smb passwd entry and set it to the given password. */
+  /* 
+   * The add user write needs to be atomic - so get the fd from 
+   * the fp and do a raw write() call.
+   */
+  fd = fileno(fp);
+
+  if((offpos = sys_lseek(fd, 0, SEEK_END)) == -1) 
+  {
+    	DEBUG(0, ("add_smbfilepwd_entry(sys_lseek): Failed to add entry for user %s to file %s. \
+Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
+    	endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
+    	return False;
+  }
+
+  if((new_entry = format_new_smbpasswd_entry(newpwd)) == NULL) 
+  {
+    	DEBUG(0, ("add_smbfilepwd_entry(malloc): Failed to add entry for user %s to file %s. \
+Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
+	endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
+    	return False;
+  }
+
+  new_entry_length = strlen(new_entry);
+
+#ifdef DEBUG_PASSWORD
+  DEBUG(100, ("add_smbfilepwd_entry(%d): new_entry_len %d made line |%s|", 
+		             fd, new_entry_length, new_entry));
+#endif
+
+  if ((wr_len = write(fd, new_entry, new_entry_length)) != new_entry_length) 
+  {
+  	DEBUG(0, ("add_smbfilepwd_entry(write): %d Failed to add entry for user %s to file %s. \
+Error was %s\n", wr_len, newpwd->smb_name, pfile, strerror(errno)));
+
+    	/* Remove the entry we just wrote. */
+    	if(sys_ftruncate(fd, offpos) == -1) 
+	{
+      		DEBUG(0, ("add_smbfilepwd_entry: ERROR failed to ftruncate file %s. \
+Error was %s. Password file may be corrupt ! Please examine by hand !\n", 
+		newpwd->smb_name, strerror(errno)));
+    	}
+
+	endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
+	free(new_entry);
+	return False;
+  }
+
+  free(new_entry);
+  endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
+  return True;
+}
+
+/************************************************************************
+ Routine to search the smbpasswd file for an entry matching the username.
+ and then modify its password entry. We can't use the startsmbpwent()/
+ getsmbpwent()/endsmbpwent() interfaces here as we depend on looking
+ in the actual file to decide how much room we have to write data.
+ override = False, normal
+ override = True, override XXXXXXXX'd out password or NO PASS
+************************************************************************/
+
+static BOOL mod_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, const struct smb_passwd* pwd)
+{
+  /* Static buffers we will return. */
+  char * user_name = smbpasswd_state->user_name;
+
+  char            linebuf[256];
+  char            readbuf[1024];
+  unsigned char   c;
+  fstring         ascii_p16;
+  fstring         encode_bits;
+  unsigned char  *p = NULL;
+  size_t            linebuf_len = 0;
+  FILE           *fp;
+  int             lockfd;
+  const char     *pfile = smbpasswd_state->smbpasswd_file;
+  BOOL found_entry = False;
+  BOOL got_pass_last_set_time = False;
+
+  SMB_OFF_T pwd_seekpos = 0;
+
+  int i;
+  int wr_len;
+  int fd;
+
+  if (!*pfile) {
+    DEBUG(0, ("No SMB password file set\n"));
+    return False;
+  }
+  DEBUG(10, ("mod_smbfilepwd_entry: opening file %s\n", pfile));
+
+  fp = sys_fopen(pfile, "r+");
+
+  if (fp == NULL) {
+    DEBUG(0, ("mod_smbfilepwd_entry: unable to open file %s\n", pfile));
+    return False;
+  }
+  /* Set a buffer to do more efficient reads */
+  setvbuf(fp, readbuf, _IOFBF, sizeof(readbuf));
+
+  lockfd = fileno(fp);
+
+  if (!pw_file_lock(lockfd, F_WRLCK, 5, &(smbpasswd_state->pw_file_lock_depth))) {
+    DEBUG(0, ("mod_smbfilepwd_entry: unable to lock file %s\n", pfile));
+    fclose(fp);
+    return False;
+  }
+
+  /* Make sure it is only rw by the owner */
+  chmod(pfile, 0600);
+
+  /* We have a write lock on the file. */
+  /*
+   * Scan the file, a line at a time and check if the name matches.
+   */
+  while (!feof(fp)) {
+    pwd_seekpos = sys_ftell(fp);
+
+    linebuf[0] = '\0';
+
+    fgets(linebuf, sizeof(linebuf), fp);
+    if (ferror(fp)) {
+      pw_file_unlock(lockfd, &(smbpasswd_state->pw_file_lock_depth));
+      fclose(fp);
+      return False;
+    }
+
+    /*
+     * Check if the string is terminated with a newline - if not
+     * then we must keep reading and discard until we get one.
+     */
+    linebuf_len = strlen(linebuf);
+    if (linebuf[linebuf_len - 1] != '\n') {
+      c = '\0';
+      while (!ferror(fp) && !feof(fp)) {
+        c = fgetc(fp);
+        if (c == '\n') {
+          break;
+        }
+      }
+    } else {
+      linebuf[linebuf_len - 1] = '\0';
+    }
+
+#ifdef DEBUG_PASSWORD
+    DEBUG(100, ("mod_smbfilepwd_entry: got line |%s|\n", linebuf));
+#endif
+
+    if ((linebuf[0] == 0) && feof(fp)) {
+      DEBUG(4, ("mod_smbfilepwd_entry: end of file reached\n"));
+      break;
+    }
+
+    /*
+     * The line we have should be of the form :-
+     * 
+     * username:uid:[32hex bytes]:....other flags presently
+     * ignored....
+     * 
+     * or,
+     *
+     * username:uid:[32hex bytes]:[32hex bytes]:[attributes]:LCT-XXXXXXXX:...ignored.
+     *
+     * if Windows NT compatible passwords are also present.
+     */
+
+    if (linebuf[0] == '#' || linebuf[0] == '\0') {
+      DEBUG(6, ("mod_smbfilepwd_entry: skipping comment or blank line\n"));
+      continue;
+    }
+
+    p = (unsigned char *) strchr_m(linebuf, ':');
+
+    if (p == NULL) {
+      DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no :)\n"));
+      continue;
+    }
+
+    /*
+     * As 256 is shorter than a pstring we don't need to check
+     * length here - if this ever changes....
+     */
+    strncpy(user_name, linebuf, PTR_DIFF(p, linebuf));
+    user_name[PTR_DIFF(p, linebuf)] = '\0';
+    if (strequal(user_name, pwd->smb_name)) {
+      found_entry = True;
+      break;
+    }
+  }
+
+  if (!found_entry) {
+    pw_file_unlock(lockfd, &(smbpasswd_state->pw_file_lock_depth));
+    fclose(fp);
+    return False;
+  }
+
+  DEBUG(6, ("mod_smbfilepwd_entry: entry exists\n"));
+
+  /* User name matches - get uid and password */
+  p++;		/* Go past ':' */
+
+  if (!isdigit(*p)) {
+    DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (uid not number)\n"));
+    pw_file_unlock(lockfd, &(smbpasswd_state->pw_file_lock_depth));
+    fclose(fp);
+    return False;
+  }
+
+  while (*p && isdigit(*p))
+    p++;
+  if (*p != ':') {
+    DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no : after uid)\n"));
+    pw_file_unlock(lockfd, &(smbpasswd_state->pw_file_lock_depth));
+    fclose(fp);
+    return False;
+  }
+
+  /*
+   * Now get the password value - this should be 32 hex digits
+   * which are the ascii representations of a 16 byte string.
+   * Get two at a time and put them into the password.
+   */
+  p++;
+
+  /* Record exact password position */
+  pwd_seekpos += PTR_DIFF(p, linebuf);
+
+  if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) {
+    DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (passwd too short)\n"));
+    pw_file_unlock(lockfd,&(smbpasswd_state->pw_file_lock_depth));
+    fclose(fp);
+    return (False);
+  }
+
+  if (p[32] != ':') {
+    DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no terminating :)\n"));
+    pw_file_unlock(lockfd,&(smbpasswd_state->pw_file_lock_depth));
+    fclose(fp);
+    return False;
+  }
+
+  /* Now check if the NT compatible password is
+     available. */
+  p += 33; /* Move to the first character of the line after
+              the lanman password. */
+  if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) {
+    DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (passwd too short)\n"));
+    pw_file_unlock(lockfd,&(smbpasswd_state->pw_file_lock_depth));
+    fclose(fp);
+    return (False);
+  }
+
+  if (p[32] != ':') {
+    DEBUG(0, ("mod_smbfilepwd_entry: malformed password entry (no terminating :)\n"));
+    pw_file_unlock(lockfd,&(smbpasswd_state->pw_file_lock_depth));
+    fclose(fp);
+    return False;
+  }
+
+  /* 
+   * Now check if the account info and the password last
+   * change time is available.
+   */
+  p += 33; /* Move to the first character of the line after
+              the NT password. */
+
+  if (*p == '[') {
+
+    i = 0;
+    encode_bits[i++] = *p++;
+    while((linebuf_len > PTR_DIFF(p, linebuf)) && (*p != ']'))
+      encode_bits[i++] = *p++;
+
+    encode_bits[i++] = ']';
+    encode_bits[i++] = '\0';
+
+    if(i == NEW_PW_FORMAT_SPACE_PADDED_LEN) {
+      /*
+       * We are using a new format, space padded
+       * acct ctrl field. Encode the given acct ctrl
+       * bits into it.
+       */
+      fstrcpy(encode_bits, pdb_encode_acct_ctrl(pwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN));
+    } else {
+	    DEBUG(0,("mod_smbfilepwd_entry:  Using old smbpasswd format.  This is no longer supported.!\n"));
+	    DEBUG(0,("mod_smbfilepwd_entry:  No changes made, failing.!\n"));
+	    return False;
+    }
+
+    /* Go past the ']' */
+    if(linebuf_len > PTR_DIFF(p, linebuf))
+      p++;
+
+    if((linebuf_len > PTR_DIFF(p, linebuf)) && (*p == ':')) {
+      p++;
+
+      /* We should be pointing at the LCT entry. */
+      if((linebuf_len > (PTR_DIFF(p, linebuf) + 13)) && (StrnCaseCmp((char *)p, "LCT-", 4) == 0)) {
+
+        p += 4;
+        for(i = 0; i < 8; i++) {
+          if(p[i] == '\0' || !isxdigit(p[i]))
+            break;
+        }
+        if(i == 8) {
+          /*
+           * p points at 8 characters of hex digits -
+           * read into a time_t as the seconds since
+           * 1970 that the password was last changed.
+           */
+          got_pass_last_set_time = True;
+        } /* i == 8 */
+      } /* *p && StrnCaseCmp() */
+    } /* p == ':' */
+  } /* p == '[' */
+
+  /* Entry is correctly formed. */
+
+  /* Create the 32 byte representation of the new p16 */
+  if(pwd->smb_passwd != NULL) {
+    for (i = 0; i < 16; i++) {
+      slprintf(&ascii_p16[i*2], sizeof(fstring) - 1, "%02X", (uchar) pwd->smb_passwd[i]);
+    }
+  } else {
+    if(pwd->acct_ctrl & ACB_PWNOTREQ)
+      fstrcpy(ascii_p16, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX");
+    else
+      fstrcpy(ascii_p16, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
+  }
+
+  /* Add on the NT md4 hash */
+  ascii_p16[32] = ':';
+  wr_len = 66;
+  if (pwd->smb_nt_passwd != NULL) {
+    for (i = 0; i < 16; i++) {
+      slprintf(&ascii_p16[(i*2)+33], sizeof(fstring) - 1, "%02X", (uchar) pwd->smb_nt_passwd[i]);
+    }
+  } else {
+    if(pwd->acct_ctrl & ACB_PWNOTREQ)
+      fstrcpy(&ascii_p16[33], "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX");
+    else
+      fstrcpy(&ascii_p16[33], "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
+  }
+  ascii_p16[65] = ':';
+  ascii_p16[66] = '\0'; /* null-terminate the string so that strlen works */
+
+  /* Add on the account info bits and the time of last
+     password change. */
+
+  if(got_pass_last_set_time) {
+    slprintf(&ascii_p16[strlen(ascii_p16)], 
+	     sizeof(ascii_p16)-(strlen(ascii_p16)+1),
+	     "%s:LCT-%08X:", 
+                     encode_bits, (uint32)pwd->pass_last_set_time );
+    wr_len = strlen(ascii_p16);
+  }
+
+#ifdef DEBUG_PASSWORD
+  DEBUG(100,("mod_smbfilepwd_entry: "));
+  dump_data(100, ascii_p16, wr_len);
+#endif
+
+  if(wr_len > sizeof(linebuf)) {
+    DEBUG(0, ("mod_smbfilepwd_entry: line to write (%d) is too long.\n", wr_len+1));
+    pw_file_unlock(lockfd,&(smbpasswd_state->pw_file_lock_depth));
+    fclose(fp);
+    return (False);
+  }
+
+  /*
+   * Do an atomic write into the file at the position defined by
+   * seekpos.
+   */
+
+  /* The mod user write needs to be atomic - so get the fd from 
+     the fp and do a raw write() call.
+   */
+
+  fd = fileno(fp);
+
+  if (sys_lseek(fd, pwd_seekpos - 1, SEEK_SET) != pwd_seekpos - 1) {
+    DEBUG(0, ("mod_smbfilepwd_entry: seek fail on file %s.\n", pfile));
+    pw_file_unlock(lockfd,&(smbpasswd_state->pw_file_lock_depth));
+    fclose(fp);
+    return False;
+  }
+
+  /* Sanity check - ensure the areas we are writing are framed by ':' */
+  if (read(fd, linebuf, wr_len+1) != wr_len+1) {
+    DEBUG(0, ("mod_smbfilepwd_entry: read fail on file %s.\n", pfile));
+    pw_file_unlock(lockfd,&(smbpasswd_state->pw_file_lock_depth));
+    fclose(fp);
+    return False;
+  }
+
+  if ((linebuf[0] != ':') || (linebuf[wr_len] != ':'))	{
+    DEBUG(0, ("mod_smbfilepwd_entry: check on passwd file %s failed.\n", pfile));
+    pw_file_unlock(lockfd,&(smbpasswd_state->pw_file_lock_depth));
+    fclose(fp);
+    return False;
+  }
+ 
+  if (sys_lseek(fd, pwd_seekpos, SEEK_SET) != pwd_seekpos) {
+    DEBUG(0, ("mod_smbfilepwd_entry: seek fail on file %s.\n", pfile));
+    pw_file_unlock(lockfd,&(smbpasswd_state->pw_file_lock_depth));
+    fclose(fp);
+    return False;
+  }
+
+  if (write(fd, ascii_p16, wr_len) != wr_len) {
+    DEBUG(0, ("mod_smbfilepwd_entry: write failed in passwd file %s\n", pfile));
+    pw_file_unlock(lockfd,&(smbpasswd_state->pw_file_lock_depth));
+    fclose(fp);
+    return False;
+  }
+
+  pw_file_unlock(lockfd,&(smbpasswd_state->pw_file_lock_depth));
+  fclose(fp);
+  return True;
+}
+
+/************************************************************************
+ Routine to delete an entry in the smbpasswd file by name.
+*************************************************************************/
+
+static BOOL del_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, const char *name)
+{
+	const char *pfile = smbpasswd_state->smbpasswd_file;
+  pstring pfile2;
+  struct smb_passwd *pwd = NULL;
+  FILE *fp = NULL;
+  FILE *fp_write = NULL;
+  int pfile2_lockdepth = 0;
+
+  slprintf(pfile2, sizeof(pfile2)-1, "%s.%u", pfile, (unsigned)sys_getpid() );
+
+  /*
+   * Open the smbpassword file - for update. It needs to be update
+   * as we need any other processes to wait until we have replaced
+   * it.
+   */
+
+  if((fp = startsmbfilepwent(pfile, PWF_UPDATE, &(smbpasswd_state->pw_file_lock_depth))) == NULL) {
+    DEBUG(0, ("del_smbfilepwd_entry: unable to open file %s.\n", pfile));
+    return False;
+  }
+
+  /*
+   * Create the replacement password file.
+   */
+  if((fp_write = startsmbfilepwent(pfile2, PWF_CREATE, &pfile2_lockdepth)) == NULL) {
+    DEBUG(0, ("del_smbfilepwd_entry: unable to open file %s.\n", pfile));
+    endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
+    return False;
+  }
+
+  /*
+   * Scan the file, a line at a time and check if the name matches.
+   */
+
+  while ((pwd = getsmbfilepwent(smbpasswd_state, fp)) != NULL) {
+    char *new_entry;
+    size_t new_entry_length;
+
+    if (strequal(name, pwd->smb_name)) {
+      DEBUG(10, ("add_smbfilepwd_entry: found entry with name %s - deleting it.\n", name));
+      continue;
+    }
+
+    /*
+     * We need to copy the entry out into the second file.
+     */
+
+    if((new_entry = format_new_smbpasswd_entry(pwd)) == NULL) 
+    {
+    	DEBUG(0, ("del_smbfilepwd_entry(malloc): Failed to copy entry for user %s to file %s. \
+Error was %s\n", pwd->smb_name, pfile2, strerror(errno)));
+	unlink(pfile2);
+	endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
+	endsmbfilepwent(fp_write, &pfile2_lockdepth);
+	return False;
+    }
+
+    new_entry_length = strlen(new_entry);
+
+    if(fwrite(new_entry, 1, new_entry_length, fp_write) != new_entry_length) 
+    {
+    	DEBUG(0, ("del_smbfilepwd_entry(write): Failed to copy entry for user %s to file %s. \
+Error was %s\n", pwd->smb_name, pfile2, strerror(errno)));
+      	unlink(pfile2);
+	endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
+	endsmbfilepwent(fp_write, &pfile2_lockdepth);
+	free(new_entry);
+	return False;
+    }
+
+    free(new_entry);
+  }
+
+  /*
+   * Ensure pfile2 is flushed before rename.
+   */
+
+  if(fflush(fp_write) != 0) 
+  {
+  	DEBUG(0, ("del_smbfilepwd_entry: Failed to flush file %s. Error was %s\n", pfile2, strerror(errno)));
+	endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
+	endsmbfilepwent(fp_write,&pfile2_lockdepth);
+	return False;
+  }
+
+  /*
+   * Do an atomic rename - then release the locks.
+   */
+
+  if(rename(pfile2,pfile) != 0) {
+    unlink(pfile2);
+  }
+  
+  endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
+  endsmbfilepwent(fp_write,&pfile2_lockdepth);
+  return True;
+}
+
+/*********************************************************************
+ Create a smb_passwd struct from a SAM_ACCOUNT.
+ We will not allocate any new memory.  The smb_passwd struct
+ should only stay around as long as the SAM_ACCOUNT does.
+ ********************************************************************/
+static BOOL build_smb_pass (struct smb_passwd *smb_pw, const SAM_ACCOUNT *sampass)
+{
+	uid_t uid;
+
+	if (sampass == NULL) 
+		return False;
+
+       ZERO_STRUCTP(smb_pw);
+ 
+        if (!IS_SAM_UNIX_USER(sampass)) {
+		smb_pw->smb_userid_set = False;
+		DEBUG(5,("build_sam_pass: storing user without a UNIX uid or gid. \n"));
+	} else {
+		uint32 rid = pdb_get_user_rid(sampass);
+		smb_pw->smb_userid_set = True;
+		uid = pdb_get_uid(sampass);
+
+		/* If the user specified a RID, make sure its able to be both stored and retreived */
+		if (rid && uid != pdb_user_rid_to_uid(rid)) {
+			DEBUG(0,("build_sam_pass: Failing attempt to store user with non-uid based user RID. \n"));
+			return False;
+		}
+
+		smb_pw->smb_userid=uid;
+        }
+
+	smb_pw->smb_name=(const char*)pdb_get_username(sampass);
+
+	smb_pw->smb_passwd=pdb_get_lanman_passwd(sampass);
+	smb_pw->smb_nt_passwd=pdb_get_nt_passwd(sampass);
+
+	smb_pw->acct_ctrl=pdb_get_acct_ctrl(sampass);
+	smb_pw->pass_last_set_time=pdb_get_pass_last_set_time(sampass);
+
+#if 0
+	/*
+	 * ifdef'out by JFM on 11/29/2001.
+	 * this assertion is no longer valid
+	 * and I don't understand the goal 
+	 * and doing the same thing with the group mapping code
+	 * is hairy !
+	 *
+	 * We just have the RID, in which SID is it valid ?
+	 * our domain SID ? well known SID ? local SID ?
+	 */
+
+	if (gid != pdb_group_rid_to_gid(pdb_get_group_rid(sampass))) {
+		DEBUG(0,("build_sam_pass: Failing attempt to store user with non-gid based primary group RID. \n"));
+		DEBUG(0,("build_sam_pass: %d %d %d. \n", *gid, pdb_group_rid_to_gid(pdb_get_group_rid(sampass)), pdb_get_group_rid(sampass)));
+		return False;
+	}
+#endif
+
+	return True;
+}	
+
+/*********************************************************************
+ Create a SAM_ACCOUNT from a smb_passwd struct
+ ********************************************************************/
+static BOOL build_sam_account(struct smbpasswd_privates *smbpasswd_state, SAM_ACCOUNT *sam_pass, const struct smb_passwd *pw_buf)
+{
+	struct passwd *pwfile;
+	
+	if (sam_pass==NULL) {
+		DEBUG(5,("build_sam_account: SAM_ACCOUNT is NULL\n"));
+		return False;
+	}
+		
+	if ((smbpasswd_state->permit_non_unix_accounts) 
+	    && (pw_buf->smb_userid >= smbpasswd_state->low_nua_userid) 
+	    && (pw_buf->smb_userid <= smbpasswd_state->high_nua_userid)) {
+
+		pdb_set_user_rid(sam_pass, pdb_uid_to_user_rid (pw_buf->smb_userid));
+
+		/* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. 
+		   
+		   This was down the bottom for machines, but it looks pretty good as
+		   a general default for non-unix users. --abartlet 2002-01-08
+		*/
+		pdb_set_group_rid (sam_pass, DOMAIN_GROUP_RID_USERS); 
+		
+	} else {
+
+		uint32 grid;
+		GROUP_MAP map;
+	
+		/* Verify in system password file...
+		   FIXME!!!  This is where we should look up an internal
+		   mapping of allocated uid for machine accounts as well 
+		   --jerry */ 
+		pwfile = getpwnam_alloc(pw_buf->smb_name);
+		if (pwfile == NULL) {
+			DEBUG(0,("build_sam_account: smbpasswd database is corrupt!  username %s not in unix passwd database!\n", pw_buf->smb_name));
+			return False;
+		}
+
+		pdb_set_uid (sam_pass, pwfile->pw_uid);
+		pdb_set_gid (sam_pass, pwfile->pw_gid);
+		
+		pdb_set_fullname(sam_pass, pwfile->pw_gecos);		
+	
+		pdb_set_user_rid(sam_pass, pdb_uid_to_user_rid (pwfile->pw_uid));
+
+		if (get_group_map_from_gid(pwfile->pw_gid, &map, MAPPING_WITHOUT_PRIV)) {
+			sid_peek_rid(&map.sid, &grid);
+		} else { 
+			grid=pdb_gid_to_group_rid(pwfile->pw_gid);
+		}
+
+		pdb_set_group_rid(sam_pass, grid); 
+
+		/* check if this is a user account or a machine account */
+		if (pw_buf->smb_name[strlen(pw_buf->smb_name)-1] != '$')
+		{
+			pstring 	str;
+			
+			pstrcpy(str, lp_logon_path());
+			standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, pw_buf->smb_name, str);
+			pdb_set_profile_path(sam_pass, str, False);
+			
+			pstrcpy(str, lp_logon_home());
+			standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, pw_buf->smb_name, str);
+			pdb_set_homedir(sam_pass, str, False);
+			
+			pstrcpy(str, lp_logon_drive());
+			standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, pw_buf->smb_name, str);
+			pdb_set_dir_drive(sam_pass, str, False);
+			
+			pstrcpy(str, lp_logon_script());
+			standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, pw_buf->smb_name, str);
+			pdb_set_logon_script(sam_pass, str, False);
+			
+		} else {
+			/* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */
+			/*pdb_set_group_rid (sam_pass, DOMAIN_GROUP_RID_USERS); */
+		}
+		
+		passwd_free(&pwfile);
+	}
+	
+	pdb_set_username (sam_pass, pw_buf->smb_name);
+	pdb_set_nt_passwd (sam_pass, pw_buf->smb_nt_passwd);
+	pdb_set_lanman_passwd (sam_pass, pw_buf->smb_passwd);			
+	pdb_set_acct_ctrl (sam_pass, pw_buf->acct_ctrl);
+	pdb_set_pass_last_set_time (sam_pass, pw_buf->pass_last_set_time);
+	pdb_set_pass_can_change_time (sam_pass, pw_buf->pass_last_set_time, True);
+	pdb_set_domain (sam_pass, lp_workgroup());
+	
+	pdb_set_dir_drive     (sam_pass, lp_logon_drive(), False);
+
+#if 0	/* JERRY */
+	/* the smbpasswd format doesn't have a must change time field, so
+	   we can't get this right. The best we can do is to set this to 
+	   some time in the future. 21 days seems as reasonable as any other value :) 
+	*/
+	pdb_set_pass_must_change_time (sam_pass, pw_buf->pass_last_set_time + MAX_PASSWORD_AGE);
+#endif
+	return True;
+}
+
+/*****************************************************************
+ Functions to be implemented by the new passdb API 
+ ****************************************************************/
+static BOOL smbpasswd_setsampwent (struct pdb_context *context, BOOL update)
+{
+	struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)context->pdb_selected->private_data;
+	
+	smbpasswd_state->pw_file = startsmbfilepwent(smbpasswd_state->smbpasswd_file, 
+						       update ? PWF_UPDATE : PWF_READ, 
+						       &(smbpasswd_state->pw_file_lock_depth));
+				   
+	/* did we fail?  Should we try to create it? */
+	if (!smbpasswd_state->pw_file && update && errno == ENOENT) 
+	{
+		FILE *fp;
+		/* slprintf(msg_str,msg_str_len-1,
+		   "smbpasswd file did not exist - attempting to create it.\n"); */
+		DEBUG(0,("smbpasswd file did not exist - attempting to create it.\n"));
+		fp = sys_fopen(smbpasswd_state->smbpasswd_file, "w");
+		if (fp) 
+		{
+			fprintf(fp, "# Samba SMB password file\n");
+			fclose(fp);
+		}
+		
+		smbpasswd_state->pw_file = startsmbfilepwent(smbpasswd_state->smbpasswd_file, 
+							     update ? PWF_UPDATE : PWF_READ, 
+							     &(smbpasswd_state->pw_file_lock_depth));
+	}
+	
+	return (smbpasswd_state->pw_file != NULL);		   
+}
+
+static void smbpasswd_endsampwent (struct pdb_context *context)
+{
+	struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)context->pdb_selected->private_data;
+	endsmbfilepwent(smbpasswd_state->pw_file, &(smbpasswd_state->pw_file_lock_depth));
+}
+ 
+/*****************************************************************
+ ****************************************************************/
+static BOOL smbpasswd_getsampwent(struct pdb_context *context, SAM_ACCOUNT *user)
+{
+	struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)context->pdb_selected->private_data;
+	struct smb_passwd *pw_buf=NULL;
+	BOOL done = False;
+	DEBUG(5,("pdb_getsampwent\n"));
+
+	if (user==NULL) {
+		DEBUG(5,("pdb_getsampwent (smbpasswd): user is NULL\n"));
+#if 0
+		smb_panic("NULL pointer passed to getsampwent (smbpasswd)\n");
+#endif
+		return False;
+	}
+
+	while (!done)
+	{
+		/* do we have an entry? */
+		pw_buf = getsmbfilepwent(smbpasswd_state, smbpasswd_state->pw_file);
+		if (pw_buf == NULL) 
+			return False;
+
+		/* build the SAM_ACCOUNT entry from the smb_passwd struct. 
+		   We loop in case the user in the pdb does not exist in 
+		   the local system password file */
+		if (build_sam_account(smbpasswd_state, user, pw_buf))
+			done = True;
+	}
+
+	DEBUG(5,("getsampwent (smbpasswd): done\n"));
+
+	/* success */
+	return True;
+}
+
+
+/****************************************************************
+ Search smbpasswd file by iterating over the entries.  Do not
+ call getpwnam() for unix account information until we have found
+ the correct entry
+ ***************************************************************/
+static BOOL smbpasswd_getsampwnam(struct pdb_context *context, SAM_ACCOUNT *sam_acct, const char *username)
+{
+	struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)context->pdb_selected->private_data;
+	struct smb_passwd *smb_pw;
+	void *fp = NULL;
+	char *domain = NULL;
+	char *user = NULL;
+	fstring name;
+
+	DEBUG(10, ("getsampwnam (smbpasswd): search by name: %s\n", username));
+
+	
+	/* break the username from the domain if we have 
+	   been given a string in the form 'DOMAIN\user' */
+	fstrcpy (name, username);
+	if ((user=strchr_m(name, '\\')) != NULL) {
+		domain = name;
+		*user = '\0';
+		user++;
+	}
+	
+	/* if a domain was specified and it wasn't ours
+	   then there is no chance of matching */
+	if ( domain && !StrCaseCmp(domain, lp_workgroup()) )
+		return False;
+
+	/* startsmbfilepwent() is used here as we don't want to lookup
+	   the UNIX account in the local system password file until
+	   we have a match.  */
+	fp = startsmbfilepwent(smbpasswd_state->smbpasswd_file, PWF_READ, &(smbpasswd_state->pw_file_lock_depth));
+
+	if (fp == NULL) {
+		DEBUG(0, ("unable to open passdb database.\n"));
+		return False;
+	}
+
+	/* if we have a domain name, then we should map it to a UNIX 
+	   username first */
+	if ( domain )
+		map_username(user);
+
+	while ( ((smb_pw=getsmbfilepwent(smbpasswd_state, fp)) != NULL)&& (!strequal(smb_pw->smb_name, username)) )
+		/* do nothing....another loop */ ;
+	
+	endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
+
+
+	/* did we locate the username in smbpasswd  */
+	if (smb_pw == NULL)
+		return False;
+	
+	DEBUG(10, ("getsampwnam (smbpasswd): found by name: %s\n", smb_pw->smb_name));
+
+	if (!sam_acct) {
+		DEBUG(10,("getsampwnam (smbpasswd): SAM_ACCOUNT is NULL\n"));
+#if 0
+		smb_panic("NULL pointer passed to pdb_getsampwnam\n");
+#endif
+		return False;
+	}
+		
+	/* now build the SAM_ACCOUNT */
+	if (!build_sam_account(smbpasswd_state, sam_acct, smb_pw))
+		return False;
+
+	/* success */
+	return True;
+}
+
+
+static BOOL smbpasswd_getsampwrid(struct pdb_context *context, SAM_ACCOUNT *sam_acct,uint32 rid)
+{
+	struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)context->pdb_selected->private_data;
+	struct smb_passwd *smb_pw;
+	void *fp = NULL;
+
+	DEBUG(10, ("pdb_getsampwrid: search by rid: %d\n", rid));
+
+	/* Open the sam password file - not for update. */
+	fp = startsmbfilepwent(smbpasswd_state->smbpasswd_file, PWF_READ, &(smbpasswd_state->pw_file_lock_depth));
+
+	if (fp == NULL) {
+		DEBUG(0, ("unable to open passdb database.\n"));
+		return False;
+	}
+
+	while ( ((smb_pw=getsmbfilepwent(smbpasswd_state, fp)) != NULL) && (pdb_uid_to_user_rid(smb_pw->smb_userid) != rid) )
+      		/* do nothing */ ;
+
+	endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
+
+
+	/* did we locate the username in smbpasswd  */
+	if (smb_pw == NULL)
+		return False;
+	
+	DEBUG(10, ("getsampwrid (smbpasswd): found by name: %s\n", smb_pw->smb_name));
+		
+	if (!sam_acct) {
+		DEBUG(10,("getsampwrid: (smbpasswd) SAM_ACCOUNT is NULL\n"));
+#if 0
+		smb_panic("NULL pointer passed to pdb_getsampwrid\n");
+#endif
+		return False;
+	}
+
+	/* now build the SAM_ACCOUNT */
+	if (!build_sam_account (smbpasswd_state, sam_acct, smb_pw))
+		return False;
+
+	/* success */
+	return True;
+}
+
+static BOOL smbpasswd_add_sam_account(struct pdb_context *context, const SAM_ACCOUNT *sampass)
+{
+	struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)context->pdb_selected->private_data;
+	struct smb_passwd smb_pw;
+	
+	/* convert the SAM_ACCOUNT */
+	if (!build_smb_pass(&smb_pw, sampass)) {
+		return False;
+	}
+	
+	/* add the entry */
+	if(!add_smbfilepwd_entry(smbpasswd_state, &smb_pw)) {
+		return False;
+	}
+	
+	return True;
+}
+
+static BOOL smbpasswd_update_sam_account(struct pdb_context *context, const SAM_ACCOUNT *sampass)
+{
+	struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)context->pdb_selected->private_data;
+	struct smb_passwd smb_pw;
+	
+	/* convert the SAM_ACCOUNT */
+	if (!build_smb_pass(&smb_pw, sampass))
+		return False;
+	
+	/* update the entry */
+	if(!mod_smbfilepwd_entry(smbpasswd_state, &smb_pw))
+		return False;
+		
+	return True;
+}
+
+static BOOL smbpasswd_delete_sam_account (struct pdb_context *context, const SAM_ACCOUNT *sampass)
+{
+	struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)context->pdb_selected->private_data;
+
+	const char *username = pdb_get_username(sampass);
+
+	return del_smbfilepwd_entry(smbpasswd_state, username);
+}
+
+static void free_private_data(void **vp) 
+{
+	struct smbpasswd_privates **privates = (struct smbpasswd_privates**)vp;
+	
+	endsmbfilepwent((*privates)->pw_file, &((*privates)->pw_file_lock_depth));
+	
+	*privates = NULL;
+	/* No need to free any further, as it is talloc()ed */
+}
+
+
+NTSTATUS pdb_init_smbpasswd(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
+{
+	NTSTATUS nt_status;
+	struct smbpasswd_privates *privates;
+
+	if (!NT_STATUS_IS_OK(nt_status = make_pdb_methods(pdb_context->mem_ctx, pdb_method))) {
+		return nt_status;
+	}
+
+	(*pdb_method)->name = "smbpasswd";
+
+	(*pdb_method)->setsampwent = smbpasswd_setsampwent;
+	(*pdb_method)->endsampwent = smbpasswd_endsampwent;
+	(*pdb_method)->getsampwent = smbpasswd_getsampwent;
+	(*pdb_method)->getsampwnam = smbpasswd_getsampwnam;
+	(*pdb_method)->getsampwrid = smbpasswd_getsampwrid;
+	(*pdb_method)->add_sam_account = smbpasswd_add_sam_account;
+	(*pdb_method)->update_sam_account = smbpasswd_update_sam_account;
+	(*pdb_method)->delete_sam_account = smbpasswd_delete_sam_account;
+
+	/* Setup private data and free function */
+
+	privates = talloc_zero(pdb_context->mem_ctx, sizeof(struct smbpasswd_privates));
+
+	if (!privates) {
+		DEBUG(0, ("talloc() failed for smbpasswd private_data!\n"));
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* Store some config details */
+
+	if (location) {
+		privates->smbpasswd_file = talloc_strdup(pdb_context->mem_ctx, location);
+	} else {
+		privates->smbpasswd_file = talloc_strdup(pdb_context->mem_ctx, lp_smb_passwd_file());
+	}
+	
+	if (!privates->smbpasswd_file) {
+		DEBUG(0, ("talloc_strdp() failed for storing smbpasswd location!\n"));
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	(*pdb_method)->private_data = privates;
+
+	(*pdb_method)->free_private_data = free_private_data;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS pdb_init_smbpasswd_nua(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
+{
+	NTSTATUS nt_status;
+	struct smbpasswd_privates *privates;
+
+	if (!NT_STATUS_IS_OK(nt_status = pdb_init_smbpasswd(pdb_context, pdb_method, location))) {
+		return nt_status;
+	}
+
+	(*pdb_method)->name = "smbpasswd_nua";
+
+	privates = (*pdb_method)->private_data;
+	
+	privates->permit_non_unix_accounts = True;
+
+	if (!lp_non_unix_account_range(&privates->low_nua_userid, &privates->high_nua_userid)) {
+		DEBUG(0, ("cannot use smbpasswd_nua without 'non unix account range' in smb.conf!\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	return NT_STATUS_OK;
+}
diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c
new file mode 100644
index 0000000000..a8edac917e
--- /dev/null
+++ b/source3/passdb/pdb_tdb.c
@@ -0,0 +1,938 @@
+/*
+ * Unix SMB/CIFS implementation. 
+ * SMB parameters and setup
+ * Copyright (C) Andrew Tridgell 1992-1998
+ * Copyright (C) Simo Sorce 2000
+ * Copyright (C) Gerald Carter 2000
+ * Copyright (C) Jeremy Allison 2001
+ * Copyright (C) Andrew Bartlett 2002
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 675
+ * Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+#ifdef WITH_TDB_SAM
+
+#define PDB_VERSION		"20010830"
+#define PASSDB_FILE_NAME	"passdb.tdb"
+#define TDB_FORMAT_STRING	"ddddddBBBBBBBBBBBBddBBwdwdBdd"
+#define USERPREFIX		"USER_"
+#define RIDPREFIX		"RID_"
+
+struct tdbsam_privates {
+	TDB_CONTEXT 	*passwd_tdb;
+	TDB_DATA 	key;
+
+	/* retrive-once info */
+	const char *tdbsam_location;
+
+	BOOL permit_non_unix_accounts;
+
+/*	uint32 low_nua_rid; 
+	uint32 high_nua_rid; */
+};
+
+/**********************************************************************
+ Intialize a SAM_ACCOUNT struct from a BYTE buffer of size len
+ *********************************************************************/
+
+static BOOL init_sam_from_buffer (struct tdbsam_privates *tdb_state,
+				  SAM_ACCOUNT *sampass, uint8 *buf, uint32 buflen)
+{
+
+	/* times are stored as 32bit integer
+	   take care on system with 64bit wide time_t
+	   --SSS */
+	uint32	logon_time,
+		logoff_time,
+		kickoff_time,
+		pass_last_set_time,
+		pass_can_change_time,
+		pass_must_change_time;
+	char *username;
+	char *domain;
+	char *nt_username;
+	char *dir_drive;
+	char *unknown_str;
+	char *munged_dial;
+	char *fullname;
+	char *homedir;
+	char *logon_script;
+	char *profile_path;
+	char *acct_desc;
+	char *workstations;
+	uint32	username_len, domain_len, nt_username_len,
+		dir_drive_len, unknown_str_len, munged_dial_len,
+		fullname_len, homedir_len, logon_script_len,
+		profile_path_len, acct_desc_len, workstations_len;
+		
+	uint32	user_rid, group_rid, unknown_3, hours_len, unknown_5, unknown_6;
+	uint16	acct_ctrl, logon_divs;
+	uint8	*hours;
+	static uint8	*lm_pw_ptr, *nt_pw_ptr;
+	uint32		len = 0;
+	uint32		lmpwlen, ntpwlen, hourslen;
+	BOOL ret = True;
+	BOOL setflag;
+	pstring sub_buffer;
+	struct passwd *pw;
+	uid_t uid;
+	gid_t gid = -1; /* This is what standard sub advanced expects if no gid is known */
+	
+	if(sampass == NULL || buf == NULL) {
+		DEBUG(0, ("init_sam_from_buffer: NULL parameters found!\n"));
+		return False;
+	}
+									
+	/* unpack the buffer into variables */
+	len = tdb_unpack (buf, buflen, TDB_FORMAT_STRING,
+		&logon_time,
+		&logoff_time,
+		&kickoff_time,
+		&pass_last_set_time,
+		&pass_can_change_time,
+		&pass_must_change_time,
+		&username_len, &username,
+		&domain_len, &domain,
+		&nt_username_len, &nt_username,
+		&fullname_len, &fullname,
+		&homedir_len, &homedir,
+		&dir_drive_len, &dir_drive,
+		&logon_script_len, &logon_script,
+		&profile_path_len, &profile_path,
+		&acct_desc_len, &acct_desc,
+		&workstations_len, &workstations,
+		&unknown_str_len, &unknown_str,
+		&munged_dial_len, &munged_dial,
+		&user_rid,
+		&group_rid,
+		&lmpwlen, &lm_pw_ptr,
+		&ntpwlen, &nt_pw_ptr,
+		&acct_ctrl,
+		&unknown_3,
+		&logon_divs,
+		&hours_len,
+		&hourslen, &hours,
+		&unknown_5,
+		&unknown_6);
+		
+	if (len == -1)  {
+		ret = False;
+		goto done;
+	}
+
+	/* validate the account and fill in UNIX uid and gid. Standard
+	 * getpwnam() is used instead of Get_Pwnam() as we do not need
+	 * to try case permutations
+	 */
+	if (!username || !(pw = getpwnam_alloc(username))) {
+		if (!(tdb_state->permit_non_unix_accounts)) {
+			DEBUG(0,("tdbsam: getpwnam_alloc(%s) return NULL.  User does not exist!\n", username));
+			ret = False;
+			goto done;
+		}
+	}
+		
+	if (pw) {
+		uid = pw->pw_uid;
+		gid = pw->pw_gid;
+		
+		passwd_free(&pw);
+
+		pdb_set_uid(sampass, uid);
+		pdb_set_gid(sampass, gid);
+	}
+
+	pdb_set_logon_time(sampass, logon_time, True);
+	pdb_set_logoff_time(sampass, logoff_time, True);
+	pdb_set_kickoff_time(sampass, kickoff_time, True);
+	pdb_set_pass_can_change_time(sampass, pass_can_change_time, True);
+	pdb_set_pass_must_change_time(sampass, pass_must_change_time, True);
+	pdb_set_pass_last_set_time(sampass, pass_last_set_time);
+
+	pdb_set_username     (sampass, username);
+	pdb_set_domain       (sampass, domain);
+	pdb_set_nt_username  (sampass, nt_username);
+	pdb_set_fullname     (sampass, fullname);
+
+	if (homedir) setflag = True;
+	else {
+		setflag = False;
+		pstrcpy(sub_buffer, lp_logon_home());
+		/* standard_sub_advanced() assumes pstring is passed!! */
+		standard_sub_advanced(-1, username, "", gid, username, sub_buffer);
+		homedir = strdup(sub_buffer);
+		if(!homedir) { ret = False; goto done; }
+		DEBUG(5,("Home directory set back to %s\n", homedir));
+	}
+	pdb_set_homedir(sampass, homedir, setflag);
+
+	if (dir_drive) setflag = True;
+	else {
+		setflag = False;
+		pstrcpy(sub_buffer, lp_logon_drive());
+		standard_sub_advanced(-1, username, "", gid, username, sub_buffer);
+		dir_drive = strdup(sub_buffer);
+		if(!dir_drive) { ret = False; goto done; }
+		DEBUG(5,("Drive set back to %s\n", dir_drive));
+	}
+	pdb_set_dir_drive(sampass, dir_drive, setflag);
+
+	if (logon_script) setflag = True;
+	else {
+		setflag = False;
+		pstrcpy(sub_buffer, lp_logon_script());
+		standard_sub_advanced(-1, username, "", gid, username, sub_buffer);
+		logon_script = strdup(sub_buffer);
+		if(!logon_script) { ret = False; goto done; }
+		DEBUG(5,("Logon script set back to %s\n", logon_script));
+	}
+	pdb_set_logon_script(sampass, logon_script, setflag);
+
+	if (profile_path) setflag = True;
+	else {
+		setflag = False;
+		pstrcpy(sub_buffer, lp_logon_path());
+		standard_sub_advanced(-1, username, "", gid, username, sub_buffer);
+		profile_path = strdup(sub_buffer);
+		if(!profile_path) { ret = False; goto done; }
+		DEBUG(5,("Profile path set back to %s\n", profile_path));
+	}
+	pdb_set_profile_path(sampass, profile_path, setflag);
+
+	pdb_set_acct_desc    (sampass, acct_desc);
+	pdb_set_workstations (sampass, workstations);
+	pdb_set_munged_dial  (sampass, munged_dial);
+	if (!pdb_set_lanman_passwd(sampass, lm_pw_ptr)) {
+		ret = False;
+		goto done;
+	}
+	if (!pdb_set_nt_passwd(sampass, nt_pw_ptr)) {
+		ret = False;
+		goto done;
+	}
+
+	pdb_set_user_rid(sampass, user_rid);
+	pdb_set_group_rid(sampass, group_rid);
+	pdb_set_unknown_3(sampass, unknown_3);
+	pdb_set_hours_len(sampass, hours_len);
+	pdb_set_unknown_5(sampass, unknown_5);
+	pdb_set_unknown_6(sampass, unknown_6);
+	pdb_set_acct_ctrl(sampass, acct_ctrl);
+	pdb_set_logon_divs(sampass, logon_divs);
+	pdb_set_hours(sampass, hours);
+
+done:
+
+	SAFE_FREE(username);
+	SAFE_FREE(domain);
+	SAFE_FREE(nt_username);
+	SAFE_FREE(fullname);
+	SAFE_FREE(homedir);
+	SAFE_FREE(dir_drive);
+	SAFE_FREE(logon_script);
+	SAFE_FREE(profile_path);
+	SAFE_FREE(acct_desc);
+	SAFE_FREE(workstations);
+	SAFE_FREE(munged_dial);
+
+	return ret;
+}
+
+/**********************************************************************
+ Intialize a BYTE buffer from a SAM_ACCOUNT struct
+ *********************************************************************/
+static uint32 init_buffer_from_sam (struct tdbsam_privates *tdb_state,
+				    uint8 **buf, const SAM_ACCOUNT *sampass)
+{
+	size_t		len, buflen;
+
+	/* times are stored as 32bit integer
+	   take care on system with 64bit wide time_t
+	   --SSS */
+	uint32	logon_time,
+		logoff_time,
+		kickoff_time,
+		pass_last_set_time,
+		pass_can_change_time,
+		pass_must_change_time;
+
+	uint32  user_rid, group_rid;
+
+	const char *username;
+	const char *domain;
+	const char *nt_username;
+	const char *dir_drive;
+	const char *unknown_str;
+	const char *munged_dial;
+	const char *fullname;
+	const char *homedir;
+	const char *logon_script;
+	const char *profile_path;
+	const char *acct_desc;
+	const char *workstations;
+	uint32	username_len, domain_len, nt_username_len,
+		dir_drive_len, unknown_str_len, munged_dial_len,
+		fullname_len, homedir_len, logon_script_len,
+		profile_path_len, acct_desc_len, workstations_len;
+
+	const uint8 *lm_pw;
+	const uint8 *nt_pw;
+	uint32	lm_pw_len = 16;
+	uint32	nt_pw_len = 16;
+
+	/* do we have a valid SAM_ACCOUNT pointer? */
+	if (sampass == NULL) {
+		DEBUG(0, ("init_buffer_from_sam: SAM_ACCOUNT is NULL!\n"));
+		return -1;
+	}
+	
+	*buf = NULL;
+	buflen = 0;
+
+	logon_time = (uint32)pdb_get_logon_time(sampass);
+	logoff_time = (uint32)pdb_get_logoff_time(sampass);
+	kickoff_time = (uint32)pdb_get_kickoff_time(sampass);
+	pass_can_change_time = (uint32)pdb_get_pass_can_change_time(sampass);
+	pass_must_change_time = (uint32)pdb_get_pass_must_change_time(sampass);
+	pass_last_set_time = (uint32)pdb_get_pass_last_set_time(sampass);
+
+	user_rid = pdb_get_user_rid(sampass);
+	group_rid = pdb_get_group_rid(sampass);
+
+	username = pdb_get_username(sampass);
+	if (username) username_len = strlen(username) +1;
+	else username_len = 0;
+
+	domain = pdb_get_domain(sampass);
+	if (domain) domain_len = strlen(domain) +1;
+	else domain_len = 0;
+
+	nt_username = pdb_get_nt_username(sampass);
+	if (nt_username) nt_username_len = strlen(nt_username) +1;
+	else nt_username_len = 0;
+
+	fullname = pdb_get_fullname(sampass);
+	if (fullname) fullname_len = strlen(fullname) +1;
+	else fullname_len = 0;
+
+	/*
+	 * Only updates fields which have been set (not defaults from smb.conf)
+	 */
+
+	if (IS_SAM_SET(sampass, FLAG_SAM_DRIVE)) dir_drive = pdb_get_dirdrive(sampass);
+	else dir_drive = NULL;
+	if (dir_drive) dir_drive_len = strlen(dir_drive) +1;
+	else dir_drive_len = 0;
+
+	if (IS_SAM_SET(sampass, FLAG_SAM_SMBHOME)) homedir = pdb_get_homedir(sampass);
+	else homedir = NULL;
+	if (homedir) homedir_len = strlen(homedir) +1;
+	else homedir_len = 0;
+
+	if (IS_SAM_SET(sampass, FLAG_SAM_LOGONSCRIPT)) logon_script = pdb_get_logon_script(sampass);
+	else logon_script = NULL;
+	if (logon_script) logon_script_len = strlen(logon_script) +1;
+	else logon_script_len = 0;
+
+	if (IS_SAM_SET(sampass, FLAG_SAM_PROFILE)) profile_path = pdb_get_profile_path(sampass);
+	else profile_path = NULL;
+	if (profile_path) profile_path_len = strlen(profile_path) +1;
+	else profile_path_len = 0;
+	
+	lm_pw = pdb_get_lanman_passwd(sampass);
+	if (!lm_pw) lm_pw_len = 0;
+	
+	nt_pw = pdb_get_nt_passwd(sampass);
+	if (!nt_pw) nt_pw_len = 0;
+		
+	acct_desc = pdb_get_acct_desc(sampass);
+	if (acct_desc) acct_desc_len = strlen(acct_desc) +1;
+	else acct_desc_len = 0;
+
+	workstations = pdb_get_workstations(sampass);
+	if (workstations) workstations_len = strlen(workstations) +1;
+	else workstations_len = 0;
+
+	unknown_str = NULL;
+	unknown_str_len = 0;
+
+	munged_dial = pdb_get_munged_dial(sampass);
+	if (munged_dial) munged_dial_len = strlen(munged_dial) +1;
+	else munged_dial_len = 0;	
+		
+	/* one time to get the size needed */
+	len = tdb_pack(NULL, 0,  TDB_FORMAT_STRING,
+		logon_time,
+		logoff_time,
+		kickoff_time,
+		pass_last_set_time,
+		pass_can_change_time,
+		pass_must_change_time,
+		username_len, username,
+		domain_len, domain,
+		nt_username_len, nt_username,
+		fullname_len, fullname,
+		homedir_len, homedir,
+		dir_drive_len, dir_drive,
+		logon_script_len, logon_script,
+		profile_path_len, profile_path,
+		acct_desc_len, acct_desc,
+		workstations_len, workstations,
+		unknown_str_len, unknown_str,
+		munged_dial_len, munged_dial,
+		user_rid,
+		group_rid,
+		lm_pw_len, lm_pw,
+		nt_pw_len, nt_pw,
+		pdb_get_acct_ctrl(sampass),
+		pdb_get_unknown3(sampass),
+		pdb_get_logon_divs(sampass),
+		pdb_get_hours_len(sampass),
+		MAX_HOURS_LEN, pdb_get_hours(sampass),
+		pdb_get_unknown5(sampass),
+		pdb_get_unknown6(sampass));
+
+
+	/* malloc the space needed */
+	if ( (*buf=(uint8*)malloc(len)) == NULL) {
+		DEBUG(0,("init_buffer_from_sam: Unable to malloc() memory for buffer!\n"));
+		return (-1);
+	}
+	
+	/* now for the real call to tdb_pack() */
+	buflen = tdb_pack(*buf, len,  TDB_FORMAT_STRING,
+		logon_time,
+		logoff_time,
+		kickoff_time,
+		pass_last_set_time,
+		pass_can_change_time,
+		pass_must_change_time,
+		username_len, username,
+		domain_len, domain,
+		nt_username_len, nt_username,
+		fullname_len, fullname,
+		homedir_len, homedir,
+		dir_drive_len, dir_drive,
+		logon_script_len, logon_script,
+		profile_path_len, profile_path,
+		acct_desc_len, acct_desc,
+		workstations_len, workstations,
+		unknown_str_len, unknown_str,
+		munged_dial_len, munged_dial,
+		user_rid,
+		group_rid,
+		lm_pw_len, lm_pw,
+		nt_pw_len, nt_pw,
+		pdb_get_acct_ctrl(sampass),
+		pdb_get_unknown3(sampass),
+		pdb_get_logon_divs(sampass),
+		pdb_get_hours_len(sampass),
+		MAX_HOURS_LEN, pdb_get_hours(sampass),
+		pdb_get_unknown5(sampass),
+		pdb_get_unknown6(sampass));
+	
+	
+	/* check to make sure we got it correct */
+	if (buflen != len) {
+		DEBUG(0, ("init_buffer_from_sam: somthing odd is going on here: bufflen (%d) != len (%d) in tdb_pack operations!\n", 
+			  buflen, len));  
+		/* error */
+		SAFE_FREE (*buf);
+		return (-1);
+	}
+
+	return (buflen);
+}
+
+/***************************************************************
+ Open the TDB passwd database for SAM account enumeration.
+****************************************************************/
+
+static BOOL tdbsam_setsampwent(struct pdb_context *context, BOOL update)
+{
+	struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)context->pdb_selected->private_data;
+	
+	/* Open tdb passwd */
+	if (!(tdb_state->passwd_tdb = tdb_open_log(tdb_state->tdbsam_location, 0, TDB_DEFAULT, update?(O_RDWR|O_CREAT):O_RDONLY, 0600)))
+	{
+		DEBUG(0, ("Unable to open/create TDB passwd\n"));
+		return False;
+	}
+	
+	tdb_state->key = tdb_firstkey(tdb_state->passwd_tdb);
+
+	return True;
+}
+
+static void close_tdb(struct tdbsam_privates *tdb_state) 
+{
+	if (tdb_state->passwd_tdb) {
+		tdb_close(tdb_state->passwd_tdb);
+		tdb_state->passwd_tdb = NULL;
+	}
+}
+
+/***************************************************************
+ End enumeration of the TDB passwd list.
+****************************************************************/
+
+static void tdbsam_endsampwent(struct pdb_context *context)
+{
+	struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)context->pdb_selected->private_data;
+	close_tdb(tdb_state);
+	
+	DEBUG(7, ("endtdbpwent: closed sam database.\n"));
+}
+
+/*****************************************************************
+ Get one SAM_ACCOUNT from the TDB (next in line)
+*****************************************************************/
+
+static BOOL tdbsam_getsampwent(struct pdb_context *context, SAM_ACCOUNT *user)
+{
+	struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)context->pdb_selected->private_data;
+	TDB_DATA 	data;
+	char *prefix = USERPREFIX;
+	int  prefixlen = strlen (prefix);
+
+
+	if (user==NULL) {
+		DEBUG(0,("pdb_get_sampwent: SAM_ACCOUNT is NULL.\n"));
+		return False;
+	}
+
+	/* skip all non-USER entries (eg. RIDs) */
+	while ((tdb_state->key.dsize != 0) && (strncmp(tdb_state->key.dptr, prefix, prefixlen)))
+		/* increment to next in line */
+		tdb_state->key = tdb_nextkey(tdb_state->passwd_tdb, tdb_state->key);
+
+	/* do we have an valid interation pointer? */
+	if(tdb_state->passwd_tdb == NULL) {
+		DEBUG(0,("pdb_get_sampwent: Bad TDB Context pointer.\n"));
+		return False;
+	}
+
+	data = tdb_fetch(tdb_state->passwd_tdb, tdb_state->key);
+	if (!data.dptr) {
+		DEBUG(5,("pdb_getsampwent: database entry not found.\n"));
+		return False;
+	}
+  
+  	/* unpack the buffer */
+	if (!init_sam_from_buffer(tdb_state, user, data.dptr, data.dsize)) {
+		DEBUG(0,("pdb_getsampwent: Bad SAM_ACCOUNT entry returned from TDB!\n"));
+		SAFE_FREE(data.dptr);
+		return False;
+	}
+	SAFE_FREE(data.dptr);
+	
+	/* increment to next in line */
+	tdb_state->key = tdb_nextkey(tdb_state->passwd_tdb, tdb_state->key);
+
+	return True;
+}
+
+/******************************************************************
+ Lookup a name in the SAM TDB
+******************************************************************/
+
+static BOOL tdbsam_getsampwnam (struct pdb_context *context, SAM_ACCOUNT *user, const char *sname)
+{
+	struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)context->pdb_selected->private_data;
+	TDB_CONTEXT 	*pwd_tdb;
+	TDB_DATA 	data, key;
+	fstring 	keystr;
+	fstring		name;
+
+	if (user==NULL) {
+		DEBUG(0,("pdb_getsampwnam: SAM_ACCOUNT is NULL.\n"));
+		return False;
+	}
+
+	/* Data is stored in all lower-case */
+	unix_strlower(sname, -1, name, sizeof(name));
+
+	/* set search key */
+	slprintf(keystr, sizeof(keystr)-1, "%s%s", USERPREFIX, name);
+	key.dptr = keystr;
+	key.dsize = strlen(keystr) + 1;
+
+	/* open the accounts TDB */
+	if (!(pwd_tdb = tdb_open_log(tdb_state->tdbsam_location, 0, TDB_DEFAULT, O_RDONLY, 0600))) {
+		DEBUG(0, ("pdb_getsampwnam: Unable to open TDB passwd (%s)!\n", tdb_state->tdbsam_location));
+		return False;
+	}
+
+	/* get the record */
+	data = tdb_fetch(pwd_tdb, key);
+	if (!data.dptr) {
+		DEBUG(5,("pdb_getsampwnam (TDB): error fetching database.\n"));
+		DEBUGADD(5, (" Error: %s\n", tdb_errorstr(pwd_tdb)));
+		DEBUGADD(5, (" Key: %s\n", keystr));
+		tdb_close(pwd_tdb);
+		return False;
+	}
+  
+  	/* unpack the buffer */
+	if (!init_sam_from_buffer(tdb_state, user, data.dptr, data.dsize)) {
+		DEBUG(0,("pdb_getsampwent: Bad SAM_ACCOUNT entry returned from TDB!\n"));
+		SAFE_FREE(data.dptr);
+		tdb_close(pwd_tdb);
+		return False;
+	}
+	SAFE_FREE(data.dptr);
+
+	/* no further use for database, close it now */
+	tdb_close(pwd_tdb);
+	
+	return True;
+}
+
+/***************************************************************************
+ Search by rid
+ **************************************************************************/
+
+static BOOL tdbsam_getsampwrid (struct pdb_context *context, SAM_ACCOUNT *user, uint32 rid)
+{
+	struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)context->pdb_selected->private_data;
+	TDB_CONTEXT 		*pwd_tdb;
+	TDB_DATA 		data, key;
+	fstring 		keystr;
+	fstring			name;
+	
+	if (user==NULL) {
+		DEBUG(0,("pdb_getsampwrid: SAM_ACCOUNT is NULL.\n"));
+		return False;
+	}
+
+	/* set search key */
+	slprintf(keystr, sizeof(keystr)-1, "%s%.8x", RIDPREFIX, rid);
+	key.dptr = keystr;
+	key.dsize = strlen (keystr) + 1;
+
+	/* open the accounts TDB */
+	if (!(pwd_tdb = tdb_open_log(tdb_state->tdbsam_location, 0, TDB_DEFAULT, O_RDONLY, 0600))) {
+		DEBUG(0, ("pdb_getsampwrid: Unable to open TDB rid database!\n"));
+		return False;
+	}
+
+	/* get the record */
+	data = tdb_fetch (pwd_tdb, key);
+	if (!data.dptr) {
+		DEBUG(5,("pdb_getsampwrid (TDB): error looking up RID %d by key %s.\n", rid, keystr));
+		DEBUGADD(5, (" Error: %s\n", tdb_errorstr(pwd_tdb)));
+		tdb_close (pwd_tdb);
+		return False;
+	}
+
+	fstrcpy (name, data.dptr);
+	SAFE_FREE(data.dptr);
+	
+	tdb_close (pwd_tdb);
+	
+	return tdbsam_getsampwnam (context, user, name);
+}
+
+/***************************************************************************
+ Delete a SAM_ACCOUNT
+****************************************************************************/
+
+static BOOL tdbsam_delete_sam_account(struct pdb_context *context, const SAM_ACCOUNT *sam_pass)
+{
+	struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)context->pdb_selected->private_data;
+	TDB_CONTEXT 	*pwd_tdb;
+	TDB_DATA 	key;
+	fstring 	keystr;
+	uint32		rid;
+	fstring		name;
+	
+	unix_strlower(pdb_get_username(sam_pass), -1, name, sizeof(name));
+	
+	/* open the TDB */
+	if (!(pwd_tdb = tdb_open_log(tdb_state->tdbsam_location, 0, TDB_DEFAULT, O_RDWR, 0600))) {
+		DEBUG(0, ("Unable to open TDB passwd!"));
+		return False;
+	}
+  
+  	/* set the search key */
+	slprintf(keystr, sizeof(keystr)-1, "%s%s", USERPREFIX, name);
+	key.dptr = keystr;
+	key.dsize = strlen (keystr) + 1;
+	
+	rid = pdb_get_user_rid(sam_pass);
+
+	/* it's outaa here!  8^) */
+	if (tdb_delete(pwd_tdb, key) != TDB_SUCCESS) {
+		DEBUG(5, ("Error deleting entry from tdb passwd database!\n"));
+		DEBUGADD(5, (" Error: %s\n", tdb_errorstr(pwd_tdb)));
+		tdb_close(pwd_tdb); 
+		return False;
+	}	
+
+	/* delete also the RID key */
+
+  	/* set the search key */
+	slprintf(keystr, sizeof(keystr)-1, "%s%.8x", RIDPREFIX, rid);
+	key.dptr = keystr;
+	key.dsize = strlen (keystr) + 1;
+
+	/* it's outaa here!  8^) */
+	if (tdb_delete(pwd_tdb, key) != TDB_SUCCESS) {
+		DEBUG(5, ("Error deleting entry from tdb rid database!\n"));
+		DEBUGADD(5, (" Error: %s\n", tdb_errorstr(pwd_tdb)));
+		tdb_close(pwd_tdb); 
+		return False;
+	}
+	
+	tdb_close(pwd_tdb);
+	
+	return True;
+}
+
+/***************************************************************************
+ Update the TDB SAM
+****************************************************************************/
+
+static BOOL tdb_update_sam(struct pdb_context *context, const SAM_ACCOUNT* newpwd, int flag)
+{
+	struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)context->pdb_selected->private_data;
+	TDB_CONTEXT 	*pwd_tdb = NULL;
+	TDB_DATA 	key, data;
+	uint8		*buf = NULL;
+	fstring 	keystr;
+	fstring		name;
+	BOOL		ret = True;
+	uint32		user_rid;
+	int32		tdb_ret;
+
+	/* invalidate the existing TDB iterator if it is open */
+	if (tdb_state->passwd_tdb) {
+		tdb_close(tdb_state->passwd_tdb);
+		tdb_state->passwd_tdb = NULL;
+	}
+
+ 	/* open the account TDB passwd*/
+	pwd_tdb = tdb_open_log(tdb_state->tdbsam_location, 0, TDB_DEFAULT, O_RDWR | O_CREAT, 0600);
+  	if (!pwd_tdb)
+	{
+		DEBUG(0, ("tdb_update_sam: Unable to open TDB passwd (%s)!\n", tdb_state->tdbsam_location));
+		return False;
+	}
+
+	/* if flag == TDB_INSERT then make up a new RID else throw an error. */
+	if (!(user_rid = pdb_get_user_rid(newpwd))) {
+		if (flag & TDB_INSERT) {
+			user_rid = BASE_RID;
+		        tdb_ret = tdb_change_int32_atomic(pwd_tdb, "RID_COUNTER", &user_rid, RID_MULTIPLIER);
+			if (tdb_ret == -1) {
+				ret = False;
+				goto done;
+			}
+			pdb_set_user_rid(newpwd, user_rid);
+		} else {
+			DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a RID\n",pdb_get_username(newpwd)));
+			ret = False;
+			goto done;
+		}
+	}
+
+	if (!pdb_get_group_rid(newpwd)) {
+		if (flag & TDB_INSERT) {
+			if (!tdb_state->permit_non_unix_accounts) {
+				DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a primary group RID\n",pdb_get_username(newpwd)));
+				ret = False;
+				goto done;
+			} else {
+				/* This seems like a good default choice for non-unix users */
+				pdb_set_group_rid(newpwd, DOMAIN_GROUP_RID_USERS);
+			}
+		} else {
+			DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a primary group RID\n",pdb_get_username(newpwd)));
+			ret = False;
+			goto done;
+		}
+	}
+
+	/* copy the SAM_ACCOUNT struct into a BYTE buffer for storage */
+	if ((data.dsize=init_buffer_from_sam (tdb_state, &buf, newpwd)) == -1) {
+		DEBUG(0,("tdb_update_sam: ERROR - Unable to copy SAM_ACCOUNT info BYTE buffer!\n"));
+		ret = False;
+		goto done;
+	}
+	data.dptr = buf;
+
+	unix_strlower(pdb_get_username(newpwd), -1, name, sizeof(name));
+	
+	DEBUG(5, ("Storing %saccount %s with RID %d\n", flag == TDB_INSERT ? "(new) " : "", name, user_rid));
+
+  	/* setup the USER index key */
+	slprintf(keystr, sizeof(keystr)-1, "%s%s", USERPREFIX, name);
+	key.dptr = keystr;
+	key.dsize = strlen (keystr) + 1;
+
+	/* add the account */
+	if (tdb_store(pwd_tdb, key, data, flag) != TDB_SUCCESS) {
+		DEBUG(0, ("Unable to modify passwd TDB!"));
+		DEBUGADD(0, (" Error: %s", tdb_errorstr(pwd_tdb)));
+		DEBUGADD(0, (" occured while storing the main record (%s)\n", keystr));
+		ret = False;
+		goto done;
+	}
+	
+	/* setup RID data */
+	data.dsize = sizeof(fstring);
+	data.dptr = name;
+
+	/* setup the RID index key */
+	slprintf(keystr, sizeof(keystr)-1, "%s%.8x", RIDPREFIX, user_rid);
+	key.dptr = keystr;
+	key.dsize = strlen (keystr) + 1;
+	
+	/* add the reference */
+	if (tdb_store(pwd_tdb, key, data, flag) != TDB_SUCCESS) {
+		DEBUG(0, ("Unable to modify TDB passwd !"));
+		DEBUGADD(0, (" Error: %s\n", tdb_errorstr(pwd_tdb)));
+		DEBUGADD(0, (" occured while storing the RID index (%s)\n", keystr));
+		ret = False;
+		goto done;
+	}
+
+done:	
+	/* cleanup */
+	tdb_close (pwd_tdb);
+	SAFE_FREE(buf);
+	
+	return (ret);	
+}
+
+/***************************************************************************
+ Modifies an existing SAM_ACCOUNT
+****************************************************************************/
+
+static BOOL tdbsam_update_sam_account (struct pdb_context *context, const SAM_ACCOUNT *newpwd)
+{
+	return (tdb_update_sam(context, newpwd, TDB_MODIFY));
+}
+
+/***************************************************************************
+ Adds an existing SAM_ACCOUNT
+****************************************************************************/
+
+static BOOL tdbsam_add_sam_account (struct pdb_context *context, const SAM_ACCOUNT *newpwd)
+{
+	return (tdb_update_sam(context, newpwd, TDB_INSERT));
+}
+
+static void free_private_data(void **vp) 
+{
+	struct tdbsam_privates **tdb_state = (struct tdbsam_privates **)vp;
+	close_tdb(*tdb_state);
+	*tdb_state = NULL;
+
+	/* No need to free any further, as it is talloc()ed */
+}
+
+
+NTSTATUS pdb_init_tdbsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
+{
+	NTSTATUS nt_status;
+	struct tdbsam_privates *tdb_state;
+
+	if (!NT_STATUS_IS_OK(nt_status = make_pdb_methods(pdb_context->mem_ctx, pdb_method))) {
+		return nt_status;
+	}
+
+	(*pdb_method)->name = "tdbsam";
+
+	(*pdb_method)->setsampwent = tdbsam_setsampwent;
+	(*pdb_method)->endsampwent = tdbsam_endsampwent;
+	(*pdb_method)->getsampwent = tdbsam_getsampwent;
+	(*pdb_method)->getsampwnam = tdbsam_getsampwnam;
+	(*pdb_method)->getsampwrid = tdbsam_getsampwrid;
+	(*pdb_method)->add_sam_account = tdbsam_add_sam_account;
+	(*pdb_method)->update_sam_account = tdbsam_update_sam_account;
+	(*pdb_method)->delete_sam_account = tdbsam_delete_sam_account;
+
+	tdb_state = talloc_zero(pdb_context->mem_ctx, sizeof(struct tdbsam_privates));
+
+	if (!tdb_state) {
+		DEBUG(0, ("talloc() failed for tdbsam private_data!\n"));
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (location) {
+		tdb_state->tdbsam_location = talloc_strdup(pdb_context->mem_ctx, location);
+	} else {
+		pstring tdbfile;
+		get_private_directory(tdbfile);
+		pstrcat(tdbfile, "/");
+		pstrcat(tdbfile, PASSDB_FILE_NAME);
+		tdb_state->tdbsam_location = talloc_strdup(pdb_context->mem_ctx, tdbfile);
+	}
+
+	(*pdb_method)->private_data = tdb_state;
+
+	(*pdb_method)->free_private_data = free_private_data;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS pdb_init_tdbsam_nua(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
+{
+	NTSTATUS nt_status;
+	struct tdbsam_privates *tdb_state;
+	uint32 low_nua_uid, high_nua_uid;
+
+	if (!NT_STATUS_IS_OK(nt_status = pdb_init_tdbsam(pdb_context, pdb_method, location))) {
+		return nt_status;
+	}
+
+	(*pdb_method)->name = "tdbsam_nua";
+
+	tdb_state = (*pdb_method)->private_data;
+	
+	tdb_state->permit_non_unix_accounts = True;
+
+	if (!lp_non_unix_account_range(&low_nua_uid, &high_nua_uid)) {
+		DEBUG(0, ("cannot use tdbsam_nua without 'non unix account range' in smb.conf!\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+/*	tdb_state->low_nua_rid=fallback_pdb_uid_to_user_rid(low_nua_uid);
+
+	tdb_state->high_nua_rid=fallback_pdb_uid_to_user_rid(high_nua_uid);
+*/
+	return NT_STATUS_OK;
+}
+
+
+#else
+
+NTSTATUS pdb_init_tdbsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
+{
+	DEBUG(0, ("tdbsam not compiled in!\n"));
+	return NT_STATUS_UNSUCCESSFUL;
+}
+
+NTSTATUS pdb_init_tdbsam_nua(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
+{
+	DEBUG(0, ("tdbsam_nua not compiled in!\n"));
+	return NT_STATUS_UNSUCCESSFUL;
+}
+
+
+#endif
diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c
new file mode 100644
index 0000000000..b3507a1392
--- /dev/null
+++ b/source3/passdb/secrets.c
@@ -0,0 +1,359 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Copyright (C) Andrew Tridgell 1992-2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+/* the Samba secrets database stores any generated, private information
+   such as the local SID and machine trust password */
+
+#include "includes.h"
+
+static TDB_CONTEXT *tdb;
+
+/* open up the secrets database */
+BOOL secrets_init(void)
+{
+	pstring fname;
+
+	if (tdb)
+		return True;
+
+	pstrcpy(fname, lp_private_dir());
+	pstrcat(fname,"/secrets.tdb");
+
+	tdb = tdb_open_log(fname, 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
+
+	if (!tdb) {
+		DEBUG(0,("Failed to open %s\n", fname));
+		return False;
+	}
+	return True;
+}
+
+/* read a entry from the secrets database - the caller must free the result
+   if size is non-null then the size of the entry is put in there
+ */
+void *secrets_fetch(char *key, size_t *size)
+{
+	TDB_DATA kbuf, dbuf;
+	secrets_init();
+	if (!tdb)
+		return NULL;
+	kbuf.dptr = key;
+	kbuf.dsize = strlen(key);
+	dbuf = tdb_fetch(tdb, kbuf);
+	if (size)
+		*size = dbuf.dsize;
+	return dbuf.dptr;
+}
+
+/* store a secrets entry 
+ */
+BOOL secrets_store(char *key, void *data, size_t size)
+{
+	TDB_DATA kbuf, dbuf;
+	secrets_init();
+	if (!tdb)
+		return False;
+	kbuf.dptr = key;
+	kbuf.dsize = strlen(key);
+	dbuf.dptr = data;
+	dbuf.dsize = size;
+	return tdb_store(tdb, kbuf, dbuf, TDB_REPLACE) == 0;
+}
+
+
+/* delete a secets database entry
+ */
+BOOL secrets_delete(char *key)
+{
+	TDB_DATA kbuf;
+	secrets_init();
+	if (!tdb)
+		return False;
+	kbuf.dptr = key;
+	kbuf.dsize = strlen(key);
+	return tdb_delete(tdb, kbuf) == 0;
+}
+
+BOOL secrets_store_domain_sid(char *domain, DOM_SID *sid)
+{
+	fstring key;
+
+	slprintf(key, sizeof(key)-1, "%s/%s", SECRETS_DOMAIN_SID, domain);
+	strupper(key);
+	return secrets_store(key, sid, sizeof(DOM_SID));
+}
+
+BOOL secrets_fetch_domain_sid(char *domain, DOM_SID *sid)
+{
+	DOM_SID *dyn_sid;
+	fstring key;
+	size_t size;
+
+	slprintf(key, sizeof(key)-1, "%s/%s", SECRETS_DOMAIN_SID, domain);
+	strupper(key);
+	dyn_sid = (DOM_SID *)secrets_fetch(key, &size);
+
+	if (dyn_sid == NULL)
+		return False;
+
+	if (size != sizeof(DOM_SID))
+	{ 
+		SAFE_FREE(dyn_sid);
+		return False;
+	}
+
+	*sid = *dyn_sid;
+	SAFE_FREE(dyn_sid);
+	return True;
+}
+
+
+/************************************************************************
+form a key for fetching the machine trust account password
+************************************************************************/
+char *trust_keystr(char *domain)
+{
+	static fstring keystr;
+
+	slprintf(keystr,sizeof(keystr)-1,"%s/%s", 
+		 SECRETS_MACHINE_ACCT_PASS, domain);
+	strupper(keystr);
+
+	return keystr;
+}
+
+/**
+ * Form a key for fetching a trusted domain password
+ *
+ * @param domain domain name
+ *
+ * @return stored password's key
+ **/
+char *trustdom_keystr(char *domain)
+{
+	static char* keystr;
+
+	asprintf(&keystr, "%s/%s", SECRETS_DOMTRUST_ACCT_PASS, domain);
+	strupper(keystr);
+		
+	return keystr;
+}
+
+/************************************************************************
+ Routine to get the machine trust account password for a domain.
+************************************************************************/
+BOOL secrets_fetch_trust_account_password(char *domain, uint8 ret_pwd[16],
+					  time_t *pass_last_set_time)
+{
+	struct machine_acct_pass *pass;
+	char *plaintext;
+	size_t size;
+
+	plaintext = secrets_fetch_machine_password();
+	if (plaintext) {
+		/* we have an ADS password - use that */
+		DEBUG(4,("Using ADS machine password\n"));
+		E_md4hash((uchar *)plaintext, ret_pwd);
+		SAFE_FREE(plaintext);
+		return True;
+	}
+
+	if (!(pass = secrets_fetch(trust_keystr(domain), &size))) {
+		DEBUG(5, ("secrets_fetch failed!\n"));
+		return False;
+	}
+	
+	if (size != sizeof(*pass)) {
+		DEBUG(0, ("secrets were of incorrect size!\n"));
+		return False;
+	}
+
+	if (pass_last_set_time) *pass_last_set_time = pass->mod_time;
+	memcpy(ret_pwd, pass->hash, 16);
+	SAFE_FREE(pass);
+	return True;
+}
+
+/************************************************************************
+ Routine to get account password to trusted domain
+************************************************************************/
+BOOL secrets_fetch_trusted_domain_password(char *domain, char** pwd,
+				DOM_SID *sid, time_t *pass_last_set_time)
+{
+	struct trusted_dom_pass *pass;
+	size_t size;
+
+	if (!(pass = secrets_fetch(trustdom_keystr(domain), &size))) {
+		DEBUG(5, ("secrets_fetch failed!\n"));
+		return False;
+	}
+	
+	if (size != sizeof(*pass)) {
+		DEBUG(0, ("secrets were of incorrect size!\n"));
+		return False;
+	}
+	
+	if (pwd) {
+		*pwd = strdup(pass->pass);
+		if (!*pwd) {
+			return False;
+		}
+	}
+
+	if (pass_last_set_time) *pass_last_set_time = pass->mod_time;
+
+	memcpy(&sid, &(pass->domain_sid), sizeof(sid));
+	SAFE_FREE(pass);
+	
+	return True;
+}
+
+/************************************************************************
+ Routine to set the trust account password for a domain.
+************************************************************************/
+BOOL secrets_store_trust_account_password(char *domain, uint8 new_pwd[16])
+{
+	struct machine_acct_pass pass;
+
+	pass.mod_time = time(NULL);
+	memcpy(pass.hash, new_pwd, 16);
+
+	return secrets_store(trust_keystr(domain), (void *)&pass, sizeof(pass));
+}
+
+/**
+ * Routine to set the password for trusted domain
+ *
+ * @param domain remote domain name
+ * @param pwd plain text password of trust relationship
+ * @param sid remote domain sid
+ *
+ * @return true if succeeded
+ **/
+
+BOOL secrets_store_trusted_domain_password(char* domain, char* pwd,
+					   DOM_SID sid)
+{
+	struct trusted_dom_pass pass;
+	ZERO_STRUCT(pass);
+
+	pass.mod_time = time(NULL);
+
+	pass.pass_len = strlen(pwd);
+	fstrcpy(pass.pass, pwd);
+
+	memcpy(&(pass.domain_sid), &sid, sizeof(sid));
+	
+	return secrets_store(trustdom_keystr(domain), (void *)&pass, sizeof(pass));
+}
+
+/************************************************************************
+ Routine to set the plaintext machine account password for a realm
+the password is assumed to be a null terminated ascii string
+************************************************************************/
+BOOL secrets_store_machine_password(char *pass)
+{
+	char *key;
+	BOOL ret;
+	asprintf(&key, "%s/%s", SECRETS_MACHINE_PASSWORD, lp_workgroup());
+	strupper(key);
+	ret = secrets_store(key, pass, strlen(pass)+1);
+	free(key);
+	return ret;
+}
+
+
+/************************************************************************
+ Routine to fetch the plaintext machine account password for a realm
+the password is assumed to be a null terminated ascii string
+************************************************************************/
+char *secrets_fetch_machine_password(void)
+{
+	char *key;
+	char *ret;
+	asprintf(&key, "%s/%s", SECRETS_MACHINE_PASSWORD, lp_workgroup());
+	strupper(key);
+	ret = (char *)secrets_fetch(key, NULL);
+	free(key);
+	return ret;
+}
+
+
+
+/************************************************************************
+ Routine to delete the machine trust account password file for a domain.
+************************************************************************/
+
+BOOL trust_password_delete(char *domain)
+{
+	return secrets_delete(trust_keystr(domain));
+}
+
+/************************************************************************
+ Routine to delete the password for trusted domain
+************************************************************************/
+BOOL trusted_domain_password_delete(char *domain)
+{
+	return secrets_delete(trustdom_keystr(domain));
+}
+
+
+/*******************************************************************
+ Reset the 'done' variables so after a client process is created
+ from a fork call these calls will be re-done. This should be
+ expanded if more variables need reseting.
+ ******************************************************************/
+
+void reset_globals_after_fork(void)
+{
+	unsigned char dummy;
+
+	secrets_init();
+
+	/*
+	 * Increment the global seed value to ensure every smbd starts
+	 * with a new random seed.
+	 */
+
+	if (tdb) {
+		uint32 initial_val = sys_getpid();
+		tdb_change_int32_atomic(tdb, "INFO/random_seed", (int *)&initial_val, 1);
+		set_rand_reseed_data((unsigned char *)&initial_val, sizeof(initial_val));
+	}
+
+	/*
+	 * Re-seed the random crypto generator, so all smbd's
+	 * started from the same parent won't generate the same
+	 * sequence.
+	 */
+	generate_random_buffer( &dummy, 1, True);
+}
+
+BOOL secrets_store_ldap_pw(char* dn, char* pw)
+{
+	fstring key;
+	char *p;
+	
+	pstrcpy(key, dn);
+	for (p=key; *p; p++)
+		if (*p == ',') *p = '/';
+	
+	return secrets_store(key, pw, strlen(pw));
+}
+
diff --git a/source3/passdb/smbpass.c b/source3/passdb/smbpass.c
deleted file mode 100644
index 2dec15ffb4..0000000000
--- a/source3/passdb/smbpass.c
+++ /dev/null
@@ -1,304 +0,0 @@
-#ifdef SMB_PASSWD
-/*
- * Unix SMB/Netbios implementation. Version 1.9. SMB parameters and setup
- * Copyright (C) Andrew Tridgell 1992-1995 Modified by Jeremy Allison 1995.
- * 
- * This program is free software; you can redistribute it and/or modify it under
- * the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- * 
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
- * more details.
- * 
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 675
- * Mass Ave, Cambridge, MA 02139, USA.
- */
-
-#include "includes.h"
-#include "loadparm.h"
-
-extern int      DEBUGLEVEL;
-
-int             gotalarm;
-
-void 
-gotalarm_sig()
-{
-	gotalarm = 1;
-}
-
-int 
-do_pw_lock(int fd, int waitsecs, int type)
-{
-	struct flock    lock;
-	int             ret;
-
-	gotalarm = 0;
-	signal(SIGALRM, SIGNAL_CAST gotalarm_sig);
-
-	lock.l_type = type;
-	lock.l_whence = SEEK_SET;
-	lock.l_start = 0;
-	lock.l_len = 1;
-	lock.l_pid = 0;
-
-	alarm(5);
-	ret = fcntl(fd, F_SETLKW, &lock);
-	alarm(0);
-	signal(SIGALRM, SIGNAL_CAST SIG_DFL);
-
-	if (gotalarm) {
-		DEBUG(0, ("do_pw_lock: failed to %s SMB passwd file.\n",
-			  type == F_UNLCK ? "unlock" : "lock"));
-		return -1;
-	}
-	return ret;
-}
-
-int 
-pw_file_lock(char *name, int type, int secs)
-{
-	int             fd = open(name, O_RDWR | O_CREAT, 0666);
-	if (fd < 0)
-		return (-1);
-	if (do_pw_lock(fd, secs, type)) {
-		close(fd);
-		return -1;
-	}
-	return fd;
-}
-
-int 
-pw_file_unlock(int fd)
-{
-	do_pw_lock(fd, 5, F_UNLCK);
-	return close(fd);
-}
-
-/*
- * Routine to get the next 32 hex characters and turn them
- * into a 16 byte array.
- */
-
-static int gethexpwd(char *p, char *pwd)
-{
-	int i;
-	unsigned char   lonybble, hinybble;
-	char           *hexchars = "0123456789ABCDEF";
-	char           *p1, *p2;
-
-	for (i = 0; i < 32; i += 2) {
-		hinybble = toupper(p[i]);
-		lonybble = toupper(p[i + 1]);
- 
-		p1 = strchr(hexchars, hinybble);
-		p2 = strchr(hexchars, lonybble);
-		if (!p1 || !p2)
-			return (False);
-		hinybble = PTR_DIFF(p1, hexchars);
-		lonybble = PTR_DIFF(p2, hexchars);
- 
-		pwd[i / 2] = (hinybble << 4) | lonybble;
-	}
-	return (True);
-}
-
-/*
- * Routine to search the smbpasswd file for an entry matching the username.
- */
-struct smb_passwd *
-get_smbpwnam(char *name)
-{
-	/* Static buffers we will return. */
-	static struct smb_passwd pw_buf;
-	static pstring  user_name;
-	static unsigned char smbpwd[16];
-	static unsigned char smbntpwd[16];
-	char            linebuf[256];
-	char            readbuf[16 * 1024];
-	unsigned char   c;
-	unsigned char  *p;
-	long            uidval;
-	long            linebuf_len;
-	FILE           *fp;
-	int             lockfd;
-	char           *pfile = lp_smb_passwd_file();
-
-	if (!*pfile) {
-		DEBUG(0, ("No SMB password file set\n"));
-		return (NULL);
-	}
-	DEBUG(10, ("get_smbpwnam: opening file %s\n", pfile));
-
-	fp = fopen(pfile, "r");
-
-	if (fp == NULL) {
-		DEBUG(0, ("get_smbpwnam: unable to open file %s\n", pfile));
-		return NULL;
-	}
-	/* Set a 16k buffer to do more efficient reads */
-	setvbuf(fp, readbuf, _IOFBF, sizeof(readbuf));
-
-	if ((lockfd = pw_file_lock(pfile, F_RDLCK, 5)) < 0) {
-		DEBUG(0, ("get_smbpwnam: unable to lock file %s\n", pfile));
-		fclose(fp);
-		return NULL;
-	}
-	/* make sure it is only rw by the owner */
-	chmod(pfile, 0600);
-
-	/* We have a read lock on the file. */
-	/*
-	 * Scan the file, a line at a time and check if the name matches.
-	 */
-	while (!feof(fp)) {
-		linebuf[0] = '\0';
-
-		fgets(linebuf, 256, fp);
-		if (ferror(fp)) {
-			fclose(fp);
-			pw_file_unlock(lockfd);
-			return NULL;
-		}
-		/*
-		 * Check if the string is terminated with a newline - if not
-		 * then we must keep reading and discard until we get one.
-		 */
-		linebuf_len = strlen(linebuf);
-		if (linebuf[linebuf_len - 1] != '\n') {
-			c = '\0';
-			while (!ferror(fp) && !feof(fp)) {
-				c = fgetc(fp);
-				if (c == '\n')
-					break;
-			}
-		} else
-			linebuf[linebuf_len - 1] = '\0';
-
-#ifdef DEBUG_PASSWORD
-		DEBUG(100, ("get_smbpwnam: got line |%s|\n", linebuf));
-#endif
-		if ((linebuf[0] == 0) && feof(fp)) {
-			DEBUG(4, ("get_smbpwnam: end of file reached\n"));
-			break;
-		}
-		/*
-		 * The line we have should be of the form :-
-		 * 
-		 * username:uid:[32hex bytes]:....other flags presently
-		 * ignored....
-		 * 
-		 * or,
-		 *
-		 * username:uid:[32hex bytes]:[32hex bytes]:....ignored....
-		 *
-		 * if Windows NT compatible passwords are also present.
-		 */
-
-		if (linebuf[0] == '#' || linebuf[0] == '\0') {
-			DEBUG(6, ("get_smbpwnam: skipping comment or blank line\n"));
-			continue;
-		}
-		p = (unsigned char *) strchr(linebuf, ':');
-		if (p == NULL) {
-			DEBUG(0, ("get_smbpwnam: malformed password entry (no :)\n"));
-			continue;
-		}
-		/*
-		 * As 256 is shorter than a pstring we don't need to check
-		 * length here - if this ever changes....
-		 */
-		strncpy(user_name, linebuf, PTR_DIFF(p, linebuf));
-		user_name[PTR_DIFF(p, linebuf)] = '\0';
-		if (!strequal(user_name, name))
-			continue;
-
-		/* User name matches - get uid and password */
-		p++;		/* Go past ':' */
-		if (!isdigit(*p)) {
-			DEBUG(0, ("get_smbpwnam: malformed password entry (uid not number)\n"));
-			fclose(fp);
-			pw_file_unlock(lockfd);
-			return NULL;
-		}
-		uidval = atoi((char *) p);
-		while (*p && isdigit(*p))
-			p++;
-		if (*p != ':') {
-			DEBUG(0, ("get_smbpwnam: malformed password entry (no : after uid)\n"));
-			fclose(fp);
-			pw_file_unlock(lockfd);
-			return NULL;
-		}
-		/*
-		 * Now get the password value - this should be 32 hex digits
-		 * which are the ascii representations of a 16 byte string.
-		 * Get two at a time and put them into the password.
-		 */
-		p++;
-		if (*p == '*' || *p == 'X') {
-			/* Password deliberately invalid - end here. */
-			DEBUG(10, ("get_smbpwnam: entry invalidated for user %s\n", user_name));
-			fclose(fp);
-			pw_file_unlock(lockfd);
-			return NULL;
-		}
-		if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) {
-			DEBUG(0, ("get_smbpwnam: malformed password entry (passwd too short)\n"));
-			fclose(fp);
-			pw_file_unlock(lockfd);
-			return (False);
-		}
-		if (p[32] != ':') {
-			DEBUG(0, ("get_smbpwnam: malformed password entry (no terminating :)\n"));
-			fclose(fp);
-			pw_file_unlock(lockfd);
-			return NULL;
-		}
-		if (!strncasecmp((char *) p, "NO PASSWORD", 11)) {
-			pw_buf.smb_passwd = NULL;
-		} else {
-			if(!gethexpwd(p,smbpwd)) {
-				DEBUG(0, ("Malformed Lanman password entry (non hex chars)\n"));
-				fclose(fp);
-				pw_file_unlock(lockfd);
-				return NULL;
-			}
-			pw_buf.smb_passwd = smbpwd;
-		}
-		pw_buf.smb_name = user_name;
-		pw_buf.smb_userid = uidval;
-		pw_buf.smb_nt_passwd = NULL;
-
-		/* Now check if the NT compatible password is
-			available. */
-		p += 33; /* Move to the first character of the line after
-					the lanman password. */
-		if ((linebuf_len >= (PTR_DIFF(p, linebuf) + 33)) && (p[32] == ':')) {
-			if (*p != '*' && *p != 'X') {
-				if(gethexpwd(p,smbntpwd))
-					pw_buf.smb_nt_passwd = smbntpwd;
-			}
-		}
-
-		fclose(fp);
-		pw_file_unlock(lockfd);
-		DEBUG(5, ("get_smbpwname: returning passwd entry for user %s, uid %d\n",
-			  user_name, uidval));
-		return &pw_buf;
-	}
-
-	fclose(fp);
-	pw_file_unlock(lockfd);
-	return NULL;
-}
-#else
-void 
-smbpass_dummy(void)
-{
-}				/* To avoid compiler complaints */
-#endif
diff --git a/source3/po/de.msg b/source3/po/de.msg
new file mode 100644
index 0000000000..6a8da43ae3
--- /dev/null
+++ b/source3/po/de.msg
@@ -0,0 +1,1707 @@
+# German messages for international release of SWAT.
+# Copyright (C) 2001 Andreas Moroder
+
+msgid ""
+msgstr ""
+"Project-Id-Version: i18n_swat \n"
+"POT-Creation-Date: 2001-10-27 14:05+0100\n"
+"PO-Revision-Date: 2000-02-08 14:45+0100\n"
+"Last-Translator: Andreas Moroder"
+"Language-Team: (Samba Team) <samba-technical@samba.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=US-ASCII\n"
+"Content-Transfer-Encoding: \n"
+
+#: web/swat.c:120
+#, c-format
+msgid "ERROR: Can't open %s\n"
+msgstr "ERRORE: Kann %s nicht öffnen\n"
+
+#.
+#. str = stripspace(parm->label);
+#. strlower (str); //monyo
+#. d_printf("<tr><td><A HREF=\"/swat/help/smb.conf.5.html#%s\" target=\"docs\">%s</A>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; %s</td><td>",
+#. str, _("Help"), parm->label);
+#.
+#: web/swat.c:211
+msgid "Help"
+msgstr "Hilfe"
+
+#: web/swat.c:217 web/swat.c:231 web/swat.c:246 web/swat.c:254 web/swat.c:263
+#: web/swat.c:272 web/swat.c:278 web/swat.c:284 web/swat.c:297
+msgid "Set Default"
+msgstr "Setze Standardwerte"
+
+#: web/swat.c:502
+#, c-format
+msgid "Logged in as <b>%s</b><p>\n"
+msgstr "Verbunden als <b>%s</b><p>\n"
+
+#: web/swat.c:505
+msgid "Home"
+msgstr "Home"
+
+#: web/swat.c:507
+msgid "Globals"
+msgstr "Globals"
+
+#: web/swat.c:508
+msgid "Shares"
+msgstr "Freigaben"
+
+#: web/swat.c:509
+msgid "Printers"
+msgstr "Drucker"
+
+#: web/swat.c:512
+msgid "Status"
+msgstr "Status"
+
+#: web/swat.c:513
+msgid "View Config"
+msgstr "Zeige Konfiguration"
+
+#: web/swat.c:515
+msgid "Password Management"
+msgstr "Passwortverwaltung"
+
+#: web/swat.c:539
+msgid "Current Config"
+msgstr "Aktuelle Konfiguration"
+
+#: web/swat.c:543
+msgid "Normal View"
+msgstr "Normale Ansich"
+
+#: web/swat.c:545
+msgid "Full View"
+msgstr "Komplette Ansicht"
+
+#: web/swat.c:561
+msgid "Global Variables"
+msgstr "Globale Variablen"
+
+#: web/swat.c:575 web/swat.c:671 web/swat.c:1014
+msgid "Commit Changes"
+msgstr "Speichere Änderungen"
+
+#: web/swat.c:579 web/swat.c:674 web/swat.c:1016
+msgid "Reset Values"
+msgstr "Setze Werte zurück"
+
+#: web/swat.c:581 web/swat.c:676 web/swat.c:1018
+msgid "Advanced View"
+msgstr "Erweiterte Ansicht"
+
+#: web/swat.c:583 web/swat.c:678 web/swat.c:1020
+msgid "Basic View"
+msgstr "Basis Ansicht"
+
+#: web/swat.c:613
+msgid "Share Parameters"
+msgstr "Parameter der Freigabe"
+
+#: web/swat.c:642
+msgid "Choose Share"
+msgstr "Wähle Freigabe"
+
+#: web/swat.c:656
+msgid "Delete Share"
+msgstr "Lösche Freigabe"
+
+#: web/swat.c:663
+msgid "Create Share"
+msgstr "Erstelle Freigabe"
+
+#: web/swat.c:708
+msgid "password change in demo mode rejected\n"
+msgstr "Änderung des Passworts im Demo modus nicht aktiv"
+
+#: web/swat.c:747
+msgid " Must specify \"User Name\" \n"
+msgstr " \"Benutzername\" muss angegeben werden \n"
+
+#: web/swat.c:763
+msgid " Must specify \"Old Password\" \n"
+msgstr " \"Altes Passwort\" muß angegeben werden \n"
+
+#: web/swat.c:769
+msgid " Must specify \"Remote Machine\" \n"
+msgstr " \"Remote Maschine\" muß angegeben werden \n"
+
+#: web/swat.c:776
+msgid " Must specify \"New, and Re-typed Passwords\" \n"
+msgstr " "Neues/Bestätige Passwort" muß angegeben werden \n"
+
+#: web/swat.c:782
+msgid " Re-typed password didn't match new password\n"
+msgstr " Das bestätigte Passwort stimmt nicht mit dem neuen Passwort überein\n"
+
+#: web/swat.c:812
+#, c-format
+msgid " The passwd for '%s' has been changed. \n"
+msgstr " Das Passwort für '%s' wurde geändert. \n"
+
+#: web/swat.c:814
+#, c-format
+msgid " The passwd for '%s' has NOT been changed. \n"
+msgstr " Das Passwort für '%s' wurde nicht geändert. \n"
+
+#: web/swat.c:838
+msgid "Server Password Management"
+msgstr "Verwaltung des Server Passwortes"
+
+#.
+#. * Create all the dialog boxes for data collection
+#.
+#: web/swat.c:847 web/swat.c:894
+msgid " User Name : "
+msgstr " Benutzername : "
+
+#: web/swat.c:850 web/swat.c:896
+msgid " Old Password : "
+msgstr " Altes Passwort : "
+
+#: web/swat.c:853 web/swat.c:898
+msgid " New Password : "
+msgstr " Neues Passwort : "
+
+#: web/swat.c:855 web/swat.c:900
+msgid " Re-type New Password : "
+msgstr " Bestätige neues Passwort : "
+
+#: web/swat.c:863 web/swat.c:911
+msgid "Change Password"
+msgstr "Ändere Passwort"
+
+#: web/swat.c:866
+msgid "Add New User"
+msgstr "Füge Benutzer hinzu"
+
+#: web/swat.c:868
+msgid "Delete User"
+msgstr "Lösche Benutzer"
+
+#: web/swat.c:870
+msgid "Disable User"
+msgstr "Desaktiviere Benutzer"
+
+#: web/swat.c:872
+msgid "Enable User"
+msgstr "Aktiviere Benutzer"
+
+#: web/swat.c:885
+msgid "Client/Server Password Management"
+msgstr "Client/Server Passwort Verwaltung"
+
+#: web/swat.c:902
+msgid " Remote Machine : "
+msgstr " Remote Maschine : "
+
+#: web/swat.c:940
+msgid "Printer Parameters"
+msgstr "Drucker Parameter"
+
+#: web/swat.c:942
+msgid "Important Note:"
+msgstr "Wichtige Hinweise:"
+
+#: web/swat.c:943
+msgid "Printer names marked with [*] in the Choose Printer drop-down box "
+msgstr "Mit [*] gekennzeichnete Druckername in der Druckerauswahlliste"
+
+#: web/swat.c:944
+msgid "are autoloaded printers from "
+msgstr "wurde automatisch geladen von :"
+
+#: web/swat.c:945
+msgid "Printcap Name"
+msgstr "Printcap Name"
+
+#: web/swat.c:946
+msgid "Attempting to delete these printers from SWAT will have no effect.\n"
+msgstr "Der Versuch diese Drucker von SWAT aus zu löschen wird keine Auswirkung haben.\n"
+
+#: web/swat.c:980
+msgid "Choose Printer"
+msgstr "Wähle Drucker"
+
+#: web/swat.c:999
+msgid "Delete Printer"
+msgstr "Lösche Drucker"
+
+#: web/swat.c:1006
+msgid "Create Printer"
+msgstr "Ersteller Drucker"
+
+#: web/statuspage.c:40
+msgid "DENY_NONE"
+msgstr ""
+
+#: web/statuspage.c:41
+msgid "DENY_ALL   "
+msgstr ""
+
+#: web/statuspage.c:42
+msgid "DENY_DOS   "
+msgstr ""
+
+#: web/statuspage.c:43
+msgid "DENY_READ  "
+msgstr ""
+
+#: web/statuspage.c:44
+msgid "DENY_WRITE "
+msgstr ""
+
+#: web/statuspage.c:50
+msgid "RDONLY     "
+msgstr ""
+
+#: web/statuspage.c:51
+msgid "WRONLY     "
+msgstr ""
+
+#: web/statuspage.c:52
+msgid "RDWR       "
+msgstr ""
+
+#: web/statuspage.c:60
+msgid "EXCLUSIVE+BATCH "
+msgstr ""
+
+#: web/statuspage.c:62
+msgid "EXCLUSIVE       "
+msgstr ""
+
+#: web/statuspage.c:64
+msgid "BATCH           "
+msgstr ""
+
+#: web/statuspage.c:66
+msgid "LEVEL_II        "
+msgstr ""
+
+#: web/statuspage.c:68
+msgid "NONE            "
+msgstr ""
+
+#: web/statuspage.c:195
+msgid "Server Status"
+msgstr "Server Status"
+
+#: web/statuspage.c:200
+msgid "Auto Refresh"
+msgstr "Automatische Aktualisierung"
+
+#: web/statuspage.c:201 web/statuspage.c:206
+msgid "Refresh Interval: "
+msgstr "Aktualisierungsintervall: "
+
+#: web/statuspage.c:205
+msgid "Stop Refreshing"
+msgstr "Stop Aktualisierung"
+
+#: web/statuspage.c:220
+msgid "version:"
+msgstr "Version:"
+
+#: web/statuspage.c:223
+msgid "smbd:"
+msgstr ""
+
+#: web/statuspage.c:223 web/statuspage.c:235
+msgid "running"
+msgstr "aktiv"
+
+#: web/statuspage.c:223 web/statuspage.c:235
+msgid "not running"
+msgstr "inaktiv"
+
+#: web/statuspage.c:226
+msgid "Stop smbd"
+msgstr "Stopp smbd"
+
+#: web/statuspage.c:228
+msgid "Start smbd"
+msgstr "Start smbd"
+
+#: web/statuspage.c:230
+msgid "Restart smbd"
+msgstr "Neustart smbd"
+
+#: web/statuspage.c:235
+msgid "nmbd:"
+msgstr ""
+
+#: web/statuspage.c:238
+msgid "Stop nmbd"
+msgstr "Stopp nmbd"
+
+#: web/statuspage.c:240
+msgid "Start nmbd"
+msgstr "Start nmbd"
+
+#: web/statuspage.c:242
+msgid "Restart nmbd"
+msgstr "Neustart nmbd"
+
+#: web/statuspage.c:249
+msgid "Active Connections"
+msgstr "Aktive Verbindungen"
+
+#: web/statuspage.c:251 web/statuspage.c:264 web/statuspage.c:272
+msgid "PID"
+msgstr ""
+
+#: web/statuspage.c:251 web/statuspage.c:264
+msgid "Client"
+msgstr ""
+
+#: web/statuspage.c:251
+msgid "IP address"
+msgstr "IP Adresse"
+
+#: web/statuspage.c:251 web/statuspage.c:264 web/statuspage.c:272
+msgid "Date"
+msgstr "Datum"
+
+#: web/statuspage.c:253
+msgid "Kill"
+msgstr "Kill"
+
+#: web/statuspage.c:261
+msgid "Active Shares"
+msgstr "Aktive Freigaben"
+
+#: web/statuspage.c:264
+msgid "Share"
+msgstr "Freigabe"
+
+#: web/statuspage.c:264
+msgid "User"
+msgstr "Benutzer"
+
+#: web/statuspage.c:264
+msgid "Group"
+msgstr "Gruppe"
+
+#: web/statuspage.c:270
+msgid "Open Files"
+msgstr "Offene Dateien"
+
+#: web/statuspage.c:272
+msgid "Sharing"
+msgstr ""
+
+#: web/statuspage.c:272
+msgid "R/W"
+msgstr ""
+
+#: web/statuspage.c:272
+msgid "Oplock"
+msgstr ""
+
+#: web/statuspage.c:272
+msgid "File"
+msgstr ""
+
+#: param/loadparm.c:641
+msgid "Base Options"
+msgstr "Basisoptionen"
+
+#: param/loadparm.c:643
+msgid "dos charset"
+msgstr "dos Charakterset"
+
+#: param/loadparm.c:644
+msgid "unix charset"
+msgstr "unix Charakterset"
+
+#: param/loadparm.c:645
+msgid "display charset"
+msgstr "Anzeige Charakterset"
+
+#: param/loadparm.c:646
+msgid "comment"
+msgstr "Kommentar"
+
+#: param/loadparm.c:647
+msgid "path"
+msgstr "Pfad"
+
+#: param/loadparm.c:648
+msgid "directory"
+msgstr "Verzeichnis"
+
+#: param/loadparm.c:649
+msgid "workgroup"
+msgstr "Arbeitsgruppe"
+
+#: param/loadparm.c:650
+msgid "netbios name"
+msgstr "netbios name"
+
+#: param/loadparm.c:651
+msgid "netbios aliases"
+msgstr "netbios aliase"
+
+#: param/loadparm.c:652
+msgid "netbios scope"
+msgstr "netbios scope"
+
+#: param/loadparm.c:653
+msgid "server string"
+msgstr "server string"
+
+#: param/loadparm.c:654
+msgid "interfaces"
+msgstr "Schnittstellen"
+
+#: param/loadparm.c:655
+msgid "bind interfaces only"
+msgstr "verwende nur definierte Schnittstellen"
+
+#: param/loadparm.c:657
+msgid "Security Options"
+msgstr "Sicherheitsoptionen"
+
+#: param/loadparm.c:659
+msgid "security"
+msgstr "Sicherheit"
+
+#: param/loadparm.c:660
+msgid "encrypt passwords"
+msgstr "Verschlüsselte Passwörter"
+
+#: param/loadparm.c:661
+msgid "update encrypted"
+msgstr "update Verschlüsselte"
+
+#: param/loadparm.c:662
+msgid "allow trusted domains"
+msgstr "Erlaube Vertrauneswürdige Domänen"
+
+#: param/loadparm.c:663
+msgid "alternate permissions"
+msgstr "Alternative Berechtigungen"
+
+#: param/loadparm.c:664
+msgid "hosts equiv"
+msgstr ""
+
+#: param/loadparm.c:665
+msgid "min passwd length"
+msgstr "Min. Länge Passwort"
+
+#: param/loadparm.c:666
+msgid "min password length"
+msgstr "Min. Länge Passwort"
+
+#: param/loadparm.c:667
+msgid "map to guest"
+msgstr "Map nach Gast"
+
+#: param/loadparm.c:668
+msgid "null passwords"
+msgstr "leere Passwörter"
+
+#: param/loadparm.c:669
+msgid "obey pam restrictions"
+msgstr "Folge pam Einschränkungen"
+
+#: param/loadparm.c:670
+msgid "password server"
+msgstr "Serverpasswort"
+
+#: param/loadparm.c:671
+msgid "smb passwd file"
+msgstr "smb passwd Datei"
+
+#: param/loadparm.c:672
+msgid "private dir"
+msgstr "Privates Verzeichnis"
+
+#: param/loadparm.c:673
+msgid "passdb module path"
+msgstr "Pfad passdb Modul"
+
+#: param/loadparm.c:674
+msgid "root directory"
+msgstr ""
+
+#: param/loadparm.c:675
+msgid "root dir"
+msgstr ""
+
+#: param/loadparm.c:676
+msgid "root"
+msgstr ""
+
+#: param/loadparm.c:678
+msgid "pam password change"
+msgstr "pam Passwortänderung"
+
+#: param/loadparm.c:679
+msgid "passwd program"
+msgstr ""
+
+#: param/loadparm.c:680
+msgid "passwd chat"
+msgstr ""
+
+#: param/loadparm.c:681
+msgid "passwd chat debug"
+msgstr ""
+
+#: param/loadparm.c:682
+msgid "username map"
+msgstr "username map"
+
+#: param/loadparm.c:683
+msgid "password level"
+msgstr "Stufe Passwort "
+
+#: param/loadparm.c:684
+msgid "username level"
+msgstr "Stufe Benutzer"
+
+#: param/loadparm.c:685
+msgid "unix password sync"
+msgstr "Synchronisiere unix Passwort "
+
+#: param/loadparm.c:686
+msgid "restrict anonymous"
+msgstr "Beschränke anonymus"
+
+#: param/loadparm.c:687
+msgid "lanman auth"
+msgstr ""
+
+#: param/loadparm.c:688
+msgid "ntlm auth"
+msgstr ""
+
+#: param/loadparm.c:689
+msgid "plaintext to smbpasswd"
+msgstr "plaintext to smbpasswd"
+
+#: param/loadparm.c:690
+msgid "use rhosts"
+msgstr "use rhosts"
+
+#: param/loadparm.c:692
+msgid "username"
+msgstr "Benutzername"
+
+#: param/loadparm.c:693
+msgid "user"
+msgstr "Benutzer"
+
+#: param/loadparm.c:694
+msgid "users"
+msgstr "Benutzer"
+
+#: param/loadparm.c:696
+msgid "guest account"
+msgstr "Gast Account"
+
+#: param/loadparm.c:697
+msgid "invalid users"
+msgstr "Ungültige Benutzer"
+
+#: param/loadparm.c:698
+msgid "valid users"
+msgstr "Gültige Benutzer"
+
+#: param/loadparm.c:699
+msgid "admin users"
+msgstr "Administratoren"
+
+#: param/loadparm.c:700
+msgid "read list"
+msgstr ""
+
+#: param/loadparm.c:701
+msgid "write list"
+msgstr ""
+
+#: param/loadparm.c:702
+msgid "printer admin"
+msgstr "Druckerverwalter"
+
+#: param/loadparm.c:703
+msgid "force user"
+msgstr ""
+
+#: param/loadparm.c:704
+msgid "force group"
+msgstr ""
+
+#: param/loadparm.c:705
+msgid "group"
+msgstr "Gruppe"
+
+#: param/loadparm.c:707
+msgid "read only"
+msgstr "nur lesen"
+
+#: param/loadparm.c:708
+msgid "write ok"
+msgstr "Schreiben zulassen"
+
+#: param/loadparm.c:709
+msgid "writeable"
+msgstr "Beschreibbar"
+
+#: param/loadparm.c:710
+msgid "writable"
+msgstr "Beschreibbar"
+
+#: param/loadparm.c:712
+msgid "create mask"
+msgstr "Erstellungsmaske"
+
+#: param/loadparm.c:713
+msgid "create mode"
+msgstr "Erstellungsmodus"
+
+#: param/loadparm.c:714
+msgid "force create mode"
+msgstr "Erzwinge Erstellungsmodus"
+
+#: param/loadparm.c:715
+msgid "security mask"
+msgstr ""
+
+#: param/loadparm.c:716
+msgid "force security mode"
+msgstr "Erzwinge Sicherheitsmodus"
+
+#: param/loadparm.c:717
+msgid "directory mask"
+msgstr "Verzeichnismaske"
+
+#: param/loadparm.c:718
+msgid "directory mode"
+msgstr "Verzeichnismodus"
+
+#: param/loadparm.c:719
+msgid "force directory mode"
+msgstr "Erzwinge Verzeichnismodus"
+
+#: param/loadparm.c:720
+msgid "directory security mask"
+msgstr "Verzeichnis Sicherheitsmaske"
+
+#: param/loadparm.c:721
+msgid "force directory security mode"
+msgstr "Erzwinge Verzeichnis Sicherheitsmodus"
+
+#: param/loadparm.c:722
+msgid "inherit permissions"
+msgstr "Vererbe Rechte"
+
+#: param/loadparm.c:723
+msgid "guest only"
+msgstr "nur Gäste"
+
+#: param/loadparm.c:724
+msgid "only guest"
+msgstr "nur Gäste"
+
+#: param/loadparm.c:726
+msgid "guest ok"
+msgstr "Gäste erlaubt"
+
+#: param/loadparm.c:727
+msgid "public"
+msgstr "Öffentlich"
+
+#: param/loadparm.c:729
+msgid "only user"
+msgstr "Nur Benutzer"
+
+#: param/loadparm.c:730
+msgid "hosts allow"
+msgstr "Erlaube hosts"
+
+#: param/loadparm.c:731
+msgid "allow hosts"
+msgstr "Erlaube hosts"
+
+#: param/loadparm.c:732
+msgid "hosts deny"
+msgstr "verbiete hosts"
+
+#: param/loadparm.c:733
+msgid "deny hosts"
+msgstr "verbiete hosts"
+
+#: param/loadparm.c:736
+msgid "Secure Socket Layer Options"
+msgstr "Secure Socket Layer Optionen"
+
+#: param/loadparm.c:737
+msgid "ssl"
+msgstr ""
+
+#: param/loadparm.c:739
+msgid "ssl hosts"
+msgstr ""
+
+#: param/loadparm.c:740
+msgid "ssl hosts resign"
+msgstr ""
+
+#: param/loadparm.c:741
+msgid "ssl CA certDir"
+msgstr ""
+
+#: param/loadparm.c:742
+msgid "ssl CA certFile"
+msgstr ""
+
+#: param/loadparm.c:743
+msgid "ssl server cert"
+msgstr ""
+
+#: param/loadparm.c:744
+msgid "ssl server key"
+msgstr ""
+
+#: param/loadparm.c:745
+msgid "ssl client cert"
+msgstr ""
+
+#: param/loadparm.c:746
+msgid "ssl client key"
+msgstr ""
+
+#: param/loadparm.c:747
+msgid "ssl require clientcert"
+msgstr "ssl bedarf eines Clientzertifikats"
+
+#: param/loadparm.c:748
+msgid "ssl require servercert"
+msgstr "ssl bedarf eines Serverzertifikats"
+
+#: param/loadparm.c:749
+msgid "ssl ciphers"
+msgstr ""
+
+#: param/loadparm.c:750
+msgid "ssl version"
+msgstr ""
+
+#: param/loadparm.c:751
+msgid "ssl compatibility"
+msgstr ""
+
+#: param/loadparm.c:754
+msgid "Logging Options"
+msgstr "Log Optionen"
+
+#: param/loadparm.c:755
+msgid "log level"
+msgstr "Log Stufe"
+
+#: param/loadparm.c:756
+msgid "debuglevel"
+msgstr "Debug Stufe"
+
+#: param/loadparm.c:757
+msgid "syslog"
+msgstr ""
+
+#: param/loadparm.c:758
+msgid "syslog only"
+msgstr "nur syslog"
+
+#: param/loadparm.c:759
+msgid "log file"
+msgstr "Log Datei"
+
+#: param/loadparm.c:761
+msgid "max log size"
+msgstr "max log Grösse"
+
+#: param/loadparm.c:762
+msgid "timestamp logs"
+msgstr ""
+
+#: param/loadparm.c:763
+msgid "debug timestamp"
+msgstr ""
+
+#: param/loadparm.c:764
+msgid "debug hires timestamp"
+msgstr ""
+
+#: param/loadparm.c:765
+msgid "debug pid"
+msgstr ""
+
+#: param/loadparm.c:766
+msgid "debug uid"
+msgstr ""
+
+#: param/loadparm.c:768
+msgid "Protocol Options"
+msgstr " Protokoll Optionen"
+
+#: param/loadparm.c:770
+msgid "protocol"
+msgstr "Protokoll"
+
+#: param/loadparm.c:771
+msgid "large readwrite"
+msgstr ""
+
+#: param/loadparm.c:772
+msgid "max protocol"
+msgstr "max Protokoll"
+
+#: param/loadparm.c:773
+msgid "min protocol"
+msgstr "min Protokoll"
+
+#: param/loadparm.c:774
+msgid "unicode"
+msgstr ""
+
+#: param/loadparm.c:775
+msgid "read bmpx"
+msgstr ""
+
+#: param/loadparm.c:776
+msgid "read raw"
+msgstr ""
+
+#: param/loadparm.c:777
+msgid "write raw"
+msgstr ""
+
+#: param/loadparm.c:779
+msgid "nt smb support"
+msgstr "nt smb Unterstützung"
+
+#: param/loadparm.c:780
+msgid "nt pipe support"
+msgstr "nt pipe Unterstützung"
+
+#: param/loadparm.c:781
+msgid "nt acl support"
+msgstr "ntacl Unterstützung"
+
+#: param/loadparm.c:782
+msgid "announce version"
+msgstr "Melde Version"
+
+#: param/loadparm.c:783
+msgid "announce as"
+msgstr "Melde als"
+
+#: param/loadparm.c:784
+msgid "max mux"
+msgstr ""
+
+#: param/loadparm.c:785
+msgid "max xmit"
+msgstr ""
+
+#: param/loadparm.c:787
+msgid "name resolve order"
+msgstr "Reihenfolge Namensauflösung"
+
+#: param/loadparm.c:788
+msgid "max packet"
+msgstr "max Paket"
+
+#: param/loadparm.c:789
+msgid "packet size"
+msgstr "Paketgröße"
+
+#: param/loadparm.c:790
+msgid "max ttl"
+msgstr ""
+
+#: param/loadparm.c:791
+msgid "max wins ttl"
+msgstr ""
+
+#: param/loadparm.c:792
+msgid "min wins ttl"
+msgstr "wins ttl minimo"
+
+#: param/loadparm.c:793
+msgid "time server"
+msgstr "Zeitserver"
+
+#: param/loadparm.c:795
+msgid "Tuning Options"
+msgstr "Optimierungsoptionen"
+
+#: param/loadparm.c:797
+msgid "change notify timeout"
+msgstr ""
+
+#: param/loadparm.c:798
+msgid "deadtime"
+msgstr ""
+
+#: param/loadparm.c:799
+msgid "getwd cache"
+msgstr ""
+
+#: param/loadparm.c:800
+msgid "keepalive"
+msgstr ""
+
+#: param/loadparm.c:802
+msgid "lpq cache time"
+msgstr ""
+
+#: param/loadparm.c:803
+msgid "max smbd processes"
+msgstr "Max Anzahl smbd Prozesse"
+
+#: param/loadparm.c:804
+msgid "max connections"
+msgstr "Max. Verbindungen"
+
+#: param/loadparm.c:805
+msgid "paranoid server security"
+msgstr "Paranoide Serversicherheit"
+
+#: param/loadparm.c:806
+msgid "max disk size"
+msgstr "Max. Festplattengröße"
+
+#: param/loadparm.c:807
+msgid "max open files"
+msgstr "max Anzahl offener Dateien"
+
+#: param/loadparm.c:808
+msgid "min print space"
+msgstr ""
+
+#: param/loadparm.c:809
+msgid "read size"
+msgstr ""
+
+#: param/loadparm.c:811
+msgid "socket options"
+msgstr "Socket Optionen"
+
+#: param/loadparm.c:812
+msgid "stat cache size"
+msgstr "Grösse stat cache"
+
+#: param/loadparm.c:813
+msgid "strict allocate"
+msgstr ""
+
+#: param/loadparm.c:814
+msgid "strict sync"
+msgstr ""
+
+#: param/loadparm.c:815
+msgid "sync always"
+msgstr ""
+
+#: param/loadparm.c:816
+msgid "use mmap"
+msgstr "verwende mmap"
+
+#: param/loadparm.c:817
+msgid "hostname lookups"
+msgstr ""
+
+#: param/loadparm.c:818
+msgid "write cache size"
+msgstr "größe Schreibpuffer"
+
+#: param/loadparm.c:820
+msgid "Printing Options"
+msgstr "Druckoptionen"
+
+#: param/loadparm.c:822
+msgid "total print jobs"
+msgstr "Druckaufträge insges."
+
+#: param/loadparm.c:823
+msgid "max print jobs"
+msgstr "Druckaufträge max."
+
+#: param/loadparm.c:824
+msgid "load printers"
+msgstr "lade Drucker"
+
+#: param/loadparm.c:825
+msgid "printcap name"
+msgstr "printcap name"
+
+#: param/loadparm.c:826
+msgid "printcap"
+msgstr ""
+
+#: param/loadparm.c:827
+msgid "printable"
+msgstr "Bedruckbar"
+
+#: param/loadparm.c:828
+msgid "print ok"
+msgstr "Druck ok"
+
+#: param/loadparm.c:829
+msgid "postscript"
+msgstr ""
+
+#: param/loadparm.c:830
+msgid "printing"
+msgstr "Druck"
+
+#: param/loadparm.c:831
+msgid "print command"
+msgstr "Druckbefehl"
+
+#: param/loadparm.c:832
+msgid "disable spoolss"
+msgstr "deaktiviere spoolss"
+
+#: param/loadparm.c:833
+msgid "lpq command"
+msgstr "lpq Befehl"
+
+#: param/loadparm.c:834
+msgid "lprm command"
+msgstr "lprm Befehl"
+
+#: param/loadparm.c:835
+msgid "lppause command"
+msgstr "lppause Befehl"
+
+#: param/loadparm.c:836
+msgid "lpresume command"
+msgstr "lpresume Befehl"
+
+#: param/loadparm.c:837
+msgid "queuepause command"
+msgstr "queuepause Befehl"
+
+#: param/loadparm.c:838
+msgid "queueresume command"
+msgstr "queueresume Befehl"
+
+#: param/loadparm.c:840
+msgid "enumports command"
+msgstr "enumports Befehl"
+
+#: param/loadparm.c:841
+msgid "addprinter command"
+msgstr "addprinter Befehl"
+
+#: param/loadparm.c:842
+msgid "deleteprinter command"
+msgstr "deleteprinter Befehl"
+
+#: param/loadparm.c:843
+msgid "show add printer wizard"
+msgstr "Zeige Wizzard zum hinzufügen von Druckern"
+
+#: param/loadparm.c:844
+msgid "os2 driver map"
+msgstr ""
+
+#: param/loadparm.c:846
+msgid "printer name"
+msgstr "Druckername"
+
+#: param/loadparm.c:847
+msgid "printer"
+msgstr "Drucker
+
+#: param/loadparm.c:848
+msgid "use client driver"
+msgstr "Verwende client Treiber"
+
+#: param/loadparm.c:849
+msgid "printer driver"
+msgstr "Druckertreiber"
+
+#: param/loadparm.c:850
+msgid "printer driver file"
+msgstr "Druckertreiber Datei"
+
+#: param/loadparm.c:851
+msgid "printer driver location"
+msgstr "Pfad Druckertreiber"
+
+#: param/loadparm.c:853
+msgid "Filename Handling"
+msgstr "Verwaltung Dateinamen"
+
+#: param/loadparm.c:854
+msgid "strip dot"
+msgstr "Entferne den Punkt"
+
+#: param/loadparm.c:856
+msgid "mangled stack"
+msgstr ""
+
+#: param/loadparm.c:857
+msgid "default case"
+msgstr ""
+
+#: param/loadparm.c:858
+msgid "case sensitive"
+msgstr ""
+
+#: param/loadparm.c:859
+msgid "casesignames"
+msgstr ""
+
+#: param/loadparm.c:860
+msgid "preserve case"
+msgstr ""
+
+#: param/loadparm.c:861
+msgid "short preserve case"
+msgstr ""
+
+#: param/loadparm.c:862
+msgid "mangle case"
+msgstr ""
+
+#: param/loadparm.c:863
+msgid "mangling char"
+msgstr ""
+
+#: param/loadparm.c:864
+msgid "hide dot files"
+msgstr ""
+
+#: param/loadparm.c:865
+msgid "hide unreadable"
+msgstr ""
+
+#: param/loadparm.c:866
+msgid "delete veto files"
+msgstr ""
+
+#: param/loadparm.c:867
+msgid "veto files"
+msgstr ""
+
+#: param/loadparm.c:868
+msgid "hide files"
+msgstr "Verstecke Dateien"
+
+#: param/loadparm.c:869
+msgid "veto oplock files"
+msgstr ""
+
+#: param/loadparm.c:870
+msgid "map system"
+msgstr ""
+
+#: param/loadparm.c:871
+msgid "map hidden"
+msgstr ""
+
+#: param/loadparm.c:872
+msgid "map archive"
+msgstr ""
+
+#: param/loadparm.c:873
+msgid "mangled names"
+msgstr ""
+
+#: param/loadparm.c:874
+msgid "mangled map"
+msgstr ""
+
+#: param/loadparm.c:875
+msgid "stat cache"
+msgstr ""
+
+#: param/loadparm.c:877
+msgid "Domain Options"
+msgstr "Domänen Optionen"
+
+#: param/loadparm.c:879
+msgid "domain admin group"
+msgstr "Gruppe Domänenadministratoren"
+
+#: param/loadparm.c:880
+msgid "domain guest group"
+msgstr "Domänen Gastgruppen"
+
+#: param/loadparm.c:883
+msgid "groupname map"
+msgstr ""
+
+#: param/loadparm.c:886
+msgid "machine password timeout"
+msgstr "Verfall Maschinenpasswort"
+
+#: param/loadparm.c:888
+msgid "Logon Options"
+msgstr "Login optionen"
+
+#: param/loadparm.c:890
+msgid "add user script"
+msgstr ""
+
+#: param/loadparm.c:891
+msgid "delete user script"
+msgstr ""
+
+#: param/loadparm.c:892
+msgid "add group script"
+msgstr ""
+
+#: param/loadparm.c:893
+msgid "delete group script"
+msgstr ""
+
+#: param/loadparm.c:894
+msgid "add user to group script"
+msgstr ""
+
+#: param/loadparm.c:895
+msgid "delete user from group script"
+msgstr ""
+
+#: param/loadparm.c:896
+msgid "add machine script"
+msgstr ""
+
+#: param/loadparm.c:897
+msgid "shutdown script"
+msgstr ""
+
+#: param/loadparm.c:898
+msgid "abort shutdown script"
+msgstr ""
+
+#: param/loadparm.c:900
+msgid "logon script"
+msgstr ""
+
+#: param/loadparm.c:901
+msgid "logon path"
+msgstr ""
+
+#: param/loadparm.c:902
+msgid "logon drive"
+msgstr ""
+
+#: param/loadparm.c:903
+msgid "logon home"
+msgstr ""
+
+#: param/loadparm.c:904
+msgid "domain logons"
+msgstr ""
+
+#: param/loadparm.c:906
+msgid "Browse Options"
+msgstr "Browsing Optionen"
+
+#: param/loadparm.c:908
+msgid "os level"
+msgstr "os Stufe"
+
+#: param/loadparm.c:909
+msgid "lm announce"
+msgstr ""
+
+#: param/loadparm.c:910
+msgid "lm interval"
+msgstr ""
+
+#: param/loadparm.c:911
+msgid "preferred master"
+msgstr "Bevorzugter master"
+
+#: param/loadparm.c:912
+msgid "prefered master"
+msgstr "Bevorzugter master"
+
+#: param/loadparm.c:913
+msgid "local master"
+msgstr "Lokaler master"
+
+#: param/loadparm.c:914
+msgid "domain master"
+msgstr "Domänen master"
+
+#: param/loadparm.c:915
+msgid "browse list"
+msgstr "browsing Liste"
+
+#: param/loadparm.c:916
+msgid "browseable"
+msgstr ""
+
+#: param/loadparm.c:917
+msgid "browsable"
+msgstr ""
+
+#: param/loadparm.c:918
+msgid "enhanced browsing"
+msgstr "Erweitertes browsing"
+
+#: param/loadparm.c:920
+msgid "WINS Options"
+msgstr "WINS Optionen"
+
+#: param/loadparm.c:921
+msgid "dns proxy"
+msgstr ""
+
+#: param/loadparm.c:922
+msgid "wins proxy"
+msgstr ""
+
+#: param/loadparm.c:924
+msgid "wins server"
+msgstr ""
+
+#: param/loadparm.c:925
+msgid "wins support"
+msgstr ""
+
+#: param/loadparm.c:926
+msgid "wins hook"
+msgstr ""
+
+#: param/loadparm.c:928
+msgid "Locking Options"
+msgstr "Locking Optionen"
+
+#: param/loadparm.c:930
+msgid "blocking locks"
+msgstr ""
+
+#: param/loadparm.c:931
+msgid "fake oplocks"
+msgstr ""
+
+#: param/loadparm.c:932
+msgid "kernel oplocks"
+msgstr ""
+
+#: param/loadparm.c:933
+msgid "locking"
+msgstr ""
+
+#: param/loadparm.c:935
+msgid "oplocks"
+msgstr ""
+
+#: param/loadparm.c:936
+msgid "level2 oplocks"
+msgstr ""
+
+#: param/loadparm.c:937
+msgid "oplock break wait time"
+msgstr ""
+
+#: param/loadparm.c:938
+msgid "oplock contention limit"
+msgstr ""
+
+#: param/loadparm.c:939
+msgid "posix locking"
+msgstr ""
+
+#: param/loadparm.c:940
+msgid "strict locking"
+msgstr ""
+
+#: param/loadparm.c:941
+msgid "share modes"
+msgstr ""
+
+#: param/loadparm.c:944
+msgid "Ldap Options"
+msgstr "LDAP Optionen"
+
+#: param/loadparm.c:946
+msgid "ldap server"
+msgstr ""
+
+#: param/loadparm.c:947
+msgid "ldap port"
+msgstr ""
+
+#: param/loadparm.c:948
+msgid "ldap suffix"
+msgstr ""
+
+#: param/loadparm.c:949
+msgid "ldap filter"
+msgstr ""
+
+#: param/loadparm.c:950
+msgid "ldap root"
+msgstr ""
+
+#: param/loadparm.c:951
+msgid "ldap root passwd"
+msgstr ""
+
+#: param/loadparm.c:954
+msgid "Miscellaneous Options"
+msgstr "Verschiedene Optionen"
+
+#: param/loadparm.c:955
+msgid "add share command"
+msgstr ""
+
+#: param/loadparm.c:956
+msgid "change share command"
+msgstr ""
+
+#: param/loadparm.c:957
+msgid "delete share command"
+msgstr ""
+
+#: param/loadparm.c:959
+msgid "config file"
+msgstr "Konfigurationsdatei"
+
+#: param/loadparm.c:960
+msgid "preload"
+msgstr "Lade im Voraus"
+
+#: param/loadparm.c:961
+msgid "auto services"
+msgstr ""
+
+#: param/loadparm.c:962
+msgid "lock dir"
+msgstr "Lock Verzeichnis"
+
+#: param/loadparm.c:963
+msgid "lock directory"
+msgstr "Lock Verzeichnis"
+
+#: param/loadparm.c:965
+msgid "utmp directory"
+msgstr "utmp Verzeichnis"
+
+#: param/loadparm.c:966
+msgid "wtmp directory"
+msgstr "wtmp Verzeichnis"
+
+#: param/loadparm.c:967
+msgid "utmp"
+msgstr ""
+
+#: param/loadparm.c:970
+msgid "default service"
+msgstr ""
+
+#: param/loadparm.c:971
+msgid "default"
+msgstr ""
+
+#: param/loadparm.c:972
+msgid "message command"
+msgstr "Message Befehl"
+
+#: param/loadparm.c:973
+msgid "dfree command"
+msgstr "dfree Befehl"
+
+#: param/loadparm.c:974
+msgid "remote announce"
+msgstr "remote announce"
+
+#: param/loadparm.c:975
+msgid "remote browse sync"
+msgstr ""
+
+#: param/loadparm.c:976
+msgid "socket address"
+msgstr ""
+
+#: param/loadparm.c:977
+msgid "homedir map"
+msgstr ""
+
+#: param/loadparm.c:978
+msgid "time offset"
+msgstr ""
+
+#: param/loadparm.c:979
+msgid "NIS homedir"
+msgstr ""
+
+#: param/loadparm.c:980
+msgid "-valid"
+msgstr ""
+
+#: param/loadparm.c:982
+msgid "copy"
+msgstr "Kopie"
+
+#: param/loadparm.c:983
+msgid "include"
+msgstr "include"
+
+#: param/loadparm.c:984
+msgid "exec"
+msgstr ""
+
+#: param/loadparm.c:985
+msgid "preexec"
+msgstr ""
+
+#: param/loadparm.c:987
+msgid "preexec close"
+msgstr ""
+
+#: param/loadparm.c:988
+msgid "postexec"
+msgstr ""
+
+#: param/loadparm.c:989
+msgid "root preexec"
+msgstr ""
+
+#: param/loadparm.c:990
+msgid "root preexec close"
+msgstr ""
+
+#: param/loadparm.c:991
+msgid "root postexec"
+msgstr ""
+
+#: param/loadparm.c:992
+msgid "available"
+msgstr "Verfügbar"
+
+#: param/loadparm.c:993
+msgid "volume"
+msgstr ""
+
+#: param/loadparm.c:994
+msgid "fstype"
+msgstr "Typ Dateisystem"
+
+#: param/loadparm.c:995
+msgid "set directory"
+msgstr ""
+
+#: param/loadparm.c:996
+msgid "source environment"
+msgstr ""
+
+#: param/loadparm.c:997
+msgid "wide links"
+msgstr ""
+
+#: param/loadparm.c:998
+msgid "follow symlinks"
+msgstr "Folge symlinks"
+
+#: param/loadparm.c:999
+msgid "dont descend"
+msgstr "nicht hinabsteigen"
+
+#: param/loadparm.c:1000
+msgid "magic script"
+msgstr ""
+
+#: param/loadparm.c:1001
+msgid "magic output"
+msgstr ""
+
+#: param/loadparm.c:1002
+msgid "delete readonly"
+msgstr "Lösche nur-lesen"
+
+#: param/loadparm.c:1003
+msgid "dos filemode"
+msgstr ""
+
+#: param/loadparm.c:1004
+msgid "dos filetimes"
+msgstr ""
+
+#: param/loadparm.c:1005
+msgid "dos filetime resolution"
+msgstr ""
+
+#: param/loadparm.c:1007
+msgid "fake directory create times"
+msgstr ""
+
+#: param/loadparm.c:1008
+msgid "panic action"
+msgstr ""
+
+#: param/loadparm.c:1009
+msgid "hide local users"
+msgstr "verstecke lokale Benutzer"
+
+#: param/loadparm.c:1012
+msgid "VFS options"
+msgstr "VFS Optionen"
+
+#: param/loadparm.c:1014
+msgid "vfs object"
+msgstr ""
+
+#: param/loadparm.c:1015
+msgid "vfs options"
+msgstr ""
+
+#: param/loadparm.c:1018
+msgid "msdfs root"
+msgstr ""
+
+#: param/loadparm.c:1019
+msgid "host msdfs"
+msgstr ""
+
+#: param/loadparm.c:1021
+msgid "Winbind options"
+msgstr "Winbind Optionen"
+
+#: param/loadparm.c:1023
+msgid "winbind uid"
+msgstr ""
+
+#: param/loadparm.c:1024
+msgid "winbind gid"
+msgstr ""
+
+#: param/loadparm.c:1025
+msgid "template homedir"
+msgstr ""
+
+#: param/loadparm.c:1026
+msgid "template shell"
+msgstr ""
+
+#: param/loadparm.c:1027
+msgid "winbind separator"
+msgstr ""
+
+#: param/loadparm.c:1028
+msgid "winbind cache time"
+msgstr ""
+
+#: param/loadparm.c:1029
+msgid "winbind enum users"
+msgstr ""
+
+#: param/loadparm.c:1030
+msgid "winbind enum groups"
+msgstr ""
diff --git a/source3/po/en.msg b/source3/po/en.msg
new file mode 100644
index 0000000000..2f78cb835e
--- /dev/null
+++ b/source3/po/en.msg
@@ -0,0 +1,1707 @@
+# English messages for international release of SWAT.
+# Copyright (C) 2001 Free Software Foundation, Inc.
+# TAKAHASHI Motonobu <monyo@samba.org>, 2001.
+msgid ""
+msgstr ""
+"Project-Id-Version: i18n_swat \n"
+"POT-Creation-Date: 2001-09-20 20:29+0900\n"
+"PO-Revision-Date: 2000-02-08 12:48+09:00\n"
+"Last-Translator: TAKAHASHI Motonobu <monyo@samba.gr.jp>\n"
+"Language-Team: (Samba Team) <samba-technical@samba.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=US-ASCII\n"
+"Content-Transfer-Encoding: \n"
+
+#: web/swat.c:120
+#, c-format
+msgid "ERROR: Can't open %s\n"
+msgstr ""
+
+#.
+#. str = stripspace(parm->label);
+#. strlower (str); //monyo
+#. d_printf("<tr><td><A HREF=\"/swat/help/smb.conf.5.html#%s\" target=\"docs\">%s</A>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; %s</td><td>",
+#. str, _("Help"), parm->label);
+#.
+#: web/swat.c:211
+msgid "Help"
+msgstr ""
+
+#: web/swat.c:217 web/swat.c:231 web/swat.c:246 web/swat.c:254 web/swat.c:263
+#: web/swat.c:272 web/swat.c:278 web/swat.c:284 web/swat.c:297
+msgid "Set Default"
+msgstr ""
+
+#: web/swat.c:502
+#, c-format
+msgid "Logged in as <b>%s</b><p>\n"
+msgstr ""
+
+#: web/swat.c:505
+msgid "Home"
+msgstr ""
+
+#: web/swat.c:507
+msgid "Globals"
+msgstr ""
+
+#: web/swat.c:508
+msgid "Shares"
+msgstr ""
+
+#: web/swat.c:509
+msgid "Printers"
+msgstr ""
+
+#: web/swat.c:512
+msgid "Status"
+msgstr ""
+
+#: web/swat.c:513
+msgid "View Config"
+msgstr ""
+
+#: web/swat.c:515
+msgid "Password Management"
+msgstr ""
+
+#: web/swat.c:539
+msgid "Current Config"
+msgstr ""
+
+#: web/swat.c:543
+msgid "Normal View"
+msgstr ""
+
+#: web/swat.c:545
+msgid "Full View"
+msgstr ""
+
+#: web/swat.c:561
+msgid "Global Variables"
+msgstr ""
+
+#: web/swat.c:575 web/swat.c:671 web/swat.c:1014
+msgid "Commit Changes"
+msgstr ""
+
+#: web/swat.c:579 web/swat.c:674 web/swat.c:1016
+msgid "Reset Values"
+msgstr ""
+
+#: web/swat.c:581 web/swat.c:676 web/swat.c:1018
+msgid "Advanced View"
+msgstr ""
+
+#: web/swat.c:583 web/swat.c:678 web/swat.c:1020
+msgid "Basic View"
+msgstr ""
+
+#: web/swat.c:613
+msgid "Share Parameters"
+msgstr ""
+
+#: web/swat.c:642
+msgid "Choose Share"
+msgstr ""
+
+#: web/swat.c:656
+msgid "Delete Share"
+msgstr ""
+
+#: web/swat.c:663
+msgid "Create Share"
+msgstr ""
+
+#: web/swat.c:708
+msgid "password change in demo mode rejected\n"
+msgstr ""
+
+#: web/swat.c:747
+msgid " Must specify \"User Name\" \n"
+msgstr ""
+
+#: web/swat.c:763
+msgid " Must specify \"Old Password\" \n"
+msgstr ""
+
+#: web/swat.c:769
+msgid " Must specify \"Remote Machine\" \n"
+msgstr ""
+
+#: web/swat.c:776
+msgid " Must specify \"New, and Re-typed Passwords\" \n"
+msgstr ""
+
+#: web/swat.c:782
+msgid " Re-typed password didn't match new password\n"
+msgstr ""
+
+#: web/swat.c:812
+#, c-format
+msgid " The passwd for '%s' has been changed. \n"
+msgstr ""
+
+#: web/swat.c:814
+#, c-format
+msgid " The passwd for '%s' has NOT been changed. \n"
+msgstr ""
+
+#: web/swat.c:838
+msgid "Server Password Management"
+msgstr ""
+
+#.
+#. * Create all the dialog boxes for data collection
+#.
+#: web/swat.c:847 web/swat.c:894
+msgid " User Name : "
+msgstr ""
+
+#: web/swat.c:850 web/swat.c:896
+msgid " Old Password : "
+msgstr ""
+
+#: web/swat.c:853 web/swat.c:898
+msgid " New Password : "
+msgstr ""
+
+#: web/swat.c:855 web/swat.c:900
+msgid " Re-type New Password : "
+msgstr ""
+
+#: web/swat.c:863 web/swat.c:911
+msgid "Change Password"
+msgstr ""
+
+#: web/swat.c:866
+msgid "Add New User"
+msgstr ""
+
+#: web/swat.c:868
+msgid "Delete User"
+msgstr ""
+
+#: web/swat.c:870
+msgid "Disable User"
+msgstr ""
+
+#: web/swat.c:872
+msgid "Enable User"
+msgstr ""
+
+#: web/swat.c:885
+msgid "Client/Server Password Management"
+msgstr ""
+
+#: web/swat.c:902
+msgid " Remote Machine : "
+msgstr ""
+
+#: web/swat.c:940
+msgid "Printer Parameters"
+msgstr ""
+
+#: web/swat.c:942
+msgid "Important Note:"
+msgstr ""
+
+#: web/swat.c:943
+msgid "Printer names marked with [*] in the Choose Printer drop-down box "
+msgstr ""
+
+#: web/swat.c:944
+msgid "are autoloaded printers from "
+msgstr ""
+
+#: web/swat.c:945
+msgid "Printcap Name"
+msgstr ""
+
+#: web/swat.c:946
+msgid "Attempting to delete these printers from SWAT will have no effect.\n"
+msgstr ""
+
+#: web/swat.c:980
+msgid "Choose Printer"
+msgstr ""
+
+#: web/swat.c:999
+msgid "Delete Printer"
+msgstr ""
+
+#: web/swat.c:1006
+msgid "Create Printer"
+msgstr ""
+
+#: web/statuspage.c:40
+msgid "DENY_NONE"
+msgstr ""
+
+#: web/statuspage.c:41
+msgid "DENY_ALL   "
+msgstr ""
+
+#: web/statuspage.c:42
+msgid "DENY_DOS   "
+msgstr ""
+
+#: web/statuspage.c:43
+msgid "DENY_READ  "
+msgstr ""
+
+#: web/statuspage.c:44
+msgid "DENY_WRITE "
+msgstr ""
+
+#: web/statuspage.c:50
+msgid "RDONLY     "
+msgstr ""
+
+#: web/statuspage.c:51
+msgid "WRONLY     "
+msgstr ""
+
+#: web/statuspage.c:52
+msgid "RDWR       "
+msgstr ""
+
+#: web/statuspage.c:60
+msgid "EXCLUSIVE+BATCH "
+msgstr ""
+
+#: web/statuspage.c:62
+msgid "EXCLUSIVE       "
+msgstr ""
+
+#: web/statuspage.c:64
+msgid "BATCH           "
+msgstr ""
+
+#: web/statuspage.c:66
+msgid "LEVEL_II        "
+msgstr ""
+
+#: web/statuspage.c:68
+msgid "NONE            "
+msgstr ""
+
+#: web/statuspage.c:195
+msgid "Server Status"
+msgstr ""
+
+#: web/statuspage.c:200
+msgid "Auto Refresh"
+msgstr ""
+
+#: web/statuspage.c:201 web/statuspage.c:206
+msgid "Refresh Interval: "
+msgstr ""
+
+#: web/statuspage.c:205
+msgid "Stop Refreshing"
+msgstr ""
+
+#: web/statuspage.c:220
+msgid "version:"
+msgstr ""
+
+#: web/statuspage.c:223
+msgid "smbd:"
+msgstr ""
+
+#: web/statuspage.c:223 web/statuspage.c:235
+msgid "running"
+msgstr ""
+
+#: web/statuspage.c:223 web/statuspage.c:235
+msgid "not running"
+msgstr ""
+
+#: web/statuspage.c:226
+msgid "Stop smbd"
+msgstr ""
+
+#: web/statuspage.c:228
+msgid "Start smbd"
+msgstr ""
+
+#: web/statuspage.c:230
+msgid "Restart smbd"
+msgstr ""
+
+#: web/statuspage.c:235
+msgid "nmbd:"
+msgstr ""
+
+#: web/statuspage.c:238
+msgid "Stop nmbd"
+msgstr ""
+
+#: web/statuspage.c:240
+msgid "Start nmbd"
+msgstr ""
+
+#: web/statuspage.c:242
+msgid "Restart nmbd"
+msgstr ""
+
+#: web/statuspage.c:249
+msgid "Active Connections"
+msgstr ""
+
+#: web/statuspage.c:251 web/statuspage.c:264 web/statuspage.c:272
+msgid "PID"
+msgstr ""
+
+#: web/statuspage.c:251 web/statuspage.c:264
+msgid "Client"
+msgstr ""
+
+#: web/statuspage.c:251
+msgid "IP address"
+msgstr ""
+
+#: web/statuspage.c:251 web/statuspage.c:264 web/statuspage.c:272
+msgid "Date"
+msgstr ""
+
+#: web/statuspage.c:253
+msgid "Kill"
+msgstr ""
+
+#: web/statuspage.c:261
+msgid "Active Shares"
+msgstr ""
+
+#: web/statuspage.c:264
+msgid "Share"
+msgstr ""
+
+#: web/statuspage.c:264
+msgid "User"
+msgstr ""
+
+#: web/statuspage.c:264
+msgid "Group"
+msgstr ""
+
+#: web/statuspage.c:270
+msgid "Open Files"
+msgstr ""
+
+#: web/statuspage.c:272
+msgid "Sharing"
+msgstr ""
+
+#: web/statuspage.c:272
+msgid "R/W"
+msgstr ""
+
+#: web/statuspage.c:272
+msgid "Oplock"
+msgstr ""
+
+#: web/statuspage.c:272
+msgid "File"
+msgstr ""
+
+#: param/loadparm.c:641
+msgid "Base Options"
+msgstr ""
+
+#: param/loadparm.c:643
+msgid "dos charset"
+msgstr ""
+
+#: param/loadparm.c:644
+msgid "unix charset"
+msgstr ""
+
+#: param/loadparm.c:645
+msgid "display charset"
+msgstr ""
+
+#: param/loadparm.c:646
+msgid "comment"
+msgstr ""
+
+#: param/loadparm.c:647
+msgid "path"
+msgstr ""
+
+#: param/loadparm.c:648
+msgid "directory"
+msgstr ""
+
+#: param/loadparm.c:649
+msgid "workgroup"
+msgstr ""
+
+#: param/loadparm.c:650
+msgid "netbios name"
+msgstr ""
+
+#: param/loadparm.c:651
+msgid "netbios aliases"
+msgstr ""
+
+#: param/loadparm.c:652
+msgid "netbios scope"
+msgstr ""
+
+#: param/loadparm.c:653
+msgid "server string"
+msgstr ""
+
+#: param/loadparm.c:654
+msgid "interfaces"
+msgstr ""
+
+#: param/loadparm.c:655
+msgid "bind interfaces only"
+msgstr ""
+
+#: param/loadparm.c:657
+msgid "Security Options"
+msgstr ""
+
+#: param/loadparm.c:659
+msgid "security"
+msgstr ""
+
+#: param/loadparm.c:660
+msgid "encrypt passwords"
+msgstr ""
+
+#: param/loadparm.c:661
+msgid "update encrypted"
+msgstr ""
+
+#: param/loadparm.c:662
+msgid "allow trusted domains"
+msgstr ""
+
+#: param/loadparm.c:663
+msgid "alternate permissions"
+msgstr ""
+
+#: param/loadparm.c:664
+msgid "hosts equiv"
+msgstr ""
+
+#: param/loadparm.c:665
+msgid "min passwd length"
+msgstr ""
+
+#: param/loadparm.c:666
+msgid "min password length"
+msgstr ""
+
+#: param/loadparm.c:667
+msgid "map to guest"
+msgstr ""
+
+#: param/loadparm.c:668
+msgid "null passwords"
+msgstr ""
+
+#: param/loadparm.c:669
+msgid "obey pam restrictions"
+msgstr ""
+
+#: param/loadparm.c:670
+msgid "password server"
+msgstr ""
+
+#: param/loadparm.c:671
+msgid "smb passwd file"
+msgstr ""
+
+#: param/loadparm.c:672
+msgid "private dir"
+msgstr ""
+
+#: param/loadparm.c:673
+msgid "passdb module path"
+msgstr ""
+
+#: param/loadparm.c:674
+msgid "root directory"
+msgstr ""
+
+#: param/loadparm.c:675
+msgid "root dir"
+msgstr ""
+
+#: param/loadparm.c:676
+msgid "root"
+msgstr ""
+
+#: param/loadparm.c:678
+msgid "pam password change"
+msgstr ""
+
+#: param/loadparm.c:679
+msgid "passwd program"
+msgstr ""
+
+#: param/loadparm.c:680
+msgid "passwd chat"
+msgstr ""
+
+#: param/loadparm.c:681
+msgid "passwd chat debug"
+msgstr ""
+
+#: param/loadparm.c:682
+msgid "username map"
+msgstr ""
+
+#: param/loadparm.c:683
+msgid "password level"
+msgstr ""
+
+#: param/loadparm.c:684
+msgid "username level"
+msgstr ""
+
+#: param/loadparm.c:685
+msgid "unix password sync"
+msgstr ""
+
+#: param/loadparm.c:686
+msgid "restrict anonymous"
+msgstr ""
+
+#: param/loadparm.c:687
+msgid "lanman auth"
+msgstr ""
+
+#: param/loadparm.c:688
+msgid "ntlm auth"
+msgstr ""
+
+#: param/loadparm.c:689
+msgid "plaintext to smbpasswd"
+msgstr ""
+
+#: param/loadparm.c:690
+msgid "use rhosts"
+msgstr ""
+
+#: param/loadparm.c:692
+msgid "username"
+msgstr ""
+
+#: param/loadparm.c:693
+msgid "user"
+msgstr ""
+
+#: param/loadparm.c:694
+msgid "users"
+msgstr ""
+
+#: param/loadparm.c:696
+msgid "guest account"
+msgstr ""
+
+#: param/loadparm.c:697
+msgid "invalid users"
+msgstr ""
+
+#: param/loadparm.c:698
+msgid "valid users"
+msgstr ""
+
+#: param/loadparm.c:699
+msgid "admin users"
+msgstr ""
+
+#: param/loadparm.c:700
+msgid "read list"
+msgstr ""
+
+#: param/loadparm.c:701
+msgid "write list"
+msgstr ""
+
+#: param/loadparm.c:702
+msgid "printer admin"
+msgstr ""
+
+#: param/loadparm.c:703
+msgid "force user"
+msgstr ""
+
+#: param/loadparm.c:704
+msgid "force group"
+msgstr ""
+
+#: param/loadparm.c:705
+msgid "group"
+msgstr ""
+
+#: param/loadparm.c:707
+msgid "read only"
+msgstr ""
+
+#: param/loadparm.c:708
+msgid "write ok"
+msgstr ""
+
+#: param/loadparm.c:709
+msgid "writeable"
+msgstr ""
+
+#: param/loadparm.c:710
+msgid "writable"
+msgstr ""
+
+#: param/loadparm.c:712
+msgid "create mask"
+msgstr ""
+
+#: param/loadparm.c:713
+msgid "create mode"
+msgstr ""
+
+#: param/loadparm.c:714
+msgid "force create mode"
+msgstr ""
+
+#: param/loadparm.c:715
+msgid "security mask"
+msgstr ""
+
+#: param/loadparm.c:716
+msgid "force security mode"
+msgstr ""
+
+#: param/loadparm.c:717
+msgid "directory mask"
+msgstr ""
+
+#: param/loadparm.c:718
+msgid "directory mode"
+msgstr ""
+
+#: param/loadparm.c:719
+msgid "force directory mode"
+msgstr ""
+
+#: param/loadparm.c:720
+msgid "directory security mask"
+msgstr ""
+
+#: param/loadparm.c:721
+msgid "force directory security mode"
+msgstr ""
+
+#: param/loadparm.c:722
+msgid "inherit permissions"
+msgstr ""
+
+#: param/loadparm.c:723
+msgid "guest only"
+msgstr ""
+
+#: param/loadparm.c:724
+msgid "only guest"
+msgstr ""
+
+#: param/loadparm.c:726
+msgid "guest ok"
+msgstr ""
+
+#: param/loadparm.c:727
+msgid "public"
+msgstr ""
+
+#: param/loadparm.c:729
+msgid "only user"
+msgstr ""
+
+#: param/loadparm.c:730
+msgid "hosts allow"
+msgstr ""
+
+#: param/loadparm.c:731
+msgid "allow hosts"
+msgstr ""
+
+#: param/loadparm.c:732
+msgid "hosts deny"
+msgstr ""
+
+#: param/loadparm.c:733
+msgid "deny hosts"
+msgstr ""
+
+#: param/loadparm.c:736
+msgid "Secure Socket Layer Options"
+msgstr ""
+
+#: param/loadparm.c:737
+msgid "ssl"
+msgstr ""
+
+#: param/loadparm.c:739
+msgid "ssl hosts"
+msgstr ""
+
+#: param/loadparm.c:740
+msgid "ssl hosts resign"
+msgstr ""
+
+#: param/loadparm.c:741
+msgid "ssl CA certDir"
+msgstr ""
+
+#: param/loadparm.c:742
+msgid "ssl CA certFile"
+msgstr ""
+
+#: param/loadparm.c:743
+msgid "ssl server cert"
+msgstr ""
+
+#: param/loadparm.c:744
+msgid "ssl server key"
+msgstr ""
+
+#: param/loadparm.c:745
+msgid "ssl client cert"
+msgstr ""
+
+#: param/loadparm.c:746
+msgid "ssl client key"
+msgstr ""
+
+#: param/loadparm.c:747
+msgid "ssl require clientcert"
+msgstr ""
+
+#: param/loadparm.c:748
+msgid "ssl require servercert"
+msgstr ""
+
+#: param/loadparm.c:749
+msgid "ssl ciphers"
+msgstr ""
+
+#: param/loadparm.c:750
+msgid "ssl version"
+msgstr ""
+
+#: param/loadparm.c:751
+msgid "ssl compatibility"
+msgstr ""
+
+#: param/loadparm.c:754
+msgid "Logging Options"
+msgstr ""
+
+#: param/loadparm.c:755
+msgid "log level"
+msgstr ""
+
+#: param/loadparm.c:756
+msgid "debuglevel"
+msgstr ""
+
+#: param/loadparm.c:757
+msgid "syslog"
+msgstr ""
+
+#: param/loadparm.c:758
+msgid "syslog only"
+msgstr ""
+
+#: param/loadparm.c:759
+msgid "log file"
+msgstr ""
+
+#: param/loadparm.c:761
+msgid "max log size"
+msgstr ""
+
+#: param/loadparm.c:762
+msgid "timestamp logs"
+msgstr ""
+
+#: param/loadparm.c:763
+msgid "debug timestamp"
+msgstr ""
+
+#: param/loadparm.c:764
+msgid "debug hires timestamp"
+msgstr ""
+
+#: param/loadparm.c:765
+msgid "debug pid"
+msgstr ""
+
+#: param/loadparm.c:766
+msgid "debug uid"
+msgstr ""
+
+#: param/loadparm.c:768
+msgid "Protocol Options"
+msgstr ""
+
+#: param/loadparm.c:770
+msgid "protocol"
+msgstr ""
+
+#: param/loadparm.c:771
+msgid "large readwrite"
+msgstr ""
+
+#: param/loadparm.c:772
+msgid "max protocol"
+msgstr ""
+
+#: param/loadparm.c:773
+msgid "min protocol"
+msgstr ""
+
+#: param/loadparm.c:774
+msgid "unicode"
+msgstr ""
+
+#: param/loadparm.c:775
+msgid "read bmpx"
+msgstr ""
+
+#: param/loadparm.c:776
+msgid "read raw"
+msgstr ""
+
+#: param/loadparm.c:777
+msgid "write raw"
+msgstr ""
+
+#: param/loadparm.c:779
+msgid "nt smb support"
+msgstr ""
+
+#: param/loadparm.c:780
+msgid "nt pipe support"
+msgstr ""
+
+#: param/loadparm.c:781
+msgid "nt acl support"
+msgstr ""
+
+#: param/loadparm.c:782
+msgid "announce version"
+msgstr ""
+
+#: param/loadparm.c:783
+msgid "announce as"
+msgstr ""
+
+#: param/loadparm.c:784
+msgid "max mux"
+msgstr ""
+
+#: param/loadparm.c:785
+msgid "max xmit"
+msgstr ""
+
+#: param/loadparm.c:787
+msgid "name resolve order"
+msgstr ""
+
+#: param/loadparm.c:788
+msgid "max packet"
+msgstr ""
+
+#: param/loadparm.c:789
+msgid "packet size"
+msgstr ""
+
+#: param/loadparm.c:790
+msgid "max ttl"
+msgstr ""
+
+#: param/loadparm.c:791
+msgid "max wins ttl"
+msgstr ""
+
+#: param/loadparm.c:792
+msgid "min wins ttl"
+msgstr ""
+
+#: param/loadparm.c:793
+msgid "time server"
+msgstr ""
+
+#: param/loadparm.c:795
+msgid "Tuning Options"
+msgstr ""
+
+#: param/loadparm.c:797
+msgid "change notify timeout"
+msgstr ""
+
+#: param/loadparm.c:798
+msgid "deadtime"
+msgstr ""
+
+#: param/loadparm.c:799
+msgid "getwd cache"
+msgstr ""
+
+#: param/loadparm.c:800
+msgid "keepalive"
+msgstr ""
+
+#: param/loadparm.c:802
+msgid "lpq cache time"
+msgstr ""
+
+#: param/loadparm.c:803
+msgid "max smbd processes"
+msgstr ""
+
+#: param/loadparm.c:804
+msgid "max connections"
+msgstr ""
+
+#: param/loadparm.c:805
+msgid "paranoid server security"
+msgstr ""
+
+#: param/loadparm.c:806
+msgid "max disk size"
+msgstr ""
+
+#: param/loadparm.c:807
+msgid "max open files"
+msgstr ""
+
+#: param/loadparm.c:808
+msgid "min print space"
+msgstr ""
+
+#: param/loadparm.c:809
+msgid "read size"
+msgstr ""
+
+#: param/loadparm.c:811
+msgid "socket options"
+msgstr ""
+
+#: param/loadparm.c:812
+msgid "stat cache size"
+msgstr ""
+
+#: param/loadparm.c:813
+msgid "strict allocate"
+msgstr ""
+
+#: param/loadparm.c:814
+msgid "strict sync"
+msgstr ""
+
+#: param/loadparm.c:815
+msgid "sync always"
+msgstr ""
+
+#: param/loadparm.c:816
+msgid "use mmap"
+msgstr ""
+
+#: param/loadparm.c:817
+msgid "hostname lookups"
+msgstr ""
+
+#: param/loadparm.c:818
+msgid "write cache size"
+msgstr ""
+
+#: param/loadparm.c:820
+msgid "Printing Options"
+msgstr ""
+
+#: param/loadparm.c:822
+msgid "total print jobs"
+msgstr ""
+
+#: param/loadparm.c:823
+msgid "max print jobs"
+msgstr ""
+
+#: param/loadparm.c:824
+msgid "load printers"
+msgstr ""
+
+#: param/loadparm.c:825
+msgid "printcap name"
+msgstr ""
+
+#: param/loadparm.c:826
+msgid "printcap"
+msgstr ""
+
+#: param/loadparm.c:827
+msgid "printable"
+msgstr ""
+
+#: param/loadparm.c:828
+msgid "print ok"
+msgstr ""
+
+#: param/loadparm.c:829
+msgid "postscript"
+msgstr ""
+
+#: param/loadparm.c:830
+msgid "printing"
+msgstr ""
+
+#: param/loadparm.c:831
+msgid "print command"
+msgstr ""
+
+#: param/loadparm.c:832
+msgid "disable spoolss"
+msgstr ""
+
+#: param/loadparm.c:833
+msgid "lpq command"
+msgstr ""
+
+#: param/loadparm.c:834
+msgid "lprm command"
+msgstr ""
+
+#: param/loadparm.c:835
+msgid "lppause command"
+msgstr ""
+
+#: param/loadparm.c:836
+msgid "lpresume command"
+msgstr ""
+
+#: param/loadparm.c:837
+msgid "queuepause command"
+msgstr ""
+
+#: param/loadparm.c:838
+msgid "queueresume command"
+msgstr ""
+
+#: param/loadparm.c:840
+msgid "enumports command"
+msgstr ""
+
+#: param/loadparm.c:841
+msgid "addprinter command"
+msgstr ""
+
+#: param/loadparm.c:842
+msgid "deleteprinter command"
+msgstr ""
+
+#: param/loadparm.c:843
+msgid "show add printer wizard"
+msgstr ""
+
+#: param/loadparm.c:844
+msgid "os2 driver map"
+msgstr ""
+
+#: param/loadparm.c:846
+msgid "printer name"
+msgstr ""
+
+#: param/loadparm.c:847
+msgid "printer"
+msgstr ""
+
+#: param/loadparm.c:848
+msgid "use client driver"
+msgstr ""
+
+#: param/loadparm.c:849
+msgid "printer driver"
+msgstr ""
+
+#: param/loadparm.c:850
+msgid "printer driver file"
+msgstr ""
+
+#: param/loadparm.c:851
+msgid "printer driver location"
+msgstr ""
+
+#: param/loadparm.c:853
+msgid "Filename Handling"
+msgstr ""
+
+#: param/loadparm.c:854
+msgid "strip dot"
+msgstr ""
+
+#: param/loadparm.c:856
+msgid "mangled stack"
+msgstr ""
+
+#: param/loadparm.c:857
+msgid "default case"
+msgstr ""
+
+#: param/loadparm.c:858
+msgid "case sensitive"
+msgstr ""
+
+#: param/loadparm.c:859
+msgid "casesignames"
+msgstr ""
+
+#: param/loadparm.c:860
+msgid "preserve case"
+msgstr ""
+
+#: param/loadparm.c:861
+msgid "short preserve case"
+msgstr ""
+
+#: param/loadparm.c:862
+msgid "mangle case"
+msgstr ""
+
+#: param/loadparm.c:863
+msgid "mangling char"
+msgstr ""
+
+#: param/loadparm.c:864
+msgid "hide dot files"
+msgstr ""
+
+#: param/loadparm.c:865
+msgid "hide unreadable"
+msgstr ""
+
+#: param/loadparm.c:866
+msgid "delete veto files"
+msgstr ""
+
+#: param/loadparm.c:867
+msgid "veto files"
+msgstr ""
+
+#: param/loadparm.c:868
+msgid "hide files"
+msgstr ""
+
+#: param/loadparm.c:869
+msgid "veto oplock files"
+msgstr ""
+
+#: param/loadparm.c:870
+msgid "map system"
+msgstr ""
+
+#: param/loadparm.c:871
+msgid "map hidden"
+msgstr ""
+
+#: param/loadparm.c:872
+msgid "map archive"
+msgstr ""
+
+#: param/loadparm.c:873
+msgid "mangled names"
+msgstr ""
+
+#: param/loadparm.c:874
+msgid "mangled map"
+msgstr ""
+
+#: param/loadparm.c:875
+msgid "stat cache"
+msgstr ""
+
+#: param/loadparm.c:877
+msgid "Domain Options"
+msgstr ""
+
+#: param/loadparm.c:879
+msgid "domain admin group"
+msgstr ""
+
+#: param/loadparm.c:880
+msgid "domain guest group"
+msgstr ""
+
+#: param/loadparm.c:883
+msgid "groupname map"
+msgstr ""
+
+#: param/loadparm.c:886
+msgid "machine password timeout"
+msgstr ""
+
+#: param/loadparm.c:888
+msgid "Logon Options"
+msgstr ""
+
+#: param/loadparm.c:890
+msgid "add user script"
+msgstr ""
+
+#: param/loadparm.c:891
+msgid "delete user script"
+msgstr ""
+
+#: param/loadparm.c:892
+msgid "add group script"
+msgstr ""
+
+#: param/loadparm.c:893
+msgid "delete group script"
+msgstr ""
+
+#: param/loadparm.c:894
+msgid "add user to group script"
+msgstr ""
+
+#: param/loadparm.c:895
+msgid "delete user from group script"
+msgstr ""
+
+#: param/loadparm.c:896
+msgid "add machine script"
+msgstr ""
+
+#: param/loadparm.c:897
+msgid "shutdown script"
+msgstr ""
+
+#: param/loadparm.c:898
+msgid "abort shutdown script"
+msgstr ""
+
+#: param/loadparm.c:900
+msgid "logon script"
+msgstr ""
+
+#: param/loadparm.c:901
+msgid "logon path"
+msgstr ""
+
+#: param/loadparm.c:902
+msgid "logon drive"
+msgstr ""
+
+#: param/loadparm.c:903
+msgid "logon home"
+msgstr ""
+
+#: param/loadparm.c:904
+msgid "domain logons"
+msgstr ""
+
+#: param/loadparm.c:906
+msgid "Browse Options"
+msgstr ""
+
+#: param/loadparm.c:908
+msgid "os level"
+msgstr ""
+
+#: param/loadparm.c:909
+msgid "lm announce"
+msgstr ""
+
+#: param/loadparm.c:910
+msgid "lm interval"
+msgstr ""
+
+#: param/loadparm.c:911
+msgid "preferred master"
+msgstr ""
+
+#: param/loadparm.c:912
+msgid "prefered master"
+msgstr ""
+
+#: param/loadparm.c:913
+msgid "local master"
+msgstr ""
+
+#: param/loadparm.c:914
+msgid "domain master"
+msgstr ""
+
+#: param/loadparm.c:915
+msgid "browse list"
+msgstr ""
+
+#: param/loadparm.c:916
+msgid "browseable"
+msgstr ""
+
+#: param/loadparm.c:917
+msgid "browsable"
+msgstr ""
+
+#: param/loadparm.c:918
+msgid "enhanced browsing"
+msgstr ""
+
+#: param/loadparm.c:920
+msgid "WINS Options"
+msgstr ""
+
+#: param/loadparm.c:921
+msgid "dns proxy"
+msgstr ""
+
+#: param/loadparm.c:922
+msgid "wins proxy"
+msgstr ""
+
+#: param/loadparm.c:924
+msgid "wins server"
+msgstr ""
+
+#: param/loadparm.c:925
+msgid "wins support"
+msgstr ""
+
+#: param/loadparm.c:926
+msgid "wins hook"
+msgstr ""
+
+#: param/loadparm.c:928
+msgid "Locking Options"
+msgstr ""
+
+#: param/loadparm.c:930
+msgid "blocking locks"
+msgstr ""
+
+#: param/loadparm.c:931
+msgid "fake oplocks"
+msgstr ""
+
+#: param/loadparm.c:932
+msgid "kernel oplocks"
+msgstr ""
+
+#: param/loadparm.c:933
+msgid "locking"
+msgstr ""
+
+#: param/loadparm.c:935
+msgid "oplocks"
+msgstr ""
+
+#: param/loadparm.c:936
+msgid "level2 oplocks"
+msgstr ""
+
+#: param/loadparm.c:937
+msgid "oplock break wait time"
+msgstr ""
+
+#: param/loadparm.c:938
+msgid "oplock contention limit"
+msgstr ""
+
+#: param/loadparm.c:939
+msgid "posix locking"
+msgstr ""
+
+#: param/loadparm.c:940
+msgid "strict locking"
+msgstr ""
+
+#: param/loadparm.c:941
+msgid "share modes"
+msgstr ""
+
+#: param/loadparm.c:944
+msgid "Ldap Options"
+msgstr ""
+
+#: param/loadparm.c:946
+msgid "ldap server"
+msgstr ""
+
+#: param/loadparm.c:947
+msgid "ldap port"
+msgstr ""
+
+#: param/loadparm.c:948
+msgid "ldap suffix"
+msgstr ""
+
+#: param/loadparm.c:949
+msgid "ldap filter"
+msgstr ""
+
+#: param/loadparm.c:950
+msgid "ldap root"
+msgstr ""
+
+#: param/loadparm.c:951
+msgid "ldap root passwd"
+msgstr ""
+
+#: param/loadparm.c:954
+msgid "Miscellaneous Options"
+msgstr ""
+
+#: param/loadparm.c:955
+msgid "add share command"
+msgstr ""
+
+#: param/loadparm.c:956
+msgid "change share command"
+msgstr ""
+
+#: param/loadparm.c:957
+msgid "delete share command"
+msgstr ""
+
+#: param/loadparm.c:959
+msgid "config file"
+msgstr ""
+
+#: param/loadparm.c:960
+msgid "preload"
+msgstr ""
+
+#: param/loadparm.c:961
+msgid "auto services"
+msgstr ""
+
+#: param/loadparm.c:962
+msgid "lock dir"
+msgstr ""
+
+#: param/loadparm.c:963
+msgid "lock directory"
+msgstr ""
+
+#: param/loadparm.c:965
+msgid "utmp directory"
+msgstr ""
+
+#: param/loadparm.c:966
+msgid "wtmp directory"
+msgstr ""
+
+#: param/loadparm.c:967
+msgid "utmp"
+msgstr ""
+
+#: param/loadparm.c:970
+msgid "default service"
+msgstr ""
+
+#: param/loadparm.c:971
+msgid "default"
+msgstr ""
+
+#: param/loadparm.c:972
+msgid "message command"
+msgstr ""
+
+#: param/loadparm.c:973
+msgid "dfree command"
+msgstr ""
+
+#: param/loadparm.c:974
+msgid "remote announce"
+msgstr ""
+
+#: param/loadparm.c:975
+msgid "remote browse sync"
+msgstr ""
+
+#: param/loadparm.c:976
+msgid "socket address"
+msgstr ""
+
+#: param/loadparm.c:977
+msgid "homedir map"
+msgstr ""
+
+#: param/loadparm.c:978
+msgid "time offset"
+msgstr ""
+
+#: param/loadparm.c:979
+msgid "NIS homedir"
+msgstr ""
+
+#: param/loadparm.c:980
+msgid "-valid"
+msgstr ""
+
+#: param/loadparm.c:982
+msgid "copy"
+msgstr ""
+
+#: param/loadparm.c:983
+msgid "include"
+msgstr ""
+
+#: param/loadparm.c:984
+msgid "exec"
+msgstr ""
+
+#: param/loadparm.c:985
+msgid "preexec"
+msgstr ""
+
+#: param/loadparm.c:987
+msgid "preexec close"
+msgstr ""
+
+#: param/loadparm.c:988
+msgid "postexec"
+msgstr ""
+
+#: param/loadparm.c:989
+msgid "root preexec"
+msgstr ""
+
+#: param/loadparm.c:990
+msgid "root preexec close"
+msgstr ""
+
+#: param/loadparm.c:991
+msgid "root postexec"
+msgstr ""
+
+#: param/loadparm.c:992
+msgid "available"
+msgstr ""
+
+#: param/loadparm.c:993
+msgid "volume"
+msgstr ""
+
+#: param/loadparm.c:994
+msgid "fstype"
+msgstr ""
+
+#: param/loadparm.c:995
+msgid "set directory"
+msgstr ""
+
+#: param/loadparm.c:996
+msgid "source environment"
+msgstr ""
+
+#: param/loadparm.c:997
+msgid "wide links"
+msgstr ""
+
+#: param/loadparm.c:998
+msgid "follow symlinks"
+msgstr ""
+
+#: param/loadparm.c:999
+msgid "dont descend"
+msgstr ""
+
+#: param/loadparm.c:1000
+msgid "magic script"
+msgstr ""
+
+#: param/loadparm.c:1001
+msgid "magic output"
+msgstr ""
+
+#: param/loadparm.c:1002
+msgid "delete readonly"
+msgstr ""
+
+#: param/loadparm.c:1003
+msgid "dos filemode"
+msgstr ""
+
+#: param/loadparm.c:1004
+msgid "dos filetimes"
+msgstr ""
+
+#: param/loadparm.c:1005
+msgid "dos filetime resolution"
+msgstr ""
+
+#: param/loadparm.c:1007
+msgid "fake directory create times"
+msgstr ""
+
+#: param/loadparm.c:1008
+msgid "panic action"
+msgstr ""
+
+#: param/loadparm.c:1009
+msgid "hide local users"
+msgstr ""
+
+#: param/loadparm.c:1012
+msgid "VFS options"
+msgstr ""
+
+#: param/loadparm.c:1014
+msgid "vfs object"
+msgstr ""
+
+#: param/loadparm.c:1015
+msgid "vfs options"
+msgstr ""
+
+#: param/loadparm.c:1018
+msgid "msdfs root"
+msgstr ""
+
+#: param/loadparm.c:1019
+msgid "host msdfs"
+msgstr ""
+
+#: param/loadparm.c:1021
+msgid "Winbind options"
+msgstr ""
+
+#: param/loadparm.c:1023
+msgid "winbind uid"
+msgstr ""
+
+#: param/loadparm.c:1024
+msgid "winbind gid"
+msgstr ""
+
+#: param/loadparm.c:1025
+msgid "template homedir"
+msgstr ""
+
+#: param/loadparm.c:1026
+msgid "template shell"
+msgstr ""
+
+#: param/loadparm.c:1027
+msgid "winbind separator"
+msgstr ""
+
+#: param/loadparm.c:1028
+msgid "winbind cache time"
+msgstr ""
+
+#: param/loadparm.c:1029
+msgid "winbind enum users"
+msgstr ""
+
+#: param/loadparm.c:1030
+msgid "winbind enum groups"
+msgstr ""
diff --git a/source3/po/fr.msg b/source3/po/fr.msg
new file mode 100644
index 0000000000..493db659ae
--- /dev/null
+++ b/source3/po/fr.msg
@@ -0,0 +1,1709 @@
+# French messages for international release of SWAT.
+# Copyright (C) 2001 François Le Lay <fanch@tuxfamily.org>
+
+msgid ""
+msgstr ""
+"Project-Id-Version: i18n_swat \n"
+"POT-Creation-Date: 2001-09-20 14:05+0100\n"
+"PO-Revision-Date: 2000-02-08 14:45+0100\n"
+"Last-Translator: François Le Lay <fanch@tuxfamily.org>\n"
+"Language-Team: (Samba Team) <samba-technical@samba.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=US-ASCII\n"
+"Content-Transfer-Encoding: \n"
+
+#: web/swat.c:120
+#, c-format
+msgid "ERROR: Can't open %s\n"
+msgstr "ERREUR: Impossible d'ouvrir %s\n"
+
+#.
+#. str = stripspace(parm->label);
+#. strlower (str); //monyo
+#. d_printf("<tr><td><A HREF=\"/swat/help/smb.conf.5.html#%s\" target=\"docs\">%s</A>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; %s</td><td>",
+#. str, _("Help"), parm->label);
+#.
+#: web/swat.c:211
+msgid "Help"
+msgstr "Aide"
+
+#: web/swat.c:217 web/swat.c:231 web/swat.c:246 web/swat.c:254 web/swat.c:263
+#: web/swat.c:272 web/swat.c:278 web/swat.c:284 web/swat.c:297
+msgid "Set Default"
+msgstr "Définir par défaut"
+
+#: web/swat.c:502
+#, c-format
+msgid "Logged in as <b>%s</b><p>\n"
+msgstr "Connecté en tant que <b>%s</b><p>\n"
+
+#: web/swat.c:505
+msgid "Home"
+msgstr "Home"
+
+#: web/swat.c:507
+msgid "Globals"
+msgstr "Paramètres Généraux"
+
+#: web/swat.c:508
+msgid "Shares"
+msgstr "Partages"
+
+#: web/swat.c:509
+msgid "Printers"
+msgstr "Imprimantes"
+
+#: web/swat.c:512
+msgid "Status"
+msgstr "Statut"
+
+#: web/swat.c:513
+msgid "View Config"
+msgstr "Voir Configuration"
+
+#: web/swat.c:515
+msgid "Password Management"
+msgstr "Gestion des mots de passe"
+
+#: web/swat.c:539
+msgid "Current Config"
+msgstr "Configuration Actuelle"
+
+#: web/swat.c:543
+msgid "Normal View"
+msgstr "Vue Normale"
+
+#: web/swat.c:545
+msgid "Full View"
+msgstr "Vue Complète"
+
+#: web/swat.c:561
+msgid "Global Variables"
+msgstr "Variables Globales"
+
+#: web/swat.c:575 web/swat.c:671 web/swat.c:1014
+msgid "Commit Changes"
+msgstr "Sauver les modifications"
+
+#: web/swat.c:579 web/swat.c:674 web/swat.c:1016
+msgid "Reset Values"
+msgstr "Réinitialiser Valeurs"
+
+#: web/swat.c:581 web/swat.c:676 web/swat.c:1018
+msgid "Advanced View"
+msgstr "Vue Détaillée"
+
+#: web/swat.c:583 web/swat.c:678 web/swat.c:1020
+msgid "Basic View"
+msgstr "Vue Basique"
+
+#: web/swat.c:613
+msgid "Share Parameters"
+msgstr "Paramètres de partage"
+
+#: web/swat.c:642
+msgid "Choose Share"
+msgstr "Choisir un partage"
+
+#: web/swat.c:656
+msgid "Delete Share"
+msgstr "Supprimer un partage"
+
+#: web/swat.c:663
+msgid "Create Share"
+msgstr "Créer un partage"
+
+#: web/swat.c:708
+msgid "password change in demo mode rejected\n"
+msgstr "changement de mot de passe en mode démo rejeté"
+
+#: web/swat.c:747
+msgid " Must specify \"User Name\" \n"
+msgstr "  Le champ \"Nom d'utilisateur\" doit être spécifié\n"
+
+#: web/swat.c:763
+msgid " Must specify \"Old Password\" \n"
+msgstr " Le champ  \"Ancien mot de passe\" doît être spécifié\n"
+
+#: web/swat.c:769
+msgid " Must specify \"Remote Machine\" \n"
+msgstr "  Le champ \"Machine Distante\" doît être spécifié\n"
+
+#: web/swat.c:776
+msgid " Must specify \"New, and Re-typed Passwords\" \n"
+msgstr " Les champs \"Nouveau mot de passe\" et  \"Confirmation du nouveau mot de passe\" doivent être spécifiés \n"
+
+#: web/swat.c:782
+msgid " Re-typed password didn't match new password\n"
+msgstr " Echec de la confirmation du nouveau mot de passe\n"
+
+#: web/swat.c:812
+#, c-format
+msgid " The passwd for '%s' has been changed. \n"
+msgstr " Le mot de passe de '%s' a été modifié. \n"
+
+#: web/swat.c:814
+#, c-format
+msgid " The password for '%s' has NOT been changed. \n"
+msgstr " Le mot de passe de '%s' n'a PAS été modifié. \n"
+
+#: web/swat.c:838
+msgid "Server Password Management"
+msgstr "Gestion des mots de passe serveur"
+
+#.
+#. * Create all the dialog boxes for data collection
+#.
+#: web/swat.c:847 web/swat.c:894
+msgid " User Name : "
+msgstr " Nom d'utilisateur : "
+
+#: web/swat.c:850 web/swat.c:896
+msgid " Old Password : "
+msgstr " Ancien mot de passe : "
+
+#: web/swat.c:853 web/swat.c:898
+msgid " New Password : "
+msgstr " Nouveau mot de passe : "
+
+#: web/swat.c:855 web/swat.c:900
+msgid " Re-type New Password : "
+msgstr " Confirmation du nouveau mot de passe : "
+
+#: web/swat.c:863 web/swat.c:911
+msgid "Change Password"
+msgstr "Modifier le mot de passe"
+
+#: web/swat.c:866
+msgid "Add New User"
+msgstr "Nouvel Utilisateur"
+
+#: web/swat.c:868
+msgid "Delete User"
+msgstr "Supprimer Utilisateur"
+
+#: web/swat.c:870
+msgid "Disable User"
+msgstr "Désactiver Utilisateur"
+
+#: web/swat.c:872
+msgid "Enable User"
+msgstr "Activer Utilisateur"
+
+#: web/swat.c:885
+msgid "Client/Server Password Management"
+msgstr "Gestion des mots de passe Client/Serveur"
+
+#: web/swat.c:902
+msgid " Remote Machine : "
+msgstr " Machine distante : "
+
+#: web/swat.c:940
+msgid "Printer Parameters"
+msgstr "Paramètres Imprimantes"
+
+#: web/swat.c:942
+msgid "Important Note:"
+msgstr "Note Importante:"
+
+#: web/swat.c:943
+msgid "Printer names marked with [*] in the Choose Printer drop-down box "
+msgstr "Les Noms d'imprimantes marqués du signe [*] dans le menu déroulant Choisir Imprimante"
+
+#: web/swat.c:944
+msgid "are autoloaded printers from "
+msgstr "désignent des imprimantes automatiquement chargées depuis le "
+
+#: web/swat.c:945
+msgid "Printcap Name"
+msgstr "Nom Printcap"
+
+#: web/swat.c:946
+msgid "Attempting to delete these printers from SWAT will have no effect.\n"
+msgstr "Essayer de supprimer ces imprimantes depuis SWAT n'aura aucun effet.\n"
+
+#: web/swat.c:980
+msgid "Choose Printer"
+msgstr "Choisir Imprimante"
+
+#: web/swat.c:999
+msgid "Delete Printer"
+msgstr "Supprimer Imprimante"
+
+#: web/swat.c:1006
+msgid "Create Printer"
+msgstr "Créer Imprimante"
+
+#: web/statuspage.c:40
+msgid "DENY_NONE"
+msgstr ""
+
+#: web/statuspage.c:41
+msgid "DENY_ALL   "
+msgstr ""
+
+#: web/statuspage.c:42
+msgid "DENY_DOS   "
+msgstr ""
+
+#: web/statuspage.c:43
+msgid "DENY_READ  "
+msgstr ""
+
+#: web/statuspage.c:44
+msgid "DENY_WRITE "
+msgstr ""
+
+#: web/statuspage.c:50
+msgid "RDONLY     "
+msgstr ""
+
+#: web/statuspage.c:51
+msgid "WRONLY     "
+msgstr ""
+
+#: web/statuspage.c:52
+msgid "RDWR       "
+msgstr ""
+
+#: web/statuspage.c:60
+msgid "EXCLUSIVE+BATCH "
+msgstr ""
+
+#: web/statuspage.c:62
+msgid "EXCLUSIVE       "
+msgstr ""
+
+#: web/statuspage.c:64
+msgid "BATCH           "
+msgstr ""
+
+#: web/statuspage.c:66
+msgid "LEVEL_II        "
+msgstr ""
+
+#: web/statuspage.c:68
+msgid "NONE            "
+msgstr ""
+
+#: web/statuspage.c:195
+msgid "Server Status"
+msgstr "Statut du Serveur"
+
+#: web/statuspage.c:200
+msgid "Auto Refresh"
+msgstr "Rafraîchissement Automatique"
+
+#: web/statuspage.c:201 web/statuspage.c:206
+msgid "Refresh Interval: "
+msgstr "Intervalle de rafraîchissement: "
+
+#: web/statuspage.c:205
+msgid "Stop Refreshing"
+msgstr "Stopper Rafraîchissement"
+
+#: web/statuspage.c:220
+msgid "version:"
+msgstr "version:"
+
+#: web/statuspage.c:223
+msgid "smbd:"
+msgstr ""
+
+#: web/statuspage.c:223 web/statuspage.c:235
+msgid "running"
+msgstr "actif"
+
+#: web/statuspage.c:223 web/statuspage.c:235
+msgid "not running"
+msgstr "non actif"
+
+#: web/statuspage.c:226
+msgid "Stop smbd"
+msgstr "Stopper smbd"
+
+#: web/statuspage.c:228
+msgid "Start smbd"
+msgstr "Lancer smbd"
+
+#: web/statuspage.c:230
+msgid "Restart smbd"
+msgstr "Relancer smbd"
+
+#: web/statuspage.c:235
+msgid "nmbd:"
+msgstr ""
+
+#: web/statuspage.c:238
+msgid "Stop nmbd"
+msgstr "Stopper nmbd"
+
+#: web/statuspage.c:240
+msgid "Start nmbd"
+msgstr "Lancer nmbd"
+
+#: web/statuspage.c:242
+msgid "Restart nmbd"
+msgstr "Relancer nmbd"
+
+#: web/statuspage.c:249
+msgid "Active Connections"
+msgstr "Connections Actives"
+
+#: web/statuspage.c:251 web/statuspage.c:264 web/statuspage.c:272
+msgid "PID"
+msgstr ""
+
+#: web/statuspage.c:251 web/statuspage.c:264
+msgid "Client"
+msgstr ""
+
+#: web/statuspage.c:251
+msgid "IP address"
+msgstr "adresse IP"
+
+#: web/statuspage.c:251 web/statuspage.c:264 web/statuspage.c:272
+msgid "Date"
+msgstr "Date"
+
+#: web/statuspage.c:253
+msgid "Kill"
+msgstr "Terminer"
+
+#: web/statuspage.c:261
+msgid "Active Shares"
+msgstr "Partages Actifs"
+
+#: web/statuspage.c:264
+msgid "Share"
+msgstr "Partager"
+
+#: web/statuspage.c:264
+msgid "User"
+msgstr "Utilisateur"
+
+#: web/statuspage.c:264
+msgid "Group"
+msgstr "Groupe"
+
+#: web/statuspage.c:270
+msgid "Open Files"
+msgstr "Fichiers Ouverts"
+
+#: web/statuspage.c:272
+msgid "Sharing"
+msgstr ""
+
+#: web/statuspage.c:272
+msgid "R/W"
+msgstr ""
+
+#: web/statuspage.c:272
+msgid "Oplock"
+msgstr ""
+
+#: web/statuspage.c:272
+msgid "File"
+msgstr "Fichier"
+
+#: param/loadparm.c:641
+msgid "Base Options"
+msgstr "Options de base"
+
+#: param/loadparm.c:643
+msgid "dos charset"
+msgstr "caractères dos"
+
+#: param/loadparm.c:644
+msgid "unix charset"
+msgstr "caractères unix"
+
+#: param/loadparm.c:645
+msgid "display charset"
+msgstr "caractères display"
+
+#: param/loadparm.c:646
+msgid "comment"
+msgstr "commentaire"
+
+#: param/loadparm.c:647
+msgid "path"
+msgstr "chemin"
+
+#: param/loadparm.c:648
+msgid "directory"
+msgstr "répertoire"
+
+#: param/loadparm.c:649
+msgid "workgroup"
+msgstr "groupe de travail"
+
+#: param/loadparm.c:650
+msgid "netbios name"
+msgstr "nom netbios"
+
+#: param/loadparm.c:651
+msgid "netbios aliases"
+msgstr "alias netbios"
+
+#: param/loadparm.c:652
+msgid "netbios scope"
+msgstr ""
+
+#: param/loadparm.c:653
+msgid "server string"
+msgstr ""
+
+#: param/loadparm.c:654
+msgid "interfaces"
+msgstr ""
+
+#: param/loadparm.c:655
+msgid "bind interfaces only"
+msgstr "lier uniquement les interfaces"
+
+#: param/loadparm.c:657
+msgid "Security Options"
+msgstr "Options de Sécurité"
+
+#: param/loadparm.c:659
+msgid "security"
+msgstr "sécurité"
+
+#: param/loadparm.c:660
+msgid "encrypt passwords"
+msgstr "crypter les mots de passe"
+
+#: param/loadparm.c:661
+msgid "update encrypted"
+msgstr "mise à jour cryptés"
+
+#: param/loadparm.c:662
+msgid "allow trusted domains"
+msgstr "autoriser les domaines de confiance"
+
+#: param/loadparm.c:663
+msgid "alternate permissions"
+msgstr "permissions alternatives"
+
+#: param/loadparm.c:664
+msgid "hosts equiv"
+msgstr ""
+
+#: param/loadparm.c:665
+msgid "min passwd length"
+msgstr "taille minimale des mots de passe"
+
+#: param/loadparm.c:666
+msgid "min password length"
+msgstr "taille minimale des mots de passe"
+
+#: param/loadparm.c:667
+msgid "map to guest"
+msgstr "associer à un invité"
+
+#: param/loadparm.c:668
+msgid "null passwords"
+msgstr "mots de passe null"
+
+#: param/loadparm.c:669
+msgid "obey pam restrictions"
+msgstr "utiliser les restrictions pam"
+
+#: param/loadparm.c:670
+msgid "password server"
+msgstr "serveur de mots de passe"
+
+#: param/loadparm.c:671
+msgid "smb passwd file"
+msgstr "fichier passwd de smb"
+
+#: param/loadparm.c:672
+msgid "private dir"
+msgstr "répertoire privé"
+
+#: param/loadparm.c:673
+msgid "passdb module path"
+msgstr "chemin du module passdb"
+
+#: param/loadparm.c:674
+msgid "root directory"
+msgstr "répertoire root"
+
+#: param/loadparm.c:675
+msgid "root dir"
+msgstr "répertoire root"
+
+#: param/loadparm.c:676
+msgid "root"
+msgstr ""
+
+#: param/loadparm.c:678
+msgid "pam password change"
+msgstr "modification de mot de passe pam"
+
+#: param/loadparm.c:679
+msgid "passwd program"
+msgstr "programme passwd"
+
+#: param/loadparm.c:680
+msgid "passwd chat"
+msgstr ""
+
+#: param/loadparm.c:681
+msgid "passwd chat debug"
+msgstr ""
+
+#: param/loadparm.c:682
+msgid "username map"
+msgstr ""
+
+#: param/loadparm.c:683
+msgid "password level"
+msgstr "niveau mot de passe"
+
+#: param/loadparm.c:684
+msgid "username level"
+msgstr "niveau nom d'utilisateur"
+
+#: param/loadparm.c:685
+msgid "unix password sync"
+msgstr "synchroniser avec mots de passe unix"
+
+#: param/loadparm.c:686
+msgid "restrict anonymous"
+msgstr "limiter anonyme"
+
+#: param/loadparm.c:687
+msgid "lanman auth"
+msgstr ""
+
+#: param/loadparm.c:688
+msgid "ntlm auth"
+msgstr ""
+
+#: param/loadparm.c:689
+msgid "plaintext to smbpasswd"
+msgstr "texte brut vers smbpasswd"
+
+#: param/loadparm.c:690
+msgid "use rhosts"
+msgstr "utiliser rhosts"
+
+#: param/loadparm.c:692
+msgid "username"
+msgstr "nom d'utilisateur"
+
+#: param/loadparm.c:693
+msgid "user"
+msgstr "utilisateur"
+
+#: param/loadparm.c:694
+msgid "users"
+msgstr "utilisateurs"
+
+#: param/loadparm.c:696
+msgid "guest account"
+msgstr "compte invité"
+
+#: param/loadparm.c:697
+msgid "invalid users"
+msgstr "utilisateurs non-valides"
+
+#: param/loadparm.c:698
+msgid "valid users"
+msgstr "utilisateurs valides"
+
+#: param/loadparm.c:699
+msgid "admin users"
+msgstr "utilisateurs administrateurs"
+
+#: param/loadparm.c:700
+msgid "read list"
+msgstr ""
+
+#: param/loadparm.c:701
+msgid "write list"
+msgstr ""
+
+#: param/loadparm.c:702
+msgid "printer admin"
+msgstr "administrateur d'imprimante"
+
+#: param/loadparm.c:703
+msgid "force user"
+msgstr "forcer utilisateur"
+
+#: param/loadparm.c:704
+msgid "force group"
+msgstr "forcer le groupe"
+
+#: param/loadparm.c:705
+msgid "group"
+msgstr "groupe"
+
+#: param/loadparm.c:707
+msgid "read only"
+msgstr "lecture seule"
+
+#: param/loadparm.c:708
+msgid "write ok"
+msgstr "écriture ok"
+
+#: param/loadparm.c:709
+msgid "writeable"
+msgstr "écriture possible"
+
+#: param/loadparm.c:710
+msgid "writable"
+msgstr "écriture possible"
+
+#: param/loadparm.c:712
+msgid "create mask"
+msgstr ""
+
+#: param/loadparm.c:713
+msgid "create mode"
+msgstr "mode création"
+
+#: param/loadparm.c:714
+msgid "force create mode"
+msgstr "forcer le mode création"
+
+#: param/loadparm.c:715
+msgid "security mask"
+msgstr ""
+
+#: param/loadparm.c:716
+msgid "force security mode"
+msgstr "forcer le mode sécurité"
+
+#: param/loadparm.c:717
+msgid "directory mask"
+msgstr "masque de répertoire"
+
+#: param/loadparm.c:718
+msgid "directory mode"
+msgstr "mode répertoire"
+
+#: param/loadparm.c:719
+msgid "force directory mode"
+msgstr "forcer le mode répertoire"
+
+#: param/loadparm.c:720
+msgid "directory security mask"
+msgstr "masque de sécurité répertoire"
+
+#: param/loadparm.c:721
+msgid "force directory security mode"
+msgstr "forcer le mode sécurité répertoire"
+
+#: param/loadparm.c:722
+msgid "inherit permissions"
+msgstr "héritage de permissions"
+
+#: param/loadparm.c:723
+msgid "guest only"
+msgstr "invité seulement"
+
+#: param/loadparm.c:724
+msgid "only guest"
+msgstr "invité seulement"
+
+#: param/loadparm.c:726
+msgid "guest ok"
+msgstr "invité ok"
+
+#: param/loadparm.c:727
+msgid "public"
+msgstr "public"
+
+#: param/loadparm.c:729
+msgid "only user"
+msgstr "utilisateur seulement"
+
+#: param/loadparm.c:730
+msgid "hosts allow"
+msgstr "autoriser hosts"
+
+#: param/loadparm.c:731
+msgid "allow hosts"
+msgstr "autoriser hosts"
+
+#: param/loadparm.c:732
+msgid "hosts deny"
+msgstr "refuser hosts"
+
+#: param/loadparm.c:733
+msgid "deny hosts"
+msgstr "refuser hosts"
+
+#: param/loadparm.c:736
+msgid "Secure Socket Layer Options"
+msgstr "Options Secure Socket Layer"
+
+#: param/loadparm.c:737
+msgid "ssl"
+msgstr ""
+
+#: param/loadparm.c:739
+msgid "ssl hosts"
+msgstr ""
+
+#: param/loadparm.c:740
+msgid "ssl hosts resign"
+msgstr ""
+
+#: param/loadparm.c:741
+msgid "ssl CA certDir"
+msgstr ""
+
+#: param/loadparm.c:742
+msgid "ssl CA certFile"
+msgstr ""
+
+#: param/loadparm.c:743
+msgid "ssl server cert"
+msgstr "certificat ssl serveur"
+
+#: param/loadparm.c:744
+msgid "ssl server key"
+msgstr "clé ssl serveur"
+
+#: param/loadparm.c:745
+msgid "ssl client cert"
+msgstr "certificat ssl client"
+
+#: param/loadparm.c:746
+msgid "ssl client key"
+msgstr "clé ssl client"
+
+#: param/loadparm.c:747
+msgid "ssl require clientcert"
+msgstr "ssl requiert un certificat client"
+
+#: param/loadparm.c:748
+msgid "ssl require servercert"
+msgstr "ssl requiert un certificat serveur"
+
+#: param/loadparm.c:749
+msgid "ssl ciphers"
+msgstr "chiffres ssl"
+
+#: param/loadparm.c:750
+msgid "ssl version"
+msgstr "ssl version"
+
+#: param/loadparm.c:751
+msgid "ssl compatibility"
+msgstr "compatibilité ssl"
+
+#: param/loadparm.c:754
+msgid "Logging Options"
+msgstr "Options de Logging"
+
+#: param/loadparm.c:755
+msgid "log level"
+msgstr "niveau log"
+
+#: param/loadparm.c:756
+msgid "debuglevel"
+msgstr "niveau debug"
+
+#: param/loadparm.c:757
+msgid "syslog"
+msgstr ""
+
+#: param/loadparm.c:758
+msgid "syslog only"
+msgstr "syslog seulement"
+
+#: param/loadparm.c:759
+msgid "log file"
+msgstr "fichier log"
+
+#: param/loadparm.c:761
+msgid "max log size"
+msgstr "taille maxi de la log"
+
+#: param/loadparm.c:762
+msgid "timestamp logs"
+msgstr ""
+
+#: param/loadparm.c:763
+msgid "debug timestamp"
+msgstr ""
+
+#: param/loadparm.c:764
+msgid "debug hires timestamp"
+msgstr ""
+
+#: param/loadparm.c:765
+msgid "debug pid"
+msgstr ""
+
+#: param/loadparm.c:766
+msgid "debug uid"
+msgstr ""
+
+#: param/loadparm.c:768
+msgid "Protocol Options"
+msgstr "Options de Protocole"
+
+#: param/loadparm.c:770
+msgid "protocol"
+msgstr "protocole"
+
+#: param/loadparm.c:771
+msgid "large readwrite"
+msgstr ""
+
+#: param/loadparm.c:772
+msgid "max protocol"
+msgstr "protocole maxi"
+
+#: param/loadparm.c:773
+msgid "min protocol"
+msgstr "protocole mini"
+
+#: param/loadparm.c:774
+msgid "unicode"
+msgstr ""
+
+#: param/loadparm.c:775
+msgid "read bmpx"
+msgstr ""
+
+#: param/loadparm.c:776
+msgid "read raw"
+msgstr ""
+
+#: param/loadparm.c:777
+msgid "write raw"
+msgstr ""
+
+#: param/loadparm.c:779
+msgid "nt smb support"
+msgstr "support smb nt"
+
+#: param/loadparm.c:780
+msgid "nt pipe support"
+msgstr "support pipe nt"
+
+#: param/loadparm.c:781
+msgid "nt acl support"
+msgstr "support acl nt"
+
+#: param/loadparm.c:782
+msgid "announce version"
+msgstr "annoncer la version"
+
+#: param/loadparm.c:783
+msgid "announce as"
+msgstr "annoncer comme"
+
+#: param/loadparm.c:784
+msgid "max mux"
+msgstr "mux maxi"
+
+#: param/loadparm.c:785
+msgid "max xmit"
+msgstr "xmit maxi"
+
+#: param/loadparm.c:787
+msgid "name resolve order"
+msgstr "ordre de résolution des noms"
+
+#: param/loadparm.c:788
+msgid "max packet"
+msgstr "paquet maxi"
+
+#: param/loadparm.c:789
+msgid "packet size"
+msgstr "taille de paquet"
+
+#: param/loadparm.c:790
+msgid "max ttl"
+msgstr "ttl maxi"
+
+#: param/loadparm.c:791
+msgid "max wins ttl"
+msgstr "wins ttl maxi"
+
+#: param/loadparm.c:792
+msgid "min wins ttl"
+msgstr "wins ttl mini"
+
+#: param/loadparm.c:793
+msgid "time server"
+msgstr ""
+
+#: param/loadparm.c:795
+msgid "Tuning Options"
+msgstr "Options de réglage"
+
+#: param/loadparm.c:797
+msgid "change notify timeout"
+msgstr ""
+
+#: param/loadparm.c:798
+msgid "deadtime"
+msgstr ""
+
+#: param/loadparm.c:799
+msgid "getwd cache"
+msgstr ""
+
+#: param/loadparm.c:800
+msgid "keepalive"
+msgstr ""
+
+#: param/loadparm.c:802
+msgid "lpq cache time"
+msgstr ""
+
+#: param/loadparm.c:803
+msgid "max smbd processes"
+msgstr "nombre maxi de processus smbd"
+
+#: param/loadparm.c:804
+msgid "max connections"
+msgstr "connections maxi"
+
+#: param/loadparm.c:805
+msgid "paranoid server security"
+msgstr ""
+
+#: param/loadparm.c:806
+msgid "max disk size"
+msgstr "taille maxi de disque"
+
+#: param/loadparm.c:807
+msgid "max open files"
+msgstr "nombre maxi de fichiers ouverts"
+
+#: param/loadparm.c:808
+msgid "min print space"
+msgstr "espace d'impression mini"
+
+#: param/loadparm.c:809
+msgid "read size"
+msgstr ""
+
+#: param/loadparm.c:811
+msgid "socket options"
+msgstr "options de socket"
+
+#: param/loadparm.c:812
+msgid "stat cache size"
+msgstr "taille du cache stat"
+
+#: param/loadparm.c:813
+msgid "strict allocate"
+msgstr "allocation stricte"
+
+#: param/loadparm.c:814
+msgid "strict sync"
+msgstr "synchronisation stricte"
+
+#: param/loadparm.c:815
+msgid "sync always"
+msgstr "toujours synchroniser"
+
+#: param/loadparm.c:816
+msgid "use mmap"
+msgstr "utiliser mmap"
+
+#: param/loadparm.c:817
+msgid "hostname lookups"
+msgstr ""
+
+#: param/loadparm.c:818
+msgid "write cache size"
+msgstr "taille du cache d'écriture"
+
+#: param/loadparm.c:820
+msgid "Printing Options"
+msgstr "Options d'impression"
+
+#: param/loadparm.c:822
+msgid "total print jobs"
+msgstr "total jobs d'impression"
+
+#: param/loadparm.c:823
+msgid "max print jobs"
+msgstr "max jobs d'impression"
+
+#: param/loadparm.c:824
+msgid "load printers"
+msgstr "charger imprimantes"
+
+#: param/loadparm.c:825
+msgid "printcap name"
+msgstr "nom printcap"
+
+#: param/loadparm.c:826
+msgid "printcap"
+msgstr ""
+
+#: param/loadparm.c:827
+msgid "printable"
+msgstr "imprimable"
+
+#: param/loadparm.c:828
+msgid "print ok"
+msgstr "imprimante ok"
+
+#: param/loadparm.c:829
+msgid "postscript"
+msgstr ""
+
+#: param/loadparm.c:830
+msgid "printing"
+msgstr "impression"
+
+#: param/loadparm.c:831
+msgid "print command"
+msgstr "commande d'impression"
+
+#: param/loadparm.c:832
+msgid "disable spoolss"
+msgstr "désactiver spoolss"
+
+#: param/loadparm.c:833
+msgid "lpq command"
+msgstr "commande lpq"
+
+#: param/loadparm.c:834
+msgid "lprm command"
+msgstr "commande lprm"
+
+#: param/loadparm.c:835
+msgid "lppause command"
+msgstr "commande lppause"
+
+#: param/loadparm.c:836
+msgid "lpresume command"
+msgstr "commande lpresume"
+
+#: param/loadparm.c:837
+msgid "queuepause command"
+msgstr "commande queuepause"
+
+#: param/loadparm.c:838
+msgid "queueresume command"
+msgstr "commande queueresume"
+
+#: param/loadparm.c:840
+msgid "enumports command"
+msgstr "commande enumports"
+
+#: param/loadparm.c:841
+msgid "addprinter command"
+msgstr "commande addprinter"
+
+#: param/loadparm.c:842
+msgid "deleteprinter command"
+msgstr "commande deleteprinter"
+
+#: param/loadparm.c:843
+msgid "show add printer wizard"
+msgstr "Voir l'assistant d'ajout d'imprimante"
+
+#: param/loadparm.c:844
+msgid "os2 driver map"
+msgstr ""
+
+#: param/loadparm.c:846
+msgid "printer name"
+msgstr "nom d'imprimante"
+
+#: param/loadparm.c:847
+msgid "printer"
+msgstr "imprimante"
+
+#: param/loadparm.c:848
+msgid "use client driver"
+msgstr "utiliser le pilote client"
+
+#: param/loadparm.c:849
+msgid "printer driver"
+msgstr "pilote d'imprimante"
+
+#: param/loadparm.c:850
+msgid "printer driver file"
+msgstr "fichier de pilote d'imprimante"
+
+#: param/loadparm.c:851
+msgid "printer driver location"
+msgstr "adresse du pilote d'imprimante"
+
+#: param/loadparm.c:853
+msgid "Filename Handling"
+msgstr "Gestion des noms de fichier"
+
+#: param/loadparm.c:854
+msgid "strip dot"
+msgstr ""
+
+#: param/loadparm.c:856
+msgid "mangled stack"
+msgstr ""
+
+#: param/loadparm.c:857
+msgid "default case"
+msgstr "casse par défaut"
+
+#: param/loadparm.c:858
+msgid "case sensitive"
+msgstr "sensible à la casse"
+
+#: param/loadparm.c:859
+msgid "casesignames"
+msgstr ""
+
+#: param/loadparm.c:860
+msgid "preserve case"
+msgstr "garder la casse"
+
+#: param/loadparm.c:861
+msgid "short preserve case"
+msgstr ""
+
+#: param/loadparm.c:862
+msgid "mangle case"
+msgstr ""
+
+#: param/loadparm.c:863
+msgid "mangling char"
+msgstr ""
+
+#: param/loadparm.c:864
+msgid "hide dot files"
+msgstr ""
+
+#: param/loadparm.c:865
+msgid "hide unreadable"
+msgstr ""
+
+#: param/loadparm.c:866
+msgid "delete veto files"
+msgstr "supprimer les fichiers veto"
+
+#: param/loadparm.c:867
+msgid "veto files"
+msgstr "fichiers veto"
+
+#: param/loadparm.c:868
+msgid "hide files"
+msgstr "cacher les fichiers"
+
+#: param/loadparm.c:869
+msgid "veto oplock files"
+msgstr ""
+
+#: param/loadparm.c:870
+msgid "map system"
+msgstr "map système"
+
+#: param/loadparm.c:871
+msgid "map hidden"
+msgstr "map caché"
+
+#: param/loadparm.c:872
+msgid "map archive"
+msgstr ""
+
+#: param/loadparm.c:873
+msgid "mangled names"
+msgstr ""
+
+#: param/loadparm.c:874
+msgid "mangled map"
+msgstr ""
+
+#: param/loadparm.c:875
+msgid "stat cache"
+msgstr "cache stat"
+
+#: param/loadparm.c:877
+msgid "Domain Options"
+msgstr "Options de Domaine"
+
+#: param/loadparm.c:879
+msgid "domain admin group"
+msgstr "groupe d'administration du domaine"
+
+#: param/loadparm.c:880
+msgid "domain guest group"
+msgstr "groupe invité du domaine"
+
+#: param/loadparm.c:883
+msgid "groupname map"
+msgstr "map noms de groupe"
+
+#: param/loadparm.c:886
+msgid "machine password timeout"
+msgstr ""
+
+#: param/loadparm.c:888
+msgid "Logon Options"
+msgstr "Options de Logon"
+
+#: param/loadparm.c:890
+msgid "add user script"
+msgstr "ajouter script utilisateur"
+
+#: param/loadparm.c:891
+msgid "delete user script"
+msgstr "supprimer script utilisateur"
+
+#: param/loadparm.c:892
+msgid "add group script"
+msgstr "ajouter script de groupe"
+
+#: param/loadparm.c:893
+msgid "delete group script"
+msgstr "supprimer script de groupe"
+
+#: param/loadparm.c:894
+msgid "add user to group script"
+msgstr "ajouter un utilisateur à un script de groupe"
+
+#: param/loadparm.c:895
+msgid "delete user from group script"
+msgstr "supprimer un utilisateur d'un script de groupe"
+
+#: param/loadparm.c:896
+msgid "add machine script"
+msgstr "ajouter un script machine"
+
+#: param/loadparm.c:897
+msgid "shutdown script"
+msgstr "script shutdown"
+
+#: param/loadparm.c:898
+msgid "abort shutdown script"
+msgstr "annuler script shutdown"
+
+#: param/loadparm.c:900
+msgid "logon script"
+msgstr "script de logon"
+
+#: param/loadparm.c:901
+msgid "logon path"
+msgstr ""
+
+#: param/loadparm.c:902
+msgid "logon drive"
+msgstr ""
+
+#: param/loadparm.c:903
+msgid "logon home"
+msgstr ""
+
+#: param/loadparm.c:904
+msgid "domain logons"
+msgstr ""
+
+#: param/loadparm.c:906
+msgid "Browse Options"
+msgstr "Options de Navigation"
+
+#: param/loadparm.c:908
+msgid "os level"
+msgstr "niveau os"
+
+#: param/loadparm.c:909
+msgid "lm announce"
+msgstr "annonce lm"
+
+#: param/loadparm.c:910
+msgid "lm interval"
+msgstr "intervalle lm"
+
+#: param/loadparm.c:911
+msgid "preferred master"
+msgstr "master préféré"
+
+#: param/loadparm.c:912
+msgid "prefered master"
+msgstr "master préféré"
+
+#: param/loadparm.c:913
+msgid "local master"
+msgstr "master local"
+
+#: param/loadparm.c:914
+msgid "domain master"
+msgstr "master de domaine"
+
+#: param/loadparm.c:915
+msgid "browse list"
+msgstr "parcourir la liste"
+
+#: param/loadparm.c:916
+msgid "browseable"
+msgstr "navigable"
+
+#: param/loadparm.c:917
+msgid "browsable"
+msgstr "navigable"
+
+#: param/loadparm.c:918
+msgid "enhanced browsing"
+msgstr "navigation améliorée"
+
+#: param/loadparm.c:920
+msgid "WINS Options"
+msgstr "Options WINS"
+
+#: param/loadparm.c:921
+msgid "dns proxy"
+msgstr ""
+
+#: param/loadparm.c:922
+msgid "wins proxy"
+msgstr ""
+
+#: param/loadparm.c:924
+msgid "wins server"
+msgstr ""
+
+#: param/loadparm.c:925
+msgid "wins support"
+msgstr ""
+
+#: param/loadparm.c:926
+msgid "wins hook"
+msgstr ""
+
+#: param/loadparm.c:928
+msgid "Locking Options"
+msgstr "Options de Verrouillage"
+
+#: param/loadparm.c:930
+msgid "blocking locks"
+msgstr "verrous bloquants"
+
+#: param/loadparm.c:931
+msgid "fake oplocks"
+msgstr ""
+
+#: param/loadparm.c:932
+msgid "kernel oplocks"
+msgstr ""
+
+#: param/loadparm.c:933
+msgid "locking"
+msgstr "verrouillage"
+
+#: param/loadparm.c:935
+msgid "oplocks"
+msgstr ""
+
+#: param/loadparm.c:936
+msgid "level2 oplocks"
+msgstr ""
+
+#: param/loadparm.c:937
+msgid "oplock break wait time"
+msgstr ""
+
+#: param/loadparm.c:938
+msgid "oplock contention limit"
+msgstr ""
+
+#: param/loadparm.c:939
+msgid "posix locking"
+msgstr "verrouillage posix"
+
+#: param/loadparm.c:940
+msgid "strict locking"
+msgstr "verrouillage strict"
+
+#: param/loadparm.c:941
+msgid "share modes"
+msgstr "modes de partage"
+
+#: param/loadparm.c:944
+msgid "Ldap Options"
+msgstr "Options Ldap"
+
+#: param/loadparm.c:946
+msgid "ldap server"
+msgstr "serveur ldap"
+
+#: param/loadparm.c:947
+msgid "ldap port"
+msgstr "port ldap"
+
+#: param/loadparm.c:948
+msgid "ldap suffix"
+msgstr "suffixe ldap"
+
+#: param/loadparm.c:949
+msgid "ldap filter"
+msgstr "filtre ldap"
+
+#: param/loadparm.c:950
+msgid "ldap root"
+msgstr ""
+
+#: param/loadparm.c:951
+msgid "ldap root passwd"
+msgstr ""
+
+#: param/loadparm.c:954
+msgid "Miscellaneous Options"
+msgstr "Options Diverses"
+
+#: param/loadparm.c:955
+msgid "add share command"
+msgstr "ajouter une commande de partage"
+
+#: param/loadparm.c:956
+msgid "change share command"
+msgstr "modifier une commande de partage"
+
+#: param/loadparm.c:957
+msgid "delete share command"
+msgstr "supprimer une commande de partage"
+
+#: param/loadparm.c:959
+msgid "config file"
+msgstr "fichier de configuration"
+
+#: param/loadparm.c:960
+msgid "preload"
+msgstr "pré-chargement"
+
+#: param/loadparm.c:961
+msgid "auto services"
+msgstr ""
+
+#: param/loadparm.c:962
+msgid "lock dir"
+msgstr ""
+
+#: param/loadparm.c:963
+msgid "lock directory"
+msgstr ""
+
+#: param/loadparm.c:965
+msgid "utmp directory"
+msgstr ""
+
+#: param/loadparm.c:966
+msgid "wtmp directory"
+msgstr ""
+
+#: param/loadparm.c:967
+msgid "utmp"
+msgstr ""
+
+#: param/loadparm.c:970
+msgid "default service"
+msgstr "service par défaut"
+
+#: param/loadparm.c:971
+msgid "default"
+msgstr "par défaut"
+
+#: param/loadparm.c:972
+msgid "message command"
+msgstr "commande message"
+
+#: param/loadparm.c:973
+msgid "dfree command"
+msgstr "commande dfree"
+
+#: param/loadparm.c:974
+msgid "remote announce"
+msgstr "annonce distante"
+
+#: param/loadparm.c:975
+msgid "remote browse sync"
+msgstr "synchronisation de navigation distante"
+
+#: param/loadparm.c:976
+msgid "socket address"
+msgstr "adresse de socket"
+
+#: param/loadparm.c:977
+msgid "homedir map"
+msgstr ""
+
+#: param/loadparm.c:978
+msgid "time offset"
+msgstr ""
+
+#: param/loadparm.c:979
+msgid "NIS homedir"
+msgstr ""
+
+#: param/loadparm.c:980
+msgid "-valid"
+msgstr ""
+
+#: param/loadparm.c:982
+msgid "copy"
+msgstr ""
+
+#: param/loadparm.c:983
+msgid "include"
+msgstr ""
+
+#: param/loadparm.c:984
+msgid "exec"
+msgstr ""
+
+#: param/loadparm.c:985
+msgid "preexec"
+msgstr ""
+
+#: param/loadparm.c:987
+msgid "preexec close"
+msgstr ""
+
+#: param/loadparm.c:988
+msgid "postexec"
+msgstr ""
+
+#: param/loadparm.c:989
+msgid "root preexec"
+msgstr ""
+
+#: param/loadparm.c:990
+msgid "root preexec close"
+msgstr ""
+
+#: param/loadparm.c:991
+msgid "root postexec"
+msgstr ""
+
+#: param/loadparm.c:992
+msgid "available"
+msgstr "disponible"
+
+#: param/loadparm.c:993
+msgid "volume"
+msgstr ""
+
+#: param/loadparm.c:994
+msgid "fstype"
+msgstr ""
+
+#: param/loadparm.c:995
+msgid "set directory"
+msgstr ""
+
+#: param/loadparm.c:996
+msgid "source environment"
+msgstr ""
+
+#: param/loadparm.c:997
+msgid "wide links"
+msgstr ""
+
+#: param/loadparm.c:998
+msgid "follow symlinks"
+msgstr ""
+
+#: param/loadparm.c:999
+msgid "dont descend"
+msgstr "ne pas descendre"
+
+#: param/loadparm.c:1000
+msgid "magic script"
+msgstr ""
+
+#: param/loadparm.c:1001
+msgid "magic output"
+msgstr ""
+
+#: param/loadparm.c:1002
+msgid "delete readonly"
+msgstr "supprimer lecture seule"
+
+#: param/loadparm.c:1003
+msgid "dos filemode"
+msgstr ""
+
+#: param/loadparm.c:1004
+msgid "dos filetimes"
+msgstr ""
+
+#: param/loadparm.c:1005
+msgid "dos filetime resolution"
+msgstr ""
+
+#: param/loadparm.c:1007
+msgid "fake directory create times"
+msgstr ""
+
+#: param/loadparm.c:1008
+msgid "panic action"
+msgstr ""
+
+#: param/loadparm.c:1009
+msgid "hide local users"
+msgstr "cacher les utilisateurs locaux"
+
+#: param/loadparm.c:1012
+msgid "VFS options"
+msgstr "Options VFS"
+
+#: param/loadparm.c:1014
+msgid "vfs object"
+msgstr ""
+
+#: param/loadparm.c:1015
+msgid "vfs options"
+msgstr ""
+
+#: param/loadparm.c:1018
+msgid "msdfs root"
+msgstr ""
+
+#: param/loadparm.c:1019
+msgid "host msdfs"
+msgstr ""
+
+#: param/loadparm.c:1021
+msgid "Winbind options"
+msgstr "Options Winbind"
+
+#: param/loadparm.c:1023
+msgid "winbind uid"
+msgstr ""
+
+#: param/loadparm.c:1024
+msgid "winbind gid"
+msgstr ""
+
+#: param/loadparm.c:1025
+msgid "template homedir"
+msgstr ""
+
+#: param/loadparm.c:1026
+msgid "template shell"
+msgstr ""
+
+#: param/loadparm.c:1027
+msgid "winbind separator"
+msgstr ""
+
+#: param/loadparm.c:1028
+msgid "winbind cache time"
+msgstr ""
+
+#: param/loadparm.c:1029
+msgid "winbind enum users"
+msgstr ""
+
+#: param/loadparm.c:1030
+msgid "winbind enum groups"
+msgstr ""
+
+
diff --git a/source3/po/it.msg b/source3/po/it.msg
new file mode 100644
index 0000000000..708f2165ee
--- /dev/null
+++ b/source3/po/it.msg
@@ -0,0 +1,1707 @@
+# Italian messages for international release of SWAT.
+# Copyright (C) 2001 Simo Sorce <idra@samba.org>
+
+msgid ""
+msgstr ""
+"Project-Id-Version: i18n_swat \n"
+"POT-Creation-Date: 2001-09-20 14:05+0100\n"
+"PO-Revision-Date: 2000-02-08 14:45+0100\n"
+"Last-Translator: Simo Sorce <idra@samba.org>\n"
+"Language-Team: (Samba Team) <samba-technical@samba.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=US-ASCII\n"
+"Content-Transfer-Encoding: \n"
+
+#: web/swat.c:120
+#, c-format
+msgid "ERROR: Can't open %s\n"
+msgstr "ERRORE: Impossibile aprire %s\n"
+
+#.
+#. str = stripspace(parm->label);
+#. strlower (str); //monyo
+#. d_printf("<tr><td><A HREF=\"/swat/help/smb.conf.5.html#%s\" target=\"docs\">%s</A>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; %s</td><td>",
+#. str, _("Help"), parm->label);
+#.
+#: web/swat.c:211
+msgid "Help"
+msgstr "Aiuto"
+
+#: web/swat.c:217 web/swat.c:231 web/swat.c:246 web/swat.c:254 web/swat.c:263
+#: web/swat.c:272 web/swat.c:278 web/swat.c:284 web/swat.c:297
+msgid "Set Default"
+msgstr "Imposta Default"
+
+#: web/swat.c:502
+#, c-format
+msgid "Logged in as <b>%s</b><p>\n"
+msgstr "Connesso come <b>%s</b><p>\n"
+
+#: web/swat.c:505
+msgid "Home"
+msgstr "Home"
+
+#: web/swat.c:507
+msgid "Globals"
+msgstr "Globali"
+
+#: web/swat.c:508
+msgid "Shares"
+msgstr "Condivisioni"
+
+#: web/swat.c:509
+msgid "Printers"
+msgstr "Stampanti"
+
+#: web/swat.c:512
+msgid "Status"
+msgstr "Stato"
+
+#: web/swat.c:513
+msgid "View Config"
+msgstr "Visualizza Configurazione"
+
+#: web/swat.c:515
+msgid "Password Management"
+msgstr "Gestione Password"
+
+#: web/swat.c:539
+msgid "Current Config"
+msgstr "Configurazione Attuale"
+
+#: web/swat.c:543
+msgid "Normal View"
+msgstr "Vista Normale"
+
+#: web/swat.c:545
+msgid "Full View"
+msgstr "Vista Completa"
+
+#: web/swat.c:561
+msgid "Global Variables"
+msgstr "Variabili Globali"
+
+#: web/swat.c:575 web/swat.c:671 web/swat.c:1014
+msgid "Commit Changes"
+msgstr "Salva Modifiche"
+
+#: web/swat.c:579 web/swat.c:674 web/swat.c:1016
+msgid "Reset Values"
+msgstr "Resetta Valori"
+
+#: web/swat.c:581 web/swat.c:676 web/swat.c:1018
+msgid "Advanced View"
+msgstr "Vista Avanzata"
+
+#: web/swat.c:583 web/swat.c:678 web/swat.c:1020
+msgid "Basic View"
+msgstr "Vista Semplice"
+
+#: web/swat.c:613
+msgid "Share Parameters"
+msgstr "Parametri Condivisioni"
+
+#: web/swat.c:642
+msgid "Choose Share"
+msgstr "Scegli Condivisione"
+
+#: web/swat.c:656
+msgid "Delete Share"
+msgstr "Cancella Condivisione"
+
+#: web/swat.c:663
+msgid "Create Share"
+msgstr "Crea Condivisione"
+
+#: web/swat.c:708
+msgid "password change in demo mode rejected\n"
+msgstr "cambio password in modalita' demo rigettata"
+
+#: web/swat.c:747
+msgid " Must specify \"User Name\" \n"
+msgstr " \"Nome Utente\" deve essere specificato \n"
+
+#: web/swat.c:763
+msgid " Must specify \"Old Password\" \n"
+msgstr " \"Vecchia Password\" deve essere specificato \n"
+
+#: web/swat.c:769
+msgid " Must specify \"Remote Machine\" \n"
+msgstr " \"Macchina Remota\" deve essere specificato \n"
+
+#: web/swat.c:776
+msgid " Must specify \"New, and Re-typed Passwords\" \n"
+msgstr " "Nuova/Conferma Password" devono essere specificati \n"
+
+#: web/swat.c:782
+msgid " Re-typed password didn't match new password\n"
+msgstr " la password di conferma non e' uguale alla nuova password\n"
+
+#: web/swat.c:812
+#, c-format
+msgid " The passwd for '%s' has been changed. \n"
+msgstr " La password per '%s' e' stata cambiata. \n"
+
+#: web/swat.c:814
+#, c-format
+msgid " The passwd for '%s' has NOT been changed. \n"
+msgstr " La password per '%s' non e' stata cambianta. \n"
+
+#: web/swat.c:838
+msgid "Server Password Management"
+msgstr "Gestione Password del Server"
+
+#.
+#. * Create all the dialog boxes for data collection
+#.
+#: web/swat.c:847 web/swat.c:894
+msgid " User Name : "
+msgstr " Nome Utente : "
+
+#: web/swat.c:850 web/swat.c:896
+msgid " Old Password : "
+msgstr " Vecchia Password : "
+
+#: web/swat.c:853 web/swat.c:898
+msgid " New Password : "
+msgstr " Nuova Password : "
+
+#: web/swat.c:855 web/swat.c:900
+msgid " Re-type New Password : "
+msgstr " Conferma nuova Password : "
+
+#: web/swat.c:863 web/swat.c:911
+msgid "Change Password"
+msgstr "Cambia Password"
+
+#: web/swat.c:866
+msgid "Add New User"
+msgstr "Aggiungi Nuovo Utente"
+
+#: web/swat.c:868
+msgid "Delete User"
+msgstr "Cancella Utente"
+
+#: web/swat.c:870
+msgid "Disable User"
+msgstr "Disabilita Utente"
+
+#: web/swat.c:872
+msgid "Enable User"
+msgstr "Abilita Utente"
+
+#: web/swat.c:885
+msgid "Client/Server Password Management"
+msgstr "Gestione Password Client/Server"
+
+#: web/swat.c:902
+msgid " Remote Machine : "
+msgstr " Macchina Remota : "
+
+#: web/swat.c:940
+msgid "Printer Parameters"
+msgstr "Parametri Stampante"
+
+#: web/swat.c:942
+msgid "Important Note:"
+msgstr "Nota Importante:"
+
+#: web/swat.c:943
+msgid "Printer names marked with [*] in the Choose Printer drop-down box "
+msgstr "nomi di stampante marcati con [*] nel riquadro a scomparsa Scegli Stampante"
+
+#: web/swat.c:944
+msgid "are autoloaded printers from "
+msgstr "sono stampanti caricate automaticamente da "
+
+#: web/swat.c:945
+msgid "Printcap Name"
+msgstr "Nome Printcap"
+
+#: web/swat.c:946
+msgid "Attempting to delete these printers from SWAT will have no effect.\n"
+msgstr "Il tentativo di cancellare queste stampanti da sWAT non avara' effetto.\n"
+
+#: web/swat.c:980
+msgid "Choose Printer"
+msgstr "Scegli Stampante"
+
+#: web/swat.c:999
+msgid "Delete Printer"
+msgstr "Cancella Stampante"
+
+#: web/swat.c:1006
+msgid "Create Printer"
+msgstr "Crea Stampante"
+
+#: web/statuspage.c:40
+msgid "DENY_NONE"
+msgstr ""
+
+#: web/statuspage.c:41
+msgid "DENY_ALL   "
+msgstr ""
+
+#: web/statuspage.c:42
+msgid "DENY_DOS   "
+msgstr ""
+
+#: web/statuspage.c:43
+msgid "DENY_READ  "
+msgstr ""
+
+#: web/statuspage.c:44
+msgid "DENY_WRITE "
+msgstr ""
+
+#: web/statuspage.c:50
+msgid "RDONLY     "
+msgstr ""
+
+#: web/statuspage.c:51
+msgid "WRONLY     "
+msgstr ""
+
+#: web/statuspage.c:52
+msgid "RDWR       "
+msgstr ""
+
+#: web/statuspage.c:60
+msgid "EXCLUSIVE+BATCH "
+msgstr ""
+
+#: web/statuspage.c:62
+msgid "EXCLUSIVE       "
+msgstr ""
+
+#: web/statuspage.c:64
+msgid "BATCH           "
+msgstr ""
+
+#: web/statuspage.c:66
+msgid "LEVEL_II        "
+msgstr ""
+
+#: web/statuspage.c:68
+msgid "NONE            "
+msgstr ""
+
+#: web/statuspage.c:195
+msgid "Server Status"
+msgstr "Stato del Server"
+
+#: web/statuspage.c:200
+msgid "Auto Refresh"
+msgstr "Rinfresco Automatico"
+
+#: web/statuspage.c:201 web/statuspage.c:206
+msgid "Refresh Interval: "
+msgstr "Intervallo Rinfresco: "
+
+#: web/statuspage.c:205
+msgid "Stop Refreshing"
+msgstr "Ferma Rinfresco"
+
+#: web/statuspage.c:220
+msgid "version:"
+msgstr "versione:"
+
+#: web/statuspage.c:223
+msgid "smbd:"
+msgstr ""
+
+#: web/statuspage.c:223 web/statuspage.c:235
+msgid "running"
+msgstr "attivo"
+
+#: web/statuspage.c:223 web/statuspage.c:235
+msgid "not running"
+msgstr "non attivo"
+
+#: web/statuspage.c:226
+msgid "Stop smbd"
+msgstr "Ferma smbd"
+
+#: web/statuspage.c:228
+msgid "Start smbd"
+msgstr "Lancia smbd"
+
+#: web/statuspage.c:230
+msgid "Restart smbd"
+msgstr "Rilancia smbd"
+
+#: web/statuspage.c:235
+msgid "nmbd:"
+msgstr ""
+
+#: web/statuspage.c:238
+msgid "Stop nmbd"
+msgstr "Ferma nmbd"
+
+#: web/statuspage.c:240
+msgid "Start nmbd"
+msgstr "Lancia nmbd"
+
+#: web/statuspage.c:242
+msgid "Restart nmbd"
+msgstr "Rilancia nmbd"
+
+#: web/statuspage.c:249
+msgid "Active Connections"
+msgstr "Connessioni Attive"
+
+#: web/statuspage.c:251 web/statuspage.c:264 web/statuspage.c:272
+msgid "PID"
+msgstr ""
+
+#: web/statuspage.c:251 web/statuspage.c:264
+msgid "Client"
+msgstr ""
+
+#: web/statuspage.c:251
+msgid "IP address"
+msgstr "indirizzo IP"
+
+#: web/statuspage.c:251 web/statuspage.c:264 web/statuspage.c:272
+msgid "Date"
+msgstr "Data"
+
+#: web/statuspage.c:253
+msgid "Kill"
+msgstr "Termina"
+
+#: web/statuspage.c:261
+msgid "Active Shares"
+msgstr "Condivisioni Attive"
+
+#: web/statuspage.c:264
+msgid "Share"
+msgstr "Condivisione"
+
+#: web/statuspage.c:264
+msgid "User"
+msgstr "Utente"
+
+#: web/statuspage.c:264
+msgid "Group"
+msgstr "Gruppo"
+
+#: web/statuspage.c:270
+msgid "Open Files"
+msgstr "File Aperti"
+
+#: web/statuspage.c:272
+msgid "Sharing"
+msgstr ""
+
+#: web/statuspage.c:272
+msgid "R/W"
+msgstr ""
+
+#: web/statuspage.c:272
+msgid "Oplock"
+msgstr ""
+
+#: web/statuspage.c:272
+msgid "File"
+msgstr ""
+
+#: param/loadparm.c:641
+msgid "Base Options"
+msgstr "Opzioni Basilari"
+
+#: param/loadparm.c:643
+msgid "dos charset"
+msgstr "set caratteri dos"
+
+#: param/loadparm.c:644
+msgid "unix charset"
+msgstr "set caratteri unix"
+
+#: param/loadparm.c:645
+msgid "display charset"
+msgstr "set caratteri display"
+
+#: param/loadparm.c:646
+msgid "comment"
+msgstr "commento"
+
+#: param/loadparm.c:647
+msgid "path"
+msgstr "percorso"
+
+#: param/loadparm.c:648
+msgid "directory"
+msgstr ""
+
+#: param/loadparm.c:649
+msgid "workgroup"
+msgstr ""
+
+#: param/loadparm.c:650
+msgid "netbios name"
+msgstr "nome netbios"
+
+#: param/loadparm.c:651
+msgid "netbios aliases"
+msgstr "alias netbios"
+
+#: param/loadparm.c:652
+msgid "netbios scope"
+msgstr "scope netbios"
+
+#: param/loadparm.c:653
+msgid "server string"
+msgstr "stringa server"
+
+#: param/loadparm.c:654
+msgid "interfaces"
+msgstr "interfacce"
+
+#: param/loadparm.c:655
+msgid "bind interfaces only"
+msgstr "usa solo interfacce definite"
+
+#: param/loadparm.c:657
+msgid "Security Options"
+msgstr "Opzioni di Sicurezza"
+
+#: param/loadparm.c:659
+msgid "security"
+msgstr "sicurezza"
+
+#: param/loadparm.c:660
+msgid "encrypt passwords"
+msgstr "password cryptate"
+
+#: param/loadparm.c:661
+msgid "update encrypted"
+msgstr "aggiorna criptate"
+
+#: param/loadparm.c:662
+msgid "allow trusted domains"
+msgstr "permetti domini trusted"
+
+#: param/loadparm.c:663
+msgid "alternate permissions"
+msgstr "permessi alternativi"
+
+#: param/loadparm.c:664
+msgid "hosts equiv"
+msgstr ""
+
+#: param/loadparm.c:665
+msgid "min passwd length"
+msgstr "minima lunghezza passwd"
+
+#: param/loadparm.c:666
+msgid "min password length"
+msgstr "minima lunghezza password"
+
+#: param/loadparm.c:667
+msgid "map to guest"
+msgstr "mappa su ospite"
+
+#: param/loadparm.c:668
+msgid "null passwords"
+msgstr "password nulle"
+
+#: param/loadparm.c:669
+msgid "obey pam restrictions"
+msgstr "usa restrizioni pam"
+
+#: param/loadparm.c:670
+msgid "password server"
+msgstr ""
+
+#: param/loadparm.c:671
+msgid "smb passwd file"
+msgstr ""
+
+#: param/loadparm.c:672
+msgid "private dir"
+msgstr "directory privata"
+
+#: param/loadparm.c:673
+msgid "passdb module path"
+msgstr "percorso modulo passdb"
+
+#: param/loadparm.c:674
+msgid "root directory"
+msgstr ""
+
+#: param/loadparm.c:675
+msgid "root dir"
+msgstr ""
+
+#: param/loadparm.c:676
+msgid "root"
+msgstr ""
+
+#: param/loadparm.c:678
+msgid "pam password change"
+msgstr ""
+
+#: param/loadparm.c:679
+msgid "passwd program"
+msgstr ""
+
+#: param/loadparm.c:680
+msgid "passwd chat"
+msgstr ""
+
+#: param/loadparm.c:681
+msgid "passwd chat debug"
+msgstr ""
+
+#: param/loadparm.c:682
+msgid "username map"
+msgstr "mappa nomi utenti"
+
+#: param/loadparm.c:683
+msgid "password level"
+msgstr "livello password"
+
+#: param/loadparm.c:684
+msgid "username level"
+msgstr "livello nome utente"
+
+#: param/loadparm.c:685
+msgid "unix password sync"
+msgstr "sincronizza password unix"
+
+#: param/loadparm.c:686
+msgid "restrict anonymous"
+msgstr "limita anonimo"
+
+#: param/loadparm.c:687
+msgid "lanman auth"
+msgstr ""
+
+#: param/loadparm.c:688
+msgid "ntlm auth"
+msgstr ""
+
+#: param/loadparm.c:689
+msgid "plaintext to smbpasswd"
+msgstr "da plaintext a smbpasswd"
+
+#: param/loadparm.c:690
+msgid "use rhosts"
+msgstr "usa rhosts"
+
+#: param/loadparm.c:692
+msgid "username"
+msgstr "nome utente"
+
+#: param/loadparm.c:693
+msgid "user"
+msgstr "utente"
+
+#: param/loadparm.c:694
+msgid "users"
+msgstr "utenti"
+
+#: param/loadparm.c:696
+msgid "guest account"
+msgstr "account ospite"
+
+#: param/loadparm.c:697
+msgid "invalid users"
+msgstr "utenti non validi"
+
+#: param/loadparm.c:698
+msgid "valid users"
+msgstr "utenti validi"
+
+#: param/loadparm.c:699
+msgid "admin users"
+msgstr "utenti amministratori"
+
+#: param/loadparm.c:700
+msgid "read list"
+msgstr ""
+
+#: param/loadparm.c:701
+msgid "write list"
+msgstr ""
+
+#: param/loadparm.c:702
+msgid "printer admin"
+msgstr "amministratore stmapnati"
+
+#: param/loadparm.c:703
+msgid "force user"
+msgstr "forza utente"
+
+#: param/loadparm.c:704
+msgid "force group"
+msgstr "forza gruppo"
+
+#: param/loadparm.c:705
+msgid "group"
+msgstr "gruppo"
+
+#: param/loadparm.c:707
+msgid "read only"
+msgstr "sola lettura"
+
+#: param/loadparm.c:708
+msgid "write ok"
+msgstr "ok scrittura"
+
+#: param/loadparm.c:709
+msgid "writeable"
+msgstr "scrivibile"
+
+#: param/loadparm.c:710
+msgid "writable"
+msgstr "scrivibile"
+
+#: param/loadparm.c:712
+msgid "create mask"
+msgstr ""
+
+#: param/loadparm.c:713
+msgid "create mode"
+msgstr ""
+
+#: param/loadparm.c:714
+msgid "force create mode"
+msgstr "forza create mode"
+
+#: param/loadparm.c:715
+msgid "security mask"
+msgstr ""
+
+#: param/loadparm.c:716
+msgid "force security mode"
+msgstr "forza security mode"
+
+#: param/loadparm.c:717
+msgid "directory mask"
+msgstr ""
+
+#: param/loadparm.c:718
+msgid "directory mode"
+msgstr ""
+
+#: param/loadparm.c:719
+msgid "force directory mode"
+msgstr "forza directory mode"
+
+#: param/loadparm.c:720
+msgid "directory security mask"
+msgstr ""
+
+#: param/loadparm.c:721
+msgid "force directory security mode"
+msgstr "forza directory security mode"
+
+#: param/loadparm.c:722
+msgid "inherit permissions"
+msgstr "eredita permessi"
+
+#: param/loadparm.c:723
+msgid "guest only"
+msgstr "solo ospite"
+
+#: param/loadparm.c:724
+msgid "only guest"
+msgstr "solo ospite"
+
+#: param/loadparm.c:726
+msgid "guest ok"
+msgstr "ok ospite"
+
+#: param/loadparm.c:727
+msgid "public"
+msgstr "pubblico"
+
+#: param/loadparm.c:729
+msgid "only user"
+msgstr "solo utente"
+
+#: param/loadparm.c:730
+msgid "hosts allow"
+msgstr "permetti hosts"
+
+#: param/loadparm.c:731
+msgid "allow hosts"
+msgstr "permetti hosts"
+
+#: param/loadparm.c:732
+msgid "hosts deny"
+msgstr "vieta hosts"
+
+#: param/loadparm.c:733
+msgid "deny hosts"
+msgstr "vieta hosts"
+
+#: param/loadparm.c:736
+msgid "Secure Socket Layer Options"
+msgstr "Opzioni Secure Socket Layer"
+
+#: param/loadparm.c:737
+msgid "ssl"
+msgstr ""
+
+#: param/loadparm.c:739
+msgid "ssl hosts"
+msgstr ""
+
+#: param/loadparm.c:740
+msgid "ssl hosts resign"
+msgstr ""
+
+#: param/loadparm.c:741
+msgid "ssl CA certDir"
+msgstr ""
+
+#: param/loadparm.c:742
+msgid "ssl CA certFile"
+msgstr ""
+
+#: param/loadparm.c:743
+msgid "ssl server cert"
+msgstr ""
+
+#: param/loadparm.c:744
+msgid "ssl server key"
+msgstr ""
+
+#: param/loadparm.c:745
+msgid "ssl client cert"
+msgstr ""
+
+#: param/loadparm.c:746
+msgid "ssl client key"
+msgstr ""
+
+#: param/loadparm.c:747
+msgid "ssl require clientcert"
+msgstr "ssl richiede certificato client"
+
+#: param/loadparm.c:748
+msgid "ssl require servercert"
+msgstr "ssl richiede certificato server"
+
+#: param/loadparm.c:749
+msgid "ssl ciphers"
+msgstr ""
+
+#: param/loadparm.c:750
+msgid "ssl version"
+msgstr "ssl versione"
+
+#: param/loadparm.c:751
+msgid "ssl compatibility"
+msgstr ""
+
+#: param/loadparm.c:754
+msgid "Logging Options"
+msgstr "Opzioni di Log"
+
+#: param/loadparm.c:755
+msgid "log level"
+msgstr "livello log"
+
+#: param/loadparm.c:756
+msgid "debuglevel"
+msgstr "livello debug"
+
+#: param/loadparm.c:757
+msgid "syslog"
+msgstr ""
+
+#: param/loadparm.c:758
+msgid "syslog only"
+msgstr "solo syslog"
+
+#: param/loadparm.c:759
+msgid "log file"
+msgstr "file di log"
+
+#: param/loadparm.c:761
+msgid "max log size"
+msgstr "massima dimensione log"
+
+#: param/loadparm.c:762
+msgid "timestamp logs"
+msgstr ""
+
+#: param/loadparm.c:763
+msgid "debug timestamp"
+msgstr ""
+
+#: param/loadparm.c:764
+msgid "debug hires timestamp"
+msgstr ""
+
+#: param/loadparm.c:765
+msgid "debug pid"
+msgstr ""
+
+#: param/loadparm.c:766
+msgid "debug uid"
+msgstr ""
+
+#: param/loadparm.c:768
+msgid "Protocol Options"
+msgstr "Opzioni Protocollo"
+
+#: param/loadparm.c:770
+msgid "protocol"
+msgstr "protocollo"
+
+#: param/loadparm.c:771
+msgid "large readwrite"
+msgstr ""
+
+#: param/loadparm.c:772
+msgid "max protocol"
+msgstr "protocollo massimo"
+
+#: param/loadparm.c:773
+msgid "min protocol"
+msgstr "protocollo minimo"
+
+#: param/loadparm.c:774
+msgid "unicode"
+msgstr ""
+
+#: param/loadparm.c:775
+msgid "read bmpx"
+msgstr ""
+
+#: param/loadparm.c:776
+msgid "read raw"
+msgstr ""
+
+#: param/loadparm.c:777
+msgid "write raw"
+msgstr ""
+
+#: param/loadparm.c:779
+msgid "nt smb support"
+msgstr "supporto smb nt"
+
+#: param/loadparm.c:780
+msgid "nt pipe support"
+msgstr "supporto pipe nt"
+
+#: param/loadparm.c:781
+msgid "nt acl support"
+msgstr "supporto acl nt"
+
+#: param/loadparm.c:782
+msgid "announce version"
+msgstr "annuncia versione"
+
+#: param/loadparm.c:783
+msgid "announce as"
+msgstr "annuncia come"
+
+#: param/loadparm.c:784
+msgid "max mux"
+msgstr "mux massimo"
+
+#: param/loadparm.c:785
+msgid "max xmit"
+msgstr "xmit massimo"
+
+#: param/loadparm.c:787
+msgid "name resolve order"
+msgstr "ordine risoluzione nomi"
+
+#: param/loadparm.c:788
+msgid "max packet"
+msgstr "pacchetto massimo"
+
+#: param/loadparm.c:789
+msgid "packet size"
+msgstr "dimensione pacchetto"
+
+#: param/loadparm.c:790
+msgid "max ttl"
+msgstr "ttl massimo"
+
+#: param/loadparm.c:791
+msgid "max wins ttl"
+msgstr "wins ttl massimo"
+
+#: param/loadparm.c:792
+msgid "min wins ttl"
+msgstr "wins ttl minimo"
+
+#: param/loadparm.c:793
+msgid "time server"
+msgstr ""
+
+#: param/loadparm.c:795
+msgid "Tuning Options"
+msgstr "Opzioni Tuning"
+
+#: param/loadparm.c:797
+msgid "change notify timeout"
+msgstr ""
+
+#: param/loadparm.c:798
+msgid "deadtime"
+msgstr ""
+
+#: param/loadparm.c:799
+msgid "getwd cache"
+msgstr ""
+
+#: param/loadparm.c:800
+msgid "keepalive"
+msgstr ""
+
+#: param/loadparm.c:802
+msgid "lpq cache time"
+msgstr ""
+
+#: param/loadparm.c:803
+msgid "max smbd processes"
+msgstr "massimo n. processi smbd"
+
+#: param/loadparm.c:804
+msgid "max connections"
+msgstr "massimo n. connessioni"
+
+#: param/loadparm.c:805
+msgid "paranoid server security"
+msgstr ""
+
+#: param/loadparm.c:806
+msgid "max disk size"
+msgstr "massima dimensione disco"
+
+#: param/loadparm.c:807
+msgid "max open files"
+msgstr "massimo n. file aperti"
+
+#: param/loadparm.c:808
+msgid "min print space"
+msgstr "spazio stampa minimo"
+
+#: param/loadparm.c:809
+msgid "read size"
+msgstr ""
+
+#: param/loadparm.c:811
+msgid "socket options"
+msgstr "opzioni socket"
+
+#: param/loadparm.c:812
+msgid "stat cache size"
+msgstr "dimensione stat cache"
+
+#: param/loadparm.c:813
+msgid "strict allocate"
+msgstr "allocazione stretta"
+
+#: param/loadparm.c:814
+msgid "strict sync"
+msgstr "sincronizzazione stretta"
+
+#: param/loadparm.c:815
+msgid "sync always"
+msgstr "sincronizza sempre"
+
+#: param/loadparm.c:816
+msgid "use mmap"
+msgstr "usa mmap"
+
+#: param/loadparm.c:817
+msgid "hostname lookups"
+msgstr ""
+
+#: param/loadparm.c:818
+msgid "write cache size"
+msgstr "dimensione write cache"
+
+#: param/loadparm.c:820
+msgid "Printing Options"
+msgstr "Opzioni di Stampa"
+
+#: param/loadparm.c:822
+msgid "total print jobs"
+msgstr "job stampa totali"
+
+#: param/loadparm.c:823
+msgid "max print jobs"
+msgstr "massimo n. job stampa"
+
+#: param/loadparm.c:824
+msgid "load printers"
+msgstr "carica stampanti"
+
+#: param/loadparm.c:825
+msgid "printcap name"
+msgstr "nome printcap"
+
+#: param/loadparm.c:826
+msgid "printcap"
+msgstr ""
+
+#: param/loadparm.c:827
+msgid "printable"
+msgstr "stmpabile"
+
+#: param/loadparm.c:828
+msgid "print ok"
+msgstr "ok stampa"
+
+#: param/loadparm.c:829
+msgid "postscript"
+msgstr ""
+
+#: param/loadparm.c:830
+msgid "printing"
+msgstr "stampa"
+
+#: param/loadparm.c:831
+msgid "print command"
+msgstr "comando stampa"
+
+#: param/loadparm.c:832
+msgid "disable spoolss"
+msgstr "disabilita spoolss"
+
+#: param/loadparm.c:833
+msgid "lpq command"
+msgstr "comando lpq"
+
+#: param/loadparm.c:834
+msgid "lprm command"
+msgstr "comando lprm"
+
+#: param/loadparm.c:835
+msgid "lppause command"
+msgstr "comando lppause"
+
+#: param/loadparm.c:836
+msgid "lpresume command"
+msgstr "comando lpresume"
+
+#: param/loadparm.c:837
+msgid "queuepause command"
+msgstr "comando queuepause"
+
+#: param/loadparm.c:838
+msgid "queueresume command"
+msgstr "comando queueresume"
+
+#: param/loadparm.c:840
+msgid "enumports command"
+msgstr "cmando enumports"
+
+#: param/loadparm.c:841
+msgid "addprinter command"
+msgstr "comando addprinter"
+
+#: param/loadparm.c:842
+msgid "deleteprinter command"
+msgstr "comando deleteprinter"
+
+#: param/loadparm.c:843
+msgid "show add printer wizard"
+msgstr "mostra wizard aggiungi stampanti"
+
+#: param/loadparm.c:844
+msgid "os2 driver map"
+msgstr "mappa driver os2"
+
+#: param/loadparm.c:846
+msgid "printer name"
+msgstr "nome stampante"
+
+#: param/loadparm.c:847
+msgid "printer"
+msgstr "stampante"
+
+#: param/loadparm.c:848
+msgid "use client driver"
+msgstr "usa client driver"
+
+#: param/loadparm.c:849
+msgid "printer driver"
+msgstr "driver stampante"
+
+#: param/loadparm.c:850
+msgid "printer driver file"
+msgstr "file driver stampante"
+
+#: param/loadparm.c:851
+msgid "printer driver location"
+msgstr "posizione driver stampante"
+
+#: param/loadparm.c:853
+msgid "Filename Handling"
+msgstr "Gestione Nomi File"
+
+#: param/loadparm.c:854
+msgid "strip dot"
+msgstr "togli il punto"
+
+#: param/loadparm.c:856
+msgid "mangled stack"
+msgstr ""
+
+#: param/loadparm.c:857
+msgid "default case"
+msgstr ""
+
+#: param/loadparm.c:858
+msgid "case sensitive"
+msgstr ""
+
+#: param/loadparm.c:859
+msgid "casesignames"
+msgstr ""
+
+#: param/loadparm.c:860
+msgid "preserve case"
+msgstr ""
+
+#: param/loadparm.c:861
+msgid "short preserve case"
+msgstr ""
+
+#: param/loadparm.c:862
+msgid "mangle case"
+msgstr ""
+
+#: param/loadparm.c:863
+msgid "mangling char"
+msgstr ""
+
+#: param/loadparm.c:864
+msgid "hide dot files"
+msgstr ""
+
+#: param/loadparm.c:865
+msgid "hide unreadable"
+msgstr ""
+
+#: param/loadparm.c:866
+msgid "delete veto files"
+msgstr ""
+
+#: param/loadparm.c:867
+msgid "veto files"
+msgstr ""
+
+#: param/loadparm.c:868
+msgid "hide files"
+msgstr "nascondi file"
+
+#: param/loadparm.c:869
+msgid "veto oplock files"
+msgstr ""
+
+#: param/loadparm.c:870
+msgid "map system"
+msgstr "mappa system"
+
+#: param/loadparm.c:871
+msgid "map hidden"
+msgstr "mappa hidden"
+
+#: param/loadparm.c:872
+msgid "map archive"
+msgstr "mappa archive"
+
+#: param/loadparm.c:873
+msgid "mangled names"
+msgstr ""
+
+#: param/loadparm.c:874
+msgid "mangled map"
+msgstr ""
+
+#: param/loadparm.c:875
+msgid "stat cache"
+msgstr ""
+
+#: param/loadparm.c:877
+msgid "Domain Options"
+msgstr "Opzioni Dominio"
+
+#: param/loadparm.c:879
+msgid "domain admin group"
+msgstr "gruppo amministratori dominio"
+
+#: param/loadparm.c:880
+msgid "domain guest group"
+msgstr "gruppo ospiti dominio"
+
+#: param/loadparm.c:883
+msgid "groupname map"
+msgstr "mappa nome gruppo"
+
+#: param/loadparm.c:886
+msgid "machine password timeout"
+msgstr ""
+
+#: param/loadparm.c:888
+msgid "Logon Options"
+msgstr "Opzioni di Logon"
+
+#: param/loadparm.c:890
+msgid "add user script"
+msgstr ""
+
+#: param/loadparm.c:891
+msgid "delete user script"
+msgstr ""
+
+#: param/loadparm.c:892
+msgid "add group script"
+msgstr ""
+
+#: param/loadparm.c:893
+msgid "delete group script"
+msgstr ""
+
+#: param/loadparm.c:894
+msgid "add user to group script"
+msgstr ""
+
+#: param/loadparm.c:895
+msgid "delete user from group script"
+msgstr ""
+
+#: param/loadparm.c:896
+msgid "add machine script"
+msgstr ""
+
+#: param/loadparm.c:897
+msgid "shutdown script"
+msgstr ""
+
+#: param/loadparm.c:898
+msgid "abort shutdown script"
+msgstr ""
+
+#: param/loadparm.c:900
+msgid "logon script"
+msgstr ""
+
+#: param/loadparm.c:901
+msgid "logon path"
+msgstr ""
+
+#: param/loadparm.c:902
+msgid "logon drive"
+msgstr ""
+
+#: param/loadparm.c:903
+msgid "logon home"
+msgstr ""
+
+#: param/loadparm.c:904
+msgid "domain logons"
+msgstr ""
+
+#: param/loadparm.c:906
+msgid "Browse Options"
+msgstr "Opzioni Browsing"
+
+#: param/loadparm.c:908
+msgid "os level"
+msgstr "livello os"
+
+#: param/loadparm.c:909
+msgid "lm announce"
+msgstr "annuncio lm"
+
+#: param/loadparm.c:910
+msgid "lm interval"
+msgstr "intervallo lm"
+
+#: param/loadparm.c:911
+msgid "preferred master"
+msgstr "master preferito"
+
+#: param/loadparm.c:912
+msgid "prefered master"
+msgstr "master preferito"
+
+#: param/loadparm.c:913
+msgid "local master"
+msgstr "master locale"
+
+#: param/loadparm.c:914
+msgid "domain master"
+msgstr "master dominio"
+
+#: param/loadparm.c:915
+msgid "browse list"
+msgstr "lista browsing"
+
+#: param/loadparm.c:916
+msgid "browseable"
+msgstr ""
+
+#: param/loadparm.c:917
+msgid "browsable"
+msgstr ""
+
+#: param/loadparm.c:918
+msgid "enhanced browsing"
+msgstr ""
+
+#: param/loadparm.c:920
+msgid "WINS Options"
+msgstr "opzioni WINS"
+
+#: param/loadparm.c:921
+msgid "dns proxy"
+msgstr ""
+
+#: param/loadparm.c:922
+msgid "wins proxy"
+msgstr ""
+
+#: param/loadparm.c:924
+msgid "wins server"
+msgstr ""
+
+#: param/loadparm.c:925
+msgid "wins support"
+msgstr ""
+
+#: param/loadparm.c:926
+msgid "wins hook"
+msgstr ""
+
+#: param/loadparm.c:928
+msgid "Locking Options"
+msgstr "Opzioni Locking"
+
+#: param/loadparm.c:930
+msgid "blocking locks"
+msgstr ""
+
+#: param/loadparm.c:931
+msgid "fake oplocks"
+msgstr ""
+
+#: param/loadparm.c:932
+msgid "kernel oplocks"
+msgstr ""
+
+#: param/loadparm.c:933
+msgid "locking"
+msgstr ""
+
+#: param/loadparm.c:935
+msgid "oplocks"
+msgstr ""
+
+#: param/loadparm.c:936
+msgid "level2 oplocks"
+msgstr ""
+
+#: param/loadparm.c:937
+msgid "oplock break wait time"
+msgstr ""
+
+#: param/loadparm.c:938
+msgid "oplock contention limit"
+msgstr ""
+
+#: param/loadparm.c:939
+msgid "posix locking"
+msgstr ""
+
+#: param/loadparm.c:940
+msgid "strict locking"
+msgstr ""
+
+#: param/loadparm.c:941
+msgid "share modes"
+msgstr ""
+
+#: param/loadparm.c:944
+msgid "Ldap Options"
+msgstr "Opzioni Ldap"
+
+#: param/loadparm.c:946
+msgid "ldap server"
+msgstr ""
+
+#: param/loadparm.c:947
+msgid "ldap port"
+msgstr ""
+
+#: param/loadparm.c:948
+msgid "ldap suffix"
+msgstr ""
+
+#: param/loadparm.c:949
+msgid "ldap filter"
+msgstr ""
+
+#: param/loadparm.c:950
+msgid "ldap root"
+msgstr ""
+
+#: param/loadparm.c:951
+msgid "ldap root passwd"
+msgstr ""
+
+#: param/loadparm.c:954
+msgid "Miscellaneous Options"
+msgstr "Opzioni Generiche"
+
+#: param/loadparm.c:955
+msgid "add share command"
+msgstr ""
+
+#: param/loadparm.c:956
+msgid "change share command"
+msgstr ""
+
+#: param/loadparm.c:957
+msgid "delete share command"
+msgstr ""
+
+#: param/loadparm.c:959
+msgid "config file"
+msgstr "file configurazione"
+
+#: param/loadparm.c:960
+msgid "preload"
+msgstr "precarica"
+
+#: param/loadparm.c:961
+msgid "auto services"
+msgstr ""
+
+#: param/loadparm.c:962
+msgid "lock dir"
+msgstr ""
+
+#: param/loadparm.c:963
+msgid "lock directory"
+msgstr ""
+
+#: param/loadparm.c:965
+msgid "utmp directory"
+msgstr ""
+
+#: param/loadparm.c:966
+msgid "wtmp directory"
+msgstr ""
+
+#: param/loadparm.c:967
+msgid "utmp"
+msgstr ""
+
+#: param/loadparm.c:970
+msgid "default service"
+msgstr ""
+
+#: param/loadparm.c:971
+msgid "default"
+msgstr ""
+
+#: param/loadparm.c:972
+msgid "message command"
+msgstr "comando message"
+
+#: param/loadparm.c:973
+msgid "dfree command"
+msgstr "comando dfree"
+
+#: param/loadparm.c:974
+msgid "remote announce"
+msgstr "annuncio remoto"
+
+#: param/loadparm.c:975
+msgid "remote browse sync"
+msgstr ""
+
+#: param/loadparm.c:976
+msgid "socket address"
+msgstr ""
+
+#: param/loadparm.c:977
+msgid "homedir map"
+msgstr ""
+
+#: param/loadparm.c:978
+msgid "time offset"
+msgstr ""
+
+#: param/loadparm.c:979
+msgid "NIS homedir"
+msgstr ""
+
+#: param/loadparm.c:980
+msgid "-valid"
+msgstr ""
+
+#: param/loadparm.c:982
+msgid "copy"
+msgstr "copia"
+
+#: param/loadparm.c:983
+msgid "include"
+msgstr "includi"
+
+#: param/loadparm.c:984
+msgid "exec"
+msgstr "esegui"
+
+#: param/loadparm.c:985
+msgid "preexec"
+msgstr "pre-esegui"
+
+#: param/loadparm.c:987
+msgid "preexec close"
+msgstr "pre-esegui e chiudi"
+
+#: param/loadparm.c:988
+msgid "postexec"
+msgstr "post-esegui"
+
+#: param/loadparm.c:989
+msgid "root preexec"
+msgstr "root pre-esegui"
+
+#: param/loadparm.c:990
+msgid "root preexec close"
+msgstr "root pre-esegui e chiudi"
+
+#: param/loadparm.c:991
+msgid "root postexec"
+msgstr "root post-esegui"
+
+#: param/loadparm.c:992
+msgid "available"
+msgstr "disponibile"
+
+#: param/loadparm.c:993
+msgid "volume"
+msgstr ""
+
+#: param/loadparm.c:994
+msgid "fstype"
+msgstr "tipo file system"
+
+#: param/loadparm.c:995
+msgid "set directory"
+msgstr ""
+
+#: param/loadparm.c:996
+msgid "source environment"
+msgstr ""
+
+#: param/loadparm.c:997
+msgid "wide links"
+msgstr ""
+
+#: param/loadparm.c:998
+msgid "follow symlinks"
+msgstr ""
+
+#: param/loadparm.c:999
+msgid "dont descend"
+msgstr "non discendere"
+
+#: param/loadparm.c:1000
+msgid "magic script"
+msgstr ""
+
+#: param/loadparm.c:1001
+msgid "magic output"
+msgstr ""
+
+#: param/loadparm.c:1002
+msgid "delete readonly"
+msgstr "cancella sola-lettura"
+
+#: param/loadparm.c:1003
+msgid "dos filemode"
+msgstr ""
+
+#: param/loadparm.c:1004
+msgid "dos filetimes"
+msgstr ""
+
+#: param/loadparm.c:1005
+msgid "dos filetime resolution"
+msgstr ""
+
+#: param/loadparm.c:1007
+msgid "fake directory create times"
+msgstr ""
+
+#: param/loadparm.c:1008
+msgid "panic action"
+msgstr ""
+
+#: param/loadparm.c:1009
+msgid "hide local users"
+msgstr "nascondi utenti locali"
+
+#: param/loadparm.c:1012
+msgid "VFS options"
+msgstr "Opzioni VFS"
+
+#: param/loadparm.c:1014
+msgid "vfs object"
+msgstr ""
+
+#: param/loadparm.c:1015
+msgid "vfs options"
+msgstr ""
+
+#: param/loadparm.c:1018
+msgid "msdfs root"
+msgstr ""
+
+#: param/loadparm.c:1019
+msgid "host msdfs"
+msgstr ""
+
+#: param/loadparm.c:1021
+msgid "Winbind options"
+msgstr "Opzioni Winbind"
+
+#: param/loadparm.c:1023
+msgid "winbind uid"
+msgstr ""
+
+#: param/loadparm.c:1024
+msgid "winbind gid"
+msgstr ""
+
+#: param/loadparm.c:1025
+msgid "template homedir"
+msgstr ""
+
+#: param/loadparm.c:1026
+msgid "template shell"
+msgstr ""
+
+#: param/loadparm.c:1027
+msgid "winbind separator"
+msgstr ""
+
+#: param/loadparm.c:1028
+msgid "winbind cache time"
+msgstr ""
+
+#: param/loadparm.c:1029
+msgid "winbind enum users"
+msgstr ""
+
+#: param/loadparm.c:1030
+msgid "winbind enum groups"
+msgstr ""
diff --git a/source3/po/ja.msg b/source3/po/ja.msg
new file mode 100644
index 0000000000..e77f34e3c4
--- /dev/null
+++ b/source3/po/ja.msg
@@ -0,0 +1,1821 @@
+# Japanese messages for international release of SWAT.
+# Copyright (C) 2001 Ryo Kawahara <rkawa@lbe.co.jp>, 2000.
+#
+#   This program is free software; you can redistribute it and/or modify
+#   it under the terms of the GNU General Public License as published by
+#   the Free Software Foundation; either version 2 of the License, or
+#   (at your option) any later version.
+#
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License
+#   along with this program; if not, write to the Free Software
+#   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: i18n-swatE VERSION\n"
+"POT-Creation-Date: 2001-09-20 20:29+0900\n"
+"PO-Revision-Date: 2000-04-03 17:55+09:00\n"
+"Last-Translator: TAKAHASHI Motonobu <monyo@samba.gr.jp>\n"
+"Language-Team: Samba Team <samba-technical@samba.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=Shift_JIS\n"
+"Content-Transfer-Encoding: \n"
+
+#: web/swat.c:120
+#, c-format
+msgid "ERROR: Can't open %s\n"
+msgstr "%s ‚�ƒI[ƒvƒ“‚Ċ‚Ğ‚Ü‚ı‚ñ\n"
+
+#.
+#. str = stripspace(parm->label);
+#. strlower (str); //monyo
+#. d_printf("<tr><td><A HREF=\"/swat/help/smb.conf.5.html#%s\" target=\"docs\">%s</A>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; %s</td><td>",
+#. str, _("Help"), parm->label);
+#.
+#: web/swat.c:211
+msgid "Help"
+msgstr "à–�"
+
+#: web/swat.c:217 web/swat.c:231 web/swat.c:246 web/swat.c:254 web/swat.c:263
+#: web/swat.c:272 web/swat.c:278 web/swat.c:284 web/swat.c:297
+msgid "Set Default"
+msgstr "Šù’è’l‚É–ß‚·"
+
+#: web/swat.c:502
+#, c-format
+msgid "Logged in as <b>%s</b><p>\n"
+msgstr "<b>%s</b>‚Ĉ‚µ‚ăƒOƒCƒ“<p>\n"
+
+#: web/swat.c:505
+msgid "Home"
+msgstr "ƒz[ƒ€"
+
+#: web/swat.c:507
+msgid "Globals"
+msgstr "‘S‘̐Ŭ’è"
+
+#: web/swat.c:508
+msgid "Shares"
+msgstr "‹¤—LŬ’è"
+
+#: web/swat.c:509
+msgid "Printers"
+msgstr "ƒvƒŠƒ“ƒ^Ŭ’è"
+
+#: web/swat.c:512
+msgid "Status"
+msgstr "“�ìó‹µ"
+
+#: web/swat.c:513
+msgid "View Config"
+msgstr "Ŭ’è•\\ŽĤ"
+
+#: web/swat.c:515
+msgid "Password Management"
+msgstr "ƒpƒXƒ[ƒhŠÇ—Eƒ†[ƒUŠÇ—"
+
+#: web/swat.c:539
+msgid "Current Config"
+msgstr "ŒğŬ‚̐Ŭ’è"
+
+#: web/swat.c:543
+msgid "Normal View"
+msgstr "•W€•\ŽĤ"
+
+#: web/swat.c:545
+msgid "Full View"
+msgstr "Š�‘S•\ŽĤ"
+
+#: web/swat.c:561
+msgid "Global Variables"
+msgstr "‘S‘̐Ŭ’è"
+
+#: web/swat.c:575 web/swat.c:671 web/swat.c:1014
+msgid "Commit Changes"
+msgstr "Ŭ’è•ÏX"
+
+#: web/swat.c:579 web/swat.c:674 web/swat.c:1016
+msgid "Reset Values"
+msgstr "ƒŠƒZƒbƒg"
+
+#: web/swat.c:581 web/swat.c:676 web/swat.c:1018
+msgid "Advanced View"
+msgstr "Ú×•\ŽĤ"
+
+#: web/swat.c:583 web/swat.c:678 web/swat.c:1020
+msgid "Basic View"
+msgstr "•W€•\ŽĤ"
+
+#: web/swat.c:613
+msgid "Share Parameters"
+msgstr "‹¤—LŬ’è"
+
+#: web/swat.c:642
+msgid "Choose Share"
+msgstr "‹¤—L‘I‘�"
+
+#: web/swat.c:656
+msgid "Delete Share"
+msgstr "‹¤—Líœ"
+
+#: web/swat.c:663
+msgid "Create Share"
+msgstr "V‹K‹¤—LìĴ"
+
+#: web/swat.c:708
+msgid "password change in demo mode rejected\n"
+msgstr "ƒfƒ‚Eƒ‚[ƒh‚Ċ‚̃pƒXƒ[ƒh•ÏX‚Í‚Ċ‚Ğ‚Ü‚ı‚ñ\n"
+
+#: web/swat.c:747
+msgid " Must specify \"User Name\" \n"
+msgstr "uƒ†[ƒU–ĵv‚�“ü—Í‚­‚�‚³‚˘\n"
+
+#: web/swat.c:763
+msgid " Must specify \"Old Password\" \n"
+msgstr "u‹ŒƒpƒXƒ[ƒhv‚�“ü—Í‚µ‚Ä‚­‚�‚³‚˘\n"
+
+#: web/swat.c:769
+msgid " Must specify \"Remote Machine\" \n"
+msgstr "uƒŠƒ‚[ƒg ƒ}ƒVƒ“v‚�“ü—Í‚µ‚Ä‚­‚�‚³‚˘\n"
+
+#: web/swat.c:776
+msgid " Must specify \"New, and Re-typed Passwords\" \n"
+msgstr "uVƒpƒXƒ[ƒhv‚�“ü—Í‚µAÄ“ü—Í‚à‚µ‚Ä‚­‚�‚³‚˘\n"
+
+#: web/swat.c:782
+msgid " Re-typed password didn't match new password\n"
+msgstr "VƒpƒXƒ[ƒh‚̍ēü—Í‚ŞŠÔˆá‚Á‚Ä‚˘‚Ü‚·\n"
+
+#: web/swat.c:812
+#, c-format
+msgid " The passwd for '%s' has been changed. \n"
+msgstr " '%s' ‚̃pƒXƒ[ƒh‚͕ύX‚³‚ê‚Ü‚µ‚½ \n"
+
+#: web/swat.c:814
+#, c-format
+msgid " The passwd for '%s' has NOT been changed. \n"
+msgstr " '%s' ‚̃pƒXƒ[ƒh‚͕ύX‚³‚ê‚Ü‚ı‚ñ‚Ċ‚µ‚½ \n"
+
+#: web/swat.c:838
+msgid "Server Password Management"
+msgstr "ƒ[ƒJƒ‹ ƒ}ƒVƒ“‚̃pƒXƒ[ƒhŠÇ—"
+
+#.
+#. * Create all the dialog boxes for data collection
+#.
+#: web/swat.c:847 web/swat.c:894
+msgid " User Name : "
+msgstr "ƒ†[ƒU–ĵ : "
+
+#: web/swat.c:850 web/swat.c:896
+msgid " Old Password : "
+msgstr "‹ŒƒpƒXƒ[ƒh : "
+
+#: web/swat.c:853 web/swat.c:898
+msgid " New Password : "
+msgstr "VƒpƒXƒ[ƒh : "
+
+#: web/swat.c:855 web/swat.c:900
+msgid " Re-type New Password : "
+msgstr "VƒpƒXƒ[ƒhÄ“ü—Í : "
+
+#: web/swat.c:863 web/swat.c:911
+msgid "Change Password"
+msgstr "ƒpƒXƒ[ƒh•ÏX"
+
+#: web/swat.c:866
+msgid "Add New User"
+msgstr "V‹Kƒ†[ƒU’ljÁ"
+
+#: web/swat.c:868
+msgid "Delete User"
+msgstr "ƒ†[ƒU‚�íœ‚·‚é"
+
+#: web/swat.c:870
+msgid "Disable User"
+msgstr "Žg—p•s‰Â‚É‚·‚é"
+
+#: web/swat.c:872
+msgid "Enable User"
+msgstr "Žg—p‰Â”\‚É‚·‚é"
+
+#: web/swat.c:885
+msgid "Client/Server Password Management"
+msgstr "ƒŠƒ‚[ƒg ƒ}ƒVƒ“‚̃pƒXƒ[ƒhŠÇ—"
+
+#: web/swat.c:902
+msgid " Remote Machine : "
+msgstr " ƒŠƒ‚[ƒg ƒ}ƒVƒ“ : "
+
+#: web/swat.c:940
+msgid "Printer Parameters"
+msgstr "ƒvƒŠƒ“ƒ^Ŭ’è [Printer]"
+
+#: web/swat.c:942
+msgid "Important Note:"
+msgstr "*’:"
+
+#: web/swat.c:943
+msgid "Printer names marked with [*] in the Choose Printer drop-down box "
+msgstr "–ĵ‘O‚̐ĉ“Ş‚É [*] ‚ނ‚˘‚½ƒvƒŠƒ“ƒ^"
+
+#: web/swat.c:944
+msgid "are autoloaded printers from "
+msgstr "‚́A"
+
+#: web/swat.c:945
+msgid "Printcap Name"
+msgstr "printcap name ƒpƒ‰ƒ[ƒ^"
+
+#: web/swat.c:946
+msgid "Attempting to delete these printers from SWAT will have no effect.\n"
+msgstr "‚İ‚çŽİ“�Ŭ’肳‚ꂽ‚à‚Ì‚Ċ‚·‚İ‚çAíœ‚·‚é‚ħ‚Ĉ‚Í‚Ċ‚Ğ‚Ü‚ı‚ñB\n"
+
+#: web/swat.c:980
+msgid "Choose Printer"
+msgstr "ƒvƒŠƒ“ƒ^‘I‘�"
+
+#: web/swat.c:999
+msgid "Delete Printer"
+msgstr "ƒvƒŠƒ“ƒ^íœ"
+
+#: web/swat.c:1006
+msgid "Create Printer"
+msgstr "ƒvƒŠƒ“ƒ^V‹KìĴ"
+
+#: web/statuspage.c:40
+msgid "DENY_NONE"
+msgstr "‹‘”Û‚È‚µ"
+
+#: web/statuspage.c:41
+msgid "DENY_ALL   "
+msgstr "‚·‚ׂċ‘”Û"
+
+#: web/statuspage.c:42
+msgid "DENY_DOS   "
+msgstr "DOS‚�‹‘”Û"
+
+#: web/statuspage.c:43
+msgid "DENY_READ  "
+msgstr "ŽQĈ‚�‹‘”Û"
+
+#: web/statuspage.c:44
+msgid "DENY_WRITE "
+msgstr "XV‚�‹‘”Û"
+
+#: web/statuspage.c:50
+msgid "RDONLY     "
+msgstr "ŽQĈ‚Ì‚Ŭ"
+
+#: web/statuspage.c:51
+msgid "WRONLY     "
+msgstr "‘}“ü‚Ì‚Ŭ"
+
+#: web/statuspage.c:52
+msgid "RDWR       "
+msgstr "XV    "
+
+#: web/statuspage.c:60
+msgid "EXCLUSIVE+BATCH "
+msgstr "ê—L+ƒoƒbƒ` "
+
+#: web/statuspage.c:62
+msgid "EXCLUSIVE       "
+msgstr "ê—L        "
+
+#: web/statuspage.c:64
+msgid "BATCH           "
+msgstr "ƒoƒbƒ`      "
+
+#: web/statuspage.c:66
+msgid "LEVEL_II        "
+msgstr "ƒŒƒxƒ‹_II   "
+
+#: web/statuspage.c:68
+msgid "NONE            "
+msgstr "‚È‚µ        "
+
+#: web/statuspage.c:195
+msgid "Server Status"
+msgstr "ƒT[ƒo[“�ìó‹µ"
+
+#: web/statuspage.c:200
+msgid "Auto Refresh"
+msgstr "Žİ“�Ä•\ŽĤ"
+
+#: web/statuspage.c:201 web/statuspage.c:206
+msgid "Refresh Interval: "
+msgstr "Ä•\ŽĤŠÔŠu(•b): "
+
+#: web/statuspage.c:205
+msgid "Stop Refreshing"
+msgstr "Žİ“�•\ŽĤ’âŽ~"
+
+#: web/statuspage.c:220
+msgid "version:"
+msgstr "ƒo[ƒWƒ‡ƒ“:"
+
+#: web/statuspage.c:223
+msgid "smbd:"
+msgstr "ƒtƒ@ƒCƒ‹‹¤—Lƒf[ƒ‚ƒ“(smbd):"
+
+#: web/statuspage.c:223 web/statuspage.c:235
+msgid "running"
+msgstr "“�ì’†"
+
+#: web/statuspage.c:223 web/statuspage.c:235
+msgid "not running"
+msgstr "’âŽ~’†"
+
+#: web/statuspage.c:226
+msgid "Stop smbd"
+msgstr "smbd’âŽ~"
+
+#: web/statuspage.c:228
+msgid "Start smbd"
+msgstr "smbd‹N“�"
+
+#: web/statuspage.c:230
+msgid "Restart smbd"
+msgstr "smbdÄ‹N“�"
+
+#: web/statuspage.c:235
+msgid "nmbd:"
+msgstr "ƒl[ƒ€ ƒT[ƒrƒX ƒf[ƒ‚ƒ“(nmbd)"
+
+#: web/statuspage.c:238
+msgid "Stop nmbd"
+msgstr "nmbd’âŽ~"
+
+#: web/statuspage.c:240
+msgid "Start nmbd"
+msgstr "nmbd‹N“�"
+
+#: web/statuspage.c:242
+msgid "Restart nmbd"
+msgstr "nmbdÄ‹N“�"
+
+#: web/statuspage.c:249
+msgid "Active Connections"
+msgstr "Ú‘ħ’†ƒNƒ‰ƒCƒAƒ“ƒg"
+
+#: web/statuspage.c:251 web/statuspage.c:264 web/statuspage.c:272
+msgid "PID"
+msgstr "ƒvƒƒZƒXID"
+
+#: web/statuspage.c:251 web/statuspage.c:264
+msgid "Client"
+msgstr "ƒNƒ‰ƒCƒAƒ“ƒg"
+
+#: web/statuspage.c:251
+msgid "IP address"
+msgstr "IPƒAƒhƒŒƒX"
+
+#: web/statuspage.c:251 web/statuspage.c:264 web/statuspage.c:272
+msgid "Date"
+msgstr "“ú•t"
+
+#: web/statuspage.c:253
+msgid "Kill"
+msgstr "Ĝ’f"
+
+#: web/statuspage.c:261
+msgid "Active Shares"
+msgstr "Ú‘ħ’†‹¤—L"
+
+#: web/statuspage.c:264
+msgid "Share"
+msgstr "‹¤—L–ĵ"
+
+#: web/statuspage.c:264
+msgid "User"
+msgstr "ƒ†[ƒU"
+
+#: web/statuspage.c:264
+msgid "Group"
+msgstr "ƒOƒ‹[ƒv"
+
+#: web/statuspage.c:270
+msgid "Open Files"
+msgstr "Žg—p’†ƒtƒ@ƒCƒ‹"
+
+#: web/statuspage.c:272
+msgid "Sharing"
+msgstr "”r‘ĵƒ‚[ƒh"
+
+#: web/statuspage.c:272
+msgid "R/W"
+msgstr "ŽQĈ/XV"
+
+#: web/statuspage.c:272
+msgid "Oplock"
+msgstr "•Ö‹XƒƒbƒN(Oplock)"
+
+#: web/statuspage.c:272
+msgid "File"
+msgstr "ƒtƒ@ƒCƒ‹–ĵ"
+
+#: param/loadparm.c:641
+msgid "Base Options"
+msgstr "Šî–{ƒIƒvƒVƒ‡ƒ“"
+
+#: param/loadparm.c:643
+#, fuzzy
+msgid "dos charset"
+msgstr "—LŒĝ‚È•ĥŽš"
+
+#: param/loadparm.c:644
+#, fuzzy
+msgid "unix charset"
+msgstr "—LŒĝ‚È•ĥŽš"
+
+#: param/loadparm.c:645
+msgid "display charset"
+msgstr ""
+
+#: param/loadparm.c:646
+msgid "comment"
+msgstr "ƒRƒƒ“ƒg"
+
+#: param/loadparm.c:647
+msgid "path"
+msgstr "ƒpƒX"
+
+#: param/loadparm.c:648
+msgid "directory"
+msgstr "ƒfƒBƒŒƒNƒgƒŠ"
+
+#: param/loadparm.c:649
+msgid "workgroup"
+msgstr "ƒ[ƒNƒOƒ‹[ƒv"
+
+#: param/loadparm.c:650
+msgid "netbios name"
+msgstr "netbios –ĵ"
+
+#: param/loadparm.c:651
+msgid "netbios aliases"
+msgstr "netbios ƒGƒCƒŠƒAƒX"
+
+#: param/loadparm.c:652
+msgid "netbios scope"
+msgstr "netbios ƒXƒR[ƒv"
+
+#: param/loadparm.c:653
+msgid "server string"
+msgstr "ƒT[ƒo•ĥŽš—ñ"
+
+#: param/loadparm.c:654
+msgid "interfaces"
+msgstr "ƒCƒ“ƒ^[ƒtƒF[ƒX"
+
+#: param/loadparm.c:655
+msgid "bind interfaces only"
+msgstr "‚ħ‚̃Cƒ“ƒ^[ƒtƒF[ƒX‚Ì‚ŬŽg—p"
+
+#: param/loadparm.c:657
+msgid "Security Options"
+msgstr "ƒZƒLƒ…ƒŠƒeƒB ƒIƒvƒVƒ‡ƒ“"
+
+#: param/loadparm.c:659
+msgid "security"
+msgstr "ƒZƒLƒ…ƒŠƒeƒB"
+
+#: param/loadparm.c:660
+msgid "encrypt passwords"
+msgstr "ƒpƒXƒ[ƒh‚�ˆ�†‰ğ"
+
+#: param/loadparm.c:661
+msgid "update encrypted"
+msgstr "ˆ�†‰ğƒpƒXƒ[ƒh‚ɍXV"
+
+#: param/loadparm.c:662
+msgid "allow trusted domains"
+msgstr "M—Š‚Ċ‚Ğ‚éƒhƒƒCƒ“‚�‹–‰Â"
+
+#: param/loadparm.c:663
+msgid "alternate permissions"
+msgstr "‘�sƒp[ƒ~ƒbƒVƒ‡ƒ“"
+
+#: param/loadparm.c:664
+msgid "hosts equiv"
+msgstr "“Ż“™‚̃zƒXƒg"
+
+#: param/loadparm.c:665
+msgid "min passwd length"
+msgstr "ĊĴƒpƒXƒ[ƒh’·"
+
+#: param/loadparm.c:666
+msgid "min password length"
+msgstr "ĊĴƒpƒXƒ[ƒh’·"
+
+#: param/loadparm.c:667
+msgid "map to guest"
+msgstr "ƒQƒXƒg‚Ƀ}ƒbƒv"
+
+#: param/loadparm.c:668
+msgid "null passwords"
+msgstr "‹óƒpƒXƒ[ƒh"
+
+#: param/loadparm.c:669
+#, fuzzy
+msgid "obey pam restrictions"
+msgstr "ĉ“Ç‚Ŭ"
+
+#: param/loadparm.c:670
+msgid "password server"
+msgstr "ƒpƒXƒ[ƒh ƒT[ƒo"
+
+#: param/loadparm.c:671
+msgid "smb passwd file"
+msgstr "smb passwd ƒtƒ@ƒCƒ‹"
+
+#: param/loadparm.c:672
+#, fuzzy
+msgid "private dir"
+msgstr "ƒvƒŠƒ“ƒ^ ƒhƒ‰ƒCƒo"
+
+#: param/loadparm.c:673
+msgid "passdb module path"
+msgstr ""
+
+#: param/loadparm.c:674
+msgid "root directory"
+msgstr "ƒ‹[ƒg ƒfƒBƒŒƒNƒgƒŠ"
+
+#: param/loadparm.c:675
+msgid "root dir"
+msgstr "ƒ‹[ƒg ƒfƒBƒŒƒNƒgƒŠ"
+
+#: param/loadparm.c:676
+msgid "root"
+msgstr "ƒ‹[ƒg"
+
+#: param/loadparm.c:678
+#, fuzzy
+msgid "pam password change"
+msgstr "ĊĴƒpƒXƒ[ƒh’·"
+
+#: param/loadparm.c:679
+msgid "passwd program"
+msgstr "ƒpƒXƒ[ƒh ƒvƒƒOƒ‰ƒ€"
+
+#: param/loadparm.c:680
+msgid "passwd chat"
+msgstr "ƒpƒXƒ[ƒh ƒ`ƒƒƒbƒg"
+
+#: param/loadparm.c:681
+msgid "passwd chat debug"
+msgstr "ƒpƒXƒ[ƒh ƒ`ƒƒƒbƒg ƒfƒoƒbƒO"
+
+#: param/loadparm.c:682
+msgid "username map"
+msgstr "ƒ†[ƒU–ĵƒ}ƒbƒv"
+
+#: param/loadparm.c:683
+msgid "password level"
+msgstr "ƒpƒXƒ[ƒh ƒŒƒxƒ‹"
+
+#: param/loadparm.c:684
+msgid "username level"
+msgstr "ƒ†[ƒU–ĵƒŒƒxƒ‹"
+
+#: param/loadparm.c:685
+msgid "unix password sync"
+msgstr "unix ƒpƒXƒ[ƒh‚�“ŻŠú‚³‚ı‚é"
+
+#: param/loadparm.c:686
+msgid "restrict anonymous"
+msgstr "“½–ĵƒAƒNƒZƒX‚̐§ŒÀ"
+
+#: param/loadparm.c:687
+msgid "lanman auth"
+msgstr ""
+
+#: param/loadparm.c:688
+msgid "ntlm auth"
+msgstr ""
+
+#: param/loadparm.c:689
+msgid "plaintext to smbpasswd"
+msgstr ""
+
+#: param/loadparm.c:690
+msgid "use rhosts"
+msgstr "rhosts ‚�Žg‚¤"
+
+#: param/loadparm.c:692
+msgid "username"
+msgstr "ƒ†[ƒU–ĵ"
+
+#: param/loadparm.c:693
+msgid "user"
+msgstr "ƒ†[ƒU"
+
+#: param/loadparm.c:694
+msgid "users"
+msgstr "ƒ†[ƒU"
+
+#: param/loadparm.c:696
+msgid "guest account"
+msgstr "ƒQƒXƒg ƒAƒJƒEƒ“ƒg"
+
+#: param/loadparm.c:697
+msgid "invalid users"
+msgstr "–³Œĝ‚ȃ†[ƒU"
+
+#: param/loadparm.c:698
+msgid "valid users"
+msgstr "—LŒĝ‚ȃ†[ƒU"
+
+#: param/loadparm.c:699
+msgid "admin users"
+msgstr "ŠÇ—ƒ†[ƒU"
+
+#: param/loadparm.c:700
+msgid "read list"
+msgstr "“Ç‚ŬŽĉ‚胊ƒXƒg"
+
+#: param/loadparm.c:701
+msgid "write list"
+msgstr "‘‚Ѝž‚ŬƒŠƒXƒg"
+
+#: param/loadparm.c:702
+#, fuzzy
+msgid "printer admin"
+msgstr "ƒvƒŠƒ“ƒ^–ĵ"
+
+#: param/loadparm.c:703
+msgid "force user"
+msgstr "‹­§‚·‚郆[ƒU"
+
+#: param/loadparm.c:704
+msgid "force group"
+msgstr "‹­§‚·‚éƒOƒ‹[ƒv"
+
+#: param/loadparm.c:705
+msgid "group"
+msgstr "ƒOƒ‹[ƒv"
+
+#: param/loadparm.c:707
+msgid "read only"
+msgstr "“Ç‚ŬŽĉ‚è‚Ì‚Ŭ"
+
+#: param/loadparm.c:708
+msgid "write ok"
+msgstr "‘‚Ѝž‚Ŭ‰Â"
+
+#: param/loadparm.c:709
+msgid "writeable"
+msgstr "‘‚Ѝž‚Ŭ‰Â"
+
+#: param/loadparm.c:710
+msgid "writable"
+msgstr "‘‚Ѝž‚Ŭ‰Â"
+
+#: param/loadparm.c:712
+msgid "create mask"
+msgstr "ìĴŽž‚Ƀ}ƒXƒN"
+
+#: param/loadparm.c:713
+msgid "create mode"
+msgstr "ìĴŽž‚̃‚[ƒh"
+
+#: param/loadparm.c:714
+msgid "force create mode"
+msgstr "‹­§‚·‚éìĴŽž‚̃‚[ƒh"
+
+#: param/loadparm.c:715
+msgid "security mask"
+msgstr "ƒZƒLƒ…ƒŠƒeƒB ƒ}ƒXƒN"
+
+#: param/loadparm.c:716
+msgid "force security mode"
+msgstr "‹­§‚·‚éƒZƒLƒ…ƒŠƒeƒB ƒ‚[ƒh"
+
+#: param/loadparm.c:717
+msgid "directory mask"
+msgstr "ƒfƒBƒŒƒNƒgƒŠ ƒ}ƒXƒN"
+
+#: param/loadparm.c:718
+msgid "directory mode"
+msgstr "ƒfƒBƒŒƒNƒgƒŠ ƒ‚[ƒh"
+
+#: param/loadparm.c:719
+msgid "force directory mode"
+msgstr "‹­§‚·‚éƒfƒBƒŒƒNƒgƒŠ ƒ‚[ƒh"
+
+#: param/loadparm.c:720
+msgid "directory security mask"
+msgstr "ƒfƒBƒŒƒNƒgƒŠ‚̃ZƒLƒ…ƒŠƒeƒB ƒ}ƒXƒN"
+
+#: param/loadparm.c:721
+msgid "force directory security mode"
+msgstr "‹­§‚·‚éƒfƒBƒŒƒNƒgƒŠ‚̃ZƒLƒ…ƒŠƒeƒB ƒ‚[ƒh"
+
+#: param/loadparm.c:722
+msgid "inherit permissions"
+msgstr "ƒp[ƒ~ƒbƒVƒ‡ƒ“‚�Œp³"
+
+#: param/loadparm.c:723
+msgid "guest only"
+msgstr "ƒQƒXƒg‚Ì‚Ŭ"
+
+#: param/loadparm.c:724
+msgid "only guest"
+msgstr "ƒQƒXƒg‚Ì‚Ŭ"
+
+#: param/loadparm.c:726
+msgid "guest ok"
+msgstr "ƒQƒXƒg‰Â"
+
+#: param/loadparm.c:727
+msgid "public"
+msgstr "ƒpƒuƒŠƒbƒN"
+
+#: param/loadparm.c:729
+msgid "only user"
+msgstr "ƒ†[ƒU‚Ì‚Ŭ"
+
+#: param/loadparm.c:730
+msgid "hosts allow"
+msgstr "‹–‰Â‚·‚éƒzƒXƒg"
+
+#: param/loadparm.c:731
+msgid "allow hosts"
+msgstr "‹–‰Â‚·‚éƒzƒXƒg"
+
+#: param/loadparm.c:732
+msgid "hosts deny"
+msgstr "‹‘”Û‚·‚éƒzƒXƒg"
+
+#: param/loadparm.c:733
+msgid "deny hosts"
+msgstr "‹‘”Û‚·‚éƒzƒXƒg"
+
+#: param/loadparm.c:736
+msgid "Secure Socket Layer Options"
+msgstr "ƒZƒLƒ…ƒA ƒ\ƒPƒbƒg ƒŒƒCƒA[ ƒIƒvƒVƒ‡ƒ“"
+
+#: param/loadparm.c:737
+msgid "ssl"
+msgstr "ssl"
+
+#: param/loadparm.c:739
+msgid "ssl hosts"
+msgstr "ssl ƒzƒXƒg"
+
+#: param/loadparm.c:740
+msgid "ssl hosts resign"
+msgstr "ssl –˘Žg—pƒzƒXƒg"
+
+#: param/loadparm.c:741
+msgid "ssl CA certDir"
+msgstr "ssl CA ”FĜƒfƒBƒŒƒNƒgƒŠ"
+
+#: param/loadparm.c:742
+msgid "ssl CA certFile"
+msgstr "ssl CA ”FĜƒtƒ@ƒCƒ‹"
+
+#: param/loadparm.c:743
+msgid "ssl server cert"
+msgstr "ssl ƒT[ƒo”FĜ"
+
+#: param/loadparm.c:744
+msgid "ssl server key"
+msgstr "ssl ƒT[ƒoŒ�"
+
+#: param/loadparm.c:745
+msgid "ssl client cert"
+msgstr "ssl ƒNƒ‰ƒCƒAƒ“ƒg”FĜ"
+
+#: param/loadparm.c:746
+msgid "ssl client key"
+msgstr "ssl ƒNƒ‰ƒCƒAƒ“ƒgŒ�"
+
+#: param/loadparm.c:747
+msgid "ssl require clientcert"
+msgstr "ssl ƒNƒ‰ƒCƒAƒ“ƒg”FĜ‚�—v‹"
+
+#: param/loadparm.c:748
+msgid "ssl require servercert"
+msgstr "ssl ƒT[ƒo”FĜ‚�—v‹"
+
+#: param/loadparm.c:749
+msgid "ssl ciphers"
+msgstr "ssl ˆ�†"
+
+#: param/loadparm.c:750
+msgid "ssl version"
+msgstr "ssl ƒo[ƒWƒ‡ƒ“"
+
+#: param/loadparm.c:751
+msgid "ssl compatibility"
+msgstr "ssl ŒŬŠ·Ğ"
+
+#: param/loadparm.c:754
+msgid "Logging Options"
+msgstr "ƒƒMƒ“ƒO ƒIƒvƒVƒ‡ƒ“"
+
+#: param/loadparm.c:755
+msgid "log level"
+msgstr "ƒƒO ƒŒƒxƒ‹"
+
+#: param/loadparm.c:756
+#, fuzzy
+msgid "debuglevel"
+msgstr "ƒfƒoƒbƒOƒŒƒxƒ‹"
+
+#: param/loadparm.c:757
+msgid "syslog"
+msgstr "syslog"
+
+#: param/loadparm.c:758
+msgid "syslog only"
+msgstr "syslog ‚Ì‚Ŭ"
+
+#: param/loadparm.c:759
+msgid "log file"
+msgstr "ƒƒO ƒtƒ@ƒCƒ‹"
+
+#: param/loadparm.c:761
+msgid "max log size"
+msgstr "Ċ‘ċƒƒO ƒTƒCƒY"
+
+#: param/loadparm.c:762
+msgid "timestamp logs"
+msgstr "ƒ^ƒCƒ€ƒXƒ^ƒ“ƒv ƒƒO"
+
+#: param/loadparm.c:763
+msgid "debug timestamp"
+msgstr "ƒfƒoƒbƒO ƒ^ƒCƒ€ƒXƒ^ƒ“ƒv"
+
+#: param/loadparm.c:764
+#, fuzzy
+msgid "debug hires timestamp"
+msgstr "ƒfƒoƒbƒO ƒ^ƒCƒ€ƒXƒ^ƒ“ƒv"
+
+#: param/loadparm.c:765
+msgid "debug pid"
+msgstr "ƒfƒoƒbƒO pid"
+
+#: param/loadparm.c:766
+msgid "debug uid"
+msgstr "ƒfƒoƒbƒO uid"
+
+#: param/loadparm.c:768
+msgid "Protocol Options"
+msgstr "ƒvƒƒgƒRƒ‹ ƒIƒvƒVƒ‡ƒ“"
+
+#: param/loadparm.c:770
+msgid "protocol"
+msgstr "ƒvƒƒgƒRƒ‹"
+
+#: param/loadparm.c:771
+msgid "large readwrite"
+msgstr ""
+
+#: param/loadparm.c:772
+#, fuzzy
+msgid "max protocol"
+msgstr "ƒvƒƒgƒRƒ‹"
+
+#: param/loadparm.c:773
+#, fuzzy
+msgid "min protocol"
+msgstr "ƒvƒƒgƒRƒ‹"
+
+#: param/loadparm.c:774
+msgid "unicode"
+msgstr ""
+
+#: param/loadparm.c:775
+msgid "read bmpx"
+msgstr "bmpx “Ç‚Ŭo‚µ"
+
+#: param/loadparm.c:776
+msgid "read raw"
+msgstr "raw “Ç‚Ŭo‚µ"
+
+#: param/loadparm.c:777
+msgid "write raw"
+msgstr "raw ‘‚Ѝž‚Ŭ"
+
+#: param/loadparm.c:779
+msgid "nt smb support"
+msgstr "nt smb ƒTƒ|[ƒg"
+
+#: param/loadparm.c:780
+msgid "nt pipe support"
+msgstr "nt pipe ƒTƒ|[ƒg"
+
+#: param/loadparm.c:781
+msgid "nt acl support"
+msgstr "nt acl ƒTƒ|[ƒg"
+
+#: param/loadparm.c:782
+msgid "announce version"
+msgstr "ƒAƒiƒEƒ“ƒX ƒo[ƒWƒ‡ƒ“"
+
+#: param/loadparm.c:783
+msgid "announce as"
+msgstr "ƒAƒiƒEƒ“ƒX‚·‚éŽí—Ŝ"
+
+#: param/loadparm.c:784
+msgid "max mux"
+msgstr "Ċ‘ċ mux"
+
+#: param/loadparm.c:785
+msgid "max xmit"
+msgstr "Ċ‘ċ xmit"
+
+#: param/loadparm.c:787
+msgid "name resolve order"
+msgstr "–ĵ‘O‰�Œˆ‚̏‡”Ô"
+
+#: param/loadparm.c:788
+msgid "max packet"
+msgstr "Ċ‘ċƒpƒPƒbƒg"
+
+#: param/loadparm.c:789
+msgid "packet size"
+msgstr "ƒpƒPƒbƒg ƒTƒCƒY"
+
+#: param/loadparm.c:790
+msgid "max ttl"
+msgstr "Ċ‘ċ ttl"
+
+#: param/loadparm.c:791
+msgid "max wins ttl"
+msgstr "Ċ‘ċ wins ttl"
+
+#: param/loadparm.c:792
+msgid "min wins ttl"
+msgstr "ĊĴ wins ttl"
+
+#: param/loadparm.c:793
+msgid "time server"
+msgstr "ƒ^ƒCƒ€ ƒT[ƒo"
+
+#: param/loadparm.c:795
+msgid "Tuning Options"
+msgstr "ƒ`ƒ…[ƒjƒ“ƒO ƒIƒvƒVƒ‡ƒ“"
+
+#: param/loadparm.c:797
+msgid "change notify timeout"
+msgstr "XV’Ê’m‚ÌŠÔŠu"
+
+#: param/loadparm.c:798
+msgid "deadtime"
+msgstr "Ĝ’f‚Ü‚Ċ‚ÌŽžŠÔ"
+
+#: param/loadparm.c:799
+msgid "getwd cache"
+msgstr "getwd ƒLƒƒƒbƒVƒ…"
+
+#: param/loadparm.c:800
+msgid "keepalive"
+msgstr ""
+
+#: param/loadparm.c:802
+msgid "lpq cache time"
+msgstr "lpq ƒLƒƒƒbƒVƒ…ŽžŠÔ"
+
+#: param/loadparm.c:803
+msgid "max smbd processes"
+msgstr ""
+
+#: param/loadparm.c:804
+msgid "max connections"
+msgstr "Ċ‘ċÚ‘ħ”"
+
+#: param/loadparm.c:805
+#, fuzzy
+msgid "paranoid server security"
+msgstr "ƒ†[ƒU’ljÁƒXƒNƒŠƒvƒg"
+
+#: param/loadparm.c:806
+msgid "max disk size"
+msgstr "Ċ‘ċƒfƒBƒXƒN ƒTƒCƒY"
+
+#: param/loadparm.c:807
+msgid "max open files"
+msgstr "Ċ‘ċƒtƒ@ƒCƒ‹ ƒI[ƒvƒ“”"
+
+#: param/loadparm.c:808
+msgid "min print space"
+msgstr "ĊĴˆóüƒXƒy[ƒX"
+
+#: param/loadparm.c:809
+msgid "read size"
+msgstr "“Ç‚ŬŽĉ‚èƒTƒCƒY"
+
+#: param/loadparm.c:811
+msgid "socket options"
+msgstr "ƒ\\ƒPƒbƒg ƒIƒvƒVƒ‡ƒ“"
+
+#: param/loadparm.c:812
+msgid "stat cache size"
+msgstr "stat ƒLƒƒƒbƒVƒ… ƒTƒCƒY"
+
+#: param/loadparm.c:813
+#, fuzzy
+msgid "strict allocate"
+msgstr "Œµ–§‚ȃƒbƒN"
+
+#: param/loadparm.c:814
+msgid "strict sync"
+msgstr "Œµ–§‚È sync"
+
+#: param/loadparm.c:815
+msgid "sync always"
+msgstr "í‚É sync"
+
+#: param/loadparm.c:816
+#, fuzzy
+msgid "use mmap"
+msgstr "ƒ†[ƒU–ĵƒ}ƒbƒv"
+
+#: param/loadparm.c:817
+msgid "hostname lookups"
+msgstr ""
+
+#: param/loadparm.c:818
+msgid "write cache size"
+msgstr "‘‚Ѝž‚ŬƒLƒƒƒbƒVƒ… ƒTƒCƒY"
+
+#: param/loadparm.c:820
+msgid "Printing Options"
+msgstr "ˆóüƒIƒvƒVƒ‡ƒ“"
+
+#: param/loadparm.c:822
+#, fuzzy
+msgid "total print jobs"
+msgstr "ƒvƒŠƒ“ƒ^‚�ƒ[ƒh"
+
+#: param/loadparm.c:823
+#, fuzzy
+msgid "max print jobs"
+msgstr "ˆóü‰Â"
+
+#: param/loadparm.c:824
+msgid "load printers"
+msgstr "ƒvƒŠƒ“ƒ^‚�ƒ[ƒh"
+
+#: param/loadparm.c:825
+msgid "printcap name"
+msgstr "printcap –ĵ"
+
+#: param/loadparm.c:826
+msgid "printcap"
+msgstr "printcap"
+
+#: param/loadparm.c:827
+msgid "printable"
+msgstr "ˆóü‰Â"
+
+#: param/loadparm.c:828
+msgid "print ok"
+msgstr "ˆóü‰Â"
+
+#: param/loadparm.c:829
+msgid "postscript"
+msgstr "ƒ|ƒXƒgƒXƒNƒŠƒvƒg"
+
+#: param/loadparm.c:830
+msgid "printing"
+msgstr "ˆóü•û–@"
+
+#: param/loadparm.c:831
+msgid "print command"
+msgstr "ˆóüƒRƒ}ƒ“ƒh"
+
+#: param/loadparm.c:832
+msgid "disable spoolss"
+msgstr ""
+
+#: param/loadparm.c:833
+msgid "lpq command"
+msgstr "lpq ƒRƒ}ƒ“ƒh"
+
+#: param/loadparm.c:834
+msgid "lprm command"
+msgstr "lprm ƒRƒ}ƒ“ƒh"
+
+#: param/loadparm.c:835
+msgid "lppause command"
+msgstr "lppause ƒRƒ}ƒ“ƒh"
+
+#: param/loadparm.c:836
+msgid "lpresume command"
+msgstr "lpresume ƒRƒ}ƒ“ƒh"
+
+#: param/loadparm.c:837
+msgid "queuepause command"
+msgstr "ƒLƒ…[’âŽ~ƒRƒ}ƒ“ƒh"
+
+#: param/loadparm.c:838
+msgid "queueresume command"
+msgstr "ƒLƒ…[ÄŠJƒRƒ}ƒ“ƒh"
+
+#: param/loadparm.c:840
+#, fuzzy
+msgid "enumports command"
+msgstr "ˆóüƒRƒ}ƒ“ƒh"
+
+#: param/loadparm.c:841
+#, fuzzy
+msgid "addprinter command"
+msgstr "ˆóüƒRƒ}ƒ“ƒh"
+
+#: param/loadparm.c:842
+#, fuzzy
+msgid "deleteprinter command"
+msgstr "ˆóüƒRƒ}ƒ“ƒh"
+
+#: param/loadparm.c:843
+#, fuzzy
+msgid "show add printer wizard"
+msgstr "ƒvƒŠƒ“ƒ^‚�ƒ[ƒh"
+
+#: param/loadparm.c:844
+#, fuzzy
+msgid "os2 driver map"
+msgstr "ƒz[ƒ€ƒfƒBƒŒƒNƒgƒŠ ƒ}ƒbƒv"
+
+#: param/loadparm.c:846
+msgid "printer name"
+msgstr "ƒvƒŠƒ“ƒ^–ĵ"
+
+#: param/loadparm.c:847
+msgid "printer"
+msgstr "ƒvƒŠƒ“ƒ^"
+
+#: param/loadparm.c:848
+#, fuzzy
+msgid "use client driver"
+msgstr "ssl ƒNƒ‰ƒCƒAƒ“ƒg”FĜ"
+
+#: param/loadparm.c:849
+msgid "printer driver"
+msgstr "ƒvƒŠƒ“ƒ^ ƒhƒ‰ƒCƒo"
+
+#: param/loadparm.c:850
+msgid "printer driver file"
+msgstr "ƒvƒŠƒ“ƒ^ ƒhƒ‰ƒCƒo ƒtƒ@ƒCƒ‹"
+
+#: param/loadparm.c:851
+msgid "printer driver location"
+msgstr "ƒvƒŠƒ“ƒ^ ƒhƒ‰ƒCƒo‚̏ꏊ"
+
+#: param/loadparm.c:853
+msgid "Filename Handling"
+msgstr "ƒtƒ@ƒCƒ‹–ĵ‚ÌŽĉˆµ"
+
+#: param/loadparm.c:854
+msgid "strip dot"
+msgstr "ƒhƒbƒg‚�í‚é"
+
+#: param/loadparm.c:856
+msgid "mangled stack"
+msgstr "–ĵ‘O•ÏŠ·—pƒXƒ^ƒbƒN"
+
+#: param/loadparm.c:857
+msgid "default case"
+msgstr "Šù’è‚Ì•ĥŽš‚Ì‘ċĴ"
+
+#: param/loadparm.c:858
+msgid "case sensitive"
+msgstr "‘ċ/Ĵ•ĥŽš‚Ì‹ĉ•Ê"
+
+#: param/loadparm.c:859
+msgid "casesignames"
+msgstr "‘ċ/Ĵ•ĥŽš‚Ì‹ĉ•Ê"
+
+#: param/loadparm.c:860
+msgid "preserve case"
+msgstr "•ĥŽš‚Ì‘ċĴ‚�•Û‘ĥ"
+
+#: param/loadparm.c:861
+msgid "short preserve case"
+msgstr "’ZŒ`Ž�‚Ċ•ĥŽš‚Ì‘ċĴ‚�•Û‘ĥ"
+
+#: param/loadparm.c:862
+msgid "mangle case"
+msgstr "‘ċ/Ĵ•ĥŽš‚Ì•ÏŠ·"
+
+#: param/loadparm.c:863
+msgid "mangling char"
+msgstr "•ÏŠ·—p•ĥŽš"
+
+#: param/loadparm.c:864
+msgid "hide dot files"
+msgstr "ƒhƒbƒgƒtƒ@ƒCƒ‹‚�‰B‚·"
+
+#: param/loadparm.c:865
+msgid "hide unreadable"
+msgstr ""
+
+#: param/loadparm.c:866
+msgid "delete veto files"
+msgstr "‹‘”Ûƒtƒ@ƒCƒ‹‚�íœ"
+
+#: param/loadparm.c:867
+msgid "veto files"
+msgstr "‹‘”Ûƒtƒ@ƒCƒ‹"
+
+#: param/loadparm.c:868
+msgid "hide files"
+msgstr "‰B‚µƒtƒ@ƒCƒ‹"
+
+#: param/loadparm.c:869
+msgid "veto oplock files"
+msgstr "oplock ‚�‹ÖŽ~‚·‚éƒtƒ@ƒCƒ‹"
+
+#: param/loadparm.c:870
+msgid "map system"
+msgstr "ƒVƒXƒeƒ€‘�Ğ‚Ƀ}ƒbƒv"
+
+#: param/loadparm.c:871
+msgid "map hidden"
+msgstr "‰B‚µ‘�Ğ‚Ƀ}ƒbƒv"
+
+#: param/loadparm.c:872
+msgid "map archive"
+msgstr "ƒA[ƒJƒCƒu‘�Ğ‚Ƀ}ƒbƒv"
+
+#: param/loadparm.c:873
+msgid "mangled names"
+msgstr "•ÏŠ·‚µ‚½–ĵ‘O‚Ċ•\ŽĤ"
+
+#: param/loadparm.c:874
+msgid "mangled map"
+msgstr "•ÏŠ·ƒ}ƒbƒv"
+
+#: param/loadparm.c:875
+msgid "stat cache"
+msgstr "stat ƒLƒƒƒbƒVƒ…"
+
+#: param/loadparm.c:877
+msgid "Domain Options"
+msgstr "ƒhƒƒCƒ“ ƒIƒvƒVƒ‡ƒ“"
+
+#: param/loadparm.c:879
+msgid "domain admin group"
+msgstr "ƒhƒƒCƒ“ŠÇ—ƒOƒ‹[ƒv"
+
+#: param/loadparm.c:880
+msgid "domain guest group"
+msgstr "ƒhƒƒCƒ“ ƒQƒXƒg ƒOƒ‹[ƒv"
+
+#: param/loadparm.c:883
+msgid "groupname map"
+msgstr "ƒOƒ‹[ƒv–ĵƒ}ƒbƒv"
+
+#: param/loadparm.c:886
+msgid "machine password timeout"
+msgstr "ƒ}ƒVƒ“ ƒpƒXƒ[ƒh ƒ^ƒCƒ€ƒAƒEƒg"
+
+#: param/loadparm.c:888
+msgid "Logon Options"
+msgstr "ƒƒOƒIƒ“ ƒIƒvƒVƒ‡ƒ“"
+
+#: param/loadparm.c:890
+msgid "add user script"
+msgstr "ƒ†[ƒU’ljÁƒXƒNƒŠƒvƒg"
+
+#: param/loadparm.c:891
+msgid "delete user script"
+msgstr "ƒ†[ƒUíœƒXƒNƒŠƒvƒg"
+
+#: param/loadparm.c:892
+#, fuzzy
+msgid "add group script"
+msgstr "ƒ†[ƒU’ljÁƒXƒNƒŠƒvƒg"
+
+#: param/loadparm.c:893
+#, fuzzy
+msgid "delete group script"
+msgstr "ƒ†[ƒUíœƒXƒNƒŠƒvƒg"
+
+#: param/loadparm.c:894
+#, fuzzy
+msgid "add user to group script"
+msgstr "ƒ†[ƒU’ljÁƒXƒNƒŠƒvƒg"
+
+#: param/loadparm.c:895
+#, fuzzy
+msgid "delete user from group script"
+msgstr "ƒ†[ƒUíœƒXƒNƒŠƒvƒg"
+
+#: param/loadparm.c:896
+#, fuzzy
+msgid "add machine script"
+msgstr "ƒ†[ƒU’ljÁƒXƒNƒŠƒvƒg"
+
+#: param/loadparm.c:897
+#, fuzzy
+msgid "shutdown script"
+msgstr "ƒƒOƒIƒ“ ƒXƒNƒŠƒvƒg"
+
+#: param/loadparm.c:898
+#, fuzzy
+msgid "abort shutdown script"
+msgstr "ƒƒOƒIƒ“ ƒXƒNƒŠƒvƒg"
+
+#: param/loadparm.c:900
+msgid "logon script"
+msgstr "ƒƒOƒIƒ“ ƒXƒNƒŠƒvƒg"
+
+#: param/loadparm.c:901
+msgid "logon path"
+msgstr "ƒƒOƒIƒ“ ƒpƒX"
+
+#: param/loadparm.c:902
+msgid "logon drive"
+msgstr "ƒƒOƒIƒ“ ƒhƒ‰ƒCƒu"
+
+#: param/loadparm.c:903
+msgid "logon home"
+msgstr "ƒƒOƒIƒ“ ƒz[ƒ€"
+
+#: param/loadparm.c:904
+msgid "domain logons"
+msgstr "ƒhƒƒCƒ“ ƒƒOƒIƒ“"
+
+#: param/loadparm.c:906
+msgid "Browse Options"
+msgstr "ƒRƒ“ƒsƒ…[ƒ^ˆê——•\ŽĤƒIƒvƒVƒ‡ƒ“"
+
+#: param/loadparm.c:908
+msgid "os level"
+msgstr "os ƒŒƒxƒ‹"
+
+#: param/loadparm.c:909
+msgid "lm announce"
+msgstr "lm ƒAƒiƒEƒ“ƒX"
+
+#: param/loadparm.c:910
+msgid "lm interval"
+msgstr "lm ŠÔŠu"
+
+#: param/loadparm.c:911
+msgid "preferred master"
+msgstr "—Dĉ‚·‚éƒ}ƒXƒ^"
+
+#: param/loadparm.c:912
+msgid "prefered master"
+msgstr "—Dĉ‚·‚éƒ}ƒXƒ^"
+
+#: param/loadparm.c:913
+msgid "local master"
+msgstr "ƒ[ƒJƒ‹ ƒ}ƒXƒ^"
+
+#: param/loadparm.c:914
+msgid "domain master"
+msgstr "ƒhƒƒCƒ“ ƒ}ƒXƒ^"
+
+#: param/loadparm.c:915
+msgid "browse list"
+msgstr "ƒuƒ‰ƒEƒY ƒŠƒXƒg"
+
+#: param/loadparm.c:916
+msgid "browseable"
+msgstr "ƒuƒ‰ƒEƒY‰Â"
+
+#: param/loadparm.c:917
+msgid "browsable"
+msgstr "ƒuƒ‰ƒEƒY‰Â"
+
+#: param/loadparm.c:918
+msgid "enhanced browsing"
+msgstr ""
+
+#: param/loadparm.c:920
+msgid "WINS Options"
+msgstr "WINSƒIƒvƒVƒ‡ƒ“"
+
+#: param/loadparm.c:921
+msgid "dns proxy"
+msgstr "dns ƒvƒƒLƒV"
+
+#: param/loadparm.c:922
+msgid "wins proxy"
+msgstr "wins ƒvƒƒLƒV"
+
+#: param/loadparm.c:924
+msgid "wins server"
+msgstr "wins ƒT[ƒo"
+
+#: param/loadparm.c:925
+msgid "wins support"
+msgstr "wins ƒTƒ|[ƒg"
+
+#: param/loadparm.c:926
+msgid "wins hook"
+msgstr "wins ƒtƒbƒN"
+
+#: param/loadparm.c:928
+msgid "Locking Options"
+msgstr "ƒƒbƒLƒ“ƒO ƒIƒvƒVƒ‡ƒ“"
+
+#: param/loadparm.c:930
+#, fuzzy
+msgid "blocking locks"
+msgstr "ƒƒbƒN"
+
+#: param/loadparm.c:931
+msgid "fake oplocks"
+msgstr "‹U‘• oplock"
+
+#: param/loadparm.c:932
+msgid "kernel oplocks"
+msgstr "ƒJ[ƒlƒ‹ oplock"
+
+#: param/loadparm.c:933
+msgid "locking"
+msgstr "ƒƒbƒN"
+
+#: param/loadparm.c:935
+msgid "oplocks"
+msgstr "•Ö‹X“IƒƒbƒN"
+
+#: param/loadparm.c:936
+msgid "level2 oplocks"
+msgstr "level2 oplocks"
+
+#: param/loadparm.c:937
+msgid "oplock break wait time"
+msgstr "oplock ’†’f‚Ì‘Ò‚żŽžŠÔ"
+
+#: param/loadparm.c:938
+msgid "oplock contention limit"
+msgstr "oplock ‹£‡‚ÌŒÀ“x"
+
+#: param/loadparm.c:939
+#, fuzzy
+msgid "posix locking"
+msgstr "Œµ–§‚ȃƒbƒN"
+
+#: param/loadparm.c:940
+msgid "strict locking"
+msgstr "Œµ–§‚ȃƒbƒN"
+
+#: param/loadparm.c:941
+msgid "share modes"
+msgstr "‹¤—Lƒ‚[ƒh"
+
+#: param/loadparm.c:944
+msgid "Ldap Options"
+msgstr "Ldap ƒIƒvƒVƒ‡ƒ“"
+
+#: param/loadparm.c:946
+msgid "ldap server"
+msgstr "ldap ƒT[ƒo"
+
+#: param/loadparm.c:947
+msgid "ldap port"
+msgstr "ldap ƒ|[ƒg"
+
+#: param/loadparm.c:948
+msgid "ldap suffix"
+msgstr "lpad ƒTƒtƒBƒbƒNƒX"
+
+#: param/loadparm.c:949
+msgid "ldap filter"
+msgstr "ldap ƒtƒBƒ‹ƒ^["
+
+#: param/loadparm.c:950
+msgid "ldap root"
+msgstr "ldap ƒ‹[ƒg"
+
+#: param/loadparm.c:951
+msgid "ldap root passwd"
+msgstr "ldap ƒ‹[ƒg ƒpƒXƒ[ƒh"
+
+#: param/loadparm.c:954
+msgid "Miscellaneous Options"
+msgstr "‚ğ‚Ì‘ĵ‚̃IƒvƒVƒ‡ƒ“"
+
+#: param/loadparm.c:955
+#, fuzzy
+msgid "add share command"
+msgstr "dfree ƒRƒ}ƒ“ƒh"
+
+#: param/loadparm.c:956
+#, fuzzy
+msgid "change share command"
+msgstr "ƒƒbƒZ[ƒW ƒRƒ}ƒ“ƒh"
+
+#: param/loadparm.c:957
+#, fuzzy
+msgid "delete share command"
+msgstr "ƒƒbƒZ[ƒW ƒRƒ}ƒ“ƒh"
+
+#: param/loadparm.c:959
+msgid "config file"
+msgstr "Ŭ’èƒtƒ@ƒCƒ‹"
+
+#: param/loadparm.c:960
+msgid "preload"
+msgstr "ƒvƒŠƒ[ƒh"
+
+#: param/loadparm.c:961
+msgid "auto services"
+msgstr "Žİ“�ƒT[ƒrƒX"
+
+#: param/loadparm.c:962
+msgid "lock dir"
+msgstr "ƒƒbƒN ƒfƒBƒŒƒNƒgƒŠ"
+
+#: param/loadparm.c:963
+msgid "lock directory"
+msgstr "ƒƒbƒN ƒfƒBƒŒƒNƒgƒŠ"
+
+#: param/loadparm.c:965
+msgid "utmp directory"
+msgstr "utmp ƒfƒBƒŒƒNƒgƒŠ"
+
+#: param/loadparm.c:966
+#, fuzzy
+msgid "wtmp directory"
+msgstr "utmp ƒfƒBƒŒƒNƒgƒŠ"
+
+#: param/loadparm.c:967
+#, fuzzy
+msgid "utmp"
+msgstr "utmp ƒfƒBƒŒƒNƒgƒŠ"
+
+#: param/loadparm.c:970
+msgid "default service"
+msgstr "Šù’èƒT[ƒrƒX"
+
+#: param/loadparm.c:971
+msgid "default"
+msgstr "Šù’è"
+
+#: param/loadparm.c:972
+msgid "message command"
+msgstr "ƒƒbƒZ[ƒW ƒRƒ}ƒ“ƒh"
+
+#: param/loadparm.c:973
+msgid "dfree command"
+msgstr "dfree ƒRƒ}ƒ“ƒh"
+
+#: param/loadparm.c:974
+msgid "remote announce"
+msgstr "ƒŠƒ‚[ƒg ƒAƒiƒEƒ“ƒX"
+
+#: param/loadparm.c:975
+msgid "remote browse sync"
+msgstr "ƒŠƒ‚[ƒg‚̃uƒ‰ƒEƒYƒŠƒXƒg‚�“ŻŠú"
+
+#: param/loadparm.c:976
+msgid "socket address"
+msgstr "ƒ\\ƒPƒbƒg ƒAƒhƒŒƒX"
+
+#: param/loadparm.c:977
+msgid "homedir map"
+msgstr "ƒz[ƒ€ƒfƒBƒŒƒNƒgƒŠ ƒ}ƒbƒv"
+
+#: param/loadparm.c:978
+msgid "time offset"
+msgstr "ŽžŠÔƒIƒtƒZƒbƒg"
+
+#: param/loadparm.c:979
+msgid "NIS homedir"
+msgstr "NIS ƒz[ƒ€ƒfƒBƒŒƒNƒgƒŠ"
+
+#: param/loadparm.c:980
+msgid "-valid"
+msgstr "-valid"
+
+#: param/loadparm.c:982
+msgid "copy"
+msgstr "ƒRƒs["
+
+#: param/loadparm.c:983
+msgid "include"
+msgstr "ƒCƒ“ƒNƒ‹[ƒh"
+
+#: param/loadparm.c:984
+msgid "exec"
+msgstr "ŽÀs"
+
+#: param/loadparm.c:985
+msgid "preexec"
+msgstr "Ú‘ħŽž‚ÉŽÀs"
+
+#: param/loadparm.c:987
+#, fuzzy
+msgid "preexec close"
+msgstr "Ú‘ħŽž‚ÉŽÀs"
+
+#: param/loadparm.c:988
+msgid "postexec"
+msgstr "Ĝ’fŽž‚ÉŽÀs"
+
+#: param/loadparm.c:989
+msgid "root preexec"
+msgstr "ƒ‹[ƒg‚ĊÚ‘ħŽžŽÀs"
+
+#: param/loadparm.c:990
+#, fuzzy
+msgid "root preexec close"
+msgstr "ƒ‹[ƒg‚ĊÚ‘ħŽžŽÀs"
+
+#: param/loadparm.c:991
+msgid "root postexec"
+msgstr "ƒ‹[ƒg‚ĊĜ’fŽžŽÀs"
+
+#: param/loadparm.c:992
+msgid "available"
+msgstr "—˜—p‰Â”\"
+
+#: param/loadparm.c:993
+msgid "volume"
+msgstr "ƒ{ƒŠƒ…[ƒ€"
+
+#: param/loadparm.c:994
+msgid "fstype"
+msgstr "ƒtƒ@ƒCƒ‹ ƒVƒXƒeƒ€ ƒ^ƒCƒv"
+
+#: param/loadparm.c:995
+#, fuzzy
+msgid "set directory"
+msgstr "ƒfƒBƒŒƒNƒgƒŠ"
+
+#: param/loadparm.c:996
+msgid "source environment"
+msgstr ""
+
+#: param/loadparm.c:997
+msgid "wide links"
+msgstr "L‚­ƒŠƒ“ƒN"
+
+#: param/loadparm.c:998
+msgid "follow symlinks"
+msgstr "symlink ĉ‚�ŽQĈ"
+
+#: param/loadparm.c:999
+msgid "dont descend"
+msgstr "‰ş‚ɍ~‚è‚È‚˘ƒfƒBƒŒƒNƒgƒŠ"
+
+#: param/loadparm.c:1000
+msgid "magic script"
+msgstr "ƒ}ƒWƒbƒN ƒXƒNƒŠƒvƒg"
+
+#: param/loadparm.c:1001
+msgid "magic output"
+msgstr "ƒ}ƒWƒbƒN o—Í"
+
+#: param/loadparm.c:1002
+msgid "delete readonly"
+msgstr "“Ç‚ŬŽĉ‚è‚Ì‚Ŭ‚̃tƒ@ƒCƒ‹‚�íœ"
+
+#: param/loadparm.c:1003
+#, fuzzy
+msgid "dos filemode"
+msgstr "dos ‚̃tƒ@ƒCƒ‹Žž"
+
+#: param/loadparm.c:1004
+msgid "dos filetimes"
+msgstr "dos ‚̃tƒ@ƒCƒ‹Žž"
+
+#: param/loadparm.c:1005
+msgid "dos filetime resolution"
+msgstr "dos ‚̃tƒ@ƒCƒ‹Žž‚̕މ�”\"
+
+#: param/loadparm.c:1007
+msgid "fake directory create times"
+msgstr "‹U‚̃fƒBƒŒƒNƒgƒŠìĴŽž"
+
+#: param/loadparm.c:1008
+msgid "panic action"
+msgstr "ƒpƒjƒbƒN ƒAƒNƒVƒ‡ƒ“"
+
+#: param/loadparm.c:1009
+#, fuzzy
+msgid "hide local users"
+msgstr "ƒ[ƒJƒ‹ ƒ}ƒXƒ^"
+
+#: param/loadparm.c:1012
+msgid "VFS options"
+msgstr "VFSƒIƒvƒVƒ‡ƒ“"
+
+#: param/loadparm.c:1014
+msgid "vfs object"
+msgstr ""
+
+#: param/loadparm.c:1015
+#, fuzzy
+msgid "vfs options"
+msgstr "VFSƒIƒvƒVƒ‡ƒ“"
+
+#: param/loadparm.c:1018
+#, fuzzy
+msgid "msdfs root"
+msgstr "ldap ƒ‹[ƒg"
+
+#: param/loadparm.c:1019
+#, fuzzy
+msgid "host msdfs"
+msgstr "‹‘”Û‚·‚éƒzƒXƒg"
+
+#: param/loadparm.c:1021
+msgid "Winbind options"
+msgstr "WinbindƒIƒvƒVƒ‡ƒ“"
+
+#: param/loadparm.c:1023
+#, fuzzy
+msgid "winbind uid"
+msgstr "WinbindƒIƒvƒVƒ‡ƒ“"
+
+#: param/loadparm.c:1024
+#, fuzzy
+msgid "winbind gid"
+msgstr "WinbindƒIƒvƒVƒ‡ƒ“"
+
+#: param/loadparm.c:1025
+msgid "template homedir"
+msgstr ""
+
+#: param/loadparm.c:1026
+msgid "template shell"
+msgstr ""
+
+#: param/loadparm.c:1027
+#, fuzzy
+msgid "winbind separator"
+msgstr "WinbindƒIƒvƒVƒ‡ƒ“"
+
+#: param/loadparm.c:1028
+#, fuzzy
+msgid "winbind cache time"
+msgstr "lpq ƒLƒƒƒbƒVƒ…ŽžŠÔ"
+
+#: param/loadparm.c:1029
+#, fuzzy
+msgid "winbind enum users"
+msgstr "–³Œĝ‚ȃ†[ƒU"
+
+#: param/loadparm.c:1030
+msgid "winbind enum groups"
+msgstr ""
+
+#~ msgid "failed to open %s for writing\n"
+#~ msgstr "%s ‚�‘‚Ѝž‚Ŭ—p‚ɃI[ƒvƒ“‚Ċ‚Ğ‚Ü‚ı‚ñ\n"
+
+#~ msgid "Can't reload %s\n"
+#~ msgstr "%s ‚�Ä“Ç‚Ŭž‚Ŭ‚Ċ‚Ğ‚Ü‚ı‚ñ\n"
+
+#~ msgid "Can't setup password database vectors.\n"
+#~ msgstr "ƒpƒXƒ[ƒhEƒf[ƒ^ƒx[ƒX‚ތ݂‚Ż‚ç‚ê‚Ü‚ı‚ñ\n"
+
+#~ msgid "You need to have status=yes in your smb config file\n"
+#~ msgstr "smb.conf ‚Ċ status=yes ‚�Ŭ’肵‚Ä‚­‚�‚³‚˘\n"
+
+#~ msgid "coding system"
+#~ msgstr "ƒR[ƒfƒBƒ“ƒO ƒVƒXƒeƒ€"
+
+#~ msgid "client code page"
+#~ msgstr "ƒNƒ‰ƒCƒAƒ“ƒg ƒR[ƒhƒy[ƒW"
+
+#~ msgid "revalidate"
+#~ msgstr "Ä”FĜ"
+
+#~ msgid "status"
+#~ msgstr "ƒXƒe[ƒ^ƒX"
+
+#~ msgid "shared mem size"
+#~ msgstr "‹¤—Lƒƒ‚ƒŠ ƒTƒCƒY"
+
+#~ msgid "character set"
+#~ msgstr "•ĥŽšƒZƒbƒg"
+
+#~ msgid "domain groups"
+#~ msgstr "ƒhƒƒCƒ“ ƒOƒ‹[ƒv"
+
+#~ msgid "domain admin users"
+#~ msgstr "ƒhƒƒCƒ“ŠÇ—ƒ†[ƒU"
+
+#~ msgid "domain guest users"
+#~ msgstr "ƒhƒƒCƒ“ ƒQƒXƒg ƒ†[ƒU"
+
+#~ msgid "ole locking compatibility"
+#~ msgstr "ole ƒƒbƒN‚ÌŒŬŠ·Ğ"
+
+#~ msgid "smbrun"
+#~ msgstr "smbrun"
+
+#, fuzzy
+#~ msgid "wtmp dir"
+#~ msgstr "utmp ƒfƒBƒŒƒNƒgƒŠ"
+
+#~ msgid "unix realname"
+#~ msgstr "unix ‚Ì–{–ĵ"
diff --git a/source3/po/pl.msg b/source3/po/pl.msg
new file mode 100644
index 0000000000..c547a94c93
--- /dev/null
+++ b/source3/po/pl.msg
@@ -0,0 +1,1773 @@
+# Polish messages for international release of SWAT.
+# Copyright (C) 2001 Rafal Szczesniak <mimir@spin.ict.pwr.wroc.pl>
+#
+#   This program is free software; you can redistribute it and/or modify
+#   it under the terms of the GNU General Public License as published by
+#   the Free Software Foundation; either version 2 of the License, or
+#   (at your option) any later version.
+#
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License
+#   along with this program; if not, write to the Free Software
+#   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: i18n_swat \n"
+"POT-Creation-Date: 2001-09-20 20:29+0900\n"
+"PO-Revision-Date: 2001-08-15 22:45+02:00\n"
+"Last-Translator: Rafal Szczesniak <mimir@spin.ict.pwr.wroc.pl>\n"
+"Language-Team: pl\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=iso-8859-2\n"
+"Content-Transfer-Encoding: \n"
+
+#: web/swat.c:120
+#, c-format
+msgid "ERROR: Can't open %s\n"
+msgstr "B£ĦD: Nie można otworzyĉ %s\n"
+
+#.
+#. str = stripspace(parm->label);
+#. strlower (str); //monyo
+#. d_printf("<tr><td><A HREF=\"/swat/help/smb.conf.5.html#%s\" target=\"docs\">%s</A>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; %s</td><td>",
+#. str, _("Help"), parm->label);
+#.
+#: web/swat.c:211
+msgid "Help"
+msgstr "Pomoc"
+
+#: web/swat.c:217 web/swat.c:231 web/swat.c:246 web/swat.c:254 web/swat.c:263
+#: web/swat.c:272 web/swat.c:278 web/swat.c:284 web/swat.c:297
+msgid "Set Default"
+msgstr "Ustaw domyĥlnie"
+
+#: web/swat.c:502
+#, c-format
+msgid "Logged in as <b>%s</b><p>\n"
+msgstr "Zalogowany jako <b>%s</b><p>\n"
+
+#: web/swat.c:505
+msgid "Home"
+msgstr "Strona domowa"
+
+#: web/swat.c:507
+msgid "Globals"
+msgstr "Ustawienia globalne"
+
+#: web/swat.c:508
+msgid "Shares"
+msgstr "Wspó³udzia³y"
+
+#: web/swat.c:509
+msgid "Printers"
+msgstr "Drukarki"
+
+#: web/swat.c:512
+msgid "Status"
+msgstr "Status"
+
+#: web/swat.c:513
+msgid "View Config"
+msgstr "Przejrzyj Konfiguracjê"
+
+#: web/swat.c:515
+msgid "Password Management"
+msgstr "Zarzħdzanie Has³ami"
+
+#: web/swat.c:539
+msgid "Current Config"
+msgstr "Bieżħca Konfiguracja"
+
+#: web/swat.c:543
+msgid "Normal View"
+msgstr "Normalny Widok"
+
+#: web/swat.c:545
+msgid "Full View"
+msgstr "Pe³ny Widok"
+
+#: web/swat.c:561
+msgid "Global Variables"
+msgstr "Zmienne Globalne"
+
+#: web/swat.c:575 web/swat.c:671 web/swat.c:1014
+msgid "Commit Changes"
+msgstr "Potwierdĵ Zmiany"
+
+#: web/swat.c:579 web/swat.c:674 web/swat.c:1016
+msgid "Reset Values"
+msgstr "Zresetuj Wartoĥci"
+
+#: web/swat.c:581 web/swat.c:676 web/swat.c:1018
+msgid "Advanced View"
+msgstr "Widok Zaawansowany"
+
+#: web/swat.c:583 web/swat.c:678 web/swat.c:1020
+msgid "Basic View"
+msgstr "Widok Podstawowy"
+
+#: web/swat.c:613
+msgid "Share Parameters"
+msgstr "Parametry Wspó³udzia³u"
+
+#: web/swat.c:642
+msgid "Choose Share"
+msgstr "Wybierz Wspó³udzia³"
+
+#: web/swat.c:656
+msgid "Delete Share"
+msgstr "Usuñ Wspó³udzia³"
+
+#: web/swat.c:663
+msgid "Create Share"
+msgstr "Utwórz Wspó³udzia³"
+
+#: web/swat.c:708
+msgid "password change in demo mode rejected\n"
+msgstr "zmiana has³a w trybie demo odrzucona\n"
+
+#: web/swat.c:747
+msgid " Must specify \"User Name\" \n"
+msgstr " Musisz podaĉ \"Nazwê Użytkownika\" \n"
+
+#: web/swat.c:763
+msgid " Must specify \"Old Password\" \n"
+msgstr " Musisz podaĉ \"Stare Has³o\" \n"
+
+#: web/swat.c:769
+msgid " Must specify \"Remote Machine\" \n"
+msgstr " Musisz podaĉ \"Zdalnħ Maszynê\" \n"
+
+#: web/swat.c:776
+msgid " Must specify \"New, and Re-typed Passwords\" \n"
+msgstr " Musisz podaĉ \"Nowe Has³o, i ponownie wpisane Nowe Has³o\" \n"
+
+#: web/swat.c:782
+msgid " Re-typed password didn't match new password\n"
+msgstr " Ponownie wpisane has³o nie pasuje do nowego has³a\n"
+
+#: web/swat.c:812
+#, c-format
+msgid " The passwd for '%s' has been changed. \n"
+msgstr " Has³o dla '%s' zosta³o zmienione. \n"
+
+#: web/swat.c:814
+#, c-format
+msgid " The passwd for '%s' has NOT been changed. \n"
+msgstr " Has³o dla '%s' NIE zosta³o zmienione. \n"
+
+#: web/swat.c:838
+msgid "Server Password Management"
+msgstr "Zarzħdzanie Has³ami na Serwerze"
+
+#.
+#. * Create all the dialog boxes for data collection
+#.
+#: web/swat.c:847 web/swat.c:894
+msgid " User Name : "
+msgstr " Nazwa Użytkownika : "
+
+#: web/swat.c:850 web/swat.c:896
+msgid " Old Password : "
+msgstr " Stare Has³o : "
+
+#: web/swat.c:853 web/swat.c:898
+msgid " New Password : "
+msgstr " Nowe Has³o : "
+
+#: web/swat.c:855 web/swat.c:900
+msgid " Re-type New Password : "
+msgstr " Ponownie wpisz Nowe Has³o : "
+
+#: web/swat.c:863 web/swat.c:911
+msgid "Change Password"
+msgstr "Zmieñ Has³o"
+
+#: web/swat.c:866
+msgid "Add New User"
+msgstr "Dodaj Nowego Użytkownika"
+
+#: web/swat.c:868
+msgid "Delete User"
+msgstr "Usuñ Użytkownika"
+
+#: web/swat.c:870
+msgid "Disable User"
+msgstr "Zablokuj Użytkownika"
+
+#: web/swat.c:872
+msgid "Enable User"
+msgstr "Odblokuj Użytkownika"
+
+#: web/swat.c:885
+msgid "Client/Server Password Management"
+msgstr "Zarzħdzanie Has³ami Klient/Serwer"
+
+#: web/swat.c:902
+msgid " Remote Machine : "
+msgstr " Zdalna Maszyna : "
+
+#: web/swat.c:940
+msgid "Printer Parameters"
+msgstr "Parametry Drukarki"
+
+#: web/swat.c:942
+msgid "Important Note:"
+msgstr "Ważna Informacja:"
+
+#: web/swat.c:943
+msgid "Printer names marked with [*] in the Choose Printer drop-down box "
+msgstr "Nazwy Drukarek zaznaczone [*] w rozwijanym polu Wybierz Drukarkê "
+
+#: web/swat.c:944
+msgid "are autoloaded printers from "
+msgstr "sħ drukarkami automatycznie ³adowanymi z "
+
+#: web/swat.c:945
+msgid "Printcap Name"
+msgstr "Nazwa Printcap"
+
+#: web/swat.c:946
+msgid "Attempting to delete these printers from SWAT will have no effect.\n"
+msgstr "Próby usuniêcia tych drukarek ze SWAT nie przyniosħ efektu.\n"
+
+#: web/swat.c:980
+msgid "Choose Printer"
+msgstr "Wybierz Drukarkê"
+
+#: web/swat.c:999
+msgid "Delete Printer"
+msgstr "Usuñ Drukarkê"
+
+#: web/swat.c:1006
+msgid "Create Printer"
+msgstr "Utwórz Drukarkê"
+
+#: web/statuspage.c:40
+msgid "DENY_NONE"
+msgstr ""
+
+#: web/statuspage.c:41
+msgid "DENY_ALL   "
+msgstr ""
+
+#: web/statuspage.c:42
+msgid "DENY_DOS   "
+msgstr ""
+
+#: web/statuspage.c:43
+msgid "DENY_READ  "
+msgstr ""
+
+#: web/statuspage.c:44
+msgid "DENY_WRITE "
+msgstr ""
+
+#: web/statuspage.c:50
+msgid "RDONLY     "
+msgstr ""
+
+#: web/statuspage.c:51
+msgid "WRONLY     "
+msgstr ""
+
+#: web/statuspage.c:52
+msgid "RDWR       "
+msgstr ""
+
+#: web/statuspage.c:60
+msgid "EXCLUSIVE+BATCH "
+msgstr ""
+
+#: web/statuspage.c:62
+msgid "EXCLUSIVE       "
+msgstr ""
+
+#: web/statuspage.c:64
+msgid "BATCH           "
+msgstr ""
+
+#: web/statuspage.c:66
+msgid "LEVEL_II        "
+msgstr ""
+
+#: web/statuspage.c:68
+msgid "NONE            "
+msgstr ""
+
+#: web/statuspage.c:195
+msgid "Server Status"
+msgstr "Status Serwera"
+
+#: web/statuspage.c:200
+msgid "Auto Refresh"
+msgstr "Automatyczne Odĥwieżanie"
+
+#: web/statuspage.c:201 web/statuspage.c:206
+msgid "Refresh Interval: "
+msgstr "Interwa³ Odĥwieżania: "
+
+#: web/statuspage.c:205
+msgid "Stop Refreshing"
+msgstr "Zatrzymaj Odĥwieżanie"
+
+#: web/statuspage.c:220
+msgid "version:"
+msgstr "wersja:"
+
+#: web/statuspage.c:223
+msgid "smbd:"
+msgstr ""
+
+#: web/statuspage.c:223 web/statuspage.c:235
+msgid "running"
+msgstr "dzia³a"
+
+#: web/statuspage.c:223 web/statuspage.c:235
+msgid "not running"
+msgstr "nie dzia³a"
+
+#: web/statuspage.c:226
+msgid "Stop smbd"
+msgstr "Zatrzymaj smbd"
+
+#: web/statuspage.c:228
+msgid "Start smbd"
+msgstr "Uruchom smbd"
+
+#: web/statuspage.c:230
+msgid "Restart smbd"
+msgstr "Zrestartuj smbd"
+
+#: web/statuspage.c:235
+msgid "nmbd:"
+msgstr ""
+
+#: web/statuspage.c:238
+msgid "Stop nmbd"
+msgstr "Zatrzymaj nmbd"
+
+#: web/statuspage.c:240
+msgid "Start nmbd"
+msgstr "Uruchom nmbd"
+
+#: web/statuspage.c:242
+msgid "Restart nmbd"
+msgstr "Zrestartuj nmbd"
+
+#: web/statuspage.c:249
+msgid "Active Connections"
+msgstr "Aktywne Po³ħczenia"
+
+#: web/statuspage.c:251 web/statuspage.c:264 web/statuspage.c:272
+msgid "PID"
+msgstr ""
+
+#: web/statuspage.c:251 web/statuspage.c:264
+msgid "Client"
+msgstr "Klient"
+
+#: web/statuspage.c:251
+msgid "IP address"
+msgstr "adres IP"
+
+#: web/statuspage.c:251 web/statuspage.c:264 web/statuspage.c:272
+msgid "Date"
+msgstr "Data"
+
+#: web/statuspage.c:253
+msgid "Kill"
+msgstr "Zatrzymaj"
+
+#: web/statuspage.c:261
+msgid "Active Shares"
+msgstr "Aktywne Wspó³udzia³y"
+
+#: web/statuspage.c:264
+msgid "Share"
+msgstr "Wspó³udzia³"
+
+#: web/statuspage.c:264
+msgid "User"
+msgstr "Użytkownik"
+
+#: web/statuspage.c:264
+msgid "Group"
+msgstr "Grupa"
+
+#: web/statuspage.c:270
+msgid "Open Files"
+msgstr "Otwarte Pliki"
+
+#: web/statuspage.c:272
+msgid "Sharing"
+msgstr "Wspó³dzielenie"
+
+#: web/statuspage.c:272
+msgid "R/W"
+msgstr ""
+
+#: web/statuspage.c:272
+msgid "Oplock"
+msgstr ""
+
+#: web/statuspage.c:272
+msgid "File"
+msgstr "Plik"
+
+#: param/loadparm.c:641
+msgid "Base Options"
+msgstr "Bazowe Opcje"
+
+#: param/loadparm.c:643
+#, fuzzy
+msgid "dos charset"
+msgstr "Wybierz Wspó³udzia³"
+
+#: param/loadparm.c:644
+msgid "unix charset"
+msgstr ""
+
+#: param/loadparm.c:645
+msgid "display charset"
+msgstr ""
+
+#: param/loadparm.c:646
+msgid "comment"
+msgstr ""
+
+#: param/loadparm.c:647
+msgid "path"
+msgstr ""
+
+#: param/loadparm.c:648
+msgid "directory"
+msgstr ""
+
+#: param/loadparm.c:649
+msgid "workgroup"
+msgstr ""
+
+#: param/loadparm.c:650
+msgid "netbios name"
+msgstr ""
+
+#: param/loadparm.c:651
+msgid "netbios aliases"
+msgstr ""
+
+#: param/loadparm.c:652
+msgid "netbios scope"
+msgstr ""
+
+#: param/loadparm.c:653
+msgid "server string"
+msgstr ""
+
+#: param/loadparm.c:654
+#, fuzzy
+msgid "interfaces"
+msgstr "Drukarki"
+
+#: param/loadparm.c:655
+msgid "bind interfaces only"
+msgstr ""
+
+#: param/loadparm.c:657
+msgid "Security Options"
+msgstr "Opcje Zabezpieczeñ"
+
+#: param/loadparm.c:659
+msgid "security"
+msgstr ""
+
+#: param/loadparm.c:660
+msgid "encrypt passwords"
+msgstr ""
+
+#: param/loadparm.c:661
+msgid "update encrypted"
+msgstr ""
+
+#: param/loadparm.c:662
+msgid "allow trusted domains"
+msgstr ""
+
+#: param/loadparm.c:663
+msgid "alternate permissions"
+msgstr ""
+
+#: param/loadparm.c:664
+msgid "hosts equiv"
+msgstr ""
+
+#: param/loadparm.c:665
+msgid "min passwd length"
+msgstr ""
+
+#: param/loadparm.c:666
+msgid "min password length"
+msgstr ""
+
+#: param/loadparm.c:667
+msgid "map to guest"
+msgstr ""
+
+#: param/loadparm.c:668
+#, fuzzy
+msgid "null passwords"
+msgstr "Zmieñ Has³o"
+
+#: param/loadparm.c:669
+msgid "obey pam restrictions"
+msgstr ""
+
+#: param/loadparm.c:670
+msgid "password server"
+msgstr ""
+
+#: param/loadparm.c:671
+msgid "smb passwd file"
+msgstr ""
+
+#: param/loadparm.c:672
+msgid "private dir"
+msgstr ""
+
+#: param/loadparm.c:673
+msgid "passdb module path"
+msgstr ""
+
+#: param/loadparm.c:674
+msgid "root directory"
+msgstr ""
+
+#: param/loadparm.c:675
+msgid "root dir"
+msgstr ""
+
+#: param/loadparm.c:676
+msgid "root"
+msgstr ""
+
+#: param/loadparm.c:678
+#, fuzzy
+msgid "pam password change"
+msgstr "Zarzħdzanie Has³ami"
+
+#: param/loadparm.c:679
+msgid "passwd program"
+msgstr ""
+
+#: param/loadparm.c:680
+msgid "passwd chat"
+msgstr ""
+
+#: param/loadparm.c:681
+msgid "passwd chat debug"
+msgstr ""
+
+#: param/loadparm.c:682
+msgid "username map"
+msgstr ""
+
+#: param/loadparm.c:683
+#, fuzzy
+msgid "password level"
+msgstr "Zarzħdzanie Has³ami"
+
+#: param/loadparm.c:684
+msgid "username level"
+msgstr ""
+
+#: param/loadparm.c:685
+msgid "unix password sync"
+msgstr ""
+
+#: param/loadparm.c:686
+msgid "restrict anonymous"
+msgstr ""
+
+#: param/loadparm.c:687
+msgid "lanman auth"
+msgstr ""
+
+#: param/loadparm.c:688
+msgid "ntlm auth"
+msgstr ""
+
+#: param/loadparm.c:689
+msgid "plaintext to smbpasswd"
+msgstr ""
+
+#: param/loadparm.c:690
+msgid "use rhosts"
+msgstr ""
+
+#: param/loadparm.c:692
+msgid "username"
+msgstr ""
+
+#: param/loadparm.c:693
+#, fuzzy
+msgid "user"
+msgstr "Użytkownik"
+
+#: param/loadparm.c:694
+#, fuzzy
+msgid "users"
+msgstr "Użytkownik"
+
+#: param/loadparm.c:696
+msgid "guest account"
+msgstr ""
+
+#: param/loadparm.c:697
+msgid "invalid users"
+msgstr ""
+
+#: param/loadparm.c:698
+msgid "valid users"
+msgstr ""
+
+#: param/loadparm.c:699
+msgid "admin users"
+msgstr ""
+
+#: param/loadparm.c:700
+msgid "read list"
+msgstr ""
+
+#: param/loadparm.c:701
+msgid "write list"
+msgstr ""
+
+#: param/loadparm.c:702
+msgid "printer admin"
+msgstr ""
+
+#: param/loadparm.c:703
+msgid "force user"
+msgstr ""
+
+#: param/loadparm.c:704
+msgid "force group"
+msgstr ""
+
+#: param/loadparm.c:705
+#, fuzzy
+msgid "group"
+msgstr "Grupa"
+
+#: param/loadparm.c:707
+msgid "read only"
+msgstr ""
+
+#: param/loadparm.c:708
+msgid "write ok"
+msgstr ""
+
+#: param/loadparm.c:709
+msgid "writeable"
+msgstr ""
+
+#: param/loadparm.c:710
+msgid "writable"
+msgstr ""
+
+#: param/loadparm.c:712
+#, fuzzy
+msgid "create mask"
+msgstr "Utwórz Wspó³udzia³"
+
+#: param/loadparm.c:713
+#, fuzzy
+msgid "create mode"
+msgstr "Utwórz Wspó³udzia³"
+
+#: param/loadparm.c:714
+msgid "force create mode"
+msgstr ""
+
+#: param/loadparm.c:715
+#, fuzzy
+msgid "security mask"
+msgstr "Opcje Zabezpieczeñ"
+
+#: param/loadparm.c:716
+msgid "force security mode"
+msgstr ""
+
+#: param/loadparm.c:717
+msgid "directory mask"
+msgstr ""
+
+#: param/loadparm.c:718
+msgid "directory mode"
+msgstr ""
+
+#: param/loadparm.c:719
+msgid "force directory mode"
+msgstr ""
+
+#: param/loadparm.c:720
+msgid "directory security mask"
+msgstr ""
+
+#: param/loadparm.c:721
+msgid "force directory security mode"
+msgstr ""
+
+#: param/loadparm.c:722
+msgid "inherit permissions"
+msgstr ""
+
+#: param/loadparm.c:723
+msgid "guest only"
+msgstr ""
+
+#: param/loadparm.c:724
+msgid "only guest"
+msgstr ""
+
+#: param/loadparm.c:726
+msgid "guest ok"
+msgstr ""
+
+#: param/loadparm.c:727
+msgid "public"
+msgstr ""
+
+#: param/loadparm.c:729
+#, fuzzy
+msgid "only user"
+msgstr "Odblokuj Użytkownika"
+
+#: param/loadparm.c:730
+msgid "hosts allow"
+msgstr ""
+
+#: param/loadparm.c:731
+msgid "allow hosts"
+msgstr ""
+
+#: param/loadparm.c:732
+msgid "hosts deny"
+msgstr ""
+
+#: param/loadparm.c:733
+msgid "deny hosts"
+msgstr ""
+
+#: param/loadparm.c:736
+msgid "Secure Socket Layer Options"
+msgstr "Opcje SSL"
+
+#: param/loadparm.c:737
+msgid "ssl"
+msgstr ""
+
+#: param/loadparm.c:739
+msgid "ssl hosts"
+msgstr ""
+
+#: param/loadparm.c:740
+msgid "ssl hosts resign"
+msgstr ""
+
+#: param/loadparm.c:741
+msgid "ssl CA certDir"
+msgstr ""
+
+#: param/loadparm.c:742
+msgid "ssl CA certFile"
+msgstr ""
+
+#: param/loadparm.c:743
+msgid "ssl server cert"
+msgstr ""
+
+#: param/loadparm.c:744
+msgid "ssl server key"
+msgstr ""
+
+#: param/loadparm.c:745
+msgid "ssl client cert"
+msgstr ""
+
+#: param/loadparm.c:746
+msgid "ssl client key"
+msgstr ""
+
+#: param/loadparm.c:747
+msgid "ssl require clientcert"
+msgstr ""
+
+#: param/loadparm.c:748
+msgid "ssl require servercert"
+msgstr ""
+
+#: param/loadparm.c:749
+msgid "ssl ciphers"
+msgstr ""
+
+#: param/loadparm.c:750
+#, fuzzy
+msgid "ssl version"
+msgstr "wersja:"
+
+#: param/loadparm.c:751
+msgid "ssl compatibility"
+msgstr ""
+
+#: param/loadparm.c:754
+#, fuzzy
+msgid "Logging Options"
+msgstr "Opcje Blokowania"
+
+#: param/loadparm.c:755
+msgid "log level"
+msgstr ""
+
+#: param/loadparm.c:756
+msgid "debuglevel"
+msgstr ""
+
+#: param/loadparm.c:757
+msgid "syslog"
+msgstr ""
+
+#: param/loadparm.c:758
+msgid "syslog only"
+msgstr ""
+
+#: param/loadparm.c:759
+msgid "log file"
+msgstr ""
+
+#: param/loadparm.c:761
+msgid "max log size"
+msgstr ""
+
+#: param/loadparm.c:762
+msgid "timestamp logs"
+msgstr ""
+
+#: param/loadparm.c:763
+msgid "debug timestamp"
+msgstr ""
+
+#: param/loadparm.c:764
+msgid "debug hires timestamp"
+msgstr ""
+
+#: param/loadparm.c:765
+msgid "debug pid"
+msgstr ""
+
+#: param/loadparm.c:766
+msgid "debug uid"
+msgstr ""
+
+#: param/loadparm.c:768
+msgid "Protocol Options"
+msgstr "Opcje Protoko³u"
+
+#: param/loadparm.c:770
+msgid "protocol"
+msgstr ""
+
+#: param/loadparm.c:771
+msgid "large readwrite"
+msgstr ""
+
+#: param/loadparm.c:772
+msgid "max protocol"
+msgstr ""
+
+#: param/loadparm.c:773
+msgid "min protocol"
+msgstr ""
+
+#: param/loadparm.c:774
+msgid "unicode"
+msgstr ""
+
+#: param/loadparm.c:775
+msgid "read bmpx"
+msgstr ""
+
+#: param/loadparm.c:776
+msgid "read raw"
+msgstr ""
+
+#: param/loadparm.c:777
+msgid "write raw"
+msgstr ""
+
+#: param/loadparm.c:779
+msgid "nt smb support"
+msgstr ""
+
+#: param/loadparm.c:780
+msgid "nt pipe support"
+msgstr ""
+
+#: param/loadparm.c:781
+msgid "nt acl support"
+msgstr ""
+
+#: param/loadparm.c:782
+msgid "announce version"
+msgstr ""
+
+#: param/loadparm.c:783
+msgid "announce as"
+msgstr ""
+
+#: param/loadparm.c:784
+msgid "max mux"
+msgstr ""
+
+#: param/loadparm.c:785
+msgid "max xmit"
+msgstr ""
+
+#: param/loadparm.c:787
+msgid "name resolve order"
+msgstr ""
+
+#: param/loadparm.c:788
+msgid "max packet"
+msgstr ""
+
+#: param/loadparm.c:789
+msgid "packet size"
+msgstr ""
+
+#: param/loadparm.c:790
+msgid "max ttl"
+msgstr ""
+
+#: param/loadparm.c:791
+msgid "max wins ttl"
+msgstr ""
+
+#: param/loadparm.c:792
+msgid "min wins ttl"
+msgstr ""
+
+#: param/loadparm.c:793
+msgid "time server"
+msgstr ""
+
+#: param/loadparm.c:795
+msgid "Tuning Options"
+msgstr "Opcje Dostrajajħce"
+
+#: param/loadparm.c:797
+msgid "change notify timeout"
+msgstr ""
+
+#: param/loadparm.c:798
+msgid "deadtime"
+msgstr ""
+
+#: param/loadparm.c:799
+msgid "getwd cache"
+msgstr ""
+
+#: param/loadparm.c:800
+msgid "keepalive"
+msgstr ""
+
+#: param/loadparm.c:802
+msgid "lpq cache time"
+msgstr ""
+
+#: param/loadparm.c:803
+msgid "max smbd processes"
+msgstr ""
+
+#: param/loadparm.c:804
+#, fuzzy
+msgid "max connections"
+msgstr "Aktywne Po³ħczenia"
+
+#: param/loadparm.c:805
+msgid "paranoid server security"
+msgstr ""
+
+#: param/loadparm.c:806
+msgid "max disk size"
+msgstr ""
+
+#: param/loadparm.c:807
+#, fuzzy
+msgid "max open files"
+msgstr "Otwarte Pliki"
+
+#: param/loadparm.c:808
+msgid "min print space"
+msgstr ""
+
+#: param/loadparm.c:809
+msgid "read size"
+msgstr ""
+
+#: param/loadparm.c:811
+#, fuzzy
+msgid "socket options"
+msgstr "Bazowe Opcje"
+
+#: param/loadparm.c:812
+msgid "stat cache size"
+msgstr ""
+
+#: param/loadparm.c:813
+msgid "strict allocate"
+msgstr ""
+
+#: param/loadparm.c:814
+msgid "strict sync"
+msgstr ""
+
+#: param/loadparm.c:815
+msgid "sync always"
+msgstr ""
+
+#: param/loadparm.c:816
+msgid "use mmap"
+msgstr ""
+
+#: param/loadparm.c:817
+msgid "hostname lookups"
+msgstr ""
+
+#: param/loadparm.c:818
+msgid "write cache size"
+msgstr ""
+
+#: param/loadparm.c:820
+msgid "Printing Options"
+msgstr "Opcje Drukowania"
+
+#: param/loadparm.c:822
+msgid "total print jobs"
+msgstr ""
+
+#: param/loadparm.c:823
+msgid "max print jobs"
+msgstr ""
+
+#: param/loadparm.c:824
+#, fuzzy
+msgid "load printers"
+msgstr "Drukarki"
+
+#: param/loadparm.c:825
+#, fuzzy
+msgid "printcap name"
+msgstr "Nazwa Printcap"
+
+#: param/loadparm.c:826
+#, fuzzy
+msgid "printcap"
+msgstr "Nazwa Printcap"
+
+#: param/loadparm.c:827
+msgid "printable"
+msgstr ""
+
+#: param/loadparm.c:828
+msgid "print ok"
+msgstr ""
+
+#: param/loadparm.c:829
+msgid "postscript"
+msgstr ""
+
+#: param/loadparm.c:830
+#, fuzzy
+msgid "printing"
+msgstr "dzia³a"
+
+#: param/loadparm.c:831
+msgid "print command"
+msgstr ""
+
+#: param/loadparm.c:832
+msgid "disable spoolss"
+msgstr ""
+
+#: param/loadparm.c:833
+msgid "lpq command"
+msgstr ""
+
+#: param/loadparm.c:834
+msgid "lprm command"
+msgstr ""
+
+#: param/loadparm.c:835
+msgid "lppause command"
+msgstr ""
+
+#: param/loadparm.c:836
+msgid "lpresume command"
+msgstr ""
+
+#: param/loadparm.c:837
+msgid "queuepause command"
+msgstr ""
+
+#: param/loadparm.c:838
+msgid "queueresume command"
+msgstr ""
+
+#: param/loadparm.c:840
+msgid "enumports command"
+msgstr ""
+
+#: param/loadparm.c:841
+msgid "addprinter command"
+msgstr ""
+
+#: param/loadparm.c:842
+#, fuzzy
+msgid "deleteprinter command"
+msgstr "Usuñ Drukarkê"
+
+#: param/loadparm.c:843
+msgid "show add printer wizard"
+msgstr ""
+
+#: param/loadparm.c:844
+msgid "os2 driver map"
+msgstr ""
+
+#: param/loadparm.c:846
+#, fuzzy
+msgid "printer name"
+msgstr "Parametry Drukarki"
+
+#: param/loadparm.c:847
+#, fuzzy
+msgid "printer"
+msgstr "Drukarki"
+
+#: param/loadparm.c:848
+msgid "use client driver"
+msgstr ""
+
+#: param/loadparm.c:849
+#, fuzzy
+msgid "printer driver"
+msgstr "Parametry Drukarki"
+
+#: param/loadparm.c:850
+msgid "printer driver file"
+msgstr ""
+
+#: param/loadparm.c:851
+msgid "printer driver location"
+msgstr ""
+
+#: param/loadparm.c:853
+msgid "Filename Handling"
+msgstr "Obs³uga Nazw Plików"
+
+#: param/loadparm.c:854
+msgid "strip dot"
+msgstr ""
+
+#: param/loadparm.c:856
+msgid "mangled stack"
+msgstr ""
+
+#: param/loadparm.c:857
+msgid "default case"
+msgstr ""
+
+#: param/loadparm.c:858
+msgid "case sensitive"
+msgstr ""
+
+#: param/loadparm.c:859
+msgid "casesignames"
+msgstr ""
+
+#: param/loadparm.c:860
+msgid "preserve case"
+msgstr ""
+
+#: param/loadparm.c:861
+msgid "short preserve case"
+msgstr ""
+
+#: param/loadparm.c:862
+msgid "mangle case"
+msgstr ""
+
+#: param/loadparm.c:863
+msgid "mangling char"
+msgstr ""
+
+#: param/loadparm.c:864
+msgid "hide dot files"
+msgstr ""
+
+#: param/loadparm.c:865
+msgid "hide unreadable"
+msgstr ""
+
+#: param/loadparm.c:866
+msgid "delete veto files"
+msgstr ""
+
+#: param/loadparm.c:867
+#, fuzzy
+msgid "veto files"
+msgstr "Otwarte Pliki"
+
+#: param/loadparm.c:868
+#, fuzzy
+msgid "hide files"
+msgstr "Otwarte Pliki"
+
+#: param/loadparm.c:869
+msgid "veto oplock files"
+msgstr ""
+
+#: param/loadparm.c:870
+msgid "map system"
+msgstr ""
+
+#: param/loadparm.c:871
+msgid "map hidden"
+msgstr ""
+
+#: param/loadparm.c:872
+msgid "map archive"
+msgstr ""
+
+#: param/loadparm.c:873
+msgid "mangled names"
+msgstr ""
+
+#: param/loadparm.c:874
+msgid "mangled map"
+msgstr ""
+
+#: param/loadparm.c:875
+msgid "stat cache"
+msgstr ""
+
+#: param/loadparm.c:877
+msgid "Domain Options"
+msgstr "Opcje Domeny"
+
+#: param/loadparm.c:879
+msgid "domain admin group"
+msgstr ""
+
+#: param/loadparm.c:880
+msgid "domain guest group"
+msgstr ""
+
+#: param/loadparm.c:883
+msgid "groupname map"
+msgstr ""
+
+#: param/loadparm.c:886
+msgid "machine password timeout"
+msgstr ""
+
+#: param/loadparm.c:888
+msgid "Logon Options"
+msgstr "Opcje Logowania"
+
+#: param/loadparm.c:890
+msgid "add user script"
+msgstr ""
+
+#: param/loadparm.c:891
+#, fuzzy
+msgid "delete user script"
+msgstr "Usuñ Użytkownika"
+
+#: param/loadparm.c:892
+msgid "add group script"
+msgstr ""
+
+#: param/loadparm.c:893
+msgid "delete group script"
+msgstr ""
+
+#: param/loadparm.c:894
+msgid "add user to group script"
+msgstr ""
+
+#: param/loadparm.c:895
+msgid "delete user from group script"
+msgstr ""
+
+#: param/loadparm.c:896
+msgid "add machine script"
+msgstr ""
+
+#: param/loadparm.c:897
+msgid "shutdown script"
+msgstr ""
+
+#: param/loadparm.c:898
+msgid "abort shutdown script"
+msgstr ""
+
+#: param/loadparm.c:900
+msgid "logon script"
+msgstr ""
+
+#: param/loadparm.c:901
+#, fuzzy
+msgid "logon path"
+msgstr "Opcje Logowania"
+
+#: param/loadparm.c:902
+msgid "logon drive"
+msgstr ""
+
+#: param/loadparm.c:903
+msgid "logon home"
+msgstr ""
+
+#: param/loadparm.c:904
+#, fuzzy
+msgid "domain logons"
+msgstr "Opcje Domeny"
+
+#: param/loadparm.c:906
+msgid "Browse Options"
+msgstr "Opcje Przeglħdania"
+
+#: param/loadparm.c:908
+msgid "os level"
+msgstr ""
+
+#: param/loadparm.c:909
+msgid "lm announce"
+msgstr ""
+
+#: param/loadparm.c:910
+msgid "lm interval"
+msgstr ""
+
+#: param/loadparm.c:911
+msgid "preferred master"
+msgstr ""
+
+#: param/loadparm.c:912
+msgid "prefered master"
+msgstr ""
+
+#: param/loadparm.c:913
+msgid "local master"
+msgstr ""
+
+#: param/loadparm.c:914
+msgid "domain master"
+msgstr ""
+
+#: param/loadparm.c:915
+#, fuzzy
+msgid "browse list"
+msgstr "Opcje Przeglħdania"
+
+#: param/loadparm.c:916
+msgid "browseable"
+msgstr ""
+
+#: param/loadparm.c:917
+msgid "browsable"
+msgstr ""
+
+#: param/loadparm.c:918
+msgid "enhanced browsing"
+msgstr ""
+
+#: param/loadparm.c:920
+msgid "WINS Options"
+msgstr "Opcje WINS"
+
+#: param/loadparm.c:921
+msgid "dns proxy"
+msgstr ""
+
+#: param/loadparm.c:922
+msgid "wins proxy"
+msgstr ""
+
+#: param/loadparm.c:924
+msgid "wins server"
+msgstr ""
+
+#: param/loadparm.c:925
+msgid "wins support"
+msgstr ""
+
+#: param/loadparm.c:926
+msgid "wins hook"
+msgstr ""
+
+#: param/loadparm.c:928
+msgid "Locking Options"
+msgstr "Opcje Blokowania"
+
+#: param/loadparm.c:930
+#, fuzzy
+msgid "blocking locks"
+msgstr "Opcje Blokowania"
+
+#: param/loadparm.c:931
+msgid "fake oplocks"
+msgstr ""
+
+#: param/loadparm.c:932
+msgid "kernel oplocks"
+msgstr ""
+
+#: param/loadparm.c:933
+msgid "locking"
+msgstr ""
+
+#: param/loadparm.c:935
+msgid "oplocks"
+msgstr ""
+
+#: param/loadparm.c:936
+msgid "level2 oplocks"
+msgstr ""
+
+#: param/loadparm.c:937
+msgid "oplock break wait time"
+msgstr ""
+
+#: param/loadparm.c:938
+msgid "oplock contention limit"
+msgstr ""
+
+#: param/loadparm.c:939
+msgid "posix locking"
+msgstr ""
+
+#: param/loadparm.c:940
+msgid "strict locking"
+msgstr ""
+
+#: param/loadparm.c:941
+msgid "share modes"
+msgstr ""
+
+#: param/loadparm.c:944
+msgid "Ldap Options"
+msgstr "Opcje Ldap"
+
+#: param/loadparm.c:946
+msgid "ldap server"
+msgstr ""
+
+#: param/loadparm.c:947
+msgid "ldap port"
+msgstr ""
+
+#: param/loadparm.c:948
+msgid "ldap suffix"
+msgstr ""
+
+#: param/loadparm.c:949
+msgid "ldap filter"
+msgstr ""
+
+#: param/loadparm.c:950
+msgid "ldap root"
+msgstr ""
+
+#: param/loadparm.c:951
+msgid "ldap root passwd"
+msgstr ""
+
+#: param/loadparm.c:954
+msgid "Miscellaneous Options"
+msgstr "Pozosta³e Opcje"
+
+#: param/loadparm.c:955
+msgid "add share command"
+msgstr ""
+
+#: param/loadparm.c:956
+msgid "change share command"
+msgstr ""
+
+#: param/loadparm.c:957
+#, fuzzy
+msgid "delete share command"
+msgstr "Usuñ Wspó³udzia³"
+
+#: param/loadparm.c:959
+msgid "config file"
+msgstr ""
+
+#: param/loadparm.c:960
+msgid "preload"
+msgstr ""
+
+#: param/loadparm.c:961
+#, fuzzy
+msgid "auto services"
+msgstr "Automatyczne Odĥwieżanie"
+
+#: param/loadparm.c:962
+msgid "lock dir"
+msgstr ""
+
+#: param/loadparm.c:963
+msgid "lock directory"
+msgstr ""
+
+#: param/loadparm.c:965
+msgid "utmp directory"
+msgstr ""
+
+#: param/loadparm.c:966
+msgid "wtmp directory"
+msgstr ""
+
+#: param/loadparm.c:967
+msgid "utmp"
+msgstr ""
+
+#: param/loadparm.c:970
+msgid "default service"
+msgstr ""
+
+#: param/loadparm.c:971
+#, fuzzy
+msgid "default"
+msgstr "Ustaw domyĥlnie"
+
+#: param/loadparm.c:972
+msgid "message command"
+msgstr ""
+
+#: param/loadparm.c:973
+msgid "dfree command"
+msgstr ""
+
+#: param/loadparm.c:974
+msgid "remote announce"
+msgstr ""
+
+#: param/loadparm.c:975
+msgid "remote browse sync"
+msgstr ""
+
+#: param/loadparm.c:976
+#, fuzzy
+msgid "socket address"
+msgstr "adres IP"
+
+#: param/loadparm.c:977
+msgid "homedir map"
+msgstr ""
+
+#: param/loadparm.c:978
+msgid "time offset"
+msgstr ""
+
+#: param/loadparm.c:979
+msgid "NIS homedir"
+msgstr ""
+
+#: param/loadparm.c:980
+msgid "-valid"
+msgstr ""
+
+#: param/loadparm.c:982
+msgid "copy"
+msgstr ""
+
+#: param/loadparm.c:983
+msgid "include"
+msgstr ""
+
+#: param/loadparm.c:984
+msgid "exec"
+msgstr ""
+
+#: param/loadparm.c:985
+msgid "preexec"
+msgstr ""
+
+#: param/loadparm.c:987
+msgid "preexec close"
+msgstr ""
+
+#: param/loadparm.c:988
+msgid "postexec"
+msgstr ""
+
+#: param/loadparm.c:989
+msgid "root preexec"
+msgstr ""
+
+#: param/loadparm.c:990
+msgid "root preexec close"
+msgstr ""
+
+#: param/loadparm.c:991
+msgid "root postexec"
+msgstr ""
+
+#: param/loadparm.c:992
+msgid "available"
+msgstr ""
+
+#: param/loadparm.c:993
+#, fuzzy
+msgid "volume"
+msgstr "Strona domowa"
+
+#: param/loadparm.c:994
+msgid "fstype"
+msgstr ""
+
+#: param/loadparm.c:995
+msgid "set directory"
+msgstr ""
+
+#: param/loadparm.c:996
+msgid "source environment"
+msgstr ""
+
+#: param/loadparm.c:997
+msgid "wide links"
+msgstr ""
+
+#: param/loadparm.c:998
+msgid "follow symlinks"
+msgstr ""
+
+#: param/loadparm.c:999
+msgid "dont descend"
+msgstr ""
+
+#: param/loadparm.c:1000
+msgid "magic script"
+msgstr ""
+
+#: param/loadparm.c:1001
+msgid "magic output"
+msgstr ""
+
+#: param/loadparm.c:1002
+msgid "delete readonly"
+msgstr ""
+
+#: param/loadparm.c:1003
+msgid "dos filemode"
+msgstr ""
+
+#: param/loadparm.c:1004
+msgid "dos filetimes"
+msgstr ""
+
+#: param/loadparm.c:1005
+msgid "dos filetime resolution"
+msgstr ""
+
+#: param/loadparm.c:1007
+msgid "fake directory create times"
+msgstr ""
+
+#: param/loadparm.c:1008
+msgid "panic action"
+msgstr ""
+
+#: param/loadparm.c:1009
+msgid "hide local users"
+msgstr ""
+
+#: param/loadparm.c:1012
+#, fuzzy
+msgid "VFS options"
+msgstr "Opcje WINS"
+
+#: param/loadparm.c:1014
+msgid "vfs object"
+msgstr ""
+
+#: param/loadparm.c:1015
+#, fuzzy
+msgid "vfs options"
+msgstr "Bazowe Opcje"
+
+#: param/loadparm.c:1018
+msgid "msdfs root"
+msgstr ""
+
+#: param/loadparm.c:1019
+msgid "host msdfs"
+msgstr ""
+
+#: param/loadparm.c:1021
+#, fuzzy
+msgid "Winbind options"
+msgstr "Opcje Drukowania"
+
+#: param/loadparm.c:1023
+msgid "winbind uid"
+msgstr ""
+
+#: param/loadparm.c:1024
+msgid "winbind gid"
+msgstr ""
+
+#: param/loadparm.c:1025
+msgid "template homedir"
+msgstr ""
+
+#: param/loadparm.c:1026
+msgid "template shell"
+msgstr ""
+
+#: param/loadparm.c:1027
+msgid "winbind separator"
+msgstr ""
+
+#: param/loadparm.c:1028
+msgid "winbind cache time"
+msgstr ""
+
+#: param/loadparm.c:1029
+msgid "winbind enum users"
+msgstr ""
+
+#: param/loadparm.c:1030
+msgid "winbind enum groups"
+msgstr ""
+
+#~ msgid "failed to open %s for writing\n"
+#~ msgstr "nie uda³o siê otworzyĉ %s do zapisu\n"
+
+#~ msgid "Can't reload %s\n"
+#~ msgstr "Nie mogê prze³adowaĉ %s\n"
+
+#~ msgid "Can't setup password database vectors.\n"
+#~ msgstr "Nie można ustawiĉ wektorów bazy hase³.\n"
+
+#~ msgid "You need to have status=yes in your smb config file\n"
+#~ msgstr "Musisz mieĉ status=yes w swoim pliku konfiguracyjnym smb\n"
diff --git a/source3/po/tr.msg b/source3/po/tr.msg
new file mode 100644
index 0000000000..6c2bc1f93d
--- /dev/null
+++ b/source3/po/tr.msg
@@ -0,0 +1,1723 @@
+# Swat Turkish Translation
+# Copyright (C) 2001 Deniz Akkus Kanca
+# Deniz Akkus Kanca <deniz@arayan.com>, 2001.
+#
+#   This program is free software; you can redistribute it and/or modify
+#   it under the terms of the GNU General Public License as published by
+#   the Free Software Foundation; either version 2 of the License, or
+#   (at your option) any later version.
+#
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License
+#   along with this program; if not, write to the Free Software
+#   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+msgid ""
+msgstr ""
+"Project-Id-Version: i18n_swat \n"
+"POT-Creation-Date: 2001-09-20 20:29+0900\n"
+"PO-Revision-Date: 2001-09-20 22:51EEST\n"
+"Last-Translator: Deniz Akkus Kanca <deniz@arayan.com>\n"
+"Language-Team: Turkish <gnu-tr-u12a@lists.sourceforge.net>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=ISO-8859-9\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: KBabel 0.9.1\n"
+
+#: web/swat.c:120
+#, c-format
+msgid "ERROR: Can't open %s\n"
+msgstr "HATA: %s açŭlamadŭ\n"
+
+#.
+#. str = stripspace(parm->label);
+#. strlower (str); //monyo
+#. d_printf("<tr><td><A HREF=\"/swat/help/smb.conf.5.html#%s\" target=\"docs\">%s</A>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; %s</td><td>",
+#. str, _("Help"), parm->label);
+#.
+#: web/swat.c:211
+msgid "Help"
+msgstr "Yardŭm"
+
+#: web/swat.c:217 web/swat.c:231 web/swat.c:246 web/swat.c:254 web/swat.c:263
+#: web/swat.c:272 web/swat.c:278 web/swat.c:284 web/swat.c:297
+msgid "Set Default"
+msgstr "Öntanŭmlŭya Ayarla"
+
+#: web/swat.c:502
+#, c-format
+msgid "Logged in as <b>%s</b><p>\n"
+msgstr "<b>%s</b> kimli�i ile oturum açŭlmŭŝ<p>\n"
+
+#: web/swat.c:505
+msgid "Home"
+msgstr "Ev"
+
+#: web/swat.c:507
+msgid "Globals"
+msgstr "Evrenseller"
+
+#: web/swat.c:508
+msgid "Shares"
+msgstr "Paylaŝŭmlar"
+
+#: web/swat.c:509
+msgid "Printers"
+msgstr "Yazŭcŭlar"
+
+#: web/swat.c:512
+msgid "Status"
+msgstr "Durum"
+
+#: web/swat.c:513
+msgid "View Config"
+msgstr "Ayarlara Gözat"
+
+#: web/swat.c:515
+msgid "Password Management"
+msgstr "Ŝifre Yönetimi"
+
+#: web/swat.c:539
+msgid "Current Config"
+msgstr "Ŝimdiki Ayarlar"
+
+#: web/swat.c:543
+msgid "Normal View"
+msgstr "Normal Görünüm"
+
+#: web/swat.c:545
+msgid "Full View"
+msgstr "Tam Görünüm"
+
+#: web/swat.c:561
+msgid "Global Variables"
+msgstr "Genel De�iŝkenler"
+
+#: web/swat.c:575 web/swat.c:671 web/swat.c:1014
+msgid "Commit Changes"
+msgstr "De�iŝiklikleri Kaydet"
+
+#: web/swat.c:579 web/swat.c:674 web/swat.c:1016
+msgid "Reset Values"
+msgstr "De�erleri Ŭlk Haline Getir"
+
+#: web/swat.c:581 web/swat.c:676 web/swat.c:1018
+msgid "Advanced View"
+msgstr "Geliŝmiŝ Görünüm"
+
+#: web/swat.c:583 web/swat.c:678 web/swat.c:1020
+msgid "Basic View"
+msgstr "Temel Görünüm"
+
+#: web/swat.c:613
+msgid "Share Parameters"
+msgstr "Paylaŝŭm Parametreleri"
+
+#: web/swat.c:642
+msgid "Choose Share"
+msgstr "Paylaŝŭm Seçin"
+
+#: web/swat.c:656
+msgid "Delete Share"
+msgstr "Paylaŝŭm Kaldŭr"
+
+#: web/swat.c:663
+msgid "Create Share"
+msgstr "Paylaŝŭm Oluŝtur"
+
+#: web/swat.c:708
+msgid "password change in demo mode rejected\n"
+msgstr "demo kipinde ŝifre de�iŝikli�i kabul edilmedi\n"
+
+#: web/swat.c:747
+msgid " Must specify \"User Name\" \n"
+msgstr " \"Kullanŭcŭ Adŭ\" belirtilmeli \n"
+
+#: web/swat.c:763
+msgid " Must specify \"Old Password\" \n"
+msgstr " \"Eski Ŝifre\" belirtilmeli \n"
+
+#: web/swat.c:769
+msgid " Must specify \"Remote Machine\" \n"
+msgstr " \"Uzak Makina\" belirtilmeli \n"
+
+#: web/swat.c:776
+msgid " Must specify \"New, and Re-typed Passwords\" \n"
+msgstr " \"Yeni ve Tekrar Girilmiŝ Ŝifreler\" belirtilmeli \n"
+
+#: web/swat.c:782
+msgid " Re-typed password didn't match new password\n"
+msgstr " Tekrar girilen ŝifre yeni ŝifre ile eŝleŝmedi\n"
+
+#: web/swat.c:812
+#, c-format
+msgid " The passwd for '%s' has been changed. \n"
+msgstr " '%s' için ŝifre de�iŝtirildi. \n"
+
+#: web/swat.c:814
+#, c-format
+msgid " The passwd for '%s' has NOT been changed. \n"
+msgstr " '%s' için ŝifre DE�ŬŜTŬRŬLMEDŬ. \n"
+
+#: web/swat.c:838
+msgid "Server Password Management"
+msgstr "Sunucu Ŝifre Yönetimi"
+
+#.
+#. * Create all the dialog boxes for data collection
+#.
+#: web/swat.c:847 web/swat.c:894
+msgid " User Name : "
+msgstr " Kullanŭcŭ Adŭ : "
+
+#: web/swat.c:850 web/swat.c:896
+msgid " Old Password : "
+msgstr " Eski Ŝifre : "
+
+#: web/swat.c:853 web/swat.c:898
+msgid " New Password : "
+msgstr " Yeni Ŝifre : "
+
+#: web/swat.c:855 web/swat.c:900
+msgid " Re-type New Password : "
+msgstr " Yeni Ŝifre Tekrarŭ : "
+
+#: web/swat.c:863 web/swat.c:911
+msgid "Change Password"
+msgstr "Ŝifre De�iŝtir"
+
+#: web/swat.c:866
+msgid "Add New User"
+msgstr "Kull. Ekle"
+
+#: web/swat.c:868
+msgid "Delete User"
+msgstr "Kull. Sil"
+
+#: web/swat.c:870
+msgid "Disable User"
+msgstr "Kull. Etkisizleŝtir"
+
+#: web/swat.c:872
+msgid "Enable User"
+msgstr "Kull. Etkinleŝtir"
+
+#: web/swat.c:885
+msgid "Client/Server Password Management"
+msgstr "Ŭstemci/Sunucu Ŝifre Yönetimi"
+
+#: web/swat.c:902
+msgid " Remote Machine : "
+msgstr " Uzak Makina : "
+
+#: web/swat.c:940
+msgid "Printer Parameters"
+msgstr "Yazŭcŭ Bilgileri"
+
+#: web/swat.c:942
+msgid "Important Note:"
+msgstr "Önemli Not: "
+
+#: web/swat.c:943
+msgid "Printer names marked with [*] in the Choose Printer drop-down box "
+msgstr "Yazŭcŭ Seç kutusunda [*] ile iŝaretlenmiŝ yazŭcŭ isimleri "
+
+#: web/swat.c:944
+msgid "are autoloaded printers from "
+msgstr "otomatik yüklenen yazŭcŭlar "
+
+#: web/swat.c:945
+msgid "Printcap Name"
+msgstr "Printcap Adŭ"
+
+#: web/swat.c:946
+msgid "Attempting to delete these printers from SWAT will have no effect.\n"
+msgstr "Bu yazŭcŭlarŭ SWAT'dan silmek etkisiz olacaktŭr.\n"
+
+#: web/swat.c:980
+msgid "Choose Printer"
+msgstr "Yazŭcŭ Seç"
+
+#: web/swat.c:999
+msgid "Delete Printer"
+msgstr "Yazŭcŭ Sil"
+
+#: web/swat.c:1006
+msgid "Create Printer"
+msgstr "Yazŭcŭ Oluŝtur"
+
+#: web/statuspage.c:40
+msgid "DENY_NONE"
+msgstr "HERKESE_AÇIK"
+
+#: web/statuspage.c:41
+msgid "DENY_ALL   "
+msgstr "HERKESŬ_REDDET   "
+
+#: web/statuspage.c:42
+msgid "DENY_DOS   "
+msgstr "DOSU_REDDET   "
+
+#: web/statuspage.c:43
+msgid "DENY_READ  "
+msgstr "OKU_REDDET  "
+
+#: web/statuspage.c:44
+msgid "DENY_WRITE "
+msgstr "YAZ_REDDET "
+
+#: web/statuspage.c:50
+msgid "RDONLY     "
+msgstr "SALTOKUNUR    "
+
+#: web/statuspage.c:51
+msgid "WRONLY     "
+msgstr "SALTYAZILIR    "
+
+#: web/statuspage.c:52
+msgid "RDWR       "
+msgstr "O/Y        "
+
+#: web/statuspage.c:60
+msgid "EXCLUSIVE+BATCH "
+msgstr "ŜAHSŬ+TOPTAN "
+
+#: web/statuspage.c:62
+msgid "EXCLUSIVE       "
+msgstr "ŜAHSŬ         "
+
+#: web/statuspage.c:64
+msgid "BATCH           "
+msgstr "TOPTAN        "
+
+#: web/statuspage.c:66
+msgid "LEVEL_II        "
+msgstr "SEVŬYE_II        "
+
+#: web/statuspage.c:68
+msgid "NONE            "
+msgstr "HŬÇ             "
+
+#: web/statuspage.c:195
+msgid "Server Status"
+msgstr "Sunucu Durumu"
+
+#: web/statuspage.c:200
+msgid "Auto Refresh"
+msgstr "Oto Tazele"
+
+#: web/statuspage.c:201 web/statuspage.c:206
+msgid "Refresh Interval: "
+msgstr "Tazeleme Aralŭ�ŭ: "
+
+#: web/statuspage.c:205
+msgid "Stop Refreshing"
+msgstr "Tazelemeyi Durdur"
+
+#: web/statuspage.c:220
+msgid "version:"
+msgstr "sürüm:"
+
+#: web/statuspage.c:223
+msgid "smbd:"
+msgstr "smbd:"
+
+#: web/statuspage.c:223 web/statuspage.c:235
+msgid "running"
+msgstr "çalŭŝŭyor"
+
+#: web/statuspage.c:223 web/statuspage.c:235
+msgid "not running"
+msgstr "çalŭŝmŭyor"
+
+#: web/statuspage.c:226
+msgid "Stop smbd"
+msgstr "Smbd'yi durdur"
+
+#: web/statuspage.c:228
+msgid "Start smbd"
+msgstr "Smbd'yi çalŭŝtŭr"
+
+#: web/statuspage.c:230
+msgid "Restart smbd"
+msgstr "Smbd'yi yeniden çalŭŝtŭr"
+
+#: web/statuspage.c:235
+msgid "nmbd:"
+msgstr "nmbd:"
+
+#: web/statuspage.c:238
+msgid "Stop nmbd"
+msgstr "Nmbd'yi durdur"
+
+#: web/statuspage.c:240
+msgid "Start nmbd"
+msgstr "Nmbd'yi çalŭŝtŭr"
+
+#: web/statuspage.c:242
+msgid "Restart nmbd"
+msgstr "Nmbd'yi yeniden çalŭŝtŭr"
+
+#: web/statuspage.c:249
+msgid "Active Connections"
+msgstr "Aktif Ba�lantŭlar"
+
+#: web/statuspage.c:251 web/statuspage.c:264 web/statuspage.c:272
+msgid "PID"
+msgstr "PID"
+
+#: web/statuspage.c:251 web/statuspage.c:264
+msgid "Client"
+msgstr "Ŭstemci"
+
+#: web/statuspage.c:251
+msgid "IP address"
+msgstr "IP numarasŭ"
+
+#: web/statuspage.c:251 web/statuspage.c:264 web/statuspage.c:272
+msgid "Date"
+msgstr "Tarih"
+
+#: web/statuspage.c:253
+msgid "Kill"
+msgstr "Kapat"
+
+#: web/statuspage.c:261
+msgid "Active Shares"
+msgstr "Aktif Paylaŝŭmlar"
+
+#: web/statuspage.c:264
+msgid "Share"
+msgstr "Paylaŝŭm"
+
+#: web/statuspage.c:264
+msgid "User"
+msgstr "Kullanŭcŭ"
+
+#: web/statuspage.c:264
+msgid "Group"
+msgstr "Grup"
+
+#: web/statuspage.c:270
+msgid "Open Files"
+msgstr "Açŭk Dosyalar"
+
+#: web/statuspage.c:272
+msgid "Sharing"
+msgstr "Paylaŝŭlŭyor"
+
+#: web/statuspage.c:272
+msgid "R/W"
+msgstr "O/Y"
+
+#: web/statuspage.c:272
+msgid "Oplock"
+msgstr "Oplock"
+
+#: web/statuspage.c:272
+msgid "File"
+msgstr "Dosya"
+
+#: param/loadparm.c:641
+msgid "Base Options"
+msgstr "Temel Seçenekler"
+
+#: param/loadparm.c:643
+msgid "dos charset"
+msgstr "dos karakter kümesi"
+
+#: param/loadparm.c:644
+msgid "unix charset"
+msgstr "unix karakter kümesi"
+
+#: param/loadparm.c:645
+msgid "display charset"
+msgstr "karakter kümesini göster"
+
+#: param/loadparm.c:646
+msgid "comment"
+msgstr "açŭklama"
+
+#: param/loadparm.c:647
+msgid "path"
+msgstr "yol"
+
+#: param/loadparm.c:648
+msgid "directory"
+msgstr "dizin"
+
+#: param/loadparm.c:649
+msgid "workgroup"
+msgstr "çalŭŝma grubu"
+
+#: param/loadparm.c:650
+msgid "netbios name"
+msgstr "netbios adŭ"
+
+#: param/loadparm.c:651
+msgid "netbios aliases"
+msgstr "netbios rumuzlarŭ"
+
+#: param/loadparm.c:652
+msgid "netbios scope"
+msgstr "netbios kapsamŭ"
+
+#: param/loadparm.c:653
+msgid "server string"
+msgstr "sunucu dizgesi"
+
+#: param/loadparm.c:654
+msgid "interfaces"
+msgstr "arayüzler"
+
+#: param/loadparm.c:655
+msgid "bind interfaces only"
+msgstr "yalnŭzca arayüzleri ba�la"
+
+#: param/loadparm.c:657
+msgid "Security Options"
+msgstr "Güvenlik Seçenekleri"
+
+#: param/loadparm.c:659
+msgid "security"
+msgstr "güvenlik"
+
+#: param/loadparm.c:660
+msgid "encrypt passwords"
+msgstr "ŝifreyi ŝifrele "
+
+#: param/loadparm.c:661
+msgid "update encrypted"
+msgstr "ŝifrelenmiŝ güncelle"
+
+#: param/loadparm.c:662
+msgid "allow trusted domains"
+msgstr "güvenli alanlara izin ver"
+
+#: param/loadparm.c:663
+msgid "alternate permissions"
+msgstr "baŝka izinler"
+
+#: param/loadparm.c:664
+msgid "hosts equiv"
+msgstr "hosts eŝde�erlisi"
+
+#: param/loadparm.c:665
+msgid "min passwd length"
+msgstr "en kŭsa ŝifre uzunlu�u"
+
+#: param/loadparm.c:666
+msgid "min password length"
+msgstr "en kŭsa ŝifre uzunlu�u"
+
+#: param/loadparm.c:667
+msgid "map to guest"
+msgstr "guest (misafir) kullanŭcŭya eŝle"
+
+#: param/loadparm.c:668
+msgid "null passwords"
+msgstr "boŝ ŝifreler"
+
+#: param/loadparm.c:669
+msgid "obey pam restrictions"
+msgstr "pam kŭsŭtlamalarŭna uy"
+
+#: param/loadparm.c:670
+msgid "password server"
+msgstr "ŝifre sunucusu"
+
+#: param/loadparm.c:671
+msgid "smb passwd file"
+msgstr "smb ŝifre dosyasŭ"
+
+#: param/loadparm.c:672
+msgid "private dir"
+msgstr "özel dizin"
+
+#: param/loadparm.c:673
+msgid "passdb module path"
+msgstr "ŝifre veritabanŭ modül yolu"
+
+#: param/loadparm.c:674
+msgid "root directory"
+msgstr "kök dizin"
+
+#: param/loadparm.c:675
+msgid "root dir"
+msgstr "kök dizin"
+
+#: param/loadparm.c:676
+msgid "root"
+msgstr "kök"
+
+#: param/loadparm.c:678
+msgid "pam password change"
+msgstr "pam ŝifre de�iŝikli�i"
+
+#: param/loadparm.c:679
+msgid "passwd program"
+msgstr "ŝifre yazŭlŭmŭ"
+
+#: param/loadparm.c:680
+msgid "passwd chat"
+msgstr "ŝifre diyalo�u"
+
+#: param/loadparm.c:681
+msgid "passwd chat debug"
+msgstr "ŝifre diyalog hata ayŭklamasŭ"
+
+#: param/loadparm.c:682
+msgid "username map"
+msgstr "kullanŭcŭ adŭ eŝlemesi"
+
+#: param/loadparm.c:683
+msgid "password level"
+msgstr "ŝifre seviyesi"
+
+#: param/loadparm.c:684
+msgid "username level"
+msgstr "kullanŭcŭ kimli�i seviyesi"
+
+#: param/loadparm.c:685
+msgid "unix password sync"
+msgstr "unix ŝifre senkronizasyonu"
+
+#: param/loadparm.c:686
+msgid "restrict anonymous"
+msgstr "anonim eriŝimi kŭsŭtla"
+
+#: param/loadparm.c:687
+msgid "lanman auth"
+msgstr "lanman auth"
+
+#: param/loadparm.c:688
+msgid "ntlm auth"
+msgstr "ntlm auth"
+
+#: param/loadparm.c:689
+msgid "plaintext to smbpasswd"
+msgstr "düz metinden smbpasswd'e"
+
+#: param/loadparm.c:690
+msgid "use rhosts"
+msgstr "rhosts kullan"
+
+#: param/loadparm.c:692
+msgid "username"
+msgstr "kullanŭcŭ adŭ"
+
+#: param/loadparm.c:693
+msgid "user"
+msgstr "kullanŭcŭ"
+
+#: param/loadparm.c:694
+msgid "users"
+msgstr "kullanŭcŭlar"
+
+#: param/loadparm.c:696
+msgid "guest account"
+msgstr "misafir hesap"
+
+#: param/loadparm.c:697
+msgid "invalid users"
+msgstr "geçersiz kullanŭcŭlar"
+
+#: param/loadparm.c:698
+msgid "valid users"
+msgstr "geçerli kullanŭcŭlar"
+
+#: param/loadparm.c:699
+msgid "admin users"
+msgstr "yönetici kullanŭcŭlarŭ"
+
+#: param/loadparm.c:700
+msgid "read list"
+msgstr "okuma listesi"
+
+#: param/loadparm.c:701
+msgid "write list"
+msgstr "yazma listesi"
+
+#: param/loadparm.c:702
+msgid "printer admin"
+msgstr "yazŭcŭ yönetimi"
+
+#: param/loadparm.c:703
+msgid "force user"
+msgstr "kullanŭcŭyŭ zorla"
+
+#: param/loadparm.c:704
+msgid "force group"
+msgstr "grubu zorla"
+
+#: param/loadparm.c:705
+msgid "group"
+msgstr "grup"
+
+#: param/loadparm.c:707
+msgid "read only"
+msgstr "salt okunur"
+
+#: param/loadparm.c:708
+msgid "write ok"
+msgstr "yazma tamam"
+
+#: param/loadparm.c:709
+msgid "writeable"
+msgstr "yazŭlabilir"
+
+#: param/loadparm.c:710
+msgid "writable"
+msgstr "yazŭlabilir"
+
+#: param/loadparm.c:712
+msgid "create mask"
+msgstr "oluŝturma izinleri"
+
+#: param/loadparm.c:713
+msgid "create mode"
+msgstr "oluŝturma kipi"
+
+#: param/loadparm.c:714
+msgid "force create mode"
+msgstr "oluŝturma kipini zorla"
+
+#: param/loadparm.c:715
+msgid "security mask"
+msgstr "güvenlik izinleri"
+
+#: param/loadparm.c:716
+msgid "force security mode"
+msgstr "güvenlik kipini zorla"
+
+#: param/loadparm.c:717
+msgid "directory mask"
+msgstr "dizin izinleri"
+
+#: param/loadparm.c:718
+msgid "directory mode"
+msgstr "dizin kipi"
+
+#: param/loadparm.c:719
+msgid "force directory mode"
+msgstr "dizin kipini zorla"
+
+#: param/loadparm.c:720
+msgid "directory security mask"
+msgstr "dizin güvenlik izinleri"
+
+#: param/loadparm.c:721
+msgid "force directory security mode"
+msgstr "dizin güvenlik kipini zorla"
+
+#: param/loadparm.c:722
+msgid "inherit permissions"
+msgstr "izinleri ebeveynden al"
+
+#: param/loadparm.c:723
+msgid "guest only"
+msgstr "yalnŭz misafir"
+
+#: param/loadparm.c:724
+msgid "only guest"
+msgstr "yalnŭz misafir"
+
+#: param/loadparm.c:726
+msgid "guest ok"
+msgstr "misafir tamam"
+
+#: param/loadparm.c:727
+msgid "public"
+msgstr "genel"
+
+#: param/loadparm.c:729
+msgid "only user"
+msgstr "salt kullanŭcŭ"
+
+#: param/loadparm.c:730
+msgid "hosts allow"
+msgstr "hosts izinli"
+
+#: param/loadparm.c:731
+msgid "allow hosts"
+msgstr "hosts izinli"
+
+#: param/loadparm.c:732
+msgid "hosts deny"
+msgstr "hosts izinsiz"
+
+#: param/loadparm.c:733
+msgid "deny hosts"
+msgstr "hosts izinsiz"
+
+#: param/loadparm.c:736
+msgid "Secure Socket Layer Options"
+msgstr "Güvenli Soket Katman Seçenekleri"
+
+#: param/loadparm.c:737
+msgid "ssl"
+msgstr "ssl"
+
+#: param/loadparm.c:739
+msgid "ssl hosts"
+msgstr "ssl hosts"
+
+#: param/loadparm.c:740
+msgid "ssl hosts resign"
+msgstr "ssl hosts istifa"
+
+#: param/loadparm.c:741
+msgid "ssl CA certDir"
+msgstr "ssl CA sertifika dizini"
+
+#: param/loadparm.c:742
+msgid "ssl CA certFile"
+msgstr "ssl CA sertifika dosyasŭ"
+
+#: param/loadparm.c:743
+msgid "ssl server cert"
+msgstr "ssl sunucu sertifikasŭ"
+
+#: param/loadparm.c:744
+msgid "ssl server key"
+msgstr "ssl sunucu anahtarŭ"
+
+#: param/loadparm.c:745
+msgid "ssl client cert"
+msgstr "ssl istemci sertifikasŭ"
+
+#: param/loadparm.c:746
+msgid "ssl client key"
+msgstr "ssl istemci anahtarŭ"
+
+#: param/loadparm.c:747
+msgid "ssl require clientcert"
+msgstr "ssl istemci sertifikasŭ iste"
+
+#: param/loadparm.c:748
+msgid "ssl require servercert"
+msgstr "ssl sunucu sertifikasŭ iste"
+
+#: param/loadparm.c:749
+msgid "ssl ciphers"
+msgstr "ssl ŝifreleri"
+
+#: param/loadparm.c:750
+msgid "ssl version"
+msgstr "ssl sürümü"
+
+#: param/loadparm.c:751
+msgid "ssl compatibility"
+msgstr "ssl uyumlulu�u"
+
+#: param/loadparm.c:754
+msgid "Logging Options"
+msgstr "Günlük Kaydŭ Seçenekleri"
+
+#: param/loadparm.c:755
+msgid "log level"
+msgstr "günlük seviyesi"
+
+#: param/loadparm.c:756
+msgid "debuglevel"
+msgstr "hata ayŭklama seviyesi"
+
+#: param/loadparm.c:757
+msgid "syslog"
+msgstr "sistem günlü�ü"
+
+#: param/loadparm.c:758
+msgid "syslog only"
+msgstr "salt sistem günlü�ü"
+
+#: param/loadparm.c:759
+msgid "log file"
+msgstr "günlük dosyasŭ"
+
+#: param/loadparm.c:761
+msgid "max log size"
+msgstr "maksimum günlük büyüklü�ü"
+
+#: param/loadparm.c:762
+msgid "timestamp logs"
+msgstr "zaman damgasŭ günlükleri"
+
+#: param/loadparm.c:763
+msgid "debug timestamp"
+msgstr "hata ayŭklama zaman damgasŭ"
+
+#: param/loadparm.c:764
+msgid "debug hires timestamp"
+msgstr "hata ayŭklama yüksek çözünürlüklü zaman damgasŭ"
+
+#: param/loadparm.c:765
+msgid "debug pid"
+msgstr "hata ayŭklama pid"
+
+#: param/loadparm.c:766
+msgid "debug uid"
+msgstr "hata ayŭklama uid"
+
+#: param/loadparm.c:768
+msgid "Protocol Options"
+msgstr "Protokol Seçenekleri"
+
+#: param/loadparm.c:770
+msgid "protocol"
+msgstr "protokol"
+
+#: param/loadparm.c:771
+msgid "large readwrite"
+msgstr "büyük oku/yaz"
+
+#: param/loadparm.c:772
+msgid "max protocol"
+msgstr "max protokol"
+
+#: param/loadparm.c:773
+msgid "min protocol"
+msgstr "min protokol"
+
+#: param/loadparm.c:774
+msgid "unicode"
+msgstr "unicode"
+
+#: param/loadparm.c:775
+msgid "read bmpx"
+msgstr "bmpx oku"
+
+#: param/loadparm.c:776
+msgid "read raw"
+msgstr "ham oku"
+
+#: param/loadparm.c:777
+msgid "write raw"
+msgstr "ham yaz"
+
+#: param/loadparm.c:779
+msgid "nt smb support"
+msgstr "nt smb deste�i"
+
+#: param/loadparm.c:780
+msgid "nt pipe support"
+msgstr "nt verihattŭ deste�i"
+
+#: param/loadparm.c:781
+msgid "nt acl support"
+msgstr "nt acl deste�i"
+
+#: param/loadparm.c:782
+msgid "announce version"
+msgstr "sürümü bildir"
+
+#: param/loadparm.c:783
+msgid "announce as"
+msgstr "bildir"
+
+#: param/loadparm.c:784
+msgid "max mux"
+msgstr "maksimum mux"
+
+#: param/loadparm.c:785
+msgid "max xmit"
+msgstr "maksimum xmit"
+
+#: param/loadparm.c:787
+msgid "name resolve order"
+msgstr "ad çözümleme sŭrasŭ"
+
+#: param/loadparm.c:788
+msgid "max packet"
+msgstr "maksimum paket"
+
+#: param/loadparm.c:789
+msgid "packet size"
+msgstr "paket büyüklü�ü"
+
+#: param/loadparm.c:790
+msgid "max ttl"
+msgstr "maksimum ttl"
+
+#: param/loadparm.c:791
+msgid "max wins ttl"
+msgstr "maksimum wins ttl"
+
+#: param/loadparm.c:792
+msgid "min wins ttl"
+msgstr "minimum wins ttl"
+
+#: param/loadparm.c:793
+msgid "time server"
+msgstr "zaman sunucusu"
+
+#: param/loadparm.c:795
+msgid "Tuning Options"
+msgstr "Ayar Seçenekleri"
+
+#: param/loadparm.c:797
+msgid "change notify timeout"
+msgstr "zamanaŝŭmŭ bildirmesini de�iŝtir"
+
+#: param/loadparm.c:798
+msgid "deadtime"
+msgstr "ölüzaman"
+
+#: param/loadparm.c:799
+msgid "getwd cache"
+msgstr "getwd arabelle�i"
+
+#: param/loadparm.c:800
+msgid "keepalive"
+msgstr "hayattatut"
+
+#: param/loadparm.c:802
+msgid "lpq cache time"
+msgstr "lpq arabellek zamanŭ"
+
+#: param/loadparm.c:803
+msgid "max smbd processes"
+msgstr "maksimum smbd süreci"
+
+#: param/loadparm.c:804
+msgid "max connections"
+msgstr "maksimum ba�lantŭ"
+
+#: param/loadparm.c:805
+msgid "paranoid server security"
+msgstr "yüksek dereceli sunucu güvenli�i"
+
+#: param/loadparm.c:806
+msgid "max disk size"
+msgstr "maksimum disk büyüklü�ü"
+
+#: param/loadparm.c:807
+msgid "max open files"
+msgstr "maksimum açŭk dosya"
+
+#: param/loadparm.c:808
+msgid "min print space"
+msgstr "minimum yazma alanŭ"
+
+#: param/loadparm.c:809
+msgid "read size"
+msgstr "okuma boyu"
+
+#: param/loadparm.c:811
+msgid "socket options"
+msgstr "soket seçenekleri"
+
+#: param/loadparm.c:812
+msgid "stat cache size"
+msgstr "durum arabelle�i boyu"
+
+#: param/loadparm.c:813
+msgid "strict allocate"
+msgstr "sŭkŭ ayŭrma"
+
+#: param/loadparm.c:814
+msgid "strict sync"
+msgstr "sŭkŭ senkronizasyon"
+
+#: param/loadparm.c:815
+msgid "sync always"
+msgstr "herzaman senkronize"
+
+#: param/loadparm.c:816
+msgid "use mmap"
+msgstr "bellek eŝlemesi kullan"
+
+#: param/loadparm.c:817
+msgid "hostname lookups"
+msgstr "sunucu adŭ arama"
+
+#: param/loadparm.c:818
+msgid "write cache size"
+msgstr "yazma arabellek boyu"
+
+#: param/loadparm.c:820
+msgid "Printing Options"
+msgstr "Yazdŭrma Seçenekleri"
+
+#: param/loadparm.c:822
+msgid "total print jobs"
+msgstr "toplam yazdŭrma iŝleri"
+
+#: param/loadparm.c:823
+msgid "max print jobs"
+msgstr "maksimum yazdŭrma iŝi"
+
+#: param/loadparm.c:824
+msgid "load printers"
+msgstr "yazŭcŭlarŭ yükle"
+
+#: param/loadparm.c:825
+msgid "printcap name"
+msgstr "printcap adŭ"
+
+#: param/loadparm.c:826
+msgid "printcap"
+msgstr "printcap"
+
+#: param/loadparm.c:827
+msgid "printable"
+msgstr "yazdŭrŭlabilir"
+
+#: param/loadparm.c:828
+msgid "print ok"
+msgstr "yazdŭrma tamam"
+
+#: param/loadparm.c:829
+msgid "postscript"
+msgstr "postscript"
+
+#: param/loadparm.c:830
+msgid "printing"
+msgstr "yazdŭrŭyor"
+
+#: param/loadparm.c:831
+msgid "print command"
+msgstr "yazdŭrma komutu"
+
+#: param/loadparm.c:832
+msgid "disable spoolss"
+msgstr "kuyru�u etkisizleŝtir"
+
+#: param/loadparm.c:833
+msgid "lpq command"
+msgstr "lpq komutu"
+
+#: param/loadparm.c:834
+msgid "lprm command"
+msgstr "lprm komutu"
+
+#: param/loadparm.c:835
+msgid "lppause command"
+msgstr "lppause komutu"
+
+#: param/loadparm.c:836
+msgid "lpresume command"
+msgstr "lpresume komutu"
+
+#: param/loadparm.c:837
+msgid "queuepause command"
+msgstr "queuepause komutu"
+
+#: param/loadparm.c:838
+msgid "queueresume command"
+msgstr "queueresume komutu"
+
+#: param/loadparm.c:840
+msgid "enumports command"
+msgstr "port listele komutu"
+
+#: param/loadparm.c:841
+msgid "addprinter command"
+msgstr "yazŭcŭ ekle komutu"
+
+#: param/loadparm.c:842
+msgid "deleteprinter command"
+msgstr "yazŭcŭ sil komutu"
+
+#: param/loadparm.c:843
+msgid "show add printer wizard"
+msgstr "yazŭcŭ ekleme sihirbazŭnŭ göster"
+
+#: param/loadparm.c:844
+msgid "os2 driver map"
+msgstr "os2 sürücü eŝlemesi"
+
+#: param/loadparm.c:846
+msgid "printer name"
+msgstr "yazŭcŭ adŭ"
+
+#: param/loadparm.c:847
+msgid "printer"
+msgstr "yazŭcŭ"
+
+#: param/loadparm.c:848
+msgid "use client driver"
+msgstr "istemci sürücüsü kullan"
+
+#: param/loadparm.c:849
+msgid "printer driver"
+msgstr "yazŭcŭ sürücüsü"
+
+#: param/loadparm.c:850
+msgid "printer driver file"
+msgstr "yazŭcŭ sürücü dosyasŭ"
+
+#: param/loadparm.c:851
+msgid "printer driver location"
+msgstr "yazŭcŭ sürücüsü yeri"
+
+#: param/loadparm.c:853
+msgid "Filename Handling"
+msgstr "Dosyaadŭ Ŭŝlenmesi"
+
+#: param/loadparm.c:854
+msgid "strip dot"
+msgstr "noktalarŭ bastŭr"
+
+#: param/loadparm.c:856
+msgid "mangled stack"
+msgstr "karŭŝtŭrŭlmŭŝ yŭ�ŭt"
+
+#: param/loadparm.c:857
+msgid "default case"
+msgstr "öntanŭmlŭ büyük/küçük harf"
+
+#: param/loadparm.c:858
+msgid "case sensitive"
+msgstr "büyük küçük harfe duyarlŭ"
+
+#: param/loadparm.c:859
+msgid "casesignames"
+msgstr "casesignames"
+
+#: param/loadparm.c:860
+msgid "preserve case"
+msgstr "büyük küçük harf ayrŭmŭnŭ tut"
+
+#: param/loadparm.c:861
+msgid "short preserve case"
+msgstr "kŭsa büyük küçük harf ayrŭmŭnŭ tut"
+
+#: param/loadparm.c:862
+msgid "mangle case"
+msgstr "büyük küçük harf harmanla"
+
+#: param/loadparm.c:863
+msgid "mangling char"
+msgstr "karakter harmanlanŭyor"
+
+#: param/loadparm.c:864
+msgid "hide dot files"
+msgstr "nokta ile baŝlayan dosyalarŭ gizle"
+
+#: param/loadparm.c:865
+msgid "hide unreadable"
+msgstr "okunamazlarŭ sakla"
+
+#: param/loadparm.c:866
+msgid "delete veto files"
+msgstr "veto dosyalarŭnŭ sil"
+
+#: param/loadparm.c:867
+msgid "veto files"
+msgstr "veto dosyalarŭ"
+
+#: param/loadparm.c:868
+msgid "hide files"
+msgstr "dosyalarŭ gizle"
+
+#: param/loadparm.c:869
+msgid "veto oplock files"
+msgstr "veto oplock dosyalarŭ"
+
+#: param/loadparm.c:870
+msgid "map system"
+msgstr "sistemi eŝle"
+
+#: param/loadparm.c:871
+msgid "map hidden"
+msgstr "gizlileri eŝle"
+
+#: param/loadparm.c:872
+msgid "map archive"
+msgstr "arŝivi eŝle"
+
+#: param/loadparm.c:873
+msgid "mangled names"
+msgstr "harmanlanmŭŝ isimler"
+
+#: param/loadparm.c:874
+msgid "mangled map"
+msgstr "harmanlanmŭŝ eŝleŝme"
+
+#: param/loadparm.c:875
+msgid "stat cache"
+msgstr "durum arabelle�i"
+
+#: param/loadparm.c:877
+msgid "Domain Options"
+msgstr "Alan Seçenekleri"
+
+#: param/loadparm.c:879
+msgid "domain admin group"
+msgstr "alan yönetici grubu"
+
+#: param/loadparm.c:880
+msgid "domain guest group"
+msgstr "alan misafir grubu"
+
+#: param/loadparm.c:883
+msgid "groupname map"
+msgstr "grup adŭ eŝlemesi"
+
+#: param/loadparm.c:886
+msgid "machine password timeout"
+msgstr "makina ŝifresi zamanaŝŭmŭ"
+
+#: param/loadparm.c:888
+msgid "Logon Options"
+msgstr "Sistem Giriŝ Seçenekleri"
+
+#: param/loadparm.c:890
+msgid "add user script"
+msgstr "kullanŭcŭ ekleme beti�i"
+
+#: param/loadparm.c:891
+msgid "delete user script"
+msgstr "kullanŭcŭ silme beti�i"
+
+#: param/loadparm.c:892
+msgid "add group script"
+msgstr "grup ekleme beti�i"
+
+#: param/loadparm.c:893
+msgid "delete group script"
+msgstr "grup silme beti�i"
+
+#: param/loadparm.c:894
+msgid "add user to group script"
+msgstr "gruba kullanŭcŭ ekleme beti�i"
+
+#: param/loadparm.c:895
+msgid "delete user from group script"
+msgstr "gruptan kullanŭcŭ silme beti�i"
+
+#: param/loadparm.c:896
+msgid "add machine script"
+msgstr "makina ekleme beti�i"
+
+#: param/loadparm.c:897
+msgid "shutdown script"
+msgstr "sistem kapanŭŝ beti�i"
+
+#: param/loadparm.c:898
+msgid "abort shutdown script"
+msgstr "sistem kapanŭŝ beti�ini durdur"
+
+#: param/loadparm.c:900
+msgid "logon script"
+msgstr "sistem giriŝ beti�i"
+
+#: param/loadparm.c:901
+msgid "logon path"
+msgstr "sistem giriŝ yolu"
+
+#: param/loadparm.c:902
+msgid "logon drive"
+msgstr "sistem giriŝ aygŭtŭ"
+
+#: param/loadparm.c:903
+msgid "logon home"
+msgstr "sistem giriŝ kökü"
+
+#: param/loadparm.c:904
+msgid "domain logons"
+msgstr "alan giriŝleri"
+
+#: param/loadparm.c:906
+msgid "Browse Options"
+msgstr "Gözatma Seçenekleri"
+
+#: param/loadparm.c:908
+msgid "os level"
+msgstr "iŝletim sistem seviyesi"
+
+#: param/loadparm.c:909
+msgid "lm announce"
+msgstr "lm bildirimi"
+
+#: param/loadparm.c:910
+msgid "lm interval"
+msgstr "lm aralŭ�ŭ"
+
+#: param/loadparm.c:911
+msgid "preferred master"
+msgstr "tercih edilen ana alan sunucusu"
+
+#: param/loadparm.c:912
+msgid "prefered master"
+msgstr "tercih edilen ana alan sunucusu"
+
+#: param/loadparm.c:913
+msgid "local master"
+msgstr "yerel alan sunucusu"
+
+#: param/loadparm.c:914
+msgid "domain master"
+msgstr "alan sunucusu"
+
+#: param/loadparm.c:915
+msgid "browse list"
+msgstr "gözatma listesi"
+
+#: param/loadparm.c:916
+msgid "browseable"
+msgstr "gözatŭlabilir"
+
+#: param/loadparm.c:917
+msgid "browsable"
+msgstr "gözatŭlabilir"
+
+#: param/loadparm.c:918
+msgid "enhanced browsing"
+msgstr "geliŝkin gözatma"
+
+#: param/loadparm.c:920
+msgid "WINS Options"
+msgstr "WINS Seçenekleri"
+
+#: param/loadparm.c:921
+msgid "dns proxy"
+msgstr "dns proxy"
+
+#: param/loadparm.c:922
+msgid "wins proxy"
+msgstr "wins proxy"
+
+#: param/loadparm.c:924
+msgid "wins server"
+msgstr "wins sunucusu"
+
+#: param/loadparm.c:925
+msgid "wins support"
+msgstr "wins deste�i"
+
+#: param/loadparm.c:926
+msgid "wins hook"
+msgstr "wins giriŝi"
+
+#: param/loadparm.c:928
+msgid "Locking Options"
+msgstr "Kilitleme Seçenekleri"
+
+#: param/loadparm.c:930
+msgid "blocking locks"
+msgstr "engelleyen kilitler"
+
+#: param/loadparm.c:931
+msgid "fake oplocks"
+msgstr "sahte oplocklar"
+
+#: param/loadparm.c:932
+msgid "kernel oplocks"
+msgstr "çekirdek oplocklarŭ"
+
+#: param/loadparm.c:933
+msgid "locking"
+msgstr "kilitliyor"
+
+#: param/loadparm.c:935
+msgid "oplocks"
+msgstr "oplocklar"
+
+#: param/loadparm.c:936
+msgid "level2 oplocks"
+msgstr "Seviye 2 oplocklar"
+
+#: param/loadparm.c:937
+msgid "oplock break wait time"
+msgstr "oplock kŭrma bekleme süresi"
+
+#: param/loadparm.c:938
+msgid "oplock contention limit"
+msgstr "oplock ihtilaf limiti"
+
+#: param/loadparm.c:939
+msgid "posix locking"
+msgstr "posix kilitlemesi"
+
+#: param/loadparm.c:940
+msgid "strict locking"
+msgstr "sŭkŭ kilitleme"
+
+#: param/loadparm.c:941
+msgid "share modes"
+msgstr "paylaŝŭm kipleri"
+
+#: param/loadparm.c:944
+msgid "Ldap Options"
+msgstr "Ldap Seçenekleri"
+
+#: param/loadparm.c:946
+msgid "ldap server"
+msgstr "ldap sunucusu"
+
+#: param/loadparm.c:947
+msgid "ldap port"
+msgstr "ldap portu"
+
+#: param/loadparm.c:948
+msgid "ldap suffix"
+msgstr "ldap soneki"
+
+#: param/loadparm.c:949
+msgid "ldap filter"
+msgstr "ldap filtresi"
+
+#: param/loadparm.c:950
+msgid "ldap root"
+msgstr "ldap kökü"
+
+#: param/loadparm.c:951
+msgid "ldap root passwd"
+msgstr "ldap kök ŝifresi"
+
+#: param/loadparm.c:954
+msgid "Miscellaneous Options"
+msgstr "Di�er Seçenekler"
+
+#: param/loadparm.c:955
+msgid "add share command"
+msgstr "paylaŝŭm ekle komutu"
+
+#: param/loadparm.c:956
+msgid "change share command"
+msgstr "paylaŝŭm de�iŝtir komutu"
+
+#: param/loadparm.c:957
+msgid "delete share command"
+msgstr "paylaŝŭm sil komutu"
+
+#: param/loadparm.c:959
+msgid "config file"
+msgstr "ayar dosyasŭ"
+
+#: param/loadparm.c:960
+msgid "preload"
+msgstr "önyükle"
+
+#: param/loadparm.c:961
+msgid "auto services"
+msgstr "otomatik servisler"
+
+#: param/loadparm.c:962
+msgid "lock dir"
+msgstr "kilit dizini"
+
+#: param/loadparm.c:963
+msgid "lock directory"
+msgstr "kilit dizini"
+
+#: param/loadparm.c:965
+msgid "utmp directory"
+msgstr "utmp dizini"
+
+#: param/loadparm.c:966
+msgid "wtmp directory"
+msgstr "wtmp dizini"
+
+#: param/loadparm.c:967
+msgid "utmp"
+msgstr "utmp"
+
+#: param/loadparm.c:970
+msgid "default service"
+msgstr "öntanŭmlŭ servis"
+
+#: param/loadparm.c:971
+msgid "default"
+msgstr "öntanŭmlŭ"
+
+#: param/loadparm.c:972
+msgid "message command"
+msgstr "ileti komutu"
+
+#: param/loadparm.c:973
+msgid "dfree command"
+msgstr "dfree komutu"
+
+#: param/loadparm.c:974
+msgid "remote announce"
+msgstr "uzak bildirim"
+
+#: param/loadparm.c:975
+msgid "remote browse sync"
+msgstr "uzak gözatma senkronizasyonu"
+
+#: param/loadparm.c:976
+msgid "socket address"
+msgstr "soket adresi"
+
+#: param/loadparm.c:977
+msgid "homedir map"
+msgstr "evdizini eŝlemesi"
+
+#: param/loadparm.c:978
+msgid "time offset"
+msgstr "zaman kaydŭrmasŭ"
+
+#: param/loadparm.c:979
+msgid "NIS homedir"
+msgstr "NIS evdizini"
+
+#: param/loadparm.c:980
+msgid "-valid"
+msgstr "-geçerli"
+
+#: param/loadparm.c:982
+msgid "copy"
+msgstr "kopyala"
+
+#: param/loadparm.c:983
+msgid "include"
+msgstr "ekle"
+
+#: param/loadparm.c:984
+msgid "exec"
+msgstr "çalŭŝtŭr"
+
+#: param/loadparm.c:985
+msgid "preexec"
+msgstr "preexec"
+
+#: param/loadparm.c:987
+msgid "preexec close"
+msgstr "preexec close"
+
+#: param/loadparm.c:988
+msgid "postexec"
+msgstr "postexec"
+
+#: param/loadparm.c:989
+msgid "root preexec"
+msgstr "root preexec"
+
+#: param/loadparm.c:990
+msgid "root preexec close"
+msgstr "root preexec close"
+
+#: param/loadparm.c:991
+msgid "root postexec"
+msgstr "root postexec"
+
+#: param/loadparm.c:992
+msgid "available"
+msgstr "mevcut"
+
+#: param/loadparm.c:993
+msgid "volume"
+msgstr "volume"
+
+#: param/loadparm.c:994
+msgid "fstype"
+msgstr "dosya sistem tipi"
+
+#: param/loadparm.c:995
+msgid "set directory"
+msgstr "dizini belirle"
+
+#: param/loadparm.c:996
+msgid "source environment"
+msgstr "source environment"
+
+#: param/loadparm.c:997
+msgid "wide links"
+msgstr "wide links"
+
+#: param/loadparm.c:998
+msgid "follow symlinks"
+msgstr "sembolik ba�larŭ izle"
+
+#: param/loadparm.c:999
+msgid "dont descend"
+msgstr "dont descend"
+
+#: param/loadparm.c:1000
+msgid "magic script"
+msgstr "magic script"
+
+#: param/loadparm.c:1001
+msgid "magic output"
+msgstr "magic output"
+
+#: param/loadparm.c:1002
+msgid "delete readonly"
+msgstr "salt okunurlarŭ sil"
+
+#: param/loadparm.c:1003
+msgid "dos filemode"
+msgstr "dos dosya kipi"
+
+#: param/loadparm.c:1004
+msgid "dos filetimes"
+msgstr "dos dosya zamanlarŭ"
+
+#: param/loadparm.c:1005
+msgid "dos filetime resolution"
+msgstr "dos dosya zamanŭ çözünürlü�ü"
+
+#: param/loadparm.c:1007
+msgid "fake directory create times"
+msgstr "dizin oluŝma zamanlarŭnŭ taklit et"
+
+#: param/loadparm.c:1008
+msgid "panic action"
+msgstr "panik iŝlemi"
+
+#: param/loadparm.c:1009
+msgid "hide local users"
+msgstr "yerel kullanŭcŭlarŭ sakla"
+
+#: param/loadparm.c:1012
+msgid "VFS options"
+msgstr "VFS Seçenekleri"
+
+#: param/loadparm.c:1014
+msgid "vfs object"
+msgstr "vfs nesnesi"
+
+#: param/loadparm.c:1015
+msgid "vfs options"
+msgstr "vfs seçenekleri"
+
+#: param/loadparm.c:1018
+msgid "msdfs root"
+msgstr "msdfs kökü"
+
+#: param/loadparm.c:1019
+msgid "host msdfs"
+msgstr "host msdfs"
+
+#: param/loadparm.c:1021
+msgid "Winbind options"
+msgstr "Winbind seçenekleri"
+
+#: param/loadparm.c:1023
+msgid "winbind uid"
+msgstr "winbind uid"
+
+#: param/loadparm.c:1024
+msgid "winbind gid"
+msgstr "winbind gid"
+
+#: param/loadparm.c:1025
+msgid "template homedir"
+msgstr "örnek ev dizini"
+
+#: param/loadparm.c:1026
+msgid "template shell"
+msgstr "örnek kabuk"
+
+#: param/loadparm.c:1027
+msgid "winbind separator"
+msgstr "winbind ayracŭ"
+
+#: param/loadparm.c:1028
+msgid "winbind cache time"
+msgstr "winbind arabellek zamanŭ"
+
+#: param/loadparm.c:1029
+msgid "winbind enum users"
+msgstr "winbind kullanŭcŭ listele"
+
+#: param/loadparm.c:1030
+msgid "winbind enum groups"
+msgstr "winbind grup listele"
+
diff --git a/source3/popt/.cvsignore b/source3/popt/.cvsignore
new file mode 100644
index 0000000000..86b08b58d2
--- /dev/null
+++ b/source3/popt/.cvsignore
@@ -0,0 +1,8 @@
+ID
+Makefile
+config.cache
+config.h
+config.log
+config.status
+rsync
+zlib/dummy
diff --git a/source3/popt/CHANGES b/source3/popt/CHANGES
new file mode 100644
index 0000000000..b6ab2aa308
--- /dev/null
+++ b/source3/popt/CHANGES
@@ -0,0 +1,43 @@
+1.3 ->
+	- heavy dose of const's
+	- poptParseArgvString() now NULL terminates the list
+
+1.2.3 -> 1.3
+	- added support for single -
+	- misc bug fixes
+	- portability improvements
+
+1.2.2 -> 1.2.3
+	- fixed memset() in help message generation (Dale Hawkins)
+	- added extern "C" stuff to popt.h for C++ compilers (Dale Hawkins)
+	- const'ified poptParseArgvString (Jeff Garzik)
+
+1.2.1 -> 1.2.2
+	- fixed bug in chaind alias happens which seems to have only
+	  affected --triggers in rpm
+	- added POPT_ARG_VAL
+	- popt.3 installed by default
+
+1.2 -> 1.2.1
+	- added POPT_ARG_INTL_DOMAIN (Elliot Lee)
+	- updated Makefile's to be more GNUish (Elliot Lee)
+
+1.1 -> 1.2
+	- added popt.3 man page (Robert Lynch)
+	- don't use mmap anymore (its lack of portability isn't worth the
+	  trouble)
+	- added test script
+	- added support for exec
+	- removed support for *_POPT_ALIASES env variable -- it was a bad
+	  idea
+	- reorganized into multiple source files
+	- added automatic help generation, POPT_AUTOHELP
+	- added table callbacks
+	- added table inclusion
+	- updated man page for new features
+	- added test scripts
+
+1.0 -> 1.1
+	- moved to autoconf (Fred Fish)
+	- added STRERROR replacement (Norbert Warmuth)
+	- added const keywords (Bruce Perens)
diff --git a/source3/popt/COPYING b/source3/popt/COPYING
new file mode 100644
index 0000000000..b4c7ca876c
--- /dev/null
+++ b/source3/popt/COPYING
@@ -0,0 +1,22 @@
+Copyright (c) 1998  Red Hat Software
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, the name of the X Consortium shall not be
+used in advertising or otherwise to promote the sale, use or other dealings
+in this Software without prior written authorization from the X Consortium.
diff --git a/source3/popt/README b/source3/popt/README
new file mode 100644
index 0000000000..7fccc836ff
--- /dev/null
+++ b/source3/popt/README
@@ -0,0 +1,18 @@
+This is the popt command line option parsing library. While it is similiar
+to getopt(3), it contains a number of enhancements, including:
+
+	1) popt is fully reentrant
+	2) popt can parse arbitrary argv[] style arrays while 
+	   getopt(2) makes this quite difficult
+	3) popt allows users to alias command line arguments
+	4) popt provides convience functions for parsting strings
+	   into argv[] style arrays
+
+popt is used by rpm, the Red Hat install program, and many other Red Hat
+utilities, all of which provide excellent examples of how to use popt. 
+Complete documentation on popt is available in popt.ps (included in this
+tarball), which is excerpted with permission from the book "Linux
+Application Development" by Michael K. Johnson and Erik Troan (availble
+from Addison Wesley in May, 1998).
+
+Comments on popt should be addressed to ewt@redhat.com.
diff --git a/source3/popt/dummy.in b/source3/popt/dummy.in
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/source3/popt/dummy.in
diff --git a/source3/popt/findme.c b/source3/popt/findme.c
new file mode 100644
index 0000000000..f2ad05bb3f
--- /dev/null
+++ b/source3/popt/findme.c
@@ -0,0 +1,46 @@
+/* (C) 1998 Red Hat Software, Inc. -- Licensing details are in the COPYING
+   file accompanying popt source distributions, available from 
+   ftp://ftp.redhat.com/pub/code/popt */
+
+#include "system.h"
+#include "findme.h"
+
+const char * findProgramPath(const char * argv0) {
+    char * path = getenv("PATH");
+    char * pathbuf;
+    char * start, * chptr;
+    char * buf, *local = NULL;
+
+    /* If there is a / in the argv[0], it has to be an absolute
+       path */
+    if (strchr(argv0, '/'))
+	return xstrdup(argv0);
+
+    if (!path) return NULL;
+
+    local = start = pathbuf = malloc(strlen(path) + 1);
+    buf = malloc(strlen(path) + strlen(argv0) + 2);
+    strcpy(pathbuf, path);
+
+    chptr = NULL;
+    do {
+	if ((chptr = strchr(start, ':')))
+	    *chptr = '\0';
+	sprintf(buf, "%s/%s", start, argv0);
+
+	if (!access(buf, X_OK)) {
+		if (local) free(local);
+		return buf;
+	}
+
+	if (chptr) 
+	    start = chptr + 1;
+	else
+	    start = NULL;
+    } while (start && *start);
+
+    free(buf);
+    if (local) free(local);
+
+    return NULL;
+}
diff --git a/source3/popt/findme.h b/source3/popt/findme.h
new file mode 100644
index 0000000000..5e93963d60
--- /dev/null
+++ b/source3/popt/findme.h
@@ -0,0 +1,10 @@
+/* (C) 1998 Red Hat Software, Inc. -- Licensing details are in the COPYING
+   file accompanying popt source distributions, available from 
+   ftp://ftp.redhat.com/pub/code/popt */
+
+#ifndef H_FINDME
+#define H_FINDME
+
+const char * findProgramPath(const char * argv0);
+
+#endif
diff --git a/source3/popt/popt.c b/source3/popt/popt.c
new file mode 100644
index 0000000000..9fa8650312
--- /dev/null
+++ b/source3/popt/popt.c
@@ -0,0 +1,782 @@
+/* (C) 1998 Red Hat Software, Inc. -- Licensing details are in the COPYING
+   file accompanying popt source distributions, available from
+   ftp://ftp.redhat.com/pub/code/popt */
+
+#include "system.h"
+#include "findme.h"
+#include "poptint.h"
+
+#ifndef HAVE_STRERROR
+static char * strerror(int errno) {
+    extern int sys_nerr;
+    extern char * sys_errlist[];
+
+    if ((0 <= errno) && (errno < sys_nerr))
+	return sys_errlist[errno];
+    else
+	return POPT_("unknown errno");
+}
+#endif
+
+void poptSetExecPath(poptContext con, const char * path, int allowAbsolute) {
+    if (con->execPath) xfree(con->execPath);
+    con->execPath = xstrdup(path);
+    con->execAbsolute = allowAbsolute;
+}
+
+static void invokeCallbacks(poptContext con, const struct poptOption * table,
+			    int post) {
+    const struct poptOption * opt = table;
+    poptCallbackType cb;
+
+    while (opt->longName || opt->shortName || opt->arg) {
+	if ((opt->argInfo & POPT_ARG_MASK) == POPT_ARG_INCLUDE_TABLE) {
+	    invokeCallbacks(con, opt->arg, post);
+	} else if (((opt->argInfo & POPT_ARG_MASK) == POPT_ARG_CALLBACK) &&
+		   ((!post && (opt->argInfo & POPT_CBFLAG_PRE)) ||
+		    ( post && (opt->argInfo & POPT_CBFLAG_POST)))) {
+	    cb = (poptCallbackType)opt->arg;
+	    cb(con, post ? POPT_CALLBACK_REASON_POST : POPT_CALLBACK_REASON_PRE,
+	       NULL, NULL, opt->descrip);
+	}
+	opt++;
+    }
+}
+
+poptContext poptGetContext(const char * name, int argc, const char ** argv,
+			   const struct poptOption * options, int flags) {
+    poptContext con = malloc(sizeof(*con));
+
+    memset(con, 0, sizeof(*con));
+
+    con->os = con->optionStack;
+    con->os->argc = argc;
+    con->os->argv = argv;
+    con->os->argb = NULL;
+
+    if (!(flags & POPT_CONTEXT_KEEP_FIRST))
+	con->os->next = 1;			/* skip argv[0] */
+
+    con->leftovers = calloc( (argc + 1), sizeof(char *) );
+    con->options = options;
+    con->aliases = NULL;
+    con->numAliases = 0;
+    con->flags = flags;
+    con->execs = NULL;
+    con->numExecs = 0;
+    con->finalArgvAlloced = argc * 2;
+    con->finalArgv = calloc( con->finalArgvAlloced, sizeof(*con->finalArgv) );
+    con->execAbsolute = 1;
+    con->arg_strip = NULL;
+
+    if (getenv("POSIXLY_CORRECT") || getenv("POSIX_ME_HARDER"))
+	con->flags |= POPT_CONTEXT_POSIXMEHARDER;
+
+    if (name)
+	con->appName = strcpy(malloc(strlen(name) + 1), name);
+
+    invokeCallbacks(con, con->options, 0);
+
+    return con;
+}
+
+static void cleanOSE(struct optionStackEntry *os)
+{
+    if (os->nextArg) {
+	xfree(os->nextArg);
+	os->nextArg = NULL;
+    }
+    if (os->argv) {
+	xfree(os->argv);
+	os->argv = NULL;
+    }
+    if (os->argb) {
+	PBM_FREE(os->argb);
+	os->argb = NULL;
+    }
+}
+
+void poptResetContext(poptContext con) {
+    int i;
+
+    while (con->os > con->optionStack) {
+	cleanOSE(con->os--);
+    }
+    if (con->os->argb) {
+	PBM_FREE(con->os->argb);
+	con->os->argb = NULL;
+    }
+    con->os->currAlias = NULL;
+    con->os->nextCharArg = NULL;
+    con->os->nextArg = NULL;
+    con->os->next = 1;			/* skip argv[0] */
+
+    con->numLeftovers = 0;
+    con->nextLeftover = 0;
+    con->restLeftover = 0;
+    con->doExec = NULL;
+
+    for (i = 0; i < con->finalArgvCount; i++) {
+	if (con->finalArgv[i]) {
+	    xfree(con->finalArgv[i]);
+	    con->finalArgv[i] = NULL;
+	}
+    }
+
+    con->finalArgvCount = 0;
+
+    if (con->arg_strip) {
+	PBM_FREE(con->arg_strip);
+	con->arg_strip = NULL;
+    }
+}
+
+/* Only one of longName, shortName may be set at a time */
+static int handleExec(poptContext con, char * longName, char shortName) {
+    int i;
+
+    i = con->numExecs - 1;
+    if (longName) {
+	while (i >= 0 && (!con->execs[i].longName ||
+	    strcmp(con->execs[i].longName, longName))) i--;
+    } else {
+	while (i >= 0 &&
+	    con->execs[i].shortName != shortName) i--;
+    }
+
+    if (i < 0) return 0;
+
+    if (con->flags & POPT_CONTEXT_NO_EXEC)
+	return 1;
+
+    if (con->doExec == NULL) {
+	con->doExec = con->execs + i;
+	return 1;
+    }
+
+    /* We already have an exec to do; remember this option for next
+       time 'round */
+    if ((con->finalArgvCount + 1) >= (con->finalArgvAlloced)) {
+	con->finalArgvAlloced += 10;
+	con->finalArgv = realloc(con->finalArgv,
+			sizeof(*con->finalArgv) * con->finalArgvAlloced);
+    }
+
+    i = con->finalArgvCount++;
+    {	char *s  = malloc((longName ? strlen(longName) : 0) + 3);
+	if (longName)
+	    sprintf(s, "--%s", longName);
+	else
+	    sprintf(s, "-%c", shortName);
+	con->finalArgv[i] = s;
+    }
+
+    return 1;
+}
+
+/* Only one of longName, shortName may be set at a time */
+static int handleAlias(poptContext con, const char * longName, char shortName,
+		       /*@keep@*/ const char * nextCharArg) {
+    int i;
+
+    if (con->os->currAlias && con->os->currAlias->longName && longName &&
+	!strcmp(con->os->currAlias->longName, longName))
+	return 0;
+    if (con->os->currAlias && shortName &&
+	    shortName == con->os->currAlias->shortName)
+	return 0;
+
+    i = con->numAliases - 1;
+    if (longName) {
+	while (i >= 0 && (!con->aliases[i].longName ||
+	    strcmp(con->aliases[i].longName, longName))) i--;
+    } else {
+	while (i >= 0 &&
+	    con->aliases[i].shortName != shortName) i--;
+    }
+
+    if (i < 0) return 0;
+
+    if ((con->os - con->optionStack + 1) == POPT_OPTION_DEPTH)
+	return POPT_ERROR_OPTSTOODEEP;
+
+    if (nextCharArg && *nextCharArg)
+	con->os->nextCharArg = nextCharArg;
+
+    con->os++;
+    con->os->next = 0;
+    con->os->stuffed = 0;
+    con->os->nextArg = NULL;
+    con->os->nextCharArg = NULL;
+    con->os->currAlias = con->aliases + i;
+    poptDupArgv(con->os->currAlias->argc, con->os->currAlias->argv,
+		&con->os->argc, &con->os->argv);
+    con->os->argb = NULL;
+
+    return 1;
+}
+
+static void execCommand(poptContext con) {
+    const char ** argv;
+    int pos = 0;
+    const char * script = con->doExec->script;
+
+    argv = malloc(sizeof(*argv) *
+			(6 + con->numLeftovers + con->finalArgvCount));
+
+    if (!con->execAbsolute && strchr(script, '/')) return;
+
+    if (!strchr(script, '/') && con->execPath) {
+	char *s = malloc(strlen(con->execPath) + strlen(script) + 2);
+	sprintf(s, "%s/%s", con->execPath, script);
+	argv[pos] = s;
+    } else {
+	argv[pos] = script;
+    }
+    pos++;
+
+    argv[pos] = findProgramPath(con->os->argv[0]);
+    if (argv[pos]) pos++;
+    argv[pos++] = ";";
+
+    memcpy(argv + pos, con->finalArgv, sizeof(*argv) * con->finalArgvCount);
+    pos += con->finalArgvCount;
+
+    if (con->numLeftovers) {
+	argv[pos++] = "--";
+	memcpy(argv + pos, con->leftovers, sizeof(*argv) * con->numLeftovers);
+	pos += con->numLeftovers;
+    }
+
+    argv[pos++] = NULL;
+
+#ifdef __hpux
+    setresuid(getuid(), getuid(),-1);
+#else
+/*
+ * XXX " ... on BSD systems setuid() should be preferred over setreuid()"
+ * XXX 	sez' Timur Bakeyev <mc@bat.ru>
+ * XXX	from Norbert Warmuth <nwarmuth@privat.circular.de>
+ */
+#if defined(HAVE_SETUID)
+    setuid(getuid());
+#elif defined (HAVE_SETREUID)
+    setreuid(getuid(), getuid()); /*hlauer: not portable to hpux9.01 */
+#else
+    ; /* Can't drop privileges */
+#endif
+#endif
+
+    execvp(argv[0], (char *const *)argv);
+}
+
+/*@observer@*/ static const struct poptOption *
+findOption(const struct poptOption * table, const char * longName,
+    char shortName,
+    /*@out@*/ poptCallbackType * callback, /*@out@*/ const void ** callbackData,
+    int singleDash)
+{
+    const struct poptOption * opt = table;
+    const struct poptOption * opt2;
+    const struct poptOption * cb = NULL;
+
+    /* This happens when a single - is given */
+    if (singleDash && !shortName && !*longName)
+	shortName = '-';
+
+    while (opt->longName || opt->shortName || opt->arg) {
+	if ((opt->argInfo & POPT_ARG_MASK) == POPT_ARG_INCLUDE_TABLE) {
+	    opt2 = findOption(opt->arg, longName, shortName, callback,
+			      callbackData, singleDash);
+	    if (opt2) {
+		if (*callback && !*callbackData)
+		    *callbackData = opt->descrip;
+		return opt2;
+	    }
+	} else if ((opt->argInfo & POPT_ARG_MASK) == POPT_ARG_CALLBACK) {
+	    cb = opt;
+	} else if (longName && opt->longName &&
+		   (!singleDash || (opt->argInfo & POPT_ARGFLAG_ONEDASH)) &&
+		   !strcmp(longName, opt->longName)) {
+	    break;
+	} else if (shortName && shortName == opt->shortName) {
+	    break;
+	}
+	opt++;
+    }
+
+    if (!opt->longName && !opt->shortName) return NULL;
+    *callbackData = NULL;
+    *callback = NULL;
+    if (cb) {
+	*callback = (poptCallbackType)cb->arg;
+	if (!(cb->argInfo & POPT_CBFLAG_INC_DATA))
+	    *callbackData = cb->descrip;
+    }
+
+    return opt;
+}
+
+static const char *findNextArg(poptContext con, unsigned argx, int delete)
+{
+    struct optionStackEntry * os = con->os;
+    const char * arg;
+
+    do {
+	int i;
+	arg = NULL;
+	while (os->next == os->argc && os > con->optionStack) os--;
+	if (os->next == os->argc && os == con->optionStack) break;
+	for (i = os->next; i < os->argc; i++) {
+	    if (os->argb && PBM_ISSET(i, os->argb)) continue;
+	    if (*os->argv[i] == '-') continue;
+	    if (--argx > 0) continue;
+	    arg = os->argv[i];
+	    if (delete) {
+		if (os->argb == NULL) os->argb = PBM_ALLOC(os->argc);
+		PBM_SET(i, os->argb);
+	    }
+	    break;
+	}
+	if (os > con->optionStack) os--;
+    } while (arg == NULL);
+    return arg;
+}
+
+static /*@only@*/ const char * expandNextArg(poptContext con, const char * s)
+{
+    const char *a;
+    size_t alen;
+    char *t, *te;
+    size_t tn = strlen(s) + 1;
+    char c;
+
+    te = t = malloc(tn);;
+    while ((c = *s++) != '\0') {
+	switch (c) {
+#if 0	/* XXX can't do this */
+	case '\\':	/* escape */
+	    c = *s++;
+	    break;
+#endif
+	case '!':
+	    if (!(s[0] == '#' && s[1] == ':' && s[2] == '+'))
+		break;
+	    if ((a = findNextArg(con, 1, 1)) == NULL)
+		break;
+	    s += 3;
+
+	    alen = strlen(a);
+	    tn += alen;
+	    *te = '\0';
+	    t = realloc(t, tn);
+	    te = t + strlen(t);
+	    strncpy(te, a, alen); te += alen;
+	    continue;
+	    /*@notreached@*/ break;
+	default:
+	    break;
+	}
+	*te++ = c;
+    }
+    *te = '\0';
+    t = realloc(t, strlen(t)+1);	/* XXX memory leak, hard to plug */
+    return t;
+}
+
+static void poptStripArg(poptContext con, int which)
+{
+    if(con->arg_strip == NULL) {
+	con->arg_strip = PBM_ALLOC(con->optionStack[0].argc);
+    }
+    PBM_SET(which, con->arg_strip);
+}
+
+/* returns 'val' element, -1 on last item, POPT_ERROR_* on error */
+int poptGetNextOpt(poptContext con)
+{
+    const struct poptOption * opt = NULL;
+    int done = 0;
+
+    /* looks a bit tricky to get rid of alloca properly in this fn */
+#if HAVE_ALLOCA_H
+#define ALLOCA(x) alloca(x)
+#else
+#define ALLOCA(x) malloc(x)
+#endif
+
+
+    while (!done) {
+	const char * origOptString = NULL;
+	poptCallbackType cb = NULL;
+	const void * cbData = NULL;
+	const char * longArg = NULL;
+	int canstrip = 0;
+
+	while (!con->os->nextCharArg && con->os->next == con->os->argc
+		&& con->os > con->optionStack) {
+	    cleanOSE(con->os--);
+	}
+	if (!con->os->nextCharArg && con->os->next == con->os->argc) {
+	    invokeCallbacks(con, con->options, 1);
+	    if (con->doExec) execCommand(con);
+	    return -1;
+	}
+
+	/* Process next long option */
+	if (!con->os->nextCharArg) {
+	    char * localOptString, * optString;
+	    int thisopt;
+
+	    if (con->os->argb && PBM_ISSET(con->os->next, con->os->argb)) {
+		con->os->next++;
+		continue;
+	    }
+	    thisopt=con->os->next;
+	    origOptString = con->os->argv[con->os->next++];
+
+	    if (con->restLeftover || *origOptString != '-') {
+		con->leftovers[con->numLeftovers++] = origOptString;
+		if (con->flags & POPT_CONTEXT_POSIXMEHARDER)
+		    con->restLeftover = 1;
+		continue;
+	    }
+
+	    /* Make a copy we can hack at */
+	    localOptString = optString =
+			strcpy(ALLOCA(strlen(origOptString) + 1),
+			origOptString);
+
+	    if (!optString[0])
+		return POPT_ERROR_BADOPT;
+
+	    if (optString[1] == '-' && !optString[2]) {
+		con->restLeftover = 1;
+		continue;
+	    } else {
+		char *oe;
+		int singleDash;
+
+		optString++;
+		if (*optString == '-')
+		    singleDash = 0, optString++;
+		else
+		    singleDash = 1;
+
+		/* XXX aliases with arg substitution need "--alias=arg" */
+		if (handleAlias(con, optString, '\0', NULL))
+		    continue;
+		if (handleExec(con, optString, '\0'))
+		    continue;
+
+		/* Check for "--long=arg" option. */
+		for (oe = optString; *oe && *oe != '='; oe++)
+		    ;
+		if (*oe == '=') {
+		    *oe++ = '\0';
+		    /* XXX longArg is mapped back to persistent storage. */
+		    longArg = origOptString + (oe - localOptString);
+		}
+
+		opt = findOption(con->options, optString, '\0', &cb, &cbData,
+				 singleDash);
+		if (!opt && !singleDash)
+		    return POPT_ERROR_BADOPT;
+	    }
+
+	    if (!opt) {
+		con->os->nextCharArg = origOptString + 1;
+	    } else {
+		if(con->os == con->optionStack &&
+		   opt->argInfo & POPT_ARGFLAG_STRIP) {
+		    canstrip = 1;
+		    poptStripArg(con, thisopt);
+		}
+	    }
+	}
+
+	/* Process next short option */
+	if (con->os->nextCharArg) {
+	    origOptString = con->os->nextCharArg;
+
+	    con->os->nextCharArg = NULL;
+
+	    if (handleAlias(con, NULL, *origOptString,
+			    origOptString + 1)) {
+		origOptString++;
+		continue;
+	    }
+	    if (handleExec(con, NULL, *origOptString))
+		continue;
+
+	    opt = findOption(con->options, NULL, *origOptString, &cb,
+			     &cbData, 0);
+	    if (!opt)
+		return POPT_ERROR_BADOPT;
+
+	    origOptString++;
+	    if (*origOptString)
+		con->os->nextCharArg = origOptString;
+	}
+
+	if (opt->arg && (opt->argInfo & POPT_ARG_MASK) == POPT_ARG_NONE) {
+	    *((int *)opt->arg) = 1;
+	} else if ((opt->argInfo & POPT_ARG_MASK) == POPT_ARG_VAL) {
+	    if (opt->arg)
+		*((int *) opt->arg) = opt->val;
+	} else if ((opt->argInfo & POPT_ARG_MASK) != POPT_ARG_NONE) {
+	    if (con->os->nextArg) {
+		xfree(con->os->nextArg);
+		con->os->nextArg = NULL;
+	    }
+	    if (longArg) {
+		con->os->nextArg = expandNextArg(con, longArg);
+	    } else if (con->os->nextCharArg) {
+		con->os->nextArg = expandNextArg(con, con->os->nextCharArg);
+		con->os->nextCharArg = NULL;
+	    } else {
+		while (con->os->next == con->os->argc &&
+		       con->os > con->optionStack) {
+		    cleanOSE(con->os--);
+		}
+		if (con->os->next == con->os->argc)
+		    return POPT_ERROR_NOARG;
+
+		/* make sure this isn't part of a short arg or the
+                   result of an alias expansion */
+		if(con->os == con->optionStack &&
+		   opt->argInfo & POPT_ARGFLAG_STRIP &&
+		   canstrip) {
+		    poptStripArg(con, con->os->next);
+		}
+		
+		con->os->nextArg = expandNextArg(con, con->os->argv[con->os->next++]);
+	    }
+
+	    if (opt->arg) {
+		long aLong;
+		char *end;
+
+		switch (opt->argInfo & POPT_ARG_MASK) {
+		  case POPT_ARG_STRING:
+		    /* XXX memory leak, hard to plug */
+		    *((const char **) opt->arg) = xstrdup(con->os->nextArg);
+		    break;
+
+		  case POPT_ARG_INT:
+		  case POPT_ARG_LONG:
+		    aLong = strtol(con->os->nextArg, &end, 0);
+		    if (!(end && *end == '\0'))
+			return POPT_ERROR_BADNUMBER;
+
+		    if (aLong == LONG_MIN || aLong == LONG_MAX)
+			return POPT_ERROR_OVERFLOW;
+		    if ((opt->argInfo & POPT_ARG_MASK) == POPT_ARG_LONG) {
+			*((long *) opt->arg) = aLong;
+		    } else {
+			if (aLong > INT_MAX || aLong < INT_MIN)
+			    return POPT_ERROR_OVERFLOW;
+			*((int *) opt->arg) = aLong;
+		    }
+		    break;
+
+		  default:
+		    fprintf(stdout, POPT_("option type (%d) not implemented in popt\n"),
+		      opt->argInfo & POPT_ARG_MASK);
+		    exit(EXIT_FAILURE);
+		}
+	    }
+	}
+
+	if (cb)
+	    cb(con, POPT_CALLBACK_REASON_OPTION, opt, con->os->nextArg, cbData);
+	else if (opt->val && ((opt->argInfo & POPT_ARG_MASK) != POPT_ARG_VAL))
+	    done = 1;
+
+	if ((con->finalArgvCount + 2) >= (con->finalArgvAlloced)) {
+	    con->finalArgvAlloced += 10;
+	    con->finalArgv = realloc(con->finalArgv,
+			    sizeof(*con->finalArgv) * con->finalArgvAlloced);
+	}
+
+	{    char *s = malloc((opt->longName ? strlen(opt->longName) : 0) + 3);
+	    if (opt->longName)
+		sprintf(s, "--%s", opt->longName);
+	    else
+		sprintf(s, "-%c", opt->shortName);
+	    con->finalArgv[con->finalArgvCount++] = s;
+	}
+
+	if (opt->arg && (opt->argInfo & POPT_ARG_MASK) != POPT_ARG_NONE
+		     && (opt->argInfo & POPT_ARG_MASK) != POPT_ARG_VAL) {
+	    con->finalArgv[con->finalArgvCount++] = xstrdup(con->os->nextArg);
+	}
+    }
+
+    return opt->val;
+}
+
+const char * poptGetOptArg(poptContext con) {
+    const char * ret = con->os->nextArg;
+    con->os->nextArg = NULL;
+    return ret;
+}
+
+const char * poptGetArg(poptContext con) {
+    if (con->numLeftovers == con->nextLeftover) return NULL;
+    return con->leftovers[con->nextLeftover++];
+}
+
+const char * poptPeekArg(poptContext con) {
+    if (con->numLeftovers == con->nextLeftover) return NULL;
+    return con->leftovers[con->nextLeftover];
+}
+
+const char ** poptGetArgs(poptContext con) {
+    if (con->numLeftovers == con->nextLeftover) return NULL;
+
+    /* some apps like [like RPM ;-) ] need this NULL terminated */
+    con->leftovers[con->numLeftovers] = NULL;
+
+    return (con->leftovers + con->nextLeftover);
+}
+
+void poptFreeContext(poptContext con) {
+    int i;
+
+    poptResetContext(con);
+    if (con->os->argb) free(con->os->argb);
+
+    for (i = 0; i < con->numAliases; i++) {
+	if (con->aliases[i].longName) xfree(con->aliases[i].longName);
+	free(con->aliases[i].argv);
+    }
+
+    for (i = 0; i < con->numExecs; i++) {
+	if (con->execs[i].longName) xfree(con->execs[i].longName);
+	xfree(con->execs[i].script);
+    }
+    if (con->execs) xfree(con->execs);
+
+    free(con->leftovers);
+    free(con->finalArgv);
+    if (con->appName) xfree(con->appName);
+    if (con->aliases) free(con->aliases);
+    if (con->otherHelp) xfree(con->otherHelp);
+    if (con->execPath) xfree(con->execPath);
+    if (con->arg_strip) PBM_FREE(con->arg_strip);
+    
+    free(con);
+}
+
+int poptAddAlias(poptContext con, struct poptAlias newAlias,
+		/*@unused@*/ int flags)
+{
+    int aliasNum = con->numAliases++;
+    struct poptAlias * alias;
+
+    /* SunOS won't realloc(NULL, ...) */
+    if (!con->aliases)
+	con->aliases = malloc(sizeof(newAlias) * con->numAliases);
+    else
+	con->aliases = realloc(con->aliases,
+			       sizeof(newAlias) * con->numAliases);
+    alias = con->aliases + aliasNum;
+
+    alias->longName = (newAlias.longName)
+	? strcpy(malloc(strlen(newAlias.longName) + 1), newAlias.longName)
+	: NULL;
+    alias->shortName = newAlias.shortName;
+    alias->argc = newAlias.argc;
+    alias->argv = newAlias.argv;
+
+    return 0;
+}
+
+const char * poptBadOption(poptContext con, int flags) {
+    struct optionStackEntry * os;
+
+    if (flags & POPT_BADOPTION_NOALIAS)
+	os = con->optionStack;
+    else
+	os = con->os;
+
+    return os->argv[os->next - 1];
+}
+
+#define POPT_ERROR_NOARG	-10
+#define POPT_ERROR_BADOPT	-11
+#define POPT_ERROR_OPTSTOODEEP	-13
+#define POPT_ERROR_BADQUOTE	-15	/* only from poptParseArgString() */
+#define POPT_ERROR_ERRNO	-16	/* only from poptParseArgString() */
+
+const char *poptStrerror(const int error) {
+    switch (error) {
+      case POPT_ERROR_NOARG:
+	return POPT_("missing argument");
+      case POPT_ERROR_BADOPT:
+	return POPT_("unknown option");
+      case POPT_ERROR_OPTSTOODEEP:
+	return POPT_("aliases nested too deeply");
+      case POPT_ERROR_BADQUOTE:
+	return POPT_("error in paramter quoting");
+      case POPT_ERROR_BADNUMBER:
+	return POPT_("invalid numeric value");
+      case POPT_ERROR_OVERFLOW:
+	return POPT_("number too large or too small");
+      case POPT_ERROR_ERRNO:
+	return strerror(errno);
+      default:
+	return POPT_("unknown error");
+    }
+}
+
+int poptStuffArgs(poptContext con, const char ** argv) {
+    int argc;
+
+    if ((con->os - con->optionStack) == POPT_OPTION_DEPTH)
+	return POPT_ERROR_OPTSTOODEEP;
+
+    for (argc = 0; argv[argc]; argc++)
+	;
+
+    con->os++;
+    con->os->next = 0;
+    con->os->nextArg = NULL;
+    con->os->nextCharArg = NULL;
+    con->os->currAlias = NULL;
+    poptDupArgv(argc, argv, &con->os->argc, &con->os->argv);
+    con->os->argb = NULL;
+    con->os->stuffed = 1;
+
+    return 0;
+}
+
+const char * poptGetInvocationName(poptContext con) {
+    return con->os->argv[0];
+}
+
+int poptStrippedArgv(poptContext con, int argc, char **argv)
+{
+    int i,j=1, numargs=argc;
+    
+    for(i=1; i<argc; i++) {
+	if(PBM_ISSET(i, con->arg_strip)) {
+	    numargs--;
+	}
+    }
+    
+    for(i=1; i<argc; i++) {
+	if(PBM_ISSET(i, con->arg_strip)) {
+	    continue;
+	} else {
+	    if(j<numargs) {
+		argv[j++]=argv[i];
+	    } else {
+		argv[j++]='\0';
+	    }
+	}
+    }
+    
+    return(numargs);
+}
diff --git a/source3/popt/popt.h b/source3/popt/popt.h
new file mode 100644
index 0000000000..c33cedaec9
--- /dev/null
+++ b/source3/popt/popt.h
@@ -0,0 +1,130 @@
+/* (C) 1998 Red Hat Software, Inc. -- Licensing details are in the COPYING
+   file accompanying popt source distributions, available from 
+   ftp://ftp.redhat.com/pub/code/popt */
+
+#ifndef H_POPT
+#define H_POPT
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <stdio.h>			/* for FILE * */
+
+#define POPT_OPTION_DEPTH	10
+
+#define POPT_ARG_NONE		0
+#define POPT_ARG_STRING		1
+#define POPT_ARG_INT		2
+#define POPT_ARG_LONG		3
+#define POPT_ARG_INCLUDE_TABLE	4	/* arg points to table */
+#define POPT_ARG_CALLBACK	5	/* table-wide callback... must be
+					   set first in table; arg points 
+					   to callback, descrip points to 
+					   callback data to pass */
+#define POPT_ARG_INTL_DOMAIN    6       /* set the translation domain
+					   for this table and any
+					   included tables; arg points
+					   to the domain string */
+#define POPT_ARG_VAL		7	/* arg should take value val */
+#define POPT_ARG_MASK		0x0000FFFF
+#define POPT_ARGFLAG_ONEDASH	0x80000000  /* allow -longoption */
+#define POPT_ARGFLAG_DOC_HIDDEN 0x40000000  /* don't show in help/usage */
+#define POPT_ARGFLAG_STRIP	0x20000000  /* strip this arg from argv (only applies to long args) */
+#define POPT_CBFLAG_PRE		0x80000000  /* call the callback before parse */
+#define POPT_CBFLAG_POST	0x40000000  /* call the callback after parse */
+#define POPT_CBFLAG_INC_DATA	0x20000000  /* use data from the include line,
+					       not the subtable */
+
+#define POPT_ERROR_NOARG	-10
+#define POPT_ERROR_BADOPT	-11
+#define POPT_ERROR_OPTSTOODEEP	-13
+#define POPT_ERROR_BADQUOTE	-15	/* only from poptParseArgString() */
+#define POPT_ERROR_ERRNO	-16	/* only from poptParseArgString() */
+#define POPT_ERROR_BADNUMBER	-17
+#define POPT_ERROR_OVERFLOW	-18
+
+/* poptBadOption() flags */
+#define POPT_BADOPTION_NOALIAS  (1 << 0)  /* don't go into an alias */
+
+/* poptGetContext() flags */
+#define POPT_CONTEXT_NO_EXEC	(1 << 0)  /* ignore exec expansions */
+#define POPT_CONTEXT_KEEP_FIRST	(1 << 1)  /* pay attention to argv[0] */
+#define POPT_CONTEXT_POSIXMEHARDER (1 << 2) /* options can't follow args */
+
+struct poptOption {
+    /*@observer@*/ /*@null@*/ const char * longName;	/* may be NULL */
+    char shortName;		/* may be '\0' */
+    int argInfo;
+    /*@shared@*/ /*@null@*/ void * arg;		/* depends on argInfo */
+    int val;			/* 0 means don't return, just update flag */
+    /*@shared@*/ /*@null@*/ const char * descrip;	/* description for autohelp -- may be NULL */
+    /*@shared@*/ /*@null@*/ const char * argDescrip;	/* argument description for autohelp */
+};
+
+struct poptAlias {
+    /*@owned@*/ /*@null@*/ const char * longName;	/* may be NULL */
+    char shortName;		/* may be '\0' */
+    int argc;
+    /*@owned@*/ const char ** argv;		/* must be free()able */
+};
+
+extern struct poptOption poptHelpOptions[];
+#define POPT_AUTOHELP { NULL, '\0', POPT_ARG_INCLUDE_TABLE, poptHelpOptions, \
+			0, "Help options", NULL },
+
+typedef struct poptContext_s * poptContext;
+#ifndef __cplusplus
+typedef struct poptOption * poptOption;
+#endif
+
+enum poptCallbackReason { POPT_CALLBACK_REASON_PRE, 
+			  POPT_CALLBACK_REASON_POST,
+			  POPT_CALLBACK_REASON_OPTION };
+typedef void (*poptCallbackType)(poptContext con, 
+				 enum poptCallbackReason reason,
+			         const struct poptOption * opt,
+				 const char * arg, const void * data);
+
+/*@only@*/ poptContext poptGetContext(/*@keep@*/ const char * name,
+		int argc, /*@keep@*/ const char ** argv,
+		/*@keep@*/ const struct poptOption * options, int flags);
+void poptResetContext(poptContext con);
+
+/* returns 'val' element, -1 on last item, POPT_ERROR_* on error */
+int poptGetNextOpt(poptContext con);
+/* returns NULL if no argument is available */
+/*@observer@*/ /*@null@*/ const char * poptGetOptArg(poptContext con);
+/* returns NULL if no more options are available */
+/*@observer@*/ /*@null@*/ const char * poptGetArg(poptContext con);
+/*@observer@*/ /*@null@*/ const char * poptPeekArg(poptContext con);
+/*@observer@*/ /*@null@*/ const char ** poptGetArgs(poptContext con);
+/* returns the option which caused the most recent error */
+/*@observer@*/ const char * poptBadOption(poptContext con, int flags);
+void poptFreeContext( /*@only@*/ poptContext con);
+int poptStuffArgs(poptContext con, /*@keep@*/ const char ** argv);
+int poptAddAlias(poptContext con, struct poptAlias alias, int flags);
+int poptReadConfigFile(poptContext con, const char * fn);
+/* like above, but reads /etc/popt and $HOME/.popt along with environment 
+   vars */
+int poptReadDefaultConfig(poptContext con, int useEnv);
+/* argv should be freed -- this allows ', ", and \ quoting, but ' is treated
+   the same as " and both may include \ quotes */
+int poptDupArgv(int argc, const char **argv,
+		/*@out@*/ int * argcPtr, /*@out@*/ const char *** argvPtr);
+int poptParseArgvString(const char * s,
+		/*@out@*/ int * argcPtr, /*@out@*/ const char *** argvPtr);
+/*@observer@*/ const char *poptStrerror(const int error);
+void poptSetExecPath(poptContext con, const char * path, int allowAbsolute);
+void poptPrintHelp(poptContext con, FILE * f, int flags);
+void poptPrintUsage(poptContext con, FILE * f, int flags);
+void poptSetOtherOptionHelp(poptContext con, const char * text);
+/*@observer@*/ const char * poptGetInvocationName(poptContext con);
+/* shuffles argv pointers to remove stripped args, returns new argc */
+int poptStrippedArgv(poptContext con, int argc, char **argv);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/source3/popt/poptconfig.c b/source3/popt/poptconfig.c
new file mode 100644
index 0000000000..eb76941363
--- /dev/null
+++ b/source3/popt/poptconfig.c
@@ -0,0 +1,142 @@
+/* (C) 1998 Red Hat Software, Inc. -- Licensing details are in the COPYING
+   file accompanying popt source distributions, available from 
+   ftp://ftp.redhat.com/pub/code/popt */
+
+#include "system.h"
+#include "poptint.h"
+
+static void configLine(poptContext con, char * line) {
+    int nameLength = strlen(con->appName);
+    char * opt;
+    struct poptAlias alias;
+    char * entryType;
+    char * longName = NULL;
+    char shortName = '\0';
+    
+    if (strncmp(line, con->appName, nameLength)) return;
+    line += nameLength;
+    if (!*line || !isspace(*line)) return;
+    while (*line && isspace(*line)) line++;
+    entryType = line;
+
+    while (!*line || !isspace(*line)) line++;
+    *line++ = '\0';
+    while (*line && isspace(*line)) line++;
+    if (!*line) return;
+    opt = line;
+
+    while (!*line || !isspace(*line)) line++;
+    *line++ = '\0';
+    while (*line && isspace(*line)) line++;
+    if (!*line) return;
+
+    if (opt[0] == '-' && opt[1] == '-')
+	longName = opt + 2;
+    else if (opt[0] == '-' && !opt[2])
+	shortName = opt[1];
+
+    if (!strcmp(entryType, "alias")) {
+	if (poptParseArgvString(line, &alias.argc, &alias.argv)) return;
+	alias.longName = longName, alias.shortName = shortName;
+	poptAddAlias(con, alias, 0);
+    } else if (!strcmp(entryType, "exec")) {
+	con->execs = realloc(con->execs,
+				sizeof(*con->execs) * (con->numExecs + 1));
+	if (longName)
+	    con->execs[con->numExecs].longName = xstrdup(longName);
+	else
+	    con->execs[con->numExecs].longName = NULL;
+
+	con->execs[con->numExecs].shortName = shortName;
+	con->execs[con->numExecs].script = xstrdup(line);
+	
+	con->numExecs++;
+    }
+}
+
+int poptReadConfigFile(poptContext con, const char * fn) {
+    char * file=NULL, * chptr, * end;
+    char * buf=NULL, * dst;
+    int fd, rc;
+    int fileLength;
+
+    fd = open(fn, O_RDONLY);
+    if (fd < 0) {
+	if (errno == ENOENT)
+	    return 0;
+	else 
+	    return POPT_ERROR_ERRNO;
+    }
+
+    fileLength = lseek(fd, 0, SEEK_END);
+    (void) lseek(fd, 0, 0);
+
+    file = malloc(fileLength + 1);
+    if (read(fd, file, fileLength) != fileLength) {
+	rc = errno;
+	close(fd);
+	errno = rc;
+	if (file) free(file);
+	return POPT_ERROR_ERRNO;
+    }
+    close(fd);
+
+    dst = buf = malloc(fileLength + 1);
+
+    chptr = file;
+    end = (file + fileLength);
+    while (chptr < end) {
+	switch (*chptr) {
+	  case '\n':
+	    *dst = '\0';
+	    dst = buf;
+	    while (*dst && isspace(*dst)) dst++;
+	    if (*dst && *dst != '#') {
+		configLine(con, dst);
+	    }
+	    chptr++;
+	    break;
+	  case '\\':
+	    *dst++ = *chptr++;
+	    if (chptr < end) {
+		if (*chptr == '\n') 
+		    dst--, chptr++;	
+		    /* \ at the end of a line does not insert a \n */
+		else
+		    *dst++ = *chptr++;
+	    }
+	    break;
+	  default:
+	    *dst++ = *chptr++;
+	    break;
+	}
+    }
+
+    free(file);
+    free(buf);
+
+    return 0;
+}
+
+int poptReadDefaultConfig(poptContext con, /*@unused@*/ int useEnv) {
+    char * fn, * home;
+    int rc;
+
+    if (!con->appName) return 0;
+
+    rc = poptReadConfigFile(con, "/etc/popt");
+    if (rc) return rc;
+    if (getuid() != geteuid()) return 0;
+
+    if ((home = getenv("HOME"))) {
+	fn = malloc(strlen(home) + 20);
+	strcpy(fn, home);
+	strcat(fn, "/.popt");
+	rc = poptReadConfigFile(con, fn);
+	free(fn);
+	if (rc) return rc;
+    }
+
+    return 0;
+}
+
diff --git a/source3/popt/popthelp.c b/source3/popt/popthelp.c
new file mode 100644
index 0000000000..6b790a63e7
--- /dev/null
+++ b/source3/popt/popthelp.c
@@ -0,0 +1,301 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 4 -*- */
+
+/* (C) 1998 Red Hat Software, Inc. -- Licensing details are in the COPYING
+   file accompanying popt source distributions, available from 
+   ftp://ftp.redhat.com/pub/code/popt */
+
+#include "system.h"
+#include "poptint.h"
+
+static void displayArgs(poptContext con,
+		/*@unused@*/ enum poptCallbackReason foo,
+		struct poptOption * key, 
+		/*@unused@*/ const char * arg, /*@unused@*/ void * data) {
+    if (key->shortName== '?')
+	poptPrintHelp(con, stdout, 0);
+    else
+	poptPrintUsage(con, stdout, 0);
+    exit(0);
+}
+
+struct poptOption poptHelpOptions[] = {
+    { NULL, '\0', POPT_ARG_CALLBACK, (void *)&displayArgs, '\0', NULL, NULL },
+    { "help", '?', 0, NULL, '?', N_("Show this help message"), NULL },
+    { "usage", '\0', 0, NULL, 'u', N_("Display brief usage message"), NULL },
+    { NULL, '\0', 0, NULL, 0, NULL, NULL }
+} ;
+
+
+/*@observer@*/ /*@null@*/ static const char *
+getTableTranslationDomain(const struct poptOption *table)
+{
+  const struct poptOption *opt;
+
+  for(opt = table;
+      opt->longName || opt->shortName || opt->arg;
+      opt++) {
+    if(opt->argInfo == POPT_ARG_INTL_DOMAIN)
+      return opt->arg;
+  }
+
+  return NULL;
+}
+
+/*@observer@*/ /*@null@*/ static const char *
+getArgDescrip(const struct poptOption * opt, const char *translation_domain)
+{
+    if (!(opt->argInfo & POPT_ARG_MASK)) return NULL;
+
+    if (opt == (poptHelpOptions + 1) || opt == (poptHelpOptions + 2))
+	if (opt->argDescrip) return POPT_(opt->argDescrip);
+
+    if (opt->argDescrip) return D_(translation_domain, opt->argDescrip);
+    return POPT_("ARG");
+}
+
+static void singleOptionHelp(FILE * f, int maxLeftCol, 
+			     const struct poptOption * opt,
+			     const char *translation_domain) {
+    int indentLength = maxLeftCol + 5;
+    int lineLength = 79 - indentLength;
+    const char * help = D_(translation_domain, opt->descrip);
+    int helpLength;
+    const char * ch;
+    char format[10];
+    char * left;
+    const char * argDescrip = getArgDescrip(opt, translation_domain);
+
+    left = malloc(maxLeftCol + 1);
+    *left = '\0';
+
+    if (opt->longName && opt->shortName)
+	sprintf(left, "-%c, --%s", opt->shortName, opt->longName);
+    else if (opt->shortName) 
+	sprintf(left, "-%c", opt->shortName);
+    else if (opt->longName)
+	sprintf(left, "--%s", opt->longName);
+    if (!*left) return ;
+    if (argDescrip) {
+	strcat(left, "=");
+	strcat(left, argDescrip);
+    }
+
+    if (help)
+	fprintf(f,"  %-*s   ", maxLeftCol, left);
+    else {
+	fprintf(f,"  %s\n", left); 
+	goto out;
+    }
+
+    helpLength = strlen(help);
+    while (helpLength > lineLength) {
+	ch = help + lineLength - 1;
+	while (ch > help && !isspace(*ch)) ch--;
+	if (ch == help) break;		/* give up */
+	while (ch > (help + 1) && isspace(*ch)) ch--;
+	ch++;
+
+	sprintf(format, "%%.%ds\n%%%ds", (int) (ch - help), indentLength);
+	fprintf(f, format, help, " ");
+	help = ch;
+	while (isspace(*help) && *help) help++;
+	helpLength = strlen(help);
+    }
+
+    if (helpLength) fprintf(f, "%s\n", help);
+
+out:
+    free(left);
+}
+
+static int maxArgWidth(const struct poptOption * opt,
+		       const char * translation_domain) {
+    int max = 0;
+    int this;
+    const char * s;
+    
+    while (opt->longName || opt->shortName || opt->arg) {
+	if ((opt->argInfo & POPT_ARG_MASK) == POPT_ARG_INCLUDE_TABLE) {
+	    this = maxArgWidth(opt->arg, translation_domain);
+	    if (this > max) max = this;
+	} else if (!(opt->argInfo & POPT_ARGFLAG_DOC_HIDDEN)) {
+	    this = opt->shortName ? 2 : 0;
+	    if (opt->longName) {
+		if (this) this += 2;
+		this += strlen(opt->longName) + 2;
+	    }
+
+	    s = getArgDescrip(opt, translation_domain);
+	    if (s)
+		this += strlen(s) + 1;
+	    if (this > max) max = this;
+	}
+
+	opt++;
+    }
+    
+    return max;
+}
+
+static void singleTableHelp(FILE * f, const struct poptOption * table, 
+			    int left,
+			    const char *translation_domain) {
+    const struct poptOption * opt;
+    const char *sub_transdom;
+
+    opt = table;
+    while (opt->longName || opt->shortName || opt->arg) {
+	if ((opt->longName || opt->shortName) && 
+	    !(opt->argInfo & POPT_ARGFLAG_DOC_HIDDEN))
+	    singleOptionHelp(f, left, opt, translation_domain);
+	opt++;
+    }
+
+    opt = table;
+    while (opt->longName || opt->shortName || opt->arg) {
+	if ((opt->argInfo & POPT_ARG_MASK) == POPT_ARG_INCLUDE_TABLE) {
+	    sub_transdom = getTableTranslationDomain(opt->arg);
+	    if(!sub_transdom)
+		sub_transdom = translation_domain;
+	    
+	    if (opt->descrip)
+		fprintf(f, "\n%s\n", D_(sub_transdom, opt->descrip));
+
+	    singleTableHelp(f, opt->arg, left, sub_transdom);
+	}
+	opt++;
+    }
+}
+
+static int showHelpIntro(poptContext con, FILE * f) {
+    int len = 6;
+    const char * fn;
+
+    fprintf(f, POPT_("Usage:"));
+    if (!(con->flags & POPT_CONTEXT_KEEP_FIRST)) {
+	fn = con->optionStack->argv[0];
+	if (strchr(fn, '/')) fn = strchr(fn, '/') + 1;
+	fprintf(f, " %s", fn);
+	len += strlen(fn) + 1;
+    }
+
+    return len;
+}
+
+void poptPrintHelp(poptContext con, FILE * f, /*@unused@*/ int flags) {
+    int leftColWidth;
+
+    showHelpIntro(con, f);
+    if (con->otherHelp)
+	fprintf(f, " %s\n", con->otherHelp);
+    else
+	fprintf(f, " %s\n", POPT_("[OPTION...]"));
+
+    leftColWidth = maxArgWidth(con->options, NULL);
+    singleTableHelp(f, con->options, leftColWidth, NULL);
+}
+
+static int singleOptionUsage(FILE * f, int cursor, 
+			     const struct poptOption * opt,
+			     const char *translation_domain) {
+    int len = 3;
+    char shortStr[2] = { '\0', '\0' };
+    const char * item = shortStr;
+    const char * argDescrip = getArgDescrip(opt, translation_domain);
+
+    if (opt->shortName) {
+	if (!(opt->argInfo & POPT_ARG_MASK)) 
+	    return cursor;	/* we did these already */
+	len++;
+	*shortStr = opt->shortName;
+	shortStr[1] = '\0';
+    } else if (opt->longName) {
+	len += 1 + strlen(opt->longName);
+	item = opt->longName;
+    }
+
+    if (len == 3) return cursor;
+
+    if (argDescrip) 
+	len += strlen(argDescrip) + 1;
+
+    if ((cursor + len) > 79) {
+	fprintf(f, "\n       ");
+	cursor = 7;
+    } 
+
+    fprintf(f, " [-%s%s%s%s]", opt->shortName ? "" : "-", item,
+	    argDescrip ? (opt->shortName ? " " : "=") : "",
+	    argDescrip ? argDescrip : "");
+
+    return cursor + len + 1;
+}
+
+static int singleTableUsage(FILE * f, int cursor, const struct poptOption * table,
+		     const char *translation_domain) {
+    const struct poptOption * opt;
+    
+    opt = table;
+    while (opt->longName || opt->shortName || opt->arg) {
+        if ((opt->argInfo & POPT_ARG_MASK) == POPT_ARG_INTL_DOMAIN)
+	    translation_domain = (const char *)opt->arg;
+	else if ((opt->argInfo & POPT_ARG_MASK) == POPT_ARG_INCLUDE_TABLE) 
+	    cursor = singleTableUsage(f, cursor, opt->arg,
+				      translation_domain);
+	else if ((opt->longName || opt->shortName) && 
+		 !(opt->argInfo & POPT_ARGFLAG_DOC_HIDDEN))
+	  cursor = singleOptionUsage(f, cursor, opt, translation_domain);
+
+	opt++;
+    }
+
+    return cursor;
+}
+
+static int showShortOptions(const struct poptOption * opt, FILE * f, 
+			    char * str) {
+    char s[300];		/* this is larger then the ascii set, so
+				   it should do just fine */
+
+    s[0] = '\0';
+    if (str == NULL) {
+	memset(s, 0, sizeof(s));
+	str = s;
+    }
+
+    while (opt->longName || opt->shortName || opt->arg) {
+	if (opt->shortName && !(opt->argInfo & POPT_ARG_MASK))
+	    str[strlen(str)] = opt->shortName;
+	else if ((opt->argInfo & POPT_ARG_MASK) == POPT_ARG_INCLUDE_TABLE)
+	    showShortOptions(opt->arg, f, str);
+
+	opt++;
+    } 
+
+    if (s != str || !*s)
+	return 0;
+
+    fprintf(f, " [-%s]", s);
+    return strlen(s) + 4;
+}
+
+void poptPrintUsage(poptContext con, FILE * f, /*@unused@*/ int flags) {
+    int cursor;
+
+    cursor = showHelpIntro(con, f);
+    cursor += showShortOptions(con->options, f, NULL);
+    singleTableUsage(f, cursor, con->options, NULL);
+
+    if (con->otherHelp) {
+	cursor += strlen(con->otherHelp) + 1;
+	if (cursor > 79) fprintf(f, "\n       ");
+	fprintf(f, " %s", con->otherHelp);
+    }
+
+    fprintf(f, "\n");
+}
+
+void poptSetOtherOptionHelp(poptContext con, const char * text) {
+    if (con->otherHelp) xfree(con->otherHelp);
+    con->otherHelp = xstrdup(text);
+}
diff --git a/source3/popt/poptint.h b/source3/popt/poptint.h
new file mode 100644
index 0000000000..1847ffafe6
--- /dev/null
+++ b/source3/popt/poptint.h
@@ -0,0 +1,71 @@
+/* (C) 1998 Red Hat Software, Inc. -- Licensing details are in the COPYING
+   file accompanying popt source distributions, available from 
+   ftp://ftp.redhat.com/pub/code/popt */
+
+#ifndef H_POPTINT
+#define H_POPTINT
+
+/* Bit mask macros. */
+typedef	unsigned int __pbm_bits;
+#define	__PBM_NBITS		(8 * sizeof (__pbm_bits))
+#define	__PBM_IX(d)		((d) / __PBM_NBITS)
+#define __PBM_MASK(d)		((__pbm_bits) 1 << ((d) % __PBM_NBITS))
+typedef struct {
+    __pbm_bits bits[1];
+} pbm_set;
+#define	__PBM_BITS(set)	((set)->bits)
+
+#define	PBM_ALLOC(d)	calloc(__PBM_IX (d) + 1, sizeof(__pbm_bits))
+#define	PBM_FREE(s)	free(s);
+#define PBM_SET(d, s)   (__PBM_BITS (s)[__PBM_IX (d)] |= __PBM_MASK (d))
+#define PBM_CLR(d, s)   (__PBM_BITS (s)[__PBM_IX (d)] &= ~__PBM_MASK (d))
+#define PBM_ISSET(d, s) ((__PBM_BITS (s)[__PBM_IX (d)] & __PBM_MASK (d)) != 0)
+
+struct optionStackEntry {
+    int argc;
+    /*@only@*/ const char ** argv;
+    /*@only@*/ pbm_set * argb;
+    int next;
+    /*@only@*/ const char * nextArg;
+    /*@keep@*/ const char * nextCharArg;
+    /*@dependent@*/ struct poptAlias * currAlias;
+    int stuffed;
+};
+
+struct execEntry {
+    const char * longName;
+    char shortName;
+    const char * script;
+};
+
+struct poptContext_s {
+    struct optionStackEntry optionStack[POPT_OPTION_DEPTH];
+    /*@dependent@*/ struct optionStackEntry * os;
+    /*@owned@*/ const char ** leftovers;
+    int numLeftovers;
+    int nextLeftover;
+    /*@keep@*/ const struct poptOption * options;
+    int restLeftover;
+    /*@only@*/ const char * appName;
+    /*@only@*/ struct poptAlias * aliases;
+    int numAliases;
+    int flags;
+    struct execEntry * execs;
+    int numExecs;
+    /*@only@*/ const char ** finalArgv;
+    int finalArgvCount;
+    int finalArgvAlloced;
+    /*@dependent@*/ struct execEntry * doExec;
+    /*@only@*/ const char * execPath;
+    int execAbsolute;
+    /*@only@*/ const char * otherHelp;
+    pbm_set * arg_strip;
+};
+
+#define	xfree(_a)	free((void *)_a)
+
+#define POPT_(foo) (foo)
+#define D_(dom, str) (str)
+#define N_(foo) (foo)
+
+#endif
diff --git a/source3/popt/poptparse.c b/source3/popt/poptparse.c
new file mode 100644
index 0000000000..8f00769be9
--- /dev/null
+++ b/source3/popt/poptparse.c
@@ -0,0 +1,102 @@
+/* (C) 1998 Red Hat Software, Inc. -- Licensing details are in the COPYING
+   file accompanying popt source distributions, available from 
+   ftp://ftp.redhat.com/pub/code/popt */
+
+#include "system.h"
+
+#define POPT_ARGV_ARRAY_GROW_DELTA 5
+
+int poptDupArgv(int argc, const char **argv,
+		int * argcPtr, const char *** argvPtr)
+{
+    size_t nb = (argc + 1) * sizeof(*argv);
+    const char ** argv2;
+    char * dst;
+    int i;
+
+    for (i = 0; i < argc; i++) {
+	if (argv[i] == NULL)
+	    return POPT_ERROR_NOARG;
+	nb += strlen(argv[i]) + 1;
+    }
+	
+    dst = malloc(nb);
+    argv2 = (void *) dst;
+    dst += (argc + 1) * sizeof(*argv);
+
+    for (i = 0; i < argc; i++) {
+	argv2[i] = dst;
+	dst += strlen(strcpy(dst, argv[i])) + 1;
+    }
+    argv2[argc] = NULL;
+
+    *argvPtr = argv2;
+    *argcPtr = argc;
+    return 0;
+}
+
+int poptParseArgvString(const char * s, int * argcPtr, const char *** argvPtr)
+{
+    const char * src;
+    char quote = '\0';
+    int argvAlloced = POPT_ARGV_ARRAY_GROW_DELTA;
+    const char ** argv = malloc(sizeof(*argv) * argvAlloced);
+    int argc = 0;
+    int buflen = strlen(s) + 1;
+    char *buf0 = calloc(buflen, 1);
+    char *buf = buf0;
+
+    argv[argc] = buf;
+
+    for (src = s; *src; src++) {
+	if (quote == *src) {
+	    quote = '\0';
+	} else if (quote) {
+	    if (*src == '\\') {
+		src++;
+		if (!*src) {
+		    free(argv);
+		    free(buf0);
+		    return POPT_ERROR_BADQUOTE;
+		}
+		if (*src != quote) *buf++ = '\\';
+	    }
+	    *buf++ = *src;
+	} else if (isspace(*src)) {
+	    if (*argv[argc]) {
+		buf++, argc++;
+		if (argc == argvAlloced) {
+		    argvAlloced += POPT_ARGV_ARRAY_GROW_DELTA;
+		    argv = realloc(argv, sizeof(*argv) * argvAlloced);
+		}
+		argv[argc] = buf;
+	    }
+	} else switch (*src) {
+	  case '"':
+	  case '\'':
+	    quote = *src;
+	    break;
+	  case '\\':
+	    src++;
+	    if (!*src) {
+		free(argv);
+		free(buf0);
+		return POPT_ERROR_BADQUOTE;
+	    }
+	    /*@fallthrough@*/
+	  default:
+	    *buf++ = *src;
+	    break;
+	}
+    }
+
+    if (strlen(argv[argc])) {
+	argc++, buf++;
+    }
+
+    (void) poptDupArgv(argc, argv, argcPtr, argvPtr);
+
+    free(argv);
+    free(buf0);
+    return 0;
+}
diff --git a/source3/popt/system.h b/source3/popt/system.h
new file mode 100644
index 0000000000..059c045817
--- /dev/null
+++ b/source3/popt/system.h
@@ -0,0 +1,53 @@
+#include "config.h"
+
+#include <ctype.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
+
+#if HAVE_MCHECK_H 
+#include <mcheck.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#if HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#ifdef __NeXT
+/* access macros are not declared in non posix mode in unistd.h -
+ don't try to use posix on NeXTstep 3.3 ! */
+#include <libc.h>
+#endif
+
+/* AIX requires this to be the first thing in the file.  */ 
+#ifndef __GNUC__
+# if HAVE_ALLOCA_H
+#  include <alloca.h>
+# else
+#  ifdef _AIX
+#pragma alloca
+#  else
+#   ifndef alloca /* predefined by HP cc +Olibcalls */
+char *alloca ();
+#   endif
+#  endif
+# endif
+#elif defined(__GNUC__) && defined(__STRICT_ANSI__)
+#define alloca __builtin_alloca
+#endif
+
+/*@only@*/ char * xstrdup (const char *str);
+
+#if HAVE_MCHECK_H && defined(__GNUC__)
+#define	vmefail()	(fprintf(stderr, "virtual memory exhausted.\n"), exit(EXIT_FAILURE), NULL)
+#define xstrdup(_str)   (strcpy((malloc(strlen(_str)+1) ? : vmefail()), (_str)))
+#else
+#define	xstrdup(_str)	strdup(_str)
+#endif  /* HAVE_MCHECK_H && defined(__GNUC__) */
+
+
+#include "popt.h"
diff --git a/source3/printing/.cvsignore b/source3/printing/.cvsignore
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/source3/printing/.cvsignore
diff --git a/source3/printing/load.c b/source3/printing/load.c
new file mode 100644
index 0000000000..ed967fb0a7
--- /dev/null
+++ b/source3/printing/load.c
@@ -0,0 +1,73 @@
+/* 
+   Unix SMB/CIFS implementation.
+   load printer lists
+   Copyright (C) Andrew Tridgell 1992-2000
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+
+/***************************************************************************
+auto-load printer services
+***************************************************************************/
+void add_all_printers(void)
+{
+	int printers = lp_servicenumber(PRINTERS_NAME);
+
+	if (printers < 0) return;
+
+	pcap_printer_fn(lp_add_one_printer);
+}
+
+/***************************************************************************
+auto-load some homes and printer services
+***************************************************************************/
+static void add_auto_printers(void)
+{
+	char *p;
+	int printers;
+	char *str = strdup(lp_auto_services());
+
+	if (!str) return;
+
+	printers = lp_servicenumber(PRINTERS_NAME);
+
+	if (printers < 0) {
+        SAFE_FREE(str);
+        return;
+    }
+	
+	for (p=strtok(str,LIST_SEP);p;p=strtok(NULL,LIST_SEP)) {
+		if (lp_servicenumber(p) >= 0) continue;
+		
+		if (pcap_printername_ok(p,NULL)) {
+			lp_add_printer(p,printers);
+		}
+	}
+
+    SAFE_FREE(str);
+}
+
+/***************************************************************************
+load automatic printer services
+***************************************************************************/
+void load_printers(void)
+{
+	add_auto_printers();
+	if (lp_load_printers())
+		add_all_printers();
+}
diff --git a/source3/printing/lpq_parse.c b/source3/printing/lpq_parse.c
new file mode 100644
index 0000000000..13b87045cd
--- /dev/null
+++ b/source3/printing/lpq_parse.c
@@ -0,0 +1,1101 @@
+/* 
+   Unix SMB/CIFS implementation.
+   lpq parsing routines
+   Copyright (C) Andrew Tridgell 2000
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+static char *Months[13] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun",
+			      "Jul", "Aug", "Sep", "Oct", "Nov", "Dec", "Err"};
+
+
+/*******************************************************************
+process time fields
+********************************************************************/
+static time_t EntryTime(fstring tok[], int ptr, int count, int minimum)
+{
+  time_t jobtime,jobtime1;
+
+  jobtime = time(NULL);		/* default case: take current time */
+  if (count >= minimum) {
+    struct tm *t;
+    int i, day, hour, min, sec;
+    char   *c;
+
+    for (i=0; i<13; i++) if (!strncmp(tok[ptr], Months[i],3)) break; /* Find month */
+    if (i<12) {
+      t = localtime(&jobtime);
+      day = atoi(tok[ptr+1]);
+      c=(char *)(tok[ptr+2]);
+      *(c+2)=0;
+      hour = atoi(c);
+      *(c+5)=0;
+      min = atoi(c+3);
+      if(*(c+6) != 0)sec = atoi(c+6);
+      else  sec=0;
+
+      if ((t->tm_mon < i)||
+	  ((t->tm_mon == i)&&
+	   ((t->tm_mday < day)||
+	    ((t->tm_mday == day)&&
+	     (t->tm_hour*60+t->tm_min < hour*60+min)))))
+	t->tm_year--;		/* last year's print job */
+
+      t->tm_mon = i;
+      t->tm_mday = day;
+      t->tm_hour = hour;
+      t->tm_min = min;
+      t->tm_sec = sec;
+      jobtime1 = mktime(t);
+      if (jobtime1 != (time_t)-1)
+	jobtime = jobtime1;
+    }
+  }
+  return jobtime;
+}
+
+
+/****************************************************************************
+parse a lpq line
+
+here is an example of lpq output under bsd
+
+Warning: no daemon present
+Rank   Owner      Job  Files                                 Total Size
+1st    tridge     148  README                                8096 bytes
+
+here is an example of lpq output under osf/1
+
+Warning: no daemon present
+Rank   Pri Owner      Job  Files                             Total Size
+1st    0   tridge     148  README                            8096 bytes
+
+
+<allan@umich.edu> June 30, 1998.
+Modified to handle file names with spaces, like the parse_lpq_lprng code
+further below.
+****************************************************************************/
+static BOOL parse_lpq_bsd(char *line,print_queue_struct *buf,BOOL first)
+{
+#ifdef	OSF1
+#define	RANKTOK	0
+#define	PRIOTOK 1
+#define	USERTOK 2
+#define	JOBTOK	3
+#define	FILETOK	4
+#define	TOTALTOK (count - 2)
+#define	NTOK	6
+#define	MAXTOK	128
+#else	/* OSF1 */
+#define	RANKTOK	0
+#define	USERTOK 1
+#define	JOBTOK	2
+#define	FILETOK	3
+#define	TOTALTOK (count - 2)
+#define	NTOK	5
+#define	MAXTOK	128
+#endif	/* OSF1 */
+
+  char *tok[MAXTOK];
+  int  count = 0;
+  pstring line2;
+
+  pstrcpy(line2,line);
+
+#ifdef	OSF1
+  {
+    size_t length;
+    length = strlen(line2);
+    if (line2[length-3] == ':')
+      return(False);
+  }
+#endif	/* OSF1 */
+
+  /* FIXME: Use next_token rather than strtok! */
+  tok[0] = strtok(line2," \t");
+  count++;
+
+  while (((tok[count] = strtok(NULL," \t")) != NULL) && (count < MAXTOK)) {
+    count++;
+  }
+
+  /* we must get at least NTOK tokens */
+  if (count < NTOK)
+    return(False);
+
+  /* the Job and Total columns must be integer */
+  if (!isdigit((int)*tok[JOBTOK]) || !isdigit((int)*tok[TOTALTOK])) return(False);
+
+  buf->job = atoi(tok[JOBTOK]);
+  buf->size = atoi(tok[TOTALTOK]);
+  buf->status = strequal(tok[RANKTOK],"active")?LPQ_PRINTING:LPQ_QUEUED;
+  buf->time = time(NULL);
+  StrnCpy(buf->fs_user,tok[USERTOK],sizeof(buf->fs_user)-1);
+  StrnCpy(buf->fs_file,tok[FILETOK],sizeof(buf->fs_file)-1);
+
+  if ((FILETOK + 1) != TOTALTOK) {
+    int bufsize;
+    int i;
+
+    bufsize = sizeof(buf->fs_file) - strlen(buf->fs_file) - 1;
+
+    for (i = (FILETOK + 1); i < TOTALTOK; i++) {
+      safe_strcat(buf->fs_file," ",bufsize);
+      safe_strcat(buf->fs_file,tok[i],bufsize - 1);
+      bufsize = sizeof(buf->fs_file) - strlen(buf->fs_file) - 1;
+      if (bufsize <= 0) {
+        break;
+      }
+    }
+    /* Ensure null termination. */
+    buf->fs_file[sizeof(buf->fs_file)-1] = '\0';
+  }
+
+#ifdef PRIOTOK
+  buf->priority = atoi(tok[PRIOTOK]);
+#else
+  buf->priority = 1;
+#endif
+  return(True);
+}
+
+/*
+<magnus@hum.auc.dk>
+LPRng_time modifies the current date by inserting the hour and minute from
+the lpq output.  The lpq time looks like "23:15:07"
+
+<allan@umich.edu> June 30, 1998.
+Modified to work with the re-written parse_lpq_lprng routine.
+
+<J.P.M.v.Itegem@tue.nl> Dec 17,1999
+Modified to work with lprng 3.16
+With lprng 3.16 The lpq time looks like
+                       "23:15:07"
+                       "23:15:07.100"
+                       "1999-12-16-23:15:07"
+                       "1999-12-16-23:15:07.100"
+
+*/
+static time_t LPRng_time(char *time_string)
+{
+	time_t jobtime;
+	struct tm t;
+
+	jobtime = time(NULL);         /* default case: take current time */
+	t = *localtime(&jobtime);
+
+	if ( atoi(time_string) < 24 ){
+		t.tm_hour = atoi(time_string);
+		t.tm_min = atoi(time_string+3);
+		t.tm_sec = atoi(time_string+6);
+	} else {
+		t.tm_year = atoi(time_string)-1900;
+		t.tm_mon = atoi(time_string+5)-1;
+		t.tm_mday = atoi(time_string+8);
+		t.tm_hour = atoi(time_string+11);
+		t.tm_min = atoi(time_string+14);
+		t.tm_sec = atoi(time_string+17);
+	}    
+	jobtime = mktime(&t);
+
+	return jobtime;
+}
+
+
+/****************************************************************************
+  parse a lprng lpq line
+  <allan@umich.edu> June 30, 1998.
+  Re-wrote this to handle file names with spaces, multiple file names on one
+  lpq line, etc;
+****************************************************************************/
+static BOOL parse_lpq_lprng(char *line,print_queue_struct *buf,BOOL first)
+{
+#define	LPRNG_RANKTOK	0
+#define	LPRNG_USERTOK	1
+#define	LPRNG_PRIOTOK	2
+#define	LPRNG_JOBTOK	3
+#define	LPRNG_FILETOK	4
+#define	LPRNG_TOTALTOK	(num_tok - 2)
+#define	LPRNG_TIMETOK	(num_tok - 1)
+#define	LPRNG_NTOK	7
+#define	LPRNG_MAXTOK	128 /* PFMA just to keep us from running away. */
+
+  fstring tokarr[LPRNG_MAXTOK];
+  char *cptr;
+  int  num_tok = 0;
+  pstring line2;
+
+  pstrcpy(line2,line);
+  cptr = line2;
+  while(next_token( &cptr, tokarr[num_tok], " \t", sizeof(fstring)) && (num_tok < LPRNG_MAXTOK))
+    num_tok++;
+
+  /* We must get at least LPRNG_NTOK tokens. */
+  if (num_tok < LPRNG_NTOK) {
+    return(False);
+  }
+
+  if (!isdigit((int)*tokarr[LPRNG_JOBTOK]) || !isdigit((int)*tokarr[LPRNG_TOTALTOK])) {
+    return(False);
+  }
+
+  buf->job  = atoi(tokarr[LPRNG_JOBTOK]);
+  buf->size = atoi(tokarr[LPRNG_TOTALTOK]);
+
+  if (strequal(tokarr[LPRNG_RANKTOK],"active")) {
+    buf->status = LPQ_PRINTING;
+  } else if (isdigit((int)*tokarr[LPRNG_RANKTOK])) {
+    buf->status = LPQ_QUEUED;
+  } else {
+    buf->status = LPQ_PAUSED;
+  }
+
+  buf->priority = *tokarr[LPRNG_PRIOTOK] -'A';
+
+  buf->time = LPRng_time(tokarr[LPRNG_TIMETOK]);
+
+  StrnCpy(buf->fs_user,tokarr[LPRNG_USERTOK],sizeof(buf->fs_user)-1);
+
+  /* The '@hostname' prevents windows from displaying the printing icon
+   * for the current user on the taskbar.  Plop in a null.
+   */
+
+  if ((cptr = strchr_m(buf->fs_user,'@')) != NULL) {
+    *cptr = '\0';
+  }
+
+  StrnCpy(buf->fs_file,tokarr[LPRNG_FILETOK],sizeof(buf->fs_file)-1);
+
+  if ((LPRNG_FILETOK + 1) != LPRNG_TOTALTOK) {
+    int bufsize;
+    int i;
+
+    bufsize = sizeof(buf->fs_file) - strlen(buf->fs_file) - 1;
+
+    for (i = (LPRNG_FILETOK + 1); i < LPRNG_TOTALTOK; i++) {
+      safe_strcat(buf->fs_file," ",bufsize);
+      safe_strcat(buf->fs_file,tokarr[i],bufsize - 1);
+      bufsize = sizeof(buf->fs_file) - strlen(buf->fs_file) - 1;
+      if (bufsize <= 0) {
+        break;
+      }
+    }
+    /* Ensure null termination. */
+    buf->fs_file[sizeof(buf->fs_file)-1] = '\0';
+  }
+
+  return(True);
+}
+
+
+
+/*******************************************************************
+parse lpq on an aix system
+
+Queue   Dev   Status    Job Files              User         PP %   Blks  Cp Rnk
+------- ----- --------- --- ------------------ ---------- ---- -- ----- --- ---
+lazer   lazer READY
+lazer   lazer RUNNING   537 6297doc.A          kvintus@IE    0 10  2445   1   1
+              QUEUED    538 C.ps               root@IEDVB           124   1   2
+              QUEUED    539 E.ps               root@IEDVB            28   1   3
+              QUEUED    540 L.ps               root@IEDVB           172   1   4
+              QUEUED    541 P.ps               root@IEDVB            22   1   5
+********************************************************************/
+static BOOL parse_lpq_aix(char *line,print_queue_struct *buf,BOOL first)
+{
+  fstring tok[11];
+  int count=0;
+
+  /* handle the case of "(standard input)" as a filename */
+  pstring_sub(line,"standard input","STDIN");
+  all_string_sub(line,"(","\"",0);
+  all_string_sub(line,")","\"",0);
+
+  for (count=0; 
+       count<10 && 
+	       next_token(&line,tok[count],NULL, sizeof(tok[count])); 
+       count++) ;
+
+  /* we must get 6 tokens */
+  if (count < 10)
+  {
+      if ((count == 7) && ((strcmp(tok[0],"QUEUED") == 0) || (strcmp(tok[0],"HELD") == 0)))
+      {
+          /* the 2nd and 5th columns must be integer */
+          if (!isdigit((int)*tok[1]) || !isdigit((int)*tok[4])) return(False);
+          buf->size = atoi(tok[4]) * 1024;
+          /* if the fname contains a space then use STDIN */
+          if (strchr_m(tok[2],' '))
+            fstrcpy(tok[2],"STDIN");
+
+          /* only take the last part of the filename */
+          {
+            fstring tmp;
+            char *p = strrchr_m(tok[2],'/');
+            if (p)
+              {
+                fstrcpy(tmp,p+1);
+                fstrcpy(tok[2],tmp);
+              }
+          }
+
+
+          buf->job = atoi(tok[1]);
+          buf->status = strequal(tok[0],"HELD")?LPQ_PAUSED:LPQ_QUEUED;
+	  buf->priority = 0;
+          buf->time = time(NULL);
+          StrnCpy(buf->fs_user,tok[3],sizeof(buf->fs_user)-1);
+          StrnCpy(buf->fs_file,tok[2],sizeof(buf->fs_file)-1);
+      }
+      else
+      {
+          DEBUG(6,("parse_lpq_aix count=%d\n", count));
+          return(False);
+      }
+  }
+  else
+  {
+      /* the 4th and 9th columns must be integer */
+      if (!isdigit((int)*tok[3]) || !isdigit((int)*tok[8])) return(False);
+      buf->size = atoi(tok[8]) * 1024;
+      /* if the fname contains a space then use STDIN */
+      if (strchr_m(tok[4],' '))
+        fstrcpy(tok[4],"STDIN");
+
+      /* only take the last part of the filename */
+      {
+        fstring tmp;
+        char *p = strrchr_m(tok[4],'/');
+        if (p)
+          {
+            fstrcpy(tmp,p+1);
+            fstrcpy(tok[4],tmp);
+          }
+      }
+
+
+      buf->job = atoi(tok[3]);
+      buf->status = strequal(tok[2],"RUNNING")?LPQ_PRINTING:LPQ_QUEUED;
+      buf->priority = 0;
+      buf->time = time(NULL);
+      StrnCpy(buf->fs_user,tok[5],sizeof(buf->fs_user)-1);
+      StrnCpy(buf->fs_file,tok[4],sizeof(buf->fs_file)-1);
+  }
+
+
+  return(True);
+}
+
+
+/****************************************************************************
+parse a lpq line
+here is an example of lpq output under hpux; note there's no space after -o !
+$> lpstat -oljplus
+ljplus-2153         user           priority 0  Jan 19 08:14 on ljplus
+      util.c                                  125697 bytes
+      server.c				      110712 bytes
+ljplus-2154         user           priority 0  Jan 19 08:14 from client
+      (standard input)                          7551 bytes
+****************************************************************************/
+static BOOL parse_lpq_hpux(char * line, print_queue_struct *buf, BOOL first)
+{
+  /* must read two lines to process, therefore keep some values static */
+  static BOOL header_line_ok=False, base_prio_reset=False;
+  static fstring jobuser;
+  static int jobid;
+  static int jobprio;
+  static time_t jobtime;
+  static int jobstat=LPQ_QUEUED;
+  /* to store minimum priority to print, lpstat command should be invoked
+     with -p option first, to work */
+  static int base_prio;
+ 
+  int count;
+  char htab = '\011';  
+  fstring tok[12];
+
+  /* If a line begins with a horizontal TAB, it is a subline type */
+  
+  if (line[0] == htab) { /* subline */
+    /* check if it contains the base priority */
+    if (!strncmp(line,"\tfence priority : ",18)) {
+       base_prio=atoi(&line[18]);
+       DEBUG(4, ("fence priority set at %d\n", base_prio));
+    }
+    if (!header_line_ok) return (False); /* incorrect header line */
+    /* handle the case of "(standard input)" as a filename */
+    pstring_sub(line,"standard input","STDIN");
+    all_string_sub(line,"(","\"",0);
+    all_string_sub(line,")","\"",0);
+    
+    for (count=0; count<2 && next_token(&line,tok[count],NULL,sizeof(tok[count])); count++) ;
+    /* we must get 2 tokens */
+    if (count < 2) return(False);
+    
+    /* the 2nd column must be integer */
+    if (!isdigit((int)*tok[1])) return(False);
+    
+    /* if the fname contains a space then use STDIN */
+    if (strchr_m(tok[0],' '))
+      fstrcpy(tok[0],"STDIN");
+    
+    buf->size = atoi(tok[1]);
+    StrnCpy(buf->fs_file,tok[0],sizeof(buf->fs_file)-1);
+    
+    /* fill things from header line */
+    buf->time = jobtime;
+    buf->job = jobid;
+    buf->status = jobstat;
+    buf->priority = jobprio;
+    StrnCpy(buf->fs_user,jobuser,sizeof(buf->fs_user)-1);
+    
+    return(True);
+  }
+  else { /* header line */
+    header_line_ok=False; /* reset it */
+    if (first) {
+       if (!base_prio_reset) {
+	  base_prio=0; /* reset it */
+	  base_prio_reset=True;
+       }
+    }
+    else if (base_prio) base_prio_reset=False;
+    
+    /* handle the dash in the job id */
+    pstring_sub(line,"-"," ");
+    
+    for (count=0; count<12 && next_token(&line,tok[count],NULL,sizeof(tok[count])); count++) ;
+      
+    /* we must get 8 tokens */
+    if (count < 8) return(False);
+    
+    /* first token must be printer name (cannot check ?) */
+    /* the 2nd, 5th & 7th column must be integer */
+    if (!isdigit((int)*tok[1]) || !isdigit((int)*tok[4]) || !isdigit((int)*tok[6])) return(False);
+    jobid = atoi(tok[1]);
+    StrnCpy(jobuser,tok[2],sizeof(buf->fs_user)-1);
+    jobprio = atoi(tok[4]);
+    
+    /* process time */
+    jobtime=EntryTime(tok, 5, count, 8);
+    if (jobprio < base_prio) {
+       jobstat = LPQ_PAUSED;
+       DEBUG (4, ("job %d is paused: prio %d < %d; jobstat=%d\n", jobid, jobprio, base_prio, jobstat));
+    }
+    else {
+       jobstat = LPQ_QUEUED;
+       if ((count >8) && (((strequal(tok[8],"on")) ||
+			   ((strequal(tok[8],"from")) && 
+			    ((count > 10)&&(strequal(tok[10],"on")))))))
+	 jobstat = LPQ_PRINTING;
+    }
+    
+    header_line_ok=True; /* information is correct */
+    return(False); /* need subline info to include into queuelist */
+  }
+}
+
+
+/****************************************************************************
+parse a lpstat line
+
+here is an example of "lpstat -o dcslw" output under sysv
+
+dcslw-896               tridge            4712   Dec 20 10:30:30 on dcslw
+dcslw-897               tridge            4712   Dec 20 10:30:30 being held
+
+****************************************************************************/
+static BOOL parse_lpq_sysv(char *line,print_queue_struct *buf,BOOL first)
+{
+  fstring tok[9];
+  int count=0;
+  char *p;
+
+  /* 
+   * Handle the dash in the job id, but make sure that we skip over
+   * the printer name in case we have a dash in that.
+   * Patch from Dom.Mitchell@palmerharvey.co.uk.
+   */
+
+  /*
+   * Move to the first space.
+   */
+  for (p = line ; !isspace(*p) && *p; p++)
+    ;
+
+  /*
+   * Back up until the last '-' character or
+   * start of line.
+   */
+  for (; (p >= line) && (*p != '-'); p--)
+    ;
+
+  if((p >= line) && (*p == '-'))
+    *p = ' ';
+
+  for (count=0; count<9 && next_token(&line,tok[count],NULL,sizeof(tok[count])); count++)
+    ;
+
+  /* we must get 7 tokens */
+  if (count < 7)
+    return(False);
+
+  /* the 2nd and 4th, 6th columns must be integer */
+  if (!isdigit((int)*tok[1]) || !isdigit((int)*tok[3]))
+    return(False);
+  if (!isdigit((int)*tok[5]))
+    return(False);
+
+  /* if the user contains a ! then trim the first part of it */  
+  if ((p=strchr_m(tok[2],'!'))) {
+      fstring tmp;
+      fstrcpy(tmp,p+1);
+      fstrcpy(tok[2],tmp);
+  }
+
+  buf->job = atoi(tok[1]);
+  buf->size = atoi(tok[3]);
+  if (count > 7 && strequal(tok[7],"on"))
+    buf->status = LPQ_PRINTING;
+  else if (count > 8 && strequal(tok[7],"being") && strequal(tok[8],"held"))
+    buf->status = LPQ_PAUSED;
+  else
+    buf->status = LPQ_QUEUED;
+  buf->priority = 0;
+  buf->time = EntryTime(tok, 4, count, 7);
+  StrnCpy(buf->fs_user,tok[2],sizeof(buf->fs_user)-1);
+  StrnCpy(buf->fs_file,tok[2],sizeof(buf->fs_file)-1);
+  return(True);
+}
+
+/****************************************************************************
+parse a lpq line
+
+here is an example of lpq output under qnx
+Spooler: /qnx/spooler, on node 1
+Printer: txt        (ready) 
+0000:     root	[job #1    ]   active 1146 bytes	/etc/profile
+0001:     root	[job #2    ]    ready 2378 bytes	/etc/install
+0002:     root	[job #3    ]    ready 1146 bytes	-- standard input --
+****************************************************************************/
+static BOOL parse_lpq_qnx(char *line,print_queue_struct *buf,BOOL first)
+{
+  fstring tok[7];
+  int count=0;
+
+  DEBUG(4,("antes [%s]\n", line));
+
+  /* handle the case of "-- standard input --" as a filename */
+  pstring_sub(line,"standard input","STDIN");
+  DEBUG(4,("despues [%s]\n", line));
+  all_string_sub(line,"-- ","\"",0);
+  all_string_sub(line," --","\"",0);
+  DEBUG(4,("despues 1 [%s]\n", line));
+
+  pstring_sub(line,"[job #","");
+  pstring_sub(line,"]","");
+  DEBUG(4,("despues 2 [%s]\n", line));
+
+  
+  
+  for (count=0; count<7 && next_token(&line,tok[count],NULL,sizeof(tok[count])); count++) ;
+
+  /* we must get 7 tokens */
+  if (count < 7)
+    return(False);
+
+  /* the 3rd and 5th columns must be integer */
+  if (!isdigit((int)*tok[2]) || !isdigit((int)*tok[4])) return(False);
+
+  /* only take the last part of the filename */
+  {
+    fstring tmp;
+    char *p = strrchr_m(tok[6],'/');
+    if (p)
+      {
+	fstrcpy(tmp,p+1);
+	fstrcpy(tok[6],tmp);
+      }
+  }
+	
+
+  buf->job = atoi(tok[2]);
+  buf->size = atoi(tok[4]);
+  buf->status = strequal(tok[3],"active")?LPQ_PRINTING:LPQ_QUEUED;
+  buf->priority = 0;
+  buf->time = time(NULL);
+  StrnCpy(buf->fs_user,tok[1],sizeof(buf->fs_user)-1);
+  StrnCpy(buf->fs_file,tok[6],sizeof(buf->fs_file)-1);
+  return(True);
+}
+
+
+/****************************************************************************
+  parse a lpq line for the plp printing system
+  Bertrand Wallrich <Bertrand.Wallrich@loria.fr>
+
+redone by tridge. Here is a sample queue:
+
+Local  Printer 'lp2' (fjall):
+  Printing (started at Jun 15 13:33:58, attempt 1).
+    Rank Owner       Pr Opt  Job Host        Files           Size     Date
+  active tridge      X  -    6   fjall       /etc/hosts      739      Jun 15 13:33
+     3rd tridge      X  -    7   fjall       /etc/hosts      739      Jun 15 13:33
+
+****************************************************************************/
+static BOOL parse_lpq_plp(char *line,print_queue_struct *buf,BOOL first)
+{
+  fstring tok[11];
+  int count=0;
+
+  /* handle the case of "(standard input)" as a filename */
+  pstring_sub(line,"stdin","STDIN");
+  all_string_sub(line,"(","\"",0);
+  all_string_sub(line,")","\"",0);
+  
+  for (count=0; count<11 && next_token(&line,tok[count],NULL,sizeof(tok[count])); count++) ;
+
+  /* we must get 11 tokens */
+  if (count < 11)
+    return(False);
+
+  /* the first must be "active" or begin with an integer */
+  if (strcmp(tok[0],"active") && !isdigit((int)tok[0][0]))
+    return(False);
+
+  /* the 5th and 8th must be integer */
+  if (!isdigit((int)*tok[4]) || !isdigit((int)*tok[7])) 
+    return(False);
+
+  /* if the fname contains a space then use STDIN */
+  if (strchr_m(tok[6],' '))
+    fstrcpy(tok[6],"STDIN");
+
+  /* only take the last part of the filename */
+  {
+    fstring tmp;
+    char *p = strrchr_m(tok[6],'/');
+    if (p)
+      {
+        fstrcpy(tmp,p+1);
+        fstrcpy(tok[6],tmp);
+      }
+  }
+
+
+  buf->job = atoi(tok[4]);
+
+  buf->size = atoi(tok[7]);
+  if (strchr_m(tok[7],'K'))
+    buf->size *= 1024;
+  if (strchr_m(tok[7],'M'))
+    buf->size *= 1024*1024;
+
+  buf->status = strequal(tok[0],"active")?LPQ_PRINTING:LPQ_QUEUED;
+  buf->priority = 0;
+  buf->time = time(NULL);
+  StrnCpy(buf->fs_user,tok[1],sizeof(buf->fs_user)-1);
+  StrnCpy(buf->fs_file,tok[6],sizeof(buf->fs_file)-1);
+  return(True);
+}
+
+/****************************************************************************
+parse a qstat line
+
+here is an example of "qstat -l -d qms" output under softq
+
+Queue qms: 2 jobs; daemon active (313); enabled; accepting;
+ job-ID   submission-time     pri     size owner      title 
+205980: H 98/03/09 13:04:05     0    15733 stephenf   chap1.ps
+206086:>  98/03/12 17:24:40     0      659 chris      -
+206087:   98/03/12 17:24:45     0     4876 chris      -
+Total:      21268 bytes in queue
+
+
+****************************************************************************/
+static BOOL parse_lpq_softq(char *line,print_queue_struct *buf,BOOL first)
+{
+  fstring tok[10];
+  int count=0;
+
+  /* mung all the ":"s to spaces*/
+  pstring_sub(line,":"," ");
+  
+  for (count=0; count<10 && next_token(&line,tok[count],NULL,sizeof(tok[count])); count++) ;
+
+  /* we must get 9 tokens */
+  if (count < 9)
+    return(False);
+
+  /* the 1st and 7th columns must be integer */
+  if (!isdigit((int)*tok[0]) || !isdigit((int)*tok[6]))  return(False);
+  /* if the 2nd column is either '>' or 'H' then the 7th and 8th must be
+   * integer, else it's the 6th and 7th that must be
+   */
+  if (*tok[1] == 'H' || *tok[1] == '>')
+    {
+      if (!isdigit((int)*tok[7]))
+        return(False);
+      buf->status = *tok[1] == '>' ? LPQ_PRINTING : LPQ_PAUSED;
+      count = 1;
+    }
+  else
+    {
+      if (!isdigit((int)*tok[5]))
+        return(False);
+      buf->status = LPQ_QUEUED;
+      count = 0;
+    }
+	
+
+  buf->job = atoi(tok[0]);
+  buf->size = atoi(tok[count+6]);
+  buf->priority = atoi(tok[count+5]);
+  StrnCpy(buf->fs_user,tok[count+7],sizeof(buf->fs_user)-1);
+  StrnCpy(buf->fs_file,tok[count+8],sizeof(buf->fs_file)-1);
+  buf->time = time(NULL);		/* default case: take current time */
+  {
+    time_t jobtime;
+    struct tm *t;
+
+    t = localtime(&buf->time);
+    t->tm_mday = atoi(tok[count+2]+6);
+    t->tm_mon  = atoi(tok[count+2]+3);
+    switch (*tok[count+2])
+    {
+    case 7: case 8: case 9: t->tm_year = atoi(tok[count+2]); break;
+    default:                t->tm_year = atoi(tok[count+2]); break;
+    }
+
+    t->tm_hour = atoi(tok[count+3]);
+    t->tm_min = atoi(tok[count+4]);
+    t->tm_sec = atoi(tok[count+5]);
+    jobtime = mktime(t);
+    if (jobtime != (time_t)-1)
+      buf->time = jobtime; 
+  }
+
+  return(True);
+}
+
+/*******************************************************************
+parse lpq on an NT system
+
+                         Windows 2000 LPD Server
+                              Printer \\10.0.0.2\NP17PCL (Paused)
+
+Owner       Status         Jobname          Job-Id    Size   Pages  Priority
+----------------------------------------------------------------------------
+root (9.99. Printing  /usr/lib/rhs/rhs-pr      3       625      0      1
+root (9.99. Paused    /usr/lib/rhs/rhs-pr      4       625      0      1
+jmcd        Waiting   Re: Samba Open Sour     26     32476      1      1
+
+********************************************************************/
+static BOOL parse_lpq_nt(char *line,print_queue_struct *buf,BOOL first)
+{
+#define LPRNT_OWNSIZ 11
+#define LPRNT_STATSIZ 9
+#define LPRNT_JOBSIZ 19
+#define LPRNT_IDSIZ 6
+#define LPRNT_SIZSIZ 9
+  typedef struct 
+  {
+    char owner[LPRNT_OWNSIZ];
+    char space1;
+    char status[LPRNT_STATSIZ];
+    char space2;
+    char jobname[LPRNT_JOBSIZ];
+    char space3;
+    char jobid[LPRNT_IDSIZ];
+    char space4;
+    char size[LPRNT_SIZSIZ];
+    char terminator;
+  } nt_lpq_line;
+
+  nt_lpq_line parse_line;
+#define LPRNT_PRINTING "Printing"
+#define LPRNT_WAITING "Waiting"
+#define LPRNT_PAUSED "Paused"
+
+  memset(&parse_line, '\0', sizeof(parse_line));
+  strncpy((char *) &parse_line, line, sizeof(parse_line) -1);
+
+  if (strlen((char *) &parse_line) != sizeof(parse_line) - 1)
+    return(False);
+
+  /* Just want the first word in the owner field - the username */
+  if (strchr_m(parse_line.owner, ' '))
+    *(strchr_m(parse_line.owner, ' ')) = '\0';
+  else
+    parse_line.space1 = '\0';
+
+  /* Make sure we have an owner */
+  if (!strlen(parse_line.owner))
+    return(False);
+
+  /* Make sure the status is valid */
+  parse_line.space2 = '\0';
+  trim_string(parse_line.status, NULL, " ");
+  if (!strequal(parse_line.status, LPRNT_PRINTING) &&
+      !strequal(parse_line.status, LPRNT_PAUSED) &&
+      !strequal(parse_line.status, LPRNT_WAITING))
+    return(False);
+  
+  parse_line.space3 = '\0';
+  trim_string(parse_line.jobname, NULL, " ");
+
+  buf->job = atoi(parse_line.jobid);
+  buf->priority = 0;
+  buf->size = atoi(parse_line.size);
+  buf->time = time(NULL);
+  StrnCpy(buf->fs_user, parse_line.owner, sizeof(buf->fs_user)-1);
+  StrnCpy(buf->fs_file, parse_line.jobname, sizeof(buf->fs_file)-1);
+  if (strequal(parse_line.status, LPRNT_PRINTING))
+    buf->status = LPQ_PRINTING;
+  else if (strequal(parse_line.status, LPRNT_PAUSED))
+    buf->status = LPQ_PAUSED;
+  else
+    buf->status = LPQ_QUEUED;
+
+  return(True);
+}
+
+/*******************************************************************
+parse lpq on an OS2 system
+
+JobID  File Name          Rank      Size        Status          Comment       
+-----  ---------------    ------    --------    ------------    ------------  
+    3  Control                 1          68    Queued          root@psflinu  
+    4  /etc/motd               2       11666    Queued          root@psflinu  
+
+********************************************************************/
+static BOOL parse_lpq_os2(char *line,print_queue_struct *buf,BOOL first)
+{
+#define LPROS2_IDSIZ 5
+#define LPROS2_JOBSIZ 15
+#define LPROS2_SIZSIZ 8
+#define LPROS2_STATSIZ 12
+#define LPROS2_OWNSIZ 12
+  typedef struct 
+  {
+    char jobid[LPROS2_IDSIZ];
+    char space1[2];
+    char jobname[LPROS2_JOBSIZ];
+    char space2[14];
+    char size[LPROS2_SIZSIZ];
+    char space3[4];
+    char status[LPROS2_STATSIZ];
+    char space4[4];
+    char owner[LPROS2_OWNSIZ];
+    char terminator;
+  } os2_lpq_line;
+
+  os2_lpq_line parse_line;
+#define LPROS2_PRINTING "Printing"
+#define LPROS2_WAITING "Queued"
+#define LPROS2_PAUSED "Paused"
+
+  memset(&parse_line, '\0', sizeof(parse_line));
+  strncpy((char *) &parse_line, line, sizeof(parse_line) -1);
+
+  if (strlen((char *) &parse_line) != sizeof(parse_line) - 1)
+    return(False);
+
+  /* Get the jobid */
+  buf->job = atoi(parse_line.jobid);
+
+  /* Get the job name */
+  parse_line.space2[0] = '\0';
+  trim_string(parse_line.jobname, NULL, " ");
+  StrnCpy(buf->fs_file, parse_line.jobname, sizeof(buf->fs_file)-1);
+
+  buf->priority = 0;
+  buf->size = atoi(parse_line.size);
+  buf->time = time(NULL);
+
+  /* Make sure we have an owner */
+  if (!strlen(parse_line.owner))
+    return(False);
+
+  /* Make sure we have a valid status */
+  parse_line.space4[0] = '\0';
+  trim_string(parse_line.status, NULL, " ");
+  if (!strequal(parse_line.status, LPROS2_PRINTING) &&
+      !strequal(parse_line.status, LPROS2_PAUSED) &&
+      !strequal(parse_line.status, LPROS2_WAITING))
+    return(False);
+
+  StrnCpy(buf->fs_user, parse_line.owner, sizeof(buf->fs_user)-1);
+  if (strequal(parse_line.status, LPROS2_PRINTING))
+    buf->status = LPQ_PRINTING;
+  else if (strequal(parse_line.status, LPROS2_PAUSED))
+    buf->status = LPQ_PAUSED;
+  else
+    buf->status = LPQ_QUEUED;
+
+  return(True);
+}
+
+static char *stat0_strings[] = { "enabled", "online", "idle", "no entries", "free", "ready", NULL };
+static char *stat1_strings[] = { "offline", "disabled", "down", "off", "waiting", "no daemon", NULL };
+static char *stat2_strings[] = { "jam", "paper", "error", "responding", "not accepting", "not running", "turned off", NULL };
+
+#ifdef DEVELOPER
+
+/****************************************************************************
+parse a vlp line
+****************************************************************************/
+static BOOL parse_lpq_vlp(char *line,print_queue_struct *buf,BOOL first)
+{
+	int toknum = 0;
+	fstring tok;
+
+	/* First line is printer status */
+
+	if (!isdigit(line[0])) return False;
+
+	/* Parse a print job entry */
+
+	while(next_token(&line, tok, NULL, sizeof(fstring))) {
+		switch (toknum) {
+		case 0:
+			buf->job = atoi(tok);
+			break;
+		case 1:
+			buf->size = atoi(tok);
+			break;
+		case 2:
+			buf->status = atoi(tok);
+			break;
+		case 3:
+			buf->time = atoi(tok);
+			break;
+		case 4:
+			fstrcpy(buf->fs_user, tok);
+			break;
+		case 5:
+			fstrcpy(buf->fs_file, tok);
+			break;
+		}
+		toknum++;
+	}
+
+	return True;
+}
+
+#endif /* DEVELOPER */
+
+/****************************************************************************
+parse a lpq line. Choose printing style
+****************************************************************************/
+BOOL parse_lpq_entry(int snum,char *line,
+		     print_queue_struct *buf,
+		     print_status_struct *status,BOOL first)
+{
+  BOOL ret;
+
+  switch (lp_printing(snum))
+    {
+    case PRINT_SYSV:
+      ret = parse_lpq_sysv(line,buf,first);
+      break;
+    case PRINT_AIX:      
+      ret = parse_lpq_aix(line,buf,first);
+      break;
+    case PRINT_HPUX:
+      ret = parse_lpq_hpux(line,buf,first);
+      break;
+    case PRINT_QNX:
+      ret = parse_lpq_qnx(line,buf,first);
+      break;
+    case PRINT_LPRNG:
+      ret = parse_lpq_lprng(line,buf,first);
+      break;
+    case PRINT_PLP:
+      ret = parse_lpq_plp(line,buf,first);
+      break;
+    case PRINT_SOFTQ:
+      ret = parse_lpq_softq(line,buf,first);
+      break;
+    case PRINT_LPRNT:
+      ret = parse_lpq_nt(line,buf,first);
+      break;
+    case PRINT_LPROS2:
+      ret = parse_lpq_os2(line,buf,first);
+      break;
+#ifdef DEVELOPER
+    case PRINT_VLP:
+    case PRINT_TEST:
+	    ret = parse_lpq_vlp(line,buf,first);
+	    break;
+#endif /* DEVELOPER */
+    default:
+      ret = parse_lpq_bsd(line,buf,first);
+      break;
+    }
+
+  /* We don't want the newline in the status message. */
+  {
+    char *p = strchr_m(line,'\n');
+    if (p) *p = 0;
+  }
+
+  /* in the LPRNG case, we skip lines starting by a space.*/
+  if (line && !ret && (lp_printing(snum)==PRINT_LPRNG) )
+  {
+  	if (line[0]==' ')
+		return ret;
+  }
+
+
+  if (status && !ret)
+    {
+      /* a few simple checks to see if the line might be a
+         printer status line: 
+	 handle them so that most severe condition is shown */
+      int i;
+      strlower(line);
+      
+      switch (status->status) {
+      case LPSTAT_OK:
+	for (i=0; stat0_strings[i]; i++)
+	  if (strstr(line,stat0_strings[i])) {
+	    StrnCpy(status->message,line,sizeof(status->message)-1);
+	    status->status=LPSTAT_OK;
+	    return ret;
+	  }
+      case LPSTAT_STOPPED:
+	for (i=0; stat1_strings[i]; i++)
+	  if (strstr(line,stat1_strings[i])) {
+	    StrnCpy(status->message,line,sizeof(status->message)-1);
+	    status->status=LPSTAT_STOPPED;
+	    return ret;
+	  }
+      case LPSTAT_ERROR:
+	for (i=0; stat2_strings[i]; i++)
+	  if (strstr(line,stat2_strings[i])) {
+	    StrnCpy(status->message,line,sizeof(status->message)-1);
+	    status->status=LPSTAT_ERROR;
+	    return ret;
+	  }
+	break;
+      }
+    }
+
+  return(ret);
+}
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
new file mode 100644
index 0000000000..907c3fd8e6
--- /dev/null
+++ b/source3/printing/nt_printing.c
@@ -0,0 +1,4050 @@
+/*
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell              1992-2000,
+ *  Copyright (C) Jean François Micouleau      1998-2000.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+extern DOM_SID global_sid_World;
+
+static TDB_CONTEXT *tdb_forms; /* used for forms files */
+static TDB_CONTEXT *tdb_drivers; /* used for driver files */
+static TDB_CONTEXT *tdb_printers; /* used for printers files */
+
+#define FORMS_PREFIX "FORMS/"
+#define DRIVERS_PREFIX "DRIVERS/"
+#define DRIVER_INIT_PREFIX "DRIVER_INIT/"
+#define PRINTERS_PREFIX "PRINTERS/"
+#define SECDESC_PREFIX "SECDESC/"
+#define GLOBAL_C_SETPRINTER "GLOBALS/c_setprinter"
+ 
+#define NTDRIVERS_DATABASE_VERSION_1 1
+#define NTDRIVERS_DATABASE_VERSION_2 2
+#define NTDRIVERS_DATABASE_VERSION_3 3 /* little endian version of v2 */
+ 
+#define NTDRIVERS_DATABASE_VERSION NTDRIVERS_DATABASE_VERSION_3
+
+/* Map generic permissions to printer object specific permissions */
+
+GENERIC_MAPPING printer_generic_mapping = {
+	PRINTER_READ,
+	PRINTER_WRITE,
+	PRINTER_EXECUTE,
+	PRINTER_ALL_ACCESS
+};
+
+STANDARD_MAPPING printer_std_mapping = {
+	PRINTER_READ,
+	PRINTER_WRITE,
+	PRINTER_EXECUTE,
+	PRINTER_ALL_ACCESS
+};
+
+/* We need one default form to support our default printer. Msoft adds the
+forms it wants and in the ORDER it wants them (note: DEVMODE papersize is an
+array index). Letter is always first, so (for the current code) additions
+always put things in the correct order. */
+static nt_forms_struct default_forms[] = {
+	{"Letter",0x1,0x34b5c,0x44368,0x0,0x0,0x34b5c,0x44368},
+	{"Letter Small",0x1,0x34b5c,0x44368,0x0,0x0,0x34b5c,0x44368},
+	{"Tabloid",0x1,0x44368,0x696b8,0x0,0x0,0x44368,0x696b8},
+	{"Ledger",0x1,0x696b8,0x44368,0x0,0x0,0x696b8,0x44368},
+	{"Legal",0x1,0x34b5c,0x56d10,0x0,0x0,0x34b5c,0x56d10},
+	{"Statement",0x1,0x221b4,0x34b5c,0x0,0x0,0x221b4,0x34b5c},
+	{"Executive",0x1,0x2cf56,0x411cc,0x0,0x0,0x2cf56,0x411cc},
+	{"A3",0x1,0x48828,0x668a0,0x0,0x0,0x48828,0x668a0},
+	{"A4",0x1,0x33450,0x48828,0x0,0x0,0x33450,0x48828},
+	{"A4 Small",0x1,0x33450,0x48828,0x0,0x0,0x33450,0x48828},
+	{"A5",0x1,0x24220,0x33450,0x0,0x0,0x24220,0x33450},
+	{"B4 (JIS)",0x1,0x3ebe8,0x58de0,0x0,0x0,0x3ebe8,0x58de0},
+	{"B5 (JIS)",0x1,0x2c6f0,0x3ebe8,0x0,0x0,0x2c6f0,0x3ebe8},
+	{"Folio",0x1,0x34b5c,0x509d8,0x0,0x0,0x34b5c,0x509d8},
+	{"Quarto",0x1,0x347d8,0x43238,0x0,0x0,0x347d8,0x43238},
+	{"10x14",0x1,0x3e030,0x56d10,0x0,0x0,0x3e030,0x56d10},
+	{"11x17",0x1,0x44368,0x696b8,0x0,0x0,0x44368,0x696b8},
+	{"Note",0x1,0x34b5c,0x44368,0x0,0x0,0x34b5c,0x44368},
+	{"Envelope #9",0x1,0x18079,0x37091,0x0,0x0,0x18079,0x37091},
+	{"Envelope #10",0x1,0x19947,0x3ae94,0x0,0x0,0x19947,0x3ae94},
+	{"Envelope #11",0x1,0x1be7c,0x40565,0x0,0x0,0x1be7c,0x40565},
+	{"Envelope #12",0x1,0x1d74a,0x44368,0x0,0x0,0x1d74a,0x44368},
+	{"Envelope #14",0x1,0x1f018,0x47504,0x0,0x0,0x1f018,0x47504},
+	{"C size sheet",0x1,0x696b8,0x886d0,0x0,0x0,0x696b8,0x886d0},
+	{"D size sheet",0x1,0x886d0,0xd2d70,0x0,0x0,0x886d0,0xd2d70},
+	{"E size sheet",0x1,0xd2d70,0x110da0,0x0,0x0,0xd2d70,0x110da0},
+	{"Envelope DL",0x1,0x1adb0,0x35b60,0x0,0x0,0x1adb0,0x35b60},
+	{"Envelope C5",0x1,0x278d0,0x37e88,0x0,0x0,0x278d0,0x37e88},
+	{"Envelope C3",0x1,0x4f1a0,0x6fd10,0x0,0x0,0x4f1a0,0x6fd10},
+	{"Envelope C4",0x1,0x37e88,0x4f1a0,0x0,0x0,0x37e88,0x4f1a0},
+	{"Envelope C6",0x1,0x1bd50,0x278d0,0x0,0x0,0x1bd50,0x278d0},
+	{"Envelope C65",0x1,0x1bd50,0x37e88,0x0,0x0,0x1bd50,0x37e88},
+	{"Envelope B4",0x1,0x3d090,0x562e8,0x0,0x0,0x3d090,0x562e8},
+	{"Envelope B5",0x1,0x2af80,0x3d090,0x0,0x0,0x2af80,0x3d090},
+	{"Envelope B6",0x1,0x2af80,0x1e848,0x0,0x0,0x2af80,0x1e848},
+	{"Envelope",0x1,0x1adb0,0x38270,0x0,0x0,0x1adb0,0x38270},
+	{"Envelope Monarch",0x1,0x18079,0x2e824,0x0,0x0,0x18079,0x2e824},
+	{"6 3/4 Envelope",0x1,0x167ab,0x284ec,0x0,0x0,0x167ab,0x284ec},
+	{"US Std Fanfold",0x1,0x5c3e1,0x44368,0x0,0x0,0x5c3e1,0x44368},
+	{"German Std Fanfold",0x1,0x34b5c,0x4a6a0,0x0,0x0,0x34b5c,0x4a6a0},
+	{"German Legal Fanfold",0x1,0x34b5c,0x509d8,0x0,0x0,0x34b5c,0x509d8},
+	{"B4 (ISO)",0x1,0x3d090,0x562e8,0x0,0x0,0x3d090,0x562e8},
+	{"Japanese Postcard",0x1,0x186a0,0x24220,0x0,0x0,0x186a0,0x24220},
+	{"9x11",0x1,0x37cf8,0x44368,0x0,0x0,0x37cf8,0x44368},
+	{"10x11",0x1,0x3e030,0x44368,0x0,0x0,0x3e030,0x44368},
+	{"15x11",0x1,0x5d048,0x44368,0x0,0x0,0x5d048,0x44368},
+	{"Envelope Invite",0x1,0x35b60,0x35b60,0x0,0x0,0x35b60,0x35b60},
+	{"Reserved48",0x1,0x1,0x1,0x0,0x0,0x1,0x1},
+	{"Reserved49",0x1,0x1,0x1,0x0,0x0,0x1,0x1},
+	{"Letter Extra",0x1,0x3ae94,0x4a6a0,0x0,0x0,0x3ae94,0x4a6a0},
+	{"Legal Extra",0x1,0x3ae94,0x5d048,0x0,0x0,0x3ae94,0x5d048},
+	{"Tabloid Extra",0x1,0x4a6a0,0x6f9f0,0x0,0x0,0x4a6a0,0x6f9f0},
+	{"A4 Extra",0x1,0x397c2,0x4eb16,0x0,0x0,0x397c2,0x4eb16},
+	{"Letter Transverse",0x1,0x34b5c,0x44368,0x0,0x0,0x34b5c,0x44368},
+	{"A4 Transverse",0x1,0x33450,0x48828,0x0,0x0,0x33450,0x48828},
+	{"Letter Extra Transverse",0x1,0x3ae94,0x4a6a0,0x0,0x0,0x3ae94,0x4a6a0},
+	{"Super A",0x1,0x376b8,0x56ea0,0x0,0x0,0x376b8,0x56ea0},
+	{"Super B",0x1,0x4a768,0x76e58,0x0,0x0,0x4a768,0x76e58},
+	{"Letter Plus",0x1,0x34b5c,0x4eb16,0x0,0x0,0x34b5c,0x4eb16},
+	{"A4 Plus",0x1,0x33450,0x50910,0x0,0x0,0x33450,0x50910},
+	{"A5 Transverse",0x1,0x24220,0x33450,0x0,0x0,0x24220,0x33450},
+	{"B5 (JIS) Transverse",0x1,0x2c6f0,0x3ebe8,0x0,0x0,0x2c6f0,0x3ebe8},
+	{"A3 Extra",0x1,0x4e9d0,0x6ca48,0x0,0x0,0x4e9d0,0x6ca48},
+	{"A5 Extra",0x1,0x2a7b0,0x395f8,0x0,0x0,0x2a7b0,0x395f8},
+	{"B5 (ISO) Extra",0x1,0x31128,0x43620,0x0,0x0,0x31128,0x43620},
+	{"A2",0x1,0x668a0,0x91050,0x0,0x0,0x668a0,0x91050},
+	{"A3 Transverse",0x1,0x48828,0x668a0,0x0,0x0,0x48828,0x668a0},
+	{"A3 Extra Transverse",0x1,0x4e9d0,0x6ca48,0x0,0x0,0x4e9d0,0x6ca48},
+	{"Japanese Double Postcard",0x1,0x30d40,0x24220,0x0,0x0,0x30d40,0x24220},
+	{"A6",0x1,0x19a28,0x24220,0x0,0x0,0x19a28,0x24220},
+	{"Japanese Envelope Kaku #2",0x1,0x3a980,0x510e0,0x0,0x0,0x3a980,0x510e0},
+	{"Japanese Envelope Kaku #3",0x1,0x34bc0,0x43a08,0x0,0x0,0x34bc0,0x43a08},
+	{"Japanese Envelope Chou #3",0x1,0x1d4c0,0x395f8,0x0,0x0,0x1d4c0,0x395f8},
+	{"Japanese Envelope Chou #4",0x1,0x15f90,0x320c8,0x0,0x0,0x15f90,0x320c8},
+	{"Letter Rotated",0x1,0x44368,0x34b5c,0x0,0x0,0x44368,0x34b5c},
+	{"A3 Rotated",0x1,0x668a0,0x48828,0x0,0x0,0x668a0,0x48828},
+	{"A4 Rotated",0x1,0x48828,0x33450,0x0,0x0,0x48828,0x33450},
+	{"A5 Rotated",0x1,0x33450,0x24220,0x0,0x0,0x33450,0x24220},
+	{"B4 (JIS) Rotated",0x1,0x58de0,0x3ebe8,0x0,0x0,0x58de0,0x3ebe8},
+	{"B5 (JIS) Rotated",0x1,0x3ebe8,0x2c6f0,0x0,0x0,0x3ebe8,0x2c6f0},
+	{"Japanese Postcard Rotated",0x1,0x24220,0x186a0,0x0,0x0,0x24220,0x186a0},
+	{"Double Japan Postcard Rotated",0x1,0x24220,0x30d40,0x0,0x0,0x24220,0x30d40},
+	{"A6 Rotated",0x1,0x24220,0x19a28,0x0,0x0,0x24220,0x19a28},
+	{"Japan Envelope Kaku #2 Rotated",0x1,0x510e0,0x3a980,0x0,0x0,0x510e0,0x3a980},
+	{"Japan Envelope Kaku #3 Rotated",0x1,0x43a08,0x34bc0,0x0,0x0,0x43a08, 0x34bc0},
+	{"Japan Envelope Chou #3 Rotated",0x1,0x395f8,0x1d4c0,0x0,0x0,0x395f8,0x1d4c0},
+	{"Japan Envelope Chou #4 Rotated",0x1,0x320c8,0x15f90,0x0,0x0,0x320c8,0x15f90},
+	{"B6 (JIS)",0x1,0x1f400,0x2c6f0,0x0,0x0,0x1f400,0x2c6f0},
+	{"B6 (JIS) Rotated",0x1,0x2c6f0,0x1f400,0x0,0x0,0x2c6f0,0x1f400},
+	{"12x11",0x1,0x4a724,0x443e1,0x0,0x0,0x4a724,0x443e1},
+	{"Japan Envelope You #4",0x1,0x19a28,0x395f8,0x0,0x0,0x19a28,0x395f8},
+	{"Japan Envelope You #4 Rotated",0x1,0x395f8,0x19a28,0x0,0x0,0x395f8,0x19a28},
+	{"PRC 16K",0x1,0x2de60,0x3f7a0,0x0,0x0,0x2de60,0x3f7a0},
+	{"PRC 32K",0x1,0x1fbd0,0x2cec0,0x0,0x0,0x1fbd0,0x2cec0},
+	{"PRC 32K(Big)",0x1,0x222e0,0x318f8,0x0,0x0,0x222e0,0x318f8},
+	{"PRC Envelope #1",0x1,0x18e70,0x28488,0x0,0x0,0x18e70,0x28488},
+	{"PRC Envelope #2",0x1,0x18e70,0x2af80,0x0,0x0,0x18e70,0x2af80},
+	{"PRC Envelope #3",0x1,0x1e848,0x2af80,0x0,0x0,0x1e848,0x2af80},
+	{"PRC Envelope #4",0x1,0x1adb0,0x32c80,0x0,0x0,0x1adb0,0x32c80},
+	{"PRC Envelope #5",0x1,0x1adb0,0x35b60,0x0,0x0,0x1adb0,0x35b60},
+	{"PRC Envelope #6",0x1,0x1d4c0,0x38270,0x0,0x0,0x1d4c0,0x38270},
+	{"PRC Envelope #7",0x1,0x27100,0x38270,0x0,0x0,0x27100,0x38270},
+	{"PRC Envelope #8",0x1,0x1d4c0,0x4b708,0x0,0x0,0x1d4c0,0x4b708},
+	{"PRC Envelope #9",0x1,0x37e88,0x4f1a0,0x0,0x0,0x37e88,0x4f1a0},
+	{"PRC Envelope #10",0x1,0x4f1a0,0x6fd10,0x0,0x0,0x4f1a0,0x6fd10},
+	{"PRC 16K Rotated",0x1,0x3f7a0,0x2de60,0x0,0x0,0x3f7a0,0x2de60},
+	{"PRC 32K Rotated",0x1,0x2cec0,0x1fbd0,0x0,0x0,0x2cec0,0x1fbd0},
+	{"PRC 32K(Big) Rotated",0x1,0x318f8,0x222e0,0x0,0x0,0x318f8,0x222e0},
+	{"PRC Envelope #1 Rotated",0x1,0x28488,0x18e70,0x0,0x0,0x28488,0x18e70},
+	{"PRC Envelope #2 Rotated",0x1,0x2af80,0x18e70,0x0,0x0,0x2af80,0x18e70},
+	{"PRC Envelope #3 Rotated",0x1,0x2af80,0x1e848,0x0,0x0,0x2af80,0x1e848},
+	{"PRC Envelope #4 Rotated",0x1,0x32c80,0x1adb0,0x0,0x0,0x32c80,0x1adb0},
+	{"PRC Envelope #5 Rotated",0x1,0x35b60,0x1adb0,0x0,0x0,0x35b60,0x1adb0},
+	{"PRC Envelope #6 Rotated",0x1,0x38270,0x1d4c0,0x0,0x0,0x38270,0x1d4c0},
+	{"PRC Envelope #7 Rotated",0x1,0x38270,0x27100,0x0,0x0,0x38270,0x27100},
+	{"PRC Envelope #8 Rotated",0x1,0x4b708,0x1d4c0,0x0,0x0,0x4b708,0x1d4c0},
+	{"PRC Envelope #9 Rotated",0x1,0x4f1a0,0x37e88,0x0,0x0,0x4f1a0,0x37e88},
+	{"PRC Envelope #10 Rotated",0x1,0x6fd10,0x4f1a0,0x0,0x0,0x6fd10,0x4f1a0}
+};
+
+static BOOL upgrade_to_version_3(void)
+{
+	TDB_DATA kbuf, newkey, dbuf;
+ 
+	DEBUG(0,("upgrade_to_version_3: upgrading print tdb's to version 3\n"));
+ 
+	for (kbuf = tdb_firstkey(tdb_drivers); kbuf.dptr;
+			newkey = tdb_nextkey(tdb_drivers, kbuf), safe_free(kbuf.dptr), kbuf=newkey) {
+
+		dbuf = tdb_fetch(tdb_drivers, kbuf);
+
+		if (strncmp(kbuf.dptr, FORMS_PREFIX, strlen(FORMS_PREFIX)) == 0) {
+			DEBUG(0,("upgrade_to_version_3:moving form\n"));
+			if (tdb_store(tdb_forms, kbuf, dbuf, TDB_REPLACE) != 0) {
+				DEBUG(0,("upgrade_to_version_3: failed to move form. Error (%s).\n", tdb_errorstr(tdb_forms)));
+				return False;
+			}
+			if (tdb_delete(tdb_drivers, kbuf) != 0) {
+				DEBUG(0,("upgrade_to_version_3: failed to delete form. Error (%s)\n", tdb_errorstr(tdb_drivers)));
+				return False;
+			}
+		}
+ 
+		if (strncmp(kbuf.dptr, PRINTERS_PREFIX, strlen(PRINTERS_PREFIX)) == 0) {
+			DEBUG(0,("upgrade_to_version_3:moving printer\n"));
+			if (tdb_store(tdb_printers, kbuf, dbuf, TDB_REPLACE) != 0) {
+				DEBUG(0,("upgrade_to_version_3: failed to move printer. Error (%s)\n", tdb_errorstr(tdb_printers)));
+				return False;
+			}
+			if (tdb_delete(tdb_drivers, kbuf) != 0) {
+				DEBUG(0,("upgrade_to_version_3: failed to delete printer. Error (%s)\n", tdb_errorstr(tdb_drivers)));
+				return False;
+			}
+		}
+ 
+		if (strncmp(kbuf.dptr, SECDESC_PREFIX, strlen(SECDESC_PREFIX)) == 0) {
+			DEBUG(0,("upgrade_to_version_3:moving secdesc\n"));
+			if (tdb_store(tdb_printers, kbuf, dbuf, TDB_REPLACE) != 0) {
+				DEBUG(0,("upgrade_to_version_3: failed to move secdesc. Error (%s)\n", tdb_errorstr(tdb_printers)));
+				return False;
+			}
+			if (tdb_delete(tdb_drivers, kbuf) != 0) {
+				DEBUG(0,("upgrade_to_version_3: failed to delete secdesc. Error (%s)\n", tdb_errorstr(tdb_drivers)));
+				return False;
+			}
+		}
+ 
+		SAFE_FREE(dbuf.dptr);
+	}
+
+	return True;
+}
+
+/****************************************************************************
+ Open the NT printing tdb.
+****************************************************************************/
+
+BOOL nt_printing_init(void)
+{
+	static pid_t local_pid;
+	char *vstring = "INFO/version";
+
+	if (tdb_drivers && tdb_printers && tdb_forms && local_pid == sys_getpid())
+		return True;
+ 
+	tdb_drivers = tdb_open_log(lock_path("ntdrivers.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
+	if (!tdb_drivers) {
+		DEBUG(0,("nt_printing_init: Failed to open nt drivers database %s (%s)\n",
+			lock_path("ntdrivers.tdb"), strerror(errno) ));
+		return False;
+	}
+ 
+	tdb_printers = tdb_open_log(lock_path("ntprinters.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
+	if (!tdb_printers) {
+		DEBUG(0,("nt_printing_init: Failed to open nt printers database %s (%s)\n",
+			lock_path("ntprinters.tdb"), strerror(errno) ));
+		return False;
+	}
+ 
+	tdb_forms = tdb_open_log(lock_path("ntforms.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
+	if (!tdb_forms) {
+		DEBUG(0,("nt_printing_init: Failed to open nt forms database %s (%s)\n",
+			lock_path("ntforms.tdb"), strerror(errno) ));
+		return False;
+	}
+ 
+	local_pid = sys_getpid();
+ 
+	/* handle a Samba upgrade */
+	tdb_lock_bystring(tdb_drivers, vstring);
+	{
+		int32 vers_id;
+
+		/* Cope with byte-reversed older versions of the db. */
+		vers_id = tdb_fetch_int32(tdb_drivers, vstring);
+		if ((vers_id == NTDRIVERS_DATABASE_VERSION_2) || (IREV(vers_id) == NTDRIVERS_DATABASE_VERSION_2)) {
+			/* Written on a bigendian machine with old fetch_int code. Save as le. */
+			/* The only upgrade between V2 and V3 is to save the version in little-endian. */
+			tdb_store_int32(tdb_drivers, vstring, NTDRIVERS_DATABASE_VERSION);
+			vers_id = NTDRIVERS_DATABASE_VERSION;
+		}
+
+		if (vers_id != NTDRIVERS_DATABASE_VERSION) {
+
+			if ((vers_id == NTDRIVERS_DATABASE_VERSION_1) || (IREV(vers_id) == NTDRIVERS_DATABASE_VERSION_1)) { 
+				if (!upgrade_to_version_3())
+					return False;
+			} else
+				tdb_traverse(tdb_drivers, tdb_traverse_delete_fn, NULL);
+			 
+			tdb_store_int32(tdb_drivers, vstring, NTDRIVERS_DATABASE_VERSION);
+		}
+	}
+	tdb_unlock_bystring(tdb_drivers, vstring);
+
+	update_c_setprinter(True);
+
+	return True;
+}
+
+/*******************************************************************
+ tdb traversal function for counting printers.
+********************************************************************/
+
+static int traverse_counting_printers(TDB_CONTEXT *t, TDB_DATA key,
+                                      TDB_DATA data, void *context)
+{
+	int *printer_count = (int*)context;
+ 
+	if (memcmp(PRINTERS_PREFIX, key.dptr, sizeof(PRINTERS_PREFIX)-1) == 0) {
+		(*printer_count)++;
+		DEBUG(10,("traverse_counting_printers: printer = [%s]  printer_count = %d\n", key.dptr, *printer_count));
+	}
+ 
+	return 0;
+}
+ 
+/*******************************************************************
+ Update the spooler global c_setprinter. This variable is initialized
+ when the parent smbd starts with the number of existing printers. It
+ is monotonically increased by the current number of printers *after*
+ each add or delete printer RPC. Only Microsoft knows why... JRR020119
+********************************************************************/
+
+uint32 update_c_setprinter(BOOL initialize)
+{
+	int32 c_setprinter;
+	int32 printer_count = 0;
+ 
+	tdb_lock_bystring(tdb_printers, GLOBAL_C_SETPRINTER);
+ 
+	/* Traverse the tdb, counting the printers */
+	tdb_traverse(tdb_printers, traverse_counting_printers, (void *)&printer_count);
+ 
+	/* If initializing, set c_setprinter to current printers count
+	 * otherwise, bump it by the current printer count
+	 */
+	if (!initialize)
+		c_setprinter = tdb_fetch_int32(tdb_printers, GLOBAL_C_SETPRINTER) + printer_count;
+	else
+		c_setprinter = printer_count;
+ 
+	DEBUG(10,("update_c_setprinter: c_setprinter = %u\n", (unsigned int)c_setprinter));
+	tdb_store_int32(tdb_printers, GLOBAL_C_SETPRINTER, c_setprinter);
+ 
+	tdb_unlock_bystring(tdb_printers, GLOBAL_C_SETPRINTER);
+ 
+	return (uint32)c_setprinter;
+}
+
+/*******************************************************************
+ Get the spooler global c_setprinter, accounting for initialization.
+********************************************************************/
+
+uint32 get_c_setprinter(void)
+{
+	int32 c_setprinter = tdb_fetch_int32(tdb_printers, GLOBAL_C_SETPRINTER);
+ 
+	if (c_setprinter == (int32)-1)
+		c_setprinter = update_c_setprinter(True);
+ 
+	DEBUG(10,("get_c_setprinter: c_setprinter = %d\n", c_setprinter));
+ 
+	return (uint32)c_setprinter;
+}
+
+/****************************************************************************
+ Get builtin form struct list.
+****************************************************************************/
+
+int get_builtin_ntforms(nt_forms_struct **list)
+{
+	*list = (nt_forms_struct *)memdup(&default_forms[0], sizeof(default_forms));
+	return sizeof(default_forms) / sizeof(default_forms[0]);
+}
+
+/****************************************************************************
+ get a builtin form struct
+****************************************************************************/
+
+BOOL get_a_builtin_ntform(UNISTR2 *uni_formname,nt_forms_struct *form)
+{
+	int i,count;
+	fstring form_name;
+	unistr2_to_ascii(form_name, uni_formname, sizeof(form_name)-1);
+	DEBUGADD(6,("Looking for builtin form %s \n", form_name));
+	count = sizeof(default_forms) / sizeof(default_forms[0]);
+	for (i=0;i<count;i++) {
+		if (strequal(form_name,default_forms[i].name)) {
+			DEBUGADD(6,("Found builtin form %s \n", form_name));
+			memcpy(form,&default_forms[i],sizeof(*form));
+			break;
+		}
+	}
+
+	return (i !=count);
+}
+
+/****************************************************************************
+get a form struct list
+****************************************************************************/
+int get_ntforms(nt_forms_struct **list)
+{
+	TDB_DATA kbuf, newkey, dbuf;
+	nt_forms_struct *tl;
+	nt_forms_struct form;
+	int ret;
+	int i;
+	int n = 0;
+
+	for (kbuf = tdb_firstkey(tdb_forms);
+	     kbuf.dptr;
+	     newkey = tdb_nextkey(tdb_forms, kbuf), safe_free(kbuf.dptr), kbuf=newkey) {
+		if (strncmp(kbuf.dptr, FORMS_PREFIX, strlen(FORMS_PREFIX)) != 0) continue;
+		
+		dbuf = tdb_fetch(tdb_forms, kbuf);
+		if (!dbuf.dptr) continue;
+
+		fstrcpy(form.name, kbuf.dptr+strlen(FORMS_PREFIX));
+		ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "dddddddd",
+				 &i, &form.flag, &form.width, &form.length, &form.left,
+				 &form.top, &form.right, &form.bottom);
+		SAFE_FREE(dbuf.dptr);
+		if (ret != dbuf.dsize) continue;
+
+		tl = Realloc(*list, sizeof(nt_forms_struct)*(n+1));
+		if (!tl) {
+			DEBUG(0,("get_ntforms: Realloc fail.\n"));
+			return 0;
+		}
+        *list = tl;
+		(*list)[n] = form;
+		n++;
+	}
+	
+
+	return n;
+}
+
+/****************************************************************************
+write a form struct list
+****************************************************************************/
+int write_ntforms(nt_forms_struct **list, int number)
+{
+	pstring buf, key;
+	int len;
+	TDB_DATA kbuf,dbuf;
+	int i;
+
+	for (i=0;i<number;i++) {
+		/* save index, so list is rebuilt in correct order */
+		len = tdb_pack(buf, sizeof(buf), "dddddddd",
+			       i, (*list)[i].flag, (*list)[i].width, (*list)[i].length,
+			       (*list)[i].left, (*list)[i].top, (*list)[i].right,
+			       (*list)[i].bottom);
+		if (len > sizeof(buf)) break;
+		slprintf(key, sizeof(key)-1, "%s%s", FORMS_PREFIX, (*list)[i].name);
+		kbuf.dsize = strlen(key)+1;
+		kbuf.dptr = key;
+		dbuf.dsize = len;
+		dbuf.dptr = buf;
+		if (tdb_store(tdb_forms, kbuf, dbuf, TDB_REPLACE) != 0) break;
+       }
+
+       return i;
+}
+
+/****************************************************************************
+add a form struct at the end of the list
+****************************************************************************/
+BOOL add_a_form(nt_forms_struct **list, const FORM *form, int *count)
+{
+	int n=0;
+	BOOL update;
+	fstring form_name;
+	nt_forms_struct *tl;
+
+	/*
+	 * NT tries to add forms even when
+	 * they are already in the base
+	 * only update the values if already present
+	 */
+
+	update=False;
+	
+	unistr2_to_ascii(form_name, &form->name, sizeof(form_name)-1);
+	for (n=0; n<*count; n++) {
+		if (!strncmp((*list)[n].name, form_name, strlen(form_name))) {
+			DEBUG(103, ("NT workaround, [%s] already exists\n", form_name));
+			update=True;
+			break;
+		}
+	}
+
+	if (update==False) {
+		if((tl=Realloc(*list, (n+1)*sizeof(nt_forms_struct))) == NULL) {
+			DEBUG(0,("add_a_form: failed to enlarge forms list!\n"));
+			return False;
+		}
+		*list = tl;
+		unistr2_to_ascii((*list)[n].name, &form->name, sizeof((*list)[n].name)-1);
+		(*count)++;
+	}
+	
+	(*list)[n].flag=form->flags;
+	(*list)[n].width=form->size_x;
+	(*list)[n].length=form->size_y;
+	(*list)[n].left=form->left;
+	(*list)[n].top=form->top;
+	(*list)[n].right=form->right;
+	(*list)[n].bottom=form->bottom;
+
+	return True;
+}
+
+/****************************************************************************
+ delete a named form struct
+****************************************************************************/
+BOOL delete_a_form(nt_forms_struct **list, UNISTR2 *del_name, int *count, WERROR *ret)
+{
+	pstring key;
+	TDB_DATA kbuf;
+	int n=0;
+	fstring form_name;
+
+	*ret = WERR_OK;
+
+	unistr2_to_ascii(form_name, del_name, sizeof(form_name)-1);
+
+	for (n=0; n<*count; n++) {
+		if (!strncmp((*list)[n].name, form_name, strlen(form_name))) {
+			DEBUG(103, ("delete_a_form, [%s] in list\n", form_name));
+			break;
+		}
+	}
+
+	if (n == *count) {
+		DEBUG(10,("delete_a_form, [%s] not found\n", form_name));
+		*ret = WERR_INVALID_PARAM;
+		return False;
+	}
+
+	slprintf(key, sizeof(key)-1, "%s%s", FORMS_PREFIX, (*list)[n].name);
+	kbuf.dsize = strlen(key)+1;
+	kbuf.dptr = key;
+	if (tdb_delete(tdb_forms, kbuf) != 0) {
+		*ret = WERR_NOMEM;
+		return False;
+	}
+
+	return True;
+}
+
+/****************************************************************************
+update a form struct
+****************************************************************************/
+void update_a_form(nt_forms_struct **list, const FORM *form, int count)
+{
+	int n=0;
+	fstring form_name;
+	unistr2_to_ascii(form_name, &(form->name), sizeof(form_name)-1);
+
+	DEBUG(106, ("[%s]\n", form_name));
+	for (n=0; n<count; n++)
+	{
+		DEBUGADD(106, ("n [%d]:[%s]\n", n, (*list)[n].name));
+		if (!strncmp((*list)[n].name, form_name, strlen(form_name)))
+			break;
+	}
+
+	if (n==count) return;
+
+	(*list)[n].flag=form->flags;
+	(*list)[n].width=form->size_x;
+	(*list)[n].length=form->size_y;
+	(*list)[n].left=form->left;
+	(*list)[n].top=form->top;
+	(*list)[n].right=form->right;
+	(*list)[n].bottom=form->bottom;
+}
+
+/****************************************************************************
+get the nt drivers list
+
+traverse the database and look-up the matching names
+****************************************************************************/
+int get_ntdrivers(fstring **list, char *architecture, uint32 version)
+{
+	int total=0;
+	fstring short_archi;
+	fstring *fl;
+	pstring key;
+	TDB_DATA kbuf, newkey;
+
+	get_short_archi(short_archi, architecture);
+	slprintf(key, sizeof(key)-1, "%s%s/%d/", DRIVERS_PREFIX, short_archi, version);
+
+	for (kbuf = tdb_firstkey(tdb_drivers);
+	     kbuf.dptr;
+	     newkey = tdb_nextkey(tdb_drivers, kbuf), safe_free(kbuf.dptr), kbuf=newkey) {
+		if (strncmp(kbuf.dptr, key, strlen(key)) != 0) continue;
+		
+		if((fl = Realloc(*list, sizeof(fstring)*(total+1))) == NULL) {
+			DEBUG(0,("get_ntdrivers: failed to enlarge list!\n"));
+			return -1;
+		}
+		else *list = fl;
+
+		fstrcpy((*list)[total], kbuf.dptr+strlen(key));
+		total++;
+	}
+
+	return(total);
+}
+
+/****************************************************************************
+function to do the mapping between the long architecture name and
+the short one.
+****************************************************************************/
+BOOL get_short_archi(char *short_archi, char *long_archi)
+{
+	struct table {
+		char *long_archi;
+		char *short_archi;
+	};
+	
+	struct table archi_table[]=
+	{
+		{"Windows 4.0",          "WIN40"    },
+		{"Windows NT x86",       "W32X86"   },
+		{"Windows NT R4000",     "W32MIPS"  },
+		{"Windows NT Alpha_AXP", "W32ALPHA" },
+		{"Windows NT PowerPC",   "W32PPC"   },
+		{NULL,                   ""         }
+	};
+	
+	int i=-1;
+
+	DEBUG(107,("Getting architecture dependant directory\n"));
+	do {
+		i++;
+	} while ( (archi_table[i].long_archi!=NULL ) &&
+	          StrCaseCmp(long_archi, archi_table[i].long_archi) );
+
+	if (archi_table[i].long_archi==NULL) {
+		DEBUGADD(107,("Unknown architecture [%s] !\n", long_archi));
+		return False;
+	}
+
+	StrnCpy (short_archi, archi_table[i].short_archi, strlen(archi_table[i].short_archi));
+
+	DEBUGADD(108,("index: [%d]\n", i));
+	DEBUGADD(108,("long architecture: [%s]\n", long_archi));
+	DEBUGADD(108,("short architecture: [%s]\n", short_archi));
+	
+	return True;
+}
+
+/****************************************************************************
+ Version information in Microsoft files is held in a VS_VERSION_INFO structure.
+ There are two case to be covered here: PE (Portable Executable) and NE (New
+ Executable) files. Both files support the same INFO structure, but PE files
+ store the signature in unicode, and NE files store it as !unicode.
+ returns -1 on error, 1 on version info found, and 0 on no version info found.
+****************************************************************************/
+
+static int get_file_version(files_struct *fsp, char *fname,uint32 *major, uint32 *minor)
+{
+	int     i;
+	char    *buf;
+	ssize_t byte_count;
+
+	if ((buf=malloc(PE_HEADER_SIZE)) == NULL) {
+		DEBUG(0,("get_file_version: PE file [%s] PE Header malloc failed bytes = %d\n",
+				fname, PE_HEADER_SIZE));
+		goto error_exit;
+	}
+
+	/* Note: DOS_HEADER_SIZE < malloc'ed PE_HEADER_SIZE */
+	if ((byte_count = vfs_read_data(fsp, buf, DOS_HEADER_SIZE)) < DOS_HEADER_SIZE) {
+		DEBUG(3,("get_file_version: File [%s] DOS header too short, bytes read = %d\n",
+				fname, byte_count));
+		goto no_version_info;
+	}
+
+	/* Is this really a DOS header? */
+	if (SVAL(buf,DOS_HEADER_MAGIC_OFFSET) != DOS_HEADER_MAGIC) {
+		DEBUG(6,("get_file_version: File [%s] bad DOS magic = 0x%x\n",
+				fname, SVAL(buf,DOS_HEADER_MAGIC_OFFSET)));
+		goto no_version_info;
+	}
+
+	/* Skip OEM header (if any) and the DOS stub to start of Windows header */
+	if (fsp->conn->vfs_ops.lseek(fsp, fsp->fd, SVAL(buf,DOS_HEADER_LFANEW_OFFSET), SEEK_SET) == (SMB_OFF_T)-1) {
+		DEBUG(3,("get_file_version: File [%s] too short, errno = %d\n",
+				fname, errno));
+		/* Assume this isn't an error... the file just looks sort of like a PE/NE file */
+		goto no_version_info;
+	}
+
+	if ((byte_count = vfs_read_data(fsp, buf, PE_HEADER_SIZE)) < PE_HEADER_SIZE) {
+		DEBUG(3,("get_file_version: File [%s] Windows header too short, bytes read = %d\n",
+				fname, byte_count));
+		/* Assume this isn't an error... the file just looks sort of like a PE/NE file */
+		goto no_version_info;
+	}
+
+	/* The header may be a PE (Portable Executable) or an NE (New Executable) */
+	if (IVAL(buf,PE_HEADER_SIGNATURE_OFFSET) == PE_HEADER_SIGNATURE) {
+		int num_sections;
+		int section_table_bytes;
+		
+		if (SVAL(buf,PE_HEADER_MACHINE_OFFSET) != PE_HEADER_MACHINE_I386) {
+			DEBUG(3,("get_file_version: PE file [%s] wrong machine = 0x%x\n",
+					fname, SVAL(buf,PE_HEADER_MACHINE_OFFSET)));
+			/* At this point, we assume the file is in error. It still could be somthing
+			 * else besides a PE file, but it unlikely at this point.
+			 */
+			goto error_exit;
+		}
+
+		/* get the section table */
+		num_sections        = SVAL(buf,PE_HEADER_NUMBER_OF_SECTIONS);
+		section_table_bytes = num_sections * PE_HEADER_SECT_HEADER_SIZE;
+		SAFE_FREE(buf);
+		if ((buf=malloc(section_table_bytes)) == NULL) {
+			DEBUG(0,("get_file_version: PE file [%s] section table malloc failed bytes = %d\n",
+					fname, section_table_bytes));
+			goto error_exit;
+		}
+
+		if ((byte_count = vfs_read_data(fsp, buf, section_table_bytes)) < section_table_bytes) {
+			DEBUG(3,("get_file_version: PE file [%s] Section header too short, bytes read = %d\n",
+					fname, byte_count));
+			goto error_exit;
+		}
+
+		/* Iterate the section table looking for the resource section ".rsrc" */
+		for (i = 0; i < num_sections; i++) {
+			int sec_offset = i * PE_HEADER_SECT_HEADER_SIZE;
+
+			if (strcmp(".rsrc", &buf[sec_offset+PE_HEADER_SECT_NAME_OFFSET]) == 0) {
+				int section_pos   = IVAL(buf,sec_offset+PE_HEADER_SECT_PTR_DATA_OFFSET);
+				int section_bytes = IVAL(buf,sec_offset+PE_HEADER_SECT_SIZE_DATA_OFFSET);
+
+				SAFE_FREE(buf);
+				if ((buf=malloc(section_bytes)) == NULL) {
+					DEBUG(0,("get_file_version: PE file [%s] version malloc failed bytes = %d\n",
+							fname, section_bytes));
+					goto error_exit;
+				}
+
+				/* Seek to the start of the .rsrc section info */
+				if (fsp->conn->vfs_ops.lseek(fsp, fsp->fd, section_pos, SEEK_SET) == (SMB_OFF_T)-1) {
+					DEBUG(3,("get_file_version: PE file [%s] too short for section info, errno = %d\n",
+							fname, errno));
+					goto error_exit;
+				}
+
+				if ((byte_count = vfs_read_data(fsp, buf, section_bytes)) < section_bytes) {
+					DEBUG(3,("get_file_version: PE file [%s] .rsrc section too short, bytes read = %d\n",
+							fname, byte_count));
+					goto error_exit;
+				}
+
+				for (i=0; i<section_bytes-VS_VERSION_INFO_UNICODE_SIZE; i++) {
+					/* Scan for 1st 3 unicoded bytes followed by word aligned magic value */
+					if (buf[i] == 'V' && buf[i+1] == '\0' && buf[i+2] == 'S') {
+						/* Align to next long address */
+						int pos = (i + sizeof(VS_SIGNATURE)*2 + 3) & 0xfffffffc;
+
+						if (IVAL(buf,pos) == VS_MAGIC_VALUE) {
+							*major = IVAL(buf,pos+VS_MAJOR_OFFSET);
+							*minor = IVAL(buf,pos+VS_MINOR_OFFSET);
+							
+							DEBUG(6,("get_file_version: PE file [%s] Version = %08x:%08x (%d.%d.%d.%d)\n",
+									  fname, *major, *minor,
+									  (*major>>16)&0xffff, *major&0xffff,
+									  (*minor>>16)&0xffff, *minor&0xffff));
+							SAFE_FREE(buf);
+							return 1;
+						}
+					}
+				}
+			}
+		}
+
+		/* Version info not found, fall back to origin date/time */
+		DEBUG(10,("get_file_version: PE file [%s] has no version info\n", fname));
+		SAFE_FREE(buf);
+		return 0;
+
+	} else if (SVAL(buf,NE_HEADER_SIGNATURE_OFFSET) == NE_HEADER_SIGNATURE) {
+		if (CVAL(buf,NE_HEADER_TARGET_OS_OFFSET) != NE_HEADER_TARGOS_WIN ) {
+			DEBUG(3,("get_file_version: NE file [%s] wrong target OS = 0x%x\n",
+					fname, CVAL(buf,NE_HEADER_TARGET_OS_OFFSET)));
+			/* At this point, we assume the file is in error. It still could be somthing
+			 * else besides a NE file, but it unlikely at this point. */
+			goto error_exit;
+		}
+
+		/* Allocate a bit more space to speed up things */
+		SAFE_FREE(buf);
+		if ((buf=malloc(VS_NE_BUF_SIZE)) == NULL) {
+			DEBUG(0,("get_file_version: NE file [%s] malloc failed bytes  = %d\n",
+					fname, PE_HEADER_SIZE));
+			goto error_exit;
+		}
+
+		/* This is a HACK! I got tired of trying to sort through the messy
+		 * 'NE' file format. If anyone wants to clean this up please have at
+		 * it, but this works. 'NE' files will eventually fade away. JRR */
+		while((byte_count = vfs_read_data(fsp, buf, VS_NE_BUF_SIZE)) > 0) {
+			/* Cover case that should not occur in a well formed 'NE' .dll file */
+			if (byte_count-VS_VERSION_INFO_SIZE <= 0) break;
+
+			for(i=0; i<byte_count; i++) {
+				/* Fast skip past data that can't possibly match */
+				if (buf[i] != 'V') continue;
+
+				/* Potential match data crosses buf boundry, move it to beginning
+				 * of buf, and fill the buf with as much as it will hold. */
+				if (i>byte_count-VS_VERSION_INFO_SIZE) {
+					int bc;
+
+					memcpy(buf, &buf[i], byte_count-i);
+					if ((bc = vfs_read_data(fsp, &buf[byte_count-i], VS_NE_BUF_SIZE-
+								   (byte_count-i))) < 0) {
+
+						DEBUG(0,("get_file_version: NE file [%s] Read error, errno=%d\n",
+								 fname, errno));
+						goto error_exit;
+					}
+
+					byte_count = bc + (byte_count - i);
+					if (byte_count<VS_VERSION_INFO_SIZE) break;
+
+					i = 0;
+				}
+
+				/* Check that the full signature string and the magic number that
+				 * follows exist (not a perfect solution, but the chances that this
+				 * occurs in code is, well, remote. Yes I know I'm comparing the 'V'
+				 * twice, as it is simpler to read the code. */
+				if (strcmp(&buf[i], VS_SIGNATURE) == 0) {
+					/* Compute skip alignment to next long address */
+					int skip = -(fsp->conn->vfs_ops.lseek(fsp, fsp->fd, 0, SEEK_CUR) - (byte_count - i) +
+								 sizeof(VS_SIGNATURE)) & 3;
+					if (IVAL(buf,i+sizeof(VS_SIGNATURE)+skip) != 0xfeef04bd) continue;
+
+					*major = IVAL(buf,i+sizeof(VS_SIGNATURE)+skip+VS_MAJOR_OFFSET);
+					*minor = IVAL(buf,i+sizeof(VS_SIGNATURE)+skip+VS_MINOR_OFFSET);
+					DEBUG(6,("get_file_version: NE file [%s] Version = %08x:%08x (%d.%d.%d.%d)\n",
+							  fname, *major, *minor,
+							  (*major>>16)&0xffff, *major&0xffff,
+							  (*minor>>16)&0xffff, *minor&0xffff));
+					SAFE_FREE(buf);
+					return 1;
+				}
+			}
+		}
+
+		/* Version info not found, fall back to origin date/time */
+		DEBUG(0,("get_file_version: NE file [%s] Version info not found\n", fname));
+		SAFE_FREE(buf);
+		return 0;
+
+	} else
+		/* Assume this isn't an error... the file just looks sort of like a PE/NE file */
+		DEBUG(3,("get_file_version: File [%s] unknown file format, signature = 0x%x\n",
+				fname, IVAL(buf,PE_HEADER_SIGNATURE_OFFSET)));
+
+	no_version_info:
+		SAFE_FREE(buf);
+		return 0;
+
+	error_exit:
+		SAFE_FREE(buf);
+		return -1;
+}
+
+/****************************************************************************
+Drivers for Microsoft systems contain multiple files. Often, multiple drivers
+share one or more files. During the MS installation process files are checked
+to insure that only a newer version of a shared file is installed over an
+older version. There are several possibilities for this comparison. If there
+is no previous version, the new one is newer (obviously). If either file is
+missing the version info structure, compare the creation date (on Unix use
+the modification date). Otherwise chose the numerically larger version number.
+****************************************************************************/
+static int file_version_is_newer(connection_struct *conn, fstring new_file,
+								fstring old_file)
+{
+	BOOL   use_version = True;
+	pstring filepath;
+
+	uint32 new_major;
+	uint32 new_minor;
+	time_t new_create_time;
+
+	uint32 old_major;
+	uint32 old_minor;
+	time_t old_create_time;
+
+	int access_mode;
+	int action;
+	files_struct    *fsp = NULL;
+	SMB_STRUCT_STAT st;
+	SMB_STRUCT_STAT stat_buf;
+	BOOL bad_path;
+
+	ZERO_STRUCT(st);
+	ZERO_STRUCT(stat_buf);
+	new_create_time = (time_t)0;
+	old_create_time = (time_t)0;
+
+	/* Get file version info (if available) for previous file (if it exists) */
+	pstrcpy(filepath, old_file);
+
+	unix_convert(filepath,conn,NULL,&bad_path,&stat_buf);
+
+	fsp = open_file_shared(conn, filepath, &stat_buf,
+						   SET_OPEN_MODE(DOS_OPEN_RDONLY),
+						   (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN),
+						   0, 0, &access_mode, &action);
+	if (!fsp) {
+		/* Old file not found, so by definition new file is in fact newer */
+		DEBUG(10,("file_version_is_newer: Can't open old file [%s], errno = %d\n",
+				filepath, errno));
+		return True;
+
+	} else {
+		int ret = get_file_version(fsp, old_file, &old_major, &old_minor);
+		if (ret == -1) goto error_exit;
+
+		if (!ret) {
+			DEBUG(6,("file_version_is_newer: Version info not found [%s], use mod time\n",
+					 old_file));
+			use_version = False;
+			if (fsp->conn->vfs_ops.fstat(fsp, fsp->fd, &st) == -1) goto error_exit;
+			old_create_time = st.st_mtime;
+			DEBUGADD(6,("file_version_is_newer: mod time = %ld sec\n", old_create_time));
+		}
+	}
+	close_file(fsp, True);
+
+	/* Get file version info (if available) for new file */
+	pstrcpy(filepath, new_file);
+	unix_convert(filepath,conn,NULL,&bad_path,&stat_buf);
+
+	fsp = open_file_shared(conn, filepath, &stat_buf,
+						   SET_OPEN_MODE(DOS_OPEN_RDONLY),
+						   (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN),
+						   0, 0, &access_mode, &action);
+	if (!fsp) {
+		/* New file not found, this shouldn't occur if the caller did its job */
+		DEBUG(3,("file_version_is_newer: Can't open new file [%s], errno = %d\n",
+				filepath, errno));
+		goto error_exit;
+
+	} else {
+		int ret = get_file_version(fsp, new_file, &new_major, &new_minor);
+		if (ret == -1) goto error_exit;
+
+		if (!ret) {
+			DEBUG(6,("file_version_is_newer: Version info not found [%s], use mod time\n",
+					 new_file));
+			use_version = False;
+			if (fsp->conn->vfs_ops.fstat(fsp, fsp->fd, &st) == -1) goto error_exit;
+			new_create_time = st.st_mtime;
+			DEBUGADD(6,("file_version_is_newer: mod time = %ld sec\n", new_create_time));
+		}
+	}
+	close_file(fsp, True);
+
+	if (use_version) {
+		/* Compare versions and choose the larger version number */
+		if (new_major > old_major ||
+			(new_major == old_major && new_minor > old_minor)) {
+			
+			DEBUG(6,("file_version_is_newer: Replacing [%s] with [%s]\n", old_file, new_file));
+			return True;
+		}
+		else {
+			DEBUG(6,("file_version_is_newer: Leaving [%s] unchanged\n", old_file));
+			return False;
+		}
+
+	} else {
+		/* Compare modification time/dates and choose the newest time/date */
+		if (new_create_time > old_create_time) {
+			DEBUG(6,("file_version_is_newer: Replacing [%s] with [%s]\n", old_file, new_file));
+			return True;
+		}
+		else {
+			DEBUG(6,("file_version_is_newer: Leaving [%s] unchanged\n", old_file));
+			return False;
+		}
+	}
+
+	error_exit:
+		if(fsp)
+			close_file(fsp, True);
+		return -1;
+}
+
+/****************************************************************************
+Determine the correct cVersion associated with an architecture and driver
+****************************************************************************/
+static uint32 get_correct_cversion(fstring architecture, fstring driverpath_in,
+				   struct current_user *user, WERROR *perr)
+{
+	int               cversion;
+	int               access_mode;
+	int               action;
+	NTSTATUS          nt_status;
+ 	pstring           driverpath;
+	DATA_BLOB         null_pw;
+	files_struct      *fsp = NULL;
+	BOOL              bad_path;
+	SMB_STRUCT_STAT   st;
+	connection_struct *conn;
+
+	ZERO_STRUCT(st);
+
+	*perr = WERR_INVALID_PARAM;
+
+	/* If architecture is Windows 95/98/ME, the version is always 0. */
+	if (strcmp(architecture, "WIN40") == 0) {
+		DEBUG(10,("get_correct_cversion: Driver is Win9x, cversion = 0\n"));
+		*perr = WERR_OK;
+		return 0;
+	}
+
+	/*
+	 * Connect to the print$ share under the same account as the user connected
+	 * to the rpc pipe. Note we must still be root to do this.
+	 */
+
+	/* Null password is ok - we are already an authenticated user... */
+	null_pw = data_blob(NULL, 0);
+ 	become_root();
+	conn = make_connection("print$", null_pw, "A:", user->vuid, &nt_status);
+	unbecome_root();
+
+	if (conn == NULL) {
+		DEBUG(0,("get_correct_cversion: Unable to connect\n"));
+		*perr = ntstatus_to_werror(nt_status);
+		return -1;
+	}
+
+	/* We are temporarily becoming the connection user. */
+	if (!become_user(conn, conn->vuid)) {
+		DEBUG(0,("get_correct_cversion: Can't become user!\n"));
+		*perr = WERR_ACCESS_DENIED;
+		return -1;
+	}
+
+	/* Open the driver file (Portable Executable format) and determine the
+	 * deriver the cversion. */
+	slprintf(driverpath, sizeof(driverpath)-1, "%s/%s", architecture, driverpath_in);
+
+	unix_convert(driverpath,conn,NULL,&bad_path,&st);
+
+	fsp = open_file_shared(conn, driverpath, &st,
+						   SET_OPEN_MODE(DOS_OPEN_RDONLY),
+						   (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN),
+						   0, 0, &access_mode, &action);
+	if (!fsp) {
+		DEBUG(3,("get_correct_cversion: Can't open file [%s], errno = %d\n",
+				driverpath, errno));
+		*perr = WERR_ACCESS_DENIED;
+		goto error_exit;
+	}
+	else {
+		uint32 major;
+		uint32 minor;
+		int    ret = get_file_version(fsp, driverpath, &major, &minor);
+		if (ret == -1) goto error_exit;
+
+		if (!ret) {
+			DEBUG(6,("get_correct_cversion: Version info not found [%s]\n", driverpath));
+			goto error_exit;
+		}
+
+		/*
+		 * This is a Microsoft'ism. See references in MSDN to VER_FILEVERSION
+		 * for more details. Version in this case is not just the version of the 
+		 * file, but the version in the sense of kernal mode (2) vs. user mode
+		 * (3) drivers. Other bits of the version fields are the version info. 
+		 * JRR 010716
+		*/
+		cversion = major & 0x0000ffff;
+		switch (cversion) {
+			case 2: /* WinNT drivers */
+			case 3: /* Win2K drivers */
+				break;
+			
+			default:
+				DEBUG(6,("get_correct_cversion: cversion invalid [%s]  cversion = %d\n", 
+					driverpath, cversion));
+				goto error_exit;
+		}
+
+		DEBUG(10,("get_correct_cversion: Version info found [%s]  major = 0x%x  minor = 0x%x\n",
+				  driverpath, major, minor));
+	}
+
+    DEBUG(10,("get_correct_cversion: Driver file [%s] cversion = %d\n",
+			driverpath, cversion));
+
+	close_file(fsp, True);
+	close_cnum(conn, user->vuid);
+	unbecome_user();
+	*perr = WERR_OK;
+	return cversion;
+
+
+  error_exit:
+
+	if(fsp)
+		close_file(fsp, True);
+
+	close_cnum(conn, user->vuid);
+	unbecome_user();
+	return -1;
+}
+
+/****************************************************************************
+****************************************************************************/
+static WERROR clean_up_driver_struct_level_3(NT_PRINTER_DRIVER_INFO_LEVEL_3 *driver,
+											 struct current_user *user)
+{
+	fstring architecture;
+	fstring new_name;
+	char *p;
+	int i;
+	WERROR err;
+
+	/* clean up the driver name.
+	 * we can get .\driver.dll
+	 * or worse c:\windows\system\driver.dll !
+	 */
+	/* using an intermediate string to not have overlaping memcpy()'s */
+	if ((p = strrchr(driver->driverpath,'\\')) != NULL) {
+		fstrcpy(new_name, p+1);
+		fstrcpy(driver->driverpath, new_name);
+	}
+
+	if ((p = strrchr(driver->datafile,'\\')) != NULL) {
+		fstrcpy(new_name, p+1);
+		fstrcpy(driver->datafile, new_name);
+	}
+
+	if ((p = strrchr(driver->configfile,'\\')) != NULL) {
+		fstrcpy(new_name, p+1);
+		fstrcpy(driver->configfile, new_name);
+	}
+
+	if ((p = strrchr(driver->helpfile,'\\')) != NULL) {
+		fstrcpy(new_name, p+1);
+		fstrcpy(driver->helpfile, new_name);
+	}
+
+	if (driver->dependentfiles) {
+		for (i=0; *driver->dependentfiles[i]; i++) {
+			if ((p = strrchr(driver->dependentfiles[i],'\\')) != NULL) {
+				fstrcpy(new_name, p+1);
+				fstrcpy(driver->dependentfiles[i], new_name);
+			}
+		}
+	}
+
+	get_short_archi(architecture, driver->environment);
+	
+	/* jfm:7/16/2000 the client always sends the cversion=0.
+	 * The server should check which version the driver is by reading
+	 * the PE header of driver->driverpath.
+	 *
+	 * For Windows 95/98 the version is 0 (so the value sent is correct)
+	 * For Windows NT (the architecture doesn't matter)
+	 *	NT 3.1: cversion=0
+	 *	NT 3.5/3.51: cversion=1
+	 *	NT 4: cversion=2
+	 *	NT2K: cversion=3
+	 */
+	if ((driver->cversion = get_correct_cversion( architecture,
+									driver->driverpath, user, &err)) == -1)
+		return err;
+
+	return WERR_OK;
+}
+	
+/****************************************************************************
+****************************************************************************/
+static WERROR clean_up_driver_struct_level_6(NT_PRINTER_DRIVER_INFO_LEVEL_6 *driver,
+											 struct current_user *user)
+{
+	fstring architecture;
+	fstring new_name;
+	char *p;
+	int i;
+	WERROR err;
+
+	/* clean up the driver name.
+	 * we can get .\driver.dll
+	 * or worse c:\windows\system\driver.dll !
+	 */
+	/* using an intermediate string to not have overlaping memcpy()'s */
+	if ((p = strrchr(driver->driverpath,'\\')) != NULL) {
+		fstrcpy(new_name, p+1);
+		fstrcpy(driver->driverpath, new_name);
+	}
+
+	if ((p = strrchr(driver->datafile,'\\')) != NULL) {
+		fstrcpy(new_name, p+1);
+		fstrcpy(driver->datafile, new_name);
+	}
+
+	if ((p = strrchr(driver->configfile,'\\')) != NULL) {
+		fstrcpy(new_name, p+1);
+		fstrcpy(driver->configfile, new_name);
+	}
+
+	if ((p = strrchr(driver->helpfile,'\\')) != NULL) {
+		fstrcpy(new_name, p+1);
+		fstrcpy(driver->helpfile, new_name);
+	}
+
+	if (driver->dependentfiles) {
+		for (i=0; *driver->dependentfiles[i]; i++) {
+			if ((p = strrchr(driver->dependentfiles[i],'\\')) != NULL) {
+				fstrcpy(new_name, p+1);
+				fstrcpy(driver->dependentfiles[i], new_name);
+			}
+		}
+	}
+
+	get_short_archi(architecture, driver->environment);
+
+	/* jfm:7/16/2000 the client always sends the cversion=0.
+	 * The server should check which version the driver is by reading
+	 * the PE header of driver->driverpath.
+	 *
+	 * For Windows 95/98 the version is 0 (so the value sent is correct)
+	 * For Windows NT (the architecture doesn't matter)
+	 *	NT 3.1: cversion=0
+	 *	NT 3.5/3.51: cversion=1
+	 *	NT 4: cversion=2
+	 *	NT2K: cversion=3
+	 */
+	if ((driver->version = get_correct_cversion(architecture,
+									driver->driverpath, user, &err)) == -1)
+		return err;
+
+	return WERR_OK;
+}
+
+/****************************************************************************
+****************************************************************************/
+WERROR clean_up_driver_struct(NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract,
+							  uint32 level, struct current_user *user)
+{
+	switch (level) {
+		case 3:
+		{
+			NT_PRINTER_DRIVER_INFO_LEVEL_3 *driver;
+			driver=driver_abstract.info_3;
+			return clean_up_driver_struct_level_3(driver, user);
+		}
+		case 6:
+		{
+			NT_PRINTER_DRIVER_INFO_LEVEL_6 *driver;
+			driver=driver_abstract.info_6;
+			return clean_up_driver_struct_level_6(driver, user);
+		}
+		default:
+			return WERR_INVALID_PARAM;
+	}
+}
+
+/****************************************************************************
+ This function sucks and should be replaced. JRA.
+****************************************************************************/
+
+static void convert_level_6_to_level3(NT_PRINTER_DRIVER_INFO_LEVEL_3 *dst, NT_PRINTER_DRIVER_INFO_LEVEL_6 *src)
+{
+    dst->cversion  = src->version;
+
+    fstrcpy( dst->name, src->name);
+    fstrcpy( dst->environment, src->environment);
+    fstrcpy( dst->driverpath, src->driverpath);
+    fstrcpy( dst->datafile, src->datafile);
+    fstrcpy( dst->configfile, src->configfile);
+    fstrcpy( dst->helpfile, src->helpfile);
+    fstrcpy( dst->monitorname, src->monitorname);
+    fstrcpy( dst->defaultdatatype, src->defaultdatatype);
+    dst->dependentfiles = src->dependentfiles;
+}
+
+#if 0 /* Debugging function */
+
+static char* ffmt(unsigned char *c){
+	int i;
+	static char ffmt_str[17];
+
+	for (i=0; i<16; i++) {
+		if ((c[i] < ' ') || (c[i] > '~'))
+			ffmt_str[i]='.';
+		else
+			ffmt_str[i]=c[i];
+	}
+    ffmt_str[16]='\0';
+	return ffmt_str;
+}
+
+#endif
+
+/****************************************************************************
+****************************************************************************/
+BOOL move_driver_to_download_area(NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract, uint32 level, 
+				  struct current_user *user, WERROR *perr)
+{
+	NT_PRINTER_DRIVER_INFO_LEVEL_3 *driver;
+	NT_PRINTER_DRIVER_INFO_LEVEL_3 converted_driver;
+	fstring architecture;
+	pstring new_dir;
+	pstring old_name;
+	pstring new_name;
+	DATA_BLOB null_pw;
+	connection_struct *conn;
+	NTSTATUS nt_status;
+	pstring inbuf;
+	pstring outbuf;
+	int ver = 0;
+	int i;
+
+	memset(inbuf, '\0', sizeof(inbuf));
+	memset(outbuf, '\0', sizeof(outbuf));
+	*perr = WERR_OK;
+
+	if (level==3)
+		driver=driver_abstract.info_3;
+	else if (level==6) {
+		convert_level_6_to_level3(&converted_driver, driver_abstract.info_6);
+		driver = &converted_driver;
+	} else {
+		DEBUG(0,("move_driver_to_download_area: Unknown info level (%u)\n", (unsigned int)level ));
+		return False;
+	}
+
+	get_short_archi(architecture, driver->environment);
+
+	/*
+	 * Connect to the print$ share under the same account as the user connected to the rpc pipe.
+	 * Note we must be root to do this.
+	 */
+
+	become_root();
+	null_pw = data_blob(NULL, 0);
+	conn = make_connection("print$", null_pw, "A:", user->vuid, &nt_status);
+	unbecome_root();
+
+	if (conn == NULL) {
+		DEBUG(0,("move_driver_to_download_area: Unable to connect\n"));
+		*perr = ntstatus_to_werror(nt_status);
+		return False;
+	}
+
+	/*
+	 * Save who we are - we are temporarily becoming the connection user.
+	 */
+
+	if (!become_user(conn, conn->vuid)) {
+		DEBUG(0,("move_driver_to_download_area: Can't become user!\n"));
+		return False;
+	}
+
+	/*
+	 * make the directories version and version\driver_name
+	 * under the architecture directory.
+	 */
+	DEBUG(5,("Creating first directory\n"));
+	slprintf(new_dir, sizeof(new_dir)-1, "%s/%d", architecture, driver->cversion);
+	mkdir_internal(conn, new_dir);
+
+	/* For each driver file, archi\filexxx.yyy, if there is a duplicate file
+	 * listed for this driver which has already been moved, skip it (note:
+	 * drivers may list the same file name several times. Then check if the
+	 * file already exists in archi\cversion\, if so, check that the version
+	 * info (or time stamps if version info is unavailable) is newer (or the
+	 * date is later). If it is, move it to archi\cversion\filexxx.yyy.
+	 * Otherwise, delete the file.
+	 *
+	 * If a file is not moved to archi\cversion\ because of an error, all the
+	 * rest of the 'unmoved' driver files are removed from archi\. If one or
+	 * more of the driver's files was already moved to archi\cversion\, it
+	 * potentially leaves the driver in a partially updated state. Version
+	 * trauma will most likely occur if an client attempts to use any printer
+	 * bound to the driver. Perhaps a rewrite to make sure the moves can be
+	 * done is appropriate... later JRR
+	 */
+
+	DEBUG(5,("Moving files now !\n"));
+
+	if (driver->driverpath && strlen(driver->driverpath)) {
+		slprintf(new_name, sizeof(new_name)-1, "%s/%s", architecture, driver->driverpath);	
+		slprintf(old_name, sizeof(old_name)-1, "%s/%s", new_dir, driver->driverpath);	
+		if (ver != -1 && (ver=file_version_is_newer(conn, new_name, old_name)) > 0) {
+			NTSTATUS status;
+			status = rename_internals(conn, new_name, old_name, True);
+			if (!NT_STATUS_IS_OK(status)) {
+				DEBUG(0,("move_driver_to_download_area: Unable to rename [%s] to [%s]\n",
+						new_name, old_name));
+				*perr = ntstatus_to_werror(status);
+				unlink_internals(conn, 0, new_name);
+				ver = -1;
+			}
+		}
+		else
+			unlink_internals(conn, 0, new_name);
+	}
+
+	if (driver->datafile && strlen(driver->datafile)) {
+		if (!strequal(driver->datafile, driver->driverpath)) {
+			slprintf(new_name, sizeof(new_name)-1, "%s/%s", architecture, driver->datafile);	
+			slprintf(old_name, sizeof(old_name)-1, "%s/%s", new_dir, driver->datafile);	
+			if (ver != -1 && (ver=file_version_is_newer(conn, new_name, old_name)) > 0) {
+				NTSTATUS status;
+				status = rename_internals(conn, new_name, old_name, True);
+				if (!NT_STATUS_IS_OK(status)) {
+					DEBUG(0,("move_driver_to_download_area: Unable to rename [%s] to [%s]\n",
+							new_name, old_name));
+					*perr = ntstatus_to_werror(status);
+					unlink_internals(conn, 0, new_name);
+					ver = -1;
+				}
+			}
+			else
+				unlink_internals(conn, 0, new_name);
+		}
+	}
+
+	if (driver->configfile && strlen(driver->configfile)) {
+		if (!strequal(driver->configfile, driver->driverpath) &&
+			!strequal(driver->configfile, driver->datafile)) {
+			slprintf(new_name, sizeof(new_name)-1, "%s/%s", architecture, driver->configfile);	
+			slprintf(old_name, sizeof(old_name)-1, "%s/%s", new_dir, driver->configfile);	
+			if (ver != -1 && (ver=file_version_is_newer(conn, new_name, old_name)) > 0) {
+				NTSTATUS status;
+				status = rename_internals(conn, new_name, old_name, True);
+				if (!NT_STATUS_IS_OK(status)) {
+					DEBUG(0,("move_driver_to_download_area: Unable to rename [%s] to [%s]\n",
+							new_name, old_name));
+					*perr = ntstatus_to_werror(status);
+					unlink_internals(conn, 0, new_name);
+					ver = -1;
+				}
+			}
+			else
+				unlink_internals(conn, 0, new_name);
+		}
+	}
+
+	if (driver->helpfile && strlen(driver->helpfile)) {
+		if (!strequal(driver->helpfile, driver->driverpath) &&
+			!strequal(driver->helpfile, driver->datafile) &&
+			!strequal(driver->helpfile, driver->configfile)) {
+			slprintf(new_name, sizeof(new_name)-1, "%s/%s", architecture, driver->helpfile);	
+			slprintf(old_name, sizeof(old_name)-1, "%s/%s", new_dir, driver->helpfile);	
+			if (ver != -1 && (ver=file_version_is_newer(conn, new_name, old_name)) > 0) {
+				NTSTATUS status;
+				status = rename_internals(conn, new_name, old_name, True);
+				if (!NT_STATUS_IS_OK(status)) {
+					DEBUG(0,("move_driver_to_download_area: Unable to rename [%s] to [%s]\n",
+							new_name, old_name));
+					*perr = ntstatus_to_werror(status);
+					unlink_internals(conn, 0, new_name);
+					ver = -1;
+				}
+			}
+			else
+				unlink_internals(conn, 0, new_name);
+		}
+	}
+
+	if (driver->dependentfiles) {
+		for (i=0; *driver->dependentfiles[i]; i++) {
+			if (!strequal(driver->dependentfiles[i], driver->driverpath) &&
+				!strequal(driver->dependentfiles[i], driver->datafile) &&
+				!strequal(driver->dependentfiles[i], driver->configfile) &&
+				!strequal(driver->dependentfiles[i], driver->helpfile)) {
+				int j;
+				for (j=0; j < i; j++) {
+					if (strequal(driver->dependentfiles[i], driver->dependentfiles[j])) {
+						goto NextDriver;
+					}
+				}
+
+				slprintf(new_name, sizeof(new_name)-1, "%s/%s", architecture, driver->dependentfiles[i]);	
+				slprintf(old_name, sizeof(old_name)-1, "%s/%s", new_dir, driver->dependentfiles[i]);	
+				if (ver != -1 && (ver=file_version_is_newer(conn, new_name, old_name)) > 0) {
+					NTSTATUS status;
+					status = rename_internals(conn, new_name, old_name, True);
+					if (!NT_STATUS_IS_OK(status)) {
+						DEBUG(0,("move_driver_to_download_area: Unable to rename [%s] to [%s]\n",
+								new_name, old_name));
+						*perr = ntstatus_to_werror(status);
+						unlink_internals(conn, 0, new_name);
+						ver = -1;
+					}
+				}
+				else
+					unlink_internals(conn, 0, new_name);
+			}
+		NextDriver: ;
+		}
+	}
+
+	close_cnum(conn, user->vuid);
+	unbecome_user();
+
+	return ver == -1 ? False : True;
+}
+
+/****************************************************************************
+****************************************************************************/
+static uint32 add_a_printer_driver_3(NT_PRINTER_DRIVER_INFO_LEVEL_3 *driver)
+{
+	int len, buflen;
+	fstring architecture;
+	pstring directory;
+	pstring temp_name;
+	pstring key;
+	char *buf;
+	int i, ret;
+	TDB_DATA kbuf, dbuf;
+
+	get_short_archi(architecture, driver->environment);
+
+	/* The names are relative. We store them in the form: \print$\arch\version\driver.xxx
+	 * \\server is added in the rpc server layer.
+	 * It does make sense to NOT store the server's name in the printer TDB.
+	 */
+
+	slprintf(directory, sizeof(directory)-1, "\\print$\\%s\\%d\\", architecture, driver->cversion);
+
+	/* .inf files do not always list a file for each of the four standard files. 
+	 * Don't prepend a path to a null filename, or client claims:
+	 *   "The server on which the printer resides does not have a suitable 
+	 *   <printer driver name> printer driver installed. Click OK if you 
+	 *   wish to install the driver on your local machine."
+	 */
+	if (strlen(driver->driverpath)) {
+		fstrcpy(temp_name, driver->driverpath);
+		slprintf(driver->driverpath, sizeof(driver->driverpath)-1, "%s%s", directory, temp_name);
+	}
+
+	if (strlen(driver->datafile)) {
+		fstrcpy(temp_name, driver->datafile);
+		slprintf(driver->datafile, sizeof(driver->datafile)-1, "%s%s", directory, temp_name);
+	}
+
+	if (strlen(driver->configfile)) {
+		fstrcpy(temp_name, driver->configfile);
+		slprintf(driver->configfile, sizeof(driver->configfile)-1, "%s%s", directory, temp_name);
+	}
+
+	if (strlen(driver->helpfile)) {
+		fstrcpy(temp_name, driver->helpfile);
+		slprintf(driver->helpfile, sizeof(driver->helpfile)-1, "%s%s", directory, temp_name);
+	}
+
+	if (driver->dependentfiles) {
+		for (i=0; *driver->dependentfiles[i]; i++) {
+			fstrcpy(temp_name, driver->dependentfiles[i]);
+			slprintf(driver->dependentfiles[i], sizeof(driver->dependentfiles[i])-1, "%s%s", directory, temp_name);
+		}
+	}
+
+	slprintf(key, sizeof(key)-1, "%s%s/%d/%s", DRIVERS_PREFIX, architecture, driver->cversion, driver->name);
+
+	DEBUG(5,("add_a_printer_driver_3: Adding driver with key %s\n", key ));
+
+	buf = NULL;
+	len = buflen = 0;
+
+ again:
+	len = 0;
+	len += tdb_pack(buf+len, buflen-len, "dffffffff",
+			driver->cversion,
+			driver->name,
+			driver->environment,
+			driver->driverpath,
+			driver->datafile,
+			driver->configfile,
+			driver->helpfile,
+			driver->monitorname,
+			driver->defaultdatatype);
+
+	if (driver->dependentfiles) {
+		for (i=0; *driver->dependentfiles[i]; i++) {
+			len += tdb_pack(buf+len, buflen-len, "f",
+					driver->dependentfiles[i]);
+		}
+	}
+
+	if (len != buflen) {
+		char *tb;
+
+		tb = (char *)Realloc(buf, len);
+		if (!tb) {
+			DEBUG(0,("add_a_printer_driver_3: failed to enlarge buffer\n!"));
+			ret = -1;
+			goto done;
+		}
+		else buf = tb;
+		buflen = len;
+		goto again;
+	}
+
+
+	kbuf.dptr = key;
+	kbuf.dsize = strlen(key)+1;
+	dbuf.dptr = buf;
+	dbuf.dsize = len;
+	
+	ret = tdb_store(tdb_drivers, kbuf, dbuf, TDB_REPLACE);
+
+done:
+	if (ret)
+		DEBUG(0,("add_a_printer_driver_3: Adding driver with key %s failed.\n", key ));
+
+	SAFE_FREE(buf);
+	return ret;
+}
+
+/****************************************************************************
+****************************************************************************/
+static uint32 add_a_printer_driver_6(NT_PRINTER_DRIVER_INFO_LEVEL_6 *driver)
+{
+	NT_PRINTER_DRIVER_INFO_LEVEL_3 info3;
+
+	ZERO_STRUCT(info3);
+	info3.cversion = driver->version;
+	fstrcpy(info3.name,driver->name);
+	fstrcpy(info3.environment,driver->environment);
+	fstrcpy(info3.driverpath,driver->driverpath);
+	fstrcpy(info3.datafile,driver->datafile);
+	fstrcpy(info3.configfile,driver->configfile);
+	fstrcpy(info3.helpfile,driver->helpfile);
+	fstrcpy(info3.monitorname,driver->monitorname);
+	fstrcpy(info3.defaultdatatype,driver->defaultdatatype);
+	info3.dependentfiles = driver->dependentfiles;
+
+	return add_a_printer_driver_3(&info3);
+}
+
+
+/****************************************************************************
+****************************************************************************/
+static WERROR get_a_printer_driver_3_default(NT_PRINTER_DRIVER_INFO_LEVEL_3 **info_ptr, fstring in_prt, fstring in_arch)
+{
+	NT_PRINTER_DRIVER_INFO_LEVEL_3 info;
+
+	ZERO_STRUCT(info);
+
+	fstrcpy(info.name, in_prt);
+	fstrcpy(info.defaultdatatype, "RAW");
+	
+	fstrcpy(info.driverpath, "");
+	fstrcpy(info.datafile, "");
+	fstrcpy(info.configfile, "");
+	fstrcpy(info.helpfile, "");
+
+	if ((info.dependentfiles=(fstring *)malloc(2*sizeof(fstring))) == NULL)
+		return WERR_NOMEM;
+
+	memset(info.dependentfiles, '\0', 2*sizeof(fstring));
+	fstrcpy(info.dependentfiles[0], "");
+
+	*info_ptr = memdup(&info, sizeof(info));
+	
+	return WERR_OK;
+}
+
+/****************************************************************************
+****************************************************************************/
+static WERROR get_a_printer_driver_3(NT_PRINTER_DRIVER_INFO_LEVEL_3 **info_ptr, fstring in_prt, fstring in_arch, uint32 version)
+{
+	NT_PRINTER_DRIVER_INFO_LEVEL_3 driver;
+	TDB_DATA kbuf, dbuf;
+	fstring architecture;
+	int len = 0;
+	int i;
+	pstring key;
+
+	ZERO_STRUCT(driver);
+
+	get_short_archi(architecture, in_arch);
+
+	DEBUG(8,("get_a_printer_driver_3: [%s%s/%d/%s]\n", DRIVERS_PREFIX, architecture, version, in_prt));
+
+	slprintf(key, sizeof(key)-1, "%s%s/%d/%s", DRIVERS_PREFIX, architecture, version, in_prt);
+
+	kbuf.dptr = key;
+	kbuf.dsize = strlen(key)+1;
+	
+	dbuf = tdb_fetch(tdb_drivers, kbuf);
+#if 0
+	if (!dbuf.dptr) return get_a_printer_driver_3_default(info_ptr, in_prt, in_arch);
+#else
+	if (!dbuf.dptr) return WERR_ACCESS_DENIED;
+#endif
+	len += tdb_unpack(dbuf.dptr, dbuf.dsize, "dffffffff",
+			  &driver.cversion,
+			  driver.name,
+			  driver.environment,
+			  driver.driverpath,
+			  driver.datafile,
+			  driver.configfile,
+			  driver.helpfile,
+			  driver.monitorname,
+			  driver.defaultdatatype);
+
+	i=0;
+	while (len < dbuf.dsize) {
+		fstring *tddfs;
+
+		tddfs = (fstring *)Realloc(driver.dependentfiles,
+							 sizeof(fstring)*(i+2));
+		if (tddfs == NULL) {
+			DEBUG(0,("get_a_printer_driver_3: failed to enlarge buffer!\n"));
+			break;
+		}
+		else driver.dependentfiles = tddfs;
+
+		len += tdb_unpack(dbuf.dptr+len, dbuf.dsize-len, "f",
+				  &driver.dependentfiles[i]);
+		i++;
+	}
+	if (driver.dependentfiles != NULL)
+		fstrcpy(driver.dependentfiles[i], "");
+
+	SAFE_FREE(dbuf.dptr);
+
+	if (len != dbuf.dsize) {
+			SAFE_FREE(driver.dependentfiles);
+
+		return get_a_printer_driver_3_default(info_ptr, in_prt, in_arch);
+	}
+
+	*info_ptr = (NT_PRINTER_DRIVER_INFO_LEVEL_3 *)memdup(&driver, sizeof(driver));
+
+	return WERR_OK;
+}
+
+/****************************************************************************
+****************************************************************************/
+uint32 get_a_printer_driver_9x_compatible(pstring line, fstring model)
+{
+	NT_PRINTER_DRIVER_INFO_LEVEL_3 *info3;
+	TDB_DATA kbuf;
+	pstring key;
+	int i;
+	line[0] = '\0';
+
+	slprintf(key, sizeof(key)-1, "%s%s/%d/%s", DRIVERS_PREFIX, "WIN40", 0, model);
+	DEBUG(10,("driver key: [%s]\n", key));
+	
+	kbuf.dptr = key;
+	kbuf.dsize = strlen(key)+1;
+	if (!tdb_exists(tdb_drivers, kbuf))
+		return False;
+
+	ZERO_STRUCT(info3);
+	get_a_printer_driver_3(&info3, model, "Windows 4.0", 0);
+	
+	DEBUGADD(10,("info3->name            [%s]\n", info3->name));
+	DEBUGADD(10,("info3->datafile        [%s]\n", info3->datafile));
+	DEBUGADD(10,("info3->helpfile        [%s]\n", info3->helpfile));
+	DEBUGADD(10,("info3->monitorname     [%s]\n", info3->monitorname));
+	DEBUGADD(10,("info3->defaultdatatype [%s]\n", info3->defaultdatatype));
+	for (i=0; info3->dependentfiles && *info3->dependentfiles[i]; i++) {
+		DEBUGADD(10,("info3->dependentfiles  [%s]\n", info3->dependentfiles[i]));
+	}
+	DEBUGADD(10,("info3->environment     [%s]\n", info3->environment));
+	DEBUGADD(10,("info3->driverpath      [%s]\n", info3->driverpath));
+	DEBUGADD(10,("info3->configfile      [%s]\n", info3->configfile));
+
+	/*pstrcat(line, info3->name);             pstrcat(line, ":");*/
+	trim_string(info3->driverpath, "\\print$\\WIN40\\0\\", 0);
+	pstrcat(line, info3->driverpath);
+	pstrcat(line, ":");
+	trim_string(info3->datafile, "\\print$\\WIN40\\0\\", 0);
+	pstrcat(line, info3->datafile);
+	pstrcat(line, ":");
+	trim_string(info3->helpfile, "\\print$\\WIN40\\0\\", 0);
+	pstrcat(line, info3->helpfile);
+	pstrcat(line, ":");
+	trim_string(info3->monitorname, "\\print$\\WIN40\\0\\", 0);
+	pstrcat(line, info3->monitorname);
+	pstrcat(line, ":");
+	pstrcat(line, "RAW");                /*info3->defaultdatatype);*/
+	pstrcat(line, ":");
+
+	for (i=0; info3->dependentfiles && *info3->dependentfiles[i]; i++) {
+		if (i)
+			pstrcat(line, ",");               /* don't end in a "," */
+		trim_string(info3->dependentfiles[i], "\\print$\\WIN40\\0\\", 0);
+		pstrcat(line, info3->dependentfiles[i]);
+	}
+	
+	SAFE_FREE(info3);
+
+	return True;	
+}
+
+/****************************************************************************
+ Debugging function, dump at level 6 the struct in the logs.
+****************************************************************************/
+
+static uint32 dump_a_printer_driver(NT_PRINTER_DRIVER_INFO_LEVEL driver, uint32 level)
+{
+	uint32 result;
+	NT_PRINTER_DRIVER_INFO_LEVEL_3 *info3;
+	int i;
+	
+	DEBUG(106,("Dumping printer driver at level [%d]\n", level));
+	
+	switch (level)
+	{
+		case 3:
+		{
+			if (driver.info_3 == NULL)
+				result=5;
+			else {
+				info3=driver.info_3;
+			
+				DEBUGADD(106,("version:[%d]\n",         info3->cversion));
+				DEBUGADD(106,("name:[%s]\n",            info3->name));
+				DEBUGADD(106,("environment:[%s]\n",     info3->environment));
+				DEBUGADD(106,("driverpath:[%s]\n",      info3->driverpath));
+				DEBUGADD(106,("datafile:[%s]\n",        info3->datafile));
+				DEBUGADD(106,("configfile:[%s]\n",      info3->configfile));
+				DEBUGADD(106,("helpfile:[%s]\n",        info3->helpfile));
+				DEBUGADD(106,("monitorname:[%s]\n",     info3->monitorname));
+				DEBUGADD(106,("defaultdatatype:[%s]\n", info3->defaultdatatype));
+				
+				for (i=0; info3->dependentfiles &&
+					  *info3->dependentfiles[i]; i++) {
+					DEBUGADD(106,("dependentfile:[%s]\n",
+						      info3->dependentfiles[i]));
+				}
+				result=0;
+			}
+			break;
+		}
+		default:
+			DEBUGADD(106,("dump_a_printer_driver: Level %u not implemented\n", (unsigned int)level));
+			result=1;
+			break;
+	}
+	
+	return result;
+}
+
+/****************************************************************************
+****************************************************************************/
+static int pack_devicemode(NT_DEVICEMODE *nt_devmode, char *buf, int buflen)
+{
+	int len = 0;
+
+	len += tdb_pack(buf+len, buflen-len, "p", nt_devmode);
+
+	if (!nt_devmode) return len;
+
+	len += tdb_pack(buf+len, buflen-len, "ffwwwwwwwwwwwwwwwwwwddddddddddddddp",
+			nt_devmode->devicename,
+			nt_devmode->formname,
+
+			nt_devmode->specversion,
+			nt_devmode->driverversion,
+			nt_devmode->size,
+			nt_devmode->driverextra,
+			nt_devmode->orientation,
+			nt_devmode->papersize,
+			nt_devmode->paperlength,
+			nt_devmode->paperwidth,
+			nt_devmode->scale,
+			nt_devmode->copies,
+			nt_devmode->defaultsource,
+			nt_devmode->printquality,
+			nt_devmode->color,
+			nt_devmode->duplex,
+			nt_devmode->yresolution,
+			nt_devmode->ttoption,
+			nt_devmode->collate,
+			nt_devmode->logpixels,
+			
+			nt_devmode->fields,
+			nt_devmode->bitsperpel,
+			nt_devmode->pelswidth,
+			nt_devmode->pelsheight,
+			nt_devmode->displayflags,
+			nt_devmode->displayfrequency,
+			nt_devmode->icmmethod,
+			nt_devmode->icmintent,
+			nt_devmode->mediatype,
+			nt_devmode->dithertype,
+			nt_devmode->reserved1,
+			nt_devmode->reserved2,
+			nt_devmode->panningwidth,
+			nt_devmode->panningheight,
+			nt_devmode->private);
+
+	
+	if (nt_devmode->private) {
+		len += tdb_pack(buf+len, buflen-len, "B",
+				nt_devmode->driverextra,
+				nt_devmode->private);
+	}
+
+	DEBUG(8,("Packed devicemode [%s]\n", nt_devmode->formname));
+
+	return len;
+}
+
+/****************************************************************************
+****************************************************************************/
+static int pack_specifics(NT_PRINTER_PARAM *param, char *buf, int buflen)
+{
+	int len = 0;
+
+	while (param != NULL) {
+		len += tdb_pack(buf+len, buflen-len, "pfdB",
+				param,
+				param->value,
+				param->type,
+				param->data_len,
+				param->data);
+		param=param->next;	
+	}
+
+	len += tdb_pack(buf+len, buflen-len, "p", param);
+
+	return len;
+}
+
+
+/****************************************************************************
+ Delete a printer - this just deletes the printer info file, any open
+ handles are not affected.
+****************************************************************************/
+
+uint32 del_a_printer(char *sharename)
+{
+	pstring key;
+	TDB_DATA kbuf;
+
+	slprintf(key, sizeof(key)-1, "%s%s", PRINTERS_PREFIX, sharename);
+
+	kbuf.dptr=key;
+	kbuf.dsize=strlen(key)+1;
+
+	tdb_delete(tdb_printers, kbuf);
+	return 0;
+}
+
+/* FIXME!!!  Reorder so this forward declaration is not necessary --jerry */
+static WERROR get_a_printer_2(NT_PRINTER_INFO_LEVEL_2 **, fstring);
+static void free_nt_printer_info_level_2(NT_PRINTER_INFO_LEVEL_2 **);
+/****************************************************************************
+****************************************************************************/
+static WERROR update_a_printer_2(NT_PRINTER_INFO_LEVEL_2 *info)
+{
+	pstring key;
+	char *buf;
+	int buflen, len;
+	WERROR ret;
+	TDB_DATA kbuf, dbuf;
+	
+	/*
+	 * in addprinter: no servername and the printer is the name
+	 * in setprinter: servername is \\server
+	 *                and printer is \\server\\printer
+	 *
+	 * Samba manages only local printers.
+	 * we currently don't support things like path=\\other_server\printer
+	 */
+
+	if (info->servername[0]!='\0') {
+		trim_string(info->printername, info->servername, NULL);
+		trim_string(info->printername, "\\", NULL);
+		info->servername[0]='\0';
+	}
+
+	/*
+	 * JFM: one day I'll forget.
+	 * below that's info->portname because that's the SAMBA sharename
+	 * and I made NT 'thinks' it's the portname
+	 * the info->sharename is the thing you can name when you add a printer
+	 * that's the short-name when you create shared printer for 95/98
+	 * So I've made a limitation in SAMBA: you can only have 1 printer model
+	 * behind a SAMBA share.
+	 */
+
+	buf = NULL;
+	buflen = 0;
+
+ again:	
+	len = 0;
+	len += tdb_pack(buf+len, buflen-len, "dddddddddddfffffPfffff",
+			info->attributes,
+			info->priority,
+			info->default_priority,
+			info->starttime,
+			info->untiltime,
+			info->status,
+			info->cjobs,
+			info->averageppm,
+			info->changeid,
+			info->c_setprinter,
+			info->setuptime,
+			info->servername,
+			info->printername,
+			info->sharename,
+			info->portname,
+			info->drivername,
+			info->comment,
+			info->location,
+			info->sepfile,
+			info->printprocessor,
+			info->datatype,
+			info->parameters);
+
+	len += pack_devicemode(info->devmode, buf+len, buflen-len);
+	
+	len += pack_specifics(info->specific, buf+len, buflen-len);
+
+	if (buflen != len) {
+		char *tb;
+
+		tb = (char *)Realloc(buf, len);
+		if (!tb) {
+			DEBUG(0,("update_a_printer_2: failed to enlarge buffer!\n"));
+			ret = WERR_NOMEM;
+			goto done;
+		}
+		else buf = tb;
+		buflen = len;
+		goto again;
+	}
+	
+
+	slprintf(key, sizeof(key)-1, "%s%s", PRINTERS_PREFIX, info->sharename);
+
+	kbuf.dptr = key;
+	kbuf.dsize = strlen(key)+1;
+	dbuf.dptr = buf;
+	dbuf.dsize = len;
+
+	ret = (tdb_store(tdb_printers, kbuf, dbuf, TDB_REPLACE) == 0? WERR_OK : WERR_NOMEM);
+
+done:
+	if (!W_ERROR_IS_OK(ret))
+		DEBUG(8, ("error updating printer to tdb on disk\n"));
+
+	SAFE_FREE(buf);
+
+	DEBUG(8,("packed printer [%s] with driver [%s] portname=[%s] len=%d\n",
+		 info->sharename, info->drivername, info->portname, len));
+
+	return ret;
+}
+
+
+/****************************************************************************
+****************************************************************************/
+void add_a_specific_param(NT_PRINTER_INFO_LEVEL_2 *info_2, NT_PRINTER_PARAM **param)
+{
+	NT_PRINTER_PARAM *current;
+	
+	DEBUG(108,("add_a_specific_param\n"));	
+
+	(*param)->next=NULL;
+	
+	if (info_2->specific == NULL)
+	{
+		info_2->specific=*param;
+	}
+	else
+	{
+		current=info_2->specific;		
+		while (current->next != NULL) {
+			current=current->next;
+		}		
+		current->next=*param;
+	}
+
+	*param = NULL;
+}
+
+/****************************************************************************
+****************************************************************************/
+BOOL unlink_specific_param_if_exist(NT_PRINTER_INFO_LEVEL_2 *info_2, NT_PRINTER_PARAM *param)
+{
+	NT_PRINTER_PARAM *current;
+	NT_PRINTER_PARAM *previous;
+	
+	current=info_2->specific;
+	previous=current;
+	
+	if (current==NULL) return (False);
+	
+	if ( !strcmp(current->value, param->value) &&
+	    (strlen(current->value)==strlen(param->value)) ) {
+		DEBUG(109,("deleting first value\n"));
+		info_2->specific=current->next;
+		SAFE_FREE(current->data);
+		SAFE_FREE(current);
+		DEBUG(109,("deleted first value\n"));
+		return (True);
+	}
+
+	current=previous->next;
+		
+	while ( current!=NULL ) {
+		if (!strcmp(current->value, param->value) &&
+		    strlen(current->value)==strlen(param->value) ) {
+			DEBUG(109,("deleting current value\n"));
+			previous->next=current->next;
+			SAFE_FREE(current->data);
+			SAFE_FREE(current);
+			DEBUG(109,("deleted current value\n"));
+			return(True);
+		}
+		
+		previous=previous->next;
+		current=current->next;
+	}
+	return (False);
+}
+
+/****************************************************************************
+ Clean up and deallocate a (maybe partially) allocated NT_PRINTER_PARAM.
+****************************************************************************/
+void free_nt_printer_param(NT_PRINTER_PARAM **param_ptr)
+{
+	NT_PRINTER_PARAM *param = *param_ptr;
+
+	if(param == NULL)
+		return;
+
+	DEBUG(106,("free_nt_printer_param: deleting param [%s]\n", param->value));
+
+		SAFE_FREE(param->data);
+	SAFE_FREE(*param_ptr);
+}
+
+/****************************************************************************
+ Malloc and return an NT devicemode.
+****************************************************************************/
+
+NT_DEVICEMODE *construct_nt_devicemode(const fstring default_devicename)
+{
+
+	char adevice[32];
+	NT_DEVICEMODE *nt_devmode = (NT_DEVICEMODE *)malloc(sizeof(NT_DEVICEMODE));
+
+	if (nt_devmode == NULL) {
+		DEBUG(0,("construct_nt_devicemode: malloc fail.\n"));
+		return NULL;
+	}
+
+	ZERO_STRUCTP(nt_devmode);
+
+	safe_strcpy(adevice, default_devicename, sizeof(adevice));
+	fstrcpy(nt_devmode->devicename, adevice);	
+	
+	fstrcpy(nt_devmode->formname, "Letter");
+
+	nt_devmode->specversion      = 0x0401;
+	nt_devmode->driverversion    = 0x0400;
+	nt_devmode->size             = 0x00DC;
+	nt_devmode->driverextra      = 0x0000;
+	nt_devmode->fields           = FORMNAME | TTOPTION | PRINTQUALITY |
+				       DEFAULTSOURCE | COPIES | SCALE |
+				       PAPERSIZE | ORIENTATION;
+	nt_devmode->orientation      = 1;
+	nt_devmode->papersize        = PAPER_LETTER;
+	nt_devmode->paperlength      = 0;
+	nt_devmode->paperwidth       = 0;
+	nt_devmode->scale            = 0x64;
+	nt_devmode->copies           = 1;
+	nt_devmode->defaultsource    = BIN_FORMSOURCE;
+	nt_devmode->printquality     = RES_HIGH;           /* 0x0258 */
+	nt_devmode->color            = COLOR_MONOCHROME;
+	nt_devmode->duplex           = DUP_SIMPLEX;
+	nt_devmode->yresolution      = 0;
+	nt_devmode->ttoption         = TT_SUBDEV;
+	nt_devmode->collate          = COLLATE_FALSE;
+	nt_devmode->icmmethod        = 0;
+	nt_devmode->icmintent        = 0;
+	nt_devmode->mediatype        = 0;
+	nt_devmode->dithertype       = 0;
+
+	/* non utilisés par un driver d'imprimante */
+	nt_devmode->logpixels        = 0;
+	nt_devmode->bitsperpel       = 0;
+	nt_devmode->pelswidth        = 0;
+	nt_devmode->pelsheight       = 0;
+	nt_devmode->displayflags     = 0;
+	nt_devmode->displayfrequency = 0;
+	nt_devmode->reserved1        = 0;
+	nt_devmode->reserved2        = 0;
+	nt_devmode->panningwidth     = 0;
+	nt_devmode->panningheight    = 0;
+	
+	nt_devmode->private = NULL;
+	return nt_devmode;
+}
+
+/****************************************************************************
+ Deepcopy an NT devicemode.
+****************************************************************************/
+
+NT_DEVICEMODE *dup_nt_devicemode(NT_DEVICEMODE *nt_devicemode)
+{
+	NT_DEVICEMODE *new_nt_devicemode = NULL;
+
+	if ((new_nt_devicemode = (NT_DEVICEMODE *)memdup(nt_devicemode, sizeof(NT_DEVICEMODE))) == NULL) {
+		DEBUG(0,("dup_nt_devicemode: malloc fail.\n"));
+		return NULL;
+	}
+
+	new_nt_devicemode->private = NULL;
+	if (nt_devicemode->private != NULL) {
+		if ((new_nt_devicemode->private = memdup(nt_devicemode->private, nt_devicemode->driverextra)) == NULL) {
+			SAFE_FREE(new_nt_devicemode);
+			DEBUG(0,("dup_nt_devicemode: malloc fail.\n"));
+			return NULL;
+        }
+	}
+
+	return new_nt_devicemode;
+}
+
+/****************************************************************************
+ Clean up and deallocate a (maybe partially) allocated NT_DEVICEMODE.
+****************************************************************************/
+
+void free_nt_devicemode(NT_DEVICEMODE **devmode_ptr)
+{
+	NT_DEVICEMODE *nt_devmode = *devmode_ptr;
+
+	if(nt_devmode == NULL)
+		return;
+
+	DEBUG(106,("free_nt_devicemode: deleting DEVMODE\n"));
+
+		SAFE_FREE(nt_devmode->private);
+	SAFE_FREE(*devmode_ptr);
+}
+
+/****************************************************************************
+ Clean up and deallocate a (maybe partially) allocated NT_PRINTER_INFO_LEVEL_2.
+****************************************************************************/
+static void free_nt_printer_info_level_2(NT_PRINTER_INFO_LEVEL_2 **info_ptr)
+{
+	NT_PRINTER_INFO_LEVEL_2 *info = *info_ptr;
+	NT_PRINTER_PARAM *param_ptr;
+
+	if(info == NULL)
+		return;
+
+	DEBUG(106,("free_nt_printer_info_level_2: deleting info\n"));
+
+	free_nt_devicemode(&info->devmode);
+
+	for(param_ptr = info->specific; param_ptr; ) {
+		NT_PRINTER_PARAM *tofree = param_ptr;
+
+		param_ptr = param_ptr->next;
+		free_nt_printer_param(&tofree);
+	}
+
+	SAFE_FREE(*info_ptr);
+}
+
+
+/****************************************************************************
+****************************************************************************/
+static int unpack_devicemode(NT_DEVICEMODE **nt_devmode, char *buf, int buflen)
+{
+	int len = 0;
+	int extra_len = 0;
+	NT_DEVICEMODE devmode;
+
+	ZERO_STRUCT(devmode);
+
+	len += tdb_unpack(buf+len, buflen-len, "p", nt_devmode);
+
+	if (!*nt_devmode) return len;
+
+	len += tdb_unpack(buf+len, buflen-len, "ffwwwwwwwwwwwwwwwwwwddddddddddddddp",
+			  devmode.devicename,
+			  devmode.formname,
+
+			  &devmode.specversion,
+			  &devmode.driverversion,
+			  &devmode.size,
+			  &devmode.driverextra,
+			  &devmode.orientation,
+			  &devmode.papersize,
+			  &devmode.paperlength,
+			  &devmode.paperwidth,
+			  &devmode.scale,
+			  &devmode.copies,
+			  &devmode.defaultsource,
+			  &devmode.printquality,
+			  &devmode.color,
+			  &devmode.duplex,
+			  &devmode.yresolution,
+			  &devmode.ttoption,
+			  &devmode.collate,
+			  &devmode.logpixels,
+			
+			  &devmode.fields,
+			  &devmode.bitsperpel,
+			  &devmode.pelswidth,
+			  &devmode.pelsheight,
+			  &devmode.displayflags,
+			  &devmode.displayfrequency,
+			  &devmode.icmmethod,
+			  &devmode.icmintent,
+			  &devmode.mediatype,
+			  &devmode.dithertype,
+			  &devmode.reserved1,
+			  &devmode.reserved2,
+			  &devmode.panningwidth,
+			  &devmode.panningheight,
+			  &devmode.private);
+	
+	if (devmode.private) {
+		/* the len in tdb_unpack is an int value and
+		 * devmode.driverextra is only a short
+		 */
+		len += tdb_unpack(buf+len, buflen-len, "B", &extra_len, &devmode.private);
+		devmode.driverextra=(uint16)extra_len;
+		
+		/* check to catch an invalid TDB entry so we don't segfault */
+		if (devmode.driverextra == 0) {
+			devmode.private = NULL;
+		}
+	}
+
+	*nt_devmode = (NT_DEVICEMODE *)memdup(&devmode, sizeof(devmode));
+
+	DEBUG(8,("Unpacked devicemode [%s](%s)\n", devmode.devicename, devmode.formname));
+	if (devmode.private)
+		DEBUG(8,("with a private section of %d bytes\n", devmode.driverextra));
+
+	return len;
+}
+
+/****************************************************************************
+****************************************************************************/
+static int unpack_specifics(NT_PRINTER_PARAM **list, char *buf, int buflen)
+{
+	int len = 0;
+	NT_PRINTER_PARAM param, *p;
+
+	*list = NULL;
+
+	while (1) {
+		len += tdb_unpack(buf+len, buflen-len, "p", &p);
+		if (!p) break;
+
+		len += tdb_unpack(buf+len, buflen-len, "fdB",
+				  param.value,
+				  &param.type,
+				  &param.data_len,
+				  &param.data);
+		param.next = *list;
+		*list = memdup(&param, sizeof(param));
+
+		DEBUG(8,("specific: [%s], len: %d\n", param.value, param.data_len));
+	}
+
+	return len;
+}
+
+static void map_to_os2_driver(fstring drivername)
+{
+	static BOOL initialised=False;
+	static fstring last_from,last_to;
+	char *mapfile = lp_os2_driver_map();
+	char **lines = NULL;
+	int numlines = 0;
+	int i;
+
+	if (!strlen(drivername))
+		return;
+
+	if (!*mapfile)
+		return;
+
+	if (!initialised) {
+		*last_from = *last_to = 0;
+		initialised = True;
+	}
+
+	if (strequal(drivername,last_from)) {
+		DEBUG(3,("Mapped Windows driver %s to OS/2 driver %s\n",drivername,last_to));
+		fstrcpy(drivername,last_to);
+		return;
+	}
+
+	lines = file_lines_load(mapfile, &numlines);
+	if (numlines == 0) {
+		DEBUG(0,("No entries in OS/2 driver map %s\n",mapfile));
+		return;
+	}
+
+	DEBUG(4,("Scanning OS/2 driver map %s\n",mapfile));
+
+	for( i = 0; i < numlines; i++) {
+		char *nt_name = lines[i];
+		char *os2_name = strchr(nt_name,'=');
+
+		if (!os2_name)
+			continue;
+
+		*os2_name++ = 0;
+
+		while (isspace(*nt_name))
+			nt_name++;
+
+		if (!*nt_name || strchr("#;",*nt_name))
+			continue;
+
+		{
+			int l = strlen(nt_name);
+			while (l && isspace(nt_name[l-1])) {
+				nt_name[l-1] = 0;
+				l--;
+			}
+		}
+
+		while (isspace(*os2_name))
+			os2_name++;
+
+		{
+			int l = strlen(os2_name);
+			while (l && isspace(os2_name[l-1])) {
+				os2_name[l-1] = 0;
+				l--;
+			}
+		}
+
+		if (strequal(nt_name,drivername)) {
+			DEBUG(3,("Mapped windows driver %s to os2 driver%s\n",drivername,os2_name));
+			fstrcpy(last_from,drivername);
+			fstrcpy(last_to,os2_name);
+			fstrcpy(drivername,os2_name);
+			file_lines_free(lines);
+			return;
+		}
+	}
+
+	file_lines_free(lines);
+}
+
+/****************************************************************************
+get a default printer info 2 struct
+****************************************************************************/
+static WERROR get_a_printer_2_default(NT_PRINTER_INFO_LEVEL_2 **info_ptr, fstring sharename)
+{
+	int snum;
+	NT_PRINTER_INFO_LEVEL_2 info;
+
+	ZERO_STRUCT(info);
+
+	snum = lp_servicenumber(sharename);
+
+	slprintf(info.servername, sizeof(info.servername)-1, "\\\\%s", get_called_name());
+	slprintf(info.printername, sizeof(info.printername)-1, "\\\\%s\\%s", 
+		 get_called_name(), sharename);
+	fstrcpy(info.sharename, sharename);
+	fstrcpy(info.portname, SAMBA_PRINTER_PORT_NAME);
+	fstrcpy(info.drivername, lp_printerdriver(snum));
+
+	/* by setting the driver name to an empty string, a local NT admin
+	   can now run the **local** APW to install a local printer driver
+ 	   for a Samba shared printer in 2.2.  Without this, drivers **must** be 
+	   installed on the Samba server for NT clients --jerry */
+#if 0	/* JERRY --do not uncomment-- */
+	if (!*info.drivername)
+		fstrcpy(info.drivername, "NO DRIVER AVAILABLE FOR THIS PRINTER");
+#endif
+
+
+	DEBUG(10,("get_a_printer_2_default: driver name set to [%s]\n", info.drivername));
+
+	pstrcpy(info.comment, "");
+	fstrcpy(info.printprocessor, "winprint");
+	fstrcpy(info.datatype, "RAW");
+
+	info.attributes = PRINTER_ATTRIBUTE_SHARED | PRINTER_ATTRIBUTE_NETWORK;      /* attributes */
+
+	info.starttime = 0; /* Minutes since 12:00am GMT */
+	info.untiltime = 0; /* Minutes since 12:00am GMT */
+	info.priority = 1;
+	info.default_priority = 1;
+	info.setuptime = (uint32)time(NULL);
+
+	/*
+	 * I changed this as I think it is better to have a generic
+	 * DEVMODE than to crash Win2k explorer.exe   --jerry
+	 * See the HP Deskjet 990c Win2k drivers for an example.
+	 *
+	 * However the default devmode appears to cause problems
+	 * with the HP CLJ 8500 PCL driver.  Hence the addition of
+	 * the "default devmode" parameter   --jerry 22/01/2002
+	 */
+
+	if (lp_default_devmode(snum)) {
+		if ((info.devmode = construct_nt_devicemode(info.printername)) == NULL)
+			goto fail;
+	}
+	else {
+		info.devmode = NULL;
+	}
+
+	/* This will get the current RPC talloc context, but we should be
+	   passing this as a parameter... fixme... JRA ! */
+
+	if (!nt_printing_getsec(get_talloc_ctx(), sharename, &info.secdesc_buf))
+		goto fail;
+
+	*info_ptr = (NT_PRINTER_INFO_LEVEL_2 *)memdup(&info, sizeof(info));
+	if (! *info_ptr) {
+		DEBUG(0,("get_a_printer_2_default: malloc fail.\n"));
+		goto fail;
+	}
+
+	return WERR_OK;
+
+  fail:
+	if (info.devmode)
+		free_nt_devicemode(&info.devmode);
+	return WERR_ACCESS_DENIED;
+}
+
+/****************************************************************************
+****************************************************************************/
+static WERROR get_a_printer_2(NT_PRINTER_INFO_LEVEL_2 **info_ptr, fstring sharename)
+{
+	pstring key;
+	NT_PRINTER_INFO_LEVEL_2 info;
+	int 		len = 0;
+	TDB_DATA kbuf, dbuf;
+	fstring printername;
+		
+	ZERO_STRUCT(info);
+
+	slprintf(key, sizeof(key)-1, "%s%s", PRINTERS_PREFIX, sharename);
+
+	kbuf.dptr = key;
+	kbuf.dsize = strlen(key)+1;
+
+	dbuf = tdb_fetch(tdb_printers, kbuf);
+	if (!dbuf.dptr)
+		return get_a_printer_2_default(info_ptr, sharename);
+
+	len += tdb_unpack(dbuf.dptr+len, dbuf.dsize-len, "dddddddddddfffffPfffff",
+			&info.attributes,
+			&info.priority,
+			&info.default_priority,
+			&info.starttime,
+			&info.untiltime,
+			&info.status,
+			&info.cjobs,
+			&info.averageppm,
+			&info.changeid,
+			&info.c_setprinter,
+			&info.setuptime,
+			info.servername,
+			info.printername,
+			info.sharename,
+			info.portname,
+			info.drivername,
+			info.comment,
+			info.location,
+			info.sepfile,
+			info.printprocessor,
+			info.datatype,
+			info.parameters);
+
+	/* Samba has to have shared raw drivers. */
+	info.attributes |= (PRINTER_ATTRIBUTE_SHARED | PRINTER_ATTRIBUTE_NETWORK); 
+
+	/* Restore the stripped strings. */
+	slprintf(info.servername, sizeof(info.servername)-1, "\\\\%s", get_called_name());
+	slprintf(printername, sizeof(printername)-1, "\\\\%s\\%s", get_called_name(),
+			info.printername);
+	fstrcpy(info.printername, printername);
+
+	len += unpack_devicemode(&info.devmode,dbuf.dptr+len, dbuf.dsize-len);
+
+	/*
+	 * Some client drivers freak out if there is a NULL devmode
+	 * (probably the driver is not checking before accessing 
+	 * the devmode pointer)   --jerry
+	 *
+	 * See comments in get_a_printer_2_default()
+	 */
+
+	if (lp_default_devmode(lp_servicenumber(sharename)) && !info.devmode)
+	{
+		DEBUG(8,("get_a_printer_2: Constructing a default device mode for [%s]\n",
+			printername));
+		info.devmode = construct_nt_devicemode(printername);
+	}
+
+	len += unpack_specifics(&info.specific,dbuf.dptr+len, dbuf.dsize-len);
+
+	/* This will get the current RPC talloc context, but we should be
+       passing this as a parameter... fixme... JRA ! */
+
+	nt_printing_getsec(get_talloc_ctx(), sharename, &info.secdesc_buf);
+
+	/* Fix for OS/2 drivers. */
+
+	if (get_remote_arch() == RA_OS2)
+		map_to_os2_driver(info.drivername);
+
+	SAFE_FREE(dbuf.dptr);
+	*info_ptr=memdup(&info, sizeof(info));
+
+	DEBUG(9,("Unpacked printer [%s] name [%s] running driver [%s]\n",
+		 sharename, info.printername, info.drivername));
+
+	return WERR_OK;	
+}
+
+/****************************************************************************
+debugging function, dump at level 6 the struct in the logs
+****************************************************************************/
+static uint32 dump_a_printer(NT_PRINTER_INFO_LEVEL printer, uint32 level)
+{
+	uint32 result;
+	NT_PRINTER_INFO_LEVEL_2	*info2;
+	
+	DEBUG(106,("Dumping printer at level [%d]\n", level));
+	
+	switch (level)
+	{
+		case 2:
+		{
+			if (printer.info_2 == NULL)
+				result=5;
+			else
+			{
+				info2=printer.info_2;
+			
+				DEBUGADD(106,("attributes:[%d]\n", info2->attributes));
+				DEBUGADD(106,("priority:[%d]\n", info2->priority));
+				DEBUGADD(106,("default_priority:[%d]\n", info2->default_priority));
+				DEBUGADD(106,("starttime:[%d]\n", info2->starttime));
+				DEBUGADD(106,("untiltime:[%d]\n", info2->untiltime));
+				DEBUGADD(106,("status:[%d]\n", info2->status));
+				DEBUGADD(106,("cjobs:[%d]\n", info2->cjobs));
+				DEBUGADD(106,("averageppm:[%d]\n", info2->averageppm));
+				DEBUGADD(106,("changeid:[%d]\n", info2->changeid));
+				DEBUGADD(106,("c_setprinter:[%d]\n", info2->c_setprinter));
+				DEBUGADD(106,("setuptime:[%d]\n", info2->setuptime));
+
+				DEBUGADD(106,("servername:[%s]\n", info2->servername));
+				DEBUGADD(106,("printername:[%s]\n", info2->printername));
+				DEBUGADD(106,("sharename:[%s]\n", info2->sharename));
+				DEBUGADD(106,("portname:[%s]\n", info2->portname));
+				DEBUGADD(106,("drivername:[%s]\n", info2->drivername));
+				DEBUGADD(106,("comment:[%s]\n", info2->comment));
+				DEBUGADD(106,("location:[%s]\n", info2->location));
+				DEBUGADD(106,("sepfile:[%s]\n", info2->sepfile));
+				DEBUGADD(106,("printprocessor:[%s]\n", info2->printprocessor));
+				DEBUGADD(106,("datatype:[%s]\n", info2->datatype));
+				DEBUGADD(106,("parameters:[%s]\n", info2->parameters));
+				result=0;
+			}
+			break;
+		}
+		default:
+			DEBUGADD(106,("dump_a_printer: Level %u not implemented\n", (unsigned int)level ));
+			result=1;
+			break;
+	}
+	
+	return result;
+}
+
+/****************************************************************************
+ Get the parameters we can substitute in an NT print job.
+****************************************************************************/
+
+void get_printer_subst_params(int snum, fstring *printername, fstring *sharename, fstring *portname)
+{
+	NT_PRINTER_INFO_LEVEL *printer = NULL;
+
+	**printername = **sharename = **portname = '\0';
+
+	if (!W_ERROR_IS_OK(get_a_printer(&printer, 2, lp_servicename(snum))))
+		return;
+
+	fstrcpy(*printername, printer->info_2->printername);
+	fstrcpy(*sharename, printer->info_2->sharename);
+	fstrcpy(*portname, printer->info_2->portname);
+
+	free_a_printer(&printer, 2);
+}
+
+/****************************************************************************
+ Update the changeid time.
+ This is SO NASTY as some drivers need this to change, others need it
+ static. This value will change every second, and I must hope that this
+ is enough..... DON'T CHANGE THIS CODE WITHOUT A TEST MATRIX THE SIZE OF
+ UTAH ! JRA.
+****************************************************************************/
+
+static uint32 rev_changeid(void)
+{
+	struct timeval tv;
+
+	get_process_uptime(&tv);
+
+#if 1	/* JERRY */
+	/* Return changeid as msec since spooler restart */
+	return tv.tv_sec * 1000 + tv.tv_usec / 1000;
+#else
+	/*
+	 * This setting seems to work well but is too untested
+	 * to replace the above calculation.  Left in for experiementation
+	 * of the reader            --jerry (Tue Mar 12 09:15:05 CST 2002)
+	 */
+	return tv.tv_sec * 10 + tv.tv_usec / 100000;
+#endif
+}
+
+/*
+ * The function below are the high level ones.
+ * only those ones must be called from the spoolss code.
+ * JFM.
+ */
+
+/****************************************************************************
+ Modify a printer. This is called from SETPRINTERDATA/DELETEPRINTERDATA.
+****************************************************************************/
+
+WERROR mod_a_printer(NT_PRINTER_INFO_LEVEL printer, uint32 level)
+{
+	WERROR result;
+	
+	dump_a_printer(printer, level);	
+	
+	switch (level)
+	{
+		case 2:
+		{
+			/*
+			 * Update the changestamp.  Emperical tests show that the
+			 * ChangeID is always updated,but c_setprinter is  
+			 *  global spooler variable (not per printer).
+			 */
+
+			/* ChangeID **must** be increasing over the lifetime
+			   of client's spoolss service in order for the
+			   client's cache to show updates */
+
+			printer.info_2->changeid = rev_changeid();
+
+			/*
+			 * Because one day someone will ask:
+			 * NT->NT	An admin connection to a remote
+			 * 		printer show changes imeediately in
+			 * 		the properities dialog
+			 * 	
+			 * 		A non-admin connection will only show the
+			 * 		changes after viewing the properites page
+			 * 		2 times.  Seems to be related to a
+			 * 		race condition in the client between the spooler
+			 * 		updating the local cache and the Explorer.exe GUI
+			 *		actually displaying the properties.
+			 *
+			 *		This is fixed in Win2k.  admin/non-admin
+			 * 		connections both display changes immediately.
+			 *
+			 * 14/12/01	--jerry
+			 */
+
+			result=update_a_printer_2(printer.info_2);
+			break;
+		}
+		default:
+			result=WERR_UNKNOWN_LEVEL;
+			break;
+	}
+	
+	return result;
+}
+
+/****************************************************************************
+ Initialize printer devmode & data with previously saved driver init values.
+****************************************************************************/
+
+static uint32 set_driver_init_2(NT_PRINTER_INFO_LEVEL_2 *info_ptr)
+{
+	int                     len = 0;
+	pstring                 key;
+	TDB_DATA                kbuf, dbuf;
+	NT_PRINTER_PARAM        *current;
+	NT_PRINTER_INFO_LEVEL_2 info;
+
+	/*
+	 * Delete any printer data 'specifics' already set. When called for driver
+	 * replace, there will generally be some, but during an add printer, there
+	 * should not be any (if there are delete them).
+	 */
+	while ( (current=info_ptr->specific) != NULL ) {
+		info_ptr->specific=current->next;
+		SAFE_FREE(current->data);
+		SAFE_FREE(current);
+	}
+
+	ZERO_STRUCT(info);
+
+	slprintf(key, sizeof(key)-1, "%s%s", DRIVER_INIT_PREFIX, info_ptr->drivername);
+
+	kbuf.dptr = key;
+	kbuf.dsize = strlen(key)+1;
+
+	dbuf = tdb_fetch(tdb_drivers, kbuf);
+    if (!dbuf.dptr) {
+		/*
+		 * When changing to a driver that has no init info in the tdb, remove
+		 * the previous drivers init info and leave the new on blank.
+		 */
+		free_nt_devicemode(&info_ptr->devmode);
+		return False;
+	}
+
+	/*
+	 * Get the saved DEVMODE..
+	 */
+	len += unpack_devicemode(&info.devmode,dbuf.dptr+len, dbuf.dsize-len);
+
+	/*
+	 * The saved DEVMODE contains the devicename from the printer used during
+	 * the initialization save. Change it to reflect the new printer.
+	 */
+	ZERO_STRUCT(info.devmode->devicename);
+	fstrcpy(info.devmode->devicename, info_ptr->printername);
+
+
+	/*
+	 * NT/2k does not change out the entire DeviceMode of a printer
+	 * when changing the driver.  Only the driverextra, private, & 
+	 * driverversion fields.   --jerry  (Thu Mar 14 08:58:43 CST 2002)
+	 */
+
+#if 0	/* JERRY */
+
+	/* 
+	 * 	Bind the saved DEVMODE to the new the printer.
+	 */
+	free_nt_devicemode(&info_ptr->devmode);
+	info_ptr->devmode = info.devmode;
+#else
+	/* copy the entire devmode if we currently don't have one */
+
+	if (!info_ptr->devmode) {
+		DEBUG(10,("set_driver_init_2: Current Devmode is NULL.  Copying entire Device Mode\n"));
+		info_ptr->devmode = info.devmode;
+	}
+	else {
+		/* only set the necessary fields */
+
+		DEBUG(10,("set_driver_init_2: Setting driverversion [0x%x] and private data [0x%x]\n",
+			info.devmode->driverversion, info.devmode->driverextra));
+
+		info_ptr->devmode->driverversion = info.devmode->driverversion;
+
+		SAFE_FREE(info_ptr->devmode->private);
+		info_ptr->devmode->private = NULL;
+
+		if (info.devmode->driverversion)
+			info_ptr->devmode->private = memdup(info.devmode->private, info.devmode->driverversion);
+
+		free_nt_devicemode(&info.devmode);
+	}
+#endif
+
+	DEBUG(10,("set_driver_init_2: Set printer [%s] init DEVMODE for driver [%s]\n",
+			info_ptr->printername, info_ptr->drivername));
+
+	/* 
+	 * Add the printer data 'specifics' to the new printer
+	 */
+	len += unpack_specifics(&info_ptr->specific,dbuf.dptr+len, dbuf.dsize-len);
+
+	SAFE_FREE(dbuf.dptr);
+
+	return True;	
+}
+
+/****************************************************************************
+ Initialize printer devmode & data with previously saved driver init values.
+ When a printer is created using AddPrinter, the drivername bound to the
+ printer is used to lookup previously saved driver initialization info, which
+ is bound to the new printer.
+****************************************************************************/
+
+uint32 set_driver_init(NT_PRINTER_INFO_LEVEL *printer, uint32 level)
+{
+	uint32 result;
+	
+	switch (level)
+	{
+		case 2:
+		{
+			result=set_driver_init_2(printer->info_2);
+			break;
+		}
+		default:
+			result=1;
+			break;
+	}
+	
+	return result;
+}
+
+/****************************************************************************
+ Pack up the DEVMODE and specifics for a printer into a 'driver init' entry 
+ in the tdb. Note: this is different from the driver entry and the printer
+ entry. There should be a single driver init entry for each driver regardless
+ of whether it was installed from NT or 2K. Technically, they should be
+ different, but they work out to the same struct.
+****************************************************************************/
+
+static uint32 update_driver_init_2(NT_PRINTER_INFO_LEVEL_2 *info)
+{
+	pstring key;
+	char *buf;
+	int buflen, len, ret;
+	TDB_DATA kbuf, dbuf;
+
+	buf = NULL;
+	buflen = 0;
+
+ again:	
+	len = 0;
+	len += pack_devicemode(info->devmode, buf+len, buflen-len);
+
+	len += pack_specifics(info->specific, buf+len, buflen-len);
+
+	if (buflen != len) {
+		char *tb;
+
+		tb = (char *)Realloc(buf, len);
+		if (!tb) {
+			DEBUG(0, ("update_driver_init_2: failed to enlarge buffer!\n"));
+			ret = -1;
+			goto done;
+		}
+		else buf = tb;
+		buflen = len;
+		goto again;
+	}
+
+	slprintf(key, sizeof(key)-1, "%s%s", DRIVER_INIT_PREFIX, info->drivername);
+
+	kbuf.dptr = key;
+	kbuf.dsize = strlen(key)+1;
+	dbuf.dptr = buf;
+	dbuf.dsize = len;
+
+	ret = tdb_store(tdb_drivers, kbuf, dbuf, TDB_REPLACE);
+
+done:
+	if (ret == -1)
+		DEBUG(8, ("update_driver_init_2: error updating printer init to tdb on disk\n"));
+
+	SAFE_FREE(buf);
+
+	DEBUG(10,("update_driver_init_2: Saved printer [%s] init DEVMODE & specifics for driver [%s]\n",
+		 info->sharename, info->drivername));
+
+	return ret;
+}
+
+/****************************************************************************
+ Update (i.e. save) the driver init info (DEVMODE and specifics) for a printer
+****************************************************************************/
+
+uint32 update_driver_init(NT_PRINTER_INFO_LEVEL printer, uint32 level)
+{
+	uint32 result;
+	
+	dump_a_printer(printer, level);	
+	
+	switch (level)
+	{
+		case 2:
+		{
+			result=update_driver_init_2(printer.info_2);
+			break;
+		}
+		default:
+			result=1;
+			break;
+	}
+	
+	return result;
+}
+
+/****************************************************************************
+ Convert the printer data value, a REG_BINARY array, into an initialization 
+ DEVMODE. Note: the array must be parsed as if it was a DEVMODE in an rpc...
+ got to keep the endians happy :).
+****************************************************************************/
+
+static BOOL convert_driver_init(NT_PRINTER_PARAM *param, TALLOC_CTX *ctx, NT_DEVICEMODE *nt_devmode)
+{
+	BOOL       result = False;
+	prs_struct ps;
+	DEVICEMODE devmode;
+
+	ZERO_STRUCT(devmode);
+
+	prs_init(&ps, 0, ctx, UNMARSHALL);
+	ps.data_p      = (char *)param->data;
+	ps.buffer_size = param->data_len;
+
+	if (spoolss_io_devmode("phantom DEVMODE", &ps, 0, &devmode))
+		result = convert_devicemode("", &devmode, &nt_devmode);
+	else
+		DEBUG(10,("convert_driver_init: error parsing DEVMODE\n"));
+
+	return result;
+}
+
+/****************************************************************************
+ Set the DRIVER_INIT info in the tdb. Requires Win32 client code that:
+
+ 1. Use the driver's config DLL to this UNC printername and:
+    a. Call DrvPrintEvent with PRINTER_EVENT_INITIALIZE
+    b. Call DrvConvertDevMode with CDM_DRIVER_DEFAULT to get default DEVMODE
+ 2. Call SetPrinterData with the 'magic' key and the DEVMODE as data.
+
+ The last step triggers saving the "driver initialization" information for
+ this printer into the tdb. Later, new printers that use this driver will
+ have this initialization information bound to them. This simulates the
+ driver initialization, as if it had run on the Samba server (as it would
+ have done on NT).
+
+ The Win32 client side code requirement sucks! But until we can run arbitrary
+ Win32 printer driver code on any Unix that Samba runs on, we are stuck with it.
+ 
+ It would have been easier to use SetPrinter because all the UNMARSHALLING of
+ the DEVMODE is done there, but 2K/XP clients do not set the DEVMODE... think
+ about it and you will realize why.  JRR 010720
+****************************************************************************/
+
+static WERROR save_driver_init_2(NT_PRINTER_INFO_LEVEL *printer, NT_PRINTER_PARAM *param)
+{
+	WERROR        status       = WERR_OK;
+	TALLOC_CTX    *ctx         = NULL;
+	NT_DEVICEMODE *nt_devmode  = NULL;
+	NT_DEVICEMODE *tmp_devmode = printer->info_2->devmode;
+	
+	/*
+	 * When the DEVMODE is already set on the printer, don't try to unpack it.
+	 */
+
+	if (!printer->info_2->devmode && param->data_len) {
+		/*
+		 * Set devmode on printer info, so entire printer initialization can be
+		 * saved to tdb.
+		 */
+
+		if ((ctx = talloc_init()) == NULL)
+			return WERR_NOMEM;
+
+		if ((nt_devmode = (NT_DEVICEMODE*)malloc(sizeof(NT_DEVICEMODE))) == NULL) {
+			status = WERR_NOMEM;
+			goto done;
+		}
+	
+		ZERO_STRUCTP(nt_devmode);
+
+		/*
+		 * The DEVMODE is held in the 'data' component of the param in raw binary.
+		 * Convert it to to a devmode structure
+		 */
+		if (!convert_driver_init(param, ctx, nt_devmode)) {
+			DEBUG(10,("save_driver_init_2: error converting DEVMODE\n"));
+			status = WERR_INVALID_PARAM;
+			goto done;
+		}
+
+		printer->info_2->devmode = nt_devmode;
+	}
+
+	/*
+	 * Pack up and add (or update) the DEVMODE and any current printer data to
+	 * a 'driver init' element in the tdb
+	 * 
+	 */
+
+	if (update_driver_init(*printer, 2)!=0) {
+		DEBUG(10,("save_driver_init_2: error updating DEVMODE\n"));
+		status = WERR_NOMEM;
+		goto done;
+	}
+	
+	/*
+	 * If driver initialization info was successfully saved, set the current 
+	 * printer to match it. This allows initialization of the current printer 
+	 * as well as the driver.
+	 */
+	status = mod_a_printer(*printer, 2);
+	if (!W_ERROR_IS_OK(status)) {
+		DEBUG(10,("save_driver_init_2: error setting DEVMODE on printer [%s]\n",
+				  printer->info_2->printername));
+	}
+	
+#if 0	/* JERRY */
+	srv_spoolss_sendnotify(p, handle);
+#endif
+
+  done:
+	talloc_destroy(ctx);
+	if (nt_devmode)
+		SAFE_FREE(nt_devmode->private);
+	SAFE_FREE(nt_devmode);
+	printer->info_2->devmode = tmp_devmode;
+
+	return status;
+}
+
+/****************************************************************************
+ Update the driver init info (DEVMODE and specifics) for a printer
+****************************************************************************/
+
+WERROR save_driver_init(NT_PRINTER_INFO_LEVEL *printer, uint32 level, NT_PRINTER_PARAM *param)
+{
+	WERROR status = WERR_OK;
+	
+	switch (level)
+	{
+		case 2:
+		{
+			status=save_driver_init_2(printer, param);
+			break;
+		}
+		default:
+			status=WERR_UNKNOWN_LEVEL;
+			break;
+	}
+	
+	return status;
+}
+
+/****************************************************************************
+ Get a NT_PRINTER_INFO_LEVEL struct. It returns malloced memory.
+****************************************************************************/
+
+WERROR get_a_printer(NT_PRINTER_INFO_LEVEL **pp_printer, uint32 level, fstring sharename)
+{
+	WERROR result;
+	NT_PRINTER_INFO_LEVEL *printer = NULL;
+	
+	*pp_printer = NULL;
+
+	DEBUG(10,("get_a_printer: [%s] level %u\n", sharename, (unsigned int)level));
+
+	switch (level)
+	{
+		case 2:
+		{
+			if ((printer = (NT_PRINTER_INFO_LEVEL *)malloc(sizeof(NT_PRINTER_INFO_LEVEL))) == NULL) {
+				DEBUG(0,("get_a_printer: malloc fail.\n"));
+				return WERR_NOMEM;
+			}
+			ZERO_STRUCTP(printer);
+			result=get_a_printer_2(&printer->info_2, sharename);
+			if (W_ERROR_IS_OK(result)) {
+				dump_a_printer(*printer, level);
+				*pp_printer = printer;
+			} else {
+				SAFE_FREE(printer);
+			}
+			break;
+		}
+		default:
+			result=WERR_UNKNOWN_LEVEL;
+			break;
+	}
+	
+	DEBUG(10,("get_a_printer: [%s] level %u returning %s\n", sharename, (unsigned int)level, dos_errstr(result)));
+
+	return result;
+}
+
+/****************************************************************************
+ Deletes a NT_PRINTER_INFO_LEVEL struct.
+****************************************************************************/
+
+uint32 free_a_printer(NT_PRINTER_INFO_LEVEL **pp_printer, uint32 level)
+{
+	uint32 result;
+	NT_PRINTER_INFO_LEVEL *printer = *pp_printer;
+
+	DEBUG(104,("freeing a printer at level [%d]\n", level));
+
+	if (printer == NULL)
+		return 0;
+	
+	switch (level)
+	{
+		case 2:
+		{
+			if (printer->info_2 != NULL)
+			{
+				free_nt_printer_info_level_2(&printer->info_2);
+				result=0;
+			}
+			else
+			{
+				result=4;
+			}
+			break;
+		}
+		default:
+			result=1;
+			break;
+	}
+
+	SAFE_FREE(*pp_printer);
+	return result;
+}
+
+/****************************************************************************
+****************************************************************************/
+uint32 add_a_printer_driver(NT_PRINTER_DRIVER_INFO_LEVEL driver, uint32 level)
+{
+	uint32 result;
+	DEBUG(104,("adding a printer at level [%d]\n", level));
+	dump_a_printer_driver(driver, level);
+	
+	switch (level)
+	{
+		case 3:
+		{
+			result=add_a_printer_driver_3(driver.info_3);
+			break;
+		}
+
+		case 6:
+		{
+			result=add_a_printer_driver_6(driver.info_6);
+			break;
+		}
+		default:
+			result=1;
+			break;
+	}
+	
+	return result;
+}
+/****************************************************************************
+****************************************************************************/
+WERROR get_a_printer_driver(NT_PRINTER_DRIVER_INFO_LEVEL *driver, uint32 level,
+                            fstring printername, fstring architecture, uint32 version)
+{
+	WERROR result;
+	
+	switch (level)
+	{
+		case 3:
+		{
+			result=get_a_printer_driver_3(&driver->info_3, printername, architecture, version);
+			break;
+		}
+		default:
+			result=W_ERROR(1);
+			break;
+	}
+	
+	if (W_ERROR_IS_OK(result))
+		dump_a_printer_driver(*driver, level);
+	return result;
+}
+
+/****************************************************************************
+****************************************************************************/
+uint32 free_a_printer_driver(NT_PRINTER_DRIVER_INFO_LEVEL driver, uint32 level)
+{
+	uint32 result;
+	
+	switch (level)
+	{
+		case 3:
+		{
+			NT_PRINTER_DRIVER_INFO_LEVEL_3 *info3;
+			if (driver.info_3 != NULL)
+			{
+				info3=driver.info_3;
+				SAFE_FREE(info3->dependentfiles);
+				ZERO_STRUCTP(info3);
+				SAFE_FREE(info3);
+				result=0;
+			}
+			else
+			{
+				result=4;
+			}
+			break;
+		}
+		case 6:
+		{
+			NT_PRINTER_DRIVER_INFO_LEVEL_6 *info6;
+			if (driver.info_6 != NULL)
+			{
+				info6=driver.info_6;
+				SAFE_FREE(info6->dependentfiles);
+				SAFE_FREE(info6->previousnames);
+				ZERO_STRUCTP(info6);
+				SAFE_FREE(info6);
+				result=0;
+			}
+			else
+			{
+				result=4;
+			}
+			break;
+		}
+		default:
+			result=1;
+			break;
+	}
+	return result;
+}
+
+
+/****************************************************************************
+  Determine whether or not a particular driver is currently assigned
+  to a printer
+****************************************************************************/
+BOOL printer_driver_in_use (char *arch, char *driver)
+{
+	TDB_DATA kbuf, newkey, dbuf;
+	NT_PRINTER_INFO_LEVEL_2 info;
+	int ret;
+
+	if (!tdb_printers)
+		if (!nt_printing_init())
+			return False;
+
+	DEBUG(5,("printer_driver_in_use: Beginning search through printers.tdb...\n"));
+	
+	/* loop through the printers.tdb and check for the drivername */
+	for (kbuf = tdb_firstkey(tdb_printers); kbuf.dptr;
+	     newkey = tdb_nextkey(tdb_printers, kbuf), safe_free(kbuf.dptr), kbuf=newkey) 
+	{
+
+		dbuf = tdb_fetch(tdb_printers, kbuf);
+		if (!dbuf.dptr) 
+			continue;
+
+		if (strncmp(kbuf.dptr, PRINTERS_PREFIX, strlen(PRINTERS_PREFIX)) != 0) 
+			continue;
+
+		ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "dddddddddddfffffPfffff",
+			&info.attributes,
+			&info.priority,
+			&info.default_priority,
+			&info.starttime,
+			&info.untiltime,
+			&info.status,
+			&info.cjobs,
+			&info.averageppm,
+			&info.changeid,
+			&info.c_setprinter,
+			&info.setuptime,
+			info.servername,
+			info.printername,
+			info.sharename,
+			info.portname,
+			info.drivername,
+			info.comment,
+			info.location,
+			info.sepfile,
+			info.printprocessor,
+			info.datatype,
+			info.parameters);
+
+		SAFE_FREE(dbuf.dptr);
+
+		if (ret == -1) {
+			DEBUG (0,("printer_driver_in_use: tdb_unpack failed for printer %s\n",
+					info.printername));
+			continue;
+		}
+		
+		DEBUG (10,("printer_driver_in_use: Printer - %s (%s)\n",
+			info.printername, info.drivername));
+			
+		if (strcmp(info.drivername, driver) == 0) 
+		{
+			DEBUG(5,("printer_driver_in_use: Printer %s using %s\n",
+				info.printername, driver));
+			return True;
+		}	
+	}
+	DEBUG(5,("printer_driver_in_use: Completed search through printers.tdb...\n"));
+	
+	
+	
+	/* report that the driver is in use by default */
+	return False;
+}
+
+/****************************************************************************
+ Remove a printer driver from the TDB.  This assumes that the the driver was
+ previously looked up.
+ ***************************************************************************/
+WERROR delete_printer_driver (NT_PRINTER_DRIVER_INFO_LEVEL_3 *i)
+{
+	pstring 	key;
+	fstring		arch;
+	TDB_DATA 	kbuf;
+
+
+	get_short_archi(arch, i->environment);
+	slprintf(key, sizeof(key)-1, "%s%s/%d/%s", DRIVERS_PREFIX,
+		arch, i->cversion, i->name); 
+	DEBUG(5,("delete_printer_driver: key = [%s]\n", key));
+
+	kbuf.dptr=key;
+	kbuf.dsize=strlen(key)+1;
+
+	if (tdb_delete(tdb_drivers, kbuf) == -1) {
+		DEBUG (0,("delete_printer_driver: fail to delete %s!\n", key));
+		return WERR_ACCESS_DENIED;
+	}
+	
+	DEBUG(5,("delete_printer_driver: [%s] driver delete successful.\n",
+		i->name));
+	
+	return WERR_OK;
+}
+/****************************************************************************
+****************************************************************************/
+BOOL get_specific_param_by_index(NT_PRINTER_INFO_LEVEL printer, uint32 level, uint32 param_index,
+                                 fstring value, uint8 **data, uint32 *type, uint32 *len)
+{
+	/* right now that's enough ! */	
+	NT_PRINTER_PARAM *param;
+	int i=0;
+	
+	param=printer.info_2->specific;
+	
+	while (param != NULL && i < param_index) {
+		param=param->next;
+		i++;
+	}
+	
+	if (param == NULL)
+		return False;
+
+	/* exited because it exist */
+	*type=param->type;		
+	StrnCpy(value, param->value, sizeof(fstring)-1);
+	*data=(uint8 *)malloc(param->data_len*sizeof(uint8));
+	if(*data == NULL)
+		return False;
+	ZERO_STRUCTP(*data);
+	memcpy(*data, param->data, param->data_len);
+	*len=param->data_len;
+	return True;
+}
+
+/****************************************************************************
+****************************************************************************/
+BOOL get_specific_param(NT_PRINTER_INFO_LEVEL printer, uint32 level,
+                        fstring value, uint8 **data, uint32 *type, uint32 *len)
+{
+	/* right now that's enough ! */	
+	NT_PRINTER_PARAM *param;
+	
+	DEBUG(10, ("get_specific_param\n"));
+	
+	param=printer.info_2->specific;
+		
+	while (param != NULL)
+	{
+#if 1 /* JRA - I think this should be case insensitive.... */
+		if ( strequal(value, param->value)
+#else
+		if ( !strcmp(value, param->value)
+#endif
+		    && strlen(value)==strlen(param->value))
+			break;
+			
+		param=param->next;
+	}
+	
+	if (param != NULL)
+	{
+        DEBUGADD(10, ("get_specific_param: found one param\n"));
+		/* exited because it exist */
+		*type=param->type;	
+		
+		*data=(uint8 *)malloc(param->data_len*sizeof(uint8));
+		if(*data == NULL)
+			return False;
+		memcpy(*data, param->data, param->data_len);
+		*len=param->data_len;
+
+		DEBUGADD(10, ("get_specific_param: exit true\n"));
+		return (True);
+	}
+	DEBUGADD(10, ("get_specific_param: exit false\n"));
+	return (False);
+}
+
+/****************************************************************************
+ Store a security desc for a printer.
+****************************************************************************/
+
+WERROR nt_printing_setsec(char *printername, SEC_DESC_BUF *secdesc_ctr)
+{
+	SEC_DESC_BUF *new_secdesc_ctr = NULL;
+	SEC_DESC_BUF *old_secdesc_ctr = NULL;
+	prs_struct ps;
+	TALLOC_CTX *mem_ctx = NULL;
+	fstring key;
+	WERROR status;
+
+	mem_ctx = talloc_init();
+	if (mem_ctx == NULL)
+		return WERR_NOMEM;
+
+        /* The old owner and group sids of the security descriptor are not
+	   present when new ACEs are added or removed by changing printer
+	   permissions through NT.  If they are NULL in the new security
+	   descriptor then copy them over from the old one. */
+
+	if (!secdesc_ctr->sec->owner_sid || !secdesc_ctr->sec->grp_sid) {
+		DOM_SID *owner_sid, *group_sid;
+		SEC_ACL *dacl, *sacl;
+		SEC_DESC *psd = NULL;
+		size_t size;
+
+		nt_printing_getsec(mem_ctx, printername, &old_secdesc_ctr);
+
+		/* Pick out correct owner and group sids */
+
+		owner_sid = secdesc_ctr->sec->owner_sid ?
+			secdesc_ctr->sec->owner_sid :
+			old_secdesc_ctr->sec->owner_sid;
+
+		group_sid = secdesc_ctr->sec->grp_sid ?
+			secdesc_ctr->sec->grp_sid :
+			old_secdesc_ctr->sec->grp_sid;
+
+		dacl = secdesc_ctr->sec->dacl ?
+			secdesc_ctr->sec->dacl :
+			old_secdesc_ctr->sec->dacl;
+
+		sacl = secdesc_ctr->sec->sacl ?
+			secdesc_ctr->sec->sacl :
+			old_secdesc_ctr->sec->sacl;
+
+		/* Make a deep copy of the security descriptor */
+
+		psd = make_sec_desc(mem_ctx, secdesc_ctr->sec->revision,
+				    owner_sid, group_sid,
+				    sacl,
+				    dacl,
+				    &size);
+
+		new_secdesc_ctr = make_sec_desc_buf(mem_ctx, size, psd);
+	}
+
+	if (!new_secdesc_ctr) {
+		new_secdesc_ctr = secdesc_ctr;
+	}
+
+	/* Store the security descriptor in a tdb */
+
+	prs_init(&ps, (uint32)sec_desc_size(new_secdesc_ctr->sec) +
+		 sizeof(SEC_DESC_BUF), mem_ctx, MARSHALL);
+
+	if (!sec_io_desc_buf("nt_printing_setsec", &new_secdesc_ctr,
+			     &ps, 1)) {
+		status = WERR_BADFUNC;
+		goto out;
+	}
+
+	slprintf(key, sizeof(key)-1, "SECDESC/%s", printername);
+
+	if (tdb_prs_store(tdb_printers, key, &ps)==0) {
+		status = WERR_OK;
+	} else {
+		DEBUG(1,("Failed to store secdesc for %s\n", printername));
+		status = WERR_BADFUNC;
+	}
+
+	/* Free malloc'ed memory */
+
+ out:
+
+	prs_mem_free(&ps);
+	if (mem_ctx)
+		talloc_destroy(mem_ctx);
+	return status;
+}
+
+/****************************************************************************
+ Construct a default security descriptor buffer for a printer.
+****************************************************************************/
+
+static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx)
+{
+	extern DOM_SID global_sam_sid;
+	SEC_ACE ace[3];
+	SEC_ACCESS sa;
+	SEC_ACL *psa = NULL;
+	SEC_DESC_BUF *sdb = NULL;
+	SEC_DESC *psd = NULL;
+	DOM_SID owner_sid;
+	size_t sd_size;
+
+	/* Create an ACE where Everyone is allowed to print */
+
+	init_sec_access(&sa, PRINTER_ACE_PRINT);
+	init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED,
+		     sa, SEC_ACE_FLAG_CONTAINER_INHERIT);
+
+	/* Make the security descriptor owned by the Administrators group
+	   on the PDC of the domain. */
+
+	if (secrets_fetch_domain_sid(lp_workgroup(), &owner_sid)) {
+		sid_append_rid(&owner_sid, DOMAIN_USER_RID_ADMIN);
+	} else {
+
+		/* Backup plan - make printer owned by admins.
+ 		   This should emulate a lanman printer as security
+ 		   settings can't be changed. */
+
+		sid_copy(&owner_sid, &global_sam_sid);
+		sid_append_rid(&owner_sid, DOMAIN_USER_RID_ADMIN);
+	}
+
+	init_sec_access(&sa, PRINTER_ACE_FULL_CONTROL);
+	init_sec_ace(&ace[1], &owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED,
+		     sa, SEC_ACE_FLAG_OBJECT_INHERIT |
+		     SEC_ACE_FLAG_INHERIT_ONLY);
+
+	init_sec_access(&sa, PRINTER_ACE_FULL_CONTROL);
+	init_sec_ace(&ace[2], &owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED,
+		     sa, SEC_ACE_FLAG_CONTAINER_INHERIT);
+
+	/* The ACL revision number in rpc_secdesc.h differs from the one
+	   created by NT when setting ACE entries in printer
+	   descriptors.  NT4 complains about the property being edited by a
+	   NT5 machine. */
+
+	if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) != NULL) {
+		psd = make_sec_desc(ctx, SEC_DESC_REVISION,
+				    &owner_sid, NULL,
+				    NULL, psa, &sd_size);
+	}
+
+	if (!psd) {
+		DEBUG(0,("construct_default_printer_sd: Failed to make SEC_DESC.\n"));
+		return NULL;
+	}
+
+	sdb = make_sec_desc_buf(ctx, sd_size, psd);
+
+	DEBUG(4,("construct_default_printer_sdb: size = %u.\n",
+		 (unsigned int)sd_size));
+
+	return sdb;
+}
+
+/****************************************************************************
+ Get a security desc for a printer.
+****************************************************************************/
+
+BOOL nt_printing_getsec(TALLOC_CTX *ctx, char *printername, SEC_DESC_BUF **secdesc_ctr)
+{
+	prs_struct ps;
+	fstring key;
+	char *temp;
+
+	if ((temp = strchr(printername + 2, '\\'))) {
+		printername = temp + 1;
+	}
+
+	/* Fetch security descriptor from tdb */
+
+	slprintf(key, sizeof(key)-1, "SECDESC/%s", printername);
+
+	if (tdb_prs_fetch(tdb_printers, key, &ps, ctx)!=0 ||
+	    !sec_io_desc_buf("nt_printing_getsec", secdesc_ctr, &ps, 1)) {
+
+		DEBUG(4,("using default secdesc for %s\n", printername));
+
+		if (!(*secdesc_ctr = construct_default_printer_sdb(ctx))) {
+			return False;
+		}
+
+		/* Save default security descriptor for later */
+
+		prs_init(&ps, (uint32)sec_desc_size((*secdesc_ctr)->sec) +
+				sizeof(SEC_DESC_BUF), ctx, MARSHALL);
+
+		if (sec_io_desc_buf("nt_printing_setsec", secdesc_ctr, &ps, 1))
+			tdb_prs_store(tdb_printers, key, &ps);
+
+		prs_mem_free(&ps);
+
+		return True;
+	}
+
+	/* If security descriptor is owned by S-1-1-0 and winbindd is up,
+	   this security descriptor has been created when winbindd was
+	   down.  Take ownership of security descriptor. */
+
+	if (sid_equal((*secdesc_ctr)->sec->owner_sid, &global_sid_World)) {
+		DOM_SID owner_sid;
+
+		/* Change sd owner to workgroup administrator */
+
+		if (secrets_fetch_domain_sid(lp_workgroup(), &owner_sid)) {
+			SEC_DESC_BUF *new_secdesc_ctr = NULL;
+			SEC_DESC *psd = NULL;
+			size_t size;
+
+			/* Create new sd */
+
+			sid_append_rid(&owner_sid, DOMAIN_USER_RID_ADMIN);
+
+			psd = make_sec_desc(ctx, (*secdesc_ctr)->sec->revision,
+					    &owner_sid,
+					    (*secdesc_ctr)->sec->grp_sid,
+					    (*secdesc_ctr)->sec->sacl,
+					    (*secdesc_ctr)->sec->dacl,
+					    &size);
+
+			new_secdesc_ctr = make_sec_desc_buf(ctx, size, psd);
+
+			/* Swap with other one */
+
+			*secdesc_ctr = new_secdesc_ctr;
+
+			/* Set it */
+
+			nt_printing_setsec(printername, *secdesc_ctr);
+		}
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		SEC_ACL *the_acl = (*secdesc_ctr)->sec->dacl;
+		int i;
+
+		DEBUG(10, ("secdesc_ctr for %s has %d aces:\n", 
+			   printername, the_acl->num_aces));
+
+		for (i = 0; i < the_acl->num_aces; i++) {
+			fstring sid_str;
+
+			sid_to_string(sid_str, &the_acl->ace[i].trustee);
+
+			DEBUG(10, ("%s %d %d 0x%08x\n", sid_str,
+				   the_acl->ace[i].type, the_acl->ace[i].flags, 
+				   the_acl->ace[i].info.mask)); 
+		}
+	}
+
+	prs_mem_free(&ps);
+	return True;
+}
+
+/* error code:
+	0: everything OK
+	1: level not implemented
+	2: file doesn't exist
+	3: can't allocate memory
+	4: can't free memory
+	5: non existant struct
+*/
+
+/*
+	A printer and a printer driver are 2 different things.
+	NT manages them separatelly, Samba does the same.
+	Why ? Simply because it's easier and it makes sense !
+	
+	Now explanation: You have 3 printers behind your samba server,
+	2 of them are the same make and model (laser A and B). But laser B
+	has an 3000 sheet feeder and laser A doesn't such an option.
+	Your third printer is an old dot-matrix model for the accounting :-).
+	
+	If the /usr/local/samba/lib directory (default dir), you will have
+	5 files to describe all of this.
+	
+	3 files for the printers (1 by printer):
+		NTprinter_laser A
+		NTprinter_laser B
+		NTprinter_accounting
+	2 files for the drivers (1 for the laser and 1 for the dot matrix)
+		NTdriver_printer model X
+		NTdriver_printer model Y
+
+jfm: I should use this comment for the text file to explain
+	same thing for the forms BTW.
+	Je devrais mettre mes commentaires en francais, ca serait mieux :-)
+
+*/
+
+/* Convert generic access rights to printer object specific access rights.
+   It turns out that NT4 security descriptors use generic access rights and
+   NT5 the object specific ones. */
+
+void map_printer_permissions(SEC_DESC *sd)
+{
+	int i;
+
+	for (i = 0; sd->dacl && i < sd->dacl->num_aces; i++) {
+		se_map_generic(&sd->dacl->ace[i].info.mask,
+			       &printer_generic_mapping);
+	}
+}
+
+/****************************************************************************
+ Check a user has permissions to perform the given operation.  We use the
+ permission constants defined in include/rpc_spoolss.h to check the various
+ actions we perform when checking printer access.
+
+   PRINTER_ACCESS_ADMINISTER:
+       print_queue_pause, print_queue_resume, update_printer_sec,
+       update_printer, spoolss_addprinterex_level_2,
+       _spoolss_setprinterdata
+
+   PRINTER_ACCESS_USE:
+       print_job_start
+
+   JOB_ACCESS_ADMINISTER:
+       print_job_delete, print_job_pause, print_job_resume,
+       print_queue_purge
+
+ ****************************************************************************/
+BOOL print_access_check(struct current_user *user, int snum, int access_type)
+{
+	SEC_DESC_BUF *secdesc = NULL;
+	uint32 access_granted;
+	NTSTATUS status;
+	BOOL result;
+	char *pname;
+	TALLOC_CTX *mem_ctx = NULL;
+	extern struct current_user current_user;
+	
+	/* If user is NULL then use the current_user structure */
+
+	if (!user)
+		user = &current_user;
+
+	/* Always allow root or printer admins to do anything */
+
+	if (user->uid == 0 ||
+	    user_in_list(uidtoname(user->uid), lp_printer_admin(snum))) {
+		return True;
+	}
+
+	/* Get printer name */
+
+	pname = PRINTERNAME(snum);
+
+	if (!pname || !*pname) {
+		errno = EACCES;
+		return False;
+	}
+
+	/* Get printer security descriptor */
+
+	if(!(mem_ctx = talloc_init())) {
+		errno = ENOMEM;
+		return False;
+	}
+
+	nt_printing_getsec(mem_ctx, pname, &secdesc);
+
+	if (access_type == JOB_ACCESS_ADMINISTER) {
+		SEC_DESC_BUF *parent_secdesc = secdesc;
+
+		/* Create a child security descriptor to check permissions
+		   against.  This is because print jobs are child objects
+		   objects of a printer. */
+
+		secdesc = se_create_child_secdesc(mem_ctx, parent_secdesc->sec, False);
+
+		/* Now this is the bit that really confuses me.  The access
+		   type needs to be changed from JOB_ACCESS_ADMINISTER to
+		   PRINTER_ACCESS_ADMINISTER for this to work.  Something
+		   to do with the child (job) object becoming like a
+		   printer??  -tpot */
+
+		access_type = PRINTER_ACCESS_ADMINISTER;
+	}
+	
+	/* Check access */
+	
+	map_printer_permissions(secdesc->sec);
+
+	result = se_access_check(secdesc->sec, user->nt_user_token, access_type,
+				 &access_granted, &status);
+
+	DEBUG(4, ("access check was %s\n", result ? "SUCCESS" : "FAILURE"));
+
+	talloc_destroy(mem_ctx);
+	
+	if (!result)
+		errno = EACCES;
+
+	return result;
+}
+
+/****************************************************************************
+ Check the time parameters allow a print operation.
+*****************************************************************************/
+
+BOOL print_time_access_check(int snum)
+{
+	NT_PRINTER_INFO_LEVEL *printer = NULL;
+	BOOL ok = False;
+	time_t now = time(NULL);
+	struct tm *t;
+	uint32 mins;
+
+	if (!W_ERROR_IS_OK(get_a_printer(&printer, 2, lp_servicename(snum))))
+		return False;
+
+	if (printer->info_2->starttime == 0 && printer->info_2->untiltime == 0)
+		ok = True;
+
+	t = gmtime(&now);
+	mins = (uint32)t->tm_hour*60 + (uint32)t->tm_min;
+
+	if (mins >= printer->info_2->starttime && mins <= printer->info_2->untiltime)
+		ok = True;
+
+	free_a_printer(&printer, 2);
+
+	if (!ok)
+		errno = EACCES;
+
+	return ok;
+}
+
+#if 0	/* JERRY - not used */
+/****************************************************************************
+ Attempt to write a default device.
+*****************************************************************************/
+
+WERROR printer_write_default_dev(int snum, const PRINTER_DEFAULT *printer_default)
+{
+	NT_PRINTER_INFO_LEVEL *printer = NULL;
+	WERROR result;
+
+	/*
+	 * Don't bother if no default devicemode was sent.
+	 */
+
+	if (printer_default->devmode_cont.devmode == NULL)
+		return WERR_OK;
+
+	result = get_a_printer(&printer, 2, lp_servicename(snum));
+	if (!W_ERROR_IS_OK(result)) return result;
+
+	/*
+	 * Just ignore it if we already have a devmode.
+	 */
+#if 0
+	if (printer->info_2->devmode != NULL)
+		goto done;
+#endif
+	/*
+	 * We don't have a devicemode and we're trying to write
+	 * one. Check we have the access needed.
+	 */
+	DEBUG(5,("printer_write_default_dev: access: %x\n", printer_default->access_required));
+
+	if ( (printer_default->access_required & PRINTER_ACCESS_ADMINISTER) != 
+	      PRINTER_ACCESS_ADMINISTER) {
+		DEBUG(5,("printer_write_default_dev: invalid request access to update: %x\n", printer_default->access_required));
+		result = WERR_ACCESS_DENIED;
+		goto done;
+	}
+
+	if (!print_access_check(NULL, snum, PRINTER_ACCESS_ADMINISTER)) {
+		DEBUG(5,("printer_write_default_dev: Access denied for printer %s\n",
+			lp_servicename(snum) ));
+		result = WERR_ACCESS_DENIED;
+		/*result = NT_STATUS_NO_PROBLEMO;*/
+		goto done;
+	}
+
+	DEBUG(5,("printer_write_default_dev: updating, check OK.\n"));
+
+	/*
+	 * Convert the on the wire devicemode format to the internal one.
+	 */
+
+	if (!convert_devicemode(printer->info_2->printername,
+				printer_default->devmode_cont.devmode,
+				&printer->info_2->devmode)) {
+		result = WERR_NOMEM;
+		goto done;
+	}
+
+	/*
+	 * Finally write back to the tdb.
+	 */
+
+	result = mod_a_printer(*printer, 2);
+
+  done:
+
+	free_a_printer(&printer, 2);
+	return result;
+}
+#endif	/* JERRY */
diff --git a/source3/printing/pcap.c b/source3/printing/pcap.c
index 8973b1627f..920c6f354e 100644
--- a/source3/printing/pcap.c
+++ b/source3/printing/pcap.c
@@ -1,12 +1,15 @@
 /* 
-   Unix SMB/Netbios implementation.
-   Version 1.9.
+   Unix SMB/CIFS implementation.
    printcap parsing
-   Copyright (C) Karl Auer 1993,1994
+   Copyright (C) Karl Auer 1993-1998
 
    Re-working by Martin Kiff, 1994
    
    Re-written again by Andrew Tridgell
+
+   Modified for SVID support by Norm Jacobs, 1997
+
+   Modified for CUPS support by Michael Sweet, 1999
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -49,15 +52,17 @@
  *  Opening a pipe for "lpc status" and reading that would probably 
  *  be pretty effective. Code to do this already exists in the freely
  *  distributable PCNFS server code.
+ *
+ *  Modified to call SVID/XPG4 support if printcap name is set to "lpstat"
+ *  in smb.conf under Solaris.
+ *
+ *  Modified to call CUPS support if printcap name is set to "cups"
+ *  in smb.conf.
  */
 
 #include "includes.h"
 
 #include "smb.h"
-#include "loadparm.h"
-#include "pcap.h"
-
-extern int DEBUGLEVEL;
 
 #ifdef AIX
 /*  ******************************************
@@ -66,7 +71,7 @@ extern int DEBUGLEVEL;
     ****************************************** */
 static int strlocate(char *xpLine,char *xpS)
 {
-	int iS,iL,i,iRet;
+	int iS,iL,iRet;
 	char *p;
 	iS = strlen(xpS);
 	iL = strlen(xpLine);
@@ -88,17 +93,17 @@ static int strlocate(char *xpLine,char *xpS)
 /* ******************************************************************* */
 /* *    Scan qconfig and search all virtual printer (device printer) * */
 /* ******************************************************************* */
-static void ScanQconfig_fn(char *psz,void (*fn)())
+static void ScanQconfig_fn(char *psz,void (*fn)(char *, char *))
 {
-	int iLg,iEtat;
-	FILE *pfile;
+	int iEtat;
+	XFILE *pfile;
 	char *line,*p;
 	pstring name,comment;
 	line  = NULL;
 	*name = 0;
 	*comment = 0;
 
-	if ((pfile = fopen(psz, "r")) == NULL)
+	if ((pfile = x_fopen(psz, O_RDONLY, 0)) == NULL)
 	{
 	      DEBUG(0,( "Unable to open qconfig file %s for read!\n", psz));
 	      return;
@@ -114,13 +119,13 @@ static void ScanQconfig_fn(char *psz,void (*fn)())
 		{
 			case 0: /* locate an entry */
 			 if (*line == '\t' || *line == ' ') continue;
-			 if ((p=strchr(line,':')))
+			 if ((p=strchr_m(line,':')))
 			 {
 			 	*p = '\0';
 				p = strtok(line,":");
 				if (strcmp(p,"bsh")!=0)
 				  {
-				    strcpy(name,p);
+				    pstrcpy(name,p);
 				    iEtat = 1;
 				    continue;
 				  }
@@ -152,7 +157,7 @@ static void ScanQconfig_fn(char *psz,void (*fn)())
 		  	  break;
 		}
 	}
-	fclose(pfile);
+	x_fclose(pfile);
 }
 
 /* Scan qconfig file and locate de printername */
@@ -160,7 +165,7 @@ static void ScanQconfig_fn(char *psz,void (*fn)())
 static BOOL ScanQconfig(char *psz,char *pszPrintername)
 {
 	int iLg,iEtat;
-	FILE *pfile;
+	XFILE *pfile;
 	char *pName;
 	char *line;
 
@@ -173,13 +178,13 @@ static BOOL ScanQconfig(char *psz,char *pszPrintername)
 		DEBUG(0,(" Unable to allocate memory for printer %s\n",pszPrintername));
 		return(False);
 	}
-	if ((pfile = fopen(psz, "r")) == NULL)
+	if ((pfile = x_fopen(psz, O_RDONLY, 0)) == NULL)
 	{
 	      DEBUG(0,( "Unable to open qconfig file %s for read!\n", psz));
 	      free(pName);
 	      return(False);
 	}
-	sprintf(pName,"%s:",pszPrintername);
+	slprintf(pName, iLg + 9, "%s:",pszPrintername);
 	iLg = strlen(pName);
 	/*DEBUG(3,( " Looking for entry %s\n",pName));*/
 	iEtat = 0;
@@ -226,23 +231,27 @@ static BOOL ScanQconfig(char *psz,char *pszPrintername)
 		}
 	}
 	free (pName);
-	fclose(pfile);
+	x_fclose(pfile);
 	return(False);
 }
+#endif /* AIX */
+
 
-#endif
 /***************************************************************************
 Scan printcap file pszPrintcapname for a printer called pszPrintername. 
 Return True if found, else False. Returns False on error, too, after logging 
 the error at level 0. For generality, the printcap name may be passed - if
-passed as NULL, the configuration will be queried for the name.
+passed as NULL, the configuration will be queried for the name. pszPrintername
+must be in DOS codepage.
+The xxx_printername_ok functions need fixing to understand they are being
+given a DOS codepage. FIXME !! JRA.
 ***************************************************************************/
 BOOL pcap_printername_ok(char *pszPrintername, char *pszPrintcapname)
 {
   char *line=NULL;
   char *psz;
   char *p,*q;
-  FILE *pfile;
+  XFILE *pfile;
 
   if (pszPrintername == NULL || pszPrintername[0] == '\0')
     {
@@ -257,11 +266,23 @@ BOOL pcap_printername_ok(char *pszPrintername, char *pszPrintcapname)
 	DEBUG(0,( "No printcap file name configured!\n"));
 	return(False);
       }
+
+#ifdef HAVE_CUPS
+    if (strequal(psz, "cups"))
+       return (cups_printername_ok(pszPrintername));
+#endif /* HAVE_CUPS */
+
+#ifdef SYSV
+    if (strequal(psz, "lpstat"))
+       return (sysv_printername_ok(pszPrintername));
+#endif
+
 #ifdef AIX
-  if (strlocate(psz,"/qconfig") != NULL)
+  if (strlocate(psz,"/qconfig"))
      return(ScanQconfig(psz,pszPrintername));
 #endif
-  if ((pfile = fopen(psz, "r")) == NULL)
+
+  if ((pfile = x_fopen(psz, O_RDONLY, 0)) == NULL)
     {
       DEBUG(0,( "Unable to open printcap file %s for read!\n", psz));
       return(False);
@@ -273,44 +294,45 @@ BOOL pcap_printername_ok(char *pszPrintername, char *pszPrintcapname)
 	continue;
 
       /* now we have a real printer line - cut it off at the first : */      
-      p = strchr(line,':');
+      p = strchr_m(line,':');
       if (p) *p = 0;
       
       /* now just check if the name is in the list */
       /* NOTE: I avoid strtok as the fn calling this one may be using it */
       for (p=line; p; p=q)
 	{
-	  if ((q = strchr(p,'|'))) *q++ = 0;
+	  if ((q = strchr_m(p,'|'))) *q++ = 0;
 
 	  if (strequal(p,pszPrintername))
 	    {
 	      /* normalise the case */
-	      strcpy(pszPrintername,p);
+	      pstrcpy(pszPrintername,p);
 	      free(line);
-	      fclose(pfile);
+	      x_fclose(pfile);
 	      return(True);	      
 	    }
 	  p = q;
 	}
     }
 
-
-  fclose(pfile);
+  x_fclose(pfile);
   return(False);
 }
 
 
 /***************************************************************************
 run a function on each printer name in the printcap file. The function is 
-passed the primary name and the comment (if possible)
+passed the primary name and the comment (if possible). Note the fn() takes
+strings in DOS codepage. This means the xxx_printer_fn() calls must be fixed
+to return DOS codepage. FIXME !! JRA.
 ***************************************************************************/
-void pcap_printer_fn(void (*fn)())
+void pcap_printer_fn(void (*fn)(char *, char *))
 {
   pstring name,comment;
   char *line;
   char *psz;
   char *p,*q;
-  FILE *pfile;
+  XFILE *pfile;
 
   /* only go looking if no printcap name supplied */
   if (((psz = lp_printcapname()) == NULL) || (psz[0] == '\0'))
@@ -319,14 +341,29 @@ void pcap_printer_fn(void (*fn)())
       return;
     }
 
+#ifdef HAVE_CUPS
+    if (strequal(psz, "cups")) {
+      cups_printer_fn(fn);
+      return;
+    }
+#endif /* HAVE_CUPS */
+
+#ifdef SYSV
+    if (strequal(psz, "lpstat")) {
+      sysv_printer_fn(fn);
+      return;
+    }
+#endif
+
 #ifdef AIX
-  if (strlocate(psz,"/qconfig") != NULL)
+  if (strlocate(psz,"/qconfig"))
   {
   	ScanQconfig_fn(psz,fn);
      return;
   }
 #endif
-  if ((pfile = fopen(psz, "r")) == NULL)
+
+  if ((pfile = x_fopen(psz, O_RDONLY, 0)) == NULL)
     {
       DEBUG(0,( "Unable to open printcap file %s for read!\n", psz));
       return;
@@ -338,7 +375,7 @@ void pcap_printer_fn(void (*fn)())
 	continue;
 
       /* now we have a real printer line - cut it off at the first : */      
-      p = strchr(line,':');
+      p = strchr_m(line,':');
       if (p) *p = 0;
       
       /* now find the most likely printer name and comment 
@@ -348,9 +385,9 @@ void pcap_printer_fn(void (*fn)())
       for (p=line; p; p=q)
 	{
 	  BOOL has_punctuation;
-	  if ((q = strchr(p,'|'))) *q++ = 0;
+	  if ((q = strchr_m(p,'|'))) *q++ = 0;
 
-	  has_punctuation = (strchr(p,' ') || strchr(p,'(') || strchr(p,')'));
+	  has_punctuation = (strchr_m(p,' ') || strchr_m(p,'\t') || strchr_m(p,'(') || strchr_m(p,')'));
 
 	  if (strlen(p)>strlen(comment) && has_punctuation)
 	    {
@@ -358,14 +395,14 @@ void pcap_printer_fn(void (*fn)())
 	      continue;
 	    }
 
-	  if (strlen(p) <= 8 && strlen(p)>strlen(name) && !has_punctuation)
+	  if (strlen(p) <= MAXPRINTERLEN && strlen(p)>strlen(name) && !has_punctuation)
 	    {
-	      if (!*comment) strcpy(comment,name);
-	      strcpy(name,p);
+	      if (!*comment) pstrcpy(comment,name);
+	      pstrcpy(name,p);
 	      continue;
 	    }
 
-	  if (!strchr(comment,' ') && 
+	  if (!strchr_m(comment,' ') && 
 	      strlen(p) > strlen(comment))
 	    {
 	      StrnCpy(comment,p,sizeof(comment)-1);
@@ -374,10 +411,10 @@ void pcap_printer_fn(void (*fn)())
 	}
 
       comment[60] = 0;
-      name[8] = 0;
+      name[MAXPRINTERLEN] = 0;
 
-      if (*name)
+      if (*name) 
 	fn(name,comment);
     }
-  fclose(pfile);
+  x_fclose(pfile);
 }
diff --git a/source3/printing/print_cups.c b/source3/printing/print_cups.c
new file mode 100644
index 0000000000..b5315e10b2
--- /dev/null
+++ b/source3/printing/print_cups.c
@@ -0,0 +1,1189 @@
+/*
+ * Support code for the Common UNIX Printing System ("CUPS")
+ *
+ * Copyright 1999-2001 by Michael R Sweet.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "printing.h"
+#include "smb.h"
+
+#ifdef HAVE_CUPS
+#include <cups/cups.h>
+#include <cups/language.h>
+
+
+/*
+ * CUPS printing interface definitions...
+ */
+
+static int cups_job_delete(int snum, struct printjob *pjob);
+static int cups_job_pause(int snum, struct printjob *pjob);
+static int cups_job_resume(int snum, struct printjob *pjob);
+static int cups_job_submit(int snum, struct printjob *pjob);
+static int cups_queue_get(int snum, print_queue_struct **q,
+                          print_status_struct *status);
+static int cups_queue_pause(int snum);
+static int cups_queue_resume(int snum);
+
+
+struct printif	cups_printif =
+		{
+		  cups_queue_get,
+		  cups_queue_pause,
+		  cups_queue_resume,
+		  cups_job_delete,
+		  cups_job_pause,
+		  cups_job_resume,
+		  cups_job_submit,
+		};
+
+/*
+ * 'cups_passwd_cb()' - The CUPS password callback...
+ */
+
+const char *				/* O - Password or NULL */
+cups_passwd_cb(const char *prompt)	/* I - Prompt */
+{
+ /*
+  * Always return NULL to indicate that no password is available...
+  */
+
+  (void)prompt;
+
+  return (NULL);
+}
+
+
+/*
+ * 'cups_printer_fn()' - Call a function for every printer known to the
+ *                       system.
+ */
+
+void
+cups_printer_fn(void (*fn)(char *, char *))	/* I - Function to call */
+{
+	http_t		*http;		/* HTTP connection to server */
+	ipp_t		*request,	/* IPP Request */
+			*response;	/* IPP Response */
+	ipp_attribute_t	*attr;		/* Current attribute */
+	cups_lang_t	*language;	/* Default language */
+	char		*name,		/* printer-name attribute */
+			*make_model,	/* printer-make-and-model attribute */
+			*info;		/* printer-info attribute */
+	static const char *requested[] =/* Requested attributes */
+			{
+			  "printer-name",
+			  "printer-make-and-model",
+			  "printer-info"
+			};       
+
+
+	DEBUG(5,("cups_printer_fn(%p)\n", fn));
+
+       /*
+        * Make sure we don't ask for passwords...
+	*/
+
+        cupsSetPasswordCB(cups_passwd_cb);
+
+       /*
+	* Try to connect to the server...
+	*/
+
+	if ((http = httpConnect(cupsServer(), ippPort())) == NULL)
+	{
+		DEBUG(0,("Unable to connect to CUPS server %s - %s\n", 
+			 cupsServer(), strerror(errno)));
+		return;
+	}
+
+       /*
+	* Build a CUPS_GET_PRINTERS request, which requires the following
+	* attributes:
+	*
+	*    attributes-charset
+	*    attributes-natural-language
+	*    requested-attributes
+	*/
+
+	request = ippNew();
+
+	request->request.op.operation_id = CUPS_GET_PRINTERS;
+	request->request.op.request_id   = 1;
+
+	language = cupsLangDefault();
+
+	ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_CHARSET,
+                     "attributes-charset", NULL, cupsLangEncoding(language));
+
+	ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_LANGUAGE,
+                     "attributes-natural-language", NULL, language->language);
+
+        ippAddStrings(request, IPP_TAG_OPERATION, IPP_TAG_NAME,
+	              "requested-attributes",
+		      (sizeof(requested) / sizeof(requested[0])),
+		      NULL, requested);
+
+       /*
+	* Do the request and get back a response...
+	*/
+
+	if ((response = cupsDoRequest(http, request, "/")) == NULL)
+	{
+		DEBUG(0,("Unable to get printer list - %s\n",
+			 ippErrorString(cupsLastError())));
+		httpClose(http);
+		return;
+	}
+
+	for (attr = response->attrs; attr != NULL;)
+	{
+	       /*
+		* Skip leading attributes until we hit a printer...
+		*/
+
+		while (attr != NULL && attr->group_tag != IPP_TAG_PRINTER)
+			attr = attr->next;
+
+		if (attr == NULL)
+        		break;
+
+	       /*
+		* Pull the needed attributes from this printer...
+		*/
+
+		name       = NULL;
+		make_model = NULL;
+		info       = NULL;
+
+		while (attr != NULL && attr->group_tag == IPP_TAG_PRINTER)
+		{
+        		if (strcmp(attr->name, "printer-name") == 0 &&
+			    attr->value_tag == IPP_TAG_NAME)
+				name = attr->values[0].string.text;
+
+        		if (strcmp(attr->name, "printer-make-and-model") == 0 &&
+			    attr->value_tag == IPP_TAG_TEXT)
+				make_model = attr->values[0].string.text;
+
+        		if (strcmp(attr->name, "printer-info") == 0 &&
+			    attr->value_tag == IPP_TAG_TEXT)
+				info = attr->values[0].string.text;
+
+        		attr = attr->next;
+		}
+
+	       /*
+		* See if we have everything needed...
+		*/
+
+		if (name == NULL)
+			break;
+
+ 		if (info == NULL || !info[0])
+			(*fn)(name, make_model);
+		else
+			(*fn)(name,info);
+		
+
+	}
+
+	ippDelete(response);
+	httpClose(http);
+}
+
+
+/*
+ * 'cups_printername_ok()' - Provide the equivalent of pcap_printername_ok()
+ *                           for CUPS.
+ */
+
+int					/* O - 1 if printer name OK */
+cups_printername_ok(char *name)		/* I - Name of printer */
+{
+	http_t		*http;		/* HTTP connection to server */
+	ipp_t		*request,	/* IPP Request */
+			*response;	/* IPP Response */
+	cups_lang_t	*language;	/* Default language */
+	char		uri[HTTP_MAX_URI]; /* printer-uri attribute */
+
+
+	DEBUG(5,("cups_printername_ok(\"%s\")\n", name));
+
+       /*
+        * Make sure we don't ask for passwords...
+	*/
+
+        cupsSetPasswordCB(cups_passwd_cb);
+
+       /*
+	* Try to connect to the server...
+	*/
+
+	if ((http = httpConnect(cupsServer(), ippPort())) == NULL)
+	{
+		DEBUG(0,("Unable to connect to CUPS server %s - %s\n", 
+			 cupsServer(), strerror(errno)));
+		return (0);
+	}
+
+       /*
+	* Build an IPP_GET_PRINTER_ATTRS request, which requires the following
+	* attributes:
+	*
+	*    attributes-charset
+	*    attributes-natural-language
+	*    requested-attributes
+	*    printer-uri
+	*/
+
+	request = ippNew();
+
+	request->request.op.operation_id = IPP_GET_PRINTER_ATTRIBUTES;
+	request->request.op.request_id   = 1;
+
+	language = cupsLangDefault();
+
+	ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_CHARSET,
+                     "attributes-charset", NULL, cupsLangEncoding(language));
+
+	ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_LANGUAGE,
+                     "attributes-natural-language", NULL, language->language);
+
+	ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME,
+                     "requested-attributes", NULL, "printer-uri");
+
+	slprintf(uri, sizeof(uri) - 1, "ipp://localhost/printers/%s", name);
+
+	ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI,
+                     "printer-uri", NULL, uri);
+
+       /*
+	* Do the request and get back a response...
+	*/
+
+	if ((response = cupsDoRequest(http, request, "/")) == NULL)
+	{
+		DEBUG(0,("Unable to get printer status for %s - %s\n", name,
+			 ippErrorString(cupsLastError())));
+		httpClose(http);
+		return (0);
+	}
+
+	httpClose(http);
+
+	if (response->request.status.status_code >= IPP_OK_CONFLICT)
+	{
+		DEBUG(0,("Unable to get printer status for %s - %s\n", name,
+			 ippErrorString(response->request.status.status_code)));
+		ippDelete(response);
+		return (0);
+	}
+	else
+	{
+		ippDelete(response);
+		return (1);
+	}
+}
+
+
+/*
+ * 'cups_job_delete()' - Delete a job.
+ */
+
+static int
+cups_job_delete(int snum, struct printjob *pjob)
+{
+	int		ret;		/* Return value */
+	http_t		*http;		/* HTTP connection to server */
+	ipp_t		*request,	/* IPP Request */
+			*response;	/* IPP Response */
+	cups_lang_t	*language;	/* Default language */
+	char		uri[HTTP_MAX_URI]; /* printer-uri attribute */
+
+
+	DEBUG(5,("cups_job_delete(%d, %p (%d))\n", snum, pjob, pjob->sysjob));
+
+       /*
+        * Make sure we don't ask for passwords...
+	*/
+
+        cupsSetPasswordCB(cups_passwd_cb);
+
+       /*
+	* Try to connect to the server...
+	*/
+
+	if ((http = httpConnect(cupsServer(), ippPort())) == NULL)
+	{
+		DEBUG(0,("Unable to connect to CUPS server %s - %s\n", 
+			 cupsServer(), strerror(errno)));
+		return (1);
+	}
+
+       /*
+	* Build an IPP_CANCEL_JOB request, which requires the following
+	* attributes:
+	*
+	*    attributes-charset
+	*    attributes-natural-language
+	*    job-uri
+	*    requesting-user-name
+	*/
+
+	request = ippNew();
+
+	request->request.op.operation_id = IPP_CANCEL_JOB;
+	request->request.op.request_id   = 1;
+
+	language = cupsLangDefault();
+
+	ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_CHARSET,
+        	     "attributes-charset", NULL, cupsLangEncoding(language));
+
+	ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_LANGUAGE,
+        	     "attributes-natural-language", NULL, language->language);
+
+	slprintf(uri, sizeof(uri) - 1, "ipp://localhost/jobs/%d", pjob->sysjob);
+
+	ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "job-uri", NULL, uri);
+
+	ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME, "requesting-user-name",
+        	     NULL, pjob->user);
+
+       /*
+	* Do the request and get back a response...
+	*/
+
+        ret = 1;
+
+	if ((response = cupsDoRequest(http, request, "/jobs")) != NULL)
+	{
+	  if (response->request.status.status_code >= IPP_OK_CONFLICT)
+		DEBUG(0,("Unable to cancel job %d - %s\n", pjob->sysjob,
+			 ippErrorString(cupsLastError())));
+          else
+	  	ret = 0;
+
+	  ippDelete(response);
+	}
+	else
+	  DEBUG(0,("Unable to cancel job %d - %s\n", pjob->sysjob,
+		   ippErrorString(cupsLastError())));
+
+	httpClose(http);
+
+	return (ret);
+}
+
+
+/*
+ * 'cups_job_pause()' - Pause a job.
+ */
+
+static int
+cups_job_pause(int snum, struct printjob *pjob)
+{
+	int		ret;		/* Return value */
+	http_t		*http;		/* HTTP connection to server */
+	ipp_t		*request,	/* IPP Request */
+			*response;	/* IPP Response */
+	cups_lang_t	*language;	/* Default language */
+	char		uri[HTTP_MAX_URI]; /* printer-uri attribute */
+
+
+	DEBUG(5,("cups_job_pause(%d, %p (%d))\n", snum, pjob, pjob->sysjob));
+
+       /*
+        * Make sure we don't ask for passwords...
+	*/
+
+        cupsSetPasswordCB(cups_passwd_cb);
+
+       /*
+	* Try to connect to the server...
+	*/
+
+	if ((http = httpConnect(cupsServer(), ippPort())) == NULL)
+	{
+		DEBUG(0,("Unable to connect to CUPS server %s - %s\n", 
+			 cupsServer(), strerror(errno)));
+		return (1);
+	}
+
+       /*
+	* Build an IPP_HOLD_JOB request, which requires the following
+	* attributes:
+	*
+	*    attributes-charset
+	*    attributes-natural-language
+	*    job-uri
+	*    requesting-user-name
+	*/
+
+	request = ippNew();
+
+	request->request.op.operation_id = IPP_HOLD_JOB;
+	request->request.op.request_id   = 1;
+
+	language = cupsLangDefault();
+
+	ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_CHARSET,
+        	     "attributes-charset", NULL, cupsLangEncoding(language));
+
+	ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_LANGUAGE,
+        	     "attributes-natural-language", NULL, language->language);
+
+	slprintf(uri, sizeof(uri) - 1, "ipp://localhost/jobs/%d", pjob->sysjob);
+
+	ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "job-uri", NULL, uri);
+
+	ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME, "requesting-user-name",
+        	     NULL, pjob->user);
+
+       /*
+	* Do the request and get back a response...
+	*/
+
+        ret = 1;
+
+	if ((response = cupsDoRequest(http, request, "/jobs")) != NULL)
+	{
+	  if (response->request.status.status_code >= IPP_OK_CONFLICT)
+		DEBUG(0,("Unable to hold job %d - %s\n", pjob->sysjob,
+			 ippErrorString(cupsLastError())));
+          else
+	  	ret = 0;
+
+	  ippDelete(response);
+	}
+	else
+	  DEBUG(0,("Unable to hold job %d - %s\n", pjob->sysjob,
+		   ippErrorString(cupsLastError())));
+
+	httpClose(http);
+
+	return (ret);
+}
+
+
+/*
+ * 'cups_job_resume()' - Resume a paused job.
+ */
+
+static int
+cups_job_resume(int snum, struct printjob *pjob)
+{
+	int		ret;		/* Return value */
+	http_t		*http;		/* HTTP connection to server */
+	ipp_t		*request,	/* IPP Request */
+			*response;	/* IPP Response */
+	cups_lang_t	*language;	/* Default language */
+	char		uri[HTTP_MAX_URI]; /* printer-uri attribute */
+
+
+	DEBUG(5,("cups_job_resume(%d, %p (%d))\n", snum, pjob, pjob->sysjob));
+
+       /*
+        * Make sure we don't ask for passwords...
+	*/
+
+        cupsSetPasswordCB(cups_passwd_cb);
+
+       /*
+	* Try to connect to the server...
+	*/
+
+	if ((http = httpConnect(cupsServer(), ippPort())) == NULL)
+	{
+		DEBUG(0,("Unable to connect to CUPS server %s - %s\n", 
+			 cupsServer(), strerror(errno)));
+		return (1);
+	}
+
+       /*
+	* Build an IPP_RELEASE_JOB request, which requires the following
+	* attributes:
+	*
+	*    attributes-charset
+	*    attributes-natural-language
+	*    job-uri
+	*    requesting-user-name
+	*/
+
+	request = ippNew();
+
+	request->request.op.operation_id = IPP_RELEASE_JOB;
+	request->request.op.request_id   = 1;
+
+	language = cupsLangDefault();
+
+	ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_CHARSET,
+        	     "attributes-charset", NULL, cupsLangEncoding(language));
+
+	ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_LANGUAGE,
+        	     "attributes-natural-language", NULL, language->language);
+
+	slprintf(uri, sizeof(uri) - 1, "ipp://localhost/jobs/%d", pjob->sysjob);
+
+	ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "job-uri", NULL, uri);
+
+	ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME, "requesting-user-name",
+        	     NULL, pjob->user);
+
+       /*
+	* Do the request and get back a response...
+	*/
+
+        ret = 1;
+
+	if ((response = cupsDoRequest(http, request, "/jobs")) != NULL)
+	{
+	  if (response->request.status.status_code >= IPP_OK_CONFLICT)
+		DEBUG(0,("Unable to release job %d - %s\n", pjob->sysjob,
+			 ippErrorString(cupsLastError())));
+          else
+	  	ret = 0;
+
+	  ippDelete(response);
+	}
+	else
+	  DEBUG(0,("Unable to release job %d - %s\n", pjob->sysjob,
+		   ippErrorString(cupsLastError())));
+
+	httpClose(http);
+
+	return (ret);
+}
+
+
+/*
+ * 'cups_job_submit()' - Submit a job for printing.
+ */
+
+static int
+cups_job_submit(int snum, struct printjob *pjob)
+{
+	int		ret;		/* Return value */
+	http_t		*http;		/* HTTP connection to server */
+	ipp_t		*request,	/* IPP Request */
+			*response;	/* IPP Response */
+	cups_lang_t	*language;	/* Default language */
+	char		uri[HTTP_MAX_URI]; /* printer-uri attribute */
+
+
+	DEBUG(5,("cups_job_submit(%d, %p (%d))\n", snum, pjob, pjob->sysjob));
+
+       /*
+        * Make sure we don't ask for passwords...
+	*/
+
+        cupsSetPasswordCB(cups_passwd_cb);
+
+       /*
+	* Try to connect to the server...
+	*/
+
+	if ((http = httpConnect(cupsServer(), ippPort())) == NULL)
+	{
+		DEBUG(0,("Unable to connect to CUPS server %s - %s\n", 
+			 cupsServer(), strerror(errno)));
+		return (1);
+	}
+
+       /*
+	* Build an IPP_PRINT_JOB request, which requires the following
+	* attributes:
+	*
+	*    attributes-charset
+	*    attributes-natural-language
+	*    printer-uri
+	*    requesting-user-name
+	*    [document-data]
+	*/
+
+	request = ippNew();
+
+	request->request.op.operation_id = IPP_PRINT_JOB;
+	request->request.op.request_id   = 1;
+
+	language = cupsLangDefault();
+
+	ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_CHARSET,
+        	     "attributes-charset", NULL, cupsLangEncoding(language));
+
+	ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_LANGUAGE,
+        	     "attributes-natural-language", NULL, language->language);
+
+	slprintf(uri, sizeof(uri) - 1, "ipp://localhost/printers/%s",
+	         PRINTERNAME(snum));
+
+	ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI,
+        	     "printer-uri", NULL, uri);
+
+	ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME, "requesting-user-name",
+        	     NULL, pjob->user);
+
+	ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME, "job-name", NULL,
+        	     pjob->jobname);
+
+       /*
+	* Do the request and get back a response...
+	*/
+
+	slprintf(uri, sizeof(uri) - 1, "/printers/%s", PRINTERNAME(snum));
+
+        ret = 1;
+	if ((response = cupsDoFileRequest(http, request, uri,
+	                                  pjob->filename)) != NULL)
+	{
+		if (response->request.status.status_code >= IPP_OK_CONFLICT)
+			DEBUG(0,("Unable to print file to %s - %s\n", PRINTERNAME(snum),
+			         ippErrorString(cupsLastError())));
+        	else
+			ret = 0;
+
+		ippDelete(response);
+	}
+	else
+		DEBUG(0,("Unable to print file to `%s' - %s\n", PRINTERNAME(snum),
+			 ippErrorString(cupsLastError())));
+
+	httpClose(http);
+
+	return (ret);
+}
+
+
+/*
+ * 'cups_queue_get()' - Get all the jobs in the print queue.
+ */
+
+static int
+cups_queue_get(int snum, print_queue_struct **q, print_status_struct *status)
+{
+	http_t		*http;		/* HTTP connection to server */
+	ipp_t		*request,	/* IPP Request */
+			*response;	/* IPP Response */
+	ipp_attribute_t	*attr;		/* Current attribute */
+	cups_lang_t	*language;	/* Default language */
+	char		uri[HTTP_MAX_URI]; /* printer-uri attribute */
+	int		qcount,		/* Number of active queue entries */
+			qalloc;		/* Number of queue entries allocated */
+	print_queue_struct *queue,	/* Queue entries */
+			*temp;		/* Temporary pointer for queue */
+	const char	*user_name,	/* job-originating-user-name attribute */
+			*job_name;	/* job-name attribute */
+	int		job_id;		/* job-id attribute */
+	int		job_k_octets;	/* job-k-octets attribute */
+	time_t		job_time;	/* time-at-creation attribute */
+	ipp_jstate_t	job_status;	/* job-status attribute */
+	int		job_priority;	/* job-priority attribute */
+	static const char *jattrs[] =	/* Requested job attributes */
+			{
+			  "job-id",
+			  "job-k-octets",
+			  "job-name",
+			  "job-originating-user-name",
+			  "job-priority",
+			  "job-state",
+			  "time-at-creation",
+			};
+	static const char *pattrs[] =	/* Requested printer attributes */
+			{
+			  "printer-state",
+			  "printer-state-message"
+			};
+
+
+	DEBUG(5,("cups_queue_get(%d, %p, %p)\n", snum, q, status));
+
+       /*
+        * Make sure we don't ask for passwords...
+	*/
+
+        cupsSetPasswordCB(cups_passwd_cb);
+
+       /*
+	* Try to connect to the server...
+	*/
+
+	if ((http = httpConnect(cupsServer(), ippPort())) == NULL)
+	{
+		DEBUG(0,("Unable to connect to CUPS server %s - %s\n", 
+			 cupsServer(), strerror(errno)));
+		return (0);
+	}
+
+       /*
+        * Generate the printer URI...
+	*/
+
+	slprintf(uri, sizeof(uri) - 1, "ipp://localhost/printers/%s",
+	         PRINTERNAME(snum));
+
+       /*
+	* Build an IPP_GET_JOBS request, which requires the following
+	* attributes:
+	*
+	*    attributes-charset
+	*    attributes-natural-language
+	*    requested-attributes
+	*    printer-uri
+	*/
+
+	request = ippNew();
+
+	request->request.op.operation_id = IPP_GET_JOBS;
+	request->request.op.request_id   = 1;
+
+	language = cupsLangDefault();
+
+	ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_CHARSET,
+                     "attributes-charset", NULL, cupsLangEncoding(language));
+
+	ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_LANGUAGE,
+                     "attributes-natural-language", NULL, language->language);
+
+        ippAddStrings(request, IPP_TAG_OPERATION, IPP_TAG_NAME,
+	              "requested-attributes",
+		      (sizeof(jattrs) / sizeof(jattrs[0])),
+		      NULL, jattrs);
+
+	ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI,
+                     "printer-uri", NULL, uri);
+
+       /*
+	* Do the request and get back a response...
+	*/
+
+	if ((response = cupsDoRequest(http, request, "/")) == NULL)
+	{
+		DEBUG(0,("Unable to get jobs for %s - %s\n", uri,
+			 ippErrorString(cupsLastError())));
+		httpClose(http);
+		return (0);
+	}
+
+	if (response->request.status.status_code >= IPP_OK_CONFLICT)
+	{
+		DEBUG(0,("Unable to get jobs for %s - %s\n", uri,
+			 ippErrorString(response->request.status.status_code)));
+		ippDelete(response);
+		httpClose(http);
+
+		return (0);
+	}
+
+       /*
+        * Process the jobs...
+	*/
+
+        qcount = 0;
+	qalloc = 0;
+	queue  = NULL;
+
+        for (attr = response->attrs; attr != NULL; attr = attr->next)
+	{
+	       /*
+		* Skip leading attributes until we hit a job...
+		*/
+
+		while (attr != NULL && attr->group_tag != IPP_TAG_JOB)
+        		attr = attr->next;
+
+		if (attr == NULL)
+			break;
+
+	       /*
+	        * Allocate memory as needed...
+		*/
+		if (qcount >= qalloc)
+		{
+			qalloc += 16;
+
+			temp = Realloc(queue, sizeof(print_queue_struct) * qalloc);
+
+			if (temp == NULL)
+			{
+				DEBUG(0,("cups_queue_get: Not enough memory!"));
+				ippDelete(response);
+				httpClose(http);
+
+				free (queue);
+				return (0);
+			}
+
+			queue = temp;
+		}
+
+		temp = queue + qcount;
+		memset(temp, 0, sizeof(print_queue_struct));
+
+	       /*
+		* Pull the needed attributes from this job...
+		*/
+
+		job_id       = 0;
+		job_priority = 50;
+		job_status   = IPP_JOB_PENDING;
+		job_time     = 0;
+		job_k_octets = 0;
+		user_name    = NULL;
+		job_name     = NULL;
+
+		while (attr != NULL && attr->group_tag == IPP_TAG_JOB)
+		{
+        		if (attr->name == NULL)
+			{
+				attr = attr->next;
+				break;
+			}
+
+        		if (strcmp(attr->name, "job-id") == 0 &&
+			    attr->value_tag == IPP_TAG_INTEGER)
+				job_id = attr->values[0].integer;
+
+        		if (strcmp(attr->name, "job-k-octets") == 0 &&
+			    attr->value_tag == IPP_TAG_INTEGER)
+				job_k_octets = attr->values[0].integer;
+
+        		if (strcmp(attr->name, "job-priority") == 0 &&
+			    attr->value_tag == IPP_TAG_INTEGER)
+				job_priority = attr->values[0].integer;
+
+        		if (strcmp(attr->name, "job-state") == 0 &&
+			    attr->value_tag == IPP_TAG_ENUM)
+				job_status = (ipp_jstate_t)(attr->values[0].integer);
+
+        		if (strcmp(attr->name, "time-at-creation") == 0 &&
+			    attr->value_tag == IPP_TAG_INTEGER)
+				job_time = attr->values[0].integer;
+
+        		if (strcmp(attr->name, "job-name") == 0 &&
+			    attr->value_tag == IPP_TAG_NAME)
+				job_name = attr->values[0].string.text;
+
+        		if (strcmp(attr->name, "job-originating-user-name") == 0 &&
+			    attr->value_tag == IPP_TAG_NAME)
+				user_name = attr->values[0].string.text;
+
+        		attr = attr->next;
+		}
+
+	       /*
+		* See if we have everything needed...
+		*/
+
+		if (user_name == NULL || job_name == NULL || job_id == 0)
+		{
+        	  if (attr == NULL)
+		    break;
+		  else
+        	    continue;
+		}
+
+		temp->job      = job_id;
+		temp->size     = job_k_octets * 1024;
+		temp->status   = job_status == IPP_JOB_PENDING ? LPQ_QUEUED :
+				 job_status == IPP_JOB_STOPPED ? LPQ_PAUSED :
+                                 job_status == IPP_JOB_HELD ? LPQ_PAUSED :
+			         LPQ_PRINTING;
+		temp->priority = job_priority;
+		temp->time     = job_time;
+		strncpy(temp->fs_user, user_name, sizeof(temp->fs_user) - 1);
+		strncpy(temp->fs_file, job_name, sizeof(temp->fs_file) - 1);
+
+		qcount ++;
+
+		if (attr == NULL)
+        	  break;
+	}
+
+	ippDelete(response);
+
+       /*
+	* Build an IPP_GET_PRINTER_ATTRIBUTES request, which requires the
+	* following attributes:
+	*
+	*    attributes-charset
+	*    attributes-natural-language
+	*    requested-attributes
+	*    printer-uri
+	*/
+
+	request = ippNew();
+
+	request->request.op.operation_id = IPP_GET_PRINTER_ATTRIBUTES;
+	request->request.op.request_id   = 1;
+
+	language = cupsLangDefault();
+
+	ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_CHARSET,
+                     "attributes-charset", NULL, cupsLangEncoding(language));
+
+	ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_LANGUAGE,
+                     "attributes-natural-language", NULL, language->language);
+
+        ippAddStrings(request, IPP_TAG_OPERATION, IPP_TAG_NAME,
+	              "requested-attributes",
+		      (sizeof(pattrs) / sizeof(pattrs[0])),
+		      NULL, pattrs);
+
+	ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI,
+                     "printer-uri", NULL, uri);
+
+       /*
+	* Do the request and get back a response...
+	*/
+
+	if ((response = cupsDoRequest(http, request, "/")) == NULL)
+	{
+		DEBUG(0,("Unable to get printer status for %s - %s\n", PRINTERNAME(snum),
+			 ippErrorString(cupsLastError())));
+		httpClose(http);
+		*q = queue;
+		return (qcount);
+	}
+
+	if (response->request.status.status_code >= IPP_OK_CONFLICT)
+	{
+		DEBUG(0,("Unable to get printer status for %s - %s\n", PRINTERNAME(snum),
+			 ippErrorString(response->request.status.status_code)));
+		ippDelete(response);
+		httpClose(http);
+		*q = queue;
+		return (qcount);
+	}
+
+       /*
+        * Get the current printer status and convert it to the SAMBA values.
+	*/
+
+        if ((attr = ippFindAttribute(response, "printer-state", IPP_TAG_ENUM)) != NULL)
+	{
+		if (attr->values[0].integer == IPP_PRINTER_STOPPED)
+			status->status = LPSTAT_STOPPED;
+		else
+			status->status = LPSTAT_OK;
+	}
+
+        if ((attr = ippFindAttribute(response, "printer-state-message",
+	                             IPP_TAG_TEXT)) != NULL)
+	        fstrcpy(status->message, attr->values[0].string.text);
+
+        ippDelete(response);
+
+       /*
+        * Return the job queue...
+	*/
+
+	httpClose(http);
+
+	*q = queue;
+	return (qcount);
+}
+
+
+/*
+ * 'cups_queue_pause()' - Pause a print queue.
+ */
+
+static int
+cups_queue_pause(int snum)
+{
+	extern userdom_struct current_user_info;
+	int		ret;		/* Return value */
+	http_t		*http;		/* HTTP connection to server */
+	ipp_t		*request,	/* IPP Request */
+			*response;	/* IPP Response */
+	cups_lang_t	*language;	/* Default language */
+	char		uri[HTTP_MAX_URI]; /* printer-uri attribute */
+
+
+	DEBUG(5,("cups_queue_pause(%d)\n", snum));
+
+	/*
+	 * Make sure we don't ask for passwords...
+	 */
+
+        cupsSetPasswordCB(cups_passwd_cb);
+
+	/*
+	 * Try to connect to the server...
+	 */
+
+	if ((http = httpConnect(cupsServer(), ippPort())) == NULL)
+	{
+		DEBUG(0,("Unable to connect to CUPS server %s - %s\n", 
+			 cupsServer(), strerror(errno)));
+		return (1);
+	}
+
+	/*
+	 * Build an IPP_PAUSE_PRINTER request, which requires the following
+	 * attributes:
+	 *
+	 *    attributes-charset
+	 *    attributes-natural-language
+	 *    printer-uri
+	 *    requesting-user-name
+	 */
+
+	request = ippNew();
+
+	request->request.op.operation_id = IPP_PAUSE_PRINTER;
+	request->request.op.request_id   = 1;
+
+	language = cupsLangDefault();
+
+	ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_CHARSET,
+        	     "attributes-charset", NULL, cupsLangEncoding(language));
+
+	ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_LANGUAGE,
+        	     "attributes-natural-language", NULL, language->language);
+
+	slprintf(uri, sizeof(uri) - 1, "ipp://localhost/printers/%s",
+	         PRINTERNAME(snum));
+
+	ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "printer-uri", NULL, uri);
+
+	ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME, "requesting-user-name",
+        	     NULL, current_user_info.unix_name);
+
+       /*
+	* Do the request and get back a response...
+	*/
+
+        ret = 1;
+
+	if ((response = cupsDoRequest(http, request, "/admin/")) != NULL)
+	{
+	  if (response->request.status.status_code >= IPP_OK_CONFLICT)
+		DEBUG(0,("Unable to pause printer %s - %s\n", PRINTERNAME(snum),
+			 ippErrorString(cupsLastError())));
+          else
+	  	ret = 0;
+
+	  ippDelete(response);
+	}
+	else
+	  DEBUG(0,("Unable to pause printer %s - %s\n", PRINTERNAME(snum),
+		   ippErrorString(cupsLastError())));
+
+	httpClose(http);
+
+	return (ret);
+}
+
+
+/*
+ * 'cups_queue_resume()' - Restart a print queue.
+ */
+
+static int
+cups_queue_resume(int snum)
+{
+	extern userdom_struct current_user_info;
+	int		ret;		/* Return value */
+	http_t		*http;		/* HTTP connection to server */
+	ipp_t		*request,	/* IPP Request */
+			*response;	/* IPP Response */
+	cups_lang_t	*language;	/* Default language */
+	char		uri[HTTP_MAX_URI]; /* printer-uri attribute */
+
+
+	DEBUG(5,("cups_queue_resume(%d)\n", snum));
+
+       /*
+        * Make sure we don't ask for passwords...
+	*/
+
+        cupsSetPasswordCB(cups_passwd_cb);
+
+       /*
+	* Try to connect to the server...
+	*/
+
+	if ((http = httpConnect(cupsServer(), ippPort())) == NULL)
+	{
+		DEBUG(0,("Unable to connect to CUPS server %s - %s\n", 
+			 cupsServer(), strerror(errno)));
+		return (1);
+	}
+
+       /*
+	* Build an IPP_RESUME_PRINTER request, which requires the following
+	* attributes:
+	*
+	*    attributes-charset
+	*    attributes-natural-language
+	*    printer-uri
+	*    requesting-user-name
+	*/
+
+	request = ippNew();
+
+	request->request.op.operation_id = IPP_RESUME_PRINTER;
+	request->request.op.request_id   = 1;
+
+	language = cupsLangDefault();
+
+	ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_CHARSET,
+        	     "attributes-charset", NULL, cupsLangEncoding(language));
+
+	ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_LANGUAGE,
+        	     "attributes-natural-language", NULL, language->language);
+
+	slprintf(uri, sizeof(uri) - 1, "ipp://localhost/printers/%s",
+	         PRINTERNAME(snum));
+
+	ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "printer-uri", NULL, uri);
+
+	ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME, "requesting-user-name",
+        	     NULL, current_user_info.unix_name);
+
+       /*
+	* Do the request and get back a response...
+	*/
+
+        ret = 1;
+
+	if ((response = cupsDoRequest(http, request, "/admin/")) != NULL)
+	{
+	  if (response->request.status.status_code >= IPP_OK_CONFLICT)
+		DEBUG(0,("Unable to resume printer %s - %s\n", PRINTERNAME(snum),
+			 ippErrorString(cupsLastError())));
+          else
+	  	ret = 0;
+
+	  ippDelete(response);
+	}
+	else
+	  DEBUG(0,("Unable to resume printer %s - %s\n", PRINTERNAME(snum),
+		   ippErrorString(cupsLastError())));
+
+	httpClose(http);
+
+	return (ret);
+}
+
+
+#else
+ /* this keeps fussy compilers happy */
+ void print_cups_dummy(void) {}
+#endif /* HAVE_CUPS */
diff --git a/source3/printing/print_generic.c b/source3/printing/print_generic.c
new file mode 100644
index 0000000000..e1517c5dcb
--- /dev/null
+++ b/source3/printing/print_generic.c
@@ -0,0 +1,247 @@
+/* 
+   Unix SMB/CIFS implementation.
+   printing command routines
+   Copyright (C) Andrew Tridgell 1992-2000
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "printing.h"
+
+
+/*
+ * Generic printing interface definitions...
+ */
+
+static int generic_job_delete(int snum, struct printjob *pjob);
+static int generic_job_pause(int snum, struct printjob *pjob);
+static int generic_job_resume(int snum, struct printjob *pjob);
+static int generic_job_submit(int snum, struct printjob *pjob);
+static int generic_queue_get(int snum, print_queue_struct **q,
+                             print_status_struct *status);
+static int generic_queue_pause(int snum);
+static int generic_queue_resume(int snum);
+
+
+struct printif	generic_printif =
+		{
+		  generic_queue_get,
+		  generic_queue_pause,
+		  generic_queue_resume,
+		  generic_job_delete,
+		  generic_job_pause,
+		  generic_job_resume,
+		  generic_job_submit,
+		};
+
+/****************************************************************************
+run a given print command 
+a null terminated list of value/substitute pairs is provided
+for local substitution strings
+****************************************************************************/
+static int print_run_command(int snum,char *command, int *outfd, ...)
+{
+
+	pstring syscmd;
+	char *p, *arg;
+	int ret;
+	va_list ap;
+	va_start(ap, outfd);
+
+	if (!command || !*command) return -1;
+
+	if (!VALID_SNUM(snum)) {
+		DEBUG(0,("Invalid snum %d for command %s\n", snum, command));
+		return -1;
+	}
+
+	pstrcpy(syscmd, command);
+
+	while ((arg = va_arg(ap, char *))) {
+		char *value = va_arg(ap,char *);
+		pstring_sub(syscmd, arg, value);
+	}
+	va_end(ap);
+  
+	p = PRINTERNAME(snum);
+  
+	pstring_sub(syscmd, "%p", p);
+	standard_sub_snum(snum,syscmd);
+
+	ret = smbrun(syscmd,outfd);
+
+	DEBUG(3,("Running the command `%s' gave %d\n",syscmd,ret));
+
+	return ret;
+}
+
+
+/****************************************************************************
+delete a print job
+****************************************************************************/
+static int generic_job_delete(int snum, struct printjob *pjob)
+{
+	fstring jobstr;
+
+	/* need to delete the spooled entry */
+	slprintf(jobstr, sizeof(jobstr)-1, "%d", pjob->sysjob);
+	return print_run_command(
+		   snum, 
+		   lp_lprmcommand(snum), NULL,
+		   "%j", jobstr,
+		   "%T", http_timestring(pjob->starttime),
+		   NULL);
+}
+
+/****************************************************************************
+pause a job
+****************************************************************************/
+static int generic_job_pause(int snum, struct printjob *pjob)
+{
+	fstring jobstr;
+	
+	/* need to pause the spooled entry */
+	slprintf(jobstr, sizeof(jobstr)-1, "%d", pjob->sysjob);
+	return print_run_command(snum, 
+				 lp_lppausecommand(snum), NULL,
+				 "%j", jobstr,
+				 NULL);
+}
+
+/****************************************************************************
+resume a job
+****************************************************************************/
+static int generic_job_resume(int snum, struct printjob *pjob)
+{
+	fstring jobstr;
+	
+	/* need to pause the spooled entry */
+	slprintf(jobstr, sizeof(jobstr)-1, "%d", pjob->sysjob);
+	return print_run_command(snum, 
+				 lp_lpresumecommand(snum), NULL,
+				 "%j", jobstr,
+				 NULL);
+}
+
+/****************************************************************************
+ Submit a file for printing - called from print_job_end()
+****************************************************************************/
+
+static int generic_job_submit(int snum, struct printjob *pjob)
+{
+	int ret;
+	pstring current_directory;
+	pstring print_directory;
+	char *wd, *p;
+	pstring jobname;
+	fstring job_page_count, job_size;
+
+	/* we print from the directory path to give the best chance of
+           parsing the lpq output */
+	wd = sys_getwd(current_directory);
+	if (!wd)
+		return 0;
+
+	pstrcpy(print_directory, pjob->filename);
+	p = strrchr_m(print_directory,'/');
+	if (!p)
+		return 0;
+	*p++ = 0;
+
+	if (chdir(print_directory) != 0)
+		return 0;
+
+	pstrcpy(jobname, pjob->jobname);
+	pstring_sub(jobname, "'", "_");
+	slprintf(job_page_count, sizeof(job_page_count)-1, "%d", pjob->page_count);
+	slprintf(job_size, sizeof(job_size)-1, "%d", pjob->size);
+
+	/* send it to the system spooler */
+	ret = print_run_command(snum, 
+			lp_printcommand(snum), NULL,
+			"%s", p,
+			"%J", jobname,
+			"%f", p,
+			"%z", job_size,
+			"%c", job_page_count,
+			NULL);
+
+	chdir(wd);
+
+        return ret;
+}
+
+
+/****************************************************************************
+get the current list of queued jobs
+****************************************************************************/
+static int generic_queue_get(int snum, print_queue_struct **q, print_status_struct *status)
+{
+	char **qlines;
+	int fd;
+	int numlines, i, qcount;
+	print_queue_struct *queue = NULL;
+	fstring printer_name;
+              
+	fstrcpy(printer_name, lp_servicename(snum));
+	
+	print_run_command(snum, lp_lpqcommand(snum), &fd, NULL);
+
+	if (fd == -1) {
+		DEBUG(5,("generic_queue_get: Can't read print queue status for printer %s\n",
+			printer_name ));
+		return 0;
+	}
+	
+	numlines = 0;
+	qlines = fd_lines_load(fd, &numlines);
+	close(fd);
+
+	/* turn the lpq output into a series of job structures */
+	qcount = 0;
+	ZERO_STRUCTP(status);
+	if (numlines)
+		queue = (print_queue_struct *)malloc(sizeof(print_queue_struct)*(numlines+1));
+
+	if (queue) {
+		for (i=0; i<numlines; i++) {
+			/* parse the line */
+			if (parse_lpq_entry(snum,qlines[i],
+					    &queue[qcount],status,qcount==0)) {
+				qcount++;
+			}
+		}		
+	}
+	file_lines_free(qlines);
+
+        *q = queue;
+	return qcount;
+}
+
+/****************************************************************************
+ pause a queue
+****************************************************************************/
+static int generic_queue_pause(int snum)
+{
+	return print_run_command(snum, lp_queuepausecommand(snum), NULL, NULL);
+}
+
+/****************************************************************************
+ resume a queue
+****************************************************************************/
+static int generic_queue_resume(int snum)
+{
+	return print_run_command(snum, lp_queueresumecommand(snum), NULL, NULL);
+}
diff --git a/source3/printing/print_svid.c b/source3/printing/print_svid.c
new file mode 100644
index 0000000000..44127c3700
--- /dev/null
+++ b/source3/printing/print_svid.c
@@ -0,0 +1,145 @@
+/*
+ * Copyright (C) 1997-1998 by Norm Jacobs, Colorado Springs, Colorado, USA
+ * Copyright (C) 1997-1998 by Sun Microsystem, Inc.
+ * All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+/*
+ * This module implements support for gathering and comparing available
+ * printer information on a SVID or XPG4 compliant system.  It does this
+ * through the use of the SVID/XPG4 command "lpstat(1)".
+ *
+ * The expectations is that execution of the command "lpstat -v" will
+ * generate responses in the form of:
+ *
+ *	device for serial: /dev/term/b
+ *	system for fax: server
+ *	system for color: server (as printer chroma)
+ */
+
+
+#include "includes.h"
+#include "smb.h"
+
+#ifdef SYSV
+
+typedef struct printer {
+	char *name;
+	struct printer *next;
+} printer_t;
+static printer_t *printers = NULL;
+
+static void populate_printers(void)
+{
+	char **lines;
+	int i;
+
+	lines = file_lines_pload("/usr/bin/lpstat -v", NULL);
+	if (!lines) return;
+
+	for (i=0;lines[i];i++) {
+		printer_t *ptmp;
+		char *name, *tmp;
+		char *buf = lines[i];
+
+		/* eat "system/device for " */
+		if (((tmp = strchr_m(buf, ' ')) == NULL) ||
+		    ((tmp = strchr_m(++tmp, ' ')) == NULL))
+			continue;
+
+		/*
+		 * In case we're only at the "for ".
+		 */
+
+		if(!strncmp("for ",++tmp,4)) {
+			tmp=strchr_m(tmp, ' ');
+			tmp++;
+		}
+
+		/* Eat whitespace. */
+
+		while(*tmp == ' ')
+			++tmp;
+
+		/*
+		 * On HPUX there is an extra line that can be ignored.
+		 * d.thibadeau 2001/08/09
+		 */
+		if(!strncmp("remote to",tmp,9))
+			continue;
+
+		name = tmp;
+
+		/* truncate the ": ..." */
+		if ((tmp = strchr_m(name, ':')) != NULL)
+			*tmp = '\0';
+		
+		/* add it to the cache */
+		if ((ptmp = malloc(sizeof (*ptmp))) != NULL) {
+			ZERO_STRUCTP(ptmp);
+			if((ptmp->name = strdup(name)) == NULL)
+				DEBUG(0,("populate_printers: malloc fail in strdup !\n"));
+			ptmp->next = printers;
+			printers = ptmp;
+		} else {
+			DEBUG(0,("populate_printers: malloc fail for ptmp\n"));
+		}
+	}
+
+	file_lines_free(lines);
+}
+
+
+/*
+ * provide the equivalent of pcap_printer_fn() for SVID/XPG4 conforming
+ * systems.  It was unclear why pcap_printer_fn() was tossing names longer
+ * than 8 characters.  I suspect that its a protocol limit, but amazingly
+ * names longer than 8 characters appear to work with my test
+ * clients (Win95/NT).
+ */
+void sysv_printer_fn(void (*fn)(char *, char *))
+{
+	printer_t *tmp;
+
+	if (printers == NULL)
+		populate_printers();
+	for (tmp = printers; tmp != NULL; tmp = tmp->next)
+		(fn)(tmp->name, "");
+}
+
+
+/*
+ * provide the equivalent of pcap_printername_ok() for SVID/XPG4 conforming
+ * systems.
+ */
+int sysv_printername_ok(char *name)
+{
+	printer_t *tmp;
+
+	if (printers == NULL)
+		populate_printers();
+	for (tmp = printers; tmp != NULL; tmp = tmp->next)
+		if (strcmp(tmp->name, name) == 0)
+			return (True);
+	return (False);
+}
+
+#else
+/* this keeps fussy compilers happy */
+ void print_svid_dummy(void);
+ void print_svid_dummy(void) {}
+#endif
diff --git a/source3/printing/printfsp.c b/source3/printing/printfsp.c
new file mode 100644
index 0000000000..9f33d57ad5
--- /dev/null
+++ b/source3/printing/printfsp.c
@@ -0,0 +1,104 @@
+/* 
+   Unix SMB/CIFS implementation.
+   printing backend routines for smbd - using files_struct rather
+   than only snum
+   Copyright (C) Andrew Tridgell 1992-2000
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/***************************************************************************
+open a print file and setup a fsp for it. This is a wrapper around
+print_job_start().
+***************************************************************************/
+
+files_struct *print_fsp_open(connection_struct *conn, char *fname)
+{
+	int jobid;
+	SMB_STRUCT_STAT sbuf;
+	extern struct current_user current_user;
+	files_struct *fsp = file_new(conn);
+	fstring name;
+
+	if(!fsp)
+		return NULL;
+
+	fstrcpy( name, "Remote Downlevel Document");
+	if (fname) {
+		char *p = strrchr(fname, '/');
+		fstrcat(name, " ");
+		if (!p)
+			p = fname;
+		fstrcat(name, p);
+	}
+
+	jobid = print_job_start(&current_user, SNUM(conn), name);
+	if (jobid == -1) {
+		file_free(fsp);
+		return NULL;
+	}
+
+	/* setup a full fsp */
+	fsp->print_jobid = jobid;
+	fsp->fd = print_job_fd(jobid);
+	GetTimeOfDay(&fsp->open_time);
+	fsp->vuid = current_user.vuid;
+	fsp->size = 0;
+	fsp->pos = -1;
+	fsp->can_lock = True;
+	fsp->can_read = False;
+	fsp->can_write = True;
+	fsp->share_mode = 0;
+	fsp->print_file = True;
+	fsp->modified = False;
+	fsp->oplock_type = NO_OPLOCK;
+	fsp->sent_oplock_break = NO_BREAK_SENT;
+	fsp->is_directory = False;
+	fsp->directory_delete_on_close = False;
+	fsp->conn = conn;
+	string_set(&fsp->fsp_name,print_job_fname(jobid));
+	fsp->wbmpx_ptr = NULL;      
+	fsp->wcp = NULL; 
+	conn->vfs_ops.fstat(fsp,fsp->fd, &sbuf);
+	fsp->mode = sbuf.st_mode;
+	fsp->inode = sbuf.st_ino;
+	fsp->dev = sbuf.st_dev;
+
+	conn->num_files_open++;
+
+	return fsp;
+}
+
+/****************************************************************************
+print a file - called on closing the file
+****************************************************************************/
+void print_fsp_end(files_struct *fsp, BOOL normal_close)
+{
+	if (fsp->share_mode == FILE_DELETE_ON_CLOSE) {
+		/*
+		 * Truncate the job. print_job_end will take
+		 * care of deleting it for us. JRA.
+		 */
+		sys_ftruncate(fsp->fd, 0);
+	}
+
+	print_job_end(fsp->print_jobid, normal_close);
+
+	if (fsp->fsp_name) {
+		string_free(&fsp->fsp_name);
+	}
+}
diff --git a/source3/printing/printing.c b/source3/printing/printing.c
index 1dd8921800..ad5acb1505 100644
--- a/source3/printing/printing.c
+++ b/source3/printing/printing.c
@@ -1,8 +1,7 @@
 /* 
-   Unix SMB/Netbios implementation.
-   Version 1.9.
-   printing routines
-   Copyright (C) Andrew Tridgell 1992-1995
+   Unix SMB/CIFS implementation.
+   printing backend routines
+   Copyright (C) Andrew Tridgell 1992-2000
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -19,841 +18,1407 @@
    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */
 
-#include "includes.h"
-#include "loadparm.h"
-extern int DEBUGLEVEL;
-extern connection_struct Connections[];
-extern files_struct Files[];
-
-static BOOL * lpq_cache_reset=NULL;
-
-static int check_lpq_cache(int snum) {
-  static int lpq_caches=0;
-  
-  if (lpq_caches <= snum) {
-      BOOL * p;
-      p = (BOOL *) Realloc(lpq_cache_reset,(snum+1)*sizeof(BOOL));
-      if (p) {
-	 lpq_cache_reset=p;
-	 lpq_caches = snum+1;
-      }
-  }
-  return lpq_caches;
-}
-
-void lpq_reset(int snum)
-{
-  if (check_lpq_cache(snum) > snum) lpq_cache_reset[snum]=True;
-}
-
-
-/****************************************************************************
-Build the print command in the supplied buffer. This means getting the
-print command for the service and inserting the printer name and the
-print file name. Return NULL on error, else the passed buffer pointer.
-****************************************************************************/
-static char *build_print_command(int cnum, char *command, char *syscmd, char *filename1)
-{
-  int snum = SNUM(cnum);
-  char *tstr;
-  pstring filename;
-  
-  /* get the print command for the service. */
-  tstr = command;
-  if (!syscmd || !tstr) {
-    DEBUG(0,("No print command for service `%s'\n", SERVICE(snum)));
-    return (NULL);
-  }
-
-  /* copy the command into the buffer for extensive meddling. */
-  StrnCpy(syscmd, tstr, sizeof(pstring) - 1);
-  
-  /* look for "%s" in the string. If there is no %s, we cannot print. */   
-  if (!strstr(syscmd, "%s") && !strstr(syscmd, "%f")) {
-    DEBUG(2,("WARNING! No placeholder for the filename in the print command for service %s!\n", SERVICE(snum)));
-  }
-  
-  if (strstr(syscmd,"%s")) {
-    int iOffset = strstr(syscmd, "%s") - syscmd;
-    
-    /* construct the full path for the filename, shouldn't be necessary unless
-       the subshell causes a "cd" to be executed.
-       Only use the full path if there isn't a / preceding the %s */
-    if (iOffset==0 || syscmd[iOffset-1] != '/') {
-      StrnCpy(filename,Connections[cnum].connectpath,sizeof(filename)-1);
-      trim_string(filename,"","/");
-      strcat(filename,"/");
-      strcat(filename,filename1);
-    }
-    else
-      strcpy(filename,filename1);
-    
-    string_sub(syscmd, "%s", filename);
-  }
-  
-  string_sub(syscmd, "%f", filename1);
-  
-  /* Does the service have a printername? If not, make a fake and empty    */
-  /* printer name. That way a %p is treated sanely if no printer */
-  /* name was specified to replace it. This eventuality is logged.         */
-  tstr = PRINTERNAME(snum);
-  if (tstr == NULL || tstr[0] == '\0') {
-    DEBUG(3,( "No printer name - using %s.\n", SERVICE(snum)));
-    tstr = SERVICE(snum);
-  }
-  
-  string_sub(syscmd, "%p", tstr);
-  
-  standard_sub(cnum,syscmd);
-  
-  return (syscmd);
-}
-
-
-/****************************************************************************
-print a file - called on closing the file
-****************************************************************************/
-void print_file(int fnum)
-{
-  pstring syscmd;
-  int cnum = Files[fnum].cnum;
-  int snum=SNUM(cnum);
-  char *tempstr;
-
-  *syscmd = 0;
-
-  if (file_size(Files[fnum].name) <= 0) {
-    DEBUG(3,("Discarding null print job %s\n",Files[fnum].name));
-    sys_unlink(Files[fnum].name);
-    return;
-  }
-
-  tempstr = build_print_command(cnum, PRINTCOMMAND(snum), syscmd, Files[fnum].name);
-  if (tempstr != NULL)
-    {
-      int ret = smbrun(syscmd,NULL);
-      DEBUG(3,("Running the command `%s' gave %d\n",syscmd,ret));
-    }
-  else
-    DEBUG(0,("Null print command?\n"));
-  
-  lpq_reset(snum);
-}
-
-static char *Months[13] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun",
-			      "Jul", "Aug", "Sep", "Oct", "Nov", "Dec", "Err"};
-
-
-/*******************************************************************
-process time fields
-********************************************************************/
-static time_t EntryTime(string tok[], int ptr, int count, int minimum)
-{
-  time_t jobtime;
-
-  jobtime = time(NULL);		/* default case: take current time */
-  if (count >= minimum) {
-    struct tm *t;
-    int i, day, hour, min, sec;
-    char   *c;
-
-    for (i=0; i<13; i++) if (!strncmp(tok[ptr], Months[i],3)) break; /* Find month */
-    if (i<12) {
-      t = localtime(&jobtime);
-      day = atoi(tok[ptr+1]);
-      c=(char *)(tok[ptr+2]);
-      *(c+2)=0;
-      hour = atoi(c);
-      *(c+5)=0;
-      min = atoi(c+3);
-      if(*(c+6) != 0)sec = atoi(c+6);
-      else  sec=0;
-
-      if ((t->tm_mon < i)||
-	  ((t->tm_mon == i)&&
-	   ((t->tm_mday < day)||
-	    ((t->tm_mday == day)&&
-	     (t->tm_hour*60+t->tm_min < hour*60+min)))))
-	t->tm_year--;		/* last year's print job */
-
-      t->tm_mon = i;
-      t->tm_mday = day;
-      t->tm_hour = hour;
-      t->tm_min = min;
-      t->tm_sec = sec;
-      jobtime = mktime(t);
-    }
-  }
-  return jobtime;
-}
-
-
-/****************************************************************************
-parse a lpq line
-
-here is an example of lpq output under bsd
-
-Warning: no daemon present
-Rank   Owner      Job  Files                                 Total Size
-1st    tridge     148  README                                8096 bytes
-
-here is an example of lpq output under osf/1
-
-Warning: no daemon present
-Rank   Pri Owner      Job  Files                             Total Size
-1st    0   tridge     148  README                            8096 bytes
-****************************************************************************/
-static BOOL parse_lpq_bsd(char *line,print_queue_struct *buf,BOOL first)
-{
-#ifdef	OSF1
-#define	RANKTOK	0
-#define	PRIOTOK 1
-#define	USERTOK 2
-#define	JOBTOK	3
-#define	FILETOK	4
-#define	TOTALTOK 5
-#define	NTOK	6
-#else	/* OSF1 */
-#define	RANKTOK	0
-#define	USERTOK 1
-#define	JOBTOK	2
-#define	FILETOK	3
-#define	TOTALTOK 4
-#define	NTOK	5
-#endif	/* OSF1 */
-
-  string tok[NTOK];
-  int count=0;
-
-#ifdef	OSF1
-  int length;
-  length = strlen(line);
-  if (line[length-3] == ':')
-	return(False);
-#endif	/* OSF1 */
-
-  /* handle the case of "(standard input)" as a filename */
-  string_sub(line,"standard input","STDIN");
-  string_sub(line,"(","\"");
-  string_sub(line,")","\"");
-  
-  for (count=0; count<NTOK && next_token(&line,tok[count],NULL); count++) ;
-
-  /* we must get NTOK tokens */
-  if (count < NTOK)
-    return(False);
-
-  /* the Job and Total columns must be integer */
-  if (!isdigit(*tok[JOBTOK]) || !isdigit(*tok[TOTALTOK])) return(False);
-
-  /* if the fname contains a space then use STDIN */
-  if (strchr(tok[FILETOK],' '))
-    strcpy(tok[FILETOK],"STDIN");
-
-  /* only take the last part of the filename */
-  {
-    string tmp;
-    char *p = strrchr(tok[FILETOK],'/');
-    if (p)
-      {
-	strcpy(tmp,p+1);
-	strcpy(tok[FILETOK],tmp);
-      }
-  }
+#include "printing.h"
+
+/* Current printer interface */
+struct printif *current_printif = &generic_printif;
+
+/* 
+   the printing backend revolves around a tdb database that stores the
+   SMB view of the print queue 
+   
+   The key for this database is a jobid - a internally generated number that
+   uniquely identifies a print job
+
+   reading the print queue involves two steps:
+     - possibly running lpq and updating the internal database from that
+     - reading entries from the database
+
+   jobids are assigned when a job starts spooling. 
+*/
+
+/* the open printing.tdb database */
+static TDB_CONTEXT *tdb;
+static pid_t local_pid;
+
+static int get_queue_status(int, print_status_struct *);
+
+/****************************************************************************
+ Initialise the printing backend. Called once at startup. 
+ Does not survive a fork
+****************************************************************************/
+
+BOOL print_backend_init(void)
+{
+	char *sversion = "INFO/version";
+
+	if (tdb && local_pid == sys_getpid()) return True;
+	tdb = tdb_open_log(lock_path("printing.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
+	if (!tdb) {
+		DEBUG(0,("print_backend_init: Failed to open printing backend database. Error = [%s]\n",
+				 tdb_errorstr(tdb)));
+		return False;
+	}
+	local_pid = sys_getpid();
+
+	/* handle a Samba upgrade */
+	tdb_lock_bystring(tdb, sversion);
+	if (tdb_fetch_int32(tdb, sversion) != PRINT_DATABASE_VERSION) {
+		tdb_traverse(tdb, tdb_traverse_delete_fn, NULL);
+		tdb_store_int32(tdb, sversion, PRINT_DATABASE_VERSION);
+	}
+	tdb_unlock_bystring(tdb, sversion);
+
+	/* select the appropriate printing interface... */
+#ifdef HAVE_CUPS
+	if (strcmp(lp_printcapname(), "cups") == 0)
+		current_printif = &cups_printif;
+#endif /* HAVE_CUPS */
+
+	/* do NT print initialization... */
+	return nt_printing_init();
+}
+
+/****************************************************************************
+useful function to generate a tdb key
+****************************************************************************/
+static TDB_DATA print_key(int jobid)
+{
+	static int j;
+	TDB_DATA ret;
+
+	j = jobid;
+	ret.dptr = (void *)&j;
+	ret.dsize = sizeof(j);
+	return ret;
+}
+
+/****************************************************************************
+useful function to find a print job in the database
+****************************************************************************/
+static struct printjob *print_job_find(int jobid)
+{
+	static struct printjob pjob;
+	TDB_DATA ret;
+
+	ret = tdb_fetch(tdb, print_key(jobid));
+	if (!ret.dptr || ret.dsize != sizeof(pjob)) return NULL;
+
+	memcpy(&pjob, ret.dptr, sizeof(pjob));
+	free(ret.dptr);
+	return &pjob;
+}
+
+/****************************************************************************
+store a job structure back to the database
+****************************************************************************/
+static BOOL print_job_store(int jobid, struct printjob *pjob)
+{
+	TDB_DATA d;
+	BOOL ret;
+
+	d.dptr = (void *)pjob;
+	d.dsize = sizeof(*pjob);
+	ret = (tdb_store(tdb, print_key(jobid), d, TDB_REPLACE) == 0);
+	return ret;
+}
+
+/****************************************************************************
+parse a file name from the system spooler to generate a jobid
+****************************************************************************/
+static int print_parse_jobid(char *fname)
+{
+	int jobid;
+
+	if (strncmp(fname,PRINT_SPOOL_PREFIX,strlen(PRINT_SPOOL_PREFIX)) != 0) return -1;
+	fname += strlen(PRINT_SPOOL_PREFIX);
+
+	jobid = atoi(fname);
+	if (jobid <= 0) return -1;
+
+	return jobid;
+}
+
+
+/****************************************************************************
+list a unix job in the print database
+****************************************************************************/
+static void print_unix_job(int snum, print_queue_struct *q)
+{
+	int jobid = q->job + UNIX_JOB_START;
+	struct printjob pj, *old_pj;
+
+	/* Preserve the timestamp on an existing unix print job */
+
+	old_pj = print_job_find(jobid);
+
+	ZERO_STRUCT(pj);
+
+	pj.pid = (pid_t)-1;
+	pj.sysjob = q->job;
+	pj.fd = -1;
+	pj.starttime = old_pj ? old_pj->starttime : q->time;
+	pj.status = q->status;
+	pj.size = q->size;
+	pj.spooled = True;
+	pj.smbjob = False;
+	fstrcpy(pj.filename, "");
+	fstrcpy(pj.jobname, q->fs_file);
+	fstrcpy(pj.user, q->fs_user);
+	fstrcpy(pj.queuename, lp_servicename(snum));
+
+	print_job_store(jobid, &pj);
+}
+
+
+struct traverse_struct {
+	print_queue_struct *queue;
+	int qcount, snum, maxcount, total_jobs;
+};
+
+/* utility fn to delete any jobs that are no longer active */
+static int traverse_fn_delete(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *state)
+{
+	struct traverse_struct *ts = (struct traverse_struct *)state;
+	struct printjob pjob;
+	int i, jobid;
+
+	if (data.dsize != sizeof(pjob) || key.dsize != sizeof(int)) return 0;
+	memcpy(&jobid, key.dptr, sizeof(jobid));
+	memcpy(&pjob,  data.dptr, sizeof(pjob));
+
+	if (ts->snum != lp_servicenumber(pjob.queuename)) {
+		/* this isn't for the queue we are looking at */
+		ts->total_jobs++;
+		return 0;
+	}
+
+	if (!pjob.smbjob) {
+		/* remove a unix job if it isn't in the system queue any more */
+
+		for (i=0;i<ts->qcount;i++) {
+			if (jobid == ts->queue[i].job + UNIX_JOB_START) break;
+		}
+		if (i == ts->qcount)
+			tdb_delete(tdb, key);
+		else
+			ts->total_jobs++;
+		return 0;
+	}
+
+	/* maybe it hasn't been spooled yet */
+	if (!pjob.spooled) {
+		/* if a job is not spooled and the process doesn't
+                   exist then kill it. This cleans up after smbd
+                   deaths */
+		if (!process_exists(pjob.pid))
+			tdb_delete(tdb, key);
+		else
+			ts->total_jobs++;
+		return 0;
+	}
+
+	for (i=0;i<ts->qcount;i++) {
+		int qid = print_parse_jobid(ts->queue[i].fs_file);
+		if (jobid == qid) break;
+	}
+	
+	/* The job isn't in the system queue - we have to assume it has
+	   completed, so delete the database entry. */
+
+	if (i == ts->qcount) {
+		time_t cur_t = time(NULL);
+
+		/* A race can occur between the time a job is spooled and
+		   when it appears in the lpq output.  This happens when
+		   the job is added to printing.tdb when another smbd
+		   running print_queue_update() has completed a lpq and
+		   is currently traversing the printing tdb and deleting jobs.
+		   A workaround is to not delete the job if it has been 
+		   submitted less than lp_lpqcachetime() seconds ago. */
+
+		if ((cur_t - pjob.starttime) > lp_lpqcachetime())
+			tdb_delete(t, key);
+		else
+			ts->total_jobs++;
+	}
+	else
+		ts->total_jobs++;
+
+	return 0;
+}
+
+/****************************************************************************
+check if the print queue has been updated recently enough
+****************************************************************************/
+static void print_cache_flush(int snum)
+{
+	fstring key;
+	slprintf(key, sizeof(key)-1, "CACHE/%s", lp_servicename(snum));
+	tdb_store_int32(tdb, key, -1);
+}
+
+/****************************************************************************
+ Check if someone already thinks they are doing the update.
+****************************************************************************/
+
+static pid_t get_updating_pid(fstring printer_name)
+{
+	fstring keystr;
+	TDB_DATA data, key;
+	pid_t updating_pid;
+
+	slprintf(keystr, sizeof(keystr)-1, "UPDATING/%s", printer_name);
+    	key.dptr = keystr;
+	key.dsize = strlen(keystr);
+
+	data = tdb_fetch(tdb, key);
+	if (!data.dptr || data.dsize != sizeof(pid_t))
+		return (pid_t)-1;
+
+	memcpy(&updating_pid, data.dptr, sizeof(pid_t));
+	free(data.dptr);
+
+	if (process_exists(updating_pid))
+		return updating_pid;
+
+	return (pid_t)-1;
+}
+
+/****************************************************************************
+ Set the fact that we're doing the update, or have finished doing the update
+ in th tdb.
+****************************************************************************/
+
+static void set_updating_pid(fstring printer_name, BOOL delete)
+{
+	fstring keystr;
+	TDB_DATA key;
+	TDB_DATA data;
+	pid_t updating_pid = sys_getpid();
+
+	slprintf(keystr, sizeof(keystr)-1, "UPDATING/%s", printer_name);
+    	key.dptr = keystr;
+	key.dsize = strlen(keystr);
+
+	if (delete) {
+		tdb_delete(tdb, key);
+		return;
+	}
 	
+	data.dptr = (void *)&updating_pid;
+	data.dsize = sizeof(pid_t);
+
+	tdb_store(tdb, key, data, TDB_REPLACE);	
+}
+
+/****************************************************************************
+ Send a message saying the queue changed.
+****************************************************************************/
+
+static void send_queue_message(const char *printer_name, uint32 high, uint32 low)
+{
+	char msg[8 + sizeof(fstring)];
+	SIVAL(msg,0,low);
+	SIVAL(msg,4,high);
+	fstrcpy(&msg[8], printer_name);
+
+	message_send_all(conn_tdb_ctx(), MSG_PRINTER_NOTIFY, msg, 8 + strlen(printer_name) + 1, False, NULL);
+}
+
+/****************************************************************************
+update the internal database from the system print queue for a queue in the background
+****************************************************************************/
+
+static void print_queue_update_background(int snum)
+{
+	int i, qcount;
+	print_queue_struct *queue = NULL;
+	print_status_struct status;
+	print_status_struct old_status;
+	struct printjob *pjob;
+	struct traverse_struct tstruct;
+	fstring keystr, printer_name, cachestr;
+	TDB_DATA data, key;
+
+	fstrcpy(printer_name, lp_servicename(snum));
+	
+	/*
+	 * Check to see if someone else is doing this update.
+	 * This is essentially a mutex on the update.
+	 */
+
+	if (get_updating_pid(printer_name) != -1)
+		return;
+
+	/* Lock the queue for the database update */
+
+	slprintf(keystr, sizeof(keystr) - 1, "LOCK/%s", printer_name);
+	tdb_lock_bystring(tdb, keystr);
+
+	/*
+	 * Ensure that no one else got in here.
+	 * If the updating pid is still -1 then we are
+	 * the winner.
+	 */
+
+	if (get_updating_pid(printer_name) != -1) {
+		/*
+		 * Someone else is doing the update, exit.
+		 */
+		tdb_unlock_bystring(tdb, keystr);
+		return;
+	}
+
+	/*
+	 * We're going to do the update ourselves.
+	 */
+
+	/* Tell others we're doing the update. */
+	set_updating_pid(printer_name, False);
+
+	/*
+	 * Allow others to enter and notice we're doing
+	 * the update.
+	 */
+
+	tdb_unlock_bystring(tdb, keystr);
+
+	/*
+	 * Update the cache time FIRST ! Stops others even
+	 * attempting to get the lock and doing this
+	 * if the lpq takes a long time.
+	 */
+
+	slprintf(cachestr, sizeof(cachestr)-1, "CACHE/%s", printer_name);
+	tdb_store_int32(tdb, cachestr, (int)time(NULL));
 
-  buf->job = atoi(tok[JOBTOK]);
-  buf->size = atoi(tok[TOTALTOK]);
-  buf->status = strequal(tok[RANKTOK],"active")?LPQ_PRINTING:LPQ_QUEUED;
-  buf->time = time(NULL);
-  StrnCpy(buf->user,tok[USERTOK],sizeof(buf->user)-1);
-  StrnCpy(buf->file,tok[FILETOK],sizeof(buf->file)-1);
-#ifdef PRIOTOK
-  buf->priority = atoi(tok[PRIOTOK]);
-#else
-  buf->priority = 1;
-#endif
-  return(True);
-}
-
-
-
-/*******************************************************************
-parse lpq on an aix system
-
-Queue   Dev   Status    Job Files              User         PP %   Blks  Cp Rnk
-------- ----- --------- --- ------------------ ---------- ---- -- ----- --- ---
-lazer   lazer READY
-lazer   lazer RUNNING   537 6297doc.A          kvintus@IE    0 10  2445   1   1
-              QUEUED    538 C.ps               root@IEDVB           124   1   2
-              QUEUED    539 E.ps               root@IEDVB            28   1   3
-              QUEUED    540 L.ps               root@IEDVB           172   1   4
-              QUEUED    541 P.ps               root@IEDVB            22   1   5
-********************************************************************/
-static BOOL parse_lpq_aix(char *line,print_queue_struct *buf,BOOL first)
-{
-  string tok[11];
-  int count=0;
-
-  /* handle the case of "(standard input)" as a filename */
-  string_sub(line,"standard input","STDIN");
-  string_sub(line,"(","\"");
-  string_sub(line,")","\"");
-
-  for (count=0; count<10 && next_token(&line,tok[count],NULL); count++) ;
-
-  /* we must get 6 tokens */
-  if (count < 10)
-  {
-      if ((count == 7) && (strcmp(tok[0],"QUEUED") == 0))
-      {
-          /* the 2nd and 5th columns must be integer */
-          if (!isdigit(*tok[1]) || !isdigit(*tok[4])) return(False);
-          buf->size = atoi(tok[4]) * 1024;
-          /* if the fname contains a space then use STDIN */
-          if (strchr(tok[2],' '))
-            strcpy(tok[2],"STDIN");
-
-          /* only take the last part of the filename */
-          {
-            string tmp;
-            char *p = strrchr(tok[2],'/');
-            if (p)
-              {
-                strcpy(tmp,p+1);
-                strcpy(tok[2],tmp);
-              }
-          }
-
-
-          buf->job = atoi(tok[1]);
-          buf->status = LPQ_QUEUED;
-	  buf->priority = 0;
-          buf->time = time(NULL);
-          StrnCpy(buf->user,tok[3],sizeof(buf->user)-1);
-          StrnCpy(buf->file,tok[2],sizeof(buf->file)-1);
-      }
-      else
-      {
-          DEBUG(6,("parse_lpq_aix count=%d\n", count));
-          return(False);
-      }
-  }
-  else
-  {
-      /* the 4th and 9th columns must be integer */
-      if (!isdigit(*tok[3]) || !isdigit(*tok[8])) return(False);
-      buf->size = atoi(tok[8]) * 1024;
-      /* if the fname contains a space then use STDIN */
-      if (strchr(tok[4],' '))
-        strcpy(tok[4],"STDIN");
-
-      /* only take the last part of the filename */
-      {
-        string tmp;
-        char *p = strrchr(tok[4],'/');
-        if (p)
-          {
-            strcpy(tmp,p+1);
-            strcpy(tok[4],tmp);
-          }
-      }
-
-
-      buf->job = atoi(tok[3]);
-      buf->status = strequal(tok[2],"RUNNING")?LPQ_PRINTING:LPQ_QUEUED;
-      buf->priority = 0;
-      buf->time = time(NULL);
-      StrnCpy(buf->user,tok[5],sizeof(buf->user)-1);
-      StrnCpy(buf->file,tok[4],sizeof(buf->file)-1);
-  }
-
-
-  return(True);
-}
-
-
-/****************************************************************************
-parse a lpq line
-here is an example of lpq output under hpux; note there's no space after -o !
-$> lpstat -oljplus
-ljplus-2153         user           priority 0  Jan 19 08:14 on ljplus
-      util.c                                  125697 bytes
-      server.c				      110712 bytes
-ljplus-2154         user           priority 0  Jan 19 08:14 from client
-      (standard input)                          7551 bytes
-****************************************************************************/
-static BOOL parse_lpq_hpux(char * line, print_queue_struct *buf, BOOL first)
-{
-  /* must read two lines to process, therefore keep some values static */
-  static BOOL header_line_ok=False, base_prio_reset=False;
-  static string jobuser;
-  static int jobid;
-  static int jobprio;
-  static time_t jobtime;
-  static int jobstat=LPQ_QUEUED;
-  /* to store minimum priority to print, lpstat command should be invoked
-     with -p option first, to work */
-  static int base_prio;
+        /* get the current queue using the appropriate interface */
+	ZERO_STRUCT(status);
+
+	qcount = (*(current_printif->queue_get))(snum, &queue, &status);
+
+	DEBUG(3, ("%d job%s in queue for %s\n", qcount, (qcount != 1) ?
+		"s" : "", printer_name));
+
+	/*
+	  any job in the internal database that is marked as spooled
+	  and doesn't exist in the system queue is considered finished
+	  and removed from the database
+
+	  any job in the system database but not in the internal database 
+	  is added as a unix job
+
+	  fill in any system job numbers as we go
+	*/
+	for (i=0; i<qcount; i++) {
+		int jobid = print_parse_jobid(queue[i].fs_file);
+
+		if (jobid == -1) {
+			/* assume its a unix print job */
+			print_unix_job(snum, &queue[i]);
+			continue;
+		}
+
+		/* we have an active SMB print job - update its status */
+		pjob = print_job_find(jobid);
+		if (!pjob) {
+			/* err, somethings wrong. Probably smbd was restarted
+			   with jobs in the queue. All we can do is treat them
+			   like unix jobs. Pity. */
+			print_unix_job(snum, &queue[i]);
+			continue;
+		}
+
+		pjob->sysjob = queue[i].job;
+		pjob->status = queue[i].status;
+
+		print_job_store(jobid, pjob);
+	}
+
+	/* now delete any queued entries that don't appear in the
+           system queue */
+	tstruct.queue = queue;
+	tstruct.qcount = qcount;
+	tstruct.snum = snum;
+	tstruct.total_jobs = 0;
+
+	tdb_traverse(tdb, traverse_fn_delete, (void *)&tstruct);
+
+	safe_free(tstruct.queue);
+
+	tdb_store_int32(tdb, "INFO/total_jobs", tstruct.total_jobs);
+
+	/*
+	 * Get the old print status. We will use this to compare the
+	 * number of jobs. If they have changed we need to send a
+	 * "changed" message to the smbds.
+	 */
+
+	if( qcount != get_queue_status(snum, &old_status)) {
+		DEBUG(10,("print_queue_update: queue status change %d jobs -> %d jobs for printer %s\n",
+				old_status.qcount, qcount, printer_name ));
+		send_queue_message(printer_name, 0, PRINTER_CHANGE_JOB);
+	}
+
+	/* store the new queue status structure */
+	slprintf(keystr, sizeof(keystr)-1, "STATUS/%s", printer_name);
+	key.dptr = keystr;
+	key.dsize = strlen(keystr);
+
+	status.qcount = qcount;
+	data.dptr = (void *)&status;
+	data.dsize = sizeof(status);
+	tdb_store(tdb, key, data, TDB_REPLACE);	
+
+	/*
+	 * Update the cache time again. We want to do this call
+	 * as little as possible...
+	 */
+
+	slprintf(keystr, sizeof(keystr)-1, "CACHE/%s", printer_name);
+	tdb_store_int32(tdb, keystr, (int)time(NULL));
+
+	/* Delete our pid from the db. */
+	set_updating_pid(printer_name, True);
+}
+
+/****************************************************************************
+this is the receive function of the background lpq updater
+****************************************************************************/
+static void print_queue_receive(int msg_type, pid_t src, void *buf, size_t len)
+{
+	int snum;
+	snum=*((int *)buf);
+	print_queue_update_background(snum);
+}
+
+static pid_t background_lpq_updater_pid;
+
+/****************************************************************************
+main thread of the background lpq updater
+****************************************************************************/
+void start_background_queue(void)
+{
+	DEBUG(3,("start_background_queue: Starting background LPQ thread\n"));
+	background_lpq_updater_pid = sys_fork();
+
+	if (background_lpq_updater_pid == -1) {
+		DEBUG(5,("start_background_queue: background LPQ thread failed to start. %s\n", strerror(errno) ));
+		exit(1);
+	}
+
+	if(background_lpq_updater_pid == 0) {
+		/* Child. */
+		DEBUG(5,("start_background_queue: background LPQ thread started\n"));
+
+		claim_connection(NULL,"smbd lpq backend",0,False);
+
+		if (!locking_init(0))
+			exit(1);
+
+		if (!print_backend_init())
+			exit(1);
+
+		message_register(MSG_PRINTER_UPDATE, print_queue_receive);
+		
+		DEBUG(5,("start_background_queue: background LPQ thread waiting for messages\n"));
+		while (1) {
+			pause();
+			DEBUG(10,("start_background_queue: background LPQ thread got a message\n"));
+			message_dispatch();
+		}
+	}
+}
+
+/****************************************************************************
+update the internal database from the system print queue for a queue
+****************************************************************************/
+static void print_queue_update(int snum)
+{
+	message_send_pid(background_lpq_updater_pid, MSG_PRINTER_UPDATE, &snum, sizeof(snum), False);
+}
+
+/****************************************************************************
+check if a jobid is valid. It is valid if it exists in the database
+****************************************************************************/
+BOOL print_job_exists(int jobid)
+{
+	return tdb_exists(tdb, print_key(jobid));
+}
+
+
+/****************************************************************************
+work out which service a jobid is for
+note that we have to look up by queue name to ensure that it works for 
+other than the process that started the job
+****************************************************************************/
+int print_job_snum(int jobid)
+{
+	struct printjob *pjob = print_job_find(jobid);
+	if (!pjob) return -1;
+
+	return find_service(pjob->queuename);
+}
+
+/****************************************************************************
+give the fd used for a jobid
+****************************************************************************/
+int print_job_fd(int jobid)
+{
+	struct printjob *pjob = print_job_find(jobid);
+	if (!pjob) return -1;
+	/* don't allow another process to get this info - it is meaningless */
+	if (pjob->pid != local_pid) return -1;
+	return pjob->fd;
+}
+
+/****************************************************************************
+give the filename used for a jobid
+only valid for the process doing the spooling and when the job
+has not been spooled
+****************************************************************************/
+char *print_job_fname(int jobid)
+{
+	struct printjob *pjob = print_job_find(jobid);
+	if (!pjob || pjob->spooled || pjob->pid != local_pid) return NULL;
+	return pjob->filename;
+}
+
+
+/****************************************************************************
+set the place in the queue for a job
+****************************************************************************/
+BOOL print_job_set_place(int jobid, int place)
+{
+	DEBUG(2,("print_job_set_place not implemented yet\n"));
+	return False;
+}
+
+/****************************************************************************
+set the name of a job. Only possible for owner
+****************************************************************************/
+BOOL print_job_set_name(int jobid, char *name)
+{
+	struct printjob *pjob = print_job_find(jobid);
+	if (!pjob || pjob->pid != local_pid) return False;
+
+	fstrcpy(pjob->jobname, name);
+	return print_job_store(jobid, pjob);
+}
+
+
+/****************************************************************************
+delete a print job - don't update queue
+****************************************************************************/
+static BOOL print_job_delete1(int jobid)
+{
+	struct printjob *pjob = print_job_find(jobid);
+	int snum, result = 0;
+
+	if (!pjob) return False;
+
+	/*
+	 * If already deleting just return.
+	 */
+
+	if (pjob->status == LPQ_DELETING)
+		return True;
+
+	snum = print_job_snum(jobid);
+	if (snum == -1) {
+		DEBUG(5,("print_job_delete1: unknown service number for jobid %d\n", jobid));
+		return False;
+	}
+
+	/* Hrm - we need to be able to cope with deleting a job before it
+	   has reached the spooler. */
+
+	if (pjob->sysjob == -1) {
+		DEBUG(5, ("attempt to delete job %d not seen by lpr\n",
+			  jobid));
+	}
+
+	/* Set the tdb entry to be deleting. */
+
+	pjob->status = LPQ_DELETING;
+	print_job_store(jobid, pjob);
+
+	if (pjob->spooled && pjob->sysjob != -1)
+		result = (*(current_printif->job_delete))(snum, pjob);
+
+	/* Delete the tdb entry if the delete suceeded or the job hasn't
+	   been spooled. */
+
+	if (result == 0) {
+		tdb_delete(tdb, print_key(jobid));
+	}
+
+	return (result == 0);
+}
+
+/****************************************************************************
+return true if the current user owns the print job
+****************************************************************************/
+static BOOL is_owner(struct current_user *user, int jobid)
+{
+	struct printjob *pjob = print_job_find(jobid);
+	user_struct *vuser;
+
+	if (!pjob || !user) return False;
+
+	if ((vuser = get_valid_user_struct(user->vuid)) != NULL) {
+		return strequal(pjob->user, vuser->user.smb_name);
+	} else {
+		return strequal(pjob->user, uidtoname(user->uid));
+	}
+}
+
+/****************************************************************************
+delete a print job
+****************************************************************************/
+BOOL print_job_delete(struct current_user *user, int jobid, WERROR *errcode)
+{
+	int snum = print_job_snum(jobid);
+	char *printer_name;
+	BOOL owner;
+
+	if (snum == -1) {
+		DEBUG(5,("print_job_delete: unknown service number for jobid %d\n", jobid));
+		return False;
+	}
+
+	owner = is_owner(user, jobid);
+	
+	/* Check access against security descriptor or whether the user
+	   owns their job. */
+
+	if (!owner && 
+	    !print_access_check(user, snum, JOB_ACCESS_ADMINISTER)) {
+		DEBUG(3, ("delete denied by security descriptor\n"));
+		*errcode = WERR_ACCESS_DENIED;
+		return False;
+	}
+
+	if (!print_job_delete1(jobid)) return False;
+
+	/* force update the database and say the delete failed if the
+           job still exists */
+
+	print_queue_update(snum);
+
+	/* Send a printer notify message */
+
+	printer_name = PRINTERNAME(snum);
+
+	send_queue_message(printer_name, 0, PRINTER_CHANGE_JOB);
+
+	return !print_job_exists(jobid);
+}
+
+
+/****************************************************************************
+pause a job
+****************************************************************************/
+BOOL print_job_pause(struct current_user *user, int jobid, WERROR *errcode)
+{
+	struct printjob *pjob = print_job_find(jobid);
+	int snum, ret = -1;
+	char *printer_name;
+	
+	if (!pjob || !user) return False;
+
+	if (!pjob->spooled || pjob->sysjob == -1) return False;
+
+	snum = print_job_snum(jobid);
+	if (snum == -1) {
+		DEBUG(5,("print_job_pause: unknown service number for jobid %d\n", jobid));
+		return False;
+	}
+	if (snum == -1) {
+		DEBUG(5,("print_job_resume: unknown service number for jobid %d\n", jobid));
+		return False;
+	}
+
+	if (!is_owner(user, jobid) &&
+	    !print_access_check(user, snum, JOB_ACCESS_ADMINISTER)) {
+		DEBUG(3, ("pause denied by security descriptor\n"));
+		*errcode = WERR_ACCESS_DENIED;
+		return False;
+	}
+
+	/* need to pause the spooled entry */
+	ret = (*(current_printif->job_pause))(snum, pjob);
+
+	if (ret != 0) {
+		*errcode = WERR_INVALID_PARAM;
+		return False;
+	}
+
+	/* force update the database */
+	print_cache_flush(snum);
+
+	/* Send a printer notify message */
+
+	printer_name = PRINTERNAME(snum);
+
+	send_queue_message(printer_name, 0, PRINTER_CHANGE_JOB);
+
+	/* how do we tell if this succeeded? */
+
+	return True;
+}
+
+/****************************************************************************
+resume a job
+****************************************************************************/
+BOOL print_job_resume(struct current_user *user, int jobid, WERROR *errcode)
+{
+	struct printjob *pjob = print_job_find(jobid);
+	char *printer_name;
+	int snum, ret;
+	
+	if (!pjob || !user) return False;
+
+	if (!pjob->spooled || pjob->sysjob == -1) return False;
+
+	snum = print_job_snum(jobid);
+
+	if (!is_owner(user, jobid) &&
+	    !print_access_check(user, snum, JOB_ACCESS_ADMINISTER)) {
+		DEBUG(3, ("resume denied by security descriptor\n"));
+		*errcode = WERR_ACCESS_DENIED;
+		return False;
+	}
+
+	ret = (*(current_printif->job_resume))(snum, pjob);
+
+	if (ret != 0) {
+		*errcode = WERR_INVALID_PARAM;
+		return False;
+	}
+
+	/* force update the database */
+	print_cache_flush(snum);
+
+	/* Send a printer notify message */
+
+	printer_name = PRINTERNAME(snum);
+
+	send_queue_message(printer_name, 0, PRINTER_CHANGE_JOB);
+
+	return True;
+}
+
+/****************************************************************************
+write to a print file
+****************************************************************************/
+int print_job_write(int jobid, const char *buf, int size)
+{
+	int return_code;
+	struct printjob *pjob = print_job_find(jobid);
+
+	if (!pjob)
+		return -1;
+	/* don't allow another process to get this info - it is meaningless */
+	if (pjob->pid != local_pid)
+		return -1;
+
+	return_code = write(pjob->fd, buf, size);
+	if (return_code>0) {
+		pjob->size += size;
+		print_job_store(jobid, pjob);
+	}
+	return return_code;
+}
+
+/****************************************************************************
+ Check if the print queue has been updated recently enough.
+****************************************************************************/
+
+static BOOL print_cache_expired(int snum)
+{
+	fstring key;
+	time_t last_qscan_time, time_now = time(NULL);
+
+	slprintf(key, sizeof(key), "CACHE/%s", lp_servicename(snum));
+	last_qscan_time = (time_t)tdb_fetch_int32(tdb, key);
+
+	/*
+	 * Invalidate the queue for 3 reasons.
+	 * (1). last queue scan time == -1.
+	 * (2). Current time - last queue scan time > allowed cache time.
+	 * (3). last queue scan time > current time + MAX_CACHE_VALID_TIME (1 hour by default).
+	 * This last test picks up machines for which the clock has been moved
+	 * forward, an lpq scan done and then the clock moved back. Otherwise
+	 * that last lpq scan would stay around for a loooong loooong time... :-). JRA.
+	 */
+
+	if (last_qscan_time == ((time_t)-1) || (time_now - last_qscan_time) >= lp_lpqcachetime() ||
+			last_qscan_time > (time_now + MAX_CACHE_VALID_TIME)) {
+		DEBUG(3, ("print cache expired for queue %s \
+(last_qscan_time = %d, time now = %d, qcachetime = %d)\n", lp_servicename(snum),
+			(int)last_qscan_time, (int)time_now, (int)lp_lpqcachetime() ));
+		return True;
+	}
+	return False;
+}
+
+/****************************************************************************
+ Get the queue status - do not update if db is out of date.
+****************************************************************************/
+static int get_queue_status(int snum, print_status_struct *status)
+{
+	fstring keystr;
+	TDB_DATA data, key;
+
+	ZERO_STRUCTP(status);
+	slprintf(keystr, sizeof(keystr)-1, "STATUS/%s", lp_servicename(snum));
+	key.dptr = keystr;
+	key.dsize = strlen(keystr);
+	data = tdb_fetch(tdb, key);
+	if (data.dptr) {
+		if (data.dsize == sizeof(print_status_struct)) {
+			memcpy(status, data.dptr, sizeof(print_status_struct));
+		}
+		free(data.dptr);
+	}
+	return status->qcount;
+}
+
+/****************************************************************************
+ Determine the number of jobs in a queue.
+****************************************************************************/
+
+int print_queue_length(int snum, print_status_struct *pstatus)
+{
+	print_status_struct status;
+	int len;
  
-  int count;
-  char TAB = '\011';  
-  string tok[12];
-
-  /* If a line begins with a horizontal TAB, it is a subline type */
-  
-  if (line[0] == TAB) { /* subline */
-    /* check if it contains the base priority */
-    if (!strncmp(line,"\tfence priority : ",18)) {
-       base_prio=atoi(&line[18]);
-       DEBUG(4, ("fence priority set at %d\n", base_prio));
-    }
-    if (!header_line_ok) return (False); /* incorrect header line */
-    /* handle the case of "(standard input)" as a filename */
-    string_sub(line,"standard input","STDIN");
-    string_sub(line,"(","\"");
-    string_sub(line,")","\"");
-    
-    for (count=0; count<2 && next_token(&line,tok[count],NULL); count++) ;
-    /* we must get 2 tokens */
-    if (count < 2) return(False);
-    
-    /* the 2nd column must be integer */
-    if (!isdigit(*tok[1])) return(False);
-    
-    /* if the fname contains a space then use STDIN */
-    if (strchr(tok[0],' '))
-      strcpy(tok[0],"STDIN");
-    
-    buf->size = atoi(tok[1]);
-    StrnCpy(buf->file,tok[0],sizeof(buf->file)-1);
-    
-    /* fill things from header line */
-    buf->time = jobtime;
-    buf->job = jobid;
-    buf->status = jobstat;
-    buf->priority = jobprio;
-    StrnCpy(buf->user,jobuser,sizeof(buf->user)-1);
-    
-    return(True);
-  }
-  else { /* header line */
-    header_line_ok=False; /* reset it */
-    if (first) {
-       if (!base_prio_reset) {
-	  base_prio=0; /* reset it */
-	  base_prio_reset=True;
-       }
-    }
-    else if (base_prio) base_prio_reset=False;
-    
-    /* handle the dash in the job id */
-    string_sub(line,"-"," ");
-    
-    for (count=0; count<12 && next_token(&line,tok[count],NULL); count++) ;
-      
-    /* we must get 8 tokens */
-    if (count < 8) return(False);
-    
-    /* first token must be printer name (cannot check ?) */
-    /* the 2nd, 5th & 7th column must be integer */
-    if (!isdigit(*tok[1]) || !isdigit(*tok[4]) || !isdigit(*tok[6])) return(False);
-    jobid = atoi(tok[1]);
-    StrnCpy(jobuser,tok[2],sizeof(buf->user)-1);
-    jobprio = atoi(tok[4]);
-    
-    /* process time */
-    jobtime=EntryTime(tok, 5, count, 8);
-    if (jobprio < base_prio) {
-       jobstat = LPQ_PAUSED;
-       DEBUG (4, ("job %d is paused: prio %d < %d; jobstat=%d\n", jobid, jobprio, base_prio, jobstat));
-    }
-    else {
-       jobstat = LPQ_QUEUED;
-       if ((count >8) && (((strequal(tok[8],"on")) ||
-			   ((strequal(tok[8],"from")) && 
-			    ((count > 10)&&(strequal(tok[10],"on")))))))
-	 jobstat = LPQ_PRINTING;
-    }
-    
-    header_line_ok=True; /* information is correct */
-    return(False); /* need subline info to include into queuelist */
-  }
-}
-
-
-/****************************************************************************
-parse a lpq line
-
-here is an example of "lpstat -o dcslw" output under sysv
-
-dcslw-896               tridge            4712   Dec 20 10:30:30 on dcslw
-dcslw-897               tridge            4712   Dec 20 10:30:30 being held
-
-****************************************************************************/
-static BOOL parse_lpq_sysv(char *line,print_queue_struct *buf,BOOL first)
-{
-  string tok[9];
-  int count=0;
-  char *p;
-
-  /* handle the dash in the job id */
-  string_sub(line,"-"," ");
-  
-  for (count=0; count<9 && next_token(&line,tok[count],NULL); count++) ;
-
-  /* we must get 7 tokens */
-  if (count < 7)
-    return(False);
-
-  /* the 2nd and 4th, 6th columns must be integer */
-  if (!isdigit(*tok[1]) || !isdigit(*tok[3])) return(False);
-  if (!isdigit(*tok[5])) return(False);
-
-  /* if the user contains a ! then trim the first part of it */  
-  if ((p=strchr(tok[2],'!')))
-    {
-      string tmp;
-      strcpy(tmp,p+1);
-      strcpy(tok[2],tmp);
-    }
-    
-
-  buf->job = atoi(tok[1]);
-  buf->size = atoi(tok[3]);
-  if (count > 7 && strequal(tok[7],"on"))
-    buf->status = LPQ_PRINTING;
-  else if (count > 8 && strequal(tok[7],"being") && strequal(tok[8],"held"))
-    buf->status = LPQ_PAUSED;
-  else
-    buf->status = LPQ_QUEUED;
-  buf->priority = 0;
-  buf->time = EntryTime(tok, 4, count, 7);
-  StrnCpy(buf->user,tok[2],sizeof(buf->user)-1);
-  StrnCpy(buf->file,tok[2],sizeof(buf->file)-1);
-  return(True);
-}
-
-/****************************************************************************
-parse a lpq line
-
-here is an example of lpq output under qnx
-Spooler: /qnx/spooler, on node 1
-Printer: txt        (ready) 
-0000:     root	[job #1    ]   active 1146 bytes	/etc/profile
-0001:     root	[job #2    ]    ready 2378 bytes	/etc/install
-0002:     root	[job #3    ]    ready 1146 bytes	-- standard input --
-****************************************************************************/
-static BOOL parse_lpq_qnx(char *line,print_queue_struct *buf,BOOL first)
-{
-  string tok[7];
-  int count=0;
-
-  DEBUG(0,("antes [%s]\n", line));
-
-  /* handle the case of "-- standard input --" as a filename */
-  string_sub(line,"standard input","STDIN");
-  DEBUG(0,("despues [%s]\n", line));
-  string_sub(line,"-- ","\"");
-  string_sub(line," --","\"");
-  DEBUG(0,("despues 1 [%s]\n", line));
-
-  string_sub(line,"[job #","");
-  string_sub(line,"]","");
-  DEBUG(0,("despues 2 [%s]\n", line));
-
-  
-  
-  for (count=0; count<7 && next_token(&line,tok[count],NULL); count++) ;
-
-  /* we must get 7 tokens */
-  if (count < 7)
-    return(False);
-
-  /* the 3rd and 5th columns must be integer */
-  if (!isdigit(*tok[2]) || !isdigit(*tok[4])) return(False);
+	/* make sure the database is up to date */
+	if (print_cache_expired(snum))
+		print_queue_update(snum);
+ 
+	/* also fetch the queue status */
+	memset(&status, 0, sizeof(status));
+	len = get_queue_status(snum, &status);
+	if (pstatus)
+		*pstatus = status;
+	return len;
+}
+
+/****************************************************************************
+ Determine the number of jobs in all queues.
+****************************************************************************/
+static int get_total_jobs(int snum)
+{
+	int total_jobs;
+
+	/* make sure the database is up to date */
+	if (print_cache_expired(snum)) print_queue_update(snum);
+
+	total_jobs = tdb_fetch_int32(tdb, "INFO/total_jobs");
+	if (total_jobs >0)
+		return total_jobs;
+	else
+		return 0;
+}
+
+/***************************************************************************
+start spooling a job - return the jobid
+***************************************************************************/
+int print_job_start(struct current_user *user, int snum, char *jobname)
+{
+	int jobid;
+	char *path;
+	struct printjob pjob;
+	int next_jobid;
+	user_struct *vuser;
+	int njobs = 0;
+
+	errno = 0;
+
+	if (!print_access_check(user, snum, PRINTER_ACCESS_USE)) {
+		DEBUG(3, ("print_job_start: job start denied by security descriptor\n"));
+		return -1;
+	}
+
+	if (!print_time_access_check(snum)) {
+		DEBUG(3, ("print_job_start: job start denied by time check\n"));
+		return -1;
+	}
+
+	path = lp_pathname(snum);
+
+	/* see if we have sufficient disk space */
+	if (lp_minprintspace(snum)) {
+		SMB_BIG_UINT dspace, dsize;
+		if (sys_fsusage(path, &dspace, &dsize) == 0 &&
+		    dspace < 2*(SMB_BIG_UINT)lp_minprintspace(snum)) {
+			DEBUG(3, ("print_job_start: disk space check failed.\n"));
+			errno = ENOSPC;
+			return -1;
+		}
+	}
+
+	/* for autoloaded printers, check that the printcap entry still exists */
+	if (lp_autoloaded(snum) && !pcap_printername_ok(lp_servicename(snum), NULL)) {
+		DEBUG(3, ("print_job_start: printer name %s check failed.\n", lp_servicename(snum) ));
+		errno = ENOENT;
+		return -1;
+	}
+
+	/* Insure the maximum queue size is not violated */
+	if (lp_maxprintjobs(snum) && (njobs = print_queue_length(snum,NULL)) > lp_maxprintjobs(snum)) {
+		DEBUG(3, ("print_job_start: number of jobs (%d) larger than max printjobs per queue (%d).\n",
+			njobs, lp_maxprintjobs(snum) ));
+		errno = ENOSPC;
+		return -1;
+	}
+
+	/* Insure the maximum print jobs in the system is not violated */
+	if (lp_totalprintjobs() && get_total_jobs(snum) > lp_totalprintjobs()) {
+		DEBUG(3, ("print_job_start: number of jobs (%d) larger than max printjobs per system (%d).\n",
+			njobs, lp_totalprintjobs() ));
+		errno = ENOSPC;
+		return -1;
+	}
+
+	/* create the database entry */
+	ZERO_STRUCT(pjob);
+	pjob.pid = local_pid;
+	pjob.sysjob = -1;
+	pjob.fd = -1;
+	pjob.starttime = time(NULL);
+	pjob.status = LPQ_SPOOLING;
+	pjob.size = 0;
+	pjob.spooled = False;
+	pjob.smbjob = True;
+
+	fstrcpy(pjob.jobname, jobname);
+
+	if ((vuser = get_valid_user_struct(user->vuid)) != NULL) {
+		fstrcpy(pjob.user, vuser->user.smb_name);
+	} else {
+		fstrcpy(pjob.user, uidtoname(user->uid));
+	}
+
+	fstrcpy(pjob.queuename, lp_servicename(snum));
+
+	/* lock the database */
+	tdb_lock_bystring(tdb, "INFO/nextjob");
+
+	next_jobid = tdb_fetch_int32(tdb, "INFO/nextjob");
+	if (next_jobid == -1)
+		next_jobid = 1;
+
+	for (jobid = NEXT_JOBID(next_jobid); jobid != next_jobid; jobid = NEXT_JOBID(jobid)) {
+		if (!print_job_exists(jobid))
+			break;
+	}
+	if (jobid == next_jobid || !print_job_store(jobid, &pjob)) {
+		DEBUG(3, ("print_job_start: either jobid (%d)==next_jobid(%d) or print_job_store failed.\n",
+				jobid, next_jobid ));
+		jobid = -1;
+		goto fail;
+	}
+
+	tdb_store_int32(tdb, "INFO/nextjob", jobid);
+
+	/* we have a job entry - now create the spool file */
+	slprintf(pjob.filename, sizeof(pjob.filename)-1, "%s/%s%.6d.XXXXXX", 
+		 path, PRINT_SPOOL_PREFIX, jobid);
+	pjob.fd = smb_mkstemp(pjob.filename);
+
+	if (pjob.fd == -1) {
+		if (errno == EACCES) {
+			/* Common setup error, force a report. */
+			DEBUG(0, ("print_job_start: insufficient permissions \
+to open spool file %s.\n", pjob.filename));
+		} else {
+			/* Normal case, report at level 3 and above. */
+			DEBUG(3, ("print_job_start: can't open spool file %s,\n", pjob.filename));
+			DEBUGADD(3, ("errno = %d (%s).\n", errno, strerror(errno)));
+		}
+		goto fail;
+	}
+
+	print_job_store(jobid, &pjob);
+
+	tdb_unlock_bystring(tdb, "INFO/nextjob");
+
+	/*
+	 * If the printer is marked as postscript output a leading
+	 * file identifier to ensure the file is treated as a raw
+	 * postscript file.
+	 * This has a similar effect as CtrlD=0 in WIN.INI file.
+	 * tim@fsg.com 09/06/94
+	 */
+	if (lp_postscript(snum)) {
+		print_job_write(jobid, "%!\n",3);
+	}
+
+	return jobid;
+
+ fail:
+	if (jobid != -1) {
+		tdb_delete(tdb, print_key(jobid));
+	}
+
+	tdb_unlock_bystring(tdb, "INFO/nextjob");
+
+	DEBUG(3, ("print_job_start: returning fail. Error = %s\n", strerror(errno) ));
+	return -1;
+}
+
+/****************************************************************************
+ Update the number of pages spooled to jobid
+****************************************************************************/
+
+void print_job_endpage(int jobid)
+{
+	struct printjob *pjob = print_job_find(jobid);
+	if (!pjob)
+		return;
+	/* don't allow another process to get this info - it is meaningless */
+	if (pjob->pid != local_pid)
+		return;
+
+	pjob->page_count++;
+	print_job_store(jobid, pjob);
+}
+
+/****************************************************************************
+ Print a file - called on closing the file. This spools the job.
+ If normal close is false then we're tearing down the jobs - treat as an
+ error.
+****************************************************************************/
+
+BOOL print_job_end(int jobid, BOOL normal_close)
+{
+	struct printjob *pjob = print_job_find(jobid);
+	int snum, ret;
+	SMB_STRUCT_STAT sbuf;
+
+	if (!pjob)
+		return False;
+
+	if (pjob->spooled || pjob->pid != local_pid)
+		return False;
+
+	snum = print_job_snum(jobid);
+	if (snum == -1) {
+		DEBUG(5,("print_job_end: unknown service number for jobid %d\n", jobid));
+		return False;
+	}
+
+	if (normal_close && (sys_fstat(pjob->fd, &sbuf) == 0)) {
+		pjob->size = sbuf.st_size;
+		close(pjob->fd);
+		pjob->fd = -1;
+	} else {
+
+		/* 
+		 * Not a normal close or we couldn't stat the job file,
+		 * so something has gone wrong. Cleanup.
+		 */
+		close(pjob->fd);
+		pjob->fd = -1;
+		DEBUG(3,("print_job_end: failed to stat file for jobid %d\n", jobid ));
+		goto fail;
+	}
+
+	/* Technically, this is not quit right. If the printer has a separator
+	 * page turned on, the NT spooler prints the separator page even if the
+	 * print job is 0 bytes. 010215 JRR */
+	if (pjob->size == 0 || pjob->status == LPQ_DELETING) {
+		/* don't bother spooling empty files or something being deleted. */
+		DEBUG(5,("print_job_end: canceling spool of %s (%s)\n",
+			pjob->filename, pjob->size ? "deleted" : "zero length" ));
+		unlink(pjob->filename);
+		tdb_delete(tdb, print_key(jobid));
+		return True;
+	}
+
+	ret = (*(current_printif->job_submit))(snum, pjob);
+
+	if (ret)
+		goto fail;
+
+	/* The print job has been sucessfully handed over to the back-end */
+	
+	pjob->spooled = True;
+	pjob->status = LPQ_QUEUED;
+	print_job_store(jobid, pjob);
+	
+	/* make sure the database is up to date */
+	if (print_cache_expired(snum))
+		print_queue_update(snum);
+	
+	return True;
+
+fail:
+
+	/* The print job was not succesfully started. Cleanup */
+	/* Still need to add proper error return propagation! 010122:JRR */
+	unlink(pjob->filename);
+	tdb_delete(tdb, print_key(jobid));
+	return False;
+}
+
+/* utility fn to enumerate the print queue */
+static int traverse_fn_queue(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *state)
+{
+	struct traverse_struct *ts = (struct traverse_struct *)state;
+	struct printjob pjob;
+	int i, jobid;
+
+	if (data.dsize != sizeof(pjob) || key.dsize != sizeof(int)) return 0;
+	memcpy(&jobid, key.dptr, sizeof(jobid));
+	memcpy(&pjob,  data.dptr, sizeof(pjob));
+
+	/* maybe it isn't for this queue */
+	if (ts->snum != lp_servicenumber(pjob.queuename))
+		return 0;
+
+	if (ts->qcount >= ts->maxcount) return 0;
+
+	i = ts->qcount;
+
+	ts->queue[i].job = jobid;
+	ts->queue[i].size = pjob.size;
+	ts->queue[i].page_count = pjob.page_count;
+	ts->queue[i].status = pjob.status;
+	ts->queue[i].priority = 1;
+	ts->queue[i].time = pjob.starttime;
+	fstrcpy(ts->queue[i].fs_user, pjob.user);
+	fstrcpy(ts->queue[i].fs_file, pjob.jobname);
+
+	ts->qcount++;
+
+	return 0;
+}
+
+struct traverse_count_struct {
+	int snum, count;
+};
+
+/* utility fn to count the number of entries in the print queue */
+static int traverse_count_fn_queue(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *state)
+{
+	struct traverse_count_struct *ts = (struct traverse_count_struct *)state;
+	struct printjob pjob;
+	int jobid;
+
+	if (data.dsize != sizeof(pjob) || key.dsize != sizeof(int)) return 0;
+	memcpy(&jobid, key.dptr, sizeof(jobid));
+	memcpy(&pjob,  data.dptr, sizeof(pjob));
+
+	/* maybe it isn't for this queue */
+	if (ts->snum != lp_servicenumber(pjob.queuename))
+		return 0;
+
+	ts->count++;
+
+	return 0;
+}
+
+/* Sort print jobs by submittal time */
+
+static int printjob_comp(print_queue_struct *j1, print_queue_struct *j2)
+{
+	/* Silly cases */
+
+	if (!j1 && !j2) return 0;
+	if (!j1) return -1;
+	if (!j2) return 1;
+
+	/* Sort on job start time */
+
+	if (j1->time == j2->time) return 0;
+	return (j1->time > j2->time) ? 1 : -1;
+}
+
+/****************************************************************************
+get a printer queue listing
+****************************************************************************/
+int print_queue_status(int snum, 
+		       print_queue_struct **queue,
+		       print_status_struct *status)
+{
+	struct traverse_struct tstruct;
+	struct traverse_count_struct tsc;
+	fstring keystr;
+	TDB_DATA data, key;
 
-  /* only take the last part of the filename */
-  {
-    string tmp;
-    char *p = strrchr(tok[6],'/');
-    if (p)
-      {
-	strcpy(tmp,p+1);
-	strcpy(tok[6],tmp);
-      }
-  }
+	/* make sure the database is up to date */
+	if (print_cache_expired(snum)) print_queue_update(snum);
+
+	*queue = NULL;
+	
+	/*
+	 * Fetch the queue status.  We must do this first, as there may
+	 * be no jobs in the queue.
+	 */
+	ZERO_STRUCTP(status);
+	slprintf(keystr, sizeof(keystr)-1, "STATUS/%s", lp_servicename(snum));
+	key.dptr = keystr;
+	key.dsize = strlen(keystr);
+	data = tdb_fetch(tdb, key);
+	if (data.dptr) {
+		if (data.dsize == sizeof(*status)) {
+			memcpy(status, data.dptr, sizeof(*status));
+		}
+		free(data.dptr);
+	}
+
+	/*
+	 * Now, fetch the print queue information.  We first count the number
+	 * of entries, and then only retrieve the queue if necessary.
+	 */
+	tsc.count = 0;
+	tsc.snum = snum;
 	
+	tdb_traverse(tdb, traverse_count_fn_queue, (void *)&tsc);
+
+	if (tsc.count == 0)
+		return 0;
+
+	/* Allocate the queue size. */
+	if ((tstruct.queue = (print_queue_struct *)
+	     malloc(sizeof(print_queue_struct)*tsc.count))
+				== NULL)
+		return 0;
+
+	/*
+	 * Fill in the queue.
+	 * We need maxcount as the queue size may have changed between
+	 * the two calls to tdb_traverse.
+	 */
+	tstruct.qcount = 0;
+	tstruct.maxcount = tsc.count;
+	tstruct.snum = snum;
+
+	tdb_traverse(tdb, traverse_fn_queue, (void *)&tstruct);
+
+	/* Sort the queue by submission time otherwise they are displayed
+	   in hash order. */
+
+	qsort(tstruct.queue, tstruct.qcount, sizeof(print_queue_struct),
+	      QSORT_CAST(printjob_comp));
+
+	*queue = tstruct.queue;
+	return tstruct.qcount;
+}
+
+
+/****************************************************************************
+turn a queue name into a snum
+****************************************************************************/
+int print_queue_snum(char *qname)
+{
+	int snum = lp_servicenumber(qname);
+	if (snum == -1 || !lp_print_ok(snum)) return -1;
+	return snum;
+}
+
+
+/****************************************************************************
+ pause a queue
+****************************************************************************/
+BOOL print_queue_pause(struct current_user *user, int snum, WERROR *errcode)
+{
+	char *printer_name;
+	int ret;
+	
+	if (!print_access_check(user, snum, PRINTER_ACCESS_ADMINISTER)) {
+		*errcode = WERR_ACCESS_DENIED;
+		return False;
+	}
+
+	ret = (*(current_printif->queue_pause))(snum);
+
+	if (ret != 0) {
+		*errcode = WERR_INVALID_PARAM;
+		return False;
+	}
+
+	/* force update the database */
+	print_cache_flush(snum);
 
-  buf->job = atoi(tok[2]);
-  buf->size = atoi(tok[4]);
-  buf->status = strequal(tok[3],"active")?LPQ_PRINTING:LPQ_QUEUED;
-  buf->priority = 0;
-  buf->time = time(NULL);
-  StrnCpy(buf->user,tok[1],sizeof(buf->user)-1);
-  StrnCpy(buf->file,tok[6],sizeof(buf->file)-1);
-  return(True);
-}
-
-
-
-char *stat0_strings[] = { "enabled", "online", "idle", "no entries", "free", "ready", NULL };
-char *stat1_strings[] = { "offline", "disabled", "down", "off", "waiting", "no daemon", NULL };
-char *stat2_strings[] = { "jam", "paper", "error", "responding", "not accepting", "not running", "turned off", NULL };
-
-/****************************************************************************
-parse a lpq line. Choose printing style
-****************************************************************************/
-static BOOL parse_lpq_entry(int snum,char *line,
-			    print_queue_struct *buf,
-			    print_status_struct *status,BOOL first)
-{
-  BOOL ret;
-
-  switch (lp_printing())
-    {
-    case PRINT_SYSV:
-      ret = parse_lpq_sysv(line,buf,first);
-      break;
-    case PRINT_AIX:      
-      ret = parse_lpq_aix(line,buf,first);
-      break;
-    case PRINT_HPUX:
-      ret = parse_lpq_hpux(line,buf,first);
-      break;
-    case PRINT_QNX:
-      ret = parse_lpq_qnx(line,buf,first);
-      break;
-    default:
-      ret = parse_lpq_bsd(line,buf,first);
-      break;
-    }
-
-#ifdef LPQ_GUEST_TO_USER
-  if (ret) {
-    extern pstring sesssetup_user;
-    /* change guest entries to the current logged in user to make
-       them appear deletable to windows */
-    if (sesssetup_user[0] && strequal(buf->user,lp_guestaccount(snum)))
-      strcpy(buf->user,sesssetup_user);
-  }
-#endif
-
-  if (status && !ret)
-    {
-      /* a few simple checks to see if the line might be a
-         printer status line: 
-	 handle them so that most severe condition is shown */
-      int i;
-      strlower(line);
-      
-      switch (status->status) {
-      case LPSTAT_OK:
-	for (i=0; stat0_strings[i]; i++)
-	  if (strstr(line,stat0_strings[i])) {
-	    StrnCpy(status->message,line,sizeof(status->message)-1);
-	    status->status=LPSTAT_OK;
-	  }
-      case LPSTAT_STOPPED:
-	for (i=0; stat1_strings[i]; i++)
-	  if (strstr(line,stat1_strings[i])) {
-	    StrnCpy(status->message,line,sizeof(status->message)-1);
-	    status->status=LPSTAT_STOPPED;
-	  }
-      case LPSTAT_ERROR:
-	for (i=0; stat2_strings[i]; i++)
-	  if (strstr(line,stat2_strings[i])) {
-	    StrnCpy(status->message,line,sizeof(status->message)-1);
-	    status->status=LPSTAT_ERROR;
-	  }
-	break;
-      }
-    }
-
-  return(ret);
-}
-
-/****************************************************************************
-get a printer queue
-****************************************************************************/
-int get_printqueue(int snum,int cnum,print_queue_struct **queue,
-		   print_status_struct *status)
-{
-  char *lpq_command = lp_lpqcommand(snum);
-  char *printername = PRINTERNAME(snum);
-  int ret=0,count=0;
-  pstring syscmd;
-  fstring outfile;
-  pstring line;
-  FILE *f;
-  struct stat sbuf;
-  BOOL dorun=True;
-  int cachetime = lp_lpqcachetime();
-  int lfd = -1;
-
-  *line = 0;
-  check_lpq_cache(snum);
-  
-  if (!printername || !*printername)
-    {
-      DEBUG(6,("replacing printer name with service (snum=(%s,%d))\n",
-	    lp_servicename(snum),snum));
-      printername = lp_servicename(snum);
-    }
-    
-  if (!lpq_command || !(*lpq_command))
-    {
-      DEBUG(5,("No lpq command\n"));
-      return(0);
-    }
-    
-  strcpy(syscmd,lpq_command);
-  string_sub(syscmd,"%p",printername);
-
-  standard_sub(cnum,syscmd);
-
-  sprintf(outfile,"/tmp/lpq.%08x",str_checksum(syscmd));
-  
-  if (!lpq_cache_reset[snum] && cachetime && !stat(outfile,&sbuf)) 
-    {
-      if (time(NULL) - sbuf.st_mtime < cachetime) {
-	DEBUG(3,("Using cached lpq output\n"));
-	dorun = False;
-      }
-
-      if (dorun) {
-	lfd = file_lock(outfile,LPQ_LOCK_TIMEOUT);
-	if (lfd<0 || 
-	    (!fstat(lfd,&sbuf) && (time(NULL) - sbuf.st_mtime)<cachetime)) {
-	  DEBUG(3,("Using cached lpq output\n"));
-	  dorun = False;
-	  file_unlock(lfd); lfd = -1;
-	}
-      }
-    }
-
-  if (dorun) {
-    ret = smbrun(syscmd,outfile);
-    DEBUG(3,("Running the command `%s' gave %d\n",syscmd,ret));
-  }
-
-  lpq_cache_reset[snum] = False;
-
-  f = fopen(outfile,"r");
-  if (!f) {
-    if (lfd >= 0) file_unlock(lfd);
-    return(0);
-  }
-
-  if (status) {
-    strcpy(status->message,"");
-    status->status = LPSTAT_OK;
-  }
-      
-  while (fgets(line,sizeof(pstring),f))
-    {
-      DEBUG(6,("QUEUE2: %s\n",line));
-
-      *queue = Realloc(*queue,sizeof(print_queue_struct)*(count+1));
-      if (! *queue)
-	{
-	  count = 0;
-	  break;
-	}
-
-      bzero((char *)&(*queue)[count],sizeof(**queue));
-	  
-      /* parse it */
-      if (!parse_lpq_entry(snum,line,&(*queue)[count],status,count==0))
-	continue;
-	  
-      count++;
-    }	      
-
-  fclose(f);
-
-  if (lfd >= 0) file_unlock(lfd);
-
-  if (!cachetime) 
-    unlink(outfile);
-  else
-    chmod(outfile,0666);
-  return(count);
-}
-
-
-/****************************************************************************
-delete a printer queue entry
-****************************************************************************/
-void del_printqueue(int cnum,int snum,int jobid)
-{
-  char *lprm_command = lp_lprmcommand(snum);
-  char *printername = PRINTERNAME(snum);
-  pstring syscmd;
-  char jobstr[20];
-  int ret;
-
-  if (!printername || !*printername)
-    {
-      DEBUG(6,("replacing printer name with service (snum=(%s,%d))\n",
-	    lp_servicename(snum),snum));
-      printername = lp_servicename(snum);
-    }
-    
-  if (!lprm_command || !(*lprm_command))
-    {
-      DEBUG(5,("No lprm command\n"));
-      return;
-    }
-    
-  sprintf(jobstr,"%d",jobid);
-
-  strcpy(syscmd,lprm_command);
-  string_sub(syscmd,"%p",printername);
-  string_sub(syscmd,"%j",jobstr);
-  standard_sub(cnum,syscmd);
-
-  ret = smbrun(syscmd,NULL);
-  DEBUG(3,("Running the command `%s' gave %d\n",syscmd,ret));  
-  lpq_reset(snum); /* queue has changed */
-}
-
-/****************************************************************************
-change status of a printer queue entry
-****************************************************************************/
-void status_printjob(int cnum,int snum,int jobid,int status)
-{
-  char *lpstatus_command = 
-    (status==LPQ_PAUSED?lp_lppausecommand(snum):lp_lpresumecommand(snum));
-  char *printername = PRINTERNAME(snum);
-  pstring syscmd;
-  char jobstr[20];
-  int ret;
-
-  if (!printername || !*printername)
-    {
-      DEBUG(6,("replacing printer name with service (snum=(%s,%d))\n",
-	    lp_servicename(snum),snum));
-      printername = lp_servicename(snum);
-    }
-    
-  if (!lpstatus_command || !(*lpstatus_command))
-    {
-      DEBUG(5,("No lpstatus command to %s job\n",
-	       (status==LPQ_PAUSED?"pause":"resume")));
-      return;
-    }
-    
-  sprintf(jobstr,"%d",jobid);
-
-  strcpy(syscmd,lpstatus_command);
-  string_sub(syscmd,"%p",printername);
-  string_sub(syscmd,"%j",jobstr);
-  standard_sub(cnum,syscmd);
+	/* Send a printer notify message */
 
-  ret = smbrun(syscmd,NULL);
-  DEBUG(3,("Running the command `%s' gave %d\n",syscmd,ret));  
-  lpq_reset(snum); /* queue has changed */
+	printer_name = PRINTERNAME(snum);
+
+	send_queue_message(printer_name, 0, PRINTER_CHANGE_JOB);
+
+	return True;
 }
 
+/****************************************************************************
+ resume a queue
+****************************************************************************/
+BOOL print_queue_resume(struct current_user *user, int snum, WERROR *errcode)
+{
+	char *printer_name;
+	int ret;
+
+	if (!print_access_check(user, snum, PRINTER_ACCESS_ADMINISTER)) {
+		*errcode = WERR_ACCESS_DENIED;
+		return False;
+	}
+
+	ret = (*(current_printif->queue_resume))(snum);
 
+	if (ret != 0) {
+		*errcode = WERR_INVALID_PARAM;
+		return False;
+	}
+
+	/* make sure the database is up to date */
+	if (print_cache_expired(snum)) print_queue_update(snum);
+
+	/* Send a printer notify message */
+
+	printer_name = PRINTERNAME(snum);
+
+	send_queue_message(printer_name, 0, PRINTER_CHANGE_JOB);
+
+	return True;
+}
+
+/****************************************************************************
+ purge a queue - implemented by deleting all jobs that we can delete
+****************************************************************************/
+BOOL print_queue_purge(struct current_user *user, int snum, WERROR *errcode)
+{
+	print_queue_struct *queue;
+	print_status_struct status;
+	char *printer_name;
+	int njobs, i;
+	BOOL can_job_admin;
+
+	/* Force and update so the count is accurate (i.e. not a cached count) */
+	print_queue_update(snum);
+	
+	can_job_admin = print_access_check(user, snum, JOB_ACCESS_ADMINISTER);
+	njobs = print_queue_status(snum, &queue, &status);
+
+	for (i=0;i<njobs;i++) {
+		BOOL owner = is_owner(user, queue[i].job);
+
+		if (owner || can_job_admin) {
+			print_job_delete1(queue[i].job);
+		}
+	}
+
+	safe_free(queue);
+
+	/* Send a printer notify message */
+
+	printer_name = PRINTERNAME(snum);
+
+	send_queue_message(printer_name, 0, PRINTER_CHANGE_JOB);
+
+	return True;
+}
diff --git a/source3/profile/profile.c b/source3/profile/profile.c
new file mode 100644
index 0000000000..595593c6f0
--- /dev/null
+++ b/source3/profile/profile.c
@@ -0,0 +1,156 @@
+/* 
+   Unix SMB/CIFS implementation.
+   store smbd profiling information in shared memory
+   Copyright (C) Andrew Tridgell 1999
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+*/
+
+#include "includes.h"
+
+#define IPC_PERMS ((SHM_R | SHM_W) | (SHM_R>>3) | (SHM_R>>6))
+
+static int shm_id;
+static BOOL read_only;
+
+struct profile_header *profile_h;
+struct profile_stats *profile_p;
+
+BOOL do_profile_flag = False;
+BOOL do_profile_times = False;
+
+struct timeval profile_starttime;
+struct timeval profile_endtime;
+struct timeval profile_starttime_nested;
+struct timeval profile_endtime_nested;
+
+/****************************************************************************
+receive a set profile level message
+****************************************************************************/
+void profile_message(int msg_type, pid_t src, void *buf, size_t len)
+{
+        int level;
+
+	memcpy(&level, buf, sizeof(int));
+	switch (level) {
+	case 0:		/* turn off profiling */
+		do_profile_flag = False;
+		do_profile_times = False;
+		DEBUG(1,("INFO: Profiling turned OFF from pid %d\n", (int)src));
+		break;
+	case 1:		/* turn on counter profiling only */
+		do_profile_flag = True;
+		do_profile_times = False;
+		DEBUG(1,("INFO: Profiling counts turned ON from pid %d\n", (int)src));
+		break;
+	case 2:		/* turn on complete profiling */
+		do_profile_flag = True;
+		do_profile_times = True;
+		DEBUG(1,("INFO: Full profiling turned ON from pid %d\n", (int)src));
+		break;
+	case 3:		/* reset profile values */
+		memset((char *)profile_p, 0, sizeof(*profile_p));
+		DEBUG(1,("INFO: Profiling values cleared from pid %d\n", (int)src));
+		break;
+	}
+}
+
+/****************************************************************************
+receive a request profile level message
+****************************************************************************/
+void reqprofile_message(int msg_type, pid_t src, void *buf, size_t len)
+{
+        int level;
+
+#ifdef WITH_PROFILE
+	level = 1 + (do_profile_flag?2:0) + (do_profile_times?4:0);
+#else
+	level = 0;
+#endif
+	DEBUG(1,("INFO: Received REQ_PROFILELEVEL message from PID %u\n",(unsigned int)src));
+	message_send_pid(src, MSG_PROFILELEVEL, &level, sizeof(int), True);
+}
+
+/*******************************************************************
+  open the profiling shared memory area
+  ******************************************************************/
+BOOL profile_setup(BOOL rdonly)
+{
+	struct shmid_ds shm_ds;
+
+	read_only = rdonly;
+
+ again:
+	/* try to use an existing key */
+	shm_id = shmget(PROF_SHMEM_KEY, 0, 0);
+	
+	/* if that failed then create one. There is a race condition here
+	   if we are running from inetd. Bad luck. */
+	if (shm_id == -1) {
+		if (read_only) return False;
+		shm_id = shmget(PROF_SHMEM_KEY, sizeof(*profile_h), 
+				IPC_CREAT | IPC_EXCL | IPC_PERMS);
+	}
+	
+	if (shm_id == -1) {
+		DEBUG(0,("Can't create or use IPC area. Error was %s\n", 
+			 strerror(errno)));
+		return False;
+	}   
+	
+	
+	profile_h = (struct profile_header *)shmat(shm_id, 0, 
+						   read_only?SHM_RDONLY:0);
+	if ((long)profile_p == -1) {
+		DEBUG(0,("Can't attach to IPC area. Error was %s\n", 
+			 strerror(errno)));
+		return False;
+	}
+
+	/* find out who created this memory area */
+	if (shmctl(shm_id, IPC_STAT, &shm_ds) != 0) {
+		DEBUG(0,("ERROR shmctl : can't IPC_STAT. Error was %s\n", 
+			 strerror(errno)));
+		return False;
+	}
+
+	if (shm_ds.shm_perm.cuid != sec_initial_uid() || shm_ds.shm_perm.cgid != sec_initial_gid()) {
+		DEBUG(0,("ERROR: we did not create the shmem (owned by another user)\n"));
+		return False;
+	}
+
+	if (shm_ds.shm_segsz != sizeof(*profile_h)) {
+		DEBUG(0,("WARNING: profile size is %d (expected %d). Deleting\n",
+			 (int)shm_ds.shm_segsz, sizeof(*profile_h)));
+		if (shmctl(shm_id, IPC_RMID, &shm_ds) == 0) {
+			goto again;
+		} else {
+			return False;
+		}
+	}
+
+	if (!read_only && (shm_ds.shm_nattch == 1)) {
+		memset((char *)profile_h, 0, sizeof(*profile_h));
+		profile_h->prof_shm_magic = PROF_SHM_MAGIC;
+		profile_h->prof_shm_version = PROF_SHM_VERSION;
+		DEBUG(3,("Initialised profile area\n"));
+	}
+
+	profile_p = &profile_h->stats;
+	message_register(MSG_PROFILE, profile_message);
+	message_register(MSG_REQ_PROFILELEVEL, reqprofile_message);
+	return True;
+}
diff --git a/source3/python/mkpatch b/source3/python/mkpatch
new file mode 100755
index 0000000000..ab5be1b6a2
--- /dev/null
+++ b/source3/python/mkpatch
@@ -0,0 +1,6 @@
+#!/bin/sh
+#
+# Make samba-head.patch.  Must be run from samba source directory.
+#
+
+cvs -z3 diff -u Makefile.in configure.in > python/samba-head.patch
diff --git a/source3/python/py_spoolss_ports_conv.c b/source3/python/py_spoolss_ports_conv.c
new file mode 100644
index 0000000000..3f6d94bf7e
--- /dev/null
+++ b/source3/python/py_spoolss_ports_conv.c
@@ -0,0 +1,58 @@
+/* 
+   Python wrappers for DCERPC/SMB client routines.
+
+   Copyright (C) Tim Potter, 2002
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "python/py_spoolss.h"
+#include "python/py_conv.h"
+
+struct pyconv py_PORT_INFO_1[] = {
+	{ "name", PY_UNISTR, offsetof(PORT_INFO_1, port_name) },
+	{ NULL }
+};
+
+struct pyconv py_PORT_INFO_2[] = {
+	{ "name", PY_UNISTR, offsetof(PORT_INFO_2, port_name) },
+	{ "monitor_name", PY_UNISTR, offsetof(PORT_INFO_2, monitor_name) },
+	{ "description", PY_UNISTR, offsetof(PORT_INFO_2, description) },
+	{ "reserved", PY_UINT32, offsetof(PORT_INFO_2, reserved) },
+	{ "type", PY_UINT32, offsetof(PORT_INFO_2, port_type) },
+	{ NULL }
+};	
+
+BOOL py_from_PORT_INFO_1(PyObject **dict, PORT_INFO_1 *info)
+{
+	*dict = from_struct(info, py_PORT_INFO_1);
+	return True;
+}
+
+BOOL py_to_PORT_INFO_1(PORT_INFO_1 *info, PyObject *dict)
+{
+	return False;
+}
+
+BOOL py_from_PORT_INFO_2(PyObject **dict, PORT_INFO_2 *info)
+{
+	*dict = from_struct(info, py_PORT_INFO_2);
+	return True;
+}
+
+BOOL py_to_PORT_INFO_2(PORT_INFO_2 *info, PyObject *dict)
+{
+	return False;
+}
diff --git a/source3/rpc_client/cli_login.c b/source3/rpc_client/cli_login.c
new file mode 100644
index 0000000000..7b5bf90c5d
--- /dev/null
+++ b/source3/rpc_client/cli_login.c
@@ -0,0 +1,173 @@
+/* 
+   Unix SMB/CIFS implementation.
+   NT Domain Authentication SMB / MSRPC client
+   Copyright (C) Andrew Tridgell 1994-1997
+   Copyright (C) Luke Kenneth Casson Leighton 1996-1997
+   Copyright (C) Jeremy Allison  1999.
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+extern fstring global_myworkgroup;
+extern pstring global_myname;
+
+/****************************************************************************
+Initialize domain session credentials.
+****************************************************************************/
+
+NTSTATUS cli_nt_setup_creds(struct cli_state *cli, unsigned char mach_pwd[16])
+{
+  NTSTATUS result;
+  DOM_CHAL clnt_chal;
+  DOM_CHAL srv_chal;
+
+  UTIME zerotime;
+
+  /******************* Request Challenge ********************/
+
+  generate_random_buffer( clnt_chal.data, 8, False);
+	
+  /* send a client challenge; receive a server challenge */
+  if (!cli_net_req_chal(cli, &clnt_chal, &srv_chal))
+  {
+    DEBUG(0,("cli_nt_setup_creds: request challenge failed\n"));
+    return NT_STATUS_UNSUCCESSFUL;
+  }
+
+  /**************** Long-term Session key **************/
+
+  /* calculate the session key */
+  cred_session_key(&clnt_chal, &srv_chal, (char *)mach_pwd, cli->sess_key);
+  memset((char *)cli->sess_key+8, '\0', 8);
+
+  /******************* Authenticate 2 ********************/
+
+  /* calculate auth-2 credentials */
+  zerotime.time = 0;
+  cred_create(cli->sess_key, &clnt_chal, zerotime, &(cli->clnt_cred.challenge));
+
+  /*  
+   * Send client auth-2 challenge.
+   * Receive an auth-2 challenge response and check it.
+   */
+
+  result = cli_net_auth2(cli, (lp_server_role() == ROLE_DOMAIN_MEMBER) ?
+                         SEC_CHAN_WKSTA : SEC_CHAN_BDC, 0x000001ff, &srv_chal);
+  
+  if (!NT_STATUS_IS_OK(result))
+  {
+    DEBUG(0,("cli_nt_setup_creds: auth2 challenge failed\n"));
+    return result;
+  }
+
+  return NT_STATUS_OK;
+}
+
+/****************************************************************************
+NT login - interactive.
+*NEVER* use this code. This method of doing a logon (sending the cleartext
+password equivalents, protected by the session key) is inherently insecure
+given the current design of the NT Domain system. JRA.
+ ****************************************************************************/
+NTSTATUS cli_nt_login_interactive(struct cli_state *cli, char *domain, char *username, 
+                              uint32 smb_userid_low, char *password,
+                              NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3)
+{
+  uchar lm_owf_user_pwd[16];
+  uchar nt_owf_user_pwd[16];
+  NTSTATUS ret;
+
+  DEBUG(5,("cli_nt_login_interactive: %d\n", __LINE__));
+
+  nt_lm_owf_gen(password, nt_owf_user_pwd, lm_owf_user_pwd);
+
+#ifdef DEBUG_PASSWORD
+
+  DEBUG(100,("nt owf of user password: "));
+  dump_data(100, (char *)lm_owf_user_pwd, 16);
+
+  DEBUG(100,("nt owf of user password: "));
+  dump_data(100, (char *)nt_owf_user_pwd, 16);
+
+#endif
+
+  DEBUG(5,("cli_nt_login_interactive: %d\n", __LINE__));
+
+  /* indicate an "interactive" login */
+  ctr->switch_value = INTERACTIVE_LOGON_TYPE;
+
+  /* Create the structure needed for SAM logon. */
+  init_id_info1(&ctr->auth.id1, domain, 0, 
+                smb_userid_low, 0,
+                username, cli->clnt_name_slash,
+                (char *)cli->sess_key, lm_owf_user_pwd, nt_owf_user_pwd);
+
+  /* Ensure we overwrite all the plaintext password
+     equivalents. */
+  memset(lm_owf_user_pwd, '\0', sizeof(lm_owf_user_pwd));
+  memset(nt_owf_user_pwd, '\0', sizeof(nt_owf_user_pwd));
+
+  /* Send client sam-logon request - update credentials on success. */
+  ret = cli_net_sam_logon(cli, ctr, user_info3);
+
+  memset(ctr->auth.id1.lm_owf.data, '\0', sizeof(lm_owf_user_pwd));
+  memset(ctr->auth.id1.nt_owf.data, '\0', sizeof(nt_owf_user_pwd));
+
+  return ret;
+}
+
+/****************************************************************************
+NT login - network.
+*ALWAYS* use this call to validate a user as it does not expose plaintext
+password equivalents over the network. JRA.
+****************************************************************************/
+
+NTSTATUS cli_nt_login_network(struct cli_state *cli, 
+			      const auth_usersupplied_info *user_info, 
+			      uchar chal[8],
+			      uint32 smb_userid_low, NET_ID_INFO_CTR *ctr, 
+			      NET_USER_INFO_3 *user_info3)
+{
+  DEBUG(5,("cli_nt_login_network: %d\n", __LINE__));
+  /* indicate a "network" login */
+  ctr->switch_value = NET_LOGON_TYPE;
+
+  /* Create the structure needed for SAM logon. */
+  init_id_info2(&ctr->auth.id2, user_info->domain.str, 0, smb_userid_low, 0,
+                user_info->smb_name.str, 
+		/* Send our cleint's workstaion name if we have it, otherwise ours */
+		((user_info->wksta_name.len > 0) ?
+		 user_info->wksta_name.str :
+		 cli->clnt_name_slash),
+		chal, 
+		user_info->lm_resp.data, user_info->lm_resp.length,
+		user_info->nt_resp.data, user_info->nt_resp.length);
+
+  /* Send client sam-logon request - update credentials on success. */
+  return cli_net_sam_logon(cli, ctr, user_info3);
+}
+
+/****************************************************************************
+NT Logoff.
+****************************************************************************/
+BOOL cli_nt_logoff(struct cli_state *cli, NET_ID_INFO_CTR *ctr)
+{
+  DEBUG(5,("cli_nt_logoff: %d\n", __LINE__));
+
+  /* Send client sam-logoff request - update credentials on success. */
+  return cli_net_sam_logoff(cli, ctr);
+}
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
new file mode 100644
index 0000000000..90c8a34c21
--- /dev/null
+++ b/source3/rpc_client/cli_netlogon.c
@@ -0,0 +1,470 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell              1992-1997,
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
+ *  Copyright (C) Paul Ashton                       1997.
+ *  Copyright (C) Jeremy Allison                    1998.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+
+#include "includes.h"
+
+extern pstring global_myname;
+extern fstring global_myworkgroup;
+
+/****************************************************************************
+Generate the next creds to use.
+****************************************************************************/
+
+static void gen_next_creds( struct cli_state *cli, DOM_CRED *new_clnt_cred)
+{
+  /*
+   * Create the new client credentials.
+   */
+
+  cli->clnt_cred.timestamp.time = time(NULL);
+
+  memcpy(new_clnt_cred, &cli->clnt_cred, sizeof(*new_clnt_cred));
+
+  /* Calculate the new credentials. */
+  cred_create(cli->sess_key, &(cli->clnt_cred.challenge),
+              new_clnt_cred->timestamp, &(new_clnt_cred->challenge));
+
+}
+
+#if UNUSED_CODE
+/****************************************************************************
+do a LSA Logon Control2
+****************************************************************************/
+BOOL cli_net_logon_ctrl2(struct cli_state *cli, NTSTATUS status_level)
+{
+  prs_struct rbuf;
+  prs_struct buf; 
+  NET_Q_LOGON_CTRL2 q_l;
+  BOOL ok = False;
+
+  prs_init(&buf , 1024, cli->mem_ctx, MARSHALL);
+  prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+
+  /* create and send a MSRPC command with api NET_LOGON_CTRL2 */
+
+  DEBUG(4,("do_net_logon_ctrl2 from %s status level:%x\n",
+           global_myname, status_level));
+
+  /* store the parameters */
+  init_q_logon_ctrl2(&q_l, cli->srv_name_slash, 
+		     status_level);
+
+  /* turn parameters into data stream */
+  if(!net_io_q_logon_ctrl2("", &q_l,  &buf, 0)) {
+    DEBUG(0,("cli_net_logon_ctrl2: Error : failed to marshall NET_Q_LOGON_CTRL2 struct.\n"));
+    prs_mem_free(&buf);
+    prs_mem_free(&rbuf);
+    return False;
+  }
+
+  /* send the data on \PIPE\ */
+  if (rpc_api_pipe_req(cli, NET_LOGON_CTRL2, &buf, &rbuf))
+  {
+    NET_R_LOGON_CTRL2 r_l;
+
+    /*
+     * Unmarshall the return buffer.
+     */
+    ok = net_io_r_logon_ctrl2("", &r_l, &rbuf, 0);
+		
+    if (ok && r_l.status != 0)
+    {
+      /* report error code */
+      DEBUG(0,("do_net_logon_ctrl2: Error %s\n", nt_errstr(r_l.status)));
+      cli->nt_error = r_l.status;
+      ok = False;
+    }
+  }
+
+  prs_mem_free(&buf);
+  prs_mem_free(&rbuf);
+
+  return ok;
+}
+#endif
+
+/****************************************************************************
+LSA Authenticate 2
+
+Send the client credential, receive back a server credential.
+Ensure that the server credential returned matches the session key 
+encrypt of the server challenge originally received. JRA.
+****************************************************************************/
+
+NTSTATUS cli_net_auth2(struct cli_state *cli, uint16 sec_chan, 
+                       uint32 neg_flags, DOM_CHAL *srv_chal)
+{
+  prs_struct rbuf;
+  prs_struct buf; 
+  NET_Q_AUTH_2 q_a;
+  BOOL ok = False;
+  NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+  prs_init(&buf , 1024, cli->mem_ctx, MARSHALL);
+  prs_init(&rbuf, 0,    cli->mem_ctx, UNMARSHALL);
+
+  /* create and send a MSRPC command with api NET_AUTH2 */
+
+  DEBUG(4,("cli_net_auth2: srv:%s acct:%s sc:%x mc: %s chal %s neg: %x\n",
+	   cli->srv_name_slash, cli->mach_acct, sec_chan, global_myname,
+	   credstr(cli->clnt_cred.challenge.data), neg_flags));
+
+  /* store the parameters */
+  init_q_auth_2(&q_a, cli->srv_name_slash, cli->mach_acct, 
+		sec_chan, global_myname, &cli->clnt_cred.challenge, neg_flags);
+
+  /* turn parameters into data stream */
+  if(!net_io_q_auth_2("", &q_a,  &buf, 0)) {
+    DEBUG(0,("cli_net_auth2: Error : failed to marshall NET_Q_AUTH_2 struct.\n"));
+    prs_mem_free(&buf);
+    prs_mem_free(&rbuf);
+    return result;
+  }
+
+  /* send the data on \PIPE\ */
+  if (rpc_api_pipe_req(cli, NET_AUTH2, &buf, &rbuf))
+  {
+    NET_R_AUTH_2 r_a;
+
+    ok = net_io_r_auth_2("", &r_a, &rbuf, 0);
+    result = r_a.status;
+
+    if (ok && !NT_STATUS_IS_OK(result))
+    {
+      /* report error code */
+      DEBUG(0,("cli_net_auth2: Error %s\n", nt_errstr(result)));
+      ok = False;
+    }
+
+    if (ok)
+    {
+      /* 
+       * Check the returned value using the initial
+       * server received challenge.
+       */
+      UTIME zerotime;
+
+      zerotime.time = 0;
+      if(cred_assert( &r_a.srv_chal, cli->sess_key, srv_chal, zerotime) == 0) {
+        /*
+         * Server replied with bad credential. Fail.
+         */
+        DEBUG(0,("cli_net_auth2: server %s replied with bad credential (bad machine \
+password ?).\n", cli->desthost ));
+        ok = False;
+      }
+    }
+
+#if 0
+    /*
+     * Try commenting this out to see if this makes the connect
+     * work for a NT 3.51 PDC. JRA.
+     */
+
+    if (ok && r_a.srv_flgs.neg_flags != q_a.clnt_flgs.neg_flags)
+    {
+      /* report different neg_flags */
+      DEBUG(0,("cli_net_auth2: error neg_flags (q,r) differ - (%x,%x)\n",
+          q_a.clnt_flgs.neg_flags, r_a.srv_flgs.neg_flags));
+      ok = False;
+    }
+#endif
+
+  }
+
+  prs_mem_free(&buf);
+  prs_mem_free(&rbuf);
+
+  return result;
+}
+
+/****************************************************************************
+LSA Request Challenge. Sends our challenge to server, then gets
+server response. These are used to generate the credentials.
+****************************************************************************/
+
+BOOL cli_net_req_chal(struct cli_state *cli, DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal)
+{
+  prs_struct rbuf;
+  prs_struct buf; 
+  NET_Q_REQ_CHAL q_c;
+  BOOL valid_chal = False;
+
+  prs_init(&buf , 1024, cli->mem_ctx, MARSHALL);
+  prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+
+  /* create and send a MSRPC command with api NET_REQCHAL */
+
+  DEBUG(4,("cli_net_req_chal: LSA Request Challenge from %s to %s: %s\n",
+         cli->desthost, global_myname, credstr(clnt_chal->data)));
+
+  /* store the parameters */
+  init_q_req_chal(&q_c, cli->srv_name_slash, 
+		  global_myname, clnt_chal);
+
+  /* turn parameters into data stream */
+  if(!net_io_q_req_chal("", &q_c,  &buf, 0)) {
+    DEBUG(0,("cli_net_req_chal: Error : failed to marshall NET_Q_REQ_CHAL struct.\n"));
+    prs_mem_free(&buf);
+    prs_mem_free(&rbuf);
+    return False;
+  }
+
+  /* send the data on \PIPE\ */
+  if (rpc_api_pipe_req(cli, NET_REQCHAL, &buf, &rbuf))
+  {
+    NET_R_REQ_CHAL r_c;
+    BOOL ok;
+
+    ok = net_io_r_req_chal("", &r_c, &rbuf, 0);
+		
+    if (ok && !NT_STATUS_IS_OK(r_c.status))
+    {
+      /* report error code */
+      DEBUG(0,("cli_net_req_chal: Error %s\n", nt_errstr(r_c.status)));
+      ok = False;
+    }
+
+    if (ok)
+    {
+      /* ok, at last: we're happy. return the challenge */
+      memcpy(srv_chal, r_c.srv_chal.data, sizeof(srv_chal->data));
+      valid_chal = True;
+    }
+  }
+
+  prs_mem_free(&buf);
+  prs_mem_free(&rbuf);
+
+  return valid_chal;
+}
+/***************************************************************************
+ LSA SAM Logon internal - interactive or network. Does level 2 or 3 but always
+ returns level 3.
+****************************************************************************/
+
+static NTSTATUS cli_net_sam_logon_internal(struct cli_state *cli, NET_ID_INFO_CTR *ctr, 
+					   NET_USER_INFO_3 *user_info3, 
+					   uint16 validation_level)
+{
+	DOM_CRED new_clnt_cred;
+	DOM_CRED dummy_rtn_creds;
+	prs_struct rbuf;
+	prs_struct buf; 
+	NET_Q_SAM_LOGON q_s;
+	NET_R_SAM_LOGON r_s;
+	NTSTATUS retval = NT_STATUS_OK;
+
+	gen_next_creds( cli, &new_clnt_cred);
+
+	prs_init(&buf , 1024, cli->mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0,    cli->mem_ctx, UNMARSHALL);
+
+	/* create and send a MSRPC command with api NET_SAMLOGON */
+
+	DEBUG(4,("cli_net_sam_logon_internal: srv:%s mc:%s clnt %s %x ll: %d\n",
+             cli->srv_name_slash, global_myname, 
+             credstr(new_clnt_cred.challenge.data), cli->clnt_cred.timestamp.time,
+             ctr->switch_value));
+
+	memset(&dummy_rtn_creds, '\0', sizeof(dummy_rtn_creds));
+	dummy_rtn_creds.timestamp.time = time(NULL);
+
+	/* store the parameters */
+	q_s.validation_level = validation_level;
+	init_sam_info(&q_s.sam_id, cli->srv_name_slash, 
+		global_myname, &new_clnt_cred, &dummy_rtn_creds, 
+		ctr->switch_value, ctr);
+
+	/* turn parameters into data stream */
+	if(!net_io_q_sam_logon("", &q_s,  &buf, 0)) {
+		DEBUG(0,("cli_net_sam_logon_internal: Error : failed to marshall NET_Q_SAM_LOGON struct.\n"));
+		retval = NT_STATUS_NO_MEMORY;
+		goto out;
+	}
+
+	/* send the data on \PIPE\ */
+	if (!rpc_api_pipe_req(cli, NET_SAMLOGON, &buf, &rbuf)) {
+		DEBUG(0,("cli_net_sam_logon_internal: Error rpc_api_pipe_req failed.\n"));
+                retval = NT_STATUS_UNSUCCESSFUL;
+		goto out;
+	}
+
+	r_s.user = user_info3;
+
+	if(!net_io_r_sam_logon("", &r_s, &rbuf, 0)) {
+		DEBUG(0,("cli_net_sam_logon_internal: Error : failed to unmarshal NET_R_SAM_LOGON struct.\n"));
+		retval = NT_STATUS_NO_MEMORY;
+		goto out;
+	}
+		
+	retval = r_s.status;
+
+	/*
+	 * Don't treat NT_STATUS_INVALID_INFO_CLASS as an error - we will re-issue
+	 * the call.
+	 */
+	
+	if (NT_STATUS_V(retval) == NT_STATUS_V(NT_STATUS_INVALID_INFO_CLASS)) {
+		goto out;
+	}
+
+	if (!NT_STATUS_IS_OK(retval)) {
+		/* report error code */
+		DEBUG(0,("cli_net_sam_logon_internal: %s\n", nt_errstr(r_s.status)));
+		goto out;
+	}
+
+	/* Update the credentials. */
+	if (!clnt_deal_with_creds(cli->sess_key, &cli->clnt_cred, &r_s.srv_creds)) {
+		/*
+		 * Server replied with bad credential. Fail.
+		 */
+		DEBUG(0,("cli_net_sam_logon_internal: server %s replied with bad credential (bad machine \
+password ?).\n", cli->desthost ));
+		retval = NT_STATUS_WRONG_PASSWORD;
+	}
+	
+	if (r_s.switch_value != validation_level) {
+		/* report different switch_value */
+		DEBUG(0,("cli_net_sam_logon: switch_value of %x expected %x\n", (unsigned int)validation_level,
+			 (unsigned int)r_s.switch_value));
+		retval = NT_STATUS_INVALID_PARAMETER;
+	}
+
+out:
+
+	prs_mem_free(&buf);
+	prs_mem_free(&rbuf);
+	
+	return retval;
+}
+
+/***************************************************************************
+LSA SAM Logon - interactive or network.
+****************************************************************************/
+
+NTSTATUS cli_net_sam_logon(struct cli_state *cli, NET_ID_INFO_CTR *ctr, 
+                         NET_USER_INFO_3 *user_info3)
+{
+	uint16 validation_level=3;
+	NTSTATUS result;
+
+	result = cli_net_sam_logon_internal(cli, ctr, user_info3, 
+                                            validation_level);
+
+	if (NT_STATUS_IS_OK(result)) {
+		DEBUG(10,("cli_net_sam_logon: Success \n"));
+	} else if (NT_STATUS_V(result) == NT_STATUS_V(NT_STATUS_INVALID_INFO_CLASS)) {
+		DEBUG(10,("cli_net_sam_logon: STATUS INVALID INFO CLASS \n"));
+
+		validation_level=2;
+
+		/*
+		 * Since this is the second time we call this function, don't care
+		 * for the error. If its error, return False. 
+		 */
+
+		result = cli_net_sam_logon_internal(cli, ctr, user_info3,
+                                                    validation_level);
+	}
+
+	return result;
+}
+
+/***************************************************************************
+LSA SAM Logoff.
+
+This currently doesnt work correctly as the domain controller 
+returns NT_STATUS_INVALID_INFO_CLASS - we obviously need to
+send a different info level. Right now though, I'm not sure
+what that needs to be (I need to see one on the wire before
+I can be sure). JRA.
+****************************************************************************/
+BOOL cli_net_sam_logoff(struct cli_state *cli, NET_ID_INFO_CTR *ctr)
+{
+  DOM_CRED new_clnt_cred;
+  DOM_CRED dummy_rtn_creds;
+  prs_struct rbuf;
+  prs_struct buf; 
+  NET_Q_SAM_LOGOFF q_s;
+  BOOL ok = False;
+
+  gen_next_creds( cli, &new_clnt_cred);
+
+  prs_init(&buf , 1024, cli->mem_ctx, MARSHALL);
+  prs_init(&rbuf, 0,    cli->mem_ctx, UNMARSHALL);
+
+  /* create and send a MSRPC command with api NET_SAMLOGOFF */
+
+  DEBUG(4,("cli_net_sam_logoff: srv:%s mc:%s clnt %s %x ll: %d\n",
+            cli->srv_name_slash, global_myname,
+            credstr(new_clnt_cred.challenge.data), new_clnt_cred.timestamp.time,
+            ctr->switch_value));
+
+  memset(&dummy_rtn_creds, '\0', sizeof(dummy_rtn_creds));
+
+  init_sam_info(&q_s.sam_id, cli->srv_name_slash, 
+		global_myname, &new_clnt_cred, &dummy_rtn_creds, 
+		ctr->switch_value, ctr);
+
+  /* turn parameters into data stream */
+  if(!net_io_q_sam_logoff("", &q_s,  &buf, 0)) {
+    DEBUG(0,("cli_net_sam_logoff: Error : failed to marshall NET_Q_SAM_LOGOFF struct.\n"));
+    prs_mem_free(&buf);
+    prs_mem_free(&rbuf);
+    return False;
+  }
+
+  /* send the data on \PIPE\ */
+  if (rpc_api_pipe_req(cli, NET_SAMLOGOFF, &buf, &rbuf))
+  {
+    NET_R_SAM_LOGOFF r_s;
+
+    ok = net_io_r_sam_logoff("", &r_s, &rbuf, 0);
+		
+    if (ok && !NT_STATUS_IS_OK(r_s.status))
+    {
+      /* report error code */
+      DEBUG(0,("cli_net_sam_logoff: %s\n", nt_errstr(r_s.status)));
+      ok = False;
+    }
+
+    /* Update the credentials. */
+    if (ok && !clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), &(r_s.srv_creds)))
+    {
+      /*
+       * Server replied with bad credential. Fail.
+       */
+      DEBUG(0,("cli_net_sam_logoff: server %s replied with bad credential (bad machine \
+password ?).\n", cli->desthost ));
+      ok = False;
+    }
+  }
+
+  prs_mem_free(&buf);
+  prs_mem_free(&rbuf);
+
+  return ok;
+}
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
new file mode 100644
index 0000000000..a7049f78df
--- /dev/null
+++ b/source3/rpc_client/cli_pipe.c
@@ -0,0 +1,1283 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell              1992-1998,
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
+ *  Copyright (C) Paul Ashton                       1998.
+ *  Copyright (C) Jeremy Allison                    1999.
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+extern struct pipe_id_info pipe_names[];
+extern fstring global_myworkgroup;
+extern pstring global_myname;
+
+/********************************************************************
+ Rpc pipe call id.
+ ********************************************************************/
+
+static uint32 get_rpc_call_id(void)
+{
+	static uint32 call_id = 0;
+	return ++call_id;
+}
+
+/*******************************************************************
+ Use SMBreadX to get rest of one fragment's worth of rpc data.
+ ********************************************************************/
+
+static BOOL rpc_read(struct cli_state *cli, prs_struct *rdata, uint32 data_to_read, uint32 *rdata_offset)
+{
+	size_t size = (size_t)cli->max_recv_frag;
+	int stream_offset = 0;
+	int num_read;
+	char *pdata;
+	int extra_data_size = ((int)*rdata_offset) + ((int)data_to_read) - (int)prs_data_size(rdata);
+
+	DEBUG(5,("rpc_read: data_to_read: %u rdata offset: %u extra_data_size: %d\n",
+		(int)data_to_read, (unsigned int)*rdata_offset, extra_data_size));
+
+	/*
+	 * Grow the buffer if needed to accommodate the data to be read.
+	 */
+
+	if (extra_data_size > 0) {
+		if(!prs_force_grow(rdata, (uint32)extra_data_size)) {
+			DEBUG(0,("rpc_read: Failed to grow parse struct by %d bytes.\n", extra_data_size ));
+			return False;
+		}
+		DEBUG(5,("rpc_read: grew buffer by %d bytes to %u\n", extra_data_size, prs_data_size(rdata) ));
+	}
+
+	pdata = prs_data_p(rdata) + *rdata_offset;
+
+	do /* read data using SMBreadX */
+	{
+		uint32 ecode;
+		uint8 eclass;
+
+		if (size > (size_t)data_to_read)
+			size = (size_t)data_to_read;
+
+		num_read = (int)cli_read(cli, cli->nt_pipe_fnum, pdata, (off_t)stream_offset, size);
+
+		DEBUG(5,("rpc_read: num_read = %d, read offset: %d, to read: %d\n",
+		          num_read, stream_offset, data_to_read));
+
+		if (cli_is_dos_error(cli)) {
+                        cli_dos_error(cli, &eclass, &ecode);
+                        if (eclass != ERRDOS && ecode != ERRmoredata) {
+                                DEBUG(0,("rpc_read: Error %d/%u in cli_read\n",
+                                         eclass, (unsigned int)ecode));
+                                return False;
+                        }
+		}
+
+		data_to_read -= num_read;
+		stream_offset += num_read;
+		pdata += num_read;
+
+	} while (num_read > 0 && data_to_read > 0);
+	/* && err == (0x80000000 | STATUS_BUFFER_OVERFLOW)); */
+
+	/*
+	 * Update the current offset into rdata by the amount read.
+	 */
+	*rdata_offset += stream_offset;
+
+	return True;
+}
+
+/****************************************************************************
+ Checks the header. This will set the endian bit in the rdata prs_struct. JRA.
+ ****************************************************************************/
+
+static BOOL rpc_check_hdr(prs_struct *rdata, RPC_HDR *rhdr, 
+                          BOOL *first, BOOL *last, uint32 *len)
+{
+	DEBUG(5,("rpc_check_hdr: rdata->data_size = %u\n", (uint32)prs_data_size(rdata) ));
+
+	/* Next call sets endian bit. */
+
+	if(!smb_io_rpc_hdr("rpc_hdr   ", rhdr, rdata, 0)) {
+		DEBUG(0,("rpc_check_hdr: Failed to unmarshall RPC_HDR.\n"));
+		return False;
+	}
+
+	if (prs_offset(rdata) != RPC_HEADER_LEN) {
+		DEBUG(0,("rpc_check_hdr: offset was %x, should be %x.\n", prs_offset(rdata), RPC_HEADER_LEN));
+		return False;
+	}
+
+	(*first) = ((rhdr->flags & RPC_FLG_FIRST) != 0);
+	(*last) = ((rhdr->flags & RPC_FLG_LAST ) != 0);
+	(*len) = (uint32)rhdr->frag_len - prs_data_size(rdata);
+
+	return (rhdr->pkt_type != RPC_FAULT);
+}
+
+static void NTLMSSPcalc_ap( struct cli_state *cli, unsigned char *data, uint32 len)
+{
+	unsigned char *hash = cli->ntlmssp_hash;
+	unsigned char index_i = hash[256];
+	unsigned char index_j = hash[257];
+	int ind;
+
+	for( ind = 0; ind < len; ind++) {
+		unsigned char tc;
+		unsigned char t;
+
+		index_i++;
+		index_j += hash[index_i];
+
+		tc = hash[index_i];
+		hash[index_i] = hash[index_j];
+		hash[index_j] = tc;
+
+		t = hash[index_i] + hash[index_j];
+		data[ind] = data[ind] ^ hash[t];
+	}
+
+	hash[256] = index_i;
+	hash[257] = index_j;
+}
+
+/****************************************************************************
+ Verify data on an rpc pipe.
+ The VERIFY & SEAL code is only executed on packets that look like this :
+
+ Request/Response PDU's look like the following...
+
+ |<------------------PDU len----------------------------------------------->|
+ |<-HDR_LEN-->|<--REQ LEN------>|.............|<-AUTH_HDRLEN->|<-AUTH_LEN-->|
+
+ +------------+-----------------+-------------+---------------+-------------+
+ | RPC HEADER | REQ/RESP HEADER | DATA ...... | AUTH_HDR      | AUTH DATA   |
+ +------------+-----------------+-------------+---------------+-------------+
+
+ Never on bind requests/responses.
+ ****************************************************************************/
+
+static BOOL rpc_auth_pipe(struct cli_state *cli, prs_struct *rdata, int len, int auth_len)
+{
+	/*
+	 * The following is that length of the data we must sign or seal.
+	 * This doesn't include the RPC headers or the auth_len or the RPC_HDR_AUTH_LEN
+	 * preceeding the auth_data.
+	 */
+
+	int data_len = len - RPC_HEADER_LEN - RPC_HDR_RESP_LEN - RPC_HDR_AUTH_LEN - auth_len;
+
+	/*
+	 * The start of the data to sign/seal is just after the RPC headers.
+	 */
+	char *reply_data = prs_data_p(rdata) + RPC_HEADER_LEN + RPC_HDR_REQ_LEN;
+
+	BOOL auth_verify = ((cli->ntlmssp_srv_flgs & NTLMSSP_NEGOTIATE_SIGN) != 0);
+	BOOL auth_seal = ((cli->ntlmssp_srv_flgs & NTLMSSP_NEGOTIATE_SEAL) != 0);
+
+	DEBUG(5,("rpc_auth_pipe: len: %d auth_len: %d verify %s seal %s\n",
+	          len, auth_len, BOOLSTR(auth_verify), BOOLSTR(auth_seal)));
+
+	/*
+	 * Unseal any sealed data in the PDU, not including the
+	 * 8 byte auth_header or the auth_data.
+	 */
+
+	if (auth_seal) {
+		DEBUG(10,("rpc_auth_pipe: unseal\n"));
+		dump_data(100, reply_data, data_len);
+		NTLMSSPcalc_ap(cli, (uchar*)reply_data, data_len);
+		dump_data(100, reply_data, data_len);
+	}
+
+	if (auth_verify || auth_seal) {
+		RPC_HDR_AUTH rhdr_auth; 
+		prs_struct auth_req;
+		char data[RPC_HDR_AUTH_LEN];
+		/*
+		 * We set dp to be the end of the packet, minus the auth_len
+		 * and the length of the header that preceeds the auth_data.
+		 */
+		char *dp = prs_data_p(rdata) + len - auth_len - RPC_HDR_AUTH_LEN;
+
+		if(dp - prs_data_p(rdata) > prs_data_size(rdata)) {
+			DEBUG(0,("rpc_auth_pipe: auth data > data size !\n"));
+			return False;
+		}
+
+		memcpy(data, dp, sizeof(data));
+		
+		prs_init(&auth_req , 0, cli->mem_ctx, UNMARSHALL);
+
+		/* The endianness must be preserved... JRA. */
+
+		prs_set_endian_data(&auth_req, rdata->bigendian_data);
+
+		prs_give_memory(&auth_req, data, RPC_HDR_AUTH_LEN, False);
+
+		/*
+		 * Unmarshall the 8 byte auth_header that comes before the
+		 * auth data.
+		 */
+
+		if(!smb_io_rpc_hdr_auth("hdr_auth", &rhdr_auth, &auth_req, 0)) {
+			DEBUG(0,("rpc_auth_pipe: unmarshalling RPC_HDR_AUTH failed.\n"));
+			return False;
+		}
+
+		if (!rpc_hdr_auth_chk(&rhdr_auth)) {
+			DEBUG(0,("rpc_auth_pipe: rpc_hdr_auth_chk failed.\n"));
+			return False;
+		}
+	}
+
+	/*
+	 * Now unseal and check the auth verifier in the auth_data at
+	 * then end of the packet. The 4 bytes skipped in the unseal
+	 * seem to be a buffer pointer preceeding the sealed data.
+	 */
+
+	if (auth_verify) {
+		RPC_AUTH_NTLMSSP_CHK chk;
+		uint32 crc32;
+		prs_struct auth_verf;
+		char data[RPC_AUTH_NTLMSSP_CHK_LEN];
+		char *dp = prs_data_p(rdata) + len - auth_len;
+
+		if(dp - prs_data_p(rdata) > prs_data_size(rdata)) {
+			DEBUG(0,("rpc_auth_pipe: auth data > data size !\n"));
+			return False;
+		}
+
+		DEBUG(10,("rpc_auth_pipe: verify\n"));
+		dump_data(100, dp, auth_len);
+		NTLMSSPcalc_ap(cli, (uchar*)(dp+4), auth_len - 4);
+
+		memcpy(data, dp, RPC_AUTH_NTLMSSP_CHK_LEN);
+		dump_data(100, data, auth_len);
+
+		prs_init(&auth_verf, 0, cli->mem_ctx, UNMARSHALL);
+
+		/* The endinness must be preserved. JRA. */
+		prs_set_endian_data( &auth_verf, rdata->bigendian_data);
+
+		prs_give_memory(&auth_verf, data, RPC_AUTH_NTLMSSP_CHK_LEN, False);
+
+		if(!smb_io_rpc_auth_ntlmssp_chk("auth_sign", &chk, &auth_verf, 0)) {
+			DEBUG(0,("rpc_auth_pipe: unmarshalling RPC_AUTH_NTLMSSP_CHK failed.\n"));
+			return False;
+		}
+
+		crc32 = crc32_calc_buffer(reply_data, data_len);
+
+		if (!rpc_auth_ntlmssp_chk(&chk, crc32 , cli->ntlmssp_seq_num)) {
+			DEBUG(0,("rpc_auth_pipe: rpc_auth_ntlmssp_chk failed.\n"));
+			return False;
+		}
+		cli->ntlmssp_seq_num++;
+	}
+	return True;
+}
+
+
+/****************************************************************************
+ Send data on an rpc pipe, which *must* be in one fragment.
+ receive response data from an rpc pipe, which may be large...
+
+ Read the first fragment: unfortunately have to use SMBtrans for the first
+ bit, then SMBreadX for subsequent bits.
+
+ If first fragment received also wasn't the last fragment, continue
+ getting fragments until we _do_ receive the last fragment.
+
+ Request/Response PDU's look like the following...
+
+ |<------------------PDU len----------------------------------------------->|
+ |<-HDR_LEN-->|<--REQ LEN------>|.............|<-AUTH_HDRLEN->|<-AUTH_LEN-->|
+
+ +------------+-----------------+-------------+---------------+-------------+
+ | RPC HEADER | REQ/RESP HEADER | DATA ...... | AUTH_HDR      | AUTH DATA   |
+ +------------+-----------------+-------------+---------------+-------------+
+
+ Where the presence of the AUTH_HDR and AUTH are dependent on the
+ signing & sealing being neogitated.
+
+ ****************************************************************************/
+
+static BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd, prs_struct *data, prs_struct *rdata)
+{
+	uint32 len;
+	char *rparam = NULL;
+	uint32 rparam_len = 0;
+	uint16 setup[2];
+	BOOL first = True;
+	BOOL last  = True;
+	RPC_HDR rhdr;
+	char *pdata = data ? prs_data_p(data) : NULL;
+	uint32 data_len = data ? prs_offset(data) : 0;
+	char *prdata = NULL;
+	uint32 rdata_len = 0;
+	uint32 current_offset = 0;
+
+	/* Create setup parameters - must be in native byte order. */
+
+	setup[0] = cmd; 
+	setup[1] = cli->nt_pipe_fnum; /* Pipe file handle. */
+
+	DEBUG(5,("rpc_api_pipe: cmd:%x fnum:%x\n", (int)cmd, 
+		 (int)cli->nt_pipe_fnum));
+
+	/* Send the RPC request and receive a response.  For short RPC
+	   calls (about 1024 bytes or so) the RPC request and response
+	   appears in a SMBtrans request and response.  Larger RPC
+	   responses are received further on. */
+
+	if (!cli_api_pipe(cli, "\\PIPE\\",
+	          setup, 2, 0,                     /* Setup, length, max */
+	          NULL, 0, 0,                      /* Params, length, max */
+	          pdata, data_len, data_len,       /* data, length, max */                  
+	          &rparam, &rparam_len,            /* return params, len */
+	          &prdata, &rdata_len))            /* return data, len */
+	{
+		DEBUG(0, ("cli_pipe: return critical error. Error was %s\n", cli_errstr(cli)));
+		return False;
+	}
+
+	/* Throw away returned params - we know we won't use them. */
+
+	SAFE_FREE(rparam);
+
+	if (prdata == NULL) {
+		DEBUG(0,("rpc_api_pipe: cmd %x on pipe %x failed to return data.\n",
+			(int)cmd, (int)cli->nt_pipe_fnum));
+		return False;
+	}
+
+	/*
+	 * Give this memory as dynamically allocated to the return parse
+	 * struct.  
+	 */
+
+	prs_give_memory(rdata, prdata, rdata_len, True);
+	current_offset = rdata_len;
+
+	/* This next call sets the endian bit correctly in rdata. */
+
+	if (!rpc_check_hdr(rdata, &rhdr, &first, &last, &len)) {
+		prs_mem_free(rdata);
+		return False;
+	}
+
+	if (rhdr.pkt_type == RPC_BINDACK) {
+		if (!last && !first) {
+			DEBUG(5,("rpc_api_pipe: bug in server (AS/U?), setting fragment first/last ON.\n"));
+			first = True;
+			last = True;
+		}
+	}
+
+	if (rhdr.pkt_type == RPC_RESPONSE) {
+		RPC_HDR_RESP rhdr_resp;
+		if(!smb_io_rpc_hdr_resp("rpc_hdr_resp", &rhdr_resp, rdata, 0)) {
+			DEBUG(5,("rpc_api_pipe: failed to unmarshal RPC_HDR_RESP.\n"));
+			prs_mem_free(rdata);
+			return False;
+		}
+	}
+
+	DEBUG(5,("rpc_api_pipe: len left: %u smbtrans read: %u\n",
+	          (unsigned int)len, (unsigned int)rdata_len ));
+
+	/* check if data to be sent back was too large for one SMBtrans */
+	/* err status is only informational: the _real_ check is on the
+           length */
+
+	if (len > 0) { 
+		/* || err == (0x80000000 | STATUS_BUFFER_OVERFLOW)) */
+
+		/* Read the remaining part of the first response fragment */
+
+		if (!rpc_read(cli, rdata, len, &current_offset)) {
+			prs_mem_free(rdata);
+			return False;
+		}
+	}
+
+	/*
+	 * Now we have a complete PDU, check the auth struct if any was sent.
+	 */
+
+	if (rhdr.auth_len != 0) {
+		if(!rpc_auth_pipe(cli, rdata, rhdr.frag_len, rhdr.auth_len))
+			return False;
+		/*
+		 * Drop the auth footers from the current offset.
+		 * We need this if there are more fragments.
+		 * The auth footers consist of the auth_data and the
+		 * preceeding 8 byte auth_header.
+		 */
+		current_offset -= (rhdr.auth_len + RPC_HDR_AUTH_LEN);
+	}
+	
+	/* 
+	 * Only one rpc fragment, and it has been read.
+	 */
+
+	if (first && last) {
+		DEBUG(6,("rpc_api_pipe: fragment first and last both set\n"));
+		return True;
+	}
+
+	/*
+	 * Read more fragments using SMBreadX until we get one with the
+	 * last bit set.
+	 */
+
+	while (!last) {
+		RPC_HDR_RESP rhdr_resp;
+		int num_read;
+		char hdr_data[RPC_HEADER_LEN+RPC_HDR_RESP_LEN];
+		prs_struct hps;
+		uint8 eclass;
+		uint32 ecode;
+
+		/*
+		 * First read the header of the next PDU.
+		 */
+
+		prs_init(&hps, 0, cli->mem_ctx, UNMARSHALL);
+		prs_give_memory(&hps, hdr_data, sizeof(hdr_data), False);
+
+		num_read = cli_read(cli, cli->nt_pipe_fnum, hdr_data, 0, RPC_HEADER_LEN+RPC_HDR_RESP_LEN);
+		if (cli_is_dos_error(cli)) {
+                        cli_dos_error(cli, &eclass, &ecode);
+                        if (eclass != ERRDOS && ecode != ERRmoredata) {
+                                DEBUG(0,("rpc_api_pipe: cli_read error : %d/%d\n", eclass, ecode));
+                                return False;
+                        }
+		}
+
+		DEBUG(5,("rpc_api_pipe: read header (size:%d)\n", num_read));
+
+		if (num_read != RPC_HEADER_LEN+RPC_HDR_RESP_LEN) {
+			DEBUG(0,("rpc_api_pipe: Error : requested %d bytes, got %d.\n",
+				RPC_HEADER_LEN+RPC_HDR_RESP_LEN, num_read ));
+			return False;
+		}
+
+		/* This call sets the endianness in hps. */
+
+		if (!rpc_check_hdr(&hps, &rhdr, &first, &last, &len))
+			return False;
+
+		/* Ensure the endianness in rdata is set correctly - must be same as hps. */
+
+		if (hps.bigendian_data != rdata->bigendian_data) {
+			DEBUG(0,("rpc_api_pipe: Error : Endianness changed from %s to %s\n",
+				rdata->bigendian_data ? "big" : "little",
+				hps.bigendian_data ? "big" : "little" ));
+			return False;
+		}
+
+		if(!smb_io_rpc_hdr_resp("rpc_hdr_resp", &rhdr_resp, &hps, 0)) {
+			DEBUG(0,("rpc_api_pipe: Error in unmarshalling RPC_HDR_RESP.\n"));
+			return False;
+		}
+
+		if (first) {
+			DEBUG(0,("rpc_api_pipe: secondary PDU rpc header has 'first' set !\n"));
+			return False;
+		}
+
+		/*
+		 * Now read the rest of the PDU.
+		 */
+
+		if (!rpc_read(cli, rdata, len, &current_offset))
+			return False;
+
+		/*
+		 * Verify any authentication footer.
+		 */
+
+		if (rhdr.auth_len != 0 ) {
+			if(!rpc_auth_pipe(cli, rdata, rhdr.frag_len, rhdr.auth_len))
+				return False;
+			/*
+			 * Drop the auth footers from the current offset.
+			 * The auth footers consist of the auth_data and the
+			 * preceeding 8 byte auth_header.
+			 * We need this if there are more fragments.
+			 */
+			current_offset -= (rhdr.auth_len + RPC_HDR_AUTH_LEN);
+		}
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ creates a DCE/RPC bind request
+
+ - initialises the parse structure.
+ - dynamically allocates the header data structure
+ - caller is expected to free the header data structure once used.
+
+ ********************************************************************/
+
+static BOOL create_rpc_bind_req(prs_struct *rpc_out, BOOL do_auth, uint32 rpc_call_id,
+                                RPC_IFACE *abstract, RPC_IFACE *transfer,
+                                char *my_name, char *domain, uint32 neg_flags)
+{
+	RPC_HDR hdr;
+	RPC_HDR_RB hdr_rb;
+	char buffer[4096];
+	prs_struct auth_info;
+	int auth_len = 0;
+
+	prs_init(&auth_info, 0, prs_get_mem_context(rpc_out), MARSHALL);
+
+	if (do_auth) {
+		RPC_HDR_AUTH hdr_auth;
+		RPC_AUTH_VERIFIER auth_verifier;
+		RPC_AUTH_NTLMSSP_NEG ntlmssp_neg;
+
+		/*
+		 * Create the auth structs we will marshall.
+		 */
+
+		init_rpc_hdr_auth(&hdr_auth, NTLMSSP_AUTH_TYPE, NTLMSSP_AUTH_LEVEL, 0x00, 1);
+		init_rpc_auth_verifier(&auth_verifier, "NTLMSSP", NTLMSSP_NEGOTIATE);
+		init_rpc_auth_ntlmssp_neg(&ntlmssp_neg, neg_flags, my_name, domain);
+
+		/*
+		 * Use the 4k buffer to store the auth info.
+		 */
+
+		prs_give_memory( &auth_info, buffer, sizeof(buffer), False);
+
+		/*
+		 * Now marshall the data into the temporary parse_struct.
+		 */
+
+		if(!smb_io_rpc_hdr_auth("hdr_auth", &hdr_auth, &auth_info, 0)) {
+			DEBUG(0,("create_rpc_bind_req: failed to marshall RPC_HDR_AUTH.\n"));
+			return False;
+		}
+
+		if(!smb_io_rpc_auth_verifier("auth_verifier", &auth_verifier, &auth_info, 0)) {
+			DEBUG(0,("create_rpc_bind_req: failed to marshall RPC_AUTH_VERIFIER.\n"));
+			return False;
+		}
+
+		if(!smb_io_rpc_auth_ntlmssp_neg("ntlmssp_neg", &ntlmssp_neg, &auth_info, 0)) {
+			DEBUG(0,("create_rpc_bind_req: failed to marshall RPC_AUTH_NTLMSSP_NEG.\n"));
+			return False;
+		}
+
+		/* Auth len in the rpc header doesn't include auth_header. */
+		auth_len = prs_offset(&auth_info) - RPC_HDR_AUTH_LEN;
+	}
+
+	/* create the request RPC_HDR */
+	init_rpc_hdr(&hdr, RPC_BIND, 0x0, rpc_call_id, 
+		RPC_HEADER_LEN + RPC_HDR_RB_LEN + prs_offset(&auth_info),
+		auth_len);
+
+	if(!smb_io_rpc_hdr("hdr"   , &hdr, rpc_out, 0)) {
+		DEBUG(0,("create_rpc_bind_req: failed to marshall RPC_HDR.\n"));
+		return False;
+	}
+
+	/* create the bind request RPC_HDR_RB */
+	init_rpc_hdr_rb(&hdr_rb, MAX_PDU_FRAG_LEN, MAX_PDU_FRAG_LEN, 0x0,
+			0x1, 0x0, 0x1, abstract, transfer);
+
+	/* Marshall the bind request data */
+	if(!smb_io_rpc_hdr_rb("", &hdr_rb, rpc_out, 0)) {
+		DEBUG(0,("create_rpc_bind_req: failed to marshall RPC_HDR_RB.\n"));
+		return False;
+	}
+
+	/*
+	 * Grow the outgoing buffer to store any auth info.
+	 */
+
+	if(hdr.auth_len != 0) {
+		if(!prs_append_prs_data( rpc_out, &auth_info)) {
+			DEBUG(0,("create_rpc_bind_req: failed to grow parse struct to add auth.\n"));
+			return False;
+		}
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ Creates a DCE/RPC bind authentication response.
+ This is the packet that is sent back to the server once we
+ have received a BIND-ACK, to finish the third leg of
+ the authentication handshake.
+ ********************************************************************/
+
+static BOOL create_rpc_bind_resp(struct pwd_info *pwd,
+				char *domain, char *user_name, char *my_name,
+				uint32 ntlmssp_cli_flgs,
+				uint32 rpc_call_id,
+				prs_struct *rpc_out)
+{
+	unsigned char lm_owf[24];
+	unsigned char nt_owf[24];
+	RPC_HDR hdr;
+	RPC_HDR_AUTHA hdr_autha;
+	RPC_AUTH_VERIFIER auth_verifier;
+	RPC_AUTH_NTLMSSP_RESP ntlmssp_resp;
+	char buffer[4096];
+	prs_struct auth_info;
+
+	/*
+	 * Marshall the variable length data into a temporary parse
+	 * struct, pointing into a 4k local buffer.
+	 */
+	prs_init(&auth_info, 0, prs_get_mem_context(rpc_out), MARSHALL);
+
+	/*
+	 * Use the 4k buffer to store the auth info.
+	 */
+
+	prs_give_memory( &auth_info, buffer, sizeof(buffer), False);
+
+	/*
+	 * Create the variable length auth_data.
+	 */
+
+ 	init_rpc_auth_verifier(&auth_verifier, "NTLMSSP", NTLMSSP_AUTH);
+
+	pwd_get_lm_nt_owf(pwd, lm_owf, nt_owf);
+			
+	init_rpc_auth_ntlmssp_resp(&ntlmssp_resp,
+			         lm_owf, nt_owf,
+			         domain, user_name, my_name,
+			         ntlmssp_cli_flgs);
+
+	/*
+	 * Marshall the variable length auth_data into a temp parse_struct.
+	 */
+
+	if(!smb_io_rpc_auth_verifier("auth_verifier", &auth_verifier, &auth_info, 0)) {
+		DEBUG(0,("create_rpc_bind_resp: failed to marshall RPC_AUTH_VERIFIER.\n"));
+		return False;
+	}
+
+	if(!smb_io_rpc_auth_ntlmssp_resp("ntlmssp_resp", &ntlmssp_resp, &auth_info, 0)) {
+		DEBUG(0,("create_rpc_bind_resp: failed to marshall RPC_AUTH_NTLMSSP_RESP.\n"));
+		return False;
+	}
+
+	/* Create the request RPC_HDR */
+	init_rpc_hdr(&hdr, RPC_BINDRESP, 0x0, rpc_call_id,
+			RPC_HEADER_LEN + RPC_HDR_AUTHA_LEN + prs_offset(&auth_info),
+			prs_offset(&auth_info) );
+
+	/* Marshall it. */
+	if(!smb_io_rpc_hdr("hdr", &hdr, rpc_out, 0)) {
+		DEBUG(0,("create_rpc_bind_resp: failed to marshall RPC_HDR.\n"));
+		return False;
+	}
+
+	/* Create the request RPC_HDR_AUTHA */
+	init_rpc_hdr_autha(&hdr_autha, MAX_PDU_FRAG_LEN, MAX_PDU_FRAG_LEN,
+			NTLMSSP_AUTH_TYPE, NTLMSSP_AUTH_LEVEL, 0x00);
+
+	if(!smb_io_rpc_hdr_autha("hdr_autha", &hdr_autha, rpc_out, 0)) {
+		DEBUG(0,("create_rpc_bind_resp: failed to marshall RPC_HDR_AUTHA.\n"));
+		return False;
+	}
+
+	/*
+	 * Append the auth data to the outgoing buffer.
+	 */
+
+	if(!prs_append_prs_data(rpc_out, &auth_info)) {
+		DEBUG(0,("create_rpc_bind_req: failed to grow parse struct to add auth.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+
+/*******************************************************************
+ Creates a DCE/RPC request.
+ ********************************************************************/
+
+static BOOL create_rpc_request(prs_struct *rpc_out, uint8 op_num, int data_len, int auth_len)
+{
+	uint32 alloc_hint;
+	RPC_HDR     hdr;
+	RPC_HDR_REQ hdr_req;
+
+	DEBUG(5,("create_rpc_request: opnum: 0x%x data_len: 0x%x\n", op_num, data_len));
+
+	/* create the rpc header RPC_HDR */
+	init_rpc_hdr(&hdr, RPC_REQUEST, RPC_FLG_FIRST | RPC_FLG_LAST,
+	             get_rpc_call_id(), data_len, auth_len);
+
+	/*
+	 * The alloc hint should be the amount of data, not including 
+	 * RPC headers & footers.
+	 */
+
+	if (auth_len != 0)
+		alloc_hint = data_len - RPC_HEADER_LEN - RPC_HDR_AUTH_LEN - auth_len;
+	else
+		alloc_hint = data_len - RPC_HEADER_LEN;
+
+	DEBUG(10,("create_rpc_request: data_len: %x auth_len: %x alloc_hint: %x\n",
+	           data_len, auth_len, alloc_hint));
+
+	/* Create the rpc request RPC_HDR_REQ */
+	init_rpc_hdr_req(&hdr_req, alloc_hint, op_num);
+
+	/* stream-time... */
+	if(!smb_io_rpc_hdr("hdr    ", &hdr, rpc_out, 0))
+		return False;
+
+	if(!smb_io_rpc_hdr_req("hdr_req", &hdr_req, rpc_out, 0))
+		return False;
+
+	if (prs_offset(rpc_out) != RPC_HEADER_LEN + RPC_HDR_REQ_LEN)
+		return False;
+
+	return True;
+}
+
+
+/**
+ * Send a request on an RPC pipe and get a response.
+ *
+ * @param data NDR contents of the request to be sent.
+ * @param rdata Unparsed NDR response data.
+**/
+
+BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num,
+                      prs_struct *data, prs_struct *rdata)
+{
+	prs_struct outgoing_packet;
+	uint32 data_len;
+	uint32 auth_len;
+	BOOL ret;
+	BOOL auth_verify;
+	BOOL auth_seal;
+	uint32 crc32 = 0;
+	char *pdata_out = NULL;
+	fstring dump_name;
+
+	auth_verify = ((cli->ntlmssp_srv_flgs & NTLMSSP_NEGOTIATE_SIGN) != 0);
+	auth_seal   = ((cli->ntlmssp_srv_flgs & NTLMSSP_NEGOTIATE_SEAL) != 0);
+
+	/* Optionally capture for use in debugging */
+	slprintf(dump_name, sizeof(dump_name) - 1, "call_%s",
+		 cli_pipe_get_name(cli));
+	prs_dump_before(dump_name, op_num, data);
+
+	/*
+	 * The auth_len doesn't include the RPC_HDR_AUTH_LEN.
+	 */
+
+	auth_len = (auth_verify ? RPC_AUTH_NTLMSSP_CHK_LEN : 0);
+
+	/*
+	 * PDU len is header, plus request header, plus data, plus
+	 * auth_header_len (if present), plus auth_len (if present).
+	 * NB. The auth stuff should be aligned on an 8 byte boundary
+	 * to be totally DCE/RPC spec complient. For now we cheat and
+	 * hope that the data structs defined are a multiple of 8 bytes.
+	 */
+
+	if((prs_offset(data) % 8) != 0) {
+		DEBUG(5,("rpc_api_pipe_req: Outgoing data not a multiple of 8 bytes....\n"));
+	}
+
+	data_len = RPC_HEADER_LEN + RPC_HDR_REQ_LEN + prs_offset(data) +
+			(auth_verify ? RPC_HDR_AUTH_LEN : 0) + auth_len;
+
+	/*
+	 * Malloc a parse struct to hold it (and enough for alignments).
+	 */
+
+	if(!prs_init(&outgoing_packet, data_len + 8, cli->mem_ctx, MARSHALL)) {
+		DEBUG(0,("rpc_api_pipe_req: Failed to malloc %u bytes.\n", (unsigned int)data_len ));
+		return False;
+	}
+
+	pdata_out = prs_data_p(&outgoing_packet);
+	
+	/*
+	 * Write out the RPC header and the request header.
+	 */
+
+	if(!create_rpc_request(&outgoing_packet, op_num, data_len, auth_len)) {
+		DEBUG(0,("rpc_api_pipe_req: Failed to create RPC request.\n"));
+		prs_mem_free(&outgoing_packet);
+		return False;
+	}
+
+	/*
+	 * Seal the outgoing data if requested.
+	 */
+
+	if (auth_seal) {
+		crc32 = crc32_calc_buffer(prs_data_p(data), prs_offset(data));
+		NTLMSSPcalc_ap(cli, (unsigned char*)prs_data_p(data), prs_offset(data));
+	}
+
+	/*
+	 * Now copy the data into the outgoing packet.
+	 */
+
+	if(!prs_append_prs_data( &outgoing_packet, data)) {
+		DEBUG(0,("rpc_api_pipe_req: Failed to append data to outgoing packet.\n"));
+		prs_mem_free(&outgoing_packet);
+		return False;
+	}
+
+	/*
+	 * Add a trailing auth_verifier if needed.
+	 */
+
+	if (auth_seal || auth_verify) {
+		RPC_HDR_AUTH hdr_auth;
+
+		init_rpc_hdr_auth(&hdr_auth, NTLMSSP_AUTH_TYPE,
+			NTLMSSP_AUTH_LEVEL, 0x08, (auth_verify ? 1 : 0));
+		if(!smb_io_rpc_hdr_auth("hdr_auth", &hdr_auth, &outgoing_packet, 0)) {
+			DEBUG(0,("rpc_api_pipe_req: Failed to marshal RPC_HDR_AUTH.\n"));
+			prs_mem_free(&outgoing_packet);
+			return False;
+		}
+	}
+
+	/*
+	 * Finally the auth data itself.
+	 */
+
+	if (auth_verify) {
+		RPC_AUTH_NTLMSSP_CHK chk;
+		uint32 current_offset = prs_offset(&outgoing_packet);
+
+		init_rpc_auth_ntlmssp_chk(&chk, NTLMSSP_SIGN_VERSION, crc32, cli->ntlmssp_seq_num++);
+		if(!smb_io_rpc_auth_ntlmssp_chk("auth_sign", &chk, &outgoing_packet, 0)) {
+			DEBUG(0,("rpc_api_pipe_req: Failed to marshal RPC_AUTH_NTLMSSP_CHK.\n"));
+			prs_mem_free(&outgoing_packet);
+			return False;
+		}
+		NTLMSSPcalc_ap(cli, (unsigned char*)&pdata_out[current_offset+4], RPC_AUTH_NTLMSSP_CHK_LEN - 4);
+	}
+
+	DEBUG(100,("data_len: %x data_calc_len: %x\n", data_len, prs_offset(&outgoing_packet)));
+
+	ret = rpc_api_pipe(cli, 0x0026, &outgoing_packet, rdata);
+
+	/* Also capture received data */
+	slprintf(dump_name, sizeof(dump_name) - 1, "reply_%s",
+		 cli_pipe_get_name(cli));
+	prs_dump(dump_name, op_num, rdata);
+
+	prs_mem_free(&outgoing_packet);
+
+	return ret;
+}
+
+/****************************************************************************
+ Set the handle state.
+****************************************************************************/
+
+static BOOL rpc_pipe_set_hnd_state(struct cli_state *cli, const char *pipe_name, uint16 device_state)
+{
+	BOOL state_set = False;
+	char param[2];
+	uint16 setup[2]; /* only need 2 uint16 setup parameters */
+	char *rparam = NULL;
+	char *rdata = NULL;
+	uint32 rparam_len, rdata_len;
+
+	if (pipe_name == NULL)
+		return False;
+
+	DEBUG(5,("Set Handle state Pipe[%x]: %s - device state:%x\n",
+	cli->nt_pipe_fnum, pipe_name, device_state));
+
+	/* create parameters: device state */
+	SSVAL(param, 0, device_state);
+
+	/* create setup parameters. */
+	setup[0] = 0x0001; 
+	setup[1] = cli->nt_pipe_fnum; /* pipe file handle.  got this from an SMBOpenX. */
+
+	/* send the data on \PIPE\ */
+	if (cli_api_pipe(cli, "\\PIPE\\",
+	            setup, 2, 0,                /* setup, length, max */
+	            param, 2, 0,                /* param, length, max */
+	            NULL, 0, 1024,              /* data, length, max */
+	            &rparam, &rparam_len,        /* return param, length */
+	            &rdata, &rdata_len))         /* return data, length */
+	{
+		DEBUG(5, ("Set Handle state: return OK\n"));
+		state_set = True;
+	}
+
+	SAFE_FREE(rparam);
+	SAFE_FREE(rdata);
+
+	return state_set;
+}
+
+/****************************************************************************
+ check the rpc bind acknowledge response
+****************************************************************************/
+
+static BOOL valid_pipe_name(const char *pipe_name, RPC_IFACE *abstract, RPC_IFACE *transfer)
+{
+	int pipe_idx = 0;
+
+	while (pipe_names[pipe_idx].client_pipe != NULL) {
+		if (strequal(pipe_name, pipe_names[pipe_idx].client_pipe )) {
+			DEBUG(5,("Bind Abstract Syntax: "));	
+			dump_data(5, (char*)&(pipe_names[pipe_idx].abstr_syntax), 
+			          sizeof(pipe_names[pipe_idx].abstr_syntax));
+			DEBUG(5,("Bind Transfer Syntax: "));
+			dump_data(5, (char*)&(pipe_names[pipe_idx].trans_syntax),
+			          sizeof(pipe_names[pipe_idx].trans_syntax));
+
+			/* copy the required syntaxes out so we can do the right bind */
+			*transfer = pipe_names[pipe_idx].trans_syntax;
+			*abstract = pipe_names[pipe_idx].abstr_syntax;
+
+			return True;
+		}
+		pipe_idx++;
+	};
+
+	DEBUG(5,("Bind RPC Pipe[%s] unsupported\n", pipe_name));
+	return False;
+}
+
+/****************************************************************************
+ check the rpc bind acknowledge response
+****************************************************************************/
+
+static BOOL check_bind_response(RPC_HDR_BA *hdr_ba, const char *pipe_name, RPC_IFACE *transfer)
+{
+	int i = 0;
+
+	while ((pipe_names[i].client_pipe != NULL) && hdr_ba->addr.len > 0) {
+		if ((strequal(pipe_name, pipe_names[i].client_pipe ))) {
+			if (strequal(hdr_ba->addr.str, pipe_names[i].server_pipe )) {
+				DEBUG(5,("bind_rpc_pipe: server pipe_name found: %s\n",
+				         pipe_names[i].server_pipe ));
+				break;
+			} else {
+				DEBUG(4,("bind_rpc_pipe: pipe_name %s != expected pipe %s.  oh well!\n",
+				         pipe_names[i].server_pipe ,
+				         hdr_ba->addr.str));
+				break;
+			}
+		} else {
+			i++;
+		}
+	}
+
+	if (pipe_names[i].server_pipe == NULL) {
+		DEBUG(2,("bind_rpc_pipe: pipe name %s unsupported\n", hdr_ba->addr.str));
+		return False;
+	}
+
+	/* check the transfer syntax */
+	if ((hdr_ba->transfer.version != transfer->version) ||
+	     (memcmp(&hdr_ba->transfer.uuid, &transfer->uuid, sizeof(transfer->uuid)) !=0)) {
+		DEBUG(0,("bind_rpc_pipe: transfer syntax differs\n"));
+		return False;
+	}
+
+	/* lkclXXXX only accept one result: check the result(s) */
+	if (hdr_ba->res.num_results != 0x1 || hdr_ba->res.result != 0) {
+		DEBUG(2,("bind_rpc_pipe: bind denied results: %d reason: %x\n",
+		          hdr_ba->res.num_results, hdr_ba->res.reason));
+	}
+
+	DEBUG(5,("bind_rpc_pipe: accepted!\n"));
+	return True;
+}
+
+/****************************************************************************
+ Create and send the third packet in an RPC auth.
+****************************************************************************/
+
+static BOOL rpc_send_auth_reply(struct cli_state *cli, prs_struct *rdata, uint32 rpc_call_id)
+{
+	RPC_HDR_AUTH rhdr_auth;
+	RPC_AUTH_VERIFIER rhdr_verf;
+	RPC_AUTH_NTLMSSP_CHAL rhdr_chal;
+	char buffer[MAX_PDU_FRAG_LEN];
+	prs_struct rpc_out;
+	ssize_t ret;
+
+	unsigned char p24[24];
+	unsigned char lm_owf[24];
+	unsigned char lm_hash[16];
+
+	if(!smb_io_rpc_hdr_auth("", &rhdr_auth, rdata, 0)) {
+		DEBUG(0,("rpc_send_auth_reply: Failed to unmarshall RPC_HDR_AUTH.\n"));
+		return False;
+	}
+	if(!smb_io_rpc_auth_verifier("", &rhdr_verf, rdata, 0)) {
+		DEBUG(0,("rpc_send_auth_reply: Failed to unmarshall RPC_AUTH_VERIFIER.\n"));
+		return False;
+	}
+	if(!smb_io_rpc_auth_ntlmssp_chal("", &rhdr_chal, rdata, 0)) {
+		DEBUG(0,("rpc_send_auth_reply: Failed to unmarshall RPC_AUTH_NTLMSSP_CHAL.\n"));
+		return False;
+	}
+
+	cli->ntlmssp_cli_flgs = rhdr_chal.neg_flags;
+
+	pwd_make_lm_nt_owf(&cli->pwd, rhdr_chal.challenge);
+
+	prs_init(&rpc_out, 0, cli->mem_ctx, MARSHALL);
+
+	prs_give_memory( &rpc_out, buffer, sizeof(buffer), False);
+
+	create_rpc_bind_resp(&cli->pwd, cli->domain,
+	                     cli->user_name, global_myname, 
+	                     cli->ntlmssp_cli_flgs, rpc_call_id,
+	                     &rpc_out);
+			                    
+	pwd_get_lm_nt_owf(&cli->pwd, lm_owf, NULL);
+	pwd_get_lm_nt_16(&cli->pwd, lm_hash, NULL);
+
+	NTLMSSPOWFencrypt(lm_hash, lm_owf, p24);
+
+	{
+		unsigned char j = 0;
+		int ind;
+		unsigned char k2[8];
+
+		memcpy(k2, p24, 5);
+		k2[5] = 0xe5;
+		k2[6] = 0x38;
+		k2[7] = 0xb0;
+
+		for (ind = 0; ind < 256; ind++)
+			cli->ntlmssp_hash[ind] = (unsigned char)ind;
+
+		for( ind = 0; ind < 256; ind++) {
+			unsigned char tc;
+
+			j += (cli->ntlmssp_hash[ind] + k2[ind%8]);
+
+			tc = cli->ntlmssp_hash[ind];
+			cli->ntlmssp_hash[ind] = cli->ntlmssp_hash[j];
+			cli->ntlmssp_hash[j] = tc;
+		}
+
+		cli->ntlmssp_hash[256] = 0;
+		cli->ntlmssp_hash[257] = 0;
+	}
+
+	memset((char *)lm_hash, '\0', sizeof(lm_hash));
+
+	if ((ret = cli_write(cli, cli->nt_pipe_fnum, 0x8, prs_data_p(&rpc_out), 
+			0, (size_t)prs_offset(&rpc_out))) != (ssize_t)prs_offset(&rpc_out)) {
+		DEBUG(0,("rpc_send_auth_reply: cli_write failed. Return was %d\n", (int)ret));
+		return False;
+	}
+
+	cli->ntlmssp_srv_flgs = rhdr_chal.neg_flags;
+	return True;
+}
+
+/****************************************************************************
+ Do an rpc bind.
+****************************************************************************/
+
+BOOL rpc_pipe_bind(struct cli_state *cli, const char *pipe_name, char *my_name)
+{
+	RPC_IFACE abstract;
+	RPC_IFACE transfer;
+	prs_struct rpc_out;
+	prs_struct rdata;
+	BOOL do_auth = (cli->ntlmssp_cli_flgs != 0);
+	uint32 rpc_call_id;
+	char buffer[MAX_PDU_FRAG_LEN];
+
+	DEBUG(5,("Bind RPC Pipe[%x]: %s\n", cli->nt_pipe_fnum, pipe_name));
+
+	if (!valid_pipe_name(pipe_name, &abstract, &transfer))
+		return False;
+
+	prs_init(&rpc_out, 0, cli->mem_ctx, MARSHALL);
+
+	/*
+	 * Use the MAX_PDU_FRAG_LEN buffer to store the bind request.
+	 */
+
+	prs_give_memory( &rpc_out, buffer, sizeof(buffer), False);
+
+	rpc_call_id = get_rpc_call_id();
+
+	/* Marshall the outgoing data. */
+	create_rpc_bind_req(&rpc_out, do_auth, rpc_call_id,
+	                    &abstract, &transfer,
+	                    global_myname, cli->domain, cli->ntlmssp_cli_flgs);
+
+	/* Initialize the incoming data struct. */
+	prs_init(&rdata, 0, cli->mem_ctx, UNMARSHALL);
+
+	/* send data on \PIPE\.  receive a response */
+	if (rpc_api_pipe(cli, 0x0026, &rpc_out, &rdata)) {
+		RPC_HDR_BA   hdr_ba;
+
+		DEBUG(5, ("rpc_pipe_bind: rpc_api_pipe returned OK.\n"));
+
+		if(!smb_io_rpc_hdr_ba("", &hdr_ba, &rdata, 0)) {
+			DEBUG(0,("rpc_pipe_bind: Failed to unmarshall RPC_HDR_BA.\n"));
+			prs_mem_free(&rdata);
+			return False;
+		}
+
+		if(!check_bind_response(&hdr_ba, pipe_name, &transfer)) {
+			DEBUG(0,("rpc_pipe_bind: check_bind_response failed.\n"));
+			prs_mem_free(&rdata);
+			return False;
+		}
+
+		cli->max_xmit_frag = hdr_ba.bba.max_tsize;
+		cli->max_recv_frag = hdr_ba.bba.max_rsize;
+
+		/*
+		 * If we're doing NTLMSSP auth we need to send a reply to
+		 * the bind-ack to complete the 3-way challenge response
+		 * handshake.
+		 */
+
+		if (do_auth && !rpc_send_auth_reply(cli, &rdata, rpc_call_id)) {
+			DEBUG(0,("rpc_pipe_bind: rpc_send_auth_reply failed.\n"));
+			prs_mem_free(&rdata);
+			return False;
+		}
+	}
+
+	prs_mem_free(&rdata);
+	return True;
+}
+
+/****************************************************************************
+ Set ntlmssp negotiation flags.
+ ****************************************************************************/
+
+void cli_nt_set_ntlmssp_flgs(struct cli_state *cli, uint32 ntlmssp_flgs)
+{
+	cli->ntlmssp_cli_flgs = ntlmssp_flgs;
+}
+
+
+/****************************************************************************
+ Open a session.
+ ****************************************************************************/
+
+BOOL cli_nt_session_open(struct cli_state *cli, const char *pipe_name)
+{
+	int fnum;
+
+	SMB_ASSERT(cli->nt_pipe_fnum == 0);
+
+	if (cli->capabilities & CAP_NT_SMBS) {
+		if ((fnum = cli_nt_create(cli, &pipe_name[5], DESIRED_ACCESS_PIPE)) == -1) {
+			DEBUG(0,("cli_nt_session_open: cli_nt_create failed on pipe %s to machine %s.  Error was %s\n",
+				 &pipe_name[5], cli->desthost, cli_errstr(cli)));
+			return False;
+		}
+
+		cli->nt_pipe_fnum = (uint16)fnum;
+	} else {
+		if ((fnum = cli_open(cli, pipe_name, O_CREAT|O_RDWR, DENY_NONE)) == -1) {
+			DEBUG(0,("cli_nt_session_open: cli_open failed on pipe %s to machine %s.  Error was %s\n",
+				 pipe_name, cli->desthost, cli_errstr(cli)));
+			return False;
+		}
+
+		cli->nt_pipe_fnum = (uint16)fnum;
+
+		/**************** Set Named Pipe State ***************/
+		if (!rpc_pipe_set_hnd_state(cli, pipe_name, 0x4300)) {
+			DEBUG(0,("cli_nt_session_open: pipe hnd state failed.  Error was %s\n",
+				  cli_errstr(cli)));
+			cli_close(cli, cli->nt_pipe_fnum);
+			return False;
+		}
+	}
+
+	/******************* bind request on pipe *****************/
+
+	if (!rpc_pipe_bind(cli, pipe_name, global_myname)) {
+		DEBUG(0,("cli_nt_session_open: rpc bind failed. Error was %s\n",
+		          cli_errstr(cli)));
+		cli_close(cli, cli->nt_pipe_fnum);
+		return False;
+	}
+
+	/* 
+	 * Setup the remote server name prefixed by \ and the machine account name.
+	 */
+
+	fstrcpy(cli->srv_name_slash, "\\\\");
+	fstrcat(cli->srv_name_slash, cli->desthost);
+	strupper(cli->srv_name_slash);
+
+	fstrcpy(cli->clnt_name_slash, "\\\\");
+	fstrcat(cli->clnt_name_slash, global_myname);
+	strupper(cli->clnt_name_slash);
+
+	fstrcpy(cli->mach_acct, global_myname);
+	fstrcat(cli->mach_acct, "$");
+	strupper(cli->mach_acct);
+
+	/* Remember which pipe we're talking to */
+	fstrcpy(cli->pipe_name, pipe_name);
+
+	return True;
+}
+
+
+const char *cli_pipe_get_name(struct cli_state *cli)
+{
+	return cli->pipe_name;
+}
+
+
+/****************************************************************************
+close the session
+****************************************************************************/
+
+void cli_nt_session_close(struct cli_state *cli)
+{
+	cli_close(cli, cli->nt_pipe_fnum);
+	cli->nt_pipe_fnum = 0;
+}
diff --git a/source3/rpc_client/cli_reg.c b/source3/rpc_client/cli_reg.c
new file mode 100644
index 0000000000..628cd576a8
--- /dev/null
+++ b/source3/rpc_client/cli_reg.c
@@ -0,0 +1,1071 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell              1992-1998,
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
+ *  Copyright (C) Paul Ashton                  1997-1998.
+ *  Copyright (C) Jeremy Allison                    1999.
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+
+#include "includes.h"
+
+/****************************************************************************
+do a REG Open Policy
+****************************************************************************/
+BOOL do_reg_connect(struct cli_state *cli, char *full_keyname, char *key_name,
+				POLICY_HND *reg_hnd)
+{
+	BOOL res = True;
+	uint32 reg_type = 0;
+
+	if (full_keyname == NULL)
+		return False;
+
+	ZERO_STRUCTP(reg_hnd);
+
+	/*
+	 * open registry receive a policy handle
+	 */
+
+	if (!reg_split_key(full_keyname, &reg_type, key_name)) {
+		DEBUG(0,("do_reg_connect: unrecognised key name %s\n", full_keyname));	
+		return False;
+	}
+
+	switch (reg_type) {
+	case HKEY_LOCAL_MACHINE:
+		res = res ? do_reg_open_hklm(cli, 0x84E0, 0x02000000, reg_hnd) : False;
+		break;
+	
+	case HKEY_USERS:
+		res = res ? do_reg_open_hku(cli, 0x84E0, 0x02000000, reg_hnd) : False;
+		break;
+
+	default:
+		DEBUG(0,("do_reg_connect: unrecognised hive key\n"));	
+		return False;
+	}
+
+	return res;
+}
+
+/****************************************************************************
+do a REG Open Policy
+****************************************************************************/
+BOOL do_reg_open_hklm(struct cli_state *cli, uint16 unknown_0, uint32 level,
+				POLICY_HND *hnd)
+{
+	prs_struct rbuf;
+	prs_struct buf; 
+	REG_Q_OPEN_HKLM q_o;
+	REG_R_OPEN_HKLM r_o;
+
+	if (hnd == NULL)
+		return False;
+
+	prs_init(&buf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+
+	/* create and send a MSRPC command with api REG_OPEN_HKLM */
+
+	DEBUG(4,("REG Open HKLM\n"));
+
+	init_reg_q_open_hklm(&q_o, unknown_0, level);
+
+	/* turn parameters into data stream */
+	if(!reg_io_q_open_hklm("", &q_o, &buf, 0)) {
+		prs_mem_free(&buf);
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	/* send the data on \PIPE\ */
+	if (!rpc_api_pipe_req(cli, REG_OPEN_HKLM, &buf, &rbuf)) {
+		prs_mem_free(&buf);
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	prs_mem_free(&buf);
+
+	ZERO_STRUCT(r_o);
+
+	if(!reg_io_r_open_hklm("", &r_o, &rbuf, 0)) {
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	if (r_o.status != 0) {
+		/* report error code */
+		DEBUG(0,("REG_OPEN_HKLM: %s\n", nt_errstr(r_o.status)));
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	/* ok, at last: we're happy. return the policy handle */
+	*hnd = r_o.pol;
+
+	prs_mem_free(&rbuf);
+
+	return True;
+}
+
+/****************************************************************************
+do a REG Open HKU
+****************************************************************************/
+BOOL do_reg_open_hku(struct cli_state *cli, uint16 unknown_0, uint32 level,
+				POLICY_HND *hnd)
+{
+	prs_struct rbuf;
+	prs_struct buf; 
+	REG_Q_OPEN_HKU q_o;
+	REG_R_OPEN_HKU r_o;
+
+	if (hnd == NULL)
+		return False;
+
+	prs_init(&buf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+
+	/* create and send a MSRPC command with api REG_OPEN_HKU */
+
+	DEBUG(4,("REG Open HKU\n"));
+
+	init_reg_q_open_hku(&q_o, unknown_0, level);
+
+	/* turn parameters into data stream */
+	if(!reg_io_q_open_hku("", &q_o, &buf, 0)) {
+		prs_mem_free(&buf);
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	/* send the data on \PIPE\ */
+	if (rpc_api_pipe_req(cli, REG_OPEN_HKU, &buf, &rbuf)) {
+		prs_mem_free(&buf);
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	prs_mem_free(&buf);
+
+	ZERO_STRUCT(r_o);
+
+	if(!reg_io_r_open_hku("", &r_o, &rbuf, 0)) {
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	if (r_o.status != 0) {
+		/* report error code */
+		DEBUG(0,("REG_OPEN_HKU: %s\n", nt_errstr(r_o.status)));
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	/* ok, at last: we're happy. return the policy handle */
+	*hnd = r_o.pol;
+
+	prs_mem_free(&rbuf);
+
+	return True;
+}
+
+/****************************************************************************
+do a REG Unknown 0xB command.  sent after a create key or create value.
+this might be some sort of "sync" or "refresh" command, sent after
+modification of the registry...
+****************************************************************************/
+BOOL do_reg_flush_key(struct cli_state *cli, POLICY_HND *hnd)
+{
+	prs_struct rbuf;
+	prs_struct buf; 
+	REG_Q_FLUSH_KEY q_o;
+	REG_R_FLUSH_KEY r_o;
+
+	if (hnd == NULL)
+		return False;
+
+	prs_init(&buf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+
+	/* create and send a MSRPC command with api REG_FLUSH_KEY */
+
+	DEBUG(4,("REG Unknown 0xB\n"));
+
+	init_reg_q_flush_key(&q_o, hnd);
+
+	/* turn parameters into data stream */
+	if(!reg_io_q_flush_key("", &q_o, &buf, 0)) {
+		prs_mem_free(&buf);
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	/* send the data on \PIPE\ */
+	if (!rpc_api_pipe_req(cli, REG_FLUSH_KEY, &buf, &rbuf)) {
+		prs_mem_free(&buf);
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	prs_mem_free(&buf);
+
+	ZERO_STRUCT(r_o);
+
+	if(!reg_io_r_flush_key("", &r_o, &rbuf, 0)) {
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	if (r_o.status != 0) {
+		/* report error code */
+		DEBUG(0,("REG_FLUSH_KEY: %s\n", nt_errstr(r_o.status)));
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	prs_mem_free(&rbuf);
+
+	return True;
+}
+
+/****************************************************************************
+do a REG Query Key
+****************************************************************************/
+BOOL do_reg_query_key(struct cli_state *cli, POLICY_HND *hnd,
+				char *class, uint32 *class_len,
+				uint32 *num_subkeys, uint32 *max_subkeylen,
+				uint32 *max_subkeysize, uint32 *num_values,
+				uint32 *max_valnamelen, uint32 *max_valbufsize,
+				uint32 *sec_desc, NTTIME *mod_time)
+{
+	prs_struct rbuf;
+	prs_struct buf; 
+	REG_Q_QUERY_KEY q_o;
+	REG_R_QUERY_KEY r_o;
+
+	if (hnd == NULL)
+		return False;
+
+	prs_init(&buf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+
+	/* create and send a MSRPC command with api REG_QUERY_KEY */
+
+	DEBUG(4,("REG Query Key\n"));
+
+	init_reg_q_query_key(&q_o, hnd, *class_len);
+
+	/* turn parameters into data stream */
+	if(!reg_io_q_query_key("", &q_o, &buf, 0)) {
+		prs_mem_free(&buf);
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	/* send the data on \PIPE\ */
+	if (!rpc_api_pipe_req(cli, REG_QUERY_KEY, &buf, &rbuf)) {
+		prs_mem_free(&buf);
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	prs_mem_free(&buf);
+
+	ZERO_STRUCT(r_o);
+
+	if(!reg_io_r_query_key("", &r_o, &rbuf, 0)) {
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	if (r_o.status != 0) {
+		/* report error code */
+		DEBUG(0,("REG_QUERY_KEY: %s\n", nt_errstr(r_o.status)));
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	*class_len      = r_o.hdr_class.uni_max_len;
+	rpcstr_pull(class, &r_o.uni_class, -1, -1, 0);
+	*num_subkeys    = r_o.num_subkeys   ;
+	*max_subkeylen  = r_o.max_subkeylen ;
+	*max_subkeysize = r_o.max_subkeysize;
+	*num_values     = r_o.num_values    ;
+	*max_valnamelen = r_o.max_valnamelen;
+	*max_valbufsize = r_o.max_valbufsize;
+	*sec_desc       = r_o.sec_desc      ;
+	*mod_time       = r_o.mod_time      ;
+
+	prs_mem_free(&rbuf);
+
+	return True;
+}
+
+/****************************************************************************
+do a REG Unknown 1A
+****************************************************************************/
+BOOL do_reg_unknown_1a(struct cli_state *cli, POLICY_HND *hnd, uint32 *unk)
+{
+	prs_struct rbuf;
+	prs_struct buf; 
+	REG_Q_UNK_1A q_o;
+	REG_R_UNK_1A r_o;
+
+	if (hnd == NULL)
+		return False;
+
+	prs_init(&buf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+
+	/* create and send a MSRPC command with api REG_UNKNOWN_1A */
+
+	DEBUG(4,("REG Unknown 1a\n"));
+
+	init_reg_q_unk_1a(&q_o, hnd);
+
+	/* turn parameters into data stream */
+	if(!reg_io_q_unk_1a("", &q_o, &buf, 0)) {
+		prs_mem_free(&buf);
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	/* send the data on \PIPE\ */
+	if (rpc_api_pipe_req(cli, REG_UNK_1A, &buf, &rbuf)) {
+		prs_mem_free(&buf);
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	prs_mem_free(&buf);
+
+	ZERO_STRUCT(r_o);
+
+	if(!reg_io_r_unk_1a("", &r_o, &rbuf, 0)) {
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	if (r_o.status != 0) {
+		/* report error code */
+		DEBUG(0,("REG_UNK_1A: %s\n", nt_errstr(r_o.status)));
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	(*unk) = r_o.unknown;
+
+	prs_mem_free(&rbuf);
+
+	return True;
+}
+
+/****************************************************************************
+do a REG Query Info
+****************************************************************************/
+BOOL do_reg_query_info(struct cli_state *cli, POLICY_HND *hnd,
+				char *key_value, uint32* key_type)
+{
+	prs_struct rbuf;
+	prs_struct buf; 
+	REG_Q_INFO q_o;
+	REG_R_INFO r_o;
+
+	if (hnd == NULL)
+		return False;
+
+	prs_init(&buf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+
+	/* create and send a MSRPC command with api REG_INFO */
+
+	DEBUG(4,("REG Query Info\n"));
+
+	init_reg_q_info(&q_o, hnd, "ProductType");
+
+	/* turn parameters into data stream */
+	if(!reg_io_q_info("", &q_o, &buf, 0)) {
+		prs_mem_free(&buf);
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	/* send the data on \PIPE\ */
+	if (!rpc_api_pipe_req(cli, REG_INFO, &buf, &rbuf)) {
+		prs_mem_free(&buf);
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	prs_mem_free(&buf);
+
+	ZERO_STRUCT(r_o);
+
+	if(!reg_io_r_info("", &r_o, &rbuf, 0)) {
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	if ( r_o.status != 0) {
+		/* report error code */
+		DEBUG(0,("REG_INFO: %s\n", nt_errstr(r_o.status)));
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	/*fstrcpy(key_value, dos_buffer2_to_str(r_o.uni_val));*/
+	rpcstr_pull(key_value, r_o.uni_val->buffer, sizeof(fstring), r_o.uni_val->buf_len, 0);
+	*key_type = r_o.type;
+
+	prs_mem_free(&rbuf);
+
+	return True;
+}
+
+/****************************************************************************
+do a REG Set Key Security 
+****************************************************************************/
+BOOL do_reg_set_key_sec(struct cli_state *cli, POLICY_HND *hnd, SEC_DESC_BUF *sec_desc_buf)
+{
+	prs_struct rbuf;
+	prs_struct buf; 
+	REG_Q_SET_KEY_SEC q_o;
+	REG_R_SET_KEY_SEC r_o;
+
+	if (hnd == NULL)
+		return False;
+
+	prs_init(&buf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+
+	/* create and send a MSRPC command with api REG_SET_KEY_SEC */
+
+	DEBUG(4,("REG Set Key security.\n"));
+
+	init_reg_q_set_key_sec(&q_o, hnd, sec_desc_buf);
+
+	/* turn parameters into data stream */
+	if(!reg_io_q_set_key_sec("", &q_o, &buf, 0)) {
+		prs_mem_free(&buf);
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	/* send the data on \PIPE\ */
+	if (!rpc_api_pipe_req(cli, REG_SET_KEY_SEC, &buf, &rbuf)) {
+		prs_mem_free(&buf);
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	prs_mem_free(&buf);
+
+	ZERO_STRUCT(r_o);
+
+	if(!reg_io_r_set_key_sec("", &r_o, &rbuf, 0)) {
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	if (r_o.status != 0) {
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	prs_mem_free(&rbuf);
+
+	return True;
+}
+
+/****************************************************************************
+do a REG Query Key Security 
+****************************************************************************/
+
+BOOL do_reg_get_key_sec(struct cli_state *cli, POLICY_HND *hnd, uint32 *sec_buf_size, SEC_DESC_BUF **ppsec_desc_buf)
+{
+	prs_struct rbuf;
+	prs_struct buf; 
+	REG_Q_GET_KEY_SEC q_o;
+	REG_R_GET_KEY_SEC r_o;
+
+	if (hnd == NULL)
+		return False;
+
+	prs_init(&buf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+
+	/* create and send a MSRPC command with api REG_GET_KEY_SEC */
+
+	DEBUG(4,("REG query key security.  buf_size: %d\n", *sec_buf_size));
+
+	init_reg_q_get_key_sec(&q_o, hnd, *sec_buf_size, NULL);
+
+	/* turn parameters into data stream */
+	if(!reg_io_q_get_key_sec("", &q_o, &buf, 0)) {
+		prs_mem_free(&buf);
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	/* send the data on \PIPE\ */
+	if (!rpc_api_pipe_req(cli, REG_GET_KEY_SEC, &buf, &rbuf)) {
+		prs_mem_free(&buf);
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	prs_mem_free(&buf);
+
+	ZERO_STRUCT(r_o);
+
+	if(!reg_io_r_get_key_sec("", &r_o, &rbuf, 0)) {
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	if (r_o.status == 0x0000007a) {
+		/*
+		 * get the maximum buffer size: it was too small
+		 */
+		(*sec_buf_size) = r_o.hdr_sec.buf_max_len;
+		DEBUG(5,("sec_buf_size too small.  use %d\n", *sec_buf_size));
+	} else if (r_o.status != 0) {
+		/* report error code */
+		DEBUG(0,("REG_GET_KEY_SEC: %s\n", nt_errstr(r_o.status)));
+		prs_mem_free(&rbuf);
+		return False;
+	} else {
+		(*sec_buf_size) = r_o.data->len;
+		*ppsec_desc_buf = r_o.data;
+	}
+
+	prs_mem_free(&rbuf);
+
+	return True;
+}
+
+/****************************************************************************
+do a REG Delete Value
+****************************************************************************/
+BOOL do_reg_delete_val(struct cli_state *cli, POLICY_HND *hnd, char *val_name)
+{
+	prs_struct rbuf;
+	prs_struct buf; 
+	REG_Q_DELETE_VALUE q_o;
+	REG_R_DELETE_VALUE r_o;
+
+	if (hnd == NULL)
+		return False;
+
+	prs_init(&buf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+
+	/* create and send a MSRPC command with api REG_DELETE_VALUE */
+
+	DEBUG(4,("REG Delete Value: %s\n", val_name));
+
+	init_reg_q_delete_val(&q_o, hnd, val_name);
+
+	/* turn parameters into data stream */
+	if(!reg_io_q_delete_val("", &q_o, &buf, 0)) {
+		prs_mem_free(&buf);
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	/* send the data on \PIPE\ */
+	if (rpc_api_pipe_req(cli, REG_DELETE_VALUE, &buf, &rbuf)) {
+		prs_mem_free(&buf);
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	prs_mem_free(&buf);
+
+	ZERO_STRUCT(r_o);
+
+	if(!reg_io_r_delete_val("", &r_o, &rbuf, 0)) {
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	if (r_o.status != 0) {
+		/* report error code */
+		DEBUG(0,("REG_DELETE_VALUE: %s\n", nt_errstr(r_o.status)));
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	prs_mem_free(&rbuf);
+
+	return True;
+}
+
+/****************************************************************************
+do a REG Delete Key
+****************************************************************************/
+BOOL do_reg_delete_key(struct cli_state *cli, POLICY_HND *hnd, char *key_name)
+{
+	prs_struct rbuf;
+	prs_struct buf; 
+	REG_Q_DELETE_KEY q_o;
+	REG_R_DELETE_KEY r_o;
+
+	if (hnd == NULL)
+		return False;
+
+	prs_init(&buf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+
+	/* create and send a MSRPC command with api REG_DELETE_KEY */
+
+	DEBUG(4,("REG Delete Key: %s\n", key_name));
+
+	init_reg_q_delete_key(&q_o, hnd, key_name);
+
+	/* turn parameters into data stream */
+	if(!reg_io_q_delete_key("", &q_o, &buf, 0)) {
+		prs_mem_free(&buf);
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	/* send the data on \PIPE\ */
+	if (!rpc_api_pipe_req(cli, REG_DELETE_KEY, &buf, &rbuf)) {
+		prs_mem_free(&buf);
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	prs_mem_free(&buf);
+
+	ZERO_STRUCT(r_o);
+
+	if(!reg_io_r_delete_key("", &r_o, &rbuf, 0)) {
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	if (r_o.status != 0) {
+		/* report error code */
+		DEBUG(0,("REG_DELETE_KEY: %s\n", nt_errstr(r_o.status)));
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	prs_mem_free(&rbuf);
+
+	return True;
+}
+
+/****************************************************************************
+do a REG Create Key
+****************************************************************************/
+BOOL do_reg_create_key(struct cli_state *cli, POLICY_HND *hnd,
+				char *key_name, char *key_class,
+				SEC_ACCESS *sam_access,
+				POLICY_HND *key)
+{
+	prs_struct rbuf;
+	prs_struct buf; 
+	REG_Q_CREATE_KEY q_o;
+	REG_R_CREATE_KEY r_o;
+	SEC_DESC *sec = NULL;
+	SEC_DESC_BUF *sec_buf = NULL;
+	size_t sec_len;
+
+	ZERO_STRUCT(q_o);
+
+	if (hnd == NULL)
+		return False;
+
+	/* create and send a MSRPC command with api REG_CREATE_KEY */
+
+	DEBUG(4,("REG Create Key: %s %s 0x%08x\n", key_name, key_class,
+		sam_access != NULL ? sam_access->mask : 0));
+
+	if((sec = make_sec_desc( cli->mem_ctx, 1, NULL, NULL, NULL, NULL, &sec_len)) == NULL) {
+		DEBUG(0,("make_sec_desc : malloc fail.\n"));
+		return False;
+	}
+
+	DEBUG(10,("make_sec_desc: len = %d\n", (int)sec_len));
+
+	if((sec_buf = make_sec_desc_buf( cli->mem_ctx, (int)sec_len, sec)) == NULL) {
+		DEBUG(0,("make_sec_desc : malloc fail (1)\n"));
+		return False;
+	}
+
+	prs_init(&buf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+
+	init_reg_q_create_key(&q_o, hnd, key_name, key_class, sam_access, sec_buf);
+
+	/* turn parameters into data stream */
+	if(!reg_io_q_create_key("", &q_o, &buf, 0)) {
+		prs_mem_free(&buf);
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	/* send the data on \PIPE\ */
+	if (rpc_api_pipe_req(cli, REG_CREATE_KEY, &buf, &rbuf)) {
+		prs_mem_free(&buf);
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	prs_mem_free(&buf);
+
+	ZERO_STRUCT(r_o);
+
+	if(!reg_io_r_create_key("", &r_o, &rbuf, 0)) {
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	if (r_o.status != 0) {
+		/* report error code */
+		DEBUG(0,("REG_CREATE_KEY: %s\n", nt_errstr(r_o.status)));
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	*key = r_o.key_pol;
+
+	prs_mem_free(&rbuf);
+
+	return True;
+}
+
+/****************************************************************************
+do a REG Enum Key
+****************************************************************************/
+BOOL do_reg_enum_key(struct cli_state *cli, POLICY_HND *hnd,
+				int key_index, char *key_name,
+				uint32 *unk_1, uint32 *unk_2,
+				time_t *mod_time)
+{
+	prs_struct rbuf;
+	prs_struct buf; 
+	REG_Q_ENUM_KEY q_o;
+	REG_R_ENUM_KEY r_o;
+
+	if (hnd == NULL)
+		return False;
+
+	prs_init(&buf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+
+	/* create and send a MSRPC command with api REG_ENUM_KEY */
+
+	DEBUG(4,("REG Enum Key\n"));
+
+	init_reg_q_enum_key(&q_o, hnd, key_index);
+
+	/* turn parameters into data stream */
+	if(!reg_io_q_enum_key("", &q_o, &buf, 0)) {
+		prs_mem_free(&buf);
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	/* send the data on \PIPE\ */
+	if (!rpc_api_pipe_req(cli, REG_ENUM_KEY, &buf, &rbuf)) {
+		prs_mem_free(&buf);
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	prs_mem_free(&buf);
+
+	ZERO_STRUCT(r_o);
+
+	if(!reg_io_r_enum_key("", &r_o, &rbuf, 0)) {
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	if (r_o.status != 0) {
+		/* report error code */
+		DEBUG(0,("REG_ENUM_KEY: %s\n", nt_errstr(r_o.status)));
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	(*unk_1) = r_o.unknown_1;
+	(*unk_2) = r_o.unknown_2;
+	rpcstr_pull(key_name, r_o.key_name.str.buffer, -1, -1, 0);
+	(*mod_time) = nt_time_to_unix(&r_o.time);
+
+	prs_mem_free(&rbuf);
+
+	return True;
+}
+
+/****************************************************************************
+do a REG Create Value
+****************************************************************************/
+BOOL do_reg_create_val(struct cli_state *cli, POLICY_HND *hnd,
+				char *val_name, uint32 type, BUFFER3 *data)
+{
+	prs_struct rbuf;
+	prs_struct buf; 
+	REG_Q_CREATE_VALUE q_o;
+	REG_R_CREATE_VALUE r_o;
+
+	if (hnd == NULL)
+		return False;
+
+	prs_init(&buf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+
+	/* create and send a MSRPC command with api REG_CREATE_VALUE */
+
+	DEBUG(4,("REG Create Value: %s\n", val_name));
+
+	init_reg_q_create_val(&q_o, hnd, val_name, type, data);
+
+	/* turn parameters into data stream */
+	if(!reg_io_q_create_val("", &q_o, &buf, 0)) {
+		prs_mem_free(&buf);
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	/* send the data on \PIPE\ */
+	if (!rpc_api_pipe_req(cli, REG_CREATE_VALUE, &buf, &rbuf)) {
+		prs_mem_free(&buf);
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	prs_mem_free(&buf);
+
+	ZERO_STRUCT(r_o);
+
+	if(!reg_io_r_create_val("", &r_o, &rbuf, 0)) {
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	if (r_o.status != 0) {
+		/* report error code */
+		DEBUG(0,("REG_CREATE_VALUE: %s\n", nt_errstr(r_o.status)));
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	prs_mem_free(&rbuf);
+
+	return True;
+}
+
+/****************************************************************************
+do a REG Enum Value
+****************************************************************************/
+BOOL do_reg_enum_val(struct cli_state *cli, POLICY_HND *hnd,
+				int val_index, int max_valnamelen, int max_valbufsize,
+				fstring val_name,
+				uint32 *val_type, BUFFER2 *value)
+{
+	prs_struct rbuf;
+	prs_struct buf; 
+	REG_Q_ENUM_VALUE q_o;
+	REG_R_ENUM_VALUE r_o;
+
+	if (hnd == NULL)
+		return False;
+
+	prs_init(&buf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+
+	/* create and send a MSRPC command with api REG_ENUM_VALUE */
+
+	DEBUG(4,("REG Enum Value\n"));
+
+	init_reg_q_enum_val(&q_o, hnd, val_index, max_valnamelen, max_valbufsize);
+
+	/* turn parameters into data stream */
+	if(!reg_io_q_enum_val("", &q_o, &buf, 0)) {
+		prs_mem_free(&buf);
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	/* send the data on \PIPE\ */
+	if (!rpc_api_pipe_req(cli, REG_ENUM_VALUE, &buf, &rbuf)) {
+		prs_mem_free(&buf);
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	prs_mem_free(&buf);
+
+	ZERO_STRUCT(r_o);
+	r_o.buf_value = value;
+
+	if(!reg_io_r_enum_val("", &r_o, &rbuf, 0)) {
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	if (r_o.status != 0) {
+		/* report error code */
+		DEBUG(0,("REG_ENUM_VALUE: %s\n", nt_errstr(r_o.status)));
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	(*val_type) = r_o.type;
+	rpcstr_pull(val_name, &r_o.uni_name, -1, -1, 0);
+
+	prs_mem_free(&rbuf);
+
+	return True;
+}
+
+/****************************************************************************
+do a REG Open Key
+****************************************************************************/
+BOOL do_reg_open_entry(struct cli_state *cli, POLICY_HND *hnd,
+				char *key_name, uint32 unk_0,
+				POLICY_HND *key_hnd)
+{
+	prs_struct rbuf;
+	prs_struct buf; 
+	REG_Q_OPEN_ENTRY q_o;
+	REG_R_OPEN_ENTRY r_o;
+
+	if (hnd == NULL)
+		return False;
+
+	prs_init(&buf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+
+	/* create and send a MSRPC command with api REG_OPEN_ENTRY */
+
+	DEBUG(4,("REG Open Entry\n"));
+
+	init_reg_q_open_entry(&q_o, hnd, key_name, unk_0);
+
+	/* turn parameters into data stream */
+	if(!reg_io_q_open_entry("", &q_o, &buf, 0)) {
+		prs_mem_free(&buf);
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	/* send the data on \PIPE\ */
+	if (!rpc_api_pipe_req(cli, REG_OPEN_ENTRY, &buf, &rbuf)) {
+		prs_mem_free(&buf);
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	prs_mem_free(&buf);
+
+	ZERO_STRUCT(r_o);
+
+	if(!reg_io_r_open_entry("", &r_o, &rbuf, 0)) {
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	if (r_o.status != 0) {
+		/* report error code */
+		DEBUG(0,("REG_OPEN_ENTRY: %s\n", nt_errstr(r_o.status)));
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	*key_hnd = r_o.pol;
+
+	prs_mem_free(&rbuf);
+
+	return True;
+}
+
+/****************************************************************************
+do a REG Close
+****************************************************************************/
+BOOL do_reg_close(struct cli_state *cli, POLICY_HND *hnd)
+{
+	prs_struct rbuf;
+	prs_struct buf; 
+	REG_Q_CLOSE q_c;
+	REG_R_CLOSE r_c;
+
+	if (hnd == NULL)
+		return False;
+
+	/* create and send a MSRPC command with api REG_CLOSE */
+
+	prs_init(&buf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+
+	DEBUG(4,("REG Close\n"));
+
+	/* store the parameters */
+	init_reg_q_close(&q_c, hnd);
+
+	/* turn parameters into data stream */
+	if(!reg_io_q_close("", &q_c, &buf, 0)) {
+		prs_mem_free(&buf);
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	/* send the data on \PIPE\ */
+	if (!rpc_api_pipe_req(cli, REG_CLOSE, &buf, &rbuf)) {
+		prs_mem_free(&buf);
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	prs_mem_free(&buf);
+
+	ZERO_STRUCT(r_c);
+
+	if(!reg_io_r_close("", &r_c, &rbuf, 0)) {
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	if (r_c.status != 0) {
+		/* report error code */
+		DEBUG(0,("REG_CLOSE: %s\n", nt_errstr(r_c.status)));
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	/* check that the returned policy handle is all zeros */
+
+	if (IVAL(&r_c.pol.data1,0) || IVAL(&r_c.pol.data2,0) || SVAL(&r_c.pol.data3,0) ||
+		SVAL(&r_c.pol.data4,0) || IVAL(r_c.pol.data5,0) || IVAL(r_c.pol.data5,4) ) {
+			prs_mem_free(&rbuf);
+			DEBUG(0,("REG_CLOSE: non-zero handle returned\n"));
+			return False;
+	}	
+
+	prs_mem_free(&rbuf);
+
+	return True;
+}
diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c
new file mode 100644
index 0000000000..6467ae4fa9
--- /dev/null
+++ b/source3/rpc_client/cli_samr.c
@@ -0,0 +1,837 @@
+/* 
+   Unix SMB/CIFS implementation.
+   NT Domain Authentication SMB / MSRPC client
+   Copyright (C) Andrew Tridgell 1994-1997
+   Copyright (C) Luke Kenneth Casson Leighton 1996-1997
+   Copyright (C) Jeremy Allison 1999.
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/****************************************************************************
+do a SAMR query user groups
+****************************************************************************/
+BOOL get_samr_query_usergroups(struct cli_state *cli, 
+				POLICY_HND *pol_open_domain, uint32 user_rid,
+				uint32 *num_groups, DOM_GID *gid)
+{
+	POLICY_HND pol_open_user;
+	if (pol_open_domain == NULL || num_groups == NULL || gid == NULL)
+		return False;
+
+	/* send open domain (on user sid) */
+	if (!do_samr_open_user(cli,
+				pol_open_domain,
+				0x02011b, user_rid,
+				&pol_open_user))
+	{
+		return False;
+	}
+
+	/* send user groups query */
+	if (!do_samr_query_usergroups(cli,
+				&pol_open_user,
+				num_groups, gid))
+	{
+		DEBUG(5,("do_samr_query_usergroups: error in query user groups\n"));
+	}
+
+	return do_samr_close(cli, &pol_open_user);
+}
+
+#if 0
+/* DOES NOT COMPILE WITH THE NEW SAMR PARSE CODE. JRA. */
+
+/****************************************************************************
+do a SAMR query user info
+****************************************************************************/
+BOOL get_samr_query_userinfo(struct cli_state *cli, 
+				POLICY_HND *pol_open_domain,
+				uint32 info_level,
+				uint32 user_rid, SAM_USER_INFO_21 *usr)
+{
+	POLICY_HND pol_open_user;
+	if (pol_open_domain == NULL || usr == NULL)
+		return False;
+
+	memset((char *)usr, '\0', sizeof(*usr));
+
+	/* send open domain (on user sid) */
+	if (!do_samr_open_user(cli,
+				pol_open_domain,
+				0x02011b, user_rid,
+				&pol_open_user))
+	{
+		return False;
+	}
+
+	/* send user info query */
+	if (!do_samr_query_userinfo(cli,
+				&pol_open_user,
+				info_level, (void*)usr))
+	{
+		DEBUG(5,("do_samr_query_userinfo: error in query user info, level 0x%x\n",
+		          info_level));
+	}
+
+	return do_samr_close(cli, &pol_open_user);
+}
+#endif
+
+/****************************************************************************
+do a SAMR change user password command
+****************************************************************************/
+BOOL do_samr_chgpasswd_user(struct cli_state *cli,
+		char *srv_name, char *user_name,
+		char nt_newpass[516], uchar nt_oldhash[16],
+		char lm_newpass[516], uchar lm_oldhash[16])
+{
+	prs_struct data;
+	prs_struct rdata;
+	SAMR_Q_CHGPASSWD_USER q_e;
+	SAMR_R_CHGPASSWD_USER r_e;
+
+	/* create and send a MSRPC command with api SAMR_CHGPASSWD_USER */
+
+	prs_init(&data, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
+	prs_init(&rdata, 0, cli->mem_ctx, UNMARSHALL);
+
+	DEBUG(4,("SAMR Change User Password. server:%s username:%s\n",
+	        srv_name, user_name));
+
+	init_samr_q_chgpasswd_user(&q_e, srv_name, user_name,
+	                           nt_newpass, nt_oldhash,
+	                           lm_newpass, lm_oldhash);
+
+	/* turn parameters into data stream */
+	if(!samr_io_q_chgpasswd_user("", &q_e, &data, 0)) {
+		prs_mem_free(&data);
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	/* send the data on \PIPE\ */
+	if (!rpc_api_pipe_req(cli, SAMR_CHGPASSWD_USER, &data, &rdata)) {
+		prs_mem_free(&data);
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	prs_mem_free(&data);
+
+	if(!samr_io_r_chgpasswd_user("", &r_e, &rdata, 0)) {
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	if (r_e.status != 0) {
+		/* report error code */
+		DEBUG(0,("SAMR_R_CHGPASSWD_USER: %s\n", nt_errstr(r_e.status)));
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	prs_mem_free(&rdata);
+
+	return True;
+}
+
+#if 0 
+
+/* CURRENTLY THIS DOESN'T COMPILE AND IS NOT USED ANYWHERE. JRA. */
+
+/****************************************************************************
+do a SAMR unknown 0x38 command
+****************************************************************************/
+BOOL do_samr_unknown_38(struct cli_state *cli, char *srv_name)
+{
+	prs_struct data;
+	prs_struct rdata;
+
+	SAMR_Q_UNKNOWN_38 q_e;
+	SAMR_R_UNKNOWN_38 r_e;
+
+	/* create and send a MSRPC command with api SAMR_ENUM_DOM_USERS */
+
+	prs_init(&data, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
+	prs_init(&rdata, 0, cli->mem_ctx, UNMARSHALL);
+
+	DEBUG(4,("SAMR Unknown 38 server:%s\n", srv_name));
+
+	init_samr_q_unknown_38(&q_e, srv_name);
+
+	/* turn parameters into data stream */
+	if(!samr_io_q_unknown_38("", &q_e, &data, 0)) {
+		prs_mem_free(&data);
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	/* send the data on \PIPE\ */
+	if (!rpc_api_pipe_req(cli, SAMR_UNKNOWN_38, &data, &rdata)) {
+		prs_mem_free(&data);
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	prs_mem_free(&data);
+
+	if(!samr_io_r_unknown_38("", &r_e, &rdata, 0)) {
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	if (r_e.status != 0) {
+		/* report error code */
+		DEBUG(0,("SAMR_R_UNKNOWN_38: %s\n", nt_errstr(r_e.status)));
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	prs_mem_free(&rdata);
+
+	return True;
+}
+#endif
+
+/****************************************************************************
+do a SAMR unknown 0x8 command
+****************************************************************************/
+BOOL do_samr_query_dom_info(struct cli_state *cli, 
+				POLICY_HND *domain_pol, uint16 switch_value)
+{
+	prs_struct data;
+	prs_struct rdata;
+	SAMR_Q_QUERY_DOMAIN_INFO q_e;
+	SAMR_R_QUERY_DOMAIN_INFO r_e;
+
+	if (domain_pol == NULL)
+		return False;
+
+	/* create and send a MSRPC command with api SAMR_ENUM_DOM_USERS */
+
+	prs_init(&data, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
+	prs_init(&rdata, 0, cli->mem_ctx, UNMARSHALL);
+
+	DEBUG(4,("SAMR Unknown 8 switch:%d\n", switch_value));
+
+	/* store the parameters */
+	init_samr_q_query_dom_info(&q_e, domain_pol, switch_value);
+
+	/* turn parameters into data stream */
+	if(!samr_io_q_query_dom_info("", &q_e, &data, 0)) {
+		prs_mem_free(&data);
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	/* send the data on \PIPE\ */
+	if (!rpc_api_pipe_req(cli, SAMR_QUERY_DOMAIN_INFO, &data, &rdata)) {
+		prs_mem_free(&data);
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	prs_mem_free(&data);
+
+	if(!samr_io_r_query_dom_info("", &r_e, &rdata, 0)) {
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	if (r_e.status != 0) {
+		/* report error code */
+		DEBUG(0,("SAMR_R_QUERY_DOMAIN_INFO: %s\n", nt_errstr(r_e.status)));
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	prs_mem_free(&rdata);
+
+	return True;
+}
+
+#if 0
+
+/* CURRENTLY DOESN'T COMPILE WITH THE NEW SAMR PARSE CODE. JRA */
+
+/****************************************************************************
+do a SAMR enumerate users
+****************************************************************************/
+BOOL do_samr_enum_dom_users(struct cli_state *cli, 
+				POLICY_HND *pol, uint16 num_entries, uint16 unk_0,
+				uint16 acb_mask, uint16 unk_1, uint32 size,
+				struct acct_info **sam,
+				int *num_sam_users)
+{
+	prs_struct data;
+	prs_struct rdata;
+	SAMR_Q_ENUM_DOM_USERS q_e;
+	SAMR_R_ENUM_DOM_USERS r_e;
+	int i;
+	int name_idx = 0;
+
+	if (pol == NULL || num_sam_users == NULL)
+		return False;
+
+	/* create and send a MSRPC command with api SAMR_ENUM_DOM_USERS */
+
+	prs_init(&data, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
+	prs_init(&rdata, 0, cli->mem_ctx, UNMARSHALL);
+
+	DEBUG(4,("SAMR Enum SAM DB max size:%x\n", size));
+
+	/* store the parameters */
+	init_samr_q_enum_dom_users(&q_e, pol,
+	                           num_entries, unk_0,
+	                           acb_mask, unk_1, size);
+
+	/* turn parameters into data stream */
+	if(!samr_io_q_enum_dom_users("", &q_e, &data, 0)) {
+		prs_mem_free(&data);
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	/* send the data on \PIPE\ */
+	if (!rpc_api_pipe_req(cli, SAMR_ENUM_DOM_USERS, &data, &rdata)) {
+		prs_mem_free(&data);
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	prs_mem_free(&data);
+
+	if(!samr_io_r_enum_dom_users("", &r_e, &rdata, 0)) {
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	if (r_e.status != 0) {
+		/* report error code */
+		DEBUG(0,("SAMR_R_ENUM_DOM_USERS: %s\n", nt_errstr(r_e.status)));
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	*num_sam_users = r_e.num_entries2;
+	if (*num_sam_users > MAX_SAM_ENTRIES) {
+		*num_sam_users = MAX_SAM_ENTRIES;
+		DEBUG(2,("do_samr_enum_dom_users: sam user entries limited to %d\n",
+		          *num_sam_users));
+	}
+
+	*sam = (struct acct_info*) malloc(sizeof(struct acct_info) * (*num_sam_users));
+				    
+	if ((*sam) == NULL)
+		*num_sam_users = 0;
+
+	for (i = 0; i < *num_sam_users; i++) {
+		(*sam)[i].smb_userid = r_e.sam[i].rid;
+		if (r_e.sam[i].hdr_name.buffer) {
+			char *acct_name = dos_unistrn2(r_e.uni_acct_name[name_idx].buffer,
+			                           r_e.uni_acct_name[name_idx].uni_str_len);
+			fstrcpy((*sam)[i].acct_name, acct_name);
+			name_idx++;
+		} else {
+			memset((char *)(*sam)[i].acct_name, '\0', sizeof((*sam)[i].acct_name));
+		}
+
+		DEBUG(5,("do_samr_enum_dom_users: idx: %4d rid: %8x acct: %s\n",
+		          i, (*sam)[i].smb_userid, (*sam)[i].acct_name));
+	}
+
+	prs_mem_free(&rdata  );
+
+	return True;
+}
+#endif
+
+/****************************************************************************
+do a SAMR Connect
+****************************************************************************/
+BOOL do_samr_connect(struct cli_state *cli, 
+				char *srv_name, uint32 unknown_0,
+				POLICY_HND *connect_pol)
+{
+	prs_struct data;
+	prs_struct rdata;
+	SAMR_Q_CONNECT q_o;
+	SAMR_R_CONNECT r_o;
+
+	if (srv_name == NULL || connect_pol == NULL)
+		return False;
+
+	/* create and send a MSRPC command with api SAMR_CONNECT */
+
+	prs_init(&data, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
+	prs_init(&rdata, 0, cli->mem_ctx, UNMARSHALL);
+
+	DEBUG(4,("SAMR Open Policy server:%s undoc value:%x\n",
+				srv_name, unknown_0));
+
+	/* store the parameters */
+	init_samr_q_connect(&q_o, srv_name, unknown_0);
+
+	/* turn parameters into data stream */
+	if(!samr_io_q_connect("", &q_o,  &data, 0)) {
+		prs_mem_free(&data);
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	/* send the data on \PIPE\ */
+	if (!rpc_api_pipe_req(cli, SAMR_CONNECT, &data, &rdata)) {
+		prs_mem_free(&data);
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	prs_mem_free(&data);
+
+	if(!samr_io_r_connect("", &r_o, &rdata, 0)) {
+		prs_mem_free(&rdata);
+		return False;
+	}
+		
+	if (r_o.status != 0) {
+		/* report error code */
+		DEBUG(0,("SAMR_R_CONNECT: %s\n", nt_errstr(r_o.status)));
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	memcpy(connect_pol, &r_o.connect_pol, sizeof(r_o.connect_pol));
+
+	prs_mem_free(&rdata);
+
+	return True;
+}
+
+/****************************************************************************
+do a SAMR Open User
+****************************************************************************/
+BOOL do_samr_open_user(struct cli_state *cli, 
+				POLICY_HND *pol, uint32 unk_0, uint32 rid, 
+				POLICY_HND *user_pol)
+{
+	prs_struct data;
+	prs_struct rdata;
+	SAMR_Q_OPEN_USER q_o;
+	SAMR_R_OPEN_USER r_o;
+
+	if (pol == NULL || user_pol == NULL)
+		return False;
+
+	/* create and send a MSRPC command with api SAMR_OPEN_USER */
+
+	prs_init(&data, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
+	prs_init(&rdata, 0, cli->mem_ctx, UNMARSHALL);
+
+	DEBUG(4,("SAMR Open User.  unk_0: %08x RID:%x\n",
+	          unk_0, rid));
+
+	/* store the parameters */
+	init_samr_q_open_user(&q_o, pol, unk_0, rid);
+
+	/* turn parameters into data stream */
+	if(!samr_io_q_open_user("", &q_o,  &data, 0)) {
+		prs_mem_free(&data);
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	/* send the data on \PIPE\ */
+	if (!rpc_api_pipe_req(cli, SAMR_OPEN_USER, &data, &rdata)) {
+		prs_mem_free(&data);
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	prs_mem_free(&data);
+
+	if(!samr_io_r_open_user("", &r_o, &rdata, 0)) {
+		prs_mem_free(&rdata);
+		return False;
+	}
+		
+	if (r_o.status != 0) {
+		/* report error code */
+		DEBUG(0,("SAMR_R_OPEN_USER: %s\n", nt_errstr(r_o.status)));
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	memcpy(user_pol, &r_o.user_pol, sizeof(r_o.user_pol));
+
+	prs_mem_free(&rdata);
+
+	return True;
+}
+
+/****************************************************************************
+do a SAMR Open Domain
+****************************************************************************/
+BOOL do_samr_open_domain(struct cli_state *cli, 
+				POLICY_HND *connect_pol, uint32 rid, DOM_SID *sid,
+				POLICY_HND *domain_pol)
+{
+	prs_struct data;
+	prs_struct rdata;
+	pstring sid_str;
+	SAMR_Q_OPEN_DOMAIN q_o;
+	SAMR_R_OPEN_DOMAIN r_o;
+
+	if (connect_pol == NULL || sid == NULL || domain_pol == NULL)
+		return False;
+
+	/* create and send a MSRPC command with api SAMR_OPEN_DOMAIN */
+
+	prs_init(&data, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
+	prs_init(&rdata, 0, cli->mem_ctx, UNMARSHALL);
+
+	sid_to_string(sid_str, sid);
+	DEBUG(4,("SAMR Open Domain.  SID:%s RID:%x\n", sid_str, rid));
+
+	/* store the parameters */
+	init_samr_q_open_domain(&q_o, connect_pol, rid, sid);
+
+	/* turn parameters into data stream */
+	if(!samr_io_q_open_domain("", &q_o,  &data, 0)) {
+		prs_mem_free(&data);
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	/* send the data on \PIPE\ */
+	if (!rpc_api_pipe_req(cli, SAMR_OPEN_DOMAIN, &data, &rdata)) {
+		prs_mem_free(&data);
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	prs_mem_free(&data);
+
+	if(!samr_io_r_open_domain("", &r_o, &rdata, 0)) {
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	if (r_o.status != 0) {
+		/* report error code */
+		DEBUG(0,("SAMR_R_OPEN_DOMAIN: %s\n", nt_errstr(r_o.status)));
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	memcpy(domain_pol, &r_o.domain_pol, sizeof(r_o.domain_pol));
+
+	prs_mem_free(&rdata);
+
+	return True;
+}
+
+#if 0
+
+/* CURRENTLY DOES NOT COMPILE AND IS NOT USED ANYWHERE. JRA. */
+
+/****************************************************************************
+do a SAMR Query Unknown 12
+****************************************************************************/
+BOOL do_samr_query_unknown_12(struct cli_state *cli, 
+				POLICY_HND *pol, uint32 rid, uint32 num_gids, uint32 *gids,
+				uint32 *num_aliases,
+				fstring als_names    [MAX_LOOKUP_SIDS],
+				uint32  num_als_users[MAX_LOOKUP_SIDS])
+{
+	prs_struct data;
+	prs_struct rdata;
+	SAMR_Q_LOOKUP_RIDS q_o;
+	SAMR_R_LOOKUP_RIDS r_o;
+
+	if (pol == NULL || rid == 0 || num_gids == 0 || gids == NULL ||
+	    num_aliases == NULL || als_names == NULL || num_als_users == NULL )
+			return False;
+
+	/* create and send a MSRPC command with api SAMR_UNKNOWN_12 */
+
+	prs_init(&data, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
+	prs_init(&rdata, 0, cli->mem_ctx, UNMARSHALL);
+
+	DEBUG(4,("SAMR Query Unknown 12.\n"));
+
+	/* store the parameters */
+	init_samr_q_lookup_rids(&q_o, pol, rid, num_gids, gids);
+
+	/* turn parameters into data stream */
+	if(!samr_io_q_lookup_rids("", &q_o,  &data, 0)) {
+		prs_mem_free(&data);
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	/* send the data on \PIPE\ */
+	if (!rpc_api_pipe_req(cli, SAMR_LOOKUP_RIDS, &data, &rdata)) {
+		prs_mem_free(&data);
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	prs_mem_free(&data);
+
+	if(!samr_io_r_lookup_rids("", &r_o, &rdata, 0)) {
+		prs_mem_free(&rdata);
+		return False;
+	}
+		
+	if (r_o.status != 0) {
+		/* report error code */
+		DEBUG(0,("SAMR_R_UNKNOWN_12: %s\n", nt_errstr(r_o.status)));
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	if (r_o.ptr_aliases != 0 && r_o.ptr_als_usrs != 0 &&
+	    r_o.num_als_usrs1 == r_o.num_aliases1) {
+		int i;
+
+		*num_aliases = r_o.num_aliases1;
+
+		for (i = 0; i < r_o.num_aliases1; i++) {
+			fstrcpy(als_names[i], dos_unistrn2(r_o.uni_als_name[i].buffer,
+						r_o.uni_als_name[i].uni_str_len));
+		}
+		for (i = 0; i < r_o.num_als_usrs1; i++) {
+			num_als_users[i] = r_o.num_als_usrs[i];
+		}
+	} else if (r_o.ptr_aliases == 0 && r_o.ptr_als_usrs == 0) {
+		*num_aliases = 0;
+	} else {
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	prs_mem_free(&rdata);
+
+	return True;
+}
+#endif
+
+/****************************************************************************
+do a SAMR Query User Groups
+****************************************************************************/
+BOOL do_samr_query_usergroups(struct cli_state *cli, 
+				POLICY_HND *pol, uint32 *num_groups, DOM_GID *gid)
+{
+	prs_struct data;
+	prs_struct rdata;
+	SAMR_Q_QUERY_USERGROUPS q_o;
+	SAMR_R_QUERY_USERGROUPS r_o;
+
+	if (pol == NULL || gid == NULL || num_groups == 0)
+		return False;
+
+	/* create and send a MSRPC command with api SAMR_QUERY_USERGROUPS */
+
+	prs_init(&data, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
+	prs_init(&rdata, 0, cli->mem_ctx, UNMARSHALL);
+
+	DEBUG(4,("SAMR Query User Groups.\n"));
+
+	/* store the parameters */
+	init_samr_q_query_usergroups(&q_o, pol);
+
+	/* turn parameters into data stream */
+	if(!samr_io_q_query_usergroups("", &q_o,  &data, 0)) {
+		prs_mem_free(&data);
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	/* send the data on \PIPE\ */
+	if (!rpc_api_pipe_req(cli, SAMR_QUERY_USERGROUPS, &data, &rdata)) {
+		prs_mem_free(&data);
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	prs_mem_free(&data);
+
+	/* get user info */
+	r_o.gid = gid;
+
+	if(!samr_io_r_query_usergroups("", &r_o, &rdata, 0)) {
+		prs_mem_free(&rdata);
+		return False;
+	}
+		
+	if (r_o.status != 0) {
+		/* report error code */
+		DEBUG(0,("SAMR_R_QUERY_USERGROUPS: %s\n", nt_errstr(r_o.status)));
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	*num_groups = r_o.num_entries;
+
+	prs_mem_free(&rdata);
+
+	return True;
+}
+
+#if 0
+
+/* CURRENTLY DOES NOT COMPILE WITH THE NEW SAMR PARSE CODE. JRA */
+
+/****************************************************************************
+do a SAMR Query User Info
+****************************************************************************/
+BOOL do_samr_query_userinfo(struct cli_state *cli, 
+				POLICY_HND *pol, uint16 switch_value, void* usr)
+{
+	prs_struct data;
+	prs_struct rdata;
+	SAMR_Q_QUERY_USERINFO q_o;
+	SAMR_R_QUERY_USERINFO r_o;
+
+	if (pol == NULL || usr == NULL || switch_value == 0)
+		return False;
+
+	/* create and send a MSRPC command with api SAMR_QUERY_USERINFO */
+
+	prs_init(&data, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
+	prs_init(&rdata, 0, cli->mem_ctx, UNMARSHALL);
+
+	DEBUG(4,("SAMR Query User Info.  level: %d\n", switch_value));
+
+	/* store the parameters */
+	init_samr_q_query_userinfo(&q_o, pol, switch_value);
+
+	/* turn parameters into data stream */
+	if(!samr_io_q_query_userinfo("", &q_o,  &data, 0)) {
+		prs_mem_free(&data);
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	/* send the data on \PIPE\ */
+	if (!rpc_api_pipe_req(cli, SAMR_QUERY_USERINFO, &data, &rdata)) {
+		prs_mem_free(&data);
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	prs_mem_free(&data);
+
+	/* get user info */
+	r_o.info.id = usr;
+
+	if(!samr_io_r_query_userinfo("", &r_o, &rdata, 0)) {
+		prs_mem_free(&rdata);
+		return False;
+	}
+		
+	if (r_o.status != 0) {
+		/* report error code */
+		DEBUG(0,("SAMR_R_QUERY_USERINFO: %s\n", nt_errstr(r_o.status)));
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	if (r_o.switch_value != switch_value) {
+		DEBUG(0,("SAMR_R_QUERY_USERINFO: received incorrect level %d\n",
+		          r_o.switch_value));
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	if (r_o.ptr == 0) {
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	prs_mem_free(&rdata);
+
+	return True;
+}
+
+#endif
+
+/****************************************************************************
+do a SAMR Close
+****************************************************************************/
+BOOL do_samr_close(struct cli_state *cli, POLICY_HND *hnd)
+{
+	prs_struct data;
+	prs_struct rdata;
+	SAMR_Q_CLOSE_HND q_c;
+	SAMR_R_CLOSE_HND r_c;
+
+	if (hnd == NULL)
+		return False;
+
+	prs_init(&data, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
+	prs_init(&rdata, 0, cli->mem_ctx, UNMARSHALL);
+
+	/* create and send a MSRPC command with api SAMR_CLOSE_HND */
+
+	DEBUG(4,("SAMR Close\n"));
+
+	/* store the parameters */
+	init_samr_q_close_hnd(&q_c, hnd);
+
+	/* turn parameters into data stream */
+	if(!samr_io_q_close_hnd("", &q_c,  &data, 0)) {
+		prs_mem_free(&data);
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	/* send the data on \PIPE\ */
+	if (!rpc_api_pipe_req(cli, SAMR_CLOSE_HND, &data, &rdata)) {
+		prs_mem_free(&data);
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	prs_mem_free(&data);
+
+	if(!samr_io_r_close_hnd("", &r_c, &rdata, 0)) {
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	if (r_c.status != 0) {
+		/* report error code */
+		DEBUG(0,("SAMR_CLOSE_HND: %s\n", nt_errstr(r_c.status)));
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	/* check that the returned policy handle is all zeros */
+
+	if (IVAL(&r_c.pol.data1,0) || IVAL(&r_c.pol.data2,0) || SVAL(&r_c.pol.data3,0) ||
+		SVAL(&r_c.pol.data4,0) || IVAL(r_c.pol.data5,0) || IVAL(r_c.pol.data5,4) ) {
+			DEBUG(0,("SAMR_CLOSE_HND: non-zero handle returned\n"));
+			prs_mem_free(&rdata);
+			return False;
+	}	
+
+	prs_mem_free(&rdata);
+
+	return True;
+}
diff --git a/source3/rpc_client/cli_spoolss.c b/source3/rpc_client/cli_spoolss.c
new file mode 100644
index 0000000000..ca01808f59
--- /dev/null
+++ b/source3/rpc_client/cli_spoolss.c
@@ -0,0 +1,817 @@
+/*
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell              1992-2000,
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-2000,
+ *  Copyright (C) Paul Ashton                  1997-2000,
+ *  Copyright (C) Jean Francois Micouleau      1998-2000,
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+#include "rpc_parse.h"
+#include "nterr.h"
+
+/****************************************************************************
+do a SPOOLSS Enum Printer Drivers
+****************************************************************************/
+uint32 spoolss_enum_printerdrivers(const char *srv_name, const char *environment,
+                                   uint32 level, NEW_BUFFER *buffer, uint32 offered,
+                                   uint32 *needed, uint32 *returned)
+{
+        prs_struct rbuf;
+        prs_struct buf;
+        SPOOL_Q_ENUMPRINTERDRIVERS q_o;
+        SPOOL_R_ENUMPRINTERDRIVERS r_o;
+	TALLOC_CTX *ctx = prs_get_mem_context(&buffer->prs);
+
+        struct cli_connection *con = NULL;
+
+        if (!cli_connection_init(srv_name, PIPE_SPOOLSS, &con))
+                return False;
+
+        prs_init(&buf, MAX_PDU_FRAG_LEN, ctx, MARSHALL);
+        prs_init(&rbuf, 0, ctx, UNMARSHALL);
+
+        /* create and send a MSRPC command with api SPOOLSS_ENUM_PRINTERS */
+
+        DEBUG(5,("SPOOLSS Enum Printer Drivers (Server: %s Environment: %s level: %d)\n",
+                                srv_name, environment, level));
+
+        make_spoolss_q_enumprinterdrivers(&q_o, srv_name, environment,
+                                level, buffer, offered);
+
+        /* turn parameters into data stream */
+        if (spoolss_io_q_enumprinterdrivers("", &q_o, &buf, 0) &&
+	     rpc_con_pipe_req(con, SPOOLSS_ENUMPRINTERDRIVERS, &buf, &rbuf)) 
+	{
+	        prs_mem_free(&buf);
+        	ZERO_STRUCT(r_o);
+
+	        prs_switch_type(&buffer->prs, UNMARSHALL);
+	        prs_set_offset(&buffer->prs, 0);
+	        r_o.buffer=buffer;
+
+	        if(spoolss_io_r_enumprinterdrivers("", &r_o, &rbuf, 0)) 
+		{
+			if (r_o.status != NT_STATUS_OK)
+			{
+				DEBUG(3,("SPOOLSS_ENUMPRINTERDRIVERS:  %s\n", nt_errstr(r_o.status)));
+			}
+		        *needed=r_o.needed;
+		        *returned=r_o.returned;
+	        }
+	}
+
+        prs_mem_free(&rbuf);
+        prs_mem_free(&buf );
+
+        cli_connection_unlink(con);
+
+        return r_o.status;
+}
+
+/****************************************************************************
+do a SPOOLSS Enum Printers
+****************************************************************************/
+uint32 spoolss_enum_printers(uint32 flags, fstring srv_name, uint32 level,
+                             NEW_BUFFER *buffer, uint32 offered,
+                             uint32 *needed, uint32 *returned)
+{
+        prs_struct rbuf;
+        prs_struct buf;
+        SPOOL_Q_ENUMPRINTERS q_o;
+        SPOOL_R_ENUMPRINTERS r_o;
+	TALLOC_CTX *ctx = prs_get_mem_context(&buffer->prs);
+
+        struct cli_connection *con = NULL;
+
+        if (!cli_connection_init(srv_name, PIPE_SPOOLSS, &con))
+                return False;
+
+        prs_init(&buf, MAX_PDU_FRAG_LEN, ctx, MARSHALL);
+        prs_init(&rbuf, 0, ctx, UNMARSHALL);
+
+        /* create and send a MSRPC command with api SPOOLSS_ENUM_PRINTERS */
+
+        DEBUG(5,("SPOOLSS Enum Printers (Server: %s level: %d)\n", srv_name, level));
+
+        make_spoolss_q_enumprinters(&q_o, flags, "", level, buffer, offered);
+
+        /* turn parameters into data stream */
+        if (spoolss_io_q_enumprinters("", &q_o, &buf, 0) &&
+	   rpc_con_pipe_req(con, SPOOLSS_ENUMPRINTERS, &buf, &rbuf)) 
+	{
+	        ZERO_STRUCT(r_o);
+
+        	prs_switch_type(&buffer->prs, UNMARSHALL);
+	        prs_set_offset(&buffer->prs, 0);
+	        r_o.buffer=buffer;
+
+        	if(new_spoolss_io_r_enumprinters("", &r_o, &rbuf, 0)) 
+		{
+			if (r_o.status != NT_STATUS_OK)
+			{
+                        	/* report error code */
+                        	DEBUG(3,("SPOOLSS_ENUMPRINTERS: %s\n", nt_errstr(r_o.status)));
+			}
+
+        		*needed=r_o.needed;
+        		*returned=r_o.returned;
+        	}
+
+        }
+
+        prs_mem_free(&rbuf);
+        prs_mem_free(&buf );
+
+        cli_connection_unlink(con);
+
+        return r_o.status;
+}
+
+/****************************************************************************
+do a SPOOLSS Enum Ports
+****************************************************************************/
+uint32 spoolss_enum_ports(fstring srv_name, uint32 level,
+                             NEW_BUFFER *buffer, uint32 offered,
+                             uint32 *needed, uint32 *returned)
+{
+        prs_struct rbuf;
+        prs_struct buf;
+        SPOOL_Q_ENUMPORTS q_o;
+        SPOOL_R_ENUMPORTS r_o;
+	TALLOC_CTX *ctx = prs_get_mem_context(&buffer->prs);
+
+        struct cli_connection *con = NULL;
+
+        if (!cli_connection_init(srv_name, PIPE_SPOOLSS, &con))
+                return False;
+
+        prs_init(&buf, MAX_PDU_FRAG_LEN, ctx, MARSHALL);
+        prs_init(&rbuf, 0, ctx, UNMARSHALL);
+
+        /* create and send a MSRPC command with api SPOOLSS_ENUMPORTS */
+
+        DEBUG(5,("SPOOLSS Enum Ports (Server: %s level: %d)\n", srv_name, level));
+
+        make_spoolss_q_enumports(&q_o, "", level, buffer, offered);
+
+        /* turn parameters into data stream */
+        if (spoolss_io_q_enumports("", &q_o, &buf, 0) &&
+	     rpc_con_pipe_req(con, SPOOLSS_ENUMPORTS, &buf, &rbuf))
+	{
+	        prs_mem_free(&buf );
+        	ZERO_STRUCT(r_o);
+
+	        prs_switch_type(&buffer->prs, UNMARSHALL);
+	        prs_set_offset(&buffer->prs, 0);
+	        r_o.buffer=buffer;
+
+	        if(new_spoolss_io_r_enumports("", &r_o, &rbuf, 0)) 
+		{
+			if (r_o.status != NT_STATUS_OK)
+			{
+				DEBUG(3,("SPOOLSS_ENUMPORTS: %s\n", nt_errstr(r_o.status)));
+			}
+			
+	        	*needed=r_o.needed;
+	        	*returned=r_o.returned;
+		}
+        }
+
+        prs_mem_free(&rbuf);
+        prs_mem_free(&buf );
+
+        cli_connection_unlink(con);
+
+        return r_o.status;
+}
+
+/****************************************************************************
+do a SPOOLSS Enum Jobs
+****************************************************************************/
+uint32 spoolss_enum_jobs(const POLICY_HND *hnd, uint32 firstjob, uint32 numofjobs,
+                         uint32 level, NEW_BUFFER *buffer, uint32 offered,
+                         uint32 *needed, uint32 *returned)
+{
+        prs_struct rbuf;
+        prs_struct buf;
+        SPOOL_Q_ENUMJOBS q_o;
+        SPOOL_R_ENUMJOBS r_o;
+	TALLOC_CTX *ctx = prs_get_mem_context(&buffer->prs);
+
+        if (hnd == NULL)
+                return NT_STATUS_INVALID_PARAMETER;
+
+        prs_init(&buf, MAX_PDU_FRAG_LEN, ctx, MARSHALL);
+        prs_init(&rbuf, 0, ctx, UNMARSHALL);
+
+        /* create and send a MSRPC command with api SPOOLSS_ENUMJOBS */
+
+        DEBUG(5,("SPOOLSS Enum Jobs level: %d)\n", level));
+
+        make_spoolss_q_enumjobs(&q_o, hnd, firstjob, numofjobs, level, buffer, offered);
+
+        /* turn parameters into data stream */
+        if (spoolss_io_q_enumjobs("", &q_o, &buf, 0) &&
+	     rpc_hnd_pipe_req(hnd, SPOOLSS_ENUMJOBS, &buf, &rbuf))
+        {
+	        ZERO_STRUCT(r_o);
+	        prs_mem_free(&buf );
+
+	        r_o.buffer=buffer;
+
+	        if(spoolss_io_r_enumjobs("", &r_o, &rbuf, 0)) 
+		{
+			if (r_o.status != NT_STATUS_OK)
+			{
+				DEBUG(3,("SPOOLSS_ENUMJOBS: %s\n", nt_errstr(r_o.status)));
+			}
+	        	*needed=r_o.needed;
+		        *returned=r_o.returned;
+		}
+	}
+
+        prs_mem_free(&rbuf);
+        prs_mem_free(&buf );
+
+        return r_o.status;
+}
+
+/***************************************************************************
+do a SPOOLSS Enum printer datas
+****************************************************************************/
+uint32 spoolss_enum_printerdata(const POLICY_HND *hnd, uint32 idx,
+                        	uint32 *valuelen, uint16 *value, uint32 *rvaluelen,
+                        	uint32 *type, uint32 *datalen, uint8 *data, 
+				uint32 *rdatalen)
+{
+        prs_struct rbuf;
+        prs_struct buf;
+        SPOOL_Q_ENUMPRINTERDATA q_o;
+        SPOOL_R_ENUMPRINTERDATA r_o;
+	TALLOC_CTX *mem_ctx = NULL;
+	
+        if (hnd == NULL)
+                return NT_STATUS_INVALID_PARAMETER;
+
+	if ((mem_ctx=talloc_init()) == NULL)
+	{
+		DEBUG(0,("msrpc_spoolss_enum_jobs: talloc_init failed!\n"));
+		return False;
+	}
+        prs_init(&buf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+        prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+        /* create and send a MSRPC command with api  SPOOLSS_ENUMPRINTERDATA*/
+
+        DEBUG(4,("SPOOLSS Enum Printer data\n"));
+
+        make_spoolss_q_enumprinterdata(&q_o, hnd, idx, *valuelen, *datalen);
+
+        /* turn parameters into data stream */
+        if (spoolss_io_q_enumprinterdata("", &q_o, &buf, 0) &&
+	     rpc_hnd_pipe_req(hnd, SPOOLSS_ENUMPRINTERDATA, &buf, &rbuf)) 
+	{
+	        ZERO_STRUCT(r_o);
+        	prs_mem_free(&buf );
+
+	        r_o.data=data;
+        	r_o.value=value;
+
+	        if(spoolss_io_r_enumprinterdata("", &r_o, &rbuf, 0))
+		{
+			if (r_o.status != NT_STATUS_OK)
+			{
+				DEBUG(3,("SPOOLSS_ENUMPRINTERDATA: %s\n", nt_errstr(r_o.status)));
+			}
+			
+			*valuelen=r_o.valuesize;
+		        *rvaluelen=r_o.realvaluesize;
+	        	*type=r_o.type;
+	        	*datalen=r_o.datasize;
+		        *rdatalen=r_o.realdatasize;
+
+		}
+	}
+
+        prs_mem_free(&rbuf);
+        prs_mem_free(&buf );
+	if (mem_ctx)
+		talloc_destroy(mem_ctx);
+
+        return r_o.status;
+}
+
+/****************************************************************************
+do a SPOOLSS Enum printer datas
+****************************************************************************/
+uint32 spoolss_getprinter(const POLICY_HND *hnd, uint32 level,
+                             NEW_BUFFER *buffer, uint32 offered,
+                             uint32 *needed)
+{
+        prs_struct rbuf;
+        prs_struct buf;
+        SPOOL_Q_GETPRINTER q_o;
+        SPOOL_R_GETPRINTER r_o;
+	TALLOC_CTX *ctx = prs_get_mem_context(&buffer->prs);
+
+        if (hnd == NULL)
+                return NT_STATUS_INVALID_PARAMETER;
+
+        prs_init(&buf, MAX_PDU_FRAG_LEN, ctx, MARSHALL);
+        prs_init(&rbuf, 0, ctx, UNMARSHALL);
+
+        /* create and send a MSRPC command with api SPOOLSS_ENUMJOBS */
+
+        DEBUG(5,("SPOOLSS Enum Printer data)\n"));
+
+        make_spoolss_q_getprinter(&q_o, hnd, level, buffer, offered);
+
+        /* turn parameters into data stream */
+        if (spoolss_io_q_getprinter("", &q_o, &buf, 0) &&
+             rpc_hnd_pipe_req(hnd, SPOOLSS_GETPRINTER, &buf, &rbuf)) 
+	{
+	        ZERO_STRUCT(r_o);
+        	prs_mem_free(&buf );
+
+	        prs_switch_type(&buffer->prs, UNMARSHALL);
+        	prs_set_offset(&buffer->prs, 0);
+	        r_o.buffer=buffer;
+
+	        if(!spoolss_io_r_getprinter("", &r_o, &rbuf, 0)) 
+		{
+			if (r_o.status != NT_STATUS_OK)
+			{
+				DEBUG(3,("SPOOLSS_GETPRINTER: %s\n", nt_errstr(r_o.status)));
+			}
+		        *needed=r_o.needed;
+		}
+	}
+
+        prs_mem_free(&rbuf);
+        prs_mem_free(&buf );
+
+        return r_o.status;
+}
+
+/****************************************************************************
+do a SPOOLSS Enum printer driver
+****************************************************************************/
+uint32 spoolss_getprinterdriver(const POLICY_HND *hnd,
+                                const char *environment, uint32 level,
+                                NEW_BUFFER *buffer, uint32 offered,
+                                uint32 *needed)
+{
+        prs_struct rbuf;
+        prs_struct buf;
+        SPOOL_Q_GETPRINTERDRIVER2 q_o;
+        SPOOL_R_GETPRINTERDRIVER2 r_o;
+	TALLOC_CTX *ctx = prs_get_mem_context(&buffer->prs);
+
+        if (hnd == NULL)
+                return NT_STATUS_INVALID_PARAMETER;
+
+        prs_init(&buf, MAX_PDU_FRAG_LEN, ctx, MARSHALL);
+        prs_init(&rbuf, 0, ctx, UNMARSHALL);
+
+        /* create and send a MSRPC command with api SPOOLSS_ENUMJOBS */
+
+        DEBUG(5,("SPOOLSS Enum Printer driver)\n"));
+
+        make_spoolss_q_getprinterdriver2(&q_o, hnd, environment, level, 2, 0, buffer, offered);
+
+        /* turn parameters into data stream */
+        if (spoolss_io_q_getprinterdriver2("", &q_o, &buf, 0) &&
+	     rpc_hnd_pipe_req(hnd, SPOOLSS_GETPRINTERDRIVER2, &buf, &rbuf)) 
+	{
+	        ZERO_STRUCT(r_o);
+        	prs_mem_free(&buf );
+
+	        prs_switch_type(&buffer->prs, UNMARSHALL);
+        	prs_set_offset(&buffer->prs, 0);
+	        r_o.buffer=buffer;
+
+	        if(spoolss_io_r_getprinterdriver2("", &r_o, &rbuf, 0)) 
+		{
+			if (r_o.status != NT_STATUS_OK)
+			{
+				DEBUG(3,("SPOOLSS_GETPRINTERDRIVER2: %s\n", nt_errstr(r_o.status)));
+			}
+
+		        *needed=r_o.needed;
+		}
+	}
+
+        prs_mem_free(&rbuf);
+        prs_mem_free(&buf );
+
+        return r_o.status;
+}
+
+
+
+/****************************************************************************
+do a SPOOLSS Open Printer Ex
+****************************************************************************/
+BOOL spoolss_open_printer_ex(  const char *printername,
+                         const char *datatype, uint32 access_required,
+                         const char *station,  const char *username,
+                        POLICY_HND *hnd)
+{
+        prs_struct rbuf;
+        prs_struct buf;
+        SPOOL_Q_OPEN_PRINTER_EX q_o;
+        BOOL valid_pol = False;
+        fstring srv_name;
+        char *s = NULL;
+        struct cli_connection *con = NULL;
+	TALLOC_CTX *mem_ctx = NULL;
+	
+        memset(srv_name, 0, sizeof(srv_name));
+        fstrcpy(srv_name, printername);
+
+        s = strchr_m(&srv_name[2], '\\');
+	if (s != NULL)
+		*s = '\0';
+
+        if (!cli_connection_init(srv_name, PIPE_SPOOLSS, &con))
+                return False;
+
+        if (hnd == NULL) 
+		return False;
+
+	if ((mem_ctx=talloc_init()) == NULL)
+	{
+		DEBUG(0,("msrpc_spoolss_enum_jobs: talloc_init failed!\n"));
+		return False;
+	}
+        prs_init(&buf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+        prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+        /* create and send a MSRPC command with api SPOOLSS_OPENPRINTEREX */
+
+        DEBUG(5,("SPOOLSS Open Printer Ex\n"));
+
+        make_spoolss_q_open_printer_ex(&q_o, printername, datatype,
+                                       access_required, station, username);
+
+        /* turn parameters into data stream */
+        if (spoolss_io_q_open_printer_ex("", &q_o, &buf, 0) &&
+            rpc_con_pipe_req(con, SPOOLSS_OPENPRINTEREX, &buf, &rbuf))
+        {
+                SPOOL_R_OPEN_PRINTER_EX r_o;
+		BOOL p = True;
+
+                spoolss_io_r_open_printer_ex("", &r_o, &rbuf, 0);
+
+                if (prs_offset(&rbuf)!= 0 && r_o.status != 0)
+                {
+                        /* report error code */
+                        DEBUG(3,("SPOOLSS_OPENPRINTEREX: %s\n", nt_errstr(r_o.status)));
+                        p = False;
+                }
+
+                if (p)
+                {
+                        /* ok, at last: we're happy. return the policy handle */
+                        *hnd = r_o.handle;
+
+			/* associate the handle returned with the current 
+			   state of the clienjt connection */
+			valid_pol = RpcHndList_set_connection(hnd, con);
+
+                }
+        }
+
+	prs_mem_free(&rbuf);
+        prs_mem_free(&buf );
+	if (mem_ctx)
+		talloc_destroy(mem_ctx);
+
+        return valid_pol;
+}
+
+/****************************************************************************
+ do a SPOOLSS AddPrinterEx()
+ **ALWAYS** uses as PRINTER_INFO level 2 struct
+****************************************************************************/
+BOOL spoolss_addprinterex(POLICY_HND *hnd, const char* srv_name, PRINTER_INFO_2 *info2)
+{
+        prs_struct rbuf;
+        prs_struct buf;
+        SPOOL_Q_ADDPRINTEREX q_o;
+        SPOOL_R_ADDPRINTEREX r_o;
+	struct cli_connection *con = NULL;
+	TALLOC_CTX *mem_ctx = NULL;
+        fstring the_client_name;
+	BOOL valid_pol = True;
+
+
+
+        if (!cli_connection_init(srv_name, PIPE_SPOOLSS, &con))
+                return NT_STATUS_ACCESS_DENIED;
+
+        if (hnd == NULL)
+		return NT_STATUS_INVALID_PARAMETER;
+
+	if ((mem_ctx=talloc_init()) == NULL)
+	{
+		DEBUG(0,("spoolss_addprinterex: talloc_init() failed!\n"));
+		return NT_STATUS_ACCESS_DENIED;
+	}
+        prs_init(&buf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+        prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+        /* create and send a MSRPC command with api SPOOLSS_ENUMPORTS */
+        DEBUG(5,("SPOOLSS Add Printer Ex (Server: %s)\n", srv_name));
+	
+        fstrcpy(the_client_name, "\\\\");
+        fstrcat(the_client_name, con->pCli_state->desthost);
+        strupper(the_client_name);
+	
+
+        make_spoolss_q_addprinterex(mem_ctx, &q_o, srv_name, the_client_name, 
+				    /* "Administrator", */
+				    con->pCli_state->user_name,
+				    2, info2);
+
+        /* turn parameters into data stream and send the request */
+        if (spoolss_io_q_addprinterex("", &q_o, &buf, 0) &&
+	    rpc_con_pipe_req(con, SPOOLSS_ADDPRINTEREX, &buf, &rbuf)) 
+	{
+        	ZERO_STRUCT(r_o);
+
+        	if(spoolss_io_r_addprinterex("", &r_o, &rbuf, 0)) 
+		{
+			if (r_o.status != NT_STATUS_OK)
+                        {
+				/* report error code */
+                        	DEBUG(3,("SPOOLSS_ADDPRINTEREX: %s\n", nt_errstr(r_o.status)));
+                        	valid_pol = False;
+			}
+        	}
+		
+		if (valid_pol)
+		{
+                        /* ok, at last: we're happy. return the policy handle */
+                        copy_policy_hnd( hnd, &r_o.handle);
+
+			/* associate the handle returned with the current 
+			   state of the clienjt connection */
+			RpcHndList_set_connection(hnd, con);
+		}
+        }
+
+
+        prs_mem_free(&rbuf);
+        prs_mem_free(&buf );
+
+	if (mem_ctx)
+		talloc_destroy(mem_ctx);
+
+        return valid_pol;
+}
+
+/****************************************************************************
+do a SPOOL Close
+****************************************************************************/
+BOOL spoolss_closeprinter(POLICY_HND *hnd)
+{
+        prs_struct rbuf;
+        prs_struct buf;
+        SPOOL_Q_CLOSEPRINTER q_c;
+        BOOL valid_close = False;
+	TALLOC_CTX *mem_ctx = NULL;
+	
+        if (hnd == NULL) 
+		return False;
+
+        /* create and send a MSRPC command with api SPOOLSS_CLOSEPRINTER */
+	if ((mem_ctx=talloc_init()) == NULL)
+	{
+		DEBUG(0,("msrpc_spoolss_enum_jobs: talloc_init failed!\n"));
+		return False;
+	}
+        prs_init(&buf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+        prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+        DEBUG(4,("SPOOL Close Printer\n"));
+
+        /* store the parameters */
+        make_spoolss_q_closeprinter(&q_c, hnd);
+
+        /* turn parameters into data stream */
+        if (spoolss_io_q_closeprinter("", &q_c, &buf, 0) &&
+            rpc_hnd_pipe_req(hnd, SPOOLSS_CLOSEPRINTER, &buf, &rbuf))
+        {
+                SPOOL_R_CLOSEPRINTER r_c;
+
+                spoolss_io_r_closeprinter("", &r_c, &rbuf, 0);
+
+                if (prs_offset(&rbuf)!=0 && r_c.status != 0)
+                {
+                        /* report error code */
+                        DEBUG(3,("SPOOL_CLOSEPRINTER: %s\n", nt_errstr(r_c.status)));
+                }
+		else
+			valid_close = True;
+        }
+
+        prs_mem_free(&rbuf);
+        prs_mem_free(&buf );
+	if (mem_ctx)
+		talloc_destroy(mem_ctx);
+
+	/* disassociate with the cli_connection */
+        RpcHndList_del_connection(hnd);
+
+        return valid_close;
+}
+
+/****************************************************************************
+do a SPOOLSS Get printer datas
+****************************************************************************/
+uint32 spoolss_getprinterdata(const POLICY_HND *hnd, const UNISTR2 *valuename,
+                        uint32 in_size,
+                        uint32 *type,
+                        uint32 *out_size,
+                        uint8 *data,
+                        uint32 *needed)
+{
+        prs_struct rbuf;
+        prs_struct buf;
+        SPOOL_Q_GETPRINTERDATA q_o;
+        SPOOL_R_GETPRINTERDATA r_o;
+	TALLOC_CTX *mem_ctx = NULL;
+
+        if (hnd == NULL)
+                return NT_STATUS_INVALID_PARAMETER;
+
+	if ((mem_ctx=talloc_init()) == NULL)
+	{
+		DEBUG(0,("msrpc_spoolss_enum_jobs: talloc_init failed!\n"));
+		return False;
+	}
+        prs_init(&buf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+        prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+        /* create and send a MSRPC command with api SPOOLSS_GETPRINTERDATA */
+
+        DEBUG(5,("SPOOLSS Get Printer data)\n"));
+
+        make_spoolss_q_getprinterdata(&q_o, hnd,(UNISTR2 *)valuename, in_size);
+
+        /* turn parameters into data stream */
+        if (spoolss_io_q_getprinterdata("", &q_o, &buf, 0) &&
+             rpc_hnd_pipe_req(hnd, SPOOLSS_GETPRINTERDATA, &buf, &rbuf)) 
+	{
+	        ZERO_STRUCT(r_o);
+        	prs_mem_free(&buf );
+
+	        r_o.data=data;
+
+	        if(spoolss_io_r_getprinterdata("", &r_o, &rbuf, 0)) 
+		{
+			if (r_o.status != NT_STATUS_OK)
+			{
+				DEBUG(3,("SPOOLSS_GETPRINTERDATA: %s\n", nt_errstr(r_o.status)));
+			}
+
+		        *type=r_o.type;
+        		*out_size=r_o.size;
+	        	*needed=r_o.needed;
+		}
+	}
+
+        prs_mem_free(&rbuf);
+        prs_mem_free(&buf );
+
+        return r_o.status;
+}
+
+/****************************************************************************
+do a SPOOLSS Get Printer Driver Direcotry
+****************************************************************************/
+uint32 spoolss_getprinterdriverdir(fstring srv_name, fstring env_name, uint32 level,
+                             NEW_BUFFER *buffer, uint32 offered,
+                             uint32 *needed)
+{
+        prs_struct rbuf;
+        prs_struct buf;
+        SPOOL_Q_GETPRINTERDRIVERDIR q_o;
+        SPOOL_R_GETPRINTERDRIVERDIR r_o;
+	TALLOC_CTX *ctx = prs_get_mem_context(&buffer->prs);
+
+        struct cli_connection *con = NULL;
+
+        if (!cli_connection_init(srv_name, PIPE_SPOOLSS, &con))
+                return False;
+
+        prs_init(&buf, MAX_PDU_FRAG_LEN, ctx, MARSHALL);
+        prs_init(&rbuf, 0, ctx, UNMARSHALL);
+
+        /* create and send a MSRPC command with api SPOOLSS_ENUM_PRINTERS */
+
+        DEBUG(5,("SPOOLSS GetPrinterDriverDir (Server: %s Env: %s level: %d)\n", 
+		  srv_name, env_name, level));
+
+        make_spoolss_q_getprinterdriverdir(&q_o, srv_name, env_name, level, 
+					   buffer, offered);
+
+        /* turn parameters into data stream */
+        if (spoolss_io_q_getprinterdriverdir("", &q_o, &buf, 0) &&
+             rpc_con_pipe_req(con, SPOOLSS_GETPRINTERDRIVERDIRECTORY, &buf, &rbuf)) 
+	{
+	        prs_mem_free(&buf );
+        	ZERO_STRUCT(r_o);
+
+	        prs_switch_type(&buffer->prs, UNMARSHALL);
+        	prs_set_offset(&buffer->prs, 0);
+	        r_o.buffer=buffer;
+
+        	if(spoolss_io_r_getprinterdriverdir("", &r_o, &rbuf, 0)) 
+		{
+			if (r_o.status != NT_STATUS_OK)
+			{
+				DEBUG(3,("SPOOLSS_GETPRINTERDRIVERDIRECTORY: %s\n", nt_errstr(r_o.status)));
+			}
+
+		        *needed=r_o.needed;
+		}
+	}
+
+        prs_mem_free(&rbuf);
+        prs_mem_free(&buf );
+
+        cli_connection_unlink(con);
+
+        return r_o.status;
+}
+
+/******************************************************************************
+ AddPrinterDriver()
+ *****************************************************************************/
+uint32 spoolss_addprinterdriver(const char *srv_name, uint32 level, PRINTER_DRIVER_CTR *info)
+{
+        prs_struct 			rbuf;
+        prs_struct 			buf;
+        SPOOL_Q_ADDPRINTERDRIVER 	q_o;
+        SPOOL_R_ADDPRINTERDRIVER 	r_o;
+	TALLOC_CTX 			*mem_ctx = NULL;
+	struct cli_connection 		*con = NULL;
+	
+        if (!cli_connection_init(srv_name, PIPE_SPOOLSS, &con))
+                return False;
+
+	if ((mem_ctx=talloc_init()) == NULL)
+	{
+		DEBUG(0,("msrpc_spoolss_enum_jobs: talloc_init failed!\n"));
+		return False;
+	}
+        prs_init(&buf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+        prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+	
+	/* make the ADDPRINTERDRIVER PDU */
+	make_spoolss_q_addprinterdriver(mem_ctx, &q_o, srv_name, level, info);
+
+	/* turn the data into an io stream */
+        if (spoolss_io_q_addprinterdriver("", &q_o, &buf, 0) &&
+	    rpc_con_pipe_req(con, SPOOLSS_ADDPRINTERDRIVER, &buf, &rbuf)) 
+	{
+        	ZERO_STRUCT(r_o);
+
+        	if(spoolss_io_r_addprinterdriver("", &r_o, &rbuf, 0)) 
+		{
+			if (r_o.status != NT_STATUS_OK)
+			{
+                        	/* report error code */
+                        	DEBUG(3,("SPOOLSS_ADDPRINTERDRIVER: %s\n", nt_errstr(r_o.status)));
+			}
+		}
+        }
+
+
+        prs_mem_free(&rbuf);
+        prs_mem_free(&buf );
+
+	if (mem_ctx)
+		talloc_destroy(mem_ctx);
+		
+	return r_o.status;
+
+}
diff --git a/source3/rpc_client/cli_spoolss_notify.c b/source3/rpc_client/cli_spoolss_notify.c
new file mode 100644
index 0000000000..320708736e
--- /dev/null
+++ b/source3/rpc_client/cli_spoolss_notify.c
@@ -0,0 +1,447 @@
+/*
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell              1992-2000,
+ *  Copyright (C) Jean Francois Micouleau      1998-2000,
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+#if 0
+#include "rpc_parse.h"
+#include "nterr.h"
+#endif
+extern pstring global_myname;
+
+struct msg_info_table {
+	uint32 msg;
+	uint32 field;
+	char*  name;
+	void (*construct_fn) (int snum, SPOOL_NOTIFY_INFO_DATA *data,
+		print_queue_struct *queue,
+		NT_PRINTER_INFO_LEVEL *printer, TALLOC_CTX *mem_ctx);
+};
+
+struct msg_info_table msg_table[] = {
+{ PRINTER_MESSAGE_DRIVER,      PRINTER_NOTIFY_DRIVER_NAME,    "PRINTER_MESSAGE_DRIVER",      spoolss_notify_driver_name  },
+{ PRINTER_MESSAGE_ATTRIBUTES,  PRINTER_NOTIFY_ATTRIBUTES,     "PRINTER_MESSAGE_ATTRIBUTES",  spoolss_notify_attributes   },
+{ PRINTER_MESSAGE_COMMENT,     PRINTER_NOTIFY_COMMENT,        "PRINTER_MESSAGE_COMMENT",     spoolss_notify_comment      },
+{ PRINTER_MESSAGE_LOCATION,    PRINTER_NOTIFY_LOCATION,       "PRINTER_MESSAGE_LOCATION",    spoolss_notify_location     },
+{ PRINTER_MESSAGE_PRINTERNAME, PRINTER_NOTIFY_PRINTER_NAME,   "PRINTER_MESSAGE_PRINTERNAME", spoolss_notify_printer_name },
+{ PRINTER_MESSAGE_SHARENAME,   PRINTER_NOTIFY_SHARE_NAME,     "PRINTER_MESSAGE_SHARENAME",   spoolss_notify_share_name   },
+{ PRINTER_MESSAGE_PORT,        PRINTER_NOTIFY_PORT_NAME,      "PRINTER_MESSAGE_PORT",        spoolss_notify_port_name    },
+{ PRINTER_MESSAGE_CJOBS,       PRINTER_NOTIFY_CJOBS,          "PRINTER_MESSAGE_CJOBS",       spoolss_notify_cjobs        },
+{ PRINTER_MESSAGE_SEPFILE,     PRINTER_NOTIFY_SEPFILE,        "PRINTER_MESSAGE_SEPFILE",     spoolss_notify_sepfile      },
+{ PRINTER_MESSAGE_PARAMS,      PRINTER_NOTIFY_PARAMETERS,     "PRINTER_MESSAGE_PARAMETERS",  spoolss_notify_parameters   },
+{ PRINTER_MESSAGE_DATATYPE,    PRINTER_NOTIFY_DATATYPE,       "PRINTER_MESSAGE_DATATYPE",    spoolss_notify_datatype     },
+{ PRINTER_MESSAGE_NULL,        0x0,                           "",                            NULL                        },
+};
+
+/*********************************************************
+ Disconnect from the client machine.
+**********************************************************/
+BOOL spoolss_disconnect_from_client( struct cli_state *cli)
+{
+	cli_nt_session_close(cli);
+	cli_ulogoff(cli);
+	cli_shutdown(cli);
+
+	return True;
+}
+
+
+/*********************************************************
+ Connect to the client machine.
+**********************************************************/
+
+BOOL spoolss_connect_to_client( struct cli_state *cli, char *remote_machine)
+{
+	ZERO_STRUCTP(cli);
+	if(cli_initialise(cli) == NULL) {
+		DEBUG(0,("connect_to_client: unable to initialize client connection.\n"));
+		return False;
+	}
+
+	if(!resolve_name( remote_machine, &cli->dest_ip, 0x20)) {
+		DEBUG(0,("connect_to_client: Can't resolve address for %s\n", remote_machine));
+		cli_shutdown(cli);
+	return False;
+	}
+
+	if (ismyip(cli->dest_ip)) {
+		DEBUG(0,("connect_to_client: Machine %s is one of our addresses. Cannot add to ourselves.\n", remote_machine));
+		cli_shutdown(cli);
+		return False;
+	}
+
+	if (!cli_connect(cli, remote_machine, &cli->dest_ip)) {
+		DEBUG(0,("connect_to_client: unable to connect to SMB server on machine %s. Error was : %s.\n", remote_machine, cli_errstr(cli) ));
+		cli_shutdown(cli);
+		return False;
+	}
+  
+	if (!attempt_netbios_session_request(cli, global_myname, remote_machine, &cli->dest_ip)) {
+		DEBUG(0,("connect_to_client: machine %s rejected the NetBIOS session request.\n", 
+			remote_machine));
+		return False;
+	}
+
+	cli->protocol = PROTOCOL_NT1;
+    
+	if (!cli_negprot(cli)) {
+		DEBUG(0,("connect_to_client: machine %s rejected the negotiate protocol. Error was : %s.\n", remote_machine, cli_errstr(cli) ));
+		cli_shutdown(cli);
+		return False;
+	}
+
+	if (cli->protocol != PROTOCOL_NT1) {
+		DEBUG(0,("connect_to_client: machine %s didn't negotiate NT protocol.\n", remote_machine));
+		cli_shutdown(cli);
+		return False;
+	}
+    
+	/*
+	 * Do an anonymous session setup.
+	 */
+    
+	if (!cli_session_setup(cli, "", "", 0, "", 0, "")) {
+		DEBUG(0,("connect_to_client: machine %s rejected the session setup. Error was : %s.\n", remote_machine, cli_errstr(cli) ));
+		cli_shutdown(cli);
+		return False;
+	}
+    
+	if (!(cli->sec_mode & 1)) {
+		DEBUG(0,("connect_to_client: machine %s isn't in user level security mode\n", remote_machine));
+		cli_shutdown(cli);
+		return False;
+	}
+    
+	if (!cli_send_tconX(cli, "IPC$", "IPC", "", 1)) {
+		DEBUG(0,("connect_to_client: machine %s rejected the tconX on the IPC$ share. Error was : %s.\n", remote_machine, cli_errstr(cli) ));
+		cli_shutdown(cli);
+		return False;
+	}
+
+	/*
+	 * Ok - we have an anonymous connection to the IPC$ share.
+	 * Now start the NT Domain stuff :-).
+	 */
+
+	if(cli_nt_session_open(cli, PIPE_SPOOLSS) == False) {
+		DEBUG(0,("connect_to_client: unable to open the domain client session to machine %s. Error was : %s.\n", remote_machine, cli_errstr(cli)));
+		cli_nt_session_close(cli);
+		cli_ulogoff(cli);
+		cli_shutdown(cli);
+		return False;
+	} 
+
+	return True;
+}
+
+/*
+ * SPOOLSS Client RPC's used by servers as the notification
+ * back channel
+ */
+
+/***************************************************************************
+ do a reply open printer
+****************************************************************************/
+
+WERROR cli_spoolss_reply_open_printer(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+				char *printer, uint32 localprinter, uint32 type, 
+				POLICY_HND *handle)
+{
+	WERROR result = W_ERROR(ERRgeneral);
+	
+	prs_struct rbuf;
+	prs_struct buf; 
+
+	SPOOL_Q_REPLYOPENPRINTER q_s;
+	SPOOL_R_REPLYOPENPRINTER r_s;
+
+	prs_init(&buf, 1024, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL );
+
+	/* create and send a MSRPC command with api SPOOLSS_REPLYOPENPRINTER */
+	
+	/* store the parameters */
+	make_spoolss_q_replyopenprinter(&q_s, printer, localprinter, type);
+
+	/* turn parameters into data stream */
+	if(!spoolss_io_q_replyopenprinter("", &q_s,  &buf, 0)) {
+		DEBUG(0,("cli_spoolss_reply_open_printer: Error : failed to marshall SPOOL_Q_REPLYOPENPRINTER struct.\n"));
+		goto done;
+	}
+
+	/* send the data on \PIPE\ */
+	if (!rpc_api_pipe_req(cli, SPOOLSS_REPLYOPENPRINTER, &buf, &rbuf)) 
+		goto done;
+
+	/* turn data stream into parameters*/
+	if(!spoolss_io_r_replyopenprinter("", &r_s, &rbuf, 0)) {
+		DEBUG(0,("cli_spoolss_reply_open_printer: Error : failed to unmarshall SPOOL_R_REPLYOPENPRINTER struct.\n"));
+		goto done;
+	}
+	
+	memcpy(handle, &r_s.handle, sizeof(r_s.handle));
+	result = r_s.status;
+
+done:
+	prs_mem_free(&buf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/***************************************************************************
+ do a reply open printer
+****************************************************************************/
+
+WERROR cli_spoolss_reply_close_printer(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+					POLICY_HND *handle)
+{
+	WERROR result = W_ERROR(ERRgeneral);
+	prs_struct rbuf;
+	prs_struct buf; 
+
+	SPOOL_Q_REPLYCLOSEPRINTER q_s;
+	SPOOL_R_REPLYCLOSEPRINTER r_s;
+
+	prs_init(&buf, 1024, cli->mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL );
+
+	/* create and send a MSRPC command with api  */
+	
+	/* store the parameters */
+	make_spoolss_q_reply_closeprinter(&q_s, handle);
+
+	/* turn parameters into data stream */
+	if(!spoolss_io_q_replycloseprinter("", &q_s,  &buf, 0)) {
+		DEBUG(0,("cli_spoolss_reply_close_printer: Error : failed to marshall SPOOL_Q_REPLY_CLOSEPRINTER struct.\n"));
+		goto done;
+	}
+
+	/* send the data on \PIPE\ */
+	if (!rpc_api_pipe_req(cli, SPOOLSS_REPLYCLOSEPRINTER, &buf, &rbuf))
+		goto done;
+
+	/* turn data stream into parameters*/
+	if(!spoolss_io_r_replycloseprinter("", &r_s, &rbuf, 0)) {
+		DEBUG(0,("cli_spoolss_reply_close_printer: Error : failed to marshall SPOOL_R_REPLY_CLOSEPRINTER struct.\n"));
+		goto done;
+	}
+	
+
+	result = r_s.status;
+	
+done:
+		prs_mem_free(&buf);
+		prs_mem_free(&rbuf);
+
+	return result;
+}
+
+ 
+/*********************************************************************
+ This SPOOLSS_ROUTERREPLYPRINTER function is used to send a change 
+ notification event when the registration **did not** use 
+ SPOOL_NOTIFY_OPTION_TYPE structure to specify the events to monitor.
+ Also see cli_spolss_reply_rrpcn()
+ *********************************************************************/
+ 
+WERROR cli_spoolss_routerreplyprinter (struct cli_state *cli, TALLOC_CTX *mem_ctx,
+					POLICY_HND *pol, uint32 condition, uint32 changd_id)
+{
+	prs_struct qbuf, rbuf;
+	SPOOL_Q_ROUTERREPLYPRINTER q;
+        SPOOL_R_ROUTERREPLYPRINTER r;
+	WERROR result = W_ERROR(ERRgeneral);
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+
+	/* Initialise input parameters */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+
+	/* write the request */
+	make_spoolss_q_routerreplyprinter(&q, pol, condition, changd_id);
+
+	/* Marshall data and send request */
+	if (!spoolss_io_q_routerreplyprinter ("", &q, &qbuf, 0)) {
+		DEBUG(0,("cli_spoolss_routerreplyprinter: Unable to marshall SPOOL_Q_ROUTERREPLYPRINTER!\n"));
+		goto done;
+	}
+		
+		
+	if (!rpc_api_pipe_req (cli, SPOOLSS_ROUTERREPLYPRINTER, &qbuf, &rbuf)) 
+		goto done;
+
+	/* Unmarshall response */
+	if (!spoolss_io_r_routerreplyprinter ("", &r, &rbuf, 0)) {
+		DEBUG(0,("cli_spoolss_routerreplyprinter: Unable to unmarshall SPOOL_R_ROUTERREPLYPRINTER!\n"));
+		goto done;
+	}
+
+	/* Return output parameters */
+	result = r.status;
+	
+done:
+	prs_mem_free(&qbuf);
+		prs_mem_free(&rbuf);
+
+	return result;	
+}
+
+
+/**********************************************************************************
+ Build the SPOOL_NOTIFY_INFO_DATA entries based upon the flags which have been set
+ *********************************************************************************/
+
+static int build_notify_data (TALLOC_CTX *ctx, NT_PRINTER_INFO_LEVEL *printer, uint32 flags, 
+			SPOOL_NOTIFY_INFO_DATA **notify_data)
+{
+	SPOOL_NOTIFY_INFO_DATA *data;
+	uint32 idx = 0;
+	int i = 0;
+	
+	while ((msg_table[i].msg != PRINTER_MESSAGE_NULL) && flags)
+	{
+		if (flags & msg_table[i].msg) 
+		{
+			DEBUG(10,("build_notify_data: %s set on [%s][%d]\n", msg_table[i].name,
+				printer->info_2->printername, idx));
+			if ((data=Realloc(*notify_data, (idx+1)*sizeof(SPOOL_NOTIFY_INFO_DATA))) == NULL) {
+				DEBUG(0,("build_notify_data: Realloc() failed with size [%d]!\n",
+					(idx+1)*sizeof(SPOOL_NOTIFY_INFO_DATA)));
+				return -1;
+	}
+			*notify_data = data;
+
+			/* clear memory */
+			memset(*notify_data+idx, 0x0, sizeof(SPOOL_NOTIFY_INFO_DATA));
+	
+			/*
+			 * 'id' (last param here) is undefined when type == PRINTER_NOTIFY_TYPE
+			 * See PRINTER_NOTIFY_INFO_DATA entries in MSDN
+			 * --jerry
+			 */
+			construct_info_data(*notify_data+idx, PRINTER_NOTIFY_TYPE, msg_table[i].field, 0x00);
+
+			msg_table[i].construct_fn(-1, *notify_data+idx, NULL, printer, ctx);
+			idx++;
+		}
+
+		i++;
+	}
+	
+	return idx;
+}
+
+/*********************************************************************
+ This SPOOLSS_ROUTERREPLYPRINTER function is used to send a change 
+ notification event when the registration **did** use 
+ SPOOL_NOTIFY_OPTION_TYPE structure to specify the events to monitor
+ Also see cli_spoolss_routereplyprinter()
+ *********************************************************************/
+
+WERROR cli_spoolss_reply_rrpcn(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+					POLICY_HND *handle, PRINTER_MESSAGE_INFO *info,
+					NT_PRINTER_INFO_LEVEL *printer)
+{
+	prs_struct rbuf;
+	prs_struct buf; 
+
+	SPOOL_NOTIFY_INFO 	notify_info;
+	SPOOL_NOTIFY_INFO_DATA	*notify_data = NULL;
+	uint32 			data_len;
+
+	WERROR result = W_ERROR(ERRgeneral);
+
+	SPOOL_Q_REPLY_RRPCN q_s;
+	SPOOL_R_REPLY_RRPCN r_s;
+
+	if (!info) {
+		DEBUG(5,("cli_spoolss_reply_rrpcn: NULL printer message info pointer!\n"));
+		goto done;
+	}
+		
+	prs_init(&buf, 1024, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0,   mem_ctx, UNMARSHALL );
+
+	ZERO_STRUCT(notify_info);
+
+/*
+	 * See comments in _spoolss_setprinter() about PRINTER_CHANGE_XXX
+	 * events.  --jerry
+*/
+	DEBUG(10,("cli_spoolss_reply_rrpcn: PRINTER_MESSAGE flags = 0x%8x\n", info->flags));
+
+	data_len = build_notify_data(mem_ctx, printer, info->flags, &notify_data);
+	if (info->flags && (data_len == -1)) {
+		DEBUG(0,("cli_spoolss_reply_rrpcn: Failed to build SPOOL_NOTIFY_INFO_DATA [flags == 0x%x] for printer [%s]\n",
+			info->flags, info->printer_name));
+		result = WERR_NOMEM;
+		goto done;
+	}
+	notify_info.version = 0x2;
+	notify_info.flags   = 0x00020000;	/* ?? */
+	notify_info.count   = data_len;
+	notify_info.data    = notify_data;
+
+	/* create and send a MSRPC command with api  */
+	/* store the parameters */
+
+	make_spoolss_q_reply_rrpcn(&q_s, handle, info->low, info->high, &notify_info);
+
+	/* turn parameters into data stream */
+	if(!spoolss_io_q_reply_rrpcn("", &q_s,  &buf, 0)) {
+		DEBUG(0,("cli_spoolss_reply_rrpcn: Error : failed to marshall SPOOL_Q_REPLY_RRPCN struct.\n"));
+		goto done;
+	}
+
+	/* send the data on \PIPE\ */
+	if (!rpc_api_pipe_req(cli, SPOOLSS_RRPCN, &buf, &rbuf)) 
+		goto done;
+
+	
+	/* turn data stream into parameters*/
+	if(!spoolss_io_r_reply_rrpcn("", &r_s, &rbuf, 0)) {
+		DEBUG(0,("cli_spoolss_reply_rrpcn: Error : failed to unmarshall SPOOL_R_REPLY_RRPCN struct.\n"));
+		goto done;
+	}
+
+	if (r_s.unknown0 == 0x00080000) {
+		DEBUG(8,("cli_spoolss_reply_rrpcn: I think the spooler resonded that the notification was ignored.\n"));
+	}
+	
+	result = r_s.status;
+
+done:
+	prs_mem_free(&buf);
+	prs_mem_free(&rbuf);
+	/*
+	 * The memory allocated in this array is talloc'd so we only need
+	 * free the array here. JRA.
+	 */
+	SAFE_FREE(notify_data);
+
+	return result;
+}
+
diff --git a/source3/rpc_client/cli_srvsvc.c b/source3/rpc_client/cli_srvsvc.c
new file mode 100644
index 0000000000..024e711789
--- /dev/null
+++ b/source3/rpc_client/cli_srvsvc.c
@@ -0,0 +1,400 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell              1992-1997,
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
+ *  Copyright (C) Paul Ashton                       1997.
+ *  Copyright (C) Jeremy Allison                    1999.
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+/****************************************************************************
+do a server net conn enum
+****************************************************************************/
+BOOL do_srv_net_srv_conn_enum(struct cli_state *cli,
+			char *server_name, char *qual_name,
+			uint32 switch_value, SRV_CONN_INFO_CTR *ctr,
+			uint32 preferred_len,
+			ENUM_HND *hnd)
+{
+	prs_struct data; 
+	prs_struct rdata;
+	SRV_Q_NET_CONN_ENUM q_o;
+	SRV_R_NET_CONN_ENUM r_o;
+
+	if (server_name == NULL || ctr == NULL || preferred_len == 0)
+		return False;
+
+	prs_init(&data, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
+	prs_init(&rdata, 0, cli->mem_ctx, UNMARSHALL);
+
+	/* create and send a MSRPC command with api SRV_NETCONNENUM */
+
+	DEBUG(4,("SRV Net Server Connection Enum(%s, %s), level %d, enum:%8x\n",
+				server_name, qual_name, switch_value, get_enum_hnd(hnd)));
+				
+	ctr->switch_value = switch_value;
+	ctr->ptr_conn_ctr = 1;
+	ctr->conn.info0.num_entries_read = 0;
+	ctr->conn.info0.ptr_conn_info    = 1;
+
+	/* store the parameters */
+	init_srv_q_net_conn_enum(&q_o, server_name, qual_name,
+	                         switch_value, ctr,
+	                         preferred_len,
+	                         hnd);
+
+	/* turn parameters into data stream */
+	if(!srv_io_q_net_conn_enum("", &q_o, &data, 0)) {
+		prs_mem_free(&data);
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	/* send the data on \PIPE\ */
+	if(!rpc_api_pipe_req(cli, SRV_NETCONNENUM, &data, &rdata)) {
+		prs_mem_free(&data);
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	prs_mem_free(&data);
+
+	r_o.ctr = ctr;
+
+	if(!srv_io_r_net_conn_enum("", &r_o, &rdata, 0)) {
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	if (r_o.status != 0) {
+		/* report error code */
+		DEBUG(0,("SRV_R_NET_SRV_CONN_ENUM: %s\n", nt_errstr(r_o.status)));
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	if (r_o.ctr->switch_value != switch_value) {
+		/* different switch levels.  oops. */
+		DEBUG(0,("SRV_R_NET_SRV_CONN_ENUM: info class %d does not match request %d\n",
+			r_o.ctr->switch_value, switch_value));
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	prs_mem_free(&rdata);
+	
+	return True;
+}
+
+/****************************************************************************
+do a server net sess enum
+****************************************************************************/
+
+BOOL do_srv_net_srv_sess_enum(struct cli_state *cli,
+			char *server_name, char *qual_name,
+			uint32 switch_value, SRV_SESS_INFO_CTR *ctr,
+			uint32 preferred_len,
+			ENUM_HND *hnd)
+{
+	prs_struct data; 
+	prs_struct rdata;
+	SRV_Q_NET_SESS_ENUM q_o;
+	SRV_R_NET_SESS_ENUM r_o;
+
+	if (server_name == NULL || ctr == NULL || preferred_len == 0)
+		return False;
+
+	prs_init(&data, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
+	prs_init(&rdata, 0, cli->mem_ctx, UNMARSHALL);
+
+	/* create and send a MSRPC command with api SRV_NETSESSENUM */
+
+	DEBUG(4,("SRV Net Session Enum (%s), level %d, enum:%8x\n",
+				server_name, switch_value, get_enum_hnd(hnd)));
+				
+	ctr->switch_value = switch_value;
+	ctr->ptr_sess_ctr = 1;
+	ctr->sess.info0.num_entries_read = 0;
+	ctr->sess.info0.ptr_sess_info    = 1;
+
+	/* store the parameters */
+	init_srv_q_net_sess_enum(&q_o, server_name, qual_name,
+	                         switch_value, ctr,
+	                         preferred_len,
+	                         hnd);
+
+	/* turn parameters into data stream */
+	if(!srv_io_q_net_sess_enum("", &q_o, &data, 0)) {
+		prs_mem_free(&data);
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	/* send the data on \PIPE\ */
+	if (!rpc_api_pipe_req(cli, SRV_NETSESSENUM, &data, &rdata)) {
+		prs_mem_free(&data);
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	prs_mem_free(&data);
+
+	r_o.ctr = ctr;
+
+	if(!srv_io_r_net_sess_enum("", &r_o, &rdata, 0)) {
+		prs_mem_free(&rdata);
+		return False;
+	}
+		
+	if (r_o.status != 0) {
+		/* report error code */
+		DEBUG(0,("SRV_R_NET_SRV_SESS_ENUM: %s\n", nt_errstr(r_o.status)));
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	if (r_o.ctr->switch_value != switch_value) {
+		/* different switch levels.  oops. */
+		DEBUG(0,("SRV_R_NET_SRV_SESS_ENUM: info class %d does not match request %d\n",
+			r_o.ctr->switch_value, switch_value));
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	prs_mem_free(&rdata);
+	
+	return True;
+}
+
+/****************************************************************************
+do a server net share enum
+****************************************************************************/
+BOOL do_srv_net_srv_share_enum(struct cli_state *cli,
+			char *server_name, 
+			uint32 switch_value, SRV_R_NET_SHARE_ENUM *r_o,
+			uint32 preferred_len, ENUM_HND *hnd)
+{
+	prs_struct data; 
+	prs_struct rdata;
+	SRV_Q_NET_SHARE_ENUM q_o;
+
+	if (server_name == NULL || preferred_len == 0)
+		return False;
+
+	prs_init(&data, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
+	prs_init(&rdata, 0, cli->mem_ctx, UNMARSHALL);
+
+	/* create and send a MSRPC command with api SRV_NETSHAREENUM */
+
+	DEBUG(4,("SRV Get Share Info (%s), level %d, enum:%8x\n",
+				server_name, switch_value, get_enum_hnd(hnd)));
+				
+	/* store the parameters */
+	init_srv_q_net_share_enum(&q_o, server_name, switch_value,
+				  preferred_len, hnd);
+
+	/* turn parameters into data stream */
+	if(!srv_io_q_net_share_enum("", &q_o, &data, 0)) {
+		prs_mem_free(&data);
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	/* send the data on \PIPE\ */
+	if (!rpc_api_pipe_req(cli, SRV_NETSHAREENUM, &data, &rdata)) {
+		prs_mem_free(&data);
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	prs_mem_free(&data);
+
+	if(!srv_io_r_net_share_enum("", r_o, &rdata, 0)) {
+		prs_mem_free(&rdata);
+		return False;
+	}
+		
+	if (r_o->status != 0) {
+		/* report error code */
+		DEBUG(0,("SRV_R_NET_SHARE_ENUM: %s\n", nt_errstr(r_o->status)));
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	if (r_o->ctr.switch_value != switch_value) {
+		/* different switch levels.  oops. */
+		DEBUG(0,("SRV_R_NET_SHARE_ENUM: info class %d does not match request %d\n",
+			r_o->ctr.switch_value, switch_value));
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	prs_mem_free(&rdata);
+	
+	return True;
+}
+
+/****************************************************************************
+do a server net file enum
+****************************************************************************/
+
+BOOL do_srv_net_srv_file_enum(struct cli_state *cli,
+			char *server_name, char *qual_name,
+			uint32 switch_value, SRV_FILE_INFO_CTR *ctr,
+			uint32 preferred_len,
+			ENUM_HND *hnd)
+{
+	prs_struct data; 
+	prs_struct rdata;
+	SRV_Q_NET_FILE_ENUM q_o;
+	SRV_R_NET_FILE_ENUM r_o;
+
+	if (server_name == NULL || ctr == NULL || preferred_len == 0)
+		return False;
+
+	prs_init(&data, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
+	prs_init(&rdata, 0, cli->mem_ctx, UNMARSHALL);
+
+	/* create and send a MSRPC command with api SRV_NETFILEENUM */
+
+	DEBUG(4,("SRV Get File Info (%s), level %d, enum:%8x\n",
+				server_name, switch_value, get_enum_hnd(hnd)));
+				
+	q_o.file_level = switch_value;
+
+	ctr->switch_value = switch_value;
+	ctr->ptr_file_ctr = 1;
+	ctr->file.info3.num_entries_read = 0;
+	ctr->file.info3.ptr_file_info    = 1;
+
+	/* store the parameters */
+	init_srv_q_net_file_enum(&q_o, server_name, qual_name,
+	                         switch_value, ctr,
+	                         preferred_len,
+	                         hnd);
+
+	/* turn parameters into data stream */
+	if(!srv_io_q_net_file_enum("", &q_o, &data, 0)) {
+		prs_mem_free(&data);
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	/* send the data on \PIPE\ */
+	if (!rpc_api_pipe_req(cli, SRV_NETFILEENUM, &data, &rdata)) {
+		prs_mem_free(&data);
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	prs_mem_free(&data);
+
+	r_o.ctr = ctr;
+
+	if(!srv_io_r_net_file_enum("", &r_o, &rdata, 0)) {
+		prs_mem_free(&rdata);
+		return False;
+	}
+		
+	if (r_o.status != 0) {
+		/* report error code */
+		DEBUG(0,("SRV_R_NET_FILE_ENUM: %s\n", nt_errstr(r_o.status)));
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	if (r_o.ctr->switch_value != switch_value) {
+		/* different switch levels.  oops. */
+		DEBUG(0,("SRV_R_NET_FILE_ENUM: info class %d does not match request %d\n",
+			r_o.ctr->switch_value, switch_value));
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	prs_mem_free(&rdata);
+	
+	return True;
+}
+
+/****************************************************************************
+do a server get info 
+****************************************************************************/
+BOOL do_srv_net_srv_get_info(struct cli_state *cli,
+			char *server_name, uint32 switch_value, SRV_INFO_CTR *ctr)
+{
+	prs_struct data; 
+	prs_struct rdata;
+	SRV_Q_NET_SRV_GET_INFO q_o;
+	SRV_R_NET_SRV_GET_INFO r_o;
+
+	if (server_name == NULL || switch_value == 0 || ctr == NULL)
+		return False;
+
+	prs_init(&data, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
+	prs_init(&rdata, 0, cli->mem_ctx, UNMARSHALL);
+
+	/* create and send a MSRPC command with api SRV_NET_SRV_GET_INFO */
+
+	DEBUG(4,("SRV Get Server Info (%s), level %d\n", server_name, switch_value));
+
+	/* store the parameters */
+	init_srv_q_net_srv_get_info(&q_o, server_name, switch_value);
+
+	/* turn parameters into data stream */
+	if(!srv_io_q_net_srv_get_info("", &q_o, &data, 0)) {
+		prs_mem_free(&data);
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	/* send the data on \PIPE\ */
+	if (!rpc_api_pipe_req(cli, SRV_NET_SRV_GET_INFO, &data, &rdata)) {
+		prs_mem_free(&data);
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	prs_mem_free(&data);
+
+	r_o.ctr = ctr;
+
+	if(!srv_io_r_net_srv_get_info("", &r_o, &rdata, 0)) {
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	if (r_o.status != 0) {
+		/* report error code */
+		DEBUG(0,("SRV_R_NET_SRV_GET_INFO: %s\n", nt_errstr(r_o.status)));
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	if (r_o.ctr->switch_value != q_o.switch_value) {
+		/* different switch levels.  oops. */
+		DEBUG(0,("SRV_R_NET_SRV_GET_INFO: info class %d does not match request %d\n",
+			r_o.ctr->switch_value, q_o.switch_value));
+		prs_mem_free(&rdata);
+		return False;
+	}
+
+	prs_mem_free(&rdata);
+	
+	return True;
+}
diff --git a/source3/rpc_client/cli_wkssvc.c b/source3/rpc_client/cli_wkssvc.c
new file mode 100644
index 0000000000..788d60c56e
--- /dev/null
+++ b/source3/rpc_client/cli_wkssvc.c
@@ -0,0 +1,84 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell              1992-1997,
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
+ *  Copyright (C) Paul Ashton                       1997.
+ *  Copyright (C) Jeremy Allison                    1999.
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+/****************************************************************************
+do a WKS Open Policy
+****************************************************************************/
+BOOL do_wks_query_info(struct cli_state *cli, 
+			char *server_name, uint32 switch_value,
+			WKS_INFO_100 *wks100)
+{
+	prs_struct rbuf;
+	prs_struct buf; 
+	WKS_Q_QUERY_INFO q_o;
+	WKS_R_QUERY_INFO r_o;
+
+	if (server_name == 0 || wks100 == NULL)
+		return False;
+
+	prs_init(&buf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL );
+
+	/* create and send a MSRPC command with api WKS_QUERY_INFO */
+
+	DEBUG(4,("WKS Query Info\n"));
+
+	/* store the parameters */
+	init_wks_q_query_info(&q_o, server_name, switch_value);
+
+	/* turn parameters into data stream */
+	if(!wks_io_q_query_info("", &q_o, &buf, 0)) {
+		prs_mem_free(&buf);
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	/* send the data on \PIPE\ */
+	if (!rpc_api_pipe_req(cli, WKS_QUERY_INFO, &buf, &rbuf)) {
+		prs_mem_free(&buf);
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	prs_mem_free(&buf);
+
+	r_o.wks100 = wks100;
+
+	if(!wks_io_r_query_info("", &r_o, &rbuf, 0)) {
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	if (r_o.status != 0) {
+		/* report error code */
+		DEBUG(0,("WKS_R_QUERY_INFO: %s\n", nt_errstr(r_o.status)));
+		prs_mem_free(&rbuf);
+		return False;
+	}
+
+	prs_mem_free(&rbuf);
+
+	return True;
+}
diff --git a/source3/rpc_client/msrpc_spoolss.c b/source3/rpc_client/msrpc_spoolss.c
new file mode 100644
index 0000000000..2267190d8e
--- /dev/null
+++ b/source3/rpc_client/msrpc_spoolss.c
@@ -0,0 +1,809 @@
+/* 
+   Unix SMB/CIFS implementation.
+   NT Domain Authentication SMB / MSRPC client
+   Copyright (C) Andrew Tridgell              1994-2000
+   Copyright (C) Luke Kenneth Casson Leighton 1996-2000
+   Copyright (C) Jean-Francois Micouleau      1999-2000
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "nterr.h"
+#include "rpc_parse.h"
+#include "rpcclient.h"
+
+#define DEBUG_TESTING
+
+extern FILE* out_hnd;
+
+extern struct user_creds *usr_creds;
+
+/********************************************************************
+initialize a spoolss NEW_BUFFER.
+********************************************************************/
+void init_buffer(NEW_BUFFER *buffer, uint32 size, TALLOC_CTX *ctx)
+{
+	buffer->ptr = (size!=0)? 1:0;
+	buffer->size=size;
+	buffer->string_at_end=size;
+	prs_init(&buffer->prs, size, ctx, MARSHALL);
+	buffer->struct_start = prs_offset(&buffer->prs);
+}
+
+static void decode_printer_info_0(NEW_BUFFER *buffer, uint32 returned, 
+				  PRINTER_INFO_0 **info)
+{
+        uint32 i;
+        PRINTER_INFO_0  *inf;
+
+        inf=(PRINTER_INFO_0 *)malloc(returned*sizeof(PRINTER_INFO_0));
+
+        buffer->prs.data_offset=0;
+
+        for (i=0; i<returned; i++) {
+                new_smb_io_printer_info_0("", buffer, &(inf[i]), 0);
+        }
+
+        *info=inf;
+}
+
+static void decode_printer_info_1(NEW_BUFFER *buffer, uint32 returned, 
+				  PRINTER_INFO_1 **info)
+{
+        uint32 i;
+        PRINTER_INFO_1  *inf;
+
+        inf=(PRINTER_INFO_1 *)malloc(returned*sizeof(PRINTER_INFO_1));
+
+        buffer->prs.data_offset=0;
+
+        for (i=0; i<returned; i++) {
+                new_smb_io_printer_info_1("", buffer, &(inf[i]), 0);
+        }
+
+        *info=inf;
+}
+
+static void decode_printer_info_2(NEW_BUFFER *buffer, uint32 returned, 
+				  PRINTER_INFO_2 **info)
+{
+        uint32 i;
+        PRINTER_INFO_2  *inf;
+
+        inf=(PRINTER_INFO_2 *)malloc(returned*sizeof(PRINTER_INFO_2));
+
+        buffer->prs.data_offset=0;
+
+        for (i=0; i<returned; i++) {
+		/* a little initialization as we go */
+		inf[i].secdesc = NULL;
+                new_smb_io_printer_info_2("", buffer, &(inf[i]), 0);
+        }
+
+        *info=inf;
+}
+
+static void decode_printer_info_3(NEW_BUFFER *buffer, uint32 returned, 
+				  PRINTER_INFO_3 **info)
+{
+        uint32 i;
+        PRINTER_INFO_3  *inf;
+
+        inf=(PRINTER_INFO_3 *)malloc(returned*sizeof(PRINTER_INFO_3));
+
+        buffer->prs.data_offset=0;
+
+        for (i=0; i<returned; i++) {
+                new_smb_io_printer_info_3("", buffer, &(inf[i]), 0);
+        }
+
+        *info=inf;
+}
+
+static void decode_printer_driver_1(NEW_BUFFER *buffer, uint32 returned, 
+			 	    DRIVER_INFO_1 **info)
+{
+        uint32 i;
+        DRIVER_INFO_1 *inf;
+
+        inf=(DRIVER_INFO_1 *)malloc(returned*sizeof(DRIVER_INFO_1));
+
+        buffer->prs.data_offset=0;
+
+        for (i=0; i<returned; i++) {
+                new_smb_io_printer_driver_info_1("", buffer, &(inf[i]), 0);
+        }
+
+        *info=inf;
+}
+
+static void decode_printer_driver_2(NEW_BUFFER *buffer, uint32 returned, 
+				    DRIVER_INFO_2 **info)
+{
+        uint32 i;
+        DRIVER_INFO_2 *inf;
+
+        inf=(DRIVER_INFO_2 *)malloc(returned*sizeof(DRIVER_INFO_2));
+
+        buffer->prs.data_offset=0;
+
+        for (i=0; i<returned; i++) {
+                new_smb_io_printer_driver_info_2("", buffer, &(inf[i]), 0);
+        }
+
+        *info=inf;
+}
+
+static void decode_printer_driver_3(NEW_BUFFER *buffer, uint32 returned, 
+				    DRIVER_INFO_3 **info)
+{
+        uint32 i;
+        DRIVER_INFO_3 *inf;
+
+        inf=(DRIVER_INFO_3 *)malloc(returned*sizeof(DRIVER_INFO_3));
+
+        buffer->prs.data_offset=0;
+
+        for (i=0; i<returned; i++) {
+                new_smb_io_printer_driver_info_3("", buffer, &(inf[i]), 0);
+        }
+
+        *info=inf;
+}
+
+static void decode_printerdriverdir_info_1(NEW_BUFFER *buffer, DRIVER_DIRECTORY_1 *info)
+{
+/*      DRIVER_DIRECTORY_1 *inf;
+
+        inf=(DRIVER_DIRECTORY_1 *)malloc(returned*sizeof(DRIVER_DIRECTORY_1));
+*/
+        prs_set_offset(&buffer->prs, 0);
+
+        new_smb_io_driverdir_1("", buffer, info, 0);
+
+/*      *info=inf;*/
+}
+
+/**********************************************************************
+ Decode a PORT_INFO_1 struct from a NEW_BUFFER 
+**********************************************************************/
+void decode_port_info_1(NEW_BUFFER *buffer, uint32 returned, 
+			PORT_INFO_1 **info)
+{
+        uint32 i;
+        PORT_INFO_1 *inf;
+
+        inf=(PORT_INFO_1*)malloc(returned*sizeof(PORT_INFO_1));
+
+        prs_set_offset(&buffer->prs, 0);
+
+        for (i=0; i<returned; i++) {
+                new_smb_io_port_info_1("", buffer, &(inf[i]), 0);
+        }
+
+        *info=inf;
+}
+
+/**********************************************************************
+ Decode a PORT_INFO_2 struct from a NEW_BUFFER 
+**********************************************************************/
+void decode_port_info_2(NEW_BUFFER *buffer, uint32 returned, 
+			PORT_INFO_2 **info)
+{
+        uint32 i;
+        PORT_INFO_2 *inf;
+
+        inf=(PORT_INFO_2*)malloc(returned*sizeof(PORT_INFO_2));
+
+        prs_set_offset(&buffer->prs, 0);
+
+        for (i=0; i<returned; i++) {
+                new_smb_io_port_info_2("", buffer, &(inf[i]), 0);
+        }
+
+        *info=inf;
+}
+
+
+/****************************************************************************
+nt spoolss query
+****************************************************************************/
+BOOL msrpc_spoolss_enum_printers(char* srv_name, uint32 flags, 
+				 uint32 level, PRINTER_INFO_CTR ctr)
+{
+	NTSTATUS status;
+	NEW_BUFFER buffer;
+	uint32 needed;
+	uint32 returned;
+	TALLOC_CTX *mem_ctx = NULL;
+	
+	if ((mem_ctx=talloc_init()) == NULL)
+	{
+		DEBUG(0,("msrpc_spoolss_enum_printers: talloc_init failed!\n"));
+		return False;
+	}
+	init_buffer(&buffer, 0, mem_ctx);
+	
+	/* send a NULL buffer first */
+	status=spoolss_enum_printers(flags, srv_name, level, &buffer, 0, 
+				     &needed, &returned);
+	
+	if (status==ERROR_INSUFFICIENT_BUFFER) {
+		init_buffer(&buffer, needed, mem_ctx);
+		status=spoolss_enum_printers(flags, srv_name, level, &buffer, 
+					     needed, &needed, &returned);
+	}
+	
+	if (status!=NT_STATUS_OK)
+	{
+		DEBUG(0,("spoolss_enum_printers: %s\n", nt_errstr(status)));
+		if (mem_ctx)
+			talloc_destroy(mem_ctx);
+		return False;
+	}
+		
+	/* is there anything to process? */
+	if (returned != 0)
+	{
+		switch (level) {
+		case 1:
+			decode_printer_info_1(&buffer, returned, &(ctr.printers_1));
+			break;
+		case 2:
+			decode_printer_info_2(&buffer, returned, &(ctr.printers_2));
+			break;
+		case 3:
+			decode_printer_info_3(&buffer, returned, &(ctr.printers_3));
+			break;
+		}		
+
+		display_printer_info_ctr(out_hnd, ACTION_HEADER   , level, returned, ctr);
+		display_printer_info_ctr(out_hnd, ACTION_ENUMERATE, level, returned, ctr);
+		display_printer_info_ctr(out_hnd, ACTION_FOOTER   , level, returned, ctr);
+	}
+
+	if (mem_ctx)
+		talloc_destroy(mem_ctx);
+		
+	return True;
+}
+
+/****************************************************************************
+nt spoolss query
+****************************************************************************/
+BOOL msrpc_spoolss_enum_ports(char* srv_name, 
+				 uint32 level, PORT_INFO_CTR *ctr)
+{
+	NTSTATUS status;
+	NEW_BUFFER buffer;
+	uint32 needed;
+	uint32 returned;
+	TALLOC_CTX *mem_ctx = NULL;
+	
+	if ((mem_ctx=talloc_init()) == NULL)
+	{
+		DEBUG(0,("msrpc_spoolss_enum_ports: talloc_init failed!\n"));
+		return False;
+	}
+	
+	init_buffer(&buffer, 0, mem_ctx);
+	
+	/* send a NULL buffer first */
+	status=spoolss_enum_ports(srv_name, level, &buffer, 0, 
+				     &needed, &returned);
+	
+	if (status==ERROR_INSUFFICIENT_BUFFER) {
+		init_buffer(&buffer, needed, mem_ctx);
+		status=spoolss_enum_ports(srv_name, level, &buffer, 
+					  needed, &needed, &returned);
+	}
+	
+	report(out_hnd, "\tstatus:[%d (%x)]\n", status, status);
+	
+	if (status!=NT_STATUS_OK)
+	{
+		if (mem_ctx)
+			talloc_destroy(mem_ctx);
+		return False;
+	}
+		
+	/* is there anything to process? */
+	if (returned != 0)
+	{
+		switch (level) {
+		case 1:
+			decode_port_info_1(&buffer, returned, &ctr->port.info_1);
+			break;
+		case 2:
+			decode_port_info_2(&buffer, returned, &ctr->port.info_2);
+			break;
+		default:
+			DEBUG(0,("Unable to decode unknown PORT_INFO_%d\n", level));
+			break;
+		}		
+
+		display_port_info_ctr(out_hnd, ACTION_HEADER   , level, returned, ctr);
+		display_port_info_ctr(out_hnd, ACTION_ENUMERATE, level, returned, ctr);
+		display_port_info_ctr(out_hnd, ACTION_FOOTER   , level, returned, ctr);
+	}
+	if (mem_ctx)
+		talloc_destroy(mem_ctx);
+
+
+
+	return True;
+}
+
+/****************************************************************************
+nt spoolss query
+****************************************************************************/
+uint32 msrpc_spoolss_getprinterdata( const char* printer_name,
+                                const char* station,
+                                const char* user_name,
+                                const char* value_name,
+                                uint32 *type,
+                                NEW_BUFFER *buffer,
+                                void *fn)
+{
+        POLICY_HND hnd;
+        NTSTATUS status;
+        uint32 needed;
+        uint32 size;
+        char *data;
+        UNISTR2 uni_val_name;
+	TALLOC_CTX *mem_ctx = NULL;
+	
+        DEBUG(4,("spoolgetdata - printer: %s server: %s user: %s value: %s\n",
+                printer_name, station, user_name, value_name));
+
+        if(!spoolss_open_printer_ex( printer_name, 0, 0, station, user_name,
+                                &hnd))
+        {
+                return NT_STATUS_ACCESS_DENIED;
+        }
+
+        init_unistr2(&uni_val_name, value_name, 0);
+        size = 0;
+        data = NULL;
+
+	if ((mem_ctx=talloc_init()) == NULL)
+	{
+		DEBUG(0,("msrpc_spoolss_getprinterdata: talloc_init failed!\n"));
+		return False;
+	}
+        init_buffer(buffer, size, mem_ctx);
+
+        status = spoolss_getprinterdata(&hnd, &uni_val_name, size, type, &size,
+                        (unsigned char *)data, &needed);
+
+        if (status == ERROR_INSUFFICIENT_BUFFER)
+        {
+                size = needed;
+                init_buffer(buffer, size, mem_ctx);
+                data = prs_data_p(&buffer->prs);
+                status = spoolss_getprinterdata(&hnd, &uni_val_name,
+                                size, type, &size,
+                                (unsigned char *)data, &needed);
+        }
+	
+	if (mem_ctx)
+		talloc_destroy(mem_ctx);
+
+        if (status != NT_STATUS_OK) 
+	{
+                if (!spoolss_closeprinter(&hnd))
+                        return NT_STATUS_ACCESS_DENIED;
+                return status;
+        }
+
+#if  0
+        if (fn != NULL)
+                fn(printer_name, station, level, returned, *ctr);
+#endif
+
+        return status;
+}
+
+/****************************************************************************
+nt spoolss query
+****************************************************************************/
+BOOL msrpc_spoolss_enum_jobs( const char* printer_name,
+                                const char* station, const char* user_name,
+                                uint32 level,
+                                void ***ctr, JOB_INFO_FN(fn))
+{
+        POLICY_HND hnd;
+        NTSTATUS status;
+        NEW_BUFFER buffer;
+        uint32 needed;
+        uint32 returned;
+        uint32 firstjob=0;
+        uint32 numofjobs=0xffff;
+	TALLOC_CTX *mem_ctx = NULL;
+	
+        DEBUG(4,("spoolopen - printer: %s server: %s user: %s\n",
+                printer_name, station, user_name));
+
+        if(!spoolss_open_printer_ex( printer_name, 0, 0, station, user_name, &hnd))
+                return False;
+
+	if ((mem_ctx=talloc_init()) == NULL)
+	{
+		DEBUG(0,("msrpc_spoolss_enum_jobs: talloc_init failed!\n"));
+		return False;
+	}
+        init_buffer(&buffer, 0, mem_ctx);
+        status = spoolss_enum_jobs(&hnd, firstjob, numofjobs, level, 
+				   &buffer, 0, &needed, &returned);
+
+        if (status == ERROR_INSUFFICIENT_BUFFER)
+        {
+                init_buffer(&buffer, needed, mem_ctx);
+                status = spoolss_enum_jobs( &hnd, firstjob, numofjobs, level, 
+					    &buffer, needed, &needed, &returned);
+        }
+
+	if (mem_ctx)
+		talloc_destroy(mem_ctx);
+		
+        if (status!=NT_STATUS_OK) {
+                if (!spoolss_closeprinter(&hnd))
+                        return False;
+                return False;
+        }
+
+        if (fn != NULL)
+                fn(printer_name, station, level, returned, *ctr);
+
+        return True;
+}
+
+
+/****************************************************************************
+nt spoolss query
+****************************************************************************/
+BOOL msrpc_spoolss_enum_printerdata( const char* printer_name, 
+		const char* station, const char* user_name )
+{
+	POLICY_HND hnd;
+	NTSTATUS status;
+	uint32 idx;
+	uint32 valuelen;
+	uint16 *value;
+	uint32 rvaluelen;
+	uint32 type;
+	uint32 datalen;
+	uint8  *data;
+	uint32 rdatalen;
+	uint32 maxvaluelen;
+	uint32 maxdatalen;
+	
+	DEBUG(4,("msrpc_spoolss_enum_printerdata - printer: %s\n", printer_name));
+
+	if(!spoolss_open_printer_ex( printer_name, 0, 0, station, user_name, &hnd))
+		return False;
+
+	
+	idx=0;
+	valuelen=0;
+	rvaluelen=0;
+	type=0;
+	datalen=0;
+	rdatalen=0;
+	
+	status = spoolss_enum_printerdata(&hnd, idx, &valuelen, value, 
+					  &rvaluelen, &type, &datalen, 
+					  data, &rdatalen);
+
+	DEBUG(4,("spoolenum_printerdata - got size: biggest value:[%d], biggest data:[%d]\n", rvaluelen, rdatalen));
+
+	maxvaluelen=valuelen=rvaluelen;
+	maxdatalen=datalen=rdatalen;
+
+	value=(uint16 *)malloc(valuelen*sizeof(uint16));
+	data=(uint8 *)malloc(datalen*sizeof(uint8));
+
+	display_printer_enumdata(out_hnd, ACTION_HEADER, idx, valuelen, 
+				 value, rvaluelen, type, datalen, data, rdatalen);
+	
+	do {
+		valuelen=maxvaluelen;
+		datalen=maxdatalen;
+
+		status = spoolss_enum_printerdata(&hnd, idx, &valuelen, 
+						  value, &rvaluelen, &type, 
+ 						  &datalen, data, &rdatalen);
+		display_printer_enumdata(out_hnd, ACTION_ENUMERATE, idx, 
+					 valuelen, value, rvaluelen, type, 
+					 datalen, data, rdatalen);
+		idx++;
+
+	} while (status != 0x0103); /* NO_MORE_ITEMS */
+
+	display_printer_enumdata(out_hnd, ACTION_FOOTER, idx, valuelen, 
+				 value, rvaluelen, type, datalen, data, rdatalen);
+
+	
+	if (status!=NT_STATUS_OK) {
+		/* 
+		 * the check on this if statement is redundant
+		 * since is the status is bad we're going to 
+		 * return False anyways.  The caller will be 
+		 * unable to determine if there really was a problem
+		 * with the spoolss_closeprinter() call  --jerry
+		 */
+		spoolss_closeprinter(&hnd);
+		return False;
+	}
+	
+	return True;
+}
+
+/****************************************************************************
+nt spoolss query
+****************************************************************************/
+BOOL msrpc_spoolss_getprinter( const char* printer_name, const uint32 level,
+                const char* station, const char* user_name,
+                PRINTER_INFO_CTR ctr)
+{
+        POLICY_HND hnd;
+        NTSTATUS status=0;
+        NEW_BUFFER buffer;
+        uint32 needed=1000;
+	TALLOC_CTX *mem_ctx = NULL;
+	
+        DEBUG(4,("spoolenum_getprinter - printer: %s\n", printer_name));
+
+        if(!spoolss_open_printer_ex( printer_name, "", PRINTER_ALL_ACCESS, station, user_name, &hnd))
+                return False;
+
+	if ((mem_ctx=talloc_init()) == NULL)
+	{
+		DEBUG(0,("msrpc_spoolss_getprinter: talloc_init failed!\n"));
+		return False;
+	}
+        init_buffer(&buffer, needed, mem_ctx);
+
+        status = spoolss_getprinter(&hnd, level, &buffer, needed, &needed);
+
+        if (status==ERROR_INSUFFICIENT_BUFFER) {
+                init_buffer(&buffer, needed, mem_ctx);
+                status = spoolss_getprinter(&hnd, level, &buffer, needed, &needed);
+        }
+
+        report(out_hnd, "\tstatus:[%d (%x)]\n", status, status);
+
+        if (status!=NT_STATUS_OK)
+	{
+		if (mem_ctx)
+			talloc_destroy(mem_ctx);
+                return False;
+	}
+
+        switch (level) {
+        case 0:
+                decode_printer_info_0(&buffer, 1, &(ctr.printers_0));
+                break;
+        case 1:
+                decode_printer_info_1(&buffer, 1, &(ctr.printers_1));
+                break;
+        case 2:
+                decode_printer_info_2(&buffer, 1, &(ctr.printers_2));
+                break;
+        case 3:
+                decode_printer_info_3(&buffer, 1, &(ctr.printers_3));
+                break;
+        }
+
+        display_printer_info_ctr(out_hnd, ACTION_HEADER   , level, 1, ctr);
+        display_printer_info_ctr(out_hnd, ACTION_ENUMERATE, level, 1, ctr);
+        display_printer_info_ctr(out_hnd, ACTION_FOOTER   , level, 1, ctr);
+
+	if (mem_ctx)
+		talloc_destroy(mem_ctx);
+
+        if (status!=NT_STATUS_OK) {
+                if (!spoolss_closeprinter(&hnd))
+                        return False;
+                return False;
+        }
+
+        return True;
+}
+
+/****************************************************************************
+nt spoolss query
+****************************************************************************/
+BOOL msrpc_spoolss_getprinterdriver( const char* printer_name,
+                const char *environment, const uint32 level,
+                const char* station, const char* user_name,
+                PRINTER_DRIVER_CTR ctr)
+{
+        POLICY_HND hnd;
+        NTSTATUS status=0;
+        NEW_BUFFER buffer;
+        uint32 needed;
+	TALLOC_CTX *mem_ctx = NULL;
+	
+        DEBUG(4,("msrpc_spoolss_enum_getprinterdriver - printer: %s\n", printer_name));
+
+        if(!spoolss_open_printer_ex( printer_name, "", PRINTER_ALL_ACCESS, station, user_name, &hnd))
+                return False;
+
+	if ((mem_ctx=talloc_init()) == NULL)
+	{
+		DEBUG(0,("msrpc_spoolss_getprinterdriver: talloc_init failed!\n"));
+		return False;
+	}
+        init_buffer(&buffer, 0, mem_ctx);
+
+        status = spoolss_getprinterdriver(&hnd, environment, level, &buffer, 0, &needed);
+
+        if (status==ERROR_INSUFFICIENT_BUFFER) {
+                init_buffer(&buffer, needed, mem_ctx);
+                status = spoolss_getprinterdriver(&hnd, environment, level, &buffer, needed, &needed);
+        }
+
+        /* report(out_hnd, "\tstatus:[%d (%x)]\n", status, status); */
+
+        if (status!=NT_STATUS_OK)
+	{
+		if (mem_ctx)
+			talloc_destroy(mem_ctx);
+                return False;
+	}
+
+        switch (level) {
+		case 1:
+			decode_printer_driver_1(&buffer, 1, &(ctr.info1));
+			break;
+		case 2:
+			decode_printer_driver_2(&buffer, 1, &(ctr.info2));
+			break;
+		case 3:
+			decode_printer_driver_3(&buffer, 1, &(ctr.info3));
+			break;
+        }
+
+        display_printer_driver_ctr(out_hnd, ACTION_HEADER   , level, 1, ctr);
+        display_printer_driver_ctr(out_hnd, ACTION_ENUMERATE, level, 1, ctr);
+        display_printer_driver_ctr(out_hnd, ACTION_FOOTER   , level, 1, ctr);
+
+	if (mem_ctx)
+		talloc_destroy(mem_ctx);
+		
+        if (status!=NT_STATUS_OK) {
+                if (!spoolss_closeprinter(&hnd))
+                        return False;
+                return False;
+        }
+
+        return True;
+}
+
+/****************************************************************************
+nt spoolss query
+****************************************************************************/
+BOOL msrpc_spoolss_enumprinterdrivers( const char* srv_name,
+                const char *environment, const uint32 level,
+                PRINTER_DRIVER_CTR ctr)
+{
+        NTSTATUS status=0;
+        NEW_BUFFER buffer;
+        uint32 needed;
+        uint32 returned;
+	TALLOC_CTX *mem_ctx = NULL;
+	
+        DEBUG(4,("msrpc_spoolss_enum_enumprinterdrivers - server: %s\n", srv_name));
+
+	if ((mem_ctx=talloc_init()) == NULL)
+	{
+		DEBUG(0,("msrpc_spoolss_enumprinterdrivers: talloc_init failed!\n"));
+		return False;
+	}
+        init_buffer(&buffer, 0, mem_ctx);
+
+        status = spoolss_enum_printerdrivers(srv_name, environment,
+                                level, &buffer, 0, &needed, &returned);
+
+        if (status == ERROR_INSUFFICIENT_BUFFER)
+        {
+                init_buffer(&buffer, needed, mem_ctx);
+                status = spoolss_enum_printerdrivers( srv_name, environment,
+                                level, &buffer, needed, &needed, &returned);
+        }
+
+        report(out_hnd, "\tstatus:[%d (%x)]\n", status, status);
+
+        if (status!=NT_STATUS_OK)
+	{
+		if (mem_ctx)
+			talloc_destroy(mem_ctx);
+                return False;
+	}
+
+        switch (level)
+        {
+                case 1:
+                        decode_printer_driver_1(&buffer, returned, &(ctr.info1));
+                        break;
+                case 2:
+                        decode_printer_driver_2(&buffer, returned, &(ctr.info2));
+                        break;
+                case 3:
+                        decode_printer_driver_3(&buffer, returned, &(ctr.info3));
+                        break;
+        }
+
+        display_printer_driver_ctr(out_hnd, ACTION_HEADER   , level, returned, ctr);
+        display_printer_driver_ctr(out_hnd, ACTION_ENUMERATE, level, returned, ctr);
+        display_printer_driver_ctr(out_hnd, ACTION_FOOTER   , level, returned, ctr);
+
+	if (mem_ctx)
+		talloc_destroy(mem_ctx);
+		
+        return True;
+}
+
+/****************************************************************************
+nt spoolss query
+****************************************************************************/
+BOOL msrpc_spoolss_getprinterdriverdir(char* srv_name, char* env_name, uint32 level, DRIVER_DIRECTORY_CTR ctr)
+{
+        NTSTATUS status;
+        NEW_BUFFER buffer;
+        uint32 needed;
+	TALLOC_CTX *mem_ctx = NULL;
+	
+	if ((mem_ctx=talloc_init()) == NULL)
+	{
+		DEBUG(0,("msrpc_spoolss_getprinterdriverdir: talloc_init failed!\n"));
+		return False;
+	}
+        init_buffer(&buffer, 0, mem_ctx);
+
+        /* send a NULL buffer first */
+        status=spoolss_getprinterdriverdir(srv_name, env_name, level, &buffer, 0, &needed);
+
+        if (status==ERROR_INSUFFICIENT_BUFFER) {
+                init_buffer(&buffer, needed, mem_ctx);
+                status=spoolss_getprinterdriverdir(srv_name, env_name, level, &buffer, needed, &needed);
+        }
+
+        report(out_hnd, "\tstatus:[%d (%x)]\n", status, status);
+
+        if (status!=NT_STATUS_OK)
+	{
+		if (mem_ctx)
+			talloc_destroy(mem_ctx);
+                return False;
+	}
+
+        switch (level) {
+        case 1:
+                decode_printerdriverdir_info_1(&buffer, &(ctr.driver.info_1));
+                break;
+        }
+
+        display_printerdriverdir_info_ctr(out_hnd, ACTION_HEADER   , level, ctr);
+        display_printerdriverdir_info_ctr(out_hnd, ACTION_ENUMERATE, level, ctr);
+        display_printerdriverdir_info_ctr(out_hnd, ACTION_FOOTER   , level, ctr);
+	
+	if (mem_ctx)
+		talloc_destroy(mem_ctx);
+
+        return True;
+}
diff --git a/source3/rpc_client/ntclienttrust.c b/source3/rpc_client/ntclienttrust.c
new file mode 100644
index 0000000000..284fd491f8
--- /dev/null
+++ b/source3/rpc_client/ntclienttrust.c
@@ -0,0 +1,157 @@
+/* 
+   Unix SMB/CIFS implementation.
+   NT Domain Authentication SMB / MSRPC client
+   Copyright (C) Andrew Tridgell 1994-1997
+   Copyright (C) Luke Kenneth Casson Leighton 1996-1997
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+
+/************************************************************************
+ check workstation trust account status
+ ************************************************************************/
+BOOL trust_account_check(struct in_addr dest_ip, char *dest_host,
+				char *hostname, char *domain, fstring mach_acct,
+				fstring new_mach_pwd)
+{
+	pstring tmp;
+	fstring mach_pwd;
+	struct cli_state cli_trust;
+	uchar lm_owf_mach_pwd[16];
+	uchar nt_owf_mach_pwd[16];
+	uchar lm_sess_pwd[24];
+	uchar nt_sess_pwd[24];
+
+	BOOL right_error_code = False;
+	uint8 err_cls;
+	uint32 err_num;
+
+	char *start_mach_pwd;
+	char *change_mach_pwd;
+
+	/* initial machine password */
+	fstrcpy(mach_pwd, hostname);
+	strlower(mach_pwd);
+
+	slprintf(tmp, sizeof(tmp) - 1,"Enter Workstation Trust Account password for [%s].\nDefault is [%s].\nPassword:",
+				mach_acct, mach_pwd);
+
+	start_mach_pwd = (char*)getpass(tmp);
+
+	if (start_mach_pwd[0] != 0)
+	{
+		fstrcpy(mach_pwd, start_mach_pwd);
+	}
+
+	slprintf(tmp, sizeof(tmp)-1, "Enter new Workstation Trust Account password for [%s]\nPress Return to leave at old value.\nNew Password:",
+				mach_acct);
+
+	change_mach_pwd = (char*)getpass(tmp);
+
+	if (change_mach_pwd[0] != 0)
+	{
+		fstrcpy(new_mach_pwd, change_mach_pwd);
+	}
+	else
+	{
+		DEBUG(1,("trust_account_check: password change not requested\n"));
+		change_mach_pwd[0] = 0;
+	}
+
+	DEBUG(1,("initialise cli_trust connection\n"));
+
+	if (!cli_initialise(&cli_trust))
+	{
+		DEBUG(1,("cli_initialise failed for cli_trust\n"));
+		return False;
+	}
+
+	DEBUG(1,("server connect for cli_trust\n"));
+
+	if (!server_connect_init(&cli_trust, hostname, dest_ip, dest_host))
+	{
+		cli_error(&cli_trust, &err_cls, &err_num, NULL);
+		DEBUG(1,("server_connect_init failed (%s)\n", cli_errstr(&cli_trust)));
+
+		cli_shutdown(&cli_trust);
+		return False;
+	}
+
+	DEBUG(1,("server connect cli_trust succeeded\n"));
+
+	nt_lm_owf_gen(mach_pwd, nt_owf_mach_pwd, lm_owf_mach_pwd);
+
+	DEBUG(5,("generating nt owf from initial machine pwd: %s\n", mach_pwd));
+
+#ifdef DEBUG_PASSWORD
+	DEBUG(100,("client cryptkey: "));
+	dump_data(100, cli_trust.cryptkey, sizeof(cli_trust.cryptkey));
+#endif
+
+	SMBencrypt(nt_owf_mach_pwd, cli_trust.cryptkey, nt_sess_pwd);
+
+#ifdef DEBUG_PASSWORD
+	DEBUG(100,("nt_owf_mach_pwd: "));
+	dump_data(100, nt_owf_mach_pwd, sizeof(lm_owf_mach_pwd));
+	DEBUG(100,("nt_sess_pwd: "));
+	dump_data(100, nt_sess_pwd, sizeof(nt_sess_pwd));
+#endif
+
+	SMBencrypt(lm_owf_mach_pwd, cli_trust.cryptkey, lm_sess_pwd);
+
+#ifdef DEBUG_PASSWORD
+	DEBUG(100,("lm_owf_mach_pwd: "));
+	dump_data(100, lm_owf_mach_pwd, sizeof(lm_owf_mach_pwd));
+	DEBUG(100,("lm_sess_pwd: "));
+	dump_data(100, lm_sess_pwd, sizeof(lm_sess_pwd));
+#endif
+
+	right_error_code = False;
+
+	if (cli_session_setup(&cli_trust, mach_acct, 
+			nt_owf_mach_pwd, sizeof(nt_owf_mach_pwd),
+			nt_owf_mach_pwd, sizeof(nt_owf_mach_pwd), domain))
+	{
+		DEBUG(0,("cli_session_setup: NO ERROR! AAAGH! BUG IN SERVER DETECTED!!!\n"));
+		cli_shutdown(&cli_trust);
+	
+		return False;
+	}
+
+	cli_error(&cli_trust, &err_cls, &err_num, NULL);
+
+	if (err_num == (0xC0000000 | NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT))
+	{
+		DEBUG(1,("cli_send_tconX: valid workstation trust account exists\n"));
+		right_error_code = True;
+	}
+
+	if (err_num == (0xC0000000 | NT_STATUS_NO_SUCH_USER))
+	{
+		DEBUG(1,("cli_send_tconX: workstation trust account does not exist\n"));
+		right_error_code = False;
+	}
+
+	if (!right_error_code)
+	{
+		DEBUG(1,("server_validate failed (%s)\n", cli_errstr(&cli_trust)));
+	}
+
+	cli_shutdown(&cli_trust);
+	return right_error_code;
+}
diff --git a/source3/rpc_parse/.cvsignore b/source3/rpc_parse/.cvsignore
new file mode 100644
index 0000000000..5f2a5c4cf7
--- /dev/null
+++ b/source3/rpc_parse/.cvsignore
@@ -0,0 +1,2 @@
+*.po
+*.po32
diff --git a/source3/rpc_parse/parse_dfs.c b/source3/rpc_parse/parse_dfs.c
new file mode 100644
index 0000000000..6c83963d7a
--- /dev/null
+++ b/source3/rpc_parse/parse_dfs.c
@@ -0,0 +1,542 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  MSDfs RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell              1992-2000,
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-2000,
+ *  Copyright (C) Shirish Kalele               2000.
+ *  Copyright (C) Jeremy Allison				2001.
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+#include "nterr.h"
+#include "rpc_parse.h"   
+
+/******************************************************************* 
+Make a DFS_Q_DFS_QUERY structure
+*******************************************************************/
+
+void init_dfs_q_dfs_exist(DFS_Q_DFS_EXIST *q_d)
+{
+	q_d->dummy = 0;
+}
+
+/*************************************************************
+ Read/write a DFS_Q_DFS_EXIST structure - dummy...
+ ************************************************************/
+
+BOOL dfs_io_q_dfs_exist(char *desc, DFS_Q_DFS_EXIST *q_d, prs_struct *ps, int depth)
+{
+	if(q_d == NULL)
+		return False;
+  
+	prs_debug(ps, depth, desc, "dfs_io_q_dfs_exist");
+
+	return True;
+}
+  
+/*************************************************************
+ Read/write a DFS_R_DFS_EXIST structure
+ ************************************************************/
+
+BOOL dfs_io_r_dfs_exist(char *desc, DFS_R_DFS_EXIST *q_d, prs_struct *ps, int depth)
+{
+	if(q_d == NULL)
+		return False;
+  
+	prs_debug(ps, depth, desc, "dfs_io_r_dfs_exist");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("exist flag", ps, 0, &q_d->status))
+		return False;
+
+	return True;
+}
+  
+/******************************************************************* 
+Make a DFS_Q_DFS_REMOVE structure
+*******************************************************************/
+
+BOOL init_dfs_q_dfs_remove(DFS_Q_DFS_REMOVE *q_d, char *entrypath, 
+			   char *servername, char *sharename)
+{
+	DEBUG(5,("init_dfs_q_dfs_remove\n"));
+	init_unistr2(&q_d->DfsEntryPath, entrypath,  strlen(entrypath)+1);
+	init_unistr2(&q_d->ServerName,   servername, strlen(servername)+1);
+	init_unistr2(&q_d->ShareName,    sharename,  strlen(sharename)+1);
+	q_d->ptr_ServerName = q_d->ptr_ShareName = 1;
+	return True;
+}
+
+/******************************************************************* 
+Read/write a DFS_Q_DFS_REMOVE structure
+*******************************************************************/
+
+BOOL dfs_io_q_dfs_remove(char *desc, DFS_Q_DFS_REMOVE *q_d, prs_struct *ps, int depth)
+{
+	if(q_d == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "dfs_io_q_dfs_remove");
+	depth++;
+  
+	if(!prs_align(ps))
+		return False;
+  
+	if(!smb_io_unistr2("DfsEntryPath",&q_d->DfsEntryPath, 1, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_ServerName", ps, depth, &q_d->ptr_ServerName))
+		return False;
+	if(q_d->ptr_ServerName)
+		if (!smb_io_unistr2("ServerName",&q_d->ServerName, q_d->ptr_ServerName, ps, depth))
+			return False;
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_ShareName", ps, depth, &q_d->ptr_ShareName))
+		return False;
+	if(q_d->ptr_ShareName)
+		if (!smb_io_unistr2("ShareName",&q_d->ShareName,  q_d->ptr_ShareName, ps, depth))
+			return False;
+	if(!prs_align(ps))
+		return False;
+
+	return True;
+}
+
+/******************************************************************* 
+Read/write a DFS_R_DFS_REMOVE structure
+*******************************************************************/
+
+BOOL dfs_io_r_dfs_remove(char *desc, DFS_R_DFS_REMOVE *r_d, prs_struct *ps, int depth)
+{
+	if(r_d == NULL)	
+		return False;
+
+	prs_debug(ps, depth, desc, "dfs_io_r_dfs_remove");
+	depth++;
+
+	if(!prs_werror("status", ps, depth, &r_d->status))
+		return False;
+
+	return True;
+}
+
+/******************************************************************* 
+Make a DFS_Q_DFS_ADD structure
+*******************************************************************/
+
+BOOL init_dfs_q_dfs_add(DFS_Q_DFS_ADD *q_d, char *entrypath, char *servername,
+			char *sharename, char *comment, uint32 flags)
+{
+	DEBUG(5,("init_dfs_q_dfs_add\n"));
+	q_d->ptr_DfsEntryPath = q_d->ptr_ServerName = q_d->ptr_ShareName = 1;
+	init_unistr2(&q_d->DfsEntryPath, entrypath,  strlen(entrypath)+1);
+	init_unistr2(&q_d->ServerName,   servername, strlen(servername)+1);
+	init_unistr2(&q_d->ShareName,    sharename,  strlen(sharename)+1);
+	if(comment != NULL) {
+		init_unistr2(&q_d->Comment,      comment,    strlen(comment)+1);
+		q_d->ptr_Comment = 1;
+	} else {
+		q_d->ptr_Comment = 0;
+	}
+
+	q_d->Flags = flags;
+	return True;
+}
+
+/************************************************************
+ Read/write a DFS_Q_DFS_ADD structure
+ ************************************************************/
+
+BOOL dfs_io_q_dfs_add(char *desc, DFS_Q_DFS_ADD *q_d, prs_struct *ps, int depth)
+{
+	if(q_d == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "dfs_io_q_dfs_add");
+	depth++;
+  
+	if(!prs_align(ps))
+		return False;
+  
+	if(!smb_io_unistr2("DfsEntryPath",&q_d->DfsEntryPath, 1, ps, depth))
+		return False;
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_unistr2("ServerName",&q_d->ServerName, 1, ps, depth))
+		return False;
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_ShareName", ps, depth, &q_d->ptr_ShareName))
+		return False;
+	if(!smb_io_unistr2("ShareName",&q_d->ShareName,  1, ps, depth))
+		return False;
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_Comment", ps, depth, &q_d->ptr_Comment))
+		return False;
+	if(!smb_io_unistr2("",&q_d->Comment, q_d->ptr_Comment , ps, depth))
+		return False;
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("Flags", ps, depth, &q_d->Flags))
+		return True;
+
+	return True;
+}
+
+/************************************************************
+ Read/write a DFS_R_DFS_ADD structure 
+ ************************************************************/
+
+BOOL dfs_io_r_dfs_add(char *desc, DFS_R_DFS_ADD *r_d, prs_struct *ps, int depth)
+{
+	if(r_d == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "dfs_io_r_dfs_add");
+	depth++;
+
+	if(!prs_werror("status", ps, depth, &r_d->status))
+		return False;
+
+	return True;
+}
+
+BOOL init_dfs_q_dfs_get_info(DFS_Q_DFS_GET_INFO *q_d, char *entrypath,
+			     char *servername, char *sharename, 
+			     uint32 info_level)
+{
+	DEBUG(5,("init_dfs_q2_get_info\n"));
+	init_unistr2(&q_d->uni_path, entrypath,  strlen(entrypath)+1);
+	init_unistr2(&q_d->uni_server,   servername, strlen(servername)+1);
+	init_unistr2(&q_d->uni_share,    sharename,  strlen(sharename)+1);
+	q_d->level = info_level;
+	q_d->ptr_server = q_d->ptr_share = 1;
+	return True;
+}
+
+/************************************************************
+ Read/write a DFS_Q_GET_INFO structure
+ ************************************************************/
+
+BOOL dfs_io_q_dfs_get_info(char* desc, DFS_Q_DFS_GET_INFO* q_i, prs_struct* ps, int depth)
+{
+	if(q_i == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "dfs_io_q_dfs_get_info");
+	depth++;
+
+	if(!smb_io_unistr2("",&q_i->uni_path, 1, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_server", ps, depth, &q_i->ptr_server))
+		return False;
+
+	if(q_i->ptr_server)
+		if (!smb_io_unistr2("",&q_i->uni_server, q_i->ptr_server, ps, depth))
+			return False;
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_share", ps, depth, &q_i->ptr_share))
+		return False;
+	if(q_i->ptr_share)
+		if(!smb_io_unistr2("", &q_i->uni_share, q_i->ptr_share, ps, depth))
+			return False;
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("level", ps, depth, &q_i->level))
+		return False;
+	return True;
+}
+
+/************************************************************
+ Read/write a DFS_R_GET_INFO structure
+ ************************************************************/
+
+BOOL dfs_io_r_dfs_get_info(char* desc, DFS_R_DFS_GET_INFO* r_i, prs_struct* ps, int depth)
+{
+	if(r_i == NULL)
+		return False;
+  
+	if(!prs_uint32("level", ps, depth, &r_i->level))
+		return False;
+	if(!prs_uint32("ptr_ctr", ps, depth, &r_i->ptr_ctr))
+		return False;
+
+	if(!dfs_io_dfs_info_ctr("", &r_i->ctr, 1, r_i->level, ps, depth))
+		return False;
+	if(!prs_werror("status", ps, depth, &r_i->status))
+		return False;
+	return True;
+}
+			   
+/************************************************************
+ Make a DFS_Q_DFS_ENUM structure
+ ************************************************************/
+BOOL init_dfs_q_dfs_enum(DFS_Q_DFS_ENUM *q_d, uint32 level, DFS_INFO_CTR *ctr)
+{
+	q_d->level = level;
+	q_d->maxpreflen = -1;
+	q_d->ptr_buffer = 1;
+	q_d->level2 = level;
+  
+	q_d->ptr_num_entries = 1;
+	q_d->num_entries = 0;
+	q_d->num_entries2 = 0;
+	q_d->reshnd.ptr_hnd = 1;
+	q_d->reshnd.handle = 0;
+	return True;
+}
+  
+/************************************************************
+ Read or write the DFS_Q_DFS_ENUM structure 
+ ************************************************************/
+
+BOOL dfs_io_q_dfs_enum(char *desc, DFS_Q_DFS_ENUM *q_d, prs_struct *ps, int depth)
+{
+	if(q_d == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "dfs_io_q_dfs_enum");
+	depth++;
+  
+	if(!prs_align(ps))
+		return False;
+  
+	if(!prs_uint32("level", ps, depth, &q_d->level))
+		return False;
+	if(!prs_uint32("maxpreflen", ps, depth, &q_d->maxpreflen))
+		return False;
+	if(!prs_uint32("ptr_buffer", ps, depth, &q_d->ptr_buffer))
+		return False;
+	if(!prs_uint32("level2", ps, depth, &q_d->level2))
+		return False;
+	if(!prs_uint32("level3", ps, depth, &q_d->level2))
+		return False;
+  
+	if(!prs_uint32("ptr_num_entries", ps, depth, &q_d->ptr_num_entries))
+		return False;
+	if(!prs_uint32("num_entries", ps, depth, &q_d->num_entries))
+		return False;
+	if(!prs_uint32("num_entries2", ps, depth, &q_d->num_entries2))
+		return False;
+	if(!smb_io_enum_hnd("resume_hnd",&q_d->reshnd, ps, depth))
+		return False;
+	return True;
+}
+
+/************************************************************
+ Read/write a DFS_INFO_CTR structure
+ ************************************************************/
+
+BOOL dfs_io_dfs_info_ctr(char* desc, DFS_INFO_CTR* ctr, uint32 num_entries, uint32 level, prs_struct* ps, int depth)
+{
+	int i=0;
+
+	switch(level) {
+	case 1:
+		depth++;
+		/* should depend on whether marshalling or unmarshalling! */
+		if(UNMARSHALLING(ps)) {
+			ctr->dfs.info1 = (DFS_INFO_1 *)prs_alloc_mem(ps, sizeof(DFS_INFO_1)*num_entries);
+			if (!ctr->dfs.info1)
+				return False;
+		}
+
+		for(i=0;i<num_entries;i++) {
+			if(!prs_uint32("ptr_entrypath",ps, depth, &ctr->dfs.info1[i].ptr_entrypath))
+				return False;
+		}
+		for(i=0;i<num_entries;i++) {
+			if(!smb_io_unistr2("", &ctr->dfs.info1[i].entrypath, ctr->dfs.info1[i].ptr_entrypath, ps, depth))
+				return False;
+			if(!prs_align(ps))
+				return False;
+		}
+		depth--;
+		break;
+	case 2:
+		depth++;
+		if(UNMARSHALLING(ps)) {
+			ctr->dfs.info2 = (DFS_INFO_2 *)prs_alloc_mem(ps, num_entries*sizeof(DFS_INFO_2));
+			if (!ctr->dfs.info2)
+				return False;
+		}
+
+		for(i=0;i<num_entries;i++) {
+			if(!prs_uint32("ptr_entrypath", ps, depth, &ctr->dfs.info2[i].ptr_entrypath))
+				return False;
+			if(!prs_uint32("ptr_comment", ps, depth, &ctr->dfs.info2[i].ptr_comment))
+				return False;
+			if(!prs_uint32("state", ps, depth, &ctr->dfs.info2[i].state))
+				return False;
+			if(!prs_uint32("num_storages", ps, depth, &ctr->dfs.info2[i].num_storages))
+				return False;
+		}
+		for(i=0;i<num_entries;i++) {
+			if(!smb_io_unistr2("", &ctr->dfs.info2[i].entrypath, ctr->dfs.info2[i].ptr_entrypath, ps, depth))
+				return False;
+			if(!prs_align(ps))
+				return False;
+			if(!smb_io_unistr2("",&ctr->dfs.info2[i].comment, ctr->dfs.info2[i].ptr_comment, ps, depth))
+				return False;
+			if(!prs_align(ps))
+				return False;
+		}
+		depth--;
+		break;
+	case 3:
+		depth++;
+		if(UNMARSHALLING(ps)) {
+			ctr->dfs.info3 = (DFS_INFO_3 *)prs_alloc_mem(ps, num_entries*sizeof(DFS_INFO_3));
+			if (!ctr->dfs.info3)
+				return False;
+		}
+
+		for(i=0;i<num_entries;i++) {
+			if(!prs_uint32("ptr_entrypath", ps, depth, &ctr->dfs.info3[i].ptr_entrypath))
+				return False;
+			if(!prs_uint32("ptr_comment", ps, depth, &ctr->dfs.info3[i].ptr_comment))
+				return False;
+			if(!prs_uint32("state", ps, depth, &ctr->dfs.info3[i].state))
+				return False;
+			if(!prs_uint32("num_storages", ps, depth, &ctr->dfs.info3[i].num_storages))
+				return False;
+			if(!prs_uint32("ptr_storages", ps, depth, &ctr->dfs.info3[i].ptr_storages))
+				return False;
+		}
+		for(i=0;i<num_entries;i++) {
+			if(!smb_io_unistr2("", &ctr->dfs.info3[i].entrypath, ctr->dfs.info3[i].ptr_entrypath, ps, depth))
+				return False;
+			if(!prs_align(ps))
+				return False;
+			if(!smb_io_unistr2("", &ctr->dfs.info3[i].comment, ctr->dfs.info3[i].ptr_comment, ps, depth))
+				return False;
+			if(!prs_align(ps))
+				return False;
+			if(!prs_uint32("num_storage_infos", ps, depth, &ctr->dfs.info3[i].num_storage_infos))
+				return False;
+
+			if(!dfs_io_dfs_storage_info("storage_info", &ctr->dfs.info3[i], ps, depth))
+				return False;
+		}
+	}
+
+	return True;
+}
+
+/************************************************************
+ Read/write a DFS_R_DFS_ENUM structure
+ ************************************************************/
+
+BOOL dfs_io_r_dfs_enum(char *desc, DFS_R_DFS_ENUM *q_d, prs_struct *ps, int depth)
+{
+	DFS_INFO_CTR *ctr;
+	if(q_d == NULL)
+		return False;
+	ctr = q_d->ctr;
+	if(ctr == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "dfs_io_r_dfs_enum");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_buffer", ps, depth, &q_d->ptr_buffer))
+		return False;
+	if(!prs_uint32("level", ps, depth, &q_d->level))
+		return False;
+	if(!prs_uint32("level2", ps, depth, &ctr->switch_value))
+		return False;
+	if(!prs_uint32("ptr_num_entries", ps, depth, &q_d->ptr_num_entries))
+		return False;
+	if(q_d->ptr_num_entries)
+		if(!prs_uint32("num_entries", ps, depth, &q_d->num_entries))
+			return False;
+	if(!prs_uint32("ptr_num_entries2", ps, depth, &q_d->ptr_num_entries2))
+		return False;
+	if(q_d->ptr_num_entries2)
+		if(!prs_uint32("num_entries2", ps, depth, &ctr->num_entries))
+			return False;
+
+	if(!dfs_io_dfs_info_ctr("", ctr, q_d->num_entries, q_d->level, ps, depth))
+		return False;
+
+	if(!smb_io_enum_hnd("resume_hnd", &q_d->reshnd, ps, depth))
+		return False;
+	if(!prs_werror("status", ps, depth, &q_d->status))
+		return False;
+	return True;
+}
+
+BOOL dfs_io_dfs_storage_info(char *desc, DFS_INFO_3* info3, prs_struct *ps, int depth)
+{
+	int i=0;
+	if(info3 == NULL)
+		return False;
+  
+	prs_debug(ps, depth, desc, "smb_io_dfs_storage_info");
+	depth++;
+
+	if(UNMARSHALLING(ps)) {
+		info3->storages = (DFS_STORAGE_INFO *)prs_alloc_mem(ps, info3->num_storage_infos*sizeof(DFS_STORAGE_INFO));
+		if (!info3->storages)
+			return False;
+	}
+
+	for(i=0;i<info3->num_storage_infos;i++) {
+		if(!prs_uint32("storage_state", ps, depth, &info3->storages[i].state))
+			return False;
+		if(!prs_uint32("ptr_servername", ps, depth, &info3->storages[i].ptr_servername))
+			return False;
+		if(!prs_uint32("ptr_sharename", ps, depth, &info3->storages[i].ptr_sharename))
+			return False;
+	}
+
+	for(i=0;i<info3->num_storage_infos;i++) {
+		if(!smb_io_unistr2("servername", &info3->storages[i].servername, info3->storages[i].ptr_servername, ps, depth))
+			return False;
+		if(!prs_align(ps))
+			return False;
+		if(!smb_io_unistr2("sharename", &info3->storages[i].sharename, info3->storages[i].ptr_sharename, ps, depth))
+			return False;
+		if(!prs_align(ps))
+			return False;
+	}
+
+	return True;
+}
diff --git a/source3/rpc_parse/parse_lsa.c b/source3/rpc_parse/parse_lsa.c
new file mode 100644
index 0000000000..91b54b9c83
--- /dev/null
+++ b/source3/rpc_parse/parse_lsa.c
@@ -0,0 +1,2103 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell              1992-1997,
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
+ *  Copyright (C) Paul Ashton                       1997.
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+static BOOL lsa_io_trans_names(char *desc, LSA_TRANS_NAME_ENUM *trn, prs_struct *ps, int depth);
+
+/*******************************************************************
+ Inits a LSA_TRANS_NAME structure.
+********************************************************************/
+
+void init_lsa_trans_name(LSA_TRANS_NAME *trn, UNISTR2 *uni_name,
+			 uint16 sid_name_use, char *name, uint32 idx)
+{
+	int len_name = strlen(name);
+
+	if(len_name == 0)
+		len_name = 1;
+
+	trn->sid_name_use = sid_name_use;
+	init_uni_hdr(&trn->hdr_name, len_name);
+	init_unistr2(uni_name, name, len_name);
+	trn->domain_idx = idx;
+}
+
+/*******************************************************************
+ Reads or writes a LSA_TRANS_NAME structure.
+********************************************************************/
+
+static BOOL lsa_io_trans_name(char *desc, LSA_TRANS_NAME *trn, prs_struct *ps, 
+			      int depth)
+{
+	prs_debug(ps, depth, desc, "lsa_io_trans_name");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint16("sid_name_use", ps, depth, &trn->sid_name_use))
+		return False;
+	if(!prs_align(ps))
+		return False;
+	
+	if(!smb_io_unihdr ("hdr_name", &trn->hdr_name, ps, depth))
+		return False;
+	if(!prs_uint32("domain_idx  ", ps, depth, &trn->domain_idx))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a DOM_R_REF structure.
+********************************************************************/
+
+static BOOL lsa_io_dom_r_ref(char *desc, DOM_R_REF *r_r, prs_struct *ps, 
+			     int depth)
+{
+	int i;
+
+	prs_debug(ps, depth, desc, "lsa_io_dom_r_ref");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint32("num_ref_doms_1", ps, depth, &r_r->num_ref_doms_1)) /* num referenced domains? */
+		return False;
+	if(!prs_uint32("ptr_ref_dom   ", ps, depth, &r_r->ptr_ref_dom)) /* undocumented buffer pointer. */
+		return False;
+	if(!prs_uint32("max_entries   ", ps, depth, &r_r->max_entries)) /* 32 - max number of entries */
+		return False;
+
+	SMB_ASSERT_ARRAY(r_r->hdr_ref_dom, r_r->num_ref_doms_1);
+
+	if (r_r->ptr_ref_dom != 0) {
+
+		if(!prs_uint32("num_ref_doms_2", ps, depth, &r_r->num_ref_doms_2)) /* 4 - num referenced domains? */
+			return False;
+
+		SMB_ASSERT_ARRAY(r_r->ref_dom, r_r->num_ref_doms_2);
+
+		for (i = 0; i < r_r->num_ref_doms_1; i++) {
+			fstring t;
+
+			slprintf(t, sizeof(t) - 1, "dom_ref[%d] ", i);
+			if(!smb_io_unihdr(t, &r_r->hdr_ref_dom[i].hdr_dom_name, ps, depth))
+				return False;
+
+			slprintf(t, sizeof(t) - 1, "sid_ptr[%d] ", i);
+			if(!prs_uint32(t, ps, depth, &r_r->hdr_ref_dom[i].ptr_dom_sid))
+				return False;
+		}
+
+		for (i = 0; i < r_r->num_ref_doms_2; i++) {
+			fstring t;
+
+			if (r_r->hdr_ref_dom[i].hdr_dom_name.buffer != 0) {
+				slprintf(t, sizeof(t) - 1, "dom_ref[%d] ", i);
+				if(!smb_io_unistr2(t, &r_r->ref_dom[i].uni_dom_name, True, ps, depth)) /* domain name unicode string */
+					return False;
+				if(!prs_align(ps))
+					return False;
+			}
+
+			if (r_r->hdr_ref_dom[i].ptr_dom_sid != 0) {
+				slprintf(t, sizeof(t) - 1, "sid_ptr[%d] ", i);
+				if(!smb_io_dom_sid2(t, &r_r->ref_dom[i].ref_dom, ps, depth)) /* referenced domain SIDs */
+					return False;
+			}
+		}
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ Inits an LSA_SEC_QOS structure.
+********************************************************************/
+
+void init_lsa_sec_qos(LSA_SEC_QOS *qos, uint16 imp_lev, uint8 ctxt, uint8 eff)
+{
+	DEBUG(5, ("init_lsa_sec_qos\n"));
+
+	qos->len = 0x0c; /* length of quality of service block, in bytes */
+	qos->sec_imp_level = imp_lev;
+	qos->sec_ctxt_mode = ctxt;
+	qos->effective_only = eff;
+}
+
+/*******************************************************************
+ Reads or writes an LSA_SEC_QOS structure.
+********************************************************************/
+
+static BOOL lsa_io_sec_qos(char *desc,  LSA_SEC_QOS *qos, prs_struct *ps, 
+			   int depth)
+{
+	uint32 start;
+
+	prs_debug(ps, depth, desc, "lsa_io_obj_qos");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	start = prs_offset(ps);
+
+	/* these pointers had _better_ be zero, because we don't know
+	   what they point to!
+	 */
+	if(!prs_uint32("len           ", ps, depth, &qos->len)) /* 0x18 - length (in bytes) inc. the length field. */
+		return False;
+	if(!prs_uint16("sec_imp_level ", ps, depth, &qos->sec_imp_level ))
+		return False;
+	if(!prs_uint8 ("sec_ctxt_mode ", ps, depth, &qos->sec_ctxt_mode ))
+		return False;
+	if(!prs_uint8 ("effective_only", ps, depth, &qos->effective_only))
+		return False;
+
+	if (qos->len != prs_offset(ps) - start) {
+		DEBUG(3,("lsa_io_sec_qos: length %x does not match size %x\n",
+		         qos->len, prs_offset(ps) - start));
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ Inits an LSA_OBJ_ATTR structure.
+********************************************************************/
+
+void init_lsa_obj_attr(LSA_OBJ_ATTR *attr, uint32 attributes, LSA_SEC_QOS *qos)
+{
+	DEBUG(5, ("init_lsa_obj_attr\n"));
+
+	attr->len = 0x18; /* length of object attribute block, in bytes */
+	attr->ptr_root_dir = 0;
+	attr->ptr_obj_name = 0;
+	attr->attributes = attributes;
+	attr->ptr_sec_desc = 0;
+	
+	if (qos != NULL) {
+		attr->ptr_sec_qos = 1;
+		attr->sec_qos = qos;
+	} else {
+		attr->ptr_sec_qos = 0;
+		attr->sec_qos = NULL;
+	}
+}
+
+/*******************************************************************
+ Reads or writes an LSA_OBJ_ATTR structure.
+********************************************************************/
+
+static BOOL lsa_io_obj_attr(char *desc, LSA_OBJ_ATTR *attr, prs_struct *ps, 
+			    int depth)
+{
+	uint32 start;
+
+	prs_debug(ps, depth, desc, "lsa_io_obj_attr");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	start = prs_offset(ps);
+
+	/* these pointers had _better_ be zero, because we don't know
+	   what they point to!
+	 */
+	if(!prs_uint32("len         ", ps, depth, &attr->len)) /* 0x18 - length (in bytes) inc. the length field. */
+		return False;
+	if(!prs_uint32("ptr_root_dir", ps, depth, &attr->ptr_root_dir)) /* 0 - root directory (pointer) */
+		return False;
+	if(!prs_uint32("ptr_obj_name", ps, depth, &attr->ptr_obj_name)) /* 0 - object name (pointer) */
+		return False;
+	if(!prs_uint32("attributes  ", ps, depth, &attr->attributes)) /* 0 - attributes (undocumented) */
+		return False;
+	if(!prs_uint32("ptr_sec_desc", ps, depth, &attr->ptr_sec_desc)) /* 0 - security descriptior (pointer) */
+		return False;
+	if(!prs_uint32("ptr_sec_qos ", ps, depth, &attr->ptr_sec_qos )) /* security quality of service (pointer) */
+		return False;
+
+	/* code commented out as it's not necessary true (tested with hyena). JFM, 11/22/2001 */
+#if 0
+	if (attr->len != prs_offset(ps) - start) {
+		DEBUG(3,("lsa_io_obj_attr: length %x does not match size %x\n",
+		         attr->len, prs_offset(ps) - start));
+		return False;
+	}
+#endif
+
+	if (attr->ptr_sec_qos != 0) {
+		if (UNMARSHALLING(ps))
+			if (!(attr->sec_qos = (LSA_SEC_QOS *)prs_alloc_mem(ps,sizeof(LSA_SEC_QOS))))
+				return False;
+
+		if(!lsa_io_sec_qos("sec_qos", attr->sec_qos, ps, depth))
+			return False;
+	}
+
+	return True;
+}
+
+
+/*******************************************************************
+ Inits an LSA_Q_OPEN_POL structure.
+********************************************************************/
+
+void init_q_open_pol(LSA_Q_OPEN_POL *r_q, uint16 system_name,
+		     uint32 attributes, uint32 desired_access,
+		     LSA_SEC_QOS *qos)
+{
+	DEBUG(5, ("init_open_pol: attr:%d da:%d\n", attributes, 
+		  desired_access));
+
+	r_q->ptr = 1; /* undocumented pointer */
+
+	r_q->des_access = desired_access;
+
+	r_q->system_name = system_name;
+	init_lsa_obj_attr(&r_q->attr, attributes, qos);
+}
+
+/*******************************************************************
+ Reads or writes an LSA_Q_OPEN_POL structure.
+********************************************************************/
+
+BOOL lsa_io_q_open_pol(char *desc, LSA_Q_OPEN_POL *r_q, prs_struct *ps, 
+		       int depth)
+{
+	prs_debug(ps, depth, desc, "lsa_io_q_open_pol");
+	depth++;
+
+	if(!prs_uint32("ptr       ", ps, depth, &r_q->ptr))
+		return False;
+	if(!prs_uint16("system_name", ps, depth, &r_q->system_name))
+		return False;
+	if(!prs_align( ps ))
+		return False;
+
+	if(!lsa_io_obj_attr("", &r_q->attr, ps, depth))
+		return False;
+
+	if(!prs_uint32("des_access", ps, depth, &r_q->des_access))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes an LSA_R_OPEN_POL structure.
+********************************************************************/
+
+BOOL lsa_io_r_open_pol(char *desc, LSA_R_OPEN_POL *r_p, prs_struct *ps, 
+		       int depth)
+{
+	prs_debug(ps, depth, desc, "lsa_io_r_open_pol");
+	depth++;
+
+	if(!smb_io_pol_hnd("", &r_p->pol, ps, depth))
+		return False;
+
+	if(!prs_ntstatus("status", ps, depth, &r_p->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits an LSA_Q_OPEN_POL2 structure.
+********************************************************************/
+
+void init_q_open_pol2(LSA_Q_OPEN_POL2 *r_q, char *server_name,
+			uint32 attributes, uint32 desired_access,
+			LSA_SEC_QOS *qos)
+{
+	DEBUG(5, ("init_q_open_pol2: attr:%d da:%d\n", attributes, 
+		  desired_access));
+
+	r_q->ptr = 1; /* undocumented pointer */
+
+	r_q->des_access = desired_access;
+
+	init_unistr2(&r_q->uni_server_name, server_name, 
+		     strlen(server_name) + 1);
+
+	init_lsa_obj_attr(&r_q->attr, attributes, qos);
+}
+
+/*******************************************************************
+ Reads or writes an LSA_Q_OPEN_POL2 structure.
+********************************************************************/
+
+BOOL lsa_io_q_open_pol2(char *desc, LSA_Q_OPEN_POL2 *r_q, prs_struct *ps, 
+			int depth)
+{
+	prs_debug(ps, depth, desc, "lsa_io_q_open_pol2");
+	depth++;
+
+	if(!prs_uint32("ptr       ", ps, depth, &r_q->ptr))
+		return False;
+
+	if(!smb_io_unistr2 ("", &r_q->uni_server_name, r_q->ptr, ps, depth))
+		return False;
+	if(!lsa_io_obj_attr("", &r_q->attr, ps, depth))
+		return False;
+
+	if(!prs_uint32("des_access", ps, depth, &r_q->des_access))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes an LSA_R_OPEN_POL2 structure.
+********************************************************************/
+
+BOOL lsa_io_r_open_pol2(char *desc, LSA_R_OPEN_POL2 *r_p, prs_struct *ps, 
+			int depth)
+{
+	prs_debug(ps, depth, desc, "lsa_io_r_open_pol2");
+	depth++;
+
+	if(!smb_io_pol_hnd("", &r_p->pol, ps, depth))
+		return False;
+
+	if(!prs_ntstatus("status", ps, depth, &r_p->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+makes an LSA_Q_QUERY_SEC_OBJ structure.
+********************************************************************/
+
+void init_q_query_sec_obj(LSA_Q_QUERY_SEC_OBJ *q_q, const POLICY_HND *hnd, 
+			  uint32 sec_info)
+{
+	DEBUG(5, ("init_q_query_sec_obj\n"));
+
+	q_q->pol = *hnd;
+	q_q->sec_info = sec_info;
+
+	return;
+}
+
+/*******************************************************************
+ Reads or writes an LSA_Q_QUERY_SEC_OBJ structure.
+********************************************************************/
+
+BOOL lsa_io_q_query_sec_obj(char *desc, LSA_Q_QUERY_SEC_OBJ *q_q, 
+			    prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "lsa_io_q_query_sec_obj");
+	depth++;
+
+	if (!smb_io_pol_hnd("", &q_q->pol, ps, depth))
+		return False;
+
+	if (!prs_uint32("sec_info", ps, depth, &q_q->sec_info))
+		return False;
+
+	return True;
+} 
+
+/*******************************************************************
+ Reads or writes a LSA_R_QUERY_SEC_OBJ structure.
+********************************************************************/
+
+BOOL lsa_io_r_query_sec_obj(char *desc, LSA_R_QUERY_SEC_OBJ *r_u, 
+			    prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "lsa_io_r_query_sec_obj");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+
+	if (!prs_uint32("ptr", ps, depth, &r_u->ptr))
+		return False;
+
+	if (r_u->ptr != 0) {
+		if (!sec_io_desc_buf("sec", &r_u->buf, ps, depth))
+			return False;
+	}
+
+	if (!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits an LSA_Q_QUERY_INFO structure.
+********************************************************************/
+
+void init_q_query(LSA_Q_QUERY_INFO *q_q, POLICY_HND *hnd, uint16 info_class)
+{
+	DEBUG(5, ("init_q_query\n"));
+
+	memcpy(&q_q->pol, hnd, sizeof(q_q->pol));
+
+	q_q->info_class = info_class;
+}
+
+/*******************************************************************
+ Reads or writes an LSA_Q_QUERY_INFO structure.
+********************************************************************/
+
+BOOL lsa_io_q_query(char *desc, LSA_Q_QUERY_INFO *q_q, prs_struct *ps, 
+		    int depth)
+{
+	prs_debug(ps, depth, desc, "lsa_io_q_query");
+	depth++;
+
+	if(!smb_io_pol_hnd("", &q_q->pol, ps, depth))
+		return False;
+
+	if(!prs_uint16("info_class", ps, depth, &q_q->info_class))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+makes an LSA_Q_ENUM_TRUST_DOM structure.
+********************************************************************/
+BOOL init_q_enum_trust_dom(LSA_Q_ENUM_TRUST_DOM * q_e, POLICY_HND *pol,
+			   uint32 enum_context, uint32 preferred_len)
+{
+	DEBUG(5, ("init_q_enum_trust_dom\n"));
+
+	q_e->pol = *pol;
+	q_e->enum_context = enum_context;
+	q_e->preferred_len = preferred_len;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes an LSA_Q_ENUM_TRUST_DOM structure.
+********************************************************************/
+
+BOOL lsa_io_q_enum_trust_dom(char *desc, LSA_Q_ENUM_TRUST_DOM *q_e, 
+			     prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "lsa_io_q_enum_trust_dom");
+	depth++;
+
+	if(!smb_io_pol_hnd("", &q_e->pol, ps, depth))
+		return False;
+
+	if(!prs_uint32("enum_context ", ps, depth, &q_e->enum_context))
+		return False;
+	if(!prs_uint32("preferred_len", ps, depth, &q_e->preferred_len))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits an LSA_R_ENUM_TRUST_DOM structure.
+********************************************************************/
+
+void init_r_enum_trust_dom(TALLOC_CTX *ctx, LSA_R_ENUM_TRUST_DOM *r_e, uint32 enum_context, 
+			   char *domain_name, DOM_SID *domain_sid,
+                           NTSTATUS status)
+{
+        DEBUG(5, ("init_r_enum_trust_dom\n"));
+	
+        r_e->enum_context = enum_context;
+	
+        if (NT_STATUS_IS_OK(status)) {
+                int len_domain_name = strlen(domain_name) + 1;
+		
+                r_e->num_domains  = 1;
+                r_e->ptr_enum_domains = 1;
+                r_e->num_domains2 = 1;
+		
+		if (!(r_e->hdr_domain_name = (UNIHDR2 *)talloc(ctx,sizeof(UNIHDR2))))
+			return;
+
+		if (!(r_e->uni_domain_name = (UNISTR2 *)talloc(ctx,sizeof(UNISTR2))))
+			return;
+
+		if (!(r_e->domain_sid = (DOM_SID2 *)talloc(ctx,sizeof(DOM_SID2))))
+			return;
+
+		init_uni_hdr2(&r_e->hdr_domain_name[0], len_domain_name);
+		init_unistr2 (&r_e->uni_domain_name[0], domain_name, 
+			      len_domain_name);
+		init_dom_sid2(&r_e->domain_sid[0], domain_sid);
+        } else {
+                r_e->num_domains = 0;
+                r_e->ptr_enum_domains = 0;
+        }
+	
+        r_e->status = status;
+}
+
+/*******************************************************************
+ Reads or writes an LSA_R_ENUM_TRUST_DOM structure.
+********************************************************************/
+
+BOOL lsa_io_r_enum_trust_dom(char *desc, LSA_R_ENUM_TRUST_DOM *r_e, 
+			     prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "lsa_io_r_enum_trust_dom");
+	depth++;
+
+	if(!prs_uint32("enum_context    ", ps, depth, &r_e->enum_context))
+		return False;
+	if(!prs_uint32("num_domains     ", ps, depth, &r_e->num_domains))
+		return False;
+	if(!prs_uint32("ptr_enum_domains", ps, depth, &r_e->ptr_enum_domains))
+		return False;
+
+	if (r_e->ptr_enum_domains) {
+		int i, num_domains;
+
+		if(!prs_uint32("num_domains2", ps, depth, &r_e->num_domains2))
+			return False;
+
+		num_domains = r_e->num_domains2;
+
+		if (UNMARSHALLING(ps)) {
+			if (!(r_e->hdr_domain_name = (UNIHDR2 *)prs_alloc_mem(ps,sizeof(UNIHDR2) * num_domains)))
+				return False;
+
+			if (!(r_e->uni_domain_name = (UNISTR2 *)prs_alloc_mem(ps,sizeof(UNISTR2) * num_domains)))
+				return False;
+
+			if (!(r_e->domain_sid = (DOM_SID2 *)prs_alloc_mem(ps,sizeof(DOM_SID2) * num_domains)))
+				return False;
+		}
+
+		for (i = 0; i < num_domains; i++) {
+			if(!smb_io_unihdr2 ("", &r_e->hdr_domain_name[i], ps, 
+					    depth))
+				return False;
+		}
+		
+		for (i = 0; i < num_domains; i++) {
+			if(!smb_io_unistr2 ("", &r_e->uni_domain_name[i],
+					    r_e->hdr_domain_name[i].buffer, 
+					    ps, depth))
+				return False;
+			if(!smb_io_dom_sid2("", &r_e->domain_sid[i], ps, 
+					    depth))
+				return False;
+		}
+	}
+
+	if(!prs_ntstatus("status", ps, depth, &r_e->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a dom query structure.
+********************************************************************/
+
+static BOOL lsa_io_dom_query(char *desc, DOM_QUERY *d_q, prs_struct *ps, int depth)
+{
+	if (d_q == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "lsa_io_dom_query");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint16("uni_dom_max_len", ps, depth, &d_q->uni_dom_max_len)) /* domain name string length * 2 */
+		return False;
+	if(!prs_uint16("uni_dom_str_len", ps, depth, &d_q->uni_dom_str_len)) /* domain name string length * 2 */
+		return False;
+
+	if(!prs_uint32("buffer_dom_name", ps, depth, &d_q->buffer_dom_name)) /* undocumented domain name string buffer pointer */
+		return False;
+	if(!prs_uint32("buffer_dom_sid ", ps, depth, &d_q->buffer_dom_sid)) /* undocumented domain SID string buffer pointer */
+		return False;
+
+	if(!smb_io_unistr2("unistr2", &d_q->uni_domain_name, d_q->buffer_dom_name, ps, depth)) /* domain name (unicode string) */
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if (d_q->buffer_dom_sid != 0) {
+		if(!smb_io_dom_sid2("", &d_q->dom_sid, ps, depth)) /* domain SID */
+			return False;
+	} else {
+		memset((char *)&d_q->dom_sid, '\0', sizeof(d_q->dom_sid));
+	}
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+static BOOL lsa_io_dom_query_2(char *desc, DOM_QUERY_2 *d_q, prs_struct *ps, int depth)
+{
+	uint32 ptr = 1;
+
+	if (d_q == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "lsa_io_dom_query_2");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+
+	if (!prs_uint32("auditing_enabled", ps, depth, &d_q->auditing_enabled))
+		return False;
+	if (!prs_uint32("ptr   ", ps, depth, &ptr))
+		return False;
+	if (!prs_uint32("count1", ps, depth, &d_q->count1))
+		return False;
+	if (!prs_uint32("count2", ps, depth, &d_q->count2))
+		return False;
+
+	if (UNMARSHALLING(ps)) {
+		d_q->auditsettings = (uint32 *)talloc_zero(ps->mem_ctx, d_q->count2 * sizeof(uint32));
+	}
+
+	if (d_q->auditsettings == NULL) {
+		DEBUG(1, ("lsa_io_dom_query_2: NULL auditsettings!\n"));
+		return False;
+	}
+
+	if (!prs_uint32s(False, "auditsettings", ps, depth, d_q->auditsettings, d_q->count2))
+		return False;
+
+    return True;
+}
+
+/*******************************************************************
+ Reads or writes a dom query structure.
+********************************************************************/
+
+static BOOL lsa_io_dom_query_3(char *desc, DOM_QUERY_3 *d_q, prs_struct *ps, int depth)
+{
+	return lsa_io_dom_query("", d_q, ps, depth);
+}
+
+/*******************************************************************
+ Reads or writes a dom query structure.
+********************************************************************/
+
+BOOL lsa_io_dom_query_5(char *desc, DOM_QUERY_5 *d_q, prs_struct *ps, int depth)
+{
+	return lsa_io_dom_query("", d_q, ps, depth);
+}
+
+/*******************************************************************
+ Reads or writes a dom query structure.
+********************************************************************/
+
+static BOOL lsa_io_dom_query_6(char *desc, DOM_QUERY_6 *d_q, prs_struct *ps, int depth)
+{
+	if (d_q == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "lsa_io_dom_query_6");
+	depth++;
+
+	if (!prs_uint16("server_role", ps, depth, &d_q->server_role))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes an LSA_R_QUERY_INFO structure.
+********************************************************************/
+
+BOOL lsa_io_r_query(char *desc, LSA_R_QUERY_INFO *r_q, prs_struct *ps,
+		    int depth)
+{
+	prs_debug(ps, depth, desc, "lsa_io_r_query");
+	depth++;
+
+	if(!prs_uint32("undoc_buffer", ps, depth, &r_q->undoc_buffer))
+		return False;
+
+	if (r_q->undoc_buffer != 0) {
+		if(!prs_uint16("info_class", ps, depth, &r_q->info_class))
+			return False;
+
+		if(!prs_align(ps))
+			return False;
+
+		switch (r_q->info_class) {
+		case 2:
+			if(!lsa_io_dom_query_2("", &r_q->dom.id2, ps, depth))
+				return False;
+			break;
+		case 3:
+			if(!lsa_io_dom_query_3("", &r_q->dom.id3, ps, depth))
+				return False;
+			break;
+		case 5:
+			if(!lsa_io_dom_query_5("", &r_q->dom.id5, ps, depth))
+				return False;
+			break;
+		case 6:
+			if(!lsa_io_dom_query_6("", &r_q->dom.id6, ps, depth))
+				return False;
+			break;
+		default:
+			/* PANIC! */
+			break;
+		}
+	}
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_ntstatus("status", ps, depth, &r_q->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a LSA_SID_ENUM structure.
+********************************************************************/
+
+void init_lsa_sid_enum(TALLOC_CTX *mem_ctx, LSA_SID_ENUM *sen, 
+		       int num_entries, DOM_SID *sids)
+{
+	int i;
+
+	DEBUG(5, ("init_lsa_sid_enum\n"));
+
+	sen->num_entries  = num_entries;
+	sen->ptr_sid_enum = (num_entries != 0);
+	sen->num_entries2 = num_entries;
+
+	/* Allocate memory for sids and sid pointers */
+
+	if (num_entries == 0) return;
+
+	if ((sen->ptr_sid = (uint32 *)talloc_zero(mem_ctx, num_entries * 
+					     sizeof(uint32))) == NULL) {
+		DEBUG(3, ("init_lsa_sid_enum(): out of memory for ptr_sid\n"));
+		return;
+	}
+
+	if ((sen->sid = (DOM_SID2 *)talloc_zero(mem_ctx, num_entries * 
+					   sizeof(DOM_SID2))) == NULL) {
+		DEBUG(3, ("init_lsa_sid_enum(): out of memory for sids\n"));
+		return;
+	}
+
+	/* Copy across SIDs and SID pointers */
+
+	for (i = 0; i < num_entries; i++) {
+		sen->ptr_sid[i] = 1;
+		init_dom_sid2(&sen->sid[i], &sids[i]);
+	}
+}
+
+/*******************************************************************
+ Reads or writes a LSA_SID_ENUM structure.
+********************************************************************/
+
+static BOOL lsa_io_sid_enum(char *desc, LSA_SID_ENUM *sen, prs_struct *ps, 
+			    int depth)
+{
+	int i;
+
+	prs_debug(ps, depth, desc, "lsa_io_sid_enum");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint32("num_entries ", ps, depth, &sen->num_entries))
+		return False;
+	if(!prs_uint32("ptr_sid_enum", ps, depth, &sen->ptr_sid_enum))
+		return False;
+
+	/*
+	   if the ptr is NULL, leave here. checked from a real w2k trace.
+	   JFM, 11/23/2001
+	 */
+	
+	if (sen->ptr_sid_enum==0)
+		return True;
+
+	if(!prs_uint32("num_entries2", ps, depth, &sen->num_entries2))
+		return False;
+
+	/* Mallocate memory if we're unpacking from the wire */
+
+	if (UNMARSHALLING(ps)) {
+		if ((sen->ptr_sid = (uint32 *)prs_alloc_mem( ps,
+			sen->num_entries * sizeof(uint32))) == NULL) {
+			DEBUG(3, ("init_lsa_sid_enum(): out of memory for "
+				  "ptr_sid\n"));
+			return False;
+		}
+
+		if ((sen->sid = (DOM_SID2 *)prs_alloc_mem( ps,
+			sen->num_entries * sizeof(DOM_SID2))) == NULL) {
+			DEBUG(3, ("init_lsa_sid_enum(): out of memory for "
+				  "sids\n"));
+			return False;
+		}
+	}
+
+	for (i = 0; i < sen->num_entries; i++) {	
+		fstring temp;
+
+		slprintf(temp, sizeof(temp) - 1, "ptr_sid[%d]", i);
+		if(!prs_uint32(temp, ps, depth, &sen->ptr_sid[i])) {
+			return False;
+		}
+	}
+
+	for (i = 0; i < sen->num_entries; i++) {
+		fstring temp;
+
+		slprintf(temp, sizeof(temp) - 1, "sid[%d]", i);
+		if(!smb_io_dom_sid2(temp, &sen->sid[i], ps, depth)) {
+			return False;
+		}
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ Inits an LSA_R_ENUM_TRUST_DOM structure.
+********************************************************************/
+
+void init_q_lookup_sids(TALLOC_CTX *mem_ctx, LSA_Q_LOOKUP_SIDS *q_l, 
+			POLICY_HND *hnd, int num_sids, DOM_SID *sids,
+			uint16 level)
+{
+	DEBUG(5, ("init_r_enum_trust_dom\n"));
+
+	ZERO_STRUCTP(q_l);
+
+	memcpy(&q_l->pol, hnd, sizeof(q_l->pol));
+	init_lsa_sid_enum(mem_ctx, &q_l->sids, num_sids, sids);
+	
+	q_l->level.value = level;
+}
+
+/*******************************************************************
+ Reads or writes a LSA_Q_LOOKUP_SIDS structure.
+********************************************************************/
+
+BOOL lsa_io_q_lookup_sids(char *desc, LSA_Q_LOOKUP_SIDS *q_s, prs_struct *ps,
+			  int depth)
+{
+	prs_debug(ps, depth, desc, "lsa_io_q_lookup_sids");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!smb_io_pol_hnd("pol_hnd", &q_s->pol, ps, depth)) /* policy handle */
+		return False;
+	if(!lsa_io_sid_enum("sids   ", &q_s->sids, ps, depth)) /* sids to be looked up */
+		return False;
+	if(!lsa_io_trans_names("names  ", &q_s->names, ps, depth)) /* translated names */
+		return False;
+	if(!smb_io_lookup_level("switch ", &q_s->level, ps, depth)) /* lookup level */
+		return False;
+
+	if(!prs_uint32("mapped_count", ps, depth, &q_s->mapped_count))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+static BOOL lsa_io_trans_names(char *desc, LSA_TRANS_NAME_ENUM *trn,
+                prs_struct *ps, int depth)
+{
+	int i;
+
+	prs_debug(ps, depth, desc, "lsa_io_trans_names");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+   
+	if(!prs_uint32("num_entries    ", ps, depth, &trn->num_entries))
+		return False;
+	if(!prs_uint32("ptr_trans_names", ps, depth, &trn->ptr_trans_names))
+		return False;
+
+	if (trn->ptr_trans_names != 0) {
+		if(!prs_uint32("num_entries2   ", ps, depth, 
+			       &trn->num_entries2))
+			return False;
+
+		if (UNMARSHALLING(ps)) {
+			if ((trn->name = (LSA_TRANS_NAME *)
+			     prs_alloc_mem(ps, trn->num_entries * 
+				    sizeof(LSA_TRANS_NAME))) == NULL) {
+				return False;
+			}
+
+			if ((trn->uni_name = (UNISTR2 *)
+			     prs_alloc_mem(ps, trn->num_entries *
+				    sizeof(UNISTR2))) == NULL) {
+				return False;
+			}
+		}
+
+		for (i = 0; i < trn->num_entries2; i++) {
+			fstring t;
+			slprintf(t, sizeof(t) - 1, "name[%d] ", i);
+
+			if(!lsa_io_trans_name(t, &trn->name[i], ps, depth)) /* translated name */
+				return False;
+		}
+
+		for (i = 0; i < trn->num_entries2; i++) {
+			fstring t;
+			slprintf(t, sizeof(t) - 1, "name[%d] ", i);
+
+			if(!smb_io_unistr2(t, &trn->uni_name[i], trn->name[i].hdr_name.buffer, ps, depth))
+				return False;
+			if(!prs_align(ps))
+				return False;
+		}
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL lsa_io_r_lookup_sids(char *desc, LSA_R_LOOKUP_SIDS *r_s, 
+			  prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "lsa_io_r_lookup_sids");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint32("ptr_dom_ref", ps, depth, &r_s->ptr_dom_ref))
+		return False;
+
+	if (r_s->ptr_dom_ref != 0)
+		if(!lsa_io_dom_r_ref ("dom_ref", r_s->dom_ref, ps, depth)) /* domain reference info */
+			return False;
+
+	if(!lsa_io_trans_names("names  ", r_s->names, ps, depth)) /* translated names */
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("mapped_count", ps, depth, &r_s->mapped_count))
+		return False;
+
+	if(!prs_ntstatus("status      ", ps, depth, &r_s->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+makes a structure.
+********************************************************************/
+
+void init_q_lookup_names(TALLOC_CTX *mem_ctx, LSA_Q_LOOKUP_NAMES *q_l, 
+			 POLICY_HND *hnd, int num_names, const char **names)
+{
+	int i;
+
+	DEBUG(5, ("init_q_lookup_names\n"));
+
+	ZERO_STRUCTP(q_l);
+
+	q_l->pol = *hnd;
+	q_l->num_entries = num_names;
+	q_l->num_entries2 = num_names;
+	q_l->lookup_level = 1;
+
+	if ((q_l->uni_name = (UNISTR2 *)talloc_zero(
+		mem_ctx, num_names * sizeof(UNISTR2))) == NULL) {
+		DEBUG(3, ("init_q_lookup_names(): out of memory\n"));
+		return;
+	}
+
+	if ((q_l->hdr_name = (UNIHDR *)talloc_zero(
+		mem_ctx, num_names * sizeof(UNIHDR))) == NULL) {
+		DEBUG(3, ("init_q_lookup_names(): out of memory\n"));
+		return;
+	}
+
+	for (i = 0; i < num_names; i++) {
+		int len;
+		len = strlen(names[i]);
+
+		init_uni_hdr(&q_l->hdr_name[i], len);
+		init_unistr2(&q_l->uni_name[i], names[i], len);
+	}
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL lsa_io_q_lookup_names(char *desc, LSA_Q_LOOKUP_NAMES *q_r, 
+			   prs_struct *ps, int depth)
+{
+	int i;
+
+	prs_debug(ps, depth, desc, "lsa_io_q_lookup_names");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("", &q_r->pol, ps, depth)) /* policy handle */
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+	if(!prs_uint32("num_entries    ", ps, depth, &q_r->num_entries))
+		return False;
+	if(!prs_uint32("num_entries2   ", ps, depth, &q_r->num_entries2))
+		return False;
+
+	if (UNMARSHALLING(ps)) {
+		if (q_r->num_entries) {
+			if ((q_r->hdr_name = (UNIHDR *)prs_alloc_mem(ps,
+					q_r->num_entries * sizeof(UNIHDR))) == NULL)
+				return False;
+			if ((q_r->uni_name = (UNISTR2 *)prs_alloc_mem(ps,
+					q_r->num_entries * sizeof(UNISTR2))) == NULL)
+				return False;
+		}
+	}
+
+	for (i = 0; i < q_r->num_entries; i++) {
+		if(!prs_align(ps))
+			return False;
+		if(!smb_io_unihdr("hdr_name", &q_r->hdr_name[i], ps, depth)) /* pointer names */
+			return False;
+	}
+
+	for (i = 0; i < q_r->num_entries; i++) {
+		if(!prs_align(ps))
+			return False;
+		if(!smb_io_unistr2("dom_name", &q_r->uni_name[i], q_r->hdr_name[i].buffer, ps, depth)) /* names to be looked up */
+			return False;
+	}
+
+	if(!prs_align(ps))
+		return False;
+	if(!prs_uint32("num_trans_entries ", ps, depth, &q_r->num_trans_entries))
+		return False;
+	if(!prs_uint32("ptr_trans_sids ", ps, depth, &q_r->ptr_trans_sids))
+		return False;
+	if(!prs_uint32("lookup_level   ", ps, depth, &q_r->lookup_level))
+		return False;
+	if(!prs_uint32("mapped_count   ", ps, depth, &q_r->mapped_count))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL lsa_io_r_lookup_names(char *desc, LSA_R_LOOKUP_NAMES *r_r, 
+			   prs_struct *ps, int depth)
+{
+	int i;
+
+	prs_debug(ps, depth, desc, "lsa_io_r_lookup_names");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_dom_ref", ps, depth, &r_r->ptr_dom_ref))
+		return False;
+
+	if (r_r->ptr_dom_ref != 0)
+		if(!lsa_io_dom_r_ref("", r_r->dom_ref, ps, depth))
+			return False;
+
+	if(!prs_uint32("num_entries", ps, depth, &r_r->num_entries))
+		return False;
+	if(!prs_uint32("ptr_entries", ps, depth, &r_r->ptr_entries))
+		return False;
+
+	if (r_r->ptr_entries != 0) {
+		if(!prs_uint32("num_entries2", ps, depth, &r_r->num_entries2))
+			return False;
+
+		if (r_r->num_entries2 != r_r->num_entries) {
+			/* RPC fault */
+			return False;
+		}
+
+		if (UNMARSHALLING(ps)) {
+			if ((r_r->dom_rid = (DOM_RID2 *)prs_alloc_mem(ps, r_r->num_entries2 * sizeof(DOM_RID2)))
+			    == NULL) {
+				DEBUG(3, ("lsa_io_r_lookup_names(): out of memory\n"));
+				return False;
+			}
+		}
+
+		for (i = 0; i < r_r->num_entries2; i++)
+			if(!smb_io_dom_rid2("", &r_r->dom_rid[i], ps, depth)) /* domain RIDs being looked up */
+				return False;
+	}
+
+	if(!prs_uint32("mapped_count", ps, depth, &r_r->mapped_count))
+		return False;
+
+	if(!prs_ntstatus("status      ", ps, depth, &r_r->status))
+		return False;
+
+	return True;
+}
+
+
+/*******************************************************************
+ Inits an LSA_Q_CLOSE structure.
+********************************************************************/
+
+void init_lsa_q_close(LSA_Q_CLOSE *q_c, POLICY_HND *hnd)
+{
+	DEBUG(5, ("init_lsa_q_close\n"));
+
+	memcpy(&q_c->pol, hnd, sizeof(q_c->pol));
+}
+
+/*******************************************************************
+ Reads or writes an LSA_Q_CLOSE structure.
+********************************************************************/
+
+BOOL lsa_io_q_close(char *desc, LSA_Q_CLOSE *q_c, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "lsa_io_q_close");
+	depth++;
+
+	if(!smb_io_pol_hnd("", &q_c->pol, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes an LSA_R_CLOSE structure.
+********************************************************************/
+
+BOOL lsa_io_r_close(char *desc,  LSA_R_CLOSE *r_c, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "lsa_io_r_close");
+	depth++;
+
+	if(!smb_io_pol_hnd("", &r_c->pol, ps, depth))
+		return False;
+
+	if(!prs_ntstatus("status", ps, depth, &r_c->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes an LSA_Q_OPEN_SECRET structure.
+********************************************************************/
+
+BOOL lsa_io_q_open_secret(char *desc, LSA_Q_OPEN_SECRET *q_c, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "lsa_io_q_open_secret");
+	depth++;
+
+	/* Don't bother to read or write at present... */
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes an LSA_R_OPEN_SECRET structure.
+********************************************************************/
+
+BOOL lsa_io_r_open_secret(char *desc, LSA_R_OPEN_SECRET *r_c, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "lsa_io_r_open_secret");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+   
+	if(!prs_uint32("dummy1", ps, depth, &r_c->dummy1))
+		return False;
+	if(!prs_uint32("dummy2", ps, depth, &r_c->dummy2))
+		return False;
+	if(!prs_uint32("dummy3", ps, depth, &r_c->dummy3))
+		return False;
+	if(!prs_uint32("dummy4", ps, depth, &r_c->dummy4))
+		return False;
+	if(!prs_ntstatus("status", ps, depth, &r_c->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits an LSA_Q_ENUM_PRIVS structure.
+********************************************************************/
+
+void init_q_enum_privs(LSA_Q_ENUM_PRIVS *q_q, POLICY_HND *hnd, uint32 enum_context, uint32 pref_max_length)
+{
+	DEBUG(5, ("init_q_enum_privs\n"));
+
+	memcpy(&q_q->pol, hnd, sizeof(q_q->pol));
+
+	q_q->enum_context = enum_context;
+	q_q->pref_max_length = pref_max_length;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+BOOL lsa_io_q_enum_privs(char *desc, LSA_Q_ENUM_PRIVS *q_q, prs_struct *ps, int depth)
+{
+	if (q_q == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "lsa_io_q_enum_privs");
+	depth++;
+
+	if (!smb_io_pol_hnd("", &q_q->pol, ps, depth))
+		return False;
+
+	if(!prs_uint32("enum_context   ", ps, depth, &q_q->enum_context))
+		return False;
+	if(!prs_uint32("pref_max_length", ps, depth, &q_q->pref_max_length))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+static BOOL lsa_io_priv_entries(char *desc, LSA_PRIV_ENTRY *entries, uint32 count, prs_struct *ps, int depth)
+{
+	uint32 i;
+
+	if (entries == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "lsa_io_priv_entries");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	for (i = 0; i < count; i++) {
+		if (!smb_io_unihdr("", &entries[i].hdr_name, ps, depth))
+			return False;
+		if(!prs_uint32("luid_low ", ps, depth, &entries[i].luid_low))
+			return False;
+		if(!prs_uint32("luid_high", ps, depth, &entries[i].luid_high))
+			return False;
+	}
+
+	for (i = 0; i < count; i++)
+		if (!smb_io_unistr2("", &entries[i].name, entries[i].hdr_name.buffer, ps, depth))
+			return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits an LSA_R_ENUM_PRIVS structure.
+********************************************************************/
+
+void init_lsa_r_enum_privs(LSA_R_ENUM_PRIVS *r_u, uint32 enum_context,
+			  uint32 count, LSA_PRIV_ENTRY *entries)
+{
+	DEBUG(5, ("init_lsa_r_enum_privs\n"));
+
+	r_u->enum_context=enum_context;
+	r_u->count=count;
+	
+	if (entries!=NULL) {
+		r_u->ptr=1;
+		r_u->count1=count;
+		r_u->privs=entries;
+	} else {
+		r_u->ptr=0;
+		r_u->count1=0;
+		r_u->privs=NULL;
+	}		
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+BOOL lsa_io_r_enum_privs(char *desc, LSA_R_ENUM_PRIVS *r_q, prs_struct *ps, int depth)
+{
+	if (r_q == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "lsa_io_r_enum_privs");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("enum_context", ps, depth, &r_q->enum_context))
+		return False;
+	if(!prs_uint32("count", ps, depth, &r_q->count))
+		return False;
+	if(!prs_uint32("ptr", ps, depth, &r_q->ptr))
+		return False;
+
+	if (r_q->ptr) {
+		if(!prs_uint32("count1", ps, depth, &r_q->count1))
+			return False;
+
+		if (UNMARSHALLING(ps))
+			if (!(r_q->privs = (LSA_PRIV_ENTRY *)prs_alloc_mem(ps, sizeof(LSA_PRIV_ENTRY) * r_q->count1)))
+				return False;
+
+		if (!lsa_io_priv_entries("", r_q->privs, r_q->count1, ps, depth))
+			return False;
+	}
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_ntstatus("status", ps, depth, &r_q->status))
+		return False;
+
+	return True;
+}
+
+void init_lsa_priv_get_dispname(LSA_Q_PRIV_GET_DISPNAME *trn, POLICY_HND *hnd, char *name, uint16 lang_id, uint16 lang_id_sys)
+{
+	int len_name = strlen(name);
+
+	if(len_name == 0)
+		len_name = 1;
+
+	memcpy(&trn->pol, hnd, sizeof(trn->pol));
+
+	init_uni_hdr(&trn->hdr_name, len_name);
+	init_unistr2(&trn->name, name, len_name);
+	trn->lang_id = lang_id;
+	trn->lang_id_sys = lang_id_sys;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+BOOL lsa_io_q_priv_get_dispname(char *desc, LSA_Q_PRIV_GET_DISPNAME *q_q, prs_struct *ps, int depth)
+{
+	if (q_q == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "lsa_io_q_priv_get_dispname");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if (!smb_io_pol_hnd("", &q_q->pol, ps, depth))
+		return False;
+
+	if (!smb_io_unihdr("hdr_name", &q_q->hdr_name, ps, depth))
+		return False;
+
+	if (!smb_io_unistr2("name", &q_q->name, q_q->hdr_name.buffer, ps, depth))
+		return False;
+
+	if(!prs_uint16("lang_id    ", ps, depth, &q_q->lang_id))
+		return False;
+	if(!prs_uint16("lang_id_sys", ps, depth, &q_q->lang_id_sys))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+BOOL lsa_io_r_priv_get_dispname(char *desc, LSA_R_PRIV_GET_DISPNAME *r_q, prs_struct *ps, int depth)
+{
+	if (r_q == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "lsa_io_r_priv_get_dispname");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+
+	if (!prs_uint32("ptr_info", ps, depth, &r_q->ptr_info))
+		return False;
+
+	if (r_q->ptr_info){
+		if (!smb_io_unihdr("hdr_name", &r_q->hdr_desc, ps, depth))
+			return False;
+
+		if (!smb_io_unistr2("desc", &r_q->desc, r_q->hdr_desc.buffer, ps, depth))
+			return False;
+	}
+/*
+	if(!prs_align(ps))
+		return False;
+*/
+	if(!prs_uint16("lang_id", ps, depth, &r_q->lang_id))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+	if(!prs_ntstatus("status", ps, depth, &r_q->status))
+		return False;
+
+	return True;
+}
+
+void init_lsa_q_enum_accounts(LSA_Q_ENUM_ACCOUNTS *trn, POLICY_HND *hnd, uint32 enum_context, uint32 pref_max_length)
+{
+	memcpy(&trn->pol, hnd, sizeof(trn->pol));
+
+	trn->enum_context = enum_context;
+	trn->pref_max_length = pref_max_length;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+BOOL lsa_io_q_enum_accounts(char *desc, LSA_Q_ENUM_ACCOUNTS *q_q, prs_struct *ps, int depth)
+{
+	if (q_q == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "lsa_io_q_enum_accounts");
+	depth++;
+
+	if (!smb_io_pol_hnd("", &q_q->pol, ps, depth))
+		return False;
+
+	if(!prs_uint32("enum_context   ", ps, depth, &q_q->enum_context))
+		return False;
+	if(!prs_uint32("pref_max_length", ps, depth, &q_q->pref_max_length))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits an LSA_R_ENUM_PRIVS structure.
+********************************************************************/
+
+void init_lsa_r_enum_accounts(LSA_R_ENUM_ACCOUNTS *r_u, uint32 enum_context)
+{
+	DEBUG(5, ("init_lsa_r_enum_accounts\n"));
+
+	r_u->enum_context=enum_context;
+	if (r_u->enum_context!=0) {
+		r_u->sids.num_entries=enum_context;
+		r_u->sids.ptr_sid_enum=1;
+		r_u->sids.num_entries2=enum_context;
+	} else {
+		r_u->sids.num_entries=0;
+		r_u->sids.ptr_sid_enum=0;
+		r_u->sids.num_entries2=0;
+	}
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+BOOL lsa_io_r_enum_accounts(char *desc, LSA_R_ENUM_ACCOUNTS *r_q, prs_struct *ps, int depth)
+{
+	if (r_q == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "lsa_io_r_enum_accounts");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("enum_context", ps, depth, &r_q->enum_context))
+		return False;
+
+	if (!lsa_io_sid_enum("sids", &r_q->sids, ps, depth))
+		return False;
+
+	if (!prs_align(ps))
+		return False;
+
+	if(!prs_ntstatus("status", ps, depth, &r_q->status))
+		return False;
+
+	return True;
+}
+
+
+/*******************************************************************
+ Reads or writes an LSA_Q_UNK_GET_CONNUSER structure.
+********************************************************************/
+
+BOOL lsa_io_q_unk_get_connuser(char *desc, LSA_Q_UNK_GET_CONNUSER *q_c, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "lsa_io_q_unk_get_connuser");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+   
+	if(!prs_uint32("ptr_srvname", ps, depth, &q_c->ptr_srvname))
+		return False;
+
+	if(!smb_io_unistr2("uni2_srvname", &q_c->uni2_srvname, q_c->ptr_srvname, ps, depth)) /* server name to be looked up */
+		return False;
+
+	if (!prs_align(ps))
+	  return False;
+
+	if(!prs_uint32("unk1", ps, depth, &q_c->unk1))
+		return False;
+	if(!prs_uint32("unk2", ps, depth, &q_c->unk2))
+		return False;
+	if(!prs_uint32("unk3", ps, depth, &q_c->unk3))
+		return False;
+
+	/* Don't bother to read or write at present... */
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes an LSA_R_UNK_GET_CONNUSER structure.
+********************************************************************/
+
+BOOL lsa_io_r_unk_get_connuser(char *desc, LSA_R_UNK_GET_CONNUSER *r_c, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "lsa_io_r_unk_get_connuser");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+   
+	if(!prs_uint32("ptr_user_name", ps, depth, &r_c->ptr_user_name))
+		return False;
+	if(!smb_io_unihdr("hdr_user_name", &r_c->hdr_user_name, ps, depth))
+		return False;
+	if(!smb_io_unistr2("uni2_user_name", &r_c->uni2_user_name, r_c->ptr_user_name, ps, depth))
+		return False;
+
+	if (!prs_align(ps))
+	  return False;
+	
+	if(!prs_uint32("unk1", ps, depth, &r_c->unk1))
+		return False;
+
+	if(!prs_uint32("ptr_dom_name", ps, depth, &r_c->ptr_dom_name))
+		return False;
+	if(!smb_io_unihdr("hdr_dom_name", &r_c->hdr_dom_name, ps, depth))
+		return False;
+	if(!smb_io_unistr2("uni2_dom_name", &r_c->uni2_dom_name, r_c->ptr_dom_name, ps, depth))
+		return False;
+
+	if (!prs_align(ps))
+	  return False;
+	
+	if(!prs_ntstatus("status", ps, depth, &r_c->status))
+		return False;
+
+	return True;
+}
+
+void init_lsa_q_open_account(LSA_Q_OPENACCOUNT *trn, POLICY_HND *hnd, DOM_SID *sid, uint32 desired_access)
+{
+	memcpy(&trn->pol, hnd, sizeof(trn->pol));
+
+	init_dom_sid2(&trn->sid, sid);
+	trn->access = desired_access;
+}
+
+/*******************************************************************
+ Reads or writes an LSA_Q_OPENACCOUNT structure.
+********************************************************************/
+
+BOOL lsa_io_q_open_account(char *desc, LSA_Q_OPENACCOUNT *r_c, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "lsa_io_q_open_account");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+ 
+	if(!smb_io_pol_hnd("pol", &r_c->pol, ps, depth))
+		return False;
+
+	if(!smb_io_dom_sid2("sid", &r_c->sid, ps, depth)) /* domain SID */
+		return False;
+
+ 	if(!prs_uint32("access", ps, depth, &r_c->access))
+		return False;
+  
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes an LSA_R_OPENACCOUNT structure.
+********************************************************************/
+
+BOOL lsa_io_r_open_account(char *desc, LSA_R_OPENACCOUNT  *r_c, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "lsa_io_r_open_account");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+ 
+	if(!smb_io_pol_hnd("pol", &r_c->pol, ps, depth))
+		return False;
+
+	if(!prs_ntstatus("status", ps, depth, &r_c->status))
+		return False;
+
+	return True;
+}
+
+
+void init_lsa_q_enum_privsaccount(LSA_Q_ENUMPRIVSACCOUNT *trn, POLICY_HND *hnd)
+{
+	memcpy(&trn->pol, hnd, sizeof(trn->pol));
+
+}
+
+/*******************************************************************
+ Reads or writes an LSA_Q_ENUMPRIVSACCOUNT structure.
+********************************************************************/
+
+BOOL lsa_io_q_enum_privsaccount(char *desc, LSA_Q_ENUMPRIVSACCOUNT *r_c, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "lsa_io_q_enum_privsaccount");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+ 
+	if(!smb_io_pol_hnd("pol", &r_c->pol, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes an LUID structure.
+********************************************************************/
+
+BOOL lsa_io_luid(char *desc, LUID *r_c, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "lsa_io_luid");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+ 
+	if(!prs_uint32("low", ps, depth, &r_c->low))
+		return False;
+
+	if(!prs_uint32("high", ps, depth, &r_c->high))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes an LUID_ATTR structure.
+********************************************************************/
+
+BOOL lsa_io_luid_attr(char *desc, LUID_ATTR *r_c, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "lsa_io_luid_attr");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+ 
+	if (!lsa_io_luid(desc, &r_c->luid, ps, depth))
+		return False;
+
+	if(!prs_uint32("attr", ps, depth, &r_c->attr))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes an PRIVILEGE_SET structure.
+********************************************************************/
+
+BOOL lsa_io_privilege_set(char *desc, PRIVILEGE_SET *r_c, prs_struct *ps, int depth)
+{
+	uint32 i;
+
+	prs_debug(ps, depth, desc, "lsa_io_privilege_set");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+ 
+	if(!prs_uint32("count", ps, depth, &r_c->count))
+		return False;
+	if(!prs_uint32("control", ps, depth, &r_c->control))
+		return False;
+
+	for (i=0; i<r_c->count; i++) {
+		if (!lsa_io_luid_attr(desc, &r_c->set[i], ps, depth))
+			return False;
+	}
+	
+	return True;
+}
+
+void init_lsa_r_enum_privsaccount(LSA_R_ENUMPRIVSACCOUNT *r_u, LUID_ATTR *set, uint32 count, uint32 control)
+{
+	r_u->ptr=1;
+	r_u->count=count;
+	r_u->set.set=set;
+	r_u->set.count=count;
+	r_u->set.control=control;
+	DEBUG(10,("init_lsa_r_enum_privsaccount: %d %d privileges\n", r_u->count, r_u->set.count));
+}
+
+/*******************************************************************
+ Reads or writes an LSA_R_ENUMPRIVSACCOUNT structure.
+********************************************************************/
+
+BOOL lsa_io_r_enum_privsaccount(char *desc, LSA_R_ENUMPRIVSACCOUNT *r_c, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "lsa_io_r_enum_privsaccount");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+ 
+	if(!prs_uint32("ptr", ps, depth, &r_c->ptr))
+		return False;
+
+	if (r_c->ptr!=0) {
+		if(!prs_uint32("count", ps, depth, &r_c->count))
+			return False;
+
+		/* malloc memory if unmarshalling here */
+
+		if (UNMARSHALLING(ps) && r_c->count!=0) {
+			if (!(r_c->set.set = (LUID_ATTR *)prs_alloc_mem(ps,sizeof(LUID_ATTR) * r_c->count)))
+				return False;
+
+		}
+		
+		if(!lsa_io_privilege_set(desc, &r_c->set, ps, depth))
+			return False;
+	}
+
+	if(!prs_ntstatus("status", ps, depth, &r_c->status))
+		return False;
+
+	return True;
+}
+
+
+
+/*******************************************************************
+ Reads or writes an  LSA_Q_GETSYSTEMACCOUNTstructure.
+********************************************************************/
+
+BOOL lsa_io_q_getsystemaccount(char *desc, LSA_Q_GETSYSTEMACCOUNT  *r_c, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "lsa_io_q_getsystemaccount");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+ 
+	if(!smb_io_pol_hnd("pol", &r_c->pol, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes an  LSA_R_GETSYSTEMACCOUNTstructure.
+********************************************************************/
+
+BOOL lsa_io_r_getsystemaccount(char *desc, LSA_R_GETSYSTEMACCOUNT  *r_c, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "lsa_io_r_getsystemaccount");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+ 
+	if(!prs_uint32("access", ps, depth, &r_c->access))
+		return False;
+
+	if(!prs_ntstatus("status", ps, depth, &r_c->status))
+		return False;
+
+	return True;
+}
+
+
+/*******************************************************************
+ Reads or writes an LSA_Q_SETSYSTEMACCOUNT structure.
+********************************************************************/
+
+BOOL lsa_io_q_setsystemaccount(char *desc, LSA_Q_SETSYSTEMACCOUNT  *r_c, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "lsa_io_q_setsystemaccount");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+ 
+	if(!smb_io_pol_hnd("pol", &r_c->pol, ps, depth))
+		return False;
+
+	if(!prs_uint32("access", ps, depth, &r_c->access))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes an LSA_R_SETSYSTEMACCOUNT structure.
+********************************************************************/
+
+BOOL lsa_io_r_setsystemaccount(char *desc, LSA_R_SETSYSTEMACCOUNT  *r_c, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "lsa_io_r_setsystemaccount");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+ 
+	if(!prs_ntstatus("status", ps, depth, &r_c->status))
+		return False;
+
+	return True;
+}
+
+
+void init_lsa_q_lookupprivvalue(LSA_Q_LOOKUPPRIVVALUE *trn, POLICY_HND *hnd, char *name)
+{
+	int len_name = strlen(name);
+	memcpy(&trn->pol, hnd, sizeof(trn->pol));
+
+	if(len_name == 0)
+		len_name = 1;
+
+	init_uni_hdr(&trn->hdr_right, len_name);
+	init_unistr2(&trn->uni2_right, name, len_name);
+}
+
+/*******************************************************************
+ Reads or writes an LSA_Q_LOOKUPPRIVVALUE  structure.
+********************************************************************/
+
+BOOL lsa_io_q_lookupprivvalue(char *desc, LSA_Q_LOOKUPPRIVVALUE  *r_c, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "lsa_io_q_lookupprivvalue");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+ 
+	if(!smb_io_pol_hnd("pol", &r_c->pol, ps, depth))
+		return False;
+	if(!smb_io_unihdr ("hdr_name", &r_c->hdr_right, ps, depth))
+		return False;
+	if(!smb_io_unistr2("uni2_right", &r_c->uni2_right, r_c->hdr_right.buffer, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes an  LSA_R_LOOKUPPRIVVALUE structure.
+********************************************************************/
+
+BOOL lsa_io_r_lookupprivvalue(char *desc, LSA_R_LOOKUPPRIVVALUE  *r_c, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "lsa_io_r_lookupprivvalue");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+		
+	if(!lsa_io_luid("luid", &r_c->luid, ps, depth))
+		return False;
+ 
+	if(!prs_ntstatus("status", ps, depth, &r_c->status))
+		return False;
+
+	return True;
+}
+
+
+/*******************************************************************
+ Reads or writes an LSA_Q_ADDPRIVS structure.
+********************************************************************/
+
+BOOL lsa_io_q_addprivs(char *desc, LSA_Q_ADDPRIVS *r_c, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "lsa_io_q_addprivs");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+ 
+	if(!smb_io_pol_hnd("pol", &r_c->pol, ps, depth))
+		return False;
+	
+	if(!prs_uint32("count", ps, depth, &r_c->count))
+		return False;
+
+	if (UNMARSHALLING(ps) && r_c->count!=0) {
+		if (!(r_c->set.set = (LUID_ATTR *)prs_alloc_mem(ps,sizeof(LUID_ATTR) * r_c->count)))
+			return False;
+	}
+	
+	if(!lsa_io_privilege_set(desc, &r_c->set, ps, depth))
+		return False;
+	
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes an LSA_R_ADDPRIVS structure.
+********************************************************************/
+
+BOOL lsa_io_r_addprivs(char *desc, LSA_R_ADDPRIVS *r_c, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "lsa_io_r_addprivs");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+ 
+	if(!prs_ntstatus("status", ps, depth, &r_c->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes an LSA_Q_REMOVEPRIVS structure.
+********************************************************************/
+
+BOOL lsa_io_q_removeprivs(char *desc, LSA_Q_REMOVEPRIVS *r_c, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "lsa_io_q_removeprivs");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+ 
+	if(!smb_io_pol_hnd("pol", &r_c->pol, ps, depth))
+		return False;
+	
+	if(!prs_uint32("allrights", ps, depth, &r_c->allrights))
+		return False;
+
+	if(!prs_uint32("ptr", ps, depth, &r_c->ptr))
+		return False;
+
+	/* 
+	 * JFM: I'm not sure at all if the count is inside the ptr
+	 * never seen one with ptr=0
+	 */
+
+	if (r_c->ptr!=0) {
+		if(!prs_uint32("count", ps, depth, &r_c->count))
+			return False;
+
+		if (UNMARSHALLING(ps) && r_c->count!=0) {
+			if (!(r_c->set.set = (LUID_ATTR *)prs_alloc_mem(ps,sizeof(LUID_ATTR) * r_c->count)))
+				return False;
+		}
+
+		if(!lsa_io_privilege_set(desc, &r_c->set, ps, depth))
+			return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes an LSA_R_REMOVEPRIVS structure.
+********************************************************************/
+
+BOOL lsa_io_r_removeprivs(char *desc, LSA_R_REMOVEPRIVS *r_c, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "lsa_io_r_removeprivs");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+ 
+	if(!prs_ntstatus("status", ps, depth, &r_c->status))
+		return False;
+
+	return True;
+}
+
+BOOL policy_handle_is_valid(const POLICY_HND *hnd)
+{
+	POLICY_HND zero_pol;
+
+	ZERO_STRUCT(zero_pol);
+	return ((memcmp(&zero_pol, hnd, sizeof(POLICY_HND)) == 0) ? False : True );
+}
diff --git a/source3/rpc_parse/parse_misc.c b/source3/rpc_parse/parse_misc.c
new file mode 100644
index 0000000000..73f285e320
--- /dev/null
+++ b/source3/rpc_parse/parse_misc.c
@@ -0,0 +1,1592 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell              1992-1997,
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
+ *  Copyright (C) Paul Ashton                       1997.
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+/****************************************************************************
+ A temporary TALLOC context for things like unistrs, that is valid for
+ the life of a complete RPC call.
+****************************************************************************/
+
+static TALLOC_CTX *current_rpc_talloc = NULL;
+
+TALLOC_CTX *get_current_rpc_talloc(void)
+{
+    return current_rpc_talloc;
+}
+
+void set_current_rpc_talloc( TALLOC_CTX *ctx)
+{
+	current_rpc_talloc = ctx;
+}
+
+static TALLOC_CTX *main_loop_talloc = NULL;
+
+/*******************************************************************
+free up temporary memory - called from the main loop
+********************************************************************/
+
+void main_loop_talloc_free(void)
+{
+    if (!main_loop_talloc)
+        return;
+    talloc_destroy(main_loop_talloc);
+    main_loop_talloc = NULL;
+}
+
+/*******************************************************************
+ Get a talloc context that is freed in the main loop...
+********************************************************************/
+
+TALLOC_CTX *main_loop_talloc_get(void)
+{
+    if (!main_loop_talloc) {
+        main_loop_talloc = talloc_init_named("main loop talloc (mainly parse_misc)");
+        if (!main_loop_talloc)
+            smb_panic("main_loop_talloc: malloc fail\n");
+    }
+
+    return main_loop_talloc;
+}
+
+/*******************************************************************
+ Try and get a talloc context. Get the rpc one if possible, else
+ get the main loop one. The main loop one is more dangerous as it
+ goes away between packets, the rpc one will stay around for as long
+ as a current RPC lasts.
+********************************************************************/ 
+
+TALLOC_CTX *get_talloc_ctx(void)
+{
+	TALLOC_CTX *tc = get_current_rpc_talloc();
+
+	if (tc)
+		return tc;
+	return main_loop_talloc_get();
+}
+
+/*******************************************************************
+ Reads or writes a UTIME type.
+********************************************************************/
+
+static BOOL smb_io_utime(char *desc, UTIME *t, prs_struct *ps, int depth)
+{
+	if (t == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "smb_io_utime");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint32 ("time", ps, depth, &t->time))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes an NTTIME structure.
+********************************************************************/
+
+BOOL smb_io_time(char *desc, NTTIME *nttime, prs_struct *ps, int depth)
+{
+	if (nttime == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "smb_io_time");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint32("low ", ps, depth, &nttime->low)) /* low part */
+		return False;
+	if(!prs_uint32("high", ps, depth, &nttime->high)) /* high part */
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a LOOKUP_LEVEL structure.
+********************************************************************/
+
+BOOL smb_io_lookup_level(char *desc, LOOKUP_LEVEL *level, prs_struct *ps, int depth)
+{
+	if (level == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "smb_io_lookup_level");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	if(!prs_uint16("value", ps, depth, &level->value))
+		return False;
+	if(!prs_align(ps))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Gets an enumeration handle from an ENUM_HND structure.
+********************************************************************/
+
+uint32 get_enum_hnd(ENUM_HND *enh)
+{
+	return (enh && enh->ptr_hnd != 0) ? enh->handle : 0;
+}
+
+/*******************************************************************
+ Inits an ENUM_HND structure.
+********************************************************************/
+
+void init_enum_hnd(ENUM_HND *enh, uint32 hnd)
+{
+	DEBUG(5,("smb_io_enum_hnd\n"));
+
+	enh->ptr_hnd = (hnd != 0) ? 1 : 0;
+	enh->handle = hnd;
+}
+
+/*******************************************************************
+ Reads or writes an ENUM_HND structure.
+********************************************************************/
+
+BOOL smb_io_enum_hnd(char *desc, ENUM_HND *hnd, prs_struct *ps, int depth)
+{
+	if (hnd == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "smb_io_enum_hnd");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint32("ptr_hnd", ps, depth, &hnd->ptr_hnd)) /* pointer */
+		return False;
+
+	if (hnd->ptr_hnd != 0) {
+		if(!prs_uint32("handle ", ps, depth, &hnd->handle )) /* enum handle */
+			return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a DOM_SID structure.
+********************************************************************/
+
+BOOL smb_io_dom_sid(char *desc, DOM_SID *sid, prs_struct *ps, int depth)
+{
+	int i;
+
+	if (sid == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "smb_io_dom_sid");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint8 ("sid_rev_num", ps, depth, &sid->sid_rev_num))
+		return False;
+	if(!prs_uint8 ("num_auths  ", ps, depth, &sid->num_auths))
+		return False;
+
+	for (i = 0; i < 6; i++)
+	{
+		fstring tmp;
+		slprintf(tmp, sizeof(tmp) - 1, "id_auth[%d] ", i);
+		if(!prs_uint8 (tmp, ps, depth, &sid->id_auth[i]))
+			return False;
+	}
+
+	/* oops! XXXX should really issue a warning here... */
+	if (sid->num_auths > MAXSUBAUTHS)
+		sid->num_auths = MAXSUBAUTHS;
+
+	if(!prs_uint32s(False, "sub_auths ", ps, depth, sid->sub_auths, sid->num_auths))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a DOM_SID structure.
+
+ BIG NOTE: this function only does SIDS where the identauth is not >= 2^32 
+ identauth >= 2^32 can be detected because it will be specified in hex
+********************************************************************/
+
+void init_dom_sid(DOM_SID *sid, char *str_sid)
+{
+	pstring domsid;
+	int identauth;
+	char *p;
+
+	if (str_sid == NULL)
+	{
+		DEBUG(4,("netlogon domain SID: none\n"));
+		sid->sid_rev_num = 0;
+		sid->num_auths = 0;
+		return;
+	}
+		
+	pstrcpy(domsid, str_sid);
+
+	DEBUG(4,("init_dom_sid %d SID:  %s\n", __LINE__, domsid));
+
+	/* assume, but should check, that domsid starts "S-" */
+	p = strtok(domsid+2,"-");
+	sid->sid_rev_num = atoi(p);
+
+	/* identauth in decimal should be <  2^32 */
+	/* identauth in hex     should be >= 2^32 */
+	identauth = atoi(strtok(0,"-"));
+
+	DEBUG(4,("netlogon rev %d\n", sid->sid_rev_num));
+	DEBUG(4,("netlogon %s ia %d\n", p, identauth));
+
+	sid->id_auth[0] = 0;
+	sid->id_auth[1] = 0;
+	sid->id_auth[2] = (identauth & 0xff000000) >> 24;
+	sid->id_auth[3] = (identauth & 0x00ff0000) >> 16;
+	sid->id_auth[4] = (identauth & 0x0000ff00) >> 8;
+	sid->id_auth[5] = (identauth & 0x000000ff);
+
+	sid->num_auths = 0;
+
+	while ((p = strtok(0, "-")) != NULL && sid->num_auths < MAXSUBAUTHS)
+		sid->sub_auths[sid->num_auths++] = atoi(p);
+
+	DEBUG(4,("init_dom_sid: %d SID:  %s\n", __LINE__, domsid));
+}
+
+/*******************************************************************
+ Inits a DOM_SID2 structure.
+********************************************************************/
+
+void init_dom_sid2(DOM_SID2 *sid2, const DOM_SID *sid)
+{
+	sid2->sid = *sid;
+	sid2->num_auths = sid2->sid.num_auths;
+}
+
+/*******************************************************************
+ Reads or writes a DOM_SID2 structure.
+********************************************************************/
+
+BOOL smb_io_dom_sid2(char *desc, DOM_SID2 *sid, prs_struct *ps, int depth)
+{
+	if (sid == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "smb_io_dom_sid2");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint32("num_auths", ps, depth, &sid->num_auths))
+		return False;
+
+	if(!smb_io_dom_sid("sid", &sid->sid, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+creates a STRHDR structure.
+********************************************************************/
+
+void init_str_hdr(STRHDR *hdr, int max_len, int len, uint32 buffer)
+{
+	hdr->str_max_len = max_len;
+	hdr->str_str_len = len;
+	hdr->buffer      = buffer;
+}
+
+/*******************************************************************
+ Reads or writes a STRHDR structure.
+********************************************************************/
+
+BOOL smb_io_strhdr(char *desc,  STRHDR *hdr, prs_struct *ps, int depth)
+{
+	if (hdr == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "smb_io_strhdr");
+	depth++;
+
+	prs_align(ps);
+	
+	if(!prs_uint16("str_str_len", ps, depth, &hdr->str_str_len))
+		return False;
+	if(!prs_uint16("str_max_len", ps, depth, &hdr->str_max_len))
+		return False;
+	if(!prs_uint32("buffer     ", ps, depth, &hdr->buffer))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a UNIHDR structure.
+********************************************************************/
+
+void init_uni_hdr(UNIHDR *hdr, int len)
+{
+	hdr->uni_str_len = 2 * len;
+	hdr->uni_max_len = 2 * len;
+	hdr->buffer      = len != 0 ? 1 : 0;
+}
+
+/*******************************************************************
+ Reads or writes a UNIHDR structure.
+********************************************************************/
+
+BOOL smb_io_unihdr(char *desc, UNIHDR *hdr, prs_struct *ps, int depth)
+{
+	if (hdr == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "smb_io_unihdr");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint16("uni_str_len", ps, depth, &hdr->uni_str_len))
+		return False;
+	if(!prs_uint16("uni_max_len", ps, depth, &hdr->uni_max_len))
+		return False;
+	if(!prs_uint32("buffer     ", ps, depth, &hdr->buffer))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a BUFHDR structure.
+********************************************************************/
+
+void init_buf_hdr(BUFHDR *hdr, int max_len, int len)
+{
+	hdr->buf_max_len = max_len;
+	hdr->buf_len     = len;
+}
+
+/*******************************************************************
+ prs_uint16 wrapper. Call this and it sets up a pointer to where the
+ uint16 should be stored, or gets the size if reading.
+ ********************************************************************/
+
+BOOL smb_io_hdrbuf_pre(char *desc, BUFHDR *hdr, prs_struct *ps, int depth, uint32 *offset)
+{
+	(*offset) = prs_offset(ps);
+	if (ps->io) {
+
+		/* reading. */
+
+		if(!smb_io_hdrbuf(desc, hdr, ps, depth))
+			return False;
+
+	} else {
+
+		/* writing. */
+
+		if(!prs_set_offset(ps, prs_offset(ps) + (sizeof(uint32) * 2)))
+			return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ smb_io_hdrbuf wrapper. Call this and it retrospectively stores the size.
+ Does nothing on reading, as that is already handled by ...._pre()
+ ********************************************************************/
+
+BOOL smb_io_hdrbuf_post(char *desc, BUFHDR *hdr, prs_struct *ps, int depth, 
+				uint32 ptr_hdrbuf, uint32 max_len, uint32 len)
+{
+	if (!ps->io) {
+		/* writing: go back and do a retrospective job.  i hate this */
+
+		uint32 old_offset = prs_offset(ps);
+
+		init_buf_hdr(hdr, max_len, len);
+		if(!prs_set_offset(ps, ptr_hdrbuf))
+			return False;
+		if(!smb_io_hdrbuf(desc, hdr, ps, depth))
+			return False;
+
+		if(!prs_set_offset(ps, old_offset))
+			return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a BUFHDR structure.
+********************************************************************/
+
+BOOL smb_io_hdrbuf(char *desc, BUFHDR *hdr, prs_struct *ps, int depth)
+{
+	if (hdr == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "smb_io_hdrbuf");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint32("buf_max_len", ps, depth, &hdr->buf_max_len))
+		return False;
+	if(!prs_uint32("buf_len    ", ps, depth, &hdr->buf_len))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+creates a UNIHDR2 structure.
+********************************************************************/
+
+void init_uni_hdr2(UNIHDR2 *hdr, int len)
+{
+	init_uni_hdr(&hdr->unihdr, len);
+	hdr->buffer = (len > 0) ? 1 : 0;
+}
+
+/*******************************************************************
+ Reads or writes a UNIHDR2 structure.
+********************************************************************/
+
+BOOL smb_io_unihdr2(char *desc, UNIHDR2 *hdr2, prs_struct *ps, int depth)
+{
+	if (hdr2 == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "smb_io_unihdr2");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_unihdr("hdr", &hdr2->unihdr, ps, depth))
+		return False;
+	if(!prs_uint32("buffer", ps, depth, &hdr2->buffer))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a UNISTR structure.
+********************************************************************/
+
+void init_unistr(UNISTR *str, const char *buf)
+{
+	size_t len;
+
+	if (buf == NULL) {
+		str->buffer = NULL;
+		return;
+	}
+		
+
+	len = strlen(buf) + 1;
+
+	if (len < MAX_UNISTRLEN)
+		len = MAX_UNISTRLEN;
+	len *= sizeof(uint16);
+
+	str->buffer = (uint16 *)talloc_zero(get_talloc_ctx(), len);
+	if (str->buffer == NULL)
+		smb_panic("init_unistr: malloc fail\n");
+
+	rpcstr_push(str->buffer, buf, len, STR_TERMINATE);
+}
+
+/*******************************************************************
+reads or writes a UNISTR structure.
+XXXX NOTE: UNISTR structures NEED to be null-terminated.
+********************************************************************/
+
+BOOL smb_io_unistr(char *desc, UNISTR *uni, prs_struct *ps, int depth)
+{
+	if (uni == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "smb_io_unistr");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	if(!prs_unistr("unistr", ps, depth, uni))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Allocate the BUFFER3 memory.
+********************************************************************/
+
+static void create_buffer3(BUFFER3 *str, size_t len)
+{
+	if (len < MAX_BUFFERLEN)
+		len = MAX_BUFFERLEN;
+
+    str->buffer = talloc_zero(get_talloc_ctx(), len);
+	if (str->buffer == NULL)
+		smb_panic("create_buffer3: talloc fail\n");
+
+}
+
+/*******************************************************************
+ Inits a BUFFER3 structure from a uint32
+********************************************************************/
+
+void init_buffer3_uint32(BUFFER3 *str, uint32 val)
+{
+	ZERO_STRUCTP(str);
+
+	/* set up string lengths. */
+	str->buf_max_len = sizeof(uint32);
+	str->buf_len     = sizeof(uint32);
+
+	create_buffer3(str, sizeof(uint32));
+	SIVAL(str->buffer, 0, val);
+}
+
+/*******************************************************************
+ Inits a BUFFER3 structure.
+********************************************************************/
+
+void init_buffer3_str(BUFFER3 *str, char *buf, int len)
+{
+	ZERO_STRUCTP(str);
+
+	/* set up string lengths. */
+	str->buf_max_len = len * 2;
+	str->buf_len = len * 2;
+
+	create_buffer3(str, str->buf_max_len);
+
+	rpcstr_push(str->buffer, buf, str->buf_max_len, STR_TERMINATE);
+	
+}
+
+/*******************************************************************
+ Inits a BUFFER3 structure from a hex string.
+********************************************************************/
+
+void init_buffer3_hex(BUFFER3 *str, char *buf)
+{
+	ZERO_STRUCTP(str);
+	create_buffer3(str, strlen(buf));
+	str->buf_max_len = str->buf_len = strhex_to_str((char *)str->buffer, sizeof(str->buffer), buf);
+}
+
+/*******************************************************************
+ Inits a BUFFER3 structure.
+********************************************************************/
+
+void init_buffer3_bytes(BUFFER3 *str, uint8 *buf, int len)
+{
+	ZERO_STRUCTP(str);
+
+	/* max buffer size (allocated size) */
+	str->buf_max_len = len;
+	if (buf != NULL) {
+		create_buffer3(str, len);
+		memcpy(str->buffer, buf, len);
+	}
+	str->buf_len = buf != NULL ? len : 0;
+}
+
+/*******************************************************************
+ Reads or writes a BUFFER3 structure.
+   the uni_max_len member tells you how large the buffer is.
+   the uni_str_len member tells you how much of the buffer is really used.
+********************************************************************/
+
+BOOL smb_io_buffer3(char *desc, BUFFER3 *buf3, prs_struct *ps, int depth)
+{
+	if (buf3 == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "smb_io_buffer3");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint32("uni_max_len", ps, depth, &buf3->buf_max_len))
+		return False;
+
+	if (UNMARSHALLING(ps)) {
+		buf3->buffer = (unsigned char *)prs_alloc_mem(ps, buf3->buf_max_len);
+		if (buf3->buffer == NULL)
+			return False;
+	}
+
+	if(!prs_uint8s(True, "buffer     ", ps, depth, buf3->buffer, buf3->buf_max_len))
+		return False;
+
+	if(!prs_uint32("buf_len    ", ps, depth, &buf3->buf_len))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a BUFFER5 structure.
+the buf_len member tells you how large the buffer is.
+********************************************************************/
+BOOL smb_io_buffer5(char *desc, BUFFER5 *buf5, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "smb_io_buffer5");
+	depth++;
+
+	if (buf5 == NULL) return False;
+
+	if(!prs_align(ps))
+		return False;
+	if(!prs_uint32("buf_len", ps, depth, &buf5->buf_len))
+		return False;
+
+
+	if(!prs_buffer5(True, "buffer" , ps, depth, buf5))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a BUFFER2 structure.
+********************************************************************/
+
+void init_buffer2(BUFFER2 *str, uint8 *buf, int len)
+{
+	ZERO_STRUCTP(str);
+
+	/* max buffer size (allocated size) */
+	str->buf_max_len = len;
+	str->undoc       = 0;
+	str->buf_len = buf != NULL ? len : 0;
+
+	if (buf != NULL) {
+		if (len < MAX_BUFFERLEN)
+			len = MAX_BUFFERLEN;
+		str->buffer = talloc_zero(get_talloc_ctx(), len);
+		if (str->buffer == NULL)
+			smb_panic("init_buffer2: talloc fail\n");
+		memcpy(str->buffer, buf, MIN(str->buf_len, len));
+	}
+}
+
+/*******************************************************************
+ Reads or writes a BUFFER2 structure.
+   the uni_max_len member tells you how large the buffer is.
+   the uni_str_len member tells you how much of the buffer is really used.
+********************************************************************/
+
+BOOL smb_io_buffer2(char *desc, BUFFER2 *buf2, uint32 buffer, prs_struct *ps, int depth)
+{
+	if (buf2 == NULL)
+		return False;
+
+	if (buffer) {
+
+		prs_debug(ps, depth, desc, "smb_io_buffer2");
+		depth++;
+
+		if(!prs_align(ps))
+			return False;
+		
+		if(!prs_uint32("uni_max_len", ps, depth, &buf2->buf_max_len))
+			return False;
+		if(!prs_uint32("undoc      ", ps, depth, &buf2->undoc))
+			return False;
+		if(!prs_uint32("buf_len    ", ps, depth, &buf2->buf_len))
+			return False;
+
+		/* buffer advanced by indicated length of string
+		   NOT by searching for null-termination */
+
+		if(!prs_buffer2(True, "buffer     ", ps, depth, buf2))
+			return False;
+
+	} else {
+
+		prs_debug(ps, depth, desc, "smb_io_buffer2 - NULL");
+		depth++;
+		memset((char *)buf2, '\0', sizeof(*buf2));
+
+	}
+	return True;
+}
+
+/*******************************************************************
+creates a UNISTR2 structure: sets up the buffer, too
+********************************************************************/
+
+void init_buf_unistr2(UNISTR2 *str, uint32 *ptr, const char *buf)
+{
+	if (buf != NULL) {
+
+		*ptr = 1;
+		init_unistr2(str, buf, strlen(buf)+1);
+
+	} else {
+
+		*ptr = 0;
+		init_unistr2(str, "", 0);
+
+	}
+}
+
+/*******************************************************************
+ Copies a UNISTR2 structure.
+********************************************************************/
+
+void copy_unistr2(UNISTR2 *str, const UNISTR2 *from)
+{
+
+	/* set up string lengths. add one if string is not null-terminated */
+	str->uni_max_len = from->uni_max_len;
+	str->undoc       = from->undoc;
+	str->uni_str_len = from->uni_str_len;
+
+	if (from->buffer == NULL)
+		return;
+		
+	/* the string buffer is allocated to the maximum size
+	   (the the length of the source string) to prevent
+	   reallocation of memory. */
+	if (str->buffer == NULL) {
+		size_t len = from->uni_max_len * sizeof(uint16);
+
+		if (len < MAX_UNISTRLEN)
+			len = MAX_UNISTRLEN;
+		len *= sizeof(uint16);
+
+   		str->buffer = (uint16 *)talloc_zero(get_talloc_ctx(), len);
+		if ((str->buffer == NULL) && (len > 0 ))
+		{
+			smb_panic("copy_unistr2: talloc fail\n");
+			return;
+		}
+	}
+
+	/* copy the string */
+	memcpy(str->buffer, from->buffer, from->uni_max_len*sizeof(uint16));
+}
+
+/*******************************************************************
+ Creates a STRING2 structure.
+********************************************************************/
+
+void init_string2(STRING2 *str, const char *buf, int max_len, int str_len)
+{
+	int alloc_len = 0;
+
+	/* set up string lengths. */
+	str->str_max_len = max_len;
+	str->undoc       = 0;
+	str->str_str_len = str_len;
+
+	/* store the string */
+	if(str_len != 0) {
+		if (str_len < MAX_STRINGLEN)
+			alloc_len = MAX_STRINGLEN;
+		str->buffer = talloc_zero(get_talloc_ctx(), alloc_len);
+		if (str->buffer == NULL)
+			smb_panic("init_string2: malloc fail\n");
+		memcpy(str->buffer, buf, str_len);
+  }
+}
+
+/*******************************************************************
+ Reads or writes a STRING2 structure.
+ XXXX NOTE: STRING2 structures need NOT be null-terminated.
+   the str_str_len member tells you how long the string is;
+   the str_max_len member tells you how large the buffer is.
+********************************************************************/
+
+BOOL smb_io_string2(char *desc, STRING2 *str2, uint32 buffer, prs_struct *ps, int depth)
+{
+	if (str2 == NULL)
+		return False;
+
+	if (buffer) {
+
+		prs_debug(ps, depth, desc, "smb_io_string2");
+		depth++;
+
+		if(!prs_align(ps))
+			return False;
+		
+		if(!prs_uint32("str_max_len", ps, depth, &str2->str_max_len))
+			return False;
+		if(!prs_uint32("undoc      ", ps, depth, &str2->undoc))
+			return False;
+		if(!prs_uint32("str_str_len", ps, depth, &str2->str_str_len))
+			return False;
+
+		/* buffer advanced by indicated length of string
+		   NOT by searching for null-termination */
+		if(!prs_string2(True, "buffer     ", ps, depth, str2))
+			return False;
+
+	} else {
+
+		prs_debug(ps, depth, desc, "smb_io_string2 - NULL");
+		depth++;
+		memset((char *)str2, '\0', sizeof(*str2));
+
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a UNISTR2 structure.
+********************************************************************/
+
+void init_unistr2(UNISTR2 *str, const char *buf, size_t len)
+{
+	ZERO_STRUCTP(str);
+
+	/* set up string lengths. */
+	str->uni_max_len = (uint32)len;
+	str->undoc       = 0;
+	str->uni_str_len = (uint32)len;
+
+	if (len < MAX_UNISTRLEN)
+		len = MAX_UNISTRLEN;
+	len *= sizeof(uint16);
+
+	str->buffer = (uint16 *)talloc_zero(get_talloc_ctx(), len);
+	if ((str->buffer == NULL) && (len > 0))
+	{
+		smb_panic("init_unistr2: malloc fail\n");
+		return;
+	}
+
+	/*
+	 * don't move this test above ! The UNISTR2 must be initialized !!!
+	 * jfm, 7/7/2001.
+	 */
+	if (buf==NULL)
+		return;
+
+	rpcstr_push((char *)str->buffer, buf, len, STR_TERMINATE);
+}
+
+/*******************************************************************
+ Inits a UNISTR2 structure from a UNISTR
+********************************************************************/
+void init_unistr2_from_unistr (UNISTR2 *to, UNISTR *from)
+{
+
+	uint32 i;
+
+	/* the destination UNISTR2 should never be NULL.
+	   if it is it is a programming error */
+
+	/* if the source UNISTR is NULL, then zero out
+	   the destination string and return */
+	ZERO_STRUCTP (to);
+	if ((from == NULL) || (from->buffer == NULL))
+		return;
+
+	/* get the length; UNISTR must be NULL terminated */
+	i = 0;
+	while ((from->buffer)[i]!='\0')
+		i++;
+	i++;	/* one more to catch the terminating NULL */
+		/* is this necessary -- jerry?  I need to think */
+
+	/* set up string lengths; uni_max_len is set to i+1
+           because we need to account for the final NULL termination */
+	to->uni_max_len = i;
+	to->undoc       = 0;
+	to->uni_str_len = i;
+
+	/* allocate the space and copy the string buffer */
+	to->buffer = (uint16 *)talloc_zero(get_talloc_ctx(), sizeof(uint16)*(to->uni_str_len));
+	if (to->buffer == NULL)
+		smb_panic("init_unistr2_from_unistr: malloc fail\n");
+	memcpy(to->buffer, from->buffer, to->uni_max_len*sizeof(uint16));
+		
+	return;
+}
+
+
+/*******************************************************************
+ Reads or writes a UNISTR2 structure.
+ XXXX NOTE: UNISTR2 structures need NOT be null-terminated.
+   the uni_str_len member tells you how long the string is;
+   the uni_max_len member tells you how large the buffer is.
+********************************************************************/
+
+BOOL smb_io_unistr2(char *desc, UNISTR2 *uni2, uint32 buffer, prs_struct *ps, int depth)
+{
+	if (uni2 == NULL)
+		return False;
+
+	if (buffer) {
+
+		prs_debug(ps, depth, desc, "smb_io_unistr2");
+		depth++;
+
+		if(!prs_align(ps))
+			return False;
+		
+		if(!prs_uint32("uni_max_len", ps, depth, &uni2->uni_max_len))
+			return False;
+		if(!prs_uint32("undoc      ", ps, depth, &uni2->undoc))
+			return False;
+		if(!prs_uint32("uni_str_len", ps, depth, &uni2->uni_str_len))
+			return False;
+
+		/* buffer advanced by indicated length of string
+		   NOT by searching for null-termination */
+		if(!prs_unistr2(True, "buffer     ", ps, depth, uni2))
+			return False;
+
+	} else {
+
+		prs_debug(ps, depth, desc, "smb_io_unistr2 - NULL");
+		depth++;
+		memset((char *)uni2, '\0', sizeof(*uni2));
+
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a DOM_RID2 structure.
+********************************************************************/
+
+void init_dom_rid2(DOM_RID2 *rid2, uint32 rid, uint8 type, uint32 idx)
+{
+	rid2->type    = type;
+	rid2->rid     = rid;
+	rid2->rid_idx = idx;
+}
+
+/*******************************************************************
+ Reads or writes a DOM_RID2 structure.
+********************************************************************/
+
+BOOL smb_io_dom_rid2(char *desc, DOM_RID2 *rid2, prs_struct *ps, int depth)
+{
+	if (rid2 == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "smb_io_dom_rid2");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+   
+	if(!prs_uint8("type   ", ps, depth, &rid2->type))
+		return False;
+	if(!prs_align(ps))
+		return False;
+	if(!prs_uint32("rid    ", ps, depth, &rid2->rid))
+		return False;
+	if(!prs_uint32("rid_idx", ps, depth, &rid2->rid_idx))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+creates a DOM_RID3 structure.
+********************************************************************/
+
+void init_dom_rid3(DOM_RID3 *rid3, uint32 rid, uint8 type)
+{
+    rid3->rid      = rid;
+    rid3->type1    = type;
+    rid3->ptr_type = 0x1; /* non-zero, basically. */
+    rid3->type2    = 0x1;
+    rid3->unk      = type;
+}
+
+/*******************************************************************
+reads or writes a DOM_RID3 structure.
+********************************************************************/
+
+BOOL smb_io_dom_rid3(char *desc, DOM_RID3 *rid3, prs_struct *ps, int depth)
+{
+	if (rid3 == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "smb_io_dom_rid3");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("rid     ", ps, depth, &rid3->rid))
+		return False;
+	if(!prs_uint32("type1   ", ps, depth, &rid3->type1))
+		return False;
+	if(!prs_uint32("ptr_type", ps, depth, &rid3->ptr_type))
+		return False;
+	if(!prs_uint32("type2   ", ps, depth, &rid3->type2))
+		return False;
+	if(!prs_uint32("unk     ", ps, depth, &rid3->unk))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a DOM_RID4 structure.
+********************************************************************/
+
+void init_dom_rid4(DOM_RID4 *rid4, uint16 unknown, uint16 attr, uint32 rid)
+{
+    rid4->unknown = unknown;
+    rid4->attr    = attr;
+    rid4->rid     = rid;
+}
+
+/*******************************************************************
+ Inits a DOM_CLNT_SRV structure.
+********************************************************************/
+
+static void init_clnt_srv(DOM_CLNT_SRV *log, char *logon_srv, char *comp_name)
+{
+	DEBUG(5,("init_clnt_srv: %d\n", __LINE__));
+
+	if (logon_srv != NULL) {
+		log->undoc_buffer = 1;
+		init_unistr2(&log->uni_logon_srv, logon_srv, strlen(logon_srv)+1);
+	} else {
+		log->undoc_buffer = 0;
+	}
+
+	if (comp_name != NULL) {
+		log->undoc_buffer2 = 1;
+		init_unistr2(&log->uni_comp_name, comp_name, strlen(comp_name)+1);
+	} else {
+		log->undoc_buffer2 = 0;
+	}
+}
+
+/*******************************************************************
+ Inits or writes a DOM_CLNT_SRV structure.
+********************************************************************/
+
+static BOOL smb_io_clnt_srv(char *desc, DOM_CLNT_SRV *log, prs_struct *ps, int depth)
+{
+	if (log == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "smb_io_clnt_srv");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint32("undoc_buffer ", ps, depth, &log->undoc_buffer))
+		return False;
+
+	if (log->undoc_buffer != 0) {
+		if(!smb_io_unistr2("unistr2", &log->uni_logon_srv, log->undoc_buffer, ps, depth))
+			return False;
+	}
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("undoc_buffer2", ps, depth, &log->undoc_buffer2))
+		return False;
+
+	if (log->undoc_buffer2 != 0) {
+		if(!smb_io_unistr2("unistr2", &log->uni_comp_name, log->undoc_buffer2, ps, depth))
+			return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a DOM_LOG_INFO structure.
+********************************************************************/
+
+void init_log_info(DOM_LOG_INFO *log, const char *logon_srv, const char *acct_name,
+		uint16 sec_chan, const char *comp_name)
+{
+	DEBUG(5,("make_log_info %d\n", __LINE__));
+
+	log->undoc_buffer = 1;
+
+	init_unistr2(&log->uni_logon_srv, logon_srv, strlen(logon_srv)+1);
+	init_unistr2(&log->uni_acct_name, acct_name, strlen(acct_name)+1);
+
+	log->sec_chan = sec_chan;
+
+	init_unistr2(&log->uni_comp_name, comp_name, strlen(comp_name)+1);
+}
+
+/*******************************************************************
+ Reads or writes a DOM_LOG_INFO structure.
+********************************************************************/
+
+BOOL smb_io_log_info(char *desc, DOM_LOG_INFO *log, prs_struct *ps, int depth)
+{
+	if (log == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "smb_io_log_info");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint32("undoc_buffer", ps, depth, &log->undoc_buffer))
+		return False;
+
+	if(!smb_io_unistr2("unistr2", &log->uni_logon_srv, True, ps, depth))
+		return False;
+	if(!smb_io_unistr2("unistr2", &log->uni_acct_name, True, ps, depth))
+		return False;
+
+	if(!prs_uint16("sec_chan", ps, depth, &log->sec_chan))
+		return False;
+
+	if(!smb_io_unistr2("unistr2", &log->uni_comp_name, True, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a DOM_CHAL structure.
+********************************************************************/
+
+BOOL smb_io_chal(char *desc, DOM_CHAL *chal, prs_struct *ps, int depth)
+{
+	if (chal == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "smb_io_chal");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint8s (False, "data", ps, depth, chal->data, 8))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a DOM_CRED structure.
+********************************************************************/
+
+BOOL smb_io_cred(char *desc,  DOM_CRED *cred, prs_struct *ps, int depth)
+{
+	if (cred == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "smb_io_cred");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_chal ("", &cred->challenge, ps, depth))
+		return False;
+
+	if(!smb_io_utime("", &cred->timestamp, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a DOM_CLNT_INFO2 structure.
+********************************************************************/
+
+void init_clnt_info2(DOM_CLNT_INFO2 *clnt,
+				char *logon_srv, char *comp_name,
+				DOM_CRED *clnt_cred)
+{
+	DEBUG(5,("make_clnt_info: %d\n", __LINE__));
+
+	init_clnt_srv(&(clnt->login), logon_srv, comp_name);
+
+	if (clnt_cred != NULL) {
+		clnt->ptr_cred = 1;
+		memcpy(&(clnt->cred), clnt_cred, sizeof(clnt->cred));
+	} else {
+		clnt->ptr_cred = 0;
+	}
+}
+
+/*******************************************************************
+ Reads or writes a DOM_CLNT_INFO2 structure.
+********************************************************************/
+
+BOOL smb_io_clnt_info2(char *desc, DOM_CLNT_INFO2 *clnt, prs_struct *ps, int depth)
+{
+	if (clnt == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "smb_io_clnt_info2");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!smb_io_clnt_srv("", &clnt->login, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint32("ptr_cred", ps, depth, &clnt->ptr_cred))
+		return False;
+	if(!smb_io_cred("", &clnt->cred, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a DOM_CLNT_INFO structure.
+********************************************************************/
+
+void init_clnt_info(DOM_CLNT_INFO *clnt,
+		char *logon_srv, char *acct_name,
+		uint16 sec_chan, char *comp_name,
+				DOM_CRED *cred)
+{
+	DEBUG(5,("make_clnt_info\n"));
+
+	init_log_info(&clnt->login, logon_srv, acct_name, sec_chan, comp_name);
+	memcpy(&clnt->cred, cred, sizeof(clnt->cred));
+}
+
+/*******************************************************************
+ Reads or writes a DOM_CLNT_INFO structure.
+********************************************************************/
+
+BOOL smb_io_clnt_info(char *desc,  DOM_CLNT_INFO *clnt, prs_struct *ps, int depth)
+{
+	if (clnt == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "smb_io_clnt_info");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!smb_io_log_info("", &clnt->login, ps, depth))
+		return False;
+	if(!smb_io_cred("", &clnt->cred, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a DOM_LOGON_ID structure.
+********************************************************************/
+
+void init_logon_id(DOM_LOGON_ID *log, uint32 log_id_low, uint32 log_id_high)
+{
+	DEBUG(5,("make_logon_id: %d\n", __LINE__));
+
+	log->low  = log_id_low;
+	log->high = log_id_high;
+}
+
+/*******************************************************************
+ Reads or writes a DOM_LOGON_ID structure.
+********************************************************************/
+
+BOOL smb_io_logon_id(char *desc, DOM_LOGON_ID *log, prs_struct *ps, int depth)
+{
+	if (log == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "smb_io_logon_id");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint32("low ", ps, depth, &log->low ))
+		return False;
+	if(!prs_uint32("high", ps, depth, &log->high))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits an OWF_INFO structure.
+********************************************************************/
+
+void init_owf_info(OWF_INFO *hash, uint8 data[16])
+{
+	DEBUG(5,("init_owf_info: %d\n", __LINE__));
+	
+	if (data != NULL)
+		memcpy(hash->data, data, sizeof(hash->data));
+	else
+		memset((char *)hash->data, '\0', sizeof(hash->data));
+}
+
+/*******************************************************************
+ Reads or writes an OWF_INFO structure.
+********************************************************************/
+
+BOOL smb_io_owf_info(char *desc, OWF_INFO *hash, prs_struct *ps, int depth)
+{
+	if (hash == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "smb_io_owf_info");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint8s (False, "data", ps, depth, hash->data, 16))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a DOM_GID structure.
+********************************************************************/
+
+BOOL smb_io_gid(char *desc,  DOM_GID *gid, prs_struct *ps, int depth)
+{
+	if (gid == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "smb_io_gid");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint32("g_rid", ps, depth, &gid->g_rid))
+		return False;
+	if(!prs_uint32("attr ", ps, depth, &gid->attr))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes an POLICY_HND structure.
+********************************************************************/
+
+BOOL smb_io_pol_hnd(char *desc, POLICY_HND *pol, prs_struct *ps, int depth)
+{
+	if (pol == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "smb_io_pol_hnd");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(UNMARSHALLING(ps))
+		ZERO_STRUCTP(pol);
+	
+	if (!prs_uint32("data1", ps, depth, &pol->data1))
+		return False;
+	if (!prs_uint32("data2", ps, depth, &pol->data2))
+		return False;
+	if (!prs_uint16("data3", ps, depth, &pol->data3))
+		return False;
+	if (!prs_uint16("data4", ps, depth, &pol->data4))
+		return False;
+	if(!prs_uint8s (False, "data5", ps, depth, pol->data5, sizeof(pol->data5)))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Create a UNISTR3.
+********************************************************************/
+
+void init_unistr3(UNISTR3 *str, const char *buf)
+{
+	size_t len;
+
+	if (buf == NULL) {
+		str->uni_str_len=0;
+		str->str.buffer = NULL;
+		return;
+	}
+
+	len = strlen(buf) + 1;
+
+	str->uni_str_len=len;
+
+	if (len < MAX_UNISTRLEN)
+		len = MAX_UNISTRLEN;
+
+	len *= sizeof(uint16);
+
+	str->str.buffer = (uint16 *)talloc_zero(get_talloc_ctx(), len);
+	if (str->str.buffer == NULL)
+		smb_panic("init_unistr3: malloc fail\n");
+
+	rpcstr_push((char *)str->str.buffer, buf, len, STR_TERMINATE);
+}
+
+/*******************************************************************
+ Reads or writes a UNISTR3 structure.
+********************************************************************/
+
+BOOL smb_io_unistr3(char *desc, UNISTR3 *name, prs_struct *ps, int depth)
+{
+	if (name == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "smb_io_unistr3");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint32("uni_str_len", ps, depth, &name->uni_str_len))
+		return False;
+
+	/* don't know if len is specified by uni_str_len member... */
+	/* assume unicode string is unicode-null-terminated, instead */
+
+	if(!prs_unistr3(True, "unistr", name, ps, depth))
+		return False;
+
+	return True;
+}
+
+
+/*******************************************************************
+ Stream a uint64_struct
+ ********************************************************************/
+BOOL prs_uint64(char *name, prs_struct *ps, int depth, UINT64_S *data64)
+{
+	return prs_uint32(name, ps, depth+1, &data64->low) &&
+		prs_uint32(name, ps, depth+1, &data64->high);
+}
+
+/*******************************************************************
+reads or writes a BUFHDR2 structure.
+********************************************************************/
+BOOL smb_io_bufhdr2(char *desc, BUFHDR2 *hdr, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "smb_io_bufhdr2");
+	depth++;
+
+	prs_align(ps);
+	prs_uint32("info_level", ps, depth, &(hdr->info_level));
+	prs_uint32("length    ", ps, depth, &(hdr->length    ));
+	prs_uint32("buffer    ", ps, depth, &(hdr->buffer    ));
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a BUFFER4 structure.
+********************************************************************/
+BOOL smb_io_buffer4(char *desc, BUFFER4 *buf4, uint32 buffer, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "smb_io_buffer4");
+	depth++;
+
+	prs_align(ps);
+	prs_uint32("buf_len", ps, depth, &(buf4->buf_len));
+
+	if (buf4->buf_len > MAX_BUFFERLEN)
+	{
+		buf4->buf_len = MAX_BUFFERLEN;
+	}
+
+	prs_uint8s(True, "buffer", ps, depth, buf4->buffer, buf4->buf_len);
+
+	return True;
+}
+
+/*******************************************************************
+creates a UNIHDR structure.
+********************************************************************/
+
+BOOL make_uni_hdr(UNIHDR *hdr, int len)
+{
+	if (hdr == NULL)
+	{
+		return False;
+	}
+	hdr->uni_str_len = 2 * len;
+	hdr->uni_max_len = 2 * len;
+	hdr->buffer      = len != 0 ? 1 : 0;
+
+	return True;
+}
+
+/*******************************************************************
+creates a BUFHDR2 structure.
+********************************************************************/
+BOOL make_bufhdr2(BUFHDR2 *hdr, uint32 info_level, uint32 length, uint32 buffer)
+{
+	hdr->info_level = info_level;
+	hdr->length     = length;
+	hdr->buffer     = buffer;
+
+	return True;
+}
diff --git a/source3/rpc_parse/parse_net.c b/source3/rpc_parse/parse_net.c
new file mode 100644
index 0000000000..afbdf6dc57
--- /dev/null
+++ b/source3/rpc_parse/parse_net.c
@@ -0,0 +1,2910 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell              1992-1997,
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
+ *  Copyright (C) Paul Ashton                       1997.
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+static BOOL net_io_neg_flags(char *desc, NEG_FLAGS *neg, prs_struct *ps, int depth)
+{
+	if (neg == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "net_io_neg_flags");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint32("neg_flags", ps, depth, &neg->neg_flags))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a NETLOGON_INFO_3 structure.
+********************************************************************/
+
+static void init_netinfo_3(NETLOGON_INFO_3 *info, uint32 flags, uint32 logon_attempts)
+{
+	info->flags          = flags;
+	info->logon_attempts = logon_attempts;
+	info->reserved_1     = 0x0;
+	info->reserved_2     = 0x0;
+	info->reserved_3     = 0x0;
+	info->reserved_4     = 0x0;
+	info->reserved_5     = 0x0;
+}
+
+/*******************************************************************
+ Reads or writes a NETLOGON_INFO_3 structure.
+********************************************************************/
+
+static BOOL net_io_netinfo_3(char *desc,  NETLOGON_INFO_3 *info, prs_struct *ps, int depth)
+{
+	if (info == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "net_io_netinfo_3");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("flags         ", ps, depth, &info->flags))
+		return False;
+	if(!prs_uint32("logon_attempts", ps, depth, &info->logon_attempts))
+		return False;
+	if(!prs_uint32("reserved_1    ", ps, depth, &info->reserved_1))
+		return False;
+	if(!prs_uint32("reserved_2    ", ps, depth, &info->reserved_2))
+		return False;
+	if(!prs_uint32("reserved_3    ", ps, depth, &info->reserved_3))
+		return False;
+	if(!prs_uint32("reserved_4    ", ps, depth, &info->reserved_4))
+		return False;
+	if(!prs_uint32("reserved_5    ", ps, depth, &info->reserved_5))
+		return False;
+
+	return True;
+}
+
+
+/*******************************************************************
+ Inits a NETLOGON_INFO_1 structure.
+********************************************************************/
+
+static void init_netinfo_1(NETLOGON_INFO_1 *info, uint32 flags, uint32 pdc_status)
+{
+	info->flags      = flags;
+	info->pdc_status = pdc_status;
+}
+
+/*******************************************************************
+ Reads or writes a NETLOGON_INFO_1 structure.
+********************************************************************/
+
+static BOOL net_io_netinfo_1(char *desc, NETLOGON_INFO_1 *info, prs_struct *ps, int depth)
+{
+	if (info == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "net_io_netinfo_1");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint32("flags     ", ps, depth, &info->flags))
+		return False;
+	if(!prs_uint32("pdc_status", ps, depth, &info->pdc_status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a NETLOGON_INFO_2 structure.
+********************************************************************/
+
+static void init_netinfo_2(NETLOGON_INFO_2 *info, uint32 flags, uint32 pdc_status,
+				uint32 tc_status, char *trusted_dc_name)
+{
+	int len_dc_name = strlen(trusted_dc_name);
+	info->flags      = flags;
+	info->pdc_status = pdc_status;
+	info->ptr_trusted_dc_name = 1;
+	info->tc_status  = tc_status;
+
+	if (trusted_dc_name != NULL)
+		init_unistr2(&info->uni_trusted_dc_name, trusted_dc_name, len_dc_name+1);
+	else
+		init_unistr2(&info->uni_trusted_dc_name, "", 1);
+}
+
+/*******************************************************************
+ Reads or writes a NETLOGON_INFO_2 structure.
+********************************************************************/
+
+static BOOL net_io_netinfo_2(char *desc, NETLOGON_INFO_2 *info, prs_struct *ps, int depth)
+{
+	if (info == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "net_io_netinfo_2");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint32("flags              ", ps, depth, &info->flags))
+		return False;
+	if(!prs_uint32("pdc_status         ", ps, depth, &info->pdc_status))
+		return False;
+	if(!prs_uint32("ptr_trusted_dc_name", ps, depth, &info->ptr_trusted_dc_name))
+		return False;
+	if(!prs_uint32("tc_status          ", ps, depth, &info->tc_status))
+		return False;
+
+	if (info->ptr_trusted_dc_name != 0) {
+		if(!smb_io_unistr2("unistr2", &info->uni_trusted_dc_name, info->ptr_trusted_dc_name, ps, depth))
+			return False;
+	}
+
+	if(!prs_align(ps))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes an NET_Q_LOGON_CTRL2 structure.
+********************************************************************/
+
+BOOL net_io_q_logon_ctrl2(char *desc, NET_Q_LOGON_CTRL2 *q_l, prs_struct *ps, int depth)
+{
+	if (q_l == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "net_io_q_logon_ctrl2");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr          ", ps, depth, &q_l->ptr))
+		return False;
+
+	if(!smb_io_unistr2 ("", &q_l->uni_server_name, q_l->ptr, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("function_code", ps, depth, &q_l->function_code))
+		return False;
+	if(!prs_uint32("query_level  ", ps, depth, &q_l->query_level))
+		return False;
+	if(!prs_uint32("switch_value ", ps, depth, &q_l->switch_value))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits an NET_Q_LOGON_CTRL2 structure.
+********************************************************************/
+
+void init_net_q_logon_ctrl2(NET_Q_LOGON_CTRL2 *q_l, char *srv_name,
+			    uint32 query_level)
+{
+	DEBUG(5,("init_q_logon_ctrl2\n"));
+
+	q_l->function_code = 0x01;
+	q_l->query_level = query_level;
+	q_l->switch_value  = 0x01;
+
+	init_unistr2(&q_l->uni_server_name, srv_name, strlen(srv_name) + 1);
+}
+
+/*******************************************************************
+ Inits an NET_R_LOGON_CTRL2 structure.
+********************************************************************/
+
+void init_net_r_logon_ctrl2(NET_R_LOGON_CTRL2 *r_l, uint32 query_level,
+			    uint32 flags, uint32 pdc_status, 
+			    uint32 logon_attempts, uint32 tc_status, 
+			    char *trusted_domain_name)
+{
+	DEBUG(5,("init_r_logon_ctrl2\n"));
+
+	r_l->switch_value  = query_level; /* should only be 0x1 */
+
+	switch (query_level) {
+	case 1:
+		r_l->ptr = 1; /* undocumented pointer */
+		init_netinfo_1(&r_l->logon.info1, flags, pdc_status);	
+		r_l->status = NT_STATUS_OK;
+		break;
+	case 2:
+		r_l->ptr = 1; /* undocumented pointer */
+		init_netinfo_2(&r_l->logon.info2, flags, pdc_status,
+		               tc_status, trusted_domain_name);	
+		r_l->status = NT_STATUS_OK;
+		break;
+	case 3:
+		r_l->ptr = 1; /* undocumented pointer */
+		init_netinfo_3(&r_l->logon.info3, flags, logon_attempts);	
+		r_l->status = NT_STATUS_OK;
+		break;
+	default:
+		DEBUG(2,("init_r_logon_ctrl2: unsupported switch value %d\n",
+			r_l->switch_value));
+		r_l->ptr = 0; /* undocumented pointer */
+
+		/* take a guess at an error code... */
+		r_l->status = NT_STATUS_INVALID_INFO_CLASS;
+		break;
+	}
+}
+
+/*******************************************************************
+ Reads or writes an NET_R_LOGON_CTRL2 structure.
+********************************************************************/
+
+BOOL net_io_r_logon_ctrl2(char *desc, NET_R_LOGON_CTRL2 *r_l, prs_struct *ps, int depth)
+{
+	if (r_l == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "net_io_r_logon_ctrl2");
+	depth++;
+
+	if(!prs_uint32("switch_value ", ps, depth, &r_l->switch_value))
+		return False;
+	if(!prs_uint32("ptr          ", ps, depth, &r_l->ptr))
+		return False;
+
+	if (r_l->ptr != 0) {
+		switch (r_l->switch_value) {
+		case 1:
+			if(!net_io_netinfo_1("", &r_l->logon.info1, ps, depth))
+				return False;
+			break;
+		case 2:
+			if(!net_io_netinfo_2("", &r_l->logon.info2, ps, depth))
+				return False;
+			break;
+		case 3:
+			if(!net_io_netinfo_3("", &r_l->logon.info3, ps, depth))
+				return False;
+			break;
+		default:
+			DEBUG(2,("net_io_r_logon_ctrl2: unsupported switch value %d\n",
+				r_l->switch_value));
+			break;
+		}
+	}
+
+	if(!prs_ntstatus("status       ", ps, depth, &r_l->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes an NET_Q_LOGON_CTRL structure.
+********************************************************************/
+
+BOOL net_io_q_logon_ctrl(char *desc, NET_Q_LOGON_CTRL *q_l, prs_struct *ps, 
+			 int depth)
+{
+	prs_debug(ps, depth, desc, "net_io_q_logon_ctrl");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr          ", ps, depth, &q_l->ptr))
+		return False;
+
+	if(!smb_io_unistr2 ("", &q_l->uni_server_name, q_l->ptr, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("function_code", ps, depth, &q_l->function_code))
+		return False;
+	if(!prs_uint32("query_level  ", ps, depth, &q_l->query_level))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits an NET_Q_LOGON_CTRL structure.
+********************************************************************/
+
+void init_net_q_logon_ctrl(NET_Q_LOGON_CTRL *q_l, char *srv_name,
+			   uint32 query_level)
+{
+	DEBUG(5,("init_q_logon_ctrl\n"));
+
+	q_l->function_code = 0x01; /* ??? */
+	q_l->query_level = query_level;
+
+	init_unistr2(&q_l->uni_server_name, srv_name, strlen(srv_name) + 1);
+}
+
+/*******************************************************************
+ Inits an NET_R_LOGON_CTRL structure.
+********************************************************************/
+
+void init_net_r_logon_ctrl(NET_R_LOGON_CTRL *r_l, uint32 query_level,
+			   uint32 flags, uint32 pdc_status)
+{
+	DEBUG(5,("init_r_logon_ctrl\n"));
+
+	r_l->switch_value  = query_level; /* should only be 0x1 */
+
+	switch (query_level) {
+	case 1:
+		r_l->ptr = 1; /* undocumented pointer */
+		init_netinfo_1(&r_l->logon.info1, flags, pdc_status);	
+		r_l->status = NT_STATUS_OK;
+		break;
+	default:
+		DEBUG(2,("init_r_logon_ctrl: unsupported switch value %d\n",
+			r_l->switch_value));
+		r_l->ptr = 0; /* undocumented pointer */
+
+		/* take a guess at an error code... */
+		r_l->status = NT_STATUS_INVALID_INFO_CLASS;
+		break;
+	}
+}
+
+/*******************************************************************
+ Reads or writes an NET_R_LOGON_CTRL structure.
+********************************************************************/
+
+BOOL net_io_r_logon_ctrl(char *desc, NET_R_LOGON_CTRL *r_l, prs_struct *ps, 
+			 int depth)
+{
+	prs_debug(ps, depth, desc, "net_io_r_logon_ctrl");
+	depth++;
+
+	if(!prs_uint32("switch_value ", ps, depth, &r_l->switch_value))
+		return False;
+	if(!prs_uint32("ptr          ", ps, depth, &r_l->ptr))
+		return False;
+
+	if (r_l->ptr != 0) {
+		switch (r_l->switch_value) {
+		case 1:
+			if(!net_io_netinfo_1("", &r_l->logon.info1, ps, depth))
+				return False;
+			break;
+		default:
+			DEBUG(2,("net_io_r_logon_ctrl: unsupported switch value %d\n",
+				r_l->switch_value));
+			break;
+		}
+	}
+
+	if(!prs_ntstatus("status       ", ps, depth, &r_l->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits an NET_R_TRUST_DOM_LIST structure.
+********************************************************************/
+
+void init_r_trust_dom(NET_R_TRUST_DOM_LIST *r_t,
+			uint32 num_doms, char *dom_name)
+{
+	int i = 0;
+
+	DEBUG(5,("init_r_trust_dom\n"));
+
+	for (i = 0; i < MAX_TRUST_DOMS; i++) {
+		r_t->uni_trust_dom_name[i].uni_str_len = 0;
+		r_t->uni_trust_dom_name[i].uni_max_len = 0;
+	}
+	if (num_doms > MAX_TRUST_DOMS)
+		num_doms = MAX_TRUST_DOMS;
+
+	for (i = 0; i < num_doms; i++) {
+		fstring domain_name;
+		fstrcpy(domain_name, dom_name);
+		strupper(domain_name);
+		init_unistr2(&r_t->uni_trust_dom_name[i], domain_name, strlen(domain_name)+1);
+		/* the use of UNISTR2 here is non-standard. */
+		r_t->uni_trust_dom_name[i].undoc = 0x1;
+	}
+	
+	r_t->status = NT_STATUS_OK;
+}
+
+/*******************************************************************
+ Reads or writes an NET_R_TRUST_DOM_LIST structure.
+********************************************************************/
+
+BOOL net_io_r_trust_dom(char *desc, NET_R_TRUST_DOM_LIST *r_t, prs_struct *ps, int depth)
+{
+	uint32 value;
+
+	if (r_t == NULL)
+		 return False;
+
+	prs_debug(ps, depth, desc, "net_io_r_trust_dom");
+	depth++;
+
+	/* temporary code to give a valid response */
+	value=2;
+	if(!prs_uint32("status", ps, depth, &value))
+		 return False;
+
+	value=1;
+	if(!prs_uint32("status", ps, depth, &value))
+		 return False;
+	value=2;
+	if(!prs_uint32("status", ps, depth, &value))
+		 return False;
+
+	value=0;
+	if(!prs_uint32("status", ps, depth, &value))
+		 return False;
+
+	value=0;
+	if(!prs_uint32("status", ps, depth, &value))
+		 return False;
+
+/* old non working code */
+#if 0
+	int i;
+
+	for (i = 0; i < MAX_TRUST_DOMS; i++) {
+		if (r_t->uni_trust_dom_name[i].uni_str_len == 0)
+			break;
+		if(!smb_io_unistr2("", &r_t->uni_trust_dom_name[i], True, ps, depth))
+			 return False;
+	}
+
+	if(!prs_ntstatus("status", ps, depth, &r_t->status))
+		 return False;
+#endif
+	return True;
+}
+
+
+/*******************************************************************
+ Reads or writes an NET_Q_TRUST_DOM_LIST structure.
+********************************************************************/
+
+BOOL net_io_q_trust_dom(char *desc, NET_Q_TRUST_DOM_LIST *q_l, prs_struct *ps, int depth)
+{
+	if (q_l == NULL)
+		 return False;
+
+	prs_debug(ps, depth, desc, "net_io_q_trust_dom");
+	depth++;
+
+	if(!prs_uint32("ptr          ", ps, depth, &q_l->ptr))
+		 return False;
+	if(!smb_io_unistr2 ("", &q_l->uni_server_name, q_l->ptr, ps, depth))
+		 return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits an NET_Q_REQ_CHAL structure.
+********************************************************************/
+
+void init_q_req_chal(NET_Q_REQ_CHAL *q_c,
+		     const char *logon_srv, const char *logon_clnt,
+		     DOM_CHAL *clnt_chal)
+{
+	DEBUG(5,("init_q_req_chal: %d\n", __LINE__));
+
+	q_c->undoc_buffer = 1; /* don't know what this buffer is */
+
+	init_unistr2(&q_c->uni_logon_srv, logon_srv , strlen(logon_srv )+1);
+	init_unistr2(&q_c->uni_logon_clnt, logon_clnt, strlen(logon_clnt)+1);
+
+	memcpy(q_c->clnt_chal.data, clnt_chal->data, sizeof(clnt_chal->data));
+
+	DEBUG(5,("init_q_req_chal: %d\n", __LINE__));
+}
+
+/*******************************************************************
+ Reads or writes an NET_Q_REQ_CHAL structure.
+********************************************************************/
+
+BOOL net_io_q_req_chal(char *desc,  NET_Q_REQ_CHAL *q_c, prs_struct *ps, int depth)
+{
+	int old_align;
+
+	if (q_c == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "net_io_q_req_chal");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+    
+	if(!prs_uint32("undoc_buffer", ps, depth, &q_c->undoc_buffer))
+		return False;
+
+	if(!smb_io_unistr2("", &q_c->uni_logon_srv, True, ps, depth)) /* logon server unicode string */
+		return False;
+	if(!smb_io_unistr2("", &q_c->uni_logon_clnt, True, ps, depth)) /* logon client unicode string */
+		return False;
+
+	old_align = ps->align;
+	ps->align = 0;
+	/* client challenge is _not_ aligned after the unicode strings */
+	if(!smb_io_chal("", &q_c->clnt_chal, ps, depth)) {
+		/* client challenge */
+		ps->align = old_align;
+		return False;
+	}
+	ps->align = old_align;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL net_io_r_req_chal(char *desc, NET_R_REQ_CHAL *r_c, prs_struct *ps, int depth)
+{
+	if (r_c == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "net_io_r_req_chal");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+    
+	if(!smb_io_chal("", &r_c->srv_chal, ps, depth)) /* server challenge */
+		return False;
+
+	if(!prs_ntstatus("status", ps, depth, &r_c->status))
+		return False;
+
+	return True;
+}
+
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL net_io_q_auth(char *desc, NET_Q_AUTH *q_a, prs_struct *ps, int depth)
+{
+	int old_align;
+	if (q_a == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "net_io_q_auth");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+    
+	if(!smb_io_log_info ("", &q_a->clnt_id, ps, depth)) /* client identification info */
+		return False;
+	/* client challenge is _not_ aligned */
+	old_align = ps->align;
+	ps->align = 0;
+	if(!smb_io_chal("", &q_a->clnt_chal, ps, depth)) {
+		/* client-calculated credentials */
+		ps->align = old_align;
+		return False;
+	}
+	ps->align = old_align;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL net_io_r_auth(char *desc, NET_R_AUTH *r_a, prs_struct *ps, int depth)
+{
+	if (r_a == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "net_io_r_auth");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+    
+	if(!smb_io_chal("", &r_a->srv_chal, ps, depth)) /* server challenge */
+		return False;
+
+	if(!prs_ntstatus("status", ps, depth, &r_a->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a NET_Q_AUTH_2 struct.
+********************************************************************/
+
+void init_q_auth_2(NET_Q_AUTH_2 *q_a,
+		const char *logon_srv, const char *acct_name, uint16 sec_chan, const char *comp_name,
+		DOM_CHAL *clnt_chal, uint32 clnt_flgs)
+{
+	DEBUG(5,("init_q_auth_2: %d\n", __LINE__));
+
+	init_log_info(&q_a->clnt_id, logon_srv, acct_name, sec_chan, comp_name);
+	memcpy(q_a->clnt_chal.data, clnt_chal->data, sizeof(clnt_chal->data));
+	q_a->clnt_flgs.neg_flags = clnt_flgs;
+
+	DEBUG(5,("init_q_auth_2: %d\n", __LINE__));
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL net_io_q_auth_2(char *desc, NET_Q_AUTH_2 *q_a, prs_struct *ps, int depth)
+{
+	int old_align;
+	if (q_a == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "net_io_q_auth_2");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+    
+	if(!smb_io_log_info ("", &q_a->clnt_id, ps, depth)) /* client identification info */
+		return False;
+	/* client challenge is _not_ aligned */
+	old_align = ps->align;
+	ps->align = 0;
+	if(!smb_io_chal("", &q_a->clnt_chal, ps, depth)) {
+		/* client-calculated credentials */
+		ps->align = old_align;
+		return False;
+	}
+	ps->align = old_align;
+	if(!net_io_neg_flags("", &q_a->clnt_flgs, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL net_io_r_auth_2(char *desc, NET_R_AUTH_2 *r_a, prs_struct *ps, int depth)
+{
+	if (r_a == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "net_io_r_auth_2");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+    
+	if(!smb_io_chal("", &r_a->srv_chal, ps, depth)) /* server challenge */
+		return False;
+	if(!net_io_neg_flags("", &r_a->srv_flgs, ps, depth))
+		return False;
+
+	if(!prs_ntstatus("status", ps, depth, &r_a->status))
+		return False;
+
+	return True;
+}
+
+
+/*******************************************************************
+ Inits a NET_Q_SRV_PWSET.
+********************************************************************/
+
+void init_q_srv_pwset(NET_Q_SRV_PWSET *q_s, char *logon_srv, char *sess_key, char *acct_name, 
+                uint16 sec_chan, char *comp_name, DOM_CRED *cred, uchar hashed_mach_pwd[16])
+{
+	unsigned char nt_cypher[16];
+	
+	DEBUG(5,("init_q_srv_pwset\n"));
+	
+	/* Process the new password. */
+	cred_hash3( nt_cypher, hashed_mach_pwd, sess_key, 1);
+
+	init_clnt_info(&q_s->clnt_id, logon_srv, acct_name, sec_chan, comp_name, cred);
+
+	memcpy(q_s->pwd, nt_cypher, sizeof(q_s->pwd)); 
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL net_io_q_srv_pwset(char *desc, NET_Q_SRV_PWSET *q_s, prs_struct *ps, int depth)
+{
+	if (q_s == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "net_io_q_srv_pwset");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+    
+	if(!smb_io_clnt_info("", &q_s->clnt_id, ps, depth)) /* client identification/authentication info */
+		return False;
+	if(!prs_uint8s (False, "pwd", ps, depth, q_s->pwd, 16)) /* new password - undocumented */
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL net_io_r_srv_pwset(char *desc, NET_R_SRV_PWSET *r_s, prs_struct *ps, int depth)
+{
+	if (r_s == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "net_io_r_srv_pwset");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+    
+	if(!smb_io_cred("", &r_s->srv_cred, ps, depth)) /* server challenge */
+		return False;
+
+	if(!prs_ntstatus("status", ps, depth, &r_s->status))
+		return False;
+
+	return True;
+}
+
+/*************************************************************************
+ Init DOM_SID2 array from a string containing multiple sids
+ *************************************************************************/
+
+static int init_dom_sid2s(TALLOC_CTX *ctx, char *sids_str, DOM_SID2 **ppsids)
+{
+	char *ptr;
+	pstring s2;
+	int count = 0;
+
+	DEBUG(4,("init_dom_sid2s: %s\n", sids_str ? sids_str:""));
+
+	*ppsids = NULL;
+
+	if(sids_str) {
+		int number;
+		DOM_SID2 *sids;
+
+		/* Count the number of SIDs. */
+		for (count = 0, ptr = sids_str; 
+	   	  next_token(&ptr, s2, NULL, sizeof(s2)); count++)
+			;
+
+		/* Now allocate space for them. */
+		*ppsids = (DOM_SID2 *)talloc_zero(ctx, count * sizeof(DOM_SID2));
+		if (*ppsids == NULL)
+			return 0;
+
+		sids = *ppsids;
+
+		for (number = 0, ptr = sids_str; 
+	   	  next_token(&ptr, s2, NULL, sizeof(s2)); number++) {
+			DOM_SID tmpsid;
+			string_to_sid(&tmpsid, s2);
+			init_dom_sid2(&sids[number], &tmpsid);
+		}
+	}
+
+	return count;
+}
+
+/*******************************************************************
+ Inits a NET_ID_INFO_1 structure.
+********************************************************************/
+
+void init_id_info1(NET_ID_INFO_1 *id, char *domain_name,
+				uint32 param_ctrl, uint32 log_id_low, uint32 log_id_high,
+				char *user_name, char *wksta_name,
+				char *sess_key,
+				unsigned char lm_cypher[16], unsigned char nt_cypher[16])
+{
+	int len_domain_name = strlen(domain_name);
+	int len_user_name   = strlen(user_name  );
+	int len_wksta_name  = strlen(wksta_name );
+
+	unsigned char lm_owf[16];
+	unsigned char nt_owf[16];
+
+	DEBUG(5,("init_id_info1: %d\n", __LINE__));
+
+	id->ptr_id_info1 = 1;
+
+	init_uni_hdr(&id->hdr_domain_name, len_domain_name);
+
+	id->param_ctrl = param_ctrl;
+	init_logon_id(&id->logon_id, log_id_low, log_id_high);
+
+	init_uni_hdr(&id->hdr_user_name, len_user_name);
+	init_uni_hdr(&id->hdr_wksta_name, len_wksta_name);
+
+	if (lm_cypher && nt_cypher) {
+		unsigned char key[16];
+#ifdef DEBUG_PASSWORD
+		DEBUG(100,("lm cypher:"));
+		dump_data(100, (char *)lm_cypher, 16);
+
+		DEBUG(100,("nt cypher:"));
+		dump_data(100, (char *)nt_cypher, 16);
+#endif
+
+		memset(key, 0, 16);
+		memcpy(key, sess_key, 8);
+
+		memcpy(lm_owf, lm_cypher, 16);
+		SamOEMhash(lm_owf, key, 16);
+		memcpy(nt_owf, nt_cypher, 16);
+		SamOEMhash(nt_owf, key, 16);
+
+#ifdef DEBUG_PASSWORD
+		DEBUG(100,("encrypt of lm owf password:"));
+		dump_data(100, (char *)lm_owf, 16);
+
+		DEBUG(100,("encrypt of nt owf password:"));
+		dump_data(100, (char *)nt_owf, 16);
+#endif
+		/* set up pointers to cypher blocks */
+		lm_cypher = lm_owf;
+		nt_cypher = nt_owf;
+	}
+
+	init_owf_info(&id->lm_owf, lm_cypher);
+	init_owf_info(&id->nt_owf, nt_cypher);
+
+	init_unistr2(&id->uni_domain_name, domain_name, len_domain_name);
+	init_unistr2(&id->uni_user_name, user_name, len_user_name);
+	init_unistr2(&id->uni_wksta_name, wksta_name, len_wksta_name);
+}
+
+/*******************************************************************
+ Reads or writes an NET_ID_INFO_1 structure.
+********************************************************************/
+
+static BOOL net_io_id_info1(char *desc,  NET_ID_INFO_1 *id, prs_struct *ps, int depth)
+{
+	if (id == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "net_io_id_info1");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint32("ptr_id_info1", ps, depth, &id->ptr_id_info1))
+		return False;
+
+	if (id->ptr_id_info1 != 0) {
+		if(!smb_io_unihdr("unihdr", &id->hdr_domain_name, ps, depth))
+			return False;
+
+		if(!prs_uint32("param_ctrl", ps, depth, &id->param_ctrl))
+			return False;
+		if(!smb_io_logon_id("", &id->logon_id, ps, depth))
+			return False;
+
+		if(!smb_io_unihdr("unihdr", &id->hdr_user_name, ps, depth))
+			return False;
+		if(!smb_io_unihdr("unihdr", &id->hdr_wksta_name, ps, depth))
+			return False;
+
+		if(!smb_io_owf_info("", &id->lm_owf, ps, depth))
+			return False;
+		if(!smb_io_owf_info("", &id->nt_owf, ps, depth))
+			return False;
+
+		if(!smb_io_unistr2("unistr2", &id->uni_domain_name,
+				id->hdr_domain_name.buffer, ps, depth))
+			return False;
+		if(!smb_io_unistr2("unistr2", &id->uni_user_name,
+				id->hdr_user_name.buffer, ps, depth))
+			return False;
+		if(!smb_io_unistr2("unistr2", &id->uni_wksta_name,
+				id->hdr_wksta_name.buffer, ps, depth))
+			return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+Inits a NET_ID_INFO_2 structure.
+
+This is a network logon packet. The log_id parameters
+are what an NT server would generate for LUID once the
+user is logged on. I don't think we care about them.
+
+Note that this has no access to the NT and LM hashed passwords,
+so it forwards the challenge, and the NT and LM responses (24
+bytes each) over the secure channel to the Domain controller
+for it to say yea or nay. This is the preferred method of 
+checking for a logon as it doesn't export the password
+hashes to anyone who has compromised the secure channel. JRA.
+********************************************************************/
+
+void init_id_info2(NET_ID_INFO_2 * id, const char *domain_name,
+		   uint32 param_ctrl,
+		   uint32 log_id_low, uint32 log_id_high,
+		   const char *user_name, const char *wksta_name,
+		   const uchar lm_challenge[8],
+		   const uchar * lm_chal_resp, int lm_chal_resp_len,
+		   const uchar * nt_chal_resp, int nt_chal_resp_len)
+{
+	int len_domain_name = strlen(domain_name);
+	int len_user_name   = strlen(user_name  );
+	int len_wksta_name  = strlen(wksta_name );
+	unsigned char lm_owf[24];
+	unsigned char nt_owf[128];
+
+	DEBUG(5,("init_id_info2: %d\n", __LINE__));
+
+	id->ptr_id_info2 = 1;
+
+	init_uni_hdr(&id->hdr_domain_name, len_domain_name);
+
+	id->param_ctrl = param_ctrl;
+	init_logon_id(&id->logon_id, log_id_low, log_id_high);
+
+	init_uni_hdr(&id->hdr_user_name, len_user_name);
+	init_uni_hdr(&id->hdr_wksta_name, len_wksta_name);
+
+	if (nt_chal_resp) {
+		/* oops.  can only send what-ever-it-is direct */
+		memcpy(nt_owf, nt_chal_resp, MIN(sizeof(nt_owf), nt_chal_resp_len));
+		nt_chal_resp = nt_owf;
+	}
+	if (lm_chal_resp) {
+		/* oops.  can only send what-ever-it-is direct */
+		memcpy(lm_owf, lm_chal_resp, MIN(sizeof(lm_owf), lm_chal_resp_len));
+		lm_chal_resp = lm_owf;
+	}
+
+	memcpy(id->lm_chal, lm_challenge, sizeof(id->lm_chal));
+	init_str_hdr(&id->hdr_nt_chal_resp, nt_chal_resp_len, nt_chal_resp_len, (nt_chal_resp != NULL) ? 1 : 0);
+	init_str_hdr(&id->hdr_lm_chal_resp, lm_chal_resp_len, lm_chal_resp_len, (lm_chal_resp != NULL) ? 1 : 0);
+
+	init_unistr2(&id->uni_domain_name, domain_name, len_domain_name);
+	init_unistr2(&id->uni_user_name, user_name, len_user_name);
+	init_unistr2(&id->uni_wksta_name, wksta_name, len_wksta_name);
+
+	init_string2(&id->nt_chal_resp, (const char *)nt_chal_resp, nt_chal_resp_len, nt_chal_resp_len);
+	init_string2(&id->lm_chal_resp, (const char *)lm_chal_resp, lm_chal_resp_len, lm_chal_resp_len);
+
+}
+
+/*******************************************************************
+ Reads or writes an NET_ID_INFO_2 structure.
+********************************************************************/
+
+static BOOL net_io_id_info2(char *desc,  NET_ID_INFO_2 *id, prs_struct *ps, int depth)
+{
+	if (id == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "net_io_id_info2");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint32("ptr_id_info2", ps, depth, &id->ptr_id_info2))
+		return False;
+
+	if (id->ptr_id_info2 != 0) {
+		if(!smb_io_unihdr("unihdr", &id->hdr_domain_name, ps, depth))
+			return False;
+
+		if(!prs_uint32("param_ctrl", ps, depth, &id->param_ctrl))
+			return False;
+		if(!smb_io_logon_id("", &id->logon_id, ps, depth))
+			return False;
+
+		if(!smb_io_unihdr("unihdr", &id->hdr_user_name, ps, depth))
+			return False;
+		if(!smb_io_unihdr("unihdr", &id->hdr_wksta_name, ps, depth))
+			return False;
+
+		if(!prs_uint8s (False, "lm_chal", ps, depth, id->lm_chal, 8)) /* lm 8 byte challenge */
+			return False;
+
+		if(!smb_io_strhdr("hdr_nt_chal_resp", &id->hdr_nt_chal_resp, ps, depth))
+			return False;
+		if(!smb_io_strhdr("hdr_lm_chal_resp", &id->hdr_lm_chal_resp, ps, depth))
+			return False;
+
+		if(!smb_io_unistr2("uni_domain_name", &id->uni_domain_name,
+				id->hdr_domain_name.buffer, ps, depth))
+			return False;
+		if(!smb_io_unistr2("uni_user_name  ", &id->uni_user_name,
+				id->hdr_user_name.buffer, ps, depth))
+			return False;
+		if(!smb_io_unistr2("uni_wksta_name ", &id->uni_wksta_name,
+				id->hdr_wksta_name.buffer, ps, depth))
+			return False;
+		if(!smb_io_string2("nt_chal_resp", &id->nt_chal_resp,
+				id->hdr_nt_chal_resp.buffer, ps, depth))
+			return False;
+		if(!smb_io_string2("lm_chal_resp", &id->lm_chal_resp,
+				id->hdr_lm_chal_resp.buffer, ps, depth))
+			return False;
+	}
+
+	return True;
+}
+
+
+/*******************************************************************
+ Inits a DOM_SAM_INFO structure.
+********************************************************************/
+
+void init_sam_info(DOM_SAM_INFO *sam,
+				char *logon_srv, char *comp_name, DOM_CRED *clnt_cred,
+				DOM_CRED *rtn_cred, uint16 logon_level,
+				NET_ID_INFO_CTR *ctr)
+{
+	DEBUG(5,("init_sam_info: %d\n", __LINE__));
+
+	init_clnt_info2(&sam->client, logon_srv, comp_name, clnt_cred);
+
+	if (rtn_cred != NULL) {
+		sam->ptr_rtn_cred = 1;
+		memcpy(&sam->rtn_cred, rtn_cred, sizeof(sam->rtn_cred));
+	} else {
+		sam->ptr_rtn_cred = 0;
+	}
+
+	sam->logon_level  = logon_level;
+	sam->ctr          = ctr;
+}
+
+/*******************************************************************
+ Reads or writes a DOM_SAM_INFO structure.
+********************************************************************/
+
+static BOOL net_io_id_info_ctr(char *desc, NET_ID_INFO_CTR **pp_ctr, prs_struct *ps, int depth)
+{
+	NET_ID_INFO_CTR *ctr = *pp_ctr;
+
+	prs_debug(ps, depth, desc, "smb_io_sam_info");
+	depth++;
+
+	if (UNMARSHALLING(ps)) {
+		ctr = *pp_ctr = (NET_ID_INFO_CTR *)prs_alloc_mem(ps, sizeof(NET_ID_INFO_CTR));
+		if (ctr == NULL)
+			return False;
+	}
+	
+	if (ctr == NULL)
+		return False;
+
+	/* don't 4-byte align here! */
+
+	if(!prs_uint16("switch_value ", ps, depth, &ctr->switch_value))
+		return False;
+
+	switch (ctr->switch_value) {
+	case 1:
+		if(!net_io_id_info1("", &ctr->auth.id1, ps, depth))
+			return False;
+		break;
+	case 2:
+		if(!net_io_id_info2("", &ctr->auth.id2, ps, depth))
+			return False;
+		break;
+	default:
+		/* PANIC! */
+		DEBUG(4,("smb_io_sam_info: unknown switch_value!\n"));
+		break;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a DOM_SAM_INFO structure.
+ ********************************************************************/
+
+static BOOL smb_io_sam_info(char *desc, DOM_SAM_INFO *sam, prs_struct *ps, int depth)
+{
+	if (sam == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "smb_io_sam_info");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!smb_io_clnt_info2("", &sam->client, ps, depth))
+		return False;
+
+	if(!prs_uint32("ptr_rtn_cred ", ps, depth, &sam->ptr_rtn_cred))
+		return False;
+	if(!smb_io_cred("", &sam->rtn_cred, ps, depth))
+		return False;
+
+	if(!prs_uint16("logon_level  ", ps, depth, &sam->logon_level))
+		return False;
+
+	if (sam->logon_level != 0) {
+		if(!net_io_id_info_ctr("logon_info", &sam->ctr, ps, depth))
+			return False;
+	}
+
+	return True;
+}
+
+/*************************************************************************
+ Inits a NET_USER_INFO_3 structure.
+
+ This is a network logon reply packet, and contains much information about
+ the user.  This information is passed as a (very long) paramater list
+ to avoid having to link in the PASSDB code to every program that deals 
+ with this file.
+ *************************************************************************/
+
+void init_net_user_info3(TALLOC_CTX *ctx, NET_USER_INFO_3 *usr, 
+			 uint32                user_rid,
+			 uint32                group_rid,
+
+			 const char*		user_name,
+			 const char*		full_name,
+			 const char*		home_dir,
+			 const char*		dir_drive,
+			 const char*		logon_script,
+			 const char*		profile_path,
+
+			 time_t unix_logon_time,
+			 time_t unix_logoff_time,
+			 time_t unix_kickoff_time,
+			 time_t unix_pass_last_set_time,
+			 time_t unix_pass_can_change_time,
+			 time_t unix_pass_must_change_time,
+			 
+			 uint16 logon_count, uint16 bad_pw_count,
+ 		 	 uint32 num_groups, DOM_GID *gids,
+			 uint32 user_flgs, uchar *sess_key,
+ 			 char *logon_srv, char *logon_dom,
+			 DOM_SID *dom_sid, char *other_sids)
+{
+	/* only cope with one "other" sid, right now. */
+	/* need to count the number of space-delimited sids */
+	int i;
+	int num_other_sids = 0;
+	
+	NTTIME 		logon_time, logoff_time, kickoff_time,
+			pass_last_set_time, pass_can_change_time,
+			pass_must_change_time;
+
+	int 		len_user_name, len_full_name, len_home_dir,
+			len_dir_drive, len_logon_script, len_profile_path;
+			
+	int len_logon_srv    = strlen(logon_srv);
+	int len_logon_dom    = strlen(logon_dom);
+
+	len_user_name    = strlen(user_name   );
+	len_full_name    = strlen(full_name   );
+	len_home_dir     = strlen(home_dir    );
+	len_dir_drive    = strlen(dir_drive   );
+	len_logon_script = strlen(logon_script);
+	len_profile_path = strlen(profile_path);
+
+
+	ZERO_STRUCTP(usr);
+
+	usr->ptr_user_info = 1; /* yes, we're bothering to put USER_INFO data here */
+
+
+	/* Create NTTIME structs */
+	unix_to_nt_time (&logon_time, 		 unix_logon_time);
+	unix_to_nt_time (&logoff_time, 		 unix_logoff_time);
+	unix_to_nt_time (&kickoff_time, 	 unix_kickoff_time);
+	unix_to_nt_time (&pass_last_set_time, 	 unix_pass_last_set_time);
+	unix_to_nt_time (&pass_can_change_time,	 unix_pass_can_change_time);
+	unix_to_nt_time (&pass_must_change_time, unix_pass_must_change_time);
+
+	usr->logon_time            = logon_time;
+	usr->logoff_time           = logoff_time;
+	usr->kickoff_time          = kickoff_time;
+	usr->pass_last_set_time    = pass_last_set_time;
+	usr->pass_can_change_time  = pass_can_change_time;
+	usr->pass_must_change_time = pass_must_change_time;
+
+	init_uni_hdr(&usr->hdr_user_name, len_user_name);
+	init_uni_hdr(&usr->hdr_full_name, len_full_name);
+	init_uni_hdr(&usr->hdr_logon_script, len_logon_script);
+	init_uni_hdr(&usr->hdr_profile_path, len_profile_path);
+	init_uni_hdr(&usr->hdr_home_dir, len_home_dir);
+	init_uni_hdr(&usr->hdr_dir_drive, len_dir_drive);
+
+	usr->logon_count = logon_count;
+	usr->bad_pw_count = bad_pw_count;
+
+	usr->user_rid = user_rid;
+	usr->group_rid = group_rid;
+	usr->num_groups = num_groups;
+
+	usr->buffer_groups = 1; /* indicates fill in groups, below, even if there are none */
+	usr->user_flgs = user_flgs;
+
+	if (sess_key != NULL)
+		memcpy(usr->user_sess_key, sess_key, sizeof(usr->user_sess_key));
+	else
+		memset((char *)usr->user_sess_key, '\0', sizeof(usr->user_sess_key));
+
+	init_uni_hdr(&usr->hdr_logon_srv, len_logon_srv);
+	init_uni_hdr(&usr->hdr_logon_dom, len_logon_dom);
+
+	usr->buffer_dom_id = dom_sid ? 1 : 0; /* yes, we're bothering to put a domain SID in */
+
+	memset((char *)usr->padding, '\0', sizeof(usr->padding));
+
+	num_other_sids = init_dom_sid2s(ctx, other_sids, &usr->other_sids);
+
+	usr->num_other_sids = num_other_sids;
+	usr->buffer_other_sids = (num_other_sids != 0) ? 1 : 0; 
+	
+	init_unistr2(&usr->uni_user_name, user_name, len_user_name);
+	init_unistr2(&usr->uni_full_name, full_name, len_full_name);
+	init_unistr2(&usr->uni_logon_script, logon_script, len_logon_script);
+	init_unistr2(&usr->uni_profile_path, profile_path, len_profile_path);
+	init_unistr2(&usr->uni_home_dir, home_dir, len_home_dir);
+	init_unistr2(&usr->uni_dir_drive, dir_drive, len_dir_drive);
+
+	usr->num_groups2 = num_groups;
+
+	usr->gids = (DOM_GID *)talloc_zero(ctx,sizeof(DOM_GID) * (num_groups));
+	if (usr->gids == NULL && num_groups>0)
+		return;
+
+	for (i = 0; i < num_groups; i++) 
+		usr->gids[i] = gids[i];	
+		
+	init_unistr2(&usr->uni_logon_srv, logon_srv, len_logon_srv);
+	init_unistr2(&usr->uni_logon_dom, logon_dom, len_logon_dom);
+
+	init_dom_sid2(&usr->dom_sid, dom_sid);
+	/* "other" sids are set up above */
+}
+
+/*******************************************************************
+ This code has been modified to cope with a NET_USER_INFO_2 - which is
+ exactly the same as a NET_USER_INFO_3, minus the other sids parameters.
+ We use validation level to determine if we're marshalling a info 2 or
+ INFO_3 - be we always return an INFO_3. Based on code donated by Marc
+ Jacobsen at HP. JRA.
+********************************************************************/
+
+static BOOL net_io_user_info3(char *desc, NET_USER_INFO_3 *usr, prs_struct *ps, int depth, uint16 validation_level)
+{
+	int i;
+
+	if (usr == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "lsa_io_lsa_user_info");
+	depth++;
+
+	if (UNMARSHALLING(ps))
+		ZERO_STRUCTP(usr);
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint32("ptr_user_info ", ps, depth, &usr->ptr_user_info))
+		return False;
+
+	if (usr->ptr_user_info == 0)
+		return True;
+
+	if(!smb_io_time("logon time", &usr->logon_time, ps, depth)) /* logon time */
+		return False;
+	if(!smb_io_time("logoff time", &usr->logoff_time, ps, depth)) /* logoff time */
+		return False;
+	if(!smb_io_time("kickoff time", &usr->kickoff_time, ps, depth)) /* kickoff time */
+		return False;
+	if(!smb_io_time("last set time", &usr->pass_last_set_time, ps, depth)) /* password last set time */
+		return False;
+	if(!smb_io_time("can change time", &usr->pass_can_change_time , ps, depth)) /* password can change time */
+		return False;
+	if(!smb_io_time("must change time", &usr->pass_must_change_time, ps, depth)) /* password must change time */
+		return False;
+
+	if(!smb_io_unihdr("hdr_user_name", &usr->hdr_user_name, ps, depth)) /* username unicode string header */
+		return False;
+	if(!smb_io_unihdr("hdr_full_name", &usr->hdr_full_name, ps, depth)) /* user's full name unicode string header */
+		return False;
+	if(!smb_io_unihdr("hdr_logon_script", &usr->hdr_logon_script, ps, depth)) /* logon script unicode string header */
+		return False;
+	if(!smb_io_unihdr("hdr_profile_path", &usr->hdr_profile_path, ps, depth)) /* profile path unicode string header */
+		return False;
+	if(!smb_io_unihdr("hdr_home_dir", &usr->hdr_home_dir, ps, depth)) /* home directory unicode string header */
+		return False;
+	if(!smb_io_unihdr("hdr_dir_drive", &usr->hdr_dir_drive, ps, depth)) /* home directory drive unicode string header */
+		return False;
+
+	if(!prs_uint16("logon_count   ", ps, depth, &usr->logon_count))  /* logon count */
+		return False;
+	if(!prs_uint16("bad_pw_count  ", ps, depth, &usr->bad_pw_count)) /* bad password count */
+		return False;
+
+	if(!prs_uint32("user_rid      ", ps, depth, &usr->user_rid))       /* User RID */
+		return False;
+	if(!prs_uint32("group_rid     ", ps, depth, &usr->group_rid))      /* Group RID */
+		return False;
+	if(!prs_uint32("num_groups    ", ps, depth, &usr->num_groups))    /* num groups */
+		return False;
+	if(!prs_uint32("buffer_groups ", ps, depth, &usr->buffer_groups)) /* undocumented buffer pointer to groups. */
+		return False;
+	if(!prs_uint32("user_flgs     ", ps, depth, &usr->user_flgs))     /* user flags */
+		return False;
+
+	if(!prs_uint8s(False, "user_sess_key", ps, depth, usr->user_sess_key, 16)) /* unused user session key */
+		return False;
+
+	if(!smb_io_unihdr("hdr_logon_srv", &usr->hdr_logon_srv, ps, depth)) /* logon server unicode string header */
+		return False;
+	if(!smb_io_unihdr("hdr_logon_dom", &usr->hdr_logon_dom, ps, depth)) /* logon domain unicode string header */
+		return False;
+
+	if(!prs_uint32("buffer_dom_id ", ps, depth, &usr->buffer_dom_id)) /* undocumented logon domain id pointer */
+		return False;
+	if(!prs_uint8s (False, "padding       ", ps, depth, usr->padding, 40)) /* unused padding bytes? */
+		return False;
+
+	if (validation_level == 3) {
+		if(!prs_uint32("num_other_sids", ps, depth, &usr->num_other_sids)) /* 0 - num_sids */
+			return False;
+		if(!prs_uint32("buffer_other_sids", ps, depth, &usr->buffer_other_sids)) /* NULL - undocumented pointer to SIDs. */
+			return False;
+	} else {
+		if (UNMARSHALLING(ps)) {
+			usr->num_other_sids = 0;
+			usr->buffer_other_sids = 0;
+		}
+	}
+		
+	if(!smb_io_unistr2("uni_user_name", &usr->uni_user_name, usr->hdr_user_name.buffer, ps, depth)) /* username unicode string */
+		return False;
+	if(!smb_io_unistr2("uni_full_name", &usr->uni_full_name, usr->hdr_full_name.buffer, ps, depth)) /* user's full name unicode string */
+		return False;
+	if(!smb_io_unistr2("uni_logon_script", &usr->uni_logon_script, usr->hdr_logon_script.buffer, ps, depth)) /* logon script unicode string */
+		return False;
+	if(!smb_io_unistr2("uni_profile_path", &usr->uni_profile_path, usr->hdr_profile_path.buffer, ps, depth)) /* profile path unicode string */
+		return False;
+	if(!smb_io_unistr2("uni_home_dir", &usr->uni_home_dir, usr->hdr_home_dir.buffer, ps, depth)) /* home directory unicode string */
+		return False;
+	if(!smb_io_unistr2("uni_dir_drive", &usr->uni_dir_drive, usr->hdr_dir_drive.buffer, ps, depth)) /* home directory drive unicode string */
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+	if(!prs_uint32("num_groups2   ", ps, depth, &usr->num_groups2))        /* num groups */
+		return False;
+
+	if (UNMARSHALLING(ps) && usr->num_groups2 > 0) {
+		usr->gids = (DOM_GID *)prs_alloc_mem(ps, sizeof(DOM_GID)*usr->num_groups2);
+		if (usr->gids == NULL)
+			return False;
+	}
+
+	for (i = 0; i < usr->num_groups2; i++) {
+		if(!smb_io_gid("", &usr->gids[i], ps, depth)) /* group info */
+			return False;
+	}
+
+	if(!smb_io_unistr2("uni_logon_srv", &usr->uni_logon_srv, usr->hdr_logon_srv.buffer, ps, depth)) /* logon server unicode string */
+		return False;
+	if(!smb_io_unistr2("uni_logon_dom", &usr->uni_logon_dom, usr->hdr_logon_srv.buffer, ps, depth)) /* logon domain unicode string */
+		return False;
+
+	if(!smb_io_dom_sid2("", &usr->dom_sid, ps, depth))           /* domain SID */
+		return False;
+
+	if (usr->num_other_sids) {
+
+		if (UNMARSHALLING(ps)) {
+			usr->other_sids = (DOM_SID2 *)prs_alloc_mem(ps, sizeof(DOM_SID2)*usr->num_other_sids);
+			if (usr->other_sids == NULL)
+				return False;
+		}
+	
+		if(!prs_uint32("num_other_groups", ps, depth, &usr->num_other_groups))
+			return False;
+
+		if (UNMARSHALLING(ps) && usr->num_other_groups > 0) {
+			usr->other_gids = (DOM_GID *)prs_alloc_mem(ps, sizeof(DOM_GID)*usr->num_other_groups);
+			if (usr->other_gids == NULL)
+				return False;
+		}
+	
+		for (i = 0; i < usr->num_other_groups; i++) {
+			if(!smb_io_gid("", &usr->other_gids[i], ps, depth)) /* other GIDs */
+				return False;
+		}
+		for (i = 0; i < usr->num_other_sids; i++) {
+			if(!smb_io_dom_sid2("", &usr->other_sids[i], ps, depth)) /* other domain SIDs */
+				return False;
+		}
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL net_io_q_sam_logon(char *desc, NET_Q_SAM_LOGON *q_l, prs_struct *ps, int depth)
+{
+	if (q_l == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "net_io_q_sam_logon");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!smb_io_sam_info("", &q_l->sam_id, ps, depth))
+		return False;
+
+	if(!prs_uint16("validation_level", ps, depth, &q_l->validation_level))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL net_io_r_sam_logon(char *desc, NET_R_SAM_LOGON *r_l, prs_struct *ps, int depth)
+{
+	if (r_l == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "net_io_r_sam_logon");
+	depth++;
+
+	if(!prs_uint32("buffer_creds", ps, depth, &r_l->buffer_creds)) /* undocumented buffer pointer */
+		return False;
+	if(!smb_io_cred("", &r_l->srv_creds, ps, depth)) /* server credentials.  server time stamp appears to be ignored. */
+		return False;
+
+	if(!prs_uint16("switch_value", ps, depth, &r_l->switch_value))
+		return False;
+	if(!prs_align(ps))
+		return False;
+
+#if 1 /* W2k always needs this - even for bad passwd. JRA */
+	if(!net_io_user_info3("", r_l->user, ps, depth, r_l->switch_value))
+		return False;
+#else
+	if (r_l->switch_value != 0) {
+		if(!net_io_user_info3("", r_l->user, ps, depth, r_l->switch_value))
+			return False;
+	}
+#endif
+
+	if(!prs_uint32("auth_resp   ", ps, depth, &r_l->auth_resp)) /* 1 - Authoritative response; 0 - Non-Auth? */
+		return False;
+
+	if(!prs_ntstatus("status      ", ps, depth, &r_l->status))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL net_io_q_sam_logoff(char *desc,  NET_Q_SAM_LOGOFF *q_l, prs_struct *ps, int depth)
+{
+	if (q_l == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "net_io_q_sam_logoff");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!smb_io_sam_info("", &q_l->sam_id, ps, depth))           /* domain SID */
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL net_io_r_sam_logoff(char *desc, NET_R_SAM_LOGOFF *r_l, prs_struct *ps, int depth)
+{
+	if (r_l == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "net_io_r_sam_logoff");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint32("buffer_creds", ps, depth, &r_l->buffer_creds)) /* undocumented buffer pointer */
+		return False;
+	if(!smb_io_cred("", &r_l->srv_creds, ps, depth)) /* server credentials.  server time stamp appears to be ignored. */
+		return False;
+
+	if(!prs_ntstatus("status      ", ps, depth, &r_l->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+makes a NET_Q_SAM_SYNC structure.
+********************************************************************/
+BOOL init_net_q_sam_sync(NET_Q_SAM_SYNC * q_s, const char *srv_name,
+                         const char *cli_name, DOM_CRED *cli_creds, 
+                         DOM_CRED *ret_creds, uint32 database_id)
+{
+	DEBUG(5, ("init_q_sam_sync\n"));
+
+	init_unistr2(&q_s->uni_srv_name, srv_name, strlen(srv_name) + 1);
+	init_unistr2(&q_s->uni_cli_name, cli_name, strlen(cli_name) + 1);
+
+        if (cli_creds)
+                memcpy(&q_s->cli_creds, cli_creds, sizeof(q_s->cli_creds));
+
+	if (cli_creds)
+                memcpy(&q_s->ret_creds, ret_creds, sizeof(q_s->ret_creds));
+	else
+		memset(&q_s->ret_creds, 0, sizeof(q_s->ret_creds));
+
+	q_s->database_id = database_id;
+	q_s->restart_state = 0;
+	q_s->sync_context = 0;
+	q_s->max_size = 0xffff;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+BOOL net_io_q_sam_sync(char *desc, NET_Q_SAM_SYNC * q_s, prs_struct *ps,
+		       int depth)
+{
+	prs_debug(ps, depth, desc, "net_io_q_sam_sync");
+	depth++;
+
+	if (!smb_io_unistr2("", &q_s->uni_srv_name, True, ps, depth))
+                return False;
+	if (!smb_io_unistr2("", &q_s->uni_cli_name, True, ps, depth))
+                return False;
+
+	if (!smb_io_cred("", &q_s->cli_creds, ps, depth))
+                return False;
+	if (!smb_io_cred("", &q_s->ret_creds, ps, depth))
+                return False;
+
+	if (!prs_uint32("database_id  ", ps, depth, &q_s->database_id))
+                return False;
+	if (!prs_uint32("restart_state", ps, depth, &q_s->restart_state))
+                return False;
+	if (!prs_uint32("sync_context ", ps, depth, &q_s->sync_context))
+                return False;
+
+	if (!prs_uint32("max_size", ps, depth, &q_s->max_size))
+                return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+static BOOL net_io_sam_delta_hdr(char *desc, SAM_DELTA_HDR * delta,
+				 prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "net_io_sam_delta_hdr");
+	depth++;
+
+	if (!prs_uint16("type", ps, depth, &delta->type))
+                return False;
+	if (!prs_uint16("type2", ps, depth, &delta->type2))
+                return False;
+	if (!prs_uint32("target_rid", ps, depth, &delta->target_rid))
+                return False;
+
+	if (!prs_uint32("type3", ps, depth, &delta->type3))
+                return False;
+
+        /* Not sure why we need this but it seems to be necessary to get
+           sam deltas working. */
+
+        if (delta->type != 0x16) {
+                if (!prs_uint32("ptr_delta", ps, depth, &delta->ptr_delta))
+                        return False;
+        }
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+static BOOL net_io_sam_delta_stamp(char *desc, SAM_DELTA_STAMP *info,
+                                   prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "net_io_sam_delta_stamp");
+	depth++;
+
+        if (!prs_uint32("seqnum", ps, depth, &info->seqnum))
+                return False;
+        if (!prs_uint32("dom_mod_count_ptr", ps, depth, 
+                        &info->dom_mod_count_ptr))
+                return False;
+
+        if (info->dom_mod_count_ptr) {
+                if (!prs_uint64("dom_mod_count", ps, depth,
+                                &info->dom_mod_count))
+                        return False;
+        }
+
+        return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+static BOOL net_io_sam_domain_info(char *desc, SAM_DOMAIN_INFO * info,
+				   prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "net_io_sam_domain_info");
+	depth++;
+
+	if (!smb_io_unihdr("hdr_dom_name", &info->hdr_dom_name, ps, depth))
+                return False;
+	if (!smb_io_unihdr("hdr_oem_info", &info->hdr_oem_info, ps, depth))
+                return False;
+
+        if (!prs_uint64("force_logoff", ps, depth, &info->force_logoff))
+                return False;
+	if (!prs_uint16("min_pwd_len", ps, depth, &info->min_pwd_len))
+                return False;
+	if (!prs_uint16("pwd_history_len", ps, depth, &info->pwd_history_len))
+                return False;
+	if (!prs_uint64("max_pwd_age", ps, depth, &info->max_pwd_age))
+                return False;
+	if (!prs_uint64("min_pwd_age", ps, depth, &info->min_pwd_age))
+                return False;
+	if (!prs_uint64("dom_mod_count", ps, depth, &info->dom_mod_count))
+                return False;
+	if (!smb_io_time("creation_time", &info->creation_time, ps, depth))
+                return False;
+
+	if (!smb_io_bufhdr2("hdr_sec_desc", &info->hdr_sec_desc, ps, depth))
+                return False;
+	if (!smb_io_unihdr("hdr_unknown", &info->hdr_unknown, ps, depth))
+                return False;
+
+	if (ps->data_offset + 40 > ps->buffer_size)
+                return False;
+        ps->data_offset += 40;
+
+	if (!smb_io_unistr2("uni_dom_name", &info->uni_dom_name,
+                            info->hdr_dom_name.buffer, ps, depth))
+                return False;
+	if (!smb_io_unistr2("buf_oem_info", &info->buf_oem_info,
+                            info->hdr_oem_info.buffer, ps, depth))
+                return False;
+
+	if (!smb_io_buffer4("buf_sec_desc", &info->buf_sec_desc,
+                            info->hdr_sec_desc.buffer, ps, depth))
+                return False;
+	if (!smb_io_unistr2("buf_unknown", &info->buf_unknown,
+                            info->hdr_unknown.buffer, ps, depth))
+                return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+static BOOL net_io_sam_group_info(char *desc, SAM_GROUP_INFO * info,
+				  prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "net_io_sam_group_info");
+	depth++;
+
+	if (!smb_io_unihdr("hdr_grp_name", &info->hdr_grp_name, ps, depth))
+                return False;
+	if (!smb_io_gid("gid", &info->gid, ps, depth))
+                return False;
+	if (!smb_io_unihdr("hdr_grp_desc", &info->hdr_grp_desc, ps, depth))
+                return False;
+	if (!smb_io_bufhdr2("hdr_sec_desc", &info->hdr_sec_desc, ps, depth))
+                return False;
+
+        if (ps->data_offset + 48 > ps->buffer_size)
+                return False;
+	ps->data_offset += 48;
+
+	if (!smb_io_unistr2("uni_grp_name", &info->uni_grp_name,
+                            info->hdr_grp_name.buffer, ps, depth))
+                return False;
+	if (!smb_io_unistr2("uni_grp_desc", &info->uni_grp_desc,
+                            info->hdr_grp_desc.buffer, ps, depth))
+                return False;
+	if (!smb_io_buffer4("buf_sec_desc", &info->buf_sec_desc,
+                            info->hdr_sec_desc.buffer, ps, depth))
+                return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+static BOOL net_io_sam_passwd_info(char *desc, SAM_PWD * pwd,
+				   prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "net_io_sam_passwd_info");
+	depth++;
+
+	if (!prs_uint32("unk_0 ", ps, depth, &pwd->unk_0))
+                return False;
+
+	if (!smb_io_unihdr("hdr_lm_pwd", &pwd->hdr_lm_pwd, ps, depth))
+                return False;
+	if (!prs_uint8s(False, "buf_lm_pwd", ps, depth, pwd->buf_lm_pwd, 16))
+                return False;
+
+	if (!smb_io_unihdr("hdr_nt_pwd", &pwd->hdr_nt_pwd, ps, depth))
+                return False;
+	if (!prs_uint8s(False, "buf_nt_pwd", ps, depth, pwd->buf_nt_pwd, 16))
+                return False;
+
+	if (!smb_io_unihdr("", &pwd->hdr_empty_lm, ps, depth))
+                return False;
+	if (!smb_io_unihdr("", &pwd->hdr_empty_nt, ps, depth))
+                return False;
+
+	return True;
+}
+
+/*******************************************************************
+makes a SAM_ACCOUNT_INFO structure.
+********************************************************************/
+BOOL make_sam_account_info(SAM_ACCOUNT_INFO * info,
+			   const UNISTR2 *user_name,
+			   const UNISTR2 *full_name,
+			   uint32 user_rid, uint32 group_rid,
+			   const UNISTR2 *home_dir,
+			   const UNISTR2 *dir_drive,
+			   const UNISTR2 *log_scr,
+			   const UNISTR2 *desc,
+			   uint32 acb_info,
+			   const UNISTR2 *prof_path,
+			   const UNISTR2 *wkstas,
+			   const UNISTR2 *unk_str, const UNISTR2 *mung_dial)
+{
+	int len_user_name = user_name != NULL ? user_name->uni_str_len : 0;
+	int len_full_name = full_name != NULL ? full_name->uni_str_len : 0;
+	int len_home_dir = home_dir != NULL ? home_dir->uni_str_len : 0;
+	int len_dir_drive = dir_drive != NULL ? dir_drive->uni_str_len : 0;
+	int len_logon_script = log_scr != NULL ? log_scr->uni_str_len : 0;
+	int len_profile_path = prof_path != NULL ? prof_path->uni_str_len : 0;
+	int len_description = desc != NULL ? desc->uni_str_len : 0;
+	int len_workstations = wkstas != NULL ? wkstas->uni_str_len : 0;
+	int len_unknown_str = unk_str != NULL ? unk_str->uni_str_len : 0;
+	int len_munged_dial = mung_dial != NULL ? mung_dial->uni_str_len : 0;
+
+	DEBUG(5, ("make_sam_account_info\n"));
+
+	make_uni_hdr(&info->hdr_acct_name, len_user_name);
+	make_uni_hdr(&info->hdr_full_name, len_full_name);
+	make_uni_hdr(&info->hdr_home_dir, len_home_dir);
+	make_uni_hdr(&info->hdr_dir_drive, len_dir_drive);
+	make_uni_hdr(&info->hdr_logon_script, len_logon_script);
+	make_uni_hdr(&info->hdr_profile, len_profile_path);
+	make_uni_hdr(&info->hdr_acct_desc, len_description);
+	make_uni_hdr(&info->hdr_workstations, len_workstations);
+	make_uni_hdr(&info->hdr_comment, len_unknown_str);
+	make_uni_hdr(&info->hdr_parameters, len_munged_dial);
+
+	/* not present */
+	make_bufhdr2(&info->hdr_sec_desc, 0, 0, 0);
+
+	info->user_rid = user_rid;
+	info->group_rid = group_rid;
+
+	init_nt_time(&info->logon_time);
+	init_nt_time(&info->logoff_time);
+	init_nt_time(&info->pwd_last_set_time);
+	init_nt_time(&info->acct_expiry_time);
+
+	info->logon_divs = 0xA8;
+	info->ptr_logon_hrs = 0;	/* Don't care right now */
+
+	info->bad_pwd_count = 0;
+	info->logon_count = 0;
+	info->acb_info = acb_info;
+	info->nt_pwd_present = 0;
+	info->lm_pwd_present = 0;
+	info->pwd_expired = 0;
+	info->country = 0;
+	info->codepage = 0;
+
+	info->unknown1 = 0x4EC;
+	info->unknown2 = 0;
+
+	copy_unistr2(&info->uni_acct_name, user_name);
+	copy_unistr2(&info->uni_full_name, full_name);
+	copy_unistr2(&info->uni_home_dir, home_dir);
+	copy_unistr2(&info->uni_dir_drive, dir_drive);
+	copy_unistr2(&info->uni_logon_script, log_scr);
+	copy_unistr2(&info->uni_profile, prof_path);
+	copy_unistr2(&info->uni_acct_desc, desc);
+	copy_unistr2(&info->uni_workstations, wkstas);
+	copy_unistr2(&info->uni_comment, unk_str);
+	copy_unistr2(&info->uni_parameters, mung_dial);
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+static BOOL net_io_sam_account_info(char *desc, uint8 sess_key[16],
+				    SAM_ACCOUNT_INFO * info, prs_struct *ps,
+				    int depth)
+{
+	BUFHDR2 hdr_priv_data;
+	uint32 i;
+
+	prs_debug(ps, depth, desc, "net_io_sam_account_info");
+	depth++;
+
+	if (!smb_io_unihdr("hdr_acct_name", &info->hdr_acct_name, ps, depth))
+                return False;
+	if (!smb_io_unihdr("hdr_full_name", &info->hdr_full_name, ps, depth))
+                return False;
+
+	if (!prs_uint32("user_rid ", ps, depth, &info->user_rid))
+                return False;
+	if (!prs_uint32("group_rid", ps, depth, &info->group_rid))
+                return False;
+
+	if (!smb_io_unihdr("hdr_home_dir ", &info->hdr_home_dir, ps, depth))
+                return False;
+	if (!smb_io_unihdr("hdr_dir_drive", &info->hdr_dir_drive, ps, depth))
+                return False;
+	if (!smb_io_unihdr("hdr_logon_script", &info->hdr_logon_script, ps,
+                           depth))
+                return False;
+
+	if (!smb_io_unihdr("hdr_acct_desc", &info->hdr_acct_desc, ps, depth))
+                return False;
+	if (!smb_io_unihdr("hdr_workstations", &info->hdr_workstations, ps,
+                           depth))
+                return False;
+
+	if (!smb_io_time("logon_time", &info->logon_time, ps, depth))
+                return False;
+	if (!smb_io_time("logoff_time", &info->logoff_time, ps, depth))
+                return False;
+
+	if (!prs_uint32("logon_divs   ", ps, depth, &info->logon_divs))
+                return False;
+	if (!prs_uint32("ptr_logon_hrs", ps, depth, &info->ptr_logon_hrs))
+                return False;
+
+	if (!prs_uint16("bad_pwd_count", ps, depth, &info->bad_pwd_count))
+                return False;
+	if (!prs_uint16("logon_count", ps, depth, &info->logon_count))
+                return False;
+	if (!smb_io_time("pwd_last_set_time", &info->pwd_last_set_time, ps,
+                         depth))
+                return False;
+	if (!smb_io_time("acct_expiry_time", &info->acct_expiry_time, ps, 
+                         depth))
+                return False;
+
+	if (!prs_uint32("acb_info", ps, depth, &info->acb_info))
+                return False;
+	if (!prs_uint8s(False, "nt_pwd", ps, depth, info->nt_pwd, 16))
+                return False;
+	if (!prs_uint8s(False, "lm_pwd", ps, depth, info->lm_pwd, 16))
+                return False;
+	if (!prs_uint8("lm_pwd_present", ps, depth, &info->lm_pwd_present))
+                return False;
+	if (!prs_uint8("nt_pwd_present", ps, depth, &info->nt_pwd_present))
+                return False;
+	if (!prs_uint8("pwd_expired", ps, depth, &info->pwd_expired))
+                return False;
+
+	if (!smb_io_unihdr("hdr_comment", &info->hdr_comment, ps, depth))
+                return False;
+	if (!smb_io_unihdr("hdr_parameters", &info->hdr_parameters, ps, 
+                           depth))
+                return False;
+	if (!prs_uint16("country", ps, depth, &info->country))
+                return False;
+	if (!prs_uint16("codepage", ps, depth, &info->codepage))
+                return False;
+
+	if (!smb_io_bufhdr2("hdr_priv_data", &hdr_priv_data, ps, depth))
+                return False;
+	if (!smb_io_bufhdr2("hdr_sec_desc", &info->hdr_sec_desc, ps, depth))
+                return False;
+	if (!smb_io_unihdr("hdr_profile", &info->hdr_profile, ps, depth))
+                return False;
+
+	for (i = 0; i < 3; i++)
+	{
+		if (!smb_io_unihdr("hdr_reserved", &info->hdr_reserved[i], 
+                                   ps, depth))
+                        return False;                                          
+	}
+
+	for (i = 0; i < 4; i++)
+	{
+		if (!prs_uint32("dw_reserved", ps, depth, 
+                                &info->dw_reserved[i]))
+                        return False;
+	}
+
+	if (!smb_io_unistr2("uni_acct_name", &info->uni_acct_name,
+                            info->hdr_acct_name.buffer, ps, depth))
+                return False;
+	prs_align(ps);
+	if (!smb_io_unistr2("uni_full_name", &info->uni_full_name,
+                            info->hdr_full_name.buffer, ps, depth))
+                return False;
+	prs_align(ps);
+	if (!smb_io_unistr2("uni_home_dir ", &info->uni_home_dir,
+                            info->hdr_home_dir.buffer, ps, depth))
+                return False;
+	prs_align(ps);
+	if (!smb_io_unistr2("uni_dir_drive", &info->uni_dir_drive,
+                            info->hdr_dir_drive.buffer, ps, depth))
+                return False;
+	prs_align(ps);
+	if (!smb_io_unistr2("uni_logon_script", &info->uni_logon_script,
+                            info->hdr_logon_script.buffer, ps, depth))
+                return False;
+	prs_align(ps);
+	if (!smb_io_unistr2("uni_acct_desc", &info->uni_acct_desc,
+                            info->hdr_acct_desc.buffer, ps, depth))
+                return False;
+	prs_align(ps);
+	if (!smb_io_unistr2("uni_workstations", &info->uni_workstations,
+                            info->hdr_workstations.buffer, ps, depth))
+                return False;
+	prs_align(ps);
+
+	if (!prs_uint32("unknown1", ps, depth, &info->unknown1))
+                return False;
+	if (!prs_uint32("unknown2", ps, depth, &info->unknown2))
+                return False;
+
+	if (!smb_io_buffer4("buf_logon_hrs", &info->buf_logon_hrs,
+                            info->ptr_logon_hrs, ps, depth))
+                return False;
+	prs_align(ps);
+	if (!smb_io_unistr2("uni_comment", &info->uni_comment,
+                            info->hdr_comment.buffer, ps, depth))
+                return False;
+	prs_align(ps);
+	if (!smb_io_unistr2("uni_parameters", &info->uni_parameters,
+                            info->hdr_parameters.buffer, ps, depth))
+                return False;
+	prs_align(ps);
+	if (hdr_priv_data.buffer != 0)
+	{
+		int old_offset = 0;
+		uint32 len = 0x44;
+		if (!prs_uint32("pwd_len", ps, depth, &len))
+                        return False;
+		old_offset = ps->data_offset;
+		if (len == 0x44)
+		{
+			if (ps->io)
+			{
+				/* reading */
+                                if (!prs_hash1(ps, ps->data_offset, sess_key))
+                                        return False;
+			}
+			if (!net_io_sam_passwd_info("pass", &info->pass, 
+                                                    ps, depth))
+                                return False;
+
+			if (!ps->io)
+			{
+				/* writing */
+                                if (!prs_hash1(ps, old_offset, sess_key))
+                                        return False;
+			}
+		}
+                if (old_offset + len > ps->buffer_size)
+                        return False;
+		ps->data_offset = old_offset + len;
+	}
+	if (!smb_io_buffer4("buf_sec_desc", &info->buf_sec_desc,
+                            info->hdr_sec_desc.buffer, ps, depth))
+                return False;
+	prs_align(ps);
+	if (!smb_io_unistr2("uni_profile", &info->uni_profile,
+                            info->hdr_profile.buffer, ps, depth))
+                return False;
+
+	prs_align(ps);
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+static BOOL net_io_sam_group_mem_info(char *desc, SAM_GROUP_MEM_INFO * info,
+				      prs_struct *ps, int depth)
+{
+	uint32 i;
+	fstring tmp;
+
+	prs_debug(ps, depth, desc, "net_io_sam_group_mem_info");
+	depth++;
+
+	prs_align(ps);
+	if (!prs_uint32("ptr_rids   ", ps, depth, &info->ptr_rids))
+                return False;
+	if (!prs_uint32("ptr_attribs", ps, depth, &info->ptr_attribs))
+                return False;
+	if (!prs_uint32("num_members", ps, depth, &info->num_members))
+                return False;
+
+        if (ps->data_offset + 16 > ps->buffer_size)
+                return False;
+	ps->data_offset += 16;
+
+	if (info->ptr_rids != 0)
+	{
+		if (!prs_uint32("num_members2", ps, depth, 
+                                &info->num_members2))
+                        return False;
+
+		if (info->num_members2 != info->num_members)
+		{
+			/* RPC fault */
+			return False;
+		}
+
+                info->rids = talloc(ps->mem_ctx, sizeof(uint32) *
+                                    info->num_members2);
+
+                if (info->rids == NULL) {
+                        DEBUG(0, ("out of memory allocating %d rids\n",
+                                  info->num_members2));
+                        return False;
+                }
+
+		for (i = 0; i < info->num_members2; i++)
+		{
+			slprintf(tmp, sizeof(tmp) - 1, "rids[%02d]", i);
+			if (!prs_uint32(tmp, ps, depth, &info->rids[i]))
+                                return False;
+		}
+	}
+
+	if (info->ptr_attribs != 0)
+	{
+		if (!prs_uint32("num_members3", ps, depth, 
+                                &info->num_members3))
+                        return False;
+		if (info->num_members3 != info->num_members)
+		{
+			/* RPC fault */
+			return False;
+		}
+
+                info->attribs = talloc(ps->mem_ctx, sizeof(uint32) *
+                                       info->num_members3);
+
+                if (info->attribs == NULL) {
+                        DEBUG(0, ("out of memory allocating %d attribs\n",
+                                  info->num_members3));
+                        return False;
+                }
+
+		for (i = 0; i < info->num_members3; i++)
+		{
+			slprintf(tmp, sizeof(tmp) - 1, "attribs[%02d]", i);
+			if (!prs_uint32(tmp, ps, depth, &info->attribs[i]))
+                                return False;
+		}
+	}
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+static BOOL net_io_sam_alias_info(char *desc, SAM_ALIAS_INFO * info,
+				  prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "net_io_sam_alias_info");
+	depth++;
+
+	if (!smb_io_unihdr("hdr_als_name", &info->hdr_als_name, ps, depth))
+                return False;
+	if (!prs_uint32("als_rid", ps, depth, &info->als_rid))
+                return False;
+	if (!smb_io_bufhdr2("hdr_sec_desc", &info->hdr_sec_desc, ps, depth))
+                return False;
+	if (!smb_io_unihdr("hdr_als_desc", &info->hdr_als_desc, ps, depth))
+                return False;
+
+        if (ps->data_offset + 40 > ps->buffer_size)
+                return False;
+	ps->data_offset += 40;
+
+	if (!smb_io_unistr2("uni_als_name", &info->uni_als_name,
+                            info->hdr_als_name.buffer, ps, depth))
+                return False;
+	if (!smb_io_buffer4("buf_sec_desc", &info->buf_sec_desc,
+                            info->hdr_sec_desc.buffer, ps, depth))
+                return False;
+	if (!smb_io_unistr2("uni_als_desc", &info->uni_als_desc,
+                            info->hdr_als_name.buffer, ps, depth))
+                return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+static BOOL net_io_sam_alias_mem_info(char *desc, SAM_ALIAS_MEM_INFO * info,
+				      prs_struct *ps, int depth)
+{
+	uint32 i;
+	fstring tmp;
+
+	prs_debug(ps, depth, desc, "net_io_sam_alias_mem_info");
+	depth++;
+
+	prs_align(ps);
+	if (!prs_uint32("num_members", ps, depth, &info->num_members))
+                return False;
+	if (!prs_uint32("ptr_members", ps, depth, &info->ptr_members))
+                return False;
+
+	if (info->ptr_members != 0)
+	{
+                if (ps->data_offset + 16 > ps->buffer_size)
+                        return False;
+                ps->data_offset += 16;
+
+		if (!prs_uint32("num_sids", ps, depth, &info->num_sids))
+                        return False;
+		if (info->num_sids != info->num_members)
+		{
+			/* RPC fault */
+			return False;
+		}
+
+                info->ptr_sids = talloc(ps->mem_ctx, sizeof(uint32) *
+                                        info->num_sids);
+                
+                if (info->ptr_sids == NULL) {
+                        DEBUG(0, ("out of memory allocating %d ptr_sids\n",
+                                  info->num_sids));
+                        return False;
+                }
+
+		for (i = 0; i < info->num_sids; i++)
+		{
+			slprintf(tmp, sizeof(tmp) - 1, "ptr_sids[%02d]", i);
+			if (!prs_uint32(tmp, ps, depth, &info->ptr_sids[i]))
+                                return False;
+		}
+
+                info->sids = talloc(ps->mem_ctx, sizeof(DOM_SID2) *
+                                    info->num_sids);
+
+                if (info->sids == NULL) {
+                        DEBUG(0, ("error allocating %d sids\n",
+                                  info->num_sids));
+                        return False;
+                }
+
+		for (i = 0; i < info->num_sids; i++)
+		{
+			if (info->ptr_sids[i] != 0)
+			{
+				slprintf(tmp, sizeof(tmp) - 1, "sids[%02d]",
+					 i);
+				if (!smb_io_dom_sid2(tmp, &info->sids[i], 
+                                                     ps, depth))
+                                        return False;
+			}
+		}
+	}
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+static BOOL net_io_sam_dom_info(char *desc, SAM_DELTA_DOM *info,
+				      prs_struct *ps, int depth)
+{
+	int i;
+
+	prs_debug(ps, depth, desc, "net_io_sam_dom_info");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if (!prs_uint32("unknown1", ps, depth, &info->unknown1))
+                return False;
+	if (!prs_uint32("unknown2", ps, depth, &info->unknown2))
+                return False;
+	if (!prs_uint32("unknown3", ps, depth, &info->unknown3))
+                return False;
+	if (!prs_uint32("unknown4", ps, depth, &info->unknown4))
+                return False;
+	if (!prs_uint32("count1", ps, depth, &info->count1))
+                return False;
+	if (!prs_uint32("ptr1", ps, depth, &info->ptr1))
+                return False;
+
+	if (!prs_uint16("count2", ps, depth, &info->count2))
+                return False;
+	if (!prs_uint16("count3", ps, depth, &info->count3))
+                return False;
+
+	if (!prs_uint32("ptr2", ps, depth, &info->ptr2))
+                return False;
+	if (!prs_uint32("ptr3", ps, depth, &info->ptr3))
+                return False;
+
+	if (!prs_uint32("unknown4b", ps, depth, &info->unknown4b))
+                return False;
+	if (!prs_uint32("unknown5", ps, depth, &info->unknown5))
+                return False;
+	if (!prs_uint32("unknown6", ps, depth, &info->unknown6))
+                return False;
+	if (!prs_uint32("unknown7", ps, depth, &info->unknown7))
+                return False;
+	if (!prs_uint32("unknown8", ps, depth, &info->unknown8))
+                return False;
+	if (!prs_uint32("unknown9", ps, depth, &info->unknown9))
+                return False;
+	if (!prs_uint32("unknown10", ps, depth, &info->unknown10))
+                return False;
+	if (!prs_uint32("unknown11", ps, depth, &info->unknown11))
+                return False;
+	if (!prs_uint32("unknown12", ps, depth, &info->unknown12))
+                return False;
+
+	if (!prs_uint32("unknown13", ps, depth, &info->unknown13))
+                return False;
+	if (!prs_uint32("unknown14", ps, depth, &info->unknown14))
+                return False;
+	if (!prs_uint32("unknown15", ps, depth, &info->unknown15))
+                return False;
+	if (!prs_uint32("unknown16", ps, depth, &info->unknown16))
+                return False;
+	if (!prs_uint32("unknown17", ps, depth, &info->unknown17))
+                return False;
+
+	for (i=0; i<info->count2; i++)
+		if (!prs_uint32("unknown18", ps, depth, &info->unknown18))
+	                return False;
+
+	if (!prs_uint32("unknown19", ps, depth, &info->unknown19))
+                return False;
+
+	for (i=0; i<info->count1; i++)
+		if (!prs_uint32("unknown20", ps, depth, &info->unknown20))
+        	        return False;
+
+	if (!prs_uint32("ptr4", ps, depth, &info->ptr4))
+                return False;
+
+	if (!smb_io_unistr2("domain_name", &info->domain_name, True, ps, depth))
+                return False;
+
+	if(!smb_io_dom_sid2("domain_sid", &info->domain_sid, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+static BOOL net_io_sam_unk0e_info(char *desc, SAM_DELTA_UNK0E *info,
+				      prs_struct *ps, int depth)
+{
+	int i;
+
+	prs_debug(ps, depth, desc, "net_io_sam_unk0e_info");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("buf_size", ps, depth, &info->buf_size))
+                return False;
+
+	if(!sec_io_desc("sec_desc", &info->sec_desc, ps, depth))
+		return False;
+
+	if(!smb_io_dom_sid2("sid", &info->sid, ps, depth))
+		return False;
+
+	if(!smb_io_unihdr("hdr_domain", &info->hdr_domain, ps, depth))
+		return False;
+
+	if(!prs_uint32("unknown0", ps, depth, &info->unknown0))
+                return False;
+	if(!prs_uint32("unknown1", ps, depth, &info->unknown1))
+                return False;
+	if(!prs_uint32("unknown2", ps, depth, &info->unknown2))
+                return False;
+
+	if(!prs_uint32("buf_size2", ps, depth, &info->buf_size2))
+                return False;
+	if(!prs_uint32("ptr", ps, depth, &info->ptr))
+                return False;
+
+	for (i=0; i<12; i++)
+		if(!prs_uint32("unknown3", ps, depth, &info->unknown3))
+                	return False;
+
+	if (!smb_io_unistr2("domain", &info->domain, True, ps, depth))
+                return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+static BOOL net_io_sam_unk12_info(char *desc, SAM_DELTA_UNK12 *info,
+				      prs_struct *ps, int depth)
+{
+	int i;
+
+	prs_debug(ps, depth, desc, "net_io_sam_unk12_info");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("buf_size", ps, depth, &info->buf_size))
+                return False;
+
+	if(!sec_io_desc("sec_desc", &info->sec_desc, ps, depth))
+		return False;
+
+	if (!smb_io_unistr2("secret", &info->secret, True, ps, depth))
+                return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("count1", ps, depth, &info->count1))
+                return False;
+	if(!prs_uint32("count2", ps, depth, &info->count2))
+                return False;
+	if(!prs_uint32("ptr", ps, depth, &info->ptr))
+                return False;
+
+
+	if(!smb_io_time("time1", &info->time1, ps, depth)) /* logon time */
+		return False;
+	if(!prs_uint32("count3", ps, depth, &info->count3))
+                return False;
+	if(!prs_uint32("count4", ps, depth, &info->count4))
+                return False;
+	if(!prs_uint32("ptr2", ps, depth, &info->ptr2))
+                return False;
+	if(!smb_io_time("time2", &info->time2, ps, depth)) /* logon time */
+		return False;
+	if(!prs_uint32("unknow1", ps, depth, &info->unknow1))
+                return False;
+
+
+	if(!prs_uint32("buf_size2", ps, depth, &info->buf_size2))
+                return False;
+	if(!prs_uint32("ptr3", ps, depth, &info->ptr3))
+                return False;
+	for(i=0; i<12; i++)
+		if(!prs_uint32("unknow2", ps, depth, &info->unknow2))
+                	return False;
+
+	if(!prs_uint32("chal_len", ps, depth, &info->chal_len))
+                return False;
+	if(!prs_uint32("reserved1", ps, depth, &info->reserved1))
+                return False;
+	if(!prs_uint32("chal_len2", ps, depth, &info->chal_len2))
+                return False;
+
+	if(!prs_uint8s (False, "chal", ps, depth, info->chal, info->chal_len2))
+		return False;
+
+	if(!prs_uint32("key_len", ps, depth, &info->key_len))
+                return False;
+	if(!prs_uint32("reserved2", ps, depth, &info->reserved2))
+                return False;
+	if(!prs_uint32("key_len2", ps, depth, &info->key_len2))
+                return False;
+
+	if(!prs_uint8s (False, "key", ps, depth, info->key, info->key_len2))
+		return False;
+
+
+	if(!prs_uint32("buf_size3", ps, depth, &info->buf_size3))
+                return False;
+
+	if(!sec_io_desc("sec_desc2", &info->sec_desc2, ps, depth))
+		return False;
+
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+static BOOL net_io_sam_privs_info(char *desc, SAM_DELTA_PRIVS *info,
+				      prs_struct *ps, int depth)
+{
+	int i;
+
+	prs_debug(ps, depth, desc, "net_io_sam_privs_info");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("buf_size", ps, depth, &info->buf_size))
+                return False;
+
+	if(!sec_io_desc("sec_desc", &info->sec_desc, ps, depth))
+		return False;
+
+	if(!smb_io_dom_sid2("sid", &info->sid, ps, depth))
+		return False;
+
+	if(!prs_uint32("priv_count", ps, depth, &info->priv_count))
+                return False;
+	if(!prs_uint32("reserved1", ps, depth, &info->reserved1))
+                return False;
+
+	if(!prs_uint32("ptr1", ps, depth, &info->ptr1))
+                return False;
+	if(!prs_uint32("ptr2", ps, depth, &info->ptr2))
+                return False;
+
+	if(!prs_uint32("unknown1", ps, depth, &info->unknown1))
+                return False;
+	if(!prs_uint32("unknown2", ps, depth, &info->unknown2))
+                return False;
+	if(!prs_uint32("unknown3", ps, depth, &info->unknown3))
+                return False;
+	if(!prs_uint32("unknown4", ps, depth, &info->unknown4))
+                return False;
+	if(!prs_uint32("unknown5", ps, depth, &info->unknown5))
+                return False;
+	if(!prs_uint32("unknown6", ps, depth, &info->unknown6))
+                return False;
+	if(!prs_uint32("unknown7", ps, depth, &info->unknown7))
+                return False;
+	if(!prs_uint32("unknown8", ps, depth, &info->unknown8))
+                return False;
+	if(!prs_uint32("unknown9", ps, depth, &info->unknown9))
+                return False;
+
+	if(!prs_uint32("buf_size2", ps, depth, &info->buf_size2))
+                return False;
+	if(!prs_uint32("ptr3", ps, depth, &info->ptr3))
+                return False;
+
+	for (i=0; i<12; i++)
+		if(!prs_uint32("unknown10", ps, depth, &info->unknown10))
+	                return False;
+
+	if(!prs_uint32("attribute_count", ps, depth, &info->attribute_count))
+                return False;
+
+	info->attributes = talloc(ps->mem_ctx, sizeof(uint32) * info->attribute_count);
+
+	for (i=0; i<info->attribute_count; i++)
+		if(!prs_uint32("attributes", ps, depth, &info->attributes[i]))
+	                return False;
+
+	if(!prs_uint32("privlist_count", ps, depth, &info->privlist_count))
+                return False;
+
+	info->hdr_privslist = talloc(ps->mem_ctx, sizeof(UNIHDR) * info->privlist_count);
+	info->uni_privslist = talloc(ps->mem_ctx, sizeof(UNISTR2) * info->privlist_count);
+
+	for (i=0; i<info->privlist_count; i++)
+		if(!smb_io_unihdr("hdr_privslist", &info->hdr_privslist[i], ps, depth))
+			return False;
+
+	for (i=0; i<info->privlist_count; i++)
+		if (!smb_io_unistr2("uni_privslist", &info->uni_privslist[i], True, ps, depth))
+			return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+static BOOL net_io_sam_delta_ctr(char *desc, uint8 sess_key[16],
+				 SAM_DELTA_CTR * delta, uint16 type,
+				 prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "net_io_sam_delta_ctr");
+	depth++;
+
+	switch (type) {
+                /* Seen in sam deltas */
+                case SAM_DELTA_SAM_STAMP:
+                        if (!net_io_sam_delta_stamp("", &delta->stamp, ps, depth))
+                                return False;
+                        break;
+
+		case SAM_DELTA_DOMAIN_INFO:
+			if (!net_io_sam_domain_info("", &delta->domain_info, ps, depth))
+                                return False;
+			break;
+
+		case SAM_DELTA_GROUP_INFO:
+			if (!net_io_sam_group_info("", &delta->group_info, ps, depth))
+                                return False;
+			break;
+
+		case SAM_DELTA_ACCOUNT_INFO:
+			if (!net_io_sam_account_info("", sess_key, &delta->account_info, ps, depth))
+                                return False;
+			break;
+
+		case SAM_DELTA_GROUP_MEM:
+			if (!net_io_sam_group_mem_info("", &delta->grp_mem_info, ps, depth))
+                                return False;
+			break;
+
+		case SAM_DELTA_ALIAS_INFO:
+                        if (!net_io_sam_alias_info("", &delta->alias_info, ps, depth))
+                                return False;
+			break;
+
+		case SAM_DELTA_DOM_INFO:
+                        if (!net_io_sam_dom_info("", &delta->dom_info, ps, depth))
+                                return False;
+			break;
+
+		case SAM_DELTA_ALIAS_MEM:
+			if (!net_io_sam_alias_mem_info("", &delta->als_mem_info, ps, depth))
+                                return False;
+			break;
+
+		case SAM_DELTA_PRIVS_INFO:
+			if (!net_io_sam_privs_info("", &delta->privs_info, ps, depth))
+                                return False;
+			break;
+
+		case SAM_DELTA_UNK0E_INFO:
+			if (!net_io_sam_unk0e_info("", &delta->unk0e_info, ps, depth))
+                                return False;
+			break;
+
+		case SAM_DELTA_UNK12_INFO:
+			if (!net_io_sam_unk12_info("", &delta->unk12_info, ps, depth))
+                                return False;
+			break;
+
+		default:
+			DEBUG(0, ("Replication error: Unknown delta type 0x%x\n", type));
+			break;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+BOOL net_io_r_sam_sync(char *desc, uint8 sess_key[16],
+		       NET_R_SAM_SYNC * r_s, prs_struct *ps, int depth)
+{
+	uint32 i;
+
+	prs_debug(ps, depth, desc, "net_io_r_sam_sync");
+	depth++;
+
+	if (!smb_io_cred("srv_creds", &r_s->srv_creds, ps, depth))
+                return False;
+	if (!prs_uint32("sync_context", ps, depth, &r_s->sync_context))
+                return False;
+
+	if (!prs_uint32("ptr_deltas", ps, depth, &r_s->ptr_deltas))
+                return False;
+	if (r_s->ptr_deltas != 0)
+	{
+		if (!prs_uint32("num_deltas ", ps, depth, &r_s->num_deltas))
+                        return False;
+		if (!prs_uint32("ptr_deltas2", ps, depth, &r_s->ptr_deltas2))
+                        return False;
+		if (r_s->ptr_deltas2 != 0)
+		{
+			if (!prs_uint32("num_deltas2", ps, depth,
+                                        &r_s->num_deltas2))
+                                return False;
+
+			if (r_s->num_deltas2 != r_s->num_deltas)
+			{
+				/* RPC fault */
+				return False;
+			}
+
+                        if (r_s->num_deltas2 > 0) {
+                                r_s->hdr_deltas = (SAM_DELTA_HDR *)
+                                        talloc(ps->mem_ctx, r_s->num_deltas2 *
+                                               sizeof(SAM_DELTA_HDR));
+                          
+                                if (r_s->hdr_deltas == NULL) {
+                                        DEBUG(0, ("error tallocating memory "
+                                                  "for %d delta headers\n", 
+                                                  r_s->num_deltas2));
+                                        return False;
+                                }
+                        }
+
+			for (i = 0; i < r_s->num_deltas2; i++)
+			{
+				if (!net_io_sam_delta_hdr("", 
+                                                          &r_s->hdr_deltas[i],
+                                                          ps, depth))
+                                        return False;
+			}
+
+                        if (r_s->num_deltas2 > 0) {
+                                r_s->deltas = (SAM_DELTA_CTR *)
+                                        talloc(ps->mem_ctx, r_s->num_deltas2 *
+                                               sizeof(SAM_DELTA_CTR));
+
+                                if (r_s->deltas == NULL) {
+                                        DEBUG(0, ("error tallocating memory "
+                                                  "for %d deltas\n", 
+                                                  r_s->num_deltas2));
+                                        return False;
+                                }
+                        }
+
+			for (i = 0; i < r_s->num_deltas2; i++)
+			{
+				if (!net_io_sam_delta_ctr(
+                                        "", sess_key, &r_s->deltas[i],
+                                        r_s->hdr_deltas[i].type3,
+                                        ps, depth)) {
+                                        DEBUG(0, ("hmm, failed on i=%d\n", i));
+                                        return False;
+                                }
+			}
+		}
+	}
+
+	prs_align(ps);
+	if (!prs_ntstatus("status", ps, depth, &(r_s->status)))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+makes a NET_Q_SAM_DELTAS structure.
+********************************************************************/
+BOOL init_net_q_sam_deltas(NET_Q_SAM_DELTAS *q_s, const char *srv_name, 
+                           const char *cli_name, DOM_CRED *cli_creds, 
+                           uint32 database_id, UINT64_S dom_mod_count)
+{
+	DEBUG(5, ("init_net_q_sam_deltas\n"));
+
+	init_unistr2(&q_s->uni_srv_name, srv_name, strlen(srv_name) + 1);
+	init_unistr2(&q_s->uni_cli_name, cli_name, strlen(cli_name) + 1);
+
+	memcpy(&q_s->cli_creds, cli_creds, sizeof(q_s->cli_creds));
+	memset(&q_s->ret_creds, 0, sizeof(q_s->ret_creds));
+
+	q_s->database_id = database_id;
+        q_s->dom_mod_count.low = dom_mod_count.low;
+        q_s->dom_mod_count.high = dom_mod_count.high;
+	q_s->max_size = 0xffff;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+BOOL net_io_q_sam_deltas(char *desc, NET_Q_SAM_DELTAS *q_s, prs_struct *ps,
+                         int depth)
+{
+	prs_debug(ps, depth, desc, "net_io_q_sam_deltas");
+	depth++;
+
+	if (!smb_io_unistr2("", &q_s->uni_srv_name, True, ps, depth))
+                return False;
+	if (!smb_io_unistr2("", &q_s->uni_cli_name, True, ps, depth))
+                return False;
+
+	if (!smb_io_cred("", &q_s->cli_creds, ps, depth))
+                return False;
+	if (!smb_io_cred("", &q_s->ret_creds, ps, depth))
+                return False;
+
+	if (!prs_uint32("database_id  ", ps, depth, &q_s->database_id))
+                return False;
+        if (!prs_uint64("dom_mod_count", ps, depth, &q_s->dom_mod_count))
+                return False;
+	if (!prs_uint32("max_size", ps, depth, &q_s->max_size))
+                return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+BOOL net_io_r_sam_deltas(char *desc, uint8 sess_key[16],
+                         NET_R_SAM_DELTAS *r_s, prs_struct *ps, int depth)
+{
+        int i;
+
+	prs_debug(ps, depth, desc, "net_io_r_sam_deltas");
+	depth++;
+
+	if (!smb_io_cred("srv_creds", &r_s->srv_creds, ps, depth))
+                return False;
+        if (!prs_uint64("dom_mod_count", ps, depth, &r_s->dom_mod_count))
+                return False;
+
+	if (!prs_uint32("ptr_deltas", ps, depth, &r_s->ptr_deltas))
+                return False;
+	if (!prs_uint32("num_deltas", ps, depth, &r_s->num_deltas))
+                return False;
+	if (!prs_uint32("ptr_deltas2", ps, depth, &r_s->num_deltas2))
+                return False;
+
+	if (r_s->num_deltas2 != 0)
+	{
+		if (!prs_uint32("num_deltas2 ", ps, depth, &r_s->num_deltas2))
+                        return False;
+
+		if (r_s->ptr_deltas != 0)
+		{
+                        if (r_s->num_deltas > 0) {
+                                r_s->hdr_deltas = (SAM_DELTA_HDR *)
+                                        talloc(ps->mem_ctx, r_s->num_deltas *
+                                               sizeof(SAM_DELTA_HDR));
+                                if (r_s->hdr_deltas == NULL) {
+                                        DEBUG(0, ("error tallocating memory "
+                                                  "for %d delta headers\n", 
+                                                  r_s->num_deltas));
+                                        return False;
+                                }
+                        }
+
+			for (i = 0; i < r_s->num_deltas; i++)
+			{
+				net_io_sam_delta_hdr("", &r_s->hdr_deltas[i],
+                                                      ps, depth);
+			}
+                        
+                        if (r_s->num_deltas > 0) {
+                                r_s->deltas = (SAM_DELTA_CTR *)
+                                        talloc(ps->mem_ctx, r_s->num_deltas *
+                                               sizeof(SAM_DELTA_CTR));
+
+                                if (r_s->deltas == NULL) {
+                                        DEBUG(0, ("error tallocating memory "
+                                                  "for %d deltas\n", 
+                                                  r_s->num_deltas));
+                                        return False;
+                                }
+                        }
+
+			for (i = 0; i < r_s->num_deltas; i++)
+			{
+				if (!net_io_sam_delta_ctr(
+                                        "", sess_key,
+                                        &r_s->deltas[i],
+                                        r_s->hdr_deltas[i].type2,
+                                        ps, depth))
+                                        
+                                        return False;
+			}
+		}
+	}
+
+	prs_align(ps);
+	if (!prs_ntstatus("status", ps, depth, &r_s->status))
+                return False;
+
+	return True;
+}
diff --git a/source3/rpc_parse/parse_prs.c b/source3/rpc_parse/parse_prs.c
new file mode 100644
index 0000000000..6d65d5cc7f
--- /dev/null
+++ b/source3/rpc_parse/parse_prs.c
@@ -0,0 +1,1265 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Samba memory buffer functions
+   Copyright (C) Andrew Tridgell              1992-1997
+   Copyright (C) Luke Kenneth Casson Leighton 1996-1997
+   Copyright (C) Jeremy Allison 1999.
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/**
+ * Dump a prs to a file: from the current location through to the end.
+ **/
+void prs_dump(char *name, int v, prs_struct *ps)
+{
+	prs_dump_region(name, v, ps, ps->data_offset, ps->buffer_size);
+}
+
+
+/**
+ * Dump from the start of the prs to the current location.
+ **/
+void prs_dump_before(char *name, int v, prs_struct *ps)
+{
+	prs_dump_region(name, v, ps, 0, ps->data_offset);
+}
+
+
+/**
+ * Dump everything from the start of the prs up to the current location.
+ **/
+void prs_dump_region(char *name, int v, prs_struct *ps,
+		     int from_off, int to_off)
+{
+	int fd, i;
+	pstring fname;
+	if (DEBUGLEVEL < 50) return;
+	for (i=1;i<100;i++) {
+		if (v != -1) {
+			slprintf(fname,sizeof(fname)-1, "/tmp/%s_%d.%d.prs", name, v, i);
+		} else {
+			slprintf(fname,sizeof(fname)-1, "/tmp/%s.%d.prs", name, i);
+		}
+		fd = open(fname, O_WRONLY|O_CREAT|O_EXCL, 0644);
+		if (fd != -1 || errno != EEXIST) break;
+	}
+	if (fd != -1) {
+		write(fd, ps->data_p + from_off, to_off - from_off);
+		close(fd);
+		DEBUG(0,("created %s\n", fname));
+	}
+}
+
+
+
+/*******************************************************************
+ debug output for parsing info.
+
+ XXXX side-effect of this function is to increase the debug depth XXXX
+
+ ********************************************************************/
+void prs_debug(prs_struct *ps, int depth, char *desc, char *fn_name)
+{
+	DEBUG(5+depth, ("%s%06x %s %s\n", tab_depth(depth), ps->data_offset, fn_name, desc));
+}
+
+
+/**
+ * Initialise an expandable parse structure.
+ *
+ * @param size Initial buffer size.  If >0, a new buffer will be
+ * created with malloc().
+ *
+ * @return False if allocation fails, otherwise True.
+ **/
+BOOL prs_init(prs_struct *ps, uint32 size, TALLOC_CTX *ctx, BOOL io)
+{
+	ZERO_STRUCTP(ps);
+	ps->io = io;
+	ps->bigendian_data = RPC_LITTLE_ENDIAN;
+	ps->align = RPC_PARSE_ALIGN;
+	ps->is_dynamic = False;
+	ps->data_offset = 0;
+	ps->buffer_size = 0;
+	ps->data_p = NULL;
+	ps->mem_ctx = ctx;
+
+	if (size != 0) {
+		ps->buffer_size = size;
+		if((ps->data_p = (char *)malloc((size_t)size)) == NULL) {
+			DEBUG(0,("prs_init: malloc fail for %u bytes.\n", (unsigned int)size));
+			return False;
+		}
+		memset(ps->data_p, '\0', (size_t)size);
+		ps->is_dynamic = True; /* We own this memory. */
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ read from a socket into memory.
+ ********************************************************************/
+BOOL prs_read(prs_struct *ps, int fd, size_t len, int timeout)
+{
+	BOOL ok;
+	size_t prev_size = ps->buffer_size;
+	if (!prs_grow(ps, len))
+		return False;
+
+	if (timeout > 0) {
+		ok = (read_with_timeout(fd, &ps->data_p[prev_size],
+		                            len, len,timeout) == len);
+	} else {
+		ok = (read_data(fd, &ps->data_p[prev_size], len) == len);
+	}
+	return ok;
+}
+
+/*******************************************************************
+ Delete the memory in a parse structure - if we own it.
+ ********************************************************************/
+
+void prs_mem_free(prs_struct *ps)
+{
+	if(ps->is_dynamic)
+		SAFE_FREE(ps->data_p);
+	ps->is_dynamic = False;
+	ps->buffer_size = 0;
+	ps->data_offset = 0;
+}
+
+/*******************************************************************
+ Clear the memory in a parse structure.
+ ********************************************************************/
+
+void prs_mem_clear(prs_struct *ps)
+{
+	memset(ps->data_p, '\0', (size_t)ps->buffer_size);
+}
+
+/*******************************************************************
+ Allocate memory when unmarshalling... Always zero clears.
+ ********************************************************************/
+
+char *prs_alloc_mem(prs_struct *ps, size_t size)
+{
+	char *ret = talloc(ps->mem_ctx, size);
+
+	if (ret)
+		memset(ret, '\0', size);
+
+	return ret;
+}
+
+/*******************************************************************
+ Return the current talloc context we're using.
+ ********************************************************************/
+
+TALLOC_CTX *prs_get_mem_context(prs_struct *ps)
+{
+	return ps->mem_ctx;
+}
+
+/*******************************************************************
+ Hand some already allocated memory to a prs_struct.
+ ********************************************************************/
+
+void prs_give_memory(prs_struct *ps, char *buf, uint32 size, BOOL is_dynamic)
+{
+	ps->is_dynamic = is_dynamic;
+	ps->data_p = buf;
+	ps->buffer_size = size;
+}
+
+/*******************************************************************
+ Take some memory back from a prs_struct.
+ ********************************************************************/
+
+char *prs_take_memory(prs_struct *ps, uint32 *psize)
+{
+	char *ret = ps->data_p;
+	if(psize)
+		*psize = ps->buffer_size;
+	ps->is_dynamic = False;
+	prs_mem_free(ps);
+	return ret;
+}
+
+/*******************************************************************
+ Set a prs_struct to exactly a given size. Will grow or tuncate if neccessary.
+ ********************************************************************/
+
+BOOL prs_set_buffer_size(prs_struct *ps, uint32 newsize)
+{
+	if (newsize > ps->buffer_size)
+		return prs_force_grow(ps, newsize - ps->buffer_size);
+
+	if (newsize < ps->buffer_size) {
+		char *new_data_p = Realloc(ps->data_p, newsize);
+		/* if newsize is zero, Realloc acts like free() & returns NULL*/
+		if (new_data_p == NULL && newsize != 0) {
+			DEBUG(0,("prs_set_buffer_size: Realloc failure for size %u.\n",
+				(unsigned int)newsize));
+			DEBUG(0,("prs_set_buffer_size: Reason %s\n",strerror(errno)));
+			return False;
+		}
+		ps->data_p = new_data_p;
+		ps->buffer_size = newsize;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ Attempt, if needed, to grow a data buffer.
+ Also depends on the data stream mode (io).
+ ********************************************************************/
+
+BOOL prs_grow(prs_struct *ps, uint32 extra_space)
+{
+	uint32 new_size;
+	char *new_data;
+
+	ps->grow_size = MAX(ps->grow_size, ps->data_offset + extra_space);
+
+	if(ps->data_offset + extra_space <= ps->buffer_size)
+		return True;
+
+	/*
+	 * We cannot grow the buffer if we're not reading
+	 * into the prs_struct, or if we don't own the memory.
+	 */
+
+	if(UNMARSHALLING(ps) || !ps->is_dynamic) {
+		DEBUG(0,("prs_grow: Buffer overflow - unable to expand buffer by %u bytes.\n",
+				(unsigned int)extra_space));
+		return False;
+	}
+	
+	/*
+	 * Decide how much extra space we really need.
+	 */
+
+	extra_space -= (ps->buffer_size - ps->data_offset);
+	if(ps->buffer_size == 0) {
+		/*
+		 * Ensure we have at least a PDU's length, or extra_space, whichever
+		 * is greater.
+		 */
+
+		new_size = MAX(MAX_PDU_FRAG_LEN,extra_space);
+
+		if((new_data = malloc(new_size)) == NULL) {
+			DEBUG(0,("prs_grow: Malloc failure for size %u.\n", (unsigned int)new_size));
+			return False;
+		}
+		memset(new_data, '\0', (size_t)new_size );
+	} else {
+		/*
+		 * If the current buffer size is bigger than the space needed, just 
+		 * double it, else add extra_space.
+		 */
+		new_size = MAX(ps->buffer_size*2, ps->buffer_size + extra_space);		
+
+		if ((new_data = Realloc(ps->data_p, new_size)) == NULL) {
+			DEBUG(0,("prs_grow: Realloc failure for size %u.\n",
+				(unsigned int)new_size));
+			return False;
+		}
+
+		memset(&new_data[ps->buffer_size], '\0', (size_t)(new_size - ps->buffer_size));
+	}
+	ps->buffer_size = new_size;
+	ps->data_p = new_data;
+
+	return True;
+}
+
+/*******************************************************************
+ Attempt to force a data buffer to grow by len bytes.
+ This is only used when appending more data onto a prs_struct
+ when reading an rpc reply, before unmarshalling it.
+ ********************************************************************/
+
+BOOL prs_force_grow(prs_struct *ps, uint32 extra_space)
+{
+	uint32 new_size = ps->buffer_size + extra_space;
+	char *new_data;
+
+	if(!UNMARSHALLING(ps) || !ps->is_dynamic) {
+		DEBUG(0,("prs_force_grow: Buffer overflow - unable to expand buffer by %u bytes.\n",
+				(unsigned int)extra_space));
+		return False;
+	}
+
+	if((new_data = Realloc(ps->data_p, new_size)) == NULL) {
+		DEBUG(0,("prs_force_grow: Realloc failure for size %u.\n",
+			(unsigned int)new_size));
+		return False;
+	}
+
+	memset(&new_data[ps->buffer_size], '\0', (size_t)(new_size - ps->buffer_size));
+
+	ps->buffer_size = new_size;
+	ps->data_p = new_data;
+
+	return True;
+}
+
+/*******************************************************************
+ Get the data pointer (external interface).
+ ********************************************************************/
+
+char *prs_data_p(prs_struct *ps)
+{
+	return ps->data_p;
+}
+
+/*******************************************************************
+ Get the current data size (external interface).
+ ********************************************************************/
+
+uint32 prs_data_size(prs_struct *ps)
+{
+	return ps->buffer_size;
+}
+
+/*******************************************************************
+ Fetch the current offset (external interface).
+ ********************************************************************/
+
+uint32 prs_offset(prs_struct *ps)
+{
+	return ps->data_offset;
+}
+
+/*******************************************************************
+ Set the current offset (external interface).
+ ********************************************************************/
+
+BOOL prs_set_offset(prs_struct *ps, uint32 offset)
+{
+	if(offset <= ps->data_offset) {
+		ps->data_offset = offset;
+		return True;
+	}
+
+	if(!prs_grow(ps, offset - ps->data_offset))
+		return False;
+
+	ps->data_offset = offset;
+	return True;
+}
+
+/*******************************************************************
+ Append the data from one parse_struct into another.
+ ********************************************************************/
+
+BOOL prs_append_prs_data(prs_struct *dst, prs_struct *src)
+{
+	if(!prs_grow(dst, prs_offset(src)))
+		return False;
+
+	memcpy(&dst->data_p[dst->data_offset], prs_data_p(src), (size_t)prs_offset(src));
+	dst->data_offset += prs_offset(src);
+
+	return True;
+}
+
+/*******************************************************************
+ Append some data from one parse_struct into another.
+ ********************************************************************/
+
+BOOL prs_append_some_prs_data(prs_struct *dst, prs_struct *src, int32 start, uint32 len)
+{	
+	if (len == 0)
+		return True;
+
+	if(!prs_grow(dst, len))
+		return False;
+	
+	memcpy(&dst->data_p[dst->data_offset], prs_data_p(src)+start, (size_t)len);
+	dst->data_offset += len;
+
+	return True;
+}
+
+/*******************************************************************
+ Append the data from a buffer into a parse_struct.
+ ********************************************************************/
+
+BOOL prs_append_data(prs_struct *dst, char *src, uint32 len)
+{
+	if(!prs_grow(dst, len))
+		return False;
+
+	memcpy(&dst->data_p[dst->data_offset], src, (size_t)len);
+	dst->data_offset += len;
+
+	return True;
+}
+
+/*******************************************************************
+ Set the data as X-endian (external interface).
+ ********************************************************************/
+
+void prs_set_endian_data(prs_struct *ps, BOOL endian)
+{
+	ps->bigendian_data = endian;
+}
+
+/*******************************************************************
+ Align a the data_len to a multiple of align bytes - filling with
+ zeros.
+ ********************************************************************/
+
+BOOL prs_align(prs_struct *ps)
+{
+	uint32 mod = ps->data_offset & (ps->align-1);
+
+	if (ps->align != 0 && mod != 0) {
+		uint32 extra_space = (ps->align - mod);
+		if(!prs_grow(ps, extra_space))
+			return False;
+		memset(&ps->data_p[ps->data_offset], '\0', (size_t)extra_space);
+		ps->data_offset += extra_space;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ Align only if required (for the unistr2 string mainly)
+ ********************************************************************/
+
+BOOL prs_align_needed(prs_struct *ps, uint32 needed)
+{
+	if (needed==0)
+		return True;
+	else
+		return prs_align(ps);
+}
+
+/*******************************************************************
+ Ensure we can read/write to a given offset.
+ ********************************************************************/
+
+char *prs_mem_get(prs_struct *ps, uint32 extra_size)
+{
+	if(UNMARSHALLING(ps)) {
+		/*
+		 * If reading, ensure that we can read the requested size item.
+		 */
+		if (ps->data_offset + extra_size > ps->buffer_size) {
+			DEBUG(0,("prs_mem_get: reading data of size %u would overrun buffer.\n",
+					(unsigned int)extra_size ));
+			return NULL;
+		}
+	} else {
+		/*
+		 * Writing - grow the buffer if needed.
+		 */
+		if(!prs_grow(ps, extra_size))
+			return NULL;
+	}
+	return &ps->data_p[ps->data_offset];
+}
+
+/*******************************************************************
+ Change the struct type.
+ ********************************************************************/
+
+void prs_switch_type(prs_struct *ps, BOOL io)
+{
+	if ((ps->io ^ io) == True)
+		ps->io=io;
+}
+
+/*******************************************************************
+ Force a prs_struct to be dynamic even when it's size is 0.
+ ********************************************************************/
+
+void prs_force_dynamic(prs_struct *ps)
+{
+	ps->is_dynamic=True;
+}
+
+/*******************************************************************
+ Stream a uint8.
+ ********************************************************************/
+
+BOOL prs_uint8(char *name, prs_struct *ps, int depth, uint8 *data8)
+{
+	char *q = prs_mem_get(ps, 1);
+	if (q == NULL)
+		return False;
+
+    if (UNMARSHALLING(ps))
+		*data8 = CVAL(q,0);
+	else
+		SCVAL(q,0,*data8);
+
+    DEBUG(5,("%s%04x %s: %02x\n", tab_depth(depth), ps->data_offset, name, *data8));
+
+	ps->data_offset += 1;
+
+	return True;
+}
+
+/*******************************************************************
+ Stream a uint16.
+ ********************************************************************/
+
+BOOL prs_uint16(char *name, prs_struct *ps, int depth, uint16 *data16)
+{
+	char *q = prs_mem_get(ps, sizeof(uint16));
+	if (q == NULL)
+		return False;
+
+    if (UNMARSHALLING(ps)) {
+		if (ps->bigendian_data)
+			*data16 = RSVAL(q,0);
+		else
+			*data16 = SVAL(q,0);
+    } else {
+		if (ps->bigendian_data)
+			RSSVAL(q,0,*data16);
+		else
+			SSVAL(q,0,*data16);
+	}
+
+	DEBUG(5,("%s%04x %s: %04x\n", tab_depth(depth), ps->data_offset, name, *data16));
+
+	ps->data_offset += sizeof(uint16);
+
+	return True;
+}
+
+/*******************************************************************
+ Stream a uint32.
+ ********************************************************************/
+
+BOOL prs_uint32(char *name, prs_struct *ps, int depth, uint32 *data32)
+{
+	char *q = prs_mem_get(ps, sizeof(uint32));
+	if (q == NULL)
+		return False;
+
+	if (UNMARSHALLING(ps)) {
+		if (ps->bigendian_data)
+			*data32 = RIVAL(q,0);
+		else
+			*data32 = IVAL(q,0);
+	} else {
+		if (ps->bigendian_data)
+			RSIVAL(q,0,*data32);
+		else
+			SIVAL(q,0,*data32);
+	}
+
+	DEBUG(5,("%s%04x %s: %08x\n", tab_depth(depth), ps->data_offset, name, *data32));
+
+	ps->data_offset += sizeof(uint32);
+
+	return True;
+}
+
+/*******************************************************************
+ Stream a NTSTATUS
+ ********************************************************************/
+
+BOOL prs_ntstatus(char *name, prs_struct *ps, int depth, NTSTATUS *status)
+{
+	char *q = prs_mem_get(ps, sizeof(uint32));
+	if (q == NULL)
+		return False;
+
+	if (UNMARSHALLING(ps)) {
+		if (ps->bigendian_data)
+			*status = NT_STATUS(RIVAL(q,0));
+		else
+			*status = NT_STATUS(IVAL(q,0));
+	} else {
+		if (ps->bigendian_data)
+			RSIVAL(q,0,NT_STATUS_V(*status));
+		else
+			SIVAL(q,0,NT_STATUS_V(*status));
+	}
+
+	DEBUG(5,("%s%04x %s: %s\n", tab_depth(depth), ps->data_offset, name, 
+		 nt_errstr(*status)));
+
+	ps->data_offset += sizeof(uint32);
+
+	return True;
+}
+
+/*******************************************************************
+ Stream a WERROR
+ ********************************************************************/
+
+BOOL prs_werror(char *name, prs_struct *ps, int depth, WERROR *status)
+{
+	char *q = prs_mem_get(ps, sizeof(uint32));
+	if (q == NULL)
+		return False;
+
+	if (UNMARSHALLING(ps)) {
+		if (ps->bigendian_data)
+			*status = W_ERROR(RIVAL(q,0));
+		else
+			*status = W_ERROR(IVAL(q,0));
+	} else {
+		if (ps->bigendian_data)
+			RSIVAL(q,0,W_ERROR_V(*status));
+		else
+			SIVAL(q,0,W_ERROR_V(*status));
+	}
+
+	DEBUG(5,("%s%04x %s: %s\n", tab_depth(depth), ps->data_offset, name, 
+		 dos_errstr(*status)));
+
+	ps->data_offset += sizeof(uint32);
+
+	return True;
+}
+
+
+/******************************************************************
+ Stream an array of uint8s. Length is number of uint8s.
+ ********************************************************************/
+
+BOOL prs_uint8s(BOOL charmode, char *name, prs_struct *ps, int depth, uint8 *data8s, int len)
+{
+	int i;
+	char *q = prs_mem_get(ps, len);
+	if (q == NULL)
+		return False;
+
+	if (UNMARSHALLING(ps)) {
+		for (i = 0; i < len; i++)
+			data8s[i] = CVAL(q,i);
+	} else {
+		for (i = 0; i < len; i++)
+			SCVAL(q, i, data8s[i]);
+	}
+
+    DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset ,name));
+    if (charmode)
+		print_asc(5, (unsigned char*)data8s, len);
+	else {
+    	for (i = 0; i < len; i++)
+			DEBUG(5,("%02x ", data8s[i]));
+	}
+    DEBUG(5,("\n"));
+
+	ps->data_offset += len;
+
+	return True;
+}
+
+/******************************************************************
+ Stream an array of uint16s. Length is number of uint16s.
+ ********************************************************************/
+
+BOOL prs_uint16s(BOOL charmode, char *name, prs_struct *ps, int depth, uint16 *data16s, int len)
+{
+	int i;
+	char *q = prs_mem_get(ps, len * sizeof(uint16));
+	if (q == NULL)
+		return False;
+
+	if (UNMARSHALLING(ps)) {
+		if (ps->bigendian_data) {
+			for (i = 0; i < len; i++)
+				data16s[i] = RSVAL(q, 2*i);
+		} else {
+			for (i = 0; i < len; i++)
+				data16s[i] = SVAL(q, 2*i);
+		}
+	} else {
+		if (ps->bigendian_data) {
+			for (i = 0; i < len; i++)
+				RSSVAL(q, 2*i, data16s[i]);
+		} else {
+			for (i = 0; i < len; i++)
+				SSVAL(q, 2*i, data16s[i]);
+		}
+	}
+
+	DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
+	if (charmode)
+		print_asc(5, (unsigned char*)data16s, 2*len);
+	else {
+		for (i = 0; i < len; i++)
+			DEBUG(5,("%04x ", data16s[i]));
+	}
+    DEBUG(5,("\n"));
+
+	ps->data_offset += (len * sizeof(uint16));
+
+	return True;
+}
+
+/******************************************************************
+ Start using a function for streaming unicode chars. If unmarshalling,
+ output must be little-endian, if marshalling, input must be little-endian.
+ ********************************************************************/
+
+static void dbg_rw_punival(BOOL charmode, char *name, int depth, prs_struct *ps,
+							char *in_buf, char *out_buf, int len)
+{
+	int i;
+
+	if (UNMARSHALLING(ps)) {
+		if (ps->bigendian_data) {
+			for (i = 0; i < len; i++)
+				SSVAL(out_buf,2*i,RSVAL(in_buf, 2*i));
+		} else {
+			for (i = 0; i < len; i++)
+				SSVAL(out_buf, 2*i, SVAL(in_buf, 2*i));
+		}
+	} else {
+		if (ps->bigendian_data) {
+			for (i = 0; i < len; i++)
+				RSSVAL(in_buf, 2*i, SVAL(out_buf,2*i));
+		} else {
+			for (i = 0; i < len; i++)
+				SSVAL(in_buf, 2*i, SVAL(out_buf,2*i));
+		}
+	}
+
+	DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
+	if (charmode)
+		print_asc(5, (unsigned char*)out_buf, 2*len);
+	else {
+		for (i = 0; i < len; i++)
+			DEBUG(5,("%04x ", out_buf[i]));
+	}
+    DEBUG(5,("\n"));
+}
+
+/******************************************************************
+ Stream a unistr. Always little endian.
+ ********************************************************************/
+
+BOOL prs_uint16uni(BOOL charmode, char *name, prs_struct *ps, int depth, uint16 *data16s, int len)
+{
+	char *q = prs_mem_get(ps, len * sizeof(uint16));
+	if (q == NULL)
+		return False;
+
+	dbg_rw_punival(charmode, name, depth, ps, q, (char *)data16s, len);
+	ps->data_offset += (len * sizeof(uint16));
+
+	return True;
+}
+
+/******************************************************************
+ Stream an array of uint32s. Length is number of uint32s.
+ ********************************************************************/
+
+BOOL prs_uint32s(BOOL charmode, char *name, prs_struct *ps, int depth, uint32 *data32s, int len)
+{
+	int i;
+	char *q = prs_mem_get(ps, len * sizeof(uint32));
+	if (q == NULL)
+		return False;
+
+	if (UNMARSHALLING(ps)) {
+		if (ps->bigendian_data) {
+			for (i = 0; i < len; i++)
+				data32s[i] = RIVAL(q, 4*i);
+		} else {
+			for (i = 0; i < len; i++)
+				data32s[i] = IVAL(q, 4*i);
+		}
+	} else {
+		if (ps->bigendian_data) {
+			for (i = 0; i < len; i++)
+				RSIVAL(q, 4*i, data32s[i]);
+		} else {
+			for (i = 0; i < len; i++)
+				SIVAL(q, 4*i, data32s[i]);
+		}
+	}
+
+	DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
+	if (charmode)
+		print_asc(5, (unsigned char*)data32s, 4*len);
+	else {
+		for (i = 0; i < len; i++)
+			DEBUG(5,("%08x ", data32s[i]));
+	}
+    DEBUG(5,("\n"));
+
+	ps->data_offset += (len * sizeof(uint32));
+
+	return True;
+}
+
+/******************************************************************
+ Stream an array of unicode string, length/buffer specified separately,
+ in uint16 chars. The unicode string is already in little-endian format.
+ ********************************************************************/
+
+BOOL prs_buffer5(BOOL charmode, char *name, prs_struct *ps, int depth, BUFFER5 *str)
+{
+	char *p;
+	char *q = prs_mem_get(ps, str->buf_len * sizeof(uint16));
+	if (q == NULL)
+		return False;
+
+	if (UNMARSHALLING(ps)) {
+		str->buffer = (uint16 *)prs_alloc_mem(ps,str->buf_len * sizeof(uint16));
+		if (str->buffer == NULL)
+			return False;
+	}
+
+	/* If the string is empty, we don't have anything to stream */
+	if (str->buf_len==0)
+		return True;
+
+	p = (char *)str->buffer;
+
+	dbg_rw_punival(charmode, name, depth, ps, q, p, str->buf_len);
+	
+	ps->data_offset += (str->buf_len * sizeof(uint16));
+
+	return True;
+}
+
+/******************************************************************
+ Stream a "not" unicode string, length/buffer specified separately,
+ in byte chars. String is in little-endian format.
+ ********************************************************************/
+
+BOOL prs_buffer2(BOOL charmode, char *name, prs_struct *ps, int depth, BUFFER2 *str)
+{
+	char *p;
+	char *q = prs_mem_get(ps, str->buf_len);
+	if (q == NULL)
+		return False;
+
+	if (UNMARSHALLING(ps)) {
+		str->buffer = (uint16 *)prs_alloc_mem(ps,str->buf_len);
+		if (str->buffer == NULL)
+			return False;
+	}
+
+	p = (char *)str->buffer;
+
+	dbg_rw_punival(charmode, name, depth, ps, q, p, str->buf_len/2);
+	ps->data_offset += str->buf_len;
+
+	return True;
+}
+
+/******************************************************************
+ Stream a string, length/buffer specified separately,
+ in uint8 chars.
+ ********************************************************************/
+
+BOOL prs_string2(BOOL charmode, char *name, prs_struct *ps, int depth, STRING2 *str)
+{
+	int i;
+	char *q = prs_mem_get(ps, str->str_max_len);
+	if (q == NULL)
+		return False;
+
+	if (UNMARSHALLING(ps)) {
+		str->buffer = (unsigned char *)prs_alloc_mem(ps,str->str_max_len);
+		if (str->buffer == NULL)
+			return False;
+	}
+
+	if (UNMARSHALLING(ps)) {
+		for (i = 0; i < str->str_str_len; i++)
+			str->buffer[i] = CVAL(q,i);
+	} else {
+		for (i = 0; i < str->str_str_len; i++)
+			SCVAL(q, i, str->buffer[i]);
+	}
+
+    DEBUG(5,("%s%04x %s: ", tab_depth(depth), ps->data_offset, name));
+    if (charmode)
+		print_asc(5, (unsigned char*)str->buffer, str->str_str_len);
+	else {
+    	for (i = 0; i < str->str_str_len; i++)
+			DEBUG(5,("%02x ", str->buffer[i]));
+	}
+    DEBUG(5,("\n"));
+
+	ps->data_offset += str->str_str_len;
+
+	return True;
+}
+
+/******************************************************************
+ Stream a unicode string, length/buffer specified separately,
+ in uint16 chars. The unicode string is already in little-endian format.
+ ********************************************************************/
+
+BOOL prs_unistr2(BOOL charmode, char *name, prs_struct *ps, int depth, UNISTR2 *str)
+{
+	char *p;
+	char *q = prs_mem_get(ps, str->uni_str_len * sizeof(uint16));
+	if (q == NULL)
+		return False;
+
+	/* If the string is empty, we don't have anything to stream */
+	if (str->uni_str_len==0)
+		return True;
+
+	if (UNMARSHALLING(ps)) {
+		str->buffer = (uint16 *)prs_alloc_mem(ps,str->uni_max_len * sizeof(uint16));
+		if (str->buffer == NULL)
+			return False;
+	}
+
+	p = (char *)str->buffer;
+
+	dbg_rw_punival(charmode, name, depth, ps, q, p, str->uni_str_len);
+	
+	ps->data_offset += (str->uni_str_len * sizeof(uint16));
+
+	return True;
+}
+
+/******************************************************************
+ Stream a unicode string, length/buffer specified separately,
+ in uint16 chars. The unicode string is already in little-endian format.
+ ********************************************************************/
+
+BOOL prs_unistr3(BOOL charmode, char *name, UNISTR3 *str, prs_struct *ps, int depth)
+{
+	char *p;
+	char *q = prs_mem_get(ps, str->uni_str_len * sizeof(uint16));
+	if (q == NULL)
+		return False;
+
+	if (UNMARSHALLING(ps)) {
+		str->str.buffer = (uint16 *)prs_alloc_mem(ps,str->uni_str_len * sizeof(uint16));
+		if (str->str.buffer == NULL)
+			return False;
+	}
+
+	p = (char *)str->str.buffer;
+
+	dbg_rw_punival(charmode, name, depth, ps, q, p, str->uni_str_len);
+	ps->data_offset += (str->uni_str_len * sizeof(uint16));
+
+	return True;
+}
+
+/*******************************************************************
+ Stream a unicode  null-terminated string. As the string is already
+ in little-endian format then do it as a stream of bytes.
+ ********************************************************************/
+
+BOOL prs_unistr(char *name, prs_struct *ps, int depth, UNISTR *str)
+{
+	int len = 0;
+	unsigned char *p = (unsigned char *)str->buffer;
+	uint8 *start;
+	char *q;
+	uint32 max_len;
+	uint16* ptr;
+
+	if (MARSHALLING(ps)) {
+
+		for(len = 0; str->buffer[len] != 0; len++)
+			;
+
+		q = prs_mem_get(ps, (len+1)*2);
+		if (q == NULL)
+			return False;
+
+		start = (uint8*)q;
+
+		for(len = 0; str->buffer[len] != 0; len++) 
+		{
+			if(ps->bigendian_data) 
+			{
+				/* swap bytes - p is little endian, q is big endian. */
+				q[0] = (char)p[1];
+				q[1] = (char)p[0];
+				p += 2;
+				q += 2;
+			} 
+			else 
+			{
+				q[0] = (char)p[0];
+				q[1] = (char)p[1];
+				p += 2;
+				q += 2;
+			}
+		}
+
+		/*
+		 * even if the string is 'empty' (only an \0 char)
+		 * at this point the leading \0 hasn't been parsed.
+		 * so parse it now
+		 */
+
+		q[0] = 0;
+		q[1] = 0;
+		q += 2;
+
+		len++;
+
+		dump_data(5+depth, (char *)start, len * 2);
+	}
+	else { /* unmarshalling */
+	
+		uint32 alloc_len = 0;
+		q = prs_data_p(ps) + prs_offset(ps);
+
+		/*
+		 * Work out how much space we need and talloc it.
+		 */
+		max_len = (ps->buffer_size - ps->data_offset)/sizeof(uint16);
+
+		/* the test of the value of *ptr helps to catch the circumstance
+		   where we have an emtpty (non-existent) string in the buffer */
+		for ( ptr = (uint16 *)q; *ptr && (alloc_len <= max_len); alloc_len++)
+			/* do nothing */ 
+			;
+
+		/* should we allocate anything at all? */
+		str->buffer = (uint16 *)prs_alloc_mem(ps,alloc_len * sizeof(uint16));
+		if ((str->buffer == NULL) && (alloc_len > 0))
+			return False;
+
+		p = (unsigned char *)str->buffer;
+
+		len = 0;
+		/* the (len < alloc_len) test is to prevent us from overwriting
+		   memory that is not ours...if we get that far, we have a non-null
+		   terminated string in the buffer and have messed up somewhere */
+		while ((len < alloc_len) && (*(uint16 *)q != 0))
+		{
+			if(ps->bigendian_data) 
+			{
+				/* swap bytes - q is big endian, p is little endian. */
+				p[0] = (unsigned char)q[1];
+				p[1] = (unsigned char)q[0];
+				p += 2;
+				q += 2;
+			} else {
+
+				p[0] = (unsigned char)q[0];
+				p[1] = (unsigned char)q[1];
+				p += 2;
+				q += 2;
+			}
+
+			len++;
+		} 
+		if (len < alloc_len)
+		{
+			/* NULL terminate the UNISTR */
+			str->buffer[len++] = '\0';
+		}
+	}
+
+	/* set the offset in the prs_struct; 'len' points to the
+	   terminiating NULL in the UNISTR so we need to go one more
+	   uint16 */
+	ps->data_offset += (len)*2;
+	
+	return True;
+}
+
+
+/*******************************************************************
+ Stream a null-terminated string.  len is strlen, and therefore does
+ not include the null-termination character.
+ ********************************************************************/
+
+BOOL prs_string(char *name, prs_struct *ps, int depth, char *str, int len, int max_buf_size)
+{
+	char *q;
+	int i;
+
+	len = MIN(len, (max_buf_size-1));
+
+	q = prs_mem_get(ps, len+1);
+	if (q == NULL)
+		return False;
+
+	for(i = 0; i < len; i++) {
+		if (UNMARSHALLING(ps))
+			str[i] = q[i];
+		else
+			q[i] = str[i];
+	}
+
+	/* The terminating null. */
+	str[i] = '\0';
+
+	if (MARSHALLING(ps)) {
+		q[i] = '\0';
+	}
+
+	ps->data_offset += len+1;
+
+	dump_data(5+depth, q, len);
+
+	return True;
+}
+
+/*******************************************************************
+ prs_uint16 wrapper. Call this and it sets up a pointer to where the
+ uint16 should be stored, or gets the size if reading.
+ ********************************************************************/
+
+BOOL prs_uint16_pre(char *name, prs_struct *ps, int depth, uint16 *data16, uint32 *offset)
+{
+	*offset = ps->data_offset;
+	if (UNMARSHALLING(ps)) {
+		/* reading. */
+		return prs_uint16(name, ps, depth, data16);
+	} else {
+		char *q = prs_mem_get(ps, sizeof(uint16));
+		if(q ==NULL)
+			return False;
+		ps->data_offset += sizeof(uint16);
+	}
+	return True;
+}
+
+/*******************************************************************
+ prs_uint16 wrapper.  call this and it retrospectively stores the size.
+ does nothing on reading, as that is already handled by ...._pre()
+ ********************************************************************/
+
+BOOL prs_uint16_post(char *name, prs_struct *ps, int depth, uint16 *data16,
+				uint32 ptr_uint16, uint32 start_offset)
+{
+	if (MARSHALLING(ps)) {
+		/* 
+		 * Writing - temporarily move the offset pointer.
+		 */
+		uint16 data_size = ps->data_offset - start_offset;
+		uint32 old_offset = ps->data_offset;
+
+		ps->data_offset = ptr_uint16;
+		if(!prs_uint16(name, ps, depth, &data_size)) {
+			ps->data_offset = old_offset;
+			return False;
+		}
+		ps->data_offset = old_offset;
+	} else {
+		ps->data_offset = start_offset + (uint32)(*data16);
+	}
+	return True;
+}
+
+/*******************************************************************
+ prs_uint32 wrapper. Call this and it sets up a pointer to where the
+ uint32 should be stored, or gets the size if reading.
+ ********************************************************************/
+
+BOOL prs_uint32_pre(char *name, prs_struct *ps, int depth, uint32 *data32, uint32 *offset)
+{
+	*offset = ps->data_offset;
+	if (UNMARSHALLING(ps) && (data32 != NULL)) {
+		/* reading. */
+		return prs_uint32(name, ps, depth, data32);
+	} else {
+		ps->data_offset += sizeof(uint32);
+	}
+	return True;
+}
+
+/*******************************************************************
+ prs_uint32 wrapper.  call this and it retrospectively stores the size.
+ does nothing on reading, as that is already handled by ...._pre()
+ ********************************************************************/
+
+BOOL prs_uint32_post(char *name, prs_struct *ps, int depth, uint32 *data32,
+				uint32 ptr_uint32, uint32 data_size)
+{
+	if (MARSHALLING(ps)) {
+		/* 
+		 * Writing - temporarily move the offset pointer.
+		 */
+		uint32 old_offset = ps->data_offset;
+		ps->data_offset = ptr_uint32;
+		if(!prs_uint32(name, ps, depth, &data_size)) {
+			ps->data_offset = old_offset;
+			return False;
+		}
+		ps->data_offset = old_offset;
+	}
+	return True;
+}
+
+/* useful function to store a structure in rpc wire format */
+int tdb_prs_store(TDB_CONTEXT *tdb, char *keystr, prs_struct *ps)
+{
+    TDB_DATA kbuf, dbuf;
+    kbuf.dptr = keystr;
+    kbuf.dsize = strlen(keystr)+1;
+    dbuf.dptr = prs_data_p(ps);
+    dbuf.dsize = prs_offset(ps);
+    return tdb_store(tdb, kbuf, dbuf, TDB_REPLACE);
+}
+
+/* useful function to fetch a structure into rpc wire format */
+int tdb_prs_fetch(TDB_CONTEXT *tdb, char *keystr, prs_struct *ps, TALLOC_CTX *mem_ctx)
+{
+    TDB_DATA kbuf, dbuf;
+    kbuf.dptr = keystr;
+    kbuf.dsize = strlen(keystr)+1;
+
+    dbuf = tdb_fetch(tdb, kbuf);
+    if (!dbuf.dptr) return -1;
+
+    ZERO_STRUCTP(ps);
+    prs_init(ps, 0, mem_ctx, UNMARSHALL);
+    prs_give_memory(ps, dbuf.dptr, dbuf.dsize, True);
+
+    return 0;
+} 
+
+/*******************************************************************
+ hash a stream.
+ ********************************************************************/
+BOOL prs_hash1(prs_struct *ps, uint32 offset, uint8 sess_key[16])
+{
+	char *q;
+
+	q = prs_data_p(ps);
+        q = &q[offset];
+
+#ifdef DEBUG_PASSWORD
+	DEBUG(100, ("prs_hash1\n"));
+	dump_data(100, sess_key, 16);
+	dump_data(100, q, 68);
+#endif
+	SamOEMhash((uchar *) q, sess_key, 68);
+
+#ifdef DEBUG_PASSWORD
+	dump_data(100, q, 68);
+#endif
+
+	return True;
+}
diff --git a/source3/rpc_parse/parse_reg.c b/source3/rpc_parse/parse_reg.c
new file mode 100644
index 0000000000..1b8d1cd5c8
--- /dev/null
+++ b/source3/rpc_parse/parse_reg.c
@@ -0,0 +1,1679 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell              1992-1997,
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
+ *  Copyright (C) Paul Ashton                       1997.
+ *  Copyright (C) Marc Jacobsen                     1999.
+ *  Copyright (C) Simo Sorce                        2000.
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+/*******************************************************************
+ Inits a structure.
+********************************************************************/
+
+void init_reg_q_open_hkcr(REG_Q_OPEN_HKCR *q_o,
+				uint16 unknown_0, uint32 level)
+{
+	q_o->ptr = 1;
+	q_o->unknown_0 = unknown_0;
+	q_o->unknown_1 = 0x0; /* random - changes */
+	q_o->level = level;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL reg_io_q_open_hkcr(char *desc,  REG_Q_OPEN_HKCR *r_q, prs_struct *ps, int depth)
+{
+	if (r_q == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "reg_io_q_open_hkcr");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr      ", ps, depth, &r_q->ptr))
+		return False;
+
+	if (r_q->ptr != 0) {
+		if(!prs_uint16("unknown_0", ps, depth, &r_q->unknown_0))
+			return False;
+		if(!prs_uint16("unknown_1", ps, depth, &r_q->unknown_1))
+			return False;
+		if(!prs_uint32("level    ", ps, depth, &r_q->level))
+			return False;
+	}
+
+	return True;
+}
+
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL reg_io_r_open_hkcr(char *desc,  REG_R_OPEN_HKCR *r_r, prs_struct *ps, int depth)
+{
+	if (r_r == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "reg_io_r_open_hkcr");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!smb_io_pol_hnd("", &r_r->pol, ps, depth))
+		return False;
+
+	if(!prs_ntstatus("status", ps, depth, &r_r->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a structure.
+********************************************************************/
+
+void init_reg_q_open_hklm(REG_Q_OPEN_HKLM * q_o,
+			  uint16 unknown_0, uint32 access_mask)
+{
+	q_o->ptr = 1;
+	q_o->unknown_0 = unknown_0;
+	q_o->unknown_1 = 0x0;	/* random - changes */
+	q_o->access_mask = access_mask;
+
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+BOOL reg_io_q_open_hklm(char *desc, REG_Q_OPEN_HKLM * r_q, prs_struct *ps,
+			int depth)
+{
+	if (r_q == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "reg_io_q_open_hklm");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+
+	if (!prs_uint32("ptr      ", ps, depth, &(r_q->ptr)))
+		return False;
+	if (r_q->ptr != 0)
+	{
+		if (!prs_uint16("unknown_0", ps, depth, &(r_q->unknown_0)))
+		return False;
+		if (!prs_uint16("unknown_1", ps, depth, &(r_q->unknown_1)))
+		return False;
+		if (!prs_uint32("access_mask", ps, depth, &(r_q->access_mask)))
+		return False;
+	}
+
+	return True;
+}
+
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+BOOL reg_io_r_open_hklm(char *desc, REG_R_OPEN_HKLM * r_r, prs_struct *ps,
+			int depth)
+{
+	if (r_r == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "reg_io_r_open_hklm");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+
+	if (!smb_io_pol_hnd("", &r_r->pol, ps, depth))
+		return False;
+
+	if (!prs_ntstatus("status", ps, depth, &r_r->status))
+		return False;
+
+	return True;
+}
+
+
+/*******************************************************************
+ Inits a structure.
+********************************************************************/
+
+void init_reg_q_flush_key(REG_Q_FLUSH_KEY *q_u, POLICY_HND *pol)
+{
+	memcpy(&q_u->pol, pol, sizeof(q_u->pol));
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL reg_io_q_flush_key(char *desc,  REG_Q_FLUSH_KEY *r_q, prs_struct *ps, int depth)
+{
+	if (r_q == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "reg_io_q_flush_key");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!smb_io_pol_hnd("", &r_q->pol, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL reg_io_r_flush_key(char *desc,  REG_R_FLUSH_KEY *r_r, prs_struct *ps, int depth)
+{
+	if (r_r == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "reg_io_r_flush_key");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_ntstatus("status", ps, depth, &r_r->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes SEC_DESC_BUF and SEC_DATA structures.
+********************************************************************/
+
+static BOOL reg_io_hdrbuf_sec(uint32 ptr, uint32 *ptr3, BUFHDR *hdr_sec, SEC_DESC_BUF *data, prs_struct *ps, int depth)
+{
+	if (ptr != 0) {
+		uint32 hdr_offset;
+		uint32 old_offset;
+		if(!smb_io_hdrbuf_pre("hdr_sec", hdr_sec, ps, depth, &hdr_offset))
+			return False;
+
+		old_offset = prs_offset(ps);
+
+		if (ptr3 != NULL) {
+			if(!prs_uint32("ptr3", ps, depth, ptr3))
+				return False;
+		}
+
+		if (ptr3 == NULL || *ptr3 != 0) {
+			if(!sec_io_desc_buf("data   ", &data, ps, depth)) /* JRA - this line is probably wrong... */
+				return False;
+		}
+
+		if(!smb_io_hdrbuf_post("hdr_sec", hdr_sec, ps, depth, hdr_offset,
+		                   data->max_len, data->len))
+				return False;
+		if(!prs_set_offset(ps, old_offset + data->len + sizeof(uint32) * ((ptr3 != NULL) ? 5 : 3)))
+			return False;
+
+		if(!prs_align(ps))
+			return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a structure.
+********************************************************************/
+
+void init_reg_q_create_key(REG_Q_CREATE_KEY *q_c, POLICY_HND *hnd,
+				char *name, char *class, SEC_ACCESS *sam_access,
+				SEC_DESC_BUF *sec_buf)
+{
+	int len_name  = name  != NULL ? strlen(name ) + 1: 0;
+	int len_class = class != NULL ? strlen(class) + 1: 0;
+
+	ZERO_STRUCTP(q_c);
+
+	memcpy(&q_c->pnt_pol, hnd, sizeof(q_c->pnt_pol));
+
+	init_uni_hdr(&q_c->hdr_name, len_name);
+	init_unistr2(&q_c->uni_name, name, len_name);
+
+	init_uni_hdr(&q_c->hdr_class, len_class);
+	init_unistr2(&q_c->uni_class, class, len_class);
+
+	q_c->reserved = 0x00000000;
+	memcpy(&q_c->sam_access, sam_access, sizeof(q_c->sam_access));
+
+	q_c->ptr1 = 1;
+	q_c->sec_info = DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
+
+	q_c->data = sec_buf;
+	q_c->ptr2 = 1;
+	init_buf_hdr(&q_c->hdr_sec, sec_buf->len, sec_buf->len);
+	q_c->ptr3 = 1;
+	q_c->unknown_2 = 0x00000000;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL reg_io_q_create_key(char *desc,  REG_Q_CREATE_KEY *r_q, prs_struct *ps, int depth)
+{
+	if (r_q == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "reg_io_q_create_key");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!smb_io_pol_hnd("", &r_q->pnt_pol, ps, depth))
+		return False;
+
+	if(!smb_io_unihdr ("", &r_q->hdr_name, ps, depth))
+		return False;
+	if(!smb_io_unistr2("", &r_q->uni_name, r_q->hdr_name.buffer, ps, depth))
+		return False;
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_unihdr ("", &r_q->hdr_class, ps, depth))
+		return False;
+	if(!smb_io_unistr2("", &r_q->uni_class, r_q->hdr_class.buffer, ps, depth))
+		return False;
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("reserved", ps, depth, &r_q->reserved))
+		return False;
+	if(!sec_io_access("sam_access", &r_q->sam_access, ps, depth))
+		return False;
+
+	if(!prs_uint32("ptr1", ps, depth, &r_q->ptr1))
+		return False;
+
+	if (r_q->ptr1 != 0) {
+		if(!prs_uint32("sec_info", ps, depth, &r_q->sec_info))
+			return False;
+	}
+
+	if(!prs_uint32("ptr2", ps, depth, &r_q->ptr2))
+		return False;
+	if(!reg_io_hdrbuf_sec(r_q->ptr2, &r_q->ptr3, &r_q->hdr_sec, r_q->data, ps, depth))
+		return False;
+
+	if(!prs_uint32("unknown_2", ps, depth, &r_q->unknown_2))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL reg_io_r_create_key(char *desc,  REG_R_CREATE_KEY *r_r, prs_struct *ps, int depth)
+{
+	if (r_r == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "reg_io_r_create_key");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!smb_io_pol_hnd("", &r_r->key_pol, ps, depth))
+		return False;
+	if(!prs_uint32("unknown", ps, depth, &r_r->unknown))
+		return False;
+
+	if(!prs_ntstatus("status", ps, depth, &r_r->status))
+		return False;
+
+	return True;
+}
+
+
+/*******************************************************************
+ Inits a structure.
+********************************************************************/
+
+void init_reg_q_delete_val(REG_Q_DELETE_VALUE *q_c, POLICY_HND *hnd,
+				char *name)
+{
+	int len_name  = name  != NULL ? strlen(name ) + 1: 0;
+	ZERO_STRUCTP(q_c);
+
+	memcpy(&q_c->pnt_pol, hnd, sizeof(q_c->pnt_pol));
+
+	init_uni_hdr(&q_c->hdr_name, len_name);
+	init_unistr2(&q_c->uni_name, name, len_name);
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL reg_io_q_delete_val(char *desc,  REG_Q_DELETE_VALUE *r_q, prs_struct *ps, int depth)
+{
+	if (r_q == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "reg_io_q_delete_val");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!smb_io_pol_hnd("", &r_q->pnt_pol, ps, depth))
+		return False;
+
+	if(!smb_io_unihdr ("", &r_q->hdr_name, ps, depth))
+		return False;
+	if(!smb_io_unistr2("", &r_q->uni_name, r_q->hdr_name.buffer, ps, depth))
+		return False;
+	if(!prs_align(ps))
+		return False;
+
+	return True;
+}
+
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL reg_io_r_delete_val(char *desc,  REG_R_DELETE_VALUE *r_r, prs_struct *ps, int depth)
+{
+	if (r_r == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "reg_io_r_delete_val");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_ntstatus("status", ps, depth, &r_r->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a structure.
+********************************************************************/
+
+void init_reg_q_delete_key(REG_Q_DELETE_KEY *q_c, POLICY_HND *hnd,
+				char *name)
+{
+	int len_name  = name  != NULL ? strlen(name ) + 1: 0;
+	ZERO_STRUCTP(q_c);
+
+	memcpy(&q_c->pnt_pol, hnd, sizeof(q_c->pnt_pol));
+
+	init_uni_hdr(&q_c->hdr_name, len_name);
+	init_unistr2(&q_c->uni_name, name, len_name);
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL reg_io_q_delete_key(char *desc,  REG_Q_DELETE_KEY *r_q, prs_struct *ps, int depth)
+{
+	if (r_q == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "reg_io_q_delete_key");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!smb_io_pol_hnd("", &r_q->pnt_pol, ps, depth))
+		return False;
+
+	if(!smb_io_unihdr ("", &r_q->hdr_name, ps, depth))
+		return False;
+	if(!smb_io_unistr2("", &r_q->uni_name, r_q->hdr_name.buffer, ps, depth))
+		return False;
+	if(!prs_align(ps))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL reg_io_r_delete_key(char *desc,  REG_R_DELETE_KEY *r_r, prs_struct *ps, int depth)
+{
+	if (r_r == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "reg_io_r_delete_key");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_ntstatus("status", ps, depth, &r_r->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a structure.
+********************************************************************/
+
+void init_reg_q_query_key(REG_Q_QUERY_KEY *q_o, POLICY_HND *hnd,
+				uint32 max_class_len)
+{
+	ZERO_STRUCTP(q_o);
+
+	memcpy(&q_o->pol, hnd, sizeof(q_o->pol));
+	init_uni_hdr(&q_o->hdr_class, max_class_len);
+	q_o->uni_class.uni_max_len = max_class_len;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL reg_io_q_query_key(char *desc,  REG_Q_QUERY_KEY *r_q, prs_struct *ps, int depth)
+{
+	if (r_q == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "reg_io_q_query_key");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!smb_io_pol_hnd("", &r_q->pol, ps, depth))
+		return False;
+	if(!smb_io_unihdr ("", &r_q->hdr_class, ps, depth))
+		return False;
+	if(!smb_io_unistr2("", &r_q->uni_class, r_q->hdr_class.buffer, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	return True;
+}
+
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL reg_io_r_query_key(char *desc,  REG_R_QUERY_KEY *r_r, prs_struct *ps, int depth)
+{
+	if (r_r == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "reg_io_r_query_key");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!smb_io_unihdr ("", &r_r->hdr_class, ps, depth))
+		return False;
+	if(!smb_io_unistr2("", &r_r->uni_class, r_r->hdr_class.buffer, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("num_subkeys   ", ps, depth, &r_r->num_subkeys))
+		return False;
+	if(!prs_uint32("max_subkeylen ", ps, depth, &r_r->max_subkeylen))
+		return False;
+	if(!prs_uint32("mak_subkeysize", ps, depth, &r_r->max_subkeysize))
+		return False;
+	if(!prs_uint32("num_values    ", ps, depth, &r_r->num_values))
+		return False;
+	if(!prs_uint32("max_valnamelen", ps, depth, &r_r->max_valnamelen))
+		return False;
+	if(!prs_uint32("max_valbufsize", ps, depth, &r_r->max_valbufsize))
+		return False;
+	if(!prs_uint32("sec_desc      ", ps, depth, &r_r->sec_desc))
+		return False;
+	if(!smb_io_time("mod_time     ", &r_r->mod_time, ps, depth))
+		return False;
+	
+	if(!prs_ntstatus("status", ps, depth, &r_r->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a structure.
+********************************************************************/
+
+void init_reg_q_unk_1a(REG_Q_UNK_1A *q_o, POLICY_HND *hnd)
+{
+	memcpy(&q_o->pol, hnd, sizeof(q_o->pol));
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL reg_io_q_unk_1a(char *desc,  REG_Q_UNK_1A *r_q, prs_struct *ps, int depth)
+{
+	if (r_q == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "reg_io_q_unk_1a");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!smb_io_pol_hnd("", &r_q->pol, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL reg_io_r_unk_1a(char *desc,  REG_R_UNK_1A *r_r, prs_struct *ps, int depth)
+{
+	if (r_r == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "reg_io_r_unk_1a");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint32("unknown", ps, depth, &r_r->unknown))
+		return False;
+	if(!prs_ntstatus("status" , ps, depth, &r_r->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a structure.
+********************************************************************/
+
+void init_reg_q_open_hku(REG_Q_OPEN_HKU *q_o,
+				uint16 unknown_0, uint32 level)
+{
+	q_o->ptr = 1;
+	q_o->unknown_0 = unknown_0;
+	q_o->unknown_1 = 0x0; /* random - changes */
+	q_o->level = level;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL reg_io_q_open_hku(char *desc,  REG_Q_OPEN_HKU *r_q, prs_struct *ps, int depth)
+{
+	if (r_q == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "reg_io_q_open_hku");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint32("ptr      ", ps, depth, &r_q->ptr))
+		return False;
+	if (r_q->ptr != 0) {
+		if(!prs_uint16("unknown_0", ps, depth, &r_q->unknown_0))
+			return False;
+		if(!prs_uint16("unknown_1", ps, depth, &r_q->unknown_1))
+			return False;
+		if(!prs_uint32("level    ", ps, depth, &r_q->level))
+			return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL reg_io_r_open_hku(char *desc,  REG_R_OPEN_HKU *r_r, prs_struct *ps, int depth)
+{
+	if (r_r == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "reg_io_r_open_hku");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!smb_io_pol_hnd("", &r_r->pol, ps, depth))
+		return False;
+
+	if(!prs_ntstatus("status", ps, depth, &r_r->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits an REG_Q_CLOSE structure.
+********************************************************************/
+
+void init_reg_q_close(REG_Q_CLOSE *q_c, POLICY_HND *hnd)
+{
+	DEBUG(5,("init_reg_q_close\n"));
+
+	memcpy(&q_c->pol, hnd, sizeof(q_c->pol));
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL reg_io_q_close(char *desc,  REG_Q_CLOSE *q_u, prs_struct *ps, int depth)
+{
+	if (q_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "reg_io_q_unknown_1");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("", &q_u->pol, ps, depth))
+		return False;
+	if(!prs_align(ps))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL reg_io_r_close(char *desc,  REG_R_CLOSE *r_u, prs_struct *ps, int depth)
+{
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "reg_io_r_unknown_1");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("", &r_u->pol, ps, depth))
+		return False;
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+makes a structure.
+********************************************************************/
+
+void init_reg_q_set_key_sec(REG_Q_SET_KEY_SEC *q_i, POLICY_HND *pol, SEC_DESC_BUF *sec_desc_buf)
+{
+	memcpy(&q_i->pol, pol, sizeof(q_i->pol));
+
+	q_i->sec_info = DACL_SECURITY_INFORMATION;
+
+	q_i->ptr = 1;
+	init_buf_hdr(&q_i->hdr_sec, sec_desc_buf->len, sec_desc_buf->len);
+	q_i->data = sec_desc_buf;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL reg_io_q_set_key_sec(char *desc,  REG_Q_SET_KEY_SEC *r_q, prs_struct *ps, int depth)
+{
+	if (r_q == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "reg_io_q_set_key_sec");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!smb_io_pol_hnd("", &r_q->pol, ps, depth))
+		return False;
+
+	if(!prs_uint32("sec_info", ps, depth, &r_q->sec_info))
+		return False;
+	if(!prs_uint32("ptr    ", ps, depth, &r_q->ptr))
+		return False;
+
+	if(!reg_io_hdrbuf_sec(r_q->ptr, NULL, &r_q->hdr_sec, r_q->data, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL reg_io_r_set_key_sec(char *desc, REG_R_SET_KEY_SEC *r_q, prs_struct *ps, int depth)
+{
+	if (r_q == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "reg_io_r_set_key_sec");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_ntstatus("status", ps, depth, &r_q->status))
+		return False;
+
+	return True;
+}
+
+
+/*******************************************************************
+makes a structure.
+********************************************************************/
+
+void init_reg_q_get_key_sec(REG_Q_GET_KEY_SEC *q_i, POLICY_HND *pol, 
+				uint32 sec_buf_size, SEC_DESC_BUF *psdb)
+{
+	memcpy(&q_i->pol, pol, sizeof(q_i->pol));
+
+	q_i->sec_info = OWNER_SECURITY_INFORMATION |
+	                GROUP_SECURITY_INFORMATION |
+	                DACL_SECURITY_INFORMATION;
+
+	q_i->ptr = psdb != NULL ? 1 : 0;
+	q_i->data = psdb;
+
+	init_buf_hdr(&q_i->hdr_sec, sec_buf_size, 0);
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL reg_io_q_get_key_sec(char *desc,  REG_Q_GET_KEY_SEC *r_q, prs_struct *ps, int depth)
+{
+	if (r_q == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "reg_io_q_get_key_sec");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!smb_io_pol_hnd("", &r_q->pol, ps, depth))
+		return False;
+
+	if(!prs_uint32("sec_info", ps, depth, &r_q->sec_info))
+		return False;
+	if(!prs_uint32("ptr     ", ps, depth, &r_q->ptr))
+		return False;
+
+	if(!reg_io_hdrbuf_sec(r_q->ptr, NULL, &r_q->hdr_sec, r_q->data, ps, depth))
+		return False;
+
+	return True;
+}
+
+#if 0
+/*******************************************************************
+makes a structure.
+********************************************************************/
+ void init_reg_r_get_key_sec(REG_R_GET_KEY_SEC *r_i, POLICY_HND *pol, 
+				uint32 buf_len, uint8 *buf,
+				NTSTATUS status)
+{
+	r_i->ptr = 1;
+	init_buf_hdr(&r_i->hdr_sec, buf_len, buf_len);
+	init_sec_desc_buf(r_i->data, buf_len, 1);
+
+	r_i->status = status; /* 0x0000 0000 or 0x0000 007a */
+}
+#endif 
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL reg_io_r_get_key_sec(char *desc,  REG_R_GET_KEY_SEC *r_q, prs_struct *ps, int depth)
+{
+	if (r_q == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "reg_io_r_get_key_sec");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint32("ptr      ", ps, depth, &r_q->ptr))
+		return False;
+
+	if (r_q->ptr != 0) {
+		if(!smb_io_hdrbuf("", &r_q->hdr_sec, ps, depth))
+			return False;
+		if(!sec_io_desc_buf("", &r_q->data, ps, depth))
+			return False;
+		if(!prs_align(ps))
+			return False;
+	}
+
+	if(!prs_ntstatus("status", ps, depth, &r_q->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+makes a structure.
+********************************************************************/
+
+BOOL init_reg_q_info(REG_Q_INFO *q_i, POLICY_HND *pol, char* val_name)
+{
+        int len_type = val_name != NULL ? strlen(val_name) + 1 : 0;
+
+        if (q_i == NULL)
+                return False;
+
+        q_i->pol = *pol;
+
+        init_uni_hdr(&(q_i->hdr_type), len_type);
+        init_unistr2(&(q_i->uni_type), val_name, len_type);
+
+        q_i->ptr_reserved = 1;
+        q_i->ptr_buf = 1;
+
+        q_i->ptr_bufsize = 1;
+        q_i->bufsize = 0;
+        q_i->buf_unk = 0;
+
+        q_i->unk1 = 0;
+        q_i->ptr_buflen = 1;
+        q_i->buflen = 0;
+
+        q_i->ptr_buflen2 = 1;
+        q_i->buflen2 = 0;
+
+        return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL reg_io_q_info(char *desc,  REG_Q_INFO *r_q, prs_struct *ps, int depth)
+{
+	if (r_q == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "reg_io_q_info");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!smb_io_pol_hnd("", &r_q->pol, ps, depth))
+		return False;
+	if(!smb_io_unihdr ("", &r_q->hdr_type, ps, depth))
+		return False;
+	if(!smb_io_unistr2("", &r_q->uni_type, r_q->hdr_type.buffer, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint32("ptr_reserved", ps, depth, &(r_q->ptr_reserved)))
+		return False;
+
+	if(!prs_uint32("ptr_buf", ps, depth, &(r_q->ptr_buf)))
+		return False;
+
+	if(r_q->ptr_buf) {
+		if(!prs_uint32("ptr_bufsize", ps, depth, &(r_q->ptr_bufsize)))
+			return False;
+		if(!prs_uint32("bufsize", ps, depth, &(r_q->bufsize)))
+			return False;
+		if(!prs_uint32("buf_unk", ps, depth, &(r_q->buf_unk)))
+			return False;
+	}
+
+	if(!prs_uint32("unk1", ps, depth, &(r_q->unk1)))
+		return False;
+
+	if(!prs_uint32("ptr_buflen", ps, depth, &(r_q->ptr_buflen)))
+		return False;
+	if(!prs_uint32("buflen", ps, depth, &(r_q->buflen)))
+		return False;
+
+	if(!prs_uint32("ptr_buflen2", ps, depth, &(r_q->ptr_buflen2)))
+		return False;
+	if(!prs_uint32("buflen2", ps, depth, &(r_q->buflen2)))
+		return False;
+
+ 	return True;
+}
+
+/*******************************************************************
+ Inits a structure.
+********************************************************************/
+
+BOOL init_reg_r_info(uint32 include_keyval, REG_R_INFO *r_r,
+		     BUFFER2* buf, uint32 type, NTSTATUS status)
+{
+  if(r_r == NULL)
+    return False;
+
+  
+  r_r->ptr_type = 1;
+  r_r->type = type;
+
+  /* if include_keyval is not set, don't send the key value, just
+     the buflen data. probably used by NT5 to allocate buffer space - SK */
+  r_r->ptr_uni_val = include_keyval ? 1:0;
+  r_r->uni_val = buf;
+
+  r_r->ptr_max_len = 1;
+  r_r->buf_max_len = r_r->uni_val->buf_max_len;
+
+  r_r->ptr_len = 1;
+  r_r->buf_len = r_r->uni_val->buf_len;
+
+  r_r->status = status;
+
+  return True;
+  
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL reg_io_r_info(char *desc, REG_R_INFO *r_r, prs_struct *ps, int depth)
+{
+	if (r_r == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "reg_io_r_info");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint32("ptr_type", ps, depth, &(r_r->ptr_type)))
+		return False;
+
+	if (r_r->ptr_type != 0) {
+		if(!prs_uint32("type", ps, depth, &r_r->type))
+			return False;
+	}
+
+	if(!prs_uint32("ptr_uni_val", ps, depth, &(r_r->ptr_uni_val)))
+		return False;
+
+	if(r_r->ptr_uni_val != 0) {
+		if(!smb_io_buffer2("uni_val", r_r->uni_val, r_r->ptr_uni_val, ps, depth))
+			return False;
+	}
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_max_len", ps, depth, &(r_r->ptr_max_len)))
+		return False;
+
+	if (r_r->ptr_max_len != 0) {
+		if(!prs_uint32("buf_max_len", ps, depth, &(r_r->buf_max_len)))
+		return False;
+	}
+
+	if(!prs_uint32("ptr_len", ps, depth, &(r_r->ptr_len)))
+		return False;
+	if (r_r->ptr_len != 0) {
+		if(!prs_uint32("buf_len", ps, depth, &(r_r->buf_len)))
+			return False;
+	}
+
+	if(!prs_ntstatus("status", ps, depth, &r_r->status))
+		return False;
+
+ 	return True;
+}
+
+/*******************************************************************
+makes a structure.
+********************************************************************/
+
+void init_reg_q_enum_val(REG_Q_ENUM_VALUE *q_i, POLICY_HND *pol,
+				uint32 val_idx, uint32 max_val_len,
+				uint32 max_buf_len)
+{
+	ZERO_STRUCTP(q_i);
+
+	memcpy(&q_i->pol, pol, sizeof(q_i->pol));
+
+	q_i->val_index = val_idx;
+	init_uni_hdr(&q_i->hdr_name, max_val_len);
+	q_i->uni_name.uni_max_len = max_val_len;
+	
+	q_i->ptr_type = 1;
+	q_i->type = 0x0;
+
+	q_i->ptr_value = 1;
+	q_i->buf_value.buf_max_len = max_buf_len;
+
+	q_i->ptr1 = 1;
+	q_i->len_value1 = max_buf_len;
+
+	q_i->ptr2 = 1;
+	q_i->len_value2 = 0;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL reg_io_q_enum_val(char *desc,  REG_Q_ENUM_VALUE *q_q, prs_struct *ps, int depth)
+{
+	if (q_q == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "reg_io_q_enum_val");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!smb_io_pol_hnd("", &q_q->pol, ps, depth))
+		return False;
+	
+	if(!prs_uint32("val_index", ps, depth, &q_q->val_index))
+		return False;
+	if(!smb_io_unihdr ("hdr_name", &q_q->hdr_name, ps, depth))
+		return False;
+	if(!smb_io_unistr2("uni_name", &q_q->uni_name, q_q->hdr_name.buffer, ps, depth))
+		return False;
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_type", ps, depth, &q_q->ptr_type))
+		return False;
+
+	if (q_q->ptr_type != 0) {
+		if(!prs_uint32("type", ps, depth, &q_q->type))
+			return False;
+	}
+
+	if(!prs_uint32("ptr_value", ps, depth, &q_q->ptr_value))
+		return False;
+	if(!smb_io_buffer2("buf_value", &q_q->buf_value, q_q->ptr_value, ps, depth))
+		return False;
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr1", ps, depth, &q_q->ptr1))
+		return False;
+	if (q_q->ptr1 != 0) {
+		if(!prs_uint32("len_value1", ps, depth, &q_q->len_value1))
+			return False;
+	}
+	if(!prs_uint32("ptr2", ps, depth, &q_q->ptr2))
+		return False;
+	if (q_q->ptr2 != 0) {
+		if(!prs_uint32("len_value2", ps, depth, &q_q->len_value2))
+			return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL reg_io_r_enum_val(char *desc,  REG_R_ENUM_VALUE *r_q, prs_struct *ps, int depth)
+{
+	if (r_q == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "reg_io_r_enum_val");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!smb_io_unihdr ("hdr_name", &r_q->hdr_name, ps, depth))
+		return False;
+	if(!smb_io_unistr2("uni_name", &r_q->uni_name, r_q->hdr_name.buffer, ps, depth))
+		return False;
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_type", ps, depth, &r_q->ptr_type))
+		return False;
+
+	if (r_q->ptr_type != 0) {
+		if(!prs_uint32("type", ps, depth, &r_q->type))
+			return False;
+	}
+
+	if(!prs_uint32("ptr_value", ps, depth, &r_q->ptr_value))
+		return False;
+	if(!smb_io_buffer2("buf_value", r_q->buf_value, r_q->ptr_value, ps, depth))
+		return False;
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr1", ps, depth, &r_q->ptr1))
+		return False;
+	if (r_q->ptr1 != 0) {
+		if(!prs_uint32("len_value1", ps, depth, &r_q->len_value1))
+			return False;
+	}
+
+	if(!prs_uint32("ptr2", ps, depth, &r_q->ptr2))
+		return False;
+	if (r_q->ptr2 != 0) {
+		if(!prs_uint32("len_value2", ps, depth, &r_q->len_value2))
+			return False;
+	}
+
+	if(!prs_ntstatus("status", ps, depth, &r_q->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+makes a structure.
+********************************************************************/
+
+void init_reg_q_create_val(REG_Q_CREATE_VALUE *q_i, POLICY_HND *pol,
+				char *val_name, uint32 type,
+				BUFFER3 *val)
+{
+	int val_len = strlen(val_name) + 1;
+
+	ZERO_STRUCTP(q_i);
+
+	memcpy(&q_i->pol, pol, sizeof(q_i->pol));
+
+	init_uni_hdr(&q_i->hdr_name, val_len);
+	init_unistr2(&q_i->uni_name, val_name, val_len);
+	
+	q_i->type      = type;
+	q_i->buf_value = val;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL reg_io_q_create_val(char *desc,  REG_Q_CREATE_VALUE *q_q, prs_struct *ps, int depth)
+{
+	if (q_q == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "reg_io_q_create_val");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!smb_io_pol_hnd("", &q_q->pol, ps, depth))
+		return False;
+	
+	if(!smb_io_unihdr ("hdr_name", &q_q->hdr_name, ps, depth))
+		return False;
+	if(!smb_io_unistr2("uni_name", &q_q->uni_name, q_q->hdr_name.buffer, ps, depth))
+		return False;
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("type", ps, depth, &q_q->type))
+		return False;
+	if(!smb_io_buffer3("buf_value", q_q->buf_value, ps, depth))
+		return False;
+	if(!prs_align(ps))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL reg_io_r_create_val(char *desc,  REG_R_CREATE_VALUE *r_q, prs_struct *ps, int depth)
+{
+	if (r_q == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "reg_io_r_create_val");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_ntstatus("status", ps, depth, &r_q->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+makes a structure.
+********************************************************************/
+
+void init_reg_q_enum_key(REG_Q_ENUM_KEY *q_i, POLICY_HND *pol, uint32 key_idx)
+{
+	memcpy(&q_i->pol, pol, sizeof(q_i->pol));
+
+	q_i->key_index = key_idx;
+	q_i->key_name_len = 0;
+	q_i->unknown_1 = 0x0414;
+
+	q_i->ptr1 = 1;
+	q_i->unknown_2 = 0x0000020A;
+	memset(q_i->pad1, 0, sizeof(q_i->pad1));
+
+	q_i->ptr2 = 1;
+	memset(q_i->pad2, 0, sizeof(q_i->pad2));
+
+	q_i->ptr3 = 1;
+	unix_to_nt_time(&q_i->time, 0);            /* current time? */
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL reg_io_q_enum_key(char *desc,  REG_Q_ENUM_KEY *q_q, prs_struct *ps, int depth)
+{
+	if (q_q == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "reg_io_q_enum_key");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!smb_io_pol_hnd("", &q_q->pol, ps, depth))
+		return False;
+	
+	if(!prs_uint32("key_index", ps, depth, &q_q->key_index))
+		return False;
+	if(!prs_uint16("key_name_len", ps, depth, &q_q->key_name_len))
+		return False;
+	if(!prs_uint16("unknown_1", ps, depth, &q_q->unknown_1))
+		return False;
+
+	if(!prs_uint32("ptr1", ps, depth, &q_q->ptr1))
+		return False;
+
+	if (q_q->ptr1 != 0) {
+		if(!prs_uint32("unknown_2", ps, depth, &q_q->unknown_2))
+			return False;
+		if(!prs_uint8s(False, "pad1", ps, depth, q_q->pad1, sizeof(q_q->pad1)))
+			return False;
+	}
+
+	if(!prs_uint32("ptr2", ps, depth, &q_q->ptr2))
+		return False;
+
+	if (q_q->ptr2 != 0) {
+		if(!prs_uint8s(False, "pad2", ps, depth, q_q->pad2, sizeof(q_q->pad2)))
+			return False;
+	}
+
+	if(!prs_uint32("ptr3", ps, depth, &q_q->ptr3))
+		return False;
+
+	if (q_q->ptr3 != 0) {
+		if(!smb_io_time("", &q_q->time, ps, depth))
+			return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL reg_io_r_enum_key(char *desc,  REG_R_ENUM_KEY *r_q, prs_struct *ps, int depth)
+{
+	if (r_q == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "reg_io_r_enum_key");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint16("key_name_len", ps, depth, &r_q->key_name_len))
+		return False;
+	if(!prs_uint16("unknown_1", ps, depth, &r_q->unknown_1))
+		return False;
+
+	if(!prs_uint32("ptr1", ps, depth, &r_q->ptr1))
+		return False;
+
+	if (r_q->ptr1 != 0) {
+		if(!prs_uint32("unknown_2", ps, depth, &r_q->unknown_2))
+			return False;
+		if(!prs_uint32("unknown_3", ps, depth, &r_q->unknown_3))
+			return False;
+		if(!smb_io_unistr3("key_name", &r_q->key_name, ps, depth))
+			return False;
+		if(!prs_align(ps))
+			return False;
+	}
+
+	if(!prs_uint32("ptr2", ps, depth, &r_q->ptr2))
+		return False;
+
+	if (r_q->ptr2 != 0) {
+		if(!prs_uint8s(False, "pad2", ps, depth, r_q->pad2, sizeof(r_q->pad2)))
+			return False;
+	}
+
+	if(!prs_uint32("ptr3", ps, depth, &r_q->ptr3))
+		return False;
+
+	if (r_q->ptr3 != 0) {
+		if(!smb_io_time("", &r_q->time, ps, depth))
+			return False;
+	}
+
+	if(!prs_ntstatus("status", ps, depth, &r_q->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+makes a structure.
+********************************************************************/
+
+void init_reg_q_open_entry(REG_Q_OPEN_ENTRY *r_q, POLICY_HND *pol,
+				char *key_name, uint32 unk)
+{
+	int len_name = strlen(key_name)+1;
+
+	memcpy(&r_q->pol, pol, sizeof(r_q->pol));
+
+	init_uni_hdr(&r_q->hdr_name, len_name);
+	init_unistr2(&r_q->uni_name, key_name, len_name);
+
+	r_q->unknown_0 = 0x00000000;
+	r_q->unknown_1 = unk;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL reg_io_q_open_entry(char *desc,  REG_Q_OPEN_ENTRY *r_q, prs_struct *ps, int depth)
+{
+	if (r_q == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "reg_io_q_entry");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!smb_io_pol_hnd("", &r_q->pol, ps, depth))
+		return False;
+	if(!smb_io_unihdr ("", &r_q->hdr_name, ps, depth))
+		return False;
+	if(!smb_io_unistr2("", &r_q->uni_name, r_q->hdr_name.buffer, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint32("unknown_0", ps, depth, &r_q->unknown_0))
+		return False;
+	if(!prs_uint32("unknown_1", ps, depth, &r_q->unknown_1))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a structure.
+********************************************************************/
+
+void init_reg_r_open_entry(REG_R_OPEN_ENTRY *r_r,
+			   POLICY_HND *pol, NTSTATUS status)
+{
+	memcpy(&r_r->pol, pol, sizeof(r_r->pol));
+	r_r->status = status;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL reg_io_r_open_entry(char *desc,  REG_R_OPEN_ENTRY *r_r, prs_struct *ps, int depth)
+{
+	if (r_r == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "reg_io_r_open_entry");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!smb_io_pol_hnd("", &r_r->pol, ps, depth))
+		return False;
+
+	if(!prs_ntstatus("status", ps, depth, &r_r->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+Inits a structure.
+********************************************************************/
+void init_reg_q_shutdown(REG_Q_SHUTDOWN * q_s,
+			 const char *msg, uint32 timeout, uint16 flags)
+{
+	int msg_len;
+	msg_len = strlen(msg);
+
+	q_s->ptr_0 = 1;
+	q_s->ptr_1 = 1;
+	q_s->ptr_2 = 1;
+
+	init_uni_hdr(&(q_s->hdr_msg), msg_len);
+	init_unistr2(&(q_s->uni_msg), msg, msg_len);
+
+	q_s->timeout = timeout;
+	q_s->flags = flags;
+
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+BOOL reg_io_q_shutdown(char *desc, REG_Q_SHUTDOWN * q_s, prs_struct *ps,
+		       int depth)
+{
+	if (q_s == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "reg_io_q_shutdown");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+
+	if (!prs_uint32("ptr_0", ps, depth, &(q_s->ptr_0)))
+		return False;
+	if (!prs_uint32("ptr_1", ps, depth, &(q_s->ptr_1)))
+		return False;
+	if (!prs_uint32("ptr_2", ps, depth, &(q_s->ptr_2)))
+		return False;
+
+	if (!smb_io_unihdr("hdr_msg", &(q_s->hdr_msg), ps, depth))
+		return False;
+	if (!smb_io_unistr2("uni_msg", &(q_s->uni_msg), q_s->hdr_msg.buffer, ps, depth))
+		return False;
+	if (!prs_align(ps))
+		return False;
+
+	if (!prs_uint32("timeout", ps, depth, &(q_s->timeout)))
+		return False;
+	if (!prs_uint16("flags  ", ps, depth, &(q_s->flags)))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+BOOL reg_io_r_shutdown(char *desc, REG_R_SHUTDOWN * r_s, prs_struct *ps,
+		       int depth)
+{
+	if (r_s == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "reg_io_r_shutdown");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_ntstatus("status", ps, depth, &r_s->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+Inits a structure.
+********************************************************************/
+void init_reg_q_abort_shutdown(REG_Q_ABORT_SHUTDOWN * q_s)
+{
+
+	q_s->ptr_server = 0;
+
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+BOOL reg_io_q_abort_shutdown(char *desc, REG_Q_ABORT_SHUTDOWN * q_s,
+			     prs_struct *ps, int depth)
+{
+	if (q_s == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "reg_io_q_abort_shutdown");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+
+	if (!prs_uint32("ptr_server", ps, depth, &(q_s->ptr_server)))
+		return False;
+	if (q_s->ptr_server != 0)
+		if (!prs_uint16("server", ps, depth, &(q_s->server)))
+			return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+BOOL reg_io_r_abort_shutdown(char *desc, REG_R_ABORT_SHUTDOWN * r_s,
+			     prs_struct *ps, int depth)
+{
+	if (r_s == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "reg_io_r_abort_shutdown");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+
+	if (!prs_ntstatus("status", ps, depth, &r_s->status))
+		return False;
+
+	return True;
+}
diff --git a/source3/rpc_parse/parse_rpc.c b/source3/rpc_parse/parse_rpc.c
new file mode 100644
index 0000000000..ee15d7cded
--- /dev/null
+++ b/source3/rpc_parse/parse_rpc.c
@@ -0,0 +1,1088 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell              1992-1997,
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
+ *  Copyright (C) Paul Ashton                       1997.
+ *  Copyright (C) Jeremy Allison                    1999.
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+/*******************************************************************
+interface/version dce/rpc pipe identification
+********************************************************************/
+
+#define TRANS_SYNT_V2                       \
+{                                           \
+	{                                   \
+		0x8a885d04, 0x1ceb, 0x11c9, \
+		{ 0x9f, 0xe8, 0x08, 0x00,   \
+		0x2b, 0x10, 0x48, 0x60 }    \
+	}, 0x02                             \
+}
+
+#define SYNT_NETLOGON_V2                    \
+{                                           \
+	{                                   \
+		0x8a885d04, 0x1ceb, 0x11c9, \
+		{ 0x9f, 0xe8, 0x08, 0x00,   \
+		0x2b, 0x10, 0x48, 0x60 }    \
+	}, 0x02                             \
+}
+
+#define SYNT_WKSSVC_V1                      \
+{                                           \
+	{                                   \
+		0x6bffd098, 0xa112, 0x3610, \
+		{ 0x98, 0x33, 0x46, 0xc3,   \
+		0xf8, 0x7e, 0x34, 0x5a }    \
+	}, 0x01                             \
+}
+
+#define SYNT_SRVSVC_V3                      \
+{                                           \
+	{                                   \
+		0x4b324fc8, 0x1670, 0x01d3, \
+		{ 0x12, 0x78, 0x5a, 0x47,   \
+		0xbf, 0x6e, 0xe1, 0x88 }    \
+	}, 0x03                             \
+}
+
+#define SYNT_LSARPC_V0                      \
+{                                           \
+	{                                   \
+		0x12345778, 0x1234, 0xabcd, \
+		{ 0xef, 0x00, 0x01, 0x23,   \
+		0x45, 0x67, 0x89, 0xab }    \
+	}, 0x00                             \
+}
+
+#define SYNT_SAMR_V1                        \
+{                                           \
+	{                                   \
+		0x12345778, 0x1234, 0xabcd, \
+		{ 0xef, 0x00, 0x01, 0x23,   \
+		0x45, 0x67, 0x89, 0xac }    \
+	}, 0x01                             \
+}
+
+#define SYNT_NETLOGON_V1                    \
+{                                           \
+	{                                   \
+		0x12345678, 0x1234, 0xabcd, \
+		{ 0xef, 0x00, 0x01, 0x23,   \
+		0x45, 0x67, 0xcf, 0xfb }    \
+	}, 0x01                             \
+}
+
+#define SYNT_WINREG_V1                      \
+{                                           \
+	{                                   \
+		0x338cd001, 0x2244, 0x31f1, \
+		{ 0xaa, 0xaa, 0x90, 0x00,   \
+		0x38, 0x00, 0x10, 0x03 }    \
+	}, 0x01                             \
+}
+
+#define SYNT_SPOOLSS_V1                     \
+{                                           \
+	{                                   \
+		0x12345678, 0x1234, 0xabcd, \
+		{ 0xef, 0x00, 0x01, 0x23,   \
+		0x45, 0x67, 0x89, 0xab }    \
+	}, 0x01                             \
+}
+
+#define SYNT_NONE_V0                        \
+{                                           \
+	{                                   \
+		0x0, 0x0, 0x0,              \
+		{ 0x00, 0x00, 0x00, 0x00,   \
+		0x00, 0x00, 0x00, 0x00 }    \
+	}, 0x00                             \
+}
+
+#define SYNT_NETDFS_V3                      \
+{                                           \
+        {                                   \
+                0x4fc742e0, 0x4a10, 0x11cf, \
+                { 0x82, 0x73, 0x00, 0xaa,   \
+                  0x00, 0x4a, 0xe6, 0x73 }  \
+        }, 0x03                             \
+}
+
+struct pipe_id_info pipe_names [] =
+{
+	/* client pipe , abstract syntax , server pipe   , transfer syntax */
+	{ PIPE_LSARPC  , SYNT_LSARPC_V0  , PIPE_LSASS    , TRANS_SYNT_V2 },
+	{ PIPE_SAMR    , SYNT_SAMR_V1    , PIPE_LSASS    , TRANS_SYNT_V2 },
+	{ PIPE_NETLOGON, SYNT_NETLOGON_V1, PIPE_LSASS    , TRANS_SYNT_V2 },
+	{ PIPE_SRVSVC  , SYNT_SRVSVC_V3  , PIPE_NTSVCS   , TRANS_SYNT_V2 },
+	{ PIPE_WKSSVC  , SYNT_WKSSVC_V1  , PIPE_NTSVCS   , TRANS_SYNT_V2 },
+	{ PIPE_WINREG  , SYNT_WINREG_V1  , PIPE_WINREG   , TRANS_SYNT_V2 },
+	{ PIPE_SPOOLSS , SYNT_SPOOLSS_V1 , PIPE_SPOOLSS  , TRANS_SYNT_V2 },
+	{ PIPE_NETDFS  , SYNT_NETDFS_V3  , PIPE_NETDFS   , TRANS_SYNT_V2 },
+	{ NULL         , SYNT_NONE_V0    , NULL          , SYNT_NONE_V0  }
+};
+
+/*******************************************************************
+ Inits an RPC_HDR structure.
+********************************************************************/
+
+void init_rpc_hdr(RPC_HDR *hdr, enum RPC_PKT_TYPE pkt_type, uint8 flags,
+				uint32 call_id, int data_len, int auth_len)
+{
+	hdr->major        = 5;               /* RPC version 5 */
+	hdr->minor        = 0;               /* minor version 0 */
+	hdr->pkt_type     = pkt_type;        /* RPC packet type */
+	hdr->flags        = flags;           /* dce/rpc flags */
+	hdr->pack_type[0] = 0x10;            /* little-endian data representation */
+	hdr->pack_type[1] = 0;               /* packed data representation */
+	hdr->pack_type[2] = 0;               /* packed data representation */
+	hdr->pack_type[3] = 0;               /* packed data representation */
+	hdr->frag_len     = data_len;        /* fragment length, fill in later */
+	hdr->auth_len     = auth_len;        /* authentication length */
+	hdr->call_id      = call_id;         /* call identifier - match incoming RPC */
+}
+
+/*******************************************************************
+ Reads or writes an RPC_HDR structure.
+********************************************************************/
+
+BOOL smb_io_rpc_hdr(char *desc,  RPC_HDR *rpc, prs_struct *ps, int depth)
+{
+	if (rpc == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "smb_io_rpc_hdr");
+	depth++;
+
+	if(!prs_uint8 ("major     ", ps, depth, &rpc->major))
+		return False;
+
+	if(!prs_uint8 ("minor     ", ps, depth, &rpc->minor))
+		return False;
+	if(!prs_uint8 ("pkt_type  ", ps, depth, &rpc->pkt_type))
+		return False;
+	if(!prs_uint8 ("flags     ", ps, depth, &rpc->flags))
+		return False;
+
+	/* We always marshall in little endian format. */
+	if (MARSHALLING(ps))
+		rpc->pack_type[0] = 0x10;
+
+	if(!prs_uint8("pack_type0", ps, depth, &rpc->pack_type[0]))
+		return False;
+	if(!prs_uint8("pack_type1", ps, depth, &rpc->pack_type[1]))
+		return False;
+	if(!prs_uint8("pack_type2", ps, depth, &rpc->pack_type[2]))
+		return False;
+	if(!prs_uint8("pack_type3", ps, depth, &rpc->pack_type[3]))
+		return False;
+
+	/*
+	 * If reading and pack_type[0] == 0 then the data is in big-endian
+	 * format. Set the flag in the prs_struct to specify reverse-endainness.
+	 */
+
+	if (UNMARSHALLING(ps) && rpc->pack_type[0] == 0) {
+		DEBUG(10,("smb_io_rpc_hdr: PDU data format is big-endian. Setting flag.\n"));
+		prs_set_endian_data(ps, RPC_BIG_ENDIAN);
+	}
+
+	if(!prs_uint16("frag_len  ", ps, depth, &rpc->frag_len))
+		return False;
+	if(!prs_uint16("auth_len  ", ps, depth, &rpc->auth_len))
+		return False;
+	if(!prs_uint32("call_id   ", ps, depth, &rpc->call_id))
+		return False;
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes an RPC_IFACE structure.
+********************************************************************/
+
+static BOOL smb_io_rpc_iface(char *desc, RPC_IFACE *ifc, prs_struct *ps, int depth)
+{
+	if (ifc == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "smb_io_rpc_iface");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32 ("data   ", ps, depth, &ifc->uuid.time_low))
+		return False;
+	if(!prs_uint16 ("data   ", ps, depth, &ifc->uuid.time_mid))
+		return False;
+	if(!prs_uint16 ("data   ", ps, depth, &ifc->uuid.time_hi_and_version))
+		return False;
+
+	if(!prs_uint8s (False, "data   ", ps, depth, ifc->uuid.remaining, sizeof(ifc->uuid.remaining)))
+		return False;
+	if(!prs_uint32 (       "version", ps, depth, &ifc->version))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits an RPC_ADDR_STR structure.
+********************************************************************/
+
+static void init_rpc_addr_str(RPC_ADDR_STR *str, char *name)
+{
+	str->len = strlen(name) + 1;
+	fstrcpy(str->str, name);
+}
+
+/*******************************************************************
+ Reads or writes an RPC_ADDR_STR structure.
+********************************************************************/
+
+static BOOL smb_io_rpc_addr_str(char *desc,  RPC_ADDR_STR *str, prs_struct *ps, int depth)
+{
+	if (str == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "smb_io_rpc_addr_str");
+	depth++;
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint16 (      "len", ps, depth, &str->len))
+		return False;
+	if(!prs_uint8s (True, "str", ps, depth, (uchar*)str->str, MIN(str->len, sizeof(str->str)) ))
+		return False;
+	return True;
+}
+
+/*******************************************************************
+ Inits an RPC_HDR_BBA structure.
+********************************************************************/
+
+static void init_rpc_hdr_bba(RPC_HDR_BBA *bba, uint16 max_tsize, uint16 max_rsize, uint32 assoc_gid)
+{
+	bba->max_tsize = max_tsize; /* maximum transmission fragment size (0x1630) */
+	bba->max_rsize = max_rsize; /* max receive fragment size (0x1630) */   
+	bba->assoc_gid = assoc_gid; /* associated group id (0x0) */ 
+}
+
+/*******************************************************************
+ Reads or writes an RPC_HDR_BBA structure.
+********************************************************************/
+
+static BOOL smb_io_rpc_hdr_bba(char *desc,  RPC_HDR_BBA *rpc, prs_struct *ps, int depth)
+{
+	if (rpc == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "smb_io_rpc_hdr_bba");
+	depth++;
+
+	if(!prs_uint16("max_tsize", ps, depth, &rpc->max_tsize))
+		return False;
+	if(!prs_uint16("max_rsize", ps, depth, &rpc->max_rsize))
+		return False;
+	if(!prs_uint32("assoc_gid", ps, depth, &rpc->assoc_gid))
+		return False;
+	return True;
+}
+
+/*******************************************************************
+ Inits an RPC_HDR_RB structure.
+********************************************************************/
+
+void init_rpc_hdr_rb(RPC_HDR_RB *rpc, 
+				uint16 max_tsize, uint16 max_rsize, uint32 assoc_gid,
+				uint32 num_elements, uint16 context_id, uint8 num_syntaxes,
+				RPC_IFACE *abstract, RPC_IFACE *transfer)
+{
+	init_rpc_hdr_bba(&rpc->bba, max_tsize, max_rsize, assoc_gid);
+
+	rpc->num_elements = num_elements ; /* the number of elements (0x1) */
+	rpc->context_id   = context_id   ; /* presentation context identifier (0x0) */
+	rpc->num_syntaxes = num_syntaxes ; /* the number of syntaxes (has always been 1?)(0x1) */
+
+	/* num and vers. of interface client is using */
+	rpc->abstract = *abstract;
+
+	/* num and vers. of interface to use for replies */
+	rpc->transfer = *transfer;
+}
+
+/*******************************************************************
+ Reads or writes an RPC_HDR_RB structure.
+********************************************************************/
+
+BOOL smb_io_rpc_hdr_rb(char *desc, RPC_HDR_RB *rpc, prs_struct *ps, int depth)
+{
+	if (rpc == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "smb_io_rpc_hdr_rb");
+	depth++;
+
+	if(!smb_io_rpc_hdr_bba("", &rpc->bba, ps, depth))
+		return False;
+
+	if(!prs_uint32("num_elements", ps, depth, &rpc->num_elements))
+		return False;
+	if(!prs_uint16("context_id  ", ps, depth, &rpc->context_id ))
+		return False;
+	if(!prs_uint8 ("num_syntaxes", ps, depth, &rpc->num_syntaxes))
+		return False;
+
+	if(!smb_io_rpc_iface("", &rpc->abstract, ps, depth))
+		return False;
+	if(!smb_io_rpc_iface("", &rpc->transfer, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits an RPC_RESULTS structure.
+
+ lkclXXXX only one reason at the moment!
+********************************************************************/
+
+static void init_rpc_results(RPC_RESULTS *res, 
+				uint8 num_results, uint16 result, uint16 reason)
+{
+	res->num_results = num_results; /* the number of results (0x01) */
+	res->result      = result     ;  /* result (0x00 = accept) */
+	res->reason      = reason     ;  /* reason (0x00 = no reason specified) */
+}
+
+/*******************************************************************
+ Reads or writes an RPC_RESULTS structure.
+
+ lkclXXXX only one reason at the moment!
+********************************************************************/
+
+static BOOL smb_io_rpc_results(char *desc, RPC_RESULTS *res, prs_struct *ps, int depth)
+{
+	if (res == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "smb_io_rpc_results");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint8 ("num_results", ps, depth, &res->num_results))	
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint16("result     ", ps, depth, &res->result))
+		return False;
+	if(!prs_uint16("reason     ", ps, depth, &res->reason))
+		return False;
+	return True;
+}
+
+/*******************************************************************
+ Init an RPC_HDR_BA structure.
+
+ lkclXXXX only one reason at the moment!
+
+********************************************************************/
+
+void init_rpc_hdr_ba(RPC_HDR_BA *rpc, 
+				uint16 max_tsize, uint16 max_rsize, uint32 assoc_gid,
+				char *pipe_addr,
+				uint8 num_results, uint16 result, uint16 reason,
+				RPC_IFACE *transfer)
+{
+	init_rpc_hdr_bba (&rpc->bba, max_tsize, max_rsize, assoc_gid);
+	init_rpc_addr_str(&rpc->addr, pipe_addr);
+	init_rpc_results (&rpc->res, num_results, result, reason);
+
+	/* the transfer syntax from the request */
+	memcpy(&rpc->transfer, transfer, sizeof(rpc->transfer));
+}
+
+/*******************************************************************
+ Reads or writes an RPC_HDR_BA structure.
+********************************************************************/
+
+BOOL smb_io_rpc_hdr_ba(char *desc, RPC_HDR_BA *rpc, prs_struct *ps, int depth)
+{
+	if (rpc == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "smb_io_rpc_hdr_ba");
+	depth++;
+
+	if(!smb_io_rpc_hdr_bba("", &rpc->bba, ps, depth))
+		return False;
+	if(!smb_io_rpc_addr_str("", &rpc->addr, ps, depth))
+		return False;
+	if(!smb_io_rpc_results("", &rpc->res, ps, depth))
+		return False;
+	if(!smb_io_rpc_iface("", &rpc->transfer, ps, depth))
+		return False;
+	return True;
+}
+
+/*******************************************************************
+ Init an RPC_HDR_REQ structure.
+********************************************************************/
+
+void init_rpc_hdr_req(RPC_HDR_REQ *hdr, uint32 alloc_hint, uint16 opnum)
+{
+	hdr->alloc_hint   = alloc_hint; /* allocation hint */
+	hdr->context_id   = 0;         /* presentation context identifier */
+	hdr->opnum        = opnum;     /* opnum */
+}
+
+/*******************************************************************
+ Reads or writes an RPC_HDR_REQ structure.
+********************************************************************/
+
+BOOL smb_io_rpc_hdr_req(char *desc, RPC_HDR_REQ *rpc, prs_struct *ps, int depth)
+{
+	if (rpc == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "smb_io_rpc_hdr_req");
+	depth++;
+
+	if(!prs_uint32("alloc_hint", ps, depth, &rpc->alloc_hint))
+		return False;
+	if(!prs_uint16("context_id", ps, depth, &rpc->context_id))
+		return False;
+	if(!prs_uint16("opnum     ", ps, depth, &rpc->opnum))
+		return False;
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes an RPC_HDR_RESP structure.
+********************************************************************/
+
+BOOL smb_io_rpc_hdr_resp(char *desc, RPC_HDR_RESP *rpc, prs_struct *ps, int depth)
+{
+	if (rpc == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "smb_io_rpc_hdr_resp");
+	depth++;
+
+	if(!prs_uint32("alloc_hint", ps, depth, &rpc->alloc_hint))
+		return False;
+	if(!prs_uint16("context_id", ps, depth, &rpc->context_id))
+		return False;
+	if(!prs_uint8 ("cancel_ct ", ps, depth, &rpc->cancel_count))
+		return False;
+	if(!prs_uint8 ("reserved  ", ps, depth, &rpc->reserved))
+		return False;
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes an RPC_HDR_FAULT structure.
+********************************************************************/
+
+BOOL smb_io_rpc_hdr_fault(char *desc, RPC_HDR_FAULT *rpc, prs_struct *ps, int depth)
+{
+	if (rpc == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "smb_io_rpc_hdr_fault");
+	depth++;
+
+	if(!prs_ntstatus("status  ", ps, depth, &rpc->status))
+		return False;
+	if(!prs_uint32("reserved", ps, depth, &rpc->reserved))
+		return False;
+
+    return True;
+}
+
+/*******************************************************************
+ Init an RPC_HDR_AUTHA structure.
+********************************************************************/
+
+void init_rpc_hdr_autha(RPC_HDR_AUTHA *rai,
+				uint16 max_tsize, uint16 max_rsize,
+				uint8 auth_type, uint8 auth_level,
+				uint8 stub_type_len)
+{
+	rai->max_tsize = max_tsize; /* maximum transmission fragment size (0x1630) */
+	rai->max_rsize = max_rsize; /* max receive fragment size (0x1630) */   
+
+	rai->auth_type     = auth_type; /* nt lm ssp 0x0a */
+	rai->auth_level    = auth_level; /* 0x06 */
+	rai->stub_type_len = stub_type_len; /* 0x00 */
+	rai->padding       = 0; /* padding 0x00 */
+
+	rai->unknown       = 0x0014a0c0; /* non-zero pointer to something */
+}
+
+/*******************************************************************
+ Reads or writes an RPC_HDR_AUTHA structure.
+********************************************************************/
+
+BOOL smb_io_rpc_hdr_autha(char *desc, RPC_HDR_AUTHA *rai, prs_struct *ps, int depth)
+{
+	if (rai == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "smb_io_rpc_hdr_autha");
+	depth++;
+
+	if(!prs_uint16("max_tsize    ", ps, depth, &rai->max_tsize))
+		return False;
+	if(!prs_uint16("max_rsize    ", ps, depth, &rai->max_rsize))
+		return False;
+
+	if(!prs_uint8 ("auth_type    ", ps, depth, &rai->auth_type)) /* 0x0a nt lm ssp */
+		return False;
+	if(!prs_uint8 ("auth_level   ", ps, depth, &rai->auth_level)) /* 0x06 */
+		return False;
+	if(!prs_uint8 ("stub_type_len", ps, depth, &rai->stub_type_len))
+		return False;
+	if(!prs_uint8 ("padding      ", ps, depth, &rai->padding))
+		return False;
+
+	if(!prs_uint32("unknown      ", ps, depth, &rai->unknown)) /* 0x0014a0c0 */
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Checks an RPC_HDR_AUTH structure.
+********************************************************************/
+
+BOOL rpc_hdr_auth_chk(RPC_HDR_AUTH *rai)
+{
+	return (rai->auth_type == NTLMSSP_AUTH_TYPE && rai->auth_level == NTLMSSP_AUTH_LEVEL);
+}
+
+/*******************************************************************
+ Inits an RPC_HDR_AUTH structure.
+********************************************************************/
+
+void init_rpc_hdr_auth(RPC_HDR_AUTH *rai,
+				uint8 auth_type, uint8 auth_level,
+				uint8 stub_type_len,
+				uint32 ptr)
+{
+	rai->auth_type     = auth_type; /* nt lm ssp 0x0a */
+	rai->auth_level    = auth_level; /* 0x06 */
+	rai->stub_type_len = stub_type_len; /* 0x00 */
+	rai->padding       = 0; /* padding 0x00 */
+
+	rai->unknown       = ptr; /* non-zero pointer to something */
+}
+
+/*******************************************************************
+ Reads or writes an RPC_HDR_AUTH structure.
+********************************************************************/
+
+BOOL smb_io_rpc_hdr_auth(char *desc, RPC_HDR_AUTH *rai, prs_struct *ps, int depth)
+{
+	if (rai == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "smb_io_rpc_hdr_auth");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint8 ("auth_type    ", ps, depth, &rai->auth_type)) /* 0x0a nt lm ssp */
+		return False;
+	if(!prs_uint8 ("auth_level   ", ps, depth, &rai->auth_level)) /* 0x06 */
+		return False;
+	if(!prs_uint8 ("stub_type_len", ps, depth, &rai->stub_type_len))
+		return False;
+	if(!prs_uint8 ("padding      ", ps, depth, &rai->padding))
+		return False;
+
+	if(!prs_uint32("unknown      ", ps, depth, &rai->unknown)) /* 0x0014a0c0 */
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Checks an RPC_AUTH_VERIFIER structure.
+********************************************************************/
+
+BOOL rpc_auth_verifier_chk(RPC_AUTH_VERIFIER *rav,
+				char *signature, uint32 msg_type)
+{
+	return (strequal(rav->signature, signature) && rav->msg_type == msg_type);
+}
+
+/*******************************************************************
+ Inits an RPC_AUTH_VERIFIER structure.
+********************************************************************/
+
+void init_rpc_auth_verifier(RPC_AUTH_VERIFIER *rav,
+				char *signature, uint32 msg_type)
+{
+	fstrcpy(rav->signature, signature); /* "NTLMSSP" */
+	rav->msg_type = msg_type; /* NTLMSSP_MESSAGE_TYPE */
+}
+
+/*******************************************************************
+ Reads or writes an RPC_AUTH_VERIFIER structure.
+********************************************************************/
+
+BOOL smb_io_rpc_auth_verifier(char *desc, RPC_AUTH_VERIFIER *rav, prs_struct *ps, int depth)
+{
+	if (rav == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "smb_io_rpc_auth_verifier");
+	depth++;
+
+	/* "NTLMSSP" */
+	if(!prs_string("signature", ps, depth, rav->signature, strlen("NTLMSSP"),
+			sizeof(rav->signature)))
+		return False;
+	if(!prs_uint32("msg_type ", ps, depth, &rav->msg_type)) /* NTLMSSP_MESSAGE_TYPE */
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits an RPC_AUTH_NTLMSSP_NEG structure.
+********************************************************************/
+
+void init_rpc_auth_ntlmssp_neg(RPC_AUTH_NTLMSSP_NEG *neg,
+				uint32 neg_flgs,
+				fstring myname, fstring domain)
+{
+	int len_myname = strlen(myname);
+	int len_domain = strlen(domain);
+
+	neg->neg_flgs = neg_flgs ; /* 0x00b2b3 */
+
+	init_str_hdr(&neg->hdr_domain, len_domain, len_domain, 0x20 + len_myname); 
+	init_str_hdr(&neg->hdr_myname, len_myname, len_myname, 0x20); 
+
+	fstrcpy(neg->myname, myname);
+	fstrcpy(neg->domain, domain);
+}
+
+/*******************************************************************
+ Reads or writes an RPC_AUTH_NTLMSSP_NEG structure.
+
+ *** lkclXXXX HACK ALERT! ***
+********************************************************************/
+
+BOOL smb_io_rpc_auth_ntlmssp_neg(char *desc, RPC_AUTH_NTLMSSP_NEG *neg, prs_struct *ps, int depth)
+{
+	uint32 start_offset = prs_offset(ps);
+	if (neg == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "smb_io_rpc_auth_ntlmssp_neg");
+	depth++;
+
+	if(!prs_uint32("neg_flgs ", ps, depth, &neg->neg_flgs))
+		return False;
+
+	if (ps->io) {
+		uint32 old_offset;
+		uint32 old_neg_flags = neg->neg_flgs;
+
+		/* reading */
+
+		ZERO_STRUCTP(neg);
+
+		neg->neg_flgs = old_neg_flags;
+
+		if(!smb_io_strhdr("hdr_domain", &neg->hdr_domain, ps, depth))
+			return False;
+		if(!smb_io_strhdr("hdr_myname", &neg->hdr_myname, ps, depth))
+			return False;
+
+		old_offset = prs_offset(ps);
+
+		if(!prs_set_offset(ps, neg->hdr_myname.buffer + start_offset - 12))
+			return False;
+
+		if(!prs_uint8s(True, "myname", ps, depth, (uint8*)neg->myname, 
+				MIN(neg->hdr_myname.str_str_len, sizeof(neg->myname))))
+			return False;
+
+		old_offset += neg->hdr_myname.str_str_len;
+
+		if(!prs_set_offset(ps, neg->hdr_domain.buffer + start_offset - 12))
+			return False;
+
+		if(!prs_uint8s(True, "domain", ps, depth, (uint8*)neg->domain, 
+			MIN(neg->hdr_domain.str_str_len, sizeof(neg->domain  ))))
+			return False;
+
+		old_offset += neg->hdr_domain  .str_str_len;
+
+		if(!prs_set_offset(ps, old_offset))
+			return False;
+	} else {
+		/* writing */
+		if(!smb_io_strhdr("hdr_domain", &neg->hdr_domain, ps, depth))
+			return False;
+		if(!smb_io_strhdr("hdr_myname", &neg->hdr_myname, ps, depth))
+			return False;
+
+		if(!prs_uint8s(True, "myname", ps, depth, (uint8*)neg->myname, 
+					MIN(neg->hdr_myname.str_str_len, sizeof(neg->myname))))
+			return False;
+		if(!prs_uint8s(True, "domain", ps, depth, (uint8*)neg->domain, 
+					MIN(neg->hdr_domain.str_str_len, sizeof(neg->domain  ))))
+			return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+creates an RPC_AUTH_NTLMSSP_CHAL structure.
+********************************************************************/
+
+void init_rpc_auth_ntlmssp_chal(RPC_AUTH_NTLMSSP_CHAL *chl,
+				uint32 neg_flags,
+				uint8 challenge[8])
+{
+	chl->unknown_1 = 0x0; 
+	chl->unknown_2 = 0x00000028;
+	chl->neg_flags = neg_flags; /* 0x0082b1 */
+
+	memcpy(chl->challenge, challenge, sizeof(chl->challenge)); 
+	memset((char *)chl->reserved , '\0', sizeof(chl->reserved)); 
+}
+
+/*******************************************************************
+ Reads or writes an RPC_AUTH_NTLMSSP_CHAL structure.
+********************************************************************/
+
+BOOL smb_io_rpc_auth_ntlmssp_chal(char *desc, RPC_AUTH_NTLMSSP_CHAL *chl, prs_struct *ps, int depth)
+{
+	if (chl == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "smb_io_rpc_auth_ntlmssp_chal");
+	depth++;
+
+	if(!prs_uint32("unknown_1", ps, depth, &chl->unknown_1)) /* 0x0000 0000 */
+		return False;
+	if(!prs_uint32("unknown_2", ps, depth, &chl->unknown_2)) /* 0x0000 b2b3 */
+		return False;
+	if(!prs_uint32("neg_flags", ps, depth, &chl->neg_flags)) /* 0x0000 82b1 */
+		return False;
+
+	if(!prs_uint8s (False, "challenge", ps, depth, chl->challenge, sizeof(chl->challenge)))
+		return False;
+	if(!prs_uint8s (False, "reserved ", ps, depth, chl->reserved , sizeof(chl->reserved )))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits an RPC_AUTH_NTLMSSP_RESP structure.
+
+ *** lkclXXXX FUDGE!  HAVE TO MANUALLY SPECIFY OFFSET HERE (0x1c bytes) ***
+ *** lkclXXXX the actual offset is at the start of the auth verifier    ***
+********************************************************************/
+
+void init_rpc_auth_ntlmssp_resp(RPC_AUTH_NTLMSSP_RESP *rsp,
+				uchar lm_resp[24], uchar nt_resp[24],
+				char *domain, char *user, char *wks,
+				uint32 neg_flags)
+{
+	uint32 offset;
+	int dom_len = strlen(domain);
+	int wks_len = strlen(wks);
+	int usr_len = strlen(user);
+	int lm_len  = (lm_resp != NULL) ? 24 : 0;
+	int nt_len  = (nt_resp != NULL) ? 24 : 0;
+
+	DEBUG(5,("make_rpc_auth_ntlmssp_resp\n"));
+
+#ifdef DEBUG_PASSWORD
+	DEBUG(100,("lm_resp\n"));
+	dump_data(100, (char *)lm_resp, 24);
+	DEBUG(100,("nt_resp\n"));
+	dump_data(100, (char *)nt_resp, 24);
+#endif
+
+	DEBUG(6,("dom: %s user: %s wks: %s neg_flgs: 0x%x\n",
+	          domain, user, wks, neg_flags));
+
+	offset = 0x40;
+
+	if (neg_flags & NTLMSSP_NEGOTIATE_UNICODE) {
+		dom_len *= 2;
+		wks_len *= 2;
+		usr_len *= 2;
+	}
+
+	init_str_hdr(&rsp->hdr_domain, dom_len, dom_len, offset);
+	offset += dom_len;
+
+	init_str_hdr(&rsp->hdr_usr, usr_len, usr_len, offset);
+	offset += usr_len;
+
+	init_str_hdr(&rsp->hdr_wks, wks_len, wks_len, offset);
+	offset += wks_len;
+
+	init_str_hdr(&rsp->hdr_lm_resp, lm_len, lm_len, offset);
+	offset += lm_len;
+
+	init_str_hdr(&rsp->hdr_nt_resp, nt_len, nt_len, offset);
+	offset += nt_len;
+
+	init_str_hdr(&rsp->hdr_sess_key, 0, 0, offset);
+
+	rsp->neg_flags = neg_flags;
+
+	memcpy(rsp->lm_resp, lm_resp, 24);
+	memcpy(rsp->nt_resp, nt_resp, 24);
+
+	if (neg_flags & NTLMSSP_NEGOTIATE_UNICODE) {
+		rpcstr_push(rsp->domain, domain, sizeof(rsp->domain), 0);
+		rpcstr_push(rsp->user, user, sizeof(rsp->user), 0);
+		rpcstr_push(rsp->wks, wks, sizeof(rsp->wks), 0);
+	} else {
+		fstrcpy(rsp->domain, domain);
+		fstrcpy(rsp->user, user);
+		fstrcpy(rsp->wks, wks);
+	}
+	
+	rsp->sess_key[0] = 0;
+}
+
+/*******************************************************************
+ Reads or writes an RPC_AUTH_NTLMSSP_RESP structure.
+
+ *** lkclXXXX FUDGE!  HAVE TO MANUALLY SPECIFY OFFSET HERE (0x1c bytes) ***
+ *** lkclXXXX the actual offset is at the start of the auth verifier    ***
+********************************************************************/
+
+BOOL smb_io_rpc_auth_ntlmssp_resp(char *desc, RPC_AUTH_NTLMSSP_RESP *rsp, prs_struct *ps, int depth)
+{
+	if (rsp == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "smb_io_rpc_auth_ntlmssp_resp");
+	depth++;
+
+	if (ps->io) {
+		uint32 old_offset;
+
+		/* reading */
+
+		ZERO_STRUCTP(rsp);
+
+		if(!smb_io_strhdr("hdr_lm_resp ", &rsp->hdr_lm_resp, ps, depth))
+			return False;
+		if(!smb_io_strhdr("hdr_nt_resp ", &rsp->hdr_nt_resp, ps, depth))
+			return False;
+		if(!smb_io_strhdr("hdr_domain  ", &rsp->hdr_domain, ps, depth))
+			return False;
+		if(!smb_io_strhdr("hdr_user    ", &rsp->hdr_usr, ps, depth))
+			return False;
+		if(!smb_io_strhdr("hdr_wks     ", &rsp->hdr_wks, ps, depth)) 
+			return False;
+		if(!smb_io_strhdr("hdr_sess_key", &rsp->hdr_sess_key, ps, depth))
+			return False;
+
+		if(!prs_uint32("neg_flags", ps, depth, &rsp->neg_flags)) /* 0x0000 82b1 */
+			return False;
+
+		old_offset = prs_offset(ps);
+
+		if(!prs_set_offset(ps, rsp->hdr_domain.buffer + 0xc))
+			return False;
+
+		if(!prs_uint8s(True , "domain  ", ps, depth, (uint8*)rsp->domain,
+				MIN(rsp->hdr_domain.str_str_len, sizeof(rsp->domain))))
+			return False;
+
+		old_offset += rsp->hdr_domain.str_str_len;
+
+		if(!prs_set_offset(ps, rsp->hdr_usr.buffer + 0xc))
+			return False;
+
+		if(!prs_uint8s(True , "user    ", ps, depth, (uint8*)rsp->user,
+				MIN(rsp->hdr_usr.str_str_len, sizeof(rsp->user))))
+			return False;
+
+		old_offset += rsp->hdr_usr.str_str_len;
+
+		if(!prs_set_offset(ps, rsp->hdr_wks.buffer + 0xc))
+			return False;
+
+		if(!prs_uint8s(True, "wks     ", ps, depth, (uint8*)rsp->wks,
+				MIN(rsp->hdr_wks.str_str_len, sizeof(rsp->wks))))
+			return False;
+
+		old_offset += rsp->hdr_wks.str_str_len;
+
+		if(!prs_set_offset(ps, rsp->hdr_lm_resp.buffer + 0xc))
+			return False;
+
+		if(!prs_uint8s(False, "lm_resp ", ps, depth, (uint8*)rsp->lm_resp,
+				MIN(rsp->hdr_lm_resp.str_str_len, sizeof(rsp->lm_resp ))))
+			return False;
+
+		old_offset += rsp->hdr_lm_resp.str_str_len;
+
+		if(!prs_set_offset(ps, rsp->hdr_nt_resp.buffer + 0xc))
+			return False;
+
+		if(!prs_uint8s(False, "nt_resp ", ps, depth, (uint8*)rsp->nt_resp,
+				MIN(rsp->hdr_nt_resp.str_str_len, sizeof(rsp->nt_resp ))))
+			return False;
+
+		old_offset += rsp->hdr_nt_resp.str_str_len;
+
+		if (rsp->hdr_sess_key.str_str_len != 0) {
+
+			if(!prs_set_offset(ps, rsp->hdr_sess_key.buffer + 0x10))
+				return False;
+
+			old_offset += rsp->hdr_sess_key.str_str_len;
+
+			if(!prs_uint8s(False, "sess_key", ps, depth, (uint8*)rsp->sess_key,
+					MIN(rsp->hdr_sess_key.str_str_len, sizeof(rsp->sess_key))))
+				return False;
+		}
+
+		if(!prs_set_offset(ps, old_offset))
+			return False;
+	} else {
+		/* writing */
+		if(!smb_io_strhdr("hdr_lm_resp ", &rsp->hdr_lm_resp, ps, depth))
+			return False;
+		if(!smb_io_strhdr("hdr_nt_resp ", &rsp->hdr_nt_resp, ps, depth))
+			return False;
+		if(!smb_io_strhdr("hdr_domain  ", &rsp->hdr_domain, ps, depth))
+			return False;
+		if(!smb_io_strhdr("hdr_user    ", &rsp->hdr_usr, ps, depth))
+			return False;
+		if(!smb_io_strhdr("hdr_wks     ", &rsp->hdr_wks, ps, depth))
+			return False;
+		if(!smb_io_strhdr("hdr_sess_key", &rsp->hdr_sess_key, ps, depth))
+			return False;
+
+		if(!prs_uint32("neg_flags", ps, depth, &rsp->neg_flags)) /* 0x0000 82b1 */
+			return False;
+
+		if(!prs_uint8s(True , "domain  ", ps, depth, (uint8*)rsp->domain,
+				MIN(rsp->hdr_domain.str_str_len, sizeof(rsp->domain))))
+			return False;
+
+		if(!prs_uint8s(True , "user    ", ps, depth, (uint8*)rsp->user,
+				MIN(rsp->hdr_usr.str_str_len, sizeof(rsp->user))))
+			return False;
+
+		if(!prs_uint8s(True , "wks     ", ps, depth, (uint8*)rsp->wks,
+				MIN(rsp->hdr_wks.str_str_len, sizeof(rsp->wks))))
+			return False;
+		if(!prs_uint8s(False, "lm_resp ", ps, depth, (uint8*)rsp->lm_resp,
+				MIN(rsp->hdr_lm_resp .str_str_len, sizeof(rsp->lm_resp))))
+			return False;
+		if(!prs_uint8s(False, "nt_resp ", ps, depth, (uint8*)rsp->nt_resp,
+				MIN(rsp->hdr_nt_resp .str_str_len, sizeof(rsp->nt_resp ))))
+			return False;
+		if(!prs_uint8s(False, "sess_key", ps, depth, (uint8*)rsp->sess_key,
+				MIN(rsp->hdr_sess_key.str_str_len, sizeof(rsp->sess_key))))
+			return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ Checks an RPC_AUTH_NTLMSSP_CHK structure.
+********************************************************************/
+
+BOOL rpc_auth_ntlmssp_chk(RPC_AUTH_NTLMSSP_CHK *chk, uint32 crc32, uint32 seq_num)
+{
+	if (chk == NULL)
+		return False;
+
+	if (chk->crc32 != crc32 ||
+	    chk->ver   != NTLMSSP_SIGN_VERSION ||
+	    chk->seq_num != seq_num)
+	{
+		DEBUG(5,("verify failed - crc %x ver %x seq %d\n",
+			crc32, NTLMSSP_SIGN_VERSION, seq_num));
+		DEBUG(5,("verify expect - crc %x ver %x seq %d\n",
+			chk->crc32, chk->ver, chk->seq_num));
+		return False;
+	}
+	return True;
+}
+
+/*******************************************************************
+ Inits an RPC_AUTH_NTLMSSP_CHK structure.
+********************************************************************/
+
+void init_rpc_auth_ntlmssp_chk(RPC_AUTH_NTLMSSP_CHK *chk,
+				uint32 ver, uint32 crc32, uint32 seq_num)
+{
+	chk->ver      = ver;
+	chk->reserved = 0x0;
+	chk->crc32    = crc32;
+	chk->seq_num  = seq_num;
+}
+
+/*******************************************************************
+ Reads or writes an RPC_AUTH_NTLMSSP_CHK structure.
+********************************************************************/
+
+BOOL smb_io_rpc_auth_ntlmssp_chk(char *desc, RPC_AUTH_NTLMSSP_CHK *chk, prs_struct *ps, int depth)
+{
+	if (chk == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "smb_io_rpc_auth_ntlmssp_chk");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ver     ", ps, depth, &chk->ver))
+		return False;
+	if(!prs_uint32("reserved", ps, depth, &chk->reserved))
+		return False;
+	if(!prs_uint32("crc32   ", ps, depth, &chk->crc32))
+		return False;
+	if(!prs_uint32("seq_num ", ps, depth, &chk->seq_num))
+		return False;
+
+	return True;
+}
diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c
new file mode 100644
index 0000000000..4edc0678af
--- /dev/null
+++ b/source3/rpc_parse/parse_samr.c
@@ -0,0 +1,7169 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell              1992-2000,
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-2000,
+ *  Copyright (C) Paul Ashton                  1997-2000,
+ *  Copyright (C) Elrond                            2000,
+ *  Copyright (C) Jeremy Allison                    2001
+ *  Copyright (C) Jean François Micouleau      1998-2001.
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+#include "rpc_parse.h"
+#include "nterr.h"
+
+/*******************************************************************
+inits a SAMR_Q_CLOSE_HND structure.
+********************************************************************/
+
+void init_samr_q_close_hnd(SAMR_Q_CLOSE_HND * q_c, POLICY_HND *hnd)
+{
+	DEBUG(5, ("init_samr_q_close_hnd\n"));
+	
+	q_c->pol = *hnd;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_q_close_hnd(char *desc, SAMR_Q_CLOSE_HND * q_u,
+			 prs_struct *ps, int depth)
+{
+	if (q_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_close_hnd");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	return smb_io_pol_hnd("pol", &q_u->pol, ps, depth);
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_close_hnd(char *desc, SAMR_R_CLOSE_HND * r_u,
+			 prs_struct *ps, int depth)
+{
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_close_hnd");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("pol", &r_u->pol, ps, depth))
+		return False;
+
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_Q_LOOKUP_DOMAIN structure.
+********************************************************************/
+
+void init_samr_q_lookup_domain(SAMR_Q_LOOKUP_DOMAIN * q_u,
+			       POLICY_HND *pol, char *dom_name)
+{
+	int len_name = strlen(dom_name);
+
+	DEBUG(5, ("init_samr_q_lookup_domain\n"));
+
+	q_u->connect_pol = *pol;
+
+	init_uni_hdr(&q_u->hdr_domain, len_name);
+	init_unistr2(&q_u->uni_domain, dom_name, len_name);
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+BOOL samr_io_q_lookup_domain(char *desc, SAMR_Q_LOOKUP_DOMAIN * q_u,
+			     prs_struct *ps, int depth)
+{
+	if (q_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_lookup_domain");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("connect_pol", &q_u->connect_pol, ps, depth))
+		return False;
+
+	if(!smb_io_unihdr("hdr_domain", &q_u->hdr_domain, ps, depth))
+		return False;
+
+	if(!smb_io_unistr2("uni_domain", &q_u->uni_domain, q_u->hdr_domain.buffer, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_R_LOOKUP_DOMAIN structure.
+********************************************************************/
+
+void init_samr_r_lookup_domain(SAMR_R_LOOKUP_DOMAIN * r_u,
+			       DOM_SID *dom_sid, NTSTATUS status)
+{
+	DEBUG(5, ("init_samr_r_lookup_domain\n"));
+
+	r_u->status = status;
+	r_u->ptr_sid = 0;
+	if (NT_STATUS_IS_OK(status)) {
+		r_u->ptr_sid = 1;
+		init_dom_sid2(&r_u->dom_sid, dom_sid);
+	}
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_lookup_domain(char *desc, SAMR_R_LOOKUP_DOMAIN * r_u,
+			     prs_struct *ps, int depth)
+{
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_lookup_domain");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr", ps, depth, &r_u->ptr_sid))
+		return False;
+
+	if (r_u->ptr_sid != 0) {
+		if(!smb_io_dom_sid2("sid", &r_u->dom_sid, ps, depth))
+			return False;
+		if(!prs_align(ps))
+			return False;
+	}
+
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+void init_samr_q_unknown_2d(SAMR_Q_UNKNOWN_2D * q_u, POLICY_HND *dom_pol, DOM_SID *sid)
+{
+	DEBUG(5, ("samr_init_samr_q_unknown_2d\n"));
+
+	q_u->dom_pol = *dom_pol;
+	init_dom_sid2(&q_u->sid, sid);
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_q_unknown_2d(char *desc, SAMR_Q_UNKNOWN_2D * q_u,
+			  prs_struct *ps, int depth)
+{
+	if (q_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_unknown_2d");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("domain_pol", &q_u->dom_pol, ps, depth))
+		return False;
+
+	if(!smb_io_dom_sid2("sid", &q_u->sid, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_unknown_2d(char *desc, SAMR_R_UNKNOWN_2D * r_u,
+			  prs_struct *ps, int depth)
+{
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_unknown_2d");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+void init_samr_q_open_domain(SAMR_Q_OPEN_DOMAIN * q_u,
+			     POLICY_HND *pol, uint32 flags,
+			     const DOM_SID *sid)
+{
+	DEBUG(5, ("samr_init_samr_q_open_domain\n"));
+
+	q_u->pol = *pol;
+	q_u->flags = flags;
+	init_dom_sid2(&q_u->dom_sid, sid);
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_q_open_domain(char *desc, SAMR_Q_OPEN_DOMAIN * q_u,
+			   prs_struct *ps, int depth)
+{
+	if (q_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_open_domain");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("pol", &q_u->pol, ps, depth))
+		return False;
+
+	if(!prs_uint32("flags", ps, depth, &q_u->flags))
+		return False;
+
+	if(!smb_io_dom_sid2("sid", &q_u->dom_sid, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_open_domain(char *desc, SAMR_R_OPEN_DOMAIN * r_u,
+			   prs_struct *ps, int depth)
+{
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_open_domain");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("domain_pol", &r_u->domain_pol, ps, depth))
+		return False;
+
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+void init_samr_q_get_usrdom_pwinfo(SAMR_Q_GET_USRDOM_PWINFO * q_u,
+				   POLICY_HND *user_pol)
+{
+	DEBUG(5, ("samr_init_samr_q_get_usrdom_pwinfo\n"));
+
+	q_u->user_pol = *user_pol;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_q_get_usrdom_pwinfo(char *desc, SAMR_Q_GET_USRDOM_PWINFO * q_u,
+				 prs_struct *ps, int depth)
+{
+	if (q_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_get_usrdom_pwinfo");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	return smb_io_pol_hnd("user_pol", &q_u->user_pol, ps, depth);
+}
+
+/*******************************************************************
+ Init.
+********************************************************************/
+
+void init_samr_r_get_usrdom_pwinfo(SAMR_R_GET_USRDOM_PWINFO *r_u, NTSTATUS status)
+{
+	DEBUG(5, ("init_samr_r_get_usrdom_pwinfo\n"));
+	
+	r_u->unknown_0 = 0x0000;
+
+	/*
+	 * used to be 	
+	 * r_u->unknown_1 = 0x0015;
+	 * but for trusts.
+	 */
+	r_u->unknown_1 = 0x01D1;
+	r_u->unknown_1 = 0x0015;
+
+	r_u->unknown_2 = 0x00000000;
+
+	r_u->status = status;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_get_usrdom_pwinfo(char *desc, SAMR_R_GET_USRDOM_PWINFO * r_u,
+				 prs_struct *ps, int depth)
+{
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_get_usrdom_pwinfo");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint16("unknown_0", ps, depth, &r_u->unknown_0))
+		return False;
+	if(!prs_uint16("unknown_1", ps, depth, &r_u->unknown_1))
+		return False;
+	if(!prs_uint32("unknown_2", ps, depth, &r_u->unknown_2))
+		return False;
+	if(!prs_ntstatus("status   ", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+void init_samr_q_query_sec_obj(SAMR_Q_QUERY_SEC_OBJ * q_u,
+			       POLICY_HND *user_pol, uint32 sec_info)
+{
+	DEBUG(5, ("samr_init_samr_q_query_sec_obj\n"));
+
+	q_u->user_pol = *user_pol;
+	q_u->sec_info = sec_info;
+}
+
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_q_query_sec_obj(char *desc, SAMR_Q_QUERY_SEC_OBJ * q_u,
+			     prs_struct *ps, int depth)
+{
+	if (q_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_query_sec_obj");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("user_pol", &q_u->user_pol, ps, depth))
+		return False;
+
+	if(!prs_uint32("sec_info", ps, depth, &q_u->sec_info))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+void init_samr_q_query_dom_info(SAMR_Q_QUERY_DOMAIN_INFO * q_u,
+				POLICY_HND *domain_pol, uint16 switch_value)
+{
+	DEBUG(5, ("samr_init_samr_q_query_dom_info\n"));
+
+	q_u->domain_pol = *domain_pol;
+	q_u->switch_value = switch_value;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_q_query_dom_info(char *desc, SAMR_Q_QUERY_DOMAIN_INFO * q_u,
+			      prs_struct *ps, int depth)
+{
+	if (q_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_query_dom_info");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("domain_pol", &q_u->domain_pol, ps, depth))
+		return False;
+
+	if(!prs_uint16("switch_value", ps, depth, &q_u->switch_value))
+		return False;
+
+	return True;
+}
+
+
+/*******************************************************************
+inits a structure.
+********************************************************************/
+
+void init_unk_info3(SAM_UNK_INFO_3 *u_3, NTTIME nt_logout)
+{
+	u_3->logout.low = nt_logout.low;
+	u_3->logout.high = nt_logout.high;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+static BOOL sam_io_unk_info3(char *desc, SAM_UNK_INFO_3 * u_3,
+			     prs_struct *ps, int depth)
+{
+	if (u_3 == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "sam_io_unk_info3");
+	depth++;
+
+	if(!smb_io_time("logout", &u_3->logout, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a structure.
+********************************************************************/
+
+void init_unk_info6(SAM_UNK_INFO_6 * u_6)
+{
+	u_6->unknown_0 = 0x00000000;
+	u_6->ptr_0 = 1;
+	memset(u_6->padding, 0, sizeof(u_6->padding));	/* 12 bytes zeros */
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+static BOOL sam_io_unk_info6(char *desc, SAM_UNK_INFO_6 * u_6,
+			     prs_struct *ps, int depth)
+{
+	if (u_6 == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "sam_io_unk_info6");
+	depth++;
+
+	if(!prs_uint32("unknown_0", ps, depth, &u_6->unknown_0)) /* 0x0000 0000 */
+		return False;
+	if(!prs_uint32("ptr_0", ps, depth, &u_6->ptr_0)) /* pointer to unknown structure */
+		return False;
+	if(!prs_uint8s(False, "padding", ps, depth, u_6->padding, sizeof(u_6->padding)))	/* 12 bytes zeros */
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a structure.
+********************************************************************/
+
+void init_unk_info7(SAM_UNK_INFO_7 * u_7)
+{
+	u_7->unknown_0 = 0x0003;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+static BOOL sam_io_unk_info7(char *desc, SAM_UNK_INFO_7 * u_7,
+			     prs_struct *ps, int depth)
+{
+	if (u_7 == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "sam_io_unk_info7");
+	depth++;
+
+	if(!prs_uint16("unknown_0", ps, depth, &u_7->unknown_0)) /* 0x0003 */
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a structure.
+********************************************************************/
+
+void init_unk_info12(SAM_UNK_INFO_12 * u_12, NTTIME nt_lock_duration, NTTIME nt_reset_time, uint16 lockout)
+{
+	u_12->duration.low = nt_lock_duration.low;
+	u_12->duration.high = nt_lock_duration.high;
+	u_12->reset_count.low = nt_reset_time.low;
+	u_12->reset_count.high = nt_reset_time.high;
+
+	u_12->bad_attempt_lockout = lockout;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+static BOOL sam_io_unk_info12(char *desc, SAM_UNK_INFO_12 * u_12,
+			      prs_struct *ps, int depth)
+{
+	if (u_12 == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "sam_io_unk_info12");
+	depth++;
+
+	if(!smb_io_time("duration", &u_12->duration, ps, depth))
+		return False;
+	if(!smb_io_time("reset_count", &u_12->reset_count, ps, depth))
+		return False;
+	if(!prs_uint16("bad_attempt_lockout", ps, depth, &u_12->bad_attempt_lockout))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a structure.
+********************************************************************/
+void init_unk_info5(SAM_UNK_INFO_5 * u_5,char *server)
+{
+	int len_server = strlen(server);
+
+	init_uni_hdr(&u_5->hdr_server, len_server);
+
+	init_unistr2(&u_5->uni_server, server, len_server);
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+static BOOL sam_io_unk_info5(char *desc, SAM_UNK_INFO_5 * u_5,
+			     prs_struct *ps, int depth)
+{
+	if (u_5 == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "sam_io_unk_info5");
+	depth++;
+
+	if(!smb_io_unihdr("hdr_server", &u_5->hdr_server, ps, depth))
+		return False;
+
+	if(!smb_io_unistr2("uni_server", &u_5->uni_server, u_5->hdr_server.buffer, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a structure.
+********************************************************************/
+void init_unk_info2(SAM_UNK_INFO_2 * u_2,
+			char *domain, char *server,
+			uint32 seq_num, uint32 num_users, uint32 num_groups, uint32 num_alias)
+{
+	int len_domain = strlen(domain);
+	int len_server = strlen(server);
+
+	u_2->unknown_0 = 0x00000000;
+	u_2->unknown_1 = 0x80000000;
+	u_2->unknown_2 = 0x00000000;
+
+	u_2->ptr_0 = 1;
+	init_uni_hdr(&u_2->hdr_domain, len_domain);
+	init_uni_hdr(&u_2->hdr_server, len_server);
+
+	u_2->seq_num = seq_num;
+	u_2->unknown_3 = 0x00000000;
+
+	u_2->unknown_4 = 0x00000001;
+	u_2->unknown_5 = 0x00000003;
+	u_2->unknown_6 = 0x00000001;
+	u_2->num_domain_usrs = num_users;
+	u_2->num_domain_grps = num_groups;
+	u_2->num_local_grps = num_alias;
+
+	memset(u_2->padding, 0, sizeof(u_2->padding));	/* 12 bytes zeros */
+
+	init_unistr2(&u_2->uni_domain, domain, len_domain);
+	init_unistr2(&u_2->uni_server, server, len_server);
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+static BOOL sam_io_unk_info2(char *desc, SAM_UNK_INFO_2 * u_2,
+			     prs_struct *ps, int depth)
+{
+	if (u_2 == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "sam_io_unk_info2");
+	depth++;
+
+	if(!prs_uint32("unknown_0", ps, depth, &u_2->unknown_0)) /* 0x0000 0000 */
+		return False;
+	if(!prs_uint32("unknown_1", ps, depth, &u_2->unknown_1)) /* 0x8000 0000 */
+		return False;
+	if(!prs_uint32("unknown_2", ps, depth, &u_2->unknown_2))	/* 0x0000 0000 */
+		return False;
+
+	if(!prs_uint32("ptr_0", ps, depth, &u_2->ptr_0))
+		return False;
+	if(!smb_io_unihdr("hdr_domain", &u_2->hdr_domain, ps, depth))
+		return False;
+	if(!smb_io_unihdr("hdr_server", &u_2->hdr_server, ps, depth))
+		return False;
+
+	/* put all the data in here, at the moment, including what the above
+	   pointer is referring to
+	 */
+
+	if(!prs_uint32("seq_num ", ps, depth, &u_2->seq_num))	/* 0x0000 0099 or 0x1000 0000 */
+		return False;
+	if(!prs_uint32("unknown_3 ", ps, depth, &u_2->unknown_3))	/* 0x0000 0000 */
+		return False;
+
+	if(!prs_uint32("unknown_4 ", ps, depth, &u_2->unknown_4)) /* 0x0000 0001 */
+		return False;
+	if(!prs_uint32("unknown_5 ", ps, depth, &u_2->unknown_5)) /* 0x0000 0003 */
+		return False;
+	if(!prs_uint32("unknown_6 ", ps, depth, &u_2->unknown_6)) /* 0x0000 0001 */
+		return False;
+	if(!prs_uint32("num_domain_usrs ", ps, depth, &u_2->num_domain_usrs))
+		return False;
+	if(!prs_uint32("num_domain_grps", ps, depth, &u_2->num_domain_grps))
+		return False;
+	if(!prs_uint32("num_local_grps", ps, depth, &u_2->num_local_grps))
+		return False;
+
+	if(!prs_uint8s(False, "padding", ps, depth, u_2->padding,sizeof(u_2->padding)))
+		return False;
+
+	if(!smb_io_unistr2("uni_domain", &u_2->uni_domain, u_2->hdr_domain.buffer, ps, depth))
+		return False;
+	if(!smb_io_unistr2("uni_server", &u_2->uni_server, u_2->hdr_server.buffer, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a structure.
+********************************************************************/
+
+void init_unk_info1(SAM_UNK_INFO_1 *u_1, uint16 min_pass_len, uint16 pass_hist, 
+		    uint32 flag, NTTIME nt_expire, NTTIME nt_min_age)
+{
+	u_1->min_length_password = min_pass_len;
+	u_1->password_history = pass_hist;
+	u_1->flag = flag;
+	
+	/* password never expire */
+	u_1->expire.high = nt_expire.high;
+	u_1->expire.low = nt_expire.low;
+	
+	/* can change the password now */
+	u_1->min_passwordage.high = nt_min_age.high;
+	u_1->min_passwordage.low = nt_min_age.low;
+	
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+static BOOL sam_io_unk_info1(char *desc, SAM_UNK_INFO_1 * u_1,
+			     prs_struct *ps, int depth)
+{
+	if (u_1 == NULL)
+	  return False;
+
+	prs_debug(ps, depth, desc, "sam_io_unk_info1");
+	depth++;
+
+	if(!prs_uint16("min_length_password", ps, depth, &u_1->min_length_password))
+		return False;
+	if(!prs_uint16("password_history", ps, depth, &u_1->password_history))
+		return False;
+	if(!prs_uint32("flag", ps, depth, &u_1->flag))
+		return False;
+	if(!smb_io_time("expire", &u_1->expire, ps, depth))
+		return False;
+	if(!smb_io_time("min_passwordage", &u_1->min_passwordage, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_R_QUERY_DOMAIN_INFO structure.
+********************************************************************/
+
+void init_samr_r_query_dom_info(SAMR_R_QUERY_DOMAIN_INFO * r_u,
+				uint16 switch_value, SAM_UNK_CTR * ctr,
+				NTSTATUS status)
+{
+	DEBUG(5, ("init_samr_r_query_dom_info\n"));
+
+	r_u->ptr_0 = 0;
+	r_u->switch_value = 0;
+	r_u->status = status;	/* return status */
+
+	if (NT_STATUS_IS_OK(status)) {
+		r_u->switch_value = switch_value;
+		r_u->ptr_0 = 1;
+		r_u->ctr = ctr;
+	}
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_query_dom_info(char *desc, SAMR_R_QUERY_DOMAIN_INFO * r_u,
+			      prs_struct *ps, int depth)
+{
+        if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_query_dom_info");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_0 ", ps, depth, &r_u->ptr_0))
+		return False;
+
+	if (r_u->ptr_0 != 0 && r_u->ctr != NULL) {
+		if(!prs_uint16("switch_value", ps, depth, &r_u->switch_value))
+			return False;
+		if(!prs_align(ps))
+			return False;
+
+		switch (r_u->switch_value) {
+		case 0x0c:
+			if(!sam_io_unk_info12("unk_inf12", &r_u->ctr->info.inf12, ps, depth))
+				return False;
+			break;
+		case 0x07:
+			if(!sam_io_unk_info7("unk_inf7",&r_u->ctr->info.inf7, ps,depth))
+				return False;
+			break;
+		case 0x06:
+			if(!sam_io_unk_info6("unk_inf6",&r_u->ctr->info.inf6, ps,depth))
+				return False;
+			break;
+		case 0x05:
+			if(!sam_io_unk_info5("unk_inf5",&r_u->ctr->info.inf5, ps,depth))
+				return False;
+			break;
+		case 0x03:
+			if(!sam_io_unk_info3("unk_inf3",&r_u->ctr->info.inf3, ps,depth))
+				return False;
+			break;
+		case 0x02:
+			if(!sam_io_unk_info2("unk_inf2",&r_u->ctr->info.inf2, ps,depth))
+				return False;
+			break;
+		case 0x01:
+			if(!sam_io_unk_info1("unk_inf1",&r_u->ctr->info.inf1, ps,depth))
+				return False;
+			break;
+		default:
+			DEBUG(0, ("samr_io_r_query_dom_info: unknown switch level 0x%x\n",
+				r_u->switch_value));
+			r_u->status = NT_STATUS_INVALID_INFO_CLASS;
+			return False;
+		}
+	}
+	
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+	
+	return True;
+}
+
+/*******************************************************************
+reads or writes a SAMR_R_QUERY_SEC_OBJ structure.
+********************************************************************/
+
+BOOL samr_io_r_query_sec_obj(char *desc, SAMR_R_QUERY_SEC_OBJ * r_u,
+			     prs_struct *ps, int depth)
+{
+	if (r_u == NULL)
+		return False;
+  
+	prs_debug(ps, depth, desc, "samr_io_r_query_sec_obj");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr", ps, depth, &r_u->ptr))
+		return False;
+	if (r_u->ptr != 0) {
+		if(!sec_io_desc_buf("sec", &r_u->buf, ps, depth))
+			return False;
+	}
+
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a SAM_STR1 structure.
+********************************************************************/
+
+static BOOL sam_io_sam_str1(char *desc, SAM_STR1 * sam, uint32 acct_buf,
+			    uint32 name_buf, uint32 desc_buf,
+			    prs_struct *ps, int depth)
+{
+	if (sam == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "sam_io_sam_str1");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	if (!smb_io_unistr2("name", &sam->uni_acct_name, acct_buf, ps, depth))
+		return False;
+
+	if (!smb_io_unistr2("desc", &sam->uni_acct_desc, desc_buf, ps, depth))
+		return False;
+
+	if (!smb_io_unistr2("full", &sam->uni_full_name, name_buf, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAM_ENTRY1 structure.
+********************************************************************/
+
+static void init_sam_entry1(SAM_ENTRY1 * sam, uint32 user_idx,
+			    uint32 len_sam_name, uint32 len_sam_full,
+			    uint32 len_sam_desc, uint32 rid_user,
+			    uint16 acb_info)
+{
+	DEBUG(5, ("init_sam_entry1\n"));
+
+	ZERO_STRUCTP(sam);
+
+	sam->user_idx = user_idx;
+	sam->rid_user = rid_user;
+	sam->acb_info = acb_info;
+
+	init_uni_hdr(&sam->hdr_acct_name, len_sam_name);
+	init_uni_hdr(&sam->hdr_user_name, len_sam_full);
+	init_uni_hdr(&sam->hdr_user_desc, len_sam_desc);
+}
+
+/*******************************************************************
+reads or writes a SAM_ENTRY1 structure.
+********************************************************************/
+
+static BOOL sam_io_sam_entry1(char *desc, SAM_ENTRY1 * sam,
+			      prs_struct *ps, int depth)
+{
+	if (sam == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "sam_io_sam_entry1");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("user_idx ", ps, depth, &sam->user_idx))
+		return False;
+
+	if(!prs_uint32("rid_user ", ps, depth, &sam->rid_user))
+		return False;
+	if(!prs_uint16("acb_info ", ps, depth, &sam->acb_info))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if (!smb_io_unihdr("hdr_acct_name", &sam->hdr_acct_name, ps, depth))
+		return False;
+	if (!smb_io_unihdr("hdr_user_desc", &sam->hdr_user_desc, ps, depth))
+		return False;
+	if (!smb_io_unihdr("hdr_user_name", &sam->hdr_user_name, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a SAM_STR2 structure.
+********************************************************************/
+
+static BOOL sam_io_sam_str2(char *desc, SAM_STR2 * sam, uint32 acct_buf,
+			    uint32 desc_buf, prs_struct *ps, int depth)
+{
+	if (sam == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "sam_io_sam_str2");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_unistr2("uni_srv_name", &sam->uni_srv_name, acct_buf, ps, depth)) /* account name unicode string */
+		return False;
+	if(!smb_io_unistr2("uni_srv_desc", &sam->uni_srv_desc, desc_buf, ps, depth))	/* account desc unicode string */
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAM_ENTRY2 structure.
+********************************************************************/
+static void init_sam_entry2(SAM_ENTRY2 * sam, uint32 user_idx,
+			    uint32 len_sam_name, uint32 len_sam_desc,
+			    uint32 rid_user, uint16 acb_info)
+{
+	DEBUG(5, ("init_sam_entry2\n"));
+
+	sam->user_idx = user_idx;
+	sam->rid_user = rid_user;
+	sam->acb_info = acb_info;
+
+	init_uni_hdr(&sam->hdr_srv_name, len_sam_name);
+	init_uni_hdr(&sam->hdr_srv_desc, len_sam_desc);
+}
+
+/*******************************************************************
+reads or writes a SAM_ENTRY2 structure.
+********************************************************************/
+
+static BOOL sam_io_sam_entry2(char *desc, SAM_ENTRY2 * sam,
+			      prs_struct *ps, int depth)
+{
+	if (sam == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "sam_io_sam_entry2");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("user_idx ", ps, depth, &sam->user_idx))
+		return False;
+
+	if(!prs_uint32("rid_user ", ps, depth, &sam->rid_user))
+		return False;
+	if(!prs_uint16("acb_info ", ps, depth, &sam->acb_info))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_unihdr("unihdr", &sam->hdr_srv_name, ps, depth))	/* account name unicode string header */
+		return False;
+	if(!smb_io_unihdr("unihdr", &sam->hdr_srv_desc, ps, depth))	/* account name unicode string header */
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a SAM_STR3 structure.
+********************************************************************/
+
+static BOOL sam_io_sam_str3(char *desc, SAM_STR3 * sam, uint32 acct_buf,
+			    uint32 desc_buf, prs_struct *ps, int depth)
+{
+	if (sam == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "sam_io_sam_str3");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_unistr2("uni_grp_name", &sam->uni_grp_name, acct_buf, ps, depth))	/* account name unicode string */
+		return False;
+	if(!smb_io_unistr2("uni_grp_desc", &sam->uni_grp_desc, desc_buf, ps, depth))	/* account desc unicode string */
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAM_ENTRY3 structure.
+********************************************************************/
+
+static void init_sam_entry3(SAM_ENTRY3 * sam, uint32 grp_idx,
+			    uint32 len_grp_name, uint32 len_grp_desc,
+			    uint32 rid_grp)
+{
+	DEBUG(5, ("init_sam_entry3\n"));
+
+	sam->grp_idx = grp_idx;
+	sam->rid_grp = rid_grp;
+	sam->attr = 0x07;	/* group rid attributes - gets ignored by nt 4.0 */
+
+	init_uni_hdr(&sam->hdr_grp_name, len_grp_name);
+	init_uni_hdr(&sam->hdr_grp_desc, len_grp_desc);
+}
+
+/*******************************************************************
+reads or writes a SAM_ENTRY3 structure.
+********************************************************************/
+
+static BOOL sam_io_sam_entry3(char *desc, SAM_ENTRY3 * sam,
+			      prs_struct *ps, int depth)
+{
+	if (sam == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "sam_io_sam_entry3");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("grp_idx", ps, depth, &sam->grp_idx))
+		return False;
+
+	if(!prs_uint32("rid_grp", ps, depth, &sam->rid_grp))
+		return False;
+	if(!prs_uint32("attr   ", ps, depth, &sam->attr))
+		return False;
+
+	if(!smb_io_unihdr("unihdr", &sam->hdr_grp_name, ps, depth))	/* account name unicode string header */
+		return False;
+	if(!smb_io_unihdr("unihdr", &sam->hdr_grp_desc, ps, depth))	/* account name unicode string header */
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAM_ENTRY4 structure.
+********************************************************************/
+
+static void init_sam_entry4(SAM_ENTRY4 * sam, uint32 user_idx,
+			    uint32 len_acct_name)
+{
+	DEBUG(5, ("init_sam_entry4\n"));
+
+	sam->user_idx = user_idx;
+	init_str_hdr(&sam->hdr_acct_name, len_acct_name+1, len_acct_name, len_acct_name != 0);
+}
+
+/*******************************************************************
+reads or writes a SAM_ENTRY4 structure.
+********************************************************************/
+
+static BOOL sam_io_sam_entry4(char *desc, SAM_ENTRY4 * sam,
+			      prs_struct *ps, int depth)
+{
+	if (sam == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "sam_io_sam_entry4");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("user_idx", ps, depth, &sam->user_idx))
+		return False;
+	if(!smb_io_strhdr("strhdr", &sam->hdr_acct_name, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAM_ENTRY5 structure.
+********************************************************************/
+
+static void init_sam_entry5(SAM_ENTRY5 * sam, uint32 grp_idx,
+			    uint32 len_grp_name)
+{
+	DEBUG(5, ("init_sam_entry5\n"));
+
+	sam->grp_idx = grp_idx;
+	init_str_hdr(&sam->hdr_grp_name, len_grp_name, len_grp_name,
+		     len_grp_name != 0);
+}
+
+/*******************************************************************
+reads or writes a SAM_ENTRY5 structure.
+********************************************************************/
+
+static BOOL sam_io_sam_entry5(char *desc, SAM_ENTRY5 * sam,
+			      prs_struct *ps, int depth)
+{
+	if (sam == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "sam_io_sam_entry5");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("grp_idx", ps, depth, &sam->grp_idx))
+		return False;
+	if(!smb_io_strhdr("strhdr", &sam->hdr_grp_name, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAM_ENTRY structure.
+********************************************************************/
+
+void init_sam_entry(SAM_ENTRY * sam, uint32 len_sam_name, uint32 rid)
+{
+	DEBUG(10, ("init_sam_entry: %d %d\n", len_sam_name, rid));
+
+	sam->rid = rid;
+	init_uni_hdr(&sam->hdr_name, len_sam_name);
+}
+
+/*******************************************************************
+reads or writes a SAM_ENTRY structure.
+********************************************************************/
+
+static BOOL sam_io_sam_entry(char *desc, SAM_ENTRY * sam,
+			     prs_struct *ps, int depth)
+{
+	if (sam == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "sam_io_sam_entry");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	if(!prs_uint32("rid", ps, depth, &sam->rid))
+		return False;
+	if(!smb_io_unihdr("unihdr", &sam->hdr_name, ps, depth))	/* account name unicode string header */
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_Q_ENUM_DOM_USERS structure.
+********************************************************************/
+
+void init_samr_q_enum_dom_users(SAMR_Q_ENUM_DOM_USERS * q_e, POLICY_HND *pol,
+				uint32 start_idx,
+				uint16 acb_mask, uint16 unk_1, uint32 size)
+{
+	DEBUG(5, ("init_samr_q_enum_dom_users\n"));
+
+	q_e->pol = *pol;
+
+	q_e->start_idx = start_idx;	/* zero indicates lots */
+	q_e->acb_mask = acb_mask;
+	q_e->unknown_1 = unk_1;
+	q_e->max_size = size;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_q_enum_dom_users(char *desc, SAMR_Q_ENUM_DOM_USERS * q_e,
+			      prs_struct *ps, int depth)
+{
+	if (q_e == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_enum_dom_users");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("domain_pol", &q_e->pol, ps, depth))
+		return False;
+
+	if(!prs_uint32("start_idx", ps, depth, &q_e->start_idx))
+		return False;
+	if(!prs_uint16("acb_mask ", ps, depth, &q_e->acb_mask))
+		return False;
+	if(!prs_uint16("unknown_1", ps, depth, &q_e->unknown_1))
+		return False;
+
+	if(!prs_uint32("max_size ", ps, depth, &q_e->max_size))
+		return False;
+
+	return True;
+}
+
+
+/*******************************************************************
+inits a SAMR_R_ENUM_DOM_USERS structure.
+********************************************************************/
+
+void init_samr_r_enum_dom_users(SAMR_R_ENUM_DOM_USERS * r_u,
+				uint32 next_idx, uint32 num_sam_entries)
+{
+	DEBUG(5, ("init_samr_r_enum_dom_users\n"));
+
+	r_u->next_idx = next_idx;
+
+	if (num_sam_entries != 0) {
+		r_u->ptr_entries1 = 1;
+		r_u->ptr_entries2 = 1;
+		r_u->num_entries2 = num_sam_entries;
+		r_u->num_entries3 = num_sam_entries;
+
+		r_u->num_entries4 = num_sam_entries;
+	} else {
+		r_u->ptr_entries1 = 0;
+		r_u->num_entries2 = num_sam_entries;
+		r_u->ptr_entries2 = 1;
+	}
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_enum_dom_users(char *desc, SAMR_R_ENUM_DOM_USERS * r_u,
+			      prs_struct *ps, int depth)
+{
+	uint32 i;
+
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_enum_dom_users");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("next_idx    ", ps, depth, &r_u->next_idx))
+		return False;
+	if(!prs_uint32("ptr_entries1", ps, depth, &r_u->ptr_entries1))
+		return False;
+
+	if (r_u->ptr_entries1 != 0) {
+		if(!prs_uint32("num_entries2", ps, depth, &r_u->num_entries2))
+			return False;
+		if(!prs_uint32("ptr_entries2", ps, depth, &r_u->ptr_entries2))
+			return False;
+		if(!prs_uint32("num_entries3", ps, depth, &r_u->num_entries3))
+			return False;
+
+		if (UNMARSHALLING(ps) && (r_u->num_entries2 != 0)) {
+			r_u->sam = (SAM_ENTRY *)prs_alloc_mem(ps,sizeof(SAM_ENTRY)*r_u->num_entries2);
+			r_u->uni_acct_name = (UNISTR2 *)prs_alloc_mem(ps,sizeof(UNISTR2)*r_u->num_entries2);
+		}
+
+		if ((r_u->sam == NULL || r_u->uni_acct_name == NULL) && r_u->num_entries2 != 0) {
+			DEBUG(0,("NULL pointers in SAMR_R_ENUM_DOM_USERS\n"));
+			r_u->num_entries4 = 0;
+			r_u->status = NT_STATUS_MEMORY_NOT_ALLOCATED;
+			return False;
+		}
+
+		for (i = 0; i < r_u->num_entries2; i++) {
+			if(!sam_io_sam_entry("", &r_u->sam[i], ps, depth))
+				return False;
+		}
+
+		for (i = 0; i < r_u->num_entries2; i++) {
+			if(!smb_io_unistr2("", &r_u->uni_acct_name[i],r_u->sam[i].hdr_name.buffer, ps,depth))
+				return False;
+		}
+
+	}
+
+	if(!prs_align(ps))
+		return False;
+		
+	if(!prs_uint32("num_entries4", ps, depth, &r_u->num_entries4))
+		return False;
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_Q_QUERY_DISPINFO structure.
+********************************************************************/
+
+void init_samr_q_query_dispinfo(SAMR_Q_QUERY_DISPINFO * q_e, POLICY_HND *pol,
+				uint16 switch_level, uint32 start_idx,
+				uint32 max_entries)
+{
+	DEBUG(5, ("init_samr_q_query_dispinfo\n"));
+
+	q_e->domain_pol = *pol;
+
+	q_e->switch_level = switch_level;
+
+	q_e->start_idx = start_idx;
+	q_e->max_entries = max_entries;
+	q_e->max_size = 0xffff;	/* Not especially useful */
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_q_query_dispinfo(char *desc, SAMR_Q_QUERY_DISPINFO * q_e,
+			      prs_struct *ps, int depth)
+{
+	if (q_e == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_query_dispinfo");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("domain_pol", &q_e->domain_pol, ps, depth))
+		return False;
+
+	if(!prs_uint16("switch_level", ps, depth, &q_e->switch_level))
+		return False;
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("start_idx   ", ps, depth, &q_e->start_idx))
+		return False;
+	if(!prs_uint32("max_entries ", ps, depth, &q_e->max_entries))
+		return False;
+	if(!prs_uint32("max_size    ", ps, depth, &q_e->max_size))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAM_DISPINFO_1 structure.
+********************************************************************/
+
+NTSTATUS init_sam_dispinfo_1(TALLOC_CTX *ctx, SAM_DISPINFO_1 *sam, uint32 num_entries,
+			 uint32 start_idx, DISP_USER_INFO *disp_user_info)
+{
+	uint32 len_sam_name, len_sam_full, len_sam_desc;
+	uint32 i;
+
+	SAM_ACCOUNT *pwd = NULL;
+	ZERO_STRUCTP(sam);
+
+	DEBUG(10, ("init_sam_dispinfo_1: num_entries: %d\n", num_entries));
+
+	if (num_entries==0)
+		return NT_STATUS_OK;
+
+	sam->sam=(SAM_ENTRY1 *)talloc(ctx, num_entries*sizeof(SAM_ENTRY1));
+	if (!sam->sam)
+		return NT_STATUS_NO_MEMORY;
+
+	sam->str=(SAM_STR1 *)talloc(ctx, num_entries*sizeof(SAM_STR1));
+	if (!sam->str)
+		return NT_STATUS_NO_MEMORY;
+
+	ZERO_STRUCTP(sam->sam);
+	ZERO_STRUCTP(sam->str);
+
+	for (i = 0; i < num_entries ; i++) {
+		DEBUG(11, ("init_sam_dispinfo_1: entry: %d\n",i));
+		
+		pwd=disp_user_info[i+start_idx].sam;
+		
+		len_sam_name = strlen(pdb_get_username(pwd));
+		len_sam_full = strlen(pdb_get_fullname(pwd));
+		len_sam_desc = strlen(pdb_get_acct_desc(pwd));
+
+		init_sam_entry1(&sam->sam[i], start_idx + i + 1,
+				len_sam_name, len_sam_full, len_sam_desc,
+				pdb_get_user_rid(pwd), pdb_get_acct_ctrl(pwd));
+
+		ZERO_STRUCTP(&sam->str[i].uni_acct_name);
+		ZERO_STRUCTP(&sam->str[i].uni_full_name);
+		ZERO_STRUCTP(&sam->str[i].uni_acct_desc);
+
+		init_unistr2(&sam->str[i].uni_acct_name, pdb_get_username(pwd),  len_sam_name);
+		init_unistr2(&sam->str[i].uni_full_name, pdb_get_fullname(pwd),  len_sam_full);
+		init_unistr2(&sam->str[i].uni_acct_desc, pdb_get_acct_desc(pwd), len_sam_desc);
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+static BOOL sam_io_sam_dispinfo_1(char *desc, SAM_DISPINFO_1 * sam,
+				  uint32 num_entries,
+				  prs_struct *ps, int depth)
+{
+	uint32 i;
+
+	prs_debug(ps, depth, desc, "sam_io_sam_dispinfo_1");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if (UNMARSHALLING(ps) && num_entries > 0) {
+
+		if ((sam->sam = (SAM_ENTRY1 *)
+		     prs_alloc_mem(ps, sizeof(SAM_ENTRY1) *
+				   num_entries)) == NULL) {
+			DEBUG(0, ("out of memory allocating SAM_ENTRY1\n"));
+			return False;
+		}
+
+		if ((sam->str = (SAM_STR1 *)
+		     prs_alloc_mem(ps, sizeof(SAM_STR1) * 
+				   num_entries)) == NULL) {
+			DEBUG(0, ("out of memory allocating SAM_STR1\n"));
+			return False;
+		}
+	}
+
+	for (i = 0; i < num_entries; i++) {
+		if(!sam_io_sam_entry1("", &sam->sam[i], ps, depth))
+			return False;
+	}
+
+	for (i = 0; i < num_entries; i++) {
+		if(!sam_io_sam_str1("", &sam->str[i],
+			      sam->sam[i].hdr_acct_name.buffer,
+			      sam->sam[i].hdr_user_name.buffer,
+			      sam->sam[i].hdr_user_desc.buffer, ps, depth))
+			return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAM_DISPINFO_2 structure.
+********************************************************************/
+
+NTSTATUS init_sam_dispinfo_2(TALLOC_CTX *ctx, SAM_DISPINFO_2 *sam, uint32 num_entries,
+			 uint32 start_idx, DISP_USER_INFO *disp_user_info)
+{
+	uint32 len_sam_name, len_sam_desc;
+	uint32 i;
+
+	SAM_ACCOUNT *pwd = NULL;
+	ZERO_STRUCTP(sam);
+
+	DEBUG(10, ("init_sam_dispinfo_2: num_entries: %d\n", num_entries));
+
+	if (num_entries==0)
+		return NT_STATUS_OK;
+
+	if (!(sam->sam=(SAM_ENTRY2 *)talloc(ctx, num_entries*sizeof(SAM_ENTRY2))))
+		return NT_STATUS_NO_MEMORY;
+
+	if (!(sam->str=(SAM_STR2 *)talloc(ctx, num_entries*sizeof(SAM_STR2))))
+		return NT_STATUS_NO_MEMORY;
+
+	ZERO_STRUCTP(sam->sam);
+	ZERO_STRUCTP(sam->str);
+
+	for (i = 0; i < num_entries; i++) {
+		DEBUG(11, ("init_sam_dispinfo_2: entry: %d\n",i));
+		pwd=disp_user_info[i+start_idx].sam;
+
+		len_sam_name = strlen(pdb_get_username(pwd));
+		len_sam_desc = strlen(pdb_get_acct_desc(pwd));
+	  
+		init_sam_entry2(&sam->sam[i], start_idx + i + 1,
+			  len_sam_name, len_sam_desc,
+			  pdb_get_user_rid(pwd), pdb_get_acct_ctrl(pwd));
+	  
+		ZERO_STRUCTP(&sam->str[i].uni_srv_name);
+		ZERO_STRUCTP(&sam->str[i].uni_srv_desc);
+
+		init_unistr2(&sam->str[i].uni_srv_name, pdb_get_username(pwd),  len_sam_name);
+		init_unistr2(&sam->str[i].uni_srv_desc, pdb_get_acct_desc(pwd), len_sam_desc);
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+static BOOL sam_io_sam_dispinfo_2(char *desc, SAM_DISPINFO_2 * sam,
+				  uint32 num_entries,
+				  prs_struct *ps, int depth)
+{
+	uint32 i;
+
+	if (sam == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "sam_io_sam_dispinfo_2");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if (UNMARSHALLING(ps) && num_entries > 0) {
+
+		if ((sam->sam = (SAM_ENTRY2 *)
+		     prs_alloc_mem(ps, sizeof(SAM_ENTRY2) *
+				   num_entries)) == NULL) {
+			DEBUG(0, ("out of memory allocating SAM_ENTRY2\n"));
+			return False;
+		}
+
+		if ((sam->str = (SAM_STR2 *)
+		     prs_alloc_mem(ps, sizeof(SAM_STR2) * 
+				   num_entries)) == NULL) {
+			DEBUG(0, ("out of memory allocating SAM_STR2\n"));
+			return False;
+		}
+	}
+
+	for (i = 0; i < num_entries; i++) {
+		if(!sam_io_sam_entry2("", &sam->sam[i], ps, depth))
+			return False;
+	}
+
+	for (i = 0; i < num_entries; i++) {
+		if(!sam_io_sam_str2("", &sam->str[i],
+			      sam->sam[i].hdr_srv_name.buffer,
+			      sam->sam[i].hdr_srv_desc.buffer, ps, depth))
+			return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAM_DISPINFO_3 structure.
+********************************************************************/
+
+NTSTATUS init_sam_dispinfo_3(TALLOC_CTX *ctx, SAM_DISPINFO_3 *sam, uint32 num_entries,
+			 uint32 start_idx, DISP_GROUP_INFO *disp_group_info)
+{
+	uint32 len_sam_name, len_sam_desc;
+	uint32 i;
+
+	ZERO_STRUCTP(sam);
+
+	DEBUG(5, ("init_sam_dispinfo_3: num_entries: %d\n", num_entries));
+
+	if (num_entries==0)
+		return NT_STATUS_OK;
+
+	if (!(sam->sam=(SAM_ENTRY3 *)talloc(ctx, num_entries*sizeof(SAM_ENTRY3))))
+		return NT_STATUS_NO_MEMORY;
+
+	if (!(sam->str=(SAM_STR3 *)talloc(ctx, num_entries*sizeof(SAM_STR3))))
+		return NT_STATUS_NO_MEMORY;
+
+	ZERO_STRUCTP(sam->sam);
+	ZERO_STRUCTP(sam->str);
+
+	for (i = 0; i < num_entries; i++) {
+		DOMAIN_GRP *grp = disp_group_info[i+start_idx].grp;
+
+		DEBUG(11, ("init_sam_dispinfo_3: entry: %d\n",i));
+
+		len_sam_name = strlen(grp->name);
+		len_sam_desc = strlen(grp->comment);
+
+		init_sam_entry3(&sam->sam[i], start_idx + i + 1, len_sam_name, len_sam_desc, grp->rid);
+	  
+		init_unistr2(&sam->str[i].uni_grp_name, grp->name, len_sam_name);
+		init_unistr2(&sam->str[i].uni_grp_desc, grp->comment, len_sam_desc);
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+static BOOL sam_io_sam_dispinfo_3(char *desc, SAM_DISPINFO_3 * sam,
+				  uint32 num_entries,
+				  prs_struct *ps, int depth)
+{
+	uint32 i;
+
+	if (sam == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "sam_io_sam_dispinfo_3");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if (UNMARSHALLING(ps) && num_entries > 0) {
+
+		if ((sam->sam = (SAM_ENTRY3 *)
+		     prs_alloc_mem(ps, sizeof(SAM_ENTRY3) *
+				   num_entries)) == NULL) {
+			DEBUG(0, ("out of memory allocating SAM_ENTRY3\n"));
+			return False;
+		}
+
+		if ((sam->str = (SAM_STR3 *)
+		     prs_alloc_mem(ps, sizeof(SAM_STR3) * 
+				   num_entries)) == NULL) {
+			DEBUG(0, ("out of memory allocating SAM_STR3\n"));
+			return False;
+		}
+	}
+
+	for (i = 0; i < num_entries; i++) {
+		if(!sam_io_sam_entry3("", &sam->sam[i], ps, depth))
+			return False;
+	}
+
+	for (i = 0; i < num_entries; i++) {
+		if(!sam_io_sam_str3("", &sam->str[i],
+			      sam->sam[i].hdr_grp_name.buffer,
+			      sam->sam[i].hdr_grp_desc.buffer, ps, depth))
+			return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAM_DISPINFO_4 structure.
+********************************************************************/
+
+NTSTATUS init_sam_dispinfo_4(TALLOC_CTX *ctx, SAM_DISPINFO_4 *sam, uint32 num_entries,
+			 uint32 start_idx, DISP_USER_INFO *disp_user_info)
+{
+	uint32 len_sam_name;
+	uint32 i;
+
+	SAM_ACCOUNT *pwd = NULL;
+	ZERO_STRUCTP(sam);
+
+	DEBUG(5, ("init_sam_dispinfo_4: num_entries: %d\n", num_entries));
+
+	if (num_entries==0)
+		return NT_STATUS_OK;
+
+	if (!(sam->sam=(SAM_ENTRY4 *)talloc(ctx, num_entries*sizeof(SAM_ENTRY4))))
+		return NT_STATUS_NO_MEMORY;
+
+	if (!(sam->str=(SAM_STR4 *)talloc(ctx, num_entries*sizeof(SAM_STR4))))
+		return NT_STATUS_NO_MEMORY;
+
+	ZERO_STRUCTP(sam->sam);
+	ZERO_STRUCTP(sam->str);
+
+	for (i = 0; i < num_entries; i++) {
+		DEBUG(11, ("init_sam_dispinfo_2: entry: %d\n",i));
+		pwd=disp_user_info[i+start_idx].sam;
+
+		len_sam_name = strlen(pdb_get_username(pwd));
+	  
+		init_sam_entry4(&sam->sam[i], start_idx + i + 1, len_sam_name);
+
+		init_string2(&sam->str[i].acct_name, pdb_get_username(pwd), len_sam_name+1, len_sam_name);
+	}
+	
+	return NT_STATUS_OK;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+static BOOL sam_io_sam_dispinfo_4(char *desc, SAM_DISPINFO_4 * sam,
+				  uint32 num_entries,
+				  prs_struct *ps, int depth)
+{
+	uint32 i;
+
+	if (sam == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "sam_io_sam_dispinfo_4");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if (UNMARSHALLING(ps) && num_entries > 0) {
+
+		if ((sam->sam = (SAM_ENTRY4 *)
+		     prs_alloc_mem(ps, sizeof(SAM_ENTRY4) *
+				   num_entries)) == NULL) {
+			DEBUG(0, ("out of memory allocating SAM_ENTRY4\n"));
+			return False;
+		}
+
+		if ((sam->str = (SAM_STR4 *)
+		     prs_alloc_mem(ps, sizeof(SAM_STR4) * 
+				   num_entries)) == NULL) {
+			DEBUG(0, ("out of memory allocating SAM_STR4\n"));
+			return False;
+		}
+	}
+
+	for (i = 0; i < num_entries; i++) {
+		if(!sam_io_sam_entry4("", &sam->sam[i], ps, depth))
+			return False;
+	}
+
+	for (i = 0; i < num_entries; i++) {
+		if(!smb_io_string2("acct_name", &sam->str[i].acct_name,
+			     sam->sam[i].hdr_acct_name.buffer, ps, depth))
+			return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAM_DISPINFO_5 structure.
+********************************************************************/
+
+NTSTATUS init_sam_dispinfo_5(TALLOC_CTX *ctx, SAM_DISPINFO_5 *sam, uint32 num_entries,
+			 uint32 start_idx, DISP_GROUP_INFO *disp_group_info)
+{
+	uint32 len_sam_name;
+	uint32 i;
+
+	ZERO_STRUCTP(sam);
+
+	DEBUG(5, ("init_sam_dispinfo_5: num_entries: %d\n", num_entries));
+
+	if (num_entries==0)
+		return NT_STATUS_OK;
+
+	if (!(sam->sam=(SAM_ENTRY5 *)talloc(ctx, num_entries*sizeof(SAM_ENTRY5))))
+		return NT_STATUS_NO_MEMORY;
+
+	if (!(sam->str=(SAM_STR5 *)talloc(ctx, num_entries*sizeof(SAM_STR5))))
+		return NT_STATUS_NO_MEMORY;
+
+	ZERO_STRUCTP(sam->sam);
+	ZERO_STRUCTP(sam->str);
+
+	for (i = 0; i < num_entries; i++) {
+		DOMAIN_GRP *grp = disp_group_info[i+start_idx].grp;
+
+		DEBUG(11, ("init_sam_dispinfo_5: entry: %d\n",i));
+
+		len_sam_name = strlen(grp->name);
+	  
+		init_sam_entry5(&sam->sam[i], start_idx + i + 1, len_sam_name);
+		init_string2(&sam->str[i].grp_name, grp->name, len_sam_name+1, len_sam_name);
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+static BOOL sam_io_sam_dispinfo_5(char *desc, SAM_DISPINFO_5 * sam,
+				  uint32 num_entries,
+				  prs_struct *ps, int depth)
+{
+	uint32 i;
+
+	if (sam == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "sam_io_sam_dispinfo_5");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if (UNMARSHALLING(ps) && num_entries > 0) {
+
+		if ((sam->sam = (SAM_ENTRY5 *)
+		     prs_alloc_mem(ps, sizeof(SAM_ENTRY5) *
+				   num_entries)) == NULL) {
+			DEBUG(0, ("out of memory allocating SAM_ENTRY5\n"));
+			return False;
+		}
+
+		if ((sam->str = (SAM_STR5 *)
+		     prs_alloc_mem(ps, sizeof(SAM_STR5) * 
+				   num_entries)) == NULL) {
+			DEBUG(0, ("out of memory allocating SAM_STR5\n"));
+			return False;
+		}
+	}
+
+	for (i = 0; i < num_entries; i++) {
+		if(!sam_io_sam_entry5("", &sam->sam[i], ps, depth))
+			return False;
+	}
+
+	for (i = 0; i < num_entries; i++) {
+		if(!smb_io_string2("grp_name", &sam->str[i].grp_name,
+			     sam->sam[i].hdr_grp_name.buffer, ps, depth))
+			return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_R_QUERY_DISPINFO structure.
+********************************************************************/
+
+void init_samr_r_query_dispinfo(SAMR_R_QUERY_DISPINFO * r_u,
+				uint32 num_entries, uint32 total_size, uint32 data_size,
+				uint16 switch_level, SAM_DISPINFO_CTR * ctr,
+				NTSTATUS status)
+{
+	DEBUG(5, ("init_samr_r_query_dispinfo: level %d\n", switch_level));
+
+	r_u->total_size = total_size;
+
+	r_u->data_size = data_size;
+
+	r_u->switch_level = switch_level;
+	r_u->num_entries = num_entries;
+
+	if (num_entries==0)
+		r_u->ptr_entries = 0;
+	else
+		r_u->ptr_entries = 1;
+
+	r_u->num_entries2 = num_entries;
+	r_u->ctr = ctr;
+
+	r_u->status = status;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_query_dispinfo(char *desc, SAMR_R_QUERY_DISPINFO * r_u,
+			      prs_struct *ps, int depth)
+{
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_query_dispinfo");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("total_size  ", ps, depth, &r_u->total_size))
+		return False;
+	if(!prs_uint32("data_size   ", ps, depth, &r_u->data_size))
+		return False;
+	if(!prs_uint16("switch_level", ps, depth, &r_u->switch_level))
+		return False;
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("num_entries ", ps, depth, &r_u->num_entries))
+		return False;
+	if(!prs_uint32("ptr_entries ", ps, depth, &r_u->ptr_entries))
+		return False;
+
+	if (r_u->ptr_entries==0) {
+		if(!prs_align(ps))
+			return False;
+		if(!prs_ntstatus("status", ps, depth, &r_u->status))
+			return False;
+
+		return True;
+	}
+
+	if(!prs_uint32("num_entries2", ps, depth, &r_u->num_entries2))
+		return False;
+
+	switch (r_u->switch_level) {
+	case 0x1:
+		if(!sam_io_sam_dispinfo_1("users", r_u->ctr->sam.info1,
+				r_u->num_entries, ps, depth))
+			return False;
+		break;
+	case 0x2:
+		if(!sam_io_sam_dispinfo_2("servers", r_u->ctr->sam.info2,
+				r_u->num_entries, ps, depth))
+			return False;
+		break;
+	case 0x3:
+		if(!sam_io_sam_dispinfo_3("groups", r_u->ctr->sam.info3,
+				    r_u->num_entries, ps, depth))
+			return False;
+		break;
+	case 0x4:
+		if(!sam_io_sam_dispinfo_4("user list",
+				    r_u->ctr->sam.info4,
+				    r_u->num_entries, ps, depth))
+			return False;
+		break;
+	case 0x5:
+		if(!sam_io_sam_dispinfo_5("group list",
+				    r_u->ctr->sam.info5,
+				    r_u->num_entries, ps, depth))
+			return False;
+		break;
+	default:
+		DEBUG(0,("samr_io_r_query_dispinfo: unknown switch value\n"));
+		break;
+	}
+	
+	if(!prs_align(ps))
+		return False;
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_Q_OPEN_GROUP structure.
+********************************************************************/
+
+void init_samr_q_open_group(SAMR_Q_OPEN_GROUP * q_c,
+			    POLICY_HND *hnd,
+			    uint32 access_mask, uint32 rid)
+{
+	DEBUG(5, ("init_samr_q_open_group\n"));
+
+	q_c->domain_pol = *hnd;
+	q_c->access_mask = access_mask;
+	q_c->rid_group = rid;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_q_open_group(char *desc, SAMR_Q_OPEN_GROUP * q_u,
+			  prs_struct *ps, int depth)
+{
+	if (q_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_open_group");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("domain_pol", &q_u->domain_pol, ps, depth))
+		return False;
+
+	if(!prs_uint32("access_mask", ps, depth, &q_u->access_mask))
+		return False;
+	if(!prs_uint32("rid_group", ps, depth, &q_u->rid_group))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_open_group(char *desc, SAMR_R_OPEN_GROUP * r_u,
+			  prs_struct *ps, int depth)
+{
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_open_group");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("pol", &r_u->pol, ps, depth))
+		return False;
+
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a GROUP_INFO1 structure.
+********************************************************************/
+
+void init_samr_group_info1(GROUP_INFO1 * gr1,
+			   char *acct_name, char *acct_desc,
+			   uint32 num_members)
+{
+	int desc_len = acct_desc != NULL ? strlen(acct_desc) : 0;
+	int acct_len = acct_name != NULL ? strlen(acct_name) : 0;
+
+	DEBUG(5, ("init_samr_group_info1\n"));
+
+	init_uni_hdr(&gr1->hdr_acct_name, acct_len);
+
+	gr1->unknown_1 = 0x3;
+	gr1->num_members = num_members;
+
+	init_uni_hdr(&gr1->hdr_acct_desc, desc_len);
+
+	init_unistr2(&gr1->uni_acct_name, acct_name, acct_len);
+	init_unistr2(&gr1->uni_acct_desc, acct_desc, desc_len);
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_group_info1(char *desc, GROUP_INFO1 * gr1,
+			 prs_struct *ps, int depth)
+{
+	if (gr1 == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_group_info1");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_unihdr("hdr_acct_name", &gr1->hdr_acct_name, ps, depth))
+		return False;
+
+	if(!prs_uint32("unknown_1", ps, depth, &gr1->unknown_1))
+		return False;
+	if(!prs_uint32("num_members", ps, depth, &gr1->num_members))
+		return False;
+
+	if(!smb_io_unihdr("hdr_acct_desc", &gr1->hdr_acct_desc, ps, depth))
+		return False;
+
+	if(!smb_io_unistr2("uni_acct_name", &gr1->uni_acct_name,
+			   gr1->hdr_acct_name.buffer, ps, depth))
+		return False;
+
+	if(!smb_io_unistr2("uni_acct_desc", &gr1->uni_acct_desc,
+			   gr1->hdr_acct_desc.buffer, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a GROUP_INFO3 structure.
+********************************************************************/
+
+void init_samr_group_info3(GROUP_INFO3 *gr3)
+{
+	DEBUG(5, ("init_samr_group_info3\n"));
+
+	gr3->unknown_1 = 0x3;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_group_info3(char *desc, GROUP_INFO3 *gr3, prs_struct *ps, int depth)
+{
+	if (gr3 == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_group_info3");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("unknown_1", ps, depth, &gr3->unknown_1))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a GROUP_INFO4 structure.
+********************************************************************/
+
+void init_samr_group_info4(GROUP_INFO4 * gr4, char *acct_desc)
+{
+	int acct_len = acct_desc != NULL ? strlen(acct_desc) : 0;
+
+	DEBUG(5, ("init_samr_group_info4\n"));
+
+	init_uni_hdr(&gr4->hdr_acct_desc, acct_len);
+	init_unistr2(&gr4->uni_acct_desc, acct_desc, acct_len);
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_group_info4(char *desc, GROUP_INFO4 * gr4,
+			 prs_struct *ps, int depth)
+{
+	if (gr4 == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_group_info4");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_unihdr("hdr_acct_desc", &gr4->hdr_acct_desc, ps, depth))
+		return False;
+	if(!smb_io_unistr2("uni_acct_desc", &gr4->uni_acct_desc,
+			   gr4->hdr_acct_desc.buffer, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+static BOOL samr_group_info_ctr(char *desc, GROUP_INFO_CTR **ctr,
+				prs_struct *ps, int depth)
+{
+	if (UNMARSHALLING(ps))
+		*ctr = (GROUP_INFO_CTR *)prs_alloc_mem(ps,sizeof(GROUP_INFO_CTR));
+
+	if (*ctr == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_group_info_ctr");
+	depth++;
+
+	if(!prs_uint16("switch_value1", ps, depth, &(*ctr)->switch_value1))
+		return False;
+
+	switch ((*ctr)->switch_value1) {
+	case 1:
+		if(!samr_io_group_info1("group_info1", &(*ctr)->group.info1, ps, depth))
+			return False;
+		break;
+	case 3:
+		if(!samr_io_group_info3("group_info3", &(*ctr)->group.info3, ps, depth))
+			return False;
+		break;
+	case 4:
+		if(!samr_io_group_info4("group_info4", &(*ctr)->group.info4, ps, depth))
+			return False;
+		break;
+	default:
+		DEBUG(0,("samr_group_info_ctr: unsupported switch level\n"));
+		break;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_Q_CREATE_DOM_GROUP structure.
+********************************************************************/
+
+void init_samr_q_create_dom_group(SAMR_Q_CREATE_DOM_GROUP * q_e,
+				  POLICY_HND *pol, char *acct_desc,
+				  uint32 access_mask)
+{
+	int acct_len = acct_desc != NULL ? strlen(acct_desc) : 0;
+
+	DEBUG(5, ("init_samr_q_create_dom_group\n"));
+
+	q_e->pol = *pol;
+
+	init_uni_hdr(&q_e->hdr_acct_desc, acct_len);
+	init_unistr2(&q_e->uni_acct_desc, acct_desc, acct_len);
+
+	q_e->access_mask = access_mask;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_q_create_dom_group(char *desc, SAMR_Q_CREATE_DOM_GROUP * q_e,
+				prs_struct *ps, int depth)
+{
+	if (q_e == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_create_dom_group");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("pol", &q_e->pol, ps, depth))
+		return False;
+
+	if(!smb_io_unihdr("hdr_acct_desc", &q_e->hdr_acct_desc, ps, depth))
+		return False;
+	if(!smb_io_unistr2("uni_acct_desc", &q_e->uni_acct_desc,
+		       q_e->hdr_acct_desc.buffer, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+	if(!prs_uint32("access", ps, depth, &q_e->access_mask))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_create_dom_group(char *desc, SAMR_R_CREATE_DOM_GROUP * r_u,
+				prs_struct *ps, int depth)
+{
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_create_dom_group");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("pol", &r_u->pol, ps, depth))
+		return False;
+
+	if(!prs_uint32("rid   ", ps, depth, &r_u->rid))
+		return False;
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_Q_DELETE_DOM_GROUP structure.
+********************************************************************/
+
+void init_samr_q_delete_dom_group(SAMR_Q_DELETE_DOM_GROUP * q_c,
+				  POLICY_HND *hnd)
+{
+	DEBUG(5, ("init_samr_q_delete_dom_group\n"));
+
+	q_c->group_pol = *hnd;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_q_delete_dom_group(char *desc, SAMR_Q_DELETE_DOM_GROUP * q_u,
+				prs_struct *ps, int depth)
+{
+	if (q_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_delete_dom_group");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("group_pol", &q_u->group_pol, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_delete_dom_group(char *desc, SAMR_R_DELETE_DOM_GROUP * r_u,
+				prs_struct *ps, int depth)
+{
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_delete_dom_group");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("pol", &r_u->pol, ps, depth))
+		return False;
+
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_Q_DEL_GROUPMEM structure.
+********************************************************************/
+
+void init_samr_q_del_groupmem(SAMR_Q_DEL_GROUPMEM * q_e,
+			      POLICY_HND *pol, uint32 rid)
+{
+	DEBUG(5, ("init_samr_q_del_groupmem\n"));
+
+	q_e->pol = *pol;
+	q_e->rid = rid;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_q_del_groupmem(char *desc, SAMR_Q_DEL_GROUPMEM * q_e,
+			    prs_struct *ps, int depth)
+{
+	if (q_e == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_del_groupmem");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("pol", &q_e->pol, ps, depth))
+		return False;
+
+	if(!prs_uint32("rid", ps, depth, &q_e->rid))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_R_DEL_GROUPMEM structure.
+********************************************************************/
+
+void init_samr_r_del_groupmem(SAMR_R_DEL_GROUPMEM * r_u, POLICY_HND *pol,
+			      NTSTATUS status)
+{
+	DEBUG(5, ("init_samr_r_del_groupmem\n"));
+
+	r_u->status = status;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_del_groupmem(char *desc, SAMR_R_DEL_GROUPMEM * r_u,
+			    prs_struct *ps, int depth)
+{
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_del_groupmem");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_Q_ADD_GROUPMEM structure.
+********************************************************************/
+
+void init_samr_q_add_groupmem(SAMR_Q_ADD_GROUPMEM * q_e,
+			      POLICY_HND *pol, uint32 rid)
+{
+	DEBUG(5, ("init_samr_q_add_groupmem\n"));
+
+	q_e->pol = *pol;
+	q_e->rid = rid;
+	q_e->unknown = 0x0005;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_q_add_groupmem(char *desc, SAMR_Q_ADD_GROUPMEM * q_e,
+			    prs_struct *ps, int depth)
+{
+	if (q_e == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_add_groupmem");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("pol", &q_e->pol, ps, depth))
+		return False;
+
+	if(!prs_uint32("rid    ", ps, depth, &q_e->rid))
+		return False;
+	if(!prs_uint32("unknown", ps, depth, &q_e->unknown))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_R_ADD_GROUPMEM structure.
+********************************************************************/
+
+void init_samr_r_add_groupmem(SAMR_R_ADD_GROUPMEM * r_u, POLICY_HND *pol,
+			      NTSTATUS status)
+{
+	DEBUG(5, ("init_samr_r_add_groupmem\n"));
+
+	r_u->status = status;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_add_groupmem(char *desc, SAMR_R_ADD_GROUPMEM * r_u,
+			    prs_struct *ps, int depth)
+{
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_add_groupmem");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_Q_SET_GROUPINFO structure.
+********************************************************************/
+
+void init_samr_q_set_groupinfo(SAMR_Q_SET_GROUPINFO * q_e,
+			       POLICY_HND *pol, GROUP_INFO_CTR * ctr)
+{
+	DEBUG(5, ("init_samr_q_set_groupinfo\n"));
+
+	q_e->pol = *pol;
+	q_e->ctr = ctr;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_q_set_groupinfo(char *desc, SAMR_Q_SET_GROUPINFO * q_e,
+			     prs_struct *ps, int depth)
+{
+	if (q_e == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_set_groupinfo");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("pol", &q_e->pol, ps, depth))
+		return False;
+	
+	if(!samr_group_info_ctr("ctr", &q_e->ctr, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_R_SET_GROUPINFO structure.
+********************************************************************/
+
+void init_samr_r_set_groupinfo(SAMR_R_SET_GROUPINFO * r_u, NTSTATUS status)
+{
+	DEBUG(5, ("init_samr_r_set_groupinfo\n"));
+
+	r_u->status = status;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_set_groupinfo(char *desc, SAMR_R_SET_GROUPINFO * r_u,
+			     prs_struct *ps, int depth)
+{
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_set_groupinfo");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_Q_QUERY_GROUPINFO structure.
+********************************************************************/
+
+void init_samr_q_query_groupinfo(SAMR_Q_QUERY_GROUPINFO * q_e,
+				 POLICY_HND *pol, uint16 switch_level)
+{
+	DEBUG(5, ("init_samr_q_query_groupinfo\n"));
+
+	q_e->pol = *pol;
+
+	q_e->switch_level = switch_level;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_q_query_groupinfo(char *desc, SAMR_Q_QUERY_GROUPINFO * q_e,
+			       prs_struct *ps, int depth)
+{
+	if (q_e == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_query_groupinfo");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("pol", &q_e->pol, ps, depth))
+		return False;
+
+	if(!prs_uint16("switch_level", ps, depth, &q_e->switch_level))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_R_QUERY_GROUPINFO structure.
+********************************************************************/
+
+void init_samr_r_query_groupinfo(SAMR_R_QUERY_GROUPINFO * r_u,
+				 GROUP_INFO_CTR * ctr, NTSTATUS status)
+{
+	DEBUG(5, ("init_samr_r_query_groupinfo\n"));
+
+	r_u->ptr = (NT_STATUS_IS_OK(status) && ctr != NULL) ? 1 : 0;
+	r_u->ctr = ctr;
+	r_u->status = status;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_query_groupinfo(char *desc, SAMR_R_QUERY_GROUPINFO * r_u,
+			       prs_struct *ps, int depth)
+{
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_query_groupinfo");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr", ps, depth, &r_u->ptr))
+		return False;
+
+	if (r_u->ptr != 0) {
+		if(!samr_group_info_ctr("ctr", &r_u->ctr, ps, depth))
+			return False;
+	}
+
+	if(!prs_align(ps))
+		return False;
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_Q_QUERY_GROUPMEM structure.
+********************************************************************/
+
+void init_samr_q_query_groupmem(SAMR_Q_QUERY_GROUPMEM * q_c, POLICY_HND *hnd)
+{
+	DEBUG(5, ("init_samr_q_query_groupmem\n"));
+
+	q_c->group_pol = *hnd;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_q_query_groupmem(char *desc, SAMR_Q_QUERY_GROUPMEM * q_u,
+			      prs_struct *ps, int depth)
+{
+	if (q_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_query_groupmem");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("group_pol", &q_u->group_pol, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_R_QUERY_GROUPMEM structure.
+********************************************************************/
+
+void init_samr_r_query_groupmem(SAMR_R_QUERY_GROUPMEM * r_u,
+				uint32 num_entries, uint32 *rid,
+				uint32 *attr, NTSTATUS status)
+{
+	DEBUG(5, ("init_samr_r_query_groupmem\n"));
+
+	if (NT_STATUS_IS_OK(status)) {
+		r_u->ptr = 1;
+		r_u->num_entries = num_entries;
+
+		r_u->ptr_attrs = attr != NULL ? 1 : 0;
+		r_u->ptr_rids = rid != NULL ? 1 : 0;
+
+		r_u->num_rids = num_entries;
+		r_u->rid = rid;
+
+		r_u->num_attrs = num_entries;
+		r_u->attr = attr;
+	} else {
+		r_u->ptr = 0;
+		r_u->num_entries = 0;
+	}
+
+	r_u->status = status;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_query_groupmem(char *desc, SAMR_R_QUERY_GROUPMEM * r_u,
+			      prs_struct *ps, int depth)
+{
+	uint32 i;
+
+	if (r_u == NULL)
+		return False;
+
+	if (UNMARSHALLING(ps))
+		ZERO_STRUCTP(r_u);
+
+	prs_debug(ps, depth, desc, "samr_io_r_query_groupmem");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr", ps, depth, &r_u->ptr))
+		return False;
+	if(!prs_uint32("num_entries ", ps, depth, &r_u->num_entries))
+		return False;
+
+	if (r_u->ptr != 0) {
+		if(!prs_uint32("ptr_rids ", ps, depth, &r_u->ptr_rids))
+			return False;
+		if(!prs_uint32("ptr_attrs", ps, depth, &r_u->ptr_attrs))
+			return False;
+
+		if (r_u->ptr_rids != 0)	{
+			if(!prs_uint32("num_rids", ps, depth, &r_u->num_rids))
+				return False;
+			if (UNMARSHALLING(ps) && r_u->num_rids != 0) {
+				r_u->rid = (uint32 *)prs_alloc_mem(ps,sizeof(r_u->rid[0])*r_u->num_rids);
+				if (r_u->rid == NULL)
+					return False;
+			}
+
+			for (i = 0; i < r_u->num_rids; i++) {
+				if(!prs_uint32("", ps, depth, &r_u->rid[i]))
+					return False;
+			}
+		}
+
+		if (r_u->ptr_attrs != 0) {
+			if(!prs_uint32("num_attrs", ps, depth, &r_u->num_attrs))
+				return False;
+
+			if (UNMARSHALLING(ps) && r_u->num_attrs != 0) {
+				r_u->attr = (uint32 *)prs_alloc_mem(ps,sizeof(r_u->attr[0])*r_u->num_attrs);
+				if (r_u->attr == NULL)
+					return False;
+			}
+
+			for (i = 0; i < r_u->num_attrs; i++) {
+				if(!prs_uint32("", ps, depth, &r_u->attr[i]))
+					return False;
+			}
+		}
+	}
+
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_Q_QUERY_USERGROUPS structure.
+********************************************************************/
+
+void init_samr_q_query_usergroups(SAMR_Q_QUERY_USERGROUPS * q_u,
+				  POLICY_HND *hnd)
+{
+	DEBUG(5, ("init_samr_q_query_usergroups\n"));
+
+	q_u->pol = *hnd;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_q_query_usergroups(char *desc, SAMR_Q_QUERY_USERGROUPS * q_u,
+				prs_struct *ps, int depth)
+{
+	if (q_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_query_usergroups");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("pol", &q_u->pol, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_R_QUERY_USERGROUPS structure.
+********************************************************************/
+
+void init_samr_r_query_usergroups(SAMR_R_QUERY_USERGROUPS * r_u,
+				  uint32 num_gids, DOM_GID * gid,
+				  NTSTATUS status)
+{
+	DEBUG(5, ("init_samr_r_query_usergroups\n"));
+
+	if (NT_STATUS_IS_OK(status)) {
+		r_u->ptr_0 = 1;
+		r_u->num_entries = num_gids;
+		r_u->ptr_1 = (num_gids != 0) ? 1 : 0;
+		r_u->num_entries2 = num_gids;
+
+		r_u->gid = gid;
+	} else {
+		r_u->ptr_0 = 0;
+		r_u->num_entries = 0;
+		r_u->ptr_1 = 0;
+		r_u->gid = NULL;
+	}
+
+	r_u->status = status;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_gids(char *desc, uint32 *num_gids, DOM_GID ** gid,
+		  prs_struct *ps, int depth)
+{
+	uint32 i;
+	if (gid == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_gids");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("num_gids", ps, depth, num_gids))
+		return False;
+
+	if ((*num_gids) != 0) {
+		if (UNMARSHALLING(ps)) {
+			(*gid) = (DOM_GID *)prs_alloc_mem(ps,sizeof(DOM_GID)*(*num_gids));
+		}
+
+		if ((*gid) == NULL) {
+			return False;
+		}
+
+		for (i = 0; i < (*num_gids); i++) {
+			if(!smb_io_gid("gids", &(*gid)[i], ps, depth))
+				return False;
+		}
+	}
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_query_usergroups(char *desc, SAMR_R_QUERY_USERGROUPS * r_u,
+				prs_struct *ps, int depth)
+{
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_query_usergroups");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_0       ", ps, depth, &r_u->ptr_0))
+		return False;
+
+	if (r_u->ptr_0 != 0) {
+		if(!prs_uint32("num_entries ", ps, depth, &r_u->num_entries))
+			return False;
+		if(!prs_uint32("ptr_1       ", ps, depth, &r_u->ptr_1))
+			return False;
+
+		if (r_u->num_entries != 0 && r_u->ptr_1 != 0) {
+			if(!samr_io_gids("gids", &r_u->num_entries2, &r_u->gid, ps, depth))
+				return False;
+		}
+	}
+
+	if(!prs_align(ps))
+		return False;
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+	  return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_Q_ENUM_DOMAINS structure.
+********************************************************************/
+
+void init_samr_q_enum_domains(SAMR_Q_ENUM_DOMAINS * q_e,
+			      POLICY_HND *pol,
+			      uint32 start_idx, uint32 size)
+{
+	DEBUG(5, ("init_samr_q_enum_domains\n"));
+
+	q_e->pol = *pol;
+
+	q_e->start_idx = start_idx;
+	q_e->max_size = size;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_q_enum_domains(char *desc, SAMR_Q_ENUM_DOMAINS * q_e,
+			    prs_struct *ps, int depth)
+{
+	if (q_e == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_enum_domains");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("pol", &q_e->pol, ps, depth))
+		return False;
+
+	if(!prs_uint32("start_idx", ps, depth, &q_e->start_idx))
+		return False;
+	if(!prs_uint32("max_size ", ps, depth, &q_e->max_size))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_R_ENUM_DOMAINS structure.
+********************************************************************/
+
+void init_samr_r_enum_domains(SAMR_R_ENUM_DOMAINS * r_u,
+			      uint32 next_idx, uint32 num_sam_entries)
+{
+	DEBUG(5, ("init_samr_r_enum_domains\n"));
+
+	r_u->next_idx = next_idx;
+
+	if (num_sam_entries != 0) {
+		r_u->ptr_entries1 = 1;
+		r_u->ptr_entries2 = 1;
+		r_u->num_entries2 = num_sam_entries;
+		r_u->num_entries3 = num_sam_entries;
+
+		r_u->num_entries4 = num_sam_entries;
+	} else {
+		r_u->ptr_entries1 = 0;
+		r_u->num_entries2 = num_sam_entries;
+		r_u->ptr_entries2 = 1;
+	}
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_enum_domains(char *desc, SAMR_R_ENUM_DOMAINS * r_u,
+			    prs_struct *ps, int depth)
+{
+	uint32 i;
+
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_enum_domains");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("next_idx    ", ps, depth, &r_u->next_idx))
+		return False;
+	if(!prs_uint32("ptr_entries1", ps, depth, &r_u->ptr_entries1))
+		return False;
+
+	if (r_u->ptr_entries1 != 0) {
+		if(!prs_uint32("num_entries2", ps, depth, &r_u->num_entries2))
+			return False;
+		if(!prs_uint32("ptr_entries2", ps, depth, &r_u->ptr_entries2))
+			return False;
+		if(!prs_uint32("num_entries3", ps, depth, &r_u->num_entries3))
+			return False;
+
+		if (UNMARSHALLING(ps)) {
+			r_u->sam = (SAM_ENTRY *)prs_alloc_mem(ps,sizeof(SAM_ENTRY)*r_u->num_entries2);
+			r_u->uni_dom_name = (UNISTR2 *)prs_alloc_mem(ps,sizeof(UNISTR2)*r_u->num_entries2);
+		}
+
+		if ((r_u->sam == NULL || r_u->uni_dom_name == NULL) && r_u->num_entries2 != 0) {
+			DEBUG(0, ("NULL pointers in SAMR_R_ENUM_DOMAINS\n"));
+			r_u->num_entries4 = 0;
+			r_u->status = NT_STATUS_MEMORY_NOT_ALLOCATED;
+			return False;
+		}
+
+		for (i = 0; i < r_u->num_entries2; i++)	{
+			fstring tmp;
+			slprintf(tmp, sizeof(tmp) - 1, "dom[%d]", i);
+			if(!sam_io_sam_entry(tmp, &r_u->sam[i], ps, depth))
+				return False;
+		}
+
+		for (i = 0; i < r_u->num_entries2; i++)	{
+			fstring tmp;
+			slprintf(tmp, sizeof(tmp) - 1, "dom[%d]", i);
+			if(!smb_io_unistr2(tmp, &r_u->uni_dom_name[i],
+				       r_u->sam[i].hdr_name.buffer, ps,
+				       depth))
+				return False;
+		}
+
+	}
+
+	if(!prs_align(ps))
+		return False;
+	if(!prs_uint32("num_entries4", ps, depth, &r_u->num_entries4))
+		return False;
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_Q_ENUM_DOM_GROUPS structure.
+********************************************************************/
+
+void init_samr_q_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS * q_e,
+				 POLICY_HND *pol,
+				 uint32 start_idx, uint32 size)
+{
+	DEBUG(5, ("init_samr_q_enum_dom_groups\n"));
+
+	q_e->pol = *pol;
+
+	q_e->start_idx = start_idx;
+	q_e->max_size = size;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_q_enum_dom_groups(char *desc, SAMR_Q_ENUM_DOM_GROUPS * q_e,
+			       prs_struct *ps, int depth)
+{
+	if (q_e == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_enum_dom_groups");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("pol", &(q_e->pol), ps, depth))
+		return False;
+
+	if(!prs_uint32("start_idx", ps, depth, &q_e->start_idx))
+		return False;
+	if(!prs_uint32("max_size ", ps, depth, &q_e->max_size))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_R_ENUM_DOM_GROUPS structure.
+********************************************************************/
+
+void init_samr_r_enum_dom_groups(SAMR_R_ENUM_DOM_GROUPS * r_u,
+				 uint32 next_idx, uint32 num_sam_entries)
+{
+	DEBUG(5, ("init_samr_r_enum_dom_groups\n"));
+
+	r_u->next_idx = next_idx;
+
+	if (num_sam_entries != 0) {
+		r_u->ptr_entries1 = 1;
+		r_u->ptr_entries2 = 1;
+		r_u->num_entries2 = num_sam_entries;
+		r_u->num_entries3 = num_sam_entries;
+
+		r_u->num_entries4 = num_sam_entries;
+	} else {
+		r_u->ptr_entries1 = 0;
+		r_u->num_entries2 = num_sam_entries;
+		r_u->ptr_entries2 = 1;
+	}
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_enum_dom_groups(char *desc, SAMR_R_ENUM_DOM_GROUPS * r_u,
+			       prs_struct *ps, int depth)
+{
+	uint32 i;
+
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_enum_dom_groups");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("next_idx    ", ps, depth, &r_u->next_idx))
+		return False;
+	if(!prs_uint32("ptr_entries1", ps, depth, &r_u->ptr_entries1))
+		return False;
+
+	if (r_u->ptr_entries1 != 0) {
+		if(!prs_uint32("num_entries2", ps, depth, &r_u->num_entries2))
+			return False;
+		if(!prs_uint32("ptr_entries2", ps, depth, &r_u->ptr_entries2))
+			return False;
+		if(!prs_uint32("num_entries3", ps, depth, &r_u->num_entries3))
+			return False;
+
+		if (UNMARSHALLING(ps)) {
+			r_u->sam = (SAM_ENTRY *)prs_alloc_mem(ps,sizeof(SAM_ENTRY)*r_u->num_entries2);
+			r_u->uni_grp_name = (UNISTR2 *)prs_alloc_mem(ps,sizeof(UNISTR2)*r_u->num_entries2);
+		}
+
+		if ((r_u->sam == NULL || r_u->uni_grp_name == NULL) && r_u->num_entries2 != 0) {
+			DEBUG(0,
+			      ("NULL pointers in SAMR_R_ENUM_DOM_GROUPS\n"));
+			r_u->num_entries4 = 0;
+			r_u->status = NT_STATUS_MEMORY_NOT_ALLOCATED;
+			return False;
+		}
+
+		for (i = 0; i < r_u->num_entries2; i++)	{
+			if(!sam_io_sam_entry("", &r_u->sam[i], ps, depth))
+				return False;
+		}
+
+		for (i = 0; i < r_u->num_entries2; i++)	{
+			if(!smb_io_unistr2("", &r_u->uni_grp_name[i],
+				       r_u->sam[i].hdr_name.buffer, ps, depth))
+				return False;
+		}
+	}
+
+	if(!prs_align(ps))
+		return False;
+	if(!prs_uint32("num_entries4", ps, depth, &r_u->num_entries4))
+		return False;
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_Q_ENUM_DOM_ALIASES structure.
+********************************************************************/
+
+void init_samr_q_enum_dom_aliases(SAMR_Q_ENUM_DOM_ALIASES * q_e,
+				  POLICY_HND *pol, uint32 start_idx,
+				  uint32 size)
+{
+	DEBUG(5, ("init_samr_q_enum_dom_aliases\n"));
+
+	q_e->pol = *pol;
+
+	q_e->start_idx = start_idx;
+	q_e->max_size = size;
+}
+
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_q_enum_dom_aliases(char *desc, SAMR_Q_ENUM_DOM_ALIASES * q_e,
+				prs_struct *ps, int depth)
+{
+	if (q_e == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_enum_dom_aliases");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("pol", &q_e->pol, ps, depth))
+		return False;
+
+	if(!prs_uint32("start_idx", ps, depth, &q_e->start_idx))
+		return False;
+	if(!prs_uint32("max_size ", ps, depth, &q_e->max_size))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_R_ENUM_DOM_ALIASES structure.
+********************************************************************/
+
+void init_samr_r_enum_dom_aliases(SAMR_R_ENUM_DOM_ALIASES *r_u, uint32 next_idx, uint32 num_sam_entries)
+{
+	DEBUG(5, ("init_samr_r_enum_dom_aliases\n"));
+
+	r_u->next_idx = next_idx;
+
+	if (num_sam_entries != 0) {
+		r_u->ptr_entries1 = 1;
+		r_u->ptr_entries2 = 1;
+		r_u->num_entries2 = num_sam_entries;
+		r_u->num_entries3 = num_sam_entries;
+
+		r_u->num_entries4 = num_sam_entries;
+	} else {
+		r_u->ptr_entries1 = 0;
+		r_u->num_entries2 = num_sam_entries;
+		r_u->ptr_entries2 = 1;
+	}
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_enum_dom_aliases(char *desc, SAMR_R_ENUM_DOM_ALIASES * r_u,
+				prs_struct *ps, int depth)
+{
+	uint32 i;
+
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_enum_dom_aliases");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("next_idx    ", ps, depth, &r_u->next_idx))
+		return False;
+	if(!prs_uint32("ptr_entries1", ps, depth, &r_u->ptr_entries1))
+		return False;
+
+	if (r_u->ptr_entries1 != 0) {
+		if(!prs_uint32("num_entries2", ps, depth, &r_u->num_entries2))
+			return False;
+		if(!prs_uint32("ptr_entries2", ps, depth, &r_u->ptr_entries2))
+			return False;
+		if(!prs_uint32("num_entries3", ps, depth, &r_u->num_entries3))
+			return False;
+
+		if (UNMARSHALLING(ps) && (r_u->num_entries2 > 0)) {
+			r_u->sam = (SAM_ENTRY *)prs_alloc_mem(ps,sizeof(SAM_ENTRY)*r_u->num_entries2);
+			r_u->uni_grp_name = (UNISTR2 *)prs_alloc_mem(ps,sizeof(UNISTR2)*r_u->num_entries2);
+		}
+
+		if (r_u->num_entries2 != 0 && 
+		    (r_u->sam == NULL || r_u->uni_grp_name == NULL)) {
+			DEBUG(0,("NULL pointers in SAMR_R_ENUM_DOM_ALIASES\n"));
+			r_u->num_entries4 = 0;
+			r_u->status = NT_STATUS_MEMORY_NOT_ALLOCATED;
+			return False;
+		}
+
+		for (i = 0; i < r_u->num_entries2; i++) {
+			if(!sam_io_sam_entry("", &r_u->sam[i], ps, depth))
+				return False;
+		}
+
+		for (i = 0; i < r_u->num_entries2; i++) {
+			if(!smb_io_unistr2("", &r_u->uni_grp_name[i],
+				       r_u->sam[i].hdr_name.buffer, ps,
+				       depth))
+				return False;
+		}
+	}
+
+	if(!prs_align(ps))
+		return False;
+	if(!prs_uint32("num_entries4", ps, depth, &r_u->num_entries4))
+		return False;
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a ALIAS_INFO1 structure.
+********************************************************************/
+
+void init_samr_alias_info1(ALIAS_INFO1 * al1, char *acct_name, uint32 num_member, char *acct_desc)
+{
+	int acct_len_name = acct_name != NULL ? strlen(acct_name) : 0;
+	int acct_len_desc = acct_desc != NULL ? strlen(acct_desc) : 0;
+
+	DEBUG(5, ("init_samr_alias_info1\n"));
+
+	init_uni_hdr(&al1->hdr_acct_name, acct_len_name);
+	init_unistr2(&al1->uni_acct_name, acct_name, acct_len_name);
+
+	al1->num_member=num_member;
+
+	init_uni_hdr(&al1->hdr_acct_desc, acct_len_desc);
+	init_unistr2(&al1->uni_acct_desc, acct_desc, acct_len_desc);
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_alias_info1(char *desc, ALIAS_INFO1 * al1,
+			 prs_struct *ps, int depth)
+{
+	if (al1 == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_alias_info1");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_unihdr("hdr_acct_name", &al1->hdr_acct_name, ps, depth))
+		return False;
+	if(!prs_uint32("num_member", ps, depth, &al1->num_member))
+		return False;
+	if(!smb_io_unihdr("hdr_acct_desc", &al1->hdr_acct_desc, ps, depth))
+		return False;
+
+	if(!smb_io_unistr2("uni_acct_name", &al1->uni_acct_name,
+		       al1->hdr_acct_name.buffer, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_unistr2("uni_acct_desc", &al1->uni_acct_desc,
+		       al1->hdr_acct_desc.buffer, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a ALIAS_INFO3 structure.
+********************************************************************/
+
+void init_samr_alias_info3(ALIAS_INFO3 * al3, char *acct_desc)
+{
+	int acct_len = acct_desc != NULL ? strlen(acct_desc) : 0;
+
+	DEBUG(5, ("init_samr_alias_info3\n"));
+
+	init_uni_hdr(&al3->hdr_acct_desc, acct_len);
+	init_unistr2(&al3->uni_acct_desc, acct_desc, acct_len);
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_alias_info3(char *desc, ALIAS_INFO3 * al3,
+			 prs_struct *ps, int depth)
+{
+	if (al3 == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_alias_info3");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_unihdr("hdr_acct_desc", &al3->hdr_acct_desc, ps, depth))
+		return False;
+	if(!smb_io_unistr2("uni_acct_desc", &al3->uni_acct_desc,
+		       al3->hdr_acct_desc.buffer, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_alias_info_ctr(char *desc, ALIAS_INFO_CTR * ctr,
+			 prs_struct *ps, int depth)
+{
+	if (ctr == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_alias_info_ctr");
+	depth++;
+
+	if(!prs_uint16("switch_value1", ps, depth, &ctr->switch_value1))
+		return False;
+	if(!prs_uint16("switch_value2", ps, depth, &ctr->switch_value2))
+		return False;
+
+	switch (ctr->switch_value1) {
+	case 1: 
+		if(!samr_io_alias_info1("alias_info1", &ctr->alias.info1, ps, depth))
+			return False;
+		break;
+	case 3: 
+		if(!samr_io_alias_info3("alias_info3", &ctr->alias.info3, ps, depth))
+			return False;
+		break;
+	default:
+		DEBUG(0,("samr_alias_info_ctr: unsupported switch level\n"));
+		break;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_Q_QUERY_ALIASINFO structure.
+********************************************************************/
+
+void init_samr_q_query_aliasinfo(SAMR_Q_QUERY_ALIASINFO * q_e,
+				 POLICY_HND *pol, uint16 switch_level)
+{
+	DEBUG(5, ("init_samr_q_query_aliasinfo\n"));
+
+	q_e->pol = *pol;
+	q_e->switch_level = switch_level;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_q_query_aliasinfo(char *desc, SAMR_Q_QUERY_ALIASINFO * q_e,
+			       prs_struct *ps, int depth)
+{
+	if (q_e == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_query_aliasinfo");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("pol", &(q_e->pol), ps, depth))
+		return False;
+
+	if(!prs_uint16("switch_level", ps, depth, &q_e->switch_level))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_R_QUERY_ALIASINFO structure.
+********************************************************************/
+
+void init_samr_r_query_aliasinfo(SAMR_R_QUERY_ALIASINFO * r_u,
+				 ALIAS_INFO_CTR * ctr, NTSTATUS status)
+{
+	DEBUG(5, ("init_samr_r_query_aliasinfo\n"));
+
+	r_u->ptr = (NT_STATUS_IS_OK(status) && ctr != NULL) ? 1 : 0;
+	r_u->ctr = *ctr;
+	r_u->status = status;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_query_aliasinfo(char *desc, SAMR_R_QUERY_ALIASINFO * r_u,
+			       prs_struct *ps, int depth)
+{
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_query_aliasinfo");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr", ps, depth, &r_u->ptr))
+		return False;
+
+	if (r_u->ptr != 0) {
+		if(!samr_alias_info_ctr("ctr", &r_u->ctr, ps, depth))
+			return False;
+	}
+
+	if(!prs_align(ps))
+		return False;
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_Q_SET_ALIASINFO structure.
+********************************************************************/
+
+void init_samr_q_set_aliasinfo(SAMR_Q_SET_ALIASINFO * q_u,
+			       POLICY_HND *hnd, ALIAS_INFO_CTR * ctr)
+{
+	DEBUG(5, ("init_samr_q_set_aliasinfo\n"));
+
+	q_u->alias_pol = *hnd;
+	q_u->ctr = *ctr;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_q_set_aliasinfo(char *desc, SAMR_Q_SET_ALIASINFO * q_u,
+			     prs_struct *ps, int depth)
+{
+	if (q_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_set_aliasinfo");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("alias_pol", &q_u->alias_pol, ps, depth))
+		return False;
+	if(!samr_alias_info_ctr("ctr", &q_u->ctr, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_set_aliasinfo(char *desc, SAMR_R_SET_ALIASINFO * r_u,
+			     prs_struct *ps, int depth)
+{
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_set_aliasinfo");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_Q_QUERY_USERALIASES structure.
+********************************************************************/
+
+void init_samr_q_query_useraliases(SAMR_Q_QUERY_USERALIASES * q_u,
+				   POLICY_HND *hnd,
+				   uint32 num_sids,
+				   uint32 *ptr_sid, DOM_SID2 * sid)
+{
+	DEBUG(5, ("init_samr_q_query_useraliases\n"));
+
+	q_u->pol = *hnd;
+
+	q_u->num_sids1 = num_sids;
+	q_u->ptr = 1;
+	q_u->num_sids2 = num_sids;
+
+	q_u->ptr_sid = ptr_sid;
+	q_u->sid = sid;
+}
+
+/*******************************************************************
+reads or writes a SAMR_Q_QUERY_USERALIASES structure.
+********************************************************************/
+
+BOOL samr_io_q_query_useraliases(char *desc, SAMR_Q_QUERY_USERALIASES * q_u,
+				 prs_struct *ps, int depth)
+{
+	fstring tmp;
+	uint32 i;
+
+	if (q_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_query_useraliases");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("pol", &q_u->pol, ps, depth))
+		return False;
+
+	if(!prs_uint32("num_sids1", ps, depth, &q_u->num_sids1))
+		return False;
+	if(!prs_uint32("ptr      ", ps, depth, &q_u->ptr))
+		return False;
+
+	if (q_u->ptr==0)
+		return True;
+
+	if(!prs_uint32("num_sids2", ps, depth, &q_u->num_sids2))
+		return False;
+
+	if (UNMARSHALLING(ps) && (q_u->num_sids2 != 0)) {
+		q_u->ptr_sid = (uint32 *)prs_alloc_mem(ps,sizeof(q_u->ptr_sid[0])*q_u->num_sids2);
+		if (q_u->ptr_sid == NULL)
+			return False;
+
+		q_u->sid = (DOM_SID2 *)prs_alloc_mem(ps, sizeof(q_u->sid[0]) * q_u->num_sids2);
+		if (q_u->sid == NULL)
+			return False;
+	}
+
+	for (i = 0; i < q_u->num_sids2; i++) {
+		slprintf(tmp, sizeof(tmp) - 1, "ptr[%02d]", i);
+		if(!prs_uint32(tmp, ps, depth, &q_u->ptr_sid[i]))
+			return False;
+	}
+
+	for (i = 0; i < q_u->num_sids2; i++) {
+		if (q_u->ptr_sid[i] != 0) {
+			slprintf(tmp, sizeof(tmp) - 1, "sid[%02d]", i);
+			if(!smb_io_dom_sid2(tmp, &q_u->sid[i], ps, depth))
+				return False;
+		}
+	}
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_R_QUERY_USERALIASES structure.
+********************************************************************/
+
+void init_samr_r_query_useraliases(SAMR_R_QUERY_USERALIASES * r_u,
+				   uint32 num_rids, uint32 *rid,
+				   NTSTATUS status)
+{
+	DEBUG(5, ("init_samr_r_query_useraliases\n"));
+
+	if (NT_STATUS_IS_OK(status)) {
+		r_u->num_entries = num_rids;
+		r_u->ptr = 1;
+		r_u->num_entries2 = num_rids;
+
+		r_u->rid = rid;
+	} else {
+		r_u->num_entries = 0;
+		r_u->ptr = 0;
+		r_u->num_entries2 = 0;
+	}
+
+	r_u->status = status;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_rids(char *desc, uint32 *num_rids, uint32 **rid,
+		  prs_struct *ps, int depth)
+{
+	fstring tmp;
+	uint32 i;
+	if (rid == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_rids");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("num_rids", ps, depth, num_rids))
+		return False;
+
+	if ((*num_rids) != 0) {
+		if (UNMARSHALLING(ps)) {
+			/* reading */
+			(*rid) = (uint32 *)prs_alloc_mem(ps,sizeof(uint32)*(*num_rids));
+		}
+		if ((*rid) == NULL)
+			return False;
+
+		for (i = 0; i < (*num_rids); i++) {
+			slprintf(tmp, sizeof(tmp) - 1, "rid[%02d]", i);
+			if(!prs_uint32(tmp, ps, depth, &((*rid)[i])))
+				return False;
+		}
+	}
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_query_useraliases(char *desc, SAMR_R_QUERY_USERALIASES * r_u,
+				 prs_struct *ps, int depth)
+{
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_query_useraliases");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("num_entries", ps, depth, &r_u->num_entries))
+		return False;
+	if(!prs_uint32("ptr        ", ps, depth, &r_u->ptr))
+		return False;
+
+	if (r_u->ptr != 0) {
+		if(!samr_io_rids("rids", &r_u->num_entries2, &r_u->rid, ps, depth))
+			return False;
+	}
+
+	if(!prs_align(ps))
+		return False;
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_Q_OPEN_ALIAS structure.
+********************************************************************/
+
+void init_samr_q_open_alias(SAMR_Q_OPEN_ALIAS * q_u, POLICY_HND *pol,
+			    uint32 access_mask, uint32 rid)
+{
+	DEBUG(5, ("init_samr_q_open_alias\n"));
+
+	q_u->dom_pol = *pol;
+	q_u->access_mask = access_mask;
+	q_u->rid_alias = rid;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_q_open_alias(char *desc, SAMR_Q_OPEN_ALIAS * q_u,
+			  prs_struct *ps, int depth)
+{
+	if (q_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_open_alias");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("domain_pol", &q_u->dom_pol, ps, depth))
+		return False;
+
+	if(!prs_uint32("access_mask", ps, depth, &q_u->access_mask))
+		return False;
+	if(!prs_uint32("rid_alias", ps, depth, &q_u->rid_alias))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_open_alias(char *desc, SAMR_R_OPEN_ALIAS * r_u,
+			  prs_struct *ps, int depth)
+{
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_open_alias");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("pol", &r_u->pol, ps, depth))
+		return False;
+
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_Q_LOOKUP_RIDS structure.
+********************************************************************/
+
+void init_samr_q_lookup_rids(TALLOC_CTX *ctx, SAMR_Q_LOOKUP_RIDS * q_u,
+			     POLICY_HND *pol, uint32 flags,
+			     uint32 num_rids, uint32 *rid)
+{
+	DEBUG(5, ("init_samr_q_lookup_rids\n"));
+
+	q_u->pol = *pol;
+
+	q_u->num_rids1 = num_rids;
+	q_u->flags = flags;
+	q_u->ptr = 0;
+	q_u->num_rids2 = num_rids;
+	q_u->rid = (uint32 *)talloc_zero(ctx, num_rids * sizeof(q_u->rid[0]));
+	if (q_u->rid == NULL) {
+		q_u->num_rids1 = 0;
+		q_u->num_rids2 = 0;
+	} else {
+		memcpy(q_u->rid, rid, num_rids * sizeof(q_u->rid[0]));
+	}
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_q_lookup_rids(char *desc, SAMR_Q_LOOKUP_RIDS * q_u,
+			   prs_struct *ps, int depth)
+{
+	uint32 i;
+	fstring tmp;
+
+	if (q_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_lookup_rids");
+	depth++;
+
+	if (UNMARSHALLING(ps))
+		ZERO_STRUCTP(q_u);
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("pol", &q_u->pol, ps, depth))
+		return False;
+
+	if(!prs_uint32("num_rids1", ps, depth, &q_u->num_rids1))
+		return False;
+	if(!prs_uint32("flags    ", ps, depth, &q_u->flags))
+		return False;
+	if(!prs_uint32("ptr      ", ps, depth, &q_u->ptr))
+		return False;
+	if(!prs_uint32("num_rids2", ps, depth, &q_u->num_rids2))
+		return False;
+
+	if (UNMARSHALLING(ps) && (q_u->num_rids2 != 0)) {
+		q_u->rid = (uint32 *)prs_alloc_mem(ps, sizeof(q_u->rid[0])*q_u->num_rids2);
+		if (q_u->rid == NULL)
+			return False;
+	}
+
+	for (i = 0; i < q_u->num_rids2; i++) {
+		slprintf(tmp, sizeof(tmp) - 1, "rid[%02d]  ", i);
+		if(!prs_uint32(tmp, ps, depth, &q_u->rid[i]))
+			return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_R_LOOKUP_RIDS structure.
+********************************************************************/
+
+void init_samr_r_lookup_rids(SAMR_R_LOOKUP_RIDS * r_u,
+			     uint32 num_names, UNIHDR * hdr_name,
+			     UNISTR2 *uni_name, uint32 *type)
+{
+	DEBUG(5, ("init_samr_r_lookup_rids\n"));
+
+	r_u->hdr_name = NULL;
+	r_u->uni_name = NULL;
+	r_u->type = NULL;
+
+	if (num_names != 0) {
+		r_u->num_names1 = num_names;
+		r_u->ptr_names = 1;
+		r_u->num_names2 = num_names;
+
+		r_u->num_types1 = num_names;
+		r_u->ptr_types = 1;
+		r_u->num_types2 = num_names;
+
+		r_u->hdr_name = hdr_name;
+		r_u->uni_name = uni_name;
+		r_u->type = type;
+	} else {
+		r_u->num_names1 = num_names;
+		r_u->ptr_names = 0;
+		r_u->num_names2 = num_names;
+
+		r_u->num_types1 = num_names;
+		r_u->ptr_types = 0;
+		r_u->num_types2 = num_names;
+	}
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_lookup_rids(char *desc, SAMR_R_LOOKUP_RIDS * r_u,
+			   prs_struct *ps, int depth)
+{
+	uint32 i;
+	fstring tmp;
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_lookup_rids");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("num_names1", ps, depth, &r_u->num_names1))
+		return False;
+	if(!prs_uint32("ptr_names ", ps, depth, &r_u->ptr_names))
+		return False;
+
+	if (r_u->ptr_names != 0) {
+
+		if(!prs_uint32("num_names2", ps, depth, &r_u->num_names2))
+			return False;
+
+
+		if (UNMARSHALLING(ps) && (r_u->num_names2 != 0)) {
+			r_u->hdr_name = (UNIHDR *) prs_alloc_mem(ps, r_u->num_names2 * sizeof(r_u->hdr_name[0]));
+			if (r_u->hdr_name == NULL)
+				return False;
+
+			r_u->uni_name = (UNISTR2 *)prs_alloc_mem(ps, r_u->num_names2 * sizeof(r_u->uni_name[0]));
+			if (r_u->uni_name == NULL)
+				return False;
+		}
+		
+		for (i = 0; i < r_u->num_names2; i++) {
+			slprintf(tmp, sizeof(tmp) - 1, "hdr[%02d]  ", i);
+			if(!smb_io_unihdr("", &r_u->hdr_name[i], ps, depth))
+				return False;
+		}
+		for (i = 0; i < r_u->num_names2; i++) {
+			slprintf(tmp, sizeof(tmp) - 1, "str[%02d]  ", i);
+			if(!smb_io_unistr2("", &r_u->uni_name[i], r_u->hdr_name[i].buffer, ps, depth))
+				return False;
+		}
+
+	}
+	
+	if(!prs_align(ps))
+		return False;
+	if(!prs_uint32("num_types1", ps, depth, &r_u->num_types1))
+		return False;
+	if(!prs_uint32("ptr_types ", ps, depth, &r_u->ptr_types))
+		return False;
+
+	if (r_u->ptr_types != 0) {
+
+		if(!prs_uint32("num_types2", ps, depth, &r_u->num_types2))
+			return False;
+
+		if (UNMARSHALLING(ps) && (r_u->num_types2 != 0)) {
+			r_u->type = (uint32 *)prs_alloc_mem(ps, r_u->num_types2 * sizeof(r_u->type[0]));
+			if (r_u->type == NULL)
+				return False;
+		}
+
+		for (i = 0; i < r_u->num_types2; i++) {
+			slprintf(tmp, sizeof(tmp) - 1, "type[%02d]  ", i);
+			if(!prs_uint32(tmp, ps, depth, &r_u->type[i]))
+				return False;
+		}
+	}
+
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_Q_OPEN_ALIAS structure.
+********************************************************************/
+
+void init_samr_q_delete_alias(SAMR_Q_DELETE_DOM_ALIAS * q_u, POLICY_HND *hnd)
+{
+	DEBUG(5, ("init_samr_q_delete_alias\n"));
+
+	q_u->alias_pol = *hnd;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_q_delete_alias(char *desc, SAMR_Q_DELETE_DOM_ALIAS * q_u,
+			    prs_struct *ps, int depth)
+{
+	if (q_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_delete_alias");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("alias_pol", &q_u->alias_pol, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_delete_alias(char *desc, SAMR_R_DELETE_DOM_ALIAS * r_u,
+			    prs_struct *ps, int depth)
+{
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_delete_alias");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("pol", &r_u->pol, ps, depth))
+		return False;
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_Q_CREATE_DOM_ALIAS structure.
+********************************************************************/
+
+void init_samr_q_create_dom_alias(SAMR_Q_CREATE_DOM_ALIAS * q_u,
+				  POLICY_HND *hnd, char *acct_desc)
+{
+	int acct_len = acct_desc != NULL ? strlen(acct_desc) : 0;
+
+	DEBUG(5, ("init_samr_q_create_dom_alias\n"));
+
+	q_u->dom_pol = *hnd;
+
+	init_uni_hdr(&q_u->hdr_acct_desc, acct_len);
+	init_unistr2(&q_u->uni_acct_desc, acct_desc, acct_len);
+
+	q_u->access_mask = 0x001f000f;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_q_create_dom_alias(char *desc, SAMR_Q_CREATE_DOM_ALIAS * q_u,
+				prs_struct *ps, int depth)
+{
+	if (q_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_create_dom_alias");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("dom_pol", &q_u->dom_pol, ps, depth))
+		return False;
+
+	if(!smb_io_unihdr("hdr_acct_desc", &q_u->hdr_acct_desc, ps, depth))
+		return False;
+	if(!smb_io_unistr2("uni_acct_desc", &q_u->uni_acct_desc,
+		       q_u->hdr_acct_desc.buffer, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+	if(!prs_uint32("access_mask", ps, depth, &q_u->access_mask))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_create_dom_alias(char *desc, SAMR_R_CREATE_DOM_ALIAS * r_u,
+				prs_struct *ps, int depth)
+{
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_create_dom_alias");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("alias_pol", &r_u->alias_pol, ps, depth))
+		return False;
+
+	if(!prs_uint32("rid", ps, depth, &r_u->rid))
+		return False;
+
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_Q_ADD_ALIASMEM structure.
+********************************************************************/
+
+void init_samr_q_add_aliasmem(SAMR_Q_ADD_ALIASMEM * q_u, POLICY_HND *hnd,
+			      DOM_SID *sid)
+{
+	DEBUG(5, ("init_samr_q_add_aliasmem\n"));
+
+	q_u->alias_pol = *hnd;
+	init_dom_sid2(&q_u->sid, sid);
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_q_add_aliasmem(char *desc, SAMR_Q_ADD_ALIASMEM * q_u,
+			    prs_struct *ps, int depth)
+{
+	if (q_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_add_aliasmem");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("alias_pol", &q_u->alias_pol, ps, depth))
+		return False;
+	if(!smb_io_dom_sid2("sid      ", &q_u->sid, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_add_aliasmem(char *desc, SAMR_R_ADD_ALIASMEM * r_u,
+			    prs_struct *ps, int depth)
+{
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_add_aliasmem");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_Q_DEL_ALIASMEM structure.
+********************************************************************/
+
+void init_samr_q_del_aliasmem(SAMR_Q_DEL_ALIASMEM * q_u, POLICY_HND *hnd,
+			      DOM_SID *sid)
+{
+	DEBUG(5, ("init_samr_q_del_aliasmem\n"));
+
+	q_u->alias_pol = *hnd;
+	init_dom_sid2(&q_u->sid, sid);
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_q_del_aliasmem(char *desc, SAMR_Q_DEL_ALIASMEM * q_u,
+			    prs_struct *ps, int depth)
+{
+	if (q_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_del_aliasmem");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("alias_pol", &q_u->alias_pol, ps, depth))
+		return False;
+	if(!smb_io_dom_sid2("sid      ", &q_u->sid, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_del_aliasmem(char *desc, SAMR_R_DEL_ALIASMEM * r_u,
+			    prs_struct *ps, int depth)
+{
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_del_aliasmem");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_Q_DELETE_DOM_ALIAS structure.
+********************************************************************/
+
+void init_samr_q_delete_dom_alias(SAMR_Q_DELETE_DOM_ALIAS * q_c,
+				  POLICY_HND *hnd)
+{
+	DEBUG(5, ("init_samr_q_delete_dom_alias\n"));
+
+	q_c->alias_pol = *hnd;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_q_delete_dom_alias(char *desc, SAMR_Q_DELETE_DOM_ALIAS * q_u,
+				prs_struct *ps, int depth)
+{
+	if (q_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_delete_dom_alias");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("alias_pol", &q_u->alias_pol, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_R_DELETE_DOM_ALIAS structure.
+********************************************************************/
+
+void init_samr_r_delete_dom_alias(SAMR_R_DELETE_DOM_ALIAS * r_u,
+				  NTSTATUS status)
+{
+	DEBUG(5, ("init_samr_r_delete_dom_alias\n"));
+
+	r_u->status = status;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_delete_dom_alias(char *desc, SAMR_R_DELETE_DOM_ALIAS * r_u,
+				prs_struct *ps, int depth)
+{
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_delete_dom_alias");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_Q_QUERY_ALIASMEM structure.
+********************************************************************/
+
+void init_samr_q_query_aliasmem(SAMR_Q_QUERY_ALIASMEM * q_c,
+				POLICY_HND *hnd)
+{
+	DEBUG(5, ("init_samr_q_query_aliasmem\n"));
+
+	q_c->alias_pol = *hnd;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_q_query_aliasmem(char *desc, SAMR_Q_QUERY_ALIASMEM * q_u,
+			      prs_struct *ps, int depth)
+{
+	if (q_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_query_aliasmem");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("alias_pol", &q_u->alias_pol, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_R_QUERY_ALIASMEM structure.
+********************************************************************/
+
+void init_samr_r_query_aliasmem(SAMR_R_QUERY_ALIASMEM * r_u,
+				uint32 num_sids, DOM_SID2 * sid,
+				NTSTATUS status)
+{
+	DEBUG(5, ("init_samr_r_query_aliasmem\n"));
+
+	if (NT_STATUS_IS_OK(status)) {
+		r_u->num_sids = num_sids;
+		r_u->ptr = (num_sids != 0) ? 1 : 0;
+		r_u->num_sids1 = num_sids;
+
+		r_u->sid = sid;
+	} else {
+		r_u->ptr = 0;
+		r_u->num_sids = 0;
+	}
+
+	r_u->status = status;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_query_aliasmem(char *desc, SAMR_R_QUERY_ALIASMEM * r_u,
+			      prs_struct *ps, int depth)
+{
+	uint32 i;
+	uint32 ptr_sid[MAX_LOOKUP_SIDS];
+
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_query_aliasmem");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("num_sids ", ps, depth, &r_u->num_sids))
+		return False;
+	if(!prs_uint32("ptr", ps, depth, &r_u->ptr))
+		return False;
+
+	if (r_u->ptr != 0) {
+		SMB_ASSERT_ARRAY(ptr_sid, r_u->num_sids);
+
+		if (r_u->num_sids != 0) {
+			if(!prs_uint32("num_sids1", ps, depth, &r_u->num_sids1))
+				return False;
+
+			for (i = 0; i < r_u->num_sids1; i++) {
+				ptr_sid[i] = 1;
+				if(!prs_uint32("", ps, depth, &ptr_sid[i]))
+				  return False;
+			}
+
+			for (i = 0; i < r_u->num_sids1; i++) {
+				if (ptr_sid[i] != 0) {
+					if(!smb_io_dom_sid2("", &r_u->sid[i], ps, depth))
+						return False;
+				}
+			}
+		}
+	}
+
+	if(!prs_align(ps))
+		return False;
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_Q_LOOKUP_NAMES structure.
+********************************************************************/
+
+NTSTATUS init_samr_q_lookup_names(TALLOC_CTX *ctx, SAMR_Q_LOOKUP_NAMES * q_u,
+			      POLICY_HND *pol, uint32 flags,
+			      uint32 num_names, char **name)
+{
+	uint32 i;
+
+	DEBUG(5, ("init_samr_q_lookup_names\n"));
+
+	q_u->pol = *pol;
+
+	q_u->num_names1 = num_names;
+	q_u->flags = flags;
+	q_u->ptr = 0;
+	q_u->num_names2 = num_names;
+
+	if (!(q_u->hdr_name = (UNIHDR *)talloc_zero(ctx, num_names * sizeof(UNIHDR))))
+		return NT_STATUS_NO_MEMORY;
+
+	if (!(q_u->uni_name = (UNISTR2 *)talloc_zero(ctx, num_names * sizeof(UNISTR2))))
+		return NT_STATUS_NO_MEMORY;
+
+	for (i = 0; i < num_names; i++) {
+		int len_name = name[i] != NULL ? strlen(name[i]) : 0;
+		init_uni_hdr(&q_u->hdr_name[i], len_name);	/* unicode header for user_name */
+		init_unistr2(&q_u->uni_name[i], name[i], len_name);	/* unicode string for machine account */
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_q_lookup_names(char *desc, SAMR_Q_LOOKUP_NAMES * q_u,
+			    prs_struct *ps, int depth)
+{
+	uint32 i;
+
+	if (q_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_lookup_names");
+	depth++;
+
+	if (UNMARSHALLING(ps))
+		ZERO_STRUCTP(q_u);
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("pol", &q_u->pol, ps, depth))
+		return False;
+
+	if(!prs_uint32("num_names1", ps, depth, &q_u->num_names1))
+		return False;
+	if(!prs_uint32("flags     ", ps, depth, &q_u->flags))
+		return False;
+	if(!prs_uint32("ptr       ", ps, depth, &q_u->ptr))
+		return False;
+	if(!prs_uint32("num_names2", ps, depth, &q_u->num_names2))
+		return False;
+
+	if (UNMARSHALLING(ps) && (q_u->num_names2 != 0)) {
+		q_u->hdr_name = (UNIHDR *)prs_alloc_mem(ps, sizeof(UNIHDR) *
+							q_u->num_names2);
+		q_u->uni_name = (UNISTR2 *)prs_alloc_mem(ps, sizeof(UNISTR2) *
+							 q_u->num_names2);
+		if (!q_u->hdr_name || !q_u->uni_name)
+			return False;
+	}
+
+	for (i = 0; i < q_u->num_names2; i++) {
+		if(!smb_io_unihdr("", &q_u->hdr_name[i], ps, depth))
+			return False;
+	}
+
+	for (i = 0; i < q_u->num_names2; i++) {
+		if(!smb_io_unistr2("", &q_u->uni_name[i], q_u->hdr_name[i].buffer, ps, depth))
+			return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_R_LOOKUP_NAMES structure.
+********************************************************************/
+
+NTSTATUS init_samr_r_lookup_names(TALLOC_CTX *ctx, SAMR_R_LOOKUP_NAMES * r_u,
+			      uint32 num_rids,
+			      uint32 *rid, uint32 *type,
+			      NTSTATUS status)
+{
+	DEBUG(5, ("init_samr_r_lookup_names\n"));
+
+	if (NT_STATUS_IS_OK(status) && (num_rids != 0))	{
+		uint32 i;
+
+		r_u->num_types1 = num_rids;
+		r_u->ptr_types = 1;
+		r_u->num_types2 = num_rids;
+
+		r_u->num_rids1 = num_rids;
+		r_u->ptr_rids = 1;
+		r_u->num_rids2 = num_rids;
+
+		if (!(r_u->rids = (uint32 *)talloc_zero(ctx, sizeof(uint32)*num_rids)))
+			return NT_STATUS_NO_MEMORY;
+		if (!(r_u->types = (uint32 *)talloc_zero(ctx, sizeof(uint32)*num_rids)))
+			return NT_STATUS_NO_MEMORY;
+
+		if (!r_u->rids || !r_u->types)
+			goto empty;
+
+		for (i = 0; i < num_rids; i++) {
+			r_u->rids[i] = rid[i];
+			r_u->types[i] = type[i];
+		}
+	} else {
+
+  empty:
+		r_u->num_types1 = 0;
+		r_u->ptr_types = 0;
+		r_u->num_types2 = 0;
+
+		r_u->num_rids1 = 0;
+		r_u->ptr_rids = 0;
+		r_u->num_rids2 = 0;
+
+		r_u->rids = NULL;
+		r_u->types = NULL;
+	}
+
+	r_u->status = status;
+
+	return NT_STATUS_OK;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_lookup_names(char *desc, SAMR_R_LOOKUP_NAMES * r_u,
+			    prs_struct *ps, int depth)
+{
+	uint32 i;
+	fstring tmp;
+
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_lookup_names");
+	depth++;
+
+	if (UNMARSHALLING(ps))
+		ZERO_STRUCTP(r_u);
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("num_rids1", ps, depth, &r_u->num_rids1))
+		return False;
+	if(!prs_uint32("ptr_rids ", ps, depth, &r_u->ptr_rids))
+		return False;
+
+	if (r_u->ptr_rids != 0)	{
+		if(!prs_uint32("num_rids2", ps, depth, &r_u->num_rids2))
+			return False;
+
+		if (r_u->num_rids2 != r_u->num_rids1) {
+			/* RPC fault */
+			return False;
+		}
+
+		if (UNMARSHALLING(ps))
+			r_u->rids = (uint32 *)prs_alloc_mem(ps, sizeof(uint32)*r_u->num_rids2);
+
+		if (!r_u->rids) {
+			DEBUG(0, ("NULL rids in samr_io_r_lookup_names\n"));
+			return False;
+		}
+
+		for (i = 0; i < r_u->num_rids2; i++) {
+			slprintf(tmp, sizeof(tmp) - 1, "rid[%02d]  ", i);
+			if(!prs_uint32(tmp, ps, depth, &r_u->rids[i]))
+				return False;
+		}
+	}
+
+	if(!prs_uint32("num_types1", ps, depth, &r_u->num_types1))
+		return False;
+	if(!prs_uint32("ptr_types ", ps, depth, &r_u->ptr_types))
+		return False;
+
+	if (r_u->ptr_types != 0) {
+		if(!prs_uint32("num_types2", ps, depth, &r_u->num_types2))
+			return False;
+
+		if (r_u->num_types2 != r_u->num_types1) {
+			/* RPC fault */
+			return False;
+		}
+
+		if (UNMARSHALLING(ps))
+			r_u->types = (uint32 *)prs_alloc_mem(ps, sizeof(uint32)*r_u->num_types2);
+
+		if (!r_u->types) {
+			DEBUG(0, ("NULL types in samr_io_r_lookup_names\n"));
+			return False;
+		}
+
+		for (i = 0; i < r_u->num_types2; i++) {
+			slprintf(tmp, sizeof(tmp) - 1, "type[%02d]  ", i);
+			if(!prs_uint32(tmp, ps, depth, &r_u->types[i]))
+				return False;
+		}
+	}
+
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_Q_DELETE_DOM_USER structure.
+********************************************************************/
+
+void init_samr_q_delete_dom_user(SAMR_Q_DELETE_DOM_USER * q_c,
+				 POLICY_HND *hnd)
+{
+	DEBUG(5, ("init_samr_q_delete_dom_user\n"));
+
+	q_c->user_pol = *hnd;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_q_delete_dom_user(char *desc, SAMR_Q_DELETE_DOM_USER * q_u,
+			       prs_struct *ps, int depth)
+{
+	if (q_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_delete_dom_user");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("user_pol", &q_u->user_pol, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_delete_dom_user(char *desc, SAMR_R_DELETE_DOM_USER * r_u,
+			       prs_struct *ps, int depth)
+{
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_delete_dom_user");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("pol", &r_u->pol, ps, depth))
+		return False;
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+void init_samr_q_open_user(SAMR_Q_OPEN_USER * q_u,
+			   POLICY_HND *pol,
+			   uint32 access_mask, uint32 rid)
+{
+	DEBUG(5, ("samr_init_samr_q_open_user\n"));
+
+	q_u->domain_pol = *pol;
+	q_u->access_mask = access_mask;
+	q_u->user_rid = rid;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_q_open_user(char *desc, SAMR_Q_OPEN_USER * q_u,
+			 prs_struct *ps, int depth)
+{
+	if (q_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_open_user");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("domain_pol", &q_u->domain_pol, ps, depth))
+		return False;
+
+	if(!prs_uint32("access_mask", ps, depth, &q_u->access_mask))
+		return False;
+	if(!prs_uint32("user_rid ", ps, depth, &q_u->user_rid))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_open_user(char *desc, SAMR_R_OPEN_USER * r_u,
+			 prs_struct *ps, int depth)
+{
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_open_user");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("user_pol", &r_u->user_pol, ps, depth))
+		return False;
+
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+void init_samr_q_create_user(SAMR_Q_CREATE_USER * q_u,
+			     POLICY_HND *pol,
+			     const char *name,
+			     uint32 acb_info, uint32 access_mask)
+{
+	int len_name;
+	len_name = strlen(name);
+
+	DEBUG(5, ("samr_init_samr_q_create_user\n"));
+
+	q_u->domain_pol = *pol;
+
+	init_uni_hdr(&q_u->hdr_name, len_name);
+	init_unistr2(&q_u->uni_name, name, len_name);
+
+	q_u->acb_info = acb_info;
+	q_u->access_mask = access_mask;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_q_create_user(char *desc, SAMR_Q_CREATE_USER * q_u,
+			   prs_struct *ps, int depth)
+{
+	if (q_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_create_user");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("domain_pol", &q_u->domain_pol, ps, depth))
+		return False;
+
+	if(!smb_io_unihdr("hdr_name", &q_u->hdr_name, ps, depth))
+		return False;
+	if(!smb_io_unistr2("uni_name", &q_u->uni_name, q_u->hdr_name.buffer, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+	if(!prs_uint32("acb_info   ", ps, depth, &q_u->acb_info))
+		return False;
+	if(!prs_uint32("access_mask", ps, depth, &q_u->access_mask))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_create_user(char *desc, SAMR_R_CREATE_USER * r_u,
+			   prs_struct *ps, int depth)
+{
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_create_user");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("user_pol", &r_u->user_pol, ps, depth))
+		return False;
+
+	if(!prs_uint32("unknown_0", ps, depth, &r_u->unknown_0))
+		return False;
+	if(!prs_uint32("user_rid ", ps, depth, &r_u->user_rid))
+		return False;
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_Q_QUERY_USERINFO structure.
+********************************************************************/
+
+void init_samr_q_query_userinfo(SAMR_Q_QUERY_USERINFO * q_u,
+				POLICY_HND *hnd, uint16 switch_value)
+{
+	DEBUG(5, ("init_samr_q_query_userinfo\n"));
+
+	q_u->pol = *hnd;
+	q_u->switch_value = switch_value;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_q_query_userinfo(char *desc, SAMR_Q_QUERY_USERINFO * q_u,
+			      prs_struct *ps, int depth)
+{
+	if (q_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_query_userinfo");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("pol", &q_u->pol, ps, depth))
+		return False;
+
+	if(!prs_uint16("switch_value", ps, depth, &q_u->switch_value)) /* 0x0015 or 0x0011 */
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a LOGON_HRS structure.
+********************************************************************/
+
+static BOOL sam_io_logon_hrs(char *desc, LOGON_HRS * hrs,
+			     prs_struct *ps, int depth)
+{
+	if (hrs == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "sam_io_logon_hrs");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("len  ", ps, depth, &hrs->len))
+		return False;
+
+	if (hrs->len > sizeof(hrs->hours)) {
+		DEBUG(3, ("sam_io_logon_hrs: truncating length from %d\n", hrs->len));
+		hrs->len = sizeof(hrs->hours);
+	}
+
+	if(!prs_uint8s(False, "hours", ps, depth, hrs->hours, hrs->len))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAM_USER_INFO_12 structure.
+********************************************************************/
+
+void init_sam_user_info12(SAM_USER_INFO_12 * usr,
+			  const uint8 lm_pwd[16], const uint8 nt_pwd[16])
+{
+	DEBUG(5, ("init_sam_user_info12\n"));
+
+	usr->lm_pwd_active =
+		memcpy(usr->lm_pwd, lm_pwd, sizeof(usr->lm_pwd)) ? 1 : 0;
+	usr->nt_pwd_active =
+		memcpy(usr->nt_pwd, nt_pwd, sizeof(usr->nt_pwd)) ? 1 : 0;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+static BOOL sam_io_user_info12(char *desc, SAM_USER_INFO_12 * u,
+			prs_struct *ps, int depth)
+{
+	if (u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_user_info12");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint8s(False, "lm_pwd", ps, depth, u->lm_pwd, sizeof(u->lm_pwd)))
+		return False;
+	if(!prs_uint8s(False, "nt_pwd", ps, depth, u->nt_pwd, sizeof(u->nt_pwd)))
+		return False;
+
+	if(!prs_uint8("lm_pwd_active", ps, depth, &u->lm_pwd_active))
+		return False;
+	if(!prs_uint8("nt_pwd_active", ps, depth, &u->nt_pwd_active))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAM_USER_INFO_10 structure.
+********************************************************************/
+
+void init_sam_user_info10(SAM_USER_INFO_10 * usr, uint32 acb_info)
+{
+	DEBUG(5, ("init_sam_user_info10\n"));
+
+	usr->acb_info = acb_info;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+static BOOL sam_io_user_info10(char *desc, SAM_USER_INFO_10 * usr,
+			prs_struct *ps, int depth)
+{
+	if (usr == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_user_info10");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("acb_info", ps, depth, &usr->acb_info))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAM_USER_INFO_11 structure.
+********************************************************************/
+
+void init_sam_user_info11(SAM_USER_INFO_11 * usr,
+			  NTTIME * expiry,
+			  char *mach_acct,
+			  uint32 rid_user, uint32 rid_group, uint16 acct_ctrl)
+{
+	int len_mach_acct;
+
+	DEBUG(5, ("init_sam_user_info11\n"));
+
+	len_mach_acct = strlen(mach_acct);
+
+	memcpy(&(usr->expiry), expiry, sizeof(usr->expiry));	/* expiry time or something? */
+	ZERO_STRUCT(usr->padding_1);	/* 0 - padding 24 bytes */
+
+	init_uni_hdr(&usr->hdr_mach_acct, len_mach_acct);	/* unicode header for machine account */
+	usr->padding_2 = 0;	/* 0 - padding 4 bytes */
+
+	usr->ptr_1 = 1;		/* pointer */
+	ZERO_STRUCT(usr->padding_3);	/* 0 - padding 32 bytes */
+	usr->padding_4 = 0;	/* 0 - padding 4 bytes */
+
+	usr->ptr_2 = 1;		/* pointer */
+	usr->padding_5 = 0;	/* 0 - padding 4 bytes */
+
+	usr->ptr_3 = 1;		/* pointer */
+	ZERO_STRUCT(usr->padding_6);	/* 0 - padding 32 bytes */
+
+	usr->rid_user = rid_user;
+	usr->rid_group = rid_group;
+
+	usr->acct_ctrl = acct_ctrl;
+	usr->unknown_3 = 0x0000;
+
+	usr->unknown_4 = 0x003f;	/* 0x003f      - 16 bit unknown */
+	usr->unknown_5 = 0x003c;	/* 0x003c      - 16 bit unknown */
+
+	ZERO_STRUCT(usr->padding_7);	/* 0 - padding 16 bytes */
+	usr->padding_8 = 0;	/* 0 - padding 4 bytes */
+
+	init_unistr2(&usr->uni_mach_acct, mach_acct, len_mach_acct);	/* unicode string for machine account */
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+static BOOL sam_io_user_info11(char *desc, SAM_USER_INFO_11 * usr,
+			prs_struct *ps, int depth)
+{
+	if (usr == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_unknown_11");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint8s(False, "padding_0", ps, depth, usr->padding_0, sizeof(usr->padding_0)))
+		return False;
+
+	if(!smb_io_time("time", &usr->expiry, ps, depth))
+		return False;
+
+	if(!prs_uint8s(False, "padding_1", ps, depth, usr->padding_1, sizeof(usr->padding_1)))
+		return False;
+
+	if(!smb_io_unihdr("unihdr", &usr->hdr_mach_acct, ps, depth))
+		return False;
+
+	if(!prs_uint32("padding_2", ps, depth, &usr->padding_2))
+		return False;
+
+	if(!prs_uint32("ptr_1    ", ps, depth, &usr->ptr_1))
+		return False;
+	if(!prs_uint8s(False, "padding_3", ps, depth, usr->padding_3, sizeof(usr->padding_3)))
+		return False;
+
+	if(!prs_uint32("padding_4", ps, depth, &usr->padding_4))
+		return False;
+
+	if(!prs_uint32("ptr_2    ", ps, depth, &usr->ptr_2))
+		return False;
+	if(!prs_uint32("padding_5", ps, depth, &usr->padding_5))
+		return False;
+
+	if(!prs_uint32("ptr_3    ", ps, depth, &usr->ptr_3))
+		return False;
+	if(!prs_uint8s(False, "padding_6", ps, depth, usr->padding_6,sizeof(usr->padding_6)))
+		return False;
+
+	if(!prs_uint32("rid_user ", ps, depth, &usr->rid_user))
+		return False;
+	if(!prs_uint32("rid_group", ps, depth, &usr->rid_group))
+		return False;
+	if(!prs_uint16("acct_ctrl", ps, depth, &usr->acct_ctrl))
+		return False;
+	if(!prs_uint16("unknown_3", ps, depth, &usr->unknown_3))
+		return False;
+	if(!prs_uint16("unknown_4", ps, depth, &usr->unknown_4))
+		return False;
+	if(!prs_uint16("unknown_5", ps, depth, &usr->unknown_5))
+		return False;
+
+	if(!prs_uint8s(False, "padding_7", ps, depth, usr->padding_7, sizeof(usr->padding_7)))
+		return False;
+
+	if(!prs_uint32("padding_8", ps, depth, &(usr->padding_8)))
+		return False;
+
+	if(!smb_io_unistr2("unistr2", &usr->uni_mach_acct, True, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint8s(False, "padding_9", ps, depth, usr->padding_9, sizeof(usr->padding_9)))
+		return False;
+
+	return True;
+}
+
+/*************************************************************************
+ init_sam_user_infoa
+
+ unknown_3 = 0x09f8 27fa
+ unknown_5 = 0x0001 0000
+ unknown_6 = 0x0000 04ec 
+
+ *************************************************************************/
+
+void init_sam_user_info24(SAM_USER_INFO_24 * usr, char newpass[516], uint16 pw_len)
+{
+	DEBUG(10, ("init_sam_user_info24:\n"));
+	memcpy(usr->pass, newpass, sizeof(usr->pass));
+	usr->pw_len = pw_len;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+static BOOL sam_io_user_info24(char *desc, SAM_USER_INFO_24 * usr,
+			       prs_struct *ps, int depth)
+{
+	if (usr == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "sam_io_user_info24");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint8s(False, "password", ps, depth, usr->pass, 
+		       sizeof(usr->pass)))
+		return False;
+	
+	if (MARSHALLING(ps) && (usr->pw_len != 0)) {
+		if (!prs_uint16("pw_len", ps, depth, &usr->pw_len))
+			return False;
+	}
+	if(!prs_align(ps))
+		return False;
+
+	return True;
+}
+
+/*************************************************************************
+ init_sam_user_info23
+
+ unknown_3 = 0x09f8 27fa
+ unknown_5 = 0x0001 0000
+ unknown_6 = 0x0000 04ec 
+
+ *************************************************************************/
+
+void init_sam_user_info23W(SAM_USER_INFO_23 * usr, NTTIME * logon_time,	/* all zeros */
+			NTTIME * logoff_time,	/* all zeros */
+			NTTIME * kickoff_time,	/* all zeros */
+			NTTIME * pass_last_set_time,	/* all zeros */
+			NTTIME * pass_can_change_time,	/* all zeros */
+			NTTIME * pass_must_change_time,	/* all zeros */
+			UNISTR2 *user_name,
+			UNISTR2 *full_name,
+			UNISTR2 *home_dir,
+			UNISTR2 *dir_drive,
+			UNISTR2 *log_scr,
+			UNISTR2 *prof_path,
+			UNISTR2 *desc,
+			UNISTR2 *wkstas,
+			UNISTR2 *unk_str,
+			UNISTR2 *mung_dial,
+			uint32 user_rid,	/* 0x0000 0000 */
+			uint32 group_rid,
+			uint32 acb_info,
+			uint32 unknown_3,
+			uint16 logon_divs,
+			LOGON_HRS * hrs,
+			uint32 unknown_5,
+			char newpass[516], uint32 unknown_6)
+{
+	int len_user_name = user_name != NULL ? user_name->uni_str_len : 0;
+	int len_full_name = full_name != NULL ? full_name->uni_str_len : 0;
+	int len_home_dir = home_dir != NULL ? home_dir->uni_str_len : 0;
+	int len_dir_drive = dir_drive != NULL ? dir_drive->uni_str_len : 0;
+	int len_logon_script = log_scr != NULL ? log_scr->uni_str_len : 0;
+	int len_profile_path = prof_path != NULL ? prof_path->uni_str_len : 0;
+	int len_description = desc != NULL ? desc->uni_str_len : 0;
+	int len_workstations = wkstas != NULL ? wkstas->uni_str_len : 0;
+	int len_unknown_str = unk_str != NULL ? unk_str->uni_str_len : 0;
+	int len_munged_dial = mung_dial != NULL ? mung_dial->uni_str_len : 0;
+
+	usr->logon_time = *logon_time;	/* all zeros */
+	usr->logoff_time = *logoff_time;	/* all zeros */
+	usr->kickoff_time = *kickoff_time;	/* all zeros */
+	usr->pass_last_set_time = *pass_last_set_time;	/* all zeros */
+	usr->pass_can_change_time = *pass_can_change_time;	/* all zeros */
+	usr->pass_must_change_time = *pass_must_change_time;	/* all zeros */
+
+	init_uni_hdr(&usr->hdr_user_name, len_user_name);	/* NULL */
+	init_uni_hdr(&usr->hdr_full_name, len_full_name);
+	init_uni_hdr(&usr->hdr_home_dir, len_home_dir);
+	init_uni_hdr(&usr->hdr_dir_drive, len_dir_drive);
+	init_uni_hdr(&usr->hdr_logon_script, len_logon_script);
+	init_uni_hdr(&usr->hdr_profile_path, len_profile_path);
+	init_uni_hdr(&usr->hdr_acct_desc, len_description);
+	init_uni_hdr(&usr->hdr_workstations, len_workstations);
+	init_uni_hdr(&usr->hdr_unknown_str, len_unknown_str);
+	init_uni_hdr(&usr->hdr_munged_dial, len_munged_dial);
+
+	ZERO_STRUCT(usr->nt_pwd);
+	ZERO_STRUCT(usr->lm_pwd);
+
+	usr->user_rid = user_rid;	/* 0x0000 0000 */
+	usr->group_rid = group_rid;
+	usr->acb_info = acb_info;
+	usr->unknown_3 = unknown_3;	/* 09f8 27fa */
+
+	usr->logon_divs = logon_divs;	/* should be 168 (hours/week) */
+	usr->ptr_logon_hrs = hrs ? 1 : 0;
+
+	ZERO_STRUCT(usr->padding1);
+
+	usr->unknown_5 = unknown_5;	/* 0x0001 0000 */
+
+	memcpy(usr->pass, newpass, sizeof(usr->pass));
+
+	copy_unistr2(&usr->uni_user_name, user_name);
+	copy_unistr2(&usr->uni_full_name, full_name);
+	copy_unistr2(&usr->uni_home_dir, home_dir);
+	copy_unistr2(&usr->uni_dir_drive, dir_drive);
+	copy_unistr2(&usr->uni_logon_script, log_scr);
+	copy_unistr2(&usr->uni_profile_path, prof_path);
+	copy_unistr2(&usr->uni_acct_desc, desc);
+	copy_unistr2(&usr->uni_workstations, wkstas);
+	copy_unistr2(&usr->uni_unknown_str, unk_str);
+	copy_unistr2(&usr->uni_munged_dial, mung_dial);
+
+	usr->unknown_6 = unknown_6;	/* 0x0000 04ec */
+	usr->padding4 = 0;
+
+	memcpy(&usr->logon_hrs, hrs, sizeof(usr->logon_hrs));
+}
+
+/*************************************************************************
+ init_sam_user_info23
+
+ unknown_3 = 0x09f8 27fa
+ unknown_5 = 0x0001 0000
+ unknown_6 = 0x0000 04ec 
+
+ *************************************************************************/
+
+void init_sam_user_info23A(SAM_USER_INFO_23 * usr, NTTIME * logon_time,	/* all zeros */
+			   NTTIME * logoff_time,	/* all zeros */
+			   NTTIME * kickoff_time,	/* all zeros */
+			   NTTIME * pass_last_set_time,	/* all zeros */
+			   NTTIME * pass_can_change_time,	/* all zeros */
+			   NTTIME * pass_must_change_time,	/* all zeros */
+			   char *user_name,	/* NULL */
+			   char *full_name,
+			   char *home_dir, char *dir_drive, char *log_scr,
+			   char *prof_path, char *desc, char *wkstas,
+			   char *unk_str, char *mung_dial, uint32 user_rid,	/* 0x0000 0000 */
+			   uint32 group_rid, uint32 acb_info,
+			   uint32 unknown_3, uint16 logon_divs,
+			   LOGON_HRS * hrs, uint32 unknown_5,
+			   char newpass[516], uint32 unknown_6)
+{
+	int len_user_name = user_name != NULL ? strlen(user_name) : 0;
+	int len_full_name = full_name != NULL ? strlen(full_name) : 0;
+	int len_home_dir = home_dir != NULL ? strlen(home_dir) : 0;
+	int len_dir_drive = dir_drive != NULL ? strlen(dir_drive) : 0;
+	int len_logon_script = log_scr != NULL ? strlen(log_scr) : 0;
+	int len_profile_path = prof_path != NULL ? strlen(prof_path) : 0;
+	int len_description = desc != NULL ? strlen(desc) : 0;
+	int len_workstations = wkstas != NULL ? strlen(wkstas) : 0;
+	int len_unknown_str = unk_str != NULL ? strlen(unk_str) : 0;
+	int len_munged_dial = mung_dial != NULL ? strlen(mung_dial) : 0;
+
+	usr->logon_time = *logon_time;	/* all zeros */
+	usr->logoff_time = *logoff_time;	/* all zeros */
+	usr->kickoff_time = *kickoff_time;	/* all zeros */
+	usr->pass_last_set_time = *pass_last_set_time;	/* all zeros */
+	usr->pass_can_change_time = *pass_can_change_time;	/* all zeros */
+	usr->pass_must_change_time = *pass_must_change_time;	/* all zeros */
+
+	init_uni_hdr(&usr->hdr_user_name, len_user_name);	/* NULL */
+	init_uni_hdr(&usr->hdr_full_name, len_full_name);
+	init_uni_hdr(&usr->hdr_home_dir, len_home_dir);
+	init_uni_hdr(&usr->hdr_dir_drive, len_dir_drive);
+	init_uni_hdr(&usr->hdr_logon_script, len_logon_script);
+	init_uni_hdr(&usr->hdr_profile_path, len_profile_path);
+	init_uni_hdr(&usr->hdr_acct_desc, len_description);
+	init_uni_hdr(&usr->hdr_workstations, len_workstations);
+	init_uni_hdr(&usr->hdr_unknown_str, len_unknown_str);
+	init_uni_hdr(&usr->hdr_munged_dial, len_munged_dial);
+
+	ZERO_STRUCT(usr->nt_pwd);
+	ZERO_STRUCT(usr->lm_pwd);
+
+	usr->user_rid = user_rid;	/* 0x0000 0000 */
+	usr->group_rid = group_rid;
+	usr->acb_info = acb_info;
+	usr->unknown_3 = unknown_3;	/* 09f8 27fa */
+
+	usr->logon_divs = logon_divs;	/* should be 168 (hours/week) */
+	usr->ptr_logon_hrs = hrs ? 1 : 0;
+
+	ZERO_STRUCT(usr->padding1);
+
+	usr->unknown_5 = unknown_5;	/* 0x0001 0000 */
+
+	memcpy(usr->pass, newpass, sizeof(usr->pass));
+
+	init_unistr2(&usr->uni_user_name, user_name, len_user_name);	/* NULL */
+	init_unistr2(&usr->uni_full_name, full_name, len_full_name);
+	init_unistr2(&usr->uni_home_dir, home_dir, len_home_dir);
+	init_unistr2(&usr->uni_dir_drive, dir_drive, len_dir_drive);
+	init_unistr2(&usr->uni_logon_script, log_scr, len_logon_script);
+	init_unistr2(&usr->uni_profile_path, prof_path, len_profile_path);
+	init_unistr2(&usr->uni_acct_desc, desc, len_description);
+	init_unistr2(&usr->uni_workstations, wkstas, len_workstations);
+	init_unistr2(&usr->uni_unknown_str, unk_str, len_unknown_str);
+	init_unistr2(&usr->uni_munged_dial, mung_dial, len_munged_dial);
+
+	usr->unknown_6 = unknown_6;	/* 0x0000 04ec */
+	usr->padding4 = 0;
+
+	memcpy(&usr->logon_hrs, hrs, sizeof(usr->logon_hrs));
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+static BOOL sam_io_user_info23(char *desc, SAM_USER_INFO_23 * usr,
+			       prs_struct *ps, int depth)
+{
+	if (usr == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "sam_io_user_info23");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_time("logon_time           ", &usr->logon_time, ps, depth))
+		return False;
+	if(!smb_io_time("logoff_time          ", &usr->logoff_time, ps, depth))
+		return False;
+	if(!smb_io_time("kickoff_time         ", &usr->kickoff_time, ps, depth))
+		return False;
+	if(!smb_io_time("pass_last_set_time   ", &usr->pass_last_set_time, ps, depth))
+		return False;
+	if(!smb_io_time("pass_can_change_time ", &usr->pass_can_change_time, ps, depth))
+		return False;
+	if(!smb_io_time("pass_must_change_time", &usr->pass_must_change_time, ps, depth))
+		return False;
+
+	if(!smb_io_unihdr("hdr_user_name   ", &usr->hdr_user_name, ps, depth))	/* username unicode string header */
+		return False;
+	if(!smb_io_unihdr("hdr_full_name   ", &usr->hdr_full_name, ps, depth))	/* user's full name unicode string header */
+		return False;
+	if(!smb_io_unihdr("hdr_home_dir    ", &usr->hdr_home_dir, ps, depth))	/* home directory unicode string header */
+		return False;
+	if(!smb_io_unihdr("hdr_dir_drive   ", &usr->hdr_dir_drive, ps, depth))	/* home directory drive */
+		return False;
+	if(!smb_io_unihdr("hdr_logon_script", &usr->hdr_logon_script, ps, depth))	/* logon script unicode string header */
+		return False;
+	if(!smb_io_unihdr("hdr_profile_path", &usr->hdr_profile_path, ps, depth))	/* profile path unicode string header */
+		return False;
+	if(!smb_io_unihdr("hdr_acct_desc   ", &usr->hdr_acct_desc, ps, depth))	/* account desc */
+		return False;
+	if(!smb_io_unihdr("hdr_workstations", &usr->hdr_workstations, ps, depth))	/* wkstas user can log on from */
+		return False;
+	if(!smb_io_unihdr("hdr_unknown_str ", &usr->hdr_unknown_str, ps, depth))	/* unknown string */
+		return False;
+	if(!smb_io_unihdr("hdr_munged_dial ", &usr->hdr_munged_dial, ps, depth))	/* wkstas user can log on from */
+		return False;
+
+	if(!prs_uint8s(False, "lm_pwd        ", ps, depth, usr->lm_pwd, sizeof(usr->lm_pwd)))
+		return False;
+	if(!prs_uint8s(False, "nt_pwd        ", ps, depth, usr->nt_pwd, sizeof(usr->nt_pwd)))
+		return False;
+
+	if(!prs_uint32("user_rid      ", ps, depth, &usr->user_rid))	/* User ID */
+		return False;
+	if(!prs_uint32("group_rid     ", ps, depth, &usr->group_rid))	/* Group ID */
+		return False;
+	if(!prs_uint32("acb_info      ", ps, depth, &usr->acb_info))
+		return False;
+
+	if(!prs_uint32("unknown_3     ", ps, depth, &usr->unknown_3))
+		return False;
+	if(!prs_uint16("logon_divs    ", ps, depth, &usr->logon_divs))	/* logon divisions per week */
+		return False;
+	if(!prs_align(ps))
+		return False;
+	if(!prs_uint32("ptr_logon_hrs ", ps, depth, &usr->ptr_logon_hrs))
+		return False;
+	if(!prs_uint8s(False, "padding1      ", ps, depth, usr->padding1, sizeof(usr->padding1)))
+		return False;
+	if(!prs_uint32("unknown_5     ", ps, depth, &usr->unknown_5))
+		return False;
+
+	if(!prs_uint8s(False, "password      ", ps, depth, usr->pass, sizeof(usr->pass)))
+		return False;
+
+	/* here begins pointed-to data */
+
+	if(!smb_io_unistr2("uni_user_name   ", &usr->uni_user_name, usr->hdr_user_name.buffer, ps, depth))	/* username unicode string */
+		return False;
+
+	if(!smb_io_unistr2("uni_full_name   ", &usr->uni_full_name, usr->hdr_full_name.buffer, ps, depth))	/* user's full name unicode string */
+		return False;
+
+	if(!smb_io_unistr2("uni_home_dir    ", &usr->uni_home_dir, usr->hdr_home_dir.buffer, ps, depth))	/* home directory unicode string */
+		return False;
+
+	if(!smb_io_unistr2("uni_dir_drive   ", &usr->uni_dir_drive, usr->hdr_dir_drive.buffer, ps, depth))	/* home directory drive unicode string */
+		return False;
+
+	if(!smb_io_unistr2("uni_logon_script", &usr->uni_logon_script, usr->hdr_logon_script.buffer, ps, depth))	/* logon script unicode string */
+		return False;
+
+	if(!smb_io_unistr2("uni_profile_path", &usr->uni_profile_path, usr->hdr_profile_path.buffer, ps, depth))	/* profile path unicode string */
+		return False;
+
+	if(!smb_io_unistr2("uni_acct_desc   ", &usr->uni_acct_desc, usr->hdr_acct_desc.buffer, ps, depth))	/* user desc unicode string */
+		return False;
+
+	if(!smb_io_unistr2("uni_workstations", &usr->uni_workstations, usr->hdr_workstations.buffer, ps, depth))	/* worksations user can log on from */
+		return False;
+
+	if(!smb_io_unistr2("uni_unknown_str ", &usr->uni_unknown_str, usr->hdr_unknown_str.buffer, ps, depth))	/* unknown string */
+		return False;
+
+	if(!smb_io_unistr2("uni_munged_dial ", &usr->uni_munged_dial, usr->hdr_munged_dial.buffer, ps, depth))
+		return False;
+
+	/* ok, this is only guess-work (as usual) */
+	if (usr->ptr_logon_hrs) {
+		if(!prs_uint32("unknown_6     ", ps, depth, &usr->unknown_6))
+			return False;
+		if(!prs_uint32("padding4      ", ps, depth, &usr->padding4))
+			return False;
+		if(!sam_io_logon_hrs("logon_hrs", &usr->logon_hrs, ps, depth))
+			return False;
+	} else if (UNMARSHALLING(ps)) {
+		usr->unknown_6 = 0;
+		usr->padding4 = 0;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ reads or writes a structure.
+ NB. This structure is *definately* incorrect. It's my best guess
+ currently for W2K SP2. The password field is encrypted in a different
+ way than normal... And there are definately other problems. JRA.
+********************************************************************/
+
+static BOOL sam_io_user_info25(char *desc, SAM_USER_INFO_25 * usr, prs_struct *ps, int depth)
+{
+	if (usr == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "sam_io_user_info25");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_time("logon_time           ", &usr->logon_time, ps, depth))
+		return False;
+	if(!smb_io_time("logoff_time          ", &usr->logoff_time, ps, depth))
+		return False;
+	if(!smb_io_time("kickoff_time         ", &usr->kickoff_time, ps, depth))
+		return False;
+	if(!smb_io_time("pass_last_set_time   ", &usr->pass_last_set_time, ps, depth))
+		return False;
+	if(!smb_io_time("pass_can_change_time ", &usr->pass_can_change_time, ps, depth))
+		return False;
+	if(!smb_io_time("pass_must_change_time", &usr->pass_must_change_time, ps, depth))
+		return False;
+
+	if(!smb_io_unihdr("hdr_user_name   ", &usr->hdr_user_name, ps, depth))	/* username unicode string header */
+		return False;
+	if(!smb_io_unihdr("hdr_full_name   ", &usr->hdr_full_name, ps, depth))	/* user's full name unicode string header */
+		return False;
+	if(!smb_io_unihdr("hdr_home_dir    ", &usr->hdr_home_dir, ps, depth))	/* home directory unicode string header */
+		return False;
+	if(!smb_io_unihdr("hdr_dir_drive   ", &usr->hdr_dir_drive, ps, depth))	/* home directory drive */
+		return False;
+	if(!smb_io_unihdr("hdr_logon_script", &usr->hdr_logon_script, ps, depth))	/* logon script unicode string header */
+		return False;
+	if(!smb_io_unihdr("hdr_profile_path", &usr->hdr_profile_path, ps, depth))	/* profile path unicode string header */
+		return False;
+	if(!smb_io_unihdr("hdr_acct_desc   ", &usr->hdr_acct_desc, ps, depth))	/* account desc */
+		return False;
+	if(!smb_io_unihdr("hdr_workstations", &usr->hdr_workstations, ps, depth))	/* wkstas user can log on from */
+		return False;
+	if(!smb_io_unihdr("hdr_unknown_str ", &usr->hdr_unknown_str, ps, depth))	/* unknown string */
+		return False;
+	if(!smb_io_unihdr("hdr_munged_dial ", &usr->hdr_munged_dial, ps, depth))	/* wkstas user can log on from */
+		return False;
+
+	if(!prs_uint8s(False, "lm_pwd        ", ps, depth, usr->lm_pwd, sizeof(usr->lm_pwd)))
+		return False;
+	if(!prs_uint8s(False, "nt_pwd        ", ps, depth, usr->nt_pwd, sizeof(usr->nt_pwd)))
+		return False;
+
+	if(!prs_uint32("user_rid      ", ps, depth, &usr->user_rid))	/* User ID */
+		return False;
+	if(!prs_uint32("group_rid     ", ps, depth, &usr->group_rid))	/* Group ID */
+		return False;
+	if(!prs_uint32("acb_info      ", ps, depth, &usr->acb_info))
+		return False;
+
+	if(!prs_uint32s(False, "unknown_6      ", ps, depth, usr->unknown_6, 6))
+		return False;
+
+	if(!prs_uint8s(False, "password      ", ps, depth, usr->pass, sizeof(usr->pass)))
+		return False;
+
+	/* here begins pointed-to data */
+
+	if(!smb_io_unistr2("uni_user_name   ", &usr->uni_user_name, usr->hdr_user_name.buffer, ps, depth))	/* username unicode string */
+		return False;
+
+	if(!smb_io_unistr2("uni_full_name   ", &usr->uni_full_name, usr->hdr_full_name.buffer, ps, depth))	/* user's full name unicode string */
+		return False;
+
+	if(!smb_io_unistr2("uni_home_dir    ", &usr->uni_home_dir, usr->hdr_home_dir.buffer, ps, depth))	/* home directory unicode string */
+		return False;
+
+	if(!smb_io_unistr2("uni_dir_drive   ", &usr->uni_dir_drive, usr->hdr_dir_drive.buffer, ps, depth))	/* home directory drive unicode string */
+		return False;
+
+	if(!smb_io_unistr2("uni_logon_script", &usr->uni_logon_script, usr->hdr_logon_script.buffer, ps, depth))	/* logon script unicode string */
+		return False;
+
+	if(!smb_io_unistr2("uni_profile_path", &usr->uni_profile_path, usr->hdr_profile_path.buffer, ps, depth))	/* profile path unicode string */
+		return False;
+
+	if(!smb_io_unistr2("uni_acct_desc   ", &usr->uni_acct_desc, usr->hdr_acct_desc.buffer, ps, depth))	/* user desc unicode string */
+		return False;
+
+	if(!smb_io_unistr2("uni_workstations", &usr->uni_workstations, usr->hdr_workstations.buffer, ps, depth))	/* worksations user can log on from */
+		return False;
+
+	if(!smb_io_unistr2("uni_unknown_str ", &usr->uni_unknown_str, usr->hdr_unknown_str.buffer, ps, depth))	/* unknown string */
+		return False;
+
+	if(!smb_io_unistr2("uni_munged_dial ", &usr->uni_munged_dial, usr->hdr_munged_dial.buffer, ps, depth))
+		return False;
+
+#if 0 /* JRA - unknown... */
+	/* ok, this is only guess-work (as usual) */
+	if (usr->ptr_logon_hrs) {
+		if(!prs_uint32("unknown_6     ", ps, depth, &usr->unknown_6))
+			return False;
+		if(!prs_uint32("padding4      ", ps, depth, &usr->padding4))
+			return False;
+		if(!sam_io_logon_hrs("logon_hrs", &usr->logon_hrs, ps, depth))
+			return False;
+	} else if (UNMARSHALLING(ps)) {
+		usr->unknown_6 = 0;
+		usr->padding4 = 0;
+	}
+#endif
+
+	return True;
+}
+
+
+/*************************************************************************
+ init_sam_user_info21W
+
+ unknown_3 = 0x00ff ffff
+ unknown_5 = 0x0002 0000
+ unknown_6 = 0x0000 04ec 
+
+ *************************************************************************/
+
+void init_sam_user_info21W(SAM_USER_INFO_21 * usr,
+			   NTTIME * logon_time,
+			   NTTIME * logoff_time,
+			   NTTIME * kickoff_time,
+			   NTTIME * pass_last_set_time,
+			   NTTIME * pass_can_change_time,
+			   NTTIME * pass_must_change_time,
+			   UNISTR2 *user_name,
+			   UNISTR2 *full_name,
+			   UNISTR2 *home_dir,
+			   UNISTR2 *dir_drive,
+			   UNISTR2 *log_scr,
+			   UNISTR2 *prof_path,
+			   UNISTR2 *desc,
+			   UNISTR2 *wkstas,
+			   UNISTR2 *unk_str,
+			   UNISTR2 *mung_dial,
+			   uchar lm_pwd[16],
+			   uchar nt_pwd[16],
+			   uint32 user_rid,
+			   uint32 group_rid,
+			   uint32 acb_info,
+			   uint32 unknown_3,
+			   uint16 logon_divs,
+			   LOGON_HRS * hrs,
+			   uint32 unknown_5, uint32 unknown_6)
+{
+	int len_user_name = user_name != NULL ? user_name->uni_str_len : 0;
+	int len_full_name = full_name != NULL ? full_name->uni_str_len : 0;
+	int len_home_dir = home_dir != NULL ? home_dir->uni_str_len : 0;
+	int len_dir_drive = dir_drive != NULL ? dir_drive->uni_str_len : 0;
+	int len_logon_script = log_scr != NULL ? log_scr->uni_str_len : 0;
+	int len_profile_path = prof_path != NULL ? prof_path->uni_str_len : 0;
+	int len_description = desc != NULL ? desc->uni_str_len : 0;
+	int len_workstations = wkstas != NULL ? wkstas->uni_str_len : 0;
+	int len_unknown_str = unk_str != NULL ? unk_str->uni_str_len : 0;
+	int len_munged_dial = mung_dial != NULL ? mung_dial->uni_str_len : 0;
+
+	usr->logon_time = *logon_time;
+	usr->logoff_time = *logoff_time;
+	usr->kickoff_time = *kickoff_time;
+	usr->pass_last_set_time = *pass_last_set_time;
+	usr->pass_can_change_time = *pass_can_change_time;
+	usr->pass_must_change_time = *pass_must_change_time;
+
+	init_uni_hdr(&usr->hdr_user_name, len_user_name);
+	init_uni_hdr(&usr->hdr_full_name, len_full_name);
+	init_uni_hdr(&usr->hdr_home_dir, len_home_dir);
+	init_uni_hdr(&usr->hdr_dir_drive, len_dir_drive);
+	init_uni_hdr(&usr->hdr_logon_script, len_logon_script);
+	init_uni_hdr(&usr->hdr_profile_path, len_profile_path);
+	init_uni_hdr(&usr->hdr_acct_desc, len_description);
+	init_uni_hdr(&usr->hdr_workstations, len_workstations);
+	init_uni_hdr(&usr->hdr_unknown_str, len_unknown_str);
+	init_uni_hdr(&usr->hdr_munged_dial, len_munged_dial);
+
+	memcpy(usr->lm_pwd, lm_pwd, sizeof(usr->lm_pwd));
+	memcpy(usr->nt_pwd, nt_pwd, sizeof(usr->nt_pwd));
+
+	usr->user_rid = user_rid;
+	usr->group_rid = group_rid;
+	usr->acb_info = acb_info;
+	usr->unknown_3 = unknown_3;	/* 0x00ff ffff */
+
+	usr->logon_divs = logon_divs;	/* should be 168 (hours/week) */
+	usr->ptr_logon_hrs = hrs ? 1 : 0;
+	usr->unknown_5 = unknown_5;	/* 0x0002 0000 */
+
+	ZERO_STRUCT(usr->padding1);
+
+	copy_unistr2(&usr->uni_user_name, user_name);
+	copy_unistr2(&usr->uni_full_name, full_name);
+	copy_unistr2(&usr->uni_home_dir, home_dir);
+	copy_unistr2(&usr->uni_dir_drive, dir_drive);
+	copy_unistr2(&usr->uni_logon_script, log_scr);
+	copy_unistr2(&usr->uni_profile_path, prof_path);
+	copy_unistr2(&usr->uni_acct_desc, desc);
+	copy_unistr2(&usr->uni_workstations, wkstas);
+	copy_unistr2(&usr->uni_unknown_str, unk_str);
+	copy_unistr2(&usr->uni_munged_dial, mung_dial);
+
+	usr->unknown_6 = unknown_6;	/* 0x0000 04ec */
+	usr->padding4 = 0;
+
+	memcpy(&usr->logon_hrs, hrs, sizeof(usr->logon_hrs));
+}
+
+/*************************************************************************
+ init_sam_user_info21
+
+ unknown_3 = 0x00ff ffff
+ unknown_5 = 0x0002 0000
+ unknown_6 = 0x0000 04ec 
+
+ *************************************************************************/
+
+void init_sam_user_info21A(SAM_USER_INFO_21 *usr, SAM_ACCOUNT *pw)
+{
+	NTTIME 		logon_time, logoff_time, kickoff_time,
+			pass_last_set_time, pass_can_change_time,
+			pass_must_change_time;
+
+	int 		len_user_name, len_full_name, len_home_dir,
+			len_dir_drive, len_logon_script, len_profile_path,
+			len_description, len_workstations, len_unknown_str,
+			len_munged_dial;
+			
+	const char*		user_name = pdb_get_username(pw);
+	const char*		full_name = pdb_get_fullname(pw);
+	const char*		home_dir  = pdb_get_homedir(pw);
+	const char*		dir_drive = pdb_get_dirdrive(pw);
+	const char*		logon_script = pdb_get_logon_script(pw);
+	const char*		profile_path = pdb_get_profile_path(pw);
+	const char*		description = pdb_get_acct_desc(pw);
+	const char*		workstations = pdb_get_workstations(pw);
+	const char*		munged_dial = pdb_get_munged_dial(pw);
+
+	len_user_name    = user_name    != NULL ? strlen(user_name   )+1 : 0;
+	len_full_name    = full_name    != NULL ? strlen(full_name   )+1 : 0;
+	len_home_dir     = home_dir     != NULL ? strlen(home_dir    )+1 : 0;
+	len_dir_drive    = dir_drive    != NULL ? strlen(dir_drive   )+1 : 0;
+	len_logon_script = logon_script != NULL ? strlen(logon_script)+1 : 0;
+	len_profile_path = profile_path != NULL ? strlen(profile_path)+1 : 0;
+	len_description  = description  != NULL ? strlen(description )+1 : 0;
+	len_workstations = workstations != NULL ? strlen(workstations)+1 : 0;
+	len_unknown_str  = 0;
+	len_munged_dial  = munged_dial  != NULL ? strlen(munged_dial )+1 : 0;
+
+
+	/* Create NTTIME structs */
+	unix_to_nt_time (&logon_time, 		pdb_get_logon_time(pw));
+	unix_to_nt_time (&logoff_time, 		pdb_get_logoff_time(pw));
+	unix_to_nt_time (&kickoff_time, 	pdb_get_kickoff_time(pw));
+	unix_to_nt_time (&pass_last_set_time, 	pdb_get_pass_last_set_time(pw));
+	unix_to_nt_time (&pass_can_change_time,	pdb_get_pass_can_change_time(pw));
+	unix_to_nt_time (&pass_must_change_time,pdb_get_pass_must_change_time(pw));
+	
+	/* structure assignment */
+	usr->logon_time            = logon_time;
+	usr->logoff_time           = logoff_time;
+	usr->kickoff_time          = kickoff_time;
+	usr->pass_last_set_time    = pass_last_set_time;
+	usr->pass_can_change_time  = pass_can_change_time;
+	usr->pass_must_change_time = pass_must_change_time;
+
+	init_uni_hdr(&usr->hdr_user_name, len_user_name);
+	init_uni_hdr(&usr->hdr_full_name, len_full_name);
+	init_uni_hdr(&usr->hdr_home_dir, len_home_dir);
+	init_uni_hdr(&usr->hdr_dir_drive, len_dir_drive);
+	init_uni_hdr(&usr->hdr_logon_script, len_logon_script);
+	init_uni_hdr(&usr->hdr_profile_path, len_profile_path);
+	init_uni_hdr(&usr->hdr_acct_desc, len_description);
+	init_uni_hdr(&usr->hdr_workstations, len_workstations);
+	init_uni_hdr(&usr->hdr_unknown_str, len_unknown_str);
+	init_uni_hdr(&usr->hdr_munged_dial, len_munged_dial);
+
+	ZERO_STRUCT(usr->nt_pwd);
+	ZERO_STRUCT(usr->lm_pwd);
+
+	usr->user_rid  = pdb_get_user_rid(pw);
+	usr->group_rid = pdb_get_group_rid(pw);
+	usr->acb_info  = pdb_get_acct_ctrl(pw);
+	usr->unknown_3 = pdb_get_unknown3(pw);
+
+	usr->logon_divs = pdb_get_logon_divs(pw); 
+	usr->ptr_logon_hrs = pdb_get_hours(pw) ? 1 : 0;
+	usr->unknown_5 = pdb_get_unknown5(pw); /* 0x0002 0000 */
+
+	ZERO_STRUCT(usr->padding1);
+
+	init_unistr2(&usr->uni_user_name, user_name, len_user_name);
+	init_unistr2(&usr->uni_full_name, full_name, len_full_name);
+	init_unistr2(&usr->uni_home_dir, home_dir, len_home_dir);
+	init_unistr2(&usr->uni_dir_drive, dir_drive, len_dir_drive);
+	init_unistr2(&usr->uni_logon_script, logon_script, len_logon_script);
+	init_unistr2(&usr->uni_profile_path, profile_path, len_profile_path);
+	init_unistr2(&usr->uni_acct_desc, description, len_description);
+	init_unistr2(&usr->uni_workstations, workstations, len_workstations);
+	init_unistr2(&usr->uni_unknown_str, NULL, len_unknown_str);
+	init_unistr2(&usr->uni_munged_dial, munged_dial, len_munged_dial);
+
+	usr->unknown_6 = pdb_get_unknown6(pw);
+	usr->padding4 = 0;
+
+	if (pdb_get_hours(pw)) {
+		usr->logon_hrs.len = pdb_get_hours_len(pw);
+		memcpy(&usr->logon_hrs.hours, pdb_get_hours(pw), MAX_HOURS_LEN);
+	} else
+		memset(&usr->logon_hrs, 0xff, sizeof(usr->logon_hrs));
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+static BOOL sam_io_user_info21(char *desc, SAM_USER_INFO_21 * usr,
+			prs_struct *ps, int depth)
+{
+	if (usr == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "sam_io_user_info21");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_time("logon_time           ", &usr->logon_time, ps, depth))
+		return False;
+	if(!smb_io_time("logoff_time          ", &usr->logoff_time, ps, depth))
+		return False;
+	if(!smb_io_time("pass_last_set_time   ", &usr->pass_last_set_time, ps,depth))
+		return False;
+	if(!smb_io_time("kickoff_time         ", &usr->kickoff_time, ps, depth))
+		return False;
+	if(!smb_io_time("pass_can_change_time ", &usr->pass_can_change_time, ps,depth))
+		return False;
+	if(!smb_io_time("pass_must_change_time", &usr->pass_must_change_time,  ps, depth))
+		return False;
+
+	if(!smb_io_unihdr("hdr_user_name   ", &usr->hdr_user_name, ps, depth))	/* username unicode string header */
+		return False;
+	if(!smb_io_unihdr("hdr_full_name   ", &usr->hdr_full_name, ps, depth))	/* user's full name unicode string header */
+		return False;
+	if(!smb_io_unihdr("hdr_home_dir    ", &usr->hdr_home_dir, ps, depth))	/* home directory unicode string header */
+		return False;
+	if(!smb_io_unihdr("hdr_dir_drive   ", &usr->hdr_dir_drive, ps, depth))	/* home directory drive */
+		return False;
+	if(!smb_io_unihdr("hdr_logon_script", &usr->hdr_logon_script, ps, depth))	/* logon script unicode string header */
+		return False;
+	if(!smb_io_unihdr("hdr_profile_path", &usr->hdr_profile_path, ps, depth))	/* profile path unicode string header */
+		return False;
+	if(!smb_io_unihdr("hdr_acct_desc   ", &usr->hdr_acct_desc, ps, depth))	/* account desc */
+		return False;
+	if(!smb_io_unihdr("hdr_workstations", &usr->hdr_workstations, ps, depth))	/* wkstas user can log on from */
+		return False;
+	if(!smb_io_unihdr("hdr_unknown_str ", &usr->hdr_unknown_str, ps, depth))	/* unknown string */
+		return False;
+	if(!smb_io_unihdr("hdr_munged_dial ", &usr->hdr_munged_dial, ps, depth))	/* wkstas user can log on from */
+		return False;
+
+	if(!prs_uint8s(False, "lm_pwd        ", ps, depth, usr->lm_pwd, sizeof(usr->lm_pwd)))
+		return False;
+	if(!prs_uint8s(False, "nt_pwd        ", ps, depth, usr->nt_pwd, sizeof(usr->nt_pwd)))
+		return False;
+
+	if(!prs_uint32("user_rid      ", ps, depth, &usr->user_rid))	/* User ID */
+		return False;
+	if(!prs_uint32("group_rid     ", ps, depth, &usr->group_rid))	/* Group ID */
+		return False;
+	if(!prs_uint32("acb_info      ", ps, depth, &usr->acb_info))
+		return False;
+
+	if(!prs_uint32("unknown_3     ", ps, depth, &usr->unknown_3))
+		return False;
+	if(!prs_uint16("logon_divs    ", ps, depth, &usr->logon_divs))	/* logon divisions per week */
+		return False;
+	if(!prs_align(ps))
+		return False;
+	if(!prs_uint32("ptr_logon_hrs ", ps, depth, &usr->ptr_logon_hrs))
+		return False;
+	if(!prs_uint32("unknown_5     ", ps, depth, &usr->unknown_5))
+		return False;
+
+	if(!prs_uint8s(False, "padding1      ", ps, depth, usr->padding1, sizeof(usr->padding1)))
+		return False;
+
+	/* here begins pointed-to data */
+
+	if(!smb_io_unistr2("uni_user_name   ", &usr->uni_user_name,usr->hdr_user_name.buffer, ps, depth))	/* username unicode string */
+		return False;
+	if(!smb_io_unistr2("uni_full_name   ", &usr->uni_full_name, usr->hdr_full_name.buffer, ps, depth))	/* user's full name unicode string */
+		return False;
+	if(!smb_io_unistr2("uni_home_dir    ", &usr->uni_home_dir, usr->hdr_home_dir.buffer, ps, depth))	/* home directory unicode string */
+		return False;
+	if(!smb_io_unistr2("uni_dir_drive   ", &usr->uni_dir_drive, usr->hdr_dir_drive.buffer, ps, depth))	/* home directory drive unicode string */
+		return False;
+	if(!smb_io_unistr2("uni_logon_script", &usr->uni_logon_script, usr->hdr_logon_script.buffer, ps, depth))	/* logon script unicode string */
+		return False;
+	if(!smb_io_unistr2("uni_profile_path", &usr->uni_profile_path, usr->hdr_profile_path.buffer, ps, depth))	/* profile path unicode string */
+		return False;
+	if(!smb_io_unistr2("uni_acct_desc   ", &usr->uni_acct_desc, usr->hdr_acct_desc.buffer, ps, depth))	/* user desc unicode string */
+		return False;
+	if(!smb_io_unistr2("uni_workstations", &usr->uni_workstations, usr->hdr_workstations.buffer, ps, depth))	/* worksations user can log on from */
+		return False;
+	if(!smb_io_unistr2("uni_unknown_str ", &usr->uni_unknown_str, usr->hdr_unknown_str.buffer, ps, depth))	/* unknown string */
+		return False;
+	if(!smb_io_unistr2("uni_munged_dial ", &usr->uni_munged_dial,usr->hdr_munged_dial.buffer, ps, depth))	/* worksations user can log on from */
+		return False;
+
+	/* ok, this is only guess-work (as usual) */
+	if (usr->ptr_logon_hrs) {
+		if(!prs_align(ps))
+			return False;
+		if(!prs_uint32("unknown_6     ", ps, depth, &usr->unknown_6))
+			return False;
+		if(!prs_uint32("padding4      ", ps, depth, &usr->padding4))
+			return False;
+		if(!sam_io_logon_hrs("logon_hrs", &usr->logon_hrs, ps, depth))
+			return False;
+	} else if (UNMARSHALLING(ps)) {
+		usr->unknown_6 = 0;
+		usr->padding4 = 0;
+	}
+
+	return True;
+}
+
+void init_sam_user_info20A(SAM_USER_INFO_20 *usr, SAM_ACCOUNT *pw)
+{
+	int 		len_munged_dial;
+	const char*		munged_dial = pdb_get_munged_dial(pw);
+
+	len_munged_dial  = munged_dial  != NULL ? strlen(munged_dial )+1 : 0;
+	init_uni_hdr(&usr->hdr_munged_dial, len_munged_dial);
+	init_unistr2(&usr->uni_munged_dial, munged_dial, len_munged_dial);
+
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+static BOOL sam_io_user_info20(char *desc, SAM_USER_INFO_20 *usr,
+			prs_struct *ps, int depth)
+{
+	if (usr == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "sam_io_user_info20");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_unihdr("hdr_munged_dial ", &usr->hdr_munged_dial, ps, depth))	/* wkstas user can log on from */
+		return False;
+
+	if(!smb_io_unistr2("uni_munged_dial ", &usr->uni_munged_dial,usr->hdr_munged_dial.buffer, ps, depth))	/* worksations user can log on from */
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAM_USERINFO_CTR structure.
+********************************************************************/
+
+NTSTATUS make_samr_userinfo_ctr_usr21(TALLOC_CTX *ctx, SAM_USERINFO_CTR * ctr,
+				    uint16 switch_value,
+				    SAM_USER_INFO_21 * usr)
+{
+	DEBUG(5, ("init_samr_userinfo_ctr\n"));
+
+	ctr->switch_value = switch_value;
+	ctr->info.id = NULL;
+
+	switch (switch_value) {
+	case 0x10:
+		ctr->info.id10 = (SAM_USER_INFO_10 *)talloc_zero(ctx,sizeof(SAM_USER_INFO_10));
+		if (ctr->info.id10 == NULL)
+			return NT_STATUS_NO_MEMORY;
+
+		init_sam_user_info10(ctr->info.id10, usr->acb_info);
+		break;
+#if 0
+/* whoops - got this wrong.  i think.  or don't understand what's happening. */
+	case 0x11:
+		{
+			NTTIME expire;
+			info = (void *)&id11;
+
+			expire.low = 0xffffffff;
+			expire.high = 0x7fffffff;
+
+			ctr->info.id = (SAM_USER_INFO_11 *) talloc_zero(ctx,sizeof(*ctr->info.id11));
+			init_sam_user_info11(ctr->info.id11, &expire,
+					     "BROOKFIELDS$",	/* name */
+					     0x03ef,	/* user rid */
+					     0x201,	/* group rid */
+					     0x0080);	/* acb info */
+
+			break;
+		}
+#endif
+	case 0x12:
+		ctr->info.id12 = (SAM_USER_INFO_12 *)talloc_zero(ctx,sizeof(SAM_USER_INFO_12));
+		if (ctr->info.id12 == NULL)
+			return NT_STATUS_NO_MEMORY;
+
+		init_sam_user_info12(ctr->info.id12, usr->lm_pwd, usr->nt_pwd);
+		break;
+	case 21:
+		{
+			SAM_USER_INFO_21 *cusr;
+			cusr = (SAM_USER_INFO_21 *)talloc_zero(ctx,sizeof(SAM_USER_INFO_21));
+			ctr->info.id21 = cusr;
+			if (ctr->info.id21 == NULL)
+				return NT_STATUS_NO_MEMORY;
+			memcpy(cusr, usr, sizeof(*usr));
+			memset(cusr->lm_pwd, 0, sizeof(cusr->lm_pwd));
+			memset(cusr->nt_pwd, 0, sizeof(cusr->nt_pwd));
+			break;
+		}
+	default:
+		DEBUG(4,("make_samr_userinfo_ctr: unsupported info\n"));
+		return NT_STATUS_INVALID_INFO_CLASS;
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*******************************************************************
+inits a SAM_USERINFO_CTR structure.
+********************************************************************/
+
+void init_samr_userinfo_ctr(SAM_USERINFO_CTR * ctr, uchar * sess_key,
+			    uint16 switch_value, void *info)
+{
+	DEBUG(5, ("init_samr_userinfo_ctr\n"));
+
+	ctr->switch_value = switch_value;
+	ctr->info.id = info;
+
+	switch (switch_value) {
+	case 0x18:
+		SamOEMhash(ctr->info.id24->pass, sess_key, 516);
+		dump_data(100, (char *)sess_key, 16);
+		dump_data(100, (char *)ctr->info.id24->pass, 516);
+		break;
+	case 0x17:
+		SamOEMhash(ctr->info.id23->pass, sess_key, 516);
+		dump_data(100, (char *)sess_key, 16);
+		dump_data(100, (char *)ctr->info.id23->pass, 516);
+		break;
+	default:
+		DEBUG(4,("init_samr_userinfo_ctr: unsupported switch level\n"));
+	}
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+static BOOL samr_io_userinfo_ctr(char *desc, SAM_USERINFO_CTR **ppctr,
+				 prs_struct *ps, int depth)
+{
+	BOOL ret;
+	SAM_USERINFO_CTR *ctr;
+
+	prs_debug(ps, depth, desc, "samr_io_userinfo_ctr");
+	depth++;
+
+	if (UNMARSHALLING(ps)) {
+		ctr = (SAM_USERINFO_CTR *)prs_alloc_mem(ps,sizeof(SAM_USERINFO_CTR));
+		if (ctr == NULL)
+			return False;
+		*ppctr = ctr;
+	} else {
+		ctr = *ppctr;
+	}
+
+	/* lkclXXXX DO NOT ALIGN BEFORE READING SWITCH VALUE! */
+
+	if(!prs_uint16("switch_value", ps, depth, &ctr->switch_value))
+		return False;
+	if(!prs_align(ps))
+		return False;
+
+	ret = False;
+
+	switch (ctr->switch_value) {
+	case 0x10:
+		if (UNMARSHALLING(ps))
+			ctr->info.id10 = (SAM_USER_INFO_10 *)prs_alloc_mem(ps,sizeof(SAM_USER_INFO_10));
+		if (ctr->info.id10 == NULL) {
+			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));
+			return False;
+		}
+		ret = sam_io_user_info10("", ctr->info.id10, ps, depth);
+		break;
+	case 0x11:
+		if (UNMARSHALLING(ps))
+			ctr->info.id11 = (SAM_USER_INFO_11 *)prs_alloc_mem(ps,sizeof(SAM_USER_INFO_11));
+
+		if (ctr->info.id11 == NULL) {
+			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));
+			return False;
+		}
+		ret = sam_io_user_info11("", ctr->info.id11, ps, depth);
+		break;
+	case 0x12:
+		if (UNMARSHALLING(ps))
+			ctr->info.id12 = (SAM_USER_INFO_12 *)prs_alloc_mem(ps,sizeof(SAM_USER_INFO_12));
+
+		if (ctr->info.id12 == NULL) {
+			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));
+			return False;
+		}
+		ret = sam_io_user_info12("", ctr->info.id12, ps, depth);
+		break;
+	case 20:
+		if (UNMARSHALLING(ps))
+			ctr->info.id20 = (SAM_USER_INFO_20 *)prs_alloc_mem(ps,sizeof(SAM_USER_INFO_20));
+
+		if (ctr->info.id20 == NULL) {
+			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));
+			return False;
+		}
+		ret = sam_io_user_info20("", ctr->info.id20, ps, depth);
+		break;
+	case 21:
+		if (UNMARSHALLING(ps))
+			ctr->info.id21 = (SAM_USER_INFO_21 *)prs_alloc_mem(ps,sizeof(SAM_USER_INFO_21));
+
+		if (ctr->info.id21 == NULL) {
+			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));
+			return False;
+		}
+		ret = sam_io_user_info21("", ctr->info.id21, ps, depth);
+		break;
+	case 23:
+		if (UNMARSHALLING(ps))
+			ctr->info.id23 = (SAM_USER_INFO_23 *)prs_alloc_mem(ps,sizeof(SAM_USER_INFO_23));
+
+		if (ctr->info.id23 == NULL) {
+			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));
+			return False;
+		}
+		ret = sam_io_user_info23("", ctr->info.id23, ps, depth);
+		break;
+	case 24:
+		if (UNMARSHALLING(ps))
+			ctr->info.id24 = (SAM_USER_INFO_24 *)prs_alloc_mem(ps,sizeof(SAM_USER_INFO_24));
+
+		if (ctr->info.id24 == NULL) {
+			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));
+			return False;
+		}
+		ret = sam_io_user_info24("", ctr->info.id24, ps,  depth);
+		break;
+	case 25:
+		if (UNMARSHALLING(ps))
+			ctr->info.id25 = (SAM_USER_INFO_25 *)prs_alloc_mem(ps,sizeof(SAM_USER_INFO_25));
+
+		if (ctr->info.id25 == NULL) {
+			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));
+			return False;
+		}
+		ret = sam_io_user_info25("", ctr->info.id25, ps, depth);
+		break;
+	default:
+		DEBUG(2, ("samr_io_userinfo_ctr: unknown switch level 0x%x\n", ctr->switch_value));
+		ret = False;
+		break;
+	}
+
+	return ret;
+}
+
+/*******************************************************************
+inits a SAMR_R_QUERY_USERINFO structure.
+********************************************************************/
+
+void init_samr_r_query_userinfo(SAMR_R_QUERY_USERINFO * r_u,
+				SAM_USERINFO_CTR * ctr, NTSTATUS status)
+{
+	DEBUG(5, ("init_samr_r_query_userinfo\n"));
+
+	r_u->ptr = 0;
+	r_u->ctr = NULL;
+
+	if (NT_STATUS_IS_OK(status)) {
+		r_u->ptr = 1;
+		r_u->ctr = ctr;
+	}
+
+	r_u->status = status;	/* return status */
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_query_userinfo(char *desc, SAMR_R_QUERY_USERINFO * r_u,
+			      prs_struct *ps, int depth)
+{
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_query_userinfo");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr", ps, depth, &r_u->ptr))
+		return False;
+
+	if (r_u->ptr != 0) {
+		if(!samr_io_userinfo_ctr("ctr", &r_u->ctr, ps, depth))
+			return False;
+	}
+
+	if(!prs_align(ps))
+		return False;
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_Q_SET_USERINFO structure.
+********************************************************************/
+
+void init_samr_q_set_userinfo(SAMR_Q_SET_USERINFO * q_u,
+			      POLICY_HND *hnd,  unsigned char sess_key[16],
+			      uint16 switch_value, void *info)
+{
+	DEBUG(5, ("init_samr_q_set_userinfo\n"));
+
+	q_u->pol = *hnd;
+	q_u->switch_value = switch_value;
+	init_samr_userinfo_ctr(q_u->ctr, sess_key, switch_value, info);
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_q_set_userinfo(char *desc, SAMR_Q_SET_USERINFO * q_u,
+			    prs_struct *ps, int depth)
+{
+	if (q_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_set_userinfo");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	smb_io_pol_hnd("pol", &(q_u->pol), ps, depth);
+
+	if(!prs_uint16("switch_value", ps, depth, &q_u->switch_value))
+		return False;
+	if(!samr_io_userinfo_ctr("ctr", &q_u->ctr, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_R_SET_USERINFO structure.
+********************************************************************/
+
+void init_samr_r_set_userinfo(SAMR_R_SET_USERINFO * r_u, NTSTATUS status)
+{
+	DEBUG(5, ("init_samr_r_set_userinfo\n"));
+
+	r_u->status = status;	/* return status */
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_set_userinfo(char *desc, SAMR_R_SET_USERINFO * r_u,
+			    prs_struct *ps, int depth)
+{
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_set_userinfo");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_Q_SET_USERINFO2 structure.
+********************************************************************/
+
+void init_samr_q_set_userinfo2(SAMR_Q_SET_USERINFO2 * q_u,
+			       POLICY_HND *hnd, unsigned char sess_key[16],
+			       uint16 switch_value, SAM_USERINFO_CTR * ctr)
+{
+	DEBUG(5, ("init_samr_q_set_userinfo2\n"));
+
+	q_u->pol = *hnd;
+	q_u->switch_value = switch_value;
+	q_u->ctr = ctr;
+
+	if (q_u->ctr != NULL)
+		q_u->ctr->switch_value = switch_value;
+
+	switch (switch_value) {
+	case 0x12:
+		SamOEMhash(ctr->info.id12->lm_pwd, sess_key, 16);
+		SamOEMhash(ctr->info.id12->nt_pwd, sess_key, 16);
+		dump_data(100, (char *)sess_key, 16);
+		dump_data(100, (char *)ctr->info.id12->lm_pwd, 16);
+		dump_data(100, (char *)ctr->info.id12->nt_pwd, 16);
+		break;
+	}
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_q_set_userinfo2(char *desc, SAMR_Q_SET_USERINFO2 * q_u,
+			     prs_struct *ps, int depth)
+{
+	if (q_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_set_userinfo2");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("pol", &q_u->pol, ps, depth))
+		return False;
+
+	if(!prs_uint16("switch_value", ps, depth, &q_u->switch_value))
+		return False;
+	if(!samr_io_userinfo_ctr("ctr", &q_u->ctr, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_R_SET_USERINFO2 structure.
+********************************************************************/
+
+void init_samr_r_set_userinfo2(SAMR_R_SET_USERINFO2 * r_u, NTSTATUS status)
+{
+	DEBUG(5, ("init_samr_r_set_userinfo2\n"));
+
+	r_u->status = status;	/* return status */
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_set_userinfo2(char *desc, SAMR_R_SET_USERINFO2 * r_u,
+			     prs_struct *ps, int depth)
+{
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_set_userinfo2");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_Q_CONNECT structure.
+********************************************************************/
+
+void init_samr_q_connect(SAMR_Q_CONNECT * q_u,
+			 char *srv_name, uint32 access_mask)
+{
+	int len_srv_name = strlen(srv_name);
+
+	DEBUG(5, ("init_samr_q_connect\n"));
+
+	/* make PDC server name \\server */
+	q_u->ptr_srv_name = len_srv_name > 0 ? 1 : 0;
+	init_unistr2(&q_u->uni_srv_name, srv_name, len_srv_name + 1);
+
+	/* example values: 0x0000 0002 */
+	q_u->access_mask = access_mask;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_q_connect(char *desc, SAMR_Q_CONNECT * q_u,
+		       prs_struct *ps, int depth)
+{
+	if (q_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_connect");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_srv_name", ps, depth, &q_u->ptr_srv_name))
+		return False;
+	if(!smb_io_unistr2("", &q_u->uni_srv_name, q_u->ptr_srv_name, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+	if(!prs_uint32("access_mask", ps, depth, &q_u->access_mask))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_connect(char *desc, SAMR_R_CONNECT * r_u,
+		       prs_struct *ps, int depth)
+{
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_connect");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("connect_pol", &r_u->connect_pol, ps, depth))
+		return False;
+
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_Q_CONNECT_ANON structure.
+********************************************************************/
+
+void init_samr_q_connect_anon(SAMR_Q_CONNECT_ANON * q_u)
+{
+	DEBUG(5, ("init_samr_q_connect_anon\n"));
+
+	q_u->ptr = 1;
+	q_u->unknown_0 = 0x5c;	/* server name (?!!) */
+	q_u->unknown_1 = 0x01;
+	q_u->access_mask = 0x20;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_q_connect_anon(char *desc, SAMR_Q_CONNECT_ANON * q_u,
+			    prs_struct *ps, int depth)
+{
+	if (q_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_connect_anon");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr      ", ps, depth, &q_u->ptr))
+		return False;
+	if(!prs_uint16("unknown_0", ps, depth, &q_u->unknown_0))
+		return False;
+	if(!prs_uint16("unknown_1", ps, depth, &q_u->unknown_1))
+		return False;
+	if(!prs_uint32("access_mask", ps, depth, &q_u->access_mask))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_connect_anon(char *desc, SAMR_R_CONNECT_ANON * r_u,
+			    prs_struct *ps, int depth)
+{
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_connect_anon");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("connect_pol", &r_u->connect_pol, ps, depth))
+		return False;
+
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_Q_GET_DOM_PWINFO structure.
+********************************************************************/
+
+void init_samr_q_get_dom_pwinfo(SAMR_Q_GET_DOM_PWINFO * q_u,
+				char *srv_name)
+{
+	int len_srv_name = strlen(srv_name);
+
+	DEBUG(5, ("init_samr_q_get_dom_pwinfo\n"));
+
+	q_u->ptr = 1;
+	init_uni_hdr(&q_u->hdr_srv_name, len_srv_name);
+	init_unistr2(&q_u->uni_srv_name, srv_name, len_srv_name);
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_q_get_dom_pwinfo(char *desc, SAMR_Q_GET_DOM_PWINFO * q_u,
+			      prs_struct *ps, int depth)
+{
+	if (q_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_get_dom_pwinfo");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr", ps, depth, &q_u->ptr))
+		return False;
+	if (q_u->ptr != 0) {
+		if(!smb_io_unihdr("", &q_u->hdr_srv_name, ps, depth))
+			return False;
+		if(!smb_io_unistr2("", &q_u->uni_srv_name, q_u->hdr_srv_name.buffer, ps, depth))
+			return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_get_dom_pwinfo(char *desc, SAMR_R_GET_DOM_PWINFO * r_u,
+			      prs_struct *ps, int depth)
+{
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_get_dom_pwinfo");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint16("unk_0", ps, depth, &r_u->unk_0))
+		return False;
+	if(!prs_align(ps))
+		return False;
+	if(!prs_uint16("unk_1", ps, depth, &r_u->unk_1))
+		return False;
+	if(!prs_align(ps))
+		return False;
+	if(!prs_uint16("unk_2", ps, depth, &r_u->unk_2))
+		return False;
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+make a SAMR_ENC_PASSWD structure.
+********************************************************************/
+
+void init_enc_passwd(SAMR_ENC_PASSWD * pwd, char pass[512])
+{
+	ZERO_STRUCTP(pwd);
+
+	if (pass == NULL) {
+		pwd->ptr = 0;
+	} else {
+		pwd->ptr = 1;
+		memcpy(pwd->pass, pass, sizeof(pwd->pass));
+	}
+}
+
+/*******************************************************************
+reads or writes a SAMR_ENC_PASSWD structure.
+********************************************************************/
+
+BOOL samr_io_enc_passwd(char *desc, SAMR_ENC_PASSWD * pwd,
+			prs_struct *ps, int depth)
+{
+	if (pwd == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_enc_passwd");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr", ps, depth, &pwd->ptr))
+		return False;
+
+	if (pwd->ptr != 0) {
+		if(!prs_uint8s(False, "pwd", ps, depth, pwd->pass, sizeof(pwd->pass)))
+			return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_ENC_HASH structure.
+********************************************************************/
+
+void init_enc_hash(SAMR_ENC_HASH * hsh, uchar hash[16])
+{
+	ZERO_STRUCTP(hsh);
+
+	if (hash == NULL) {
+		hsh->ptr = 0;
+	} else {
+		hsh->ptr = 1;
+		memcpy(hsh->hash, hash, sizeof(hsh->hash));
+	}
+}
+
+/*******************************************************************
+reads or writes a SAMR_ENC_HASH structure.
+********************************************************************/
+
+BOOL samr_io_enc_hash(char *desc, SAMR_ENC_HASH * hsh,
+		      prs_struct *ps, int depth)
+{
+	if (hsh == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_enc_hash");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr ", ps, depth, &hsh->ptr))
+		return False;
+	if (hsh->ptr != 0) {
+		if(!prs_uint8s(False, "hash", ps, depth, hsh->hash,sizeof(hsh->hash)))
+			return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_R_GET_DOM_PWINFO structure.
+********************************************************************/
+
+void init_samr_q_chgpasswd_user(SAMR_Q_CHGPASSWD_USER * q_u,
+				char *dest_host, char *user_name,
+				char nt_newpass[516],
+				uchar nt_oldhash[16],
+				char lm_newpass[516],
+				uchar lm_oldhash[16])
+{
+	int len_dest_host = strlen(dest_host);
+	int len_user_name = strlen(user_name);
+
+	DEBUG(5, ("init_samr_q_chgpasswd_user\n"));
+
+	q_u->ptr_0 = 1;
+	init_uni_hdr(&q_u->hdr_dest_host, len_dest_host);
+	init_unistr2(&q_u->uni_dest_host, dest_host, len_dest_host);
+	init_uni_hdr(&q_u->hdr_user_name, len_user_name);
+	init_unistr2(&q_u->uni_user_name, user_name, len_user_name);
+
+	init_enc_passwd(&q_u->nt_newpass, nt_newpass);
+	init_enc_hash(&q_u->nt_oldhash, nt_oldhash);
+
+	q_u->unknown = 0x01;
+
+	init_enc_passwd(&q_u->lm_newpass, lm_newpass);
+	init_enc_hash(&q_u->lm_oldhash, lm_oldhash);
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_q_chgpasswd_user(char *desc, SAMR_Q_CHGPASSWD_USER * q_u,
+			      prs_struct *ps, int depth)
+{
+	if (q_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_chgpasswd_user");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_0", ps, depth, &q_u->ptr_0))
+		return False;
+
+	if(!smb_io_unihdr("", &q_u->hdr_dest_host, ps, depth))
+		return False;
+	if(!smb_io_unistr2("", &q_u->uni_dest_host, q_u->hdr_dest_host.buffer, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+	if(!smb_io_unihdr("", &q_u->hdr_user_name, ps, depth))
+		return False;
+	if(!smb_io_unistr2("", &q_u->uni_user_name, q_u->hdr_user_name.buffer,ps, depth))
+		return False;
+
+	if(!samr_io_enc_passwd("nt_newpass", &q_u->nt_newpass, ps, depth))
+		return False;
+	if(!samr_io_enc_hash("nt_oldhash", &q_u->nt_oldhash, ps, depth))
+		return False;
+
+	if(!prs_uint32("unknown", ps, depth, &q_u->unknown))
+		return False;
+
+	if(!samr_io_enc_passwd("lm_newpass", &q_u->lm_newpass, ps, depth))
+		return False;
+	if(!samr_io_enc_hash("lm_oldhash", &q_u->lm_oldhash, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_R_CHGPASSWD_USER structure.
+********************************************************************/
+
+void init_samr_r_chgpasswd_user(SAMR_R_CHGPASSWD_USER * r_u, NTSTATUS status)
+{
+	DEBUG(5, ("init_r_chgpasswd_user\n"));
+
+	r_u->status = status;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_chgpasswd_user(char *desc, SAMR_R_CHGPASSWD_USER * r_u,
+			      prs_struct *ps, int depth)
+{
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_chgpasswd_user");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+void init_samr_q_unknown_2e(SAMR_Q_UNKNOWN_2E *q_u,
+				POLICY_HND *domain_pol, uint16 switch_value)
+{
+	DEBUG(5, ("init_samr_q_unknown_2e\n"));
+
+	q_u->domain_pol = *domain_pol;
+	q_u->switch_value = switch_value;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_q_unknown_2e(char *desc, SAMR_Q_UNKNOWN_2E *q_u,
+			      prs_struct *ps, int depth)
+{
+	if (q_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_unknown_2e");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("domain_pol", &q_u->domain_pol, ps, depth))
+		return False;
+
+	if(!prs_uint16("switch_value", ps, depth, &q_u->switch_value))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_R_QUERY_DOMAIN_INFO structure.
+********************************************************************/
+
+void init_samr_r_samr_unknown_2e(SAMR_R_UNKNOWN_2E * r_u,
+				uint16 switch_value, SAM_UNK_CTR * ctr,
+				NTSTATUS status)
+{
+	DEBUG(5, ("init_samr_r_samr_unknown_2e\n"));
+
+	r_u->ptr_0 = 0;
+	r_u->switch_value = 0;
+	r_u->status = status;	/* return status */
+
+	if (NT_STATUS_IS_OK(status)) {
+		r_u->switch_value = switch_value;
+		r_u->ptr_0 = 1;
+		r_u->ctr = ctr;
+	}
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_samr_unknown_2e(char *desc, SAMR_R_UNKNOWN_2E * r_u,
+			      prs_struct *ps, int depth)
+{
+        if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_samr_unknown_2e");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_0 ", ps, depth, &r_u->ptr_0))
+		return False;
+
+	if (r_u->ptr_0 != 0 && r_u->ctr != NULL) {
+		if(!prs_uint16("switch_value", ps, depth, &r_u->switch_value))
+			return False;
+		if(!prs_align(ps))
+			return False;
+
+		switch (r_u->switch_value) {
+		case 0x0c:
+			if(!sam_io_unk_info12("unk_inf12", &r_u->ctr->info.inf12, ps, depth))
+				return False;
+			break;
+		case 0x07:
+			if(!sam_io_unk_info7("unk_inf7",&r_u->ctr->info.inf7, ps,depth))
+				return False;
+			break;
+		case 0x06:
+			if(!sam_io_unk_info6("unk_inf6",&r_u->ctr->info.inf6, ps,depth))
+				return False;
+			break;
+		case 0x05:
+			if(!sam_io_unk_info5("unk_inf5",&r_u->ctr->info.inf5, ps,depth))
+				return False;
+			break;
+		case 0x03:
+			if(!sam_io_unk_info3("unk_inf3",&r_u->ctr->info.inf3, ps,depth))
+				return False;
+			break;
+		case 0x02:
+			if(!sam_io_unk_info2("unk_inf2",&r_u->ctr->info.inf2, ps,depth))
+				return False;
+			break;
+		case 0x01:
+			if(!sam_io_unk_info1("unk_inf1",&r_u->ctr->info.inf1, ps,depth))
+				return False;
+			break;
+		default:
+			DEBUG(0, ("samr_io_r_samr_unknown_2e: unknown switch level 0x%x\n",
+				r_u->switch_value));
+			r_u->status = NT_STATUS_INVALID_INFO_CLASS;
+			return False;
+		}
+	}
+	
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+	
+	return True;
+}
+
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+void init_samr_q_set_domain_info(SAMR_Q_SET_DOMAIN_INFO *q_u,
+				POLICY_HND *domain_pol, uint16 switch_value, SAM_UNK_CTR *ctr)
+{
+	DEBUG(5, ("init_samr_q_set_domain_info\n"));
+
+	q_u->domain_pol = *domain_pol;
+	q_u->switch_value0 = switch_value;
+
+	q_u->switch_value = switch_value;
+	q_u->ctr = ctr;
+	
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_q_set_domain_info(char *desc, SAMR_Q_SET_DOMAIN_INFO *q_u,
+			      prs_struct *ps, int depth)
+{
+	if (q_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_q_set_domain_info");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("domain_pol", &q_u->domain_pol, ps, depth))
+		return False;
+
+	if(!prs_uint16("switch_value0", ps, depth, &q_u->switch_value0))
+		return False;
+
+	if(!prs_uint16("switch_value", ps, depth, &q_u->switch_value))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if ((q_u->ctr = (SAM_UNK_CTR *)prs_alloc_mem(ps, sizeof(SAM_UNK_CTR))) == NULL)
+		return False;
+	
+	switch (q_u->switch_value) {
+
+	case 0x0c:
+		if(!sam_io_unk_info12("unk_inf12", &q_u->ctr->info.inf12, ps, depth))
+			return False;
+		break;
+	case 0x07:
+		if(!sam_io_unk_info7("unk_inf7",&q_u->ctr->info.inf7, ps,depth))
+			return False;
+		break;
+	case 0x06:
+		if(!sam_io_unk_info6("unk_inf6",&q_u->ctr->info.inf6, ps,depth))
+			return False;
+		break;
+	case 0x05:
+		if(!sam_io_unk_info5("unk_inf5",&q_u->ctr->info.inf5, ps,depth))
+			return False;
+		break;
+	case 0x03:
+		if(!sam_io_unk_info3("unk_inf3",&q_u->ctr->info.inf3, ps,depth))
+			return False;
+		break;
+	case 0x02:
+		if(!sam_io_unk_info2("unk_inf2",&q_u->ctr->info.inf2, ps,depth))
+			return False;
+		break;
+	case 0x01:
+		if(!sam_io_unk_info1("unk_inf1",&q_u->ctr->info.inf1, ps,depth))
+			return False;
+		break;
+	default:
+		DEBUG(0, ("samr_io_r_samr_unknown_2e: unknown switch level 0x%x\n",
+			q_u->switch_value));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+inits a SAMR_R_QUERY_DOMAIN_INFO structure.
+********************************************************************/
+
+void init_samr_r_set_domain_info(SAMR_R_SET_DOMAIN_INFO * r_u, NTSTATUS status)
+{
+	DEBUG(5, ("init_samr_r_set_domain_info\n"));
+
+	r_u->status = status;	/* return status */
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL samr_io_r_set_domain_info(char *desc, SAMR_R_SET_DOMAIN_INFO * r_u,
+			      prs_struct *ps, int depth)
+{
+        if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "samr_io_r_samr_unknown_2e");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_ntstatus("status", ps, depth, &r_u->status))
+		return False;
+	
+	return True;
+}
diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c
new file mode 100644
index 0000000000..4f093b2422
--- /dev/null
+++ b/source3/rpc_parse/parse_sec.c
@@ -0,0 +1,1025 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell              1992-1998,
+ *  Copyright (C) Jeremy R. Allison            1995-1998
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
+ *  Copyright (C) Paul Ashton                  1997-1998.
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+/*******************************************************************
+ Sets up a SEC_ACCESS structure.
+********************************************************************/
+
+void init_sec_access(SEC_ACCESS *t, uint32 mask)
+{
+	t->mask = mask;
+}
+
+/*******************************************************************
+ Reads or writes a SEC_ACCESS structure.
+********************************************************************/
+
+BOOL sec_io_access(char *desc, SEC_ACCESS *t, prs_struct *ps, int depth)
+{
+	if (t == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "sec_io_access");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint32("mask", ps, depth, &(t->mask)))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Check if ACE has OBJECT type.
+********************************************************************/
+
+BOOL sec_ace_object(uint8 type)
+{
+	if (type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT ||
+            type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT ||
+            type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT ||
+            type == SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT) {
+		return True;
+	}
+	return False;
+}
+
+/*******************************************************************
+ copy a SEC_ACE structure.
+********************************************************************/
+void sec_ace_copy(SEC_ACE *ace_dest, SEC_ACE *ace_src)
+{
+	ace_dest->type  = ace_src->type;
+	ace_dest->flags = ace_src->flags;
+	ace_dest->size  = ace_src->size;
+	ace_dest->info.mask = ace_src->info.mask;
+	ace_dest->obj_flags = ace_src->obj_flags;
+	memcpy(&ace_dest->obj_guid, &ace_src->obj_guid, GUID_SIZE);
+	memcpy(&ace_dest->inh_guid, &ace_src->inh_guid, GUID_SIZE);	
+	sid_copy(&ace_dest->trustee, &ace_src->trustee);
+}
+
+/*******************************************************************
+ Sets up a SEC_ACE structure.
+********************************************************************/
+
+void init_sec_ace(SEC_ACE *t, DOM_SID *sid, uint8 type, SEC_ACCESS mask, uint8 flag)
+{
+	t->type = type;
+	t->flags = flag;
+	t->size = sid_size(sid) + 8;
+	t->info = mask;
+
+	ZERO_STRUCTP(&t->trustee);
+	sid_copy(&t->trustee, sid);
+}
+
+/*******************************************************************
+ Reads or writes a SEC_ACE structure.
+********************************************************************/
+
+BOOL sec_io_ace(char *desc, SEC_ACE *psa, prs_struct *ps, int depth)
+{
+	uint32 old_offset;
+	uint32 offset_ace_size;
+
+	if (psa == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "sec_io_ace");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	old_offset = prs_offset(ps);
+
+	if(!prs_uint8("type ", ps, depth, &psa->type))
+		return False;
+
+	if(!prs_uint8("flags", ps, depth, &psa->flags))
+		return False;
+
+	if(!prs_uint16_pre("size ", ps, depth, &psa->size, &offset_ace_size))
+		return False;
+
+	if(!sec_io_access("info ", &psa->info, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	/* check whether object access is present */
+	if (!sec_ace_object(psa->type)) {
+		if (!smb_io_dom_sid("trustee  ", &psa->trustee , ps, depth))
+			return False;
+	} else {
+		if (!prs_uint32("obj_flags", ps, depth, &psa->obj_flags))
+			return False;
+
+		if (psa->obj_flags & SEC_ACE_OBJECT_PRESENT)
+			if (!prs_uint8s(False, "obj_guid", ps, depth, psa->obj_guid.info, GUID_SIZE))
+				return False;
+
+		if (psa->obj_flags & SEC_ACE_OBJECT_INHERITED_PRESENT)
+			if (!prs_uint8s(False, "inh_guid", ps, depth, psa->inh_guid.info, GUID_SIZE))
+				return False;
+
+		if(!smb_io_dom_sid("trustee  ", &psa->trustee , ps, depth))
+			return False;
+	}
+
+	if(!prs_uint16_post("size ", ps, depth, &psa->size, offset_ace_size, old_offset))
+		return False;
+	return True;
+}
+
+/*******************************************************************
+ adds new SID with its permissions to ACE list
+********************************************************************/
+
+NTSTATUS sec_ace_add_sid(TALLOC_CTX *ctx, SEC_ACE **new, SEC_ACE *old, size_t *num, DOM_SID *sid, uint32 mask)
+{
+	int i = 0;
+	
+	if (!ctx || !new || !old || !sid || !num)  return NT_STATUS_INVALID_PARAMETER;
+
+	*num += 1;
+	
+	if((new[0] = (SEC_ACE *) talloc_zero(ctx, *num * sizeof(SEC_ACE))) == 0)
+		return NT_STATUS_NO_MEMORY;
+
+	for (i = 0; i < *num - 1; i ++)
+		sec_ace_copy(&(*new)[i], &old[i]);
+
+	(*new)[i].type  = 0;
+	(*new)[i].flags = 0;
+	(*new)[i].size  = SEC_ACE_HEADER_SIZE + sid_size(sid);
+	(*new)[i].info.mask = mask;
+	sid_copy(&(*new)[i].trustee, sid);
+	return NT_STATUS_OK;
+}
+
+/*******************************************************************
+  modify SID's permissions at ACL 
+********************************************************************/
+
+NTSTATUS sec_ace_mod_sid(SEC_ACE *ace, size_t num, DOM_SID *sid, uint32 mask)
+{
+	int i = 0;
+
+	if (!ace || !sid)  return NT_STATUS_INVALID_PARAMETER;
+
+	for (i = 0; i < num; i ++) {
+		if (sid_compare(&ace[i].trustee, sid) == 0) {
+			ace[i].info.mask = mask;
+			return NT_STATUS_OK;
+		}
+	}
+	return NT_STATUS_NOT_FOUND;
+}
+
+/*******************************************************************
+ delete SID from ACL
+********************************************************************/
+
+NTSTATUS sec_ace_del_sid(TALLOC_CTX *ctx, SEC_ACE **new, SEC_ACE *old, size_t *num, DOM_SID *sid)
+{
+	int i     = 0;
+	int n_del = 0;
+
+	if (!ctx || !new || !old || !sid || !num)  return NT_STATUS_INVALID_PARAMETER;
+
+	if((new[0] = (SEC_ACE *) talloc_zero(ctx, *num * sizeof(SEC_ACE))) == 0)
+		return NT_STATUS_NO_MEMORY;
+
+	for (i = 0; i < *num; i ++) {
+		if (sid_compare(&old[i].trustee, sid) != 0)
+			sec_ace_copy(&(*new)[i], &old[i]);
+		else
+			n_del ++;
+	}
+	if (n_del == 0)
+		return NT_STATUS_NOT_FOUND;
+	else {
+		*num -= n_del;
+		return NT_STATUS_OK;
+	}
+}
+
+/*******************************************************************
+ Create a SEC_ACL structure.  
+********************************************************************/
+
+SEC_ACL *make_sec_acl(TALLOC_CTX *ctx, uint16 revision, int num_aces, SEC_ACE *ace_list)
+{
+	SEC_ACL *dst;
+	int i;
+
+	if((dst = (SEC_ACL *)talloc_zero(ctx,sizeof(SEC_ACL))) == NULL)
+		return NULL;
+
+	dst->revision = revision;
+	dst->num_aces = num_aces;
+	dst->size = SEC_ACL_HEADER_SIZE;
+
+	/* Now we need to return a non-NULL address for the ace list even
+	   if the number of aces required is zero.  This is because there
+	   is a distinct difference between a NULL ace and an ace with zero
+	   entries in it.  This is achieved by checking that num_aces is a
+	   positive number. */
+
+	if ((num_aces) && 
+            ((dst->ace = (SEC_ACE *)talloc(ctx, sizeof(SEC_ACE) * num_aces)) 
+             == NULL)) {
+		return NULL;
+	}
+        
+	for (i = 0; i < num_aces; i++) {
+		dst->ace[i] = ace_list[i]; /* Structure copy. */
+		dst->size += ace_list[i].size;
+	}
+
+	return dst;
+}
+
+/*******************************************************************
+ Duplicate a SEC_ACL structure.  
+********************************************************************/
+
+SEC_ACL *dup_sec_acl(TALLOC_CTX *ctx, SEC_ACL *src)
+{
+	if(src == NULL)
+		return NULL;
+
+	return make_sec_acl(ctx, src->revision, src->num_aces, src->ace);
+}
+
+/*******************************************************************
+ Reads or writes a SEC_ACL structure.  
+
+ First of the xx_io_xx functions that allocates its data structures
+ for you as it reads them.
+********************************************************************/
+
+BOOL sec_io_acl(char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth)
+{
+	int i;
+	uint32 old_offset;
+	uint32 offset_acl_size;
+	SEC_ACL *psa;
+
+	if (ppsa == NULL)
+		return False;
+
+	psa = *ppsa;
+
+	if(UNMARSHALLING(ps) && psa == NULL) {
+		/*
+		 * This is a read and we must allocate the stuct to read into.
+		 */
+		if((psa = (SEC_ACL *)prs_alloc_mem(ps, sizeof(SEC_ACL))) == NULL)
+			return False;
+		*ppsa = psa;
+	}
+
+	prs_debug(ps, depth, desc, "sec_io_acl");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	old_offset = prs_offset(ps);
+
+	if(!prs_uint16("revision", ps, depth, &psa->revision))
+		return False;
+
+	if(!prs_uint16_pre("size     ", ps, depth, &psa->size, &offset_acl_size))
+		return False;
+
+	if(!prs_uint32("num_aces ", ps, depth, &psa->num_aces))
+		return False;
+
+	if (UNMARSHALLING(ps)) {
+		/*
+		 * Even if the num_aces is zero, allocate memory as there's a difference
+		 * between a non-present DACL (allow all access) and a DACL with no ACE's
+		 * (allow no access).
+		 */
+		if((psa->ace = (SEC_ACE *)prs_alloc_mem(ps,sizeof(psa->ace[0]) * (psa->num_aces+1))) == NULL)
+			return False;
+	}
+
+	for (i = 0; i < psa->num_aces; i++) {
+		fstring tmp;
+		slprintf(tmp, sizeof(tmp)-1, "ace_list[%02d]: ", i);
+		if(!sec_io_ace(tmp, &psa->ace[i], ps, depth))
+			return False;
+	}
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint16_post("size     ", ps, depth, &psa->size, offset_acl_size, old_offset))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Works out the linearization size of a SEC_DESC.
+********************************************************************/
+
+size_t sec_desc_size(SEC_DESC *psd)
+{
+	size_t offset;
+
+	if (!psd) return 0;
+
+	offset = SEC_DESC_HEADER_SIZE;
+
+	if (psd->owner_sid != NULL)
+		offset += ((sid_size(psd->owner_sid) + 3) & ~3);
+
+	if (psd->grp_sid != NULL)
+		offset += ((sid_size(psd->grp_sid) + 3) & ~3);
+
+	if (psd->sacl != NULL)
+		offset += ((psd->sacl->size + 3) & ~3);
+
+	if (psd->dacl != NULL)
+		offset += ((psd->dacl->size + 3) & ~3);
+
+	return offset;
+}
+
+/*******************************************************************
+ Compares two SEC_ACE structures
+********************************************************************/
+
+BOOL sec_ace_equal(SEC_ACE *s1, SEC_ACE *s2)
+{
+	/* Trivial case */
+
+	if (!s1 && !s2) return True;
+
+	/* Check top level stuff */
+
+	if (s1->type != s2->type || s1->flags != s2->flags ||
+	    s1->info.mask != s2->info.mask) {
+		return False;
+	}
+
+	/* Check SID */
+
+	if (!sid_equal(&s1->trustee, &s2->trustee)) {
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ Compares two SEC_ACL structures
+********************************************************************/
+
+BOOL sec_acl_equal(SEC_ACL *s1, SEC_ACL *s2)
+{
+	int i, j;
+
+	/* Trivial cases */
+
+	if (!s1 && !s2) return True;
+	if (!s1 || !s2) return False;
+
+	/* Check top level stuff */
+
+	if (s1->revision != s2->revision) {
+		DEBUG(10, ("sec_acl_equal(): revision differs (%d != %d)\n",
+			   s1->revision, s2->revision));
+		return False;
+	}
+
+	if (s1->num_aces != s2->num_aces) {
+		DEBUG(10, ("sec_acl_equal(): num_aces differs (%d != %d)\n",
+			   s1->revision, s2->revision));
+		return False;
+	}
+
+	/* The ACEs could be in any order so check each ACE in s1 against 
+	   each ACE in s2. */
+
+	for (i = 0; i < s1->num_aces; i++) {
+		BOOL found = False;
+
+		for (j = 0; j < s2->num_aces; j++) {
+			if (sec_ace_equal(&s1->ace[i], &s2->ace[j])) {
+				found = True;
+				break;
+			}
+		}
+
+		if (!found) return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ Compares two SEC_DESC structures
+********************************************************************/
+
+BOOL sec_desc_equal(SEC_DESC *s1, SEC_DESC *s2)
+{
+	/* Trivial case */
+
+	if (!s1 && !s2) {
+		goto done;
+	}
+
+	/* Check top level stuff */
+
+	if (s1->revision != s2->revision) {
+		DEBUG(10, ("sec_desc_equal(): revision differs (%d != %d)\n",
+			   s1->revision, s2->revision));
+		return False;
+	}
+
+	if (s1->type!= s2->type) {
+		DEBUG(10, ("sec_desc_equal(): type differs (%d != %d)\n",
+			   s1->type, s2->type));
+		return False;
+	}
+
+	/* Check owner and group */
+
+	if (!sid_equal(s1->owner_sid, s2->owner_sid)) {
+		fstring str1, str2;
+
+		sid_to_string(str1, s1->owner_sid);
+		sid_to_string(str2, s2->owner_sid);
+
+		DEBUG(10, ("sec_desc_equal(): owner differs (%s != %s)\n",
+			   str1, str2));
+		return False;
+	}
+
+	if (!sid_equal(s1->grp_sid, s2->grp_sid)) {
+		fstring str1, str2;
+
+		sid_to_string(str1, s1->grp_sid);
+		sid_to_string(str2, s2->grp_sid);
+
+		DEBUG(10, ("sec_desc_equal(): group differs (%s != %s)\n",
+			   str1, str2));
+		return False;
+	}
+
+	/* Check ACLs present in one but not the other */
+
+	if ((s1->dacl && !s2->dacl) || (!s1->dacl && s2->dacl) ||
+	    (s1->sacl && !s2->sacl) || (!s1->sacl && s2->sacl)) {
+		DEBUG(10, ("sec_desc_equal(): dacl or sacl not present\n"));
+		return False;
+	}
+
+	/* Sigh - we have to do it the hard way by iterating over all
+	   the ACEs in the ACLs */
+
+	if (!sec_acl_equal(s1->dacl, s2->dacl) ||
+	    !sec_acl_equal(s1->sacl, s2->sacl)) {
+		DEBUG(10, ("sec_desc_equal(): dacl/sacl list not equal\n"));
+		return False;
+	}
+
+ done:
+	DEBUG(10, ("sec_desc_equal(): secdescs are identical\n"));
+	return True;
+}
+
+/*******************************************************************
+ Merge part of security descriptor old_sec in to the empty sections of 
+ security descriptor new_sec.
+********************************************************************/
+
+SEC_DESC_BUF *sec_desc_merge(TALLOC_CTX *ctx, SEC_DESC_BUF *new_sdb, SEC_DESC_BUF *old_sdb)
+{
+	DOM_SID *owner_sid, *group_sid;
+	SEC_DESC_BUF *return_sdb;
+	SEC_ACL *dacl, *sacl;
+	SEC_DESC *psd = NULL;
+	uint16 secdesc_type;
+	size_t secdesc_size;
+
+	/* Copy over owner and group sids.  There seems to be no flag for
+	   this so just check the pointer values. */
+
+	owner_sid = new_sdb->sec->owner_sid ? new_sdb->sec->owner_sid :
+		old_sdb->sec->owner_sid;
+
+	group_sid = new_sdb->sec->grp_sid ? new_sdb->sec->grp_sid :
+		old_sdb->sec->grp_sid;
+	
+	secdesc_type = new_sdb->sec->type;
+
+	/* Ignore changes to the system ACL.  This has the effect of making
+	   changes through the security tab audit button not sticking. 
+	   Perhaps in future Samba could implement these settings somehow. */
+
+	sacl = NULL;
+	secdesc_type &= ~SEC_DESC_SACL_PRESENT;
+
+	/* Copy across discretionary ACL */
+
+	if (secdesc_type & SEC_DESC_DACL_PRESENT) {
+		dacl = new_sdb->sec->dacl;
+	} else {
+		dacl = old_sdb->sec->dacl;
+	}
+
+	/* Create new security descriptor from bits */
+
+	psd = make_sec_desc(ctx, new_sdb->sec->revision, 
+			    owner_sid, group_sid, sacl, dacl, &secdesc_size);
+
+	return_sdb = make_sec_desc_buf(ctx, secdesc_size, psd);
+
+	return(return_sdb);
+}
+
+/*******************************************************************
+ Tallocs a duplicate SID. 
+********************************************************************/ 
+
+static DOM_SID *sid_dup_talloc(TALLOC_CTX *ctx, DOM_SID *src)
+{
+  DOM_SID *dst;
+
+  if(!src)
+    return NULL;
+
+  if((dst = talloc_zero(ctx, sizeof(DOM_SID))) != NULL) {
+    sid_copy( dst, src);
+  }
+
+  return dst;
+}
+
+/*******************************************************************
+ Creates a SEC_DESC structure
+********************************************************************/
+
+SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, 
+			DOM_SID *owner_sid, DOM_SID *grp_sid,
+			SEC_ACL *sacl, SEC_ACL *dacl, size_t *sd_size)
+{
+	SEC_DESC *dst;
+	uint32 offset     = 0;
+	uint32 offset_sid = SEC_DESC_HEADER_SIZE;
+	uint32 offset_acl = 0;
+
+	*sd_size = 0;
+
+	if(( dst = (SEC_DESC *)talloc_zero(ctx, sizeof(SEC_DESC))) == NULL)
+		return NULL;
+
+	dst->revision = revision;
+	dst->type     = SEC_DESC_SELF_RELATIVE;
+
+	if (sacl) dst->type |= SEC_DESC_SACL_PRESENT;
+	if (dacl) dst->type |= SEC_DESC_DACL_PRESENT;
+
+	dst->off_owner_sid = 0;
+	dst->off_grp_sid   = 0;
+	dst->off_sacl      = 0;
+	dst->off_dacl      = 0;
+
+	if(owner_sid && ((dst->owner_sid = sid_dup_talloc(ctx,owner_sid)) == NULL))
+		goto error_exit;
+
+	if(grp_sid && ((dst->grp_sid = sid_dup_talloc(ctx,grp_sid)) == NULL))
+		goto error_exit;
+
+	if(sacl && ((dst->sacl = dup_sec_acl(ctx, sacl)) == NULL))
+		goto error_exit;
+
+	if(dacl && ((dst->dacl = dup_sec_acl(ctx, dacl)) == NULL))
+		goto error_exit;
+
+	offset = 0;
+
+	/*
+	 * Work out the linearization sizes.
+	 */
+	if (dst->owner_sid != NULL) {
+
+		if (offset == 0)
+			offset = SEC_DESC_HEADER_SIZE;
+
+		offset += ((sid_size(dst->owner_sid) + 3) & ~3);
+	}
+
+	if (dst->grp_sid != NULL) {
+
+		if (offset == 0)
+			offset = SEC_DESC_HEADER_SIZE;
+
+		offset += ((sid_size(dst->grp_sid) + 3) & ~3);
+	}
+
+	if (dst->sacl != NULL) {
+
+		offset_acl = SEC_DESC_HEADER_SIZE;
+
+		dst->off_sacl  = offset_acl;
+		offset_acl    += ((dst->sacl->size + 3) & ~3);
+		offset        += dst->sacl->size;
+		offset_sid    += dst->sacl->size;
+	}
+
+	if (dst->dacl != NULL) {
+
+		if (offset_acl == 0)
+			offset_acl = SEC_DESC_HEADER_SIZE;
+
+		dst->off_dacl  = offset_acl;
+		offset_acl    += ((dst->dacl->size + 3) & ~3);
+		offset        += dst->dacl->size;
+		offset_sid    += dst->dacl->size;
+	}
+
+	*sd_size = (size_t)((offset == 0) ? SEC_DESC_HEADER_SIZE : offset);
+
+	dst->off_owner_sid = offset_sid;
+
+	if (dst->owner_sid != NULL)
+		dst->off_grp_sid = offset_sid + sid_size(dst->owner_sid);
+	else
+		dst->off_grp_sid = offset_sid;
+
+	return dst;
+
+error_exit:
+
+	*sd_size = 0;
+	return NULL;
+}
+
+/*******************************************************************
+ Duplicate a SEC_DESC structure.  
+********************************************************************/
+
+SEC_DESC *dup_sec_desc( TALLOC_CTX *ctx, SEC_DESC *src)
+{
+	size_t dummy;
+
+	if(src == NULL)
+		return NULL;
+
+	return make_sec_desc( ctx, src->revision, 
+				src->owner_sid, src->grp_sid, src->sacl,
+				src->dacl, &dummy);
+}
+
+/*******************************************************************
+ Creates a SEC_DESC structure with typical defaults.
+********************************************************************/
+
+SEC_DESC *make_standard_sec_desc(TALLOC_CTX *ctx, DOM_SID *owner_sid, DOM_SID *grp_sid,
+				 SEC_ACL *dacl, size_t *sd_size)
+{
+	return make_sec_desc(ctx, SEC_DESC_REVISION,
+			     owner_sid, grp_sid, NULL, dacl, sd_size);
+}
+
+/*******************************************************************
+ Reads or writes a SEC_DESC structure.
+ If reading and the *ppsd = NULL, allocates the structure.
+********************************************************************/
+
+BOOL sec_io_desc(char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth)
+{
+	uint32 old_offset;
+	uint32 max_offset = 0; /* after we're done, move offset to end */
+	uint32 tmp_offset = 0;
+	
+	SEC_DESC *psd;
+
+	if (ppsd == NULL)
+		return False;
+
+	psd = *ppsd;
+
+	if (psd == NULL) {
+		if(UNMARSHALLING(ps)) {
+			if((psd = (SEC_DESC *)prs_alloc_mem(ps,sizeof(SEC_DESC))) == NULL)
+				return False;
+			*ppsd = psd;
+		} else {
+			/* Marshalling - just ignore. */
+			return True;
+		}
+	}
+
+	prs_debug(ps, depth, desc, "sec_io_desc");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	/* start of security descriptor stored for back-calc offset purposes */
+	old_offset = prs_offset(ps);
+
+	if(!prs_uint16("revision ", ps, depth, &psd->revision))
+		return False;
+
+	if(!prs_uint16("type     ", ps, depth, &psd->type))
+		return False;
+
+	if(!prs_uint32("off_owner_sid", ps, depth, &psd->off_owner_sid))
+		return False;
+
+	if(!prs_uint32("off_grp_sid  ", ps, depth, &psd->off_grp_sid))
+		return False;
+
+	if(!prs_uint32("off_sacl     ", ps, depth, &psd->off_sacl))
+		return False;
+
+	if(!prs_uint32("off_dacl     ", ps, depth, &psd->off_dacl))
+		return False;
+
+	max_offset = MAX(max_offset, prs_offset(ps));
+
+	if (psd->off_owner_sid != 0) {
+
+		if (UNMARSHALLING(ps)) {
+			if(!prs_set_offset(ps, old_offset + psd->off_owner_sid))
+				return False;
+			/* reading */
+			if((psd->owner_sid = (DOM_SID *)prs_alloc_mem(ps,sizeof(*psd->owner_sid))) == NULL)
+				return False;
+		}
+
+		tmp_offset = ps->data_offset;
+		ps->data_offset = psd->off_owner_sid;
+
+		if(!smb_io_dom_sid("owner_sid ", psd->owner_sid , ps, depth))
+			return False;
+		if(!prs_align(ps))
+			return False;
+
+		ps->data_offset = tmp_offset;
+	}
+
+	max_offset = MAX(max_offset, prs_offset(ps));
+
+	if (psd->off_grp_sid != 0) {
+
+		if (UNMARSHALLING(ps)) {
+			/* reading */
+			if(!prs_set_offset(ps, old_offset + psd->off_grp_sid))
+				return False;
+			if((psd->grp_sid = (DOM_SID *)prs_alloc_mem(ps,sizeof(*psd->grp_sid))) == NULL)
+				return False;
+		}
+
+		tmp_offset = ps->data_offset;
+		ps->data_offset = psd->off_grp_sid;
+
+		if(!smb_io_dom_sid("grp_sid", psd->grp_sid, ps, depth))
+			return False;
+		if(!prs_align(ps))
+			return False;
+
+		ps->data_offset = tmp_offset;
+	}
+
+	max_offset = MAX(max_offset, prs_offset(ps));
+
+	if ((psd->type & SEC_DESC_SACL_PRESENT) && psd->off_sacl) {
+		if(!prs_set_offset(ps, old_offset + psd->off_sacl))
+			return False;
+		if(!sec_io_acl("sacl", &psd->sacl, ps, depth))
+			return False;
+		if(!prs_align(ps))
+			return False;
+	}
+
+	max_offset = MAX(max_offset, prs_offset(ps));
+
+	if ((psd->type & SEC_DESC_DACL_PRESENT) && psd->off_dacl != 0) {
+		if(!prs_set_offset(ps, old_offset + psd->off_dacl))
+			return False;
+		if(!sec_io_acl("dacl", &psd->dacl, ps, depth))
+			return False;
+		if(!prs_align(ps))
+			return False;
+	}
+
+	max_offset = MAX(max_offset, prs_offset(ps));
+
+	if(!prs_set_offset(ps, max_offset))
+		return False;
+	return True;
+}
+
+/*******************************************************************
+ Creates a SEC_DESC_BUF structure.
+********************************************************************/
+
+SEC_DESC_BUF *make_sec_desc_buf(TALLOC_CTX *ctx, size_t len, SEC_DESC *sec_desc)
+{
+	SEC_DESC_BUF *dst;
+
+	if((dst = (SEC_DESC_BUF *)talloc_zero(ctx, sizeof(SEC_DESC_BUF))) == NULL)
+		return NULL;
+
+	/* max buffer size (allocated size) */
+	dst->max_len = (uint32)len;
+	dst->len = (uint32)len;
+	
+	if(sec_desc && ((dst->sec = dup_sec_desc(ctx, sec_desc)) == NULL)) {
+		return NULL;
+	}
+
+	dst->ptr = 0x1;
+
+	return dst;
+}
+
+/*******************************************************************
+ Duplicates a SEC_DESC_BUF structure.
+********************************************************************/
+
+SEC_DESC_BUF *dup_sec_desc_buf(TALLOC_CTX *ctx, SEC_DESC_BUF *src)
+{
+	if(src == NULL)
+		return NULL;
+
+	return make_sec_desc_buf( ctx, src->len, src->sec);
+}
+
+/*******************************************************************
+ Reads or writes a SEC_DESC_BUF structure.
+********************************************************************/
+
+BOOL sec_io_desc_buf(char *desc, SEC_DESC_BUF **ppsdb, prs_struct *ps, int depth)
+{
+	uint32 off_len;
+	uint32 off_max_len;
+	uint32 old_offset;
+	uint32 size;
+	SEC_DESC_BUF *psdb;
+
+	if (ppsdb == NULL)
+		return False;
+
+	psdb = *ppsdb;
+
+	if (UNMARSHALLING(ps) && psdb == NULL) {
+		if((psdb = (SEC_DESC_BUF *)prs_alloc_mem(ps,sizeof(SEC_DESC_BUF))) == NULL)
+			return False;
+		*ppsdb = psdb;
+	}
+
+	prs_debug(ps, depth, desc, "sec_io_desc_buf");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint32_pre("max_len", ps, depth, &psdb->max_len, &off_max_len))
+		return False;
+
+	if(!prs_uint32    ("ptr  ", ps, depth, &psdb->ptr))
+		return False;
+
+	if(!prs_uint32_pre("len    ", ps, depth, &psdb->len, &off_len))
+		return False;
+
+	old_offset = prs_offset(ps);
+
+	/* reading, length is non-zero; writing, descriptor is non-NULL */
+	if ((UNMARSHALLING(ps) && psdb->len != 0) || (MARSHALLING(ps) && psdb->sec != NULL)) {
+		if(!sec_io_desc("sec   ", &psdb->sec, ps, depth))
+			return False;
+	}
+
+	if(!prs_align(ps))
+		return False;
+	
+	size = prs_offset(ps) - old_offset;
+	if(!prs_uint32_post("max_len", ps, depth, &psdb->max_len, off_max_len, size == 0 ? psdb->max_len : size))
+		return False;
+
+	if(!prs_uint32_post("len    ", ps, depth, &psdb->len, off_len, size))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ adds new SID with its permissions to SEC_DESC
+********************************************************************/
+
+NTSTATUS sec_desc_add_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, uint32 mask, size_t *sd_size)
+{
+	SEC_DESC *sd   = 0;
+	SEC_ACL  *dacl = 0;
+	SEC_ACE  *ace  = 0;
+	NTSTATUS  status;
+
+	*sd_size = 0;
+
+	if (!ctx || !psd || !sid || !sd_size)  return NT_STATUS_INVALID_PARAMETER;
+
+	status = sec_ace_add_sid(ctx, &ace, psd[0]->dacl->ace, &psd[0]->dacl->num_aces, sid, mask);
+	
+	if (!NT_STATUS_IS_OK(status))
+		return status;
+
+	if (!(dacl = make_sec_acl(ctx, psd[0]->dacl->revision, psd[0]->dacl->num_aces, ace)))
+		return NT_STATUS_UNSUCCESSFUL;
+	
+	if (!(sd = make_sec_desc(ctx, psd[0]->revision, psd[0]->owner_sid, 
+		psd[0]->grp_sid, psd[0]->sacl, dacl, sd_size)))
+		return NT_STATUS_UNSUCCESSFUL;
+
+	*psd = sd;
+	 sd  = 0;
+	return NT_STATUS_OK;
+}
+
+/*******************************************************************
+ modify SID's permissions at SEC_DESC
+********************************************************************/
+
+NTSTATUS sec_desc_mod_sid(SEC_DESC *sd, DOM_SID *sid, uint32 mask)
+{
+	NTSTATUS status;
+
+	if (!sd || !sid) return NT_STATUS_INVALID_PARAMETER;
+
+	status = sec_ace_mod_sid(sd->dacl->ace, sd->dacl->num_aces, sid, mask);
+
+	if (!NT_STATUS_IS_OK(status))
+		return status;
+	
+	return NT_STATUS_OK;
+}
+
+/*******************************************************************
+ delete SID from SEC_DESC
+********************************************************************/
+
+NTSTATUS sec_desc_del_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, size_t *sd_size)
+{
+	SEC_DESC *sd   = 0;
+	SEC_ACL  *dacl = 0;
+	SEC_ACE  *ace  = 0;
+	NTSTATUS  status;
+
+	*sd_size = 0;
+	
+	if (!ctx || !psd[0] || !sid || !sd_size) return NT_STATUS_INVALID_PARAMETER;
+
+	status = sec_ace_del_sid(ctx, &ace, psd[0]->dacl->ace, &psd[0]->dacl->num_aces, sid);
+
+	if (!NT_STATUS_IS_OK(status))
+		return status;
+
+	if (!(dacl = make_sec_acl(ctx, psd[0]->dacl->revision, psd[0]->dacl->num_aces, ace)))
+		return NT_STATUS_UNSUCCESSFUL;
+	
+	if (!(sd = make_sec_desc(ctx, psd[0]->revision, psd[0]->owner_sid, 
+		psd[0]->grp_sid, psd[0]->sacl, dacl, sd_size)))
+		return NT_STATUS_UNSUCCESSFUL;
+
+	*psd = sd;
+	 sd  = 0;
+	return NT_STATUS_OK;
+}
diff --git a/source3/rpc_parse/parse_spoolss.c b/source3/rpc_parse/parse_spoolss.c
new file mode 100644
index 0000000000..b74ee3c5c5
--- /dev/null
+++ b/source3/rpc_parse/parse_spoolss.c
@@ -0,0 +1,7041 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell              1992-2000,
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-2000,
+ *  Copyright (C) Jean François Micouleau      1998-2000,
+ *  Copyright (C) Gerald Carter                2000-2002
+ *  Copyright (C) Tim Potter		       2001.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+/*******************************************************************
+return the length of a UNISTR string.
+********************************************************************/  
+
+static uint32 str_len_uni(UNISTR *source)
+{
+ 	uint32 i=0;
+
+	if (!source->buffer)
+		return 0;
+
+	while (source->buffer[i])
+		i++;
+
+	return i;
+}
+
+/*******************************************************************
+This should be moved in a more generic lib.
+********************************************************************/  
+
+static BOOL spoolss_io_system_time(char *desc, prs_struct *ps, int depth, SYSTEMTIME *systime)
+{
+	if(!prs_uint16("year", ps, depth, &systime->year))
+		return False;
+	if(!prs_uint16("month", ps, depth, &systime->month))
+		return False;
+	if(!prs_uint16("dayofweek", ps, depth, &systime->dayofweek))
+		return False;
+	if(!prs_uint16("day", ps, depth, &systime->day))
+		return False;
+	if(!prs_uint16("hour", ps, depth, &systime->hour))
+		return False;
+	if(!prs_uint16("minute", ps, depth, &systime->minute))
+		return False;
+	if(!prs_uint16("second", ps, depth, &systime->second))
+		return False;
+	if(!prs_uint16("milliseconds", ps, depth, &systime->milliseconds))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL make_systemtime(SYSTEMTIME *systime, struct tm *unixtime)
+{
+	systime->year=unixtime->tm_year+1900;
+	systime->month=unixtime->tm_mon+1;
+	systime->dayofweek=unixtime->tm_wday;
+	systime->day=unixtime->tm_mday;
+	systime->hour=unixtime->tm_hour;
+	systime->minute=unixtime->tm_min;
+	systime->second=unixtime->tm_sec;
+	systime->milliseconds=0;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes an DOC_INFO structure.
+********************************************************************/  
+
+static BOOL smb_io_doc_info_1(char *desc, DOC_INFO_1 *info_1, prs_struct *ps, int depth)
+{
+	if (info_1 == NULL) return False;
+
+	prs_debug(ps, depth, desc, "smb_io_doc_info_1");
+	depth++;
+ 
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint32("p_docname",    ps, depth, &info_1->p_docname))
+		return False;
+	if(!prs_uint32("p_outputfile", ps, depth, &info_1->p_outputfile))
+		return False;
+	if(!prs_uint32("p_datatype",   ps, depth, &info_1->p_datatype))
+		return False;
+
+	if(!smb_io_unistr2("", &info_1->docname,    info_1->p_docname,    ps, depth))
+		return False;
+	if(!smb_io_unistr2("", &info_1->outputfile, info_1->p_outputfile, ps, depth))
+		return False;
+	if(!smb_io_unistr2("", &info_1->datatype,   info_1->p_datatype,   ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes an DOC_INFO structure.
+********************************************************************/  
+
+static BOOL smb_io_doc_info(char *desc, DOC_INFO *info, prs_struct *ps, int depth)
+{
+	uint32 useless_ptr=0;
+	
+	if (info == NULL) return False;
+
+	prs_debug(ps, depth, desc, "smb_io_doc_info");
+	depth++;
+ 
+	if(!prs_align(ps))
+		return False;
+        
+	if(!prs_uint32("switch_value", ps, depth, &info->switch_value))
+		return False;
+	
+	if(!prs_uint32("doc_info_X ptr", ps, depth, &useless_ptr))
+		return False;
+
+	switch (info->switch_value)
+	{
+		case 1:	
+			if(!smb_io_doc_info_1("",&info->doc_info_1, ps, depth))
+				return False;
+			break;
+		case 2:
+			/*
+			  this is just a placeholder
+			  
+			  MSDN July 1998 says doc_info_2 is only on
+			  Windows 95, and as Win95 doesn't do RPC to print
+			  this case is nearly impossible
+			  
+			  Maybe one day with Windows for dishwasher 2037 ...
+			  
+			*/
+			/* smb_io_doc_info_2("",&info->doc_info_2, ps, depth); */
+			break;
+		default:
+			DEBUG(0,("Something is obviously wrong somewhere !\n"));
+			break;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes an DOC_INFO_CONTAINER structure.
+********************************************************************/  
+
+static BOOL smb_io_doc_info_container(char *desc, DOC_INFO_CONTAINER *cont, prs_struct *ps, int depth)
+{
+	if (cont == NULL) return False;
+
+	prs_debug(ps, depth, desc, "smb_io_doc_info_container");
+	depth++;
+ 
+	if(!prs_align(ps))
+		return False;
+        
+	if(!prs_uint32("level", ps, depth, &cont->level))
+		return False;
+	
+	if(!smb_io_doc_info("",&cont->docinfo, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes an NOTIFY OPTION TYPE structure.
+********************************************************************/  
+
+/* NOTIFY_OPTION_TYPE and NOTIFY_OPTION_TYPE_DATA are really one
+   structure.  The _TYPE structure is really the deferred referrants (i.e
+   the notify fields array) of the _TYPE structure. -tpot */
+
+static BOOL smb_io_notify_option_type(char *desc, SPOOL_NOTIFY_OPTION_TYPE *type, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "smb_io_notify_option_type");
+	depth++;
+ 
+	if (!prs_align(ps))
+		return False;
+
+	if(!prs_uint16("type", ps, depth, &type->type))
+		return False;
+	if(!prs_uint16("reserved0", ps, depth, &type->reserved0))
+		return False;
+	if(!prs_uint32("reserved1", ps, depth, &type->reserved1))
+		return False;
+	if(!prs_uint32("reserved2", ps, depth, &type->reserved2))
+		return False;
+	if(!prs_uint32("count", ps, depth, &type->count))
+		return False;
+	if(!prs_uint32("fields_ptr", ps, depth, &type->fields_ptr))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes an NOTIFY OPTION TYPE DATA.
+********************************************************************/  
+
+static BOOL smb_io_notify_option_type_data(char *desc, SPOOL_NOTIFY_OPTION_TYPE *type, prs_struct *ps, int depth)
+{
+	int i;
+
+	prs_debug(ps, depth, desc, "smb_io_notify_option_type_data");
+	depth++;
+ 
+ 	/* if there are no fields just return */
+	if (type->fields_ptr==0)
+		return True;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("count2", ps, depth, &type->count2))
+		return False;
+	
+	if (type->count2 != type->count)
+		DEBUG(4,("What a mess, count was %x now is %x !\n", type->count, type->count2));
+
+	/* parse the option type data */
+	for(i=0;i<type->count2;i++)
+		if(!prs_uint16("fields",ps,depth,&type->fields[i]))
+			return False;
+	return True;
+}
+
+/*******************************************************************
+reads or writes an NOTIFY OPTION structure.
+********************************************************************/  
+
+static BOOL smb_io_notify_option_type_ctr(char *desc, SPOOL_NOTIFY_OPTION_TYPE_CTR *ctr , prs_struct *ps, int depth)
+{		
+	int i;
+	
+	prs_debug(ps, depth, desc, "smb_io_notify_option_type_ctr");
+	depth++;
+ 
+	if(!prs_uint32("count", ps, depth, &ctr->count))
+		return False;
+
+	/* reading */
+	if (UNMARSHALLING(ps))
+		if((ctr->type=(SPOOL_NOTIFY_OPTION_TYPE *)prs_alloc_mem(ps,ctr->count*sizeof(SPOOL_NOTIFY_OPTION_TYPE))) == NULL)
+			return False;
+		
+	/* the option type struct */
+	for(i=0;i<ctr->count;i++)
+		if(!smb_io_notify_option_type("", &ctr->type[i] , ps, depth))
+			return False;
+
+	/* the type associated with the option type struct */
+	for(i=0;i<ctr->count;i++)
+		if(!smb_io_notify_option_type_data("", &ctr->type[i] , ps, depth))
+			return False;
+	
+	return True;
+}
+
+/*******************************************************************
+reads or writes an NOTIFY OPTION structure.
+********************************************************************/  
+
+static BOOL smb_io_notify_option(char *desc, SPOOL_NOTIFY_OPTION *option, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "smb_io_notify_option");
+	depth++;
+ 	
+	if(!prs_uint32("version", ps, depth, &option->version))
+		return False;
+	if(!prs_uint32("flags", ps, depth, &option->flags))
+		return False;
+	if(!prs_uint32("count", ps, depth, &option->count))
+		return False;
+	if(!prs_uint32("option_type_ptr", ps, depth, &option->option_type_ptr))
+		return False;
+	
+	/* marshalling or unmarshalling, that would work */	
+	if (option->option_type_ptr!=0) {
+		if(!smb_io_notify_option_type_ctr("", &option->ctr ,ps, depth))
+			return False;
+	}
+	else {
+		option->ctr.type=NULL;
+		option->ctr.count=0;
+	}
+	
+	return True;
+}
+
+/*******************************************************************
+reads or writes an NOTIFY INFO DATA structure.
+********************************************************************/  
+
+static BOOL smb_io_notify_info_data(char *desc,SPOOL_NOTIFY_INFO_DATA *data, prs_struct *ps, int depth)
+{
+	uint32 useless_ptr=0xADDE0FF0;
+
+	uint32 how_many_words;
+	BOOL isvalue;
+	uint32 x;
+	
+	prs_debug(ps, depth, desc, "smb_io_notify_info_data");
+	depth++;
+
+	how_many_words=data->size;
+	if (how_many_words==POINTER) {
+		how_many_words=TWO_VALUE;
+	}
+	
+	isvalue=data->enc_type;
+
+	if(!prs_align(ps))
+		return False;
+	if(!prs_uint16("type",           ps, depth, &data->type))
+		return False;
+	if(!prs_uint16("field",          ps, depth, &data->field))
+		return False;
+	/*prs_align(ps);*/
+
+	if(!prs_uint32("how many words", ps, depth, &how_many_words))
+		return False;
+	if(!prs_uint32("id",             ps, depth, &data->id))
+		return False;
+	if(!prs_uint32("how many words", ps, depth, &how_many_words))
+		return False;
+
+
+	/*prs_align(ps);*/
+
+	if (isvalue==True) {
+		if(!prs_uint32("value[0]", ps, depth, &data->notify_data.value[0]))
+			return False;
+		if(!prs_uint32("value[1]", ps, depth, &data->notify_data.value[1]))
+			return False;
+		/*prs_align(ps);*/
+	} else {
+		/* it's a string */
+		/* length in ascii including \0 */
+		x=2*(data->notify_data.data.length+1);
+		if(!prs_uint32("string length", ps, depth, &x ))
+			return False;
+		if(!prs_uint32("pointer", ps, depth, &useless_ptr))
+			return False;
+		/*prs_align(ps);*/
+	}
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes an NOTIFY INFO DATA structure.
+********************************************************************/  
+
+BOOL smb_io_notify_info_data_strings(char *desc,SPOOL_NOTIFY_INFO_DATA *data,
+                                     prs_struct *ps, int depth)
+{
+	uint32 x;
+	BOOL isvalue;
+	
+	prs_debug(ps, depth, desc, "smb_io_notify_info_data_strings");
+	depth++;
+	
+	if(!prs_align(ps))
+		return False;
+
+	isvalue=data->enc_type;
+
+	if (isvalue==False) {
+		/* length of string in unicode include \0 */
+		x=data->notify_data.data.length+1;
+		if(!prs_uint32("string length", ps, depth, &x ))
+			return False;
+		if (MARSHALLING(ps)) {
+			/* These are already in little endian format. Don't byte swap. */
+			if (x == 1) {
+
+				/* No memory allocated for this string
+				   therefore following the data.string
+				   pointer is a bad idea.  Use a pointer to
+				   the uint32 length union member to
+				   provide a source for a unicode NULL */
+
+				if(!prs_uint8s(True,"string",ps,depth, (uint8 *)&data->notify_data.data.length,x*2)) 
+					return False;
+			} else {
+				if(!prs_uint16uni(True,"string",ps,depth,data->notify_data.data.string,x))
+					return False;
+			}
+		} else {
+
+			/* Tallocate memory for string */
+
+			data->notify_data.data.string = (uint16 *)prs_alloc_mem(ps, x * 2);
+			if (!data->notify_data.data.string) 
+				return False;
+
+			if(!prs_uint16uni(True,"string",ps,depth,data->notify_data.data.string,x))
+				return False;
+		}
+	}
+#if 0	/* JERRY */
+
+	/* Win2k does not seem to put this parse align here */
+
+	if(!prs_align(ps))
+		return False;
+#endif
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes an NOTIFY INFO structure.
+********************************************************************/  
+
+static BOOL smb_io_notify_info(char *desc, SPOOL_NOTIFY_INFO *info, prs_struct *ps, int depth)
+{
+	int i;
+
+	prs_debug(ps, depth, desc, "smb_io_notify_info");
+	depth++;
+ 
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("count", ps, depth, &info->count))
+		return False;
+	if(!prs_uint32("version", ps, depth, &info->version))
+		return False;
+	if(!prs_uint32("flags", ps, depth, &info->flags))
+		return False;
+	if(!prs_uint32("count", ps, depth, &info->count))
+		return False;
+
+	for (i=0;i<info->count;i++) {
+		if(!smb_io_notify_info_data(desc, &info->data[i], ps, depth))
+			return False;
+	}
+
+	/* now do the strings at the end of the stream */	
+	for (i=0;i<info->count;i++) {
+		if(!smb_io_notify_info_data_strings(desc, &info->data[i], ps, depth))
+			return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+
+static BOOL spool_io_user_level_1(char *desc, SPOOL_USER_1 *q_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "");
+	depth++;
+
+	/* reading */
+	if (UNMARSHALLING(ps))
+		ZERO_STRUCTP(q_u);
+
+	if (!prs_align(ps))
+		return False;
+	if (!prs_uint32("size", ps, depth, &q_u->size))
+		return False;
+	if (!prs_uint32("client_name_ptr", ps, depth, &q_u->client_name_ptr))
+		return False;
+	if (!prs_uint32("user_name_ptr", ps, depth, &q_u->user_name_ptr))
+		return False;
+	if (!prs_uint32("build", ps, depth, &q_u->build))
+		return False;
+	if (!prs_uint32("major", ps, depth, &q_u->major))
+		return False;
+	if (!prs_uint32("minor", ps, depth, &q_u->minor))
+		return False;
+	if (!prs_uint32("processor", ps, depth, &q_u->processor))
+		return False;
+
+	if (!smb_io_unistr2("", &q_u->client_name, q_u->client_name_ptr, ps, depth))
+		return False;
+	if (!prs_align(ps))
+		return False;
+	if (!smb_io_unistr2("", &q_u->user_name,   q_u->user_name_ptr,   ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+
+static BOOL spool_io_user_level(char *desc, SPOOL_USER_CTR *q_u, prs_struct *ps, int depth)
+{
+	if (q_u==NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "spool_io_user_level");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+	if (!prs_uint32("level", ps, depth, &q_u->level))
+		return False;
+	if (!prs_uint32("ptr", ps, depth, &q_u->ptr))
+		return False;
+	
+	switch (q_u->level) {	
+	case 1:
+		if (!spool_io_user_level_1("", &q_u->user1, ps, depth))
+			return False;
+		break;
+	default:
+		return False;	
+	}	
+
+	return True;
+}
+
+/*******************************************************************
+ * read or write a DEVICEMODE struct.
+ * on reading allocate memory for the private member
+ ********************************************************************/
+
+BOOL spoolss_io_devmode(char *desc, prs_struct *ps, int depth, DEVICEMODE *devmode)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_devmode");
+	depth++;
+
+	if (UNMARSHALLING(ps)) {
+		devmode->devicename.buffer = (uint16 *)prs_alloc_mem(ps, 32 * sizeof(uint16) );
+		if (devmode->devicename.buffer == NULL)
+			return False;
+	}
+
+	if (!prs_uint16uni(True,"devicename", ps, depth, devmode->devicename.buffer, 32))
+		return False;
+	if (!prs_uint16("specversion",      ps, depth, &devmode->specversion))
+		return False;
+	if (!prs_uint16("driverversion",    ps, depth, &devmode->driverversion))
+		return False;
+	if (!prs_uint16("size",             ps, depth, &devmode->size))
+		return False;
+	if (!prs_uint16("driverextra",      ps, depth, &devmode->driverextra))
+		return False;
+	if (!prs_uint32("fields",           ps, depth, &devmode->fields))
+		return False;
+	if (!prs_uint16("orientation",      ps, depth, &devmode->orientation))
+		return False;
+	if (!prs_uint16("papersize",        ps, depth, &devmode->papersize))
+		return False;
+	if (!prs_uint16("paperlength",      ps, depth, &devmode->paperlength))
+		return False;
+	if (!prs_uint16("paperwidth",       ps, depth, &devmode->paperwidth))
+		return False;
+	if (!prs_uint16("scale",            ps, depth, &devmode->scale))
+		return False;
+	if (!prs_uint16("copies",           ps, depth, &devmode->copies))
+		return False;
+	if (!prs_uint16("defaultsource",    ps, depth, &devmode->defaultsource))
+		return False;
+	if (!prs_uint16("printquality",     ps, depth, &devmode->printquality))
+		return False;
+	if (!prs_uint16("color",            ps, depth, &devmode->color))
+		return False;
+	if (!prs_uint16("duplex",           ps, depth, &devmode->duplex))
+		return False;
+	if (!prs_uint16("yresolution",      ps, depth, &devmode->yresolution))
+		return False;
+	if (!prs_uint16("ttoption",         ps, depth, &devmode->ttoption))
+		return False;
+	if (!prs_uint16("collate",          ps, depth, &devmode->collate))
+		return False;
+
+	if (UNMARSHALLING(ps)) {
+		devmode->formname.buffer = (uint16 *)prs_alloc_mem(ps, 32 * sizeof(uint16) );
+		if (devmode->formname.buffer == NULL)
+			return False;
+	}
+
+	if (!prs_uint16uni(True, "formname",  ps, depth, devmode->formname.buffer, 32))
+		return False;
+	if (!prs_uint16("logpixels",        ps, depth, &devmode->logpixels))
+		return False;
+	if (!prs_uint32("bitsperpel",       ps, depth, &devmode->bitsperpel))
+		return False;
+	if (!prs_uint32("pelswidth",        ps, depth, &devmode->pelswidth))
+		return False;
+	if (!prs_uint32("pelsheight",       ps, depth, &devmode->pelsheight))
+		return False;
+	if (!prs_uint32("displayflags",     ps, depth, &devmode->displayflags))
+		return False;
+	if (!prs_uint32("displayfrequency", ps, depth, &devmode->displayfrequency))
+		return False;
+
+	/* 
+	 * Conditional parsing.  Assume that the DeviceMode has been 
+	 * zero'd by the caller. 
+	 */
+	switch(devmode->specversion) {
+	
+		/* Used by spooler when issuing OpenPrinter() calls.  NT 3.5x? */
+		case 0x0320:
+			break;
+		
+		/* See the comments on the DEVMODE in the msdn GDI documentation */
+		/* (WINVER >= 0x0400) */
+		case 0x0400:
+		case 0x0401:
+	if (!prs_uint32("icmmethod",        ps, depth, &devmode->icmmethod))
+		return False;
+	if (!prs_uint32("icmintent",        ps, depth, &devmode->icmintent))
+		return False;
+	if (!prs_uint32("mediatype",        ps, depth, &devmode->mediatype))
+		return False;
+	if (!prs_uint32("dithertype",       ps, depth, &devmode->dithertype))
+		return False;
+	if (!prs_uint32("reserved1",        ps, depth, &devmode->reserved1))
+		return False;
+	if (!prs_uint32("reserved2",        ps, depth, &devmode->reserved2))
+		return False;
+
+			/* (WINVER >= 0x0500) || (_WIN32_WINNT >= 0x0400) */
+			if (devmode->specversion == 0x401) {
+	if (!prs_uint32("panningwidth",     ps, depth, &devmode->panningwidth))
+		return False;
+	if (!prs_uint32("panningheight",    ps, depth, &devmode->panningheight))
+		return False;
+			}
+			break;
+
+		/* log an error if we see something else */
+		default:
+			DEBUG(0,("spoolss_io_devmode: Unknown specversion [0x%x]!\n", devmode->specversion));
+			DEBUG(0,("spoolss_io_devmode: Please report to samba-technical@samba.org\n"));
+			break;
+	}
+
+	if (devmode->driverextra!=0) {
+		if (UNMARSHALLING(ps)) {
+			devmode->private=(uint8 *)prs_alloc_mem(ps, devmode->driverextra*sizeof(uint8));
+			if(devmode->private == NULL)
+				return False;
+			DEBUG(7,("spoolss_io_devmode: allocated memory [%d] for private\n",devmode->driverextra)); 
+		}
+			
+		DEBUG(7,("spoolss_io_devmode: parsing [%d] bytes of private\n",devmode->driverextra));
+		if (!prs_uint8s(False, "private",  ps, depth,
+				devmode->private, devmode->driverextra))
+			return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ Read or write a DEVICEMODE container
+********************************************************************/  
+
+static BOOL spoolss_io_devmode_cont(char *desc, DEVMODE_CTR *dm_c, prs_struct *ps, int depth)
+{
+	if (dm_c==NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "spoolss_io_devmode_cont");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if (!prs_uint32("size", ps, depth, &dm_c->size))
+		return False;
+
+	if (!prs_uint32("devmode_ptr", ps, depth, &dm_c->devmode_ptr))
+		return False;
+
+	if (dm_c->size==0 || dm_c->devmode_ptr==0) {
+		if (UNMARSHALLING(ps))
+			/* if while reading there is no DEVMODE ... */
+			dm_c->devmode=NULL;
+		return True;
+	}
+	
+	/* so we have a DEVICEMODE to follow */		
+	if (UNMARSHALLING(ps)) {
+		DEBUG(9,("Allocating memory for spoolss_io_devmode\n"));
+		dm_c->devmode=(DEVICEMODE *)prs_alloc_mem(ps,sizeof(DEVICEMODE));
+		if(dm_c->devmode == NULL)
+			return False;
+	}
+	
+	/* this is bad code, shouldn't be there */
+	if (!prs_uint32("size", ps, depth, &dm_c->size))
+		return False;
+		
+	if (!spoolss_io_devmode(desc, ps, depth, dm_c->devmode))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+
+static BOOL spoolss_io_printer_default(char *desc, PRINTER_DEFAULT *pd, prs_struct *ps, int depth)
+{
+	if (pd==NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "spoolss_io_printer_default");
+	depth++;
+
+	if (!prs_uint32("datatype_ptr", ps, depth, &pd->datatype_ptr))
+		return False;
+
+	if (!smb_io_unistr2("datatype", &pd->datatype, pd->datatype_ptr, ps,depth))
+		return False;
+	
+	if (!prs_align(ps))
+		return False;
+
+	if (!spoolss_io_devmode_cont("", &pd->devmode_cont, ps, depth))
+		return False;
+
+	if (!prs_align(ps))
+		return False;
+
+	if (!prs_uint32("access_required", ps, depth, &pd->access_required))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ * init a structure.
+ ********************************************************************/
+
+BOOL make_spoolss_q_open_printer_ex(SPOOL_Q_OPEN_PRINTER_EX *q_u,
+		const fstring printername, 
+		const fstring datatype, 
+		uint32 access_required,
+		const fstring clientname,
+		const fstring user_name)
+{
+	DEBUG(5,("make_spoolss_q_open_printer_ex\n"));
+	q_u->printername_ptr = (printername!=NULL)?1:0;
+	init_unistr2(&q_u->printername, printername, strlen(printername)+1);
+
+	q_u->printer_default.datatype_ptr = 0;
+/*
+	q_u->printer_default.datatype_ptr = (datatype!=NULL)?1:0;
+	init_unistr2(&q_u->printer_default.datatype, datatype, strlen(datatype));
+*/
+	q_u->printer_default.devmode_cont.size=0;
+	q_u->printer_default.devmode_cont.devmode_ptr=0;
+	q_u->printer_default.devmode_cont.devmode=NULL;
+	q_u->printer_default.access_required=access_required;
+	q_u->user_switch=1;
+	q_u->user_ctr.level=1;
+	q_u->user_ctr.ptr=1;
+	q_u->user_ctr.user1.size=strlen(clientname)+strlen(user_name)+10;
+	q_u->user_ctr.user1.client_name_ptr = (clientname!=NULL)?1:0;
+	q_u->user_ctr.user1.user_name_ptr = (user_name!=NULL)?1:0;
+	q_u->user_ctr.user1.build=1381;
+	q_u->user_ctr.user1.major=2;
+	q_u->user_ctr.user1.minor=0;
+	q_u->user_ctr.user1.processor=0;
+	init_unistr2(&q_u->user_ctr.user1.client_name, clientname, strlen(clientname)+1);
+	init_unistr2(&q_u->user_ctr.user1.user_name, user_name, strlen(user_name)+1);
+	
+	return True;
+}
+
+/*******************************************************************
+ * init a structure.
+ ********************************************************************/
+
+BOOL make_spoolss_q_addprinterex(
+	TALLOC_CTX *mem_ctx,
+	SPOOL_Q_ADDPRINTEREX *q_u, 
+	const char *srv_name,
+	const char* clientname, 
+	const char* user_name,
+	uint32 level, 
+	PRINTER_INFO_CTR *ctr)
+{
+	DEBUG(5,("make_spoolss_q_addprinterex\n"));
+	
+	if (!ctr) return False;
+
+	ZERO_STRUCTP(q_u);
+
+	q_u->server_name_ptr = (srv_name!=NULL)?1:0;
+	init_unistr2(&q_u->server_name, srv_name, strlen(srv_name));
+
+	q_u->level = level;
+	
+	q_u->info.level = level;
+	q_u->info.info_ptr = (ctr->printers_2!=NULL)?1:0;
+	switch (level) {
+		case 2:
+			/* init q_u->info.info2 from *info */
+			if (!make_spoolss_printer_info_2(mem_ctx, &q_u->info.info_2, ctr->printers_2)) {
+				DEBUG(0,("make_spoolss_q_addprinterex: Unable to fill SPOOL_Q_ADDPRINTEREX struct!\n"));
+				return False;
+			}
+			break;
+		default :
+			break;
+	}
+
+	q_u->user_switch=1;
+
+	q_u->user_ctr.level=1;
+	q_u->user_ctr.ptr=1;
+	q_u->user_ctr.user1.client_name_ptr = (clientname!=NULL)?1:0;
+	q_u->user_ctr.user1.user_name_ptr = (user_name!=NULL)?1:0;
+	q_u->user_ctr.user1.build=1381;
+	q_u->user_ctr.user1.major=2;
+	q_u->user_ctr.user1.minor=0;
+	q_u->user_ctr.user1.processor=0;
+	init_unistr2(&q_u->user_ctr.user1.client_name, clientname, strlen(clientname)+1);
+	init_unistr2(&q_u->user_ctr.user1.user_name, user_name, strlen(user_name)+1);
+	q_u->user_ctr.user1.size=q_u->user_ctr.user1.user_name.uni_str_len +
+	                         q_u->user_ctr.user1.client_name.uni_str_len + 2;
+	
+	return True;
+}
+	
+/*******************************************************************
+create a SPOOL_PRINTER_INFO_2 stuct from a PRINTER_INFO_2 struct
+*******************************************************************/
+
+BOOL make_spoolss_printer_info_2(TALLOC_CTX *mem_ctx, SPOOL_PRINTER_INFO_LEVEL_2 **spool_info2, 
+				PRINTER_INFO_2 *info)
+{
+
+	SPOOL_PRINTER_INFO_LEVEL_2 *inf;
+
+	/* allocate the necessary memory */
+	if (!(inf=(SPOOL_PRINTER_INFO_LEVEL_2*)talloc(mem_ctx, sizeof(SPOOL_PRINTER_INFO_LEVEL_2)))) {
+		DEBUG(0,("make_spoolss_printer_info_2: Unable to allocate SPOOL_PRINTER_INFO_LEVEL_2 sruct!\n"));
+		return False;
+	}
+	
+	inf->servername_ptr 	= (info->servername.buffer!=NULL)?1:0;
+	inf->printername_ptr 	= (info->printername.buffer!=NULL)?1:0;
+	inf->sharename_ptr 	= (info->sharename.buffer!=NULL)?1:0;
+	inf->portname_ptr 	= (info->portname.buffer!=NULL)?1:0;
+	inf->drivername_ptr 	= (info->drivername.buffer!=NULL)?1:0;
+	inf->comment_ptr 	= (info->comment.buffer!=NULL)?1:0;
+	inf->location_ptr 	= (info->location.buffer!=NULL)?1:0;
+	inf->devmode_ptr 	= (info->devmode!=NULL)?1:0;
+	inf->sepfile_ptr 	= (info->sepfile.buffer!=NULL)?1:0;
+	inf->printprocessor_ptr = (info->printprocessor.buffer!=NULL)?1:0;
+	inf->datatype_ptr 	= (info->datatype.buffer!=NULL)?1:0;
+	inf->parameters_ptr 	= (info->parameters.buffer!=NULL)?1:0;
+	inf->secdesc_ptr 	= (info->secdesc!=NULL)?1:0;
+	inf->attributes 	= info->attributes;
+	inf->priority 		= info->priority;
+	inf->default_priority 	= info->defaultpriority;
+	inf->starttime		= info->starttime;
+	inf->untiltime		= info->untiltime;
+	inf->cjobs		= info->cjobs;
+	inf->averageppm	= info->averageppm;
+	init_unistr2_from_unistr(&inf->servername, 	&info->servername);
+	init_unistr2_from_unistr(&inf->printername, 	&info->printername);
+	init_unistr2_from_unistr(&inf->sharename, 	&info->sharename);
+	init_unistr2_from_unistr(&inf->portname, 	&info->portname);
+	init_unistr2_from_unistr(&inf->drivername, 	&info->drivername);
+	init_unistr2_from_unistr(&inf->comment, 	&info->comment);
+	init_unistr2_from_unistr(&inf->location, 	&info->location);
+	init_unistr2_from_unistr(&inf->sepfile, 	&info->sepfile);
+	init_unistr2_from_unistr(&inf->printprocessor,	&info->printprocessor);
+	init_unistr2_from_unistr(&inf->datatype, 	&info->datatype);
+	init_unistr2_from_unistr(&inf->parameters, 	&info->parameters);
+	init_unistr2_from_unistr(&inf->datatype, 	&info->datatype);
+
+	*spool_info2 = inf;
+
+	return True;
+}
+
+/*******************************************************************
+ * read a structure.
+ * called from spoolss_q_open_printer_ex (srv_spoolss.c)
+ ********************************************************************/
+
+BOOL spoolss_io_q_open_printer(char *desc, SPOOL_Q_OPEN_PRINTER *q_u, prs_struct *ps, int depth)
+{
+	if (q_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "spoolss_io_q_open_printer");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+
+	if (!prs_uint32("printername_ptr", ps, depth, &q_u->printername_ptr))
+		return False;
+	if (!smb_io_unistr2("", &q_u->printername, q_u->printername_ptr, ps,depth))
+		return False;
+	
+	if (!prs_align(ps))
+		return False;
+
+	if (!spoolss_io_printer_default("", &q_u->printer_default, ps, depth))
+		return False;
+		
+	return True;
+}
+
+/*******************************************************************
+ * write a structure.
+ * called from static spoolss_r_open_printer_ex (srv_spoolss.c)
+ * called from spoolss_open_printer_ex (cli_spoolss.c)
+ ********************************************************************/
+
+BOOL spoolss_io_r_open_printer(char *desc, SPOOL_R_OPEN_PRINTER *r_u, prs_struct *ps, int depth)
+{
+	if (r_u == NULL) return False;
+
+	prs_debug(ps, depth, desc, "spoolss_io_r_open_printer");
+	depth++;
+	
+	if (!prs_align(ps))
+		return False;
+
+	if (!smb_io_pol_hnd("printer handle",&(r_u->handle),ps,depth))
+		return False;	
+
+	if (!prs_werror("status code", ps, depth, &(r_u->status)))
+		return False;
+		
+	return True;
+}
+
+
+/*******************************************************************
+ * read a structure.
+ * called from spoolss_q_open_printer_ex (srv_spoolss.c)
+ ********************************************************************/
+
+BOOL spoolss_io_q_open_printer_ex(char *desc, SPOOL_Q_OPEN_PRINTER_EX *q_u, prs_struct *ps, int depth)
+{
+	if (q_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "spoolss_io_q_open_printer_ex");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+
+	if (!prs_uint32("printername_ptr", ps, depth, &q_u->printername_ptr))
+		return False;
+	if (!smb_io_unistr2("", &q_u->printername, q_u->printername_ptr, ps,depth))
+		return False;
+	
+	if (!prs_align(ps))
+		return False;
+
+	if (!spoolss_io_printer_default("", &q_u->printer_default, ps, depth))
+		return False;
+
+	if (!prs_uint32("user_switch", ps, depth, &q_u->user_switch))
+		return False;	
+	if (!spool_io_user_level("", &q_u->user_ctr, ps, depth))
+		return False;
+	
+	return True;
+}
+
+/*******************************************************************
+ * write a structure.
+ * called from static spoolss_r_open_printer_ex (srv_spoolss.c)
+ * called from spoolss_open_printer_ex (cli_spoolss.c)
+ ********************************************************************/
+
+BOOL spoolss_io_r_open_printer_ex(char *desc, SPOOL_R_OPEN_PRINTER_EX *r_u, prs_struct *ps, int depth)
+{
+	if (r_u == NULL) return False;
+
+	prs_debug(ps, depth, desc, "spoolss_io_r_open_printer_ex");
+	depth++;
+	
+	if (!prs_align(ps))
+		return False;
+
+	if (!smb_io_pol_hnd("printer handle",&(r_u->handle),ps,depth))
+		return False;
+
+	if (!prs_werror("status code", ps, depth, &(r_u->status)))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ * init a structure.
+ ********************************************************************/
+BOOL make_spoolss_q_deleteprinterdriver(
+	TALLOC_CTX *mem_ctx,
+	SPOOL_Q_DELETEPRINTERDRIVER *q_u, 
+	const char *server,
+	const char* arch, 
+	const char* driver 
+)
+{
+	DEBUG(5,("make_spoolss_q_deleteprinterdriver\n"));
+	
+	q_u->server_ptr = (server!=NULL)?1:0;
+
+	/* these must be NULL terminated or else NT4 will
+	   complain about invalid parameters --jerry */
+	init_unistr2(&q_u->server, server, strlen(server)+1);
+	init_unistr2(&q_u->arch, arch, strlen(arch)+1);
+	init_unistr2(&q_u->driver, driver, strlen(driver)+1);
+
+	
+	return True;
+}
+
+
+/*******************************************************************
+ * make a structure.
+ ********************************************************************/
+
+BOOL make_spoolss_q_getprinterdata(SPOOL_Q_GETPRINTERDATA *q_u,
+                                const POLICY_HND *handle,
+                                UNISTR2 *valuename, uint32 size)
+{
+        if (q_u == NULL) return False;
+
+        DEBUG(5,("make_spoolss_q_getprinterdata\n"));
+
+        q_u->handle = *handle;
+        copy_unistr2(&q_u->valuename, valuename);
+        q_u->size = size;
+
+        return True;
+}
+
+/*******************************************************************
+ * read a structure.
+ * called from spoolss_q_getprinterdata (srv_spoolss.c)
+ ********************************************************************/
+
+BOOL spoolss_io_q_getprinterdata(char *desc, SPOOL_Q_GETPRINTERDATA *q_u, prs_struct *ps, int depth)
+{
+	if (q_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "spoolss_io_q_getprinterdata");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+	if (!smb_io_pol_hnd("printer handle",&q_u->handle,ps,depth))
+		return False;
+	if (!prs_align(ps))
+		return False;
+	if (!smb_io_unistr2("valuename", &q_u->valuename,True,ps,depth))
+		return False;
+	if (!prs_align(ps))
+		return False;
+	if (!prs_uint32("size", ps, depth, &q_u->size))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ * read a structure.
+ * called from spoolss_q_deleteprinterdata (srv_spoolss.c)
+ ********************************************************************/
+
+BOOL spoolss_io_q_deleteprinterdata(char *desc, SPOOL_Q_DELETEPRINTERDATA *q_u, prs_struct *ps, int depth)
+{
+	if (q_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "spoolss_io_q_deleteprinterdata");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+	if (!smb_io_pol_hnd("printer handle",&q_u->handle,ps,depth))
+		return False;
+	if (!prs_align(ps))
+		return False;
+	if (!smb_io_unistr2("valuename", &q_u->valuename,True,ps,depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ * write a structure.
+ * called from spoolss_r_deleteprinterdata (srv_spoolss.c)
+ ********************************************************************/
+
+BOOL spoolss_io_r_deleteprinterdata(char *desc, SPOOL_R_DELETEPRINTERDATA *r_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_r_deleteprinterdata");
+	depth++;
+	if(!prs_werror("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ * write a structure.
+ * called from spoolss_r_getprinterdata (srv_spoolss.c)
+ ********************************************************************/
+
+BOOL spoolss_io_r_getprinterdata(char *desc, SPOOL_R_GETPRINTERDATA *r_u, prs_struct *ps, int depth)
+{
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "spoolss_io_r_getprinterdata");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+	if (!prs_uint32("type", ps, depth, &r_u->type))
+		return False;
+	if (!prs_uint32("size", ps, depth, &r_u->size))
+		return False;
+	
+	if (!prs_uint8s(False,"data", ps, depth, r_u->data, r_u->size))
+		return False;
+		
+	if (!prs_align(ps))
+		return False;
+	
+	if (!prs_uint32("needed", ps, depth, &r_u->needed))
+		return False;
+	if (!prs_werror("status", ps, depth, &r_u->status))
+		return False;
+		
+	return True;
+}
+
+/*******************************************************************
+ * make a structure.
+ ********************************************************************/
+
+BOOL make_spoolss_q_closeprinter(SPOOL_Q_CLOSEPRINTER *q_u, POLICY_HND *hnd)
+{
+	if (q_u == NULL) return False;
+
+	DEBUG(5,("make_spoolss_q_closeprinter\n"));
+
+	memcpy(&q_u->handle, hnd, sizeof(q_u->handle));
+
+	return True;
+}
+
+/*******************************************************************
+ * read a structure.
+ * called from static spoolss_q_abortprinter (srv_spoolss.c)
+ * called from spoolss_abortprinter (cli_spoolss.c)
+ ********************************************************************/
+
+BOOL spoolss_io_q_abortprinter(char *desc, SPOOL_Q_ABORTPRINTER *q_u, prs_struct *ps, int depth)
+{
+	if (q_u == NULL) return False;
+
+	prs_debug(ps, depth, desc, "spoolss_io_q_abortprinter");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+
+	if (!smb_io_pol_hnd("printer handle",&q_u->handle,ps,depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ * write a structure.
+ * called from spoolss_r_abortprinter (srv_spoolss.c)
+ ********************************************************************/
+
+BOOL spoolss_io_r_abortprinter(char *desc, SPOOL_R_ABORTPRINTER *r_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_r_abortprinter");
+	depth++;
+	if(!prs_werror("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ * read a structure.
+ * called from static spoolss_q_deleteprinter (srv_spoolss.c)
+ * called from spoolss_deleteprinter (cli_spoolss.c)
+ ********************************************************************/
+
+BOOL spoolss_io_q_deleteprinter(char *desc, SPOOL_Q_DELETEPRINTER *q_u, prs_struct *ps, int depth)
+{
+	if (q_u == NULL) return False;
+
+	prs_debug(ps, depth, desc, "spoolss_io_q_deleteprinter");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+
+	if (!smb_io_pol_hnd("printer handle",&q_u->handle,ps,depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ * write a structure.
+ * called from static spoolss_r_deleteprinter (srv_spoolss.c)
+ * called from spoolss_deleteprinter (cli_spoolss.c)
+ ********************************************************************/
+
+BOOL spoolss_io_r_deleteprinter(char *desc, SPOOL_R_DELETEPRINTER *r_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_r_deleteprinter");
+	depth++;
+	
+	if (!prs_align(ps))
+		return False;
+
+	if (!smb_io_pol_hnd("printer handle",&r_u->handle,ps,depth))
+		return False;
+	if (!prs_werror("status", ps, depth, &r_u->status))
+		return False;
+	
+	return True;
+}
+
+
+/*******************************************************************
+ * read a structure.
+ * called from api_spoolss_deleteprinterdriver (srv_spoolss.c)
+ * called from spoolss_deleteprinterdriver (cli_spoolss.c)
+ ********************************************************************/
+
+BOOL spoolss_io_q_deleteprinterdriver(char *desc, SPOOL_Q_DELETEPRINTERDRIVER *q_u, prs_struct *ps, int depth)
+{
+	if (q_u == NULL) return False;
+
+	prs_debug(ps, depth, desc, "spoolss_io_q_deleteprinterdriver");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("server_ptr", ps, depth, &q_u->server_ptr))
+		return False;		
+	if(!smb_io_unistr2("server", &q_u->server, q_u->server_ptr, ps, depth))
+		return False;
+	if(!smb_io_unistr2("arch", &q_u->arch, True, ps, depth))
+		return False;
+	if(!smb_io_unistr2("driver", &q_u->driver, True, ps, depth))
+		return False;
+
+
+	return True;
+}
+
+
+/*******************************************************************
+ * write a structure.
+ ********************************************************************/
+BOOL spoolss_io_r_deleteprinterdriver(char *desc, SPOOL_R_DELETEPRINTERDRIVER *r_u, prs_struct *ps, int depth)
+{
+	if (r_u == NULL) return False;
+
+	prs_debug(ps, depth, desc, "spoolss_io_r_deleteprinterdriver");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+
+	if (!prs_werror("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+
+
+/*******************************************************************
+ * read a structure.
+ * called from static spoolss_q_closeprinter (srv_spoolss.c)
+ * called from spoolss_closeprinter (cli_spoolss.c)
+ ********************************************************************/
+
+BOOL spoolss_io_q_closeprinter(char *desc, SPOOL_Q_CLOSEPRINTER *q_u, prs_struct *ps, int depth)
+{
+	if (q_u == NULL) return False;
+
+	prs_debug(ps, depth, desc, "spoolss_io_q_closeprinter");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+
+	if (!smb_io_pol_hnd("printer handle",&q_u->handle,ps,depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ * write a structure.
+ * called from static spoolss_r_closeprinter (srv_spoolss.c)
+ * called from spoolss_closeprinter (cli_spoolss.c)
+ ********************************************************************/
+
+BOOL spoolss_io_r_closeprinter(char *desc, SPOOL_R_CLOSEPRINTER *r_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_r_closeprinter");
+	depth++;
+	
+	if (!prs_align(ps))
+		return False;
+
+	if (!smb_io_pol_hnd("printer handle",&r_u->handle,ps,depth))
+		return False;
+	if (!prs_werror("status", ps, depth, &r_u->status))
+		return False;
+	
+	return True;
+}
+
+/*******************************************************************
+ * read a structure.
+ * called from spoolss_q_startdocprinter (srv_spoolss.c)
+ ********************************************************************/
+
+BOOL spoolss_io_q_startdocprinter(char *desc, SPOOL_Q_STARTDOCPRINTER *q_u, prs_struct *ps, int depth)
+{
+	if (q_u == NULL) return False;
+
+	prs_debug(ps, depth, desc, "spoolss_io_q_startdocprinter");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("printer handle",&q_u->handle,ps,depth))
+		return False;
+	
+	if(!smb_io_doc_info_container("",&q_u->doc_info_container, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ * write a structure.
+ * called from spoolss_r_startdocprinter (srv_spoolss.c)
+ ********************************************************************/
+
+BOOL spoolss_io_r_startdocprinter(char *desc, SPOOL_R_STARTDOCPRINTER *r_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_r_startdocprinter");
+	depth++;
+	if(!prs_uint32("jobid", ps, depth, &r_u->jobid))
+		return False;
+	if(!prs_werror("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ * read a structure.
+ * called from spoolss_q_enddocprinter (srv_spoolss.c)
+ ********************************************************************/
+
+BOOL spoolss_io_q_enddocprinter(char *desc, SPOOL_Q_ENDDOCPRINTER *q_u, prs_struct *ps, int depth)
+{
+	if (q_u == NULL) return False;
+
+	prs_debug(ps, depth, desc, "spoolss_io_q_enddocprinter");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("printer handle",&q_u->handle,ps,depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ * write a structure.
+ * called from spoolss_r_enddocprinter (srv_spoolss.c)
+ ********************************************************************/
+
+BOOL spoolss_io_r_enddocprinter(char *desc, SPOOL_R_ENDDOCPRINTER *r_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_r_enddocprinter");
+	depth++;
+	if(!prs_werror("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ * read a structure.
+ * called from spoolss_q_startpageprinter (srv_spoolss.c)
+ ********************************************************************/
+
+BOOL spoolss_io_q_startpageprinter(char *desc, SPOOL_Q_STARTPAGEPRINTER *q_u, prs_struct *ps, int depth)
+{
+	if (q_u == NULL) return False;
+
+	prs_debug(ps, depth, desc, "spoolss_io_q_startpageprinter");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("printer handle",&q_u->handle,ps,depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ * write a structure.
+ * called from spoolss_r_startpageprinter (srv_spoolss.c)
+ ********************************************************************/
+
+BOOL spoolss_io_r_startpageprinter(char *desc, SPOOL_R_STARTPAGEPRINTER *r_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_r_startpageprinter");
+	depth++;
+	if(!prs_werror("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ * read a structure.
+ * called from spoolss_q_endpageprinter (srv_spoolss.c)
+ ********************************************************************/
+
+BOOL spoolss_io_q_endpageprinter(char *desc, SPOOL_Q_ENDPAGEPRINTER *q_u, prs_struct *ps, int depth)
+{
+	if (q_u == NULL) return False;
+
+	prs_debug(ps, depth, desc, "spoolss_io_q_endpageprinter");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("printer handle",&q_u->handle,ps,depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ * write a structure.
+ * called from spoolss_r_endpageprinter (srv_spoolss.c)
+ ********************************************************************/
+
+BOOL spoolss_io_r_endpageprinter(char *desc, SPOOL_R_ENDPAGEPRINTER *r_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_r_endpageprinter");
+	depth++;
+	if(!prs_werror("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ * read a structure.
+ * called from spoolss_q_writeprinter (srv_spoolss.c)
+ ********************************************************************/
+
+BOOL spoolss_io_q_writeprinter(char *desc, SPOOL_Q_WRITEPRINTER *q_u, prs_struct *ps, int depth)
+{
+	if (q_u == NULL) return False;
+
+	prs_debug(ps, depth, desc, "spoolss_io_q_writeprinter");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("printer handle",&q_u->handle,ps,depth))
+		return False;
+	if(!prs_uint32("buffer_size", ps, depth, &q_u->buffer_size))
+		return False;
+	
+	if (q_u->buffer_size!=0)
+	{
+		if (UNMARSHALLING(ps))
+			q_u->buffer=(uint8 *)prs_alloc_mem(ps,q_u->buffer_size*sizeof(uint8));
+		if(q_u->buffer == NULL)
+			return False;	
+		if(!prs_uint8s(True, "buffer", ps, depth, q_u->buffer, q_u->buffer_size))
+			return False;
+	}
+	if(!prs_align(ps))
+		return False;
+	if(!prs_uint32("buffer_size2", ps, depth, &q_u->buffer_size2))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ * write a structure.
+ * called from spoolss_r_writeprinter (srv_spoolss.c)
+ ********************************************************************/
+
+BOOL spoolss_io_r_writeprinter(char *desc, SPOOL_R_WRITEPRINTER *r_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_r_writeprinter");
+	depth++;
+	if(!prs_uint32("buffer_written", ps, depth, &r_u->buffer_written))
+		return False;
+	if(!prs_werror("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ * read a structure.
+ * called from spoolss_q_rffpcnex (srv_spoolss.c)
+ ********************************************************************/
+
+BOOL spoolss_io_q_rffpcnex(char *desc, SPOOL_Q_RFFPCNEX *q_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_q_rffpcnex");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("printer handle", &q_u->handle, ps, depth))
+		return False;
+	if(!prs_uint32("flags", ps, depth, &q_u->flags))
+		return False;
+	if(!prs_uint32("options", ps, depth, &q_u->options))
+		return False;
+	if(!prs_uint32("localmachine_ptr", ps, depth, &q_u->localmachine_ptr))
+		return False;
+	if(!smb_io_unistr2("localmachine", &q_u->localmachine, q_u->localmachine_ptr, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+		
+	if(!prs_uint32("printerlocal", ps, depth, &q_u->printerlocal))
+		return False;
+
+	if(!prs_uint32("option_ptr", ps, depth, &q_u->option_ptr))
+		return False;
+	
+	if (q_u->option_ptr!=0) {
+	
+		if (UNMARSHALLING(ps))
+			if((q_u->option=(SPOOL_NOTIFY_OPTION *)prs_alloc_mem(ps,sizeof(SPOOL_NOTIFY_OPTION))) == NULL)
+				return False;
+	
+		if(!smb_io_notify_option("notify option", q_u->option, ps, depth))
+			return False;
+	}
+	
+	return True;
+}
+
+/*******************************************************************
+ * write a structure.
+ * called from spoolss_r_rffpcnex (srv_spoolss.c)
+ ********************************************************************/
+
+BOOL spoolss_io_r_rffpcnex(char *desc, SPOOL_R_RFFPCNEX *r_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_r_rffpcnex");
+	depth++;
+
+	if(!prs_werror("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ * read a structure.
+ * called from spoolss_q_rfnpcnex (srv_spoolss.c)
+ ********************************************************************/
+
+BOOL spoolss_io_q_rfnpcnex(char *desc, SPOOL_Q_RFNPCNEX *q_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_q_rfnpcnex");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("printer handle",&q_u->handle,ps,depth))
+		return False;
+
+	if(!prs_uint32("change", ps, depth, &q_u->change))
+		return False;
+	
+	if(!prs_uint32("option_ptr", ps, depth, &q_u->option_ptr))
+		return False;
+	
+	if (q_u->option_ptr!=0) {
+	
+		if (UNMARSHALLING(ps))
+			if((q_u->option=(SPOOL_NOTIFY_OPTION *)prs_alloc_mem(ps,sizeof(SPOOL_NOTIFY_OPTION))) == NULL)
+				return False;
+	
+		if(!smb_io_notify_option("notify option", q_u->option, ps, depth))
+			return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ * write a structure.
+ * called from spoolss_r_rfnpcnex (srv_spoolss.c)
+ ********************************************************************/
+
+BOOL spoolss_io_r_rfnpcnex(char *desc, SPOOL_R_RFNPCNEX *r_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_r_rfnpcnex");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+		
+	if (!prs_uint32("info_ptr", ps, depth, &r_u->info_ptr))
+		return False;
+
+	if(!smb_io_notify_info("notify info", &r_u->info ,ps,depth))
+		return False;
+	
+	if(!prs_align(ps))
+		return False;
+	if(!prs_werror("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ * return the length of a uint16 (obvious, but the code is clean)
+ ********************************************************************/
+
+static uint32 size_of_uint16(uint16 *value)
+{
+	return (sizeof(*value));
+}
+
+/*******************************************************************
+ * return the length of a uint32 (obvious, but the code is clean)
+ ********************************************************************/
+
+static uint32 size_of_uint32(uint32 *value)
+{
+	return (sizeof(*value));
+}
+
+/*******************************************************************
+ * return the length of a NTTIME (obvious, but the code is clean)
+ ********************************************************************/
+
+static uint32 size_of_nttime(NTTIME *value)
+{
+	return (sizeof(*value));
+}
+
+/*******************************************************************
+ * return the length of a UNICODE string in number of char, includes:
+ * - the leading zero
+ * - the relative pointer size
+ ********************************************************************/
+
+static uint32 size_of_relative_string(UNISTR *string)
+{
+	uint32 size=0;
+	
+	size=str_len_uni(string);	/* the string length       */
+	size=size+1;			/* add the leading zero    */
+	size=size*2;			/* convert in char         */
+	/* Ensure size is 4 byte multiple (prs_align is being called...). */
+	size += ((4 - (size & 3)) & 3);
+	size=size+4;			/* add the size of the ptr */	
+
+	return size;
+}
+
+/*******************************************************************
+ * return the length of a uint32 (obvious, but the code is clean)
+ ********************************************************************/
+
+static uint32 size_of_device_mode(DEVICEMODE *devmode)
+{
+	if (devmode==NULL)
+		return (4);
+	else 
+		return (4+devmode->size+devmode->driverextra);
+}
+
+/*******************************************************************
+ * return the length of a uint32 (obvious, but the code is clean)
+ ********************************************************************/
+
+static uint32 size_of_systemtime(SYSTEMTIME *systime)
+{
+	if (systime==NULL)
+		return (4);
+	else 
+		return (sizeof(SYSTEMTIME) +4);
+}
+
+/*******************************************************************
+ * write a UNICODE string.
+ * used by all the RPC structs passing a buffer
+ ********************************************************************/
+
+static BOOL spoolss_smb_io_unistr(char *desc, UNISTR *uni, prs_struct *ps, int depth)
+{
+	if (uni == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "spoolss_smb_io_unistr");
+	depth++;
+	
+	/* there should be no align here as it can mess up
+	   parsing a NEW_BUFFER->prs */
+#if 0	/* JERRY */
+	if (!prs_align(ps))
+		return False;
+#endif
+		
+	if (!prs_unistr("unistr", ps, depth, uni))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ * write a UNICODE string and its relative pointer.
+ * used by all the RPC structs passing a buffer
+ *
+ * As I'm a nice guy, I'm forcing myself to explain this code.
+ * MS did a good job in the overall spoolss code except in some
+ * functions where they are passing the API buffer directly in the
+ * RPC request/reply. That's to maintain compatiility at the API level.
+ * They could have done it the good way the first time.
+ *
+ * So what happen is: the strings are written at the buffer's end, 
+ * in the reverse order of the original structure. Some pointers to
+ * the strings are also in the buffer. Those are relative to the
+ * buffer's start.
+ *
+ * If you don't understand or want to change that function,
+ * first get in touch with me: jfm@samba.org
+ *
+ ********************************************************************/
+
+static BOOL smb_io_relstr(char *desc, NEW_BUFFER *buffer, int depth, UNISTR *string)
+{
+	prs_struct *ps=&buffer->prs;
+	
+	if (MARSHALLING(ps)) {
+		uint32 struct_offset = prs_offset(ps);
+		uint32 relative_offset;
+		
+		buffer->string_at_end -= (size_of_relative_string(string) - 4);
+		if(!prs_set_offset(ps, buffer->string_at_end))
+			return False;
+		if (!prs_align(ps))
+			return False;
+		buffer->string_at_end = prs_offset(ps);
+		
+		/* write the string */
+		if (!smb_io_unistr(desc, string, ps, depth))
+			return False;
+
+		if(!prs_set_offset(ps, struct_offset))
+			return False;
+		
+		relative_offset=buffer->string_at_end - buffer->struct_start;
+		/* write its offset */
+		if (!prs_uint32("offset", ps, depth, &relative_offset))
+			return False;
+	}
+	else {
+		uint32 old_offset;
+		
+		/* read the offset */
+		if (!prs_uint32("offset", ps, depth, &(buffer->string_at_end)))
+			return False;
+
+		old_offset = prs_offset(ps);
+		if(!prs_set_offset(ps, buffer->string_at_end+buffer->struct_start))
+			return False;
+
+		/* read the string */
+		if (!spoolss_smb_io_unistr(desc, string, ps, depth))
+			return False;
+
+		if(!prs_set_offset(ps, old_offset))
+			return False;
+	}
+	return True;
+}
+
+/*******************************************************************
+ * write a array of UNICODE strings and its relative pointer.
+ * used by 2 RPC structs
+ ********************************************************************/
+
+static BOOL smb_io_relarraystr(char *desc, NEW_BUFFER *buffer, int depth, uint16 **string)
+{
+	UNISTR chaine;
+	
+	prs_struct *ps=&buffer->prs;
+	
+	if (MARSHALLING(ps)) {
+		uint32 struct_offset = prs_offset(ps);
+		uint32 relative_offset;
+		uint16 *p;
+		uint16 *q;
+		uint16 zero=0;
+		p=*string;
+		q=*string;
+
+		/* first write the last 0 */
+		buffer->string_at_end -= 2;
+		if(!prs_set_offset(ps, buffer->string_at_end))
+			return False;
+
+		if(!prs_uint16("leading zero", ps, depth, &zero))
+			return False;
+
+		while (p && (*p!=0)) {	
+			while (*q!=0)
+				q++;
+
+			/* Yes this should be malloc not talloc. Don't change. */
+
+			chaine.buffer = malloc((q-p+1)*sizeof(uint16));
+			if (chaine.buffer == NULL)
+				return False;
+
+			memcpy(chaine.buffer, p, (q-p+1)*sizeof(uint16));
+
+			buffer->string_at_end -= (q-p+1)*sizeof(uint16);
+
+			if(!prs_set_offset(ps, buffer->string_at_end)) {
+				SAFE_FREE(chaine.buffer);
+				return False;
+			}
+
+			/* write the string */
+			if (!spoolss_smb_io_unistr(desc, &chaine, ps, depth)) {
+				SAFE_FREE(chaine.buffer);
+				return False;
+			}
+			q++;
+			p=q;
+
+			SAFE_FREE(chaine.buffer);
+		}
+		
+		if(!prs_set_offset(ps, struct_offset))
+			return False;
+		
+		relative_offset=buffer->string_at_end - buffer->struct_start;
+		/* write its offset */
+		if (!prs_uint32("offset", ps, depth, &relative_offset))
+			return False;
+
+	} else {
+
+		/* UNMARSHALLING */
+
+		uint32 old_offset;
+		uint16 *chaine2=NULL;
+		int l_chaine=0;
+		int l_chaine2=0;
+		size_t realloc_size = 0;
+
+		*string=NULL;
+				
+		/* read the offset */
+		if (!prs_uint32("offset", ps, depth, &buffer->string_at_end))
+			return False;
+
+		old_offset = prs_offset(ps);
+		if(!prs_set_offset(ps, buffer->string_at_end + buffer->struct_start))
+			return False;
+	
+		do {
+			if (!spoolss_smb_io_unistr(desc, &chaine, ps, depth))
+				return False;
+			
+			l_chaine=str_len_uni(&chaine);
+			
+			/* we're going to add two more bytes here in case this
+			   is the last string in the array and we need to add 
+			   an extra NULL for termination */
+			if (l_chaine > 0)
+			{
+				uint16 *tc2;
+			
+				realloc_size = (l_chaine2+l_chaine+2)*sizeof(uint16);
+
+				/* Yes this should be realloc - it's freed below. JRA */
+
+				if((tc2=(uint16 *)Realloc(chaine2, realloc_size)) == NULL) {
+					SAFE_FREE(chaine2);
+					return False;
+				}
+				else chaine2 = tc2;
+				memcpy(chaine2+l_chaine2, chaine.buffer, (l_chaine+1)*sizeof(uint16));
+				l_chaine2+=l_chaine+1;
+			}
+		
+		} while(l_chaine!=0);
+		
+		/* the end should be bould NULL terminated so add 
+		   the second one here */
+		if (chaine2)
+		{
+			chaine2[l_chaine2] = '\0';
+			*string=(uint16 *)talloc_memdup(prs_get_mem_context(ps),chaine2,realloc_size);
+			SAFE_FREE(chaine2);
+		}
+
+		if(!prs_set_offset(ps, old_offset))
+			return False;
+	}
+	return True;
+}
+
+/*******************************************************************
+ Parse a DEVMODE structure and its relative pointer.
+********************************************************************/
+
+static BOOL smb_io_relsecdesc(char *desc, NEW_BUFFER *buffer, int depth, SEC_DESC **secdesc)
+{
+	prs_struct *ps= &buffer->prs;
+
+	prs_debug(ps, depth, desc, "smb_io_relsecdesc");
+	depth++;
+
+	if (MARSHALLING(ps)) {
+		uint32 struct_offset = prs_offset(ps);
+		uint32 relative_offset;
+
+		if (! *secdesc) {
+			relative_offset = 0;
+			if (!prs_uint32("offset", ps, depth, &relative_offset))
+				return False;
+			return True;
+		}
+		
+		if (*secdesc != NULL) {
+			buffer->string_at_end -= sec_desc_size(*secdesc);
+
+			if(!prs_set_offset(ps, buffer->string_at_end))
+				return False;
+			/* write the secdesc */
+			if (!sec_io_desc(desc, secdesc, ps, depth))
+				return False;
+
+			if(!prs_set_offset(ps, struct_offset))
+				return False;
+		}
+
+		relative_offset=buffer->string_at_end - buffer->struct_start;
+		/* write its offset */
+
+		if (!prs_uint32("offset", ps, depth, &relative_offset))
+			return False;
+	} else {
+		uint32 old_offset;
+		
+		/* read the offset */
+		if (!prs_uint32("offset", ps, depth, &buffer->string_at_end))
+			return False;
+
+		old_offset = prs_offset(ps);
+		if(!prs_set_offset(ps, buffer->string_at_end + buffer->struct_start))
+			return False;
+
+		/* read the sd */
+		if (!sec_io_desc(desc, secdesc, ps, depth))
+			return False;
+
+		if(!prs_set_offset(ps, old_offset))
+			return False;
+	}
+	return True;
+}
+
+/*******************************************************************
+ Parse a DEVMODE structure and its relative pointer.
+********************************************************************/
+
+static BOOL smb_io_reldevmode(char *desc, NEW_BUFFER *buffer, int depth, DEVICEMODE **devmode)
+{
+	prs_struct *ps=&buffer->prs;
+
+	prs_debug(ps, depth, desc, "smb_io_reldevmode");
+	depth++;
+
+	if (MARSHALLING(ps)) {
+		uint32 struct_offset = prs_offset(ps);
+		uint32 relative_offset;
+		
+		if (*devmode == NULL) {
+			relative_offset=0;
+			if (!prs_uint32("offset", ps, depth, &relative_offset))
+				return False;
+			DEBUG(8, ("boing, the devmode was NULL\n"));
+			
+			return True;
+		}
+		
+		buffer->string_at_end -= ((*devmode)->size + (*devmode)->driverextra);
+		
+		if(!prs_set_offset(ps, buffer->string_at_end))
+			return False;
+		
+		/* write the DEVMODE */
+		if (!spoolss_io_devmode(desc, ps, depth, *devmode))
+			return False;
+
+		if(!prs_set_offset(ps, struct_offset))
+			return False;
+		
+		relative_offset=buffer->string_at_end - buffer->struct_start;
+		/* write its offset */
+		if (!prs_uint32("offset", ps, depth, &relative_offset))
+			return False;
+	}
+	else {
+		uint32 old_offset;
+		
+		/* read the offset */
+		if (!prs_uint32("offset", ps, depth, &buffer->string_at_end))
+			return False;
+
+		old_offset = prs_offset(ps);
+		if(!prs_set_offset(ps, buffer->string_at_end + buffer->struct_start))
+			return False;
+
+		/* read the string */
+		if((*devmode=(DEVICEMODE *)prs_alloc_mem(ps,sizeof(DEVICEMODE))) == NULL)
+			return False;
+		if (!spoolss_io_devmode(desc, ps, depth, *devmode))
+			return False;
+
+		if(!prs_set_offset(ps, old_offset))
+			return False;
+	}
+	return True;
+}
+
+/*******************************************************************
+ Parse a PRINTER_INFO_0 structure.
+********************************************************************/  
+
+BOOL smb_io_printer_info_0(char *desc, NEW_BUFFER *buffer, PRINTER_INFO_0 *info, int depth)
+{
+	prs_struct *ps=&buffer->prs;
+
+	prs_debug(ps, depth, desc, "smb_io_printer_info_0");
+	depth++;	
+	
+	buffer->struct_start=prs_offset(ps);
+
+	if (!smb_io_relstr("printername", buffer, depth, &info->printername))
+		return False;
+	if (!smb_io_relstr("servername", buffer, depth, &info->servername))
+		return False;
+	
+	if(!prs_uint32("cjobs", ps, depth, &info->cjobs))
+		return False;
+	if(!prs_uint32("total_jobs", ps, depth, &info->total_jobs))
+		return False;
+	if(!prs_uint32("total_bytes", ps, depth, &info->total_bytes))
+		return False;
+
+	if(!prs_uint16("year", ps, depth, &info->year))
+		return False;
+	if(!prs_uint16("month", ps, depth, &info->month))
+		return False;
+	if(!prs_uint16("dayofweek", ps, depth, &info->dayofweek))
+		return False;
+	if(!prs_uint16("day", ps, depth, &info->day))
+		return False;
+	if(!prs_uint16("hour", ps, depth, &info->hour))
+		return False;
+	if(!prs_uint16("minute", ps, depth, &info->minute))
+		return False;
+	if(!prs_uint16("second", ps, depth, &info->second))
+		return False;
+	if(!prs_uint16("milliseconds", ps, depth, &info->milliseconds))
+		return False;
+
+	if(!prs_uint32("global_counter", ps, depth, &info->global_counter))
+		return False;
+	if(!prs_uint32("total_pages", ps, depth, &info->total_pages))
+		return False;
+
+	if(!prs_uint16("major_version", ps, depth, &info->major_version))
+		return False;
+	if(!prs_uint16("build_version", ps, depth, &info->build_version))
+		return False;
+	if(!prs_uint32("unknown7", ps, depth, &info->unknown7))
+		return False;
+	if(!prs_uint32("unknown8", ps, depth, &info->unknown8))
+		return False;
+	if(!prs_uint32("unknown9", ps, depth, &info->unknown9))
+		return False;
+	if(!prs_uint32("session_counter", ps, depth, &info->session_counter))
+		return False;
+	if(!prs_uint32("unknown11", ps, depth, &info->unknown11))
+		return False;
+	if(!prs_uint32("printer_errors", ps, depth, &info->printer_errors))
+		return False;
+	if(!prs_uint32("unknown13", ps, depth, &info->unknown13))
+		return False;
+	if(!prs_uint32("unknown14", ps, depth, &info->unknown14))
+		return False;
+	if(!prs_uint32("unknown15", ps, depth, &info->unknown15))
+		return False;
+	if(!prs_uint32("unknown16", ps, depth, &info->unknown16))
+		return False;
+	if(!prs_uint32("change_id", ps, depth, &info->change_id))
+		return False;
+	if(!prs_uint32("unknown18", ps, depth, &info->unknown18))
+		return False;
+	if(!prs_uint32("status"   , ps, depth, &info->status))
+		return False;
+	if(!prs_uint32("unknown20", ps, depth, &info->unknown20))
+		return False;
+	if(!prs_uint32("c_setprinter", ps, depth, &info->c_setprinter))
+		return False;
+	if(!prs_uint16("unknown22", ps, depth, &info->unknown22))
+		return False;
+	if(!prs_uint16("unknown23", ps, depth, &info->unknown23))
+		return False;
+	if(!prs_uint16("unknown24", ps, depth, &info->unknown24))
+		return False;
+	if(!prs_uint16("unknown25", ps, depth, &info->unknown25))
+		return False;
+	if(!prs_uint16("unknown26", ps, depth, &info->unknown26))
+		return False;
+	if(!prs_uint16("unknown27", ps, depth, &info->unknown27))
+		return False;
+	if(!prs_uint16("unknown28", ps, depth, &info->unknown28))
+		return False;
+	if(!prs_uint16("unknown29", ps, depth, &info->unknown29))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Parse a PRINTER_INFO_1 structure.
+********************************************************************/  
+
+BOOL smb_io_printer_info_1(char *desc, NEW_BUFFER *buffer, PRINTER_INFO_1 *info, int depth)
+{
+	prs_struct *ps=&buffer->prs;
+
+	prs_debug(ps, depth, desc, "smb_io_printer_info_1");
+	depth++;	
+	
+	buffer->struct_start=prs_offset(ps);
+
+	if (!prs_uint32("flags", ps, depth, &info->flags))
+		return False;
+	if (!smb_io_relstr("description", buffer, depth, &info->description))
+		return False;
+	if (!smb_io_relstr("name", buffer, depth, &info->name))
+		return False;
+	if (!smb_io_relstr("comment", buffer, depth, &info->comment))
+		return False;	
+
+	return True;
+}
+
+/*******************************************************************
+ Parse a PRINTER_INFO_2 structure.
+********************************************************************/  
+
+BOOL smb_io_printer_info_2(char *desc, NEW_BUFFER *buffer, PRINTER_INFO_2 *info, int depth)
+{
+	prs_struct *ps=&buffer->prs;
+
+	prs_debug(ps, depth, desc, "smb_io_printer_info_2");
+	depth++;	
+	
+	buffer->struct_start=prs_offset(ps);
+	
+	if (!smb_io_relstr("servername", buffer, depth, &info->servername))
+		return False;
+	if (!smb_io_relstr("printername", buffer, depth, &info->printername))
+		return False;
+	if (!smb_io_relstr("sharename", buffer, depth, &info->sharename))
+		return False;
+	if (!smb_io_relstr("portname", buffer, depth, &info->portname))
+		return False;
+	if (!smb_io_relstr("drivername", buffer, depth, &info->drivername))
+		return False;
+	if (!smb_io_relstr("comment", buffer, depth, &info->comment))
+		return False;
+	if (!smb_io_relstr("location", buffer, depth, &info->location))
+		return False;
+
+	/* NT parses the DEVMODE at the end of the struct */
+	if (!smb_io_reldevmode("devmode", buffer, depth, &info->devmode))
+		return False;
+	
+	if (!smb_io_relstr("sepfile", buffer, depth, &info->sepfile))
+		return False;
+	if (!smb_io_relstr("printprocessor", buffer, depth, &info->printprocessor))
+		return False;
+	if (!smb_io_relstr("datatype", buffer, depth, &info->datatype))
+		return False;
+	if (!smb_io_relstr("parameters", buffer, depth, &info->parameters))
+		return False;
+
+	if (!smb_io_relsecdesc("secdesc", buffer, depth, &info->secdesc))
+		return False;
+
+	if (!prs_uint32("attributes", ps, depth, &info->attributes))
+		return False;
+	if (!prs_uint32("priority", ps, depth, &info->priority))
+		return False;
+	if (!prs_uint32("defpriority", ps, depth, &info->defaultpriority))
+		return False;
+	if (!prs_uint32("starttime", ps, depth, &info->starttime))
+		return False;
+	if (!prs_uint32("untiltime", ps, depth, &info->untiltime))
+		return False;
+	if (!prs_uint32("status", ps, depth, &info->status))
+		return False;
+	if (!prs_uint32("jobs", ps, depth, &info->cjobs))
+		return False;
+	if (!prs_uint32("averageppm", ps, depth, &info->averageppm))
+		return False;
+
+#if 0 /* JFMTEST */
+	if (!prs_uint32_post("secdesc_ptr", ps, depth, NULL, sec_offset, info->secdesc ? prs_offset(ps)-buffer->struct_start : 0 ))
+		return False;
+
+	if (!sec_io_desc("secdesc", &info->secdesc, ps, depth)) 
+		return False;
+#endif
+	return True;
+}
+
+/*******************************************************************
+ Parse a PRINTER_INFO_3 structure.
+********************************************************************/  
+
+BOOL smb_io_printer_info_3(char *desc, NEW_BUFFER *buffer, PRINTER_INFO_3 *info, int depth)
+{
+	prs_struct *ps=&buffer->prs;
+
+	prs_debug(ps, depth, desc, "smb_io_printer_info_3");
+	depth++;	
+	
+	buffer->struct_start=prs_offset(ps);
+	
+	if (!prs_uint32("flags", ps, depth, &info->flags))
+		return False;
+	if (!sec_io_desc("sec_desc", &info->secdesc, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Parse a PRINTER_INFO_4 structure.
+********************************************************************/  
+
+BOOL smb_io_printer_info_4(char *desc, NEW_BUFFER *buffer, PRINTER_INFO_4 *info, int depth)
+{
+	prs_struct *ps=&buffer->prs;
+
+	prs_debug(ps, depth, desc, "smb_io_printer_info_4");
+	depth++;	
+	
+	buffer->struct_start=prs_offset(ps);
+	
+	if (!smb_io_relstr("printername", buffer, depth, &info->printername))
+		return False;
+	if (!smb_io_relstr("servername", buffer, depth, &info->servername))
+		return False;
+	if (!prs_uint32("attributes", ps, depth, &info->attributes))
+		return False;
+	return True;
+}
+
+/*******************************************************************
+ Parse a PRINTER_INFO_5 structure.
+********************************************************************/  
+
+BOOL smb_io_printer_info_5(char *desc, NEW_BUFFER *buffer, PRINTER_INFO_5 *info, int depth)
+{
+	prs_struct *ps=&buffer->prs;
+
+	prs_debug(ps, depth, desc, "smb_io_printer_info_5");
+	depth++;	
+	
+	buffer->struct_start=prs_offset(ps);
+	
+	if (!smb_io_relstr("printername", buffer, depth, &info->printername))
+		return False;
+	if (!smb_io_relstr("portname", buffer, depth, &info->portname))
+		return False;
+	if (!prs_uint32("attributes", ps, depth, &info->attributes))
+		return False;
+	if (!prs_uint32("device_not_selected_timeout", ps, depth, &info->device_not_selected_timeout))
+		return False;
+	if (!prs_uint32("transmission_retry_timeout", ps, depth, &info->transmission_retry_timeout))
+		return False;
+	return True;
+}
+
+/*******************************************************************
+ Parse a PORT_INFO_1 structure.
+********************************************************************/  
+
+BOOL smb_io_port_info_1(char *desc, NEW_BUFFER *buffer, PORT_INFO_1 *info, int depth)
+{
+	prs_struct *ps=&buffer->prs;
+
+	prs_debug(ps, depth, desc, "smb_io_port_info_1");
+	depth++;	
+	
+	buffer->struct_start=prs_offset(ps);
+	
+	if (!smb_io_relstr("port_name", buffer, depth, &info->port_name))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Parse a PORT_INFO_2 structure.
+********************************************************************/  
+
+BOOL smb_io_port_info_2(char *desc, NEW_BUFFER *buffer, PORT_INFO_2 *info, int depth)
+{
+	prs_struct *ps=&buffer->prs;
+
+	prs_debug(ps, depth, desc, "smb_io_port_info_2");
+	depth++;	
+	
+	buffer->struct_start=prs_offset(ps);
+	
+	if (!smb_io_relstr("port_name", buffer, depth, &info->port_name))
+		return False;
+	if (!smb_io_relstr("monitor_name", buffer, depth, &info->monitor_name))
+		return False;
+	if (!smb_io_relstr("description", buffer, depth, &info->description))
+		return False;
+	if (!prs_uint32("port_type", ps, depth, &info->port_type))
+		return False;
+	if (!prs_uint32("reserved", ps, depth, &info->reserved))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Parse a DRIVER_INFO_1 structure.
+********************************************************************/
+
+BOOL smb_io_printer_driver_info_1(char *desc, NEW_BUFFER *buffer, DRIVER_INFO_1 *info, int depth) 
+{
+	prs_struct *ps=&buffer->prs;
+
+	prs_debug(ps, depth, desc, "smb_io_printer_driver_info_1");
+	depth++;	
+	
+	buffer->struct_start=prs_offset(ps);
+
+	if (!smb_io_relstr("name", buffer, depth, &info->name))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Parse a DRIVER_INFO_2 structure.
+********************************************************************/
+
+BOOL smb_io_printer_driver_info_2(char *desc, NEW_BUFFER *buffer, DRIVER_INFO_2 *info, int depth) 
+{
+	prs_struct *ps=&buffer->prs;
+
+	prs_debug(ps, depth, desc, "smb_io_printer_driver_info_2");
+	depth++;	
+	
+	buffer->struct_start=prs_offset(ps);
+
+	if (!prs_uint32("version", ps, depth, &info->version))
+		return False;
+	if (!smb_io_relstr("name", buffer, depth, &info->name))
+		return False;
+	if (!smb_io_relstr("architecture", buffer, depth, &info->architecture))
+		return False;
+	if (!smb_io_relstr("driverpath", buffer, depth, &info->driverpath))
+		return False;
+	if (!smb_io_relstr("datafile", buffer, depth, &info->datafile))
+		return False;
+	if (!smb_io_relstr("configfile", buffer, depth, &info->configfile))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Parse a DRIVER_INFO_3 structure.
+********************************************************************/
+
+BOOL smb_io_printer_driver_info_3(char *desc, NEW_BUFFER *buffer, DRIVER_INFO_3 *info, int depth)
+{
+	prs_struct *ps=&buffer->prs;
+
+	prs_debug(ps, depth, desc, "smb_io_printer_driver_info_3");
+	depth++;	
+	
+	buffer->struct_start=prs_offset(ps);
+
+	if (!prs_uint32("version", ps, depth, &info->version))
+		return False;
+	if (!smb_io_relstr("name", buffer, depth, &info->name))
+		return False;
+	if (!smb_io_relstr("architecture", buffer, depth, &info->architecture))
+		return False;
+	if (!smb_io_relstr("driverpath", buffer, depth, &info->driverpath))
+		return False;
+	if (!smb_io_relstr("datafile", buffer, depth, &info->datafile))
+		return False;
+	if (!smb_io_relstr("configfile", buffer, depth, &info->configfile))
+		return False;
+	if (!smb_io_relstr("helpfile", buffer, depth, &info->helpfile))
+		return False;
+
+	if (!smb_io_relarraystr("dependentfiles", buffer, depth, &info->dependentfiles))
+		return False;
+
+	if (!smb_io_relstr("monitorname", buffer, depth, &info->monitorname))
+		return False;
+	if (!smb_io_relstr("defaultdatatype", buffer, depth, &info->defaultdatatype))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Parse a DRIVER_INFO_6 structure.
+********************************************************************/
+
+BOOL smb_io_printer_driver_info_6(char *desc, NEW_BUFFER *buffer, DRIVER_INFO_6 *info, int depth)
+{
+	prs_struct *ps=&buffer->prs;
+
+	prs_debug(ps, depth, desc, "smb_io_printer_driver_info_6");
+	depth++;	
+	
+	buffer->struct_start=prs_offset(ps);
+
+	if (!prs_uint32("version", ps, depth, &info->version))
+		return False;
+	if (!smb_io_relstr("name", buffer, depth, &info->name))
+		return False;
+	if (!smb_io_relstr("architecture", buffer, depth, &info->architecture))
+		return False;
+	if (!smb_io_relstr("driverpath", buffer, depth, &info->driverpath))
+		return False;
+	if (!smb_io_relstr("datafile", buffer, depth, &info->datafile))
+		return False;
+	if (!smb_io_relstr("configfile", buffer, depth, &info->configfile))
+		return False;
+	if (!smb_io_relstr("helpfile", buffer, depth, &info->helpfile))
+		return False;
+
+	if (!smb_io_relarraystr("dependentfiles", buffer, depth, &info->dependentfiles))
+		return False;
+
+	if (!smb_io_relstr("monitorname", buffer, depth, &info->monitorname))
+		return False;
+	if (!smb_io_relstr("defaultdatatype", buffer, depth, &info->defaultdatatype))
+		return False;
+
+	if (!smb_io_relarraystr("previousdrivernames", buffer, depth, &info->previousdrivernames))
+		return False;
+
+	if (!prs_uint32("date.low", ps, depth, &info->driver_date.low))
+		return False;
+	if (!prs_uint32("date.high", ps, depth, &info->driver_date.high))
+		return False;
+
+	if (!prs_uint32("padding", ps, depth, &info->padding))
+		return False;
+
+	if (!prs_uint32("driver_version_low", ps, depth, &info->driver_version_low))
+		return False;
+
+	if (!prs_uint32("driver_version_high", ps, depth, &info->driver_version_high))
+		return False;
+
+	if (!smb_io_relstr("mfgname", buffer, depth, &info->mfgname))
+		return False;
+	if (!smb_io_relstr("oem_url", buffer, depth, &info->oem_url))
+		return False;
+	if (!smb_io_relstr("hardware_id", buffer, depth, &info->hardware_id))
+		return False;
+	if (!smb_io_relstr("provider", buffer, depth, &info->provider))
+		return False;
+	
+	return True;
+}
+
+/*******************************************************************
+ Parse a JOB_INFO_1 structure.
+********************************************************************/  
+
+BOOL smb_io_job_info_1(char *desc, NEW_BUFFER *buffer, JOB_INFO_1 *info, int depth)
+{
+	prs_struct *ps=&buffer->prs;
+
+	prs_debug(ps, depth, desc, "smb_io_job_info_1");
+	depth++;	
+	
+	buffer->struct_start=prs_offset(ps);
+
+	if (!prs_uint32("jobid", ps, depth, &info->jobid))
+		return False;
+	if (!smb_io_relstr("printername", buffer, depth, &info->printername))
+		return False;
+	if (!smb_io_relstr("machinename", buffer, depth, &info->machinename))
+		return False;
+	if (!smb_io_relstr("username", buffer, depth, &info->username))
+		return False;
+	if (!smb_io_relstr("document", buffer, depth, &info->document))
+		return False;
+	if (!smb_io_relstr("datatype", buffer, depth, &info->datatype))
+		return False;
+	if (!smb_io_relstr("text_status", buffer, depth, &info->text_status))
+		return False;
+	if (!prs_uint32("status", ps, depth, &info->status))
+		return False;
+	if (!prs_uint32("priority", ps, depth, &info->priority))
+		return False;
+	if (!prs_uint32("position", ps, depth, &info->position))
+		return False;
+	if (!prs_uint32("totalpages", ps, depth, &info->totalpages))
+		return False;
+	if (!prs_uint32("pagesprinted", ps, depth, &info->pagesprinted))
+		return False;
+	if (!spoolss_io_system_time("submitted", ps, depth, &info->submitted))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Parse a JOB_INFO_2 structure.
+********************************************************************/  
+
+BOOL smb_io_job_info_2(char *desc, NEW_BUFFER *buffer, JOB_INFO_2 *info, int depth)
+{	
+	uint32 pipo=0;
+	prs_struct *ps=&buffer->prs;
+	
+	prs_debug(ps, depth, desc, "smb_io_job_info_2");
+	depth++;	
+
+	buffer->struct_start=prs_offset(ps);
+	
+	if (!prs_uint32("jobid",ps, depth, &info->jobid))
+		return False;
+	if (!smb_io_relstr("printername", buffer, depth, &info->printername))
+		return False;
+	if (!smb_io_relstr("machinename", buffer, depth, &info->machinename))
+		return False;
+	if (!smb_io_relstr("username", buffer, depth, &info->username))
+		return False;
+	if (!smb_io_relstr("document", buffer, depth, &info->document))
+		return False;
+	if (!smb_io_relstr("notifyname", buffer, depth, &info->notifyname))
+		return False;
+	if (!smb_io_relstr("datatype", buffer, depth, &info->datatype))
+		return False;
+
+	if (!smb_io_relstr("printprocessor", buffer, depth, &info->printprocessor))
+		return False;
+	if (!smb_io_relstr("parameters", buffer, depth, &info->parameters))
+		return False;
+	if (!smb_io_relstr("drivername", buffer, depth, &info->drivername))
+		return False;
+	if (!smb_io_reldevmode("devmode", buffer, depth, &info->devmode))
+		return False;
+	if (!smb_io_relstr("text_status", buffer, depth, &info->text_status))
+		return False;
+
+/*	SEC_DESC sec_desc;*/
+	if (!prs_uint32("Hack! sec desc", ps, depth, &pipo))
+		return False;
+
+	if (!prs_uint32("status",ps, depth, &info->status))
+		return False;
+	if (!prs_uint32("priority",ps, depth, &info->priority))
+		return False;
+	if (!prs_uint32("position",ps, depth, &info->position))	
+		return False;
+	if (!prs_uint32("starttime",ps, depth, &info->starttime))
+		return False;
+	if (!prs_uint32("untiltime",ps, depth, &info->untiltime))	
+		return False;
+	if (!prs_uint32("totalpages",ps, depth, &info->totalpages))
+		return False;
+	if (!prs_uint32("size",ps, depth, &info->size))
+		return False;
+	if (!spoolss_io_system_time("submitted", ps, depth, &info->submitted) )
+		return False;
+	if (!prs_uint32("timeelapsed",ps, depth, &info->timeelapsed))
+		return False;
+	if (!prs_uint32("pagesprinted",ps, depth, &info->pagesprinted))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL smb_io_form_1(char *desc, NEW_BUFFER *buffer, FORM_1 *info, int depth)
+{
+	prs_struct *ps=&buffer->prs;
+	
+	prs_debug(ps, depth, desc, "smb_io_form_1");
+	depth++;
+		
+	buffer->struct_start=prs_offset(ps);
+	
+	if (!prs_uint32("flag", ps, depth, &info->flag))
+		return False;
+		
+	if (!smb_io_relstr("name", buffer, depth, &info->name))
+		return False;
+
+	if (!prs_uint32("width", ps, depth, &info->width))
+		return False;
+	if (!prs_uint32("length", ps, depth, &info->length))
+		return False;
+	if (!prs_uint32("left", ps, depth, &info->left))
+		return False;
+	if (!prs_uint32("top", ps, depth, &info->top))
+		return False;
+	if (!prs_uint32("right", ps, depth, &info->right))
+		return False;
+	if (!prs_uint32("bottom", ps, depth, &info->bottom))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Read/write a BUFFER struct.
+********************************************************************/  
+
+static BOOL spoolss_io_buffer(char *desc, prs_struct *ps, int depth, NEW_BUFFER **pp_buffer)
+{
+	NEW_BUFFER *buffer = *pp_buffer;
+
+	prs_debug(ps, depth, desc, "spoolss_io_buffer");
+	depth++;
+	
+	if (UNMARSHALLING(ps))
+		buffer = *pp_buffer = (NEW_BUFFER *)prs_alloc_mem(ps, sizeof(NEW_BUFFER));
+
+	if (buffer == NULL)
+		return False;
+
+	if (!prs_uint32("ptr", ps, depth, &buffer->ptr))
+		return False;
+	
+	/* reading */
+	if (UNMARSHALLING(ps)) {
+		buffer->size=0;
+		buffer->string_at_end=0;
+		
+		if (buffer->ptr==0) {
+			/*
+			 * JRA. I'm not sure if the data in here is in big-endian format if
+			 * the client is big-endian. Leave as default (little endian) for now.
+			 */
+
+			if (!prs_init(&buffer->prs, 0, prs_get_mem_context(ps), UNMARSHALL))
+				return False;
+			return True;
+		}
+		
+		if (!prs_uint32("size", ps, depth, &buffer->size))
+			return False;
+					
+		/*
+		 * JRA. I'm not sure if the data in here is in big-endian format if
+		 * the client is big-endian. Leave as default (little endian) for now.
+		 */
+
+		if (!prs_init(&buffer->prs, buffer->size, prs_get_mem_context(ps), UNMARSHALL))
+			return False;
+
+		if (!prs_append_some_prs_data(&buffer->prs, ps, prs_offset(ps), buffer->size))
+			return False;
+
+		if (!prs_set_offset(&buffer->prs, 0))
+			return False;
+
+		if (!prs_set_offset(ps, buffer->size+prs_offset(ps)))
+			return False;
+
+		buffer->string_at_end=buffer->size;
+		
+		return True;
+	}
+	else {
+		BOOL ret = False;
+
+		/* writing */
+		if (buffer->ptr==0) {
+			/* We have finished with the data in buffer->prs - free it. */
+			prs_mem_free(&buffer->prs);
+			return True;
+		}
+	
+		if (!prs_uint32("size", ps, depth, &buffer->size))
+			goto out;
+
+		if (!prs_append_some_prs_data(ps, &buffer->prs, 0, buffer->size))
+			goto out;
+
+		ret = True;
+	out:
+
+		/* We have finished with the data in buffer->prs - free it. */
+		prs_mem_free(&buffer->prs);
+
+		return ret;
+	}
+}
+
+/*******************************************************************
+ move a BUFFER from the query to the reply.
+ As the data pointers in NEW_BUFFER are malloc'ed, not talloc'ed,
+ this is ok. This is an OPTIMIZATION and is not strictly neccessary.
+ Clears the memory to zero also.
+********************************************************************/  
+
+void spoolss_move_buffer(NEW_BUFFER *src, NEW_BUFFER **dest)
+{
+	prs_switch_type(&src->prs, MARSHALL);
+	if(!prs_set_offset(&src->prs, 0))
+		return;
+	prs_force_dynamic(&src->prs);
+	prs_mem_clear(&src->prs);
+	*dest=src;
+}
+
+/*******************************************************************
+ Get the size of a BUFFER struct.
+********************************************************************/  
+
+uint32 new_get_buffer_size(NEW_BUFFER *buffer)
+{
+	return (buffer->size);
+}
+
+/*******************************************************************
+ Parse a DRIVER_DIRECTORY_1 structure.
+********************************************************************/  
+
+BOOL smb_io_driverdir_1(char *desc, NEW_BUFFER *buffer, DRIVER_DIRECTORY_1 *info, int depth)
+{
+	prs_struct *ps=&buffer->prs;
+
+	prs_debug(ps, depth, desc, "smb_io_driverdir_1");
+	depth++;
+
+	buffer->struct_start=prs_offset(ps);
+
+	if (!smb_io_unistr(desc, &info->name, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Parse a PORT_INFO_1 structure.
+********************************************************************/  
+
+BOOL smb_io_port_1(char *desc, NEW_BUFFER *buffer, PORT_INFO_1 *info, int depth)
+{
+	prs_struct *ps=&buffer->prs;
+
+	prs_debug(ps, depth, desc, "smb_io_port_1");
+	depth++;
+
+	buffer->struct_start=prs_offset(ps);
+
+	if(!smb_io_relstr("port_name", buffer, depth, &info->port_name))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Parse a PORT_INFO_2 structure.
+********************************************************************/  
+
+BOOL smb_io_port_2(char *desc, NEW_BUFFER *buffer, PORT_INFO_2 *info, int depth)
+{
+	prs_struct *ps=&buffer->prs;
+
+	prs_debug(ps, depth, desc, "smb_io_port_2");
+	depth++;
+
+	buffer->struct_start=prs_offset(ps);
+
+	if(!smb_io_relstr("port_name", buffer, depth, &info->port_name))
+		return False;
+	if(!smb_io_relstr("monitor_name", buffer, depth, &info->monitor_name))
+		return False;
+	if(!smb_io_relstr("description", buffer, depth, &info->description))
+		return False;
+	if(!prs_uint32("port_type", ps, depth, &info->port_type))
+		return False;
+	if(!prs_uint32("reserved", ps, depth, &info->reserved))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL smb_io_printprocessor_info_1(char *desc, NEW_BUFFER *buffer, PRINTPROCESSOR_1 *info, int depth)
+{
+	prs_struct *ps=&buffer->prs;
+
+	prs_debug(ps, depth, desc, "smb_io_printprocessor_info_1");
+	depth++;	
+
+	buffer->struct_start=prs_offset(ps);
+	
+	if (smb_io_relstr("name", buffer, depth, &info->name))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL smb_io_printprocdatatype_info_1(char *desc, NEW_BUFFER *buffer, PRINTPROCDATATYPE_1 *info, int depth)
+{
+	prs_struct *ps=&buffer->prs;
+
+	prs_debug(ps, depth, desc, "smb_io_printprocdatatype_info_1");
+	depth++;	
+
+	buffer->struct_start=prs_offset(ps);
+	
+	if (smb_io_relstr("name", buffer, depth, &info->name))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL smb_io_printmonitor_info_1(char *desc, NEW_BUFFER *buffer, PRINTMONITOR_1 *info, int depth)
+{
+	prs_struct *ps=&buffer->prs;
+
+	prs_debug(ps, depth, desc, "smb_io_printmonitor_info_1");
+	depth++;	
+
+	buffer->struct_start=prs_offset(ps);
+
+	if (!smb_io_relstr("name", buffer, depth, &info->name))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL smb_io_printmonitor_info_2(char *desc, NEW_BUFFER *buffer, PRINTMONITOR_2 *info, int depth)
+{
+	prs_struct *ps=&buffer->prs;
+
+	prs_debug(ps, depth, desc, "smb_io_printmonitor_info_2");
+	depth++;	
+
+	buffer->struct_start=prs_offset(ps);
+
+	if (!smb_io_relstr("name", buffer, depth, &info->name))
+		return False;
+	if (!smb_io_relstr("environment", buffer, depth, &info->environment))
+		return False;
+	if (!smb_io_relstr("dll_name", buffer, depth, &info->dll_name))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+return the size required by a struct in the stream
+********************************************************************/  
+
+uint32 spoolss_size_printer_info_0(PRINTER_INFO_0 *info)
+{
+	int size=0;
+	
+	size+=size_of_relative_string( &info->printername );
+	size+=size_of_relative_string( &info->servername );
+
+	size+=size_of_uint32( &info->cjobs);
+	size+=size_of_uint32( &info->total_jobs);
+	size+=size_of_uint32( &info->total_bytes);
+
+	size+=size_of_uint16( &info->year);
+	size+=size_of_uint16( &info->month);
+	size+=size_of_uint16( &info->dayofweek);
+	size+=size_of_uint16( &info->day);
+	size+=size_of_uint16( &info->hour);
+	size+=size_of_uint16( &info->minute);
+	size+=size_of_uint16( &info->second);
+	size+=size_of_uint16( &info->milliseconds);
+
+	size+=size_of_uint32( &info->global_counter);
+	size+=size_of_uint32( &info->total_pages);
+
+	size+=size_of_uint16( &info->major_version);
+	size+=size_of_uint16( &info->build_version);
+
+	size+=size_of_uint32( &info->unknown7);
+	size+=size_of_uint32( &info->unknown8);
+	size+=size_of_uint32( &info->unknown9);
+	size+=size_of_uint32( &info->session_counter);
+	size+=size_of_uint32( &info->unknown11);
+	size+=size_of_uint32( &info->printer_errors);
+	size+=size_of_uint32( &info->unknown13);
+	size+=size_of_uint32( &info->unknown14);
+	size+=size_of_uint32( &info->unknown15);
+	size+=size_of_uint32( &info->unknown16);
+	size+=size_of_uint32( &info->change_id);
+	size+=size_of_uint32( &info->unknown18);
+	size+=size_of_uint32( &info->status);
+	size+=size_of_uint32( &info->unknown20);
+	size+=size_of_uint32( &info->c_setprinter);
+	
+	size+=size_of_uint16( &info->unknown22);
+	size+=size_of_uint16( &info->unknown23);
+	size+=size_of_uint16( &info->unknown24);
+	size+=size_of_uint16( &info->unknown25);
+	size+=size_of_uint16( &info->unknown26);
+	size+=size_of_uint16( &info->unknown27);
+	size+=size_of_uint16( &info->unknown28);
+	size+=size_of_uint16( &info->unknown29);
+	
+	return size;
+}
+
+/*******************************************************************
+return the size required by a struct in the stream
+********************************************************************/  
+
+uint32 spoolss_size_printer_info_1(PRINTER_INFO_1 *info)
+{
+	int size=0;
+		
+	size+=size_of_uint32( &info->flags );	
+	size+=size_of_relative_string( &info->description );
+	size+=size_of_relative_string( &info->name );
+	size+=size_of_relative_string( &info->comment );
+
+	return size;
+}
+
+/*******************************************************************
+return the size required by a struct in the stream
+********************************************************************/
+
+uint32 spoolss_size_printer_info_2(PRINTER_INFO_2 *info)
+{
+	uint32 size=0;
+		
+	size += 4;
+	/* JRA !!!! TESTME - WHAT ABOUT prs_align.... !!! */
+	size += sec_desc_size( info->secdesc );
+
+	size+=size_of_device_mode( info->devmode );
+	
+	size+=size_of_relative_string( &info->servername );
+	size+=size_of_relative_string( &info->printername );
+	size+=size_of_relative_string( &info->sharename );
+	size+=size_of_relative_string( &info->portname );
+	size+=size_of_relative_string( &info->drivername );
+	size+=size_of_relative_string( &info->comment );
+	size+=size_of_relative_string( &info->location );
+	
+	size+=size_of_relative_string( &info->sepfile );
+	size+=size_of_relative_string( &info->printprocessor );
+	size+=size_of_relative_string( &info->datatype );
+	size+=size_of_relative_string( &info->parameters );
+
+	size+=size_of_uint32( &info->attributes );
+	size+=size_of_uint32( &info->priority );
+	size+=size_of_uint32( &info->defaultpriority );
+	size+=size_of_uint32( &info->starttime );
+	size+=size_of_uint32( &info->untiltime );
+	size+=size_of_uint32( &info->status );
+	size+=size_of_uint32( &info->cjobs );
+	size+=size_of_uint32( &info->averageppm );	
+	return size;
+}
+
+/*******************************************************************
+return the size required by a struct in the stream
+********************************************************************/
+
+uint32 spoolss_size_printer_info_4(PRINTER_INFO_4 *info)
+{
+	uint32 size=0;
+		
+	size+=size_of_relative_string( &info->printername );
+	size+=size_of_relative_string( &info->servername );
+
+	size+=size_of_uint32( &info->attributes );
+	return size;
+}
+
+/*******************************************************************
+return the size required by a struct in the stream
+********************************************************************/
+
+uint32 spoolss_size_printer_info_5(PRINTER_INFO_5 *info)
+{
+	uint32 size=0;
+		
+	size+=size_of_relative_string( &info->printername );
+	size+=size_of_relative_string( &info->portname );
+
+	size+=size_of_uint32( &info->attributes );
+	size+=size_of_uint32( &info->device_not_selected_timeout );
+	size+=size_of_uint32( &info->transmission_retry_timeout );
+	return size;
+}
+
+
+/*******************************************************************
+return the size required by a struct in the stream
+********************************************************************/
+
+uint32 spoolss_size_printer_info_3(PRINTER_INFO_3 *info)
+{
+	/* The 4 is for the self relative pointer.. */
+	/* JRA !!!! TESTME - WHAT ABOUT prs_align.... !!! */
+	return 4 + (uint32)sec_desc_size( info->secdesc );
+}
+
+/*******************************************************************
+return the size required by a struct in the stream
+********************************************************************/
+
+uint32 spoolss_size_printer_driver_info_1(DRIVER_INFO_1 *info)
+{
+	int size=0;
+	size+=size_of_relative_string( &info->name );
+
+	return size;
+}
+
+/*******************************************************************
+return the size required by a struct in the stream
+********************************************************************/
+
+uint32 spoolss_size_printer_driver_info_2(DRIVER_INFO_2 *info)
+{
+	int size=0;
+	size+=size_of_uint32( &info->version );	
+	size+=size_of_relative_string( &info->name );
+	size+=size_of_relative_string( &info->architecture );
+	size+=size_of_relative_string( &info->driverpath );
+	size+=size_of_relative_string( &info->datafile );
+	size+=size_of_relative_string( &info->configfile );
+
+	return size;
+}
+
+/*******************************************************************
+return the size required by a string array.
+********************************************************************/
+
+uint32 spoolss_size_string_array(uint16 *string)
+{
+	uint32 i = 0;
+
+	if (string) {
+		for (i=0; (string[i]!=0x0000) || (string[i+1]!=0x0000); i++);
+	}
+	i=i+2; /* to count all chars including the leading zero */
+	i=2*i; /* because we need the value in bytes */
+	i=i+4; /* the offset pointer size */
+
+	return i;
+}
+
+/*******************************************************************
+return the size required by a struct in the stream
+********************************************************************/
+
+uint32 spoolss_size_printer_driver_info_3(DRIVER_INFO_3 *info)
+{
+	int size=0;
+
+	size+=size_of_uint32( &info->version );	
+	size+=size_of_relative_string( &info->name );
+	size+=size_of_relative_string( &info->architecture );
+	size+=size_of_relative_string( &info->driverpath );
+	size+=size_of_relative_string( &info->datafile );
+	size+=size_of_relative_string( &info->configfile );
+	size+=size_of_relative_string( &info->helpfile );
+	size+=size_of_relative_string( &info->monitorname );
+	size+=size_of_relative_string( &info->defaultdatatype );
+	
+	size+=spoolss_size_string_array(info->dependentfiles);
+
+	return size;
+}
+
+/*******************************************************************
+return the size required by a struct in the stream
+********************************************************************/
+
+uint32 spoolss_size_printer_driver_info_6(DRIVER_INFO_6 *info)
+{
+	uint32 size=0;
+
+	size+=size_of_uint32( &info->version );	
+	size+=size_of_relative_string( &info->name );
+	size+=size_of_relative_string( &info->architecture );
+	size+=size_of_relative_string( &info->driverpath );
+	size+=size_of_relative_string( &info->datafile );
+	size+=size_of_relative_string( &info->configfile );
+	size+=size_of_relative_string( &info->helpfile );
+
+	size+=spoolss_size_string_array(info->dependentfiles);
+
+	size+=size_of_relative_string( &info->monitorname );
+	size+=size_of_relative_string( &info->defaultdatatype );
+	
+	size+=spoolss_size_string_array(info->previousdrivernames);
+
+	size+=size_of_nttime(&info->driver_date);
+	size+=size_of_uint32( &info->padding );	
+	size+=size_of_uint32( &info->driver_version_low );	
+	size+=size_of_uint32( &info->driver_version_high );	
+	size+=size_of_relative_string( &info->mfgname );
+	size+=size_of_relative_string( &info->oem_url );
+	size+=size_of_relative_string( &info->hardware_id );
+	size+=size_of_relative_string( &info->provider );
+
+	return size;
+}
+
+/*******************************************************************
+return the size required by a struct in the stream
+********************************************************************/  
+
+uint32 spoolss_size_job_info_1(JOB_INFO_1 *info)
+{
+	int size=0;
+	size+=size_of_uint32( &info->jobid );
+	size+=size_of_relative_string( &info->printername );
+	size+=size_of_relative_string( &info->machinename );
+	size+=size_of_relative_string( &info->username );
+	size+=size_of_relative_string( &info->document );
+	size+=size_of_relative_string( &info->datatype );
+	size+=size_of_relative_string( &info->text_status );
+	size+=size_of_uint32( &info->status );
+	size+=size_of_uint32( &info->priority );
+	size+=size_of_uint32( &info->position );
+	size+=size_of_uint32( &info->totalpages );
+	size+=size_of_uint32( &info->pagesprinted );
+	size+=size_of_systemtime( &info->submitted );
+
+	return size;
+}
+
+/*******************************************************************
+return the size required by a struct in the stream
+********************************************************************/  
+
+uint32 spoolss_size_job_info_2(JOB_INFO_2 *info)
+{
+	int size=0;
+
+	size+=4; /* size of sec desc ptr */
+
+	size+=size_of_uint32( &info->jobid );
+	size+=size_of_relative_string( &info->printername );
+	size+=size_of_relative_string( &info->machinename );
+	size+=size_of_relative_string( &info->username );
+	size+=size_of_relative_string( &info->document );
+	size+=size_of_relative_string( &info->notifyname );
+	size+=size_of_relative_string( &info->datatype );
+	size+=size_of_relative_string( &info->printprocessor );
+	size+=size_of_relative_string( &info->parameters );
+	size+=size_of_relative_string( &info->drivername );
+	size+=size_of_device_mode( info->devmode );
+	size+=size_of_relative_string( &info->text_status );
+/*	SEC_DESC sec_desc;*/
+	size+=size_of_uint32( &info->status );
+	size+=size_of_uint32( &info->priority );
+	size+=size_of_uint32( &info->position );
+	size+=size_of_uint32( &info->starttime );
+	size+=size_of_uint32( &info->untiltime );
+	size+=size_of_uint32( &info->totalpages );
+	size+=size_of_uint32( &info->size );
+	size+=size_of_systemtime( &info->submitted );
+	size+=size_of_uint32( &info->timeelapsed );
+	size+=size_of_uint32( &info->pagesprinted );
+
+	return size;
+}
+
+/*******************************************************************
+return the size required by a struct in the stream
+********************************************************************/
+
+uint32 spoolss_size_form_1(FORM_1 *info)
+{
+	int size=0;
+
+	size+=size_of_uint32( &info->flag );
+	size+=size_of_relative_string( &info->name );
+	size+=size_of_uint32( &info->width );
+	size+=size_of_uint32( &info->length );
+	size+=size_of_uint32( &info->left );
+	size+=size_of_uint32( &info->top );
+	size+=size_of_uint32( &info->right );
+	size+=size_of_uint32( &info->bottom );
+
+	return size;
+}
+
+/*******************************************************************
+return the size required by a struct in the stream
+********************************************************************/  
+
+uint32 spoolss_size_port_info_1(PORT_INFO_1 *info)
+{
+	int size=0;
+
+	size+=size_of_relative_string( &info->port_name );
+
+	return size;
+}
+
+/*******************************************************************
+return the size required by a struct in the stream
+********************************************************************/  
+
+uint32 spoolss_size_driverdir_info_1(DRIVER_DIRECTORY_1 *info)
+{
+	int size=0;
+
+	size=str_len_uni(&info->name);	/* the string length       */
+	size=size+1;			/* add the leading zero    */
+	size=size*2;			/* convert in char         */
+
+	return size;
+}
+
+/*******************************************************************
+return the size required by a struct in the stream
+********************************************************************/  
+
+uint32 spoolss_size_printprocessordirectory_info_1(PRINTPROCESSOR_DIRECTORY_1 *info)
+{
+	int size=0;
+
+	size=str_len_uni(&info->name);	/* the string length       */
+	size=size+1;			/* add the leading zero    */
+	size=size*2;			/* convert in char         */
+
+	return size;
+}
+
+/*******************************************************************
+return the size required by a struct in the stream
+********************************************************************/  
+
+uint32 spoolss_size_port_info_2(PORT_INFO_2 *info)
+{
+	int size=0;
+
+	size+=size_of_relative_string( &info->port_name );
+	size+=size_of_relative_string( &info->monitor_name );
+	size+=size_of_relative_string( &info->description );
+
+	size+=size_of_uint32( &info->port_type );
+	size+=size_of_uint32( &info->reserved );
+
+	return size;
+}
+
+/*******************************************************************
+return the size required by a struct in the stream
+********************************************************************/  
+
+uint32 spoolss_size_printprocessor_info_1(PRINTPROCESSOR_1 *info)
+{
+	int size=0;
+	size+=size_of_relative_string( &info->name );
+
+	return size;
+}
+
+/*******************************************************************
+return the size required by a struct in the stream
+********************************************************************/  
+
+uint32 spoolss_size_printprocdatatype_info_1(PRINTPROCDATATYPE_1 *info)
+{
+	int size=0;
+	size+=size_of_relative_string( &info->name );
+
+	return size;
+}
+
+/*******************************************************************
+return the size required by a struct in the stream
+********************************************************************/  
+uint32 spoolss_size_printer_enum_values(PRINTER_ENUM_VALUES *p)
+{
+	uint32 	size = 0; 
+	
+	if (!p)
+		return 0;
+	
+	/* uint32(offset) + uint32(length) + length) */
+	size += (size_of_uint32(&p->value_len)*2) + p->value_len;
+	size += (size_of_uint32(&p->data_len)*2) + p->data_len;
+	
+	size += size_of_uint32(&p->type);
+		       
+	return size;
+}
+
+/*******************************************************************
+return the size required by a struct in the stream
+********************************************************************/  
+
+uint32 spoolss_size_printmonitor_info_1(PRINTMONITOR_1 *info)
+{
+	int size=0;
+	size+=size_of_relative_string( &info->name );
+
+	return size;
+}
+
+/*******************************************************************
+return the size required by a struct in the stream
+********************************************************************/  
+
+uint32 spoolss_size_printmonitor_info_2(PRINTMONITOR_2 *info)
+{
+	int size=0;
+	size+=size_of_relative_string( &info->name);
+	size+=size_of_relative_string( &info->environment);
+	size+=size_of_relative_string( &info->dll_name);
+
+	return size;
+}
+
+/*******************************************************************
+ * init a structure.
+ ********************************************************************/
+
+BOOL make_spoolss_q_getprinterdriver2(SPOOL_Q_GETPRINTERDRIVER2 *q_u, 
+			       const POLICY_HND *hnd,
+			       const fstring architecture,
+			       uint32 level, uint32 clientmajor, uint32 clientminor,
+			       NEW_BUFFER *buffer, uint32 offered)
+{      
+	if (q_u == NULL)
+		return False;
+
+	memcpy(&q_u->handle, hnd, sizeof(q_u->handle));
+
+	init_buf_unistr2(&q_u->architecture, &q_u->architecture_ptr, architecture);
+
+	q_u->level=level;
+	q_u->clientmajorversion=clientmajor;
+	q_u->clientminorversion=clientminor;
+
+	q_u->buffer=buffer;
+	q_u->offered=offered;
+
+	return True;
+}
+
+/*******************************************************************
+ * read a structure.
+ * called from spoolss_getprinterdriver2 (srv_spoolss.c)
+ ********************************************************************/
+
+BOOL spoolss_io_q_getprinterdriver2(char *desc, SPOOL_Q_GETPRINTERDRIVER2 *q_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_q_getprinterdriver2");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!smb_io_pol_hnd("printer handle", &q_u->handle, ps, depth))
+		return False;
+	if(!prs_uint32("architecture_ptr", ps, depth, &q_u->architecture_ptr))
+		return False;
+	if(!smb_io_unistr2("architecture", &q_u->architecture, q_u->architecture_ptr, ps, depth))
+		return False;
+	
+	if(!prs_align(ps))
+		return False;
+	if(!prs_uint32("level", ps, depth, &q_u->level))
+		return False;
+		
+	if(!spoolss_io_buffer("", ps, depth, &q_u->buffer))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("offered", ps, depth, &q_u->offered))
+		return False;
+		
+	if(!prs_uint32("clientmajorversion", ps, depth, &q_u->clientmajorversion))
+		return False;
+	if(!prs_uint32("clientminorversion", ps, depth, &q_u->clientminorversion))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ * read a structure.
+ * called from spoolss_getprinterdriver2 (srv_spoolss.c)
+ ********************************************************************/
+
+BOOL spoolss_io_r_getprinterdriver2(char *desc, SPOOL_R_GETPRINTERDRIVER2 *r_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_r_getprinterdriver2");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+		
+	if (!spoolss_io_buffer("", ps, depth, &r_u->buffer))
+		return False;
+
+	if (!prs_align(ps))
+		return False;
+	if (!prs_uint32("needed", ps, depth, &r_u->needed))
+		return False;
+	if (!prs_uint32("servermajorversion", ps, depth, &r_u->servermajorversion))
+		return False;
+	if (!prs_uint32("serverminorversion", ps, depth, &r_u->serverminorversion))
+		return False;		
+	if (!prs_werror("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;		
+}
+
+/*******************************************************************
+ * init a structure.
+ ********************************************************************/
+
+BOOL make_spoolss_q_enumprinters(
+	SPOOL_Q_ENUMPRINTERS *q_u, 
+	uint32 flags, 
+	fstring servername, 
+	uint32 level, 
+	NEW_BUFFER *buffer, 
+	uint32 offered
+)
+{
+	q_u->flags=flags;
+	
+	q_u->servername_ptr = (servername != NULL) ? 1 : 0;
+	init_buf_unistr2(&q_u->servername, &q_u->servername_ptr, servername);
+
+	q_u->level=level;
+	q_u->buffer=buffer;
+	q_u->offered=offered;
+
+	return True;
+}
+
+/*******************************************************************
+ * init a structure.
+ ********************************************************************/
+
+BOOL make_spoolss_q_enumports(SPOOL_Q_ENUMPORTS *q_u, 
+				fstring servername, uint32 level, 
+				NEW_BUFFER *buffer, uint32 offered)
+{
+	q_u->name_ptr = (servername != NULL) ? 1 : 0;
+	init_buf_unistr2(&q_u->name, &q_u->name_ptr, servername);
+
+	q_u->level=level;
+	q_u->buffer=buffer;
+	q_u->offered=offered;
+
+	return True;
+}
+
+/*******************************************************************
+ * read a structure.
+ * called from spoolss_enumprinters (srv_spoolss.c)
+ ********************************************************************/
+
+BOOL spoolss_io_q_enumprinters(char *desc, SPOOL_Q_ENUMPRINTERS *q_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_q_enumprinters");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+
+	if (!prs_uint32("flags", ps, depth, &q_u->flags))
+		return False;
+	if (!prs_uint32("servername_ptr", ps, depth, &q_u->servername_ptr))
+		return False;
+
+	if (!smb_io_unistr2("", &q_u->servername, q_u->servername_ptr, ps, depth))
+		return False;
+		
+	if (!prs_align(ps))
+		return False;
+	if (!prs_uint32("level", ps, depth, &q_u->level))
+		return False;
+
+	if (!spoolss_io_buffer("", ps, depth, &q_u->buffer))
+		return False;
+
+	if (!prs_align(ps))
+		return False;
+	if (!prs_uint32("offered", ps, depth, &q_u->offered))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Parse a SPOOL_R_ENUMPRINTERS structure.
+ ********************************************************************/
+
+BOOL spoolss_io_r_enumprinters(char *desc, SPOOL_R_ENUMPRINTERS *r_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_r_enumprinters");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+		
+	if (!spoolss_io_buffer("", ps, depth, &r_u->buffer))
+		return False;
+
+	if (!prs_align(ps))
+		return False;
+		
+	if (!prs_uint32("needed", ps, depth, &r_u->needed))
+		return False;
+		
+	if (!prs_uint32("returned", ps, depth, &r_u->returned))
+		return False;
+		
+	if (!prs_werror("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;		
+}
+
+/*******************************************************************
+ * write a structure.
+ * called from spoolss_r_enum_printers (srv_spoolss.c)
+ *
+ ********************************************************************/
+
+BOOL spoolss_io_r_getprinter(char *desc, SPOOL_R_GETPRINTER *r_u, prs_struct *ps, int depth)
+{	
+	prs_debug(ps, depth, desc, "spoolss_io_r_getprinter");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+		
+	if (!spoolss_io_buffer("", ps, depth, &r_u->buffer))
+		return False;
+
+	if (!prs_align(ps))
+		return False;
+
+	if (!prs_uint32("needed", ps, depth, &r_u->needed))
+		return False;
+		
+	if (!prs_werror("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;		
+}
+
+/*******************************************************************
+ * read a structure.
+ * called from spoolss_getprinter (srv_spoolss.c)
+ ********************************************************************/
+
+BOOL spoolss_io_q_getprinter(char *desc, SPOOL_Q_GETPRINTER *q_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_q_getprinter");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("printer handle", &q_u->handle, ps, depth))
+		return False;
+	if (!prs_uint32("level", ps, depth, &q_u->level))
+		return False;
+
+	if (!spoolss_io_buffer("", ps, depth, &q_u->buffer))
+		return False;
+
+	if (!prs_align(ps))
+		return False;
+	if (!prs_uint32("offered", ps, depth, &q_u->offered))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ * init a structure.
+ ********************************************************************/
+
+BOOL make_spoolss_q_getprinter(
+	TALLOC_CTX *mem_ctx,
+	SPOOL_Q_GETPRINTER *q_u, 
+	const POLICY_HND *hnd, 
+	uint32 level, 
+	NEW_BUFFER *buffer, 
+	uint32 offered
+)
+{
+	if (q_u == NULL)
+	{
+		return False;
+	}
+	memcpy(&q_u->handle, hnd, sizeof(q_u->handle));
+
+	q_u->level=level;
+	q_u->buffer=buffer;
+	q_u->offered=offered;
+
+	return True;
+}
+
+/*******************************************************************
+ * init a structure.
+ ********************************************************************/
+BOOL make_spoolss_q_setprinter(TALLOC_CTX *mem_ctx, SPOOL_Q_SETPRINTER *q_u, 
+				const POLICY_HND *hnd, uint32 level, PRINTER_INFO_CTR *info, 
+				uint32 command)
+{
+	SEC_DESC *secdesc;
+	DEVICEMODE *devmode;
+
+	if (q_u == NULL)
+		return False;
+	
+	memcpy(&q_u->handle, hnd, sizeof(q_u->handle));
+
+	q_u->level = level;
+	q_u->info.level = level;
+	q_u->info.info_ptr = (info != NULL) ? 1 : 0;
+	switch (level) {
+
+	  /* There's no such thing as a setprinter level 1 */
+
+	case 2:
+		secdesc = info->printers_2->secdesc;
+		devmode = info->printers_2->devmode;
+		
+		make_spoolss_printer_info_2 (mem_ctx, &q_u->info.info_2, info->printers_2);
+#if 1	/* JERRY TEST */
+		q_u->secdesc_ctr = (SEC_DESC_BUF*)malloc(sizeof(SEC_DESC_BUF));
+		if (!q_u->secdesc_ctr)
+			return False;
+		q_u->secdesc_ctr->ptr = (secdesc != NULL) ? 1: 0;
+		q_u->secdesc_ctr->max_len = (secdesc) ? sizeof(SEC_DESC) + (2*sizeof(uint32)) : 0;
+		q_u->secdesc_ctr->len = (secdesc) ? sizeof(SEC_DESC) + (2*sizeof(uint32)) : 0;
+		q_u->secdesc_ctr->sec = secdesc;
+
+		q_u->devmode_ctr.devmode_ptr = (devmode != NULL) ? 1 : 0;
+		q_u->devmode_ctr.size = (devmode != NULL) ? sizeof(DEVICEMODE) + (3*sizeof(uint32)) : 0;
+		q_u->devmode_ctr.devmode = devmode;
+#else
+		q_u->secdesc_ctr = NULL;
+	
+		q_u->devmode_ctr.devmode_ptr = 0;
+		q_u->devmode_ctr.size = 0;
+		q_u->devmode_ctr.devmode = NULL;
+#endif
+		break;
+	default: 
+		DEBUG(0,("make_spoolss_q_setprinter: Unknown info level [%d]\n", level));
+			break;
+	}
+
+	
+	q_u->command = command;
+
+	return True;
+}
+
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL spoolss_io_r_setprinter(char *desc, SPOOL_R_SETPRINTER *r_u, prs_struct *ps, int depth)
+{		
+	prs_debug(ps, depth, desc, "spoolss_io_r_setprinter");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_werror("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Marshall/unmarshall a SPOOL_Q_SETPRINTER struct.
+********************************************************************/  
+
+BOOL spoolss_io_q_setprinter(char *desc, SPOOL_Q_SETPRINTER *q_u, prs_struct *ps, int depth)
+{
+	uint32 ptr_sec_desc = 0;
+
+	prs_debug(ps, depth, desc, "spoolss_io_q_setprinter");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("printer handle", &q_u->handle ,ps, depth))
+		return False;
+	if(!prs_uint32("level", ps, depth, &q_u->level))
+		return False;
+
+	if(!spool_io_printer_info_level("", &q_u->info, ps, depth))
+		return False;
+
+	if (!spoolss_io_devmode_cont(desc, &q_u->devmode_ctr, ps, depth))
+		return False;
+	
+	if(!prs_align(ps))
+		return False;
+
+	switch (q_u->level)
+	{
+		case 2:
+		{
+			ptr_sec_desc = q_u->info.info_2->secdesc_ptr;
+			break;
+		}
+		case 3:
+		{
+			ptr_sec_desc = q_u->info.info_3->secdesc_ptr;
+			break;
+		}
+	}
+	if (ptr_sec_desc)
+	{
+		if (!sec_io_desc_buf(desc, &q_u->secdesc_ctr, ps, depth))
+			return False;
+	} else {
+		uint32 dummy = 0;
+
+		/* Parse a NULL security descriptor.  This should really
+		   happen inside the sec_io_desc_buf() function. */
+
+		prs_debug(ps, depth, "", "sec_io_desc_buf");
+		if (!prs_uint32("size", ps, depth + 1, &dummy))
+			return False;
+		if (!prs_uint32("ptr", ps, depth + 1, &dummy)) return
+								       False;
+	}
+	
+	if(!prs_uint32("command", ps, depth, &q_u->command))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL spoolss_io_r_fcpn(char *desc, SPOOL_R_FCPN *r_u, prs_struct *ps, int depth)
+{		
+	prs_debug(ps, depth, desc, "spoolss_io_r_fcpn");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_werror("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL spoolss_io_q_fcpn(char *desc, SPOOL_Q_FCPN *q_u, prs_struct *ps, int depth)
+{
+
+	prs_debug(ps, depth, desc, "spoolss_io_q_fcpn");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("printer handle",&q_u->handle,ps,depth))
+		return False;
+
+	return True;
+}
+
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL spoolss_io_r_addjob(char *desc, SPOOL_R_ADDJOB *r_u, prs_struct *ps, int depth)
+{		
+	prs_debug(ps, depth, desc, "");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!spoolss_io_buffer("", ps, depth, &r_u->buffer))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint32("needed", ps, depth, &r_u->needed))
+		return False;
+
+	if(!prs_werror("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL spoolss_io_q_addjob(char *desc, SPOOL_Q_ADDJOB *q_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("printer handle", &q_u->handle, ps, depth))
+		return False;
+	if(!prs_uint32("level", ps, depth, &q_u->level))
+		return False;
+	
+	if(!spoolss_io_buffer("", ps, depth, &q_u->buffer))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint32("offered", ps, depth, &q_u->offered))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL spoolss_io_r_enumjobs(char *desc, SPOOL_R_ENUMJOBS *r_u, prs_struct *ps, int depth)
+{		
+	prs_debug(ps, depth, desc, "spoolss_io_r_enumjobs");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+		
+	if (!spoolss_io_buffer("", ps, depth, &r_u->buffer))
+		return False;
+
+	if (!prs_align(ps))
+		return False;
+		
+	if (!prs_uint32("needed", ps, depth, &r_u->needed))
+		return False;
+		
+	if (!prs_uint32("returned", ps, depth, &r_u->returned))
+		return False;
+		
+	if (!prs_werror("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;		
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL make_spoolss_q_enumjobs(SPOOL_Q_ENUMJOBS *q_u, const POLICY_HND *hnd,
+				uint32 firstjob,
+				uint32 numofjobs,
+				uint32 level,
+				NEW_BUFFER *buffer,
+				uint32 offered)
+{
+	if (q_u == NULL)
+	{
+		return False;
+	}
+	memcpy(&q_u->handle, hnd, sizeof(q_u->handle));
+	q_u->firstjob = firstjob;
+	q_u->numofjobs = numofjobs;
+	q_u->level = level;
+	q_u->buffer= buffer;
+	q_u->offered = offered;
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL spoolss_io_q_enumjobs(char *desc, SPOOL_Q_ENUMJOBS *q_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_q_enumjobs");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+
+	if (!smb_io_pol_hnd("printer handle",&q_u->handle, ps, depth))
+		return False;
+		
+	if (!prs_uint32("firstjob", ps, depth, &q_u->firstjob))
+		return False;
+	if (!prs_uint32("numofjobs", ps, depth, &q_u->numofjobs))
+		return False;
+	if (!prs_uint32("level", ps, depth, &q_u->level))
+		return False;
+
+	if (!spoolss_io_buffer("", ps, depth, &q_u->buffer))
+		return False;	
+
+	if(!prs_align(ps))
+		return False;
+
+	if (!prs_uint32("offered", ps, depth, &q_u->offered))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL spoolss_io_r_schedulejob(char *desc, SPOOL_R_SCHEDULEJOB *r_u, prs_struct *ps, int depth)
+{		
+	prs_debug(ps, depth, desc, "spoolss_io_r_schedulejob");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_werror("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL spoolss_io_q_schedulejob(char *desc, SPOOL_Q_SCHEDULEJOB *q_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_q_schedulejob");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("printer handle",&q_u->handle,ps,depth))
+		return False;
+	if(!prs_uint32("jobid", ps, depth, &q_u->jobid))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL spoolss_io_r_setjob(char *desc, SPOOL_R_SETJOB *r_u, prs_struct *ps, int depth)
+{		
+	prs_debug(ps, depth, desc, "spoolss_io_r_setjob");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_werror("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL spoolss_io_q_setjob(char *desc, SPOOL_Q_SETJOB *q_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_q_setjob");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("printer handle",&q_u->handle,ps,depth))
+		return False;
+	if(!prs_uint32("jobid", ps, depth, &q_u->jobid))
+		return False;
+	/* 
+	 * level is usually 0. If (level!=0) then I'm in trouble !
+	 * I will try to generate setjob command with level!=0, one day.
+	 */
+	if(!prs_uint32("level", ps, depth, &q_u->level))
+		return False;
+	if(!prs_uint32("command", ps, depth, &q_u->command))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Parse a SPOOL_R_ENUMPRINTERDRIVERS structure.
+********************************************************************/  
+
+BOOL spoolss_io_r_enumprinterdrivers(char *desc, SPOOL_R_ENUMPRINTERDRIVERS *r_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_r_enumprinterdrivers");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+		
+	if (!spoolss_io_buffer("", ps, depth, &r_u->buffer))
+		return False;
+
+	if (!prs_align(ps))
+		return False;
+		
+	if (!prs_uint32("needed", ps, depth, &r_u->needed))
+		return False;
+		
+	if (!prs_uint32("returned", ps, depth, &r_u->returned))
+		return False;
+		
+	if (!prs_werror("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;		
+}
+
+/*******************************************************************
+ * init a structure.
+ ********************************************************************/
+
+BOOL make_spoolss_q_enumprinterdrivers(SPOOL_Q_ENUMPRINTERDRIVERS *q_u,
+                                const char *name,
+                                const char *environment,
+                                uint32 level,
+                                NEW_BUFFER *buffer, uint32 offered)
+{
+        init_buf_unistr2(&q_u->name, &q_u->name_ptr, name);
+        init_buf_unistr2(&q_u->environment, &q_u->environment_ptr, environment);
+
+        q_u->level=level;
+        q_u->buffer=buffer;
+        q_u->offered=offered;
+
+        return True;
+}
+
+/*******************************************************************
+ Parse a SPOOL_Q_ENUMPRINTERDRIVERS structure.
+********************************************************************/  
+
+BOOL spoolss_io_q_enumprinterdrivers(char *desc, SPOOL_Q_ENUMPRINTERDRIVERS *q_u, prs_struct *ps, int depth)
+{
+
+	prs_debug(ps, depth, desc, "spoolss_io_q_enumprinterdrivers");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+		
+	if (!prs_uint32("name_ptr", ps, depth, &q_u->name_ptr))
+		return False;
+	if (!smb_io_unistr2("", &q_u->name, q_u->name_ptr,ps, depth))
+		return False;
+		
+	if (!prs_align(ps))
+		return False;
+	if (!prs_uint32("environment_ptr", ps, depth, &q_u->environment_ptr))
+		return False;
+	if (!smb_io_unistr2("", &q_u->environment, q_u->environment_ptr, ps, depth))
+		return False;
+		
+	if (!prs_align(ps))
+		return False;
+	if (!prs_uint32("level", ps, depth, &q_u->level))
+		return False;
+		
+	if (!spoolss_io_buffer("", ps, depth, &q_u->buffer))
+		return False;
+
+	if (!prs_align(ps))
+		return False;
+		
+	if (!prs_uint32("offered", ps, depth, &q_u->offered))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL spoolss_io_q_enumforms(char *desc, SPOOL_Q_ENUMFORMS *q_u, prs_struct *ps, int depth)
+{
+
+	prs_debug(ps, depth, desc, "spoolss_io_q_enumforms");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;			
+	if (!smb_io_pol_hnd("printer handle",&q_u->handle,ps,depth))
+		return False;		
+	if (!prs_uint32("level", ps, depth, &q_u->level))
+		return False;	
+	
+	if (!spoolss_io_buffer("", ps, depth, &q_u->buffer))
+		return False;
+
+	if (!prs_align(ps))
+		return False;
+	if (!prs_uint32("offered", ps, depth, &q_u->offered))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL spoolss_io_r_enumforms(char *desc, SPOOL_R_ENUMFORMS *r_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_r_enumforms");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+		
+	if (!spoolss_io_buffer("", ps, depth, &r_u->buffer))
+		return False;
+
+	if (!prs_align(ps))
+		return False;
+		
+	if (!prs_uint32("size of buffer needed", ps, depth, &r_u->needed))
+		return False;
+		
+	if (!prs_uint32("numofforms", ps, depth, &r_u->numofforms))
+		return False;
+		
+	if (!prs_werror("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL spoolss_io_q_getform(char *desc, SPOOL_Q_GETFORM *q_u, prs_struct *ps, int depth)
+{
+
+	prs_debug(ps, depth, desc, "spoolss_io_q_getform");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;			
+	if (!smb_io_pol_hnd("printer handle",&q_u->handle,ps,depth))
+		return False;		
+	if (!smb_io_unistr2("", &q_u->formname,True,ps,depth))
+		return False;
+
+	if (!prs_align(ps))
+		return False;
+
+	if (!prs_uint32("level", ps, depth, &q_u->level))
+		return False;	
+	
+	if (!spoolss_io_buffer("", ps, depth, &q_u->buffer))
+		return False;
+
+	if (!prs_align(ps))
+		return False;
+	if (!prs_uint32("offered", ps, depth, &q_u->offered))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL spoolss_io_r_getform(char *desc, SPOOL_R_GETFORM *r_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_r_getform");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+		
+	if (!spoolss_io_buffer("", ps, depth, &r_u->buffer))
+		return False;
+
+	if (!prs_align(ps))
+		return False;
+		
+	if (!prs_uint32("size of buffer needed", ps, depth, &r_u->needed))
+		return False;
+		
+	if (!prs_werror("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Parse a SPOOL_R_ENUMPORTS structure.
+********************************************************************/  
+
+BOOL spoolss_io_r_enumports(char *desc, SPOOL_R_ENUMPORTS *r_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_r_enumports");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+		
+	if (!spoolss_io_buffer("", ps, depth, &r_u->buffer))
+		return False;
+
+	if (!prs_align(ps))
+		return False;
+		
+	if (!prs_uint32("needed", ps, depth, &r_u->needed))
+		return False;
+		
+	if (!prs_uint32("returned", ps, depth, &r_u->returned))
+		return False;
+		
+	if (!prs_werror("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;		
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL spoolss_io_q_enumports(char *desc, SPOOL_Q_ENUMPORTS *q_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+
+	if (!prs_uint32("", ps, depth, &q_u->name_ptr))
+		return False;
+	if (!smb_io_unistr2("", &q_u->name,True,ps,depth))
+		return False;
+
+	if (!prs_align(ps))
+		return False;
+	if (!prs_uint32("level", ps, depth, &q_u->level))
+		return False;
+		
+	if (!spoolss_io_buffer("", ps, depth, &q_u->buffer))
+		return False;
+
+	if (!prs_align(ps))
+		return False;
+	if (!prs_uint32("offered", ps, depth, &q_u->offered))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Parse a SPOOL_PRINTER_INFO_LEVEL_1 structure.
+********************************************************************/  
+
+BOOL spool_io_printer_info_level_1(char *desc, SPOOL_PRINTER_INFO_LEVEL_1 *il, prs_struct *ps, int depth)
+{	
+	prs_debug(ps, depth, desc, "spool_io_printer_info_level_1");
+	depth++;
+		
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("flags", ps, depth, &il->flags))
+		return False;
+	if(!prs_uint32("description_ptr", ps, depth, &il->description_ptr))
+		return False;
+	if(!prs_uint32("name_ptr", ps, depth, &il->name_ptr))
+		return False;
+	if(!prs_uint32("comment_ptr", ps, depth, &il->comment_ptr))
+		return False;
+		
+	if(!smb_io_unistr2("description", &il->description, il->description_ptr, ps, depth))
+		return False;
+	if(!smb_io_unistr2("name", &il->name, il->name_ptr, ps, depth))
+		return False;
+	if(!smb_io_unistr2("comment", &il->comment, il->comment_ptr, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Parse a SPOOL_PRINTER_INFO_LEVEL_3 structure.
+********************************************************************/  
+
+BOOL spool_io_printer_info_level_3(char *desc, SPOOL_PRINTER_INFO_LEVEL_3 *il, prs_struct *ps, int depth)
+{	
+	prs_debug(ps, depth, desc, "spool_io_printer_info_level_3");
+	depth++;
+		
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("secdesc_ptr", ps, depth, &il->secdesc_ptr))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Parse a SPOOL_PRINTER_INFO_LEVEL_2 structure.
+********************************************************************/  
+
+BOOL spool_io_printer_info_level_2(char *desc, SPOOL_PRINTER_INFO_LEVEL_2 *il, prs_struct *ps, int depth)
+{	
+	prs_debug(ps, depth, desc, "spool_io_printer_info_level_2");
+	depth++;
+		
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("servername_ptr", ps, depth, &il->servername_ptr))
+		return False;
+	if(!prs_uint32("printername_ptr", ps, depth, &il->printername_ptr))
+		return False;
+	if(!prs_uint32("sharename_ptr", ps, depth, &il->sharename_ptr))
+		return False;
+	if(!prs_uint32("portname_ptr", ps, depth, &il->portname_ptr))
+		return False;
+
+	if(!prs_uint32("drivername_ptr", ps, depth, &il->drivername_ptr))
+		return False;
+	if(!prs_uint32("comment_ptr", ps, depth, &il->comment_ptr))
+		return False;
+	if(!prs_uint32("location_ptr", ps, depth, &il->location_ptr))
+		return False;
+	if(!prs_uint32("devmode_ptr", ps, depth, &il->devmode_ptr))
+		return False;
+	if(!prs_uint32("sepfile_ptr", ps, depth, &il->sepfile_ptr))
+		return False;
+	if(!prs_uint32("printprocessor_ptr", ps, depth, &il->printprocessor_ptr))
+		return False;
+	if(!prs_uint32("datatype_ptr", ps, depth, &il->datatype_ptr))
+		return False;
+	if(!prs_uint32("parameters_ptr", ps, depth, &il->parameters_ptr))
+		return False;
+	if(!prs_uint32("secdesc_ptr", ps, depth, &il->secdesc_ptr))
+		return False;
+
+	if(!prs_uint32("attributes", ps, depth, &il->attributes))
+		return False;
+	if(!prs_uint32("priority", ps, depth, &il->priority))
+		return False;
+	if(!prs_uint32("default_priority", ps, depth, &il->default_priority))
+		return False;
+	if(!prs_uint32("starttime", ps, depth, &il->starttime))
+		return False;
+	if(!prs_uint32("untiltime", ps, depth, &il->untiltime))
+		return False;
+	if(!prs_uint32("status", ps, depth, &il->status))
+		return False;
+	if(!prs_uint32("cjobs", ps, depth, &il->cjobs))
+		return False;
+	if(!prs_uint32("averageppm", ps, depth, &il->averageppm))
+		return False;
+
+	if(!smb_io_unistr2("servername", &il->servername, il->servername_ptr, ps, depth))
+		return False;
+	if(!smb_io_unistr2("printername", &il->printername, il->printername_ptr, ps, depth))
+		return False;
+	if(!smb_io_unistr2("sharename", &il->sharename, il->sharename_ptr, ps, depth))
+		return False;
+	if(!smb_io_unistr2("portname", &il->portname, il->portname_ptr, ps, depth))
+		return False;
+	if(!smb_io_unistr2("drivername", &il->drivername, il->drivername_ptr, ps, depth))
+		return False;
+	if(!smb_io_unistr2("comment", &il->comment, il->comment_ptr, ps, depth))
+		return False;
+	if(!smb_io_unistr2("location", &il->location, il->location_ptr, ps, depth))
+		return False;
+	if(!smb_io_unistr2("sepfile", &il->sepfile, il->sepfile_ptr, ps, depth))
+		return False;
+	if(!smb_io_unistr2("printprocessor", &il->printprocessor, il->printprocessor_ptr, ps, depth))
+		return False;
+	if(!smb_io_unistr2("datatype", &il->datatype, il->datatype_ptr, ps, depth))
+		return False;
+	if(!smb_io_unistr2("parameters", &il->parameters, il->parameters_ptr, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL spool_io_printer_info_level(char *desc, SPOOL_PRINTER_INFO_LEVEL *il, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spool_io_printer_info_level");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	if(!prs_uint32("level", ps, depth, &il->level))
+		return False;
+	if(!prs_uint32("info_ptr", ps, depth, &il->info_ptr))
+		return False;
+	
+	/* if no struct inside just return */
+	if (il->info_ptr==0) {
+		if (UNMARSHALLING(ps)) {
+			il->info_1=NULL;
+			il->info_2=NULL;
+		}
+		return True;
+	}
+			
+	switch (il->level) {
+		/*
+		 * level 0 is used by setprinter when managing the queue
+		 * (hold, stop, start a queue)
+		 */
+		case 0:
+			break;
+		/* DOCUMENT ME!!! What is level 1 used for? */
+		case 1:
+		{
+			if (UNMARSHALLING(ps)) {
+				if ((il->info_1=(SPOOL_PRINTER_INFO_LEVEL_1 *)prs_alloc_mem(ps,sizeof(SPOOL_PRINTER_INFO_LEVEL_1))) == NULL)
+					return False;
+			}
+			if (!spool_io_printer_info_level_1("", il->info_1, ps, depth))
+				return False;
+			break;		
+		}
+		/* 
+		 * level 2 is used by addprinter
+		 * and by setprinter when updating printer's info
+		 */	
+		case 2:
+			if (UNMARSHALLING(ps)) {
+				if ((il->info_2=(SPOOL_PRINTER_INFO_LEVEL_2 *)prs_alloc_mem(ps,sizeof(SPOOL_PRINTER_INFO_LEVEL_2))) == NULL)
+					return False;
+			}
+			if (!spool_io_printer_info_level_2("", il->info_2, ps, depth))
+				return False;
+			break;		
+		/* DOCUMENT ME!!! What is level 3 used for? */
+		case 3:
+		{
+			if (UNMARSHALLING(ps)) {
+				if ((il->info_3=(SPOOL_PRINTER_INFO_LEVEL_3 *)prs_alloc_mem(ps,sizeof(SPOOL_PRINTER_INFO_LEVEL_3))) == NULL)
+					return False;
+			}
+			if (!spool_io_printer_info_level_3("", il->info_3, ps, depth))
+				return False;
+			break;		
+		}
+	}
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL spoolss_io_q_addprinterex(char *desc, SPOOL_Q_ADDPRINTEREX *q_u, prs_struct *ps, int depth)
+{
+	uint32 ptr_sec_desc = 0;
+
+	prs_debug(ps, depth, desc, "spoolss_io_q_addprinterex");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	if(!prs_uint32("", ps, depth, &q_u->server_name_ptr))
+		return False;
+	if(!smb_io_unistr2("", &q_u->server_name, q_u->server_name_ptr, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("info_level", ps, depth, &q_u->level))
+		return False;
+	
+	if(!spool_io_printer_info_level("", &q_u->info, ps, depth))
+		return False;
+	
+	if (!spoolss_io_devmode_cont(desc, &q_u->devmode_ctr, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	switch (q_u->level) {
+		case 2:
+			ptr_sec_desc = q_u->info.info_2->secdesc_ptr;
+			break;
+		case 3:
+			ptr_sec_desc = q_u->info.info_3->secdesc_ptr;
+			break;
+	}
+	if (ptr_sec_desc) {
+		if (!sec_io_desc_buf(desc, &q_u->secdesc_ctr, ps, depth))
+			return False;
+	} else {
+		uint32 dummy;
+
+		/* Parse a NULL security descriptor.  This should really
+			happen inside the sec_io_desc_buf() function. */
+
+		prs_debug(ps, depth, "", "sec_io_desc_buf");
+		if (!prs_uint32("size", ps, depth + 1, &dummy))
+			return False;
+		if (!prs_uint32("ptr", ps, depth + 1, &dummy))
+			return False;
+	}
+
+	if(!prs_uint32("user_switch", ps, depth, &q_u->user_switch))
+		return False;
+	if(!spool_io_user_level("", &q_u->user_ctr, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL spoolss_io_r_addprinterex(char *desc, SPOOL_R_ADDPRINTEREX *r_u, 
+			       prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_r_addprinterex");
+	depth++;
+	
+	if(!smb_io_pol_hnd("printer handle",&r_u->handle,ps,depth))
+		return False;
+
+	if(!prs_werror("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL spool_io_printer_driver_info_level_3(char *desc, SPOOL_PRINTER_DRIVER_INFO_LEVEL_3 **q_u, 
+                                          prs_struct *ps, int depth)
+{	
+	SPOOL_PRINTER_DRIVER_INFO_LEVEL_3 *il;
+	
+	prs_debug(ps, depth, desc, "spool_io_printer_driver_info_level_3");
+	depth++;
+		
+	/* reading */
+	if (UNMARSHALLING(ps)) {
+		il=(SPOOL_PRINTER_DRIVER_INFO_LEVEL_3 *)prs_alloc_mem(ps,sizeof(SPOOL_PRINTER_DRIVER_INFO_LEVEL_3));
+		if(il == NULL)
+			return False;
+		*q_u=il;
+	}
+	else {
+		il=*q_u;
+	}
+	
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("cversion", ps, depth, &il->cversion))
+		return False;
+	if(!prs_uint32("name", ps, depth, &il->name_ptr))
+		return False;
+	if(!prs_uint32("environment", ps, depth, &il->environment_ptr))
+		return False;
+	if(!prs_uint32("driverpath", ps, depth, &il->driverpath_ptr))
+		return False;
+	if(!prs_uint32("datafile", ps, depth, &il->datafile_ptr))
+		return False;
+	if(!prs_uint32("configfile", ps, depth, &il->configfile_ptr))
+		return False;
+	if(!prs_uint32("helpfile", ps, depth, &il->helpfile_ptr))
+		return False;
+	if(!prs_uint32("monitorname", ps, depth, &il->monitorname_ptr))
+		return False;
+	if(!prs_uint32("defaultdatatype", ps, depth, &il->defaultdatatype_ptr))
+		return False;
+	if(!prs_uint32("dependentfilessize", ps, depth, &il->dependentfilessize))
+		return False;
+	if(!prs_uint32("dependentfiles", ps, depth, &il->dependentfiles_ptr))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!smb_io_unistr2("name", &il->name, il->name_ptr, ps, depth))
+		return False;
+	if(!smb_io_unistr2("environment", &il->environment, il->environment_ptr, ps, depth))
+		return False;
+	if(!smb_io_unistr2("driverpath", &il->driverpath, il->driverpath_ptr, ps, depth))
+		return False;
+	if(!smb_io_unistr2("datafile", &il->datafile, il->datafile_ptr, ps, depth))
+		return False;
+	if(!smb_io_unistr2("configfile", &il->configfile, il->configfile_ptr, ps, depth))
+		return False;
+	if(!smb_io_unistr2("helpfile", &il->helpfile, il->helpfile_ptr, ps, depth))
+		return False;
+	if(!smb_io_unistr2("monitorname", &il->monitorname, il->monitorname_ptr, ps, depth))
+		return False;
+	if(!smb_io_unistr2("defaultdatatype", &il->defaultdatatype, il->defaultdatatype_ptr, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+		
+	if (il->dependentfiles_ptr)
+		smb_io_buffer5("", &il->dependentfiles, ps, depth);
+
+	return True;
+}
+
+/*******************************************************************
+parse a SPOOL_PRINTER_DRIVER_INFO_LEVEL_6 structure
+********************************************************************/  
+
+BOOL spool_io_printer_driver_info_level_6(char *desc, SPOOL_PRINTER_DRIVER_INFO_LEVEL_6 **q_u, 
+                                          prs_struct *ps, int depth)
+{	
+	SPOOL_PRINTER_DRIVER_INFO_LEVEL_6 *il;
+	
+	prs_debug(ps, depth, desc, "spool_io_printer_driver_info_level_6");
+	depth++;
+		
+	/* reading */
+	if (UNMARSHALLING(ps)) {
+		il=(SPOOL_PRINTER_DRIVER_INFO_LEVEL_6 *)prs_alloc_mem(ps,sizeof(SPOOL_PRINTER_DRIVER_INFO_LEVEL_6));
+		if(il == NULL)
+			return False;
+		*q_u=il;
+	}
+	else {
+		il=*q_u;
+	}
+	
+	if(!prs_align(ps))
+		return False;
+
+
+	/* parse the main elements the packet */
+
+	if(!prs_uint32("version", ps, depth, &il->version))
+		return False;
+
+	if(!prs_uint32("name_ptr", ps, depth, &il->name_ptr))
+		return False;	
+	/*
+	 * If name_ptr is NULL then the next 4 bytes are the name_ptr. A driver 
+	 * with a NULL name just isn't a driver For example: "HP LaserJet 4si"
+	 * from W2K CDROM (which uses unidriver). JohnR 010205
+	 */
+	if (!il->name_ptr) {
+		DEBUG(5,("spool_io_printer_driver_info_level_6: name_ptr is NULL! Get next value\n"));
+		if(!prs_uint32("name_ptr", ps, depth, &il->name_ptr))
+			return False;	
+	}
+	
+	if(!prs_uint32("environment_ptr", ps, depth, &il->environment_ptr))
+		return False;
+	if(!prs_uint32("driverpath_ptr", ps, depth, &il->driverpath_ptr))
+		return False;
+	if(!prs_uint32("datafile_ptr", ps, depth, &il->datafile_ptr))
+		return False;
+	if(!prs_uint32("configfile_ptr", ps, depth, &il->configfile_ptr))
+		return False;
+	if(!prs_uint32("helpfile_ptr", ps, depth, &il->helpfile_ptr))
+		return False;
+	if(!prs_uint32("monitorname_ptr", ps, depth, &il->monitorname_ptr))
+		return False;
+	if(!prs_uint32("defaultdatatype_ptr", ps, depth, &il->defaultdatatype_ptr))
+		return False;
+	if(!prs_uint32("dependentfiles_len", ps, depth, &il->dependentfiles_len))
+		return False;
+	if(!prs_uint32("dependentfiles_ptr", ps, depth, &il->dependentfiles_ptr))
+		return False;
+	if(!prs_uint32("previousnames_len", ps, depth, &il->previousnames_len))
+		return False;
+	if(!prs_uint32("previousnames_ptr", ps, depth, &il->previousnames_ptr))
+		return False;
+	if(!smb_io_time("driverdate", &il->driverdate, ps, depth))
+		return False;
+	if(!prs_uint32("dummy4", ps, depth, &il->dummy4))
+		return False;
+	if(!prs_uint64("driverversion", ps, depth, &il->driverversion))
+		return False;
+	if(!prs_uint32("mfgname_ptr", ps, depth, &il->mfgname_ptr))
+		return False;
+	if(!prs_uint32("oemurl_ptr", ps, depth, &il->oemurl_ptr))
+		return False;
+	if(!prs_uint32("hardwareid_ptr", ps, depth, &il->hardwareid_ptr))
+		return False;
+	if(!prs_uint32("provider_ptr", ps, depth, &il->provider_ptr))
+		return False;
+
+	/* parse the structures in the packet */
+
+	if(!smb_io_unistr2("name", &il->name, il->name_ptr, ps, depth))
+		return False;
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_unistr2("environment", &il->environment, il->environment_ptr, ps, depth))
+		return False;
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_unistr2("driverpath", &il->driverpath, il->driverpath_ptr, ps, depth))
+		return False;
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_unistr2("datafile", &il->datafile, il->datafile_ptr, ps, depth))
+		return False;
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_unistr2("configfile", &il->configfile, il->configfile_ptr, ps, depth))
+		return False;
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_unistr2("helpfile", &il->helpfile, il->helpfile_ptr, ps, depth))
+		return False;
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_unistr2("monitorname", &il->monitorname, il->monitorname_ptr, ps, depth))
+		return False;
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_unistr2("defaultdatatype", &il->defaultdatatype, il->defaultdatatype_ptr, ps, depth))
+		return False;
+	if(!prs_align(ps))
+		return False;
+	if (il->dependentfiles_ptr) {
+		if(!smb_io_buffer5("dependentfiles", &il->dependentfiles, ps, depth))
+			return False;
+		if(!prs_align(ps))
+			return False;
+	}
+	if (il->previousnames_ptr) {
+		if(!smb_io_buffer5("previousnames", &il->previousnames, ps, depth))
+			return False;
+		if(!prs_align(ps))
+			return False;
+	}
+	if(!smb_io_unistr2("mfgname", &il->mfgname, il->mfgname_ptr, ps, depth))
+		return False;
+	if(!prs_align(ps))
+		return False;
+	if(!smb_io_unistr2("oemurl", &il->oemurl, il->oemurl_ptr, ps, depth))
+		return False;
+	if(!prs_align(ps))
+		return False;
+	if(!smb_io_unistr2("hardwareid", &il->hardwareid, il->hardwareid_ptr, ps, depth))
+		return False;
+	if(!prs_align(ps))
+		return False;
+	if(!smb_io_unistr2("provider", &il->provider, il->provider_ptr, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ convert a buffer of UNICODE strings null terminated
+ the buffer is terminated by a NULL
+ 
+ convert to an dos codepage array (null terminated)
+ 
+ dynamically allocate memory
+ 
+********************************************************************/  
+static BOOL uniarray_2_dosarray(BUFFER5 *buf5, fstring **ar)
+{
+	fstring f, *tar;
+	int n = 0;
+	char *src;
+
+	if (buf5==NULL)
+		return False;
+
+	src = (char *)buf5->buffer;
+	*ar = NULL;
+
+	while (src < ((char *)buf5->buffer) + buf5->buf_len*2) {
+		rpcstr_pull(f, src, sizeof(f)-1, -1, 0);
+		src = skip_unibuf(src, 2*buf5->buf_len - PTR_DIFF(src,buf5->buffer));
+		tar = (fstring *)Realloc(*ar, sizeof(fstring)*(n+2));
+		if (!tar)
+			return False;
+		else
+			*ar = tar;
+		fstrcpy((*ar)[n], f);
+		n++;
+	}
+	fstrcpy((*ar)[n], "");
+ 
+	return True;
+}
+
+
+
+
+/*******************************************************************
+ read a UNICODE array with null terminated strings 
+ and null terminated array 
+ and size of array at beginning
+********************************************************************/  
+
+BOOL smb_io_unibuffer(char *desc, UNISTR2 *buffer, prs_struct *ps, int depth)
+{
+	if (buffer==NULL) return False;
+
+	buffer->undoc=0;
+	buffer->uni_str_len=buffer->uni_max_len;
+	
+	if(!prs_uint32("buffer_size", ps, depth, &buffer->uni_max_len))
+		return False;
+
+	if(!prs_unistr2(True, "buffer     ", ps, depth, buffer))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL spool_io_printer_driver_info_level(char *desc, SPOOL_PRINTER_DRIVER_INFO_LEVEL *il, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spool_io_printer_driver_info_level");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	if(!prs_uint32("level", ps, depth, &il->level))
+		return False;
+	if(!prs_uint32("ptr", ps, depth, &il->ptr))
+		return False;
+
+	if (il->ptr==0)
+		return True;
+		
+	switch (il->level) {
+		case 3:
+			if(!spool_io_printer_driver_info_level_3("", &il->info_3, ps, depth))
+				return False;
+			break;		
+		case 6:
+			if(!spool_io_printer_driver_info_level_6("", &il->info_6, ps, depth))
+				return False;
+			break;		
+	default:
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ init a SPOOL_Q_ADDPRINTERDRIVER struct
+ ******************************************************************/
+
+BOOL make_spoolss_q_addprinterdriver(TALLOC_CTX *mem_ctx,
+				SPOOL_Q_ADDPRINTERDRIVER *q_u, const char* srv_name, 
+				uint32 level, PRINTER_DRIVER_CTR *info)
+{
+	DEBUG(5,("make_spoolss_q_addprinterdriver\n"));
+	
+	q_u->server_name_ptr = (srv_name!=NULL)?1:0;
+	init_unistr2(&q_u->server_name, srv_name, strlen(srv_name)+1);
+	
+	q_u->level = level;
+	
+	q_u->info.level = level;
+	q_u->info.ptr = (info!=NULL)?1:0;
+	switch (level)
+	{
+	/* info level 3 is supported by Windows 95/98, WinNT and Win2k */
+	case 3 :
+		make_spoolss_driver_info_3(mem_ctx, &q_u->info.info_3, info->info3);
+		break;
+		
+	/* info level 6 is supported by WinME and Win2k */
+	case 6:
+		/* WRITEME!!  will add later  --jerry */
+		break;
+		
+	default:
+		DEBUG(0,("make_spoolss_q_addprinterdriver: Unknown info level [%d]\n", level));
+		break;
+	}
+	
+	return True;
+}
+
+BOOL make_spoolss_driver_info_3(TALLOC_CTX *mem_ctx, 
+	SPOOL_PRINTER_DRIVER_INFO_LEVEL_3 **spool_drv_info,
+				DRIVER_INFO_3 *info3)
+{
+	uint32		len = 0;
+	uint16		*ptr = info3->dependentfiles;
+	BOOL		done = False;
+	BOOL		null_char = False;
+	SPOOL_PRINTER_DRIVER_INFO_LEVEL_3 *inf;
+
+	if (!(inf=(SPOOL_PRINTER_DRIVER_INFO_LEVEL_3*)talloc_zero(mem_ctx, sizeof(SPOOL_PRINTER_DRIVER_INFO_LEVEL_3))))
+		return False;
+	
+	inf->cversion	= info3->version;
+	inf->name_ptr	= (info3->name.buffer!=NULL)?1:0;
+	inf->environment_ptr	= (info3->architecture.buffer!=NULL)?1:0;
+	inf->driverpath_ptr	= (info3->driverpath.buffer!=NULL)?1:0;
+	inf->datafile_ptr	= (info3->datafile.buffer!=NULL)?1:0;
+	inf->configfile_ptr	= (info3->configfile.buffer!=NULL)?1:0;
+	inf->helpfile_ptr	= (info3->helpfile.buffer!=NULL)?1:0;
+	inf->monitorname_ptr	= (info3->monitorname.buffer!=NULL)?1:0;
+	inf->defaultdatatype_ptr	= (info3->defaultdatatype.buffer!=NULL)?1:0;
+
+	init_unistr2_from_unistr(&inf->name, &info3->name);
+	init_unistr2_from_unistr(&inf->environment, &info3->architecture);
+	init_unistr2_from_unistr(&inf->driverpath, &info3->driverpath);
+	init_unistr2_from_unistr(&inf->datafile, &info3->datafile);
+	init_unistr2_from_unistr(&inf->configfile, &info3->configfile);
+	init_unistr2_from_unistr(&inf->helpfile, &info3->helpfile);
+	init_unistr2_from_unistr(&inf->monitorname, &info3->monitorname);
+	init_unistr2_from_unistr(&inf->defaultdatatype, &info3->defaultdatatype);
+
+	while (!done)
+	{
+		switch (*ptr)
+		{
+			case 0:
+				/* the null_char BOOL is used to help locate
+				   two '\0's back to back */
+				if (null_char)
+					done = True;
+				else
+					null_char = True;
+				break;
+					
+			default:
+				null_char = False;
+				;;
+				break;				
+		}
+		len++;
+		ptr++;
+	}
+	inf->dependentfiles_ptr = (info3->dependentfiles != NULL) ? 1 : 0;
+	inf->dependentfilessize = len;
+	if(!make_spoolss_buffer5(mem_ctx, &inf->dependentfiles, len, info3->dependentfiles))
+	{
+		SAFE_FREE(inf);
+		return False;
+	}
+	
+	*spool_drv_info = inf;
+	
+	return True;
+}
+
+/*******************************************************************
+ make a BUFFER5 struct from a uint16*
+ ******************************************************************/
+BOOL make_spoolss_buffer5(TALLOC_CTX *mem_ctx, BUFFER5 *buf5, uint32 len, uint16 *src)
+{
+
+	buf5->buf_len = len;
+	if((buf5->buffer=(uint16*)talloc_memdup(mem_ctx, src, sizeof(uint16)*len)) == NULL)
+	{
+		DEBUG(0,("make_spoolss_buffer5: Unable to malloc memory for buffer!\n"));
+		return False;
+	}
+	
+	return True;
+}
+
+/*******************************************************************
+ fill in the prs_struct for a ADDPRINTERDRIVER request PDU
+ ********************************************************************/  
+
+BOOL spoolss_io_q_addprinterdriver(char *desc, SPOOL_Q_ADDPRINTERDRIVER *q_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_q_addprinterdriver");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("server_name_ptr", ps, depth, &q_u->server_name_ptr))
+		return False;
+	if(!smb_io_unistr2("server_name", &q_u->server_name, q_u->server_name_ptr, ps, depth))
+		return False;
+		
+	if(!prs_align(ps))
+		return False;
+	if(!prs_uint32("info_level", ps, depth, &q_u->level))
+		return False;
+
+	if(!spool_io_printer_driver_info_level("", &q_u->info, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL spoolss_io_r_addprinterdriver(char *desc, SPOOL_R_ADDPRINTERDRIVER *q_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_r_addprinterdriver");
+	depth++;
+
+	if(!prs_werror("status", ps, depth, &q_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL uni_2_asc_printer_driver_3(SPOOL_PRINTER_DRIVER_INFO_LEVEL_3 *uni,
+                                NT_PRINTER_DRIVER_INFO_LEVEL_3 **asc)
+{
+	NT_PRINTER_DRIVER_INFO_LEVEL_3 *d;
+	
+	DEBUG(7,("uni_2_asc_printer_driver_3: Converting from UNICODE to ASCII\n"));
+	
+	if (*asc==NULL)
+	{
+		*asc=(NT_PRINTER_DRIVER_INFO_LEVEL_3 *)malloc(sizeof(NT_PRINTER_DRIVER_INFO_LEVEL_3));
+		if(*asc == NULL)
+			return False;
+		ZERO_STRUCTP(*asc);
+	}	
+
+	d=*asc;
+
+	d->cversion=uni->cversion;
+
+	unistr2_to_ascii(d->name,            &uni->name,            sizeof(d->name)-1);
+	unistr2_to_ascii(d->environment,     &uni->environment,     sizeof(d->environment)-1);
+	unistr2_to_ascii(d->driverpath,      &uni->driverpath,      sizeof(d->driverpath)-1);
+	unistr2_to_ascii(d->datafile,        &uni->datafile,        sizeof(d->datafile)-1);
+	unistr2_to_ascii(d->configfile,      &uni->configfile,      sizeof(d->configfile)-1);
+	unistr2_to_ascii(d->helpfile,        &uni->helpfile,        sizeof(d->helpfile)-1);
+	unistr2_to_ascii(d->monitorname,     &uni->monitorname,     sizeof(d->monitorname)-1);
+	unistr2_to_ascii(d->defaultdatatype, &uni->defaultdatatype, sizeof(d->defaultdatatype)-1);
+
+	DEBUGADD(8,( "version:         %d\n", d->cversion));
+	DEBUGADD(8,( "name:            %s\n", d->name));
+	DEBUGADD(8,( "environment:     %s\n", d->environment));
+	DEBUGADD(8,( "driverpath:      %s\n", d->driverpath));
+	DEBUGADD(8,( "datafile:        %s\n", d->datafile));
+	DEBUGADD(8,( "configfile:      %s\n", d->configfile));
+	DEBUGADD(8,( "helpfile:        %s\n", d->helpfile));
+	DEBUGADD(8,( "monitorname:     %s\n", d->monitorname));
+	DEBUGADD(8,( "defaultdatatype: %s\n", d->defaultdatatype));
+
+	if (uniarray_2_dosarray(&uni->dependentfiles, &d->dependentfiles ))
+		return True;
+	
+	SAFE_FREE(*asc);
+	return False;
+}
+
+/*******************************************************************
+********************************************************************/  
+BOOL uni_2_asc_printer_driver_6(SPOOL_PRINTER_DRIVER_INFO_LEVEL_6 *uni,
+                                NT_PRINTER_DRIVER_INFO_LEVEL_6 **asc)
+{
+	NT_PRINTER_DRIVER_INFO_LEVEL_6 *d;
+	
+	DEBUG(7,("uni_2_asc_printer_driver_6: Converting from UNICODE to ASCII\n"));
+	
+	if (*asc==NULL)
+	{
+		*asc=(NT_PRINTER_DRIVER_INFO_LEVEL_6 *)malloc(sizeof(NT_PRINTER_DRIVER_INFO_LEVEL_6));
+		if(*asc == NULL)
+			return False;
+		ZERO_STRUCTP(*asc);
+	}	
+
+	d=*asc;
+
+	d->version=uni->version;
+
+	unistr2_to_ascii(d->name,            &uni->name,            sizeof(d->name)-1);
+	unistr2_to_ascii(d->environment,     &uni->environment,     sizeof(d->environment)-1);
+	unistr2_to_ascii(d->driverpath,      &uni->driverpath,      sizeof(d->driverpath)-1);
+	unistr2_to_ascii(d->datafile,        &uni->datafile,        sizeof(d->datafile)-1);
+	unistr2_to_ascii(d->configfile,      &uni->configfile,      sizeof(d->configfile)-1);
+	unistr2_to_ascii(d->helpfile,        &uni->helpfile,        sizeof(d->helpfile)-1);
+	unistr2_to_ascii(d->monitorname,     &uni->monitorname,     sizeof(d->monitorname)-1);
+	unistr2_to_ascii(d->defaultdatatype, &uni->defaultdatatype, sizeof(d->defaultdatatype)-1);
+
+	DEBUGADD(8,( "version:         %d\n", d->version));
+	DEBUGADD(8,( "name:            %s\n", d->name));
+	DEBUGADD(8,( "environment:     %s\n", d->environment));
+	DEBUGADD(8,( "driverpath:      %s\n", d->driverpath));
+	DEBUGADD(8,( "datafile:        %s\n", d->datafile));
+	DEBUGADD(8,( "configfile:      %s\n", d->configfile));
+	DEBUGADD(8,( "helpfile:        %s\n", d->helpfile));
+	DEBUGADD(8,( "monitorname:     %s\n", d->monitorname));
+	DEBUGADD(8,( "defaultdatatype: %s\n", d->defaultdatatype));
+
+	if (!uniarray_2_dosarray(&uni->dependentfiles, &d->dependentfiles ))
+		goto error;
+	if (!uniarray_2_dosarray(&uni->previousnames, &d->previousnames ))
+		goto error;
+	
+	return True;
+	
+error:
+	SAFE_FREE(*asc);
+	return False;
+}
+
+BOOL uni_2_asc_printer_info_2(const SPOOL_PRINTER_INFO_LEVEL_2 *uni,
+                              NT_PRINTER_INFO_LEVEL_2  **asc)
+{
+	NT_PRINTER_INFO_LEVEL_2 *d;
+	time_t time_unix;
+	
+	DEBUG(7,("Converting from UNICODE to ASCII\n"));
+	time_unix=time(NULL);
+	
+	if (*asc==NULL) {
+		DEBUGADD(8,("allocating memory\n"));
+
+		*asc=(NT_PRINTER_INFO_LEVEL_2 *)malloc(sizeof(NT_PRINTER_INFO_LEVEL_2));
+		if(*asc == NULL)
+			return False;
+		ZERO_STRUCTP(*asc);
+		
+		/* we allocate memory iff called from 
+		 * addprinter(ex) so we can do one time stuff here.
+		 */
+		(*asc)->setuptime=time_unix;
+
+	}	
+	DEBUGADD(8,("start converting\n"));
+
+	d=*asc;
+		
+	d->attributes=uni->attributes;
+	d->priority=uni->priority;
+	d->default_priority=uni->default_priority;
+	d->starttime=uni->starttime;
+	d->untiltime=uni->untiltime;
+	d->status=uni->status;
+	d->cjobs=uni->cjobs;
+	
+	unistr2_to_ascii(d->servername, &uni->servername, sizeof(d->servername)-1);
+	unistr2_to_ascii(d->printername, &uni->printername, sizeof(d->printername)-1);
+	unistr2_to_ascii(d->sharename, &uni->sharename, sizeof(d->sharename)-1);
+	unistr2_to_ascii(d->portname, &uni->portname, sizeof(d->portname)-1);
+	unistr2_to_ascii(d->drivername, &uni->drivername, sizeof(d->drivername)-1);
+	unistr2_to_ascii(d->comment, &uni->comment, sizeof(d->comment)-1);
+	unistr2_to_ascii(d->location, &uni->location, sizeof(d->location)-1);
+	unistr2_to_ascii(d->sepfile, &uni->sepfile, sizeof(d->sepfile)-1);
+	unistr2_to_ascii(d->printprocessor, &uni->printprocessor, sizeof(d->printprocessor)-1);
+	unistr2_to_ascii(d->datatype, &uni->datatype, sizeof(d->datatype)-1);
+	unistr2_to_ascii(d->parameters, &uni->parameters, sizeof(d->parameters)-1);
+
+	return True;
+}
+
+/*******************************************************************
+ * init a structure.
+ ********************************************************************/
+
+BOOL make_spoolss_q_getprinterdriverdir(SPOOL_Q_GETPRINTERDRIVERDIR *q_u,
+                                fstring servername, fstring env_name, uint32 level,
+                                NEW_BUFFER *buffer, uint32 offered)
+{
+	init_buf_unistr2(&q_u->name, &q_u->name_ptr, servername);
+	init_buf_unistr2(&q_u->environment, &q_u->environment_ptr, env_name);
+
+	q_u->level=level;
+	q_u->buffer=buffer;
+	q_u->offered=offered;
+
+	return True;
+}
+
+/*******************************************************************
+ Parse a SPOOL_Q_GETPRINTERDRIVERDIR structure.
+********************************************************************/  
+
+BOOL spoolss_io_q_getprinterdriverdir(char *desc, SPOOL_Q_GETPRINTERDRIVERDIR *q_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_q_getprinterdriverdir");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	if(!prs_uint32("name_ptr", ps, depth, &q_u->name_ptr))
+		return False;
+	if(!smb_io_unistr2("", &q_u->name, q_u->name_ptr, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+		
+	if(!prs_uint32("", ps, depth, &q_u->environment_ptr))
+		return False;
+	if(!smb_io_unistr2("", &q_u->environment, q_u->environment_ptr, ps, depth))
+		return False;
+		
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("level", ps, depth, &q_u->level))
+		return False;
+		
+	if(!spoolss_io_buffer("", ps, depth, &q_u->buffer))
+		return False;
+		
+	if(!prs_align(ps))
+		return False;
+		
+	if(!prs_uint32("offered", ps, depth, &q_u->offered))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Parse a SPOOL_R_GETPRINTERDRIVERDIR structure.
+********************************************************************/  
+
+BOOL spoolss_io_r_getprinterdriverdir(char *desc, SPOOL_R_GETPRINTERDRIVERDIR *r_u, prs_struct *ps, int depth)
+{		
+	prs_debug(ps, depth, desc, "spoolss_io_r_getprinterdriverdir");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+		
+	if (!spoolss_io_buffer("", ps, depth, &r_u->buffer))
+		return False;
+
+	if (!prs_align(ps))
+		return False;
+		
+	if (!prs_uint32("needed", ps, depth, &r_u->needed))
+		return False;
+		
+	if (!prs_werror("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;		
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL spoolss_io_r_enumprintprocessors(char *desc, SPOOL_R_ENUMPRINTPROCESSORS *r_u, prs_struct *ps, int depth)
+{		
+	prs_debug(ps, depth, desc, "spoolss_io_r_enumprintprocessors");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+		
+	if (!spoolss_io_buffer("", ps, depth, &r_u->buffer))
+		return False;
+
+	if (!prs_align(ps))
+		return False;
+		
+	if (!prs_uint32("needed", ps, depth, &r_u->needed))
+		return False;
+		
+	if (!prs_uint32("returned", ps, depth, &r_u->returned))
+		return False;
+		
+	if (!prs_werror("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;		
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL spoolss_io_q_enumprintprocessors(char *desc, SPOOL_Q_ENUMPRINTPROCESSORS *q_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_q_enumprintprocessors");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+		
+	if (!prs_uint32("name_ptr", ps, depth, &q_u->name_ptr))
+		return False;
+	if (!smb_io_unistr2("name", &q_u->name, True, ps, depth))
+		return False;
+		
+	if (!prs_align(ps))
+		return False;
+		
+	if (!prs_uint32("", ps, depth, &q_u->environment_ptr))
+		return False;
+	if (!smb_io_unistr2("", &q_u->environment, q_u->environment_ptr, ps, depth))
+		return False;
+	
+	if (!prs_align(ps))
+		return False;
+		
+	if (!prs_uint32("level", ps, depth, &q_u->level))
+		return False;
+		
+	if(!spoolss_io_buffer("", ps, depth, &q_u->buffer))
+		return False;
+
+	if (!prs_align(ps))
+		return False;
+
+	if (!prs_uint32("offered", ps, depth, &q_u->offered))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL spoolss_io_q_addprintprocessor(char *desc, SPOOL_Q_ADDPRINTPROCESSOR *q_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_q_addprintprocessor");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+		
+	if (!prs_uint32("server_ptr", ps, depth, &q_u->server_ptr))
+		return False;
+	if (!smb_io_unistr2("server", &q_u->server, q_u->server_ptr, ps, depth))
+		return False;
+		
+	if (!prs_align(ps))
+		return False;
+	if (!smb_io_unistr2("environment", &q_u->environment, True, ps, depth))
+		return False;
+		
+	if (!prs_align(ps))
+		return False;
+	if (!smb_io_unistr2("path", &q_u->path, True, ps, depth))
+		return False;
+
+	if (!prs_align(ps))
+		return False;
+	if (!smb_io_unistr2("name", &q_u->name, True, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL spoolss_io_r_addprintprocessor(char *desc, SPOOL_R_ADDPRINTPROCESSOR *r_u, prs_struct *ps, int depth)
+{		
+	prs_debug(ps, depth, desc, "spoolss_io_r_addprintproicessor");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+		
+	if (!prs_werror("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;		
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL spoolss_io_r_enumprintprocdatatypes(char *desc, SPOOL_R_ENUMPRINTPROCDATATYPES *r_u, prs_struct *ps, int depth)
+{		
+	prs_debug(ps, depth, desc, "spoolss_io_r_enumprintprocdatatypes");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+		
+	if (!spoolss_io_buffer("", ps, depth, &r_u->buffer))
+		return False;
+
+	if (!prs_align(ps))
+		return False;
+		
+	if (!prs_uint32("needed", ps, depth, &r_u->needed))
+		return False;
+		
+	if (!prs_uint32("returned", ps, depth, &r_u->returned))
+		return False;
+		
+	if (!prs_werror("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;		
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL spoolss_io_q_enumprintprocdatatypes(char *desc, SPOOL_Q_ENUMPRINTPROCDATATYPES *q_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_q_enumprintprocdatatypes");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+		
+	if (!prs_uint32("name_ptr", ps, depth, &q_u->name_ptr))
+		return False;
+	if (!smb_io_unistr2("name", &q_u->name, True, ps, depth))
+		return False;
+		
+	if (!prs_align(ps))
+		return False;
+		
+	if (!prs_uint32("processor_ptr", ps, depth, &q_u->processor_ptr))
+		return False;
+	if (!smb_io_unistr2("processor", &q_u->processor, q_u->processor_ptr, ps, depth))
+		return False;
+	
+	if (!prs_align(ps))
+		return False;
+		
+	if (!prs_uint32("level", ps, depth, &q_u->level))
+		return False;
+		
+	if(!spoolss_io_buffer("buffer", ps, depth, &q_u->buffer))
+		return False;
+
+	if (!prs_align(ps))
+		return False;
+
+	if (!prs_uint32("offered", ps, depth, &q_u->offered))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Parse a SPOOL_Q_ENUMPRINTMONITORS structure.
+********************************************************************/  
+
+BOOL spoolss_io_q_enumprintmonitors(char *desc, SPOOL_Q_ENUMPRINTMONITORS *q_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_q_enumprintmonitors");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+		
+	if (!prs_uint32("name_ptr", ps, depth, &q_u->name_ptr))
+		return False;
+	if (!smb_io_unistr2("name", &q_u->name, True, ps, depth))
+		return False;
+		
+	if (!prs_align(ps))
+		return False;
+				
+	if (!prs_uint32("level", ps, depth, &q_u->level))
+		return False;
+		
+	if(!spoolss_io_buffer("", ps, depth, &q_u->buffer))
+		return False;
+
+	if (!prs_align(ps))
+		return False;
+
+	if (!prs_uint32("offered", ps, depth, &q_u->offered))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL spoolss_io_r_enumprintmonitors(char *desc, SPOOL_R_ENUMPRINTMONITORS *r_u, prs_struct *ps, int depth)
+{		
+	prs_debug(ps, depth, desc, "spoolss_io_r_enumprintmonitors");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+		
+	if (!spoolss_io_buffer("", ps, depth, &r_u->buffer))
+		return False;
+
+	if (!prs_align(ps))
+		return False;
+		
+	if (!prs_uint32("needed", ps, depth, &r_u->needed))
+		return False;
+		
+	if (!prs_uint32("returned", ps, depth, &r_u->returned))
+		return False;
+		
+	if (!prs_werror("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;		
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL spoolss_io_r_enumprinterdata(char *desc, SPOOL_R_ENUMPRINTERDATA *r_u, prs_struct *ps, int depth)
+{	
+	prs_debug(ps, depth, desc, "spoolss_io_r_enumprinterdata");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	if(!prs_uint32("valuesize", ps, depth, &r_u->valuesize))
+		return False;
+
+	if(!prs_uint16uni(False, "value", ps, depth, r_u->value, r_u->valuesize ))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("realvaluesize", ps, depth, &r_u->realvaluesize))
+		return False;
+
+	if(!prs_uint32("type", ps, depth, &r_u->type))
+		return False;
+
+	if(!prs_uint32("datasize", ps, depth, &r_u->datasize))
+		return False;
+	if(!prs_uint8s(False, "data", ps, depth, r_u->data, r_u->datasize))
+		return False;
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("realdatasize", ps, depth, &r_u->realdatasize))
+		return False;
+	if(!prs_werror("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL spoolss_io_q_enumprinterdata(char *desc, SPOOL_Q_ENUMPRINTERDATA *q_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_q_enumprinterdata");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	if(!smb_io_pol_hnd("printer handle",&q_u->handle,ps,depth))
+		return False;
+	if(!prs_uint32("index", ps, depth, &q_u->index))
+		return False;
+	if(!prs_uint32("valuesize", ps, depth, &q_u->valuesize))
+		return False;
+	if(!prs_uint32("datasize", ps, depth, &q_u->datasize))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL make_spoolss_q_enumprinterdata(SPOOL_Q_ENUMPRINTERDATA *q_u,
+		const POLICY_HND *hnd,
+		uint32 idx, uint32 valuelen, uint32 datalen)
+{
+	memcpy(&q_u->handle, hnd, sizeof(q_u->handle));
+	q_u->index=idx;
+	q_u->valuesize=valuelen;
+	q_u->datasize=datalen;
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+BOOL make_spoolss_q_setprinterdata(SPOOL_Q_SETPRINTERDATA *q_u, TALLOC_CTX *ctx, const POLICY_HND *hnd,
+				char* value, char* data)
+{
+	UNISTR2 tmp;
+
+	memcpy(&q_u->handle, hnd, sizeof(q_u->handle));
+	q_u->type = REG_SZ;
+	init_unistr2(&q_u->value, value, strlen(value)+1);
+
+	init_unistr2(&tmp, data, strlen(data)+1);
+	q_u->max_len = q_u->real_len = tmp.uni_max_len*2;
+	q_u->data = talloc(ctx, q_u->real_len);
+	memcpy(q_u->data, tmp.buffer, q_u->real_len);
+	
+	return True;
+}
+/*******************************************************************
+********************************************************************/  
+
+BOOL spoolss_io_q_setprinterdata(char *desc, SPOOL_Q_SETPRINTERDATA *q_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_q_setprinterdata");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	if(!smb_io_pol_hnd("printer handle", &q_u->handle, ps, depth))
+		return False;
+	if(!smb_io_unistr2("", &q_u->value, True, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("type", ps, depth, &q_u->type))
+		return False;
+
+	if(!prs_uint32("max_len", ps, depth, &q_u->max_len))
+		return False;
+
+	switch (q_u->type)
+	{
+		case REG_SZ:
+		case REG_BINARY:
+		case REG_DWORD:
+		case REG_MULTI_SZ:
+            if (q_u->max_len) {
+                if (UNMARSHALLING(ps))
+    				q_u->data=(uint8 *)prs_alloc_mem(ps, q_u->max_len * sizeof(uint8));
+    			if(q_u->data == NULL)
+    				return False;
+    			if(!prs_uint8s(False,"data", ps, depth, q_u->data, q_u->max_len))
+    				return False;
+            }
+			if(!prs_align(ps))
+				return False;
+			break;
+	}	
+	
+	if(!prs_uint32("real_len", ps, depth, &q_u->real_len))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL spoolss_io_r_setprinterdata(char *desc, SPOOL_R_SETPRINTERDATA *r_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_r_setprinterdata");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	if(!prs_werror("status",     ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+BOOL spoolss_io_q_resetprinter(char *desc, SPOOL_Q_RESETPRINTER *q_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_q_resetprinter");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+	if (!smb_io_pol_hnd("printer handle", &q_u->handle, ps, depth))
+		return False;
+
+	if (!prs_uint32("datatype_ptr", ps, depth, &q_u->datatype_ptr))
+		return False;
+		
+	if (q_u->datatype_ptr) {
+		if (!smb_io_unistr2("datatype", &q_u->datatype, q_u->datatype_ptr?True:False, ps, depth))
+		return False;
+	}
+
+	if (!spoolss_io_devmode_cont(desc, &q_u->devmode_ctr, ps, depth))
+		return False;
+
+	return True;
+}
+
+
+/*******************************************************************
+********************************************************************/  
+BOOL spoolss_io_r_resetprinter(char *desc, SPOOL_R_RESETPRINTER *r_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_r_resetprinter");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	if(!prs_werror("status",     ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+BOOL convert_specific_param(NT_PRINTER_PARAM **param, const UNISTR2 *value,
+				uint32 type, const uint8 *data, uint32 len)
+{
+	DEBUG(5,("converting a specific param struct\n"));
+
+	if (*param == NULL)
+	{
+		*param=(NT_PRINTER_PARAM *)malloc(sizeof(NT_PRINTER_PARAM));
+		if(*param == NULL)
+			return False;
+		memset((char *)*param, '\0', sizeof(NT_PRINTER_PARAM));
+		DEBUGADD(6,("Allocated a new PARAM struct\n"));
+	}
+	unistr2_to_ascii((*param)->value, value, sizeof((*param)->value)-1);
+	(*param)->type = type;
+	
+	/* le champ data n'est pas NULL termine */
+	/* on stocke donc la longueur */
+	
+	(*param)->data_len=len;
+	
+	if (len) {
+		(*param)->data=(uint8 *)malloc(len * sizeof(uint8));
+		if((*param)->data == NULL)
+			return False;
+		memcpy((*param)->data, data, len);
+	}
+		
+	DEBUGADD(6,("\tvalue:[%s], len:[%d]\n",(*param)->value, (*param)->data_len));
+	dump_data(10, (char *)(*param)->data, (*param)->data_len);
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+
+static BOOL spoolss_io_addform(char *desc, FORM *f, uint32 ptr, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_addform");
+	depth++;
+	if(!prs_align(ps))
+		return False;
+
+	if (ptr!=0)
+	{
+		if(!prs_uint32("flags",    ps, depth, &f->flags))
+			return False;
+		if(!prs_uint32("name_ptr", ps, depth, &f->name_ptr))
+			return False;
+		if(!prs_uint32("size_x",   ps, depth, &f->size_x))
+			return False;
+		if(!prs_uint32("size_y",   ps, depth, &f->size_y))
+			return False;
+		if(!prs_uint32("left",     ps, depth, &f->left))
+			return False;
+		if(!prs_uint32("top",      ps, depth, &f->top))
+			return False;
+		if(!prs_uint32("right",    ps, depth, &f->right))
+			return False;
+		if(!prs_uint32("bottom",   ps, depth, &f->bottom))
+			return False;
+
+		if(!smb_io_unistr2("", &f->name, f->name_ptr, ps, depth))
+			return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL spoolss_io_q_deleteform(char *desc, SPOOL_Q_DELETEFORM *q_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_q_deleteform");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	if(!smb_io_pol_hnd("printer handle", &q_u->handle, ps, depth))
+		return False;
+	if(!smb_io_unistr2("form name", &q_u->name, True, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL spoolss_io_r_deleteform(char *desc, SPOOL_R_DELETEFORM *r_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_r_deleteform");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	if(!prs_werror("status",	ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL spoolss_io_q_addform(char *desc, SPOOL_Q_ADDFORM *q_u, prs_struct *ps, int depth)
+{
+	uint32 useless_ptr=1;
+	prs_debug(ps, depth, desc, "spoolss_io_q_addform");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	if(!smb_io_pol_hnd("printer handle", &q_u->handle, ps, depth))
+		return False;
+	if(!prs_uint32("level",  ps, depth, &q_u->level))
+		return False;
+	if(!prs_uint32("level2", ps, depth, &q_u->level2))
+		return False;
+
+	if (q_u->level==1)
+	{
+		if(!prs_uint32("useless_ptr", ps, depth, &useless_ptr))
+			return False;
+		if(!spoolss_io_addform("", &q_u->form, useless_ptr, ps, depth))
+			return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL spoolss_io_r_addform(char *desc, SPOOL_R_ADDFORM *r_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_r_addform");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	if(!prs_werror("status",	ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL spoolss_io_q_setform(char *desc, SPOOL_Q_SETFORM *q_u, prs_struct *ps, int depth)
+{
+	uint32 useless_ptr=1;
+	prs_debug(ps, depth, desc, "spoolss_io_q_setform");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	if(!smb_io_pol_hnd("printer handle", &q_u->handle, ps, depth))
+		return False;
+	if(!smb_io_unistr2("", &q_u->name, True, ps, depth))
+		return False;
+	      
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint32("level",  ps, depth, &q_u->level))
+		return False;
+	if(!prs_uint32("level2", ps, depth, &q_u->level2))
+		return False;
+
+	if (q_u->level==1)
+	{
+		if(!prs_uint32("useless_ptr", ps, depth, &useless_ptr))
+			return False;
+		if(!spoolss_io_addform("", &q_u->form, useless_ptr, ps, depth))
+			return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL spoolss_io_r_setform(char *desc, SPOOL_R_SETFORM *r_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_r_setform");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	if(!prs_werror("status",	ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Parse a SPOOL_R_GETJOB structure.
+********************************************************************/  
+
+BOOL spoolss_io_r_getjob(char *desc, SPOOL_R_GETJOB *r_u, prs_struct *ps, int depth)
+{		
+	prs_debug(ps, depth, desc, "spoolss_io_r_getjob");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+		
+	if (!spoolss_io_buffer("", ps, depth, &r_u->buffer))
+		return False;
+
+	if (!prs_align(ps))
+		return False;
+		
+	if (!prs_uint32("needed", ps, depth, &r_u->needed))
+		return False;
+		
+	if (!prs_werror("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;		
+}
+
+/*******************************************************************
+ Parse a SPOOL_Q_GETJOB structure.
+********************************************************************/  
+
+BOOL spoolss_io_q_getjob(char *desc, SPOOL_Q_GETJOB *q_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("printer handle",&q_u->handle,ps,depth))
+		return False;
+	if(!prs_uint32("jobid", ps, depth, &q_u->jobid))
+		return False;
+	if(!prs_uint32("level", ps, depth, &q_u->level))
+		return False;
+	
+	if(!spoolss_io_buffer("", ps, depth, &q_u->buffer))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint32("offered", ps, depth, &q_u->offered))
+		return False;
+
+	return True;
+}
+
+void free_devmode(DEVICEMODE *devmode)
+{
+	if (devmode!=NULL) {
+		SAFE_FREE(devmode->private);
+		SAFE_FREE(devmode);
+	}
+}
+
+void free_printer_info_1(PRINTER_INFO_1 *printer)
+{
+	SAFE_FREE(printer);
+}
+
+void free_printer_info_2(PRINTER_INFO_2 *printer)
+{
+	if (printer!=NULL) {
+		free_devmode(printer->devmode);
+		printer->devmode = NULL;
+		SAFE_FREE(printer);
+	}
+}
+
+void free_printer_info_3(PRINTER_INFO_3 *printer)
+{
+	SAFE_FREE(printer);
+}
+
+void free_printer_info_4(PRINTER_INFO_4 *printer)
+{
+	SAFE_FREE(printer);
+}
+
+void free_printer_info_5(PRINTER_INFO_5 *printer)
+{
+	SAFE_FREE(printer);
+}
+
+void free_job_info_2(JOB_INFO_2 *job)
+{
+    if (job!=NULL)
+        free_devmode(job->devmode);
+}
+
+/*******************************************************************
+ * init a structure.
+ ********************************************************************/
+
+BOOL make_spoolss_q_replyopenprinter(SPOOL_Q_REPLYOPENPRINTER *q_u, 
+			       const fstring string, uint32 printer, uint32 type)
+{      
+	if (q_u == NULL)
+		return False;
+
+	init_unistr2(&q_u->string, string, strlen(string)+1);
+
+	q_u->printer=printer;
+	q_u->type=type;
+
+	q_u->unknown0=0x0;
+	q_u->unknown1=0x0;
+
+	return True;
+}
+
+/*******************************************************************
+ Parse a SPOOL_Q_REPLYOPENPRINTER structure.
+********************************************************************/  
+
+BOOL spoolss_io_q_replyopenprinter(char *desc, SPOOL_Q_REPLYOPENPRINTER *q_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_q_replyopenprinter");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_unistr2("", &q_u->string, True, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("printer", ps, depth, &q_u->printer))
+		return False;
+	if(!prs_uint32("type", ps, depth, &q_u->type))
+		return False;
+	
+	if(!prs_uint32("unknown0", ps, depth, &q_u->unknown0))
+		return False;
+	if(!prs_uint32("unknown1", ps, depth, &q_u->unknown1))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Parse a SPOOL_R_REPLYOPENPRINTER structure.
+********************************************************************/  
+
+BOOL spoolss_io_r_replyopenprinter(char *desc, SPOOL_R_REPLYOPENPRINTER *r_u, prs_struct *ps, int depth)
+{		
+	prs_debug(ps, depth, desc, "spoolss_io_r_replyopenprinter");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("printer handle",&r_u->handle,ps,depth))
+		return False;
+
+	if (!prs_werror("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;		
+}
+
+/*******************************************************************
+ * init a structure.
+ ********************************************************************/
+BOOL make_spoolss_q_routerreplyprinter(SPOOL_Q_ROUTERREPLYPRINTER *q_u, POLICY_HND *hnd, 
+					uint32 condition, uint32 change_id)
+{
+
+	memcpy(&q_u->handle, hnd, sizeof(q_u->handle));
+
+	q_u->condition = condition;
+	q_u->change_id = change_id;
+
+	/* magic values */
+	q_u->unknown1 = 0x1;
+	memset(q_u->unknown2, 0x0, 5);
+	q_u->unknown2[0] = 0x1;
+
+	return True;
+}
+
+/*******************************************************************
+ Parse a SPOOL_Q_ROUTERREPLYPRINTER structure.
+********************************************************************/
+BOOL spoolss_io_q_routerreplyprinter (char *desc, SPOOL_Q_ROUTERREPLYPRINTER *q_u, prs_struct *ps, int depth)
+{
+
+	prs_debug(ps, depth, desc, "spoolss_io_q_routerreplyprinter");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("printer handle",&q_u->handle,ps,depth))
+		return False;
+
+	if (!prs_uint32("condition", ps, depth, &q_u->condition))
+		return False;
+
+	if (!prs_uint32("unknown1", ps, depth, &q_u->unknown1))
+		return False;
+
+	if (!prs_uint32("change_id", ps, depth, &q_u->change_id))
+		return False;
+
+	if (!prs_uint8s(False, "private",  ps, depth, q_u->unknown2, 5))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Parse a SPOOL_R_ROUTERREPLYPRINTER structure.
+********************************************************************/
+BOOL spoolss_io_r_routerreplyprinter (char *desc, SPOOL_R_ROUTERREPLYPRINTER *r_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_r_routerreplyprinter");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+
+	if (!prs_werror("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ * init a structure.
+ ********************************************************************/
+
+BOOL make_spoolss_q_reply_closeprinter(SPOOL_Q_REPLYCLOSEPRINTER *q_u, POLICY_HND *hnd)
+{      
+	if (q_u == NULL)
+		return False;
+
+	memcpy(&q_u->handle, hnd, sizeof(q_u->handle));
+
+	return True;
+}
+
+/*******************************************************************
+ Parse a SPOOL_Q_REPLYCLOSEPRINTER structure.
+********************************************************************/  
+
+BOOL spoolss_io_q_replycloseprinter(char *desc, SPOOL_Q_REPLYCLOSEPRINTER *q_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_q_replycloseprinter");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("printer handle",&q_u->handle,ps,depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Parse a SPOOL_R_REPLYCLOSEPRINTER structure.
+********************************************************************/  
+
+BOOL spoolss_io_r_replycloseprinter(char *desc, SPOOL_R_REPLYCLOSEPRINTER *r_u, prs_struct *ps, int depth)
+{		
+	prs_debug(ps, depth, desc, "spoolss_io_r_replycloseprinter");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("printer handle",&r_u->handle,ps,depth))
+		return False;
+
+	if (!prs_werror("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;		
+}
+
+#if 0	/* JERRY - not currently used but could be :-) */
+
+/*******************************************************************
+ Deep copy a SPOOL_NOTIFY_INFO_DATA structure
+ ******************************************************************/
+static BOOL copy_spool_notify_info_data(SPOOL_NOTIFY_INFO_DATA *dst, 
+				SPOOL_NOTIFY_INFO_DATA *src, int n)
+{
+	int i;
+
+	memcpy(dst, src, sizeof(SPOOL_NOTIFY_INFO_DATA)*n);
+	
+	for (i=0; i<n; i++) {
+		int len;
+		uint16 *s = NULL;
+		
+		if (src->size != POINTER) 
+			continue;
+		len = src->notify_data.data.length;
+		s = malloc(sizeof(uint16)*len);
+		if (s == NULL) {
+			DEBUG(0,("copy_spool_notify_info_data: malloc() failed!\n"));
+			return False;
+		}
+		
+		memcpy(s, src->notify_data.data.string, len*2);
+		dst->notify_data.data.string = s;
+	}
+	
+	return True;
+}
+
+/*******************************************************************
+ Deep copy a SPOOL_NOTIFY_INFO structure
+ ******************************************************************/
+static BOOL copy_spool_notify_info(SPOOL_NOTIFY_INFO *dst, SPOOL_NOTIFY_INFO *src)
+{
+	if (!dst) {
+		DEBUG(0,("copy_spool_notify_info: NULL destination pointer!\n"));
+		return False;
+	}
+		
+	dst->version = src->version;
+	dst->flags   = src->flags;
+	dst->count   = src->count;
+	
+	if (dst->count) 
+	{
+		dst->data = malloc(dst->count * sizeof(SPOOL_NOTIFY_INFO_DATA));
+		
+		DEBUG(10,("copy_spool_notify_info: allocating space for [%d] PRINTER_NOTIFY_INFO_DATA entries\n",
+			dst->count));
+
+		if (dst->data == NULL) {
+			DEBUG(0,("copy_spool_notify_info: malloc() failed for [%d] entries!\n", 
+				dst->count));
+			return False;
+		}
+		
+		return (copy_spool_notify_info_data(dst->data, src->data, src->count));
+	}
+	
+	return True;
+}
+#endif	/* JERRY */
+
+/*******************************************************************
+ * init a structure.
+ ********************************************************************/
+
+BOOL make_spoolss_q_reply_rrpcn(SPOOL_Q_REPLY_RRPCN *q_u, POLICY_HND *hnd,
+			        uint32 change_low, uint32 change_high,
+				SPOOL_NOTIFY_INFO *info)
+{      
+	if (q_u == NULL)
+		return False;
+
+	memcpy(&q_u->handle, hnd, sizeof(q_u->handle));
+
+	q_u->change_low=change_low;
+	q_u->change_high=change_high;
+
+	q_u->unknown0=0x0;
+	q_u->unknown1=0x0;
+
+	q_u->info_ptr=0xaddee11e;
+
+	q_u->info.version=2;
+	
+	if (info->count) {
+		DEBUG(10,("make_spoolss_q_reply_rrpcn: [%d] PRINTER_NOTIFY_INFO_DATA\n",
+			info->count));
+		q_u->info.version = info->version;
+		q_u->info.flags   = info->flags;
+		q_u->info.count   = info->count;
+		/* pointer field - be careful! */
+		q_u->info.data    = info->data;
+	}
+	else  {
+	q_u->info.flags=PRINTER_NOTIFY_INFO_DISCARDED;
+	q_u->info.count=0;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ Parse a SPOOL_Q_REPLY_RRPCN structure.
+********************************************************************/  
+
+BOOL spoolss_io_q_reply_rrpcn(char *desc, SPOOL_Q_REPLY_RRPCN *q_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_q_reply_rrpcn");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_pol_hnd("printer handle",&q_u->handle,ps,depth))
+		return False;
+
+	if (!prs_uint32("change_low", ps, depth, &q_u->change_low))
+		return False;
+
+	if (!prs_uint32("change_high", ps, depth, &q_u->change_high))
+		return False;
+
+	if (!prs_uint32("unknown0", ps, depth, &q_u->unknown0))
+		return False;
+
+	if (!prs_uint32("unknown1", ps, depth, &q_u->unknown1))
+		return False;
+
+	if (!prs_uint32("info_ptr", ps, depth, &q_u->info_ptr))
+		return False;
+
+	if(q_u->info_ptr!=0)
+		if(!smb_io_notify_info(desc, &q_u->info, ps, depth))
+			return False;
+		
+	return True;
+}
+
+/*******************************************************************
+ Parse a SPOOL_R_REPLY_RRPCN structure.
+********************************************************************/  
+
+BOOL spoolss_io_r_reply_rrpcn(char *desc, SPOOL_R_REPLY_RRPCN *r_u, prs_struct *ps, int depth)
+{		
+	prs_debug(ps, depth, desc, "spoolss_io_r_reply_rrpcn");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+
+	if (!prs_uint32("unknown0", ps, depth, &r_u->unknown0))
+		return False;
+
+	if (!prs_werror("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;		
+}
+
+/*******************************************************************
+ * read a structure.
+ * called from spoolss_q_getprinterdataex (srv_spoolss.c)
+ ********************************************************************/
+
+BOOL spoolss_io_q_getprinterdataex(char *desc, SPOOL_Q_GETPRINTERDATAEX *q_u, prs_struct *ps, int depth)
+{
+	if (q_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "spoolss_io_q_getprinterdataex");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+	if (!smb_io_pol_hnd("printer handle",&q_u->handle,ps,depth))
+		return False;
+	if (!prs_align(ps))
+		return False;
+	if (!smb_io_unistr2("keyname", &q_u->keyname,True,ps,depth))
+		return False;
+	if (!prs_align(ps))
+		return False;
+	if (!smb_io_unistr2("valuename", &q_u->valuename,True,ps,depth))
+		return False;
+	if (!prs_align(ps))
+		return False;
+	if (!prs_uint32("size", ps, depth, &q_u->size))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ * write a structure.
+ * called from spoolss_r_getprinterdataex (srv_spoolss.c)
+ ********************************************************************/
+
+BOOL spoolss_io_r_getprinterdataex(char *desc, SPOOL_R_GETPRINTERDATAEX *r_u, prs_struct *ps, int depth)
+{
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "spoolss_io_r_getprinterdataex");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+	if (!prs_uint32("type", ps, depth, &r_u->type))
+		return False;
+	if (!prs_uint32("size", ps, depth, &r_u->size))
+		return False;
+	
+	if (!prs_uint8s(False,"data", ps, depth, r_u->data, r_u->size))
+		return False;
+		
+	if (!prs_align(ps))
+		return False;
+	
+	if (!prs_uint32("needed", ps, depth, &r_u->needed))
+		return False;
+	if (!prs_werror("status", ps, depth, &r_u->status))
+		return False;
+		
+	return True;
+}
+
+/*******************************************************************
+ * read a structure.
+ ********************************************************************/  
+
+BOOL spoolss_io_q_setprinterdataex(char *desc, SPOOL_Q_SETPRINTERDATAEX *q_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_q_setprinterdataex");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	if(!smb_io_pol_hnd("printer handle", &q_u->handle, ps, depth))
+		return False;
+	if(!smb_io_unistr2("", &q_u->key, True, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_unistr2("", &q_u->value, True, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("type", ps, depth, &q_u->type))
+		return False;
+
+	if(!prs_uint32("max_len", ps, depth, &q_u->max_len))
+		return False;
+
+	switch (q_u->type)
+	{
+		case 0x1:
+		case 0x3:
+		case 0x4:
+		case 0x7:
+			if (q_u->max_len) {
+				if (UNMARSHALLING(ps))
+    					q_u->data=(uint8 *)prs_alloc_mem(ps, q_u->max_len * sizeof(uint8));
+    				if(q_u->data == NULL)
+    					return False;
+    				if(!prs_uint8s(False,"data", ps, depth, q_u->data, q_u->max_len))
+    					return False;
+			}
+			if(!prs_align(ps))
+				return False;
+			break;
+	}	
+	
+	if(!prs_uint32("real_len", ps, depth, &q_u->real_len))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ * write a structure.
+ ********************************************************************/  
+
+BOOL spoolss_io_r_setprinterdataex(char *desc, SPOOL_R_SETPRINTERDATAEX *r_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_r_setprinterdataex");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	if(!prs_werror("status",     ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+
+/*******************************************************************
+ * read a structure.
+ ********************************************************************/  
+
+BOOL spoolss_io_q_enumprinterkey(char *desc, SPOOL_Q_ENUMPRINTERKEY *q_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_q_enumprinterkey");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	if(!smb_io_pol_hnd("printer handle", &q_u->handle, ps, depth))
+		return False;
+		
+	if(!smb_io_unistr2("", &q_u->key, True, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint32("size", ps, depth, &q_u->size))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ * write a structure.
+ ********************************************************************/  
+
+BOOL spoolss_io_r_enumprinterkey(char *desc, SPOOL_R_ENUMPRINTERKEY *r_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_r_enumprinterkey");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if (!smb_io_buffer5("", &r_u->keys, ps, depth))
+		return False;
+	
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("needed",     ps, depth, &r_u->needed))
+		return False;
+
+	if(!prs_werror("status",     ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+
+/*******************************************************************
+ * read a structure.
+ ********************************************************************/  
+
+BOOL spoolss_io_q_enumprinterdataex(char *desc, SPOOL_Q_ENUMPRINTERDATAEX *q_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_q_enumprinterdataex");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	if(!smb_io_pol_hnd("printer handle", &q_u->handle, ps, depth))
+		return False;
+		
+	if(!smb_io_unistr2("", &q_u->key, True, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint32("size", ps, depth, &q_u->size))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+static BOOL spoolss_io_printer_enum_values_ctr(char *desc, prs_struct *ps, 
+				PRINTER_ENUM_VALUES_CTR *ctr, int depth)
+{
+	int 	i;
+	uint32	valuename_offset,
+		data_offset,
+		current_offset;
+	const uint32 basic_unit = 20; /* size of static portion of enum_values */
+	
+	prs_debug(ps, depth, desc, "spoolss_io_printer_enum_values_ctr");
+	depth++;	
+	
+	if (!prs_uint32("size", ps, depth, &ctr->size))
+		return False;
+	
+	/* offset data begins at 20 bytes per structure * size_of_array.
+	   Don't forget the uint32 at the beginning */
+	
+	current_offset = basic_unit * ctr->size_of_array;
+	
+	/* first loop to write basic enum_value information */
+	
+	for (i=0; i<ctr->size_of_array; i++) 
+	{
+		valuename_offset = current_offset;
+		if (!prs_uint32("valuename_offset", ps, depth, &valuename_offset))
+			return False;
+
+		if (!prs_uint32("value_len", ps, depth, &ctr->values[i].value_len))
+			return False;
+	
+		if (!prs_uint32("type", ps, depth, &ctr->values[i].type))
+			return False;
+	
+		data_offset = ctr->values[i].value_len + valuename_offset;
+		if (!prs_uint32("data_offset", ps, depth, &data_offset))
+			return False;
+
+		if (!prs_uint32("data_len", ps, depth, &ctr->values[i].data_len))
+			return False;
+			
+		current_offset = data_offset + ctr->values[i].data_len - basic_unit;
+	}
+
+	/* loop #2 for writing the dynamically size objects
+	   while viewing conversations between Win2k -> Win2k,
+	   4-byte alignment does not seem to matter here   --jerry */
+	
+	for (i=0; i<ctr->size_of_array; i++) 
+	{
+	
+		if (!prs_unistr("valuename", ps, depth, &ctr->values[i].valuename))
+			return False;
+		
+		if (!prs_uint8s(False, "data", ps, depth, ctr->values[i].data, ctr->values[i].data_len))
+			return False;
+	}
+
+		
+
+	return True;	
+}
+
+
+/*******************************************************************
+ * write a structure.
+ ********************************************************************/  
+
+BOOL spoolss_io_r_enumprinterdataex(char *desc, SPOOL_R_ENUMPRINTERDATAEX *r_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_r_enumprinterdataex");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+		
+	if (!spoolss_io_printer_enum_values_ctr("", ps, &r_u->ctr, depth ))
+		return False;
+	
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("needed",     ps, depth, &r_u->needed))
+		return False;
+		
+	if(!prs_uint32("returned",   ps, depth, &r_u->returned))
+		return False;
+
+	if(!prs_werror("status",     ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+
+/*******************************************************************
+ * write a structure.
+ ********************************************************************/  
+
+/* 
+   uint32 GetPrintProcessorDirectory(
+       [in] unistr2 *name,
+       [in] unistr2 *environment,
+       [in] uint32 level,
+       [in,out] NEW_BUFFER buffer,
+       [in] uint32 offered,
+       [out] uint32 needed,
+       [out] uint32 returned
+   );
+
+*/
+
+BOOL make_spoolss_q_getprintprocessordirectory(SPOOL_Q_GETPRINTPROCESSORDIRECTORY *q_u, const char *name, char *environment, int level, NEW_BUFFER *buffer, uint32 offered)
+{
+	DEBUG(5,("make_spoolss_q_getprintprocessordirectory\n"));
+
+	init_unistr2(&q_u->name, name, strlen(name)+1);
+	init_unistr2(&q_u->environment, environment, strlen(environment)+1);
+
+	q_u->level = level;
+
+	q_u->buffer = buffer;
+	q_u->offered = offered;
+
+	return True;
+}
+
+BOOL spoolss_io_q_getprintprocessordirectory(char *desc, SPOOL_Q_GETPRINTPROCESSORDIRECTORY *q_u, prs_struct *ps, int depth)
+{
+	uint32 ptr;
+
+	prs_debug(ps, depth, desc, "spoolss_io_q_getprintprocessordirectory");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;	
+
+	if (!prs_uint32("ptr", ps, depth, &ptr)) 
+		return False;
+
+	if (ptr) {
+		if(!smb_io_unistr2("name", &q_u->name, True, ps, depth))
+			return False;
+	}
+
+	if (!prs_align(ps))
+		return False;
+
+	if (!prs_uint32("ptr", ps, depth, &ptr))
+		return False;
+
+	if (ptr) {
+		if(!smb_io_unistr2("environment", &q_u->environment, True, 
+				   ps, depth))
+			return False;
+	}
+
+	if (!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("level",   ps, depth, &q_u->level))
+		return False;
+
+	if(!spoolss_io_buffer("", ps, depth, &q_u->buffer))
+		return False;
+	
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("offered", ps, depth, &q_u->offered))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ * write a structure.
+ ********************************************************************/  
+
+BOOL spoolss_io_r_getprintprocessordirectory(char *desc, SPOOL_R_GETPRINTPROCESSORDIRECTORY *r_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_r_getprintprocessordirectory");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!spoolss_io_buffer("", ps, depth, &r_u->buffer))
+		return False;
+	
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("needed",     ps, depth, &r_u->needed))
+		return False;
+		
+	if(!prs_werror("status",     ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+BOOL smb_io_printprocessordirectory_1(char *desc, NEW_BUFFER *buffer, PRINTPROCESSOR_DIRECTORY_1 *info, int depth)
+{
+	prs_struct *ps=&buffer->prs;
+
+	prs_debug(ps, depth, desc, "smb_io_printprocessordirectory_1");
+	depth++;
+
+	buffer->struct_start=prs_offset(ps);
+
+	if (!smb_io_unistr(desc, &info->name, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ * init a structure.
+ ********************************************************************/
+
+BOOL make_spoolss_q_addform(SPOOL_Q_ADDFORM *q_u, POLICY_HND *handle, 
+			    int level, FORM *form)
+{
+	memcpy(&q_u->handle, handle, sizeof(POLICY_HND));
+	q_u->level = level;
+	q_u->level2 = level;
+	memcpy(&q_u->form, form, sizeof(FORM));
+
+	return True;
+}
+
+/*******************************************************************
+ * init a structure.
+ ********************************************************************/
+
+BOOL make_spoolss_q_setform(SPOOL_Q_SETFORM *q_u, POLICY_HND *handle, 
+			    int level, char *form_name, FORM *form)
+{
+	memcpy(&q_u->handle, handle, sizeof(POLICY_HND));
+	q_u->level = level;
+	q_u->level2 = level;
+	memcpy(&q_u->form, form, sizeof(FORM));
+	init_unistr2(&q_u->name, form_name, strlen(form_name) + 1);
+
+	return True;
+}
+
+/*******************************************************************
+ * init a structure.
+ ********************************************************************/
+
+BOOL make_spoolss_q_deleteform(SPOOL_Q_DELETEFORM *q_u, POLICY_HND *handle, char *form)
+{
+	memcpy(&q_u->handle, handle, sizeof(POLICY_HND));
+	init_unistr2(&q_u->name, form, strlen(form) + 1);
+	return True;
+}
+
+/*******************************************************************
+ * init a structure.
+ ********************************************************************/
+
+BOOL make_spoolss_q_getform(SPOOL_Q_GETFORM *q_u, POLICY_HND *handle, 
+                            char *formname, uint32 level, NEW_BUFFER *buffer,
+			    uint32 offered)
+{
+        memcpy(&q_u->handle, handle, sizeof(POLICY_HND));
+        q_u->level = level;
+        init_unistr2(&q_u->formname, formname, strlen(formname) + 1);
+        q_u->buffer=buffer;
+        q_u->offered=offered;
+
+        return True;
+}
+
+/*******************************************************************
+ * init a structure.
+ ********************************************************************/
+
+BOOL make_spoolss_q_enumforms(SPOOL_Q_ENUMFORMS *q_u, POLICY_HND *handle, 
+			      uint32 level, NEW_BUFFER *buffer,
+			      uint32 offered)
+{
+        memcpy(&q_u->handle, handle, sizeof(POLICY_HND));
+        q_u->level = level;
+        q_u->buffer=buffer;
+        q_u->offered=offered;
+
+	return True;
+}
diff --git a/source3/rpc_parse/parse_srv.c b/source3/rpc_parse/parse_srv.c
new file mode 100644
index 0000000000..9c9d5f1e9c
--- /dev/null
+++ b/source3/rpc_parse/parse_srv.c
@@ -0,0 +1,2909 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell              1992-1997,
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
+ *  Copyright (C) Paul Ashton                       1997.
+ *  Copyright (C) Jeremy Allison		    1999.
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+/*******************************************************************
+ Inits a SH_INFO_1_STR structure
+********************************************************************/
+
+void init_srv_share_info1_str(SH_INFO_1_STR *sh1, char *net_name, char *remark)
+{
+	DEBUG(5,("init_srv_share_info1_str\n"));
+
+	init_unistr2(&sh1->uni_netname, net_name, strlen(net_name)+1);
+	init_unistr2(&sh1->uni_remark, remark, strlen(remark)+1);
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+static BOOL srv_io_share_info1_str(char *desc, SH_INFO_1_STR *sh1, prs_struct *ps, int depth)
+{
+	if (sh1 == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_share_info1_str");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	if(!smb_io_unistr2("", &sh1->uni_netname, True, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+	if(!smb_io_unistr2("", &sh1->uni_remark, True, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ makes a SH_INFO_1 structure
+********************************************************************/
+
+void init_srv_share_info1(SH_INFO_1 *sh1, char *net_name, uint32 type, char *remark)
+{
+	DEBUG(5,("init_srv_share_info1: %s %8x %s\n", net_name, type, remark));
+
+	sh1->ptr_netname = (net_name != NULL) ? 1 : 0;
+	sh1->type        = type;
+	sh1->ptr_remark  = (remark != NULL) ? 1 : 0;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+static BOOL srv_io_share_info1(char *desc, SH_INFO_1 *sh1, prs_struct *ps, int depth)
+{
+	if (sh1 == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_share_info1");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_netname", ps, depth, &sh1->ptr_netname))
+		return False;
+	if(!prs_uint32("type       ", ps, depth, &sh1->type))
+		return False;
+	if(!prs_uint32("ptr_remark ", ps, depth, &sh1->ptr_remark))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a SH_INFO_2_STR structure
+********************************************************************/
+
+void init_srv_share_info2_str(SH_INFO_2_STR *sh2,
+				char *net_name, char *remark,
+				char *path, char *passwd)
+{
+	DEBUG(5,("init_srv_share_info2_str\n"));
+
+	init_unistr2(&sh2->uni_netname, net_name, strlen(net_name)+1);
+	init_unistr2(&sh2->uni_remark, remark, strlen(remark)+1);
+	init_unistr2(&sh2->uni_path, path, strlen(path)+1);
+	init_unistr2(&sh2->uni_passwd, passwd, strlen(passwd)+1);
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+static BOOL srv_io_share_info2_str(char *desc, SH_INFO_2 *sh, SH_INFO_2_STR *sh2, prs_struct *ps, int depth)
+{
+	if (sh2 == NULL)
+		return False;
+
+	if (UNMARSHALLING(ps))
+		ZERO_STRUCTP(sh2);
+
+	prs_debug(ps, depth, desc, "srv_io_share_info2_str");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	if (sh->ptr_netname)
+		if(!smb_io_unistr2("", &sh2->uni_netname, True, ps, depth))
+			return False;
+
+	if (sh->ptr_remark)
+		if(!smb_io_unistr2("", &sh2->uni_remark, True, ps, depth))
+			return False;
+
+	if (sh->ptr_netname)
+		if(!smb_io_unistr2("", &sh2->uni_path, True, ps, depth))
+			return False;
+
+	if (sh->ptr_passwd)
+		if(!smb_io_unistr2("", &sh2->uni_passwd, True, ps, depth))
+			return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a SH_INFO_2 structure
+********************************************************************/
+
+void init_srv_share_info2(SH_INFO_2 *sh2,
+				char *net_name, uint32 type, char *remark,
+				uint32 perms, uint32 max_uses, uint32 num_uses,
+				char *path, char *passwd)
+{
+	DEBUG(5,("init_srv_share_info2: %s %8x %s\n", net_name, type, remark));
+
+	sh2->ptr_netname = (net_name != NULL) ? 1 : 0;
+	sh2->type        = type;
+	sh2->ptr_remark  = (remark != NULL) ? 1 : 0;
+	sh2->perms       = perms;
+	sh2->max_uses    = max_uses;
+	sh2->num_uses    = num_uses;
+	sh2->type        = type;
+	sh2->ptr_path    = (path != NULL) ? 1 : 0;
+	sh2->ptr_passwd  = (passwd != NULL) ? 1 : 0;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+static BOOL srv_io_share_info2(char *desc, SH_INFO_2 *sh2, prs_struct *ps, int depth)
+{
+	if (sh2 == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_share_info2");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_netname", ps, depth, &sh2->ptr_netname))
+		return False;
+	if(!prs_uint32("type       ", ps, depth, &sh2->type))
+		return False;
+	if(!prs_uint32("ptr_remark ", ps, depth, &sh2->ptr_remark))
+		return False;
+	if(!prs_uint32("perms      ", ps, depth, &sh2->perms))
+		return False;
+	if(!prs_uint32("max_uses   ", ps, depth, &sh2->max_uses))
+		return False;
+	if(!prs_uint32("num_uses   ", ps, depth, &sh2->num_uses))
+		return False;
+	if(!prs_uint32("ptr_path   ", ps, depth, &sh2->ptr_path))
+		return False;
+	if(!prs_uint32("ptr_passwd ", ps, depth, &sh2->ptr_passwd))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a SH_INFO_2 structure
+*******************************************************************/
+
+void init_srv_share_info501(SH_INFO_501 *sh501, char *net_name, uint32 type, char *remark, uint32 csc_policy)
+{
+	DEBUG(5,("init_srv_share_info501: %s %8x %s %08x\n", net_name, type,
+		remark, csc_policy));
+
+	ZERO_STRUCTP(sh501);
+
+	sh501->ptr_netname = (net_name != NULL) ? 1 : 0;
+	sh501->type = type;
+	sh501->ptr_remark = (remark != NULL) ? 1 : 0;
+	sh501->csc_policy = csc_policy;
+}
+
+/*******************************************************************
+ Reads of writes a structure.
+*******************************************************************/
+
+static BOOL srv_io_share_info501(char *desc, SH_INFO_501 *sh501, prs_struct *ps, int depth)
+{
+	if (sh501 == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_share_info501");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+
+	if (!prs_uint32("ptr_netname", ps, depth, &sh501->ptr_netname))
+		return False;
+	if (!prs_uint32("type     ", ps, depth, &sh501->type))
+		return False;
+	if (!prs_uint32("ptr_remark ", ps, depth, &sh501->ptr_remark))
+		return False;
+	if (!prs_uint32("csc_policy ", ps, depth, &sh501->csc_policy))
+		return False;
+
+	return True;
+}
+
+/********************************************************************
+ Inits a SH_INFO_501_STR structure
+********************************************************************/
+
+void init_srv_share_info501_str(SH_INFO_501_STR *sh501, char *net_name, char *remark)
+{
+	DEBUG(5,("init_srv_share_info501_str\n"));
+
+	init_unistr2(&sh501->uni_netname, net_name, strlen(net_name)+1);
+	init_unistr2(&sh501->uni_remark, remark, strlen(remark)+1);
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+static BOOL srv_io_share_info501_str(char *desc, SH_INFO_501_STR *sh501, prs_struct *ps, int depth)
+{
+	if (sh501 == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_share_info501_str");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	if(!smb_io_unistr2("", &sh501->uni_netname, True, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+	if(!smb_io_unistr2("", &sh501->uni_remark, True, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a SH_INFO_502 structure
+********************************************************************/
+
+void init_srv_share_info502(SH_INFO_502 *sh502,
+				char *net_name, uint32 type, char *remark,
+				uint32 perms, uint32 max_uses, uint32 num_uses,
+				char *path, char *passwd, SEC_DESC *psd, size_t sd_size)
+{
+	DEBUG(5,("init_srv_share_info502: %s %8x %s\n", net_name, type, remark));
+
+	ZERO_STRUCTP(sh502);
+
+	sh502->ptr_netname = (net_name != NULL) ? 1 : 0;
+	sh502->type        = type;
+	sh502->ptr_remark  = (remark != NULL) ? 1 : 0;
+	sh502->perms       = perms;
+	sh502->max_uses    = max_uses;
+	sh502->num_uses    = num_uses;
+	sh502->type        = type;
+	sh502->ptr_path    = (path != NULL) ? 1 : 0;
+	sh502->ptr_passwd  = (passwd != NULL) ? 1 : 0;
+	sh502->sd_size     = (uint32)sd_size;
+	sh502->ptr_sd      = (psd != NULL) ? 1 : 0;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+static BOOL srv_io_share_info502(char *desc, SH_INFO_502 *sh502, prs_struct *ps, int depth)
+{
+	if (sh502 == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_share_info502");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_netname", ps, depth, &sh502->ptr_netname))
+		return False;
+	if(!prs_uint32("type       ", ps, depth, &sh502->type))
+		return False;
+	if(!prs_uint32("ptr_remark ", ps, depth, &sh502->ptr_remark))
+		return False;
+	if(!prs_uint32("perms      ", ps, depth, &sh502->perms))
+		return False;
+	if(!prs_uint32("max_uses   ", ps, depth, &sh502->max_uses))
+		return False;
+	if(!prs_uint32("num_uses   ", ps, depth, &sh502->num_uses))
+		return False;
+	if(!prs_uint32("ptr_path   ", ps, depth, &sh502->ptr_path))
+		return False;
+	if(!prs_uint32("ptr_passwd ", ps, depth, &sh502->ptr_passwd))
+		return False;
+	if(!prs_uint32("sd_size    ", ps, depth, &sh502->sd_size))
+		return False;
+	if(!prs_uint32("ptr_sd     ", ps, depth, &sh502->ptr_sd))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a SH_INFO_502_STR structure
+********************************************************************/
+
+void init_srv_share_info502_str(SH_INFO_502_STR *sh502str,
+				SH_INFO_502 *ptrs,
+				char *net_name, char *remark,
+				char *path, char *passwd, SEC_DESC *psd, size_t sd_size)
+{
+	DEBUG(5,("init_srv_share_info502_str\n"));
+
+	sh502str->ptrs = ptrs;
+
+	if(sh502str->ptrs->ptr_netname)
+		init_unistr2(&sh502str->uni_netname, net_name, strlen(net_name)+1);
+	if(sh502str->ptrs->ptr_remark)
+		init_unistr2(&sh502str->uni_remark, remark, strlen(remark)+1);
+	if(sh502str->ptrs->ptr_path)
+		init_unistr2(&sh502str->uni_path, path, strlen(path)+1);
+	if(sh502str->ptrs->ptr_passwd)
+		init_unistr2(&sh502str->uni_passwd, passwd, strlen(passwd)+1);
+	if(sh502str->ptrs->ptr_sd) {
+		sh502str->sd = psd;
+		sh502str->sd_size = sd_size;
+	}
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+static BOOL srv_io_share_info502_str(char *desc, SH_INFO_502_STR *sh502, prs_struct *ps, int depth)
+{
+	if (sh502 == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_share_info502_str");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(sh502->ptrs->ptr_netname) {
+		if(!smb_io_unistr2("", &sh502->uni_netname, True, ps, depth))
+			return False;
+	}
+
+	if(!prs_align(ps))
+		return False;
+
+	if(sh502->ptrs->ptr_remark) {
+		if(!smb_io_unistr2("", &sh502->uni_remark, True, ps, depth))
+			return False;
+	}
+
+	if(!prs_align(ps))
+		return False;
+
+	if(sh502->ptrs->ptr_path) {
+		if(!smb_io_unistr2("", &sh502->uni_path, True, ps, depth))
+			return False;
+	}
+
+	if(!prs_align(ps))
+		return False;
+
+	if(sh502->ptrs->ptr_passwd) {
+		if(!smb_io_unistr2("", &sh502->uni_passwd, True, ps, depth))
+			return False;
+	}
+
+	if(!prs_align(ps))
+		return False;
+
+	if(sh502->ptrs->ptr_sd) {
+		if(!prs_uint32("sd_size   ", ps, depth, &sh502->sd_size))
+			return False;
+		if (!sec_io_desc(desc, &sh502->sd, ps, depth))
+			return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+static BOOL srv_io_share_info1005(char* desc, SRV_SHARE_INFO_1005* sh1005,
+				  prs_struct* ps, int depth)
+{
+	if(sh1005 == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_share_info1005");
+		depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("dfs_root_flag", ps, depth, &sh1005->dfs_root_flag))
+		return False;
+
+	return True;
+}   
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+static BOOL srv_io_share_info1501(char* desc, SRV_SHARE_INFO_1501* sh1501,
+				  prs_struct* ps, int depth)
+{
+	if(sh1501 == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_share_info1501");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if (!sec_io_desc_buf(desc, &sh1501->sdb, ps, depth))
+		return False;
+
+	return True;
+}   
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+static BOOL srv_io_srv_share_ctr(char *desc, SRV_SHARE_INFO_CTR *ctr, prs_struct *ps, int depth)
+{
+	if (ctr == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_srv_share_ctr");
+	depth++;
+
+	if (UNMARSHALLING(ps)) {
+		memset(ctr, '\0', sizeof(SRV_SHARE_INFO_CTR));
+	}
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("info_level", ps, depth, &ctr->info_level))
+		return False;
+
+	if (ctr->info_level == 0)
+		return True;
+
+	if(!prs_uint32("switch_value", ps, depth, &ctr->switch_value))
+		return False;
+	if(!prs_uint32("ptr_share_info", ps, depth, &ctr->ptr_share_info))
+		return False;
+
+	if (ctr->ptr_share_info == 0)
+		return True;
+
+	if(!prs_uint32("num_entries", ps, depth, &ctr->num_entries))
+		return False;
+	if(!prs_uint32("ptr_entries", ps, depth, &ctr->ptr_entries))
+		return False;
+
+	if (ctr->ptr_entries == 0) {
+		if (ctr->num_entries == 0)
+			return True;
+		else
+			return False;
+	}
+
+	if(!prs_uint32("num_entries2", ps, depth, &ctr->num_entries2))
+		return False;
+
+	if (ctr->num_entries2 != ctr->num_entries)
+		return False;
+
+	switch (ctr->switch_value) {
+	case 1:
+	{
+		SRV_SHARE_INFO_1 *info1 = ctr->share.info1;
+		int num_entries = ctr->num_entries;
+		int i;
+
+		if (UNMARSHALLING(ps)) {
+			if (!(info1 = (SRV_SHARE_INFO_1 *)prs_alloc_mem(ps, num_entries * sizeof(SRV_SHARE_INFO_1))))
+				return False;
+			ctr->share.info1 = info1;
+		}
+
+		for (i = 0; i < num_entries; i++) {
+			if(!srv_io_share_info1("", &info1[i].info_1, ps, depth))
+				return False;
+		}
+
+		for (i = 0; i < num_entries; i++) {
+			if(!srv_io_share_info1_str("", &info1[i].info_1_str, ps, depth))
+				return False;
+		}
+
+		break;
+	}
+
+	case 2:
+	{
+		SRV_SHARE_INFO_2 *info2 = ctr->share.info2;
+		int num_entries = ctr->num_entries;
+		int i;
+
+		if (UNMARSHALLING(ps)) {
+			if (!(info2 = (SRV_SHARE_INFO_2 *)prs_alloc_mem(ps,num_entries * sizeof(SRV_SHARE_INFO_2))))
+				return False;
+			ctr->share.info2 = info2;
+		}
+
+		for (i = 0; i < num_entries; i++) {
+			if(!srv_io_share_info2("", &info2[i].info_2, ps, depth))
+				return False;
+		}
+
+		for (i = 0; i < num_entries; i++) {
+			if(!srv_io_share_info2_str("", &info2[i].info_2, &info2[i].info_2_str, ps, depth))
+				return False;
+		}
+
+		break;
+	}
+
+	case 501:
+	{
+		SRV_SHARE_INFO_501 *info501 = ctr->share.info501;
+		int num_entries = ctr->num_entries;
+		int i;
+
+		if (UNMARSHALLING(ps)) {
+			if (!(info501 = (SRV_SHARE_INFO_501 *) prs_alloc_mem(ps, num_entries *
+					sizeof (SRV_SHARE_INFO_501))))
+				return False;
+			ctr->share.info501 = info501;
+		}
+
+		for (i = 0; i < num_entries; i++) {
+			if (!srv_io_share_info501("", &info501[i].info_501, ps, depth))
+				return False;
+		}
+
+		for (i = 0; i < num_entries; i++) {
+			if (!srv_io_share_info501_str("", &info501[i].info_501_str, ps, depth))
+				return False;
+		}
+
+		break;
+	}
+
+	case 502:
+	{
+		SRV_SHARE_INFO_502 *info502 = ctr->share.info502;
+		int num_entries = ctr->num_entries;
+		int i;
+
+		if (UNMARSHALLING(ps)) {
+			if (!(info502 = (SRV_SHARE_INFO_502 *)prs_alloc_mem(ps,num_entries * sizeof(SRV_SHARE_INFO_502))))
+				return False;
+			ctr->share.info502 = info502;
+		}
+
+		for (i = 0; i < num_entries; i++) {
+			if(!srv_io_share_info502("", &info502[i].info_502, ps, depth))
+				return False;
+		}
+
+		for (i = 0; i < num_entries; i++) {
+			info502[i].info_502_str.ptrs = &info502[i].info_502;
+			if(!srv_io_share_info502_str("", &info502[i].info_502_str, ps, depth))
+				return False;
+		}
+
+		break;
+	}
+
+	default:
+		DEBUG(5,("%s no share info at switch_value %d\n",
+			 tab_depth(depth), ctr->switch_value));
+		break;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a SRV_Q_NET_SHARE_ENUM structure.
+********************************************************************/
+
+void init_srv_q_net_share_enum(SRV_Q_NET_SHARE_ENUM *q_n, 
+				char *srv_name, uint32 info_level,
+				uint32 preferred_len, ENUM_HND *hnd)
+{
+
+	DEBUG(5,("init_q_net_share_enum\n"));
+
+	init_buf_unistr2(&q_n->uni_srv_name, &q_n->ptr_srv_name, srv_name);
+
+	q_n->ctr.info_level = q_n->ctr.switch_value = info_level;
+	q_n->ctr.ptr_share_info = 0;
+	q_n->preferred_len = preferred_len;
+
+	memcpy(&q_n->enum_hnd, hnd, sizeof(*hnd));
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL srv_io_q_net_share_enum(char *desc, SRV_Q_NET_SHARE_ENUM *q_n, prs_struct *ps, int depth)
+{
+	if (q_n == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_q_net_share_enum");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_srv_name", ps, depth, &q_n->ptr_srv_name))
+		return False;
+	if(!smb_io_unistr2("", &q_n->uni_srv_name, True, ps, depth))
+		return False;
+
+	if(!srv_io_srv_share_ctr("share_ctr", &q_n->ctr, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("preferred_len", ps, depth, &q_n->preferred_len))
+		return False;
+
+	if(!smb_io_enum_hnd("enum_hnd", &q_n->enum_hnd, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL srv_io_r_net_share_enum(char *desc, SRV_R_NET_SHARE_ENUM *r_n, prs_struct *ps, int depth)
+{
+	if (r_n == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_r_net_share_enum");
+	depth++;
+
+	if(!srv_io_srv_share_ctr("share_ctr", &r_n->ctr, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("total_entries", ps, depth, &r_n->total_entries))
+		return False;
+	if(!smb_io_enum_hnd("enum_hnd", &r_n->enum_hnd, ps, depth))
+		return False;
+	if(!prs_werror("status", ps, depth, &r_n->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL srv_io_q_net_share_get_info(char *desc, SRV_Q_NET_SHARE_GET_INFO *q_n, prs_struct *ps, int depth)
+{
+	if (q_n == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_q_net_share_get_info");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_srv_name", ps, depth, &q_n->ptr_srv_name))
+		return False;
+	if(!smb_io_unistr2("", &q_n->uni_srv_name, True, ps, depth))
+		return False;
+
+	if(!smb_io_unistr2("", &q_n->uni_share_name, True, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("info_level", ps, depth, &q_n->info_level))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+static BOOL srv_io_srv_share_info(char *desc, prs_struct *ps, int depth, SRV_SHARE_INFO *r_n)
+{
+	if (r_n == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_srv_share_info");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("switch_value ", ps, depth, &r_n->switch_value ))
+		return False;
+
+	if(!prs_uint32("ptr_share_ctr", ps, depth, &r_n->ptr_share_ctr))
+		return False;
+
+	if (r_n->ptr_share_ctr != 0) {
+		switch (r_n->switch_value) {
+		case 1:
+			if(!srv_io_share_info1("", &r_n->share.info1.info_1, ps, depth))
+				return False;
+
+			if(!srv_io_share_info1_str("", &r_n->share.info1.info_1_str, ps, depth))
+				return False;
+
+			break;
+		case 2:
+			if(!srv_io_share_info2("", &r_n->share.info2.info_2, ps, depth))
+				return False;
+
+			if(!srv_io_share_info2_str("", &r_n->share.info2.info_2, &r_n->share.info2.info_2_str, ps, depth))
+				return False;
+
+			break;
+		case 501:
+			if (!srv_io_share_info501("", &r_n->share.info501.info_501, ps, depth))
+				return False;
+			if (!srv_io_share_info501_str("", &r_n->share.info501.info_501_str, ps, depth))
+				return False;
+			break;
+
+		case 502:
+			if(!srv_io_share_info502("", &r_n->share.info502.info_502, ps, depth))
+				return False;
+
+			/*allow access to pointers in the str part. */
+			r_n->share.info502.info_502_str.ptrs = &r_n->share.info502.info_502;
+
+			if(!srv_io_share_info502_str("", &r_n->share.info502.info_502_str, ps, depth))
+				return False;
+			break;
+		case 1005:
+			if(!srv_io_share_info1005("", &r_n->share.info1005, ps, depth))
+				return False;  		
+			break;
+		case 1501:
+			if (!srv_io_share_info1501("", &r_n->share.info1501, ps, depth))
+				return False;
+		default:
+		        DEBUG(5,("%s no share info at switch_value %d\n",
+			         tab_depth(depth), r_n->switch_value));
+			break;
+		}
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL srv_io_r_net_share_get_info(char *desc, SRV_R_NET_SHARE_GET_INFO *r_n, prs_struct *ps, int depth)
+{
+	if (r_n == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_r_net_share_get_info");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!srv_io_srv_share_info("info  ", ps, depth, &r_n->info))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_werror("status", ps, depth, &r_n->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL srv_io_q_net_share_set_info(char *desc, SRV_Q_NET_SHARE_SET_INFO *q_n, prs_struct *ps, int depth)
+{
+	if (q_n == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_q_net_share_set_info");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_srv_name", ps, depth, &q_n->ptr_srv_name))
+		return False;
+	if(!smb_io_unistr2("", &q_n->uni_srv_name, True, ps, depth))
+		return False;
+
+	if(!smb_io_unistr2("", &q_n->uni_share_name, True, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("info_level", ps, depth, &q_n->info_level))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!srv_io_srv_share_info("info  ", ps, depth, &q_n->info))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL srv_io_r_net_share_set_info(char *desc, SRV_R_NET_SHARE_SET_INFO *q_n, prs_struct *ps, int depth)
+{
+	if (q_n == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_r_net_share_set_info");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("switch_value  ", ps, depth, &q_n->switch_value))
+		return False;
+	if(!prs_werror("status", ps, depth, &q_n->status))
+		return False;
+
+	return True;
+}	
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL srv_io_q_net_share_add(char *desc, SRV_Q_NET_SHARE_ADD *q_n, prs_struct *ps, int depth)
+{
+	if (q_n == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_q_net_share_add");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_srv_name", ps, depth, &q_n->ptr_srv_name))
+		return False;
+	if(!smb_io_unistr2("", &q_n->uni_srv_name, True, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("info_level", ps, depth, &q_n->info_level))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!srv_io_srv_share_info("info  ", ps, depth, &q_n->info))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL srv_io_r_net_share_add(char *desc, SRV_R_NET_SHARE_ADD *q_n, prs_struct *ps, int depth)
+{
+	if (q_n == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_r_net_share_add");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("switch_value  ", ps, depth, &q_n->switch_value))
+		return False;
+	if(!prs_werror("status", ps, depth, &q_n->status))
+		return False;
+
+	return True;
+}	
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL srv_io_q_net_share_del(char *desc, SRV_Q_NET_SHARE_DEL *q_n, prs_struct *ps, int depth)
+{
+	if (q_n == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_q_net_share_del");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_srv_name", ps, depth, &q_n->ptr_srv_name))
+		return False;
+	if(!smb_io_unistr2("", &q_n->uni_srv_name, True, ps, depth))
+		return False;
+
+	if(!smb_io_unistr2("", &q_n->uni_share_name, True, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL srv_io_r_net_share_del(char *desc, SRV_R_NET_SHARE_DEL *q_n, prs_struct *ps, int depth)
+{
+	if (q_n == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_r_net_share_del");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_werror("status", ps, depth, &q_n->status))
+		return False;
+
+	return True;
+}	
+
+/*******************************************************************
+ Inits a SESS_INFO_0_STR structure
+********************************************************************/
+
+void init_srv_sess_info0_str(SESS_INFO_0_STR *ss0, char *name)
+{
+	DEBUG(5,("init_srv_sess_info0_str\n"));
+
+	init_unistr2(&ss0->uni_name, name, strlen(name)+1);
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+static BOOL srv_io_sess_info0_str(char *desc,  SESS_INFO_0_STR *ss0, prs_struct *ps, int depth)
+{
+	if (ss0 == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_sess_info0_str");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_unistr2("", &ss0->uni_name, True, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a SESS_INFO_0 structure
+********************************************************************/
+
+void init_srv_sess_info0(SESS_INFO_0 *ss0, char *name)
+{
+	DEBUG(5,("init_srv_sess_info0: %s\n", name));
+
+	ss0->ptr_name = (name != NULL) ? 1 : 0;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+static BOOL srv_io_sess_info0(char *desc, SESS_INFO_0 *ss0, prs_struct *ps, int depth)
+{
+	if (ss0 == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_sess_info0");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_name", ps, depth, &ss0->ptr_name))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+static BOOL srv_io_srv_sess_info_0(char *desc, SRV_SESS_INFO_0 *ss0, prs_struct *ps, int depth)
+{
+	if (ss0 == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_srv_sess_info_0");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("num_entries_read", ps, depth, &ss0->num_entries_read))
+		return False;
+	if(!prs_uint32("ptr_sess_info", ps, depth, &ss0->ptr_sess_info))
+		return False;
+
+	if (ss0->ptr_sess_info != 0) {
+		int i;
+		int num_entries = ss0->num_entries_read;
+
+		if (num_entries > MAX_SESS_ENTRIES) {
+			num_entries = MAX_SESS_ENTRIES; /* report this! */
+		}
+
+		if(!prs_uint32("num_entries_read2", ps, depth, &ss0->num_entries_read2))
+			return False;
+
+		SMB_ASSERT_ARRAY(ss0->info_0, num_entries);
+
+		for (i = 0; i < num_entries; i++) {
+			if(!srv_io_sess_info0("", &ss0->info_0[i], ps, depth))
+				return False;
+		}
+
+		for (i = 0; i < num_entries; i++) {
+			if(!srv_io_sess_info0_str("", &ss0->info_0_str[i], ps, depth))
+				return False;
+		}
+
+		if(!prs_align(ps))
+			return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a SESS_INFO_1_STR structure
+********************************************************************/
+
+void init_srv_sess_info1_str(SESS_INFO_1_STR *ss1, char *name, char *user)
+{
+	DEBUG(5,("init_srv_sess_info1_str\n"));
+
+	init_unistr2(&ss1->uni_name, name, strlen(name)+1);
+	init_unistr2(&ss1->uni_user, name, strlen(user)+1);
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+static BOOL srv_io_sess_info1_str(char *desc, SESS_INFO_1_STR *ss1, prs_struct *ps, int depth)
+{
+	if (ss1 == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_sess_info1_str");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_unistr2("", &ss1->uni_name, True, ps, depth))
+		return False;
+	if(!smb_io_unistr2("", &(ss1->uni_user), True, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a SESS_INFO_1 structure
+********************************************************************/
+
+void init_srv_sess_info1(SESS_INFO_1 *ss1, 
+				char *name, char *user,
+				uint32 num_opens, uint32 open_time, uint32 idle_time,
+				uint32 user_flags)
+{
+	DEBUG(5,("init_srv_sess_info1: %s\n", name));
+
+	ss1->ptr_name = (name != NULL) ? 1 : 0;
+	ss1->ptr_user = (user != NULL) ? 1 : 0;
+
+	ss1->num_opens  = num_opens;
+	ss1->open_time  = open_time;
+	ss1->idle_time  = idle_time;
+	ss1->user_flags = user_flags;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+static BOOL srv_io_sess_info1(char *desc, SESS_INFO_1 *ss1, prs_struct *ps, int depth)
+{
+	if (ss1 == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_sess_info1");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_name  ", ps, depth, &ss1->ptr_name))
+		return False;
+	if(!prs_uint32("ptr_user  ", ps, depth, &ss1->ptr_user))
+		return False;
+
+	if(!prs_uint32("num_opens ", ps, depth, &ss1->num_opens))
+		return False;
+	if(!prs_uint32("open_time ", ps, depth, &ss1->open_time))
+		return False;
+	if(!prs_uint32("idle_time ", ps, depth, &ss1->idle_time))
+		return False;
+	if(!prs_uint32("user_flags", ps, depth, &ss1->user_flags))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+static BOOL srv_io_srv_sess_info_1(char *desc, SRV_SESS_INFO_1 *ss1, prs_struct *ps, int depth)
+{
+	if (ss1 == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_srv_sess_info_1");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("num_entries_read", ps, depth, &ss1->num_entries_read))
+		return False;
+	if(!prs_uint32("ptr_sess_info", ps, depth, &ss1->ptr_sess_info))
+		return False;
+
+	if (ss1->ptr_sess_info != 0) {
+		int i;
+		int num_entries = ss1->num_entries_read;
+
+		if (num_entries > MAX_SESS_ENTRIES) {
+			num_entries = MAX_SESS_ENTRIES; /* report this! */
+		}
+
+		if(!prs_uint32("num_entries_read2", ps, depth, &ss1->num_entries_read2))
+			return False;
+
+		SMB_ASSERT_ARRAY(ss1->info_1, num_entries);
+
+		for (i = 0; i < num_entries; i++) {
+			if(!srv_io_sess_info1("", &ss1->info_1[i], ps, depth))
+				return False;
+		}
+
+		for (i = 0; i < num_entries; i++) {
+			if(!srv_io_sess_info1_str("", &ss1->info_1_str[i], ps, depth))
+				return False;
+		}
+
+		if(!prs_align(ps))
+			return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+static BOOL srv_io_srv_sess_ctr(char *desc, SRV_SESS_INFO_CTR **pp_ctr, prs_struct *ps, int depth)
+{
+	SRV_SESS_INFO_CTR *ctr = *pp_ctr;
+
+	prs_debug(ps, depth, desc, "srv_io_srv_sess_ctr");
+	depth++;
+
+	if(UNMARSHALLING(ps)) {
+		ctr = *pp_ctr = (SRV_SESS_INFO_CTR *)prs_alloc_mem(ps, sizeof(SRV_SESS_INFO_CTR));
+		if (ctr == NULL)
+			return False;
+	}
+
+	if (ctr == NULL)
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("switch_value", ps, depth, &ctr->switch_value))
+		return False;
+	if(!prs_uint32("ptr_sess_ctr", ps, depth, &ctr->ptr_sess_ctr))
+		return False;
+
+	if (ctr->ptr_sess_ctr != 0) {
+		switch (ctr->switch_value) {
+		case 0:
+			if(!srv_io_srv_sess_info_0("", &ctr->sess.info0, ps, depth))
+				return False;
+			break;
+		case 1:
+			if(!srv_io_srv_sess_info_1("", &ctr->sess.info1, ps, depth))
+				return False;
+			break;
+		default:
+			DEBUG(5,("%s no session info at switch_value %d\n",
+			         tab_depth(depth), ctr->switch_value));
+			break;
+		}
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a SRV_Q_NET_SESS_ENUM structure.
+********************************************************************/
+
+void init_srv_q_net_sess_enum(SRV_Q_NET_SESS_ENUM *q_n, 
+				char *srv_name, char *qual_name,
+				uint32 sess_level, SRV_SESS_INFO_CTR *ctr,
+				uint32 preferred_len,
+				ENUM_HND *hnd)
+{
+	q_n->ctr = ctr;
+
+	DEBUG(5,("init_q_net_sess_enum\n"));
+
+	init_buf_unistr2(&q_n->uni_srv_name, &q_n->ptr_srv_name, srv_name);
+	init_buf_unistr2(&q_n->uni_qual_name, &q_n->ptr_qual_name, qual_name);
+
+	q_n->sess_level    = sess_level;
+	q_n->preferred_len = preferred_len;
+
+	memcpy(&q_n->enum_hnd, hnd, sizeof(*hnd));
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL srv_io_q_net_sess_enum(char *desc, SRV_Q_NET_SESS_ENUM *q_n, prs_struct *ps, int depth)
+{
+	if (q_n == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_q_net_sess_enum");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_srv_name", ps, depth, &q_n->ptr_srv_name))
+		return False;
+	if(!smb_io_unistr2("", &q_n->uni_srv_name, True, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_qual_name", ps, depth, &q_n->ptr_qual_name))
+		return False;
+	if(!smb_io_unistr2("", &q_n->uni_qual_name, q_n->ptr_qual_name, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("sess_level", ps, depth, &q_n->sess_level))
+		return False;
+	
+	if (q_n->sess_level != -1) {
+		if(!srv_io_srv_sess_ctr("sess_ctr", &q_n->ctr, ps, depth))
+			return False;
+	}
+
+	if(!prs_uint32("preferred_len", ps, depth, &q_n->preferred_len))
+		return False;
+
+	if(!smb_io_enum_hnd("enum_hnd", &q_n->enum_hnd, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL srv_io_r_net_sess_enum(char *desc, SRV_R_NET_SESS_ENUM *r_n, prs_struct *ps, int depth)
+{
+	if (r_n == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_r_net_sess_enum");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("sess_level", ps, depth, &r_n->sess_level))
+		return False;
+
+	if (r_n->sess_level != -1) {
+		if(!srv_io_srv_sess_ctr("sess_ctr", &r_n->ctr, ps, depth))
+			return False;
+	}
+
+	if(!prs_uint32("total_entries", ps, depth, &r_n->total_entries))
+		return False;
+	if(!smb_io_enum_hnd("enum_hnd", &r_n->enum_hnd, ps, depth))
+		return False;
+	if(!prs_werror("status", ps, depth, &r_n->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a CONN_INFO_0 structure
+********************************************************************/
+
+void init_srv_conn_info0(CONN_INFO_0 *ss0, uint32 id)
+{
+	DEBUG(5,("init_srv_conn_info0\n"));
+
+	ss0->id = id;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+static BOOL srv_io_conn_info0(char *desc, CONN_INFO_0 *ss0, prs_struct *ps, int depth)
+{
+	if (ss0 == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_conn_info0");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("id", ps, depth, &ss0->id))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+static BOOL srv_io_srv_conn_info_0(char *desc, SRV_CONN_INFO_0 *ss0, prs_struct *ps, int depth)
+{
+	if (ss0 == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_srv_conn_info_0");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("num_entries_read", ps, depth, &ss0->num_entries_read))
+		return False;
+	if(!prs_uint32("ptr_conn_info", ps, depth, &ss0->ptr_conn_info))
+		return False;
+
+	if (ss0->ptr_conn_info != 0) {
+		int i;
+		int num_entries = ss0->num_entries_read;
+
+		if (num_entries > MAX_CONN_ENTRIES) {
+			num_entries = MAX_CONN_ENTRIES; /* report this! */
+		}
+
+		if(!prs_uint32("num_entries_read2", ps, depth, &ss0->num_entries_read2))
+			return False;
+
+		for (i = 0; i < num_entries; i++) {
+			if(!srv_io_conn_info0("", &ss0->info_0[i], ps, depth))
+				return False;
+		}
+
+		if(!prs_align(ps))
+			return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a CONN_INFO_1_STR structure
+********************************************************************/
+
+void init_srv_conn_info1_str(CONN_INFO_1_STR *ss1, char *usr_name, char *net_name)
+{
+	DEBUG(5,("init_srv_conn_info1_str\n"));
+
+	init_unistr2(&ss1->uni_usr_name, usr_name, strlen(usr_name)+1);
+	init_unistr2(&ss1->uni_net_name, net_name, strlen(net_name)+1);
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+static BOOL srv_io_conn_info1_str(char *desc, CONN_INFO_1_STR *ss1, prs_struct *ps, int depth)
+{
+	if (ss1 == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_conn_info1_str");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_unistr2("", &ss1->uni_usr_name, True, ps, depth))
+		return False;
+	if(!smb_io_unistr2("", &ss1->uni_net_name, True, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a CONN_INFO_1 structure
+********************************************************************/
+
+void init_srv_conn_info1(CONN_INFO_1 *ss1, 
+				uint32 id, uint32 type,
+				uint32 num_opens, uint32 num_users, uint32 open_time,
+				char *usr_name, char *net_name)
+{
+	DEBUG(5,("init_srv_conn_info1: %s %s\n", usr_name, net_name));
+
+	ss1->id        = id       ;
+	ss1->type      = type     ;
+	ss1->num_opens = num_opens ;
+	ss1->num_users = num_users;
+	ss1->open_time = open_time;
+
+	ss1->ptr_usr_name = (usr_name != NULL) ? 1 : 0;
+	ss1->ptr_net_name = (net_name != NULL) ? 1 : 0;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+static BOOL srv_io_conn_info1(char *desc, CONN_INFO_1 *ss1, prs_struct *ps, int depth)
+{
+	if (ss1 == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_conn_info1");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("id          ", ps, depth, &ss1->id))
+		return False;
+	if(!prs_uint32("type        ", ps, depth, &ss1->type))
+		return False;
+	if(!prs_uint32("num_opens   ", ps, depth, &ss1->num_opens))
+		return False;
+	if(!prs_uint32("num_users   ", ps, depth, &ss1->num_users))
+		return False;
+	if(!prs_uint32("open_time   ", ps, depth, &ss1->open_time))
+		return False;
+
+	if(!prs_uint32("ptr_usr_name", ps, depth, &ss1->ptr_usr_name))
+		return False;
+	if(!prs_uint32("ptr_net_name", ps, depth, &ss1->ptr_net_name))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+static BOOL srv_io_srv_conn_info_1(char *desc, SRV_CONN_INFO_1 *ss1, prs_struct *ps, int depth)
+{
+	if (ss1 == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_srv_conn_info_1");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("num_entries_read", ps, depth, &ss1->num_entries_read))
+		return False;
+	if(!prs_uint32("ptr_conn_info", ps, depth, &ss1->ptr_conn_info))
+		return False;
+
+	if (ss1->ptr_conn_info != 0) {
+		int i;
+		int num_entries = ss1->num_entries_read;
+
+		if (num_entries > MAX_CONN_ENTRIES) {
+			num_entries = MAX_CONN_ENTRIES; /* report this! */
+		}
+
+		if(!prs_uint32("num_entries_read2", ps, depth, &ss1->num_entries_read2))
+			return False;
+
+		for (i = 0; i < num_entries; i++) {
+			if(!srv_io_conn_info1("", &ss1->info_1[i], ps, depth))
+				return False;
+		}
+
+		for (i = 0; i < num_entries; i++) {
+			if(!srv_io_conn_info1_str("", &ss1->info_1_str[i], ps, depth))
+				return False;
+		}
+
+		if(!prs_align(ps))
+			return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+static BOOL srv_io_srv_conn_ctr(char *desc, SRV_CONN_INFO_CTR **pp_ctr, prs_struct *ps, int depth)
+{
+	SRV_CONN_INFO_CTR *ctr = *pp_ctr;
+
+	prs_debug(ps, depth, desc, "srv_io_srv_conn_ctr");
+	depth++;
+
+	if (UNMARSHALLING(ps)) {
+		ctr = *pp_ctr = (SRV_CONN_INFO_CTR *)prs_alloc_mem(ps, sizeof(SRV_CONN_INFO_CTR));
+		if (ctr == NULL)
+			return False;
+	}
+		
+	if (ctr == NULL)
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("switch_value", ps, depth, &ctr->switch_value))
+		return False;
+	if(!prs_uint32("ptr_conn_ctr", ps, depth, &ctr->ptr_conn_ctr))
+		return False;
+
+	if (ctr->ptr_conn_ctr != 0) {
+		switch (ctr->switch_value) {
+		case 0:
+			if(!srv_io_srv_conn_info_0("", &ctr->conn.info0, ps, depth))
+				return False;
+			break;
+		case 1:
+			if(!srv_io_srv_conn_info_1("", &ctr->conn.info1, ps, depth))
+				return False;
+			break;
+		default:
+			DEBUG(5,("%s no connection info at switch_value %d\n",
+			         tab_depth(depth), ctr->switch_value));
+			break;
+		}
+	}
+
+	return True;
+}
+
+/*******************************************************************
+  Reads or writes a structure.
+********************************************************************/
+
+void init_srv_q_net_conn_enum(SRV_Q_NET_CONN_ENUM *q_n, 
+				char *srv_name, char *qual_name,
+				uint32 conn_level, SRV_CONN_INFO_CTR *ctr,
+				uint32 preferred_len,
+				ENUM_HND *hnd)
+{
+	DEBUG(5,("init_q_net_conn_enum\n"));
+
+	q_n->ctr = ctr;
+
+	init_buf_unistr2(&q_n->uni_srv_name, &q_n->ptr_srv_name, srv_name );
+	init_buf_unistr2(&q_n->uni_qual_name, &q_n->ptr_qual_name, qual_name);
+
+	q_n->conn_level    = conn_level;
+	q_n->preferred_len = preferred_len;
+
+	memcpy(&q_n->enum_hnd, hnd, sizeof(*hnd));
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL srv_io_q_net_conn_enum(char *desc, SRV_Q_NET_CONN_ENUM *q_n, prs_struct *ps, int depth)
+{
+	if (q_n == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_q_net_conn_enum");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_srv_name ", ps, depth, &q_n->ptr_srv_name))
+		return False;
+	if(!smb_io_unistr2("", &q_n->uni_srv_name, q_n->ptr_srv_name, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_qual_name", ps, depth, &q_n->ptr_qual_name))
+		return False;
+	if(!smb_io_unistr2("", &q_n->uni_qual_name, q_n->ptr_qual_name, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("conn_level", ps, depth, &q_n->conn_level))
+		return False;
+	
+	if (q_n->conn_level != -1) {
+		if(!srv_io_srv_conn_ctr("conn_ctr", &q_n->ctr, ps, depth))
+			return False;
+	}
+
+	if(!prs_uint32("preferred_len", ps, depth, &q_n->preferred_len))
+		return False;
+
+	if(!smb_io_enum_hnd("enum_hnd", &q_n->enum_hnd, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL srv_io_r_net_conn_enum(char *desc,  SRV_R_NET_CONN_ENUM *r_n, prs_struct *ps, int depth)
+{
+	if (r_n == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_r_net_conn_enum");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("conn_level", ps, depth, &r_n->conn_level))
+		return False;
+
+	if (r_n->conn_level != -1) {
+		if(!srv_io_srv_conn_ctr("conn_ctr", &r_n->ctr, ps, depth))
+			return False;
+	}
+
+	if(!prs_uint32("total_entries", ps, depth, &r_n->total_entries))
+		return False;
+	if(!smb_io_enum_hnd("enum_hnd", &r_n->enum_hnd, ps, depth))
+		return False;
+	if(!prs_werror("status", ps, depth, &r_n->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a FILE_INFO_3_STR structure
+********************************************************************/
+
+void init_srv_file_info3_str(FILE_INFO_3_STR *fi3, char *user_name, char *path_name)
+{
+	DEBUG(5,("init_srv_file_info3_str\n"));
+
+	init_unistr2(&fi3->uni_path_name, path_name, strlen(path_name)+1);
+	init_unistr2(&fi3->uni_user_name, user_name, strlen(user_name)+1);
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+static BOOL srv_io_file_info3_str(char *desc, FILE_INFO_3_STR *sh1, prs_struct *ps, int depth)
+{
+	if (sh1 == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_file_info3_str");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_unistr2("", &sh1->uni_path_name, True, ps, depth))
+		return False;
+	if(!smb_io_unistr2("", &sh1->uni_user_name, True, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a FILE_INFO_3 structure
+********************************************************************/
+
+void init_srv_file_info3(FILE_INFO_3 *fl3,
+				uint32 id, uint32 perms, uint32 num_locks,
+				char *path_name, char *user_name)
+{
+	DEBUG(5,("init_srv_file_info3: %s %s\n", path_name, user_name));
+
+	fl3->id        = id;	
+	fl3->perms     = perms;
+	fl3->num_locks = num_locks;
+
+	fl3->ptr_path_name = (path_name != NULL) ? 1 : 0;
+	fl3->ptr_user_name = (user_name != NULL) ? 1 : 0;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+static BOOL srv_io_file_info3(char *desc, FILE_INFO_3 *fl3, prs_struct *ps, int depth)
+{
+	if (fl3 == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_file_info3");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("id           ", ps, depth, &fl3->id))
+		return False;
+	if(!prs_uint32("perms        ", ps, depth, &fl3->perms))
+		return False;
+	if(!prs_uint32("num_locks    ", ps, depth, &fl3->num_locks))
+		return False;
+	if(!prs_uint32("ptr_path_name", ps, depth, &fl3->ptr_path_name))
+		return False;
+	if(!prs_uint32("ptr_user_name", ps, depth, &fl3->ptr_user_name))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+static BOOL srv_io_srv_file_info_3(char *desc, SRV_FILE_INFO_3 *fl3, prs_struct *ps, int depth)
+{
+	if (fl3 == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_file_3_fl3");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("num_entries_read", ps, depth, &fl3->num_entries_read))
+		return False;
+	if(!prs_uint32("ptr_file_fl3", ps, depth, &fl3->ptr_file_info))
+		return False;
+
+	if (fl3->ptr_file_info != 0) {
+		int i;
+		int num_entries = fl3->num_entries_read;
+
+		if (num_entries > MAX_FILE_ENTRIES) {
+			num_entries = MAX_FILE_ENTRIES; /* report this! */
+		}
+
+		if(!prs_uint32("num_entries_read2", ps, depth, &fl3->num_entries_read2))
+			return False;
+
+		for (i = 0; i < num_entries; i++) {
+			if(!srv_io_file_info3("", &fl3->info_3[i], ps, depth))
+				return False;
+		}
+
+		for (i = 0; i < num_entries; i++) {
+			if(!srv_io_file_info3_str("", &fl3->info_3_str[i], ps, depth))
+				return False;
+		}
+
+		if(!prs_align(ps))
+			return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+static BOOL srv_io_srv_file_ctr(char *desc, SRV_FILE_INFO_CTR **pp_ctr, prs_struct *ps, int depth)
+{
+	SRV_FILE_INFO_CTR *ctr = *pp_ctr;
+
+	if (UNMARSHALLING(ps)) {
+		ctr = *pp_ctr = (SRV_FILE_INFO_CTR *)prs_alloc_mem(ps, sizeof(SRV_FILE_INFO_CTR));
+		if (ctr == NULL)
+			return False;
+	}
+
+	if (ctr == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_srv_file_ctr");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("switch_value", ps, depth, &ctr->switch_value))
+		return False;
+	if(!prs_uint32("ptr_file_ctr", ps, depth, &ctr->ptr_file_ctr))
+		return False;
+
+	if (ctr->ptr_file_ctr != 0) {
+		switch (ctr->switch_value) {
+		case 3:
+			if(!srv_io_srv_file_info_3("", &ctr->file.info3, ps, depth))
+				return False;
+			break;
+		default:
+			DEBUG(5,("%s no file info at switch_value %d\n",
+			         tab_depth(depth), ctr->switch_value));
+			break;
+		}
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a SRV_Q_NET_FILE_ENUM structure.
+********************************************************************/
+
+void init_srv_q_net_file_enum(SRV_Q_NET_FILE_ENUM *q_n, 
+				char *srv_name, char *qual_name,
+				uint32 file_level, SRV_FILE_INFO_CTR *ctr,
+				uint32 preferred_len,
+				ENUM_HND *hnd)
+{
+	DEBUG(5,("init_q_net_file_enum\n"));
+
+	q_n->ctr = ctr;
+
+	init_buf_unistr2(&q_n->uni_srv_name, &q_n->ptr_srv_name, srv_name);
+	init_buf_unistr2(&q_n->uni_qual_name, &q_n->ptr_qual_name, qual_name);
+
+	q_n->file_level    = file_level;
+	q_n->preferred_len = preferred_len;
+
+	memcpy(&q_n->enum_hnd, hnd, sizeof(*hnd));
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL srv_io_q_net_file_enum(char *desc, SRV_Q_NET_FILE_ENUM *q_n, prs_struct *ps, int depth)
+{
+	if (q_n == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_q_net_file_enum");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_srv_name", ps, depth, &q_n->ptr_srv_name))
+		return False;
+	if(!smb_io_unistr2("", &q_n->uni_srv_name, True, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_qual_name", ps, depth, &q_n->ptr_qual_name))
+		return False;
+	if(!smb_io_unistr2("", &q_n->uni_qual_name, q_n->ptr_qual_name, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("file_level", ps, depth, &q_n->file_level))
+		return False;
+
+	if (q_n->file_level != -1) {
+		if(!srv_io_srv_file_ctr("file_ctr", &q_n->ctr, ps, depth))
+			return False;
+	}
+
+	if(!prs_uint32("preferred_len", ps, depth, &q_n->preferred_len))
+		return False;
+
+	if(!smb_io_enum_hnd("enum_hnd", &q_n->enum_hnd, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL srv_io_r_net_file_enum(char *desc, SRV_R_NET_FILE_ENUM *r_n, prs_struct *ps, int depth)
+{
+	if (r_n == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_r_net_file_enum");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("file_level", ps, depth, &r_n->file_level))
+		return False;
+
+	if (r_n->file_level != 0) {
+		if(!srv_io_srv_file_ctr("file_ctr", &r_n->ctr, ps, depth))
+			return False;
+	}
+
+	if(!prs_uint32("total_entries", ps, depth, &r_n->total_entries))
+		return False;
+	if(!smb_io_enum_hnd("enum_hnd", &r_n->enum_hnd, ps, depth))
+		return False;
+	if(!prs_werror("status", ps, depth, &r_n->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a SRV_INFO_100 structure.
+ ********************************************************************/
+
+void init_srv_info_100(SRV_INFO_100 *sv100, uint32 platform_id, char *name)
+{
+	DEBUG(5,("init_srv_info_100\n"));
+
+	sv100->platform_id  = platform_id;
+	init_buf_unistr2(&sv100->uni_name, &sv100->ptr_name, name);
+}
+
+/*******************************************************************
+ Reads or writes a SRV_INFO_101 structure.
+ ********************************************************************/
+
+static BOOL srv_io_info_100(char *desc, SRV_INFO_100 *sv100, prs_struct *ps, int depth)
+{
+	if (sv100 == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_info_100");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("platform_id ", ps, depth, &sv100->platform_id))
+		return False;
+	if(!prs_uint32("ptr_name    ", ps, depth, &sv100->ptr_name))
+		return False;
+
+	if(!smb_io_unistr2("uni_name    ", &sv100->uni_name, True, ps, depth))
+		return False;
+
+	return True;
+}
+
+
+/*******************************************************************
+ Inits a SRV_INFO_101 structure.
+ ********************************************************************/
+
+void init_srv_info_101(SRV_INFO_101 *sv101, uint32 platform_id, char *name,
+				uint32 ver_major, uint32 ver_minor,
+				uint32 srv_type, char *comment)
+{
+	DEBUG(5,("init_srv_info_101\n"));
+
+	sv101->platform_id  = platform_id;
+	init_buf_unistr2(&sv101->uni_name, &sv101->ptr_name, name);
+	sv101->ver_major    = ver_major;
+	sv101->ver_minor    = ver_minor;
+	sv101->srv_type     = srv_type;
+	init_buf_unistr2(&sv101->uni_comment, &sv101->ptr_comment, comment);
+}
+
+/*******************************************************************
+ Reads or writes a SRV_INFO_101 structure.
+ ********************************************************************/
+
+static BOOL srv_io_info_101(char *desc, SRV_INFO_101 *sv101, prs_struct *ps, int depth)
+{
+	if (sv101 == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_info_101");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("platform_id ", ps, depth, &sv101->platform_id))
+		return False;
+	if(!prs_uint32("ptr_name    ", ps, depth, &sv101->ptr_name))
+		return False;
+	if(!prs_uint32("ver_major   ", ps, depth, &sv101->ver_major))
+		return False;
+	if(!prs_uint32("ver_minor   ", ps, depth, &sv101->ver_minor))
+		return False;
+	if(!prs_uint32("srv_type    ", ps, depth, &sv101->srv_type))
+		return False;
+	if(!prs_uint32("ptr_comment ", ps, depth, &sv101->ptr_comment))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_unistr2("uni_name    ", &sv101->uni_name, True, ps, depth))
+		return False;
+	if(!smb_io_unistr2("uni_comment ", &sv101->uni_comment, True, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a SRV_INFO_102 structure.
+ ********************************************************************/
+
+void init_srv_info_102(SRV_INFO_102 *sv102, uint32 platform_id, char *name,
+				char *comment, uint32 ver_major, uint32 ver_minor,
+				uint32 srv_type, uint32 users, uint32 disc, uint32 hidden,
+				uint32 announce, uint32 ann_delta, uint32 licenses,
+				char *usr_path)
+{
+	DEBUG(5,("init_srv_info_102\n"));
+
+	sv102->platform_id  = platform_id;
+	init_buf_unistr2(&sv102->uni_name, &sv102->ptr_name, name);
+	sv102->ver_major    = ver_major;
+	sv102->ver_minor    = ver_minor;
+	sv102->srv_type     = srv_type;
+	init_buf_unistr2(&sv102->uni_comment, &sv102->ptr_comment, comment);
+
+	/* same as 101 up to here */
+
+	sv102->users        = users;
+	sv102->disc         = disc;
+	sv102->hidden       = hidden;
+	sv102->announce     = announce;
+	sv102->ann_delta    =ann_delta;
+	sv102->licenses     = licenses;
+	init_buf_unistr2(&sv102->uni_usr_path, &sv102->ptr_usr_path, usr_path);
+}
+
+
+/*******************************************************************
+ Reads or writes a SRV_INFO_102 structure.
+ ********************************************************************/
+
+static BOOL srv_io_info_102(char *desc, SRV_INFO_102 *sv102, prs_struct *ps, int depth)
+{
+	if (sv102 == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_info102");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("platform_id ", ps, depth, &sv102->platform_id))
+		return False;
+	if(!prs_uint32("ptr_name    ", ps, depth, &sv102->ptr_name))
+		return False;
+	if(!prs_uint32("ver_major   ", ps, depth, &sv102->ver_major))
+		return False;
+	if(!prs_uint32("ver_minor   ", ps, depth, &sv102->ver_minor))
+		return False;
+	if(!prs_uint32("srv_type    ", ps, depth, &sv102->srv_type))
+		return False;
+	if(!prs_uint32("ptr_comment ", ps, depth, &sv102->ptr_comment))
+		return False;
+
+	/* same as 101 up to here */
+
+	if(!prs_uint32("users       ", ps, depth, &sv102->users))
+		return False;
+	if(!prs_uint32("disc        ", ps, depth, &sv102->disc))
+		return False;
+	if(!prs_uint32("hidden      ", ps, depth, &sv102->hidden))
+		return False;
+	if(!prs_uint32("announce    ", ps, depth, &sv102->announce))
+		return False;
+	if(!prs_uint32("ann_delta   ", ps, depth, &sv102->ann_delta))
+		return False;
+	if(!prs_uint32("licenses    ", ps, depth, &sv102->licenses))
+		return False;
+	if(!prs_uint32("ptr_usr_path", ps, depth, &sv102->ptr_usr_path))
+		return False;
+
+	if(!smb_io_unistr2("uni_name    ", &sv102->uni_name, True, ps, depth))
+		return False;
+	if(!prs_align(ps))
+		return False;
+	if(!smb_io_unistr2("uni_comment ", &sv102->uni_comment, True, ps, depth))
+		return False;
+	if(!prs_align(ps))
+		return False;
+	if(!smb_io_unistr2("uni_usr_path", &sv102->uni_usr_path, True, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a SRV_INFO_102 structure.
+ ********************************************************************/
+
+static BOOL srv_io_info_ctr(char *desc, SRV_INFO_CTR *ctr, prs_struct *ps, int depth)
+{
+	if (ctr == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_info_ctr");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("switch_value", ps, depth, &ctr->switch_value))
+		return False;
+	if(!prs_uint32("ptr_srv_ctr ", ps, depth, &ctr->ptr_srv_ctr))
+		return False;
+
+	if (ctr->ptr_srv_ctr != 0 && ctr->switch_value != 0 && ctr != NULL) {
+		switch (ctr->switch_value) {
+		case 100:
+			if(!srv_io_info_100("sv100", &ctr->srv.sv100, ps, depth))
+				return False;
+			break;
+		case 101:
+			if(!srv_io_info_101("sv101", &ctr->srv.sv101, ps, depth))
+				return False;
+			break;
+		case 102:
+			if(!srv_io_info_102("sv102", &ctr->srv.sv102, ps, depth))
+				return False;
+			break;
+		default:
+			DEBUG(5,("%s no server info at switch_value %d\n",
+					 tab_depth(depth), ctr->switch_value));
+			break;
+		}
+		if(!prs_align(ps))
+			return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a SRV_Q_NET_SRV_GET_INFO structure.
+ ********************************************************************/
+
+void init_srv_q_net_srv_get_info(SRV_Q_NET_SRV_GET_INFO *srv,
+				char *server_name, uint32 switch_value)
+{
+	DEBUG(5,("init_srv_q_net_srv_get_info\n"));
+
+	init_buf_unistr2(&srv->uni_srv_name, &srv->ptr_srv_name, server_name);
+
+	srv->switch_value = switch_value;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL srv_io_q_net_srv_get_info(char *desc, SRV_Q_NET_SRV_GET_INFO *q_n, prs_struct *ps, int depth)
+{
+	if (q_n == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_q_net_srv_get_info");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_srv_name  ", ps, depth, &q_n->ptr_srv_name))
+		return False;
+	if(!smb_io_unistr2("", &q_n->uni_srv_name, True, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("switch_value  ", ps, depth, &q_n->switch_value))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a SRV_R_NET_SRV_GET_INFO structure.
+ ********************************************************************/
+
+void init_srv_r_net_srv_get_info(SRV_R_NET_SRV_GET_INFO *srv,
+				uint32 switch_value, SRV_INFO_CTR *ctr, WERROR status)
+{
+	DEBUG(5,("init_srv_r_net_srv_get_info\n"));
+
+	srv->ctr = ctr;
+
+	if (W_ERROR_IS_OK(status)) {
+		srv->ctr->switch_value = switch_value;
+		srv->ctr->ptr_srv_ctr  = 1;
+	} else {
+		srv->ctr->switch_value = 0;
+		srv->ctr->ptr_srv_ctr  = 0;
+	}
+
+	srv->status = status;
+}
+
+/*******************************************************************
+ Inits a SRV_R_NET_SRV_SET_INFO structure.
+ ********************************************************************/
+
+void init_srv_r_net_srv_set_info(SRV_R_NET_SRV_SET_INFO *srv,
+				 uint32 switch_value, WERROR status)
+{
+	DEBUG(5,("init_srv_r_net_srv_set_info\n"));
+
+	srv->switch_value = switch_value;
+	srv->status = status;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL srv_io_q_net_srv_set_info(char *desc, SRV_Q_NET_SRV_SET_INFO *q_n, 
+			       prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "srv_io_q_net_srv_set_info");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_srv_name  ", ps, depth, &q_n->ptr_srv_name))
+		return False;
+	if(!smb_io_unistr2("", &q_n->uni_srv_name, True, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("switch_value  ", ps, depth, &q_n->switch_value))
+		return False;
+
+	if (UNMARSHALLING(ps)) {
+		q_n->ctr = (SRV_INFO_CTR *)
+			prs_alloc_mem(ps, sizeof(SRV_INFO_CTR));
+
+		if (!q_n->ctr)
+			return False;
+	}
+
+	if(!srv_io_info_ctr("ctr", q_n->ctr, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+ ********************************************************************/
+
+BOOL srv_io_r_net_srv_get_info(char *desc, SRV_R_NET_SRV_GET_INFO *r_n, prs_struct *ps, int depth)
+{
+	if (r_n == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_r_net_srv_get_info");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!srv_io_info_ctr("ctr", r_n->ctr, ps, depth))
+		return False;
+
+	if(!prs_werror("status", ps, depth, &r_n->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+ ********************************************************************/
+
+BOOL srv_io_r_net_srv_set_info(char *desc, SRV_R_NET_SRV_SET_INFO *r_n, 
+			       prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "srv_io_r_net_srv_set_info");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("switch_value  ", ps, depth, &r_n->switch_value))
+		return False;
+
+	if(!prs_werror("status", ps, depth, &r_n->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+ ********************************************************************/
+
+BOOL srv_io_q_net_remote_tod(char *desc, SRV_Q_NET_REMOTE_TOD *q_n, prs_struct *ps, int depth)
+{
+	if (q_n == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_q_net_remote_tod");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_srv_name  ", ps, depth, &q_n->ptr_srv_name))
+		return False;
+	if(!smb_io_unistr2("", &q_n->uni_srv_name, True, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a TIME_OF_DAY_INFO structure.
+ ********************************************************************/
+
+static BOOL srv_io_time_of_day_info(char *desc, TIME_OF_DAY_INFO *tod, prs_struct *ps, int depth)
+{
+	if (tod == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_time_of_day_info");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint32("elapsedt   ", ps, depth, &tod->elapsedt))
+		return False;
+	if(!prs_uint32("msecs      ", ps, depth, &tod->msecs))
+		return False;
+	if(!prs_uint32("hours      ", ps, depth, &tod->hours))
+		return False;
+	if(!prs_uint32("mins       ", ps, depth, &tod->mins))
+		return False;
+	if(!prs_uint32("secs       ", ps, depth, &tod->secs))
+		return False;
+	if(!prs_uint32("hunds      ", ps, depth, &tod->hunds))
+		return False;
+	if(!prs_uint32("timezone   ", ps, depth, &tod->zone))
+		return False;
+	if(!prs_uint32("tintervals ", ps, depth, &tod->tintervals))
+		return False;
+	if(!prs_uint32("day        ", ps, depth, &tod->day))
+		return False;
+	if(!prs_uint32("month      ", ps, depth, &tod->month))
+		return False;
+	if(!prs_uint32("year       ", ps, depth, &tod->year))
+		return False;
+	if(!prs_uint32("weekday    ", ps, depth, &tod->weekday))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a TIME_OF_DAY_INFO structure.
+ ********************************************************************/
+
+void init_time_of_day_info(TIME_OF_DAY_INFO *tod, uint32 elapsedt, uint32 msecs,
+                           uint32 hours, uint32 mins, uint32 secs, uint32 hunds,
+			   uint32 zone, uint32 tintervals, uint32 day,
+			   uint32 month, uint32 year, uint32 weekday)
+{
+	DEBUG(5,("init_time_of_day_info\n"));
+
+	tod->elapsedt	= elapsedt;
+	tod->msecs	= msecs;
+	tod->hours	= hours;
+	tod->mins	= mins;
+	tod->secs	= secs;
+	tod->hunds	= hunds;
+	tod->zone	= zone;
+	tod->tintervals	= tintervals;
+	tod->day	= day;
+	tod->month	= month;
+	tod->year	= year;
+	tod->weekday	= weekday;
+}
+
+
+/*******************************************************************
+ Reads or writes a structure.
+ ********************************************************************/
+
+BOOL srv_io_r_net_remote_tod(char *desc, SRV_R_NET_REMOTE_TOD *r_n, prs_struct *ps, int depth)
+{
+	if (r_n == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_r_net_remote_tod");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+	
+	if(!prs_uint32("ptr_srv_tod ", ps, depth, &r_n->ptr_srv_tod))
+		return False;
+
+	if(!srv_io_time_of_day_info("tod", r_n->tod, ps, depth))
+		return False;
+
+	if(!prs_werror("status", ps, depth, &r_n->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+ ********************************************************************/
+
+BOOL srv_io_q_net_disk_enum(char *desc, SRV_Q_NET_DISK_ENUM *q_n, prs_struct *ps, int depth)
+{
+	if (q_n == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_q_net_disk_enum");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_srv_name", ps, depth, &q_n->ptr_srv_name))
+		return False;
+
+	if(!smb_io_unistr2("", &q_n->uni_srv_name, True, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("level", ps, depth, &q_n->disk_enum_ctr.level))
+		return False;
+
+	if(!prs_uint32("entries_read", ps, depth, &q_n->disk_enum_ctr.entries_read))
+		return False;
+
+	if(!prs_uint32("buffer", ps, depth, &q_n->disk_enum_ctr.disk_info_ptr))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("preferred_len", ps, depth, &q_n->preferred_len))
+		return False;
+	if(!smb_io_enum_hnd("enum_hnd", &q_n->enum_hnd, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+ ********************************************************************/
+
+BOOL srv_io_r_net_disk_enum(char *desc, SRV_R_NET_DISK_ENUM *r_n, prs_struct *ps, int depth)
+{
+	int i;
+
+	if (r_n == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_r_net_disk_enum");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("entries_read", ps, depth, &r_n->disk_enum_ctr.entries_read))
+		return False;
+	if(!prs_uint32("ptr_disk_info", ps, depth, &r_n->disk_enum_ctr.disk_info_ptr))
+		return False;
+
+	/*this may be max, unknown, actual?*/
+
+	if(!prs_uint32("max_elements", ps, depth, &r_n->disk_enum_ctr.entries_read))
+		return False;
+	if(!prs_uint32("unknown", ps, depth, &r_n->disk_enum_ctr.unknown))
+		return False;
+	if(!prs_uint32("actual_elements", ps, depth, &r_n->disk_enum_ctr.entries_read))
+		return False;
+
+	for(i=0; i < r_n->disk_enum_ctr.entries_read; i++) {
+
+		if(!prs_uint32("unknown", ps, depth, &r_n->disk_enum_ctr.disk_info[i].unknown))
+			return False;
+   
+		if(!smb_io_unistr3("disk_name", &r_n->disk_enum_ctr.disk_info[i].disk_name, ps, depth))
+			return False;
+
+		if(!prs_align(ps))
+			return False;
+	}
+
+	if(!prs_uint32("total_entries", ps, depth, &r_n->total_entries))
+		return False;
+
+	if(!smb_io_enum_hnd("enum_hnd", &r_n->enum_hnd, ps, depth))
+		return False;
+
+	if(!prs_werror("status", ps, depth, &r_n->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+ ********************************************************************/
+
+BOOL srv_io_q_net_name_validate(char *desc, SRV_Q_NET_NAME_VALIDATE *q_n, prs_struct *ps, int depth)
+{
+	if (q_n == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_q_net_name_validate");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_srv_name", ps, depth, &q_n->ptr_srv_name))
+		return False;
+
+	if(!smb_io_unistr2("", &q_n->uni_srv_name, True, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_unistr2("", &q_n->uni_name, True, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("type", ps, depth, &q_n->type))
+		return False;
+
+	if(!prs_uint32("flags", ps, depth, &q_n->flags))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+ ********************************************************************/
+
+BOOL srv_io_r_net_name_validate(char *desc, SRV_R_NET_NAME_VALIDATE *r_n, prs_struct *ps, int depth)
+{
+	if (r_n == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_r_net_name_validate");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_werror("status", ps, depth, &r_n->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL srv_io_q_net_file_query_secdesc(char *desc, SRV_Q_NET_FILE_QUERY_SECDESC *q_n, prs_struct *ps, int depth)
+{
+	if (q_n == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_q_net_file_query_secdesc");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_srv_name", ps, depth, &q_n->ptr_srv_name))
+		return False;
+
+	if(!smb_io_unistr2("", &q_n->uni_srv_name, True, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_qual_name", ps, depth, &q_n->ptr_qual_name))
+		return False;
+
+	if(!smb_io_unistr2("", &q_n->uni_qual_name, True, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_unistr2("", &q_n->uni_file_name, True, ps, depth))
+		return False;
+
+	if(!prs_uint32("unknown1", ps, depth, &q_n->unknown1))
+		return False;
+
+	if(!prs_uint32("unknown2", ps, depth, &q_n->unknown2))
+		return False;
+
+	if(!prs_uint32("unknown3", ps, depth, &q_n->unknown3))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL srv_io_r_net_file_query_secdesc(char *desc, SRV_R_NET_FILE_QUERY_SECDESC *r_n, prs_struct *ps, int depth)
+{
+	if (r_n == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_r_net_file_query_secdesc");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_response", ps, depth, &r_n->ptr_response))
+		return False;
+
+	if(!prs_uint32("size_response", ps, depth, &r_n->size_response))
+		return False;
+
+	if(!prs_uint32("ptr_secdesc", ps, depth, &r_n->ptr_secdesc))
+		return False;
+
+	if(!prs_uint32("size_secdesc", ps, depth, &r_n->size_secdesc))
+		return False;
+
+	if(!sec_io_desc("sec_desc", &r_n->sec_desc, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_werror("status", ps, depth, &r_n->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL srv_io_q_net_file_set_secdesc(char *desc, SRV_Q_NET_FILE_SET_SECDESC *q_n, prs_struct *ps, int depth)
+{
+	if (q_n == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_q_net_file_set_secdesc");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_srv_name", ps, depth, &q_n->ptr_srv_name))
+		return False;
+
+	if(!smb_io_unistr2("", &q_n->uni_srv_name, True, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_qual_name", ps, depth, &q_n->ptr_qual_name))
+		return False;
+
+	if(!smb_io_unistr2("", &q_n->uni_qual_name, True, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_unistr2("", &q_n->uni_file_name, True, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("sec_info", ps, depth, &q_n->sec_info))
+		return False;
+
+	if(!prs_uint32("size_set", ps, depth, &q_n->size_set))
+		return False;
+
+	if(!prs_uint32("ptr_secdesc", ps, depth, &q_n->ptr_secdesc))
+		return False;
+
+	if(!prs_uint32("size_secdesc", ps, depth, &q_n->size_secdesc))
+		return False;
+
+	if(!sec_io_desc("sec_desc", &q_n->sec_desc, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL srv_io_r_net_file_set_secdesc(char *desc, SRV_R_NET_FILE_SET_SECDESC *r_n, prs_struct *ps, int depth)
+{
+	if (r_n == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_r_net_file_set_secdesc");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_werror("status", ps, depth, &r_n->status))
+		return False;
+
+	return True;
+}
diff --git a/source3/rpc_parse/parse_wks.c b/source3/rpc_parse/parse_wks.c
new file mode 100644
index 0000000000..3846c2e3b6
--- /dev/null
+++ b/source3/rpc_parse/parse_wks.c
@@ -0,0 +1,175 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell              1992-1997,
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
+ *  Copyright (C) Paul Ashton                       1997.
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+/*******************************************************************
+ Init
+ ********************************************************************/
+
+void init_wks_q_query_info(WKS_Q_QUERY_INFO *q_u,
+				char *server, uint16 switch_value)  
+{
+	DEBUG(5,("init_wks_q_query_info\n"));
+
+	init_buf_unistr2(&q_u->uni_srv_name, &q_u->ptr_srv_name, server);
+	q_u->switch_value = switch_value;
+}
+
+/*******************************************************************
+ Reads or writes a WKS_Q_QUERY_INFO structure.
+********************************************************************/
+
+BOOL wks_io_q_query_info(char *desc, WKS_Q_QUERY_INFO *q_u, prs_struct *ps, int depth)
+{
+	if (q_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "wks_io_q_query_info");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_srv_name", ps, depth, &q_u->ptr_srv_name))
+		return False;
+	if(!smb_io_unistr2("", &q_u->uni_srv_name, q_u->ptr_srv_name, ps, depth))
+		return False;
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint16("switch_value", ps, depth, &q_u->switch_value))
+		return False;
+	if(!prs_align(ps))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ wks_info_100
+ ********************************************************************/
+
+void init_wks_info_100(WKS_INFO_100 *inf,
+				uint32 platform_id, uint32 ver_major, uint32 ver_minor,
+				char *my_name, char *domain_name)
+{
+	DEBUG(5,("Init WKS_INFO_100: %d\n", __LINE__));
+
+	inf->platform_id = platform_id; /* 0x0000 01f4 - unknown */
+	inf->ver_major   = ver_major;   /* os major version */
+	inf->ver_minor   = ver_minor;   /* os minor version */
+
+	init_buf_unistr2(&inf->uni_compname, &inf->ptr_compname, my_name    );
+	init_buf_unistr2(&inf->uni_lan_grp, &inf->ptr_lan_grp, domain_name);
+}
+
+/*******************************************************************
+ Reads or writes a WKS_INFO_100 structure.
+********************************************************************/
+
+static BOOL wks_io_wks_info_100(char *desc, WKS_INFO_100 *inf, prs_struct *ps, int depth)
+{
+	if (inf == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "wks_io_wks_info_100");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("platform_id ", ps, depth, &inf->platform_id)) /* 0x0000 01f4 - unknown */
+		return False;
+	if(!prs_uint32("ptr_compname", ps, depth, &inf->ptr_compname)) /* pointer to computer name */
+		return False;
+	if(!prs_uint32("ptr_lan_grp ", ps, depth, &inf->ptr_lan_grp)) /* pointer to LAN group name */
+		return False;
+	if(!prs_uint32("ver_major   ", ps, depth, &inf->ver_major)) /* 4 - major os version */
+		return False;
+	if(!prs_uint32("ver_minor   ", ps, depth, &inf->ver_minor)) /* 0 - minor os version */
+		return False;
+
+	if(!smb_io_unistr2("", &inf->uni_compname, inf->ptr_compname, ps, depth))
+		return False;
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_unistr2("", &inf->uni_lan_grp, inf->ptr_lan_grp , ps, depth))
+		return False;
+	if(!prs_align(ps))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits WKS_R_QUERY_INFO.
+
+ only supports info level 100 at the moment.
+
+ ********************************************************************/
+
+void init_wks_r_query_info(WKS_R_QUERY_INFO *r_u,
+			   uint32 switch_value, WKS_INFO_100 *wks100,
+			   NTSTATUS status)  
+{
+	DEBUG(5,("init_wks_r_unknown_0: %d\n", __LINE__));
+
+	r_u->switch_value = switch_value;  /* same as in request */
+
+	r_u->ptr_1     = 1;          /* pointer 1 */
+	r_u->wks100    = wks100;
+
+	r_u->status    = status;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL wks_io_r_query_info(char *desc, WKS_R_QUERY_INFO *r_u, prs_struct *ps, int depth)
+{
+	if (r_u == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "wks_io_r_query_info");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint16("switch_value", ps, depth, &r_u->switch_value)) /* level 100 (0x64) */
+		return False;
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_1       ", ps, depth, &r_u->ptr_1)) /* pointer 1 */
+		return False;
+	if(!wks_io_wks_info_100("inf", r_u->wks100, ps, depth))
+		return False;
+
+	if(!prs_ntstatus("status      ", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
diff --git a/source3/rpc_server/.cvsignore b/source3/rpc_server/.cvsignore
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/source3/rpc_server/.cvsignore
diff --git a/source3/rpc_server/srv_dfs.c b/source3/rpc_server/srv_dfs.c
new file mode 100644
index 0000000000..4351fd088e
--- /dev/null
+++ b/source3/rpc_server/srv_dfs.c
@@ -0,0 +1,176 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines for Dfs
+ *  Copyright (C) Andrew Tridgell              1992-1997,
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
+ *  Copyright (C) Shirish Kalele               2000.
+ *  Copyright (C) Jeremy Allison				2001.
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+/* This is the interface to the dfs pipe. */
+
+#include "includes.h"
+#include "nterr.h"
+
+#define MAX_MSDFS_JUNCTIONS 256
+
+extern pstring global_myname;
+
+/**********************************************************************
+ api_dfs_exist
+ **********************************************************************/
+
+static BOOL api_dfs_exist(pipes_struct *p)
+{
+	DFS_Q_DFS_EXIST q_u;
+	DFS_R_DFS_EXIST r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	if(!dfs_io_q_dfs_exist("", &q_u, data, 0))
+		return False;
+	
+	r_u.status = _dfs_exist(p, &q_u, &r_u);
+	
+	if (!dfs_io_r_dfs_exist("", &r_u, rdata, 0))
+		return False;
+
+	return True;
+}
+
+/*****************************************************************
+ api_dfs_add
+ *****************************************************************/
+
+static BOOL api_dfs_add(pipes_struct *p)
+{
+	DFS_Q_DFS_ADD q_u;
+	DFS_R_DFS_ADD r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+	
+	if(!dfs_io_q_dfs_add("", &q_u, data, 0))
+		return False;
+	
+	r_u.status = _dfs_add(p, &q_u, &r_u);
+	
+	if (!dfs_io_r_dfs_add("", &r_u, rdata, 0))
+		return False;
+	
+	return True;
+}
+
+/*****************************************************************
+ api_dfs_remove
+ *****************************************************************/
+
+static BOOL api_dfs_remove(pipes_struct *p)
+{
+	DFS_Q_DFS_REMOVE q_u;
+	DFS_R_DFS_REMOVE r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+	
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+	
+	if(!dfs_io_q_dfs_remove("", &q_u, data, 0))
+		return False;
+	
+	r_u.status = _dfs_remove(p, &q_u, &r_u);
+	
+	if (!dfs_io_r_dfs_remove("", &r_u, rdata, 0))
+		return False;
+	
+	return True;
+}
+
+/*******************************************************************
+ api_dfs_get_info
+ *******************************************************************/
+
+static BOOL api_dfs_get_info(pipes_struct *p)
+{
+	DFS_Q_DFS_GET_INFO q_u;
+	DFS_R_DFS_GET_INFO r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+	
+	if(!dfs_io_q_dfs_get_info("", &q_u, data, 0))
+		return False;
+	
+	r_u.status = _dfs_get_info(p, &q_u, &r_u);
+	
+	if(!dfs_io_r_dfs_get_info("", &r_u, rdata, 0))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ api_dfs_enum
+ *******************************************************************/
+
+static BOOL api_dfs_enum(pipes_struct *p)
+{
+	DFS_Q_DFS_ENUM q_u;
+	DFS_R_DFS_ENUM r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!dfs_io_q_dfs_enum("", &q_u, data, 0))
+		return False;
+	
+	r_u.status = _dfs_enum(p, &q_u, &r_u);
+	
+	if(!dfs_io_r_dfs_enum("", &r_u, rdata, 0))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+\pipe\netdfs commands
+********************************************************************/
+
+struct api_struct api_netdfs_cmds[] =
+{
+	{"DFS_EXIST",        DFS_EXIST,               api_dfs_exist    },
+	{"DFS_ADD",          DFS_ADD,                 api_dfs_add      },
+	{"DFS_REMOVE",       DFS_REMOVE,              api_dfs_remove   },
+	{"DFS_GET_INFO",     DFS_GET_INFO,            api_dfs_get_info },
+	{"DFS_ENUM",         DFS_ENUM,                api_dfs_enum     },
+	{NULL,               0,                       NULL             }
+};
+
+/*******************************************************************
+receives a netdfs pipe and responds.
+********************************************************************/
+
+BOOL api_netdfs_rpc(pipes_struct *p)
+{
+	return api_rpcTNP(p, "api_netdfs_rpc", api_netdfs_cmds);
+}
diff --git a/source3/rpc_server/srv_dfs_nt.c b/source3/rpc_server/srv_dfs_nt.c
new file mode 100644
index 0000000000..4db6c61a3c
--- /dev/null
+++ b/source3/rpc_server/srv_dfs_nt.c
@@ -0,0 +1,366 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines for Dfs
+ *  Copyright (C) Andrew Tridgell              1992-1997,
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
+ *  Copyright (C) Shirish Kalele               2000.
+ *  Copyright (C) Jeremy Allison				2001.
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+/* This is the implementation of the dfs pipe. */
+
+#include "includes.h"
+#include "nterr.h"
+
+extern pstring global_myname;
+
+#define MAX_MSDFS_JUNCTIONS 256
+
+/* This function does not return a WERROR or NTSTATUS code but rather 1 if
+   dfs exists, or 0 otherwise. */
+
+uint32 _dfs_exist(pipes_struct *p, DFS_Q_DFS_EXIST *q_u, DFS_R_DFS_EXIST *r_u)
+{
+	if(lp_host_msdfs()) 
+		return 1;
+	else
+		return 0;
+}
+
+WERROR _dfs_add(pipes_struct *p, DFS_Q_DFS_ADD* q_u, DFS_R_DFS_ADD *r_u)
+{
+  struct current_user user;
+  struct junction_map jn;
+  struct referral* old_referral_list = NULL;
+  BOOL exists = False;
+
+  pstring dfspath, servername, sharename;
+  pstring altpath;
+
+  get_current_user(&user,p);
+
+  if (user.uid != 0) {
+	DEBUG(10,("_dfs_add: uid != 0. Access denied.\n"));
+	return WERR_ACCESS_DENIED;
+  }
+
+  unistr2_to_ascii(dfspath, &q_u->DfsEntryPath, sizeof(dfspath)-1);
+  unistr2_to_ascii(servername, &q_u->ServerName, sizeof(servername)-1);
+  unistr2_to_ascii(sharename, &q_u->ShareName, sizeof(sharename)-1);
+
+  DEBUG(5,("init_reply_dfs_add: Request to add %s -> %s\\%s.\n",
+	   dfspath, servername, sharename));
+
+  pstrcpy(altpath, servername);
+  pstrcat(altpath, "\\");
+  pstrcat(altpath, sharename);
+
+  if(!create_junction(dfspath, &jn))
+    return WERR_DFS_NO_SUCH_SERVER;
+
+  if(get_referred_path(&jn))
+    {
+      exists = True;
+      jn.referral_count += 1;
+      old_referral_list = jn.referral_list;
+    }
+  else
+    jn.referral_count = 1;
+
+  jn.referral_list = (struct referral*) talloc(p->mem_ctx, jn.referral_count 
+					       * sizeof(struct referral));
+
+  if(jn.referral_list == NULL)
+    {
+      DEBUG(0,("init_reply_dfs_add: talloc failed for referral list!\n"));
+      return WERR_DFS_INTERNAL_ERROR;
+    }
+
+  if(old_referral_list)
+    {
+      memcpy(jn.referral_list, old_referral_list, 
+	     sizeof(struct referral)*jn.referral_count-1);
+      SAFE_FREE(old_referral_list);
+    }
+  
+  jn.referral_list[jn.referral_count-1].proximity = 0;
+  jn.referral_list[jn.referral_count-1].ttl = REFERRAL_TTL;
+
+  pstrcpy(jn.referral_list[jn.referral_count-1].alternate_path, altpath);
+  
+  if(!create_msdfs_link(&jn, exists))
+    return WERR_DFS_CANT_CREATE_JUNCT;
+
+  return WERR_OK;
+}
+
+WERROR _dfs_remove(pipes_struct *p, DFS_Q_DFS_REMOVE *q_u, 
+                   DFS_R_DFS_REMOVE *r_u)
+{
+  struct current_user user;
+  struct junction_map jn;
+  BOOL found = False;
+
+  pstring dfspath, servername, sharename;
+  pstring altpath;
+
+  get_current_user(&user,p);
+
+  if (user.uid != 0) {
+	DEBUG(10,("_dfs_remove: uid != 0. Access denied.\n"));
+	return WERR_ACCESS_DENIED;
+  }
+
+  unistr2_to_ascii(dfspath, &q_u->DfsEntryPath, sizeof(dfspath)-1);
+  if(q_u->ptr_ServerName)
+    unistr2_to_ascii(servername, &q_u->ServerName, sizeof(servername)-1);
+
+  if(q_u->ptr_ShareName)
+    unistr2_to_ascii(sharename, &q_u->ShareName, sizeof(sharename)-1);
+
+  if(q_u->ptr_ServerName && q_u->ptr_ShareName)
+    {
+      pstrcpy(altpath, servername);
+      pstrcat(altpath, "\\");
+      pstrcat(altpath, sharename);
+    }
+
+  DEBUG(5,("init_reply_dfs_remove: Request to remove %s -> %s\\%s.\n",
+	   dfspath, servername, sharename));
+
+  if(!create_junction(dfspath, &jn))
+    return WERR_DFS_NO_SUCH_SERVER;
+
+  if(!get_referred_path(&jn))
+    return WERR_DFS_NO_SUCH_VOL;
+
+  /* if no server-share pair given, remove the msdfs link completely */
+  if(!q_u->ptr_ServerName && !q_u->ptr_ShareName)
+    {
+      if(!remove_msdfs_link(&jn))
+	return WERR_DFS_NO_SUCH_VOL;
+    }
+  else
+    {
+      int i=0;
+      /* compare each referral in the list with the one to remove */
+      for(i=0;i<jn.referral_count;i++)
+	{
+	  pstring refpath;
+	  pstrcpy(refpath,jn.referral_list[i].alternate_path);
+	  trim_string(refpath, "\\", "\\");
+	  if(strequal(refpath, altpath))
+	    {
+	      *(jn.referral_list[i].alternate_path)='\0';
+	      found = True;
+	    }
+	}
+      if(!found)
+	return WERR_DFS_NO_SUCH_SHARE;
+      
+      /* Only one referral, remove it */
+      if(jn.referral_count == 1)
+	{
+	  if(!remove_msdfs_link(&jn))
+	    return WERR_DFS_NO_SUCH_VOL;
+	}
+      else
+	{
+	  if(!create_msdfs_link(&jn, True))
+	    return WERR_DFS_CANT_CREATE_JUNCT;
+	}
+    }
+
+  return WERR_OK;
+}
+
+static BOOL init_reply_dfs_info_1(struct junction_map* j, DFS_INFO_1* dfs1, int num_j)
+{
+  int i=0;
+  for(i=0;i<num_j;i++) 
+    {
+      pstring str;
+      dfs1[i].ptr_entrypath = 1;
+      slprintf(str, sizeof(pstring)-1, "\\\\%s\\%s\\%s", global_myname, 
+	       j[i].service_name, j[i].volume_name);
+      DEBUG(5,("init_reply_dfs_info_1: %d) initing entrypath: %s\n",i,str));
+      init_unistr2(&dfs1[i].entrypath,str,strlen(str)+1);
+    }
+  return True;
+}
+
+static BOOL init_reply_dfs_info_2(struct junction_map* j, DFS_INFO_2* dfs2, int num_j)
+{
+  int i=0;
+  for(i=0;i<num_j;i++)
+    {
+      pstring str;
+      dfs2[i].ptr_entrypath = 1;
+      slprintf(str, sizeof(pstring)-1, "\\\\%s\\%s\\%s", global_myname,
+	       j[i].service_name, j[i].volume_name);
+      init_unistr2(&dfs2[i].entrypath, str, strlen(str)+1);
+      dfs2[i].ptr_comment = 0;
+      dfs2[i].state = 1; /* set up state of dfs junction as OK */
+      dfs2[i].num_storages = j[i].referral_count;
+    }
+  return True;
+}
+
+static BOOL init_reply_dfs_info_3(TALLOC_CTX *ctx, struct junction_map* j, DFS_INFO_3* dfs3, int num_j)
+{
+  int i=0,ii=0;
+  for(i=0;i<num_j;i++)
+    {
+      pstring str;
+      dfs3[i].ptr_entrypath = 1;
+      slprintf(str, sizeof(pstring)-1, "\\\\%s\\%s\\%s", global_myname,
+	       j[i].service_name, j[i].volume_name);
+      init_unistr2(&dfs3[i].entrypath, str, strlen(str)+1);
+      dfs3[i].ptr_comment = 1;
+      init_unistr2(&dfs3[i].comment, "", 1); 
+      dfs3[i].state = 1;
+      dfs3[i].num_storages = dfs3[i].num_storage_infos = j[i].referral_count;
+      dfs3[i].ptr_storages = 1;
+     
+      /* also enumerate the storages */
+      dfs3[i].storages = (DFS_STORAGE_INFO*) talloc(ctx, j[i].referral_count * 
+						    sizeof(DFS_STORAGE_INFO));
+      if (!dfs3[i].storages)
+        return False;
+
+      memset(dfs3[i].storages, '\0', j[i].referral_count * sizeof(DFS_STORAGE_INFO));
+
+      for(ii=0;ii<j[i].referral_count;ii++)
+	{
+	  char* p; 
+	  pstring path;
+	  DFS_STORAGE_INFO* stor = &(dfs3[i].storages[ii]);
+	  struct referral* ref = &(j[i].referral_list[ii]);
+	  
+	  pstrcpy(path, ref->alternate_path);
+	  trim_string(path,"\\","");
+	  p = strrchr_m(path,'\\');
+	  if(p==NULL)
+	    {
+	      DEBUG(4,("init_reply_dfs_info_3: invalid path: no \\ found in %s\n",path));
+	      continue;
+	    }
+	  *p = '\0';
+	  DEBUG(5,("storage %d: %s.%s\n",ii,path,p+1));
+	  stor->state = 2; /* set all storages as ONLINE */
+	  init_unistr2(&stor->servername, path, strlen(path)+1);
+	  init_unistr2(&stor->sharename,  p+1, strlen(p+1)+1);
+	  stor->ptr_servername = stor->ptr_sharename = 1;
+	}
+    }
+  return True;
+}
+
+static WERROR init_reply_dfs_ctr(TALLOC_CTX *ctx, uint32 level, 
+                                   DFS_INFO_CTR* ctr, struct junction_map* jn,
+                                   int num_jn)
+{
+  /* do the levels */
+  switch(level)
+    {
+    case 1:
+      {
+	DFS_INFO_1* dfs1;
+	dfs1 = (DFS_INFO_1*) talloc(ctx, num_jn * sizeof(DFS_INFO_1));
+	if (!dfs1)
+		return WERR_NOMEM;
+	init_reply_dfs_info_1(jn, dfs1, num_jn);
+	ctr->dfs.info1 = dfs1;
+	break;
+      }
+    case 2:
+      {
+	DFS_INFO_2* dfs2;
+	dfs2 = (DFS_INFO_2*) talloc(ctx, num_jn * sizeof(DFS_INFO_2));
+	if (!dfs2)
+		return WERR_NOMEM;
+	init_reply_dfs_info_2(jn, dfs2, num_jn);
+	ctr->dfs.info2 = dfs2;
+	break;
+      }
+    case 3:
+      {
+	DFS_INFO_3* dfs3;
+	dfs3 = (DFS_INFO_3*) talloc(ctx, num_jn * sizeof(DFS_INFO_3));
+	if (!dfs3)
+		return WERR_NOMEM;
+	init_reply_dfs_info_3(ctx, jn, dfs3, num_jn);
+	ctr->dfs.info3 = dfs3;
+	break;
+      }
+	default:
+		return WERR_INVALID_PARAM;
+    }
+  return WERR_OK;
+}
+      
+WERROR _dfs_enum(pipes_struct *p, DFS_Q_DFS_ENUM *q_u, DFS_R_DFS_ENUM *r_u)
+{
+  uint32 level = q_u->level;
+  struct junction_map jn[MAX_MSDFS_JUNCTIONS];
+  int num_jn = 0;
+
+  num_jn = enum_msdfs_links(jn);
+  
+  DEBUG(5,("make_reply_dfs_enum: %d junctions found in Dfs, doing level %d\n", num_jn, level));
+
+  r_u->ptr_buffer = level;
+  r_u->level = r_u->level2 = level;
+  r_u->ptr_num_entries = r_u->ptr_num_entries2 = 1;
+  r_u->num_entries = r_u->num_entries2 = num_jn;
+  r_u->reshnd.ptr_hnd = 1;
+  r_u->reshnd.handle = num_jn;
+  
+  r_u->ctr = (DFS_INFO_CTR*)talloc(p->mem_ctx, sizeof(DFS_INFO_CTR));
+  if (!r_u->ctr)
+    return WERR_NOMEM;
+  ZERO_STRUCTP(r_u->ctr);
+  r_u->ctr->switch_value = level;
+  r_u->ctr->num_entries = num_jn;
+  r_u->ctr->ptr_dfs_ctr = 1;
+  
+  r_u->status = init_reply_dfs_ctr(p->mem_ctx, level, r_u->ctr, jn, num_jn);
+
+  return r_u->status;
+}
+      
+WERROR _dfs_get_info(pipes_struct *p, DFS_Q_DFS_GET_INFO *q_u, 
+                     DFS_R_DFS_GET_INFO *r_u)
+{
+  UNISTR2* uni_path = &q_u->uni_path;
+  uint32 level = q_u->level;
+  pstring path;
+  struct junction_map jn;
+
+  unistr2_to_ascii(path, uni_path, sizeof(path)-1);
+  if(!create_junction(path, &jn))
+     return WERR_DFS_NO_SUCH_SERVER;
+  
+  if(!get_referred_path(&jn))
+    return WERR_DFS_NO_SUCH_VOL;
+
+  r_u->level = level;
+  r_u->ptr_ctr = 1;
+  r_u->status = init_reply_dfs_ctr(p->mem_ctx, level, &r_u->ctr, &jn, 1);
+  
+  return r_u->status;
+}
diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c
new file mode 100644
index 0000000000..fcd4be0212
--- /dev/null
+++ b/source3/rpc_server/srv_lsa.c
@@ -0,0 +1,641 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell              1992-1997,
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
+ *  Copyright (C) Paul Ashton                       1997.
+ *  Copyright (C) Jeremy Allison                    2001.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+/* This is the interface to the lsa server code. */
+
+#include "includes.h"
+
+/***************************************************************************
+ api_lsa_open_policy2
+ ***************************************************************************/
+
+static BOOL api_lsa_open_policy2(pipes_struct *p)
+{
+	LSA_Q_OPEN_POL2 q_u;
+	LSA_R_OPEN_POL2 r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* grab the server, object attributes and desired access flag...*/
+	if(!lsa_io_q_open_pol2("", &q_u, data, 0)) {
+		DEBUG(0,("api_lsa_open_policy2: unable to unmarshall LSA_Q_OPEN_POL2.\n"));
+		return False;
+	}
+
+	r_u.status = _lsa_open_policy2(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!lsa_io_r_open_pol2("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_lsa_open_policy2: unable to marshall LSA_R_OPEN_POL2.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/***************************************************************************
+api_lsa_open_policy
+ ***************************************************************************/
+
+static BOOL api_lsa_open_policy(pipes_struct *p)
+{
+	LSA_Q_OPEN_POL q_u;
+	LSA_R_OPEN_POL r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* grab the server, object attributes and desired access flag...*/
+	if(!lsa_io_q_open_pol("", &q_u, data, 0)) {
+		DEBUG(0,("api_lsa_open_policy: unable to unmarshall LSA_Q_OPEN_POL.\n"));
+		return False;
+	}
+
+	r_u.status = _lsa_open_policy(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!lsa_io_r_open_pol("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_lsa_open_policy: unable to marshall LSA_R_OPEN_POL.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/***************************************************************************
+ api_lsa_enum_trust_dom
+ ***************************************************************************/
+
+static BOOL api_lsa_enum_trust_dom(pipes_struct *p)
+{
+	LSA_Q_ENUM_TRUST_DOM q_u;
+	LSA_R_ENUM_TRUST_DOM r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* grab the enum trust domain context etc. */
+	if(!lsa_io_q_enum_trust_dom("", &q_u, data, 0))
+		return False;
+
+	r_u.status = _lsa_enum_trust_dom(p, &q_u, &r_u);
+
+	if(!lsa_io_r_enum_trust_dom("", &r_u, rdata, 0))
+		return False;
+
+	return True;
+}
+
+/***************************************************************************
+ api_lsa_query_info
+ ***************************************************************************/
+
+static BOOL api_lsa_query_info(pipes_struct *p)
+{
+	LSA_Q_QUERY_INFO q_u;
+	LSA_R_QUERY_INFO r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* grab the info class and policy handle */
+	if(!lsa_io_q_query("", &q_u, data, 0)) {
+		DEBUG(0,("api_lsa_query_info: failed to unmarshall LSA_Q_QUERY_INFO.\n"));
+		return False;
+	}
+
+	r_u.status = _lsa_query_info(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!lsa_io_r_query("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_lsa_query_info: failed to marshall LSA_R_QUERY_INFO.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/***************************************************************************
+ api_lsa_lookup_sids
+ ***************************************************************************/
+
+static BOOL api_lsa_lookup_sids(pipes_struct *p)
+{
+	LSA_Q_LOOKUP_SIDS q_u;
+	LSA_R_LOOKUP_SIDS r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* grab the info class and policy handle */
+	if(!lsa_io_q_lookup_sids("", &q_u, data, 0)) {
+		DEBUG(0,("api_lsa_lookup_sids: failed to unmarshall LSA_Q_LOOKUP_SIDS.\n"));
+		return False;
+	}
+
+	r_u.status = _lsa_lookup_sids(p, &q_u, &r_u);
+
+	if(!lsa_io_r_lookup_sids("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_lsa_lookup_sids: Failed to marshall LSA_R_LOOKUP_SIDS.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/***************************************************************************
+ api_lsa_lookup_names
+ ***************************************************************************/
+
+static BOOL api_lsa_lookup_names(pipes_struct *p)
+{
+	LSA_Q_LOOKUP_NAMES q_u;
+	LSA_R_LOOKUP_NAMES r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* grab the info class and policy handle */
+	if(!lsa_io_q_lookup_names("", &q_u, data, 0)) {
+		DEBUG(0,("api_lsa_lookup_names: failed to unmarshall LSA_Q_LOOKUP_NAMES.\n"));
+		return False;
+	}
+
+	r_u.status = _lsa_lookup_names(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!lsa_io_r_lookup_names("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_lsa_lookup_names: Failed to marshall LSA_R_LOOKUP_NAMES.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/***************************************************************************
+ api_lsa_close.
+ ***************************************************************************/
+
+static BOOL api_lsa_close(pipes_struct *p)
+{
+	LSA_Q_CLOSE q_u;
+	LSA_R_CLOSE r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if (!lsa_io_q_close("", &q_u, data, 0)) {
+		DEBUG(0,("api_lsa_close: lsa_io_q_close failed.\n"));
+		return False;
+	}
+
+	r_u.status = _lsa_close(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if (!lsa_io_r_close("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_lsa_close: lsa_io_r_close failed.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/***************************************************************************
+ api_lsa_open_secret.
+ ***************************************************************************/
+
+static BOOL api_lsa_open_secret(pipes_struct *p)
+{
+	LSA_Q_OPEN_SECRET q_u;
+	LSA_R_OPEN_SECRET r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!lsa_io_q_open_secret("", &q_u, data, 0)) {
+		DEBUG(0,("api_lsa_open_secret: failed to unmarshall LSA_Q_OPEN_SECRET.\n"));
+		return False;
+	}
+
+	r_u.status = _lsa_open_secret(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!lsa_io_r_open_secret("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_lsa_open_secret: Failed to marshall LSA_R_OPEN_SECRET.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/***************************************************************************
+ api_lsa_open_secret.
+ ***************************************************************************/
+
+static BOOL api_lsa_enum_privs(pipes_struct *p)
+{
+	LSA_Q_ENUM_PRIVS q_u;
+	LSA_R_ENUM_PRIVS r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!lsa_io_q_enum_privs("", &q_u, data, 0)) {
+		DEBUG(0,("api_lsa_enum_privs: failed to unmarshall LSA_Q_ENUM_PRIVS.\n"));
+		return False;
+	}
+
+	r_u.status = _lsa_enum_privs(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!lsa_io_r_enum_privs("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_lsa_enum_privs: Failed to marshall LSA_R_ENUM_PRIVS.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/***************************************************************************
+ api_lsa_open_secret.
+ ***************************************************************************/
+
+static BOOL api_lsa_priv_get_dispname(pipes_struct *p)
+{
+	LSA_Q_PRIV_GET_DISPNAME q_u;
+	LSA_R_PRIV_GET_DISPNAME r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!lsa_io_q_priv_get_dispname("", &q_u, data, 0)) {
+		DEBUG(0,("api_lsa_priv_get_dispname: failed to unmarshall LSA_Q_PRIV_GET_DISPNAME.\n"));
+		return False;
+	}
+
+	r_u.status = _lsa_priv_get_dispname(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!lsa_io_r_priv_get_dispname("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_lsa_priv_get_dispname: Failed to marshall LSA_R_PRIV_GET_DISPNAME.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/***************************************************************************
+ api_lsa_open_secret.
+ ***************************************************************************/
+
+static BOOL api_lsa_enum_accounts(pipes_struct *p)
+{
+	LSA_Q_ENUM_ACCOUNTS q_u;
+	LSA_R_ENUM_ACCOUNTS r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!lsa_io_q_enum_accounts("", &q_u, data, 0)) {
+		DEBUG(0,("api_lsa_enum_accounts: failed to unmarshall LSA_Q_ENUM_ACCOUNTS.\n"));
+		return False;
+	}
+
+	r_u.status = _lsa_enum_accounts(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!lsa_io_r_enum_accounts("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_lsa_enum_accounts: Failed to marshall LSA_R_ENUM_ACCOUNTS.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/***************************************************************************
+ api_lsa_UNK_GET_CONNUSER
+ ***************************************************************************/
+
+static BOOL api_lsa_unk_get_connuser(pipes_struct *p)
+{
+	LSA_Q_UNK_GET_CONNUSER q_u;
+	LSA_R_UNK_GET_CONNUSER r_u;
+	
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!lsa_io_q_unk_get_connuser("", &q_u, data, 0)) {
+		DEBUG(0,("api_lsa_unk_get_connuser: failed to unmarshall LSA_Q_UNK_GET_CONNUSER.\n"));
+		return False;
+	}
+
+	r_u.status = _lsa_unk_get_connuser(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!lsa_io_r_unk_get_connuser("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_lsa_unk_get_connuser: Failed to marshall LSA_R_UNK_GET_CONNUSER.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/***************************************************************************
+ api_lsa_open_user
+ ***************************************************************************/
+
+static BOOL api_lsa_open_account(pipes_struct *p)
+{
+	LSA_Q_OPENACCOUNT q_u;
+	LSA_R_OPENACCOUNT r_u;
+	
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!lsa_io_q_open_account("", &q_u, data, 0)) {
+		DEBUG(0,("api_lsa_open_account: failed to unmarshall LSA_Q_OPENACCOUNT.\n"));
+		return False;
+	}
+
+	r_u.status = _lsa_open_account(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!lsa_io_r_open_account("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_lsa_open_account: Failed to marshall LSA_R_OPENACCOUNT.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/***************************************************************************
+ api_lsa_get_privs
+ ***************************************************************************/
+
+static BOOL api_lsa_enum_privsaccount(pipes_struct *p)
+{
+	LSA_Q_ENUMPRIVSACCOUNT q_u;
+	LSA_R_ENUMPRIVSACCOUNT r_u;
+	
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!lsa_io_q_enum_privsaccount("", &q_u, data, 0)) {
+		DEBUG(0,("api_lsa_enum_privsaccount: failed to unmarshall LSA_Q_ENUMPRIVSACCOUNT.\n"));
+		return False;
+	}
+
+	r_u.status = _lsa_enum_privsaccount(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!lsa_io_r_enum_privsaccount("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_lsa_enum_privsaccount: Failed to marshall LSA_R_ENUMPRIVSACCOUNT.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/***************************************************************************
+ api_lsa_getsystemaccount
+ ***************************************************************************/
+
+static BOOL api_lsa_getsystemaccount(pipes_struct *p)
+{
+	LSA_Q_GETSYSTEMACCOUNT q_u;
+	LSA_R_GETSYSTEMACCOUNT r_u;
+	
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!lsa_io_q_getsystemaccount("", &q_u, data, 0)) {
+		DEBUG(0,("api_lsa_getsystemaccount: failed to unmarshall LSA_Q_GETSYSTEMACCOUNT.\n"));
+		return False;
+	}
+
+	r_u.status = _lsa_getsystemaccount(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!lsa_io_r_getsystemaccount("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_lsa_getsystemaccount: Failed to marshall LSA_R_GETSYSTEMACCOUNT.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+
+/***************************************************************************
+ api_lsa_setsystemaccount
+ ***************************************************************************/
+
+static BOOL api_lsa_setsystemaccount(pipes_struct *p)
+{
+	LSA_Q_SETSYSTEMACCOUNT q_u;
+	LSA_R_SETSYSTEMACCOUNT r_u;
+	
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!lsa_io_q_setsystemaccount("", &q_u, data, 0)) {
+		DEBUG(0,("api_lsa_setsystemaccount: failed to unmarshall LSA_Q_SETSYSTEMACCOUNT.\n"));
+		return False;
+	}
+
+	r_u.status = _lsa_setsystemaccount(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!lsa_io_r_setsystemaccount("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_lsa_setsystemaccount: Failed to marshall LSA_R_SETSYSTEMACCOUNT.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/***************************************************************************
+ api_lsa_addprivs
+ ***************************************************************************/
+
+static BOOL api_lsa_addprivs(pipes_struct *p)
+{
+	LSA_Q_ADDPRIVS q_u;
+	LSA_R_ADDPRIVS r_u;
+	
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!lsa_io_q_addprivs("", &q_u, data, 0)) {
+		DEBUG(0,("api_lsa_addprivs: failed to unmarshall LSA_Q_ADDPRIVS.\n"));
+		return False;
+	}
+
+	r_u.status = _lsa_addprivs(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!lsa_io_r_addprivs("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_lsa_addprivs: Failed to marshall LSA_R_ADDPRIVS.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/***************************************************************************
+ api_lsa_removeprivs
+ ***************************************************************************/
+
+static BOOL api_lsa_removeprivs(pipes_struct *p)
+{
+	LSA_Q_REMOVEPRIVS q_u;
+	LSA_R_REMOVEPRIVS r_u;
+	
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!lsa_io_q_removeprivs("", &q_u, data, 0)) {
+		DEBUG(0,("api_lsa_removeprivs: failed to unmarshall LSA_Q_REMOVEPRIVS.\n"));
+		return False;
+	}
+
+	r_u.status = _lsa_removeprivs(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!lsa_io_r_removeprivs("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_lsa_removeprivs: Failed to marshall LSA_R_REMOVEPRIVS.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/***************************************************************************
+ api_lsa_query_secobj
+ ***************************************************************************/
+
+static BOOL api_lsa_query_secobj(pipes_struct *p)
+{
+	LSA_Q_QUERY_SEC_OBJ q_u;
+	LSA_R_QUERY_SEC_OBJ r_u;
+	
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!lsa_io_q_query_sec_obj("", &q_u, data, 0)) {
+		DEBUG(0,("api_lsa_query_secobj: failed to unmarshall LSA_Q_QUERY_SEC_OBJ.\n"));
+		return False;
+	}
+
+	r_u.status = _lsa_query_secobj(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!lsa_io_r_query_sec_obj("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_lsa_query_secobj: Failed to marshall LSA_R_QUERY_SEC_OBJ.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/***************************************************************************
+ \PIPE\ntlsa commands
+ ***************************************************************************/
+
+static struct api_struct api_lsa_cmds[] =
+{
+	{ "LSA_OPENPOLICY2"     , LSA_OPENPOLICY2     , api_lsa_open_policy2     },
+	{ "LSA_OPENPOLICY"      , LSA_OPENPOLICY      , api_lsa_open_policy      },
+	{ "LSA_QUERYINFOPOLICY" , LSA_QUERYINFOPOLICY , api_lsa_query_info       },
+	{ "LSA_ENUMTRUSTDOM"    , LSA_ENUMTRUSTDOM    , api_lsa_enum_trust_dom   },
+	{ "LSA_CLOSE"           , LSA_CLOSE           , api_lsa_close            },
+	{ "LSA_OPENSECRET"      , LSA_OPENSECRET      , api_lsa_open_secret      },
+	{ "LSA_LOOKUPSIDS"      , LSA_LOOKUPSIDS      , api_lsa_lookup_sids      },
+	{ "LSA_LOOKUPNAMES"     , LSA_LOOKUPNAMES     , api_lsa_lookup_names     },
+	{ "LSA_ENUM_PRIVS"      , LSA_ENUM_PRIVS      , api_lsa_enum_privs       },
+	{ "LSA_PRIV_GET_DISPNAME",LSA_PRIV_GET_DISPNAME,api_lsa_priv_get_dispname},
+	{ "LSA_ENUM_ACCOUNTS"   , LSA_ENUM_ACCOUNTS   , api_lsa_enum_accounts    },
+	{ "LSA_UNK_GET_CONNUSER", LSA_UNK_GET_CONNUSER, api_lsa_unk_get_connuser },
+	{ "LSA_OPENACCOUNT"     , LSA_OPENACCOUNT     , api_lsa_open_account     },
+	{ "LSA_ENUMPRIVSACCOUNT", LSA_ENUMPRIVSACCOUNT, api_lsa_enum_privsaccount},
+	{ "LSA_GETSYSTEMACCOUNT", LSA_GETSYSTEMACCOUNT, api_lsa_getsystemaccount },
+	{ "LSA_SETSYSTEMACCOUNT", LSA_SETSYSTEMACCOUNT, api_lsa_setsystemaccount },
+	{ "LSA_ADDPRIVS"        , LSA_ADDPRIVS        , api_lsa_addprivs         },
+	{ "LSA_REMOVEPRIVS"     , LSA_REMOVEPRIVS     , api_lsa_removeprivs      },
+	{ "LSA_QUERYSECOBJ"     , LSA_QUERYSECOBJ     , api_lsa_query_secobj     },
+	{ NULL                  , 0                   , NULL                     }
+};
+
+/***************************************************************************
+ api_ntLsarpcTNP
+ ***************************************************************************/
+BOOL api_ntlsa_rpc(pipes_struct *p)
+{
+	return api_rpcTNP(p, "api_ntlsa_rpc", api_lsa_cmds);
+}
diff --git a/source3/rpc_server/srv_lsa_hnd.c b/source3/rpc_server/srv_lsa_hnd.c
new file mode 100644
index 0000000000..84c3c5a959
--- /dev/null
+++ b/source3/rpc_server/srv_lsa_hnd.c
@@ -0,0 +1,234 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell              1992-1997,
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
+ *  Copyright (C) Jeremy Allison			   2001.
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+/* This is the max handles across all instances of a pipe name. */
+#ifndef MAX_OPEN_POLS
+#define MAX_OPEN_POLS 1024
+#endif
+
+/****************************************************************************
+ Hack as handles need to be persisant over lsa pipe closes so long as a samr
+ pipe is open. JRA.
+****************************************************************************/
+
+static BOOL is_samr_lsa_pipe(const char *pipe_name)
+{
+	return (strstr(pipe_name, "samr") || strstr(pipe_name, "lsa"));
+}
+
+/****************************************************************************
+ Initialise a policy handle list on a pipe. Handle list is shared between all
+ pipes of the same name.
+****************************************************************************/
+
+BOOL init_pipe_handle_list(pipes_struct *p, char *pipe_name)
+{
+	pipes_struct *plist = get_first_internal_pipe();
+	struct handle_list *hl = NULL;
+
+	for (plist = get_first_internal_pipe(); plist; plist = get_next_internal_pipe(plist)) {
+		if (strequal( plist->name, pipe_name) ||
+				(is_samr_lsa_pipe(plist->name) && is_samr_lsa_pipe(pipe_name))) {
+			if (!plist->pipe_handles) {
+				pstring msg;
+				slprintf(msg, sizeof(msg)-1, "init_pipe_handles: NULL pipe_handle pointer in pipe %s",
+						pipe_name );
+				smb_panic(msg);
+			}
+			hl = plist->pipe_handles;
+			break;
+		}
+	}
+
+	if (!hl) {
+		/*
+		 * No handle list for this pipe (first open of pipe).
+		 * Create list.
+		 */
+
+		if ((hl = (struct handle_list *)malloc(sizeof(struct handle_list))) == NULL)
+			return False;
+		ZERO_STRUCTP(hl);
+
+		DEBUG(10,("init_pipe_handles: created handle list for pipe %s\n", pipe_name ));
+	}
+
+	/*
+	 * One more pipe is using this list.
+	 */
+
+	hl->pipe_ref_count++;
+
+	/*
+	 * Point this pipe at this list.
+	 */
+
+	p->pipe_handles = hl;
+
+	DEBUG(10,("init_pipe_handles: pipe_handles ref count = %u for pipe %s\n",
+			p->pipe_handles->pipe_ref_count, pipe_name ));
+
+	return True;
+}
+
+/****************************************************************************
+  find first available policy slot.  creates a policy handle for you.
+****************************************************************************/
+
+BOOL create_policy_hnd(pipes_struct *p, POLICY_HND *hnd, void (*free_fn)(void *), void *data_ptr)
+{
+	static uint32 pol_hnd_low  = 0;
+	static uint32 pol_hnd_high = 0;
+
+	struct policy *pol;
+
+	if (p->pipe_handles->count > MAX_OPEN_POLS) {
+		DEBUG(0,("create_policy_hnd: ERROR: too many handles (%d) on this pipe.\n",
+				(int)p->pipe_handles->count));
+		return False;
+	}
+
+	pol = (struct policy *)malloc(sizeof(*p));
+	if (!pol) {
+		DEBUG(0,("create_policy_hnd: ERROR: out of memory!\n"));
+		return False;
+	}
+
+	ZERO_STRUCTP(pol);
+
+	pol->data_ptr = data_ptr;
+	pol->free_fn = free_fn;
+
+	pol_hnd_low++;
+	if (pol_hnd_low == 0)
+		(pol_hnd_high)++;
+
+	SIVAL(&pol->pol_hnd.data1, 0 , 0);  /* first bit must be null */
+	SIVAL(&pol->pol_hnd.data2, 0 , pol_hnd_low ); /* second bit is incrementing */
+	SSVAL(&pol->pol_hnd.data3, 0 , pol_hnd_high); /* second bit is incrementing */
+	SSVAL(&pol->pol_hnd.data4, 0 , (pol_hnd_high>>16)); /* second bit is incrementing */
+	SIVAL(pol->pol_hnd.data5, 0, time(NULL)); /* something random */
+	SIVAL(pol->pol_hnd.data5, 4, sys_getpid()); /* something more random */
+
+	DLIST_ADD(p->pipe_handles->Policy, pol);
+	p->pipe_handles->count++;
+
+	*hnd = pol->pol_hnd;
+	
+	DEBUG(4,("Opened policy hnd[%d] ", (int)p->pipe_handles->count));
+	dump_data(4, (char *)hnd, sizeof(*hnd));
+
+	return True;
+}
+
+/****************************************************************************
+  find policy by handle - internal version.
+****************************************************************************/
+
+static struct policy *find_policy_by_hnd_internal(pipes_struct *p, POLICY_HND *hnd, void **data_p)
+{
+	struct policy *pol;
+	size_t i;
+
+	if (data_p)
+		*data_p = NULL;
+
+	for (i = 0, pol=p->pipe_handles->Policy;pol;pol=pol->next, i++) {
+		if (memcmp(&pol->pol_hnd, hnd, sizeof(*hnd)) == 0) {
+			DEBUG(4,("Found policy hnd[%d] ", (int)i));
+			dump_data(4, (char *)hnd, sizeof(*hnd));
+			if (data_p)
+				*data_p = pol->data_ptr;
+			return pol;
+		}
+	}
+
+	DEBUG(4,("Policy not found: "));
+	dump_data(4, (char *)hnd, sizeof(*hnd));
+
+	p->bad_handle_fault_state = True;
+
+	return NULL;
+}
+
+/****************************************************************************
+  find policy by handle
+****************************************************************************/
+
+BOOL find_policy_by_hnd(pipes_struct *p, POLICY_HND *hnd, void **data_p)
+{
+	return find_policy_by_hnd_internal(p, hnd, data_p) == NULL ? False : True;
+}
+
+/****************************************************************************
+  Close a policy.
+****************************************************************************/
+
+BOOL close_policy_hnd(pipes_struct *p, POLICY_HND *hnd)
+{
+	struct policy *pol = find_policy_by_hnd_internal(p, hnd, NULL);
+
+	if (!pol) {
+		DEBUG(3,("Error closing policy\n"));
+		return False;
+	}
+
+	DEBUG(3,("Closed policy\n"));
+
+	if (pol->free_fn && pol->data_ptr)
+		(*pol->free_fn)(pol->data_ptr);
+
+	p->pipe_handles->count--;
+
+	DLIST_REMOVE(p->pipe_handles->Policy, pol);
+
+	ZERO_STRUCTP(pol);
+
+	SAFE_FREE(pol);
+
+	return True;
+}
+
+/****************************************************************************
+ Close a pipe - free the handle list if it was the last pipe reference.
+****************************************************************************/
+
+void close_policy_by_pipe(pipes_struct *p)
+{
+	p->pipe_handles->pipe_ref_count--;
+
+	if (p->pipe_handles->pipe_ref_count == 0) {
+		/*
+		 * Last pipe open on this list - free the list.
+		 */
+		while (p->pipe_handles->Policy)
+			close_policy_hnd(p, &p->pipe_handles->Policy->pol_hnd);
+
+		p->pipe_handles->Policy = NULL;
+		p->pipe_handles->count = 0;
+
+		SAFE_FREE(p->pipe_handles);
+		DEBUG(10,("close_policy_by_pipe: deleted handle list for pipe %s\n", p->name ));
+	}
+}
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
new file mode 100644
index 0000000000..84ab44bc30
--- /dev/null
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -0,0 +1,1148 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell              1992-1997,
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
+ *  Copyright (C) Paul Ashton                       1997.
+ *  Copyright (C) Jeremy Allison                    2001.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+/* This is the implementation of the lsa server code. */
+
+#include "includes.h"
+
+extern DOM_SID global_sam_sid;
+extern fstring global_myworkgroup;
+extern pstring global_myname;
+extern PRIVS privs[];
+
+struct lsa_info {
+    DOM_SID sid;
+    uint32 access;
+};
+
+struct generic_mapping lsa_generic_mapping = {
+	POLICY_READ,
+	POLICY_WRITE,
+	POLICY_EXECUTE,
+	POLICY_ALL_ACCESS
+};
+
+/*******************************************************************
+ Function to free the per handle data.
+ ********************************************************************/
+
+static void free_lsa_info(void *ptr)
+{
+	struct lsa_info *lsa = (struct lsa_info *)ptr;
+
+	SAFE_FREE(lsa);
+}
+
+/***************************************************************************
+Init dom_query
+ ***************************************************************************/
+
+static void init_dom_query(DOM_QUERY *d_q, char *dom_name, DOM_SID *dom_sid)
+{
+	int domlen = (dom_name != NULL) ? strlen(dom_name) : 0;
+
+	/*
+	 * I'm not sure why this really odd combination of length
+	 * values works, but it does appear to. I need to look at
+	 * this *much* more closely - but at the moment leave alone
+	 * until it's understood. This allows a W2k client to join
+	 * a domain with both odd and even length names... JRA.
+	 */
+
+	d_q->uni_dom_str_len = domlen ? ((domlen + 1) * 2) : 0;
+	d_q->uni_dom_max_len = domlen * 2;
+	d_q->buffer_dom_name = domlen != 0 ? 1 : 0; /* domain buffer pointer */
+	d_q->buffer_dom_sid = dom_sid != NULL ? 1 : 0;  /* domain sid pointer */
+
+	/* this string is supposed to be character short */
+	init_unistr2(&d_q->uni_domain_name, dom_name, domlen);
+	d_q->uni_domain_name.uni_max_len++;
+
+	if (dom_sid != NULL)
+		init_dom_sid2(&d_q->dom_sid, dom_sid);
+}
+
+/***************************************************************************
+ init_dom_ref - adds a domain if it's not already in, returns the index.
+***************************************************************************/
+
+static int init_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid)
+{
+	int num = 0;
+	int len;
+
+	if (dom_name != NULL) {
+		for (num = 0; num < ref->num_ref_doms_1; num++) {
+			fstring domname;
+			rpcstr_pull(domname, &ref->ref_dom[num].uni_dom_name, sizeof(domname), -1, 0);
+			if (strequal(domname, dom_name))
+				return num;
+		}
+	} else {
+		num = ref->num_ref_doms_1;
+	}
+
+	if (num >= MAX_REF_DOMAINS) {
+		/* index not found, already at maximum domain limit */
+		return -1;
+	}
+
+	ref->num_ref_doms_1 = num+1;
+	ref->ptr_ref_dom  = 1;
+	ref->max_entries = MAX_REF_DOMAINS;
+	ref->num_ref_doms_2 = num+1;
+
+	len = (dom_name != NULL) ? strlen(dom_name) : 0;
+	if(dom_name != NULL && len == 0)
+		len = 1;
+
+	init_uni_hdr(&ref->hdr_ref_dom[num].hdr_dom_name, len);
+	ref->hdr_ref_dom[num].ptr_dom_sid = dom_sid != NULL ? 1 : 0;
+
+	init_unistr2(&ref->ref_dom[num].uni_dom_name, dom_name, len);
+	init_dom_sid2(&ref->ref_dom[num].ref_dom, dom_sid );
+
+	return num;
+}
+
+/***************************************************************************
+ init_lsa_rid2s
+ ***************************************************************************/
+
+static void init_lsa_rid2s(DOM_R_REF *ref, DOM_RID2 *rid2,
+				int num_entries, UNISTR2 *name,
+				uint32 *mapped_count, BOOL endian)
+{
+	int i;
+	int total = 0;
+	*mapped_count = 0;
+
+	SMB_ASSERT(num_entries <= MAX_LOOKUP_SIDS);
+
+	become_root(); /* lookup_name can require root privs */
+
+	for (i = 0; i < num_entries; i++) {
+		BOOL status = False;
+		DOM_SID sid;
+		uint32 rid = 0xffffffff;
+		int dom_idx = -1;
+		pstring full_name;
+		fstring dom_name, user;
+		enum SID_NAME_USE name_type = SID_NAME_UNKNOWN;
+
+		/* Split name into domain and user component */
+
+		unistr2_to_ascii(full_name, &name[i], sizeof(full_name));
+		split_domain_name(full_name, dom_name, user);
+
+		/* Lookup name */
+
+		DEBUG(5, ("init_lsa_rid2s: looking up name %s\n", full_name));
+
+		status = lookup_name(dom_name, user, &sid, &name_type);
+
+		DEBUG(5, ("init_lsa_rid2s: %s\n", status ? "found" : 
+			  "not found"));
+
+		if (status) {
+			sid_split_rid(&sid, &rid);
+			dom_idx = init_dom_ref(ref, dom_name, &sid);
+			(*mapped_count)++;
+		} else {
+			dom_idx = -1;
+			rid = 0xffffffff;
+			name_type = SID_NAME_UNKNOWN;
+		}
+
+		init_dom_rid2(&rid2[total], rid, name_type, dom_idx);
+		total++;
+	}
+
+	unbecome_root();
+}
+
+/***************************************************************************
+ init_reply_lookup_names
+ ***************************************************************************/
+
+static void init_reply_lookup_names(LSA_R_LOOKUP_NAMES *r_l,
+                DOM_R_REF *ref, uint32 num_entries,
+                DOM_RID2 *rid2, uint32 mapped_count)
+{
+	r_l->ptr_dom_ref  = 1;
+	r_l->dom_ref      = ref;
+
+	r_l->num_entries  = num_entries;
+	r_l->ptr_entries  = 1;
+	r_l->num_entries2 = num_entries;
+	r_l->dom_rid      = rid2;
+
+	r_l->mapped_count = mapped_count;
+
+	if (mapped_count == 0)
+		r_l->status = NT_STATUS_NONE_MAPPED;
+	else
+		r_l->status = NT_STATUS_OK;
+}
+
+/***************************************************************************
+ Init lsa_trans_names.
+ ***************************************************************************/
+
+static void init_lsa_trans_names(TALLOC_CTX *ctx, DOM_R_REF *ref, LSA_TRANS_NAME_ENUM *trn,
+				 int num_entries, DOM_SID2 *sid,
+				 uint32 *mapped_count)
+{
+	int i;
+	int total = 0;
+	*mapped_count = 0;
+
+	/* Allocate memory for list of names */
+
+	if (num_entries > 0) {
+		if (!(trn->name = (LSA_TRANS_NAME *)talloc(ctx, sizeof(LSA_TRANS_NAME) *
+							  num_entries))) {
+			DEBUG(0, ("init_lsa_trans_names(): out of memory\n"));
+			return;
+		}
+
+		if (!(trn->uni_name = (UNISTR2 *)talloc(ctx, sizeof(UNISTR2) * 
+							num_entries))) {
+			DEBUG(0, ("init_lsa_trans_names(): out of memory\n"));
+			return;
+		}
+	}
+
+	become_root(); /* Need root to get to passdb to for local sids */
+
+	for (i = 0; i < num_entries; i++) {
+		BOOL status = False;
+		DOM_SID find_sid = sid[i].sid;
+		uint32 rid = 0xffffffff;
+		int dom_idx = -1;
+		fstring name, dom_name;
+		enum SID_NAME_USE sid_name_use = (enum SID_NAME_USE)0;
+
+		sid_to_string(name, &find_sid);
+		DEBUG(5, ("init_lsa_trans_names: looking up sid %s\n", name));
+
+		/* Lookup sid from winbindd */
+
+		memset(dom_name, '\0', sizeof(dom_name));
+		memset(name, '\0', sizeof(name));
+
+		status = lookup_sid(&find_sid, dom_name, name, &sid_name_use);
+
+		DEBUG(5, ("init_lsa_trans_names: %s\n", status ? "found" : 
+			  "not found"));
+
+		if (!status) {
+			sid_name_use = SID_NAME_UNKNOWN;
+		}
+
+		/* Store domain sid in ref array */
+
+		if (find_sid.num_auths == 5) {
+			sid_split_rid(&find_sid, &rid);
+		}
+
+		dom_idx = init_dom_ref(ref, dom_name, &find_sid);
+
+		DEBUG(10,("init_lsa_trans_names: added user '%s\\%s' to "
+			  "referenced list.\n", dom_name, name ));
+
+		(*mapped_count)++;
+
+		init_lsa_trans_name(&trn->name[total], &trn->uni_name[total],
+					sid_name_use, name, dom_idx);
+		total++;
+	}
+
+	unbecome_root();
+
+	trn->num_entries = total;
+	trn->ptr_trans_names = 1;
+	trn->num_entries2 = total;
+}
+
+/***************************************************************************
+ Init_reply_lookup_sids.
+ ***************************************************************************/
+
+static void init_reply_lookup_sids(LSA_R_LOOKUP_SIDS *r_l,
+                DOM_R_REF *ref, LSA_TRANS_NAME_ENUM *names,
+                uint32 mapped_count)
+{
+	r_l->ptr_dom_ref  = 1;
+	r_l->dom_ref      = ref;
+	r_l->names        = names;
+	r_l->mapped_count = mapped_count;
+
+	if (mapped_count == 0)
+		r_l->status = NT_STATUS_NONE_MAPPED;
+	else
+		r_l->status = NT_STATUS_OK;
+}
+
+static NTSTATUS lsa_get_generic_sd(TALLOC_CTX *mem_ctx, SEC_DESC **sd, size_t *sd_size)
+{
+	extern DOM_SID global_sid_World;
+	extern DOM_SID global_sid_Builtin;
+	DOM_SID local_adm_sid;
+	DOM_SID adm_sid;
+
+	SEC_ACE ace[3];
+	SEC_ACCESS mask;
+
+	SEC_ACL *psa = NULL;
+
+	init_sec_access(&mask, POLICY_EXECUTE);
+	init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+
+	sid_copy(&adm_sid, &global_sam_sid);
+	sid_append_rid(&adm_sid, DOMAIN_GROUP_RID_ADMINS);
+	init_sec_access(&mask, POLICY_ALL_ACCESS);
+	init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+
+	sid_copy(&local_adm_sid, &global_sid_Builtin);
+	sid_append_rid(&local_adm_sid, BUILTIN_ALIAS_RID_ADMINS);
+	init_sec_access(&mask, POLICY_ALL_ACCESS);
+	init_sec_ace(&ace[2], &local_adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+
+	if((psa = make_sec_acl(mem_ctx, NT4_ACL_REVISION, 3, ace)) == NULL)
+		return NT_STATUS_NO_MEMORY;
+
+	if((*sd = make_sec_desc(mem_ctx, SEC_DESC_REVISION, &adm_sid, NULL, NULL, psa, sd_size)) == NULL)
+		return NT_STATUS_NO_MEMORY;
+
+	return NT_STATUS_OK;
+}
+
+/***************************************************************************
+ _lsa_open_policy2.
+ ***************************************************************************/
+
+NTSTATUS _lsa_open_policy2(pipes_struct *p, LSA_Q_OPEN_POL2 *q_u, LSA_R_OPEN_POL2 *r_u)
+{
+	struct lsa_info *info;
+	SEC_DESC *psd = NULL;
+	size_t sd_size;
+	uint32 des_access=q_u->des_access;
+	uint32 acc_granted;
+	NTSTATUS status;
+
+
+	/* map the generic bits to the lsa policy ones */
+	se_map_generic(&des_access, &lsa_generic_mapping);
+
+	/* get the generic lsa policy SD until we store it */
+	lsa_get_generic_sd(p->mem_ctx, &psd, &sd_size);
+
+	if(!se_access_check(psd, p->pipe_user.nt_user_token, des_access, &acc_granted, &status))
+		return status;
+
+	/* associate the domain SID with the (unique) handle. */
+	if ((info = (struct lsa_info *)malloc(sizeof(struct lsa_info))) == NULL)
+		return NT_STATUS_NO_MEMORY;
+
+	ZERO_STRUCTP(info);
+	info->sid = global_sam_sid;
+	info->access = acc_granted;
+
+	/* set up the LSA QUERY INFO response */
+	if (!create_policy_hnd(p, &r_u->pol, free_lsa_info, (void *)info))
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+
+	return NT_STATUS_OK;
+}
+
+/***************************************************************************
+ _lsa_open_policy
+ ***************************************************************************/
+
+NTSTATUS _lsa_open_policy(pipes_struct *p, LSA_Q_OPEN_POL *q_u, LSA_R_OPEN_POL *r_u)
+{
+	struct lsa_info *info;
+	SEC_DESC *psd = NULL;
+	size_t sd_size;
+	uint32 des_access=q_u->des_access;
+	uint32 acc_granted;
+	NTSTATUS status;
+
+
+	/* map the generic bits to the lsa policy ones */
+	se_map_generic(&des_access, &lsa_generic_mapping);
+
+	/* get the generic lsa policy SD until we store it */
+	lsa_get_generic_sd(p->mem_ctx, &psd, &sd_size);
+
+	if(!se_access_check(psd, p->pipe_user.nt_user_token, des_access, &acc_granted, &status))
+		return status;
+
+	/* associate the domain SID with the (unique) handle. */
+	if ((info = (struct lsa_info *)malloc(sizeof(struct lsa_info))) == NULL)
+		return NT_STATUS_NO_MEMORY;
+
+	ZERO_STRUCTP(info);
+	info->sid = global_sam_sid;
+	info->access = acc_granted;
+
+	/* set up the LSA QUERY INFO response */
+	if (!create_policy_hnd(p, &r_u->pol, free_lsa_info, (void *)info))
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+
+	return NT_STATUS_OK;
+}
+
+/***************************************************************************
+ _lsa_enum_trust_dom - this needs fixing to do more than return NULL ! JRA.
+ ***************************************************************************/
+
+NTSTATUS _lsa_enum_trust_dom(pipes_struct *p, LSA_Q_ENUM_TRUST_DOM *q_u, LSA_R_ENUM_TRUST_DOM *r_u)
+{
+	struct lsa_info *info;
+	uint32 enum_context = 0;
+	char *dom_name = NULL;
+	DOM_SID *dom_sid = NULL;
+
+	if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
+		return NT_STATUS_INVALID_HANDLE;
+
+	/* check if the user have enough rights */
+	if (!(info->access & POLICY_VIEW_LOCAL_INFORMATION))
+		return NT_STATUS_ACCESS_DENIED;
+
+	/* set up the LSA QUERY INFO response */
+	init_r_enum_trust_dom(p->mem_ctx, r_u, enum_context, dom_name, dom_sid,
+	      dom_name != NULL ? NT_STATUS_OK : NT_STATUS_NO_MORE_ENTRIES);
+
+	return r_u->status;
+}
+
+/***************************************************************************
+ _lsa_query_info. See the POLICY_INFOMATION_CLASS docs at msdn.
+ ***************************************************************************/
+
+NTSTATUS _lsa_query_info(pipes_struct *p, LSA_Q_QUERY_INFO *q_u, LSA_R_QUERY_INFO *r_u)
+{
+	struct lsa_info *handle;
+	LSA_INFO_UNION *info = &r_u->dom;
+	DOM_SID domain_sid;
+	char *name = NULL;
+	DOM_SID *sid = NULL;
+
+	r_u->status = NT_STATUS_OK;
+
+	if (!find_policy_by_hnd(p, &q_u->pol, (void **)&handle))
+		return NT_STATUS_INVALID_HANDLE;
+
+	switch (q_u->info_class) {
+	case 0x02:
+		{
+		unsigned int i;
+		/* check if the user have enough rights */
+		if (!(handle->access & POLICY_VIEW_AUDIT_INFORMATION))
+			return NT_STATUS_ACCESS_DENIED;
+
+		/* fake info: We audit everything. ;) */
+		info->id2.auditing_enabled = 1;
+		info->id2.count1 = 7;
+		info->id2.count2 = 7;
+		if ((info->id2.auditsettings = (uint32 *)talloc(p->mem_ctx,7*sizeof(uint32))) == NULL)
+			return NT_STATUS_NO_MEMORY;
+		for (i = 0; i < 7; i++)
+			info->id2.auditsettings[i] = 3;
+		break;
+		}
+	case 0x03:
+		/* check if the user have enough rights */
+		if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION))
+			return NT_STATUS_ACCESS_DENIED;
+
+		/* Request PolicyPrimaryDomainInformation. */
+		switch (lp_server_role()) {
+			case ROLE_DOMAIN_PDC:
+			case ROLE_DOMAIN_BDC:
+				name = global_myworkgroup;
+				sid = &global_sam_sid;
+				break;
+			case ROLE_DOMAIN_MEMBER:
+				name = global_myworkgroup;
+				/* We need to return the Domain SID here. */
+				if (secrets_fetch_domain_sid(global_myworkgroup,
+							     &domain_sid))
+					sid = &domain_sid;
+				else
+					return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+				break;
+			case ROLE_STANDALONE:
+				name = global_myworkgroup;
+				sid = NULL;
+				break;
+			default:
+				return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+		}
+		init_dom_query(&r_u->dom.id3, name, sid);
+		break;
+	case 0x05:
+		/* check if the user have enough rights */
+		if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION))
+			return NT_STATUS_ACCESS_DENIED;
+
+		/* Request PolicyAccountDomainInformation. */
+		switch (lp_server_role()) {
+			case ROLE_DOMAIN_PDC:
+			case ROLE_DOMAIN_BDC:
+				name = global_myworkgroup;
+				sid = &global_sam_sid;
+				break;
+			case ROLE_DOMAIN_MEMBER:
+				name = global_myname;
+				sid = &global_sam_sid;
+				break;
+			case ROLE_STANDALONE:
+				name = global_myname;
+				sid = &global_sam_sid;
+				break;
+			default:
+				return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+		}
+		init_dom_query(&r_u->dom.id5, name, sid);
+		break;
+	case 0x06:
+		/* check if the user have enough rights */
+		if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION))
+			return NT_STATUS_ACCESS_DENIED;
+
+		switch (lp_server_role()) {
+			case ROLE_DOMAIN_BDC:
+				/*
+				 * only a BDC is a backup controller
+				 * of the domain, it controls.
+				 */
+				info->id6.server_role = 2;
+				break;
+			default:
+				/*
+				 * any other role is a primary
+				 * of the domain, it controls.
+				 */
+				info->id6.server_role = 3;
+				break; 
+		}
+		break;
+	default:
+		DEBUG(0,("_lsa_query_info: unknown info level in Lsa Query: %d\n", q_u->info_class));
+		r_u->status = NT_STATUS_INVALID_INFO_CLASS;
+		break;
+	}
+
+	if (NT_STATUS_IS_OK(r_u->status)) {
+		r_u->undoc_buffer = 0x22000000; /* bizarre */
+		r_u->info_class = q_u->info_class;
+	}
+
+	return r_u->status;
+}
+
+/***************************************************************************
+ _lsa_lookup_sids
+ ***************************************************************************/
+
+NTSTATUS _lsa_lookup_sids(pipes_struct *p, LSA_Q_LOOKUP_SIDS *q_u, LSA_R_LOOKUP_SIDS *r_u)
+{
+	struct lsa_info *handle;
+	DOM_SID2 *sid = q_u->sids.sid;
+	int num_entries = q_u->sids.num_entries;
+	DOM_R_REF *ref = NULL;
+	LSA_TRANS_NAME_ENUM *names = NULL;
+	uint32 mapped_count = 0;
+
+	ref = (DOM_R_REF *)talloc_zero(p->mem_ctx, sizeof(DOM_R_REF));
+	names = (LSA_TRANS_NAME_ENUM *)talloc_zero(p->mem_ctx, sizeof(LSA_TRANS_NAME_ENUM));
+
+	if (!find_policy_by_hnd(p, &q_u->pol, (void **)&handle)) {
+		r_u->status = NT_STATUS_INVALID_HANDLE;
+		goto done;
+	}
+
+	/* check if the user have enough rights */
+	if (!(handle->access & POLICY_LOOKUP_NAMES)) {
+		r_u->status = NT_STATUS_ACCESS_DENIED;
+		goto done;
+	}
+	if (!ref || !names)
+		return NT_STATUS_NO_MEMORY;
+
+done:
+
+	/* set up the LSA Lookup SIDs response */
+	init_lsa_trans_names(p->mem_ctx, ref, names, num_entries, sid, &mapped_count);
+	init_reply_lookup_sids(r_u, ref, names, mapped_count);
+
+	return r_u->status;
+}
+
+/***************************************************************************
+lsa_reply_lookup_names
+ ***************************************************************************/
+
+NTSTATUS _lsa_lookup_names(pipes_struct *p,LSA_Q_LOOKUP_NAMES *q_u, LSA_R_LOOKUP_NAMES *r_u)
+{
+	struct lsa_info *handle;
+	UNISTR2 *names = q_u->uni_name;
+	int num_entries = q_u->num_entries;
+	DOM_R_REF *ref;
+	DOM_RID2 *rids;
+	uint32 mapped_count = 0;
+
+	if (num_entries >  MAX_LOOKUP_SIDS) {
+		num_entries = MAX_LOOKUP_SIDS;
+		DEBUG(5,("_lsa_lookup_names: truncating name lookup list to %d\n", num_entries));
+	}
+		
+	ref = (DOM_R_REF *)talloc_zero(p->mem_ctx, sizeof(DOM_R_REF));
+	rids = (DOM_RID2 *)talloc_zero(p->mem_ctx, sizeof(DOM_RID2)*num_entries);
+
+	if (!find_policy_by_hnd(p, &q_u->pol, (void **)&handle)) {
+		r_u->status = NT_STATUS_INVALID_HANDLE;
+		goto done;
+	}
+
+	/* check if the user have enough rights */
+	if (!(handle->access & POLICY_LOOKUP_NAMES)) {
+		r_u->status = NT_STATUS_ACCESS_DENIED;
+		goto done;
+	}
+
+	if (!ref || !rids)
+		return NT_STATUS_NO_MEMORY;
+
+done:
+
+	/* set up the LSA Lookup RIDs response */
+	init_lsa_rid2s(ref, rids, num_entries, names, &mapped_count, p->endian);
+	init_reply_lookup_names(r_u, ref, num_entries, rids, mapped_count);
+
+	return r_u->status;
+}
+
+/***************************************************************************
+ _lsa_close. Also weird - needs to check if lsa handle is correct. JRA.
+ ***************************************************************************/
+
+NTSTATUS _lsa_close(pipes_struct *p, LSA_Q_CLOSE *q_u, LSA_R_CLOSE *r_u)
+{
+	if (!find_policy_by_hnd(p, &q_u->pol, NULL))
+		return NT_STATUS_INVALID_HANDLE;
+
+	close_policy_hnd(p, &q_u->pol);
+	return NT_STATUS_OK;
+}
+
+/***************************************************************************
+  "No more secrets Marty...." :-).
+ ***************************************************************************/
+
+NTSTATUS _lsa_open_secret(pipes_struct *p, LSA_Q_OPEN_SECRET *q_u, LSA_R_OPEN_SECRET *r_u)
+{
+	return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+}
+
+/***************************************************************************
+_lsa_enum_privs.
+ ***************************************************************************/
+
+NTSTATUS _lsa_enum_privs(pipes_struct *p, LSA_Q_ENUM_PRIVS *q_u, LSA_R_ENUM_PRIVS *r_u)
+{
+	struct lsa_info *handle;
+	uint32 i;
+
+	uint32 enum_context=q_u->enum_context;
+	LSA_PRIV_ENTRY *entry;
+	LSA_PRIV_ENTRY *entries=NULL;
+
+	if (enum_context >= PRIV_ALL_INDEX)
+		return NT_STATUS_NO_MORE_ENTRIES;
+
+	entries = (LSA_PRIV_ENTRY *)talloc_zero(p->mem_ctx, sizeof(LSA_PRIV_ENTRY) * (PRIV_ALL_INDEX));
+	if (entries==NULL)
+		return NT_STATUS_NO_MEMORY;
+
+	if (!find_policy_by_hnd(p, &q_u->pol, (void **)&handle))
+		return NT_STATUS_INVALID_HANDLE;
+
+	/* check if the user have enough rights */
+
+	/*
+	 * I don't know if it's the right one. not documented.
+	 */
+	if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION))
+		return NT_STATUS_ACCESS_DENIED;
+
+	entry = entries;
+	
+	DEBUG(10,("_lsa_enum_privs: enum_context:%d total entries:%d\n", enum_context, PRIV_ALL_INDEX));
+
+	for (i = 0; i < PRIV_ALL_INDEX; i++, entry++) {
+		if( i<enum_context) {
+			init_uni_hdr(&entry->hdr_name, 0);
+			init_unistr2(&entry->name, NULL, 0 );
+			entry->luid_low = 0;
+			entry->luid_high = 0;
+		} else {
+			init_uni_hdr(&entry->hdr_name, strlen(privs[i+1].priv));
+			init_unistr2(&entry->name, privs[i+1].priv, strlen(privs[i+1].priv) );
+			entry->luid_low = privs[i+1].se_priv;
+			entry->luid_high = 0;
+		}
+	}
+
+	enum_context = PRIV_ALL_INDEX;
+	init_lsa_r_enum_privs(r_u, enum_context, PRIV_ALL_INDEX, entries);
+
+	return NT_STATUS_OK;
+}
+
+/***************************************************************************
+_lsa_priv_get_dispname.
+ ***************************************************************************/
+
+NTSTATUS _lsa_priv_get_dispname(pipes_struct *p, LSA_Q_PRIV_GET_DISPNAME *q_u, LSA_R_PRIV_GET_DISPNAME *r_u)
+{
+	struct lsa_info *handle;
+	fstring name_asc;
+	int i=1;
+
+	if (!find_policy_by_hnd(p, &q_u->pol, (void **)&handle))
+		return NT_STATUS_INVALID_HANDLE;
+
+	/* check if the user have enough rights */
+
+	/*
+	 * I don't know if it's the right one. not documented.
+	 */
+	if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION))
+		return NT_STATUS_ACCESS_DENIED;
+
+	unistr2_to_ascii(name_asc, &q_u->name, sizeof(name_asc));
+
+	DEBUG(10,("_lsa_priv_get_dispname: %s", name_asc));
+
+	while (privs[i].se_priv!=SE_PRIV_ALL && strcmp(name_asc, privs[i].priv))
+		i++;
+	
+	if (privs[i].se_priv!=SE_PRIV_ALL) {
+		DEBUG(10,(": %s\n", privs[i].description));
+		init_uni_hdr(&r_u->hdr_desc, strlen(privs[i].description));
+		init_unistr2(&r_u->desc, privs[i].description, strlen(privs[i].description) );
+
+		r_u->ptr_info=0xdeadbeef;
+		r_u->lang_id=q_u->lang_id;
+		return NT_STATUS_OK;
+	} else {
+		DEBUG(10,("_lsa_priv_get_dispname: doesn't exist\n"));
+		r_u->ptr_info=0;
+		return NT_STATUS_NO_SUCH_PRIVILEGE;
+	}
+}
+
+/***************************************************************************
+_lsa_enum_accounts.
+ ***************************************************************************/
+
+NTSTATUS _lsa_enum_accounts(pipes_struct *p, LSA_Q_ENUM_ACCOUNTS *q_u, LSA_R_ENUM_ACCOUNTS *r_u)
+{
+	struct lsa_info *handle;
+	GROUP_MAP *map=NULL;
+	int num_entries=0;
+	LSA_SID_ENUM *sids=&r_u->sids;
+	int i=0,j=0;
+
+	if (!find_policy_by_hnd(p, &q_u->pol, (void **)&handle))
+		return NT_STATUS_INVALID_HANDLE;
+
+	/* check if the user have enough rights */
+
+	/*
+	 * I don't know if it's the right one. not documented.
+	 */
+	if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION))
+		return NT_STATUS_ACCESS_DENIED;
+
+	/* get the list of mapped groups (domain, local, builtin) */
+	if(!enum_group_mapping(SID_NAME_UNKNOWN, &map, &num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV))
+		return NT_STATUS_OK;
+
+	if (q_u->enum_context >= num_entries)
+		return NT_STATUS_NO_MORE_ENTRIES;
+
+	sids->ptr_sid = (uint32 *)talloc_zero(p->mem_ctx, (num_entries-q_u->enum_context)*sizeof(uint32));
+	sids->sid = (DOM_SID2 *)talloc_zero(p->mem_ctx, (num_entries-q_u->enum_context)*sizeof(DOM_SID2));
+
+	if (sids->ptr_sid==NULL || sids->sid==NULL) {
+		SAFE_FREE(map);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for (i=q_u->enum_context, j=0; i<num_entries; i++) {
+		init_dom_sid2( &(*sids).sid[j],  &map[i].sid);
+		(*sids).ptr_sid[j]=1;
+		j++;
+	}
+
+	SAFE_FREE(map);
+
+	init_lsa_r_enum_accounts(r_u, j);
+
+	return NT_STATUS_OK;
+}
+
+
+NTSTATUS _lsa_unk_get_connuser(pipes_struct *p, LSA_Q_UNK_GET_CONNUSER *q_u, LSA_R_UNK_GET_CONNUSER *r_u)
+{
+	fstring username, domname;
+	int ulen, dlen;
+	user_struct *vuser = get_valid_user_struct(p->vuid);
+  
+	if (vuser == NULL)
+		return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+  
+	fstrcpy(username, vuser->user.smb_name);
+	fstrcpy(domname, vuser->user.domain);
+  
+	ulen = strlen(username) + 1;
+	dlen = strlen(domname) + 1;
+  
+	init_uni_hdr(&r_u->hdr_user_name, ulen);
+	r_u->ptr_user_name = 1;
+	init_unistr2(&r_u->uni2_user_name, username, ulen);
+
+	r_u->unk1 = 1;
+  
+	init_uni_hdr(&r_u->hdr_dom_name, dlen);
+	r_u->ptr_dom_name = 1;
+	init_unistr2(&r_u->uni2_dom_name, domname, dlen);
+
+	r_u->status = NT_STATUS_OK;
+  
+	return r_u->status;
+}
+
+/***************************************************************************
+ 
+ ***************************************************************************/
+
+NTSTATUS _lsa_open_account(pipes_struct *p, LSA_Q_OPENACCOUNT *q_u, LSA_R_OPENACCOUNT *r_u)
+{
+	struct lsa_info *handle;
+	struct lsa_info *info;
+
+	r_u->status = NT_STATUS_OK;
+
+	/* find the connection policy handle. */
+	if (!find_policy_by_hnd(p, &q_u->pol, (void **)&handle))
+		return NT_STATUS_INVALID_HANDLE;
+
+	/* check if the user have enough rights */
+
+	/*
+	 * I don't know if it's the right one. not documented.
+	 * but guessed with rpcclient.
+	 */
+	if (!(handle->access & POLICY_GET_PRIVATE_INFORMATION))
+		return NT_STATUS_ACCESS_DENIED;
+
+	/* associate the user/group SID with the (unique) handle. */
+	if ((info = (struct lsa_info *)malloc(sizeof(struct lsa_info))) == NULL)
+		return NT_STATUS_NO_MEMORY;
+
+	ZERO_STRUCTP(info);
+	info->sid = q_u->sid.sid;
+	info->access = q_u->access;
+
+	/* get a (unique) handle.  open a policy on it. */
+	if (!create_policy_hnd(p, &r_u->pol, free_lsa_info, (void *)info))
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+
+	return r_u->status;
+}
+
+/***************************************************************************
+ For a given SID, enumerate all the privilege this account has.
+ ***************************************************************************/
+
+NTSTATUS _lsa_enum_privsaccount(pipes_struct *p, LSA_Q_ENUMPRIVSACCOUNT *q_u, LSA_R_ENUMPRIVSACCOUNT *r_u)
+{
+	struct lsa_info *info=NULL;
+	GROUP_MAP map;
+	int i=0;
+
+	LUID_ATTR *set=NULL;
+
+	r_u->status = NT_STATUS_OK;
+
+	/* find the connection policy handle. */
+	if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
+		return NT_STATUS_INVALID_HANDLE;
+
+	if (!get_group_map_from_sid(info->sid, &map, MAPPING_WITH_PRIV))
+		return NT_STATUS_NO_SUCH_GROUP;
+
+	DEBUG(10,("_lsa_enum_privsaccount: %d privileges\n", map.priv_set.count));
+	if (map.priv_set.count!=0) {
+	
+		set=(LUID_ATTR *)talloc(p->mem_ctx, map.priv_set.count*sizeof(LUID_ATTR));
+		if (set == NULL) {
+			free_privilege(&map.priv_set);	
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		for (i=0; i<map.priv_set.count; i++) {
+			set[i].luid.low=map.priv_set.set[i].luid.low;
+			set[i].luid.high=map.priv_set.set[i].luid.high;
+			set[i].attr=map.priv_set.set[i].attr;
+			DEBUG(10,("_lsa_enum_privsaccount: priv %d: %d:%d:%d\n", i, 
+				   set[i].luid.high, set[i].luid.low, set[i].attr));
+		}
+	}
+
+	init_lsa_r_enum_privsaccount(r_u, set, map.priv_set.count, 0);	
+	free_privilege(&map.priv_set);	
+
+	return r_u->status;
+}
+
+/***************************************************************************
+ 
+ ***************************************************************************/
+
+NTSTATUS _lsa_getsystemaccount(pipes_struct *p, LSA_Q_GETSYSTEMACCOUNT *q_u, LSA_R_GETSYSTEMACCOUNT *r_u)
+{
+	struct lsa_info *info=NULL;
+	GROUP_MAP map;
+	r_u->status = NT_STATUS_OK;
+
+	/* find the connection policy handle. */
+	if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
+		return NT_STATUS_INVALID_HANDLE;
+
+	if (!get_group_map_from_sid(info->sid, &map, MAPPING_WITHOUT_PRIV))
+		return NT_STATUS_NO_SUCH_GROUP;
+
+	/*
+	  0x01 -> Log on locally
+	  0x02 -> Access this computer from network
+	  0x04 -> Log on as a batch job
+	  0x10 -> Log on as a service
+	  
+	  they can be ORed together
+	*/
+
+	r_u->access=map.systemaccount;
+
+	return r_u->status;
+}
+
+/***************************************************************************
+  update the systemaccount information
+ ***************************************************************************/
+
+NTSTATUS _lsa_setsystemaccount(pipes_struct *p, LSA_Q_SETSYSTEMACCOUNT *q_u, LSA_R_SETSYSTEMACCOUNT *r_u)
+{
+	struct lsa_info *info=NULL;
+	GROUP_MAP map;
+	r_u->status = NT_STATUS_OK;
+
+	/* find the connection policy handle. */
+	if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
+		return NT_STATUS_INVALID_HANDLE;
+
+	if (!get_group_map_from_sid(info->sid, &map, MAPPING_WITH_PRIV))
+		return NT_STATUS_NO_SUCH_GROUP;
+
+	map.systemaccount=q_u->access;
+
+	if(!add_mapping_entry(&map, TDB_REPLACE))
+		return NT_STATUS_NO_SUCH_GROUP;
+
+	free_privilege(&map.priv_set);
+
+	return r_u->status;
+}
+
+/***************************************************************************
+ For a given SID, add some privileges.
+ ***************************************************************************/
+
+NTSTATUS _lsa_addprivs(pipes_struct *p, LSA_Q_ADDPRIVS *q_u, LSA_R_ADDPRIVS *r_u)
+{
+	struct lsa_info *info=NULL;
+	GROUP_MAP map;
+	int i=0;
+
+	LUID_ATTR *luid_attr=NULL;
+	PRIVILEGE_SET *set=NULL;
+
+	r_u->status = NT_STATUS_OK;
+
+	/* find the connection policy handle. */
+	if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
+		return NT_STATUS_INVALID_HANDLE;
+
+	if (!get_group_map_from_sid(info->sid, &map, MAPPING_WITH_PRIV))
+		return NT_STATUS_NO_SUCH_GROUP;
+
+	set=&q_u->set;
+
+	for (i=0; i<set->count; i++) {
+		luid_attr=&set->set[i];
+		
+		/* check if the privilege is already there */
+		if (check_priv_in_privilege(&map.priv_set, *luid_attr)){
+			free_privilege(&map.priv_set);
+			return NT_STATUS_NO_SUCH_PRIVILEGE;
+		}
+		
+		add_privilege(&map.priv_set, *luid_attr);
+	}
+
+	if(!add_mapping_entry(&map, TDB_REPLACE))
+		return NT_STATUS_NO_SUCH_GROUP;
+	
+	free_privilege(&map.priv_set);	
+
+	return r_u->status;
+}
+
+/***************************************************************************
+ For a given SID, remove some privileges.
+ ***************************************************************************/
+
+NTSTATUS _lsa_removeprivs(pipes_struct *p, LSA_Q_REMOVEPRIVS *q_u, LSA_R_REMOVEPRIVS *r_u)
+{
+	struct lsa_info *info=NULL;
+	GROUP_MAP map;
+	int i=0;
+
+	LUID_ATTR *luid_attr=NULL;
+	PRIVILEGE_SET *set=NULL;
+
+	r_u->status = NT_STATUS_OK;
+
+	/* find the connection policy handle. */
+	if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
+		return NT_STATUS_INVALID_HANDLE;
+
+	if (!get_group_map_from_sid(info->sid, &map, MAPPING_WITH_PRIV))
+		return NT_STATUS_NO_SUCH_GROUP;
+
+	if (q_u->allrights!=0) {
+		/* log it and return, until I see one myself don't do anything */
+		DEBUG(5,("_lsa_removeprivs: trying to remove all privileges ?\n"));
+		return NT_STATUS_OK;
+	}
+
+	if (q_u->ptr==0) {
+		/* log it and return, until I see one myself don't do anything */
+		DEBUG(5,("_lsa_removeprivs: no privileges to remove ?\n"));
+		return NT_STATUS_OK;
+	}
+
+	set=&q_u->set;
+
+	for (i=0; i<set->count; i++) {
+		luid_attr=&set->set[i];
+		
+		/* if we don't have the privilege, we're trying to remove, give up */
+		/* what else can we do ??? JFM. */
+		if (!check_priv_in_privilege(&map.priv_set, *luid_attr)){
+			free_privilege(&map.priv_set);
+			return NT_STATUS_NO_SUCH_PRIVILEGE;
+		}
+		
+		remove_privilege(&map.priv_set, *luid_attr);
+	}
+
+	if(!add_mapping_entry(&map, TDB_REPLACE))
+		return NT_STATUS_NO_SUCH_GROUP;
+	
+	free_privilege(&map.priv_set);	
+
+	return r_u->status;
+}
+
+/***************************************************************************
+ For a given SID, remove some privileges.
+ ***************************************************************************/
+
+NTSTATUS _lsa_query_secobj(pipes_struct *p, LSA_Q_QUERY_SEC_OBJ *q_u, LSA_R_QUERY_SEC_OBJ *r_u)
+{
+	struct lsa_info *handle=NULL;
+	SEC_DESC *psd = NULL;
+	size_t sd_size;
+	NTSTATUS status;
+
+	r_u->status = NT_STATUS_OK;
+
+	/* find the connection policy handle. */
+	if (!find_policy_by_hnd(p, &q_u->pol, (void **)&handle))
+		return NT_STATUS_INVALID_HANDLE;
+
+	/* check if the user have enough rights */
+	if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION))
+		return NT_STATUS_ACCESS_DENIED;
+
+
+	switch (q_u->sec_info) {
+	case 1:
+		/* SD contains only the owner */
+
+		status=lsa_get_generic_sd(p->mem_ctx, &psd, &sd_size);
+		if(!NT_STATUS_IS_OK(status))
+			return NT_STATUS_NO_MEMORY;
+
+
+		if((r_u->buf = make_sec_desc_buf(p->mem_ctx, sd_size, psd)) == NULL)
+			return NT_STATUS_NO_MEMORY;
+		break;
+	case 4:
+		/* SD contains only the ACL */
+
+		status=lsa_get_generic_sd(p->mem_ctx, &psd, &sd_size);
+		if(!NT_STATUS_IS_OK(status))
+			return NT_STATUS_NO_MEMORY;
+
+		if((r_u->buf = make_sec_desc_buf(p->mem_ctx, sd_size, psd)) == NULL)
+			return NT_STATUS_NO_MEMORY;
+		break;
+	default:
+		return NT_STATUS_INVALID_LEVEL;
+	}
+
+	r_u->ptr=1;
+
+	return r_u->status;
+}
+
+
diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c
new file mode 100644
index 0000000000..dfd270ff7d
--- /dev/null
+++ b/source3/rpc_server/srv_netlog.c
@@ -0,0 +1,340 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell              1992-1997,
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
+ *  Copyright (C) Paul Ashton                       1997.
+ *  Copyright (C) Jeremy Allison               1998-2001.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+/* This is the interface to the netlogon pipe. */
+
+#include "includes.h"
+
+/*************************************************************************
+ api_net_req_chal:
+ *************************************************************************/
+
+static BOOL api_net_req_chal(pipes_struct *p)
+{
+	NET_Q_REQ_CHAL q_u;
+	NET_R_REQ_CHAL r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* grab the challenge... */
+	if(!net_io_q_req_chal("", &q_u, data, 0)) {
+		DEBUG(0,("api_net_req_chal: Failed to unmarshall NET_Q_REQ_CHAL.\n"));
+		return False;
+	}
+
+	r_u.status = _net_req_chal(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!net_io_r_req_chal("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_net_req_chal: Failed to marshall NET_R_REQ_CHAL.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*************************************************************************
+ api_net_auth:
+ *************************************************************************/
+
+static BOOL api_net_auth(pipes_struct *p)
+{
+	NET_Q_AUTH q_u;
+	NET_R_AUTH r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* grab the challenge... */
+	if(!net_io_q_auth("", &q_u, data, 0)) {
+		DEBUG(0,("api_net_auth: Failed to unmarshall NET_Q_AUTH.\n"));
+		return False;
+	}
+
+	r_u.status = _net_auth(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!net_io_r_auth("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_net_auth: Failed to marshall NET_R_AUTH.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*************************************************************************
+ api_net_auth_2:
+ *************************************************************************/
+
+static BOOL api_net_auth_2(pipes_struct *p)
+{
+	NET_Q_AUTH_2 q_u;
+	NET_R_AUTH_2 r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* grab the challenge... */
+	if(!net_io_q_auth_2("", &q_u, data, 0)) {
+		DEBUG(0,("api_net_auth_2: Failed to unmarshall NET_Q_AUTH_2.\n"));
+		return False;
+	}
+
+	r_u.status = _net_auth_2(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!net_io_r_auth_2("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_net_auth_2: Failed to marshall NET_R_AUTH_2.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*************************************************************************
+ api_net_srv_pwset:
+ *************************************************************************/
+
+static BOOL api_net_srv_pwset(pipes_struct *p)
+{
+	NET_Q_SRV_PWSET q_u;
+	NET_R_SRV_PWSET r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* grab the challenge and encrypted password ... */
+	if(!net_io_q_srv_pwset("", &q_u, data, 0)) {
+		DEBUG(0,("api_net_srv_pwset: Failed to unmarshall NET_Q_SRV_PWSET.\n"));
+		return False;
+	}
+
+	r_u.status = _net_srv_pwset(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!net_io_r_srv_pwset("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_net_srv_pwset: Failed to marshall NET_R_SRV_PWSET.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*************************************************************************
+ api_net_sam_logoff:
+ *************************************************************************/
+
+static BOOL api_net_sam_logoff(pipes_struct *p)
+{
+	NET_Q_SAM_LOGOFF q_u;
+	NET_R_SAM_LOGOFF r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!net_io_q_sam_logoff("", &q_u, data, 0)) {
+		DEBUG(0,("api_net_sam_logoff: Failed to unmarshall NET_Q_SAM_LOGOFF.\n"));
+		return False;
+	}
+
+	r_u.status = _net_sam_logoff(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!net_io_r_sam_logoff("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_net_sam_logoff: Failed to marshall NET_R_SAM_LOGOFF.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*************************************************************************
+ api_net_sam_logon:
+ *************************************************************************/
+
+static BOOL api_net_sam_logon(pipes_struct *p)
+{
+	NET_Q_SAM_LOGON q_u;
+	NET_R_SAM_LOGON r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+    
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+    if(!net_io_q_sam_logon("", &q_u, data, 0)) {
+        DEBUG(0, ("api_net_sam_logon: Failed to unmarshall NET_Q_SAM_LOGON.\n"));
+        return False;
+    }
+   
+	r_u.status = _net_sam_logon(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!net_io_r_sam_logon("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_net_sam_logon: Failed to marshall NET_R_SAM_LOGON.\n"));
+		return False;
+	}
+
+    return True;
+}
+
+/*************************************************************************
+ api_net_trust_dom_list:
+ *************************************************************************/
+
+static BOOL api_net_trust_dom_list(pipes_struct *p)
+{
+	NET_Q_TRUST_DOM_LIST q_u;
+	NET_R_TRUST_DOM_LIST r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	DEBUG(6,("api_net_trust_dom_list: %d\n", __LINE__));
+
+	/* grab the lsa trusted domain list query... */
+	if(!net_io_q_trust_dom("", &q_u, data, 0)) {
+		DEBUG(0,("api_net_trust_dom_list: Failed to unmarshall NET_Q_TRUST_DOM_LIST.\n"));
+		return False;
+	}
+
+	/* construct reply. */
+	r_u.status = _net_trust_dom_list(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!net_io_r_trust_dom("", &r_u, rdata, 0)) {
+		DEBUG(0,("net_reply_trust_dom_list: Failed to marshall NET_R_TRUST_DOM_LIST.\n"));
+		return False;
+	}
+
+	DEBUG(6,("api_net_trust_dom_list: %d\n", __LINE__));
+
+	return True;
+}
+
+/*************************************************************************
+ api_net_logon_ctrl2:
+ *************************************************************************/
+
+static BOOL api_net_logon_ctrl2(pipes_struct *p)
+{
+	NET_Q_LOGON_CTRL2 q_u;
+	NET_R_LOGON_CTRL2 r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	DEBUG(6,("api_net_logon_ctrl2: %d\n", __LINE__));
+
+	/* grab the lsa netlogon ctrl2 query... */
+	if(!net_io_q_logon_ctrl2("", &q_u, data, 0)) {
+		DEBUG(0,("api_net_logon_ctrl2: Failed to unmarshall NET_Q_LOGON_CTRL2.\n"));
+		return False;
+	}
+
+	r_u.status = _net_logon_ctrl2(p, &q_u, &r_u);
+
+	if(!net_io_r_logon_ctrl2("", &r_u, rdata, 0)) {
+		DEBUG(0,("net_reply_logon_ctrl2: Failed to marshall NET_R_LOGON_CTRL2.\n"));
+		return False;
+	}
+
+	DEBUG(6,("api_net_logon_ctrl2: %d\n", __LINE__));
+
+	return True;
+}
+
+/*************************************************************************
+ api_net_logon_ctrl:
+ *************************************************************************/
+
+static BOOL api_net_logon_ctrl(pipes_struct *p)
+{
+	NET_Q_LOGON_CTRL q_u;
+	NET_R_LOGON_CTRL r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	DEBUG(6,("api_net_logon_ctrl: %d\n", __LINE__));
+
+	/* grab the lsa netlogon ctrl query... */
+	if(!net_io_q_logon_ctrl("", &q_u, data, 0)) {
+		DEBUG(0,("api_net_logon_ctrl: Failed to unmarshall NET_Q_LOGON_CTRL.\n"));
+		return False;
+	}
+
+	r_u.status = _net_logon_ctrl(p, &q_u, &r_u);
+
+	if(!net_io_r_logon_ctrl("", &r_u, rdata, 0)) {
+		DEBUG(0,("net_reply_logon_ctrl2: Failed to marshall NET_R_LOGON_CTRL2.\n"));
+		return False;
+	}
+
+	DEBUG(6,("api_net_logon_ctrl2: %d\n", __LINE__));
+
+	return True;
+}
+
+/*******************************************************************
+ array of \PIPE\NETLOGON operations
+ ********************************************************************/
+static struct api_struct api_net_cmds [] =
+{
+	{ "NET_REQCHAL"       , NET_REQCHAL       , api_net_req_chal       }, 
+	{ "NET_AUTH"          , NET_AUTH          , api_net_auth           }, 
+	{ "NET_AUTH2"         , NET_AUTH2         , api_net_auth_2         }, 
+	{ "NET_SRVPWSET"      , NET_SRVPWSET      , api_net_srv_pwset      }, 
+	{ "NET_SAMLOGON"      , NET_SAMLOGON      , api_net_sam_logon      }, 
+	{ "NET_SAMLOGOFF"     , NET_SAMLOGOFF     , api_net_sam_logoff     }, 
+	{ "NET_LOGON_CTRL2"   , NET_LOGON_CTRL2   , api_net_logon_ctrl2    }, 
+	{ "NET_TRUST_DOM_LIST", NET_TRUST_DOM_LIST, api_net_trust_dom_list },
+	{ "NET_LOGON_CTRL"    , NET_LOGON_CTRL    , api_net_logon_ctrl     },
+	{  NULL               , 0                 , NULL                   }
+};
+
+/*******************************************************************
+ receives a netlogon pipe and responds.
+ ********************************************************************/
+
+BOOL api_netlog_rpc(pipes_struct *p)
+{
+	return api_rpcTNP(p, "api_netlog_rpc", api_net_cmds);
+}
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
new file mode 100644
index 0000000000..bdb064c81d
--- /dev/null
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -0,0 +1,715 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell              1992-1997,
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
+ *  Copyright (C) Paul Ashton                       1997.
+ *  Copyright (C) Jeremy Allison               1998-2001.
+ *  Copyirht  (C) Andrew Bartlett                   2001.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+/* This is the implementation of the netlogon pipe. */
+
+#include "includes.h"
+
+extern pstring global_myname;
+extern DOM_SID global_sam_sid;
+
+/*************************************************************************
+ init_net_r_req_chal:
+ *************************************************************************/
+
+static void init_net_r_req_chal(NET_R_REQ_CHAL *r_c,
+                                DOM_CHAL *srv_chal, NTSTATUS status)
+{
+	DEBUG(6,("init_net_r_req_chal: %d\n", __LINE__));
+	memcpy(r_c->srv_chal.data, srv_chal->data, sizeof(srv_chal->data));
+	r_c->status = status;
+}
+
+/*************************************************************************
+ error messages cropping up when using nltest.exe...
+ *************************************************************************/
+
+#define ERROR_NO_SUCH_DOMAIN   0x54b
+#define ERROR_NO_LOGON_SERVERS 0x51f
+
+/*************************************************************************
+ net_reply_logon_ctrl:
+ *************************************************************************/
+
+/* Some flag values reverse engineered from NLTEST.EXE */
+
+#define LOGON_CTRL_IN_SYNC          0x00
+#define LOGON_CTRL_REPL_NEEDED      0x01
+#define LOGON_CTRL_REPL_IN_PROGRESS 0x02
+
+NTSTATUS _net_logon_ctrl(pipes_struct *p, NET_Q_LOGON_CTRL *q_u, 
+		       NET_R_LOGON_CTRL *r_u)
+{
+	uint32 flags = 0x0;
+	uint32 pdc_connection_status = 0x00; /* Maybe a win32 error code? */
+	
+	/* Setup the Logon Control response */
+
+	init_net_r_logon_ctrl(r_u, q_u->query_level, flags, 
+			      pdc_connection_status);
+
+	return r_u->status;
+}
+
+/****************************************************************************
+Send a message to smbd to do a sam synchronisation
+**************************************************************************/
+static void send_sync_message(void)
+{
+        TDB_CONTEXT *tdb;
+
+        tdb = tdb_open_log(lock_path("connections.tdb"), 0,
+                           TDB_DEFAULT, O_RDONLY, 0);
+
+        if (!tdb) {
+                DEBUG(3, ("send_sync_message(): failed to open connections "
+                          "database\n"));
+                return;
+        }
+
+        DEBUG(3, ("sending sam synchronisation message\n"));
+        
+        message_send_all(tdb, MSG_SMB_SAM_SYNC, NULL, 0, False, NULL);
+
+        tdb_close(tdb);
+}
+
+/*************************************************************************
+ net_reply_logon_ctrl2:
+ *************************************************************************/
+
+NTSTATUS _net_logon_ctrl2(pipes_struct *p, NET_Q_LOGON_CTRL2 *q_u, NET_R_LOGON_CTRL2 *r_u)
+{
+        uint32 flags = 0x0;
+        uint32 pdc_connection_status = 0x0;
+        uint32 logon_attempts = 0x0;
+        uint32 tc_status = ERROR_NO_LOGON_SERVERS;
+        char *trusted_domain = "test_domain";
+
+        DEBUG(0, ("*** net long ctrl2 %d, %d, %d\n",
+                  q_u->function_code, q_u->query_level, q_u->switch_value));
+
+	DEBUG(6,("_net_logon_ctrl2: %d\n", __LINE__));
+
+
+	/* set up the Logon Control2 response */
+	init_net_r_logon_ctrl2(r_u, q_u->query_level,
+			       flags, pdc_connection_status, logon_attempts,
+			       tc_status, trusted_domain);
+
+        if (lp_server_role() == ROLE_DOMAIN_BDC)
+                send_sync_message();
+
+	DEBUG(6,("_net_logon_ctrl2: %d\n", __LINE__));
+
+	return r_u->status;
+}
+
+/*************************************************************************
+ net_reply_trust_dom_list:
+ *************************************************************************/
+
+NTSTATUS _net_trust_dom_list(pipes_struct *p, NET_Q_TRUST_DOM_LIST *q_u, NET_R_TRUST_DOM_LIST *r_u)
+{
+	char *trusted_domain = "test_domain";
+	uint32 num_trust_domains = 1;
+
+	DEBUG(6,("_net_trust_dom_list: %d\n", __LINE__));
+
+	/* set up the Trusted Domain List response */
+	init_r_trust_dom(r_u, num_trust_domains, trusted_domain);
+
+	DEBUG(6,("_net_trust_dom_list: %d\n", __LINE__));
+
+	return r_u->status;
+}
+
+/***********************************************************************************
+ init_net_r_srv_pwset:
+ ***********************************************************************************/
+
+static void init_net_r_srv_pwset(NET_R_SRV_PWSET *r_s,
+                             DOM_CRED *srv_cred, NTSTATUS status)  
+{
+	DEBUG(5,("init_net_r_srv_pwset: %d\n", __LINE__));
+
+	memcpy(&r_s->srv_cred, srv_cred, sizeof(r_s->srv_cred));
+	r_s->status = status;
+
+	DEBUG(5,("init_net_r_srv_pwset: %d\n", __LINE__));
+}
+
+/******************************************************************
+ gets a machine password entry.  checks access rights of the host.
+ ******************************************************************/
+
+static BOOL get_md4pw(char *md4pw, char *mach_acct)
+{
+	SAM_ACCOUNT *sampass = NULL;
+	const uint8 *pass;
+	BOOL ret;
+	uint32 acct_ctrl;
+
+#if 0
+    /*
+     * Currently this code is redundent as we already have a filter
+     * by hostname list. What this code really needs to do is to 
+     * get a hosts allowed/hosts denied list from the SAM database
+     * on a per user basis, and make the access decision there.
+     * I will leave this code here for now as a reminder to implement
+     * this at a later date. JRA.
+     */
+
+	if (!allow_access(lp_domain_hostsdeny(), lp_domain_hostsallow(),
+	                  client_name(), client_addr()))
+	{
+		DEBUG(0,("get_md4pw: Workstation %s denied access to domain\n", mach_acct));
+		return False;
+	}
+#endif /* 0 */
+
+	if(!NT_STATUS_IS_OK(pdb_init_sam(&sampass)))
+		return False;
+
+	/* JRA. This is ok as it is only used for generating the challenge. */
+	become_root();
+	ret=pdb_getsampwnam(sampass, mach_acct);
+	unbecome_root();
+ 
+ 	if (ret==False) {
+ 		DEBUG(0,("get_md4pw: Workstation %s: no account in domain\n", mach_acct));
+		pdb_free_sam(&sampass);
+		return False;
+	}
+
+	acct_ctrl = pdb_get_acct_ctrl(sampass);
+	if (!(acct_ctrl & ACB_DISABLED) &&
+	    ((acct_ctrl & ACB_DOMTRUST) ||
+	     (acct_ctrl & ACB_WSTRUST) ||
+	     (acct_ctrl & ACB_SVRTRUST)) &&
+	    ((pass=pdb_get_nt_passwd(sampass)) != NULL)) {
+		memcpy(md4pw, pass, 16);
+		dump_data(5, md4pw, 16);
+ 		pdb_free_sam(&sampass);
+		return True;
+	}
+ 	
+	DEBUG(0,("get_md4pw: Workstation %s: no account in domain\n", mach_acct));
+	pdb_free_sam(&sampass);
+	return False;
+
+}
+
+/*************************************************************************
+ _net_req_chal
+ *************************************************************************/
+
+NTSTATUS _net_req_chal(pipes_struct *p, NET_Q_REQ_CHAL *q_u, NET_R_REQ_CHAL *r_u)
+{
+	NTSTATUS status = NT_STATUS_OK;
+
+	rpcstr_pull(p->dc.remote_machine,q_u->uni_logon_clnt.buffer,sizeof(fstring),q_u->uni_logon_clnt.uni_str_len*2,0);
+
+	/* create a server challenge for the client */
+	/* Set these to random values. */
+	generate_random_buffer(p->dc.srv_chal.data, 8, False);
+	
+	memcpy(p->dc.srv_cred.challenge.data, p->dc.srv_chal.data, 8);
+
+	memcpy(p->dc.clnt_chal.data          , q_u->clnt_chal.data, sizeof(q_u->clnt_chal.data));
+	memcpy(p->dc.clnt_cred.challenge.data, q_u->clnt_chal.data, sizeof(q_u->clnt_chal.data));
+
+	memset((char *)p->dc.sess_key, '\0', sizeof(p->dc.sess_key));
+
+	p->dc.challenge_sent = True;
+	/* set up the LSA REQUEST CHALLENGE response */
+	init_net_r_req_chal(r_u, &p->dc.srv_chal, status);
+	
+	return status;
+}
+
+/*************************************************************************
+ init_net_r_auth:
+ *************************************************************************/
+
+static void init_net_r_auth(NET_R_AUTH *r_a, DOM_CHAL *resp_cred, NTSTATUS status)
+{
+	memcpy(r_a->srv_chal.data, resp_cred->data, sizeof(resp_cred->data));
+	r_a->status = status;
+}
+
+/*************************************************************************
+ _net_auth
+ *************************************************************************/
+
+NTSTATUS _net_auth(pipes_struct *p, NET_Q_AUTH *q_u, NET_R_AUTH *r_u)
+{
+	NTSTATUS status = NT_STATUS_OK;
+	DOM_CHAL srv_cred;
+	UTIME srv_time;
+	fstring mach_acct;
+
+	srv_time.time = 0;
+
+	rpcstr_pull(mach_acct, q_u->clnt_id.uni_acct_name.buffer,sizeof(fstring),q_u->clnt_id.uni_acct_name.uni_str_len*2,0);
+
+	if (p->dc.challenge_sent && get_md4pw((char *)p->dc.md4pw, mach_acct)) {
+
+		/* from client / server challenges and md4 password, generate sess key */
+		cred_session_key(&p->dc.clnt_chal, &p->dc.srv_chal,
+				 (char *)p->dc.md4pw, p->dc.sess_key);
+		
+		/* check that the client credentials are valid */
+		if (cred_assert(&q_u->clnt_chal, p->dc.sess_key, &p->dc.clnt_cred.challenge, srv_time)) {
+			
+			/* create server challenge for inclusion in the reply */
+			cred_create(p->dc.sess_key, &p->dc.srv_cred.challenge, srv_time, &srv_cred);
+		
+			/* copy the received client credentials for use next time */
+			memcpy(p->dc.clnt_cred.challenge.data, q_u->clnt_chal.data, sizeof(q_u->clnt_chal.data));
+			memcpy(p->dc.srv_cred .challenge.data, q_u->clnt_chal.data, sizeof(q_u->clnt_chal.data));
+			
+			/* Save the machine account name. */
+			fstrcpy(p->dc.mach_acct, mach_acct);
+		
+			p->dc.authenticated = True;
+
+		} else {
+			status = NT_STATUS_ACCESS_DENIED;
+		}
+	} else {
+		status = NT_STATUS_ACCESS_DENIED;
+	}
+	
+	/* set up the LSA AUTH response */
+	init_net_r_auth(r_u, &srv_cred, status);
+
+	return r_u->status;
+}
+
+/*************************************************************************
+ init_net_r_auth_2:
+ *************************************************************************/
+
+static void init_net_r_auth_2(NET_R_AUTH_2 *r_a,
+                              DOM_CHAL *resp_cred, NEG_FLAGS *flgs, NTSTATUS status)
+{
+	memcpy(r_a->srv_chal.data, resp_cred->data, sizeof(resp_cred->data));
+	memcpy(&r_a->srv_flgs, flgs, sizeof(r_a->srv_flgs));
+	r_a->status = status;
+}
+
+/*************************************************************************
+ _net_auth_2
+ *************************************************************************/
+
+NTSTATUS _net_auth_2(pipes_struct *p, NET_Q_AUTH_2 *q_u, NET_R_AUTH_2 *r_u)
+{
+	NTSTATUS status = NT_STATUS_OK;
+	DOM_CHAL srv_cred;
+	UTIME srv_time;
+	NEG_FLAGS srv_flgs;
+	fstring mach_acct;
+
+	srv_time.time = 0;
+
+	rpcstr_pull(mach_acct, q_u->clnt_id.uni_acct_name.buffer,sizeof(fstring),q_u->clnt_id.uni_acct_name.uni_str_len*2,0);
+
+	if (p->dc.challenge_sent && get_md4pw((char *)p->dc.md4pw, mach_acct)) {
+		
+		/* from client / server challenges and md4 password, generate sess key */
+		cred_session_key(&p->dc.clnt_chal, &p->dc.srv_chal,
+				 (char *)p->dc.md4pw, p->dc.sess_key);
+		
+		/* check that the client credentials are valid */
+		if (cred_assert(&q_u->clnt_chal, p->dc.sess_key, &p->dc.clnt_cred.challenge, srv_time)) {
+			
+			/* create server challenge for inclusion in the reply */
+			cred_create(p->dc.sess_key, &p->dc.srv_cred.challenge, srv_time, &srv_cred);
+			
+			/* copy the received client credentials for use next time */
+			memcpy(p->dc.clnt_cred.challenge.data, q_u->clnt_chal.data, sizeof(q_u->clnt_chal.data));
+			memcpy(p->dc.srv_cred .challenge.data, q_u->clnt_chal.data, sizeof(q_u->clnt_chal.data));
+			
+			/* Save the machine account name. */
+			fstrcpy(p->dc.mach_acct, mach_acct);
+			
+			p->dc.authenticated = True;
+
+		} else {
+			status = NT_STATUS_ACCESS_DENIED;
+		}
+	} else {
+		status = NT_STATUS_ACCESS_DENIED;
+	}
+	
+	srv_flgs.neg_flags = 0x000001ff;
+
+	/* set up the LSA AUTH 2 response */
+	init_net_r_auth_2(r_u, &srv_cred, &srv_flgs, status);
+
+	return r_u->status;
+}
+
+/*************************************************************************
+ _net_srv_pwset
+ *************************************************************************/
+
+NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *r_u)
+{
+	NTSTATUS status = NT_STATUS_WRONG_PASSWORD;
+	DOM_CRED srv_cred;
+	pstring workstation;
+	SAM_ACCOUNT *sampass=NULL;
+	BOOL ret = False;
+	unsigned char pwd[16];
+	int i;
+	uint32 acct_ctrl;
+
+	/* checks and updates credentials.  creates reply credentials */
+	if (!(p->dc.authenticated && deal_with_creds(p->dc.sess_key, &p->dc.clnt_cred, &q_u->clnt_id.cred, &srv_cred)))
+		return NT_STATUS_INVALID_HANDLE;
+
+	memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred));
+
+	DEBUG(5,("_net_srv_pwset: %d\n", __LINE__));
+
+	rpcstr_pull(workstation,q_u->clnt_id.login.uni_acct_name.buffer,
+		    sizeof(workstation),q_u->clnt_id.login.uni_acct_name.uni_str_len*2,0);
+
+	DEBUG(3,("Server Password Set by Wksta:[%s] on account [%s]\n", workstation, p->dc.mach_acct));
+	
+	pdb_init_sam(&sampass);
+
+	become_root();
+	ret=pdb_getsampwnam(sampass, p->dc.mach_acct);
+	unbecome_root();
+
+	/* Ensure the account exists and is a machine account. */
+	
+	acct_ctrl = pdb_get_acct_ctrl(sampass);
+
+	if (!(ret 
+	      && (acct_ctrl & ACB_WSTRUST ||
+		      acct_ctrl & ACB_SVRTRUST ||
+		      acct_ctrl & ACB_DOMTRUST))) {
+		pdb_free_sam(&sampass);
+		return NT_STATUS_NO_SUCH_USER;
+	}
+	
+	if (pdb_get_acct_ctrl(sampass) & ACB_DISABLED) {
+		pdb_free_sam(&sampass);
+		return NT_STATUS_ACCOUNT_DISABLED;
+	}
+
+	DEBUG(100,("Server password set : new given value was :\n"));
+	for(i = 0; i < 16; i++)
+		DEBUG(100,("%02X ", q_u->pwd[i]));
+	DEBUG(100,("\n"));
+
+	cred_hash3( pwd, q_u->pwd, p->dc.sess_key, 0);
+
+	/* lies!  nt and lm passwords are _not_ the same: don't care */
+	if (!pdb_set_lanman_passwd (sampass, pwd)) {
+		pdb_free_sam(&sampass);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (!pdb_set_nt_passwd     (sampass, pwd)) {
+		pdb_free_sam(&sampass);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (!pdb_set_pass_changed_now     (sampass)) {
+		pdb_free_sam(&sampass);
+		/* Not quite sure what this one qualifies as, but this will do */
+		return NT_STATUS_UNSUCCESSFUL; 
+	}
+ 
+	become_root();
+	ret = pdb_update_sam_account (sampass);
+	unbecome_root();
+ 
+	if (ret)
+		status = NT_STATUS_OK;
+
+	/* set up the LSA Server Password Set response */
+	init_net_r_srv_pwset(r_u, &srv_cred, status);
+
+	pdb_free_sam(&sampass);
+	return r_u->status;
+}
+
+
+/*************************************************************************
+ _net_sam_logoff:
+ *************************************************************************/
+
+NTSTATUS _net_sam_logoff(pipes_struct *p, NET_Q_SAM_LOGOFF *q_u, NET_R_SAM_LOGOFF *r_u)
+{
+	DOM_CRED srv_cred;
+
+	if (!get_valid_user_struct(p->vuid))
+		return NT_STATUS_NO_SUCH_USER;
+
+	/* checks and updates credentials.  creates reply credentials */
+	if (!(p->dc.authenticated && deal_with_creds(p->dc.sess_key, &p->dc.clnt_cred, 
+						     &q_u->sam_id.client.cred, &srv_cred)))
+		return NT_STATUS_INVALID_HANDLE;
+
+	memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred));
+
+	/* XXXX maybe we want to say 'no', reject the client's credentials */
+	r_u->buffer_creds = 1; /* yes, we have valid server credentials */
+	memcpy(&r_u->srv_creds, &srv_cred, sizeof(r_u->srv_creds));
+
+	r_u->status = NT_STATUS_OK;
+
+	return r_u->status;
+}
+
+
+/*************************************************************************
+ _net_sam_logon
+ *************************************************************************/
+
+NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *r_u)
+{
+	NTSTATUS status = NT_STATUS_OK;
+	NET_USER_INFO_3 *usr_info = NULL;
+	NET_ID_INFO_CTR *ctr = q_u->sam_id.ctr;
+	DOM_CRED srv_cred;
+	UNISTR2 *uni_samlogon_user = NULL;
+	UNISTR2 *uni_samlogon_domain = NULL;
+	UNISTR2 *uni_samlogon_workstation = NULL;
+	fstring nt_username, nt_domain, nt_workstation;
+	auth_usersupplied_info *user_info = NULL;
+	auth_serversupplied_info *server_info = NULL;
+	extern userdom_struct current_user_info;
+	SAM_ACCOUNT *sampw;
+	        
+	usr_info = (NET_USER_INFO_3 *)talloc(p->mem_ctx, sizeof(NET_USER_INFO_3));
+	if (!usr_info)
+		return NT_STATUS_NO_MEMORY;
+
+	ZERO_STRUCTP(usr_info);
+
+ 	/* store the user information, if there is any. */
+	r_u->user = usr_info;
+	r_u->switch_value = 0; /* indicates no info */
+	r_u->auth_resp = 1; /* authoritative response */
+	r_u->switch_value = 3; /* indicates type of validation user info */
+ 
+	if (!get_valid_user_struct(p->vuid))
+		return NT_STATUS_NO_SUCH_USER;
+    
+	/* checks and updates credentials.  creates reply credentials */
+	if (!(p->dc.authenticated && deal_with_creds(p->dc.sess_key, &p->dc.clnt_cred, &q_u->sam_id.client.cred, &srv_cred)))
+		return NT_STATUS_INVALID_HANDLE;
+
+	memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred));
+    
+	r_u->buffer_creds = 1; /* yes, we have valid server credentials */
+	memcpy(&r_u->srv_creds, &srv_cred, sizeof(r_u->srv_creds));
+
+	/* find the username */
+    
+	switch (q_u->sam_id.logon_level) {
+	case INTERACTIVE_LOGON_TYPE:
+		uni_samlogon_user = &ctr->auth.id1.uni_user_name;
+ 		uni_samlogon_domain = &ctr->auth.id1.uni_domain_name;
+
+                uni_samlogon_workstation = &ctr->auth.id1.uni_wksta_name;
+            
+		DEBUG(3,("SAM Logon (Interactive). Domain:[%s].  ", lp_workgroup()));
+		break;
+	case NET_LOGON_TYPE:
+		uni_samlogon_user = &ctr->auth.id2.uni_user_name;
+		uni_samlogon_domain = &ctr->auth.id2.uni_domain_name;
+		uni_samlogon_workstation = &ctr->auth.id2.uni_wksta_name;
+            
+		DEBUG(3,("SAM Logon (Network). Domain:[%s].  ", lp_workgroup()));
+		break;
+	default:
+		DEBUG(2,("SAM Logon: unsupported switch value\n"));
+		return NT_STATUS_INVALID_INFO_CLASS;
+	} /* end switch */
+
+	/* check username exists */
+
+	rpcstr_pull(nt_username,uni_samlogon_user->buffer,sizeof(nt_username),uni_samlogon_user->uni_str_len*2,0);
+	rpcstr_pull(nt_domain,uni_samlogon_domain->buffer,sizeof(nt_domain),uni_samlogon_domain->uni_str_len*2,0);
+	rpcstr_pull(nt_workstation,uni_samlogon_workstation->buffer,sizeof(nt_workstation),uni_samlogon_workstation->uni_str_len*2,0);
+
+	DEBUG(3,("User:[%s@%s] Requested Domain:[%s]\n", nt_username, 
+                 nt_workstation, nt_domain));
+   	
+	pstrcpy(current_user_info.smb_name, nt_username);
+     
+	/*
+	 * Convert to a UNIX username.
+	 */
+
+	DEBUG(5,("Attempting validation level %d for unmapped username %s.\n", q_u->sam_id.ctr->switch_value, nt_username));
+
+	switch (ctr->switch_value) {
+	case NET_LOGON_TYPE:
+	{
+		struct auth_context *auth_context = NULL;
+		if (!NT_STATUS_IS_OK(status = make_auth_context_fixed(&auth_context, ctr->auth.id2.lm_chal))) {
+			return status;
+		}
+
+		/* Standard challenge/response authenticaion */
+		if (!make_user_info_netlogon_network(&user_info, 
+						     nt_username, nt_domain, 
+						     nt_workstation, 
+						     ctr->auth.id2.lm_chal_resp.buffer,
+						     ctr->auth.id2.lm_chal_resp.str_str_len,
+						     ctr->auth.id2.nt_chal_resp.buffer,
+						     ctr->auth.id2.nt_chal_resp.str_str_len)) {
+			status = NT_STATUS_NO_MEMORY;
+		} else {
+			status = auth_context->check_ntlm_password(auth_context, user_info, &server_info);
+		}
+		(auth_context->free)(&auth_context);
+			
+		break;
+	}
+	case INTERACTIVE_LOGON_TYPE:
+		/* 'Interactive' autheticaion, supplies the password in its
+		   MD4 form, encrypted with the session key.  We will
+		   convert this to chellange/responce for the auth
+		   subsystem to chew on */
+	{
+		struct auth_context *auth_context = NULL;
+		const uint8 *chal;
+		if (!NT_STATUS_IS_OK(status = make_auth_context_subsystem(&auth_context))) {
+			return status;
+		}
+		
+		chal = auth_context->get_ntlm_challenge(auth_context);
+
+		if (!make_user_info_netlogon_interactive(&user_info, 
+							 nt_username, nt_domain, 
+							 nt_workstation, chal,
+							 ctr->auth.id1.lm_owf.data, 
+							 ctr->auth.id1.nt_owf.data, 
+							 p->dc.sess_key)) {
+			status = NT_STATUS_NO_MEMORY;
+		} else {
+			status = auth_context->check_ntlm_password(auth_context, user_info, &server_info);
+		}
+
+		(auth_context->free)(&auth_context);
+
+		break;
+	}
+	default:
+		DEBUG(2,("SAM Logon: unsupported switch value\n"));
+		return NT_STATUS_INVALID_INFO_CLASS;
+	} /* end switch */
+	
+	free_user_info(&user_info);
+	
+	DEBUG(5, ("_net_sam_logon: check_password returned status %s\n", 
+		  nt_errstr(status)));
+
+	/* Check account and password */
+    
+	if (!NT_STATUS_IS_OK(status)) {
+		free_server_info(&server_info);
+		return status;
+	}
+
+	if (server_info->guest) {
+		/* We don't like guest domain logons... */
+		DEBUG(5,("_net_sam_logon: Attempted domain logon as GUEST denied.\n"));
+		free_server_info(&server_info);
+		return NT_STATUS_LOGON_FAILURE;
+	}
+
+	/* This is the point at which, if the login was successful, that
+           the SAM Local Security Authority should record that the user is
+           logged in to the domain.  */
+    
+	{
+		DOM_GID *gids = NULL;
+		int num_gids = 0;
+		pstring my_name;
+		pstring my_workgroup;
+	
+		/* set up pointer indicating user/password failed to be found */
+		usr_info->ptr_user_info = 0;
+        
+		pstrcpy(my_workgroup, lp_workgroup());
+		pstrcpy(my_name, global_myname);
+		strupper(my_name);
+
+		/*
+		 * This is the point at which we get the group
+		 * database - we should be getting the gid_t list
+		 * from /etc/group and then turning the uids into
+		 * rids and then into machine sids for this user.
+		 * JRA.
+		 */
+
+  		gids = NULL;
+		get_domain_user_groups(p->mem_ctx, &num_gids, &gids, server_info->sam_account);
+        
+		sampw = server_info->sam_account;
+
+		init_net_user_info3(p->mem_ctx, usr_info, 
+				    pdb_get_user_rid(sampw),
+				    pdb_get_group_rid(sampw),
+				    
+				    pdb_get_username(sampw),
+				    pdb_get_fullname(sampw),
+				    pdb_get_homedir(sampw),
+				    pdb_get_dirdrive(sampw),
+				    pdb_get_logon_script(sampw),
+				    pdb_get_profile_path(sampw),
+				    pdb_get_logon_time(sampw),
+				    pdb_get_logoff_time(sampw),
+				    pdb_get_kickoff_time(sampw),
+				    pdb_get_pass_last_set_time(sampw),
+				    pdb_get_pass_can_change_time(sampw),
+				    pdb_get_pass_must_change_time(sampw),
+				    
+				    0, /* logon_count */
+				    0, /* bad_pw_count */
+				    num_gids,    /* uint32 num_groups */
+				    gids    , /* DOM_GID *gids */
+				    0x20    , /* uint32 user_flgs (?) */
+				    NULL, /* uchar sess_key[16] */
+				    my_name     , /* char *logon_srv */
+				    my_workgroup, /* char *logon_dom */
+				    &global_sam_sid,     /* DOM_SID *dom_sid */
+				    NULL); /* char *other_sids */
+	}
+	free_server_info(&server_info);
+	return status;
+}
+
+
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
new file mode 100644
index 0000000000..70574b4cdd
--- /dev/null
+++ b/source3/rpc_server/srv_pipe.c
@@ -0,0 +1,1225 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell              1992-1998
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
+ *  Copyright (C) Paul Ashton                  1997-1998.
+ *  Copyright (C) Jeremy Allison                    1999.
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+/*  this module apparently provides an implementation of DCE/RPC over a
+ *  named pipe (IPC$ connection using SMBtrans).  details of DCE/RPC
+ *  documentation are available (in on-line form) from the X-Open group.
+ *
+ *  this module should provide a level of abstraction between SMB
+ *  and DCE/RPC, while minimising the amount of mallocs, unnecessary
+ *  data copies, and network traffic.
+ *
+ *  in this version, which takes a "let's learn what's going on and
+ *  get something running" approach, there is additional network
+ *  traffic generated, but the code should be easier to understand...
+ *
+ *  ... if you read the docs.  or stare at packets for weeks on end.
+ *
+ */
+
+#include "includes.h"
+
+static void NTLMSSPcalc_p( pipes_struct *p, unsigned char *data, int len)
+{
+    unsigned char *hash = p->ntlmssp_hash;
+    unsigned char index_i = hash[256];
+    unsigned char index_j = hash[257];
+    int ind;
+
+    for( ind = 0; ind < len; ind++) {
+        unsigned char tc;
+        unsigned char t;
+
+        index_i++;
+        index_j += hash[index_i];
+
+        tc = hash[index_i];
+        hash[index_i] = hash[index_j];
+        hash[index_j] = tc;
+
+        t = hash[index_i] + hash[index_j];
+        data[ind] = data[ind] ^ hash[t];
+    }
+
+    hash[256] = index_i;
+    hash[257] = index_j;
+}
+
+/*******************************************************************
+ Generate the next PDU to be returned from the data in p->rdata. 
+ We cheat here as this function doesn't handle the special auth
+ footers of the authenticated bind response reply.
+ ********************************************************************/
+
+BOOL create_next_pdu(pipes_struct *p)
+{
+	RPC_HDR_RESP hdr_resp;
+	BOOL auth_verify = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SIGN) != 0);
+	BOOL auth_seal   = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SEAL) != 0);
+	uint32 data_len;
+	uint32 data_space_available;
+	uint32 data_len_left;
+	prs_struct outgoing_pdu;
+	char *data;
+	char *data_from;
+	uint32 data_pos;
+
+	/*
+	 * If we're in the fault state, keep returning fault PDU's until
+	 * the pipe gets closed. JRA.
+	 */
+
+	if(p->fault_state) {
+		setup_fault_pdu(p, NT_STATUS(0x1c010002));
+		return True;
+	}
+
+	memset((char *)&hdr_resp, '\0', sizeof(hdr_resp));
+
+	/* Change the incoming request header to a response. */
+	p->hdr.pkt_type = RPC_RESPONSE;
+
+	/* Set up rpc header flags. */
+	if (p->out_data.data_sent_length == 0)
+		p->hdr.flags = RPC_FLG_FIRST;
+	else
+		p->hdr.flags = 0;
+
+	/*
+	 * Work out how much we can fit in a single PDU.
+	 */
+
+	data_space_available = sizeof(p->out_data.current_pdu) - RPC_HEADER_LEN - RPC_HDR_RESP_LEN;
+	if(p->ntlmssp_auth_validated)
+		data_space_available -= (RPC_HDR_AUTH_LEN + RPC_AUTH_NTLMSSP_CHK_LEN);
+
+	/*
+	 * The amount we send is the minimum of the available
+	 * space and the amount left to send.
+	 */
+
+	data_len_left = prs_offset(&p->out_data.rdata) - p->out_data.data_sent_length;
+
+	/*
+	 * Ensure there really is data left to send.
+	 */
+
+	if(!data_len_left) {
+		DEBUG(0,("create_next_pdu: no data left to send !\n"));
+		return False;
+	}
+
+	data_len = MIN(data_len_left, data_space_available);
+
+	/*
+	 * Set up the alloc hint. This should be the data left to
+	 * send.
+	 */
+
+	hdr_resp.alloc_hint = data_len_left;
+
+	/*
+	 * Set up the header lengths.
+	 */
+
+	if (p->ntlmssp_auth_validated) {
+		p->hdr.frag_len = RPC_HEADER_LEN + RPC_HDR_RESP_LEN + data_len +
+					RPC_HDR_AUTH_LEN + RPC_AUTH_NTLMSSP_CHK_LEN;
+		p->hdr.auth_len = RPC_AUTH_NTLMSSP_CHK_LEN;
+	} else {
+		p->hdr.frag_len = RPC_HEADER_LEN + RPC_HDR_RESP_LEN + data_len;
+		p->hdr.auth_len = 0;
+	}
+
+	/*
+	 * Work out if this PDU will be the last.
+	 */
+
+	if(p->out_data.data_sent_length + data_len >= prs_offset(&p->out_data.rdata))
+		p->hdr.flags |= RPC_FLG_LAST;
+
+	/*
+	 * Init the parse struct to point at the outgoing
+	 * data.
+	 */
+
+	prs_init( &outgoing_pdu, 0, p->mem_ctx, MARSHALL);
+	prs_give_memory( &outgoing_pdu, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
+
+	/* Store the header in the data stream. */
+	if(!smb_io_rpc_hdr("hdr", &p->hdr, &outgoing_pdu, 0)) {
+		DEBUG(0,("create_next_pdu: failed to marshall RPC_HDR.\n"));
+		prs_mem_free(&outgoing_pdu);
+		return False;
+	}
+
+	if(!smb_io_rpc_hdr_resp("resp", &hdr_resp, &outgoing_pdu, 0)) {
+		DEBUG(0,("create_next_pdu: failed to marshall RPC_HDR_RESP.\n"));
+		prs_mem_free(&outgoing_pdu);
+		return False;
+	}
+
+	/* Store the current offset. */
+	data_pos = prs_offset(&outgoing_pdu);
+
+	/* Copy the data into the PDU. */
+	data_from = prs_data_p(&p->out_data.rdata) + p->out_data.data_sent_length;
+
+	if(!prs_append_data(&outgoing_pdu, data_from, data_len)) {
+		DEBUG(0,("create_next_pdu: failed to copy %u bytes of data.\n", (unsigned int)data_len));
+		prs_mem_free(&outgoing_pdu);
+		return False;
+	}
+
+	/*
+	 * Set data to point to where we copied the data into.
+	 */
+
+	data = prs_data_p(&outgoing_pdu) + data_pos;
+
+	if (p->hdr.auth_len > 0) {
+		uint32 crc32 = 0;
+
+		DEBUG(5,("create_next_pdu: sign: %s seal: %s data %d auth %d\n",
+			 BOOLSTR(auth_verify), BOOLSTR(auth_seal), data_len, p->hdr.auth_len));
+
+		if (auth_seal) {
+			crc32 = crc32_calc_buffer(data, data_len);
+			NTLMSSPcalc_p(p, (uchar*)data, data_len);
+		}
+
+		if (auth_seal || auth_verify) {
+			RPC_HDR_AUTH auth_info;
+
+			init_rpc_hdr_auth(&auth_info, NTLMSSP_AUTH_TYPE, NTLMSSP_AUTH_LEVEL, 
+					(auth_verify ? RPC_HDR_AUTH_LEN : 0), (auth_verify ? 1 : 0));
+			if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, &outgoing_pdu, 0)) {
+				DEBUG(0,("create_next_pdu: failed to marshall RPC_HDR_AUTH.\n"));
+				prs_mem_free(&outgoing_pdu);
+				return False;
+			}
+		}
+
+		if (auth_verify) {
+			RPC_AUTH_NTLMSSP_CHK ntlmssp_chk;
+			char *auth_data = prs_data_p(&outgoing_pdu);
+
+			p->ntlmssp_seq_num++;
+			init_rpc_auth_ntlmssp_chk(&ntlmssp_chk, NTLMSSP_SIGN_VERSION,
+					crc32, p->ntlmssp_seq_num++);
+			auth_data = prs_data_p(&outgoing_pdu) + prs_offset(&outgoing_pdu) + 4;
+			if(!smb_io_rpc_auth_ntlmssp_chk("auth_sign", &ntlmssp_chk, &outgoing_pdu, 0)) {
+				DEBUG(0,("create_next_pdu: failed to marshall RPC_AUTH_NTLMSSP_CHK.\n"));
+				prs_mem_free(&outgoing_pdu);
+				return False;
+			}
+			NTLMSSPcalc_p(p, (uchar*)auth_data, RPC_AUTH_NTLMSSP_CHK_LEN - 4);
+		}
+	}
+
+	/*
+	 * Setup the counts for this PDU.
+	 */
+
+	p->out_data.data_sent_length += data_len;
+	p->out_data.current_pdu_len = p->hdr.frag_len;
+	p->out_data.current_pdu_sent = 0;
+
+	prs_mem_free(&outgoing_pdu);
+	return True;
+}
+
+/*******************************************************************
+ Process an NTLMSSP authentication response.
+ If this function succeeds, the user has been authenticated
+ and their domain, name and calling workstation stored in
+ the pipe struct.
+ The initial challenge is stored in p->challenge.
+ *******************************************************************/
+
+static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlmssp_resp)
+{
+	uchar lm_owf[24];
+	uchar nt_owf[128];
+	int nt_pw_len;
+	int lm_pw_len;
+	fstring user_name;
+	fstring domain;
+	fstring wks;
+
+	NTSTATUS nt_status;
+
+	struct auth_context *auth_context = NULL;
+	auth_usersupplied_info *user_info = NULL;
+	auth_serversupplied_info *server_info = NULL;
+
+	uid_t uid;
+	uid_t gid;
+
+	DEBUG(5,("api_pipe_ntlmssp_verify: checking user details\n"));
+
+	memset(p->user_name, '\0', sizeof(p->user_name));
+	memset(p->pipe_user_name, '\0', sizeof(p->pipe_user_name));
+	memset(p->domain, '\0', sizeof(p->domain));
+	memset(p->wks, '\0', sizeof(p->wks));
+
+	/* Set up for non-authenticated user. */
+	delete_nt_token(&p->pipe_user.nt_user_token);
+	p->pipe_user.ngroups = 0;
+	SAFE_FREE( p->pipe_user.groups);
+
+	/* 
+	 * Setup an empty password for a guest user.
+	 */
+
+	/*
+	 * We always negotiate UNICODE.
+	 */
+
+	if (p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_UNICODE) {
+		rpcstr_pull(user_name, ntlmssp_resp->user, sizeof(fstring), ntlmssp_resp->hdr_usr.str_str_len*2, 0 );
+		rpcstr_pull(domain, ntlmssp_resp->domain, sizeof(fstring), ntlmssp_resp->hdr_domain.str_str_len*2, 0);
+		rpcstr_pull(wks, ntlmssp_resp->wks, sizeof(fstring), ntlmssp_resp->hdr_wks.str_str_len*2, 0);
+	} else {
+		pull_ascii_fstring(user_name, ntlmssp_resp->user);
+		pull_ascii_fstring(domain, ntlmssp_resp->domain);
+		pull_ascii_fstring(wks, ntlmssp_resp->wks);
+	}
+
+	DEBUG(5,("user: %s domain: %s wks: %s\n", user_name, domain, wks));
+
+	nt_pw_len = MIN(sizeof(nt_owf), ntlmssp_resp->hdr_nt_resp.str_str_len);
+	lm_pw_len = MIN(sizeof(lm_owf), ntlmssp_resp->hdr_lm_resp.str_str_len);
+
+	memcpy(lm_owf, ntlmssp_resp->lm_resp, sizeof(lm_owf));
+	memcpy(nt_owf, ntlmssp_resp->nt_resp, nt_pw_len);
+
+#ifdef DEBUG_PASSWORD
+	DEBUG(100,("lm, nt owfs, chal\n"));
+	dump_data(100, (char *)lm_owf, sizeof(lm_owf));
+	dump_data(100, (char *)nt_owf, nt_pw_len);
+	dump_data(100, (char *)p->challenge, 8);
+#endif
+
+	/*
+	 * Allow guest access. Patch from Shirish Kalele <kalele@veritas.com>.
+	 */
+
+	if (*user_name) {
+
+	 	/* 
+		 * Do the length checking only if user is not NULL.
+		 */
+
+ 		if (ntlmssp_resp->hdr_lm_resp.str_str_len == 0)
+ 			return False;
+ 		if (ntlmssp_resp->hdr_nt_resp.str_str_len == 0)
+ 			return False;
+ 		if (ntlmssp_resp->hdr_usr.str_str_len == 0)
+ 			return False;
+ 		if (ntlmssp_resp->hdr_domain.str_str_len == 0)
+ 			return False;
+ 		if (ntlmssp_resp->hdr_wks.str_str_len == 0)
+ 			return False;
+
+	}
+	
+	make_auth_context_fixed(&auth_context, (uchar*)p->challenge);
+
+	if (!make_user_info_netlogon_network(&user_info, 
+					     user_name, domain, wks,
+					     lm_owf, lm_pw_len, 
+					     nt_owf, nt_pw_len)) {
+		DEBUG(0,("make_user_info_netlogon_network failed!  Failing authenticaion.\n"));
+		return False;
+	}
+	
+	nt_status = auth_context->check_ntlm_password(auth_context, user_info, &server_info); 
+	
+	(auth_context->free)(&auth_context);
+	free_user_info(&user_info);
+	
+	p->ntlmssp_auth_validated = NT_STATUS_IS_OK(nt_status);
+	
+	if (!p->ntlmssp_auth_validated) {
+		DEBUG(1,("api_pipe_ntlmssp_verify: User [%s]\\[%s] from machine %s \
+failed authentication on named pipe %s.\n", domain, user_name, wks, p->name ));
+		free_server_info(&server_info);
+		return False;
+	}
+
+	/*
+	 * Set up the sign/seal data.
+	 */
+
+	{
+		uchar p24[24];
+		NTLMSSPOWFencrypt(server_info->first_8_lm_hash, lm_owf, p24);
+		{
+			unsigned char j = 0;
+			int ind;
+
+			unsigned char k2[8];
+
+			memcpy(k2, p24, 5);
+			k2[5] = 0xe5;
+			k2[6] = 0x38;
+			k2[7] = 0xb0;
+
+			for (ind = 0; ind < 256; ind++)
+				p->ntlmssp_hash[ind] = (unsigned char)ind;
+
+			for( ind = 0; ind < 256; ind++) {
+				unsigned char tc;
+
+				j += (p->ntlmssp_hash[ind] + k2[ind%8]);
+
+				tc = p->ntlmssp_hash[ind];
+				p->ntlmssp_hash[ind] = p->ntlmssp_hash[j];
+				p->ntlmssp_hash[j] = tc;
+			}
+
+			p->ntlmssp_hash[256] = 0;
+			p->ntlmssp_hash[257] = 0;
+		}
+/*		NTLMSSPhash(p->ntlmssp_hash, p24); */
+		p->ntlmssp_seq_num = 0;
+
+	}
+
+	fstrcpy(p->user_name, user_name);
+	fstrcpy(p->pipe_user_name, pdb_get_username(server_info->sam_account));
+	fstrcpy(p->domain, domain);
+	fstrcpy(p->wks, wks);
+
+	/*
+	 * Store the UNIX credential data (uid/gid pair) in the pipe structure.
+	 */
+
+	if (!IS_SAM_UNIX_USER(server_info->sam_account)) {
+		DEBUG(0,("Attempted authenticated pipe with invalid user.  No uid/gid in SAM_ACCOUNT\n"));
+		free_server_info(&server_info);
+		return False;
+	}
+	
+	memcpy(p->session_key, server_info->session_key, sizeof(p->session_key));
+
+	uid = pdb_get_uid(server_info->sam_account);
+	gid = pdb_get_gid(server_info->sam_account);
+
+	p->pipe_user.uid = uid;
+	p->pipe_user.gid = gid;
+
+	/* Set up pipe user group membership. */
+	initialise_groups(p->pipe_user_name, p->pipe_user.uid, p->pipe_user.gid);
+	get_current_groups( &p->pipe_user.ngroups, &p->pipe_user.groups);
+
+	if (server_info->ptok)
+		add_supplementary_nt_login_groups(&p->pipe_user.ngroups, &p->pipe_user.groups, &server_info->ptok);
+
+	/* Create an NT_USER_TOKEN struct for this user. */
+	p->pipe_user.nt_user_token = create_nt_token(p->pipe_user.uid,p->pipe_user.gid,
+						     p->pipe_user.ngroups, p->pipe_user.groups,
+						     server_info->guest, server_info->ptok);
+
+	p->ntlmssp_auth_validated = True;
+
+	pdb_free_sam(&server_info->sam_account);
+	return True;
+}
+
+/*******************************************************************
+ The switch table for the pipe names and the functions to handle them.
+ *******************************************************************/
+
+struct api_cmd
+{
+  char * pipe_clnt_name;
+  char * pipe_srv_name;
+  BOOL (*fn) (pipes_struct *);
+};
+
+static struct api_cmd api_fd_commands[] =
+{
+    { "lsarpc",   "lsass",   api_ntlsa_rpc },
+    { "samr",     "lsass",   api_samr_rpc },
+    { "srvsvc",   "ntsvcs",  api_srvsvc_rpc },
+    { "wkssvc",   "ntsvcs",  api_wkssvc_rpc },
+    { "NETLOGON", "lsass",   api_netlog_rpc },
+    { "winreg",   "winreg",  api_reg_rpc },
+    { "spoolss",  "spoolss", api_spoolss_rpc },
+    { "netdfs",   "netdfs" , api_netdfs_rpc },
+    { NULL,       NULL,      NULL }
+};
+
+/*******************************************************************
+ This is the client reply to our challenge for an authenticated 
+ bind request. The challenge we sent is in p->challenge.
+*******************************************************************/
+
+BOOL api_pipe_bind_auth_resp(pipes_struct *p, prs_struct *rpc_in_p)
+{
+	RPC_HDR_AUTHA autha_info;
+	RPC_AUTH_VERIFIER auth_verifier;
+	RPC_AUTH_NTLMSSP_RESP ntlmssp_resp;
+
+	DEBUG(5,("api_pipe_bind_auth_resp: decode request. %d\n", __LINE__));
+
+	if (p->hdr.auth_len == 0) {
+		DEBUG(0,("api_pipe_bind_auth_resp: No auth field sent !\n"));
+		return False;
+	}
+
+	/*
+	 * Decode the authentication verifier response.
+	 */
+
+	if(!smb_io_rpc_hdr_autha("", &autha_info, rpc_in_p, 0)) {
+		DEBUG(0,("api_pipe_bind_auth_resp: unmarshall of RPC_HDR_AUTHA failed.\n"));
+		return False;
+	}
+
+	if (autha_info.auth_type != NTLMSSP_AUTH_TYPE || autha_info.auth_level != NTLMSSP_AUTH_LEVEL) {
+		DEBUG(0,("api_pipe_bind_auth_resp: incorrect auth type (%d) or level (%d).\n",
+			(int)autha_info.auth_type, (int)autha_info.auth_level ));
+		return False;
+	}
+
+	if(!smb_io_rpc_auth_verifier("", &auth_verifier, rpc_in_p, 0)) {
+		DEBUG(0,("api_pipe_bind_auth_resp: unmarshall of RPC_AUTH_VERIFIER failed.\n"));
+		return False;
+	}
+
+	/*
+	 * Ensure this is a NTLMSSP_AUTH packet type.
+	 */
+
+	if (!rpc_auth_verifier_chk(&auth_verifier, "NTLMSSP", NTLMSSP_AUTH)) {
+		DEBUG(0,("api_pipe_bind_auth_resp: rpc_auth_verifier_chk failed.\n"));
+		return False;
+	}
+
+	if(!smb_io_rpc_auth_ntlmssp_resp("", &ntlmssp_resp, rpc_in_p, 0)) {
+		DEBUG(0,("api_pipe_bind_auth_resp: Failed to unmarshall RPC_AUTH_NTLMSSP_RESP.\n"));
+		return False;
+	}
+
+	/*
+	 * The following call actually checks the challenge/response data.
+	 * for correctness against the given DOMAIN\user name.
+	 */
+	
+	if (!api_pipe_ntlmssp_verify(p, &ntlmssp_resp))
+		return False;
+
+	p->pipe_bound = True
+;
+	return True;
+}
+
+/*******************************************************************
+ Marshall a bind_nak pdu.
+*******************************************************************/
+
+static BOOL setup_bind_nak(pipes_struct *p)
+{
+	prs_struct outgoing_rpc;
+	RPC_HDR nak_hdr;
+	uint16 zero = 0;
+
+	/* Free any memory in the current return data buffer. */
+	prs_mem_free(&p->out_data.rdata);
+
+	/*
+	 * Marshall directly into the outgoing PDU space. We
+	 * must do this as we need to set to the bind response
+	 * header and are never sending more than one PDU here.
+	 */
+
+	prs_init( &outgoing_rpc, 0, p->mem_ctx, MARSHALL);
+	prs_give_memory( &outgoing_rpc, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
+
+
+	/*
+	 * Initialize a bind_nak header.
+	 */
+
+	init_rpc_hdr(&nak_hdr, RPC_BINDNACK, RPC_FLG_FIRST | RPC_FLG_LAST,
+            p->hdr.call_id, RPC_HEADER_LEN + sizeof(uint16), 0);
+
+	/*
+	 * Marshall the header into the outgoing PDU.
+	 */
+
+	if(!smb_io_rpc_hdr("", &nak_hdr, &outgoing_rpc, 0)) {
+		DEBUG(0,("setup_bind_nak: marshalling of RPC_HDR failed.\n"));
+		prs_mem_free(&outgoing_rpc);
+		return False;
+	}
+
+	/*
+	 * Now add the reject reason.
+	 */
+
+	if(!prs_uint16("reject code", &outgoing_rpc, 0, &zero)) {
+		prs_mem_free(&outgoing_rpc);
+        return False;
+	}
+
+	p->out_data.data_sent_length = 0;
+	p->out_data.current_pdu_len = prs_offset(&outgoing_rpc);
+	p->out_data.current_pdu_sent = 0;
+
+	p->pipe_bound = False;
+
+	return True;
+}
+
+/*******************************************************************
+ Marshall a fault pdu.
+*******************************************************************/
+
+BOOL setup_fault_pdu(pipes_struct *p, NTSTATUS status)
+{
+	prs_struct outgoing_pdu;
+	RPC_HDR fault_hdr;
+	RPC_HDR_RESP hdr_resp;
+	RPC_HDR_FAULT fault_resp;
+
+	/* Free any memory in the current return data buffer. */
+	prs_mem_free(&p->out_data.rdata);
+
+	/*
+	 * Marshall directly into the outgoing PDU space. We
+	 * must do this as we need to set to the bind response
+	 * header and are never sending more than one PDU here.
+	 */
+
+	prs_init( &outgoing_pdu, 0, p->mem_ctx, MARSHALL);
+	prs_give_memory( &outgoing_pdu, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
+
+	/*
+	 * Initialize a fault header.
+	 */
+
+	init_rpc_hdr(&fault_hdr, RPC_FAULT, RPC_FLG_FIRST | RPC_FLG_LAST | RPC_FLG_NOCALL,
+            p->hdr.call_id, RPC_HEADER_LEN + RPC_HDR_RESP_LEN + RPC_HDR_FAULT_LEN, 0);
+
+	/*
+	 * Initialize the HDR_RESP and FAULT parts of the PDU.
+	 */
+
+	memset((char *)&hdr_resp, '\0', sizeof(hdr_resp));
+
+	fault_resp.status = status;
+	fault_resp.reserved = 0;
+
+	/*
+	 * Marshall the header into the outgoing PDU.
+	 */
+
+	if(!smb_io_rpc_hdr("", &fault_hdr, &outgoing_pdu, 0)) {
+		DEBUG(0,("setup_fault_pdu: marshalling of RPC_HDR failed.\n"));
+		prs_mem_free(&outgoing_pdu);
+		return False;
+	}
+
+	if(!smb_io_rpc_hdr_resp("resp", &hdr_resp, &outgoing_pdu, 0)) {
+		DEBUG(0,("setup_fault_pdu: failed to marshall RPC_HDR_RESP.\n"));
+		prs_mem_free(&outgoing_pdu);
+		return False;
+	}
+
+	if(!smb_io_rpc_hdr_fault("fault", &fault_resp, &outgoing_pdu, 0)) {
+		DEBUG(0,("setup_fault_pdu: failed to marshall RPC_HDR_FAULT.\n"));
+		prs_mem_free(&outgoing_pdu);
+		return False;
+	}
+
+	p->out_data.data_sent_length = 0;
+	p->out_data.current_pdu_len = prs_offset(&outgoing_pdu);
+	p->out_data.current_pdu_sent = 0;
+
+	prs_mem_free(&outgoing_pdu);
+	return True;
+}
+
+/*******************************************************************
+ Ensure a bind request has the correct abstract & transfer interface.
+ Used to reject unknown binds from Win2k.
+*******************************************************************/
+
+BOOL check_bind_req(char* pipe_name, RPC_IFACE* abstract,
+					RPC_IFACE* transfer)
+{
+	extern struct pipe_id_info pipe_names[];
+	int i=0;
+	fstring pname;
+	fstrcpy(pname,"\\PIPE\\");
+	fstrcat(pname,pipe_name);
+
+	for(i=0;pipe_names[i].client_pipe; i++) {
+		if(strequal(pipe_names[i].client_pipe, pname))
+			break;
+	}
+
+	if(pipe_names[i].client_pipe == NULL)
+		return False;
+
+	/* check the abstract interface */
+	if((abstract->version != pipe_names[i].abstr_syntax.version) ||
+		(memcmp(&abstract->uuid, &pipe_names[i].abstr_syntax.uuid,
+			sizeof(RPC_UUID)) != 0))
+		return False;
+
+	/* check the transfer interface */
+	if((transfer->version != pipe_names[i].trans_syntax.version) ||
+		(memcmp(&transfer->uuid, &pipe_names[i].trans_syntax.uuid,
+			sizeof(RPC_UUID)) != 0))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Respond to a pipe bind request.
+*******************************************************************/
+
+BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p)
+{
+	RPC_HDR_BA hdr_ba;
+	RPC_HDR_RB hdr_rb;
+	RPC_HDR_AUTH auth_info;
+	uint16 assoc_gid;
+	fstring ack_pipe_name;
+	prs_struct out_hdr_ba;
+	prs_struct out_auth;
+	prs_struct outgoing_rpc;
+	int i = 0;
+	int auth_len = 0;
+	enum RPC_PKT_TYPE reply_pkt_type;
+
+	p->ntlmssp_auth_requested = False;
+
+	DEBUG(5,("api_pipe_bind_req: decode request. %d\n", __LINE__));
+
+	/*
+	 * Try and find the correct pipe name to ensure
+	 * that this is a pipe name we support.
+	 */
+
+	for (i = 0; api_fd_commands[i].pipe_clnt_name; i++) {
+		if (strequal(api_fd_commands[i].pipe_clnt_name, p->name) &&
+		    api_fd_commands[i].fn != NULL) {
+			DEBUG(3,("api_pipe_bind_req: \\PIPE\\%s -> \\PIPE\\%s\n",
+			           api_fd_commands[i].pipe_clnt_name,
+			           api_fd_commands[i].pipe_srv_name));
+			fstrcpy(p->pipe_srv_name, api_fd_commands[i].pipe_srv_name);
+			break;
+		}
+	}
+
+	if (api_fd_commands[i].fn == NULL) {
+		DEBUG(3,("api_pipe_bind_req: Unknown pipe name %s in bind request.\n",
+			p->name ));
+		if(!setup_bind_nak(p))
+			return False;
+		return True;
+	}
+
+	/* decode the bind request */
+	if(!smb_io_rpc_hdr_rb("", &hdr_rb, rpc_in_p, 0))  {
+		DEBUG(0,("api_pipe_bind_req: unable to unmarshall RPC_HDR_RB struct.\n"));
+		return False;
+	}
+
+	/*
+	 * Check if this is an authenticated request.
+	 */
+
+	if (p->hdr.auth_len != 0) {
+		RPC_AUTH_VERIFIER auth_verifier;
+		RPC_AUTH_NTLMSSP_NEG ntlmssp_neg;
+
+		/* 
+		 * Decode the authentication verifier.
+		 */
+
+		if(!smb_io_rpc_hdr_auth("", &auth_info, rpc_in_p, 0)) {
+			DEBUG(0,("api_pipe_bind_req: unable to unmarshall RPC_HDR_AUTH struct.\n"));
+			return False;
+		}
+
+		/*
+		 * We only support NTLMSSP_AUTH_TYPE requests.
+		 */
+
+		if(auth_info.auth_type != NTLMSSP_AUTH_TYPE) {
+			DEBUG(0,("api_pipe_bind_req: unknown auth type %x requested.\n",
+				auth_info.auth_type ));
+			return False;
+		}
+
+		if(!smb_io_rpc_auth_verifier("", &auth_verifier, rpc_in_p, 0)) {
+			DEBUG(0,("api_pipe_bind_req: unable to unmarshall RPC_HDR_AUTH struct.\n"));
+			return False;
+		}
+
+		if(!strequal(auth_verifier.signature, "NTLMSSP")) {
+			DEBUG(0,("api_pipe_bind_req: auth_verifier.signature != NTLMSSP\n"));
+			return False;
+		}
+
+		if(auth_verifier.msg_type != NTLMSSP_NEGOTIATE) {
+			DEBUG(0,("api_pipe_bind_req: auth_verifier.msg_type (%d) != NTLMSSP_NEGOTIATE\n",
+				auth_verifier.msg_type));
+			return False;
+		}
+
+		if(!smb_io_rpc_auth_ntlmssp_neg("", &ntlmssp_neg, rpc_in_p, 0)) {
+			DEBUG(0,("api_pipe_bind_req: Failed to unmarshall RPC_AUTH_NTLMSSP_NEG.\n"));
+			return False;
+		}
+
+		p->ntlmssp_chal_flags = SMBD_NTLMSSP_NEG_FLAGS;
+		p->ntlmssp_auth_requested = True;
+	}
+
+	switch(p->hdr.pkt_type) {
+		case RPC_BIND:
+			/* name has to be \PIPE\xxxxx */
+			fstrcpy(ack_pipe_name, "\\PIPE\\");
+			fstrcat(ack_pipe_name, p->pipe_srv_name);
+			reply_pkt_type = RPC_BINDACK;
+			break;
+		case RPC_ALTCONT:
+			/* secondary address CAN be NULL
+			 * as the specs say it's ignored.
+			 * It MUST NULL to have the spoolss working.
+			 */
+			fstrcpy(ack_pipe_name,"");
+			reply_pkt_type = RPC_ALTCONTRESP;
+			break;
+		default:
+			return False;
+	}
+
+	DEBUG(5,("api_pipe_bind_req: make response. %d\n", __LINE__));
+
+	/* 
+	 * Marshall directly into the outgoing PDU space. We
+	 * must do this as we need to set to the bind response
+	 * header and are never sending more than one PDU here.
+	 */
+
+	prs_init( &outgoing_rpc, 0, p->mem_ctx, MARSHALL);
+	prs_give_memory( &outgoing_rpc, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
+
+	/*
+	 * Setup the memory to marshall the ba header, and the
+	 * auth footers.
+	 */
+
+	if(!prs_init(&out_hdr_ba, 1024, p->mem_ctx, MARSHALL)) {
+		DEBUG(0,("api_pipe_bind_req: malloc out_hdr_ba failed.\n"));
+		prs_mem_free(&outgoing_rpc);
+		return False;
+	}
+
+	if(!prs_init(&out_auth, 1024, p->mem_ctx, MARSHALL)) {
+		DEBUG(0,("pi_pipe_bind_req: malloc out_auth failed.\n"));
+		prs_mem_free(&outgoing_rpc);
+		prs_mem_free(&out_hdr_ba);
+		return False;
+	}
+
+	if (p->ntlmssp_auth_requested)
+		assoc_gid = 0x7a77;
+	else
+		assoc_gid = hdr_rb.bba.assoc_gid ? hdr_rb.bba.assoc_gid : 0x53f0;
+
+	/*
+	 * Create the bind response struct.
+	 */
+
+	/* If the requested abstract synt uuid doesn't match our client pipe,
+		reject the bind_ack & set the transfer interface synt to all 0's,
+		ver 0 (observed when NT5 attempts to bind to abstract interfaces
+		unknown to NT4)
+		Needed when adding entries to a DACL from NT5 - SK */
+
+	if(check_bind_req(p->name, &hdr_rb.abstract, &hdr_rb.transfer)) {
+		init_rpc_hdr_ba(&hdr_ba,
+	                MAX_PDU_FRAG_LEN,
+	                MAX_PDU_FRAG_LEN,
+	                assoc_gid,
+	                ack_pipe_name,
+	                0x1, 0x0, 0x0,
+	                &hdr_rb.transfer);
+	} else {
+		RPC_IFACE null_interface;
+		ZERO_STRUCT(null_interface);
+		/* Rejection reason: abstract syntax not supported */
+		init_rpc_hdr_ba(&hdr_ba, MAX_PDU_FRAG_LEN,
+					MAX_PDU_FRAG_LEN, assoc_gid,
+					ack_pipe_name, 0x1, 0x2, 0x1,
+					&null_interface);
+	}
+
+	/*
+	 * and marshall it.
+	 */
+
+	if(!smb_io_rpc_hdr_ba("", &hdr_ba, &out_hdr_ba, 0)) {
+		DEBUG(0,("api_pipe_bind_req: marshalling of RPC_HDR_BA failed.\n"));
+		goto err_exit;
+	}
+
+	/*
+	 * Now the authentication.
+	 */
+
+	if (p->ntlmssp_auth_requested) {
+		RPC_AUTH_VERIFIER auth_verifier;
+		RPC_AUTH_NTLMSSP_CHAL ntlmssp_chal;
+
+		generate_random_buffer(p->challenge, 8, False);
+
+		/*** Authentication info ***/
+
+		init_rpc_hdr_auth(&auth_info, NTLMSSP_AUTH_TYPE, NTLMSSP_AUTH_LEVEL, RPC_HDR_AUTH_LEN, 1);
+		if(!smb_io_rpc_hdr_auth("", &auth_info, &out_auth, 0)) {
+			DEBUG(0,("api_pipe_bind_req: marshalling of RPC_HDR_AUTH failed.\n"));
+			goto err_exit;
+		}
+
+		/*** NTLMSSP verifier ***/
+
+		init_rpc_auth_verifier(&auth_verifier, "NTLMSSP", NTLMSSP_CHALLENGE);
+		if(!smb_io_rpc_auth_verifier("", &auth_verifier, &out_auth, 0)) {
+			DEBUG(0,("api_pipe_bind_req: marshalling of RPC_AUTH_VERIFIER failed.\n"));
+			goto err_exit;
+		}
+
+		/* NTLMSSP challenge ***/
+
+		init_rpc_auth_ntlmssp_chal(&ntlmssp_chal, p->ntlmssp_chal_flags, p->challenge);
+		if(!smb_io_rpc_auth_ntlmssp_chal("", &ntlmssp_chal, &out_auth, 0)) {
+			DEBUG(0,("api_pipe_bind_req: marshalling of RPC_AUTH_NTLMSSP_CHAL failed.\n"));
+			goto err_exit;
+		}
+
+		/* Auth len in the rpc header doesn't include auth_header. */
+		auth_len = prs_offset(&out_auth) - RPC_HDR_AUTH_LEN;
+	}
+
+	/*
+	 * Create the header, now we know the length.
+	 */
+
+	init_rpc_hdr(&p->hdr, reply_pkt_type, RPC_FLG_FIRST | RPC_FLG_LAST,
+			p->hdr.call_id,
+			RPC_HEADER_LEN + prs_offset(&out_hdr_ba) + prs_offset(&out_auth),
+			auth_len);
+
+	/*
+	 * Marshall the header into the outgoing PDU.
+	 */
+
+	if(!smb_io_rpc_hdr("", &p->hdr, &outgoing_rpc, 0)) {
+		DEBUG(0,("pi_pipe_bind_req: marshalling of RPC_HDR failed.\n"));
+		goto err_exit;
+	}
+
+	/*
+	 * Now add the RPC_HDR_BA and any auth needed.
+	 */
+
+	if(!prs_append_prs_data( &outgoing_rpc, &out_hdr_ba)) {
+		DEBUG(0,("api_pipe_bind_req: append of RPC_HDR_BA failed.\n"));
+		goto err_exit;
+	}
+
+	if(p->ntlmssp_auth_requested && !prs_append_prs_data( &outgoing_rpc, &out_auth)) {
+		DEBUG(0,("api_pipe_bind_req: append of auth info failed.\n"));
+		goto err_exit;
+	}
+
+	if(!p->ntlmssp_auth_requested)
+		p->pipe_bound = True;
+
+	/*
+	 * Setup the lengths for the initial reply.
+	 */
+
+	p->out_data.data_sent_length = 0;
+	p->out_data.current_pdu_len = prs_offset(&outgoing_rpc);
+	p->out_data.current_pdu_sent = 0;
+
+	prs_mem_free(&out_hdr_ba);
+	prs_mem_free(&out_auth);
+
+	return True;
+
+  err_exit:
+
+	prs_mem_free(&outgoing_rpc);
+	prs_mem_free(&out_hdr_ba);
+	prs_mem_free(&out_auth);
+	return False;
+}
+
+/****************************************************************************
+ Deal with sign & seal processing on an RPC request.
+****************************************************************************/
+
+BOOL api_pipe_auth_process(pipes_struct *p, prs_struct *rpc_in)
+{
+	/*
+	 * We always negotiate the following two bits....
+	 */
+	BOOL auth_verify = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SIGN) != 0);
+	BOOL auth_seal   = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SEAL) != 0);
+	int data_len;
+	int auth_len;
+	uint32 old_offset;
+	uint32 crc32 = 0;
+
+	auth_len = p->hdr.auth_len;
+
+	if ((auth_len != RPC_AUTH_NTLMSSP_CHK_LEN) && auth_verify) {
+		DEBUG(0,("api_pipe_auth_process: Incorrect auth_len %d.\n", auth_len ));
+		return False;
+	}
+
+	/*
+	 * The following is that length of the data we must verify or unseal.
+	 * This doesn't include the RPC headers or the auth_len or the RPC_HDR_AUTH_LEN
+	 * preceeding the auth_data.
+	 */
+
+	data_len = p->hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN - 
+			(auth_verify ? RPC_HDR_AUTH_LEN : 0) - auth_len;
+	
+	DEBUG(5,("api_pipe_auth_process: sign: %s seal: %s data %d auth %d\n",
+	         BOOLSTR(auth_verify), BOOLSTR(auth_seal), data_len, auth_len));
+
+	if (auth_seal) {
+		/*
+		 * The data in rpc_in doesn't contain the RPC_HEADER as this
+		 * has already been consumed.
+		 */
+		char *data = prs_data_p(rpc_in) + RPC_HDR_REQ_LEN;
+		NTLMSSPcalc_p(p, (uchar*)data, data_len);
+		crc32 = crc32_calc_buffer(data, data_len);
+	}
+
+	old_offset = prs_offset(rpc_in);
+
+	if (auth_seal || auth_verify) {
+		RPC_HDR_AUTH auth_info;
+
+		if(!prs_set_offset(rpc_in, old_offset + data_len)) {
+			DEBUG(0,("api_pipe_auth_process: cannot move offset to %u.\n",
+				(unsigned int)old_offset + data_len ));
+			return False;
+		}
+
+		if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, rpc_in, 0)) {
+			DEBUG(0,("api_pipe_auth_process: failed to unmarshall RPC_HDR_AUTH.\n"));
+			return False;
+		}
+	}
+
+	if (auth_verify) {
+		RPC_AUTH_NTLMSSP_CHK ntlmssp_chk;
+		char *req_data = prs_data_p(rpc_in) + prs_offset(rpc_in) + 4;
+
+		DEBUG(5,("api_pipe_auth_process: auth %d\n", prs_offset(rpc_in) + 4));
+
+		/*
+		 * Ensure we have RPC_AUTH_NTLMSSP_CHK_LEN - 4 more bytes in the
+		 * incoming buffer.
+		 */
+		if(prs_mem_get(rpc_in, RPC_AUTH_NTLMSSP_CHK_LEN - 4) == NULL) {
+			DEBUG(0,("api_pipe_auth_process: missing %d bytes in buffer.\n",
+				RPC_AUTH_NTLMSSP_CHK_LEN - 4 ));
+			return False;
+		}
+
+		NTLMSSPcalc_p(p, (uchar*)req_data, RPC_AUTH_NTLMSSP_CHK_LEN - 4);
+		if(!smb_io_rpc_auth_ntlmssp_chk("auth_sign", &ntlmssp_chk, rpc_in, 0)) {
+			DEBUG(0,("api_pipe_auth_process: failed to unmarshall RPC_AUTH_NTLMSSP_CHK.\n"));
+			return False;
+		}
+
+		if (!rpc_auth_ntlmssp_chk(&ntlmssp_chk, crc32, p->ntlmssp_seq_num)) {
+			DEBUG(0,("api_pipe_auth_process: NTLMSSP check failed.\n"));
+			return False;
+		}
+	}
+
+	/*
+	 * Return the current pointer to the data offset.
+	 */
+
+	if(!prs_set_offset(rpc_in, old_offset)) {
+		DEBUG(0,("api_pipe_auth_process: failed to set offset back to %u\n",
+			(unsigned int)old_offset ));
+		return False;
+	}
+
+	return True;
+}
+
+/****************************************************************************
+ Return a user struct for a pipe user.
+****************************************************************************/
+
+struct current_user *get_current_user(struct current_user *user, pipes_struct *p)
+{
+	if (p->ntlmssp_auth_validated) {
+		memcpy(user, &p->pipe_user, sizeof(struct current_user));
+	} else {
+		extern struct current_user current_user;
+		memcpy(user, &current_user, sizeof(struct current_user));
+	}
+
+	return user;
+}
+
+/****************************************************************************
+ Find the correct RPC function to call for this request.
+ If the pipe is authenticated then become the correct UNIX user
+ before doing the call.
+****************************************************************************/
+
+BOOL api_pipe_request(pipes_struct *p)
+{
+	int i = 0;
+	BOOL ret = False;
+
+	if (p->ntlmssp_auth_validated) {
+
+		if(!become_authenticated_pipe_user(p)) {
+			prs_mem_free(&p->out_data.rdata);
+			return False;
+		}
+	}
+
+	for (i = 0; api_fd_commands[i].pipe_clnt_name; i++) {
+		if (strequal(api_fd_commands[i].pipe_clnt_name, p->name) &&
+		    api_fd_commands[i].fn != NULL) {
+			DEBUG(3,("Doing \\PIPE\\%s\n", api_fd_commands[i].pipe_clnt_name));
+			set_current_rpc_talloc(p->mem_ctx);
+			ret = api_fd_commands[i].fn(p);
+			set_current_rpc_talloc(NULL);
+		}
+	}
+
+	if(p->ntlmssp_auth_validated)
+		unbecome_authenticated_pipe_user();
+
+	return ret;
+}
+
+/*******************************************************************
+ Calls the underlying RPC function for a named pipe.
+ ********************************************************************/
+
+BOOL api_rpcTNP(pipes_struct *p, char *rpc_name, 
+		struct api_struct *api_rpc_cmds)
+{
+	int fn_num;
+	fstring name;
+	uint32 offset1, offset2;
+ 
+	/* interpret the command */
+	DEBUG(4,("api_rpcTNP: %s op 0x%x - ", rpc_name, p->hdr_req.opnum));
+
+	slprintf(name, sizeof(name)-1, "in_%s", rpc_name);
+	prs_dump(name, p->hdr_req.opnum, &p->in_data.data);
+
+	for (fn_num = 0; api_rpc_cmds[fn_num].name; fn_num++) {
+		if (api_rpc_cmds[fn_num].opnum == p->hdr_req.opnum && api_rpc_cmds[fn_num].fn != NULL) {
+			DEBUG(3,("api_rpcTNP: rpc command: %s\n", api_rpc_cmds[fn_num].name));
+			break;
+		}
+	}
+
+	if (api_rpc_cmds[fn_num].name == NULL) {
+		/*
+		 * For an unknown RPC just return a fault PDU but
+		 * return True to allow RPC's on the pipe to continue
+		 * and not put the pipe into fault state. JRA.
+		 */
+		DEBUG(4, ("unknown\n"));
+		setup_fault_pdu(p, NT_STATUS(0x1c010002));
+		return True;
+	}
+
+	offset1 = prs_offset(&p->out_data.rdata);
+
+	/* do the actual command */
+	if(!api_rpc_cmds[fn_num].fn(p)) {
+		DEBUG(0,("api_rpcTNP: %s: %s failed.\n", rpc_name, api_rpc_cmds[fn_num].name));
+		prs_mem_free(&p->out_data.rdata);
+		return False;
+	}
+
+	if (p->bad_handle_fault_state) {
+		DEBUG(4,("api_rpcTNP: bad handle fault return.\n"));
+		p->bad_handle_fault_state = False;
+		setup_fault_pdu(p, NT_STATUS(0x1C00001A));
+		return True;
+	}
+
+	slprintf(name, sizeof(name)-1, "out_%s", rpc_name);
+	offset2 = prs_offset(&p->out_data.rdata);
+	prs_set_offset(&p->out_data.rdata, offset1);
+	prs_dump(name, p->hdr_req.opnum, &p->out_data.rdata);
+	prs_set_offset(&p->out_data.rdata, offset2);
+
+	DEBUG(5,("api_rpcTNP: called %s successfully\n", rpc_name));
+
+	/* Check for buffer underflow in rpc parsing */
+
+	if ((DEBUGLEVEL >= 10) && 
+	    (p->in_data.data.data_offset != p->in_data.data.buffer_size)) {
+		int data_len = p->in_data.data.buffer_size - 
+			p->in_data.data.data_offset;
+		char *data;
+
+		data = malloc(data_len);
+
+		DEBUG(10, ("api_rpcTNP: rpc input buffer underflow (parse error?)\n"));
+		if (data) {
+			prs_uint8s(False, "", &p->in_data.data, 0, (unsigned char *)data,
+				   data_len);
+			SAFE_FREE(data);
+		}
+
+	}
+
+	return True;
+}
diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c
new file mode 100644
index 0000000000..44dd5fac65
--- /dev/null
+++ b/source3/rpc_server/srv_pipe_hnd.c
@@ -0,0 +1,1131 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell              1992-1998,
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
+ *  Copyright (C) Jeremy Allison				    1999.
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+#define	PIPE		"\\PIPE\\"
+#define	PIPELEN		strlen(PIPE)
+
+static smb_np_struct *chain_p;
+static int pipes_open;
+
+#ifndef MAX_OPEN_PIPES
+#define MAX_OPEN_PIPES 2048
+#endif
+
+static smb_np_struct *Pipes;
+static pipes_struct *InternalPipes;
+static struct bitmap *bmap;
+
+/* TODO
+ * the following prototypes are declared here to avoid
+ * code being moved about too much for a patch to be
+ * disrupted / less obvious.
+ *
+ * these functions, and associated functions that they
+ * call, should be moved behind a .so module-loading
+ * system _anyway_.  so that's the next step...
+ */
+
+static ssize_t read_from_internal_pipe(void *np_conn, char *data, size_t n,
+		BOOL *is_data_outstanding);
+static ssize_t write_to_internal_pipe(void *np_conn, char *data, size_t n);
+static BOOL close_internal_rpc_pipe_hnd(void *np_conn);
+static void *make_internal_rpc_pipe_p(char *pipe_name, 
+			      connection_struct *conn, uint16 vuid);
+
+/****************************************************************************
+ Pipe iterator functions.
+****************************************************************************/
+
+smb_np_struct *get_first_pipe(void)
+{
+	return Pipes;
+}
+
+smb_np_struct *get_next_pipe(smb_np_struct *p)
+{
+	return p->next;
+}
+
+/****************************************************************************
+ Internal Pipe iterator functions.
+****************************************************************************/
+
+pipes_struct *get_first_internal_pipe(void)
+{
+	return InternalPipes;
+}
+
+pipes_struct *get_next_internal_pipe(pipes_struct *p)
+{
+	return p->next;
+}
+
+/* this must be larger than the sum of the open files and directories */
+static int pipe_handle_offset;
+
+/****************************************************************************
+ Set the pipe_handle_offset. Called from smbd/files.c
+****************************************************************************/
+
+void set_pipe_handle_offset(int max_open_files)
+{
+  if(max_open_files < 0x7000)
+    pipe_handle_offset = 0x7000;
+  else
+    pipe_handle_offset = max_open_files + 10; /* For safety. :-) */
+}
+
+/****************************************************************************
+ Reset pipe chain handle number.
+****************************************************************************/
+void reset_chain_p(void)
+{
+	chain_p = NULL;
+}
+
+/****************************************************************************
+ Initialise pipe handle states.
+****************************************************************************/
+
+void init_rpc_pipe_hnd(void)
+{
+	bmap = bitmap_allocate(MAX_OPEN_PIPES);
+	if (!bmap)
+		exit_server("out of memory in init_rpc_pipe_hnd");
+}
+
+/****************************************************************************
+ Initialise an outgoing packet.
+****************************************************************************/
+
+static BOOL pipe_init_outgoing_data(pipes_struct *p)
+{
+	output_data *o_data = &p->out_data;
+
+	/* Reset the offset counters. */
+	o_data->data_sent_length = 0;
+	o_data->current_pdu_len = 0;
+	o_data->current_pdu_sent = 0;
+
+	memset(o_data->current_pdu, '\0', sizeof(o_data->current_pdu));
+
+	/* Free any memory in the current return data buffer. */
+	prs_mem_free(&o_data->rdata);
+
+	/*
+	 * Initialize the outgoing RPC data buffer.
+	 * we will use this as the raw data area for replying to rpc requests.
+	 */	
+	if(!prs_init(&o_data->rdata, MAX_PDU_FRAG_LEN, p->mem_ctx, MARSHALL)) {
+		DEBUG(0,("pipe_init_outgoing_data: malloc fail.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/****************************************************************************
+ Find first available pipe slot.
+****************************************************************************/
+
+smb_np_struct *open_rpc_pipe_p(char *pipe_name, 
+			      connection_struct *conn, uint16 vuid)
+{
+	int i;
+	smb_np_struct *p, *p_it;
+	static int next_pipe;
+
+	DEBUG(4,("Open pipe requested %s (pipes_open=%d)\n",
+		 pipe_name, pipes_open));
+
+	
+	/* not repeating pipe numbers makes it easier to track things in 
+	   log files and prevents client bugs where pipe numbers are reused
+	   over connection restarts */
+	if (next_pipe == 0)
+		next_pipe = (sys_getpid() ^ time(NULL)) % MAX_OPEN_PIPES;
+
+	i = bitmap_find(bmap, next_pipe);
+
+	if (i == -1) {
+		DEBUG(0,("ERROR! Out of pipe structures\n"));
+		return NULL;
+	}
+
+	next_pipe = (i+1) % MAX_OPEN_PIPES;
+
+	for (p = Pipes; p; p = p->next)
+		DEBUG(5,("open_rpc_pipe_p: name %s pnum=%x\n", p->name, p->pnum));  
+
+	p = (smb_np_struct *)malloc(sizeof(*p));
+
+	if (!p)
+	{
+		DEBUG(0,("ERROR! no memory for pipes_struct!\n"));
+		return NULL;
+	}
+
+	ZERO_STRUCTP(p);
+
+	/* add a dso mechanism instead of this, here */
+
+	p->namedpipe_create = make_internal_rpc_pipe_p;
+	p->namedpipe_read = read_from_internal_pipe;
+	p->namedpipe_write = write_to_internal_pipe;
+	p->namedpipe_close = close_internal_rpc_pipe_hnd;
+
+	p->np_state = p->namedpipe_create(pipe_name, conn, vuid);
+
+	if (p->np_state == NULL) {
+
+		DEBUG(0,("open_rpc_pipe_p: make_internal_rpc_pipe_p failed.\n"));
+		SAFE_FREE(p);
+		return NULL;
+	}
+
+
+	DLIST_ADD(Pipes, p);
+
+	/*
+	 * Initialize the incoming RPC data buffer with one PDU worth of memory.
+	 * We cheat here and say we're marshalling, as we intend to add incoming
+	 * data directly into the prs_struct and we want it to auto grow. We will
+	 * change the type to UNMARSALLING before processing the stream.
+	 */
+
+	bitmap_set(bmap, i);
+	i += pipe_handle_offset;
+
+	pipes_open++;
+
+	p->pnum = i;
+
+	p->open = True;
+	p->device_state = 0;
+	p->priority = 0;
+	p->conn = conn;
+	p->vuid  = vuid;
+
+	p->max_trans_reply = 0;
+	
+	fstrcpy(p->name, pipe_name);
+	
+	DEBUG(4,("Opened pipe %s with handle %x (pipes_open=%d)\n",
+		 pipe_name, i, pipes_open));
+	
+	chain_p = p;
+	
+	/* Iterate over p_it as a temp variable, to display all open pipes */ 
+	for (p_it = Pipes; p_it; p_it = p_it->next)
+		DEBUG(5,("open pipes: name %s pnum=%x\n", p_it->name, p_it->pnum));  
+
+	return chain_p;
+}
+
+/****************************************************************************
+ * make an internal namedpipes structure
+****************************************************************************/
+
+static void *make_internal_rpc_pipe_p(char *pipe_name, 
+			      connection_struct *conn, uint16 vuid)
+{
+	pipes_struct *p;
+	user_struct *vuser = get_valid_user_struct(vuid);
+
+	DEBUG(4,("Create pipe requested %s\n", pipe_name));
+
+	if (!vuser && vuid != UID_FIELD_INVALID) {
+		DEBUG(0,("ERROR! vuid %d did not map to a valid vuser struct!\n", vuid));
+		return NULL;
+	}
+
+	p = (pipes_struct *)malloc(sizeof(*p));
+
+	if (!p)
+	{
+		DEBUG(0,("ERROR! no memory for pipes_struct!\n"));
+		return NULL;
+	}
+
+	ZERO_STRUCTP(p);
+
+	if ((p->mem_ctx = talloc_init()) == NULL) {
+		DEBUG(0,("open_rpc_pipe_p: talloc_init failed.\n"));
+		SAFE_FREE(p);
+		return NULL;
+	}
+
+	if (!init_pipe_handle_list(p, pipe_name)) {
+		DEBUG(0,("open_rpc_pipe_p: init_pipe_handles failed.\n"));
+		talloc_destroy(p->mem_ctx);
+		SAFE_FREE(p);
+		return NULL;
+	}
+
+	/*
+	 * Initialize the incoming RPC data buffer with one PDU worth of memory.
+	 * We cheat here and say we're marshalling, as we intend to add incoming
+	 * data directly into the prs_struct and we want it to auto grow. We will
+	 * change the type to UNMARSALLING before processing the stream.
+	 */
+
+	if(!prs_init(&p->in_data.data, MAX_PDU_FRAG_LEN, p->mem_ctx, MARSHALL)) {
+		DEBUG(0,("open_rpc_pipe_p: malloc fail for in_data struct.\n"));
+		return NULL;
+	}
+
+	DLIST_ADD(InternalPipes, p);
+
+	p->conn = conn;
+	p->vuid  = vuid;
+
+	p->ntlmssp_chal_flags = 0;
+	p->ntlmssp_auth_validated = False;
+	p->ntlmssp_auth_requested = False;
+
+	p->pipe_bound = False;
+	p->fault_state = False;
+	p->endian = RPC_LITTLE_ENDIAN;
+
+	ZERO_STRUCT(p->pipe_user);
+
+	p->pipe_user.uid = (uid_t)-1;
+	p->pipe_user.gid = (gid_t)-1;
+	
+	/* Store the session key */
+	if (vuser) {
+		memcpy(p->session_key, vuser->session_key, sizeof(p->session_key));
+	}
+
+	/*
+	 * Initialize the incoming RPC struct.
+	 */
+
+	p->in_data.pdu_needed_len = 0;
+	p->in_data.pdu_received_len = 0;
+
+	/*
+	 * Initialize the outgoing RPC struct.
+	 */
+
+	p->out_data.current_pdu_len = 0;
+	p->out_data.current_pdu_sent = 0;
+	p->out_data.data_sent_length = 0;
+
+	/*
+	 * Initialize the outgoing RPC data buffer with no memory.
+	 */	
+	prs_init(&p->out_data.rdata, 0, p->mem_ctx, MARSHALL);
+	
+	fstrcpy(p->name, pipe_name);
+	
+	DEBUG(4,("Created internal pipe %s (pipes_open=%d)\n",
+		 pipe_name, pipes_open));
+
+	return (void*)p;
+}
+
+/****************************************************************************
+ Sets the fault state on incoming packets.
+****************************************************************************/
+
+static void set_incoming_fault(pipes_struct *p)
+{
+	prs_mem_free(&p->in_data.data);
+	p->in_data.pdu_needed_len = 0;
+	p->in_data.pdu_received_len = 0;
+	p->fault_state = True;
+	DEBUG(10,("set_incoming_fault: Setting fault state on pipe %s : vuid = 0x%x\n",
+		p->name, p->vuid ));
+}
+
+/****************************************************************************
+ Ensures we have at least RPC_HEADER_LEN amount of data in the incoming buffer.
+****************************************************************************/
+
+static ssize_t fill_rpc_header(pipes_struct *p, char *data, size_t data_to_copy)
+{
+	size_t len_needed_to_complete_hdr = MIN(data_to_copy, RPC_HEADER_LEN - p->in_data.pdu_received_len);
+
+	DEBUG(10,("fill_rpc_header: data_to_copy = %u, len_needed_to_complete_hdr = %u, receive_len = %u\n",
+			(unsigned int)data_to_copy, (unsigned int)len_needed_to_complete_hdr,
+			(unsigned int)p->in_data.pdu_received_len ));
+
+	memcpy((char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, len_needed_to_complete_hdr);
+	p->in_data.pdu_received_len += len_needed_to_complete_hdr;
+
+	return (ssize_t)len_needed_to_complete_hdr;
+}
+
+/****************************************************************************
+ Unmarshalls a new PDU header. Assumes the raw header data is in current_in_pdu.
+****************************************************************************/
+
+static ssize_t unmarshall_rpc_header(pipes_struct *p)
+{
+	/*
+	 * Unmarshall the header to determine the needed length.
+	 */
+
+	prs_struct rpc_in;
+
+	if(p->in_data.pdu_received_len != RPC_HEADER_LEN) {
+		DEBUG(0,("unmarshall_rpc_header: assert on rpc header length failed.\n"));
+		set_incoming_fault(p);
+		return -1;
+	}
+
+	prs_init( &rpc_in, 0, p->mem_ctx, UNMARSHALL);
+	prs_set_endian_data( &rpc_in, p->endian);
+
+	prs_give_memory( &rpc_in, (char *)&p->in_data.current_in_pdu[0],
+					p->in_data.pdu_received_len, False);
+
+	/*
+	 * Unmarshall the header as this will tell us how much
+	 * data we need to read to get the complete pdu.
+	 * This also sets the endian flag in rpc_in.
+	 */
+
+	if(!smb_io_rpc_hdr("", &p->hdr, &rpc_in, 0)) {
+		DEBUG(0,("unmarshall_rpc_header: failed to unmarshall RPC_HDR.\n"));
+		set_incoming_fault(p);
+		prs_mem_free(&rpc_in);
+		return -1;
+	}
+
+	/*
+	 * Validate the RPC header.
+	 */
+
+	if(p->hdr.major != 5 && p->hdr.minor != 0) {
+		DEBUG(0,("unmarshall_rpc_header: invalid major/minor numbers in RPC_HDR.\n"));
+		set_incoming_fault(p);
+		prs_mem_free(&rpc_in);
+		return -1;
+	}
+
+	/*
+	 * If there's not data in the incoming buffer this should be the start of a new RPC.
+	 */
+
+	if(prs_offset(&p->in_data.data) == 0) {
+
+		/*
+		 * AS/U doesn't set FIRST flag in a BIND packet it seems.
+		 */
+
+		if ((p->hdr.pkt_type == RPC_REQUEST) && !(p->hdr.flags & RPC_FLG_FIRST)) {
+			/*
+			 * Ensure that the FIRST flag is set. If not then we have
+			 * a stream missmatch.
+			 */
+
+			DEBUG(0,("unmarshall_rpc_header: FIRST flag not set in first PDU !\n"));
+			set_incoming_fault(p);
+			prs_mem_free(&rpc_in);
+			return -1;
+		}
+
+		/*
+		 * If this is the first PDU then set the endianness
+		 * flag in the pipe. We will need this when parsing all
+		 * data in this RPC.
+		 */
+
+		p->endian = rpc_in.bigendian_data;
+
+		DEBUG(5,("unmarshall_rpc_header: using %sendian RPC\n",
+				p->endian == RPC_LITTLE_ENDIAN ? "little-" : "big-" ));
+
+	} else {
+
+		/*
+		 * If this is *NOT* the first PDU then check the endianness
+		 * flag in the pipe is the same as that in the PDU.
+		 */
+
+		if (p->endian != rpc_in.bigendian_data) {
+			DEBUG(0,("unmarshall_rpc_header: FIRST endianness flag (%d) different in next PDU !\n", (int)p->endian));
+			set_incoming_fault(p);
+			prs_mem_free(&rpc_in);
+			return -1;
+		}
+	}
+
+	/*
+	 * Ensure that the pdu length is sane.
+	 */
+
+	if((p->hdr.frag_len < RPC_HEADER_LEN) || (p->hdr.frag_len > MAX_PDU_FRAG_LEN)) {
+		DEBUG(0,("unmarshall_rpc_header: assert on frag length failed.\n"));
+		set_incoming_fault(p);
+		prs_mem_free(&rpc_in);
+		return -1;
+	}
+
+	DEBUG(10,("unmarshall_rpc_header: type = %u, flags = %u\n", (unsigned int)p->hdr.pkt_type,
+			(unsigned int)p->hdr.flags ));
+
+	/*
+	 * Adjust for the header we just ate.
+	 */
+	p->in_data.pdu_received_len = 0;
+	p->in_data.pdu_needed_len = (uint32)p->hdr.frag_len - RPC_HEADER_LEN;
+
+	/*
+	 * Null the data we just ate.
+	 */
+
+	memset((char *)&p->in_data.current_in_pdu[0], '\0', RPC_HEADER_LEN);
+
+	prs_mem_free(&rpc_in);
+
+	return 0; /* No extra data processed. */
+}
+
+/****************************************************************************
+ Call this to free any talloc'ed memory. Do this before and after processing
+ a complete PDU.
+****************************************************************************/
+
+void free_pipe_context(pipes_struct *p)
+{
+	if (p->mem_ctx) {
+		DEBUG(3,("free_pipe_context: destroying talloc pool of size %u\n", talloc_pool_size(p->mem_ctx) ));
+		talloc_destroy_pool(p->mem_ctx);
+	} else {
+		p->mem_ctx = talloc_init();
+		if (p->mem_ctx == NULL)
+			p->fault_state = True;
+	}
+}
+
+/****************************************************************************
+ Processes a request pdu. This will do auth processing if needed, and
+ appends the data into the complete stream if the LAST flag is not set.
+****************************************************************************/
+
+static BOOL process_request_pdu(pipes_struct *p, prs_struct *rpc_in_p)
+{
+	BOOL auth_verify = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SIGN) != 0);
+	size_t data_len = p->hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN -
+				(auth_verify ? RPC_HDR_AUTH_LEN : 0) - p->hdr.auth_len;
+
+	if(!p->pipe_bound) {
+		DEBUG(0,("process_request_pdu: rpc request with no bind.\n"));
+		set_incoming_fault(p);
+		return False;
+	}
+
+	/*
+	 * Check if we need to do authentication processing.
+	 * This is only done on requests, not binds.
+	 */
+
+	/*
+	 * Read the RPC request header.
+	 */
+
+	if(!smb_io_rpc_hdr_req("req", &p->hdr_req, rpc_in_p, 0)) {
+		DEBUG(0,("process_request_pdu: failed to unmarshall RPC_HDR_REQ.\n"));
+		set_incoming_fault(p);
+		return False;
+	}
+
+	if(p->ntlmssp_auth_validated && !api_pipe_auth_process(p, rpc_in_p)) {
+		DEBUG(0,("process_request_pdu: failed to do auth processing.\n"));
+		set_incoming_fault(p);
+		return False;
+	}
+
+	if (p->ntlmssp_auth_requested && !p->ntlmssp_auth_validated) {
+
+		/*
+		 * Authentication _was_ requested and it already failed.
+		 */
+
+		DEBUG(0,("process_request_pdu: RPC request received on pipe %s where \
+authentication failed. Denying the request.\n", p->name));
+		set_incoming_fault(p);
+        return False;
+    }
+
+	/*
+	 * Check the data length doesn't go over the 15Mb limit.
+	 * increased after observing a bug in the Windows NT 4.0 SP6a
+	 * spoolsv.exe when the response to a GETPRINTERDRIVER2 RPC
+	 * will not fit in the initial buffer of size 0x1068   --jerry 22/01/2002
+	 */
+	
+	if(prs_offset(&p->in_data.data) + data_len > 15*1024*1024) {
+		DEBUG(0,("process_request_pdu: rpc data buffer too large (%u) + (%u)\n",
+				(unsigned int)prs_data_size(&p->in_data.data), (unsigned int)data_len ));
+		set_incoming_fault(p);
+		return False;
+	}
+
+	/*
+	 * Append the data portion into the buffer and return.
+	 */
+
+	{
+		char *data_from = prs_data_p(rpc_in_p) + prs_offset(rpc_in_p);
+
+		if(!prs_append_data(&p->in_data.data, data_from, data_len)) {
+			DEBUG(0,("process_request_pdu: Unable to append data size %u to parse buffer of size %u.\n",
+					(unsigned int)data_len, (unsigned int)prs_data_size(&p->in_data.data) ));
+			set_incoming_fault(p);
+			return False;
+		}
+
+	}
+
+	if(p->hdr.flags & RPC_FLG_LAST) {
+		BOOL ret = False;
+		/*
+		 * Ok - we finally have a complete RPC stream.
+		 * Call the rpc command to process it.
+		 */
+
+		/*
+		 * Ensure the internal prs buffer size is *exactly* the same
+		 * size as the current offset.
+		 */
+
+ 		if(!prs_set_buffer_size(&p->in_data.data, prs_offset(&p->in_data.data)))
+		{
+			DEBUG(0,("process_request_pdu: Call to prs_set_buffer_size failed!\n"));
+			set_incoming_fault(p);
+			return False;
+		}
+
+		/*
+		 * Set the parse offset to the start of the data and set the
+		 * prs_struct to UNMARSHALL.
+		 */
+
+		prs_set_offset(&p->in_data.data, 0);
+		prs_switch_type(&p->in_data.data, UNMARSHALL);
+
+		/*
+		 * Process the complete data stream here.
+		 */
+
+		free_pipe_context(p);
+
+		if(pipe_init_outgoing_data(p))
+			ret = api_pipe_request(p);
+
+		free_pipe_context(p);
+
+		/*
+		 * We have consumed the whole data stream. Set back to
+		 * marshalling and set the offset back to the start of
+		 * the buffer to re-use it (we could also do a prs_mem_free()
+		 * and then re_init on the next start of PDU. Not sure which
+		 * is best here.... JRA.
+		 */
+
+		prs_switch_type(&p->in_data.data, MARSHALL);
+		prs_set_offset(&p->in_data.data, 0);
+		return ret;
+	}
+
+	return True;
+}
+
+/****************************************************************************
+ Processes a finished PDU stored in current_in_pdu. The RPC_HEADER has
+ already been parsed and stored in p->hdr.
+****************************************************************************/
+
+static ssize_t process_complete_pdu(pipes_struct *p)
+{
+	prs_struct rpc_in;
+	size_t data_len = p->in_data.pdu_received_len;
+	char *data_p = (char *)&p->in_data.current_in_pdu[0];
+	BOOL reply = False;
+
+	if(p->fault_state) {
+		DEBUG(10,("process_complete_pdu: pipe %s in fault state.\n",
+			p->name ));
+		set_incoming_fault(p);
+		setup_fault_pdu(p, NT_STATUS(0x1c010002));
+		return (ssize_t)data_len;
+	}
+
+	prs_init( &rpc_in, 0, p->mem_ctx, UNMARSHALL);
+
+	/*
+	 * Ensure we're using the corrent endianness for both the 
+	 * RPC header flags and the raw data we will be reading from.
+	 */
+
+	prs_set_endian_data( &rpc_in, p->endian);
+	prs_set_endian_data( &p->in_data.data, p->endian);
+
+	prs_give_memory( &rpc_in, data_p, (uint32)data_len, False);
+
+	DEBUG(10,("process_complete_pdu: processing packet type %u\n",
+			(unsigned int)p->hdr.pkt_type ));
+
+	switch (p->hdr.pkt_type) {
+		case RPC_BIND:
+		case RPC_ALTCONT:
+			/*
+			 * We assume that a pipe bind is only in one pdu.
+			 */
+			if(pipe_init_outgoing_data(p))
+				reply = api_pipe_bind_req(p, &rpc_in);
+			break;
+		case RPC_BINDRESP:
+			/*
+			 * We assume that a pipe bind_resp is only in one pdu.
+			 */
+			if(pipe_init_outgoing_data(p))
+				reply = api_pipe_bind_auth_resp(p, &rpc_in);
+			break;
+		case RPC_REQUEST:
+			reply = process_request_pdu(p, &rpc_in);
+			break;
+		default:
+			DEBUG(0,("process_complete_pdu: Unknown rpc type = %u received.\n", (unsigned int)p->hdr.pkt_type ));
+			break;
+	}
+
+	/* Reset to little endian. Probably don't need this but it won't hurt. */
+	prs_set_endian_data( &p->in_data.data, RPC_LITTLE_ENDIAN);
+
+	if (!reply) {
+		DEBUG(3,("process_complete_pdu: DCE/RPC fault sent on pipe %s\n", p->pipe_srv_name));
+		set_incoming_fault(p);
+		setup_fault_pdu(p, NT_STATUS(0x1c010002));
+		prs_mem_free(&rpc_in);
+	} else {
+		/*
+		 * Reset the lengths. We're ready for a new pdu.
+		 */
+		p->in_data.pdu_needed_len = 0;
+		p->in_data.pdu_received_len = 0;
+	}
+
+	prs_mem_free(&rpc_in);
+	return (ssize_t)data_len;
+}
+
+/****************************************************************************
+ Accepts incoming data on an rpc pipe. Processes the data in pdu sized units.
+****************************************************************************/
+
+static ssize_t process_incoming_data(pipes_struct *p, char *data, size_t n)
+{
+	size_t data_to_copy = MIN(n, MAX_PDU_FRAG_LEN - p->in_data.pdu_received_len);
+
+	DEBUG(10,("process_incoming_data: Start: pdu_received_len = %u, pdu_needed_len = %u, incoming data = %u\n",
+		(unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len,
+		(unsigned int)n ));
+
+	if(data_to_copy == 0) {
+		/*
+		 * This is an error - data is being received and there is no
+		 * space in the PDU. Free the received data and go into the fault state.
+		 */
+		DEBUG(0,("process_incoming_data: No space in incoming pdu buffer. Current size = %u \
+incoming data size = %u\n", (unsigned int)p->in_data.pdu_received_len, (unsigned int)n ));
+		set_incoming_fault(p);
+		return -1;
+	}
+
+	/*
+	 * If we have no data already, wait until we get at least a RPC_HEADER_LEN
+	 * number of bytes before we can do anything.
+	 */
+
+	if((p->in_data.pdu_needed_len == 0) && (p->in_data.pdu_received_len < RPC_HEADER_LEN)) {
+		/*
+		 * Always return here. If we have more data then the RPC_HEADER
+		 * will be processed the next time around the loop.
+		 */
+		return fill_rpc_header(p, data, data_to_copy);
+	}
+
+	/*
+	 * At this point we know we have at least an RPC_HEADER_LEN amount of data
+	 * stored in current_in_pdu.
+	 */
+
+	/*
+	 * If pdu_needed_len is zero this is a new pdu. 
+	 * Unmarshall the header so we know how much more
+	 * data we need, then loop again.
+	 */
+
+	if(p->in_data.pdu_needed_len == 0)
+		return unmarshall_rpc_header(p);
+
+	/*
+	 * Ok - at this point we have a valid RPC_HEADER in p->hdr.
+	 * Keep reading until we have a full pdu.
+	 */
+
+	data_to_copy = MIN(data_to_copy, p->in_data.pdu_needed_len);
+
+	/*
+	 * Copy as much of the data as we need into the current_in_pdu buffer.
+	 */
+
+	memcpy( (char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, data_to_copy);
+	p->in_data.pdu_received_len += data_to_copy;
+
+	/*
+	 * Do we have a complete PDU ?
+	 */
+
+	if(p->in_data.pdu_received_len == p->in_data.pdu_needed_len)
+		return process_complete_pdu(p);
+
+	DEBUG(10,("process_incoming_data: not a complete PDU yet. pdu_received_len = %u, pdu_needed_len = %u\n",
+		(unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len ));
+
+	return (ssize_t)data_to_copy;
+
+}
+
+/****************************************************************************
+ Accepts incoming data on an rpc pipe.
+****************************************************************************/
+
+ssize_t write_to_pipe(smb_np_struct *p, char *data, size_t n)
+{
+	DEBUG(6,("write_to_pipe: %x", p->pnum));
+
+	DEBUG(6,(" name: %s open: %s len: %d\n",
+		 p->name, BOOLSTR(p->open), (int)n));
+
+	dump_data(50, data, n);
+
+	return p->namedpipe_write(p->np_state, data, n);
+}
+
+/****************************************************************************
+ Accepts incoming data on an internal rpc pipe.
+****************************************************************************/
+
+static ssize_t write_to_internal_pipe(void *np_conn, char *data, size_t n)
+{
+	pipes_struct *p = (pipes_struct*)np_conn;
+	size_t data_left = n;
+
+	while(data_left) {
+		ssize_t data_used;
+
+		DEBUG(10,("write_to_pipe: data_left = %u\n", (unsigned int)data_left ));
+
+		data_used = process_incoming_data(p, data, data_left);
+
+		DEBUG(10,("write_to_pipe: data_used = %d\n", (int)data_used ));
+
+		if(data_used < 0)
+			return -1;
+
+		data_left -= data_used;
+		data += data_used;
+	}	
+
+	return n;
+}
+
+/****************************************************************************
+ Replies to a request to read data from a pipe.
+
+ Headers are interspersed with the data at PDU intervals. By the time
+ this function is called, the start of the data could possibly have been
+ read by an SMBtrans (file_offset != 0).
+
+ Calling create_rpc_reply() here is a hack. The data should already
+ have been prepared into arrays of headers + data stream sections.
+****************************************************************************/
+
+ssize_t read_from_pipe(smb_np_struct *p, char *data, size_t n,
+		BOOL *is_data_outstanding)
+{
+	if (!p || !p->open) {
+		DEBUG(0,("read_from_pipe: pipe not open\n"));
+		return -1;		
+	}
+
+	DEBUG(6,("read_from_pipe: %x", p->pnum));
+
+	return p->namedpipe_read(p->np_state, data, n, is_data_outstanding);
+}
+
+/****************************************************************************
+ Replies to a request to read data from a pipe.
+
+ Headers are interspersed with the data at PDU intervals. By the time
+ this function is called, the start of the data could possibly have been
+ read by an SMBtrans (file_offset != 0).
+
+ Calling create_rpc_reply() here is a hack. The data should already
+ have been prepared into arrays of headers + data stream sections.
+****************************************************************************/
+
+static ssize_t read_from_internal_pipe(void *np_conn, char *data, size_t n,
+		BOOL *is_data_outstanding)
+{
+	pipes_struct *p = (pipes_struct*)np_conn;
+	uint32 pdu_remaining = 0;
+	ssize_t data_returned = 0;
+
+	if (!p) {
+		DEBUG(0,("read_from_pipe: pipe not open\n"));
+		return -1;		
+	}
+
+	DEBUG(6,(" name: %s len: %u\n", p->name, (unsigned int)n));
+
+	/*
+	 * We cannot return more than one PDU length per
+	 * read request.
+	 */
+
+	/*
+	 * This condition should result in the connection being closed.  
+	 * Netapp filers seem to set it to 0xffff which results in domain
+	 * authentications failing.  Just ignore it so things work.
+	 */
+
+	if(n > MAX_PDU_FRAG_LEN) {
+                DEBUG(5,("read_from_pipe: too large read (%u) requested on \
+pipe %s. We can only service %d sized reads.\n", (unsigned int)n, p->name, MAX_PDU_FRAG_LEN ));
+	}
+
+	/*
+ 	 * Determine if there is still data to send in the
+	 * pipe PDU buffer. Always send this first. Never
+	 * send more than is left in the current PDU. The
+	 * client should send a new read request for a new
+	 * PDU.
+	 */
+
+	if((pdu_remaining = p->out_data.current_pdu_len - p->out_data.current_pdu_sent) > 0) {
+		data_returned = (ssize_t)MIN(n, pdu_remaining);
+
+		DEBUG(10,("read_from_pipe: %s: current_pdu_len = %u, current_pdu_sent = %u \
+returning %d bytes.\n", p->name, (unsigned int)p->out_data.current_pdu_len, 
+			(unsigned int)p->out_data.current_pdu_sent, (int)data_returned));
+
+		memcpy( data, &p->out_data.current_pdu[p->out_data.current_pdu_sent], (size_t)data_returned);
+		p->out_data.current_pdu_sent += (uint32)data_returned;
+		goto out;
+	}
+
+	/*
+	 * At this point p->current_pdu_len == p->current_pdu_sent (which
+	 * may of course be zero if this is the first return fragment.
+	 */
+
+	DEBUG(10,("read_from_pipe: %s: fault_state = %d : data_sent_length \
+= %u, prs_offset(&p->out_data.rdata) = %u.\n",
+		p->name, (int)p->fault_state, (unsigned int)p->out_data.data_sent_length, (unsigned int)prs_offset(&p->out_data.rdata) ));
+
+	if(p->out_data.data_sent_length >= prs_offset(&p->out_data.rdata)) {
+		/*
+		 * We have sent all possible data, return 0.
+		 */
+		data_returned = 0;
+		goto out;
+	}
+
+	/*
+	 * We need to create a new PDU from the data left in p->rdata.
+	 * Create the header/data/footers. This also sets up the fields
+	 * p->current_pdu_len, p->current_pdu_sent, p->data_sent_length
+	 * and stores the outgoing PDU in p->current_pdu.
+	 */
+
+	if(!create_next_pdu(p)) {
+		DEBUG(0,("read_from_pipe: %s: create_next_pdu failed.\n", p->name));
+		return -1;
+	}
+
+	data_returned = MIN(n, p->out_data.current_pdu_len);
+
+	memcpy( data, p->out_data.current_pdu, (size_t)data_returned);
+	p->out_data.current_pdu_sent += (uint32)data_returned;
+
+  out:
+
+	(*is_data_outstanding) = p->out_data.current_pdu_len > n;
+	return data_returned;
+}
+
+/****************************************************************************
+ Wait device state on a pipe. Exactly what this is for is unknown...
+****************************************************************************/
+
+BOOL wait_rpc_pipe_hnd_state(smb_np_struct *p, uint16 priority)
+{
+	if (p == NULL)
+		return False;
+
+	if (p->open) {
+		DEBUG(3,("wait_rpc_pipe_hnd_state: Setting pipe wait state priority=%x on pipe (name=%s)\n",
+		         priority, p->name));
+
+		p->priority = priority;
+		
+		return True;
+	} 
+
+	DEBUG(3,("wait_rpc_pipe_hnd_state: Error setting pipe wait state priority=%x (name=%s)\n",
+		 priority, p->name));
+	return False;
+}
+
+
+/****************************************************************************
+ Set device state on a pipe. Exactly what this is for is unknown...
+****************************************************************************/
+
+BOOL set_rpc_pipe_hnd_state(smb_np_struct *p, uint16 device_state)
+{
+	if (p == NULL)
+		return False;
+
+	if (p->open) {
+		DEBUG(3,("set_rpc_pipe_hnd_state: Setting pipe device state=%x on pipe (name=%s)\n",
+		         device_state, p->name));
+
+		p->device_state = device_state;
+		
+		return True;
+	} 
+
+	DEBUG(3,("set_rpc_pipe_hnd_state: Error setting pipe device state=%x (name=%s)\n",
+		 device_state, p->name));
+	return False;
+}
+
+
+/****************************************************************************
+ Close an rpc pipe.
+****************************************************************************/
+
+BOOL close_rpc_pipe_hnd(smb_np_struct *p)
+{
+	if (!p) {
+		DEBUG(0,("Invalid pipe in close_rpc_pipe_hnd\n"));
+		return False;
+	}
+
+	p->namedpipe_close(p->np_state);
+
+	bitmap_clear(bmap, p->pnum - pipe_handle_offset);
+
+	pipes_open--;
+
+	DEBUG(4,("closed pipe name %s pnum=%x (pipes_open=%d)\n", 
+		 p->name, p->pnum, pipes_open));  
+
+	DLIST_REMOVE(Pipes, p);
+
+	ZERO_STRUCTP(p);
+
+	SAFE_FREE(p);
+	
+	return True;
+}
+
+/****************************************************************************
+ Close an rpc pipe.
+****************************************************************************/
+
+static BOOL close_internal_rpc_pipe_hnd(void *np_conn)
+{
+	pipes_struct *p = (pipes_struct *)np_conn;
+	if (!p) {
+		DEBUG(0,("Invalid pipe in close_internal_rpc_pipe_hnd\n"));
+		return False;
+	}
+
+	prs_mem_free(&p->out_data.rdata);
+	prs_mem_free(&p->in_data.data);
+
+	if (p->mem_ctx)
+		talloc_destroy(p->mem_ctx);
+
+	/* Free the handles database. */
+	close_policy_by_pipe(p);
+
+	delete_nt_token(&p->pipe_user.nt_user_token);
+	SAFE_FREE(p->pipe_user.groups);
+
+	DLIST_REMOVE(InternalPipes, p);
+
+	ZERO_STRUCTP(p);
+
+	SAFE_FREE(p);
+	
+	return True;
+}
+
+/****************************************************************************
+ Find an rpc pipe given a pipe handle in a buffer and an offset.
+****************************************************************************/
+
+smb_np_struct *get_rpc_pipe_p(char *buf, int where)
+{
+	int pnum = SVAL(buf,where);
+
+	if (chain_p)
+		return chain_p;
+
+	return get_rpc_pipe(pnum);
+}
+
+/****************************************************************************
+ Find an rpc pipe given a pipe handle.
+****************************************************************************/
+
+smb_np_struct *get_rpc_pipe(int pnum)
+{
+	smb_np_struct *p;
+
+	DEBUG(4,("search for pipe pnum=%x\n", pnum));
+
+	for (p=Pipes;p;p=p->next)
+		DEBUG(5,("pipe name %s pnum=%x (pipes_open=%d)\n", 
+		          p->name, p->pnum, pipes_open));  
+
+	for (p=Pipes;p;p=p->next) {
+		if (p->pnum == pnum) {
+			chain_p = p;
+			return p;
+		}
+	}
+
+	return NULL;
+}
diff --git a/source3/rpc_server/srv_reg.c b/source3/rpc_server/srv_reg.c
new file mode 100644
index 0000000000..569f3fb8b1
--- /dev/null
+++ b/source3/rpc_server/srv_reg.c
@@ -0,0 +1,208 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell              1992-1997,
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
+ *  Copyright (C) Paul Ashton                       1997.
+ *  Copyright (C) Marc Jacobsen						2000.
+ *  Copyright (C) Jeremy Allison					2001.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+/* This is the interface for the registry functions. */
+
+#include "includes.h"
+
+/*******************************************************************
+ api_reg_close
+ ********************************************************************/
+
+static BOOL api_reg_close(pipes_struct *p)
+{
+	REG_Q_CLOSE q_u;
+	REG_R_CLOSE r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* grab the reg unknown 1 */
+	if(!reg_io_q_close("", &q_u, data, 0))
+		return False;
+
+	r_u.status = _reg_close(p, &q_u, &r_u);
+
+	if(!reg_io_r_close("", &r_u, rdata, 0))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ api_reg_open
+ ********************************************************************/
+
+static BOOL api_reg_open(pipes_struct *p)
+{
+	REG_Q_OPEN_HKLM q_u;
+	REG_R_OPEN_HKLM r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* grab the reg open */
+	if(!reg_io_q_open_hklm("", &q_u, data, 0))
+		return False;
+
+	r_u.status = _reg_open(p, &q_u, &r_u);
+
+	if(!reg_io_r_open_hklm("", &r_u, rdata, 0))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ api_reg_open_entry
+ ********************************************************************/
+
+static BOOL api_reg_open_entry(pipes_struct *p)
+{
+	REG_Q_OPEN_ENTRY q_u;
+	REG_R_OPEN_ENTRY r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* grab the reg open entry */
+	if(!reg_io_q_open_entry("", &q_u, data, 0))
+		return False;
+
+	/* construct reply. */
+	r_u.status = _reg_open_entry(p, &q_u, &r_u);
+
+	if(!reg_io_r_open_entry("", &r_u, rdata, 0))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ api_reg_info
+ ********************************************************************/
+
+static BOOL api_reg_info(pipes_struct *p)
+{
+	REG_Q_INFO q_u;
+	REG_R_INFO r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* grab the reg unknown 0x11*/
+	if(!reg_io_q_info("", &q_u, data, 0))
+		return False;
+
+	r_u.status = _reg_info(p, &q_u, &r_u);
+
+	if(!reg_io_r_info("", &r_u, rdata, 0))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ api_reg_shutdown
+ ********************************************************************/
+
+static BOOL api_reg_shutdown(pipes_struct *p)
+{
+	REG_Q_SHUTDOWN q_u;
+	REG_R_SHUTDOWN r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* grab the reg shutdown */
+	if(!reg_io_q_shutdown("", &q_u, data, 0))
+		return False;
+
+	r_u.status = _reg_shutdown(p, &q_u, &r_u);
+
+	if(!reg_io_r_shutdown("", &r_u, rdata, 0))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ api_reg_abort_shutdown
+ ********************************************************************/
+
+static BOOL api_reg_abort_shutdown(pipes_struct *p)
+{
+	REG_Q_ABORT_SHUTDOWN q_u;
+	REG_R_ABORT_SHUTDOWN r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* grab the reg shutdown */
+	if(!reg_io_q_abort_shutdown("", &q_u, data, 0))
+		return False;
+
+	r_u.status = _reg_abort_shutdown(p, &q_u, &r_u);
+
+	if(!reg_io_r_abort_shutdown("", &r_u, rdata, 0))
+		return False;
+
+	return True;
+}
+
+
+/*******************************************************************
+ array of \PIPE\reg operations
+ ********************************************************************/
+static struct api_struct api_reg_cmds[] =
+{
+	{ "REG_CLOSE"        , REG_CLOSE        , api_reg_close        },
+	{ "REG_OPEN_ENTRY"   , REG_OPEN_ENTRY   , api_reg_open_entry   },
+	{ "REG_OPEN"         , REG_OPEN_HKLM    , api_reg_open         },
+	{ "REG_INFO"         , REG_INFO         , api_reg_info         },
+	{ "REG_SHUTDOWN"     , REG_SHUTDOWN     , api_reg_shutdown     },
+	{ "REG_ABORT_SHUTDOWN", REG_ABORT_SHUTDOWN, api_reg_abort_shutdown },
+	{ NULL,                0                , NULL                 }
+};
+
+/*******************************************************************
+ receives a reg pipe and responds.
+ ********************************************************************/
+
+BOOL api_reg_rpc(pipes_struct *p)
+{
+	return api_rpcTNP(p, "api_reg_rpc", api_reg_cmds);
+}
diff --git a/source3/rpc_server/srv_reg_nt.c b/source3/rpc_server/srv_reg_nt.c
new file mode 100644
index 0000000000..adedd4a8fa
--- /dev/null
+++ b/source3/rpc_server/srv_reg_nt.c
@@ -0,0 +1,236 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell              1992-1997,
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
+ *  Copyright (C) Paul Ashton                       1997.
+ *  Copyright (C) Hewlett-Packard Company           1999.
+ *  Copyright (C) Jeremy Allison					2001.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+/* Implementation of registry functions. */
+
+#include "includes.h"
+
+struct reg_info {
+	/* for use by \PIPE\winreg */
+	fstring name; /* name of registry key */
+};
+
+static void free_reg_info(void *ptr)
+{
+	struct reg_info *info = (struct reg_info *)ptr;
+
+	SAFE_FREE(info);
+}
+
+/*******************************************************************
+ reg_reply_unknown_1
+ ********************************************************************/
+
+NTSTATUS _reg_close(pipes_struct *p, REG_Q_CLOSE *q_u, REG_R_CLOSE *r_u)
+{
+	/* set up the REG unknown_1 response */
+	ZERO_STRUCT(r_u->pol);
+
+	/* close the policy handle */
+	if (!close_policy_hnd(p, &q_u->pol))
+		return NT_STATUS_OBJECT_NAME_INVALID;
+
+	return NT_STATUS_OK;
+}
+
+/*******************************************************************
+ reg_reply_open
+ ********************************************************************/
+
+NTSTATUS _reg_open(pipes_struct *p, REG_Q_OPEN_HKLM *q_u, REG_R_OPEN_HKLM *r_u)
+{
+	if (!create_policy_hnd(p, &r_u->pol, free_reg_info, NULL))
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+
+	return NT_STATUS_OK;
+}
+
+/*******************************************************************
+ reg_reply_open_entry
+ ********************************************************************/
+
+NTSTATUS _reg_open_entry(pipes_struct *p, REG_Q_OPEN_ENTRY *q_u, REG_R_OPEN_ENTRY *r_u)
+{
+	POLICY_HND pol;
+	fstring name;
+	struct reg_info *info = NULL;
+
+	DEBUG(5,("reg_open_entry: %d\n", __LINE__));
+
+	if (!find_policy_by_hnd(p, &q_u->pol, NULL))
+		return NT_STATUS_INVALID_HANDLE;
+
+	rpcstr_pull(name,q_u->uni_name.buffer,sizeof(name),q_u->uni_name.uni_str_len*2,0);
+
+	DEBUG(5,("reg_open_entry: %s\n", name));
+
+	/* lkcl XXXX do a check on the name, here */
+	if (!strequal(name, "SYSTEM\\CurrentControlSet\\Control\\ProductOptions") &&
+	    !strequal(name, "System\\CurrentControlSet\\services\\Netlogon\\parameters\\"))
+			return NT_STATUS_ACCESS_DENIED;
+
+	if ((info = (struct reg_info *)malloc(sizeof(struct reg_info))) == NULL)
+		return NT_STATUS_NO_MEMORY;
+
+	ZERO_STRUCTP(info);
+	fstrcpy(info->name, name);
+
+	if (!create_policy_hnd(p, &pol, free_reg_info, (void *)info))
+		return NT_STATUS_TOO_MANY_SECRETS; /* ha ha very droll */
+
+	init_reg_r_open_entry(r_u, &pol, NT_STATUS_OK);
+
+	DEBUG(5,("reg_open_entry: %d\n", __LINE__));
+
+	return r_u->status;
+}
+
+/*******************************************************************
+ reg_reply_info
+ ********************************************************************/
+
+NTSTATUS _reg_info(pipes_struct *p, REG_Q_INFO *q_u, REG_R_INFO *r_u)
+{
+	NTSTATUS status = NT_STATUS_OK;
+	char *key = NULL;
+	uint32 type=0x1; /* key type: REG_SZ */
+
+	UNISTR2 *uni_key = NULL;
+	BUFFER2 *buf = NULL;
+	fstring name;
+
+	DEBUG(5,("_reg_info: %d\n", __LINE__));
+
+	if (!find_policy_by_hnd(p, &q_u->pol, NULL))
+		return NT_STATUS_INVALID_HANDLE;
+
+	rpcstr_pull(name, q_u->uni_type.buffer, sizeof(name), q_u->uni_type.uni_str_len*2, 0);
+
+	DEBUG(5,("reg_info: checking key: %s\n", name));
+
+	uni_key = (UNISTR2 *)talloc_zero(p->mem_ctx, sizeof(UNISTR2));
+	buf = (BUFFER2 *)talloc_zero(p->mem_ctx, sizeof(BUFFER2));
+
+	if (!uni_key || !buf)
+		return NT_STATUS_NO_MEMORY;
+
+	if ( strequal(name, "RefusePasswordChange") ) {
+		type=0xF770;
+		status = NT_STATUS_NO_SUCH_FILE;
+		init_unistr2(uni_key, "", 0);
+		init_buffer2(buf, (uint8*) uni_key->buffer, uni_key->uni_str_len*2);
+		
+		buf->buf_max_len=4;
+
+		goto out;
+	}
+
+	switch (lp_server_role()) {
+	case ROLE_DOMAIN_PDC:
+	case ROLE_DOMAIN_BDC:
+		key = "LanmanNT";
+		break;
+	case ROLE_STANDALONE:
+		key = "ServerNT";
+		break;
+	case ROLE_DOMAIN_MEMBER:
+		key = "WinNT";
+		break;
+	}
+
+	/* This makes the server look like a member server to clients */
+	/* which tells clients that we have our own local user and    */
+	/* group databases and helps with ACL support.                */
+
+	init_unistr2(uni_key, key, strlen(key)+1);
+	init_buffer2(buf, (uint8*)uni_key->buffer, uni_key->uni_str_len*2);
+  
+ out:
+	init_reg_r_info(q_u->ptr_buf, r_u, buf, type, status);
+
+	DEBUG(5,("reg_open_entry: %d\n", __LINE__));
+
+	return status;
+}
+
+/*******************************************************************
+ reg_shutdwon
+ ********************************************************************/
+
+#define SHUTDOWN_R_STRING "-r"
+#define SHUTDOWN_F_STRING "-f"
+
+
+NTSTATUS _reg_shutdown(pipes_struct *p, REG_Q_SHUTDOWN *q_u, REG_R_SHUTDOWN *r_u)
+{
+	NTSTATUS status = NT_STATUS_OK;
+	pstring shutdown_script;
+	UNISTR2 unimsg = q_u->uni_msg;
+	pstring message;
+	pstring chkmsg;
+	fstring timeout;
+	fstring r;
+	fstring f;
+	
+	/* message */
+	rpcstr_pull (message, unimsg.buffer, sizeof(message), unimsg.uni_str_len*2,0);
+		/* security check */
+	alpha_strcpy (chkmsg, message, NULL, sizeof(message));
+	/* timeout */
+	snprintf(timeout, sizeof(timeout), "%d", q_u->timeout);
+	/* reboot */
+	snprintf(r, sizeof(r), (q_u->flags & REG_REBOOT_ON_SHUTDOWN)?SHUTDOWN_R_STRING:"");
+	/* force */
+	snprintf(f, sizeof(f), (q_u->flags & REG_FORCE_SHUTDOWN)?SHUTDOWN_F_STRING:"");
+
+	pstrcpy(shutdown_script, lp_shutdown_script());
+
+	if(*shutdown_script) {
+		int shutdown_ret;
+		all_string_sub(shutdown_script, "%m", chkmsg, sizeof(shutdown_script));
+		all_string_sub(shutdown_script, "%t", timeout, sizeof(shutdown_script));
+		all_string_sub(shutdown_script, "%r", r, sizeof(shutdown_script));
+		all_string_sub(shutdown_script, "%f", f, sizeof(shutdown_script));
+		shutdown_ret = smbrun(shutdown_script,NULL);
+		DEBUG(3,("_reg_shutdown: Running the command `%s' gave %d\n",shutdown_script,shutdown_ret));
+	}
+
+	return status;
+}
+
+NTSTATUS _reg_abort_shutdown(pipes_struct *p, REG_Q_ABORT_SHUTDOWN *q_u, REG_R_ABORT_SHUTDOWN *r_u)
+{
+	NTSTATUS status = NT_STATUS_OK;
+	pstring abort_shutdown_script;
+
+	pstrcpy(abort_shutdown_script, lp_abort_shutdown_script());
+
+	if(*abort_shutdown_script) {
+		int abort_shutdown_ret;
+		abort_shutdown_ret = smbrun(abort_shutdown_script,NULL);
+		DEBUG(3,("_reg_abort_shutdown: Running the command `%s' gave %d\n",abort_shutdown_script,abort_shutdown_ret));
+	}
+
+	return status;
+}
diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c
new file mode 100644
index 0000000000..c555305bce
--- /dev/null
+++ b/source3/rpc_server/srv_samr.c
@@ -0,0 +1,1442 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell              1992-1997,
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
+ *  Copyright (C) Paul Ashton                       1997.
+ *  Copyright (C) Marc Jacobsen			    1999.
+ *  Copyright (C) Jean François Micouleau      1998-2001.
+ *	
+ * 	Split into interface and implementation modules by, 
+ *
+ *  Copyright (C) Jeremy Allison                    2001.
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+/*
+ * This is the interface to the SAMR code.
+ */
+
+#include "includes.h"
+
+/*******************************************************************
+ api_samr_close_hnd
+ ********************************************************************/
+
+static BOOL api_samr_close_hnd(pipes_struct *p)
+{
+	SAMR_Q_CLOSE_HND q_u;
+	SAMR_R_CLOSE_HND r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!samr_io_q_close_hnd("", &q_u, data, 0)) {
+		DEBUG(0,("api_samr_close_hnd: unable to unmarshall SAMR_Q_CLOSE_HND.\n"));
+		return False;
+	}
+
+	r_u.status = _samr_close_hnd(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!samr_io_r_close_hnd("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_samr_close_hnd: unable to marshall SAMR_R_CLOSE_HND.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ api_samr_open_domain
+ ********************************************************************/
+
+static BOOL api_samr_open_domain(pipes_struct *p)
+{
+	SAMR_Q_OPEN_DOMAIN q_u;
+	SAMR_R_OPEN_DOMAIN r_u;
+
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!samr_io_q_open_domain("", &q_u, data, 0)) {
+		DEBUG(0,("api_samr_open_domain: unable to unmarshall SAMR_Q_OPEN_DOMAIN.\n"));
+		return False;
+	}
+
+	r_u.status = _samr_open_domain(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!samr_io_r_open_domain("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_samr_open_domain: unable to marshall SAMR_R_OPEN_DOMAIN.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ api_samr_get_usrdom_pwinfo
+ ********************************************************************/
+
+static BOOL api_samr_get_usrdom_pwinfo(pipes_struct *p)
+{
+	SAMR_Q_GET_USRDOM_PWINFO q_u;
+	SAMR_R_GET_USRDOM_PWINFO r_u;
+
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!samr_io_q_get_usrdom_pwinfo("", &q_u, data, 0)) {
+		DEBUG(0,("api_samr_get_usrdom_pwinfo: unable to unmarshall SAMR_Q_GET_USRDOM_PWINFO.\n"));
+		return False;
+	}
+
+	r_u.status = _samr_get_usrdom_pwinfo(p, &q_u, &r_u);
+
+	if(!samr_io_r_get_usrdom_pwinfo("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_samr_get_usrdom_pwinfo: unable to marshall SAMR_R_GET_USRDOM_PWINFO.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ api_samr_query_sec_obj
+ ********************************************************************/
+
+static BOOL api_samr_query_sec_obj(pipes_struct *p)
+{
+	SAMR_Q_QUERY_SEC_OBJ q_u;
+	SAMR_R_QUERY_SEC_OBJ r_u;
+
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!samr_io_q_query_sec_obj("", &q_u, data, 0)) {
+		DEBUG(0,("api_samr_query_sec_obj: unable to unmarshall SAMR_Q_QUERY_SEC_OBJ.\n"));
+		return False;
+	}
+
+	r_u.status = _samr_query_sec_obj(p, &q_u, &r_u);
+
+	if(!samr_io_r_query_sec_obj("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_samr_query_sec_obj: unable to marshall SAMR_R_QUERY_SEC_OBJ.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ api_samr_enum_dom_users
+ ********************************************************************/
+
+static BOOL api_samr_enum_dom_users(pipes_struct *p)
+{
+	SAMR_Q_ENUM_DOM_USERS q_u;
+	SAMR_R_ENUM_DOM_USERS r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* grab the samr open */
+	if(!samr_io_q_enum_dom_users("", &q_u, data, 0)) {
+		DEBUG(0,("api_samr_enum_dom_users: unable to unmarshall SAMR_Q_ENUM_DOM_USERS.\n"));
+		return False;
+	}
+
+	r_u.status = _samr_enum_dom_users(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!samr_io_r_enum_dom_users("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_samr_enum_dom_users: unable to marshall SAMR_R_ENUM_DOM_USERS.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ api_samr_enum_dom_groups
+ ********************************************************************/
+
+static BOOL api_samr_enum_dom_groups(pipes_struct *p)
+{
+	SAMR_Q_ENUM_DOM_GROUPS q_u;
+	SAMR_R_ENUM_DOM_GROUPS r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* grab the samr open */
+	if(!samr_io_q_enum_dom_groups("", &q_u, data, 0)) {
+		DEBUG(0,("api_samr_enum_dom_groups: unable to unmarshall SAMR_Q_ENUM_DOM_GROUPS.\n"));
+		return False;
+	}
+
+	r_u.status = _samr_enum_dom_groups(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!samr_io_r_enum_dom_groups("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_samr_enum_dom_groups: unable to marshall SAMR_R_ENUM_DOM_GROUPS.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ api_samr_enum_dom_aliases
+ ********************************************************************/
+
+static BOOL api_samr_enum_dom_aliases(pipes_struct *p)
+{
+	SAMR_Q_ENUM_DOM_ALIASES q_u;
+	SAMR_R_ENUM_DOM_ALIASES r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+	
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* grab the samr open */
+	if(!samr_io_q_enum_dom_aliases("", &q_u, data, 0)) {
+		DEBUG(0,("api_samr_enum_dom_aliases: unable to unmarshall SAMR_Q_ENUM_DOM_ALIASES.\n"));
+		return False;
+	}
+
+	r_u.status = _samr_enum_dom_aliases(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!samr_io_r_enum_dom_aliases("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_samr_enum_dom_aliases: unable to marshall SAMR_R_ENUM_DOM_ALIASES.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ api_samr_query_dispinfo
+ ********************************************************************/
+
+static BOOL api_samr_query_dispinfo(pipes_struct *p)
+{
+	SAMR_Q_QUERY_DISPINFO q_u;
+	SAMR_R_QUERY_DISPINFO r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!samr_io_q_query_dispinfo("", &q_u, data, 0)) {
+		DEBUG(0,("api_samr_query_dispinfo: unable to unmarshall SAMR_Q_QUERY_DISPINFO.\n"));
+		return False;
+	}
+
+	r_u.status = _samr_query_dispinfo(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!samr_io_r_query_dispinfo("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_samr_query_dispinfo: unable to marshall SAMR_R_QUERY_DISPINFO.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ api_samr_query_aliasinfo
+ ********************************************************************/
+
+static BOOL api_samr_query_aliasinfo(pipes_struct *p)
+{
+	SAMR_Q_QUERY_ALIASINFO q_u;
+	SAMR_R_QUERY_ALIASINFO r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* grab the samr open */
+	if(!samr_io_q_query_aliasinfo("", &q_u, data, 0)) {
+		DEBUG(0,("api_samr_query_aliasinfo: unable to unmarshall SAMR_Q_QUERY_ALIASINFO.\n"));
+		return False;
+	}
+
+	r_u.status = _samr_query_aliasinfo(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!samr_io_r_query_aliasinfo("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_samr_query_aliasinfo: unable to marshall SAMR_R_QUERY_ALIASINFO.\n"));
+		return False;
+	}
+  
+	return True;
+}
+
+/*******************************************************************
+ api_samr_lookup_names
+ ********************************************************************/
+
+static BOOL api_samr_lookup_names(pipes_struct *p)
+{
+	SAMR_Q_LOOKUP_NAMES q_u;
+	SAMR_R_LOOKUP_NAMES r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* grab the samr lookup names */
+	if(!samr_io_q_lookup_names("", &q_u, data, 0)) {
+		DEBUG(0,("api_samr_lookup_names: unable to unmarshall SAMR_Q_LOOKUP_NAMES.\n"));
+		return False;
+	}
+
+	r_u.status = _samr_lookup_names(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!samr_io_r_lookup_names("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_samr_lookup_names: unable to marshall SAMR_R_LOOKUP_NAMES.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ api_samr_chgpasswd_user
+ ********************************************************************/
+
+static BOOL api_samr_chgpasswd_user(pipes_struct *p)
+{
+	SAMR_Q_CHGPASSWD_USER q_u;
+	SAMR_R_CHGPASSWD_USER r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* unknown 38 command */
+	if (!samr_io_q_chgpasswd_user("", &q_u, data, 0)) {
+		DEBUG(0,("api_samr_chgpasswd_user: Failed to unmarshall SAMR_Q_CHGPASSWD_USER.\n"));
+		return False;
+	}
+
+	r_u.status = _samr_chgpasswd_user(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!samr_io_r_chgpasswd_user("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_samr_chgpasswd_user: Failed to marshall SAMR_R_CHGPASSWD_USER.\n" ));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ api_samr_lookup_rids
+ ********************************************************************/
+
+static BOOL api_samr_lookup_rids(pipes_struct *p)
+{
+	SAMR_Q_LOOKUP_RIDS q_u;
+	SAMR_R_LOOKUP_RIDS r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* grab the samr lookup names */
+	if(!samr_io_q_lookup_rids("", &q_u, data, 0)) {
+		DEBUG(0,("api_samr_lookup_rids: unable to unmarshall SAMR_Q_LOOKUP_RIDS.\n"));
+		return False;
+	}
+
+	r_u.status = _samr_lookup_rids(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!samr_io_r_lookup_rids("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_samr_lookup_rids: unable to marshall SAMR_R_LOOKUP_RIDS.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ api_samr_open_user
+ ********************************************************************/
+
+static BOOL api_samr_open_user(pipes_struct *p)
+{
+	SAMR_Q_OPEN_USER q_u;
+	SAMR_R_OPEN_USER r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* grab the samr unknown 22 */
+	if(!samr_io_q_open_user("", &q_u, data, 0)) {
+		DEBUG(0,("api_samr_open_user: unable to unmarshall SAMR_Q_OPEN_USER.\n"));
+		return False;
+	}
+
+	r_u.status = _api_samr_open_user(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!samr_io_r_open_user("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_samr_open_user: unable to marshall SAMR_R_OPEN_USER.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ api_samr_query_userinfo
+ ********************************************************************/
+
+static BOOL api_samr_query_userinfo(pipes_struct *p)
+{
+	SAMR_Q_QUERY_USERINFO q_u;
+	SAMR_R_QUERY_USERINFO r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* grab the samr unknown 24 */
+	if(!samr_io_q_query_userinfo("", &q_u, data, 0)){
+		DEBUG(0,("api_samr_query_userinfo: unable to unmarshall SAMR_Q_QUERY_USERINFO.\n"));
+		return False;
+	}
+
+	r_u.status = _samr_query_userinfo(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!samr_io_r_query_userinfo("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_samr_query_userinfo: unable to marshall SAMR_R_QUERY_USERINFO.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ api_samr_query_usergroups
+ ********************************************************************/
+
+static BOOL api_samr_query_usergroups(pipes_struct *p)
+{
+	SAMR_Q_QUERY_USERGROUPS q_u;
+	SAMR_R_QUERY_USERGROUPS r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* grab the samr unknown 32 */
+	if(!samr_io_q_query_usergroups("", &q_u, data, 0)) {
+		DEBUG(0,("api_samr_query_usergroups: unable to unmarshall SAMR_Q_QUERY_USERGROUPS.\n"));
+		return False;
+	}
+
+	r_u.status = _samr_query_usergroups(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!samr_io_r_query_usergroups("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_samr_query_usergroups: unable to marshall SAMR_R_QUERY_USERGROUPS.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ api_samr_query_dom_info
+ ********************************************************************/
+
+static BOOL api_samr_query_dom_info(pipes_struct *p)
+{
+	SAMR_Q_QUERY_DOMAIN_INFO q_u;
+	SAMR_R_QUERY_DOMAIN_INFO r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* grab the samr unknown 8 command */
+	if(!samr_io_q_query_dom_info("", &q_u, data, 0)) {
+		DEBUG(0,("api_samr_query_dom_info: unable to unmarshall SAMR_Q_QUERY_DOMAIN_INFO.\n"));
+		return False;
+	}
+
+	r_u.status = _samr_query_dom_info(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!samr_io_r_query_dom_info("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_samr_query_dom_info: unable to marshall SAMR_R_QUERY_DOMAIN_INFO.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ api_samr_create_user
+ ********************************************************************/
+
+static BOOL api_samr_create_user(pipes_struct *p)
+{
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	SAMR_Q_CREATE_USER q_u;
+	SAMR_R_CREATE_USER r_u;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* grab the samr create user */
+	if (!samr_io_q_create_user("", &q_u, data, 0)) {
+		DEBUG(0,("api_samr_create_user: Unable to unmarshall SAMR_Q_CREATE_USER.\n"));
+		return False;
+	}
+
+	r_u.status=_api_samr_create_user(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!samr_io_r_create_user("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_samr_create_user: Unable to marshall SAMR_R_CREATE_USER.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ api_samr_connect_anon
+ ********************************************************************/
+
+static BOOL api_samr_connect_anon(pipes_struct *p)
+{
+	SAMR_Q_CONNECT_ANON q_u;
+	SAMR_R_CONNECT_ANON r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* grab the samr open policy */
+	if(!samr_io_q_connect_anon("", &q_u, data, 0)) {
+		DEBUG(0,("api_samr_connect_anon: unable to unmarshall SAMR_Q_CONNECT_ANON.\n"));
+		return False;
+	}
+
+	r_u.status = _samr_connect_anon(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!samr_io_r_connect_anon("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_samr_connect_anon: unable to marshall SAMR_R_CONNECT_ANON.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ api_samr_connect
+ ********************************************************************/
+
+static BOOL api_samr_connect(pipes_struct *p)
+{
+	SAMR_Q_CONNECT q_u;
+	SAMR_R_CONNECT r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* grab the samr open policy */
+	if(!samr_io_q_connect("", &q_u, data, 0)) {
+		DEBUG(0,("api_samr_connect: unable to unmarshall SAMR_Q_CONNECT.\n"));
+		return False;
+	}
+
+	r_u.status = _samr_connect(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!samr_io_r_connect("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_samr_connect: unable to marshall SAMR_R_CONNECT.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/**********************************************************************
+ api_samr_lookup_domain
+ **********************************************************************/
+
+static BOOL api_samr_lookup_domain(pipes_struct *p)
+{
+	SAMR_Q_LOOKUP_DOMAIN q_u;
+	SAMR_R_LOOKUP_DOMAIN r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+  
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!samr_io_q_lookup_domain("", &q_u, data, 0)) {
+		DEBUG(0,("api_samr_lookup_domain: Unable to unmarshall SAMR_Q_LOOKUP_DOMAIN.\n"));
+		return False;
+	}
+
+	r_u.status = _samr_lookup_domain(p, &q_u, &r_u);
+	
+	if(!samr_io_r_lookup_domain("", &r_u, rdata, 0)){
+		DEBUG(0,("api_samr_lookup_domain: Unable to marshall SAMR_R_LOOKUP_DOMAIN.\n"));
+		return False;
+	}
+	
+	return True;
+}
+
+/**********************************************************************
+ api_samr_enum_domains
+ **********************************************************************/
+
+static BOOL api_samr_enum_domains(pipes_struct *p)
+{
+	SAMR_Q_ENUM_DOMAINS q_u;
+	SAMR_R_ENUM_DOMAINS r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+  
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!samr_io_q_enum_domains("", &q_u, data, 0)) {
+		DEBUG(0,("api_samr_enum_domains: Unable to unmarshall SAMR_Q_ENUM_DOMAINS.\n"));
+		return False;
+	}
+
+	r_u.status = _samr_enum_domains(p, &q_u, &r_u);
+
+	if(!samr_io_r_enum_domains("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_samr_enum_domains: Unable to marshall SAMR_R_ENUM_DOMAINS.\n"));
+		return False;
+	}
+	
+	return True;
+}
+
+/*******************************************************************
+ api_samr_open_alias
+ ********************************************************************/
+
+static BOOL api_samr_open_alias(pipes_struct *p)
+{
+	SAMR_Q_OPEN_ALIAS q_u;
+	SAMR_R_OPEN_ALIAS r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* grab the samr open policy */
+	if(!samr_io_q_open_alias("", &q_u, data, 0)) {
+		DEBUG(0,("api_samr_open_alias: Unable to unmarshall SAMR_Q_OPEN_ALIAS.\n"));
+		return False;
+	}
+
+	r_u.status=_api_samr_open_alias(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!samr_io_r_open_alias("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_samr_open_alias: Unable to marshall SAMR_R_OPEN_ALIAS.\n"));
+		return False;
+	}
+	
+	return True;
+}
+
+/*******************************************************************
+ api_samr_set_userinfo
+ ********************************************************************/
+
+static BOOL api_samr_set_userinfo(pipes_struct *p)
+{
+	SAMR_Q_SET_USERINFO q_u;
+	SAMR_R_SET_USERINFO r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if (!samr_io_q_set_userinfo("", &q_u, data, 0)) {
+		DEBUG(0,("api_samr_set_userinfo: Unable to unmarshall SAMR_Q_SET_USERINFO.\n"));
+		/* Fix for W2K SP2 */
+		if (q_u.switch_value == 0x1a) {
+			setup_fault_pdu(p, NT_STATUS(0x1c000006));
+			return True;
+		}
+		return False;
+	}
+
+	r_u.status = _samr_set_userinfo(p, &q_u, &r_u);
+
+	if(!samr_io_r_set_userinfo("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_samr_set_userinfo: Unable to marshall SAMR_R_SET_USERINFO.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ api_samr_set_userinfo2
+ ********************************************************************/
+
+static BOOL api_samr_set_userinfo2(pipes_struct *p)
+{
+	SAMR_Q_SET_USERINFO2 q_u;
+	SAMR_R_SET_USERINFO2 r_u;
+
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if (!samr_io_q_set_userinfo2("", &q_u, data, 0)) {
+		DEBUG(0,("api_samr_set_userinfo2: Unable to unmarshall SAMR_Q_SET_USERINFO2.\n"));
+		return False;
+	}
+
+	r_u.status = _samr_set_userinfo2(p, &q_u, &r_u);
+
+	if(!samr_io_r_set_userinfo2("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_samr_set_userinfo2: Unable to marshall SAMR_R_SET_USERINFO2.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ api_samr_query_useraliases
+ ********************************************************************/
+
+static BOOL api_samr_query_useraliases(pipes_struct *p)
+{
+	SAMR_Q_QUERY_USERALIASES q_u;
+	SAMR_R_QUERY_USERALIASES r_u;
+
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if (!samr_io_q_query_useraliases("", &q_u, data, 0)) {
+		DEBUG(0,("api_samr_query_useraliases:  Unable to unmarshall SAMR_Q_QUERY_USERALIASES.\n"));
+		return False;
+	}
+
+	r_u.status = _samr_query_useraliases(p, &q_u, &r_u);
+
+	if (! samr_io_r_query_useraliases("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_samr_query_useraliases:  Unable to nmarshall SAMR_R_QUERY_USERALIASES.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ api_samr_query_aliasmem
+ ********************************************************************/
+
+static BOOL api_samr_query_aliasmem(pipes_struct *p)
+{
+	SAMR_Q_QUERY_ALIASMEM q_u;
+	SAMR_R_QUERY_ALIASMEM r_u;
+
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if (!samr_io_q_query_aliasmem("", &q_u, data, 0)) {
+		DEBUG(0,("api_samr_query_aliasmem: unable to unmarshall SAMR_Q_QUERY_ALIASMEM.\n"));
+		return False;
+	}
+
+	r_u.status = _samr_query_aliasmem(p, &q_u, &r_u);
+
+	if (!samr_io_r_query_aliasmem("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_samr_query_aliasmem: unable to marshall SAMR_R_QUERY_ALIASMEM.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ api_samr_query_groupmem
+ ********************************************************************/
+
+static BOOL api_samr_query_groupmem(pipes_struct *p)
+{
+	SAMR_Q_QUERY_GROUPMEM q_u;
+	SAMR_R_QUERY_GROUPMEM r_u;
+
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if (!samr_io_q_query_groupmem("", &q_u, data, 0)) {
+		DEBUG(0,("api_samr_query_groupmem: unable to unmarshall SAMR_Q_QUERY_GROUPMEM.\n"));
+		return False;
+	}
+
+	r_u.status = _samr_query_groupmem(p, &q_u, &r_u);
+
+	if (!samr_io_r_query_groupmem("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_samr_query_groupmem: unable to marshall SAMR_R_QUERY_GROUPMEM.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ api_samr_add_aliasmem
+ ********************************************************************/
+
+static BOOL api_samr_add_aliasmem(pipes_struct *p)
+{
+	SAMR_Q_ADD_ALIASMEM q_u;
+	SAMR_R_ADD_ALIASMEM r_u;
+
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if (!samr_io_q_add_aliasmem("", &q_u, data, 0)) {
+		DEBUG(0,("api_samr_add_aliasmem: unable to unmarshall SAMR_Q_ADD_ALIASMEM.\n"));
+		return False;
+	}
+
+	r_u.status = _samr_add_aliasmem(p, &q_u, &r_u);
+
+	if (!samr_io_r_add_aliasmem("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_samr_add_aliasmem: unable to marshall SAMR_R_ADD_ALIASMEM.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ api_samr_del_aliasmem
+ ********************************************************************/
+
+static BOOL api_samr_del_aliasmem(pipes_struct *p)
+{
+	SAMR_Q_DEL_ALIASMEM q_u;
+	SAMR_R_DEL_ALIASMEM r_u;
+
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if (!samr_io_q_del_aliasmem("", &q_u, data, 0)) {
+		DEBUG(0,("api_samr_del_aliasmem: unable to unmarshall SAMR_Q_DEL_ALIASMEM.\n"));
+		return False;
+	}
+
+	r_u.status = _samr_del_aliasmem(p, &q_u, &r_u);
+
+	if (!samr_io_r_del_aliasmem("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_samr_del_aliasmem: unable to marshall SAMR_R_DEL_ALIASMEM.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ api_samr_add_groupmem
+ ********************************************************************/
+
+static BOOL api_samr_add_groupmem(pipes_struct *p)
+{
+	SAMR_Q_ADD_GROUPMEM q_u;
+	SAMR_R_ADD_GROUPMEM r_u;
+
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if (!samr_io_q_add_groupmem("", &q_u, data, 0)) {
+		DEBUG(0,("api_samr_add_groupmem: unable to unmarshall SAMR_Q_ADD_GROUPMEM.\n"));
+		return False;
+	}
+
+	r_u.status = _samr_add_groupmem(p, &q_u, &r_u);
+
+	if (!samr_io_r_add_groupmem("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_samr_add_groupmem: unable to marshall SAMR_R_ADD_GROUPMEM.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ api_samr_del_groupmem
+ ********************************************************************/
+
+static BOOL api_samr_del_groupmem(pipes_struct *p)
+{
+	SAMR_Q_DEL_GROUPMEM q_u;
+	SAMR_R_DEL_GROUPMEM r_u;
+
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if (!samr_io_q_del_groupmem("", &q_u, data, 0)) {
+		DEBUG(0,("api_samr_del_groupmem: unable to unmarshall SAMR_Q_DEL_GROUPMEM.\n"));
+		return False;
+	}
+
+	r_u.status = _samr_del_groupmem(p, &q_u, &r_u);
+
+	if (!samr_io_r_del_groupmem("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_samr_del_groupmem: unable to marshall SAMR_R_DEL_GROUPMEM.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ api_samr_delete_dom_user
+ ********************************************************************/
+
+static BOOL api_samr_delete_dom_user(pipes_struct *p)
+{
+	SAMR_Q_DELETE_DOM_USER q_u;
+	SAMR_R_DELETE_DOM_USER r_u;
+
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if (!samr_io_q_delete_dom_user("", &q_u, data, 0)) {
+		DEBUG(0,("api_samr_delete_dom_user: unable to unmarshall SAMR_Q_DELETE_DOM_USER.\n"));
+		return False;
+	}
+
+	r_u.status = _samr_delete_dom_user(p, &q_u, &r_u);
+
+	if (!samr_io_r_delete_dom_user("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_samr_delete_dom_user: unable to marshall SAMR_R_DELETE_DOM_USER.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ api_samr_delete_dom_group
+ ********************************************************************/
+
+static BOOL api_samr_delete_dom_group(pipes_struct *p)
+{
+	SAMR_Q_DELETE_DOM_GROUP q_u;
+	SAMR_R_DELETE_DOM_GROUP r_u;
+
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if (!samr_io_q_delete_dom_group("", &q_u, data, 0)) {
+		DEBUG(0,("api_samr_delete_dom_group: unable to unmarshall SAMR_Q_DELETE_DOM_GROUP.\n"));
+		return False;
+	}
+
+	r_u.status = _samr_delete_dom_group(p, &q_u, &r_u);
+
+	if (!samr_io_r_delete_dom_group("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_samr_delete_dom_group: unable to marshall SAMR_R_DELETE_DOM_GROUP.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ api_samr_delete_dom_alias
+ ********************************************************************/
+
+static BOOL api_samr_delete_dom_alias(pipes_struct *p)
+{
+	SAMR_Q_DELETE_DOM_ALIAS q_u;
+	SAMR_R_DELETE_DOM_ALIAS r_u;
+
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if (!samr_io_q_delete_dom_alias("", &q_u, data, 0)) {
+		DEBUG(0,("api_samr_delete_dom_alias: unable to unmarshall SAMR_Q_DELETE_DOM_ALIAS.\n"));
+		return False;
+	}
+
+	r_u.status = _samr_delete_dom_alias(p, &q_u, &r_u);
+
+	if (!samr_io_r_delete_dom_alias("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_samr_delete_dom_alias: unable to marshall SAMR_R_DELETE_DOM_ALIAS.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ api_samr_create_dom_group
+ ********************************************************************/
+
+static BOOL api_samr_create_dom_group(pipes_struct *p)
+{
+	SAMR_Q_CREATE_DOM_GROUP q_u;
+	SAMR_R_CREATE_DOM_GROUP r_u;
+
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if (!samr_io_q_create_dom_group("", &q_u, data, 0)) {
+		DEBUG(0,("api_samr_create_dom_group: unable to unmarshall SAMR_Q_CREATE_DOM_GROUP.\n"));
+		return False;
+	}
+
+	r_u.status = _samr_create_dom_group(p, &q_u, &r_u);
+
+	if (!samr_io_r_create_dom_group("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_samr_create_dom_group: unable to marshall SAMR_R_CREATE_DOM_GROUP.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ api_samr_create_dom_alias
+ ********************************************************************/
+
+static BOOL api_samr_create_dom_alias(pipes_struct *p)
+{
+	SAMR_Q_CREATE_DOM_ALIAS q_u;
+	SAMR_R_CREATE_DOM_ALIAS r_u;
+
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if (!samr_io_q_create_dom_alias("", &q_u, data, 0)) {
+		DEBUG(0,("api_samr_create_dom_alias: unable to unmarshall SAMR_Q_CREATE_DOM_ALIAS.\n"));
+		return False;
+	}
+
+	r_u.status = _samr_create_dom_alias(p, &q_u, &r_u);
+
+	if (!samr_io_r_create_dom_alias("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_samr_create_dom_alias: unable to marshall SAMR_R_CREATE_DOM_ALIAS.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ api_samr_query_groupinfo
+ ********************************************************************/
+
+static BOOL api_samr_query_groupinfo(pipes_struct *p)
+{
+	SAMR_Q_QUERY_GROUPINFO q_u;
+	SAMR_R_QUERY_GROUPINFO r_u;
+
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if (!samr_io_q_query_groupinfo("", &q_u, data, 0)) {
+		DEBUG(0,("api_samr_query_groupinfo: unable to unmarshall SAMR_Q_QUERY_GROUPINFO.\n"));
+		return False;
+	}
+
+	r_u.status = _samr_query_groupinfo(p, &q_u, &r_u);
+
+	if (!samr_io_r_query_groupinfo("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_samr_query_groupinfo: unable to marshall SAMR_R_QUERY_GROUPINFO.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ api_samr_set_groupinfo
+ ********************************************************************/
+
+static BOOL api_samr_set_groupinfo(pipes_struct *p)
+{
+	SAMR_Q_SET_GROUPINFO q_u;
+	SAMR_R_SET_GROUPINFO r_u;
+
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if (!samr_io_q_set_groupinfo("", &q_u, data, 0)) {
+		DEBUG(0,("api_samr_set_groupinfo: unable to unmarshall SAMR_Q_SET_GROUPINFO.\n"));
+		return False;
+	}
+
+	r_u.status = _samr_set_groupinfo(p, &q_u, &r_u);
+
+	if (!samr_io_r_set_groupinfo("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_samr_set_groupinfo: unable to marshall SAMR_R_SET_GROUPINFO.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ api_samr_set_aliasinfo
+ ********************************************************************/
+
+static BOOL api_samr_set_aliasinfo(pipes_struct *p)
+{
+	SAMR_Q_SET_ALIASINFO q_u;
+	SAMR_R_SET_ALIASINFO r_u;
+
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if (!samr_io_q_set_aliasinfo("", &q_u, data, 0)) {
+		DEBUG(0,("api_samr_set_aliasinfo: unable to unmarshall SAMR_Q_SET_ALIASINFO.\n"));
+		return False;
+	}
+
+	r_u.status = _samr_set_aliasinfo(p, &q_u, &r_u);
+
+	if (!samr_io_r_set_aliasinfo("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_samr_set_aliasinfo: unable to marshall SAMR_R_SET_ALIASINFO.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ api_samr_get_dom_pwinfo
+ ********************************************************************/
+
+static BOOL api_samr_get_dom_pwinfo(pipes_struct *p)
+{
+	SAMR_Q_GET_DOM_PWINFO q_u;
+	SAMR_R_GET_DOM_PWINFO r_u;
+
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if (!samr_io_q_get_dom_pwinfo("", &q_u, data, 0)) {
+		DEBUG(0,("api_samr_get_dom_pwinfo: unable to unmarshall SAMR_Q_GET_DOM_PWINFO.\n"));
+		return False;
+	}
+
+	r_u.status = _samr_get_dom_pwinfo(p, &q_u, &r_u);
+
+	if (!samr_io_r_get_dom_pwinfo("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_samr_get_dom_pwinfo: unable to marshall SAMR_R_GET_DOM_PWINFO.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ api_samr_open_group
+ ********************************************************************/
+
+static BOOL api_samr_open_group(pipes_struct *p)
+{
+	SAMR_Q_OPEN_GROUP q_u;
+	SAMR_R_OPEN_GROUP r_u;
+
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if (!samr_io_q_open_group("", &q_u, data, 0)) {
+		DEBUG(0,("api_samr_open_group: unable to unmarshall SAMR_Q_OPEN_GROUP.\n"));
+		return False;
+	}
+
+	r_u.status = _samr_open_group(p, &q_u, &r_u);
+
+	if (!samr_io_r_open_group("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_samr_open_group: unable to marshall SAMR_R_OPEN_GROUP.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ api_samr_unknown_2d
+ ********************************************************************/
+
+static BOOL api_samr_unknown_2d(pipes_struct *p)
+{
+	SAMR_Q_UNKNOWN_2D q_u;
+	SAMR_R_UNKNOWN_2D r_u;
+
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if (!samr_io_q_unknown_2d("", &q_u, data, 0)) {
+		DEBUG(0,("api_samr_unknown_2d: unable to unmarshall SAMR_Q_UNKNOWN_2D.\n"));
+		return False;
+	}
+
+	r_u.status = _samr_unknown_2d(p, &q_u, &r_u);
+
+	if (!samr_io_r_unknown_2d("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_samr_unknown_2d: unable to marshall SAMR_R_UNKNOWN_2D.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ api_samr_query_dom_info
+ ********************************************************************/
+
+static BOOL api_samr_unknown_2e(pipes_struct *p)
+{
+	SAMR_Q_UNKNOWN_2E q_u;
+	SAMR_R_UNKNOWN_2E r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* grab the samr unknown 8 command */
+	if(!samr_io_q_unknown_2e("", &q_u, data, 0)) {
+		DEBUG(0,("api_samr_unknown_2e: unable to unmarshall SAMR_Q_UNKNOWN_2E.\n"));
+		return False;
+	}
+
+	r_u.status = _samr_unknown_2e(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!samr_io_r_samr_unknown_2e("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_samr_unknown_2e: unable to marshall SAMR_R_UNKNOWN_2E.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ api_samr_set_dom_info
+ ********************************************************************/
+
+static BOOL api_samr_set_dom_info(pipes_struct *p)
+{
+	SAMR_Q_SET_DOMAIN_INFO q_u;
+	SAMR_R_SET_DOMAIN_INFO r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* grab the samr unknown 8 command */
+	if(!samr_io_q_set_domain_info("", &q_u, data, 0)) {
+		DEBUG(0,("api_samr_set_dom_info: unable to unmarshall SAMR_Q_SET_DOMAIN_INFO.\n"));
+		return False;
+	}
+
+	r_u.status = _samr_set_dom_info(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!samr_io_r_set_domain_info("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_samr_set_dom_info: unable to marshall SAMR_R_SET_DOMAIN_INFO.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ array of \PIPE\samr operations
+ ********************************************************************/
+
+static struct api_struct api_samr_cmds [] =
+{
+	{"SAMR_CLOSE_HND"         , SAMR_CLOSE_HND        , api_samr_close_hnd        },
+	{"SAMR_CONNECT"           , SAMR_CONNECT          , api_samr_connect          },
+	{"SAMR_CONNECT_ANON"      , SAMR_CONNECT_ANON     , api_samr_connect_anon     },
+	{"SAMR_ENUM_DOMAINS"      , SAMR_ENUM_DOMAINS     , api_samr_enum_domains     },
+	{"SAMR_ENUM_DOM_USERS"    , SAMR_ENUM_DOM_USERS   , api_samr_enum_dom_users   },
+
+	{"SAMR_ENUM_DOM_GROUPS"   , SAMR_ENUM_DOM_GROUPS  , api_samr_enum_dom_groups  },
+	{"SAMR_ENUM_DOM_ALIASES"  , SAMR_ENUM_DOM_ALIASES , api_samr_enum_dom_aliases },
+	{"SAMR_QUERY_USERALIASES" , SAMR_QUERY_USERALIASES, api_samr_query_useraliases},
+	{"SAMR_QUERY_ALIASMEM"    , SAMR_QUERY_ALIASMEM   , api_samr_query_aliasmem   },
+	{"SAMR_QUERY_GROUPMEM"    , SAMR_QUERY_GROUPMEM   , api_samr_query_groupmem   },
+	{"SAMR_ADD_ALIASMEM"      , SAMR_ADD_ALIASMEM     , api_samr_add_aliasmem     },
+	{"SAMR_DEL_ALIASMEM"      , SAMR_DEL_ALIASMEM     , api_samr_del_aliasmem     },
+	{"SAMR_ADD_GROUPMEM"      , SAMR_ADD_GROUPMEM     , api_samr_add_groupmem     },
+	{"SAMR_DEL_GROUPMEM"      , SAMR_DEL_GROUPMEM     , api_samr_del_groupmem     },
+
+	{"SAMR_DELETE_DOM_USER"   , SAMR_DELETE_DOM_USER  , api_samr_delete_dom_user  },
+	{"SAMR_DELETE_DOM_GROUP"  , SAMR_DELETE_DOM_GROUP , api_samr_delete_dom_group },
+	{"SAMR_DELETE_DOM_ALIAS"  , SAMR_DELETE_DOM_ALIAS , api_samr_delete_dom_alias },
+	{"SAMR_CREATE_DOM_GROUP"  , SAMR_CREATE_DOM_GROUP , api_samr_create_dom_group },
+	{"SAMR_CREATE_DOM_ALIAS"  , SAMR_CREATE_DOM_ALIAS , api_samr_create_dom_alias },
+	{"SAMR_LOOKUP_NAMES"      , SAMR_LOOKUP_NAMES     , api_samr_lookup_names     },
+	{"SAMR_OPEN_USER"         , SAMR_OPEN_USER        , api_samr_open_user        },
+	{"SAMR_QUERY_USERINFO"    , SAMR_QUERY_USERINFO   , api_samr_query_userinfo   },
+	{"SAMR_SET_USERINFO"      , SAMR_SET_USERINFO     , api_samr_set_userinfo     },
+	{"SAMR_SET_USERINFO2"     , SAMR_SET_USERINFO2    , api_samr_set_userinfo2    },
+
+	{"SAMR_QUERY_DOMAIN_INFO" , SAMR_QUERY_DOMAIN_INFO, api_samr_query_dom_info   },
+	{"SAMR_QUERY_USERGROUPS"  , SAMR_QUERY_USERGROUPS , api_samr_query_usergroups },
+	{"SAMR_QUERY_DISPINFO"    , SAMR_QUERY_DISPINFO   , api_samr_query_dispinfo   },
+	{"SAMR_QUERY_DISPINFO3"   , SAMR_QUERY_DISPINFO3  , api_samr_query_dispinfo   },
+	{"SAMR_QUERY_DISPINFO4"   , SAMR_QUERY_DISPINFO4  , api_samr_query_dispinfo   },
+
+	{"SAMR_QUERY_ALIASINFO"   , SAMR_QUERY_ALIASINFO  , api_samr_query_aliasinfo  },
+	{"SAMR_QUERY_GROUPINFO"   , SAMR_QUERY_GROUPINFO  , api_samr_query_groupinfo  },
+	{"SAMR_SET_GROUPINFO"     , SAMR_SET_GROUPINFO    , api_samr_set_groupinfo    },
+	{"SAMR_SET_ALIASINFO"     , SAMR_SET_ALIASINFO    , api_samr_set_aliasinfo    },
+	{"SAMR_CREATE_USER"       , SAMR_CREATE_USER      , api_samr_create_user      },
+	{"SAMR_LOOKUP_RIDS"       , SAMR_LOOKUP_RIDS      , api_samr_lookup_rids      },
+	{"SAMR_GET_DOM_PWINFO"    , SAMR_GET_DOM_PWINFO   , api_samr_get_dom_pwinfo   },
+	{"SAMR_CHGPASSWD_USER"    , SAMR_CHGPASSWD_USER   , api_samr_chgpasswd_user   },
+	{"SAMR_OPEN_ALIAS"        , SAMR_OPEN_ALIAS       , api_samr_open_alias       },
+	{"SAMR_OPEN_GROUP"        , SAMR_OPEN_GROUP       , api_samr_open_group       },
+	{"SAMR_OPEN_DOMAIN"       , SAMR_OPEN_DOMAIN      , api_samr_open_domain      },
+	{"SAMR_UNKNOWN_2D"        , SAMR_UNKNOWN_2D       , api_samr_unknown_2d       },
+	{"SAMR_LOOKUP_DOMAIN"     , SAMR_LOOKUP_DOMAIN    , api_samr_lookup_domain    },
+
+	{"SAMR_QUERY_SEC_OBJECT"  , SAMR_QUERY_SEC_OBJECT , api_samr_query_sec_obj    },
+	{"SAMR_GET_USRDOM_PWINFO" , SAMR_GET_USRDOM_PWINFO, api_samr_get_usrdom_pwinfo},
+	{"SAMR_UNKNOWN_2E"        , SAMR_UNKNOWN_2E       , api_samr_unknown_2e       },
+	{"SAMR_SET_DOMAIN_INFO"   , SAMR_SET_DOMAIN_INFO  , api_samr_set_dom_info     },
+	{NULL                     , 0                     , NULL                      }
+};
+
+/*******************************************************************
+ receives a samr pipe and responds.
+ ********************************************************************/
+BOOL api_samr_rpc(pipes_struct *p)
+{
+	return api_rpcTNP(p, "api_samr_rpc", api_samr_cmds);
+}
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
new file mode 100644
index 0000000000..c83f6b3d8d
--- /dev/null
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -0,0 +1,3826 @@
+/*
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell              1992-1997,
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
+ *  Copyright (C) Paul Ashton                       1997.
+ *  Copyright (C) Marc Jacobsen			    1999.
+ *  Copyright (C) Jeremy Allison               2001-2002.
+ *  Copyright (C) Jean François Micouleau      1998-2001.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+/*
+ * This is the implementation of the SAMR code.
+ */
+
+#include "includes.h"
+
+extern fstring global_myworkgroup;
+extern pstring global_myname;
+extern DOM_SID global_sam_sid;
+extern DOM_SID global_sid_Builtin;
+
+extern rid_name domain_group_rids[];
+extern rid_name domain_alias_rids[];
+extern rid_name builtin_alias_rids[];
+
+
+typedef struct _disp_info {
+	BOOL user_dbloaded;
+	uint32 num_user_account;
+	DISP_USER_INFO *disp_user_info;
+	BOOL group_dbloaded;
+	uint32 num_group_account;
+	DISP_GROUP_INFO *disp_group_info;
+} DISP_INFO;
+
+struct samr_info {
+	/* for use by the \PIPE\samr policy */
+	DOM_SID sid;
+	uint32 status; /* some sort of flag.  best to record it.  comes from opnum 0x39 */
+	DISP_INFO disp_info;
+};
+
+/*******************************************************************
+ Create a samr_info struct.
+********************************************************************/
+
+static struct samr_info *get_samr_info_by_sid(DOM_SID *psid)
+{
+	struct samr_info *info;
+	fstring sid_str;
+
+	if ((info = (struct samr_info *)malloc(sizeof(struct samr_info))) == NULL)
+		return NULL;
+
+	ZERO_STRUCTP(info);
+	if (psid) {
+		DEBUG(10,("get_samr_info_by_sid: created new info for sid %s\n", sid_to_string(sid_str, psid) ));
+		sid_copy( &info->sid, psid);
+	} else {
+		DEBUG(10,("get_samr_info_by_sid: created new info for NULL sid.\n"));
+	}
+	return info;
+}
+
+/*******************************************************************
+ Function to free the per handle data.
+ ********************************************************************/
+static void free_samr_db(struct samr_info *info)
+{
+	int i;
+
+	if (info->disp_info.group_dbloaded) {
+		for (i=0; i<info->disp_info.num_group_account; i++)
+			SAFE_FREE(info->disp_info.disp_group_info[i].grp);
+
+		SAFE_FREE(info->disp_info.disp_group_info);
+	}
+
+	if (info->disp_info.user_dbloaded){
+		for (i=0; i<info->disp_info.num_user_account; i++)
+			pdb_free_sam(&info->disp_info.disp_user_info[i].sam);
+
+		SAFE_FREE(info->disp_info.disp_user_info);
+	}
+
+	info->disp_info.user_dbloaded=False;
+	info->disp_info.group_dbloaded=False;
+	info->disp_info.num_group_account=0;
+	info->disp_info.num_user_account=0;
+}
+
+
+static void free_samr_info(void *ptr)
+{
+	struct samr_info *info=(struct samr_info *) ptr;
+
+	free_samr_db(info);
+	SAFE_FREE(info);
+}
+
+/*******************************************************************
+ Ensure password info is never given out. Paranioa... JRA.
+ ********************************************************************/
+
+static void samr_clear_passwd_fields( SAM_USER_INFO_21 *pass, int num_entries)
+{
+	int i;
+
+	if (!pass)
+		return;
+
+	for (i = 0; i < num_entries; i++) {
+		memset(&pass[i].lm_pwd, '\0', sizeof(pass[i].lm_pwd));
+		memset(&pass[i].nt_pwd, '\0', sizeof(pass[i].nt_pwd));
+	}
+}
+
+static void samr_clear_sam_passwd(SAM_ACCOUNT *sam_pass)
+{
+	
+	if (!sam_pass)
+		return;
+
+	/* These now zero out the old password */
+
+	pdb_set_lanman_passwd(sam_pass, NULL);
+	pdb_set_nt_passwd(sam_pass, NULL);
+}
+
+
+static NTSTATUS load_sampwd_entries(struct samr_info *info, uint16 acb_mask)
+{
+	SAM_ACCOUNT *pwd = NULL;
+	DISP_USER_INFO *pwd_array = NULL;
+
+	DEBUG(10,("load_sampwd_entries\n"));
+
+	/* if the snapshoot is already loaded, return */
+	if (info->disp_info.user_dbloaded==True) {
+		DEBUG(10,("load_sampwd_entries: already in memory\n"));
+		return NT_STATUS_OK;
+	}
+
+	if (!pdb_setsampwent(False)) {
+		DEBUG(0, ("load_sampwd_entries: Unable to open passdb.\n"));
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	for (pdb_init_sam(&pwd); pdb_getsampwent(pwd) == True; pwd=NULL, pdb_init_sam(&pwd) ) {
+		
+		if (acb_mask != 0 && !(pdb_get_acct_ctrl(pwd) & acb_mask)) {
+			pdb_free_sam(&pwd);
+			DEBUG(5,(" acb_mask %x reject\n", acb_mask));
+			continue;
+		}
+
+		/* Realloc some memory for the array of ptr to the SAM_ACCOUNT structs */
+		if (info->disp_info.num_user_account % MAX_SAM_ENTRIES == 0) {
+		
+			DEBUG(10,("load_sampwd_entries: allocating more memory\n"));
+			pwd_array=(DISP_USER_INFO *)Realloc(info->disp_info.disp_user_info, 
+			                  (info->disp_info.num_user_account+MAX_SAM_ENTRIES)*sizeof(DISP_USER_INFO));
+
+			if (pwd_array==NULL)
+				return NT_STATUS_NO_MEMORY;
+
+			info->disp_info.disp_user_info=pwd_array;
+		}
+	
+		/* link the SAM_ACCOUNT to the array */
+		info->disp_info.disp_user_info[info->disp_info.num_user_account].sam=pwd;
+
+		DEBUG(10,("load_sampwd_entries: entry: %d\n", info->disp_info.num_user_account));
+
+		info->disp_info.num_user_account++;	
+	}
+
+	pdb_endsampwent();
+
+	/* the snapshoot is in memory, we're ready to enumerate fast */
+
+	info->disp_info.user_dbloaded=True;
+
+	DEBUG(12,("load_sampwd_entries: done\n"));
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS load_group_domain_entries(struct samr_info *info, DOM_SID *sid)
+{
+	GROUP_MAP *map=NULL;
+	DISP_GROUP_INFO *grp_array = NULL;
+	uint32 group_entries = 0;
+	uint32 i;
+
+	DEBUG(10,("load_group_domain_entries\n"));
+
+	/* if the snapshoot is already loaded, return */
+	if (info->disp_info.group_dbloaded==True) {
+		DEBUG(10,("load_group_domain_entries: already in memory\n"));
+		return NT_STATUS_OK;
+	}
+
+	enum_group_mapping(SID_NAME_DOM_GRP, &map, (int *)&group_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV);
+
+	info->disp_info.num_group_account=group_entries;
+
+	grp_array=(DISP_GROUP_INFO *)malloc(info->disp_info.num_group_account*sizeof(DISP_GROUP_INFO));
+
+	if (group_entries!=0 && grp_array==NULL) {
+		SAFE_FREE(map);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	info->disp_info.disp_group_info=grp_array;
+
+	for (i=0; i<group_entries; i++) {
+	
+		grp_array[i].grp=(DOMAIN_GRP *)malloc(sizeof(DOMAIN_GRP));
+	
+		fstrcpy(grp_array[i].grp->name, map[i].nt_name);
+		fstrcpy(grp_array[i].grp->comment, map[i].comment);
+		sid_split_rid(&map[i].sid, &grp_array[i].grp->rid);
+		grp_array[i].grp->attr=SID_NAME_DOM_GRP;
+	}
+
+	SAFE_FREE(map);
+
+	/* the snapshoot is in memory, we're ready to enumerate fast */
+
+	info->disp_info.group_dbloaded=True;
+
+	DEBUG(12,("load_group_domain_entries: done\n"));
+
+	return NT_STATUS_OK;
+}
+
+
+/*******************************************************************
+  This next function should be replaced with something that
+  dynamically returns the correct user info..... JRA.
+ ********************************************************************/
+
+static NTSTATUS get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, int start_idx,
+                                int *total_entries, int *num_entries,
+                                int max_num_entries, uint16 acb_mask)
+{
+	SAM_ACCOUNT *pwd = NULL;
+	BOOL not_finished = True;
+ 
+	(*num_entries) = 0;
+	(*total_entries) = 0;
+
+	if (pw_buf == NULL)
+		return NT_STATUS_NO_MEMORY;
+
+	pdb_init_sam(&pwd);
+
+	if (!pdb_setsampwent(False)) {
+		DEBUG(0, ("get_sampwd_entries: Unable to open passdb.\n"));
+		pdb_free_sam(&pwd);
+		return NT_STATUS_ACCESS_DENIED;
+	}
+	
+	while (((not_finished = pdb_getsampwent(pwd)) != False) 
+	       && (*num_entries) < max_num_entries) 
+	{
+	        int user_name_len;
+		
+	        if (start_idx > 0) {
+
+			pdb_reset_sam(pwd);
+
+			/* skip the requested number of entries.
+			   not very efficient, but hey...  */
+			start_idx--;
+			continue;
+		}
+		
+		user_name_len = strlen(pdb_get_username(pwd))+1;
+		init_unistr2(&pw_buf[(*num_entries)].uni_user_name, pdb_get_username(pwd), user_name_len);
+		init_uni_hdr(&pw_buf[(*num_entries)].hdr_user_name, user_name_len);
+		pw_buf[(*num_entries)].user_rid = pdb_get_user_rid(pwd);
+		memset((char *)pw_buf[(*num_entries)].nt_pwd, '\0', 16);
+		
+		/* Now check if the NT compatible password is available. */
+		if (pdb_get_nt_passwd(pwd))
+			memcpy( pw_buf[(*num_entries)].nt_pwd , pdb_get_nt_passwd(pwd), 16);
+		
+		pw_buf[(*num_entries)].acb_info = pdb_get_acct_ctrl(pwd);
+		
+		DEBUG(5, ("entry idx: %d user %s, rid 0x%x, acb %x",
+			  (*num_entries), pdb_get_username(pwd), pdb_get_user_rid(pwd), pdb_get_acct_ctrl(pwd) ));
+		
+		if (acb_mask == 0 || (pdb_get_acct_ctrl(pwd) & acb_mask)) {
+			DEBUG(5,(" acb_mask %x accepts\n", acb_mask));
+			(*num_entries)++;
+		} else {
+			DEBUG(5,(" acb_mask %x rejects\n", acb_mask));
+		}
+
+		(*total_entries)++;
+		
+		pdb_reset_sam(pwd);
+
+	}
+	
+	pdb_endsampwent();
+	pdb_free_sam(&pwd);
+
+	if (not_finished)
+		return STATUS_MORE_ENTRIES;
+	else
+		return NT_STATUS_OK;
+}
+
+/*******************************************************************
+ _samr_close_hnd
+ ********************************************************************/
+
+NTSTATUS _samr_close_hnd(pipes_struct *p, SAMR_Q_CLOSE_HND *q_u, SAMR_R_CLOSE_HND *r_u)
+{
+	r_u->status = NT_STATUS_OK;
+
+	/* close the policy handle */
+	if (!close_policy_hnd(p, &q_u->pol))
+		return NT_STATUS_OBJECT_NAME_INVALID;
+
+	DEBUG(5,("samr_reply_close_hnd: %d\n", __LINE__));
+
+	return r_u->status;
+}
+
+/*******************************************************************
+ samr_reply_open_domain
+ ********************************************************************/
+
+NTSTATUS _samr_open_domain(pipes_struct *p, SAMR_Q_OPEN_DOMAIN *q_u, SAMR_R_OPEN_DOMAIN *r_u)
+{
+	struct samr_info *info;
+
+	r_u->status = NT_STATUS_OK;
+
+	/* find the connection policy handle. */
+	if (!find_policy_by_hnd(p, &q_u->pol, NULL))
+		return NT_STATUS_INVALID_HANDLE;
+
+	/* associate the domain SID with the (unique) handle. */
+	if ((info = get_samr_info_by_sid(&q_u->dom_sid.sid))==NULL)
+		return NT_STATUS_NO_MEMORY;
+
+	/* get a (unique) handle.  open a policy on it. */
+	if (!create_policy_hnd(p, &r_u->domain_pol, free_samr_info, (void *)info))
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+
+	DEBUG(5,("samr_open_domain: %d\n", __LINE__));
+
+	return r_u->status;
+}
+
+/*******************************************************************
+ _samr_get_usrdom_pwinfo
+ ********************************************************************/
+
+NTSTATUS _samr_get_usrdom_pwinfo(pipes_struct *p, SAMR_Q_GET_USRDOM_PWINFO *q_u, SAMR_R_GET_USRDOM_PWINFO *r_u)
+{
+	struct samr_info *info = NULL;
+
+	r_u->status = NT_STATUS_OK;
+
+	/* find the policy handle.  open a policy on it. */
+	if (!find_policy_by_hnd(p, &q_u->user_pol, (void **)&info))
+		return NT_STATUS_INVALID_HANDLE;
+
+	if (!sid_check_is_in_our_domain(&info->sid))
+		return NT_STATUS_OBJECT_TYPE_MISMATCH;
+
+	init_samr_r_get_usrdom_pwinfo(r_u, NT_STATUS_OK);
+
+	DEBUG(5,("_samr_get_usrdom_pwinfo: %d\n", __LINE__));
+
+	/* 
+	 * NT sometimes return NT_STATUS_ACCESS_DENIED
+	 * I don't know yet why.
+	 */
+
+	return r_u->status;
+}
+
+/*******************************************************************
+ samr_make_usr_obj_sd
+ ********************************************************************/
+
+static NTSTATUS samr_make_usr_obj_sd(TALLOC_CTX *ctx, SEC_DESC_BUF **buf, DOM_SID *usr_sid)
+{
+	extern DOM_SID global_sid_World;
+	DOM_SID adm_sid;
+	DOM_SID act_sid;
+
+	SEC_ACE ace[4];
+	SEC_ACCESS mask;
+
+	SEC_ACL *psa = NULL;
+	SEC_DESC *psd = NULL;
+	size_t sd_size;
+
+	sid_copy(&adm_sid, &global_sid_Builtin);
+	sid_append_rid(&adm_sid, BUILTIN_ALIAS_RID_ADMINS);
+
+	sid_copy(&act_sid, &global_sid_Builtin);
+	sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS);
+
+	init_sec_access(&mask, 0x2035b);
+	init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+
+	init_sec_access(&mask, 0xf07ff);
+	init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+	init_sec_ace(&ace[2], &act_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+
+	init_sec_access(&mask,0x20044);
+	init_sec_ace(&ace[3], usr_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+
+	if((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 4, ace)) == NULL)
+		return NT_STATUS_NO_MEMORY;
+
+	if((psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, &sd_size)) == NULL)
+		return NT_STATUS_NO_MEMORY;
+
+	if((*buf = make_sec_desc_buf(ctx, sd_size, psd)) == NULL)
+		return NT_STATUS_NO_MEMORY;
+
+	return NT_STATUS_OK;
+}
+
+static BOOL get_lsa_policy_samr_sid(pipes_struct *p, POLICY_HND *pol, DOM_SID *sid)
+{
+	struct samr_info *info = NULL;
+
+	/* find the policy handle.  open a policy on it. */
+	if (!find_policy_by_hnd(p, pol, (void **)&info))
+		return False;
+
+	if (!info)
+		return False;
+
+	*sid = info->sid;
+	return True;
+}
+
+/*******************************************************************
+ _samr_query_sec_obj
+ ********************************************************************/
+
+NTSTATUS _samr_query_sec_obj(pipes_struct *p, SAMR_Q_QUERY_SEC_OBJ *q_u, SAMR_R_QUERY_SEC_OBJ *r_u)
+{
+	DOM_SID pol_sid;
+	fstring str_sid;
+
+	r_u->status = NT_STATUS_OK;
+
+	/* Get the SID. */
+
+	if (!get_lsa_policy_samr_sid(p, &q_u->user_pol, &pol_sid))
+		return NT_STATUS_INVALID_HANDLE;
+
+	DEBUG(10,("_samr_query_sec_obj: querying security on SID: %s\n", sid_to_string(str_sid, &pol_sid)));
+
+	r_u->status = samr_make_usr_obj_sd(p->mem_ctx, &r_u->buf, &pol_sid);
+
+	if (NT_STATUS_IS_OK(r_u->status))
+		r_u->ptr = 1;
+
+	return r_u->status;
+}
+
+/*******************************************************************
+makes a SAM_ENTRY / UNISTR2* structure from a user list.
+********************************************************************/
+
+static void make_user_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp, UNISTR2 **uni_name_pp,
+                uint32 num_sam_entries, SAM_USER_INFO_21 *pass)
+{
+	uint32 i;
+	SAM_ENTRY *sam;
+	UNISTR2 *uni_name;
+
+	*sam_pp = NULL;
+	*uni_name_pp = NULL;
+
+	if (num_sam_entries == 0)
+		return;
+
+	sam = (SAM_ENTRY *)talloc_zero(ctx, sizeof(SAM_ENTRY)*num_sam_entries);
+
+	uni_name = (UNISTR2 *)talloc_zero(ctx, sizeof(UNISTR2)*num_sam_entries);
+
+	if (sam == NULL || uni_name == NULL) {
+		DEBUG(0, ("NULL pointers in SAMR_R_QUERY_DISPINFO\n"));
+		return;
+	}
+
+	ZERO_STRUCTP(sam);
+	ZERO_STRUCTP(uni_name);
+
+	for (i = 0; i < num_sam_entries; i++) {
+		int len = pass[i].uni_user_name.uni_str_len;
+
+		init_sam_entry(&sam[i], len, pass[i].user_rid);
+		copy_unistr2(&uni_name[i], &pass[i].uni_user_name);
+	}
+
+	*sam_pp = sam;
+	*uni_name_pp = uni_name;
+}
+
+/*******************************************************************
+ samr_reply_enum_dom_users
+ ********************************************************************/
+
+NTSTATUS _samr_enum_dom_users(pipes_struct *p, SAMR_Q_ENUM_DOM_USERS *q_u, SAMR_R_ENUM_DOM_USERS *r_u)
+{
+	SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES];
+	int num_entries = 0;
+	int total_entries = 0;
+	
+	r_u->status = NT_STATUS_OK;
+
+	/* find the policy handle.  open a policy on it. */
+	if (!find_policy_by_hnd(p, &q_u->pol, NULL))
+		return NT_STATUS_INVALID_HANDLE;
+
+	DEBUG(5,("_samr_enum_dom_users: %d\n", __LINE__));
+
+	become_root();
+	r_u->status = get_sampwd_entries(pass, q_u->start_idx, &total_entries, &num_entries,
+								MAX_SAM_ENTRIES, q_u->acb_mask);
+	unbecome_root();
+
+	if (NT_STATUS_IS_ERR(r_u->status))
+		return r_u->status;
+
+	samr_clear_passwd_fields(pass, num_entries);
+
+	/* 
+	 * Note from JRA. total_entries is not being used here. Currently if there is a
+	 * large user base then it looks like NT will enumerate until get_sampwd_entries
+	 * returns False due to num_entries being zero. This will cause an access denied
+	 * return. I don't think this is right and needs further investigation. Note that
+	 * this is also the same in the TNG code (I don't think that has been tested with
+	 * a very large user list as MAX_SAM_ENTRIES is set to 600).
+	 * 
+	 * I also think that one of the 'num_entries' return parameters is probably
+	 * the "max entries" parameter - but in the TNG code they're all currently set to the same
+	 * value (again I think this is wrong).
+	 */
+
+	make_user_sam_entry_list(p->mem_ctx, &r_u->sam, &r_u->uni_acct_name, num_entries, pass);
+
+	init_samr_r_enum_dom_users(r_u, q_u->start_idx + num_entries, num_entries);
+
+	DEBUG(5,("_samr_enum_dom_users: %d\n", __LINE__));
+
+	return r_u->status;
+}
+
+/*******************************************************************
+makes a SAM_ENTRY / UNISTR2* structure from a group list.
+********************************************************************/
+
+static void make_group_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp, UNISTR2 **uni_name_pp,
+                uint32 num_sam_entries, DOMAIN_GRP *grp)
+{
+	uint32 i;
+	SAM_ENTRY *sam;
+	UNISTR2 *uni_name;
+
+	*sam_pp = NULL;
+	*uni_name_pp = NULL;
+
+	if (num_sam_entries == 0)
+		return;
+
+	sam = (SAM_ENTRY *)talloc_zero(ctx, sizeof(SAM_ENTRY)*num_sam_entries);
+
+	uni_name = (UNISTR2 *)talloc_zero(ctx, sizeof(UNISTR2)*num_sam_entries);
+
+	if (sam == NULL || uni_name == NULL) {
+		DEBUG(0, ("NULL pointers in SAMR_R_QUERY_DISPINFO\n"));
+		return;
+	}
+
+	for (i = 0; i < num_sam_entries; i++) {
+		/*
+		 * JRA. I think this should include the null. TNG does not.
+		 */
+		int len = strlen(grp[i].name)+1;
+
+		init_sam_entry(&sam[i], len, grp[i].rid);
+		init_unistr2(&uni_name[i], grp[i].name, len);
+	}
+
+	*sam_pp = sam;
+	*uni_name_pp = uni_name;
+}
+
+/*******************************************************************
+ Get the group entries - similar to get_sampwd_entries().
+ ********************************************************************/
+
+static NTSTATUS get_group_alias_entries(TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, DOM_SID *sid, uint32 start_idx,
+				    uint32 *p_num_entries, uint32 max_entries)
+{
+	fstring sid_str;
+	uint32 num_entries = 0;
+	int i;
+	GROUP_MAP smap;
+	GROUP_MAP *map;
+
+	sid_to_string(sid_str, sid);
+	DEBUG(5, ("get_group_alias_entries: enumerating aliases on SID: %s\n", sid_str));
+
+	*p_num_entries = 0;
+
+	/* well-known aliases */
+	if (sid_equal(sid, &global_sid_Builtin) && !lp_hide_local_users()) {
+		
+		enum_group_mapping(SID_NAME_ALIAS, &map, (int *)&num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV);
+		
+		if (num_entries != 0) {		
+			*d_grp=(DOMAIN_GRP *)talloc_zero(ctx, num_entries*sizeof(DOMAIN_GRP));
+			if (*d_grp==NULL)
+				return NT_STATUS_NO_MEMORY;
+			
+			for(i=0; i<num_entries && i<max_entries; i++) {
+				fstrcpy((*d_grp)[i].name, map[i+start_idx].nt_name);
+				sid_split_rid(&map[i+start_idx].sid, &(*d_grp)[i].rid);
+				
+			}
+		}
+		SAFE_FREE(map);
+		
+	} else if (sid_equal(sid, &global_sam_sid) && !lp_hide_local_users()) {
+		struct sys_grent *glist;
+		struct sys_grent *grp;
+		struct passwd *pw;
+		gid_t winbind_gid_low, winbind_gid_high;
+	
+		lp_winbind_gid(&winbind_gid_low, &winbind_gid_high);
+
+		/* local aliases */
+		/* we return the UNIX groups here.  This seems to be the right */
+		/* thing to do, since NT member servers return their local     */
+                /* groups in the same situation.                               */
+
+		/* use getgrent_list() to retrieve the list of groups to avoid
+		 * problems with getgrent possible infinite loop by internal
+		 * libc grent structures overwrites by called functions */
+		grp = glist = getgrent_list();
+		if (grp == NULL)
+			return NT_STATUS_NO_MEMORY;
+		
+		for (; (num_entries < max_entries) && (grp != NULL); grp = grp->next) {
+			uint32 trid;
+			
+			if(!get_group_from_gid(grp->gr_gid, &smap, MAPPING_WITHOUT_PRIV))
+				continue;
+			
+			if (smap.sid_name_use!=SID_NAME_ALIAS) {
+				continue;
+			}
+
+			sid_split_rid(&smap.sid, &trid);
+			
+			if (!sid_equal(sid, &smap.sid))
+				continue;
+
+			/* Don't return winbind groups as they are not local! */
+			if ((grp->gr_gid >= winbind_gid_low)&&(grp->gr_gid <= winbind_gid_high)) {
+				DEBUG(10,("get_group_alias_entries: not returing %s, not local.\n", smap.nt_name ));
+				continue;
+			}
+
+			/* Don't return user private groups... */
+			
+			/* 
+			 *  We used to do a Get_Pwnam() here, but this has been
+			 * trimmed back to the common case for private groups
+			 * to save lookups and to use the _alloc interface.
+			 *
+			 * This also matches the group mapping code
+			 */
+
+			if ((pw = getpwnam_alloc(smap.nt_name)) != 0) {
+				DEBUG(10,("get_group_alias_entries: not returing %s, clashes with user.\n", smap.nt_name ));
+				passwd_free(&pw);
+				continue;			
+			}
+
+			for( i = 0; i < num_entries; i++)
+				if ( (*d_grp)[i].rid == trid )
+					break;
+
+			if ( i < num_entries ) {
+				continue; /* rid was there, dup! */
+			}
+
+			/* JRA - added this for large group db enumeration... */
+
+			if (start_idx > 0) {
+				/* skip the requested number of entries.
+					not very efficient, but hey...
+				*/
+				start_idx--;
+				continue;
+			}
+
+			*d_grp=talloc_realloc(ctx,*d_grp, (num_entries+1)*sizeof(DOMAIN_GRP));
+			if (*d_grp==NULL) {
+				grent_free(glist);
+				return NT_STATUS_NO_MEMORY;
+			}
+
+			fstrcpy((*d_grp)[num_entries].name, smap.nt_name);
+			(*d_grp)[num_entries].rid = trid;
+			num_entries++;
+			DEBUG(10,("get_group_alias_entries: added entry %d, rid:%d\n", num_entries, trid));
+		}
+
+		grent_free(glist);
+	}
+
+	*p_num_entries = num_entries;
+
+	DEBUG(10,("get_group_alias_entries: returning %d entries\n", *p_num_entries));
+
+	if (num_entries >= max_entries)
+		return STATUS_MORE_ENTRIES;
+	return NT_STATUS_OK;
+}
+
+/*******************************************************************
+ Get the group entries - similar to get_sampwd_entries().
+ ********************************************************************/
+
+static NTSTATUS get_group_domain_entries(TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, DOM_SID *sid, uint32 start_idx,
+				     uint32 *p_num_entries, uint32 max_entries)
+{
+	GROUP_MAP *map=NULL;
+	int i;
+	uint32 group_entries = 0;
+	uint32 num_entries = 0;
+
+	*p_num_entries = 0;
+
+	enum_group_mapping(SID_NAME_DOM_GRP, &map, (int *)&group_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV);
+
+	num_entries=group_entries-start_idx;
+
+	/* limit the number of entries */
+	if (num_entries>max_entries) {
+		DEBUG(5,("Limiting to %d entries\n", max_entries));
+		num_entries=max_entries;
+	}
+
+	*d_grp=(DOMAIN_GRP *)talloc_zero(ctx, num_entries*sizeof(DOMAIN_GRP));
+	if (num_entries!=0 && *d_grp==NULL){
+		SAFE_FREE(map);
+		return NT_STATUS_NO_MEMORY;
+	}
+	
+	for (i=0; i<num_entries; i++) {
+		fstrcpy((*d_grp)[i].name, map[i+start_idx].nt_name);
+		fstrcpy((*d_grp)[i].comment, map[i+start_idx].comment);
+		sid_split_rid(&map[i+start_idx].sid, &(*d_grp)[i].rid);
+		(*d_grp)[i].attr=SID_NAME_DOM_GRP;
+	}
+
+	SAFE_FREE(map);
+
+	*p_num_entries = num_entries;
+
+	return NT_STATUS_OK;
+}
+
+/*******************************************************************
+ samr_reply_enum_dom_groups
+ Only reply with one group - domain admins. This must be fixed for
+ a real PDC. JRA.
+ ********************************************************************/
+
+NTSTATUS _samr_enum_dom_groups(pipes_struct *p, SAMR_Q_ENUM_DOM_GROUPS *q_u, SAMR_R_ENUM_DOM_GROUPS *r_u)
+{
+	DOMAIN_GRP *grp=NULL;
+	uint32 num_entries;
+	DOM_SID sid;
+
+	r_u->status = NT_STATUS_OK;
+
+	if (!get_lsa_policy_samr_sid(p, &q_u->pol, &sid))
+		return NT_STATUS_INVALID_HANDLE;
+
+	DEBUG(5,("samr_reply_enum_dom_groups: %d\n", __LINE__));
+
+	/* the domain group array is being allocated in the function below */
+	get_group_domain_entries(p->mem_ctx, &grp, &sid, q_u->start_idx, &num_entries, MAX_SAM_ENTRIES);
+
+	make_group_sam_entry_list(p->mem_ctx, &r_u->sam, &r_u->uni_grp_name, num_entries, grp);
+
+	init_samr_r_enum_dom_groups(r_u, q_u->start_idx, num_entries);
+
+	DEBUG(5,("samr_enum_dom_groups: %d\n", __LINE__));
+
+	return r_u->status;
+}
+
+
+/*******************************************************************
+ samr_reply_enum_dom_aliases
+ ********************************************************************/
+
+NTSTATUS _samr_enum_dom_aliases(pipes_struct *p, SAMR_Q_ENUM_DOM_ALIASES *q_u, SAMR_R_ENUM_DOM_ALIASES *r_u)
+{
+	DOMAIN_GRP *grp=NULL;
+	uint32 num_entries = 0;
+	fstring sid_str;
+	DOM_SID sid;
+	NTSTATUS status;
+	
+	r_u->status = NT_STATUS_OK;
+
+	if (!get_lsa_policy_samr_sid(p, &q_u->pol, &sid))
+		return NT_STATUS_INVALID_HANDLE;
+
+	sid_to_string(sid_str, &sid);
+	DEBUG(5,("samr_reply_enum_dom_aliases: sid %s\n", sid_str));
+
+	status = get_group_alias_entries(p->mem_ctx, &grp, &sid, q_u->start_idx, 
+					 &num_entries, MAX_SAM_ENTRIES);
+	if (NT_STATUS_IS_ERR(status)) return status;
+
+	make_group_sam_entry_list(p->mem_ctx, &r_u->sam, &r_u->uni_grp_name, num_entries, grp);
+
+	/*safe_free(grp);*/
+
+	init_samr_r_enum_dom_aliases(r_u, q_u->start_idx + num_entries, num_entries);
+
+	DEBUG(5,("samr_enum_dom_aliases: %d\n", __LINE__));
+
+	return r_u->status;
+}
+
+/*******************************************************************
+ samr_reply_query_dispinfo
+ ********************************************************************/
+NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, SAMR_R_QUERY_DISPINFO *r_u)
+{
+	struct samr_info *info = NULL;
+	uint32 struct_size=0x20; /* W2K always reply that, client doesn't care */
+	uint16 acb_mask;
+	
+	uint32 max_entries=q_u->max_entries;
+	uint32 enum_context=q_u->start_idx;
+	uint32 max_size=q_u->max_size;
+
+	SAM_DISPINFO_CTR *ctr;
+	uint32 temp_size=0, total_data_size=0;
+	NTSTATUS disp_ret;
+	uint32 num_account = 0;
+	enum remote_arch_types ra_type = get_remote_arch();
+	int max_sam_entries;
+
+	max_sam_entries = (ra_type == RA_WIN95) ? MAX_SAM_ENTRIES_W95 : MAX_SAM_ENTRIES_W2K;
+
+	DEBUG(5, ("samr_reply_query_dispinfo: %d\n", __LINE__));
+	r_u->status = NT_STATUS_OK;
+
+	/* find the policy handle.  open a policy on it. */
+	if (!find_policy_by_hnd(p, &q_u->domain_pol, (void **)&info))
+		return NT_STATUS_INVALID_HANDLE;
+
+	/*
+	 * calculate how many entries we will return.
+	 * based on 
+	 * - the number of entries the client asked
+	 * - our limit on that
+	 * - the starting point (enumeration context)
+	 * - the buffer size the client will accept
+	 */
+
+	/*
+	 * We are a lot more like W2K. Instead of reading the SAM
+	 * each time to find the records we need to send back,
+	 * we read it once and link that copy to the sam handle.
+	 * For large user list (over the MAX_SAM_ENTRIES)
+	 * it's a definitive win.
+	 * second point to notice: between enumerations
+	 * our sam is now the same as it's a snapshoot.
+	 * third point: got rid of the static SAM_USER_21 struct
+	 * no more intermediate.
+	 * con: it uses much more memory, as a full copy is stored
+	 * in memory.
+	 *
+	 * If you want to change it, think twice and think
+	 * of the second point , that's really important.
+	 *
+	 * JFM, 12/20/2001
+	 */
+
+	/* Get what we need from the password database */
+
+	if (q_u->switch_level==2)
+		acb_mask = ACB_WSTRUST;
+	else
+		acb_mask = ACB_NORMAL;
+
+	/* Get what we need from the password database */
+	switch (q_u->switch_level) {
+		case 0x1:
+		case 0x2:
+		case 0x4:
+			become_root();		
+			r_u->status=load_sampwd_entries(info, acb_mask);
+			unbecome_root();
+			if (NT_STATUS_IS_ERR(r_u->status)) {
+				DEBUG(5, ("_samr_query_dispinfo: load_sampwd_entries failed\n"));
+				return r_u->status;
+			}
+			num_account = info->disp_info.num_user_account;
+			break;
+		case 0x3:
+		case 0x5:
+			r_u->status = load_group_domain_entries(info, &info->sid);
+			if (NT_STATUS_IS_ERR(r_u->status))
+				return r_u->status;
+			num_account = info->disp_info.num_group_account;
+			break;
+		default:
+			DEBUG(0,("_samr_query_dispinfo: Unknown info level (%u)\n", (unsigned int)q_u->switch_level ));
+			return NT_STATUS_INVALID_INFO_CLASS;
+	}
+
+	/* first limit the number of entries we will return */
+	if(max_entries > max_sam_entries) {
+		DEBUG(5, ("samr_reply_query_dispinfo: client requested %d entries, limiting to %d\n", max_entries, max_sam_entries));
+		max_entries = max_sam_entries;
+	}
+
+	if (enum_context > num_account) {
+		DEBUG(5, ("samr_reply_query_dispinfo: enumeration handle over total entries\n"));
+		return NT_STATUS_OK;
+	}
+
+	/* verify we won't overflow */
+	if (max_entries > num_account-enum_context) {
+		max_entries = num_account-enum_context;
+		DEBUG(5, ("samr_reply_query_dispinfo: only %d entries to return\n", max_entries));
+	}
+
+	/* calculate the size and limit on the number of entries we will return */
+	temp_size=max_entries*struct_size;
+	
+	if (temp_size>max_size) {
+		max_entries=MIN((max_size/struct_size),max_entries);;
+		DEBUG(5, ("samr_reply_query_dispinfo: buffer size limits to only %d entries\n", max_entries));
+	}
+
+	if (!(ctr = (SAM_DISPINFO_CTR *)talloc_zero(p->mem_ctx,sizeof(SAM_DISPINFO_CTR))))
+		return NT_STATUS_NO_MEMORY;
+
+	ZERO_STRUCTP(ctr);
+
+	/* Now create reply structure */
+	switch (q_u->switch_level) {
+	case 0x1:
+		if (max_entries) {
+			if (!(ctr->sam.info1 = (SAM_DISPINFO_1 *)talloc_zero(p->mem_ctx,max_entries*sizeof(SAM_DISPINFO_1))))
+				return NT_STATUS_NO_MEMORY;
+		}
+		disp_ret = init_sam_dispinfo_1(p->mem_ctx, ctr->sam.info1, max_entries, enum_context, info->disp_info.disp_user_info);
+		if (NT_STATUS_IS_ERR(disp_ret))
+			return disp_ret;
+		break;
+	case 0x2:
+		if (max_entries) {
+			if (!(ctr->sam.info2 = (SAM_DISPINFO_2 *)talloc_zero(p->mem_ctx,max_entries*sizeof(SAM_DISPINFO_2))))
+				return NT_STATUS_NO_MEMORY;
+		}
+		disp_ret = init_sam_dispinfo_2(p->mem_ctx, ctr->sam.info2, max_entries, enum_context, info->disp_info.disp_user_info);
+		if (NT_STATUS_IS_ERR(disp_ret))
+			return disp_ret;
+		break;
+	case 0x3:
+		if (max_entries) {
+			if (!(ctr->sam.info3 = (SAM_DISPINFO_3 *)talloc_zero(p->mem_ctx,max_entries*sizeof(SAM_DISPINFO_3))))
+				return NT_STATUS_NO_MEMORY;
+		}
+		disp_ret = init_sam_dispinfo_3(p->mem_ctx, ctr->sam.info3, max_entries, enum_context, info->disp_info.disp_group_info);
+		if (NT_STATUS_IS_ERR(disp_ret))
+			return disp_ret;
+		break;
+	case 0x4:
+		if (max_entries) {
+			if (!(ctr->sam.info4 = (SAM_DISPINFO_4 *)talloc_zero(p->mem_ctx,max_entries*sizeof(SAM_DISPINFO_4))))
+				return NT_STATUS_NO_MEMORY;
+		}
+		disp_ret = init_sam_dispinfo_4(p->mem_ctx, ctr->sam.info4, max_entries, enum_context, info->disp_info.disp_user_info);
+		if (NT_STATUS_IS_ERR(disp_ret))
+			return disp_ret;
+		break;
+	case 0x5:
+		if (max_entries) {
+			if (!(ctr->sam.info5 = (SAM_DISPINFO_5 *)talloc_zero(p->mem_ctx,max_entries*sizeof(SAM_DISPINFO_5))))
+				return NT_STATUS_NO_MEMORY;
+		}
+		disp_ret = init_sam_dispinfo_5(p->mem_ctx, ctr->sam.info5, max_entries, enum_context, info->disp_info.disp_group_info);
+		if (NT_STATUS_IS_ERR(disp_ret))
+			return disp_ret;
+		break;
+
+	default:
+		ctr->sam.info = NULL;
+		return NT_STATUS_INVALID_INFO_CLASS;
+	}
+
+	/* calculate the total size */
+	total_data_size=num_account*struct_size;
+
+	if (enum_context+max_entries < num_account)
+		r_u->status = STATUS_MORE_ENTRIES;
+
+	DEBUG(5, ("_samr_query_dispinfo: %d\n", __LINE__));
+
+	init_samr_r_query_dispinfo(r_u, max_entries, total_data_size, temp_size, q_u->switch_level, ctr, r_u->status);
+
+	return r_u->status;
+
+}
+
+/*******************************************************************
+ samr_reply_query_aliasinfo
+ ********************************************************************/
+
+NTSTATUS _samr_query_aliasinfo(pipes_struct *p, SAMR_Q_QUERY_ALIASINFO *q_u, SAMR_R_QUERY_ALIASINFO *r_u)
+{
+	struct samr_info *info = NULL;
+	GROUP_MAP map;
+
+	r_u->status = NT_STATUS_OK;
+
+	DEBUG(5,("_samr_query_aliasinfo: %d\n", __LINE__));
+
+	/* find the policy handle.  open a policy on it. */
+	if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
+		return NT_STATUS_INVALID_HANDLE;
+
+	if (!sid_check_is_in_our_domain(&info->sid) &&
+	    !sid_check_is_in_builtin(&info->sid))
+		return NT_STATUS_OBJECT_TYPE_MISMATCH;
+
+	if(!get_local_group_from_sid(info->sid, &map, MAPPING_WITHOUT_PRIV))
+		return NT_STATUS_NO_SUCH_ALIAS;
+
+	switch (q_u->switch_level) {
+	case 1:
+		r_u->ptr = 1;
+		r_u->ctr.switch_value1 = 1;
+		init_samr_alias_info1(&r_u->ctr.alias.info1, map.nt_name, 1, map.comment);
+		break;
+	case 3:
+		r_u->ptr = 1;
+		r_u->ctr.switch_value1 = 3;
+		init_samr_alias_info3(&r_u->ctr.alias.info3, map.comment);
+		break;
+	default:
+		return NT_STATUS_INVALID_INFO_CLASS;
+	}
+
+	DEBUG(5,("_samr_query_aliasinfo: %d\n", __LINE__));
+
+	return r_u->status;
+}
+
+#if 0
+/*******************************************************************
+ samr_reply_lookup_ids
+ ********************************************************************/
+
+ uint32 _samr_lookup_ids(pipes_struct *p, SAMR_Q_LOOKUP_IDS *q_u, SAMR_R_LOOKUP_IDS *r_u)
+{
+    uint32 rid[MAX_SAM_ENTRIES];
+    int num_rids = q_u->num_sids1;
+
+    r_u->status = NT_STATUS_OK;
+
+    DEBUG(5,("_samr_lookup_ids: %d\n", __LINE__));
+
+    if (num_rids > MAX_SAM_ENTRIES) {
+        num_rids = MAX_SAM_ENTRIES;
+        DEBUG(5,("_samr_lookup_ids: truncating entries to %d\n", num_rids));
+    }
+
+#if 0
+    int i;
+    SMB_ASSERT_ARRAY(q_u->uni_user_name, num_rids);
+
+    for (i = 0; i < num_rids && status == 0; i++)
+    {
+        struct sam_passwd *sam_pass;
+        fstring user_name;
+
+
+        fstrcpy(user_name, unistrn2(q_u->uni_user_name[i].buffer,
+                                    q_u->uni_user_name[i].uni_str_len));
+
+        /* find the user account */
+        become_root();
+        sam_pass = get_smb21pwd_entry(user_name, 0);
+        unbecome_root();
+
+        if (sam_pass == NULL)
+        {
+            status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
+            rid[i] = 0;
+        }
+        else
+        {
+            rid[i] = sam_pass->user_rid;
+        }
+    }
+#endif
+
+    num_rids = 1;
+    rid[0] = BUILTIN_ALIAS_RID_USERS;
+
+    init_samr_r_lookup_ids(&r_u, num_rids, rid, NT_STATUS_OK);
+
+    DEBUG(5,("_samr_lookup_ids: %d\n", __LINE__));
+
+    return r_u->status;
+}
+#endif
+
+/*******************************************************************
+ _samr_lookup_names
+ ********************************************************************/
+
+NTSTATUS _samr_lookup_names(pipes_struct *p, SAMR_Q_LOOKUP_NAMES *q_u, SAMR_R_LOOKUP_NAMES *r_u)
+{
+	uint32 rid[MAX_SAM_ENTRIES];
+	uint32 local_rid;
+	enum SID_NAME_USE type[MAX_SAM_ENTRIES];
+	enum SID_NAME_USE local_type;
+	int i;
+	int num_rids = q_u->num_names2;
+	DOM_SID pol_sid;
+	fstring sid_str;
+
+	r_u->status = NT_STATUS_OK;
+
+	DEBUG(5,("_samr_lookup_names: %d\n", __LINE__));
+
+	ZERO_ARRAY(rid);
+	ZERO_ARRAY(type);
+
+	if (!get_lsa_policy_samr_sid(p, &q_u->pol, &pol_sid)) {
+		init_samr_r_lookup_names(p->mem_ctx, r_u, 0, NULL, NULL, NT_STATUS_OBJECT_TYPE_MISMATCH);
+		return r_u->status;
+	}
+
+	if (num_rids > MAX_SAM_ENTRIES) {
+		num_rids = MAX_SAM_ENTRIES;
+		DEBUG(5,("_samr_lookup_names: truncating entries to %d\n", num_rids));
+	}
+
+	DEBUG(5,("_samr_lookup_names: looking name on SID %s\n", sid_to_string(sid_str, &pol_sid)));
+	
+	become_root(); /* local_lookup_name can require root privs */
+
+	for (i = 0; i < num_rids; i++) {
+		fstring name;
+            	DOM_SID sid;
+
+	        r_u->status = NT_STATUS_NONE_MAPPED;
+
+	        rid [i] = 0xffffffff;
+	        type[i] = SID_NAME_UNKNOWN;
+
+		rpcstr_pull(name, q_u->uni_name[i].buffer, sizeof(name), q_u->uni_name[i].uni_str_len*2, 0);
+
+ 		/*
+		 * we are only looking for a name
+		 * the SID we get back can be outside
+		 * the scope of the pol_sid
+		 * 
+		 * in clear: it prevents to reply to domain\group: yes
+		 * when only builtin\group exists.
+		 *
+		 * a cleaner code is to add the sid of the domain we're looking in
+		 * to the local_lookup_name function.
+		 */
+            	if(local_lookup_name(name, &sid, &local_type)) {
+                	sid_split_rid(&sid, &local_rid);
+				
+			if (sid_equal(&sid, &pol_sid)) {
+				rid[i]=local_rid;
+				type[i]=local_type;
+                		r_u->status = NT_STATUS_OK;
+			}
+            	}
+	}
+
+	unbecome_root();
+
+	init_samr_r_lookup_names(p->mem_ctx, r_u, num_rids, rid, (uint32 *)type, r_u->status);
+
+	DEBUG(5,("_samr_lookup_names: %d\n", __LINE__));
+
+	return r_u->status;
+}
+
+/*******************************************************************
+ _samr_chgpasswd_user
+ ********************************************************************/
+
+NTSTATUS _samr_chgpasswd_user(pipes_struct *p, SAMR_Q_CHGPASSWD_USER *q_u, SAMR_R_CHGPASSWD_USER *r_u)
+{
+    fstring user_name;
+    fstring wks;
+
+    DEBUG(5,("_samr_chgpasswd_user: %d\n", __LINE__));
+
+    r_u->status = NT_STATUS_OK;
+
+    rpcstr_pull(user_name, q_u->uni_user_name.buffer, sizeof(user_name), q_u->uni_user_name.uni_str_len*2, 0);
+    rpcstr_pull(wks, q_u->uni_dest_host.buffer, sizeof(wks), q_u->uni_dest_host.uni_str_len*2,0);
+
+    DEBUG(5,("samr_chgpasswd_user: user: %s wks: %s\n", user_name, wks));
+
+	/*
+	 * Pass the user through the NT -> unix user mapping
+	 * function.
+	 */
+ 
+	(void)map_username(user_name);
+ 
+	/*
+	 * UNIX username case mangling not required, pass_oem_change 
+	 * is case insensitive.
+	 */
+
+    if (!pass_oem_change(user_name, q_u->lm_newpass.pass, q_u->lm_oldhash.hash,
+                         q_u->nt_newpass.pass, q_u->nt_oldhash.hash))
+        r_u->status = NT_STATUS_WRONG_PASSWORD;
+
+    init_samr_r_chgpasswd_user(r_u, r_u->status);
+
+    DEBUG(5,("_samr_chgpasswd_user: %d\n", __LINE__));
+
+    return r_u->status;
+}
+
+/*******************************************************************
+makes a SAMR_R_LOOKUP_RIDS structure.
+********************************************************************/
+
+static BOOL make_samr_lookup_rids(TALLOC_CTX *ctx, uint32 num_names, fstring names[],
+	    UNIHDR **pp_hdr_name, UNISTR2 **pp_uni_name)
+{
+	uint32 i;
+	UNIHDR *hdr_name=NULL;
+	UNISTR2 *uni_name=NULL;
+
+	*pp_uni_name = NULL;
+	*pp_hdr_name = NULL;
+
+	if (num_names != 0) {
+		hdr_name = (UNIHDR *)talloc_zero(ctx, sizeof(UNIHDR)*num_names);
+		if (hdr_name == NULL)
+			return False;
+
+		uni_name = (UNISTR2 *)talloc_zero(ctx,sizeof(UNISTR2)*num_names);
+		if (uni_name == NULL)
+			return False;
+	}
+
+	for (i = 0; i < num_names; i++) {
+		int len = names[i] != NULL ? strlen(names[i]) : 0;
+		DEBUG(10, ("names[%d]:%s\n", i, names[i]));
+		init_uni_hdr(&hdr_name[i], len);
+		init_unistr2(&uni_name[i], names[i], len);
+	}
+
+	*pp_uni_name = uni_name;
+	*pp_hdr_name = hdr_name;
+
+	return True;
+}
+
+/*******************************************************************
+ _samr_lookup_rids
+ ********************************************************************/
+
+NTSTATUS _samr_lookup_rids(pipes_struct *p, SAMR_Q_LOOKUP_RIDS *q_u, SAMR_R_LOOKUP_RIDS *r_u)
+{
+	fstring group_names[MAX_SAM_ENTRIES];
+	uint32 *group_attrs = NULL;
+	UNIHDR *hdr_name = NULL;
+	UNISTR2 *uni_name = NULL;
+	DOM_SID pol_sid;
+	int num_rids = q_u->num_rids1;
+	int i;
+
+	r_u->status = NT_STATUS_OK;
+
+	DEBUG(5,("_samr_lookup_rids: %d\n", __LINE__));
+
+	/* find the policy handle.  open a policy on it. */
+	if (!get_lsa_policy_samr_sid(p, &q_u->pol, &pol_sid))
+		return NT_STATUS_INVALID_HANDLE;
+
+	if (num_rids > MAX_SAM_ENTRIES) {
+		num_rids = MAX_SAM_ENTRIES;
+		DEBUG(5,("_samr_lookup_rids: truncating entries to %d\n", num_rids));
+	}
+
+	if (num_rids) {
+		if ((group_attrs = (uint32 *)talloc_zero(p->mem_ctx, num_rids * sizeof(uint32))) == NULL)
+			return NT_STATUS_NO_MEMORY;
+ 	}
+ 
+	r_u->status = NT_STATUS_NONE_MAPPED;
+
+	become_root();  /* lookup_sid can require root privs */
+
+	for (i = 0; i < num_rids; i++) {
+		fstring tmpname;
+		fstring domname;
+		DOM_SID sid;
+   		enum SID_NAME_USE type;
+
+		group_attrs[i] = SID_NAME_UNKNOWN;
+		*group_names[i] = '\0';
+
+		if (sid_equal(&pol_sid, &global_sam_sid)) {
+			sid_copy(&sid, &pol_sid);
+			sid_append_rid(&sid, q_u->rid[i]);
+
+			if (lookup_sid(&sid, domname, tmpname, &type)) {
+				r_u->status = NT_STATUS_OK;
+				group_attrs[i] = (uint32)type;
+				fstrcpy(group_names[i],tmpname);
+				DEBUG(5,("_samr_lookup_rids: %s:%d\n", group_names[i], group_attrs[i]));
+			}
+		}
+	}
+
+	unbecome_root();
+
+	if(!make_samr_lookup_rids(p->mem_ctx, num_rids, group_names, &hdr_name, &uni_name))
+		return NT_STATUS_NO_MEMORY;
+
+	init_samr_r_lookup_rids(r_u, num_rids, hdr_name, uni_name, group_attrs);
+
+	DEBUG(5,("_samr_lookup_rids: %d\n", __LINE__));
+
+	return r_u->status;
+}
+
+/*******************************************************************
+ _api_samr_open_user. Safe - gives out no passwd info.
+ ********************************************************************/
+
+NTSTATUS _api_samr_open_user(pipes_struct *p, SAMR_Q_OPEN_USER *q_u, SAMR_R_OPEN_USER *r_u)
+{
+	SAM_ACCOUNT *sampass=NULL;
+	DOM_SID sid;
+	POLICY_HND domain_pol = q_u->domain_pol;
+	uint32 user_rid = q_u->user_rid;
+	POLICY_HND *user_pol = &r_u->user_pol;
+	struct samr_info *info = NULL;
+	BOOL ret;
+
+	r_u->status = NT_STATUS_OK;
+
+	/* find the domain policy handle. */
+	if (!find_policy_by_hnd(p, &domain_pol, NULL))
+		return NT_STATUS_INVALID_HANDLE;
+
+	pdb_init_sam(&sampass);
+
+	become_root();
+	ret=pdb_getsampwrid(sampass, user_rid);
+	unbecome_root();
+
+	/* check that the RID exists in our domain. */
+	if (ret == False) {
+		pdb_free_sam(&sampass);
+        	return NT_STATUS_NO_SUCH_USER;
+	}
+
+	pdb_free_sam(&sampass);
+
+	/* Get the domain SID stored in the domain policy */
+	if(!get_lsa_policy_samr_sid(p, &domain_pol, &sid))
+		return NT_STATUS_INVALID_HANDLE;
+
+	/* append the user's RID to it */
+	if(!sid_append_rid(&sid, user_rid))
+		return NT_STATUS_NO_SUCH_USER;
+
+	/* associate the user's SID with the new handle. */
+	if ((info = get_samr_info_by_sid(&sid)) == NULL)
+		return NT_STATUS_NO_MEMORY;
+
+	/* get a (unique) handle.  open a policy on it. */
+	if (!create_policy_hnd(p, user_pol, free_samr_info, (void *)info))
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+
+	return r_u->status;
+}
+
+/*************************************************************************
+ get_user_info_10. Safe. Only gives out acb bits.
+ *************************************************************************/
+
+static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid)
+{
+	SAM_ACCOUNT *smbpass=NULL;
+	BOOL ret;
+
+	if (!pdb_rid_is_user(user_rid)) {
+		DEBUG(4,("RID 0x%x is not a user RID\n", user_rid));
+		return False;
+	}
+
+	pdb_init_sam(&smbpass);
+
+	become_root();
+	ret = pdb_getsampwrid(smbpass, user_rid);
+	unbecome_root();
+
+	if (ret==False) {
+		DEBUG(4,("User 0x%x not found\n", user_rid));
+		pdb_free_sam(&smbpass);
+		return False;
+	}
+
+	DEBUG(3,("User:[%s]\n", pdb_get_username(smbpass) ));
+
+	ZERO_STRUCTP(id10);
+	init_sam_user_info10(id10, pdb_get_acct_ctrl(smbpass) );
+
+	pdb_free_sam(&smbpass);
+
+	return True;
+}
+
+/*************************************************************************
+ get_user_info_12. OK - this is the killer as it gives out password info.
+ Ensure that this is only allowed on an encrypted connection with a root
+ user. JRA. 
+ *************************************************************************/
+
+static NTSTATUS get_user_info_12(pipes_struct *p, SAM_USER_INFO_12 * id12, uint32 user_rid)
+{
+	SAM_ACCOUNT *smbpass=NULL;
+	BOOL ret;
+
+	if (!p->ntlmssp_auth_validated)
+		return NT_STATUS_ACCESS_DENIED;
+
+	if (!(p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SIGN) || !(p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SEAL))
+		return NT_STATUS_ACCESS_DENIED;
+
+	/*
+	 * Do *NOT* do become_root()/unbecome_root() here ! JRA.
+	 */
+	pdb_init_sam(&smbpass);
+
+	ret = pdb_getsampwrid(smbpass, user_rid);
+
+	if (ret == False) {
+		DEBUG(4, ("User 0x%x not found\n", user_rid));
+		pdb_free_sam(&smbpass);
+		return (geteuid() == (uid_t)0) ? NT_STATUS_NO_SUCH_USER : NT_STATUS_ACCESS_DENIED;
+	}
+
+	DEBUG(3,("User:[%s] 0x%x\n", pdb_get_username(smbpass), pdb_get_acct_ctrl(smbpass) ));
+
+	if ( pdb_get_acct_ctrl(smbpass) & ACB_DISABLED) {
+		pdb_free_sam(&smbpass);
+		return NT_STATUS_ACCOUNT_DISABLED;
+	}
+
+	ZERO_STRUCTP(id12);
+	init_sam_user_info12(id12, pdb_get_lanman_passwd(smbpass), pdb_get_nt_passwd(smbpass));
+	
+	pdb_free_sam(&smbpass);
+
+	return NT_STATUS_OK;
+}
+
+/*************************************************************************
+ get_user_info_20
+ *************************************************************************/
+
+static BOOL get_user_info_20(SAM_USER_INFO_20 *id20, uint32 user_rid)
+{
+	SAM_ACCOUNT *sampass=NULL;
+	BOOL ret;
+
+	if (!pdb_rid_is_user(user_rid)) {
+		DEBUG(4,("RID 0x%x is not a user RID\n", user_rid));
+		return False;
+	}
+
+	pdb_init_sam(&sampass);
+
+	become_root();
+	ret = pdb_getsampwrid(sampass, user_rid);
+	unbecome_root();
+
+	if (ret == False) {
+		DEBUG(4,("User 0x%x not found\n", user_rid));
+		pdb_free_sam(&sampass);
+		return False;
+	}
+
+	samr_clear_sam_passwd(sampass);
+
+	DEBUG(3,("User:[%s]\n",  pdb_get_username(sampass) ));
+
+	ZERO_STRUCTP(id20);
+	init_sam_user_info20A(id20, sampass);
+	
+	pdb_free_sam(&sampass);
+
+	return True;
+}
+
+/*************************************************************************
+ get_user_info_21
+ *************************************************************************/
+
+static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid)
+{
+	SAM_ACCOUNT *sampass=NULL;
+	BOOL ret;
+
+	if (!pdb_rid_is_user(user_rid)) {
+		DEBUG(4,("RID 0x%x is not a user RID\n", user_rid));
+		return False;
+	}
+
+	pdb_init_sam(&sampass);
+
+	become_root();
+	ret = pdb_getsampwrid(sampass, user_rid);
+	unbecome_root();
+
+	if (ret == False) {
+		DEBUG(4,("User 0x%x not found\n", user_rid));
+		pdb_free_sam(&sampass);
+		return False;
+	}
+
+	samr_clear_sam_passwd(sampass);
+
+	DEBUG(3,("User:[%s]\n",  pdb_get_username(sampass) ));
+
+	ZERO_STRUCTP(id21);
+	init_sam_user_info21A(id21, sampass);
+	
+	pdb_free_sam(&sampass);
+
+	return True;
+}
+
+/*******************************************************************
+ _samr_query_userinfo
+ ********************************************************************/
+
+NTSTATUS _samr_query_userinfo(pipes_struct *p, SAMR_Q_QUERY_USERINFO *q_u, SAMR_R_QUERY_USERINFO *r_u)
+{
+	SAM_USERINFO_CTR *ctr;
+	uint32 rid = 0;
+	struct samr_info *info = NULL;
+
+	r_u->status=NT_STATUS_OK;
+
+	/* search for the handle */
+	if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
+		return NT_STATUS_INVALID_HANDLE;
+
+	if (!sid_check_is_in_our_domain(&info->sid))
+		return NT_STATUS_OBJECT_TYPE_MISMATCH;
+
+	sid_peek_rid(&info->sid, &rid);
+
+	DEBUG(5,("_samr_query_userinfo: rid:0x%x\n", rid));
+
+	ctr = (SAM_USERINFO_CTR *)talloc_zero(p->mem_ctx, sizeof(SAM_USERINFO_CTR));
+	if (!ctr)
+		return NT_STATUS_NO_MEMORY;
+
+	ZERO_STRUCTP(ctr);
+
+	/* ok!  user info levels (lots: see MSDEV help), off we go... */
+	ctr->switch_value = q_u->switch_value;
+
+	switch (q_u->switch_value) {
+	case 0x10:
+		ctr->info.id10 = (SAM_USER_INFO_10 *)talloc_zero(p->mem_ctx, sizeof(SAM_USER_INFO_10));
+		if (ctr->info.id10 == NULL)
+			return NT_STATUS_NO_MEMORY;
+
+		if (!get_user_info_10(ctr->info.id10, rid))
+			return NT_STATUS_NO_SUCH_USER;
+		break;
+
+#if 0
+/* whoops - got this wrong.  i think.  or don't understand what's happening. */
+        case 0x11:
+        {
+            NTTIME expire;
+            info = (void *)&id11;
+
+            expire.low = 0xffffffff;
+            expire.high = 0x7fffffff;
+
+            ctr->info.id = (SAM_USER_INFO_11 *)talloc_zero(p->mem_ctx,
+                                    sizeof
+                                    (*ctr->
+                                     info.
+                                     id11));
+	    ZERO_STRUCTP(ctr->info.id11);
+            init_sam_user_info11(ctr->info.id11, &expire,
+                         "BROOKFIELDS$",    /* name */
+                         0x03ef,    /* user rid */
+                         0x201, /* group rid */
+                         0x0080);   /* acb info */
+
+            break;
+        }
+#endif
+
+	case 0x12:
+		ctr->info.id12 = (SAM_USER_INFO_12 *)talloc_zero(p->mem_ctx, sizeof(SAM_USER_INFO_12));
+		if (ctr->info.id12 == NULL)
+			return NT_STATUS_NO_MEMORY;
+
+		if (NT_STATUS_IS_ERR(r_u->status = get_user_info_12(p, ctr->info.id12, rid)))
+			return r_u->status;
+		break;
+
+	case 20:
+		ctr->info.id20 = (SAM_USER_INFO_20 *)talloc_zero(p->mem_ctx,sizeof(SAM_USER_INFO_20));
+		if (ctr->info.id20 == NULL)
+			return NT_STATUS_NO_MEMORY;
+		if (!get_user_info_20(ctr->info.id20, rid))
+			return NT_STATUS_NO_SUCH_USER;
+		break;
+
+	case 21:
+		ctr->info.id21 = (SAM_USER_INFO_21 *)talloc_zero(p->mem_ctx,sizeof(SAM_USER_INFO_21));
+		if (ctr->info.id21 == NULL)
+			return NT_STATUS_NO_MEMORY;
+		if (!get_user_info_21(ctr->info.id21, rid))
+			return NT_STATUS_NO_SUCH_USER;
+		break;
+
+	default:
+		return NT_STATUS_INVALID_INFO_CLASS;
+	}
+
+	init_samr_r_query_userinfo(r_u, ctr, r_u->status);
+
+	DEBUG(5,("_samr_query_userinfo: %d\n", __LINE__));
+
+	return r_u->status;
+}
+
+/*******************************************************************
+ samr_reply_query_usergroups
+ ********************************************************************/
+
+NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, SAMR_R_QUERY_USERGROUPS *r_u)
+{
+	SAM_ACCOUNT *sam_pass=NULL;
+	DOM_GID *gids = NULL;
+	int num_groups = 0;
+	uint32 rid;
+	struct samr_info *info = NULL;
+	BOOL ret;
+
+	/*
+	 * from the SID in the request:
+	 * we should send back the list of DOMAIN GROUPS
+	 * the user is a member of
+	 *
+	 * and only the DOMAIN GROUPS
+	 * no ALIASES !!! neither aliases of the domain
+	 * nor aliases of the builtin SID
+	 *
+	 * JFM, 12/2/2001
+	 */
+
+	r_u->status = NT_STATUS_OK;
+
+	DEBUG(5,("_samr_query_usergroups: %d\n", __LINE__));
+
+	/* find the policy handle.  open a policy on it. */
+	if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
+		return NT_STATUS_INVALID_HANDLE;
+
+	if (!sid_check_is_in_our_domain(&info->sid))
+		return NT_STATUS_OBJECT_TYPE_MISMATCH;
+
+	sid_peek_rid(&info->sid, &rid);
+
+	pdb_init_sam(&sam_pass);
+
+	become_root();
+	ret = pdb_getsampwrid(sam_pass, rid);
+	unbecome_root();
+
+	if (ret == False) {
+		pdb_free_sam(&sam_pass);
+		return NT_STATUS_NO_SUCH_USER;
+	}
+
+	if(!get_domain_user_groups(p->mem_ctx, &num_groups, &gids, sam_pass)) {
+		pdb_free_sam(&sam_pass);
+		return NT_STATUS_NO_SUCH_GROUP;
+	}
+
+	/* construct the response.  lkclXXXX: gids are not copied! */
+	init_samr_r_query_usergroups(r_u, num_groups, gids, r_u->status);
+
+	DEBUG(5,("_samr_query_usergroups: %d\n", __LINE__));
+	
+	pdb_free_sam(&sam_pass);
+
+	return r_u->status;
+}
+
+/*******************************************************************
+ _samr_query_dom_info
+ ********************************************************************/
+
+NTSTATUS _samr_query_dom_info(pipes_struct *p, SAMR_Q_QUERY_DOMAIN_INFO *q_u, SAMR_R_QUERY_DOMAIN_INFO *r_u)
+{
+	struct samr_info *info = NULL;
+	SAM_UNK_CTR *ctr;
+	uint32 min_pass_len,pass_hist,flag;
+	time_t u_expire, u_min_age;
+	NTTIME nt_expire, nt_min_age;
+
+	time_t u_lock_duration, u_reset_time;
+	NTTIME nt_lock_duration, nt_reset_time;
+	uint32 lockout;
+	
+	time_t u_logout;
+	NTTIME nt_logout;
+
+	uint32 num_users=0, num_groups=0, num_aliases=0;
+
+	if ((ctr = (SAM_UNK_CTR *)talloc_zero(p->mem_ctx, sizeof(SAM_UNK_CTR))) == NULL)
+		return NT_STATUS_NO_MEMORY;
+
+	ZERO_STRUCTP(ctr);
+
+	r_u->status = NT_STATUS_OK;
+
+	DEBUG(5,("_samr_query_dom_info: %d\n", __LINE__));
+
+	/* find the policy handle.  open a policy on it. */
+	if (!find_policy_by_hnd(p, &q_u->domain_pol, (void **)&info))
+		return NT_STATUS_INVALID_HANDLE;
+
+	switch (q_u->switch_value) {
+		case 0x01:
+			account_policy_get(AP_MIN_PASSWORD_LEN, &min_pass_len);
+			account_policy_get(AP_PASSWORD_HISTORY, &pass_hist);
+			account_policy_get(AP_USER_MUST_LOGON_TO_CHG_PASS, &flag);
+			account_policy_get(AP_MAX_PASSWORD_AGE, (int *)&u_expire);
+			account_policy_get(AP_MIN_PASSWORD_AGE, (int *)&u_min_age);
+
+			unix_to_nt_time_abs(&nt_expire, u_expire);
+			unix_to_nt_time_abs(&nt_min_age, u_min_age);
+
+			init_unk_info1(&ctr->info.inf1, (uint16)min_pass_len, (uint16)pass_hist, 
+			               flag, nt_expire, nt_min_age);
+			break;
+		case 0x02:
+			become_root();		
+			r_u->status=load_sampwd_entries(info, ACB_NORMAL);
+			unbecome_root();
+			if (NT_STATUS_IS_ERR(r_u->status)) {
+				DEBUG(5, ("_samr_query_dispinfo: load_sampwd_entries failed\n"));
+				return r_u->status;
+			}
+			num_users=info->disp_info.num_user_account;
+			free_samr_db(info);
+			
+			r_u->status=load_group_domain_entries(info, &global_sam_sid);
+			if (NT_STATUS_IS_ERR(r_u->status)) {
+				DEBUG(5, ("_samr_query_dispinfo: load_group_domain_entries failed\n"));
+				return r_u->status;
+			}
+			num_groups=info->disp_info.num_group_account;
+			free_samr_db(info);
+			
+			/* The time call below is to get a sequence number for the sam. FIXME !!! JRA. */
+			init_unk_info2(&ctr->info.inf2, global_myworkgroup, global_myname, (uint32) time(NULL), 
+				       num_users, num_groups, num_aliases);
+			break;
+		case 0x03:
+			account_policy_get(AP_TIME_TO_LOGOUT, (int *)&u_logout);
+			unix_to_nt_time_abs(&nt_logout, u_logout);
+			
+			init_unk_info3(&ctr->info.inf3, nt_logout);
+			break;
+		case 0x05:
+			init_unk_info5(&ctr->info.inf5, global_myname);
+			break;
+		case 0x06:
+			init_unk_info6(&ctr->info.inf6);
+			break;
+		case 0x07:
+			init_unk_info7(&ctr->info.inf7);
+			break;
+		case 0x0c:
+			account_policy_get(AP_LOCK_ACCOUNT_DURATION, (int *)&u_lock_duration);
+			account_policy_get(AP_RESET_COUNT_TIME, (int *)&u_reset_time);
+			account_policy_get(AP_BAD_ATTEMPT_LOCKOUT, &lockout);
+	
+			unix_to_nt_time_abs(&nt_lock_duration, u_lock_duration);
+			unix_to_nt_time_abs(&nt_reset_time, u_reset_time);
+	
+            		init_unk_info12(&ctr->info.inf12, nt_lock_duration, nt_reset_time, (uint16)lockout);
+            		break;
+        	default:
+            		return NT_STATUS_INVALID_INFO_CLASS;
+	}
+
+	init_samr_r_query_dom_info(r_u, q_u->switch_value, ctr, NT_STATUS_OK);
+
+	DEBUG(5,("_samr_query_dom_info: %d\n", __LINE__));
+
+	return r_u->status;
+}
+
+/*******************************************************************
+ _api_samr_create_user
+ Create an account, can be either a normal user or a machine.
+ This funcion will need to be updated for bdc/domain trusts.
+ ********************************************************************/
+
+NTSTATUS _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CREATE_USER *r_u)
+{
+	SAM_ACCOUNT *sam_pass=NULL;
+	fstring account;
+	DOM_SID sid;
+	pstring add_script;
+	POLICY_HND dom_pol = q_u->domain_pol;
+	UNISTR2 user_account = q_u->uni_name;
+	uint16 acb_info = q_u->acb_info;
+	POLICY_HND *user_pol = &r_u->user_pol;
+	struct samr_info *info = NULL;
+	BOOL ret;
+	NTSTATUS nt_status;
+	struct passwd *pw;
+
+	/* find the policy handle.  open a policy on it. */
+	if (!find_policy_by_hnd(p, &dom_pol, NULL))
+		return NT_STATUS_INVALID_HANDLE;
+
+	/* find the account: tell the caller if it exists.
+	  lkclXXXX i have *no* idea if this is a problem or not
+ 	  or even if you are supposed to construct a different
+	  reply if the account already exists...
+	 */
+
+	rpcstr_pull(account, user_account.buffer, sizeof(account), user_account.uni_str_len*2, 0);
+	strlower(account);
+
+	pdb_init_sam(&sam_pass);
+
+	become_root();
+	ret = pdb_getsampwnam(sam_pass, account);
+	unbecome_root();
+	if (ret == True) {
+		/* this account exists: say so */
+		pdb_free_sam(&sam_pass);
+		return NT_STATUS_USER_EXISTS;
+	}
+
+	pdb_free_sam(&sam_pass);
+
+	/*
+	 * NB. VERY IMPORTANT ! This call must be done as the current pipe user,
+	 * *NOT* surrounded by a become_root()/unbecome_root() call. This ensures
+	 * that only people with write access to the smbpasswd file will be able
+	 * to create a user. JRA.
+	 */
+
+	/*
+	 * add the user in the /etc/passwd file or the unix authority system.
+	 * We don't check if the smb_create_user() function succed or not for 2 reasons:
+	 * a) local_password_change() checks for us if the /etc/passwd account really exists
+	 * b) smb_create_user() would return an error if the account already exists
+	 * and as it could return an error also if it can't create the account, it would be tricky.
+	 *
+	 * So we go the easy way, only check after if the account exists.
+	 * JFM (2/3/2001), to clear any possible bad understanding (-:
+	 *
+	 * We now have seperate script paramaters for adding users/machines so we
+	 * now have some sainity-checking to match. 
+	 */
+
+	DEBUG(10,("checking account %s at pos %d for $ termination\n",account, strlen(account)-1));
+#if 0
+	if ((acb_info & ACB_WSTRUST) && (account[strlen(account)-1] == '$')) {
+		pstrcpy(add_script, lp_addmachine_script());		
+	} else if ((!(acb_info & ACB_WSTRUST)) && (account[strlen(account)-1] != '$')) {
+		pstrcpy(add_script, lp_adduser_script());
+	} else {
+		DEBUG(0, ("_api_samr_create_user: mismatch between trust flags and $ termination\n"));
+		pdb_free_sam(&sam_pass);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+#endif
+
+	/* 
+	 * we can't check both the ending $ and the acb_info.
+	 * 
+	 * UserManager creates trust accounts (ending in $,
+	 * normal that hidden accounts) with the acb_info equals to ACB_NORMAL.
+	 * JFM, 11/29/2001
+	 */
+	if (account[strlen(account)-1] == '$')
+		pstrcpy(add_script, lp_addmachine_script());		
+	else 
+		pstrcpy(add_script, lp_adduser_script());
+
+	if(*add_script) {
+  		int add_ret;
+  		all_string_sub(add_script, "%u", account, sizeof(account));
+  		add_ret = smbrun(add_script,NULL);
+ 		DEBUG(3,("_api_samr_create_user: Running the command `%s' gave %d\n", add_script, add_ret));
+  	}
+	
+	pw = getpwnam_alloc(account);
+
+	if (pw) {
+		if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam_pw(&sam_pass, pw))) {
+			passwd_free(&pw);
+			return nt_status;
+		}
+		passwd_free(&pw); /* done with this now */
+	} else {
+		DEBUG(3,("attempting to create non-unix account %s\n", account));
+		
+		if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam(&sam_pass))) {
+			return nt_status;
+		}
+		
+		if (!pdb_set_username(sam_pass, account)) {
+			pdb_free_sam(&sam_pass);
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+
+ 	pdb_set_acct_ctrl(sam_pass, acb_info);
+ 
+ 	if (!pdb_add_sam_account(sam_pass)) {
+ 		pdb_free_sam(&sam_pass);
+ 		DEBUG(0, ("could not add user/computer %s to passdb.  Check permissions?\n", 
+ 			  account));
+ 		return NT_STATUS_ACCESS_DENIED;		
+ 	}
+
+	pdb_reset_sam(sam_pass);
+	
+	if (!pdb_getsampwnam(sam_pass, account)) {
+ 		pdb_free_sam(&sam_pass);
+ 		DEBUG(0, ("could not find user/computer %s just added to passdb?!?\n", 
+ 			  account));
+ 		return NT_STATUS_ACCESS_DENIED;		
+ 	}
+ 	
+ 	/* Get the domain SID stored in the domain policy */
+  	if(!get_lsa_policy_samr_sid(p, &dom_pol, &sid)) {
+  		pdb_free_sam(&sam_pass);
+		return NT_STATUS_INVALID_HANDLE;
+	}
+
+	/* append the user's RID to it */
+	if(!sid_append_rid(&sid, pdb_get_user_rid(sam_pass) )) {
+		pdb_free_sam(&sam_pass);
+		return NT_STATUS_NO_SUCH_USER;
+	}
+
+	/* associate the user's SID with the new handle. */
+	if ((info = get_samr_info_by_sid(&sid)) == NULL) {
+		pdb_free_sam(&sam_pass);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ZERO_STRUCTP(info);
+	info->sid = sid;
+
+	/* get a (unique) handle.  open a policy on it. */
+	if (!create_policy_hnd(p, user_pol, free_samr_info, (void *)info)) {
+		pdb_free_sam(&sam_pass);
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+
+	r_u->user_rid=pdb_get_user_rid(sam_pass);
+	r_u->unknown_0 = 0x000703ff;
+
+	pdb_free_sam(&sam_pass);
+
+	return NT_STATUS_OK;
+}
+
+/*******************************************************************
+ samr_reply_connect_anon
+ ********************************************************************/
+
+NTSTATUS _samr_connect_anon(pipes_struct *p, SAMR_Q_CONNECT_ANON *q_u, SAMR_R_CONNECT_ANON *r_u)
+{
+	struct samr_info *info = NULL;
+
+    /* set up the SAMR connect_anon response */
+
+    r_u->status = NT_STATUS_OK;
+
+    /* associate the user's SID with the new handle. */
+    if ((info = get_samr_info_by_sid(NULL)) == NULL)
+        return NT_STATUS_NO_MEMORY;
+
+    info->status = q_u->unknown_0;
+
+    /* get a (unique) handle.  open a policy on it. */
+    if (!create_policy_hnd(p, &r_u->connect_pol, free_samr_info, (void *)info))
+        return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+
+    return r_u->status;
+}
+
+/*******************************************************************
+ samr_reply_connect
+ ********************************************************************/
+
+NTSTATUS _samr_connect(pipes_struct *p, SAMR_Q_CONNECT *q_u, SAMR_R_CONNECT *r_u)
+{
+	struct samr_info *info = NULL;
+
+    DEBUG(5,("_samr_connect: %d\n", __LINE__));
+
+    r_u->status = NT_STATUS_OK;
+
+    /* associate the user's SID with the new handle. */
+	if ((info = get_samr_info_by_sid(NULL)) == NULL)
+        return NT_STATUS_NO_MEMORY;
+
+    info->status = q_u->access_mask;
+
+    /* get a (unique) handle.  open a policy on it. */
+    if (!create_policy_hnd(p, &r_u->connect_pol, free_samr_info, (void *)info))
+        return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+
+    DEBUG(5,("_samr_connect: %d\n", __LINE__));
+
+    return r_u->status;
+}
+
+/**********************************************************************
+ api_samr_lookup_domain
+ **********************************************************************/
+
+NTSTATUS _samr_lookup_domain(pipes_struct *p, SAMR_Q_LOOKUP_DOMAIN *q_u, SAMR_R_LOOKUP_DOMAIN *r_u)
+{
+	fstring domain_name;
+	DOM_SID sid;
+
+	r_u->status = NT_STATUS_OK;
+
+	if (!find_policy_by_hnd(p, &q_u->connect_pol, NULL))
+		return NT_STATUS_INVALID_HANDLE;
+
+	rpcstr_pull(domain_name, q_u->uni_domain.buffer, sizeof(domain_name), q_u->uni_domain.uni_str_len*2, 0);
+
+	ZERO_STRUCT(sid);
+
+	if (!secrets_fetch_domain_sid(domain_name, &sid)) {
+		r_u->status = NT_STATUS_NO_SUCH_DOMAIN;
+	}
+
+	DEBUG(2,("Returning domain sid for domain %s -> %s\n", domain_name, sid_string_static(&sid)));
+
+	init_samr_r_lookup_domain(r_u, &sid, r_u->status);
+
+	return r_u->status;
+}
+
+/******************************************************************
+makes a SAMR_R_ENUM_DOMAINS structure.
+********************************************************************/
+
+static BOOL make_enum_domains(TALLOC_CTX *ctx, SAM_ENTRY **pp_sam,
+			UNISTR2 **pp_uni_name, uint32 num_sam_entries, fstring doms[])
+{
+	uint32 i;
+	SAM_ENTRY *sam;
+	UNISTR2 *uni_name;
+
+	DEBUG(5, ("make_enum_domains\n"));
+
+	*pp_sam = NULL;
+	*pp_uni_name = NULL;
+
+	if (num_sam_entries == 0)
+		return True;
+
+	sam = (SAM_ENTRY *)talloc_zero(ctx, sizeof(SAM_ENTRY)*num_sam_entries);
+	uni_name = (UNISTR2 *)talloc_zero(ctx, sizeof(UNISTR2)*num_sam_entries);
+
+	if (sam == NULL || uni_name == NULL)
+		return False;
+
+	for (i = 0; i < num_sam_entries; i++) {
+		int len = doms[i] != NULL ? strlen(doms[i]) : 0;
+
+		init_sam_entry(&sam[i], len, 0);
+		init_unistr2(&uni_name[i], doms[i], len);
+	}
+
+	*pp_sam = sam;
+	*pp_uni_name = uni_name;
+
+	return True;
+}
+
+/**********************************************************************
+ api_samr_enum_domains
+ **********************************************************************/
+
+NTSTATUS _samr_enum_domains(pipes_struct *p, SAMR_Q_ENUM_DOMAINS *q_u, SAMR_R_ENUM_DOMAINS *r_u)
+{
+	uint32 num_entries = 2;
+	fstring dom[2];
+	char *name;
+
+	r_u->status = NT_STATUS_OK;
+
+	switch (lp_server_role()) {
+	case ROLE_DOMAIN_PDC:
+	case ROLE_DOMAIN_BDC:
+		name = global_myworkgroup;
+		break;
+	default:
+		name = global_myname;
+	}
+
+	fstrcpy(dom[0],name);
+	strupper(dom[0]);
+	fstrcpy(dom[1],"Builtin");
+
+	if (!make_enum_domains(p->mem_ctx, &r_u->sam, &r_u->uni_dom_name, num_entries, dom))
+		return NT_STATUS_NO_MEMORY;
+
+	init_samr_r_enum_domains(r_u, q_u->start_idx + num_entries, num_entries);
+
+	return r_u->status;
+}
+
+/*******************************************************************
+ api_samr_open_alias
+ ********************************************************************/
+
+NTSTATUS _api_samr_open_alias(pipes_struct *p, SAMR_Q_OPEN_ALIAS *q_u, SAMR_R_OPEN_ALIAS *r_u)
+{
+	DOM_SID sid;
+	POLICY_HND domain_pol = q_u->dom_pol;
+	uint32 alias_rid = q_u->rid_alias;
+	POLICY_HND *alias_pol = &r_u->pol;
+	struct samr_info *info = NULL;
+
+	r_u->status = NT_STATUS_OK;
+
+	/* get the domain policy. */
+	if (!find_policy_by_hnd(p, &domain_pol, NULL))
+		return NT_STATUS_INVALID_HANDLE;
+
+	/* Get the domain SID stored in the domain policy */
+	if(!get_lsa_policy_samr_sid(p, &domain_pol, &sid))
+		return NT_STATUS_INVALID_HANDLE;
+
+	/* append the alias' RID to it */
+	if(!sid_append_rid(&sid, alias_rid))
+		return NT_STATUS_NO_SUCH_USER;
+
+	/*
+	 * we should check if the rid really exist !!!
+	 * JFM.
+	 */
+
+	/* associate the user's SID with the new handle. */
+	if ((info = get_samr_info_by_sid(&sid)) == NULL)
+		return NT_STATUS_NO_MEMORY;
+
+	/* get a (unique) handle.  open a policy on it. */
+	if (!create_policy_hnd(p, alias_pol, free_samr_info, (void *)info))
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+
+	return r_u->status;
+}
+
+/*******************************************************************
+ set_user_info_10
+ ********************************************************************/
+
+static BOOL set_user_info_10(const SAM_USER_INFO_10 *id10, uint32 rid)
+{
+	SAM_ACCOUNT *pwd =NULL;
+	BOOL ret;
+	
+	pdb_init_sam(&pwd);
+	
+	ret = pdb_getsampwrid(pwd, rid);
+	
+	if(ret==False) {
+		pdb_free_sam(&pwd);
+		return False;
+	}
+
+	if (id10 == NULL) {
+		DEBUG(5, ("set_user_info_10: NULL id10\n"));
+		pdb_free_sam(&pwd);
+		return False;
+	}
+
+	if (!pdb_set_acct_ctrl(pwd, id10->acb_info)) {
+		pdb_free_sam(&pwd);
+		return False;
+	}
+
+	if(!pdb_update_sam_account(pwd)) {
+		pdb_free_sam(&pwd);
+		return False;
+	}
+
+	pdb_free_sam(&pwd);
+
+	return True;
+}
+
+/*******************************************************************
+ set_user_info_12
+ ********************************************************************/
+
+static BOOL set_user_info_12(SAM_USER_INFO_12 *id12, uint32 rid)
+{
+	SAM_ACCOUNT *pwd = NULL;
+
+	pdb_init_sam(&pwd);
+
+	if(!pdb_getsampwrid(pwd, rid)) {
+		pdb_free_sam(&pwd);
+		return False;
+	}
+
+	if (id12 == NULL) {
+		DEBUG(2, ("set_user_info_12: id12 is NULL\n"));
+		pdb_free_sam(&pwd);
+		return False;
+	}
+ 
+	if (!pdb_set_lanman_passwd (pwd, id12->lm_pwd)) {
+		pdb_free_sam(&pwd);
+		return False;
+	}
+	if (!pdb_set_nt_passwd     (pwd, id12->nt_pwd)) {
+		pdb_free_sam(&pwd);
+		return False;
+	}
+ 	if (!pdb_set_pass_changed_now (pwd)) {
+		pdb_free_sam(&pwd);
+		return False; 
+	}
+ 
+	if(!pdb_update_sam_account(pwd)) {
+		pdb_free_sam(&pwd);
+		return False;
+ 	}
+
+	pdb_free_sam(&pwd);
+	return True;
+}
+
+/*******************************************************************
+ set_user_info_21
+ ********************************************************************/
+
+static BOOL set_user_info_21(SAM_USER_INFO_21 *id21, uint32 rid)
+{
+	SAM_ACCOUNT *pwd = NULL;
+ 
+	if (id21 == NULL) {
+		DEBUG(5, ("set_user_info_21: NULL id21\n"));
+		return False;
+	}
+ 
+	pdb_init_sam(&pwd);
+ 
+	if (!pdb_getsampwrid(pwd, rid)) {
+		pdb_free_sam(&pwd);
+		return False;
+	}
+ 
+	copy_id21_to_sam_passwd(pwd, id21);
+ 
+	/*
+	 * The funny part about the previous two calls is
+	 * that pwd still has the password hashes from the
+	 * passdb entry.  These have not been updated from
+	 * id21.  I don't know if they need to be set.    --jerry
+	 */
+ 
+	/* write the change out */
+	if(!pdb_update_sam_account(pwd)) {
+		pdb_free_sam(&pwd);
+		return False;
+ 	}
+
+	pdb_free_sam(&pwd);
+
+	return True;
+}
+
+/*******************************************************************
+ set_user_info_23
+ ********************************************************************/
+
+static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, uint32 rid)
+{
+	SAM_ACCOUNT *pwd = NULL;
+	pstring plaintext_buf;
+	uint32 len;
+	uint16 acct_ctrl;
+ 
+	if (id23 == NULL) {
+		DEBUG(5, ("set_user_info_23: NULL id23\n"));
+		return False;
+	}
+ 
+ 	pdb_init_sam(&pwd);
+ 
+	if (!pdb_getsampwrid(pwd, rid)) {
+		pdb_free_sam(&pwd);
+		return False;
+ 	}
+
+	DEBUG(5, ("Attempting administrator password change (level 23) for user %s\n",
+		  pdb_get_username(pwd)));
+
+	acct_ctrl = pdb_get_acct_ctrl(pwd);
+
+	copy_id23_to_sam_passwd(pwd, id23);
+ 
+	if (!decode_pw_buffer((char*)id23->pass, plaintext_buf, 256, &len)) {
+		pdb_free_sam(&pwd);
+		return False;
+ 	}
+  
+	if (!pdb_set_plaintext_passwd (pwd, plaintext_buf)) {
+		pdb_free_sam(&pwd);
+		return False;
+	}
+ 
+	/* if it's a trust account, don't update /etc/passwd */
+	if ( (!IS_SAM_UNIX_USER(pwd)) ||
+		( (acct_ctrl &  ACB_DOMTRUST) == ACB_DOMTRUST ) ||
+		( (acct_ctrl &  ACB_WSTRUST) ==  ACB_WSTRUST) ||
+		( (acct_ctrl &  ACB_SVRTRUST) ==  ACB_SVRTRUST) ) {
+		DEBUG(5, ("Changing trust account or non-unix-user password, not updating /etc/passwd\n"));
+	} else  {
+		/* update the UNIX password */
+		if (lp_unix_password_sync() )
+			if(!chgpasswd(pdb_get_username(pwd), "", plaintext_buf, True)) {
+				pdb_free_sam(&pwd);
+				return False;
+			}
+	}
+ 
+	ZERO_STRUCT(plaintext_buf);
+ 
+	if(!pdb_update_sam_account(pwd)) {
+		pdb_free_sam(&pwd);
+		return False;
+	}
+ 
+	pdb_free_sam(&pwd);
+
+	return True;
+}
+
+/*******************************************************************
+ set_user_info_pw
+ ********************************************************************/
+
+static BOOL set_user_info_pw(char *pass, uint32 rid)
+{
+	SAM_ACCOUNT *pwd = NULL;
+	uint32 len;
+	pstring plaintext_buf;
+	uint16 acct_ctrl;
+ 
+ 	pdb_init_sam(&pwd);
+ 
+	if (!pdb_getsampwrid(pwd, rid)) {
+		pdb_free_sam(&pwd);
+		return False;
+ 	}
+	
+	DEBUG(5, ("Attempting administrator password change for user %s\n",
+		  pdb_get_username(pwd)));
+
+	acct_ctrl = pdb_get_acct_ctrl(pwd);
+
+	ZERO_STRUCT(plaintext_buf);
+ 
+	if (!decode_pw_buffer(pass, plaintext_buf, 256, &len)) {
+		pdb_free_sam(&pwd);
+		return False;
+ 	}
+
+	if (!pdb_set_plaintext_passwd (pwd, plaintext_buf)) {
+		pdb_free_sam(&pwd);
+		return False;
+	}
+ 
+	/* if it's a trust account, don't update /etc/passwd */
+	if ( (!IS_SAM_UNIX_USER(pwd)) ||
+		( (acct_ctrl &  ACB_DOMTRUST) == ACB_DOMTRUST ) ||
+		( (acct_ctrl &  ACB_WSTRUST) ==  ACB_WSTRUST) ||
+		( (acct_ctrl &  ACB_SVRTRUST) ==  ACB_SVRTRUST) ) {
+		DEBUG(5, ("Changing trust account or non-unix-user password, not updating /etc/passwd\n"));
+	} else {
+		/* update the UNIX password */
+		if (lp_unix_password_sync()) {
+			if(!chgpasswd(pdb_get_username(pwd), "", plaintext_buf, True)) {
+				pdb_free_sam(&pwd);
+				return False;
+			}
+		}
+	}
+ 
+	ZERO_STRUCT(plaintext_buf);
+ 
+	DEBUG(5,("set_user_info_pw: pdb_update_pwd()\n"));
+ 
+	/* update the SAMBA password */
+	if(!pdb_update_sam_account(pwd)) {
+		pdb_free_sam(&pwd);
+		return False;
+ 	}
+
+	pdb_free_sam(&pwd);
+
+	return True;
+}
+
+/*******************************************************************
+ samr_reply_set_userinfo
+ ********************************************************************/
+
+NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SET_USERINFO *r_u)
+{
+	uint32 rid = 0x0;
+	DOM_SID sid;
+	POLICY_HND *pol = &q_u->pol;
+	uint16 switch_value = q_u->switch_value;
+	SAM_USERINFO_CTR *ctr = q_u->ctr;
+
+	DEBUG(5, ("_samr_set_userinfo: %d\n", __LINE__));
+
+	r_u->status = NT_STATUS_OK;
+
+	/* find the policy handle.  open a policy on it. */
+	if (!get_lsa_policy_samr_sid(p, pol, &sid))
+		return NT_STATUS_INVALID_HANDLE;
+
+	sid_split_rid(&sid, &rid);
+
+	DEBUG(5, ("_samr_set_userinfo: rid:0x%x, level:%d\n", rid, switch_value));
+
+	if (ctr == NULL) {
+		DEBUG(5, ("_samr_set_userinfo: NULL info level\n"));
+		return NT_STATUS_INVALID_INFO_CLASS;
+	}
+
+	/* ok!  user info levels (lots: see MSDEV help), off we go... */
+	switch (switch_value) {
+		case 0x12:
+			if (!set_user_info_12(ctr->info.id12, rid))
+				return NT_STATUS_ACCESS_DENIED;
+			break;
+
+		case 24:
+			SamOEMhash(ctr->info.id24->pass, p->session_key, 516);
+
+			dump_data(100, (char *)ctr->info.id24->pass, 516);
+
+			if (!set_user_info_pw((char *)ctr->info.id24->pass, rid))
+				return NT_STATUS_ACCESS_DENIED;
+			break;
+
+		case 25:
+#if 0
+			/*
+			 * Currently we don't really know how to unmarshall
+			 * the level 25 struct, and the password encryption
+			 * is different. This is a placeholder for when we
+			 * do understand it. In the meantime just return INVALID
+			 * info level and W2K SP2 drops down to level 23... JRA.
+			 */
+
+			SamOEMhash(ctr->info.id25->pass, p->session_key, 532);
+
+			dump_data(100, (char *)ctr->info.id25->pass, 532);
+
+			if (!set_user_info_pw(ctr->info.id25->pass, rid))
+				return NT_STATUS_ACCESS_DENIED;
+			break;
+#endif
+			return NT_STATUS_INVALID_INFO_CLASS;
+
+		case 23:
+			SamOEMhash(ctr->info.id23->pass, p->session_key, 516);
+
+			dump_data(100, (char *)ctr->info.id23->pass, 516);
+
+			if (!set_user_info_23(ctr->info.id23, rid))
+				return NT_STATUS_ACCESS_DENIED;
+			break;
+
+		default:
+			return NT_STATUS_INVALID_INFO_CLASS;
+	}
+
+	return r_u->status;
+}
+
+/*******************************************************************
+ samr_reply_set_userinfo2
+ ********************************************************************/
+
+NTSTATUS _samr_set_userinfo2(pipes_struct *p, SAMR_Q_SET_USERINFO2 *q_u, SAMR_R_SET_USERINFO2 *r_u)
+{
+	DOM_SID sid;
+	uint32 rid = 0x0;
+	SAM_USERINFO_CTR *ctr = q_u->ctr;
+	POLICY_HND *pol = &q_u->pol;
+	uint16 switch_value = q_u->switch_value;
+
+	DEBUG(5, ("samr_reply_set_userinfo2: %d\n", __LINE__));
+
+	r_u->status = NT_STATUS_OK;
+
+	/* find the policy handle.  open a policy on it. */
+	if (!get_lsa_policy_samr_sid(p, pol, &sid))
+		return NT_STATUS_INVALID_HANDLE;
+
+	sid_split_rid(&sid, &rid);
+
+	DEBUG(5, ("samr_reply_set_userinfo2: rid:0x%x\n", rid));
+
+	if (ctr == NULL) {
+		DEBUG(5, ("samr_reply_set_userinfo2: NULL info level\n"));
+		return NT_STATUS_INVALID_INFO_CLASS;
+	}
+
+	switch_value=ctr->switch_value;
+
+	/* ok!  user info levels (lots: see MSDEV help), off we go... */
+	switch (switch_value) {
+		case 21:
+			if (!set_user_info_21(ctr->info.id21, rid))
+				return NT_STATUS_ACCESS_DENIED;
+			break;
+		case 16:
+			if (!set_user_info_10(ctr->info.id10, rid))
+				return NT_STATUS_ACCESS_DENIED;
+			break;
+		case 18:
+			/* Used by AS/U JRA. */
+			if (!set_user_info_12(ctr->info.id12, rid))
+				return NT_STATUS_ACCESS_DENIED;
+			break;
+		default:
+			return NT_STATUS_INVALID_INFO_CLASS;
+	}
+
+	return r_u->status;
+}
+
+/*********************************************************************
+ _samr_query_aliasmem
+*********************************************************************/
+
+NTSTATUS _samr_query_useraliases(pipes_struct *p, SAMR_Q_QUERY_USERALIASES *q_u, SAMR_R_QUERY_USERALIASES *r_u)
+{
+	int num_groups = 0, tmp_num_groups=0;
+	uint32 *rids=NULL, *new_rids=NULL, *tmp_rids=NULL;
+	struct samr_info *info = NULL;
+	int i,j;
+	/* until i see a real useraliases query, we fack one up */
+
+	/* I have seen one, JFM 2/12/2001 */
+	/*
+	 * Explanation of what this call does:
+	 * for all the SID given in the request:
+	 * return a list of alias (local groups)
+	 * that have those SID as members.
+	 *
+	 * and that's the alias in the domain specified
+	 * in the policy_handle
+	 *
+	 * if the policy handle is on an incorrect sid
+	 * for example a user's sid
+	 * we should reply NT_STATUS_OBJECT_TYPE_MISMATCH
+	 */
+	
+	r_u->status = NT_STATUS_OK;
+
+	DEBUG(5,("_samr_query_useraliases: %d\n", __LINE__));
+
+	/* find the policy handle.  open a policy on it. */
+	if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
+		return NT_STATUS_INVALID_HANDLE;
+
+	if (!sid_check_is_domain(&info->sid) &&
+	    !sid_check_is_builtin(&info->sid))
+		return NT_STATUS_OBJECT_TYPE_MISMATCH;
+
+
+	for (i=0; i<q_u->num_sids1; i++) {
+
+		r_u->status=get_alias_user_groups(p->mem_ctx, &info->sid, &tmp_num_groups, &tmp_rids, &(q_u->sid[i].sid));
+
+		/*
+		 * if there is an error, we just continue as
+		 * it can be an unfound user or group
+		 */
+		if (NT_STATUS_IS_ERR(r_u->status)) {
+			DEBUG(10,("_samr_query_useraliases: an error occured while getting groups\n"));
+			continue;
+		}
+
+		if (tmp_num_groups==0) {
+			DEBUG(10,("_samr_query_useraliases: no groups found\n"));
+			continue;
+		}
+
+		new_rids=(uint32 *)talloc_realloc(p->mem_ctx, rids, (num_groups+tmp_num_groups)*sizeof(uint32));
+		if (new_rids==NULL) {
+			DEBUG(0,("_samr_query_useraliases: could not realloc memory\n"));
+			return NT_STATUS_NO_MEMORY;
+		}
+		rids=new_rids;
+
+		for (j=0; j<tmp_num_groups; j++)
+			rids[j+num_groups]=tmp_rids[j];
+		
+		safe_free(tmp_rids);
+		
+		num_groups+=tmp_num_groups;
+	}
+	
+	init_samr_r_query_useraliases(r_u, num_groups, rids, NT_STATUS_OK);
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ _samr_query_aliasmem
+*********************************************************************/
+
+NTSTATUS _samr_query_aliasmem(pipes_struct *p, SAMR_Q_QUERY_ALIASMEM *q_u, SAMR_R_QUERY_ALIASMEM *r_u)
+{
+	int i;
+
+	GROUP_MAP map;
+	int num_uids = 0;
+	DOM_SID2 *sid;
+	uid_t *uid=NULL;
+
+	DOM_SID alias_sid;
+	DOM_SID als_sid;
+	uint32 alias_rid;
+	fstring alias_sid_str;
+	DOM_SID temp_sid;
+
+	SAM_ACCOUNT *sam_user = NULL;
+	BOOL check;
+
+	/* find the policy handle.  open a policy on it. */
+	if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid)) 
+		return NT_STATUS_INVALID_HANDLE;
+
+	sid_copy(&als_sid, &alias_sid);
+	sid_to_string(alias_sid_str, &alias_sid);
+	sid_split_rid(&alias_sid, &alias_rid);
+
+	DEBUG(10, ("sid is %s\n", alias_sid_str));
+
+	if (sid_equal(&alias_sid, &global_sid_Builtin)) {
+		DEBUG(10, ("lookup on Builtin SID (S-1-5-32)\n"));
+		if(!get_local_group_from_sid(als_sid, &map, MAPPING_WITHOUT_PRIV))
+			return NT_STATUS_NO_SUCH_ALIAS;
+	} else {
+		if (sid_equal(&alias_sid, &global_sam_sid)) {
+			DEBUG(10, ("lookup on Server SID\n"));
+			if(!get_local_group_from_sid(als_sid, &map, MAPPING_WITHOUT_PRIV))
+				return NT_STATUS_NO_SUCH_ALIAS;
+		}
+	}
+
+	if(!get_uid_list_of_group(map.gid, &uid, &num_uids))
+		return NT_STATUS_NO_SUCH_ALIAS;
+
+	DEBUG(10, ("sid is %s\n", alias_sid_str));
+	sid = (DOM_SID2 *)talloc_zero(p->mem_ctx, sizeof(DOM_SID2) * num_uids);	
+	if (num_uids!=0 && sid == NULL) 
+		return NT_STATUS_NO_MEMORY;
+
+	for (i = 0; i < num_uids; i++) {
+		struct passwd *pass;
+		uint32 rid;
+
+		sid_copy(&temp_sid, &global_sam_sid);
+
+		pass = getpwuid_alloc(uid[i]);
+		if (!pass) continue;
+
+		if (NT_STATUS_IS_ERR(pdb_init_sam(&sam_user))) {
+			passwd_free(&pass);
+			continue;
+		}
+
+		become_root();
+		check = pdb_getsampwnam(sam_user, pass->pw_name);
+		unbecome_root();
+	
+		if (check != True) {
+			pdb_free_sam(&sam_user);
+			passwd_free(&pass);
+			continue;
+		}
+	
+		rid = pdb_get_user_rid(sam_user);
+		if (rid == 0) {
+			pdb_free_sam(&sam_user);
+			passwd_free(&pass);
+			continue;
+		}
+
+		pdb_free_sam(&sam_user);
+		passwd_free(&pass);
+
+		sid_append_rid(&temp_sid, rid);
+		
+		init_dom_sid2(&sid[i], &temp_sid);
+	}
+
+	DEBUG(10, ("sid is %s\n", alias_sid_str));
+	init_samr_r_query_aliasmem(r_u, num_uids, sid, NT_STATUS_OK);
+
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ _samr_query_groupmem
+*********************************************************************/
+
+NTSTATUS _samr_query_groupmem(pipes_struct *p, SAMR_Q_QUERY_GROUPMEM *q_u, SAMR_R_QUERY_GROUPMEM *r_u)
+{
+	int num_uids = 0;
+	int i;
+	DOM_SID group_sid;
+	uint32 group_rid;
+	fstring group_sid_str;
+	uid_t *uid=NULL;
+	
+	GROUP_MAP map;
+
+	uint32 *rid=NULL;
+	uint32 *attr=NULL;
+
+	SAM_ACCOUNT *sam_user = NULL;
+	BOOL check;
+
+
+	/* find the policy handle.  open a policy on it. */
+	if (!get_lsa_policy_samr_sid(p, &q_u->group_pol, &group_sid)) 
+		return NT_STATUS_INVALID_HANDLE;
+
+	/* todo: change to use sid_compare_front */
+
+	sid_split_rid(&group_sid, &group_rid);
+	sid_to_string(group_sid_str, &group_sid);
+	DEBUG(10, ("sid is %s\n", group_sid_str));
+
+	/* can we get a query for an SID outside our domain ? */
+	if (!sid_equal(&group_sid, &global_sam_sid))
+		return NT_STATUS_NO_SUCH_GROUP;
+
+	sid_append_rid(&group_sid, group_rid);
+	DEBUG(10, ("lookup on Domain SID\n"));
+
+	if(!get_domain_group_from_sid(group_sid, &map, MAPPING_WITHOUT_PRIV))
+		return NT_STATUS_NO_SUCH_GROUP;
+
+	if(!get_uid_list_of_group(map.gid, &uid, &num_uids))
+		return NT_STATUS_NO_SUCH_GROUP;
+
+	rid=talloc_zero(p->mem_ctx, sizeof(uint32)*num_uids);
+	attr=talloc_zero(p->mem_ctx, sizeof(uint32)*num_uids);
+	
+	if (num_uids!=0 && (rid==NULL || attr==NULL))
+		return NT_STATUS_NO_MEMORY;
+	
+	for (i=0; i<num_uids; i++) {
+		struct passwd *pass;
+		uint32 urid;
+
+		pass = getpwuid_alloc(uid[i]);
+		if (!pass) continue;
+
+		if (NT_STATUS_IS_ERR(pdb_init_sam(&sam_user))) {
+			passwd_free(&pass);
+			continue;
+		}
+
+		become_root();
+		check = pdb_getsampwnam(sam_user, pass->pw_name);
+		unbecome_root();
+	
+		if (check != True) {
+			pdb_free_sam(&sam_user);
+			passwd_free(&pass);
+			continue;
+		}
+	
+		urid = pdb_get_user_rid(sam_user);
+		if (urid == 0) {
+			pdb_free_sam(&sam_user);
+			passwd_free(&pass);
+			continue;
+		}
+
+		pdb_free_sam(&sam_user);
+		passwd_free(&pass);
+
+		rid[i] = urid;
+		attr[i] = SID_NAME_USER;		
+	}
+
+	init_samr_r_query_groupmem(r_u, num_uids, rid, attr, NT_STATUS_OK);
+
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ _samr_add_aliasmem
+*********************************************************************/
+
+NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_ADD_ALIASMEM *r_u)
+{
+	DOM_SID alias_sid;
+	fstring alias_sid_str;
+	uid_t uid;
+	struct passwd *pwd;
+	struct group *grp;
+	fstring grp_name;
+	uint32 rid;
+	GROUP_MAP map;
+	NTSTATUS ret;
+	SAM_ACCOUNT *sam_user = NULL;
+	BOOL check;
+
+	/* Find the policy handle. Open a policy on it. */
+	if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid)) 
+		return NT_STATUS_INVALID_HANDLE;
+
+	sid_to_string(alias_sid_str, &alias_sid);
+	DEBUG(10, ("sid is %s\n", alias_sid_str));
+
+	if (sid_compare(&alias_sid, &global_sam_sid)>0) {
+		DEBUG(10, ("adding member on Server SID\n"));
+		if(!get_local_group_from_sid(alias_sid, &map, MAPPING_WITHOUT_PRIV))
+			return NT_STATUS_NO_SUCH_ALIAS;
+	
+	} else {
+		if (sid_compare(&alias_sid, &global_sid_Builtin)>0) {
+			DEBUG(10, ("adding member on BUILTIN SID\n"));
+			if( !get_local_group_from_sid(alias_sid, &map, MAPPING_WITHOUT_PRIV))
+				return NT_STATUS_NO_SUCH_ALIAS;
+
+		} else
+			return NT_STATUS_NO_SUCH_ALIAS;
+	}
+
+	sid_split_rid(&q_u->sid.sid, &rid);
+	
+	ret = pdb_init_sam(&sam_user);
+	if (NT_STATUS_IS_ERR(ret))
+		return ret;
+	
+	check = pdb_getsampwrid(sam_user, rid);
+	
+	if (check != True) {
+		pdb_free_sam(&sam_user);
+		return NT_STATUS_NO_SUCH_USER;
+	}
+	
+	uid = pdb_get_uid(sam_user);
+	if (uid == -1) {
+		pdb_free_sam(&sam_user);
+		return NT_STATUS_NO_SUCH_USER;
+	}
+
+	pdb_free_sam(&sam_user);
+
+	if ((pwd=getpwuid(uid)) == NULL)
+		return NT_STATUS_NO_SUCH_USER;
+
+	if ((grp=getgrgid(map.gid)) == NULL)
+		return NT_STATUS_NO_SUCH_ALIAS;
+
+	/* we need to copy the name otherwise it's overloaded in user_in_group_list */
+	fstrcpy(grp_name, grp->gr_name);
+
+	/* if the user is already in the group */
+	if(user_in_group_list(pwd->pw_name, grp_name))
+		return NT_STATUS_MEMBER_IN_ALIAS;
+
+	/* 
+	 * ok, the group exist, the user exist, the user is not in the group,
+	 * we can (finally) add it to the group !
+	 */
+	smb_add_user_group(grp_name, pwd->pw_name);
+
+	/* check if the user has been added then ... */
+	if(!user_in_group_list(pwd->pw_name, grp_name))
+		return NT_STATUS_MEMBER_NOT_IN_ALIAS;	/* don't know what to reply else */
+
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ _samr_del_aliasmem
+*********************************************************************/
+
+NTSTATUS _samr_del_aliasmem(pipes_struct *p, SAMR_Q_DEL_ALIASMEM *q_u, SAMR_R_DEL_ALIASMEM *r_u)
+{
+	DOM_SID alias_sid;
+	fstring alias_sid_str;
+	struct group *grp;
+	fstring grp_name;
+	uint32 rid;
+	GROUP_MAP map;
+	SAM_ACCOUNT *sam_pass=NULL;
+
+	/* Find the policy handle. Open a policy on it. */
+	if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid)) 
+		return NT_STATUS_INVALID_HANDLE;
+
+	sid_to_string(alias_sid_str, &alias_sid);
+	DEBUG(10, ("_samr_del_aliasmem:sid is %s\n", alias_sid_str));
+
+	if (!sid_check_is_in_our_domain(&alias_sid) &&
+	    !sid_check_is_in_builtin(&alias_sid)) {
+		DEBUG(10, ("_samr_del_aliasmem:invalid alias group\n"));
+		return NT_STATUS_NO_SUCH_ALIAS;
+	}
+
+	if( !get_local_group_from_sid(alias_sid, &map, MAPPING_WITHOUT_PRIV))
+		return NT_STATUS_NO_SUCH_ALIAS;
+
+	if ((grp=getgrgid(map.gid)) == NULL)
+		return NT_STATUS_NO_SUCH_ALIAS;
+
+	/* we need to copy the name otherwise it's overloaded in user_in_group_list */
+	fstrcpy(grp_name, grp->gr_name);
+
+	sid_peek_rid(&q_u->sid.sid, &rid);
+
+	/* check if the user exists before trying to remove it from the group */
+	pdb_init_sam(&sam_pass);
+	if(!pdb_getsampwrid(sam_pass, rid)) {
+		DEBUG(5,("_samr_del_aliasmem:User %s doesn't exist.\n", pdb_get_username(sam_pass)));
+		pdb_free_sam(&sam_pass);
+		return NT_STATUS_NO_SUCH_USER;
+	}
+
+	/* if the user is not in the group */
+	if(!user_in_group_list(pdb_get_username(sam_pass), grp_name)) {
+		pdb_free_sam(&sam_pass);
+		return NT_STATUS_MEMBER_IN_ALIAS;
+	}
+
+	smb_delete_user_group(grp_name, pdb_get_username(sam_pass));
+
+	/* check if the user has been removed then ... */
+	if(user_in_group_list(pdb_get_username(sam_pass), grp_name)) {
+		pdb_free_sam(&sam_pass);
+		return NT_STATUS_MEMBER_NOT_IN_ALIAS;	/* don't know what to reply else */
+	}
+
+	pdb_free_sam(&sam_pass);
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ _samr_add_groupmem
+*********************************************************************/
+
+NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_ADD_GROUPMEM *r_u)
+{
+	DOM_SID group_sid;
+	fstring group_sid_str;
+	struct passwd *pwd;
+	struct group *grp;
+	fstring grp_name;
+	GROUP_MAP map;
+	uid_t uid;
+	NTSTATUS ret;
+	SAM_ACCOUNT *sam_user;
+	BOOL check;
+
+	/* Find the policy handle. Open a policy on it. */
+	if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid)) 
+		return NT_STATUS_INVALID_HANDLE;
+
+	sid_to_string(group_sid_str, &group_sid);
+	DEBUG(10, ("sid is %s\n", group_sid_str));
+
+	if (sid_compare(&group_sid, &global_sam_sid)<=0)
+		return NT_STATUS_NO_SUCH_GROUP;
+
+	DEBUG(10, ("lookup on Domain SID\n"));
+
+	if(!get_domain_group_from_sid(group_sid, &map, MAPPING_WITHOUT_PRIV))
+		return NT_STATUS_NO_SUCH_GROUP;
+
+	ret = pdb_init_sam(&sam_user);
+	if (NT_STATUS_IS_ERR(ret))
+		return ret;
+	
+	check = pdb_getsampwrid(sam_user, q_u->rid);
+	
+	if (check != True) {
+		pdb_free_sam(&sam_user);
+		return NT_STATUS_NO_SUCH_USER;
+	}
+	
+	uid = pdb_get_uid(sam_user);
+	if (uid == -1) {
+		pdb_free_sam(&sam_user);
+		return NT_STATUS_NO_SUCH_USER;
+	}
+
+	pdb_free_sam(&sam_user);
+
+	if ((pwd=getpwuid(uid)) == NULL)
+		return NT_STATUS_NO_SUCH_USER;
+
+	if ((grp=getgrgid(map.gid)) == NULL)
+		return NT_STATUS_NO_SUCH_GROUP;
+
+	/* we need to copy the name otherwise it's overloaded in user_in_group_list */
+	fstrcpy(grp_name, grp->gr_name);
+
+	/* if the user is already in the group */
+	if(user_in_group_list(pwd->pw_name, grp_name))
+		return NT_STATUS_MEMBER_IN_GROUP;
+
+	/* 
+	 * ok, the group exist, the user exist, the user is not in the group,
+	 *
+	 * we can (finally) add it to the group !
+	 */
+
+	smb_add_user_group(grp_name, pwd->pw_name);
+
+	/* check if the user has been added then ... */
+	if(!user_in_group_list(pwd->pw_name, grp_name))
+		return NT_STATUS_MEMBER_NOT_IN_GROUP;		/* don't know what to reply else */
+
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ _samr_del_groupmem
+*********************************************************************/
+
+NTSTATUS _samr_del_groupmem(pipes_struct *p, SAMR_Q_DEL_GROUPMEM *q_u, SAMR_R_DEL_GROUPMEM *r_u)
+{
+	DOM_SID group_sid;
+	SAM_ACCOUNT *sam_pass=NULL;
+	uint32 rid;
+	GROUP_MAP map;
+	fstring grp_name;
+	struct group *grp;
+
+	/*
+	 * delete the group member named q_u->rid
+	 * who is a member of the sid associated with the handle
+	 * the rid is a user's rid as the group is a domain group.
+	 */
+
+	/* Find the policy handle. Open a policy on it. */
+	if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid)) 
+		return NT_STATUS_INVALID_HANDLE;
+
+	if(!sid_check_is_in_our_domain(&group_sid))
+		return NT_STATUS_NO_SUCH_GROUP;
+
+	rid=q_u->rid;
+
+	if(!get_domain_group_from_sid(group_sid, &map, MAPPING_WITHOUT_PRIV))
+		return NT_STATUS_NO_SUCH_GROUP;
+
+	if ((grp=getgrgid(map.gid)) == NULL)
+		return NT_STATUS_NO_SUCH_GROUP;
+
+	/* we need to copy the name otherwise it's overloaded in user_in_group_list */
+	fstrcpy(grp_name, grp->gr_name);
+
+	/* check if the user exists before trying to remove it from the group */
+	pdb_init_sam(&sam_pass);
+	if(!pdb_getsampwrid(sam_pass, rid)) {
+		DEBUG(5,("User %s doesn't exist.\n", pdb_get_username(sam_pass)));
+		pdb_free_sam(&sam_pass);
+		return NT_STATUS_NO_SUCH_USER;
+	}
+
+	/* if the user is not in the group */
+	if(!user_in_group_list(pdb_get_username(sam_pass), grp_name)) {
+		pdb_free_sam(&sam_pass);
+		return NT_STATUS_MEMBER_NOT_IN_GROUP;
+	}
+
+	smb_delete_user_group(grp_name, pdb_get_username(sam_pass));
+
+	/* check if the user has been removed then ... */
+	if(user_in_group_list(pdb_get_username(sam_pass), grp_name)) {
+		pdb_free_sam(&sam_pass);
+		return NT_STATUS_ACCESS_DENIED;		/* don't know what to reply else */
+	}
+	
+	pdb_free_sam(&sam_pass);
+	return NT_STATUS_OK;
+
+}
+
+/*********************************************************************
+ _samr_delete_dom_user
+*********************************************************************/
+
+NTSTATUS _samr_delete_dom_user(pipes_struct *p, SAMR_Q_DELETE_DOM_USER *q_u, SAMR_R_DELETE_DOM_USER *r_u )
+{
+	DOM_SID user_sid;
+	SAM_ACCOUNT *sam_pass=NULL;
+	uint32 rid;
+
+	DEBUG(5, ("_samr_delete_dom_user: %d\n", __LINE__));
+
+	/* Find the policy handle. Open a policy on it. */
+	if (!get_lsa_policy_samr_sid(p, &q_u->user_pol, &user_sid)) 
+		return NT_STATUS_INVALID_HANDLE;
+
+	if (!sid_check_is_in_our_domain(&user_sid))
+		return NT_STATUS_CANNOT_DELETE;
+
+	sid_peek_rid(&user_sid, &rid);
+
+	/* check if the user exists before trying to delete */
+	pdb_init_sam(&sam_pass);
+	if(!pdb_getsampwrid(sam_pass, rid)) {
+		DEBUG(5,("_samr_delete_dom_user:User %s doesn't exist.\n", pdb_get_username(sam_pass)));
+		pdb_free_sam(&sam_pass);
+		return NT_STATUS_NO_SUCH_USER;
+	}
+
+	/* delete the unix side */
+	/*
+	 * note: we don't check if the delete really happened
+	 * as the script is not necessary present
+	 * and maybe the sysadmin doesn't want to delete the unix side
+	 */
+	smb_delete_user(pdb_get_username(sam_pass));
+
+	/* and delete the samba side */
+	if (!pdb_delete_sam_account(sam_pass)) {
+		DEBUG(5,("_samr_delete_dom_user:Failed to delete entry for user %s.\n", pdb_get_username(sam_pass)));
+		pdb_free_sam(&sam_pass);
+		return NT_STATUS_CANNOT_DELETE;
+	}
+	
+	pdb_free_sam(&sam_pass);
+
+	if (!close_policy_hnd(p, &q_u->user_pol))
+		return NT_STATUS_OBJECT_NAME_INVALID;
+
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ _samr_delete_dom_group
+*********************************************************************/
+
+NTSTATUS _samr_delete_dom_group(pipes_struct *p, SAMR_Q_DELETE_DOM_GROUP *q_u, SAMR_R_DELETE_DOM_GROUP *r_u)
+{
+	DOM_SID group_sid;
+	DOM_SID dom_sid;
+	uint32 group_rid;
+	fstring group_sid_str;
+	gid_t gid;
+	struct group *grp;
+	GROUP_MAP map;
+
+	DEBUG(5, ("samr_delete_dom_group: %d\n", __LINE__));
+
+	/* Find the policy handle. Open a policy on it. */
+	if (!get_lsa_policy_samr_sid(p, &q_u->group_pol, &group_sid)) 
+		return NT_STATUS_INVALID_HANDLE;
+
+	sid_copy(&dom_sid, &group_sid);
+	sid_to_string(group_sid_str, &dom_sid);
+	sid_split_rid(&dom_sid, &group_rid);
+
+	DEBUG(10, ("sid is %s\n", group_sid_str));
+
+	/* we check if it's our SID before deleting */
+	if (!sid_equal(&dom_sid, &global_sam_sid))
+		return NT_STATUS_NO_SUCH_GROUP;
+
+	DEBUG(10, ("lookup on Domain SID\n"));
+
+	if(!get_domain_group_from_sid(group_sid, &map, MAPPING_WITHOUT_PRIV))
+		return NT_STATUS_NO_SUCH_GROUP;
+
+	gid=map.gid;
+
+	/* check if group really exists */
+	if ( (grp=getgrgid(gid)) == NULL)
+		return NT_STATUS_NO_SUCH_GROUP;
+
+	/* we can delete the UNIX group */
+	smb_delete_group(grp->gr_name);
+
+	/* check if the group has been successfully deleted */
+	if ( (grp=getgrgid(gid)) != NULL)
+		return NT_STATUS_ACCESS_DENIED;
+
+	if(!group_map_remove(group_sid))
+		return NT_STATUS_ACCESS_DENIED;
+
+	if (!close_policy_hnd(p, &q_u->group_pol))
+		return NT_STATUS_OBJECT_NAME_INVALID;
+
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ _samr_delete_dom_alias
+*********************************************************************/
+
+NTSTATUS _samr_delete_dom_alias(pipes_struct *p, SAMR_Q_DELETE_DOM_ALIAS *q_u, SAMR_R_DELETE_DOM_ALIAS *r_u)
+{
+	DOM_SID alias_sid;
+	DOM_SID dom_sid;
+	uint32 alias_rid;
+	fstring alias_sid_str;
+	gid_t gid;
+	struct group *grp;
+	GROUP_MAP map;
+
+	DEBUG(5, ("_samr_delete_dom_alias: %d\n", __LINE__));
+
+	/* Find the policy handle. Open a policy on it. */
+	if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid)) 
+		return NT_STATUS_INVALID_HANDLE;
+
+	sid_copy(&dom_sid, &alias_sid);
+	sid_to_string(alias_sid_str, &dom_sid);
+	sid_split_rid(&dom_sid, &alias_rid);
+
+	DEBUG(10, ("sid is %s\n", alias_sid_str));
+
+	/* we check if it's our SID before deleting */
+	if (!sid_equal(&dom_sid, &global_sam_sid))
+		return NT_STATUS_NO_SUCH_ALIAS;
+
+	DEBUG(10, ("lookup on Local SID\n"));
+
+	if(!get_local_group_from_sid(alias_sid, &map, MAPPING_WITHOUT_PRIV))
+		return NT_STATUS_NO_SUCH_ALIAS;
+
+	gid=map.gid;
+
+	/* check if group really exists */
+	if ( (grp=getgrgid(gid)) == NULL)
+		return NT_STATUS_NO_SUCH_ALIAS;
+
+	/* we can delete the UNIX group */
+	smb_delete_group(grp->gr_name);
+
+	/* check if the group has been successfully deleted */
+	if ( (grp=getgrgid(gid)) != NULL)
+		return NT_STATUS_ACCESS_DENIED;
+
+	/* don't check if we removed it as it could be an un-mapped group */
+	group_map_remove(alias_sid);
+
+	if (!close_policy_hnd(p, &q_u->alias_pol))
+		return NT_STATUS_OBJECT_NAME_INVALID;
+
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ _samr_create_dom_group
+*********************************************************************/
+
+NTSTATUS _samr_create_dom_group(pipes_struct *p, SAMR_Q_CREATE_DOM_GROUP *q_u, SAMR_R_CREATE_DOM_GROUP *r_u)
+{
+	DOM_SID dom_sid;
+	DOM_SID info_sid;
+	fstring name;
+	fstring sid_string;
+	struct group *grp;
+	struct samr_info *info;
+	PRIVILEGE_SET priv_set;
+
+	init_privilege(&priv_set);
+
+	/* Find the policy handle. Open a policy on it. */
+	if (!get_lsa_policy_samr_sid(p, &q_u->pol, &dom_sid)) 
+		return NT_STATUS_INVALID_HANDLE;
+
+	if (!sid_equal(&dom_sid, &global_sam_sid))
+		return NT_STATUS_ACCESS_DENIED;
+
+	/* TODO: check if allowed to create group and add a become_root/unbecome_root pair.*/
+
+	unistr2_to_ascii(name, &q_u->uni_acct_desc, sizeof(name)-1);
+
+	/* check if group already exist */
+	if ((grp=getgrnam(name)) != NULL)
+		return NT_STATUS_GROUP_EXISTS;
+
+	/* we can create the UNIX group */
+	smb_create_group(name);
+
+	/* check if the group has been successfully created */
+	if ((grp=getgrnam(name)) == NULL)
+		return NT_STATUS_ACCESS_DENIED;
+
+	r_u->rid=pdb_gid_to_group_rid(grp->gr_gid);
+
+	/* add the group to the mapping table */
+	sid_copy(&info_sid, &global_sam_sid);
+	sid_append_rid(&info_sid, r_u->rid);
+	sid_to_string(sid_string, &info_sid);
+
+	if(!add_initial_entry(grp->gr_gid, sid_string, SID_NAME_DOM_GRP, name, NULL, priv_set, PR_ACCESS_FROM_NETWORK))
+		return NT_STATUS_ACCESS_DENIED;
+
+	if ((info = get_samr_info_by_sid(&info_sid)) == NULL)
+		return NT_STATUS_NO_MEMORY;
+
+	/* get a (unique) handle.  open a policy on it. */
+	if (!create_policy_hnd(p, &r_u->pol, free_samr_info, (void *)info))
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ _samr_create_dom_alias
+*********************************************************************/
+
+NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, SAMR_R_CREATE_DOM_ALIAS *r_u)
+{
+	DOM_SID dom_sid;
+	DOM_SID info_sid;
+	fstring name;
+	fstring sid_string;
+	struct group *grp;
+	struct samr_info *info;
+	PRIVILEGE_SET priv_set;
+
+	init_privilege(&priv_set);
+
+	/* Find the policy handle. Open a policy on it. */
+	if (!get_lsa_policy_samr_sid(p, &q_u->dom_pol, &dom_sid)) 
+		return NT_STATUS_INVALID_HANDLE;
+
+	if (!sid_equal(&dom_sid, &global_sam_sid))
+		return NT_STATUS_ACCESS_DENIED;
+
+	/* TODO: check if allowed to create group  and add a become_root/unbecome_root pair.*/
+
+	unistr2_to_ascii(name, &q_u->uni_acct_desc, sizeof(name)-1);
+
+	/* check if group already exists */
+	if ( (grp=getgrnam(name)) != NULL)
+		return NT_STATUS_GROUP_EXISTS;
+
+	/* we can create the UNIX group */
+	smb_create_group(name);
+
+	/* check if the group has been successfully created */
+	if ((grp=getgrnam(name)) == NULL)
+		return NT_STATUS_ACCESS_DENIED;
+
+	r_u->rid=pdb_gid_to_group_rid(grp->gr_gid);
+
+	sid_copy(&info_sid, &global_sam_sid);
+	sid_append_rid(&info_sid, r_u->rid);
+	sid_to_string(sid_string, &info_sid);
+
+	/* add the group to the mapping table */
+	if(!add_initial_entry(grp->gr_gid, sid_string, SID_NAME_ALIAS, name, NULL, priv_set, PR_ACCESS_FROM_NETWORK))
+		return NT_STATUS_ACCESS_DENIED;
+
+	if ((info = get_samr_info_by_sid(&info_sid)) == NULL)
+		return NT_STATUS_NO_MEMORY;
+
+	/* get a (unique) handle.  open a policy on it. */
+	if (!create_policy_hnd(p, &r_u->alias_pol, free_samr_info, (void *)info))
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ _samr_query_groupinfo
+
+sends the name/comment pair of a domain group
+level 1 send also the number of users of that group
+*********************************************************************/
+
+NTSTATUS _samr_query_groupinfo(pipes_struct *p, SAMR_Q_QUERY_GROUPINFO *q_u, SAMR_R_QUERY_GROUPINFO *r_u)
+{
+	DOM_SID group_sid;
+	GROUP_MAP map;
+	uid_t *uid=NULL;
+	int num_uids=0;
+	GROUP_INFO_CTR *ctr;
+
+	if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid)) 
+		return NT_STATUS_INVALID_HANDLE;
+
+	if (!get_domain_group_from_sid(group_sid, &map, MAPPING_WITHOUT_PRIV))
+		return NT_STATUS_INVALID_HANDLE;
+
+	ctr=(GROUP_INFO_CTR *)talloc_zero(p->mem_ctx, sizeof(GROUP_INFO_CTR));
+	if (ctr==NULL)
+		return NT_STATUS_NO_MEMORY;
+
+	switch (q_u->switch_level) {
+		case 1:
+			ctr->switch_value1 = 1;
+			if(!get_uid_list_of_group(map.gid, &uid, &num_uids))
+				return NT_STATUS_NO_SUCH_GROUP;
+			init_samr_group_info1(&ctr->group.info1, map.nt_name, map.comment, num_uids);
+			SAFE_FREE(uid);
+			break;
+		case 3:
+			ctr->switch_value1 = 3;
+			init_samr_group_info3(&ctr->group.info3);
+			break;
+		case 4:
+			ctr->switch_value1 = 4;
+			init_samr_group_info4(&ctr->group.info4, map.comment);
+			break;
+		default:
+			return NT_STATUS_INVALID_INFO_CLASS;
+	}
+
+	init_samr_r_query_groupinfo(r_u, ctr, NT_STATUS_OK);
+
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ _samr_set_groupinfo
+ 
+ update a domain group's comment.
+*********************************************************************/
+
+NTSTATUS _samr_set_groupinfo(pipes_struct *p, SAMR_Q_SET_GROUPINFO *q_u, SAMR_R_SET_GROUPINFO *r_u)
+{
+	DOM_SID group_sid;
+	GROUP_MAP map;
+	GROUP_INFO_CTR *ctr;
+
+	if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid)) 
+		return NT_STATUS_INVALID_HANDLE;
+
+	if (!get_domain_group_from_sid(group_sid, &map, MAPPING_WITH_PRIV))
+		return NT_STATUS_NO_SUCH_GROUP;
+	
+	ctr=q_u->ctr;
+
+	switch (ctr->switch_value1) {
+		case 1:
+			unistr2_to_ascii(map.comment, &(ctr->group.info1.uni_acct_desc), sizeof(map.comment)-1);
+			break;
+		case 4:
+			unistr2_to_ascii(map.comment, &(ctr->group.info4.uni_acct_desc), sizeof(map.comment)-1);
+			break;
+		default:
+			free_privilege(&map.priv_set);
+			return NT_STATUS_INVALID_INFO_CLASS;
+	}
+
+	if(!add_mapping_entry(&map, TDB_REPLACE)) {
+		free_privilege(&map.priv_set);
+		return NT_STATUS_NO_SUCH_GROUP;
+	}
+
+	free_privilege(&map.priv_set);
+
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ _samr_set_groupinfo
+ 
+ update a domain group's comment.
+*********************************************************************/
+
+NTSTATUS _samr_set_aliasinfo(pipes_struct *p, SAMR_Q_SET_ALIASINFO *q_u, SAMR_R_SET_ALIASINFO *r_u)
+{
+	DOM_SID group_sid;
+	GROUP_MAP map;
+	ALIAS_INFO_CTR *ctr;
+
+	if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &group_sid)) 
+		return NT_STATUS_INVALID_HANDLE;
+
+	if (!get_local_group_from_sid(group_sid, &map, MAPPING_WITH_PRIV))
+		return NT_STATUS_NO_SUCH_GROUP;
+	
+	ctr=&q_u->ctr;
+
+	switch (ctr->switch_value1) {
+		case 3:
+			unistr2_to_ascii(map.comment, &(ctr->alias.info3.uni_acct_desc), sizeof(map.comment)-1);
+			break;
+		default:
+			free_privilege(&map.priv_set);
+			return NT_STATUS_INVALID_INFO_CLASS;
+	}
+
+	if(!add_mapping_entry(&map, TDB_REPLACE)) {
+		free_privilege(&map.priv_set);
+		return NT_STATUS_NO_SUCH_GROUP;
+	}
+
+	free_privilege(&map.priv_set);
+
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ _samr_get_dom_pwinfo
+*********************************************************************/
+
+NTSTATUS _samr_get_dom_pwinfo(pipes_struct *p, SAMR_Q_GET_DOM_PWINFO *q_u, SAMR_R_GET_DOM_PWINFO *r_u)
+{
+	/* Actually, returning zeros here works quite well :-). */
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ _samr_open_group
+*********************************************************************/
+
+NTSTATUS _samr_open_group(pipes_struct *p, SAMR_Q_OPEN_GROUP *q_u, SAMR_R_OPEN_GROUP *r_u)
+{
+	DOM_SID sid;
+	DOM_SID info_sid;
+	GROUP_MAP map;
+	struct samr_info *info;
+	fstring sid_string;
+
+	if (!get_lsa_policy_samr_sid(p, &q_u->domain_pol, &sid)) 
+		return NT_STATUS_INVALID_HANDLE;
+
+	/* this should not be hard-coded like this */
+	if (!sid_equal(&sid, &global_sam_sid))
+		return NT_STATUS_ACCESS_DENIED;
+
+	sid_copy(&info_sid, &global_sam_sid);
+	sid_append_rid(&info_sid, q_u->rid_group);
+	sid_to_string(sid_string, &info_sid);
+
+	if ((info = get_samr_info_by_sid(&info_sid)) == NULL)
+		return NT_STATUS_NO_MEMORY;
+
+	DEBUG(10, ("_samr_open_group:Opening SID: %s\n", sid_string));
+
+	/* check if that group really exists */
+	if (!get_domain_group_from_sid(info->sid, &map, MAPPING_WITHOUT_PRIV))
+		return NT_STATUS_NO_SUCH_GROUP;
+
+	/* get a (unique) handle.  open a policy on it. */
+	if (!create_policy_hnd(p, &r_u->pol, free_samr_info, (void *)info))
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ _samr_unknown_2d
+*********************************************************************/
+
+NTSTATUS _samr_unknown_2d(pipes_struct *p, SAMR_Q_UNKNOWN_2D *q_u, SAMR_R_UNKNOWN_2D *r_u)
+{
+	DEBUG(0,("_samr_unknown_2d: Not yet implemented.\n"));
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/*******************************************************************
+ _samr_unknown_2e
+ ********************************************************************/
+
+NTSTATUS _samr_unknown_2e(pipes_struct *p, SAMR_Q_UNKNOWN_2E *q_u, SAMR_R_UNKNOWN_2E *r_u)
+{
+	struct samr_info *info = NULL;
+	SAM_UNK_CTR *ctr;
+	uint32 min_pass_len,pass_hist,flag;
+	time_t u_expire, u_min_age;
+	NTTIME nt_expire, nt_min_age;
+
+	time_t u_lock_duration, u_reset_time;
+	NTTIME nt_lock_duration, nt_reset_time;
+	uint32 lockout;
+	
+	time_t u_logout;
+	NTTIME nt_logout;
+
+	uint32 num_users=0, num_groups=0, num_aliases=0;
+
+	if ((ctr = (SAM_UNK_CTR *)talloc_zero(p->mem_ctx, sizeof(SAM_UNK_CTR))) == NULL)
+		return NT_STATUS_NO_MEMORY;
+
+	ZERO_STRUCTP(ctr);
+
+	r_u->status = NT_STATUS_OK;
+
+	DEBUG(5,("_samr_unknown_2e: %d\n", __LINE__));
+
+	/* find the policy handle.  open a policy on it. */
+	if (!find_policy_by_hnd(p, &q_u->domain_pol, (void **)&info))
+		return NT_STATUS_INVALID_HANDLE;
+
+	switch (q_u->switch_value) {
+		case 0x01:
+			account_policy_get(AP_MIN_PASSWORD_LEN, &min_pass_len);
+			account_policy_get(AP_PASSWORD_HISTORY, &pass_hist);
+			account_policy_get(AP_USER_MUST_LOGON_TO_CHG_PASS, &flag);
+			account_policy_get(AP_MAX_PASSWORD_AGE, (int *)&u_expire);
+			account_policy_get(AP_MIN_PASSWORD_AGE, (int *)&u_min_age);
+
+			unix_to_nt_time_abs(&nt_expire, u_expire);
+			unix_to_nt_time_abs(&nt_min_age, u_min_age);
+
+			init_unk_info1(&ctr->info.inf1, (uint16)min_pass_len, (uint16)pass_hist, 
+			               flag, nt_expire, nt_min_age);
+			break;
+		case 0x02:
+			become_root();		
+			r_u->status=load_sampwd_entries(info, ACB_NORMAL);
+			unbecome_root();
+			if (NT_STATUS_IS_ERR(r_u->status)) {
+				DEBUG(5, ("_samr_query_dispinfo: load_sampwd_entries failed\n"));
+				return r_u->status;
+			}
+			num_users=info->disp_info.num_user_account;
+			free_samr_db(info);
+			
+			r_u->status=load_group_domain_entries(info, &global_sam_sid);
+			if (NT_STATUS_IS_ERR(r_u->status)) {
+				DEBUG(5, ("_samr_query_dispinfo: load_group_domain_entries failed\n"));
+				return r_u->status;
+			}
+			num_groups=info->disp_info.num_group_account;
+			free_samr_db(info);
+
+			/* The time call below is to get a sequence number for the sam. FIXME !!! JRA. */
+			init_unk_info2(&ctr->info.inf2, global_myworkgroup, global_myname, (uint32) time(NULL), 
+				       num_users, num_groups, num_aliases);
+			break;
+		case 0x03:
+			account_policy_get(AP_TIME_TO_LOGOUT, (int *)&u_logout);
+			unix_to_nt_time_abs(&nt_logout, u_logout);
+			
+			init_unk_info3(&ctr->info.inf3, nt_logout);
+			break;
+		case 0x05:
+			init_unk_info5(&ctr->info.inf5, global_myname);
+			break;
+		case 0x06:
+			init_unk_info6(&ctr->info.inf6);
+			break;
+		case 0x07:
+			init_unk_info7(&ctr->info.inf7);
+			break;
+		case 0x0c:
+			account_policy_get(AP_LOCK_ACCOUNT_DURATION, (int *)&u_lock_duration);
+			account_policy_get(AP_RESET_COUNT_TIME, (int *)&u_reset_time);
+			account_policy_get(AP_BAD_ATTEMPT_LOCKOUT, &lockout);
+	
+			unix_to_nt_time_abs(&nt_lock_duration, u_lock_duration);
+			unix_to_nt_time_abs(&nt_reset_time, u_reset_time);
+	
+            		init_unk_info12(&ctr->info.inf12, nt_lock_duration, nt_reset_time, (uint16)lockout);
+			break;
+		default:
+			return NT_STATUS_INVALID_INFO_CLASS;
+	}
+
+	init_samr_r_samr_unknown_2e(r_u, q_u->switch_value, ctr, NT_STATUS_OK);
+
+	DEBUG(5,("_samr_unknown_2e: %d\n", __LINE__));
+
+	return r_u->status;
+}
+
+/*******************************************************************
+ _samr_
+ ********************************************************************/
+
+NTSTATUS _samr_set_dom_info(pipes_struct *p, SAMR_Q_SET_DOMAIN_INFO *q_u, SAMR_R_SET_DOMAIN_INFO *r_u)
+{
+	time_t u_expire, u_min_age;
+	time_t u_logout;
+	time_t u_lock_duration, u_reset_time;
+
+	r_u->status = NT_STATUS_OK;
+
+	DEBUG(5,("_samr_set_dom_info: %d\n", __LINE__));
+
+	/* find the policy handle.  open a policy on it. */
+	if (!find_policy_by_hnd(p, &q_u->domain_pol, NULL))
+		return NT_STATUS_INVALID_HANDLE;
+
+	DEBUG(5,("_samr_set_dom_info: switch_value: %d\n", q_u->switch_value));
+
+	switch (q_u->switch_value) {
+        	case 0x01:
+			u_expire=nt_time_to_unix_abs(&q_u->ctr->info.inf1.expire);
+			u_min_age=nt_time_to_unix_abs(&q_u->ctr->info.inf1.min_passwordage);
+			
+			account_policy_set(AP_MIN_PASSWORD_LEN, (uint32)q_u->ctr->info.inf1.min_length_password);
+			account_policy_set(AP_PASSWORD_HISTORY, (uint32)q_u->ctr->info.inf1.password_history);
+			account_policy_set(AP_USER_MUST_LOGON_TO_CHG_PASS, (uint32)q_u->ctr->info.inf1.flag);
+			account_policy_set(AP_MAX_PASSWORD_AGE, (int)u_expire);
+			account_policy_set(AP_MIN_PASSWORD_AGE, (int)u_min_age);
+            		break;
+        	case 0x02:
+			break;
+		case 0x03:
+			u_logout=nt_time_to_unix_abs(&q_u->ctr->info.inf3.logout);
+			account_policy_set(AP_TIME_TO_LOGOUT, (int)u_logout);
+			break;
+		case 0x05:
+			break;
+		case 0x06:
+			break;
+		case 0x07:
+			break;
+		case 0x0c:
+			u_lock_duration=nt_time_to_unix_abs(&q_u->ctr->info.inf12.duration);
+			u_reset_time=nt_time_to_unix_abs(&q_u->ctr->info.inf12.reset_count);
+			
+			account_policy_set(AP_LOCK_ACCOUNT_DURATION, (int)u_lock_duration);
+			account_policy_set(AP_RESET_COUNT_TIME, (int)u_reset_time);
+			account_policy_set(AP_BAD_ATTEMPT_LOCKOUT, (uint32)q_u->ctr->info.inf12.bad_attempt_lockout);
+			break;
+		default:
+			return NT_STATUS_INVALID_INFO_CLASS;
+	}
+
+	init_samr_r_set_domain_info(r_u, NT_STATUS_OK);
+
+	DEBUG(5,("_samr_set_dom_info: %d\n", __LINE__));
+
+	return r_u->status;
+}
+
diff --git a/source3/rpc_server/srv_spoolss.c b/source3/rpc_server/srv_spoolss.c
new file mode 100755
index 0000000000..e6c152c668
--- /dev/null
+++ b/source3/rpc_server/srv_spoolss.c
@@ -0,0 +1,1468 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell              1992-2000,
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-2000,
+ *  Copyright (C) Jean François Micouleau      1998-2000.
+ *  Copyright (C) Jeremy Allison					2001.
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+/********************************************************************
+ * api_spoolss_open_printer_ex (rarely seen - older call)
+ ********************************************************************/
+
+static BOOL api_spoolss_open_printer(pipes_struct *p)
+{
+	SPOOL_Q_OPEN_PRINTER q_u;
+	SPOOL_R_OPEN_PRINTER r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if (!spoolss_io_q_open_printer("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_open_printer: unable to unmarshall SPOOL_Q_OPEN_PRINTER.\n"));
+		return False;
+	}
+
+	r_u.status = _spoolss_open_printer( p, &q_u, &r_u);
+	
+	if (!spoolss_io_r_open_printer("",&r_u,rdata,0)){
+		DEBUG(0,("spoolss_io_r_open_printer: unable to marshall SPOOL_R_OPEN_PRINTER.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+
+/********************************************************************
+ * api_spoolss_open_printer_ex
+ ********************************************************************/
+
+static BOOL api_spoolss_open_printer_ex(pipes_struct *p)
+{
+	SPOOL_Q_OPEN_PRINTER_EX q_u;
+	SPOOL_R_OPEN_PRINTER_EX r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if (!spoolss_io_q_open_printer_ex("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_open_printer_ex: unable to unmarshall SPOOL_Q_OPEN_PRINTER_EX.\n"));
+		return False;
+	}
+
+	r_u.status = _spoolss_open_printer_ex( p, &q_u, &r_u);
+
+	if (!spoolss_io_r_open_printer_ex("",&r_u,rdata,0)){
+		DEBUG(0,("spoolss_io_r_open_printer_ex: unable to marshall SPOOL_R_OPEN_PRINTER_EX.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/********************************************************************
+ * api_spoolss_getprinterdata
+ *
+ * called from the spoolss dispatcher
+ ********************************************************************/
+
+static BOOL api_spoolss_getprinterdata(pipes_struct *p)
+{
+	SPOOL_Q_GETPRINTERDATA q_u;
+	SPOOL_R_GETPRINTERDATA r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* read the stream and fill the struct */
+	if (!spoolss_io_q_getprinterdata("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_getprinterdata: unable to unmarshall SPOOL_Q_GETPRINTERDATA.\n"));
+		return False;
+	}
+	
+	r_u.status = _spoolss_getprinterdata( p, &q_u, &r_u);
+
+	if (!spoolss_io_r_getprinterdata("", &r_u, rdata, 0)) {
+		DEBUG(0,("spoolss_io_r_getprinterdata: unable to marshall SPOOL_R_GETPRINTERDATA.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/********************************************************************
+ * api_spoolss_deleteprinterdata
+ *
+ * called from the spoolss dispatcher
+ ********************************************************************/
+
+static BOOL api_spoolss_deleteprinterdata(pipes_struct *p)
+{
+	SPOOL_Q_DELETEPRINTERDATA q_u;
+	SPOOL_R_DELETEPRINTERDATA r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* read the stream and fill the struct */
+	if (!spoolss_io_q_deleteprinterdata("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_deleteprinterdata: unable to unmarshall SPOOL_Q_DELETEPRINTERDATA.\n"));
+		return False;
+	}
+	
+	r_u.status = _spoolss_deleteprinterdata( p, &q_u, &r_u);
+
+	if (!spoolss_io_r_deleteprinterdata("", &r_u, rdata, 0)) {
+		DEBUG(0,("spoolss_io_r_deleteprinterdata: unable to marshall SPOOL_R_DELETEPRINTERDATA.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/********************************************************************
+ * api_spoolss_closeprinter
+ *
+ * called from the spoolss dispatcher
+ ********************************************************************/
+
+static BOOL api_spoolss_closeprinter(pipes_struct *p)
+{
+	SPOOL_Q_CLOSEPRINTER q_u;
+	SPOOL_R_CLOSEPRINTER r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if (!spoolss_io_q_closeprinter("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_closeprinter: unable to unmarshall SPOOL_Q_CLOSEPRINTER.\n"));
+		return False;
+	}
+
+	r_u.status = _spoolss_closeprinter(p, &q_u, &r_u);
+
+	if (!spoolss_io_r_closeprinter("",&r_u,rdata,0)) {
+		DEBUG(0,("spoolss_io_r_closeprinter: unable to marshall SPOOL_R_CLOSEPRINTER.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/********************************************************************
+ * api_spoolss_abortprinter
+ *
+ * called from the spoolss dispatcher
+ ********************************************************************/
+
+static BOOL api_spoolss_abortprinter(pipes_struct *p)
+{
+	SPOOL_Q_ABORTPRINTER q_u;
+	SPOOL_R_ABORTPRINTER r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if (!spoolss_io_q_abortprinter("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_abortprinter: unable to unmarshall SPOOL_Q_ABORTPRINTER.\n"));
+		return False;
+	}
+
+	r_u.status = _spoolss_abortprinter(p, &q_u, &r_u);
+
+	if (!spoolss_io_r_abortprinter("",&r_u,rdata,0)) {
+		DEBUG(0,("spoolss_io_r_abortprinter: unable to marshall SPOOL_R_ABORTPRINTER.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/********************************************************************
+ * api_spoolss_deleteprinter
+ *
+ * called from the spoolss dispatcher
+ ********************************************************************/
+
+static BOOL api_spoolss_deleteprinter(pipes_struct *p)
+{
+	SPOOL_Q_DELETEPRINTER q_u;
+	SPOOL_R_DELETEPRINTER r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if (!spoolss_io_q_deleteprinter("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_deleteprinter: unable to unmarshall SPOOL_Q_DELETEPRINTER.\n"));
+		return False;
+	}
+
+	r_u.status = _spoolss_deleteprinter(p, &q_u, &r_u);
+
+	if (!spoolss_io_r_deleteprinter("",&r_u,rdata,0)) {
+		DEBUG(0,("spoolss_io_r_deleteprinter: unable to marshall SPOOL_R_DELETEPRINTER.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+
+/********************************************************************
+ * api_spoolss_deleteprinterdriver
+ *
+ * called from the spoolss dispatcher
+ ********************************************************************/
+
+static BOOL api_spoolss_deleteprinterdriver(pipes_struct *p)
+{
+	SPOOL_Q_DELETEPRINTERDRIVER q_u;
+	SPOOL_R_DELETEPRINTERDRIVER r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if (!spoolss_io_q_deleteprinterdriver("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_deleteprinterdriver: unable to unmarshall SPOOL_Q_DELETEPRINTERDRIVER.\n"));
+		return False;
+	}
+
+	r_u.status = _spoolss_deleteprinterdriver(p, &q_u, &r_u);
+
+	if (!spoolss_io_r_deleteprinterdriver("",&r_u,rdata,0)) {
+		DEBUG(0,("spoolss_io_r_deleteprinter: unable to marshall SPOOL_R_DELETEPRINTER.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+
+/********************************************************************
+ * api_spoolss_rffpcnex
+ * ReplyFindFirstPrinterChangeNotifyEx
+ ********************************************************************/
+
+static BOOL api_spoolss_rffpcnex(pipes_struct *p)
+{
+	SPOOL_Q_RFFPCNEX q_u;
+	SPOOL_R_RFFPCNEX r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if (!spoolss_io_q_rffpcnex("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_rffpcnex: unable to unmarshall SPOOL_Q_RFFPCNEX.\n"));
+		return False;
+	}
+
+	r_u.status = _spoolss_rffpcnex(p, &q_u, &r_u);
+
+	if (!spoolss_io_r_rffpcnex("", &r_u, rdata, 0)) {
+		DEBUG(0,("spoolss_io_r_rffpcnex: unable to marshall SPOOL_R_RFFPCNEX.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+
+/********************************************************************
+ * api_spoolss_rfnpcnex
+ * ReplyFindNextPrinterChangeNotifyEx
+ * called from the spoolss dispatcher
+
+ * Note - this is the *ONLY* function that breaks the RPC call
+ * symmetry in all the other calls. We need to do this to fix
+ * the massive memory allocation problem with thousands of jobs...
+ * JRA.
+ ********************************************************************/
+
+static BOOL api_spoolss_rfnpcnex(pipes_struct *p)
+{
+	SPOOL_Q_RFNPCNEX q_u;
+	SPOOL_R_RFNPCNEX r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if (!spoolss_io_q_rfnpcnex("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_rfnpcnex: unable to unmarshall SPOOL_Q_RFNPCNEX.\n"));
+		return False;
+	}
+
+	r_u.status = _spoolss_rfnpcnex(p, &q_u, &r_u);
+
+	if (!spoolss_io_r_rfnpcnex("", &r_u, rdata, 0)) {
+		SAFE_FREE(r_u.info.data);
+		DEBUG(0,("spoolss_io_r_rfnpcnex: unable to marshall SPOOL_R_RFNPCNEX.\n"));
+		return False;
+	}
+
+	SAFE_FREE(r_u.info.data);
+
+	return True;
+}
+
+
+/********************************************************************
+ * api_spoolss_enumprinters
+ * called from the spoolss dispatcher
+ *
+ ********************************************************************/
+
+static BOOL api_spoolss_enumprinters(pipes_struct *p)
+{
+	SPOOL_Q_ENUMPRINTERS q_u;
+	SPOOL_R_ENUMPRINTERS r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if (!spoolss_io_q_enumprinters("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_enumprinters: unable to unmarshall SPOOL_Q_ENUMPRINTERS.\n"));
+		return False;
+	}
+
+	r_u.status = _spoolss_enumprinters( p, &q_u, &r_u);
+
+	if (!spoolss_io_r_enumprinters("", &r_u, rdata, 0)) {
+		DEBUG(0,("spoolss_io_r_enumprinters: unable to marshall SPOOL_R_ENUMPRINTERS.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/********************************************************************
+ * api_spoolss_getprinter
+ * called from the spoolss dispatcher
+ *
+ ********************************************************************/
+
+static BOOL api_spoolss_getprinter(pipes_struct *p)
+{
+	SPOOL_Q_GETPRINTER q_u;
+	SPOOL_R_GETPRINTER r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!spoolss_io_q_getprinter("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_getprinter: unable to unmarshall SPOOL_Q_GETPRINTER.\n"));
+		return False;
+	}
+
+	r_u.status = _spoolss_getprinter(p, &q_u, &r_u);
+
+	if(!spoolss_io_r_getprinter("",&r_u,rdata,0)) {
+		DEBUG(0,("spoolss_io_r_getprinter: unable to marshall SPOOL_R_GETPRINTER.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/********************************************************************
+ * api_spoolss_getprinter
+ * called from the spoolss dispatcher
+ *
+ ********************************************************************/
+
+static BOOL api_spoolss_getprinterdriver2(pipes_struct *p)
+{
+	SPOOL_Q_GETPRINTERDRIVER2 q_u;
+	SPOOL_R_GETPRINTERDRIVER2 r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!spoolss_io_q_getprinterdriver2("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_getprinterdriver2: unable to unmarshall SPOOL_Q_GETPRINTERDRIVER2.\n"));
+		return False;
+	}
+
+	r_u.status = _spoolss_getprinterdriver2(p, &q_u, &r_u);
+	
+	if(!spoolss_io_r_getprinterdriver2("",&r_u,rdata,0)) {
+		DEBUG(0,("spoolss_io_r_getprinterdriver2: unable to marshall SPOOL_R_GETPRINTERDRIVER2.\n"));
+		return False;
+	}
+	
+	return True;
+}
+
+/********************************************************************
+ * api_spoolss_getprinter
+ * called from the spoolss dispatcher
+ *
+ ********************************************************************/
+
+static BOOL api_spoolss_startpageprinter(pipes_struct *p)
+{
+	SPOOL_Q_STARTPAGEPRINTER q_u;
+	SPOOL_R_STARTPAGEPRINTER r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!spoolss_io_q_startpageprinter("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_startpageprinter: unable to unmarshall SPOOL_Q_STARTPAGEPRINTER.\n"));
+		return False;
+	}
+
+	r_u.status = _spoolss_startpageprinter(p, &q_u, &r_u);
+
+	if(!spoolss_io_r_startpageprinter("",&r_u,rdata,0)) {
+		DEBUG(0,("spoolss_io_r_startpageprinter: unable to marshall SPOOL_R_STARTPAGEPRINTER.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/********************************************************************
+ * api_spoolss_getprinter
+ * called from the spoolss dispatcher
+ *
+ ********************************************************************/
+
+static BOOL api_spoolss_endpageprinter(pipes_struct *p)
+{
+	SPOOL_Q_ENDPAGEPRINTER q_u;
+	SPOOL_R_ENDPAGEPRINTER r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!spoolss_io_q_endpageprinter("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_endpageprinter: unable to unmarshall SPOOL_Q_ENDPAGEPRINTER.\n"));
+		return False;
+	}
+
+	r_u.status = _spoolss_endpageprinter(p, &q_u, &r_u);
+
+	if(!spoolss_io_r_endpageprinter("",&r_u,rdata,0)) {
+		DEBUG(0,("spoolss_io_r_endpageprinter: unable to marshall SPOOL_R_ENDPAGEPRINTER.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/********************************************************************
+********************************************************************/
+
+static BOOL api_spoolss_startdocprinter(pipes_struct *p)
+{
+	SPOOL_Q_STARTDOCPRINTER q_u;
+	SPOOL_R_STARTDOCPRINTER r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!spoolss_io_q_startdocprinter("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_startdocprinter: unable to unmarshall SPOOL_Q_STARTDOCPRINTER.\n"));
+		return False;
+	}
+
+	r_u.status = _spoolss_startdocprinter(p, &q_u, &r_u);
+
+	if(!spoolss_io_r_startdocprinter("",&r_u,rdata,0)) {
+		DEBUG(0,("spoolss_io_r_startdocprinter: unable to marshall SPOOL_R_STARTDOCPRINTER.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/********************************************************************
+********************************************************************/
+
+static BOOL api_spoolss_enddocprinter(pipes_struct *p)
+{
+	SPOOL_Q_ENDDOCPRINTER q_u;
+	SPOOL_R_ENDDOCPRINTER r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!spoolss_io_q_enddocprinter("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_enddocprinter: unable to unmarshall SPOOL_Q_ENDDOCPRINTER.\n"));
+		return False;
+	}
+
+	r_u.status = _spoolss_enddocprinter(p, &q_u, &r_u);
+
+	if(!spoolss_io_r_enddocprinter("",&r_u,rdata,0)) {
+		DEBUG(0,("spoolss_io_r_enddocprinter: unable to marshall SPOOL_R_ENDDOCPRINTER.\n"));
+		return False;
+	}
+
+	return True;		
+}
+
+/********************************************************************
+********************************************************************/
+
+static BOOL api_spoolss_writeprinter(pipes_struct *p)
+{
+	SPOOL_Q_WRITEPRINTER q_u;
+	SPOOL_R_WRITEPRINTER r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!spoolss_io_q_writeprinter("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_writeprinter: unable to unmarshall SPOOL_Q_WRITEPRINTER.\n"));
+		return False;
+	}
+
+	r_u.status = _spoolss_writeprinter(p, &q_u, &r_u);
+
+	if(!spoolss_io_r_writeprinter("",&r_u,rdata,0)) {
+		DEBUG(0,("spoolss_io_r_writeprinter: unable to marshall SPOOL_R_WRITEPRINTER.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/****************************************************************************
+
+****************************************************************************/
+
+static BOOL api_spoolss_setprinter(pipes_struct *p)
+{
+	SPOOL_Q_SETPRINTER q_u;
+	SPOOL_R_SETPRINTER r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!spoolss_io_q_setprinter("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_setprinter: unable to unmarshall SPOOL_Q_SETPRINTER.\n"));
+		return False;
+	}
+	
+	r_u.status = _spoolss_setprinter(p, &q_u, &r_u);
+	
+	if(!spoolss_io_r_setprinter("",&r_u,rdata,0)) {
+		DEBUG(0,("spoolss_io_r_setprinter: unable to marshall SPOOL_R_SETPRINTER.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL api_spoolss_fcpn(pipes_struct *p)
+{
+	SPOOL_Q_FCPN q_u;
+	SPOOL_R_FCPN r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!spoolss_io_q_fcpn("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_fcpn: unable to unmarshall SPOOL_Q_FCPN.\n"));
+		return False;
+	}
+
+	r_u.status = _spoolss_fcpn(p, &q_u, &r_u);
+
+	if(!spoolss_io_r_fcpn("",&r_u,rdata,0)) {
+		DEBUG(0,("spoolss_io_r_fcpn: unable to marshall SPOOL_R_FCPN.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL api_spoolss_addjob(pipes_struct *p)
+{
+	SPOOL_Q_ADDJOB q_u;
+	SPOOL_R_ADDJOB r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!spoolss_io_q_addjob("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_addjob: unable to unmarshall SPOOL_Q_ADDJOB.\n"));
+		return False;
+	}
+
+	r_u.status = _spoolss_addjob(p, &q_u, &r_u);
+		
+	if(!spoolss_io_r_addjob("",&r_u,rdata,0)) {
+		DEBUG(0,("spoolss_io_r_addjob: unable to marshall SPOOL_R_ADDJOB.\n"));
+		return False;
+	}
+
+	return True;		
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL api_spoolss_enumjobs(pipes_struct *p)
+{
+	SPOOL_Q_ENUMJOBS q_u;
+	SPOOL_R_ENUMJOBS r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if (!spoolss_io_q_enumjobs("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_enumjobs: unable to unmarshall SPOOL_Q_ENUMJOBS.\n"));
+		return False;
+	}
+
+	r_u.status = _spoolss_enumjobs(p, &q_u, &r_u);
+
+	if (!spoolss_io_r_enumjobs("",&r_u,rdata,0)) {
+		DEBUG(0,("spoolss_io_r_enumjobs: unable to marshall SPOOL_R_ENUMJOBS.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL api_spoolss_schedulejob(pipes_struct *p)
+{
+	SPOOL_Q_SCHEDULEJOB q_u;
+	SPOOL_R_SCHEDULEJOB r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!spoolss_io_q_schedulejob("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_schedulejob: unable to unmarshall SPOOL_Q_SCHEDULEJOB.\n"));
+		return False;
+	}
+
+	r_u.status = _spoolss_schedulejob(p, &q_u, &r_u);
+
+	if(!spoolss_io_r_schedulejob("",&r_u,rdata,0)) {
+		DEBUG(0,("spoolss_io_r_schedulejob: unable to marshall SPOOL_R_SCHEDULEJOB.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL api_spoolss_setjob(pipes_struct *p)
+{
+	SPOOL_Q_SETJOB q_u;
+	SPOOL_R_SETJOB r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!spoolss_io_q_setjob("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_setjob: unable to unmarshall SPOOL_Q_SETJOB.\n"));
+		return False;
+	}
+
+	r_u.status = _spoolss_setjob(p, &q_u, &r_u);
+
+	if(!spoolss_io_r_setjob("",&r_u,rdata,0)) {
+		DEBUG(0,("spoolss_io_r_setjob: unable to marshall SPOOL_R_SETJOB.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL api_spoolss_enumprinterdrivers(pipes_struct *p)
+{
+	SPOOL_Q_ENUMPRINTERDRIVERS q_u;
+	SPOOL_R_ENUMPRINTERDRIVERS r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if (!spoolss_io_q_enumprinterdrivers("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_enumprinterdrivers: unable to unmarshall SPOOL_Q_ENUMPRINTERDRIVERS.\n"));
+		return False;
+	}
+
+	r_u.status = _spoolss_enumprinterdrivers(p, &q_u, &r_u);
+
+	if (!spoolss_io_r_enumprinterdrivers("",&r_u,rdata,0)) {
+		DEBUG(0,("spoolss_io_r_enumprinterdrivers: unable to marshall SPOOL_R_ENUMPRINTERDRIVERS.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL api_spoolss_getform(pipes_struct *p)
+{
+	SPOOL_Q_GETFORM q_u;
+	SPOOL_R_GETFORM r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if (!spoolss_io_q_getform("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_getform: unable to unmarshall SPOOL_Q_GETFORM.\n"));
+		return False;
+	}
+
+	r_u.status = _spoolss_getform(p, &q_u, &r_u);
+
+	if (!spoolss_io_r_getform("",&r_u,rdata,0)) {
+		DEBUG(0,("spoolss_io_r_getform: unable to marshall SPOOL_R_GETFORM.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL api_spoolss_enumforms(pipes_struct *p)
+{
+	SPOOL_Q_ENUMFORMS q_u;
+	SPOOL_R_ENUMFORMS r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if (!spoolss_io_q_enumforms("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_enumforms: unable to unmarshall SPOOL_Q_ENUMFORMS.\n"));
+		return False;
+	}
+
+	r_u.status = _spoolss_enumforms(p, &q_u, &r_u);
+
+	if (!spoolss_io_r_enumforms("",&r_u,rdata,0)) {
+		DEBUG(0,("spoolss_io_r_enumforms: unable to marshall SPOOL_R_ENUMFORMS.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL api_spoolss_enumports(pipes_struct *p)
+{
+	SPOOL_Q_ENUMPORTS q_u;
+	SPOOL_R_ENUMPORTS r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!spoolss_io_q_enumports("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_enumports: unable to unmarshall SPOOL_Q_ENUMPORTS.\n"));
+		return False;
+	}
+
+	r_u.status = _spoolss_enumports(p, &q_u, &r_u);
+
+	if (!spoolss_io_r_enumports("",&r_u,rdata,0)) {
+		DEBUG(0,("spoolss_io_r_enumports: unable to marshall SPOOL_R_ENUMPORTS.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL api_spoolss_addprinterex(pipes_struct *p)
+{
+	SPOOL_Q_ADDPRINTEREX q_u;
+	SPOOL_R_ADDPRINTEREX r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+	
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+	
+	if(!spoolss_io_q_addprinterex("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_addprinterex: unable to unmarshall SPOOL_Q_ADDPRINTEREX.\n"));
+		return False;
+	}
+	
+	r_u.status = _spoolss_addprinterex(p, &q_u, &r_u);
+				
+	if(!spoolss_io_r_addprinterex("", &r_u, rdata, 0)) {
+		DEBUG(0,("spoolss_io_r_addprinterex: unable to marshall SPOOL_R_ADDPRINTEREX.\n"));
+		return False;
+	}
+	
+	return True;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL api_spoolss_addprinterdriver(pipes_struct *p)
+{
+	SPOOL_Q_ADDPRINTERDRIVER q_u;
+	SPOOL_R_ADDPRINTERDRIVER r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+	
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+	
+	if(!spoolss_io_q_addprinterdriver("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_addprinterdriver: unable to unmarshall SPOOL_Q_ADDPRINTERDRIVER.\n"));
+		return False;
+	}
+	
+	r_u.status = _spoolss_addprinterdriver(p, &q_u, &r_u);
+				
+	if(!spoolss_io_r_addprinterdriver("", &r_u, rdata, 0)) {
+		DEBUG(0,("spoolss_io_r_addprinterdriver: unable to marshall SPOOL_R_ADDPRINTERDRIVER.\n"));
+		return False;
+	}
+	
+	return True;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL api_spoolss_getprinterdriverdirectory(pipes_struct *p)
+{
+	SPOOL_Q_GETPRINTERDRIVERDIR q_u;
+	SPOOL_R_GETPRINTERDRIVERDIR r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!spoolss_io_q_getprinterdriverdir("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_getprinterdriverdir: unable to unmarshall SPOOL_Q_GETPRINTERDRIVERDIR.\n"));
+		return False;
+	}
+
+	r_u.status = _spoolss_getprinterdriverdirectory(p, &q_u, &r_u);
+
+	if(!spoolss_io_r_getprinterdriverdir("", &r_u, rdata, 0)) {
+		DEBUG(0,("spoolss_io_r_getprinterdriverdir: unable to marshall SPOOL_R_GETPRINTERDRIVERDIR.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL api_spoolss_enumprinterdata(pipes_struct *p)
+{
+	SPOOL_Q_ENUMPRINTERDATA q_u;
+	SPOOL_R_ENUMPRINTERDATA r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+	
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+	
+	if(!spoolss_io_q_enumprinterdata("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_enumprinterdata: unable to unmarshall SPOOL_Q_ENUMPRINTERDATA.\n"));
+		return False;
+	}
+	
+	r_u.status = _spoolss_enumprinterdata(p, &q_u, &r_u);
+				
+	if(!spoolss_io_r_enumprinterdata("", &r_u, rdata, 0)) {
+		DEBUG(0,("spoolss_io_r_enumprinterdata: unable to marshall SPOOL_R_ENUMPRINTERDATA.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL api_spoolss_setprinterdata(pipes_struct *p)
+{
+	SPOOL_Q_SETPRINTERDATA q_u;
+	SPOOL_R_SETPRINTERDATA r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+	
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+	
+	if(!spoolss_io_q_setprinterdata("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_setprinterdata: unable to unmarshall SPOOL_Q_SETPRINTERDATA.\n"));
+		return False;
+	}
+	
+	r_u.status = _spoolss_setprinterdata(p, &q_u, &r_u);
+				
+	if(!spoolss_io_r_setprinterdata("", &r_u, rdata, 0)) {
+		DEBUG(0,("spoolss_io_r_setprinterdata: unable to marshall SPOOL_R_SETPRINTERDATA.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/****************************************************************************
+****************************************************************************/
+static BOOL api_spoolss_reset_printer(pipes_struct *p)
+{
+	SPOOL_Q_RESETPRINTER q_u;
+	SPOOL_R_RESETPRINTER r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!spoolss_io_q_resetprinter("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_setprinterdata: unable to unmarshall SPOOL_Q_SETPRINTERDATA.\n"));
+		return False;
+	}
+	
+	r_u.status = _spoolss_resetprinter(p, &q_u, &r_u);
+
+	if(!spoolss_io_r_resetprinter("", &r_u, rdata, 0)) {
+		DEBUG(0,("spoolss_io_r_setprinterdata: unable to marshall SPOOL_R_RESETPRINTER.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/****************************************************************************
+****************************************************************************/
+static BOOL api_spoolss_addform(pipes_struct *p)
+{
+	SPOOL_Q_ADDFORM q_u;
+	SPOOL_R_ADDFORM r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+	
+	if(!spoolss_io_q_addform("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_addform: unable to unmarshall SPOOL_Q_ADDFORM.\n"));
+		return False;
+	}
+	
+	r_u.status = _spoolss_addform(p, &q_u, &r_u);
+	
+	if(!spoolss_io_r_addform("", &r_u, rdata, 0)) {
+		DEBUG(0,("spoolss_io_r_addform: unable to marshall SPOOL_R_ADDFORM.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL api_spoolss_deleteform(pipes_struct *p)
+{
+	SPOOL_Q_DELETEFORM q_u;
+	SPOOL_R_DELETEFORM r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+	
+	if(!spoolss_io_q_deleteform("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_deleteform: unable to unmarshall SPOOL_Q_DELETEFORM.\n"));
+		return False;
+	}
+	
+	r_u.status = _spoolss_deleteform(p, &q_u, &r_u);
+	
+	if(!spoolss_io_r_deleteform("", &r_u, rdata, 0)) {
+		DEBUG(0,("spoolss_io_r_deleteform: unable to marshall SPOOL_R_DELETEFORM.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL api_spoolss_setform(pipes_struct *p)
+{
+	SPOOL_Q_SETFORM q_u;
+	SPOOL_R_SETFORM r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+	
+	if(!spoolss_io_q_setform("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_setform: unable to unmarshall SPOOL_Q_SETFORM.\n"));
+		return False;
+	}
+	
+	r_u.status = _spoolss_setform(p, &q_u, &r_u);
+				      
+	if(!spoolss_io_r_setform("", &r_u, rdata, 0)) {
+		DEBUG(0,("spoolss_io_r_setform: unable to marshall SPOOL_R_SETFORM.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL api_spoolss_enumprintprocessors(pipes_struct *p)
+{
+	SPOOL_Q_ENUMPRINTPROCESSORS q_u;
+	SPOOL_R_ENUMPRINTPROCESSORS r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+	
+	if(!spoolss_io_q_enumprintprocessors("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_enumprintprocessors: unable to unmarshall SPOOL_Q_ENUMPRINTPROCESSORS.\n"));
+		return False;
+	}
+	
+	r_u.status = _spoolss_enumprintprocessors(p, &q_u, &r_u);
+
+	if(!spoolss_io_r_enumprintprocessors("", &r_u, rdata, 0)) {
+		DEBUG(0,("spoolss_io_r_enumprintprocessors: unable to marshall SPOOL_R_ENUMPRINTPROCESSORS.\n"));
+		return False;
+	}
+	
+	return True;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL api_spoolss_addprintprocessor(pipes_struct *p)
+{
+	SPOOL_Q_ADDPRINTPROCESSOR q_u;
+	SPOOL_R_ADDPRINTPROCESSOR r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+	
+	if(!spoolss_io_q_addprintprocessor("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_addprintprocessor: unable to unmarshall SPOOL_Q_ADDPRINTPROCESSOR.\n"));
+		return False;
+	}
+	
+	/* for now, just indicate success and ignore the add.  We'll
+	   automatically set the winprint processor for printer
+	   entries later.  Used to debug the LexMark Optra S 1855 PCL
+	   driver --jerry */
+	r_u.status = WERR_OK;
+
+	if(!spoolss_io_r_addprintprocessor("", &r_u, rdata, 0)) {
+		DEBUG(0,("spoolss_io_r_addprintprocessor: unable to marshall SPOOL_R_ADDPRINTPROCESSOR.\n"));
+		return False;
+	}
+	
+	return True;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL api_spoolss_enumprintprocdatatypes(pipes_struct *p)
+{
+	SPOOL_Q_ENUMPRINTPROCDATATYPES q_u;
+	SPOOL_R_ENUMPRINTPROCDATATYPES r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+	
+	if(!spoolss_io_q_enumprintprocdatatypes("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_enumprintprocdatatypes: unable to unmarshall SPOOL_Q_ENUMPRINTPROCDATATYPES.\n"));
+		return False;
+	}
+	
+	r_u.status = _spoolss_enumprintprocdatatypes(p, &q_u, &r_u);
+
+	if(!spoolss_io_r_enumprintprocdatatypes("", &r_u, rdata, 0)) {
+		DEBUG(0,("spoolss_io_r_enumprintprocdatatypes: unable to marshall SPOOL_R_ENUMPRINTPROCDATATYPES.\n"));
+		return False;
+	}
+	
+	return True;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL api_spoolss_enumprintmonitors(pipes_struct *p)
+{
+	SPOOL_Q_ENUMPRINTMONITORS q_u;
+	SPOOL_R_ENUMPRINTMONITORS r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+	
+	if (!spoolss_io_q_enumprintmonitors("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_enumprintmonitors: unable to unmarshall SPOOL_Q_ENUMPRINTMONITORS.\n"));
+		return False;
+	}
+		
+	r_u.status = _spoolss_enumprintmonitors(p, &q_u, &r_u);
+
+	if (!spoolss_io_r_enumprintmonitors("", &r_u, rdata, 0)) {
+		DEBUG(0,("spoolss_io_r_enumprintmonitors: unable to marshall SPOOL_R_ENUMPRINTMONITORS.\n"));
+		return False;
+	}
+	
+	return True;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL api_spoolss_getjob(pipes_struct *p)
+{
+	SPOOL_Q_GETJOB q_u;
+	SPOOL_R_GETJOB r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+	
+	if(!spoolss_io_q_getjob("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_getjob: unable to unmarshall SPOOL_Q_GETJOB.\n"));
+		return False;
+	}
+
+	r_u.status = _spoolss_getjob(p, &q_u, &r_u);
+	
+	if(!spoolss_io_r_getjob("",&r_u,rdata,0)) {
+		DEBUG(0,("spoolss_io_r_getjob: unable to marshall SPOOL_R_GETJOB.\n"));
+		return False;
+	}
+		
+	return True;
+}
+
+/********************************************************************
+ * api_spoolss_getprinterdataex
+ *
+ * called from the spoolss dispatcher
+ ********************************************************************/
+
+static BOOL api_spoolss_getprinterdataex(pipes_struct *p)
+{
+	SPOOL_Q_GETPRINTERDATAEX q_u;
+	SPOOL_R_GETPRINTERDATAEX r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* read the stream and fill the struct */
+	if (!spoolss_io_q_getprinterdataex("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_getprinterdataex: unable to unmarshall SPOOL_Q_GETPRINTERDATAEX.\n"));
+		return False;
+	}
+	
+	r_u.status = _spoolss_getprinterdataex( p, &q_u, &r_u);
+
+	if (!spoolss_io_r_getprinterdataex("", &r_u, rdata, 0)) {
+		DEBUG(0,("spoolss_io_r_getprinterdataex: unable to marshall SPOOL_R_GETPRINTERDATAEX.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL api_spoolss_setprinterdataex(pipes_struct *p)
+{
+	SPOOL_Q_SETPRINTERDATAEX q_u;
+	SPOOL_R_SETPRINTERDATAEX r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+	
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+	
+	if(!spoolss_io_q_setprinterdataex("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_setprinterdataex: unable to unmarshall SPOOL_Q_SETPRINTERDATAEX.\n"));
+		return False;
+	}
+	
+	r_u.status = _spoolss_setprinterdataex(p, &q_u, &r_u);
+				
+	if(!spoolss_io_r_setprinterdataex("", &r_u, rdata, 0)) {
+		DEBUG(0,("spoolss_io_r_setprinterdataex: unable to marshall SPOOL_R_SETPRINTERDATAEX.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL api_spoolss_enumprinterkey(pipes_struct *p)
+{
+	SPOOL_Q_ENUMPRINTERKEY q_u;
+	SPOOL_R_ENUMPRINTERKEY r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+	
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+	
+	if(!spoolss_io_q_enumprinterkey("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_setprinterkey: unable to unmarshall SPOOL_Q_ENUMPRINTERKEY.\n"));
+		return False;
+	}
+	
+	r_u.status = _spoolss_enumprinterkey(p, &q_u, &r_u);
+				
+	if(!spoolss_io_r_enumprinterkey("", &r_u, rdata, 0)) {
+		DEBUG(0,("spoolss_io_r_enumprinterkey: unable to marshall SPOOL_R_ENUMPRINTERKEY.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL api_spoolss_enumprinterdataex(pipes_struct *p)
+{
+	SPOOL_Q_ENUMPRINTERDATAEX q_u;
+	SPOOL_R_ENUMPRINTERDATAEX r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+	
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+	
+	if(!spoolss_io_q_enumprinterdataex("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_enumprinterdataex: unable to unmarshall SPOOL_Q_ENUMPRINTERDATAEX.\n"));
+		return False;
+	}
+	
+	r_u.status = _spoolss_enumprinterdataex(p, &q_u, &r_u);
+				
+	if(!spoolss_io_r_enumprinterdataex("", &r_u, rdata, 0)) {
+		DEBUG(0,("spoolss_io_r_enumprinterdataex: unable to marshall SPOOL_R_ENUMPRINTERDATAEX.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL api_spoolss_getprintprocessordirectory(pipes_struct *p)
+{
+	SPOOL_Q_GETPRINTPROCESSORDIRECTORY q_u;
+	SPOOL_R_GETPRINTPROCESSORDIRECTORY r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+	
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+	
+	if(!spoolss_io_q_getprintprocessordirectory("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_getprintprocessordirectory: unable to unmarshall SPOOL_Q_GETPRINTPROCESSORDIRECTORY.\n"));
+		return False;
+	}
+	
+	r_u.status = _spoolss_getprintprocessordirectory(p, &q_u, &r_u);
+				
+	if(!spoolss_io_r_getprintprocessordirectory("", &r_u, rdata, 0)) {
+		DEBUG(0,("spoolss_io_r_getprintprocessordirectory: unable to marshall SPOOL_R_GETPRINTPROCESSORDIRECTORY.\n"));
+		return False;
+	}
+	
+	return True;
+}
+
+/*******************************************************************
+\pipe\spoolss commands
+********************************************************************/
+
+struct api_struct api_spoolss_cmds[] = 
+{
+ {"SPOOLSS_OPENPRINTER",               SPOOLSS_OPENPRINTER,               api_spoolss_open_printer              },
+ {"SPOOLSS_OPENPRINTEREX",             SPOOLSS_OPENPRINTEREX,             api_spoolss_open_printer_ex           },
+ {"SPOOLSS_GETPRINTERDATA",            SPOOLSS_GETPRINTERDATA,            api_spoolss_getprinterdata            },
+ {"SPOOLSS_CLOSEPRINTER",              SPOOLSS_CLOSEPRINTER,              api_spoolss_closeprinter              },
+ {"SPOOLSS_DELETEPRINTER",             SPOOLSS_DELETEPRINTER,             api_spoolss_deleteprinter             },
+ {"SPOOLSS_ABORTPRINTER",              SPOOLSS_ABORTPRINTER,              api_spoolss_abortprinter              },
+ {"SPOOLSS_RFFPCNEX",                  SPOOLSS_RFFPCNEX,                  api_spoolss_rffpcnex                  },
+ {"SPOOLSS_RFNPCNEX",                  SPOOLSS_RFNPCNEX,                  api_spoolss_rfnpcnex                  },
+ {"SPOOLSS_ENUMPRINTERS",              SPOOLSS_ENUMPRINTERS,              api_spoolss_enumprinters              },
+ {"SPOOLSS_GETPRINTER",                SPOOLSS_GETPRINTER,                api_spoolss_getprinter                },
+ {"SPOOLSS_GETPRINTERDRIVER2",         SPOOLSS_GETPRINTERDRIVER2,         api_spoolss_getprinterdriver2         }, 
+ {"SPOOLSS_STARTPAGEPRINTER",          SPOOLSS_STARTPAGEPRINTER,          api_spoolss_startpageprinter          },
+ {"SPOOLSS_ENDPAGEPRINTER",            SPOOLSS_ENDPAGEPRINTER,            api_spoolss_endpageprinter            }, 
+ {"SPOOLSS_STARTDOCPRINTER",           SPOOLSS_STARTDOCPRINTER,           api_spoolss_startdocprinter           },
+ {"SPOOLSS_ENDDOCPRINTER",             SPOOLSS_ENDDOCPRINTER,             api_spoolss_enddocprinter             },
+ {"SPOOLSS_WRITEPRINTER",              SPOOLSS_WRITEPRINTER,              api_spoolss_writeprinter              },
+ {"SPOOLSS_SETPRINTER",                SPOOLSS_SETPRINTER,                api_spoolss_setprinter                },
+ {"SPOOLSS_FCPN",                      SPOOLSS_FCPN,                      api_spoolss_fcpn		        },
+ {"SPOOLSS_ADDJOB",                    SPOOLSS_ADDJOB,                    api_spoolss_addjob                    },
+ {"SPOOLSS_ENUMJOBS",                  SPOOLSS_ENUMJOBS,                  api_spoolss_enumjobs                  },
+ {"SPOOLSS_SCHEDULEJOB",               SPOOLSS_SCHEDULEJOB,               api_spoolss_schedulejob               },
+ {"SPOOLSS_SETJOB",                    SPOOLSS_SETJOB,                    api_spoolss_setjob                    },
+ {"SPOOLSS_ENUMFORMS",                 SPOOLSS_ENUMFORMS,                 api_spoolss_enumforms                 },
+ {"SPOOLSS_ENUMPORTS",                 SPOOLSS_ENUMPORTS,                 api_spoolss_enumports                 },
+ {"SPOOLSS_ENUMPRINTERDRIVERS",        SPOOLSS_ENUMPRINTERDRIVERS,        api_spoolss_enumprinterdrivers        },
+ {"SPOOLSS_ADDPRINTEREX",              SPOOLSS_ADDPRINTEREX,              api_spoolss_addprinterex              },
+ {"SPOOLSS_ADDPRINTERDRIVER",          SPOOLSS_ADDPRINTERDRIVER,          api_spoolss_addprinterdriver          },
+ {"SPOOLSS_DELETEPRINTERDRIVER",       SPOOLSS_DELETEPRINTERDRIVER,       api_spoolss_deleteprinterdriver       },
+ {"SPOOLSS_GETPRINTERDRIVERDIRECTORY", SPOOLSS_GETPRINTERDRIVERDIRECTORY, api_spoolss_getprinterdriverdirectory },
+ {"SPOOLSS_ENUMPRINTERDATA",           SPOOLSS_ENUMPRINTERDATA,           api_spoolss_enumprinterdata           },
+ {"SPOOLSS_SETPRINTERDATA",            SPOOLSS_SETPRINTERDATA,            api_spoolss_setprinterdata            },
+ {"SPOOLSS_RESETPRINTER",              SPOOLSS_RESETPRINTER,              api_spoolss_reset_printer             },
+ {"SPOOLSS_DELETEPRINTERDATA",         SPOOLSS_DELETEPRINTERDATA,         api_spoolss_deleteprinterdata         },
+ {"SPOOLSS_ADDFORM",                   SPOOLSS_ADDFORM,                   api_spoolss_addform                   },
+ {"SPOOLSS_DELETEFORM",                SPOOLSS_DELETEFORM,                api_spoolss_deleteform                },
+ {"SPOOLSS_GETFORM",                   SPOOLSS_GETFORM,                   api_spoolss_getform                   },
+ {"SPOOLSS_SETFORM",                   SPOOLSS_SETFORM,                   api_spoolss_setform                   },
+ {"SPOOLSS_ADDPRINTPROCESSOR",         SPOOLSS_ADDPRINTPROCESSOR,         api_spoolss_addprintprocessor         },
+ {"SPOOLSS_ENUMPRINTPROCESSORS",       SPOOLSS_ENUMPRINTPROCESSORS,       api_spoolss_enumprintprocessors       },
+ {"SPOOLSS_ENUMMONITORS",              SPOOLSS_ENUMMONITORS,              api_spoolss_enumprintmonitors         },
+ {"SPOOLSS_GETJOB",                    SPOOLSS_GETJOB,                    api_spoolss_getjob                    },
+ {"SPOOLSS_ENUMPRINTPROCDATATYPES",    SPOOLSS_ENUMPRINTPROCDATATYPES,    api_spoolss_enumprintprocdatatypes    },
+ {"SPOOLSS_GETPRINTERDATAEX",          SPOOLSS_GETPRINTERDATAEX,          api_spoolss_getprinterdataex          },
+ {"SPOOLSS_SETPRINTERDATAEX",          SPOOLSS_SETPRINTERDATAEX,          api_spoolss_setprinterdataex          },
+ {"SPOOLSS_ENUMPRINTERKEY",            SPOOLSS_ENUMPRINTERKEY,            api_spoolss_enumprinterkey            },
+ {"SPOOLSS_ENUMPRINTERDATAEX",         SPOOLSS_ENUMPRINTERDATAEX,         api_spoolss_enumprinterdataex         },
+#if 0
+ /* Disabled because it doesn't fix the bug I am looking at but it would be
+    a shame to throw away the code. -tpot */
+ {"SPOOLSS_GETPRINTPROCESSORDIRECTORY",SPOOLSS_GETPRINTPROCESSORDIRECTORY,api_spoolss_getprintprocessordirectory},
+#endif
+ { NULL,                               0,                                 NULL                                  }
+};
+
+/*******************************************************************
+receives a spoolss pipe and responds.
+********************************************************************/
+BOOL api_spoolss_rpc(pipes_struct *p)
+{
+	return api_rpcTNP(p, "api_spoolss_rpc", api_spoolss_cmds);
+}
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
new file mode 100644
index 0000000000..3bc91c2472
--- /dev/null
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -0,0 +1,7837 @@
+/*
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell              1992-2000,
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-2000,
+ *  Copyright (C) Jean François Micouleau      1998-2000,
+ *  Copyright (C) Jeremy Allison		    2001,
+ *  Copyright (C) Gerald Carter		       2000-2001,
+ *  Copyright (C) Tim Potter                   2001-2002.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+/* Since the SPOOLSS rpc routines are basically DOS 16-bit calls wrapped
+   up, all the errors returned are DOS errors, not NT status codes. */
+
+#include "includes.h"
+
+#ifndef MAX_OPEN_PRINTER_EXS
+#define MAX_OPEN_PRINTER_EXS 50
+#endif
+
+#define MAGIC_DISPLAY_FREQUENCY 0xfade2bad
+#define PHANTOM_DEVMODE_KEY "_p_f_a_n_t_0_m_"
+#define PRINTER_HANDLE_IS_PRINTER	0
+#define PRINTER_HANDLE_IS_PRINTSERVER	1
+
+struct table_node {
+	char    *long_archi;
+	char    *short_archi;
+	int     version;
+};
+
+
+/* structure to store the printer handles */
+/* and a reference to what it's pointing to */
+/* and the notify info asked about */
+/* that's the central struct */
+typedef struct _Printer{
+	struct _Printer *prev, *next;
+	BOOL document_started;
+	BOOL page_started;
+	int jobid; /* jobid in printing backend */
+	BOOL printer_type;
+	union {
+	  	fstring handlename;
+		fstring printerservername;
+	} dev;
+	uint32 type;
+	uint32 access_granted;
+	struct {
+		uint32 flags;
+		uint32 options;
+		fstring localmachine;
+		uint32 printerlocal;
+		SPOOL_NOTIFY_OPTION *option;
+		POLICY_HND client_hnd;
+		uint32 client_connected;
+	} notify;
+	struct {
+		fstring machine;
+		fstring user;
+	} client;
+} Printer_entry;
+
+static Printer_entry *printers_list;
+
+typedef struct _counter_printer_0 {
+	ubi_dlNode Next;
+	ubi_dlNode Prev;
+	
+	int snum;
+	uint32 counter;
+} counter_printer_0;
+
+static ubi_dlList counter_list;
+
+static struct cli_state cli;
+static uint32 smb_connections=0;
+
+
+/* in printing/nt_printing.c */
+extern STANDARD_MAPPING printer_std_mapping;
+
+#define OUR_HANDLE(hnd) (((hnd)==NULL)?"NULL":(IVAL((hnd)->data5,4)==(uint32)sys_getpid()?"OURS":"OTHER")), \
+((unsigned int)IVAL((hnd)->data5,4)),((unsigned int)sys_getpid())
+
+/* translate between internal status numbers and NT status numbers */
+static int nt_printj_status(int v)
+{
+	switch (v) {
+	case LPQ_QUEUED:
+		return 0;
+	case LPQ_PAUSED:
+		return JOB_STATUS_PAUSED;
+	case LPQ_SPOOLING:
+		return JOB_STATUS_SPOOLING;
+	case LPQ_PRINTING:
+		return JOB_STATUS_PRINTING;
+	case LPQ_ERROR:
+		return JOB_STATUS_ERROR;
+	case LPQ_DELETING:
+		return JOB_STATUS_DELETING;
+	case LPQ_OFFLINE:
+		return JOB_STATUS_OFFLINE;
+	case LPQ_PAPEROUT:
+		return JOB_STATUS_PAPEROUT;
+	case LPQ_PRINTED:
+		return JOB_STATUS_PRINTED;
+	case LPQ_DELETED:
+		return JOB_STATUS_DELETED;
+	case LPQ_BLOCKED:
+		return JOB_STATUS_BLOCKED;
+	case LPQ_USER_INTERVENTION:
+		return JOB_STATUS_USER_INTERVENTION;
+	}
+	return 0;
+}
+
+static int nt_printq_status(int v)
+{
+	switch (v) {
+	case LPQ_PAUSED:
+		return PRINTER_STATUS_PAUSED;
+	case LPQ_QUEUED:
+	case LPQ_SPOOLING:
+	case LPQ_PRINTING:
+		return 0;
+	}
+	return 0;
+}
+
+/****************************************************************************
+ Functions to handle SPOOL_NOTIFY_OPTION struct stored in Printer_entry.
+****************************************************************************/
+
+static void free_spool_notify_option(SPOOL_NOTIFY_OPTION **pp)
+{
+	if (*pp == NULL)
+		return;
+
+	SAFE_FREE((*pp)->ctr.type);
+	SAFE_FREE(*pp);
+}
+
+/***************************************************************************
+ Disconnect from the client
+****************************************************************************/
+
+static void srv_spoolss_replycloseprinter(POLICY_HND *handle)
+{
+	WERROR result;
+
+	/* weird if the test succeds !!! */
+	if (smb_connections==0) {
+		DEBUG(0,("srv_spoolss_replycloseprinter:Trying to close non-existant notify backchannel !\n"));
+		return;
+	}
+
+	result = cli_spoolss_reply_close_printer(&cli, cli.mem_ctx, handle);
+	
+	if (!W_ERROR_IS_OK(result))
+		DEBUG(0,("srv_spoolss_replycloseprinter: reply_close_printer failed [%s].\n",
+			dos_errstr(result)));
+
+	/* if it's the last connection, deconnect the IPC$ share */
+	if (smb_connections==1) {
+		if(!spoolss_disconnect_from_client(&cli))
+			return;
+
+		message_deregister(MSG_PRINTER_NOTIFY);
+	}
+
+	smb_connections--;
+}
+
+/****************************************************************************
+ Functions to free a printer entry datastruct.
+****************************************************************************/
+
+static void free_printer_entry(void *ptr)
+{
+	Printer_entry *Printer = (Printer_entry *)ptr;
+
+	if (Printer->notify.client_connected==True)
+		srv_spoolss_replycloseprinter(&Printer->notify.client_hnd);
+
+	Printer->notify.flags=0;
+	Printer->notify.options=0;
+	Printer->notify.localmachine[0]='\0';
+	Printer->notify.printerlocal=0;
+	free_spool_notify_option(&Printer->notify.option);
+	Printer->notify.option=NULL;
+	Printer->notify.client_connected=False;
+
+	/* Remove from the internal list. */
+	DLIST_REMOVE(printers_list, Printer);
+
+	SAFE_FREE(Printer);
+}
+
+/****************************************************************************
+ Functions to duplicate a SPOOL_NOTIFY_OPTION struct stored in Printer_entry.
+****************************************************************************/
+
+SPOOL_NOTIFY_OPTION *dup_spool_notify_option(SPOOL_NOTIFY_OPTION *sp)
+{
+	SPOOL_NOTIFY_OPTION *new_sp = NULL;
+
+	if (!sp)
+		return NULL;
+
+	new_sp = (SPOOL_NOTIFY_OPTION *)malloc(sizeof(SPOOL_NOTIFY_OPTION));
+	if (!new_sp)
+		return NULL;
+
+	*new_sp = *sp;
+
+	if (sp->ctr.count) {
+		new_sp->ctr.type = (SPOOL_NOTIFY_OPTION_TYPE *)memdup(sp->ctr.type, sizeof(SPOOL_NOTIFY_OPTION_TYPE) * sp->ctr.count);
+
+		if (!new_sp->ctr.type) {
+			SAFE_FREE(new_sp);
+			return NULL;
+		}
+	}
+
+	return new_sp;
+}
+
+/****************************************************************************
+  find printer index by handle
+****************************************************************************/
+
+static Printer_entry *find_printer_index_by_hnd(pipes_struct *p, POLICY_HND *hnd)
+{
+	Printer_entry *find_printer = NULL;
+
+	if(!find_policy_by_hnd(p,hnd,(void **)&find_printer)) {
+		DEBUG(2,("find_printer_index_by_hnd: Printer handle not found: "));
+		return NULL;
+	}
+
+	return find_printer;
+}
+
+/****************************************************************************
+ Close printer index by handle.
+****************************************************************************/
+
+static BOOL close_printer_handle(pipes_struct *p, POLICY_HND *hnd)
+{
+	Printer_entry *Printer = find_printer_index_by_hnd(p, hnd);
+
+	if (!Printer) {
+		DEBUG(2,("close_printer_handle: Invalid handle (%s:%u:%u)\n", OUR_HANDLE(hnd)));
+		return False;
+	}
+
+	close_policy_hnd(p, hnd);
+
+	return True;
+}	
+
+/****************************************************************************
+ Delete a printer given a handle.
+****************************************************************************/
+
+static WERROR delete_printer_handle(pipes_struct *p, POLICY_HND *hnd)
+{
+	Printer_entry *Printer = find_printer_index_by_hnd(p, hnd);
+
+	if (!Printer) {
+		DEBUG(2,("delete_printer_handle: Invalid handle (%s:%u:%u)\n", OUR_HANDLE(hnd)));
+		return WERR_BADFID;
+	}
+
+	if (del_a_printer(Printer->dev.handlename) != 0) {
+		DEBUG(3,("Error deleting printer %s\n", Printer->dev.handlename));
+		return WERR_BADFID;
+	}
+
+	/* Check calling user has permission to delete printer.  Note that
+	   since we set the snum parameter to -1 only administrators can
+	   delete the printer.  This stops people with the Full Control
+	   permission from deleting the printer. */
+
+	if (!print_access_check(NULL, -1, PRINTER_ACCESS_ADMINISTER)) {
+		DEBUG(3, ("printer delete denied by security descriptor\n"));
+		return WERR_ACCESS_DENIED;
+	}
+
+	if (*lp_deleteprinter_cmd()) {
+
+		char *cmd = lp_deleteprinter_cmd();
+		pstring command;
+		int ret;
+		int i;
+
+		/* Printer->dev.handlename equals portname equals sharename */
+		slprintf(command, sizeof(command)-1, "%s \"%s\"", cmd,
+					Printer->dev.handlename);
+
+		DEBUG(10,("Running [%s]\n", command));
+		ret = smbrun(command, NULL);
+		if (ret != 0) {
+			return WERR_BADFID; /* What to return here? */
+		}
+		DEBUGADD(10,("returned [%d]\n", ret));
+
+		/* Send SIGHUP to process group... is there a better way? */
+		kill(0, SIGHUP);
+
+		if ( ( i = lp_servicenumber( Printer->dev.handlename ) ) >= 0 ) {
+			lp_killservice( i );
+			return WERR_OK;
+		} else
+			return WERR_ACCESS_DENIED;
+	}
+
+	return WERR_OK;
+}
+
+/****************************************************************************
+ Return the snum of a printer corresponding to an handle.
+****************************************************************************/
+
+static BOOL get_printer_snum(pipes_struct *p, POLICY_HND *hnd, int *number)
+{
+	Printer_entry *Printer = find_printer_index_by_hnd(p, hnd);
+		
+	if (!Printer) {
+		DEBUG(2,("get_printer_snum: Invalid handle (%s:%u:%u)\n", OUR_HANDLE(hnd)));
+		return False;
+	}
+	
+	switch (Printer->printer_type) {
+	case PRINTER_HANDLE_IS_PRINTER:		
+		DEBUG(4,("short name:%s\n", Printer->dev.handlename));			
+		*number = print_queue_snum(Printer->dev.handlename);
+		return (*number != -1);
+	case PRINTER_HANDLE_IS_PRINTSERVER:
+		return False;
+	default:
+		return False;
+	}
+}
+
+/****************************************************************************
+ Set printer handle type.
+ Check if it's \\server or \\server\printer
+****************************************************************************/
+
+static BOOL set_printer_hnd_printertype(Printer_entry *Printer, char *handlename)
+{
+	DEBUG(3,("Setting printer type=%s\n", handlename));
+
+	if ( strlen(handlename) < 3 ) {
+		DEBUGADD(4,("A print server must have at least 1 char ! %s\n", handlename));
+		return False;
+	}
+
+	/* it's a print server */
+	if (*handlename=='\\' && *(handlename+1)=='\\' && !strchr_m(handlename+2, '\\')) {
+		DEBUGADD(4,("Printer is a print server\n"));
+		Printer->printer_type = PRINTER_HANDLE_IS_PRINTSERVER;		
+	}
+	/* it's a printer */
+	else {
+		DEBUGADD(4,("Printer is a printer\n"));
+		Printer->printer_type = PRINTER_HANDLE_IS_PRINTER;
+	}
+
+	return True;
+}
+
+/****************************************************************************
+ Set printer handle name.
+****************************************************************************/
+
+static BOOL set_printer_hnd_name(Printer_entry *Printer, char *handlename)
+{
+	int snum;
+	int n_services=lp_numservices();
+	char *aprinter;
+	fstring sname;
+	BOOL found=False;
+	
+	DEBUG(4,("Setting printer name=%s (len=%d)\n", handlename, strlen(handlename)));
+
+	if (Printer->printer_type==PRINTER_HANDLE_IS_PRINTSERVER) {
+		ZERO_STRUCT(Printer->dev.printerservername);
+		strncpy(Printer->dev.printerservername, handlename, strlen(handlename));
+		return True;
+	}
+
+	if (Printer->printer_type!=PRINTER_HANDLE_IS_PRINTER)
+		return False;
+	
+	if (*handlename=='\\') {
+		aprinter=strchr_m(handlename+2, '\\');
+		aprinter++;
+	}
+	else {
+		aprinter=handlename;
+	}
+
+	DEBUGADD(5,("searching for [%s] (len=%d)\n", aprinter, strlen(aprinter)));
+
+	/*
+	 * The original code allowed smbd to store a printer name that
+	 * was different from the share name.  This is not possible 
+	 * anymore, so I've simplified this loop greatly.  Here
+	 * we are just verifying that the printer name is a valid
+	 * printer service defined in smb.conf
+	 *                          --jerry [Fri Feb 15 11:17:46 CST 2002] 
+	 */
+
+	for (snum=0; snum<n_services; snum++) {
+
+		if ( !(lp_snum_ok(snum) && lp_print_ok(snum) ) )
+			continue;
+		
+		fstrcpy(sname, lp_servicename(snum));
+
+		DEBUGADD(5,("share:%s\n",sname));
+		
+		if (! StrCaseCmp(sname, aprinter)) {
+			found = True;
+			break;
+		}
+
+	}
+
+		
+	if (!found) {
+		DEBUGADD(4,("Printer not found\n"));
+		return False;
+	}
+	
+	DEBUGADD(4,("set_printer_hnd_name: Printer found: %s -> %s\n", aprinter, sname));
+
+	ZERO_STRUCT(Printer->dev.handlename);
+	fstrcpy(Printer->dev.handlename, sname);
+
+	return True;
+}
+
+/****************************************************************************
+ Find first available printer slot. creates a printer handle for you.
+ ****************************************************************************/
+
+static BOOL open_printer_hnd(pipes_struct *p, POLICY_HND *hnd, char *name, uint32 access_granted)
+{
+	Printer_entry *new_printer;
+
+	DEBUG(10,("open_printer_hnd: name [%s]\n", name));
+
+	if((new_printer=(Printer_entry *)malloc(sizeof(Printer_entry))) == NULL)
+		return False;
+
+	ZERO_STRUCTP(new_printer);
+	
+	new_printer->notify.option=NULL;
+				
+	/* Add to the internal list. */
+	DLIST_ADD(printers_list, new_printer);
+
+	if (!create_policy_hnd(p, hnd, free_printer_entry, new_printer)) {
+		SAFE_FREE(new_printer);
+		return False;
+	}
+
+	if (!set_printer_hnd_printertype(new_printer, name)) {
+		close_printer_handle(p, hnd);
+		return False;
+	}
+	
+	if (!set_printer_hnd_name(new_printer, name)) {
+		close_printer_handle(p, hnd);
+		return False;
+	}
+
+	new_printer->access_granted = access_granted;
+
+	DEBUG(5, ("%d printer handles active\n", (int)p->pipe_handles->count ));
+
+	return True;
+}
+
+/****************************************************************************
+ Allocate more memory for a BUFFER.
+****************************************************************************/
+
+static BOOL alloc_buffer_size(NEW_BUFFER *buffer, uint32 buffer_size)
+{
+	prs_struct *ps;
+	uint32 extra_space;
+	uint32 old_offset;
+	
+	ps= &buffer->prs;
+
+	/* damn, I'm doing the reverse operation of prs_grow() :) */
+	if (buffer_size < prs_data_size(ps))
+		extra_space=0;
+	else	
+		extra_space = buffer_size - prs_data_size(ps);
+
+	/*
+	 * save the offset and move to the end of the buffer
+	 * prs_grow() checks the extra_space against the offset
+	 */
+	old_offset=prs_offset(ps);	
+	prs_set_offset(ps, prs_data_size(ps));
+	
+	if (!prs_grow(ps, extra_space))
+		return False;
+
+	prs_set_offset(ps, old_offset);
+
+	buffer->string_at_end=prs_data_size(ps);
+
+	return True;
+}
+/***************************************************************************
+ Always give preference Printer_entry.notify.option over 
+ Printer_entry.notify.flags.  Return True if we should send notification 
+ events using SPOOLSS_RRPCN.  False means that we should use 
+ SPOOLSS_ROUTERREPLYPRINTER.
+ **************************************************************************/
+static BOOL valid_notify_options(Printer_entry *printer)
+{
+	if (printer->notify.option == NULL)
+		return False;
+		
+	return True;
+}
+
+/***************************************************************************
+ Simple check to see if the client motify handle is set to watch for events
+ represented by 'flags'
+ 
+ FIXME!!!! only a stub right now     --jerry
+ **************************************************************************/
+ 
+static BOOL is_client_monitoring_event(Printer_entry *p, uint32 flags)
+{
+
+	return True;
+}
+
+/***************************************************************************
+ Server wrapper for cli_spoolss_routerreplyprinter() since the client 
+ function can only send a single change notification at a time.
+ 
+ FIXME!!!  only handles one change currently (PRINTER_CHANGE_SET_PRINTER_DRIVER)
+ --jerry
+ **************************************************************************/
+ 
+static WERROR srv_spoolss_routerreplyprinter (struct cli_state *reply_cli, TALLOC_CTX *mem_ctx,
+					POLICY_HND *pol, PRINTER_MESSAGE_INFO *info,
+					NT_PRINTER_INFO_LEVEL *printer)				
+{
+	WERROR result;
+	uint32 condition = 0x0;
+	
+	if (info->flags & PRINTER_MESSAGE_DRIVER)
+		condition = PRINTER_CHANGE_SET_PRINTER_DRIVER;
+	
+	result = cli_spoolss_routerreplyprinter(reply_cli, mem_ctx, pol, condition, 
+			printer->info_2->changeid);
+
+	return result;
+}
+
+/***********************************************************************
+ Wrapper around the decision of which RPC use to in the change 
+ notification
+ **********************************************************************/
+ 
+static WERROR srv_spoolss_send_event_to_client(Printer_entry* Printer, 
+	struct cli_state *send_cli,	PRINTER_MESSAGE_INFO *msg, 
+	NT_PRINTER_INFO_LEVEL *info)
+{
+	WERROR result;
+	
+	if (valid_notify_options(Printer)) {
+		/* This is a single call that can send information about multiple changes */
+		if (Printer->printer_type == PRINTER_HANDLE_IS_PRINTSERVER)
+			msg->flags |= PRINTER_MESSAGE_ATTRIBUTES;
+
+		result = cli_spoolss_reply_rrpcn(send_cli, send_cli->mem_ctx, &Printer->notify.client_hnd, 
+				msg, info);
+	}
+	else {
+		/* This requires that the server send an individual event notification for each change */
+		result = srv_spoolss_routerreplyprinter(send_cli, send_cli->mem_ctx, &Printer->notify.client_hnd, 
+				msg, info);
+	}
+	
+	return result;
+}
+
+
+/***********************************************************************
+ Send a change notication message on all handles which have a call 
+ back registered
+ **********************************************************************/
+
+static void send_spoolss_event_notification(PRINTER_MESSAGE_INFO *msg)
+{
+	Printer_entry *find_printer;
+	WERROR result;
+	NT_PRINTER_INFO_LEVEL *printer = NULL;
+
+	if (!msg) {
+		DEBUG(0,("send_spoolss_event_notification: NULL msg pointer!\n"));
+		return;
+	}
+
+	for(find_printer = printers_list; find_printer; find_printer = find_printer->next) {
+
+		/*
+		 * If the entry has a connected client we send the message. There should 
+		 * only be one of these normally when dealing with the NT/2k spooler.
+		 * However, iterate over all to make sure we deal with user applications
+		 * in addition to spooler service.
+		 *
+		 * While we are only maintaining a single connection to the client, 
+		 * the FindFirstPrinterChangeNotification() call is made on a printer 
+		 * handle, so "client_connected" represents the whether or not the 
+		 * client asked for change notication on this handle.
+		 * 
+		 * --jerry
+		 */
+
+		if (find_printer->notify.client_connected==True) {
+		
+			/* does the client care about what changed? */
+
+			if (msg->flags && !is_client_monitoring_event(find_printer, msg->flags)) {
+				DEBUG(10,("send_spoolss_event_notification: Client [%s] not monitoring these events\n",
+					find_printer->client.machine)); 
+				continue;
+			}
+
+			if (find_printer->printer_type == PRINTER_HANDLE_IS_PRINTSERVER)
+				DEBUG(10,("send_spoolss_event_notification: printserver [%s]\n", find_printer->dev.printerservername ));
+			else
+				DEBUG(10,("send_spoolss_event_notification: printer [%s]\n", find_printer->dev.handlename));
+
+			/*
+			 * if handle is a printer, only send if the printer_name matches.
+			 * ...else if handle is a printerserver, send to all
+			 */
+
+			if (*msg->printer_name && (find_printer->printer_type==PRINTER_HANDLE_IS_PRINTER) 
+				&& !strequal(msg->printer_name, find_printer->dev.handlename)) 
+			{
+				DEBUG(10,("send_spoolss_event_notification: ignoring message sent to %s [%s]\n",
+					msg->printer_name, find_printer->dev.handlename ));
+				continue;
+			}
+
+
+			/* lookup the printer if we have a name if we don't already have a 
+			   valid NT_PRINTER_INFO_LEVEL structure. And yes I'm assuming we 
+			   will always have a non-empty msg.printer_name */
+				   
+			if (!printer || !printer->info_2 || strcmp(msg->printer_name, printer->info_2->printername)) 
+			{
+			
+				if (printer) {
+					free_a_printer(&printer, 2);
+					printer = NULL;
+				}
+					
+				result = get_a_printer(&printer, 2, msg->printer_name);
+				if (!W_ERROR_IS_OK(result))
+					continue;
+			}
+
+			/* issue the client call */
+
+			result = srv_spoolss_send_event_to_client(find_printer, &cli, msg, printer);
+			
+			if (!W_ERROR_IS_OK(result)) {
+				DEBUG(5,("send_spoolss_event_notification: Event notification failed [%s]\n",
+					dos_errstr(result)));
+		}
+	}
+}
+
+	return;
+}
+/***************************************************************************
+ Receive the notify message and decode the message.  Do not send 
+ notification if we sent this originally as that would result in 
+ duplicates.
+****************************************************************************/
+
+static void srv_spoolss_receive_message(int msg_type, pid_t src, void *buf, size_t len)
+{
+	PRINTER_MESSAGE_INFO msg;
+	
+	if (len < sizeof(msg)) {
+		DEBUG(2,("srv_spoolss_receive_message: got incorrect message size (%u)!\n", (unsigned int)len));
+		return;
+	}
+
+	memcpy(&msg, buf, sizeof(PRINTER_MESSAGE_INFO));
+	
+	DEBUG(10,("srv_spoolss_receive_message: Got message printer change [queue = %s] low=0x%x  high=0x%x flags=0x%x\n",
+		msg.printer_name, (unsigned int)msg.low, (unsigned int)msg.high, msg.flags ));
+
+	/* Iterate the printer list */
+	
+	send_spoolss_event_notification(&msg);
+	
+}
+
+/***************************************************************************
+ Send a notify event.
+****************************************************************************/
+
+static BOOL srv_spoolss_sendnotify(char* printer_name, uint32 high, uint32 low, uint32 flags)
+{
+	char msg[sizeof(PRINTER_MESSAGE_INFO)];
+	PRINTER_MESSAGE_INFO info;
+	
+	ZERO_STRUCT(info);
+
+	info.low 	= low;
+	info.high	= high;
+	info.flags	= flags;
+	fstrcpy(info.printer_name, printer_name);
+	
+	memcpy(msg, &info, sizeof(PRINTER_MESSAGE_INFO));	
+
+	DEBUG(10,("srv_spoolss_sendnotify: printer change low=0x%x  high=0x%x [%s], flags=0x%x\n", 
+		low, high, printer_name, flags));
+		
+	message_send_all(conn_tdb_ctx(), MSG_PRINTER_NOTIFY, msg, sizeof(PRINTER_MESSAGE_INFO), 
+		False, NULL);
+
+	return True;
+}	
+
+/********************************************************************
+ Copy routines used by convert_to_openprinterex()
+ *******************************************************************/
+
+static DEVICEMODE* dup_devicemode(TALLOC_CTX *ctx, DEVICEMODE *devmode)
+{
+	DEVICEMODE *d;
+	int len;
+
+	if (!devmode)
+		return NULL;
+		
+	DEBUG (8,("dup_devmode\n"));
+	
+	/* bulk copy first */
+	
+	d = talloc_memdup(ctx, devmode, sizeof(DEVICEMODE));
+	if (!d)
+		return NULL;
+		
+	/* dup the pointer members separately */
+	
+	len = unistrlen(devmode->devicename.buffer);
+	if (len != -1) {
+		d->devicename.buffer = talloc(ctx, len*2);
+		if (unistrcpy(d->devicename.buffer, devmode->devicename.buffer) != len)
+			return NULL;
+	}
+		
+
+	len = unistrlen(devmode->formname.buffer);
+	if (len != -1) {
+		d->devicename.buffer = talloc(ctx, len*2);
+		if (unistrcpy(d->formname.buffer, devmode->formname.buffer) != len)
+			return NULL;
+	}
+
+	d->private = talloc_memdup(ctx, devmode->private, devmode->driverextra);
+	
+	return d;
+}
+
+static void copy_devmode_ctr(TALLOC_CTX *ctx, DEVMODE_CTR *new_ctr, DEVMODE_CTR *ctr)
+{
+	if (!new_ctr || !ctr)
+		return;
+		
+	DEBUG(8,("copy_devmode_ctr\n"));
+	
+	new_ctr->size = ctr->size;
+	new_ctr->devmode_ptr = ctr->devmode_ptr;
+	
+	if(ctr->devmode_ptr)
+		new_ctr->devmode = dup_devicemode(ctx, ctr->devmode);
+}
+
+static void copy_printer_default(TALLOC_CTX *ctx, PRINTER_DEFAULT *new_def, PRINTER_DEFAULT *def)
+{
+	if (!new_def || !def)
+		return;
+	
+	DEBUG(8,("copy_printer_defaults\n"));
+	
+	new_def->datatype_ptr = def->datatype_ptr;
+	
+	if (def->datatype_ptr)
+		copy_unistr2(&new_def->datatype, &def->datatype);
+	
+	copy_devmode_ctr(ctx, &new_def->devmode_cont, &def->devmode_cont);
+	
+	new_def->access_required = def->access_required;
+}
+
+/********************************************************************
+ * Convert a SPOOL_Q_OPEN_PRINTER structure to a 
+ * SPOOL_Q_OPEN_PRINTER_EX structure
+ ********************************************************************/
+
+static void convert_to_openprinterex(TALLOC_CTX *ctx, SPOOL_Q_OPEN_PRINTER_EX *q_u_ex, SPOOL_Q_OPEN_PRINTER *q_u)
+{
+	if (!q_u_ex || !q_u)
+		return;
+
+	DEBUG(8,("convert_to_openprinterex\n"));
+				
+	q_u_ex->printername_ptr = q_u->printername_ptr;
+	
+	if (q_u->printername_ptr)
+		copy_unistr2(&q_u_ex->printername, &q_u->printername);
+	
+	copy_printer_default(ctx, &q_u_ex->printer_default, &q_u->printer_default);
+}
+
+/********************************************************************
+ * spoolss_open_printer
+ *
+ * called from the spoolss dispatcher
+ ********************************************************************/
+
+WERROR _spoolss_open_printer(pipes_struct *p, SPOOL_Q_OPEN_PRINTER *q_u, SPOOL_R_OPEN_PRINTER *r_u)
+{
+	SPOOL_Q_OPEN_PRINTER_EX q_u_ex;
+	SPOOL_R_OPEN_PRINTER_EX r_u_ex;
+	
+	if (!q_u || !r_u)
+		return WERR_NOMEM;
+	
+	ZERO_STRUCT(q_u_ex);
+	ZERO_STRUCT(r_u_ex);
+	
+	/* convert the OpenPrinter() call to OpenPrinterEx() */
+	
+	convert_to_openprinterex(p->mem_ctx, &q_u_ex, q_u);
+	
+	r_u_ex.status = _spoolss_open_printer_ex(p, &q_u_ex, &r_u_ex);
+	
+	/* convert back to OpenPrinter() */
+	
+	memcpy(r_u, &r_u_ex, sizeof(*r_u));
+	
+	return r_u->status;
+}
+
+/********************************************************************
+ * spoolss_open_printer
+ *
+ * called from the spoolss dispatcher
+ ********************************************************************/
+
+WERROR _spoolss_open_printer_ex( pipes_struct *p, SPOOL_Q_OPEN_PRINTER_EX *q_u, SPOOL_R_OPEN_PRINTER_EX *r_u)
+{
+	UNISTR2 *printername = NULL;
+	PRINTER_DEFAULT *printer_default = &q_u->printer_default;
+/*	uint32 user_switch = q_u->user_switch; - notused */
+/*	SPOOL_USER_CTR user_ctr = q_u->user_ctr; - notused */
+	POLICY_HND *handle = &r_u->handle;
+
+	fstring name;
+	int snum;
+	struct current_user user;
+	Printer_entry *Printer=NULL;
+
+	if (q_u->printername_ptr != 0)
+		printername = &q_u->printername;
+
+	if (printername == NULL)
+		return WERR_INVALID_PRINTER_NAME;
+
+	/* some sanity check because you can open a printer or a print server */
+	/* aka: \\server\printer or \\server */
+	unistr2_to_ascii(name, printername, sizeof(name)-1);
+
+	DEBUGADD(3,("checking name: %s\n",name));
+
+	if (!open_printer_hnd(p, handle, name, 0))
+		return WERR_INVALID_PRINTER_NAME;
+	
+	Printer=find_printer_index_by_hnd(p, handle);
+	if (!Printer) {
+		DEBUG(0,(" _spoolss_open_printer_ex: logic error. \
+Can't find printer handle we created for printer %s\n", name ));
+		close_printer_handle(p,handle);
+		return WERR_INVALID_PRINTER_NAME;
+	}
+
+/*
+	if (printer_default->datatype_ptr != NULL)
+	{
+		unistr2_to_ascii(datatype, printer_default->datatype, sizeof(datatype)-1);
+		set_printer_hnd_datatype(handle, datatype);
+	}
+	else
+		set_printer_hnd_datatype(handle, "");
+*/
+	
+	/*
+	   First case: the user is opening the print server:
+
+	   Disallow MS AddPrinterWizard if parameter disables it. A Win2k
+	   client 1st tries an OpenPrinterEx with access==0, MUST be allowed.
+
+	   Then both Win2k and WinNT clients try an OpenPrinterEx with
+	   SERVER_ALL_ACCESS, which we allow only if the user is root (uid=0)
+	   or if the user is listed in the smb.conf printer admin parameter.
+
+	   Then they try OpenPrinterEx with SERVER_READ which we allow. This lets the
+	   client view printer folder, but does not show the MSAPW.
+
+	   Note: this test needs code to check access rights here too. Jeremy
+	   could you look at this?
+	   
+	   
+	   Second case: the user is opening a printer:
+	   NT doesn't let us connect to a printer if the connecting user
+	   doesn't have print permission.
+
+	*/
+
+	get_current_user(&user, p);
+
+	if (Printer->printer_type == PRINTER_HANDLE_IS_PRINTSERVER) {
+		if (printer_default->access_required == 0) {
+			return WERR_OK;
+		}
+		else if ((printer_default->access_required & SERVER_ACCESS_ADMINISTER ) == SERVER_ACCESS_ADMINISTER) {
+
+			/* Printserver handles use global struct... */
+			snum = -1;
+
+			if (!lp_ms_add_printer_wizard()) {
+				close_printer_handle(p, handle);
+				return WERR_ACCESS_DENIED;
+			}
+			else if (user.uid == 0 || user_in_list(uidtoname(user.uid), lp_printer_admin(snum))) {
+				return WERR_OK;
+			} 
+			else {
+				close_printer_handle(p, handle);
+				return WERR_ACCESS_DENIED;
+			}
+		}
+	}
+	else
+	{
+		/* NT doesn't let us connect to a printer if the connecting user
+		   doesn't have print permission.  */
+
+		if (!get_printer_snum(p, handle, &snum))
+			return WERR_BADFID;
+
+		se_map_standard(&printer_default->access_required, &printer_std_mapping);
+		
+		/* map an empty access mask to the minimum access mask */
+		if (printer_default->access_required == 0x0)
+			printer_default->access_required = PRINTER_ACCESS_USE;
+
+		/*
+		 * If we are not serving the printer driver for this printer,
+		 * map PRINTER_ACCESS_ADMINISTER to PRINTER_ACCESS_USE.  This
+		 * will keep NT clients happy  --jerry	
+		 */
+		 
+		if (lp_use_client_driver(snum) 
+			&& (printer_default->access_required & PRINTER_ACCESS_ADMINISTER))
+		{
+			printer_default->access_required = PRINTER_ACCESS_USE;
+		}
+
+		if (!print_access_check(&user, snum, printer_default->access_required)) {
+			DEBUG(3, ("access DENIED for printer open\n"));
+			close_printer_handle(p, handle);
+			return WERR_ACCESS_DENIED;
+		}
+
+		if ((printer_default->access_required & SPECIFIC_RIGHTS_MASK)& ~(PRINTER_ACCESS_ADMINISTER|PRINTER_ACCESS_USE)) {
+			DEBUG(3, ("access DENIED for printer open - unknown bits\n"));
+			close_printer_handle(p, handle);
+			return WERR_ACCESS_DENIED;
+		}
+
+		if (printer_default->access_required & PRINTER_ACCESS_ADMINISTER)
+			printer_default->access_required = PRINTER_ACCESS_ADMINISTER;
+		else
+			printer_default->access_required = PRINTER_ACCESS_USE;
+
+		DEBUG(4,("Setting printer access=%x\n", printer_default->access_required));
+		Printer->access_granted = printer_default->access_required;
+
+		/*
+		 * If we have a default device pointer in the
+		 * printer_default struct, then we need to get
+		 * the printer info from the tdb and if there is
+	 	 * no default devicemode there then we do a *SET*
+		 * here ! This is insanity.... JRA.
+		 */
+
+		/*
+		 * If the openprinterex rpc call contains a devmode,
+		 * it's a per-user one. This per-user devmode is derivated
+		 * from the global devmode. Openprinterex() contains a per-user 
+		 * devmode for when you do EMF printing and spooling.
+		 * In the EMF case, the NT workstation is only doing half the job
+		 * of rendering the page. The other half is done by running the printer
+		 * driver on the server.
+		 * The EMF file doesn't contain the page description (paper size, orientation, ...).
+		 * The EMF file only contains what is to be printed on the page.
+		 * So in order for the server to know how to print, the NT client sends
+		 * a devicemode attached to the openprinterex call.
+		 * But this devicemode is short lived, it's only valid for the current print job.
+		 *
+		 * If Samba would have supported EMF spooling, this devicemode would
+		 * have been attached to the handle, to sent it to the driver to correctly
+		 * rasterize the EMF file.
+		 *
+		 * As Samba only supports RAW spooling, we only receive a ready-to-print file,
+		 * we just act as a pass-thru between windows and the printer.
+		 *
+		 * In order to know that Samba supports only RAW spooling, NT has to call
+		 * getprinter() at level 2 (attribute field) or NT has to call startdoc()
+		 * and until NT sends a RAW job, we refuse it.
+		 *
+		 * But to call getprinter() or startdoc(), you first need a valid handle,
+		 * and to get an handle you have to call openprintex(). Hence why you have
+		 * a devicemode in the openprinterex() call.
+		 *
+		 *
+		 * Differences between NT4 and NT 2000.
+		 * NT4:
+		 * ---
+		 * On NT4, you only have a global devicemode. This global devicemode can be changed
+		 * by the administrator (or by a user with enough privs). Everytime a user
+		 * wants to print, the devicemode is resetted to the default. In Word, everytime
+		 * you print, the printer's characteristics are always reset to the global devicemode.
+		 *
+		 * NT 2000:
+		 * -------
+		 * In W2K, there is the notion of per-user devicemode. The first time you use
+		 * a printer, a per-user devicemode is build from the global devicemode.
+		 * If you change your per-user devicemode, it is saved in the registry, under the
+		 * H_KEY_CURRENT_KEY sub_tree. So that everytime you print, you have your default
+		 * printer preferences available.
+		 *
+		 * To change the per-user devicemode: it's the "Printing Preferences ..." button
+		 * on the General Tab of the printer properties windows.
+		 *
+		 * To change the global devicemode: it's the "Printing Defaults..." button
+		 * on the Advanced Tab of the printer properties window.
+		 *
+		 * JFM.
+		 */
+
+
+
+#if 0
+		if (printer_default->devmode_cont.devmode != NULL) {
+			result = printer_write_default_dev( snum, printer_default);
+			if (result != 0) {
+				close_printer_handle(p, handle);
+				return result;
+			}
+		}
+#endif
+	}
+
+	return WERR_OK;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL convert_printer_info(const SPOOL_PRINTER_INFO_LEVEL *uni,
+				NT_PRINTER_INFO_LEVEL *printer, uint32 level)
+{
+	BOOL ret = True;
+
+	switch (level) {
+		case 2:
+			ret = uni_2_asc_printer_info_2(uni->info_2, &printer->info_2);
+			break;
+		default:
+			break;
+	}
+
+	return ret;
+}
+
+static BOOL convert_printer_driver_info(const SPOOL_PRINTER_DRIVER_INFO_LEVEL *uni,
+                                 	NT_PRINTER_DRIVER_INFO_LEVEL *printer, uint32 level)
+{
+	BOOL result = True;
+
+	switch (level) {
+		case 3:
+			printer->info_3=NULL;
+			if (!uni_2_asc_printer_driver_3(uni->info_3, &printer->info_3))
+				result = False;
+			break;
+		case 6:
+			printer->info_6=NULL;
+			if (!uni_2_asc_printer_driver_6(uni->info_6, &printer->info_6))
+				result = False;
+			break;
+		default:
+			break;
+	}
+
+	return result;
+}
+
+BOOL convert_devicemode(char *printername, const DEVICEMODE *devmode,
+				NT_DEVICEMODE **pp_nt_devmode)
+{
+	NT_DEVICEMODE *nt_devmode = *pp_nt_devmode;
+
+	/*
+	 * Ensure nt_devmode is a valid pointer
+	 * as we will be overwriting it.
+	 */
+		
+	if (nt_devmode == NULL) {
+		DEBUG(5, ("convert_devicemode: allocating a generic devmode\n"));
+		if ((nt_devmode = construct_nt_devicemode(printername)) == NULL)
+			return False;
+	}
+
+	rpcstr_pull(nt_devmode->devicename,devmode->devicename.buffer, 31, -1, 0);
+	rpcstr_pull(nt_devmode->formname,devmode->formname.buffer, 31, -1, 0);
+
+	nt_devmode->specversion=devmode->specversion;
+	nt_devmode->driverversion=devmode->driverversion;
+	nt_devmode->size=devmode->size;
+	nt_devmode->fields=devmode->fields;
+	nt_devmode->orientation=devmode->orientation;
+	nt_devmode->papersize=devmode->papersize;
+	nt_devmode->paperlength=devmode->paperlength;
+	nt_devmode->paperwidth=devmode->paperwidth;
+	nt_devmode->scale=devmode->scale;
+	nt_devmode->copies=devmode->copies;
+	nt_devmode->defaultsource=devmode->defaultsource;
+	nt_devmode->printquality=devmode->printquality;
+	nt_devmode->color=devmode->color;
+	nt_devmode->duplex=devmode->duplex;
+	nt_devmode->yresolution=devmode->yresolution;
+	nt_devmode->ttoption=devmode->ttoption;
+	nt_devmode->collate=devmode->collate;
+
+	nt_devmode->logpixels=devmode->logpixels;
+	nt_devmode->bitsperpel=devmode->bitsperpel;
+	nt_devmode->pelswidth=devmode->pelswidth;
+	nt_devmode->pelsheight=devmode->pelsheight;
+	nt_devmode->displayflags=devmode->displayflags;
+	nt_devmode->displayfrequency=devmode->displayfrequency;
+	nt_devmode->icmmethod=devmode->icmmethod;
+	nt_devmode->icmintent=devmode->icmintent;
+	nt_devmode->mediatype=devmode->mediatype;
+	nt_devmode->dithertype=devmode->dithertype;
+	nt_devmode->reserved1=devmode->reserved1;
+	nt_devmode->reserved2=devmode->reserved2;
+	nt_devmode->panningwidth=devmode->panningwidth;
+	nt_devmode->panningheight=devmode->panningheight;
+
+	/*
+	 * Only change private and driverextra if the incoming devmode
+	 * has a new one. JRA.
+	 */
+
+	if ((devmode->driverextra != 0) && (devmode->private != NULL)) {
+		SAFE_FREE(nt_devmode->private);
+		nt_devmode->driverextra=devmode->driverextra;
+		if((nt_devmode->private=(uint8 *)malloc(nt_devmode->driverextra * sizeof(uint8))) == NULL)
+			return False;
+		memcpy(nt_devmode->private, devmode->private, nt_devmode->driverextra);
+	}
+
+	*pp_nt_devmode = nt_devmode;
+
+	return True;
+}
+
+/********************************************************************
+ * _spoolss_enddocprinter_internal.
+ ********************************************************************/
+
+static WERROR _spoolss_enddocprinter_internal(pipes_struct *p, POLICY_HND *handle)
+{
+	Printer_entry *Printer=find_printer_index_by_hnd(p, handle);
+	
+	if (!Printer) {
+		DEBUG(2,("_spoolss_enddocprinter_internal: Invalid handle (%s:%u:%u)\n", OUR_HANDLE(handle)));
+		return WERR_BADFID;
+	}
+	
+	Printer->document_started=False;
+	print_job_end(Printer->jobid,True);
+	/* error codes unhandled so far ... */
+
+	return WERR_OK;
+}
+
+/********************************************************************
+ * api_spoolss_closeprinter
+ ********************************************************************/
+
+WERROR _spoolss_closeprinter(pipes_struct *p, SPOOL_Q_CLOSEPRINTER *q_u, SPOOL_R_CLOSEPRINTER *r_u)
+{
+	POLICY_HND *handle = &q_u->handle;
+
+	Printer_entry *Printer=find_printer_index_by_hnd(p, handle);
+
+	if (Printer && Printer->document_started)
+		_spoolss_enddocprinter_internal(p, handle);          /* print job was not closed */
+
+	if (!close_printer_handle(p, handle))
+		return WERR_BADFID;	
+		
+	/* clear the returned printer handle.  Observed behavior 
+	   from Win2k server.  Don't think this really matters.
+	   Previous code just copied the value of the closed
+	   handle.    --jerry */
+
+	memset(&r_u->handle, '\0', sizeof(r_u->handle));
+
+	return WERR_OK;
+}
+
+/********************************************************************
+ * api_spoolss_deleteprinter
+
+ ********************************************************************/
+
+WERROR _spoolss_deleteprinter(pipes_struct *p, SPOOL_Q_DELETEPRINTER *q_u, SPOOL_R_DELETEPRINTER *r_u)
+{
+	POLICY_HND *handle = &q_u->handle;
+	Printer_entry *Printer=find_printer_index_by_hnd(p, handle);
+	WERROR result;
+
+	if (Printer && Printer->document_started)
+		_spoolss_enddocprinter_internal(p, handle);  /* print job was not closed */
+
+	memcpy(&r_u->handle, &q_u->handle, sizeof(r_u->handle));
+
+	result = delete_printer_handle(p, handle);
+
+	update_c_setprinter(False);
+
+	if (W_ERROR_IS_OK(result)) {
+		srv_spoolss_sendnotify(Printer->dev.handlename, 0, PRINTER_CHANGE_DELETE_PRINTER, 0x0);
+	}
+		
+	return result;
+}
+
+/*******************************************************************
+ * static function to lookup the version id corresponding to an
+ * long architecture string
+ ******************************************************************/
+
+static int get_version_id (char * arch)
+{
+	int i;
+	struct table_node archi_table[]= {
+ 
+	        {"Windows 4.0",          "WIN40",       0 },
+	        {"Windows NT x86",       "W32X86",      2 },
+	        {"Windows NT R4000",     "W32MIPS",     2 },	
+	        {"Windows NT Alpha_AXP", "W32ALPHA",    2 },
+	        {"Windows NT PowerPC",   "W32PPC",      2 },
+	        {NULL,                   "",            -1 }
+	};
+ 
+	for (i=0; archi_table[i].long_archi != NULL; i++)
+	{
+		if (strcmp(arch, archi_table[i].long_archi) == 0)
+			return (archi_table[i].version);
+        }
+	
+	return -1;
+}
+
+/********************************************************************
+ * _spoolss_deleteprinterdriver
+ *
+ * We currently delete the driver for the architecture only.
+ * This can leave the driver for other archtectures.  However,
+ * since every printer associates a "Windows NT x86" driver name
+ * and we cannot delete that one while it is in use, **and** since
+ * it is impossible to assign a driver to a Samba printer without
+ * having the "Windows NT x86" driver installed,...
+ * 
+ * ....we should not get into trouble here.  
+ *
+ *                                                      --jerry
+ ********************************************************************/
+
+WERROR _spoolss_deleteprinterdriver(pipes_struct *p, SPOOL_Q_DELETEPRINTERDRIVER *q_u, 
+				    SPOOL_R_DELETEPRINTERDRIVER *r_u)
+{
+	fstring				driver;
+	fstring				arch;
+	NT_PRINTER_DRIVER_INFO_LEVEL	info;
+	int				version;
+	 
+	unistr2_to_ascii(driver, &q_u->driver, sizeof(driver)-1 );
+	unistr2_to_ascii(arch,   &q_u->arch,   sizeof(arch)-1   );
+	
+	/* check that we have a valid driver name first */
+	if ((version=get_version_id(arch)) == -1) {
+		/* this is what NT returns */
+		return WERR_INVALID_ENVIRONMENT;
+	}
+		
+	ZERO_STRUCT(info);
+	if (!W_ERROR_IS_OK(get_a_printer_driver(&info, 3, driver, arch, version))) {
+		return WERR_UNKNOWN_PRINTER_DRIVER;
+	}
+	
+
+	if (printer_driver_in_use(arch, driver))
+	{
+		return WERR_PRINTER_DRIVER_IN_USE;
+	}
+
+	return delete_printer_driver(info.info_3);	 
+}
+
+/********************************************************************
+ GetPrinterData on a printer server Handle.
+********************************************************************/
+
+static BOOL getprinterdata_printer_server(TALLOC_CTX *ctx, fstring value, uint32 *type, uint8 **data, uint32 *needed, uint32 in_size)
+{		
+	int i;
+	
+	DEBUG(8,("getprinterdata_printer_server:%s\n", value));
+		
+	if (!strcmp(value, "W3SvcInstalled")) {
+		*type = 0x4;
+		if((*data = (uint8 *)talloc_zero(ctx, 4*sizeof(uint8) )) == NULL)
+			return False;
+		*needed = 0x4;			
+		return True;
+	}
+
+	if (!strcmp(value, "BeepEnabled")) {
+		*type = 0x4;
+		if((*data = (uint8 *)talloc(ctx, 4*sizeof(uint8) )) == NULL)
+			return False;
+		SIVAL(*data, 0, 0x00);
+		*needed = 0x4;			
+		return True;
+	}
+
+	if (!strcmp(value, "EventLog")) {
+		*type = 0x4;
+		if((*data = (uint8 *)talloc(ctx, 4*sizeof(uint8) )) == NULL)
+			return False;
+		/* formally was 0x1b */
+		SIVAL(*data, 0, 0x0);
+		*needed = 0x4;			
+		return True;
+	}
+
+	if (!strcmp(value, "NetPopup")) {
+		*type = 0x4;
+		if((*data = (uint8 *)talloc(ctx, 4*sizeof(uint8) )) == NULL)
+			return False;
+		SIVAL(*data, 0, 0x00);
+		*needed = 0x4;
+		return True;
+	}
+
+	if (!strcmp(value, "MajorVersion")) {
+		*type = 0x4;
+		if((*data = (uint8 *)talloc(ctx, 4*sizeof(uint8) )) == NULL)
+			return False;
+		SIVAL(*data, 0, 2);
+		*needed = 0x4;
+		return True;
+	}
+
+   	if (!strcmp(value, "DefaultSpoolDirectory")) {
+		fstring string;
+
+		fstrcpy(string, string_truncate(lp_serverstring(), MAX_SERVER_STRING_LENGTH));
+		*type = 0x1;			
+		*needed = 2*(strlen(string)+1);		
+		if((*data  = (uint8 *)talloc(ctx, ((*needed > in_size) ? *needed:in_size) *sizeof(uint8))) == NULL)
+			return False;
+		memset(*data, 0, (*needed > in_size) ? *needed:in_size);
+		
+		/* it's done by hand ready to go on the wire */
+		for (i=0; i<strlen(string); i++) {
+			(*data)[2*i]=string[i];
+			(*data)[2*i+1]='\0';
+		}			
+		return True;
+	}
+
+	if (!strcmp(value, "Architecture")) {			
+		pstring string="Windows NT x86";
+		*type = 0x1;			
+		*needed = 2*(strlen(string)+1);	
+		if((*data  = (uint8 *)talloc(ctx, ((*needed > in_size) ? *needed:in_size) *sizeof(uint8))) == NULL)
+			return False;
+		memset(*data, 0, (*needed > in_size) ? *needed:in_size);
+		for (i=0; i<strlen(string); i++) {
+			(*data)[2*i]=string[i];
+			(*data)[2*i+1]='\0';
+		}			
+		return True;
+	}
+	
+	return False;
+}
+
+/********************************************************************
+ GetPrinterData on a printer Handle.
+********************************************************************/
+
+static BOOL getprinterdata_printer(pipes_struct *p, TALLOC_CTX *ctx, POLICY_HND *handle,
+				fstring value, uint32 *type,
+                        	uint8 **data, uint32 *needed, uint32 in_size )
+{
+	NT_PRINTER_INFO_LEVEL *printer = NULL;
+	int snum=0;
+	uint8 *idata=NULL;
+	uint32 len;
+	Printer_entry *Printer = find_printer_index_by_hnd(p, handle);
+	
+	DEBUG(5,("getprinterdata_printer\n"));
+
+	if (!Printer) {
+		DEBUG(2,("getprinterdata_printer: Invalid handle (%s:%u:%u).\n", OUR_HANDLE(handle)));
+		return False;
+	}
+
+	if(!get_printer_snum(p, handle, &snum))
+		return False;
+
+	if (!W_ERROR_IS_OK(get_a_printer(&printer, 2, lp_servicename(snum))))
+		return False;
+
+	if (!get_specific_param(*printer, 2, value, &idata, type, &len)) {
+		free_a_printer(&printer, 2);
+		return False;
+	}
+
+	free_a_printer(&printer, 2);
+
+	DEBUG(5,("getprinterdata_printer:allocating %d\n", in_size));
+
+	if (in_size) {
+		if((*data  = (uint8 *)talloc(ctx, in_size *sizeof(uint8) )) == NULL) {
+			return False;
+		}
+
+		memset(*data, 0, in_size *sizeof(uint8));
+		/* copy the min(in_size, len) */
+		memcpy(*data, idata, (len>in_size)?in_size:len *sizeof(uint8));
+	} else {
+		*data = NULL;
+	}
+
+	*needed = len;
+	
+	DEBUG(5,("getprinterdata_printer:copy done\n"));
+			
+	SAFE_FREE(idata);
+	
+	return True;
+}	
+
+/********************************************************************
+ * spoolss_getprinterdata
+ ********************************************************************/
+
+WERROR _spoolss_getprinterdata(pipes_struct *p, SPOOL_Q_GETPRINTERDATA *q_u, SPOOL_R_GETPRINTERDATA *r_u)
+{
+	POLICY_HND *handle = &q_u->handle;
+	UNISTR2 *valuename = &q_u->valuename;
+	uint32 in_size = q_u->size;
+	uint32 *type = &r_u->type;
+	uint32 *out_size = &r_u->size;
+	uint8 **data = &r_u->data;
+	uint32 *needed = &r_u->needed;
+
+	fstring value;
+	BOOL found=False;
+	Printer_entry *Printer = find_printer_index_by_hnd(p, handle);
+	
+	/*
+	 * Reminder: when it's a string, the length is in BYTES
+	 * even if UNICODE is negociated.
+	 *
+	 * JFM, 4/19/1999
+	 */
+
+	*out_size=in_size;
+
+	/* in case of problem, return some default values */
+	*needed=0;
+	*type=0;
+	
+	DEBUG(4,("_spoolss_getprinterdata\n"));
+	
+	if (!Printer) {
+		if((*data=(uint8 *)talloc_zero(p->mem_ctx, 4*sizeof(uint8))) == NULL)
+			return WERR_NOMEM;
+		DEBUG(2,("_spoolss_getprinterdata: Invalid handle (%s:%u:%u).\n", OUR_HANDLE(handle)));
+		return WERR_BADFID;
+	}
+	
+	unistr2_to_ascii(value, valuename, sizeof(value)-1);
+	
+	if (Printer->printer_type == PRINTER_HANDLE_IS_PRINTSERVER)
+		found=getprinterdata_printer_server(p->mem_ctx, value, type, data, needed, *out_size);
+	else
+		found= getprinterdata_printer(p, p->mem_ctx, handle, value, type, data, needed, *out_size);
+
+	if (found==False) {
+		DEBUG(5, ("value not found, allocating %d\n", *out_size));
+		/* reply this param doesn't exist */
+		if (*out_size) {
+			if((*data=(uint8 *)talloc_zero(p->mem_ctx, *out_size*sizeof(uint8))) == NULL)
+				return WERR_NOMEM;
+		} else {
+			*data = NULL;
+		}
+
+		/* error depends on handle type */
+
+		if (Printer->printer_type == PRINTER_HANDLE_IS_PRINTSERVER)
+			return WERR_INVALID_PARAM;
+		else 
+			return WERR_BADFILE;
+	}
+	
+	if (*needed > *out_size)
+		return WERR_MORE_DATA;
+	else 
+		return WERR_OK;
+}
+
+/***************************************************************************
+ Connect to the client.
+****************************************************************************/
+
+static BOOL srv_spoolss_replyopenprinter(char *printer, uint32 localprinter, uint32 type, POLICY_HND *handle)
+{
+	WERROR result;
+
+	/*
+	 * If it's the first connection, contact the client
+	 * and connect to the IPC$ share anonumously
+	 */
+	if (smb_connections==0) {
+		fstring unix_printer;
+
+		fstrcpy(unix_printer, printer+2); /* the +2 is to strip the leading 2 backslashs */
+
+		if(!spoolss_connect_to_client(&cli, unix_printer))
+			return False;
+			
+		message_register(MSG_PRINTER_NOTIFY, srv_spoolss_receive_message);
+
+	}
+
+	smb_connections++;
+
+	result = cli_spoolss_reply_open_printer(&cli, cli.mem_ctx, printer, localprinter, 
+			type, handle);
+
+	if (!W_ERROR_IS_OK(result))
+		DEBUG(5,("srv_spoolss_reply_open_printer: Client RPC returned [%s]\n",
+			dos_errstr(result)));
+
+	return (W_ERROR_IS_OK(result));	
+}
+
+/********************************************************************
+ * _spoolss_rffpcnex
+ * ReplyFindFirstPrinterChangeNotifyEx
+ *
+ * jfmxxxx: before replying OK: status=0
+ * should do a rpc call to the workstation asking ReplyOpenPrinter
+ * have to code it, later.
+ *
+ * in fact ReplyOpenPrinter is the changenotify equivalent on the spoolss pipe
+ * called from api_spoolss_rffpcnex
+ ********************************************************************/
+
+WERROR _spoolss_rffpcnex(pipes_struct *p, SPOOL_Q_RFFPCNEX *q_u, SPOOL_R_RFFPCNEX *r_u)
+{
+	POLICY_HND *handle = &q_u->handle;
+	uint32 flags = q_u->flags;
+	uint32 options = q_u->options;
+	UNISTR2 *localmachine = &q_u->localmachine;
+	uint32 printerlocal = q_u->printerlocal;
+	SPOOL_NOTIFY_OPTION *option = q_u->option;
+
+	/* store the notify value in the printer struct */
+
+	Printer_entry *Printer=find_printer_index_by_hnd(p, handle);
+
+	if (!Printer) {
+		DEBUG(2,("_spoolss_rffpcnex: Invalid handle (%s:%u:%u).\n", OUR_HANDLE(handle)));
+		return WERR_BADFID;
+	}
+
+	Printer->notify.flags=flags;
+	Printer->notify.options=options;
+	Printer->notify.printerlocal=printerlocal;
+
+	if (Printer->notify.option)
+		free_spool_notify_option(&Printer->notify.option);
+
+	Printer->notify.option=dup_spool_notify_option(option);
+
+	unistr2_to_ascii(Printer->notify.localmachine, localmachine, sizeof(Printer->notify.localmachine)-1);
+
+	/* connect to the client machine and send a ReplyOpenPrinter */
+	if(srv_spoolss_replyopenprinter(Printer->notify.localmachine,
+					Printer->notify.printerlocal, 1,
+					&Printer->notify.client_hnd))
+	{
+		Printer->notify.client_connected=True;
+	}
+
+	return WERR_OK;
+}
+
+/*******************************************************************
+ * fill a notify_info_data with the servername
+ ********************************************************************/
+
+void spoolss_notify_server_name(int snum, 
+				       SPOOL_NOTIFY_INFO_DATA *data, 
+				       print_queue_struct *queue,
+				       NT_PRINTER_INFO_LEVEL *printer,
+				       TALLOC_CTX *mem_ctx) 
+{
+	pstring temp_name, temp;
+	uint32 len;
+
+	slprintf(temp_name, sizeof(temp_name)-1, "\\\\%s", get_called_name());
+
+	len = rpcstr_push(temp, temp_name, sizeof(temp)-2, STR_TERMINATE);
+
+	data->notify_data.data.length = len / 2 - 1;
+	data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len);
+
+	if (!data->notify_data.data.string) {
+		data->notify_data.data.length = 0;
+		return;
+	}
+	
+	memcpy(data->notify_data.data.string, temp, len);
+}
+
+/*******************************************************************
+ * fill a notify_info_data with the printername (not including the servername).
+ ********************************************************************/
+
+void spoolss_notify_printer_name(int snum, 
+					SPOOL_NOTIFY_INFO_DATA *data, 
+					print_queue_struct *queue,
+					NT_PRINTER_INFO_LEVEL *printer,
+					TALLOC_CTX *mem_ctx)
+{
+	pstring temp;
+	uint32 len;
+		
+	/* the notify name should not contain the \\server\ part */
+	char *p = strrchr(printer->info_2->printername, '\\');
+
+	if (!p) {
+		p = printer->info_2->printername;
+	} else {
+		p++;
+	}
+
+	len = rpcstr_push(temp, p, sizeof(temp)-2, STR_TERMINATE);
+
+	data->notify_data.data.length = len / 2 - 1;
+	data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len);
+	
+	if (!data->notify_data.data.string) {
+		data->notify_data.data.length = 0;
+		return;
+	}
+	
+	memcpy(data->notify_data.data.string, temp, len);
+}
+
+/*******************************************************************
+ * fill a notify_info_data with the servicename
+ ********************************************************************/
+
+void spoolss_notify_share_name(int snum, 
+				      SPOOL_NOTIFY_INFO_DATA *data, 
+				      print_queue_struct *queue,
+				      NT_PRINTER_INFO_LEVEL *printer,
+				      TALLOC_CTX *mem_ctx)
+{
+	pstring temp;
+	uint32 len;
+
+	len = rpcstr_push(temp, lp_servicename(snum), sizeof(temp)-2, STR_TERMINATE);
+
+	data->notify_data.data.length = len / 2 - 1;
+	data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len);
+	
+	if (!data->notify_data.data.string) {
+		data->notify_data.data.length = 0;
+		return;
+	}
+	
+	memcpy(data->notify_data.data.string, temp, len);
+}
+
+/*******************************************************************
+ * fill a notify_info_data with the port name
+ ********************************************************************/
+
+void spoolss_notify_port_name(int snum, 
+				     SPOOL_NOTIFY_INFO_DATA *data, 
+				     print_queue_struct *queue,
+				     NT_PRINTER_INFO_LEVEL *printer,
+				     TALLOC_CTX *mem_ctx)
+{
+	pstring temp;
+	uint32 len;
+
+	/* even if it's strange, that's consistant in all the code */
+
+	len = rpcstr_push(temp, printer->info_2->portname, sizeof(temp)-2, STR_TERMINATE);
+
+	data->notify_data.data.length = len / 2 - 1;
+	data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len);
+	
+	if (!data->notify_data.data.string) {
+		data->notify_data.data.length = 0;
+		return;
+	}
+	
+	memcpy(data->notify_data.data.string, temp, len);
+}
+
+/*******************************************************************
+ * fill a notify_info_data with the printername
+ * but it doesn't exist, have to see what to do
+ ********************************************************************/
+
+void spoolss_notify_driver_name(int snum, 
+				       SPOOL_NOTIFY_INFO_DATA *data,
+				       print_queue_struct *queue,
+				       NT_PRINTER_INFO_LEVEL *printer,
+				       TALLOC_CTX *mem_ctx)
+{
+	pstring temp;
+	uint32 len;
+
+	len = rpcstr_push(temp, printer->info_2->drivername, sizeof(temp)-2, STR_TERMINATE);
+	data->notify_data.data.length = len / 2 - 1;
+	data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len);
+	
+	if (!data->notify_data.data.string) {
+		data->notify_data.data.length = 0;
+		return;
+	}
+	
+	memcpy(data->notify_data.data.string, temp, len);
+}
+
+/*******************************************************************
+ * fill a notify_info_data with the comment
+ ********************************************************************/
+
+void spoolss_notify_comment(int snum, 
+				   SPOOL_NOTIFY_INFO_DATA *data,
+				   print_queue_struct *queue,
+				   NT_PRINTER_INFO_LEVEL *printer,
+				   TALLOC_CTX *mem_ctx)
+{
+	pstring temp;
+	uint32 len;
+
+	if (*printer->info_2->comment == '\0')
+		len = rpcstr_push(temp, lp_comment(snum), sizeof(temp)-2, STR_TERMINATE);
+	else
+		len = rpcstr_push(temp, printer->info_2->comment, sizeof(temp)-2, STR_TERMINATE);
+
+	data->notify_data.data.length = len / 2 - 1;
+	data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len);
+	
+	if (!data->notify_data.data.string) {
+		data->notify_data.data.length = 0;
+		return;
+	}
+	
+	memcpy(data->notify_data.data.string, temp, len);
+}
+
+/*******************************************************************
+ * fill a notify_info_data with the comment
+ * location = "Room 1, floor 2, building 3"
+ ********************************************************************/
+
+void spoolss_notify_location(int snum, 
+				    SPOOL_NOTIFY_INFO_DATA *data,
+				    print_queue_struct *queue,
+				    NT_PRINTER_INFO_LEVEL *printer,
+				    TALLOC_CTX *mem_ctx)
+{
+	pstring temp;
+	uint32 len;
+
+	len = rpcstr_push(temp, printer->info_2->location,sizeof(temp)-2, STR_TERMINATE);
+
+	data->notify_data.data.length = len / 2 - 1;
+	data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len);
+	
+	if (!data->notify_data.data.string) {
+		data->notify_data.data.length = 0;
+		return;
+	}
+	
+	memcpy(data->notify_data.data.string, temp, len);
+}
+
+/*******************************************************************
+ * fill a notify_info_data with the device mode
+ * jfm:xxxx don't to it for know but that's a real problem !!!
+ ********************************************************************/
+
+static void spoolss_notify_devmode(int snum, 
+				   SPOOL_NOTIFY_INFO_DATA *data,
+				   print_queue_struct *queue,
+				   NT_PRINTER_INFO_LEVEL *printer,
+				   TALLOC_CTX *mem_ctx)
+{
+}
+
+/*******************************************************************
+ * fill a notify_info_data with the separator file name
+ ********************************************************************/
+
+void spoolss_notify_sepfile(int snum, 
+				   SPOOL_NOTIFY_INFO_DATA *data, 
+				   print_queue_struct *queue,
+				   NT_PRINTER_INFO_LEVEL *printer,
+				   TALLOC_CTX *mem_ctx)
+{
+	pstring temp;
+	uint32 len;
+
+	len = rpcstr_push(temp, printer->info_2->sepfile, sizeof(temp)-2, STR_TERMINATE);
+
+	data->notify_data.data.length = len / 2 - 1;
+	data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len);
+	
+	if (!data->notify_data.data.string) {
+		data->notify_data.data.length = 0;
+		return;
+	}
+	
+	memcpy(data->notify_data.data.string, temp, len);
+}
+
+/*******************************************************************
+ * fill a notify_info_data with the print processor
+ * jfm:xxxx return always winprint to indicate we don't do anything to it
+ ********************************************************************/
+
+void spoolss_notify_print_processor(int snum, 
+					   SPOOL_NOTIFY_INFO_DATA *data,
+					   print_queue_struct *queue,
+					   NT_PRINTER_INFO_LEVEL *printer,
+					   TALLOC_CTX *mem_ctx)
+{
+	pstring temp;
+	uint32 len;
+
+	len = rpcstr_push(temp,  printer->info_2->printprocessor, sizeof(temp)-2, STR_TERMINATE);
+
+	data->notify_data.data.length = len / 2 - 1;
+	data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len);
+	
+	if (!data->notify_data.data.string) {
+		data->notify_data.data.length = 0;
+		return;
+	}
+	
+	memcpy(data->notify_data.data.string, temp, len);
+}
+
+/*******************************************************************
+ * fill a notify_info_data with the print processor options
+ * jfm:xxxx send an empty string
+ ********************************************************************/
+
+void spoolss_notify_parameters(int snum, 
+				      SPOOL_NOTIFY_INFO_DATA *data,
+				      print_queue_struct *queue,
+				      NT_PRINTER_INFO_LEVEL *printer,
+				      TALLOC_CTX *mem_ctx)
+{
+	pstring temp;
+	uint32 len;
+
+	len = rpcstr_push(temp,  printer->info_2->parameters, sizeof(temp)-2, STR_TERMINATE);
+
+	data->notify_data.data.length = len / 2 - 1;
+	data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len);
+	
+	if (!data->notify_data.data.string) {
+		data->notify_data.data.length = 0;
+		return;
+	}
+	
+	memcpy(data->notify_data.data.string, temp, len);
+}
+
+/*******************************************************************
+ * fill a notify_info_data with the data type
+ * jfm:xxxx always send RAW as data type
+ ********************************************************************/
+
+void spoolss_notify_datatype(int snum, 
+				    SPOOL_NOTIFY_INFO_DATA *data,
+				    print_queue_struct *queue,
+				    NT_PRINTER_INFO_LEVEL *printer,
+				    TALLOC_CTX *mem_ctx)
+{
+	pstring temp;
+	uint32 len;
+
+	len = rpcstr_push(temp, printer->info_2->datatype, sizeof(pstring)-2, STR_TERMINATE);
+
+	data->notify_data.data.length = len / 2 - 1;
+	data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len);
+	
+	if (!data->notify_data.data.string) {
+		data->notify_data.data.length = 0;
+		return;
+	}
+	
+	memcpy(data->notify_data.data.string, temp, len);
+}
+
+/*******************************************************************
+ * fill a notify_info_data with the security descriptor
+ * jfm:xxxx send an null pointer to say no security desc
+ * have to implement security before !
+ ********************************************************************/
+
+static void spoolss_notify_security_desc(int snum, 
+					 SPOOL_NOTIFY_INFO_DATA *data,
+					 print_queue_struct *queue,
+					 NT_PRINTER_INFO_LEVEL *printer,
+					 TALLOC_CTX *mem_ctx)
+{
+	data->notify_data.data.length=0;
+	data->notify_data.data.string = NULL;
+}
+
+/*******************************************************************
+ * fill a notify_info_data with the attributes
+ * jfm:xxxx a samba printer is always shared
+ ********************************************************************/
+
+void spoolss_notify_attributes(int snum, 
+				      SPOOL_NOTIFY_INFO_DATA *data,
+				      print_queue_struct *queue,
+				      NT_PRINTER_INFO_LEVEL *printer,
+				      TALLOC_CTX *mem_ctx)
+{
+	data->notify_data.value[0] = printer->info_2->attributes;
+	data->notify_data.value[1] = 0;
+}
+
+/*******************************************************************
+ * fill a notify_info_data with the priority
+ ********************************************************************/
+
+static void spoolss_notify_priority(int snum, 
+				    SPOOL_NOTIFY_INFO_DATA *data,
+				    print_queue_struct *queue,
+				    NT_PRINTER_INFO_LEVEL *printer,
+				    TALLOC_CTX *mem_ctx)
+{
+	data->notify_data.value[0] = printer->info_2->priority;
+	data->notify_data.value[1] = 0;
+}
+
+/*******************************************************************
+ * fill a notify_info_data with the default priority
+ ********************************************************************/
+
+static void spoolss_notify_default_priority(int snum, 
+					    SPOOL_NOTIFY_INFO_DATA *data,
+					    print_queue_struct *queue,
+					    NT_PRINTER_INFO_LEVEL *printer,
+					    TALLOC_CTX *mem_ctx)
+{
+	data->notify_data.value[0] = printer->info_2->default_priority;
+	data->notify_data.value[1] = 0;
+}
+
+/*******************************************************************
+ * fill a notify_info_data with the start time
+ ********************************************************************/
+
+static void spoolss_notify_start_time(int snum, 
+				      SPOOL_NOTIFY_INFO_DATA *data,
+				      print_queue_struct *queue,
+				      NT_PRINTER_INFO_LEVEL *printer,
+				      TALLOC_CTX *mem_ctx)
+{
+	data->notify_data.value[0] = printer->info_2->starttime;
+	data->notify_data.value[1] = 0;
+}
+
+/*******************************************************************
+ * fill a notify_info_data with the until time
+ ********************************************************************/
+
+static void spoolss_notify_until_time(int snum, 
+				      SPOOL_NOTIFY_INFO_DATA *data,
+				      print_queue_struct *queue,
+				      NT_PRINTER_INFO_LEVEL *printer,
+				      TALLOC_CTX *mem_ctx)
+{
+	data->notify_data.value[0] = printer->info_2->untiltime;
+	data->notify_data.value[1] = 0;
+}
+
+/*******************************************************************
+ * fill a notify_info_data with the status
+ ********************************************************************/
+
+static void spoolss_notify_status(int snum, 
+				  SPOOL_NOTIFY_INFO_DATA *data,
+				  print_queue_struct *queue,
+				  NT_PRINTER_INFO_LEVEL *printer,
+				  TALLOC_CTX *mem_ctx)
+{
+	print_status_struct status;
+
+	print_queue_length(snum, &status);
+	data->notify_data.value[0]=(uint32) status.status;
+	data->notify_data.value[1] = 0;
+}
+
+/*******************************************************************
+ * fill a notify_info_data with the number of jobs queued
+ ********************************************************************/
+
+void spoolss_notify_cjobs(int snum, 
+				 SPOOL_NOTIFY_INFO_DATA *data,
+				 print_queue_struct *queue,
+				 NT_PRINTER_INFO_LEVEL *printer, 
+				 TALLOC_CTX *mem_ctx)
+{
+	data->notify_data.value[0] = print_queue_length(snum, NULL);
+	data->notify_data.value[1] = 0;
+}
+
+/*******************************************************************
+ * fill a notify_info_data with the average ppm
+ ********************************************************************/
+
+static void spoolss_notify_average_ppm(int snum, 
+				       SPOOL_NOTIFY_INFO_DATA *data,
+				       print_queue_struct *queue,
+				       NT_PRINTER_INFO_LEVEL *printer,
+				       TALLOC_CTX *mem_ctx)
+{
+	/* always respond 8 pages per minutes */
+	/* a little hard ! */
+	data->notify_data.value[0] = printer->info_2->averageppm;
+	data->notify_data.value[1] = 0;
+}
+
+/*******************************************************************
+ * fill a notify_info_data with username
+ ********************************************************************/
+
+static void spoolss_notify_username(int snum, 
+				    SPOOL_NOTIFY_INFO_DATA *data,
+				    print_queue_struct *queue,
+				    NT_PRINTER_INFO_LEVEL *printer,
+				    TALLOC_CTX *mem_ctx)
+{
+	pstring temp;
+	uint32 len;
+
+	len = rpcstr_push(temp, queue->fs_user, sizeof(temp)-2, STR_TERMINATE);
+
+	data->notify_data.data.length = len / 2 - 1;
+	data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len);
+	
+	if (!data->notify_data.data.string) {
+		data->notify_data.data.length = 0;
+		return;
+	}
+	
+	memcpy(data->notify_data.data.string, temp, len);
+}
+
+/*******************************************************************
+ * fill a notify_info_data with job status
+ ********************************************************************/
+
+static void spoolss_notify_job_status(int snum, 
+				      SPOOL_NOTIFY_INFO_DATA *data,
+				      print_queue_struct *queue,
+				      NT_PRINTER_INFO_LEVEL *printer,
+				      TALLOC_CTX *mem_ctx)
+{
+	data->notify_data.value[0]=nt_printj_status(queue->status);
+	data->notify_data.value[1] = 0;
+}
+
+/*******************************************************************
+ * fill a notify_info_data with job name
+ ********************************************************************/
+
+static void spoolss_notify_job_name(int snum, 
+				    SPOOL_NOTIFY_INFO_DATA *data,
+				    print_queue_struct *queue,
+				    NT_PRINTER_INFO_LEVEL *printer,
+				    TALLOC_CTX *mem_ctx)
+{
+	pstring temp;
+	uint32 len;
+
+	len = rpcstr_push(temp, queue->fs_file, sizeof(temp)-2, STR_TERMINATE);
+
+	data->notify_data.data.length = len / 2 - 1;
+	data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len);
+	
+	if (!data->notify_data.data.string) {
+		data->notify_data.data.length = 0;
+		return;
+	}
+	
+	memcpy(data->notify_data.data.string, temp, len);
+}
+
+/*******************************************************************
+ * fill a notify_info_data with job status
+ ********************************************************************/
+
+static void spoolss_notify_job_status_string(int snum, 
+					     SPOOL_NOTIFY_INFO_DATA *data,
+					     print_queue_struct *queue,
+					     NT_PRINTER_INFO_LEVEL *printer, 
+					     TALLOC_CTX *mem_ctx)
+{
+	/*
+	 * Now we're returning job status codes we just return a "" here. JRA.
+	 */
+
+	char *p = "";
+	pstring temp;
+	uint32 len;
+
+#if 0 /* NO LONGER NEEDED - JRA. 02/22/2001 */
+	p = "unknown";
+
+	switch (queue->status) {
+	case LPQ_QUEUED:
+		p = "Queued";
+		break;
+	case LPQ_PAUSED:
+		p = "";    /* NT provides the paused string */
+		break;
+	case LPQ_SPOOLING:
+		p = "Spooling";
+		break;
+	case LPQ_PRINTING:
+		p = "Printing";
+		break;
+	}
+#endif /* NO LONGER NEEDED. */
+
+	len = rpcstr_push(temp, p, sizeof(temp) - 2, STR_TERMINATE);
+
+	data->notify_data.data.length = len / 2 - 1;
+	data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len);
+	
+	if (!data->notify_data.data.string) {
+		data->notify_data.data.length = 0;
+		return;
+	}
+	
+	memcpy(data->notify_data.data.string, temp, len);
+}
+
+/*******************************************************************
+ * fill a notify_info_data with job time
+ ********************************************************************/
+
+static void spoolss_notify_job_time(int snum, 
+				    SPOOL_NOTIFY_INFO_DATA *data,
+				    print_queue_struct *queue,
+				    NT_PRINTER_INFO_LEVEL *printer,
+				    TALLOC_CTX *mem_ctx)
+{
+	data->notify_data.value[0]=0x0;
+	data->notify_data.value[1]=0;
+}
+
+/*******************************************************************
+ * fill a notify_info_data with job size
+ ********************************************************************/
+
+static void spoolss_notify_job_size(int snum, 
+				    SPOOL_NOTIFY_INFO_DATA *data,
+				    print_queue_struct *queue,
+				    NT_PRINTER_INFO_LEVEL *printer,
+				    TALLOC_CTX *mem_ctx)
+{
+	data->notify_data.value[0]=queue->size;
+	data->notify_data.value[1]=0;
+}
+
+/*******************************************************************
+ * fill a notify_info_data with page info
+ ********************************************************************/
+static void spoolss_notify_total_pages(int snum,
+				SPOOL_NOTIFY_INFO_DATA *data,
+				print_queue_struct *queue,
+				NT_PRINTER_INFO_LEVEL *printer,
+				TALLOC_CTX *mem_ctx)
+{
+	data->notify_data.value[0]=queue->page_count;
+	data->notify_data.value[1]=0;
+}
+
+/*******************************************************************
+ * fill a notify_info_data with pages printed info.
+ ********************************************************************/
+static void spoolss_notify_pages_printed(int snum,
+				SPOOL_NOTIFY_INFO_DATA *data,
+				print_queue_struct *queue,
+				NT_PRINTER_INFO_LEVEL *printer,
+				TALLOC_CTX *mem_ctx)
+{
+	data->notify_data.value[0]=0;  /* Add code when back-end tracks this */
+	data->notify_data.value[1]=0;
+}
+
+/*******************************************************************
+ Fill a notify_info_data with job position.
+ ********************************************************************/
+
+static void spoolss_notify_job_position(int snum, 
+					SPOOL_NOTIFY_INFO_DATA *data,
+					print_queue_struct *queue,
+					NT_PRINTER_INFO_LEVEL *printer,
+					TALLOC_CTX *mem_ctx)
+{
+	data->notify_data.value[0]=queue->job;
+	data->notify_data.value[1]=0;
+}
+
+/*******************************************************************
+ Fill a notify_info_data with submitted time.
+ ********************************************************************/
+
+static void spoolss_notify_submitted_time(int snum, 
+					  SPOOL_NOTIFY_INFO_DATA *data,
+					  print_queue_struct *queue,
+					  NT_PRINTER_INFO_LEVEL *printer,
+					  TALLOC_CTX *mem_ctx)
+{
+	struct tm *t;
+	uint32 len;
+	SYSTEMTIME st;
+	char *p;
+
+	t=gmtime(&queue->time);
+
+	len = sizeof(SYSTEMTIME);
+
+	data->notify_data.data.length = len;
+	data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len);
+
+	if (!data->notify_data.data.string) {
+		data->notify_data.data.length = 0;
+		return;
+	}
+	
+	make_systemtime(&st, t);
+
+	/*
+	 * Systemtime must be linearized as a set of UINT16's. 
+	 * Fix from Benjamin (Bj) Kuit bj@it.uts.edu.au
+	 */
+
+	p = (char *)data->notify_data.data.string;
+	SSVAL(p, 0, st.year);
+	SSVAL(p, 2, st.month);
+	SSVAL(p, 4, st.dayofweek);
+	SSVAL(p, 6, st.day);
+	SSVAL(p, 8, st.hour);
+        SSVAL(p, 10, st.minute);
+	SSVAL(p, 12, st.second);
+	SSVAL(p, 14, st.milliseconds);
+}
+
+#define END 65535
+
+struct s_notify_info_data_table
+{
+	uint16 type;
+	uint16 field;
+	char *name;
+	uint32 size;
+	void (*fn) (int snum, SPOOL_NOTIFY_INFO_DATA *data,
+		    print_queue_struct *queue,
+		    NT_PRINTER_INFO_LEVEL *printer, TALLOC_CTX *mem_ctx);
+};
+
+struct s_notify_info_data_table notify_info_data_table[] =
+{
+{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_SERVER_NAME,         "PRINTER_NOTIFY_SERVER_NAME",         POINTER,   spoolss_notify_server_name },
+{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_PRINTER_NAME,        "PRINTER_NOTIFY_PRINTER_NAME",        POINTER,   spoolss_notify_printer_name },
+{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_SHARE_NAME,          "PRINTER_NOTIFY_SHARE_NAME",          POINTER,   spoolss_notify_share_name },
+{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_PORT_NAME,           "PRINTER_NOTIFY_PORT_NAME",           POINTER,   spoolss_notify_port_name },
+{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_DRIVER_NAME,         "PRINTER_NOTIFY_DRIVER_NAME",         POINTER,   spoolss_notify_driver_name },
+{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_COMMENT,             "PRINTER_NOTIFY_COMMENT",             POINTER,   spoolss_notify_comment },
+{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_LOCATION,            "PRINTER_NOTIFY_LOCATION",            POINTER,   spoolss_notify_location },
+{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_DEVMODE,             "PRINTER_NOTIFY_DEVMODE",             POINTER,   spoolss_notify_devmode },
+{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_SEPFILE,             "PRINTER_NOTIFY_SEPFILE",             POINTER,   spoolss_notify_sepfile },
+{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_PRINT_PROCESSOR,     "PRINTER_NOTIFY_PRINT_PROCESSOR",     POINTER,   spoolss_notify_print_processor },
+{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_PARAMETERS,          "PRINTER_NOTIFY_PARAMETERS",          POINTER,   spoolss_notify_parameters },
+{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_DATATYPE,            "PRINTER_NOTIFY_DATATYPE",            POINTER,   spoolss_notify_datatype },
+{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_SECURITY_DESCRIPTOR, "PRINTER_NOTIFY_SECURITY_DESCRIPTOR", POINTER,   spoolss_notify_security_desc },
+{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_ATTRIBUTES,          "PRINTER_NOTIFY_ATTRIBUTES",          ONE_VALUE, spoolss_notify_attributes },
+{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_PRIORITY,            "PRINTER_NOTIFY_PRIORITY",            ONE_VALUE, spoolss_notify_priority },
+{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_DEFAULT_PRIORITY,    "PRINTER_NOTIFY_DEFAULT_PRIORITY",    ONE_VALUE, spoolss_notify_default_priority },
+{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_START_TIME,          "PRINTER_NOTIFY_START_TIME",          ONE_VALUE, spoolss_notify_start_time },
+{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_UNTIL_TIME,          "PRINTER_NOTIFY_UNTIL_TIME",          ONE_VALUE, spoolss_notify_until_time },
+{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_STATUS,              "PRINTER_NOTIFY_STATUS",              ONE_VALUE, spoolss_notify_status },
+{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_STATUS_STRING,       "PRINTER_NOTIFY_STATUS_STRING",       POINTER,   NULL },
+{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_CJOBS,               "PRINTER_NOTIFY_CJOBS",               ONE_VALUE, spoolss_notify_cjobs },
+{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_AVERAGE_PPM,         "PRINTER_NOTIFY_AVERAGE_PPM",         ONE_VALUE, spoolss_notify_average_ppm },
+{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_TOTAL_PAGES,         "PRINTER_NOTIFY_TOTAL_PAGES",         POINTER,   NULL },
+{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_PAGES_PRINTED,       "PRINTER_NOTIFY_PAGES_PRINTED",       POINTER,   NULL },
+{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_TOTAL_BYTES,         "PRINTER_NOTIFY_TOTAL_BYTES",         POINTER,   NULL },
+{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_BYTES_PRINTED,       "PRINTER_NOTIFY_BYTES_PRINTED",       POINTER,   NULL },
+{ JOB_NOTIFY_TYPE,     JOB_NOTIFY_PRINTER_NAME,            "JOB_NOTIFY_PRINTER_NAME",            POINTER,   spoolss_notify_printer_name },
+{ JOB_NOTIFY_TYPE,     JOB_NOTIFY_MACHINE_NAME,            "JOB_NOTIFY_MACHINE_NAME",            POINTER,   spoolss_notify_server_name },
+{ JOB_NOTIFY_TYPE,     JOB_NOTIFY_PORT_NAME,               "JOB_NOTIFY_PORT_NAME",               POINTER,   spoolss_notify_port_name },
+{ JOB_NOTIFY_TYPE,     JOB_NOTIFY_USER_NAME,               "JOB_NOTIFY_USER_NAME",               POINTER,   spoolss_notify_username },
+{ JOB_NOTIFY_TYPE,     JOB_NOTIFY_NOTIFY_NAME,             "JOB_NOTIFY_NOTIFY_NAME",             POINTER,   spoolss_notify_username },
+{ JOB_NOTIFY_TYPE,     JOB_NOTIFY_DATATYPE,                "JOB_NOTIFY_DATATYPE",                POINTER,   spoolss_notify_datatype },
+{ JOB_NOTIFY_TYPE,     JOB_NOTIFY_PRINT_PROCESSOR,         "JOB_NOTIFY_PRINT_PROCESSOR",         POINTER,   spoolss_notify_print_processor },
+{ JOB_NOTIFY_TYPE,     JOB_NOTIFY_PARAMETERS,              "JOB_NOTIFY_PARAMETERS",              POINTER,   spoolss_notify_parameters },
+{ JOB_NOTIFY_TYPE,     JOB_NOTIFY_DRIVER_NAME,             "JOB_NOTIFY_DRIVER_NAME",             POINTER,   spoolss_notify_driver_name },
+{ JOB_NOTIFY_TYPE,     JOB_NOTIFY_DEVMODE,                 "JOB_NOTIFY_DEVMODE",                 POINTER,   spoolss_notify_devmode },
+{ JOB_NOTIFY_TYPE,     JOB_NOTIFY_STATUS,                  "JOB_NOTIFY_STATUS",                  ONE_VALUE, spoolss_notify_job_status },
+{ JOB_NOTIFY_TYPE,     JOB_NOTIFY_STATUS_STRING,           "JOB_NOTIFY_STATUS_STRING",           POINTER,   spoolss_notify_job_status_string },
+{ JOB_NOTIFY_TYPE,     JOB_NOTIFY_SECURITY_DESCRIPTOR,     "JOB_NOTIFY_SECURITY_DESCRIPTOR",     POINTER,   NULL },
+{ JOB_NOTIFY_TYPE,     JOB_NOTIFY_DOCUMENT,                "JOB_NOTIFY_DOCUMENT",                POINTER,   spoolss_notify_job_name },
+{ JOB_NOTIFY_TYPE,     JOB_NOTIFY_PRIORITY,                "JOB_NOTIFY_PRIORITY",                ONE_VALUE, spoolss_notify_priority },
+{ JOB_NOTIFY_TYPE,     JOB_NOTIFY_POSITION,                "JOB_NOTIFY_POSITION",                ONE_VALUE, spoolss_notify_job_position },
+{ JOB_NOTIFY_TYPE,     JOB_NOTIFY_SUBMITTED,               "JOB_NOTIFY_SUBMITTED",               POINTER,   spoolss_notify_submitted_time },
+{ JOB_NOTIFY_TYPE,     JOB_NOTIFY_START_TIME,              "JOB_NOTIFY_START_TIME",              ONE_VALUE, spoolss_notify_start_time },
+{ JOB_NOTIFY_TYPE,     JOB_NOTIFY_UNTIL_TIME,              "JOB_NOTIFY_UNTIL_TIME",              ONE_VALUE, spoolss_notify_until_time },
+{ JOB_NOTIFY_TYPE,     JOB_NOTIFY_TIME,                    "JOB_NOTIFY_TIME",                    ONE_VALUE, spoolss_notify_job_time },
+{ JOB_NOTIFY_TYPE,     JOB_NOTIFY_TOTAL_PAGES,             "JOB_NOTIFY_TOTAL_PAGES",             ONE_VALUE, spoolss_notify_total_pages },
+{ JOB_NOTIFY_TYPE,     JOB_NOTIFY_PAGES_PRINTED,           "JOB_NOTIFY_PAGES_PRINTED",           ONE_VALUE, spoolss_notify_pages_printed },
+{ JOB_NOTIFY_TYPE,     JOB_NOTIFY_TOTAL_BYTES,             "JOB_NOTIFY_TOTAL_BYTES",             ONE_VALUE, spoolss_notify_job_size },
+{ JOB_NOTIFY_TYPE,     JOB_NOTIFY_BYTES_PRINTED,           "JOB_NOTIFY_BYTES_PRINTED",           ONE_VALUE, NULL },
+{ END,                 END,                                "",                                   END,       NULL }
+};
+
+/*******************************************************************
+ Return the size of info_data structure.
+********************************************************************/
+
+static uint32 size_of_notify_info_data(uint16 type, uint16 field)
+{
+	int i=0;
+
+	while (notify_info_data_table[i].type != END)
+	{
+		if ( (notify_info_data_table[i].type == type ) &&
+		     (notify_info_data_table[i].field == field ) )
+		{
+			return (notify_info_data_table[i].size);
+		}
+		i++;
+	}
+	return (65535);
+}
+
+/*******************************************************************
+ Return the type of notify_info_data.
+********************************************************************/
+
+static BOOL type_of_notify_info_data(uint16 type, uint16 field)
+{
+	int i=0;
+
+	while (notify_info_data_table[i].type != END)
+	{
+		if ( (notify_info_data_table[i].type == type ) &&
+		     (notify_info_data_table[i].field == field ) )
+		{
+			if (notify_info_data_table[i].size == POINTER)
+			{
+				return (False);
+			}
+			else
+			{
+				return (True);
+			}
+		}
+		i++;
+	}
+	return (False);
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static int search_notify(uint16 type, uint16 field, int *value)
+{	
+	int j;
+	BOOL found;
+
+	for (j=0, found=False; found==False && notify_info_data_table[j].type != END ; j++)
+	{
+		if ( (notify_info_data_table[j].type  == type  ) &&
+		     (notify_info_data_table[j].field == field ) )
+			found=True;
+	}
+	*value=--j;
+
+	if ( found && (notify_info_data_table[j].fn != NULL) )
+		return True;
+	else
+		return False;	
+}
+
+/****************************************************************************
+****************************************************************************/
+
+void construct_info_data(SPOOL_NOTIFY_INFO_DATA *info_data, uint16 type, uint16 field, int id)
+{
+	info_data->type     = type;
+	info_data->field    = field;
+	info_data->reserved = 0;
+	info_data->id       = id;
+	info_data->size     = size_of_notify_info_data(type, field);
+	info_data->enc_type = type_of_notify_info_data(type, field);
+}
+
+
+/*******************************************************************
+ *
+ * fill a notify_info struct with info asked
+ *
+ ********************************************************************/
+
+static BOOL construct_notify_printer_info(SPOOL_NOTIFY_INFO *info, int
+					  snum, SPOOL_NOTIFY_OPTION_TYPE
+					  *option_type, uint32 id,
+					  TALLOC_CTX *mem_ctx) 
+{
+	int field_num,j;
+	uint16 type;
+	uint16 field;
+
+	SPOOL_NOTIFY_INFO_DATA *current_data, *tid;
+	NT_PRINTER_INFO_LEVEL *printer = NULL;
+	print_queue_struct *queue=NULL;
+
+	type=option_type->type;
+
+	DEBUG(4,("construct_notify_printer_info: Notify type: [%s], number of notify info: [%d] on printer: [%s]\n",
+		(option_type->type==PRINTER_NOTIFY_TYPE?"PRINTER_NOTIFY_TYPE":"JOB_NOTIFY_TYPE"),
+		option_type->count, lp_servicename(snum)));
+	
+	if (!W_ERROR_IS_OK(get_a_printer(&printer, 2, lp_servicename(snum))))
+		return False;
+
+	for(field_num=0; field_num<option_type->count; field_num++) {
+		field = option_type->fields[field_num];
+		DEBUG(4,("construct_notify_printer_info: notify [%d]: type [%x], field [%x]\n", field_num, type, field));
+
+		if (!search_notify(type, field, &j) )
+			continue;
+
+		if((tid=(SPOOL_NOTIFY_INFO_DATA *)Realloc(info->data, (info->count+1)*sizeof(SPOOL_NOTIFY_INFO_DATA))) == NULL) {
+			DEBUG(2,("construct_notify_printer_info: failed to enlarge buffer info->data!\n"));
+			return False;
+		}
+		else info->data = tid;
+
+		current_data=&info->data[info->count];
+
+		construct_info_data(current_data, type, field, id);		
+
+		DEBUG(10,("construct_notify_printer_info: calling [%s]  snum=%d  printername=[%s])\n",
+				notify_info_data_table[j].name, snum, printer->info_2->printername ));
+
+		notify_info_data_table[j].fn(snum, current_data, queue,
+					     printer, mem_ctx);
+
+		info->count++;
+	}
+
+	free_a_printer(&printer, 2);
+	return True;
+}
+
+/*******************************************************************
+ *
+ * fill a notify_info struct with info asked
+ *
+ ********************************************************************/
+
+static BOOL construct_notify_jobs_info(print_queue_struct *queue,
+				       SPOOL_NOTIFY_INFO *info,
+				       NT_PRINTER_INFO_LEVEL *printer,
+				       int snum, SPOOL_NOTIFY_OPTION_TYPE
+				       *option_type, uint32 id,
+				       TALLOC_CTX *mem_ctx) 
+{
+	int field_num,j;
+	uint16 type;
+	uint16 field;
+
+	SPOOL_NOTIFY_INFO_DATA *current_data, *tid;
+	
+	DEBUG(4,("construct_notify_jobs_info\n"));
+	
+	type = option_type->type;
+
+	DEBUGADD(4,("Notify type: [%s], number of notify info: [%d]\n",
+		(option_type->type==PRINTER_NOTIFY_TYPE?"PRINTER_NOTIFY_TYPE":"JOB_NOTIFY_TYPE"),
+		option_type->count));
+
+	for(field_num=0; field_num<option_type->count; field_num++) {
+		field = option_type->fields[field_num];
+
+		if (!search_notify(type, field, &j) )
+			continue;
+
+		if((tid=Realloc(info->data, (info->count+1)*sizeof(SPOOL_NOTIFY_INFO_DATA))) == NULL) {
+			DEBUG(2,("construct_notify_jobs_info: failed to enlarg buffer info->data!\n"));
+			return False;
+		}
+		else info->data = tid;
+
+		current_data=&(info->data[info->count]);
+
+		construct_info_data(current_data, type, field, id);
+		notify_info_data_table[j].fn(snum, current_data, queue,
+					     printer, mem_ctx);
+		info->count++;
+	}
+
+	return True;
+}
+
+/*
+ * JFM: The enumeration is not that simple, it's even non obvious.
+ *
+ * let's take an example: I want to monitor the PRINTER SERVER for
+ * the printer's name and the number of jobs currently queued.
+ * So in the NOTIFY_OPTION, I have one NOTIFY_OPTION_TYPE structure.
+ * Its type is PRINTER_NOTIFY_TYPE and it has 2 fields NAME and CJOBS.
+ *
+ * I have 3 printers on the back of my server.
+ *
+ * Now the response is a NOTIFY_INFO structure, with 6 NOTIFY_INFO_DATA
+ * structures.
+ *   Number	Data			Id
+ *	1	printer 1 name		1
+ *	2	printer 1 cjob		1
+ *	3	printer 2 name		2
+ *	4	printer 2 cjob		2
+ *	5	printer 3 name		3
+ *	6	printer 3 name		3
+ *
+ * that's the print server case, the printer case is even worse.
+ */
+
+/*******************************************************************
+ *
+ * enumerate all printers on the printserver
+ * fill a notify_info struct with info asked
+ *
+ ********************************************************************/
+
+static WERROR printserver_notify_info(pipes_struct *p, POLICY_HND *hnd, 
+				      SPOOL_NOTIFY_INFO *info,
+				      TALLOC_CTX *mem_ctx)
+{
+	int snum;
+	Printer_entry *Printer=find_printer_index_by_hnd(p, hnd);
+	int n_services=lp_numservices();
+	int i;
+	uint32 id;
+	SPOOL_NOTIFY_OPTION *option;
+	SPOOL_NOTIFY_OPTION_TYPE *option_type;
+
+	DEBUG(4,("printserver_notify_info\n"));
+	
+	if (!Printer)
+		return WERR_BADFID;
+
+	option=Printer->notify.option;
+	id=1;
+	info->version=2;
+	info->data=NULL;
+	info->count=0;
+
+	for (i=0; i<option->count; i++) {
+		option_type=&(option->ctr.type[i]);
+		
+		if (option_type->type!=PRINTER_NOTIFY_TYPE)
+			continue;
+		
+		for (snum=0; snum<n_services; snum++)
+			if ( lp_browseable(snum) && lp_snum_ok(snum) && lp_print_ok(snum) )
+				if (construct_notify_printer_info
+				    (info, snum, option_type, id, mem_ctx))
+					id++;
+	}
+			
+	/*
+	 * Debugging information, don't delete.
+	 */
+	/*
+	DEBUG(1,("dumping the NOTIFY_INFO\n"));
+	DEBUGADD(1,("info->version:[%d], info->flags:[%d], info->count:[%d]\n", info->version, info->flags, info->count));
+	DEBUGADD(1,("num\ttype\tfield\tres\tid\tsize\tenc_type\n"));
+	
+	for (i=0; i<info->count; i++) {
+		DEBUGADD(1,("[%d]\t[%d]\t[%d]\t[%d]\t[%d]\t[%d]\t[%d]\n",
+		i, info->data[i].type, info->data[i].field, info->data[i].reserved,
+		info->data[i].id, info->data[i].size, info->data[i].enc_type));
+	}
+	*/
+	
+	return WERR_OK;
+}
+
+/*******************************************************************
+ *
+ * fill a notify_info struct with info asked
+ *
+ ********************************************************************/
+
+static WERROR printer_notify_info(pipes_struct *p, POLICY_HND *hnd, SPOOL_NOTIFY_INFO *info,
+				  TALLOC_CTX *mem_ctx)
+{
+	int snum;
+	Printer_entry *Printer=find_printer_index_by_hnd(p, hnd);
+	int i;
+	uint32 id;
+	SPOOL_NOTIFY_OPTION *option;
+	SPOOL_NOTIFY_OPTION_TYPE *option_type;
+	int count,j;
+	print_queue_struct *queue=NULL;
+	print_status_struct status;
+	
+	DEBUG(4,("printer_notify_info\n"));
+
+	if (!Printer)
+		return WERR_BADFID;
+
+	option=Printer->notify.option;
+	id = 0x0;
+	info->version=2;
+	info->data=NULL;
+	info->count=0;
+
+	get_printer_snum(p, hnd, &snum);
+
+	for (i=0; i<option->count; i++) {
+		option_type=&option->ctr.type[i];
+		
+		switch ( option_type->type ) {
+		case PRINTER_NOTIFY_TYPE:
+			if(construct_notify_printer_info(info, snum, 
+							 option_type, id,
+							 mem_ctx))  
+				id--;
+			break;
+			
+		case JOB_NOTIFY_TYPE: {
+			NT_PRINTER_INFO_LEVEL *printer = NULL;
+
+			count = print_queue_status(snum, &queue, &status);
+
+			if (!W_ERROR_IS_OK(get_a_printer(&printer, 2, 
+							 lp_servicename(snum))))
+				goto done;
+
+			for (j=0; j<count; j++) {
+				construct_notify_jobs_info(&queue[j], info,
+							   printer, snum,
+							   option_type,
+							   queue[j].job,
+							   mem_ctx); 
+			}
+
+			free_a_printer(&printer, 2);
+			
+		done:
+			SAFE_FREE(queue);
+			break;
+		}
+		}
+	}
+	
+	/*
+	 * Debugging information, don't delete.
+	 */
+	/*
+	DEBUG(1,("dumping the NOTIFY_INFO\n"));
+	DEBUGADD(1,("info->version:[%d], info->flags:[%d], info->count:[%d]\n", info->version, info->flags, info->count));
+	DEBUGADD(1,("num\ttype\tfield\tres\tid\tsize\tenc_type\n"));
+	
+	for (i=0; i<info->count; i++) {
+		DEBUGADD(1,("[%d]\t[%d]\t[%d]\t[%d]\t[%d]\t[%d]\t[%d]\n",
+		i, info->data[i].type, info->data[i].field, info->data[i].reserved,
+		info->data[i].id, info->data[i].size, info->data[i].enc_type));
+	}
+	*/
+	return WERR_OK;
+}
+
+/********************************************************************
+ * spoolss_rfnpcnex
+ ********************************************************************/
+
+WERROR _spoolss_rfnpcnex( pipes_struct *p, SPOOL_Q_RFNPCNEX *q_u, SPOOL_R_RFNPCNEX *r_u)
+{
+	POLICY_HND *handle = &q_u->handle;
+/*	uint32 change = q_u->change; - notused. */
+/*	SPOOL_NOTIFY_OPTION *option = q_u->option; - notused. */
+	SPOOL_NOTIFY_INFO *info = &r_u->info;
+
+	Printer_entry *Printer=find_printer_index_by_hnd(p, handle);
+	WERROR result = WERR_BADFID;
+
+	/* we always have a NOTIFY_INFO struct */
+	r_u->info_ptr=0x1;
+
+	if (!Printer) {
+		DEBUG(2,("_spoolss_rfnpcnex: Invalid handle (%s:%u:%u).\n",
+			 OUR_HANDLE(handle)));
+		goto done;
+	}
+
+	DEBUG(4,("Printer type %x\n",Printer->printer_type));
+
+	/* jfm: the change value isn't used right now.
+	 * 	we will honour it when
+	 *	a) we'll be able to send notification to the client
+	 *	b) we'll have a way to communicate between the spoolss process.
+	 *
+	 *	same thing for option->flags
+	 *	I should check for PRINTER_NOTIFY_OPTIONS_REFRESH but as
+	 *	I don't have a global notification system, I'm sending back all the
+	 *	informations even when _NOTHING_ has changed.
+	 */
+
+	/* just ignore the SPOOL_NOTIFY_OPTION */
+	
+	switch (Printer->printer_type) {
+		case PRINTER_HANDLE_IS_PRINTSERVER:
+			result = printserver_notify_info(p, handle, info, p->mem_ctx);
+			break;
+			
+		case PRINTER_HANDLE_IS_PRINTER:
+			result = printer_notify_info(p, handle, info, p->mem_ctx);
+			break;
+	}
+	
+ done:
+	return result;
+}
+
+/********************************************************************
+ * construct_printer_info_0
+ * fill a printer_info_0 struct
+ ********************************************************************/
+
+static BOOL construct_printer_info_0(PRINTER_INFO_0 *printer, int snum)
+{
+	pstring chaine;
+	int count;
+	NT_PRINTER_INFO_LEVEL *ntprinter = NULL;
+	counter_printer_0 *session_counter;
+	uint32 global_counter;
+	struct tm *t;
+	time_t setuptime;
+	print_status_struct status;
+	
+	if (!W_ERROR_IS_OK(get_a_printer(&ntprinter, 2, lp_servicename(snum))))
+		return False;
+
+	count = print_queue_length(snum, &status);
+
+	/* check if we already have a counter for this printer */	
+	session_counter = (counter_printer_0 *)ubi_dlFirst(&counter_list);
+
+	for(; session_counter; session_counter = (counter_printer_0 *)ubi_dlNext(session_counter)) {
+		if (session_counter->snum == snum)
+			break;
+	}
+
+	/* it's the first time, add it to the list */
+	if (session_counter==NULL) {
+		if((session_counter=(counter_printer_0 *)malloc(sizeof(counter_printer_0))) == NULL) {
+			free_a_printer(&ntprinter, 2);
+			return False;
+		}
+		ZERO_STRUCTP(session_counter);
+		session_counter->snum=snum;
+		session_counter->counter=0;
+		ubi_dlAddHead( &counter_list, (ubi_dlNode *)session_counter);
+	}
+	
+	/* increment it */
+	session_counter->counter++;
+	
+	/* JFM:
+	 * the global_counter should be stored in a TDB as it's common to all the clients
+	 * and should be zeroed on samba startup
+	 */
+	global_counter=session_counter->counter;
+	
+	pstrcpy(chaine,ntprinter->info_2->printername);
+
+	init_unistr(&printer->printername, chaine);
+	
+	slprintf(chaine,sizeof(chaine)-1,"\\\\%s", get_called_name());
+	init_unistr(&printer->servername, chaine);
+	
+	printer->cjobs = count;
+	printer->total_jobs = 0;
+	printer->total_bytes = 0;
+
+	setuptime = (time_t)ntprinter->info_2->setuptime;
+	t=gmtime(&setuptime);
+
+	printer->year = t->tm_year+1900;
+	printer->month = t->tm_mon+1;
+	printer->dayofweek = t->tm_wday;
+	printer->day = t->tm_mday;
+	printer->hour = t->tm_hour;
+	printer->minute = t->tm_min;
+	printer->second = t->tm_sec;
+	printer->milliseconds = 0;
+
+	printer->global_counter = global_counter;
+	printer->total_pages = 0;
+#if 0	/* JERRY */
+	printer->major_version = 0x0004; 	/* NT 4 */
+	printer->build_version = 0x0565; 	/* build 1381 */
+#else
+	printer->major_version = 0x0005; 	/* NT 5 */
+	printer->build_version = 0x0893; 	/* build 2195 */
+#endif
+	printer->unknown7 = 0x1;
+	printer->unknown8 = 0x0;
+	printer->unknown9 = 0x0;
+	printer->session_counter = session_counter->counter;
+	printer->unknown11 = 0x0;
+	printer->printer_errors = 0x0;		/* number of print failure */
+	printer->unknown13 = 0x0;
+	printer->unknown14 = 0x1;
+	printer->unknown15 = 0x024a;		/* 586 Pentium ? */
+	printer->unknown16 =  0x0;
+	printer->change_id = ntprinter->info_2->changeid; /* ChangeID in milliseconds*/
+	printer->unknown18 =  0x0;
+	printer->status = nt_printq_status(status.status);
+	printer->unknown20 =  0x0;
+	printer->c_setprinter = get_c_setprinter(); /* monotonically increasing sum of delta printer counts */
+	printer->unknown22 = 0x0;
+	printer->unknown23 = 0x6; 		/* 6  ???*/
+	printer->unknown24 = 0; 		/* unknown 24 to 26 are always 0 */
+	printer->unknown25 = 0;
+	printer->unknown26 = 0;
+	printer->unknown27 = 0;
+	printer->unknown28 = 0;
+	printer->unknown29 = 0;
+	
+	free_a_printer(&ntprinter,2);
+	return (True);	
+}
+
+/********************************************************************
+ * construct_printer_info_1
+ * fill a printer_info_1 struct
+ ********************************************************************/
+
+static BOOL construct_printer_info_1(uint32 flags, PRINTER_INFO_1 *printer, int snum)
+{
+	pstring chaine;
+	pstring chaine2;
+	NT_PRINTER_INFO_LEVEL *ntprinter = NULL;
+
+	if (!W_ERROR_IS_OK(get_a_printer(&ntprinter, 2, lp_servicename(snum))))
+		return False;
+
+	printer->flags=flags;
+
+	if (*ntprinter->info_2->comment == '\0') {
+		init_unistr(&printer->comment, lp_comment(snum));
+		slprintf(chaine,sizeof(chaine)-1,"%s,%s,%s", ntprinter->info_2->printername,
+			ntprinter->info_2->drivername, lp_comment(snum));
+	}
+	else {
+		init_unistr(&printer->comment, ntprinter->info_2->comment); /* saved comment. */
+		slprintf(chaine,sizeof(chaine)-1,"%s,%s,%s", ntprinter->info_2->printername,
+			ntprinter->info_2->drivername, ntprinter->info_2->comment);
+	}
+		
+	slprintf(chaine2,sizeof(chaine)-1,"%s", ntprinter->info_2->printername);
+
+	init_unistr(&printer->description, chaine);
+	init_unistr(&printer->name, chaine2);	
+	
+	free_a_printer(&ntprinter,2);
+
+	return True;
+}
+
+/****************************************************************************
+ Free a DEVMODE struct.
+****************************************************************************/
+
+static void free_dev_mode(DEVICEMODE *dev)
+{
+	if (dev == NULL)
+		return;
+
+		SAFE_FREE(dev->private);
+	SAFE_FREE(dev);	
+}
+
+/****************************************************************************
+ Create a DEVMODE struct. Returns malloced memory.
+****************************************************************************/
+
+static DEVICEMODE *construct_dev_mode(int snum)
+{
+	char adevice[32];
+	char aform[32];
+	NT_PRINTER_INFO_LEVEL *printer = NULL;
+	NT_DEVICEMODE *ntdevmode = NULL;
+	DEVICEMODE *devmode = NULL;
+
+	DEBUG(7,("construct_dev_mode\n"));
+	
+	DEBUGADD(8,("getting printer characteristics\n"));
+
+	if ((devmode = (DEVICEMODE *)malloc(sizeof(DEVICEMODE))) == NULL) {
+		DEBUG(2,("construct_dev_mode: malloc fail.\n"));
+		return NULL;
+	}
+
+	ZERO_STRUCTP(devmode);	
+
+	if (!W_ERROR_IS_OK(get_a_printer(&printer, 2, lp_servicename(snum))))
+		goto fail;
+
+	if (printer->info_2->devmode)
+		ntdevmode = dup_nt_devicemode(printer->info_2->devmode);
+
+	if (ntdevmode == NULL)
+		goto fail;
+
+	DEBUGADD(8,("loading DEVICEMODE\n"));
+
+	slprintf(adevice, sizeof(adevice)-1, printer->info_2->printername);
+	init_unistr(&devmode->devicename, adevice);
+
+	slprintf(aform, sizeof(aform)-1, ntdevmode->formname);
+	init_unistr(&devmode->formname, aform);
+
+	devmode->specversion      = ntdevmode->specversion;
+	devmode->driverversion    = ntdevmode->driverversion;
+	devmode->size             = ntdevmode->size;
+	devmode->driverextra      = ntdevmode->driverextra;
+	devmode->fields           = ntdevmode->fields;
+				
+	devmode->orientation      = ntdevmode->orientation;	
+	devmode->papersize        = ntdevmode->papersize;
+	devmode->paperlength      = ntdevmode->paperlength;
+	devmode->paperwidth       = ntdevmode->paperwidth;
+	devmode->scale            = ntdevmode->scale;
+	devmode->copies           = ntdevmode->copies;
+	devmode->defaultsource    = ntdevmode->defaultsource;
+	devmode->printquality     = ntdevmode->printquality;
+	devmode->color            = ntdevmode->color;
+	devmode->duplex           = ntdevmode->duplex;
+	devmode->yresolution      = ntdevmode->yresolution;
+	devmode->ttoption         = ntdevmode->ttoption;
+	devmode->collate          = ntdevmode->collate;
+	devmode->icmmethod        = ntdevmode->icmmethod;
+	devmode->icmintent        = ntdevmode->icmintent;
+	devmode->mediatype        = ntdevmode->mediatype;
+	devmode->dithertype       = ntdevmode->dithertype;
+
+	if (ntdevmode->private != NULL) {
+		if ((devmode->private=(uint8 *)memdup(ntdevmode->private, ntdevmode->driverextra)) == NULL)
+			goto fail;
+	}
+
+	free_nt_devicemode(&ntdevmode);
+	free_a_printer(&printer,2);
+
+	return devmode;
+
+  fail:
+
+	if (ntdevmode)
+		free_nt_devicemode(&ntdevmode);
+	if (printer)
+		free_a_printer(&printer,2);
+	free_dev_mode(devmode);
+
+	return NULL;
+}
+
+/********************************************************************
+ * construct_printer_info_2
+ * fill a printer_info_2 struct
+ ********************************************************************/
+
+static BOOL construct_printer_info_2(PRINTER_INFO_2 *printer, int snum)
+{
+	int count;
+	NT_PRINTER_INFO_LEVEL *ntprinter = NULL;
+
+	print_status_struct status;
+
+	if (!W_ERROR_IS_OK(get_a_printer(&ntprinter, 2, lp_servicename(snum))))
+		return False;
+		
+	count = print_queue_length(snum, &status);
+
+	init_unistr(&printer->servername, ntprinter->info_2->servername); /* servername*/
+	init_unistr(&printer->printername, ntprinter->info_2->printername);				/* printername*/
+	init_unistr(&printer->sharename, lp_servicename(snum));			/* sharename */
+	init_unistr(&printer->portname, ntprinter->info_2->portname);			/* port */	
+	init_unistr(&printer->drivername, ntprinter->info_2->drivername);	/* drivername */
+
+	if (*ntprinter->info_2->comment == '\0')
+		init_unistr(&printer->comment, lp_comment(snum));			/* comment */	
+	else
+		init_unistr(&printer->comment, ntprinter->info_2->comment); /* saved comment. */
+
+	init_unistr(&printer->location, ntprinter->info_2->location);		/* location */	
+	init_unistr(&printer->sepfile, ntprinter->info_2->sepfile);		/* separator file */
+	init_unistr(&printer->printprocessor, ntprinter->info_2->printprocessor);/* print processor */
+	init_unistr(&printer->datatype, ntprinter->info_2->datatype);		/* datatype */	
+	init_unistr(&printer->parameters, ntprinter->info_2->parameters);	/* parameters (of print processor) */	
+
+	printer->attributes = ntprinter->info_2->attributes;
+
+	printer->priority = ntprinter->info_2->priority;				/* priority */	
+	printer->defaultpriority = ntprinter->info_2->default_priority;		/* default priority */
+	printer->starttime = ntprinter->info_2->starttime;			/* starttime */
+	printer->untiltime = ntprinter->info_2->untiltime;			/* untiltime */
+	printer->status = nt_printq_status(status.status);			/* status */
+	printer->cjobs = count;							/* jobs */
+	printer->averageppm = ntprinter->info_2->averageppm;			/* average pages per minute */
+			
+	if((printer->devmode = construct_dev_mode(snum)) == NULL) {
+		DEBUG(8, ("Returning NULL Devicemode!\n"));
+	}
+
+	if (ntprinter->info_2->secdesc_buf && ntprinter->info_2->secdesc_buf->len != 0) {
+		/* steal the printer info sec_desc structure.  [badly done]. */
+		printer->secdesc = ntprinter->info_2->secdesc_buf->sec;
+		ntprinter->info_2->secdesc_buf->sec = NULL; /* Stolen memory. */
+		ntprinter->info_2->secdesc_buf->len = 0; /* Stolen memory. */
+		ntprinter->info_2->secdesc_buf->max_len = 0; /* Stolen memory. */
+	}
+	else {
+		printer->secdesc = NULL;
+	}
+
+	free_a_printer(&ntprinter, 2);
+	return True;
+}
+
+/********************************************************************
+ * construct_printer_info_3
+ * fill a printer_info_3 struct
+ ********************************************************************/
+
+static BOOL construct_printer_info_3(PRINTER_INFO_3 **pp_printer, int snum)
+{
+	NT_PRINTER_INFO_LEVEL *ntprinter = NULL;
+	PRINTER_INFO_3 *printer = NULL;
+
+	if (!W_ERROR_IS_OK(get_a_printer(&ntprinter, 2, lp_servicename(snum))))
+		return False;
+
+	*pp_printer = NULL;
+	if ((printer = (PRINTER_INFO_3 *)malloc(sizeof(PRINTER_INFO_3))) == NULL) {
+		DEBUG(2,("construct_printer_info_3: malloc fail.\n"));
+		return False;
+	}
+
+	ZERO_STRUCTP(printer);
+	
+	printer->flags = 4; /* These are the components of the SD we are returning. */
+	if (ntprinter->info_2->secdesc_buf && ntprinter->info_2->secdesc_buf->len != 0) {
+		/* steal the printer info sec_desc structure.  [badly done]. */
+		printer->secdesc = ntprinter->info_2->secdesc_buf->sec;
+
+#if 0
+		/*
+		 * Set the flags for the components we are returning.
+		 */
+
+		if (printer->secdesc->owner_sid)
+			printer->flags |= OWNER_SECURITY_INFORMATION;
+
+		if (printer->secdesc->grp_sid)
+			printer->flags |= GROUP_SECURITY_INFORMATION;
+
+		if (printer->secdesc->dacl)
+			printer->flags |= DACL_SECURITY_INFORMATION;
+
+		if (printer->secdesc->sacl)
+			printer->flags |= SACL_SECURITY_INFORMATION;
+#endif
+
+		ntprinter->info_2->secdesc_buf->sec = NULL; /* Stolen the malloced memory. */
+		ntprinter->info_2->secdesc_buf->len = 0; /* Stolen the malloced memory. */
+		ntprinter->info_2->secdesc_buf->max_len = 0; /* Stolen the malloced memory. */
+	}
+
+	free_a_printer(&ntprinter, 2);
+
+	*pp_printer = printer;
+	return True;
+}
+
+/********************************************************************
+ * construct_printer_info_4
+ * fill a printer_info_4 struct
+ ********************************************************************/
+
+static BOOL construct_printer_info_4(PRINTER_INFO_4 *printer, int snum)
+{
+	NT_PRINTER_INFO_LEVEL *ntprinter = NULL;
+
+	if (!W_ERROR_IS_OK(get_a_printer(&ntprinter, 2, lp_servicename(snum))))
+		return False;
+		
+	init_unistr(&printer->printername, ntprinter->info_2->printername);				/* printername*/
+	init_unistr(&printer->servername, ntprinter->info_2->servername); /* servername*/
+	printer->attributes = ntprinter->info_2->attributes;
+
+	free_a_printer(&ntprinter, 2);
+	return True;
+}
+
+/********************************************************************
+ * construct_printer_info_5
+ * fill a printer_info_5 struct
+ ********************************************************************/
+
+static BOOL construct_printer_info_5(PRINTER_INFO_5 *printer, int snum)
+{
+	NT_PRINTER_INFO_LEVEL *ntprinter = NULL;
+
+	if (!W_ERROR_IS_OK(get_a_printer(&ntprinter, 2, lp_servicename(snum))))
+		return False;
+		
+	init_unistr(&printer->printername, ntprinter->info_2->printername);				/* printername*/
+	init_unistr(&printer->portname, ntprinter->info_2->portname); /* portname */
+	printer->attributes = ntprinter->info_2->attributes;
+	printer->device_not_selected_timeout = 0x3a98;
+	printer->transmission_retry_timeout = 0xafc8;
+
+	free_a_printer(&ntprinter, 2);
+	return True;
+}
+
+/********************************************************************
+ Spoolss_enumprinters.
+********************************************************************/
+
+static WERROR enum_all_printers_info_1(uint32 flags, NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned)
+{
+	int snum;
+	int i;
+	int n_services=lp_numservices();
+	PRINTER_INFO_1 *tp, *printers=NULL;
+	PRINTER_INFO_1 current_prt;
+	
+	DEBUG(4,("enum_all_printers_info_1\n"));	
+
+	for (snum=0; snum<n_services; snum++) {
+		if (lp_browseable(snum) && lp_snum_ok(snum) && lp_print_ok(snum) ) {
+			DEBUG(4,("Found a printer in smb.conf: %s[%x]\n", lp_servicename(snum), snum));
+
+			if (construct_printer_info_1(flags, &current_prt, snum)) {
+				if((tp=Realloc(printers, (*returned +1)*sizeof(PRINTER_INFO_1))) == NULL) {
+					DEBUG(2,("enum_all_printers_info_1: failed to enlarge printers buffer!\n"));
+					SAFE_FREE(printers);
+					*returned=0;
+					return WERR_NOMEM;
+				}
+				else printers = tp;
+				DEBUG(4,("ReAlloced memory for [%d] PRINTER_INFO_1\n", *returned));		
+
+				memcpy(&printers[*returned], &current_prt, sizeof(PRINTER_INFO_1));
+				(*returned)++;
+			}
+		}
+	}
+		
+	/* check the required size. */	
+	for (i=0; i<*returned; i++)
+		(*needed) += spoolss_size_printer_info_1(&printers[i]);
+
+	if (!alloc_buffer_size(buffer, *needed))
+		return WERR_INSUFFICIENT_BUFFER;
+
+	/* fill the buffer with the structures */
+	for (i=0; i<*returned; i++)
+		smb_io_printer_info_1("", buffer, &printers[i], 0);	
+
+	/* clear memory */
+	SAFE_FREE(printers);
+
+	if (*needed > offered) {
+		*returned=0;
+		return WERR_INSUFFICIENT_BUFFER;
+	}
+	else
+		return WERR_OK;
+}
+
+/********************************************************************
+ enum_all_printers_info_1_local.
+*********************************************************************/
+
+static WERROR enum_all_printers_info_1_local(NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned)
+{
+	DEBUG(4,("enum_all_printers_info_1_local\n"));	
+	
+	return enum_all_printers_info_1(PRINTER_ENUM_ICON8, buffer, offered, needed, returned);
+}
+
+/********************************************************************
+ enum_all_printers_info_1_name.
+*********************************************************************/
+
+static WERROR enum_all_printers_info_1_name(fstring name, NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned)
+{
+	char *s = name;
+	
+	DEBUG(4,("enum_all_printers_info_1_name\n"));	
+	
+	if ((name[0] == '\\') && (name[1] == '\\'))
+		s = name + 2;
+		
+	if (is_myname_or_ipaddr(s)) {
+		return enum_all_printers_info_1(PRINTER_ENUM_ICON8, buffer, offered, needed, returned);
+	}
+	else
+		return WERR_INVALID_NAME;
+}
+
+/********************************************************************
+ enum_all_printers_info_1_remote.
+*********************************************************************/
+
+static WERROR enum_all_printers_info_1_remote(fstring name, NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned)
+{
+	PRINTER_INFO_1 *printer;
+	fstring printername;
+	fstring desc;
+	fstring comment;
+	DEBUG(4,("enum_all_printers_info_1_remote\n"));	
+
+	/* JFM: currently it's more a place holder than anything else.
+	 * In the spooler world there is a notion of server registration.
+	 * the print servers are registring (sp ?) on the PDC (in the same domain)
+	 *
+	 * We should have a TDB here. The registration is done thru an undocumented RPC call.
+	 */
+	
+	if((printer=(PRINTER_INFO_1 *)malloc(sizeof(PRINTER_INFO_1))) == NULL)
+		return WERR_NOMEM;
+
+	*returned=1;
+	
+	slprintf(printername, sizeof(printername)-1,"Windows NT Remote Printers!!\\\\%s", get_called_name());		
+	slprintf(desc, sizeof(desc)-1,"%s", get_called_name());
+	slprintf(comment, sizeof(comment)-1, "Logged on Domain");
+
+	init_unistr(&printer->description, desc);
+	init_unistr(&printer->name, printername);	
+	init_unistr(&printer->comment, comment);
+	printer->flags=PRINTER_ENUM_ICON3|PRINTER_ENUM_CONTAINER;
+		
+	/* check the required size. */	
+	*needed += spoolss_size_printer_info_1(printer);
+
+	if (!alloc_buffer_size(buffer, *needed)) {
+		SAFE_FREE(printer);
+		return WERR_INSUFFICIENT_BUFFER;
+	}
+
+	/* fill the buffer with the structures */
+	smb_io_printer_info_1("", buffer, printer, 0);	
+
+	/* clear memory */
+	SAFE_FREE(printer);
+
+	if (*needed > offered) {
+		*returned=0;
+		return WERR_INSUFFICIENT_BUFFER;
+	}
+	else
+		return WERR_OK;
+}
+
+/********************************************************************
+ enum_all_printers_info_1_network.
+*********************************************************************/
+
+static WERROR enum_all_printers_info_1_network(NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned)
+{
+	DEBUG(4,("enum_all_printers_info_1_network\n"));	
+	
+	return enum_all_printers_info_1(PRINTER_ENUM_UNKNOWN_8, buffer, offered, needed, returned);
+}
+
+/********************************************************************
+ * api_spoolss_enumprinters
+ *
+ * called from api_spoolss_enumprinters (see this to understand)
+ ********************************************************************/
+
+static WERROR enum_all_printers_info_2(NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned)
+{
+	int snum;
+	int i;
+	int n_services=lp_numservices();
+	PRINTER_INFO_2 *tp, *printers=NULL;
+	PRINTER_INFO_2 current_prt;
+
+	for (snum=0; snum<n_services; snum++) {
+		if (lp_browseable(snum) && lp_snum_ok(snum) && lp_print_ok(snum) ) {
+			DEBUG(4,("Found a printer in smb.conf: %s[%x]\n", lp_servicename(snum), snum));
+				
+			if (construct_printer_info_2(&current_prt, snum)) {
+				if((tp=Realloc(printers, (*returned +1)*sizeof(PRINTER_INFO_2))) == NULL) {
+					DEBUG(2,("enum_all_printers_info_2: failed to enlarge printers buffer!\n"));
+					SAFE_FREE(printers);
+					*returned = 0;
+					return WERR_NOMEM;
+				}
+				else printers = tp;
+				DEBUG(4,("ReAlloced memory for [%d] PRINTER_INFO_2\n", *returned));		
+				memcpy(&printers[*returned], &current_prt, sizeof(PRINTER_INFO_2));
+				(*returned)++;
+			}
+		}
+	}
+	
+	/* check the required size. */	
+	for (i=0; i<*returned; i++)
+		(*needed) += spoolss_size_printer_info_2(&printers[i]);
+
+	if (!alloc_buffer_size(buffer, *needed)) {
+		for (i=0; i<*returned; i++) {
+			free_devmode(printers[i].devmode);
+		}
+		SAFE_FREE(printers);
+		return WERR_INSUFFICIENT_BUFFER;
+	}
+
+	/* fill the buffer with the structures */
+	for (i=0; i<*returned; i++)
+		smb_io_printer_info_2("", buffer, &(printers[i]), 0);	
+	
+	/* clear memory */
+	for (i=0; i<*returned; i++) {
+		free_devmode(printers[i].devmode);
+	}
+	SAFE_FREE(printers);
+
+	if (*needed > offered) {
+		*returned=0;
+		return WERR_INSUFFICIENT_BUFFER;
+	}
+	else
+		return WERR_OK;
+}
+
+/********************************************************************
+ * handle enumeration of printers at level 1
+ ********************************************************************/
+
+static WERROR enumprinters_level1( uint32 flags, fstring name,
+			         NEW_BUFFER *buffer, uint32 offered,
+			         uint32 *needed, uint32 *returned)
+{
+	/* Not all the flags are equals */
+
+	if (flags & PRINTER_ENUM_LOCAL)
+		return enum_all_printers_info_1_local(buffer, offered, needed, returned);
+
+	if (flags & PRINTER_ENUM_NAME)
+		return enum_all_printers_info_1_name(name, buffer, offered, needed, returned);
+
+	if (flags & PRINTER_ENUM_REMOTE)
+		return enum_all_printers_info_1_remote(name, buffer, offered, needed, returned);
+
+	if (flags & PRINTER_ENUM_NETWORK)
+		return enum_all_printers_info_1_network(buffer, offered, needed, returned);
+
+	return WERR_OK; /* NT4sp5 does that */
+}
+
+/********************************************************************
+ * handle enumeration of printers at level 2
+ ********************************************************************/
+
+static WERROR enumprinters_level2( uint32 flags, fstring servername,
+			         NEW_BUFFER *buffer, uint32 offered,
+			         uint32 *needed, uint32 *returned)
+{
+	char *s = servername;
+
+	if (flags & PRINTER_ENUM_LOCAL) {
+			return enum_all_printers_info_2(buffer, offered, needed, returned);
+	}
+
+	if (flags & PRINTER_ENUM_NAME) {
+		if ((servername[0] == '\\') && (servername[1] == '\\'))
+			s = servername + 2;
+		if (is_myname_or_ipaddr(s))
+			return enum_all_printers_info_2(buffer, offered, needed, returned);
+		else
+			return WERR_INVALID_NAME;
+	}
+
+	if (flags & PRINTER_ENUM_REMOTE)
+		return WERR_UNKNOWN_LEVEL;
+
+	return WERR_OK;
+}
+
+/********************************************************************
+ * handle enumeration of printers at level 5
+ ********************************************************************/
+
+static WERROR enumprinters_level5( uint32 flags, fstring servername,
+			         NEW_BUFFER *buffer, uint32 offered,
+			         uint32 *needed, uint32 *returned)
+{
+/*	return enum_all_printers_info_5(buffer, offered, needed, returned);*/
+	return WERR_OK;
+}
+
+/********************************************************************
+ * api_spoolss_enumprinters
+ *
+ * called from api_spoolss_enumprinters (see this to understand)
+ ********************************************************************/
+
+WERROR _spoolss_enumprinters( pipes_struct *p, SPOOL_Q_ENUMPRINTERS *q_u, SPOOL_R_ENUMPRINTERS *r_u)
+{
+	uint32 flags = q_u->flags;
+	UNISTR2 *servername = &q_u->servername;
+	uint32 level = q_u->level;
+	NEW_BUFFER *buffer = NULL;
+	uint32 offered = q_u->offered;
+	uint32 *needed = &r_u->needed;
+	uint32 *returned = &r_u->returned;
+
+	fstring name;
+	
+	/* that's an [in out] buffer */
+	spoolss_move_buffer(q_u->buffer, &r_u->buffer);
+	buffer = r_u->buffer;
+
+	DEBUG(4,("_spoolss_enumprinters\n"));
+
+	*needed=0;
+	*returned=0;
+	
+	/*
+	 * Level 1:
+	 *	    flags==PRINTER_ENUM_NAME
+	 *	     if name=="" then enumerates all printers
+	 *	     if name!="" then enumerate the printer
+	 *	    flags==PRINTER_ENUM_REMOTE
+	 *	    name is NULL, enumerate printers
+	 * Level 2: name!="" enumerates printers, name can't be NULL
+	 * Level 3: doesn't exist
+	 * Level 4: does a local registry lookup
+	 * Level 5: same as Level 2
+	 */
+
+	unistr2_to_ascii(name, servername, sizeof(name)-1);
+	strupper(name);
+
+	switch (level) {
+	case 1:
+		return enumprinters_level1(flags, name, buffer, offered, needed, returned);
+	case 2:
+		return enumprinters_level2(flags, name, buffer, offered, needed, returned);
+	case 5:
+		return enumprinters_level5(flags, name, buffer, offered, needed, returned);
+	case 3:
+	case 4:
+		break;
+	}
+	return WERR_UNKNOWN_LEVEL;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static WERROR getprinter_level_0(int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed)
+{
+	PRINTER_INFO_0 *printer=NULL;
+
+	if((printer=(PRINTER_INFO_0*)malloc(sizeof(PRINTER_INFO_0))) == NULL)
+		return WERR_NOMEM;
+
+	construct_printer_info_0(printer, snum);
+	
+	/* check the required size. */	
+	*needed += spoolss_size_printer_info_0(printer);
+
+	if (!alloc_buffer_size(buffer, *needed)) {
+		SAFE_FREE(printer);
+		return WERR_INSUFFICIENT_BUFFER;
+	}
+
+	/* fill the buffer with the structures */
+	smb_io_printer_info_0("", buffer, printer, 0);	
+	
+	/* clear memory */
+	SAFE_FREE(printer);
+
+	if (*needed > offered) {
+		return WERR_INSUFFICIENT_BUFFER;
+	}
+
+	return WERR_OK;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static WERROR getprinter_level_1(int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed)
+{
+	PRINTER_INFO_1 *printer=NULL;
+
+	if((printer=(PRINTER_INFO_1*)malloc(sizeof(PRINTER_INFO_1))) == NULL)
+		return WERR_NOMEM;
+
+	construct_printer_info_1(PRINTER_ENUM_ICON8, printer, snum);
+	
+	/* check the required size. */	
+	*needed += spoolss_size_printer_info_1(printer);
+
+	if (!alloc_buffer_size(buffer, *needed)) {
+		SAFE_FREE(printer);
+		return WERR_INSUFFICIENT_BUFFER;
+	}
+
+	/* fill the buffer with the structures */
+	smb_io_printer_info_1("", buffer, printer, 0);	
+	
+	/* clear memory */
+	SAFE_FREE(printer);
+
+	if (*needed > offered) {
+		return WERR_INSUFFICIENT_BUFFER;
+	}
+
+	return WERR_OK;	
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static WERROR getprinter_level_2(int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed)
+{
+	PRINTER_INFO_2 *printer=NULL;
+
+	if((printer=(PRINTER_INFO_2*)malloc(sizeof(PRINTER_INFO_2)))==NULL)
+		return WERR_NOMEM;
+	
+	construct_printer_info_2(printer, snum);
+	
+	/* check the required size. */	
+	*needed += spoolss_size_printer_info_2(printer);
+
+	if (!alloc_buffer_size(buffer, *needed)) {
+		free_printer_info_2(printer);
+		return WERR_INSUFFICIENT_BUFFER;
+	}
+
+	/* fill the buffer with the structures */
+	if (!smb_io_printer_info_2("", buffer, printer, 0)) {
+		free_printer_info_2(printer);
+		return WERR_NOMEM;
+	}
+	
+	/* clear memory */
+	free_printer_info_2(printer);
+
+	if (*needed > offered) {
+		return WERR_INSUFFICIENT_BUFFER;
+	}
+
+	return WERR_OK;	
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static WERROR getprinter_level_3(int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed)
+{
+	PRINTER_INFO_3 *printer=NULL;
+
+	if (!construct_printer_info_3(&printer, snum))
+		return WERR_NOMEM;
+	
+	/* check the required size. */	
+	*needed += spoolss_size_printer_info_3(printer);
+
+	if (!alloc_buffer_size(buffer, *needed)) {
+		free_printer_info_3(printer);
+		return WERR_INSUFFICIENT_BUFFER;
+	}
+
+	/* fill the buffer with the structures */
+	smb_io_printer_info_3("", buffer, printer, 0);	
+	
+	/* clear memory */
+	free_printer_info_3(printer);
+	
+	if (*needed > offered) {
+		return WERR_INSUFFICIENT_BUFFER;
+	}
+
+	return WERR_OK;	
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static WERROR getprinter_level_4(int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed)
+{
+	PRINTER_INFO_4 *printer=NULL;
+
+	if((printer=(PRINTER_INFO_4*)malloc(sizeof(PRINTER_INFO_4)))==NULL)
+		return WERR_NOMEM;
+
+	if (!construct_printer_info_4(printer, snum))
+		return WERR_NOMEM;
+	
+	/* check the required size. */	
+	*needed += spoolss_size_printer_info_4(printer);
+
+	if (!alloc_buffer_size(buffer, *needed)) {
+		free_printer_info_4(printer);
+		return WERR_INSUFFICIENT_BUFFER;
+	}
+
+	/* fill the buffer with the structures */
+	smb_io_printer_info_4("", buffer, printer, 0);	
+	
+	/* clear memory */
+	free_printer_info_4(printer);
+	
+	if (*needed > offered) {
+		return WERR_INSUFFICIENT_BUFFER;
+	}
+
+	return WERR_OK;	
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static WERROR getprinter_level_5(int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed)
+{
+	PRINTER_INFO_5 *printer=NULL;
+
+	if((printer=(PRINTER_INFO_5*)malloc(sizeof(PRINTER_INFO_5)))==NULL)
+		return WERR_NOMEM;
+
+	if (!construct_printer_info_5(printer, snum))
+		return WERR_NOMEM;
+	
+	/* check the required size. */	
+	*needed += spoolss_size_printer_info_5(printer);
+
+	if (!alloc_buffer_size(buffer, *needed)) {
+		free_printer_info_5(printer);
+		return WERR_INSUFFICIENT_BUFFER;
+	}
+
+	/* fill the buffer with the structures */
+	smb_io_printer_info_5("", buffer, printer, 0);	
+	
+	/* clear memory */
+	free_printer_info_5(printer);
+	
+	if (*needed > offered) {
+		return WERR_INSUFFICIENT_BUFFER;
+	}
+
+	return WERR_OK;	
+}
+
+/****************************************************************************
+****************************************************************************/
+
+WERROR _spoolss_getprinter(pipes_struct *p, SPOOL_Q_GETPRINTER *q_u, SPOOL_R_GETPRINTER *r_u)
+{
+	POLICY_HND *handle = &q_u->handle;
+	uint32 level = q_u->level;
+	NEW_BUFFER *buffer = NULL;
+	uint32 offered = q_u->offered;
+	uint32 *needed = &r_u->needed;
+
+	int snum;
+
+	/* that's an [in out] buffer */
+	spoolss_move_buffer(q_u->buffer, &r_u->buffer);
+	buffer = r_u->buffer;
+
+	*needed=0;
+
+	if (!get_printer_snum(p, handle, &snum))
+		return WERR_BADFID;
+
+	switch (level) {
+	case 0:
+		return getprinter_level_0(snum, buffer, offered, needed);
+	case 1:
+		return getprinter_level_1(snum, buffer, offered, needed);
+	case 2:		
+		return getprinter_level_2(snum, buffer, offered, needed);
+	case 3:		
+		return getprinter_level_3(snum, buffer, offered, needed);
+	case 4:		
+		return getprinter_level_4(snum, buffer, offered, needed);
+	case 5:		
+		return getprinter_level_5(snum, buffer, offered, needed);
+	}
+	return WERR_UNKNOWN_LEVEL;
+}	
+		
+/********************************************************************
+ * fill a DRIVER_INFO_1 struct
+ ********************************************************************/
+
+static void fill_printer_driver_info_1(DRIVER_INFO_1 *info, NT_PRINTER_DRIVER_INFO_LEVEL driver, fstring servername, fstring architecture)
+{
+	init_unistr( &info->name, driver.info_3->name);
+}
+
+/********************************************************************
+ * construct_printer_driver_info_1
+ ********************************************************************/
+
+static WERROR construct_printer_driver_info_1(DRIVER_INFO_1 *info, int snum, fstring servername, fstring architecture, uint32 version)
+{	
+	NT_PRINTER_INFO_LEVEL *printer = NULL;
+	NT_PRINTER_DRIVER_INFO_LEVEL driver;
+
+	ZERO_STRUCT(driver);
+
+	if (!W_ERROR_IS_OK(get_a_printer(&printer, 2, lp_servicename(snum))))
+		return WERR_INVALID_PRINTER_NAME;
+
+	if (!W_ERROR_IS_OK(get_a_printer_driver(&driver, 3, printer->info_2->drivername, architecture, version)))
+		return WERR_UNKNOWN_PRINTER_DRIVER;
+
+	fill_printer_driver_info_1(info, driver, servername, architecture);
+
+	free_a_printer(&printer,2);
+
+	return WERR_OK;
+}
+
+/********************************************************************
+ * construct_printer_driver_info_2
+ * fill a printer_info_2 struct
+ ********************************************************************/
+
+static void fill_printer_driver_info_2(DRIVER_INFO_2 *info, NT_PRINTER_DRIVER_INFO_LEVEL driver, fstring servername)
+{
+	pstring temp;
+
+	info->version=driver.info_3->cversion;
+
+	init_unistr( &info->name, driver.info_3->name );
+	init_unistr( &info->architecture, driver.info_3->environment );
+
+
+    if (strlen(driver.info_3->driverpath)) {
+		slprintf(temp, sizeof(temp)-1, "\\\\%s%s", servername, driver.info_3->driverpath);
+		init_unistr( &info->driverpath, temp );
+    } else
+        init_unistr( &info->driverpath, "" );
+
+	if (strlen(driver.info_3->datafile)) {
+		slprintf(temp, sizeof(temp)-1, "\\\\%s%s", servername, driver.info_3->datafile);
+		init_unistr( &info->datafile, temp );
+	} else
+		init_unistr( &info->datafile, "" );
+	
+	if (strlen(driver.info_3->configfile)) {
+		slprintf(temp, sizeof(temp)-1, "\\\\%s%s", servername, driver.info_3->configfile);
+		init_unistr( &info->configfile, temp );	
+	} else
+		init_unistr( &info->configfile, "" );
+}
+
+/********************************************************************
+ * construct_printer_driver_info_2
+ * fill a printer_info_2 struct
+ ********************************************************************/
+
+static WERROR construct_printer_driver_info_2(DRIVER_INFO_2 *info, int snum, fstring servername, fstring architecture, uint32 version)
+{
+	NT_PRINTER_INFO_LEVEL *printer = NULL;
+	NT_PRINTER_DRIVER_INFO_LEVEL driver;
+
+	ZERO_STRUCT(printer);
+	ZERO_STRUCT(driver);
+
+	if (!W_ERROR_IS_OK(get_a_printer(&printer, 2, lp_servicename(snum))))
+		return WERR_INVALID_PRINTER_NAME;
+
+	if (!W_ERROR_IS_OK(get_a_printer_driver(&driver, 3, printer->info_2->drivername, architecture, version)))
+		return WERR_UNKNOWN_PRINTER_DRIVER;
+
+	fill_printer_driver_info_2(info, driver, servername);
+
+	free_a_printer(&printer,2);
+
+	return WERR_OK;
+}
+
+/********************************************************************
+ * copy a strings array and convert to UNICODE
+ *
+ * convert an array of ascii string to a UNICODE string
+ ********************************************************************/
+
+static void init_unistr_array(uint16 **uni_array, fstring *char_array, char *servername)
+{
+	int i=0;
+	int j=0;
+	char *v;
+	pstring line;
+	uint16 *tuary;
+
+	DEBUG(6,("init_unistr_array\n"));
+	*uni_array=NULL;
+
+	while (1) {
+		if (char_array == NULL)
+			v = "";
+		else {
+			v = char_array[i];
+			if (!v) v = ""; /* hack to handle null lists */
+		}
+		if (strlen(v) == 0) break;
+		slprintf(line, sizeof(line)-1, "\\\\%s%s", servername, v);
+		DEBUGADD(6,("%d:%s:%d\n", i, line, strlen(line)));
+		if((tuary=Realloc(*uni_array, (j+strlen(line)+2)*sizeof(uint16))) == NULL) {
+			DEBUG(2,("init_unistr_array: Realloc error\n" ));
+			return;
+		} else
+			*uni_array = tuary;
+		j += (rpcstr_push((*uni_array+j), line, sizeof(uint16)*strlen(line)+2, 0)/ sizeof(uint16));
+		i++;
+	}
+	
+	if (*uni_array) {
+		(*uni_array)[j]=0x0000;
+	}
+	
+	DEBUGADD(6,("last one:done\n"));
+}
+
+/********************************************************************
+ * construct_printer_info_3
+ * fill a printer_info_3 struct
+ ********************************************************************/
+
+static void fill_printer_driver_info_3(DRIVER_INFO_3 *info, NT_PRINTER_DRIVER_INFO_LEVEL driver, fstring servername)
+{
+	pstring temp;
+
+	ZERO_STRUCTP(info);
+
+	info->version=driver.info_3->cversion;
+
+	init_unistr( &info->name, driver.info_3->name );	
+	init_unistr( &info->architecture, driver.info_3->environment );
+
+    if (strlen(driver.info_3->driverpath)) {
+        slprintf(temp, sizeof(temp)-1, "\\\\%s%s", servername, driver.info_3->driverpath);		
+        init_unistr( &info->driverpath, temp );
+    } else
+        init_unistr( &info->driverpath, "" );
+    
+    if (strlen(driver.info_3->datafile)) {
+        slprintf(temp, sizeof(temp)-1, "\\\\%s%s", servername, driver.info_3->datafile);
+        init_unistr( &info->datafile, temp );
+    } else
+        init_unistr( &info->datafile, "" );
+
+    if (strlen(driver.info_3->configfile)) {
+        slprintf(temp, sizeof(temp)-1, "\\\\%s%s", servername, driver.info_3->configfile);
+        init_unistr( &info->configfile, temp );	
+    } else
+        init_unistr( &info->configfile, "" );
+
+    if (strlen(driver.info_3->helpfile)) {
+        slprintf(temp, sizeof(temp)-1, "\\\\%s%s", servername, driver.info_3->helpfile);
+        init_unistr( &info->helpfile, temp );
+    } else
+        init_unistr( &info->helpfile, "" );
+
+	init_unistr( &info->monitorname, driver.info_3->monitorname );
+	init_unistr( &info->defaultdatatype, driver.info_3->defaultdatatype );
+
+	info->dependentfiles=NULL;
+	init_unistr_array(&info->dependentfiles, driver.info_3->dependentfiles, servername);
+}
+
+/********************************************************************
+ * construct_printer_info_3
+ * fill a printer_info_3 struct
+ ********************************************************************/
+
+static WERROR construct_printer_driver_info_3(DRIVER_INFO_3 *info, int snum, fstring servername, fstring architecture, uint32 version)
+{	
+	NT_PRINTER_INFO_LEVEL *printer = NULL;
+	NT_PRINTER_DRIVER_INFO_LEVEL driver;
+	WERROR status;
+	ZERO_STRUCT(driver);
+
+	status=get_a_printer(&printer, 2, lp_servicename(snum) );
+	DEBUG(8,("construct_printer_driver_info_3: status: %s\n", dos_errstr(status)));
+	if (!W_ERROR_IS_OK(status))
+		return WERR_INVALID_PRINTER_NAME;
+
+	status=get_a_printer_driver(&driver, 3, printer->info_2->drivername, architecture, version);	
+	DEBUG(8,("construct_printer_driver_info_3: status: %s\n", dos_errstr(status)));
+
+#if 0	/* JERRY */
+
+	/* 
+	 * I put this code in during testing.  Helpful when commenting out the 
+	 * support for DRIVER_INFO_6 in regards to win2k.  Not needed in general
+	 * as win2k always queries the driver using an infor level of 6.
+	 * I've left it in (but ifdef'd out) because I'll probably
+	 * use it in experimentation again in the future.   --jerry 22/01/2002
+	 */
+
+	if (!W_ERROR_IS_OK(status)) {
+		/*
+		 * Is this a W2k client ?
+		 */
+		if (version == 3) {
+			/* Yes - try again with a WinNT driver. */
+			version = 2;
+			status=get_a_printer_driver(&driver, 3, printer->info_2->drivername, architecture, version);	
+			DEBUG(8,("construct_printer_driver_info_3: status: %s\n", dos_errstr(status)));
+		}
+#endif
+
+		if (!W_ERROR_IS_OK(status)) {
+			free_a_printer(&printer,2);
+			return WERR_UNKNOWN_PRINTER_DRIVER;
+		}
+		
+#if 0	/* JERRY */
+	}
+#endif
+	
+
+	fill_printer_driver_info_3(info, driver, servername);
+
+	free_a_printer(&printer,2);
+
+	return WERR_OK;
+}
+
+/********************************************************************
+ * construct_printer_info_6
+ * fill a printer_info_6 struct - we know that driver is really level 3. This sucks. JRA.
+ ********************************************************************/
+
+static void fill_printer_driver_info_6(DRIVER_INFO_6 *info, NT_PRINTER_DRIVER_INFO_LEVEL driver, fstring servername)
+{
+	pstring temp;
+	fstring nullstr;
+
+	ZERO_STRUCTP(info);
+	memset(&nullstr, '\0', sizeof(fstring));
+
+	info->version=driver.info_3->cversion;
+
+	init_unistr( &info->name, driver.info_3->name );	
+	init_unistr( &info->architecture, driver.info_3->environment );
+
+	if (strlen(driver.info_3->driverpath)) {
+		slprintf(temp, sizeof(temp)-1, "\\\\%s%s", servername, driver.info_3->driverpath);		
+		init_unistr( &info->driverpath, temp );
+	} else
+		init_unistr( &info->driverpath, "" );
+
+	if (strlen(driver.info_3->datafile)) {
+		slprintf(temp, sizeof(temp)-1, "\\\\%s%s", servername, driver.info_3->datafile);
+		init_unistr( &info->datafile, temp );
+	} else
+		init_unistr( &info->datafile, "" );
+
+	if (strlen(driver.info_3->configfile)) {
+		slprintf(temp, sizeof(temp)-1, "\\\\%s%s", servername, driver.info_3->configfile);
+		init_unistr( &info->configfile, temp );	
+	} else
+		init_unistr( &info->configfile, "" );
+
+	if (strlen(driver.info_3->helpfile)) {
+		slprintf(temp, sizeof(temp)-1, "\\\\%s%s", servername, driver.info_3->helpfile);
+		init_unistr( &info->helpfile, temp );
+	} else
+		init_unistr( &info->helpfile, "" );
+	
+	init_unistr( &info->monitorname, driver.info_3->monitorname );
+	init_unistr( &info->defaultdatatype, driver.info_3->defaultdatatype );
+
+	info->dependentfiles=NULL;
+	init_unistr_array(&info->dependentfiles, driver.info_3->dependentfiles, servername);
+
+	info->previousdrivernames=NULL;
+	init_unistr_array(&info->previousdrivernames, &nullstr, servername);
+
+	info->driver_date.low=0;
+	info->driver_date.high=0;
+
+	info->padding=0;
+	info->driver_version_low=0;
+	info->driver_version_high=0;
+
+	init_unistr( &info->mfgname, "");
+	init_unistr( &info->oem_url, "");
+	init_unistr( &info->hardware_id, "");
+	init_unistr( &info->provider, "");
+}
+
+/********************************************************************
+ * construct_printer_info_6
+ * fill a printer_info_6 struct
+ ********************************************************************/
+
+static WERROR construct_printer_driver_info_6(DRIVER_INFO_6 *info, int snum, fstring servername, fstring architecture, uint32 version)
+{	
+	NT_PRINTER_INFO_LEVEL *printer = NULL;
+	NT_PRINTER_DRIVER_INFO_LEVEL driver;
+	WERROR status;
+	ZERO_STRUCT(driver);
+
+	status=get_a_printer(&printer, 2, lp_servicename(snum) );
+	DEBUG(8,("construct_printer_driver_info_6: status: %s\n", dos_errstr(status)));
+	if (!W_ERROR_IS_OK(status))
+		return WERR_INVALID_PRINTER_NAME;
+
+	status=get_a_printer_driver(&driver, 3, printer->info_2->drivername, architecture, version);	
+	DEBUG(8,("construct_printer_driver_info_6: status: %s\n", dos_errstr(status)));
+	if (!W_ERROR_IS_OK(status)) {
+		/*
+		 * Is this a W2k client ?
+		 */
+
+		if (version < 3) {
+			free_a_printer(&printer,2);
+			return WERR_UNKNOWN_PRINTER_DRIVER;
+		}
+
+		/* Yes - try again with a WinNT driver. */
+		version = 2;
+		status=get_a_printer_driver(&driver, 3, printer->info_2->drivername, architecture, version);	
+		DEBUG(8,("construct_printer_driver_info_6: status: %s\n", dos_errstr(status)));
+		if (!W_ERROR_IS_OK(status)) {
+			free_a_printer(&printer,2);
+			return WERR_UNKNOWN_PRINTER_DRIVER;
+		}
+	}
+
+	fill_printer_driver_info_6(info, driver, servername);
+
+	free_a_printer(&printer,2);
+
+	return WERR_OK;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static void free_printer_driver_info_3(DRIVER_INFO_3 *info)
+{
+	SAFE_FREE(info->dependentfiles);
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static void free_printer_driver_info_6(DRIVER_INFO_6 *info)
+{
+	SAFE_FREE(info->dependentfiles);
+	
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static WERROR getprinterdriver2_level1(fstring servername, fstring architecture, uint32 version, int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed)
+{
+	DRIVER_INFO_1 *info=NULL;
+	WERROR status;
+	
+	if((info=(DRIVER_INFO_1 *)malloc(sizeof(DRIVER_INFO_1))) == NULL)
+		return WERR_NOMEM;
+	
+	status=construct_printer_driver_info_1(info, snum, servername, architecture, version);
+	if (!W_ERROR_IS_OK(status)) {
+		SAFE_FREE(info);
+		return status;
+	}
+
+	/* check the required size. */	
+	*needed += spoolss_size_printer_driver_info_1(info);
+
+	if (!alloc_buffer_size(buffer, *needed)) {
+		SAFE_FREE(info);
+		return WERR_INSUFFICIENT_BUFFER;
+	}
+
+	/* fill the buffer with the structures */
+	smb_io_printer_driver_info_1("", buffer, info, 0);	
+
+	/* clear memory */
+	SAFE_FREE(info);
+
+	if (*needed > offered)
+		return WERR_INSUFFICIENT_BUFFER;
+
+	return WERR_OK;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static WERROR getprinterdriver2_level2(fstring servername, fstring architecture, uint32 version, int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed)
+{
+	DRIVER_INFO_2 *info=NULL;
+	WERROR status;
+	
+	if((info=(DRIVER_INFO_2 *)malloc(sizeof(DRIVER_INFO_2))) == NULL)
+		return WERR_NOMEM;
+	
+	status=construct_printer_driver_info_2(info, snum, servername, architecture, version);
+	if (!W_ERROR_IS_OK(status)) {
+		SAFE_FREE(info);
+		return status;
+	}
+
+	/* check the required size. */	
+	*needed += spoolss_size_printer_driver_info_2(info);
+
+	if (!alloc_buffer_size(buffer, *needed)) {
+		SAFE_FREE(info);
+		return WERR_INSUFFICIENT_BUFFER;
+	}
+
+	/* fill the buffer with the structures */
+	smb_io_printer_driver_info_2("", buffer, info, 0);	
+
+	/* clear memory */
+	SAFE_FREE(info);
+
+	if (*needed > offered)
+		return WERR_INSUFFICIENT_BUFFER;
+	
+	return WERR_OK;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static WERROR getprinterdriver2_level3(fstring servername, fstring architecture, uint32 version, int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed)
+{
+	DRIVER_INFO_3 info;
+	WERROR status;
+
+	ZERO_STRUCT(info);
+
+	status=construct_printer_driver_info_3(&info, snum, servername, architecture, version);
+	if (!W_ERROR_IS_OK(status)) {
+		return status;
+	}
+
+	/* check the required size. */	
+	*needed += spoolss_size_printer_driver_info_3(&info);
+
+	if (!alloc_buffer_size(buffer, *needed)) {
+		free_printer_driver_info_3(&info);
+		return WERR_INSUFFICIENT_BUFFER;
+	}
+
+	/* fill the buffer with the structures */
+	smb_io_printer_driver_info_3("", buffer, &info, 0);
+
+	free_printer_driver_info_3(&info);
+
+	if (*needed > offered)
+		return WERR_INSUFFICIENT_BUFFER;
+
+	return WERR_OK;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static WERROR getprinterdriver2_level6(fstring servername, fstring architecture, uint32 version, int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed)
+{
+	DRIVER_INFO_6 info;
+	WERROR status;
+
+	ZERO_STRUCT(info);
+
+	status=construct_printer_driver_info_6(&info, snum, servername, architecture, version);
+	if (!W_ERROR_IS_OK(status)) {
+		return status;
+	}
+
+	/* check the required size. */	
+	*needed += spoolss_size_printer_driver_info_6(&info);
+
+	if (!alloc_buffer_size(buffer, *needed)) {
+		free_printer_driver_info_6(&info);
+		return WERR_INSUFFICIENT_BUFFER;
+	}
+
+	/* fill the buffer with the structures */
+	smb_io_printer_driver_info_6("", buffer, &info, 0);
+
+	free_printer_driver_info_6(&info);
+
+	if (*needed > offered)
+		return WERR_INSUFFICIENT_BUFFER;
+	
+	return WERR_OK;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+WERROR _spoolss_getprinterdriver2(pipes_struct *p, SPOOL_Q_GETPRINTERDRIVER2 *q_u, SPOOL_R_GETPRINTERDRIVER2 *r_u)
+{
+	POLICY_HND *handle = &q_u->handle;
+	UNISTR2 *uni_arch = &q_u->architecture;
+	uint32 level = q_u->level;
+	uint32 clientmajorversion = q_u->clientmajorversion;
+/*	uint32 clientminorversion = q_u->clientminorversion; - notused. */
+	NEW_BUFFER *buffer = NULL;
+	uint32 offered = q_u->offered;
+	uint32 *needed = &r_u->needed;
+	uint32 *servermajorversion = &r_u->servermajorversion;
+	uint32 *serverminorversion = &r_u->serverminorversion;
+
+	fstring servername;
+	fstring architecture;
+	int snum;
+
+	/* that's an [in out] buffer */
+	spoolss_move_buffer(q_u->buffer, &r_u->buffer);
+	buffer = r_u->buffer;
+
+	DEBUG(4,("_spoolss_getprinterdriver2\n"));
+
+	*needed=0;
+	*servermajorversion=0;
+	*serverminorversion=0;
+
+	pstrcpy(servername, get_called_name());
+	unistr2_to_ascii(architecture, uni_arch, sizeof(architecture)-1);
+
+	if (!get_printer_snum(p, handle, &snum))
+		return WERR_BADFID;
+
+	switch (level) {
+	case 1:
+		return getprinterdriver2_level1(servername, architecture, clientmajorversion, snum, buffer, offered, needed);
+	case 2:
+		return getprinterdriver2_level2(servername, architecture, clientmajorversion, snum, buffer, offered, needed);
+	case 3:
+		return getprinterdriver2_level3(servername, architecture, clientmajorversion, snum, buffer, offered, needed);
+	case 6:
+		return getprinterdriver2_level6(servername, architecture, clientmajorversion, snum, buffer, offered, needed);
+	}
+
+	return WERR_UNKNOWN_LEVEL;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+WERROR _spoolss_startpageprinter(pipes_struct *p, SPOOL_Q_STARTPAGEPRINTER *q_u, SPOOL_R_STARTPAGEPRINTER *r_u)
+{
+	POLICY_HND *handle = &q_u->handle;
+
+	Printer_entry *Printer = find_printer_index_by_hnd(p, handle);
+
+	if (!Printer) {
+		DEBUG(3,("Error in startpageprinter printer handle\n"));
+		return WERR_BADFID;
+	}
+
+	Printer->page_started=True;
+	return WERR_OK;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+WERROR _spoolss_endpageprinter(pipes_struct *p, SPOOL_Q_ENDPAGEPRINTER *q_u, SPOOL_R_ENDPAGEPRINTER *r_u)
+{
+	POLICY_HND *handle = &q_u->handle;
+
+	Printer_entry *Printer = find_printer_index_by_hnd(p, handle);
+
+	if (!Printer) {
+		DEBUG(2,("_spoolss_endpageprinter: Invalid handle (%s:%u:%u).\n",OUR_HANDLE(handle)));
+		return WERR_BADFID;
+	}
+	
+	Printer->page_started=False;
+	print_job_endpage(Printer->jobid);
+
+	return WERR_OK;
+}
+
+/********************************************************************
+ * api_spoolss_getprinter
+ * called from the spoolss dispatcher
+ *
+ ********************************************************************/
+
+WERROR _spoolss_startdocprinter(pipes_struct *p, SPOOL_Q_STARTDOCPRINTER *q_u, SPOOL_R_STARTDOCPRINTER *r_u)
+{
+	POLICY_HND *handle = &q_u->handle;
+/* 	uint32 level = q_u->doc_info_container.level; - notused. */
+	DOC_INFO *docinfo = &q_u->doc_info_container.docinfo;
+	uint32 *jobid = &r_u->jobid;
+
+	DOC_INFO_1 *info_1 = &docinfo->doc_info_1;
+	int snum;
+	pstring jobname;
+	fstring datatype;
+	Printer_entry *Printer = find_printer_index_by_hnd(p, handle);
+	struct current_user user;
+
+	if (!Printer) {
+		DEBUG(2,("_spoolss_startdocprinter: Invalid handle (%s:%u:%u)\n", OUR_HANDLE(handle)));
+		return WERR_BADFID;
+	}
+
+	get_current_user(&user, p);
+
+	/*
+	 * a nice thing with NT is it doesn't listen to what you tell it.
+	 * when asked to send _only_ RAW datas, it tries to send datas
+	 * in EMF format.
+	 *
+	 * So I add checks like in NT Server ...
+	 *
+	 * lkclXXXX jean-francois, i love this kind of thing.  oh, well,
+	 * there's a bug in NT client-side code, so we'll fix it in the
+	 * server-side code. *nnnnnggggh!*
+	 */
+	
+	if (info_1->p_datatype != 0) {
+		unistr2_to_ascii(datatype, &info_1->datatype, sizeof(datatype));
+		if (strcmp(datatype, "RAW") != 0) {
+			(*jobid)=0;
+			return WERR_INVALID_DATATYPE;
+		}		
+	}		
+	
+	/* get the share number of the printer */
+	if (!get_printer_snum(p, handle, &snum)) {
+		return WERR_BADFID;
+	}
+
+	unistr2_to_ascii(jobname, &info_1->docname, sizeof(jobname));
+	
+	Printer->jobid = print_job_start(&user, snum, jobname);
+
+	/* An error occured in print_job_start() so return an appropriate
+	   NT error code. */
+
+	if (Printer->jobid == -1) {
+		return map_werror_from_unix(errno);
+	}
+	
+	Printer->document_started=True;
+	(*jobid) = Printer->jobid;
+
+	return WERR_OK;
+}
+
+/********************************************************************
+ * api_spoolss_getprinter
+ * called from the spoolss dispatcher
+ *
+ ********************************************************************/
+
+WERROR _spoolss_enddocprinter(pipes_struct *p, SPOOL_Q_ENDDOCPRINTER *q_u, SPOOL_R_ENDDOCPRINTER *r_u)
+{
+	POLICY_HND *handle = &q_u->handle;
+
+	return _spoolss_enddocprinter_internal(p, handle);
+}
+
+/****************************************************************************
+****************************************************************************/
+
+WERROR _spoolss_writeprinter(pipes_struct *p, SPOOL_Q_WRITEPRINTER *q_u, SPOOL_R_WRITEPRINTER *r_u)
+{
+	POLICY_HND *handle = &q_u->handle;
+	uint32 buffer_size = q_u->buffer_size;
+	uint8 *buffer = q_u->buffer;
+	uint32 *buffer_written = &q_u->buffer_size2;
+
+	Printer_entry *Printer = find_printer_index_by_hnd(p, handle);
+	
+	if (!Printer) {
+		DEBUG(2,("_spoolss_writeprinter: Invalid handle (%s:%u:%u)\n",OUR_HANDLE(handle)));
+		r_u->buffer_written = q_u->buffer_size2;
+		return WERR_BADFID;
+	}
+
+	(*buffer_written) = print_job_write(Printer->jobid, (char *)buffer, buffer_size);
+
+
+	r_u->buffer_written = q_u->buffer_size2;
+
+	return WERR_OK;
+}
+
+/********************************************************************
+ * api_spoolss_getprinter
+ * called from the spoolss dispatcher
+ *
+ ********************************************************************/
+
+static WERROR control_printer(POLICY_HND *handle, uint32 command,
+			      pipes_struct *p)
+{
+	struct current_user user;
+	int snum;
+	WERROR errcode = WERR_BADFUNC;
+	Printer_entry *Printer = find_printer_index_by_hnd(p, handle);
+
+	get_current_user(&user, p);
+
+	if (!Printer) {
+		DEBUG(2,("control_printer: Invalid handle (%s:%u:%u)\n", OUR_HANDLE(handle)));
+		return WERR_BADFID;
+	}
+
+	if (!get_printer_snum(p, handle, &snum))
+		return WERR_BADFID;
+
+	switch (command) {
+	case PRINTER_CONTROL_PAUSE:
+		if (print_queue_pause(&user, snum, &errcode)) {
+			errcode = WERR_OK;
+		}
+		break;
+	case PRINTER_CONTROL_RESUME:
+	case PRINTER_CONTROL_UNPAUSE:
+		if (print_queue_resume(&user, snum, &errcode)) {
+			errcode = WERR_OK;
+		}
+		break;
+	case PRINTER_CONTROL_PURGE:
+		if (print_queue_purge(&user, snum, &errcode)) {
+			errcode = WERR_OK;
+		}
+		break;
+	default:
+		return WERR_UNKNOWN_LEVEL;
+	}
+
+	return errcode;
+}
+
+/********************************************************************
+ * api_spoolss_abortprinter
+ ********************************************************************/
+
+WERROR _spoolss_abortprinter(pipes_struct *p, SPOOL_Q_ABORTPRINTER *q_u, SPOOL_R_ABORTPRINTER *r_u)
+{
+	POLICY_HND *handle = &q_u->handle;
+
+	return control_printer(handle, PRINTER_CONTROL_PURGE, p);
+}
+
+/********************************************************************
+ * called by spoolss_api_setprinter
+ * when updating a printer description
+ ********************************************************************/
+
+static WERROR update_printer_sec(POLICY_HND *handle, uint32 level,
+				 const SPOOL_PRINTER_INFO_LEVEL *info,
+				 pipes_struct *p, SEC_DESC_BUF *secdesc_ctr)
+{
+	SEC_DESC_BUF *new_secdesc_ctr = NULL, *old_secdesc_ctr = NULL;
+	struct current_user user;
+	WERROR result;
+	int snum;
+
+	Printer_entry *Printer = find_printer_index_by_hnd(p, handle);
+
+	if (!Printer || !get_printer_snum(p, handle, &snum)) {
+		DEBUG(2,("update_printer_sec: Invalid handle (%s:%u:%u)\n",
+			 OUR_HANDLE(handle)));
+
+		result = WERR_BADFID;
+		goto done;
+	}
+
+	/* NT seems to like setting the security descriptor even though
+	   nothing may have actually changed.  This causes annoying
+	   dialog boxes when the user doesn't have permission to change
+	   the security descriptor. */
+
+	nt_printing_getsec(p->mem_ctx, Printer->dev.handlename, &old_secdesc_ctr);
+
+	if (DEBUGLEVEL >= 10) {
+		SEC_ACL *the_acl;
+		int i;
+
+		the_acl = old_secdesc_ctr->sec->dacl;
+		DEBUG(10, ("old_secdesc_ctr for %s has %d aces:\n", 
+			   PRINTERNAME(snum), the_acl->num_aces));
+
+		for (i = 0; i < the_acl->num_aces; i++) {
+			fstring sid_str;
+
+			sid_to_string(sid_str, &the_acl->ace[i].trustee);
+
+			DEBUG(10, ("%s 0x%08x\n", sid_str, 
+				  the_acl->ace[i].info.mask));
+		}
+
+		the_acl = secdesc_ctr->sec->dacl;
+
+		if (the_acl) {
+			DEBUG(10, ("secdesc_ctr for %s has %d aces:\n", 
+				   PRINTERNAME(snum), the_acl->num_aces));
+
+			for (i = 0; i < the_acl->num_aces; i++) {
+				fstring sid_str;
+				
+				sid_to_string(sid_str, &the_acl->ace[i].trustee);
+				
+				DEBUG(10, ("%s 0x%08x\n", sid_str, 
+					   the_acl->ace[i].info.mask));
+			}
+		} else {
+			DEBUG(10, ("dacl for secdesc_ctr is NULL\n"));
+		}
+	}
+
+	new_secdesc_ctr = sec_desc_merge(p->mem_ctx, secdesc_ctr, old_secdesc_ctr);
+
+	if (sec_desc_equal(new_secdesc_ctr->sec, old_secdesc_ctr->sec)) {
+		result = WERR_OK;
+		goto done;
+	}
+
+	/* Work out which user is performing the operation */
+
+	get_current_user(&user, p);
+
+	/* Check the user has permissions to change the security
+	   descriptor.  By experimentation with two NT machines, the user
+	   requires Full Access to the printer to change security
+	   information. */
+
+	if (!print_access_check(&user, snum, PRINTER_ACCESS_ADMINISTER)) {
+		result = WERR_ACCESS_DENIED;
+		goto done;
+	}
+
+	result = nt_printing_setsec(Printer->dev.handlename, new_secdesc_ctr);
+
+ done:
+
+	return result;
+}
+
+/********************************************************************
+ Do Samba sanity checks on a printer info struct.
+ this has changed purpose: it now "canonicalises" printer
+ info from a client rather than just checking it is correct
+ ********************************************************************/
+
+static BOOL check_printer_ok(NT_PRINTER_INFO_LEVEL_2 *info, int snum)
+{
+	DEBUG(5,("check_printer_ok: servername=%s printername=%s sharename=%s portname=%s drivername=%s comment=%s location=%s\n",
+		 info->servername, info->printername, info->sharename, info->portname, info->drivername, info->comment, info->location));
+
+	/* we force some elements to "correct" values */
+	slprintf(info->servername, sizeof(info->servername)-1, "\\\\%s", get_called_name());
+	fstrcpy(info->sharename, lp_servicename(snum));
+	slprintf(info->printername, sizeof(info->printername)-1, "\\\\%s\\%s",
+		 get_called_name(), info->sharename);
+	info->attributes = PRINTER_ATTRIBUTE_SHARED | PRINTER_ATTRIBUTE_NETWORK;
+	
+	return True;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL add_printer_hook(NT_PRINTER_INFO_LEVEL *printer)
+{
+	char *cmd = lp_addprinter_cmd();
+	char **qlines;
+	pstring command;
+	pstring driverlocation;
+	int numlines;
+	int ret;
+	int fd;
+	fstring remote_machine = "%m";
+
+	/* build driver path... only 9X architecture is needed for legacy reasons */
+	slprintf(driverlocation, sizeof(driverlocation)-1, "\\\\%s\\print$\\WIN40\\0",
+			get_called_name());
+	/* change \ to \\ for the shell */
+	all_string_sub(driverlocation,"\\","\\\\",sizeof(pstring));
+
+	slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\" \"%s\" \"%s\" \"%s\" \"%s\" \"%s\"",
+			cmd, printer->info_2->printername, printer->info_2->sharename,
+			printer->info_2->portname, printer->info_2->drivername,
+			printer->info_2->location, driverlocation, remote_machine);
+
+	/* Convert script args to unix-codepage */
+	DEBUG(10,("Running [%s]\n", command));
+	ret = smbrun(command, &fd);
+	DEBUGADD(10,("returned [%d]\n", ret));
+
+	if ( ret != 0 ) {
+		if (fd != -1)
+			close(fd);
+		return False;
+	}
+
+	numlines = 0;
+	/* Get lines and convert them back to dos-codepage */
+	qlines = fd_lines_load(fd, &numlines);
+	DEBUGADD(10,("Lines returned = [%d]\n", numlines));
+	close(fd);
+
+	if(numlines) {
+		/* Set the portname to what the script says the portname should be. */
+		strncpy(printer->info_2->portname, qlines[0], sizeof(printer->info_2->portname));
+		DEBUGADD(6,("Line[0] = [%s]\n", qlines[0]));
+
+		/* Send SIGHUP to process group... is there a better way? */
+		kill(0, SIGHUP);
+		add_all_printers();
+	}
+
+	file_lines_free(qlines);
+	return True;
+}
+
+#if 0	/* JERRY */
+
+/* Return true if two devicemodes are equal */
+
+#define DEVMODE_CHECK_INT(field) \
+    if (d1->field != d2->field) { \
+        DEBUG(10, ("nt_devicemode_equal(): " #field " not equal (%d != %d)\n", \
+            d1->field, d2->field)); \
+        return False; \
+    }
+
+/************************************************************************
+ Handy, but currently unused functions
+ ***********************************************************************/
+
+static BOOL nt_devicemode_equal(NT_DEVICEMODE *d1, NT_DEVICEMODE *d2)
+{
+	if (!d1 && !d2) goto equal;  /* if both are NULL they are equal */
+
+	if (!d1 ^ !d2) {
+		DEBUG(10, ("nt_devicemode_equal(): pointers not equal\n"));
+		return False; /* if either is exclusively NULL are not equal */
+	}
+
+	if (!strequal(d1->devicename, d2->devicename)) {
+		DEBUG(10, ("nt_devicemode_equal(): device not equal (%s != %s)\n", d1->devicename, d2->devicename));
+		return False;
+	}
+
+	if (!strequal(d1->formname, d2->formname)) {
+		DEBUG(10, ("nt_devicemode_equal(): formname not equal (%s != %s)\n", d1->formname, d2->formname));
+		return False;
+	}
+
+	DEVMODE_CHECK_INT(specversion);
+	DEVMODE_CHECK_INT(driverversion);
+	DEVMODE_CHECK_INT(driverextra);
+	DEVMODE_CHECK_INT(orientation);
+	DEVMODE_CHECK_INT(papersize);
+	DEVMODE_CHECK_INT(paperlength);
+	DEVMODE_CHECK_INT(paperwidth);
+	DEVMODE_CHECK_INT(scale);
+	DEVMODE_CHECK_INT(copies);
+	DEVMODE_CHECK_INT(defaultsource);
+	DEVMODE_CHECK_INT(printquality);
+	DEVMODE_CHECK_INT(color);
+	DEVMODE_CHECK_INT(duplex);
+	DEVMODE_CHECK_INT(yresolution);
+	DEVMODE_CHECK_INT(ttoption);
+	DEVMODE_CHECK_INT(collate);
+	DEVMODE_CHECK_INT(logpixels);
+
+	DEVMODE_CHECK_INT(fields);
+	DEVMODE_CHECK_INT(bitsperpel);
+	DEVMODE_CHECK_INT(pelswidth);
+	DEVMODE_CHECK_INT(pelsheight);
+	DEVMODE_CHECK_INT(displayflags);
+	DEVMODE_CHECK_INT(displayfrequency);
+	DEVMODE_CHECK_INT(icmmethod);
+	DEVMODE_CHECK_INT(icmintent);
+	DEVMODE_CHECK_INT(mediatype);
+	DEVMODE_CHECK_INT(dithertype);
+	DEVMODE_CHECK_INT(reserved1);
+	DEVMODE_CHECK_INT(reserved2);
+	DEVMODE_CHECK_INT(panningwidth);
+	DEVMODE_CHECK_INT(panningheight);
+
+	/* compare the private data if it exists */
+	if (!d1->driverextra && !d2->driverextra) goto equal;
+
+
+	DEVMODE_CHECK_INT(driverextra);
+
+	if (memcmp(d1->private, d2->private, d1->driverextra)) {
+		DEBUG(10, ("nt_devicemode_equal(): private data not equal\n"));
+		return False;
+	}
+
+ equal:
+	DEBUG(10, ("nt_devicemode_equal(): devicemodes identical\n"));
+	return True;
+}
+
+/* Return true if two NT_PRINTER_PARAM structures are equal */
+
+static BOOL nt_printer_param_equal(NT_PRINTER_PARAM *p1,
+				   NT_PRINTER_PARAM *p2)
+{
+	if (!p1 && !p2) goto equal;
+
+	if ((!p1 && p2) || (p1 && !p2)) {
+		DEBUG(10, ("nt_printer_param_equal(): pointers differ\n"));
+		return False;
+	}
+
+	/* Compare lists of printer parameters */
+
+	while (p1) {
+		BOOL found = False;
+		NT_PRINTER_PARAM *q = p1;
+
+		/* Find the parameter in the second structure */
+
+		while(q) {
+
+			if (strequal(p1->value, q->value)) {
+
+				if (p1->type != q->type) {
+					DEBUG(10, ("nt_printer_param_equal():"
+						   "types for %s differ (%d != %d)\n",
+						   p1->value, p1->type,
+						   q->type));
+					break;
+				}
+
+				if (p1->data_len != q->data_len) {
+					DEBUG(10, ("nt_printer_param_equal():"
+						   "len for %s differs (%d != %d)\n",
+						   p1->value, p1->data_len,
+						   q->data_len));
+					break;
+				}
+
+				if (memcmp(p1->data, q->data, p1->data_len) == 0) {
+					found = True;
+				} else {
+					DEBUG(10, ("nt_printer_param_equal():"
+						   "data for %s differs\n", p1->value));
+				}
+
+				break;
+			}
+
+			q = q->next;
+		}
+
+		if (!found) {
+			DEBUG(10, ("nt_printer_param_equal(): param %s "
+				   "does not exist\n", p1->value));
+			return False;
+		}
+
+		p1 = p1->next;
+	}
+
+	equal:
+
+	DEBUG(10, ("nt_printer_param_equal(): printer params identical\n"));
+	return True;
+}
+
+/********************************************************************
+ * Called by update_printer when trying to work out whether to
+ * actually update printer info.
+ ********************************************************************/
+
+#define PI_CHECK_INT(field) \
+    if (pi1->field != pi2->field) { \
+        DEBUG(10, ("nt_printer_info_level_equal(): " #field " not equal (%d != %d)\n", \
+            pi1->field, pi2->field)); \
+        return False; \
+    }
+
+#define PI_CHECK_STR(field) \
+    if (!strequal(pi1->field, pi2->field)) { \
+        DEBUG(10, ("nt_printer_info_level_equal(): " #field " not equal (%s != %s)\n", \
+            pi1->field, pi2->field)); \
+        return False; \
+    }
+
+static BOOL nt_printer_info_level_equal(NT_PRINTER_INFO_LEVEL *p1,
+					NT_PRINTER_INFO_LEVEL *p2)
+{
+	NT_PRINTER_INFO_LEVEL_2 *pi1, *pi2;
+
+	/* Trivial conditions */
+
+	if ((!p1 && !p2) || (!p1->info_2 && !p2->info_2)) {
+		goto equal;
+	}
+
+	if ((!p1 && p2) || (p1 && !p2) ||
+	    (!p1->info_2 && p2->info_2) ||
+	    (p1->info_2 && !p2->info_2)) {
+		DEBUG(10, ("nt_printer_info_level_equal(): info levels "
+			   "differ\n"));
+		return False;
+	}
+
+	/* Compare two nt_printer_info_level structures.  Don't compare
+	   status or cjobs as they seem to have something to do with the
+	   printer queue. */
+
+	pi1 = p1->info_2;
+	pi2 = p2->info_2;
+
+	/* Don't check the attributes as we stomp on the value in
+	   check_printer_ok() anyway. */
+
+#if 0
+	PI_CHECK_INT(attributes);
+#endif
+
+	PI_CHECK_INT(priority);
+	PI_CHECK_INT(default_priority);
+	PI_CHECK_INT(starttime);
+	PI_CHECK_INT(untiltime);
+	PI_CHECK_INT(averageppm);
+
+	/* Yuck - don't check the printername or servername as the
+	   mod_a_printer() code plays games with them.  You can't
+	   change the printername or the sharename through this interface
+	   in Samba. */
+
+	PI_CHECK_STR(sharename);
+	PI_CHECK_STR(portname);
+	PI_CHECK_STR(drivername);
+	PI_CHECK_STR(comment);
+	PI_CHECK_STR(location);
+
+	if (!nt_devicemode_equal(pi1->devmode, pi2->devmode)) {
+		return False;
+	}
+
+	PI_CHECK_STR(sepfile);
+	PI_CHECK_STR(printprocessor);
+	PI_CHECK_STR(datatype);
+	PI_CHECK_STR(parameters);
+
+	if (!nt_printer_param_equal(pi1->specific, pi2->specific)) {
+		return False;
+	}
+
+	if (!sec_desc_equal(pi1->secdesc_buf->sec, pi2->secdesc_buf->sec)) {
+		return False;
+	}
+
+	PI_CHECK_INT(changeid);
+	PI_CHECK_INT(c_setprinter);
+	PI_CHECK_INT(setuptime);
+
+ equal:
+	DEBUG(10, ("nt_printer_info_level_equal(): infos are identical\n"));
+	return True;
+}
+
+#endif
+
+/********************************************************************
+ * Called by spoolss_api_setprinter
+ * when updating a printer description.
+ ********************************************************************/
+
+static WERROR update_printer(pipes_struct *p, POLICY_HND *handle, uint32 level,
+                           const SPOOL_PRINTER_INFO_LEVEL *info,
+                           DEVICEMODE *devmode)
+{
+	int snum;
+	NT_PRINTER_INFO_LEVEL *printer = NULL, *old_printer = NULL;
+	Printer_entry *Printer = find_printer_index_by_hnd(p, handle);
+	PRINTER_MESSAGE_INFO msg;
+	WERROR result;
+
+	DEBUG(8,("update_printer\n"));
+	
+	ZERO_STRUCT(msg);
+	
+	result = WERR_OK;
+
+	if (level!=2) {
+		DEBUG(0,("update_printer: Send a mail to samba@samba.org\n"));
+		DEBUGADD(0,("with the following message: update_printer: level!=2\n"));
+		result = WERR_UNKNOWN_LEVEL;
+		goto done;
+	}
+
+	if (!Printer) {
+		result = WERR_BADFID;
+		goto done;
+	}
+
+	if (!get_printer_snum(p, handle, &snum)) {
+		result = WERR_BADFID;
+		goto done;
+	}
+
+	if (!W_ERROR_IS_OK(get_a_printer(&printer, 2, lp_servicename(snum))) ||
+	    (!W_ERROR_IS_OK(get_a_printer(&old_printer, 2, lp_servicename(snum))))) {
+		result = WERR_BADFID;
+		goto done;
+	}
+
+	DEBUGADD(8,("Converting info_2 struct\n"));
+
+	/*
+	 * convert_printer_info converts the incoming
+	 * info from the client and overwrites the info
+	 * just read from the tdb in the pointer 'printer'.
+	 */
+
+	if (!convert_printer_info(info, printer, level)) {
+		result =  WERR_NOMEM;
+		goto done;
+	}
+
+	if (info->info_2->devmode_ptr != 0) {
+		/* we have a valid devmode
+		   convert it and link it*/
+
+		DEBUGADD(8,("update_printer: Converting the devicemode struct\n"));
+		if (!convert_devicemode(printer->info_2->printername, devmode,
+				&printer->info_2->devmode)) {
+			result =  WERR_NOMEM;
+			goto done;
+		}
+	}
+
+	/* Do sanity check on the requested changes for Samba */
+
+	if (!check_printer_ok(printer->info_2, snum)) {
+		result = WERR_INVALID_PARAM;
+		goto done;
+	}
+
+#if 0	/* JERRY */
+	
+	/*
+	 * Another one of those historical misunderstandings...
+	 * This is reminisent of a similar call we had in _spoolss_setprinterdata()
+	 * I'm leaving it here as a reminder.  --jerry
+	 */
+
+	if (nt_printer_info_level_equal(printer, old_printer)) {
+		DEBUG(3, ("update_printer: printer info has not changed\n"));
+		result = WERR_OK;
+		goto done;
+	}
+
+#endif
+
+	/* Check calling user has permission to update printer description */
+
+	if (Printer->access_granted != PRINTER_ACCESS_ADMINISTER) {
+		DEBUG(3, ("update_printer: printer property change denied by handle\n"));
+		result = WERR_ACCESS_DENIED;
+		goto done;
+	}
+
+	/* Call addprinter hook */
+
+	if (*lp_addprinter_cmd()) {
+		if ( !add_printer_hook(printer) ) {
+			result = WERR_ACCESS_DENIED;
+			goto done;
+		}
+	}
+	
+	/*
+	 * Set the DRIVER_INIT info in the tdb; trigger on magic value for the
+	 * DEVMODE.displayfrequency, which is not used for printer drivers. This
+	 * requires Win32 client code (see other notes elsewhere in the code).
+	 */
+	if (printer->info_2->devmode &&
+		printer->info_2->devmode->displayfrequency == MAGIC_DISPLAY_FREQUENCY) {
+ 
+		DEBUG(10,("update_printer: Save printer driver init data\n"));
+		printer->info_2->devmode->displayfrequency = 0;
+ 
+		if (update_driver_init(*printer, 2)!=0) {
+			DEBUG(10,("update_printer: error updating printer driver init DEVMODE\n"));
+			result = WERR_ACCESS_DENIED;
+			goto done;
+		}
+	} else {
+		/*
+		 * When a *new* driver is bound to a printer, the drivername is used to
+		 * lookup previously saved driver initialization info, which is then
+		 * bound to the printer, simulating what happens in the Windows arch.
+		 */
+		if (!strequal(printer->info_2->drivername, old_printer->info_2->drivername)){
+			set_driver_init(printer, 2);
+			msg.flags |= PRINTER_MESSAGE_DRIVER;
+		}
+	}
+
+	/* Update printer info */
+	result = mod_a_printer(*printer, 2);
+
+	/* flag which changes actually occured.  This is a small subset of
+	   all the possible changes                                         */
+
+	if (!strequal(printer->info_2->comment, old_printer->info_2->comment))
+		msg.flags |= PRINTER_MESSAGE_COMMENT;
+
+	if (!strequal(printer->info_2->sharename, old_printer->info_2->sharename))
+		msg.flags |= PRINTER_MESSAGE_SHARENAME;
+
+	if (!strequal(printer->info_2->portname, old_printer->info_2->portname))
+		msg.flags |= PRINTER_MESSAGE_PORT;
+
+	if (!strequal(printer->info_2->location, old_printer->info_2->location))
+		msg.flags |= PRINTER_MESSAGE_LOCATION;
+
+	ZERO_STRUCT(msg);
+	
+	msg.low = PRINTER_CHANGE_ADD_PRINTER;
+	fstrcpy(msg.printer_name, printer->info_2->printername);
+
+	/* only send a notify if something changed */
+	if (msg.flags) {
+		srv_spoolss_sendnotify(msg.printer_name, 0, PRINTER_CHANGE_ADD_PRINTER, msg.flags);
+	}
+
+ done:
+	free_a_printer(&printer, 2);
+	free_a_printer(&old_printer, 2);
+
+
+	return result;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+WERROR _spoolss_setprinter(pipes_struct *p, SPOOL_Q_SETPRINTER *q_u, SPOOL_R_SETPRINTER *r_u)
+{
+	POLICY_HND *handle = &q_u->handle;
+	uint32 level = q_u->level;
+	SPOOL_PRINTER_INFO_LEVEL *info = &q_u->info;
+	DEVMODE_CTR devmode_ctr = q_u->devmode_ctr;
+	SEC_DESC_BUF *secdesc_ctr = q_u->secdesc_ctr;
+	uint32 command = q_u->command;
+
+	Printer_entry *Printer = find_printer_index_by_hnd(p, handle);
+	
+	if (!Printer) {
+		DEBUG(2,("_spoolss_setprinter: Invalid handle (%s:%u:%u)\n", OUR_HANDLE(handle)));
+		return WERR_BADFID;
+	}
+
+	/* check the level */	
+	switch (level) {
+		case 0:
+			return control_printer(handle, command, p);
+		case 2:
+			return update_printer(p, handle, level, info, devmode_ctr.devmode);
+		case 3:
+			return update_printer_sec(handle, level, info, p,
+						  secdesc_ctr);
+		default:
+			return WERR_UNKNOWN_LEVEL;
+	}
+}
+
+/****************************************************************************
+****************************************************************************/
+
+WERROR _spoolss_fcpn(pipes_struct *p, SPOOL_Q_FCPN *q_u, SPOOL_R_FCPN *r_u)
+{
+	POLICY_HND *handle = &q_u->handle;
+
+	Printer_entry *Printer= find_printer_index_by_hnd(p, handle);
+	
+	if (!Printer) {
+		DEBUG(2,("_spoolss_fcpn: Invalid handle (%s:%u:%u)\n", OUR_HANDLE(handle)));
+		return WERR_BADFID;
+	}
+
+	if (Printer->notify.client_connected==True)
+		srv_spoolss_replycloseprinter(&Printer->notify.client_hnd);
+
+	Printer->notify.flags=0;
+	Printer->notify.options=0;
+	Printer->notify.localmachine[0]='\0';
+	Printer->notify.printerlocal=0;
+	if (Printer->notify.option)
+		free_spool_notify_option(&Printer->notify.option);
+	Printer->notify.client_connected=False;
+
+	return WERR_OK;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+WERROR _spoolss_addjob(pipes_struct *p, SPOOL_Q_ADDJOB *q_u, SPOOL_R_ADDJOB *r_u)
+{
+	/* that's an [in out] buffer (despite appearences to the contrary) */
+	spoolss_move_buffer(q_u->buffer, &r_u->buffer);
+
+	r_u->needed = 0;
+	return WERR_INVALID_PARAM; /* this is what a NT server
+                                           returns for AddJob. AddJob
+                                           must fail on non-local
+                                           printers */
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static void fill_job_info_1(JOB_INFO_1 *job_info, print_queue_struct *queue,
+                            int position, int snum)
+{
+	pstring temp_name;
+	
+	struct tm *t;
+	
+	t=gmtime(&queue->time);
+	slprintf(temp_name, sizeof(temp_name)-1, "\\\\%s", get_called_name());
+
+	job_info->jobid=queue->job;	
+	init_unistr(&job_info->printername, lp_servicename(snum));
+	init_unistr(&job_info->machinename, temp_name);
+	init_unistr(&job_info->username, queue->fs_user);
+	init_unistr(&job_info->document, queue->fs_file);
+	init_unistr(&job_info->datatype, "RAW");
+	init_unistr(&job_info->text_status, "");
+	job_info->status=nt_printj_status(queue->status);
+	job_info->priority=queue->priority;
+	job_info->position=position;
+	job_info->totalpages=queue->page_count;
+	job_info->pagesprinted=0;
+
+	make_systemtime(&job_info->submitted, t);
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL fill_job_info_2(JOB_INFO_2 *job_info, print_queue_struct *queue,
+                            int position, int snum, 
+			    NT_PRINTER_INFO_LEVEL *ntprinter, 
+			    DEVICEMODE *devmode)
+{
+	pstring temp_name;
+	pstring chaine;
+	struct tm *t;
+
+	t=gmtime(&queue->time);
+	slprintf(temp_name, sizeof(temp_name)-1, "\\\\%s", get_called_name());
+
+	job_info->jobid=queue->job;
+	
+	slprintf(chaine, sizeof(chaine)-1, "\\\\%s\\%s", get_called_name(), ntprinter->info_2->printername);
+
+	init_unistr(&job_info->printername, chaine);
+	
+	init_unistr(&job_info->machinename, temp_name);
+	init_unistr(&job_info->username, queue->fs_user);
+	init_unistr(&job_info->document, queue->fs_file);
+	init_unistr(&job_info->notifyname, queue->fs_user);
+	init_unistr(&job_info->datatype, "RAW");
+	init_unistr(&job_info->printprocessor, "winprint");
+	init_unistr(&job_info->parameters, "");
+	init_unistr(&job_info->drivername, ntprinter->info_2->drivername);
+	init_unistr(&job_info->text_status, "");
+	
+/* and here the security descriptor */
+
+	job_info->status=nt_printj_status(queue->status);
+	job_info->priority=queue->priority;
+	job_info->position=position;
+	job_info->starttime=0;
+	job_info->untiltime=0;
+	job_info->totalpages=queue->page_count;
+	job_info->size=queue->size;
+	make_systemtime(&(job_info->submitted), t);
+	job_info->timeelapsed=0;
+	job_info->pagesprinted=0;
+
+	job_info->devmode = devmode;
+
+	return (True);
+}
+
+/****************************************************************************
+ Enumjobs at level 1.
+****************************************************************************/
+
+static WERROR enumjobs_level1(print_queue_struct *queue, int snum,
+			      NEW_BUFFER *buffer, uint32 offered,
+			      uint32 *needed, uint32 *returned)
+{
+	JOB_INFO_1 *info;
+	int i;
+	
+	info=(JOB_INFO_1 *)malloc(*returned*sizeof(JOB_INFO_1));
+	if (info==NULL) {
+		SAFE_FREE(queue);
+		*returned=0;
+		return WERR_NOMEM;
+	}
+	
+	for (i=0; i<*returned; i++)
+		fill_job_info_1(&info[i], &queue[i], i, snum);
+
+	SAFE_FREE(queue);
+
+	/* check the required size. */	
+	for (i=0; i<*returned; i++)
+		(*needed) += spoolss_size_job_info_1(&info[i]);
+
+	if (!alloc_buffer_size(buffer, *needed)) {
+		SAFE_FREE(info);
+		return WERR_INSUFFICIENT_BUFFER;
+	}
+
+	/* fill the buffer with the structures */
+	for (i=0; i<*returned; i++)
+		smb_io_job_info_1("", buffer, &info[i], 0);	
+
+	/* clear memory */
+	SAFE_FREE(info);
+
+	if (*needed > offered) {
+		*returned=0;
+		return WERR_INSUFFICIENT_BUFFER;
+	}
+
+	return WERR_OK;
+}
+
+/****************************************************************************
+ Enumjobs at level 2.
+****************************************************************************/
+
+static WERROR enumjobs_level2(print_queue_struct *queue, int snum,
+			      NEW_BUFFER *buffer, uint32 offered,
+			      uint32 *needed, uint32 *returned)
+{
+	NT_PRINTER_INFO_LEVEL *ntprinter = NULL;
+	JOB_INFO_2 *info = NULL;
+	int i;
+	WERROR result;
+	DEVICEMODE *devmode = NULL;
+	
+	info=(JOB_INFO_2 *)malloc(*returned*sizeof(JOB_INFO_2));
+	if (info==NULL) {
+		*returned=0;
+		result = WERR_NOMEM;
+		goto done;
+	}
+
+	result = get_a_printer(&ntprinter, 2, lp_servicename(snum));
+	if (!W_ERROR_IS_OK(result)) {
+		*returned = 0;
+		goto done;
+	}
+
+	if (!(devmode = construct_dev_mode(snum))) {
+		*returned = 0;
+		result = WERR_NOMEM;
+		goto done;
+	}
+
+	for (i=0; i<*returned; i++)
+		fill_job_info_2(&(info[i]), &queue[i], i, snum, ntprinter,
+				devmode);
+
+	free_a_printer(&ntprinter, 2);
+	SAFE_FREE(queue);
+
+	/* check the required size. */	
+	for (i=0; i<*returned; i++)
+		(*needed) += spoolss_size_job_info_2(&info[i]);
+
+	if (*needed > offered) {
+		*returned=0;
+		result = WERR_INSUFFICIENT_BUFFER;
+		goto done;
+	}
+
+	if (!alloc_buffer_size(buffer, *needed)) {
+		SAFE_FREE(info);
+		result = WERR_INSUFFICIENT_BUFFER;
+		goto done;
+	}
+
+	/* fill the buffer with the structures */
+	for (i=0; i<*returned; i++)
+		smb_io_job_info_2("", buffer, &info[i], 0);	
+
+	result = WERR_OK;
+
+ done:
+	free_a_printer(&ntprinter, 2);
+	free_devmode(devmode);
+	SAFE_FREE(queue);
+	SAFE_FREE(info);
+
+	return result;
+}
+
+/****************************************************************************
+ Enumjobs.
+****************************************************************************/
+
+WERROR _spoolss_enumjobs( pipes_struct *p, SPOOL_Q_ENUMJOBS *q_u, SPOOL_R_ENUMJOBS *r_u)
+{	
+	POLICY_HND *handle = &q_u->handle;
+/*	uint32 firstjob = q_u->firstjob; - notused. */
+/*	uint32 numofjobs = q_u->numofjobs; - notused. */
+	uint32 level = q_u->level;
+	NEW_BUFFER *buffer = NULL;
+	uint32 offered = q_u->offered;
+	uint32 *needed = &r_u->needed;
+	uint32 *returned = &r_u->returned;
+
+	int snum;
+	print_status_struct prt_status;
+	print_queue_struct *queue=NULL;
+
+	/* that's an [in out] buffer */
+	spoolss_move_buffer(q_u->buffer, &r_u->buffer);
+	buffer = r_u->buffer;
+
+	DEBUG(4,("_spoolss_enumjobs\n"));
+
+	*needed=0;
+	*returned=0;
+
+	if (!get_printer_snum(p, handle, &snum))
+		return WERR_BADFID;
+
+	*returned = print_queue_status(snum, &queue, &prt_status);
+	DEBUGADD(4,("count:[%d], status:[%d], [%s]\n", *returned, prt_status.status, prt_status.message));
+
+	if (*returned == 0) {
+		SAFE_FREE(queue);
+		return WERR_OK;
+	}
+
+	switch (level) {
+	case 1:
+		return enumjobs_level1(queue, snum, buffer, offered, needed, returned);
+	case 2:
+		return enumjobs_level2(queue, snum, buffer, offered, needed, returned);
+	default:
+		SAFE_FREE(queue);
+		*returned=0;
+		return WERR_UNKNOWN_LEVEL;
+	}
+}
+
+/****************************************************************************
+****************************************************************************/
+
+WERROR _spoolss_schedulejob( pipes_struct *p, SPOOL_Q_SCHEDULEJOB *q_u, SPOOL_R_SCHEDULEJOB *r_u)
+{
+	return WERR_OK;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+WERROR _spoolss_setjob(pipes_struct *p, SPOOL_Q_SETJOB *q_u, SPOOL_R_SETJOB *r_u)
+{
+	POLICY_HND *handle = &q_u->handle;
+	uint32 jobid = q_u->jobid;
+/*	uint32 level = q_u->level; - notused. */
+/*	JOB_INFO *ctr = &q_u->ctr; - notused. */
+	uint32 command = q_u->command;
+
+	struct current_user user;
+	int snum;
+	WERROR errcode = WERR_BADFUNC;
+		
+	if (!get_printer_snum(p, handle, &snum)) {
+		return WERR_BADFID;
+	}
+
+	if (!print_job_exists(jobid)) {
+		return WERR_INVALID_PRINTER_NAME;
+	}
+
+	get_current_user(&user, p);	
+
+	switch (command) {
+	case JOB_CONTROL_CANCEL:
+	case JOB_CONTROL_DELETE:
+		if (print_job_delete(&user, jobid, &errcode)) {
+			errcode = WERR_OK;
+		}
+		break;
+	case JOB_CONTROL_PAUSE:
+		if (print_job_pause(&user, jobid, &errcode)) {
+			errcode = WERR_OK;
+		}		
+		break;
+	case JOB_CONTROL_RESTART:
+	case JOB_CONTROL_RESUME:
+		if (print_job_resume(&user, jobid, &errcode)) {
+			errcode = WERR_OK;
+		}
+		break;
+	default:
+		return WERR_UNKNOWN_LEVEL;
+	}
+
+	return errcode;
+}
+
+/****************************************************************************
+ Enumerates all printer drivers at level 1.
+****************************************************************************/
+
+static WERROR enumprinterdrivers_level1(fstring servername, fstring architecture, NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned)
+{
+	int i;
+	int ndrivers;
+	uint32 version;
+	fstring *list = NULL;
+
+	NT_PRINTER_DRIVER_INFO_LEVEL driver;
+	DRIVER_INFO_1 *tdi1, *driver_info_1=NULL;
+
+	*returned=0;
+
+#define MAX_VERSION 4
+
+	for (version=0; version<MAX_VERSION; version++) {
+		list=NULL;
+		ndrivers=get_ntdrivers(&list, architecture, version);
+		DEBUGADD(4,("we have:[%d] drivers in environment [%s] and version [%d]\n", ndrivers, architecture, version));
+
+		if(ndrivers == -1)
+			return WERR_NOMEM;
+
+		if(ndrivers != 0) {
+			if((tdi1=(DRIVER_INFO_1 *)Realloc(driver_info_1, (*returned+ndrivers) * sizeof(DRIVER_INFO_1))) == NULL) {
+				DEBUG(0,("enumprinterdrivers_level1: failed to enlarge driver info buffer!\n"));
+				SAFE_FREE(driver_info_1);
+				SAFE_FREE(list);
+				return WERR_NOMEM;
+			}
+			else driver_info_1 = tdi1;
+		}
+
+		for (i=0; i<ndrivers; i++) {
+			WERROR status;
+			DEBUGADD(5,("\tdriver: [%s]\n", list[i]));
+			ZERO_STRUCT(driver);
+			status = get_a_printer_driver(&driver, 3, list[i], 
+						      architecture, version);
+			if (!W_ERROR_IS_OK(status)) {
+				SAFE_FREE(list);
+				return status;
+			}
+			fill_printer_driver_info_1(&driver_info_1[*returned+i], driver, servername, architecture );		
+			free_a_printer_driver(driver, 3);
+		}	
+
+		*returned+=ndrivers;
+		SAFE_FREE(list);
+	}
+	
+	/* check the required size. */
+	for (i=0; i<*returned; i++) {
+		DEBUGADD(6,("adding driver [%d]'s size\n",i));
+		*needed += spoolss_size_printer_driver_info_1(&driver_info_1[i]);
+	}
+
+	if (!alloc_buffer_size(buffer, *needed)) {
+		SAFE_FREE(driver_info_1);
+		return WERR_INSUFFICIENT_BUFFER;
+	}
+
+	/* fill the buffer with the driver structures */
+	for (i=0; i<*returned; i++) {
+		DEBUGADD(6,("adding driver [%d] to buffer\n",i));
+		smb_io_printer_driver_info_1("", buffer, &driver_info_1[i], 0);
+	}
+
+	SAFE_FREE(driver_info_1);
+
+	if (*needed > offered) {
+		*returned=0;
+		return WERR_INSUFFICIENT_BUFFER;
+	}
+
+	return WERR_OK;
+}
+
+/****************************************************************************
+ Enumerates all printer drivers at level 2.
+****************************************************************************/
+
+static WERROR enumprinterdrivers_level2(fstring servername, fstring architecture, NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned)
+{
+	int i;
+	int ndrivers;
+	uint32 version;
+	fstring *list = NULL;
+
+	NT_PRINTER_DRIVER_INFO_LEVEL driver;
+	DRIVER_INFO_2 *tdi2, *driver_info_2=NULL;
+
+	*returned=0;
+
+#define MAX_VERSION 4
+
+	for (version=0; version<MAX_VERSION; version++) {
+		list=NULL;
+		ndrivers=get_ntdrivers(&list, architecture, version);
+		DEBUGADD(4,("we have:[%d] drivers in environment [%s] and version [%d]\n", ndrivers, architecture, version));
+
+		if(ndrivers == -1)
+			return WERR_NOMEM;
+
+		if(ndrivers != 0) {
+			if((tdi2=(DRIVER_INFO_2 *)Realloc(driver_info_2, (*returned+ndrivers) * sizeof(DRIVER_INFO_2))) == NULL) {
+				DEBUG(0,("enumprinterdrivers_level2: failed to enlarge driver info buffer!\n"));
+				SAFE_FREE(driver_info_2);
+				SAFE_FREE(list);
+				return WERR_NOMEM;
+			}
+			else driver_info_2 = tdi2;
+		}
+		
+		for (i=0; i<ndrivers; i++) {
+			WERROR status;
+
+			DEBUGADD(5,("\tdriver: [%s]\n", list[i]));
+			ZERO_STRUCT(driver);
+			status = get_a_printer_driver(&driver, 3, list[i], 
+						      architecture, version);
+			if (!W_ERROR_IS_OK(status)) {
+				SAFE_FREE(list);
+				return status;
+			}
+			fill_printer_driver_info_2(&driver_info_2[*returned+i], driver, servername);		
+			free_a_printer_driver(driver, 3);
+		}	
+
+		*returned+=ndrivers;
+		SAFE_FREE(list);
+	}
+	
+	/* check the required size. */
+	for (i=0; i<*returned; i++) {
+		DEBUGADD(6,("adding driver [%d]'s size\n",i));
+		*needed += spoolss_size_printer_driver_info_2(&(driver_info_2[i]));
+	}
+
+	if (!alloc_buffer_size(buffer, *needed)) {
+		SAFE_FREE(driver_info_2);
+		return WERR_INSUFFICIENT_BUFFER;
+	}
+
+	/* fill the buffer with the form structures */
+	for (i=0; i<*returned; i++) {
+		DEBUGADD(6,("adding driver [%d] to buffer\n",i));
+		smb_io_printer_driver_info_2("", buffer, &(driver_info_2[i]), 0);
+	}
+
+	SAFE_FREE(driver_info_2);
+
+	if (*needed > offered) {
+		*returned=0;
+		return WERR_INSUFFICIENT_BUFFER;
+	}
+
+	return WERR_OK;
+}
+
+/****************************************************************************
+ Enumerates all printer drivers at level 3.
+****************************************************************************/
+
+static WERROR enumprinterdrivers_level3(fstring servername, fstring architecture, NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned)
+{
+	int i;
+	int ndrivers;
+	uint32 version;
+	fstring *list = NULL;
+
+	NT_PRINTER_DRIVER_INFO_LEVEL driver;
+	DRIVER_INFO_3 *tdi3, *driver_info_3=NULL;
+
+	*returned=0;
+
+#define MAX_VERSION 4
+
+	for (version=0; version<MAX_VERSION; version++) {
+		list=NULL;
+		ndrivers=get_ntdrivers(&list, architecture, version);
+		DEBUGADD(4,("we have:[%d] drivers in environment [%s] and version [%d]\n", ndrivers, architecture, version));
+
+		if(ndrivers == -1)
+			return WERR_NOMEM;
+
+		if(ndrivers != 0) {
+			if((tdi3=(DRIVER_INFO_3 *)Realloc(driver_info_3, (*returned+ndrivers) * sizeof(DRIVER_INFO_3))) == NULL) {
+				DEBUG(0,("enumprinterdrivers_level3: failed to enlarge driver info buffer!\n"));
+				SAFE_FREE(driver_info_3);
+				SAFE_FREE(list);
+				return WERR_NOMEM;
+			}
+			else driver_info_3 = tdi3;
+		}
+
+		for (i=0; i<ndrivers; i++) {
+			WERROR status;
+
+			DEBUGADD(5,("\tdriver: [%s]\n", list[i]));
+			ZERO_STRUCT(driver);
+			status = get_a_printer_driver(&driver, 3, list[i], 
+						      architecture, version);
+			if (!W_ERROR_IS_OK(status)) {
+				SAFE_FREE(list);
+				return status;
+			}
+			fill_printer_driver_info_3(&driver_info_3[*returned+i], driver, servername);		
+			free_a_printer_driver(driver, 3);
+		}	
+
+		*returned+=ndrivers;
+		SAFE_FREE(list);
+	}
+
+	/* check the required size. */
+	for (i=0; i<*returned; i++) {
+		DEBUGADD(6,("adding driver [%d]'s size\n",i));
+		*needed += spoolss_size_printer_driver_info_3(&driver_info_3[i]);
+	}
+
+	if (!alloc_buffer_size(buffer, *needed)) {
+		SAFE_FREE(driver_info_3);
+		return WERR_INSUFFICIENT_BUFFER;
+	}
+	
+	/* fill the buffer with the driver structures */
+	for (i=0; i<*returned; i++) {
+		DEBUGADD(6,("adding driver [%d] to buffer\n",i));
+		smb_io_printer_driver_info_3("", buffer, &driver_info_3[i], 0);
+	}
+
+	for (i=0; i<*returned; i++)
+		SAFE_FREE(driver_info_3[i].dependentfiles);
+	
+	SAFE_FREE(driver_info_3);
+	
+	if (*needed > offered) {
+		*returned=0;
+		return WERR_INSUFFICIENT_BUFFER;
+	}
+
+	return WERR_OK;
+}
+
+/****************************************************************************
+ Enumerates all printer drivers.
+****************************************************************************/
+
+WERROR _spoolss_enumprinterdrivers( pipes_struct *p, SPOOL_Q_ENUMPRINTERDRIVERS *q_u, SPOOL_R_ENUMPRINTERDRIVERS *r_u)
+{
+/*	UNISTR2 *name = &q_u->name; - notused. */
+	UNISTR2 *environment = &q_u->environment;
+	uint32 level = q_u->level;
+	NEW_BUFFER *buffer = NULL;
+	uint32 offered = q_u->offered;
+	uint32 *needed = &r_u->needed;
+	uint32 *returned = &r_u->returned;
+
+	fstring *list = NULL;
+	fstring servername;
+	fstring architecture;
+
+	/* that's an [in out] buffer */
+	spoolss_move_buffer(q_u->buffer, &r_u->buffer);
+	buffer = r_u->buffer;
+
+	DEBUG(4,("_spoolss_enumprinterdrivers\n"));
+	fstrcpy(servername, get_called_name());
+	*needed=0;
+	*returned=0;
+
+	unistr2_to_ascii(architecture, environment, sizeof(architecture)-1);
+
+	switch (level) {
+	case 1:
+		return enumprinterdrivers_level1(servername, architecture, buffer, offered, needed, returned);
+	case 2:
+		return enumprinterdrivers_level2(servername, architecture, buffer, offered, needed, returned);
+	case 3:
+		return enumprinterdrivers_level3(servername, architecture, buffer, offered, needed, returned);
+	default:
+		*returned=0;
+		SAFE_FREE(list);
+		return WERR_UNKNOWN_LEVEL;
+	}
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static void fill_form_1(FORM_1 *form, nt_forms_struct *list)
+{
+	form->flag=list->flag;
+	init_unistr(&form->name, list->name);
+	form->width=list->width;
+	form->length=list->length;
+	form->left=list->left;
+	form->top=list->top;
+	form->right=list->right;
+	form->bottom=list->bottom;	
+}
+	
+/****************************************************************************
+****************************************************************************/
+
+WERROR _spoolss_enumforms(pipes_struct *p, SPOOL_Q_ENUMFORMS *q_u, SPOOL_R_ENUMFORMS *r_u)
+{
+/*	POLICY_HND *handle = &q_u->handle; - notused. */
+	uint32 level = q_u->level;
+	NEW_BUFFER *buffer = NULL;
+	uint32 offered = q_u->offered;
+	uint32 *needed = &r_u->needed;
+	uint32 *numofforms = &r_u->numofforms;
+	uint32 numbuiltinforms;
+
+	nt_forms_struct *list=NULL;
+	nt_forms_struct *builtinlist=NULL;
+	FORM_1 *forms_1;
+	int buffer_size=0;
+	int i;
+
+	/* that's an [in out] buffer */
+	spoolss_move_buffer(q_u->buffer, &r_u->buffer);
+	buffer = r_u->buffer;
+
+	DEBUG(4,("_spoolss_enumforms\n"));
+	DEBUGADD(5,("Offered buffer size [%d]\n", offered));
+	DEBUGADD(5,("Info level [%d]\n",          level));
+
+	numbuiltinforms = get_builtin_ntforms(&builtinlist);
+	DEBUGADD(5,("Number of builtin forms [%d]\n",     numbuiltinforms));
+	*numofforms = get_ntforms(&list);
+	DEBUGADD(5,("Number of user forms [%d]\n",     *numofforms));
+	*numofforms += numbuiltinforms;
+
+	if (*numofforms == 0) return WERR_NO_MORE_ITEMS;
+
+	switch (level) {
+	case 1:
+		if ((forms_1=(FORM_1 *)malloc(*numofforms * sizeof(FORM_1))) == NULL) {
+			*numofforms=0;
+			return WERR_NOMEM;
+		}
+
+		/* construct the list of form structures */
+		for (i=0; i<numbuiltinforms; i++) {
+			DEBUGADD(6,("Filling form number [%d]\n",i));
+			fill_form_1(&forms_1[i], &builtinlist[i]);
+		}
+		
+		SAFE_FREE(builtinlist);
+
+		for (; i<*numofforms; i++) {
+			DEBUGADD(6,("Filling form number [%d]\n",i));
+			fill_form_1(&forms_1[i], &list[i-numbuiltinforms]);
+		}
+		
+		SAFE_FREE(list);
+
+		/* check the required size. */
+		for (i=0; i<numbuiltinforms; i++) {
+			DEBUGADD(6,("adding form [%d]'s size\n",i));
+			buffer_size += spoolss_size_form_1(&forms_1[i]);
+		}
+		for (; i<*numofforms; i++) {
+			DEBUGADD(6,("adding form [%d]'s size\n",i));
+			buffer_size += spoolss_size_form_1(&forms_1[i]);
+		}
+
+		*needed=buffer_size;		
+		
+		if (!alloc_buffer_size(buffer, buffer_size)){
+			SAFE_FREE(forms_1);
+			return WERR_INSUFFICIENT_BUFFER;
+		}
+
+		/* fill the buffer with the form structures */
+		for (i=0; i<numbuiltinforms; i++) {
+			DEBUGADD(6,("adding form [%d] to buffer\n",i));
+			smb_io_form_1("", buffer, &forms_1[i], 0);
+		}
+		for (; i<*numofforms; i++) {
+			DEBUGADD(6,("adding form [%d] to buffer\n",i));
+			smb_io_form_1("", buffer, &forms_1[i], 0);
+		}
+
+		SAFE_FREE(forms_1);
+
+		if (*needed > offered) {
+			*numofforms=0;
+			return WERR_INSUFFICIENT_BUFFER;
+		}
+		else
+			return WERR_OK;
+			
+	default:
+		SAFE_FREE(list);
+		SAFE_FREE(builtinlist);
+		return WERR_UNKNOWN_LEVEL;
+	}
+
+}
+
+/****************************************************************************
+****************************************************************************/
+
+WERROR _spoolss_getform(pipes_struct *p, SPOOL_Q_GETFORM *q_u, SPOOL_R_GETFORM *r_u)
+{
+/*	POLICY_HND *handle = &q_u->handle; - notused. */
+	uint32 level = q_u->level;
+	UNISTR2 *uni_formname = &q_u->formname;
+	NEW_BUFFER *buffer = NULL;
+	uint32 offered = q_u->offered;
+	uint32 *needed = &r_u->needed;
+
+	nt_forms_struct *list=NULL;
+	nt_forms_struct builtin_form;
+	BOOL foundBuiltin;
+	FORM_1 form_1;
+	fstring form_name;
+	int buffer_size=0;
+	int numofforms=0, i=0;
+
+	/* that's an [in out] buffer */
+	spoolss_move_buffer(q_u->buffer, &r_u->buffer);
+	buffer = r_u->buffer;
+
+	unistr2_to_ascii(form_name, uni_formname, sizeof(form_name)-1);
+
+	DEBUG(4,("_spoolss_getform\n"));
+	DEBUGADD(5,("Offered buffer size [%d]\n", offered));
+	DEBUGADD(5,("Info level [%d]\n",          level));
+
+	foundBuiltin = get_a_builtin_ntform(uni_formname,&builtin_form);
+	if (!foundBuiltin) {
+		numofforms = get_ntforms(&list);
+		DEBUGADD(5,("Number of forms [%d]\n",     numofforms));
+
+		if (numofforms == 0)
+			return WERR_BADFID;
+	}
+
+	switch (level) {
+	case 1:
+		if (foundBuiltin) {
+			fill_form_1(&form_1, &builtin_form);
+		} else {
+
+			/* Check if the requested name is in the list of form structures */
+			for (i=0; i<numofforms; i++) {
+
+				DEBUG(4,("_spoolss_getform: checking form %s (want %s)\n", list[i].name, form_name));
+
+				if (strequal(form_name, list[i].name)) {
+					DEBUGADD(6,("Found form %s number [%d]\n", form_name, i));
+					fill_form_1(&form_1, &list[i]);
+					break;
+				}
+			}
+			
+			SAFE_FREE(list);
+			if (i == numofforms) {
+				return WERR_BADFID;
+			}
+		}
+		/* check the required size. */
+
+		*needed=spoolss_size_form_1(&form_1);
+		
+		if (!alloc_buffer_size(buffer, buffer_size)){
+			return WERR_INSUFFICIENT_BUFFER;
+		}
+
+		if (*needed > offered) {
+			return WERR_INSUFFICIENT_BUFFER;
+		}
+
+		/* fill the buffer with the form structures */
+		DEBUGADD(6,("adding form %s [%d] to buffer\n", form_name, i));
+		smb_io_form_1("", buffer, &form_1, 0);
+
+		return WERR_OK;
+			
+	default:
+		SAFE_FREE(list);
+		return WERR_UNKNOWN_LEVEL;
+	}
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static void fill_port_1(PORT_INFO_1 *port, char *name)
+{
+	init_unistr(&port->port_name, name);
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static void fill_port_2(PORT_INFO_2 *port, char *name)
+{
+	init_unistr(&port->port_name, name);
+	init_unistr(&port->monitor_name, "Local Monitor");
+	init_unistr(&port->description, "Local Port");
+#define PORT_TYPE_WRITE 1
+	port->port_type=PORT_TYPE_WRITE;
+	port->reserved=0x0;	
+}
+
+/****************************************************************************
+ enumports level 1.
+****************************************************************************/
+
+static WERROR enumports_level_1(NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned)
+{
+	PORT_INFO_1 *ports=NULL;
+	int i=0;
+
+	if (*lp_enumports_cmd()) {
+		char *cmd = lp_enumports_cmd();
+		char **qlines;
+		pstring command;
+		int numlines;
+		int ret;
+		int fd;
+
+		slprintf(command, sizeof(command)-1, "%s \"%d\"", cmd, 1);
+
+		DEBUG(10,("Running [%s]\n", command));
+		ret = smbrun(command, &fd);
+		DEBUG(10,("Returned [%d]\n", ret));
+		if (ret != 0) {
+			if (fd != -1)
+				close(fd);
+			/* Is this the best error to return here? */
+			return WERR_ACCESS_DENIED;
+		}
+
+		numlines = 0;
+		qlines = fd_lines_load(fd, &numlines);
+		DEBUGADD(10,("Lines returned = [%d]\n", numlines));
+		close(fd);
+
+		if(numlines) {
+			if((ports=(PORT_INFO_1 *)malloc( numlines * sizeof(PORT_INFO_1) )) == NULL) {
+				DEBUG(10,("Returning WERR_NOMEM [%s]\n", 
+					  dos_errstr(WERR_NOMEM)));
+				file_lines_free(qlines);
+				return WERR_NOMEM;
+			}
+
+			for (i=0; i<numlines; i++) {
+				DEBUG(6,("Filling port number [%d] with port [%s]\n", i, qlines[i]));
+				fill_port_1(&ports[i], qlines[i]);
+			}
+
+			file_lines_free(qlines);
+		}
+
+		*returned = numlines;
+
+	} else {
+		*returned = 1; /* Sole Samba port returned. */
+
+		if((ports=(PORT_INFO_1 *)malloc( sizeof(PORT_INFO_1) )) == NULL)
+			return WERR_NOMEM;
+	
+		DEBUG(10,("enumports_level_1: port name %s\n", SAMBA_PRINTER_PORT_NAME));
+
+		fill_port_1(&ports[0], SAMBA_PRINTER_PORT_NAME);
+	}
+
+	/* check the required size. */
+	for (i=0; i<*returned; i++) {
+		DEBUGADD(6,("adding port [%d]'s size\n", i));
+		*needed += spoolss_size_port_info_1(&ports[i]);
+	}
+		
+	if (!alloc_buffer_size(buffer, *needed)) {
+		SAFE_FREE(ports);
+		return WERR_INSUFFICIENT_BUFFER;
+	}
+
+	/* fill the buffer with the ports structures */
+	for (i=0; i<*returned; i++) {
+		DEBUGADD(6,("adding port [%d] to buffer\n", i));
+		smb_io_port_1("", buffer, &ports[i], 0);
+	}
+
+	SAFE_FREE(ports);
+
+	if (*needed > offered) {
+		*returned=0;
+		return WERR_INSUFFICIENT_BUFFER;
+	}
+
+	return WERR_OK;
+}
+
+/****************************************************************************
+ enumports level 2.
+****************************************************************************/
+
+static WERROR enumports_level_2(NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned)
+{
+	PORT_INFO_2 *ports=NULL;
+	int i=0;
+
+	if (*lp_enumports_cmd()) {
+		char *cmd = lp_enumports_cmd();
+		char *path;
+		char **qlines;
+		pstring tmp_file;
+		pstring command;
+		int numlines;
+		int ret;
+		int fd;
+
+		if (*lp_pathname(lp_servicenumber(PRINTERS_NAME)))
+			path = lp_pathname(lp_servicenumber(PRINTERS_NAME));
+		else
+			path = lp_lockdir();
+
+		slprintf(tmp_file, sizeof(tmp_file)-1, "%s/smbcmd.%u.", path, (unsigned int)sys_getpid());
+		slprintf(command, sizeof(command)-1, "%s \"%d\"", cmd, 2);
+
+		unlink(tmp_file);
+		DEBUG(10,("Running [%s > %s]\n", command,tmp_file));
+		ret = smbrun(command, &fd);
+		DEBUGADD(10,("returned [%d]\n", ret));
+		if (ret != 0) {
+			if (fd != -1)
+				close(fd);
+			/* Is this the best error to return here? */
+			return WERR_ACCESS_DENIED;
+		}
+
+		numlines = 0;
+		qlines = fd_lines_load(fd, &numlines);
+		DEBUGADD(10,("Lines returned = [%d]\n", numlines));
+		close(fd);
+
+		if(numlines) {
+			if((ports=(PORT_INFO_2 *)malloc( numlines * sizeof(PORT_INFO_2) )) == NULL) {
+				file_lines_free(qlines);
+				return WERR_NOMEM;
+			}
+
+			for (i=0; i<numlines; i++) {
+				DEBUG(6,("Filling port number [%d] with port [%s]\n", i, qlines[i]));
+				fill_port_2(&(ports[i]), qlines[i]);
+			}
+
+			file_lines_free(qlines);
+		}
+
+		*returned = numlines;
+
+	} else {
+
+		*returned = 1;
+
+		if((ports=(PORT_INFO_2 *)malloc( sizeof(PORT_INFO_2) )) == NULL)
+			return WERR_NOMEM;
+	
+		DEBUG(10,("enumports_level_2: port name %s\n", SAMBA_PRINTER_PORT_NAME));
+
+		fill_port_2(&ports[0], SAMBA_PRINTER_PORT_NAME);
+	}
+
+	/* check the required size. */
+	for (i=0; i<*returned; i++) {
+		DEBUGADD(6,("adding port [%d]'s size\n", i));
+		*needed += spoolss_size_port_info_2(&ports[i]);
+	}
+		
+	if (!alloc_buffer_size(buffer, *needed)) {
+		SAFE_FREE(ports);
+		return WERR_INSUFFICIENT_BUFFER;
+	}
+
+	/* fill the buffer with the ports structures */
+	for (i=0; i<*returned; i++) {
+		DEBUGADD(6,("adding port [%d] to buffer\n", i));
+		smb_io_port_2("", buffer, &ports[i], 0);
+	}
+
+	SAFE_FREE(ports);
+
+	if (*needed > offered) {
+		*returned=0;
+		return WERR_INSUFFICIENT_BUFFER;
+	}
+
+	return WERR_OK;
+}
+
+/****************************************************************************
+ enumports.
+****************************************************************************/
+
+WERROR _spoolss_enumports( pipes_struct *p, SPOOL_Q_ENUMPORTS *q_u, SPOOL_R_ENUMPORTS *r_u)
+{
+/*	UNISTR2 *name = &q_u->name; - notused. */
+	uint32 level = q_u->level;
+	NEW_BUFFER *buffer = NULL;
+	uint32 offered = q_u->offered;
+	uint32 *needed = &r_u->needed;
+	uint32 *returned = &r_u->returned;
+
+	/* that's an [in out] buffer */
+	spoolss_move_buffer(q_u->buffer, &r_u->buffer);
+	buffer = r_u->buffer;
+
+	DEBUG(4,("_spoolss_enumports\n"));
+	
+	*returned=0;
+	*needed=0;
+	
+	switch (level) {
+	case 1:
+		return enumports_level_1(buffer, offered, needed, returned);
+	case 2:
+		return enumports_level_2(buffer, offered, needed, returned);
+	default:
+		return WERR_UNKNOWN_LEVEL;
+	}
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static WERROR spoolss_addprinterex_level_2( pipes_struct *p, const UNISTR2 *uni_srv_name,
+				const SPOOL_PRINTER_INFO_LEVEL *info,
+				DEVICEMODE *devmode, SEC_DESC_BUF *sec_desc_buf,
+				uint32 user_switch, const SPOOL_USER_CTR *user,
+				POLICY_HND *handle)
+{
+	NT_PRINTER_INFO_LEVEL *printer = NULL;
+	fstring	name;
+	int	snum;
+	WERROR err = WERR_OK;
+
+	if ((printer = (NT_PRINTER_INFO_LEVEL *)malloc(sizeof(NT_PRINTER_INFO_LEVEL))) == NULL) {
+		DEBUG(0,("spoolss_addprinterex_level_2: malloc fail.\n"));
+		return WERR_NOMEM;
+	}
+
+	ZERO_STRUCTP(printer);
+
+	/* convert from UNICODE to ASCII - this allocates the info_2 struct inside *printer.*/
+	if (!convert_printer_info(info, printer, 2)) {
+		free_a_printer(&printer, 2);
+		return WERR_NOMEM;
+	}
+
+	/* check to see if the printer already exists */
+
+	if ((snum = print_queue_snum(printer->info_2->sharename)) != -1) {
+		DEBUG(5, ("_spoolss_addprinterex: Attempted to add a printer named [%s] when one already existed!\n", 
+			printer->info_2->sharename));
+		free_a_printer(&printer, 2);
+		return WERR_PRINTER_ALREADY_EXISTS;
+	}
+
+	if (*lp_addprinter_cmd() )
+		if ( !add_printer_hook(printer) ) {
+			free_a_printer(&printer,2);
+			return WERR_ACCESS_DENIED;
+	}
+
+	slprintf(name, sizeof(name)-1, "\\\\%s\\%s", get_called_name(),
+             printer->info_2->sharename);
+
+	if ((snum = print_queue_snum(printer->info_2->sharename)) == -1) {
+		free_a_printer(&printer,2);
+		return WERR_ACCESS_DENIED;
+	}
+
+	/* you must be a printer admin to add a new printer */
+	if (!print_access_check(NULL, snum, PRINTER_ACCESS_ADMINISTER)) {
+		free_a_printer(&printer,2);
+		return WERR_ACCESS_DENIED;		
+	}
+	
+	/*
+	 * Do sanity check on the requested changes for Samba.
+	 */
+
+	if (!check_printer_ok(printer->info_2, snum)) {
+		free_a_printer(&printer,2);
+		return WERR_INVALID_PARAM;
+	}
+
+	/*
+	 * When a printer is created, the drivername bound to the printer is used
+	 * to lookup previously saved driver initialization info, which is then 
+	 * bound to the new printer, simulating what happens in the Windows arch.
+	 */
+
+	if (!devmode)
+		set_driver_init(printer, 2);
+	else {
+		/* A valid devmode was included, convert and link it
+		*/
+		DEBUGADD(10, ("spoolss_addprinterex_level_2: devmode included, converting\n"));
+
+		if (!convert_devicemode(printer->info_2->printername, devmode,
+				&printer->info_2->devmode))
+			return  WERR_NOMEM;
+	}
+
+	set_driver_init(printer, 2);
+	
+	/* write the ASCII on disk */
+	err = mod_a_printer(*printer, 2);
+	if (!W_ERROR_IS_OK(err)) {
+		free_a_printer(&printer,2);
+		return err;
+	}
+
+	if (!open_printer_hnd(p, handle, name, PRINTER_ACCESS_ADMINISTER)) {
+		/* Handle open failed - remove addition. */
+		del_a_printer(printer->info_2->sharename);
+		free_a_printer(&printer,2);
+		return WERR_ACCESS_DENIED;
+	}
+
+	update_c_setprinter(False);
+
+	srv_spoolss_sendnotify(printer->info_2->printername, 0, PRINTER_CHANGE_ADD_PRINTER, 0x0);
+
+	free_a_printer(&printer,2);
+
+	return WERR_OK;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+WERROR _spoolss_addprinterex( pipes_struct *p, SPOOL_Q_ADDPRINTEREX *q_u, SPOOL_R_ADDPRINTEREX *r_u)
+{
+	UNISTR2 *uni_srv_name = &q_u->server_name;
+	uint32 level = q_u->level;
+	SPOOL_PRINTER_INFO_LEVEL *info = &q_u->info;
+	DEVICEMODE *devmode = q_u->devmode_ctr.devmode;
+	SEC_DESC_BUF *sdb = q_u->secdesc_ctr;
+	uint32 user_switch = q_u->user_switch;
+	SPOOL_USER_CTR *user = &q_u->user_ctr;
+	POLICY_HND *handle = &r_u->handle;
+
+	switch (level) {
+		case 1:
+			/* we don't handle yet */
+			/* but I know what to do ... */
+			return WERR_UNKNOWN_LEVEL;
+		case 2:
+			return spoolss_addprinterex_level_2(p, uni_srv_name, info,
+							    devmode, sdb,
+							    user_switch, user, handle);
+		default:
+			return WERR_UNKNOWN_LEVEL;
+	}
+}
+
+/****************************************************************************
+****************************************************************************/
+
+WERROR _spoolss_addprinterdriver(pipes_struct *p, SPOOL_Q_ADDPRINTERDRIVER *q_u, SPOOL_R_ADDPRINTERDRIVER *r_u)
+{
+/*	UNISTR2 *server_name = &q_u->server_name; - notused. */
+	uint32 level = q_u->level;
+	SPOOL_PRINTER_DRIVER_INFO_LEVEL *info = &q_u->info;
+	WERROR err = WERR_OK;
+	NT_PRINTER_DRIVER_INFO_LEVEL driver;
+	struct current_user user;
+	
+	ZERO_STRUCT(driver);
+
+	get_current_user(&user, p);	
+	
+	if (!convert_printer_driver_info(info, &driver, level)) {
+		err = WERR_NOMEM;
+		goto done;
+	}
+
+	DEBUG(5,("Cleaning driver's information\n"));
+	err = clean_up_driver_struct(driver, level, &user);
+	if (!W_ERROR_IS_OK(err))
+		goto done;
+
+	DEBUG(5,("Moving driver to final destination\n"));
+	if(!move_driver_to_download_area(driver, level, &user, &err)) {
+		if (W_ERROR_IS_OK(err))
+			err = WERR_ACCESS_DENIED;
+		goto done;
+	}
+
+	if (add_a_printer_driver(driver, level)!=0) {
+		err = WERR_ACCESS_DENIED;
+		goto done;
+	}
+
+ done:
+	free_a_printer_driver(driver, level);
+	return err;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static void fill_driverdir_1(DRIVER_DIRECTORY_1 *info, char *name)
+{
+	init_unistr(&info->name, name);
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static WERROR getprinterdriverdir_level_1(UNISTR2 *name, UNISTR2 *uni_environment, NEW_BUFFER *buffer, uint32 offered, uint32 *needed)
+{
+	pstring path;
+	pstring long_archi;
+	pstring short_archi;
+	DRIVER_DIRECTORY_1 *info=NULL;
+
+	unistr2_to_ascii(long_archi, uni_environment, sizeof(long_archi)-1);
+
+	if (get_short_archi(short_archi, long_archi)==False)
+		return WERR_INVALID_ENVIRONMENT;
+
+	if((info=(DRIVER_DIRECTORY_1 *)malloc(sizeof(DRIVER_DIRECTORY_1))) == NULL)
+		return WERR_NOMEM;
+
+	slprintf(path, sizeof(path)-1, "\\\\%s\\print$\\%s", get_called_name(), short_archi);
+
+	DEBUG(4,("printer driver directory: [%s]\n", path));
+
+	fill_driverdir_1(info, path);
+	
+	*needed += spoolss_size_driverdir_info_1(info);
+
+	if (!alloc_buffer_size(buffer, *needed)) {
+		SAFE_FREE(info);
+		return WERR_INSUFFICIENT_BUFFER;
+	}
+
+	smb_io_driverdir_1("", buffer, info, 0);
+
+	SAFE_FREE(info);
+	
+	if (*needed > offered)
+		return WERR_INSUFFICIENT_BUFFER;
+
+	return WERR_OK;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+WERROR _spoolss_getprinterdriverdirectory(pipes_struct *p, SPOOL_Q_GETPRINTERDRIVERDIR *q_u, SPOOL_R_GETPRINTERDRIVERDIR *r_u)
+{
+	UNISTR2 *name = &q_u->name;
+	UNISTR2 *uni_environment = &q_u->environment;
+	uint32 level = q_u->level;
+	NEW_BUFFER *buffer = NULL;
+	uint32 offered = q_u->offered;
+	uint32 *needed = &r_u->needed;
+
+	/* that's an [in out] buffer */
+	spoolss_move_buffer(q_u->buffer, &r_u->buffer);
+	buffer = r_u->buffer;
+
+	DEBUG(4,("_spoolss_getprinterdriverdirectory\n"));
+
+	*needed=0;
+
+	switch(level) {
+	case 1:
+		return getprinterdriverdir_level_1(name, uni_environment, buffer, offered, needed);
+	default:
+		return WERR_UNKNOWN_LEVEL;
+	}
+}
+	
+/****************************************************************************
+****************************************************************************/
+
+WERROR _spoolss_enumprinterdata(pipes_struct *p, SPOOL_Q_ENUMPRINTERDATA *q_u, SPOOL_R_ENUMPRINTERDATA *r_u)
+{
+	POLICY_HND *handle = &q_u->handle;
+	uint32 idx = q_u->index;
+	uint32 in_value_len = q_u->valuesize;
+	uint32 in_data_len = q_u->datasize;
+	uint32 *out_max_value_len = &r_u->valuesize;
+	uint16 **out_value = &r_u->value;
+	uint32 *out_value_len = &r_u->realvaluesize;
+	uint32 *out_type = &r_u->type;
+	uint32 *out_max_data_len = &r_u->datasize;
+	uint8  **data_out = &r_u->data;
+	uint32 *out_data_len = &r_u->realdatasize;
+
+	NT_PRINTER_INFO_LEVEL *printer = NULL;
+	
+	fstring value;
+	
+	uint32 param_index;
+	uint32 biggest_valuesize;
+	uint32 biggest_datasize;
+	uint32 data_len;
+	Printer_entry *Printer = find_printer_index_by_hnd(p, handle);
+	int snum;
+	uint8 *data=NULL;
+	uint32 type;
+	WERROR result;
+
+	ZERO_STRUCT(printer);
+	
+	*out_type=0;
+
+	*out_max_data_len=0;
+	*data_out=NULL;
+	*out_data_len=0;
+
+	DEBUG(5,("spoolss_enumprinterdata\n"));
+
+	if (!Printer) {
+		DEBUG(2,("_spoolss_enumprinterdata: Invalid handle (%s:%u:%u).\n", OUR_HANDLE(handle)));
+		return WERR_BADFID;
+	}
+
+	if (!get_printer_snum(p,handle, &snum))
+		return WERR_BADFID;
+	
+	result = get_a_printer(&printer, 2, lp_servicename(snum));
+	if (!W_ERROR_IS_OK(result))
+		return result;
+
+	/*
+	 * The NT machine wants to know the biggest size of value and data
+	 *
+	 * cf: MSDN EnumPrinterData remark section
+	 */
+	if ( (in_value_len==0) && (in_data_len==0) ) {
+		DEBUGADD(6,("Activating NT mega-hack to find sizes\n"));
+
+#if 0
+		/*
+		 * NT can ask for a specific parameter size - we need to return NO_MORE_ITEMS
+		 * if this parameter size doesn't exist.
+		 * Ok - my opinion here is that the client is not asking for the greatest
+		 * possible size of all the parameters, but is asking specifically for the size needed
+		 * for this specific parameter. In that case we can remove the loop below and
+		 * simplify this lookup code considerably. JF - comments welcome. JRA.
+		 */
+
+		if (!get_specific_param_by_index(*printer, 2, idx, value, &data, &type, &data_len)) {
+			SAFE_FREE(data);
+			free_a_printer(&printer, 2);
+			return WERR_NO_MORE_ITEMS;
+		}
+#endif
+
+		SAFE_FREE(data);
+
+		param_index=0;
+		biggest_valuesize=0;
+		biggest_datasize=0;
+		
+		while (get_specific_param_by_index(*printer, 2, param_index, value, &data, &type, &data_len)) {
+			if (strlen(value) > biggest_valuesize) biggest_valuesize=strlen(value);
+			if (data_len > biggest_datasize) biggest_datasize=data_len;
+
+			DEBUG(6,("current values: [%d], [%d]\n", biggest_valuesize, biggest_datasize));
+
+			SAFE_FREE(data);
+			param_index++;
+		}
+
+		/* the value is an UNICODE string but realvaluesize is the length in bytes including the leading 0 */
+		*out_value_len=2*(1+biggest_valuesize);
+		*out_data_len=biggest_datasize;
+
+		DEBUG(6,("final values: [%d], [%d]\n", *out_value_len, *out_data_len));
+
+		free_a_printer(&printer, 2);
+		return WERR_OK;
+	}
+	
+	/*
+	 * the value len is wrong in NT sp3
+	 * that's the number of bytes not the number of unicode chars
+	 */
+
+	if (!get_specific_param_by_index(*printer, 2, idx, value, &data, &type, &data_len)) {
+
+		SAFE_FREE(data);
+		free_a_printer(&printer, 2);
+
+		/* out_value should default to "" or else NT4 has
+		   problems unmarshalling the response */
+
+		*out_max_value_len=(in_value_len/sizeof(uint16));
+		if((*out_value=(uint16 *)talloc_zero(p->mem_ctx, in_value_len*sizeof(uint8))) == NULL)
+			return WERR_NOMEM;
+
+		*out_value_len = rpcstr_push((char *)*out_value, "", in_value_len, 0);
+
+		/* the data is counted in bytes */
+		*out_max_data_len = in_data_len;
+		*out_data_len = in_data_len;
+		if((*data_out=(uint8 *)talloc_zero(p->mem_ctx, in_data_len*sizeof(uint8))) == NULL)
+			return WERR_NOMEM;
+
+		return WERR_NO_MORE_ITEMS;
+	}
+
+	free_a_printer(&printer, 2);
+
+	/*
+	 * the value is:
+	 * - counted in bytes in the request
+	 * - counted in UNICODE chars in the max reply
+	 * - counted in bytes in the real size
+	 *
+	 * take a pause *before* coding not *during* coding
+	 */
+	
+	*out_max_value_len=(in_value_len/sizeof(uint16));
+	if((*out_value=(uint16 *)talloc_zero(p->mem_ctx,in_value_len*sizeof(uint8))) == NULL) {
+		SAFE_FREE(data);
+		return WERR_NOMEM;
+	}
+	
+	*out_value_len = rpcstr_push((char *)*out_value,value, in_value_len, 0);
+
+	*out_type=type;
+
+	/* the data is counted in bytes */
+	*out_max_data_len=in_data_len;
+	if((*data_out=(uint8 *)talloc_zero(p->mem_ctx, in_data_len*sizeof(uint8))) == NULL) {
+		SAFE_FREE(data);
+		return WERR_NOMEM;
+	}
+	
+	memcpy(*data_out, data, (size_t)data_len);
+	*out_data_len=data_len;
+
+	SAFE_FREE(data);
+	
+	return WERR_OK;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+WERROR _spoolss_setprinterdata( pipes_struct *p, SPOOL_Q_SETPRINTERDATA *q_u, SPOOL_R_SETPRINTERDATA *r_u)
+{
+	POLICY_HND *handle = &q_u->handle;
+	UNISTR2 *value = &q_u->value;
+	uint32 type = q_u->type;
+/*	uint32 max_len = q_u->max_len; - notused. */
+	uint8 *data = q_u->data;
+	uint32 real_len = q_u->real_len;
+/*	uint32 numeric_data = q_u->numeric_data; - notused. */
+
+	NT_PRINTER_INFO_LEVEL *printer = NULL;
+	NT_PRINTER_PARAM *param = NULL, old_param;
+	int snum=0;
+	WERROR status = WERR_OK;
+	Printer_entry *Printer=find_printer_index_by_hnd(p, handle);
+	
+	DEBUG(5,("spoolss_setprinterdata\n"));
+
+	if (!Printer) {
+		DEBUG(2,("_spoolss_setprinterdata: Invalid handle (%s:%u:%u).\n", OUR_HANDLE(handle)));
+		return WERR_BADFID;
+	}
+
+	if (!get_printer_snum(p,handle, &snum))
+		return WERR_BADFID;
+
+	ZERO_STRUCT(old_param);
+
+	/* 
+	 * Access check : NT returns "access denied" if you make a 
+	 * SetPrinterData call without the necessary privildge.
+	 * we were originally returning OK if nothing changed
+	 * which made Win2k issue **a lot** of SetPrinterData
+	 * when connecting to a printer  --jerry
+	 */
+
+	if (Printer->access_granted != PRINTER_ACCESS_ADMINISTER) {
+		DEBUG(3, ("_spoolss_setprinterdata: change denied by handle access permissions\n"));
+		status = WERR_ACCESS_DENIED;
+		goto done;
+	}
+
+	/* Check if we are making any changes or not.  Return true if
+	   nothing is actually changing.  This is not needed anymore but
+	   has been left in as an optimization to keep from from
+	   writing to disk as often  --jerry  */
+
+	status = get_a_printer(&printer, 2, lp_servicename(snum));
+	if (!W_ERROR_IS_OK(status))
+		return status;
+
+	convert_specific_param(&param, value , type, data, real_len);
+
+	unlink_specific_param_if_exist(printer->info_2, param);
+	
+	/*
+	 * When client side code sets a magic printer data key, detect it and save
+	 * the current printer data and the magic key's data (its the DEVMODE) for
+	 * future printer/driver initializations.
+	 */
+	if (param->type==3 && !strcmp( param->value, PHANTOM_DEVMODE_KEY)) {
+		/*
+		 * Set devmode and printer initialization info
+		 */
+		status = save_driver_init(printer, 2, param);
+	}
+	else {
+		add_a_specific_param(printer->info_2, &param);
+		status = mod_a_printer(*printer, 2);
+	}
+
+ done:
+	free_a_printer(&printer, 2);
+	if (param)
+		free_nt_printer_param(&param);
+	SAFE_FREE(old_param.data);
+
+	return status;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+WERROR _spoolss_resetprinter(pipes_struct *p, SPOOL_Q_RESETPRINTER *q_u, SPOOL_R_RESETPRINTER *r_u)
+{
+	POLICY_HND *handle = &q_u->handle;
+	Printer_entry *Printer=find_printer_index_by_hnd(p, handle);
+	int snum;
+	
+	DEBUG(5,("_spoolss_resetprinter\n"));
+
+	/*
+	 * All we do is to check to see if the handle and queue is valid.
+	 * This call really doesn't mean anything to us because we only
+	 * support RAW printing.   --jerry
+	 */
+	 
+	if (!Printer) {
+		DEBUG(2,("_spoolss_resetprinter: Invalid handle (%s:%u:%u).\n", OUR_HANDLE(handle)));
+		return WERR_BADFID;
+	}
+
+	if (!get_printer_snum(p,handle, &snum))
+		return WERR_BADFID;
+
+
+	/* blindly return success */	
+	return WERR_OK;
+}
+
+
+WERROR _spoolss_deleteprinterdata(pipes_struct *p, SPOOL_Q_DELETEPRINTERDATA *q_u, SPOOL_R_DELETEPRINTERDATA *r_u)
+{
+	POLICY_HND *handle = &q_u->handle;
+	UNISTR2 *value = &q_u->valuename;
+
+	NT_PRINTER_INFO_LEVEL *printer = NULL;
+	NT_PRINTER_PARAM param;
+	int snum=0;
+	WERROR status = WERR_OK;
+	Printer_entry *Printer=find_printer_index_by_hnd(p, handle);
+	
+	DEBUG(5,("spoolss_deleteprinterdata\n"));
+	
+	if (!Printer) {
+		DEBUG(2,("_spoolss_deleteprinterdata: Invalid handle (%s:%u:%u).\n", OUR_HANDLE(handle)));
+		return WERR_BADFID;
+	}
+
+	if (!get_printer_snum(p, handle, &snum))
+		return WERR_BADFID;
+
+	if (Printer->access_granted != PRINTER_ACCESS_ADMINISTER) {
+		DEBUG(3, ("_spoolss_deleteprinterdata: printer properties change denied by handle\n"));
+		return WERR_ACCESS_DENIED;
+	}
+
+	status = get_a_printer(&printer, 2, lp_servicename(snum));
+	if (!W_ERROR_IS_OK(status))
+		return status;
+
+	ZERO_STRUCTP(&param);
+	unistr2_to_ascii(param.value, value, sizeof(param.value)-1);
+
+	if(!unlink_specific_param_if_exist(printer->info_2, &param))
+		status = WERR_INVALID_PARAM;
+	else
+		status = mod_a_printer(*printer, 2);
+
+	free_a_printer(&printer, 2);
+	return status;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+WERROR _spoolss_addform( pipes_struct *p, SPOOL_Q_ADDFORM *q_u, SPOOL_R_ADDFORM *r_u)
+{
+	POLICY_HND *handle = &q_u->handle;
+/*	uint32 level = q_u->level; - notused. */
+	FORM *form = &q_u->form;
+	nt_forms_struct tmpForm;
+	int snum;
+	WERROR status = WERR_OK;
+	NT_PRINTER_INFO_LEVEL *printer = NULL;
+
+	int count=0;
+	nt_forms_struct *list=NULL;
+	Printer_entry *Printer = find_printer_index_by_hnd(p, handle);
+
+	DEBUG(5,("spoolss_addform\n"));
+
+	if (!Printer) {
+		DEBUG(2,("_spoolss_addform: Invalid handle (%s:%u:%u).\n", OUR_HANDLE(handle)));
+		return WERR_BADFID;
+	}
+
+	if (!get_printer_snum(p,handle, &snum))
+                return WERR_BADFID;
+
+	if (Printer->access_granted != PRINTER_ACCESS_ADMINISTER) {
+		DEBUG(2,("_spoolss_addform: denied by handle permissions.\n"));
+		status = WERR_ACCESS_DENIED;
+		goto done;
+	}
+		
+	/* can't add if builtin */
+	if (get_a_builtin_ntform(&form->name,&tmpForm)) {
+		return WERR_ALREADY_EXISTS;
+	}
+
+	count=get_ntforms(&list);
+	if(!add_a_form(&list, form, &count))
+		return WERR_NOMEM;
+	write_ntforms(&list, count);
+	
+	/*
+	 * ChangeID must always be set
+	 */
+	 
+	status = get_a_printer(&printer, 2, lp_servicename(snum));
+        if (!W_ERROR_IS_OK(status))
+		goto done;
+	
+	status = mod_a_printer(*printer, 2);
+        if (!W_ERROR_IS_OK(status))
+		goto done;
+	
+done:
+	free_a_printer(&printer, 2);
+	SAFE_FREE(list);
+
+	return status;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+WERROR _spoolss_deleteform( pipes_struct *p, SPOOL_Q_DELETEFORM *q_u, SPOOL_R_DELETEFORM *r_u)
+{
+	POLICY_HND *handle = &q_u->handle;
+	UNISTR2 *form_name = &q_u->name;
+	nt_forms_struct tmpForm;
+	int count=0;
+	WERROR ret = WERR_OK;
+	nt_forms_struct *list=NULL;
+	Printer_entry *Printer = find_printer_index_by_hnd(p, handle);
+	int snum;
+	WERROR status = WERR_OK;
+	NT_PRINTER_INFO_LEVEL *printer = NULL;
+
+	DEBUG(5,("spoolss_deleteform\n"));
+
+	if (!Printer) {
+		DEBUG(2,("_spoolss_deleteform: Invalid handle (%s:%u:%u).\n", OUR_HANDLE(handle)));
+		return WERR_BADFID;
+	}
+
+ 	if (!get_printer_snum(p, handle, &snum))
+		return WERR_BADFID;
+
+	if (Printer->access_granted != PRINTER_ACCESS_ADMINISTER) {
+		DEBUG(2,("_spoolss_deleteform: denied by handle permissions\n"));
+		return WERR_ACCESS_DENIED;
+	}
+
+	/* can't delete if builtin */
+	if (get_a_builtin_ntform(form_name,&tmpForm)) {
+		return WERR_INVALID_PARAM;
+	}
+
+	count = get_ntforms(&list);
+	if(!delete_a_form(&list, form_name, &count, &ret))
+		return WERR_INVALID_PARAM;
+
+	/*
+	 * ChangeID must always be set
+	 */
+	 
+	status = get_a_printer(&printer, 2, lp_servicename(snum));
+        if (!W_ERROR_IS_OK(status))
+		goto done;
+	
+	status = mod_a_printer(*printer, 2);
+        if (!W_ERROR_IS_OK(status))
+		goto done;
+	
+done:
+	free_a_printer(&printer, 2);
+	SAFE_FREE(list);
+
+	return ret;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+WERROR _spoolss_setform(pipes_struct *p, SPOOL_Q_SETFORM *q_u, SPOOL_R_SETFORM *r_u)
+{
+	POLICY_HND *handle = &q_u->handle;
+/*	UNISTR2 *uni_name = &q_u->name; - notused. */
+/*	uint32 level = q_u->level; - notused. */
+	FORM *form = &q_u->form;
+	nt_forms_struct tmpForm;
+	int snum;
+	WERROR status = WERR_OK;
+	NT_PRINTER_INFO_LEVEL *printer = NULL;
+
+	int count=0;
+	nt_forms_struct *list=NULL;
+	Printer_entry *Printer = find_printer_index_by_hnd(p, handle);
+
+ 	DEBUG(5,("spoolss_setform\n"));
+
+	if (!Printer) {
+		DEBUG(2,("_spoolss_setform: Invalid handle (%s:%u:%u).\n", OUR_HANDLE(handle)));
+		return WERR_BADFID;
+	}
+
+	if (!get_printer_snum(p, handle, &snum))
+		return WERR_BADFID;
+
+	if (Printer->access_granted != PRINTER_ACCESS_ADMINISTER) {
+		DEBUG(2,("_spoolss_setform: denied by handle permissions\n"));
+		return WERR_ACCESS_DENIED;
+	}
+
+	/* can't set if builtin */
+	if (get_a_builtin_ntform(&form->name,&tmpForm)) {
+		return WERR_INVALID_PARAM;
+	}
+
+	count=get_ntforms(&list);
+	update_a_form(&list, form, count);
+	write_ntforms(&list, count);
+
+	/*
+	 * ChangeID must always be set
+	 */
+	 
+	status = get_a_printer(&printer, 2, lp_servicename(snum));
+        if (!W_ERROR_IS_OK(status))
+		goto done;
+	
+	status = mod_a_printer(*printer, 2);
+        if (!W_ERROR_IS_OK(status))
+		goto done;
+	
+done:
+	free_a_printer(&printer, 2);
+	SAFE_FREE(list);
+
+	return WERR_OK;
+}
+
+/****************************************************************************
+ enumprintprocessors level 1.
+****************************************************************************/
+
+static WERROR enumprintprocessors_level_1(NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned)
+{
+	PRINTPROCESSOR_1 *info_1=NULL;
+	
+	if((info_1 = (PRINTPROCESSOR_1 *)malloc(sizeof(PRINTPROCESSOR_1))) == NULL)
+		return WERR_NOMEM;
+
+	(*returned) = 0x1;
+	
+	init_unistr(&info_1->name, "winprint");
+
+	*needed += spoolss_size_printprocessor_info_1(info_1);
+
+	if (!alloc_buffer_size(buffer, *needed))
+		return WERR_INSUFFICIENT_BUFFER;
+
+	smb_io_printprocessor_info_1("", buffer, info_1, 0);
+
+	SAFE_FREE(info_1);
+
+	if (*needed > offered) {
+		*returned=0;
+		return WERR_INSUFFICIENT_BUFFER;
+	}
+
+	return WERR_OK;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+WERROR _spoolss_enumprintprocessors(pipes_struct *p, SPOOL_Q_ENUMPRINTPROCESSORS *q_u, SPOOL_R_ENUMPRINTPROCESSORS *r_u)
+{
+/*	UNISTR2 *name = &q_u->name; - notused. */
+/*	UNISTR2 *environment = &q_u->environment; - notused. */
+	uint32 level = q_u->level;
+    NEW_BUFFER *buffer = NULL;
+	uint32 offered = q_u->offered;
+    uint32 *needed = &r_u->needed;
+	uint32 *returned = &r_u->returned;
+
+	/* that's an [in out] buffer */
+	spoolss_move_buffer(q_u->buffer, &r_u->buffer);
+	buffer = r_u->buffer;
+
+ 	DEBUG(5,("spoolss_enumprintprocessors\n"));
+
+	/*
+	 * Enumerate the print processors ...
+	 *
+	 * Just reply with "winprint", to keep NT happy
+	 * and I can use my nice printer checker.
+	 */
+	
+	*returned=0;
+	*needed=0;
+	
+	switch (level) {
+	case 1:
+		return enumprintprocessors_level_1(buffer, offered, needed, returned);
+	default:
+		return WERR_UNKNOWN_LEVEL;
+	}
+}
+
+/****************************************************************************
+ enumprintprocdatatypes level 1.
+****************************************************************************/
+
+static WERROR enumprintprocdatatypes_level_1(NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned)
+{
+	PRINTPROCDATATYPE_1 *info_1=NULL;
+	
+	if((info_1 = (PRINTPROCDATATYPE_1 *)malloc(sizeof(PRINTPROCDATATYPE_1))) == NULL)
+		return WERR_NOMEM;
+
+	(*returned) = 0x1;
+	
+	init_unistr(&info_1->name, "RAW");
+
+	*needed += spoolss_size_printprocdatatype_info_1(info_1);
+
+	if (!alloc_buffer_size(buffer, *needed))
+		return WERR_INSUFFICIENT_BUFFER;
+
+	smb_io_printprocdatatype_info_1("", buffer, info_1, 0);
+
+	SAFE_FREE(info_1);
+
+	if (*needed > offered) {
+		*returned=0;
+		return WERR_INSUFFICIENT_BUFFER;
+	}
+
+	return WERR_OK;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+WERROR _spoolss_enumprintprocdatatypes(pipes_struct *p, SPOOL_Q_ENUMPRINTPROCDATATYPES *q_u, SPOOL_R_ENUMPRINTPROCDATATYPES *r_u)
+{
+/*	UNISTR2 *name = &q_u->name; - notused. */
+/*	UNISTR2 *processor = &q_u->processor; - notused. */
+	uint32 level = q_u->level;
+	NEW_BUFFER *buffer = NULL;
+	uint32 offered = q_u->offered;
+	uint32 *needed = &r_u->needed;
+	uint32 *returned = &r_u->returned;
+
+	/* that's an [in out] buffer */
+	spoolss_move_buffer(q_u->buffer, &r_u->buffer);
+	buffer = r_u->buffer;
+
+ 	DEBUG(5,("_spoolss_enumprintprocdatatypes\n"));
+	
+	*returned=0;
+	*needed=0;
+	
+	switch (level) {
+	case 1:
+		return enumprintprocdatatypes_level_1(buffer, offered, needed, returned);
+	default:
+		return WERR_UNKNOWN_LEVEL;
+	}
+}
+
+/****************************************************************************
+ enumprintmonitors level 1.
+****************************************************************************/
+
+static WERROR enumprintmonitors_level_1(NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned)
+{
+	PRINTMONITOR_1 *info_1=NULL;
+	
+	if((info_1 = (PRINTMONITOR_1 *)malloc(sizeof(PRINTMONITOR_1))) == NULL)
+		return WERR_NOMEM;
+
+	(*returned) = 0x1;
+	
+	init_unistr(&info_1->name, "Local Port");
+
+	*needed += spoolss_size_printmonitor_info_1(info_1);
+
+	if (!alloc_buffer_size(buffer, *needed))
+		return WERR_INSUFFICIENT_BUFFER;
+
+	smb_io_printmonitor_info_1("", buffer, info_1, 0);
+
+	SAFE_FREE(info_1);
+
+	if (*needed > offered) {
+		*returned=0;
+		return WERR_INSUFFICIENT_BUFFER;
+	}
+
+	return WERR_OK;
+}
+
+/****************************************************************************
+ enumprintmonitors level 2.
+****************************************************************************/
+
+static WERROR enumprintmonitors_level_2(NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned)
+{
+	PRINTMONITOR_2 *info_2=NULL;
+	
+	if((info_2 = (PRINTMONITOR_2 *)malloc(sizeof(PRINTMONITOR_2))) == NULL)
+		return WERR_NOMEM;
+
+	(*returned) = 0x1;
+	
+	init_unistr(&info_2->name, "Local Port");
+	init_unistr(&info_2->environment, "Windows NT X86");
+	init_unistr(&info_2->dll_name, "localmon.dll");
+
+	*needed += spoolss_size_printmonitor_info_2(info_2);
+
+	if (!alloc_buffer_size(buffer, *needed))
+		return WERR_INSUFFICIENT_BUFFER;
+
+	smb_io_printmonitor_info_2("", buffer, info_2, 0);
+
+	SAFE_FREE(info_2);
+
+	if (*needed > offered) {
+		*returned=0;
+		return WERR_INSUFFICIENT_BUFFER;
+	}
+
+	return WERR_OK;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+WERROR _spoolss_enumprintmonitors(pipes_struct *p, SPOOL_Q_ENUMPRINTMONITORS *q_u, SPOOL_R_ENUMPRINTMONITORS *r_u)
+{
+/*	UNISTR2 *name = &q_u->name; - notused. */
+	uint32 level = q_u->level;
+    NEW_BUFFER *buffer = NULL;
+	uint32 offered = q_u->offered;
+    uint32 *needed = &r_u->needed;
+	uint32 *returned = &r_u->returned;
+
+	/* that's an [in out] buffer */
+	spoolss_move_buffer(q_u->buffer, &r_u->buffer);
+	buffer = r_u->buffer;
+
+ 	DEBUG(5,("spoolss_enumprintmonitors\n"));
+
+	/*
+	 * Enumerate the print monitors ...
+	 *
+	 * Just reply with "Local Port", to keep NT happy
+	 * and I can use my nice printer checker.
+	 */
+	
+	*returned=0;
+	*needed=0;
+	
+	switch (level) {
+	case 1:
+		return enumprintmonitors_level_1(buffer, offered, needed, returned);
+	case 2:
+		return enumprintmonitors_level_2(buffer, offered, needed, returned);
+	default:
+		return WERR_UNKNOWN_LEVEL;
+	}
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static WERROR getjob_level_1(print_queue_struct *queue, int count, int snum, uint32 jobid, NEW_BUFFER *buffer, uint32 offered, uint32 *needed)
+{
+	int i=0;
+	BOOL found=False;
+	JOB_INFO_1 *info_1=NULL;
+
+	info_1=(JOB_INFO_1 *)malloc(sizeof(JOB_INFO_1));
+
+	if (info_1 == NULL) {
+		SAFE_FREE(queue);
+		return WERR_NOMEM;
+	}
+		
+	for (i=0; i<count && found==False; i++) {
+		if (queue[i].job==(int)jobid)
+			found=True;
+	}
+	
+	if (found==False) {
+		SAFE_FREE(queue);
+		SAFE_FREE(info_1);
+		/* NT treats not found as bad param... yet another bad choice */
+		return WERR_INVALID_PARAM;
+	}
+	
+	fill_job_info_1(info_1, &(queue[i-1]), i, snum);
+	
+	SAFE_FREE(queue);
+	
+	*needed += spoolss_size_job_info_1(info_1);
+
+	if (!alloc_buffer_size(buffer, *needed)) {
+		SAFE_FREE(info_1);
+		return WERR_INSUFFICIENT_BUFFER;
+	}
+
+	smb_io_job_info_1("", buffer, info_1, 0);
+
+	SAFE_FREE(info_1);
+
+	if (*needed > offered)
+		return WERR_INSUFFICIENT_BUFFER;
+
+	return WERR_OK;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static WERROR getjob_level_2(print_queue_struct *queue, int count, int snum, uint32 jobid, NEW_BUFFER *buffer, uint32 offered, uint32 *needed)
+{
+	int i=0;
+	BOOL found=False;
+	JOB_INFO_2 *info_2;
+	NT_PRINTER_INFO_LEVEL *ntprinter = NULL;
+	WERROR ret;
+	DEVICEMODE *devmode = NULL;
+
+	info_2=(JOB_INFO_2 *)malloc(sizeof(JOB_INFO_2));
+
+	ZERO_STRUCTP(info_2);
+
+	if (info_2 == NULL) {
+		ret = WERR_NOMEM;
+		goto done;
+	}
+
+	for (i=0; i<count && found==False; i++) {
+		if (queue[i].job==(int)jobid)
+			found=True;
+	}
+	
+	if (found==False) {
+		/* NT treats not found as bad param... yet another bad
+		   choice */
+		ret = WERR_INVALID_PARAM;
+		goto done;
+	}
+	
+	ret = get_a_printer(&ntprinter, 2, lp_servicename(snum));
+	if (!W_ERROR_IS_OK(ret))
+		goto done;
+	if (construct_dev_mode(snum) == NULL) {
+		ret = WERR_NOMEM;
+		goto done;
+	}
+
+	fill_job_info_2(info_2, &(queue[i-1]), i, snum, ntprinter, devmode);
+	
+	*needed += spoolss_size_job_info_2(info_2);
+
+	if (!alloc_buffer_size(buffer, *needed)) {
+		ret = WERR_INSUFFICIENT_BUFFER;
+		goto done;
+	}
+
+	smb_io_job_info_2("", buffer, info_2, 0);
+
+	if (*needed > offered) {
+		ret = WERR_INSUFFICIENT_BUFFER;
+		goto done;
+	}
+
+	ret = WERR_OK;
+	
+ done:
+	/* Cleanup allocated memory */
+
+	SAFE_FREE(queue);
+	free_job_info_2(info_2);	/* Also frees devmode */
+	SAFE_FREE(info_2);
+	free_a_printer(&ntprinter, 2);
+	
+	return ret;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+WERROR _spoolss_getjob( pipes_struct *p, SPOOL_Q_GETJOB *q_u, SPOOL_R_GETJOB *r_u)
+{
+	POLICY_HND *handle = &q_u->handle;
+	uint32 jobid = q_u->jobid;
+	uint32 level = q_u->level;
+	NEW_BUFFER *buffer = NULL;
+	uint32 offered = q_u->offered;
+	uint32 *needed = &r_u->needed;
+
+	int snum;
+	int count;
+	print_queue_struct *queue=NULL;
+	print_status_struct prt_status;
+
+	/* that's an [in out] buffer */
+	spoolss_move_buffer(q_u->buffer, &r_u->buffer);
+	buffer = r_u->buffer;
+
+	DEBUG(5,("spoolss_getjob\n"));
+	
+	*needed=0;
+	
+	if (!get_printer_snum(p, handle, &snum))
+		return WERR_BADFID;
+	
+	count = print_queue_status(snum, &queue, &prt_status);
+	
+	DEBUGADD(4,("count:[%d], prt_status:[%d], [%s]\n",
+	             count, prt_status.status, prt_status.message));
+		
+	switch (level) {
+	case 1:
+		return getjob_level_1(queue, count, snum, jobid, buffer, offered, needed);
+	case 2:
+		return getjob_level_2(queue, count, snum, jobid, buffer, offered, needed);
+	default:
+		SAFE_FREE(queue);
+		return WERR_UNKNOWN_LEVEL;
+	}
+}
+
+/********************************************************************
+ * spoolss_getprinterdataex
+ ********************************************************************/
+
+WERROR _spoolss_getprinterdataex(pipes_struct *p, SPOOL_Q_GETPRINTERDATAEX *q_u, SPOOL_R_GETPRINTERDATAEX *r_u)
+{
+	POLICY_HND	*handle = &q_u->handle;
+	uint32 		in_size = q_u->size;
+	uint32 		*type = &r_u->type;
+	uint32 		*out_size = &r_u->size;
+	uint8 		**data = &r_u->data;
+	uint32 		*needed = &r_u->needed;
+
+	fstring 	key, value;
+	Printer_entry 	*Printer = find_printer_index_by_hnd(p, handle);
+	BOOL 		found = False;
+
+	DEBUG(4,("_spoolss_getprinterdataex\n"));
+
+        unistr2_to_ascii(key, &q_u->keyname, sizeof(key) - 1);
+        unistr2_to_ascii(value, &q_u->valuename, sizeof(value) - 1);
+
+	/* in case of problem, return some default values */
+	*needed=0;
+	*type=0;
+	*out_size=0;
+
+		
+	if (!Printer) {
+		if((*data=(uint8 *)talloc_zero(p->mem_ctx, 4*sizeof(uint8))) == NULL)
+			return WERR_NOMEM;
+		DEBUG(2,("_spoolss_getprinterdata: Invalid handle (%s:%u:%u).\n", OUR_HANDLE(handle)));
+		return WERR_BADFID;
+	}
+
+		
+	/* Is the handle to a printer or to the server? */
+
+	if (Printer->printer_type == PRINTER_HANDLE_IS_PRINTSERVER)
+	{
+		DEBUG(10,("_spoolss_getprinterdatex: Not implemented for server handles yet\n"));
+		return WERR_INVALID_PARAM;
+	}
+	else
+	{
+	        /* 
+		 * From MSDN documentation of GetPrinterDataEx: pass request
+		 * to GetPrinterData if key is "PrinterDriverData". This is 
+		 * the only key we really support. Other keys to implement:
+		 * (a) DsDriver
+		 * (b) DsSpooler
+		 * (c) PnPData
+		 */
+	   
+		if (strcmp(key, "PrinterDriverData") != 0)
+			return WERR_BADFILE;
+
+		DEBUG(10, ("_spoolss_getprinterdataex: pass me to getprinterdata\n"));
+		found = getprinterdata_printer(p, p->mem_ctx, handle, value, 
+			type, data, needed, in_size);
+		
+	}
+	 
+	if (!found) {
+		DEBUG(5, ("value not found, allocating %d\n", *out_size));
+		
+		/* reply this param doesn't exist */
+		if (*out_size) {
+			if((*data=(uint8 *)talloc_zero(p->mem_ctx, *out_size*sizeof(uint8))) == NULL)
+				return WERR_NOMEM;
+		} else {
+			*data = NULL;
+		}
+
+		return WERR_INVALID_PARAM;
+	}
+	
+	if (*needed > *out_size)
+		return WERR_MORE_DATA;
+	else
+		return WERR_OK;
+}
+
+/********************************************************************
+ * spoolss_setprinterdata
+ ********************************************************************/
+
+WERROR _spoolss_setprinterdataex(pipes_struct *p, SPOOL_Q_SETPRINTERDATAEX *q_u, SPOOL_R_SETPRINTERDATAEX *r_u)
+{
+	SPOOL_Q_SETPRINTERDATA q_u_local;
+	SPOOL_R_SETPRINTERDATA r_u_local;
+        fstring key;
+
+	DEBUG(4,("_spoolss_setprinterdataex\n"));
+
+        /* From MSDN documentation of SetPrinterDataEx: pass request to
+           SetPrinterData if key is "PrinterDriverData" */
+
+        unistr2_to_ascii(key, &q_u->key, sizeof(key) - 1);
+
+        if (strcmp(key, "PrinterDriverData") != 0)
+	        return WERR_INVALID_PARAM;
+		
+	ZERO_STRUCT(q_u_local);	
+	ZERO_STRUCT(r_u_local);	
+	
+	/* make a copy to call _spoolss_setprinterdata() */
+
+	memcpy(&q_u_local.handle, &q_u->handle, sizeof(POLICY_HND));
+	copy_unistr2(&q_u_local.value, &q_u->value);
+	q_u_local.type = q_u->type;
+	q_u_local.max_len = q_u->max_len;
+	q_u_local.data = q_u->data;
+	q_u_local.real_len = q_u->real_len;
+	q_u_local.numeric_data = q_u->numeric_data;
+		
+	return _spoolss_setprinterdata(p, &q_u_local, &r_u_local);
+}
+
+/********************************************************************
+ * spoolss_enumprinterkey
+ ********************************************************************/
+
+/* constants for EnumPrinterKey() */
+#define ENUMERATED_KEY_SIZE	19
+
+WERROR _spoolss_enumprinterkey(pipes_struct *p, SPOOL_Q_ENUMPRINTERKEY *q_u, SPOOL_R_ENUMPRINTERKEY *r_u)
+{
+	fstring key;
+	uint16  enumkeys[ENUMERATED_KEY_SIZE+1];
+	char*   ptr = NULL;
+	int     i;
+	char 	*PrinterKey = "PrinterDriverData";
+
+	DEBUG(4,("_spoolss_enumprinterkey\n"));
+
+	unistr2_to_ascii(key, &q_u->key, sizeof(key) - 1);
+
+	/* 
+	 * we only support enumating all keys (key == "")
+	 * Of course, the only key we support is the "PrinterDriverData" 
+	 * key
+	 */	
+	if (strlen(key) == 0)
+	{
+		r_u->needed = ENUMERATED_KEY_SIZE *2;
+		if (q_u->size < r_u->needed)
+			return WERR_MORE_DATA;
+	
+		ptr = PrinterKey;
+		for (i=0; i<ENUMERATED_KEY_SIZE-2; i++)
+		{
+			enumkeys[i] = (uint16)(*ptr);
+			ptr++;
+		}
+
+		/* tag of with 2 '\0's */
+		enumkeys[i++] = '\0';
+		enumkeys[i] = '\0';
+	
+		if (!make_spoolss_buffer5(p->mem_ctx, &r_u->keys, ENUMERATED_KEY_SIZE, enumkeys))
+			return WERR_BADFILE;
+			
+		return WERR_OK;
+	}
+	
+	/* The "PrinterDriverData" key should have no subkeys */
+	if (strcmp(key, PrinterKey) == 0)
+	{
+		r_u-> needed = 2;
+		if (q_u->size < r_u->needed)
+			return WERR_MORE_DATA;
+		enumkeys[0] = 0x0;
+		if (!make_spoolss_buffer5(p->mem_ctx, &r_u->keys, 1, enumkeys))
+			return WERR_BADFILE;
+			
+		return WERR_OK;
+	}
+	
+
+	/* The return value for an unknown key is documented in MSDN
+	   EnumPrinterKey description */
+        return WERR_BADFILE;
+}
+
+/********************************************************************
+ * spoolss_enumprinterdataex
+ ********************************************************************/
+
+WERROR _spoolss_enumprinterdataex(pipes_struct *p, SPOOL_Q_ENUMPRINTERDATAEX *q_u, SPOOL_R_ENUMPRINTERDATAEX *r_u)
+{
+	POLICY_HND	*handle = &q_u->handle; 
+	uint32 		in_size = q_u->size;
+	uint32 		num_entries, 
+			needed;
+	NT_PRINTER_INFO_LEVEL 	*printer = NULL;
+	PRINTER_ENUM_VALUES	*enum_values = NULL;
+	fstring 	key, value;
+	Printer_entry 	*Printer = find_printer_index_by_hnd(p, handle);
+	int 		snum;
+	uint32 		param_index, 
+			data_len,
+			type;
+	WERROR 		result;
+	uint8 		*data=NULL;
+	
+
+	DEBUG(4,("_spoolss_enumprinterdataex\n"));
+
+	if (!Printer) {
+		DEBUG(2,("_spoolss_enumprinterdata: Invalid handle (%s:%u:%u1<).\n", OUR_HANDLE(handle)));
+		return WERR_BADFID;
+	}
+
+		
+        /* 
+	 * The only key we support is "PrinterDriverData". This should return 
+	 > an array of all the key/value pairs returned by EnumPrinterDataSee 
+	 * _spoolss_getprinterdataex() for details    --jerry
+	 */
+   
+	unistr2_to_ascii(key, &q_u->key, sizeof(key) - 1);
+	if (strcmp(key, "PrinterDriverData") != 0)
+	{
+		DEBUG(10,("_spoolss_enumprinterdataex: Unknown keyname [%s]\n", key));
+		return WERR_INVALID_PARAM;
+	}
+
+
+	if (!get_printer_snum(p,handle, &snum))
+		return WERR_BADFID;
+	
+	ZERO_STRUCT(printer);
+	result = get_a_printer(&printer, 2, lp_servicename(snum));
+	if (!W_ERROR_IS_OK(result))
+		return result;
+
+	
+	/* 
+	 * loop through all params and build the array to pass 
+	 * back to the  client 
+	 */
+	result = WERR_OK;
+	param_index		= 0;
+	needed 			= 0;
+	num_entries		= 0;
+	
+	while (get_specific_param_by_index(*printer, 2, param_index, value, &data, &type, &data_len)) 
+	{
+		PRINTER_ENUM_VALUES	*ptr;
+		uint32			add_len = 0;
+
+		DEBUG(10,("retrieved value number [%d] [%s]\n", num_entries, value));
+
+		if ((ptr=talloc_realloc(p->mem_ctx, enum_values, (num_entries+1) * sizeof(PRINTER_ENUM_VALUES))) == NULL)
+		{
+			DEBUG(0,("talloc_realloc failed to allocate more memory!\n"));
+			result = WERR_NOMEM;
+			goto done;
+		}
+		enum_values = ptr;
+
+		/* copy the data */
+		init_unistr(&enum_values[num_entries].valuename, value);
+		enum_values[num_entries].value_len = (strlen(value)+1) * 2;
+		enum_values[num_entries].type      = type;
+		
+		if (!(enum_values[num_entries].data=talloc_zero(p->mem_ctx, data_len+add_len))) {
+			DEBUG(0,("talloc_realloc failed to allocate more memory for data!\n"));
+			result = WERR_NOMEM;
+			goto done;
+		}
+		memcpy(enum_values[num_entries].data, data, data_len);
+		enum_values[num_entries].data_len = data_len + add_len;
+
+		/* keep track of the size of the array in bytes */
+		
+		needed += spoolss_size_printer_enum_values(&enum_values[num_entries]);
+		
+		num_entries++;
+		param_index++;
+	}
+	
+	r_u->needed 		= needed;
+	r_u->returned 		= num_entries;
+
+	if (needed > in_size) {
+		result = WERR_MORE_DATA;
+		goto done;
+	}
+		
+	/* copy data into the reply */
+	
+	r_u->ctr.size        	= r_u->needed;
+	r_u->ctr.size_of_array 	= r_u->returned;
+	r_u->ctr.values 	= enum_values;
+	
+	
+		
+done:	
+	free_a_printer(&printer, 2);
+
+	return result;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static void fill_printprocessordirectory_1(PRINTPROCESSOR_DIRECTORY_1 *info, char *name)
+{
+	init_unistr(&info->name, name);
+}
+
+static WERROR getprintprocessordirectory_level_1(UNISTR2 *name, 
+						 UNISTR2 *environment, 
+						 NEW_BUFFER *buffer, 
+						 uint32 offered, 
+						 uint32 *needed)
+{
+	pstring path;
+	pstring long_archi;
+	pstring short_archi;
+	PRINTPROCESSOR_DIRECTORY_1 *info=NULL;
+
+	unistr2_to_ascii(long_archi, environment, sizeof(long_archi)-1);
+
+	if (get_short_archi(short_archi, long_archi)==FALSE)
+		return WERR_INVALID_ENVIRONMENT;
+
+	if((info=(PRINTPROCESSOR_DIRECTORY_1 *)malloc(sizeof(PRINTPROCESSOR_DIRECTORY_1))) == NULL)
+		return WERR_NOMEM;
+
+	/* Not sure what to return here - are UNC names valid here?.
+	   Windows returns the string: C:\WINNT\System32\spool\PRTPROCS\W32X86
+	   which is pretty bogus for a RPC. */
+
+	slprintf(path, sizeof(path)-1, "\\\\%s\\print$\\%s", get_called_name(), short_archi);
+
+	DEBUG(4,("print processor directory: [%s]\n", path));
+
+	fill_printprocessordirectory_1(info, path);
+	
+	*needed += spoolss_size_printprocessordirectory_info_1(info);
+
+	if (!alloc_buffer_size(buffer, *needed)) {
+		safe_free(info);
+		return WERR_INSUFFICIENT_BUFFER;
+	}
+
+	smb_io_printprocessordirectory_1("", buffer, info, 0);
+
+	safe_free(info);
+	
+	if (*needed > offered)
+		return WERR_INSUFFICIENT_BUFFER;
+	else
+		return WERR_OK;
+}
+
+WERROR _spoolss_getprintprocessordirectory(pipes_struct *p, SPOOL_Q_GETPRINTPROCESSORDIRECTORY *q_u, SPOOL_R_GETPRINTPROCESSORDIRECTORY *r_u)
+{
+	uint32 level = q_u->level;
+	NEW_BUFFER *buffer = NULL;
+	uint32 offered = q_u->offered;
+	uint32 *needed = &r_u->needed;
+
+	/* that's an [in out] buffer */
+	spoolss_move_buffer(q_u->buffer, &r_u->buffer);
+	buffer = r_u->buffer;
+
+ 	DEBUG(5,("_spoolss_getprintprocessordirectory\n"));
+	
+	*needed=0;
+
+	switch(level) {
+	case 1:
+		return getprintprocessordirectory_level_1
+		  (&q_u->name, &q_u->environment, buffer, offered, needed);
+	default:
+		return WERR_UNKNOWN_LEVEL;
+	}
+
+	return WERR_ACCESS_DENIED;
+}
+
diff --git a/source3/rpc_server/srv_srvsvc.c b/source3/rpc_server/srv_srvsvc.c
new file mode 100644
index 0000000000..ee4ec8aa0a
--- /dev/null
+++ b/source3/rpc_server/srv_srvsvc.c
@@ -0,0 +1,522 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell              1992-1997,
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
+ *  Copyright (C) Paul Ashton                       1997.
+ *  Copyright (C) Jeremy Allison					2001.
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+/* This is the interface to the srvsvc pipe. */
+
+#include "includes.h"
+
+/*******************************************************************
+ api_srv_net_srv_get_info
+********************************************************************/
+
+static BOOL api_srv_net_srv_get_info(pipes_struct *p)
+{
+	SRV_Q_NET_SRV_GET_INFO q_u;
+	SRV_R_NET_SRV_GET_INFO r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* grab the net server get info */
+	if (!srv_io_q_net_srv_get_info("", &q_u, data, 0))
+		return False;
+
+	r_u.status = _srv_net_srv_get_info(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if (!srv_io_r_net_srv_get_info("", &r_u, rdata, 0))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ api_srv_net_srv_get_info
+********************************************************************/
+
+static BOOL api_srv_net_srv_set_info(pipes_struct *p)
+{
+	SRV_Q_NET_SRV_SET_INFO q_u;
+	SRV_R_NET_SRV_SET_INFO r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* grab the net server set info */
+	if (!srv_io_q_net_srv_set_info("", &q_u, data, 0))
+		return False;
+
+	r_u.status = _srv_net_srv_set_info(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if (!srv_io_r_net_srv_set_info("", &r_u, rdata, 0))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ api_srv_net_file_enum
+********************************************************************/
+
+static BOOL api_srv_net_file_enum(pipes_struct *p)
+{
+	SRV_Q_NET_FILE_ENUM q_u;
+	SRV_R_NET_FILE_ENUM r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* grab the net file enum */
+	if (!srv_io_q_net_file_enum("", &q_u, data, 0))
+		return False;
+
+	r_u.status = _srv_net_file_enum(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!srv_io_r_net_file_enum("", &r_u, rdata, 0))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ api_srv_net_conn_enum
+********************************************************************/
+
+static BOOL api_srv_net_conn_enum(pipes_struct *p)
+{
+	SRV_Q_NET_CONN_ENUM q_u;
+	SRV_R_NET_CONN_ENUM r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* grab the net server get enum */
+	if (!srv_io_q_net_conn_enum("", &q_u, data, 0))
+		return False;
+
+	r_u.status = _srv_net_conn_enum(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if (!srv_io_r_net_conn_enum("", &r_u, rdata, 0))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Enumerate sessions.
+********************************************************************/
+
+static BOOL api_srv_net_sess_enum(pipes_struct *p)
+{
+	SRV_Q_NET_SESS_ENUM q_u;
+	SRV_R_NET_SESS_ENUM r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* grab the net server get enum */
+	if (!srv_io_q_net_sess_enum("", &q_u, data, 0))
+		return False;
+
+	/* construct reply.  always indicate success */
+	r_u.status = _srv_net_sess_enum(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if (!srv_io_r_net_sess_enum("", &r_u, rdata, 0))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ RPC to enumerate shares.
+********************************************************************/
+
+static BOOL api_srv_net_share_enum_all(pipes_struct *p)
+{
+	SRV_Q_NET_SHARE_ENUM q_u;
+	SRV_R_NET_SHARE_ENUM r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* Unmarshall the net server get enum. */
+	if(!srv_io_q_net_share_enum("", &q_u, data, 0)) {
+		DEBUG(0,("api_srv_net_share_enum_all: Failed to unmarshall SRV_Q_NET_SHARE_ENUM.\n"));
+		return False;
+	}
+
+	r_u.status = _srv_net_share_enum_all(p, &q_u, &r_u);
+
+	if (!srv_io_r_net_share_enum("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_srv_net_share_enum_all: Failed to marshall SRV_R_NET_SHARE_ENUM.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ RPC to enumerate shares.
+********************************************************************/
+
+static BOOL api_srv_net_share_enum(pipes_struct *p)
+{
+	SRV_Q_NET_SHARE_ENUM q_u;
+	SRV_R_NET_SHARE_ENUM r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* Unmarshall the net server get enum. */
+	if(!srv_io_q_net_share_enum("", &q_u, data, 0)) {
+		DEBUG(0,("api_srv_net_share_enum: Failed to unmarshall SRV_Q_NET_SHARE_ENUM.\n"));
+		return False;
+	}
+
+	r_u.status = _srv_net_share_enum(p, &q_u, &r_u);
+
+	if (!srv_io_r_net_share_enum("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_srv_net_share_enum: Failed to marshall SRV_R_NET_SHARE_ENUM.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ RPC to return share information.
+********************************************************************/
+
+static BOOL api_srv_net_share_get_info(pipes_struct *p)
+{
+	SRV_Q_NET_SHARE_GET_INFO q_u;
+	SRV_R_NET_SHARE_GET_INFO r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* Unmarshall the net server get info. */
+	if(!srv_io_q_net_share_get_info("", &q_u, data, 0)) {
+		DEBUG(0,("api_srv_net_share_get_info: Failed to unmarshall SRV_Q_NET_SHARE_GET_INFO.\n"));
+		return False;
+	}
+
+	r_u.status = _srv_net_share_get_info(p, &q_u, &r_u);
+
+	if(!srv_io_r_net_share_get_info("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_srv_net_share_get_info: Failed to marshall SRV_R_NET_SHARE_GET_INFO.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ RPC to set share information.
+********************************************************************/
+
+static BOOL api_srv_net_share_set_info(pipes_struct *p)
+{
+	SRV_Q_NET_SHARE_SET_INFO q_u;
+	SRV_R_NET_SHARE_SET_INFO r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* Unmarshall the net server set info. */
+	if(!srv_io_q_net_share_set_info("", &q_u, data, 0)) {
+		DEBUG(0,("api_srv_net_share_set_info: Failed to unmarshall SRV_Q_NET_SHARE_SET_INFO.\n"));
+		return False;
+	}
+
+	r_u.status = _srv_net_share_set_info(p, &q_u, &r_u);
+
+	if(!srv_io_r_net_share_set_info("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_srv_net_share_set_info: Failed to marshall SRV_R_NET_SHARE_SET_INFO.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ RPC to add share information.
+********************************************************************/
+
+static BOOL api_srv_net_share_add(pipes_struct *p)
+{
+	SRV_Q_NET_SHARE_ADD q_u;
+	SRV_R_NET_SHARE_ADD r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* Unmarshall the net server add info. */
+	if(!srv_io_q_net_share_add("", &q_u, data, 0)) {
+		DEBUG(0,("api_srv_net_share_add: Failed to unmarshall SRV_Q_NET_SHARE_ADD.\n"));
+		return False;
+	}
+
+	r_u.status = _srv_net_share_add(p, &q_u, &r_u);
+
+	if(!srv_io_r_net_share_add("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_srv_net_share_add: Failed to marshall SRV_R_NET_SHARE_ADD.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ RPC to delete share information.
+********************************************************************/
+
+static BOOL api_srv_net_share_del(pipes_struct *p)
+{
+	SRV_Q_NET_SHARE_DEL q_u;
+	SRV_R_NET_SHARE_DEL r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* Unmarshall the net server del info. */
+	if(!srv_io_q_net_share_del("", &q_u, data, 0)) {
+		DEBUG(0,("api_srv_net_share_del: Failed to unmarshall SRV_Q_NET_SHARE_DEL.\n"));
+		return False;
+	}
+
+	r_u.status = _srv_net_share_del(p, &q_u, &r_u);
+
+	if(!srv_io_r_net_share_del("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_srv_net_share_del: Failed to marshall SRV_R_NET_SHARE_DEL.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ api_srv_net_remote_tod
+********************************************************************/
+
+static BOOL api_srv_net_remote_tod(pipes_struct *p)
+{
+	SRV_Q_NET_REMOTE_TOD q_u;
+	SRV_R_NET_REMOTE_TOD r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* grab the net server get enum */
+	if(!srv_io_q_net_remote_tod("", &q_u, data, 0))
+		return False;
+
+	r_u.status = _srv_net_remote_tod(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!srv_io_r_net_remote_tod("", &r_u, rdata, 0))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ RPC to enumerate disks available on a server e.g. C:, D: ...
+*******************************************************************/
+
+static BOOL api_srv_net_disk_enum(pipes_struct *p) 
+{
+	SRV_Q_NET_DISK_ENUM q_u;
+	SRV_R_NET_DISK_ENUM r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* Unmarshall the net server disk enum. */
+	if(!srv_io_q_net_disk_enum("", &q_u, data, 0)) {
+		DEBUG(0,("api_srv_net_disk_enum: Failed to unmarshall SRV_Q_NET_DISK_ENUM.\n"));
+		return False;
+	}
+
+	r_u.status = _srv_net_disk_enum(p, &q_u, &r_u);
+
+	if(!srv_io_r_net_disk_enum("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_srv_net_disk_enum: Failed to marshall SRV_R_NET_DISK_ENUM.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ NetValidateName (opnum 0x21) 
+*******************************************************************/
+
+static BOOL api_srv_net_name_validate(pipes_struct *p) 
+{
+	SRV_Q_NET_NAME_VALIDATE q_u;
+	SRV_R_NET_NAME_VALIDATE r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+ 
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+  
+	/* Unmarshall the net server disk enum. */
+	if(!srv_io_q_net_name_validate("", &q_u, data, 0)) {
+		DEBUG(0,("api_srv_net_name_validate: Failed to unmarshall SRV_Q_NET_NAME_VALIDATE.\n"));
+		return False;
+	}
+
+	r_u.status = _srv_net_name_validate(p, &q_u, &r_u);
+
+	if(!srv_io_r_net_name_validate("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_srv_net_name_validate: Failed to marshall SRV_R_NET_NAME_VALIDATE.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ NetFileQuerySecdesc (opnum 0x27)
+*******************************************************************/
+
+static BOOL api_srv_net_file_query_secdesc(pipes_struct *p)
+{
+	SRV_Q_NET_FILE_QUERY_SECDESC q_u;
+	SRV_R_NET_FILE_QUERY_SECDESC r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* Unmarshall the net file get info from Win9x */
+	if(!srv_io_q_net_file_query_secdesc("", &q_u, data, 0)) {
+		DEBUG(0,("api_srv_net_file_query_secdesc: Failed to unmarshall SRV_Q_NET_FILE_QUERY_SECDESC.\n"));
+		return False;
+	}
+
+	r_u.status = _srv_net_file_query_secdesc(p, &q_u, &r_u);
+
+	if(!srv_io_r_net_file_query_secdesc("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_srv_net_file_query_secdesc: Failed to marshall SRV_R_NET_FILE_QUERY_SECDESC.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ NetFileSetSecdesc (opnum 0x28)
+*******************************************************************/
+
+static BOOL api_srv_net_file_set_secdesc(pipes_struct *p)
+{
+	SRV_Q_NET_FILE_SET_SECDESC q_u;
+	SRV_R_NET_FILE_SET_SECDESC r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* Unmarshall the net file set info from Win9x */
+	if(!srv_io_q_net_file_set_secdesc("", &q_u, data, 0)) {
+		DEBUG(0,("api_srv_net_file_set_secdesc: Failed to unmarshall SRV_Q_NET_FILE_SET_SECDESC.\n"));
+		return False;
+	}
+
+	r_u.status = _srv_net_file_set_secdesc(p, &q_u, &r_u);
+
+	if(!srv_io_r_net_file_set_secdesc("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_srv_net_file_set_secdesc: Failed to marshall SRV_R_NET_FILE_SET_SECDESC.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+\PIPE\srvsvc commands
+********************************************************************/
+
+struct api_struct api_srv_cmds[] =
+{
+	{ "SRV_NETCONNENUM"       , SRV_NETCONNENUM       , api_srv_net_conn_enum    },
+	{ "SRV_NETSESSENUM"       , SRV_NETSESSENUM       , api_srv_net_sess_enum    },
+	{ "SRV_NETSHAREENUM_ALL"  , SRV_NETSHAREENUM_ALL  , api_srv_net_share_enum_all   },
+	{ "SRV_NETSHAREENUM"      , SRV_NETSHAREENUM      , api_srv_net_share_enum   },
+	{ "SRV_NET_SHARE_ADD"     , SRV_NET_SHARE_ADD     , api_srv_net_share_add },
+	{ "SRV_NET_SHARE_DEL"     , SRV_NET_SHARE_DEL     , api_srv_net_share_del },
+	{ "SRV_NET_SHARE_GET_INFO", SRV_NET_SHARE_GET_INFO, api_srv_net_share_get_info },
+	{ "SRV_NET_SHARE_SET_INFO", SRV_NET_SHARE_SET_INFO, api_srv_net_share_set_info },
+	{ "SRV_NETFILEENUM"       , SRV_NETFILEENUM       , api_srv_net_file_enum    },
+	{ "SRV_NET_SRV_GET_INFO"  , SRV_NET_SRV_GET_INFO  , api_srv_net_srv_get_info },
+	{ "SRV_NET_SRV_SET_INFO"  , SRV_NET_SRV_SET_INFO  , api_srv_net_srv_set_info },
+	{ "SRV_NET_REMOTE_TOD"    , SRV_NET_REMOTE_TOD    , api_srv_net_remote_tod   },
+	{ "SRV_NET_DISK_ENUM"     , SRV_NET_DISK_ENUM     , api_srv_net_disk_enum    },
+	{ "SRV_NET_NAME_VALIDATE" , SRV_NET_NAME_VALIDATE , api_srv_net_name_validate},
+	{ "SRV_NETFILEQUERYSECDESC",SRV_NETFILEQUERYSECDESC,api_srv_net_file_query_secdesc},
+	{ "SRV_NETFILESETSECDESC" , SRV_NETFILESETSECDESC , api_srv_net_file_set_secdesc},
+	{ NULL                    , 0                     , NULL                     }
+};
+
+/*******************************************************************
+receives a srvsvc pipe and responds.
+********************************************************************/
+BOOL api_srvsvc_rpc(pipes_struct *p)
+{
+	return api_rpcTNP(p, "api_srvsvc_rpc", api_srv_cmds);
+}
diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c
new file mode 100644
index 0000000000..1f3b1945e3
--- /dev/null
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -0,0 +1,1935 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell              1992-1997,
+ *  Copyright (C) Jeremy Allison					2001.
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+/* This is the implementation of the srvsvc pipe. */
+
+#include "includes.h"
+
+extern pstring global_myname;
+
+/*******************************************************************
+ Fill in a share info level 1 structure.
+ ********************************************************************/
+
+static void init_srv_share_info_1(pipes_struct *p, SRV_SHARE_INFO_1 *sh1, int snum)
+{
+	int len_net_name;
+	pstring net_name;
+	pstring remark;
+	uint32 type;
+
+	pstrcpy(net_name, lp_servicename(snum));
+	pstrcpy(remark, lp_comment(snum));
+	standard_sub_conn(p->conn, remark);
+	len_net_name = strlen(net_name);
+
+	/* work out the share type */
+	type = STYPE_DISKTREE;
+		
+	if (lp_print_ok(snum))
+		type = STYPE_PRINTQ;
+	if (strequal("IPC$", net_name) || strequal("ADMIN$", net_name))
+		type = STYPE_IPC;
+	if (net_name[len_net_name] == '$')
+		type |= STYPE_HIDDEN;
+
+	init_srv_share_info1(&sh1->info_1, net_name, type, remark);
+	init_srv_share_info1_str(&sh1->info_1_str, net_name, remark);
+}
+
+/*******************************************************************
+ Fill in a share info level 2 structure.
+ ********************************************************************/
+
+static void init_srv_share_info_2(pipes_struct *p, SRV_SHARE_INFO_2 *sh2, int snum)
+{
+	int len_net_name;
+	pstring net_name;
+	pstring remark;
+	pstring path;
+	pstring passwd;
+	uint32 type;
+
+	pstrcpy(net_name, lp_servicename(snum));
+	pstrcpy(remark, lp_comment(snum));
+	standard_sub_conn(p->conn, remark);
+	pstrcpy(path, "C:");
+	pstrcat(path, lp_pathname(snum));
+
+	/*
+	 * Change / to \\ so that win2k will see it as a valid path.  This was added to
+	 * enable use of browsing in win2k add share dialog.
+	 */ 
+
+	string_replace(path, '/', '\\');
+
+	pstrcpy(passwd, "");
+	len_net_name = strlen(net_name);
+
+	/* work out the share type */
+	type = STYPE_DISKTREE;
+		
+	if (lp_print_ok(snum))
+		type = STYPE_PRINTQ;
+	if (strequal("IPC$", net_name) || strequal("ADMIN$", net_name))
+		type = STYPE_IPC;
+	if (net_name[len_net_name] == '$')
+		type |= STYPE_HIDDEN;
+
+	init_srv_share_info2(&sh2->info_2, net_name, type, remark, 0, 0xffffffff, 1, path, passwd);
+	init_srv_share_info2_str(&sh2->info_2_str, net_name, remark, path, passwd);
+}
+
+/*******************************************************************
+ What to do when smb.conf is updated.
+ ********************************************************************/
+
+static void smb_conf_updated(int msg_type, pid_t src, void *buf, size_t len)
+{
+	DEBUG(10,("smb_conf_updated: Got message saying smb.conf was updated. Reloading.\n"));
+	reload_services(False);
+}
+
+/*******************************************************************
+ Create the share security tdb.
+ ********************************************************************/
+
+static TDB_CONTEXT *share_tdb; /* used for share security descriptors */
+#define SHARE_DATABASE_VERSION_V1 1
+#define SHARE_DATABASE_VERSION_V2 2 /* version id in little endian. */
+
+BOOL share_info_db_init(void)
+{
+	static pid_t local_pid;
+	char *vstring = "INFO/version";
+	int32 vers_id;
+ 
+	if (share_tdb && local_pid == sys_getpid())
+		return True;
+	share_tdb = tdb_open_log(lock_path("share_info.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
+	if (!share_tdb) {
+		DEBUG(0,("Failed to open share info database %s (%s)\n",
+			lock_path("share_info.tdb"), strerror(errno) ));
+		return False;
+	}
+ 
+	local_pid = sys_getpid();
+ 
+	/* handle a Samba upgrade */
+	tdb_lock_bystring(share_tdb, vstring);
+
+	/* Cope with byte-reversed older versions of the db. */
+	vers_id = tdb_fetch_int32(share_tdb, vstring);
+	if ((vers_id == SHARE_DATABASE_VERSION_V1) || (IREV(vers_id) == SHARE_DATABASE_VERSION_V1)) {
+		/* Written on a bigendian machine with old fetch_int code. Save as le. */
+		tdb_store_int32(share_tdb, vstring, SHARE_DATABASE_VERSION_V2);
+		vers_id = SHARE_DATABASE_VERSION_V2;
+	}
+
+	if (vers_id != SHARE_DATABASE_VERSION_V2) {
+		tdb_traverse(share_tdb, tdb_traverse_delete_fn, NULL);
+		tdb_store_int32(share_tdb, vstring, SHARE_DATABASE_VERSION_V2);
+	}
+	tdb_unlock_bystring(share_tdb, vstring);
+
+	message_register(MSG_SMB_CONF_UPDATED, smb_conf_updated);
+ 
+	return True;
+}
+
+/*******************************************************************
+ Fake up a Everyone, full access as a default.
+ ********************************************************************/
+
+static SEC_DESC *get_share_security_default( TALLOC_CTX *ctx, int snum, size_t *psize)
+{
+	extern DOM_SID global_sid_World;
+	extern struct generic_mapping file_generic_mapping;
+	SEC_ACCESS sa;
+	SEC_ACE ace;
+	SEC_ACL *psa = NULL;
+	SEC_DESC *psd = NULL;
+	uint32 def_access = GENERIC_ALL_ACCESS;
+
+	se_map_generic(&def_access, &file_generic_mapping);
+
+	init_sec_access(&sa, GENERIC_ALL_ACCESS | def_access );
+	init_sec_ace(&ace, &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0);
+
+	if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 1, &ace)) != NULL) {
+		psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, psize);
+	}
+
+	if (!psd) {
+		DEBUG(0,("get_share_security: Failed to make SEC_DESC.\n"));
+		return NULL;
+	}
+
+	return psd;
+}
+
+/*******************************************************************
+ Pull a security descriptor from the share tdb.
+ ********************************************************************/
+
+static SEC_DESC *get_share_security( TALLOC_CTX *ctx, int snum, size_t *psize)
+{
+	prs_struct ps;
+	fstring key;
+	SEC_DESC *psd = NULL;
+
+	*psize = 0;
+
+	/* Fetch security descriptor from tdb */
+ 
+	slprintf(key, sizeof(key)-1, "SECDESC/%s", lp_servicename(snum));
+ 
+	if (tdb_prs_fetch(share_tdb, key, &ps, ctx)!=0 ||
+		!sec_io_desc("get_share_security", &psd, &ps, 1)) {
+ 
+		DEBUG(4,("get_share_security: using default secdesc for %s\n", lp_servicename(snum) ));
+ 
+		return get_share_security_default(ctx, snum, psize);
+	}
+
+	if (psd)
+		*psize = sec_desc_size(psd);
+
+	prs_mem_free(&ps);
+	return psd;
+}
+
+/*******************************************************************
+ Store a security descriptor in the share db.
+ ********************************************************************/
+
+static BOOL set_share_security(TALLOC_CTX *ctx, const char *share_name, SEC_DESC *psd)
+{
+	prs_struct ps;
+	TALLOC_CTX *mem_ctx = NULL;
+	fstring key;
+	BOOL ret = False;
+
+	mem_ctx = talloc_init();
+	if (mem_ctx == NULL)
+		return False;
+
+	prs_init(&ps, (uint32)sec_desc_size(psd), mem_ctx, MARSHALL);
+ 
+	if (!sec_io_desc("share_security", &psd, &ps, 1))
+		goto out;
+ 
+	slprintf(key, sizeof(key)-1, "SECDESC/%s", share_name);
+ 
+	if (tdb_prs_store(share_tdb, key, &ps)==0) {
+		ret = True;
+		DEBUG(5,("set_share_security: stored secdesc for %s\n", share_name ));
+	} else {
+		DEBUG(1,("set_share_security: Failed to store secdesc for %s\n", share_name ));
+	} 
+
+	/* Free malloc'ed memory */
+ 
+ out:
+ 
+	prs_mem_free(&ps);
+	if (mem_ctx)
+		talloc_destroy(mem_ctx);
+	return ret;
+}
+
+/*******************************************************************
+ Delete a security descriptor.
+********************************************************************/
+
+static BOOL delete_share_security(int snum)
+{
+	TDB_DATA kbuf;
+	fstring key;
+
+	slprintf(key, sizeof(key)-1, "SECDESC/%s", lp_servicename(snum));
+	kbuf.dptr = key;
+	kbuf.dsize = strlen(key)+1;
+
+	if (tdb_delete(share_tdb, kbuf) != 0) {
+		DEBUG(0,("delete_share_security: Failed to delete entry for share %s\n",
+				lp_servicename(snum) ));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ Map any generic bits to file specific bits.
+********************************************************************/
+
+void map_generic_share_sd_bits(SEC_DESC *psd)
+{
+	extern struct generic_mapping file_generic_mapping;
+	int i;
+	SEC_ACL *ps_dacl = NULL;
+
+	if (!psd)
+		return;
+
+	ps_dacl = psd->dacl;
+	if (!ps_dacl)
+		return;
+
+	for (i = 0; i < ps_dacl->num_aces; i++) {
+		SEC_ACE *psa = &ps_dacl->ace[i];
+		uint32 orig_mask = psa->info.mask;
+
+		se_map_generic(&psa->info.mask, &file_generic_mapping);
+		psa->info.mask |= orig_mask;
+	}	
+}
+
+/*******************************************************************
+ Can this user access with share with the required permissions ?
+********************************************************************/
+
+BOOL share_access_check(connection_struct *conn, int snum, uint16 vuid, uint32 desired_access)
+{
+	uint32 granted;
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = NULL;
+	SEC_DESC *psd = NULL;
+	size_t sd_size;
+	NT_USER_TOKEN *token = NULL;
+	user_struct *vuser = get_valid_user_struct(vuid);
+	BOOL ret = True;
+
+	mem_ctx = talloc_init();
+	if (mem_ctx == NULL)
+		return False;
+
+	psd = get_share_security(mem_ctx, snum, &sd_size);
+
+	if (!psd)
+		goto out;
+
+	if (vuser)
+		token = vuser->nt_user_token;
+	else
+		token = conn->nt_user_token;
+
+	ret = se_access_check(psd, token, desired_access, &granted, &status);
+
+  out:
+
+	talloc_destroy(mem_ctx);
+
+	return ret;
+}
+
+/*******************************************************************
+ Fill in a share info level 501 structure.
+********************************************************************/
+
+static void init_srv_share_info_501(pipes_struct *p, SRV_SHARE_INFO_501 *sh501, int snum)
+{
+	int len_net_name;
+	pstring net_name;
+	pstring remark;
+	uint32 type;
+
+	pstrcpy(net_name, lp_servicename(snum));
+	pstrcpy(remark, lp_comment(snum));
+	standard_sub_conn(p->conn, remark);
+
+	len_net_name = strlen(net_name);
+
+	/* work out the share type */
+	type = STYPE_DISKTREE;
+
+	if (lp_print_ok(snum))
+		type = STYPE_PRINTQ;
+	if (strequal("IPC$", net_name) || strequal("ADMIN$", net_name))
+		type = STYPE_IPC;
+	if (net_name[len_net_name] == '$')
+		type |= STYPE_HIDDEN;
+	
+	init_srv_share_info501(&sh501->info_501, net_name, type, remark, (lp_csc_policy(snum) << 4));
+	init_srv_share_info501_str(&sh501->info_501_str, net_name, remark);
+}
+
+/*******************************************************************
+ Fill in a share info level 502 structure.
+ ********************************************************************/
+
+static void init_srv_share_info_502(pipes_struct *p, SRV_SHARE_INFO_502 *sh502, int snum)
+{
+	int len_net_name;
+	pstring net_name;
+	pstring remark;
+	pstring path;
+	pstring passwd;
+	uint32 type;
+	SEC_DESC *sd;
+	size_t sd_size;
+	TALLOC_CTX *ctx = p->mem_ctx;
+
+
+	ZERO_STRUCTP(sh502);
+
+	pstrcpy(net_name, lp_servicename(snum));
+	pstrcpy(remark, lp_comment(snum));
+	standard_sub_conn(p->conn, remark);
+	pstrcpy(path, "C:");
+	pstrcat(path, lp_pathname(snum));
+
+	/*
+	 * Change / to \\ so that win2k will see it as a valid path.  This was added to
+	 * enable use of browsing in win2k add share dialog.
+	 */ 
+
+	string_replace(path, '/', '\\');
+
+	pstrcpy(passwd, "");
+	len_net_name = strlen(net_name);
+
+	/* work out the share type */
+	type = STYPE_DISKTREE;
+		
+	if (lp_print_ok(snum))
+		type = STYPE_PRINTQ;
+	if (strequal("IPC$", net_name))
+		type = STYPE_IPC;
+	if (net_name[len_net_name] == '$')
+		type |= STYPE_HIDDEN;
+
+	sd = get_share_security(ctx, snum, &sd_size);
+
+	init_srv_share_info502(&sh502->info_502, net_name, type, remark, 0, 0xffffffff, 1, path, passwd, sd, sd_size);
+	init_srv_share_info502_str(&sh502->info_502_str, &sh502->info_502, net_name, remark, path, passwd, sd, sd_size);
+}
+
+/***************************************************************************
+ Fill in a share info level 1005 structure.
+ ***************************************************************************/
+
+static void init_srv_share_info_1005(SRV_SHARE_INFO_1005* sh1005, int snum)
+{
+	sh1005->dfs_root_flag = 0;
+
+	if(lp_host_msdfs() && lp_msdfs_root(snum))
+		sh1005->dfs_root_flag = 3;
+}
+
+/*******************************************************************
+ True if it ends in '$'.
+ ********************************************************************/
+
+static BOOL is_admin_share(int snum)
+{
+	pstring net_name;
+
+	pstrcpy(net_name, lp_servicename(snum));
+	return (net_name[strlen(net_name)] == '$') ? True : False;
+}
+
+/*******************************************************************
+ Fill in a share info structure.
+ ********************************************************************/
+
+static BOOL init_srv_share_info_ctr(pipes_struct *p, SRV_SHARE_INFO_CTR *ctr,
+	       uint32 info_level, uint32 *resume_hnd, uint32 *total_entries, BOOL all_shares)
+{
+	int num_entries = 0;
+	int num_services = lp_numservices();
+	int snum;
+	TALLOC_CTX *ctx = p->mem_ctx;
+
+	DEBUG(5,("init_srv_share_info_ctr\n"));
+
+	ZERO_STRUCTPN(ctr);
+
+	ctr->info_level = ctr->switch_value = info_level;
+	*resume_hnd = 0;
+
+	/* Count the number of entries. */
+	for (snum = 0; snum < num_services; snum++) {
+		if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_admin_share(snum)) )
+			num_entries++;
+	}
+
+	*total_entries = num_entries;
+	ctr->num_entries2 = ctr->num_entries = num_entries;
+	ctr->ptr_share_info = ctr->ptr_entries = 1;
+
+	if (!num_entries)
+		return True;
+
+	switch (info_level) {
+	case 1:
+	{
+		SRV_SHARE_INFO_1 *info1;
+		int i = 0;
+
+		info1 = talloc(ctx, num_entries * sizeof(SRV_SHARE_INFO_1));
+
+		for (snum = *resume_hnd; snum < num_services; snum++) {
+			if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_admin_share(snum)) ) {
+				init_srv_share_info_1(p, &info1[i++], snum);
+			}
+		}
+
+		ctr->share.info1 = info1;
+		break;
+	}
+
+	case 2:
+	{
+		SRV_SHARE_INFO_2 *info2;
+		int i = 0;
+
+		info2 = talloc(ctx, num_entries * sizeof(SRV_SHARE_INFO_2));
+
+		for (snum = *resume_hnd; snum < num_services; snum++) {
+			if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_admin_share(snum)) ) {
+				init_srv_share_info_2(p, &info2[i++], snum);
+			}
+		}
+
+		ctr->share.info2 = info2;
+		break;
+	}
+
+	case 501:
+	{
+		SRV_SHARE_INFO_501 *info501;
+		int i = 0;
+	
+		info501 = talloc(ctx, num_entries * sizeof(SRV_SHARE_INFO_501));
+
+		for (snum = *resume_hnd; snum < num_services; snum++) {
+			if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_admin_share(snum)) ) {
+				init_srv_share_info_501(p, &info501[i++], snum);
+			}
+		}
+	
+		ctr->share.info501 = info501;
+		break;
+	}
+
+	case 502:
+	{
+		SRV_SHARE_INFO_502 *info502;
+		int i = 0;
+
+		info502 = talloc(ctx, num_entries * sizeof(SRV_SHARE_INFO_502));
+
+		for (snum = *resume_hnd; snum < num_services; snum++) {
+			if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_admin_share(snum)) ) {
+				init_srv_share_info_502(p, &info502[i++], snum);
+			}
+		}
+
+		ctr->share.info502 = info502;
+		break;
+	}
+
+	default:
+		DEBUG(5,("init_srv_share_info_ctr: unsupported switch value %d\n", info_level));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ Inits a SRV_R_NET_SHARE_ENUM structure.
+********************************************************************/
+
+static void init_srv_r_net_share_enum(pipes_struct *p, SRV_R_NET_SHARE_ENUM *r_n,
+				      uint32 info_level, uint32 resume_hnd, BOOL all)  
+{
+	DEBUG(5,("init_srv_r_net_share_enum: %d\n", __LINE__));
+
+	if (init_srv_share_info_ctr(p, &r_n->ctr, info_level,
+				    &resume_hnd, &r_n->total_entries, all)) {
+		r_n->status = WERR_OK;
+	} else {
+		r_n->status = WERR_UNKNOWN_LEVEL;
+	}
+
+	init_enum_hnd(&r_n->enum_hnd, resume_hnd);
+}
+
+/*******************************************************************
+ Inits a SRV_R_NET_SHARE_GET_INFO structure.
+********************************************************************/
+
+static void init_srv_r_net_share_get_info(pipes_struct *p, SRV_R_NET_SHARE_GET_INFO *r_n,
+				  char *share_name, uint32 info_level)
+{
+	WERROR status = WERR_OK;
+	int snum;
+
+	DEBUG(5,("init_srv_r_net_share_get_info: %d\n", __LINE__));
+
+	r_n->info.switch_value = info_level;
+
+	snum = find_service(share_name);
+
+	if (snum >= 0) {
+		switch (info_level) {
+		case 1:
+			init_srv_share_info_1(p, &r_n->info.share.info1, snum);
+			break;
+		case 2:
+			init_srv_share_info_2(p, &r_n->info.share.info2, snum);
+			break;
+		case 501:
+			init_srv_share_info_501(p, &r_n->info.share.info501, snum);
+			break;
+		case 502:
+			init_srv_share_info_502(p, &r_n->info.share.info502, snum);
+			break;
+		case 1005:
+			init_srv_share_info_1005(&r_n->info.share.info1005, snum);
+			break;
+		default:
+			DEBUG(5,("init_srv_net_share_get_info: unsupported switch value %d\n", info_level));
+			status = WERR_UNKNOWN_LEVEL;
+			break;
+		}
+	} else {
+		status = WERR_INVALID_NAME;
+	}
+
+	r_n->info.ptr_share_ctr = W_ERROR_IS_OK(status) ? 1 : 0;
+	r_n->status = status;
+}
+
+/*******************************************************************
+ fill in a sess info level 1 structure.
+ ********************************************************************/
+
+static void init_srv_sess_0_info(SESS_INFO_0 *se0, SESS_INFO_0_STR *str0, char *name)
+{
+	init_srv_sess_info0(se0, name);
+	init_srv_sess_info0_str(str0, name);
+}
+
+/*******************************************************************
+ fill in a sess info level 0 structure.
+ ********************************************************************/
+
+static void init_srv_sess_info_0(SRV_SESS_INFO_0 *ss0, uint32 *snum, uint32 *stot)
+{
+	uint32 num_entries = 0;
+	(*stot) = 1;
+
+	if (ss0 == NULL) {
+		(*snum) = 0;
+		return;
+	}
+
+	DEBUG(5,("init_srv_sess_0_ss0\n"));
+
+	if (snum) {
+		for (; (*snum) < (*stot) && num_entries < MAX_SESS_ENTRIES; (*snum)++) {
+			init_srv_sess_0_info(&ss0->info_0[num_entries],
+								 &ss0->info_0_str[num_entries], "MACHINE");
+
+			/* move on to creating next session */
+			/* move on to creating next sess */
+			num_entries++;
+		}
+
+		ss0->num_entries_read  = num_entries;
+		ss0->ptr_sess_info     = num_entries > 0 ? 1 : 0;
+		ss0->num_entries_read2 = num_entries;
+		
+		if ((*snum) >= (*stot)) {
+			(*snum) = 0;
+		}
+
+	} else {
+		ss0->num_entries_read = 0;
+		ss0->ptr_sess_info = 0;
+		ss0->num_entries_read2 = 0;
+	}
+}
+
+/*******************************************************************
+ fill in a sess info level 1 structure.
+ ********************************************************************/
+
+static void init_srv_sess_1_info(SESS_INFO_1 *se1, SESS_INFO_1_STR *str1,
+				char *name, char *user,
+				uint32 num_opens,
+				uint32 open_time, uint32 idle_time,
+				uint32 usr_flgs)
+{
+	init_srv_sess_info1(se1 , name, user, num_opens, open_time, idle_time, usr_flgs);
+	init_srv_sess_info1_str(str1, name, user);
+}
+
+/*******************************************************************
+ fill in a sess info level 1 structure.
+ ********************************************************************/
+
+static void init_srv_sess_info_1(SRV_SESS_INFO_1 *ss1, uint32 *snum, uint32 *stot)
+{
+	uint32 num_entries = 0;
+	(*stot) = 1;
+
+	if (ss1 == NULL) {
+		(*snum) = 0;
+		return;
+	}
+
+	DEBUG(5,("init_srv_sess_1_ss1\n"));
+
+	if (snum) {
+		for (; (*snum) < (*stot) && num_entries < MAX_SESS_ENTRIES; (*snum)++) {
+			init_srv_sess_1_info(&ss1->info_1[num_entries],
+								 &ss1->info_1_str[num_entries],
+			                     "MACHINE", "dummy_user", 1, 10, 5, 0);
+
+			/* move on to creating next session */
+			/* move on to creating next sess */
+			num_entries++;
+		}
+
+		ss1->num_entries_read  = num_entries;
+		ss1->ptr_sess_info     = num_entries > 0 ? 1 : 0;
+		ss1->num_entries_read2 = num_entries;
+		
+		if ((*snum) >= (*stot)) {
+			(*snum) = 0;
+		}
+
+	} else {
+		ss1->num_entries_read = 0;
+		ss1->ptr_sess_info = 0;
+		ss1->num_entries_read2 = 0;
+		
+		(*stot) = 0;
+	}
+}
+
+/*******************************************************************
+ makes a SRV_R_NET_SESS_ENUM structure.
+********************************************************************/
+
+static WERROR init_srv_sess_info_ctr(SRV_SESS_INFO_CTR *ctr,
+				int switch_value, uint32 *resume_hnd, uint32 *total_entries)
+{
+	WERROR status = WERR_OK;
+	DEBUG(5,("init_srv_sess_info_ctr: %d\n", __LINE__));
+
+	ctr->switch_value = switch_value;
+
+	switch (switch_value) {
+	case 0:
+		init_srv_sess_info_0(&(ctr->sess.info0), resume_hnd, total_entries);
+		ctr->ptr_sess_ctr = 1;
+		break;
+	case 1:
+		init_srv_sess_info_1(&(ctr->sess.info1), resume_hnd, total_entries);
+		ctr->ptr_sess_ctr = 1;
+		break;
+	default:
+		DEBUG(5,("init_srv_sess_info_ctr: unsupported switch value %d\n", switch_value));
+		(*resume_hnd) = 0;
+		(*total_entries) = 0;
+		ctr->ptr_sess_ctr = 0;
+		status = WERR_UNKNOWN_LEVEL;
+		break;
+	}
+
+	return status;
+}
+
+/*******************************************************************
+ makes a SRV_R_NET_SESS_ENUM structure.
+********************************************************************/
+
+static void init_srv_r_net_sess_enum(SRV_R_NET_SESS_ENUM *r_n,
+				uint32 resume_hnd, int sess_level, int switch_value)  
+{
+	DEBUG(5,("init_srv_r_net_sess_enum: %d\n", __LINE__));
+
+	r_n->sess_level  = sess_level;
+
+	if (sess_level == -1)
+		r_n->status = WERR_UNKNOWN_LEVEL;
+	else
+		r_n->status = init_srv_sess_info_ctr(r_n->ctr, switch_value, &resume_hnd, &r_n->total_entries);
+
+	if (!W_ERROR_IS_OK(r_n->status))
+		resume_hnd = 0;
+
+	init_enum_hnd(&r_n->enum_hnd, resume_hnd);
+}
+
+/*******************************************************************
+ fill in a conn info level 0 structure.
+ ********************************************************************/
+
+static void init_srv_conn_info_0(SRV_CONN_INFO_0 *ss0, uint32 *snum, uint32 *stot)
+{
+	uint32 num_entries = 0;
+	(*stot) = 1;
+
+	if (ss0 == NULL) {
+		(*snum) = 0;
+		return;
+	}
+
+	DEBUG(5,("init_srv_conn_0_ss0\n"));
+
+	if (snum) {
+		for (; (*snum) < (*stot) && num_entries < MAX_CONN_ENTRIES; (*snum)++) {
+
+			init_srv_conn_info0(&ss0->info_0[num_entries], (*stot));
+
+			/* move on to creating next connection */
+			/* move on to creating next conn */
+			num_entries++;
+		}
+
+		ss0->num_entries_read  = num_entries;
+		ss0->ptr_conn_info     = num_entries > 0 ? 1 : 0;
+		ss0->num_entries_read2 = num_entries;
+		
+		if ((*snum) >= (*stot)) {
+			(*snum) = 0;
+		}
+
+	} else {
+		ss0->num_entries_read = 0;
+		ss0->ptr_conn_info = 0;
+		ss0->num_entries_read2 = 0;
+
+		(*stot) = 0;
+	}
+}
+
+/*******************************************************************
+ fill in a conn info level 1 structure.
+ ********************************************************************/
+
+static void init_srv_conn_1_info(CONN_INFO_1 *se1, CONN_INFO_1_STR *str1,
+				uint32 id, uint32 type,
+				uint32 num_opens, uint32 num_users, uint32 open_time,
+				char *usr_name, char *net_name)
+{
+	init_srv_conn_info1(se1 , id, type, num_opens, num_users, open_time, usr_name, net_name);
+	init_srv_conn_info1_str(str1, usr_name, net_name);
+}
+
+/*******************************************************************
+ fill in a conn info level 1 structure.
+ ********************************************************************/
+
+static void init_srv_conn_info_1(SRV_CONN_INFO_1 *ss1, uint32 *snum, uint32 *stot)
+{
+	uint32 num_entries = 0;
+	(*stot) = 1;
+
+	if (ss1 == NULL) {
+		(*snum) = 0;
+		return;
+	}
+
+	DEBUG(5,("init_srv_conn_1_ss1\n"));
+
+	if (snum) {
+		for (; (*snum) < (*stot) && num_entries < MAX_CONN_ENTRIES; (*snum)++) {
+			init_srv_conn_1_info(&ss1->info_1[num_entries],
+								 &ss1->info_1_str[num_entries],
+			                     (*stot), 0x3, 1, 1, 3,"dummy_user", "IPC$");
+
+			/* move on to creating next connection */
+			/* move on to creating next conn */
+			num_entries++;
+		}
+
+		ss1->num_entries_read  = num_entries;
+		ss1->ptr_conn_info     = num_entries > 0 ? 1 : 0;
+		ss1->num_entries_read2 = num_entries;
+		
+
+		if ((*snum) >= (*stot)) {
+			(*snum) = 0;
+		}
+
+	} else {
+		ss1->num_entries_read = 0;
+		ss1->ptr_conn_info = 0;
+		ss1->num_entries_read2 = 0;
+		
+		(*stot) = 0;
+	}
+}
+
+/*******************************************************************
+ makes a SRV_R_NET_CONN_ENUM structure.
+********************************************************************/
+
+static WERROR init_srv_conn_info_ctr(SRV_CONN_INFO_CTR *ctr,
+				int switch_value, uint32 *resume_hnd, uint32 *total_entries)
+{
+	WERROR status = WERR_OK;
+	DEBUG(5,("init_srv_conn_info_ctr: %d\n", __LINE__));
+
+	ctr->switch_value = switch_value;
+
+	switch (switch_value) {
+	case 0:
+		init_srv_conn_info_0(&ctr->conn.info0, resume_hnd, total_entries);
+		ctr->ptr_conn_ctr = 1;
+		break;
+	case 1:
+		init_srv_conn_info_1(&ctr->conn.info1, resume_hnd, total_entries);
+		ctr->ptr_conn_ctr = 1;
+		break;
+	default:
+		DEBUG(5,("init_srv_conn_info_ctr: unsupported switch value %d\n", switch_value));
+		(*resume_hnd = 0);
+		(*total_entries) = 0;
+		ctr->ptr_conn_ctr = 0;
+		status = WERR_UNKNOWN_LEVEL;
+		break;
+	}
+
+	return status;
+}
+
+/*******************************************************************
+ makes a SRV_R_NET_CONN_ENUM structure.
+********************************************************************/
+
+static void init_srv_r_net_conn_enum(SRV_R_NET_CONN_ENUM *r_n,
+				uint32 resume_hnd, int conn_level, int switch_value)  
+{
+	DEBUG(5,("init_srv_r_net_conn_enum: %d\n", __LINE__));
+
+	r_n->conn_level  = conn_level;
+	if (conn_level == -1)
+		r_n->status = WERR_UNKNOWN_LEVEL;
+	else
+		r_n->status = init_srv_conn_info_ctr(r_n->ctr, switch_value, &resume_hnd, &r_n->total_entries);
+
+	if (!W_ERROR_IS_OK(r_n->status))
+		resume_hnd = 0;
+
+	init_enum_hnd(&r_n->enum_hnd, resume_hnd);
+}
+
+/*******************************************************************
+ fill in a file info level 3 structure.
+ ********************************************************************/
+
+static void init_srv_file_3_info(FILE_INFO_3 *fl3, FILE_INFO_3_STR *str3,
+				uint32 fnum, uint32 perms, uint32 num_locks,
+				char *path_name, char *user_name)
+{
+	init_srv_file_info3(fl3 , fnum, perms, num_locks, path_name, user_name);
+	init_srv_file_info3_str(str3, path_name, user_name);
+}
+
+/*******************************************************************
+ fill in a file info level 3 structure.
+ ********************************************************************/
+
+static void init_srv_file_info_3(SRV_FILE_INFO_3 *fl3, uint32 *fnum, uint32 *ftot)
+{
+	uint32 num_entries = 0;
+	(*ftot) = 1;
+
+	if (fl3 == NULL) {
+		(*fnum) = 0;
+		return;
+	}
+
+	DEBUG(5,("init_srv_file_3_fl3\n"));
+
+	for (; (*fnum) < (*ftot) && num_entries < MAX_FILE_ENTRIES; (*fnum)++) {
+		init_srv_file_3_info(&fl3->info_3[num_entries],
+			                 &fl3->info_3_str[num_entries],
+		                     (*fnum), 0x35, 0, "\\PIPE\\samr", "dummy user");
+
+		/* move on to creating next file */
+		num_entries++;
+	}
+
+	fl3->num_entries_read  = num_entries;
+	fl3->ptr_file_info     = num_entries > 0 ? 1 : 0;
+	fl3->num_entries_read2 = num_entries;
+	
+	if ((*fnum) >= (*ftot)) {
+		(*fnum) = 0;
+	}
+}
+
+/*******************************************************************
+ makes a SRV_R_NET_FILE_ENUM structure.
+********************************************************************/
+
+static WERROR init_srv_file_info_ctr(SRV_FILE_INFO_CTR *ctr,
+				int switch_value, uint32 *resume_hnd, uint32 *total_entries)  
+{
+	WERROR status = WERR_OK;
+	DEBUG(5,("init_srv_file_info_ctr: %d\n", __LINE__));
+
+	ctr->switch_value = switch_value;
+
+	switch (switch_value) {
+	case 3:
+		init_srv_file_info_3(&ctr->file.info3, resume_hnd, total_entries);
+		ctr->ptr_file_ctr = 1;
+		break;
+	default:
+		DEBUG(5,("init_srv_file_info_ctr: unsupported switch value %d\n", switch_value));
+		(*resume_hnd = 0);
+		(*total_entries) = 0;
+		ctr->ptr_file_ctr = 0;
+		status = WERR_UNKNOWN_LEVEL;
+		break;
+	}
+
+	return status;
+}
+
+/*******************************************************************
+ makes a SRV_R_NET_FILE_ENUM structure.
+********************************************************************/
+
+static void init_srv_r_net_file_enum(SRV_R_NET_FILE_ENUM *r_n,
+				uint32 resume_hnd, int file_level, int switch_value)  
+{
+	DEBUG(5,("init_srv_r_net_file_enum: %d\n", __LINE__));
+
+	r_n->file_level  = file_level;
+	if (file_level == 0)
+		r_n->status = WERR_UNKNOWN_LEVEL;
+	else
+		r_n->status = init_srv_file_info_ctr(r_n->ctr, switch_value, &resume_hnd, &(r_n->total_entries));
+
+	if (!W_ERROR_IS_OK(r_n->status))
+		resume_hnd = 0;
+
+	init_enum_hnd(&r_n->enum_hnd, resume_hnd);
+}
+
+/*******************************************************************
+net server get info
+********************************************************************/
+
+WERROR _srv_net_srv_get_info(pipes_struct *p, SRV_Q_NET_SRV_GET_INFO *q_u, SRV_R_NET_SRV_GET_INFO *r_u)
+{
+	WERROR status = WERR_OK;
+	SRV_INFO_CTR *ctr = (SRV_INFO_CTR *)talloc(p->mem_ctx, sizeof(SRV_INFO_CTR));
+
+	if (!ctr)
+		return WERR_NOMEM;
+
+	ZERO_STRUCTP(ctr);
+
+	DEBUG(5,("srv_net_srv_get_info: %d\n", __LINE__));
+
+	switch (q_u->switch_value) {
+	case 102:
+		init_srv_info_102(&ctr->srv.sv102,
+		                  500, global_myname, 
+						string_truncate(lp_serverstring(), MAX_SERVER_STRING_LENGTH),
+		                  lp_major_announce_version(), lp_minor_announce_version(),
+		                  lp_default_server_announce(),
+		                  0xffffffff, /* users */
+		                  0xf, /* disc */
+		                  0, /* hidden */
+		                  240, /* announce */
+		                  3000, /* announce delta */
+		                  100000, /* licenses */
+		                  "c:\\"); /* user path */
+		break;
+	case 101:
+		init_srv_info_101(&ctr->srv.sv101,
+		                  500, global_myname,
+		                  lp_major_announce_version(), lp_minor_announce_version(),
+		                  lp_default_server_announce(),
+		                  string_truncate(lp_serverstring(), MAX_SERVER_STRING_LENGTH));
+		break;
+	case 100:
+		init_srv_info_100(&ctr->srv.sv100, 500, global_myname);
+		break;
+	default:
+		status = WERR_UNKNOWN_LEVEL;
+		break;
+	}
+
+	/* set up the net server get info structure */
+	init_srv_r_net_srv_get_info(r_u, q_u->switch_value, ctr, status);
+
+	DEBUG(5,("srv_net_srv_get_info: %d\n", __LINE__));
+
+	return r_u->status;
+}
+
+/*******************************************************************
+net server set info
+********************************************************************/
+
+WERROR _srv_net_srv_set_info(pipes_struct *p, SRV_Q_NET_SRV_SET_INFO *q_u, SRV_R_NET_SRV_SET_INFO *r_u)
+{
+	WERROR status = WERR_OK;
+
+	DEBUG(5,("srv_net_srv_set_info: %d\n", __LINE__));
+
+	/* Set up the net server set info structure. */
+
+	init_srv_r_net_srv_set_info(r_u, 0x0, status);
+
+	DEBUG(5,("srv_net_srv_set_info: %d\n", __LINE__));
+
+	return r_u->status;
+}
+
+/*******************************************************************
+net file enum
+********************************************************************/
+
+WERROR _srv_net_file_enum(pipes_struct *p, SRV_Q_NET_FILE_ENUM *q_u, SRV_R_NET_FILE_ENUM *r_u)
+{
+	r_u->ctr = (SRV_FILE_INFO_CTR *)talloc(p->mem_ctx, sizeof(SRV_FILE_INFO_CTR));
+	if (!r_u->ctr)
+		return WERR_NOMEM;
+
+	ZERO_STRUCTP(r_u->ctr);
+
+	DEBUG(5,("srv_net_file_enum: %d\n", __LINE__));
+
+	/* set up the */
+	init_srv_r_net_file_enum(r_u,
+				get_enum_hnd(&q_u->enum_hnd),
+				q_u->file_level,
+				q_u->ctr->switch_value);
+
+	DEBUG(5,("srv_net_file_enum: %d\n", __LINE__));
+
+	return r_u->status;
+}
+
+/*******************************************************************
+net conn enum
+********************************************************************/
+
+WERROR _srv_net_conn_enum(pipes_struct *p, SRV_Q_NET_CONN_ENUM *q_u, SRV_R_NET_CONN_ENUM *r_u)
+{
+	DEBUG(5,("srv_net_conn_enum: %d\n", __LINE__));
+
+	r_u->ctr = (SRV_CONN_INFO_CTR *)talloc(p->mem_ctx, sizeof(SRV_CONN_INFO_CTR));
+	if (!r_u->ctr)
+		return WERR_NOMEM;
+
+	ZERO_STRUCTP(r_u->ctr);
+
+	/* set up the */
+	init_srv_r_net_conn_enum(r_u,
+				get_enum_hnd(&q_u->enum_hnd),
+				q_u->conn_level,
+				q_u->ctr->switch_value);
+
+	DEBUG(5,("srv_net_conn_enum: %d\n", __LINE__));
+
+	return r_u->status;
+}
+
+/*******************************************************************
+net sess enum
+********************************************************************/
+
+WERROR _srv_net_sess_enum(pipes_struct *p, SRV_Q_NET_SESS_ENUM *q_u, SRV_R_NET_SESS_ENUM *r_u)
+{
+	DEBUG(5,("_srv_net_sess_enum: %d\n", __LINE__));
+
+	r_u->ctr = (SRV_SESS_INFO_CTR *)talloc(p->mem_ctx, sizeof(SRV_SESS_INFO_CTR));
+	if (!r_u->ctr)
+		return WERR_NOMEM;
+
+	ZERO_STRUCTP(r_u->ctr);
+
+	/* set up the */
+	init_srv_r_net_sess_enum(r_u,
+				get_enum_hnd(&q_u->enum_hnd),
+				q_u->sess_level,
+				q_u->ctr->switch_value);
+
+	DEBUG(5,("_srv_net_sess_enum: %d\n", __LINE__));
+
+	return r_u->status;
+}
+
+/*******************************************************************
+ Net share enum all.
+********************************************************************/
+
+WERROR _srv_net_share_enum_all(pipes_struct *p, SRV_Q_NET_SHARE_ENUM *q_u, SRV_R_NET_SHARE_ENUM *r_u)
+{
+	DEBUG(5,("_srv_net_share_enum: %d\n", __LINE__));
+
+	/* Create the list of shares for the response. */
+	init_srv_r_net_share_enum(p, r_u,
+				q_u->ctr.info_level,
+				get_enum_hnd(&q_u->enum_hnd), True);
+
+	DEBUG(5,("_srv_net_share_enum: %d\n", __LINE__));
+
+	return r_u->status;
+}
+
+/*******************************************************************
+ Net share enum.
+********************************************************************/
+
+WERROR _srv_net_share_enum(pipes_struct *p, SRV_Q_NET_SHARE_ENUM *q_u, SRV_R_NET_SHARE_ENUM *r_u)
+{
+	DEBUG(5,("_srv_net_share_enum: %d\n", __LINE__));
+
+	/* Create the list of shares for the response. */
+	init_srv_r_net_share_enum(p, r_u,
+				q_u->ctr.info_level,
+				get_enum_hnd(&q_u->enum_hnd), False);
+
+	DEBUG(5,("_srv_net_share_enum: %d\n", __LINE__));
+
+	return r_u->status;
+}
+
+/*******************************************************************
+ Net share get info.
+********************************************************************/
+
+WERROR _srv_net_share_get_info(pipes_struct *p, SRV_Q_NET_SHARE_GET_INFO *q_u, SRV_R_NET_SHARE_GET_INFO *r_u)
+{
+	fstring share_name;
+
+	DEBUG(5,("_srv_net_share_get_info: %d\n", __LINE__));
+
+	/* Create the list of shares for the response. */
+	unistr2_to_ascii(share_name, &q_u->uni_share_name, sizeof(share_name));
+	init_srv_r_net_share_get_info(p, r_u, share_name, q_u->info_level);
+
+	DEBUG(5,("_srv_net_share_get_info: %d\n", __LINE__));
+
+	return r_u->status;
+}
+
+/*******************************************************************
+ Check a given DOS pathname is valid for a share.
+********************************************************************/
+
+static char *valid_share_pathname(char *dos_pathname)
+{
+	pstring saved_pathname;
+	pstring unix_pathname;
+	char *ptr;
+	int ret;
+
+	/* Convert any '\' paths to '/' */
+	unix_format(dos_pathname);
+	unix_clean_name(dos_pathname);
+
+	/* NT is braindead - it wants a C: prefix to a pathname ! So strip it. */
+	ptr = dos_pathname;
+	if (strlen(dos_pathname) > 2 && ptr[1] == ':' && ptr[0] != '/')
+		ptr += 2;
+
+	/* Only abolute paths allowed. */
+	if (*ptr != '/')
+		return NULL;
+
+	/* Can we cd to it ? */
+
+	/* First save our current directory. */
+	if (getcwd(saved_pathname, sizeof(saved_pathname)) == NULL)
+		return False;
+
+	pstrcpy(unix_pathname, ptr);
+	
+	ret = chdir(unix_pathname);
+
+	/* We *MUST* be able to chdir back. Abort if we can't. */
+	if (chdir(saved_pathname) == -1)
+		smb_panic("valid_share_pathname: Unable to restore current directory.\n");
+
+	return (ret != -1) ? ptr : NULL;
+}
+
+/*******************************************************************
+ Net share set info. Modify share details.
+********************************************************************/
+
+WERROR _srv_net_share_set_info(pipes_struct *p, SRV_Q_NET_SHARE_SET_INFO *q_u, SRV_R_NET_SHARE_SET_INFO *r_u)
+{
+	struct current_user user;
+	pstring command;
+	fstring share_name;
+	fstring comment;
+	pstring pathname;
+	int type;
+	int snum;
+	int ret;
+	char *ptr;
+	SEC_DESC *psd = NULL;
+
+	DEBUG(5,("_srv_net_share_set_info: %d\n", __LINE__));
+
+	unistr2_to_ascii(share_name, &q_u->uni_share_name, sizeof(share_name));
+
+	r_u->switch_value = 0;
+
+	if (strequal(share_name,"IPC$") || strequal(share_name,"ADMIN$") || strequal(share_name,"global"))
+		return WERR_ACCESS_DENIED;
+
+	snum = find_service(share_name);
+
+	/* Does this share exist ? */
+	if (snum < 0)
+		return WERR_INVALID_NAME;
+
+	/* No change to printer shares. */
+	if (lp_print_ok(snum))
+		return WERR_ACCESS_DENIED;
+
+	get_current_user(&user,p);
+
+	if (user.uid != 0)
+		return WERR_ACCESS_DENIED;
+
+	switch (q_u->info_level) {
+	case 1:
+		/* Not enough info in a level 1 to do anything. */
+		return WERR_ACCESS_DENIED;
+	case 2:
+		unistr2_to_ascii(comment, &q_u->info.share.info2.info_2_str.uni_remark, sizeof(share_name));
+		unistr2_to_ascii(pathname, &q_u->info.share.info2.info_2_str.uni_path, sizeof(share_name));
+		type = q_u->info.share.info2.info_2.type;
+		psd = NULL;
+		break;
+	case 502:
+		unistr2_to_ascii(comment, &q_u->info.share.info502.info_502_str.uni_remark, sizeof(share_name));
+		unistr2_to_ascii(pathname, &q_u->info.share.info502.info_502_str.uni_path, sizeof(share_name));
+		type = q_u->info.share.info502.info_502.type;
+		psd = q_u->info.share.info502.info_502_str.sd;
+		map_generic_share_sd_bits(psd);
+		break;
+	case 1005:
+		return WERR_ACCESS_DENIED;
+	case 1501:
+		fstrcpy(pathname, lp_pathname(snum));
+		fstrcpy(comment, lp_comment(snum));
+		psd = q_u->info.share.info1501.sdb->sec;
+		map_generic_share_sd_bits(psd);
+		type = STYPE_DISKTREE;
+		break;
+	default:
+		DEBUG(5,("_srv_net_share_set_info: unsupported switch value %d\n", q_u->info_level));
+		return WERR_UNKNOWN_LEVEL;
+	}
+
+	/* We can only modify disk shares. */
+	if (type != STYPE_DISKTREE)
+		return WERR_ACCESS_DENIED;
+		
+	/* Check if the pathname is valid. */
+	if (!(ptr = valid_share_pathname( pathname )))
+		return WERR_OBJECT_PATH_INVALID;
+
+	/* Ensure share name, pathname and comment don't contain '"' characters. */
+	string_replace(share_name, '"', ' ');
+	string_replace(ptr, '"', ' ');
+	string_replace(comment, '"', ' ');
+
+	DEBUG(10,("_srv_net_share_set_info: change share command = %s\n",
+		lp_change_share_cmd() ? lp_change_share_cmd() : "NULL" ));
+
+	/* Only call modify function if something changed. */
+
+	if (strcmp(ptr, lp_pathname(snum)) || strcmp(comment, lp_comment(snum)) ) {
+		if (!lp_change_share_cmd() || !*lp_change_share_cmd())
+			return WERR_ACCESS_DENIED;
+
+		slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\" \"%s\" \"%s\"",
+				lp_change_share_cmd(), dyn_CONFIGFILE, share_name, ptr, comment);
+
+		DEBUG(10,("_srv_net_share_set_info: Running [%s]\n", command ));
+		if ((ret = smbrun(command, NULL)) != 0) {
+			DEBUG(0,("_srv_net_share_set_info: Running [%s] returned (%d)\n", command, ret ));
+			return WERR_ACCESS_DENIED;
+		}
+
+		/* Tell everyone we updated smb.conf. */
+		message_send_all(conn_tdb_ctx(), MSG_SMB_CONF_UPDATED, NULL, 0, False, NULL);
+
+	} else {
+		DEBUG(10,("_srv_net_share_set_info: No change to share name (%s)\n", share_name ));
+	}
+
+	/* Replace SD if changed. */
+	if (psd) {
+		SEC_DESC *old_sd;
+		size_t sd_size;
+
+		old_sd = get_share_security(p->mem_ctx, snum, &sd_size);
+
+		if (old_sd && !sec_desc_equal(old_sd, psd)) {
+			if (!set_share_security(p->mem_ctx, share_name, psd))
+				DEBUG(0,("_srv_net_share_set_info: Failed to change security info in share %s.\n",
+					share_name ));
+		}
+	}
+
+	DEBUG(5,("_srv_net_share_set_info: %d\n", __LINE__));
+
+	return WERR_OK;
+}
+
+/*******************************************************************
+ Net share add. Call 'add_share_command "sharename" "pathname" "comment" "read only = xxx"'
+********************************************************************/
+
+WERROR _srv_net_share_add(pipes_struct *p, SRV_Q_NET_SHARE_ADD *q_u, SRV_R_NET_SHARE_ADD *r_u)
+{
+	struct current_user user;
+	pstring command;
+	fstring share_name;
+	fstring comment;
+	pstring pathname;
+	int type;
+	int snum;
+	int ret;
+	char *ptr;
+	SEC_DESC *psd = NULL;
+
+	DEBUG(5,("_srv_net_share_add: %d\n", __LINE__));
+
+	r_u->switch_value = 0;
+
+	get_current_user(&user,p);
+
+	if (user.uid != 0) {
+		DEBUG(10,("_srv_net_share_add: uid != 0. Access denied.\n"));
+		return WERR_ACCESS_DENIED;
+	}
+
+	if (!lp_add_share_cmd() || !*lp_add_share_cmd()) {
+		DEBUG(10,("_srv_net_share_add: No add share command\n"));
+		return WERR_ACCESS_DENIED;
+	}
+
+	switch (q_u->info_level) {
+	case 1:
+		/* Not enough info in a level 1 to do anything. */
+		return WERR_ACCESS_DENIED;
+	case 2:
+		unistr2_to_ascii(share_name, &q_u->info.share.info2.info_2_str.uni_netname, sizeof(share_name));
+		unistr2_to_ascii(comment, &q_u->info.share.info2.info_2_str.uni_remark, sizeof(share_name));
+		unistr2_to_ascii(pathname, &q_u->info.share.info2.info_2_str.uni_path, sizeof(share_name));
+		type = q_u->info.share.info2.info_2.type;
+		break;
+	case 502:
+		unistr2_to_ascii(share_name, &q_u->info.share.info502.info_502_str.uni_netname, sizeof(share_name));
+		unistr2_to_ascii(comment, &q_u->info.share.info502.info_502_str.uni_remark, sizeof(share_name));
+		unistr2_to_ascii(pathname, &q_u->info.share.info502.info_502_str.uni_path, sizeof(share_name));
+		type = q_u->info.share.info502.info_502.type;
+		psd = q_u->info.share.info502.info_502_str.sd;
+		map_generic_share_sd_bits(psd);
+		break;
+	case 1005:
+		/* DFS only level. */
+		return WERR_ACCESS_DENIED;
+	default:
+		DEBUG(5,("_srv_net_share_add: unsupported switch value %d\n", q_u->info_level));
+		return WERR_UNKNOWN_LEVEL;
+	}
+
+	if (strequal(share_name,"IPC$") || strequal(share_name,"ADMIN$") || strequal(share_name,"global"))
+		return WERR_ACCESS_DENIED;
+
+	snum = find_service(share_name);
+
+	/* Share already exists. */
+	if (snum >= 0)
+		return WERR_ALREADY_EXISTS;
+
+	/* We can only add disk shares. */
+	if (type != STYPE_DISKTREE)
+		return WERR_ACCESS_DENIED;
+		
+	/* Check if the pathname is valid. */
+	if (!(ptr = valid_share_pathname( pathname )))
+		return WERR_OBJECT_PATH_INVALID;
+
+	/* Ensure share name, pathname and comment don't contain '"' characters. */
+	string_replace(share_name, '"', ' ');
+	string_replace(ptr, '"', ' ');
+	string_replace(comment, '"', ' ');
+
+	slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\" \"%s\" \"%s\"",
+			lp_add_share_cmd(), dyn_CONFIGFILE, share_name, ptr, comment);
+
+	DEBUG(10,("_srv_net_share_add: Running [%s]\n", command ));
+	if ((ret = smbrun(command, NULL)) != 0) {
+		DEBUG(0,("_srv_net_share_add: Running [%s] returned (%d)\n", command, ret ));
+		return WERR_ACCESS_DENIED;
+	}
+
+	if (psd) {
+		if (!set_share_security(p->mem_ctx, share_name, psd))
+			DEBUG(0,("_srv_net_share_add: Failed to add security info to share %s.\n",
+				share_name ));
+	}
+
+	/* Tell everyone we updated smb.conf. */
+	message_send_all(conn_tdb_ctx(), MSG_SMB_CONF_UPDATED, NULL, 0, False, NULL);
+
+	/*
+	 * We don't call reload_services() here, the message will
+	 * cause this to be done before the next packet is read
+	 * from the client. JRA.
+	 */
+
+	DEBUG(5,("_srv_net_share_add: %d\n", __LINE__));
+
+	return WERR_OK;
+}
+
+/*******************************************************************
+ Net share delete. Call "delete share command" with the share name as
+ a parameter.
+********************************************************************/
+
+WERROR _srv_net_share_del(pipes_struct *p, SRV_Q_NET_SHARE_DEL *q_u, SRV_R_NET_SHARE_DEL *r_u)
+{
+	struct current_user user;
+	pstring command;
+	fstring share_name;
+	int ret;
+	int snum;
+
+	DEBUG(5,("_srv_net_share_del: %d\n", __LINE__));
+
+	unistr2_to_ascii(share_name, &q_u->uni_share_name, sizeof(share_name));
+
+	if (strequal(share_name,"IPC$") || strequal(share_name,"ADMIN$") || strequal(share_name,"global"))
+		return WERR_ACCESS_DENIED;
+
+	snum = find_service(share_name);
+
+	if (snum < 0)
+		return WERR_NO_SUCH_SHARE;
+
+	/* No change to printer shares. */
+	if (lp_print_ok(snum))
+		return WERR_ACCESS_DENIED;
+
+	get_current_user(&user,p);
+
+	if (user.uid != 0)
+		return WERR_ACCESS_DENIED;
+
+	if (!lp_delete_share_cmd() || !*lp_delete_share_cmd())
+		return WERR_ACCESS_DENIED;
+
+	slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\"",
+			lp_delete_share_cmd(), dyn_CONFIGFILE, lp_servicename(snum));
+
+	DEBUG(10,("_srv_net_share_del: Running [%s]\n", command ));
+	if ((ret = smbrun(command, NULL)) != 0) {
+		DEBUG(0,("_srv_net_share_del: Running [%s] returned (%d)\n", command, ret ));
+		return WERR_ACCESS_DENIED;
+	}
+
+	/* Delete the SD in the database. */
+	delete_share_security(snum);
+
+	/* Tell everyone we updated smb.conf. */
+	message_send_all(conn_tdb_ctx(), MSG_SMB_CONF_UPDATED, NULL, 0, False, NULL);
+
+	lp_killservice(snum);
+
+	return WERR_OK;
+}
+
+/*******************************************************************
+time of day
+********************************************************************/
+
+WERROR _srv_net_remote_tod(pipes_struct *p, SRV_Q_NET_REMOTE_TOD *q_u, SRV_R_NET_REMOTE_TOD *r_u)
+{
+	TIME_OF_DAY_INFO *tod;
+	struct tm *t;
+	time_t unixdate = time(NULL);
+
+	tod = (TIME_OF_DAY_INFO *)talloc(p->mem_ctx, sizeof(TIME_OF_DAY_INFO));
+	if (!tod)
+		return WERR_NOMEM;
+
+	ZERO_STRUCTP(tod);
+ 
+	r_u->tod = tod;
+	r_u->ptr_srv_tod = 0x1;
+	r_u->status = WERR_OK;
+
+	DEBUG(5,("_srv_net_remote_tod: %d\n", __LINE__));
+
+	t = gmtime(&unixdate);
+
+	/* set up the */
+	init_time_of_day_info(tod,
+	                      unixdate,
+	                      0,
+	                      t->tm_hour,
+	                      t->tm_min,
+	                      t->tm_sec,
+	                      0,
+	                      TimeDiff(unixdate)/60,
+	                      10000,
+	                      t->tm_mday,
+	                      t->tm_mon + 1,
+	                      1900+t->tm_year,
+	                      t->tm_wday);
+	
+	DEBUG(5,("_srv_net_remote_tod: %d\n", __LINE__));
+
+	return r_u->status;
+}
+
+/***********************************************************************************
+ Win9x NT tools get security descriptor.
+***********************************************************************************/
+
+WERROR _srv_net_file_query_secdesc(pipes_struct *p, SRV_Q_NET_FILE_QUERY_SECDESC *q_u,
+			SRV_R_NET_FILE_QUERY_SECDESC *r_u)
+{
+	SEC_DESC *psd = NULL;
+	size_t sd_size;
+	DATA_BLOB null_pw;
+	pstring filename;
+	pstring qualname;
+	files_struct *fsp = NULL;
+	SMB_STRUCT_STAT st;
+	BOOL bad_path;
+	int access_mode;
+	int action;
+	NTSTATUS nt_status;
+	struct current_user user;
+	connection_struct *conn = NULL;
+	BOOL became_user = False; 
+
+	ZERO_STRUCT(st);
+
+	r_u->status = WERR_OK;
+
+	unistr2_to_ascii(qualname, &q_u->uni_qual_name, sizeof(qualname));
+
+	/* Null password is ok - we are already an authenticated user... */
+	null_pw = data_blob(NULL, 0);
+
+	get_current_user(&user, p);
+
+	become_root();
+	conn = make_connection(qualname, null_pw, "A:", user.vuid, &nt_status);
+	unbecome_root();
+
+	if (conn == NULL) {
+		DEBUG(3,("_srv_net_file_query_secdesc: Unable to connect to %s\n", qualname));
+		r_u->status = ntstatus_to_werror(nt_status);
+		goto error_exit;
+	}
+
+	if (!become_user(conn, conn->vuid)) {
+		DEBUG(0,("_srv_net_file_query_secdesc: Can't become connected user!\n"));
+		r_u->status = WERR_ACCESS_DENIED;
+		goto error_exit;
+	}
+    became_user = True;
+
+	unistr2_to_ascii(filename, &q_u->uni_file_name, sizeof(filename));
+	unix_convert(filename, conn, NULL, &bad_path, &st);
+	fsp = open_file_shared(conn, filename, &st, SET_OPEN_MODE(DOS_OPEN_RDONLY),
+				(FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), 0, 0, &access_mode, &action);
+
+	if (!fsp) {
+		/* Perhaps it is a directory */
+		if (errno == EISDIR)
+			fsp = open_directory(conn, filename, &st,FILE_READ_ATTRIBUTES,0,
+					(FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), 0, &action);
+
+		if (!fsp) {
+			DEBUG(3,("_srv_net_file_query_secdesc: Unable to open file %s\n", filename));
+			r_u->status = WERR_ACCESS_DENIED;
+			goto error_exit;
+		}
+	}
+
+	sd_size = conn->vfs_ops.get_nt_acl(fsp, fsp->fsp_name, &psd);
+
+	if (sd_size == 0) {
+		DEBUG(3,("_srv_net_file_query_secdesc: Unable to get NT ACL for file %s\n", filename));
+		r_u->status = WERR_ACCESS_DENIED;
+		goto error_exit;
+	}
+
+	r_u->ptr_response = 1;
+	r_u->size_response = sd_size;
+	r_u->ptr_secdesc = 1;
+	r_u->size_secdesc = sd_size;
+	r_u->sec_desc = psd;
+
+	psd->dacl->revision = (uint16) NT4_ACL_REVISION;
+
+	close_file(fsp, True);
+	unbecome_user();
+	close_cnum(conn, user.vuid);
+	return r_u->status;
+
+  error_exit:
+
+	if(fsp) {
+		close_file(fsp, True);
+	}
+
+	if (became_user)
+		unbecome_user();
+
+	if (conn) 
+		close_cnum(conn, user.vuid);
+
+	return r_u->status;
+}
+
+/***********************************************************************************
+ Win9x NT tools set security descriptor.
+***********************************************************************************/
+
+WERROR _srv_net_file_set_secdesc(pipes_struct *p, SRV_Q_NET_FILE_SET_SECDESC *q_u,
+									SRV_R_NET_FILE_SET_SECDESC *r_u)
+{
+	BOOL ret;
+	pstring filename;
+	pstring qualname;
+	DATA_BLOB null_pw;
+	files_struct *fsp = NULL;
+	SMB_STRUCT_STAT st;
+	BOOL bad_path;
+	int access_mode;
+	int action;
+	NTSTATUS nt_status;
+	struct current_user user;
+	connection_struct *conn = NULL;
+	BOOL became_user = False;
+
+	ZERO_STRUCT(st);
+
+	r_u->status = WERR_OK;
+
+	unistr2_to_ascii(qualname, &q_u->uni_qual_name, sizeof(qualname));
+
+	/* Null password is ok - we are already an authenticated user... */
+	null_pw = data_blob(NULL, 0);
+
+	get_current_user(&user, p);
+
+	become_root();
+	conn = make_connection(qualname, null_pw, "A:", user.vuid, &nt_status);
+	unbecome_root();
+
+	if (conn == NULL) {
+		DEBUG(3,("_srv_net_file_set_secdesc: Unable to connect to %s\n", qualname));
+		r_u->status = ntstatus_to_werror(nt_status);
+		goto error_exit;
+	}
+
+	if (!become_user(conn, conn->vuid)) {
+		DEBUG(0,("_srv_net_file_set_secdesc: Can't become connected user!\n"));
+		r_u->status = WERR_ACCESS_DENIED;
+		goto error_exit;
+	}
+	became_user = True;
+
+	unistr2_to_ascii(filename, &q_u->uni_file_name, sizeof(filename));
+	unix_convert(filename, conn, NULL, &bad_path, &st);
+
+	fsp = open_file_shared(conn, filename, &st, SET_OPEN_MODE(DOS_OPEN_RDWR),
+			(FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), 0, 0, &access_mode, &action);
+
+	if (!fsp) {
+		/* Perhaps it is a directory */
+		if (errno == EISDIR)
+			fsp = open_directory(conn, filename, &st,FILE_READ_ATTRIBUTES,0,
+						(FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), 0, &action);
+
+		if (!fsp) {
+			DEBUG(3,("_srv_net_file_set_secdesc: Unable to open file %s\n", filename));
+			r_u->status = WERR_ACCESS_DENIED;
+			goto error_exit;
+		}
+	}
+
+	ret = conn->vfs_ops.set_nt_acl(fsp, fsp->fsp_name, q_u->sec_info, q_u->sec_desc);
+
+	if (ret == False) {
+		DEBUG(3,("_srv_net_file_set_secdesc: Unable to set NT ACL on file %s\n", filename));
+		r_u->status = WERR_ACCESS_DENIED;
+		goto error_exit;
+	}
+
+	close_file(fsp, True);
+	unbecome_user();
+	close_cnum(conn, user.vuid);
+	return r_u->status;
+
+  error_exit:
+
+	if(fsp) {
+		close_file(fsp, True);
+	}
+
+	if (became_user)
+		unbecome_user();
+
+	if (conn) 
+		close_cnum(conn, user.vuid);
+
+	return r_u->status;
+}
+
+/***********************************************************************************
+ It may be that we want to limit users to creating shares on certain areas of the UNIX file area.
+ We could define areas by mapping Windows style disks to points on the UNIX directory hierarchy.
+ These disks would the disks listed by this function.
+ Users could then create shares relative to these disks.  Watch out for moving these disks around.
+ "Nigel Williams" <nigel@veritas.com>.
+***********************************************************************************/
+
+const char *server_disks[] = {"C:"};
+
+static uint32 get_server_disk_count(void)
+{
+	return sizeof(server_disks)/sizeof(server_disks[0]);
+}
+
+static uint32 init_server_disk_enum(uint32 *resume)
+{
+	uint32 server_disk_count = get_server_disk_count();
+
+	/*resume can be an offset into the list for now*/
+
+	if(*resume & 0x80000000)
+		*resume = 0;
+
+	if(*resume > server_disk_count)
+		*resume = server_disk_count;
+
+	return server_disk_count - *resume;
+}
+
+static const char *next_server_disk_enum(uint32 *resume)
+{
+	const char *disk;
+
+	if(init_server_disk_enum(resume) == 0)
+		return NULL;
+
+	disk = server_disks[*resume];
+
+	(*resume)++;
+
+	DEBUG(10, ("next_server_disk_enum: reporting disk %s. resume handle %d.\n", disk, *resume));
+
+	return disk;
+}
+
+WERROR _srv_net_disk_enum(pipes_struct *p, SRV_Q_NET_DISK_ENUM *q_u, SRV_R_NET_DISK_ENUM *r_u)
+{
+	uint32 i;
+	const char *disk_name;
+	uint32 resume=get_enum_hnd(&q_u->enum_hnd);
+
+	r_u->status=WERR_OK;
+
+	r_u->total_entries = init_server_disk_enum(&resume);
+
+	r_u->disk_enum_ctr.unknown = 0; 
+
+	r_u->disk_enum_ctr.disk_info_ptr = r_u->disk_enum_ctr.disk_info ? 1 : 0;
+
+	/*allow one DISK_INFO for null terminator*/
+
+	for(i = 0; i < MAX_SERVER_DISK_ENTRIES -1 && (disk_name = next_server_disk_enum(&resume)); i++) {
+
+		r_u->disk_enum_ctr.entries_read++;
+
+		/*copy disk name into a unicode string*/
+
+		init_unistr3(&r_u->disk_enum_ctr.disk_info[i].disk_name, disk_name);    
+	}
+
+	/*add a terminating null string.  Is this there if there is more data to come?*/
+
+	r_u->disk_enum_ctr.entries_read++;
+
+	init_unistr3(&r_u->disk_enum_ctr.disk_info[i].disk_name, "");
+
+	init_enum_hnd(&r_u->enum_hnd, resume);
+
+	return r_u->status;
+}
+
+WERROR _srv_net_name_validate(pipes_struct *p, SRV_Q_NET_NAME_VALIDATE *q_u, SRV_R_NET_NAME_VALIDATE *r_u)
+{
+	int snum;
+	fstring share_name;
+
+	r_u->status=WERR_OK;
+
+	switch(q_u->type) {
+
+	case 0x9:
+
+		/*check if share name is ok*/
+		/*also check if we already have a share with this name*/
+
+		unistr2_to_ascii(share_name, &q_u->uni_name, sizeof(share_name));
+		snum = find_service(share_name);
+
+		/* Share already exists. */
+		if (snum >= 0)
+			r_u->status = WERR_ALREADY_EXISTS;
+		break;
+
+	default:
+		/*unsupported type*/
+		r_u->status = WERR_UNKNOWN_LEVEL;
+		break;
+	}
+
+	return r_u->status;
+}
diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
new file mode 100644
index 0000000000..53bbebb95e
--- /dev/null
+++ b/source3/rpc_server/srv_util.c
@@ -0,0 +1,514 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell              1992-1998
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
+ *  Copyright (C) Paul Ashton                  1997-1998.
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+/*  this module apparently provides an implementation of DCE/RPC over a
+ *  named pipe (IPC$ connection using SMBtrans).  details of DCE/RPC
+ *  documentation are available (in on-line form) from the X-Open group.
+ *
+ *  this module should provide a level of abstraction between SMB
+ *  and DCE/RPC, while minimising the amount of mallocs, unnecessary
+ *  data copies, and network traffic.
+ *
+ *  in this version, which takes a "let's learn what's going on and
+ *  get something running" approach, there is additional network
+ *  traffic generated, but the code should be easier to understand...
+ *
+ *  ... if you read the docs.  or stare at packets for weeks on end.
+ *
+ */
+
+#include "includes.h"
+
+/*
+ * A list of the rids of well known BUILTIN and Domain users
+ * and groups.
+ */
+
+rid_name builtin_alias_rids[] =
+{  
+    { BUILTIN_ALIAS_RID_ADMINS       , "Administrators" },
+    { BUILTIN_ALIAS_RID_USERS        , "Users" },
+    { BUILTIN_ALIAS_RID_GUESTS       , "Guests" },
+    { BUILTIN_ALIAS_RID_POWER_USERS  , "Power Users" },
+   
+    { BUILTIN_ALIAS_RID_ACCOUNT_OPS  , "Account Operators" },
+    { BUILTIN_ALIAS_RID_SYSTEM_OPS   , "System Operators" },
+    { BUILTIN_ALIAS_RID_PRINT_OPS    , "Print Operators" },
+    { BUILTIN_ALIAS_RID_BACKUP_OPS   , "Backup Operators" },
+    { BUILTIN_ALIAS_RID_REPLICATOR   , "Replicator" },
+    { 0                             , NULL }
+};
+
+/* array lookup of well-known Domain RID users. */
+rid_name domain_user_rids[] =
+{  
+    { DOMAIN_USER_RID_ADMIN         , "Administrator" },
+    { DOMAIN_USER_RID_GUEST         , "Guest" },
+    { 0                             , NULL }
+};
+
+/* array lookup of well-known Domain RID groups. */
+rid_name domain_group_rids[] =
+{  
+    { DOMAIN_GROUP_RID_ADMINS       , "Domain Admins" },
+    { DOMAIN_GROUP_RID_USERS        , "Domain Users" },
+    { DOMAIN_GROUP_RID_GUESTS       , "Domain Guests" },
+    { 0                             , NULL }
+};
+
+/*******************************************************************
+ gets a domain user's groups
+ ********************************************************************/
+NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, uint32 **prids, DOM_SID *q_sid)
+{
+	SAM_ACCOUNT *sam_pass=NULL;
+	struct sys_grent *glist;
+	struct sys_grent *grp;
+	int i, num, cur_rid=0;
+	gid_t gid;
+	GROUP_MAP map;
+	DOM_SID tmp_sid;
+	fstring user_name;
+	fstring str_domsid, str_qsid;
+	uint32 rid,grid;
+	uint32 *rids=NULL, *new_rids=NULL;
+	gid_t winbind_gid_low, winbind_gid_high;
+	BOOL ret;
+
+	/*
+	 * this code is far from perfect.
+	 * first it enumerates the full /etc/group and that can be slow.
+	 * second, it works only with users' SIDs
+	 * whereas the day we support nested groups, it will have to
+	 * support both users's SIDs and domain groups' SIDs
+	 *
+	 * having our own ldap backend would be so much faster !
+	 * we're far from that, but hope one day ;-) JFM.
+	 */
+
+	*prids=NULL;
+	*numgroups=0;
+
+	lp_winbind_gid(&winbind_gid_low, &winbind_gid_high);
+
+
+	DEBUG(10,("get_alias_user_groups: looking if SID %s is a member of groups in the SID domain %s\n", 
+	          sid_to_string(str_qsid, q_sid), sid_to_string(str_domsid, sid)));
+
+	sid_peek_rid(q_sid, &rid);
+
+	pdb_init_sam(&sam_pass);
+	become_root();
+	ret = pdb_getsampwrid(sam_pass, rid);
+	unbecome_root();
+	if (ret == False) {
+		pdb_free_sam(&sam_pass);
+		return NT_STATUS_NO_SUCH_USER;
+	}
+
+	fstrcpy(user_name, pdb_get_username(sam_pass));
+	grid=pdb_get_group_rid(sam_pass);
+	gid=pdb_get_gid(sam_pass);
+	
+	grp = glist = getgrent_list();
+	if (grp == NULL) {
+		pdb_free_sam(&sam_pass);
+		return NT_STATUS_NO_MEMORY;
+	}
+	
+	for (; grp != NULL; grp = grp->next) {
+		if(!get_group_from_gid(grp->gr_gid, &map, MAPPING_WITHOUT_PRIV)) {
+			DEBUG(10,("get_alias_user_groups: gid %d. not found\n", (int)grp->gr_gid));
+			continue;
+		}
+		
+		/* if it's not an alias, continue */
+		if (map.sid_name_use!=SID_NAME_ALIAS) {
+			DEBUG(10,("get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name));
+			continue;
+		}
+
+		sid_copy(&tmp_sid, &map.sid);
+		sid_split_rid(&tmp_sid, &rid);
+		
+		/* if the sid is not in the correct domain, continue */
+		if (!sid_equal(&tmp_sid, sid)) {
+			DEBUG(10,("get_alias_user_groups: not returing %s, not in the domain SID.\n", map.nt_name));
+			continue;
+		}
+
+		/* Don't return winbind groups as they are not local! */
+		if ((grp->gr_gid >= winbind_gid_low) && (grp->gr_gid <= winbind_gid_high)) {
+			DEBUG(10,("get_alias_user_groups: not returing %s, not local.\n", map.nt_name));
+			continue;
+		}
+
+		/* Don't return user private groups... */
+		if (Get_Pwnam(map.nt_name) != 0) {
+			DEBUG(10,("get_alias_user_groups: not returing %s, clashes with user.\n", map.nt_name));
+			continue;			
+		}
+		
+		/* the group is fine, we can check if there is the user we're looking for */
+		DEBUG(10,("get_alias_user_groups: checking if the user is a member of %s.\n", map.nt_name));
+		
+		for(num=0; grp->gr_mem[num]!=NULL; num++) {
+			if(strcmp(grp->gr_mem[num], user_name)==0) {
+				/* we found the user, add the group to the list */
+				
+				new_rids=(uint32 *)Realloc(rids, sizeof(uint32)*(cur_rid+1));
+				if (new_rids==NULL) {
+					DEBUG(10,("get_alias_user_groups: could not realloc memory\n"));
+					pdb_free_sam(&sam_pass);
+					return NT_STATUS_NO_MEMORY;
+				}
+				rids=new_rids;
+				
+				sid_peek_rid(&map.sid, &(rids[cur_rid]));
+				DEBUG(10,("get_alias_user_groups: user found in group %s\n", map.nt_name));
+				cur_rid++;
+				break;
+			}
+		}
+	}
+
+	grent_free(glist);
+
+	/* now check for the user's gid (the primary group rid) */
+	for (i=0; i<cur_rid && grid!=rids[i]; i++)
+		;
+
+	/* the user's gid is already there */
+	if (i!=cur_rid) {
+		DEBUG(10,("get_alias_user_groups: user is already in the list. good.\n"));
+		goto done;
+	}
+
+	DEBUG(10,("get_alias_user_groups: looking for gid %d of user %s\n", (int)gid, user_name));
+
+	if(!get_group_from_gid(gid, &map, MAPPING_WITHOUT_PRIV)) {
+		DEBUG(0,("get_alias_user_groups: gid of user %s doesn't exist. Check your /etc/passwd and /etc/group files\n", user_name));
+		goto done;
+	}	
+
+	/* the primary group isn't an alias */
+	if (map.sid_name_use!=SID_NAME_ALIAS) {
+		DEBUG(10,("get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name));
+		goto done;
+	}
+
+	sid_copy(&tmp_sid, &map.sid);
+	sid_split_rid(&tmp_sid, &rid);
+
+	/* if the sid is not in the correct domain, continue */
+	if (!sid_equal(&tmp_sid, sid)) {
+		DEBUG(10,("get_alias_user_groups: not returing %s, not in the domain SID.\n", map.nt_name));
+		goto done;
+	}
+
+	/* Don't return winbind groups as they are not local! */
+	if ((gid >= winbind_gid_low) && (gid <= winbind_gid_high)) {
+		DEBUG(10,("get_alias_user_groups: not returing %s, not local.\n", map.nt_name ));
+		goto done;
+	}
+
+	/* Don't return user private groups... */
+	if (Get_Pwnam(map.nt_name) != 0) {
+		DEBUG(10,("get_alias_user_groups: not returing %s, clashes with user.\n", map.nt_name ));
+		goto done;			
+	}
+
+	new_rids=(uint32 *)Realloc(rids, sizeof(uint32)*(cur_rid+1));
+	if (new_rids==NULL) {
+		DEBUG(10,("get_alias_user_groups: could not realloc memory\n"));
+		pdb_free_sam(&sam_pass);
+		return NT_STATUS_NO_MEMORY;
+	}
+	rids=new_rids;
+
+ 	sid_peek_rid(&map.sid, &(rids[cur_rid]));
+	cur_rid++;
+
+done:
+ 	*prids=rids;
+	*numgroups=cur_rid;
+	pdb_free_sam(&sam_pass);
+
+	return NT_STATUS_OK;
+}
+
+
+/*******************************************************************
+ gets a domain user's groups
+ ********************************************************************/
+BOOL get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SAM_ACCOUNT *sam_pass)
+{
+	GROUP_MAP *map=NULL;
+	int i, num, num_entries, cur_gid=0;
+	struct group *grp;
+	DOM_GID *gids;
+	fstring user_name;
+	uint32 grid;
+	uint32 tmp_rid;
+
+	*numgroups= 0;
+
+	fstrcpy(user_name, pdb_get_username(sam_pass));
+	grid=pdb_get_group_rid(sam_pass);
+
+	DEBUG(10,("get_domain_user_groups: searching domain groups [%s] is a member of\n", user_name));
+
+	/* first get the list of the domain groups */
+	if (!enum_group_mapping(SID_NAME_DOM_GRP, &map, &num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV))
+		return False;
+	DEBUG(10,("get_domain_user_groups: there are %d mapped groups\n", num_entries));
+
+	/* 
+	 * alloc memory. In the worse case, we alloc memory for nothing.
+	 * but I prefer to alloc for nothing
+	 * than reallocing everytime.
+	 */
+	gids = (DOM_GID *)talloc(ctx, sizeof(DOM_GID) *  num_entries);	
+
+	/* for each group, check if the user is a member of*/
+	for(i=0; i<num_entries; i++) {
+		if ((grp=getgrgid(map[i].gid)) == NULL) {
+			/* very weird !!! */
+			DEBUG(5,("get_domain_user_groups: gid %d doesn't exist anymore !\n", (int)map[i].gid));
+			continue;
+		}
+
+		for(num=0; grp->gr_mem[num]!=NULL; num++) {
+			if(strcmp(grp->gr_mem[num], user_name)==0) {
+				/* we found the user, add the group to the list */
+				sid_peek_rid(&map[i].sid, &(gids[cur_gid].g_rid));
+				gids[cur_gid].attr=7;
+				DEBUG(10,("get_domain_user_groups: user found in group %s\n", map[i].nt_name));
+				cur_gid++;
+				break;
+			}
+		}
+	}
+
+	/* we have checked the groups */
+	/* we must now check the gid of the user or the primary group rid, that's the same */
+	for (i=0; i<cur_gid && grid!=gids[i].g_rid; i++)
+		;
+	
+	/* the user's gid is already there */
+	if (i!=cur_gid) {
+		/* 
+		 * the primary group of the user but be the first one in the list
+		 * don't ask ! JFM.
+		 */
+		gids[i].g_rid=gids[0].g_rid;
+		gids[0].g_rid=grid;
+		goto done;
+	}
+
+	for(i=0; i<num_entries; i++) {
+		sid_peek_rid(&map[i].sid, &tmp_rid);
+		if (tmp_rid==grid) {
+			/* 
+			 * the primary group of the user but be the first one in the list
+			 * don't ask ! JFM.
+			 */
+			gids[cur_gid].g_rid=gids[0].g_rid;
+			gids[0].g_rid=tmp_rid;
+			gids[cur_gid].attr=7;
+			DEBUG(10,("get_domain_user_groups: primary gid of user found in group %s\n", map[i].nt_name));
+			cur_gid++;
+			goto done; /* leave the loop early */
+		}
+	}
+
+	DEBUG(0,("get_domain_user_groups: primary gid of user [%s] is not a Domain group !\n", user_name));
+	DEBUGADD(0,("get_domain_user_groups: You should fix it, NT doesn't like that\n"));
+
+ done:
+	*pgids=gids;
+	*numgroups=cur_gid;
+	safe_free(map);
+
+	return True;
+}
+
+/*******************************************************************
+ Look up a local (domain) rid and return a name and type.
+ ********************************************************************/
+NTSTATUS local_lookup_group_name(uint32 rid, char *group_name, uint32 *type)
+{
+	int i = 0; 
+	(*type) = SID_NAME_DOM_GRP;
+
+	DEBUG(5,("lookup_group_name: rid: %d", rid));
+
+	while (domain_group_rids[i].rid != rid && domain_group_rids[i].rid != 0)
+	{
+		i++;
+	}
+
+	if (domain_group_rids[i].rid != 0)
+	{
+		fstrcpy(group_name, domain_group_rids[i].name);
+		DEBUG(5,(" = %s\n", group_name));
+		return NT_STATUS_OK;
+	}
+
+	DEBUG(5,(" none mapped\n"));
+	return NT_STATUS_NONE_MAPPED;
+}
+
+/*******************************************************************
+ Look up a local alias rid and return a name and type.
+ ********************************************************************/
+NTSTATUS local_lookup_alias_name(uint32 rid, char *alias_name, uint32 *type)
+{
+	int i = 0; 
+	(*type) = SID_NAME_WKN_GRP;
+
+	DEBUG(5,("lookup_alias_name: rid: %d", rid));
+
+	while (builtin_alias_rids[i].rid != rid && builtin_alias_rids[i].rid != 0)
+	{
+		i++;
+	}
+
+	if (builtin_alias_rids[i].rid != 0)
+	{
+		fstrcpy(alias_name, builtin_alias_rids[i].name);
+		DEBUG(5,(" = %s\n", alias_name));
+		return NT_STATUS_OK;
+	}
+
+	DEBUG(5,(" none mapped\n"));
+	return NT_STATUS_NONE_MAPPED;
+}
+
+/*******************************************************************
+ Look up a local user rid and return a name and type.
+ ********************************************************************/
+NTSTATUS local_lookup_user_name(uint32 rid, char *user_name, uint32 *type)
+{
+	SAM_ACCOUNT *sampwd=NULL;
+	int i = 0;
+	BOOL ret;
+	
+	(*type) = SID_NAME_USER;
+
+	DEBUG(5,("lookup_user_name: rid: %d", rid));
+
+	/* look up the well-known domain user rids first */
+	while (domain_user_rids[i].rid != rid && domain_user_rids[i].rid != 0)
+	{
+		i++;
+	}
+
+	if (domain_user_rids[i].rid != 0) {
+		fstrcpy(user_name, domain_user_rids[i].name);
+		DEBUG(5,(" = %s\n", user_name));
+		return NT_STATUS_OK;
+	}
+
+	pdb_init_sam(&sampwd);
+
+	/* ok, it's a user.  find the user account */
+	become_root();
+	ret = pdb_getsampwrid(sampwd, rid);
+	unbecome_root();
+
+	if (ret == True) {
+		fstrcpy(user_name, pdb_get_username(sampwd) );
+		DEBUG(5,(" = %s\n", user_name));
+		pdb_free_sam(&sampwd);
+		return NT_STATUS_OK;
+	}
+
+	DEBUG(5,(" none mapped\n"));
+	pdb_free_sam(&sampwd);
+	return NT_STATUS_NONE_MAPPED;
+}
+
+/*******************************************************************
+ Look up a local (domain) group name and return a rid
+ ********************************************************************/
+NTSTATUS local_lookup_group_rid(char *group_name, uint32 *rid)
+{
+	char *grp_name;
+	int i = -1; /* start do loop at -1 */
+
+	do /* find, if it exists, a group rid for the group name*/
+	{
+		i++;
+		(*rid) = domain_group_rids[i].rid;
+		grp_name = domain_group_rids[i].name;
+
+	} while (grp_name != NULL && !strequal(grp_name, group_name));
+
+	return (grp_name != NULL) ? NT_STATUS_OK : NT_STATUS_NONE_MAPPED;
+}
+
+/*******************************************************************
+ Look up a local (BUILTIN) alias name and return a rid
+ ********************************************************************/
+NTSTATUS local_lookup_alias_rid(char *alias_name, uint32 *rid)
+{
+	char *als_name;
+	int i = -1; /* start do loop at -1 */
+
+	do /* find, if it exists, a alias rid for the alias name*/
+	{
+		i++;
+		(*rid) = builtin_alias_rids[i].rid;
+		als_name = builtin_alias_rids[i].name;
+
+	} while (als_name != NULL && !strequal(als_name, alias_name));
+
+	return (als_name != NULL) ? NT_STATUS_OK : NT_STATUS_NONE_MAPPED;
+}
+
+/*******************************************************************
+ Look up a local user name and return a rid
+ ********************************************************************/
+NTSTATUS local_lookup_user_rid(char *user_name, uint32 *rid)
+{
+	SAM_ACCOUNT *sampass=NULL;
+	BOOL ret;
+
+	(*rid) = 0;
+
+	pdb_init_sam(&sampass);
+
+	/* find the user account */
+	become_root();
+	ret = pdb_getsampwnam(sampass, user_name);
+	unbecome_root();
+
+	if (ret == True) {
+		(*rid) = pdb_get_user_rid(sampass);
+		pdb_free_sam(&sampass);
+		return NT_STATUS_OK;
+	}
+
+	pdb_free_sam(&sampass);
+	return NT_STATUS_NONE_MAPPED;
+}
diff --git a/source3/rpc_server/srv_wkssvc.c b/source3/rpc_server/srv_wkssvc.c
new file mode 100644
index 0000000000..8eb5b3002e
--- /dev/null
+++ b/source3/rpc_server/srv_wkssvc.c
@@ -0,0 +1,70 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell              1992-1997,
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
+ *  Copyright (C) Paul Ashton                       1997.
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+/* This is the interface to the wks pipe. */
+
+#include "includes.h"
+
+/*******************************************************************
+ api_wks_query_info
+ ********************************************************************/
+
+static BOOL api_wks_query_info(pipes_struct *p)
+{
+	WKS_Q_QUERY_INFO q_u;
+	WKS_R_QUERY_INFO r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* grab the net share enum */
+	if(!wks_io_q_query_info("", &q_u, data, 0))
+		return False;
+
+	r_u.status = _wks_query_info(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!wks_io_r_query_info("", &r_u, rdata, 0))
+		return False;
+
+	return True;
+}
+
+
+/*******************************************************************
+ \PIPE\wkssvc commands
+ ********************************************************************/
+struct api_struct api_wks_cmds[] =
+{
+	{ "WKS_Q_QUERY_INFO", WKS_QUERY_INFO, api_wks_query_info },
+	{ NULL             , 0            , NULL }
+};
+
+/*******************************************************************
+ receives a wkssvc pipe and responds.
+ ********************************************************************/
+BOOL api_wkssvc_rpc(pipes_struct *p)
+{
+	return api_rpcTNP(p, "api_wkssvc_rpc", api_wks_cmds);
+}
diff --git a/source3/rpc_server/srv_wkssvc_nt.c b/source3/rpc_server/srv_wkssvc_nt.c
new file mode 100644
index 0000000000..637c95af69
--- /dev/null
+++ b/source3/rpc_server/srv_wkssvc_nt.c
@@ -0,0 +1,78 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell              1992-1997,
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
+ *  Copyright (C) Paul Ashton                       1997.
+ *  Copyright (C) Jeremy Allison					2001.
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+/* This is the implementation of the wks interface. */
+
+#include "includes.h"
+
+extern pstring global_myname;
+
+/*******************************************************************
+ create_wks_info_100
+ ********************************************************************/
+
+static void create_wks_info_100(WKS_INFO_100 *inf)
+{
+	pstring my_name;
+	pstring domain;
+
+	DEBUG(5,("create_wks_info_100: %d\n", __LINE__));
+
+	pstrcpy (my_name, global_myname);
+	strupper(my_name);
+
+	pstrcpy (domain, lp_workgroup());
+	strupper(domain);
+
+	init_wks_info_100(inf,
+	                  0x000001f4, /* platform id info */
+	                  lp_major_announce_version(),
+	                  lp_minor_announce_version(),
+	                  my_name, domain);
+}
+
+/*******************************************************************
+ wks_reply_query_info
+ 
+ only supports info level 100 at the moment.
+
+ ********************************************************************/
+
+NTSTATUS _wks_query_info(pipes_struct *p, WKS_Q_QUERY_INFO *q_u, WKS_R_QUERY_INFO *r_u)
+{
+	WKS_INFO_100 *wks100 = NULL;
+
+	DEBUG(5,("_wks_query_info: %d\n", __LINE__));
+
+	wks100 = (WKS_INFO_100 *)talloc_zero(p->mem_ctx, sizeof(WKS_INFO_100));
+
+	if (!wks100)
+		return NT_STATUS_NO_MEMORY;
+
+	create_wks_info_100(wks100);
+	init_wks_r_query_info(r_u, q_u->switch_value, wks100, NT_STATUS_OK);
+
+	DEBUG(5,("_wks_query_info: %d\n", __LINE__));
+
+	return r_u->status;
+}
diff --git a/source3/rpcclient/cmd_dfs.c b/source3/rpcclient/cmd_dfs.c
new file mode 100644
index 0000000000..8a3c3e9db3
--- /dev/null
+++ b/source3/rpcclient/cmd_dfs.c
@@ -0,0 +1,237 @@
+/* 
+   Unix SMB/CIFS implementation.
+   RPC pipe client
+
+   Copyright (C) Tim Potter 2000
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "rpcclient.h"
+
+/* Check DFS is supported by the remote server */
+
+static NTSTATUS cmd_dfs_exist(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+                              int argc, char **argv)
+{
+	BOOL dfs_exists;
+	NTSTATUS result;
+
+	if (argc != 1) {
+		printf("Usage: %s\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	result = cli_dfs_exist(cli, mem_ctx, &dfs_exists);
+
+	if (NT_STATUS_IS_OK(result))
+		printf("dfs is %spresent\n", dfs_exists ? "" : "not ");
+
+	return result;
+}
+
+static NTSTATUS cmd_dfs_add(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+                            int argc, char **argv)
+{
+	NTSTATUS result;
+	char *entrypath, *servername, *sharename, *comment;
+	uint32 flags = 0;
+
+	if (argc != 5) {
+		printf("Usage: %s entrypath servername sharename comment\n", 
+		       argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	entrypath = argv[1];
+	servername = argv[2];
+	sharename = argv[3];
+	comment = argv[4];
+
+	result = cli_dfs_add(cli, mem_ctx, entrypath, servername, 
+			     sharename, comment, flags);
+
+	return result;
+}
+
+static NTSTATUS cmd_dfs_remove(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+                               int argc, char **argv)
+{
+	NTSTATUS result;
+	char *entrypath, *servername, *sharename;
+
+	if (argc != 4) {
+		printf("Usage: %s entrypath servername sharename\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	entrypath = argv[1];
+	servername = argv[2];
+	sharename = argv[3];
+
+	result = cli_dfs_remove(cli, mem_ctx, entrypath, servername, 
+				sharename);
+
+	return result;
+}
+
+/* Display a DFS_INFO_1 structure */
+
+static void display_dfs_info_1(DFS_INFO_1 *info1)
+{
+	fstring temp;
+
+	unistr2_to_ascii(temp, &info1->entrypath, sizeof(temp) - 1);
+	printf("entrypath: %s\n", temp);
+}
+
+/* Display a DFS_INFO_2 structure */
+
+static void display_dfs_info_2(DFS_INFO_2 *info2)
+{
+	fstring temp;
+
+	unistr2_to_ascii(temp, &info2->entrypath, sizeof(temp) - 1);
+	printf("entrypath: %s\n", temp);
+
+	unistr2_to_ascii(temp, &info2->comment, sizeof(temp) - 1);
+	printf("\tcomment: %s\n", temp);
+
+	printf("\tstate: %d\n", info2->state);
+	printf("\tnum_storages: %d\n", info2->num_storages);
+}
+
+/* Display a DFS_INFO_3 structure */
+
+static void display_dfs_info_3(DFS_INFO_3 *info3)
+{
+	fstring temp;
+	int i;
+
+	unistr2_to_ascii(temp, &info3->entrypath, sizeof(temp) - 1);
+	printf("entrypath: %s\n", temp);
+
+	unistr2_to_ascii(temp, &info3->comment, sizeof(temp) - 1);
+	printf("\tcomment: %s\n", temp);
+
+	printf("\tstate: %d\n", info3->state);
+	printf("\tnum_storages: %d\n", info3->num_storages);
+
+	for (i = 0; i < info3->num_storages; i++) {
+		DFS_STORAGE_INFO *dsi = &info3->storages[i];
+
+		unistr2_to_ascii(temp, &dsi->servername, sizeof(temp) - 1);
+		printf("\t\tstorage[%d] servername: %s\n", i, temp);
+
+		unistr2_to_ascii(temp, &dsi->sharename, sizeof(temp) - 1);
+		printf("\t\tstorage[%d] sharename: %s\n", i, temp);
+	}
+}
+
+/* Display a DFS_INFO_CTR structure */
+
+static void display_dfs_info_ctr(DFS_INFO_CTR *ctr)
+{
+	int i;
+
+	for (i = 0; i < ctr->num_entries; i++) {
+		switch (ctr->switch_value) {
+		case 0x01:
+			display_dfs_info_1(&ctr->dfs.info1[i]);
+			break;
+		case 0x02:
+			display_dfs_info_2(&ctr->dfs.info2[i]);
+			break;
+		case 0x03:
+			display_dfs_info_3(&ctr->dfs.info3[i]);
+			break;
+		default:
+			printf("unsupported info level %d\n", 
+			       ctr->switch_value);
+			break;
+		}
+	}
+}
+
+/* Enumerate dfs shares */
+
+static NTSTATUS cmd_dfs_enum(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+                             int argc, char **argv)
+{
+	DFS_INFO_CTR ctr;
+	NTSTATUS result;
+	uint32 info_level = 1;
+
+	if (argc > 2) {
+		printf("Usage: %s [info_level]\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	if (argc == 2)
+		info_level = atoi(argv[1]);
+
+	result = cli_dfs_enum(cli, mem_ctx, info_level, &ctr);
+
+	if (NT_STATUS_IS_OK(result))
+		display_dfs_info_ctr(&ctr);
+
+	return result;
+}
+
+static NTSTATUS cmd_dfs_getinfo(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+                                int argc, char **argv)
+{
+	NTSTATUS result;
+	char *entrypath, *servername, *sharename;
+	uint32 info_level = 1;
+	DFS_INFO_CTR ctr;
+
+	if (argc < 4 || argc > 5) {
+		printf("Usage: %s entrypath servername sharename "
+                       "[info_level]\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	entrypath = argv[1];
+	servername = argv[2];
+	sharename = argv[3];
+
+	if (argc == 5)
+		info_level = atoi(argv[4]);
+
+	result = cli_dfs_get_info(cli, mem_ctx, entrypath, servername, 
+				  sharename, info_level, &ctr);
+
+	if (NT_STATUS_IS_OK(result))
+		display_dfs_info_ctr(&ctr);
+
+	return result;
+}
+
+/* List of commands exported by this module */
+
+struct cmd_set dfs_commands[] = {
+
+	{ "DFS" },
+
+	{ "dfsexist",   cmd_dfs_exist,   PIPE_NETDFS, "Query DFS support",    "" },
+	{ "dfsadd",     cmd_dfs_add,     PIPE_NETDFS, "Add a DFS share",      "" },
+	{ "dfsremove",  cmd_dfs_remove,  PIPE_NETDFS, "Remove a DFS share",   "" },
+	{ "dfsgetinfo", cmd_dfs_getinfo, PIPE_NETDFS, "Query DFS share info", "" },
+	{ "dfsenum",    cmd_dfs_enum,    PIPE_NETDFS, "Enumerate dfs shares", "" },
+
+	{ NULL }
+};
diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c
new file mode 100644
index 0000000000..99f1fbc3ce
--- /dev/null
+++ b/source3/rpcclient/cmd_lsarpc.c
@@ -0,0 +1,509 @@
+/* 
+   Unix SMB/CIFS implementation.
+   RPC pipe client
+
+   Copyright (C) Tim Potter 2000
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "rpcclient.h"
+
+/* Look up domain related information on a remote host */
+
+static NTSTATUS cmd_lsa_query_info_policy(struct cli_state *cli, 
+                                          TALLOC_CTX *mem_ctx, int argc, 
+                                          char **argv) 
+{
+	POLICY_HND pol;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	DOM_SID dom_sid;
+	fstring sid_str, domain_name;
+	uint32 info_class = 3;
+
+	if (argc > 2) {
+		printf("Usage: %s [info_class]\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	if (argc == 2)
+		info_class = atoi(argv[1]);
+	
+	result = cli_lsa_open_policy(cli, mem_ctx, True, 
+				     SEC_RIGHTS_MAXIMUM_ALLOWED,
+				     &pol);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	/* Lookup info policy */
+
+	result = cli_lsa_query_info_policy(cli, mem_ctx, &pol, info_class, 
+					   domain_name, &dom_sid);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	sid_to_string(sid_str, &dom_sid);
+
+	if (domain_name[0])
+		printf("domain %s has sid %s\n", domain_name, sid_str);
+	else
+		printf("could not query info for level %d\n", info_class);
+
+ done:
+	return result;
+}
+
+/* Resolve a list of names to a list of sids */
+
+static NTSTATUS cmd_lsa_lookup_names(struct cli_state *cli, 
+                                     TALLOC_CTX *mem_ctx, int argc, 
+                                     char **argv)
+{
+	POLICY_HND pol;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	DOM_SID *sids;
+	uint32 *types;
+	int num_names, i;
+
+	if (argc == 1) {
+		printf("Usage: %s [name1 [name2 [...]]]\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	result = cli_lsa_open_policy(cli, mem_ctx, True, 
+				     SEC_RIGHTS_MAXIMUM_ALLOWED,
+				     &pol);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	result = cli_lsa_lookup_names(cli, mem_ctx, &pol, argc - 1, 
+				      (const char**)(argv + 1), &sids, 
+				      &types, &num_names);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	/* Print results */
+
+	for (i = 0; i < num_names; i++) {
+		fstring sid_str;
+
+		sid_to_string(sid_str, &sids[i]);
+		printf("%s %s (%d)\n", argv[i + 1], sid_str,
+		       types[i]);
+	}
+
+ done:
+	return result;
+}
+
+/* Resolve a list of SIDs to a list of names */
+
+static NTSTATUS cmd_lsa_lookup_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+                                    int argc, char **argv)
+{
+	POLICY_HND pol;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	DOM_SID *sids;
+	char **domains;
+	char **names;
+	uint32 *types;
+	int num_names, i;
+
+	if (argc == 1) {
+		printf("Usage: %s [sid1 [sid2 [...]]]\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	result = cli_lsa_open_policy(cli, mem_ctx, True, 
+				     SEC_RIGHTS_MAXIMUM_ALLOWED,
+				     &pol);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	/* Convert arguments to sids */
+
+	sids = (DOM_SID *)talloc(mem_ctx, sizeof(DOM_SID) * (argc - 1));
+
+	if (!sids) {
+		printf("could not allocate memory for %d sids\n", argc - 1);
+		goto done;
+	}
+
+	for (i = 0; i < argc - 1; i++)
+		string_to_sid(&sids[i], argv[i + 1]);
+
+	/* Lookup the SIDs */
+
+	result = cli_lsa_lookup_sids(cli, mem_ctx, &pol, argc - 1, sids, 
+				     &domains, &names, &types, &num_names);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	/* Print results */
+
+	for (i = 0; i < num_names; i++) {
+		fstring sid_str;
+
+		sid_to_string(sid_str, &sids[i]);
+		printf("%s [%s]\\[%s] (%d)\n", sid_str, 
+		       domains[i] ? domains[i] : "*unknown*", 
+		       names[i] ? names[i] : "*unknown*", types[i]);
+	}
+
+ done:
+	return result;
+}
+
+/* Enumerate list of trusted domains */
+
+static NTSTATUS cmd_lsa_enum_trust_dom(struct cli_state *cli, 
+                                       TALLOC_CTX *mem_ctx, int argc, 
+                                       char **argv)
+{
+	POLICY_HND pol;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	DOM_SID *domain_sids;
+	char **domain_names;
+	uint32 enum_ctx = 0;
+	uint32 num_domains;
+	int i;
+
+	if (argc != 1) {
+		printf("Usage: %s\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	result = cli_lsa_open_policy(cli, mem_ctx, True, 
+				     SEC_RIGHTS_MAXIMUM_ALLOWED,
+				     &pol);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	/* Lookup list of trusted domains */
+
+	result = cli_lsa_enum_trust_dom(cli, mem_ctx, &pol, &enum_ctx,
+					&num_domains, &domain_names,
+					&domain_sids);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	/* Print results */
+
+	for (i = 0; i < num_domains; i++) {
+		fstring sid_str;
+
+		sid_to_string(sid_str, &domain_sids[i]);
+		printf("%s %s\n", domain_names[i] ? domain_names[i] : 
+		       "*unknown*", sid_str);
+	}
+
+ done:
+	return result;
+}
+
+/* Enumerates privileges */
+
+static NTSTATUS cmd_lsa_enum_privilege(struct cli_state *cli, 
+                                          TALLOC_CTX *mem_ctx, int argc, 
+                                          char **argv) 
+{
+	POLICY_HND pol;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	uint32 enum_context=0;
+	uint32 pref_max_length=0x1000;
+	uint32 count=0;
+	char   **privs_name;
+	uint32 *privs_high;
+	uint32 *privs_low;
+	int i;
+
+	if (argc > 3) {
+		printf("Usage: %s [enum context] [max length]\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	if (argc>=2)
+		enum_context=atoi(argv[1]);
+
+	if (argc==3)
+		pref_max_length=atoi(argv[2]);
+
+	result = cli_lsa_open_policy(cli, mem_ctx, True, 
+				     SEC_RIGHTS_MAXIMUM_ALLOWED,
+				     &pol);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	result = cli_lsa_enum_privilege(cli, mem_ctx, &pol, &enum_context, pref_max_length,
+					&count, &privs_name, &privs_high, &privs_low);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	/* Print results */
+	printf("found %d privileges\n\n", count);
+
+	for (i = 0; i < count; i++) {
+		printf("%s \t\t%d:%d (0x%x:0x%x)\n", privs_name[i] ? privs_name[i] : "*unknown*",
+		       privs_high[i], privs_low[i], privs_high[i], privs_low[i]);
+	}
+
+ done:
+	return result;
+}
+
+/* Get privilege name */
+
+static NTSTATUS cmd_lsa_get_dispname(struct cli_state *cli, 
+                                     TALLOC_CTX *mem_ctx, int argc, 
+                                     char **argv) 
+{
+	POLICY_HND pol;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	uint16 lang_id=0;
+	uint16 lang_id_sys=0;
+	uint16 lang_id_desc;
+	fstring description;
+
+	if (argc != 2) {
+		printf("Usage: %s privilege name\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	result = cli_lsa_open_policy(cli, mem_ctx, True, 
+				     SEC_RIGHTS_MAXIMUM_ALLOWED,
+				     &pol);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	result = cli_lsa_get_dispname(cli, mem_ctx, &pol, argv[1], lang_id, lang_id_sys, description, &lang_id_desc);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	/* Print results */
+	printf("%s -> %s (language: 0x%x)\n", argv[1], description, lang_id_desc);
+
+ done:
+	return result;
+}
+
+/* Enumerate the LSA SIDS */
+
+static NTSTATUS cmd_lsa_enum_sids(struct cli_state *cli, 
+                                     TALLOC_CTX *mem_ctx, int argc, 
+                                     char **argv) 
+{
+	POLICY_HND pol;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	uint32 enum_context=0;
+	uint32 pref_max_length=0x1000;
+	DOM_SID *sids;
+	uint32 count=0;
+	int i;
+
+	if (argc > 3) {
+		printf("Usage: %s [enum context] [max length]\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	if (argc>=2)
+		enum_context=atoi(argv[1]);
+
+	if (argc==3)
+		pref_max_length=atoi(argv[2]);
+
+	result = cli_lsa_open_policy(cli, mem_ctx, True, 
+				     SEC_RIGHTS_MAXIMUM_ALLOWED,
+				     &pol);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	result = cli_lsa_enum_sids(cli, mem_ctx, &pol, &enum_context, pref_max_length,
+					&count, &sids);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	/* Print results */
+	printf("found %d SIDs\n\n", count);
+
+	for (i = 0; i < count; i++) {
+		fstring sid_str;
+
+		sid_to_string(sid_str, &sids[i]);
+		printf("%s\n", sid_str);
+	}
+
+ done:
+	return result;
+}
+
+/* Enumerate the privileges of an SID */
+
+static NTSTATUS cmd_lsa_enum_privsaccounts(struct cli_state *cli, 
+                                           TALLOC_CTX *mem_ctx, int argc, 
+                                           char **argv) 
+{
+	POLICY_HND dom_pol;
+	POLICY_HND user_pol;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	uint32 access_desired = 0x000f000f;
+	
+	DOM_SID sid;
+	uint32 count=0;
+	LUID_ATTR *set;
+	int i;
+
+	if (argc != 2 ) {
+		printf("Usage: %s SID\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	string_to_sid(&sid, argv[1]);
+
+	result = cli_lsa_open_policy2(cli, mem_ctx, True, 
+				     SEC_RIGHTS_MAXIMUM_ALLOWED,
+				     &dom_pol);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	result = cli_lsa_open_account(cli, mem_ctx, &dom_pol, &sid, access_desired, &user_pol);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	result = cli_lsa_enum_privsaccount(cli, mem_ctx, &user_pol, &count, &set);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	/* Print results */
+	printf("found %d privileges for SID %s\n\n", count, argv[1]);
+	printf("high\tlow\tattribute\n");
+
+	for (i = 0; i < count; i++) {
+		printf("%u\t%u\t%u\n", set[i].luid.high, set[i].luid.low, set[i].attr);
+	}
+
+ done:
+	return result;
+}
+
+/* Get a privilege value given its name */
+
+static NTSTATUS cmd_lsa_lookupprivvalue(struct cli_state *cli, 
+                                           TALLOC_CTX *mem_ctx, int argc, 
+                                           char **argv) 
+{
+	POLICY_HND pol;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	LUID luid;
+
+	if (argc != 2 ) {
+		printf("Usage: %s name\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	result = cli_lsa_open_policy2(cli, mem_ctx, True, 
+				     SEC_RIGHTS_MAXIMUM_ALLOWED,
+				     &pol);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	result = cli_lsa_lookupprivvalue(cli, mem_ctx, &pol, argv[1], &luid);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	/* Print results */
+	printf("%u:%u (0x%x:0x%x)\n", luid.high, luid.low, luid.high, luid.low);
+
+ done:
+	return result;
+}
+
+/* Query LSA security object */
+
+static NTSTATUS cmd_lsa_query_secobj(struct cli_state *cli, 
+				     TALLOC_CTX *mem_ctx, int argc, 
+				     char **argv) 
+{
+	POLICY_HND pol;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	SEC_DESC_BUF *sdb;
+	uint32 sec_info = 0x00000004; /* ??? */
+
+	if (argc != 1 ) {
+		printf("Usage: %s\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	result = cli_lsa_open_policy2(cli, mem_ctx, True, 
+				      SEC_RIGHTS_MAXIMUM_ALLOWED,
+				      &pol);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	result = cli_lsa_query_secobj(cli, mem_ctx, &pol, sec_info, &sdb);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	/* Print results */
+
+	display_sec_desc(sdb->sec);
+
+ done:
+	return result;
+}
+
+/* List of commands exported by this module */
+
+struct cmd_set lsarpc_commands[] = {
+
+	{ "LSARPC" },
+
+	{ "lsaquery", 	         cmd_lsa_query_info_policy,  PIPE_LSARPC, "Query info policy",                    "" },
+	{ "lookupsids",          cmd_lsa_lookup_sids,        PIPE_LSARPC, "Convert SIDs to names",                "" },
+	{ "lookupnames",         cmd_lsa_lookup_names,       PIPE_LSARPC, "Convert names to SIDs",                "" },
+	{ "enumtrust", 	         cmd_lsa_enum_trust_dom,     PIPE_LSARPC, "Enumerate trusted domains",            "" },
+	{ "enumprivs", 	         cmd_lsa_enum_privilege,     PIPE_LSARPC, "Enumerate privileges",                 "" },
+	{ "getdispname",         cmd_lsa_get_dispname,       PIPE_LSARPC, "Get the privilege name",               "" },
+	{ "lsaenumsid",          cmd_lsa_enum_sids,          PIPE_LSARPC, "Enumerate the LSA SIDS",               "" },
+	{ "lsaenumprivsaccount", cmd_lsa_enum_privsaccounts, PIPE_LSARPC, "Enumerate the privileges of an SID",   "" },
+	{ "lsalookupprivvalue",  cmd_lsa_lookupprivvalue,    PIPE_LSARPC, "Get a privilege value given its name", "" },
+	{ "lsaquerysecobj",      cmd_lsa_query_secobj,       PIPE_LSARPC, "Query LSA security object", "" },
+
+	{ NULL }
+};
diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cmd_netlogon.c
new file mode 100644
index 0000000000..4d67cba1b5
--- /dev/null
+++ b/source3/rpcclient/cmd_netlogon.c
@@ -0,0 +1,334 @@
+/* 
+   Unix SMB/CIFS implementation.
+   RPC pipe client
+
+   Copyright (C) Tim Potter 2000
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "rpcclient.h"
+
+static NTSTATUS cmd_netlogon_logon_ctrl2(struct cli_state *cli, 
+                                         TALLOC_CTX *mem_ctx, int argc, 
+                                         char **argv)
+{
+	uint32 query_level = 1;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	if (argc > 1) {
+		fprintf(stderr, "Usage: %s\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	result = cli_netlogon_logon_ctrl2(cli, mem_ctx, query_level);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	/* Display results */
+
+ done:
+	return result;
+}
+
+static NTSTATUS cmd_netlogon_logon_ctrl(struct cli_state *cli, 
+                                        TALLOC_CTX *mem_ctx, int argc, 
+                                        char **argv)
+{
+#if 0
+	uint32 query_level = 1;
+#endif
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	if (argc > 1) {
+		fprintf(stderr, "Usage: %s\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+#if 0
+	result = cli_netlogon_logon_ctrl(cli, mem_ctx, query_level);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+#endif
+
+	/* Display results */
+
+	return result;
+}
+
+/* Display sam synchronisation information */
+
+static void display_sam_sync(uint32 num_deltas, SAM_DELTA_HDR *hdr_deltas,
+                             SAM_DELTA_CTR *deltas)
+{
+        fstring name;
+        uint32 i, j;
+
+        for (i = 0; i < num_deltas; i++) {
+                switch (hdr_deltas[i].type) {
+                case SAM_DELTA_DOMAIN_INFO:
+                        unistr2_to_ascii(name,
+                                         &deltas[i].domain_info.uni_dom_name,
+                                         sizeof(name) - 1);
+                        printf("Domain: %s\n", name);
+                        break;
+                case SAM_DELTA_GROUP_INFO:
+                        unistr2_to_ascii(name,
+                                         &deltas[i].group_info.uni_grp_name,
+                                         sizeof(name) - 1);
+                        printf("Group: %s\n", name);
+                        break;
+                case SAM_DELTA_ACCOUNT_INFO:
+                        unistr2_to_ascii(name, 
+                                         &deltas[i].account_info.uni_acct_name,
+                                         sizeof(name) - 1);
+                        printf("Account: %s\n", name);
+                        break;
+                case SAM_DELTA_ALIAS_INFO:
+                        unistr2_to_ascii(name, 
+                                         &deltas[i].alias_info.uni_als_name,
+                                         sizeof(name) - 1);
+                        printf("Alias: %s\n", name);
+                        break;
+                case SAM_DELTA_ALIAS_MEM: {
+                        SAM_ALIAS_MEM_INFO *alias = &deltas[i].als_mem_info;
+
+                        for (j = 0; j < alias->num_members; j++) {
+                                fstring sid_str;
+
+                                sid_to_string(sid_str, &alias->sids[j].sid);
+
+                                printf("%s\n", sid_str);
+                        }
+                        break;
+                }
+                case SAM_DELTA_GROUP_MEM: {
+                        SAM_GROUP_MEM_INFO *group = &deltas[i].grp_mem_info;
+
+                        for (j = 0; j < group->num_members; j++)
+                                printf("rid 0x%x, attrib 0x%08x\n", 
+                                          group->rids[j], group->attribs[j]);
+                        break;
+                }
+                case SAM_DELTA_SAM_STAMP: {
+                        SAM_DELTA_STAMP *stamp = &deltas[i].stamp;
+
+                        printf("sam sequence update: 0x%04x\n",
+                                  stamp->seqnum);
+                        break;
+                }                                  
+                default:
+                        printf("unknown delta type 0x%02x\n", 
+                                  hdr_deltas[i].type);
+                        break;
+                }
+        }
+}
+
+/* Perform sam synchronisation */
+
+static NTSTATUS cmd_netlogon_sam_sync(struct cli_state *cli, 
+                                      TALLOC_CTX *mem_ctx, int argc,
+                                      char **argv)
+{
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+        unsigned char trust_passwd[16];
+        uint32 database_id = 0, num_deltas;
+        SAM_DELTA_HDR *hdr_deltas;
+        SAM_DELTA_CTR *deltas;
+	DOM_CRED ret_creds;
+
+        if (argc > 2) {
+                fprintf(stderr, "Usage: %s [database_id]\n", argv[0]);
+                return NT_STATUS_OK;
+        }
+
+        if (argc == 2)
+                database_id = atoi(argv[1]);
+
+        if (!secrets_init()) {
+                fprintf(stderr, "Unable to initialise secrets database\n");
+                return result;
+        }
+
+        /* Initialise session credentials */
+
+	if (!secrets_fetch_trust_account_password(lp_workgroup(), trust_passwd,
+                                                  NULL)) {
+		fprintf(stderr, "could not fetch trust account password\n");
+		goto done;
+	}        
+
+        result = cli_nt_setup_creds(cli, trust_passwd);
+
+        if (!NT_STATUS_IS_OK(result)) {
+                fprintf(stderr, "Error initialising session creds\n");
+                goto done;
+        }
+
+	/* on first call the returnAuthenticator is empty */
+	memset(&ret_creds, 0, sizeof(ret_creds));
+ 
+        /* Synchronise sam database */
+
+	result = cli_netlogon_sam_sync(cli, mem_ctx, &ret_creds, database_id,
+				       &num_deltas, &hdr_deltas, &deltas);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+        /* Display results */
+
+        display_sam_sync(num_deltas, hdr_deltas, deltas);
+
+ done:
+        return result;
+}
+
+/* Perform sam delta synchronisation */
+
+static NTSTATUS cmd_netlogon_sam_deltas(struct cli_state *cli, 
+                                        TALLOC_CTX *mem_ctx, int argc,
+                                        char **argv)
+{
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+        unsigned char trust_passwd[16];
+        uint32 database_id, num_deltas, tmp;
+        SAM_DELTA_HDR *hdr_deltas;
+        SAM_DELTA_CTR *deltas;
+        UINT64_S seqnum;
+
+        if (argc != 3) {
+                fprintf(stderr, "Usage: %s database_id seqnum\n", argv[0]);
+                return NT_STATUS_OK;
+        }
+
+        database_id = atoi(argv[1]);
+        tmp = atoi(argv[2]);
+
+        seqnum.low = tmp & 0xffff;
+        seqnum.high = 0;
+
+        if (!secrets_init()) {
+                fprintf(stderr, "Unable to initialise secrets database\n");
+                goto done;
+        }
+
+        /* Initialise session credentials */
+
+	if (!secrets_fetch_trust_account_password(lp_workgroup(), trust_passwd,
+                                                  NULL)) {
+		fprintf(stderr, "could not fetch trust account password\n");
+		goto done;
+	}        
+
+        result = cli_nt_setup_creds(cli, trust_passwd);
+
+        if (!NT_STATUS_IS_OK(result)) {
+                fprintf(stderr, "Error initialising session creds\n");
+                goto done;
+        }
+
+        /* Synchronise sam database */
+
+	result = cli_netlogon_sam_deltas(cli, mem_ctx, database_id,
+					 seqnum, &num_deltas, 
+					 &hdr_deltas, &deltas);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+        /* Display results */
+
+        display_sam_sync(num_deltas, hdr_deltas, deltas);
+        
+ done:
+        return result;
+}
+
+/* Log on a domain user */
+
+static NTSTATUS cmd_netlogon_sam_logon(struct cli_state *cli, 
+                                       TALLOC_CTX *mem_ctx, int argc,
+                                       char **argv)
+{
+        unsigned char trust_passwd[16];
+        NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+        int logon_type = NET_LOGON_TYPE;
+        char *username, *password;
+
+        /* Check arguments */
+
+        if (argc < 3 || argc > 4) {
+                fprintf(stderr, "Usage: samlogon <username> <password> "
+                        "[logon_type]\n");
+                return NT_STATUS_OK;
+        }
+
+        username = argv[1];
+        password = argv[2];
+
+        if (argc == 4)
+                sscanf(argv[3], "%i", &logon_type);
+
+        /* Authenticate ourselves with the domain controller */
+
+        if (!secrets_init()) {
+                fprintf(stderr, "Unable to initialise secrets database\n");
+                return result;
+        }
+
+	if (!secrets_fetch_trust_account_password(lp_workgroup(), trust_passwd,
+                                                  NULL)) {
+		fprintf(stderr, "could not fetch trust account password\n");
+		goto done;
+	}        
+
+        result = cli_nt_setup_creds(cli, trust_passwd);
+
+        if (!NT_STATUS_IS_OK(result)) {
+                fprintf(stderr, "Error initialising session creds\n");
+                goto done;
+        }
+
+        /* Perform the sam logon */
+
+        result = cli_netlogon_sam_logon(cli, mem_ctx, username, password,
+                                        logon_type);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+ done:
+        return result;
+}
+
+/* List of commands exported by this module */
+
+struct cmd_set netlogon_commands[] = {
+
+	{ "NETLOGON" },
+
+	{ "logonctrl2", cmd_netlogon_logon_ctrl2, PIPE_NETLOGON, "Logon Control 2",     "" },
+	{ "logonctrl",  cmd_netlogon_logon_ctrl,  PIPE_NETLOGON, "Logon Control",       "" },
+	{ "samsync",    cmd_netlogon_sam_sync,    PIPE_NETLOGON, "Sam Synchronisation", "" },
+	{ "samdeltas",  cmd_netlogon_sam_deltas,  PIPE_NETLOGON, "Query Sam Deltas",    "" },
+        { "samlogon",   cmd_netlogon_sam_logon,   PIPE_NETLOGON, "Sam Logon",           "" },
+
+	{ NULL }
+};
diff --git a/source3/rpcclient/cmd_reg.c b/source3/rpcclient/cmd_reg.c
new file mode 100644
index 0000000000..c089917f9b
--- /dev/null
+++ b/source3/rpcclient/cmd_reg.c
@@ -0,0 +1,1010 @@
+/* 
+   Unix SMB/CIFS implementation.
+   NT Domain Authentication SMB / MSRPC client
+   Copyright (C) Andrew Tridgell 1994-1997
+   Copyright (C) Luke Kenneth Casson Leighton 1996-1997
+   Copyright (C) Simo Sorce 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "rpcclient.h"
+
+/*
+ * keys.  of the form:
+ * ----
+ *
+ * [HKLM]|[HKU]\[parent_keyname_components]\[subkey]|[value]
+ *
+ * reg_getsubkey() splits this down into:
+ * [HKLM]|[HKU]\[parent_keyname_components] and [subkey]|[value]
+ *
+ * do_reg_connect() splits the left side down further into:
+ * [HKLM]|[HKU] and [parent_keyname_components].
+ *
+ * HKLM is short for HKEY_LOCAL_MACHINE
+ * HKU  is short for HKEY_USERS
+ *
+ * oh, and HKEY stands for "Hive Key".
+ *
+ */
+
+#if 0 /* Simo: reg functions need to be updated to the new cmd interface */
+
+/****************************************************************************
+nt registry enum
+****************************************************************************/
+static void cmd_reg_enum(struct client_info *info)
+{
+	BOOL res = True;
+	BOOL res1 = True;
+	BOOL res2 = True;
+	int i;
+
+	POLICY_HND key_pol;
+	fstring full_keyname;
+	fstring key_name;
+
+	/*
+	 * query key info
+	 */
+
+	fstring key_class;
+	uint32 max_class_len = 0;
+	uint32 num_subkeys;
+	uint32 max_subkeylen;
+	uint32 max_subkeysize; 
+	uint32 num_values;
+	uint32 max_valnamelen;
+	uint32 max_valbufsize;
+	uint32 sec_desc;
+	NTTIME mod_time;
+
+	/*
+	 * unknown 0x1a request
+	 */
+
+	uint32 unk_1a_response;
+
+	DEBUG(5, ("cmd_reg_enum: smb_cli->fd:%d\n", smb_cli->fd));
+
+	if (!next_token_nr(NULL, full_keyname, NULL, sizeof(full_keyname)))
+	{
+		fprintf(out_hnd, "regenum <key_name>\n");
+		return;
+	}
+
+	/* open WINREG session. */
+	res = res ? cli_nt_session_open(smb_cli, PIPE_WINREG) : False;
+
+	/* open registry receive a policy handle */
+	res = res ? do_reg_connect(smb_cli, full_keyname, key_name,
+				&info->dom.reg_pol_connect) : False;
+
+	if ((*key_name) != 0)
+	{
+		/* open an entry */
+		res1 = res  ? do_reg_open_entry(smb_cli, &info->dom.reg_pol_connect,
+					 key_name, 0x02000000, &key_pol) : False;
+	}
+	else
+	{
+		memcpy(&key_pol, &info->dom.reg_pol_connect, sizeof(key_pol));
+	}
+
+	res1 = res1 ? do_reg_query_key(smb_cli,
+				&key_pol,
+				key_class, &max_class_len,
+	                        &num_subkeys, &max_subkeylen, &max_subkeysize,
+				&num_values, &max_valnamelen, &max_valbufsize,
+	                        &sec_desc, &mod_time) : False;
+
+	if (res1 && num_subkeys > 0)
+	{
+		fprintf(out_hnd,"Subkeys\n");
+		fprintf(out_hnd,"-------\n");
+	}
+
+	for (i = 0; i < num_subkeys; i++)
+	{
+		/*
+		 * enumerate key
+		 */
+
+		fstring enum_name;
+		uint32 enum_unk1;
+		uint32 enum_unk2;
+		time_t key_mod_time;
+
+		/* unknown 1a it */
+		res2 = res1 ? do_reg_unknown_1a(smb_cli, &key_pol,
+					&unk_1a_response) : False;
+
+		if (res2 && unk_1a_response != 5)
+		{
+			fprintf(out_hnd,"Unknown 1a response: %x\n", unk_1a_response);
+		}
+
+		/* enum key */
+		res2 = res2 ? do_reg_enum_key(smb_cli, &key_pol,
+					i, enum_name,
+					&enum_unk1, &enum_unk2,
+					&key_mod_time) : False;
+		
+		if (res2)
+		{
+			display_reg_key_info(out_hnd, ACTION_HEADER   , enum_name, key_mod_time);
+			display_reg_key_info(out_hnd, ACTION_ENUMERATE, enum_name, key_mod_time);
+			display_reg_key_info(out_hnd, ACTION_FOOTER   , enum_name, key_mod_time);
+		}
+
+	}
+
+	if (num_values > 0)
+	{
+		fprintf(out_hnd,"Key Values\n");
+		fprintf(out_hnd,"----------\n");
+	}
+
+	for (i = 0; i < num_values; i++)
+	{
+		/*
+		 * enumerate key
+		 */
+
+		uint32 val_type;
+		BUFFER2 value;
+		fstring val_name;
+
+		/* unknown 1a it */
+		res2 = res1 ? do_reg_unknown_1a(smb_cli, &key_pol,
+					&unk_1a_response) : False;
+
+		if (res2 && unk_1a_response != 5)
+		{
+			fprintf(out_hnd,"Unknown 1a response: %x\n", unk_1a_response);
+		}
+
+		/* enum key */
+		res2 = res2 ? do_reg_enum_val(smb_cli, &key_pol,
+					i, max_valnamelen, max_valbufsize,
+		                        val_name, &val_type, &value) : False;
+		
+		if (res2)
+		{
+			display_reg_value_info(out_hnd, ACTION_HEADER   , val_name, val_type, &value);
+			display_reg_value_info(out_hnd, ACTION_ENUMERATE, val_name, val_type, &value);
+			display_reg_value_info(out_hnd, ACTION_FOOTER   , val_name, val_type, &value);
+		}
+	}
+
+	/* close the handles */
+	if ((*key_name) != 0)
+	{
+		res1 = res1 ? do_reg_close(smb_cli, &key_pol) : False;
+	}
+	res  = res  ? do_reg_close(smb_cli, &info->dom.reg_pol_connect) : False;
+
+	/* close the session */
+	cli_nt_session_close(smb_cli);
+
+	if (res && res1 && res2)
+	{
+		DEBUG(5,("cmd_reg_enum: query succeeded\n"));
+	}
+	else
+	{
+		DEBUG(5,("cmd_reg_enum: query failed\n"));
+	}
+}
+
+/****************************************************************************
+nt registry query key
+****************************************************************************/
+static void cmd_reg_query_key(struct client_info *info)
+{
+	BOOL res = True;
+	BOOL res1 = True;
+
+	POLICY_HND key_pol;
+	fstring full_keyname;
+	fstring key_name;
+
+	/*
+	 * query key info
+	 */
+
+	fstring key_class;
+	uint32 key_class_len = 0;
+	uint32 num_subkeys;
+	uint32 max_subkeylen;
+	uint32 max_subkeysize; 
+	uint32 num_values;
+	uint32 max_valnamelen;
+	uint32 max_valbufsize;
+	uint32 sec_desc;
+	NTTIME mod_time;
+
+	DEBUG(5, ("cmd_reg_enum: smb_cli->fd:%d\n", smb_cli->fd));
+
+	if (!next_token_nr(NULL, full_keyname, NULL, sizeof(full_keyname)))
+	{
+		fprintf(out_hnd, "regquery key_name\n");
+		return;
+	}
+
+	/* open WINREG session. */
+	res = res ? cli_nt_session_open(smb_cli, PIPE_WINREG) : False;
+
+	/* open registry receive a policy handle */
+	res = res ? do_reg_connect(smb_cli, full_keyname, key_name,
+				&info->dom.reg_pol_connect) : False;
+
+	if ((*key_name) != 0)
+	{
+		/* open an entry */
+		res1 = res  ? do_reg_open_entry(smb_cli, &info->dom.reg_pol_connect,
+					 key_name, 0x02000000, &key_pol) : False;
+	}
+	else
+	{
+		memcpy(&key_pol, &info->dom.reg_pol_connect, sizeof(key_pol));
+	}
+
+	res1 = res1 ? do_reg_query_key(smb_cli,
+				&key_pol,
+				key_class, &key_class_len,
+	                        &num_subkeys, &max_subkeylen, &max_subkeysize,
+				&num_values, &max_valnamelen, &max_valbufsize,
+	                        &sec_desc, &mod_time) : False;
+
+	if (res1 && key_class_len != 0)
+	{
+		res1 = res1 ? do_reg_query_key(smb_cli,
+				&key_pol,
+				key_class, &key_class_len,
+	                        &num_subkeys, &max_subkeylen, &max_subkeysize,
+				&num_values, &max_valnamelen, &max_valbufsize,
+	                        &sec_desc, &mod_time) : False;
+	}
+
+	if (res1)
+	{
+		fprintf(out_hnd,"Registry Query Info Key\n");
+		fprintf(out_hnd,"key class: %s\n", key_class);
+		fprintf(out_hnd,"subkeys, max_len, max_size: %d %d %d\n", num_subkeys, max_subkeylen, max_subkeysize);
+		fprintf(out_hnd,"vals, max_len, max_size: 0x%x 0x%x 0x%x\n", num_values, max_valnamelen, max_valbufsize);
+		fprintf(out_hnd,"sec desc: 0x%x\n", sec_desc);
+		fprintf(out_hnd,"mod time: %s\n", http_timestring(nt_time_to_unix(&mod_time)));
+	}
+
+	/* close the handles */
+	if ((*key_name) != 0)
+	{
+		res1 = res1 ? do_reg_close(smb_cli, &key_pol) : False;
+	}
+	res  = res  ? do_reg_close(smb_cli, &info->dom.reg_pol_connect) : False;
+
+	/* close the session */
+	cli_nt_session_close(smb_cli);
+
+	if (res && res1)
+	{
+		DEBUG(5,("cmd_reg_query: query succeeded\n"));
+	}
+	else
+	{
+		DEBUG(5,("cmd_reg_query: query failed\n"));
+	}
+}
+
+/****************************************************************************
+nt registry create value
+****************************************************************************/
+static void cmd_reg_create_val(struct client_info *info)
+{
+	BOOL res = True;
+	BOOL res3 = True;
+	BOOL res4 = True;
+
+	POLICY_HND parent_pol;
+	fstring full_keyname;
+	fstring keyname;
+	fstring parent_name;
+	fstring val_name;
+	fstring tmp;
+	uint32 val_type;
+	BUFFER3 value;
+
+#if 0
+	uint32 unk_0;
+	uint32 unk_1;
+	/* query it */
+	res1 = res1 ? do_reg_query_info(smb_cli, &val_pol,
+	                        val_name, *val_type) : False;
+#endif
+
+	DEBUG(5, ("cmd_reg_create_val: smb_cli->fd:%d\n", smb_cli->fd));
+
+	if (!next_token_nr(NULL, full_keyname, NULL, sizeof(full_keyname)))
+	{
+		fprintf(out_hnd, "regcreate <val_name> <val_type> <val>\n");
+		return;
+	}
+
+	reg_get_subkey(full_keyname, keyname, val_name);
+
+	if (keyname[0] == 0 || val_name[0] == 0)
+	{
+		fprintf(out_hnd, "invalid key name\n");
+		return;
+	}
+	
+	if (!next_token_nr(NULL, tmp, NULL, sizeof(tmp)))
+	{
+		fprintf(out_hnd, "regcreate <val_name> <val_type (1|4)> <val>\n");
+		return;
+	}
+
+	val_type = atoi(tmp);
+
+	if (val_type != 1 && val_type != 3 && val_type != 4)
+	{
+		fprintf(out_hnd, "val_type 1=UNISTR, 3=BYTES, 4=DWORD supported\n");
+		return;
+	}
+
+	if (!next_token_nr(NULL, tmp, NULL, sizeof(tmp)))
+	{
+		fprintf(out_hnd, "regcreate <val_name> <val_type (1|4)> <val>\n");
+		return;
+	}
+
+	switch (val_type)
+	{
+		case 0x01: /* UNISTR */
+		{
+			init_buffer3_str(&value, tmp, strlen(tmp)+1);
+			break;
+		}
+		case 0x03: /* BYTES */
+		{
+			init_buffer3_hex(&value, tmp);
+			break;
+		}
+		case 0x04: /* DWORD */
+		{
+			uint32 tmp_val;
+			if (strnequal(tmp, "0x", 2))
+			{
+				tmp_val = strtol(tmp, (char**)NULL, 16);
+			}
+			else
+			{
+				tmp_val = strtol(tmp, (char**)NULL, 10);
+			}
+			init_buffer3_uint32(&value, tmp_val);
+			break;
+		}
+		default:
+		{
+			fprintf(out_hnd, "i told you i only deal with UNISTR, DWORD and BYTES!\n");
+			return;
+		}
+	}
+		
+	DEBUG(10,("key data:\n"));
+	dump_data(10, (char *)value.buffer, value.buf_len);
+
+	/* open WINREG session. */
+	res = res ? cli_nt_session_open(smb_cli, PIPE_WINREG) : False;
+
+	/* open registry receive a policy handle */
+	res = res ? do_reg_connect(smb_cli, keyname, parent_name,
+				&info->dom.reg_pol_connect) : False;
+
+	if ((*val_name) != 0)
+	{
+		/* open an entry */
+		res3 = res  ? do_reg_open_entry(smb_cli, &info->dom.reg_pol_connect,
+					 parent_name, 0x02000000, &parent_pol) : False;
+	}
+	else
+	{
+		memcpy(&parent_pol, &info->dom.reg_pol_connect, sizeof(parent_pol));
+	}
+
+	/* create an entry */
+	res4 = res3 ? do_reg_create_val(smb_cli, &parent_pol,
+				 val_name, val_type, &value) : False;
+
+	/* flush the modified key */
+	res4 = res4 ? do_reg_flush_key(smb_cli, &parent_pol) : False;
+
+	/* close the val handle */
+	if ((*val_name) != 0)
+	{
+		res3 = res3 ? do_reg_close(smb_cli, &parent_pol) : False;
+	}
+
+	/* close the registry handles */
+	res  = res  ? do_reg_close(smb_cli, &info->dom.reg_pol_connect) : False;
+
+	/* close the session */
+	cli_nt_session_close(smb_cli);
+
+	if (res && res3 && res4)
+	{
+		DEBUG(5,("cmd_reg_create_val: query succeeded\n"));
+		fprintf(out_hnd,"OK\n");
+	}
+	else
+	{
+		DEBUG(5,("cmd_reg_create_val: query failed\n"));
+	}
+}
+
+/****************************************************************************
+nt registry delete value
+****************************************************************************/
+static void cmd_reg_delete_val(struct client_info *info)
+{
+	BOOL res = True;
+	BOOL res3 = True;
+	BOOL res4 = True;
+
+	POLICY_HND parent_pol;
+	fstring full_keyname;
+	fstring keyname;
+	fstring parent_name;
+	fstring val_name;
+
+	DEBUG(5, ("cmd_reg_delete_val: smb_cli->fd:%d\n", smb_cli->fd));
+
+	if (!next_token_nr(NULL, full_keyname, NULL, sizeof(full_keyname)))
+	{
+		fprintf(out_hnd, "regdelete <val_name>\n");
+		return;
+	}
+
+	reg_get_subkey(full_keyname, keyname, val_name);
+
+	if (keyname[0] == 0 || val_name[0] == 0)
+	{
+		fprintf(out_hnd, "invalid key name\n");
+		return;
+	}
+	
+	/* open WINREG session. */
+	res = res ? cli_nt_session_open(smb_cli, PIPE_WINREG) : False;
+
+	/* open registry receive a policy handle */
+	res = res ? do_reg_connect(smb_cli, keyname, parent_name,
+				&info->dom.reg_pol_connect) : False;
+
+	if ((*val_name) != 0)
+	{
+		/* open an entry */
+		res3 = res  ? do_reg_open_entry(smb_cli, &info->dom.reg_pol_connect,
+					 parent_name, 0x02000000, &parent_pol) : False;
+	}
+	else
+	{
+		memcpy(&parent_pol, &info->dom.reg_pol_connect, sizeof(parent_pol));
+	}
+
+	/* delete an entry */
+	res4 = res3 ? do_reg_delete_val(smb_cli, &parent_pol, val_name) : False;
+
+	/* flush the modified key */
+	res4 = res4 ? do_reg_flush_key(smb_cli, &parent_pol) : False;
+
+	/* close the key handle */
+	res3 = res3 ? do_reg_close(smb_cli, &parent_pol) : False;
+
+	/* close the registry handles */
+	res  = res  ? do_reg_close(smb_cli, &info->dom.reg_pol_connect) : False;
+
+	/* close the session */
+	cli_nt_session_close(smb_cli);
+
+	if (res && res3 && res4)
+	{
+		DEBUG(5,("cmd_reg_delete_val: query succeeded\n"));
+		fprintf(out_hnd,"OK\n");
+	}
+	else
+	{
+		DEBUG(5,("cmd_reg_delete_val: query failed\n"));
+	}
+}
+
+/****************************************************************************
+nt registry delete key
+****************************************************************************/
+static void cmd_reg_delete_key(struct client_info *info)
+{
+	BOOL res = True;
+	BOOL res3 = True;
+	BOOL res4 = True;
+
+	POLICY_HND parent_pol;
+	fstring full_keyname;
+	fstring parent_name;
+	fstring key_name;
+	fstring subkey_name;
+
+	DEBUG(5, ("cmd_reg_delete_key: smb_cli->fd:%d\n", smb_cli->fd));
+
+	if (!next_token_nr(NULL, full_keyname, NULL, sizeof(full_keyname)))
+	{
+		fprintf(out_hnd, "regdeletekey <key_name>\n");
+		return;
+	}
+
+	reg_get_subkey(full_keyname, parent_name, subkey_name);
+
+	if (parent_name[0] == 0 || subkey_name[0] == 0)
+	{
+		fprintf(out_hnd, "invalid key name\n");
+		return;
+	}
+	
+	/* open WINREG session. */
+	res = res ? cli_nt_session_open(smb_cli, PIPE_WINREG) : False;
+
+	/* open registry receive a policy handle */
+	res = res ? do_reg_connect(smb_cli, parent_name, key_name,
+				&info->dom.reg_pol_connect) : False;
+
+	if ((*key_name) != 0)
+	{
+		/* open an entry */
+		res3 = res  ? do_reg_open_entry(smb_cli, &info->dom.reg_pol_connect,
+					 key_name, 0x02000000, &parent_pol) : False;
+	}
+	else
+	{
+		memcpy(&parent_pol, &info->dom.reg_pol_connect, sizeof(parent_pol));
+	}
+
+	/* create an entry */
+	res4 = res3 ? do_reg_delete_key(smb_cli, &parent_pol, subkey_name) : False;
+
+	/* flush the modified key */
+	res4 = res4 ? do_reg_flush_key(smb_cli, &parent_pol) : False;
+
+	/* close the key handle */
+	if ((*key_name) != 0)
+	{
+		res3 = res3 ? do_reg_close(smb_cli, &parent_pol) : False;
+	}
+
+	/* close the registry handles */
+	res  = res  ? do_reg_close(smb_cli, &info->dom.reg_pol_connect) : False;
+
+	/* close the session */
+	cli_nt_session_close(smb_cli);
+
+	if (res && res3 && res4)
+	{
+		DEBUG(5,("cmd_reg_delete_key: query succeeded\n"));
+		fprintf(out_hnd,"OK\n");
+	}
+	else
+	{
+		DEBUG(5,("cmd_reg_delete_key: query failed\n"));
+	}
+}
+
+/****************************************************************************
+nt registry create key
+****************************************************************************/
+static void cmd_reg_create_key(struct client_info *info)
+{
+	BOOL res = True;
+	BOOL res3 = True;
+	BOOL res4 = True;
+
+	POLICY_HND parent_pol;
+	POLICY_HND key_pol;
+	fstring full_keyname;
+	fstring parent_key;
+	fstring parent_name;
+	fstring key_name;
+	fstring key_class;
+	SEC_ACCESS sam_access;
+
+	DEBUG(5, ("cmd_reg_create_key: smb_cli->fd:%d\n", smb_cli->fd));
+
+	if (!next_token_nr(NULL, full_keyname, NULL, sizeof(full_keyname)))
+	{
+		fprintf(out_hnd, "regcreate <key_name> [key_class]\n");
+		return;
+	}
+
+	reg_get_subkey(full_keyname, parent_key, key_name);
+
+	if (parent_key[0] == 0 || key_name[0] == 0)
+	{
+		fprintf(out_hnd, "invalid key name\n");
+		return;
+	}
+	
+	if (!next_token_nr(NULL, key_class, NULL, sizeof(key_class)))
+	{
+		memset(key_class, 0, sizeof(key_class));
+	}
+
+	/* set access permissions */
+	sam_access.mask = SEC_RIGHTS_READ;
+
+	/* open WINREG session. */
+	res = res ? cli_nt_session_open(smb_cli, PIPE_WINREG) : False;
+
+	/* open registry receive a policy handle */
+	res = res ? do_reg_connect(smb_cli, parent_key, parent_name,
+				&info->dom.reg_pol_connect) : False;
+
+	if ((*parent_name) != 0)
+	{
+		/* open an entry */
+		res3 = res  ? do_reg_open_entry(smb_cli, &info->dom.reg_pol_connect,
+					 parent_name, 0x02000000, &parent_pol) : False;
+	}
+	else
+	{
+		memcpy(&parent_pol, &info->dom.reg_pol_connect, sizeof(parent_pol));
+	}
+
+	/* create an entry */
+	res4 = res3 ? do_reg_create_key(smb_cli, &parent_pol,
+				 key_name, key_class, &sam_access, &key_pol) : False;
+
+	/* flush the modified key */
+	res4 = res4 ? do_reg_flush_key(smb_cli, &parent_pol) : False;
+
+	/* close the key handle */
+	res4 = res4 ? do_reg_close(smb_cli, &key_pol) : False;
+
+	/* close the key handle */
+	if ((*parent_name) != 0)
+	{
+		res3 = res3 ? do_reg_close(smb_cli, &parent_pol) : False;
+	}
+
+	/* close the registry handles */
+	res  = res  ? do_reg_close(smb_cli, &info->dom.reg_pol_connect) : False;
+
+	/* close the session */
+	cli_nt_session_close(smb_cli);
+
+	if (res && res3 && res4)
+	{
+		DEBUG(5,("cmd_reg_create_key: query succeeded\n"));
+		fprintf(out_hnd,"OK\n");
+	}
+	else
+	{
+		DEBUG(5,("cmd_reg_create_key: query failed\n"));
+	}
+}
+
+/****************************************************************************
+nt registry security info
+****************************************************************************/
+static void cmd_reg_test_key_sec(struct client_info *info)
+{
+	BOOL res = True;
+	BOOL res3 = True;
+	BOOL res4 = True;
+
+	POLICY_HND key_pol;
+	fstring full_keyname;
+	fstring key_name;
+
+	/*
+	 * security info
+	 */
+
+	uint32 sec_buf_size;
+	SEC_DESC_BUF *psdb;
+
+	DEBUG(5, ("cmd_reg_get_key_sec: smb_cli->fd:%d\n", smb_cli->fd));
+
+	if (!next_token_nr(NULL, full_keyname, NULL, sizeof(full_keyname)))
+	{
+		fprintf(out_hnd, "reggetsec <key_name>\n");
+		return;
+	}
+
+	/* open WINREG session. */
+	res = res ? cli_nt_session_open(smb_cli, PIPE_WINREG) : False;
+
+	/* open registry receive a policy handle */
+	res = res ? do_reg_connect(smb_cli, full_keyname, key_name,
+				&info->dom.reg_pol_connect) : False;
+
+	if ((*key_name) != 0)
+	{
+		/* open an entry */
+		res3 = res  ? do_reg_open_entry(smb_cli, &info->dom.reg_pol_connect,
+					 key_name, 0x02000000, &key_pol) : False;
+	}
+	else
+	{
+		memcpy(&key_pol, &info->dom.reg_pol_connect, sizeof(key_pol));
+	}
+
+	/* open an entry */
+	res3 = res ? do_reg_open_entry(smb_cli, &info->dom.reg_pol_connect,
+				 key_name, 0x02000000, &key_pol) : False;
+
+	/* query key sec info.  first call sets sec_buf_size. */
+
+	sec_buf_size = 0;
+	res4 = res3 ? do_reg_get_key_sec(smb_cli, &key_pol,
+				&sec_buf_size, &psdb) : False;
+	
+	free_sec_desc_buf(&psdb);
+
+	res4 = res4 ? do_reg_get_key_sec(smb_cli, &key_pol,
+				&sec_buf_size, &psdb) : False;
+
+	if (res4 && psdb->len > 0 && psdb->sec != NULL)
+	{
+		display_sec_desc(out_hnd, ACTION_HEADER   , psdb->sec);
+		display_sec_desc(out_hnd, ACTION_ENUMERATE, psdb->sec);
+		display_sec_desc(out_hnd, ACTION_FOOTER   , psdb->sec);
+
+		res4 = res4 ? do_reg_set_key_sec(smb_cli, &key_pol, psdb) : False;
+	}
+
+	free_sec_desc_buf(&psdb);
+
+	/* close the key handle */
+	if ((*key_name) != 0)
+	{
+		res3 = res3 ? do_reg_close(smb_cli, &key_pol) : False;
+	}
+
+	/* close the registry handles */
+	res  = res  ? do_reg_close(smb_cli, &info->dom.reg_pol_connect) : False;
+
+	/* close the session */
+	cli_nt_session_close(smb_cli);
+
+	if (res && res3 && res4)
+	{
+		DEBUG(5,("cmd_reg_test2: query succeeded\n"));
+		fprintf(out_hnd,"Registry Test2\n");
+	}
+	else
+	{
+		DEBUG(5,("cmd_reg_test2: query failed\n"));
+	}
+}
+
+/****************************************************************************
+nt registry security info
+****************************************************************************/
+static void cmd_reg_get_key_sec(struct client_info *info)
+{
+	BOOL res = True;
+	BOOL res3 = True;
+	BOOL res4 = True;
+
+	POLICY_HND key_pol;
+	fstring full_keyname;
+	fstring key_name;
+
+	/*
+	 * security info
+	 */
+
+	uint32 sec_buf_size;
+	SEC_DESC_BUF *psdb;
+
+	DEBUG(5, ("cmd_reg_get_key_sec: smb_cli->fd:%d\n", smb_cli->fd));
+
+	if (!next_token_nr(NULL, full_keyname, NULL, sizeof(full_keyname)))
+	{
+		fprintf(out_hnd, "reggetsec <key_name>\n");
+		return;
+	}
+
+	/* open WINREG session. */
+	res = res ? cli_nt_session_open(smb_cli, PIPE_WINREG) : False;
+
+	/* open registry receive a policy handle */
+	res = res ? do_reg_connect(smb_cli, full_keyname, key_name,
+				&info->dom.reg_pol_connect) : False;
+
+	if ((*key_name) != 0)
+	{
+		/* open an entry */
+		res3 = res  ? do_reg_open_entry(smb_cli, &info->dom.reg_pol_connect,
+					 key_name, 0x02000000, &key_pol) : False;
+	}
+	else
+	{
+		memcpy(&key_pol, &info->dom.reg_pol_connect, sizeof(key_pol));
+	}
+
+	/* open an entry */
+	res3 = res ? do_reg_open_entry(smb_cli, &info->dom.reg_pol_connect,
+				 key_name, 0x02000000, &key_pol) : False;
+
+	/* Get the size. */
+	sec_buf_size = 0;
+	res4 = res3 ? do_reg_get_key_sec(smb_cli, &key_pol,
+				&sec_buf_size, &psdb) : False;
+	
+	free_sec_desc_buf(&psdb);
+
+	res4 = res4 ? do_reg_get_key_sec(smb_cli, &key_pol,
+				&sec_buf_size, &psdb) : False;
+
+	if (res4 && psdb->len > 0 && psdb->sec != NULL)
+	{
+		display_sec_desc(out_hnd, ACTION_HEADER   , psdb->sec);
+		display_sec_desc(out_hnd, ACTION_ENUMERATE, psdb->sec);
+		display_sec_desc(out_hnd, ACTION_FOOTER   , psdb->sec);
+	}
+
+	free_sec_desc_buf(&psdb);
+
+	/* close the key handle */
+	if ((*key_name) != 0)
+	{
+		res3 = res3 ? do_reg_close(smb_cli, &key_pol) : False;
+	}
+
+	/* close the registry handles */
+	res  = res  ? do_reg_close(smb_cli, &info->dom.reg_pol_connect) : False;
+
+	/* close the session */
+	cli_nt_session_close(smb_cli);
+
+	if (res && res3 && res4)
+	{
+		DEBUG(5,("cmd_reg_get_key_sec: query succeeded\n"));
+	}
+	else
+	{
+		DEBUG(5,("cmd_reg_get_key_sec: query failed\n"));
+	}
+}
+
+#endif /* 0 */
+
+/****************************************************************************
+nt registry shutdown
+****************************************************************************/
+static NTSTATUS cmd_reg_shutdown(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+                                 int argc, char **argv)
+{
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	fstring msg;
+	uint32 timeout = 20;
+	uint16 flgs = 0;
+	int opt;
+
+	*msg = 0;
+	optind = 0; /* TODO: test if this hack works on other systems too --simo */
+
+	while ((opt = getopt(argc, argv, "m:t:rf")) != EOF)
+	{
+		fprintf (stderr, "[%s]\n", argv[argc-1]);
+	
+		switch (opt)
+		{
+			case 'm':
+			{
+				safe_strcpy(msg, optarg, sizeof(msg)-1);
+				fprintf (stderr, "[%s|%s]\n", optarg, msg);
+				break;
+			}
+			case 't':
+			{
+				timeout = atoi(optarg);
+				fprintf (stderr, "[%s|%d]\n", optarg, timeout);
+			break;
+			}
+			case 'r':
+			{
+				flgs |= 0x100;
+			break;
+			}
+			case 'f':
+			{
+				flgs |= 0x001;
+				break;
+			}
+		}
+	}
+
+	/* create an entry */
+	result = cli_reg_shutdown(cli, mem_ctx, msg, timeout, flgs);
+
+	if (NT_STATUS_IS_OK(result))
+		DEBUG(5,("cmd_reg_shutdown: query succeeded\n"));
+	else
+		DEBUG(5,("cmd_reg_shutdown: query failed\n"));
+
+	return result;
+}
+
+/****************************************************************************
+abort a shutdown
+****************************************************************************/
+static NTSTATUS cmd_reg_abort_shutdown(struct cli_state *cli, 
+                                       TALLOC_CTX *mem_ctx, int argc, 
+                                       char **argv)
+{
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	result = cli_reg_abort_shutdown(cli, mem_ctx);
+
+	if (NT_STATUS_IS_OK(result))
+		DEBUG(5,("cmd_reg_abort_shutdown: query succeeded\n"));
+	else
+		DEBUG(5,("cmd_reg_abort_shutdown: query failed\n"));
+
+	return result;
+}
+
+
+/* List of commands exported by this module */
+struct cmd_set reg_commands[] = {
+
+	{ "REG"  },
+
+	{ "shutdown",		cmd_reg_shutdown,		PIPE_WINREG, "Remote Shutdown",
+				"[-m message] [-t timeout] [-r] [-f] (-r == reboot, -f == force)" },
+				
+	{ "abortshutdown",	cmd_reg_abort_shutdown,		PIPE_WINREG, "Abort Shutdown",
+				"" },				
+/*
+	{ "regenum",		cmd_reg_enum,			"Registry Enumeration",
+				"<keyname>" },
+				
+	{ "regdeletekey",	cmd_reg_delete_key,		"Registry Key Delete",
+				"<keyname>" },
+				
+	{ "regcreatekey",	cmd_reg_create_key,		"Registry Key Create",
+				"<keyname> [keyclass]" },
+				
+	{ "regqueryval",	cmd_reg_query_info,		"Registry Value Query",
+				"<valname>" },
+				
+	{ "regquerykey",	cmd_reg_query_key,		"Registry Key Query",
+				"<keyname>" },
+				
+	{ "regdeleteval",	cmd_reg_delete_val,		"Registry Value Delete",
+				"<valname>" },
+	
+	{ "regcreateval",	cmd_reg_create_val,		"Registry Key Create",
+				"<valname> <valtype> <value>" },
+	
+	{ "reggetsec",		cmd_reg_get_key_sec,		"Registry Key Security",
+				"<keyname>" },
+	
+	{ "regtestsec",		cmd_reg_test_key_sec,		"Test Registry Key Security",
+				"<keyname>" },
+*/
+	{ NULL }
+};
diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
new file mode 100644
index 0000000000..ee46fc64a5
--- /dev/null
+++ b/source3/rpcclient/cmd_samr.c
@@ -0,0 +1,1288 @@
+/* 
+   Unix SMB/CIFS implementation.
+   RPC pipe client
+
+   Copyright (C) Andrew Tridgell              1992-2000,
+   Copyright (C) Luke Kenneth Casson Leighton 1996-2000,
+   Copyright (C) Elrond                            2000,
+   Copyright (C) Tim Potter                        2000
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "rpcclient.h"
+
+extern DOM_SID domain_sid;
+
+/****************************************************************************
+ display sam_user_info_21 structure
+ ****************************************************************************/
+static void display_sam_user_info_21(SAM_USER_INFO_21 *usr)
+{
+	fstring temp;
+
+	unistr2_to_ascii(temp, &usr->uni_user_name, sizeof(temp)-1);
+	printf("\tUser Name   :\t%s\n", temp);
+	
+	unistr2_to_ascii(temp, &usr->uni_full_name, sizeof(temp)-1);
+	printf("\tFull Name   :\t%s\n", temp);
+	
+	unistr2_to_ascii(temp, &usr->uni_home_dir, sizeof(temp)-1);
+	printf("\tHome Drive  :\t%s\n", temp);
+	
+	unistr2_to_ascii(temp, &usr->uni_dir_drive, sizeof(temp)-1);
+	printf("\tDir Drive   :\t%s\n", temp);
+	
+	unistr2_to_ascii(temp, &usr->uni_profile_path, sizeof(temp)-1);
+	printf("\tProfile Path:\t%s\n", temp);
+	
+	unistr2_to_ascii(temp, &usr->uni_logon_script, sizeof(temp)-1);
+	printf("\tLogon Script:\t%s\n", temp);
+	
+	unistr2_to_ascii(temp, &usr->uni_acct_desc, sizeof(temp)-1);
+	printf("\tDescription :\t%s\n", temp);
+	
+	unistr2_to_ascii(temp, &usr->uni_workstations, sizeof(temp)-1);
+	printf("\tWorkstations:\t%s\n", temp);
+	
+	unistr2_to_ascii(temp, &usr->uni_unknown_str, sizeof(temp)-1);
+	printf("\tUnknown Str :\t%s\n", temp);
+	
+	unistr2_to_ascii(temp, &usr->uni_munged_dial, sizeof(temp)-1);
+	printf("\tRemote Dial :\t%s\n", temp);
+	
+	printf("\tLogon Time               :\t%s\n", 
+	       http_timestring(nt_time_to_unix(&usr->logon_time)));
+	printf("\tLogoff Time              :\t%s\n", 
+	       http_timestring(nt_time_to_unix(&usr->logoff_time)));
+	printf("\tKickoff Time             :\t%s\n", 
+	       http_timestring(nt_time_to_unix(&usr->kickoff_time)));
+	printf("\tPassword last set Time   :\t%s\n", 
+	       http_timestring(nt_time_to_unix(&usr->pass_last_set_time)));
+	printf("\tPassword can change Time :\t%s\n", 
+	       http_timestring(nt_time_to_unix(&usr->pass_can_change_time)));
+	printf("\tPassword must change Time:\t%s\n", 
+	       http_timestring(nt_time_to_unix(&usr->pass_must_change_time)));
+	
+	printf("\tunknown_2[0..31]...\n"); /* user passwords? */
+	
+	printf("\tuser_rid :\t%x\n"  , usr->user_rid ); /* User ID */
+	printf("\tgroup_rid:\t%x\n"  , usr->group_rid); /* Group ID */
+	printf("\tacb_info :\t%04x\n", usr->acb_info ); /* Account Control Info */
+	
+	printf("\tunknown_3:\t%08x\n", usr->unknown_3); /* 0x00ff ffff */
+	printf("\tlogon_divs:\t%d\n", usr->logon_divs); /* 0x0000 00a8 which is 168 which is num hrs in a week */
+	printf("\tunknown_5:\t%08x\n", usr->unknown_5); /* 0x0002 0000 */
+	
+	printf("\tpadding1[0..7]...\n");
+	
+	if (usr->ptr_logon_hrs) {
+		printf("\tlogon_hrs[0..%d]...\n", usr->logon_hrs.len);
+	}
+}
+
+static char *display_time(NTTIME nttime)
+{
+	static fstring string;
+
+	float high;
+	float low;
+	int sec;
+	int days, hours, mins, secs;
+
+	if (nttime.high==0 && nttime.low==0)
+		return "Now";
+
+	if (nttime.high==0x80000000 && nttime.low==0)
+		return "Never";
+
+	high = 65536;	
+	high = high/10000;
+	high = high*65536;
+	high = high/1000;
+	high = high * (~nttime.high);
+
+	low = ~nttime.low;	
+	low = low/(1000*1000*10);
+
+	sec=high+low;
+
+	days=sec/(60*60*24);
+	hours=(sec - (days*60*60*24)) / (60*60);
+	mins=(sec - (days*60*60*24) - (hours*60*60) ) / 60;
+	secs=sec - (days*60*60*24) - (hours*60*60) - (mins*60);
+
+	snprintf(string, sizeof(string)-1, "%u days, %u hours, %u minutes, %u seconds", days, hours, mins, secs);
+	return (string);
+}
+
+static void display_sam_unk_info_1(SAM_UNK_INFO_1 *info1)
+{
+	
+	printf("Minimum password length:                     %d\n", info1->min_length_password);
+	printf("Password uniqueness (remember x passwords):  %d\n", info1->password_history);
+	printf("flag:                                        ");
+	if(info1->flag&&2==2) printf("users must open a session to change password ");
+	printf("\n");
+
+	printf("password expire in:                          %s\n", display_time(info1->expire));
+	printf("Min password age (allow changing in x days): %s\n", display_time(info1->min_passwordage));
+}
+
+static void display_sam_unk_info_2(SAM_UNK_INFO_2 *info2)
+{
+	fstring name;
+
+	unistr2_to_ascii(name, &info2->uni_domain, sizeof(name) - 1); 
+	printf("Domain:\t%s\n", name);
+
+	unistr2_to_ascii(name, &info2->uni_server, sizeof(name) - 1); 
+	printf("Server:\t%s\n", name);
+
+	printf("Total Users:\t%d\n", info2->num_domain_usrs);
+	printf("Total Groups:\t%d\n", info2->num_domain_grps);
+	printf("Total Aliases:\t%d\n", info2->num_local_grps);
+	
+	printf("Sequence No:\t%d\n", info2->seq_num);
+	
+	printf("Unknown 0:\t0x%x\n", info2->unknown_0);
+	printf("Unknown 1:\t0x%x\n", info2->unknown_1);
+	printf("Unknown 2:\t0x%x\n", info2->unknown_2);
+	printf("Unknown 3:\t0x%x\n", info2->unknown_3);
+	printf("Unknown 4:\t0x%x\n", info2->unknown_4);
+	printf("Unknown 5:\t0x%x\n", info2->unknown_5);
+	printf("Unknown 6:\t0x%x\n", info2->unknown_6);
+}
+
+static void display_sam_info_1(SAM_ENTRY1 *e1, SAM_STR1 *s1)
+{
+	fstring tmp;
+
+	printf("index: 0x%x ", e1->user_idx);
+	printf("RID: 0x%x ", e1->rid_user);
+	printf("acb: 0x%x ", e1->acb_info);
+
+	unistr2_to_ascii(tmp, &s1->uni_acct_name, sizeof(tmp)-1);
+	printf("Account: %s\t", tmp);
+
+	unistr2_to_ascii(tmp, &s1->uni_full_name, sizeof(tmp)-1);
+	printf("Name: %s\t", tmp);
+
+	unistr2_to_ascii(tmp, &s1->uni_acct_desc, sizeof(tmp)-1);
+	printf("Desc: %s\n", tmp);
+}
+
+static void display_sam_info_2(SAM_ENTRY2 *e2, SAM_STR2 *s2)
+{
+	fstring tmp;
+
+	printf("index: 0x%x ", e2->user_idx);
+	printf("RID: 0x%x ", e2->rid_user);
+	printf("acb: 0x%x ", e2->acb_info);
+	
+	unistr2_to_ascii(tmp, &s2->uni_srv_name, sizeof(tmp)-1);
+	printf("Account: %s\t", tmp);
+
+	unistr2_to_ascii(tmp, &s2->uni_srv_desc, sizeof(tmp)-1);
+	printf("Name: %s\n", tmp);
+
+}
+
+static void display_sam_info_3(SAM_ENTRY3 *e3, SAM_STR3 *s3)
+{
+	fstring tmp;
+
+	printf("index: 0x%x ", e3->grp_idx);
+	printf("RID: 0x%x ", e3->rid_grp);
+	printf("attr: 0x%x ", e3->attr);
+	
+	unistr2_to_ascii(tmp, &s3->uni_grp_name, sizeof(tmp)-1);
+	printf("Account: %s\t", tmp);
+
+	unistr2_to_ascii(tmp, &s3->uni_grp_desc, sizeof(tmp)-1);
+	printf("Name: %s\n", tmp);
+
+}
+
+static void display_sam_info_4(SAM_ENTRY4 *e4, SAM_STR4 *s4)
+{
+	int i;
+
+	printf("index: %d ", e4->user_idx);
+	
+	printf("Account: ");
+	for (i=0; i<s4->acct_name.str_str_len; i++)
+		printf("%c", s4->acct_name.buffer[i]);
+	printf("\n");
+
+}
+
+static void display_sam_info_5(SAM_ENTRY5 *e5, SAM_STR5 *s5)
+{
+	int i;
+
+	printf("index: 0x%x ", e5->grp_idx);
+	
+	printf("Account: ");
+	for (i=0; i<s5->grp_name.str_str_len; i++)
+		printf("%c", s5->grp_name.buffer[i]);
+	printf("\n");
+
+}
+
+/**********************************************************************
+ * Query user information 
+ */
+static NTSTATUS cmd_samr_query_user(struct cli_state *cli, 
+                                    TALLOC_CTX *mem_ctx,
+                                    int argc, char **argv) 
+{
+	POLICY_HND connect_pol, domain_pol, user_pol;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	uint32 info_level = 21;
+	SAM_USERINFO_CTR *user_ctr;
+	fstring server;
+	uint32 user_rid;
+	
+	if (argc != 2) {
+		printf("Usage: %s rid\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+	
+	sscanf(argv[1], "%i", &user_rid);
+
+	slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
+	strupper (server);
+	
+	result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
+				  &connect_pol);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+				      MAXIMUM_ALLOWED_ACCESS,
+				      &domain_sid, &domain_pol);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	result = cli_samr_open_user(cli, mem_ctx, &domain_pol,
+				    MAXIMUM_ALLOWED_ACCESS,
+				    user_rid, &user_pol);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	ZERO_STRUCT(user_ctr);
+
+	result = cli_samr_query_userinfo(cli, mem_ctx, &user_pol, 
+					 info_level, &user_ctr);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	display_sam_user_info_21(user_ctr->info.id21);
+
+done:
+	return result;
+}
+
+/****************************************************************************
+ display group info
+ ****************************************************************************/
+static void display_group_info1(GROUP_INFO1 *info1)
+{
+	fstring temp;
+
+	unistr2_to_ascii(temp, &info1->uni_acct_name, sizeof(temp)-1);
+	printf("\tGroup Name:\t%s\n", temp);
+	unistr2_to_ascii(temp, &info1->uni_acct_desc, sizeof(temp)-1);
+	printf("\tDescription:\t%s\n", temp);
+	printf("\tunk1:%d\n", info1->unknown_1);
+	printf("\tNum Members:%d\n", info1->num_members);
+}
+
+/****************************************************************************
+ display group info
+ ****************************************************************************/
+static void display_group_info4(GROUP_INFO4 *info4)
+{
+	fstring desc;
+
+	unistr2_to_ascii(desc, &info4->uni_acct_desc, sizeof(desc)-1);
+	printf("\tGroup Description:%s\n", desc);
+}
+
+/****************************************************************************
+ display sam sync structure
+ ****************************************************************************/
+static void display_group_info_ctr(GROUP_INFO_CTR *ctr)
+{
+	switch (ctr->switch_value1) {
+	    case 1: {
+		    display_group_info1(&ctr->group.info1);
+		    break;
+	    }
+	    case 4: {
+		    display_group_info4(&ctr->group.info4);
+		    break;
+	    }
+	}
+}
+
+/***********************************************************************
+ * Query group information 
+ */
+static NTSTATUS cmd_samr_query_group(struct cli_state *cli, 
+                                     TALLOC_CTX *mem_ctx,
+                                     int argc, char **argv) 
+{
+	POLICY_HND connect_pol, domain_pol, group_pol;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	uint32 info_level = 1;
+	GROUP_INFO_CTR group_ctr;
+	fstring			server;	
+	uint32 group_rid;
+	
+	if (argc != 2) {
+		printf("Usage: %s rid\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+        sscanf(argv[1], "%i", &group_rid);
+
+	slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
+	strupper (server);
+
+	result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
+				  &connect_pol);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+				      MAXIMUM_ALLOWED_ACCESS,
+				      &domain_sid, &domain_pol);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	result = cli_samr_open_group(cli, mem_ctx, &domain_pol,
+				     MAXIMUM_ALLOWED_ACCESS,
+				     group_rid, &group_pol);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	ZERO_STRUCT(group_ctr);
+
+	result = cli_samr_query_groupinfo(cli, mem_ctx, &group_pol, 
+					  info_level, &group_ctr);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	display_group_info_ctr(&group_ctr);
+
+done:
+	return result;
+}
+
+/* Query groups a user is a member of */
+
+static NTSTATUS cmd_samr_query_usergroups(struct cli_state *cli, 
+                                          TALLOC_CTX *mem_ctx,
+                                          int argc, char **argv) 
+{
+	POLICY_HND 		connect_pol, 
+				domain_pol, 
+				user_pol;
+	NTSTATUS		result = NT_STATUS_UNSUCCESSFUL;
+	uint32 			num_groups, 
+				user_rid;
+	DOM_GID 		*user_gids;
+	int 			i;
+	fstring			server;
+	
+	if (argc != 2) {
+		printf("Usage: %s rid\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	sscanf(argv[1], "%i", &user_rid);
+
+	slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
+	strupper (server);
+		
+	result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
+				  &connect_pol);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+				      MAXIMUM_ALLOWED_ACCESS,
+				      &domain_sid, &domain_pol);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	result = cli_samr_open_user(cli, mem_ctx, &domain_pol,
+				    MAXIMUM_ALLOWED_ACCESS,
+				    user_rid, &user_pol);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	result = cli_samr_query_usergroups(cli, mem_ctx, &user_pol,
+					   &num_groups, &user_gids);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	for (i = 0; i < num_groups; i++) {
+		printf("\tgroup rid:[0x%x] attr:[0x%x]\n", 
+		       user_gids[i].g_rid, user_gids[i].attr);
+	}
+
+ done:
+	return result;
+}
+
+/* Query aliases a user is a member of */
+
+static NTSTATUS cmd_samr_query_useraliases(struct cli_state *cli, 
+                                          TALLOC_CTX *mem_ctx,
+                                          int argc, char **argv) 
+{
+	POLICY_HND 		connect_pol, domain_pol;
+	NTSTATUS		result = NT_STATUS_UNSUCCESSFUL;
+	uint32 			user_rid, num_aliases, *alias_rids;
+	int 			i;
+	fstring			server;
+	DOM_SID			tmp_sid;
+	DOM_SID2		sid;
+	DOM_SID global_sid_Builtin;
+
+	string_to_sid(&global_sid_Builtin, "S-1-5-32");
+
+	if (argc != 3) {
+		printf("Usage: %s builtin|domain rid\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	sscanf(argv[2], "%i", &user_rid);
+
+	slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
+	strupper (server);
+		
+	result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
+				  &connect_pol);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	if (StrCaseCmp(argv[1], "domain")==0)
+		result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+					      MAXIMUM_ALLOWED_ACCESS,
+					      &domain_sid, &domain_pol);
+	else if (StrCaseCmp(argv[1], "builtin")==0)
+		result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+					      MAXIMUM_ALLOWED_ACCESS,
+					      &global_sid_Builtin, &domain_pol);
+	else
+		return NT_STATUS_OK;
+
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	sid_copy(&tmp_sid, &domain_sid);
+	sid_append_rid(&tmp_sid, user_rid);
+	init_dom_sid2(&sid, &tmp_sid);
+
+	result = cli_samr_query_useraliases(cli, mem_ctx, &domain_pol, 1, &sid, &num_aliases, &alias_rids);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	for (i = 0; i < num_aliases; i++) {
+		printf("\tgroup rid:[0x%x]\n", alias_rids[i]);
+	}
+
+ done:
+	return result;
+}
+
+/* Query members of a group */
+
+static NTSTATUS cmd_samr_query_groupmem(struct cli_state *cli, 
+                                        TALLOC_CTX *mem_ctx,
+                                        int argc, char **argv) 
+{
+	POLICY_HND connect_pol, domain_pol, group_pol;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	uint32 num_members, *group_rids, *group_attrs, group_rid;
+	int i;
+	fstring			server;
+	
+	if (argc != 2) {
+		printf("Usage: %s rid\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	sscanf(argv[1], "%i", &group_rid);
+
+	slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
+	strupper (server);
+
+	result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
+				  &connect_pol);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+				      MAXIMUM_ALLOWED_ACCESS,
+				      &domain_sid, &domain_pol);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	result = cli_samr_open_group(cli, mem_ctx, &domain_pol,
+				     MAXIMUM_ALLOWED_ACCESS,
+				     group_rid, &group_pol);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	result = cli_samr_query_groupmem(cli, mem_ctx, &group_pol,
+					 &num_members, &group_rids,
+					 &group_attrs);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	for (i = 0; i < num_members; i++) {
+		printf("\trid:[0x%x] attr:[0x%x]\n", group_rids[i],
+		       group_attrs[i]);
+	}
+
+ done:
+	return result;
+}
+
+/* Enumerate domain groups */
+
+static NTSTATUS cmd_samr_enum_dom_groups(struct cli_state *cli, 
+                                         TALLOC_CTX *mem_ctx,
+                                         int argc, char **argv) 
+{
+	POLICY_HND connect_pol, domain_pol;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	uint32 start_idx, size, num_dom_groups, i;
+	struct acct_info *dom_groups;
+
+	if (argc != 1) {
+		printf("Usage: %s\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	/* Get sam policy handle */
+
+	result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
+				  &connect_pol);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	/* Get domain policy handle */
+	result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+				      MAXIMUM_ALLOWED_ACCESS,
+				      &domain_sid, &domain_pol);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	/* Enumerate domain groups */
+
+	start_idx = 0;
+	size = 0xffff;
+
+	result = cli_samr_enum_dom_groups(cli, mem_ctx, &domain_pol,
+					  &start_idx, size,
+					  &dom_groups, &num_dom_groups);
+
+	for (i = 0; i < num_dom_groups; i++)
+		printf("group:[%s] rid:[0x%x]\n", dom_groups[i].acct_name,
+		       dom_groups[i].rid);
+
+ done:
+	return result;
+}
+
+/* Enumerate domain groups */
+
+static NTSTATUS cmd_samr_enum_als_groups(struct cli_state *cli, 
+                                         TALLOC_CTX *mem_ctx,
+                                         int argc, char **argv) 
+{
+	POLICY_HND connect_pol, domain_pol;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	uint32 start_idx, size, num_dom_groups, i;
+	struct acct_info *dom_groups;
+	DOM_SID global_sid_Builtin;
+
+	string_to_sid(&global_sid_Builtin, "S-1-5-32");
+
+	if (argc != 2) {
+		printf("Usage: %s builtin|domain\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	/* Get sam policy handle */
+
+	result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
+				  &connect_pol);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	/* Get domain policy handle */
+
+	if (StrCaseCmp(argv[1], "domain")==0)
+		result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+					      MAXIMUM_ALLOWED_ACCESS,
+					      &domain_sid, &domain_pol);
+	else if (StrCaseCmp(argv[1], "builtin")==0)
+		result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+					      MAXIMUM_ALLOWED_ACCESS,
+					      &global_sid_Builtin, &domain_pol);
+	else
+		return NT_STATUS_OK;
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	/* Enumerate domain groups */
+
+	start_idx = 0;
+	size = 0xffff;
+
+	result = cli_samr_enum_als_groups(cli, mem_ctx, &domain_pol,
+					  &start_idx, size,
+					  &dom_groups, &num_dom_groups);
+
+	for (i = 0; i < num_dom_groups; i++)
+		printf("group:[%s] rid:[0x%x]\n", dom_groups[i].acct_name,
+		       dom_groups[i].rid);
+
+ done:
+	return result;
+}
+
+/* Query alias membership */
+
+static NTSTATUS cmd_samr_query_aliasmem(struct cli_state *cli, 
+                                        TALLOC_CTX *mem_ctx,
+                                        int argc, char **argv) 
+{
+	POLICY_HND connect_pol, domain_pol, alias_pol;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	uint32 alias_rid, num_members, i;
+	DOM_SID *alias_sids;
+
+	if (argc != 2) {
+		printf("Usage: %s rid\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	sscanf(argv[1], "%i", &alias_rid);
+
+	/* Open SAMR handle */
+
+	result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
+				  &connect_pol);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	/* Open handle on domain */
+
+	result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+				      MAXIMUM_ALLOWED_ACCESS,
+				      &domain_sid, &domain_pol);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	/* Open handle on alias */
+
+	result = cli_samr_open_alias(cli, mem_ctx, &domain_pol,
+				     MAXIMUM_ALLOWED_ACCESS,
+				     alias_rid, &alias_pol);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	result = cli_samr_query_aliasmem(cli, mem_ctx, &alias_pol,
+					 &num_members, &alias_sids);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	for (i = 0; i < num_members; i++) {
+		fstring sid_str;
+
+		sid_to_string(sid_str, &alias_sids[i]);
+		printf("\tsid:[%s]\n", sid_str);
+	}
+
+ done:
+	return result;
+}
+
+/* Query display info */
+
+static NTSTATUS cmd_samr_query_dispinfo(struct cli_state *cli, 
+                                        TALLOC_CTX *mem_ctx,
+                                        int argc, char **argv) 
+{
+	POLICY_HND connect_pol, domain_pol;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	uint32 start_idx=0, max_entries=250, num_entries, i;
+	int info_level = 1;
+	SAM_DISPINFO_CTR ctr;
+	SAM_DISPINFO_1 info1;
+	SAM_DISPINFO_2 info2;
+	SAM_DISPINFO_3 info3;
+	SAM_DISPINFO_4 info4;
+	SAM_DISPINFO_5 info5;
+
+	if (argc > 4) {
+		printf("Usage: %s [info level] [start index] [max entries]\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	if (argc >= 2)
+                sscanf(argv[1], "%i", &info_level);
+        
+	if (argc >= 3)
+                sscanf(argv[2], "%i", &start_idx);
+        
+	if (argc >= 4)
+                sscanf(argv[3], "%i", &max_entries);
+
+	/* Get sam policy handle */
+
+	result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, &connect_pol);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	/* Get domain policy handle */
+
+	result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+				      MAXIMUM_ALLOWED_ACCESS, 
+				      &domain_sid, &domain_pol);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	/* Query display info */
+
+	ZERO_STRUCT(ctr);
+	ZERO_STRUCT(info1);
+	
+	switch (info_level) {
+	case 1:
+		ZERO_STRUCT(info1);
+		ctr.sam.info1 = &info1;
+		break;
+	case 2:
+		ZERO_STRUCT(info2);
+		ctr.sam.info2 = &info2;
+		break;
+	case 3:
+		ZERO_STRUCT(info3);
+		ctr.sam.info3 = &info3;
+		break;
+	case 4:
+		ZERO_STRUCT(info4);
+		ctr.sam.info4 = &info4;
+		break;
+	case 5:
+		ZERO_STRUCT(info5);
+		ctr.sam.info5 = &info5;
+		break;
+	}
+
+
+	do {	
+		result = cli_samr_query_dispinfo(cli, mem_ctx, &domain_pol,
+						 &start_idx, info_level,
+						 &num_entries, max_entries, &ctr);
+
+		for (i = 0; i < num_entries; i++) {
+			switch (info_level) {
+			case 1:
+				display_sam_info_1(&ctr.sam.info1->sam[i], &ctr.sam.info1->str[i]);
+				break;
+			case 2:
+				display_sam_info_2(&ctr.sam.info2->sam[i], &ctr.sam.info2->str[i]);
+				break;
+			case 3:
+				display_sam_info_3(&ctr.sam.info3->sam[i], &ctr.sam.info3->str[i]);
+				break;
+			case 4:
+				display_sam_info_4(&ctr.sam.info4->sam[i], &ctr.sam.info4->str[i]);
+				break;
+			case 5:
+				display_sam_info_5(&ctr.sam.info5->sam[i], &ctr.sam.info5->str[i]);
+				break;
+			}
+		}
+	} while (!NT_STATUS_IS_OK(result));
+ done:
+	return result;
+}
+
+/* Query domain info */
+
+static NTSTATUS cmd_samr_query_dominfo(struct cli_state *cli, 
+                                       TALLOC_CTX *mem_ctx,
+                                       int argc, char **argv) 
+{
+	POLICY_HND connect_pol, domain_pol;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	int switch_value = 2;
+	SAM_UNK_CTR ctr;
+
+	if (argc > 2) {
+		printf("Usage: %s [infolevel]\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	if (argc == 2)
+                sscanf(argv[1], "%i", &switch_value);
+
+	/* Get sam policy handle */
+
+	result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
+				  &connect_pol);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	/* Get domain policy handle */
+
+	result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+				      MAXIMUM_ALLOWED_ACCESS,
+				      &domain_sid, &domain_pol);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	/* Query domain info */
+
+	result = cli_samr_query_dom_info(cli, mem_ctx, &domain_pol,
+					 switch_value, &ctr);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	/* Display domain info */
+
+	switch (switch_value) {
+	case 1:
+		display_sam_unk_info_1(&ctr.info.inf1);
+		break;
+	case 2:
+		display_sam_unk_info_2(&ctr.info.inf2);
+		break;
+	default:
+		printf("cannot display domain info for switch value %d\n",
+		       switch_value);
+		break;
+	}
+
+ done:
+ 
+ 	cli_samr_close(cli, mem_ctx, &domain_pol);
+ 	cli_samr_close(cli, mem_ctx, &connect_pol);
+	return result;
+}
+
+/* Create domain user */
+
+static NTSTATUS cmd_samr_create_dom_user(struct cli_state *cli, 
+                                         TALLOC_CTX *mem_ctx,
+                                         int argc, char **argv) 
+{
+	POLICY_HND connect_pol, domain_pol, user_pol;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	char *acct_name;
+	uint16 acb_info;
+	uint32 unknown, user_rid;
+
+	if (argc != 2) {
+		printf("Usage: %s username\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	acct_name = argv[1];
+
+	/* Get sam policy handle */
+
+	result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
+				  &connect_pol);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	/* Get domain policy handle */
+
+	result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+				      MAXIMUM_ALLOWED_ACCESS,
+				      &domain_sid, &domain_pol);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	/* Create domain user */
+
+	acb_info = ACB_NORMAL;
+	unknown = 0xe005000b; /* No idea what this is - a permission mask? */
+
+	result = cli_samr_create_dom_user(cli, mem_ctx, &domain_pol,
+					  acct_name, acb_info, unknown,
+					  &user_pol, &user_rid);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+ done:
+	return result;
+}
+
+/* Lookup sam names */
+
+static NTSTATUS cmd_samr_lookup_names(struct cli_state *cli, 
+                                      TALLOC_CTX *mem_ctx,
+                                      int argc, char **argv) 
+{
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	POLICY_HND connect_pol, domain_pol;
+	uint32 flags = 0x000003e8; /* Unknown */
+	uint32 num_rids, num_names, *name_types, *rids;
+	char **names;
+	int i;
+	DOM_SID global_sid_Builtin;
+
+	string_to_sid(&global_sid_Builtin, "S-1-5-32");
+
+	if (argc < 3) {
+		printf("Usage: %s  domain|builtin name1 [name2 [name3] [...]]\n", argv[0]);
+		printf("check on the domain SID: S-1-5-21-x-y-z\n");
+		printf("or check on the builtin SID: S-1-5-32\n");
+		return NT_STATUS_OK;
+	}
+
+	/* Get sam policy and domain handles */
+
+	result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
+				  &connect_pol);
+
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	if (StrCaseCmp(argv[1], "domain")==0)
+		result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+					      MAXIMUM_ALLOWED_ACCESS,
+					      &domain_sid, &domain_pol);
+	else if (StrCaseCmp(argv[1], "builtin")==0)
+		result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+					      MAXIMUM_ALLOWED_ACCESS,
+					      &global_sid_Builtin, &domain_pol);
+	else
+		return NT_STATUS_OK;
+
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	/* Look up names */
+
+	num_names = argc - 2;
+	names = (char **)talloc(mem_ctx, sizeof(char *) * num_names);
+
+	for (i = 0; i < argc - 2; i++)
+		names[i] = argv[i + 2];
+
+	result = cli_samr_lookup_names(cli, mem_ctx, &domain_pol,
+				       flags, num_names, names,
+				       &num_rids, &rids, &name_types);
+
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	/* Display results */
+
+	for (i = 0; i < num_names; i++)
+		printf("name %s: 0x%x (%d)\n", names[i], rids[i], 
+		       name_types[i]);
+
+ done:
+	return result;
+}
+
+/* Lookup sam rids */
+
+static NTSTATUS cmd_samr_lookup_rids(struct cli_state *cli, 
+                                     TALLOC_CTX *mem_ctx,
+                                     int argc, char **argv) 
+{
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	POLICY_HND connect_pol, domain_pol;
+	uint32 flags = 0x000003e8; /* Unknown */
+	uint32 num_rids, num_names, *rids, *name_types;
+	char **names;
+	int i;
+
+	if (argc < 2) {
+		printf("Usage: %s rid1 [rid2 [rid3] [...]]\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	/* Get sam policy and domain handles */
+
+	result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
+				  &connect_pol);
+
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+				      MAXIMUM_ALLOWED_ACCESS,
+				      &domain_sid, &domain_pol);
+
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	/* Look up rids */
+
+	num_rids = argc - 1;
+	rids = (uint32 *)talloc(mem_ctx, sizeof(uint32) * num_rids);
+
+	for (i = 0; i < argc - 1; i++)
+                sscanf(argv[i + 1], "%i", &rids[i]);
+
+	result = cli_samr_lookup_rids(cli, mem_ctx, &domain_pol,
+				      flags, num_rids, rids,
+				      &num_names, &names, &name_types);
+
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	/* Display results */
+
+	for (i = 0; i < num_names; i++)
+		printf("rid 0x%x: %s (%d)\n", rids[i], names[i], name_types[i]);
+
+ done:
+	return result;
+}
+
+/* Delete domain user */
+
+static NTSTATUS cmd_samr_delete_dom_user(struct cli_state *cli, 
+                                         TALLOC_CTX *mem_ctx,
+                                         int argc, char **argv) 
+{
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	POLICY_HND connect_pol, domain_pol, user_pol;
+
+	if (argc != 2) {
+		printf("Usage: %s username\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	/* Get sam policy and domain handles */
+
+	result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
+				  &connect_pol);
+
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+				      MAXIMUM_ALLOWED_ACCESS,
+				      &domain_sid, &domain_pol);
+
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	/* Get handle on user */
+
+	{
+		uint32 *user_rids, num_rids, *name_types;
+		uint32 flags = 0x000003e8; /* Unknown */
+
+		result = cli_samr_lookup_names(cli, mem_ctx, &domain_pol,
+					       flags, 1, &argv[1],
+					       &num_rids, &user_rids,
+					       &name_types);
+
+		if (!NT_STATUS_IS_OK(result)) {
+			goto done;
+		}
+
+		result = cli_samr_open_user(cli, mem_ctx, &domain_pol,
+					    MAXIMUM_ALLOWED_ACCESS,
+					    user_rids[0], &user_pol);
+
+		if (!NT_STATUS_IS_OK(result)) {
+			goto done;
+		}
+	}
+
+	/* Delete user */
+
+	result = cli_samr_delete_dom_user(cli, mem_ctx, &user_pol);
+
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	/* Display results */
+
+ done:
+	return result;
+}
+
+/**********************************************************************
+ * Query user security object 
+ */
+static NTSTATUS cmd_samr_query_sec_obj(struct cli_state *cli, 
+                                    TALLOC_CTX *mem_ctx,
+                                    int argc, char **argv) 
+{
+	POLICY_HND connect_pol, domain_pol, user_pol, *pol;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	uint32 info_level = 4;
+	fstring server;
+	uint32 user_rid = 0;
+	TALLOC_CTX *ctx = NULL;
+	SEC_DESC_BUF *sec_desc_buf=NULL;
+	BOOL domain = False;
+
+	ctx=talloc_init();
+	
+	if (argc > 2) {
+		printf("Usage: %s [rid|-d]\n", argv[0]);
+		printf("\tSpecify rid for security on user, -d for security on domain\n");
+		return NT_STATUS_OK;
+	}
+	
+	if (argc == 2) {
+		if (strcmp(argv[1], "-d") == 0)
+			domain = True;
+		else
+			sscanf(argv[1], "%i", &user_rid);
+	}
+
+	slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
+	strupper (server);
+	result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
+				  &connect_pol);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	if (domain || user_rid)
+		result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+					      MAXIMUM_ALLOWED_ACCESS,
+					      &domain_sid, &domain_pol);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	if (user_rid)
+		result = cli_samr_open_user(cli, mem_ctx, &domain_pol,
+					    MAXIMUM_ALLOWED_ACCESS,
+					    user_rid, &user_pol);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	/* Pick which query pol to use */
+
+	pol = &connect_pol;
+
+	if (domain)
+		pol = &domain_pol;
+
+	if (user_rid)
+		pol = &user_pol;
+
+	/* Query SAM security object */
+
+	result = cli_samr_query_sec_obj(cli, mem_ctx, pol, info_level, ctx, 
+					&sec_desc_buf);
+
+	if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	display_sec_desc(sec_desc_buf->sec);
+	
+done:
+	talloc_destroy(ctx);
+	return result;
+}
+
+/* List of commands exported by this module */
+
+struct cmd_set samr_commands[] = {
+
+	{ "SAMR" },
+
+	{ "queryuser", 		cmd_samr_query_user, 		PIPE_SAMR,	"Query user info",         "" },
+	{ "querygroup", 	cmd_samr_query_group, 		PIPE_SAMR,	"Query group info",        "" },
+	{ "queryusergroups", 	cmd_samr_query_usergroups, 	PIPE_SAMR,	"Query user groups",       "" },
+	{ "queryuseraliases", 	cmd_samr_query_useraliases, 	PIPE_SAMR,	"Query user aliases",      "" },
+	{ "querygroupmem", 	cmd_samr_query_groupmem, 	PIPE_SAMR,	"Query group membership",  "" },
+	{ "queryaliasmem", 	cmd_samr_query_aliasmem, 	PIPE_SAMR,	"Query alias membership",  "" },
+	{ "querydispinfo", 	cmd_samr_query_dispinfo, 	PIPE_SAMR,	"Query display info",      "" },
+	{ "querydominfo", 	cmd_samr_query_dominfo, 	PIPE_SAMR,	"Query domain info",       "" },
+	{ "enumdomgroups",      cmd_samr_enum_dom_groups,       PIPE_SAMR,	"Enumerate domain groups", "" },
+	{ "enumalsgroups",      cmd_samr_enum_als_groups,       PIPE_SAMR,	"Enumerate alias groups",  "" },
+
+	{ "createdomuser",      cmd_samr_create_dom_user,       PIPE_SAMR,	"Create domain user",      "" },
+	{ "samlookupnames",     cmd_samr_lookup_names,          PIPE_SAMR,	"Look up names",           "" },
+	{ "samlookuprids",      cmd_samr_lookup_rids,           PIPE_SAMR,	"Look up names",           "" },
+	{ "deletedomuser",      cmd_samr_delete_dom_user,       PIPE_SAMR,	"Delete domain user",      "" },
+	{ "samquerysecobj",     cmd_samr_query_sec_obj,         PIPE_SAMR, "Query SAMR security object",   "" },
+
+	{ NULL }
+};
diff --git a/source3/rpcclient/cmd_spoolss.c b/source3/rpcclient/cmd_spoolss.c
new file mode 100644
index 0000000000..64a84e25df
--- /dev/null
+++ b/source3/rpcclient/cmd_spoolss.c
@@ -0,0 +1,1710 @@
+/*
+   Unix SMB/CIFS implementation.
+   RPC pipe client
+
+   Copyright (C) Gerald Carter                     2001
+   Copyright (C) Tim Potter                        2000
+   Copyright (C) Andrew Tridgell              1992-1999
+   Copyright (C) Luke Kenneth Casson Leighton 1996-1999
+ 
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "rpcclient.h"
+
+struct table_node {
+	char 	*long_archi;
+	char 	*short_archi;
+	int	version;
+};
+ 
+struct table_node archi_table[]= {
+
+	{"Windows 4.0",          "WIN40",	0 },
+	{"Windows NT x86",       "W32X86",	2 },
+	{"Windows NT R4000",     "W32MIPS",	2 },
+	{"Windows NT Alpha_AXP", "W32ALPHA",	2 },
+	{"Windows NT PowerPC",   "W32PPC",	2 },
+	{NULL,                   "",		-1 }
+};
+
+/****************************************************************************
+function to do the mapping between the long architecture name and
+the short one.
+****************************************************************************/
+BOOL get_short_archi(char *short_archi, char *long_archi)
+{
+        int i=-1;
+
+        DEBUG(107,("Getting architecture dependant directory\n"));
+        do {
+                i++;
+        } while ( (archi_table[i].long_archi!=NULL ) &&
+                  StrCaseCmp(long_archi, archi_table[i].long_archi) );
+
+        if (archi_table[i].long_archi==NULL) {
+                DEBUGADD(10,("Unknown architecture [%s] !\n", long_archi));
+                return False;
+        }
+
+        StrnCpy (short_archi, archi_table[i].short_archi, strlen(archi_table[i].short_archi));
+
+        DEBUGADD(108,("index: [%d]\n", i));
+        DEBUGADD(108,("long architecture: [%s]\n", long_archi));
+        DEBUGADD(108,("short architecture: [%s]\n", short_archi));
+
+        return True;
+}
+
+
+/**********************************************************************
+ * dummy function  -- placeholder
+  */
+static NTSTATUS cmd_spoolss_not_implemented(struct cli_state *cli, 
+                                            TALLOC_CTX *mem_ctx,
+                                            int argc, char **argv)
+{
+	printf ("(*) This command is not currently implemented.\n");
+	return NT_STATUS_OK;
+}
+
+/***********************************************************************
+ * Get printer information
+ */
+static NTSTATUS cmd_spoolss_open_printer_ex(struct cli_state *cli, 
+                                            TALLOC_CTX *mem_ctx,
+                                            int argc, char **argv)
+{
+	WERROR 	        werror;
+	pstring		printername;
+	fstring		servername, user;
+	POLICY_HND	hnd;
+	
+	if (argc != 2) {
+		printf("Usage: %s <printername>\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+	
+	if (!cli)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	slprintf (servername, sizeof(fstring)-1, "\\\\%s", cli->desthost);
+	strupper (servername);
+	fstrcpy  (user, cli->user_name);
+	fstrcpy  (printername, argv[1]);
+
+	/* Open the printer handle */
+
+	werror = cli_spoolss_open_printer_ex(cli, mem_ctx, printername, 
+					     "", MAXIMUM_ALLOWED_ACCESS, 
+					     servername, user, &hnd);
+
+	if (W_ERROR_IS_OK(werror)) {
+		printf("Printer %s opened successfully\n", printername);
+		werror = cli_spoolss_close_printer(cli, mem_ctx, &hnd);
+
+		if (!W_ERROR_IS_OK(werror)) {
+			printf("Error closing printer handle! (%s)\n", 
+				get_dos_error_msg(werror));
+		}
+	}
+
+	return W_ERROR_IS_OK(werror) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+
+/****************************************************************************
+printer info level 0 display function
+****************************************************************************/
+static void display_print_info_0(PRINTER_INFO_0 *i0)
+{
+	fstring name = "";
+	fstring servername = "";
+
+	if (!i0)
+		return;
+
+	if (i0->printername.buffer)
+		rpcstr_pull(name, i0->printername.buffer, sizeof(name), 0, STR_TERMINATE);
+
+	if (i0->servername.buffer)
+		rpcstr_pull(servername, i0->servername.buffer, sizeof(servername), 0,STR_TERMINATE);
+  
+	printf("\tprintername:[%s]\n", name);
+	printf("\tservername:[%s]\n", servername);
+	printf("\tcjobs:[0x%x]\n", i0->cjobs);
+	printf("\ttotal_jobs:[0x%x]\n", i0->total_jobs);
+	
+	printf("\t:date: [%d]-[%d]-[%d] (%d)\n", i0->year, i0->month, 
+	       i0->day, i0->dayofweek);
+	printf("\t:time: [%d]-[%d]-[%d]-[%d]\n", i0->hour, i0->minute, 
+	       i0->second, i0->milliseconds);
+	
+	printf("\tglobal_counter:[0x%x]\n", i0->global_counter);
+	printf("\ttotal_pages:[0x%x]\n", i0->total_pages);
+	
+	printf("\tmajorversion:[0x%x]\n", i0->major_version);
+	printf("\tbuildversion:[0x%x]\n", i0->build_version);
+	
+	printf("\tunknown7:[0x%x]\n", i0->unknown7);
+	printf("\tunknown8:[0x%x]\n", i0->unknown8);
+	printf("\tunknown9:[0x%x]\n", i0->unknown9);
+	printf("\tsession_counter:[0x%x]\n", i0->session_counter);
+	printf("\tunknown11:[0x%x]\n", i0->unknown11);
+	printf("\tprinter_errors:[0x%x]\n", i0->printer_errors);
+	printf("\tunknown13:[0x%x]\n", i0->unknown13);
+	printf("\tunknown14:[0x%x]\n", i0->unknown14);
+	printf("\tunknown15:[0x%x]\n", i0->unknown15);
+	printf("\tunknown16:[0x%x]\n", i0->unknown16);
+	printf("\tchange_id:[0x%x]\n", i0->change_id);
+	printf("\tunknown18:[0x%x]\n", i0->unknown18);
+	printf("\tstatus:[0x%x]\n", i0->status);
+	printf("\tunknown20:[0x%x]\n", i0->unknown20);
+	printf("\tc_setprinter:[0x%x]\n", i0->c_setprinter);
+	printf("\tunknown22:[0x%x]\n", i0->unknown22);
+	printf("\tunknown23:[0x%x]\n", i0->unknown23);
+	printf("\tunknown24:[0x%x]\n", i0->unknown24);
+	printf("\tunknown25:[0x%x]\n", i0->unknown25);
+	printf("\tunknown26:[0x%x]\n", i0->unknown26);
+	printf("\tunknown27:[0x%x]\n", i0->unknown27);
+	printf("\tunknown28:[0x%x]\n", i0->unknown28);
+	printf("\tunknown29:[0x%x]\n", i0->unknown29);
+
+	printf("\n");
+}
+
+/****************************************************************************
+printer info level 1 display function
+****************************************************************************/
+static void display_print_info_1(PRINTER_INFO_1 *i1)
+{
+	fstring desc = "";
+	fstring name = "";
+	fstring comm = "";
+
+	if (i1->description.buffer)
+		rpcstr_pull(desc, i1->description.buffer, sizeof(desc), 0, 
+			    STR_TERMINATE);
+
+	if (i1->name.buffer)
+		rpcstr_pull(name, i1->name.buffer, sizeof(name), 0, 
+			    STR_TERMINATE);
+
+	if (i1->comment.buffer)
+		rpcstr_pull(comm, i1->comment.buffer, sizeof(comm), 0, 
+			    STR_TERMINATE);
+
+	printf("\tflags:[0x%x]\n", i1->flags);
+	printf("\tname:[%s]\n", name);
+	printf("\tdescription:[%s]\n", desc);
+	printf("\tcomment:[%s]\n", comm);
+
+	printf("\n");
+}
+
+/****************************************************************************
+printer info level 2 display function
+****************************************************************************/
+static void display_print_info_2(PRINTER_INFO_2 *i2)
+{
+	fstring servername = "";
+	fstring printername = "";
+	fstring sharename = "";
+	fstring portname = "";
+	fstring drivername = "";
+	fstring comment = "";
+	fstring location = "";
+	fstring sepfile = "";
+	fstring printprocessor = "";
+	fstring datatype = "";
+	fstring parameters = "";
+	
+	if (i2->servername.buffer)
+		rpcstr_pull(servername, i2->servername.buffer,sizeof(servername), 0, STR_TERMINATE);
+
+	if (i2->printername.buffer)
+		rpcstr_pull(printername, i2->printername.buffer,sizeof(printername), 0, STR_TERMINATE);
+
+	if (i2->sharename.buffer)
+		rpcstr_pull(sharename, i2->sharename.buffer,sizeof(sharename), 0, STR_TERMINATE);
+
+	if (i2->portname.buffer)
+		rpcstr_pull(portname, i2->portname.buffer,sizeof(portname), 0, STR_TERMINATE);
+
+	if (i2->drivername.buffer)
+		rpcstr_pull(drivername, i2->drivername.buffer,sizeof(drivername), 0, STR_TERMINATE);
+
+	if (i2->comment.buffer)
+		rpcstr_pull(comment, i2->comment.buffer,sizeof(comment), 0, STR_TERMINATE);
+
+	if (i2->location.buffer)
+		rpcstr_pull(location, i2->location.buffer,sizeof(location), 0, STR_TERMINATE);
+
+	if (i2->sepfile.buffer)
+		rpcstr_pull(sepfile, i2->sepfile.buffer,sizeof(sepfile), 0, STR_TERMINATE);
+
+	if (i2->printprocessor.buffer) 
+		rpcstr_pull(printprocessor, i2->printprocessor.buffer,sizeof(printprocessor), 0, STR_TERMINATE);
+
+	if (i2->datatype.buffer)
+		rpcstr_pull(datatype, i2->datatype.buffer,sizeof(datatype), 0, STR_TERMINATE);
+
+	if (i2->parameters.buffer)
+		rpcstr_pull(parameters, i2->parameters.buffer,sizeof(parameters), 0, STR_TERMINATE);
+
+	printf("\tservername:[%s]\n", servername);
+	printf("\tprintername:[%s]\n", printername);
+	printf("\tsharename:[%s]\n", sharename);
+	printf("\tportname:[%s]\n", portname);
+	printf("\tdrivername:[%s]\n", drivername);
+	printf("\tcomment:[%s]\n", comment);
+	printf("\tlocation:[%s]\n", location);
+	printf("\tsepfile:[%s]\n", sepfile);
+	printf("\tprintprocessor:[%s]\n", printprocessor);
+	printf("\tdatatype:[%s]\n", datatype);
+	printf("\tparameters:[%s]\n", parameters);
+	printf("\tattributes:[0x%x]\n", i2->attributes);
+	printf("\tpriority:[0x%x]\n", i2->priority);
+	printf("\tdefaultpriority:[0x%x]\n", i2->defaultpriority);
+	printf("\tstarttime:[0x%x]\n", i2->starttime);
+	printf("\tuntiltime:[0x%x]\n", i2->untiltime);
+	printf("\tstatus:[0x%x]\n", i2->status);
+	printf("\tcjobs:[0x%x]\n", i2->cjobs);
+	printf("\taverageppm:[0x%x]\n", i2->averageppm);
+
+	if (i2->secdesc) 
+		display_sec_desc(i2->secdesc);
+
+	printf("\n");
+}
+
+/****************************************************************************
+printer info level 3 display function
+****************************************************************************/
+static void display_print_info_3(PRINTER_INFO_3 *i3)
+{
+	printf("\tflags:[0x%x]\n", i3->flags);
+
+	display_sec_desc(i3->secdesc);
+
+	printf("\n");
+}
+
+/* Enumerate printers */
+
+static NTSTATUS cmd_spoolss_enum_printers(struct cli_state *cli, 
+                                          TALLOC_CTX *mem_ctx,
+                                          int argc, char **argv)
+{
+	WERROR                  result;
+	uint32			info_level = 1;
+	PRINTER_INFO_CTR	ctr;
+	uint32			i = 0, num_printers, needed;
+
+	if (argc > 2) 
+	{
+		printf("Usage: %s [level]\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	if (argc == 2) {
+		info_level = atoi(argv[1]);
+	}
+
+	/* Enumerate printers  -- Should we enumerate types other 
+	   than PRINTER_ENUM_LOCAL?  Maybe accept as a parameter?  --jerry */
+
+	ZERO_STRUCT(ctr);
+
+	result = cli_spoolss_enum_printers(
+		cli, mem_ctx, 0, &needed, PRINTER_ENUM_LOCAL, 
+		info_level, &num_printers, &ctr);
+
+	if (W_ERROR_V(result) == ERRinsufficientbuffer)
+		result = cli_spoolss_enum_printers(
+			cli, mem_ctx, needed, NULL, PRINTER_ENUM_LOCAL, 
+			info_level, &num_printers, &ctr);
+
+	if (W_ERROR_IS_OK(result)) {
+
+		if (!num_printers) {
+			printf ("No printers returned.\n");
+			goto done;
+		}
+	
+		for (i = 0; i < num_printers; i++) {
+			switch(info_level) {
+			case 0:
+				display_print_info_0(&ctr.printers_0[i]);
+				break;
+			case 1:
+				display_print_info_1(&ctr.printers_1[i]);
+				break;
+			case 2:
+				display_print_info_2(&ctr.printers_2[i]);
+				break;
+			case 3:
+				display_print_info_3(&ctr.printers_3[i]);
+				break;
+			default:
+				printf("unknown info level %d\n", info_level);
+				goto done;
+			}
+		}
+	}
+	done:
+
+	return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+/****************************************************************************
+port info level 1 display function
+****************************************************************************/
+static void display_port_info_1(PORT_INFO_1 *i1)
+{
+	fstring buffer;
+	
+	rpcstr_pull(buffer, i1->port_name.buffer, sizeof(buffer), 0, STR_TERMINATE);
+	printf("\tPort Name:\t[%s]\n", buffer);
+}
+
+/****************************************************************************
+port info level 2 display function
+****************************************************************************/
+static void display_port_info_2(PORT_INFO_2 *i2)
+{
+	fstring buffer;
+	
+	rpcstr_pull(buffer, i2->port_name.buffer, sizeof(buffer), 0, STR_TERMINATE);
+	printf("\tPort Name:\t[%s]\n", buffer);
+	rpcstr_pull(buffer, i2->monitor_name.buffer, sizeof(buffer), 0, STR_TERMINATE);
+
+	printf("\tMonitor Name:\t[%s]\n", buffer);
+	rpcstr_pull(buffer, i2->description.buffer, sizeof(buffer), 0, STR_TERMINATE);
+
+	printf("\tDescription:\t[%s]\n", buffer);
+	printf("\tPort Type:\t[%d]\n", i2->port_type);
+	printf("\tReserved:\t[%d]\n", i2->reserved);
+	printf("\n");
+}
+
+/* Enumerate ports */
+
+static NTSTATUS cmd_spoolss_enum_ports(struct cli_state *cli, 
+				       TALLOC_CTX *mem_ctx, int argc, 
+				       char **argv)
+{
+	WERROR         		result;
+	uint32                  needed, info_level = 1;
+	PORT_INFO_CTR 		ctr;
+	int 			returned;
+	
+	if (argc > 2) {
+		printf("Usage: %s [level]\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+	
+	if (argc == 2)
+		info_level = atoi(argv[1]);
+
+	/* Enumerate ports */
+
+	ZERO_STRUCT(ctr);
+
+	result = cli_spoolss_enum_ports(cli, mem_ctx, 0, &needed, info_level, 
+					&returned, &ctr);
+
+	if (W_ERROR_V(result) == ERRinsufficientbuffer)
+		result = cli_spoolss_enum_ports(cli, mem_ctx, needed, NULL,
+						info_level, &returned, &ctr);
+
+	if (W_ERROR_IS_OK(result)) {
+		int i;
+
+		for (i = 0; i < returned; i++) {
+			switch (info_level) {
+			case 1:
+				display_port_info_1(&ctr.port.info_1[i]);
+				break;
+			case 2:
+				display_port_info_2(&ctr.port.info_2[i]);
+				break;
+			default:
+				printf("unknown info level %d\n", info_level);
+				break;
+			}
+		}
+	}
+	
+	return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+/***********************************************************************
+ * Set printer comment - use a level2 set.
+ */
+static NTSTATUS cmd_spoolss_setprinter(struct cli_state *cli,
+                                       TALLOC_CTX *mem_ctx,
+                                       int argc, char **argv)
+{
+	POLICY_HND 	pol;
+	WERROR		result;
+	uint32 		needed;
+	uint32 		info_level = 2;
+	BOOL 		opened_hnd = False;
+	PRINTER_INFO_CTR ctr;
+	fstring 	printername,
+			servername,
+			user,
+			comment;
+
+	if (argc == 1 || argc > 3) {
+		printf("Usage: %s printername comment\n", argv[0]);
+
+		return NT_STATUS_OK;
+	}
+
+	/* Open a printer handle */
+	if (argc == 3) {
+		fstrcpy(comment, argv[2]);
+	}
+
+	slprintf (servername, sizeof(fstring)-1, "\\\\%s", cli->desthost);
+	strupper (servername);
+	fstrcpy (printername, argv[1]);
+	fstrcpy  (user, cli->user_name);
+
+	/* get a printer handle */
+	result = cli_spoolss_open_printer_ex(cli, mem_ctx, printername, "", 
+				MAXIMUM_ALLOWED_ACCESS, servername,
+				user, &pol);
+				
+	if (!W_ERROR_IS_OK(result))
+		goto done;
+
+	opened_hnd = True;
+
+	/* Get printer info */
+        result = cli_spoolss_getprinter(cli, mem_ctx, 0, &needed, &pol, info_level, &ctr);
+
+        if (W_ERROR_V(result) == ERRinsufficientbuffer)
+                result = cli_spoolss_getprinter(cli, mem_ctx, needed, NULL, &pol, info_level, &ctr);
+
+        if (!W_ERROR_IS_OK(result))
+                goto done;
+
+
+	/* Modify the comment. */
+	init_unistr(&ctr.printers_2->comment, comment);
+	ctr.printers_2->devmode = NULL;
+	ctr.printers_2->secdesc = NULL;
+
+	result = cli_spoolss_setprinter(cli, mem_ctx, &pol, info_level, &ctr, 0);
+	if (W_ERROR_IS_OK(result))
+		printf("Success in setting comment.\n");
+
+ done:
+	if (opened_hnd)
+		cli_spoolss_close_printer(cli, mem_ctx, &pol);
+
+	return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+/***********************************************************************
+ * Get printer information
+ */
+static NTSTATUS cmd_spoolss_getprinter(struct cli_state *cli,
+                                       TALLOC_CTX *mem_ctx,
+                                       int argc, char **argv)
+{
+	POLICY_HND 	pol;
+	WERROR          result;
+	uint32 		info_level = 1;
+	BOOL 		opened_hnd = False;
+	PRINTER_INFO_CTR ctr;
+	fstring 	printername,
+			servername,
+			user;
+	uint32 needed;
+
+	if (argc == 1 || argc > 3) {
+		printf("Usage: %s <printername> [level]\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	/* Open a printer handle */
+	if (argc == 3) {
+		info_level = atoi(argv[2]);
+	}
+
+	slprintf (servername, sizeof(fstring)-1, "\\\\%s", cli->desthost);
+	strupper (servername);
+	slprintf (printername, sizeof(fstring)-1, "%s\\%s", servername, argv[1]);
+	fstrcpy  (user, cli->user_name);
+	
+	/* get a printer handle */
+
+	result = cli_spoolss_open_printer_ex(cli, mem_ctx, printername, 
+					     "", MAXIMUM_ALLOWED_ACCESS, 
+					     servername, user, &pol);
+
+	if (!W_ERROR_IS_OK(result))
+		goto done;
+ 
+	opened_hnd = True;
+
+	/* Get printer info */
+
+	result = cli_spoolss_getprinter(cli, mem_ctx, 0, &needed,
+					&pol, info_level, &ctr);
+
+	if (W_ERROR_V(result) == ERRinsufficientbuffer)
+		result = cli_spoolss_getprinter(
+			cli, mem_ctx, needed, NULL, &pol, info_level, &ctr);
+
+	if (!W_ERROR_IS_OK(result))
+		goto done;
+
+	/* Display printer info */
+
+	switch (info_level) {
+	case 0: 
+		display_print_info_0(ctr.printers_0);
+		break;
+	case 1:
+		display_print_info_1(ctr.printers_1);
+		break;
+	case 2:
+		display_print_info_2(ctr.printers_2);
+		break;
+	case 3:
+		display_print_info_3(ctr.printers_3);
+		break;
+	default:
+		printf("unknown info level %d\n", info_level);
+		break;
+	}
+
+ done: 
+	if (opened_hnd) 
+		cli_spoolss_close_printer(cli, mem_ctx, &pol);
+
+	return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+/****************************************************************************
+printer info level 0 display function
+****************************************************************************/
+static void display_print_driver_1(DRIVER_INFO_1 *i1)
+{
+	fstring name;
+	if (i1 == NULL)
+		return;
+
+	rpcstr_pull(name, i1->name.buffer, sizeof(name), 0, STR_TERMINATE);
+
+	printf ("Printer Driver Info 1:\n");
+	printf ("\tDriver Name: [%s]\n\n", name);
+	
+	return;
+}
+
+/****************************************************************************
+printer info level 1 display function
+****************************************************************************/
+static void display_print_driver_2(DRIVER_INFO_2 *i1)
+{
+	fstring name;
+	fstring architecture;
+	fstring driverpath;
+	fstring datafile;
+	fstring configfile;
+	if (i1 == NULL)
+		return;
+
+	rpcstr_pull(name, i1->name.buffer, sizeof(name), 0, STR_TERMINATE);
+	rpcstr_pull(architecture, i1->architecture.buffer, sizeof(architecture), 0, STR_TERMINATE);
+	rpcstr_pull(driverpath, i1->driverpath.buffer, sizeof(driverpath), 0, STR_TERMINATE);
+	rpcstr_pull(datafile, i1->datafile.buffer, sizeof(datafile), 0, STR_TERMINATE);
+	rpcstr_pull(configfile, i1->configfile.buffer, sizeof(configfile), 0, STR_TERMINATE);
+
+	printf ("Printer Driver Info 2:\n");
+	printf ("\tVersion: [%x]\n", i1->version);
+	printf ("\tDriver Name: [%s]\n", name);
+	printf ("\tArchitecture: [%s]\n", architecture);
+	printf ("\tDriver Path: [%s]\n", driverpath);
+	printf ("\tDatafile: [%s]\n", datafile);
+	printf ("\tConfigfile: [%s]\n\n", configfile);
+
+	return;
+}
+
+/****************************************************************************
+printer info level 2 display function
+****************************************************************************/
+static void display_print_driver_3(DRIVER_INFO_3 *i1)
+{
+	fstring name;
+	fstring architecture;
+	fstring driverpath;
+	fstring datafile;
+	fstring configfile;
+	fstring helpfile;
+	fstring dependentfiles;
+	fstring monitorname;
+	fstring defaultdatatype;
+	
+	int length=0;
+	BOOL valid = True;
+	
+	if (i1 == NULL)
+		return;
+
+	rpcstr_pull(name, i1->name.buffer, sizeof(name), 0, STR_TERMINATE);
+	rpcstr_pull(architecture, i1->architecture.buffer, sizeof(architecture), 0, STR_TERMINATE);
+	rpcstr_pull(driverpath, i1->driverpath.buffer, sizeof(driverpath), 0, STR_TERMINATE);
+	rpcstr_pull(datafile, i1->datafile.buffer, sizeof(datafile), 0, STR_TERMINATE);
+	rpcstr_pull(configfile, i1->configfile.buffer, sizeof(configfile), 0, STR_TERMINATE);
+	rpcstr_pull(helpfile, i1->helpfile.buffer, sizeof(helpfile), 0, STR_TERMINATE);
+	rpcstr_pull(monitorname, i1->monitorname.buffer, sizeof(monitorname), 0, STR_TERMINATE);
+	rpcstr_pull(defaultdatatype, i1->defaultdatatype.buffer, sizeof(defaultdatatype), 0, STR_TERMINATE);
+
+	printf ("Printer Driver Info 3:\n");
+	printf ("\tVersion: [%x]\n", i1->version);
+	printf ("\tDriver Name: [%s]\n",name);
+	printf ("\tArchitecture: [%s]\n", architecture);
+	printf ("\tDriver Path: [%s]\n", driverpath);
+	printf ("\tDatafile: [%s]\n", datafile);
+	printf ("\tConfigfile: [%s]\n", configfile);
+	printf ("\tHelpfile: [%s]\n\n", helpfile);
+
+	while (valid)
+	{
+		rpcstr_pull(dependentfiles, i1->dependentfiles+length, sizeof(dependentfiles), 0, STR_TERMINATE);
+		
+		length+=strlen(dependentfiles)+1;
+		
+		if (strlen(dependentfiles) > 0)
+		{
+			printf ("\tDependentfiles: [%s]\n", dependentfiles);
+		}
+		else
+		{
+			valid = False;
+		}
+	}
+	
+	printf ("\n");
+
+	printf ("\tMonitorname: [%s]\n", monitorname);
+	printf ("\tDefaultdatatype: [%s]\n\n", defaultdatatype);
+
+	return;	
+}
+
+/***********************************************************************
+ * Get printer information
+ */
+static NTSTATUS cmd_spoolss_getdriver(struct cli_state *cli, 
+                                      TALLOC_CTX *mem_ctx,
+                                      int argc, char **argv)
+{
+	POLICY_HND 	pol;
+	WERROR          werror;
+	NTSTATUS	result;
+	uint32		info_level = 3;
+	BOOL 		opened_hnd = False;
+	PRINTER_DRIVER_CTR 	ctr;
+	fstring 	printername, 
+			servername, 
+			user;
+	uint32		i;
+
+	if ((argc == 1) || (argc > 3)) 
+	{
+		printf("Usage: %s <printername> [level]\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	/* get the arguments need to open the printer handle */
+	slprintf (servername, sizeof(fstring)-1, "\\\\%s", cli->desthost);
+	strupper (servername);
+	fstrcpy  (user, cli->user_name);
+	fstrcpy  (printername, argv[1]);
+	if (argc == 3)
+		info_level = atoi(argv[2]);
+
+	/* Open a printer handle */
+
+	werror = cli_spoolss_open_printer_ex(cli, mem_ctx, printername, "", 
+					     PRINTER_ACCESS_USE,
+					     servername, user, &pol);
+
+	result = W_ERROR_IS_OK(werror) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+
+	if (!NT_STATUS_IS_OK(result)) {
+		printf("Error opening printer handle for %s!\n", printername);
+		return result;
+	}
+
+	opened_hnd = True;
+
+	/* loop through and print driver info level for each architecture */
+
+	for (i=0; archi_table[i].long_archi!=NULL; i++) {
+		uint32 needed;
+
+		werror = cli_spoolss_getprinterdriver(
+			cli, mem_ctx, 0, &needed, &pol, info_level, 
+			archi_table[i].long_archi, &ctr);
+
+		if (W_ERROR_V(werror) == ERRinsufficientbuffer)
+			werror = cli_spoolss_getprinterdriver(
+				cli, mem_ctx, needed, NULL, &pol, info_level, 
+				archi_table[i].long_archi, &ctr);
+
+		if (!W_ERROR_IS_OK(werror))
+			continue;
+			
+		printf ("\n[%s]\n", archi_table[i].long_archi);
+
+		switch (info_level) {
+		case 1:
+			display_print_driver_1 (ctr.info1);
+			break;
+		case 2:
+			display_print_driver_2 (ctr.info2);
+			break;
+		case 3:
+			display_print_driver_3 (ctr.info3);
+			break;
+		default:
+			printf("unknown info level %d\n", info_level);
+			break;
+		}
+	}
+	
+	/* Cleanup */
+
+	if (opened_hnd)
+		cli_spoolss_close_printer (cli, mem_ctx, &pol);
+	
+	return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+/***********************************************************************
+ * Get printer information
+ */
+static NTSTATUS cmd_spoolss_enum_drivers(struct cli_state *cli, 
+                                         TALLOC_CTX *mem_ctx,
+                                         int argc, char **argv)
+{
+	WERROR werror;
+	uint32          info_level = 1;
+	PRINTER_DRIVER_CTR 	ctr;
+	uint32		i, j,
+			returned;
+
+	if (argc > 2) 
+	{
+		printf("Usage: enumdrivers [level]\n");
+		return NT_STATUS_OK;
+	}
+
+	if (argc == 2)
+		info_level = atoi(argv[1]);
+
+
+	/* loop through and print driver info level for each architecture */
+	for (i=0; archi_table[i].long_archi!=NULL; i++) 
+	{
+		uint32 needed;
+
+		werror = cli_spoolss_enumprinterdrivers(
+			cli, mem_ctx, 0, &needed, info_level, 
+			archi_table[i].long_archi, &returned, &ctr);
+
+		if (W_ERROR_V(werror) == ERRinsufficientbuffer)
+			werror = cli_spoolss_enumprinterdrivers(
+				cli, mem_ctx, needed, NULL, info_level, 
+				archi_table[i].long_archi, &returned, &ctr);
+
+		if (returned == 0)
+			continue;
+			
+		if (!W_ERROR_IS_OK(werror)) {
+			printf ("Error getting driver for environment [%s] - %d\n",
+				archi_table[i].long_archi, W_ERROR_V(werror));
+			continue;
+		}
+		
+		printf ("\n[%s]\n", archi_table[i].long_archi);
+		switch (info_level) 
+		{
+			
+		case 1:
+			for (j=0; j < returned; j++) {
+				display_print_driver_1 (&(ctr.info1[j]));
+			}
+			break;
+		case 2:
+			for (j=0; j < returned; j++) {
+				display_print_driver_2 (&(ctr.info2[j]));
+			}
+			break;
+		case 3:
+			for (j=0; j < returned; j++) {
+				display_print_driver_3 (&(ctr.info3[j]));
+			}
+			break;
+		default:
+			printf("unknown info level %d\n", info_level);
+			break;
+		}
+	}
+	
+	return W_ERROR_IS_OK(werror) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+/****************************************************************************
+printer info level 1 display function
+****************************************************************************/
+static void display_printdriverdir_1(DRIVER_DIRECTORY_1 *i1)
+{
+        fstring name;
+        if (i1 == NULL)
+                return;
+ 
+	rpcstr_pull(name, i1->name.buffer, sizeof(name), 0, STR_TERMINATE);
+ 
+	printf ("\tDirectory Name:[%s]\n", name);
+}
+
+/***********************************************************************
+ * Get printer driver directory information
+ */
+static NTSTATUS cmd_spoolss_getdriverdir(struct cli_state *cli, 
+                                         TALLOC_CTX *mem_ctx,
+                                         int argc, char **argv)
+{
+	WERROR result;
+	fstring			env;
+	DRIVER_DIRECTORY_CTR	ctr;
+	uint32 needed;
+
+	if (argc > 2) {
+		printf("Usage: %s [environment]\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	/* Get the arguments need to open the printer handle */
+
+	if (argc == 2)
+		fstrcpy (env, argv[1]);
+	else
+		fstrcpy (env, "Windows NT x86");
+
+	/* Get the directory.  Only use Info level 1 */
+
+	result = cli_spoolss_getprinterdriverdir(
+		cli, mem_ctx, 0, &needed, 1, env, &ctr);
+
+	if (W_ERROR_V(result) == ERRinsufficientbuffer)
+		result = cli_spoolss_getprinterdriverdir(
+			cli, mem_ctx, needed, NULL, 1, env, &ctr);
+
+	if (W_ERROR_IS_OK(result))
+		display_printdriverdir_1(ctr.info1);
+
+	return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+/*******************************************************************************
+ set the version and environment fields of a DRIVER_INFO_3 struct
+ ******************************************************************************/
+void set_drv_info_3_env (DRIVER_INFO_3 *info, const char *arch)
+{
+
+	int i;
+	
+	for (i=0; archi_table[i].long_archi != NULL; i++) 
+	{
+		if (strcmp(arch, archi_table[i].short_archi) == 0)
+		{
+			info->version = archi_table[i].version;
+			init_unistr (&info->architecture, archi_table[i].long_archi);
+			break;
+		}
+	}
+	
+	if (archi_table[i].long_archi == NULL)
+	{
+		DEBUG(0, ("set_drv_info_3_env: Unknown arch [%s]\n", arch));
+	}
+	
+	return;
+}
+
+
+/**************************************************************************
+ wrapper for strtok to get the next parameter from a delimited list.
+ Needed to handle the empty parameter string denoted by "NULL"
+ *************************************************************************/
+static char* get_driver_3_param (char* str, char* delim, UNISTR* dest)
+{
+	char	*ptr;
+
+	/* get the next token */
+	ptr = strtok(str, delim);
+
+	/* a string of 'NULL' is used to represent an empty
+	   parameter because two consecutive delimiters
+	   will not return an empty string.  See man strtok(3)
+	   for details */
+	if (StrCaseCmp(ptr, "NULL") == 0)
+		ptr = NULL;
+
+	if (dest != NULL)
+		init_unistr(dest, ptr);	
+
+	return ptr;
+}
+
+/********************************************************************************
+ fill in the members of a DRIVER_INFO_3 struct using a character 
+ string in the form of
+ 	 <Long Printer Name>:<Driver File Name>:<Data File Name>:\
+	     <Config File Name>:<Help File Name>:<Language Monitor Name>:\
+	     <Default Data Type>:<Comma Separated list of Files> 
+ *******************************************************************************/
+static BOOL init_drv_info_3_members (
+	TALLOC_CTX *mem_ctx, 
+	DRIVER_INFO_3 *info, 
+	char *args
+)
+{
+	char	*str, *str2;
+	uint32	len, i;
+	
+	/* fill in the UNISTR fields */
+	str = get_driver_3_param (args, ":", &info->name);
+	str = get_driver_3_param (NULL, ":", &info->driverpath);
+	str = get_driver_3_param (NULL, ":", &info->datafile);
+	str = get_driver_3_param (NULL, ":", &info->configfile);
+	str = get_driver_3_param (NULL, ":", &info->helpfile);
+	str = get_driver_3_param (NULL, ":", &info->monitorname);
+	str = get_driver_3_param (NULL, ":", &info->defaultdatatype);
+
+	/* <Comma Separated List of Dependent Files> */
+	str2 = get_driver_3_param (NULL, ":", NULL); /* save the beginning of the string */
+	str = str2;			
+
+	/* begin to strip out each filename */
+	str = strtok(str, ",");		
+	len = 0;
+	while (str != NULL)
+	{
+		/* keep a cumlative count of the str lengths */
+		len += strlen(str)+1;
+		str = strtok(NULL, ",");
+	}
+
+	/* allocate the space; add one extra slot for a terminating NULL.
+	   Each filename is NULL terminated and the end contains a double
+	   NULL */
+	if ((info->dependentfiles=(uint16*)talloc(mem_ctx, (len+1)*sizeof(uint16))) == NULL)
+	{
+		DEBUG(0,("init_drv_info_3_members: Unable to malloc memory for dependenfiles\n"));
+		return False;
+	}
+	for (i=0; i<len; i++)
+	{
+		info->dependentfiles[i] = SSVAL(&info->dependentfiles[i], 0, str2[i]);
+	}
+	info->dependentfiles[len] = '\0';
+
+	return True;
+}
+
+
+static NTSTATUS cmd_spoolss_addprinterdriver(struct cli_state *cli, 
+                                             TALLOC_CTX *mem_ctx,
+                                             int argc, char **argv)
+{
+	WERROR result;
+	uint32                  level = 3;
+	PRINTER_DRIVER_CTR	ctr;
+	DRIVER_INFO_3		info3;
+	fstring			arch;
+	fstring			driver_name;
+
+	/* parse the command arguements */
+	if (argc != 3)
+	{
+		printf ("Usage: %s <Environment>\\\n", argv[0]);
+		printf ("\t<Long Printer Name>:<Driver File Name>:<Data File Name>:\\\n");
+    		printf ("\t<Config File Name>:<Help File Name>:<Language Monitor Name>:\\\n");
+	    	printf ("\t<Default Data Type>:<Comma Separated list of Files>\n");
+
+		return NT_STATUS_OK;
+        }
+		
+	/* Fill in the DRIVER_INFO_3 struct */
+	ZERO_STRUCT(info3);
+	if (!get_short_archi(arch, argv[1]))
+	{
+		printf ("Error Unknown architechture [%s]\n", argv[1]);
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+	else
+		set_drv_info_3_env(&info3, arch);
+
+	if (!init_drv_info_3_members(mem_ctx, &info3, argv[2]))
+	{
+		printf ("Error Invalid parameter list - %s.\n", argv[2]);
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+
+	ctr.info3 = &info3;
+	result = cli_spoolss_addprinterdriver (cli, mem_ctx, level, &ctr);
+
+	if (W_ERROR_IS_OK(result)) {
+		rpcstr_pull(driver_name, info3.name.buffer, 
+			    sizeof(driver_name), 0, STR_TERMINATE);
+		printf ("Printer Driver %s successfully installed.\n",
+			driver_name);
+	}
+
+	return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+
+static NTSTATUS cmd_spoolss_addprinterex(struct cli_state *cli, 
+                                         TALLOC_CTX *mem_ctx,
+                                         int argc, char **argv)
+{
+	WERROR result;
+	uint32			level = 2;
+	PRINTER_INFO_CTR	ctr;
+	PRINTER_INFO_2		info2;
+	fstring			servername;
+	
+	/* parse the command arguements */
+	if (argc != 5)
+	{
+		printf ("Usage: %s <name> <shared name> <driver> <port>\n", argv[0]);
+		return NT_STATUS_OK;
+        }
+	
+        slprintf (servername, sizeof(fstring)-1, "\\\\%s", cli->desthost);
+        strupper (servername);
+
+	/* Fill in the DRIVER_INFO_3 struct */
+	ZERO_STRUCT(info2);
+#if 0	/* JERRY */
+	init_unistr( &info2.servername, 	servername);
+#endif
+	init_unistr( &info2.printername,	argv[1]);
+	init_unistr( &info2.sharename, 		argv[2]);
+	init_unistr( &info2.drivername,		argv[3]);
+	init_unistr( &info2.portname,		argv[4]);
+	init_unistr( &info2.comment,		"Created by rpcclient");
+	init_unistr( &info2.printprocessor, 	"winprint");
+	init_unistr( &info2.datatype,		"RAW");
+	info2.devmode = 	NULL;
+	info2.secdesc = 	NULL;
+	info2.attributes 	= PRINTER_ATTRIBUTE_SHARED;
+	info2.priority 		= 0;
+	info2.defaultpriority	= 0;
+	info2.starttime		= 0;
+	info2.untiltime		= 0;
+	
+	/* These three fields must not be used by AddPrinter() 
+	   as defined in the MS Platform SDK documentation..  
+	   --jerry
+	info2.status		= 0;
+	info2.cjobs		= 0;
+	info2.averageppm	= 0;
+	*/
+
+	ctr.printers_2 = &info2;
+	result = cli_spoolss_addprinterex (cli, mem_ctx, level, &ctr);
+
+	if (W_ERROR_IS_OK(result))
+		printf ("Printer %s successfully installed.\n", argv[1]);
+
+	return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+static NTSTATUS cmd_spoolss_setdriver(struct cli_state *cli, 
+                                      TALLOC_CTX *mem_ctx,
+                                      int argc, char **argv)
+{
+	POLICY_HND		pol;
+	WERROR                  result;
+	uint32			level = 2;
+	BOOL			opened_hnd = False;
+	PRINTER_INFO_CTR	ctr;
+	PRINTER_INFO_2		info2;
+	fstring			servername,
+				printername,
+				user;
+	uint32 needed;
+	
+	/* parse the command arguements */
+	if (argc != 3)
+	{
+		printf ("Usage: %s <printer> <driver>\n", argv[0]);
+		return NT_STATUS_OK;
+        }
+
+	slprintf (servername, sizeof(fstring)-1, "\\\\%s", cli->desthost);
+	strupper (servername);
+	slprintf (printername, sizeof(fstring)-1, "%s\\%s", servername, argv[1]);
+	fstrcpy  (user, cli->user_name);
+
+	/* Get a printer handle */
+
+	result = cli_spoolss_open_printer_ex(cli, mem_ctx, printername, "", 
+					     MAXIMUM_ALLOWED_ACCESS,
+					     servername, user, &pol);
+
+	if (!W_ERROR_IS_OK(result))
+		goto done;
+
+	opened_hnd = True;
+
+	/* Get printer info */
+
+	ZERO_STRUCT (info2);
+	ctr.printers_2 = &info2;
+
+	result = cli_spoolss_getprinter(cli, mem_ctx, 0, &needed,
+					&pol, level, &ctr);
+
+	if (W_ERROR_V(result) == ERRinsufficientbuffer)
+		result = cli_spoolss_getprinter(
+			cli, mem_ctx, needed, NULL, &pol, level, &ctr);
+
+	if (!W_ERROR_IS_OK(result)) {
+		printf ("Unable to retrieve printer information!\n");
+		goto done;
+	}
+
+	/* Set the printer driver */
+
+	init_unistr(&ctr.printers_2->drivername, argv[2]);
+
+	result = cli_spoolss_setprinter(cli, mem_ctx, &pol, level, &ctr, 0);
+
+	if (!W_ERROR_IS_OK(result)) {
+		printf("SetPrinter call failed!\n");
+		goto done;;
+	}
+
+	printf("Succesfully set %s to driver %s.\n", argv[1], argv[2]);
+
+done:
+	/* Cleanup */
+
+	if (opened_hnd)
+		cli_spoolss_close_printer(cli, mem_ctx, &pol);
+
+	return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+
+static NTSTATUS cmd_spoolss_deletedriver(struct cli_state *cli, 
+                                         TALLOC_CTX *mem_ctx,
+                                         int argc, char **argv)
+{
+	WERROR result;
+	fstring			servername;
+	int			i;
+	
+	/* parse the command arguements */
+	if (argc != 2)
+	{
+		printf ("Usage: %s <driver>\n", argv[0]);
+		return NT_STATUS_OK;
+        }
+
+	slprintf (servername, sizeof(fstring)-1, "\\\\%s", cli->desthost);
+	strupper (servername);
+
+	/* delete the driver for all architectures */
+	for (i=0; archi_table[i].long_archi; i++)
+	{
+		/* make the call to remove the driver */
+		result = cli_spoolss_deleteprinterdriver(
+			cli, mem_ctx, archi_table[i].long_archi, argv[1]);
+
+		if (!W_ERROR_IS_OK(result)) {
+			printf ("Failed to remove driver %s for arch [%s] - error 0x%x!\n", 
+				argv[1], archi_table[i].long_archi, 
+				W_ERROR_V(result));
+		} else
+			printf ("Driver %s removed for arch [%s].\n", argv[1], 
+				archi_table[i].long_archi);
+	}
+		
+	return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+static NTSTATUS cmd_spoolss_getprintprocdir(struct cli_state *cli, 
+					    TALLOC_CTX *mem_ctx,
+					    int argc, char **argv)
+{
+	WERROR result;
+	char *servername = NULL, *environment = NULL;
+	fstring procdir;
+	uint32 needed;
+	
+	/* parse the command arguements */
+	if (argc > 2) {
+		printf ("Usage: %s [environment]\n", argv[0]);
+		return NT_STATUS_OK;
+        }
+
+	if (asprintf(&servername, "\\\\%s", cli->desthost) < 0)
+		return NT_STATUS_NO_MEMORY;
+	strupper(servername);
+
+	if (asprintf(&environment, "%s", (argc == 2) ? argv[1] : 
+		     PRINTER_DRIVER_ARCHITECTURE) < 0) {
+		SAFE_FREE(servername);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	result = cli_spoolss_getprintprocessordirectory(
+		cli, mem_ctx, 0, &needed, servername, environment, procdir);
+
+	if (W_ERROR_V(result) == ERRinsufficientbuffer)
+		result = cli_spoolss_getprintprocessordirectory(
+			cli, mem_ctx, needed, NULL, servername, environment, 
+			procdir);
+
+	if (W_ERROR_IS_OK(result))
+		printf("%s\n", procdir);
+
+	SAFE_FREE(servername);
+	SAFE_FREE(environment);
+
+	return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+/* Add a form */
+
+static NTSTATUS cmd_spoolss_addform(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+				    int argc, char **argv)
+{
+	POLICY_HND handle;
+	WERROR werror;
+	char *servername = NULL, *printername = NULL;
+	FORM form;
+	BOOL got_handle = False;
+	
+	/* Parse the command arguements */
+
+	if (argc != 3) {
+		printf ("Usage: %s <printer> <formname>\n", argv[0]);
+		return NT_STATUS_OK;
+        }
+	
+	/* Get a printer handle */
+
+	asprintf(&servername, "\\\\%s", cli->desthost);
+	strupper(servername);
+	asprintf(&printername, "%s\\%s", servername, argv[1]);
+
+	werror = cli_spoolss_open_printer_ex(cli, mem_ctx, printername, "", 
+					     MAXIMUM_ALLOWED_ACCESS, 
+					     servername, cli->user_name, &handle);
+
+	if (!W_ERROR_IS_OK(werror))
+		goto done;
+
+	got_handle = True;
+
+	/* Dummy up some values for the form data */
+
+	form.flags = FORM_USER;
+	form.size_x = form.size_y = 100;
+	form.left = 0;
+	form.top = 10;
+	form.right = 20;
+	form.bottom = 30;
+
+	init_unistr2(&form.name, argv[2], strlen(argv[2]) + 1);
+
+	/* Add the form */
+
+
+	werror = cli_spoolss_addform(cli, mem_ctx, &handle, 1, &form);
+
+ done:
+	if (got_handle)
+		cli_spoolss_close_printer(cli, mem_ctx, &handle);
+
+	SAFE_FREE(servername);
+	SAFE_FREE(printername);
+
+	return W_ERROR_IS_OK(werror) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+/* Set a form */
+
+static NTSTATUS cmd_spoolss_setform(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+				    int argc, char **argv)
+{
+	POLICY_HND handle;
+	WERROR werror;
+	char *servername = NULL, *printername = NULL;
+	FORM form;
+	BOOL got_handle = False;
+	
+	/* Parse the command arguements */
+
+	if (argc != 3) {
+		printf ("Usage: %s <printer> <formname>\n", argv[0]);
+		return NT_STATUS_OK;
+        }
+	
+	/* Get a printer handle */
+
+	asprintf(&servername, "\\\\%s", cli->desthost);
+	strupper(servername);
+	asprintf(&printername, "%s\\%s", servername, argv[1]);
+
+	werror = cli_spoolss_open_printer_ex(
+		cli, mem_ctx, printername, "", MAXIMUM_ALLOWED_ACCESS, 
+		servername, cli->user_name, &handle);
+
+	if (!W_ERROR_IS_OK(werror))
+		goto done;
+
+	got_handle = True;
+
+	/* Dummy up some values for the form data */
+
+	form.flags = FORM_PRINTER;
+	form.size_x = form.size_y = 100;
+	form.left = 0;
+	form.top = 1000;
+	form.right = 2000;
+	form.bottom = 3000;
+
+	init_unistr2(&form.name, argv[2], strlen(argv[2]) + 1);
+
+	/* Set the form */
+
+	werror = cli_spoolss_setform(cli, mem_ctx, &handle, 1, argv[2], &form);
+
+ done:
+	if (got_handle)
+		cli_spoolss_close_printer(cli, mem_ctx, &handle);
+
+	SAFE_FREE(servername);
+	SAFE_FREE(printername);
+
+	return W_ERROR_IS_OK(werror) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+/* Get a form */
+
+static NTSTATUS cmd_spoolss_getform(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+				    int argc, char **argv)
+{
+	POLICY_HND handle;
+	WERROR werror;
+	char *servername = NULL, *printername = NULL;
+	FORM_1 form;
+	BOOL got_handle = False;
+	uint32 needed;
+	
+	/* Parse the command arguements */
+
+	if (argc != 3) {
+		printf ("Usage: %s <printer> <formname>\n", argv[0]);
+		return NT_STATUS_OK;
+        }
+	
+	/* Get a printer handle */
+
+	asprintf(&servername, "\\\\%s", cli->desthost);
+	strupper(servername);
+	asprintf(&printername, "%s\\%s", servername, argv[1]);
+
+	werror = cli_spoolss_open_printer_ex(
+		cli, mem_ctx, printername, "", MAXIMUM_ALLOWED_ACCESS, 
+		servername, cli->user_name, &handle);
+
+	if (!W_ERROR_IS_OK(werror))
+		goto done;
+
+	got_handle = True;
+
+	/* Set the form */
+
+	werror = cli_spoolss_getform(cli, mem_ctx, 0, &needed,
+				     &handle, argv[2], 1, &form);
+
+	if (W_ERROR_V(werror) == ERRinsufficientbuffer)
+		werror = cli_spoolss_getform(cli, mem_ctx, needed, NULL,
+					     &handle, argv[2], 1, &form);
+
+	if (!W_ERROR_IS_OK(werror))
+		goto done;
+
+	printf("width: %d\n", form.width);
+	printf("length: %d\n", form.length);
+	printf("left: %d\n", form.left);
+	printf("top: %d\n", form.top);
+	printf("right: %d\n", form.right);
+	printf("bottom: %d\n", form.bottom);
+
+ done:
+	if (got_handle)
+		cli_spoolss_close_printer(cli, mem_ctx, &handle);
+
+	SAFE_FREE(servername);
+	SAFE_FREE(printername);
+
+	return W_ERROR_IS_OK(werror) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+/* Delete a form */
+
+static NTSTATUS cmd_spoolss_deleteform(struct cli_state *cli, 
+				       TALLOC_CTX *mem_ctx, int argc, 
+				       char **argv)
+{
+	POLICY_HND handle;
+	WERROR werror;
+	char *servername = NULL, *printername = NULL;
+	BOOL got_handle = False;
+	
+	/* Parse the command arguements */
+
+	if (argc != 3) {
+		printf ("Usage: %s <printer> <formname>\n", argv[0]);
+		return NT_STATUS_OK;
+        }
+	
+	/* Get a printer handle */
+
+	asprintf(&servername, "\\\\%s", cli->desthost);
+	strupper(servername);
+	asprintf(&printername, "%s\\%s", servername, argv[1]);
+
+	werror = cli_spoolss_open_printer_ex(
+		cli, mem_ctx, printername, "", MAXIMUM_ALLOWED_ACCESS, 
+		servername, cli->user_name, &handle);
+
+	if (!W_ERROR_IS_OK(werror))
+		goto done;
+
+	got_handle = True;
+
+	/* Delete the form */
+
+	werror = cli_spoolss_deleteform(cli, mem_ctx, &handle, argv[2]);
+
+ done:
+	if (got_handle)
+		cli_spoolss_close_printer(cli, mem_ctx, &handle);
+
+	SAFE_FREE(servername);
+	SAFE_FREE(printername);
+
+	return W_ERROR_IS_OK(werror) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+/* Enumerate forms */
+
+static NTSTATUS cmd_spoolss_enum_forms(struct cli_state *cli, 
+				       TALLOC_CTX *mem_ctx, int argc, 
+				       char **argv)
+{
+	POLICY_HND handle;
+	WERROR werror;
+	char *servername = NULL, *printername = NULL;
+	BOOL got_handle = False;
+	uint32 needed, num_forms, level = 1, i;
+	FORM_1 *forms;
+	
+	/* Parse the command arguements */
+
+	if (argc != 2) {
+		printf ("Usage: %s <printer>\n", argv[0]);
+		return NT_STATUS_OK;
+        }
+	
+	/* Get a printer handle */
+
+	asprintf(&servername, "\\\\%s", cli->desthost);
+	strupper(servername);
+	asprintf(&printername, "%s\\%s", servername, argv[1]);
+
+	werror = cli_spoolss_open_printer_ex(
+		cli, mem_ctx, printername, "", MAXIMUM_ALLOWED_ACCESS, 
+		servername, cli->user_name, &handle);
+
+	if (!W_ERROR_IS_OK(werror))
+		goto done;
+
+	got_handle = True;
+
+	/* Enumerate forms */
+
+	werror = cli_spoolss_enumforms(
+		cli, mem_ctx, 0, &needed, &handle, level, &num_forms, &forms);
+
+	if (W_ERROR_V(werror) == ERRinsufficientbuffer)
+		werror = cli_spoolss_enumforms(
+			cli, mem_ctx, needed, NULL, &handle, level, 
+			&num_forms, &forms);
+
+	if (!W_ERROR_IS_OK(werror))
+		goto done;
+
+	/* Display output */
+
+	for (i = 0; i < num_forms; i++) {
+		fstring form_name;
+
+		if (forms[i].name.buffer)
+			rpcstr_pull(form_name, forms[i].name.buffer,
+				    sizeof(form_name), 0, STR_TERMINATE);
+
+		printf("%s\n", form_name);
+	}
+
+ done:
+	if (got_handle)
+		cli_spoolss_close_printer(cli, mem_ctx, &handle);
+
+	SAFE_FREE(servername);
+	SAFE_FREE(printername);
+
+	return W_ERROR_IS_OK(werror) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+static NTSTATUS cmd_spoolss_setprinterdata(struct cli_state *cli,
+					    TALLOC_CTX *mem_ctx,
+					    int argc, char **argv)
+{
+	WERROR result;
+	uint32 needed;
+	fstring servername, printername, user;
+	POLICY_HND pol;
+	BOOL opened_hnd = False;
+	PRINTER_INFO_CTR ctr;
+	PRINTER_INFO_0 *info = NULL;
+
+	/* parse the command arguements */
+	if (argc != 4) {
+		printf ("Usage: %s <printer> <value> <data>\n", argv[0]);
+		return NT_STATUS_OK;
+        }
+
+	slprintf (servername, sizeof(fstring)-1, "\\\\%s", cli->desthost);
+	strupper (servername);
+	slprintf (printername, sizeof(fstring)-1, "%s\\%s", servername, argv[1]);
+	fstrcpy  (user, cli->user_name);
+
+	/* get a printer handle */
+	result = cli_spoolss_open_printer_ex(cli, mem_ctx, printername, "",
+					     MAXIMUM_ALLOWED_ACCESS, servername, 
+					     user, &pol);
+	if (!W_ERROR_IS_OK(result))
+		goto done;
+
+	opened_hnd = True;
+
+        result = cli_spoolss_getprinter(cli, mem_ctx, 0, &needed,
+                                        &pol, 0, &ctr);
+
+        if (W_ERROR_V(result) == ERRinsufficientbuffer)
+                result = cli_spoolss_getprinter(cli, mem_ctx, needed, NULL, &pol, 0, &ctr);
+
+        if (!W_ERROR_IS_OK(result))
+                goto done;
+		
+	printf("%s\n", timestring(True));
+	printf("\tchange_id (before set)\t:[0x%x]\n", info->change_id);
+
+
+	/* Set the printer data */
+	
+	result = cli_spoolss_setprinterdata(cli, mem_ctx, &pol, argv[2], argv[3]);
+	if (!W_ERROR_IS_OK(result)) {
+		printf ("Unable to set [%s=%s]!\n", argv[2], argv[3]);
+		goto done;
+	}
+	printf("\tSetPrinterData succeeded [%s: %s]\n", argv[2], argv[3]);
+
+        result = cli_spoolss_getprinter(cli, mem_ctx, 0, &needed, &pol, 0, &ctr);
+
+        if (W_ERROR_V(result) == ERRinsufficientbuffer)
+                result = cli_spoolss_getprinter(cli, mem_ctx, needed, NULL, &pol, 0, &ctr);
+
+        if (!W_ERROR_IS_OK(result))
+                goto done;
+		
+	printf("%s\n", timestring(True));
+	printf("\tchange_id (after set)\t:[0x%x]\n", info->change_id);
+
+done:
+	/* cleanup */
+	if (opened_hnd)
+		cli_spoolss_close_printer(cli, mem_ctx, &pol);
+
+	return W_ERROR_IS_OK(result) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+
+/* List of commands exported by this module */
+struct cmd_set spoolss_commands[] = {
+
+	{ "SPOOLSS"  },
+
+	{ "adddriver",		cmd_spoolss_addprinterdriver,	PIPE_SPOOLSS, "Add a print driver",                  "" },
+	{ "addprinter",		cmd_spoolss_addprinterex,	PIPE_SPOOLSS, "Add a printer",                       "" },
+	{ "deldriver",		cmd_spoolss_deletedriver,	PIPE_SPOOLSS, "Delete a printer driver",             "" },
+	{ "enumdata",		cmd_spoolss_not_implemented,	PIPE_SPOOLSS, "Enumerate printer data (*)",          "" },
+	{ "enumjobs",		cmd_spoolss_not_implemented,	PIPE_SPOOLSS, "Enumerate print jobs (*)",            "" },
+	{ "enumports", 		cmd_spoolss_enum_ports, 	PIPE_SPOOLSS, "Enumerate printer ports",             "" },
+	{ "enumdrivers", 	cmd_spoolss_enum_drivers, 	PIPE_SPOOLSS, "Enumerate installed printer drivers", "" },
+	{ "enumprinters", 	cmd_spoolss_enum_printers, 	PIPE_SPOOLSS, "Enumerate printers",                  "" },
+	{ "getdata",		cmd_spoolss_not_implemented,	PIPE_SPOOLSS, "Get print driver data (*)",           "" },
+	{ "getdriver",		cmd_spoolss_getdriver,		PIPE_SPOOLSS, "Get print driver information",        "" },
+	{ "getdriverdir",	cmd_spoolss_getdriverdir,	PIPE_SPOOLSS, "Get print driver upload directory",   "" },
+	{ "getprinter", 	cmd_spoolss_getprinter, 	PIPE_SPOOLSS, "Get printer info",                    "" },
+	{ "getprintprocdir",	cmd_spoolss_getprintprocdir,    PIPE_SPOOLSS, "Get print processor directory",       "" },
+	{ "openprinter",	cmd_spoolss_open_printer_ex,	PIPE_SPOOLSS, "Open printer handle",                 "" },
+	{ "setdriver",		cmd_spoolss_setdriver,		PIPE_SPOOLSS, "Set printer driver",                  "" },
+	{ "getprintprocdir",	cmd_spoolss_getprintprocdir,    PIPE_SPOOLSS, "Get print processor directory",       "" },
+	{ "addform",            cmd_spoolss_addform,            PIPE_SPOOLSS, "Add form",                            "" },
+	{ "setform",            cmd_spoolss_setform,            PIPE_SPOOLSS, "Set form",                            "" },
+	{ "getform",            cmd_spoolss_getform,            PIPE_SPOOLSS, "Get form",                            "" },
+	{ "deleteform",         cmd_spoolss_deleteform,         PIPE_SPOOLSS, "Delete form",                         "" },
+	{ "enumforms",          cmd_spoolss_enum_forms,         PIPE_SPOOLSS, "Enumerate forms",                     "" },
+	{ "setprinter",	        cmd_spoolss_setprinter,         PIPE_SPOOLSS, "Set printer comment",                 "" },
+	{ "setprinterdata",	cmd_spoolss_setprinterdata,     PIPE_SPOOLSS, "Set REG_SZ printer data",             "" },
+
+	{ NULL }
+};
diff --git a/source3/rpcclient/cmd_srvsvc.c b/source3/rpcclient/cmd_srvsvc.c
new file mode 100644
index 0000000000..6fbd152dfb
--- /dev/null
+++ b/source3/rpcclient/cmd_srvsvc.c
@@ -0,0 +1,233 @@
+/* 
+   Unix SMB/CIFS implementation.
+   RPC pipe client
+
+   Copyright (C) Andrew Tridgell 1992-1999
+   Copyright (C) Luke Kenneth Casson Leighton 1996 - 1999
+   Copyright (C) Tim Potter 2000
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "rpcclient.h"
+
+/* Display server query info */
+
+static char *get_server_type_str(uint32 type)
+{
+	static fstring typestr;
+	int i;
+
+	if (type == SV_TYPE_ALL) {
+		fstrcpy(typestr, "All");
+		return typestr;
+	}
+		
+	typestr[0] = 0;
+
+	for (i = 0; i < 32; i++) {
+		if (type & (1 << i)) {
+			switch (1 << i) {
+			case SV_TYPE_WORKSTATION:
+				fstrcat(typestr, "Wk ");
+				break;
+			case SV_TYPE_SERVER:
+				fstrcat(typestr, "Sv ");
+				break;
+			case SV_TYPE_SQLSERVER:
+				fstrcat(typestr, "Sql ");
+				break;
+			case SV_TYPE_DOMAIN_CTRL:
+				fstrcat(typestr, "PDC ");
+				break;
+			case SV_TYPE_DOMAIN_BAKCTRL:
+				fstrcat(typestr, "BDC ");
+				break;
+			case SV_TYPE_TIME_SOURCE:
+				fstrcat(typestr, "Tim ");
+				break;
+			case SV_TYPE_AFP:
+				fstrcat(typestr, "AFP ");
+				break;
+			case SV_TYPE_NOVELL:
+				fstrcat(typestr, "Nov ");
+				break;
+			case SV_TYPE_DOMAIN_MEMBER:
+				fstrcat(typestr, "Dom ");
+				break;
+			case SV_TYPE_PRINTQ_SERVER:
+				fstrcat(typestr, "PrQ ");
+				break;
+			case SV_TYPE_DIALIN_SERVER:
+				fstrcat(typestr, "Din ");
+				break;
+			case SV_TYPE_SERVER_UNIX:
+				fstrcat(typestr, "Unx ");
+				break;
+			case SV_TYPE_NT:
+				fstrcat(typestr, "NT ");
+				break;
+			case SV_TYPE_WFW:
+				fstrcat(typestr, "Wfw ");
+				break;
+			case SV_TYPE_SERVER_MFPN:
+				fstrcat(typestr, "Mfp ");
+				break;
+			case SV_TYPE_SERVER_NT:
+				fstrcat(typestr, "SNT ");
+				break;
+			case SV_TYPE_POTENTIAL_BROWSER:
+				fstrcat(typestr, "PtB ");
+				break;
+			case SV_TYPE_BACKUP_BROWSER:
+				fstrcat(typestr, "BMB ");
+				break;
+			case SV_TYPE_MASTER_BROWSER:
+				fstrcat(typestr, "LMB ");
+				break;
+			case SV_TYPE_DOMAIN_MASTER:
+				fstrcat(typestr, "DMB ");
+				break;
+			case SV_TYPE_SERVER_OSF:
+				fstrcat(typestr, "OSF ");
+				break;
+			case SV_TYPE_SERVER_VMS:
+				fstrcat(typestr, "VMS ");
+				break;
+			case SV_TYPE_WIN95_PLUS:
+				fstrcat(typestr, "W95 ");
+				break;
+			case SV_TYPE_ALTERNATE_XPORT:
+				fstrcat(typestr, "Xpt ");
+				break;
+			case SV_TYPE_LOCAL_LIST_ONLY:
+				fstrcat(typestr, "Dom ");
+				break;
+			case SV_TYPE_DOMAIN_ENUM:
+				fstrcat(typestr, "Loc ");
+				break;
+			}
+		}
+	}
+
+	i = strlen(typestr) - 1;
+
+	if (typestr[i] == ' ')
+		typestr[i] = 0;
+	
+	return typestr;
+}
+
+static void display_server(char *sname, uint32 type, const char *comment)
+{
+	printf("\t%-15.15s%-20s %s\n", sname, get_server_type_str(type), 
+	       comment);
+}
+
+static void display_srv_info_101(SRV_INFO_101 *sv101)
+{
+	fstring name;
+	fstring comment;
+
+	unistr2_to_ascii(name, &sv101->uni_name, sizeof(name) - 1);
+	unistr2_to_ascii(comment, &sv101->uni_comment, sizeof(comment) - 1);
+
+	display_server(name, sv101->srv_type, comment);
+
+	printf("\tplatform_id     :\t%d\n", sv101->platform_id);
+	printf("\tos version      :\t%d.%d\n", sv101->ver_major, 
+	       sv101->ver_minor);
+
+	printf("\tserver type     :\t0x%x\n", sv101->srv_type);
+}
+
+static void display_srv_info_102(SRV_INFO_102 *sv102)
+{
+	fstring name;
+	fstring comment;
+	fstring usr_path;
+	
+	unistr2_to_ascii(name, &sv102->uni_name, sizeof(name) - 1);
+	unistr2_to_ascii(comment, &sv102->uni_comment, sizeof(comment) - 1);
+	unistr2_to_ascii(usr_path, &sv102->uni_usr_path, sizeof(usr_path) - 1);
+
+	display_server(name, sv102->srv_type, comment);
+
+	printf("\tplatform_id     :\t%d\n", sv102->platform_id);
+	printf("\tos version      :\t%d.%d\n", sv102->ver_major, 
+	       sv102->ver_minor);
+
+	printf("\tusers           :\t%x\n", sv102->users);
+	printf("\tdisc, hidden    :\t%x, %x\n", sv102->disc, sv102->hidden);
+	printf("\tannounce, delta :\t%d, %d\n", sv102->announce, 
+	       sv102->ann_delta);
+	printf("\tlicenses        :\t%d\n", sv102->licenses);
+	printf("\tuser path       :\t%s\n", usr_path);
+}
+
+/* Server query info */
+
+static NTSTATUS cmd_srvsvc_srv_query_info(struct cli_state *cli, 
+                                          TALLOC_CTX *mem_ctx,
+                                          int argc, char **argv)
+{
+	uint32 info_level = 101;
+	SRV_INFO_CTR ctr;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	if (argc > 2) {
+		printf("Usage: %s [infolevel]\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	if (argc == 2)
+		info_level = atoi(argv[1]);
+
+	result = cli_srvsvc_net_srv_get_info(cli, mem_ctx, info_level,
+					     &ctr);
+
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	/* Display results */
+
+	switch (info_level) {
+	case 101:
+		display_srv_info_101(&ctr.srv.sv101);
+		break;
+	case 102:
+		display_srv_info_102(&ctr.srv.sv102);
+		break;
+	default:
+		printf("unsupported info level %d\n", info_level);
+		break;
+	}
+
+ done:
+	return result;
+}
+
+/* List of commands exported by this module */
+
+struct cmd_set srvsvc_commands[] = {
+
+	{ "SRVSVC" },
+
+	{ "srvinfo",    cmd_srvsvc_srv_query_info,  PIPE_SRVSVC, "Server query info", "" },
+
+	{ NULL }
+};
diff --git a/source3/rpcclient/cmd_wkssvc.c b/source3/rpcclient/cmd_wkssvc.c
new file mode 100644
index 0000000000..79acf35943
--- /dev/null
+++ b/source3/rpcclient/cmd_wkssvc.c
@@ -0,0 +1,84 @@
+/* 
+   Unix SMB/CIFS implementation.
+   NT Domain Authentication SMB / MSRPC client
+   Copyright (C) Andrew Tridgell 1994-1997
+   Copyright (C) Luke Kenneth Casson Leighton 1996-1997
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+#define DEBUG_TESTING
+
+extern struct cli_state *smb_cli;
+
+extern FILE* out_hnd;
+
+
+/****************************************************************************
+workstation get info query
+****************************************************************************/
+void cmd_wks_query_info(struct client_info *info)
+{
+	fstring dest_wks;
+	fstring tmp;
+	WKS_INFO_100 ctr;
+	uint32 info_level = 100;
+
+	BOOL res = True;
+
+	memset((char *)&ctr, '\0', sizeof(ctr));
+
+	fstrcpy(dest_wks, "\\\\");
+	fstrcat(dest_wks, info->dest_host);
+	strupper(dest_wks);
+
+	if (next_token_nr(NULL, tmp, NULL, sizeof(tmp)))
+	{
+		info_level = (uint32)strtol(tmp, (char**)NULL, 10);
+	}
+
+	DEBUG(4,("cmd_wks_query_info: server:%s info level: %d\n",
+				dest_wks, info_level));
+
+	DEBUG(5, ("cmd_wks_query_info: smb_cli->fd:%d\n", smb_cli->fd));
+
+	/* open LSARPC session. */
+	res = res ? cli_nt_session_open(smb_cli, PIPE_WKSSVC) : False;
+
+	/* send info level: receive requested info.  hopefully. */
+	res = res ? do_wks_query_info(smb_cli, 
+				dest_wks, info_level, &ctr) : False;
+
+	/* close the session */
+	cli_nt_session_close(smb_cli);
+
+	if (res)
+	{
+		DEBUG(5,("cmd_wks_query_info: query succeeded\n"));
+
+#if 0
+		display_wks_info_100(out_hnd, ACTION_HEADER   , &ctr);
+		display_wks_info_100(out_hnd, ACTION_ENUMERATE, &ctr);
+		display_wks_info_100(out_hnd, ACTION_FOOTER   , &ctr);
+#endif
+
+	}
+	else
+	{
+		DEBUG(5,("cmd_wks_query_info: query failed\n"));
+	}
+}
diff --git a/source3/rpcclient/display.c b/source3/rpcclient/display.c
new file mode 100644
index 0000000000..d03465206e
--- /dev/null
+++ b/source3/rpcclient/display.c
@@ -0,0 +1,1338 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Samba utility functions
+   Copyright (C) Andrew Tridgell 1992-1998
+   Copyright (C) Luke Kenneth Casson Leighton 1996 - 1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+
+/****************************************************************************
+convert a share mode to a string
+****************************************************************************/
+char *get_file_mode_str(uint32 share_mode)
+{
+	static fstring mode;
+
+	switch (GET_DENY_MODE(share_mode))
+	{
+		case DENY_NONE : fstrcpy(mode, "DENY_NONE  "); break;
+		case DENY_ALL  : fstrcpy(mode, "DENY_ALL   "); break;
+		case DENY_DOS  : fstrcpy(mode, "DENY_DOS   "); break;
+		case DENY_READ : fstrcpy(mode, "DENY_READ  "); break;
+		case DENY_WRITE: fstrcpy(mode, "DENY_WRITE "); break;
+		case DENY_FCB:   fstrcpy(mode, "DENY_FCB "); break;
+		default        : fstrcpy(mode, "DENY_????  "); break;
+	}
+
+	switch (share_mode & 0xF)
+	{
+		case 0 : fstrcat(mode, "RDONLY"); break;
+		case 1 : fstrcat(mode, "WRONLY"); break;
+		case 2 : fstrcat(mode, "RDWR  "); break;
+		default: fstrcat(mode, "R??W??"); break;
+	}
+
+	return mode;
+}
+
+/****************************************************************************
+convert an oplock mode to a string
+****************************************************************************/
+char *get_file_oplock_str(uint32 op_type)
+{
+	static fstring oplock;
+	BOOL excl  = ((op_type & EXCLUSIVE_OPLOCK) != 0);
+	BOOL batch = ((op_type & BATCH_OPLOCK    ) != 0);
+
+	oplock[0] = 0;
+
+	if (excl           ) fstrcat(oplock, "EXCLUSIVE");
+	if (excl  &&  batch) fstrcat(oplock, "+");
+	if (          batch) fstrcat(oplock, "BATCH");
+	if (!excl && !batch) fstrcat(oplock, "NONE");
+
+	return oplock;
+}
+
+/****************************************************************************
+convert a share type enum to a string
+****************************************************************************/
+char *get_share_type_str(uint32 type)
+{
+	static fstring typestr;
+
+	switch (type)
+	{
+		case STYPE_DISKTREE: fstrcpy(typestr, "Disk"   ); break;
+		case STYPE_PRINTQ  : fstrcpy(typestr, "Printer"); break;	      
+		case STYPE_DEVICE  : fstrcpy(typestr, "Device" ); break;
+		case STYPE_IPC     : fstrcpy(typestr, "IPC"    ); break;      
+		default            : fstrcpy(typestr, "????"   ); break;      
+	}
+	return typestr;
+}
+
+/****************************************************************************
+convert a server type enum to a string
+****************************************************************************/
+char *get_server_type_str(uint32 type)
+{
+	static fstring typestr;
+
+	if (type == SV_TYPE_ALL)
+	{
+		fstrcpy(typestr, "All");
+	}
+	else
+	{
+		int i;
+		typestr[0] = 0;
+		for (i = 0; i < 32; i++)
+		{
+			if (type & (1 << i))
+			{
+				switch (((unsigned)1) << i)
+				{
+					case SV_TYPE_WORKSTATION      : fstrcat(typestr, "Wk " ); break;
+					case SV_TYPE_SERVER           : fstrcat(typestr, "Sv " ); break;
+					case SV_TYPE_SQLSERVER        : fstrcat(typestr, "Sql "); break;
+					case SV_TYPE_DOMAIN_CTRL      : fstrcat(typestr, "PDC "); break;
+					case SV_TYPE_DOMAIN_BAKCTRL   : fstrcat(typestr, "BDC "); break;
+					case SV_TYPE_TIME_SOURCE      : fstrcat(typestr, "Tim "); break;
+					case SV_TYPE_AFP              : fstrcat(typestr, "AFP "); break;
+					case SV_TYPE_NOVELL           : fstrcat(typestr, "Nov "); break;
+					case SV_TYPE_DOMAIN_MEMBER    : fstrcat(typestr, "Dom "); break;
+					case SV_TYPE_PRINTQ_SERVER    : fstrcat(typestr, "PrQ "); break;
+					case SV_TYPE_DIALIN_SERVER    : fstrcat(typestr, "Din "); break;
+					case SV_TYPE_SERVER_UNIX      : fstrcat(typestr, "Unx "); break;
+					case SV_TYPE_NT               : fstrcat(typestr, "NT " ); break;
+					case SV_TYPE_WFW              : fstrcat(typestr, "Wfw "); break;
+					case SV_TYPE_SERVER_MFPN      : fstrcat(typestr, "Mfp "); break;
+					case SV_TYPE_SERVER_NT        : fstrcat(typestr, "SNT "); break;
+					case SV_TYPE_POTENTIAL_BROWSER: fstrcat(typestr, "PtB "); break;
+					case SV_TYPE_BACKUP_BROWSER   : fstrcat(typestr, "BMB "); break;
+					case SV_TYPE_MASTER_BROWSER   : fstrcat(typestr, "LMB "); break;
+					case SV_TYPE_DOMAIN_MASTER    : fstrcat(typestr, "DMB "); break;
+					case SV_TYPE_SERVER_OSF       : fstrcat(typestr, "OSF "); break;
+					case SV_TYPE_SERVER_VMS       : fstrcat(typestr, "VMS "); break;
+					case SV_TYPE_WIN95_PLUS       : fstrcat(typestr, "W95 "); break;
+					case SV_TYPE_ALTERNATE_XPORT  : fstrcat(typestr, "Xpt "); break;
+					case SV_TYPE_LOCAL_LIST_ONLY  : fstrcat(typestr, "Dom "); break;
+					case SV_TYPE_DOMAIN_ENUM      : fstrcat(typestr, "Loc "); break;
+				}
+			}
+		}
+		i = strlen(typestr)-1;
+		if (typestr[i] == ' ') typestr[i] = 0;
+
+	}
+	return typestr;
+}
+
+/****************************************************************************
+server info level 101 display function
+****************************************************************************/
+void display_srv_info_101(FILE *out_hnd, enum action_type action,
+		SRV_INFO_101 *sv101)
+{
+	if (sv101 == NULL)
+	{
+		return;
+	}
+
+	switch (action)
+	{
+		case ACTION_HEADER:
+		{
+			fprintf(out_hnd, "Server Info Level 101:\n");
+
+			break;
+		}
+		case ACTION_ENUMERATE:
+		{
+			fstring name;
+			fstring comment;
+
+			rpcstr_pull(name, sv101->uni_name.buffer,  sizeof(name), sv101->uni_name.uni_str_len*2, 0);
+			rpcstr_pull(comment, sv101->uni_comment.buffer,  sizeof(comment), sv101->uni_comment.uni_str_len*2, 0);
+
+			display_server(out_hnd, action, name, sv101->srv_type, comment);
+
+			fprintf(out_hnd, "\tplatform_id     : %d\n"    , sv101->platform_id);
+			fprintf(out_hnd, "\tos version      : %d.%d\n" , sv101->ver_major, sv101->ver_minor);
+
+			break;
+		}
+		case ACTION_FOOTER:
+		{
+			break;
+		}
+	}
+
+}
+
+/****************************************************************************
+server info level 102 display function
+****************************************************************************/
+void display_srv_info_102(FILE *out_hnd, enum action_type action,SRV_INFO_102 *sv102)
+{
+	if (sv102 == NULL)
+	{
+		return;
+	}
+
+	switch (action)
+	{
+		case ACTION_HEADER:
+		{
+			fprintf(out_hnd, "Server Info Level 102:\n");
+
+			break;
+		}
+		case ACTION_ENUMERATE:
+		{
+			fstring name;
+			fstring comment;
+			fstring usr_path;
+
+			rpcstr_pull(name, sv102->uni_name.buffer,  sizeof(name), sv102->uni_name.uni_str_len*2, 0);
+			rpcstr_pull(comment, sv102->uni_comment.buffer,  sizeof(comment), sv102->uni_comment.uni_str_len*2, 0);
+			rpcstr_pull(usr_path, sv102->uni_usr_path.buffer,  sizeof(usr_path), sv102->uni_usr_path.uni_str_len*2, 0);
+
+			display_server(out_hnd, action, name, sv102->srv_type, comment);
+
+			fprintf(out_hnd, "\tplatform_id     : %d\n"    , sv102->platform_id);
+			fprintf(out_hnd, "\tos version      : %d.%d\n" , sv102->ver_major, sv102->ver_minor);
+
+			fprintf(out_hnd, "\tusers           : %x\n"    , sv102->users      );
+			fprintf(out_hnd, "\tdisc, hidden    : %x,%x\n" , sv102->disc     , sv102->hidden   );
+			fprintf(out_hnd, "\tannounce, delta : %d, %d\n", sv102->announce , sv102->ann_delta);
+			fprintf(out_hnd, "\tlicenses        : %d\n"    , sv102->licenses   );
+			fprintf(out_hnd, "\tuser path       : %s\n"    , usr_path);
+
+			break;
+		}
+		case ACTION_FOOTER:
+		{
+			break;
+		}
+	}
+}
+
+/****************************************************************************
+server info container display function
+****************************************************************************/
+void display_srv_info_ctr(FILE *out_hnd, enum action_type action,SRV_INFO_CTR *ctr)
+{
+	if (ctr == NULL || ctr->ptr_srv_ctr == 0)
+	{
+		fprintf(out_hnd, "Server Information: unavailable due to an error\n");
+		return;
+	}
+
+	switch (ctr->switch_value)
+	{
+		case 101:
+		{
+			display_srv_info_101(out_hnd, action, &(ctr->srv.sv101));
+			break;
+		}
+		case 102:
+		{
+			display_srv_info_102(out_hnd, action, &(ctr->srv.sv102));
+			break;
+		}
+		default:
+		{
+			fprintf(out_hnd, "Server Information: Unknown Info Level\n");
+			break;
+		}
+	}
+}
+
+/****************************************************************************
+connection info level 0 display function
+****************************************************************************/
+void display_conn_info_0(FILE *out_hnd, enum action_type action,
+		CONN_INFO_0 *info0)
+{
+	if (info0 == NULL)
+	{
+		return;
+	}
+
+	switch (action)
+	{
+		case ACTION_HEADER:
+		{
+			fprintf(out_hnd, "Connection Info Level 0:\n");
+
+			break;
+		}
+		case ACTION_ENUMERATE:
+		{
+			fprintf(out_hnd, "\tid: %d\n", info0->id);
+
+			break;
+		}
+		case ACTION_FOOTER:
+		{
+			fprintf(out_hnd, "\n");
+			break;
+		}
+	}
+
+}
+
+/****************************************************************************
+connection info level 1 display function
+****************************************************************************/
+void display_conn_info_1(FILE *out_hnd, enum action_type action,
+		CONN_INFO_1 *info1, CONN_INFO_1_STR *str1)
+{
+	if (info1 == NULL || str1 == NULL)
+	{
+		return;
+	}
+
+	switch (action)
+	{
+		case ACTION_HEADER:
+		{
+			fprintf(out_hnd, "Connection Info Level 1:\n");
+
+			break;
+		}
+		case ACTION_ENUMERATE:
+		{
+			fstring usr_name;
+			fstring net_name;
+
+			rpcstr_pull(usr_name, str1->uni_usr_name.buffer, sizeof(usr_name), str1->uni_usr_name.uni_str_len*2,0);
+			rpcstr_pull(net_name, str1->uni_net_name.buffer, sizeof(net_name), str1->uni_net_name.uni_str_len*2,0);
+
+			fprintf(out_hnd, "\tid       : %d\n", info1->id);
+			fprintf(out_hnd, "\ttype     : %s\n", get_share_type_str(info1->type));
+			fprintf(out_hnd, "\tnum_opens: %d\n", info1->num_opens);
+			fprintf(out_hnd, "\tnum_users: %d\n", info1->num_users);
+			fprintf(out_hnd, "\topen_time: %d\n", info1->open_time);
+
+			fprintf(out_hnd, "\tuser name: %s\n", usr_name);
+			fprintf(out_hnd, "\tnet  name: %s\n", net_name);
+
+			break;
+		}
+		case ACTION_FOOTER:
+		{
+			fprintf(out_hnd, "\n");
+			break;
+		}
+	}
+
+}
+
+/****************************************************************************
+connection info level 0 container display function
+****************************************************************************/
+void display_srv_conn_info_0_ctr(FILE *out_hnd, enum action_type action,
+				SRV_CONN_INFO_0 *ctr)
+{
+	if (ctr == NULL)
+	{
+		fprintf(out_hnd, "display_srv_conn_info_0_ctr: unavailable due to an internal error\n");
+		return;
+	}
+
+	switch (action)
+	{
+		case ACTION_HEADER:
+		{
+			break;
+		}
+		case ACTION_ENUMERATE:
+		{
+			int i;
+
+			for (i = 0; i < ctr->num_entries_read; i++)
+			{
+				display_conn_info_0(out_hnd, ACTION_HEADER   , &(ctr->info_0[i]));
+				display_conn_info_0(out_hnd, ACTION_ENUMERATE, &(ctr->info_0[i]));
+				display_conn_info_0(out_hnd, ACTION_FOOTER   , &(ctr->info_0[i]));
+			}
+			break;
+		}
+		case ACTION_FOOTER:
+		{
+			break;
+		}
+	}
+}
+
+/****************************************************************************
+connection info level 1 container display function
+****************************************************************************/
+void display_srv_conn_info_1_ctr(FILE *out_hnd, enum action_type action,
+				SRV_CONN_INFO_1 *ctr)
+{
+	if (ctr == NULL)
+	{
+		fprintf(out_hnd, "display_srv_conn_info_1_ctr: unavailable due to an internal error\n");
+		return;
+	}
+
+	switch (action)
+	{
+		case ACTION_HEADER:
+		{
+			break;
+		}
+		case ACTION_ENUMERATE:
+		{
+			int i;
+
+			for (i = 0; i < ctr->num_entries_read; i++)
+			{
+				display_conn_info_1(out_hnd, ACTION_HEADER   , &(ctr->info_1[i]), &(ctr->info_1_str[i]));
+				display_conn_info_1(out_hnd, ACTION_ENUMERATE, &(ctr->info_1[i]), &(ctr->info_1_str[i]));
+				display_conn_info_1(out_hnd, ACTION_FOOTER   , &(ctr->info_1[i]), &(ctr->info_1_str[i]));
+			}
+			break;
+		}
+		case ACTION_FOOTER:
+		{
+			break;
+		}
+	}
+}
+
+/****************************************************************************
+connection info container display function
+****************************************************************************/
+void display_srv_conn_info_ctr(FILE *out_hnd, enum action_type action,
+				SRV_CONN_INFO_CTR *ctr)
+{
+	if (ctr == NULL || ctr->ptr_conn_ctr == 0)
+	{
+		fprintf(out_hnd, "display_srv_conn_info_ctr: unavailable due to an internal error\n");
+		return;
+	}
+
+	switch (ctr->switch_value)
+	{
+		case 0:
+		{
+			display_srv_conn_info_0_ctr(out_hnd, action,
+			                   &(ctr->conn.info0));
+			break;
+		}
+		case 1:
+		{
+			display_srv_conn_info_1_ctr(out_hnd, action,
+			                   &(ctr->conn.info1));
+			break;
+		}
+		default:
+		{
+			fprintf(out_hnd, "display_srv_conn_info_ctr: Unknown Info Level\n");
+			break;
+		}
+	}
+}
+
+
+/****************************************************************************
+share info level 1 display function
+****************************************************************************/
+void display_share_info_1(FILE *out_hnd, enum action_type action,
+			  SRV_SHARE_INFO_1 *info1)
+{
+	if (info1 == NULL)
+	{
+		return;
+	}
+
+	switch (action)
+	{
+		case ACTION_HEADER:
+		{
+			fprintf(out_hnd, "Share Info Level 1:\n");
+
+			break;
+		}
+		case ACTION_ENUMERATE:
+		{
+			fstring remark  ;
+			fstring net_name;
+
+			rpcstr_pull(net_name, info1->info_1_str.uni_netname.buffer, sizeof(net_name), info1->info_1_str.uni_netname.uni_str_len*2, 0);
+			rpcstr_pull(remark, info1->info_1_str.uni_remark.buffer, sizeof(remark), info1->info_1_str.uni_remark.uni_str_len*2, 0);
+
+			display_share(out_hnd, action, net_name, info1->info_1.type, remark);
+
+			break;
+		}
+		case ACTION_FOOTER:
+		{
+			fprintf(out_hnd, "\n");
+			break;
+		}
+	}
+
+}
+
+/****************************************************************************
+share info level 2 display function
+****************************************************************************/
+void display_share_info_2(FILE *out_hnd, enum action_type action,
+			  SRV_SHARE_INFO_2 *info2)
+{
+	if (info2 == NULL)
+	{
+		return;
+	}
+
+	switch (action)
+	{
+		case ACTION_HEADER:
+		{
+			fprintf(out_hnd, "Share Info Level 2:\n");
+
+			break;
+		}
+		case ACTION_ENUMERATE:
+		{
+			fstring remark  ;
+			fstring net_name;
+			fstring path    ;
+			fstring passwd  ;
+
+			rpcstr_pull(net_name, info2->info_2_str.uni_netname.buffer, sizeof(net_name), info2->info_2_str.uni_netname.uni_str_len*2, 0);
+			rpcstr_pull(remark, info2->info_2_str.uni_remark.buffer, sizeof(remark), info2->info_2_str.uni_remark.uni_str_len*2, 0);
+			rpcstr_pull(path, info2->info_2_str.uni_path.buffer, sizeof(path), info2->info_2_str.uni_path.uni_str_len*2, 0);
+			rpcstr_pull(passwd, info2->info_2_str.uni_passwd.buffer, sizeof(passwd), info2->info_2_str.uni_passwd.uni_str_len*2, 0);
+
+			display_share2(out_hnd, action, net_name,
+			      info2->info_2.type, remark, info2->info_2.perms,
+			      info2->info_2.max_uses, info2->info_2.num_uses,
+			      path, passwd);
+
+			break;
+		}
+		case ACTION_FOOTER:
+		{
+			fprintf(out_hnd, "\n");
+			break;
+		}
+	}
+
+}
+
+/****************************************************************************
+share info container display function
+****************************************************************************/
+void display_srv_share_info_ctr(FILE *out_hnd, enum action_type action,
+				SRV_SHARE_INFO_CTR *ctr)
+{
+	if (ctr == NULL)
+	{
+		fprintf(out_hnd, "display_srv_share_info_ctr: unavailable due to an internal error\n");
+	return;
+	}
+
+	switch (action)
+	{
+		case ACTION_HEADER:
+		{
+			break;
+		}
+		case ACTION_ENUMERATE:
+		{
+			int i;
+
+			for (i = 0; i < ctr->num_entries; i++)
+			{
+				switch (ctr->info_level) {
+				case 1:
+					display_share_info_1(out_hnd, ACTION_HEADER   , &(ctr->share.info1[i]));
+					display_share_info_1(out_hnd, ACTION_ENUMERATE, &(ctr->share.info1[i]));
+					display_share_info_1(out_hnd, ACTION_FOOTER   , &(ctr->share.info1[i]));
+					break;
+				case 2:
+					display_share_info_2(out_hnd, ACTION_HEADER   , &(ctr->share.info2[i]));
+					display_share_info_2(out_hnd, ACTION_ENUMERATE, &(ctr->share.info2[i]));
+					display_share_info_2(out_hnd, ACTION_FOOTER   , &(ctr->share.info2[i]));
+					break;
+				default:
+					fprintf(out_hnd, "display_srv_share_info_ctr: Unknown Info Level\n");
+					break;
+				}
+			}
+			break;
+		}
+		case ACTION_FOOTER:
+		{
+			break;
+		}
+	}
+}
+
+/****************************************************************************
+file info level 3 display function
+****************************************************************************/
+void display_file_info_3(FILE *out_hnd, enum action_type action,
+		FILE_INFO_3 *info3, FILE_INFO_3_STR *str3)
+{
+	if (info3 == NULL || str3 == NULL)
+	{
+		return;
+	}
+
+	switch (action)
+	{
+		case ACTION_HEADER:
+		{
+			fprintf(out_hnd, "File Info Level 3:\n");
+
+			break;
+		}
+		case ACTION_ENUMERATE:
+		{
+			fstring path_name;
+			fstring user_name;
+
+			rpcstr_pull(path_name, str3->uni_path_name.buffer, sizeof(path_name), str3->uni_path_name.uni_str_len*2, 0);
+			rpcstr_pull(user_name, str3->uni_user_name.buffer, sizeof(user_name), str3->uni_user_name.uni_str_len*2, 0);
+
+			fprintf(out_hnd, "\tid       : %d\n", info3->id);
+			fprintf(out_hnd, "\tperms    : %s\n", get_file_mode_str(info3->perms));
+			fprintf(out_hnd, "\tnum_locks: %d\n", info3->num_locks);
+
+			fprintf(out_hnd, "\tpath name: %s\n", path_name);
+			fprintf(out_hnd, "\tuser name: %s\n", user_name);
+
+			break;
+		}
+		case ACTION_FOOTER:
+		{
+			fprintf(out_hnd, "\n");
+			break;
+		}
+	}
+
+}
+
+/****************************************************************************
+file info level 3 container display function
+****************************************************************************/
+void display_srv_file_info_3_ctr(FILE *out_hnd, enum action_type action,
+				SRV_FILE_INFO_3 *ctr)
+{
+	if (ctr == NULL)
+	{
+		fprintf(out_hnd, "display_srv_file_info_3_ctr: unavailable due to an internal error\n");
+		return;
+	}
+
+	switch (action)
+	{
+		case ACTION_HEADER:
+		{
+			break;
+		}
+		case ACTION_ENUMERATE:
+		{
+			int i;
+
+			for (i = 0; i < ctr->num_entries_read; i++)
+			{
+				display_file_info_3(out_hnd, ACTION_HEADER   , &(ctr->info_3[i]), &(ctr->info_3_str[i]));
+				display_file_info_3(out_hnd, ACTION_ENUMERATE, &(ctr->info_3[i]), &(ctr->info_3_str[i]));
+				display_file_info_3(out_hnd, ACTION_FOOTER   , &(ctr->info_3[i]), &(ctr->info_3_str[i]));
+			}
+			break;
+		}
+		case ACTION_FOOTER:
+		{
+			break;
+		}
+	}
+}
+
+/****************************************************************************
+file info container display function
+****************************************************************************/
+void display_srv_file_info_ctr(FILE *out_hnd, enum action_type action,
+				SRV_FILE_INFO_CTR *ctr)
+{
+	if (ctr == NULL || ctr->ptr_file_ctr == 0)
+	{
+		fprintf(out_hnd, "display_srv_file_info_ctr: unavailable due to an internal error\n");
+		return;
+	}
+
+	switch (ctr->switch_value)
+	{
+		case 3:
+		{
+			display_srv_file_info_3_ctr(out_hnd, action,
+			                   &(ctr->file.info3));
+			break;
+		}
+		default:
+		{
+			fprintf(out_hnd, "display_srv_file_info_ctr: Unknown Info Level\n");
+			break;
+		}
+	}
+}
+
+/****************************************************************************
+ print browse connection on a host
+ ****************************************************************************/
+void display_server(FILE *out_hnd, enum action_type action,
+				char *sname, uint32 type, char *comment)
+{
+	switch (action)
+	{
+		case ACTION_HEADER:
+		{
+			break;
+		}
+		case ACTION_ENUMERATE:
+		{
+			fprintf(out_hnd, "\t%-15.15s%-20s %s\n",
+			                 sname, get_server_type_str(type), comment);
+			break;
+		}
+		case ACTION_FOOTER:
+		{
+			break;
+		}
+	}
+}
+
+/****************************************************************************
+print shares on a host
+****************************************************************************/
+void display_share(FILE *out_hnd, enum action_type action,
+				char *sname, uint32 type, char *comment)
+{
+	switch (action)
+	{
+		case ACTION_HEADER:
+		{
+			break;
+		}
+		case ACTION_ENUMERATE:
+		{
+			fprintf(out_hnd, "\t%-15.15s%-10.10s%s\n",
+			                 sname, get_share_type_str(type), comment);
+			break;
+		}
+		case ACTION_FOOTER:
+		{
+			break;
+		}
+	}
+}
+
+
+/****************************************************************************
+print shares on a host, level 2
+****************************************************************************/
+void display_share2(FILE *out_hnd, enum action_type action,
+				char *sname, uint32 type, char *comment,
+				uint32 perms, uint32 max_uses, uint32 num_uses,
+				char *path, char *passwd)
+{
+	switch (action)
+	{
+		case ACTION_HEADER:
+		{
+			break;
+		}
+		case ACTION_ENUMERATE:
+		{
+			fprintf(out_hnd, "\t%-15.15s%-10.10s%s %x %x %x %s %s\n",
+			                 sname, get_share_type_str(type), comment,
+			                 perms, max_uses, num_uses, path, passwd);
+			break;
+		}
+		case ACTION_FOOTER:
+		{
+			break;
+		}
+	}
+}
+
+
+/****************************************************************************
+print name info
+****************************************************************************/
+void display_name(FILE *out_hnd, enum action_type action,
+				char *sname)
+{
+	switch (action)
+	{
+		case ACTION_HEADER:
+		{
+			break;
+		}
+		case ACTION_ENUMERATE:
+		{
+			fprintf(out_hnd, "\t%-21.21s\n", sname);
+			break;
+		}
+		case ACTION_FOOTER:
+		{
+			break;
+		}
+	}
+}
+
+
+/****************************************************************************
+ display group rid info
+ ****************************************************************************/
+void display_group_rid_info(FILE *out_hnd, enum action_type action,
+				uint32 num_gids, DOM_GID *gid)
+{
+	switch (action)
+	{
+		case ACTION_HEADER:
+		{
+			if (num_gids == 0)
+			{
+				fprintf(out_hnd, "\tNo Groups\n");
+			}
+			else
+			{
+				fprintf(out_hnd, "\tGroup Info\n");
+				fprintf(out_hnd, "\t----------\n");
+			}
+			break;
+		}
+		case ACTION_ENUMERATE:
+		{
+			int i;
+
+			for (i = 0; i < num_gids; i++)
+			{
+				fprintf(out_hnd, "\tGroup RID: %8x attr: %x\n",
+								  gid[i].g_rid, gid[i].attr);
+			}
+
+			break;
+		}
+		case ACTION_FOOTER:
+		{
+			fprintf(out_hnd, "\n");
+			break;
+		}
+	}
+}
+
+
+/****************************************************************************
+ display alias name info
+ ****************************************************************************/
+void display_alias_name_info(FILE *out_hnd, enum action_type action,
+				uint32 num_aliases, fstring *alias_name, uint32 *num_als_usrs)
+{
+	switch (action)
+	{
+		case ACTION_HEADER:
+		{
+			if (num_aliases == 0)
+			{
+				fprintf(out_hnd, "\tNo Aliases\n");
+			}
+			else
+			{
+				fprintf(out_hnd, "\tAlias Names\n");
+				fprintf(out_hnd, "\t----------- \n");
+			}
+			break;
+		}
+		case ACTION_ENUMERATE:
+		{
+			int i;
+
+			for (i = 0; i < num_aliases; i++)
+			{
+				fprintf(out_hnd, "\tAlias Name: %s Attributes: %3d\n",
+								  alias_name[i], num_als_usrs[i]);
+			}
+
+			break;
+		}
+		case ACTION_FOOTER:
+		{
+			fprintf(out_hnd, "\n");
+			break;
+		}
+	}
+}
+
+
+/****************************************************************************
+ display sam_user_info_21 structure
+ ****************************************************************************/
+void display_sam_user_info_21(FILE *out_hnd, enum action_type action, SAM_USER_INFO_21 *usr)
+{
+	switch (action)
+	{
+		case ACTION_HEADER:
+		{
+			fprintf(out_hnd, "\tUser Info, Level 0x15\n");
+			fprintf(out_hnd, "\t---------------------\n");
+
+			break;
+		}
+		case ACTION_ENUMERATE:
+		{
+			pstring tmp;
+			rpcstr_pull(tmp, usr->uni_user_name.buffer, sizeof(tmp),usr->uni_user_name.uni_str_len*2, 0);
+			fprintf(out_hnd, "\t\tUser Name   : %s\n", tmp); /* username unicode string */
+			rpcstr_pull(tmp, usr->uni_full_name.buffer, sizeof(tmp),usr->uni_full_name.uni_str_len*2, 0);
+			fprintf(out_hnd, "\t\tFull Name   : %s\n", tmp); /* user's full name unicode string */
+			rpcstr_pull(tmp, usr->uni_home_dir.buffer, sizeof(tmp),usr->uni_home_dir.uni_str_len*2, 0);
+			fprintf(out_hnd, "\t\tHome Drive  : %s\n", tmp); /* home directory unicode string */
+			rpcstr_pull(tmp, usr->uni_dir_drive.buffer, sizeof(tmp),usr->uni_dir_drive.uni_str_len*2, 0);
+			fprintf(out_hnd, "\t\tDir Drive   : %s\n", tmp); /* home directory drive unicode string */
+			rpcstr_pull(tmp, usr->uni_profile_path.buffer, sizeof(tmp),usr->uni_profile_path.uni_str_len*2, 0);
+			fprintf(out_hnd, "\t\tProfile Path: %s\n", tmp); /* profile path unicode string */
+			rpcstr_pull(tmp, usr->uni_logon_script.buffer, sizeof(tmp),usr->uni_logon_script.uni_str_len*2, 0);
+			fprintf(out_hnd, "\t\tLogon Script: %s\n", tmp); /* logon script unicode string */
+			rpcstr_pull(tmp, usr->uni_acct_desc.buffer, sizeof(tmp),usr->uni_acct_desc.uni_str_len*2, 0);
+			fprintf(out_hnd, "\t\tDescription : %s\n", tmp); /* user description unicode string */
+			rpcstr_pull(tmp, usr->uni_workstations.buffer, sizeof(tmp),usr->uni_workstations.uni_str_len*2, 0);
+			fprintf(out_hnd, "\t\tWorkstations: %s\n", tmp); /* workstaions unicode string */
+			rpcstr_pull(tmp, usr->uni_unknows_str.buffer, sizeof(tmp),usr->uni_unknown_str.uni_str_len*2, 0);
+			fprintf(out_hnd, "\t\tUnknown Str : %s\n", tmp); /* unknown string unicode string */
+			rpcstr_pull(tmp, usr->uni_munged_dial.buffer, sizeof(tmp),usr->uni_munged_dial.uni_str_len*2, 0);
+			fprintf(out_hnd, "\t\tRemote Dial : %s\n", tmp); /* munged remote access unicode string */
+
+			fprintf(out_hnd, "\t\tLogon Time               : %s\n", http_timestring(nt_time_to_unix(&(usr->logon_time           ))));
+			fprintf(out_hnd, "\t\tLogoff Time              : %s\n", http_timestring(nt_time_to_unix(&(usr->logoff_time          ))));
+			fprintf(out_hnd, "\t\tKickoff Time             : %s\n", http_timestring(nt_time_to_unix(&(usr->kickoff_time         ))));
+			fprintf(out_hnd, "\t\tPassword last set Time   : %s\n", http_timestring(nt_time_to_unix(&(usr->pass_last_set_time   ))));
+			fprintf(out_hnd, "\t\tPassword can change Time : %s\n", http_timestring(nt_time_to_unix(&(usr->pass_can_change_time ))));
+			fprintf(out_hnd, "\t\tPassword must change Time: %s\n", http_timestring(nt_time_to_unix(&(usr->pass_must_change_time))));
+			
+			fprintf(out_hnd, "\t\tunknown_2[0..31]...\n"); /* user passwords? */
+
+			fprintf(out_hnd, "\t\tuser_rid : %x\n"  , usr->user_rid ); /* User ID */
+			fprintf(out_hnd, "\t\tgroup_rid: %x\n"  , usr->group_rid); /* Group ID */
+			fprintf(out_hnd, "\t\tacb_info : %04x\n", usr->acb_info ); /* Account Control Info */
+
+			fprintf(out_hnd, "\t\tunknown_3: %08x\n", usr->unknown_3); /* 0x00ff ffff */
+			fprintf(out_hnd, "\t\tlogon_divs: %d\n", usr->logon_divs); /* 0x0000 00a8 which is 168 which is num hrs in a week */
+			fprintf(out_hnd, "\t\tunknown_5: %08x\n", usr->unknown_5); /* 0x0002 0000 */
+
+			fprintf(out_hnd, "\t\tpadding1[0..7]...\n");
+
+			if (usr->ptr_logon_hrs)
+			{
+				fprintf(out_hnd, "\t\tlogon_hrs[0..%d]...\n", usr->logon_hrs.len);
+			}
+
+			break;
+		}
+		case ACTION_FOOTER:
+		{
+			fprintf(out_hnd, "\n");
+			break;
+		}
+	}
+}
+
+
+/****************************************************************************
+convert a security permissions into a string
+****************************************************************************/
+char *get_sec_mask_str(uint32 type)
+{
+	static fstring typestr;
+	int i;
+
+	switch (type)
+	{
+		case SEC_RIGHTS_FULL_CONTROL:
+		{
+			fstrcpy(typestr, "Full Control");
+			return typestr;
+		}
+
+		case SEC_RIGHTS_READ:
+		{
+			fstrcpy(typestr, "Read");
+			return typestr;
+		}
+		default:
+		{
+			break;
+		}
+	}
+
+	typestr[0] = 0;
+	for (i = 0; i < 32; i++)
+	{
+		if (type & (1 << i))
+		{
+			switch (((unsigned)1) << i)
+			{
+				case SEC_RIGHTS_QUERY_VALUE    : fstrcat(typestr, "Query " ); break;
+				case SEC_RIGHTS_SET_VALUE      : fstrcat(typestr, "Set " ); break;
+				case SEC_RIGHTS_CREATE_SUBKEY  : fstrcat(typestr, "Create "); break;
+				case SEC_RIGHTS_ENUM_SUBKEYS   : fstrcat(typestr, "Enum "); break;
+				case SEC_RIGHTS_NOTIFY         : fstrcat(typestr, "Notify "); break;
+				case SEC_RIGHTS_CREATE_LINK    : fstrcat(typestr, "CreateLink "); break;
+				case SEC_RIGHTS_DELETE         : fstrcat(typestr, "Delete "); break;
+				case SEC_RIGHTS_READ_CONTROL   : fstrcat(typestr, "ReadControl "); break;
+				case SEC_RIGHTS_WRITE_DAC      : fstrcat(typestr, "WriteDAC "); break;
+				case SEC_RIGHTS_WRITE_OWNER    : fstrcat(typestr, "WriteOwner "); break;
+			}
+			type &= ~(1 << i);
+		}
+	}
+
+	/* remaining bits get added on as-is */
+	if (type != 0)
+	{
+		fstring tmp;
+		slprintf(tmp, sizeof(tmp)-1, "[%08x]", type);
+		fstrcat(typestr, tmp);
+	}
+
+	/* remove last space */
+	i = strlen(typestr)-1;
+	if (typestr[i] == ' ') typestr[i] = 0;
+
+	return typestr;
+}
+
+/****************************************************************************
+ display sec_access structure
+ ****************************************************************************/
+void display_sec_access(FILE *out_hnd, enum action_type action, SEC_ACCESS *info)
+{
+	switch (action)
+	{
+		case ACTION_HEADER:
+		{
+			break;
+		}
+		case ACTION_ENUMERATE:
+		{
+			fprintf(out_hnd, "\t\tPermissions: %s\n",
+			        get_sec_mask_str(info->mask));
+		}
+		case ACTION_FOOTER:
+		{
+			break;
+		}
+	}
+}
+
+/****************************************************************************
+ display sec_ace structure
+ ****************************************************************************/
+void display_sec_ace(FILE *out_hnd, enum action_type action, SEC_ACE *ace)
+{
+	switch (action)
+	{
+		case ACTION_HEADER:
+		{
+			fprintf(out_hnd, "\tACE\n");
+			break;
+		}
+		case ACTION_ENUMERATE:
+		{
+			fstring sid_str;
+
+			display_sec_access(out_hnd, ACTION_HEADER   , &ace->info);
+			display_sec_access(out_hnd, ACTION_ENUMERATE, &ace->info);
+			display_sec_access(out_hnd, ACTION_FOOTER   , &ace->info);
+
+			sid_to_string(sid_str, &ace->sid);
+			fprintf(out_hnd, "\t\tSID: %s\n", sid_str);
+		}
+		case ACTION_FOOTER:
+		{
+			break;
+		}
+	}
+}
+
+/****************************************************************************
+ display sec_acl structure
+ ****************************************************************************/
+void display_sec_acl(FILE *out_hnd, enum action_type action, SEC_ACL *sec_acl)
+{
+	switch (action)
+	{
+		case ACTION_HEADER:
+		{
+			fprintf(out_hnd, "\tACL\tNum ACEs:\t%d\trevision:\t%x\n",
+			                 sec_acl->num_aces, sec_acl->revision); 
+			fprintf(out_hnd, "\t---\n");
+
+			break;
+		}
+		case ACTION_ENUMERATE:
+		{
+			if (sec_acl->size != 0 && sec_acl->num_aces != 0)
+			{
+				int i;
+				for (i = 0; i < sec_acl->num_aces; i++)
+				{
+					display_sec_ace(out_hnd, ACTION_HEADER   , &sec_acl->ace[i]);
+					display_sec_ace(out_hnd, ACTION_ENUMERATE, &sec_acl->ace[i]);
+					display_sec_ace(out_hnd, ACTION_FOOTER   , &sec_acl->ace[i]);
+				}
+			}
+				
+			break;
+		}
+		case ACTION_FOOTER:
+		{
+			fprintf(out_hnd, "\n");
+			break;
+		}
+	}
+}
+
+/****************************************************************************
+ display sec_desc structure
+ ****************************************************************************/
+void display_sec_desc(FILE *out_hnd, enum action_type action, SEC_DESC *sec)
+{
+	switch (action)
+	{
+		case ACTION_HEADER:
+		{
+			fprintf(out_hnd, "\tSecurity Descriptor\trevision:\t%x\ttype:\t%x\n",
+			                 sec->revision, sec->type); 
+			fprintf(out_hnd, "\t-------------------\n");
+
+			break;
+		}
+		case ACTION_ENUMERATE:
+		{
+			fstring sid_str;
+
+			if (sec->off_sacl != 0)
+			{
+				display_sec_acl(out_hnd, ACTION_HEADER   , sec->sacl);
+				display_sec_acl(out_hnd, ACTION_ENUMERATE, sec->sacl);
+				display_sec_acl(out_hnd, ACTION_FOOTER   , sec->sacl);
+			}
+			if (sec->off_dacl != 0)
+			{
+				display_sec_acl(out_hnd, ACTION_HEADER   , sec->dacl);
+				display_sec_acl(out_hnd, ACTION_ENUMERATE, sec->dacl);
+				display_sec_acl(out_hnd, ACTION_FOOTER   , sec->dacl);
+			}
+			if (sec->off_owner_sid != 0)
+			{
+				sid_to_string(sid_str, sec->owner_sid);
+				fprintf(out_hnd, "\tOwner SID:\t%s\n", sid_str);
+			}
+			if (sec->off_grp_sid != 0)
+			{
+				sid_to_string(sid_str, sec->grp_sid);
+				fprintf(out_hnd, "\tParent SID:\t%s\n", sid_str);
+			}
+				
+			break;
+		}
+		case ACTION_FOOTER:
+		{
+			fprintf(out_hnd, "\n");
+			break;
+		}
+	}
+}
+
+/****************************************************************************
+convert a security permissions into a string
+****************************************************************************/
+char *get_reg_val_type_str(uint32 type)
+{
+	static fstring typestr;
+
+	switch (type)
+	{
+		case 0x01:
+		{
+			fstrcpy(typestr, "string");
+			return typestr;
+		}
+
+		case 0x03:
+		{
+			fstrcpy(typestr, "bytes");
+			return typestr;
+		}
+
+		case 0x04:
+		{
+			fstrcpy(typestr, "uint32");
+			return typestr;
+		}
+
+		case 0x07:
+		{
+			fstrcpy(typestr, "multi");
+			return typestr;
+		}
+		default:
+		{
+			break;
+		}
+	}
+	slprintf(typestr, sizeof(typestr)-1, "[%d]", type);
+	return typestr;
+}
+
+
+static void print_reg_value(FILE *out_hnd, char *val_name, uint32 val_type, BUFFER2 *value)
+{
+	fstring type;
+	pstring	intvalue;
+	fstrcpy(type, get_reg_val_type_str(val_type));
+
+	switch (val_type)
+	{
+		case 0x01: /* unistr */
+		{
+			rpcstr_pull(intvalue, value->buffer, sizeof(intvalue), value->buf_len, 0);	
+			/*fprintf(out_hnd,"\t%s:\t%s:\t%s\n", val_name, type, dos_buffer2_to_str(value));*/
+			fprintf(out_hnd,"\t%s:\t%s:\t%s\n", val_name, type, value);
+			break;
+		}
+
+		default: /* unknown */
+		case 0x03: /* bytes */
+		{
+			if (value->buf_len <= 8)
+			{
+				fprintf(out_hnd,"\t%s:\t%s:\t", val_name, type);
+				out_data(out_hnd, (char*)value->buffer, value->buf_len, 8);
+			}
+			else
+			{
+				fprintf(out_hnd,"\t%s:\t%s:\n", val_name, type);
+				out_data(out_hnd, (char*)value->buffer, value->buf_len, 16);
+			}
+			break;
+		}
+
+		case 0x04: /* uint32 */
+		{
+			fprintf(out_hnd,"\t%s:\t%s: 0x%08x\n", val_name, type, buffer2_to_uint32(value));
+			break;
+		}
+
+		case 0x07: /* multiunistr */
+		{
+			fprintf(out_hnd,"\t%s:\t%s:\t%s\n", val_name, type, dos_buffer2_to_multistr(value));
+			break;
+		}
+	}
+}
+
+/****************************************************************************
+ display structure
+ ****************************************************************************/
+void display_reg_value_info(FILE *out_hnd, enum action_type action,
+				char *val_name, uint32 val_type, BUFFER2 *value)
+{
+	switch (action)
+	{
+		case ACTION_HEADER:
+		{
+			break;
+		}
+		case ACTION_ENUMERATE:
+		{
+			print_reg_value(out_hnd, val_name, val_type, value);
+			break;
+		}
+		case ACTION_FOOTER:
+		{
+			break;
+		}
+	}
+}
+
+/****************************************************************************
+ display structure
+ ****************************************************************************/
+void display_reg_key_info(FILE *out_hnd, enum action_type action,
+				char *key_name, time_t key_mod_time)
+{
+	switch (action)
+	{
+		case ACTION_HEADER:
+		{
+			break;
+		}
+		case ACTION_ENUMERATE:
+		{
+			fprintf(out_hnd, "\t%s\t(%s)\n",
+			        key_name, http_timestring(key_mod_time));
+			break;
+		}
+		case ACTION_FOOTER:
+		{
+			break;
+		}
+	}
+}
+
+#if COPY_THIS_TEMPLATE
+/****************************************************************************
+ display structure
+ ****************************************************************************/
+ void display_(FILE *out_hnd, enum action_type action, *)
+{
+	switch (action)
+	{
+		case ACTION_HEADER:
+		{
+			fprintf(out_hnd, "\t\n"); 
+			fprintf(out_hnd, "\t-------------------\n");
+
+			break;
+		}
+		case ACTION_ENUMERATE:
+		{
+			break;
+		}
+		case ACTION_FOOTER:
+		{
+			fprintf(out_hnd, "\n");
+			break;
+		}
+	}
+}
+
+#endif
diff --git a/source3/rpcclient/display_sec.c b/source3/rpcclient/display_sec.c
new file mode 100644
index 0000000000..37043c5012
--- /dev/null
+++ b/source3/rpcclient/display_sec.c
@@ -0,0 +1,144 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Samba utility functions
+   Copyright (C) Andrew Tridgell 1992-1999
+   Copyright (C) Luke Kenneth Casson Leighton 1996 - 1999
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful, 
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "rpcclient.h"
+
+/****************************************************************************
+convert a security permissions into a string
+****************************************************************************/
+char *get_sec_mask_str(uint32 type)
+{
+	static fstring typestr="";
+
+	typestr[0] = 0;
+
+	if (type & GENERIC_ALL_ACCESS)
+		fstrcat(typestr, "Generic all access ");
+	if (type & GENERIC_EXECUTE_ACCESS)
+		fstrcat(typestr, "Generic execute access ");
+	if (type & GENERIC_WRITE_ACCESS)
+		fstrcat(typestr, "Generic write access ");
+	if (type & GENERIC_READ_ACCESS)
+		fstrcat(typestr, "Generic read access ");
+	if (type & MAXIMUM_ALLOWED_ACCESS)
+		fstrcat(typestr, "MAXIMUM_ALLOWED_ACCESS ");
+	if (type & SYSTEM_SECURITY_ACCESS)
+		fstrcat(typestr, "SYSTEM_SECURITY_ACCESS ");
+	if (type & SYNCHRONIZE_ACCESS)
+		fstrcat(typestr, "SYNCHRONIZE_ACCESS ");
+	if (type & WRITE_OWNER_ACCESS)
+		fstrcat(typestr, "WRITE_OWNER_ACCESS ");
+	if (type & WRITE_DAC_ACCESS)
+		fstrcat(typestr, "WRITE_DAC_ACCESS ");
+	if (type & READ_CONTROL_ACCESS)
+		fstrcat(typestr, "READ_CONTROL_ACCESS ");
+	if (type & DELETE_ACCESS)
+		fstrcat(typestr, "DELETE_ACCESS ");
+
+	printf("\t\tSpecific bits: 0x%lx\n", type&SPECIFIC_RIGHTS_MASK);
+
+	return typestr;
+}
+
+/****************************************************************************
+ display sec_access structure
+ ****************************************************************************/
+void display_sec_access(SEC_ACCESS *info)
+{
+	printf("\t\tPermissions: 0x%x: %s\n", info->mask, get_sec_mask_str(info->mask));
+}
+
+/****************************************************************************
+ display sec_ace structure
+ ****************************************************************************/
+void display_sec_ace(SEC_ACE *ace)
+{
+	fstring sid_str;
+
+	printf("\tACE\n\t\ttype: ");
+	switch (ace->type) {
+		case SEC_ACE_TYPE_ACCESS_ALLOWED:
+			printf("ACCESS ALLOWED");
+			break;
+		case SEC_ACE_TYPE_ACCESS_DENIED:
+			printf("ACCESS DENIED");
+			break;
+		case SEC_ACE_TYPE_SYSTEM_AUDIT:
+			printf("SYSTEM AUDIT");
+			break;
+		case SEC_ACE_TYPE_SYSTEM_ALARM:
+			printf("SYSTEM ALARM");
+			break;
+		default:
+			printf("????");
+			break;
+	}
+	printf(" (%d) flags: %d\n", ace->type, ace->flags);
+	display_sec_access(&ace->info);
+	sid_to_string(sid_str, &ace->trustee);
+	printf("\t\tSID: %s\n\n", sid_str);
+}
+
+/****************************************************************************
+ display sec_acl structure
+ ****************************************************************************/
+void display_sec_acl(SEC_ACL *sec_acl)
+{
+	int i;
+
+	printf("\tACL\tNum ACEs:\t%d\trevision:\t%x\n",
+			 sec_acl->num_aces, sec_acl->revision); 
+	printf("\t---\n");
+
+	if (sec_acl->size != 0 && sec_acl->num_aces != 0)
+		for (i = 0; i < sec_acl->num_aces; i++)
+			display_sec_ace(&sec_acl->ace[i]);
+				
+}
+
+/****************************************************************************
+ display sec_desc structure
+ ****************************************************************************/
+void display_sec_desc(SEC_DESC *sec)
+{
+	fstring sid_str;
+
+	if (sec->sacl) {
+		printf("SACL\n");
+		display_sec_acl(sec->sacl);
+	}
+
+	if (sec->dacl) {
+		printf("DACL\n");
+		display_sec_acl(sec->dacl);
+	}
+
+	if (sec->owner_sid) {
+		sid_to_string(sid_str, sec->owner_sid);
+		printf("\tOwner SID:\t%s\n", sid_str);
+	}
+
+	if (sec->grp_sid) {
+		sid_to_string(sid_str, sec->grp_sid);
+		printf("\tParent SID:\t%s\n", sid_str);
+	}
+}
diff --git a/source3/rpcclient/display_spool.c b/source3/rpcclient/display_spool.c
new file mode 100644
index 0000000000..b4baf570f1
--- /dev/null
+++ b/source3/rpcclient/display_spool.c
@@ -0,0 +1,927 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Samba utility functions
+   Copyright (C) Andrew Tridgell 1992-1999
+   Copyright (C) Luke Kenneth Casson Leighton 1996 - 1999
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful, 
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/****************************************************************************
+printer info level 0 display function
+****************************************************************************/
+static void display_print_info_0(FILE *out_hnd, PRINTER_INFO_0 *i1)
+{
+	fstring name;
+	fstring server;
+	if (i1 == NULL)
+		return;
+
+	rpcstr_pull(name, i1->printername.buffer, sizeof(name), 0, STR_TERMINATE);
+	rpcstr_pull(server, i1->servername.buffer, sizeof(server), 0, STR_TERMINATE);
+
+	report(out_hnd, "\tprintername:[%s]\n", name);
+	report(out_hnd, "\tservername:[%s]\n", server);
+	report(out_hnd, "\tcjobs:[%x]\n", i1->cjobs);
+	report(out_hnd, "\ttotal_jobs:[%x]\n", i1->total_jobs);
+	
+	report(out_hnd, "\t:date: [%d]-[%d]-[%d] (%d)\n", i1->year, i1->month, i1->day, i1->dayofweek);
+	report(out_hnd, "\t:time: [%d]-[%d]-[%d]-[%d]\n", i1->hour, i1->minute, i1->second, i1->milliseconds);
+	
+	report(out_hnd, "\tglobal_counter:[%x]\n", i1->global_counter);
+	report(out_hnd, "\ttotal_pages:[%x]\n", i1->total_pages);
+	
+	report(out_hnd, "\tmajorversion:[%x]\n", i1->major_version);
+	report(out_hnd, "\tbuildversion:[%x]\n", i1->build_version);
+	
+	report(out_hnd, "\tunknown7:[%x]\n", i1->unknown7);
+	report(out_hnd, "\tunknown8:[%x]\n", i1->unknown8);
+	report(out_hnd, "\tunknown9:[%x]\n", i1->unknown9);
+	report(out_hnd, "\tsession_counter:[%x]\n", i1->session_counter);
+	report(out_hnd, "\tunknown11:[%x]\n", i1->unknown11);
+	report(out_hnd, "\tprinter_errors:[%x]\n", i1->printer_errors);
+	report(out_hnd, "\tunknown13:[%x]\n", i1->unknown13);
+	report(out_hnd, "\tunknown14:[%x]\n", i1->unknown14);
+	report(out_hnd, "\tunknown15:[%x]\n", i1->unknown15);
+	report(out_hnd, "\tunknown16:[%x]\n", i1->unknown16);
+	report(out_hnd, "\tchange_id:[%x]\n", i1->change_id);
+	report(out_hnd, "\tunknown18:[%x]\n", i1->unknown18);
+	report(out_hnd, "\tstatus:[%x]\n", i1->status);
+	report(out_hnd, "\tunknown20:[%x]\n", i1->unknown20);
+	report(out_hnd, "\tc_setprinter:[%x]\n", i1->c_setprinter);
+	report(out_hnd, "\tunknown22:[%x]\n", i1->unknown22);
+	report(out_hnd, "\tunknown23:[%x]\n", i1->unknown23);
+	report(out_hnd, "\tunknown24:[%x]\n", i1->unknown24);
+	report(out_hnd, "\tunknown25:[%x]\n", i1->unknown25);
+	report(out_hnd, "\tunknown26:[%x]\n", i1->unknown26);
+	report(out_hnd, "\tunknown27:[%x]\n", i1->unknown27);
+	report(out_hnd, "\tunknown28:[%x]\n", i1->unknown28);
+	report(out_hnd, "\tunknown29:[%x]\n", i1->unknown29);
+}
+
+/****************************************************************************
+printer info level 1 display function
+****************************************************************************/
+static void display_print_info_1(FILE *out_hnd, PRINTER_INFO_1 *i1)
+{
+	fstring desc;
+	fstring name;
+	fstring comm;
+	if (i1 == NULL)
+		return;
+
+	rpcstr_pull(name, i1->name.buffer, sizeof(name), 0, STR_TERMINATE);
+	rpcstr_pull(desc, i1->description.buffer, sizeof(desc), 0, STR_TERMINATE);
+	rpcstr_pull(comm, i1->comment.buffer, sizeof(comm), 0, STR_TERMINATE);
+
+	report(out_hnd, "\tflags:[%x]\n", i1->flags);
+	report(out_hnd, "\tname:[%s]\n", name);
+	report(out_hnd, "\tdescription:[%s]\n", desc);
+	report(out_hnd, "\tcomment:[%s]\n\n", comm);
+}
+
+/****************************************************************************
+printer info level 2 display function
+****************************************************************************/
+static void display_print_info_2(FILE *out_hnd, PRINTER_INFO_2 *i2)
+{
+	fstring servername;
+	fstring printername;
+	fstring sharename;
+	fstring portname;
+	fstring drivername;
+	fstring comment;
+	fstring location;
+	fstring sepfile;
+	fstring printprocessor;
+	fstring datatype;
+	fstring parameters;
+	
+	if (i2 == NULL)
+		return;
+
+	rpcstr_pull(servername, i2->servername.buffer,sizeof(servername), 0, STR_TERMINATE);
+	rpcstr_pull(printername, i2->printername.buffer,sizeof(printername), 0, STR_TERMINATE);
+	rpcstr_pull(sharename, i2->sharename.buffer,sizeof(sharename), 0, STR_TERMINATE);
+	rpcstr_pull(portname, i2->portname.buffer,sizeof(portname), 0, STR_TERMINATE);
+	rpcstr_pull(drivername, i2->drivername.buffer,sizeof(drivername), 0, STR_TERMINATE);
+	rpcstr_pull(comment, i2->comment.buffer,sizeof(comment), 0, STR_TERMINATE);
+	rpcstr_pull(location, i2->location.buffer,sizeof(location), 0, STR_TERMINATE);
+	rpcstr_pull(sepfile, i2->sepfile.buffer,sizeof(sepfile), 0, STR_TERMINATE);
+	rpcstr_pull(printprocessor, i2->printprocessor.buffer,sizeof(printprocessor), 0, STR_TERMINATE);
+	rpcstr_pull(datatype, i2->datatype.buffer,sizeof(datatype), 0, STR_TERMINATE);
+	rpcstr_pull(parameters, i2->parameters.buffer,sizeof(parameters), 0, STR_TERMINATE);
+	
+	report(out_hnd, "\tservername:[%s]\n", servername);
+	report(out_hnd, "\tprintername:[%s]\n", printername);
+	report(out_hnd, "\tsharename:[%s]\n", sharename);
+	report(out_hnd, "\tportname:[%s]\n", portname);
+	report(out_hnd, "\tdrivername:[%s]\n", drivername);
+	report(out_hnd, "\tcomment:[%s]\n", comment);
+	report(out_hnd, "\tlocation:[%s]\n", location);
+	report(out_hnd, "\tsepfile:[%s]\n", sepfile);
+	report(out_hnd, "\tprintprocessor:[%s]\n", printprocessor);
+	report(out_hnd, "\tdatatype:[%s]\n", datatype);
+	report(out_hnd, "\tparameters:[%s]\n", parameters);
+	report(out_hnd, "\tattributes:[%x]\n", i2->attributes);
+	report(out_hnd, "\tpriority:[%x]\n", i2->priority);
+	report(out_hnd, "\tdefaultpriority:[%x]\n", i2->defaultpriority);
+	report(out_hnd, "\tstarttime:[%x]\n", i2->starttime);
+	report(out_hnd, "\tuntiltime:[%x]\n", i2->untiltime);
+	report(out_hnd, "\tstatus:[%x]\n", i2->status);
+	report(out_hnd, "\tcjobs:[%x]\n", i2->cjobs);
+	report(out_hnd, "\taverageppm:[%x]\n\n", i2->averageppm);
+
+	if (i2->secdesc != NULL)
+	{
+		display_sec_desc(out_hnd, ACTION_HEADER   , i2->secdesc);
+		display_sec_desc(out_hnd, ACTION_ENUMERATE, i2->secdesc);
+		display_sec_desc(out_hnd, ACTION_FOOTER   , i2->secdesc);
+	}
+}
+
+/****************************************************************************
+printer info level 3 display function
+****************************************************************************/
+static void display_print_info_3(FILE *out_hnd, PRINTER_INFO_3 *i3)
+{
+	if (i3 == NULL)
+		return;
+
+	report(out_hnd, "\tflags:[%x]\n", i3->flags);
+
+	display_sec_desc(out_hnd, ACTION_HEADER   , i3->secdesc);
+	display_sec_desc(out_hnd, ACTION_ENUMERATE, i3->secdesc);
+	display_sec_desc(out_hnd, ACTION_FOOTER   , i3->secdesc);
+}
+
+/****************************************************************************
+connection info level 0 container display function
+****************************************************************************/
+static void display_printer_info_0_ctr(FILE *out_hnd, enum action_type action, uint32 count,  PRINTER_INFO_CTR ctr)
+{
+	int i;
+	PRINTER_INFO_0 *in;
+
+	switch (action)
+	{
+		case ACTION_HEADER:
+			report(out_hnd, "Printer Info Level 0:\n");
+			break;
+		case ACTION_ENUMERATE:
+			for (i = 0; i < count; i++) {
+				in=ctr.printers_0;
+				display_print_info_0(out_hnd, &(in[i]) );
+			}
+			break;
+		case ACTION_FOOTER:
+			report(out_hnd, "\n");
+			break;
+	}
+}
+
+/****************************************************************************
+connection info level 1 container display function
+****************************************************************************/
+static void display_printer_info_1_ctr(FILE *out_hnd, enum action_type action, uint32 count,  PRINTER_INFO_CTR ctr)
+{
+	int i;
+	PRINTER_INFO_1 *in;
+
+	switch (action)
+	{
+		case ACTION_HEADER:
+			report(out_hnd, "Printer Info Level 1:\n");
+			break;
+		case ACTION_ENUMERATE:
+			for (i = 0; i < count; i++) {
+				in=ctr.printers_1;
+				display_print_info_1(out_hnd, &(in[i]) );
+			}
+			break;
+		case ACTION_FOOTER:
+			report(out_hnd, "\n");
+			break;
+	}
+}
+
+/****************************************************************************
+connection info level 2 container display function
+****************************************************************************/
+static void display_printer_info_2_ctr(FILE *out_hnd, enum action_type action, uint32 count,  PRINTER_INFO_CTR ctr)
+{
+	int i;
+	PRINTER_INFO_2 *in;
+
+	switch (action)
+	{
+		case ACTION_HEADER:
+			report(out_hnd, "Printer Info Level 2:\n");
+			break;
+		case ACTION_ENUMERATE:
+			for (i = 0; i < count; i++) {
+				in=ctr.printers_2;
+				display_print_info_2(out_hnd, &(in[i]) );
+			}
+			break;
+		case ACTION_FOOTER:
+			report(out_hnd, "\n");
+			break;
+	}
+}
+
+/****************************************************************************
+connection info level 3 container display function
+****************************************************************************/
+static void display_printer_info_3_ctr(FILE *out_hnd, enum action_type action, uint32 count,  PRINTER_INFO_CTR ctr)
+{
+	int i;
+	PRINTER_INFO_3 *in;
+
+	switch (action)
+	{
+		case ACTION_HEADER:
+			report(out_hnd, "Printer Info Level 3:\n");
+			break;
+		case ACTION_ENUMERATE:
+			for (i = 0; i < count; i++) {
+				in=ctr.printers_3;
+				display_print_info_3(out_hnd, &(in[i]) );
+			}
+			break;
+		case ACTION_FOOTER:
+			report(out_hnd, "\n");
+			break;
+	}
+}
+
+/****************************************************************************
+connection info container display function
+****************************************************************************/
+void display_printer_info_ctr(FILE *out_hnd, enum action_type action, uint32 level,
+				uint32 count, PRINTER_INFO_CTR ctr)
+{
+	switch (level) {
+		case 0:
+			display_printer_info_0_ctr(out_hnd, action, count, ctr);
+			break;
+		case 1:
+			display_printer_info_1_ctr(out_hnd, action, count, ctr);
+			break;
+		case 2:
+			display_printer_info_2_ctr(out_hnd, action, count, ctr);
+			break;
+		case 3:
+			display_printer_info_3_ctr(out_hnd, action, count, ctr);
+			break;
+		default:
+			report(out_hnd, "display_printer_info_ctr: Unknown Info Level\n");
+			break;
+	}
+}
+
+/****************************************************************************
+connection info level 3 container display function
+****************************************************************************/
+static void display_port_info_1_ctr(FILE *out_hnd, enum action_type action, 
+				    uint32 count,  PORT_INFO_CTR *ctr)
+{
+	uint32	i = 0;
+	switch (action)
+	{
+		case ACTION_HEADER:
+			report(out_hnd, "Port Info Level 1:\n");
+			break;
+		case ACTION_ENUMERATE:
+			for (i=0; i<count; i++)
+				display_port_info_1(out_hnd, action, &ctr->port.info_1[i]);
+			break;
+		case ACTION_FOOTER:
+			report(out_hnd, "\n");
+			break;
+	}
+}
+
+/****************************************************************************
+connection info level 3 container display function
+****************************************************************************/
+static void display_port_info_2_ctr(FILE *out_hnd, enum action_type action, 
+				    uint32 count,  PORT_INFO_CTR *ctr)
+{
+	uint32	i = 0;
+	switch (action)
+	{
+		case ACTION_HEADER:
+			report(out_hnd, "Port Info Level 2:\n");
+			break;
+		case ACTION_ENUMERATE:
+			for (i=0; i<count; i++)
+				display_port_info_2(out_hnd, action, &ctr->port.info_2[i]);
+			break;
+		case ACTION_FOOTER:
+			report(out_hnd, "\n");
+			break;
+	}
+}
+
+/****************************************************************************
+connection info container display function
+****************************************************************************/
+void display_port_info_ctr(FILE *out_hnd, enum action_type action, uint32 level,
+				uint32 count, PORT_INFO_CTR *ctr)
+{
+	switch (level) {
+		case 1:
+			display_port_info_1_ctr(out_hnd, action, count, ctr);
+			break;
+		case 2:
+			display_port_info_2_ctr(out_hnd, action, count, ctr);
+			break;
+		default:
+			report(out_hnd, "display_port_info_ctr: Unknown Info Level\n");
+			break;
+	}
+}
+
+/****************************************************************************
+connection info container display function
+****************************************************************************/
+void display_port_info_1(FILE *out_hnd, enum action_type action, PORT_INFO_1 *i1)
+{
+	fstring buffer;
+	
+	switch (action)
+	{
+		case ACTION_HEADER:
+			report(out_hnd, "Port:\n");
+			break;
+		case ACTION_ENUMERATE:
+			rpcstr_pull(buffer, i1->port_name.buffer, sizeof(bufferi), 0, STR_TERMINATE);
+			fprintf (out_hnd, "\tPort Name:\t[%s]\n\n", buffer);
+			break;
+		case ACTION_FOOTER:
+			report(out_hnd, "\n");
+			break;
+	}
+}
+
+/****************************************************************************
+connection info container display function
+****************************************************************************/
+void display_port_info_2(FILE *out_hnd, enum action_type action, PORT_INFO_2 *i2)
+{
+	fstring buffer;
+	
+	switch (action)
+	{
+		case ACTION_HEADER:
+			report(out_hnd, "Port:\n");
+			break;
+		case ACTION_ENUMERATE:
+			rpcstr_pull(buffer, i2->port_name.buffer, sizeof(buffer), 0, STR_TERMINATE);
+			fprintf (out_hnd, "\tPort Name:\t[%s]\n", buffer);
+			rpcstr_pull(buffer, i2->monitor_name.buffer, sizeof(buffer), 0, STR_TERMINATE);
+
+			fprintf (out_hnd, "\tMonitor Name:\t[%s]\n", buffer);
+			rpcstr_pull(buffer, i2->description.buffer, sizeof(buffer), 0, STR_TERMINATE);
+			fprintf (out_hnd, "\tDescription:\t[%s]\n", buffer);
+			fprintf (out_hnd, "\tPort Type:\t[%d]\n", i2->port_type);
+			fprintf (out_hnd, "\tReserved:\t[%d]\n", i2->reserved);
+			fprintf (out_hnd, "\n");
+			break;
+		case ACTION_FOOTER:
+			report(out_hnd, "\n");
+			break;
+	}
+}
+
+/****************************************************************************
+connection info container display function
+****************************************************************************/
+void display_printer_enumdata(FILE *out_hnd, enum action_type action, uint32 idx, 
+				uint32 valuelen, uint16 *value, uint32 rvaluelen,
+				uint32 type, 
+				uint32 datalen, uint8 *data, uint32 rdatalen)
+{
+	fstring buffer;
+	
+	switch (action)
+	{
+		case ACTION_HEADER:
+			report(out_hnd, "Printer enum data:\n");
+			report(out_hnd, "index\tvaluelen\tvalue\t\trvaluelen");
+			report(out_hnd, "\ttype\tdatalen\tdata\trdatalen\n");
+			break;
+		case ACTION_ENUMERATE:
+			report(out_hnd, "[%d]", idx);
+			report(out_hnd, "\t[%d]", valuelen);
+			rpcstr_pull(buffer, value, sizeof(buffer), 0, STR_TERMINATE);
+			report(out_hnd, "\t[%s]", buffer);
+			report(out_hnd, "\t[%d]", rvaluelen);
+			report(out_hnd, "\t\t[%d]", type);
+			report(out_hnd, "\t[%d]", datalen);
+/*			report(out_hnd, "\t[%s]", data);*/
+			report(out_hnd, "\t[%d]\n", rdatalen);
+			break;
+		case ACTION_FOOTER:
+			report(out_hnd, "\n");
+			break;
+	}
+}
+
+/****************************************************************************
+job info level 2 display function
+****************************************************************************/
+void display_job_info_2(FILE *out_hnd, enum action_type action, 
+		JOB_INFO_2 *const i2)
+{
+	if (i2 == NULL)
+	{
+		return;
+	}
+
+	switch (action)
+	{
+		case ACTION_HEADER:
+		{
+			report(out_hnd, "Job Info Level 2:\n");
+
+			break;
+		}
+		case ACTION_ENUMERATE:
+		{
+			fstring tmp;
+
+			report(out_hnd, "\tjob id:\t%d\n", i2->jobid);
+			rpcstr_pull(tmp, i2->printername.buffer, sizeof(tmp), 0, STR_TERMINATE);
+			report(out_hnd, "\tprinter name:\t%s\n", tmp);
+			rpcstr_pull(tmp, i2->machinename.buffer, sizeof(tmp), 0, STR_TERMINATE);
+			report(out_hnd, "\tmachine name:\t%s\n", tmp);
+			rpcstr_pull(tmp, i2->username.buffer, sizeof(tmp), 0, STR_TERMINATE);
+			report(out_hnd, "\tusername:\t%s\n", tmp);
+			rpcstr_pull(tmp, i2->document.buffer, sizeof(tmp), 0, STR_TERMINATE);
+			report(out_hnd, "\tdocument:\t%s\n", tmp);
+			rpcstr_pull(tmp, i2->notifyname.buffer, sizeof(tmp), 0, STR_TERMINATE);
+			report(out_hnd, "\tnotify name:\t%s\n", tmp);
+			rpcstr_pull(tmp, i2->datatype.buffer, sizeof(tmp), 0, STR_TERMINATE);
+			report(out_hnd, "\tdata type:\t%s\n", tmp);
+			rpcstr_pull(tmp, i2->printprocessor.buffer, sizeof(tmp), 0, STR_TERMINATE);
+			report(out_hnd, "\tprint processor:\t%s\n", tmp);
+			rpcstr_pull(tmp, i2->parameters.buffer, sizeof(tmp), 0, STR_TERMINATE);
+			report(out_hnd, "\tparameters:\t%s\n", tmp);
+			rpcstr_pull(tmp, i2->drivername.buffer, sizeof(tmp), 0, STR_TERMINATE);
+			report(out_hnd, "\tdriver name:\t%s\n", tmp);
+			report(out_hnd, "\tDevice Mode:\tNOT DISPLAYED YET\n");
+
+			rpcstr_pull(tmp, i2->text_status.buffer, sizeof(tmp), 0, STR_TERMINATE);
+			report(out_hnd, "\ttext status:\t%s\n", tmp);
+		/*	SEC_DESC sec_desc;*/
+			report(out_hnd, "\tstatus:\t%d\n", i2->status);
+			report(out_hnd, "\tpriority:\t%d\n", i2->priority);
+			report(out_hnd, "\tposition:\t%d\n", i2->position);
+			report(out_hnd, "\tstarttime:\t%d\n", i2->starttime);
+			report(out_hnd, "\tuntiltime:\t%d\n", i2->untiltime);
+			report(out_hnd, "\ttotalpages:\t%d\n", i2->totalpages);
+			report(out_hnd, "\tsize:\t%d\n", i2->size);
+/*
+			SYSTEMTIME submitted;
+*/
+			report(out_hnd, "\tsubmitted:\tNOT DISPLAYED YET\n");
+			report(out_hnd, "\ttimeelapsed:\t%d\n", i2->timeelapsed);
+			report(out_hnd, "\tpagesprinted:\t%d\n", i2->pagesprinted);
+		}
+		case ACTION_FOOTER:
+		{
+			report(out_hnd, "\n");
+			break;
+		}
+	}
+
+}
+
+/****************************************************************************
+job info level 1 display function
+****************************************************************************/
+void display_job_info_1(FILE *out_hnd, enum action_type action, 
+		JOB_INFO_1 *const i1)
+{
+	if (i1 == NULL)
+	{
+		return;
+	}
+
+	switch (action)
+	{
+		case ACTION_HEADER:
+		{
+			report(out_hnd, "Job Info Level 1:\n");
+
+			break;
+		}
+		case ACTION_ENUMERATE:
+		{
+			fstring tmp;
+
+			report(out_hnd, "\tjob id:\t%d\n", i1->jobid);
+			rpcstr_pull(tmp, i1->printername.buffer, sizeof(tmp), 0, STR_TERMINATE);
+			report(out_hnd, "\tprinter name:\t%s\n", tmp);
+			rpcstr_pull(tmp, i1->machinename.buffer, sizeof(tmp), 0, STR_TERMINATE);
+			report(out_hnd, "\tmachine name:\t%s\n", tmp);
+			rpcstr_pull(tmp, i1->username.buffer, sizeof(tmp), 0, STR_TERMINATE);
+			report(out_hnd, "\tusername:\t%s\n", tmp);
+			rpcstr_pull(tmp, i1->document.buffer, sizeof(tmp), 0, STR_TERMINATE);
+			report(out_hnd, "\tdocument:\t%s\n", tmp);
+			rpcstr_pull(tmp, i1->datatype.buffer, sizeof(tmp), 0, STR_TERMINATE);
+			report(out_hnd, "\tdata type:\t%s\n", tmp);
+			rpcstr_pull(tmp, i1->text_status.buffer, sizeof(tmp), 0, STR_TERMINATE);
+			report(out_hnd, "\ttext status:\t%s\n", tmp);
+			report(out_hnd, "\tstatus:\t%d\n", i1->status);
+			report(out_hnd, "\tpriority:\t%d\n", i1->priority);
+			report(out_hnd, "\tposition:\t%d\n", i1->position);
+			report(out_hnd, "\ttotalpages:\t%d\n", i1->totalpages);
+/*
+			SYSTEMTIME submitted;
+*/
+			report(out_hnd, "\tsubmitted:\tNOT DISPLAYED YET\n");
+			report(out_hnd, "\tpagesprinted:\t%d\n", i1->pagesprinted);
+
+			break;
+		}
+		case ACTION_FOOTER:
+		{
+			report(out_hnd, "\n");
+			break;
+		}
+	}
+
+}
+
+/****************************************************************************
+connection info level 2 container display function
+****************************************************************************/
+void display_job_info_2_ctr(FILE *out_hnd, enum action_type action, 
+				uint32 count, JOB_INFO_2 *const *const ctr)
+{
+	if (ctr == NULL)
+	{
+		report(out_hnd, "display_job_info_2_ctr: unavailable due to an internal error\n");
+		return;
+	}
+
+	switch (action)
+	{
+		case ACTION_HEADER:
+		{
+			break;
+		}
+		case ACTION_ENUMERATE:
+		{
+			int i;
+
+			for (i = 0; i < count; i++)
+			{
+				display_job_info_2(out_hnd, ACTION_HEADER   , ctr[i]);
+				display_job_info_2(out_hnd, ACTION_ENUMERATE, ctr[i]);
+				display_job_info_2(out_hnd, ACTION_FOOTER   , ctr[i]);
+			}
+			break;
+		}
+		case ACTION_FOOTER:
+		{
+			break;
+		}
+	}
+}
+
+/****************************************************************************
+connection info level 1 container display function
+****************************************************************************/
+void display_job_info_1_ctr(FILE *out_hnd, enum action_type action, 
+				uint32 count, JOB_INFO_1 *const *const ctr)
+{
+	if (ctr == NULL)
+	{
+		report(out_hnd, "display_job_info_1_ctr: unavailable due to an internal error\n");
+		return;
+	}
+
+	switch (action)
+	{
+		case ACTION_HEADER:
+		{
+			break;
+		}
+		case ACTION_ENUMERATE:
+		{
+			int i;
+
+			for (i = 0; i < count; i++)
+			{
+				display_job_info_1(out_hnd, ACTION_HEADER   , ctr[i]);
+				display_job_info_1(out_hnd, ACTION_ENUMERATE, ctr[i]);
+				display_job_info_1(out_hnd, ACTION_FOOTER   , ctr[i]);
+			}
+			break;
+		}
+		case ACTION_FOOTER:
+		{
+			break;
+		}
+	}
+}
+
+/****************************************************************************
+connection info container display function
+****************************************************************************/
+void display_job_info_ctr(FILE *out_hnd, enum action_type action, 
+				uint32 level, uint32 count,
+				void *const *const ctr)
+{
+	if (ctr == NULL)
+	{
+		report(out_hnd, "display_job_info_ctr: unavailable due to an internal error\n");
+		return;
+	}
+
+	switch (level)
+	{
+		case 1:
+		{
+			display_job_info_1_ctr(out_hnd, action, 
+			                   count, (JOB_INFO_1*const*const)ctr);
+			break;
+		}
+		case 2:
+		{
+			display_job_info_2_ctr(out_hnd, action, 
+			                   count, (JOB_INFO_2*const*const)ctr);
+			break;
+		}
+		default:
+		{
+			report(out_hnd, "display_job_info_ctr: Unknown Info Level\n");
+			break;
+		}
+	}
+}
+
+/****************************************************************************
+printer info level 0 display function
+****************************************************************************/
+static void display_print_driver_1(FILE *out_hnd, DRIVER_INFO_1 *i1)
+{
+	fstring name;
+	if (i1 == NULL)
+		return;
+
+	rpcstr_pull(name, i1->name.buffer, sizeof(name), 0, STR_TERMINATE);
+
+	report(out_hnd, "\tname:[%s]\n", name);
+}
+
+/****************************************************************************
+printer info level 1 display function
+****************************************************************************/
+static void display_print_driver_2(FILE *out_hnd, DRIVER_INFO_2 *i1)
+{
+	fstring name;
+	fstring architecture;
+	fstring driverpath;
+	fstring datafile;
+	fstring configfile;
+	if (i1 == NULL)
+		return;
+
+	rpcstr_pull(name, i1->name.buffer, sizeof(name), 0, STR_TERMINATE);
+	rpcstr_pull(architecture, i1->architecture.buffer, sizeof(architecture), 0, STR_TERMINATE);
+	rpcstr_pull(driverpath, i1->driverpath.buffer, sizeof(driverpath), 0, STR_TERMINATE);
+	rpcstr_pull(datafile, i1->datafile.buffer, sizeof(datafile), 0, STR_TERMINATE);
+	rpcstr_pull(configfile, i1->conigfile.buffer, sizeof(configfile), 0, STR_TERMINATE);
+
+	report(out_hnd, "\tversion:[%x]\n", i1->version);
+	report(out_hnd, "\tname:[%s]\n", name);
+	report(out_hnd, "\tarchitecture:[%s]\n", architecture);
+	report(out_hnd, "\tdriverpath:[%s]\n", driverpath);
+	report(out_hnd, "\tdatafile:[%s]\n", datafile);
+	report(out_hnd, "\tconfigfile:[%s]\n", configfile);
+}
+
+/****************************************************************************
+printer info level 2 display function
+****************************************************************************/
+static void display_print_driver_3(FILE *out_hnd, DRIVER_INFO_3 *i1)
+{
+	fstring name;
+	fstring architecture;
+	fstring driverpath;
+	fstring datafile;
+	fstring configfile;
+	fstring helpfile;
+	fstring dependentfiles;
+	fstring monitorname;
+	fstring defaultdatatype;
+	
+	int length=0;
+	BOOL valid = True;
+	
+	if (i1 == NULL)
+		return;
+
+	rpcstr_pull(name, i1->name.buffer, sizeof(name), 0, STR_TERMINATE);
+	rpcstr_pull(architecture, i1->architecture.buffer, sizeof(architecture), 0, STR_TERMINATE);
+	rpcstr_pull(driverpath, i1->driverpath.buffer, sizeof(driverpath), 0, STR_TERMINATE);
+	rpcstr_pull(datafile, i1->datafile.buffer, sizeof(datafile), 0, STR_TERMINATE);
+	rpcstr_pull(configfile, i1->configfile.buffer, sizeof(configfile), 0, STR_TERMINATE);
+	rpcstr_pull(helpfile, i1->helpfile.buffer, sizeof(helpfile), 0, STR_TERMINATE);
+	rpcstr_pull(monitorname, i1->monitorname.buffer, sizeof(monitorname), 0, STR_TERMINATE);
+	rpcstr_pull(defaultdatatype, i1->defaultdatatype.buffer, sizeof(defaultdatatype), 0, STR_TERMINATE);
+
+	report(out_hnd, "\tversion:[%x]\n", i1->version);
+	report(out_hnd, "\tname:[%s]\n",name);
+	report(out_hnd, "\tarchitecture:[%s]\n", architecture);
+	report(out_hnd, "\tdriverpath:[%s]\n", driverpath);
+	report(out_hnd, "\tdatafile:[%s]\n", datafile);
+	report(out_hnd, "\tconfigfile:[%s]\n", configfile);
+	report(out_hnd, "\thelpfile:[%s]\n\n", helpfile);
+
+	while (valid)
+	{
+		rpcstr_pull(dependentfiles, i1->dependentfiles+length, sizeof(dependentfiles), 0, STR_TERMINATE);
+		length+=strlen(dependentfiles)+1;
+		
+		if (strlen(dependentfiles) > 0)
+		{
+			report(out_hnd, "\tdependentfiles:[%s]\n", dependentfiles);
+		}
+		else
+		{
+			valid = False;
+		}
+	}
+	
+	report(out_hnd, "\n\tmonitorname:[%s]\n", monitorname);
+	report(out_hnd, "\tdefaultdatatype:[%s]\n", defaultdatatype);
+	
+}
+
+/****************************************************************************
+connection info level 1 container display function
+****************************************************************************/
+static void display_printer_driver_1_ctr(FILE *out_hnd, enum action_type action, uint32 count,  PRINTER_DRIVER_CTR ctr)
+{
+	int i;
+	DRIVER_INFO_1 *in;
+
+	switch (action)
+	{
+		case ACTION_HEADER:
+			report(out_hnd, "Printer driver Level 1:\n");
+			break;
+		case ACTION_ENUMERATE:
+			for (i = 0; i < count; i++) {
+				in=ctr.info1;
+				display_print_driver_1(out_hnd, &(in[i]) );
+			}
+			break;
+		case ACTION_FOOTER:
+			report(out_hnd, "\n");
+			break;
+	}
+}
+
+/****************************************************************************
+connection info level 2 container display function
+****************************************************************************/
+static void display_printer_driver_2_ctr(FILE *out_hnd, enum action_type action, uint32 count,  PRINTER_DRIVER_CTR ctr)
+{
+	int i;
+	DRIVER_INFO_2 *in;
+
+	switch (action)
+	{
+		case ACTION_HEADER:
+			report(out_hnd, "Printer driver Level 2:\n");
+			break;
+		case ACTION_ENUMERATE:
+			for (i = 0; i < count; i++) {
+				in=ctr.info2;
+				display_print_driver_2(out_hnd, &(in[i]) );
+			}
+			break;
+		case ACTION_FOOTER:
+			report(out_hnd, "\n");
+			break;
+	}
+}
+
+/****************************************************************************
+connection info level 3 container display function
+****************************************************************************/
+static void display_printer_driver_3_ctr(FILE *out_hnd, enum action_type action, uint32 count,  PRINTER_DRIVER_CTR ctr)
+{
+	int i;
+	DRIVER_INFO_3 *in;
+
+	switch (action)
+	{
+		case ACTION_HEADER:
+			report(out_hnd, "Printer driver Level 3:\n");
+			break;
+		case ACTION_ENUMERATE:
+			for (i = 0; i < count; i++) {
+				in=ctr.info3;
+				display_print_driver_3(out_hnd, &(in[i]) );
+			}
+			break;
+		case ACTION_FOOTER:
+			report(out_hnd, "\n");
+			break;
+	}
+}
+
+/****************************************************************************
+connection info container display function
+****************************************************************************/
+void display_printer_driver_ctr(FILE *out_hnd, enum action_type action, uint32 level,
+				uint32 count, PRINTER_DRIVER_CTR ctr)
+{
+	switch (level) {
+		case 1:
+			display_printer_driver_1_ctr(out_hnd, action, count, ctr);
+			break;
+		case 2:
+			display_printer_driver_2_ctr(out_hnd, action, count, ctr);
+			break;
+		case 3:
+			display_printer_driver_3_ctr(out_hnd, action, count, ctr);
+			break;
+		default:
+			report(out_hnd, "display_printer_driver_ctr: Unknown Info Level\n");
+			break;
+	}
+}
+
+
+/****************************************************************************
+printer info level 1 display function
+****************************************************************************/
+static void display_printdriverdir_info_1(FILE *out_hnd, DRIVER_DIRECTORY_1 *i1)
+{
+	fstring name;
+	if (i1 == NULL)
+		return;
+
+	rpcstr_pull(name, i1->name.buffer, sizeof(name), 0, STR_TERMINATE);
+
+	report(out_hnd, "\tname:[%s]\n", name);
+}
+
+/****************************************************************************
+connection info level 1 container display function
+****************************************************************************/
+static void display_printerdriverdir_info_1_ctr(FILE *out_hnd, enum action_type action, DRIVER_DIRECTORY_CTR ctr)
+{
+
+	switch (action)
+	{
+		case ACTION_HEADER:
+			report(out_hnd, "Printer driver dir Info Level 1:\n");
+			break;
+		case ACTION_ENUMERATE:
+				display_printdriverdir_info_1(out_hnd, &(ctr.driver.info_1) );
+			break;
+		case ACTION_FOOTER:
+			report(out_hnd, "\n");
+			break;
+	}
+}
+
+/****************************************************************************
+connection info container display function
+****************************************************************************/
+void display_printerdriverdir_info_ctr(FILE *out_hnd, enum action_type action, uint32 level,
+				DRIVER_DIRECTORY_CTR ctr)
+{
+	switch (level) {
+		case 1:
+			display_printerdriverdir_info_1_ctr(out_hnd, action, ctr);
+			break;
+		default:
+			report(out_hnd, "display_printerdriverdir_info_ctr: Unknown Info Level\n");
+			break;
+	}
+}
diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
new file mode 100644
index 0000000000..193c27e8a0
--- /dev/null
+++ b/source3/rpcclient/rpcclient.c
@@ -0,0 +1,811 @@
+/* 
+   Unix SMB/CIFS implementation.
+   RPC pipe client
+
+   Copyright (C) Tim Potter 2000-2001
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "rpcclient.h"
+
+DOM_SID domain_sid;
+
+/* List to hold groups of commands */
+
+static struct cmd_list {
+	struct cmd_list *prev, *next;
+	struct cmd_set *cmd_set;
+} *cmd_list;
+
+/****************************************************************************
+handle completion of commands for readline
+****************************************************************************/
+static char **completion_fn(char *text, int start, int end)
+{
+#define MAX_COMPLETIONS 100
+	char **matches;
+	int i, count=0;
+	struct cmd_list *commands = cmd_list;
+
+#if 0	/* JERRY */
+	/* FIXME!!!  -- what to do when completing argument? */
+	/* for words not at the start of the line fallback 
+	   to filename completion */
+	if (start) 
+		return NULL;
+#endif
+
+	/* make sure we have a list of valid commands */
+	if (!commands) 
+		return NULL;
+
+	matches = (char **)malloc(sizeof(matches[0])*MAX_COMPLETIONS);
+	if (!matches) return NULL;
+
+	matches[count++] = strdup(text);
+	if (!matches[0]) return NULL;
+
+	while (commands && count < MAX_COMPLETIONS-1) 
+	{
+		if (!commands->cmd_set)
+			break;
+		
+		for (i=0; commands->cmd_set[i].name; i++)
+		{
+			if ((strncmp(text, commands->cmd_set[i].name, strlen(text)) == 0) &&
+				commands->cmd_set[i].fn) 
+			{
+				matches[count] = strdup(commands->cmd_set[i].name);
+				if (!matches[count]) 
+					return NULL;
+				count++;
+			}
+		}
+		
+		commands = commands->next;
+		
+	}
+
+	if (count == 2) {
+		SAFE_FREE(matches[0]);
+		matches[0] = strdup(matches[1]);
+	}
+	matches[count] = NULL;
+	return matches;
+}
+
+/***********************************************************************
+ * read in username/password credentials from a file
+ */
+static void read_authfile (
+	char *filename, 
+	char* username, 
+	char* password, 
+	char* domain
+)
+{
+	FILE *auth;
+        fstring buf;
+        uint16 len = 0;
+	char *ptr, *val, *param;
+                               
+	if ((auth=sys_fopen(filename, "r")) == NULL)
+	{
+		printf ("ERROR: Unable to open credentials file!\n");
+		return;
+	}
+                                
+	while (!feof(auth))
+	{  
+		/* get a line from the file */
+		if (!fgets (buf, sizeof(buf), auth))
+			continue;
+		
+		len = strlen(buf);
+		
+		/* skip empty lines */			
+		if ((len) && (buf[len-1]=='\n'))
+		{
+			buf[len-1] = '\0';
+			len--;
+		}	
+		if (len == 0)
+			continue;
+					
+		/* break up the line into parameter & value.
+		   will need to eat a little whitespace possibly */
+		param = buf;
+		if (!(ptr = strchr_m(buf, '=')))
+			continue;
+		val = ptr+1;
+		*ptr = '\0';
+					
+		/* eat leading white space */
+		while ((*val!='\0') && ((*val==' ') || (*val=='\t')))
+			val++;
+					
+		if (strwicmp("password", param) == 0)
+			fstrcpy (password, val);
+		else if (strwicmp("username", param) == 0)
+			fstrcpy (username, val);
+		else if (strwicmp("domain", param) == 0)
+			fstrcpy (domain, val);
+						
+		memset(buf, 0, sizeof(buf));
+	}
+	fclose(auth);
+	
+	return;
+}
+
+static char* next_command (char** cmdstr)
+{
+	static pstring 		command;
+	char			*p;
+	
+	if (!cmdstr || !(*cmdstr))
+		return NULL;
+	
+	p = strchr_m(*cmdstr, ';');
+	if (p)
+		*p = '\0';
+	pstrcpy(command, *cmdstr);
+	*cmdstr = p;
+	
+	return command;
+}
+
+static void get_username (char *username)
+{
+        if (getenv("USER"))
+                pstrcpy(username,getenv("USER"));
+ 
+        if (*username == 0 && getenv("LOGNAME"))
+                pstrcpy(username,getenv("LOGNAME"));
+ 
+        if (*username == 0) {
+                pstrcpy(username,"GUEST");
+        }
+
+	return;
+}
+
+/* Fetch the SID for this computer */
+
+void fetch_machine_sid(struct cli_state *cli)
+{
+	POLICY_HND pol;
+	NTSTATUS result = NT_STATUS_OK;
+	uint32 info_class = 5;
+	fstring domain_name;
+	static BOOL got_domain_sid;
+	TALLOC_CTX *mem_ctx;
+
+	if (got_domain_sid) return;
+
+	if (!(mem_ctx=talloc_init()))
+	{
+		DEBUG(0,("fetch_domain_sid: talloc_init returned NULL!\n"));
+		goto error;
+	}
+
+
+	if (!cli_nt_session_open (cli, PIPE_LSARPC)) {
+		fprintf(stderr, "could not initialise lsa pipe\n");
+		goto error;
+	}
+	
+	result = cli_lsa_open_policy(cli, mem_ctx, True, 
+				     SEC_RIGHTS_MAXIMUM_ALLOWED,
+				     &pol);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto error;
+	}
+
+	result = cli_lsa_query_info_policy(cli, mem_ctx, &pol, info_class, 
+					   domain_name, &domain_sid);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto error;
+	}
+
+	got_domain_sid = True;
+
+	cli_lsa_close(cli, mem_ctx, &pol);
+	cli_nt_session_close(cli);
+	talloc_destroy(mem_ctx);
+
+	return;
+
+ error:
+	fprintf(stderr, "could not obtain sid for domain %s\n", cli->domain);
+
+	if (!NT_STATUS_IS_OK(result)) {
+		fprintf(stderr, "error: %s\n", nt_errstr(result));
+	}
+
+	exit(1);
+}
+
+/* List the available commands on a given pipe */
+
+static NTSTATUS cmd_listcommands(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+                         int argc, char **argv)
+{
+	struct cmd_list *tmp;
+        struct cmd_set *tmp_set;
+	int i;
+
+        /* Usage */
+
+        if (argc != 2) {
+                printf("Usage: %s <pipe>\n", argv[0]);
+                return NT_STATUS_OK;
+        }
+
+        /* Help on one command */
+
+	for (tmp = cmd_list; tmp; tmp = tmp->next) 
+	{
+		tmp_set = tmp->cmd_set;
+		
+		if (!StrCaseCmp(argv[1], tmp_set->name))
+		{
+			printf("Available commands on the %s pipe:\n\n", tmp_set->name);
+
+			i = 0;
+			tmp_set++;
+			while(tmp_set->name) {
+				printf("%20s", tmp_set->name);
+                                tmp_set++;
+				i++;
+				if (i%4 == 0)
+					printf("\n");
+			}
+			
+			/* drop out of the loop */
+			break;
+		}
+        }
+	printf("\n\n");
+
+	return NT_STATUS_OK;
+}
+
+/* Display help on commands */
+
+static NTSTATUS cmd_help(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+                         int argc, char **argv)
+{
+	struct cmd_list *tmp;
+        struct cmd_set *tmp_set;
+
+        /* Usage */
+
+        if (argc > 2) {
+                printf("Usage: %s [command]\n", argv[0]);
+                return NT_STATUS_OK;
+        }
+
+        /* Help on one command */
+
+        if (argc == 2) {
+                for (tmp = cmd_list; tmp; tmp = tmp->next) {
+                        
+                        tmp_set = tmp->cmd_set;
+
+                        while(tmp_set->name) {
+                                if (strequal(argv[1], tmp_set->name)) {
+                                        if (tmp_set->usage &&
+                                            tmp_set->usage[0])
+                                                printf("%s\n", tmp_set->usage);
+                                        else
+                                                printf("No help for %s\n", tmp_set->name);
+
+                                        return NT_STATUS_OK;
+                                }
+
+                                tmp_set++;
+                        }
+                }
+
+                printf("No such command: %s\n", argv[1]);
+                return NT_STATUS_OK;
+        }
+
+        /* List all commands */
+
+	for (tmp = cmd_list; tmp; tmp = tmp->next) {
+
+		tmp_set = tmp->cmd_set;
+
+		while(tmp_set->name) {
+
+			printf("%15s\t\t%s\n", tmp_set->name,
+			       tmp_set->description ? tmp_set->description:
+			       "");
+
+			tmp_set++;
+		}
+	}
+
+	return NT_STATUS_OK;
+}
+
+/* Change the debug level */
+
+static NTSTATUS cmd_debuglevel(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+                               int argc, char **argv)
+{
+	if (argc > 2) {
+		printf("Usage: %s [debuglevel]\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	if (argc == 2) {
+		DEBUGLEVEL = atoi(argv[1]);
+	}
+
+	printf("debuglevel is %d\n", DEBUGLEVEL);
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS cmd_quit(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+                         int argc, char **argv)
+{
+	exit(0);
+	return NT_STATUS_OK; /* NOTREACHED */
+}
+
+/* Build in rpcclient commands */
+
+static struct cmd_set rpcclient_commands[] = {
+
+	{ "GENERAL OPTIONS" },
+
+	{ "help", 	cmd_help, 	NULL,	"Get help on commands", "[command]" },
+	{ "?", 		cmd_help, 	NULL,	"Get help on commands", "[command]" },
+	{ "debuglevel", cmd_debuglevel, NULL,	"Set debug level", "level" },
+	{ "list",	cmd_listcommands, NULL,	"List available commands on <pipe>", "pipe" },
+	{ "exit", 	cmd_quit, 	NULL,	"Exit program", "" },
+	{ "quit", 	cmd_quit, 	NULL,	"Exit program", "" },
+
+	{ NULL }
+};
+
+static struct cmd_set separator_command[] = {
+	{ "---------------", NULL,	NULL,	"----------------------" },
+	{ NULL }
+};
+
+
+/* Various pipe commands */
+
+extern struct cmd_set lsarpc_commands[];
+extern struct cmd_set samr_commands[];
+extern struct cmd_set spoolss_commands[];
+extern struct cmd_set netlogon_commands[];
+extern struct cmd_set srvsvc_commands[];
+extern struct cmd_set dfs_commands[];
+extern struct cmd_set reg_commands[];
+
+static struct cmd_set *rpcclient_command_list[] = {
+	rpcclient_commands,
+	lsarpc_commands,
+	samr_commands,
+	spoolss_commands,
+	netlogon_commands,
+	srvsvc_commands,
+	dfs_commands,
+	reg_commands,
+	NULL
+};
+
+static void add_command_set(struct cmd_set *cmd_set)
+{
+	struct cmd_list *entry;
+
+	if (!(entry = (struct cmd_list *)malloc(sizeof(struct cmd_list)))) {
+		DEBUG(0, ("out of memory\n"));
+		return;
+	}
+
+	ZERO_STRUCTP(entry);
+
+	entry->cmd_set = cmd_set;
+	DLIST_ADD(cmd_list, entry);
+}
+
+static NTSTATUS do_cmd(struct cli_state *cli, struct cmd_set *cmd_entry, 
+                       char *cmd)
+{
+	char *p = cmd, **argv = NULL;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	pstring buf;
+	int argc = 0, i;
+
+	/* Count number of arguments first time through the loop then
+	   allocate memory and strdup them. */
+
+ again:
+	while(next_token(&p, buf, " ", sizeof(buf))) {
+		if (argv) {
+			argv[argc] = strdup(buf);
+		}
+		
+		argc++;
+	}
+				
+	if (!argv) {
+
+		/* Create argument list */
+
+		argv = (char **)malloc(sizeof(char *) * argc);
+                memset(argv, 0, sizeof(char *) * argc);
+
+		if (!argv) {
+			fprintf(stderr, "out of memory\n");
+			result = NT_STATUS_NO_MEMORY;
+                        goto done;
+		}
+					
+		p = cmd;
+		argc = 0;
+					
+		goto again;
+	}
+
+	/* Call the function */
+
+	if (cmd_entry->fn) {
+                TALLOC_CTX *mem_ctx;
+
+                /* Create mem_ctx */
+
+                if (!(mem_ctx = talloc_init())) {
+                        DEBUG(0, ("talloc_init() failed\n"));
+                        goto done;
+                }
+
+                /* Open pipe */
+
+                if (cmd_entry->pipe)
+                        if (!cli_nt_session_open(cli, cmd_entry->pipe)) {
+                                DEBUG(0, ("Could not initialise %s\n",
+                                          cmd_entry->pipe));
+                                goto done;
+                        }
+
+                /* Run command */
+
+                result = cmd_entry->fn(cli, mem_ctx, argc, argv);
+
+                /* Cleanup */
+
+                if (cmd_entry->pipe)
+                        cli_nt_session_close(cli);
+
+                talloc_destroy(mem_ctx);
+
+	} else {
+		fprintf (stderr, "Invalid command\n");
+                goto done;
+        }
+
+ done:
+						
+	/* Cleanup */
+
+        if (argv) {
+                for (i = 0; i < argc; i++)
+                        SAFE_FREE(argv[i]);
+	
+                SAFE_FREE(argv);
+        }
+	
+	return result;
+}
+
+/* Process a command entered at the prompt or as part of -c */
+
+static NTSTATUS process_cmd(struct cli_state *cli, char *cmd)
+{
+	struct cmd_list *temp_list;
+	BOOL found = False;
+	pstring buf;
+	char *p = cmd;
+	NTSTATUS result = NT_STATUS_OK;
+	int len = 0;
+
+	if (cmd[strlen(cmd) - 1] == '\n')
+		cmd[strlen(cmd) - 1] = '\0';
+
+	if (!next_token(&p, buf, " ", sizeof(buf))) {
+		return NT_STATUS_OK;
+	}
+
+        /* strip the trainly \n if it exsists */
+	len = strlen(buf);
+	if (buf[len-1] == '\n')
+		buf[len-1] = '\0';
+
+	/* Search for matching commands */
+
+	for (temp_list = cmd_list; temp_list; temp_list = temp_list->next) {
+		struct cmd_set *temp_set = temp_list->cmd_set;
+
+		while(temp_set->name) {
+			if (strequal(buf, temp_set->name)) {
+                                found = True;
+				result = do_cmd(cli, temp_set, cmd);
+
+				goto done;
+			}
+			temp_set++;
+		}
+	}
+
+ done:
+	if (!found && buf[0]) {
+		printf("command not found: %s\n", buf);
+		return NT_STATUS_OK;
+	}
+
+	if (!NT_STATUS_IS_OK(result)) {
+		printf("result was %s\n", nt_errstr(result));
+	}
+
+	return result;
+}
+
+
+/* Print usage information */
+static void usage(void)
+{
+	printf("Usage: rpcclient server [options]\n");
+
+	printf("\t-A or --authfile authfile          file containing user credentials\n");
+	printf("\t-c or --command \"command string\"   execute semicolon separated cmds\n");
+	printf("\t-d or --debug debuglevel           set the debuglevel\n");
+	printf("\t-l or --logfile logfile            logfile to use instead of stdout\n");
+	printf("\t-h or --help                       Print this help message.\n");
+	printf("\t-N or --nopass                     don't ask for a password\n");
+	printf("\t-s or --conf configfile            specify an alternative config file\n");
+	printf("\t-U or --user username              set the network username\n");
+	printf("\t-W or --workgroup domain           set the domain name for user account\n");
+	printf("\n");
+}
+
+/* Main function */
+
+ int main(int argc, char *argv[])
+{
+	extern char 		*optarg;
+	extern int 		optind;
+	extern pstring 		global_myname;
+	static int		got_pass = 0;
+	BOOL 			interactive = True;
+	int 			opt;
+	int 			olddebug;
+	static char		*cmdstr = "";
+	struct cli_state	*cli;
+	fstring 		password="",
+				username="",
+				domain="",
+				server="";
+	static char 		*opt_authfile=NULL,
+				*opt_username=NULL,
+				*opt_domain=NULL,
+				*opt_configfile=NULL,
+				*opt_logfile=NULL;
+	static int		opt_debuglevel;
+	pstring 		logfile;
+	struct cmd_set 		**cmd_set;
+	struct in_addr 		server_ip;
+	NTSTATUS 		nt_status;
+	extern BOOL 		AllowDebugChange;
+
+	/* make sure the vars that get altered (4th field) are in
+	   a fixed location or certain compilers complain */
+	poptContext pc;
+	struct poptOption long_options[] = {
+		{"authfile",	'A', POPT_ARG_STRING,	&opt_authfile, 'A'},
+		{"conf",        's', POPT_ARG_STRING, 	&opt_configfile, 's'},
+		{"nopass",	'N', POPT_ARG_NONE,	&got_pass},
+		{"debug",       'd', POPT_ARG_INT,	&opt_debuglevel, 'd'},
+		{"debuglevel",  'd', POPT_ARG_INT,	&opt_debuglevel, 'd'},
+		{"user",        'U', POPT_ARG_STRING,	&opt_username, 'U'},
+		{"workgroup",   'W', POPT_ARG_STRING, 	&opt_domain, 'W'},
+		{"command",	'c', POPT_ARG_STRING,	&cmdstr},
+		{"logfile",	'l', POPT_ARG_STRING,	&opt_logfile, 'l'},
+		{"help",        'h', POPT_ARG_NONE,	0, 'h'},
+		{ 0, 0, 0, 0}
+	};
+
+
+	setlinebuf(stdout);
+
+	DEBUGLEVEL = 1;
+	AllowDebugChange = False;
+
+	/* Parse options */
+
+	if (argc == 1) {
+		usage();
+		return 0;
+	}
+	
+	if (strncmp("//", argv[1], 2) == 0 || strncmp("\\\\", argv[1], 2) == 0)
+		argv[1] += 2;
+
+	pstrcpy(server, argv[1]);
+
+	argv++;
+	argc--;
+
+	pc = poptGetContext(NULL, argc, (const char **) argv, long_options, 
+			    POPT_CONTEXT_KEEP_FIRST);
+	
+	while((opt = poptGetNextOpt(pc)) != -1) {
+		switch (opt) {
+		case 'A':
+			/* only get the username, password, and domain from the file */
+			read_authfile (opt_authfile, username,
+				       password, domain);
+			if (strlen (password))
+				got_pass = 1;
+			break;
+
+		case 'l':
+			slprintf(logfile, sizeof(logfile) - 1, "%s.client", 
+				 opt_logfile);
+			lp_set_logfile(logfile);
+			interactive = False;
+ 			break;
+
+		case 's':
+			pstrcpy(dyn_CONFIGFILE, opt_configfile);
+			break;
+
+		case 'd':
+			DEBUGLEVEL = opt_debuglevel;
+			break;
+
+		case 'U': {
+			char *lp;
+			pstrcpy(username,opt_username);
+			if ((lp=strchr_m(username,'%'))) {
+				*lp = 0;
+				pstrcpy(password,lp+1);
+				got_pass = 1;
+				memset(strchr_m(opt_username,'%')+1,'X',strlen(password));
+			}
+			break;
+		}
+		
+		case 'W':
+			pstrcpy(domain, opt_domain);
+			break;
+			
+		case 'h':
+		default:
+			usage();
+			exit(1);
+		}
+	}
+
+	poptFreeContext(pc);
+
+	/* the following functions are part of the Samba debugging
+	   facilities.  See lib/debug.c */
+	setup_logging("rpcclient", interactive);
+	if (!interactive) 
+		reopen_logs();
+	
+	/* Load smb.conf file */
+	/* FIXME!  How to get this DEBUGLEVEL to last over lp_load()? */
+	olddebug = DEBUGLEVEL;
+	if (!lp_load(dyn_CONFIGFILE,True,False,False)) {
+		fprintf(stderr, "Can't load %s\n", dyn_CONFIGFILE);
+	}
+	DEBUGLEVEL = olddebug;
+
+	load_interfaces();
+
+	get_myname((*global_myname)?NULL:global_myname);
+	strupper(global_myname);
+
+	/* Resolve the IP address */
+
+	if (!resolve_name(server, &server_ip, 0x20))  {
+		DEBUG(1,("Unable to resolve %s\n", server));
+		return 1;
+	}
+	
+	/*
+	 * Get password
+	 * from stdin if necessary
+	 */
+
+	if (!got_pass) {
+		char *pass = getpass("Password:");
+		if (pass) {
+			fstrcpy(password, pass);
+		}
+	}
+	
+	if (!strlen(username) && !got_pass)
+		get_username(username);
+		
+	nt_status = cli_full_connection(&cli, global_myname, server, 
+					&server_ip, 0,
+					"IPC$", "IPC",  
+					username, domain,
+					password, strlen(password));
+	
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		DEBUG(1,("Cannot connect to server.  Error was %s\n", nt_errstr(nt_status)));
+		return 1;
+	}
+
+	memset(password,'X',sizeof(password));
+
+	/* Load command lists */
+
+	cmd_set = rpcclient_command_list;
+
+	while(*cmd_set) {
+		add_command_set(*cmd_set);
+		add_command_set(separator_command);
+		cmd_set++;
+	}
+
+	fetch_machine_sid(cli);
+ 
+       /* Do anything specified with -c */
+        if (cmdstr[0]) {
+                char    *cmd;
+                char    *p = cmdstr;
+ 
+                while((cmd=next_command(&p)) != NULL) {
+                        process_cmd(cli, cmd);
+                }
+		
+		cli_shutdown(cli);
+                return 0;
+        }
+
+	/* Loop around accepting commands */
+
+	while(1) {
+		pstring prompt;
+		char *line;
+
+		slprintf(prompt, sizeof(prompt) - 1, "rpcclient $> ");
+
+		line = smb_readline(prompt, NULL, completion_fn);
+
+		if (line == NULL)
+			break;
+
+		if (line[0] != '\n')
+			process_cmd(cli, line);
+	}
+	
+	cli_shutdown(cli);
+	return 0;
+}
diff --git a/source3/rpcclient/rpcclient.h b/source3/rpcclient/rpcclient.h
new file mode 100644
index 0000000000..72491373d6
--- /dev/null
+++ b/source3/rpcclient/rpcclient.h
@@ -0,0 +1,34 @@
+/* 
+   Unix SMB/CIFS implementation.
+   RPC pipe client
+
+   Copyright (C) Tim Potter 2000
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef RPCCLIENT_H
+#define RPCCLIENT_H
+
+struct cmd_set {
+	char *name;
+	NTSTATUS (*fn)(struct cli_state*, TALLOC_CTX *mem_ctx, int argc, 
+                       char **argv);
+        char *pipe;
+	char *description;
+	char *usage;
+};
+
+#endif /* RPCCLIENT_H */
diff --git a/source3/rpcclient/samsync.c b/source3/rpcclient/samsync.c
new file mode 100644
index 0000000000..14f7ed8953
--- /dev/null
+++ b/source3/rpcclient/samsync.c
@@ -0,0 +1,619 @@
+/* 
+   Unix SMB/CIFS implementation.
+   RPC pipe client
+
+   Copyright (C) Tim Potter 2001
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+static void decode_domain_info(SAM_DOMAIN_INFO *a)
+{
+	fstring temp;
+	printf("Domain Information\n");
+	printf("------------------\n");
+
+	unistr2_to_ascii(temp, &a->uni_dom_name, sizeof(temp)-1);
+	printf("\tDomain              :%s\n", temp);
+	printf("\tMin password len    :%d\n", a->min_pwd_len);
+	printf("\tpassword history len:%d\n", a->pwd_history_len);
+	printf("\tcreation time       :%s\n", http_timestring(nt_time_to_unix(&a->creation_time)));
+}
+
+static void decode_sam_group_info(SAM_GROUP_INFO *a)
+{
+	fstring temp;
+	printf("\nDomain Group Information\n");
+	printf("------------------------\n");
+
+	unistr2_to_ascii(temp, &a->uni_grp_name, sizeof(temp)-1);
+	printf("\tGroup name          :%s\n", temp);
+	unistr2_to_ascii(temp, &a->uni_grp_desc, sizeof(temp)-1);
+	printf("\tGroup description   :%s\n", temp);
+	printf("\trid                 :%d\n", a->gid.g_rid);
+	printf("\tattribute           :%d\n", a->gid.attr);
+}
+
+static void decode_sam_account_info(SAM_ACCOUNT_INFO *a)
+{
+	fstring temp;
+	printf("\nUser Information\n");
+	printf("----------------\n");
+
+	unistr2_to_ascii(temp, &a->uni_acct_name, sizeof(temp)-1);
+	printf("\tUser name          :%s\n", temp);
+	printf("\tuser's rid         :%d\n", a->user_rid);
+	printf("\tuser's primary gid :%d\n", a->group_rid);
+	unistr2_to_ascii(temp, &a->uni_full_name, sizeof(temp)-1);
+	printf("\tfull name          :%s\n", temp);
+	unistr2_to_ascii(temp, &a->uni_home_dir, sizeof(temp)-1);
+	printf("\thome directory     :%s\n", temp);
+	unistr2_to_ascii(temp, &a->uni_dir_drive, sizeof(temp)-1);
+	printf("\tdrive              :%s\n", temp);
+	unistr2_to_ascii(temp, &a->uni_logon_script, sizeof(temp)-1);
+	printf("\tlogon script       :%s\n", temp);
+	unistr2_to_ascii(temp, &a->uni_acct_desc, sizeof(temp)-1);
+	printf("\tdescription        :%s\n", temp);
+	unistr2_to_ascii(temp, &a->uni_workstations, sizeof(temp)-1);
+	printf("\tworkstations       :%s\n", temp);
+}
+
+static void decode_sam_grp_mem_info(SAM_GROUP_MEM_INFO *a)
+{
+	int i;
+	printf("\nGroup members information\n");
+	printf("-------------------------\n");
+	printf("\tnum members        :%d\n", a->num_members);
+
+	for (i=0; i<a->num_members; i++) {
+		printf("\trid, attr:%d, %d\n", a->rids[i], a->attribs[i]);
+	}
+}
+
+static void decode_sam_alias_info(SAM_ALIAS_INFO *a)
+{
+	fstring temp;
+	printf("\nAlias Information\n");
+	printf("-----------------\n");
+
+	unistr2_to_ascii(temp, &a->uni_als_name, sizeof(temp)-1);
+	printf("\tname               :%s\n", temp);
+	unistr2_to_ascii(temp, &a->uni_als_desc, sizeof(temp)-1);
+	printf("\tdescription        :%s\n", temp);
+	printf("\trid                :%d\n", a->als_rid);
+}
+
+static void decode_sam_als_mem_info(SAM_ALIAS_MEM_INFO *a)
+{
+	int i;
+	fstring temp;
+	printf("\nAlias members Information\n");
+	printf("-------------------------\n");
+	printf("\tnum members        :%d\n", a->num_members);
+	printf("\tnum sids           :%d\n", a->num_sids);
+	for (i=0; i<a->num_sids; i++) {
+		printf("\tsid                :%s\n", sid_to_string(temp, &a->sids[i].sid));
+	}
+
+
+}
+
+static void decode_sam_dom_info(SAM_DELTA_DOM *a)
+{
+	fstring temp;
+	printf("\nDomain information\n");
+	printf("------------------\n");
+
+	unistr2_to_ascii(temp, &a->domain_name, sizeof(temp)-1);
+	printf("\tdomain name        :%s\n", temp);
+	printf("\tsid                :%s\n", sid_to_string(temp, &a->domain_sid.sid));
+}
+
+static void decode_sam_unk0e_info(SAM_DELTA_UNK0E *a)
+{
+	fstring temp;
+	printf("\nTrust information\n");
+	printf("-----------------\n");
+
+	unistr2_to_ascii(temp, &a->domain, sizeof(temp)-1);
+	printf("\tdomain name        :%s\n", temp);
+	printf("\tsid                :%s\n", sid_to_string(temp, &a->sid.sid));
+	display_sec_desc(a->sec_desc);
+}
+
+static void decode_sam_privs_info(SAM_DELTA_PRIVS *a)
+{
+	int i;
+	fstring temp;
+	printf("\nSID and privileges information\n");
+	printf("------------------------------\n");
+	printf("\tsid                :%s\n", sid_to_string(temp, &a->sid.sid));
+	display_sec_desc(a->sec_desc);
+	printf("\tprivileges count   :%d\n", a->privlist_count);
+	for (i=0; i<a->privlist_count; i++) {
+		unistr2_to_ascii(temp, &a->uni_privslist[i], sizeof(temp)-1);
+		printf("\tprivilege name     :%s\n", temp);
+		printf("\tattribute          :%d\n", a->attributes[i]);
+	}
+}
+
+static void decode_sam_unk12_info(SAM_DELTA_UNK12 *a)
+{
+	fstring temp;
+	printf("\nTrusted information\n");
+	printf("-------------------\n");
+
+	unistr2_to_ascii(temp, &a->secret, sizeof(temp)-1);
+	printf("\tsecret name        :%s\n", temp);
+	display_sec_desc(a->sec_desc);
+	
+	printf("\ttime 1             :%s\n", http_timestring(nt_time_to_unix(&a->time1)));
+	printf("\ttime 2             :%s\n", http_timestring(nt_time_to_unix(&a->time2)));
+
+	display_sec_desc(a->sec_desc2);
+}
+
+static void decode_sam_stamp(SAM_DELTA_STAMP *a)
+{
+	printf("\nStamp information\n");
+	printf("-----------------\n");
+	printf("\tsequence number    :%d\n", a->seqnum);
+}
+
+static void decode_sam_deltas(uint32 num_deltas, SAM_DELTA_HDR *hdr_deltas, SAM_DELTA_CTR *deltas)
+{
+	int i;
+        for (i = 0; i < num_deltas; i++) {
+		switch (hdr_deltas[i].type) {
+			case SAM_DELTA_DOMAIN_INFO: {
+                		SAM_DOMAIN_INFO *a;
+				a = &deltas[i].domain_info;
+				decode_domain_info(a);
+				break;
+			}
+			case SAM_DELTA_GROUP_INFO:  {
+                		SAM_GROUP_INFO *a;
+				a = &deltas[i].group_info;
+				decode_sam_group_info(a);
+				break;
+			}
+			case SAM_DELTA_ACCOUNT_INFO: {
+                		SAM_ACCOUNT_INFO *a;
+				a = &deltas[i].account_info;
+				decode_sam_account_info(a);
+				break;
+			}
+			case SAM_DELTA_GROUP_MEM: {
+                		SAM_GROUP_MEM_INFO *a;
+				a = &deltas[i].grp_mem_info;
+				decode_sam_grp_mem_info(a);
+				break;
+			}
+			case SAM_DELTA_ALIAS_INFO: {
+                		SAM_ALIAS_INFO *a;
+				a = &deltas[i].alias_info;
+				decode_sam_alias_info(a);
+				break;
+			}
+			case SAM_DELTA_ALIAS_MEM: {
+                		SAM_ALIAS_MEM_INFO *a;
+				a = &deltas[i].als_mem_info;
+				decode_sam_als_mem_info(a);
+				break;
+			}
+			case SAM_DELTA_DOM_INFO: {
+                		SAM_DELTA_DOM *a;
+				a = &deltas[i].dom_info;
+				decode_sam_dom_info(a);
+				break;
+			}
+			case SAM_DELTA_UNK0E_INFO: {
+                		SAM_DELTA_UNK0E *a;
+				a = &deltas[i].unk0e_info;
+				decode_sam_unk0e_info(a);
+				break;
+			}
+			case SAM_DELTA_PRIVS_INFO: {
+                		SAM_DELTA_PRIVS *a;
+				a = &deltas[i].privs_info;
+				decode_sam_privs_info(a);
+				break;
+			}
+			case SAM_DELTA_UNK12_INFO: {
+                		SAM_DELTA_UNK12 *a;
+				a = &deltas[i].unk12_info;
+				decode_sam_unk12_info(a);
+				break;
+			}
+			case SAM_DELTA_SAM_STAMP: {
+                		SAM_DELTA_STAMP *a;
+				a = &deltas[i].stamp;
+				decode_sam_stamp(a);
+				break;
+			}
+			default:
+				DEBUG(0,("unknown delta type: %d\n", hdr_deltas[i].type));
+				break;	
+		}
+	}
+}
+
+/* Synchronise sam database */
+
+static NTSTATUS sam_sync(struct cli_state *cli, unsigned char trust_passwd[16],
+                         BOOL do_smbpasswd_output, BOOL verbose)
+{
+        TALLOC_CTX *mem_ctx;
+        SAM_DELTA_HDR *hdr_deltas_0, *hdr_deltas_1, *hdr_deltas_2;
+        SAM_DELTA_CTR *deltas_0, *deltas_1, *deltas_2;
+        uint32 num_deltas_0, num_deltas_1, num_deltas_2;
+        NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	DOM_CRED ret_creds;
+        /* Initialise */
+
+	if (!(mem_ctx = talloc_init())) {
+		DEBUG(0,("talloc_init failed\n"));
+		return result;
+	}
+
+	if (!cli_nt_session_open (cli, PIPE_NETLOGON)) {
+		DEBUG(0, ("Could not initialize netlogon pipe!\n"));
+		goto done;
+	}
+
+        /* Request a challenge */
+
+        if (!NT_STATUS_IS_OK(new_cli_nt_setup_creds(cli, SEC_CHAN_BDC, trust_passwd))) {
+                DEBUG(0, ("Error initialising session creds\n"));
+                goto done;
+        }
+
+	/* on first call the returnAuthenticator is empty */
+	memset(&ret_creds, 0, sizeof(ret_creds));
+
+        /* Do sam synchronisation on the SAM database*/
+
+	result = cli_netlogon_sam_sync(cli, mem_ctx, &ret_creds, 0, &num_deltas_0, &hdr_deltas_0, &deltas_0);
+        
+        if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	/* verbose mode */
+	if (verbose)
+		decode_sam_deltas(num_deltas_0, hdr_deltas_0, deltas_0);
+
+
+	/* 
+	 * we can't yet do several sam_sync in a raw, it's a credential problem 
+	 * we must chain the credentials
+	 */
+
+#if 1
+        /* Do sam synchronisation on the LSA database */
+
+	result = cli_netlogon_sam_sync(cli, mem_ctx, &ret_creds, 2, &num_deltas_2, &hdr_deltas_2, &deltas_2);
+        
+        if (!NT_STATUS_IS_OK(result))
+		goto done;
+
+	/* verbose mode */
+	if (verbose)
+		decode_sam_deltas(num_deltas_2, hdr_deltas_2, deltas_2);
+#endif
+
+        /* Produce smbpasswd output - good for migrating from NT! */
+
+        if (do_smbpasswd_output) {
+                int i;
+
+                for (i = 0; i < num_deltas_0; i++) {
+                        SAM_ACCOUNT_INFO *a;
+                        fstring acct_name, hex_nt_passwd, hex_lm_passwd;
+                        uchar lm_passwd[16], nt_passwd[16];
+
+                        /* Skip non-user accounts */
+
+                        if (hdr_deltas_0[i].type != SAM_DELTA_ACCOUNT_INFO)
+                                continue;
+
+                        a = &deltas_0[i].account_info;
+
+                        unistr2_to_ascii(acct_name, &a->uni_acct_name,
+                                         sizeof(acct_name) - 1);
+
+                        /* Decode hashes from password hash */
+
+                        sam_pwd_hash(a->user_rid, a->pass.buf_lm_pwd, 
+                                     lm_passwd, 0);
+                        sam_pwd_hash(a->user_rid, a->pass.buf_nt_pwd, 
+                                     nt_passwd, 0);
+
+                        /* Encode as strings */
+
+                        smbpasswd_sethexpwd(hex_lm_passwd, lm_passwd,
+                                            a->acb_info);
+                        smbpasswd_sethexpwd(hex_nt_passwd, nt_passwd,
+                                            a->acb_info);
+
+                        /* Display user info */
+
+                        printf("%s:%d:%s:%s:%s:LCT-0\n", acct_name,
+                               a->user_rid, hex_lm_passwd, hex_nt_passwd,
+                               smbpasswd_encode_acb_info(a->acb_info));
+                }
+                               
+                goto done;
+        }
+
+        /* Update sam tdb */
+
+ done:
+	cli_nt_session_close(cli);
+	talloc_destroy(mem_ctx);
+        
+        return result;
+}
+
+/* Replicate sam deltas */
+
+static NTSTATUS sam_repl(struct cli_state *cli, unsigned char trust_passwde[16],
+                         uint32 low_serial)
+{
+        NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+        return result;
+}
+
+/* Print usage information */
+
+static void usage(void)
+{
+	printf("Usage: samsync [options]\n");
+
+	printf("\t-d debuglevel         set the debuglevel\n");
+	printf("\t-h                    Print this help message.\n");
+	printf("\t-s configfile         specify an alternative config file\n");
+	printf("\t-S                    synchronise sam database\n");
+	printf("\t-R                    replicate sam deltas\n");
+	printf("\t-U username           username and password\n");
+        printf("\t-p                    produce smbpasswd output\n");
+        printf("\t-V                    verbose output\n");
+	printf("\n");
+}
+
+/* Initialise client credentials for authenticated pipe access */
+
+void init_rpcclient_creds(struct ntuser_creds *creds, char* username,
+			  char* domain, char* password)
+{
+	ZERO_STRUCTP(creds);
+
+	if (lp_encrypted_passwords()) {
+		pwd_make_lm_nt_16(&creds->pwd, password);
+	} else {
+		pwd_set_cleartext(&creds->pwd, password);
+	}
+
+	fstrcpy(creds->user_name, username);
+	fstrcpy(creds->domain, domain);
+
+	if (! *username) {
+		creds->pwd.null_pwd = True;
+	}
+}
+
+/* Connect to primary domain controller */
+
+static struct cli_state *init_connection(struct cli_state *cli,
+                                         char *username, char *domain,
+                                         char *password)
+{
+        struct ntuser_creds creds;
+        extern pstring global_myname;
+        struct in_addr *dest_ip;
+        struct nmb_name calling, called;
+        int count;
+        fstring dest_host;
+
+	/* Initialise cli_state information */
+
+        ZERO_STRUCTP(cli);
+
+	if (!cli_initialise(cli)) {
+		return NULL;
+	}
+
+        init_rpcclient_creds(&creds, username, domain, password);
+	cli_init_creds(cli, &creds);
+
+        /* Look up name of PDC controller */
+
+        if (!get_dc_list(True, lp_workgroup(), &dest_ip, &count)) {
+                DEBUG(0, ("Cannot find domain controller for domain %s\n",
+                          lp_workgroup()));
+                return NULL;
+        }
+
+        if (!lookup_dc_name(global_myname, lp_workgroup(), dest_ip, 
+			    dest_host)) {
+                DEBUG(0, ("Could not lookup up PDC name for domain %s\n",
+                          lp_workgroup()));
+                return NULL;
+        }
+
+	get_myname((*global_myname)?NULL:global_myname);
+	strupper(global_myname);
+
+	make_nmb_name(&called, dns_to_netbios_name(dest_host), 0x20);
+	make_nmb_name(&calling, dns_to_netbios_name(global_myname), 0);
+
+	/* Establish a SMB connection */
+
+	if (!cli_establish_connection(cli, dest_host, dest_ip, &calling, 
+				      &called, "IPC$", "IPC", False, True)) {
+		return NULL;
+	}
+	
+	return cli;
+}
+
+/* Main function */
+
+ int main(int argc, char **argv)
+{
+        BOOL do_sam_sync = False, do_sam_repl = False;
+        struct cli_state cli;
+        NTSTATUS result;
+        int opt;
+        pstring logfile;
+        BOOL interactive = False, do_smbpasswd_output = False;
+        BOOL verbose = False;
+        uint32 low_serial = 0;
+        unsigned char trust_passwd[16];
+        fstring username, domain, password;
+
+        if (argc == 1) {
+                usage();
+                return 1;
+        }
+
+        ZERO_STRUCT(username);
+        ZERO_STRUCT(domain);
+        ZERO_STRUCT(password);
+
+        /* Parse command line options */
+
+        while((opt = getopt(argc, argv, "s:d:SR:hiU:W:pV")) != EOF) {
+                switch (opt) {
+                case 's':
+                        pstrcpy(dyn_CONFIGFILE, optarg);
+                        break;
+                case 'd':
+                        DEBUGLEVEL = atoi(optarg);
+                        break;
+                case 'S':
+                        do_sam_sync = 1;
+                        break;
+                case 'R':
+                        do_sam_repl = 1;
+                        low_serial = atoi(optarg);
+                        break;
+                case 'i':
+                        interactive = True;
+                        break;
+                case 'U': {
+                        char *lp;
+
+                        fstrcpy(username,optarg);
+                        if ((lp=strchr_m(username,'%'))) {
+                                *lp = 0;
+                                fstrcpy(password,lp+1);
+                                memset(strchr_m(optarg, '%') + 1, 'X',
+                                       strlen(password));
+			}
+                        break;
+                }
+                case 'W':
+                        pstrcpy(domain, optarg);
+                        break;
+                case 'p':
+                        do_smbpasswd_output = True;
+                        break;
+                case 'V':
+                        verbose = True;
+                        break;
+               case 'h':
+                default:
+                        usage();
+                        exit(1);
+                }
+        }
+
+        argc -= optind;
+
+        if (argc > 0) {
+                usage();
+                return 1;
+        }
+
+        /* Initialise samba */
+
+	slprintf(logfile, sizeof(logfile) - 1, "%s/log.%s", dyn_LOGFILEBASE, 
+                 "samsync");
+	lp_set_logfile(logfile);
+
+        setup_logging("samsync", interactive);
+
+        if (!interactive)
+                reopen_logs();
+
+        if (!lp_load(dyn_CONFIGFILE, True, False, False)) {
+                fprintf(stderr, "Can't load %s\n", dyn_CONFIGFILE);
+        }
+
+        load_interfaces();
+
+        /* Check arguments make sense */
+
+        if (do_sam_sync && do_sam_repl) {
+                fprintf(stderr, "cannot specify both -S and -R\n");
+                return 1;
+
+        }
+
+        if (!do_sam_sync && !do_sam_repl) {
+                fprintf(stderr, "must specify either -S or -R\n");
+                return 1;
+        }
+
+        if (do_sam_repl && low_serial == 0) {
+                fprintf(stderr, "serial number must be positive\n");
+                return 1;
+        }
+
+        /* BDC operations require the machine account password */
+
+        if (!secrets_init()) {
+                DEBUG(0, ("Unable to initialise secrets database\n"));
+                return 1;
+        }
+
+	if (!secrets_fetch_trust_account_password(lp_workgroup(), 
+                                                  trust_passwd, NULL)) {
+		DEBUG(0, ("could not fetch trust account password\n"));
+		return 1;
+	}        
+
+        /* Perform sync or replication */
+
+        if (!init_connection(&cli, username, domain, password))
+                return 1;
+
+        if (do_sam_sync)
+                result = sam_sync(&cli, trust_passwd, do_smbpasswd_output, verbose);
+
+        if (do_sam_repl)
+                result = sam_repl(&cli, trust_passwd, low_serial);
+
+        if (!NT_STATUS_IS_OK(result)) {
+                DEBUG(0, ("%s\n", nt_errstr(result)));
+                return 1;
+        }
+
+	return 0;
+}
diff --git a/source3/script/.cvsignore b/source3/script/.cvsignore
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/source3/script/.cvsignore
diff --git a/source3/script/addtosmbpass b/source3/script/addtosmbpass
index 42af518397..bc82851c52 100644
--- a/source3/script/addtosmbpass
+++ b/source3/script/addtosmbpass
@@ -41,18 +41,18 @@ BEGIN {
 {
   print $0;
   for(name in names) {
-    if($1 ~ name) {
+    if($1 == name) {
       delete names[name];
     }
   }
 }
 END {
   fmt = "%s:%s:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:";
-  fmt = fmt   "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:%s:%s:%s\n";
+  fmt = fmt   "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U          ]:LCT-00000000:%s:\n";
   for(name in names) {
     while ((getline < pwdf) > 0) {
       if ($1 == name) {
-	printf(fmt, $1, $3, $5, $6, $7);
+	printf(fmt, $1, $3, $5);
 	close(pwdf);
 	notfound = "";
 	break;
@@ -65,7 +65,7 @@ END {
       command = ypmatch " " name " passwd";
       command | getline;
       if (NF > 0) {
-	printf(fmt, $1, $3, $5, $6, $7);
+	printf(fmt, $1, $3, $5);
       }
       close(command);
     }
diff --git a/source3/script/build_env.sh b/source3/script/build_env.sh
new file mode 100755
index 0000000000..0000759f16
--- /dev/null
+++ b/source3/script/build_env.sh
@@ -0,0 +1,35 @@
+#!/bin/sh
+
+uname=`uname -a`
+date=`date`
+srcdir=$1
+builddir=$2
+compiler=$3
+
+	if [ ! "x$USER" = "x" ]; then
+	    whoami=$USER
+	else 
+	    if [ ! "x$LOGNAME" = "x" ]; then
+		whoami=$LOGNAME
+	    else
+		whoami=`whoami || id -un`
+	    fi
+	fi
+
+host=`hostname`
+
+cat <<EOF
+/* This file is automatically generated with "make build_env". DO NOT EDIT */
+
+#ifndef _BUILD_ENV_H
+#define _BUILD_ENV_H
+
+#define BUILD_ENV_UNAME "${uname}"
+#define BUILD_ENV_DATE "${date}"
+#define BUILD_ENV_SRCDIR "${srcdir}"
+#define BUILD_ENV_BUILDDIR "${builddir}"
+#define BUILD_ENV_USER "${whoami}"
+#define BUILD_ENV_HOST "${host}"
+#define BUILD_ENV_COMPILER "${compiler}"
+#endif /* _BUILD_ENV_H */
+EOF
diff --git a/source3/script/convert_smbpasswd b/source3/script/convert_smbpasswd
new file mode 100755
index 0000000000..edb775d3a6
--- /dev/null
+++ b/source3/script/convert_smbpasswd
@@ -0,0 +1,17 @@
+#!/bin/sh
+#
+# Convert a Samba 1.9.18 smbpasswd file format into
+# a Samba 2.0 smbpasswd file format.
+# Read from stdin and write to stdout for simplicity.
+# Set the last change time to 0x363F96AD to avoid problems
+# with trying to work out how to get the seconds since 1970
+# in awk or the shell. JRA.
+#
+nawk 'BEGIN {FS=":"} 
+{
+	if( $0 ~ "^#" ) {
+		print $0
+	} else {
+		printf( "%s:%s:%s:%s:[U          ]:LCT-363F96AD:\n", $1, $2, $3, $4);
+	}
+}'
diff --git a/source3/script/extract_allparms.sh b/source3/script/extract_allparms.sh
new file mode 100755
index 0000000000..f16068b3fd
--- /dev/null
+++ b/source3/script/extract_allparms.sh
@@ -0,0 +1,2 @@
+#!/bin/sh
+grep '{".*P_[GL]' param/loadparm.c | sed -e 's/&.*$//g' -e 's/",.*P_LOCAL.*$/  S/' -e 's/",.*P_GLOBAL.*$/  G/' -e 's/^ .*{"//g' | sort -f
diff --git a/source3/script/installbin.sh b/source3/script/installbin.sh
index 633e6cb5bb..c2f34082dd 100755
--- a/source3/script/installbin.sh
+++ b/source3/script/installbin.sh
@@ -1,4 +1,5 @@
 #!/bin/sh
+
 INSTALLPERMS=$1
 BASEDIR=$2
 BINDIR=$3
@@ -10,33 +11,30 @@ shift
 shift
 shift
 
-for d in $BASEDIR $BINDIR $LIBDIR $VARDIR; do
-if [ ! -d $d ]; then
-mkdir $d
-if [ ! -d $d ]; then
-  echo Failed to make directory $d
-  exit 1
-fi
-fi
-done
-
-
 for p in $*; do
- echo Installing $p as $BINDIR/$p
- if [ -f $BINDIR/$p ]; then
-   mv $BINDIR/$p $BINDIR/$p.old
+ p2=`basename $p`
+ echo Installing $p as $BINDIR/$p2
+ if [ -f $BINDIR/$p2 ]; then
+   rm -f $BINDIR/$p2.old
+   mv $BINDIR/$p2 $BINDIR/$p2.old
+ fi
+ cp $p $BINDIR/
+ chmod $INSTALLPERMS $BINDIR/$p2
+
+ # this is a special case, mount needs this in a specific location
+ if [ $p2 = smbmount ]; then
+   ln -sf $BINDIR/$p2 /sbin/mount.smbfs
  fi
- cp $p $BINDIR/$p
- chmod $INSTALLPERMS $BINDIR/$p
 done
 
 
 cat << EOF
 ======================================================================
 The binaries are installed. You may restore the old binaries (if there
-were any) using the command "make revert"
+were any) using the command "make revert". You may uninstall the binaries
+using the command "make uninstallbin" or "make uninstall" to uninstall
+binaries, man pages and shell scripts.
 ======================================================================
 EOF
 
 exit 0
-
diff --git a/source3/script/installcp.sh b/source3/script/installcp.sh
new file mode 100755
index 0000000000..d0c5bf8ecc
--- /dev/null
+++ b/source3/script/installcp.sh
@@ -0,0 +1,44 @@
+#!/bin/sh
+srcdir=$1
+LIBDIR=$2
+CODEPAGEDIR=$3
+BINDIR=$4
+
+shift
+shift
+shift
+shift
+
+echo Installing codepage files in $CODEPAGEDIR
+for d in $LIBDIR $CODEPAGEDIR; do
+if [ ! -d $d ]; then
+mkdir $d
+if [ ! -d $d ]; then
+  echo Failed to make directory $d
+  exit 1
+fi
+fi
+done
+
+for p in $*; do
+ if [ -f ${srcdir}/codepages/codepage_def.$p ]; then
+   echo Creating codepage file $CODEPAGEDIR/codepage.$p
+   $BINDIR/make_smbcodepage c $p ${srcdir}/codepages/codepage_def.$p $CODEPAGEDIR/codepage.$p
+ fi
+ if [ -f ${srcdir}/codepages/CP${p}.TXT ]; then
+   echo Creating unicode map $CODEPAGEDIR/unicode_map.$p
+   $BINDIR/make_unicodemap $p ${srcdir}/codepages/CP${p}.TXT $CODEPAGEDIR/unicode_map.$p
+ fi
+done
+
+
+cat << EOF
+======================================================================
+The code pages have been installed. You may uninstall them using the
+command "make uninstallcp" or make "uninstall" to uninstall binaries,
+man pages, shell scripts and code pages.
+======================================================================
+EOF
+
+exit 0
+
diff --git a/source3/script/installdat.sh b/source3/script/installdat.sh
new file mode 100755
index 0000000000..7ff88ac788
--- /dev/null
+++ b/source3/script/installdat.sh
@@ -0,0 +1,23 @@
+#!/bin/sh
+#fist version March 2002, Herb  Lewis
+
+DATDIR=$1
+SRCDIR=$2/
+
+echo Installing dat files in $DATDIR
+
+for f in $SRCDIR/codepages/*.dat; do
+	FNAME=$DATDIR/`basename $f`
+	echo $FNAME
+	cp $f $FNAME || echo Cannot install $FNAME. Does $USER have privileges?
+	chmod 0644 $FNAME
+done
+
+cat << EOF
+======================================================================
+The dat files have been installed. 
+======================================================================
+EOF
+
+exit 0
+
diff --git a/source3/script/installdirs.sh b/source3/script/installdirs.sh
new file mode 100755
index 0000000000..dd8f7cd19c
--- /dev/null
+++ b/source3/script/installdirs.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+BASEDIR=$1
+SBINDIR=$2
+BINDIR=$3
+LIBDIR=$4
+VARDIR=$5
+PRIVATEDIR=$6
+
+for d in $BASEDIR $SBINDIR $BINDIR $LIBDIR $VARDIR $PRIVATEDIR; do
+if [ ! -d $d ]; then
+mkdir $d
+if [ ! -d $d ]; then
+  echo Failed to make directory $d
+  exit 1
+fi
+fi
+done
+
+
diff --git a/source3/script/installman.sh b/source3/script/installman.sh
index a79d157c5f..2329ed5425 100755
--- a/source3/script/installman.sh
+++ b/source3/script/installman.sh
@@ -1,35 +1,71 @@
 #!/bin/sh
-MANDIR=$1
-SRCDIR=$2
+#5 July 96 Dan.Shearer@unisa.edu.au  removed hardcoded values
+#
+# 13 Aug 2001  Rafal Szczesniak <mimir@spin.ict.pwr.wroc.pl>
+#   modified to accomodate international man pages (inspired
+#   by Japanese edition's approach)
 
-echo Installing man pages in $MANDIR
+MANDIR=$1
+SRCDIR=$2/
+langs=$3
 
-for d in $MANDIR $MANDIR/man1 $MANDIR/man5 $MANDIR/man7 $MANDIR/man8; do
-if [ ! -d $d ]; then
-mkdir $d
-if [ ! -d $d ]; then
-  echo Failed to make directory $d
-  exit 1
-fi
+if [ $# -ge 4 ] ; then
+  GROFF=$4                    # sh cmd line, including options 
 fi
+
+
+for lang in $langs; do
+    if [ "X$lang" = Xen ]; then
+	echo Installing default man pages in $MANDIR/
+	lang=.
+    else
+	echo Installing \"$lang\" man pages in $MANDIR/lang/$lang
+    fi
+
+    langdir=$MANDIR/lang/$lang
+    for d in $MANDIR $MANDIR/lang $langdir $langdir/man1 $langdir/man5 $langdir/man7 $langdir/man8; do
+	if [ ! -d $d ]; then
+	    mkdir $d
+	    if [ ! -d $d ]; then
+		echo Failed to make directory $d, does $USER have privileges?
+		exit 1
+	    fi
+	fi
+    done
+
+    for sect in 1 5 7 8 ; do
+	for m in $langdir/man$sect ; do
+	    for s in $SRCDIR../docs/manpages/$lang/*$sect; do
+	    FNAME=$m/`basename $s`
+ 
+	    # Test for writability.  Involves 
+	    # blowing away existing files.
+ 
+	    if (rm -f $FNAME && touch $FNAME); then
+		rm $FNAME
+		if [ "x$GROFF" = x ] ; then
+		    cp $s $m            # Copy raw nroff 
+		else
+		    echo "\t$FNAME"     # groff'ing can be slow, give the user
+					#   a warm fuzzy.
+		    $GROFF $s > $FNAME  # Process nroff, because man(1) (on
+					#   this system) doesn't .
+		fi
+		chmod 0644 $FNAME
+	    else
+		echo Cannot create $FNAME... does $USER have privileges?
+	    fi
+	    done
+	done
+    done
 done
+cat << EOF
+======================================================================
+The man pages have been installed. You may uninstall them using the command
+the command "make uninstallman" or make "uninstall" to uninstall binaries,
+man pages and shell scripts.
+======================================================================
+EOF
 
-cp $SRCDIR../docs/*.1 $MANDIR/man1
-cp $SRCDIR../docs/*.5 $MANDIR/man5
-cp $SRCDIR../docs/*.8 $MANDIR/man8
-cp $SRCDIR../docs/*.7 $MANDIR/man7
-echo Setting permissions on man pages
-chmod 0644 $MANDIR/man1/smbstatus.1
-chmod 0644 $MANDIR/man1/smbclient.1
-chmod 0644 $MANDIR/man1/smbrun.1
-chmod 0644 $MANDIR/man1/testparm.1
-chmod 0644 $MANDIR/man1/testprns.1
-chmod 0644 $MANDIR/man1/smbtar.1
-chmod 0644 $MANDIR/man5/smb.conf.5
-chmod 0644 $MANDIR/man7/samba.7
-chmod 0644 $MANDIR/man8/smbd.8
-chmod 0644 $MANDIR/man8/nmbd.8
-
-echo Man pages installed
 exit 0
 
diff --git a/source3/script/installscripts.sh b/source3/script/installscripts.sh
new file mode 100755
index 0000000000..bff5423e7c
--- /dev/null
+++ b/source3/script/installscripts.sh
@@ -0,0 +1,47 @@
+#!/bin/sh
+# this script courtesy of James_K._Foote.PARC@xerox.com
+# 5 July 96 Dan.Shearer@UniSA.Edu.Au  Don't hardcode script names, get from Make
+
+INSTALLPERMS=$1
+BINDIR=$2
+
+shift
+shift
+
+echo Installing scripts in $BINDIR
+
+for d in $BINDIR; do
+ if [ ! -d $d ]; then
+  mkdir $d
+  if [ ! -d $d ]; then
+    echo Failed to make directory $d
+    echo Have you run installbin first?
+    exit 1
+  fi
+ fi
+done
+
+for p in $*; do
+  p2=`basename $p`
+  echo Installing $BINDIR/$p2
+  if [ -f $BINDIR/$p2 ]; then
+    rm -f $BINDIR/$p2.old
+    mv $BINDIR/$p2 $BINDIR/$p2.old
+  fi
+  cp $p $BINDIR/
+  chmod $INSTALLPERMS $BINDIR/$p2
+  if [ ! -f $BINDIR/$p2 ]; then
+    echo Cannot copy $p2... does $USER have privileges?
+  fi
+done
+
+cat << EOF
+======================================================================
+The scripts have been installed. You may uninstall them using
+the command "make uninstallscripts" or "make install" to install binaries,
+man pages and shell scripts. You may recover the previous version (if any
+by "make revert".
+======================================================================
+EOF
+
+exit 0
diff --git a/source3/script/installswat.sh b/source3/script/installswat.sh
new file mode 100755
index 0000000000..c66604cdb8
--- /dev/null
+++ b/source3/script/installswat.sh
@@ -0,0 +1,127 @@
+#!/bin/sh
+#fist version March 1998, Andrew Tridgell
+
+SWATDIR=$1
+SRCDIR=$2/
+BOOKDIR=$SWATDIR/using_samba
+
+echo Installing SWAT in $SWATDIR
+echo Installing the Samba Web Administration Tool
+
+LANGS=". `cd $SRCDIR../swat/; /bin/echo lang/??`"
+echo Installing langs are `cd $SRCDIR../swat/lang/; /bin/echo ??`
+
+for ln in $LANGS; do 
+ SWATLANGDIR=$SWATDIR/$ln
+ for d in $SWATLANGDIR $SWATLANGDIR/help $SWATLANGDIR/images \
+	$SWATLANGDIR/include; do
+    if [ ! -d $d ]; then
+	mkdir -p $d
+	if [ ! -d $d ]; then
+	    echo Failed to make directory $d, does $USER have privileges?
+	    exit 1
+	fi
+    fi
+ done
+done
+
+# Install images
+for ln in $LANGS; do
+
+for f in $SRCDIR../swat/$ln/images/*.gif; do
+      FNAME=$SWATDIR/$ln/images/`basename $f`
+      echo $FNAME
+      cp $f $FNAME || echo Cannot install $FNAME. Does $USER have privileges?
+      chmod 0644 $FNAME
+done
+
+# Install html help
+
+for f in $SRCDIR../swat/$ln/help/*.html; do
+      FNAME=$SWATDIR/$ln/help/`basename $f`
+      echo $FNAME
+      if [ "x$BOOKDIR" = "x" ]; then
+        cat $f | sed 's/@BOOKDIR@.*$//' > $f.tmp
+      else
+        cat $f | sed 's/@BOOKDIR@//' > $f.tmp
+      fi
+      f=$f.tmp
+      cp $f $FNAME || echo Cannot install $FNAME. Does $USER have privileges?
+      rm -f $f
+      chmod 0644 $FNAME
+done
+
+# Install html documentation
+
+for f in $SRCDIR../docs/htmldocs/*.html; do
+      FNAME=$SWATDIR/help/`basename $f`
+      echo $FNAME
+      cp $f $FNAME || echo Cannot install $FNAME. Does $USER have privileges?
+      chmod 0644 $FNAME
+done
+
+# Install "server-side" includes
+
+for f in $SRCDIR../swat/$ln/include/*.html; do
+      FNAME=$SWATDIR/$ln/include/`basename $f`
+      echo $FNAME
+      cp $f $FNAME || echo Cannot install $FNAME. Does $USER have privileges?
+      chmod 0644 $FNAME
+done
+
+done
+
+# Install Using Samba book
+
+if [ "x$BOOKDIR" != "x" ]; then
+
+    # Create directories
+
+    for d in $BOOKDIR $BOOKDIR/figs $BOOKDIR/gifs; do
+        if [ ! -d $d ]; then
+            mkdir $d
+            if [ ! -d $d ]; then
+                echo Failed to make directory $d, does $USER have privileges?
+                exit 1
+            fi
+        fi
+    done
+
+    # HTML files
+
+    for f in $SRCDIR../docs/htmldocs/using_samba/*.html; do
+        FNAME=$BOOKDIR/`basename $f`
+        echo $FNAME
+        cp $f $FNAME || echo Cannot install $FNAME. Does $USER have privileges?
+        chmod 0644 $FNAME
+    done
+
+    # Figures
+
+    for f in $SRCDIR../docs/htmldocs/using_samba/figs/*.gif; do
+        FNAME=$BOOKDIR/figs/`basename $f`
+        echo $FNAME
+        cp $f $FNAME || echo Cannot install $FNAME. Does $USER have privileges?
+        chmod 0644 $FNAME
+    done
+
+    # Gifs
+
+    for f in $SRCDIR../docs/htmldocs/using_samba/gifs/*.gif; do
+        FNAME=$BOOKDIR/gifs/`basename $f`
+        echo $FNAME
+        cp $f $FNAME || echo Cannot install $FNAME. Does $USER have privileges?
+        chmod 0644 $FNAME
+    done
+
+fi
+
+cat << EOF
+======================================================================
+The SWAT files have been installed. Remember to read the swat/README
+for information on enabling and using SWAT
+======================================================================
+EOF
+
+exit 0
+
diff --git a/source3/script/makeunicodecasemap.awk b/source3/script/makeunicodecasemap.awk
new file mode 100644
index 0000000000..8424b6c672
--- /dev/null
+++ b/source3/script/makeunicodecasemap.awk
@@ -0,0 +1,59 @@
+function reset_vals() {
+	upperstr = "";
+	lowerstr = "";
+	flagstr = "0";
+}
+
+function print_val() {
+	upperstr = $13;
+	lowerstr = $14;
+	if ( upperstr == "" )
+		upperstr = strval;
+	if ( lowerstr == "" )
+		lowerstr = strval;
+
+	if ( $3 == "Lu" )
+		flagstr = sprintf("%s|%s", flagstr, "UNI_UPPER");
+	if ( $3 == "Ll" )
+		flagstr = sprintf("%s|%s", flagstr, "UNI_LOWER");
+	if ( val >= 48 && val <= 57)
+		flagstr = sprintf("%s|%s", flagstr, "UNI_DIGIT");
+	if ((val >= 48 && val <= 57) || (val >= 65 && val <= 70) || (val >=97 && val <= 102))
+		flagstr = sprintf("%s|%s", flagstr, "UNI_XDIGIT");
+	if ( val == 32 || (val >=9 && val <= 13))
+		flagstr = sprintf("%s|%s", flagstr, "UNI_SPACE");
+	if( index(flagstr, "0|") == 1)
+		flagstr = substr(flagstr, 3, length(flagstr) - 2);
+	printf("{ 0x%s, 0x%s, %s }, \t\t\t/* %s %s */\n", lowerstr, upperstr, flagstr, strval, $2);
+	val++;
+	strval=sprintf("%04X", val);
+	reset_vals();
+}
+
+BEGIN {
+	val=0
+	FS=";"
+	strval=sprintf("%04X", val);
+	reset_vals();
+}
+
+{
+	if ( $1 == strval ) {
+		print_val();
+	} else {
+		while ( $1 != strval) {
+			printf("{ 0x%04X, 0x%04X, 0 }, \t\t\t/* %s NOMAP */\n", val, val, strval);
+			val++;
+			strval=sprintf("%04X", val);
+		}
+		print_val();
+	}
+}
+
+END {
+	while ( val < 65536 ) {
+		printf("{ 0x%04X, 0x%04X, 0 }, \t\t\t/* %s NOMAP */\n", val, val, strval);
+		val++;
+		strval=sprintf("%04X", val);
+	}
+}
diff --git a/source3/script/makeyodldocs.sh b/source3/script/makeyodldocs.sh
new file mode 100755
index 0000000000..5b54df033e
--- /dev/null
+++ b/source3/script/makeyodldocs.sh
@@ -0,0 +1,92 @@
+#!/bin/sh
+SRCDIR=$1
+shift
+FILES=$@
+
+if test -z $FILES; then
+    FILES=*.yo
+fi
+
+YODLDIR=$SRCDIR/../docs/yodldocs
+MANPAGEDIR=$SRCDIR/../docs/manpages
+HTMLDIR=$SRCDIR/../docs/htmldocs
+
+echo "Re-creating man pages and HTML pages from YODL sources..."
+
+if [ ! -d $MANPAGEDIR ]; then
+  echo "directory $MANPAGEDIR does not exist, are we in the right place?"
+  exit 1
+fi
+
+if [ ! -d $HTMLDIR ]; then
+  echo "directory $HTMLDIR does not exist, are we in the right place?"
+  exit 1
+fi
+
+if [ ! -d $YODLDIR ]; then
+  echo "directory $YODLDIR does not exist, are we in the right place?"
+  exit 1
+fi
+
+cd $YODLDIR
+
+for d in $FILES
+do
+
+#
+# Create the basename from the YODL manpage
+#
+    bn=`echo $d | sed -e 's/\.yo//'`
+
+	case "$d"
+	in
+		*.[0-9].yo)
+			echo "Creating man pages..."
+			echo $d
+			rm -f $bn.man
+			yodl2man $d
+			if [ ! -f $bn.man ]; then
+				echo "Failed to make man page for $d"
+				exit 1
+			fi
+			cp $bn.man ../manpages/$bn || echo "Cannot create $YODLDIR/../manpages/$bn"
+			rm -f $bn.man
+
+			echo "Creating html versions of man pages..."
+			echo $d
+			rm -f $bn.html
+			yodl2html $d
+			if [ ! -f $bn.html ]; then
+				echo "Failed to make html page for $d"
+				exit 1
+			fi
+			cp $bn.html ../htmldocs || echo "Cannot create $YODLDIR/../htmldocs/$bn.html"
+			rm -f $bn.html
+		;;
+		*)
+#
+# Non man-page YODL docs - just make html and text.
+#
+			echo $d
+			rm -f $bn.html
+			yodl2html $d
+			if [ ! -f $bn.html ]; then
+                echo "Failed to make html page for $d"
+                exit 1
+            fi
+			cp $bn.html ../htmldocs || echo "Cannot create $YODLDIR/../htmldocs/$bn.html"
+			rm -f $bn.html
+			rm -f $bn.txt
+			yodl2txt $d
+			if [ ! -f $bn.txt ]; then
+                echo "Failed to make text page for $d"
+                exit 1
+            fi
+			cp $bn.txt ../textdocs || echo "Cannot create $YODLDIR/../textdocs/$bn.txt"
+			rm -f $bn.txt
+		;;
+	esac
+done
+
+echo "Remember to CVS check in your changes..."
+exit 0
diff --git a/source3/script/mkinstalldirs b/source3/script/mkinstalldirs
new file mode 100755
index 0000000000..f945dbf2bc
--- /dev/null
+++ b/source3/script/mkinstalldirs
@@ -0,0 +1,38 @@
+#! /bin/sh
+# mkinstalldirs --- make directory hierarchy
+# Author: Noah Friedman <friedman@prep.ai.mit.edu>
+# Created: 1993-05-16
+# Public domain
+
+errstatus=0
+
+for file
+do
+   set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'`
+   shift
+
+   pathcomp=
+   for d
+   do
+     pathcomp="$pathcomp$d"
+     case "$pathcomp" in
+       -* ) pathcomp=./$pathcomp ;;
+     esac
+
+     if test ! -d "$pathcomp"; then
+        echo "mkdir $pathcomp" 1>&2
+
+        mkdir "$pathcomp" || lasterr=$?
+
+        if test ! -d "$pathcomp"; then
+  	  errstatus=$lasterr
+        fi
+     fi
+
+     pathcomp="$pathcomp/"
+   done
+done
+
+exit $errstatus
+
+# mkinstalldirs ends here
diff --git a/source3/script/mknissmbpasswd.sh b/source3/script/mknissmbpasswd.sh
new file mode 100755
index 0000000000..a94c963bdc
--- /dev/null
+++ b/source3/script/mknissmbpasswd.sh
@@ -0,0 +1,31 @@
+#!/bin/sh
+#
+# Copyright (C) 1998 Benny Holmgren
+#
+# Script to import smbpasswd file into the smbpasswd NIS+ table. Reads
+# from stdin the smbpasswd file.
+#
+while true
+do
+  read row
+  if [ -z "$row" ]
+  then
+    break
+  fi
+
+  if [ "`echo $row | cut -c1`" = "#" ]
+  then
+    continue
+  fi
+
+  nistbladm -a \
+    name=\"`echo $row | cut -d: -f1`\" \
+    uid=\"`echo $row | cut -d: -f2`\" \
+    lmpwd=\"`echo $row | cut -d: -f3`\" \
+    ntpwd=\"`echo $row | cut -d: -f4`\" \
+    acb=\"`echo $row | cut -d: -f5`\" \
+    pwdlset_t=\"`echo $row | cut -d: -f6`\" \
+    gcos=\"`echo $row | cut -d: -f7`\" \
+    home=\"`echo $row | cut -d: -f8`\" \
+    shell=\"`echo $row | cut -d: -f9`\"  smbpasswd.org_dir.`nisdefaults -d`
+done
diff --git a/source3/script/mknissmbpwdtbl.sh b/source3/script/mknissmbpwdtbl.sh
new file mode 100755
index 0000000000..a9b34ff9a7
--- /dev/null
+++ b/source3/script/mknissmbpwdtbl.sh
@@ -0,0 +1,42 @@
+#!/bin/sh
+#
+# Copyright (C) 1998 Benny Holmgren
+#
+# Creates smbpasswd table and smb group in NIS+
+#
+
+nistbladm \
+    -D access=og=rmcd,nw= -c \
+    -s : smbpasswd_tbl \
+    	name=S,nogw=r \
+    	uid=S,nogw=r \
+		user_rid=S,nogw=r \
+		smb_grpid=,nw+r \
+		group_rid=,nw+r \
+		acb=,nw+r \
+		          \
+    	lmpwd=C,nw=,g=r,o=rm \
+    	ntpwd=C,nw=,g=r,o=rm \
+		                     \
+		logon_t=,nw+r \
+		logoff_t=,nw+r \
+		kick_t=,nw+r \
+		pwdlset_t=,nw+r \
+		pwdlchg_t=,nw+r \
+		pwdmchg_t=,nw+r \
+		                \
+		full_name=,nw+r \
+		home_dir=,nw+r \
+		dir_drive=,nw+r \
+		logon_script=,nw+r \
+		profile_path=,nw+r \
+		acct_desc=,nw+r \
+		workstations=,nw+r \
+		                   \
+		hours=,nw+r \
+	smbpasswd.org_dir.`nisdefaults -d`
+
+nisgrpadm -c smb.`nisdefaults -d`
+
+nischgrp smb.`nisdefaults -d` smbpasswd.org_dir.`nisdefaults -d`
+
diff --git a/source3/script/mkproto.awk b/source3/script/mkproto.awk
new file mode 100644
index 0000000000..9b0aa360bc
--- /dev/null
+++ b/source3/script/mkproto.awk
@@ -0,0 +1,155 @@
+BEGIN {
+  inheader=0;
+#  use_ldap_define = 0;
+  current_file="";
+  if (headername=="") {
+    headername="_PROTO_H_";
+  }
+
+  print "#ifndef",headername
+  print "#define",headername
+  print ""
+  print "/* This file is automatically generated with \"make proto\". DO NOT EDIT */"
+  print ""
+}
+
+END {
+  print ""
+  print "#endif /* ",headername," */"
+}
+
+{
+  if (FILENAME!=current_file) {
+#    if (use_ldap_define)
+#    {
+#      print "#endif /* USE_LDAP */"
+#      use_ldap_define = 0;
+#    }
+    print ""
+    print "/* The following definitions come from",FILENAME," */"
+    print ""
+    current_file=FILENAME
+  }
+  if (inheader) {
+    if (match($0,"[)][ \t]*$")) {
+      inheader = 0;
+      printf "%s;\n",$0;
+    } else {
+      printf "%s\n",$0;
+    }
+    next;
+  }
+}
+
+# special handling for code merge of TNG to head
+/^#define OLD_NTDOMAIN 1/ {
+  printf "#if OLD_NTDOMAIN\n"
+}
+/^#undef OLD_NTDOMAIN/ {
+  printf "#endif\n"
+}
+/^#define NEW_NTDOMAIN 1/ {
+  printf "#if NEW_NTDOMAIN\n"
+}
+/^#undef NEW_NTDOMAIN/ {
+  printf "#endif\n"
+}
+
+# we handle the loadparm.c fns separately
+
+/^FN_LOCAL_BOOL/ {
+  split($0,a,"[,()]")
+  printf "BOOL %s(int );\n", a[2]
+}
+
+/^FN_LOCAL_LIST/ {
+  split($0,a,"[,()]")
+  printf "char **%s(int );\n", a[2]
+}
+
+/^FN_LOCAL_STRING/ {
+  split($0,a,"[,()]")
+  printf "char *%s(int );\n", a[2]
+}
+
+/^FN_LOCAL_INT/ {
+  split($0,a,"[,()]")
+  printf "int %s(int );\n", a[2]
+}
+
+/^FN_LOCAL_CHAR/ {
+  split($0,a,"[,()]")
+  printf "char %s(int );\n", a[2]
+}
+
+/^FN_GLOBAL_BOOL/ {
+  split($0,a,"[,()]")
+  printf "BOOL %s(void);\n", a[2]
+}
+
+/^FN_GLOBAL_LIST/ {
+  split($0,a,"[,()]")
+  printf "char **%s(void);\n", a[2]
+}
+
+/^FN_GLOBAL_STRING/ {
+  split($0,a,"[,()]")
+  printf "char *%s(void);\n", a[2]
+}
+
+/^FN_GLOBAL_INT/ {
+  split($0,a,"[,()]")
+  printf "int %s(void);\n", a[2]
+}
+
+/^static|^extern/ || !/^[a-zA-Z]/ || /[;]/ {
+  next;
+}
+
+#
+# We have to split up the start
+# matching as we now have so many start
+# types that it can cause some versions
+# of nawk/awk to choke and fail on
+# the full match. JRA.
+#
+
+{
+  gotstart = 0;
+  if( $0 ~ /^const|^connection_struct|^pipes_struct|^smb_np_struct|^file_fd_struct|^files_struct|^connection_struct|^uid_t|^gid_t|^unsigned|^mode_t|^DIR|^user|^int|^pid_t|^ino_t|^off_t|^double/ ) {
+    gotstart = 1;
+  }
+
+  if( $0 ~ /^vuser_key|^UNISTR2|^LOCAL_GRP|^DOMAIN_GRP|^SMB_STRUCT_DIRENT|^SEC_ACL|^SEC_DESC|^SEC_DESC_BUF|^DOM_SID|^RPC_HND_NODE|^BYTE/ ) {
+    gotstart = 1;
+  }
+
+  if( $0 ~ /^ADS_STRUCT|^ADS_STATUS|^DATA_BLOB|^ASN1_DATA|^TDB_CONTEXT|^TDB_DATA|^smb_ucs2_t|^TALLOC_CTX|^hash_element|^NT_DEVICEMODE|^enum.*\(|^NT_USER_TOKEN|^SAM_ACCOUNT/ ) {
+    gotstart = 1;
+  }
+
+  if( $0 ~ /^smb_iconv_t|^long|^char|^uint|^NTSTATUS|^WERROR|^CLI_POLICY_HND|^struct|^BOOL|^void|^time|^smb_shm_offset_t|^shm_offset_t|^FILE|^XFILE|^SMB_OFF_T|^size_t|^ssize_t|^SMB_BIG_UINT/ ) {
+    gotstart = 1;
+  }
+
+  if( $0 ~ /^SAM_ACCT_INFO_NODE|^SMB_ACL_T|^ADS_MODLIST|^PyObject/ ) {
+    gotstart = 1;
+  }
+
+  if(!gotstart) {
+    next;
+  }
+}
+
+
+/[(].*[)][ \t]*$/ {
+    printf "%s;\n",$0;
+    next;
+}
+
+/[(]/ {
+  inheader=1;
+  printf "%s\n",$0;
+  next;
+}
+
diff --git a/source3/script/mkproto.sh b/source3/script/mkproto.sh
new file mode 100755
index 0000000000..4dbe4c204e
--- /dev/null
+++ b/source3/script/mkproto.sh
@@ -0,0 +1,41 @@
+#! /bin/sh
+
+LANG=C; export LANG
+LC_ALL=C; export LC_ALL
+LC_COLLATE=C; export LC_COLLATE
+
+if [ $# -lt 3 ]
+then
+  echo "Usage: $0 awk [-h headerdefine] outputheader proto_obj"
+  exit 1
+fi
+
+awk="$1"
+shift
+
+if [ x"$1" = x-h ]
+then
+  headeropt="-v headername=$2"
+  shift; shift;
+else
+  headeropt=""
+fi
+
+header="$1"
+shift
+headertmp="$header.$$.tmp~"
+
+proto_src="`echo $@ | tr ' ' '\n' | sed -e 's/\.o/\.c/g' | sort | uniq | egrep -v 'ubiqx/|wrapped'`"
+
+echo creating $header
+
+${awk} $headeropt \
+  -f script/mkproto.awk $proto_src > $headertmp
+
+if cmp -s $header $headertmp 2>/dev/null
+then
+  echo "$header unchanged"
+  rm $headertmp
+else
+  mv $headertmp $header
+fi
diff --git a/source3/script/mksmbpasswd.sh b/source3/script/mksmbpasswd.sh
index 6e592acd65..854e1bd1b5 100755
--- a/source3/script/mksmbpasswd.sh
+++ b/source3/script/mksmbpasswd.sh
@@ -2,5 +2,5 @@
 awk 'BEGIN {FS=":"
 	printf("#\n# SMB password file.\n#\n")
 	}
-{ printf( "%s:%s:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:%s:%s:%s\n", $1, $3, $5, $6, $7) }
+{ printf( "%s:%s:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U          ]:LCT-00000000:%s\n", $1, $3, $5) }
 '
diff --git a/source3/script/revert.sh b/source3/script/revert.sh
index 68b47bf39d..8df5fd2fbd 100755
--- a/source3/script/revert.sh
+++ b/source3/script/revert.sh
@@ -3,11 +3,14 @@ BINDIR=$1
 shift
 
 for p in $*; do
- if [ -f $BINDIR/$p.old ]; then
-   echo Restoring $BINDIR/$p.old as $BINDIR/$p
-   mv $BINDIR/$p $BINDIR/$p.new
-   mv $BINDIR/$p.old $BINDIR/$p
-   rm -f $BINDIR/$p.new
+ p2=`basename $p`
+ if [ -f $BINDIR/$p2.old ]; then
+   echo Restoring $BINDIR/$p2.old
+   mv $BINDIR/$p2 $BINDIR/$p2.new
+   mv $BINDIR/$p2.old $BINDIR/$p2
+   rm -f $BINDIR/$p2.new
+ else
+   echo Not restoring $p
  fi
 done
 
diff --git a/source3/script/scancvslog.pl b/source3/script/scancvslog.pl
new file mode 100755
index 0000000000..c39f9111c1
--- /dev/null
+++ b/source3/script/scancvslog.pl
@@ -0,0 +1,112 @@
+#!/usr/bin/perl
+require"timelocal.pl";
+
+#
+# usage scancvslog.pl logfile starttime tag
+#
+# this will extract all entries from the specified cvs log file
+# that have a date later than or equal to starttime and a tag
+# value of tag. If starttime is not specified, all entries are
+# extracted. If tag is not specified then entries for all
+# branches are extracted. starttime must be specified as
+# "monthname day, year"
+#
+# Example to extract all entries for SAMBA_2_2 branch from the
+# log file named cvs.log 
+#
+# scancvslog.pl cvs.log "" SAMBA_2_2
+#
+#
+# To extract all log entries after Jan 10, 1999 (Note month name
+# must be spelled out completely).
+#
+# scancvslog.pl cvs.log "January 10, 1999" 
+#
+
+open(INFILE,@ARGV[0]) || die "Unable to open @ARGV[0]\n";
+
+%Monthnum = (
+	"January",	0,
+	"February",	1,
+	"March",	2,
+	"April",	3,
+	"May",		4,
+	"June",		5,
+	"July",		6,
+	"August",	7,
+	"September",	8,
+	"October",	9,
+	"November",	10,
+	"December",	11,
+	"Jan",		0,
+	"Feb",		1,
+	"Mar",		2,
+	"Apr",		3,
+	"May",		4,
+	"Jun",		5,
+	"Jul",		6,
+	"Aug",		7,
+	"Sep",		8,
+	"Oct",		9,
+	"Nov",		10,
+	"Dec",		11
+);
+
+$Starttime = (@ARGV[1]) ? &make_time(@ARGV[1]) : 0;
+$Tagvalue = @ARGV[2];
+
+while (&get_entry) {
+  $_=$Entry[0];
+# get rid of extra white space
+  s/\s+/ /g;
+# get rid of any time string in date
+  s/ \d\d:\d\d:\d\d/,/;
+  s/^Date:\s*\w*\s*(\w*)\s*(\w*),\s*(\w*).*/$1 $2 $3/;
+  $Testtime = &make_time($_);
+  $Testtag = &get_tag;
+  if (($Testtime >= $Starttime) && ($Tagvalue eq $Testtag)) {
+    print join("\n",@Entry),"\n";
+  }
+}
+close(INFILE);
+
+sub make_time {
+  $_ = @_[0];
+  s/,//;
+  ($month, $day, $year) = split(" ",$_);
+  if (($year < 1900)||($day < 1)||($day > 31)||not length($Monthnum{$month})) {
+    print "Bad date format @_[0]\n";
+    print "Date needs to be specified as \"Monthname day, year\"\n";
+    print "eg: \"January 10, 1999\"\n";
+    exit 1;
+  }
+  $year = ($year == 19100) ? 2000 : $year;
+  $month = $Monthnum{$month};
+  $Mytime=&timelocal((0,0,0,$day,$month,$year));
+}
+
+sub get_tag {
+  @Mytag = grep (/Tag:/,@Entry);
+  $_ = @Mytag[0];
+  s/^.*Tag:\s*(\w*).*/$1/;
+  return $_;
+}
+
+sub get_entry {
+  @Entry=();
+  if (not eof(INFILE)) {
+    while (not eof(INFILE)) {
+      $_ = <INFILE>;
+      chomp $_;
+      next if (not ($_));
+      if (/^\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*/) {
+	next if ($#Entry == -1);
+	push(Entry,$_);
+	return @Entry;
+      } else {
+	push(Entry,$_);
+      }
+    }
+  }
+  return @Entry;
+}
diff --git a/source3/script/smbtar b/source3/script/smbtar
index fc032ed41c..cf3ff0ebe6 100644
--- a/source3/script/smbtar
+++ b/source3/script/smbtar
@@ -6,13 +6,19 @@
 #          and Ricky Poulten (ricky@logcam.co.uk)
 #
 # (May need to change shell to ksh for HPUX or OSF for better getopts)
+#
+# sandy nov 3 '98 added -a flag
+#
+# Richard Sharpe, added -c 'tarmode full' so that we back up all files to
+# fix a bug in clitar when a patch was added to stop system and hidden files
+# being backed up.
 
 case $0 in
     # when called by absolute path, assume smbclient is in the same directory
     /*)
 	SMBCLIENT="`dirname $0`/smbclient";;
-    *)  # edit this to show where your smbclient is
-	SMBCLIENT="./smbclient";;
+    *)  # you may need to edit this to show where your smbclient is
+	SMBCLIENT="smbclient";;
 esac
 
 # These are the default values. You could fill them in if you know what
@@ -24,7 +30,10 @@ username=$LOGNAME           # Default: same user name as in *nix
 verbose="2>/dev/null"        # Default: no echo to stdout
 log="-d 2"
 newer=""
+newerarg=""
 blocksize=""
+blocksizearg=""
+clientargs="-c 'tarmode full'"
 tarcmd="c"
 tarargs=""
 cdcmd="\\"
@@ -38,6 +47,7 @@ Function: backup/restore a Windows PC directories to a local tape file
 Options:         (Description)                 (Default)
   -r             Restore from tape file to PC  Save from PC to tapefile
   -i             Incremental mode              Full backup mode
+  -a             Reset archive bit mode        Don't reset archive bit
   -v             Verbose mode: echo command    Don't echo anything
   -s <server>    Specify PC Server             $server
   -p <password>  Specify PC Password           $password
@@ -54,7 +64,17 @@ Options:         (Description)                 (Default)
   exit $ex
 }
 
-while getopts rivl:b:d:N:s:p:x:u:Xt: c; do
+# echo Params count: $#
+
+# DEC OSF AKA Digital UNIX does not seem to return a value in OPTIND if 
+# there are no command line params, so protect us against that ...
+if [ $# = 0 ]; then
+
+  Usage 2 "Please enter a command line parameter!"
+
+fi
+
+while getopts riavl:b:d:N:s:p:x:u:Xt: c; do
   case $c in
    r) # [r]estore to Windows (instead of the default "Save from Windows")
       tarcmd="x"
@@ -62,6 +82,9 @@ while getopts rivl:b:d:N:s:p:x:u:Xt: c; do
    i) # [i]ncremental
       tarargs=${tarargs}g
       ;;
+   a) # [a]rchive
+      tarargs=${tarargs}a
+      ;;
    l) # specify [l]og file
       log="-d $OPTARG"
       case "$OPTARG" in
@@ -76,7 +99,7 @@ while getopts rivl:b:d:N:s:p:x:u:Xt: c; do
    N) # compare with a file, test if [n]ewer
       if [ -f $OPTARG ]; then
 	newer=$OPTARG
-        tarargs=${tarargs}N
+	newerarg="N"
       else
 	echo >&2 $0: Warning, $OPTARG not found
       fi
@@ -88,13 +111,13 @@ while getopts rivl:b:d:N:s:p:x:u:Xt: c; do
       server="$OPTARG"
       ;;
    b) # specify [b]locksize
-      blocksize="blocksize $OPTARG"
+      blocksize="$OPTARG"
       case "$OPTARG" in
 	[0-9]*) ;;
 	*)      echo >&2 "$0: Error, block size not numeric: -b $OPTARG"
 		exit 1
       esac
-      tarargs=${tarargs}b
+      blocksizearg="b"
       ;;
    p) # specify [p]assword to use
       password="$OPTARG"
@@ -134,8 +157,8 @@ if [ -z "$verbose" ]; then
       echo "blocksize is $blocksize"
 fi
 
-eval $SMBCLIENT "'\\\\$server\\$service'" "'$password'" -U "'$username'" \
--E -N $log -D "'$cdcmd'" \
--T${tarcmd}${tarargs} $blocksize $newer $tapefile $* $verbose
-
+tarargs=${tarargs}${blocksizearg}${newerarg}
 
+eval $SMBCLIENT "'\\\\$server\\$service'" "'$password'" -U "'$username'" \
+-E -N $log -D "'$cdcmd'" ${clientargs} \
+-T${tarcmd}${tarargs} $blocksize $newer $tapefile '${1+"$@"}' $verbose
diff --git a/source3/script/uninstallbin.sh b/source3/script/uninstallbin.sh
new file mode 100755
index 0000000000..53775f8946
--- /dev/null
+++ b/source3/script/uninstallbin.sh
@@ -0,0 +1,42 @@
+#!/bin/sh
+#4 July 96 Dan.Shearer@UniSA.edu.au   
+
+INSTALLPERMS=$1
+BASEDIR=$2
+BINDIR=$3
+LIBDIR=$4
+VARDIR=$5
+shift
+shift
+shift
+shift
+shift
+
+if [ ! -d $BINDIR ]; then
+  echo Directory $BINDIR does not exist!
+  echo Do a "make installbin" or "make install" first.
+  exit 1
+fi
+
+for p in $*; do
+  p2=`basename $p`
+  if [ -f $BINDIR/$p2 ]; then
+    echo Removing $BINDIR/$p2
+    rm -f $BINDIR/$p2
+    if [ -f $BINDIR/$p2 ]; then
+      echo Cannot remove $BINDIR/$p2 ... does $USER have privileges?
+    fi
+  fi
+done
+
+
+cat << EOF
+======================================================================
+The binaries have been uninstalled. You may restore the binaries using
+the command "make installbin" or "make install" to install binaries, 
+man pages and shell scripts. You can restore a previous version of the
+binaries (if there were any) using "make revert".
+======================================================================
+EOF
+
+exit 0
diff --git a/source3/script/uninstallcp.sh b/source3/script/uninstallcp.sh
new file mode 100755
index 0000000000..2a9e9d509a
--- /dev/null
+++ b/source3/script/uninstallcp.sh
@@ -0,0 +1,33 @@
+#!/bin/sh
+
+CPDIR=$1
+shift
+
+if [ ! -d $CPDIR ]; then
+  echo Directory $CPDIR does not exist!
+  echo Do a "make installcp" or "make install" first.
+  exit 1
+fi
+
+for p in $*; do
+  if [ ! -f $CPDIR/unicode_map.$p ]; then
+    echo $CPDIR/unicode_map.$p does not exist!
+  else
+    echo Removing $CPDIR/unicode_map.$p
+    rm -f $CPDIR/unicode_map.$p
+    if [ -f $CPDIR/unicode_map.$p ]; then
+      echo Cannot remove $CPDIR/unicode_map.$p...  does $USER have privileges?
+    fi
+  fi
+done
+
+cat << EOF
+======================================================================
+The code pages have been uninstalled. You may reinstall them using
+the command "make installcp" or "make install" to install binaries,
+man pages, shell scripts and code pages. You may recover a previous version 
+(if any with "make revert").
+======================================================================
+EOF
+
+exit 0
diff --git a/source3/script/uninstallman.sh b/source3/script/uninstallman.sh
new file mode 100755
index 0000000000..3126709831
--- /dev/null
+++ b/source3/script/uninstallman.sh
@@ -0,0 +1,37 @@
+#!/bin/sh
+#4 July 96 Dan.Shearer@UniSA.edu.au
+#
+# 13 Aug 2001  Rafal Szczesniak <mimir@spin.ict.pwr.wroc.pl>
+#   modified to accomodate international man pages (inspired
+#   by Japanese edition's approach)
+
+
+MANDIR=$1
+SRCDIR=$2
+langs=$3
+
+for lang in $langs; do
+  echo Uninstalling \"$lang\" man pages from $MANDIR/$lang
+
+  for sect in 1 5 7 8 ; do
+    for m in $MANDIR/$lang/man$sect ; do
+      for s in $SRCDIR/../docs/manpages/$lang/*$sect; do
+        FNAME=$m/`basename $s`
+	if test -f $FNAME; then
+	  echo Deleting $FNAME
+	  rm -f $FNAME 
+	  test -f $FNAME && echo Cannot remove $FNAME... does $USER have privileges?   
+        fi
+      done
+    done
+  done
+done
+
+cat << EOF
+======================================================================
+The man pages have been uninstalled. You may install them again using 
+the command "make installman" or make "install" to install binaries,
+man pages and shell scripts.
+======================================================================
+EOF
+exit 0
diff --git a/source3/script/uninstallscripts.sh b/source3/script/uninstallscripts.sh
new file mode 100755
index 0000000000..13104acedd
--- /dev/null
+++ b/source3/script/uninstallscripts.sh
@@ -0,0 +1,36 @@
+#!/bin/sh
+# 5 July 96 Dan.Shearer@UniSA.Edu.Au  - almost identical to uninstallbin.sh
+
+INSTALLPERMS=$1
+BINDIR=$2
+
+shift
+shift
+
+if [ ! -d $BINDIR ]; then
+  echo Directory $BINDIR does not exist!
+  echo Do a "make installscripts" or "make install" first.
+  exit 1
+fi
+
+for p in $*; do
+  p2=`basename $p`
+  if [ -f $BINDIR/$p2 ]; then
+    echo Removing $BINDIR/$p2
+    rm -f $BINDIR/$p2
+    if [ -f $BINDIR/$p2 ]; then
+      echo Cannot remove $BINDIR/$p2 ... does $USER have privileges?
+    fi
+  fi
+done
+
+cat << EOF
+======================================================================
+The scripts have been uninstalled. You may reinstall them using
+the command "make installscripts" or "make install" to install binaries,
+man pages and shell scripts. You may recover a previous version (if any
+with "make revert".
+======================================================================
+EOF
+
+exit 0
diff --git a/source3/smbadduser b/source3/smbadduser
new file mode 100755
index 0000000000..e4e1b273d1
--- /dev/null
+++ b/source3/smbadduser
@@ -0,0 +1,73 @@
+#!/bin/csh
+#
+# smbadduser - Written by Mike Zakharoff
+#
+unalias *
+set path = ($path /usr/local/samba/bin)
+
+set smbpasswd = /usr/local/samba/private/smbpasswd
+set user_map  = /usr/local/samba/lib/users.map
+#
+# Set to site specific passwd command
+#
+#set passwd    = "cat /etc/passwd"
+#set passwd    = "niscat passwd.org_dir"
+set passwd    = "ypcat passwd"
+
+set line = "----------------------------------------------------------"
+if ($#argv == 0) then
+	echo $line
+	echo "Written: Mike Zakharoff email: michael.j.zakharoff@boeing.com"
+	echo ""
+	echo "   1) Updates $smbpasswd"
+	echo "   2) Updates $user_map"
+	echo "   3) Executes smbpasswd for each new user"
+	echo ""
+	echo "smbadduser unixid:ntid unixid:ntid ..."
+	echo ""
+	echo "Example: smbadduser zak:zakharoffm johns:smithj"
+	echo $line
+	exit 1
+endif
+
+touch $smbpasswd $user_map
+set new  = ()
+foreach one ($argv)
+	echo $one | grep ':' >& /dev/null
+	if ($status != 0) then
+		echo "ERROR: Must use unixid:ntid like -> zak:zakharoffm"
+		continue
+	endif
+	set unix = `echo $one | awk -F: '{print $1}'`
+	set ntid = `echo $one | awk -F: '{print $2}'`
+
+	set usr = `eval $passwd | awk -F: '$1==USR {print $1}' USR=$unix`
+	if ($#usr != 1) then
+		echo "ERROR: $unix Not in passwd database SKIPPING..."
+		continue
+	endif
+        set tmp = `cat $smbpasswd | awk -F: '$1==USR {print $1}' USR=$unix`
+	if ($#tmp != 0) then
+		echo "ERROR: $unix is already in $smbpasswd SKIPPING..."
+		continue
+	endif
+
+	echo "Adding: $unix to $smbpasswd"
+	eval $passwd | \
+	awk -F: '$1==USR { \
+	printf( "%s:%s:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:%s:%s:%s\n", $1, $3, $5, $6, $7) }' USR=$unix >> $smbpasswd
+	if ($unix != $ntid) then
+		echo "Adding: {$unix = $ntid} to $user_map"
+		echo "$unix = $ntid" >> $user_map
+	endif
+	set new = ($new $unix)
+end
+
+#
+# Enter password for new users
+#
+foreach one ($new)
+	echo $line
+	echo "ENTER password for $one"
+	smbpasswd $one
+end
diff --git a/source3/smbd/.cvsignore b/source3/smbd/.cvsignore
new file mode 100644
index 0000000000..5f2a5c4cf7
--- /dev/null
+++ b/source3/smbd/.cvsignore
@@ -0,0 +1,2 @@
+*.po
+*.po32
diff --git a/source3/smbd/blocking.c b/source3/smbd/blocking.c
new file mode 100644
index 0000000000..d4a53d9a6d
--- /dev/null
+++ b/source3/smbd/blocking.c
@@ -0,0 +1,635 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Blocking Locking functions
+   Copyright (C) Jeremy Allison 1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+extern char *OutBuffer;
+
+/****************************************************************************
+ This is the structure to queue to implement blocking locks.
+ notify. It consists of the requesting SMB and the expiry time.
+*****************************************************************************/
+
+typedef struct {
+  ubi_slNode msg_next;
+  int com_type;
+  files_struct *fsp;
+  time_t expire_time;
+  int lock_num;
+  char *inbuf;
+  int length;
+} blocking_lock_record;
+
+static ubi_slList blocking_lock_queue = { NULL, (ubi_slNodePtr)&blocking_lock_queue, 0};
+
+/****************************************************************************
+ Destructor for the above structure.
+****************************************************************************/
+
+static void free_blocking_lock_record(blocking_lock_record *blr)
+{
+  SAFE_FREE(blr->inbuf);
+  SAFE_FREE(blr);
+}
+
+/****************************************************************************
+ Get the files_struct given a particular queued SMB.
+*****************************************************************************/
+
+static files_struct *get_fsp_from_pkt(char *inbuf)
+{
+  switch(CVAL(inbuf,smb_com)) {
+  case SMBlock:
+  case SMBlockread:
+    return file_fsp(inbuf,smb_vwv0);
+  case SMBlockingX:
+    return file_fsp(inbuf,smb_vwv2);
+  default:
+    DEBUG(0,("get_fsp_from_pkt: PANIC - unknown type on blocking lock queue - exiting.!\n"));
+    exit_server("PANIC - unknown type on blocking lock queue");
+  }
+  return NULL; /* Keep compiler happy. */
+}
+
+/****************************************************************************
+ Determine if this is a secondary element of a chained SMB.
+  **************************************************************************/
+
+static BOOL in_chained_smb(void)
+{
+  return (chain_size != 0);
+}
+
+/****************************************************************************
+ Function to push a blocking lock request onto the lock queue.
+****************************************************************************/
+
+BOOL push_blocking_lock_request( char *inbuf, int length, int lock_timeout, int lock_num)
+{
+  blocking_lock_record *blr;
+
+  if(in_chained_smb() ) {
+    DEBUG(0,("push_blocking_lock_request: cannot queue a chained request (currently).\n"));
+    return False;
+  }
+
+  /*
+   * Now queue an entry on the blocking lock queue. We setup
+   * the expiration time here.
+   */
+
+  if((blr = (blocking_lock_record *)malloc(sizeof(blocking_lock_record))) == NULL) {
+    DEBUG(0,("push_blocking_lock_request: Malloc fail !\n" ));
+    return False;
+  }
+
+  if((blr->inbuf = (char *)malloc(length)) == NULL) {
+    DEBUG(0,("push_blocking_lock_request: Malloc fail (2)!\n" ));
+    SAFE_FREE(blr);
+    return False;
+  }
+
+  blr->com_type = CVAL(inbuf,smb_com);
+  blr->fsp = get_fsp_from_pkt(inbuf);
+  blr->expire_time = (lock_timeout == -1) ? (time_t)-1 : time(NULL) + (time_t)lock_timeout;
+  blr->lock_num = lock_num;
+  memcpy(blr->inbuf, inbuf, length);
+  blr->length = length;
+
+  ubi_slAddTail(&blocking_lock_queue, blr);
+
+
+  DEBUG(3,("push_blocking_lock_request: lock request length=%d blocked with expiry time %d (+%d) \
+for fnum = %d, name = %s\n", length, (int)blr->expire_time, lock_timeout,
+        blr->fsp->fnum, blr->fsp->fsp_name ));
+
+  return True;
+}
+
+/****************************************************************************
+ Return a smd with a given size.
+*****************************************************************************/
+
+static void send_blocking_reply(char *outbuf, int outsize)
+{
+	if(outsize > 4)
+		smb_setlen(outbuf,outsize - 4);
+
+	if (!send_smb(smbd_server_fd(),outbuf))
+		exit_server("send_blocking_reply: send_smb failed.");
+}
+
+/****************************************************************************
+ Return a lockingX success SMB.
+*****************************************************************************/
+
+static void reply_lockingX_success(blocking_lock_record *blr)
+{
+  char *outbuf = OutBuffer;
+  int bufsize = BUFFER_SIZE;
+  char *inbuf = blr->inbuf;
+  int outsize = 0;
+
+  construct_reply_common(inbuf, outbuf);
+  set_message(outbuf,2,0,True);
+
+  /*
+   * As this message is a lockingX call we must handle
+   * any following chained message correctly.
+   * This is normally handled in construct_reply(),
+   * but as that calls switch_message, we can't use
+   * that here and must set up the chain info manually.
+   */
+
+  outsize = chain_reply(inbuf,outbuf,blr->length,bufsize);
+
+  outsize += chain_size;
+
+  send_blocking_reply(outbuf,outsize);
+}
+
+/****************************************************************************
+ Return a generic lock fail error blocking call.
+*****************************************************************************/
+
+static void generic_blocking_lock_error(blocking_lock_record *blr, NTSTATUS status)
+{
+	char *outbuf = OutBuffer;
+	char *inbuf = blr->inbuf;
+	construct_reply_common(inbuf, outbuf);
+
+	/* whenever a timeout is given w2k maps LOCK_NOT_GRANTED to
+	   FILE_LOCK_CONFLICT! (tridge) */
+	if (NT_STATUS_EQUAL(status, NT_STATUS_LOCK_NOT_GRANTED)) {
+		status = NT_STATUS_FILE_LOCK_CONFLICT;
+	}
+
+	ERROR_NT(status);
+	if (!send_smb(smbd_server_fd(),outbuf))
+		exit_server("generic_blocking_lock_error: send_smb failed.");
+}
+
+/****************************************************************************
+ Return a lock fail error for a lockingX call. Undo all the locks we have 
+ obtained first.
+*****************************************************************************/
+
+static void reply_lockingX_error(blocking_lock_record *blr, NTSTATUS status)
+{
+	char *inbuf = blr->inbuf;
+	files_struct *fsp = blr->fsp;
+	connection_struct *conn = conn_find(SVAL(inbuf,smb_tid));
+	uint16 num_ulocks = SVAL(inbuf,smb_vwv6);
+	SMB_BIG_UINT count = (SMB_BIG_UINT)0, offset = (SMB_BIG_UINT) 0;
+	uint16 lock_pid;
+	unsigned char locktype = CVAL(inbuf,smb_vwv3);
+	BOOL large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES);
+	char *data;
+	int i;
+
+	data = smb_buf(inbuf) + ((large_file_format ? 20 : 10)*num_ulocks);
+	
+	/* 
+	 * Data now points at the beginning of the list
+	 * of smb_lkrng structs.
+	 */
+
+	/*
+	 * Ensure we don't do a remove on the lock that just failed,
+	 * as under POSIX rules, if we have a lock already there, we
+	 * will delete it (and we shouldn't) .....
+	 */
+	
+	for(i = blr->lock_num - 1; i >= 0; i--) {
+		BOOL err;
+		
+		lock_pid = get_lock_pid( data, i, large_file_format);
+		count = get_lock_count( data, i, large_file_format);
+		offset = get_lock_offset( data, i, large_file_format, &err);
+		
+		/*
+		 * We know err cannot be set as if it was the lock
+		 * request would never have been queued. JRA.
+		 */
+		
+		do_unlock(fsp,conn,lock_pid,count,offset);
+	}
+	
+	generic_blocking_lock_error(blr, status);
+}
+
+/****************************************************************************
+ Return a lock fail error.
+*****************************************************************************/
+
+static void blocking_lock_reply_error(blocking_lock_record *blr, NTSTATUS status)
+{
+	switch(blr->com_type) {
+	case SMBlock:
+	case SMBlockread:
+		generic_blocking_lock_error(blr, status);
+		break;
+	case SMBlockingX:
+		reply_lockingX_error(blr, status);
+		break;
+	default:
+		DEBUG(0,("blocking_lock_reply_error: PANIC - unknown type on blocking lock queue - exiting.!\n"));
+		exit_server("PANIC - unknown type on blocking lock queue");
+	}
+}
+
+/****************************************************************************
+ Attempt to finish off getting all pending blocking locks for a lockread call.
+ Returns True if we want to be removed from the list.
+*****************************************************************************/
+
+static BOOL process_lockread(blocking_lock_record *blr)
+{
+	char *outbuf = OutBuffer;
+	char *inbuf = blr->inbuf;
+	ssize_t nread = -1;
+	char *data, *p;
+	int outsize = 0;
+	SMB_OFF_T startpos;
+	size_t numtoread;
+	NTSTATUS status;
+	connection_struct *conn = conn_find(SVAL(inbuf,smb_tid));
+	files_struct *fsp = blr->fsp;
+
+	numtoread = SVAL(inbuf,smb_vwv1);
+	startpos = IVAL(inbuf,smb_vwv2);
+	
+	numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
+	data = smb_buf(outbuf) + 3;
+ 
+	status = do_lock_spin( fsp, conn, SVAL(inbuf,smb_pid), (SMB_BIG_UINT)numtoread, 
+			  (SMB_BIG_UINT)startpos, READ_LOCK);
+	if (NT_STATUS_V(status)) {
+		if ((errno != EACCES) && (errno != EAGAIN)) {
+			/*
+			 * We have other than a "can't get lock" POSIX
+			 * error. Send an error.
+			 * Return True so we get dequeued.
+			 */
+			generic_blocking_lock_error(blr, status);
+			return True;
+		}
+
+		/*
+		 * Still waiting for lock....
+		 */
+		
+		DEBUG(10,("process_lockread: failed to get lock for file = %s. Still waiting....\n",
+			  fsp->fsp_name));
+		return False;
+	}
+
+	nread = read_file(fsp,data,startpos,numtoread);
+
+	if (nread < 0) {
+		generic_blocking_lock_error(blr,NT_STATUS_ACCESS_DENIED);
+		return True;
+	}
+	
+	construct_reply_common(inbuf, outbuf);
+	outsize = set_message(outbuf,5,0,True);
+	
+	outsize += nread;
+	SSVAL(outbuf,smb_vwv0,nread);
+	SSVAL(outbuf,smb_vwv5,nread+3);
+	p = smb_buf(outbuf);
+	*p++ = 1;
+	SSVAL(p,0,nread); p += 2;
+	set_message_end(outbuf, p+nread);
+	
+	DEBUG(3, ( "process_lockread file = %s, fnum=%d num=%d nread=%d\n",
+		   fsp->fsp_name, fsp->fnum, (int)numtoread, (int)nread ) );
+	
+	send_blocking_reply(outbuf,outsize);
+	return True;
+}
+
+/****************************************************************************
+ Attempt to finish off getting all pending blocking locks for a lock call.
+ Returns True if we want to be removed from the list.
+*****************************************************************************/
+
+static BOOL process_lock(blocking_lock_record *blr)
+{
+	char *outbuf = OutBuffer;
+	char *inbuf = blr->inbuf;
+	int outsize;
+	SMB_OFF_T count = 0, offset = 0;
+	NTSTATUS status;
+	connection_struct *conn = conn_find(SVAL(inbuf,smb_tid));
+	files_struct *fsp = blr->fsp;
+
+	count = IVAL(inbuf,smb_vwv1);
+	offset = IVAL(inbuf,smb_vwv3);
+
+	errno = 0;
+	status = do_lock_spin(fsp, conn, SVAL(inbuf,smb_pid), (SMB_BIG_UINT)count, 
+			 (SMB_BIG_UINT)offset, WRITE_LOCK);
+	if (NT_STATUS_IS_ERR(status)) {
+		if((errno != EACCES) && (errno != EAGAIN)) {
+			/*
+			 * We have other than a "can't get lock" POSIX
+			 * error. Send an error.
+			 * Return True so we get dequeued.
+			 */
+			
+			blocking_lock_reply_error(blr, status);
+			return True;
+		}
+		/*
+		 * Still can't get the lock - keep waiting.
+		 */
+		DEBUG(10,("process_lock: failed to get lock for file = %s. Still waiting....\n",
+			  fsp->fsp_name));
+		return False;
+	}
+
+	/*
+	 * Success - we got the lock.
+	 */
+	
+	DEBUG(3,("process_lock : file=%s fnum=%d offset=%.0f count=%.0f\n",
+		 fsp->fsp_name, fsp->fnum, (double)offset, (double)count));
+	
+	construct_reply_common(inbuf, outbuf);
+	outsize = set_message(outbuf,0,0,True);
+	send_blocking_reply(outbuf,outsize);
+	return True;
+}
+
+/****************************************************************************
+ Attempt to finish off getting all pending blocking locks for a lockingX call.
+ Returns True if we want to be removed from the list.
+*****************************************************************************/
+
+static BOOL process_lockingX(blocking_lock_record *blr)
+{
+	char *inbuf = blr->inbuf;
+	unsigned char locktype = CVAL(inbuf,smb_vwv3);
+	files_struct *fsp = blr->fsp;
+	connection_struct *conn = conn_find(SVAL(inbuf,smb_tid));
+	uint16 num_ulocks = SVAL(inbuf,smb_vwv6);
+	uint16 num_locks = SVAL(inbuf,smb_vwv7);
+	SMB_BIG_UINT count = (SMB_BIG_UINT)0, offset = (SMB_BIG_UINT)0;
+	uint16 lock_pid;
+	BOOL large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES);
+	char *data;
+	NTSTATUS status = NT_STATUS_OK;
+
+	data = smb_buf(inbuf) + ((large_file_format ? 20 : 10)*num_ulocks);
+
+	/* 
+	 * Data now points at the beginning of the list
+	 * of smb_lkrng structs.
+	 */
+	
+	for(; blr->lock_num < num_locks; blr->lock_num++) {
+		BOOL err;
+
+		lock_pid = get_lock_pid( data, blr->lock_num, large_file_format);
+		count = get_lock_count( data, blr->lock_num, large_file_format);
+		offset = get_lock_offset( data, blr->lock_num, large_file_format, &err);
+		
+		/*
+		 * We know err cannot be set as if it was the lock
+		 * request would never have been queued. JRA.
+		 */
+		errno = 0;
+		status = do_lock_spin(fsp,conn,lock_pid,count,offset, 
+				 ((locktype & 1) ? READ_LOCK : WRITE_LOCK));
+		if (NT_STATUS_IS_ERR(status)) break;
+	}
+
+	if(blr->lock_num == num_locks) {
+		/*
+		 * Success - we got all the locks.
+		 */
+		
+		DEBUG(3,("process_lockingX file = %s, fnum=%d type=%d num_locks=%d\n",
+			 fsp->fsp_name, fsp->fnum, (unsigned int)locktype, num_locks) );
+
+		reply_lockingX_success(blr);
+		return True;
+	} else if ((errno != EACCES) && (errno != EAGAIN)) {
+		/*
+		 * We have other than a "can't get lock" POSIX
+		 * error. Free any locks we had and return an error.
+		 * Return True so we get dequeued.
+		 */
+		
+		blocking_lock_reply_error(blr, status);
+		return True;
+	}
+
+	/*
+	 * Still can't get all the locks - keep waiting.
+	 */
+	
+	DEBUG(10,("process_lockingX: only got %d locks of %d needed for file %s, fnum = %d. \
+Waiting....\n", 
+		  blr->lock_num, num_locks, fsp->fsp_name, fsp->fnum));
+	
+	return False;
+}
+
+/****************************************************************************
+ Process a blocking lock SMB.
+ Returns True if we want to be removed from the list.
+*****************************************************************************/
+
+static BOOL blocking_lock_record_process(blocking_lock_record *blr)
+{
+  switch(blr->com_type) {
+  case SMBlock:
+    return process_lock(blr);
+  case SMBlockread:
+    return process_lockread(blr);
+  case SMBlockingX:
+    return process_lockingX(blr);
+  default:
+    DEBUG(0,("blocking_lock_record_process: PANIC - unknown type on blocking lock queue - exiting.!\n"));
+    exit_server("PANIC - unknown type on blocking lock queue");
+  }
+  return False; /* Keep compiler happy. */
+}
+
+/****************************************************************************
+ Delete entries by fnum from the blocking lock pending queue.
+*****************************************************************************/
+
+void remove_pending_lock_requests_by_fid(files_struct *fsp)
+{
+  blocking_lock_record *blr = (blocking_lock_record *)ubi_slFirst( &blocking_lock_queue );
+  blocking_lock_record *prev = NULL;
+
+  while(blr != NULL) {
+    if(blr->fsp->fnum == fsp->fnum) {
+
+      DEBUG(10,("remove_pending_lock_requests_by_fid - removing request type %d for \
+file %s fnum = %d\n", blr->com_type, fsp->fsp_name, fsp->fnum ));
+
+      free_blocking_lock_record((blocking_lock_record *)ubi_slRemNext( &blocking_lock_queue, prev));
+      blr = (blocking_lock_record *)(prev ? ubi_slNext(prev) : ubi_slFirst(&blocking_lock_queue));
+      continue;
+    }
+
+    prev = blr;
+    blr = (blocking_lock_record *)ubi_slNext(blr);
+  }
+}
+
+/****************************************************************************
+ Delete entries by mid from the blocking lock pending queue. Always send reply.
+*****************************************************************************/
+
+void remove_pending_lock_requests_by_mid(int mid)
+{
+  blocking_lock_record *blr = (blocking_lock_record *)ubi_slFirst( &blocking_lock_queue );
+  blocking_lock_record *prev = NULL;
+
+  while(blr != NULL) {
+    if(SVAL(blr->inbuf,smb_mid) == mid) {
+      files_struct *fsp = blr->fsp;
+
+      DEBUG(10,("remove_pending_lock_requests_by_mid - removing request type %d for \
+file %s fnum = %d\n", blr->com_type, fsp->fsp_name, fsp->fnum ));
+
+      blocking_lock_reply_error(blr,NT_STATUS_CANCELLED);
+      free_blocking_lock_record((blocking_lock_record *)ubi_slRemNext( &blocking_lock_queue, prev));
+      blr = (blocking_lock_record *)(prev ? ubi_slNext(prev) : ubi_slFirst(&blocking_lock_queue));
+      continue;
+    }
+
+    prev = blr;
+    blr = (blocking_lock_record *)ubi_slNext(blr);
+  }
+}
+
+/****************************************************************************
+ Return True if the blocking lock queue has entries.
+*****************************************************************************/
+
+BOOL blocking_locks_pending(void)
+{
+  blocking_lock_record *blr = (blocking_lock_record *)ubi_slFirst( &blocking_lock_queue );
+  return (blr == NULL ? False : True);
+}
+
+/****************************************************************************
+ Process the blocking lock queue. Note that this is only called as root.
+*****************************************************************************/
+
+void process_blocking_lock_queue(time_t t)
+{
+  blocking_lock_record *blr = (blocking_lock_record *)ubi_slFirst( &blocking_lock_queue );
+  blocking_lock_record *prev = NULL;
+
+  if(blr == NULL)
+    return;
+
+  /*
+   * Go through the queue and see if we can get any of the locks.
+   */
+
+  while(blr != NULL) {
+    connection_struct *conn = NULL;
+    uint16 vuid;
+    files_struct *fsp = NULL;
+
+    /*
+     * Ensure we don't have any old chain_fsp values
+     * sitting around....
+     */
+    chain_size = 0;
+    file_chain_reset();
+    fsp = blr->fsp;
+
+    conn = conn_find(SVAL(blr->inbuf,smb_tid));
+    vuid = (lp_security() == SEC_SHARE) ? UID_FIELD_INVALID :
+                  SVAL(blr->inbuf,smb_uid);
+
+    DEBUG(5,("process_blocking_lock_queue: examining pending lock fnum = %d for file %s\n",
+          fsp->fnum, fsp->fsp_name ));
+
+    if((blr->expire_time != -1) && (blr->expire_time > t)) {
+      /*
+       * Lock expired - throw away all previously
+       * obtained locks and return lock error.
+       */
+      DEBUG(5,("process_blocking_lock_queue: pending lock fnum = %d for file %s timed out.\n",
+          fsp->fnum, fsp->fsp_name ));
+
+      blocking_lock_reply_error(blr,NT_STATUS_ACCESS_DENIED);
+      free_blocking_lock_record((blocking_lock_record *)ubi_slRemNext( &blocking_lock_queue, prev));
+      blr = (blocking_lock_record *)(prev ? ubi_slNext(prev) : ubi_slFirst(&blocking_lock_queue));
+      continue;
+    }
+
+    if(!change_to_user(conn,vuid)) {
+      DEBUG(0,("process_blocking_lock_queue: Unable to become user vuid=%d.\n",
+            vuid ));
+      /*
+       * Remove the entry and return an error to the client.
+       */
+      blocking_lock_reply_error(blr,NT_STATUS_ACCESS_DENIED);
+      free_blocking_lock_record((blocking_lock_record *)ubi_slRemNext( &blocking_lock_queue, prev));
+      blr = (blocking_lock_record *)(prev ? ubi_slNext(prev) : ubi_slFirst(&blocking_lock_queue));
+      continue;
+    }
+
+    if(!set_current_service(conn,True)) {
+      DEBUG(0,("process_blocking_lock_queue: Unable to become service Error was %s.\n", strerror(errno) ));
+      /*
+       * Remove the entry and return an error to the client.
+       */
+      blocking_lock_reply_error(blr,NT_STATUS_ACCESS_DENIED);
+      free_blocking_lock_record((blocking_lock_record *)ubi_slRemNext( &blocking_lock_queue, prev));
+      blr = (blocking_lock_record *)(prev ? ubi_slNext(prev) : ubi_slFirst(&blocking_lock_queue));
+      change_to_root_user();
+      continue;
+    }
+
+    /*
+     * Go through the remaining locks and try and obtain them.
+     * The call returns True if all locks were obtained successfully
+     * and False if we still need to wait.
+     */
+
+    if(blocking_lock_record_process(blr)) {
+      free_blocking_lock_record((blocking_lock_record *)ubi_slRemNext( &blocking_lock_queue, prev));
+      blr = (blocking_lock_record *)(prev ? ubi_slNext(prev) : ubi_slFirst(&blocking_lock_queue));
+      change_to_root_user();
+      continue;
+    }
+
+    change_to_root_user();
+
+    /*
+     * Move to the next in the list.
+     */
+    prev = blr;
+    blr = (blocking_lock_record *)ubi_slNext(blr);
+  }
+}
diff --git a/source3/smbd/build_options.c b/source3/smbd/build_options.c
new file mode 100644
index 0000000000..1d18f534b1
--- /dev/null
+++ b/source3/smbd/build_options.c
@@ -0,0 +1,536 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Build Options for Samba Suite
+   Copyright (C) Vance Lankhaar <vlankhaar@hotmail.com> 2001
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "build_env.h"
+#include "dynconfig.h"
+
+static void output(BOOL screen, char *format, ...) PRINTF_ATTRIBUTE(2,3);
+
+/*
+#define OUTPUT(x) snprintf(outstring,sizeof(outstring),x); output(screen,outstring);
+*/
+/****************************************************************************
+helper function for build_options
+****************************************************************************/
+static void output(BOOL screen, char *format, ...)
+{
+       char *ptr;
+       va_list ap;
+       
+       va_start(ap, format);
+       vasprintf(&ptr,format,ap);
+       va_end(ap);
+
+       if (screen) {
+              d_printf("%s", ptr);
+       } else {
+	       DEBUG(4,("%s", ptr));
+       }
+       
+       SAFE_FREE(ptr);
+}
+
+/****************************************************************************
+options set at build time for the samba suite
+****************************************************************************/
+void build_options(BOOL screen)
+{
+       if ((DEBUGLEVEL < 4) && (!screen)) {
+	       return;
+       }
+
+#ifdef _BUILD_ENV_H
+       /* Output information about the build environment */
+       output(screen,"Build environment:\n");
+       output(screen,"   Built by:    %s@%s\n",BUILD_ENV_USER,BUILD_ENV_HOST);
+       output(screen,"   Built on:    %s\n",BUILD_ENV_DATE);
+
+       output(screen,"   Built using: %s\n",BUILD_ENV_COMPILER);
+       output(screen,"   Build host:  %s\n",BUILD_ENV_UNAME);
+       output(screen,"   SRCDIR:      %s\n",BUILD_ENV_SRCDIR);
+       output(screen,"   BUILDDIR:    %s\n",BUILD_ENV_BUILDDIR);
+
+       
+#endif
+
+       /* Output various options (most correspond to --with options) */ 
+       output(screen,"\nBuild options:\n");
+#ifdef WITH_SMBWRAPPER 
+       output(screen,"   WITH_SMBWRAPPER\n");
+#endif
+#ifdef WITH_AFS
+       output(screen,"   WITH_AFS\n");
+#endif
+#ifdef WITH_DFS
+       output(screen,"   WITH_DFS\n");
+#endif
+#ifdef KRB4_AUTH
+       output(screen,"   KRB4_AUTH");
+#endif
+#ifdef HAVE_KRB5
+       output(screen,"   HAVE_KRB5");
+#endif
+#ifdef WITH_AUTOMOUNT
+       output(screen,"   WITH_AUTOMOUNT\n");
+#endif
+#ifdef WITH_SMBMOUNT
+       output(screen,"   WITH_SMBMOUNT\n");
+#endif
+#ifdef WITH_PAM
+       output(screen,"   WITH_PAM\n");
+#endif
+#ifdef WITH_TDB_SAM
+       output(screen,"   WITH_TDB_SAM\n");
+#endif
+#ifdef WITH_LDAP_SAM
+       output(screen,"   WITH_LDAP_SAM\n");
+#endif
+#ifdef WITH_SMBPASSWD_SAM
+       output(screen,"   WITH_SMBPASSWD_SAM\n");
+#endif
+#ifdef WITH_NISPLUS_SAM
+       output(screen,"   WITH_NISPLUS_SAM\n");
+#endif
+#ifdef WITH_NISPLUS_HOME
+       output(screen,"   WITH_NISPLUS_HOME\n");
+#endif
+#ifdef WITH_SSL
+       output(screen,"   WITH_SSL\n");
+#endif
+#ifdef SSL_DIR
+       output(screen,"   SSL_DIR: %s\n",SSL_DIR);
+#endif
+#ifdef WITH_SYSLOG
+       output(screen,"   WITH_SYSLOG\n");
+#endif
+#ifdef WITH_PROFILE
+       output(screen,"   WITH_PROFILE\n");
+#endif
+#ifdef WITH_QUOTAS
+       output(screen,"   WITH_QUOTAS\n");
+#endif
+#ifdef WITH_VFS
+       output(screen,"   WITH_VFS\n");
+#endif
+#ifdef USE_SPINLOCKS
+       output(screen,"   USE_SPINLOCKS\n");
+#endif
+#ifdef SPARC_SPINLOCKS
+       output(screen,"   SPARC_SPINLOCKS\n");
+#endif
+#ifdef INTEL_SPINLOCKS
+       output(screen,"   INTEL_SPINLOCKS\n");
+#endif
+#ifdef MIPS_SPINLOCKS
+       output(screen,"   MIPS_SPINLOCKS\n");
+#endif
+#ifdef POWERPC_SPINLOCKS
+       output(screen,"   POWERPC_SPINLOCKS\n");
+#endif
+#ifdef HAVE_UNIXWARE_ACLS
+       output(screen,"   HAVE_UNIXWARE_ACLS\n");
+#endif
+#ifdef HAVE_SOLARIS_ACLS
+       output(screen,"   HAVE_SOLARIS_ACLS\n");
+#endif 
+#ifdef HAVE_IRIX_ACLS
+       output(screen,"   HAVE_IRIX_ACLS\n");
+#endif
+#ifdef HAVE_AIX_ACLS
+       output(screen,"   HAVE_AIX_ACLS\n");
+#endif
+#ifdef HAVE_POSIX_ACLS
+       output(screen,"   HAVE_POSIX_ACLS\n");
+#endif
+#ifdef HAVE_TRU64_ACLS
+       output(screen,"   HAVE_TRU64_ACLS\n");
+#endif
+
+#ifdef HAVE_ACL_GET_PERM_NP
+       output(screen,"   HAVE_ACL_GET_PERM_NP\n");
+#endif
+#ifdef HAVE_NO_ACLS
+       output(screen,"   HAVE_NO_ACLS\n");
+#endif
+#ifdef HAVE_LIBREADLINE
+       output(screen,"   HAVE_LIBREADLINE\n"); 
+#endif
+#ifdef WITH_LIBICONV
+       output(screen,"   WITH_LIBICONV: %s\n",WITH_LIBICONV);
+#endif
+
+
+       /* Output various paths to files and directories */
+       output(screen,"\nPaths:\n");
+       output(screen,"   CONFIGFILE: %s\n", dyn_CONFIGFILE);
+#ifdef PRIVATE_DIR
+       output(screen,"   PRIVATE_DIR: %s\n",PRIVATE_DIR);
+#endif
+#ifdef LMHOSTSFILE
+       output(screen,"   LMHOSTSFILE: %s\n",LMHOSTSFILE);
+#endif
+       output(screen,"   SBINDIR: %s\n", dyn_SBINDIR);
+       output(screen,"   BINDIR: %s\n", dyn_BINDIR);
+       output(screen,"   LOCKDIR: %s\n",dyn_LOCKDIR);
+       output(screen,"   DRIVERFILE: %s\n", dyn_DRIVERFILE);
+       output(screen,"   LOGFILEBASE: %s\n", dyn_LOGFILEBASE);
+
+       /*Output various other options (most map to defines in the configure script*/
+       output(screen,"\nOther Build Options:\n");
+#ifdef HAVE_VOLATILE
+       output(screen,"   HAVE_VOLATILE\n");
+#endif
+#ifdef HAVE_SHADOW_H
+       output(screen,"   HAVE_SHADOW_H\n");
+#endif
+#ifdef HAVE_CRYPT
+       output(screen,"   HAVE_CRYPT\n");
+#endif
+#ifdef USE_BOTH_CRYPT_CALLS
+       output(screen,"   USE_BOTH_CRYPT_CALLS\n");
+#endif
+#ifdef HAVE_TRUNCATED_SALT
+       output(screen,"   HAVE_TRUNCATED_SALT\n");
+#endif
+#ifdef HAVE_CUPS
+       output(screen,"   HAVE_CUPS\n");
+#endif
+#ifdef HAVE_CUPS_CUPS_H
+       output(screen,"   HAVE_CUPS_CUPS_H\n");
+#endif
+#ifdef HAVE_CUPS_LANGUAGE_H
+       output(screen,"   HAVE_CUPS_LANGUAGE_H\n");
+#endif
+#ifdef HAVE_LIBDL
+       output(screen,"   HAVE_LIBDL\n");
+#endif
+#ifdef HAVE_UNIXSOCKET
+       output(screen,"   HAVE_UNIXSOCKET\n");
+#endif
+#ifdef HAVE_SOCKLEN_T_TYPE
+       output(screen,"   HAVE_SOCKLEN_T_TYPE\n");
+#endif
+#ifdef HAVE_SIG_ATOMIC_T_TYPE
+       output(screen,"   HAVE_SIG_ATOMIC_T_TYPE\n");
+#endif
+#ifdef HAVE_SETRESUID
+       output(screen,"   HAVE_SETRESUID\n");
+#endif
+#ifdef HAVE_SETRESGID
+       output(screen,"   HAVE_SETRESGID\n");
+#endif
+#ifdef HAVE_CONNECT
+       output(screen,"   HAVE_CONNECT\n");
+#endif
+#ifdef HAVE_YP_GET_DEFAULT_DOMAIN
+       output(screen,"   HAVE_YP_GET_DEFAULT_DOMAIN\n");
+#endif
+#ifdef HAVE_STAT64
+       output(screen,"   HAVE_STAT64\n");
+#endif
+#ifdef HAVE_LSTAT64
+       output(screen,"   HAVE_LSTAT64\n");
+#endif
+#ifdef HAVE_FSTAT64
+       output(screen,"   HAVE_FSTAT64\n");
+#endif
+#ifdef HAVE_STRCASECMP
+       output(screen,"   HAVE_STRCASECMP\n");
+#endif
+#ifdef HAVE_MEMSET
+       output(screen,"   HAVE_MEMSET\n");
+#endif
+#ifdef HAVE_LONGLONG
+       output(screen,"   HAVE_LONGLONG\n");
+#endif
+#ifdef COMPILER_SUPPORTS_LL
+       output(screen,"   COMPILER_SUPPORTS_LL\n");
+#endif
+#ifdef SIZEOF_OFF_T
+       output(screen,"   SIZEOF_OFF_T: %d\n",SIZEOF_OFF_T);
+#endif
+#ifdef HAVE_OFF64_T
+       output(screen,"   HAVE_OFF64_T\n");
+#endif
+#ifdef SIZEOF_INO_T
+       output(screen,"   SIZEOF_INO_T: %d\n",SIZEOF_INO_T);
+#endif
+#ifdef HAVE_INO64_T
+       output(screen,"   HAVE_INO64_T\n");
+#endif
+#ifdef HAVE_STRUCT_DIRENT64
+       output(screen,"   HAVE_STRUCT_DIRENT64\n");
+#endif
+#ifdef HAVE_UNSIGNED_CHAR
+       output(screen,"   HAVE_UNSIGNED_CHAR\n");
+#endif
+#ifdef HAVE_SOCK_SIN_LEN
+       output(screen,"   HAVE_SOCK_SIN_LEN\n");
+#endif
+#ifdef SEEKDIR_RETURNS_VOID
+       output(screen,"   SEEKDIR_RETURNS_VOID\n");
+#endif
+#ifdef HAVE_FILE_MACRO
+       output(screen,"   HAVE_FILE_MACRO\n");
+#endif
+#ifdef HAVE_FUNCTION_MACRO
+       output(screen,"   HAVE_FUNCTION_MACRO\n");
+#endif
+#ifdef HAVE_GETTIMEOFDAY
+       output(screen,"   HAVE_GETTIMEOFDAY\n");
+#endif
+#ifdef HAVE_C99_VSNPRINTF
+       output(screen,"   HAVE_C99_VSNPRINTF\n");
+#endif
+#ifdef HAVE_BROKEN_READDIR
+       output(screen,"   HAVE_BROKEN_READDIR\n");
+#endif
+#ifdef HAVE_NATIVE_ICONV
+       output(screen,"   HAVE_NATIVE_ICONV\n");
+#endif
+#ifdef HAVE_KERNEL_OPLOCKS_LINUX
+       output(screen,"   HAVE_KERNEL_OPLOCKS_LINUX\n");
+#endif
+#ifdef HAVE_KERNEL_CHANGE_NOTIFY
+       output(screen,"   HAVE_KERNEL_CHANGE_NOTIFY\n");
+#endif
+#ifdef HAVE_KERNEL_SHARE_MODES
+       output(screen,"   HAVE_KERNEL_SHARE_MODES\n");
+#endif
+#ifdef HAVE_KERNEL_OPLOCKS_IRIX
+       output(screen,"   HAVE_KERNEL_OPLOCKS_IRIX\n");
+#endif
+#ifdef HAVE_IRIX_SPECIFIC_CAPABILITIES
+       output(screen,"   HAVE_IRIX_SPECIFIC_CAPABILITIES\n");
+#endif
+#ifdef HAVE_INT16_FROM_RPC_RPC_H
+       output(screen,"   HAVE_INT16_FROM_RPC_RPC_H\n");
+#endif
+#ifdef HAVE_UINT16_FROM_RPC_RPC_H
+       output(screen,"   HAVE_UINT16_FROM_RPC_RPC_H\n");
+#endif
+#ifdef HAVE_INT32_FROM_RPC_RPC_H
+       output(screen,"   HAVE_INT16_FROM_RPC_RPC_H\n");
+#endif
+#ifdef HAVE_UINT32_FROM_RPC_RPC_H
+       output(screen,"   HAVE_UINT32_FROM_RPC_RPC_H\n");
+#endif
+#ifdef HAVE_RPC_AUTH_ERROR_CONFLICT
+       output(screen,"   HAVE_RPC_AUTH_ERROR_CONFLICT\n");
+#endif
+#ifdef HAVE_FTRUNCATE_EXTEND
+       output(screen,"   HAVE_FTRUNCATE_EXTEND\n");
+#endif
+#ifdef HAVE_WORKING_AF_LOCAL
+       output(screen,"   HAVE_WORKING_AF_LOCAL\n");
+#endif
+#ifdef HAVE_BROKEN_GETGROUPS
+       output(screen,"   HAVE_BROKEN_GETGROUPS\n");
+#endif
+#ifdef REPLACE_GETPASS
+       output(screen,"   REPLACE_GETPASS\n");
+#endif
+#ifdef REPLACE_INET_NTOA
+       output(screen,"   REPLACE_INET_NTOA\n");
+#endif
+#ifdef HAVE_SECURE_MKSTEMP
+       output(screen,"   HAVE_SECURE_MKSTEMP\n");
+#endif
+#ifdef SYSCONF_SC_NGROUPS_MAX
+       output(screen,"   SYSCONF_SC_NGROUPS_MAX\n");
+#endif
+#ifdef HAVE_IFACE_AIX
+       output(screen,"   HAVE_IFACE_AIX\n");
+#endif
+#ifdef HAVE_IFACE_IFCONF
+       output(screen,"   HAVE_IFACE_IFCONF\n");
+#endif
+#ifdef HAVE_IFACE_IFREQ
+       output(screen,"   HAVE_IFACE_IFREQ\n");
+#endif
+#ifdef USE_SETRESUID
+       output(screen,"   USE_SETRESUID\n");
+#endif
+#ifdef USE_SETRESGID
+       output(screen,"   USE_SETREUID\n");
+#endif
+#ifdef USE_SETEUID
+       output(screen,"   USE_SETEUID\n");
+#endif
+#ifdef USE_SETUIDX
+       output(screen,"   USE_SETUIDX\n");
+#endif
+#ifdef HAVE_MMAP
+       output(screen,"   HAVE_MMAP\n");
+#endif
+#ifdef MMAP_BLACKLIST
+       output(screen,"   MMAP_BLACKLIST\n");
+#endif
+#ifdef FTRUNCATE_NEEDS_ROOT
+       output(screen,"   FTRUNCATE_NEEDS_ROOT\n");
+#endif
+#ifdef HAVE_FCNTL_LOCK
+       output(screen,"   HAVE_FCNTL_LOCK\n");
+#endif
+#ifdef HAVE_BROKEN_FCNTL64_LOCKS
+       output(screen,"   HAVE_BROKEN_FCNTL64_LOCKS\n");
+#endif
+#ifdef HAVE_STRUCT_FLOCK64
+       output(screen,"   HAVE_STRUCT_FLOCK64\n");
+#endif
+#ifdef BROKEN_NISPLUS_INCLUDE_FILES
+       output(screen,"   BROKEN_NISPLUS_INCLUDE_FILES\n");
+#endif
+#ifdef HAVE_LIBPAM
+       output(screen,"   HAVE_LIBPAM\n");
+#endif
+#ifdef STAT_STATVFS64
+       output(screen,"   STAT_STATVFS64\n");
+#endif
+#ifdef STAT_STATVFS
+       output(screen,"   STAT_STATVFS\n");
+#endif
+#ifdef STAT_STATFS3_OSF1
+       output(screen,"   STAT_STATFS3_OSF1\n");
+#endif
+#ifdef STAT_STATFS2_BSIZE
+       output(screen,"   STAT_STATFS2_BSIZE\n");
+#endif
+#ifdef STAT_STATFS4
+       output(screen,"   STAT_STATFS4\n");
+#endif
+#ifdef STAT_STATFS2_FSIZE
+       output(screen,"   STAT_STATFS2_FSIZE\n");
+#endif
+#ifdef STAT_STATFS2_FS_DATA
+       output(screen,"   STAT_STATFS2_FS_DATA\n");
+#endif
+#ifdef HAVE_EXPLICIT_LARGEFILE_SUPPORT
+       output(screen,"   HAVE_EXPLICIT_LARGEFILE_SUPPORT\n");
+#endif
+
+#ifdef WITH_UTMP
+       /* Output UTMP Stuff */
+       output(screen,"\nUTMP Related:\n");
+       output(screen,"   WITH_UTMP\n");
+
+#ifdef HAVE_UTIMBUF
+       output(screen,"   HAVE_UTIMBUF\n");
+#endif
+#ifdef HAVE_UT_UT_NAME
+       output(screen,"   HAVE_UT_UT_NAME\n");
+#endif
+#ifdef HAVE_UT_UT_USER
+       output(screen,"   HAVE_UT_UT_USER\n");
+#endif
+#ifdef HAVE_UT_UT_ID
+       output(screen,"   HAVE_UT_UT_ID\n");
+#endif
+#ifdef HAVE_UT_UT_HOST
+       output(screen,"   HAVE_UT_UT_HOST\n");
+#endif
+#ifdef HAVE_UT_UT_TIME
+       output(screen,"   HAVE_UT_UT_TIME\n");
+#endif
+#ifdef HAVE_UT_UT_TV
+       output(screen,"   HAVE_UT_UT_TV\n");
+#endif
+#ifdef HAVE_UT_UT_TYPE
+       output(screen,"   HAVE_UT_UT_TYPE\n");
+#endif
+#ifdef HAVE_UT_UT_PID
+       output(screen,"   HAVE_UT_UT_PID\n");
+#endif
+#ifdef HAVE_UT_UT_EXIT
+       output(screen,"   HAVE_UT_UT_EXIT\n");
+#endif
+#ifdef HAVE_UT_UT_ADDR
+       output(screen,"   HAVE_UT_UT_ADDR\n");
+#endif
+#ifdef PUTUTLINE_RETURNS_UTMP
+       output(screen,"   PUTUTLINE_RETURNS_UTMP\n");
+#endif
+#ifdef HAVE_UX_UT_SYSLEN
+       output(screen,"   HAVE_UX_UT_SYSLEN\n");
+#endif
+#endif /* WITH_UTMP */
+
+       /* Output Build OS */
+       output(screen,"\nBuilt for host os:\n");
+#ifdef LINUX
+       output(screen,"   LINUX\n");
+#endif
+#ifdef SUNOS5
+       output(screen,"   SUNOS5\n");
+#endif
+#ifdef SUNOS4
+       output(screen,"   SUNOS4\n");
+#endif
+       /* BSD Isn't Defined in the configure script, but there is something about it in include/config.h.in (and I guess acconfig.h) */
+#ifdef BSD
+       output(screen,"   BSD\n");
+#endif
+#ifdef IRIX
+       output(screen,"   IRIX\n");
+#endif
+#ifdef IRIX6
+       output(screen,"   IRIX6\n");
+#endif
+#ifdef AIX
+       output(screen,"   AIX\n");
+#endif
+#ifdef HPUX
+       output(screen,"   HPUX\n");
+#endif
+#ifdef QNX
+       output(screen,"   QNX\n");
+#endif
+#ifdef OSF1
+       output(screen,"   OSF1\n");
+#endif
+#ifdef SCO
+       output(screen,"   SCO\n");
+#endif
+#ifdef UNIXWARE
+       output(screen,"   UNIXWARE\n");
+#endif
+#ifdef NEXT2
+       output(screen,"   NEXT2\n");
+#endif
+#ifdef RELIANTUNIX
+       output(screen,"   RELIANTUNIX\n");
+#endif
+
+       /* Output the sizes of the various types */
+       output(screen,"\nType sizes:\n");
+       output(screen,"   sizeof(char):    %d\n",sizeof(char));
+       output(screen,"   sizeof(int):     %d\n",sizeof(int));
+       output(screen,"   sizeof(long):    %d\n",sizeof(long));
+       output(screen,"   sizeof(uint8):   %d\n",sizeof(uint8));
+       output(screen,"   sizeof(uint16):  %d\n",sizeof(uint16));
+       output(screen,"   sizeof(uint32):  %d\n",sizeof(uint32));
+       output(screen,"   sizeof(short):   %d\n",sizeof(short));
+       output(screen,"   sizeof(void*):   %d\n",sizeof(void*));
+}
+
+
+
diff --git a/source3/smbd/change_trust_pw.c b/source3/smbd/change_trust_pw.c
new file mode 100644
index 0000000000..0d80d5718f
--- /dev/null
+++ b/source3/smbd/change_trust_pw.c
@@ -0,0 +1,151 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  Periodic Trust account password changing.
+ *  Copyright (C) Andrew Tridgell              1992-1997,
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
+ *  Copyright (C) Paul Ashton                       1997.
+ *  Copyright (C) Jeremy Allison                    1998.
+ *  Copyright (C) Andrew Bartlett                   2001.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+extern pstring global_myname;
+
+/*********************************************************
+ Change the domain password on the PDC.
+**********************************************************/
+
+static NTSTATUS modify_trust_password( char *domain, char *remote_machine, 
+				   unsigned char orig_trust_passwd_hash[16])
+{
+  struct cli_state *cli;
+  DOM_SID domain_sid;
+  struct in_addr dest_ip;
+  NTSTATUS nt_status;
+
+  /*
+   * Ensure we have the domain SID for this domain.
+   */
+
+  if (!secrets_fetch_domain_sid(domain, &domain_sid)) {
+    DEBUG(0, ("domain_client_validate: unable to fetch domain sid.\n"));
+    return NT_STATUS_UNSUCCESSFUL;
+  }
+
+  if(!resolve_name( remote_machine, &dest_ip, 0x20)) {
+	  DEBUG(0,("modify_trust_password: Can't resolve address for %s\n", remote_machine));
+	  return NT_STATUS_UNSUCCESSFUL;
+  }
+  
+  if (!NT_STATUS_IS_OK(cli_full_connection(&cli, global_myname, remote_machine, 
+					   &dest_ip, 0,
+					   "IPC$", "IPC",  
+					   "", "",
+					   "", 0))) {
+	  DEBUG(0,("modify_trust_password: Connection to %s failed!\n", remote_machine));
+	  return NT_STATUS_UNSUCCESSFUL;
+  }
+      
+  /*
+   * Ok - we have an anonymous connection to the IPC$ share.
+   * Now start the NT Domain stuff :-).
+   */
+
+  if(cli_nt_session_open(cli, PIPE_NETLOGON) == False) {
+    DEBUG(0,("modify_trust_password: unable to open the domain client session to \
+machine %s. Error was : %s.\n", remote_machine, cli_errstr(cli)));
+    cli_nt_session_close(cli);
+    cli_ulogoff(cli);
+    cli_shutdown(cli);
+    return NT_STATUS_UNSUCCESSFUL;
+  } 
+
+  nt_status = trust_pw_change_and_store_it(cli, cli->mem_ctx,
+					   orig_trust_passwd_hash);
+  
+  cli_nt_session_close(cli);
+  cli_ulogoff(cli);
+  cli_shutdown(cli);
+  return nt_status;
+}
+
+/************************************************************************
+ Change the trust account password for a domain.
+************************************************************************/
+
+NTSTATUS change_trust_account_password( char *domain, char *remote_machine_list)
+{
+  fstring remote_machine;
+  unsigned char old_trust_passwd_hash[16];
+  time_t lct;
+  NTSTATUS res = NT_STATUS_UNSUCCESSFUL;
+
+  if(!secrets_fetch_trust_account_password(domain, old_trust_passwd_hash, &lct)) {
+    DEBUG(0,("change_trust_account_password: unable to read the machine \
+account password for domain %s.\n", domain));
+    return NT_STATUS_UNSUCCESSFUL;
+  }
+
+  while(remote_machine_list && 
+	next_token(&remote_machine_list, remote_machine, 
+		   LIST_SEP, sizeof(remote_machine))) {
+    strupper(remote_machine);
+    if(strequal(remote_machine, "*")) {
+
+      /*
+       * We have been asked to dynamcially determine the IP addresses of the PDC.
+       */
+
+      struct in_addr *ip_list = NULL;
+      int count = 0;
+      int i;
+
+      /* Use the PDC *only* for this. */
+      if(!get_dc_list(True, domain, &ip_list, &count))
+        continue;
+
+      /*
+       * Try and connect to the PDC/BDC list in turn as an IP
+       * address used as a string.
+       */
+
+      for(i = 0; i < count; i++) {
+        fstring dc_name;
+        if(!lookup_dc_name(global_myname, domain, &ip_list[i], dc_name))
+          continue;
+        if(NT_STATUS_IS_OK(res = modify_trust_password( domain, dc_name,
+                                         old_trust_passwd_hash)))
+          break;
+      }
+
+      SAFE_FREE(ip_list);
+
+    } else {
+	    res = modify_trust_password( domain, remote_machine,
+					 old_trust_passwd_hash);
+    }
+
+  }
+
+  if (!NT_STATUS_IS_OK(res)) {
+	  DEBUG(0,("%s : change_trust_account_password: Failed to change password for \
+domain %s.\n", timestring(False), domain));
+  }
+  
+  return res;
+}
diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c
index dc0514c1ed..eed535cf11 100644
--- a/source3/smbd/chgpasswd.c
+++ b/source3/smbd/chgpasswd.c
@@ -1,8 +1,28 @@
-/* fork a child process to exec passwd and write to its
-* tty to change a users password. This is running as the
-* user who is attempting to change the password.
+/* 
+   Unix SMB/CIFS implementation.
+   Samba utility functions
+   Copyright (C) Andrew Tridgell 1992-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */
 
+/* fork a child process to exec passwd and write to its
+ * tty to change a users password. This is running as the
+ * user who is attempting to change the password.
+ */
+
 /* 
  * This code was copied/borrowed and stolen from various sources.
  * The primary source was the poppasswd.c from the authors of POPMail. This software
@@ -27,350 +47,891 @@
    */
 
 #include "includes.h"
-#include "loadparm.h"
 
-extern int DEBUGLEVEL;
+extern struct passdb_ops pdb_ops;
 
-#ifdef ALLOW_CHANGE_PASSWORD
+static BOOL check_oem_password(const char *user,
+			       uchar * lmdata, const uchar * lmhash,
+			       const uchar * ntdata, const uchar * nthash,
+			       SAM_ACCOUNT **hnd, char *new_passwd,
+			       int new_passwd_size);
 
-#define MINPASSWDLENGTH 5
-#define BUFSIZE 512
+#if ALLOW_CHANGE_PASSWORD
 
 static int findpty(char **slave)
 {
-  int master;
-#ifdef SVR4
-  extern char *ptsname();
-#else
-  static char line[12] = "/dev/ptyXX";
-  void *dirp;
-  char *dpname;
-#endif
-  
-#ifdef SVR4
-  if ((master = open("/dev/ptmx", O_RDWR)) >= 1) {
-    grantpt(master);
-    unlockpt(master);
-    *slave = ptsname(master);
-    return (master);
-  }
-#else
-  dirp = OpenDir("/dev");
-  if (!dirp) return(-1);
-  while ((dpname = ReadDirName(dirp)) != NULL) {
-    if (strncmp(dpname, "pty", 3) == 0 && strlen(dpname) == 5) {
-      line[8] = dpname[3];
-      line[9] = dpname[4];
-      if ((master = open(line, O_RDWR)) >= 0) {
-	line[5] = 't';
-	*slave = line;
-	CloseDir(dirp);
-	return (master);
-      }
-    }
-  }
-  CloseDir(dirp);
-#endif
-  return (-1);
+	int master;
+	static fstring line;
+	DIR *dirp;
+	char *dpname;
+
+#if defined(HAVE_GRANTPT)
+	/* Try to open /dev/ptmx. If that fails, fall through to old method. */
+	if ((master = sys_open("/dev/ptmx", O_RDWR, 0)) >= 0)
+	{
+		grantpt(master);
+		unlockpt(master);
+		*slave = (char *)ptsname(master);
+		if (*slave == NULL)
+		{
+			DEBUG(0,
+			      ("findpty: Unable to create master/slave pty pair.\n"));
+			/* Stop fd leak on error. */
+			close(master);
+			return -1;
+		}
+		else
+		{
+			DEBUG(10,
+			      ("findpty: Allocated slave pty %s\n", *slave));
+			return (master);
+		}
+	}
+#endif /* HAVE_GRANTPT */
+
+	fstrcpy(line, "/dev/ptyXX");
+
+	dirp = opendir("/dev");
+	if (!dirp)
+		return (-1);
+	while ((dpname = readdirname(dirp)) != NULL)
+	{
+		if (strncmp(dpname, "pty", 3) == 0 && strlen(dpname) == 5)
+		{
+			DEBUG(3,
+			      ("pty: try to open %s, line was %s\n", dpname,
+			       line));
+			line[8] = dpname[3];
+			line[9] = dpname[4];
+			if ((master = sys_open(line, O_RDWR, 0)) >= 0)
+			{
+				DEBUG(3, ("pty: opened %s\n", line));
+				line[5] = 't';
+				*slave = line;
+				closedir(dirp);
+				return (master);
+			}
+		}
+	}
+	closedir(dirp);
+	return (-1);
 }
 
-static int dochild(int master,char *slavedev, char *name, char *passwordprogram)
+static int dochild(int master, const char *slavedev, const struct passwd *pass,
+		   const char *passwordprogram, BOOL as_root)
 {
-  int slave;
-  struct termios stermios;
-  struct passwd *pass = Get_Pwnam(name,True);
-  int gid = pass->pw_gid;
-  int uid = pass->pw_uid;
-
-#ifdef USE_SETRES
-  setresuid(0,0,0);
-#else
-  setuid(0);
-#endif
-
-  /* Start new session - gets rid of controlling terminal. */
-  if (setsid() < 0) {
-    DEBUG(3,("Weirdness, couldn't let go of controlling terminal\n"));
-    return(False);
-  }
-
-  /* Open slave pty and acquire as new controlling terminal. */
-  if ((slave = open(slavedev, O_RDWR)) < 0) {
-    DEBUG(3,("More weirdness, could not open %s\n", 
-	     slavedev));
-    return(False);
-  }
-#ifdef SVR4
-  ioctl(slave, I_PUSH, "ptem");
-  ioctl(slave, I_PUSH, "ldterm");
-#else
-  if (ioctl(slave,TIOCSCTTY,0) <0) {
-     DEBUG(3,("Error in ioctl call for slave pty\n"));
-     /* return(False); */
-  }
-#endif
-
-  /* Close master. */
-  close(master);
-
-  /* Make slave stdin/out/err of child. */
-
-  if (dup2(slave, STDIN_FILENO) != STDIN_FILENO) {
-    DEBUG(3,("Could not re-direct stdin\n"));
-    return(False);
-  }
-  if (dup2(slave, STDOUT_FILENO) != STDOUT_FILENO) {
-    DEBUG(3,("Could not re-direct stdout\n"));
-    return(False);
-  }
-  if (dup2(slave, STDERR_FILENO) != STDERR_FILENO) {
-    DEBUG(3,("Could not re-direct stderr\n"));
-    return(False);
-  }
-  if (slave > 2) close(slave);
-
-  /* Set proper terminal attributes - no echo, canonical input processing,
-     no map NL to CR/NL on output. */
-
-  if (tcgetattr(0, &stermios) < 0) {
-    DEBUG(3,("could not read default terminal attributes on pty\n"));
-    return(False);
-  }
-  stermios.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL);
-  stermios.c_lflag |= ICANON;
-  stermios.c_oflag &= ~(ONLCR);
-  if (tcsetattr(0, TCSANOW, &stermios) < 0) {
-    DEBUG(3,("could not set attributes of pty\n"));
-    return(False);
-  }
-
-  /* make us completely into the right uid */
-#ifdef USE_SETRES
-  setresgid(0,0,0);
-  setresuid(0,0,0);
-  setresgid(gid,gid,gid);
-  setresuid(uid,uid,uid);      
-#else      
-  setuid(0);
-  seteuid(0);
-  setgid(gid);
-  setegid(gid);
-  setuid(uid);
-  seteuid(uid);
+	int slave;
+	struct termios stermios;
+	gid_t gid;
+	uid_t uid;
+
+	if (pass == NULL)
+	{
+		DEBUG(0,
+		      ("dochild: user doesn't exist in the UNIX password database.\n"));
+		return False;
+	}
+
+	gid = pass->pw_gid;
+	uid = pass->pw_uid;
+
+	gain_root_privilege();
+
+	/* Start new session - gets rid of controlling terminal. */
+	if (setsid() < 0)
+	{
+		DEBUG(3,
+		      ("Weirdness, couldn't let go of controlling terminal\n"));
+		return (False);
+	}
+
+	/* Open slave pty and acquire as new controlling terminal. */
+	if ((slave = sys_open(slavedev, O_RDWR, 0)) < 0)
+	{
+		DEBUG(3, ("More weirdness, could not open %s\n", slavedev));
+		return (False);
+	}
+#ifdef I_PUSH
+	ioctl(slave, I_PUSH, "ptem");
+	ioctl(slave, I_PUSH, "ldterm");
+#elif defined(TIOCSCTTY)
+	if (ioctl(slave, TIOCSCTTY, 0) < 0)
+	{
+		DEBUG(3, ("Error in ioctl call for slave pty\n"));
+		/* return(False); */
+	}
 #endif
 
-  /* execl() password-change application */
-  if (execl("/bin/sh","sh","-c",passwordprogram,NULL) < 0) {
-    DEBUG(3,("Bad status returned from %s\n",passwordprogram));
-    return(False);
-  }
-  return(True);
+	/* Close master. */
+	close(master);
+
+	/* Make slave stdin/out/err of child. */
+
+	if (dup2(slave, STDIN_FILENO) != STDIN_FILENO)
+	{
+		DEBUG(3, ("Could not re-direct stdin\n"));
+		return (False);
+	}
+	if (dup2(slave, STDOUT_FILENO) != STDOUT_FILENO)
+	{
+		DEBUG(3, ("Could not re-direct stdout\n"));
+		return (False);
+	}
+	if (dup2(slave, STDERR_FILENO) != STDERR_FILENO)
+	{
+		DEBUG(3, ("Could not re-direct stderr\n"));
+		return (False);
+	}
+	if (slave > 2)
+		close(slave);
+
+	/* Set proper terminal attributes - no echo, canonical input processing,
+	   no map NL to CR/NL on output. */
+
+	if (tcgetattr(0, &stermios) < 0)
+	{
+		DEBUG(3,
+		      ("could not read default terminal attributes on pty\n"));
+		return (False);
+	}
+	stermios.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL);
+	stermios.c_lflag |= ICANON;
+ 	stermios.c_oflag &= ~(ONLCR);
+	if (tcsetattr(0, TCSANOW, &stermios) < 0)
+	{
+		DEBUG(3, ("could not set attributes of pty\n"));
+		return (False);
+	}
+
+	/* make us completely into the right uid */
+	if (!as_root)
+	{
+		become_user_permanently(uid, gid);
+	}
+
+	DEBUG(10,
+	      ("Invoking '%s' as password change program.\n",
+	       passwordprogram));
+
+	/* execl() password-change application */
+	if (execl("/bin/sh", "sh", "-c", passwordprogram, NULL) < 0)
+	{
+		DEBUG(3, ("Bad status returned from %s\n", passwordprogram));
+		return (False);
+	}
+	return (True);
 }
 
-static int expect(int master,char *expected,char *buf)
+static int expect(int master, char *issue, char *expected)
 {
-  int n, m;
- 
-  n = 0;
-  buf[0] = 0;
-  while (1) {
-    if (n >= BUFSIZE-1) {
-      return False;
-    }
-
-    /* allow 4 seconds for some output to appear */
-    m = read_with_timeout(master, buf+n, 1, BUFSIZE-1-n, 4000, True);
-    if (m < 0) 
-      return False;
-
-    n += m;
-    buf[n] = 0;
-
-    {
-      pstring s1,s2;
-      strcpy(s1,buf);
-      strcpy(s2,expected);
-      if (do_match(s1, s2, False))
-	return(True);
-    }
-  }
+	pstring buffer;
+	int attempts, timeout, nread, len;
+	BOOL match = False;
+
+	for (attempts = 0; attempts < 2; attempts++) {
+		if (!strequal(issue, ".")) {
+			if (lp_passwd_chat_debug())
+				DEBUG(100, ("expect: sending [%s]\n", issue));
+
+			if ((len = write(master, issue, strlen(issue))) != strlen(issue)) {
+				DEBUG(2,("expect: (short) write returned %d\n", len ));
+				return False;
+			}
+		}
+
+		if (strequal(expected, "."))
+			return True;
+
+		timeout = 2000;
+		nread = 0;
+		buffer[nread] = 0;
+
+		while ((len = read_with_timeout(master, buffer + nread, 1,
+						sizeof(buffer) - nread - 1,
+						timeout)) > 0) {
+			nread += len;
+			buffer[nread] = 0;
+
+			{
+				/* Eat leading/trailing whitespace before match. */
+				pstring str;
+				pstrcpy( str, buffer);
+				trim_string( str, " ", " ");
+
+				if ((match = (unix_wild_match(expected, str) == 0)))
+					timeout = 200;
+			}
+		}
+
+		if (lp_passwd_chat_debug())
+			DEBUG(100, ("expect: expected [%s] received [%s] match %s\n",
+				    expected, buffer, match ? "yes" : "no" ));
+
+		if (match)
+			break;
+
+		if (len < 0) {
+			DEBUG(2, ("expect: %s\n", strerror(errno)));
+			return False;
+		}
+	}
+
+	DEBUG(10,("expect: returning %s\n", match ? "True" : "False" ));
+	return match;
 }
 
 static void pwd_sub(char *buf)
 {
-  string_sub(buf,"\\n","\n");
-  string_sub(buf,"\\r","\r");
-  string_sub(buf,"\\s"," ");
-  string_sub(buf,"\\t","\t");
+	all_string_sub(buf, "\\n", "\n", 0);
+	all_string_sub(buf, "\\r", "\r", 0);
+	all_string_sub(buf, "\\s", " ", 0);
+	all_string_sub(buf, "\\t", "\t", 0);
+}
+
+static int talktochild(int master, char *seq)
+{
+	int count = 0;
+	fstring issue, expected;
+
+	fstrcpy(issue, ".");
+
+	while (next_token(&seq, expected, NULL, sizeof(expected)))
+	{
+		pwd_sub(expected);
+		count++;
+
+		if (!expect(master, issue, expected))
+		{
+			DEBUG(3, ("Response %d incorrect\n", count));
+			return False;
+		}
+
+		if (!next_token(&seq, issue, NULL, sizeof(issue)))
+			fstrcpy(issue, ".");
+
+		pwd_sub(issue);
+	}
+	if (!strequal(issue, ".")) {
+		/* we have one final issue to send */
+		fstrcpy(expected, ".");
+		if (!expect(master, issue, expected))
+			return False;
+	}
+
+	return (count > 0);
 }
 
-static void writestring(int fd,char *s)
+static BOOL chat_with_program(char *passwordprogram, struct passwd *pass,
+			      char *chatsequence, BOOL as_root)
 {
-  int l;
-  
-  l = strlen (s);
-  write (fd, s, l);
+	char *slavedev;
+	int master;
+	pid_t pid, wpid;
+	int wstat;
+	BOOL chstat = False;
+
+	if (pass == NULL)
+	{
+		DEBUG(0,
+		      ("chat_with_program: user doesn't exist in the UNIX password database.\n"));
+		return False;
+	}
+
+	/* allocate a pseudo-terminal device */
+	if ((master = findpty(&slavedev)) < 0)
+	{
+		DEBUG(3,
+		      ("Cannot Allocate pty for password change: %s\n",
+		       pass->pw_name));
+		return (False);
+	}
+
+	/*
+	 * We need to temporarily stop CatchChild from eating
+	 * SIGCLD signals as it also eats the exit status code. JRA.
+	 */
+
+	CatchChildLeaveStatus();
+
+	if ((pid = sys_fork()) < 0)
+	{
+		DEBUG(3,
+		      ("Cannot fork() child for password change: %s\n",
+		       pass->pw_name));
+		close(master);
+		CatchChild();
+		return (False);
+	}
+
+	/* we now have a pty */
+	if (pid > 0)
+	{			/* This is the parent process */
+		if ((chstat = talktochild(master, chatsequence)) == False)
+		{
+			DEBUG(3,
+			      ("Child failed to change password: %s\n",
+			       pass->pw_name));
+			kill(pid, SIGKILL);	/* be sure to end this process */
+		}
+
+		while ((wpid = sys_waitpid(pid, &wstat, 0)) < 0)
+		{
+			if (errno == EINTR)
+			{
+				errno = 0;
+				continue;
+			}
+			break;
+		}
+
+		if (wpid < 0)
+		{
+			DEBUG(3, ("The process is no longer waiting!\n\n"));
+			close(master);
+			CatchChild();
+			return (False);
+		}
+
+		/*
+		 * Go back to ignoring children.
+		 */
+		CatchChild();
+
+		close(master);
+
+		if (pid != wpid)
+		{
+			DEBUG(3,
+			      ("We were waiting for the wrong process ID\n"));
+			return (False);
+		}
+		if (WIFEXITED(wstat) == 0)
+		{
+			DEBUG(3,
+			      ("The process exited while we were waiting\n"));
+			return (False);
+		}
+		if (WEXITSTATUS(wstat) != 0)
+		{
+			DEBUG(3,
+			      ("The status of the process exiting was %d\n",
+			       wstat));
+			return (False);
+		}
+
+	}
+	else
+	{
+		/* CHILD */
+
+		/*
+		 * Lose any oplock capabilities.
+		 */
+		oplock_set_capability(False, False);
+
+		/* make sure it doesn't freeze */
+		alarm(20);
+
+		if (as_root)
+			become_root();
+
+		DEBUG(3,
+		      ("Dochild for user %s (uid=%d,gid=%d)\n", pass->pw_name,
+		       (int)getuid(), (int)getgid()));
+		chstat =
+			dochild(master, slavedev, pass, passwordprogram,
+				as_root);
+
+		if (as_root)
+			unbecome_root();
+
+		/*
+		 * The child should never return from dochild() ....
+		 */
+
+		DEBUG(0,
+		      ("chat_with_program: Error: dochild() returned %d\n",
+		       chstat));
+		exit(1);
+	}
+
+	if (chstat)
+		DEBUG(3,
+		      ("Password change %ssuccessful for user %s\n",
+		       (chstat ? "" : "un"), pass->pw_name));
+	return (chstat);
 }
 
 
-static int talktochild(int master, char *chatsequence)
+BOOL chgpasswd(const char *name, const char *oldpass, const char *newpass, BOOL as_root)
 {
-  char buf[BUFSIZE];
-  int count=0;
-  char *ptr=chatsequence;
-  fstring chatbuf;
+	pstring passwordprogram;
+	pstring chatsequence;
+	size_t i;
+	size_t len;
 
-  *buf = 0;
-  sleep(1);
+	struct passwd *pass;
 
-  while (next_token(&ptr,chatbuf,NULL)) {
-    BOOL ok=True;
-    count++;
-    pwd_sub(chatbuf);
-    if (!strequal(chatbuf,"."))
-      ok = expect(master,chatbuf,buf);
+	DEBUG(3, ("Password change for user: %s\n", name));
 
 #if DEBUG_PASSWORD
-      DEBUG(100,("chatbuf=[%s] responsebuf=[%s]\n",chatbuf,buf));
-#endif      
-
-    if (!ok) {
-      DEBUG(3,("response %d incorrect\n",count));
-      return(False);
-    }
+	DEBUG(100, ("Passwords: old=%s new=%s\n", oldpass, newpass));
+#endif
 
-    if (!next_token(&ptr,chatbuf,NULL)) break;
-    pwd_sub(chatbuf);
-    if (!strequal(chatbuf,"."))
-      writestring(master,chatbuf);
+	/* Take the passed information and test it for minimum criteria */
+	/* Minimum password length */
+	if (strlen(newpass) < lp_min_passwd_length()) {
+		/* too short, must be at least MINPASSWDLENGTH */
+		DEBUG(0, ("Password Change: user %s, New password is shorter than minimum password length = %d\n",
+		       name, lp_min_passwd_length()));
+		return (False);	/* inform the user */
+	}
+
+	/* Password is same as old password */
+	if (strcmp(oldpass, newpass) == 0) {
+		/* don't allow same password */
+		DEBUG(2, ("Password Change: %s, New password is same as old\n", name));	/* log the attempt */
+		return (False);	/* inform the user */
+	}
+
+	/* 
+	 * Check the old and new passwords don't contain any control
+	 * characters.
+	 */
+
+	len = strlen(oldpass);
+	for (i = 0; i < len; i++) {
+		if (iscntrl((int)oldpass[i])) {
+			DEBUG(0,
+			      ("chat_with_program: oldpass contains control characters (disallowed).\n"));
+			return False;
+		}
+	}
+
+	len = strlen(newpass);
+	for (i = 0; i < len; i++) {
+		if (iscntrl((int)newpass[i])) {
+			DEBUG(0,
+			      ("chat_with_program: newpass contains control characters (disallowed).\n"));
+			return False;
+		}
+	}
+	
+	pass = Get_Pwnam(name);
+
+#ifdef WITH_PAM
+	if (lp_pam_password_change()) {
+		BOOL ret;
+
+		if (as_root)
+			become_root();
+
+		if (pass) {
+			ret = smb_pam_passchange(pass->pw_name, oldpass, newpass);
+		} else {
+			ret = smb_pam_passchange(name, oldpass, newpass);
+		}
+			
+		if (as_root)
+			unbecome_root();
+
+		return ret;
+	}
+#endif
 
-#if DEBUG_PASSWORD
-    DEBUG(100,("sendbuf=[%s]\n",chatbuf));
-#endif      
-  }
+	/* A non-PAM password change just doen't make sense without a valid local user */
+
+	if (pass == NULL)
+	{
+		DEBUG(0,
+		      ("chgpasswd: user %s doesn't exist in the UNIX password database.\n",
+		       name));
+		return False;
+	}
+
+	pstrcpy(passwordprogram, lp_passwd_program());
+	pstrcpy(chatsequence, lp_passwd_chat());
+
+	if (!*chatsequence) {
+		DEBUG(2, ("chgpasswd: Null chat sequence - no password changing\n"));
+		return (False);
+	}
+
+	if (!*passwordprogram) {
+		DEBUG(2, ("chgpasswd: Null password program - no password changing\n"));
+		return (False);
+	}
+
+	if (as_root) {
+		/* The password program *must* contain the user name to work. Fail if not. */
+		if (strstr(passwordprogram, "%u") == NULL) {
+			DEBUG(0,("chgpasswd: Running as root the 'passwd program' parameter *MUST* contain \
+the string %%u, and the given string %s does not.\n", passwordprogram ));
+			return False;
+		}
+	}
+
+	pstring_sub(passwordprogram, "%u", name);
+	/* note that we do NOT substitute the %o and %n in the password program
+	   as this would open up a security hole where the user could use
+	   a new password containing shell escape characters */
+
+	pstring_sub(chatsequence, "%u", name);
+	all_string_sub(chatsequence, "%o", oldpass, sizeof(pstring));
+	all_string_sub(chatsequence, "%n", newpass, sizeof(pstring));
+	return (chat_with_program
+		(passwordprogram, pass, chatsequence, as_root));
+}
 
-  if (count<1) return(False);
+#else /* ALLOW_CHANGE_PASSWORD */
 
-  return (True);
+BOOL chgpasswd(const char *name, const char *oldpass, const char *newpass, BOOL as_root)
+{
+	DEBUG(0, ("Password changing not compiled in (user=%s)\n", name));
+	return (False);
 }
+#endif /* ALLOW_CHANGE_PASSWORD */
 
+/***********************************************************
+ Code to check the lanman hashed password.
+************************************************************/
 
-BOOL chat_with_program(char *passwordprogram,char *name,char *chatsequence)
+BOOL check_lanman_password(char *user, uchar * pass1,
+			   uchar * pass2, SAM_ACCOUNT **hnd)
 {
-  char *slavedev;
-  int master;
-  pid_t pid, wpid;
-  int wstat;
-  BOOL chstat;    
-
-  /* allocate a pseudo-terminal device */
-  if ((master = findpty (&slavedev)) < 0) {
-    DEBUG(3,("Cannot Allocate pty for password change: %s",name));
-    return(False);
-  }
-
-  if ((pid = fork()) < 0) {
-    DEBUG(3,("Cannot fork() child for password change: %s",name));
-    return(False);
-  }
-
-  /* we now have a pty */
-  if (pid > 0){			/* This is the parent process */
-    if ((chstat = talktochild(master, chatsequence)) == False) {
-      DEBUG(3,("Child failed to change password: %s\n",name));
-      kill(pid, SIGKILL); /* be sure to end this process */
-      return(False);
-    }
-    if ((wpid = waitpid(pid, &wstat, 0)) < 0) {
-      DEBUG(3,("The process is no longer waiting!\n\n"));
-      return(False);
-    }
-    if (pid != wpid) {
-      DEBUG(3,("We were waiting for the wrong process ID\n"));	
-      return(False);
-    }
-    if (WIFEXITED(wstat) == 0) {
-      DEBUG(3,("The process exited while we were waiting\n"));
-      return(False);
-    }
-    if (WEXITSTATUS(wstat) != 0) {
-      DEBUG(3,("The status of the process exiting was %d\n", wstat));
-      return(False);
-    }
-    
-  } else {
-    /* CHILD */
-
-    /* make sure it doesn't freeze */
-    alarm(20);
-
-    DEBUG(3,("Dochild for user %s (uid=%d,gid=%d)\n",name,getuid(),getgid()));
-    chstat = dochild(master, slavedev, name, passwordprogram);
-  }
-  DEBUG(3,("Password change %ssuccessful for user %s\n", (chstat?"":"un"), name));
-  return (chstat);
+	uchar unenc_new_pw[16];
+	uchar unenc_old_pw[16];
+	SAM_ACCOUNT *sampass = NULL;
+	uint16 acct_ctrl;
+	const uint8 *lanman_pw;
+	BOOL ret;
+	
+	become_root();
+	ret = pdb_getsampwnam(sampass, user);
+	unbecome_root();
+
+	if (ret == False) {
+		DEBUG(0,("check_lanman_password: getsampwnam returned NULL\n"));
+		pdb_free_sam(&sampass);
+		return False;
+	}
+	
+	acct_ctrl = pdb_get_acct_ctrl     (sampass);
+	lanman_pw = pdb_get_lanman_passwd (sampass);
+
+	if (acct_ctrl & ACB_DISABLED) {
+		DEBUG(0,("check_lanman_password: account %s disabled.\n", user));
+		pdb_free_sam(&sampass);
+		return False;
+	}
+
+	if (lanman_pw == NULL) {
+		if (acct_ctrl & ACB_PWNOTREQ) {
+			/* this saves the pointer for the caller */
+			*hnd = sampass;
+			return True;
+		} else {
+			DEBUG(0, ("check_lanman_password: no lanman password !\n"));
+			pdb_free_sam(&sampass);
+			return False;
+		}
+	}
+
+	/* Get the new lanman hash. */
+	D_P16(lanman_pw, pass2, unenc_new_pw);
+
+	/* Use this to get the old lanman hash. */
+	D_P16(unenc_new_pw, pass1, unenc_old_pw);
+
+	/* Check that the two old passwords match. */
+	if (memcmp(lanman_pw, unenc_old_pw, 16)) {
+		DEBUG(0,("check_lanman_password: old password doesn't match.\n"));
+		pdb_free_sam(&sampass);
+		return False;
+	}
+
+	/* this saves the pointer for the caller */
+	*hnd = sampass;
+	return True;
 }
 
+/***********************************************************
+ Code to change the lanman hashed password.
+ It nulls out the NT hashed password as it will
+ no longer be valid.
+************************************************************/
+
+BOOL change_lanman_password(SAM_ACCOUNT *sampass, uchar * pass1,
+			    uchar * pass2)
+{
+	static uchar null_pw[16];
+	uchar unenc_new_pw[16];
+	BOOL ret;
+	uint16 acct_ctrl;
+	const uint8 *pwd;
+
+	if (sampass == NULL) {
+		DEBUG(0,("change_lanman_password: no smb password entry.\n"));
+		return False;
+	}
+	
+	acct_ctrl = pdb_get_acct_ctrl(sampass);
+	pwd = pdb_get_lanman_passwd(sampass);
+
+	if (acct_ctrl & ACB_DISABLED) {
+		DEBUG(0,("change_lanman_password: account %s disabled.\n",
+		       pdb_get_username(sampass)));
+		return False;
+	}
+
+	if (pwd == NULL) { 
+		if (acct_ctrl & ACB_PWNOTREQ) {
+			uchar no_pw[14];
+			memset(no_pw, '\0', 14);
+			E_P16(no_pw, null_pw);
+
+			/* Get the new lanman hash. */
+			D_P16(null_pw, pass2, unenc_new_pw);
+		} else {
+			DEBUG(0,("change_lanman_password: no lanman password !\n"));
+			return False;
+		}
+	} else {
+		/* Get the new lanman hash. */
+		D_P16(pwd, pass2, unenc_new_pw);
+	}
+
+	if (!pdb_set_lanman_passwd(sampass, unenc_new_pw)) {
+		return False;
+	}
+
+	if (!pdb_set_nt_passwd    (sampass, NULL)) {
+		return False;	/* We lose the NT hash. Sorry. */
+	}
+
+	if (!pdb_set_pass_changed_now  (sampass)) {
+		pdb_free_sam(&sampass);
+		/* Not quite sure what this one qualifies as, but this will do */
+		return False; 
+	}
+ 
+	/* Now flush the sam_passwd struct to persistent storage */
+	become_root();
+	ret = pdb_update_sam_account (sampass);
+	unbecome_root();
+
+	return ret;
+}
 
-BOOL chgpasswd(char *name,char *oldpass,char *newpass)
+/***********************************************************
+ Code to check and change the OEM hashed password.
+************************************************************/
+BOOL pass_oem_change(char *user,
+		     uchar * lmdata, uchar * lmhash,
+		     uchar * ntdata, uchar * nthash)
 {
-  pstring passwordprogram;
-  pstring chatsequence;
+	fstring new_passwd;
+	const char *unix_user;
+	SAM_ACCOUNT *sampass = NULL;
+	BOOL ret = check_oem_password(user, lmdata, lmhash, ntdata, nthash,
+				      &sampass, new_passwd, sizeof(new_passwd));
 
-  strlower(name); 
-  DEBUG(3,("Password change for user: %s\n",name));
+	/* 
+	 * At this point we have the new case-sensitive plaintext
+	 * password in the fstring new_passwd. If we wanted to synchronise
+	 * with UNIX passwords we would call a UNIX password changing 
+	 * function here. However it would have to be done as root
+	 * as the plaintext of the old users password is not 
+	 * available. JRA.
+	 */
 
-#if DEBUG_PASSWORD
-  DEBUG(100,("Passwords: old=%s new=%s\n",oldpass,newpass)); 
-#endif
+	unix_user = pdb_get_username(sampass);
 
-  /* Take the passed information and test it for minimum criteria */
-  /* Minimum password length */
-  if (strlen(newpass) < MINPASSWDLENGTH) /* too short, must be at least MINPASSWDLENGTH */ 
-    {
-      DEBUG(2,("Password Change: %s, New password is shorter than MINPASSWDLENGTH\n",name));
-      return (False);		/* inform the user */
-    }
-  
-  /* Password is same as old password */
-  if (strcmp(oldpass,newpass) == 0) /* don't allow same password */
-    {
-      DEBUG(2,("Password Change: %s, New password is same as old\n",name)); /* log the attempt */
-      return (False);		/* inform the user */
-    }
-
-#if (defined(PASSWD_PROGRAM) && defined(PASSWD_CHAT))
-  strcpy(passwordprogram,PASSWD_PROGRAM);
-  strcpy(chatsequence,PASSWD_CHAT);
-#else
-  strcpy(passwordprogram,lp_passwd_program());
-  strcpy(chatsequence,lp_passwd_chat());
-#endif
+	if ((ret) && (unix_user) && (*unix_user) && lp_unix_password_sync())
+		ret = chgpasswd(unix_user, "", new_passwd, True);
 
-  if (!*chatsequence) {
-    DEBUG(2,("Null chat sequence - no password changing\n"));
-    return(False);
-  }
+	if (ret)
+		ret = change_oem_password(sampass, new_passwd);
 
-  if (!*passwordprogram) {
-    DEBUG(2,("Null password program - no password changing\n"));
-    return(False);
-  }
+	memset(new_passwd, 0, sizeof(new_passwd));
 
-  string_sub(passwordprogram,"%u",name);
-  string_sub(passwordprogram,"%o",oldpass);
-  string_sub(passwordprogram,"%n",newpass);
+	pdb_free_sam(&sampass);
 
-  string_sub(chatsequence,"%u",name);
-  string_sub(chatsequence,"%o",oldpass);
-  string_sub(chatsequence,"%n",newpass);
-  return(chat_with_program(passwordprogram,name,chatsequence));
+	return ret;
 }
 
-#else
-BOOL chgpasswd(char *name,char *oldpass,char *newpass)
+/***********************************************************
+ Code to check the OEM hashed password.
+
+ this function ignores the 516 byte nt OEM hashed password
+ but does use the lm OEM password to check the nt hashed-hash.
+
+************************************************************/
+static BOOL check_oem_password(const char *user,
+			       uchar * lmdata, const uchar * lmhash,
+			       const uchar * ntdata, const uchar * nthash,
+			       SAM_ACCOUNT **hnd, char *new_passwd,
+			       int new_passwd_size)
 {
-  DEBUG(0,("Password changing not compiled in (user=%s)\n",name));
-  return(False);
-}
+	static uchar null_pw[16];
+	static uchar null_ntpw[16];
+	SAM_ACCOUNT *sampass = NULL;
+	const uint8 *lanman_pw, *nt_pw;
+	uint16 acct_ctrl;
+	int new_pw_len;
+	uchar new_ntp16[16];
+	uchar unenc_old_ntpw[16];
+	uchar new_p16[16];
+	uchar unenc_old_pw[16];
+	char no_pw[2];
+	BOOL ret;
+
+	BOOL nt_pass_set = (ntdata != NULL && nthash != NULL);
+
+	pdb_init_sam(&sampass);
+
+	become_root();
+	ret = pdb_getsampwnam(sampass, user);
+	unbecome_root();
+
+	if (ret == False) {
+		DEBUG(0, ("check_oem_password: getsmbpwnam returned NULL\n"));
+		return False;
+	}
+
+	*hnd = sampass;
+	
+	acct_ctrl = pdb_get_acct_ctrl(sampass);
+	
+	if (acct_ctrl & ACB_DISABLED) {
+		DEBUG(0,("check_lanman_password: account %s disabled.\n", user));
+		return False;
+	}
+
+	/* construct a null password (in case one is needed */
+	no_pw[0] = 0;
+	no_pw[1] = 0;
+	nt_lm_owf_gen(no_pw, null_ntpw, null_pw);
+
+	/* save pointers to passwords so we don't have to keep looking them up */
+	lanman_pw = pdb_get_lanman_passwd(sampass);
+	nt_pw     = pdb_get_nt_passwd    (sampass);
+
+	/* check for null passwords */
+	if (lanman_pw == NULL) {
+		if (!(acct_ctrl & ACB_PWNOTREQ)) {
+			DEBUG(0,("check_oem_password: no lanman password !\n"));
+			return False;
+		}
+	}
+	
+	if (pdb_get_nt_passwd(sampass) == NULL && nt_pass_set) {
+		if (!(acct_ctrl & ACB_PWNOTREQ)) {
+			DEBUG(0,("check_oem_password: no ntlm password !\n"));
+			return False;
+		}
+	}
+	
+	/* 
+	 * Call the hash function to get the new password.
+	 */
+	SamOEMhash( lmdata, lanman_pw, 516);
+
+	/* 
+	 * The length of the new password is in the last 4 bytes of
+	 * the data buffer.
+	 */
+
+	new_pw_len = IVAL(lmdata, 512);
+	if (new_pw_len < 0 || new_pw_len > new_passwd_size - 1) {
+		DEBUG(0,("check_oem_password: incorrect password length (%d).\n", new_pw_len));
+		return False;
+	}
+
+	if (nt_pass_set) {
+		/*
+		 * nt passwords are in unicode
+		 */
+		pull_ucs2(NULL, new_passwd, 
+			  (const smb_ucs2_t *)&lmdata[512 - new_pw_len],
+			  new_passwd_size, new_pw_len, 0);
+	} else {
+		memcpy(new_passwd, &lmdata[512 - new_pw_len], new_pw_len);
+		new_passwd[new_pw_len] = 0;
+	}
+
+	/*
+	 * To ensure we got the correct new password, hash it and
+	 * use it as a key to test the passed old password.
+	 */
+
+	nt_lm_owf_gen(new_passwd, new_ntp16, new_p16);
+
+	if (!nt_pass_set)
+	{
+		/*
+		 * Now use new_p16 as the key to see if the old
+		 * password matches.
+		 */
+		D_P16(new_p16, lmhash, unenc_old_pw);
+
+		if (memcmp(lanman_pw, unenc_old_pw, 16))
+		{
+			DEBUG(0,("check_oem_password: old lm password doesn't match.\n"));
+			return False;
+		}
+
+#ifdef DEBUG_PASSWORD
+		DEBUG(100,
+		      ("check_oem_password: password %s ok\n", new_passwd));
+#endif
+		return True;
+	}
+
+	/*
+	 * Now use new_p16 as the key to see if the old
+	 * password matches.
+	 */
+	D_P16(new_ntp16, lmhash, unenc_old_pw);
+	D_P16(new_ntp16, nthash, unenc_old_ntpw);
+
+	if (memcmp(lanman_pw, unenc_old_pw, 16))
+	{
+		DEBUG(0,("check_oem_password: old lm password doesn't match.\n"));
+		return False;
+	}
+
+	if (memcmp(nt_pw, unenc_old_ntpw, 16))
+	{
+		DEBUG(0,("check_oem_password: old nt password doesn't match.\n"));
+		return False;
+	}
+#ifdef DEBUG_PASSWORD
+	DEBUG(100, ("check_oem_password: password %s ok\n", new_passwd));
 #endif
+	return True;
+}
+
+/***********************************************************
+ Code to change the oem password. Changes both the lanman
+ and NT hashes.
+************************************************************/
+
+BOOL change_oem_password(SAM_ACCOUNT *hnd, char *new_passwd)
+{
+	BOOL ret;
+
+	if (!pdb_set_plaintext_passwd (hnd, new_passwd)) {
+		return False;
+	}
+
+	/* Now write it into the file. */
+	become_root();
+	ret = pdb_update_sam_account (hnd);
+	unbecome_root();
+
+	return ret;
+}
+
+
+
diff --git a/source3/smbd/close.c b/source3/smbd/close.c
new file mode 100644
index 0000000000..dc52327cb4
--- /dev/null
+++ b/source3/smbd/close.c
@@ -0,0 +1,274 @@
+/* 
+   Unix SMB/CIFS implementation.
+   file closing
+   Copyright (C) Andrew Tridgell 1992-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/****************************************************************************
+run a file if it is a magic script
+****************************************************************************/
+static void check_magic(files_struct *fsp,connection_struct *conn)
+{
+  if (!*lp_magicscript(SNUM(conn)))
+    return;
+
+  DEBUG(5,("checking magic for %s\n",fsp->fsp_name));
+
+  {
+    char *p;
+    if (!(p = strrchr_m(fsp->fsp_name,'/')))
+      p = fsp->fsp_name;
+    else
+      p++;
+
+    if (!strequal(lp_magicscript(SNUM(conn)),p))
+      return;
+  }
+
+  {
+    int ret;
+    pstring magic_output;
+    pstring fname;
+	SMB_STRUCT_STAT st;
+	int tmp_fd, outfd;
+
+    pstrcpy(fname,fsp->fsp_name);
+    if (*lp_magicoutput(SNUM(conn)))
+      pstrcpy(magic_output,lp_magicoutput(SNUM(conn)));
+    else
+      slprintf(magic_output,sizeof(fname)-1, "%s.out",fname);
+
+    chmod(fname,0755);
+    ret = smbrun(fname,&tmp_fd);
+    DEBUG(3,("Invoking magic command %s gave %d\n",fname,ret));
+    unlink(fname);
+	if (ret != 0 || tmp_fd == -1) {
+		if (tmp_fd != -1)
+			close(tmp_fd);
+		return;
+	}
+	outfd = open(magic_output, O_CREAT|O_EXCL|O_RDWR, 0600);
+	if (outfd == -1) {
+		close(tmp_fd);
+		return;
+	}
+
+	if (sys_fstat(tmp_fd,&st) == -1) {
+		close(tmp_fd);
+		close(outfd);
+		return;
+	}
+
+	transfer_file(tmp_fd,outfd,(SMB_OFF_T)st.st_size);
+	close(tmp_fd);
+	close(outfd);
+  }
+}
+
+/****************************************************************************
+  Common code to close a file or a directory.
+****************************************************************************/
+
+static int close_filestruct(files_struct *fsp)
+{   
+	connection_struct *conn = fsp->conn;
+	int ret = 0;
+    
+	if (fsp->fd != -1) {
+		if(flush_write_cache(fsp, CLOSE_FLUSH) == -1)
+			ret = -1;
+
+		delete_write_cache(fsp);
+	}
+
+	fsp->is_directory = False; 
+    
+	conn->num_files_open--;
+	SAFE_FREE(fsp->wbmpx_ptr);
+
+	return ret;
+}    
+
+/****************************************************************************
+ Close a file.
+
+ If normal_close is 1 then this came from a normal SMBclose (or equivalent)
+ operation otherwise it came as the result of some other operation such as
+ the closing of the connection. In the latter case printing and
+ magic scripts are not run.
+****************************************************************************/
+
+static int close_normal_file(files_struct *fsp, BOOL normal_close)
+{
+	share_mode_entry *share_entry = NULL;
+	size_t share_entry_count = 0;
+	BOOL delete_on_close = False;
+	connection_struct *conn = fsp->conn;
+	int err = 0;
+	int err1 = 0;
+
+	remove_pending_lock_requests_by_fid(fsp);
+
+	/*
+	 * If we're flushing on a close we can get a write
+	 * error here, we must remember this.
+	 */
+
+	if (close_filestruct(fsp) == -1)
+		err1 = -1;
+
+	if (fsp->print_file) {
+		print_fsp_end(fsp, normal_close);
+		file_free(fsp);
+		return 0;
+	}
+
+	/*
+	 * Lock the share entries, and determine if we should delete
+	 * on close. If so delete whilst the lock is still in effect.
+	 * This prevents race conditions with the file being created. JRA.
+	 */
+
+	lock_share_entry_fsp(fsp);
+	share_entry_count = del_share_mode(fsp, &share_entry);
+
+	DEBUG(10,("close_normal_file: share_entry_count = %d for file %s\n",
+		share_entry_count, fsp->fsp_name ));
+
+	/*
+	 * We delete on close if it's the last open, and the
+	 * delete on close flag was set in the entry we just deleted.
+	 */
+
+	if ((share_entry_count == 0) && share_entry && 
+			GET_DELETE_ON_CLOSE_FLAG(share_entry->share_mode) )
+		delete_on_close = True;
+
+	SAFE_FREE(share_entry);
+
+	/*
+	 * NT can set delete_on_close of the last open
+	 * reference to a file.
+	 */
+
+	if (normal_close && delete_on_close) {
+		DEBUG(5,("close_file: file %s. Delete on close was set - deleting file.\n",
+			fsp->fsp_name));
+		if(fsp->conn->vfs_ops.unlink(conn,fsp->fsp_name) != 0) {
+			/*
+			 * This call can potentially fail as another smbd may have
+			 * had the file open with delete on close set and deleted
+			 * it when its last reference to this file went away. Hence
+			 * we log this but not at debug level zero.
+			 */
+
+		DEBUG(5,("close_file: file %s. Delete on close was set and unlink failed \
+with error %s\n", fsp->fsp_name, strerror(errno) ));
+		}
+	}
+
+	unlock_share_entry_fsp(fsp);
+
+	if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type))
+		release_file_oplock(fsp);
+
+	locking_close_file(fsp);
+
+	err = fd_close(conn, fsp);
+
+	/* check for magic scripts */
+	if (normal_close) {
+		check_magic(fsp,conn);
+	}
+
+	/*
+	 * Ensure pending modtime is set after close.
+	 */
+
+	if(fsp->pending_modtime) {
+		int saved_errno = errno;
+		set_filetime(conn, fsp->fsp_name, fsp->pending_modtime);
+		errno = saved_errno;
+	}
+
+	DEBUG(2,("%s closed file %s (numopen=%d) %s\n",
+		 conn->user,fsp->fsp_name,
+		 conn->num_files_open, err ? strerror(err) : ""));
+
+	if (fsp->fsp_name)
+		string_free(&fsp->fsp_name);
+
+	file_free(fsp);
+
+	if (err == -1 || err1 == -1)
+		return -1;
+	else
+		return 0;
+}
+
+/****************************************************************************
+ Close a directory opened by an NT SMB call. 
+****************************************************************************/
+  
+static int close_directory(files_struct *fsp, BOOL normal_close)
+{
+	remove_pending_change_notify_requests_by_fid(fsp);
+
+	/*
+	 * NT can set delete_on_close of the last open
+	 * reference to a directory also.
+	 */
+
+	if (normal_close && fsp->directory_delete_on_close) {
+		BOOL ok = rmdir_internals(fsp->conn, fsp->fsp_name);
+		DEBUG(5,("close_directory: %s. Delete on close was set - deleting directory %s.\n",
+			fsp->fsp_name, ok ? "succeeded" : "failed" ));
+
+		/*
+		 * Ensure we remove any change notify requests that would
+		 * now fail as the directory has been deleted.
+		 */
+
+		if(ok)
+			remove_pending_change_notify_requests_by_filename(fsp);
+	}
+
+	/*
+	 * Do the code common to files and directories.
+	 */
+	close_filestruct(fsp);
+	
+	if (fsp->fsp_name)
+		string_free(&fsp->fsp_name);
+	
+	file_free(fsp);
+
+	return 0;
+}
+
+/****************************************************************************
+ Close a directory opened by an NT SMB call. 
+****************************************************************************/
+  
+int close_file(files_struct *fsp, BOOL normal_close)
+{
+	if(fsp->is_directory)
+		return close_directory(fsp, normal_close);
+	return close_normal_file(fsp, normal_close);
+}
diff --git a/source3/smbd/conn.c b/source3/smbd/conn.c
new file mode 100644
index 0000000000..f552d4a224
--- /dev/null
+++ b/source3/smbd/conn.c
@@ -0,0 +1,224 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Manage connections_struct structures
+   Copyright (C) Andrew Tridgell 1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/* set these to define the limits of the server. NOTE These are on a
+   per-client basis. Thus any one machine can't connect to more than
+   MAX_CONNECTIONS services, but any number of machines may connect at
+   one time. */
+#define MAX_CONNECTIONS 128
+
+static connection_struct *Connections;
+
+/* number of open connections */
+static struct bitmap *bmap;
+static int num_open;
+
+/****************************************************************************
+init the conn structures
+****************************************************************************/
+void conn_init(void)
+{
+	bmap = bitmap_allocate(MAX_CONNECTIONS);
+}
+
+/****************************************************************************
+return the number of open connections
+****************************************************************************/
+int conn_num_open(void)
+{
+	return num_open;
+}
+
+
+/****************************************************************************
+check if a snum is in use
+****************************************************************************/
+BOOL conn_snum_used(int snum)
+{
+	connection_struct *conn;
+	for (conn=Connections;conn;conn=conn->next) {
+		if (conn->service == snum) {
+			return(True);
+		}
+	}
+	return(False);
+}
+
+
+/****************************************************************************
+find a conn given a cnum
+****************************************************************************/
+connection_struct *conn_find(int cnum)
+{
+	int count=0;
+	connection_struct *conn;
+
+	for (conn=Connections;conn;conn=conn->next,count++) {
+		if (conn->cnum == cnum) {
+			if (count > 10) {
+				DLIST_PROMOTE(Connections, conn);
+			}
+			return conn;
+		}
+	}
+
+	return NULL;
+}
+
+
+/****************************************************************************
+  find first available connection slot, starting from a random position.
+The randomisation stops problems with the server dieing and clients
+thinking the server is still available.
+****************************************************************************/
+connection_struct *conn_new(void)
+{
+	connection_struct *conn;
+	int i;
+
+	i = bitmap_find(bmap, 1);
+	
+	if (i == -1) {
+		DEBUG(1,("ERROR! Out of connection structures\n"));	       
+		return NULL;
+	}
+
+	conn = (connection_struct *)malloc(sizeof(*conn));
+	if (!conn) return NULL;
+
+	ZERO_STRUCTP(conn);
+	conn->cnum = i;
+
+	bitmap_set(bmap, i);
+
+	num_open++;
+
+	string_set(&conn->user,"");
+	string_set(&conn->dirpath,"");
+	string_set(&conn->connectpath,"");
+	string_set(&conn->origpath,"");
+	
+	DLIST_ADD(Connections, conn);
+
+	return conn;
+}
+
+/****************************************************************************
+close all conn structures
+****************************************************************************/
+void conn_close_all(void)
+{
+	connection_struct *conn, *next;
+	for (conn=Connections;conn;conn=next) {
+		next=conn->next;
+		close_cnum(conn, (uint16)-1);
+	}
+}
+
+/****************************************************************************
+idle inactive connections
+****************************************************************************/
+BOOL conn_idle_all(time_t t, int deadtime)
+{
+	BOOL allidle = True;
+	connection_struct *conn, *next;
+
+	for (conn=Connections;conn;conn=next) {
+		next=conn->next;
+		/* close dirptrs on connections that are idle */
+		if ((t-conn->lastused) > DPTR_IDLE_TIMEOUT)
+			dptr_idlecnum(conn);
+
+		if (conn->num_files_open > 0 || 
+		    (t-conn->lastused)<deadtime)
+			allidle = False;
+	}
+
+	return allidle;
+}
+
+/****************************************************************************
+ Free a conn structure.
+****************************************************************************/
+
+void conn_free(connection_struct *conn)
+{
+	/* Free vfs_connection_struct */
+	    
+	if (conn->dl_handle != NULL) {
+		/* Close dlopen() handle */
+		dlclose(conn->dl_handle);
+	}
+
+	DLIST_REMOVE(Connections, conn);
+
+	if (conn->ngroups && conn->groups) {
+		SAFE_FREE(conn->groups);
+		conn->ngroups = 0;
+	}
+
+	delete_nt_token(&conn->nt_user_token);
+	free_namearray(conn->veto_list);
+	free_namearray(conn->hide_list);
+	free_namearray(conn->veto_oplock_list);
+	
+	string_free(&conn->user);
+	string_free(&conn->dirpath);
+	string_free(&conn->connectpath);
+	string_free(&conn->origpath);
+
+	bitmap_clear(bmap, conn->cnum);
+	num_open--;
+
+	ZERO_STRUCTP(conn);
+	SAFE_FREE(conn);
+}
+
+
+/****************************************************************************
+receive a smbcontrol message to forcibly unmount a share
+the message contains just a share name and all instances of that
+share are unmounted
+the special sharename '*' forces unmount of all shares
+****************************************************************************/
+void msg_force_tdis(int msg_type, pid_t pid, void *buf, size_t len)
+{
+	connection_struct *conn, *next;
+	fstring sharename;
+
+	fstrcpy(sharename, buf);
+
+	if (strcmp(sharename, "*") == 0) {
+		DEBUG(1,("Forcing close of all shares\n"));
+		conn_close_all();
+		return;
+	}
+
+	for (conn=Connections;conn;conn=next) {
+		next=conn->next;
+		if (strequal(lp_servicename(conn->service), sharename)) {
+			DEBUG(1,("Forcing close of share %s cnum=%d\n",
+				 sharename, conn->cnum));
+			close_cnum(conn, (uint16)-1);
+		}
+	}
+}
diff --git a/source3/smbd/connection.c b/source3/smbd/connection.c
new file mode 100644
index 0000000000..c9815dbf8c
--- /dev/null
+++ b/source3/smbd/connection.c
@@ -0,0 +1,189 @@
+/* 
+   Unix SMB/CIFS implementation.
+   connection claim routines
+   Copyright (C) Andrew Tridgell 1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+extern fstring remote_machine;
+static TDB_CONTEXT *tdb;
+
+/****************************************************************************
+ Return the connection tdb context (used for message send all).
+****************************************************************************/
+
+TDB_CONTEXT *conn_tdb_ctx(void)
+{
+	return tdb;
+}
+
+/****************************************************************************
+ Delete a connection record.
+****************************************************************************/
+
+BOOL yield_connection(connection_struct *conn,char *name)
+{
+	struct connections_key key;
+	TDB_DATA kbuf;
+
+	if (!tdb) return False;
+
+	DEBUG(3,("Yielding connection to %s\n",name));
+
+	ZERO_STRUCT(key);
+	key.pid = sys_getpid();
+	key.cnum = conn?conn->cnum:-1;
+	fstrcpy(key.name, name);
+
+	kbuf.dptr = (char *)&key;
+	kbuf.dsize = sizeof(key);
+
+	if (tdb_delete(tdb, kbuf) != 0) {
+		int dbg_lvl = (!conn && (tdb_error(tdb) == TDB_ERR_NOEXIST)) ? 3 : 0;
+		DEBUG(dbg_lvl,("yield_connection: tdb_delete for name %s failed with error %s.\n",
+			name, tdb_errorstr(tdb) ));
+		return (False);
+	}
+
+	return(True);
+}
+
+struct count_stat {
+	pid_t mypid;
+	int curr_connections;
+	char *name;
+	BOOL Clear;
+};
+
+/****************************************************************************
+ Count the entries belonging to a service in the connection db.
+****************************************************************************/
+
+static int count_fn( TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf, void *udp)
+{
+	struct connections_data crec;
+	struct count_stat *cs = (struct count_stat *)udp;
+ 
+	if (dbuf.dsize != sizeof(crec))
+		return 0;
+
+	memcpy(&crec, dbuf.dptr, sizeof(crec));
+ 
+    if (crec.cnum == -1)
+		return 0;
+
+	/* If the pid was not found delete the entry from connections.tdb */
+
+	if (cs->Clear && !process_exists(crec.pid) && (errno == ESRCH)) {
+		DEBUG(2,("pid %u doesn't exist - deleting connections %d [%s]\n",
+			(unsigned int)crec.pid, crec.cnum, crec.name));
+		if (tdb_delete(the_tdb, kbuf) != 0)
+			DEBUG(0,("count_fn: tdb_delete failed with error %s\n", tdb_errorstr(tdb) ));
+		return 0;
+	}
+
+	if (strequal(crec.name, cs->name))
+		cs->curr_connections++;
+
+	return 0;
+}
+
+/****************************************************************************
+ Claim an entry in the connections database.
+****************************************************************************/
+
+BOOL claim_connection(connection_struct *conn,char *name,int max_connections,BOOL Clear)
+{
+	struct connections_key key;
+	struct connections_data crec;
+	TDB_DATA kbuf, dbuf;
+
+	if (!tdb) {
+		tdb = tdb_open_log(lock_path("connections.tdb"), 0, TDB_CLEAR_IF_FIRST|TDB_DEFAULT, 
+			       O_RDWR | O_CREAT, 0644);
+	}
+	if (!tdb)
+		return False;
+
+	/*
+	 * Enforce the max connections parameter.
+	 */
+
+	if (max_connections > 0) {
+		struct count_stat cs;
+
+		cs.mypid = sys_getpid();
+		cs.curr_connections = 0;
+		cs.name = lp_servicename(SNUM(conn));
+		cs.Clear = Clear;
+
+		/*
+		 * This has a race condition, but locking the chain before hand is worse
+		 * as it leads to deadlock.
+		 */
+
+		if (tdb_traverse(tdb, count_fn, &cs) == -1) {
+			DEBUG(0,("claim_connection: traverse of connections.tdb failed with error %s.\n",
+				tdb_errorstr(tdb) ));
+			return False;
+		}
+
+		if (cs.curr_connections >= max_connections) {
+			DEBUG(1,("claim_connection: Max connections (%d) exceeded for %s\n",
+				max_connections, name ));
+			return False;
+		}
+	}
+
+	DEBUG(5,("claiming %s %d\n",name,max_connections));
+
+	ZERO_STRUCT(key);
+	key.pid = sys_getpid();
+	key.cnum = conn?conn->cnum:-1;
+	fstrcpy(key.name, name);
+
+	kbuf.dptr = (char *)&key;
+	kbuf.dsize = sizeof(key);
+
+	/* fill in the crec */
+	ZERO_STRUCT(crec);
+	crec.magic = 0x280267;
+	crec.pid = sys_getpid();
+	crec.cnum = conn?conn->cnum:-1;
+	if (conn) {
+		crec.uid = conn->uid;
+		crec.gid = conn->gid;
+		StrnCpy(crec.name,
+			lp_servicename(SNUM(conn)),sizeof(crec.name)-1);
+	}
+	crec.start = time(NULL);
+	
+	StrnCpy(crec.machine,remote_machine,sizeof(crec.machine)-1);
+	StrnCpy(crec.addr,conn?conn->client_address:client_addr(),sizeof(crec.addr)-1);
+
+	dbuf.dptr = (char *)&crec;
+	dbuf.dsize = sizeof(crec);
+
+	if (tdb_store(tdb, kbuf, dbuf, TDB_REPLACE) != 0) {
+		DEBUG(0,("claim_connection: tdb_store failed with error %s.\n",
+			tdb_errorstr(tdb) ));
+		return False;
+	}
+
+	return True;
+}
diff --git a/source3/smbd/dfree.c b/source3/smbd/dfree.c
new file mode 100644
index 0000000000..71b3f2bf77
--- /dev/null
+++ b/source3/smbd/dfree.c
@@ -0,0 +1,164 @@
+/* 
+   Unix SMB/CIFS implementation.
+   functions to calculate the free disk space
+   Copyright (C) Andrew Tridgell 1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/****************************************************************************
+normalise for DOS usage 
+****************************************************************************/
+static void disk_norm(BOOL small_query, SMB_BIG_UINT *bsize,SMB_BIG_UINT *dfree,SMB_BIG_UINT *dsize)
+{
+	/* check if the disk is beyond the max disk size */
+	SMB_BIG_UINT maxdisksize = lp_maxdisksize();
+	if (maxdisksize) {
+		/* convert to blocks - and don't overflow */
+		maxdisksize = ((maxdisksize*1024)/(*bsize))*1024;
+		if (*dsize > maxdisksize) *dsize = maxdisksize;
+		if (*dfree > maxdisksize) *dfree = maxdisksize-1; 
+		/* the -1 should stop applications getting div by 0
+		   errors */
+	}  
+
+	while (*dfree > WORDMAX || *dsize > WORDMAX || *bsize < 512) {
+		*dfree /= 2;
+		*dsize /= 2;
+		*bsize *= 2;
+		if(small_query) {	
+			/*
+			 * Force max to fit in 16 bit fields.
+			 */
+			if (*bsize > (WORDMAX*512)) {
+				*bsize = (WORDMAX*512);
+				if (*dsize > WORDMAX)
+					*dsize = WORDMAX;
+				if (*dfree >  WORDMAX)
+					*dfree = WORDMAX;
+				break;
+			}
+		}
+	}
+}
+
+
+
+/****************************************************************************
+  return number of 1K blocks available on a path and total number 
+****************************************************************************/
+
+static SMB_BIG_UINT disk_free(const char *path, BOOL small_query, 
+                              SMB_BIG_UINT *bsize,SMB_BIG_UINT *dfree,SMB_BIG_UINT *dsize)
+{
+	int dfree_retval;
+	SMB_BIG_UINT dfree_q = 0;
+	SMB_BIG_UINT bsize_q = 0;
+	SMB_BIG_UINT dsize_q = 0;
+	char *dfree_command;
+
+	(*dfree) = (*dsize) = 0;
+	(*bsize) = 512;
+
+	/*
+	 * If external disk calculation specified, use it.
+	 */
+
+	dfree_command = lp_dfree_command();
+	if (dfree_command && *dfree_command) {
+		char *p;
+		char **lines;
+		pstring syscmd;
+
+		slprintf(syscmd, sizeof(syscmd)-1, "%s %s", dfree_command, path);
+		DEBUG (3, ("disk_free: Running command %s\n", syscmd));
+
+		lines = file_lines_pload(syscmd, NULL);
+		if (lines) {
+			char *line = lines[0];
+
+			DEBUG (3, ("Read input from dfree, \"%s\"\n", line));
+
+			*dsize = (SMB_BIG_UINT)strtoul(line, &p, 10);
+			while (p && *p & isspace(*p))
+				p++;
+			if (p && *p)
+				*dfree = (SMB_BIG_UINT)strtoul(p, &p, 10);
+			while (p && *p & isspace(*p))
+				p++;
+			if (p && *p)
+				*bsize = (SMB_BIG_UINT)strtoul(p, NULL, 10);
+			else
+				*bsize = 1024;
+			file_lines_free(lines);
+			DEBUG (3, ("Parsed output of dfree, dsize=%u, dfree=%u, bsize=%u\n",
+				(unsigned int)*dsize, (unsigned int)*dfree, (unsigned int)*bsize));
+
+			if (!*dsize)
+				*dsize = 2048;
+			if (!*dfree)
+				*dfree = 1024;
+		} else {
+			DEBUG (0, ("disk_free: sys_popen() failed for command %s. Error was : %s\n",
+				syscmd, strerror(errno) ));
+			sys_fsusage(path, dfree, dsize);
+		}
+	} else
+		sys_fsusage(path, dfree, dsize);
+
+	if (disk_quotas(path, &bsize_q, &dfree_q, &dsize_q)) {
+		(*bsize) = bsize_q;
+		(*dfree) = MIN(*dfree,dfree_q);
+		(*dsize) = MIN(*dsize,dsize_q);
+	}
+
+	/* FIXME : Any reason for this assumption ? */
+	if (*bsize < 256) {
+		DEBUG(5,("disk_free:Warning: bsize == %d < 256 . Changing to assumed correct bsize = 512\n",(int)*bsize));
+		*bsize = 512;
+	}
+
+	if ((*dsize)<1) {
+		static int done;
+		if (!done) {
+			DEBUG(0,("WARNING: dfree is broken on this system\n"));
+			done=1;
+		}
+		*dsize = 20*1024*1024/(*bsize);
+		*dfree = MAX(1,*dfree);
+	}
+
+	disk_norm(small_query,bsize,dfree,dsize);
+
+	if ((*bsize) < 1024) {
+		dfree_retval = (*dfree)/(1024/(*bsize));
+	} else {
+		dfree_retval = ((*bsize)/1024)*(*dfree);
+	}
+
+	return(dfree_retval);
+}
+
+
+/****************************************************************************
+wrap it to get filenames right
+****************************************************************************/
+SMB_BIG_UINT sys_disk_free(const char *path, BOOL small_query, 
+                           SMB_BIG_UINT *bsize,SMB_BIG_UINT *dfree,SMB_BIG_UINT *dsize)
+{
+	return disk_free(path,small_query, bsize,dfree,dsize);
+}
diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
index ac6f918b9d..f56e0e9ef0 100644
--- a/source3/smbd/dir.c
+++ b/source3/smbd/dir.c
@@ -1,8 +1,7 @@
 /* 
-   Unix SMB/Netbios implementation.
-   Version 1.9.
+   Unix SMB/CIFS implementation.
    Directory handling routines
-   Copyright (C) Andrew Tridgell 1992-1995
+   Copyright (C) Andrew Tridgell 1992-1998
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -20,351 +19,505 @@
 */
 
 #include "includes.h"
-#include "loadparm.h"
-
-extern int DEBUGLEVEL;
-extern connection_struct Connections[];
 
 /*
    This module implements directory related functions for Samba.
 */
 
-
-
-uint32 dircounter = 0;
-
-
-#define NUMDIRPTRS 256
-
-
-static struct dptr_struct
-{
-  int pid;
-  int cnum;
-  uint32 lastused;
-  void *ptr;
-  BOOL valid;
-  BOOL finished;
-  BOOL expect_close;
-  char *wcard; /* Field only used for lanman2 trans2_findfirst/next searches */
-  uint16 attr; /* Field only used for lanman2 trans2_findfirst/next searches */
-  char *path;
-}
-dirptrs[NUMDIRPTRS];
-
+typedef struct _dptr_struct {
+	struct _dptr_struct *next, *prev;
+	int dnum;
+	uint16 spid;
+	connection_struct *conn;
+	void *ptr;
+	BOOL expect_close;
+	char *wcard; /* Field only used for trans2_ searches */
+	uint16 attr; /* Field only used for trans2_ searches */
+	char *path;
+} dptr_struct;
+
+static struct bitmap *dptr_bmap;
+static dptr_struct *dirptrs;
 
 static int dptrs_open = 0;
 
+#define INVALID_DPTR_KEY (-3)
+
 /****************************************************************************
-initialise the dir array
+ Initialise the dir bitmap.
 ****************************************************************************/
+
 void init_dptrs(void)
 {
   static BOOL dptrs_init=False;
-  int i;
 
-  if (dptrs_init) return;
-  for (i=0;i<NUMDIRPTRS;i++)    
-    {
-      dirptrs[i].valid = False;
-      dirptrs[i].wcard = NULL;
-      dirptrs[i].ptr = NULL;
-      string_init(&dirptrs[i].path,"");
-    }
+  if (dptrs_init)
+    return;
+
+  dptr_bmap = bitmap_allocate(MAX_DIRECTORY_HANDLES);
+
+  if (!dptr_bmap)
+    exit_server("out of memory in init_dptrs");
+
   dptrs_init = True;
 }
 
 /****************************************************************************
-idle a dptr - the directory is closed but the control info is kept
+ Idle a dptr - the directory is closed but the control info is kept.
 ****************************************************************************/
-static void dptr_idle(int key)
+
+static void dptr_idle(dptr_struct *dptr)
 {
-  if (dirptrs[key].valid && dirptrs[key].ptr) {
-    DEBUG(4,("Idling dptr key %d\n",key));
+  if (dptr->ptr) {
+    DEBUG(4,("Idling dptr dnum %d\n",dptr->dnum));
     dptrs_open--;
-    CloseDir(dirptrs[key].ptr);
-    dirptrs[key].ptr = NULL;
-  }    
+    CloseDir(dptr->ptr);
+    dptr->ptr = NULL;
+  }
 }
 
 /****************************************************************************
-idle the oldest dptr
+ Idle the oldest dptr.
 ****************************************************************************/
+
 static void dptr_idleoldest(void)
 {
-  int i;
-  uint32 old=dircounter+1;
-  int oldi= -1;
-  for (i=0;i<NUMDIRPTRS;i++)
-    if (dirptrs[i].valid && dirptrs[i].ptr && dirptrs[i].lastused < old) {
-      old = dirptrs[i].lastused;
-      oldi = i;
+  dptr_struct *dptr;
+
+  /*
+   * Go to the end of the list.
+   */
+  for(dptr = dirptrs; dptr && dptr->next; dptr = dptr->next)
+    ;
+
+  if(!dptr) {
+    DEBUG(0,("No dptrs available to idle ?\n"));
+    return;
+  }
+
+  /*
+   * Idle the oldest pointer.
+   */
+
+  for(; dptr; dptr = dptr->prev) {
+    if (dptr->ptr) {
+      dptr_idle(dptr);
+      return;
     }
-  if (oldi != -1)
-    dptr_idle(oldi);
-  else
-    DEBUG(0,("No dptrs available to idle??\n"));
+  }
 }
 
 /****************************************************************************
-get the dir ptr for a dir index
+ Get the dptr_struct for a dir index.
 ****************************************************************************/
-static void *dptr_get(int key,uint32 lastused)
-{
-  if (dirptrs[key].valid) {
-    if (lastused) dirptrs[key].lastused = lastused;
-    if (!dirptrs[key].ptr) {
-      if (dptrs_open >= MAXDIR)
-	dptr_idleoldest();
-      DEBUG(4,("Reopening dptr key %d\n",key));
-      if ((dirptrs[key].ptr = OpenDir(dirptrs[key].path)))
-	dptrs_open++;
+
+static dptr_struct *dptr_get(int key, BOOL forclose)
+{
+  dptr_struct *dptr;
+
+  for(dptr = dirptrs; dptr; dptr = dptr->next) {
+    if(dptr->dnum == key) {
+      if (!forclose && !dptr->ptr) {
+        if (dptrs_open >= MAX_OPEN_DIRECTORIES)
+          dptr_idleoldest();
+        DEBUG(4,("Reopening dptr key %d\n",key));
+        if ((dptr->ptr = OpenDir(dptr->conn, dptr->path, True)))
+          dptrs_open++;
+      }
+      DLIST_PROMOTE(dirptrs,dptr);
+      return dptr;
     }
-    return(dirptrs[key].ptr);
   }
   return(NULL);
 }
 
 /****************************************************************************
-get the dir path for a dir index
+ Get the dptr ptr for a dir index.
+****************************************************************************/
+
+static void *dptr_ptr(int key)
+{
+  dptr_struct *dptr = dptr_get(key, False);
+
+  if (dptr)
+    return(dptr->ptr);
+  return(NULL);
+}
+
+/****************************************************************************
+ Get the dir path for a dir index.
 ****************************************************************************/
+
 char *dptr_path(int key)
 {
-  if (dirptrs[key].valid)
-    return(dirptrs[key].path);
+  dptr_struct *dptr = dptr_get(key, False);
+
+  if (dptr)
+    return(dptr->path);
   return(NULL);
 }
 
 /****************************************************************************
-get the dir wcard for a dir index (lanman2 specific)
+ Get the dir wcard for a dir index (lanman2 specific).
 ****************************************************************************/
+
 char *dptr_wcard(int key)
 {
-  if (dirptrs[key].valid)
-    return(dirptrs[key].wcard);
+  dptr_struct *dptr = dptr_get(key, False);
+
+  if (dptr)
+    return(dptr->wcard);
   return(NULL);
 }
 
 /****************************************************************************
-set the dir wcard for a dir index (lanman2 specific)
-Returns 0 on ok, 1 on fail.
+ Set the dir wcard for a dir index (lanman2 specific).
+ Returns 0 on ok, 1 on fail.
 ****************************************************************************/
+
 BOOL dptr_set_wcard(int key, char *wcard)
 {
-  if (dirptrs[key].valid) {
-    dirptrs[key].wcard = wcard;
+  dptr_struct *dptr = dptr_get(key, False);
+
+  if (dptr) {
+    dptr->wcard = wcard;
     return True;
   }
   return False;
 }
 
 /****************************************************************************
-set the dir attrib for a dir index (lanman2 specific)
-Returns 0 on ok, 1 on fail.
+ Set the dir attrib for a dir index (lanman2 specific).
+ Returns 0 on ok, 1 on fail.
 ****************************************************************************/
+
 BOOL dptr_set_attr(int key, uint16 attr)
 {
-  if (dirptrs[key].valid) {
-    dirptrs[key].attr = attr;
+  dptr_struct *dptr = dptr_get(key, False);
+
+  if (dptr) {
+    dptr->attr = attr;
     return True;
   }
   return False;
 }
 
 /****************************************************************************
-get the dir attrib for a dir index (lanman2 specific)
+ Get the dir attrib for a dir index (lanman2 specific)
 ****************************************************************************/
+
 uint16 dptr_attr(int key)
 {
-  if (dirptrs[key].valid)
-    return(dirptrs[key].attr);
+  dptr_struct *dptr = dptr_get(key, False);
+
+  if (dptr)
+    return(dptr->attr);
   return(0);
 }
 
 /****************************************************************************
-close a dptr
+ Close a dptr (internal func).
+****************************************************************************/
+
+static void dptr_close_internal(dptr_struct *dptr)
+{
+  DEBUG(4,("closing dptr key %d\n",dptr->dnum));
+
+  DLIST_REMOVE(dirptrs, dptr);
+
+  /* 
+   * Free the dnum in the bitmap. Remember the dnum value is always 
+   * biased by one with respect to the bitmap.
+   */
+
+  if(bitmap_query( dptr_bmap, dptr->dnum - 1) != True) {
+    DEBUG(0,("dptr_close_internal : Error - closing dnum = %d and bitmap not set !\n",
+			dptr->dnum ));
+  }
+
+  bitmap_clear(dptr_bmap, dptr->dnum - 1);
+
+  if (dptr->ptr) {
+    CloseDir(dptr->ptr);
+    dptrs_open--;
+  }
+
+  /* Lanman 2 specific code */
+  SAFE_FREE(dptr->wcard);
+  string_set(&dptr->path,"");
+  SAFE_FREE(dptr);
+}
+
+/****************************************************************************
+ Close a dptr given a key.
 ****************************************************************************/
-void dptr_close(int key)
+
+void dptr_close(int *key)
 {
-  if (dirptrs[key].valid) {
-    DEBUG(4,("closing dptr key %d\n",key));
-    if (dirptrs[key].ptr) {
-      CloseDir(dirptrs[key].ptr);
-      dptrs_open--;
+  dptr_struct *dptr;
+
+  if(*key == INVALID_DPTR_KEY)
+    return;
+
+  /* OS/2 seems to use -1 to indicate "close all directories" */
+  if (*key == -1) {
+    dptr_struct *next;
+    for(dptr = dirptrs; dptr; dptr = next) {
+      next = dptr->next;
+      dptr_close_internal(dptr);
     }
-    /* Lanman 2 specific code */
-    if (dirptrs[key].wcard)
-      free(dirptrs[key].wcard);
-    dirptrs[key].valid = False;
-    string_set(&dirptrs[key].path,"");
+    *key = INVALID_DPTR_KEY;
+    return;
   }
+
+  dptr = dptr_get(*key, True);
+
+  if (!dptr) {
+    DEBUG(0,("Invalid key %d given to dptr_close\n", *key));
+    return;
+  }
+
+  dptr_close_internal(dptr);
+
+  *key = INVALID_DPTR_KEY;
 }
 
 /****************************************************************************
-close all dptrs for a cnum
+ Close all dptrs for a cnum.
 ****************************************************************************/
-void dptr_closecnum(int cnum)
+
+void dptr_closecnum(connection_struct *conn)
 {
-  int i;
-  for (i=0;i<NUMDIRPTRS;i++)
-    if (dirptrs[i].valid && dirptrs[i].cnum == cnum)
-      dptr_close(i);
+  dptr_struct *dptr, *next;
+  for(dptr = dirptrs; dptr; dptr = next) {
+    next = dptr->next;
+    if (dptr->conn == conn)
+      dptr_close_internal(dptr);
+  }
 }
 
 /****************************************************************************
-idle all dptrs for a cnum
+ Idle all dptrs for a cnum.
 ****************************************************************************/
-void dptr_idlecnum(int cnum)
+
+void dptr_idlecnum(connection_struct *conn)
 {
-  int i;
-  for (i=0;i<NUMDIRPTRS;i++)
-    if (dirptrs[i].valid && dirptrs[i].cnum == cnum && dirptrs[i].ptr)
-      dptr_idle(i);
+  dptr_struct *dptr;
+  for(dptr = dirptrs; dptr; dptr = dptr->next) {
+    if (dptr->conn == conn && dptr->ptr)
+      dptr_idle(dptr);
+  }
 }
 
 /****************************************************************************
-close a dptr that matches a given path, only if it matches the pid also
+ Close a dptr that matches a given path, only if it matches the spid also.
 ****************************************************************************/
-void dptr_closepath(char *path,int pid)
+
+void dptr_closepath(char *path,uint16 spid)
 {
-  int i;
-  for (i=0;i<NUMDIRPTRS;i++)
-    if (dirptrs[i].valid && pid == dirptrs[i].pid &&
-	strequal(dirptrs[i].path,path))
-      dptr_close(i);
+  dptr_struct *dptr, *next;
+  for(dptr = dirptrs; dptr; dptr = next) {
+    next = dptr->next;
+    if (spid == dptr->spid && strequal(dptr->path,path))
+      dptr_close_internal(dptr);
+  }
 }
 
 /****************************************************************************
-  start a directory listing
+ Start a directory listing.
 ****************************************************************************/
-static BOOL start_dir(int cnum,char *directory)
+
+static BOOL start_dir(connection_struct *conn,char *directory)
 {
-  DEBUG(5,("start_dir cnum=%d dir=%s\n",cnum,directory));
+  DEBUG(5,("start_dir dir=%s\n",directory));
 
-  if (!check_name(directory,cnum))
+  if (!check_name(directory,conn))
     return(False);
   
   if (! *directory)
     directory = ".";
 
-  Connections[cnum].dirptr = OpenDir(directory);
-  if (Connections[cnum].dirptr) {    
+  conn->dirptr = OpenDir(conn, directory, True);
+  if (conn->dirptr) {    
     dptrs_open++;
-    string_set(&Connections[cnum].dirpath,directory);
+    string_set(&conn->dirpath,directory);
     return(True);
   }
   
   return(False);
 }
 
+/****************************************************************************
+ Try and close the oldest handle not marked for
+ expect close in the hope that the client has
+ finished with that one.
+****************************************************************************/
+
+static void dptr_close_oldest(BOOL old)
+{
+  dptr_struct *dptr;
+
+  /*
+   * Go to the end of the list.
+   */
+  for(dptr = dirptrs; dptr && dptr->next; dptr = dptr->next)
+    ;
+
+  if(!dptr) {
+    DEBUG(0,("No old dptrs available to close oldest ?\n"));
+    return;
+  }
+
+  /*
+   * If 'old' is true, close the oldest oldhandle dnum (ie. 1 < dnum < 256) that
+   * does not have expect_close set. If 'old' is false, close
+   * one of the new dnum handles.
+   */
+
+  for(; dptr; dptr = dptr->prev) {
+    if ((old && (dptr->dnum < 256) && !dptr->expect_close) ||
+        (!old && (dptr->dnum > 255))) {
+      dptr_close_internal(dptr);
+      return;
+    }
+  }
+}
 
 /****************************************************************************
-create a new dir ptr
+ Create a new dir ptr. If the flag old_handle is true then we must allocate
+ from the bitmap range 0 - 255 as old SMBsearch directory handles are only
+ one byte long. If old_handle is false we allocate from the range
+ 256 - MAX_DIRECTORY_HANDLES. We bias the number we return by 1 to ensure
+ a directory handle is never zero. All the above is folklore taught to
+ me at Andrew's knee.... :-) :-). JRA.
 ****************************************************************************/
-int dptr_create(int cnum,char *path, BOOL expect_close,int pid)
+
+int dptr_create(connection_struct *conn,char *path, BOOL old_handle, BOOL expect_close,uint16 spid)
 {
-  int i;
-  uint32 old;
-  int oldi;
+  dptr_struct *dptr;
 
-  if (!start_dir(cnum,path))
-    return(-1);
+  if (!start_dir(conn,path))
+    return(-2); /* Code to say use a unix error return code. */
 
-  if (dptrs_open >= MAXDIR)
+  if (dptrs_open >= MAX_OPEN_DIRECTORIES)
     dptr_idleoldest();
 
-  for (i=0;i<NUMDIRPTRS;i++)
-    if (!dirptrs[i].valid)
-      break;
-  if (i == NUMDIRPTRS) i = -1;
+  dptr = (dptr_struct *)malloc(sizeof(dptr_struct));
+  if(!dptr) {
+    DEBUG(0,("malloc fail in dptr_create.\n"));
+    return -1;
+  }
+
+  ZERO_STRUCTP(dptr);
 
+  if(old_handle) {
 
-  /* as a 2nd option, grab the oldest not marked for expect_close */
-  if (i == -1) {
-    old=dircounter+1;
-    oldi= -1;
-    for (i=0;i<NUMDIRPTRS;i++)
-      if (!dirptrs[i].expect_close && dirptrs[i].lastused < old) {
-	old = dirptrs[i].lastused;
-	oldi = i;
+    /*
+     * This is an old-style SMBsearch request. Ensure the
+     * value we return will fit in the range 1-255.
+     */
+
+    dptr->dnum = bitmap_find(dptr_bmap, 0);
+
+    if(dptr->dnum == -1 || dptr->dnum > 254) {
+
+      /*
+       * Try and close the oldest handle not marked for
+       * expect close in the hope that the client has
+       * finished with that one.
+       */
+
+      dptr_close_oldest(True);
+
+      /* Now try again... */
+      dptr->dnum = bitmap_find(dptr_bmap, 0);
+
+      if(dptr->dnum == -1 || dptr->dnum > 254) {
+        DEBUG(0,("dptr_create: returned %d: Error - all old dirptrs in use ?\n", dptr->dnum));
+        SAFE_FREE(dptr);
+        return -1;
       }
-    i = oldi;
-  }
+    }
+  } else {
+
+    /*
+     * This is a new-style trans2 request. Allocate from
+     * a range that will return 256 - MAX_DIRECTORY_HANDLES.
+     */
+
+    dptr->dnum = bitmap_find(dptr_bmap, 255);
+
+    if(dptr->dnum == -1 || dptr->dnum < 255) {
+
+      /*
+       * Try and close the oldest handle close in the hope that
+       * the client has finished with that one. This will only
+       * happen in the case of the Win98 client bug where it leaks
+       * directory handles.
+       */
+
+      dptr_close_oldest(False);
 
-  /* a 3rd option - grab the oldest one */
-  if (i == -1) {
-    old=dircounter+1;
-    oldi= -1;
-    for (i=0;i<NUMDIRPTRS;i++)
-      if (dirptrs[i].lastused < old) {
-	old = dirptrs[i].lastused;
-	oldi = i;
+      /* Now try again... */
+      dptr->dnum = bitmap_find(dptr_bmap, 255);
+
+      if(dptr->dnum == -1 || dptr->dnum < 255) {
+        DEBUG(0,("dptr_create: returned %d: Error - all new dirptrs in use ?\n", dptr->dnum));
+        SAFE_FREE(dptr);
+        return -1;
       }
-    i = oldi;
+    }
   }
 
-  if (i == -1) {
-    DEBUG(0,("Error - all dirptrs in use??\n"));
-    return(-1);
-  }
+  bitmap_set(dptr_bmap, dptr->dnum);
+
+  dptr->dnum += 1; /* Always bias the dnum by one - no zero dnums allowed. */
 
-  if (dirptrs[i].valid)
-    dptr_close(i);
+  dptr->ptr = conn->dirptr;
+  string_set(&dptr->path,path);
+  dptr->conn = conn;
+  dptr->spid = spid;
+  dptr->expect_close = expect_close;
+  dptr->wcard = NULL; /* Only used in lanman2 searches */
+  dptr->attr = 0; /* Only used in lanman2 searches */
 
-  dirptrs[i].ptr = Connections[cnum].dirptr;
-  string_set(&dirptrs[i].path,path);
-  dirptrs[i].lastused = dircounter++;
-  dirptrs[i].finished = False;
-  dirptrs[i].cnum = cnum;
-  dirptrs[i].pid = pid;
-  dirptrs[i].expect_close = expect_close;
-  dirptrs[i].wcard = NULL; /* Only used in lanman2 searches */
-  dirptrs[i].attr = 0; /* Only used in lanman2 searches */
-  dirptrs[i].valid = True;
+  DLIST_ADD(dirptrs, dptr);
 
   DEBUG(3,("creating new dirptr %d for path %s, expect_close = %d\n",
-	   i,path,expect_close));  
+	   dptr->dnum,path,expect_close));  
 
-  return(i);
+  return(dptr->dnum);
 }
 
-#define DPTR_MASK ((uint32)(((uint32)1)<<31))
-
 /****************************************************************************
-fill the 5 byte server reserved dptr field
+ Fill the 5 byte server reserved dptr field.
 ****************************************************************************/
+
 BOOL dptr_fill(char *buf1,unsigned int key)
 {
   unsigned char *buf = (unsigned char *)buf1;
-  void *p = dptr_get(key,0);
+  void *p = dptr_ptr(key);
   uint32 offset;
   if (!p) {
     DEBUG(1,("filling null dirptr %d\n",key));
     return(False);
   }
   offset = TellDir(p);
-  DEBUG(6,("fill on key %d dirptr 0x%x now at %d\n",key,p,offset));
+  DEBUG(6,("fill on key %u dirptr 0x%lx now at %d\n",key,
+	   (long)p,(int)offset));
   buf[0] = key;
   SIVAL(buf,1,offset | DPTR_MASK);
   return(True);
 }
 
-
 /****************************************************************************
-return True is the offset is at zero
+ Fetch the dir ptr and seek it given the 5 byte server field.
 ****************************************************************************/
-BOOL dptr_zero(char *buf)
-{
-  return((IVAL(buf,1)&~DPTR_MASK) == 0);
-}
 
-/****************************************************************************
-fetch the dir ptr and seek it given the 5 byte server field
-****************************************************************************/
 void *dptr_fetch(char *buf,int *num)
 {
   unsigned int key = *(unsigned char *)buf;
-  void *p = dptr_get(key,dircounter++);
+  void *p = dptr_ptr(key);
   uint32 offset;
   if (!p) {
     DEBUG(3,("fetched null dirptr %d\n",key));
@@ -379,101 +532,117 @@ void *dptr_fetch(char *buf,int *num)
 }
 
 /****************************************************************************
-fetch the dir ptr and seek it given the lanman2 parameter block
+ Fetch the dir ptr.
 ****************************************************************************/
-void *dptr_fetch_lanman2(char *params,int dptr_num)
+
+void *dptr_fetch_lanman2(int dptr_num)
 {
-  void *p = dptr_get(dptr_num,dircounter++);
-  uint32 resume_key = SVAL(params,6);
-  BOOL uses_resume_key = BITSETW(params+10,2);
-  BOOL continue_bit = BITSETW(params+10,3);
+  void *p = dptr_ptr(dptr_num);
 
   if (!p) {
     DEBUG(3,("fetched null dirptr %d\n",dptr_num));
     return(NULL);
   }
-  if(uses_resume_key && !continue_bit)
-    SeekDir(p,resume_key);
   DEBUG(3,("fetching dirptr %d for path %s\n",dptr_num,dptr_path(dptr_num)));
   return(p);
 }
 
 /****************************************************************************
-  get a directory entry
+ Check a filetype for being valid.
+****************************************************************************/
+
+BOOL dir_check_ftype(connection_struct *conn,int mode,SMB_STRUCT_STAT *st,int dirtype)
+{
+  if (((mode & ~dirtype) & (aHIDDEN | aSYSTEM | aDIR)) != 0)
+    return False;
+  return True;
+}
+
+/****************************************************************************
+ Get an 8.3 directory entry.
 ****************************************************************************/
-BOOL get_dir_entry(int cnum,char *mask,int dirtype,char *fname,int *size,int *mode,time_t *date,BOOL check_descend)
+
+BOOL get_dir_entry(connection_struct *conn,char *mask,int dirtype,char *fname,
+                   SMB_OFF_T *size,int *mode,time_t *date,BOOL check_descend)
 {
   char *dname;
   BOOL found = False;
-  struct stat sbuf;
+  SMB_STRUCT_STAT sbuf;
   pstring path;
   pstring pathreal;
   BOOL isrootdir;
   pstring filename;
-  BOOL matched;
+  BOOL needslash;
 
   *path = *pathreal = *filename = 0;
 
-  isrootdir = (strequal(Connections[cnum].dirpath,"./") ||
-	       strequal(Connections[cnum].dirpath,".") ||
-	       strequal(Connections[cnum].dirpath,"/"));
+  isrootdir = (strequal(conn->dirpath,"./") ||
+	       strequal(conn->dirpath,".") ||
+	       strequal(conn->dirpath,"/"));
   
-  if (!Connections[cnum].dirptr)
+  needslash = ( conn->dirpath[strlen(conn->dirpath) -1] != '/');
+
+  if (!conn->dirptr)
     return(False);
-  
+
   while (!found)
-    {
-      dname = ReadDirName(Connections[cnum].dirptr);
+  {
+    dname = ReadDirName(conn->dirptr);
 
-      DEBUG(6,("readdir on dirptr 0x%x now at offset %d\n",
-	    Connections[cnum].dirptr,TellDir(Connections[cnum].dirptr)));
+    DEBUG(6,("readdir on dirptr 0x%lx now at offset %d\n",
+          (long)conn->dirptr,TellDir(conn->dirptr)));
       
-      if (dname == NULL) 
-	return(False);
+    if (dname == NULL) 
+      return(False);
       
-      matched = False;
-
-      strcpy(filename,dname);      
-
-      if ((strcmp(filename,mask) == 0) ||
-	  (name_map_mangle(filename,True,SNUM(cnum)) &&
-	   mask_match(filename,mask,False,False)))
-	{
-	  if (isrootdir && (strequal(filename,"..") || strequal(filename,".")))
-	    continue;
-
-	  strcpy(fname,filename);
-	  *path = 0;
-	  strcpy(path,Connections[cnum].dirpath);
-	  strcat(path,"/");
-	  strcpy(pathreal,path);
-	  strcat(path,fname);
-	  strcat(pathreal,dname);
-	  if (sys_stat(pathreal,&sbuf) != 0) 
-	    {
-	      DEBUG(5,("Couldn't stat 1 [%s]\n",path));
-	      continue;
-	    }
+    pstrcpy(filename,dname);      
+
+    /* notice the special *.* handling. This appears to be the only difference
+       between the wildcard handling in this routine and in the trans2 routines.
+       see masktest for a demo
+    */
+    if ((strcmp(mask,"*.*") == 0) ||
+	mask_match(filename,mask,False) ||
+        (mangle_map(filename,True,False,SNUM(conn)) &&
+         mask_match(filename,mask,False)))
+    {
+      if (isrootdir && (strequal(filename,"..") || strequal(filename,".")))
+        continue;
+
+      if (!mangle_is_8_3(filename, False)) {
+	      mangle_map(filename,True,False,SNUM(conn));
+      }
 
-	  if (check_descend &&
-	      !strequal(fname,".") && !strequal(fname,".."))
-	    continue;
+      pstrcpy(fname,filename);
+      *path = 0;
+      pstrcpy(path,conn->dirpath);
+      if(needslash)
+        pstrcat(path,"/");
+      pstrcpy(pathreal,path);
+      pstrcat(path,fname);
+      pstrcat(pathreal,dname);
+      if (conn->vfs_ops.stat(conn, pathreal, &sbuf) != 0)
+      {
+        DEBUG(5,("Couldn't stat 1 [%s]. Error = %s\n",path, strerror(errno) ));
+        continue;
+      }
 	  
-	  *mode = dos_mode(cnum,pathreal,&sbuf);
+      *mode = dos_mode(conn,pathreal,&sbuf);
 
-	  if (((*mode & ~dirtype) & (aHIDDEN | aSYSTEM | aDIR)) != 0)
-	    {	      
-	      DEBUG(5,("[%s] attribs didn't match %x\n",filename,dirtype));
-	      continue;
-	    }
-	  *size = sbuf.st_size;
-	  *date = sbuf.st_mtime;
+      if (!dir_check_ftype(conn,*mode,&sbuf,dirtype)) 
+      {
+        DEBUG(5,("[%s] attribs didn't match %x\n",filename,dirtype));
+        continue;
+      }
+
+      *size = sbuf.st_size;
+      *date = sbuf.st_mtime;
 
-	  DEBUG(5,("get_dir_entry found %s fname=%s\n",pathreal,fname));
+      DEBUG(3,("get_dir_entry mask=[%s] found %s fname=%s\n",mask, pathreal,fname));
 	  
-	  found = True;
-	}
+      found = True;
     }
+  }
 
   return(found);
 }
@@ -490,27 +659,109 @@ typedef struct
 } Dir;
 
 
+
+/*******************************************************************
+check to see if a user can read a file. This is only approximate,
+it is used as part of the "hide unreadable" option. Don't
+use it for anything security sensitive
+********************************************************************/
+
+static BOOL user_can_read_file(connection_struct *conn, char *name)
+{
+	extern struct current_user current_user;
+	SMB_STRUCT_STAT ste;
+	SEC_DESC *psd = NULL;
+	size_t sd_size;
+	files_struct *fsp;
+	int smb_action;
+	int access_mode;
+	NTSTATUS status;
+	uint32 access_granted;
+
+	ZERO_STRUCT(ste);
+
+	/* if we can't stat it does not show it */
+	if (vfs_stat(conn, name, &ste) != 0)
+		return False;
+
+	/* Pseudo-open the file (note - no fd's created). */
+
+	if(S_ISDIR(ste.st_mode))	
+		 fsp = open_directory(conn, name, &ste, 0, SET_DENY_MODE(DENY_NONE), (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN),
+			unix_mode(conn,aRONLY|aDIR, name), &smb_action);
+	else
+		fsp = open_file_shared1(conn, name, &ste, FILE_READ_ATTRIBUTES, SET_DENY_MODE(DENY_NONE),
+			(FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), 0, 0, &access_mode, &smb_action);
+
+	if (!fsp)
+		return False;
+
+	/* Get NT ACL -allocated in main loop talloc context. No free needed here. */
+	sd_size = conn->vfs_ops.fget_nt_acl(fsp, fsp->fd, &psd);
+	close_file(fsp, False);
+
+	/* No access if SD get failed. */
+	if (!sd_size)
+		return False;
+
+	return se_access_check(psd, current_user.nt_user_token, FILE_READ_DATA,
+                                 &access_granted, &status);
+}
+
 /*******************************************************************
-open a directory
+ Open a directory.
 ********************************************************************/
-void *OpenDir(char *name)
+
+void *OpenDir(connection_struct *conn, char *name, BOOL use_veto)
 {
   Dir *dirp;
   char *n;
-  void *p = sys_opendir(name);
+  DIR *p = conn->vfs_ops.opendir(conn,name);
   int used=0;
 
   if (!p) return(NULL);
   dirp = (Dir *)malloc(sizeof(Dir));
   if (!dirp) {
-    closedir(p);
+    DEBUG(0,("Out of memory in OpenDir\n"));
+    conn->vfs_ops.closedir(conn,p);
     return(NULL);
   }
   dirp->pos = dirp->numentries = dirp->mallocsize = 0;
   dirp->data = dirp->current = NULL;
 
-  while ((n = readdirname(p))) {
-    int l = strlen(n)+1;
+  while (True)
+  {
+    int l;
+
+    if (used == 0) {
+	n = ".";
+    } else if (used == 2) {
+	n = "..";
+    } else {
+	n = vfs_readdirname(conn, p);
+	if (n == NULL)
+		break;
+	if ((strcmp(".",n) == 0) ||(strcmp("..",n) == 0))
+		continue;
+    }
+
+    l = strlen(n)+1;
+
+    /* If it's a vetoed file, pretend it doesn't even exist */
+    if (use_veto && conn && IS_VETO_PATH(conn, n)) continue;
+
+    /* Honour _hide unreadable_ option */
+    if (conn && lp_hideunreadable(SNUM(conn))) {
+	    char *entry;
+	    int ret=0;
+      
+	    if (asprintf(&entry, "%s/%s/%s", conn->origpath, name, n) > 0) {
+		    ret = user_can_read_file(conn, entry);
+		    SAFE_FREE(entry);
+	    }
+	    if (!ret) continue;
+    }
+
     if (used + l > dirp->mallocsize) {
       int s = MAX(used+l,used+2000);
       char *r;
@@ -523,30 +774,31 @@ void *OpenDir(char *name)
       dirp->mallocsize = s;
       dirp->current = dirp->data;
     }
-    strcpy(dirp->data+used,n);
+    pstrcpy(dirp->data+used,n);
     used += l;
     dirp->numentries++;
   }
 
-  closedir(p);
+  conn->vfs_ops.closedir(conn,p);
   return((void *)dirp);
 }
 
 
 /*******************************************************************
-close a directory
+ Close a directory.
 ********************************************************************/
+
 void CloseDir(void *p)
 {
-  Dir *dirp = (Dir *)p;
-  if (!dirp) return;    
-  if (dirp->data) free(dirp->data);
-  free(dirp);
+  if (!p) return;    
+  SAFE_FREE(((Dir *)p)->data);
+  SAFE_FREE(p);
 }
 
 /*******************************************************************
-read from a directory
+ Read from a directory.
 ********************************************************************/
+
 char *ReadDirName(void *p)
 {
   char *ret;
@@ -563,8 +815,9 @@ char *ReadDirName(void *p)
 
 
 /*******************************************************************
-seek a dir
+ Seek a dir.
 ********************************************************************/
+
 BOOL SeekDir(void *p,int pos)
 {
   Dir *dirp = (Dir *)p;
@@ -582,8 +835,9 @@ BOOL SeekDir(void *p,int pos)
 }
 
 /*******************************************************************
-tell a dir position
+ Tell a dir position.
 ********************************************************************/
+
 int TellDir(void *p)
 {
   Dir *dirp = (Dir *)p;
@@ -593,363 +847,113 @@ int TellDir(void *p)
   return(dirp->pos);
 }
 
+/*******************************************************************************
+ This section manages a global directory cache.
+ (It should probably be split into a separate module.  crh)
+********************************************************************************/
+
+typedef struct {
+  ubi_dlNode  node;
+  char       *path;
+  char       *name;
+  char       *dname;
+  int         snum;
+} dir_cache_entry;
+
+static ubi_dlNewList( dir_cache );
+
+/*****************************************************************************
+ Add an entry to the directory cache.
+ Input:  path  -
+         name  -
+         dname -
+         snum  -
+ Output: None.
+*****************************************************************************/
+
+void DirCacheAdd( char *path, char *name, char *dname, int snum )
+{
+  int               pathlen;
+  int               namelen;
+  dir_cache_entry  *entry;
+
+  /* Allocate the structure & string space in one go so that it can be freed
+   * in one call to free().
+   */
+  pathlen = strlen( path ) +1;  /* Bytes required to store path (with nul). */
+  namelen = strlen( name ) +1;  /* Bytes required to store name (with nul). */
+  entry = (dir_cache_entry *)malloc( sizeof( dir_cache_entry )
+                                   + pathlen
+                                   + namelen
+                                   + strlen( dname ) +1 );
+  if( NULL == entry )   /* Not adding to the cache is not fatal,  */
+    return;             /* so just return as if nothing happened. */
+
+  /* Set pointers correctly and load values. */
+  entry->path  = pstrcpy( (char *)&entry[1],       path);
+  entry->name  = pstrcpy( &(entry->path[pathlen]), name);
+  entry->dname = pstrcpy( &(entry->name[namelen]), dname);
+  entry->snum  = snum;
+
+  /* Add the new entry to the linked list. */
+  (void)ubi_dlAddHead( dir_cache, entry );
+  DEBUG( 4, ("Added dir cache entry %s %s -> %s\n", path, name, dname ) );
+
+  /* Free excess cache entries. */
+  while( DIRCACHESIZE < dir_cache->count )
+    safe_free( ubi_dlRemTail( dir_cache ) );
 
-static int dir_cache_size = 0;
-static struct dir_cache {
-  struct dir_cache *next;
-  struct dir_cache *prev;
-  char *path;
-  char *name;
-  char *dname;
-  int snum;
-} *dir_cache = NULL;
-
-/*******************************************************************
-add an entry to the directory cache
-********************************************************************/
-void DirCacheAdd(char *path,char *name,char *dname,int snum)
-{
-  struct dir_cache *entry = (struct dir_cache *)malloc(sizeof(*entry));
-  if (!entry) return;
-  entry->path = strdup(path);
-  entry->name = strdup(name);
-  entry->dname = strdup(dname);
-  entry->snum = snum;
-  if (!entry->path || !entry->name || !entry->dname) return;
-
-  entry->next = dir_cache;
-  entry->prev = NULL;
-  if (entry->next) entry->next->prev = entry;
-  dir_cache = entry;
-
-  DEBUG(4,("Added dir cache entry %s %s -> %s\n",path,name,dname));
-  
-  if (dir_cache_size == DIRCACHESIZE) {
-    for (entry=dir_cache; entry->next; entry=entry->next) ;
-    free(entry->path);
-    free(entry->name);
-    free(entry->dname);
-    if (entry->prev) entry->prev->next = entry->next;
-    free(entry);
-  } else {
-    dir_cache_size++;
-  }
 }
 
+/*****************************************************************************
+ Search for an entry to the directory cache.
+ Input:  path  -
+         name  -
+         snum  -
+ Output: The dname string of the located entry, or NULL if the entry was
+         not found.
 
-/*******************************************************************
-check for an entry in the directory cache
-********************************************************************/
-char *DirCacheCheck(char *path,char *name,int snum)
+ Notes:  This uses a linear search, which is is okay because of
+         the small size of the cache.  Use a splay tree or hash
+         for large caches.
+*****************************************************************************/
+
+char *DirCacheCheck( char *path, char *name, int snum )
 {
-  struct dir_cache *entry;
+  dir_cache_entry *entry;
 
-  for (entry=dir_cache; entry; entry=entry->next) {
-    if (entry->snum == snum &&
-	strcmp(path,entry->path) == 0 &&
-	strcmp(name,entry->name) == 0) {
-      DEBUG(4,("Got dir cache hit on %s %s -> %s\n",path,name,entry->dname));
-      return(entry->dname);
+  for( entry = (dir_cache_entry *)ubi_dlFirst( dir_cache );
+       NULL != entry;
+       entry = (dir_cache_entry *)ubi_dlNext( entry ) )
+    {
+    if( entry->snum == snum
+        && 0 == strcmp( name, entry->name )
+        && 0 == strcmp( path, entry->path ) )
+      {
+      DEBUG(4, ("Got dir cache hit on %s %s -> %s\n",path,name,entry->dname));
+      return( entry->dname );
+      }
     }
-  }
 
   return(NULL);
 }
 
-/*******************************************************************
-flush entries in the dir_cache
-********************************************************************/
+/*****************************************************************************
+ Remove all cache entries which have an snum that matches the input.
+ Input:  snum  -
+ Output: None.
+*****************************************************************************/
+
 void DirCacheFlush(int snum)
 {
-  struct dir_cache *entry,*next;
-
-  for (entry=dir_cache; entry; entry=next) {
-    if (entry->snum == snum) {
-      free(entry->path);
-      free(entry->dname);
-      free(entry->name);
-      next = entry->next;
-      if (entry->prev) entry->prev->next = entry->next;
-      if (entry->next) entry->next->prev = entry->prev;
-      if (dir_cache == entry) dir_cache = entry->next; 
-      free(entry);
-    } else {
-      next = entry->next;
-    }
-  }
-}
-
-
-#ifdef REPLACE_GETWD
-/* This is getcwd.c from bash.  It is needed in Interactive UNIX.  To
- * add support for another OS you need to determine which of the
- * conditional compilation macros you need to define.  All the options
- * are defined for Interactive UNIX.
- */
-#ifdef ISC
-#define HAVE_UNISTD_H
-#define USGr3
-#define USG
-#endif
-
-#if defined (HAVE_UNISTD_H)
-#  include <unistd.h>
-#endif
-
-#if defined (__STDC__)
-#  define CONST const
-#  define PTR void *
-#else /* !__STDC__ */
-#  define CONST
-#  define PTR char *
-#endif /* !__STDC__ */
-
-#if !defined (PATH_MAX)
-#  if defined (MAXPATHLEN)
-#    define PATH_MAX MAXPATHLEN
-#  else /* !MAXPATHLEN */
-#    define PATH_MAX 1024
-#  endif /* !MAXPATHLEN */
-#endif /* !PATH_MAX */
-
-#if defined (_POSIX_VERSION) || defined (USGr3) || defined (HAVE_DIRENT_H)
-#  if !defined (HAVE_DIRENT)
-#    define HAVE_DIRENT
-#  endif /* !HAVE_DIRENT */
-#endif /* _POSIX_VERSION || USGr3 || HAVE_DIRENT_H */
-
-#if defined (HAVE_DIRENT)
-#  define D_NAMLEN(d)	(strlen ((d)->d_name))
-#else
-#  define D_NAMLEN(d)	((d)->d_namlen)
-#endif /* ! (_POSIX_VERSION || USGr3) */
-
-#if defined (USG) || defined (USGr3)
-#  define d_fileno d_ino
-#endif
-
-#if !defined (alloca)
-extern char *alloca ();
-#endif /* alloca */
-
-/* Get the pathname of the current working directory,
-   and put it in SIZE bytes of BUF.  Returns NULL if the
-   directory couldn't be determined or SIZE was too small.
-   If successful, returns BUF.  In GNU, if BUF is NULL,
-   an array is allocated with `malloc'; the array is SIZE
-   bytes long, unless SIZE <= 0, in which case it is as
-   big as necessary.  */
-#if defined (__STDC__)
-char *
-getcwd (char *buf, size_t size)
-#else /* !__STDC__ */
-char *
-getcwd (buf, size)
-     char *buf;
-     int size;
-#endif /* !__STDC__ */
-{
-  static CONST char dots[]
-    = "../../../../../../../../../../../../../../../../../../../../../../../\
-../../../../../../../../../../../../../../../../../../../../../../../../../../\
-../../../../../../../../../../../../../../../../../../../../../../../../../..";
-  CONST char *dotp, *dotlist;
-  size_t dotsize;
-  dev_t rootdev, thisdev;
-  ino_t rootino, thisino;
-  char path[PATH_MAX + 1];
-  register char *pathp;
-  char *pathbuf;
-  size_t pathsize;
-  struct stat st;
-
-  if (buf != NULL && size == 0)
-    {
-      errno = EINVAL;
-      return ((char *)NULL);
-    }
-
-  pathsize = sizeof (path);
-  pathp = &path[pathsize];
-  *--pathp = '\0';
-  pathbuf = path;
-
-  if (stat (".", &st) < 0)
-    return ((char *)NULL);
-  thisdev = st.st_dev;
-  thisino = st.st_ino;
-
-  if (stat ("/", &st) < 0)
-    return ((char *)NULL);
-  rootdev = st.st_dev;
-  rootino = st.st_ino;
-
-  dotsize = sizeof (dots) - 1;
-  dotp = &dots[sizeof (dots)];
-  dotlist = dots;
-  while (!(thisdev == rootdev && thisino == rootino))
-    {
-      register DIR *dirstream;
-      register struct dirent *d;
-      dev_t dotdev;
-      ino_t dotino;
-      char mount_point;
-      int namlen;
-
-      /* Look at the parent directory.  */
-      if (dotp == dotlist)
-	{
-	  /* My, what a deep directory tree you have, Grandma.  */
-	  char *new;
-	  if (dotlist == dots)
-	    {
-	      new = malloc (dotsize * 2 + 1);
-	      if (new == NULL)
-		goto lose;
-	      memcpy (new, dots, dotsize);
-	    }
-	  else
-	    {
-	      new = realloc ((PTR) dotlist, dotsize * 2 + 1);
-	      if (new == NULL)
-		goto lose;
-	    }
-	  memcpy (&new[dotsize], new, dotsize);
-	  dotp = &new[dotsize];
-	  dotsize *= 2;
-	  new[dotsize] = '\0';
-	  dotlist = new;
+	dir_cache_entry *entry;
+	ubi_dlNodePtr    next;
+
+	for(entry = (dir_cache_entry *)ubi_dlFirst( dir_cache ); 
+	    NULL != entry; )  {
+		next = ubi_dlNext( entry );
+		if( entry->snum == snum )
+			safe_free( ubi_dlRemThis( dir_cache, entry ) );
+		entry = (dir_cache_entry *)next;
 	}
-
-      dotp -= 3;
-
-      /* Figure out if this directory is a mount point.  */
-      if (stat (dotp, &st) < 0)
-	goto lose;
-      dotdev = st.st_dev;
-      dotino = st.st_ino;
-      mount_point = dotdev != thisdev;
-
-      /* Search for the last directory.  */
-      dirstream = opendir(dotp);
-      if (dirstream == NULL)
-	goto lose;
-      while ((d = (struct dirent *)readdir(dirstream)) != NULL)
-	{
-	  if (d->d_name[0] == '.' &&
-	      (d->d_name[1] == '\0' ||
-		(d->d_name[1] == '.' && d->d_name[2] == '\0')))
-	    continue;
-	  if (mount_point || d->d_fileno == thisino)
-	    {
-	      char *name;
-
-	      namlen = D_NAMLEN(d);
-	      name = (char *)
-		alloca (dotlist + dotsize - dotp + 1 + namlen + 1);
-	      memcpy (name, dotp, dotlist + dotsize - dotp);
-	      name[dotlist + dotsize - dotp] = '/';
-	      memcpy (&name[dotlist + dotsize - dotp + 1],
-		      d->d_name, namlen + 1);
-	      if (lstat (name, &st) < 0)
-		{
-		  int save = errno;
-		  closedir(dirstream);
-		  errno = save;
-		  goto lose;
-		}
-	      if (st.st_dev == thisdev && st.st_ino == thisino)
-		break;
-	    }
-	}
-      if (d == NULL)
-	{
-	  int save = errno;
-	  closedir(dirstream);
-	  errno = save;
-	  goto lose;
-	}
-      else
-	{
-	  size_t space;
-
-	  while ((space = pathp - pathbuf) <= namlen)
-	    {
-	      char *new;
-
-	      if (pathbuf == path)
-		{
-		  new = malloc (pathsize * 2);
-		  if (!new)
-		    goto lose;
-		}
-	      else
-		{
-		  new = realloc ((PTR) pathbuf, (pathsize * 2));
-		  if (!new)
-		    goto lose;
-		  pathp = new + space;
-		}
-	      (void) memcpy (new + pathsize + space, pathp, pathsize - space);
-	      pathp = new + pathsize + space;
-	      pathbuf = new;
-	      pathsize *= 2;
-	    }
-
-	  pathp -= namlen;
-	  (void) memcpy (pathp, d->d_name, namlen);
-	  *--pathp = '/';
-	  closedir(dirstream);
-	}
-
-      thisdev = dotdev;
-      thisino = dotino;
-    }
-
-  if (pathp == &path[sizeof(path) - 1])
-    *--pathp = '/';
-
-  if (dotlist != dots)
-    free ((PTR) dotlist);
-
-  {
-    size_t len = pathbuf + pathsize - pathp;
-    if (buf == NULL)
-      {
-	if (len < (size_t) size)
-	  len = size;
-	buf = (char *) malloc (len);
-	if (buf == NULL)
-	  goto lose2;
-      }
-    else if ((size_t) size < len)
-      {
-	errno = ERANGE;
-	goto lose2;
-      }
-    (void) memcpy((PTR) buf, (PTR) pathp, len);
-  }
-
-  if (pathbuf != path)
-    free (pathbuf);
-
-  return (buf);
-
- lose:
-  if ((dotlist != dots) && dotlist)
-    {
-      int e = errno;
-      free ((PTR) dotlist);
-      errno = e;
-    }
-
- lose2:
-  if ((pathbuf != path) && pathbuf)
-    {
-      int e = errno;
-      free ((PTR) pathbuf);
-      errno = e;
-    }
-  return ((char *)NULL);
 }
-#endif
diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c
new file mode 100644
index 0000000000..dcffe3aa90
--- /dev/null
+++ b/source3/smbd/dosmode.c
@@ -0,0 +1,337 @@
+/* 
+   Unix SMB/CIFS implementation.
+   dos mode handling functions
+   Copyright (C) Andrew Tridgell 1992-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/****************************************************************************
+  change a dos mode to a unix mode
+    base permission for files:
+         if inheriting
+           apply read/write bits from parent directory.
+         else   
+           everybody gets read bit set
+         dos readonly is represented in unix by removing everyone's write bit
+         dos archive is represented in unix by the user's execute bit
+         dos system is represented in unix by the group's execute bit
+         dos hidden is represented in unix by the other's execute bit
+         if !inheriting {
+           Then apply create mask,
+           then add force bits.
+         }
+    base permission for directories:
+         dos directory is represented in unix by unix's dir bit and the exec bit
+         if !inheriting {
+           Then apply create mask,
+           then add force bits.
+         }
+****************************************************************************/
+mode_t unix_mode(connection_struct *conn,int dosmode,const char *fname)
+{
+  mode_t result = (S_IRUSR | S_IRGRP | S_IROTH);
+  mode_t dir_mode = 0; /* Mode of the parent directory if inheriting. */
+
+  if ( !IS_DOS_READONLY(dosmode) )
+    result |= (S_IWUSR | S_IWGRP | S_IWOTH);
+
+  if (fname && lp_inherit_perms(SNUM(conn))) {
+    char *dname;
+    SMB_STRUCT_STAT sbuf;
+
+    dname = parent_dirname(fname);
+    DEBUG(2,("unix_mode(%s) inheriting from %s\n",fname,dname));
+    if (vfs_stat(conn,dname,&sbuf) != 0) {
+      DEBUG(4,("unix_mode(%s) failed, [dir %s]: %s\n",fname,dname,strerror(errno)));
+      return(0);      /* *** shouldn't happen! *** */
+    }
+
+    /* Save for later - but explicitly remove setuid bit for safety. */
+    dir_mode = sbuf.st_mode & ~S_ISUID;
+    DEBUG(2,("unix_mode(%s) inherit mode %o\n",fname,(int)dir_mode));
+    /* Clear "result" */
+    result = 0;
+  } 
+
+  if (IS_DOS_DIR(dosmode)) {
+    /* We never make directories read only for the owner as under DOS a user
+       can always create a file in a read-only directory. */
+    result |= (S_IFDIR | S_IWUSR);
+
+    if (dir_mode) {
+      /* Inherit mode of parent directory. */
+      result |= dir_mode;
+    } else {
+      /* Provisionally add all 'x' bits */
+      result |= (S_IXUSR | S_IXGRP | S_IXOTH);                 
+
+      /* Apply directory mask */
+      result &= lp_dir_mask(SNUM(conn));
+      /* Add in force bits */
+      result |= lp_force_dir_mode(SNUM(conn));
+    }
+  } else { 
+    if (lp_map_archive(SNUM(conn)) && IS_DOS_ARCHIVE(dosmode))
+      result |= S_IXUSR;
+
+    if (lp_map_system(SNUM(conn)) && IS_DOS_SYSTEM(dosmode))
+      result |= S_IXGRP;
+ 
+    if (lp_map_hidden(SNUM(conn)) && IS_DOS_HIDDEN(dosmode))
+      result |= S_IXOTH;  
+
+    if (dir_mode) {
+      /* Inherit 666 component of parent directory mode */
+      result |= dir_mode
+        &  (S_IRUSR | S_IRGRP | S_IROTH | S_IWUSR | S_IWGRP | S_IWOTH);
+    } else {
+      /* Apply mode mask */
+      result &= lp_create_mask(SNUM(conn));
+      /* Add in force bits */
+      result |= lp_force_create_mode(SNUM(conn));
+    }
+  }
+
+  DEBUG(3,("unix_mode(%s) returning 0%o\n",fname,(int)result ));
+  return(result);
+}
+
+
+/****************************************************************************
+  change a unix mode to a dos mode
+****************************************************************************/
+int dos_mode(connection_struct *conn,char *path,SMB_STRUCT_STAT *sbuf)
+{
+  int result = 0;
+
+  DEBUG(8,("dos_mode: %s\n", path));
+
+  if ((sbuf->st_mode & S_IWUSR) == 0)
+      result |= aRONLY;
+
+  if (MAP_ARCHIVE(conn) && ((sbuf->st_mode & S_IXUSR) != 0))
+    result |= aARCH;
+
+  if (MAP_SYSTEM(conn) && ((sbuf->st_mode & S_IXGRP) != 0))
+    result |= aSYSTEM;
+
+  if (MAP_HIDDEN(conn) && ((sbuf->st_mode & S_IXOTH) != 0))
+    result |= aHIDDEN;   
+  
+  if (S_ISDIR(sbuf->st_mode))
+    result = aDIR | (result & aRONLY);
+ 
+#ifdef S_ISLNK
+#if LINKS_READ_ONLY
+  if (S_ISLNK(sbuf->st_mode) && S_ISDIR(sbuf->st_mode))
+    result |= aRONLY;
+#endif
+#endif
+
+  /* hide files with a name starting with a . */
+  if (lp_hide_dot_files(SNUM(conn)))
+    {
+      char *p = strrchr_m(path,'/');
+      if (p)
+	p++;
+      else
+	p = path;
+      
+      if (p[0] == '.' && p[1] != '.' && p[1] != 0)
+	result |= aHIDDEN;
+    }
+
+  /* Optimization : Only call is_hidden_path if it's not already
+     hidden. */
+  if (!(result & aHIDDEN) && IS_HIDDEN_PATH(conn,path))
+  {
+    result |= aHIDDEN;
+  }
+
+  DEBUG(8,("dos_mode returning "));
+
+  if (result & aHIDDEN) DEBUG(8, ("h"));
+  if (result & aRONLY ) DEBUG(8, ("r"));
+  if (result & aSYSTEM) DEBUG(8, ("s"));
+  if (result & aDIR   ) DEBUG(8, ("d"));
+  if (result & aARCH  ) DEBUG(8, ("a"));
+
+  DEBUG(8,("\n"));
+
+  return(result);
+}
+
+/*******************************************************************
+chmod a file - but preserve some bits
+********************************************************************/
+int file_chmod(connection_struct *conn,char *fname,int dosmode,SMB_STRUCT_STAT *st)
+{
+	SMB_STRUCT_STAT st1;
+	int mask=0;
+	mode_t tmp;
+	mode_t unixmode;
+	int ret = -1;
+
+	if (!st) {
+		st = &st1;
+		if (vfs_stat(conn,fname,st))
+			return(-1);
+	}
+
+	if (S_ISDIR(st->st_mode))
+		dosmode |= aDIR;
+	else
+		dosmode &= ~aDIR;
+
+	if (dos_mode(conn,fname,st) == dosmode)
+		return(0);
+
+	unixmode = unix_mode(conn,dosmode,fname);
+
+	/* preserve the s bits */
+	mask |= (S_ISUID | S_ISGID);
+
+	/* preserve the t bit */
+#ifdef S_ISVTX
+	mask |= S_ISVTX;
+#endif
+
+	/* possibly preserve the x bits */
+	if (!MAP_ARCHIVE(conn))
+		mask |= S_IXUSR;
+	if (!MAP_SYSTEM(conn))
+		mask |= S_IXGRP;
+	if (!MAP_HIDDEN(conn))
+		mask |= S_IXOTH;
+
+	unixmode |= (st->st_mode & mask);
+
+	/* if we previously had any r bits set then leave them alone */
+	if ((tmp = st->st_mode & (S_IRUSR|S_IRGRP|S_IROTH))) {
+		unixmode &= ~(S_IRUSR|S_IRGRP|S_IROTH);
+		unixmode |= tmp;
+	}
+
+	/* if we previously had any w bits set then leave them alone 
+		whilst adding in the new w bits, if the new mode is not rdonly */
+	if (!IS_DOS_READONLY(dosmode)) {
+		unixmode |= (st->st_mode & (S_IWUSR|S_IWGRP|S_IWOTH));
+	}
+
+	if ((ret = vfs_chmod(conn,fname,unixmode)) == 0)
+		return 0;
+
+	if((errno != EPERM) && (errno != EACCES))
+		return -1;
+
+	if(!lp_dos_filemode(SNUM(conn)))
+		return -1;
+
+	/* We want DOS semantics, ie allow non owner with write permission to change the
+		bits on a file. Just like file_utime below.
+	*/
+
+	/* Check if we have write access. */
+	if (CAN_WRITE(conn)) {
+		/*
+		 * We need to open the file with write access whilst
+		 * still in our current user context. This ensures we
+		 * are not violating security in doing the fchmod.
+		 * This file open does *not* break any oplocks we are
+		 * holding. We need to review this.... may need to
+		 * break batch oplocks open by others. JRA.
+		 */
+		files_struct *fsp = open_file_fchmod(conn,fname,st);
+		if (!fsp)
+			return -1;
+		become_root();
+		ret = conn->vfs_ops.fchmod(fsp, fsp->fd, unixmode);
+		unbecome_root();
+		close_file_fchmod(fsp);
+	}
+
+	return( ret );
+}
+
+
+/*******************************************************************
+Wrapper around dos_utime that possibly allows DOS semantics rather
+than POSIX.
+*******************************************************************/
+int file_utime(connection_struct *conn, char *fname, struct utimbuf *times)
+{
+  extern struct current_user current_user;
+  SMB_STRUCT_STAT sb;
+  int ret = -1;
+
+  errno = 0;
+
+  if(conn->vfs_ops.utime(conn,fname, times) == 0)
+    return 0;
+
+  if((errno != EPERM) && (errno != EACCES))
+    return -1;
+
+  if(!lp_dos_filetimes(SNUM(conn)))
+    return -1;
+
+  /* We have permission (given by the Samba admin) to
+     break POSIX semantics and allow a user to change
+     the time on a file they don't own but can write to
+     (as DOS does).
+   */
+
+  if(vfs_stat(conn,fname,&sb) != 0)
+    return -1;
+
+  /* Check if we have write access. */
+  if (CAN_WRITE(conn)) {
+	  if (((sb.st_mode & S_IWOTH) ||
+	       conn->admin_user ||
+	       ((sb.st_mode & S_IWUSR) && current_user.uid==sb.st_uid) ||
+	       ((sb.st_mode & S_IWGRP) &&
+		in_group(sb.st_gid,current_user.gid,
+			 current_user.ngroups,current_user.groups)))) {
+		  /* We are allowed to become root and change the filetime. */
+		  become_root();
+		  ret = conn->vfs_ops.utime(conn,fname, times);
+		  unbecome_root();
+	  }
+  }
+
+  return ret;
+}
+  
+/*******************************************************************
+Change a filetime - possibly allowing DOS semantics.
+*******************************************************************/
+BOOL set_filetime(connection_struct *conn, char *fname, time_t mtime)
+{
+  struct utimbuf times;
+
+  if (null_mtime(mtime)) return(True);
+
+  times.modtime = times.actime = mtime;
+
+  if (file_utime(conn, fname, &times)) {
+    DEBUG(4,("set_filetime(%s) failed: %s\n",fname,strerror(errno)));
+    return False;
+  }
+  
+  return(True);
+} 
diff --git a/source3/smbd/error.c b/source3/smbd/error.c
new file mode 100644
index 0000000000..2f993fb41e
--- /dev/null
+++ b/source3/smbd/error.c
@@ -0,0 +1,129 @@
+/* 
+   Unix SMB/CIFS implementation.
+   error packet handling
+   Copyright (C) Andrew Tridgell 1992-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/* these can be set by some functions to override the error codes */
+int unix_ERR_class=SMB_SUCCESS;
+int unix_ERR_code=0;
+
+/* From lib/error.c */
+extern struct unix_error_map unix_dos_nt_errmap[];
+
+/****************************************************************************
+ Create an error packet from a cached error.
+****************************************************************************/
+ 
+int cached_error_packet(char *outbuf,files_struct *fsp,int line,const char *file)
+{
+	write_bmpx_struct *wbmpx = fsp->wbmpx_ptr;
+ 
+	int32 eclass = wbmpx->wr_errclass;
+	int32 err = wbmpx->wr_error;
+ 
+	/* We can now delete the auxiliary struct */
+	free((char *)wbmpx);
+	fsp->wbmpx_ptr = NULL;
+	return error_packet(outbuf,NT_STATUS_OK,eclass,err,line,file);
+}
+
+/****************************************************************************
+ Create an error packet from errno.
+****************************************************************************/
+
+int unix_error_packet(char *outbuf,int def_class,uint32 def_code,
+		      int line, const char *file)
+{
+	int eclass=def_class;
+	int ecode=def_code;
+	NTSTATUS ntstatus = NT_STATUS_OK;
+	int i=0;
+
+	if (unix_ERR_class != SMB_SUCCESS) {
+		eclass = unix_ERR_class;
+		ecode = unix_ERR_code;
+		unix_ERR_class = SMB_SUCCESS;
+		unix_ERR_code = 0;
+	} else {
+		while (unix_dos_nt_errmap[i].dos_class != 0) {
+			if (unix_dos_nt_errmap[i].unix_error == errno) {
+				eclass = unix_dos_nt_errmap[i].dos_class;
+				ecode = unix_dos_nt_errmap[i].dos_code;
+				ntstatus = unix_dos_nt_errmap[i].nt_error;
+				break;
+			}
+			i++;
+		}
+	}
+
+	return error_packet(outbuf,ntstatus,eclass,ecode,line,file);
+}
+
+
+/****************************************************************************
+ Create an error packet. Normally called using the ERROR() macro.
+****************************************************************************/
+
+int error_packet(char *outbuf,NTSTATUS ntstatus,
+		 uint8 eclass,uint32 ecode,int line, const char *file)
+{
+	int outsize = set_message(outbuf,0,0,True);
+	extern uint32 global_client_caps;
+
+	if (errno != 0)
+		DEBUG(3,("error string = %s\n",strerror(errno)));
+  
+	/*
+	 * We can explicitly force 32 bit error codes even when the
+	 * parameter "nt status" is set to no by pre-setting the
+	 * FLAGS2_32_BIT_ERROR_CODES bit in the smb_flg2 outbuf.
+	 * This is to allow work arounds for client bugs that are needed
+	 * when talking with clients that normally expect nt status codes. JRA.
+	 */
+
+	if ((lp_nt_status_support() || (SVAL(outbuf,smb_flg2) & FLAGS2_32_BIT_ERROR_CODES)) && (global_client_caps & CAP_STATUS32)) {
+		if (NT_STATUS_V(ntstatus) == 0 && eclass)
+			ntstatus = dos_to_ntstatus(eclass, ecode);
+		SIVAL(outbuf,smb_rcls,NT_STATUS_V(ntstatus));
+		SSVAL(outbuf,smb_flg2, SVAL(outbuf,smb_flg2)|FLAGS2_32_BIT_ERROR_CODES);
+		DEBUG(3,("error packet at %s(%d) cmd=%d (%s) %s\n",
+			 file, line,
+			 (int)CVAL(outbuf,smb_com),
+			 smb_fn_name(CVAL(outbuf,smb_com)),
+			 nt_errstr(ntstatus)));
+		return outsize;
+	} 
+
+	if (eclass == 0 && NT_STATUS_V(ntstatus))
+		ntstatus_to_dos(ntstatus, &eclass, &ecode);
+
+	SSVAL(outbuf,smb_flg2, SVAL(outbuf,smb_flg2)&~FLAGS2_32_BIT_ERROR_CODES);
+	SSVAL(outbuf,smb_rcls,eclass);
+	SSVAL(outbuf,smb_err,ecode);  
+
+	DEBUG(3,("error packet at %s(%d) cmd=%d (%s) eclass=%d ecode=%d\n",
+		  file, line,
+		  (int)CVAL(outbuf,smb_com),
+		  smb_fn_name(CVAL(outbuf,smb_com)),
+		  eclass,
+		  ecode));
+
+	return outsize;
+}
diff --git a/source3/smbd/fileio.c b/source3/smbd/fileio.c
new file mode 100644
index 0000000000..addbcb0b3c
--- /dev/null
+++ b/source3/smbd/fileio.c
@@ -0,0 +1,659 @@
+/* 
+   Unix SMB/CIFS implementation.
+   read/write to a files_struct
+   Copyright (C) Andrew Tridgell 1992-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+static BOOL setup_write_cache(files_struct *, SMB_OFF_T);
+
+/****************************************************************************
+seek a file. Try to avoid the seek if possible
+****************************************************************************/
+
+SMB_OFF_T seek_file(files_struct *fsp,SMB_OFF_T pos)
+{
+  SMB_OFF_T offset = 0;
+  SMB_OFF_T seek_ret;
+
+  if (fsp->print_file && lp_postscript(fsp->conn->service))
+    offset = 3;
+
+  seek_ret = fsp->conn->vfs_ops.lseek(fsp,fsp->fd,pos+offset,SEEK_SET);
+
+  if(seek_ret == -1) {
+    DEBUG(0,("seek_file: sys_lseek failed. Error was %s\n", strerror(errno) ));
+    fsp->pos = -1;
+    return -1;
+  }
+
+  fsp->pos = seek_ret - offset;
+
+  DEBUG(10,("seek_file: requested pos = %.0f, new pos = %.0f\n",
+        (double)(pos+offset), (double)fsp->pos ));
+
+  return(fsp->pos);
+}
+
+/****************************************************************************
+ Read from write cache if we can.
+****************************************************************************/
+
+
+BOOL read_from_write_cache(files_struct *fsp,char *data,SMB_OFF_T pos,size_t n)
+{
+  write_cache *wcp = fsp->wcp;
+
+  if(!wcp)
+    return False;
+
+  if(n > wcp->data_size || pos < wcp->offset || pos + n > wcp->offset + wcp->data_size)
+    return False;
+
+  memcpy(data, wcp->data + (pos - wcp->offset), n);
+
+  DO_PROFILE_INC(writecache_read_hits);
+
+  return True;
+}
+
+/****************************************************************************
+read from a file
+****************************************************************************/
+
+ssize_t read_file(files_struct *fsp,char *data,SMB_OFF_T pos,size_t n)
+{
+	ssize_t ret=0,readret;
+
+	/* you can't read from print files */
+	if (fsp->print_file)
+		return -1;
+
+	/*
+	 * Serve from write cache if we can.
+	 */
+
+	if(read_from_write_cache(fsp, data, pos, n))
+		return n;
+
+	flush_write_cache(fsp, READ_FLUSH);
+
+	if (seek_file(fsp,pos) == -1) {
+		DEBUG(3,("read_file: Failed to seek to %.0f\n",(double)pos));
+		return(ret);
+	}
+  
+	if (n > 0) {
+#ifdef DMF_FIX
+		int numretries = 3;
+tryagain:
+		readret = fsp->conn->vfs_ops.read(fsp,fsp->fd,data,n);
+		if (readret == -1) {
+			if ((errno == EAGAIN) && numretries) {
+				DEBUG(3,("read_file EAGAIN retry in 10 seconds\n"));
+				(void)sleep(10);
+				--numretries;
+				goto tryagain;
+			}
+			return -1;
+		}
+#else /* NO DMF fix. */
+		readret = fsp->conn->vfs_ops.read(fsp,fsp->fd,data,n);
+		if (readret == -1)
+			return -1;
+#endif
+		if (readret > 0)
+			ret += readret;
+	}
+
+	return(ret);
+}
+
+/* how many write cache buffers have been allocated */
+static unsigned int allocated_write_caches;
+
+/****************************************************************************
+ *Really* write to a file.
+****************************************************************************/
+
+static ssize_t real_write_file(files_struct *fsp,char *data,SMB_OFF_T pos, size_t n)
+{
+  if ((pos != -1) && (seek_file(fsp,pos) == -1))
+    return -1;
+
+  return vfs_write_data(fsp,data,n);
+}
+
+/****************************************************************************
+write to a file
+****************************************************************************/
+
+ssize_t write_file(files_struct *fsp, char *data, SMB_OFF_T pos, size_t n)
+{
+  write_cache *wcp = fsp->wcp;
+  ssize_t total_written = 0;
+  int write_path = -1; 
+
+  if (fsp->print_file) {
+	  return print_job_write(fsp->print_jobid, data, n);
+  }
+
+  if (!fsp->can_write) {
+    errno = EPERM;
+    return(0);
+  }
+
+  if (!fsp->modified) {
+    SMB_STRUCT_STAT st;
+    fsp->modified = True;
+
+    if (fsp->conn->vfs_ops.fstat(fsp,fsp->fd,&st) == 0) {
+      int dosmode = dos_mode(fsp->conn,fsp->fsp_name,&st);
+      fsp->size = st.st_size;
+      if (MAP_ARCHIVE(fsp->conn) && !IS_DOS_ARCHIVE(dosmode)) {	
+        file_chmod(fsp->conn,fsp->fsp_name,dosmode | aARCH,&st);
+      }
+
+      /*
+       * If this is the first write and we have an exclusive oplock then setup
+       * the write cache.
+       */
+
+      if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type) && !wcp) {
+        setup_write_cache(fsp, st.st_size);
+        wcp = fsp->wcp;
+      } 
+    }  
+  }
+
+#ifdef WITH_PROFILE
+  DO_PROFILE_INC(writecache_total_writes);
+  if (!fsp->oplock_type) {
+    DO_PROFILE_INC(writecache_non_oplock_writes);
+  }
+#endif
+
+  /*
+   * If this file is level II oplocked then we need
+   * to grab the shared memory lock and inform all
+   * other files with a level II lock that they need
+   * to flush their read caches. We keep the lock over
+   * the shared memory area whilst doing this.
+   */
+
+  release_level_2_oplocks_on_change(fsp);
+
+#ifdef WITH_PROFILE
+  if (profile_p && profile_p->writecache_total_writes % 500 == 0) {
+    DEBUG(3,("WRITECACHE: initwrites=%u abutted=%u total=%u \
+nonop=%u allocated=%u active=%u direct=%u perfect=%u readhits=%u\n",
+	profile_p->writecache_init_writes,
+	profile_p->writecache_abutted_writes,
+	profile_p->writecache_total_writes,
+	profile_p->writecache_non_oplock_writes,
+	profile_p->writecache_allocated_write_caches,
+	profile_p->writecache_num_write_caches,
+	profile_p->writecache_direct_writes,
+	profile_p->writecache_num_perfect_writes,
+	profile_p->writecache_read_hits ));
+
+    DEBUG(3,("WRITECACHE: Flushes SEEK=%d, READ=%d, WRITE=%d, READRAW=%d, OPLOCK=%d, CLOSE=%d, SYNC=%d\n",
+	profile_p->writecache_flushed_writes[SEEK_FLUSH],
+	profile_p->writecache_flushed_writes[READ_FLUSH],
+	profile_p->writecache_flushed_writes[WRITE_FLUSH],
+	profile_p->writecache_flushed_writes[READRAW_FLUSH],
+	profile_p->writecache_flushed_writes[OPLOCK_RELEASE_FLUSH],
+	profile_p->writecache_flushed_writes[CLOSE_FLUSH],
+	profile_p->writecache_flushed_writes[SYNC_FLUSH] ));
+  }
+#endif
+
+  if(!wcp) {
+    DO_PROFILE_INC(writecache_direct_writes);
+    total_written = real_write_file(fsp, data, pos, n);
+    if ((total_written != -1) && (pos + total_written > fsp->size))
+      fsp->size = pos + total_written;
+    return total_written;
+  }
+
+  DEBUG(9,("write_file(fd=%d pos=%.0f size=%u) wcp->offset=%.0f wcp->data_size=%u\n",
+	   fsp->fd, (double)pos, (unsigned int)n, (double)wcp->offset, (unsigned int)wcp->data_size));
+
+  /* 
+   * If we have active cache and it isn't contiguous then we flush.
+   * NOTE: There is a small problem with running out of disk ....
+   */
+
+  if (wcp->data_size) {
+
+    BOOL cache_flush_needed = False;
+
+    if ((pos >= wcp->offset) && (pos <= wcp->offset + wcp->data_size)) {
+      
+      /*
+       * Start of write overlaps or abutts the existing data.
+       */
+
+      size_t data_used = MIN((wcp->alloc_size - (pos - wcp->offset)), n);
+
+      memcpy(wcp->data + (pos - wcp->offset), data, data_used);
+
+      /*
+       * Update the current buffer size with the new data.
+       */
+
+      if(pos + data_used > wcp->offset + wcp->data_size)
+        wcp->data_size = pos + data_used - wcp->offset;
+
+      /*
+       * Update the file size if changed.
+       */
+
+      if (wcp->offset + wcp->data_size > wcp->file_size)
+        fsp->size = wcp->file_size = wcp->offset + wcp->data_size;
+
+      /*
+       * If we used all the data then
+       * return here.
+       */
+
+      if(n == data_used)
+        return n;
+      else
+        cache_flush_needed = True;
+
+      /*
+       * Move the start of data forward by the amount used,
+       * cut down the amount left by the same amount.
+       */
+
+      data += data_used;
+      pos += data_used;
+      n -= data_used;
+
+      DO_PROFILE_INC(writecache_abutted_writes);
+      total_written = data_used;
+
+      write_path = 1;
+
+    } else if ((pos < wcp->offset) && (pos + n > wcp->offset) && 
+               (pos + n <= wcp->offset + wcp->alloc_size)) {
+
+      /*
+       * End of write overlaps the existing data.
+       */
+
+      size_t data_used = pos + n - wcp->offset;
+
+      memcpy(wcp->data, data + n - data_used, data_used);
+
+      /*
+       * Update the current buffer size with the new data.
+       */
+
+      if(pos + n > wcp->offset + wcp->data_size)
+        wcp->data_size = pos + n - wcp->offset;
+
+      /*
+       * Update the file size if changed.
+       */
+
+      if (wcp->offset + wcp->data_size > wcp->file_size)
+        fsp->size = wcp->file_size = wcp->offset + wcp->data_size;
+
+      /*
+       * We don't need to move the start of data, but we
+       * cut down the amount left by the amount used.
+       */
+
+      n -= data_used;
+
+      /*
+       * We cannot have used all the data here.
+       */
+
+      cache_flush_needed = True;
+
+      DO_PROFILE_INC(writecache_abutted_writes);
+      total_written = data_used;
+
+      write_path = 2;
+
+    } else if ( (pos >= wcp->file_size) && 
+                (wcp->offset + wcp->data_size == wcp->file_size) &&
+                (pos > wcp->offset + wcp->data_size) && 
+                (pos < wcp->offset + wcp->alloc_size) ) {
+
+      /*
+       * Non-contiguous write part of which fits within
+       * the cache buffer and is extending the file
+       * and the cache contents reflect the current
+       * data up to the current end of the file.
+       */
+
+      size_t data_used;
+
+      if(pos + n <= wcp->offset + wcp->alloc_size)
+        data_used = n;
+      else
+        data_used = wcp->offset + wcp->alloc_size - pos;
+
+      /*
+       * Fill in the non-continuous area with zeros.
+       */
+
+      memset(wcp->data + wcp->data_size, '\0',
+             pos - (wcp->offset + wcp->data_size) );
+
+      memcpy(wcp->data + (pos - wcp->offset), data, data_used);
+
+      /*
+       * Update the current buffer size with the new data.
+       */
+
+      if(pos + data_used > wcp->offset + wcp->data_size)
+        wcp->data_size = pos + data_used - wcp->offset;
+
+      /*
+       * Update the file size if changed.
+       */
+
+      if (wcp->offset + wcp->data_size > wcp->file_size)
+        fsp->size = wcp->file_size = wcp->offset + wcp->data_size;
+
+      /*
+       * If we used all the data then
+       * return here.
+       */
+
+      if(n == data_used)
+        return n;
+      else
+        cache_flush_needed = True;
+
+      /*
+       * Move the start of data forward by the amount used,
+       * cut down the amount left by the same amount.
+       */
+
+      data += data_used;
+      pos += data_used;
+      n -= data_used;
+
+      DO_PROFILE_INC(writecache_abutted_writes);
+      total_written = data_used;
+
+      write_path = 3;
+
+    } else {
+
+      /*
+       * Write is bigger than buffer, or there is no overlap on the
+       * low or high ends.
+       */
+
+      DEBUG(9,("write_file: non cacheable write : fd = %d, pos = %.0f, len = %u, current cache pos = %.0f \
+len = %u\n",fsp->fd, (double)pos, (unsigned int)n, (double)wcp->offset, (unsigned int)wcp->data_size ));
+
+      /*
+       * Update the file size if needed.
+       */
+
+      if(pos + n > wcp->file_size)
+        fsp->size = wcp->file_size = pos + n;
+
+      /*
+       * If write would fit in the cache, and is larger than
+       * the data already in the cache, flush the cache and
+       * preferentially copy the data new data into it. Otherwise
+       * just write the data directly.
+       */
+
+      if ( n <= wcp->alloc_size && n > wcp->data_size) {
+        cache_flush_needed = True;
+      } else {
+        ssize_t ret = real_write_file(fsp, data, pos, n);
+
+        DO_PROFILE_INC(writecache_direct_writes);
+        if (ret == -1)
+          return ret;
+
+        if (pos + ret > wcp->file_size)
+          fsp->size = wcp->file_size = pos + ret;
+
+        return ret;
+      }
+
+      write_path = 4;
+
+    }
+
+    if(wcp->data_size > wcp->file_size)
+      fsp->size = wcp->file_size = wcp->data_size;
+
+    if (cache_flush_needed) {
+      DEBUG(3,("WRITE_FLUSH:%d: due to noncontinuous write: fd = %d, size = %.0f, pos = %.0f, \
+n = %u, wcp->offset=%.0f, wcp->data_size=%u\n",
+             write_path, fsp->fd, (double)wcp->file_size, (double)pos, (unsigned int)n,
+             (double)wcp->offset, (unsigned int)wcp->data_size ));
+
+      flush_write_cache(fsp, WRITE_FLUSH);
+    }
+  }
+
+  /*
+   * If the write request is bigger than the cache
+   * size, write it all out.
+   */
+
+  if (n > wcp->alloc_size ) {
+    ssize_t ret = real_write_file(fsp, data, pos, n);
+    if (ret == -1)
+      return -1;
+
+    if (pos + ret > wcp->file_size)
+      fsp->size = wcp->file_size = pos + n;
+
+    DO_PROFILE_INC(writecache_direct_writes);
+    return total_written + n;
+  }
+
+  /*
+   * If there's any data left, cache it.
+   */
+
+  if (n) {
+#ifdef WITH_PROFILE
+    if (wcp->data_size) {
+      DO_PROFILE_INC(writecache_abutted_writes);
+    } else {
+      DO_PROFILE_INC(writecache_init_writes);
+    }
+#endif
+    memcpy(wcp->data+wcp->data_size, data, n);
+    if (wcp->data_size == 0) {
+      wcp->offset = pos;
+      DO_PROFILE_INC(writecache_num_write_caches);
+    }
+    wcp->data_size += n;
+
+    /*
+     * Update the file size if changed.
+     */
+
+    if (wcp->offset + wcp->data_size > wcp->file_size)
+      fsp->size = wcp->file_size = wcp->offset + wcp->data_size;
+    DEBUG(9,("wcp->offset = %.0f wcp->data_size = %u cache return %u\n",
+		(double)wcp->offset, (unsigned int)wcp->data_size, (unsigned int)n));
+
+    total_written += n;
+    return total_written; /* .... that's a write :) */
+  }
+  
+  return total_written;
+}
+
+/****************************************************************************
+ Delete the write cache structure.
+****************************************************************************/
+
+void delete_write_cache(files_struct *fsp)
+{
+  write_cache *wcp;
+
+  if(!fsp)
+    return;
+
+  if(!(wcp = fsp->wcp))
+    return;
+
+  DO_PROFILE_DEC(writecache_allocated_write_caches);
+  allocated_write_caches--;
+
+  SMB_ASSERT(wcp->data_size == 0);
+
+  SAFE_FREE(wcp->data);
+  SAFE_FREE(fsp->wcp);
+
+  DEBUG(10,("delete_write_cache: File %s deleted write cache\n", fsp->fsp_name ));
+
+}
+
+/****************************************************************************
+ Setup the write cache structure.
+****************************************************************************/
+
+static BOOL setup_write_cache(files_struct *fsp, SMB_OFF_T file_size)
+{
+  ssize_t alloc_size = lp_write_cache_size(SNUM(fsp->conn));
+  write_cache *wcp;
+
+  if (allocated_write_caches >= MAX_WRITE_CACHES) 
+	return False;
+
+  if(alloc_size == 0 || fsp->wcp)
+    return False;
+
+  if((wcp = (write_cache *)malloc(sizeof(write_cache))) == NULL) {
+    DEBUG(0,("setup_write_cache: malloc fail.\n"));
+    return False;
+  }
+
+  wcp->file_size = file_size;
+  wcp->offset = 0;
+  wcp->alloc_size = alloc_size;
+  wcp->data_size = 0;
+  if((wcp->data = malloc(wcp->alloc_size)) == NULL) {
+    DEBUG(0,("setup_write_cache: malloc fail for buffer size %u.\n",
+          (unsigned int)wcp->alloc_size ));
+    SAFE_FREE(wcp);
+    return False;
+  }
+
+  memset(wcp->data, '\0', wcp->alloc_size );
+
+  fsp->wcp = wcp;
+  DO_PROFILE_INC(writecache_allocated_write_caches);
+  allocated_write_caches++;
+
+  DEBUG(10,("setup_write_cache: File %s allocated write cache size %u\n",
+		fsp->fsp_name, wcp->alloc_size ));
+
+  return True;
+}
+
+/****************************************************************************
+ Cope with a size change.
+****************************************************************************/
+
+void set_filelen_write_cache(files_struct *fsp, SMB_OFF_T file_size)
+{
+  fsp->size = file_size;
+  if(fsp->wcp) {
+    /* The cache *must* have been flushed before we do this. */
+    if (fsp->wcp->data_size != 0) {
+      pstring msg;
+      slprintf(msg, sizeof(msg)-1, "set_filelen_write_cache: size change \
+on file %s with write cache size = %u\n", fsp->fsp_name, fsp->wcp->data_size );
+      smb_panic(msg);
+    }
+    fsp->wcp->file_size = file_size;
+  }
+}
+
+/*******************************************************************
+ Flush a write cache struct to disk.
+********************************************************************/
+
+ssize_t flush_write_cache(files_struct *fsp, enum flush_reason_enum reason)
+{
+  write_cache *wcp = fsp->wcp;
+  size_t data_size;
+  ssize_t ret;
+
+  if(!wcp || !wcp->data_size)
+    return 0;
+
+  data_size = wcp->data_size;
+  wcp->data_size = 0;
+
+  DO_PROFILE_DEC_INC(writecache_num_write_caches,writecache_flushed_writes[reason]);
+
+  DEBUG(9,("flushing write cache: fd = %d, off=%.0f, size=%u\n",
+	   fsp->fd, (double)wcp->offset, (unsigned int)data_size));
+
+#ifdef WITH_PROFILE
+  if(data_size == wcp->alloc_size)
+    DO_PROFILE_INC(writecache_num_perfect_writes);
+#endif
+
+  ret = real_write_file(fsp, wcp->data, wcp->offset, data_size);
+
+  /*
+   * Ensure file size if kept up to date if write extends file.
+   */
+
+  if ((ret != -1) && (wcp->offset + ret > wcp->file_size))
+    wcp->file_size = wcp->offset + ret;
+
+  return ret;
+}
+
+/*******************************************************************
+sync a file
+********************************************************************/
+
+void sync_file(connection_struct *conn, files_struct *fsp)
+{
+    if(lp_strict_sync(SNUM(conn)) && fsp->fd != -1) {
+      flush_write_cache(fsp, SYNC_FLUSH);
+      conn->vfs_ops.fsync(fsp,fsp->fd);
+    }
+}
+
+/************************************************************
+ Perform a stat whether a valid fd or not.
+************************************************************/
+
+int fsp_stat(files_struct *fsp, SMB_STRUCT_STAT *pst)
+{
+	if (fsp->fd == -1)
+		return vfs_stat(fsp->conn, fsp->fsp_name, pst);
+	else
+		return vfs_fstat(fsp,fsp->fd, pst);
+}
diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
new file mode 100644
index 0000000000..cb6a6d31a4
--- /dev/null
+++ b/source3/smbd/filename.c
@@ -0,0 +1,503 @@
+/* 
+   Unix SMB/CIFS implementation.
+   filename handling routines
+   Copyright (C) Andrew Tridgell 1992-1998
+   Copyright (C) Jeremy Allison 1999-200
+   Copyright (C) Ying Chen 2000
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+/*
+ * New hash table stat cache code added by Ying Chen.
+ */
+
+#include "includes.h"
+
+extern BOOL case_sensitive;
+extern BOOL case_preserve;
+extern BOOL short_case_preserve;
+extern fstring remote_machine;
+extern BOOL use_mangled_map;
+
+static BOOL scan_directory(char *path, char *name,connection_struct *conn,BOOL docache);
+
+/****************************************************************************
+ Check if two filenames are equal.
+ This needs to be careful about whether we are case sensitive.
+****************************************************************************/
+static BOOL fname_equal(char *name1, char *name2)
+{
+  int l1 = strlen(name1);
+  int l2 = strlen(name2);
+
+  /* handle filenames ending in a single dot */
+  if (l1-l2 == 1 && name1[l1-1] == '.' && lp_strip_dot())
+    {
+      BOOL ret;
+      name1[l1-1] = 0;
+      ret = fname_equal(name1,name2);
+      name1[l1-1] = '.';
+      return(ret);
+    }
+
+  if (l2-l1 == 1 && name2[l2-1] == '.' && lp_strip_dot())
+    {
+      BOOL ret;
+      name2[l2-1] = 0;
+      ret = fname_equal(name1,name2);
+      name2[l2-1] = '.';
+      return(ret);
+    }
+
+  /* now normal filename handling */
+  if (case_sensitive)
+    return(strcmp(name1,name2) == 0);
+
+  return(strequal(name1,name2));
+}
+
+
+/****************************************************************************
+ Mangle the 2nd name and check if it is then equal to the first name.
+****************************************************************************/
+static BOOL mangled_equal(char *name1, char *name2, int snum)
+{
+	pstring tmpname;
+	if (mangle_is_8_3(name2, True)) {
+		return False;
+	}
+	
+	pstrcpy(tmpname, name2);
+	return mangle_map(tmpname, True, False, snum) && 
+		strequal(name1, tmpname);
+}
+
+
+/****************************************************************************
+This routine is called to convert names from the dos namespace to unix
+namespace. It needs to handle any case conversions, mangling, format
+changes etc.
+
+We assume that we have already done a chdir() to the right "root" directory
+for this service.
+
+The function will return False if some part of the name except for the last
+part cannot be resolved
+
+If the saved_last_component != 0, then the unmodified last component
+of the pathname is returned there. This is used in an exceptional
+case in reply_mv (so far). If saved_last_component == 0 then nothing
+is returned there.
+
+The bad_path arg is set to True if the filename walk failed. This is
+used to pick the correct error code to return between ENOENT and ENOTDIR
+as Windows applications depend on ERRbadpath being returned if a component
+of a pathname does not exist.
+
+On exit from unix_convert, if *pst was not null, then the file stat
+struct will be returned if the file exists and was found, if not this
+stat struct will be filled with zeros (and this can be detected by checking
+for nlinks = 0, which can never be true for any file).
+****************************************************************************/
+
+BOOL unix_convert(pstring name,connection_struct *conn,char *saved_last_component, 
+                  BOOL *bad_path, SMB_STRUCT_STAT *pst)
+{
+  SMB_STRUCT_STAT st;
+  char *start, *end;
+  pstring dirpath;
+  pstring orig_path;
+  BOOL component_was_mangled = False;
+  BOOL name_has_wildcard = False;
+
+  ZERO_STRUCTP(pst);
+
+  *dirpath = 0;
+  *bad_path = False;
+  if(saved_last_component)
+    *saved_last_component = 0;
+
+  if (conn->printer) {
+	  /* we don't ever use the filenames on a printer share as a
+	     filename - so don't convert them */
+	  return True;
+  }
+
+  DEBUG(5, ("unix_convert called on file \"%s\"\n", name));
+
+  /* 
+   * Convert to basic unix format - removing \ chars and cleaning it up.
+   */
+
+  unix_format(name);
+  unix_clean_name(name);
+
+  /* 
+   * Names must be relative to the root of the service - trim any leading /.
+   * also trim trailing /'s.
+   */
+
+  trim_string(name,"/","/");
+
+  /*
+   * If we trimmed down to a single '\0' character
+   * then we should use the "." directory to avoid
+   * searching the cache, but not if we are in a
+   * printing share.
+   */
+
+  if (!*name) {
+    name[0] = '.';
+    name[1] = '\0';
+  }
+
+  /*
+   * Ensure saved_last_component is valid even if file exists.
+   */
+
+  if(saved_last_component) {
+    end = strrchr_m(name, '/');
+    if(end)
+      pstrcpy(saved_last_component, end + 1);
+    else
+      pstrcpy(saved_last_component, name);
+  }
+
+  if (!case_sensitive && 
+      (!case_preserve || (mangle_is_8_3(name, False) && !short_case_preserve)))
+    strnorm(name);
+
+  /*
+   * If we trimmed down to a single '\0' character
+   * then we will be using the "." directory.
+   * As we know this is valid we can return true here.
+   */
+
+  if(!*name)
+    return(True);
+
+  start = name;
+  while (strncmp(start,"./",2) == 0)
+    start += 2;
+
+  pstrcpy(orig_path, name);
+
+  if(stat_cache_lookup(conn, name, dirpath, &start, &st)) {
+    *pst = st;
+    return True;
+  }
+
+  /* 
+   * stat the name - if it exists then we are all done!
+   */
+
+/* ZZZ: stat1 */  if (vfs_stat(conn,name,&st) == 0) {
+    stat_cache_add(orig_path, name);
+    DEBUG(5,("conversion finished %s -> %s\n",orig_path, name));
+    *pst = st;
+    return(True);
+  }
+
+  DEBUG(5,("unix_convert begin: name = %s, dirpath = %s, start = %s\n",
+        name, dirpath, start));
+
+  /* 
+   * A special case - if we don't have any mangling chars and are case
+   * sensitive then searching won't help.
+   */
+
+  if (case_sensitive && !mangle_is_mangled(name) && 
+      !lp_strip_dot() && !use_mangled_map)
+    return(False);
+
+  name_has_wildcard = ms_has_wild(start);
+
+  /* 
+   * is_mangled() was changed to look at an entire pathname, not 
+   * just a component. JRA.
+   */
+
+  if (mangle_is_mangled(start))
+    component_was_mangled = True;
+
+  /* 
+   * Now we need to recursively match the name against the real 
+   * directory structure.
+   */
+
+  /* 
+   * Match each part of the path name separately, trying the names
+   * as is first, then trying to scan the directory for matching names.
+   */
+
+  for (; start ; start = (end?end+1:(char *)NULL)) {
+      /* 
+       * Pinpoint the end of this section of the filename.
+       */
+      end = strchr_m(start, '/');
+
+      /* 
+       * Chop the name at this point.
+       */
+      if (end) 
+        *end = 0;
+
+      if(saved_last_component != 0)
+        pstrcpy(saved_last_component, end ? end + 1 : start);
+
+      /* 
+       * Check if the name exists up to this point.
+       */
+
+      if (vfs_stat(conn,name, &st) == 0) {
+        /*
+         * It exists. it must either be a directory or this must be
+         * the last part of the path for it to be OK.
+         */
+        if (end && !(st.st_mode & S_IFDIR)) {
+          /*
+           * An intermediate part of the name isn't a directory.
+            */
+          DEBUG(5,("Not a dir %s\n",start));
+          *end = '/';
+          return(False);
+        }
+
+      } else {
+        pstring rest;
+
+        /* Stat failed - ensure we don't use it. */
+        ZERO_STRUCT(st);
+        *rest = 0;
+
+        /*
+         * Remember the rest of the pathname so it can be restored
+         * later.
+         */
+
+        if (end)
+          pstrcpy(rest,end+1);
+
+        /*
+         * Try to find this part of the path in the directory.
+         */
+
+        if (ms_has_wild(start) || !scan_directory(dirpath, start, conn, end?True:False)) {
+          if (end) {
+            /*
+             * An intermediate part of the name can't be found.
+             */
+            DEBUG(5,("Intermediate not found %s\n",start));
+            *end = '/';
+
+            /* 
+             * We need to return the fact that the intermediate
+             * name resolution failed. This is used to return an
+             * error of ERRbadpath rather than ERRbadfile. Some
+             * Windows applications depend on the difference between
+             * these two errors.
+             */
+            *bad_path = True;
+            return(False);
+          }
+	      
+          /* 
+           * Just the last part of the name doesn't exist.
+           * We may need to strupper() or strlower() it in case
+           * this conversion is being used for file creation 
+           * purposes. If the filename is of mixed case then 
+           * don't normalise it.
+           */
+
+          if (!case_preserve && (!strhasupper(start) || !strhaslower(start)))		
+            strnorm(start);
+
+          /*
+           * check on the mangled stack to see if we can recover the 
+           * base of the filename.
+           */
+
+          if (mangle_is_mangled(start)) {
+		  mangle_check_cache( start );
+          }
+
+          DEBUG(5,("New file %s\n",start));
+          return(True); 
+        }
+
+      /* 
+       * Restore the rest of the string. If the string was mangled the size
+       * may have changed.
+       */
+      if (end) {
+        end = start + strlen(start);
+        pstrcat(start,"/");
+        pstrcat(start,rest);
+        *end = '\0';
+      }
+    } /* end else */
+
+    /* 
+     * Add to the dirpath that we have resolved so far.
+     */
+    if (*dirpath)
+      pstrcat(dirpath,"/");
+
+    pstrcat(dirpath,start);
+
+    /*
+     * Don't cache a name with mangled or wildcard components
+     * as this can change the size.
+     */
+
+    if(!component_was_mangled && !name_has_wildcard)
+      stat_cache_add(orig_path, dirpath);
+
+    /* 
+     * Restore the / that we wiped out earlier.
+     */
+    if (end)
+      *end = '/';
+  }
+  
+  /*
+   * Don't cache a name with mangled or wildcard components
+   * as this can change the size.
+   */
+
+  if(!component_was_mangled && !name_has_wildcard)
+    stat_cache_add(orig_path, name);
+
+  /*
+   * If we ended up resolving the entire path then return a valid
+   * stat struct if we got one.
+   */
+
+  if (VALID_STAT(st) && (strlen(orig_path) == strlen(name)))
+    *pst = st;
+
+  /* 
+   * The name has been resolved.
+   */
+
+  DEBUG(5,("conversion finished %s -> %s\n",orig_path, name));
+  return(True);
+}
+
+
+/****************************************************************************
+check a filename - possibly caling reducename
+
+This is called by every routine before it allows an operation on a filename.
+It does any final confirmation necessary to ensure that the filename is
+a valid one for the user to access.
+****************************************************************************/
+BOOL check_name(char *name,connection_struct *conn)
+{
+  BOOL ret;
+
+  errno = 0;
+
+  if (IS_VETO_PATH(conn, name))  {
+	  DEBUG(5,("file path name %s vetoed\n",name));
+	  return(0);
+  }
+
+  ret = reduce_name(conn,name,conn->connectpath,lp_widelinks(SNUM(conn)));
+
+  /* Check if we are allowing users to follow symlinks */
+  /* Patch from David Clerc <David.Clerc@cui.unige.ch>
+     University of Geneva */
+
+#ifdef S_ISLNK
+  if (!lp_symlinks(SNUM(conn))) {
+      SMB_STRUCT_STAT statbuf;
+      if ( (conn->vfs_ops.lstat(conn,name,&statbuf) != -1) &&
+                (S_ISLNK(statbuf.st_mode)) ) {
+          DEBUG(3,("check_name: denied: file path name %s is a symlink\n",name));
+          ret=0; 
+      }
+    }
+#endif
+
+  if (!ret)
+    DEBUG(5,("check_name on %s failed\n",name));
+
+  return(ret);
+}
+
+
+/****************************************************************************
+scan a directory to find a filename, matching without case sensitivity
+
+If the name looks like a mangled name then try via the mangling functions
+****************************************************************************/
+static BOOL scan_directory(char *path, char *name,connection_struct *conn,BOOL docache)
+{
+  void *cur_dir;
+  char *dname;
+  BOOL mangled;
+  pstring name2;
+
+  mangled = mangle_is_mangled(name);
+
+  /* handle null paths */
+  if (*path == 0)
+    path = ".";
+
+  if (docache && (dname = DirCacheCheck(path,name,SNUM(conn)))) {
+    pstrcpy(name, dname);	
+    return(True);
+  }      
+
+  /*
+   * The incoming name can be mangled, and if we de-mangle it
+   * here it will not compare correctly against the filename (name2)
+   * read from the directory and then mangled by the mangle_map()
+   * call. We need to mangle both names or neither.
+   * (JRA).
+   */
+  if (mangled)
+    mangled = !mangle_check_cache( name );
+
+  /* open the directory */
+  if (!(cur_dir = OpenDir(conn, path, True))) {
+      DEBUG(3,("scan dir didn't open dir [%s]\n",path));
+      return(False);
+  }
+
+  /* now scan for matching names */
+  while ((dname = ReadDirName(cur_dir))) {
+      if (*dname == '.' && (strequal(dname,".") || strequal(dname,"..")))
+        continue;
+
+      pstrcpy(name2,dname);
+      if (!mangle_map(name2,False,True,SNUM(conn)))
+        continue;
+
+      if ((mangled && mangled_equal(name,name2,SNUM(conn))) || fname_equal(name, dname)) {
+        /* we've found the file, change it's name and return */
+        if (docache)
+          DirCacheAdd(path,name,dname,SNUM(conn));
+        pstrcpy(name, dname);
+        CloseDir(cur_dir);
+        return(True);
+    }
+  }
+
+  CloseDir(cur_dir);
+  return(False);
+}
diff --git a/source3/smbd/files.c b/source3/smbd/files.c
new file mode 100644
index 0000000000..c055fb54eb
--- /dev/null
+++ b/source3/smbd/files.c
@@ -0,0 +1,400 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Files[] structure handling
+   Copyright (C) Andrew Tridgell 1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+static int real_max_open_files;
+
+#define VALID_FNUM(fnum)   (((fnum) >= 0) && ((fnum) < real_max_open_files))
+
+#define FILE_HANDLE_OFFSET 0x1000
+
+static struct bitmap *file_bmap;
+
+static files_struct *Files;
+ 
+/* a fsp to use when chaining */
+static files_struct *chain_fsp = NULL;
+/* a fsp to use to save when breaking an oplock. */
+static files_struct *oplock_save_chain_fsp = NULL;
+
+static int files_used;
+
+/****************************************************************************
+ Return a unique number identifying this fsp over the life of this pid.
+****************************************************************************/
+
+static unsigned long get_gen_count(void)
+{
+	static unsigned long file_gen_counter;
+
+	if ((++file_gen_counter) == 0)
+		return ++file_gen_counter;
+	return file_gen_counter;
+}
+
+/****************************************************************************
+ Find first available file slot.
+****************************************************************************/
+
+files_struct *file_new(connection_struct *conn)
+{
+	int i;
+	static int first_file;
+	files_struct *fsp, *next;
+
+	/* we want to give out file handles differently on each new
+	   connection because of a common bug in MS clients where they try to
+	   reuse a file descriptor from an earlier smb connection. This code
+	   increases the chance that the errant client will get an error rather
+	   than causing corruption */
+	if (first_file == 0) {
+		first_file = (sys_getpid() ^ (int)time(NULL)) % real_max_open_files;
+	}
+
+	i = bitmap_find(file_bmap, first_file);
+	if (i == -1) {
+		/* 
+		 * Before we give up, go through the open files 
+		 * and see if there are any files opened with a
+		 * batch oplock. If so break the oplock and then
+		 * re-use that entry (if it becomes closed).
+		 * This may help as NT/95 clients tend to keep
+		 * files batch oplocked for quite a long time
+		 * after they have finished with them.
+		 */
+		for (fsp=Files;fsp;fsp=next) {
+			next=fsp->next;
+			if (attempt_close_oplocked_file(fsp)) {
+				return file_new(conn);
+			}
+		}
+
+		DEBUG(0,("ERROR! Out of file structures\n"));
+		unix_ERR_class = ERRSRV;
+		unix_ERR_code = ERRnofids;
+		return NULL;
+	}
+
+	fsp = (files_struct *)malloc(sizeof(*fsp));
+	if (!fsp) {
+		unix_ERR_class = ERRSRV;
+		unix_ERR_code = ERRnofids;
+		return NULL;
+	}
+
+	ZERO_STRUCTP(fsp);
+	fsp->fd = -1;
+	fsp->conn = conn;
+	fsp->file_id = get_gen_count();
+	GetTimeOfDay(&fsp->open_time);
+
+	first_file = (i+1) % real_max_open_files;
+
+	bitmap_set(file_bmap, i);
+	files_used++;
+
+	fsp->fnum = i + FILE_HANDLE_OFFSET;
+	string_set(&fsp->fsp_name,"");
+	
+	DLIST_ADD(Files, fsp);
+
+	DEBUG(5,("allocated file structure %d, fnum = %d (%d used)\n",
+		 i, fsp->fnum, files_used));
+
+	chain_fsp = fsp;
+	
+	return fsp;
+}
+
+/****************************************************************************
+ Close all open files for a connection.
+****************************************************************************/
+
+void file_close_conn(connection_struct *conn)
+{
+	files_struct *fsp, *next;
+	
+	for (fsp=Files;fsp;fsp=next) {
+		next = fsp->next;
+		if (fsp->conn == conn) {
+			close_file(fsp,False); 
+		}
+	}
+}
+
+/****************************************************************************
+ Initialise file structures.
+****************************************************************************/
+
+#define MAX_OPEN_FUDGEFACTOR 10
+
+void file_init(void)
+{
+	int request_max_open_files = lp_max_open_files();
+	int real_lim;
+
+	/*
+	 * Set the max_open files to be the requested
+	 * max plus a fudgefactor to allow for the extra
+	 * fd's we need such as log files etc...
+	 */
+	real_lim = set_maxfiles(request_max_open_files + MAX_OPEN_FUDGEFACTOR);
+
+	real_max_open_files = real_lim - MAX_OPEN_FUDGEFACTOR;
+
+	if(real_max_open_files != request_max_open_files) {
+		DEBUG(1,("file_init: Information only: requested %d \
+open files, %d are available.\n", request_max_open_files, real_max_open_files));
+	}
+
+	file_bmap = bitmap_allocate(real_max_open_files);
+	
+	if (!file_bmap) {
+		exit_server("out of memory in file_init");
+	}
+	
+	/*
+	 * Ensure that pipe_handle_oppset is set correctly.
+	 */
+	set_pipe_handle_offset(real_max_open_files);
+}
+
+/****************************************************************************
+ Close files open by a specified vuid.
+****************************************************************************/
+
+void file_close_user(int vuid)
+{
+	files_struct *fsp, *next;
+
+	for (fsp=Files;fsp;fsp=next) {
+		next=fsp->next;
+		if (fsp->vuid == vuid) {
+			close_file(fsp,False);
+		}
+	}
+}
+
+/****************************************************************************
+ Find a fsp given a file descriptor.
+****************************************************************************/
+
+files_struct *file_find_fd(int fd)
+{
+	int count=0;
+	files_struct *fsp;
+
+	for (fsp=Files;fsp;fsp=fsp->next,count++) {
+		if (fsp->fd == fd) {
+			if (count > 10) {
+				DLIST_PROMOTE(Files, fsp);
+			}
+			return fsp;
+		}
+	}
+
+	return NULL;
+}
+
+/****************************************************************************
+ Find a fsp given a device, inode and file_id.
+****************************************************************************/
+
+files_struct *file_find_dif(SMB_DEV_T dev, SMB_INO_T inode, unsigned long file_id)
+{
+	int count=0;
+	files_struct *fsp;
+
+	for (fsp=Files;fsp;fsp=fsp->next,count++) {
+		if (fsp->fd != -1 &&
+		    fsp->dev == dev && 
+		    fsp->inode == inode &&
+		    fsp->file_id == file_id ) {
+			if (count > 10) {
+				DLIST_PROMOTE(Files, fsp);
+			}
+			return fsp;
+		}
+	}
+
+	return NULL;
+}
+
+/****************************************************************************
+ Check if an fsp still exists.
+****************************************************************************/
+
+files_struct *file_find_fsp(files_struct *orig_fsp)
+{
+	files_struct *fsp;
+
+    for (fsp=Files;fsp;fsp=fsp->next) {
+        if (fsp == orig_fsp)
+            return fsp;
+    }
+
+    return NULL;
+}
+
+/****************************************************************************
+ Find the first fsp given a device and inode.
+****************************************************************************/
+
+files_struct *file_find_di_first(SMB_DEV_T dev, SMB_INO_T inode)
+{
+    files_struct *fsp;
+
+    for (fsp=Files;fsp;fsp=fsp->next) {
+        if ( fsp->fd != -1 &&
+            fsp->dev == dev &&
+            fsp->inode == inode )
+            return fsp;
+    }
+
+    return NULL;
+}
+
+/****************************************************************************
+ Find the next fsp having the same device and inode.
+****************************************************************************/
+
+files_struct *file_find_di_next(files_struct *start_fsp)
+{
+    files_struct *fsp;
+
+    for (fsp = start_fsp->next;fsp;fsp=fsp->next) {
+        if ( fsp->fd != -1 &&
+            fsp->dev == start_fsp->dev &&
+            fsp->inode == start_fsp->inode )
+            return fsp;
+    }
+
+    return NULL;
+}
+
+/****************************************************************************
+ Find a fsp that is open for printing.
+****************************************************************************/
+
+files_struct *file_find_print(void)
+{
+	files_struct *fsp;
+
+	for (fsp=Files;fsp;fsp=fsp->next) {
+		if (fsp->print_file) return fsp;
+	} 
+
+	return NULL;
+}
+
+/****************************************************************************
+ Sync open files on a connection.
+****************************************************************************/
+
+void file_sync_all(connection_struct *conn)
+{
+	files_struct *fsp, *next;
+
+	for (fsp=Files;fsp;fsp=next) {
+		next=fsp->next;
+		if ((conn == fsp->conn) && (fsp->fd != -1)) {
+			sync_file(conn,fsp);
+		}
+	}
+}
+
+/****************************************************************************
+ Free up a fsp.
+****************************************************************************/
+
+void file_free(files_struct *fsp)
+{
+	DLIST_REMOVE(Files, fsp);
+
+	string_free(&fsp->fsp_name);
+
+	bitmap_clear(file_bmap, fsp->fnum - FILE_HANDLE_OFFSET);
+	files_used--;
+
+	DEBUG(5,("freed files structure %d (%d used)\n",
+		 fsp->fnum, files_used));
+
+	/* this is paranoia, just in case someone tries to reuse the 
+	   information */
+	ZERO_STRUCTP(fsp);
+
+	if (fsp == chain_fsp) chain_fsp = NULL;
+
+	SAFE_FREE(fsp);
+}
+
+/****************************************************************************
+ Get a fsp from a packet given the offset of a 16 bit fnum.
+****************************************************************************/
+
+files_struct *file_fsp(char *buf, int where)
+{
+	int fnum, count=0;
+	files_struct *fsp;
+
+	if (chain_fsp)
+		return chain_fsp;
+
+	fnum = SVAL(buf, where);
+
+	for (fsp=Files;fsp;fsp=fsp->next, count++) {
+		if (fsp->fnum == fnum) {
+			chain_fsp = fsp;
+			if (count > 10) {
+				DLIST_PROMOTE(Files, fsp);
+			}
+			return fsp;
+		}
+	}
+	return NULL;
+}
+
+/****************************************************************************
+ Reset the chained fsp - done at the start of a packet reply.
+****************************************************************************/
+
+void file_chain_reset(void)
+{
+	chain_fsp = NULL;
+}
+
+/****************************************************************************
+Save the chained fsp - done when about to do an oplock break.
+****************************************************************************/
+
+void file_chain_save(void)
+{
+	oplock_save_chain_fsp = chain_fsp;
+}
+
+/****************************************************************************
+Restore the chained fsp - done after an oplock break.
+****************************************************************************/
+
+void file_chain_restore(void)
+{
+	chain_fsp = oplock_save_chain_fsp;
+}
diff --git a/source3/smbd/groupname.c b/source3/smbd/groupname.c
new file mode 100644
index 0000000000..812488571a
--- /dev/null
+++ b/source3/smbd/groupname.c
@@ -0,0 +1,238 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Groupname handling
+   Copyright (C) Jeremy Allison 1998.
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifdef USING_GROUPNAME_MAP
+
+#include "includes.h"
+extern DOM_SID global_sam_sid;
+
+/**************************************************************************
+ Groupname map functionality. The code loads a groupname map file and
+ (currently) loads it into a linked list. This is slow and memory
+ hungry, but can be changed into a more efficient storage format
+ if the demands on it become excessive.
+***************************************************************************/
+
+typedef struct groupname_map {
+   ubi_slNode next;
+
+   char *windows_name;
+   DOM_SID windows_sid;
+   char *unix_name;
+   gid_t unix_gid;
+} groupname_map_entry;
+
+static ubi_slList groupname_map_list;
+
+/**************************************************************************
+ Delete all the entries in the groupname map list.
+***************************************************************************/
+
+static void delete_groupname_map_list(void)
+{
+  groupname_map_entry *gmep;
+
+  while((gmep = (groupname_map_entry *)ubi_slRemHead( &groupname_map_list )) != NULL) {
+    SAFE_FREE(gmep->windows_name);
+    SAFE_FREE(gmep->unix_name);
+    SAFE_FREE(gmep);
+  }
+}
+
+/**************************************************************************
+ Load a groupname map file. Sets last accessed timestamp.
+***************************************************************************/
+
+void load_groupname_map(void)
+{
+  static time_t groupmap_file_last_modified = (time_t)0;
+  static BOOL initialized = False;
+  char *groupname_map_file = lp_groupname_map();
+  SMB_STRUCT_STAT st;
+  char **lines;
+  int i;
+  groupname_map_entry *new_ep;
+
+  if(!initialized) {
+    ubi_slInitList( &groupname_map_list );
+    initialized = True;
+  }
+
+  if (!*groupname_map_file)
+    return;
+
+  if(sys_stat(groupname_map_file, &st) != 0) {
+    DEBUG(0, ("load_groupname_map: Unable to stat file %s. Error was %s\n",
+               groupname_map_file, strerror(errno) ));
+    return;
+  }
+
+  /*
+   * Check if file has changed.
+   */
+  if( st.st_mtime <= groupmap_file_last_modified)
+    return;
+
+  groupmap_file_last_modified = st.st_mtime;
+
+  /*
+   * Load the file.
+   */
+
+  lines = file_lines_load(groupname_map_file,NULL,False);
+  if (!lines) {
+    DEBUG(0,("load_groupname_map: can't open groupname map %s. Error was %s\n",
+          groupname_map_file, strerror(errno)));
+    return;
+  }
+  file_lines_slashcont(lines);
+
+  /*
+   * Throw away any previous list.
+   */
+  delete_groupname_map_list();
+
+  DEBUG(4,("load_groupname_map: Scanning groupname map %s\n",groupname_map_file));
+
+  for (i=0; lines[i]; i++) {
+    pstring unixname;
+    pstring windows_name;
+    gid_t gid;
+    DOM_SID tmp_sid;
+    char *s = lines[i];
+
+    DEBUG(10,("load_groupname_map: Read line |%s|\n", s));
+
+    if (!*s || strchr_m("#;",*s))
+      continue;
+
+    if(!next_token(&s,unixname, "\t\n\r=", sizeof(unixname)))
+      continue;
+
+    if(!next_token(&s,windows_name, "\t\n\r=", sizeof(windows_name)))
+      continue;
+
+    trim_string(unixname, " ", " ");
+    trim_string(windows_name, " ", " ");
+
+    if (!*windows_name)
+      continue;
+
+    if(!*unixname)
+      continue;
+
+    DEBUG(5,("load_groupname_map: unixname = %s, windowsname = %s.\n",
+             unixname, windows_name));
+
+    /*
+     * Attempt to get the unix gid_t for this name.
+     */
+
+	if ((gid = nametogid(unixname)) == (gid_t)-1)
+      DEBUG(0,("load_groupname_map: nametogid for group %s failed.\
+Error was %s.\n", unixname, strerror(errno) ));
+      continue;
+    }
+
+    /*
+     * Now map to an NT SID.
+     */
+
+    if(!lookup_wellknown_sid_from_name(windows_name, &tmp_sid)) {
+      /*
+       * It's not a well known name, convert the UNIX gid_t
+       * to a rid within this domain SID.
+       */
+      tmp_sid = global_sam_sid;
+      tmp_sid.sub_auths[tmp_sid.num_auths++] = 
+                    pdb_gid_to_group_rid(gid);
+    }
+
+    /*
+     * Create the list entry and add it onto the list.
+     */
+
+    if((new_ep = (groupname_map_entry *)malloc( sizeof(groupname_map_entry) ))== NULL) {
+      DEBUG(0,("load_groupname_map: malloc fail for groupname_map_entry.\n"));
+      fclose(fp);
+      return;
+    } 
+
+    new_ep->unix_gid = gid;
+    new_ep->windows_sid = tmp_sid;
+    new_ep->windows_name = strdup( windows_name );
+    new_ep->unix_name = strdup( unixname );
+
+    if(new_ep->windows_name == NULL || new_ep->unix_name == NULL) {
+      DEBUG(0,("load_groupname_map: malloc fail for names in groupname_map_entry.\n"));
+      fclose(fp);
+      SAFE_FREE(new_ep->windows_name);
+      SAFE_FREE(new_ep->unix_name);
+      SAFE_FREE(new_ep);
+      file_lines_free(lines);
+      return;
+    }
+    memset((char *)&new_ep->next, '\0', sizeof(new_ep->next) );
+
+    ubi_slAddHead( &groupname_map_list, (ubi_slNode *)new_ep);
+  }
+
+  DEBUG(10,("load_groupname_map: Added %ld entries to groupname map.\n",
+	    ubi_slCount(&groupname_map_list)));
+           
+  file_lines_free(lines);
+}
+
+/***********************************************************
+ Lookup a SID entry by gid_t.
+************************************************************/
+
+void map_gid_to_sid( gid_t gid, DOM_SID *psid)
+{
+  groupname_map_entry *gmep;
+
+  /*
+   * Initialize and load if not already loaded.
+   */
+  load_groupname_map();
+
+  for( gmep = (groupname_map_entry *)ubi_slFirst( &groupname_map_list);
+       gmep; gmep = (groupname_map_entry *)ubi_slNext( gmep )) {
+
+    if( gmep->unix_gid == gid) {
+      *psid = gmep->windows_sid;
+      DEBUG(7,("map_gid_to_sid: Mapping unix group %s to windows group %s.\n",
+               gmep->unix_name, gmep->windows_name ));
+      return;
+    }
+  }
+
+  /*
+   * If there's no map, convert the UNIX gid_t
+   * to a rid within this domain SID.
+   */
+  *psid = global_sam_sid;
+  psid->sub_auths[psid->num_auths++] = pdb_gid_to_group_rid(gid);
+
+  return;
+}
+#else /* USING_GROUPNAME_MAP */
+ void load_groupname_map(void) {;}
+#endif /* USING_GROUPNAME_MAP */
diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c
index 8852e57e8b..c2f3b7b2f0 100644
--- a/source3/smbd/ipc.c
+++ b/source3/smbd/ipc.c
@@ -1,8 +1,10 @@
 /* 
-   Unix SMB/Netbios implementation.
-   Version 1.9.
+   Unix SMB/CIFS implementation.
    Inter-process communication and named pipe handling
-   Copyright (C) Andrew Tridgell 1992-1995
+   Copyright (C) Andrew Tridgell 1992-1998
+
+   SMB Version handling
+   Copyright (C) John H Terpstra 1995-1998
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -24,2756 +26,495 @@
    */
 
 #include "includes.h"
-#include "loadparm.h"
-#include "pcap.h"
-
-#ifdef CHECK_TYPES
-#undef CHECK_TYPES
-#endif
-#define CHECK_TYPES 0
 
-extern int DEBUGLEVEL;
-extern int maxxmit;
-extern files_struct Files[];
-extern connection_struct Connections[];
+extern int max_send;
 
 extern fstring local_machine;
 
-#define NERR_Success 0
-#define NERR_badpass 86
 #define NERR_notsupported 50
 
-#define NERR_BASE (2100)
-#define NERR_BufTooSmall (NERR_BASE+23)
-#define NERR_JobNotFound (NERR_BASE+51)
-#define NERR_DestNotFound (NERR_BASE+52)
-#define ERROR_INVALID_LEVEL 124
-#define ERROR_MORE_DATA 234
-
-#define REALLOC(ptr,size) Realloc(ptr,MAX((size),4*1024))
-
-#define ACCESS_READ 0x01
-#define ACCESS_WRITE 0x02
-#define ACCESS_CREATE 0x04
-
-#define SHPWLEN 8		/* share password length */
-#define NNLEN 12		/* 8.3 net name length */
-#define SNLEN 15		/* service name length */
-#define QNLEN 12		/* queue name maximum length */
-
-extern int Client;
-
-static int CopyExpanded(int cnum, int snum, char** dst, char* src, int* n)
-{
-  pstring buf;
-  int l;
-
-  if (!src || !dst || !n || !(*dst)) return(0);
-
-  StrnCpy(buf,src,sizeof(buf)/2);
-  string_sub(buf,"%S",lp_servicename(snum));
-  standard_sub(cnum,buf);
-  StrnCpy(*dst,buf,*n);
-  l = strlen(*dst) + 1;
-  (*dst) += l;
-  (*n) -= l;
-  return l;
-}
-
-static int CopyAndAdvance(char** dst, char* src, int* n)
-{
-  int l;
-  if (!src || !dst || !n || !(*dst)) return(0);
-  StrnCpy(*dst,src,*n);
-  l = strlen(*dst) + 1;
-  (*dst) += l;
-  (*n) -= l;
-  return l;
-}
-
-static int StrlenExpanded(int cnum, int snum, char* s)
-{
-  pstring buf;
-  if (!s) return(0);
-  StrnCpy(buf,s,sizeof(buf)/2);
-  string_sub(buf,"%S",lp_servicename(snum));
-  standard_sub(cnum,buf);
-  return strlen(buf) + 1;
-}
-
-static char* Expand(int cnum, int snum, char* s)
-{
-  static pstring buf;
-  if (!s) return(NULL);
-  StrnCpy(buf,s,sizeof(buf)/2);
-  string_sub(buf,"%S",lp_servicename(snum));
-  standard_sub(cnum,buf);
-  return &buf[0];
-}
+extern int smb_read_error;
 
 /*******************************************************************
-  check a API string for validity when we only need to check the prefix
-  ******************************************************************/
-static BOOL prefix_ok(char *str,char *prefix)
-{
-  return(strncmp(str,prefix,strlen(prefix)) == 0);
-}
+ copies parameters and data, as needed, into the smb buffer
 
+ *both* the data and params sections should be aligned.  this
+ is fudged in the rpc pipes by 
+ at present, only the data section is.  this may be a possible
+ cause of some of the ipc problems being experienced.  lkcl26dec97
 
-/****************************************************************************
-  send a trans reply
-  ****************************************************************************/
-static void send_trans_reply(char *outbuf,char *data,char *param,uint16 *setup,
-			     int ldata,int lparam,int lsetup)
-{
-  int i;
-  int this_ldata,this_lparam;
-  int tot_data=0,tot_param=0;
-  int align;
-
-  this_lparam = MIN(lparam,maxxmit - (500+lsetup*SIZEOFWORD)); /* hack */
-  this_ldata = MIN(ldata,maxxmit - (500+lsetup*SIZEOFWORD+this_lparam));
-
-  align = (this_lparam%4);
-
-  set_message(outbuf,10+lsetup,align+this_ldata+this_lparam,True);
-  if (this_lparam)
-    memcpy(smb_buf(outbuf),param,this_lparam);
-  if (this_ldata)
-    memcpy(smb_buf(outbuf)+this_lparam+align,data,this_ldata);
-
-  SSVAL(outbuf,smb_vwv0,lparam);
-  SSVAL(outbuf,smb_vwv1,ldata);
-  SSVAL(outbuf,smb_vwv3,this_lparam);
-  SSVAL(outbuf,smb_vwv4,smb_offset(smb_buf(outbuf),outbuf));
-  SSVAL(outbuf,smb_vwv5,0);
-  SSVAL(outbuf,smb_vwv6,this_ldata);
-  SSVAL(outbuf,smb_vwv7,smb_offset(smb_buf(outbuf)+this_lparam+align,outbuf));
-  SSVAL(outbuf,smb_vwv8,0);
-  SSVAL(outbuf,smb_vwv9,lsetup);
-  for (i=0;i<lsetup;i++)
-    SSVAL(outbuf,smb_vwv10+i*SIZEOFWORD,setup[i]);
-
-  show_msg(outbuf);
-  send_smb(Client,outbuf);
-
-  tot_data = this_ldata;
-  tot_param = this_lparam;
-
-  while (tot_data < ldata || tot_param < lparam)
-    {
-      this_lparam = MIN(lparam-tot_param,maxxmit - 500); /* hack */
-      this_ldata = MIN(ldata-tot_data,maxxmit - (500+this_lparam));
-
-      align = (this_lparam%4);
-
-      set_message(outbuf,10,this_ldata+this_lparam+align,False);
-      if (this_lparam)
-	memcpy(smb_buf(outbuf),param+tot_param,this_lparam);
-      if (this_ldata)
-	memcpy(smb_buf(outbuf)+this_lparam+align,data+tot_data,this_ldata);
-
-      SSVAL(outbuf,smb_vwv3,this_lparam);
-      SSVAL(outbuf,smb_vwv4,smb_offset(smb_buf(outbuf),outbuf));
-      SSVAL(outbuf,smb_vwv5,tot_param);
-      SSVAL(outbuf,smb_vwv6,this_ldata);
-      SSVAL(outbuf,smb_vwv7,smb_offset(smb_buf(outbuf)+this_lparam+align,outbuf));
-      SSVAL(outbuf,smb_vwv8,tot_data);
-      SSVAL(outbuf,smb_vwv9,0);
-
-      show_msg(outbuf);
-      send_smb(Client,outbuf);
-
-      tot_data += this_ldata;
-      tot_param += this_lparam;
-    }
-}
-
+ ******************************************************************/
 
-
-/****************************************************************************
-  get a print queue
-  ****************************************************************************/
-
-struct pack_desc {
-  char* format;	    /* formatstring for structure */
-  char* subformat;  /* subformat for structure */
-  char* base;	    /* baseaddress of buffer */
-  int buflen;	   /* remaining size for fixed part; on init: length of base */
-  int subcount;	    /* count of substructures */
-  char* structbuf;  /* pointer into buffer for remaining fixed part */
-  int stringlen;    /* remaining size for variable part */		
-  char* stringbuf;  /* pointer into buffer for remaining variable part */
-  int neededlen;    /* total needed size */
-  int usedlen;	    /* total used size (usedlen <= neededlen and usedlen <= buflen) */
-  char* curpos;	    /* current position; pointer into format or subformat */
-  int errcode;
-};
-
-static int get_counter(char** p)
+static void copy_trans_params_and_data(char *outbuf, int align,
+				char *rparam, int param_offset, int param_len,
+				char *rdata, int data_offset, int data_len)
 {
-  int i, n;
-  if (!p || !(*p)) return(1);
-  if (!isdigit(**p)) return 1;
-  for (n = 0;;) {
-    i = **p;
-    if (isdigit(i))
-      n = 10 * n + (i - '0');
-    else
-      return n;
-    (*p)++;
-  }
-}
+	char *copy_into = smb_buf(outbuf)+1;
 
-static int getlen(char* p)
-{
-  int n = 0;
-  if (!p) return(0);
-  while (*p) {
-    switch( *p++ ) {
-    case 'W':			/* word (2 byte) */
-      n += 2;
-      break;
-    case 'N':			/* count of substructures (word) at end */
-      n += 2;
-      break;
-    case 'D':			/* double word (4 byte) */
-    case 'z':			/* offset to zero terminated string (4 byte) */
-    case 'l':			/* offset to user data (4 byte) */
-      n += 4;
-      break;
-    case 'b':			/* offset to data (with counter) (4 byte) */
-      n += 4;
-      get_counter(&p);
-      break;
-    case 'B':			/* byte (with optional counter) */
-      n += get_counter(&p);
-      break;
-    }
-  }
-  return n;
-}
+	if(param_len < 0)
+		param_len = 0;
 
-static BOOL init_package(struct pack_desc* p, int count, int subcount)
-{
-  int n = p->buflen;
-  int i;
-
-  if (!p->format || !p->base) return(False);
-
-  i = count * getlen(p->format);
-  if (p->subformat) i += subcount * getlen(p->subformat);
-  p->structbuf = p->base;
-  p->neededlen = 0;
-  p->usedlen = 0;
-  p->subcount = 0;
-  p->curpos = p->format;
-  if (i > n) {
-    i = n = 0;
-    p->errcode = NERR_BufTooSmall;
-  }
-
-  p->errcode = NERR_Success;
-  p->buflen = i;
-  n -= i;
-  p->stringbuf = p->base + i;
-  p->stringlen = n;
-  return(p->errcode == NERR_Success);
-}
-
-#ifdef __STDC__
-static int package(struct pack_desc* p, ...)
-{
-#else
-static int package(va_alist)
-va_dcl
-{
-  struct pack_desc* p;
-#endif
-  va_list args;
-  int needed=0, stringneeded;
-  char* str=NULL;
-  int is_string=0, stringused;
-  int32 temp;
-
-#ifdef __STDC__
-  va_start(args,p);
-#else
-  va_start(args);
-  p = va_arg(args,struct pack_desc *);
-#endif
-
-  if (!*p->curpos) {
-    if (!p->subcount)
-      p->curpos = p->format;
-    else {
-      p->curpos = p->subformat;
-      p->subcount--;
-    }
-  }
-#if CHECK_TYPES
-  str = va_arg(args,char*);
-  if (strncmp(str,p->curpos,strlen(str)) != 0) {
-    DEBUG(2,("type error in package: %s instead of %*s\n",str,
- 	     strlen(str),p->curpos));
-    va_end(args);
-#if AJT
-    ajt_panic();
-#endif  
-    return 0;
-  }
-#endif
-  stringneeded = -1;
-
-  if (!p->curpos) return(0);
-
-  switch( *p->curpos++ ) {
-  case 'W':			/* word (2 byte) */
-    needed = 2;
-    temp = va_arg(args,int);
-    if (p->buflen >= needed) SSVAL(p->structbuf,0,temp);
-    break;
-  case 'N':			/* count of substructures (word) at end */
-    needed = 2;
-    p->subcount = va_arg(args,int);
-    if (p->buflen >= needed) SSVAL(p->structbuf,0,p->subcount);
-    break;
-  case 'D':			/* double word (4 byte) */
-    needed = 4;
-    temp = va_arg(args,int);
-    if (p->buflen >= needed) SIVAL(p->structbuf,0,temp);
-    break;
-  case 'B':			/* byte (with optional counter) */
-    needed = get_counter(&p->curpos);
-    {
-      char *s = va_arg(args,char*);
-      if (p->buflen >= needed) StrnCpy(p->structbuf,s?s:"",needed);
-    }
-    break;
-  case 'z':			/* offset to zero terminated string (4 byte) */
-    str = va_arg(args,char*);
-    stringneeded = (str ? strlen(str)+1 : 0);
-    is_string = 1;
-    break;
-  case 'l':			/* offset to user data (4 byte) */
-    str = va_arg(args,char*);
-    stringneeded = va_arg(args,int);
-    is_string = 0;
-    break;
-  case 'b':			/* offset to data (with counter) (4 byte) */
-    str = va_arg(args,char*);
-    stringneeded = get_counter(&p->curpos);
-    is_string = 0;
-    break;
-  }
-  va_end(args);
-  if (stringneeded >= 0) {
-    needed = 4;
-    if (p->buflen >= needed) {
-      stringused = stringneeded;
-      if (stringused > p->stringlen) {
-	stringused = (is_string ? p->stringlen : 0);
-	if (p->errcode == NERR_Success) p->errcode = ERROR_MORE_DATA;
-      }
-      if (!stringused)
-	SIVAL(p->structbuf,0,0);
-      else {
-	SIVAL(p->structbuf,0,PTR_DIFF(p->stringbuf,p->base));
-	memcpy(p->stringbuf,str?str:"",stringused);
-	if (is_string) p->stringbuf[stringused-1] = '\0';
-	p->stringbuf += stringused;
-	p->stringlen -= stringused;
-	p->usedlen += stringused;
-      }
-    }
-    p->neededlen += stringneeded;
-  }
-  p->neededlen += needed;
-  if (p->buflen >= needed) {
-    p->structbuf += needed;
-    p->buflen -= needed;
-    p->usedlen += needed;
-  }
-  else {
-    if (p->errcode == NERR_Success) p->errcode = NERR_BufTooSmall;
-  }
-  return 1;
-}
+	if(data_len < 0)
+		data_len = 0;
 
-#if CHECK_TYPES
-#define PACK(desc,t,v) package(desc,t,v,0,0,0,0)
-#define PACKl(desc,t,v,l) package(desc,t,v,l,0,0,0,0)
-#else
-#define PACK(desc,t,v) package(desc,v)
-#define PACKl(desc,t,v,l) package(desc,v,l)
-#endif
+	DEBUG(5,("copy_trans_params_and_data: params[%d..%d] data[%d..%d]\n",
+			param_offset, param_offset + param_len,
+			data_offset , data_offset  + data_len));
 
-static void PACKI(struct pack_desc* desc,char *t,int v)
-{
-  PACK(desc,t,v);
-}
+	if (param_len)
+		memcpy(copy_into, &rparam[param_offset], param_len);
 
-static void PACKS(struct pack_desc* desc,char *t,char *v)
-{
-  PACK(desc,t,v);
-}
+	copy_into += param_len + align;
 
-static void PackDriverData(struct pack_desc* desc)
-{
-  char drivdata[4+4+32];
-  SIVAL(drivdata,0,sizeof drivdata); /* cb */
-  SIVAL(drivdata,4,1000);	/* lVersion */
-  memset(drivdata+8,0,32);	/* szDeviceName */
-  strcpy(drivdata+8,"NULL");
-  PACKl(desc,"l",drivdata,sizeof drivdata); /* pDriverData */
+	if (data_len )
+		memcpy(copy_into, &rdata[data_offset], data_len);
 }
 
-static int check_printq_info(struct pack_desc* desc,
- 			     int uLevel, const char* id1, const char* id2)
-{
-  desc->subformat = NULL;
-  switch( uLevel ) {
-  case 0:
-    desc->format = "B13";
-    break;
-  case 1:
-    desc->format = "B13BWWWzzzzzWW";
-    break;
-  case 2:
-    desc->format = "B13BWWWzzzzzWN";
-    desc->subformat = "WB21BB16B10zWWzDDz";
-    break;
-  case 3:
-    desc->format = "zWWWWzzzzWWzzl";
-    break;
-  case 4:
-    desc->format = "zWWWWzzzzWNzzl";
-    desc->subformat = "WWzWWDDzz";
-    break;
-  case 5:
-    desc->format = "z";
-    break;
-  default: return False;
-  }
-  if (strcmp(desc->format,id1) != 0) return False;
-  if (desc->subformat && strcmp(desc->subformat,id2) != 0) return False;
-  return True;
-}
-
-static void fill_printjob_info(int cnum, int snum, int uLevel,
-			       struct pack_desc* desc,
-			       print_queue_struct* queue, int n)
-{
-  time_t t = queue->time;
-
-  /* the client expects localtime */
-  t += GMT_TO_LOCAL*TimeDiff(t);
-
-  PACKI(desc,"W",((snum%0xFF)<<8) | (queue->job%0xFF)); /* uJobId */
-  if (uLevel == 1) {
-    PACKS(desc,"B21",queue->user); /* szUserName */
-    PACKS(desc,"B","");		/* pad */
-    PACKS(desc,"B16","");	/* szNotifyName */
-    PACKS(desc,"B10","PM_Q_RAW"); /* szDataType */
-    PACKS(desc,"z","");		/* pszParms */
-    PACKI(desc,"W",n+1);		/* uPosition */
-    PACKI(desc,"W",queue->status); /* fsStatus */
-    PACKS(desc,"z","");		/* pszStatus */
-    PACKI(desc,"D",queue->time); /* ulSubmitted */
-    PACKI(desc,"D",queue->size); /* ulSize */
-    PACKS(desc,"z",queue->file); /* pszComment */
-  }
-  if (uLevel == 2 || uLevel == 3) {
-    PACKI(desc,"W",queue->priority);		/* uPriority */
-    PACKS(desc,"z",queue->user); /* pszUserName */
-    PACKI(desc,"W",n+1);		/* uPosition */
-    PACKI(desc,"W",queue->status); /* fsStatus */
-    PACKI(desc,"D",queue->time); /* ulSubmitted */
-    PACKI(desc,"D",queue->size); /* ulSize */
-    PACKS(desc,"z","Samba");	/* pszComment */
-    PACKS(desc,"z",queue->file); /* pszDocument */
-    if (uLevel == 3) {
-      PACKS(desc,"z","");	/* pszNotifyName */
-      PACKS(desc,"z","PM_Q_RAW"); /* pszDataType */
-      PACKS(desc,"z","");	/* pszParms */
-      PACKS(desc,"z","");	/* pszStatus */
-      PACKS(desc,"z",SERVICE(snum)); /* pszQueue */
-      PACKS(desc,"z","lpd");	/* pszQProcName */
-      PACKS(desc,"z","");	/* pszQProcParms */
-      PACKS(desc,"z","NULL"); /* pszDriverName */
-      PackDriverData(desc);	/* pDriverData */
-      PACKS(desc,"z","");	/* pszPrinterName */
-    }
-  }
-}
-
-static void fill_printq_info(int cnum, int snum, int uLevel,
- 			     struct pack_desc* desc,
- 			     int count, print_queue_struct* queue,
- 			     print_status_struct* status)
-{
-  if (uLevel < 3) {
-    PACKS(desc,"B13",SERVICE(snum));
-  } else {
-    PACKS(desc,"z",Expand(cnum,snum,SERVICE(snum)));
-  }
-  if (uLevel == 1 || uLevel == 2) {
-    PACKS(desc,"B","");		/* alignment */
-    PACKI(desc,"W",5);		/* priority */
-    PACKI(desc,"W",0);		/* start time */
-    PACKI(desc,"W",0);		/* until time */
-    PACKS(desc,"z","");		/* pSepFile */
-    PACKS(desc,"z","lpd");	/* pPrProc */
-    PACKS(desc,"z",SERVICE(snum)); /* pDestinations */
-    PACKS(desc,"z","");		/* pParms */
-    if (snum < 0) {
-      PACKS(desc,"z","UNKNOWN PRINTER");
-      PACKI(desc,"W",LPSTAT_ERROR);
-    }
-    else if (!status || !status->message[0]) {
-      PACKS(desc,"z",Expand(cnum,snum,lp_comment(snum)));
-      PACKI(desc,"W",LPSTAT_OK); /* status */
-    } else {
-      PACKS(desc,"z",status->message);
-      PACKI(desc,"W",status->status); /* status */
-    }
-    PACKI(desc,(uLevel == 1 ? "W" : "N"),count);
-  }
-  if (uLevel == 3 || uLevel == 4) {
-    PACKI(desc,"W",5);		/* uPriority */
-    PACKI(desc,"W",0);		/* uStarttime */
-    PACKI(desc,"W",0);		/* uUntiltime */
-    PACKI(desc,"W",5);		/* pad1 */
-    PACKS(desc,"z","");		/* pszSepFile */
-    PACKS(desc,"z","lpd");	/* pszPrProc */
-    PACKS(desc,"z","");		/* pszParms */
-    if (!status || !status->message[0]) {
-      PACKS(desc,"z",Expand(cnum,snum,lp_comment(snum))); /* pszComment */
-      PACKI(desc,"W",LPSTAT_OK); /* fsStatus */
-    } else {
-      PACKS(desc,"z",status->message); /* pszComment */
-      PACKI(desc,"W",status->status); /* fsStatus */
-    }
-    PACKI(desc,(uLevel == 3 ? "W" : "N"),count);	/* cJobs */
-    PACKS(desc,"z",SERVICE(snum)); /* pszPrinters */
-    PACKS(desc,"z","NULL");	/* pszDriverName */
-    PackDriverData(desc);	/* pDriverData */
-  }
-  if (uLevel == 2 || uLevel == 4) {
-    int i;
-    for (i=0;i<count;i++)
-      fill_printjob_info(cnum,snum,uLevel == 2 ? 1 : 2,desc,&queue[i],i);
-  }
- 
-  DEBUG(3,("fill_printq_info on <%s> gave %d entries\n",SERVICE(snum),count));
-}
-
-static BOOL api_DosPrintQGetInfo(int cnum,int uid, char *param,char *data,
-				 int mdrcnt,int mprcnt,
-				 char **rdata,char **rparam,
-				 int *rdata_len,int *rparam_len)
-{
-  char *str1 = param+2;
-  char *str2 = skip_string(str1,1);
-  char *p = skip_string(str2,1);
-  char *QueueName = p;
-  int uLevel,cbBuf;
-  int count=0;
-  int snum;
-  char* str3;
-  struct pack_desc desc;
-  print_queue_struct *queue=NULL;
-  print_status_struct status;
-  
-  bzero(&status,sizeof(status));
-  bzero(&desc,sizeof(desc));
- 
-  p = skip_string(p,1);
-  uLevel = SVAL(p,0);
-  cbBuf = SVAL(p,2);
-  str3 = p + 4;
- 
-  if ((p = strchr(QueueName,'%'))) *p = 0;
- 
-  DEBUG(3,("PrintQueue uLevel=%d name=%s\n",uLevel,QueueName));
- 
-  /* check it's a supported varient */
-  if (!prefix_ok(str1,"zWrLh")) return False;
-  if (!check_printq_info(&desc,uLevel,str2,str3)) return False;
- 
-  snum = lp_servicenumber(QueueName);
-  if (snum < 0 && pcap_printername_ok(QueueName,NULL)) {
-    int pnum = lp_servicenumber(PRINTERS_NAME);
-    if (pnum >= 0) {
-      lp_add_printer(QueueName,pnum);
-      snum = lp_servicenumber(QueueName);
-    }
-  }
-  
-  if (snum < 0 || !VALID_SNUM(snum)) return(False);
-
-  count = get_printqueue(snum,cnum,&queue,&status);
-  if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt);
-  desc.base = *rdata;
-  desc.buflen = mdrcnt;
-  if (init_package(&desc,1,count)) {
-    desc.subcount = count;
-    fill_printq_info(cnum,snum,uLevel,&desc,count,queue,&status);
-  }
-
-  *rdata_len = desc.usedlen;
-  
-  *rparam_len = 6;
-  *rparam = REALLOC(*rparam,*rparam_len);
-  SSVALS(*rparam,0,desc.errcode);
-  SSVAL(*rparam,2,0);
-  SSVAL(*rparam,4,desc.neededlen);
-  
-  DEBUG(4,("printqgetinfo: errorcode %d\n",desc.errcode));
-
-  if (queue) free(queue);
-  
-  return(True);
-}
-
-
 /****************************************************************************
-  view list of all print jobs on all queues
-  ****************************************************************************/
-static BOOL api_DosPrintQEnum(int cnum, int uid, char* param, char* data,
- 			      int mdrcnt, int mprcnt,
- 			      char **rdata, char** rparam,
- 			      int *rdata_len, int *rparam_len)
-{
-  char *param_format = param+2;
-  char *output_format1 = skip_string(param_format,1);
-  char *p = skip_string(output_format1,1);
-  int uLevel = SVAL(p,0);
-  char *output_format2 = p + 4;
-  int services = lp_numservices();
-  int i, n;
-  struct pack_desc desc;
-  print_queue_struct **queue = NULL;
-  print_status_struct *status = NULL;
-  int* subcntarr = NULL;
-  int queuecnt, subcnt=0, succnt=0;
- 
-  bzero(&desc,sizeof(desc));
-
-  DEBUG(3,("DosPrintQEnum uLevel=%d\n",uLevel));
- 
-  if (prefix_ok(param_format,"WrLeh")) return False;
-  if (!check_printq_info(&desc,uLevel,output_format1,output_format2))
-    return False;
-  queuecnt = 0;
-  for (i = 0; i < services; i++)
-    if (lp_snum_ok(i) && lp_print_ok(i) && lp_browseable(i))
-      queuecnt++;
-  if (uLevel > 0) {
-    queue = (print_queue_struct**)malloc(queuecnt*sizeof(print_queue_struct*));
-    memset(queue,0,queuecnt*sizeof(print_queue_struct*));
-    status = (print_status_struct*)malloc(queuecnt*sizeof(print_status_struct));
-    memset(status,0,queuecnt*sizeof(print_status_struct));
-    subcntarr = (int*)malloc(queuecnt*sizeof(int));
-    subcnt = 0;
-    n = 0;
-    for (i = 0; i < services; i++)
-      if (lp_snum_ok(i) && lp_print_ok(i) && lp_browseable(i)) {
- 	subcntarr[n] = get_printqueue(i,cnum,&queue[n],&status[n]);
- 	subcnt += subcntarr[n];
- 	n++;
-      }
-  }
-  if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt);
-  desc.base = *rdata;
-  desc.buflen = mdrcnt;
-
-  if (init_package(&desc,queuecnt,subcnt)) {
-    n = 0;
-    succnt = 0;
-    for (i = 0; i < services; i++)
-      if (lp_snum_ok(i) && lp_print_ok(i) && lp_browseable(i)) {
-	fill_printq_info(cnum,i,uLevel,&desc,subcntarr[n],queue[n],&status[n]);
-	n++;
-	if (desc.errcode == NERR_Success) succnt = n;
-      }
-  }
-
-  if (subcntarr) free(subcntarr);
- 
-  *rdata_len = desc.usedlen;
-  *rparam_len = 8;
-  *rparam = REALLOC(*rparam,*rparam_len);
-  SSVALS(*rparam,0,desc.errcode);
-  SSVAL(*rparam,2,0);
-  SSVAL(*rparam,4,succnt);
-  SSVAL(*rparam,6,queuecnt);
-  
-  for (i = 0; i < queuecnt; i++) {
-    if (queue && queue[i]) free(queue[i]);
-  }
-
-  if (queue) free(queue);
-  if (status) free(status);
-  
-  return True;
-}
+ Send a trans reply.
+ ****************************************************************************/
 
-/****************************************************************************
-  get info level for a server list query
-  ****************************************************************************/
-static BOOL check_server_info(int uLevel, char* id)
+void send_trans_reply(char *outbuf,
+				char *rparam, int rparam_len,
+				char *rdata, int rdata_len,
+				BOOL buffer_too_large)
 {
-  switch( uLevel ) {
-  case 0:
-    if (strcmp(id,"B16") != 0) return False;
-    break;
-  case 1:
-    if (strcmp(id,"B16BBDz") != 0) return False;
-    break;
-  default: 
-    return False;
-  }
-  return True;
-}
+	int this_ldata,this_lparam;
+	int tot_data_sent = 0;
+	int tot_param_sent = 0;
+	int align;
 
-/* used for server information: client, nameserv and ipc */
-struct srv_info_struct
-{
-  fstring name;
-  uint32 type;
-  fstring comment;
-  fstring domain; /* used ONLY in ipc.c NOT namework.c */
-  BOOL server_added; /* used ONLY in ipc.c NOT namework.c */
-};
+	int ldata  = rdata  ? rdata_len : 0;
+	int lparam = rparam ? rparam_len : 0;
 
-/*******************************************************************
-  filter out unwanted server info 
-  ******************************************************************/
-static BOOL filter_server_info(struct srv_info_struct *server, 
-			       char *domain)
-{
-  if (*domain)
-    return(strequal(domain, server->domain));
-  
-  return (True); /* be indiscriminate: get all servers! */
-}
+	if (buffer_too_large)
+		DEBUG(5,("send_trans_reply: buffer %d too large\n", ldata ));
 
-/*******************************************************************
-  find server in the files saved by nmbd. Return True if we find it.
-  ******************************************************************/
-static BOOL find_server(struct srv_info_struct *servers, int num_servers,
-		 char *domain, char *name)
-{
-  int count;
+	this_lparam = MIN(lparam,max_send - 500); /* hack */
+	this_ldata  = MIN(ldata,max_send - (500+this_lparam));
 
-  if (!servers || num_servers == 0) return (False);
+	align = ((this_lparam)%4);
 
-  for (count = 0; count < num_servers; count++)	{
-    struct srv_info_struct *s;
+	if (buffer_too_large) {
+		ERROR_NT(STATUS_BUFFER_OVERFLOW);
+	}
 
-    s = &servers[count];
+	set_message(outbuf,10,1+align+this_ldata+this_lparam,True);
 
-    if (strequal(name, s->name)) {
-      StrnCpy(domain, s->domain, sizeof(pstring)-1);
-      return (True);
-    }
-  }
-  return (False);
-}
+	copy_trans_params_and_data(outbuf, align,
+								rparam, tot_param_sent, this_lparam,
+								rdata, tot_data_sent, this_ldata);
 
+	SSVAL(outbuf,smb_vwv0,lparam);
+	SSVAL(outbuf,smb_vwv1,ldata);
+	SSVAL(outbuf,smb_vwv3,this_lparam);
+	SSVAL(outbuf,smb_vwv4,smb_offset(smb_buf(outbuf)+1,outbuf));
+	SSVAL(outbuf,smb_vwv5,0);
+	SSVAL(outbuf,smb_vwv6,this_ldata);
+	SSVAL(outbuf,smb_vwv7,smb_offset(smb_buf(outbuf)+1+this_lparam+align,outbuf));
+	SSVAL(outbuf,smb_vwv8,0);
+	SSVAL(outbuf,smb_vwv9,0);
 
-/*******************************************************************
-  get server info lists from the files saved by nmbd. Return the
-  number of entries
-  ******************************************************************/
-static int get_server_info(uint32 servertype, 
-			   struct srv_info_struct **servers)
-{
-  FILE *f;
-  pstring fname;
-  int count=0;
-  int alloced=0;
-  pstring line;
-
-  strcpy(fname,lp_lockdir());
-  trim_string(fname,NULL,"/");
-  strcat(fname,"/");
-  strcat(fname,SERVER_LIST);
-
-  f = fopen(fname,"r");
-
-  if (!f) {
-    DEBUG(4,("Can't open %s - %s\n",fname,strerror(errno)));
-    return(0);
-  }
-  if (servertype == SV_TYPE_ALL) servertype &= ~SV_TYPE_DOMAIN_ENUM;
-
-  while (!feof(f))
-  {
-    fstring stype;
-    struct srv_info_struct *s;
-    char *ptr = line;
-    *ptr = 0;
-
-    fgets(line,sizeof(line)-1,f);
-    if (!*line) continue;
-
-    if (count == alloced) {
-      alloced += 10;
-      (*servers) = (struct srv_info_struct *)
-	Realloc(*servers,sizeof(**servers)*alloced);
-      if (!(*servers)) return(0);
-      bzero((char *)((*servers)+count),sizeof(**servers)*(alloced-count));
-    }
-    s = &(*servers)[count];
-
-    s->server_added = True;
-
-    if (!next_token(&ptr,s->name   , NULL)) continue;
-    if (!next_token(&ptr,stype     , NULL)) continue;
-    if (!next_token(&ptr,s->comment, NULL)) continue;
-    if (!next_token(&ptr,s->domain , NULL)) {
-      /* this allows us to cop with an old nmbd */
-      strcpy(s->domain,my_workgroup()); 
-    }
-
-    if (sscanf(stype,"%X",&s->type) != 1) continue;
-
-    /* doesn't match up: don't want it */
-    if (!(servertype & s->type)) continue;
-
-    /* server entry is a domain, we haven't asked for domains: don't want it */
-    if ((s->type&SV_TYPE_DOMAIN_ENUM) && !(servertype&SV_TYPE_DOMAIN_ENUM))
-      continue;
-
-    DEBUG(4,("Server %20s %8x %25s %15s\n",
-	     s->name, stype, s->comment, s->domain));
-
-    count++;
-  }
-
-  fclose(f);
-  return(count);
-}
+	show_msg(outbuf);
+	if (!send_smb(smbd_server_fd(),outbuf))
+		exit_server("send_trans_reply: send_smb failed.");
 
-/*******************************************************************
-  fill in a server info structure
-  ******************************************************************/
-static int fill_srv_info(struct srv_info_struct *service, 
-			 int uLevel, char **buf, int *buflen, 
-			 char **stringbuf, int *stringspace, char *baseaddr)
-{
-  int struct_len;
-  char* p;
-  char* p2;
-  int l2;
-  int len;
- 
-  switch (uLevel) {
-  case 0: struct_len = 16; break;
-  case 1: struct_len = 26; break;
-  default: return -1;
-  }  
- 
-  if (!buf)
-    {
-      len = 0;
-      switch (uLevel) 
-	{
-	case 1:
-	  len = strlen(service->comment)+1;
-	  break;
-	}
-
-      if (buflen) *buflen = struct_len;
-      if (stringspace) *stringspace = len;
-      return struct_len + len;
-    }
-  
-  len = struct_len;
-  p = *buf;
-  if (*buflen < struct_len) return -1;
-  if (stringbuf)
-    {
-      p2 = *stringbuf;
-      l2 = *stringspace;
-    }
-  else
-    {
-      p2 = p + struct_len;
-      l2 = *buflen - struct_len;
-    }
-  if (!baseaddr) baseaddr = p;
-  
-  switch (uLevel)
-    {
-    case 0:
-      StrnCpy(p,service->name,15);
-      break;
-
-    case 1:
-      StrnCpy(p,service->name,15);
-      SIVAL(p,18,service->type);
-      SIVAL(p,22,PTR_DIFF(p2,baseaddr));
-      len += CopyAndAdvance(&p2,service->comment,&l2);
-      break;
-    }
-
-  if (stringbuf)
-    {
-      *buf = p + struct_len;
-      *buflen -= struct_len;
-      *stringbuf = p2;
-      *stringspace = l2;
-    }
-  else
-    {
-      *buf = p2;
-      *buflen -= len;
-    }
-  return len;
-}
+	tot_data_sent = this_ldata;
+	tot_param_sent = this_lparam;
 
-
-/****************************************************************************
-  view list of servers available (or possibly domains). The info is
-  extracted from lists saved by nmbd on the local host
-  ****************************************************************************/
-static BOOL api_RNetServerEnum(int cnum, int uid, char *param, char *data,
-			       int mdrcnt, int mprcnt, char **rdata, 
-			       char **rparam, int *rdata_len, int *rparam_len)
-{
-  char *str1 = param+2;
-  char *str2 = skip_string(str1,1);
-  char *p = skip_string(str2,1);
-  int uLevel = SVAL(p,0);
-  int buf_len = SVAL(p,2);
-  uint32 servertype = IVAL(p,4);
-  char *p2;
-  int data_len, fixed_len, string_len;
-  int f_len, s_len;
-  struct srv_info_struct *servers=NULL;
-  int counted=0,total=0;
-  int i;
-  fstring domain;
-  BOOL domain_request = (servertype & SV_TYPE_DOMAIN_ENUM) &&
-                       !(servertype == SV_TYPE_ALL);
-
-  domain[0] = 0;
-  p += 8;
-
-  if (!prefix_ok(str1,"WrLehD")) return False;
-  if (!check_server_info(uLevel,str2)) return False;
-  
-  DEBUG(4, ("server request level: %s\n", str2));
-
-  if (strcmp(str1, "WrLehDO") == 0)
-  {
-    /* asking for servers. we will have to work out which workgroup was
-       requested, as we maintain lists for multiple workgroups */
-  }
-  else if (strcmp(str1, "WrLehDz") == 0)
-  {
-    /* asking for a specific workgroup */
-    StrnCpy(domain, p, sizeof(fstring)-1);
-  }
-
-  if (lp_browse_list())
-  {
-    total = get_server_info(servertype,&servers);
-  }
-
-  if (!domain[0] && !domain_request) {
-    extern fstring remote_machine;
-    /* must be a server request with an assumed domain. find a domain */
-    
-    if (find_server(servers, total, domain, remote_machine)) {
-      DEBUG(4, ("No domain specified: using %s for %s\n",
-		domain, remote_machine));
-    } else {
-      /* default to soemthing sensible */
-      strcpy(domain,my_workgroup());
-    }
-  }
-
-  data_len = fixed_len = string_len = 0;
-
-  for (i=0;i<total;i++)
-    if (filter_server_info(&servers[i],domain)) {
-      data_len += fill_srv_info(&servers[i],uLevel,0,&f_len,0,&s_len,0);
-      if (data_len <= buf_len)
+	while (tot_data_sent < ldata || tot_param_sent < lparam)
 	{
-	  counted++;
-	  fixed_len += f_len;
-	  string_len += s_len;
-	}
-    }
+		this_lparam = MIN(lparam-tot_param_sent, max_send - 500); /* hack */
+		this_ldata  = MIN(ldata -tot_data_sent, max_send - (500+this_lparam));
 
-  *rdata_len = fixed_len + string_len;
-  *rdata = REALLOC(*rdata,*rdata_len);
-  bzero(*rdata,*rdata_len);
-  
-  p2 = (*rdata) + fixed_len;	/* auxilliary data (strings) will go here */
-  p = *rdata;
-  f_len = fixed_len;
-  s_len = string_len;
-
-  {
-    int count2 = counted;
-    for (i = 0; i < total && count2;i++) {
-      if (filter_server_info(&servers[i],domain)) {
-	fill_srv_info(&servers[i],uLevel,&p,&f_len,&p2,&s_len,*rdata);
-	count2--;
-      }
-    }
-  }
-  
-  *rparam_len = 8;
-  *rparam = REALLOC(*rparam,*rparam_len);
-  SSVAL(*rparam,0,NERR_Success);
-  SSVAL(*rparam,2,0);
-  SSVAL(*rparam,4,counted);
-  SSVAL(*rparam,6,total);
+		if(this_lparam < 0)
+			this_lparam = 0;
 
-  if (servers) free(servers);
+		if(this_ldata < 0)
+			this_ldata = 0;
 
-  DEBUG(3,("NetServerEnum domain = %s uLevel=%d counted=%d total=%d\n",
-	   domain,uLevel,counted,total));
-
-  return(True);
-}
+		align = (this_lparam%4);
 
+		set_message(outbuf,10,1+this_ldata+this_lparam+align,False);
 
-/****************************************************************************
-  get info about a share
-  ****************************************************************************/
-static BOOL check_share_info(int uLevel, char* id)
-{
-  switch( uLevel ) {
-  case 0:
-    if (strcmp(id,"B13") != 0) return False;
-    break;
-  case 1:
-    if (strcmp(id,"B13BWz") != 0) return False;
-    break;
-  case 2:
-    if (strcmp(id,"B13BWzWWWzB9B") != 0) return False;
-    break;
-  case 91:
-    if (strcmp(id,"B13BWzWWWzB9BB9BWzWWzWW") != 0) return False;
-    break;
-  default: return False;
-  }
-  return True;
-}
+		copy_trans_params_and_data(outbuf, align,
+									rparam, tot_param_sent, this_lparam,
+									rdata, tot_data_sent, this_ldata);
 
-static int fill_share_info(int cnum, int snum, int uLevel,
- 			   char** buf, int* buflen,
- 			   char** stringbuf, int* stringspace, char* baseaddr)
-{
-  int struct_len;
-  char* p;
-  char* p2;
-  int l2;
-  int len;
- 
-  switch( uLevel ) {
-  case 0: struct_len = 13; break;
-  case 1: struct_len = 20; break;
-  case 2: struct_len = 40; break;
-  case 91: struct_len = 68; break;
-  default: return -1;
-  }
-  
- 
-  if (!buf)
-    {
-      len = 0;
-      if (uLevel > 0) len += StrlenExpanded(cnum,snum,lp_comment(snum));
-      if (uLevel > 1) len += strlen(lp_pathname(snum)) + 1;
-      if (buflen) *buflen = struct_len;
-      if (stringspace) *stringspace = len;
-      return struct_len + len;
-    }
-  
-  len = struct_len;
-  p = *buf;
-  if ((*buflen) < struct_len) return -1;
-  if (stringbuf)
-    {
-      p2 = *stringbuf;
-      l2 = *stringspace;
-    }
-  else
-    {
-      p2 = p + struct_len;
-      l2 = (*buflen) - struct_len;
-    }
-  if (!baseaddr) baseaddr = p;
-  
-  StrnCpy(p,lp_servicename(snum),13);
-  
-  if (uLevel > 0)
-    {
-      int type;
-      CVAL(p,13) = 0;
-      type = STYPE_DISKTREE;
-      if (lp_print_ok(snum)) type = STYPE_PRINTQ;
-      if (strequal("IPC$",lp_servicename(snum))) type = STYPE_IPC;
-      SSVAL(p,14,type);		/* device type */
-      SIVAL(p,16,PTR_DIFF(p2,baseaddr));
-      len += CopyExpanded(cnum,snum,&p2,lp_comment(snum),&l2);
-    }
-  
-  if (uLevel > 1)
-    {
-      SSVAL(p,20,ACCESS_READ|ACCESS_WRITE|ACCESS_CREATE); /* permissions */
-      SSVALS(p,22,-1);		/* max uses */
-      SSVAL(p,24,1); /* current uses */
-      SIVAL(p,26,PTR_DIFF(p2,baseaddr)); /* local pathname */
-      len += CopyAndAdvance(&p2,lp_pathname(snum),&l2);
-      memset(p+30,0,SHPWLEN+2); /* passwd (reserved), pad field */
-    }
-  
-  if (uLevel > 2)
-    {
-      memset(p+40,0,SHPWLEN+2);
-      SSVAL(p,50,0);
-      SIVAL(p,52,0);
-      SSVAL(p,56,0);
-      SSVAL(p,58,0);
-      SIVAL(p,60,0);
-      SSVAL(p,64,0);
-      SSVAL(p,66,0);
-    }
-       
-  if (stringbuf)
-    {
-      (*buf) = p + struct_len;
-      (*buflen) -= struct_len;
-      (*stringbuf) = p2;
-      (*stringspace) = l2;
-    }
-  else
-    {
-      (*buf) = p2;
-      (*buflen) -= len;
-    }
-  return len;
-}
+		SSVAL(outbuf,smb_vwv3,this_lparam);
+		SSVAL(outbuf,smb_vwv4,smb_offset(smb_buf(outbuf)+1,outbuf));
+		SSVAL(outbuf,smb_vwv5,tot_param_sent);
+		SSVAL(outbuf,smb_vwv6,this_ldata);
+		SSVAL(outbuf,smb_vwv7,smb_offset(smb_buf(outbuf)+1+this_lparam+align,outbuf));
+		SSVAL(outbuf,smb_vwv8,tot_data_sent);
+		SSVAL(outbuf,smb_vwv9,0);
 
-static BOOL api_RNetShareGetInfo(int cnum,int uid, char *param,char *data,
-				 int mdrcnt,int mprcnt,
-				 char **rdata,char **rparam,
-				 int *rdata_len,int *rparam_len)
-{
-  char *str1 = param+2;
-  char *str2 = skip_string(str1,1);
-  char *netname = skip_string(str2,1);
-  char *p = skip_string(netname,1);
-  int uLevel = SVAL(p,0);
-  int snum = find_service(netname);
-  
-  if (snum < 0) return False;
-  
-  /* check it's a supported varient */
-  if (!prefix_ok(str1,"zWrLh")) return False;
-  if (!check_share_info(uLevel,str2)) return False;
- 
-  *rdata = REALLOC(*rdata,mdrcnt);
-  p = *rdata;
-  *rdata_len = fill_share_info(cnum,snum,uLevel,&p,&mdrcnt,0,0,0);
-  if (*rdata_len < 0) return False;
- 
-  *rparam_len = 6;
-  *rparam = REALLOC(*rparam,*rparam_len);
-  SSVAL(*rparam,0,NERR_Success);
-  SSVAL(*rparam,2,0);		/* converter word */
-  SSVAL(*rparam,4,*rdata_len);
- 
-  return(True);
-}
+		show_msg(outbuf);
+		if (!send_smb(smbd_server_fd(),outbuf))
+			exit_server("send_trans_reply: send_smb failed.");
 
-/****************************************************************************
-  view list of shares available
-  ****************************************************************************/
-static BOOL api_RNetShareEnum(int cnum,int uid, char *param,char *data,
-  			      int mdrcnt,int mprcnt,
-  			      char **rdata,char **rparam,
-  			      int *rdata_len,int *rparam_len)
-{
-  char *str1 = param+2;
-  char *str2 = skip_string(str1,1);
-  char *p = skip_string(str2,1);
-  int uLevel = SVAL(p,0);
-  int buf_len = SVAL(p,2);
-  char *p2;
-  int count=lp_numservices();
-  int total=0,counted=0;
-  int i;
-  int data_len, fixed_len, string_len;
-  int f_len, s_len;
- 
-  if (!prefix_ok(str1,"WrLeh")) return False;
-  if (!check_share_info(uLevel,str2)) return False;
-  
-  data_len = fixed_len = string_len = 0;
-  for (i=0;i<count;i++)
-    if (lp_browseable(i) && lp_snum_ok(i))
-      {
-  	total++;
- 	data_len += fill_share_info(cnum,i,uLevel,0,&f_len,0,&s_len,0);
- 	if (data_len <= buf_len)
- 	  {
- 	    counted++;
- 	    fixed_len += f_len;
- 	    string_len += s_len;
- 	  }
-      }
-  *rdata_len = fixed_len + string_len;
-  *rdata = REALLOC(*rdata,*rdata_len);
-  memset(*rdata,0,*rdata_len);
-  
-  p2 = (*rdata) + fixed_len;	/* auxillery data (strings) will go here */
-  p = *rdata;
-  f_len = fixed_len;
-  s_len = string_len;
-  for (i = 0; i < count;i++)
-    if (lp_browseable(i) && lp_snum_ok(i))
-      if (fill_share_info(cnum,i,uLevel,&p,&f_len,&p2,&s_len,*rdata) < 0)
- 	break;
-  
-  *rparam_len = 8;
-  *rparam = REALLOC(*rparam,*rparam_len);
-  SSVAL(*rparam,0,NERR_Success);
-  SSVAL(*rparam,2,0);
-  SSVAL(*rparam,4,counted);
-  SSVAL(*rparam,6,total);
-  
-  DEBUG(3,("RNetShareEnum gave %d entries of %d (%d %d %d %d)\n",
- 	   counted,total,uLevel,
-  	   buf_len,*rdata_len,mdrcnt));
-  return(True);
+		tot_data_sent  += this_ldata;
+		tot_param_sent += this_lparam;
+	}
 }
 
-
-
 /****************************************************************************
-  get the time of day info
-  ****************************************************************************/
-static BOOL api_NetRemoteTOD(int cnum,int uid, char *param,char *data,
-			     int mdrcnt,int mprcnt,
-			     char **rdata,char **rparam,
-			     int *rdata_len,int *rparam_len)
-{
-  char *p;
-  *rparam_len = 4;
-  *rparam = REALLOC(*rparam,*rparam_len);
-
-  *rdata_len = 21;
-  *rdata = REALLOC(*rdata,*rdata_len);
-
-  SSVAL(*rparam,0,NERR_Success);
-  SSVAL(*rparam,2,0);		/* converter word */
-
-  p = *rdata;
-
-  {
-    struct tm *t;
-    time_t unixdate = time(NULL);
-
-    put_dos_date3(p,0,unixdate); /* this is the time that is looked at
-				    by NT in a "net time" operation,
-				    it seems to ignore the one below */
-
-    /* the client expects to get localtime, not GMT, in this bit 
-       (I think, this needs testing) */
-    t = LocalTime(&unixdate,GMT_TO_LOCAL);
-
-    SIVAL(p,4,0);		/* msecs ? */
-    CVAL(p,8) = t->tm_hour;
-    CVAL(p,9) = t->tm_min;
-    CVAL(p,10) = t->tm_sec;
-    CVAL(p,11) = 0;		/* hundredths of seconds */
-    SSVALS(p,12,TimeDiff(unixdate)/60); /* timezone in minutes from GMT */
-    SSVAL(p,14,10000);		/* timer interval in 0.0001 of sec */
-    CVAL(p,16) = t->tm_mday;
-    CVAL(p,17) = t->tm_mon + 1;
-    SSVAL(p,18,1900+t->tm_year);
-    CVAL(p,20) = t->tm_wday;
-  }
-
-
-  return(True);
-}
+ Start the first part of an RPC reply which began with an SMBtrans request.
+****************************************************************************/
 
-/****************************************************************************
-  set the user password
-  ****************************************************************************/
-static BOOL api_SetUserPassword(int cnum,int uid, char *param,char *data,
-				int mdrcnt,int mprcnt,
-				char **rdata,char **rparam,
-				int *rdata_len,int *rparam_len)
+static BOOL api_rpc_trans_reply(char *outbuf, smb_np_struct *p)
 {
-  char *p = skip_string(param+2,2);
-  fstring user;
-  fstring pass1,pass2;
-
-  strcpy(user,p);
+	BOOL is_data_outstanding;
+	char *rdata = malloc(p->max_trans_reply);
+	int data_len;
 
-  p = skip_string(p,1);
-
-  StrnCpy(pass1,p,16);
-  StrnCpy(pass2,p+16,16);
-
-  *rparam_len = 4;
-  *rparam = REALLOC(*rparam,*rparam_len);
-
-  *rdata_len = 0;
-
-  SSVAL(*rparam,0,NERR_Success);
-  SSVAL(*rparam,2,0);		/* converter word */
+	if(rdata == NULL) {
+		DEBUG(0,("api_rpc_trans_reply: malloc fail.\n"));
+		return False;
+	}
 
-  DEBUG(3,("Set password for <%s>\n",user));
+	if((data_len = read_from_pipe( p, rdata, p->max_trans_reply,
+					&is_data_outstanding)) < 0) {
+		SAFE_FREE(rdata);
+		return False;
+	}
 
-  if (!password_ok(user,pass1,strlen(pass1),NULL,False) || 
-      !chgpasswd(user,pass1,pass2))
-    SSVAL(*rparam,0,NERR_badpass);
+	send_trans_reply(outbuf, NULL, 0, rdata, data_len, is_data_outstanding);
 
-  bzero(pass1,sizeof(fstring));
-  bzero(pass2,sizeof(fstring));	 
-	 
-  return(True);
+	SAFE_FREE(rdata);
+	return True;
 }
 
 /****************************************************************************
-  delete a print job
-  Form: <W> <> 
-  ****************************************************************************/
-static BOOL api_RDosPrintJobDel(int cnum,int uid, char *param,char *data,
-				int mdrcnt,int mprcnt,
-				char **rdata,char **rparam,
-				int *rdata_len,int *rparam_len)
-{
-  int function = SVAL(param,0);
-  char *str1 = param+2;
-  char *str2 = skip_string(str1,1);
-  char *p = skip_string(str2,1);
-  int jobid = (SVAL(p,0)&0xFF); /* the snum and jobid are encoded
-				   by the print queue api */
-  int snum = (SVAL(p,0)>>8);  
-  int i, count;
-
-
-  /* check it's a supported varient */
-  if (!(strcsequal(str1,"W") && strcsequal(str2,"")))
-    return(False);
-
-  *rparam_len = 4;
-  *rparam = REALLOC(*rparam,*rparam_len);
-
-  *rdata_len = 0;
-
-  SSVAL(*rparam,0,NERR_Success);
-
-  if (snum >= 0 && VALID_SNUM(snum))
-    {
-      print_queue_struct *queue=NULL;
-      lpq_reset(snum);
-      count = get_printqueue(snum,cnum,&queue,NULL);
-  
-      for (i=0;i<count;i++)
-  	if ((queue[i].job%0xFF) == jobid)
-  	  {
- 	    switch (function) {
-	    case 81:		/* delete */ 
-	      DEBUG(3,("Deleting queue entry %d\n",queue[i].job));
-	      del_printqueue(cnum,snum,queue[i].job);
-	      break;
-	    case 82:		/* pause */
-	    case 83:		/* resume */
-	      DEBUG(3,("%s queue entry %d\n",
-		       (function==82?"pausing":"resuming"),queue[i].job));
-	      status_printjob(cnum,snum,queue[i].job,
-			      (function==82?LPQ_PAUSED:LPQ_QUEUED));
-	      break;
- 	    }
- 	    break;
-  	  }
-  
-      if (i==count)
-	SSVAL(*rparam,0,NERR_JobNotFound);
-
-      if (queue) free(queue);
-    }
-
-  SSVAL(*rparam,2,0);		/* converter word */
-
-  return(True);
-}
+ WaitNamedPipeHandleState 
+****************************************************************************/
 
-static BOOL api_WPrintQueuePurge(int cnum,int uid, char *param,char *data,
-				 int mdrcnt,int mprcnt,
-				 char **rdata,char **rparam,
-				 int *rdata_len,int *rparam_len)
+static BOOL api_WNPHS(char *outbuf, smb_np_struct *p, char *param, int param_len)
 {
-  char *str1 = param+2;
-  char *str2 = skip_string(str1,1);
-  char *QueueName = skip_string(str2,1);
-  int snum;
-
-  /* check it's a supported varient */
-  if (!(strcsequal(str1,"z") && strcsequal(str2,"")))
-    return(False);
-
-  *rparam_len = 4;
-  *rparam = REALLOC(*rparam,*rparam_len);
-
-  *rdata_len = 0;
-
-  SSVAL(*rparam,0,NERR_Success);
-  SSVAL(*rparam,2,0);		/* converter word */
-
-  snum = lp_servicenumber(QueueName);
-  if (snum < 0 && pcap_printername_ok(QueueName,NULL)) {
-    int pnum = lp_servicenumber(PRINTERS_NAME);
-    if (pnum >= 0) {
-      lp_add_printer(QueueName,pnum);
-      snum = lp_servicenumber(QueueName);
-    }
-  }
-
-  if (snum >= 0 && VALID_SNUM(snum)) {
-    print_queue_struct *queue=NULL;
-    int i, count;
-    lpq_reset(snum);
-    
-    count = get_printqueue(snum,cnum,&queue,NULL);
-    for (i = 0; i < count; i++)
-      del_printqueue(cnum,snum,queue[i].job);
-    
-    if (queue) free(queue);
-  }
-
-  DEBUG(3,("Print queue purge, queue=%s\n",QueueName));
-
-  return(True);
-}
+	uint16 priority;
 
+	if (!param || param_len < 2)
+		return False;
 
-/****************************************************************************
-  set the property of a print job (undocumented?)
-  ? function = 0xb -> set name of print job
-  ? function = 0x6 -> move print job up/down
-  Form: <WWsTP> <WWzWWDDzzzzzzzzzzlz> 
-  or   <WWsTP> <WB21BB16B10zWWzDDz> 
-****************************************************************************/
-static int check_printjob_info(struct pack_desc* desc,
-			       int uLevel, char* id)
-{
-  desc->subformat = NULL;
-  switch( uLevel ) {
-  case 0: desc->format = "W"; break;
-  case 1: desc->format = "WB21BB16B10zWWzDDz"; break;
-  case 2: desc->format = "WWzWWDDzz"; break;
-  case 3: desc->format = "WWzWWDDzzzzzzzzzzlz"; break;
-  default: return False;
-  }
-  if (strcmp(desc->format,id) != 0) return False;
-  return True;
-}
+	priority = SVAL(param,0);
+	DEBUG(4,("WaitNamedPipeHandleState priority %x\n", priority));
 
-static BOOL api_PrintJobInfo(int cnum,int uid,char *param,char *data,
-  			     int mdrcnt,int mprcnt,
-  			     char **rdata,char **rparam,
-  			     int *rdata_len,int *rparam_len)
-{
-  struct pack_desc desc;
-  char *str1 = param+2;
-  char *str2 = skip_string(str1,1);
-  char *p = skip_string(str2,1);
-  int jobid = (SVAL(p,0)&0xFF); /* the snum and jobid are encoded
- 				   by the print queue api */
-  int snum = (SVAL(p,0)>>8);
-  int uLevel = SVAL(p,2);
-  int function = SVAL(p,4);	/* what is this ?? */
-  int i;
-  char *s = data;
-   
-  *rparam_len = 4;
-  *rparam = REALLOC(*rparam,*rparam_len);
-  
-  *rdata_len = 0;
-  
-  /* check it's a supported varient */
-  if ((strcmp(str1,"WWsTP")) || (!check_printjob_info(&desc,uLevel,str2)))
-    return(False);
-   
-  switch (function) {
-  case 0x6:	/* change job place in the queue, data gives the new place */
-    if (snum >= 0 && VALID_SNUM(snum))
-      {
-	print_queue_struct *queue=NULL;
-	int count;
-  
-	lpq_reset(snum);
-	count = get_printqueue(snum,cnum,&queue,NULL);
-	for (i=0;i<count;i++)	/* find job */
-	  if ((queue[i].job%0xFF) == jobid) break;
- 	    
-	if (i==count) {
-	  desc.errcode=NERR_JobNotFound;
-	  if (queue) free(queue);
+	if (wait_rpc_pipe_hnd_state(p, priority)) {
+		/* now send the reply */
+		send_trans_reply(outbuf, NULL, 0, NULL, 0, False);
+		return True;
 	}
-	else {
-	  desc.errcode=NERR_Success;
-	  i++;
-#if 0	
-	  {
-	    int place= SVAL(data,0);
-	    /* we currently have no way of doing this. Can any unix do it? */
-	    if (i < place)	/* move down */;
-	    else if (i > place )	/* move up */;
-	  }
-#endif
-	  desc.errcode=NERR_notsupported; /* not yet supported */
-	  if (queue) free(queue);
-	}
-      }
-    else desc.errcode=NERR_JobNotFound;
-    break;
-  case 0xb:   /* change print job name, data gives the name */
-    /* jobid, snum should be zero */
-    if (isalpha(*s))
-      {
-	pstring name;
-	int l = 0;
-	while (l<64 && *s)
-	  {
-	    if (isalnum(*s) || strchr("-._",*s))
-	      name[l++] = *s;
-	    s++;
-	  }      
-	name[l] = 0;
-	
-	DEBUG(3,("Setting print name to %s\n",name));
-	
-	for (i=0;i<MAX_OPEN_FILES;i++)
-	  if (Files[i].open && Files[i].print_file)
-	    {
-	      pstring wd;
-	      GetWd(wd);
-	      unbecome_user();
-	      
-	      if (!become_user(Files[i].cnum,uid) || 
-		  !become_service(Files[i].cnum,True))
-		break;
-	      
-	      if (sys_rename(Files[i].name,name) == 0)
-		string_set(&Files[i].name,name);
-	      break;
-	    }
-      }
-    desc.errcode=NERR_Success;
-  
-    break;
-  default:			/* not implemented */
-    return False;
-  }
- 
-  SSVALS(*rparam,0,desc.errcode);
-  SSVAL(*rparam,2,0);		/* converter word */
-  
-  return(True);
+	return False;
 }
 
 
 /****************************************************************************
-  get info about the server
-  ****************************************************************************/
-static BOOL api_RNetServerGetInfo(int cnum,int uid, char *param,char *data,
-				  int mdrcnt,int mprcnt,
-				  char **rdata,char **rparam,
-				  int *rdata_len,int *rparam_len)
-{
-  char *str1 = param+2;
-  char *str2 = skip_string(str1,1);
-  char *p = skip_string(str2,1);
-  int uLevel = SVAL(p,0);
-  char *p2;
-  int struct_len;
-
-  DEBUG(4,("NetServerGetInfo level %d\n",uLevel));
-
-  /* check it's a supported varient */
-  if (!prefix_ok(str1,"WrLh")) return False;
-  switch( uLevel ) {
-  case 0:
-    if (strcmp(str2,"B16") != 0) return False;
-    struct_len = 16;
-    break;
-  case 1:
-    if (strcmp(str2,"B16BBDz") != 0) return False;
-    struct_len = 26;
-    break;
-  case 2:
-    if (strcmp(str2,"B16BBDzDDDWWzWWWWWWWBB21zWWWWWWWWWWWWWWWWWWWWWWz")
-	!= 0) return False;
-    struct_len = 134;
-    break;
-  case 3:
-    if (strcmp(str2,"B16BBDzDDDWWzWWWWWWWBB21zWWWWWWWWWWWWWWWWWWWWWWzDWz")
-	!= 0) return False;
-    struct_len = 144;
-    break;
-  case 20:
-    if (strcmp(str2,"DN") != 0) return False;
-    struct_len = 6;
-    break;
-  case 50:
-    if (strcmp(str2,"B16BBDzWWzzz") != 0) return False;
-    struct_len = 42;
-    break;
-  default: return False;
-  }
-
-  *rdata_len = mdrcnt;
-  *rdata = REALLOC(*rdata,*rdata_len);
-
-  p = *rdata;
-  p2 = p + struct_len;
-  if (uLevel != 20) {
-    StrnCpy(p,local_machine,16);
-    strupper(p);
-  }
-  p += 16;
-  if (uLevel > 0)
-    {
-      struct srv_info_struct *servers=NULL;
-      int i,count;
-      pstring comment;
-      uint32 servertype=SV_TYPE_SERVER_UNIX|SV_TYPE_WORKSTATION|
-	SV_TYPE_SERVER|SV_TYPE_TIME_SOURCE;
-
-      strcpy(comment,lp_serverstring());
-
-      if ((count=get_server_info(SV_TYPE_ALL,&servers))>0) {
-	for (i=0;i<count;i++)
-	  if (strequal(servers[i].name,local_machine)) {
-	    servertype = servers[i].type;
-	    strcpy(comment,servers[i].comment);	    
-	  }
-      }
-      if (servers) free(servers);
-
-      SCVAL(p,0,2);		/* version_major */
-      SCVAL(p,1,0);		/* version_minor */
-      SIVAL(p,2,servertype);
-      if (mdrcnt == struct_len) {
-	SIVAL(p,6,0);
-      } else {
-	SIVAL(p,6,PTR_DIFF(p2,*rdata));
-	standard_sub(cnum,comment);
-	StrnCpy(p2,comment,MAX(mdrcnt - struct_len,0));
-	p2 = skip_string(p2,1);
-      }
-    }
-  if (uLevel > 1)
-    {
-      return False;		/* not yet implemented */
-    }
-
-  *rdata_len = PTR_DIFF(p2,*rdata);
-
-  *rparam_len = 6;
-  *rparam = REALLOC(*rparam,*rparam_len);
-  SSVAL(*rparam,0,NERR_Success);
-  SSVAL(*rparam,2,0);		/* converter word */
-  SSVAL(*rparam,4,*rdata_len);
-
-  return(True);
-}
-
+ SetNamedPipeHandleState 
+****************************************************************************/
 
-/****************************************************************************
-  get info about the server
-  ****************************************************************************/
-static BOOL api_NetWkstaGetInfo(int cnum,int uid, char *param,char *data,
-				int mdrcnt,int mprcnt,
-				char **rdata,char **rparam,
-				int *rdata_len,int *rparam_len)
+static BOOL api_SNPHS(char *outbuf, smb_np_struct *p, char *param, int param_len)
 {
-  char *str1 = param+2;
-  char *str2 = skip_string(str1,1);
-  char *p = skip_string(str2,1);
-  char *p2;
-  extern pstring sesssetup_user;
-  int level = SVAL(p,0);
-
-  DEBUG(4,("NetWkstaGetInfo level %d\n",level));
-
-  *rparam_len = 6;
-  *rparam = REALLOC(*rparam,*rparam_len);
-
-  /* check it's a supported varient */
-  if (!(level==10 && strcsequal(str1,"WrLh") && strcsequal(str2,"zzzBBzz")))
-    return(False);
+	uint16 id;
 
-  *rdata_len = mdrcnt + 1024;
-  *rdata = REALLOC(*rdata,*rdata_len);
+	if (!param || param_len < 2)
+		return False;
 
-  SSVAL(*rparam,0,NERR_Success);
-  SSVAL(*rparam,2,0);		/* converter word */
+	id = SVAL(param,0);
+	DEBUG(4,("SetNamedPipeHandleState to code %x\n", id));
 
-  p = *rdata;
-  p2 = p + 22;
-
-  SIVAL(p,0,PTR_DIFF(p2,*rdata));
-  strcpy(p2,local_machine);
-  p2 = skip_string(p2,1);
-  p += 4;
-
-  SIVAL(p,0,PTR_DIFF(p2,*rdata));
-  strcpy(p2,sesssetup_user);
-  p2 = skip_string(p2,1);
-  p += 4;
-
-  SIVAL(p,0,PTR_DIFF(p2,*rdata));
-  strcpy(p2,my_workgroup());
-  p2 = skip_string(p2,1);
-  p += 4;
-
-  SCVAL(p,0,2); /* major version?? */
-  SCVAL(p,1,1); /* minor version?? */
-  p += 2;
-
-  SIVAL(p,0,PTR_DIFF(p2,*rdata));
-  strcpy(p2,my_workgroup());	/* login domain?? */
-  p2 = skip_string(p2,1);
-  p += 4;
-
-  SIVAL(p,0,PTR_DIFF(p2,*rdata));
-  strcpy(p2,"");
-  p2 = skip_string(p2,1);
-  p += 4;
-
-  *rdata_len = PTR_DIFF(p2,*rdata);
-
-  SSVAL(*rparam,4,*rdata_len);
-
-  return(True);
+	if (set_rpc_pipe_hnd_state(p, id)) {
+		/* now send the reply */
+		send_trans_reply(outbuf, NULL, 0, NULL, 0, False);
+		return True;
+	}
+	return False;
 }
 
 
 /****************************************************************************
-  get info about a user
-  ****************************************************************************/
+ When no reply is generated, indicate unsupported.
+ ****************************************************************************/
 
-#define USER_PRIV_GUEST 0
-#define USER_PRIV_USER 1
-#define USER_PRIV_ADMIN 2
-
-static BOOL api_RNetUserGetInfo(int cnum,int uid, char *param,char *data,
-				int mdrcnt,int mprcnt,
-				char **rdata,char **rparam,
-				int *rdata_len,int *rparam_len)
-{
-  char *str1 = param+2;
-  char *str2 = skip_string(str1,1);
-  char *UserName = skip_string(str2,1);
-  char *p = skip_string(UserName,1);
-  int uLevel = SVAL(p,0);
-  char *p2;
-
-  *rparam_len = 6;
-  *rparam = REALLOC(*rparam,*rparam_len);
-
-  /* check it's a supported varient */
-  if (strcmp(str1,"zWrLh") != 0) return False;
-  switch( uLevel ) {
-  case 0: p2 = "B21"; break;
-  case 1: p2 = "B21BB16DWzzWz"; break;
-  case 2: p2 = "B21BB16DWzzWzDzzzzDDDDWb21WWzWW"; break;
-  case 10: p2 = "B21Bzzz"; break;
-  case 11: p2 = "B21BzzzWDDzzDDWWzWzDWb21W"; break;
-  default: return False;
-  }
-  if (strcmp(p2,str2) != 0) return False;
-
-  *rdata_len = mdrcnt + 1024;
-  *rdata = REALLOC(*rdata,*rdata_len);
-
-  SSVAL(*rparam,0,NERR_Success);
-  SSVAL(*rparam,2,0);		/* converter word */
-
-  p = *rdata;
-  p2 = p + 86;
-
-  memset(p,0,21);
-  strcpy(p,UserName);
-  if (uLevel > 0) {
-    SCVAL(p,21,0);
-    *p2 = 0;
-    if (uLevel >= 10) {
-      SIVAL(p,22,PTR_DIFF(p2,p)); /* comment */
-      strcpy(p2,"<Comment>");
-      p2 = skip_string(p2,1);
-      SIVAL(p,26,PTR_DIFF(p2,p)); /* user_comment */
-      strcpy(p2,"<UserComment>");
-      p2 = skip_string(p2,1);
-      SIVAL(p,30,PTR_DIFF(p2,p)); /* full name */
-      strcpy(p2,"<FullName>");
-      p2 = skip_string(p2,1);
-    }
-    if (uLevel == 11) {         /* modelled after NTAS 3.51 reply */
-      SSVAL(p,34,USER_PRIV_USER); /* user privilege */
-      SIVAL(p,36,0);		/* auth flags */
-      SIVALS(p,40,-1);		/* password age */
-      SIVAL(p,44,PTR_DIFF(p2,p)); /* home dir */
-      strcpy(p2,"\\\\%L\\HOMES");
-      standard_sub_basic(p2);
-      p2 = skip_string(p2,1);
-      SIVAL(p,48,PTR_DIFF(p2,p)); /* parms */
-      strcpy(p2,"");
-      p2 = skip_string(p2,1);
-      SIVAL(p,52,0);		/* last logon */
-      SIVAL(p,56,0);		/* last logoff */
-      SSVALS(p,60,-1);		/* bad pw counts */
-      SSVALS(p,62,-1);		/* num logons */
-      SIVAL(p,64,PTR_DIFF(p2,p)); /* logon server */
-      strcpy(p2,"\\\\*");
-      p2 = skip_string(p2,1);
-      SSVAL(p,68,0);		/* country code */
-
-      SIVAL(p,70,PTR_DIFF(p2,p)); /* workstations */
-      strcpy(p2,"");
-      p2 = skip_string(p2,1);
-
-      SIVALS(p,74,-1);		/* max storage */
-      SSVAL(p,78,168);		/* units per week */
-      SIVAL(p,80,PTR_DIFF(p2,p)); /* logon hours */
-      memset(p2,-1,21);
-      SCVAL(p2,21,0);           /* fix zero termination */
-      p2 = skip_string(p2,1);
-
-      SSVAL(p,84,0);		/* code page */
-    }
-    if (uLevel == 1 || uLevel == 2) {
-      memset(p+22,' ',16);	/* password */
-      SIVALS(p,38,-1);		/* password age */
-      SSVAL(p,42,USER_PRIV_ADMIN); /* user privilege */
-      SIVAL(p,44,PTR_DIFF(p2,*rdata)); /* home dir */
-      strcpy(p2,"\\\\%L\\HOMES");
-      standard_sub_basic(p2);
-      p2 = skip_string(p2,1);
-      SIVAL(p,48,PTR_DIFF(p2,*rdata)); /* comment */
-      *p2++ = 0;
-      SSVAL(p,52,0);		/* flags */
-      SIVAL(p,54,0);		/* script_path */
-      if (uLevel == 2) {
-	SIVAL(p,60,0);		/* auth_flags */
-	SIVAL(p,64,PTR_DIFF(p2,*rdata)); /* full_name */
-	strcpy(p2,"<Full Name>");
-	p2 = skip_string(p2,1);
-	SIVAL(p,68,0);		/* urs_comment */
-	SIVAL(p,72,PTR_DIFF(p2,*rdata)); /* parms */
-	strcpy(p2,"");
-	p2 = skip_string(p2,1);
-	SIVAL(p,76,0);		/* workstations */
-	SIVAL(p,80,0);		/* last_logon */
-	SIVAL(p,84,0);		/* last_logoff */
-	SIVALS(p,88,-1);		/* acct_expires */
-	SIVALS(p,92,-1);		/* max_storage */
-	SSVAL(p,96,168);	/* units_per_week */
-	SIVAL(p,98,PTR_DIFF(p2,*rdata)); /* logon_hours */
-	memset(p2,-1,21);
-	p2 += 21;
-	SSVALS(p,102,-1);	/* bad_pw_count */
-	SSVALS(p,104,-1);	/* num_logons */
-	SIVAL(p,106,PTR_DIFF(p2,*rdata)); /* logon_server */
-	strcpy(p2,"\\\\%L");
-	standard_sub_basic(p2);
-	p2 = skip_string(p2,1);
-	SSVAL(p,110,49);	/* country_code */
-	SSVAL(p,112,860);	/* code page */
-      }
-    }
-  }
-
-  *rdata_len = PTR_DIFF(p2,*rdata);
-
-  SSVAL(*rparam,4,*rdata_len);	/* is this right?? */
-
-  return(True);
-}
-
-
-/*******************************************************************
-  get groups that a user is a member of
-  ******************************************************************/
-static BOOL api_NetUserGetGroups(int cnum,int uid, char *param,char *data,
-				 int mdrcnt,int mprcnt,
-				 char **rdata,char **rparam,
-				 int *rdata_len,int *rparam_len)
+static BOOL api_no_reply(char *outbuf, int max_rdata_len)
 {
-  char *str1 = param+2;
-  char *str2 = skip_string(str1,1);
-  char *UserName = skip_string(str2,1);
-  char *p = skip_string(UserName,1);
-  int uLevel = SVAL(p,0);
-  char *p2;
-  int count=0;
-
-  *rparam_len = 8;
-  *rparam = REALLOC(*rparam,*rparam_len);
-
-  /* check it's a supported varient */
-  if (strcmp(str1,"zWrLeh") != 0) return False;
-  switch( uLevel ) {
-  case 0: p2 = "B21"; break;
-  default: return False;
-  }
-  if (strcmp(p2,str2) != 0) return False;
-
-  *rdata_len = mdrcnt + 1024;
-  *rdata = REALLOC(*rdata,*rdata_len);
-
-  SSVAL(*rparam,0,NERR_Success);
-  SSVAL(*rparam,2,0);		/* converter word */
+	char rparam[4];
 
-  p = *rdata;
+	/* unsupported */
+	SSVAL(rparam,0,NERR_notsupported);
+	SSVAL(rparam,2,0); /* converter word */
 
-  /* XXXX we need a real SAM database some day */
-  strcpy(p,"Users"); p += 21; count++;
-  strcpy(p,"Domain Users"); p += 21; count++;
-  strcpy(p,"Guests"); p += 21; count++;
-  strcpy(p,"Domain Guests"); p += 21; count++;
+	DEBUG(3,("Unsupported API fd command\n"));
 
-  *rdata_len = PTR_DIFF(p,*rdata);
+	/* now send the reply */
+	send_trans_reply(outbuf, rparam, 4, NULL, 0, False);
 
-  SSVAL(*rparam,4,count);	/* is this right?? */
-  SSVAL(*rparam,6,count);	/* is this right?? */
-
-  return(True);
+	return -1;
 }
 
-
-static BOOL api_WWkstaUserLogon(int cnum,int uid, char *param,char *data,
-				int mdrcnt,int mprcnt,
-				char **rdata,char **rparam,
-				int *rdata_len,int *rparam_len)
-{
-  char *str1 = param+2;
-  char *str2 = skip_string(str1,1);
-  char *p = skip_string(str2,1);
-  int uLevel;
-  struct pack_desc desc;
-  char* name;
-
-  uLevel = SVAL(p,0);
-  name = p + 2;
-
-  bzero(&desc,sizeof(desc));
-
-  DEBUG(3,("WWkstaUserLogon uLevel=%d name=%s\n",uLevel,name));
-
-  /* check it's a supported varient */
-  if (strcmp(str1,"OOWb54WrLh") != 0) return False;
-  if (uLevel != 1 || strcmp(str2,"WB21BWDWWDDDDDDDzzzD") != 0) return False;
-  if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt);
-  desc.base = *rdata;
-  desc.buflen = mdrcnt;
-  desc.subformat = NULL;
-  desc.format = str2;
-  
-  
-
-  if (init_package(&desc,1,0)) {
-    PACKI(&desc,"W",0);		/* code */
-    PACKS(&desc,"B21",name);	/* eff. name */
-    PACKS(&desc,"B","");		/* pad */
-    PACKI(&desc,"W",
-	  Connections[cnum].admin_user?USER_PRIV_ADMIN:USER_PRIV_USER);
-    PACKI(&desc,"D",0);		/* auth flags XXX */
-    PACKI(&desc,"W",0);		/* num logons */
-    PACKI(&desc,"W",0);		/* bad pw count */
-    PACKI(&desc,"D",-1);		/* last logon */
-    PACKI(&desc,"D",-1);		/* last logoff */
-    PACKI(&desc,"D",-1);		/* logoff time */
-    PACKI(&desc,"D",-1);		/* kickoff time */
-    PACKI(&desc,"D",0);		/* password age */
-    PACKI(&desc,"D",0);		/* password can change */
-    PACKI(&desc,"D",-1);		/* password must change */
-    {
-      fstring mypath;
-      strcpy(mypath,"\\\\");
-      strcat(mypath,local_machine);
-      strupper(mypath);
-      PACKS(&desc,"z",mypath); /* computer */
-    }
-    PACKS(&desc,"z",my_workgroup());/* domain */
-    PACKS(&desc,"z",lp_logon_script());		/* script path */
-    PACKI(&desc,"D",0);		/* reserved */
-  }
-
-  *rdata_len = desc.usedlen;
-  *rparam_len = 6;
-  *rparam = REALLOC(*rparam,*rparam_len);
-  SSVALS(*rparam,0,desc.errcode);
-  SSVAL(*rparam,2,0);
-  SSVAL(*rparam,4,desc.neededlen);
-
-  DEBUG(4,("WWkstaUserLogon: errorcode %d\n",desc.errcode));
-  return(True);
-}
-
-
 /****************************************************************************
-  api_WAccessGetUserPerms
-  ****************************************************************************/
-static BOOL api_WAccessGetUserPerms(int cnum,int uid, char *param,char *data,
-				    int mdrcnt,int mprcnt,
-				    char **rdata,char **rparam,
-				    int *rdata_len,int *rparam_len)
-{
-  char *str1 = param+2;
-  char *str2 = skip_string(str1,1);
-  char *user = skip_string(str2,1);
-  char *resource = skip_string(user,1);
-
-  DEBUG(3,("WAccessGetUserPerms user=%s resource=%s\n",user,resource));
-
-  /* check it's a supported varient */
-  if (strcmp(str1,"zzh") != 0) return False;
-  if (strcmp(str2,"") != 0) return False;
-
-  *rparam_len = 6;
-  *rparam = REALLOC(*rparam,*rparam_len);
-  SSVALS(*rparam,0,0);		/* errorcode */
-  SSVAL(*rparam,2,0);		/* converter word */
-  SSVAL(*rparam,4,0x7f);	/* permission flags */
-
-  return(True);
-}
-
-/****************************************************************************
-  api_WPrintJobEnumerate
-  ****************************************************************************/
-static BOOL api_WPrintJobGetInfo(int cnum,int uid, char *param,char *data,
-				 int mdrcnt,int mprcnt,
-				 char **rdata,char **rparam,
-				 int *rdata_len,int *rparam_len)
-{
-  char *str1 = param+2;
-  char *str2 = skip_string(str1,1);
-  char *p = skip_string(str2,1);
-  int uJobId = SVAL(p,0);
-  int uLevel,cbBuf;
-  int count;
-  int i;
-  int snum;
-  int job;
-  struct pack_desc desc;
-  print_queue_struct *queue=NULL;
-  print_status_struct status;
-
-  uLevel = SVAL(p,2);
-  cbBuf = SVAL(p,4);
-
-  bzero(&desc,sizeof(desc));
-  bzero(&status,sizeof(status));
-
-  DEBUG(3,("WPrintJobGetInfo uLevel=%d uJobId=0x%X\n",uLevel,uJobId));
-
-  /* check it's a supported varient */
-  if (strcmp(str1,"WWrLh") != 0) return False;
-  if (!check_printjob_info(&desc,uLevel,str2)) return False;
-
-  snum = (unsigned int)uJobId >> 8; /*## valid serice number??*/
-  job = uJobId & 0xFF;
-
-  if (snum < 0 || !VALID_SNUM(snum)) return(False);
-
-  count = get_printqueue(snum,cnum,&queue,&status);
-  for (i = 0; i < count; i++) {
-    if ((queue[i].job % 0xFF) == job) break;
-  }
-  if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt);
-  desc.base = *rdata;
-  desc.buflen = mdrcnt;
-
-  if (init_package(&desc,1,0)) {
-    if (i < count) {
-      fill_printjob_info(cnum,snum,uLevel,&desc,&queue[i],i);
-      *rdata_len = desc.usedlen;
-    }
-    else {
-      desc.errcode = NERR_JobNotFound;
-      *rdata_len = 0;
-    }
-  }
-
-  *rparam_len = 6;
-  *rparam = REALLOC(*rparam,*rparam_len);
-  SSVALS(*rparam,0,desc.errcode);
-  SSVAL(*rparam,2,0);
-  SSVAL(*rparam,4,desc.neededlen);
-
-  if (queue) free(queue);
-
-  DEBUG(4,("WPrintJobGetInfo: errorcode %d\n",desc.errcode));
-  return(True);
-}
+ Handle remote api calls delivered to a named pipe already opened.
+ ****************************************************************************/
 
-static BOOL api_WPrintJobEnumerate(int cnum,int uid, char *param,char *data,
-				   int mdrcnt,int mprcnt,
-				   char **rdata,char **rparam,
-				   int *rdata_len,int *rparam_len)
+static int api_fd_reply(connection_struct *conn,uint16 vuid,char *outbuf,
+		 	uint16 *setup,char *data,char *params,
+		 	int suwcnt,int tdscnt,int tpscnt,int mdrcnt,int mprcnt)
 {
-  char *str1 = param+2;
-  char *str2 = skip_string(str1,1);
-  char *p = skip_string(str2,1);
-  char* name = p;
-  int uLevel,cbBuf;
-  int count;
-  int i, succnt=0;
-  int snum;
-  struct pack_desc desc;
-  print_queue_struct *queue=NULL;
-  print_status_struct status;
-
-  bzero(&desc,sizeof(desc));
-  bzero(&status,sizeof(status));
-
-  p = skip_string(p,1);
-  uLevel = SVAL(p,0);
-  cbBuf = SVAL(p,2);
-
-  DEBUG(3,("WPrintJobEnumerate uLevel=%d name=%s\n",uLevel,name));
-
-  /* check it's a supported varient */
-  if (strcmp(str1,"zWrLeh") != 0) return False;
-  if (uLevel > 2) return False;	/* defined only for uLevel 0,1,2 */
-  if (!check_printjob_info(&desc,uLevel,str2)) return False;
-
-  snum = lp_servicenumber(name);
-  if (snum < 0 && pcap_printername_ok(name,NULL)) {
-    int pnum = lp_servicenumber(PRINTERS_NAME);
-    if (pnum >= 0) {
-      lp_add_printer(name,pnum);
-      snum = lp_servicenumber(name);
-    }
-  }
-
-  if (snum < 0 || !VALID_SNUM(snum)) return(False);
-
-  count = get_printqueue(snum,cnum,&queue,&status);
-  if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt);
-  desc.base = *rdata;
-  desc.buflen = mdrcnt;
-
-  if (init_package(&desc,count,0)) {
-    succnt = 0;
-    for (i = 0; i < count; i++) {
-      fill_printjob_info(cnum,snum,uLevel,&desc,&queue[i],i);
-      if (desc.errcode == NERR_Success) succnt = i+1;
-    }
-  }
-
-  *rdata_len = desc.usedlen;
-
-  *rparam_len = 8;
-  *rparam = REALLOC(*rparam,*rparam_len);
-  SSVALS(*rparam,0,desc.errcode);
-  SSVAL(*rparam,2,0);
-  SSVAL(*rparam,4,succnt);
-  SSVAL(*rparam,6,count);
-
-  if (queue) free(queue);
-
-  DEBUG(4,("WPrintJobEnumerate: errorcode %d\n",desc.errcode));
-  return(True);
-}
-
-static int check_printdest_info(struct pack_desc* desc,
-				int uLevel, char* id)
-{
-  desc->subformat = NULL;
-  switch( uLevel ) {
-  case 0: desc->format = "B9"; break;
-  case 1: desc->format = "B9B21WWzW"; break;
-  case 2: desc->format = "z"; break;
-  case 3: desc->format = "zzzWWzzzWW"; break;
-  default: return False;
-  }
-  if (strcmp(desc->format,id) != 0) return False;
-  return True;
-}
-
-static void fill_printdest_info(int cnum, int snum, int uLevel,
-				struct pack_desc* desc)
-{
-  char buf[100];
-  strcpy(buf,SERVICE(snum));
-  strupper(buf);
-  if (uLevel <= 1) {
-    PACKS(desc,"B9",buf);	/* szName */
-    if (uLevel == 1) {
-      PACKS(desc,"B21","");	/* szUserName */
-      PACKI(desc,"W",0);		/* uJobId */
-      PACKI(desc,"W",0);		/* fsStatus */
-      PACKS(desc,"z","");	/* pszStatus */
-      PACKI(desc,"W",0);		/* time */
-    }
-  }
-  if (uLevel == 2 || uLevel == 3) {
-    PACKS(desc,"z",buf);		/* pszPrinterName */
-    if (uLevel == 3) {
-      PACKS(desc,"z","");	/* pszUserName */
-      PACKS(desc,"z","");	/* pszLogAddr */
-      PACKI(desc,"W",0);		/* uJobId */
-      PACKI(desc,"W",0);		/* fsStatus */
-      PACKS(desc,"z","");	/* pszStatus */
-      PACKS(desc,"z","");	/* pszComment */
-      PACKS(desc,"z","NULL"); /* pszDrivers */
-      PACKI(desc,"W",0);		/* time */
-      PACKI(desc,"W",0);		/* pad1 */
-    }
-  }
-}
-
-static BOOL api_WPrintDestGetInfo(int cnum,int uid, char *param,char *data,
-				  int mdrcnt,int mprcnt,
-				  char **rdata,char **rparam,
-				  int *rdata_len,int *rparam_len)
-{
-  char *str1 = param+2;
-  char *str2 = skip_string(str1,1);
-  char *p = skip_string(str2,1);
-  char* PrinterName = p;
-  int uLevel,cbBuf;
-  struct pack_desc desc;
-  int snum;
-
-  bzero(&desc,sizeof(desc));
-
-  p = skip_string(p,1);
-  uLevel = SVAL(p,0);
-  cbBuf = SVAL(p,2);
-
-  DEBUG(3,("WPrintDestGetInfo uLevel=%d PrinterName=%s\n",uLevel,PrinterName));
-
-  /* check it's a supported varient */
-  if (strcmp(str1,"zWrLh") != 0) return False;
-  if (!check_printdest_info(&desc,uLevel,str2)) return False;
-
-  snum = lp_servicenumber(PrinterName);
-  if (snum < 0 && pcap_printername_ok(PrinterName,NULL)) {
-    int pnum = lp_servicenumber(PRINTERS_NAME);
-    if (pnum >= 0) {
-      lp_add_printer(PrinterName,pnum);
-      snum = lp_servicenumber(PrinterName);
-    }
-  }
-
-  if (snum < 0) {
-    *rdata_len = 0;
-    desc.errcode = NERR_DestNotFound;
-    desc.neededlen = 0;
-  }
-  else {
-    if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt);
-    desc.base = *rdata;
-    desc.buflen = mdrcnt;
-    if (init_package(&desc,1,0)) {
-      fill_printdest_info(cnum,snum,uLevel,&desc);
-    }
-    *rdata_len = desc.usedlen;
-  }
-
-  *rparam_len = 6;
-  *rparam = REALLOC(*rparam,*rparam_len);
-  SSVALS(*rparam,0,desc.errcode);
-  SSVAL(*rparam,2,0);
-  SSVAL(*rparam,4,desc.neededlen);
-
-  DEBUG(4,("WPrintDestGetInfo: errorcode %d\n",desc.errcode));
-  return(True);
-}
-
-static BOOL api_WPrintDestEnum(int cnum,int uid, char *param,char *data,
-			       int mdrcnt,int mprcnt,
-			       char **rdata,char **rparam,
-			       int *rdata_len,int *rparam_len)
-{
-  char *str1 = param+2;
-  char *str2 = skip_string(str1,1);
-  char *p = skip_string(str2,1);
-  int uLevel,cbBuf;
-  int queuecnt;
-  int i, n, succnt=0;
-  struct pack_desc desc;
-  int services = lp_numservices();
-
-  bzero(&desc,sizeof(desc));
-
-  uLevel = SVAL(p,0);
-  cbBuf = SVAL(p,2);
-
-  DEBUG(3,("WPrintDestEnum uLevel=%d\n",uLevel));
-
-  /* check it's a supported varient */
-  if (strcmp(str1,"WrLeh") != 0) return False;
-  if (!check_printdest_info(&desc,uLevel,str2)) return False;
-
-  queuecnt = 0;
-  for (i = 0; i < services; i++)
-    if (lp_snum_ok(i) && lp_print_ok(i) && lp_browseable(i))
-      queuecnt++;
-
-  if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt);
-  desc.base = *rdata;
-  desc.buflen = mdrcnt;
-  if (init_package(&desc,queuecnt,0)) {    
-    succnt = 0;
-    n = 0;
-    for (i = 0; i < services; i++) {
-      if (lp_snum_ok(i) && lp_print_ok(i) && lp_browseable(i)) {
-	fill_printdest_info(cnum,i,uLevel,&desc);
-	n++;
-	if (desc.errcode == NERR_Success) succnt = n;
-      }
-    }
-  }
-
-  *rdata_len = desc.usedlen;
-
-  *rparam_len = 8;
-  *rparam = REALLOC(*rparam,*rparam_len);
-  SSVALS(*rparam,0,desc.errcode);
-  SSVAL(*rparam,2,0);
-  SSVAL(*rparam,4,succnt);
-  SSVAL(*rparam,6,queuecnt);
-
-  DEBUG(4,("WPrintDestEnumerate: errorcode %d\n",desc.errcode));
-  return(True);
-}
-
-static BOOL api_WPrintDriverEnum(int cnum,int uid, char *param,char *data,
-				 int mdrcnt,int mprcnt,
-				 char **rdata,char **rparam,
-				 int *rdata_len,int *rparam_len)
-{
-  char *str1 = param+2;
-  char *str2 = skip_string(str1,1);
-  char *p = skip_string(str2,1);
-  int uLevel,cbBuf;
-  int succnt;
-  struct pack_desc desc;
-
-  bzero(&desc,sizeof(desc));
-
-  uLevel = SVAL(p,0);
-  cbBuf = SVAL(p,2);
-
-  DEBUG(3,("WPrintDriverEnum uLevel=%d\n",uLevel));
-
-  /* check it's a supported varient */
-  if (strcmp(str1,"WrLeh") != 0) return False;
-  if (uLevel != 0 || strcmp(str2,"B41") != 0) return False;
-
-  if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt);
-  desc.base = *rdata;
-  desc.buflen = mdrcnt;
-  if (init_package(&desc,1,0)) {
-    PACKS(&desc,"B41","NULL");
-  }
-
-  succnt = (desc.errcode == NERR_Success ? 1 : 0);
+	BOOL reply = False;
+	smb_np_struct *p = NULL;
+	int pnum;
+	int subcommand;
 
-  *rdata_len = desc.usedlen;
+	DEBUG(5,("api_fd_reply\n"));
 
-  *rparam_len = 8;
-  *rparam = REALLOC(*rparam,*rparam_len);
-  SSVALS(*rparam,0,desc.errcode);
-  SSVAL(*rparam,2,0);
-  SSVAL(*rparam,4,succnt);
-  SSVAL(*rparam,6,1);
-
-  DEBUG(4,("WPrintDriverEnum: errorcode %d\n",desc.errcode));
-  return(True);
-}
-
-static BOOL api_WPrintQProcEnum(int cnum,int uid, char *param,char *data,
-				int mdrcnt,int mprcnt,
-				char **rdata,char **rparam,
-				int *rdata_len,int *rparam_len)
-{
-  char *str1 = param+2;
-  char *str2 = skip_string(str1,1);
-  char *p = skip_string(str2,1);
-  int uLevel,cbBuf;
-  int succnt;
-  struct pack_desc desc;
-
-  bzero(&desc,sizeof(desc));
-
-  uLevel = SVAL(p,0);
-  cbBuf = SVAL(p,2);
-
-  DEBUG(3,("WPrintQProcEnum uLevel=%d\n",uLevel));
+	/* First find out the name of this file. */
+	if (suwcnt != 2) {
+		DEBUG(0,("Unexpected named pipe transaction.\n"));
+		return(-1);
+	}
 
-  /* check it's a supported varient */
-  if (strcmp(str1,"WrLeh") != 0) return False;
-  if (uLevel != 0 || strcmp(str2,"B13") != 0) return False;
+	/* Get the file handle and hence the file name. */
+	/* 
+	 * NB. The setup array has already been transformed
+	 * via SVAL and so is in gost byte order.
+	 */
+	pnum = ((int)setup[1]) & 0xFFFF;
+	subcommand = ((int)setup[0]) & 0xFFFF;
+
+	if(!(p = get_rpc_pipe(pnum))) {
+		DEBUG(1,("api_fd_reply: INVALID PIPE HANDLE: %x\n", pnum));
+		return api_no_reply(outbuf, mdrcnt);
+	}
 
-  if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt);
-  desc.base = *rdata;
-  desc.buflen = mdrcnt;
-  desc.format = str2;
-  if (init_package(&desc,1,0)) {
-    PACKS(&desc,"B13","lpd");
-  }
+	DEBUG(3,("Got API command 0x%x on pipe \"%s\" (pnum %x)", subcommand, p->name, pnum));
 
-  succnt = (desc.errcode == NERR_Success ? 1 : 0);
+	/* record maximum data length that can be transmitted in an SMBtrans */
+	p->max_trans_reply = mdrcnt;
 
-  *rdata_len = desc.usedlen;
+	DEBUG(10,("api_fd_reply: p:%p max_trans_reply: %d\n", p, p->max_trans_reply));
 
-  *rparam_len = 8;
-  *rparam = REALLOC(*rparam,*rparam_len);
-  SSVALS(*rparam,0,desc.errcode);
-  SSVAL(*rparam,2,0);
-  SSVAL(*rparam,4,succnt);
-  SSVAL(*rparam,6,1);
+	switch (subcommand) {
+	case 0x26:
+		/* dce/rpc command */
+		reply = write_to_pipe(p, data, tdscnt);
+		if (reply)
+			reply = api_rpc_trans_reply(outbuf, p);
+		break;
+	case 0x53:
+		/* Wait Named Pipe Handle state */
+		reply = api_WNPHS(outbuf, p, params, tpscnt);
+		break;
+	case 0x01:
+		/* Set Named Pipe Handle state */
+		reply = api_SNPHS(outbuf, p, params, tpscnt);
+		break;
+	}
 
-  DEBUG(4,("WPrintQProcEnum: errorcode %d\n",desc.errcode));
-  return(True);
-}
+	if (!reply)
+		return api_no_reply(outbuf, mdrcnt);
 
-static BOOL api_WPrintPortEnum(int cnum,int uid, char *param,char *data,
-			       int mdrcnt,int mprcnt,
-			       char **rdata,char **rparam,
-			       int *rdata_len,int *rparam_len)
-{
-  char *str1 = param+2;
-  char *str2 = skip_string(str1,1);
-  char *p = skip_string(str2,1);
-  int uLevel,cbBuf;
-  int succnt;
-  struct pack_desc desc;
-
-  bzero(&desc,sizeof(desc));
-
-  uLevel = SVAL(p,0);
-  cbBuf = SVAL(p,2);
-
-  DEBUG(3,("WPrintPortEnum uLevel=%d\n",uLevel));
-
-  /* check it's a supported varient */
-  if (strcmp(str1,"WrLeh") != 0) return False;
-  if (uLevel != 0 || strcmp(str2,"B9") != 0) return False;
-
-  if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt);
-  bzero(&desc,sizeof(desc));
-  desc.base = *rdata;
-  desc.buflen = mdrcnt;
-  desc.format = str2;
-  if (init_package(&desc,1,0)) {
-    PACKS(&desc,"B13","lp0");
-  }
-
-  succnt = (desc.errcode == NERR_Success ? 1 : 0);
-
-  *rdata_len = desc.usedlen;
-
-  *rparam_len = 8;
-  *rparam = REALLOC(*rparam,*rparam_len);
-  SSVALS(*rparam,0,desc.errcode);
-  SSVAL(*rparam,2,0);
-  SSVAL(*rparam,4,succnt);
-  SSVAL(*rparam,6,1);
-
-  DEBUG(4,("WPrintPortEnum: errorcode %d\n",desc.errcode));
-  return(True);
+	return -1;
 }
 
 /****************************************************************************
-  the buffer was too small
+  handle named pipe commands
   ****************************************************************************/
-static BOOL api_TooSmall(int cnum,int uid, char *param,char *data,
-			 int mdrcnt,int mprcnt,
-			 char **rdata,char **rparam,
-			 int *rdata_len,int *rparam_len)
+static int named_pipe(connection_struct *conn,uint16 vuid, char *outbuf,char *name,
+		      uint16 *setup,char *data,char *params,
+		      int suwcnt,int tdscnt,int tpscnt,
+		      int msrcnt,int mdrcnt,int mprcnt)
 {
-  *rparam_len = MIN(*rparam_len,mprcnt);
-  *rparam = REALLOC(*rparam,*rparam_len);
-
-  *rdata_len = 0;
-
-  SSVAL(*rparam,0,NERR_BufTooSmall);
+	DEBUG(3,("named pipe command on <%s> name\n", name));
 
-  DEBUG(3,("Supplied buffer too small in API command\n"));
+	if (strequal(name,"LANMAN"))
+		return api_reply(conn,vuid,outbuf,data,params,tdscnt,tpscnt,mdrcnt,mprcnt);
 
-  return(True);
-}
-
-
-/****************************************************************************
-  the request is not supported
-  ****************************************************************************/
-static BOOL api_Unsupported(int cnum,int uid, char *param,char *data,
-			    int mdrcnt,int mprcnt,
-			    char **rdata,char **rparam,
-			    int *rdata_len,int *rparam_len)
-{
-  *rparam_len = 4;
-  *rparam = REALLOC(*rparam,*rparam_len);
-
-  *rdata_len = 0;
+	if (strequal(name,"WKSSVC") ||
+	    strequal(name,"SRVSVC") ||
+	    strequal(name,"WINREG") ||
+	    strequal(name,"SAMR") ||
+	    strequal(name,"LSARPC"))
+	{
+		DEBUG(4,("named pipe command from Win95 (wow!)\n"));
+		return api_fd_reply(conn,vuid,outbuf,setup,data,params,suwcnt,tdscnt,tpscnt,mdrcnt,mprcnt);
+	}
 
-  SSVAL(*rparam,0,NERR_notsupported);
-  SSVAL(*rparam,2,0);		/* converter word */
+	if (strlen(name) < 1)
+		return api_fd_reply(conn,vuid,outbuf,setup,data,params,suwcnt,tdscnt,tpscnt,mdrcnt,mprcnt);
 
-  DEBUG(3,("Unsupported API command\n"));
+	if (setup)
+		DEBUG(3,("unknown named pipe: setup 0x%X setup1=%d\n", (int)setup[0],(int)setup[1]));
 
-  return(True);
+	return 0;
 }
 
 
-
-
-struct
-{
-  char *name;
-  int id;
-  BOOL (*fn)();
-  int flags;
-} api_commands[] = {
-  {"RNetShareEnum",	0,	api_RNetShareEnum,0},
-  {"RNetShareGetInfo",	1,	api_RNetShareGetInfo,0},
-  {"RNetServerGetInfo",	13,	api_RNetServerGetInfo,0},
-  {"RNetUserGetInfo",	56,	api_RNetUserGetInfo,0},
-  {"NetUserGetGroups",	59,	api_NetUserGetGroups,0},
-  {"NetWkstaGetInfo",	63,	api_NetWkstaGetInfo,0},
-  {"DosPrintQEnum",	69,	api_DosPrintQEnum,0},
-  {"DosPrintQGetInfo",	70,	api_DosPrintQGetInfo,0},
-  {"WPrintJobEnumerate",76,	api_WPrintJobEnumerate,0},
-  {"WPrintJobGetInfo",	77,	api_WPrintJobGetInfo,0},
-  {"RDosPrintJobDel",	81,	api_RDosPrintJobDel,0},
-  {"RDosPrintJobPause",	82,	api_RDosPrintJobDel,0},
-  {"RDosPrintJobResume",83,	api_RDosPrintJobDel,0},
-  {"WPrintDestEnum",	84,	api_WPrintDestEnum,0},
-  {"WPrintDestGetInfo",	85,	api_WPrintDestGetInfo,0},
-  {"NetRemoteTOD",	91,	api_NetRemoteTOD,0},
-  {"WPrintQueuePurge",	103,	api_WPrintQueuePurge,0},
-  {"NetServerEnum",	104,	api_RNetServerEnum,0},
-  {"WAccessGetUserPerms",105,	api_WAccessGetUserPerms,0},
-  {"SetUserPassword",	115,	api_SetUserPassword,0},
-  {"WWkstaUserLogon",	132,	api_WWkstaUserLogon,0},
-  {"PrintJobInfo",	147,	api_PrintJobInfo,0},
-  {"WPrintDriverEnum",	205,	api_WPrintDriverEnum,0},
-  {"WPrintQProcEnum",	206,	api_WPrintQProcEnum,0},
-  {"WPrintPortEnum",	207,	api_WPrintPortEnum,0},
-  {NULL,		-1,	api_Unsupported,0}};
-
-
 /****************************************************************************
-  handle remote api calls
-  ****************************************************************************/
-static int api_reply(int cnum,int uid,char *outbuf,char *data,char *params,
-		     int tdscnt,int tpscnt,int mdrcnt,int mprcnt)
-{
-  int api_command = SVAL(params,0);
-  char *rdata = NULL;
-  char *rparam = NULL;
-  int rdata_len = 0;
-  int rparam_len = 0;
-  BOOL reply=False;
-  int i;
-
-  DEBUG(3,("Got API command %d of form <%s> <%s> (tdscnt=%d,tpscnt=%d,mdrcnt=%d,mprcnt=%d)\n",
-	   api_command,params+2,skip_string(params+2,1),
-	   tdscnt,tpscnt,mdrcnt,mprcnt));
-
-  for (i=0;api_commands[i].name;i++)
-    if (api_commands[i].id == api_command && api_commands[i].fn)
-      {
-	DEBUG(3,("Doing %s\n",api_commands[i].name));
-	break;
-      }
-
-  rdata = (char *)malloc(1024); if (rdata) bzero(rdata,1024);
-  rparam = (char *)malloc(1024); if (rparam) bzero(rparam,1024);
-
-  reply = api_commands[i].fn(cnum,uid,params,data,mdrcnt,mprcnt,
-			     &rdata,&rparam,&rdata_len,&rparam_len);
-
-
-  if (rdata_len > mdrcnt ||
-      rparam_len > mprcnt)
-    {
-      reply = api_TooSmall(cnum,uid,params,data,mdrcnt,mprcnt,
-			   &rdata,&rparam,&rdata_len,&rparam_len);
-    }
-	    
-
-  /* if we get False back then it's actually unsupported */
-  if (!reply)
-    api_Unsupported(cnum,uid,params,data,mdrcnt,mprcnt,
-		    &rdata,&rparam,&rdata_len,&rparam_len);
-
-      
-
-  /* now send the reply */
-  send_trans_reply(outbuf,rdata,rparam,NULL,rdata_len,rparam_len,0);
-
-  if (rdata)
-    free(rdata);
-  if (rparam)
-    free(rparam);
+ Reply to a SMBtrans.
+ ****************************************************************************/
+
+int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int bufsize)
+{
+	fstring name;
+	int name_offset = 0;
+	char *data=NULL,*params=NULL;
+	uint16 *setup=NULL;
+	int outsize = 0;
+	uint16 vuid = SVAL(inbuf,smb_uid);
+	int tpscnt = SVAL(inbuf,smb_vwv0);
+	int tdscnt = SVAL(inbuf,smb_vwv1);
+	int mprcnt = SVAL(inbuf,smb_vwv2);
+	int mdrcnt = SVAL(inbuf,smb_vwv3);
+	int msrcnt = CVAL(inbuf,smb_vwv4);
+	BOOL close_on_completion = BITSETW(inbuf+smb_vwv5,0);
+	BOOL one_way = BITSETW(inbuf+smb_vwv5,1);
+	int pscnt = SVAL(inbuf,smb_vwv9);
+	int psoff = SVAL(inbuf,smb_vwv10);
+	int dscnt = SVAL(inbuf,smb_vwv11);
+	int dsoff = SVAL(inbuf,smb_vwv12);
+	int suwcnt = CVAL(inbuf,smb_vwv13);
+	START_PROFILE(SMBtrans);
+
+	memset(name, '\0',sizeof(name));
+	srvstr_pull(inbuf, name, smb_buf(inbuf), sizeof(name), -1, STR_TERMINATE);
+
+	if (dscnt > tdscnt || pscnt > tpscnt) {
+		exit_server("invalid trans parameters");
+	}
   
-  return(-1);
-}
-
-/****************************************************************************
-  handle named pipe commands
-  ****************************************************************************/
-static int named_pipe(int cnum,int uid, char *outbuf,char *name,
-		      uint16 *setup,char *data,char *params,
-		      int suwcnt,int tdscnt,int tpscnt,
-		      int msrcnt,int mdrcnt,int mprcnt)
-{
+	if (tdscnt)  {
+		if((data = (char *)malloc(tdscnt)) == NULL) {
+			DEBUG(0,("reply_trans: data malloc fail for %d bytes !\n", tdscnt));
+			END_PROFILE(SMBtrans);
+			return(ERROR_DOS(ERRDOS,ERRnomem));
+		} 
+		memcpy(data,smb_base(inbuf)+dsoff,dscnt);
+	}
 
-  if (strequal(name,"LANMAN"))
-    return(api_reply(cnum,uid,outbuf,data,params,tdscnt,tpscnt,mdrcnt,mprcnt));
+	if (tpscnt) {
+		if((params = (char *)malloc(tpscnt)) == NULL) {
+			DEBUG(0,("reply_trans: param malloc fail for %d bytes !\n", tpscnt));
+			END_PROFILE(SMBtrans);
+			return(ERROR_DOS(ERRDOS,ERRnomem));
+		} 
+		memcpy(params,smb_base(inbuf)+psoff,pscnt);
+	}
 
-  DEBUG(3,("named pipe command on <%s> 0x%X setup1=%d\n",
-	   name,(int)setup[0],(int)setup[1]));
-  
-  return(0);
-}
+	if (suwcnt) {
+		int i;
+		if((setup = (uint16 *)malloc(suwcnt*sizeof(uint16))) == NULL) {
+          DEBUG(0,("reply_trans: setup malloc fail for %d bytes !\n", (int)(suwcnt * sizeof(uint16))));
+		  END_PROFILE(SMBtrans);
+		  return(ERROR_DOS(ERRDOS,ERRnomem));
+        } 
+		for (i=0;i<suwcnt;i++)
+			setup[i] = SVAL(inbuf,smb_vwv14+i*SIZEOFWORD);
+	}
 
 
-/****************************************************************************
-  reply to a SMBtrans
-  ****************************************************************************/
-int reply_trans(char *inbuf,char *outbuf)
-{
-  fstring name;
-
-  char *data=NULL,*params=NULL;
-  uint16 *setup=NULL;
-
-  int outsize = 0;
-  int cnum = SVAL(inbuf,smb_tid);
-  int uid = SVAL(inbuf,smb_uid);
-
-  int tpscnt = SVAL(inbuf,smb_vwv0);
-  int tdscnt = SVAL(inbuf,smb_vwv1);
-  int mprcnt = SVAL(inbuf,smb_vwv2);
-  int mdrcnt = SVAL(inbuf,smb_vwv3);
-  int msrcnt = CVAL(inbuf,smb_vwv4);
-  BOOL close_on_completion = BITSETW(inbuf+smb_vwv5,0);
-  BOOL one_way = BITSETW(inbuf+smb_vwv5,1);
-  int pscnt = SVAL(inbuf,smb_vwv9);
-  int psoff = SVAL(inbuf,smb_vwv10);
-  int dscnt = SVAL(inbuf,smb_vwv11);
-  int dsoff = SVAL(inbuf,smb_vwv12);
-  int suwcnt = CVAL(inbuf,smb_vwv13);
-
-  StrnCpy(name,smb_buf(inbuf),sizeof(name)-1);
-  
-  if (tdscnt)
-    {
-      data = (char *)malloc(tdscnt);
-      memcpy(data,smb_base(inbuf)+dsoff,dscnt);
-    }
-  if (tpscnt)
-    {
-      params = (char *)malloc(tpscnt);
-      memcpy(params,smb_base(inbuf)+psoff,pscnt);
-    }
-
-  if (suwcnt)
-    {
-      int i;
-      setup = (uint16 *)malloc(suwcnt*sizeof(setup[0]));
-      for (i=0;i<suwcnt;i++)
-	setup[i] = SVAL(inbuf,smb_vwv14+i*SIZEOFWORD);
-    }
-
-
-  if (pscnt < tpscnt || dscnt < tdscnt)
-    {
-      /* We need to send an interim response then receive the rest
-	 of the parameter/data bytes */
-      outsize = set_message(outbuf,0,0,True);
-      show_msg(outbuf);
-      send_smb(Client,outbuf);
-    }
-
-  /* receive the rest of the trans packet */
-  while (pscnt < tpscnt || dscnt < tdscnt)
-    {
-      int pcnt,poff,dcnt,doff,pdisp,ddisp;
-
-      receive_smb(Client,inbuf, 0);
-      show_msg(inbuf);
-	  
-      /* Ensure this is still a trans packet (sanity check) */
-      if(CVAL(inbuf, smb_com) != SMBtrans)
-	{
-	  DEBUG(2,("Invalid secondary trans2 packet\n"));
-	  if (params) free(params);
-	  if (data) free(data);
-	  if (setup) free(setup);
-	  return(ERROR(ERRSRV,ERRerror));
+	if (pscnt < tpscnt || dscnt < tdscnt) {
+		/* We need to send an interim response then receive the rest
+		   of the parameter/data bytes */
+		outsize = set_message(outbuf,0,0,True);
+		show_msg(outbuf);
+		if (!send_smb(smbd_server_fd(),outbuf))
+			exit_server("reply_trans: send_smb failed.");
 	}
-      
-      tpscnt = SVAL(inbuf,smb_vwv0);
-      tdscnt = SVAL(inbuf,smb_vwv1);
 
-      pcnt = SVAL(inbuf,smb_vwv2);
-      poff = SVAL(inbuf,smb_vwv3);
-      pdisp = SVAL(inbuf,smb_vwv4);
+	/* receive the rest of the trans packet */
+	while (pscnt < tpscnt || dscnt < tdscnt) {
+		BOOL ret;
+		int pcnt,poff,dcnt,doff,pdisp,ddisp;
       
-      dcnt = SVAL(inbuf,smb_vwv5);
-      doff = SVAL(inbuf,smb_vwv6);
-      ddisp = SVAL(inbuf,smb_vwv7);
+		ret = receive_next_smb(inbuf,bufsize,SMB_SECONDARY_WAIT);
+
+		if ((ret && (CVAL(inbuf, smb_com) != SMBtranss)) || !ret) {
+			if(ret) {
+				DEBUG(0,("reply_trans: Invalid secondary trans packet\n"));
+			} else {
+				DEBUG(0,("reply_trans: %s in getting secondary trans response.\n",
+					 (smb_read_error == READ_ERROR) ? "error" : "timeout" ));
+			}
+			SAFE_FREE(params);
+			SAFE_FREE(data);
+			SAFE_FREE(setup);
+			END_PROFILE(SMBtrans);
+			return(ERROR_DOS(ERRSRV,ERRerror));
+		}
+
+		show_msg(inbuf);
       
-      pscnt += pcnt;
-      dscnt += dcnt;
-
-      if (pcnt)
-	memcpy(params+pdisp,smb_base(inbuf)+poff,pcnt);
-      if (dcnt)
-	memcpy(data+ddisp,smb_base(inbuf)+doff,dcnt);      
-    }
-
-
-  DEBUG(3,("trans <%s> data=%d params=%d setup=%d\n",name,tdscnt,tpscnt,suwcnt));
-  
-
-  if (strncmp(name,"\\PIPE\\",strlen("\\PIPE\\")) == 0)
-    outsize = named_pipe(cnum,uid,outbuf,name+strlen("\\PIPE\\"),setup,data,params,
-			 suwcnt,tdscnt,tpscnt,msrcnt,mdrcnt,mprcnt);
-
-
-  if (data) free(data);
-  if (params) free(params);
-  if (setup) free(setup);
-
-  if (close_on_completion)
-    close_cnum(cnum,uid);
+		tpscnt = SVAL(inbuf,smb_vwv0);
+		tdscnt = SVAL(inbuf,smb_vwv1);
+
+		pcnt = SVAL(inbuf,smb_vwv2);
+		poff = SVAL(inbuf,smb_vwv3);
+		pdisp = SVAL(inbuf,smb_vwv4);
+		
+		dcnt = SVAL(inbuf,smb_vwv5);
+		doff = SVAL(inbuf,smb_vwv6);
+		ddisp = SVAL(inbuf,smb_vwv7);
+		
+		pscnt += pcnt;
+		dscnt += dcnt;
+		
+		if (dscnt > tdscnt || pscnt > tpscnt) {
+			exit_server("invalid trans parameters");
+		}
+		
+		if (pcnt)
+			memcpy(params+pdisp,smb_base(inbuf)+poff,pcnt);
+		if (dcnt)
+			memcpy(data+ddisp,smb_base(inbuf)+doff,dcnt);      
+	}
+	
+	
+	DEBUG(3,("trans <%s> data=%d params=%d setup=%d\n",
+		 name,tdscnt,tpscnt,suwcnt));
+	
+	/*
+	 * WinCE wierdness....
+	 */
+
+	if (name[0] == '\\' && (StrnCaseCmp(&name[1],local_machine, strlen(local_machine)) == 0) &&
+			(name[strlen(local_machine)+1] == '\\'))
+		name_offset = strlen(local_machine)+1;
+
+	if (strnequal(&name[name_offset], "\\PIPE", strlen("\\PIPE"))) {
+		name_offset += strlen("\\PIPE");
+
+		/* Win9x weirdness.  When talking to a unicode server Win9x
+		   only sends \PIPE instead of \PIPE\ */
+
+		if (name[name_offset] == '\\')
+			name_offset++;
+
+		DEBUG(5,("calling named_pipe\n"));
+		outsize = named_pipe(conn,vuid,outbuf,
+				     name+name_offset,setup,data,params,
+				     suwcnt,tdscnt,tpscnt,msrcnt,mdrcnt,mprcnt);
+	} else {
+		DEBUG(3,("invalid pipe name\n"));
+		outsize = 0;
+	}
 
-  if (one_way)
-    return(-1);
-  
-  if (outsize == 0)
-    return(ERROR(ERRSRV,ERRnosupport));
+	
+	SAFE_FREE(data);
+	SAFE_FREE(params);
+	SAFE_FREE(setup);
+	
+	if (close_on_completion)
+		close_cnum(conn,vuid);
 
-  return(outsize);
+	if (one_way) {
+		END_PROFILE(SMBtrans);
+		return(-1);
+	}
+	
+	if (outsize == 0) {
+		END_PROFILE(SMBtrans);
+		return(ERROR_DOS(ERRSRV,ERRnosupport));
+	}
+	
+	END_PROFILE(SMBtrans);
+	return(outsize);
 }
-
-
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
new file mode 100644
index 0000000000..666bbb5f61
--- /dev/null
+++ b/source3/smbd/lanman.c
@@ -0,0 +1,3650 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Inter-process communication and named pipe handling
+   Copyright (C) Andrew Tridgell 1992-1998
+
+   SMB Version handling
+   Copyright (C) John H Terpstra 1995-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   */
+/*
+   This file handles the named pipe and mailslot calls
+   in the SMBtrans protocol
+   */
+
+#include "includes.h"
+
+#ifdef CHECK_TYPES
+#undef CHECK_TYPES
+#endif
+#define CHECK_TYPES 0
+
+extern fstring local_machine;
+extern pstring global_myname;
+extern fstring global_myworkgroup;
+
+#define NERR_Success 0
+#define NERR_badpass 86
+#define NERR_notsupported 50
+
+#define NERR_BASE (2100)
+#define NERR_BufTooSmall (NERR_BASE+23)
+#define NERR_JobNotFound (NERR_BASE+51)
+#define NERR_DestNotFound (NERR_BASE+52)
+
+#define ACCESS_READ 0x01
+#define ACCESS_WRITE 0x02
+#define ACCESS_CREATE 0x04
+
+#define SHPWLEN 8		/* share password length */
+
+static BOOL api_Unsupported(connection_struct *conn,uint16 vuid, char *param,char *data,
+			    int mdrcnt,int mprcnt,
+			    char **rdata,char **rparam,
+			    int *rdata_len,int *rparam_len);
+static BOOL api_TooSmall(connection_struct *conn,uint16 vuid, char *param,char *data,
+			 int mdrcnt,int mprcnt,
+			 char **rdata,char **rparam,
+			 int *rdata_len,int *rparam_len);
+
+
+static int CopyExpanded(connection_struct *conn, 
+			int snum, char** dst, char* src, int* n)
+{
+	pstring buf;
+	int l;
+
+	if (!src || !dst || !n || !(*dst)) return(0);
+
+	StrnCpy(buf,src,sizeof(buf)/2);
+	pstring_sub(buf,"%S",lp_servicename(snum));
+	standard_sub_conn(conn,buf);
+	l = push_ascii(*dst,buf,*n-1, STR_TERMINATE);
+	(*dst) += l;
+	(*n) -= l;
+	return l;
+}
+
+static int CopyAndAdvance(char** dst, char* src, int* n)
+{
+  int l;
+  if (!src || !dst || !n || !(*dst)) return(0);
+  l = push_ascii(*dst,src,*n, STR_TERMINATE);
+  (*dst) += l;
+  (*n) -= l;
+  return l;
+}
+
+static int StrlenExpanded(connection_struct *conn, int snum, char* s)
+{
+	pstring buf;
+	if (!s) return(0);
+	StrnCpy(buf,s,sizeof(buf)/2);
+	pstring_sub(buf,"%S",lp_servicename(snum));
+	standard_sub_conn(conn,buf);
+	return strlen(buf) + 1;
+}
+
+static char* Expand(connection_struct *conn, int snum, char* s)
+{
+	static pstring buf;
+	if (!s) return(NULL);
+	StrnCpy(buf,s,sizeof(buf)/2);
+	pstring_sub(buf,"%S",lp_servicename(snum));
+	standard_sub_conn(conn,buf);
+	return &buf[0];
+}
+
+/*******************************************************************
+  check a API string for validity when we only need to check the prefix
+  ******************************************************************/
+static BOOL prefix_ok(char *str,char *prefix)
+{
+  return(strncmp(str,prefix,strlen(prefix)) == 0);
+}
+
+struct pack_desc {
+  char* format;	    /* formatstring for structure */
+  char* subformat;  /* subformat for structure */
+  char* base;	    /* baseaddress of buffer */
+  int buflen;	   /* remaining size for fixed part; on init: length of base */
+  int subcount;	    /* count of substructures */
+  char* structbuf;  /* pointer into buffer for remaining fixed part */
+  int stringlen;    /* remaining size for variable part */		
+  char* stringbuf;  /* pointer into buffer for remaining variable part */
+  int neededlen;    /* total needed size */
+  int usedlen;	    /* total used size (usedlen <= neededlen and usedlen <= buflen) */
+  char* curpos;	    /* current position; pointer into format or subformat */
+  int errcode;
+};
+
+static int get_counter(char** p)
+{
+  int i, n;
+  if (!p || !(*p)) return(1);
+  if (!isdigit((int)**p)) return 1;
+  for (n = 0;;) {
+    i = **p;
+    if (isdigit(i))
+      n = 10 * n + (i - '0');
+    else
+      return n;
+    (*p)++;
+  }
+}
+
+static int getlen(char* p)
+{
+  int n = 0;
+  if (!p) return(0);
+  while (*p) {
+    switch( *p++ ) {
+    case 'W':			/* word (2 byte) */
+      n += 2;
+      break;
+    case 'K':			/* status word? (2 byte) */
+      n += 2;
+      break;
+    case 'N':			/* count of substructures (word) at end */
+      n += 2;
+      break;
+    case 'D':			/* double word (4 byte) */
+    case 'z':			/* offset to zero terminated string (4 byte) */
+    case 'l':			/* offset to user data (4 byte) */
+      n += 4;
+      break;
+    case 'b':			/* offset to data (with counter) (4 byte) */
+      n += 4;
+      get_counter(&p);
+      break;
+    case 'B':			/* byte (with optional counter) */
+      n += get_counter(&p);
+      break;
+    }
+  }
+  return n;
+}
+
+static BOOL init_package(struct pack_desc* p, int count, int subcount)
+{
+  int n = p->buflen;
+  int i;
+
+  if (!p->format || !p->base) return(False);
+
+  i = count * getlen(p->format);
+  if (p->subformat) i += subcount * getlen(p->subformat);
+  p->structbuf = p->base;
+  p->neededlen = 0;
+  p->usedlen = 0;
+  p->subcount = 0;
+  p->curpos = p->format;
+  if (i > n) {
+    p->neededlen = i;
+    i = n = 0;
+#if 0
+    /*
+     * This is the old error code we used. Aparently
+     * WinNT/2k systems return ERRbuftoosmall (2123) and
+     * OS/2 needs this. I'm leaving this here so we can revert
+     * if needed. JRA.
+     */
+    p->errcode = ERRmoredata;
+#else
+	p->errcode = ERRbuftoosmall;
+#endif
+  }
+  else
+    p->errcode = NERR_Success;
+  p->buflen = i;
+  n -= i;
+  p->stringbuf = p->base + i;
+  p->stringlen = n;
+  return(p->errcode == NERR_Success);
+}
+
+static int package(struct pack_desc* p, ...)
+{
+  va_list args;
+  int needed=0, stringneeded;
+  char* str=NULL;
+  int is_string=0, stringused;
+  int32 temp;
+
+  va_start(args,p);
+
+  if (!*p->curpos) {
+    if (!p->subcount)
+      p->curpos = p->format;
+    else {
+      p->curpos = p->subformat;
+      p->subcount--;
+    }
+  }
+#if CHECK_TYPES
+  str = va_arg(args,char*);
+  SMB_ASSERT(strncmp(str,p->curpos,strlen(str)) == 0);
+#endif
+  stringneeded = -1;
+
+  if (!p->curpos) {
+    va_end(args);
+    return(0);
+  }
+
+  switch( *p->curpos++ ) {
+  case 'W':			/* word (2 byte) */
+    needed = 2;
+    temp = va_arg(args,int);
+    if (p->buflen >= needed) SSVAL(p->structbuf,0,temp);
+    break;
+  case 'K':			/* status word? (2 byte) */
+    needed = 2;
+    temp = va_arg(args,int);
+    if (p->buflen >= needed) SSVAL(p->structbuf,0,temp);
+    break;
+  case 'N':			/* count of substructures (word) at end */
+    needed = 2;
+    p->subcount = va_arg(args,int);
+    if (p->buflen >= needed) SSVAL(p->structbuf,0,p->subcount);
+    break;
+  case 'D':			/* double word (4 byte) */
+    needed = 4;
+    temp = va_arg(args,int);
+    if (p->buflen >= needed) SIVAL(p->structbuf,0,temp);
+    break;
+  case 'B':			/* byte (with optional counter) */
+    needed = get_counter(&p->curpos);
+    {
+      char *s = va_arg(args,char*);
+      if (p->buflen >= needed) StrnCpy(p->structbuf,s?s:"",needed-1);
+    }
+    break;
+  case 'z':			/* offset to zero terminated string (4 byte) */
+    str = va_arg(args,char*);
+    stringneeded = (str ? strlen(str)+1 : 0);
+    is_string = 1;
+    break;
+  case 'l':			/* offset to user data (4 byte) */
+    str = va_arg(args,char*);
+    stringneeded = va_arg(args,int);
+    is_string = 0;
+    break;
+  case 'b':			/* offset to data (with counter) (4 byte) */
+    str = va_arg(args,char*);
+    stringneeded = get_counter(&p->curpos);
+    is_string = 0;
+    break;
+  }
+  va_end(args);
+  if (stringneeded >= 0) {
+    needed = 4;
+    if (p->buflen >= needed) {
+      stringused = stringneeded;
+      if (stringused > p->stringlen) {
+	stringused = (is_string ? p->stringlen : 0);
+	if (p->errcode == NERR_Success) p->errcode = ERRmoredata;
+      }
+      if (!stringused)
+	SIVAL(p->structbuf,0,0);
+      else {
+	SIVAL(p->structbuf,0,PTR_DIFF(p->stringbuf,p->base));
+	memcpy(p->stringbuf,str?str:"",stringused);
+	if (is_string) p->stringbuf[stringused-1] = '\0';
+	p->stringbuf += stringused;
+	p->stringlen -= stringused;
+	p->usedlen += stringused;
+      }
+    }
+    p->neededlen += stringneeded;
+  }
+  p->neededlen += needed;
+  if (p->buflen >= needed) {
+    p->structbuf += needed;
+    p->buflen -= needed;
+    p->usedlen += needed;
+  }
+  else {
+    if (p->errcode == NERR_Success) p->errcode = ERRmoredata;
+  }
+  return 1;
+}
+
+#if CHECK_TYPES
+#define PACK(desc,t,v) package(desc,t,v,0,0,0,0)
+#define PACKl(desc,t,v,l) package(desc,t,v,l,0,0,0,0)
+#else
+#define PACK(desc,t,v) package(desc,v)
+#define PACKl(desc,t,v,l) package(desc,v,l)
+#endif
+
+static void PACKI(struct pack_desc* desc,char *t,int v)
+{
+  PACK(desc,t,v);
+}
+
+static void PACKS(struct pack_desc* desc,char *t,char *v)
+{
+  PACK(desc,t,v);
+}
+
+
+/****************************************************************************
+  get a print queue
+  ****************************************************************************/
+static void PackDriverData(struct pack_desc* desc)
+{
+  char drivdata[4+4+32];
+  SIVAL(drivdata,0,sizeof drivdata); /* cb */
+  SIVAL(drivdata,4,1000);	/* lVersion */
+  memset(drivdata+8,0,32);	/* szDeviceName */
+  push_ascii(drivdata+8,"NULL",-1, STR_TERMINATE);
+  PACKl(desc,"l",drivdata,sizeof drivdata); /* pDriverData */
+}
+
+static int check_printq_info(struct pack_desc* desc,
+ 			     int uLevel, char *id1, char *id2)
+{
+  desc->subformat = NULL;
+  switch( uLevel ) {
+  case 0:
+    desc->format = "B13";
+    break;
+  case 1:
+    desc->format = "B13BWWWzzzzzWW";
+    break;
+  case 2:
+    desc->format = "B13BWWWzzzzzWN";
+    desc->subformat = "WB21BB16B10zWWzDDz";
+    break;
+  case 3:
+    desc->format = "zWWWWzzzzWWzzl";
+    break;
+  case 4:
+    desc->format = "zWWWWzzzzWNzzl";
+    desc->subformat = "WWzWWDDzz";
+    break;
+  case 5:
+    desc->format = "z";
+    break;
+  case 51:
+    desc->format = "K";
+    break;
+  case 52:
+    desc->format = "WzzzzzzzzN";
+    desc->subformat = "z";
+    break;
+  default: return False;
+  }
+  if (strcmp(desc->format,id1) != 0) return False;
+  if (desc->subformat && strcmp(desc->subformat,id2) != 0) return False;
+  return True;
+}
+
+
+#define RAP_JOB_STATUS_QUEUED 0
+#define RAP_JOB_STATUS_PAUSED 1
+#define RAP_JOB_STATUS_SPOOLING 2
+#define RAP_JOB_STATUS_PRINTING 3
+#define RAP_JOB_STATUS_PRINTED 4
+
+#define RAP_QUEUE_STATUS_PAUSED 1
+#define RAP_QUEUE_STATUS_ERROR 2
+
+/* turn a print job status into a on the wire status 
+*/
+static int printj_status(int v)
+{
+	switch (v) {
+	case LPQ_QUEUED:
+		return RAP_JOB_STATUS_QUEUED;
+	case LPQ_PAUSED:
+		return RAP_JOB_STATUS_PAUSED;
+	case LPQ_SPOOLING:
+		return RAP_JOB_STATUS_SPOOLING;
+	case LPQ_PRINTING:
+		return RAP_JOB_STATUS_PRINTING;
+	}
+	return 0;
+}
+
+/* turn a print queue status into a on the wire status 
+*/
+static int printq_status(int v)
+{
+	switch (v) {
+	case LPQ_QUEUED:
+		return 0;
+	case LPQ_PAUSED:
+		return RAP_QUEUE_STATUS_PAUSED;
+	}
+	return RAP_QUEUE_STATUS_ERROR;
+}
+
+static void fill_printjob_info(connection_struct *conn, int snum, int uLevel,
+			       struct pack_desc* desc,
+			       print_queue_struct* queue, int n)
+{
+  time_t t = queue->time;
+
+  /* the client expects localtime */
+  t -= TimeDiff(t);
+
+  PACKI(desc,"W",queue->job); /* uJobId */
+  if (uLevel == 1) {
+    PACKS(desc,"B21",queue->fs_user); /* szUserName */
+    PACKS(desc,"B","");		/* pad */
+    PACKS(desc,"B16","");	/* szNotifyName */
+    PACKS(desc,"B10","PM_Q_RAW"); /* szDataType */
+    PACKS(desc,"z","");		/* pszParms */
+    PACKI(desc,"W",n+1);		/* uPosition */
+    PACKI(desc,"W",printj_status(queue->status)); /* fsStatus */
+    PACKS(desc,"z","");		/* pszStatus */
+    PACKI(desc,"D",t); /* ulSubmitted */
+    PACKI(desc,"D",queue->size); /* ulSize */
+    PACKS(desc,"z",queue->fs_file); /* pszComment */
+  }
+  if (uLevel == 2 || uLevel == 3 || uLevel == 4) {
+    PACKI(desc,"W",queue->priority);		/* uPriority */
+    PACKS(desc,"z",queue->fs_user); /* pszUserName */
+    PACKI(desc,"W",n+1);		/* uPosition */
+    PACKI(desc,"W",printj_status(queue->status)); /* fsStatus */
+    PACKI(desc,"D",t); /* ulSubmitted */
+    PACKI(desc,"D",queue->size); /* ulSize */
+    PACKS(desc,"z","Samba");	/* pszComment */
+    PACKS(desc,"z",queue->fs_file); /* pszDocument */
+    if (uLevel == 3) {
+      PACKS(desc,"z","");	/* pszNotifyName */
+      PACKS(desc,"z","PM_Q_RAW"); /* pszDataType */
+      PACKS(desc,"z","");	/* pszParms */
+      PACKS(desc,"z","");	/* pszStatus */
+      PACKS(desc,"z",SERVICE(snum)); /* pszQueue */
+      PACKS(desc,"z","lpd");	/* pszQProcName */
+      PACKS(desc,"z","");	/* pszQProcParms */
+      PACKS(desc,"z","NULL"); /* pszDriverName */
+      PackDriverData(desc);	/* pDriverData */
+      PACKS(desc,"z","");	/* pszPrinterName */
+    } else if (uLevel == 4) {   /* OS2 */
+      PACKS(desc,"z","");       /* pszSpoolFileName  */
+       PACKS(desc,"z","");       /* pszPortName       */
+       PACKS(desc,"z","");       /* pszStatus         */
+       PACKI(desc,"D",0);        /* ulPagesSpooled    */
+       PACKI(desc,"D",0);        /* ulPagesSent       */
+       PACKI(desc,"D",0);        /* ulPagesPrinted    */
+       PACKI(desc,"D",0);        /* ulTimePrinted     */
+       PACKI(desc,"D",0);        /* ulExtendJobStatus */
+       PACKI(desc,"D",0);        /* ulStartPage       */
+       PACKI(desc,"D",0);        /* ulEndPage         */
+    }
+  }
+}
+
+/********************************************************************
+ Return a driver name given an snum.
+ Looks in a tdb first. Returns True if from tdb, False otherwise.
+ ********************************************************************/
+
+static BOOL get_driver_name(int snum, pstring drivername)
+{
+	NT_PRINTER_INFO_LEVEL *info = NULL;
+	BOOL in_tdb = False;
+
+	get_a_printer (&info, 2, lp_servicename(snum));
+	if (info != NULL) {
+		pstrcpy( drivername, info->info_2->drivername);
+		in_tdb = True;
+		free_a_printer(&info, 2);
+	} else {
+		pstrcpy( drivername, lp_printerdriver(snum));
+	}
+
+	return in_tdb;
+}
+
+/********************************************************************
+ Respond to the DosPrintQInfo command with a level of 52
+ This is used to get printer driver information for Win9x clients
+ ********************************************************************/
+static void fill_printq_info_52(connection_struct *conn, int snum, int uLevel,
+				struct pack_desc* desc,
+				int count, print_queue_struct* queue,
+				print_status_struct* status)
+{
+	int i;
+	BOOL ok = False;
+	pstring tok,driver,datafile,langmon,helpfile,datatype;
+	char *p;
+	char **lines = NULL;
+	pstring gen_line;
+	BOOL in_tdb = False;
+	fstring location;
+	pstring drivername;
+
+	/*
+	 * Check in the tdb *first* before checking the legacy
+	 * files. This allows an NT upload to take precedence over
+	 * the existing fileset. JRA.
+	 * 
+	 * we need to lookup the driver name prior to making the call
+	 * to get_a_printer_driver_9x_compatible() and not rely on the
+	 * 'print driver' parameter --jerry
+	 */
+
+
+	if ((get_driver_name(snum,drivername)) && 
+	    ((ok = get_a_printer_driver_9x_compatible(gen_line, drivername)) == True))
+	{
+		in_tdb = True;
+		p = gen_line;
+		DEBUG(10,("9x compatable driver line for [%s]: [%s]\n", drivername, gen_line));
+	} 
+	else 
+	{
+		/* didn't find driver in tdb */
+
+		DEBUG(10,("snum: %d\nprinterdriver: [%s]\nlp_driverfile: [%s]\n",
+			   snum, drivername, lp_driverfile(snum)));
+
+		lines = file_lines_load(lp_driverfile(snum),NULL);
+		if (!lines) 
+		{
+			DEBUG(3,("Can't open %s - %s\n", lp_driverfile(snum),
+				  strerror(errno)));
+			desc->errcode=NERR_notsupported;
+			goto done;
+		} 
+
+		/* lookup the long printer driver name in the file description */
+		for (i=0;lines[i] && !ok;i++) 
+		{
+			p = lines[i];
+			if (next_token(&p,tok,":",sizeof(tok)) &&
+		    	   (strlen(drivername) == strlen(tok)) &&
+		    	   (!strncmp(tok,drivername,strlen(drivername))))
+			{
+				ok = True;
+			}
+		}
+	}
+
+	if (ok)
+	{
+		/* driver file name */
+		if (!next_token(&p,driver,":",sizeof(driver)))
+			goto err;
+
+		/* data file name */
+		if (!next_token(&p,datafile,":",sizeof(datafile)))
+			goto err;
+
+		/*
+		 * for the next tokens - which may be empty - I have
+		 * to check for empty tokens first because the
+		 * next_token function will skip all empty token
+		 * fields */
+
+		/* help file */
+		if (*p == ':') 
+		{
+			*helpfile = '\0';
+			p++;
+		} 
+		else if (!next_token(&p,helpfile,":",sizeof(helpfile)))
+			goto err;
+	
+		/* language monitor */
+		if (*p == ':') 
+		{
+			*langmon = '\0';
+			p++;
+		} 
+		else if (!next_token(&p,langmon,":",sizeof(langmon)))
+			goto err;
+	
+		/* default data type */
+		if (!next_token(&p,datatype,":",sizeof(datatype))) 
+			goto err;
+	
+		PACKI(desc,"W",0x0400);               /* don't know */
+		PACKS(desc,"z",drivername);    /* long printer name */
+		PACKS(desc,"z",driver);                    /* Driverfile Name */
+		PACKS(desc,"z",datafile);                  /* Datafile name */
+		PACKS(desc,"z",langmon);			 /* language monitor */
+		if (in_tdb)
+		{
+			fstrcpy(location, "\\\\");
+			fstrcat(location, global_myname);
+			fstrcat(location, "\\print$\\WIN40\\0");
+			PACKS(desc,"z",location);   /* share to retrieve files */
+		}
+		else
+		{
+			PACKS(desc,"z",lp_driverlocation(snum));   /* share to retrieve files */
+		}
+		PACKS(desc,"z",datatype);			 /* default data type */
+		PACKS(desc,"z",helpfile);                  /* helpfile name */
+		PACKS(desc,"z",driver);                    /* driver name */
+
+		DEBUG(3,("printerdriver:%s:\n",drivername));
+		DEBUG(3,("Driver:%s:\n",driver));
+		DEBUG(3,("Data File:%s:\n",datafile));
+		DEBUG(3,("Language Monitor:%s:\n",langmon));
+		if (in_tdb)
+			DEBUG(3,("lp_driverlocation:%s:\n",location));
+		else
+			DEBUG(3,("lp_driverlocation:%s:\n",lp_driverlocation(snum)));
+		DEBUG(3,("Data Type:%s:\n",datatype));
+		DEBUG(3,("Help File:%s:\n",helpfile));
+		PACKI(desc,"N",count);                     /* number of files to copy */
+
+		for (i=0;i<count;i++) 
+		{
+			/* no need to check return value here
+			 * - it was already tested in
+			 * get_printerdrivernumber */
+			next_token(&p,tok,",",sizeof(tok));
+			PACKS(desc,"z",tok);         /* driver files to copy */
+			DEBUG(3,("file:%s:\n",tok));
+		}
+		
+		DEBUG(3,("fill_printq_info on <%s> gave %d entries\n",
+		  	  SERVICE(snum),count));
+
+	        desc->errcode=NERR_Success;
+		goto done;
+	}
+
+  err:
+
+	DEBUG(3,("fill_printq_info: Can't supply driver files\n"));
+	desc->errcode=NERR_notsupported;
+
+ done:
+	file_lines_free(lines);	
+}
+
+
+static void fill_printq_info(connection_struct *conn, int snum, int uLevel,
+ 			     struct pack_desc* desc,
+ 			     int count, print_queue_struct* queue,
+ 			     print_status_struct* status)
+{
+	switch (uLevel) {
+	case 1:
+	case 2:
+		PACKS(desc,"B13",SERVICE(snum));
+		break;
+	case 3:
+	case 4:
+	case 5:
+		PACKS(desc,"z",Expand(conn,snum,SERVICE(snum)));
+		break;
+	case 51:
+		PACKI(desc,"K",printq_status(status->status));
+		break;
+	}
+
+	if (uLevel == 1 || uLevel == 2) {
+		PACKS(desc,"B","");		/* alignment */
+		PACKI(desc,"W",5);		/* priority */
+		PACKI(desc,"W",0);		/* start time */
+		PACKI(desc,"W",0);		/* until time */
+		PACKS(desc,"z","");		/* pSepFile */
+		PACKS(desc,"z","lpd");	/* pPrProc */
+		PACKS(desc,"z",SERVICE(snum)); /* pDestinations */
+		PACKS(desc,"z","");		/* pParms */
+		if (snum < 0) {
+			PACKS(desc,"z","UNKNOWN PRINTER");
+			PACKI(desc,"W",LPSTAT_ERROR);
+		}
+		else if (!status || !status->message[0]) {
+			PACKS(desc,"z",Expand(conn,snum,lp_comment(snum)));
+			PACKI(desc,"W",LPSTAT_OK); /* status */
+		} else {
+			PACKS(desc,"z",status->message);
+			PACKI(desc,"W",printq_status(status->status)); /* status */
+		}
+		PACKI(desc,(uLevel == 1 ? "W" : "N"),count);
+	}
+
+	if (uLevel == 3 || uLevel == 4) {
+		pstring drivername;
+
+		PACKI(desc,"W",5);		/* uPriority */
+		PACKI(desc,"W",0);		/* uStarttime */
+		PACKI(desc,"W",0);		/* uUntiltime */
+		PACKI(desc,"W",5);		/* pad1 */
+		PACKS(desc,"z","");		/* pszSepFile */
+		PACKS(desc,"z","WinPrint");	/* pszPrProc */
+		PACKS(desc,"z",NULL);		/* pszParms */
+		PACKS(desc,"z",NULL);		/* pszComment - don't ask.... JRA */
+		/* "don't ask" that it's done this way to fix corrupted 
+		   Win9X/ME printer comments. */
+		if (!status) {
+			PACKI(desc,"W",LPSTAT_OK); /* fsStatus */
+		} else {
+			PACKI(desc,"W",printq_status(status->status)); /* fsStatus */
+		}
+		PACKI(desc,(uLevel == 3 ? "W" : "N"),count);	/* cJobs */
+		PACKS(desc,"z",SERVICE(snum)); /* pszPrinters */
+		get_driver_name(snum,drivername);
+		PACKS(desc,"z",drivername);		/* pszDriverName */
+		PackDriverData(desc);	/* pDriverData */
+	}
+
+	if (uLevel == 2 || uLevel == 4) {
+		int i;
+		for (i=0;i<count;i++)
+			fill_printjob_info(conn,snum,uLevel == 2 ? 1 : 2,desc,&queue[i],i);
+	}
+
+	if (uLevel==52) {
+		fill_printq_info_52(conn, snum, uLevel, desc, count, queue, status);
+	}
+}
+
+/* This function returns the number of files for a given driver */
+static int get_printerdrivernumber(int snum)
+{
+	int i, result = 0;
+	BOOL ok = False;
+	pstring tok;
+	char *p;
+	char **lines = NULL;
+	pstring gen_line;
+	pstring drivername;
+	
+	/*
+	 * Check in the tdb *first* before checking the legacy
+	 * files. This allows an NT upload to take precedence over
+	 * the existing fileset. JRA.
+	 *
+	 * we need to lookup the driver name prior to making the call
+	 * to get_a_printer_driver_9x_compatible() and not rely on the
+	 * 'print driver' parameter --jerry
+	 */
+	
+	if ((get_driver_name(snum,drivername)) && 
+	    (ok = get_a_printer_driver_9x_compatible(gen_line, drivername) == True)) 
+	{
+		p = gen_line;
+		DEBUG(10,("9x compatable driver line for [%s]: [%s]\n", drivername, gen_line));
+	} 
+	else 
+	{
+		/* didn't find driver in tdb */
+	
+		DEBUG(10,("snum: %d\nprinterdriver: [%s]\nlp_driverfile: [%s]\n",
+			  snum, drivername, lp_driverfile(snum)));
+		
+		lines = file_lines_load(lp_driverfile(snum), NULL);
+		if (!lines) 
+		{
+			DEBUG(3,("Can't open %s - %s\n", lp_driverfile(snum),strerror(errno)));
+			goto done;
+		} 
+
+		/* lookup the long printer driver name in the file description */
+		for (i=0;lines[i] && !ok;i++) 
+		{
+			p = lines[i];
+			if (next_token(&p,tok,":",sizeof(tok)) &&
+			   (strlen(drivername) == strlen(tok)) &&
+			   (!strncmp(tok,drivername,strlen(drivername)))) 
+			{
+				ok = True;
+			}
+		}
+	}
+	
+	if( ok ) 
+	{
+		/* skip 5 fields */
+		i = 5;
+		while (*p && i) {
+			if (*p++ == ':') i--;
+		}
+		if (!*p || i) {
+			DEBUG(3,("Can't determine number of printer driver files\n"));
+			goto done;
+		}
+		
+		/* count the number of files */
+		while (next_token(&p,tok,",",sizeof(tok)))
+			i++;
+	
+		result = i;
+	}
+
+ done:
+
+	file_lines_free(lines);
+
+	return result;
+}
+
+static BOOL api_DosPrintQGetInfo(connection_struct *conn,
+				 uint16 vuid, char *param,char *data,
+				 int mdrcnt,int mprcnt,
+				 char **rdata,char **rparam,
+				 int *rdata_len,int *rparam_len)
+{
+	char *str1 = param+2;
+	char *str2 = skip_string(str1,1);
+	char *p = skip_string(str2,1);
+	char *QueueName = p;
+	int uLevel;
+	int count=0;
+	int snum;
+	char* str3;
+	struct pack_desc desc;
+	print_queue_struct *queue=NULL;
+	print_status_struct status;
+	char* tmpdata=NULL;
+
+	memset((char *)&status,'\0',sizeof(status));
+	memset((char *)&desc,'\0',sizeof(desc));
+ 
+	p = skip_string(p,1);
+	uLevel = SVAL(p,0);
+	str3 = p + 4;
+ 
+	/* remove any trailing username */
+	if ((p = strchr_m(QueueName,'%')))
+		*p = 0;
+ 
+	DEBUG(3,("api_DosPrintQGetInfo uLevel=%d name=%s\n",uLevel,QueueName));
+ 
+	/* check it's a supported varient */
+	if (!prefix_ok(str1,"zWrLh"))
+		return False;
+	if (!check_printq_info(&desc,uLevel,str2,str3)) {
+		/*
+		 * Patch from Scott Moomaw <scott@bridgewater.edu>
+		 * to return the 'invalid info level' error if an
+		 * unknown level was requested.
+		 */
+		*rdata_len = 0;
+		*rparam_len = 6;
+		*rparam = REALLOC(*rparam,*rparam_len);
+		SSVALS(*rparam,0,ERRunknownlevel);
+		SSVAL(*rparam,2,0);
+		SSVAL(*rparam,4,0);
+		return(True);
+	}
+ 
+	snum = lp_servicenumber(QueueName);
+	if (snum < 0 && pcap_printername_ok(QueueName,NULL)) {
+		int pnum = lp_servicenumber(PRINTERS_NAME);
+		if (pnum >= 0) {
+			lp_add_printer(QueueName,pnum);
+			snum = lp_servicenumber(QueueName);
+		}
+	}
+  
+	if (snum < 0 || !VALID_SNUM(snum))
+		return(False);
+
+	if (uLevel==52) {
+		count = get_printerdrivernumber(snum);
+		DEBUG(3,("api_DosPrintQGetInfo: Driver files count: %d\n",count));
+	} else {
+		count = print_queue_status(snum, &queue,&status);
+	}
+
+	if (mdrcnt > 0) {
+		*rdata = REALLOC(*rdata,mdrcnt);
+		desc.base = *rdata;
+		desc.buflen = mdrcnt;
+	} else {
+		/*
+		 * Don't return data but need to get correct length
+		 * init_package will return wrong size if buflen=0
+		 */
+		desc.buflen = getlen(desc.format);
+		desc.base = tmpdata = (char *) malloc (desc.buflen);
+	}
+
+	if (init_package(&desc,1,count)) {
+		desc.subcount = count;
+		fill_printq_info(conn,snum,uLevel,&desc,count,queue,&status);
+	}
+
+	*rdata_len = desc.usedlen;
+  
+	/*
+	 * We must set the return code to ERRbuftoosmall
+	 * in order to support lanman style printing with Win NT/2k
+	 * clients       --jerry
+	 */
+	if (!mdrcnt && lp_disable_spoolss())
+		desc.errcode = ERRbuftoosmall;
+ 
+    *rdata_len = desc.usedlen;
+	*rparam_len = 6;
+	*rparam = REALLOC(*rparam,*rparam_len);
+	SSVALS(*rparam,0,desc.errcode);
+	SSVAL(*rparam,2,0);
+	SSVAL(*rparam,4,desc.neededlen);
+  
+	DEBUG(4,("printqgetinfo: errorcode %d\n",desc.errcode));
+
+	SAFE_FREE(queue);
+	SAFE_FREE(tmpdata);
+
+	return(True);
+}
+
+/****************************************************************************
+ View list of all print jobs on all queues.
+****************************************************************************/
+
+static BOOL api_DosPrintQEnum(connection_struct *conn, uint16 vuid, char* param, char* data,
+ 			      int mdrcnt, int mprcnt,
+ 			      char **rdata, char** rparam,
+ 			      int *rdata_len, int *rparam_len)
+{
+  char *param_format = param+2;
+  char *output_format1 = skip_string(param_format,1);
+  char *p = skip_string(output_format1,1);
+  int uLevel = SVAL(p,0);
+  char *output_format2 = p + 4;
+  int services = lp_numservices();
+  int i, n;
+  struct pack_desc desc;
+  print_queue_struct **queue = NULL;
+  print_status_struct *status = NULL;
+  int* subcntarr = NULL;
+  int queuecnt, subcnt=0, succnt=0;
+ 
+  memset((char *)&desc,'\0',sizeof(desc));
+
+  DEBUG(3,("DosPrintQEnum uLevel=%d\n",uLevel));
+ 
+  if (!prefix_ok(param_format,"WrLeh")) return False;
+  if (!check_printq_info(&desc,uLevel,output_format1,output_format2)) {
+    /*
+     * Patch from Scott Moomaw <scott@bridgewater.edu>
+     * to return the 'invalid info level' error if an
+     * unknown level was requested.
+     */
+    *rdata_len = 0;
+    *rparam_len = 6;
+    *rparam = REALLOC(*rparam,*rparam_len);
+    SSVALS(*rparam,0,ERRunknownlevel);
+    SSVAL(*rparam,2,0);
+    SSVAL(*rparam,4,0);
+    return(True);
+  }
+
+  queuecnt = 0;
+  for (i = 0; i < services; i++)
+    if (lp_snum_ok(i) && lp_print_ok(i) && lp_browseable(i))
+      queuecnt++;
+  if (uLevel > 0) {
+    if((queue = (print_queue_struct**)malloc(queuecnt*sizeof(print_queue_struct*))) == NULL) {
+      DEBUG(0,("api_DosPrintQEnum: malloc fail !\n"));
+      return False;
+    }
+    memset(queue,0,queuecnt*sizeof(print_queue_struct*));
+    if((status = (print_status_struct*)malloc(queuecnt*sizeof(print_status_struct))) == NULL) {
+      DEBUG(0,("api_DosPrintQEnum: malloc fail !\n"));
+      return False;
+    }
+    memset(status,0,queuecnt*sizeof(print_status_struct));
+    if((subcntarr = (int*)malloc(queuecnt*sizeof(int))) == NULL) {
+      DEBUG(0,("api_DosPrintQEnum: malloc fail !\n"));
+      return False;
+    }
+    subcnt = 0;
+    n = 0;
+    for (i = 0; i < services; i++)
+      if (lp_snum_ok(i) && lp_print_ok(i) && lp_browseable(i)) {
+ 	subcntarr[n] = print_queue_status(i, &queue[n],&status[n]);
+ 	subcnt += subcntarr[n];
+ 	n++;
+      }
+  }
+  if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt);
+  desc.base = *rdata;
+  desc.buflen = mdrcnt;
+
+  if (init_package(&desc,queuecnt,subcnt)) {
+    n = 0;
+    succnt = 0;
+    for (i = 0; i < services; i++)
+      if (lp_snum_ok(i) && lp_print_ok(i) && lp_browseable(i)) {
+	fill_printq_info(conn,i,uLevel,&desc,subcntarr[n],queue[n],&status[n]);
+	n++;
+	if (desc.errcode == NERR_Success) succnt = n;
+      }
+  }
+
+  SAFE_FREE(subcntarr);
+ 
+  *rdata_len = desc.usedlen;
+  *rparam_len = 8;
+  *rparam = REALLOC(*rparam,*rparam_len);
+  SSVALS(*rparam,0,desc.errcode);
+  SSVAL(*rparam,2,0);
+  SSVAL(*rparam,4,succnt);
+  SSVAL(*rparam,6,queuecnt);
+  
+  for (i = 0; i < queuecnt; i++) {
+    if (queue) SAFE_FREE(queue[i]);
+  }
+
+  SAFE_FREE(queue);
+  SAFE_FREE(status);
+  
+  return True;
+}
+
+/****************************************************************************
+  get info level for a server list query
+  ****************************************************************************/
+static BOOL check_server_info(int uLevel, char* id)
+{
+  switch( uLevel ) {
+  case 0:
+    if (strcmp(id,"B16") != 0) return False;
+    break;
+  case 1:
+    if (strcmp(id,"B16BBDz") != 0) return False;
+    break;
+  default: 
+    return False;
+  }
+  return True;
+}
+
+struct srv_info_struct
+{
+  fstring name;
+  uint32 type;
+  fstring comment;
+  fstring domain;
+  BOOL server_added;
+};
+
+
+/*******************************************************************
+  get server info lists from the files saved by nmbd. Return the
+  number of entries
+  ******************************************************************/
+static int get_server_info(uint32 servertype, 
+			   struct srv_info_struct **servers,
+			   char *domain)
+{
+  int count=0;
+  int alloced=0;
+  char **lines;
+  BOOL local_list_only;
+  int i;
+
+  lines = file_lines_load(lock_path(SERVER_LIST), NULL);
+  if (!lines) {
+    DEBUG(4,("Can't open %s - %s\n",lock_path(SERVER_LIST),strerror(errno)));
+    return(0);
+  }
+
+  /* request for everything is code for request all servers */
+  if (servertype == SV_TYPE_ALL) 
+	servertype &= ~(SV_TYPE_DOMAIN_ENUM|SV_TYPE_LOCAL_LIST_ONLY);
+
+  local_list_only = (servertype & SV_TYPE_LOCAL_LIST_ONLY);
+
+  DEBUG(4,("Servertype search: %8x\n",servertype));
+
+  for (i=0;lines[i];i++) {
+    fstring stype;
+    struct srv_info_struct *s;
+    char *ptr = lines[i];
+    BOOL ok = True;
+
+    if (!*ptr) continue;
+    
+    if (count == alloced) {
+      struct srv_info_struct *ts;
+      
+      alloced += 10;
+      ts = (struct srv_info_struct *)
+	Realloc(*servers,sizeof(**servers)*alloced);
+      if (!ts) {
+      	DEBUG(0,("get_server_info: failed to enlarge servers info struct!\n"));
+	return(0);
+      }
+      else *servers = ts;
+      memset((char *)((*servers)+count),'\0',sizeof(**servers)*(alloced-count));
+    }
+    s = &(*servers)[count];
+    
+    if (!next_token(&ptr,s->name   , NULL, sizeof(s->name))) continue;
+    if (!next_token(&ptr,stype     , NULL, sizeof(stype))) continue;
+    if (!next_token(&ptr,s->comment, NULL, sizeof(s->comment))) continue;
+    if (!next_token(&ptr,s->domain , NULL, sizeof(s->domain))) {
+      /* this allows us to cope with an old nmbd */
+      pstrcpy(s->domain,global_myworkgroup); 
+    }
+    
+    if (sscanf(stype,"%X",&s->type) != 1) { 
+      DEBUG(4,("r:host file ")); 
+      ok = False; 
+    }
+    
+	/* Filter the servers/domains we return based on what was asked for. */
+
+	/* Check to see if we are being asked for a local list only. */
+	if(local_list_only && ((s->type & SV_TYPE_LOCAL_LIST_ONLY) == 0)) {
+	  DEBUG(4,("r: local list only"));
+	  ok = False;
+	}
+
+    /* doesn't match up: don't want it */
+    if (!(servertype & s->type)) { 
+      DEBUG(4,("r:serv type ")); 
+      ok = False; 
+    }
+    
+    if ((servertype & SV_TYPE_DOMAIN_ENUM) != 
+	(s->type & SV_TYPE_DOMAIN_ENUM))
+      {
+	DEBUG(4,("s: dom mismatch "));
+	ok = False;
+      }
+    
+    if (!strequal(domain, s->domain) && !(servertype & SV_TYPE_DOMAIN_ENUM))
+      {
+	ok = False;
+      }
+    
+	/* We should never return a server type with a SV_TYPE_LOCAL_LIST_ONLY set. */
+	s->type &= ~SV_TYPE_LOCAL_LIST_ONLY;
+
+    if (ok)
+      {
+    	DEBUG(4,("**SV** %20s %8x %25s %15s\n",
+		 s->name, s->type, s->comment, s->domain));
+	
+    	s->server_added = True;
+    	count++;
+      }
+    else
+      {
+	DEBUG(4,("%20s %8x %25s %15s\n",
+		 s->name, s->type, s->comment, s->domain));
+      }
+  }
+  
+  file_lines_free(lines);
+  return(count);
+}
+
+
+/*******************************************************************
+  fill in a server info structure
+  ******************************************************************/
+static int fill_srv_info(struct srv_info_struct *service, 
+			 int uLevel, char **buf, int *buflen, 
+			 char **stringbuf, int *stringspace, char *baseaddr)
+{
+  int struct_len;
+  char* p;
+  char* p2;
+  int l2;
+  int len;
+ 
+  switch (uLevel) {
+  case 0: struct_len = 16; break;
+  case 1: struct_len = 26; break;
+  default: return -1;
+  }  
+ 
+  if (!buf)
+    {
+      len = 0;
+      switch (uLevel) 
+	{
+	case 1:
+	  len = strlen(service->comment)+1;
+	  break;
+	}
+
+      if (buflen) *buflen = struct_len;
+      if (stringspace) *stringspace = len;
+      return struct_len + len;
+    }
+  
+  len = struct_len;
+  p = *buf;
+  if (*buflen < struct_len) return -1;
+  if (stringbuf)
+    {
+      p2 = *stringbuf;
+      l2 = *stringspace;
+    }
+  else
+    {
+      p2 = p + struct_len;
+      l2 = *buflen - struct_len;
+    }
+  if (!baseaddr) baseaddr = p;
+  
+  switch (uLevel)
+    {
+    case 0:
+	    push_ascii(p,service->name, 15, STR_TERMINATE);
+	    break;
+
+    case 1:
+	    push_ascii(p,service->name,15, STR_TERMINATE);
+	    SIVAL(p,18,service->type);
+	    SIVAL(p,22,PTR_DIFF(p2,baseaddr));
+	    len += CopyAndAdvance(&p2,service->comment,&l2);
+	    break;
+    }
+
+  if (stringbuf)
+    {
+      *buf = p + struct_len;
+      *buflen -= struct_len;
+      *stringbuf = p2;
+      *stringspace = l2;
+    }
+  else
+    {
+      *buf = p2;
+      *buflen -= len;
+    }
+  return len;
+}
+
+
+static BOOL srv_comp(struct srv_info_struct *s1,struct srv_info_struct *s2)
+{
+  return(strcmp(s1->name,s2->name));
+}
+
+/****************************************************************************
+  view list of servers available (or possibly domains). The info is
+  extracted from lists saved by nmbd on the local host
+  ****************************************************************************/
+static BOOL api_RNetServerEnum(connection_struct *conn, uint16 vuid, char *param, char *data,
+			       int mdrcnt, int mprcnt, char **rdata, 
+			       char **rparam, int *rdata_len, int *rparam_len)
+{
+  char *str1 = param+2;
+  char *str2 = skip_string(str1,1);
+  char *p = skip_string(str2,1);
+  int uLevel = SVAL(p,0);
+  int buf_len = SVAL(p,2);
+  uint32 servertype = IVAL(p,4);
+  char *p2;
+  int data_len, fixed_len, string_len;
+  int f_len = 0, s_len = 0;
+  struct srv_info_struct *servers=NULL;
+  int counted=0,total=0;
+  int i,missed;
+  fstring domain;
+  BOOL domain_request;
+  BOOL local_request;
+
+  /* If someone sets all the bits they don't really mean to set
+     DOMAIN_ENUM and LOCAL_LIST_ONLY, they just want all the
+     known servers. */
+
+  if (servertype == SV_TYPE_ALL) 
+    servertype &= ~(SV_TYPE_DOMAIN_ENUM|SV_TYPE_LOCAL_LIST_ONLY);
+
+  /* If someone sets SV_TYPE_LOCAL_LIST_ONLY but hasn't set
+     any other bit (they may just set this bit on it's own) they 
+     want all the locally seen servers. However this bit can be 
+     set on its own so set the requested servers to be 
+     ALL - DOMAIN_ENUM. */
+
+  if ((servertype & SV_TYPE_LOCAL_LIST_ONLY) && !(servertype & SV_TYPE_DOMAIN_ENUM)) 
+    servertype = SV_TYPE_ALL & ~(SV_TYPE_DOMAIN_ENUM);
+
+  domain_request = ((servertype & SV_TYPE_DOMAIN_ENUM) != 0);
+  local_request = ((servertype & SV_TYPE_LOCAL_LIST_ONLY) != 0);
+
+  p += 8;
+
+  if (!prefix_ok(str1,"WrLehD")) return False;
+  if (!check_server_info(uLevel,str2)) return False;
+  
+  DEBUG(4, ("server request level: %s %8x ", str2, servertype));
+  DEBUG(4, ("domains_req:%s ", BOOLSTR(domain_request)));
+  DEBUG(4, ("local_only:%s\n", BOOLSTR(local_request)));
+
+  if (strcmp(str1, "WrLehDz") == 0) {
+	  pull_ascii_fstring(domain, p);
+  } else {
+	  fstrcpy(domain, global_myworkgroup);
+  }
+
+  if (lp_browse_list())
+    total = get_server_info(servertype,&servers,domain);
+
+  data_len = fixed_len = string_len = 0;
+  missed = 0;
+
+  if (total > 0)
+    qsort(servers,total,sizeof(servers[0]),QSORT_CAST srv_comp);
+
+  {
+    char *lastname=NULL;
+
+    for (i=0;i<total;i++)
+    {
+      struct srv_info_struct *s = &servers[i];
+      if (lastname && strequal(lastname,s->name)) continue;
+      lastname = s->name;
+      data_len += fill_srv_info(s,uLevel,0,&f_len,0,&s_len,0);
+      DEBUG(4,("fill_srv_info %20s %8x %25s %15s\n",
+	       s->name, s->type, s->comment, s->domain));
+      
+      if (data_len <= buf_len) {
+	  counted++;
+	  fixed_len += f_len;
+	  string_len += s_len;
+      } else {
+	missed++;
+      }
+    }
+  }
+
+  *rdata_len = fixed_len + string_len;
+  *rdata = REALLOC(*rdata,*rdata_len);
+  memset(*rdata,'\0',*rdata_len);
+  
+  p2 = (*rdata) + fixed_len;	/* auxilliary data (strings) will go here */
+  p = *rdata;
+  f_len = fixed_len;
+  s_len = string_len;
+
+  {
+    char *lastname=NULL;
+    int count2 = counted;
+    for (i = 0; i < total && count2;i++)
+      {
+	struct srv_info_struct *s = &servers[i];
+	if (lastname && strequal(lastname,s->name)) continue;
+	lastname = s->name;
+	fill_srv_info(s,uLevel,&p,&f_len,&p2,&s_len,*rdata);
+	DEBUG(4,("fill_srv_info %20s %8x %25s %15s\n",
+		 s->name, s->type, s->comment, s->domain));
+	count2--;
+      }
+  }
+  
+  *rparam_len = 8;
+  *rparam = REALLOC(*rparam,*rparam_len);
+  SSVAL(*rparam,0,(missed == 0 ? NERR_Success : ERRmoredata));
+  SSVAL(*rparam,2,0);
+  SSVAL(*rparam,4,counted);
+  SSVAL(*rparam,6,counted+missed);
+
+  SAFE_FREE(servers);
+
+  DEBUG(3,("NetServerEnum domain = %s uLevel=%d counted=%d total=%d\n",
+	   domain,uLevel,counted,counted+missed));
+
+  return(True);
+}
+
+/****************************************************************************
+  command 0x34 - suspected of being a "Lookup Names" stub api
+  ****************************************************************************/
+static BOOL api_RNetGroupGetUsers(connection_struct *conn, uint16 vuid, char *param, char *data,
+			       int mdrcnt, int mprcnt, char **rdata, 
+			       char **rparam, int *rdata_len, int *rparam_len)
+{
+  char *str1 = param+2;
+  char *str2 = skip_string(str1,1);
+  char *p = skip_string(str2,1);
+  int uLevel = SVAL(p,0);
+  int buf_len = SVAL(p,2);
+  int counted=0;
+  int missed=0;
+
+	DEBUG(5,("RNetGroupGetUsers: %s %s %s %d %d\n",
+		str1, str2, p, uLevel, buf_len));
+
+  if (!prefix_ok(str1,"zWrLeh")) return False;
+  
+  *rdata_len = 0;
+  
+  *rparam_len = 8;
+  *rparam = REALLOC(*rparam,*rparam_len);
+
+  SSVAL(*rparam,0,0x08AC); /* informational warning message */
+  SSVAL(*rparam,2,0);
+  SSVAL(*rparam,4,counted);
+  SSVAL(*rparam,6,counted+missed);
+
+  return(True);
+}
+
+/****************************************************************************
+  get info about a share
+  ****************************************************************************/
+static BOOL check_share_info(int uLevel, char* id)
+{
+  switch( uLevel ) {
+  case 0:
+    if (strcmp(id,"B13") != 0) return False;
+    break;
+  case 1:
+    if (strcmp(id,"B13BWz") != 0) return False;
+    break;
+  case 2:
+    if (strcmp(id,"B13BWzWWWzB9B") != 0) return False;
+    break;
+  case 91:
+    if (strcmp(id,"B13BWzWWWzB9BB9BWzWWzWW") != 0) return False;
+    break;
+  default: return False;
+  }
+  return True;
+}
+
+static int fill_share_info(connection_struct *conn, int snum, int uLevel,
+ 			   char** buf, int* buflen,
+ 			   char** stringbuf, int* stringspace, char* baseaddr)
+{
+  int struct_len;
+  char* p;
+  char* p2;
+  int l2;
+  int len;
+ 
+  switch( uLevel ) {
+  case 0: struct_len = 13; break;
+  case 1: struct_len = 20; break;
+  case 2: struct_len = 40; break;
+  case 91: struct_len = 68; break;
+  default: return -1;
+  }
+  
+ 
+  if (!buf)
+    {
+      len = 0;
+      if (uLevel > 0) len += StrlenExpanded(conn,snum,lp_comment(snum));
+      if (uLevel > 1) len += strlen(lp_pathname(snum)) + 1;
+      if (buflen) *buflen = struct_len;
+      if (stringspace) *stringspace = len;
+      return struct_len + len;
+    }
+  
+  len = struct_len;
+  p = *buf;
+  if ((*buflen) < struct_len) return -1;
+  if (stringbuf)
+    {
+      p2 = *stringbuf;
+      l2 = *stringspace;
+    }
+  else
+    {
+      p2 = p + struct_len;
+      l2 = (*buflen) - struct_len;
+    }
+  if (!baseaddr) baseaddr = p;
+  
+  push_ascii(p,lp_servicename(snum),13, STR_TERMINATE);
+  
+  if (uLevel > 0)
+    {
+      int type;
+      SCVAL(p,13,0);
+      type = STYPE_DISKTREE;
+      if (lp_print_ok(snum)) type = STYPE_PRINTQ;
+      if (strequal("IPC",lp_fstype(snum))) type = STYPE_IPC;
+      SSVAL(p,14,type);		/* device type */
+      SIVAL(p,16,PTR_DIFF(p2,baseaddr));
+      len += CopyExpanded(conn,snum,&p2,lp_comment(snum),&l2);
+    }
+  
+  if (uLevel > 1)
+    {
+      SSVAL(p,20,ACCESS_READ|ACCESS_WRITE|ACCESS_CREATE); /* permissions */
+      SSVALS(p,22,-1);		/* max uses */
+      SSVAL(p,24,1); /* current uses */
+      SIVAL(p,26,PTR_DIFF(p2,baseaddr)); /* local pathname */
+      len += CopyAndAdvance(&p2,lp_pathname(snum),&l2);
+      memset(p+30,0,SHPWLEN+2); /* passwd (reserved), pad field */
+    }
+  
+  if (uLevel > 2)
+    {
+      memset(p+40,0,SHPWLEN+2);
+      SSVAL(p,50,0);
+      SIVAL(p,52,0);
+      SSVAL(p,56,0);
+      SSVAL(p,58,0);
+      SIVAL(p,60,0);
+      SSVAL(p,64,0);
+      SSVAL(p,66,0);
+    }
+       
+  if (stringbuf)
+    {
+      (*buf) = p + struct_len;
+      (*buflen) -= struct_len;
+      (*stringbuf) = p2;
+      (*stringspace) = l2;
+    }
+  else
+    {
+      (*buf) = p2;
+      (*buflen) -= len;
+    }
+  return len;
+}
+
+static BOOL api_RNetShareGetInfo(connection_struct *conn,uint16 vuid, char *param,char *data,
+				 int mdrcnt,int mprcnt,
+				 char **rdata,char **rparam,
+				 int *rdata_len,int *rparam_len)
+{
+  char *str1 = param+2;
+  char *str2 = skip_string(str1,1);
+  char *netname = skip_string(str2,1);
+  char *p = skip_string(netname,1);
+  int uLevel = SVAL(p,0);
+  int snum = find_service(netname);
+  
+  if (snum < 0) return False;
+  
+  /* check it's a supported varient */
+  if (!prefix_ok(str1,"zWrLh")) return False;
+  if (!check_share_info(uLevel,str2)) return False;
+ 
+  *rdata = REALLOC(*rdata,mdrcnt);
+  p = *rdata;
+  *rdata_len = fill_share_info(conn,snum,uLevel,&p,&mdrcnt,0,0,0);
+  if (*rdata_len < 0) return False;
+ 
+  *rparam_len = 6;
+  *rparam = REALLOC(*rparam,*rparam_len);
+  SSVAL(*rparam,0,NERR_Success);
+  SSVAL(*rparam,2,0);		/* converter word */
+  SSVAL(*rparam,4,*rdata_len);
+ 
+  return(True);
+}
+
+/****************************************************************************
+  view list of shares available
+  ****************************************************************************/
+static BOOL api_RNetShareEnum(connection_struct *conn,uint16 vuid, char *param,char *data,
+  			      int mdrcnt,int mprcnt,
+  			      char **rdata,char **rparam,
+  			      int *rdata_len,int *rparam_len)
+{
+  char *str1 = param+2;
+  char *str2 = skip_string(str1,1);
+  char *p = skip_string(str2,1);
+  int uLevel = SVAL(p,0);
+  int buf_len = SVAL(p,2);
+  char *p2;
+  int count=lp_numservices();
+  int total=0,counted=0;
+  BOOL missed = False;
+  int i;
+  int data_len, fixed_len, string_len;
+  int f_len = 0, s_len = 0;
+ 
+  if (!prefix_ok(str1,"WrLeh")) return False;
+  if (!check_share_info(uLevel,str2)) return False;
+  
+  data_len = fixed_len = string_len = 0;
+  for (i=0;i<count;i++)
+    if (lp_browseable(i) && lp_snum_ok(i))
+    {
+      total++;
+      data_len += fill_share_info(conn,i,uLevel,0,&f_len,0,&s_len,0);
+      if (data_len <= buf_len)
+      {
+        counted++;
+        fixed_len += f_len;
+        string_len += s_len;
+      }
+      else
+        missed = True;
+    }
+  *rdata_len = fixed_len + string_len;
+  *rdata = REALLOC(*rdata,*rdata_len);
+  memset(*rdata,0,*rdata_len);
+  
+  p2 = (*rdata) + fixed_len;	/* auxiliary data (strings) will go here */
+  p = *rdata;
+  f_len = fixed_len;
+  s_len = string_len;
+  for (i = 0; i < count;i++)
+    if (lp_browseable(i) && lp_snum_ok(i))
+      if (fill_share_info(conn,i,uLevel,&p,&f_len,&p2,&s_len,*rdata) < 0)
+ 	break;
+  
+  *rparam_len = 8;
+  *rparam = REALLOC(*rparam,*rparam_len);
+  SSVAL(*rparam,0,missed ? ERRmoredata : NERR_Success);
+  SSVAL(*rparam,2,0);
+  SSVAL(*rparam,4,counted);
+  SSVAL(*rparam,6,total);
+  
+  DEBUG(3,("RNetShareEnum gave %d entries of %d (%d %d %d %d)\n",
+ 	   counted,total,uLevel,
+  	   buf_len,*rdata_len,mdrcnt));
+  return(True);
+}
+
+/****************************************************************************
+  Add a share
+  ****************************************************************************/
+static BOOL api_RNetShareAdd(connection_struct *conn,uint16 vuid, char *param,char *data,
+				 int mdrcnt,int mprcnt,
+				 char **rdata,char **rparam,
+				 int *rdata_len,int *rparam_len)
+{
+  char *str1 = param+2;
+  char *str2 = skip_string(str1,1);
+  char *p = skip_string(str2,1);
+  int uLevel = SVAL(p,0);
+  fstring sharename;
+  fstring comment;
+  pstring pathname;
+  char *command, *cmdname;
+  uint offset;
+  int snum;
+  int res = ERRunsup;
+  
+  /* check it's a supported varient */
+  if (!prefix_ok(str1,RAP_WShareAdd_REQ)) return False;
+  if (!check_share_info(uLevel,str2)) return False;
+  if (uLevel != 2) return False;
+
+  pull_ascii_fstring(sharename,data);
+  snum = find_service(sharename);
+  if (snum >= 0) { /* already exists */
+    res = ERRfilexists;
+    goto error_exit;
+  }
+
+  /* only support disk share adds */
+  if (SVAL(data,14)!=STYPE_DISKTREE) return False;
+
+  offset = IVAL(data, 16);
+  if (offset >= mdrcnt) {
+    res = ERRinvalidparam;
+    goto error_exit;
+  }
+  pull_ascii_fstring(comment, offset? (data+offset) : "");
+
+  offset = IVAL(data, 26);
+  if (offset >= mdrcnt) {
+    res = ERRinvalidparam;
+    goto error_exit;
+  }
+  pull_ascii_pstring(pathname, offset? (data+offset) : "");
+
+  string_replace(sharename, '"', ' ');
+  string_replace(pathname, '"', ' ');
+  string_replace(comment, '"', ' ');
+
+  cmdname = lp_add_share_cmd();
+
+  if (!cmdname || *cmdname == '\0') return False;
+
+  asprintf(&command, "%s \"%s\" \"%s\" \"%s\" \"%s\"",
+	   lp_add_share_cmd(), dyn_CONFIGFILE, sharename, pathname, comment);
+
+  if (command) {
+    DEBUG(10,("api_RNetShareAdd: Running [%s]\n", command ));
+    if ((res = smbrun(command, NULL)) != 0) {
+      DEBUG(1,("api_RNetShareAdd: Running [%s] returned (%d)\n", command, res ));
+      SAFE_FREE(command);
+      res = ERRnoaccess;
+      goto error_exit;
+    } else {
+      SAFE_FREE(command);
+      message_send_all(conn_tdb_ctx(), MSG_SMB_CONF_UPDATED, NULL, 0, False, NULL);
+    }
+  } else return False;
+
+  *rparam_len = 6;
+  *rparam = REALLOC(*rparam,*rparam_len);
+  SSVAL(*rparam,0,NERR_Success);
+  SSVAL(*rparam,2,0);		/* converter word */
+  SSVAL(*rparam,4,*rdata_len);
+  *rdata_len = 0;
+  
+  return True;
+
+ error_exit:
+  *rparam_len = 4;
+  *rparam = REALLOC(*rparam,*rparam_len);
+  *rdata_len = 0;
+  SSVAL(*rparam,0,res);
+  SSVAL(*rparam,2,0);
+  return True;
+
+}
+
+/****************************************************************************
+  view list of groups available
+  ****************************************************************************/
+static BOOL api_RNetGroupEnum(connection_struct *conn,uint16 vuid, char *param,char *data,
+  			      int mdrcnt,int mprcnt,
+  			      char **rdata,char **rparam,
+  			      int *rdata_len,int *rparam_len)
+{
+	char *str1 = param+2;
+	char *str2 = skip_string(str1,1);
+	char *p = skip_string(str2,1);
+	int uLevel = SVAL(p,0);
+	char *p2;
+	int count=0;
+
+	if (!prefix_ok(str1,"WrLeh")) return False;
+  
+	/* check it's a supported variant */
+	switch( uLevel )
+	{
+		case 0: 
+			p2 = "B21"; 
+			break;
+		default: 
+			return False;
+	}
+
+	if (strcmp(p2,str2) != 0) return False;
+
+	*rdata_len = mdrcnt + 1024;
+	*rdata = REALLOC(*rdata,*rdata_len);
+
+	SSVAL(*rparam,0,NERR_Success);
+	SSVAL(*rparam,2,0);		/* converter word */
+
+	p = *rdata;
+
+	/* XXXX we need a real SAM database some day */
+	pstrcpy(p,"Users"); p += 21; count++;
+	pstrcpy(p,"Domain Users"); p += 21; count++;
+	pstrcpy(p,"Guests"); p += 21; count++;
+	pstrcpy(p,"Domain Guests"); p += 21; count++;
+
+	*rdata_len = PTR_DIFF(p,*rdata);
+
+	*rparam_len = 8;
+	*rparam = REALLOC(*rparam,*rparam_len);
+
+	SSVAL(*rparam,4,count);	/* is this right?? */
+	SSVAL(*rparam,6,count);	/* is this right?? */
+
+	DEBUG(3,("api_RNetGroupEnum gave %d entries\n", count));
+
+	return(True);
+}
+
+/****************************************************************************
+  view list of groups available
+  ****************************************************************************/
+static BOOL api_RNetUserEnum(connection_struct *conn,uint16 vuid, char *param,char *data,
+  			      int mdrcnt,int mprcnt,
+  			      char **rdata,char **rparam,
+  			      int *rdata_len,int *rparam_len)
+{
+	char *str1 = param+2;
+	char *str2 = skip_string(str1,1);
+	char *p = skip_string(str2,1);
+	int uLevel = SVAL(p,0);
+	char *p2;
+	int count=0;
+
+	if (!prefix_ok(str1,"WrLeh")) return False;
+  
+	/* check it's a supported variant */
+	switch( uLevel )
+	{
+		case 0: 
+			p2 = "B21"; 
+			break;
+		default: 
+			return False;
+	}
+
+	if (strcmp(p2,str2) != 0) return False;
+
+	*rdata_len = mdrcnt + 1024;
+	*rdata = REALLOC(*rdata,*rdata_len);
+
+	SSVAL(*rparam,0,NERR_Success);
+	SSVAL(*rparam,2,0);		/* converter word */
+
+	p = *rdata;
+
+	/* XXXX we need a real SAM database some day */
+	pstrcpy(p,"Users"); p += 21; count++;
+	pstrcpy(p,"Domain Users"); p += 21; count++;
+	pstrcpy(p,"Guests"); p += 21; count++;
+	pstrcpy(p,"Domain Guests"); p += 21; count++;
+
+	*rdata_len = PTR_DIFF(p,*rdata);
+
+	*rparam_len = 8;
+	*rparam = REALLOC(*rparam,*rparam_len);
+
+	SSVAL(*rparam,4,count);	/* is this right?? */
+	SSVAL(*rparam,6,count);	/* is this right?? */
+
+	DEBUG(3,("api_RNetUserEnum gave %d entries\n", count));
+
+	return(True);
+}
+
+
+
+/****************************************************************************
+  get the time of day info
+  ****************************************************************************/
+static BOOL api_NetRemoteTOD(connection_struct *conn,uint16 vuid, char *param,char *data,
+			     int mdrcnt,int mprcnt,
+			     char **rdata,char **rparam,
+			     int *rdata_len,int *rparam_len)
+{
+  char *p;
+  *rparam_len = 4;
+  *rparam = REALLOC(*rparam,*rparam_len);
+
+  *rdata_len = 21;
+  *rdata = REALLOC(*rdata,*rdata_len);
+
+  SSVAL(*rparam,0,NERR_Success);
+  SSVAL(*rparam,2,0);		/* converter word */
+
+  p = *rdata;
+
+  {
+    struct tm *t;
+    time_t unixdate = time(NULL);
+
+    put_dos_date3(p,0,unixdate); /* this is the time that is looked at
+				    by NT in a "net time" operation,
+				    it seems to ignore the one below */
+
+    /* the client expects to get localtime, not GMT, in this bit 
+       (I think, this needs testing) */
+    t = LocalTime(&unixdate);
+
+    SIVAL(p,4,0);		/* msecs ? */
+    SCVAL(p,8,t->tm_hour);
+    SCVAL(p,9,t->tm_min);
+    SCVAL(p,10,t->tm_sec);
+    SCVAL(p,11,0);		/* hundredths of seconds */
+    SSVALS(p,12,TimeDiff(unixdate)/60); /* timezone in minutes from GMT */
+    SSVAL(p,14,10000);		/* timer interval in 0.0001 of sec */
+    SCVAL(p,16,t->tm_mday);
+    SCVAL(p,17,t->tm_mon + 1);
+    SSVAL(p,18,1900+t->tm_year);
+    SCVAL(p,20,t->tm_wday);
+  }
+
+
+  return(True);
+}
+
+/****************************************************************************
+ Set the user password.
+*****************************************************************************/
+
+static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param,char *data,
+				int mdrcnt,int mprcnt,
+				char **rdata,char **rparam,
+				int *rdata_len,int *rparam_len)
+{
+  char *p = skip_string(param+2,2);
+  fstring user;
+  fstring pass1,pass2;
+
+  pull_ascii_fstring(user,p);
+
+  p = skip_string(p,1);
+
+  memset(pass1,'\0',sizeof(pass1));
+  memset(pass2,'\0',sizeof(pass2));
+  memcpy(pass1,p,16);
+  memcpy(pass2,p+16,16);
+
+  *rparam_len = 4;
+  *rparam = REALLOC(*rparam,*rparam_len);
+
+  *rdata_len = 0;
+
+  SSVAL(*rparam,0,NERR_badpass);
+  SSVAL(*rparam,2,0);		/* converter word */
+
+  DEBUG(3,("Set password for <%s>\n",user));
+
+  /*
+   * Attempt to verify the old password against smbpasswd entries
+   * Win98 clients send old and new password in plaintext for this call.
+   */
+
+  {
+	  auth_serversupplied_info *server_info = NULL;
+	  DATA_BLOB password = data_blob(pass1, strlen(pass1)+1);
+	  if (NT_STATUS_IS_OK(check_plaintext_password(user,password,&server_info))) {
+
+		  /*
+		   * If unix password sync was requested, attempt to change
+		   * the /etc/passwd database first. Return failure if this cannot
+		   * be done.
+		   *
+		   * This occurs before the oem change, becouse we don't want to
+                   * update it if chgpasswd failed.
+		   *
+		   * Conditional on lp_unix_password_sync() becouse we don't want
+                   * to touch the unix db unless we have admin permission.
+		   */
+		  
+		  if(lp_unix_password_sync() && IS_SAM_UNIX_USER(server_info->sam_account) 
+		     && !chgpasswd(pdb_get_username(server_info->sam_account),
+				   pass1,pass2,False)) {
+			  SSVAL(*rparam,0,NERR_badpass);
+		  }
+		  
+		  if (change_oem_password(server_info->sam_account,pass2))
+		  {
+			  SSVAL(*rparam,0,NERR_Success);
+		  }
+		  
+		  free_server_info(&server_info);
+	  }
+	  data_blob_clear_free(&password);
+  }
+
+  /*
+   * If the plaintext change failed, attempt
+   * the old encrypted method. NT will generate this
+   * after trying the samr method. Note that this
+   * method is done as a last resort as this
+   * password change method loses the NT password hash
+   * and cannot change the UNIX password as no plaintext
+   * is received.
+   */
+
+  if(SVAL(*rparam,0) != NERR_Success)
+  {
+    SAM_ACCOUNT *hnd = NULL;
+
+    if (check_lanman_password(user,(unsigned char *)pass1,(unsigned char *)pass2, &hnd) && 
+       change_lanman_password(hnd,(unsigned char *)pass1,(unsigned char *)pass2))
+    {
+      SSVAL(*rparam,0,NERR_Success);
+    }
+	pdb_free_sam(&hnd);
+  }
+
+
+  memset((char *)pass1,'\0',sizeof(fstring));
+  memset((char *)pass2,'\0',sizeof(fstring));	 
+	 
+  return(True);
+}
+
+/****************************************************************************
+  Set the user password (SamOEM version - gets plaintext).
+****************************************************************************/
+
+static BOOL api_SamOEMChangePassword(connection_struct *conn,uint16 vuid, char *param,char *data,
+				int mdrcnt,int mprcnt,
+				char **rdata,char **rparam,
+				int *rdata_len,int *rparam_len)
+{
+  fstring user;
+  char *p = param + 2;
+  *rparam_len = 2;
+  *rparam = REALLOC(*rparam,*rparam_len);
+
+  *rdata_len = 0;
+
+  SSVAL(*rparam,0,NERR_badpass);
+
+  /*
+   * Check the parameter definition is correct.
+   */
+  if(!strequal(param + 2, "zsT")) {
+    DEBUG(0,("api_SamOEMChangePassword: Invalid parameter string %s\n", param + 2));
+    return False;
+  }
+  p = skip_string(p, 1);
+
+  if(!strequal(p, "B516B16")) {
+    DEBUG(0,("api_SamOEMChangePassword: Invalid data parameter string %s\n", p));
+    return False;
+  }
+  p = skip_string(p,1);
+
+  p += pull_ascii_fstring(user,p);
+
+  DEBUG(3,("api_SamOEMChangePassword: Change password for <%s>\n",user));
+
+  /*
+   * Pass the user through the NT -> unix user mapping
+   * function.
+   */
+
+  (void)map_username(user);
+
+  if (pass_oem_change(user, (uchar*) data, (uchar *)&data[516], NULL, NULL))
+  {
+    SSVAL(*rparam,0,NERR_Success);
+  }
+
+  return(True);
+}
+
+/****************************************************************************
+  delete a print job
+  Form: <W> <> 
+  ****************************************************************************/
+static BOOL api_RDosPrintJobDel(connection_struct *conn,uint16 vuid, char *param,char *data,
+				int mdrcnt,int mprcnt,
+				char **rdata,char **rparam,
+				int *rdata_len,int *rparam_len)
+{
+	int function = SVAL(param,0);
+	char *str1 = param+2;
+	char *str2 = skip_string(str1,1);
+	char *p = skip_string(str2,1);
+	int jobid, errcode;
+	extern struct current_user current_user;
+	WERROR werr = WERR_OK;
+
+	jobid = SVAL(p,0);
+
+	/* check it's a supported varient */
+	if (!(strcsequal(str1,"W") && strcsequal(str2,"")))
+		return(False);
+
+	*rparam_len = 4;
+	*rparam = REALLOC(*rparam,*rparam_len);	
+	*rdata_len = 0;
+
+	if (!print_job_exists(jobid)) {
+		errcode = NERR_JobNotFound;
+		goto out;
+	}
+
+	errcode = NERR_notsupported;
+	
+	switch (function) {
+	case 81:		/* delete */ 
+		if (print_job_delete(&current_user, jobid, &werr)) 
+			errcode = NERR_Success;
+		break;
+	case 82:		/* pause */
+		if (print_job_pause(&current_user, jobid, &werr)) 
+			errcode = NERR_Success;
+		break;
+	case 83:		/* resume */
+		if (print_job_resume(&current_user, jobid, &werr)) 
+			errcode = NERR_Success;
+		break;
+	}
+
+	if (!W_ERROR_IS_OK(werr))
+		errcode = W_ERROR_V(werr);
+	
+ out:
+	SSVAL(*rparam,0,errcode);	
+	SSVAL(*rparam,2,0);		/* converter word */
+
+	return(True);
+}
+
+/****************************************************************************
+  Purge a print queue - or pause or resume it.
+  ****************************************************************************/
+static BOOL api_WPrintQueueCtrl(connection_struct *conn,uint16 vuid, char *param,char *data,
+				 int mdrcnt,int mprcnt,
+				 char **rdata,char **rparam,
+				 int *rdata_len,int *rparam_len)
+{
+	int function = SVAL(param,0);
+	char *str1 = param+2;
+	char *str2 = skip_string(str1,1);
+	char *QueueName = skip_string(str2,1);
+	int errcode = NERR_notsupported;
+	int snum;
+	WERROR werr = WERR_OK;
+	extern struct current_user current_user;
+
+	/* check it's a supported varient */
+	if (!(strcsequal(str1,"z") && strcsequal(str2,"")))
+		return(False);
+
+	*rparam_len = 4;
+	*rparam = REALLOC(*rparam,*rparam_len);
+	*rdata_len = 0;
+
+	snum = print_queue_snum(QueueName);
+
+	if (snum == -1) {
+		errcode = NERR_JobNotFound;
+		goto out;
+	}
+
+	switch (function) {
+	case 74: /* Pause queue */
+		if (print_queue_pause(&current_user, snum, &werr)) errcode = NERR_Success;
+		break;
+	case 75: /* Resume queue */
+		if (print_queue_resume(&current_user, snum, &werr)) errcode = NERR_Success;
+		break;
+	case 103: /* Purge */
+		if (print_queue_purge(&current_user, snum, &werr)) errcode = NERR_Success;
+		break;
+	}
+
+	if (!W_ERROR_IS_OK(werr)) errcode = W_ERROR_V(werr);
+
+ out:
+	SSVAL(*rparam,0,errcode);
+	SSVAL(*rparam,2,0);		/* converter word */
+
+	return(True);
+}
+
+
+/****************************************************************************
+  set the property of a print job (undocumented?)
+  ? function = 0xb -> set name of print job
+  ? function = 0x6 -> move print job up/down
+  Form: <WWsTP> <WWzWWDDzzzzzzzzzzlz> 
+  or   <WWsTP> <WB21BB16B10zWWzDDz> 
+****************************************************************************/
+static int check_printjob_info(struct pack_desc* desc,
+			       int uLevel, char* id)
+{
+	desc->subformat = NULL;
+	switch( uLevel ) {
+	case 0: desc->format = "W"; break;
+	case 1: desc->format = "WB21BB16B10zWWzDDz"; break;
+	case 2: desc->format = "WWzWWDDzz"; break;
+	case 3: desc->format = "WWzWWDDzzzzzzzzzzlz"; break;
+	case 4: desc->format = "WWzWWDDzzzzzDDDDDDD"; break;
+	default: return False;
+	}
+	if (strcmp(desc->format,id) != 0) return False;
+	return True;
+}
+
+static BOOL api_PrintJobInfo(connection_struct *conn,uint16 vuid,char *param,char *data,
+  			     int mdrcnt,int mprcnt,
+  			     char **rdata,char **rparam,
+  			     int *rdata_len,int *rparam_len)
+{
+	struct pack_desc desc;
+	char *str1 = param+2;
+	char *str2 = skip_string(str1,1);
+	char *p = skip_string(str2,1);
+	int jobid;
+	int uLevel = SVAL(p,2);
+	int function = SVAL(p,4);
+	int place, errcode;
+
+	jobid = SVAL(p,0);
+	*rparam_len = 4;
+	*rparam = REALLOC(*rparam,*rparam_len);
+  
+	*rdata_len = 0;
+	
+	/* check it's a supported varient */
+	if ((strcmp(str1,"WWsTP")) || 
+	    (!check_printjob_info(&desc,uLevel,str2)))
+		return(False);
+
+	if (!print_job_exists(jobid)) {
+		errcode=NERR_JobNotFound;
+		goto out;
+	}
+
+	errcode = NERR_notsupported;
+
+	switch (function) {
+	case 0x6:
+		/* change job place in the queue, 
+		   data gives the new place */
+		place = SVAL(data,0);
+		if (print_job_set_place(jobid, place)) {
+			errcode=NERR_Success;
+		}
+		break;
+
+	case 0xb:   
+		/* change print job name, data gives the name */
+		if (print_job_set_name(jobid, data)) {
+			errcode=NERR_Success;
+		}
+		break;
+
+	default:
+		return False;
+	}
+
+ out:
+	SSVALS(*rparam,0,errcode);
+	SSVAL(*rparam,2,0);		/* converter word */
+	
+	return(True);
+}
+
+
+/****************************************************************************
+  get info about the server
+  ****************************************************************************/
+static BOOL api_RNetServerGetInfo(connection_struct *conn,uint16 vuid, char *param,char *data,
+				  int mdrcnt,int mprcnt,
+				  char **rdata,char **rparam,
+				  int *rdata_len,int *rparam_len)
+{
+  char *str1 = param+2;
+  char *str2 = skip_string(str1,1);
+  char *p = skip_string(str2,1);
+  int uLevel = SVAL(p,0);
+  char *p2;
+  int struct_len;
+
+  DEBUG(4,("NetServerGetInfo level %d\n",uLevel));
+
+  /* check it's a supported varient */
+  if (!prefix_ok(str1,"WrLh")) return False;
+  switch( uLevel ) {
+  case 0:
+    if (strcmp(str2,"B16") != 0) return False;
+    struct_len = 16;
+    break;
+  case 1:
+    if (strcmp(str2,"B16BBDz") != 0) return False;
+    struct_len = 26;
+    break;
+  case 2:
+    if (strcmp(str2,"B16BBDzDDDWWzWWWWWWWBB21zWWWWWWWWWWWWWWWWWWWWWWz")
+	!= 0) return False;
+    struct_len = 134;
+    break;
+  case 3:
+    if (strcmp(str2,"B16BBDzDDDWWzWWWWWWWBB21zWWWWWWWWWWWWWWWWWWWWWWzDWz")
+	!= 0) return False;
+    struct_len = 144;
+    break;
+  case 20:
+    if (strcmp(str2,"DN") != 0) return False;
+    struct_len = 6;
+    break;
+  case 50:
+    if (strcmp(str2,"B16BBDzWWzzz") != 0) return False;
+    struct_len = 42;
+    break;
+  default: return False;
+  }
+
+  *rdata_len = mdrcnt;
+  *rdata = REALLOC(*rdata,*rdata_len);
+
+  p = *rdata;
+  p2 = p + struct_len;
+  if (uLevel != 20) {
+    srvstr_push(NULL, p,local_machine,16, 
+		STR_ASCII|STR_UPPER|STR_TERMINATE);
+  }
+  p += 16;
+  if (uLevel > 0)
+    {
+      struct srv_info_struct *servers=NULL;
+      int i,count;
+      pstring comment;
+      uint32 servertype= lp_default_server_announce();
+
+      pstrcpy(comment,string_truncate(lp_serverstring(), MAX_SERVER_STRING_LENGTH));
+
+      if ((count=get_server_info(SV_TYPE_ALL,&servers,global_myworkgroup))>0) {
+	for (i=0;i<count;i++)
+	  if (strequal(servers[i].name,local_machine))
+      {
+	    servertype = servers[i].type;
+	    pstrcpy(comment,servers[i].comment);	    
+	  }
+      }
+      SAFE_FREE(servers);
+
+      SCVAL(p,0,lp_major_announce_version());
+      SCVAL(p,1,lp_minor_announce_version());
+      SIVAL(p,2,servertype);
+
+      if (mdrcnt == struct_len) {
+	SIVAL(p,6,0);
+      } else {
+	SIVAL(p,6,PTR_DIFF(p2,*rdata));
+	standard_sub_conn(conn,comment);
+	StrnCpy(p2,comment,MAX(mdrcnt - struct_len,0));
+	p2 = skip_string(p2,1);
+      }
+    }
+  if (uLevel > 1)
+    {
+      return False;		/* not yet implemented */
+    }
+
+  *rdata_len = PTR_DIFF(p2,*rdata);
+
+  *rparam_len = 6;
+  *rparam = REALLOC(*rparam,*rparam_len);
+  SSVAL(*rparam,0,NERR_Success);
+  SSVAL(*rparam,2,0);		/* converter word */
+  SSVAL(*rparam,4,*rdata_len);
+
+  return(True);
+}
+
+
+/****************************************************************************
+  get info about the server
+  ****************************************************************************/
+static BOOL api_NetWkstaGetInfo(connection_struct *conn,uint16 vuid, char *param,char *data,
+				int mdrcnt,int mprcnt,
+				char **rdata,char **rparam,
+				int *rdata_len,int *rparam_len)
+{
+  char *str1 = param+2;
+  char *str2 = skip_string(str1,1);
+  char *p = skip_string(str2,1);
+  char *p2;
+  extern userdom_struct current_user_info;
+  int level = SVAL(p,0);
+
+  DEBUG(4,("NetWkstaGetInfo level %d\n",level));
+
+  *rparam_len = 6;
+  *rparam = REALLOC(*rparam,*rparam_len);
+
+  /* check it's a supported varient */
+  if (!(level==10 && strcsequal(str1,"WrLh") && strcsequal(str2,"zzzBBzz")))
+    return(False);
+
+  *rdata_len = mdrcnt + 1024;
+  *rdata = REALLOC(*rdata,*rdata_len);
+
+  SSVAL(*rparam,0,NERR_Success);
+  SSVAL(*rparam,2,0);		/* converter word */
+
+  p = *rdata;
+  p2 = p + 22;
+
+
+  SIVAL(p,0,PTR_DIFF(p2,*rdata)); /* host name */
+  pstrcpy(p2,local_machine);
+  strupper(p2);
+  p2 = skip_string(p2,1);
+  p += 4;
+
+  SIVAL(p,0,PTR_DIFF(p2,*rdata));
+  pstrcpy(p2,current_user_info.smb_name);
+  p2 = skip_string(p2,1);
+  p += 4;
+
+  SIVAL(p,0,PTR_DIFF(p2,*rdata)); /* login domain */
+  pstrcpy(p2,global_myworkgroup);
+  strupper(p2);
+  p2 = skip_string(p2,1);
+  p += 4;
+
+  SCVAL(p,0,lp_major_announce_version()); /* system version - e.g 4 in 4.1 */
+  SCVAL(p,1,lp_minor_announce_version()); /* system version - e.g .1 in 4.1 */
+  p += 2;
+
+  SIVAL(p,0,PTR_DIFF(p2,*rdata));
+  pstrcpy(p2,global_myworkgroup);	/* don't know.  login domain?? */
+  p2 = skip_string(p2,1);
+  p += 4;
+
+  SIVAL(p,0,PTR_DIFF(p2,*rdata)); /* don't know */
+  pstrcpy(p2,"");
+  p2 = skip_string(p2,1);
+  p += 4;
+
+  *rdata_len = PTR_DIFF(p2,*rdata);
+
+  SSVAL(*rparam,4,*rdata_len);
+
+  return(True);
+}
+
+/****************************************************************************
+  get info about a user
+
+    struct user_info_11 {
+        char                usri11_name[21];  0-20 
+        char                usri11_pad;       21 
+        char                *usri11_comment;  22-25 
+        char            *usri11_usr_comment;  26-29
+        unsigned short      usri11_priv;      30-31
+        unsigned long       usri11_auth_flags; 32-35
+        long                usri11_password_age; 36-39
+        char                *usri11_homedir; 40-43
+        char            *usri11_parms; 44-47
+        long                usri11_last_logon; 48-51
+        long                usri11_last_logoff; 52-55
+        unsigned short      usri11_bad_pw_count; 56-57
+        unsigned short      usri11_num_logons; 58-59
+        char                *usri11_logon_server; 60-63
+        unsigned short      usri11_country_code; 64-65
+        char            *usri11_workstations; 66-69
+        unsigned long       usri11_max_storage; 70-73
+        unsigned short      usri11_units_per_week; 74-75
+        unsigned char       *usri11_logon_hours; 76-79
+        unsigned short      usri11_code_page; 80-81
+    };
+
+where:
+
+  usri11_name specifies the user name for which information is retireved
+
+  usri11_pad aligns the next data structure element to a word boundary
+
+  usri11_comment is a null terminated ASCII comment
+
+  usri11_user_comment is a null terminated ASCII comment about the user
+
+  usri11_priv specifies the level of the privilege assigned to the user.
+       The possible values are:
+
+Name             Value  Description
+USER_PRIV_GUEST  0      Guest privilege
+USER_PRIV_USER   1      User privilege
+USER_PRV_ADMIN   2      Administrator privilege
+
+  usri11_auth_flags specifies the account operator privileges. The
+       possible values are:
+
+Name            Value   Description
+AF_OP_PRINT     0       Print operator
+
+
+Leach, Naik                                        [Page 28]
+
+
+
+INTERNET-DRAFT   CIFS Remote Admin Protocol     January 10, 1997
+
+
+AF_OP_COMM      1       Communications operator
+AF_OP_SERVER    2       Server operator
+AF_OP_ACCOUNTS  3       Accounts operator
+
+
+  usri11_password_age specifies how many seconds have elapsed since the
+       password was last changed.
+
+  usri11_home_dir points to a null terminated ASCII string that contains
+       the path name of the user's home directory.
+
+  usri11_parms points to a null terminated ASCII string that is set
+       aside for use by applications.
+
+  usri11_last_logon specifies the time when the user last logged on.
+       This value is stored as the number of seconds elapsed since
+       00:00:00, January 1, 1970.
+
+  usri11_last_logoff specifies the time when the user last logged off.
+       This value is stored as the number of seconds elapsed since
+       00:00:00, January 1, 1970. A value of 0 means the last logoff
+       time is unknown.
+
+  usri11_bad_pw_count specifies the number of incorrect passwords
+       entered since the last successful logon.
+
+  usri11_log1_num_logons specifies the number of times this user has
+       logged on. A value of -1 means the number of logons is unknown.
+
+  usri11_logon_server points to a null terminated ASCII string that
+       contains the name of the server to which logon requests are sent.
+       A null string indicates logon requests should be sent to the
+       domain controller.
+
+  usri11_country_code specifies the country code for the user's language
+       of choice.
+
+  usri11_workstations points to a null terminated ASCII string that
+       contains the names of workstations the user may log on from.
+       There may be up to 8 workstations, with the names separated by
+       commas. A null strings indicates there are no restrictions.
+
+  usri11_max_storage specifies the maximum amount of disk space the user
+       can occupy. A value of 0xffffffff indicates there are no
+       restrictions.
+
+  usri11_units_per_week specifies the equal number of time units into
+       which a week is divided. This value must be equal to 168.
+
+  usri11_logon_hours points to a 21 byte (168 bits) string that
+       specifies the time during which the user can log on. Each bit
+       represents one unique hour in a week. The first bit (bit 0, word
+       0) is Sunday, 0:00 to 0:59, the second bit (bit 1, word 0) is
+
+
+
+Leach, Naik                                        [Page 29]
+
+
+
+INTERNET-DRAFT   CIFS Remote Admin Protocol     January 10, 1997
+
+
+       Sunday, 1:00 to 1:59 and so on. A null pointer indicates there
+       are no restrictions.
+
+  usri11_code_page specifies the code page for the user's language of
+       choice
+
+All of the pointers in this data structure need to be treated
+specially. The  pointer is a 32 bit pointer. The higher 16 bits need
+to be ignored. The converter word returned in the parameters section
+needs to be subtracted from the lower 16 bits to calculate an offset
+into the return buffer where this ASCII string resides.
+
+There is no auxiliary data in the response.
+
+  ****************************************************************************/
+
+#define usri11_name           0 
+#define usri11_pad            21
+#define usri11_comment        22
+#define usri11_usr_comment    26
+#define usri11_full_name      30
+#define usri11_priv           34
+#define usri11_auth_flags     36
+#define usri11_password_age   40
+#define usri11_homedir        44
+#define usri11_parms          48
+#define usri11_last_logon     52
+#define usri11_last_logoff    56
+#define usri11_bad_pw_count   60
+#define usri11_num_logons     62
+#define usri11_logon_server   64
+#define usri11_country_code   68
+#define usri11_workstations   70
+#define usri11_max_storage    74
+#define usri11_units_per_week 78
+#define usri11_logon_hours    80
+#define usri11_code_page      84
+#define usri11_end            86
+
+#define USER_PRIV_GUEST 0
+#define USER_PRIV_USER 1
+#define USER_PRIV_ADMIN 2
+
+#define AF_OP_PRINT     0 
+#define AF_OP_COMM      1
+#define AF_OP_SERVER    2
+#define AF_OP_ACCOUNTS  3
+
+
+static BOOL api_RNetUserGetInfo(connection_struct *conn,uint16 vuid, char *param,char *data,
+				int mdrcnt,int mprcnt,
+				char **rdata,char **rparam,
+				int *rdata_len,int *rparam_len)
+{
+	char *str1 = param+2;
+	char *str2 = skip_string(str1,1);
+	char *UserName = skip_string(str2,1);
+	char *p = skip_string(UserName,1);
+	int uLevel = SVAL(p,0);
+	char *p2;
+
+    /* get NIS home of a previously validated user - simeon */
+    /* With share level security vuid will always be zero.
+       Don't depend on vuser being non-null !!. JRA */
+    user_struct *vuser = get_valid_user_struct(vuid);
+    if(vuser != NULL)
+      DEBUG(3,("  Username of UID %d is %s\n", (int)vuser->uid, 
+	       vuser->user.unix_name));
+
+    *rparam_len = 6;
+    *rparam = REALLOC(*rparam,*rparam_len);
+
+    DEBUG(4,("RNetUserGetInfo level=%d\n", uLevel));
+  
+	/* check it's a supported variant */
+	if (strcmp(str1,"zWrLh") != 0) return False;
+	switch( uLevel )
+	{
+		case 0: p2 = "B21"; break;
+		case 1: p2 = "B21BB16DWzzWz"; break;
+		case 2: p2 = "B21BB16DWzzWzDzzzzDDDDWb21WWzWW"; break;
+		case 10: p2 = "B21Bzzz"; break;
+		case 11: p2 = "B21BzzzWDDzzDDWWzWzDWb21W"; break;
+		default: return False;
+	}
+
+	if (strcmp(p2,str2) != 0) return False;
+
+	*rdata_len = mdrcnt + 1024;
+	*rdata = REALLOC(*rdata,*rdata_len);
+
+	SSVAL(*rparam,0,NERR_Success);
+	SSVAL(*rparam,2,0);		/* converter word */
+
+	p = *rdata;
+	p2 = p + usri11_end;
+
+	memset(p,0,21); 
+	fstrcpy(p+usri11_name,UserName); /* 21 bytes - user name */
+
+	if (uLevel > 0)
+	{
+		SCVAL(p,usri11_pad,0); /* padding - 1 byte */
+		*p2 = 0;
+	}
+	if (uLevel >= 10)
+	{
+		SIVAL(p,usri11_comment,PTR_DIFF(p2,p)); /* comment */
+		pstrcpy(p2,"Comment");
+		p2 = skip_string(p2,1);
+
+		SIVAL(p,usri11_usr_comment,PTR_DIFF(p2,p)); /* user_comment */
+		pstrcpy(p2,"UserComment");
+		p2 = skip_string(p2,1);
+
+		/* EEK! the cifsrap.txt doesn't have this in!!!! */
+		SIVAL(p,usri11_full_name,PTR_DIFF(p2,p)); /* full name */
+		pstrcpy(p2,((vuser != NULL) ? vuser->user.full_name : UserName));
+		p2 = skip_string(p2,1);
+	}
+
+	if (uLevel == 11) /* modelled after NTAS 3.51 reply */
+	{         
+		SSVAL(p,usri11_priv,conn->admin_user?USER_PRIV_ADMIN:USER_PRIV_USER); 
+		SIVAL(p,usri11_auth_flags,AF_OP_PRINT);		/* auth flags */
+		SIVALS(p,usri11_password_age,-1);		/* password age */
+		SIVAL(p,usri11_homedir,PTR_DIFF(p2,p)); /* home dir */
+		pstrcpy(p2, lp_logon_home());
+		standard_sub_conn(conn, p2);
+		p2 = skip_string(p2,1);
+		SIVAL(p,usri11_parms,PTR_DIFF(p2,p)); /* parms */
+		pstrcpy(p2,"");
+		p2 = skip_string(p2,1);
+		SIVAL(p,usri11_last_logon,0);		/* last logon */
+		SIVAL(p,usri11_last_logoff,0);		/* last logoff */
+		SSVALS(p,usri11_bad_pw_count,-1);	/* bad pw counts */
+		SSVALS(p,usri11_num_logons,-1);		/* num logons */
+		SIVAL(p,usri11_logon_server,PTR_DIFF(p2,p)); /* logon server */
+		pstrcpy(p2,"\\\\*");
+		p2 = skip_string(p2,1);
+		SSVAL(p,usri11_country_code,0);		/* country code */
+
+		SIVAL(p,usri11_workstations,PTR_DIFF(p2,p)); /* workstations */
+		pstrcpy(p2,"");
+		p2 = skip_string(p2,1);
+
+		SIVALS(p,usri11_max_storage,-1);		/* max storage */
+		SSVAL(p,usri11_units_per_week,168);		/* units per week */
+		SIVAL(p,usri11_logon_hours,PTR_DIFF(p2,p)); /* logon hours */
+
+		/* a simple way to get logon hours at all times. */
+		memset(p2,0xff,21);
+		SCVAL(p2,21,0);           /* fix zero termination */
+		p2 = skip_string(p2,1);
+
+		SSVAL(p,usri11_code_page,0);		/* code page */
+	}
+	if (uLevel == 1 || uLevel == 2)
+	{
+		memset(p+22,' ',16);	/* password */
+		SIVALS(p,38,-1);		/* password age */
+		SSVAL(p,42,
+		conn->admin_user?USER_PRIV_ADMIN:USER_PRIV_USER);
+		SIVAL(p,44,PTR_DIFF(p2,*rdata)); /* home dir */
+		pstrcpy(p2,lp_logon_home());
+		standard_sub_conn(conn, p2);
+		p2 = skip_string(p2,1);
+		SIVAL(p,48,PTR_DIFF(p2,*rdata)); /* comment */
+		*p2++ = 0;
+		SSVAL(p,52,0);		/* flags */
+		SIVAL(p,54,PTR_DIFF(p2,*rdata));		/* script_path */
+		pstrcpy(p2,lp_logon_script());
+		standard_sub_conn( conn, p2 );             
+		p2 = skip_string(p2,1);
+		if (uLevel == 2)
+		{
+			SIVAL(p,60,0);		/* auth_flags */
+			SIVAL(p,64,PTR_DIFF(p2,*rdata)); /* full_name */
+   			pstrcpy(p2,((vuser != NULL) ? vuser->user.full_name : UserName));
+			p2 = skip_string(p2,1);
+			SIVAL(p,68,0);		/* urs_comment */
+			SIVAL(p,72,PTR_DIFF(p2,*rdata)); /* parms */
+			pstrcpy(p2,"");
+			p2 = skip_string(p2,1);
+			SIVAL(p,76,0);		/* workstations */
+			SIVAL(p,80,0);		/* last_logon */
+			SIVAL(p,84,0);		/* last_logoff */
+			SIVALS(p,88,-1);		/* acct_expires */
+			SIVALS(p,92,-1);		/* max_storage */
+			SSVAL(p,96,168);	/* units_per_week */
+			SIVAL(p,98,PTR_DIFF(p2,*rdata)); /* logon_hours */
+			memset(p2,-1,21);
+			p2 += 21;
+			SSVALS(p,102,-1);	/* bad_pw_count */
+			SSVALS(p,104,-1);	/* num_logons */
+			SIVAL(p,106,PTR_DIFF(p2,*rdata)); /* logon_server */
+			pstrcpy(p2,"\\\\%L");
+			standard_sub_conn(conn, p2);
+			p2 = skip_string(p2,1);
+			SSVAL(p,110,49);	/* country_code */
+			SSVAL(p,112,860);	/* code page */
+		}
+	}
+
+	*rdata_len = PTR_DIFF(p2,*rdata);
+
+	SSVAL(*rparam,4,*rdata_len);	/* is this right?? */
+
+	return(True);
+}
+
+/*******************************************************************
+  get groups that a user is a member of
+  ******************************************************************/
+static BOOL api_NetUserGetGroups(connection_struct *conn,uint16 vuid, char *param,char *data,
+				 int mdrcnt,int mprcnt,
+				 char **rdata,char **rparam,
+				 int *rdata_len,int *rparam_len)
+{
+  char *str1 = param+2;
+  char *str2 = skip_string(str1,1);
+  char *UserName = skip_string(str2,1);
+  char *p = skip_string(UserName,1);
+  int uLevel = SVAL(p,0);
+  char *p2;
+  int count=0;
+
+  *rparam_len = 8;
+  *rparam = REALLOC(*rparam,*rparam_len);
+
+  /* check it's a supported varient */
+  if (strcmp(str1,"zWrLeh") != 0) return False;
+  switch( uLevel ) {
+  case 0: p2 = "B21"; break;
+  default: return False;
+  }
+  if (strcmp(p2,str2) != 0) return False;
+
+  *rdata_len = mdrcnt + 1024;
+  *rdata = REALLOC(*rdata,*rdata_len);
+
+  SSVAL(*rparam,0,NERR_Success);
+  SSVAL(*rparam,2,0);		/* converter word */
+
+  p = *rdata;
+
+  /* XXXX we need a real SAM database some day */
+  pstrcpy(p,"Users"); p += 21; count++;
+  pstrcpy(p,"Domain Users"); p += 21; count++;
+  pstrcpy(p,"Guests"); p += 21; count++;
+  pstrcpy(p,"Domain Guests"); p += 21; count++;
+
+  *rdata_len = PTR_DIFF(p,*rdata);
+
+  SSVAL(*rparam,4,count);	/* is this right?? */
+  SSVAL(*rparam,6,count);	/* is this right?? */
+
+  return(True);
+}
+
+
+static BOOL api_WWkstaUserLogon(connection_struct *conn,uint16 vuid, char *param,char *data,
+				int mdrcnt,int mprcnt,
+				char **rdata,char **rparam,
+				int *rdata_len,int *rparam_len)
+{
+  char *str1 = param+2;
+  char *str2 = skip_string(str1,1);
+  char *p = skip_string(str2,1);
+  int uLevel;
+  struct pack_desc desc;
+  char* name;
+
+  uLevel = SVAL(p,0);
+  name = p + 2;
+
+  memset((char *)&desc,'\0',sizeof(desc));
+
+  DEBUG(3,("WWkstaUserLogon uLevel=%d name=%s\n",uLevel,name));
+
+  /* check it's a supported varient */
+  if (strcmp(str1,"OOWb54WrLh") != 0) return False;
+  if (uLevel != 1 || strcmp(str2,"WB21BWDWWDDDDDDDzzzD") != 0) return False;
+  if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt);
+  desc.base = *rdata;
+  desc.buflen = mdrcnt;
+  desc.subformat = NULL;
+  desc.format = str2;
+  
+  if (init_package(&desc,1,0))
+  {
+    PACKI(&desc,"W",0);		/* code */
+    PACKS(&desc,"B21",name);	/* eff. name */
+    PACKS(&desc,"B","");		/* pad */
+    PACKI(&desc,"W",
+	  conn->admin_user?USER_PRIV_ADMIN:USER_PRIV_USER);
+    PACKI(&desc,"D",0);		/* auth flags XXX */
+    PACKI(&desc,"W",0);		/* num logons */
+    PACKI(&desc,"W",0);		/* bad pw count */
+    PACKI(&desc,"D",0);		/* last logon */
+    PACKI(&desc,"D",-1);		/* last logoff */
+    PACKI(&desc,"D",-1);		/* logoff time */
+    PACKI(&desc,"D",-1);		/* kickoff time */
+    PACKI(&desc,"D",0);		/* password age */
+    PACKI(&desc,"D",0);		/* password can change */
+    PACKI(&desc,"D",-1);		/* password must change */
+    {
+      fstring mypath;
+      fstrcpy(mypath,"\\\\");
+      fstrcat(mypath,local_machine);
+      strupper(mypath);
+      PACKS(&desc,"z",mypath); /* computer */
+    }
+    PACKS(&desc,"z",global_myworkgroup);/* domain */
+
+/* JHT - By calling lp_logon_script() and standard_sub() we have */
+/* made sure all macros are fully substituted and available */
+    {
+      pstring logon_script;
+      pstrcpy(logon_script,lp_logon_script());
+      standard_sub_conn( conn, logon_script );
+      PACKS(&desc,"z", logon_script);		/* script path */
+    }
+/* End of JHT mods */
+
+    PACKI(&desc,"D",0x00000000);		/* reserved */
+  }
+
+  *rdata_len = desc.usedlen;
+  *rparam_len = 6;
+  *rparam = REALLOC(*rparam,*rparam_len);
+  SSVALS(*rparam,0,desc.errcode);
+  SSVAL(*rparam,2,0);
+  SSVAL(*rparam,4,desc.neededlen);
+
+  DEBUG(4,("WWkstaUserLogon: errorcode %d\n",desc.errcode));
+  return(True);
+}
+
+
+/****************************************************************************
+  api_WAccessGetUserPerms
+  ****************************************************************************/
+static BOOL api_WAccessGetUserPerms(connection_struct *conn,uint16 vuid, char *param,char *data,
+				    int mdrcnt,int mprcnt,
+				    char **rdata,char **rparam,
+				    int *rdata_len,int *rparam_len)
+{
+  char *str1 = param+2;
+  char *str2 = skip_string(str1,1);
+  char *user = skip_string(str2,1);
+  char *resource = skip_string(user,1);
+
+  DEBUG(3,("WAccessGetUserPerms user=%s resource=%s\n",user,resource));
+
+  /* check it's a supported varient */
+  if (strcmp(str1,"zzh") != 0) return False;
+  if (strcmp(str2,"") != 0) return False;
+
+  *rparam_len = 6;
+  *rparam = REALLOC(*rparam,*rparam_len);
+  SSVALS(*rparam,0,0);		/* errorcode */
+  SSVAL(*rparam,2,0);		/* converter word */
+  SSVAL(*rparam,4,0x7f);	/* permission flags */
+
+  return(True);
+}
+
+/****************************************************************************
+  api_WPrintJobEnumerate
+  ****************************************************************************/
+static BOOL api_WPrintJobGetInfo(connection_struct *conn,uint16 vuid, char *param,char *data,
+				 int mdrcnt,int mprcnt,
+				 char **rdata,char **rparam,
+				 int *rdata_len,int *rparam_len)
+{
+  char *str1 = param+2;
+  char *str2 = skip_string(str1,1);
+  char *p = skip_string(str2,1);
+  int uLevel;
+  int count;
+  int i;
+  int snum;
+  int job;
+  struct pack_desc desc;
+  print_queue_struct *queue=NULL;
+  print_status_struct status;
+  char *tmpdata=NULL;
+
+  uLevel = SVAL(p,2);
+
+  memset((char *)&desc,'\0',sizeof(desc));
+  memset((char *)&status,'\0',sizeof(status));
+
+  DEBUG(3,("WPrintJobGetInfo uLevel=%d uJobId=0x%X\n",uLevel,SVAL(p,0)));
+
+  /* check it's a supported varient */
+  if (strcmp(str1,"WWrLh") != 0) return False;
+  if (!check_printjob_info(&desc,uLevel,str2)) return False;
+
+  job = SVAL(p,0);
+  snum = print_job_snum(job);
+
+  if (snum < 0 || !VALID_SNUM(snum)) return(False);
+
+  count = print_queue_status(snum,&queue,&status);
+  for (i = 0; i < count; i++) {
+    if (queue[i].job == job) break;
+  }
+
+  if (mdrcnt > 0) {
+    *rdata = REALLOC(*rdata,mdrcnt);
+    desc.base = *rdata;
+    desc.buflen = mdrcnt;
+  } else {
+    /*
+     * Don't return data but need to get correct length
+     *  init_package will return wrong size if buflen=0
+     */
+    desc.buflen = getlen(desc.format);
+    desc.base = tmpdata = (char *)malloc ( desc.buflen );
+  }
+
+  if (init_package(&desc,1,0)) {
+    if (i < count) {
+      fill_printjob_info(conn,snum,uLevel,&desc,&queue[i],i);
+      *rdata_len = desc.usedlen;
+    }
+    else {
+      desc.errcode = NERR_JobNotFound;
+      *rdata_len = 0;
+    }
+  }
+
+  *rparam_len = 6;
+  *rparam = REALLOC(*rparam,*rparam_len);
+  SSVALS(*rparam,0,desc.errcode);
+  SSVAL(*rparam,2,0);
+  SSVAL(*rparam,4,desc.neededlen);
+
+  SAFE_FREE(queue);
+  SAFE_FREE(tmpdata);
+
+  DEBUG(4,("WPrintJobGetInfo: errorcode %d\n",desc.errcode));
+  return(True);
+}
+
+static BOOL api_WPrintJobEnumerate(connection_struct *conn,uint16 vuid, char *param,char *data,
+				   int mdrcnt,int mprcnt,
+				   char **rdata,char **rparam,
+				   int *rdata_len,int *rparam_len)
+{
+  char *str1 = param+2;
+  char *str2 = skip_string(str1,1);
+  char *p = skip_string(str2,1);
+  char* name = p;
+  int uLevel;
+  int count;
+  int i, succnt=0;
+  int snum;
+  struct pack_desc desc;
+  print_queue_struct *queue=NULL;
+  print_status_struct status;
+
+  memset((char *)&desc,'\0',sizeof(desc));
+  memset((char *)&status,'\0',sizeof(status));
+
+  p = skip_string(p,1);
+  uLevel = SVAL(p,0);
+
+  DEBUG(3,("WPrintJobEnumerate uLevel=%d name=%s\n",uLevel,name));
+
+  /* check it's a supported varient */
+  if (strcmp(str1,"zWrLeh") != 0) return False;
+  if (uLevel > 2) return False;	/* defined only for uLevel 0,1,2 */
+  if (!check_printjob_info(&desc,uLevel,str2)) return False;
+
+  snum = lp_servicenumber(name);
+  if (snum < 0 && pcap_printername_ok(name,NULL)) {
+    int pnum = lp_servicenumber(PRINTERS_NAME);
+    if (pnum >= 0) {
+      lp_add_printer(name,pnum);
+      snum = lp_servicenumber(name);
+    }
+  }
+
+  if (snum < 0 || !VALID_SNUM(snum)) return(False);
+
+  count = print_queue_status(snum,&queue,&status);
+  if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt);
+  desc.base = *rdata;
+  desc.buflen = mdrcnt;
+
+  if (init_package(&desc,count,0)) {
+    succnt = 0;
+    for (i = 0; i < count; i++) {
+      fill_printjob_info(conn,snum,uLevel,&desc,&queue[i],i);
+      if (desc.errcode == NERR_Success) succnt = i+1;
+    }
+  }
+
+  *rdata_len = desc.usedlen;
+
+  *rparam_len = 8;
+  *rparam = REALLOC(*rparam,*rparam_len);
+  SSVALS(*rparam,0,desc.errcode);
+  SSVAL(*rparam,2,0);
+  SSVAL(*rparam,4,succnt);
+  SSVAL(*rparam,6,count);
+
+  SAFE_FREE(queue);
+
+  DEBUG(4,("WPrintJobEnumerate: errorcode %d\n",desc.errcode));
+  return(True);
+}
+
+static int check_printdest_info(struct pack_desc* desc,
+				int uLevel, char* id)
+{
+  desc->subformat = NULL;
+  switch( uLevel ) {
+  case 0: desc->format = "B9"; break;
+  case 1: desc->format = "B9B21WWzW"; break;
+  case 2: desc->format = "z"; break;
+  case 3: desc->format = "zzzWWzzzWW"; break;
+  default: return False;
+  }
+  if (strcmp(desc->format,id) != 0) return False;
+  return True;
+}
+
+static void fill_printdest_info(connection_struct *conn, int snum, int uLevel,
+				struct pack_desc* desc)
+{
+  char buf[100];
+  strncpy(buf,SERVICE(snum),sizeof(buf)-1);
+  buf[sizeof(buf)-1] = 0;
+  strupper(buf);
+  if (uLevel <= 1) {
+    PACKS(desc,"B9",buf);	/* szName */
+    if (uLevel == 1) {
+      PACKS(desc,"B21","");	/* szUserName */
+      PACKI(desc,"W",0);		/* uJobId */
+      PACKI(desc,"W",0);		/* fsStatus */
+      PACKS(desc,"z","");	/* pszStatus */
+      PACKI(desc,"W",0);		/* time */
+    }
+  }
+  if (uLevel == 2 || uLevel == 3) {
+    PACKS(desc,"z",buf);		/* pszPrinterName */
+    if (uLevel == 3) {
+      PACKS(desc,"z","");	/* pszUserName */
+      PACKS(desc,"z","");	/* pszLogAddr */
+      PACKI(desc,"W",0);		/* uJobId */
+      PACKI(desc,"W",0);		/* fsStatus */
+      PACKS(desc,"z","");	/* pszStatus */
+      PACKS(desc,"z","");	/* pszComment */
+      PACKS(desc,"z","NULL"); /* pszDrivers */
+      PACKI(desc,"W",0);		/* time */
+      PACKI(desc,"W",0);		/* pad1 */
+    }
+  }
+}
+
+static BOOL api_WPrintDestGetInfo(connection_struct *conn,uint16 vuid, char *param,char *data,
+				  int mdrcnt,int mprcnt,
+				  char **rdata,char **rparam,
+				  int *rdata_len,int *rparam_len)
+{
+  char *str1 = param+2;
+  char *str2 = skip_string(str1,1);
+  char *p = skip_string(str2,1);
+  char* PrinterName = p;
+  int uLevel;
+  struct pack_desc desc;
+  int snum;
+  char *tmpdata=NULL;
+
+  memset((char *)&desc,'\0',sizeof(desc));
+
+  p = skip_string(p,1);
+  uLevel = SVAL(p,0);
+
+  DEBUG(3,("WPrintDestGetInfo uLevel=%d PrinterName=%s\n",uLevel,PrinterName));
+
+  /* check it's a supported varient */
+  if (strcmp(str1,"zWrLh") != 0) return False;
+  if (!check_printdest_info(&desc,uLevel,str2)) return False;
+
+  snum = lp_servicenumber(PrinterName);
+  if (snum < 0 && pcap_printername_ok(PrinterName,NULL)) {
+    int pnum = lp_servicenumber(PRINTERS_NAME);
+    if (pnum >= 0) {
+      lp_add_printer(PrinterName,pnum);
+      snum = lp_servicenumber(PrinterName);
+    }
+  }
+
+  if (snum < 0) {
+    *rdata_len = 0;
+    desc.errcode = NERR_DestNotFound;
+    desc.neededlen = 0;
+  }
+  else {
+    if (mdrcnt > 0) {
+      *rdata = REALLOC(*rdata,mdrcnt);
+      desc.base = *rdata;
+      desc.buflen = mdrcnt;
+    } else {
+      /*
+       * Don't return data but need to get correct length
+       *  init_package will return wrong size if buflen=0
+       */
+      desc.buflen = getlen(desc.format);
+      desc.base = tmpdata = (char *)malloc ( desc.buflen );
+    }
+    if (init_package(&desc,1,0)) {
+      fill_printdest_info(conn,snum,uLevel,&desc);
+    }
+    *rdata_len = desc.usedlen;
+  }
+
+  *rparam_len = 6;
+  *rparam = REALLOC(*rparam,*rparam_len);
+  SSVALS(*rparam,0,desc.errcode);
+  SSVAL(*rparam,2,0);
+  SSVAL(*rparam,4,desc.neededlen);
+
+  DEBUG(4,("WPrintDestGetInfo: errorcode %d\n",desc.errcode));
+  SAFE_FREE(tmpdata);
+  return(True);
+}
+
+static BOOL api_WPrintDestEnum(connection_struct *conn,uint16 vuid, char *param,char *data,
+			       int mdrcnt,int mprcnt,
+			       char **rdata,char **rparam,
+			       int *rdata_len,int *rparam_len)
+{
+  char *str1 = param+2;
+  char *str2 = skip_string(str1,1);
+  char *p = skip_string(str2,1);
+  int uLevel;
+  int queuecnt;
+  int i, n, succnt=0;
+  struct pack_desc desc;
+  int services = lp_numservices();
+
+  memset((char *)&desc,'\0',sizeof(desc));
+
+  uLevel = SVAL(p,0);
+
+  DEBUG(3,("WPrintDestEnum uLevel=%d\n",uLevel));
+
+  /* check it's a supported varient */
+  if (strcmp(str1,"WrLeh") != 0) return False;
+  if (!check_printdest_info(&desc,uLevel,str2)) return False;
+
+  queuecnt = 0;
+  for (i = 0; i < services; i++)
+    if (lp_snum_ok(i) && lp_print_ok(i) && lp_browseable(i))
+      queuecnt++;
+
+  if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt);
+  desc.base = *rdata;
+  desc.buflen = mdrcnt;
+  if (init_package(&desc,queuecnt,0)) {    
+    succnt = 0;
+    n = 0;
+    for (i = 0; i < services; i++) {
+      if (lp_snum_ok(i) && lp_print_ok(i) && lp_browseable(i)) {
+	fill_printdest_info(conn,i,uLevel,&desc);
+	n++;
+	if (desc.errcode == NERR_Success) succnt = n;
+      }
+    }
+  }
+
+  *rdata_len = desc.usedlen;
+
+  *rparam_len = 8;
+  *rparam = REALLOC(*rparam,*rparam_len);
+  SSVALS(*rparam,0,desc.errcode);
+  SSVAL(*rparam,2,0);
+  SSVAL(*rparam,4,succnt);
+  SSVAL(*rparam,6,queuecnt);
+
+  DEBUG(4,("WPrintDestEnumerate: errorcode %d\n",desc.errcode));
+  return(True);
+}
+
+static BOOL api_WPrintDriverEnum(connection_struct *conn,uint16 vuid, char *param,char *data,
+				 int mdrcnt,int mprcnt,
+				 char **rdata,char **rparam,
+				 int *rdata_len,int *rparam_len)
+{
+  char *str1 = param+2;
+  char *str2 = skip_string(str1,1);
+  char *p = skip_string(str2,1);
+  int uLevel;
+  int succnt;
+  struct pack_desc desc;
+
+  memset((char *)&desc,'\0',sizeof(desc));
+
+  uLevel = SVAL(p,0);
+
+  DEBUG(3,("WPrintDriverEnum uLevel=%d\n",uLevel));
+
+  /* check it's a supported varient */
+  if (strcmp(str1,"WrLeh") != 0) return False;
+  if (uLevel != 0 || strcmp(str2,"B41") != 0) return False;
+
+  if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt);
+  desc.base = *rdata;
+  desc.buflen = mdrcnt;
+  if (init_package(&desc,1,0)) {
+    PACKS(&desc,"B41","NULL");
+  }
+
+  succnt = (desc.errcode == NERR_Success ? 1 : 0);
+
+  *rdata_len = desc.usedlen;
+
+  *rparam_len = 8;
+  *rparam = REALLOC(*rparam,*rparam_len);
+  SSVALS(*rparam,0,desc.errcode);
+  SSVAL(*rparam,2,0);
+  SSVAL(*rparam,4,succnt);
+  SSVAL(*rparam,6,1);
+
+  DEBUG(4,("WPrintDriverEnum: errorcode %d\n",desc.errcode));
+  return(True);
+}
+
+static BOOL api_WPrintQProcEnum(connection_struct *conn,uint16 vuid, char *param,char *data,
+				int mdrcnt,int mprcnt,
+				char **rdata,char **rparam,
+				int *rdata_len,int *rparam_len)
+{
+  char *str1 = param+2;
+  char *str2 = skip_string(str1,1);
+  char *p = skip_string(str2,1);
+  int uLevel;
+  int succnt;
+  struct pack_desc desc;
+
+  memset((char *)&desc,'\0',sizeof(desc));
+
+  uLevel = SVAL(p,0);
+
+  DEBUG(3,("WPrintQProcEnum uLevel=%d\n",uLevel));
+
+  /* check it's a supported varient */
+  if (strcmp(str1,"WrLeh") != 0) return False;
+  if (uLevel != 0 || strcmp(str2,"B13") != 0) return False;
+
+  if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt);
+  desc.base = *rdata;
+  desc.buflen = mdrcnt;
+  desc.format = str2;
+  if (init_package(&desc,1,0)) {
+    PACKS(&desc,"B13","lpd");
+  }
+
+  succnt = (desc.errcode == NERR_Success ? 1 : 0);
+
+  *rdata_len = desc.usedlen;
+
+  *rparam_len = 8;
+  *rparam = REALLOC(*rparam,*rparam_len);
+  SSVALS(*rparam,0,desc.errcode);
+  SSVAL(*rparam,2,0);
+  SSVAL(*rparam,4,succnt);
+  SSVAL(*rparam,6,1);
+
+  DEBUG(4,("WPrintQProcEnum: errorcode %d\n",desc.errcode));
+  return(True);
+}
+
+static BOOL api_WPrintPortEnum(connection_struct *conn,uint16 vuid, char *param,char *data,
+			       int mdrcnt,int mprcnt,
+			       char **rdata,char **rparam,
+			       int *rdata_len,int *rparam_len)
+{
+  char *str1 = param+2;
+  char *str2 = skip_string(str1,1);
+  char *p = skip_string(str2,1);
+  int uLevel;
+  int succnt;
+  struct pack_desc desc;
+
+  memset((char *)&desc,'\0',sizeof(desc));
+
+  uLevel = SVAL(p,0);
+
+  DEBUG(3,("WPrintPortEnum uLevel=%d\n",uLevel));
+
+  /* check it's a supported varient */
+  if (strcmp(str1,"WrLeh") != 0) return False;
+  if (uLevel != 0 || strcmp(str2,"B9") != 0) return False;
+
+  if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt);
+  memset((char *)&desc,'\0',sizeof(desc));
+  desc.base = *rdata;
+  desc.buflen = mdrcnt;
+  desc.format = str2;
+  if (init_package(&desc,1,0)) {
+    PACKS(&desc,"B13","lp0");
+  }
+
+  succnt = (desc.errcode == NERR_Success ? 1 : 0);
+
+  *rdata_len = desc.usedlen;
+
+  *rparam_len = 8;
+  *rparam = REALLOC(*rparam,*rparam_len);
+  SSVALS(*rparam,0,desc.errcode);
+  SSVAL(*rparam,2,0);
+  SSVAL(*rparam,4,succnt);
+  SSVAL(*rparam,6,1);
+
+  DEBUG(4,("WPrintPortEnum: errorcode %d\n",desc.errcode));
+  return(True);
+}
+
+struct session_info {
+  char machine[31];
+  char username[24];
+  char clitype[24];
+  int opens;
+  int time;
+};
+
+struct sessions_info {
+  int count;
+  struct session_info *session_list;
+};
+
+static int gather_sessioninfo(TDB_CONTEXT *tdb, TDB_DATA kbuf, TDB_DATA dbuf, void *state)
+{
+  struct sessions_info *sinfo = state;
+  struct session_info *curinfo = NULL;
+  struct sessionid *sessid = (struct sessionid *) dbuf.dptr;
+
+  sinfo->count += 1;
+  sinfo->session_list = REALLOC(sinfo->session_list, sinfo->count * sizeof(struct session_info));
+
+  curinfo = &(sinfo->session_list[sinfo->count - 1]);
+
+  safe_strcpy(curinfo->machine, sessid->remote_machine, 
+	      sizeof(curinfo->machine));
+  safe_strcpy(curinfo->username, uidtoname(sessid->uid), 
+	  sizeof(curinfo->username));
+  DEBUG(7,("gather_sessioninfo session from %s@%s\n", 
+	   curinfo->username, curinfo->machine));
+  return 0;
+}
+
+/****************************************************************************
+ List open sessions
+ ****************************************************************************/
+static BOOL api_RNetSessionEnum(connection_struct *conn,uint16 vuid, char *param, char *data,
+			       int mdrcnt,int mprcnt,
+			       char **rdata,char **rparam,
+			       int *rdata_len,int *rparam_len)
+
+{
+  char *str1 = param+2;
+  char *str2 = skip_string(str1,1);
+  char *p = skip_string(str2,1);
+  int uLevel;
+  struct pack_desc desc;
+  struct sessions_info sinfo;
+  int i;
+
+  memset((char *)&desc,'\0',sizeof(desc));
+
+  uLevel = SVAL(p,0);
+
+  DEBUG(3,("RNetSessionEnum uLevel=%d\n",uLevel));
+  DEBUG(7,("RNetSessionEnum req string=%s\n",str1));
+  DEBUG(7,("RNetSessionEnum ret string=%s\n",str2));
+
+  /* check it's a supported varient */
+  if (strcmp(str1,RAP_NetSessionEnum_REQ) != 0) return False;
+  if (uLevel != 2 || strcmp(str2,RAP_SESSION_INFO_L2) != 0) return False;
+
+  sinfo.count = 0;
+  sinfo.session_list = NULL;
+
+  if (!session_traverse(gather_sessioninfo, &sinfo)) {
+    DEBUG(4,("RNetSessionEnum session_traverse failed\n"));
+    return False;
+  }
+
+  if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt);
+  memset((char *)&desc,'\0',sizeof(desc));
+  desc.base = *rdata;
+  desc.buflen = mdrcnt;
+  desc.format = str2;
+  if (!init_package(&desc,sinfo.count,0)) {
+    return False;
+  }
+
+  for(i=0; i<sinfo.count; i++) {
+    PACKS(&desc, "z", sinfo.session_list[i].machine);
+    PACKS(&desc, "z", sinfo.session_list[i].username);
+    PACKI(&desc, "W", 1); /* num conns */
+    PACKI(&desc, "W", 0); /* num opens */
+    PACKI(&desc, "W", 1); /* num users */
+    PACKI(&desc, "D", 0); /* session time */
+    PACKI(&desc, "D", 0); /* idle time */
+    PACKI(&desc, "D", 0); /* flags */
+    PACKS(&desc, "z", "Unknown Client"); /* client type string */
+  }
+
+  *rdata_len = desc.usedlen;
+
+  *rparam_len = 8;
+  *rparam = REALLOC(*rparam,*rparam_len);
+  SSVALS(*rparam,0,desc.errcode);
+  SSVAL(*rparam,2,0); /* converter */
+  SSVAL(*rparam,4,sinfo.count); /* count */
+
+  DEBUG(4,("RNetSessionEnum: errorcode %d\n",desc.errcode));
+  return True;
+}
+
+
+/****************************************************************************
+ The buffer was too small
+ ****************************************************************************/
+
+static BOOL api_TooSmall(connection_struct *conn,uint16 vuid, char *param,char *data,
+			 int mdrcnt,int mprcnt,
+			 char **rdata,char **rparam,
+			 int *rdata_len,int *rparam_len)
+{
+  *rparam_len = MIN(*rparam_len,mprcnt);
+  *rparam = REALLOC(*rparam,*rparam_len);
+
+  *rdata_len = 0;
+
+  SSVAL(*rparam,0,NERR_BufTooSmall);
+
+  DEBUG(3,("Supplied buffer too small in API command\n"));
+
+  return(True);
+}
+
+
+/****************************************************************************
+ The request is not supported
+ ****************************************************************************/
+
+static BOOL api_Unsupported(connection_struct *conn,uint16 vuid, char *param,char *data,
+			    int mdrcnt,int mprcnt,
+			    char **rdata,char **rparam,
+			    int *rdata_len,int *rparam_len)
+{
+  *rparam_len = 4;
+  *rparam = REALLOC(*rparam,*rparam_len);
+
+  *rdata_len = 0;
+
+  SSVAL(*rparam,0,NERR_notsupported);
+  SSVAL(*rparam,2,0);		/* converter word */
+
+  DEBUG(3,("Unsupported API command\n"));
+
+  return(True);
+}
+
+
+
+
+struct
+{
+  char *name;
+  int id;
+  BOOL (*fn)(connection_struct *,uint16,char *,char *,
+	     int,int,char **,char **,int *,int *);
+  int flags;
+} api_commands[] = {
+  {"RNetShareEnum",	RAP_WshareEnum,		api_RNetShareEnum,0},
+  {"RNetShareGetInfo",	RAP_WshareGetInfo,	api_RNetShareGetInfo,0},
+  {"RNetShareAdd",	RAP_WshareAdd,		api_RNetShareAdd,0},
+  {"RNetSessionEnum",	RAP_WsessionEnum,	api_RNetSessionEnum,0},
+  {"RNetServerGetInfo",	RAP_WserverGetInfo,	api_RNetServerGetInfo,0},
+  {"RNetGroupEnum",	RAP_WGroupEnum,		api_RNetGroupEnum,0},
+  {"RNetGroupGetUsers", RAP_WGroupGetUsers,	api_RNetGroupGetUsers,0},
+  {"RNetUserEnum", 	RAP_WUserEnum,		api_RNetUserEnum,0},
+  {"RNetUserGetInfo",	RAP_WUserGetInfo,	api_RNetUserGetInfo,0},
+  {"NetUserGetGroups",	RAP_WUserGetGroups,	api_NetUserGetGroups,0},
+  {"NetWkstaGetInfo",	RAP_WWkstaGetInfo,	api_NetWkstaGetInfo,0},
+  {"DosPrintQEnum",	RAP_WPrintQEnum,	api_DosPrintQEnum,0},
+  {"DosPrintQGetInfo",	RAP_WPrintQGetInfo,	api_DosPrintQGetInfo,0},
+  {"WPrintQueuePause",  RAP_WPrintQPause,	api_WPrintQueueCtrl,0},
+  {"WPrintQueueResume", RAP_WPrintQContinue,	api_WPrintQueueCtrl,0},
+  {"WPrintJobEnumerate",RAP_WPrintJobEnum,	api_WPrintJobEnumerate,0},
+  {"WPrintJobGetInfo",	RAP_WPrintJobGetInfo,	api_WPrintJobGetInfo,0},
+  {"RDosPrintJobDel",	RAP_WPrintJobDel,	api_RDosPrintJobDel,0},
+  {"RDosPrintJobPause",	RAP_WPrintJobPause,	api_RDosPrintJobDel,0},
+  {"RDosPrintJobResume",RAP_WPrintJobContinue,	api_RDosPrintJobDel,0},
+  {"WPrintDestEnum",	RAP_WPrintDestEnum,	api_WPrintDestEnum,0},
+  {"WPrintDestGetInfo",	RAP_WPrintDestGetInfo,	api_WPrintDestGetInfo,0},
+  {"NetRemoteTOD",	RAP_NetRemoteTOD,	api_NetRemoteTOD,0},
+  {"WPrintQueuePurge",	RAP_WPrintQPurge,	api_WPrintQueueCtrl,0},
+  {"NetServerEnum",	RAP_NetServerEnum2,	api_RNetServerEnum,0},
+  {"WAccessGetUserPerms",RAP_WAccessGetUserPerms,api_WAccessGetUserPerms,0},
+  {"SetUserPassword",	RAP_WUserPasswordSet2,	api_SetUserPassword,0},
+  {"WWkstaUserLogon",	RAP_WWkstaUserLogon,	api_WWkstaUserLogon,0},
+  {"PrintJobInfo",	RAP_WPrintJobSetInfo,	api_PrintJobInfo,0},
+  {"WPrintDriverEnum",	RAP_WPrintDriverEnum,	api_WPrintDriverEnum,0},
+  {"WPrintQProcEnum",	RAP_WPrintQProcessorEnum,api_WPrintQProcEnum,0},
+  {"WPrintPortEnum",	RAP_WPrintPortEnum,	api_WPrintPortEnum,0},
+  {"SamOEMChangePassword",RAP_SamOEMChgPasswordUser2_P,api_SamOEMChangePassword,0},
+  {NULL,		-1,	api_Unsupported,0}};
+
+
+/****************************************************************************
+ Handle remote api calls
+ ****************************************************************************/
+
+int api_reply(connection_struct *conn,uint16 vuid,char *outbuf,char *data,char *params,
+		     int tdscnt,int tpscnt,int mdrcnt,int mprcnt)
+{
+  int api_command;
+  char *rdata = NULL;
+  char *rparam = NULL;
+  int rdata_len = 0;
+  int rparam_len = 0;
+  BOOL reply=False;
+  int i;
+
+  if (!params) {
+	  DEBUG(0,("ERROR: NULL params in api_reply()\n"));
+	  return 0;
+  }
+
+  api_command = SVAL(params,0);
+
+  DEBUG(3,("Got API command %d of form <%s> <%s> (tdscnt=%d,tpscnt=%d,mdrcnt=%d,mprcnt=%d)\n",
+	   api_command,
+	   params+2,
+	   skip_string(params+2,1),
+	   tdscnt,tpscnt,mdrcnt,mprcnt));
+
+  for (i=0;api_commands[i].name;i++) {
+    if (api_commands[i].id == api_command && api_commands[i].fn) {
+        DEBUG(3,("Doing %s\n",api_commands[i].name));
+        break;
+    }
+  }
+
+  rdata = (char *)malloc(1024);
+  if (rdata)
+    memset(rdata,'\0',1024);
+
+  rparam = (char *)malloc(1024);
+  if (rparam)
+    memset(rparam,'\0',1024);
+
+  if(!rdata || !rparam) {
+    DEBUG(0,("api_reply: malloc fail !\n"));
+    return -1;
+  }
+
+  reply = api_commands[i].fn(conn,vuid,params,data,mdrcnt,mprcnt,
+			     &rdata,&rparam,&rdata_len,&rparam_len);
+
+
+  if (rdata_len > mdrcnt ||
+      rparam_len > mprcnt) {
+      reply = api_TooSmall(conn,vuid,params,data,mdrcnt,mprcnt,
+			   &rdata,&rparam,&rdata_len,&rparam_len);
+  }
+
+  /* if we get False back then it's actually unsupported */
+  if (!reply)
+    api_Unsupported(conn,vuid,params,data,mdrcnt,mprcnt,
+		    &rdata,&rparam,&rdata_len,&rparam_len);
+
+  send_trans_reply(outbuf, rparam, rparam_len, rdata, rdata_len, False);
+
+  SAFE_FREE(rdata);
+  SAFE_FREE(rparam);
+  
+  return -1;
+}
diff --git a/source3/smbd/mangle.c b/source3/smbd/mangle.c
index 8f1490c528..20b2b419cf 100644
--- a/source3/smbd/mangle.c
+++ b/source3/smbd/mangle.c
@@ -1,8 +1,7 @@
 /* 
-   Unix SMB/Netbios implementation.
-   Version 1.9.
-   Name mangling
-   Copyright (C) Andrew Tridgell 1992-1995
+   Unix SMB/CIFS implementation.
+   Name mangling interface
+   Copyright (C) Andrew Tridgell 2002
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -20,591 +19,99 @@
 */
 
 #include "includes.h"
-#include "loadparm.h"
-
-extern int DEBUGLEVEL;
-extern int case_default;
-extern BOOL case_mangle;
-
-/****************************************************************************
-provide a checksum on a string
-****************************************************************************/
-int str_checksum(char *s)
-{
-  int res = 0;
-  int c;
-  int i=0;
-  while (*s)
-    {
-      c = *s;
-      res ^= (c << (i % 15)) ^ (c >> (15-(i%15)));
-      s++; i++;
-    }
-  return(res);
-}
-
-/****************************************************************************
-return True if a name is a special msdos reserved name
-****************************************************************************/
-static BOOL is_reserved_msdos(char *fname)
-{
-  char upperFname[13];
-  char *p;
-
-  StrnCpy (upperFname, fname, 12);
-
-  /* lpt1.txt and con.txt etc are also illegal */
-  p=strchr(upperFname,'.');
-  if (p)
-   *p='\0';
-  strupper (upperFname);
-  if ((strcmp(upperFname,"CLOCK$") == 0) ||
-    (strcmp(upperFname,"CON") == 0) ||
-    (strcmp(upperFname,"AUX") == 0) ||
-    (strcmp(upperFname,"COM1") == 0) ||
-    (strcmp(upperFname,"COM2") == 0) ||
-    (strcmp(upperFname,"COM3") == 0) ||
-    (strcmp(upperFname,"COM4") == 0) ||
-    (strcmp(upperFname,"LPT1") == 0) ||
-    (strcmp(upperFname,"LPT2") == 0) ||
-    (strcmp(upperFname,"LPT3") == 0) ||
-    (strcmp(upperFname,"NUL") == 0) ||
-    (strcmp(upperFname,"PRN") == 0))
-      return (True) ;
-
-  return (False);
-}
-
-
-
-/****************************************************************************
-return True if a name is in 8.3 dos format
-****************************************************************************/
-BOOL is_8_3(char *fname)
-{
-  int len;
-  char *dot_pos;
-  char *slash_pos = strrchr(fname,'/');
-  int l;
-
-  if (slash_pos) fname = slash_pos+1;
-  len = strlen(fname);
-
-  dot_pos = strchr(fname,'.');
-
-  DEBUG(5,("checking %s for 8.3\n",fname));
-
-  if (case_mangle)
-    switch (case_default)
-      {
-      case CASE_LOWER:
-	if (strhasupper(fname)) return(False);
-	break;
-      case CASE_UPPER:
-	if (strhaslower(fname)) return(False);
-	break;
-      }
-
-  /* can't be longer than 12 chars */
-  if (len == 0 || len > 12)
-    return(False);
-
-  /* can't be an MS-DOS Special file such as lpt1 or even lpt1.txt */
-  if (is_reserved_msdos(fname))
-    return(False);
-
-  /* can't contain invalid dos chars */
-  /* Windows use the ANSI charset.
-     But filenames are translated in the PC charset.
-     This Translation may be more or less relaxed depending
-     the Windows application. */
-
-  /* %%% A nice improvment to name mangling would be to translate
-     filename to ANSI charset on the smb server host */
-
-  {
-    char *p = fname;
-#ifdef KANJI
-    dot_pos = 0;
-    while (*p)
-      {
-	  if (is_shift_jis (*p)) {
-	      p += 2;
-	  } else if (is_kana (*p)) {
-	      p ++;
-	  } else {
-	      if (*p == '.' && !dot_pos)
-		  dot_pos = (char *) p;
-	      if (!isdoschar(*p))
-		  return(False);
-	      p++;
-	  }
-      }      
-#else
-    while (*p)
-      {
-	if (!isdoschar(*p))
-	  return(False);
-	p++;
-      }      
-#endif /* KANJI */
-  }
-
-  /* no dot and less than 9 means OK */
-  if (!dot_pos)
-    return(len <= 8);
-	
-  l = PTR_DIFF(dot_pos,fname);
-
-  /* base must be at least 1 char except special cases . and .. */
-  if (l == 0)
-    return(strcmp(fname,".") == 0 || strcmp(fname,"..") == 0);
-
-  /* base can't be greater than 8 */
-  if (l > 8)
-    return(False);
-
-  if (lp_strip_dot() && 
-      len - l == 1 &&
-      !strchr(dot_pos+1,'.'))
-    {
-      *dot_pos = 0;
-      return(True);
-    }
-
-  /* extension must be between 1 and 3 */
-  if ( (len - l < 2 ) || (len - l > 4) )
-    return(False);
-
-  /* extension can't have a dot */
-  if (strchr(dot_pos+1,'.'))
-    return(False);
-
-  /* must be in 8.3 format */
-  return(True);
-}
 
+static struct mangle_fns *mangle_fns;
 
+/* this allows us to add more mangling backends */
+static struct {
+	char *name;
+	struct mangle_fns *(*init_fn)(void);
+} mangle_backends[] = {
+	{ "hash", mangle_hash_init },
+	{ "hash2", mangle_hash2_init },
+	{ NULL, NULL }
+};
 
 /*
-keep a stack of name mangling results - just
-so file moves and copies have a chance of working
+  initialise the mangling subsystem
 */
-fstring *mangled_stack = NULL;
-int mangled_stack_size = 0;
-int mangled_stack_len = 0;
-
-/****************************************************************************
-create the mangled stack
-****************************************************************************/
-void create_mangled_stack(int size)
-{
-  if (mangled_stack)
-    {
-      free(mangled_stack);
-      mangled_stack_size = 0;
-      mangled_stack_len = 0;
-    }
-  if (size > 0)
-    mangled_stack = (fstring *)malloc(sizeof(fstring)*size);
-  if (mangled_stack) mangled_stack_size = size;
-}
-
-/****************************************************************************
-push a mangled name onto the stack
-****************************************************************************/
-static void push_mangled_name(char *s)
+static void mangle_init(void)
 {
-  int i;
-  char *p;
-
-  if (!mangled_stack)
-    return;
-
-  for (i=0;i<mangled_stack_len;i++)
-    if (strcmp(s,mangled_stack[i]) == 0)
-      {
-	array_promote(mangled_stack[0],sizeof(fstring),i);	
-	return;
-      }
+	int i;
+	char *method;
 
-  memmove(mangled_stack[1],mangled_stack[0],
-	  sizeof(fstring)*MIN(mangled_stack_len,mangled_stack_size-1));
-  strcpy(mangled_stack[0],s);
-  p = strrchr(mangled_stack[0],'.');
-  if (p && (!strhasupper(p+1)) && (strlen(p+1) < 4))
-    *p = 0;
-  mangled_stack_len = MIN(mangled_stack_size,mangled_stack_len+1);
-}
-
-/****************************************************************************
-check for a name on the mangled name stack
-****************************************************************************/
-BOOL check_mangled_stack(char *s)
-{
-  int i;
-  pstring tmpname;
-  char extension[5];
-  char *p = strrchr(s,'.');
-  BOOL check_extension = False;
+	if (mangle_fns) return;
 
-  extension[0] = 0;
+	method = lp_mangling_method();
 
-  if (!mangled_stack) return(False);
-
-  if (p)
-    {
-      check_extension = True;
-      StrnCpy(extension,p,4);
-      strlower(extension); /* XXXXXXX */
-    }
-
-  for (i=0;i<mangled_stack_len;i++)
-    {
-      strcpy(tmpname,mangled_stack[i]);
-      mangle_name_83(tmpname);
-      if (strequal(tmpname,s))
-	{
-	  strcpy(s,mangled_stack[i]);
-	  break;
-	}
-      if (check_extension && !strchr(mangled_stack[i],'.'))
-	{
-	  strcpy(tmpname,mangled_stack[i]);
-	  strcat(tmpname,extension);
-	  mangle_name_83(tmpname);
-	  if (strequal(tmpname,s))
-	    {
-	      strcpy(s,mangled_stack[i]);
-	      strcat(s,extension);
-	      break;
-	    }	  
+	/* find the first mangling method that manages to initialise and 
+	   matches the "mangling method" parameter */
+	for (i=0; mangle_backends[i].name && !mangle_fns; i++) {
+		if (!method || !*method || strcmp(method, mangle_backends[i].name) == 0) {
+			mangle_fns = mangle_backends[i].init_fn();
+		}
 	}
-    }
-
-  if (i < mangled_stack_len)
-    {
-      DEBUG(3,("Found %s on mangled stack as %s\n",s,mangled_stack[i]));
-      array_promote(mangled_stack[0],sizeof(fstring),i);
-      return(True);      
-    }
-
-  return(False);
-}	
 
-static char *map_filename(char *s, /* This is null terminated */
-			  char *pattern, /* This isn't. */
-			  int len) /* This is the length of pattern. */
-{
-  static pstring matching_bit;  /* The bit of the string which matches */
-                                /* a * in pattern if indeed there is a * */
-  char *sp;                     /* Pointer into s. */
-  char *pp;                     /* Pointer into p. */
-  char *match_start;            /* Where the matching bit starts. */
-  pstring pat;
-
-  StrnCpy(pat, pattern, len);   /* Get pattern into a proper string! */
-  strcpy(matching_bit,"");      /* Match but no star gets this. */
-  pp = pat;                     /* Initialise the pointers. */
-  sp = s;
-  if ((len == 1) && (*pattern == '*')) {
-    return NULL;                /* Impossible, too ambiguous for */
-                                /* words! */
-  }
-
-  while ((*sp)                  /* Not the end of the string. */
-         && (*pp)               /* Not the end of the pattern. */
-         && (*sp == *pp)        /* The two match. */
-         && (*pp != '*')) {     /* No wildcard. */
-    sp++;                       /* Keep looking. */
-    pp++;
-  }
-  if (!*sp && !*pp)             /* End of pattern. */
-    return matching_bit;        /* Simple match.  Return empty string. */
-  if (*pp == '*') {
-    pp++;                       /* Always interrested in the chacter */
-                                /* after the '*' */
-    if (!*pp) {                 /* It is at the end of the pattern. */
-      StrnCpy(matching_bit, s, sp-s);
-      return matching_bit;
-    } else {
-      /* The next character in pattern must match a character further */
-      /* along s than sp so look for that character. */
-      match_start = sp;
-      while ((*sp)              /* Not the end of s. */
-             && (*sp != *pp))   /* Not the same  */
-        sp++;                   /* Keep looking. */
-      if (!*sp) {               /* Got to the end without a match. */
-        return NULL;
-      } else {                  /* Still hope for a match. */
-        /* Now sp should point to a matching character. */
-        StrnCpy(matching_bit, match_start, sp-match_start);
-        /* Back to needing a stright match again. */
-        while ((*sp)            /* Not the end of the string. */
-               && (*pp)         /* Not the end of the pattern. */
-               && (*sp == *pp)) { /* The two match. */
-          sp++;                 /* Keep looking. */
-          pp++;
-        }
-        if (!*sp && !*pp)       /* Both at end so it matched */
-          return matching_bit;
-        else
-          return NULL;
-      }
-    }
-  }
-  return NULL;                  /* No match. */
+	if (!mangle_fns) {
+		DEBUG(0,("Failed to initialise mangling system '%s'\n", method));
+		exit_server("mangling init failed");
+	}
 }
 
 
-/* this is the magic char used for mangling */
-char magic_char = '~';
-
-
-/****************************************************************************
-determine whther is name could be a mangled name
-****************************************************************************/
-BOOL is_mangled(char *s)
+/*
+  reset the cache. This is called when smb.conf has been reloaded
+*/
+void mangle_reset_cache(void)
 {
-  char *m = strchr(s,magic_char);
-  if (!m) return(False);
-
-  /* we use two base 36 chars efore the extension */
-  if (m[1] == '.' || m[1] == 0 ||
-      m[2] == '.' || m[2] == 0 ||
-      (m[3] != '.' && m[3] != 0))
-    return(is_mangled(m+1));
+	mangle_init();
 
-  /* it could be */
-  return(True);
+	mangle_fns->reset();
 }
 
-
-
-/****************************************************************************
-return a base 36 character. v must be from 0 to 35.
-****************************************************************************/
-static char base36(int v)
+/*
+  see if a filename has come out of our mangling code
+*/
+BOOL mangle_is_mangled(const char *s)
 {
-  v = v % 36;
-  if (v < 10)
-    return('0'+v);
-  else /* needed to work around a DEC C compiler bug */
-    return('A' + (v-10));
+	return mangle_fns->is_mangled(s);
 }
 
-
-static void do_fwd_mangled_map(char *s, char *MangledMap)
+/*
+  see if a filename matches the rules of a 8.3 filename
+*/
+BOOL mangle_is_8_3(const char *fname, BOOL check_case)
 {
-  /* MangledMap is a series of name pairs in () separated by spaces.
-   * If s matches the first of the pair then the name given is the
-   * second of the pair.  A * means any number of any character and if
-   * present in the second of the pair as well as the first the
-   * matching part of the first string takes the place of the * in the
-   * second.
-   *
-   * I wanted this so that we could have RCS files which can be used
-   * by UNIX and DOS programs.  My mapping string is (RCS rcs) which
-   * converts the UNIX RCS file subdirectory to lowercase thus
-   * preventing mangling.
-   */
-  char *start=MangledMap;       /* Use this to search for mappings. */
-  char *end;                    /* Used to find the end of strings. */
-  char *match_string;
-  pstring new_string;           /* Make up the result here. */
-  char *np;                     /* Points into new_string. */
-
-  DEBUG(5,("Mangled Mapping '%s' map '%s'\n", s, MangledMap));
-  while (*start) {
-    while ((*start) && (*start != '('))
-      start++;
-    start++;                    /* Skip the ( */
-    if (!*start)
-      continue;                 /* Always check for the end. */
-    end = start;                /* Search for the ' ' or a ')' */
-    DEBUG(5,("Start of first in pair '%s'\n", start));
-    while ((*end) && !((*end == ' ') || (*end == ')')))
-      end++;
-    if (!*end) {
-      start = end;
-      continue;                 /* Always check for the end. */
-    }
-    DEBUG(5,("End of first in pair '%s'\n", end));
-    if ((match_string = map_filename(s, start, end-start))) {
-      DEBUG(5,("Found a match\n"));
-      /* Found a match. */
-      start = end+1;            /* Point to start of what it is to become. */
-      DEBUG(5,("Start of second in pair '%s'\n", start));
-      end = start;
-      np = new_string;
-      while ((*end)             /* Not the end of string. */
-             && (*end != ')')   /* Not the end of the pattern. */
-             && (*end != '*'))  /* Not a wildcard. */
-        *np++ = *end++;
-      if (!*end) {
-        start = end;
-        continue;               /* Always check for the end. */
-      }
-      if (*end == '*') {
-        strcpy(np, match_string);
-        np += strlen(match_string);
-        end++;                  /* Skip the '*' */
-        while ((*end)             /* Not the end of string. */
-               && (*end != ')')   /* Not the end of the pattern. */
-               && (*end != '*'))  /* Not a wildcard. */
-          *np++ = *end++;
-      }
-      if (!*end) {
-        start = end;
-        continue;               /* Always check for the end. */
-      }
-      *np++ = '\0';             /* NULL terminate it. */
-      DEBUG(5,("End of second in pair '%s'\n", end));
-      strcpy(s, new_string);    /* Substitute with the new name. */
-      DEBUG(5,("s is now '%s'\n", s));
-    }
-    start = end;              /* Skip a bit which cannot be wanted */
-    /* anymore. */
-    start++;
-  }
+	return mangle_fns->is_8_3(fname, check_case);
 }
 
-/****************************************************************************
-do the actual mangling to 8.3 format
-****************************************************************************/
-void mangle_name_83(char *s)
-{
-  int csum = str_checksum(s);
-  char *p;
-  char extension[4];
-  char base[9];
-  int baselen = 0;
-  int extlen = 0;
-
-  extension[0]=0;
-  base[0]=0;
-
-  p = strrchr(s,'.');  
-  if (p && (strlen(p+1)<4) )
-    {
-      BOOL all_normal = (strisnormal(p+1)); /* XXXXXXXXX */
-      if (all_normal && p[1] != 0)
-	{
-	  *p = 0;
-	  csum = str_checksum(s);
-	  *p = '.';
-	}
-    }
-      
-
-  strupper(s);
-
-  DEBUG(5,("Mangling name %s to ",s));
-
-  if (p)
-    {
-      if (p == s)
-	strcpy(extension,"___");
-      else
-	{
-	  *p++ = 0;
-	  while (*p && extlen < 3)
-	    {
-	      if (isdoschar(*p) && *p != '.')
-		extension[extlen++] = *p;
-	      p++;
-	    }
-	  extension[extlen] = 0;
-	}
-    }
-
-  p = s;
-
-  while (*p && baselen < 5)
-    {
-      if (isdoschar(*p) && *p != '.')
-	base[baselen++] = *p;
-      p++;
-    }
-  base[baselen] = 0;
-
-  csum = csum % (36*36);
-
-    sprintf(s,"%s%c%c%c",base,magic_char,base36(csum/36),base36(csum%36));
-
-  if (*extension)
-    {
-      strcat(s,".");
-      strcat(s,extension);
-    }
-  DEBUG(5,("%s\n",s));
-}
-
-
-
-/*******************************************************************
-  work out if a name is illegal, even for long names
-  ******************************************************************/
-static BOOL illegal_name(char *name)
+/*
+  try to reverse map a 8.3 name to the original filename. This doesn't have to 
+  always succeed, as the directory handling code in smbd will scan the directory
+  looking for a matching name if it doesn't. It should succeed most of the time
+  or there will be a huge performance penalty
+*/
+BOOL mangle_check_cache(char *s)
 {
-  static unsigned char illegal[256];
-  static BOOL initialised=False;
-  unsigned char *s;
-
-  if (!initialised) {
-    char *ill = "*\\/?<>|\":{}";
-    initialised = True;
-  
-    bzero((char *)illegal,256);
-    for (s = (unsigned char *)ill; *s; s++)
-      illegal[*s] = True;
-  }
-
-#ifdef KANJI
-  for (s = (unsigned char *)name; *s;) {
-    if (is_shift_jis (*s)) {
-      s += 2;
-    } else if (illegal[*s]) {
-      return(True);
-    } else {
-      s++;
-    }
-  }
-#else
-  for (s = (unsigned char *)name;*s;s++)
-    if (illegal[*s]) return(True);
-#endif
-
-
-  return(False);
+	return mangle_fns->check_cache(s);
 }
 
-
-/****************************************************************************
-convert a filename to DOS format. return True if successful.
-****************************************************************************/
-BOOL name_map_mangle(char *OutName,BOOL need83,int snum)
+/* 
+   map a long filename to a 8.3 name. 
+ */
+BOOL mangle_map(char *OutName, BOOL need83, BOOL cache83, int snum)
 {
-#ifdef MANGLE_LONG_FILENAMES
-  if (!need83 && illegal_name(OutName)) need83 = True;
-#endif  
-
-  /* apply any name mappings */
-  {
-    char *map = lp_mangled_map(snum);
-    if (map && *map)
-      do_fwd_mangled_map(OutName,map);
-  }
+	/* name mangling can be disabled for speed, in which case
+	   we just truncate the string */
+	if (!lp_manglednames(snum)) {
+		if (need83) {
+			string_truncate(OutName, 12);
+		}
+		return True;
+	}
 
-  /* check if it's already in 8.3 format */
-  if (need83 && !is_8_3(OutName)) {
-    if (!lp_manglednames(snum)) return(False);
+	/* invoke the inane "mangled map" code */
+	mangle_map_filename(OutName, snum);
 
-    /* mangle it into 8.3 */
-    push_mangled_name(OutName);  
-    mangle_name_83(OutName);
-  }
-  
-  return(True);
+	return mangle_fns->name_map(OutName, need83, cache83);
 }
-
diff --git a/source3/smbd/mangle_hash.c b/source3/smbd/mangle_hash.c
new file mode 100644
index 0000000000..f38c2ae2c4
--- /dev/null
+++ b/source3/smbd/mangle_hash.c
@@ -0,0 +1,775 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Name mangling
+   Copyright (C) Andrew Tridgell 1992-2002
+   Copyright (C) Simo Sorce 2001
+   Copyright (C) Andrew Bartlett 2002
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+
+/* -------------------------------------------------------------------------- **
+ * Notable problems...
+ *
+ *  March/April 1998  CRH
+ *  - Many of the functions in this module overwrite string buffers passed to
+ *    them.  This causes a variety of problems and is, generally speaking,
+ *    dangerous and scarry.  See the kludge notes in name_map()
+ *    below.
+ *  - It seems that something is calling name_map() twice.  The
+ *    first call is probably some sort of test.  Names which contain
+ *    illegal characters are being doubly mangled.  I'm not sure, but
+ *    I'm guessing the problem is in server.c.
+ *
+ * -------------------------------------------------------------------------- **
+ */
+
+/* -------------------------------------------------------------------------- **
+ * History...
+ *
+ *  March/April 1998  CRH
+ *  Updated a bit.  Rewrote is_mangled() to be a bit more selective.
+ *  Rewrote the mangled name cache.  Added comments here and there.
+ *  &c.
+ * -------------------------------------------------------------------------- **
+ */
+
+#include "includes.h"
+
+
+/* -------------------------------------------------------------------------- **
+ * External Variables...
+ */
+
+extern int case_default;    /* Are conforming 8.3 names all upper or lower?   */
+extern BOOL case_mangle;    /* If true, all chars in 8.3 should be same case. */
+
+/* -------------------------------------------------------------------------- **
+ * Other stuff...
+ *
+ * magic_char     - This is the magic char used for mangling.  It's
+ *                  global.  There is a call to lp_magicchar() in server.c
+ *                  that is used to override the initial value.
+ *
+ * MANGLE_BASE    - This is the number of characters we use for name mangling.
+ *
+ * basechars      - The set characters used for name mangling.  This
+ *                  is static (scope is this file only).
+ *
+ * mangle()       - Macro used to select a character from basechars (i.e.,
+ *                  mangle(n) will return the nth digit, modulo MANGLE_BASE).
+ *
+ * chartest       - array 0..255.  The index range is the set of all possible
+ *                  values of a byte.  For each byte value, the content is a
+ *                  two nibble pair.  See BASECHAR_MASK and ILLEGAL_MASK,
+ *                  below.
+ *
+ * ct_initialized - False until the chartest array has been initialized via
+ *                  a call to init_chartest().
+ *
+ * BASECHAR_MASK  - Masks the upper nibble of a one-byte value.
+ *
+ * ILLEGAL_MASK   - Masks the lower nibble of a one-byte value.
+ *
+ * isbasecahr()   - Given a character, check the chartest array to see
+ *                  if that character is in the basechars set.  This is
+ *                  faster than using strchr_m().
+ *
+ * isillegal()    - Given a character, check the chartest array to see
+ *                  if that character is in the illegal characters set.
+ *                  This is faster than using strchr_m().
+ *
+ * mangled_cache  - Cache header used for storing mangled -> original
+ *                  reverse maps.
+ *
+ * mc_initialized - False until the mangled_cache structure has been
+ *                  initialized via a call to reset_mangled_cache().
+ *
+ * MANGLED_CACHE_MAX_ENTRIES - Default maximum number of entries for the
+ *                  cache.  A value of 0 indicates "infinite".
+ *
+ * MANGLED_CACHE_MAX_MEMORY  - Default maximum amount of memory for the
+ *                  cache.  When the cache was kept as an array of 256
+ *                  byte strings, the default cache size was 50 entries.
+ *                  This required a fixed 12.5Kbytes of memory.  The
+ *                  mangled stack parameter is no longer used (though
+ *                  this might change).  We're now using a fixed 16Kbyte
+ *                  maximum cache size.  This will probably be much more
+ *                  than 50 entries.
+ */
+
+char magic_char = '~';
+
+static char basechars[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ_-!@#$%";
+#define MANGLE_BASE       (sizeof(basechars)/sizeof(char)-1)
+
+static unsigned char chartest[256]  = { 0 };
+static BOOL          ct_initialized = False;
+
+#define mangle(V) ((char)(basechars[(V) % MANGLE_BASE]))
+#define BASECHAR_MASK 0xf0
+#define ILLEGAL_MASK  0x0f
+#define isbasechar(C) ( (chartest[ ((C) & 0xff) ]) & BASECHAR_MASK )
+#define isillegal(C) ( (chartest[ ((C) & 0xff) ]) & ILLEGAL_MASK )
+
+static ubi_cacheRoot mangled_cache[1] =  { { { 0, 0, 0, 0 }, 0, 0, 0, 0, 0, 0 } };
+static BOOL          mc_initialized   = False;
+#define MANGLED_CACHE_MAX_ENTRIES 0
+#define MANGLED_CACHE_MAX_MEMORY  16384
+
+
+/* -------------------------------------------------------------------------- **
+ * External Variables...
+ */
+
+extern int case_default;    /* Are conforming 8.3 names all upper or lower?   */
+extern BOOL case_mangle;    /* If true, all chars in 8.3 should be same case. */
+
+/* -------------------------------------------------------------------- */
+
+static NTSTATUS has_valid_chars(const smb_ucs2_t *s)
+{
+	if (!s || !*s) return NT_STATUS_INVALID_PARAMETER;
+
+	/* CHECK: this should not be necessary if the ms wild chars
+	   are not valid in valid.dat  --- simo */
+	if (ms_has_wild_w(s)) return NT_STATUS_UNSUCCESSFUL;
+
+	while (*s) {
+		if(!isvalid83_w(*s)) return NT_STATUS_UNSUCCESSFUL;
+		s++;
+	}
+
+	return NT_STATUS_OK;
+}
+
+/* return False if something fail and
+ * return 2 alloced unicode strings that contain prefix and extension
+ */
+static NTSTATUS mangle_get_prefix(const smb_ucs2_t *ucs2_string, smb_ucs2_t **prefix, smb_ucs2_t **extension)
+{
+	size_t ext_len;
+	smb_ucs2_t *p;
+
+	*extension = 0;
+	*prefix = strdup_w(ucs2_string);
+	if (!*prefix) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	if ((p = strrchr_w(*prefix, UCS2_CHAR('.'))))
+	{
+		ext_len = strlen_w(p+1);
+		if ((ext_len > 0) && (ext_len < 4) && (p != *prefix) &&
+		    (NT_STATUS_IS_OK(has_valid_chars(p+1)))) /* check extension */
+		{
+			*p = 0;
+			*extension = strdup_w(p+1);
+			if (!*extension) {
+				SAFE_FREE(*prefix);
+				return NT_STATUS_NO_MEMORY;
+			}
+		}
+	}
+	return NT_STATUS_OK;
+}
+
+/* ************************************************************************** **
+ * Return NT_STATUS_UNSUCCESSFUL if a name is a special msdos reserved name.
+ *
+ *  Input:  fname - String containing the name to be tested.
+ *
+ *  Output: NT_STATUS_UNSUCCESSFUL, if the name matches one of the list of reserved names.
+ *
+ *  Notes:  This is a static function called by is_8_3(), below.
+ *
+ * ************************************************************************** **
+ */
+static NTSTATUS is_valid_name(const smb_ucs2_t *fname)
+{
+	smb_ucs2_t *str, *p;
+	NTSTATUS ret = NT_STATUS_OK;
+
+	if (!fname || !*fname) return NT_STATUS_INVALID_PARAMETER;
+
+	if (*fname == UCS2_CHAR('.')) return NT_STATUS_UNSUCCESSFUL;
+	
+	ret = has_valid_chars(fname);
+	if (NT_STATUS_IS_ERR(ret)) return ret;
+
+	str = strdup_w(fname);
+	p = strchr_w(str, UCS2_CHAR('.'));
+	if (p) *p = 0;
+	strupper_w(str);
+	p = &(str[1]);
+
+	switch(str[0])
+	{
+	case UCS2_CHAR('A'):
+		if(strcmp_wa(p, "UX") == 0)
+			ret = NT_STATUS_UNSUCCESSFUL;
+		break;
+	case UCS2_CHAR('C'):
+		if((strcmp_wa(p, "LOCK$") == 0)
+		|| (strcmp_wa(p, "ON") == 0)
+		|| (strcmp_wa(p, "OM1") == 0)
+		|| (strcmp_wa(p, "OM2") == 0)
+		|| (strcmp_wa(p, "OM3") == 0)
+		|| (strcmp_wa(p, "OM4") == 0)
+		)
+			ret = NT_STATUS_UNSUCCESSFUL;
+		break;
+	case UCS2_CHAR('L'):
+		if((strcmp_wa(p, "PT1") == 0)
+		|| (strcmp_wa(p, "PT2") == 0)
+		|| (strcmp_wa(p, "PT3") == 0)
+		)
+			ret = NT_STATUS_UNSUCCESSFUL;
+		break;
+	case UCS2_CHAR('N'):
+		if(strcmp_wa(p, "UL") == 0)
+			ret = NT_STATUS_UNSUCCESSFUL;
+		break;
+	case UCS2_CHAR('P'):
+		if(strcmp_wa(p, "RN") == 0)
+			ret = NT_STATUS_UNSUCCESSFUL;
+		break;
+	default:
+		break;
+	}
+
+	SAFE_FREE(str);
+	return ret;
+}
+
+static NTSTATUS is_8_3_w(const smb_ucs2_t *fname)
+{
+	smb_ucs2_t *pref = 0, *ext = 0;
+	size_t plen;
+	NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
+
+	if (!fname || !*fname) return NT_STATUS_INVALID_PARAMETER;
+
+	if (strlen_w(fname) > 12) return NT_STATUS_UNSUCCESSFUL;
+	
+	if (strcmp_wa(fname, ".") == 0 || strcmp_wa(fname, "..") == 0)
+		return NT_STATUS_OK;
+
+	if (NT_STATUS_IS_ERR(is_valid_name(fname))) goto done;
+
+	if (NT_STATUS_IS_ERR(mangle_get_prefix(fname, &pref, &ext))) goto done;
+	plen = strlen_w(pref);
+
+	if (strchr_wa(pref, '.')) goto done;
+	if (plen < 1 || plen > 8) goto done;
+	if (ext) if (strlen_w(ext) > 3) goto done;
+
+	ret = NT_STATUS_OK;
+
+done:
+	SAFE_FREE(pref);
+	SAFE_FREE(ext);
+	return ret;
+}
+
+static BOOL is_8_3(const char *fname, BOOL check_case)
+{
+	const char *f;
+	smb_ucs2_t *ucs2name;
+	NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
+
+	if (!fname || !*fname) return False;
+	if ((f = strrchr(fname, '/')) == NULL) f = fname;
+	else f++;
+
+	if (strlen(f) > 12) return False;
+	
+	ucs2name = acnv_uxu2(f);
+	if (!ucs2name)
+	{
+		DEBUG(0,("is_8_3: internal error acnv_uxu2() failed!\n"));
+		goto done;
+	}
+
+	ret = is_8_3_w(ucs2name);
+
+done:
+	SAFE_FREE(ucs2name);
+
+	if (!NT_STATUS_IS_OK(ret)) { 
+		return False;
+	}
+	
+	return True;
+}
+
+
+
+/* -------------------------------------------------------------------------- **
+ * Functions...
+ */
+
+/* ************************************************************************** **
+ * Initialize the static character test array.
+ *
+ *  Input:  none
+ *
+ *  Output: none
+ *
+ *  Notes:  This function changes (loads) the contents of the <chartest>
+ *          array.  The scope of <chartest> is this file.
+ *
+ * ************************************************************************** **
+ */
+static void init_chartest( void )
+  {
+  char          *illegalchars = "*\\/?<>|\":";
+  unsigned char *s;
+  
+  memset( (char *)chartest, '\0', 256 );
+
+  for( s = (unsigned char *)illegalchars; *s; s++ )
+    chartest[*s] = ILLEGAL_MASK;
+
+  for( s = (unsigned char *)basechars; *s; s++ )
+    chartest[*s] |= BASECHAR_MASK;
+
+  ct_initialized = True;
+  } /* init_chartest */
+
+
+/* ************************************************************************** **
+ * Return True if the name *could be* a mangled name.
+ *
+ *  Input:  s - A path name - in UNIX pathname format.
+ *
+ *  Output: True if the name matches the pattern described below in the
+ *          notes, else False.
+ *
+ *  Notes:  The input name is *not* tested for 8.3 compliance.  This must be
+ *          done separately.  This function returns true if the name contains
+ *          a magic character followed by excactly two characters from the
+ *          basechars list (above), which in turn are followed either by the
+ *          nul (end of string) byte or a dot (extension) or by a '/' (end of
+ *          a directory name).
+ *
+ * ************************************************************************** **
+ */
+static BOOL is_mangled(const char *s)
+  {
+  char *magic;
+
+  if( !ct_initialized )
+    init_chartest();
+
+  magic = strchr_m( s, magic_char );
+  while( magic && magic[1] && magic[2] )          /* 3 chars, 1st is magic. */
+    {
+    if( ('.' == magic[3] || '/' == magic[3] || !(magic[3]))          /* Ends with '.' or nul or '/' ?  */
+     && isbasechar( toupper(magic[1]) )           /* is 2nd char basechar?  */
+     && isbasechar( toupper(magic[2]) ) )         /* is 3rd char basechar?  */
+      return( True );                           /* If all above, then true, */
+    magic = strchr_m( magic+1, magic_char );      /*    else seek next magic. */
+    }
+  return( False );
+  } /* is_mangled */
+
+
+/* ************************************************************************** **
+ * Compare two cache keys and return a value indicating their ordinal
+ * relationship.
+ *
+ *  Input:  ItemPtr - Pointer to a comparison key.  In this case, this will
+ *                    be a mangled name string.
+ *          NodePtr - Pointer to a node in the cache.  The node structure
+ *                    will be followed in memory by a mangled name string.
+ *
+ *  Output: A signed integer, as follows:
+ *            (x < 0)  <==> Key1 less than Key2
+ *            (x == 0) <==> Key1 equals Key2
+ *            (x > 0)  <==> Key1 greater than Key2
+ *
+ *  Notes:  This is a ubiqx-style comparison routine.  See ubi_BinTree for
+ *          more info.
+ *
+ * ************************************************************************** **
+ */
+static signed int cache_compare( ubi_btItemPtr ItemPtr, ubi_btNodePtr NodePtr )
+  {
+  char *Key1 = (char *)ItemPtr;
+  char *Key2 = (char *)(((ubi_cacheEntryPtr)NodePtr) + 1);
+
+  return( StrCaseCmp( Key1, Key2 ) );
+  } /* cache_compare */
+
+/* ************************************************************************** **
+ * Free a cache entry.
+ *
+ *  Input:  WarrenZevon - Pointer to the entry that is to be returned to
+ *                        Nirvana.
+ *  Output: none.
+ *
+ *  Notes:  This function gets around the possibility that the standard
+ *          free() function may be implemented as a macro, or other evil
+ *          subversions (oh, so much fun).
+ *
+ * ************************************************************************** **
+ */
+static void cache_free_entry( ubi_trNodePtr WarrenZevon )
+  {
+	  ZERO_STRUCTP(WarrenZevon);
+	  SAFE_FREE( WarrenZevon );
+  } /* cache_free_entry */
+
+/* ************************************************************************** **
+ * Initializes or clears the mangled cache.
+ *
+ *  Input:  none.
+ *  Output: none.
+ *
+ *  Notes:  There is a section below that is commented out.  It shows how
+ *          one might use lp_ calls to set the maximum memory and entry size
+ *          of the cache.  You might also want to remove the constants used
+ *          in ubi_cacheInit() and replace them with lp_ calls.  If so, then
+ *          the calls to ubi_cacheSetMax*() would be moved into the else
+ *          clause.  Another option would be to pass in the max_entries and
+ *          max_memory values as parameters.  crh 09-Apr-1998.
+ *
+ * ************************************************************************** **
+ */
+static void mangle_reset( void )
+  {
+  if( !mc_initialized )
+    {
+    (void)ubi_cacheInit( mangled_cache,
+                         cache_compare,
+                         cache_free_entry,
+                         MANGLED_CACHE_MAX_ENTRIES,
+                         MANGLED_CACHE_MAX_MEMORY );
+    mc_initialized = True;
+    }
+  else
+    {
+    (void)ubi_cacheClear( mangled_cache );
+    }
+
+  /*
+  (void)ubi_cacheSetMaxEntries( mangled_cache, lp_mangled_cache_entries() );
+  (void)ubi_cacheSetMaxMemory(  mangled_cache, lp_mangled_cache_memory() );
+  */
+  } /* reset_mangled_cache  */
+
+
+/* ************************************************************************** **
+ * Add a mangled name into the cache.
+ *
+ *  Notes:  If the mangled cache has not been initialized, then the
+ *          function will simply fail.  It could initialize the cache,
+ *          but that's not the way it was done before I changed the
+ *          cache mechanism, so I'm sticking with the old method.
+ *
+ *          If the extension of the raw name maps directly to the
+ *          extension of the mangled name, then we'll store both names
+ *          *without* extensions.  That way, we can provide consistent
+ *          reverse mangling for all names that match.  The test here is
+ *          a bit more careful than the one done in earlier versions of
+ *          mangle.c:
+ *
+ *            - the extension must exist on the raw name,
+ *            - it must be all lower case
+ *            - it must match the mangled extension (to prove that no
+ *              mangling occurred).
+ *
+ *  crh 07-Apr-1998
+ *
+ * ************************************************************************** **
+ */
+static void cache_mangled_name( char *mangled_name, char *raw_name )
+  {
+  ubi_cacheEntryPtr new_entry;
+  char             *s1;
+  char             *s2;
+  size_t               mangled_len;
+  size_t               raw_len;
+  size_t               i;
+
+  /* If the cache isn't initialized, give up. */
+  if( !mc_initialized )
+    return;
+
+  /* Init the string lengths. */
+  mangled_len = strlen( mangled_name );
+  raw_len     = strlen( raw_name );
+
+  /* See if the extensions are unmangled.  If so, store the entry
+   * without the extension, thus creating a "group" reverse map.
+   */
+  s1 = strrchr( mangled_name, '.' );
+  if( s1 && (s2 = strrchr( raw_name, '.' )) )
+    {
+    i = 1;
+    while( s1[i] && (tolower( s1[i] ) == s2[i]) )
+      i++;
+    if( !s1[i] && !s2[i] )
+      {
+      mangled_len -= i;
+      raw_len     -= i;
+      }
+    }
+
+  /* Allocate a new cache entry.  If the allocation fails, just return. */
+  i = sizeof( ubi_cacheEntry ) + mangled_len + raw_len + 2;
+  new_entry = malloc( i );
+  if( !new_entry )
+    return;
+
+  /* Fill the new cache entry, and add it to the cache. */
+  s1 = (char *)(new_entry + 1);
+  s2 = (char *)&(s1[mangled_len + 1]);
+  (void)StrnCpy( s1, mangled_name, mangled_len );
+  (void)StrnCpy( s2, raw_name,     raw_len );
+  ubi_cachePut( mangled_cache, i, new_entry, s1 );
+  } /* cache_mangled_name */
+
+/* ************************************************************************** **
+ * Check for a name on the mangled name stack
+ *
+ *  Input:  s - Input *and* output string buffer.
+ *
+ *  Output: True if the name was found in the cache, else False.
+ *
+ *  Notes:  If a reverse map is found, the function will overwrite the string
+ *          space indicated by the input pointer <s>.  This is frightening.
+ *          It should be rewritten to return NULL if the long name was not
+ *          found, and a pointer to the long name if it was found.
+ *
+ * ************************************************************************** **
+ */
+
+static BOOL check_cache( char *s )
+{
+  ubi_cacheEntryPtr FoundPtr;
+  char             *ext_start = NULL;
+  char             *found_name;
+  char             *saved_ext = NULL;
+
+  /* If the cache isn't initialized, give up. */
+  if( !mc_initialized )
+    return( False );
+
+  FoundPtr = ubi_cacheGet( mangled_cache, (ubi_trItemPtr)s );
+
+  /* If we didn't find the name *with* the extension, try without. */
+  if( !FoundPtr )
+  {
+    ext_start = strrchr( s, '.' );
+    if( ext_start )
+    {
+      if((saved_ext = strdup(ext_start)) == NULL)
+        return False;
+
+      *ext_start = '\0';
+      FoundPtr = ubi_cacheGet( mangled_cache, (ubi_trItemPtr)s );
+      /* 
+       * At this point s is the name without the
+       * extension. We re-add the extension if saved_ext
+       * is not null, before freeing saved_ext.
+       */
+    }
+  }
+
+  /* Okay, if we haven't found it we're done. */
+  if( !FoundPtr )
+  {
+    if(saved_ext)
+    {
+      /* Replace the saved_ext as it was truncated. */
+      (void)pstrcat( s, saved_ext );
+      SAFE_FREE(saved_ext);
+    }
+    return( False );
+  }
+
+  /* If we *did* find it, we need to copy it into the string buffer. */
+  found_name = (char *)(FoundPtr + 1);
+  found_name += (strlen( found_name ) + 1);
+
+  (void)pstrcpy( s, found_name );
+  if( saved_ext )
+  {
+    /* Replace the saved_ext as it was truncated. */
+    (void)pstrcat( s, saved_ext );
+    SAFE_FREE(saved_ext);
+  }
+
+  return( True );
+} /* check_mangled_cache */
+
+
+/*****************************************************************************
+ * do the actual mangling to 8.3 format
+ * the buffer must be able to hold 13 characters (including the null)
+ *****************************************************************************
+ */
+static void to_8_3(char *s)
+  {
+  int csum;
+  char *p;
+  char extension[4];
+  char base[9];
+  int baselen = 0;
+  int extlen = 0;
+
+  extension[0] = 0;
+  base[0] = 0;
+
+  p = strrchr(s,'.');  
+  if( p && (strlen(p+1) < (size_t)4) )
+    {
+    BOOL all_normal = ( strisnormal(p+1) ); /* XXXXXXXXX */
+
+    if( all_normal && p[1] != 0 )
+      {
+      *p = 0;
+      csum = str_checksum( s );
+      *p = '.';
+      }
+    else
+      csum = str_checksum(s);
+    }
+  else
+    csum = str_checksum(s);
+
+  strupper( s );
+
+  if( p )
+  {
+	  if( p == s )
+		  safe_strcpy( extension, "___", 3 );
+	  else
+	  {
+		  *p++ = 0;
+		  while( *p && extlen < 3 )
+		  {
+			  if ( *p != '.') {
+				  extension[extlen++] = p[0];
+			  }
+			  p++;
+		  }
+		  extension[extlen] = 0;
+      }
+  }
+  
+  p = s;
+
+  while( *p && baselen < 5 )
+  {
+	  if (*p != '.') {
+		  base[baselen++] = p[0];
+	  }
+	  p++;
+  }
+  base[baselen] = 0;
+  
+  csum = csum % (MANGLE_BASE*MANGLE_BASE);
+  
+  (void)slprintf(s, 12, "%s%c%c%c",
+                 base, magic_char, mangle( csum/MANGLE_BASE ), mangle( csum ) );
+  
+  if( *extension )
+  {
+	  (void)pstrcat( s, "." );
+	  (void)pstrcat( s, extension );
+  }
+  
+  } /* mangle_name_83 */
+
+/*****************************************************************************
+ * Convert a filename to DOS format.  Return True if successful.
+ *
+ *  Input:  OutName - Source *and* destination buffer. 
+ *
+ *                    NOTE that OutName must point to a memory space that
+ *                    is at least 13 bytes in size!
+ *
+ *          need83  - If False, name mangling will be skipped unless the
+ *                    name contains illegal characters.  Mapping will still
+ *                    be done, if appropriate.  This is probably used to
+ *                    signal that a client does not require name mangling,
+ *                    thus skipping the name mangling even on shares which
+ *                    have name-mangling turned on.
+ *          cache83 - If False, the mangled name cache will not be updated.
+ *                    This is usually used to prevent that we overwrite
+ *                    a conflicting cache entry prematurely, i.e. before
+ *                    we know whether the client is really interested in the
+ *                    current name.  (See PR#13758).  UKD.
+ *
+ *  Output: Returns False only if the name wanted mangling but the share does
+ *          not have name mangling turned on.
+ *
+ * ****************************************************************************
+ */
+static BOOL name_map(char *OutName, BOOL need83, BOOL cache83)
+{
+	smb_ucs2_t *OutName_ucs2;
+	DEBUG(5,("name_map( %s, need83 = %s, cache83 = %s)\n", OutName,
+		 need83 ? "True" : "False", cache83 ? "True" : "False"));
+	
+	if (push_ucs2_allocate((void **)&OutName_ucs2, OutName) < 0) {
+		DEBUG(0, ("push_ucs2_allocate failed!\n"));
+		return False;
+	}
+
+	/* check if it's already in 8.3 format */
+	if (need83 && !NT_STATUS_IS_OK(is_8_3_w(OutName_ucs2))) {
+		char *tmp = NULL; 
+
+		/* mangle it into 8.3 */
+		if (cache83)
+			tmp = strdup(OutName);
+
+		to_8_3(OutName);
+
+		if(tmp != NULL) {
+			cache_mangled_name(OutName, tmp);
+			SAFE_FREE(tmp);
+		}
+	}
+
+	DEBUG(5,("name_map() ==> [%s]\n", OutName));
+	SAFE_FREE(OutName_ucs2);
+	return(True);
+} /* name_map */
+
+
+/*
+  the following provides the abstraction layer to make it easier
+  to drop in an alternative mangling implementation
+*/
+static struct mangle_fns mangle_fns = {
+	is_mangled,
+	is_8_3,
+	mangle_reset,
+	check_cache,
+	name_map
+};
+
+/* return the methods for this mangling implementation */
+struct mangle_fns *mangle_hash_init(void)
+{
+	mangle_reset();
+
+	return &mangle_fns;
+}
diff --git a/source3/smbd/mangle_hash2.c b/source3/smbd/mangle_hash2.c
new file mode 100644
index 0000000000..96ca7360b8
--- /dev/null
+++ b/source3/smbd/mangle_hash2.c
@@ -0,0 +1,587 @@
+/* 
+   Unix SMB/CIFS implementation.
+   new hash based name mangling implementation
+   Copyright (C) Andrew Tridgell 2002
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+/*
+  this mangling scheme uses the following format
+
+  Annnn~n.AAA
+
+  where nnnnn is a base 36 hash, and A represents characters from the original string
+
+  The hash is taken of the leading part of the long filename, in uppercase
+
+  for simplicity, we only allow ascii characters in 8.3 names
+ */
+
+
+/*
+  ===============================================================================
+  NOTE NOTE NOTE!!!
+
+  This file deliberately uses non-multibyte string functions in many places. This
+  is *not* a mistake. This code is multi-byte safe, but it gets this property
+  through some very subtle knowledge of the way multi-byte strings are encoded 
+  and the fact that this mangling algorithm only supports ascii characters in
+  8.3 names.
+
+  please don't convert this file to use the *_m() functions!!
+  ===============================================================================
+*/
+
+
+#include "includes.h"
+
+#if 0
+#define M_DEBUG(level, x) DEBUG(level, x)
+#else
+#define M_DEBUG(level, x)
+#endif
+
+/* these flags are used to mark characters in as having particular
+   properties */
+#define FLAG_BASECHAR 1
+#define FLAG_ASCII 2
+#define FLAG_ILLEGAL 4
+#define FLAG_WILDCARD 8
+
+/* the "possible" flags are used as a fast way to find possible DOS
+   reserved filenames */
+#define FLAG_POSSIBLE1 16
+#define FLAG_POSSIBLE2 32
+#define FLAG_POSSIBLE3 64
+#define FLAG_POSSIBLE4 128
+
+/* by default have a max of 4096 entries in the cache. */
+#ifndef MANGLE_CACHE_SIZE
+#define MANGLE_CACHE_SIZE 4096
+#endif
+
+/* these tables are used to provide fast tests for characters */
+static unsigned char char_flags[256];
+
+#define FLAG_CHECK(c, flag) (char_flags[(unsigned char)(c)] & (flag))
+
+/* we will use a very simple direct mapped prefix cache. The big
+   advantage of this cache structure is speed and low memory usage 
+
+   The cache is indexed by the low-order bits of the hash, and confirmed by
+   hashing the resulting cache entry to match the known hash
+*/
+static char **prefix_cache;
+static u32 *prefix_cache_hashes;
+
+/* these are the characters we use in the 8.3 hash. Must be 36 chars long */
+const char *basechars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+static unsigned char base_reverse[256];
+#define base_forward(v) basechars[v]
+
+/* the list of reserved dos names - all of these are illegal */
+const char *reserved_names[] = { "AUX", "LOCK$", "CON", "COM1", "COM2", "COM3", "COM4",
+				 "LPT1", "LPT2", "LPT3", "NUL", "PRN", NULL };
+
+/* 
+   hash a string of the specified length. The string does not need to be
+   null terminated 
+
+   this hash needs to be fast with a low collision rate (what hash doesn't?)
+*/
+static u32 mangle_hash(const char *key, unsigned length)
+{
+	u32 value;
+	u32   i;
+	fstring str;
+
+	/* we have to uppercase here to ensure that the mangled name
+	   doesn't depend on the case of the long name. Note that this
+	   is the only place where we need to use a multi-byte string
+	   function */
+	strncpy(str, key, length);
+	str[length] = 0;
+	strupper_m(str);
+
+	/* the length of a multi-byte string can change after a strupper_m */
+	length = strlen(str);
+
+	/* Set the initial value from the key size. */
+	for (value = 0x238F13AF * length, i=0; i < length; i++) {
+		value = (value + (((unsigned char)str[i]) << (i*5 % 24)));
+	}
+
+	/* note that we force it to a 31 bit hash, to keep within the limits
+	   of the 36^6 mangle space */
+	return (1103515243 * value + 12345) & ~0x80000000;  
+}
+
+/* 
+   initialise (ie. allocate) the prefix cache
+ */
+static BOOL cache_init(void)
+{
+	if (prefix_cache) return True;
+
+	prefix_cache = malloc(sizeof(char *) * MANGLE_CACHE_SIZE);
+	if (!prefix_cache) return False;
+
+	prefix_cache_hashes = malloc(sizeof(u32) * MANGLE_CACHE_SIZE);
+	if (!prefix_cache_hashes) return False;
+
+	memset(prefix_cache, 0, sizeof(char *) * MANGLE_CACHE_SIZE);
+	memset(prefix_cache_hashes, 0, sizeof(char *) * MANGLE_CACHE_SIZE);
+	return True;
+}
+
+/*
+  insert an entry into the prefix cache. The string might not be null
+  terminated */
+static void cache_insert(const char *prefix, int length, u32 hash)
+{
+	int i = hash % MANGLE_CACHE_SIZE;
+
+	if (prefix_cache[i]) {
+		free(prefix_cache[i]);
+	}
+
+	prefix_cache[i] = strndup(prefix, length);
+	prefix_cache_hashes[i] = hash;
+}
+
+/*
+  lookup an entry in the prefix cache. Return NULL if not found.
+*/
+static const char *cache_lookup(u32 hash)
+{
+	int i = hash % MANGLE_CACHE_SIZE;
+
+	if (!prefix_cache[i] || hash != prefix_cache_hashes[i]) {
+		return NULL;
+	}
+
+	/* yep, it matched */
+	return prefix_cache[i];
+}
+
+
+/* 
+   determine if a string is possibly in a mangled format, ignoring
+   case 
+
+   In this algorithm, mangled names use only pure ascii characters (no
+   multi-byte) so we can avoid doing a UCS2 conversion 
+*/
+static BOOL is_mangled(const char *name)
+{
+	int len, i;
+
+	M_DEBUG(0,("is_mangled %s ?\n", name));
+
+	/* the best distinguishing characteristic is the ~ */
+	if (name[6] != '~') return False;
+
+	/* check the length */
+	len = strlen(name);
+	if (len > 12 || len < 8) return False;
+
+	/* check extension */
+	if (len > 8) {
+		if (name[8] != '.') return False;
+		for (i=9; name[i]; i++) {
+			if (! FLAG_CHECK(name[i], FLAG_ASCII)) {
+				return False;
+			}
+		}
+	}
+	
+	/* check first character */
+	if (! FLAG_CHECK(name[0], FLAG_ASCII)) {
+		return False;
+	}
+	
+	/* check rest of hash */
+	if (! FLAG_CHECK(name[7], FLAG_BASECHAR)) {
+		return False;
+	}
+	for (i=1;i<6;i++) {
+		if (! FLAG_CHECK(name[i], FLAG_BASECHAR)) {
+			return False;
+		}
+	}
+
+	M_DEBUG(0,("is_mangled %s -> yes\n", name));
+
+	return True;
+}
+
+
+/* 
+   see if a filename is an allowable 8.3 name.
+
+   we are only going to allow ascii characters in 8.3 names, as this
+   simplifies things greatly (it means that we know the string won't
+   get larger when converted from UNIX to DOS formats)
+*/
+static BOOL is_8_3(const char *name, BOOL check_case)
+{
+	int len, i;
+	char *dot_p;
+
+	/* as a special case, the names '.' and '..' are allowable 8.3 names */
+	if (name[0] == '.') {
+		if (!name[1] || (name[1] == '.' && !name[2])) {
+			return True;
+		}
+	}
+
+	/* the simplest test is on the overall length of the
+	 filename. Note that we deliberately use the ascii string
+	 length (not the multi-byte one) as it is faster, and gives us
+	 the result we need in this case. Using strlen_m would not
+	 only be slower, it would be incorrect */
+	len = strlen(name);
+	if (len > 12) return False;
+
+	/* find the '.'. Note that once again we use the non-multibyte
+           function */
+	dot_p = strchr(name, '.');
+
+	if (!dot_p) {
+		/* if the name doesn't contain a '.' then its length
+                   must be less than 8 */
+		if (len > 8) {
+			return False;
+		}
+	} else {
+		int prefix_len, suffix_len;
+
+		/* if it does contain a dot then the prefix must be <=
+		   8 and the suffix <= 3 in length */
+		prefix_len = PTR_DIFF(dot_p, name);
+		suffix_len = len - (prefix_len+1);
+
+		if (prefix_len > 8 || suffix_len > 3) {
+			return False;
+		}
+
+		/* a 8.3 name cannot contain more than 1 '.' */
+		if (strchr(dot_p+1, '.')) {
+			return False;
+		}
+	}
+
+	/* the length are all OK. Now check to see if the characters themselves are OK */
+	for (i=0; name[i]; i++) {
+		/* note that we allow wildcard petterns! */
+		if (!FLAG_CHECK(name[i], FLAG_ASCII|FLAG_WILDCARD) && name[i] != '.') {
+			return False;
+		}
+	}
+
+	/* it is a good 8.3 name */
+	return True;
+}
+
+
+/*
+  reset the mangling cache on a smb.conf reload. This only really makes sense for
+  mangling backends that have parameters in smb.conf, and as this backend doesn't
+  this is a NULL operation
+*/
+static void mangle_reset(void)
+{
+	/* noop */
+}
+
+
+/*
+  try to find a 8.3 name in the cache, and if found then
+  replace the string with the original long name. 
+
+  The filename must be able to hold at least sizeof(fstring) 
+*/
+static BOOL check_cache(char *name)
+{
+	u32 hash, multiplier;
+	int i;
+	const char *prefix;
+	char extension[4];
+
+	/* make sure that this is a mangled name from this cache */
+	if (!is_mangled(name)) {
+		M_DEBUG(0,("check_cache: %s -> not mangled\n", name));
+		return False;
+	}
+
+	/* we need to extract the hash from the 8.3 name */
+	hash = base_reverse[(unsigned char)name[7]];
+	for (multiplier=36, i=5;i>=1;i--) {
+		u32 v = base_reverse[(unsigned char)name[i]];
+		hash += multiplier * v;
+		multiplier *= 36;
+	}
+
+	/* now look in the prefix cache for that hash */
+	prefix = cache_lookup(hash);
+	if (!prefix) {
+		M_DEBUG(0,("check_cache: %s -> %08X -> not found\n", name, hash));
+		return False;
+	}
+
+	/* we found it - construct the full name */
+	strncpy(extension, name+9, 3);
+
+	if (extension[0]) {
+		M_DEBUG(0,("check_cache: %s -> %s.%s\n", name, prefix, extension));
+		slprintf(name, sizeof(fstring), "%s.%s", prefix, extension);
+	} else {
+		M_DEBUG(0,("check_cache: %s -> %s\n", name, prefix));
+		fstrcpy(name, prefix);
+	}
+
+	return True;
+}
+
+
+/*
+  look for a DOS reserved name
+*/
+static BOOL is_reserved_name(const char *name)
+{
+	if (FLAG_CHECK(name[0], FLAG_POSSIBLE1) &&
+	    FLAG_CHECK(name[1], FLAG_POSSIBLE2) &&
+	    FLAG_CHECK(name[2], FLAG_POSSIBLE3) &&
+	    FLAG_CHECK(name[3], FLAG_POSSIBLE4)) {
+		/* a likely match, scan the lot */
+		int i;
+		for (i=0; reserved_names[i]; i++) {
+			int len = strlen(reserved_names[i]);
+			/* note that we match on COM1 as well as COM1.foo */
+			if (strncasecmp(name, reserved_names[i], len) == 0 &&
+			    (name[len] == '.' || name[len] == 0)) {
+				return True;
+			}
+		}
+	}
+
+	return False;
+}
+
+/*
+  see if a filename is a legal long filename
+*/
+static BOOL is_legal_name(const char *name)
+{
+	while (*name) {
+		if (FLAG_CHECK(name[0], FLAG_ILLEGAL)) {
+			return False;
+		}
+		name++;
+	}
+
+	return True;
+}
+
+/*
+  the main forward mapping function, which converts a long filename to 
+  a 8.3 name
+
+  if need83 is not set then we only do the mangling if the name is illegal
+  as a long name
+
+  if cache83 is not set then we don't cache the result
+
+  the name parameter must be able to hold 13 bytes
+*/
+static BOOL name_map(char *name, BOOL need83, BOOL cache83)
+{
+	char *dot_p;
+	char lead_char;
+	char extension[4];
+	int extension_length, i;
+	int prefix_len;
+	u32 hash, v;
+	char new_name[13];
+
+	/* reserved names are handled specially */
+	if (!is_reserved_name(name)) {
+		/* if the name is already a valid 8.3 name then we don't need to 
+		   do anything */
+		if (is_8_3(name, False)) {
+			return True;
+		}
+
+		/* if the caller doesn't strictly need 8.3 then just check for illegal 
+		   filenames */
+		if (!need83 && is_legal_name(name)) {
+			return True;
+		}
+	}
+
+	/* find the '.' if any */
+	dot_p = strrchr(name, '.');
+
+	/* the leading character in the mangled name is taken from
+	   the first character of the name, if it is ascii 
+	   otherwise '_' is used
+	*/
+	lead_char = name[0];
+	if (! FLAG_CHECK(lead_char, FLAG_ASCII)) {
+		lead_char = '_';
+	}
+	lead_char = toupper(lead_char);
+
+	/* the prefix is anything up to the first dot */
+	if (dot_p) {
+		prefix_len = PTR_DIFF(dot_p, name);
+	} else {
+		prefix_len = strlen(name);
+	}
+
+	/* the extension of the mangled name is taken from the first 3
+	   ascii chars after the dot */
+	extension_length = 0;
+	if (dot_p) {
+		for (i=1; extension_length < 3 && dot_p[i]; i++) {
+			char c = dot_p[i];
+			if (FLAG_CHECK(c, FLAG_ASCII)) {
+				extension[extension_length++] = toupper(c);
+			}
+		}
+	}
+	   
+	/* find the hash for this prefix */
+	v = hash = mangle_hash(name, prefix_len);
+
+	/* now form the mangled name. */
+	new_name[0] = lead_char;
+	new_name[7] = base_forward(v % 36);
+	new_name[6] = '~';	
+	for (i=5; i>=1; i--) {
+		v = v / 36;
+		new_name[i] = base_forward(v % 36);
+	}
+
+	/* add the extension */
+	if (extension_length) {
+		new_name[8] = '.';
+		memcpy(&new_name[9], extension, extension_length);
+		new_name[9+extension_length] = 0;
+	} else {
+		new_name[8] = 0;
+	}
+
+	if (cache83) {
+		/* put it in the cache */
+		cache_insert(name, prefix_len, hash);
+	}
+
+	M_DEBUG(0,("name_map: %s -> %08X -> %s (cache=%d)\n", 
+		   name, hash, new_name, cache83));
+
+	/* and overwrite the old name */
+	fstrcpy(name, new_name);
+
+	/* all done, we've managed to mangle it */
+	return True;
+}
+
+
+/* initialise the flags table 
+
+  we allow only a very restricted set of characters as 'ascii' in this
+  mangling backend. This isn't a significant problem as modern clients
+  use the 'long' filenames anyway, and those don't have these
+  restrictions. 
+*/
+static void init_tables(void)
+{
+	int i;
+
+	memset(char_flags, 0, sizeof(char_flags));
+
+	for (i=0;i<128;i++) {
+		if ((i >= '0' && i <= '9') || 
+		    (i >= 'a' && i <= 'z') || 
+		    (i >= 'A' && i <= 'Z')) {
+			char_flags[i] |=  (FLAG_ASCII | FLAG_BASECHAR);
+		}
+		if (strchr("_-$~", i)) {
+			char_flags[i] |= FLAG_ASCII;
+		}
+
+		if (strchr("*\\/?<>|\":", i)) {
+			char_flags[i] |= FLAG_ILLEGAL;
+		}
+
+		if (strchr("*?\"<>", i)) {
+			char_flags[i] |= FLAG_WILDCARD;
+		}
+	}
+
+	memset(base_reverse, 0, sizeof(base_reverse));
+	for (i=0;i<36;i++) {
+		base_reverse[(unsigned char)base_forward(i)] = i;
+	}	
+
+	/* fill in the reserved names flags. These are used as a very
+	   fast filter for finding possible DOS reserved filenames */
+	for (i=0; reserved_names[i]; i++) {
+		unsigned char c1, c2, c3, c4;
+
+		c1 = (unsigned char)reserved_names[i][0];
+		c2 = (unsigned char)reserved_names[i][1];
+		c3 = (unsigned char)reserved_names[i][2];
+		c4 = (unsigned char)reserved_names[i][3];
+
+		char_flags[c1] |= FLAG_POSSIBLE1;
+		char_flags[c2] |= FLAG_POSSIBLE2;
+		char_flags[c3] |= FLAG_POSSIBLE3;
+		char_flags[c4] |= FLAG_POSSIBLE4;
+		char_flags[tolower(c1)] |= FLAG_POSSIBLE1;
+		char_flags[tolower(c2)] |= FLAG_POSSIBLE2;
+		char_flags[tolower(c3)] |= FLAG_POSSIBLE3;
+		char_flags[tolower(c4)] |= FLAG_POSSIBLE4;
+
+		char_flags[(unsigned char)'.'] |= FLAG_POSSIBLE4;
+	}
+}
+
+
+/*
+  the following provides the abstraction layer to make it easier
+  to drop in an alternative mangling implementation */
+static struct mangle_fns mangle_fns = {
+	is_mangled,
+	is_8_3,
+	mangle_reset,
+	check_cache,
+	name_map
+};
+
+/* return the methods for this mangling implementation */
+struct mangle_fns *mangle_hash2_init(void)
+{
+	init_tables();
+	mangle_reset();
+
+	if (!cache_init()) {
+		return NULL;
+	}
+
+	return &mangle_fns;
+}
diff --git a/source3/smbd/mangle_map.c b/source3/smbd/mangle_map.c
new file mode 100644
index 0000000000..71d9340718
--- /dev/null
+++ b/source3/smbd/mangle_map.c
@@ -0,0 +1,203 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Name mapping code 
+   Copyright (C) Jeremy Allison 1998
+   Copyright (C) Andrew Tridgell 2002
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+
+/* ************************************************************************** **
+ * Used only in do_fwd_mangled_map(), below.
+ * ************************************************************************** **
+ */
+static char *map_filename( char *s,         /* This is null terminated */
+                           const char *pattern,   /* This isn't. */
+                           int len )        /* This is the length of pattern. */
+  {
+  static pstring matching_bit;  /* The bit of the string which matches */
+                                /* a * in pattern if indeed there is a * */
+  char *sp;                     /* Pointer into s. */
+  char *pp;                     /* Pointer into p. */
+  char *match_start;            /* Where the matching bit starts. */
+  pstring pat;
+
+  StrnCpy( pat, pattern, len ); /* Get pattern into a proper string! */
+  pstrcpy( matching_bit, "" );  /* Match but no star gets this. */
+  pp = pat;                     /* Initialize the pointers. */
+  sp = s;
+
+  if( strequal(s, ".") || strequal(s, ".."))
+    {
+    return NULL;                /* Do not map '.' and '..' */
+    }
+
+  if( (len == 1) && (*pattern == '*') )
+    {
+    return NULL;                /* Impossible, too ambiguous for */
+    }                           /* words! */
+
+  while( (*sp)                  /* Not the end of the string. */
+      && (*pp)                  /* Not the end of the pattern. */
+      && (*sp == *pp)           /* The two match. */
+      && (*pp != '*') )         /* No wildcard. */
+    {
+    sp++;                       /* Keep looking. */
+    pp++;
+    }
+
+  if( !*sp && !*pp )            /* End of pattern. */
+    return( matching_bit );     /* Simple match.  Return empty string. */
+
+  if( *pp == '*' )
+    {
+    pp++;                       /* Always interrested in the chacter */
+                                /* after the '*' */
+    if( !*pp )                  /* It is at the end of the pattern. */
+      {
+      StrnCpy( matching_bit, s, sp-s );
+      return( matching_bit );
+      }
+    else
+      {
+      /* The next character in pattern must match a character further */
+      /* along s than sp so look for that character. */
+      match_start = sp;
+      while( (*sp)              /* Not the end of s. */
+          && (*sp != *pp) )     /* Not the same  */
+        sp++;                   /* Keep looking. */
+      if( !*sp )                /* Got to the end without a match. */
+        {
+        return( NULL );
+        }                       /* Still hope for a match. */
+      else
+        {
+        /* Now sp should point to a matching character. */
+        StrnCpy(matching_bit, match_start, sp-match_start);
+        /* Back to needing a stright match again. */
+        while( (*sp)            /* Not the end of the string. */
+            && (*pp)            /* Not the end of the pattern. */
+            && (*sp == *pp) )   /* The two match. */
+          {
+          sp++;                 /* Keep looking. */
+          pp++;
+          }
+        if( !*sp && !*pp )      /* Both at end so it matched */
+          return( matching_bit );
+        else
+          return( NULL );
+        }
+      }
+    }
+  return( NULL );               /* No match. */
+  } /* map_filename */
+
+
+/* ************************************************************************** **
+ * MangledMap is a series of name pairs in () separated by spaces.
+ * If s matches the first of the pair then the name given is the
+ * second of the pair.  A * means any number of any character and if
+ * present in the second of the pair as well as the first the
+ * matching part of the first string takes the place of the * in the
+ * second.
+ *
+ * I wanted this so that we could have RCS files which can be used
+ * by UNIX and DOS programs.  My mapping string is (RCS rcs) which
+ * converts the UNIX RCS file subdirectory to lowercase thus
+ * preventing mangling.
+ *
+ * See 'mangled map' in smb.conf(5).
+ *
+ * ************************************************************************** **
+ */
+static void mangled_map(char *s, const char *MangledMap)
+{
+	char *start=MangledMap;       /* Use this to search for mappings. */
+	char *end;                    /* Used to find the end of strings. */
+	char *match_string;
+	pstring new_string;           /* Make up the result here. */
+	char *np;                     /* Points into new_string. */
+
+	DEBUG( 5, ("Mangled Mapping '%s' map '%s'\n", s, MangledMap) );
+	while( *start ) {
+		while( (*start) && (*start != '(') )
+			start++;
+		if( !*start )
+			continue;                 /* Always check for the end. */
+		start++;                    /* Skip the ( */
+		end = start;                /* Search for the ' ' or a ')' */
+		DEBUG( 5, ("Start of first in pair '%s'\n", start) );
+		while( (*end) && !((*end == ' ') || (*end == ')')) )
+			end++;
+		if( !*end ) {
+			start = end;
+			continue;                 /* Always check for the end. */
+		}
+		DEBUG( 5, ("End of first in pair '%s'\n", end) );
+		if( (match_string = map_filename( s, start, end-start )) ) {
+			DEBUG( 5, ("Found a match\n") );
+			/* Found a match. */
+			start = end + 1; /* Point to start of what it is to become. */
+			DEBUG( 5, ("Start of second in pair '%s'\n", start) );
+			end = start;
+			np = new_string;
+			while( (*end)             /* Not the end of string. */
+			       && (*end != ')')      /* Not the end of the pattern. */
+			       && (*end != '*') )    /* Not a wildcard. */
+				*np++ = *end++;
+
+			if( !*end ) {
+				start = end;
+				continue;               /* Always check for the end. */
+			}
+			if( *end == '*' ) {
+				pstrcpy( np, match_string );
+				np += strlen( match_string );
+				end++;                  /* Skip the '*' */
+				while ((*end)           /* Not the end of string. */
+				       && (*end != ')') /* Not the end of the pattern. */
+				       && (*end != '*'))/* Not a wildcard. */
+					*np++ = *end++;
+			}
+			if (!*end) {
+				start = end;
+				continue;               /* Always check for the end. */
+			}
+			*np++ = '\0';             /* NULL terminate it. */
+			DEBUG(5,("End of second in pair '%s'\n", end));
+			pstrcpy( s, new_string );  /* Substitute with the new name. */
+			DEBUG( 5, ("s is now '%s'\n", s) );
+		}
+		start = end;  /* Skip a bit which cannot be wanted anymore. */
+		start++;
+	}
+}
+
+/*
+  front end routine to the mangled map code 
+  personally I think that the whole idea of "mangled map" is completely bogus
+*/
+void mangle_map_filename(char *fname, int snum)
+{
+	char *map;
+
+	map = lp_mangled_map(snum);
+	if (!map || !*map) return;
+
+	mangled_map(fname, map);
+}
diff --git a/source3/smbd/message.c b/source3/smbd/message.c
index 6a96b4c7a9..971834c012 100644
--- a/source3/smbd/message.c
+++ b/source3/smbd/message.c
@@ -1,8 +1,7 @@
 /* 
-   Unix SMB/Netbios implementation.
-   Version 1.9.
+   Unix SMB/CIFS implementation.
    SMB messaging
-   Copyright (C) Andrew Tridgell 1992-1995
+   Copyright (C) Andrew Tridgell 1992-1998
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -25,26 +24,23 @@
 
 
 #include "includes.h"
-#include "loadparm.h"
-
-/* look in server.c for some explanation of these variables */
-extern int DEBUGLEVEL;
 
+extern userdom_struct current_user_info;
 
+/* look in server.c for some explanation of these variables */
 static char msgbuf[1600];
-static int msgpos=0;
-static fstring msgfrom="";
-static fstring msgto="";
+static int msgpos;
+static fstring msgfrom;
+static fstring msgto;
 
 /****************************************************************************
 deliver the message
 ****************************************************************************/
 static void msg_deliver(void)
 {
-  pstring s;
-  fstring name;
-  FILE *f;
+  pstring name;
   int i;
+  int fd;
 
   if (! (*lp_msg_command()))
     {
@@ -54,34 +50,43 @@ static void msg_deliver(void)
     }
 
   /* put it in a temporary file */
-  sprintf(s,"/tmp/msg.XXXXXX");
-  strcpy(name,(char *)mktemp(s));
+  slprintf(name,sizeof(name)-1, "%s/msg.XXXXXX",tmpdir());
+  fd = smb_mkstemp(name);
 
-  f = fopen(name,"w");
-  if (!f)
-    {
-      DEBUG(1,("can't open message file %s\n",name));
-      return;
-    }
+  if (fd == -1) {
+    DEBUG(1,("can't open message file %s\n",name));
+    return;
+  }
 
-  for (i=0;i<msgpos;)
-    {
-      if (msgbuf[i]=='\r' && i<(msgpos-1) && msgbuf[i+1]=='\n')
-	i++;
-      fputc(msgbuf[i++],f);
-    }
+  /*
+   * Incoming message is in DOS codepage format. Convert to UNIX.
+   */
 
-  fclose(f);
+  if(msgpos > 0) {
+    msgbuf[msgpos] = '\0'; /* Ensure null terminated. */
+  }
+
+  for (i=0;i<msgpos;) {
+    if (msgbuf[i]=='\r' && i<(msgpos-1) && msgbuf[i+1]=='\n') {
+      i++; continue;      
+    }
+    write(fd,&msgbuf[i++],1);
+  }
+  close(fd);
 
 
   /* run the command */
   if (*lp_msg_command())
     {
-      strcpy(s,lp_msg_command());
-      string_sub(s,"%s",name);
-      string_sub(s,"%f",msgfrom);
-      string_sub(s,"%t",msgto);
-      standard_sub(-1,s);
+      fstring alpha_msgfrom;
+      fstring alpha_msgto;
+      pstring s;
+
+      pstrcpy(s,lp_msg_command());
+      pstring_sub(s,"%f",alpha_strcpy(alpha_msgfrom,msgfrom,NULL,sizeof(alpha_msgfrom)));
+      pstring_sub(s,"%t",alpha_strcpy(alpha_msgto,msgto,NULL,sizeof(alpha_msgto)));
+      standard_sub_basic(current_user_info.smb_name, s);
+      pstring_sub(s,"%s",name);
       smbrun(s,NULL);
     }
 
@@ -93,37 +98,42 @@ static void msg_deliver(void)
 /****************************************************************************
   reply to a sends
 ****************************************************************************/
-int reply_sends(char *inbuf,char *outbuf)
+int reply_sends(connection_struct *conn,
+		char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
 {
   int len;
-  char *orig,*dest,*msg;
+  char *msg;
   int outsize = 0;
+  char *p;
 
-  msgpos = 0;
+  START_PROFILE(SMBsends);
 
+  msgpos = 0;
 
-  if (! (*lp_msg_command()))
-    return(ERROR(ERRSRV,ERRmsgoff));
+  if (! (*lp_msg_command())) {
+    END_PROFILE(SMBsends);
+    return(ERROR_DOS(ERRSRV,ERRmsgoff));
+  }
 
   outsize = set_message(outbuf,0,0,True);
 
-  orig = smb_buf(inbuf)+1;
-  dest = skip_string(orig,1)+1;
-  msg = skip_string(dest,1)+1;
+  p = smb_buf(inbuf)+1;
+  p += srvstr_pull(inbuf, msgfrom, p, sizeof(msgfrom), -1, STR_TERMINATE) + 1;
+  p += srvstr_pull(inbuf, msgto, p, sizeof(msgto), -1, STR_TERMINATE) + 1;
 
-  strcpy(msgfrom,orig);
-  strcpy(msgto,dest);
+  msg = p;
 
   len = SVAL(msg,0);
-  len = MIN(len,1600-msgpos);
+  len = MIN(len,sizeof(msgbuf)-msgpos);
+
+  memset(msgbuf,'\0',sizeof(msgbuf));
 
   memcpy(&msgbuf[msgpos],msg+2,len);
   msgpos += len;
 
-  DEBUG(3,("%s SMBsends (from %s to %s)\n",timestring(),orig,dest));
-
   msg_deliver();
 
+  END_PROFILE(SMBsends);
   return(outsize);
 }
 
@@ -131,26 +141,31 @@ int reply_sends(char *inbuf,char *outbuf)
 /****************************************************************************
   reply to a sendstrt
 ****************************************************************************/
-int reply_sendstrt(char *inbuf,char *outbuf)
+int reply_sendstrt(connection_struct *conn,
+		   char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
 {
-  char *orig,*dest;
   int outsize = 0;
+  char *p;
 
-  if (! (*lp_msg_command()))
-    return(ERROR(ERRSRV,ERRmsgoff));
+  START_PROFILE(SMBsendstrt);
+
+  if (! (*lp_msg_command())) {
+    END_PROFILE(SMBsendstrt);
+    return(ERROR_DOS(ERRSRV,ERRmsgoff));
+  }
 
   outsize = set_message(outbuf,1,0,True);
 
+  memset(msgbuf,'\0',sizeof(msgbuf));
   msgpos = 0;
 
-  orig = smb_buf(inbuf)+1;
-  dest = skip_string(orig,1)+1;
-
-  strcpy(msgfrom,orig);
-  strcpy(msgto,dest);
+  p = smb_buf(inbuf)+1;
+  p += srvstr_pull(inbuf, msgfrom, p, sizeof(msgfrom), -1, STR_TERMINATE) + 1;
+  p += srvstr_pull(inbuf, msgto, p, sizeof(msgto), -1, STR_TERMINATE) + 1;
 
-  DEBUG(3,("%s SMBsendstrt (from %s to %s)\n",timestring(),orig,dest));
+  DEBUG( 3, ( "SMBsendstrt (from %s to %s)\n", msgfrom, msgto ) );
 
+  END_PROFILE(SMBsendstrt);
   return(outsize);
 }
 
@@ -158,27 +173,32 @@ int reply_sendstrt(char *inbuf,char *outbuf)
 /****************************************************************************
   reply to a sendtxt
 ****************************************************************************/
-int reply_sendtxt(char *inbuf,char *outbuf)
+int reply_sendtxt(connection_struct *conn,
+		  char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
 {
   int len;
   int outsize = 0;
   char *msg;
+  START_PROFILE(SMBsendtxt);
 
-  if (! (*lp_msg_command()))
-    return(ERROR(ERRSRV,ERRmsgoff));
+  if (! (*lp_msg_command())) {
+    END_PROFILE(SMBsendtxt);
+    return(ERROR_DOS(ERRSRV,ERRmsgoff));
+  }
 
   outsize = set_message(outbuf,0,0,True);
 
   msg = smb_buf(inbuf) + 1;
 
   len = SVAL(msg,0);
-  len = MIN(len,1600-msgpos);
+  len = MIN(len,sizeof(msgbuf)-msgpos);
 
   memcpy(&msgbuf[msgpos],msg+2,len);
   msgpos += len;
 
-  DEBUG(3,("%s SMBsendtxt\n",timestring()));
+  DEBUG( 3, ( "SMBsendtxt\n" ) );
 
+  END_PROFILE(SMBsendtxt);
   return(outsize);
 }
 
@@ -186,19 +206,23 @@ int reply_sendtxt(char *inbuf,char *outbuf)
 /****************************************************************************
   reply to a sendend
 ****************************************************************************/
-int reply_sendend(char *inbuf,char *outbuf)
+int reply_sendend(connection_struct *conn,
+		  char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
 {
   int outsize = 0;
+  START_PROFILE(SMBsendend);
 
-  if (! (*lp_msg_command()))
-    return(ERROR(ERRSRV,ERRmsgoff));
+  if (! (*lp_msg_command())) {
+    END_PROFILE(SMBsendend);
+    return(ERROR_DOS(ERRSRV,ERRmsgoff));
+  }
 
   outsize = set_message(outbuf,0,0,True);
 
-  DEBUG(3,("%s SMBsendend\n",timestring()));
+  DEBUG(3,("SMBsendend\n"));
 
   msg_deliver();
 
+  END_PROFILE(SMBsendend);
   return(outsize);
 }
-
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
new file mode 100644
index 0000000000..18682e6c9f
--- /dev/null
+++ b/source3/smbd/negprot.c
@@ -0,0 +1,509 @@
+/* 
+   Unix SMB/CIFS implementation.
+   negprot reply code
+   Copyright (C) Andrew Tridgell 1992-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+extern int Protocol;
+extern int max_recv;
+extern fstring global_myworkgroup;
+extern fstring remote_machine;
+BOOL global_encrypted_passwords_negotiated = False;
+BOOL global_spnego_negotiated = False;
+struct auth_context *negprot_global_auth_context = NULL;
+
+static void get_challenge(char buff[8]) 
+{
+	NTSTATUS nt_status;
+	const uint8 *cryptkey;
+
+	/* We might be called more than once, muliple negprots are premitted */
+	if (negprot_global_auth_context) {
+		DEBUG(3, ("get challenge: is this a secondary negprot?  negprot_global_auth_context is non-NULL!\n"));
+		(negprot_global_auth_context->free)(&negprot_global_auth_context);
+	}
+
+	DEBUG(10, ("get challenge: creating negprot_global_auth_context\n"));
+	if (!NT_STATUS_IS_OK(nt_status = make_auth_context_subsystem(&negprot_global_auth_context))) {
+		DEBUG(0, ("make_auth_context_subsystem returned %s", nt_errstr(nt_status)));
+		smb_panic("cannot make_negprot_global_auth_context!\n");
+	}
+	DEBUG(10, ("get challenge: getting challenge\n"));
+	cryptkey = negprot_global_auth_context->get_ntlm_challenge(negprot_global_auth_context);
+	memcpy(buff, cryptkey, 8);
+}
+
+/****************************************************************************
+reply for the core protocol
+****************************************************************************/
+static int reply_corep(char *inbuf, char *outbuf)
+{
+	int outsize = set_message(outbuf,1,0,True);
+
+	Protocol = PROTOCOL_CORE;
+	
+	return outsize;
+}
+
+
+/****************************************************************************
+reply for the coreplus protocol
+****************************************************************************/
+static int reply_coreplus(char *inbuf, char *outbuf)
+{
+  int raw = (lp_readraw()?1:0) | (lp_writeraw()?2:0);
+  int outsize = set_message(outbuf,13,0,True);
+  SSVAL(outbuf,smb_vwv5,raw); /* tell redirector we support
+				 readbraw and writebraw (possibly) */
+  /* Reply, SMBlockread, SMBwritelock supported. */
+  SCVAL(outbuf,smb_flg,FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
+  SSVAL(outbuf,smb_vwv1,0x1); /* user level security, don't encrypt */	
+
+  Protocol = PROTOCOL_COREPLUS;
+
+  return outsize;
+}
+
+
+/****************************************************************************
+reply for the lanman 1.0 protocol
+****************************************************************************/
+static int reply_lanman1(char *inbuf, char *outbuf)
+{
+  int raw = (lp_readraw()?1:0) | (lp_writeraw()?2:0);
+  int secword=0;
+  time_t t = time(NULL);
+
+  global_encrypted_passwords_negotiated = lp_encrypted_passwords();
+
+  if (lp_security()>=SEC_USER) secword |= 1;
+  if (global_encrypted_passwords_negotiated) secword |= 2;
+
+  set_message(outbuf,13,global_encrypted_passwords_negotiated?8:0,True);
+  SSVAL(outbuf,smb_vwv1,secword); 
+  /* Create a token value and add it to the outgoing packet. */
+  if (global_encrypted_passwords_negotiated) {
+	  get_challenge(smb_buf(outbuf));
+  }
+
+  Protocol = PROTOCOL_LANMAN1;
+
+  /* Reply, SMBlockread, SMBwritelock supported. */
+  SCVAL(outbuf,smb_flg,FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
+  SSVAL(outbuf,smb_vwv2,max_recv);
+  SSVAL(outbuf,smb_vwv3,lp_maxmux()); /* maxmux */
+  SSVAL(outbuf,smb_vwv4,1);
+  SSVAL(outbuf,smb_vwv5,raw); /* tell redirector we support
+				 readbraw writebraw (possibly) */
+  SIVAL(outbuf,smb_vwv6,sys_getpid());
+  SSVAL(outbuf,smb_vwv10, TimeDiff(t)/60);
+
+  put_dos_date(outbuf,smb_vwv8,t);
+
+  return (smb_len(outbuf)+4);
+}
+
+
+/****************************************************************************
+reply for the lanman 2.0 protocol
+****************************************************************************/
+static int reply_lanman2(char *inbuf, char *outbuf)
+{
+  int raw = (lp_readraw()?1:0) | (lp_writeraw()?2:0);
+  int secword=0;
+  time_t t = time(NULL);
+
+  global_encrypted_passwords_negotiated = lp_encrypted_passwords();
+  
+  if (lp_security()>=SEC_USER) secword |= 1;
+  if (global_encrypted_passwords_negotiated) secword |= 2;
+
+  set_message(outbuf,13,global_encrypted_passwords_negotiated?8:0,True);
+  SSVAL(outbuf,smb_vwv1,secword); 
+  SIVAL(outbuf,smb_vwv6,sys_getpid());
+
+  /* Create a token value and add it to the outgoing packet. */
+  if (global_encrypted_passwords_negotiated) {
+	  get_challenge(smb_buf(outbuf));
+  }
+
+  Protocol = PROTOCOL_LANMAN2;
+
+  /* Reply, SMBlockread, SMBwritelock supported. */
+  SCVAL(outbuf,smb_flg,FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
+  SSVAL(outbuf,smb_vwv2,max_recv);
+  SSVAL(outbuf,smb_vwv3,lp_maxmux()); 
+  SSVAL(outbuf,smb_vwv4,1);
+  SSVAL(outbuf,smb_vwv5,raw); /* readbraw and/or writebraw */
+  SSVAL(outbuf,smb_vwv10, TimeDiff(t)/60);
+  put_dos_date(outbuf,smb_vwv8,t);
+
+  return (smb_len(outbuf)+4);
+}
+
+
+
+/* 
+   generate the spnego negprot reply blob. Return the number of bytes used
+*/
+static int negprot_spnego(char *p)
+{
+	DATA_BLOB blob;
+	extern pstring global_myname;
+	uint8 guid[16];
+	const char *OIDs_krb5[] = {OID_NTLMSSP,
+				   OID_KERBEROS5,
+				   OID_KERBEROS5_OLD,
+				   NULL};
+	const char *OIDs_plain[] = {OID_NTLMSSP, NULL};
+	char *principal;
+	int len;
+
+	global_spnego_negotiated = True;
+
+	memset(guid, 0, 16);
+	safe_strcpy((char *)guid, global_myname, 16);
+	strlower((char *)guid);
+
+#if 0
+	/* strangely enough, NT does not sent the single OID NTLMSSP when
+	   not a ADS member, it sends no OIDs at all
+
+	   we can't do this until we teach our sesssion setup parser to know
+	   about raw NTLMSSP (clients send no ASN.1 wrapping if we do this)
+	*/
+	if (lp_security() != SEC_ADS) {
+		memcpy(p, guid, 16);
+		return 16;
+	}
+#endif
+	if (lp_security() != SEC_ADS) {
+		blob = spnego_gen_negTokenInit(guid, OIDs_plain, "NONE");
+	} else {
+		ADS_STRUCT *ads;
+		ads = ads_init(NULL, NULL, NULL, NULL);
+		/* win2000 uses host$@REALM, which we will probably use eventually,
+		   but for now this works */
+		asprintf(&principal, "HOST/%s@%s", guid, ads->realm);
+		blob = spnego_gen_negTokenInit(guid, OIDs_krb5, principal);
+		free(principal);
+		ads_destroy(&ads);
+	}
+	memcpy(p, blob.data, blob.length);
+	len = blob.length;
+	data_blob_free(&blob);
+	return len;
+}
+
+		
+
+/****************************************************************************
+reply for the nt protocol
+****************************************************************************/
+static int reply_nt1(char *inbuf, char *outbuf)
+{
+	/* dual names + lock_and_read + nt SMBs + remote API calls */
+	int capabilities = CAP_NT_FIND|CAP_LOCK_AND_READ|
+		CAP_LEVEL_II_OPLOCKS;
+
+	int secword=0;
+	time_t t = time(NULL);
+	char *p, *q;
+	BOOL negotiate_spnego = False;
+
+	global_encrypted_passwords_negotiated = lp_encrypted_passwords();
+
+	/* do spnego in user level security if the client
+	   supports it and we can do encrypted passwords */
+	
+	if (global_encrypted_passwords_negotiated && 
+	    (lp_security() != SEC_SHARE) &&
+	    lp_use_spnego() &&
+	    (SVAL(inbuf, smb_flg2) & FLAGS2_EXTENDED_SECURITY)) {
+		negotiate_spnego = True;
+		capabilities |= CAP_EXTENDED_SECURITY;
+	}
+	
+	capabilities |= CAP_NT_SMBS|CAP_RPC_REMOTE_APIS|CAP_UNIX;
+	
+	if (lp_large_readwrite() && (SMB_OFF_T_BITS == 64))
+		capabilities |= CAP_LARGE_READX|CAP_LARGE_WRITEX|CAP_W2K_SMBS;
+	
+	if (SMB_OFF_T_BITS == 64)
+		capabilities |= CAP_LARGE_FILES;
+
+	if (lp_readraw() && lp_writeraw())
+		capabilities |= CAP_RAW_MODE;
+	
+	/* allow for disabling unicode */
+	if (lp_unicode())
+		capabilities |= CAP_UNICODE;
+
+	if (lp_nt_status_support())
+		capabilities |= CAP_STATUS32;
+	
+	if (lp_host_msdfs())
+		capabilities |= CAP_DFS;
+	
+	if (lp_security() >= SEC_USER)
+		secword |= 1;
+	if (global_encrypted_passwords_negotiated)
+		secword |= 2;
+	
+	set_message(outbuf,17,0,True);
+	
+	SCVAL(outbuf,smb_vwv1,secword);
+	
+	Protocol = PROTOCOL_NT1;
+	
+	SSVAL(outbuf,smb_vwv1+1,lp_maxmux()); /* maxmpx */
+	SSVAL(outbuf,smb_vwv2+1,1); /* num vcs */
+	SIVAL(outbuf,smb_vwv3+1,0xffff); /* max buffer. LOTS! */
+	SIVAL(outbuf,smb_vwv5+1,0x10000); /* raw size. full 64k */
+	SIVAL(outbuf,smb_vwv7+1,sys_getpid()); /* session key */
+	SIVAL(outbuf,smb_vwv9+1,capabilities); /* capabilities */
+	put_long_date(outbuf+smb_vwv11+1,t);
+	SSVALS(outbuf,smb_vwv15+1,TimeDiff(t)/60);
+	
+	p = q = smb_buf(outbuf);
+	if (!negotiate_spnego) {
+		/* Create a token value and add it to the outgoing packet. */
+		if (global_encrypted_passwords_negotiated) {
+			get_challenge(p);
+		}
+		SSVALS(outbuf,smb_vwv16+1,8);
+		p += 8;
+		p += srvstr_push(outbuf, p, global_myworkgroup, -1, 
+				 STR_UNICODE|STR_TERMINATE|STR_NOALIGN);
+		DEBUG(3,("not using SPNEGO\n"));
+	} else {
+		int len = negprot_spnego(p);
+		
+		SSVALS(outbuf,smb_vwv16+1,len);
+		p += len;
+		DEBUG(3,("using SPNEGO\n"));
+	}
+	
+	SSVAL(outbuf,smb_vwv17, p - q); /* length of challenge+domain strings */
+	set_message_end(outbuf, p);
+	
+	return (smb_len(outbuf)+4);
+}
+
+/* these are the protocol lists used for auto architecture detection:
+
+WinNT 3.51:
+protocol [PC NETWORK PROGRAM 1.0]
+protocol [XENIX CORE]
+protocol [MICROSOFT NETWORKS 1.03]
+protocol [LANMAN1.0]
+protocol [Windows for Workgroups 3.1a]
+protocol [LM1.2X002]
+protocol [LANMAN2.1]
+protocol [NT LM 0.12]
+
+Win95:
+protocol [PC NETWORK PROGRAM 1.0]
+protocol [XENIX CORE]
+protocol [MICROSOFT NETWORKS 1.03]
+protocol [LANMAN1.0]
+protocol [Windows for Workgroups 3.1a]
+protocol [LM1.2X002]
+protocol [LANMAN2.1]
+protocol [NT LM 0.12]
+
+Win2K:
+protocol [PC NETWORK PROGRAM 1.0]
+protocol [LANMAN1.0]
+protocol [Windows for Workgroups 3.1a]
+protocol [LM1.2X002]
+protocol [LANMAN2.1]
+protocol [NT LM 0.12]
+
+OS/2:
+protocol [PC NETWORK PROGRAM 1.0]
+protocol [XENIX CORE]
+protocol [LANMAN1.0]
+protocol [LM1.2X002]
+protocol [LANMAN2.1]
+*/
+
+/*
+  * Modified to recognize the architecture of the remote machine better.
+  *
+  * This appears to be the matrix of which protocol is used by which
+  * MS product.
+       Protocol                       WfWg    Win95   WinNT  Win2K  OS/2
+       PC NETWORK PROGRAM 1.0          1       1       1      1      1
+       XENIX CORE                                      2             2
+       MICROSOFT NETWORKS 3.0          2       2       
+       DOS LM1.2X002                   3       3       
+       MICROSOFT NETWORKS 1.03                         3
+       DOS LANMAN2.1                   4       4       
+       LANMAN1.0                                       4      2      3
+       Windows for Workgroups 3.1a     5       5       5      3
+       LM1.2X002                                       6      4      4
+       LANMAN2.1                                       7      5      5
+       NT LM 0.12                              6       8      6
+  *
+  *  tim@fsg.com 09/29/95
+  *  Win2K added by matty 17/7/99
+  */
+  
+#define ARCH_WFWG     0x3      /* This is a fudge because WfWg is like Win95 */
+#define ARCH_WIN95    0x2
+#define ARCH_WINNT    0x4
+#define ARCH_WIN2K    0xC      /* Win2K is like NT */
+#define ARCH_OS2      0x14     /* Again OS/2 is like NT */
+#define ARCH_SAMBA    0x20
+ 
+#define ARCH_ALL      0x3F
+ 
+/* List of supported protocols, most desired first */
+static struct {
+  char *proto_name;
+  char *short_name;
+  int (*proto_reply_fn)(char *, char *);
+  int protocol_level;
+} supported_protocols[] = {
+  {"NT LANMAN 1.0",           "NT1",      reply_nt1,      PROTOCOL_NT1},
+  {"NT LM 0.12",              "NT1",      reply_nt1,      PROTOCOL_NT1},
+  {"LM1.2X002",               "LANMAN2",  reply_lanman2,  PROTOCOL_LANMAN2},
+  {"Samba",                   "LANMAN2",  reply_lanman2,  PROTOCOL_LANMAN2},
+  {"DOS LM1.2X002",           "LANMAN2",  reply_lanman2,  PROTOCOL_LANMAN2},
+  {"LANMAN1.0",               "LANMAN1",  reply_lanman1,  PROTOCOL_LANMAN1},
+  {"MICROSOFT NETWORKS 3.0",  "LANMAN1",  reply_lanman1,  PROTOCOL_LANMAN1},
+  {"MICROSOFT NETWORKS 1.03", "COREPLUS", reply_coreplus, PROTOCOL_COREPLUS},
+  {"PC NETWORK PROGRAM 1.0",  "CORE",     reply_corep,    PROTOCOL_CORE}, 
+  {NULL,NULL,NULL,0},
+};
+
+
+/****************************************************************************
+  reply to a negprot
+****************************************************************************/
+int reply_negprot(connection_struct *conn, 
+		  char *inbuf,char *outbuf, int dum_size, 
+		  int dum_buffsize)
+{
+  int outsize = set_message(outbuf,1,0,True);
+  int Index=0;
+  int choice= -1;
+  int protocol;
+  char *p;
+  int bcc = SVAL(smb_buf(inbuf),-2);
+  int arch = ARCH_ALL;
+  START_PROFILE(SMBnegprot);
+
+  p = smb_buf(inbuf)+1;
+  while (p < (smb_buf(inbuf) + bcc))
+    { 
+      Index++;
+      DEBUG(3,("Requested protocol [%s]\n",p));
+      if (strcsequal(p,"Windows for Workgroups 3.1a"))
+	arch &= ( ARCH_WFWG | ARCH_WIN95 | ARCH_WINNT | ARCH_WIN2K );
+      else if (strcsequal(p,"DOS LM1.2X002"))
+	arch &= ( ARCH_WFWG | ARCH_WIN95 );
+      else if (strcsequal(p,"DOS LANMAN2.1"))
+	arch &= ( ARCH_WFWG | ARCH_WIN95 );
+      else if (strcsequal(p,"NT LM 0.12"))
+	arch &= ( ARCH_WIN95 | ARCH_WINNT | ARCH_WIN2K );
+      else if (strcsequal(p,"LANMAN2.1"))
+	arch &= ( ARCH_WINNT | ARCH_WIN2K | ARCH_OS2 );
+      else if (strcsequal(p,"LM1.2X002"))
+	arch &= ( ARCH_WINNT | ARCH_WIN2K | ARCH_OS2 );
+      else if (strcsequal(p,"MICROSOFT NETWORKS 1.03"))
+	arch &= ARCH_WINNT;
+      else if (strcsequal(p,"XENIX CORE"))
+	arch &= ( ARCH_WINNT | ARCH_OS2 );
+      else if (strcsequal(p,"Samba")) {
+	arch = ARCH_SAMBA;
+	break;
+      }
+ 
+      p += strlen(p) + 2;
+    }
+    
+  switch ( arch ) {
+  case ARCH_SAMBA:
+    set_remote_arch(RA_SAMBA);
+    break;
+  case ARCH_WFWG:
+    set_remote_arch(RA_WFWG);
+    break;
+  case ARCH_WIN95:
+    set_remote_arch(RA_WIN95);
+    break;
+  case ARCH_WINNT:
+   if(SVAL(inbuf,smb_flg2)==FLAGS2_WIN2K_SIGNATURE)
+     set_remote_arch(RA_WIN2K);
+   else
+     set_remote_arch(RA_WINNT);
+    break;
+  case ARCH_WIN2K:
+    set_remote_arch(RA_WIN2K);
+    break;
+  case ARCH_OS2:
+    set_remote_arch(RA_OS2);
+    break;
+  default:
+    set_remote_arch(RA_UNKNOWN);
+    break;
+  }
+ 
+  /* possibly reload - change of architecture */
+  reload_services(True);      
+    
+  /* Check for protocols, most desirable first */
+  for (protocol = 0; supported_protocols[protocol].proto_name; protocol++)
+    {
+      p = smb_buf(inbuf)+1;
+      Index = 0;
+      if ((supported_protocols[protocol].protocol_level <= lp_maxprotocol()) &&
+	  (supported_protocols[protocol].protocol_level >= lp_minprotocol()))
+	while (p < (smb_buf(inbuf) + bcc))
+	  { 
+	    if (strequal(p,supported_protocols[protocol].proto_name))
+	      choice = Index;
+	    Index++;
+	    p += strlen(p) + 2;
+	  }
+      if(choice != -1)
+	break;
+    }
+  
+  SSVAL(outbuf,smb_vwv0,choice);
+  if(choice != -1) {
+    extern fstring remote_proto;
+    fstrcpy(remote_proto,supported_protocols[protocol].short_name);
+    reload_services(True);          
+    outsize = supported_protocols[protocol].proto_reply_fn(inbuf, outbuf);
+    DEBUG(3,("Selected protocol %s\n",supported_protocols[protocol].proto_name));
+  }
+  else {
+    DEBUG(0,("No protocol supported !\n"));
+  }
+  SSVAL(outbuf,smb_vwv0,choice);
+  
+  DEBUG( 5, ( "negprot index=%d\n", choice ) );
+
+  END_PROFILE(SMBnegprot);
+  return(outsize);
+}
+
diff --git a/source3/smbd/noquotas.c b/source3/smbd/noquotas.c
new file mode 100644
index 0000000000..85caef57e1
--- /dev/null
+++ b/source3/smbd/noquotas.c
@@ -0,0 +1,38 @@
+/*
+   Unix SMB/CIFS implementation.
+   No support for quotas :-).
+   Copyright (C) Andrew Tridgell 1992-1998
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/*
+ * Needed for auto generation of proto.h.
+ */
+
+BOOL disk_quotas(const char *path,SMB_BIG_UINT *bsize,SMB_BIG_UINT *dfree,SMB_BIG_UINT *dsize)
+{
+  (*bsize) = 512; /* This value should be ignored */
+
+  /* And just to be sure we set some values that hopefully */
+  /* will be larger that any possible real-world value     */
+  (*dfree) = (SMB_BIG_UINT)-1;
+  (*dsize) = (SMB_BIG_UINT)-1;
+
+  /* As we have select not to use quotas, allways fail */
+  return False;
+}
diff --git a/source3/smbd/notify.c b/source3/smbd/notify.c
new file mode 100644
index 0000000000..0895ddaf87
--- /dev/null
+++ b/source3/smbd/notify.c
@@ -0,0 +1,220 @@
+/*
+   Unix SMB/CIFS implementation.
+   change notify handling
+   Copyright (C) Andrew Tridgell 2000
+   Copyright (C) Jeremy Allison 1994-1998
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+static struct cnotify_fns *cnotify;
+
+/****************************************************************************
+ This is the structure to queue to implement NT change
+ notify. It consists of smb_size bytes stored from the
+ transact command (to keep the mid, tid etc around).
+ Plus the fid to examine and notify private data.
+*****************************************************************************/
+
+struct change_notify {
+	struct change_notify *next, *prev;
+	files_struct *fsp;
+	connection_struct *conn;
+	uint32 flags;
+	char request_buf[smb_size];
+	void *change_data;
+};
+
+static struct change_notify *change_notify_list;
+
+/****************************************************************************
+ Setup the common parts of the return packet and send it.
+*****************************************************************************/
+static void change_notify_reply_packet(char *inbuf, NTSTATUS error_code)
+{
+	char outbuf[smb_size+38];
+
+	memset(outbuf, '\0', sizeof(outbuf));
+	construct_reply_common(inbuf, outbuf);
+
+	ERROR_NT(error_code);
+
+	/*
+	 * Seems NT needs a transact command with an error code
+	 * in it. This is a longer packet than a simple error.
+	 */
+	set_message(outbuf,18,0,False);
+
+	if (!send_smb(smbd_server_fd(),outbuf))
+		exit_server("change_notify_reply_packet: send_smb failed.");
+}
+
+/****************************************************************************
+ Remove an entry from the list and free it, also closing any
+ directory handle if necessary.
+*****************************************************************************/
+
+static void change_notify_remove(struct change_notify *cnbp)
+{
+	cnotify->remove_notify(cnbp->change_data);
+	DLIST_REMOVE(change_notify_list, cnbp);
+	ZERO_STRUCTP(cnbp);
+	SAFE_FREE(cnbp);
+}
+
+/****************************************************************************
+ Delete entries by fnum from the change notify pending queue.
+*****************************************************************************/
+
+void remove_pending_change_notify_requests_by_fid(files_struct *fsp)
+{
+	struct change_notify *cnbp, *next;
+
+	for (cnbp=change_notify_list; cnbp; cnbp=next) {
+		next=cnbp->next;
+		if (cnbp->fsp->fnum == fsp->fnum) {
+			change_notify_remove(cnbp);
+		}
+	}
+}
+
+/****************************************************************************
+ Delete entries by mid from the change notify pending queue. Always send reply.
+*****************************************************************************/
+
+void remove_pending_change_notify_requests_by_mid(int mid)
+{
+	struct change_notify *cnbp, *next;
+
+	for (cnbp=change_notify_list; cnbp; cnbp=next) {
+		next=cnbp->next;
+		if(SVAL(cnbp->request_buf,smb_mid) == mid) {
+			change_notify_reply_packet(cnbp->request_buf,NT_STATUS_CANCELLED);
+			change_notify_remove(cnbp);
+		}
+	}
+}
+
+/****************************************************************************
+ Delete entries by filename and cnum from the change notify pending queue.
+ Always send reply.
+*****************************************************************************/
+
+void remove_pending_change_notify_requests_by_filename(files_struct *fsp)
+{
+	struct change_notify *cnbp, *next;
+
+	for (cnbp=change_notify_list; cnbp; cnbp=next) {
+		next=cnbp->next;
+		/*
+		 * We know it refers to the same directory if the connection number and
+		 * the filename are identical.
+		 */
+		if((cnbp->fsp->conn == fsp->conn) && strequal(cnbp->fsp->fsp_name,fsp->fsp_name)) {
+			change_notify_reply_packet(cnbp->request_buf,NT_STATUS_CANCELLED);
+			change_notify_remove(cnbp);
+		}
+	}
+}
+
+/****************************************************************************
+ Return true if there are pending change notifies.
+****************************************************************************/
+
+int change_notify_timeout(void)
+{
+	return cnotify->select_time;
+}
+
+/****************************************************************************
+ Process the change notify queue. Note that this is only called as root.
+ Returns True if there are still outstanding change notify requests on the
+ queue.
+*****************************************************************************/
+
+BOOL process_pending_change_notify_queue(time_t t)
+{
+	struct change_notify *cnbp, *next;
+	uint16 vuid;
+
+	for (cnbp=change_notify_list; cnbp; cnbp=next) {
+		next=cnbp->next;
+
+		vuid = (lp_security() == SEC_SHARE) ? UID_FIELD_INVALID : SVAL(cnbp->request_buf,smb_uid);
+
+		if (cnotify->check_notify(cnbp->conn, vuid, cnbp->fsp->fsp_name, cnbp->flags, cnbp->change_data, t)) {
+			DEBUG(10,("process_pending_change_notify_queue: dir %s changed !\n", cnbp->fsp->fsp_name ));
+			change_notify_reply_packet(cnbp->request_buf,STATUS_NOTIFY_ENUM_DIR);
+			change_notify_remove(cnbp);
+		}
+	}
+
+	return (change_notify_list != NULL);
+}
+
+/****************************************************************************
+ Now queue an entry on the notify change list.
+ We only need to save smb_size bytes from this incoming packet
+ as we will always by returning a 'read the directory yourself'
+ error.
+****************************************************************************/
+
+BOOL change_notify_set(char *inbuf, files_struct *fsp, connection_struct *conn, uint32 flags)
+{
+	struct change_notify *cnbp;
+
+	if((cnbp = (struct change_notify *)malloc(sizeof(*cnbp))) == NULL) {
+		DEBUG(0,("call_nt_transact_notify_change: malloc fail !\n" ));
+		return -1;
+	}
+
+	ZERO_STRUCTP(cnbp);
+
+	memcpy(cnbp->request_buf, inbuf, smb_size);
+	cnbp->fsp = fsp;
+	cnbp->conn = conn;
+	cnbp->flags = flags;
+	cnbp->change_data = cnotify->register_notify(conn, fsp->fsp_name, flags);
+	
+	if (!cnbp->change_data) {
+		SAFE_FREE(cnbp);
+		return False;
+	}
+
+	DLIST_ADD(change_notify_list, cnbp);
+
+	return True;
+}
+
+/****************************************************************************
+ Initialise the change notify subsystem.
+****************************************************************************/
+
+BOOL init_change_notify(void)
+{
+#if HAVE_KERNEL_CHANGE_NOTIFY
+	cnotify = kernel_notify_init();
+#endif
+	if (!cnotify) cnotify = hash_notify_init();
+	
+	if (!cnotify) {
+		DEBUG(0,("Failed to init change notify system\n"));
+		return False;
+	}
+
+	return True;
+}
diff --git a/source3/smbd/notify_hash.c b/source3/smbd/notify_hash.c
new file mode 100644
index 0000000000..d8b35462ac
--- /dev/null
+++ b/source3/smbd/notify_hash.c
@@ -0,0 +1,225 @@
+/*
+   Unix SMB/CIFS implementation.
+   change notify handling - hash based implementation
+   Copyright (C) Jeremy Allison 1994-1998
+   Copyright (C) Andrew Tridgell 2000
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+struct change_data {
+	time_t last_check_time; /* time we last checked this entry */
+	time_t modify_time; /* Info from the directory we're monitoring. */ 
+	time_t status_time; /* Info from the directory we're monitoring. */
+	time_t total_time; /* Total time of all directory entries - don't care if it wraps. */
+	unsigned int num_entries; /* Zero or the number of files in the directory. */
+	unsigned int mode_sum;
+	unsigned char name_hash[16];
+};
+
+/****************************************************************************
+ Create the hash we will use to determine if the contents changed.
+*****************************************************************************/
+
+static BOOL notify_hash(connection_struct *conn, char *path, uint32 flags, 
+			struct change_data *data, struct change_data *old_data)
+{
+	SMB_STRUCT_STAT st;
+	pstring full_name;
+	char *p;
+	char *fname;
+	size_t remaining_len;
+	size_t fullname_len;
+	void *dp;
+
+	ZERO_STRUCTP(data);
+
+	if(vfs_stat(conn,path, &st) == -1)
+		return False;
+
+	data->modify_time = st.st_mtime;
+	data->status_time = st.st_ctime;
+
+	if (old_data) {
+		/*
+		 * Shortcut to avoid directory scan if the time
+		 * has changed - we always must return true then.
+		 */
+		if (old_data->modify_time != data->modify_time ||
+			old_data->status_time != data->status_time ) {
+				return True;
+		}
+	}
+ 
+	/*
+	 * If we are to watch for changes that are only stored
+	 * in inodes of files, not in the directory inode, we must
+	 * scan the directory and produce a unique identifier with
+	 * which we can determine if anything changed. We use the
+	 * modify and change times from all the files in the
+	 * directory, added together (ignoring wrapping if it's
+	 * larger than the max time_t value).
+	 */
+
+	dp = OpenDir(conn, path, True);
+	if (dp == NULL)
+		return False;
+
+	data->num_entries = 0;
+	
+	pstrcpy(full_name, path);
+	pstrcat(full_name, "/");
+	
+	fullname_len = strlen(full_name);
+	remaining_len = sizeof(full_name) - fullname_len - 1;
+	p = &full_name[fullname_len];
+	
+	while ((fname = ReadDirName(dp))) {
+		if(strequal(fname, ".") || strequal(fname, ".."))
+			continue;		
+
+		data->num_entries++;
+		safe_strcpy(p, fname, remaining_len);
+
+		ZERO_STRUCT(st);
+
+		/*
+		 * Do the stat - but ignore errors.
+		 */		
+		vfs_stat(conn,full_name, &st);
+
+		/*
+		 * Always sum the times.
+		 */
+
+		data->total_time += (st.st_mtime + st.st_ctime);
+
+		/*
+		 * If requested hash the names.
+		 */
+
+		if (flags & (FILE_NOTIFY_CHANGE_DIR_NAME|FILE_NOTIFY_CHANGE_FILE_NAME|FILE_NOTIFY_CHANGE_FILE)) {
+			int i;
+			unsigned char tmp_hash[16];
+			mdfour(tmp_hash, (unsigned char *)fname, strlen(fname));
+			for (i=0;i<16;i++)
+				data->name_hash[i] ^= tmp_hash[i];
+		}
+
+		/*
+		 * If requested sum the mode_t's.
+		 */
+
+		if (flags & (FILE_NOTIFY_CHANGE_ATTRIBUTES|FILE_NOTIFY_CHANGE_SECURITY))
+			data->mode_sum = st.st_mode;
+	}
+	
+	CloseDir(dp);
+	
+	return True;
+}
+
+/****************************************************************************
+ Register a change notify request.
+*****************************************************************************/
+
+static void *hash_register_notify(connection_struct *conn, char *path, uint32 flags)
+{
+	struct change_data data;
+
+	if (!notify_hash(conn, path, flags, &data, NULL))
+		return NULL;
+
+	data.last_check_time = time(NULL);
+
+	return (void *)memdup(&data, sizeof(data));
+}
+
+/****************************************************************************
+ Check if a change notify should be issued.
+ A time of zero means instantaneous check - don't modify the last check time.
+*****************************************************************************/
+
+static BOOL hash_check_notify(connection_struct *conn, uint16 vuid, char *path, uint32 flags, void *datap, time_t t)
+{
+	struct change_data *data = (struct change_data *)datap;
+	struct change_data data2;
+
+	if (t && t < data->last_check_time + lp_change_notify_timeout())
+		return False;
+
+	if (!change_to_user(conn,vuid))
+		return True;
+	if (!set_current_service(conn,True)) {
+		change_to_root_user();
+		return True;
+	}
+
+	if (!notify_hash(conn, path, flags, &data2, data) ||
+	    data2.modify_time != data->modify_time ||
+	    data2.status_time != data->status_time ||
+	    data2.total_time != data->total_time ||
+	    data2.num_entries != data->num_entries ||
+		data2.mode_sum != data->mode_sum ||
+		memcmp(data2.name_hash, data->name_hash, sizeof(data2.name_hash))) {
+		change_to_root_user();
+		return True;
+	}
+
+	if (t)
+		data->last_check_time = t;
+
+	change_to_root_user();
+
+	return False;
+}
+
+/****************************************************************************
+ Remove a change notify data structure.
+*****************************************************************************/
+
+static void hash_remove_notify(void *datap)
+{
+	free(datap);
+}
+
+/****************************************************************************
+ Setup hash based change notify.
+****************************************************************************/
+
+struct cnotify_fns *hash_notify_init(void) 
+{
+	static struct cnotify_fns cnotify;
+
+	cnotify.register_notify = hash_register_notify;
+	cnotify.check_notify = hash_check_notify;
+	cnotify.remove_notify = hash_remove_notify;
+	cnotify.select_time = lp_change_notify_timeout();
+
+	return &cnotify;
+}
+
+/*
+  change_notify_reply_packet(cnbp->request_buf,ERRSRV,ERRaccess);
+  change_notify_reply_packet(cnbp->request_buf,0,NT_STATUS_NOTIFY_ENUM_DIR);
+
+  chain_size = 0;
+  file_chain_reset();
+
+  uint16 vuid = (lp_security() == SEC_SHARE) ? UID_FIELD_INVALID : 
+  SVAL(cnbp->request_buf,smb_uid);
+*/
diff --git a/source3/smbd/notify_kernel.c b/source3/smbd/notify_kernel.c
new file mode 100644
index 0000000000..19ea41e195
--- /dev/null
+++ b/source3/smbd/notify_kernel.c
@@ -0,0 +1,206 @@
+/*
+   Unix SMB/CIFS implementation.
+   change notify handling - linux kernel based implementation
+   Copyright (C) Andrew Tridgell 2000
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+#if HAVE_KERNEL_CHANGE_NOTIFY
+
+static VOLATILE sig_atomic_t fd_pending;
+static VOLATILE sig_atomic_t signals_received;
+static VOLATILE sig_atomic_t signals_processed;
+
+#ifndef DN_ACCESS
+#define DN_ACCESS       0x00000001      /* File accessed in directory */
+#define DN_MODIFY       0x00000002      /* File modified in directory */
+#define DN_CREATE       0x00000004      /* File created in directory */
+#define DN_DELETE       0x00000008      /* File removed from directory */
+#define DN_RENAME       0x00000010      /* File renamed in directory */
+#define DN_ATTRIB       0x00000020      /* File changed attribute */
+#define DN_MULTISHOT    0x80000000      /* Don't remove notifier */
+#endif
+
+
+#ifndef RT_SIGNAL_NOTIFY
+#define RT_SIGNAL_NOTIFY 34
+#endif
+
+#ifndef F_SETSIG
+#define F_SETSIG 10
+#endif
+
+#ifndef F_NOTIFY
+#define F_NOTIFY 1026
+#endif
+
+/****************************************************************************
+ This is the structure to keep the information needed to
+ determine if a directory has changed.
+*****************************************************************************/
+struct change_data {
+	int directory_handle;
+};
+
+/****************************************************************************
+the signal handler for change notify
+*****************************************************************************/
+static void signal_handler(int sig, siginfo_t *info, void *unused)
+{
+	BlockSignals(True, sig);
+	fd_pending = (sig_atomic_t)info->si_fd;
+	signals_received++;
+	sys_select_signal();
+}
+
+
+
+/****************************************************************************
+ Check if a change notify should be issued.
+ time non-zero means timeout check (used for hash). Ignore this (async method
+ where time is zero will be used instead).
+*****************************************************************************/
+static BOOL kernel_check_notify(connection_struct *conn, uint16 vuid, char *path, uint32 flags, void *datap, time_t t)
+{
+	struct change_data *data = (struct change_data *)datap;
+
+	if (t)
+		return False;
+
+	if (data->directory_handle != (int)fd_pending) return False;
+
+	DEBUG(3,("kernel change notify on %s fd=%d\n", path, (int)fd_pending));
+
+	close((int)fd_pending);
+	fd_pending = (sig_atomic_t)-1;
+	data->directory_handle = -1;
+	signals_processed++;
+	BlockSignals(False, RT_SIGNAL_NOTIFY);
+	return True;
+}
+
+/****************************************************************************
+remove a change notify data structure
+*****************************************************************************/
+static void kernel_remove_notify(void *datap)
+{
+	struct change_data *data = (struct change_data *)datap;
+	int fd = data->directory_handle;
+	if (fd != -1) {
+		if (fd == (int)fd_pending) {
+			fd_pending = (sig_atomic_t)-1;
+			signals_processed++;
+			BlockSignals(False, RT_SIGNAL_NOTIFY);
+		}
+		close(fd);
+	}
+	SAFE_FREE(data);
+	DEBUG(3,("removed kernel change notify fd=%d\n", fd));
+}
+
+
+/****************************************************************************
+register a change notify request
+*****************************************************************************/
+static void *kernel_register_notify(connection_struct *conn, char *path, uint32 flags)
+{
+	struct change_data data;
+	int fd;
+	unsigned long kernel_flags;
+	
+	fd = conn->vfs_ops.open(conn, path, O_RDONLY, 0);
+
+	if (fd == -1) {
+		DEBUG(3,("Failed to open directory %s for change notify\n", path));
+		return NULL;
+	}
+
+	if (fcntl(fd, F_SETSIG, RT_SIGNAL_NOTIFY) == -1) {
+		DEBUG(3,("Failed to set signal handler for change notify\n"));
+		return NULL;
+	}
+
+	kernel_flags = DN_CREATE|DN_DELETE|DN_RENAME; /* creation/deletion changes everything! */
+	if (flags & FILE_NOTIFY_CHANGE_FILE)        kernel_flags |= DN_MODIFY;
+	if (flags & FILE_NOTIFY_CHANGE_DIR_NAME)    kernel_flags |= DN_RENAME|DN_DELETE;
+	if (flags & FILE_NOTIFY_CHANGE_ATTRIBUTES)  kernel_flags |= DN_ATTRIB;
+	if (flags & FILE_NOTIFY_CHANGE_SIZE)        kernel_flags |= DN_MODIFY;
+	if (flags & FILE_NOTIFY_CHANGE_LAST_WRITE)  kernel_flags |= DN_MODIFY;
+	if (flags & FILE_NOTIFY_CHANGE_LAST_ACCESS) kernel_flags |= DN_ACCESS;
+	if (flags & FILE_NOTIFY_CHANGE_CREATION)    kernel_flags |= DN_CREATE;
+	if (flags & FILE_NOTIFY_CHANGE_SECURITY)    kernel_flags |= DN_ATTRIB;
+	if (flags & FILE_NOTIFY_CHANGE_EA)          kernel_flags |= DN_ATTRIB;
+	if (flags & FILE_NOTIFY_CHANGE_FILE_NAME)   kernel_flags |= DN_RENAME|DN_DELETE;
+
+	if (fcntl(fd, F_NOTIFY, kernel_flags) == -1) {
+		DEBUG(3,("Failed to set async flag for change notify\n"));
+		return NULL;
+	}
+
+	data.directory_handle = fd;
+
+	DEBUG(3,("kernel change notify on %s (ntflags=0x%x flags=0x%x) fd=%d\n", 
+		 path, (int)flags, (int)kernel_flags, fd));
+
+	return (void *)memdup(&data, sizeof(data));
+}
+
+/****************************************************************************
+see if the kernel supports change notify
+****************************************************************************/
+static BOOL kernel_notify_available(void) 
+{
+	int fd, ret;
+	fd = open("/tmp", O_RDONLY);
+	if (fd == -1) return False; /* uggh! */
+	ret = fcntl(fd, F_NOTIFY, 0);
+	close(fd);
+	return ret == 0;
+}
+
+
+/****************************************************************************
+setup kernel based change notify
+****************************************************************************/
+struct cnotify_fns *kernel_notify_init(void) 
+{
+	static struct cnotify_fns cnotify;
+        struct sigaction act;
+
+        act.sa_handler = NULL;
+        act.sa_sigaction = signal_handler;
+        act.sa_flags = SA_SIGINFO;
+        if (sigaction(RT_SIGNAL_NOTIFY, &act, NULL) != 0) {
+		DEBUG(0,("Failed to setup RT_SIGNAL_NOTIFY handler\n"));
+		return NULL;
+        }
+
+	if (!kernel_notify_available()) return NULL;
+
+	cnotify.register_notify = kernel_register_notify;
+	cnotify.check_notify = kernel_check_notify;
+	cnotify.remove_notify = kernel_remove_notify;
+	cnotify.select_time = -1;
+
+	return &cnotify;
+}
+
+
+#else
+ void notify_kernel_dummy(void) {}
+#endif /* HAVE_KERNEL_CHANGE_NOTIFY */
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
new file mode 100644
index 0000000000..ed2979b3a4
--- /dev/null
+++ b/source3/smbd/nttrans.c
@@ -0,0 +1,1818 @@
+/*
+   Unix SMB/CIFS implementation.
+   SMB NT transaction handling
+   Copyright (C) Jeremy Allison 1994-1998
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+extern int Protocol;
+extern int smb_read_error;
+extern int global_oplock_break;
+extern BOOL case_sensitive;
+extern BOOL case_preserve;
+extern BOOL short_case_preserve;
+
+static char *known_nt_pipes[] = {
+  "\\LANMAN",
+  "\\srvsvc",
+  "\\samr",
+  "\\wkssvc",
+  "\\NETLOGON",
+  "\\ntlsa",
+  "\\ntsvcs",
+  "\\lsass",
+  "\\lsarpc",
+  "\\winreg",
+  "\\spoolss",
+  "\\netdfs",
+  NULL
+};
+
+/* Map generic permissions to file object specific permissions */
+ 
+struct generic_mapping file_generic_mapping = {
+	FILE_GENERIC_READ,
+	FILE_GENERIC_WRITE,
+	FILE_GENERIC_EXECUTE,
+	FILE_GENERIC_ALL
+};
+
+/****************************************************************************
+ Send the required number of replies back.
+ We assume all fields other than the data fields are
+ set correctly for the type of call.
+ HACK ! Always assumes smb_setup field is zero.
+****************************************************************************/
+
+static int send_nt_replies(char *inbuf, char *outbuf, int bufsize, NTSTATUS nt_error, char *params,
+                           int paramsize, char *pdata, int datasize)
+{
+  extern int max_send;
+  int data_to_send = datasize;
+  int params_to_send = paramsize;
+  int useable_space;
+  char *pp = params;
+  char *pd = pdata;
+  int params_sent_thistime, data_sent_thistime, total_sent_thistime;
+  int alignment_offset = 3;
+  int data_alignment_offset = 0;
+
+  /*
+   * Initially set the wcnt area to be 18 - this is true for all
+   * transNT replies.
+   */
+
+  set_message(outbuf,18,0,True);
+
+  if (NT_STATUS_V(nt_error)) {
+	  ERROR_NT(nt_error);
+  }
+
+  /* 
+   * If there genuinely are no parameters or data to send just send
+   * the empty packet.
+   */
+
+  if(params_to_send == 0 && data_to_send == 0) {
+    if (!send_smb(smbd_server_fd(),outbuf))
+		exit_server("send_nt_replies: send_smb failed.");
+    return 0;
+  }
+
+  /*
+   * When sending params and data ensure that both are nicely aligned.
+   * Only do this alignment when there is also data to send - else
+   * can cause NT redirector problems.
+   */
+
+  if (((params_to_send % 4) != 0) && (data_to_send != 0))
+    data_alignment_offset = 4 - (params_to_send % 4);
+
+  /* 
+   * Space is bufsize minus Netbios over TCP header minus SMB header.
+   * The alignment_offset is to align the param bytes on a four byte
+   * boundary (2 bytes for data len, one byte pad). 
+   * NT needs this to work correctly.
+   */
+
+  useable_space = bufsize - ((smb_buf(outbuf)+
+                    alignment_offset+data_alignment_offset) -
+                    outbuf);
+
+  /*
+   * useable_space can never be more than max_send minus the
+   * alignment offset.
+   */
+
+  useable_space = MIN(useable_space,
+                      max_send - (alignment_offset+data_alignment_offset));
+
+
+  while (params_to_send || data_to_send) {
+
+    /*
+     * Calculate whether we will totally or partially fill this packet.
+     */
+
+    total_sent_thistime = params_to_send + data_to_send +
+                            alignment_offset + data_alignment_offset;
+
+    /* 
+     * We can never send more than useable_space.
+     */
+
+    total_sent_thistime = MIN(total_sent_thistime, useable_space);
+
+    set_message(outbuf, 18, total_sent_thistime, True);
+
+    /*
+     * Set total params and data to be sent.
+     */
+
+    SIVAL(outbuf,smb_ntr_TotalParameterCount,paramsize);
+    SIVAL(outbuf,smb_ntr_TotalDataCount,datasize);
+
+    /* 
+     * Calculate how many parameters and data we can fit into
+     * this packet. Parameters get precedence.
+     */
+
+    params_sent_thistime = MIN(params_to_send,useable_space);
+    data_sent_thistime = useable_space - params_sent_thistime;
+    data_sent_thistime = MIN(data_sent_thistime,data_to_send);
+
+    SIVAL(outbuf,smb_ntr_ParameterCount,params_sent_thistime);
+
+    if(params_sent_thistime == 0) {
+      SIVAL(outbuf,smb_ntr_ParameterOffset,0);
+      SIVAL(outbuf,smb_ntr_ParameterDisplacement,0);
+    } else {
+      /*
+       * smb_ntr_ParameterOffset is the offset from the start of the SMB header to the
+       * parameter bytes, however the first 4 bytes of outbuf are
+       * the Netbios over TCP header. Thus use smb_base() to subtract
+       * them from the calculation.
+       */
+
+      SIVAL(outbuf,smb_ntr_ParameterOffset,
+            ((smb_buf(outbuf)+alignment_offset) - smb_base(outbuf)));
+      /* 
+       * Absolute displacement of param bytes sent in this packet.
+       */
+
+      SIVAL(outbuf,smb_ntr_ParameterDisplacement,pp - params);
+    }
+
+    /*
+     * Deal with the data portion.
+     */
+
+    SIVAL(outbuf,smb_ntr_DataCount, data_sent_thistime);
+
+    if(data_sent_thistime == 0) {
+      SIVAL(outbuf,smb_ntr_DataOffset,0);
+      SIVAL(outbuf,smb_ntr_DataDisplacement, 0);
+    } else {
+      /*
+       * The offset of the data bytes is the offset of the
+       * parameter bytes plus the number of parameters being sent this time.
+       */
+
+      SIVAL(outbuf,smb_ntr_DataOffset,((smb_buf(outbuf)+alignment_offset) -
+            smb_base(outbuf)) + params_sent_thistime + data_alignment_offset);
+      SIVAL(outbuf,smb_ntr_DataDisplacement, pd - pdata);
+    }
+
+    /* 
+     * Copy the param bytes into the packet.
+     */
+
+    if(params_sent_thistime)
+      memcpy((smb_buf(outbuf)+alignment_offset),pp,params_sent_thistime);
+
+    /*
+     * Copy in the data bytes
+     */
+
+    if(data_sent_thistime)
+      memcpy(smb_buf(outbuf)+alignment_offset+params_sent_thistime+
+             data_alignment_offset,pd,data_sent_thistime);
+    
+    DEBUG(9,("nt_rep: params_sent_thistime = %d, data_sent_thistime = %d, useable_space = %d\n",
+          params_sent_thistime, data_sent_thistime, useable_space));
+    DEBUG(9,("nt_rep: params_to_send = %d, data_to_send = %d, paramsize = %d, datasize = %d\n",
+          params_to_send, data_to_send, paramsize, datasize));
+    
+    /* Send the packet */
+    if (!send_smb(smbd_server_fd(),outbuf))
+		exit_server("send_nt_replies: send_smb failed.");
+    
+    pp += params_sent_thistime;
+    pd += data_sent_thistime;
+    
+    params_to_send -= params_sent_thistime;
+    data_to_send -= data_sent_thistime;
+
+    /*
+     * Sanity check
+     */
+
+    if(params_to_send < 0 || data_to_send < 0) {
+      DEBUG(0,("send_nt_replies failed sanity check pts = %d, dts = %d\n!!!",
+            params_to_send, data_to_send));
+      return -1;
+    }
+  } 
+
+  return 0;
+}
+
+/****************************************************************************
+ Save case statics.
+****************************************************************************/
+
+static BOOL saved_case_sensitive;
+static BOOL saved_case_preserve;
+static BOOL saved_short_case_preserve;
+
+/****************************************************************************
+ Save case semantics.
+****************************************************************************/
+
+static void set_posix_case_semantics(uint32 file_attributes)
+{
+	if(!(file_attributes & FILE_FLAG_POSIX_SEMANTICS))
+		return;
+
+	saved_case_sensitive = case_sensitive;
+	saved_case_preserve = case_preserve;
+	saved_short_case_preserve = short_case_preserve;
+
+	/* Set to POSIX. */
+	case_sensitive = True;
+	case_preserve = True;
+	short_case_preserve = True;
+}
+
+/****************************************************************************
+ Restore case semantics.
+****************************************************************************/
+
+static void restore_case_semantics(uint32 file_attributes)
+{
+	if(!(file_attributes & FILE_FLAG_POSIX_SEMANTICS))
+		return;
+
+	case_sensitive = saved_case_sensitive;
+	case_preserve = saved_case_preserve;
+	short_case_preserve = saved_short_case_preserve;
+}
+
+/****************************************************************************
+ Utility function to map create disposition.
+****************************************************************************/
+
+static int map_create_disposition( uint32 create_disposition)
+{
+	int ret;
+
+	switch( create_disposition ) {
+		case FILE_CREATE:
+			/* create if not exist, fail if exist */
+			ret = (FILE_CREATE_IF_NOT_EXIST|FILE_EXISTS_FAIL);
+			break;
+		case FILE_SUPERSEDE:
+		case FILE_OVERWRITE_IF:
+			/* create if not exist, trunc if exist */
+			ret = (FILE_CREATE_IF_NOT_EXIST|FILE_EXISTS_TRUNCATE);
+			break;
+		case FILE_OPEN:
+			/* fail if not exist, open if exists */
+			ret = (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN);
+			break;
+		case FILE_OPEN_IF:
+			/* create if not exist, open if exists */
+			ret = (FILE_CREATE_IF_NOT_EXIST|FILE_EXISTS_OPEN);
+			break;
+		case FILE_OVERWRITE:
+			/* fail if not exist, truncate if exists */
+			ret = (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_TRUNCATE);
+			break;
+		default:
+			DEBUG(0,("map_create_disposition: Incorrect value for create_disposition = %d\n",
+				create_disposition ));
+			return -1;
+	}
+
+	DEBUG(10,("map_create_disposition: Mapped create_disposition 0x%lx to 0x%x\n",
+			(unsigned long)create_disposition, ret ));
+
+	return ret;
+}
+
+/****************************************************************************
+ Utility function to map share modes.
+****************************************************************************/
+
+static int map_share_mode( char *fname, uint32 create_options,
+			uint32 *desired_access, uint32 share_access, uint32 file_attributes)
+{
+	int smb_open_mode = -1;
+
+	/*
+	 * Convert GENERIC bits to specific bits.
+	 */
+
+	se_map_generic(desired_access, &file_generic_mapping);
+
+	switch( *desired_access & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA) ) {
+		case FILE_READ_DATA:
+			smb_open_mode = DOS_OPEN_RDONLY;
+			break;
+		case FILE_WRITE_DATA:
+		case FILE_APPEND_DATA:
+		case FILE_WRITE_DATA|FILE_APPEND_DATA:
+			smb_open_mode = DOS_OPEN_WRONLY;
+			break;
+		case FILE_READ_DATA|FILE_WRITE_DATA:
+		case FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA:
+		case FILE_READ_DATA|FILE_APPEND_DATA:
+			smb_open_mode = DOS_OPEN_RDWR;
+			break;
+	}
+
+	/*
+	 * NB. For DELETE_ACCESS we should really check the
+	 * directory permissions, as that is what controls
+	 * delete, and for WRITE_DAC_ACCESS we should really
+	 * check the ownership, as that is what controls the
+	 * chmod. Note that this is *NOT* a security hole (this
+	 * note is for you, Andrew) as we are not *allowing*
+	 * the access at this point, the actual unlink or
+	 * chown or chmod call would do this. We are just helping
+	 * clients out by telling them if they have a hope
+	 * of any of this succeeding. POSIX acls may still
+	 * deny the real call. JRA.
+	 */
+
+	if (smb_open_mode == -1) {
+
+		if(*desired_access & (DELETE_ACCESS|WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS|
+					FILE_EXECUTE|FILE_READ_ATTRIBUTES|
+					FILE_READ_EA|FILE_WRITE_EA|SYSTEM_SECURITY_ACCESS|
+					FILE_WRITE_ATTRIBUTES|READ_CONTROL_ACCESS)) {
+			smb_open_mode = DOS_OPEN_RDONLY;
+		} else if(*desired_access == 0) {
+
+			/* 
+			 * JRA - NT seems to sometimes send desired_access as zero. play it safe
+			 * and map to a stat open.
+			 */
+
+			smb_open_mode = DOS_OPEN_RDONLY;
+
+		} else {
+			DEBUG(0,("map_share_mode: Incorrect value 0x%lx for desired_access to file %s\n",
+				(unsigned long)*desired_access, fname));
+			return -1;
+		}
+	}
+
+	/*
+	 * Set the special bit that means allow share delete.
+	 * This is held outside the normal share mode bits at 1<<15.
+	 * JRA.
+	 */
+
+	if(share_access & FILE_SHARE_DELETE) {
+		smb_open_mode |= ALLOW_SHARE_DELETE;
+		DEBUG(10,("map_share_mode: FILE_SHARE_DELETE requested. open_mode = 0x%x\n", smb_open_mode));
+	}
+
+	/*
+	 * We need to store the intent to open for Delete. This
+	 * is what determines if a delete on close flag can be set.
+	 * This is the wrong way (and place) to store this, but for 2.2 this
+	 * is the only practical way. JRA.
+	 */
+
+	if(*desired_access & DELETE_ACCESS) {
+		DEBUG(10,("map_share_mode: DELETE_ACCESS requested. open_mode = 0x%x\n", smb_open_mode));
+	}
+
+	if (create_options & FILE_DELETE_ON_CLOSE) {
+		/* Implicit delete access is *NOT* requested... */
+		smb_open_mode |= DELETE_ON_CLOSE_FLAG;
+		DEBUG(10,("map_share_mode: FILE_DELETE_ON_CLOSE requested. open_mode = 0x%x\n", smb_open_mode));
+	}
+
+	/* Add in the requested share mode. */
+	switch( share_access & (FILE_SHARE_READ|FILE_SHARE_WRITE)) {
+		case FILE_SHARE_READ:
+			smb_open_mode |= SET_DENY_MODE(DENY_WRITE);
+			break;
+		case FILE_SHARE_WRITE:
+			smb_open_mode |= SET_DENY_MODE(DENY_READ);
+			break;
+		case (FILE_SHARE_READ|FILE_SHARE_WRITE):
+			smb_open_mode |= SET_DENY_MODE(DENY_NONE);
+			break;
+		case FILE_SHARE_NONE:
+			smb_open_mode |= SET_DENY_MODE(DENY_ALL);
+			break;
+	}
+
+	/*
+	 * Handle an O_SYNC request.
+	 */
+
+	if(file_attributes & FILE_FLAG_WRITE_THROUGH)
+		smb_open_mode |= FILE_SYNC_OPENMODE;
+
+	DEBUG(10,("map_share_mode: Mapped desired access 0x%lx, share access 0x%lx, file attributes 0x%lx \
+to open_mode 0x%x\n", (unsigned long)*desired_access, (unsigned long)share_access,
+		(unsigned long)file_attributes, smb_open_mode ));
+ 
+	return smb_open_mode;
+}
+
+/****************************************************************************
+ Reply to an NT create and X call on a pipe.
+****************************************************************************/
+static int nt_open_pipe(char *fname, connection_struct *conn,
+			char *inbuf, char *outbuf, int *ppnum)
+{
+	smb_np_struct *p = NULL;
+
+	uint16 vuid = SVAL(inbuf, smb_uid);
+	int i;
+
+	DEBUG(4,("nt_open_pipe: Opening pipe %s.\n", fname));
+    
+	/* See if it is one we want to handle. */
+
+	if (lp_disable_spoolss() && strequal(fname, "\\spoolss"))
+		return(ERROR_DOS(ERRSRV,ERRaccess));
+
+	for( i = 0; known_nt_pipes[i]; i++ )
+		if( strequal(fname,known_nt_pipes[i]))
+			break;
+    
+	if ( known_nt_pipes[i] == NULL )
+		return(ERROR_BOTH(NT_STATUS_OBJECT_NAME_NOT_FOUND,ERRDOS,ERRbadpipe));
+    
+	/* Strip \\ off the name. */
+	fname++;
+    
+	DEBUG(3,("nt_open_pipe: Known pipe %s opening.\n", fname));
+
+	p = open_rpc_pipe_p(fname, conn, vuid);
+	if (!p)
+		return(ERROR_DOS(ERRSRV,ERRnofids));
+
+	*ppnum = p->pnum;
+
+	return 0;
+}
+
+/****************************************************************************
+ Reply to an NT create and X call for pipes.
+****************************************************************************/
+
+static int do_ntcreate_pipe_open(connection_struct *conn,
+			 char *inbuf,char *outbuf,int length,int bufsize)
+{
+	pstring fname;
+	int ret;
+	int pnum = -1;
+	char *p = NULL;
+
+	srvstr_pull(inbuf, fname, smb_buf(inbuf), sizeof(fname), -1, STR_TERMINATE);
+
+	if ((ret = nt_open_pipe(fname, conn, inbuf, outbuf, &pnum)) != 0)
+		return ret;
+
+	/*
+	 * Deal with pipe return.
+	 */  
+
+	set_message(outbuf,34,0,True);
+
+	p = outbuf + smb_vwv2;
+	p++;
+	SSVAL(p,0,pnum);
+	p += 2;
+	SIVAL(p,0,FILE_WAS_OPENED);
+	p += 4;
+	p += 32;
+	SIVAL(p,0,FILE_ATTRIBUTE_NORMAL); /* File Attributes. */
+	p += 20;
+	/* File type. */
+	SSVAL(p,0,FILE_TYPE_MESSAGE_MODE_PIPE);
+	/* Device state. */
+	SSVAL(p,2, 0x5FF); /* ? */
+
+	DEBUG(5,("do_ntcreate_pipe_open: open pipe = %s\n", fname));
+
+	return chain_reply(inbuf,outbuf,length,bufsize);
+}
+
+/****************************************************************************
+ Reply to an NT create and X call.
+****************************************************************************/
+
+int reply_ntcreate_and_X(connection_struct *conn,
+			 char *inbuf,char *outbuf,int length,int bufsize)
+{  
+	int result;
+	pstring fname;
+	uint32 flags = IVAL(inbuf,smb_ntcreate_Flags);
+	uint32 desired_access = IVAL(inbuf,smb_ntcreate_DesiredAccess);
+	uint32 file_attributes = IVAL(inbuf,smb_ntcreate_FileAttributes);
+	uint32 share_access = IVAL(inbuf,smb_ntcreate_ShareAccess);
+	uint32 create_disposition = IVAL(inbuf,smb_ntcreate_CreateDisposition);
+	uint32 create_options = IVAL(inbuf,smb_ntcreate_CreateOptions);
+	uint16 root_dir_fid = (uint16)IVAL(inbuf,smb_ntcreate_RootDirectoryFid);
+	int smb_ofun;
+	int smb_open_mode;
+	int smb_attr = (file_attributes & SAMBA_ATTRIBUTES_MASK);
+	/* Breakout the oplock request bits so we can set the
+	   reply bits separately. */
+	int oplock_request = 0;
+	mode_t unixmode;
+	int fmode=0,rmode=0;
+	SMB_OFF_T file_len = 0;
+	SMB_STRUCT_STAT sbuf;
+	int smb_action = 0;
+	BOOL bad_path = False;
+	files_struct *fsp=NULL;
+	char *p = NULL;
+	time_t c_time;
+	START_PROFILE(SMBntcreateX);
+
+	/* If it's an IPC, use the pipe handler. */
+
+	if (IS_IPC(conn)) {
+		if (lp_nt_pipe_support()) {
+			END_PROFILE(SMBntcreateX);
+			return do_ntcreate_pipe_open(conn,inbuf,outbuf,length,bufsize);
+		} else {
+			END_PROFILE(SMBntcreateX);
+			return(ERROR_DOS(ERRDOS,ERRbadaccess));
+		}
+	}
+			
+
+	/* 
+	 * We need to construct the open_and_X ofun value from the
+	 * NT values, as that's what our code is structured to accept.
+	 */    
+	
+	if((smb_ofun = map_create_disposition( create_disposition )) == -1) {
+		END_PROFILE(SMBntcreateX);
+		return(ERROR_DOS(ERRDOS,ERRbadaccess));
+	}
+
+	/*
+	 * Get the file name.
+	 */
+
+	if(root_dir_fid != 0) {
+		/*
+		 * This filename is relative to a directory fid.
+		 */
+		files_struct *dir_fsp = file_fsp(inbuf,smb_ntcreate_RootDirectoryFid);
+		size_t dir_name_len;
+
+		if(!dir_fsp) {
+			END_PROFILE(SMBntcreateX);
+			return(ERROR_DOS(ERRDOS,ERRbadfid));
+		}
+
+		if(!dir_fsp->is_directory) {
+			/* 
+			 * Check to see if this is a mac fork of some kind.
+			 */
+
+			srvstr_pull(inbuf, fname, smb_buf(inbuf), sizeof(fname), -1, STR_TERMINATE);
+
+			if( strchr_m(fname, ':')) {
+				END_PROFILE(SMBntcreateX);
+				return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND);
+			}
+			END_PROFILE(SMBntcreateX);
+			return(ERROR_DOS(ERRDOS,ERRbadfid));
+		}
+
+		/*
+		 * Copy in the base directory name.
+		 */
+
+		pstrcpy( fname, dir_fsp->fsp_name );
+		dir_name_len = strlen(fname);
+
+		/*
+		 * Ensure it ends in a '\'.
+		 */
+
+		if(fname[dir_name_len-1] != '\\' && fname[dir_name_len-1] != '/') {
+			pstrcat(fname, "\\");
+			dir_name_len++;
+		}
+
+		srvstr_pull(inbuf, &fname[dir_name_len], smb_buf(inbuf), sizeof(fname)-dir_name_len, 
+			-1, STR_TERMINATE);
+	} else {
+		srvstr_pull(inbuf, fname, smb_buf(inbuf), sizeof(fname), -1, STR_TERMINATE);
+	}
+	
+	/*
+	 * Now contruct the smb_open_mode value from the filename, 
+	 * desired access and the share access.
+	 */
+	RESOLVE_DFSPATH(fname, conn, inbuf, outbuf);
+
+	if((smb_open_mode = map_share_mode(fname, create_options, &desired_access, 
+					   share_access, 
+					   file_attributes)) == -1) {
+		END_PROFILE(SMBntcreateX);
+		return ERROR_DOS(ERRDOS,ERRbadaccess);
+	}
+
+	oplock_request = (flags & REQUEST_OPLOCK) ? EXCLUSIVE_OPLOCK : 0;
+	if (oplock_request) {
+		oplock_request |= (flags & REQUEST_BATCH_OPLOCK) ? BATCH_OPLOCK : 0;
+	}
+
+	/*
+	 * Ordinary file or directory.
+	 */
+		
+	/*
+	 * Check if POSIX semantics are wanted.
+	 */
+		
+	set_posix_case_semantics(file_attributes);
+		
+	unix_convert(fname,conn,0,&bad_path,&sbuf);
+		
+	unixmode = unix_mode(conn,smb_attr | aARCH, fname);
+    
+	/* 
+	 * If it's a request for a directory open, deal with it separately.
+	 */
+
+	if(create_options & FILE_DIRECTORY_FILE) {
+		oplock_request = 0;
+		
+		fsp = open_directory(conn, fname, &sbuf, desired_access, smb_open_mode, smb_ofun, unixmode, &smb_action);
+			
+		restore_case_semantics(file_attributes);
+
+		if(!fsp) {
+			set_bad_path_error(errno, bad_path);
+			END_PROFILE(SMBntcreateX);
+			return(UNIXERROR(ERRDOS,ERRnoaccess));
+		}
+	} else {
+		/*
+		 * Ordinary file case.
+		 */
+
+		/* NB. We have a potential bug here. If we
+		 * cause an oplock break to ourselves, then we
+		 * could end up processing filename related
+		 * SMB requests whilst we await the oplock
+		 * break response. As we may have changed the
+		 * filename case semantics to be POSIX-like,
+		 * this could mean a filename request could
+		 * fail when it should succeed. This is a rare
+		 * condition, but eventually we must arrange
+		 * to restore the correct case semantics
+		 * before issuing an oplock break request to
+		 * our client. JRA.  */
+
+		fsp = open_file_shared1(conn,fname,&sbuf,
+					desired_access,
+					smb_open_mode,
+					smb_ofun,unixmode, oplock_request,
+					&rmode,&smb_action);
+
+		if (!fsp) { 
+			/* We cheat here. There are two cases we
+			 * care about. One is a directory rename,
+			 * where the NT client will attempt to
+			 * open the source directory for
+			 * DELETE access. Note that when the
+			 * NT client does this it does *not*
+			 * set the directory bit in the
+			 * request packet. This is translated
+			 * into a read/write open
+			 * request. POSIX states that any open
+			 * for write request on a directory
+			 * will generate an EISDIR error, so
+			 * we can catch this here and open a
+			 * pseudo handle that is flagged as a
+			 * directory. The second is an open
+			 * for a permissions read only, which
+			 * we handle in the open_file_stat case. JRA.
+			 */
+
+			if(errno == EISDIR) {
+
+				/*
+				 * Fail the open if it was explicitly a non-directory file.
+				 */
+
+				if (create_options & FILE_NON_DIRECTORY_FILE) {
+					restore_case_semantics(file_attributes);
+					SSVAL(outbuf, smb_flg2, 
+					      SVAL(outbuf,smb_flg2) | FLAGS2_32_BIT_ERROR_CODES);
+					END_PROFILE(SMBntcreateX);
+					return ERROR_NT(NT_STATUS_FILE_IS_A_DIRECTORY);
+				}
+	
+				oplock_request = 0;
+				fsp = open_directory(conn, fname, &sbuf, desired_access, smb_open_mode, smb_ofun, unixmode, &smb_action);
+				
+				if(!fsp) {
+					restore_case_semantics(file_attributes);
+					set_bad_path_error(errno, bad_path);
+					END_PROFILE(SMBntcreateX);
+					return(UNIXERROR(ERRDOS,ERRnoaccess));
+				}
+			} else {
+
+				restore_case_semantics(file_attributes);
+				set_bad_path_error(errno, bad_path);
+				END_PROFILE(SMBntcreateX);
+				return(UNIXERROR(ERRDOS,ERRnoaccess));
+			}
+		} 
+	}
+		
+	restore_case_semantics(file_attributes);
+		
+	file_len = sbuf.st_size;
+	fmode = dos_mode(conn,fname,&sbuf);
+	if(fmode == 0)
+		fmode = FILE_ATTRIBUTE_NORMAL;
+	if (!fsp->is_directory && (fmode & aDIR)) {
+		close_file(fsp,False);
+		END_PROFILE(SMBntcreateX);
+		return ERROR_DOS(ERRDOS,ERRnoaccess);
+	} 
+	
+	/* 
+	 * If the caller set the extended oplock request bit
+	 * and we granted one (by whatever means) - set the
+	 * correct bit for extended oplock reply.
+	 */
+	
+	if (oplock_request && lp_fake_oplocks(SNUM(conn)))
+		smb_action |= EXTENDED_OPLOCK_GRANTED;
+	
+	if(oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type))
+		smb_action |= EXTENDED_OPLOCK_GRANTED;
+
+#if 0
+	/* W2K sends back 42 words here ! If we do the same it breaks offline sync. Go figure... ? JRA. */
+	set_message(outbuf,42,0,True);
+#else
+	set_message(outbuf,34,0,True);
+#endif
+	
+	p = outbuf + smb_vwv2;
+	
+	/*
+	 * Currently as we don't support level II oplocks we just report
+	 * exclusive & batch here.
+	 */
+
+	if (smb_action & EXTENDED_OPLOCK_GRANTED) {
+		if (flags & REQUEST_BATCH_OPLOCK) {
+			SCVAL(p,0, BATCH_OPLOCK_RETURN);
+		} else {
+			SCVAL(p,0, EXCLUSIVE_OPLOCK_RETURN);
+		}
+	} else if (LEVEL_II_OPLOCK_TYPE(fsp->oplock_type)) {
+		SCVAL(p,0, LEVEL_II_OPLOCK_RETURN);
+	} else {
+		SCVAL(p,0,NO_OPLOCK_RETURN);
+	}
+	
+	p++;
+	SSVAL(p,0,fsp->fnum);
+	p += 2;
+	SIVAL(p,0,smb_action);
+	p += 4;
+	
+	/* Create time. */  
+	c_time = get_create_time(&sbuf,lp_fake_dir_create_times(SNUM(conn)));
+
+	if (lp_dos_filetime_resolution(SNUM(conn))) {
+		c_time &= ~1;
+		sbuf.st_atime &= ~1;
+		sbuf.st_mtime &= ~1;
+		sbuf.st_mtime &= ~1;
+	}
+
+	put_long_date(p,c_time);
+	p += 8;
+	put_long_date(p,sbuf.st_atime); /* access time */
+	p += 8;
+	put_long_date(p,sbuf.st_mtime); /* write time */
+	p += 8;
+	put_long_date(p,sbuf.st_mtime); /* change time */
+	p += 8;
+	SIVAL(p,0,fmode); /* File Attributes. */
+	p += 4;
+	SOFF_T(p, 0, SMB_ROUNDUP_ALLOCATION(file_len));
+	p += 8;
+	SOFF_T(p,0,file_len);
+	p += 12;
+	SCVAL(p,0,fsp->is_directory ? 1 : 0);
+	
+	DEBUG(5,("reply_ntcreate_and_X: fnum = %d, open name = %s\n", fsp->fnum, fsp->fsp_name));
+
+	result = chain_reply(inbuf,outbuf,length,bufsize);
+	END_PROFILE(SMBntcreateX);
+	return result;
+}
+
+/****************************************************************************
+ Reply to a NT_TRANSACT_CREATE call to open a pipe.
+****************************************************************************/
+
+static int do_nt_transact_create_pipe( connection_struct *conn,
+					char *inbuf, char *outbuf, int length, 
+					int bufsize, char **ppsetup, char **ppparams, 
+					char **ppdata)
+{
+	pstring fname;
+	int total_parameter_count = (int)IVAL(inbuf, smb_nt_TotalParameterCount);
+	char *params = *ppparams;
+	int ret;
+	int pnum = -1;
+	char *p = NULL;
+
+	/*
+	 * Ensure minimum number of parameters sent.
+	 */
+
+	if(total_parameter_count < 54) {
+		DEBUG(0,("do_nt_transact_create_pipe - insufficient parameters (%u)\n", (unsigned int)total_parameter_count));
+		return ERROR_DOS(ERRDOS,ERRbadaccess);
+	}
+
+	srvstr_pull(inbuf, fname, params+53, sizeof(fname), -1, STR_TERMINATE);
+
+    if ((ret = nt_open_pipe(fname, conn, inbuf, outbuf, &pnum)) != 0)
+      return ret;
+
+	/* Realloc the size of parameters and data we will return */
+	params = Realloc(*ppparams, 69);
+	if(params == NULL)
+		return ERROR_DOS(ERRDOS,ERRnomem);
+
+	*ppparams = params;
+
+	memset((char *)params,'\0',69);
+
+	p = params;
+	SCVAL(p,0,NO_OPLOCK_RETURN);
+
+	p += 2;
+	SSVAL(p,0,pnum);
+	p += 2;
+	SIVAL(p,0,FILE_WAS_OPENED);
+	p += 8;
+
+	p += 32;
+	SIVAL(p,0,FILE_ATTRIBUTE_NORMAL); /* File Attributes. */
+	p += 20;
+	/* File type. */
+	SSVAL(p,0,FILE_TYPE_MESSAGE_MODE_PIPE);
+	/* Device state. */
+	SSVAL(p,2, 0x5FF); /* ? */
+
+	DEBUG(5,("do_nt_transact_create_pipe: open name = %s\n", fname));
+
+	/* Send the required number of replies */
+	send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, params, 69, *ppdata, 0);
+
+	return -1;
+}
+
+/****************************************************************************
+ Internal fn to set security descriptors.
+****************************************************************************/
+
+static BOOL set_sd(files_struct *fsp, char *data, uint32 sd_len, uint32 security_info_sent, int *pdef_class,uint32 *pdef_code)
+{
+	prs_struct pd;
+	SEC_DESC *psd = NULL;
+	TALLOC_CTX *mem_ctx;
+	BOOL ret;
+
+	if (sd_len == 0) {
+		*pdef_class = ERRDOS;
+		*pdef_code = ERRbadaccess;
+		return False;
+	}
+
+	/*
+	 * Init the parse struct we will unmarshall from.
+	 */
+
+	if ((mem_ctx = talloc_init()) == NULL) {
+		DEBUG(0,("set_sd: talloc_init failed.\n"));
+		*pdef_class = ERRDOS;
+		*pdef_code = ERRnomem;
+		return False;
+	}
+
+	prs_init(&pd, 0, mem_ctx, UNMARSHALL);
+
+	/*
+	 * Setup the prs_struct to point at the memory we just
+	 * allocated.
+	 */
+	
+	prs_give_memory( &pd, data, sd_len, False);
+
+	/*
+	 * Finally, unmarshall from the data buffer.
+	 */
+
+	if(!sec_io_desc( "sd data", &psd, &pd, 1)) {
+		DEBUG(0,("set_sd: Error in unmarshalling security descriptor.\n"));
+		/*
+		 * Return access denied for want of a better error message..
+		 */ 
+		talloc_destroy(mem_ctx);
+		*pdef_class = ERRDOS;
+		*pdef_code = ERRnomem;
+		return False;
+	}
+
+	if (psd->off_owner_sid==0)
+		security_info_sent &= ~OWNER_SECURITY_INFORMATION;
+	if (psd->off_grp_sid==0)
+		security_info_sent &= ~GROUP_SECURITY_INFORMATION;
+	if (psd->off_sacl==0)
+		security_info_sent &= ~SACL_SECURITY_INFORMATION;
+	if (psd->off_dacl==0)
+		security_info_sent &= ~DACL_SECURITY_INFORMATION;
+	
+	ret = fsp->conn->vfs_ops.fset_nt_acl( fsp, fsp->fd, security_info_sent, psd);
+
+	if (!ret) {
+		talloc_destroy(mem_ctx);
+		*pdef_class = ERRDOS;
+		*pdef_code = ERRnoaccess;
+		return False;
+	}
+
+	talloc_destroy(mem_ctx);
+
+	*pdef_class = 0;
+	*pdef_code = 0;
+	return True;
+}
+
+/****************************************************************************
+ Reply to a NT_TRANSACT_CREATE call (needs to process SD's).
+****************************************************************************/
+
+static int call_nt_transact_create(connection_struct *conn,
+					char *inbuf, char *outbuf, int length, 
+					int bufsize, char **ppsetup, char **ppparams, 
+					char **ppdata)
+{
+  pstring fname;
+  char *params = *ppparams;
+  char *data = *ppdata;
+  int total_parameter_count = (int)IVAL(inbuf, smb_nt_TotalParameterCount);
+  /* Breakout the oplock request bits so we can set the
+     reply bits separately. */
+  int oplock_request = 0;
+  mode_t unixmode;
+  int fmode=0,rmode=0;
+  SMB_OFF_T file_len = 0;
+  SMB_STRUCT_STAT sbuf;
+  int smb_action = 0;
+  BOOL bad_path = False;
+  files_struct *fsp = NULL;
+  char *p = NULL;
+  uint32 flags;
+  uint32 desired_access;
+  uint32 file_attributes;
+  uint32 share_access;
+  uint32 create_disposition;
+  uint32 create_options;
+  uint32 sd_len;
+  uint16 root_dir_fid;
+  int smb_ofun;
+  int smb_open_mode;
+  int smb_attr;
+  int error_class;
+  uint32 error_code;
+  time_t c_time;
+
+  DEBUG(5,("call_nt_transact_create\n"));
+
+  /*
+   * If it's an IPC, use the pipe handler.
+   */
+
+  if (IS_IPC(conn)) {
+		if (lp_nt_pipe_support())
+			return do_nt_transact_create_pipe(conn, inbuf, outbuf, length, 
+					bufsize, ppsetup, ppparams, ppdata);
+		else
+			return ERROR_DOS(ERRDOS,ERRbadaccess);
+  }
+
+  /*
+   * Ensure minimum number of parameters sent.
+   */
+
+  if(total_parameter_count < 54) {
+    DEBUG(0,("call_nt_transact_create - insufficient parameters (%u)\n", (unsigned int)total_parameter_count));
+    return ERROR_DOS(ERRDOS,ERRbadaccess);
+  }
+
+  flags = IVAL(params,0);
+  desired_access = IVAL(params,8);
+  file_attributes = IVAL(params,20);
+  share_access = IVAL(params,24);
+  create_disposition = IVAL(params,28);
+  create_options = IVAL(params,32);
+  sd_len = IVAL(params,36);
+  root_dir_fid = (uint16)IVAL(params,4);
+  smb_attr = (file_attributes & SAMBA_ATTRIBUTES_MASK);
+
+  /* 
+   * We need to construct the open_and_X ofun value from the
+   * NT values, as that's what our code is structured to accept.
+   */    
+
+  if((smb_ofun = map_create_disposition( create_disposition )) == -1)
+    return ERROR_DOS(ERRDOS,ERRbadmem);
+
+  /*
+   * Get the file name.
+   */
+
+  if(root_dir_fid != 0) {
+    /*
+     * This filename is relative to a directory fid.
+     */
+
+    files_struct *dir_fsp = file_fsp(params,4);
+    size_t dir_name_len;
+
+    if(!dir_fsp)
+        return ERROR_DOS(ERRDOS,ERRbadfid);
+
+    if(!dir_fsp->is_directory) {
+      /*
+       * Check to see if this is a mac fork of some kind.
+       */
+
+      srvstr_pull(inbuf, fname, params+53, sizeof(fname), -1, STR_TERMINATE);
+
+      if( strchr_m(fname, ':')) {
+          return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND);
+      }
+
+      return ERROR_DOS(ERRDOS,ERRbadfid);
+    }
+
+    /*
+     * Copy in the base directory name.
+     */
+
+    pstrcpy( fname, dir_fsp->fsp_name );
+    dir_name_len = strlen(fname);
+
+    /*
+     * Ensure it ends in a '\'.
+     */
+
+    if((fname[dir_name_len-1] != '\\') && (fname[dir_name_len-1] != '/')) {
+      pstrcat(fname, "\\");
+      dir_name_len++;
+    }
+
+    srvstr_pull(inbuf, &fname[dir_name_len], params+53, sizeof(fname)-dir_name_len, 
+		-1, STR_TERMINATE);
+  } else {
+    srvstr_pull(inbuf, fname, params+53, sizeof(fname), -1, STR_TERMINATE);
+  }
+
+  /*
+   * Now contruct the smb_open_mode value from the desired access
+   * and the share access.
+   */
+
+  if((smb_open_mode = map_share_mode( fname, create_options, &desired_access,
+                                      share_access, file_attributes)) == -1)
+    return ERROR_DOS(ERRDOS,ERRbadaccess);
+
+  oplock_request = (flags & REQUEST_OPLOCK) ? EXCLUSIVE_OPLOCK : 0;
+  oplock_request |= (flags & REQUEST_BATCH_OPLOCK) ? BATCH_OPLOCK : 0;
+
+  /*
+   * Check if POSIX semantics are wanted.
+   */
+
+  set_posix_case_semantics(file_attributes);
+    
+  RESOLVE_DFSPATH(fname, conn, inbuf, outbuf);
+
+  unix_convert(fname,conn,0,&bad_path,&sbuf);
+    
+  unixmode = unix_mode(conn,smb_attr | aARCH, fname);
+   
+  /*
+   * If it's a request for a directory open, deal with it separately.
+   */
+
+  if(create_options & FILE_DIRECTORY_FILE) {
+
+    oplock_request = 0;
+
+    /*
+     * We will get a create directory here if the Win32
+     * app specified a security descriptor in the 
+     * CreateDirectory() call.
+     */
+
+    fsp = open_directory(conn, fname, &sbuf, desired_access, smb_open_mode, smb_ofun, unixmode, &smb_action);
+
+    if(!fsp) {
+      restore_case_semantics(file_attributes);
+      set_bad_path_error(errno, bad_path);
+      return(UNIXERROR(ERRDOS,ERRnoaccess));
+    }
+
+  } else {
+
+    /*
+     * Ordinary file case.
+     */
+
+    fsp = open_file_shared1(conn,fname,&sbuf,desired_access,
+			    smb_open_mode,smb_ofun,unixmode,
+                     oplock_request,&rmode,&smb_action);
+
+    if (!fsp) { 
+
+		if(errno == EISDIR) {
+
+			/*
+			 * Fail the open if it was explicitly a non-directory file.
+			 */
+
+			if (create_options & FILE_NON_DIRECTORY_FILE) {
+				restore_case_semantics(file_attributes);
+				SSVAL(outbuf, smb_flg2, 
+				      SVAL(outbuf,smb_flg2) | FLAGS2_32_BIT_ERROR_CODES);
+				return ERROR_NT(NT_STATUS_FILE_IS_A_DIRECTORY);
+			}
+	
+			oplock_request = 0;
+			fsp = open_directory(conn, fname, &sbuf, desired_access, smb_open_mode, smb_ofun, unixmode, &smb_action);
+				
+			if(!fsp) {
+				restore_case_semantics(file_attributes);
+				set_bad_path_error(errno, bad_path);
+				return(UNIXERROR(ERRDOS,ERRnoaccess));
+			}
+		} else {
+
+			restore_case_semantics(file_attributes);
+			set_bad_path_error(errno, bad_path);
+			return(UNIXERROR(ERRDOS,ERRnoaccess));
+		}
+      } 
+  
+      file_len = sbuf.st_size;
+      fmode = dos_mode(conn,fname,&sbuf);
+      if(fmode == 0)
+        fmode = FILE_ATTRIBUTE_NORMAL;
+
+      if (fmode & aDIR) {
+        close_file(fsp,False);
+        restore_case_semantics(file_attributes);
+        return ERROR_DOS(ERRDOS,ERRnoaccess);
+      } 
+
+      /* 
+       * If the caller set the extended oplock request bit
+       * and we granted one (by whatever means) - set the
+       * correct bit for extended oplock reply.
+       */
+    
+      if (oplock_request && lp_fake_oplocks(SNUM(conn)))
+        smb_action |= EXTENDED_OPLOCK_GRANTED;
+  
+      if(oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type))
+        smb_action |= EXTENDED_OPLOCK_GRANTED;
+  }
+
+  /*
+   * Now try and apply the desired SD.
+   */
+
+  if (!set_sd( fsp, data, sd_len, ALL_SECURITY_INFORMATION, &error_class, &error_code)) {
+    close_file(fsp,False);
+    restore_case_semantics(file_attributes);
+    return ERROR_DOS(error_class, error_code);
+  }
+
+  restore_case_semantics(file_attributes);
+
+  /* Realloc the size of parameters and data we will return */
+  params = Realloc(*ppparams, 69);
+  if(params == NULL)
+    return ERROR_DOS(ERRDOS,ERRnomem);
+
+  *ppparams = params;
+
+  memset((char *)params,'\0',69);
+
+  p = params;
+  if (smb_action & EXTENDED_OPLOCK_GRANTED)	
+  	SCVAL(p,0, BATCH_OPLOCK_RETURN);
+  else if (LEVEL_II_OPLOCK_TYPE(fsp->oplock_type))
+    SCVAL(p,0, LEVEL_II_OPLOCK_RETURN);
+  else
+	SCVAL(p,0,NO_OPLOCK_RETURN);
+	
+  p += 2;
+  SSVAL(p,0,fsp->fnum);
+  p += 2;
+  SIVAL(p,0,smb_action);
+  p += 8;
+
+  /* Create time. */
+  c_time = get_create_time(&sbuf,lp_fake_dir_create_times(SNUM(conn)));
+
+  if (lp_dos_filetime_resolution(SNUM(conn))) {
+    c_time &= ~1;
+    sbuf.st_atime &= ~1;
+    sbuf.st_mtime &= ~1;
+    sbuf.st_mtime &= ~1;
+  }
+
+  put_long_date(p,c_time);
+  p += 8;
+  put_long_date(p,sbuf.st_atime); /* access time */
+  p += 8;
+  put_long_date(p,sbuf.st_mtime); /* write time */
+  p += 8;
+  put_long_date(p,sbuf.st_mtime); /* change time */
+  p += 8;
+  SIVAL(p,0,fmode); /* File Attributes. */
+  p += 4;
+  SOFF_T(p, 0, SMB_ROUNDUP_ALLOCATION(file_len));
+  p += 8;
+  SOFF_T(p,0,file_len);
+
+  DEBUG(5,("call_nt_transact_create: open name = %s\n", fname));
+
+  /* Send the required number of replies */
+  send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, params, 69, *ppdata, 0);
+
+  return -1;
+}
+
+/****************************************************************************
+ Reply to a NT CANCEL request.
+****************************************************************************/
+int reply_ntcancel(connection_struct *conn,
+		   char *inbuf,char *outbuf,int length,int bufsize)
+{
+	/*
+	 * Go through and cancel any pending change notifies.
+	 */
+	
+	int mid = SVAL(inbuf,smb_mid);
+	START_PROFILE(SMBntcancel);
+	remove_pending_change_notify_requests_by_mid(mid);
+	remove_pending_lock_requests_by_mid(mid);
+	
+	DEBUG(3,("reply_ntcancel: cancel called on mid = %d.\n", mid));
+
+	END_PROFILE(SMBntcancel);
+	return(-1);
+}
+
+/****************************************************************************
+ Reply to an unsolicited SMBNTtranss - just ignore it!
+****************************************************************************/
+int reply_nttranss(connection_struct *conn,
+		   char *inbuf,char *outbuf,int length,int bufsize)
+{
+	START_PROFILE(SMBnttranss);
+	DEBUG(4,("Ignoring nttranss of length %d\n",length));
+	END_PROFILE(SMBnttranss);
+	return(-1);
+}
+
+/****************************************************************************
+ Reply to a notify change - queue the request and 
+ don't allow a directory to be opened.
+****************************************************************************/
+static int call_nt_transact_notify_change(connection_struct *conn,
+				   char *inbuf, char *outbuf, int length,
+				   int bufsize, 
+				   char **ppsetup, 
+				   char **ppparams, char **ppdata)
+{
+	char *setup = *ppsetup;
+	files_struct *fsp;
+	uint32 flags;
+
+	fsp = file_fsp(setup,4);
+	flags = IVAL(setup, 0);
+
+	DEBUG(3,("call_nt_transact_notify_change\n"));
+
+	if(!fsp)
+		return ERROR_DOS(ERRDOS,ERRbadfid);
+
+	if((!fsp->is_directory) || (conn != fsp->conn))
+		return ERROR_DOS(ERRDOS,ERRbadfid);
+
+	if (!change_notify_set(inbuf, fsp, conn, flags))
+		return(UNIXERROR(ERRDOS,ERRbadfid));
+
+	DEBUG(3,("call_nt_transact_notify_change: notify change called on directory \
+name = %s\n", fsp->fsp_name ));
+
+	return -1;
+}
+
+/****************************************************************************
+ Reply to an NT transact rename command.
+****************************************************************************/
+
+static int call_nt_transact_rename(connection_struct *conn,
+				   char *inbuf, char *outbuf, int length, 
+                                   int bufsize,
+                                   char **ppsetup, char **ppparams, char **ppdata)
+{
+	char *params = *ppparams;
+	pstring new_name;
+	files_struct *fsp = file_fsp(params, 0);
+	BOOL replace_if_exists = (SVAL(params,2) & RENAME_REPLACE_IF_EXISTS) ? True : False;
+	NTSTATUS status;
+
+	CHECK_FSP(fsp, conn);
+	srvstr_pull(inbuf, new_name, params+4, sizeof(new_name), -1, STR_TERMINATE);
+
+	status = rename_internals(conn, fsp->fsp_name,
+				  new_name, replace_if_exists);
+	if (!NT_STATUS_IS_OK(status))
+		return ERROR_NT(status);
+
+	/*
+	 * Rename was successful.
+	 */
+	send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, NULL, 0, NULL, 0);
+	
+	DEBUG(3,("nt transact rename from = %s, to = %s succeeded.\n", 
+		 fsp->fsp_name, new_name));
+	
+	/*
+	 * Win2k needs a changenotify request response before it will
+	 * update after a rename..
+	 */
+	
+	process_pending_change_notify_queue((time_t)0);
+
+	return -1;
+}
+
+/******************************************************************************
+ Fake up a completely empty SD.
+*******************************************************************************/
+
+static size_t get_null_nt_acl(TALLOC_CTX *mem_ctx, SEC_DESC **ppsd)
+{
+	extern DOM_SID global_sid_World;
+	size_t sd_size;
+
+	*ppsd = make_standard_sec_desc( mem_ctx, &global_sid_World, &global_sid_World, NULL, &sd_size);
+	if(!*ppsd) {
+		DEBUG(0,("get_null_nt_acl: Unable to malloc space for security descriptor.\n"));
+		sd_size = 0;
+	}
+
+	return sd_size;
+}
+
+/****************************************************************************
+ Reply to query a security descriptor - currently this is not implemented (it
+ is planned to be though). Right now it just returns the same thing NT would
+ when queried on a FAT filesystem. JRA.
+****************************************************************************/
+
+static int call_nt_transact_query_security_desc(connection_struct *conn,
+                                                char *inbuf, char *outbuf, 
+                                                int length, int bufsize, 
+                                                char **ppsetup, char **ppparams, char **ppdata)
+{
+  uint32 max_data_count = IVAL(inbuf,smb_nt_MaxDataCount);
+  char *params = *ppparams;
+  char *data = *ppdata;
+  prs_struct pd;
+  SEC_DESC *psd = NULL;
+  size_t sd_size;
+  TALLOC_CTX *mem_ctx;
+
+  files_struct *fsp = file_fsp(params,0);
+
+  if(!fsp)
+    return ERROR_DOS(ERRDOS,ERRbadfid);
+
+  DEBUG(3,("call_nt_transact_query_security_desc: file = %s\n", fsp->fsp_name ));
+
+  params = Realloc(*ppparams, 4);
+  if(params == NULL)
+    return ERROR_DOS(ERRDOS,ERRnomem);
+
+  *ppparams = params;
+
+  if ((mem_ctx = talloc_init()) == NULL) {
+    DEBUG(0,("call_nt_transact_query_security_desc: talloc_init failed.\n"));
+    return ERROR_DOS(ERRDOS,ERRnomem);
+  }
+
+  /*
+   * Get the permissions to return.
+   */
+
+  if (!lp_nt_acl_support(SNUM(conn)))
+    sd_size = get_null_nt_acl(mem_ctx, &psd);
+  else
+    sd_size = conn->vfs_ops.fget_nt_acl(fsp, fsp->fd, &psd);
+
+  if (sd_size == 0) {
+    talloc_destroy(mem_ctx);
+    return(UNIXERROR(ERRDOS,ERRnoaccess));
+  }
+
+  DEBUG(3,("call_nt_transact_query_security_desc: sd_size = %d.\n",(int)sd_size));
+
+  SIVAL(params,0,(uint32)sd_size);
+
+  if(max_data_count < sd_size) {
+
+    send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_BUFFER_TOO_SMALL,
+                    params, 4, *ppdata, 0);
+    talloc_destroy(mem_ctx);
+    return -1;
+  }
+
+  /*
+   * Allocate the data we will point this at.
+   */
+
+  data = Realloc(*ppdata, sd_size);
+  if(data == NULL) {
+    talloc_destroy(mem_ctx);
+    return ERROR_DOS(ERRDOS,ERRnomem);
+  }
+
+  *ppdata = data;
+
+  memset(data, '\0', sd_size);
+
+  /*
+   * Init the parse struct we will marshall into.
+   */
+
+  prs_init(&pd, 0, mem_ctx, MARSHALL);
+
+  /*
+   * Setup the prs_struct to point at the memory we just
+   * allocated.
+   */
+
+  prs_give_memory( &pd, data, (uint32)sd_size, False);
+
+  /*
+   * Finally, linearize into the outgoing buffer.
+   */
+
+  if(!sec_io_desc( "sd data", &psd, &pd, 1)) {
+    DEBUG(0,("call_nt_transact_query_security_desc: Error in marshalling \
+security descriptor.\n"));
+    /*
+     * Return access denied for want of a better error message..
+     */ 
+    talloc_destroy(mem_ctx);
+    return(UNIXERROR(ERRDOS,ERRnoaccess));
+  }
+
+  /*
+   * Now we can delete the security descriptor.
+   */
+
+  talloc_destroy(mem_ctx);
+
+  send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, params, 4, data, (int)sd_size);
+  return -1;
+}
+
+/****************************************************************************
+ Reply to set a security descriptor. Map to UNIX perms.
+****************************************************************************/
+
+static int call_nt_transact_set_security_desc(connection_struct *conn,
+									char *inbuf, char *outbuf, int length,
+									int bufsize, char **ppsetup, 
+									char **ppparams, char **ppdata)
+{
+	uint32 total_parameter_count = IVAL(inbuf, smb_nts_TotalParameterCount);
+	char *params= *ppparams;
+	char *data = *ppdata;
+	uint32 total_data_count = (uint32)IVAL(inbuf, smb_nts_TotalDataCount);
+	files_struct *fsp = NULL;
+	uint32 security_info_sent = 0;
+	int error_class;
+	uint32 error_code;
+
+	if(total_parameter_count < 8)
+		return ERROR_DOS(ERRDOS,ERRbadfunc);
+
+	if((fsp = file_fsp(params,0)) == NULL)
+		return ERROR_DOS(ERRDOS,ERRbadfid);
+
+	if(!lp_nt_acl_support(SNUM(conn)))
+		goto done;
+
+	security_info_sent = IVAL(params,4);
+
+	DEBUG(3,("call_nt_transact_set_security_desc: file = %s, sent 0x%x\n", fsp->fsp_name,
+		(unsigned int)security_info_sent ));
+
+	if (!set_sd( fsp, data, total_data_count, security_info_sent, &error_class, &error_code))
+		return ERROR_DOS(error_class, error_code);
+
+  done:
+
+	send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, NULL, 0, NULL, 0);
+	return -1;
+}
+   
+/****************************************************************************
+ Reply to IOCTL - not implemented - no plans.
+****************************************************************************/
+static int call_nt_transact_ioctl(connection_struct *conn,
+				  char *inbuf, char *outbuf, int length,
+                                  int bufsize, 
+                                  char **ppsetup, char **ppparams, char **ppdata)
+{
+  static BOOL logged_message = False;
+
+  if(!logged_message) {
+    DEBUG(0,("call_nt_transact_ioctl: Currently not implemented.\n"));
+    logged_message = True; /* Only print this once... */
+  }
+  return ERROR_DOS(ERRSRV,ERRnosupport);
+}
+   
+/****************************************************************************
+ Reply to a SMBNTtrans.
+****************************************************************************/
+int reply_nttrans(connection_struct *conn,
+		  char *inbuf,char *outbuf,int length,int bufsize)
+{
+  int  outsize = 0;
+#if 0 /* Not used. */
+  uint16 max_setup_count = CVAL(inbuf, smb_nt_MaxSetupCount);
+  uint32 max_parameter_count = IVAL(inbuf, smb_nt_MaxParameterCount);
+  uint32 max_data_count = IVAL(inbuf,smb_nt_MaxDataCount);
+#endif /* Not used. */
+  uint32 total_parameter_count = IVAL(inbuf, smb_nt_TotalParameterCount);
+  uint32 total_data_count = IVAL(inbuf, smb_nt_TotalDataCount);
+  uint32 parameter_count = IVAL(inbuf,smb_nt_ParameterCount);
+  uint32 parameter_offset = IVAL(inbuf,smb_nt_ParameterOffset);
+  uint32 data_count = IVAL(inbuf,smb_nt_DataCount);
+  uint32 data_offset = IVAL(inbuf,smb_nt_DataOffset);
+  uint16 setup_count = 2*CVAL(inbuf,smb_nt_SetupCount); /* setup count is in *words* */
+  uint16 function_code = SVAL( inbuf, smb_nt_Function);
+  char *params = NULL, *data = NULL, *setup = NULL;
+  uint32 num_params_sofar, num_data_sofar;
+  START_PROFILE(SMBnttrans);
+
+  if(global_oplock_break && (function_code == NT_TRANSACT_CREATE)) {
+    /*
+     * Queue this open message as we are the process of an oplock break.
+     */
+
+    DEBUG(2,("reply_nttrans: queueing message NT_TRANSACT_CREATE \
+due to being in oplock break state.\n" ));
+
+    push_oplock_pending_smb_message( inbuf, length);
+    END_PROFILE(SMBnttrans);
+    return -1;
+  }
+
+  if (IS_IPC(conn) && (function_code != NT_TRANSACT_CREATE)) {
+    END_PROFILE(SMBnttrans);
+    return ERROR_DOS(ERRSRV,ERRaccess);
+  }
+
+  outsize = set_message(outbuf,0,0,True);
+
+  /* 
+   * All nttrans messages we handle have smb_wct == 19 + setup_count.
+   * Ensure this is so as a sanity check.
+   */
+
+  if(CVAL(inbuf, smb_wct) != 19 + (setup_count/2)) {
+    DEBUG(2,("Invalid smb_wct %d in nttrans call (should be %d)\n",
+          CVAL(inbuf, smb_wct), 19 + (setup_count/2)));
+    END_PROFILE(SMBnttrans);
+    return ERROR_DOS(ERRSRV,ERRerror);
+  }
+    
+  /* Allocate the space for the setup, the maximum needed parameters and data */
+
+  if(setup_count > 0)
+    setup = (char *)malloc(setup_count);
+  if (total_parameter_count > 0)
+    params = (char *)malloc(total_parameter_count);
+  if (total_data_count > 0)
+    data = (char *)malloc(total_data_count);
+ 
+  if ((total_parameter_count && !params)  || (total_data_count && !data) ||
+      (setup_count && !setup)) {
+	SAFE_FREE(setup);
+	SAFE_FREE(params);
+	SAFE_FREE(data);
+    DEBUG(0,("reply_nttrans : Out of memory\n"));
+    END_PROFILE(SMBnttrans);
+    return ERROR_DOS(ERRDOS,ERRnomem);
+  }
+
+  /* Copy the param and data bytes sent with this request into
+     the params buffer */
+  num_params_sofar = parameter_count;
+  num_data_sofar = data_count;
+
+  if (parameter_count > total_parameter_count || data_count > total_data_count)
+    exit_server("reply_nttrans: invalid sizes in packet.");
+
+  if(setup) {
+    memcpy( setup, &inbuf[smb_nt_SetupStart], setup_count);
+    DEBUG(10,("reply_nttrans: setup_count = %d\n", setup_count));
+    dump_data(10, setup, setup_count);
+  }
+  if(params) {
+    memcpy( params, smb_base(inbuf) + parameter_offset, parameter_count);
+    DEBUG(10,("reply_nttrans: parameter_count = %d\n", parameter_count));
+    dump_data(10, params, parameter_count);
+  }
+  if(data) {
+    memcpy( data, smb_base(inbuf) + data_offset, data_count);
+    DEBUG(10,("reply_nttrans: data_count = %d\n",data_count));
+    dump_data(10, data, data_count);
+  }
+
+  if(num_data_sofar < total_data_count || num_params_sofar < total_parameter_count) {
+    /* We need to send an interim response then receive the rest
+       of the parameter/data bytes */
+    outsize = set_message(outbuf,0,0,True);
+    if (!send_smb(smbd_server_fd(),outbuf))
+      exit_server("reply_nttrans: send_smb failed.");
+
+    while( num_data_sofar < total_data_count || num_params_sofar < total_parameter_count) {
+      BOOL ret;
+
+      ret = receive_next_smb(inbuf,bufsize,SMB_SECONDARY_WAIT);
+
+      if((ret && (CVAL(inbuf, smb_com) != SMBnttranss)) || !ret) {
+        outsize = set_message(outbuf,0,0,True);
+        if(ret) {
+		DEBUG(0,("reply_nttrans: Invalid secondary nttrans packet\n"));
+        } else {
+		DEBUG(0,("reply_nttrans: %s in getting secondary nttrans response.\n",
+			 (smb_read_error == READ_ERROR) ? "error" : "timeout" ));
+	}
+        SAFE_FREE(params);
+        SAFE_FREE(data);
+        SAFE_FREE(setup);
+	END_PROFILE(SMBnttrans);
+        return ERROR_DOS(ERRSRV,ERRerror);
+      }
+      
+      /* Revise total_params and total_data in case they have changed downwards */
+      total_parameter_count = IVAL(inbuf, smb_nts_TotalParameterCount);
+      total_data_count = IVAL(inbuf, smb_nts_TotalDataCount);
+      num_params_sofar += (parameter_count = IVAL(inbuf,smb_nts_ParameterCount));
+      num_data_sofar += ( data_count = IVAL(inbuf, smb_nts_DataCount));
+      if (num_params_sofar > total_parameter_count || num_data_sofar > total_data_count)
+        exit_server("reply_nttrans2: data overflow in secondary nttrans packet");
+
+      memcpy( &params[ IVAL(inbuf, smb_nts_ParameterDisplacement)], 
+              smb_base(inbuf) + IVAL(inbuf, smb_nts_ParameterOffset), parameter_count);
+      memcpy( &data[IVAL(inbuf, smb_nts_DataDisplacement)],
+              smb_base(inbuf)+ IVAL(inbuf, smb_nts_DataOffset), data_count);
+    }
+  }
+
+  if (Protocol >= PROTOCOL_NT1)
+    SSVAL(outbuf,smb_flg2,SVAL(outbuf,smb_flg2) | FLAGS2_IS_LONG_NAME);
+
+  /* Now we must call the relevant NT_TRANS function */
+  switch(function_code) {
+    case NT_TRANSACT_CREATE:
+      START_PROFILE_NESTED(NT_transact_create);
+      outsize = call_nt_transact_create(conn, inbuf, outbuf, length, bufsize, 
+                                        &setup, &params, &data);
+      END_PROFILE_NESTED(NT_transact_create);
+      break;
+    case NT_TRANSACT_IOCTL:
+      START_PROFILE_NESTED(NT_transact_ioctl);
+      outsize = call_nt_transact_ioctl(conn, 
+				       inbuf, outbuf, length, bufsize, 
+                                       &setup, &params, &data);
+      END_PROFILE_NESTED(NT_transact_ioctl);
+      break;
+    case NT_TRANSACT_SET_SECURITY_DESC:
+      START_PROFILE_NESTED(NT_transact_set_security_desc);
+      outsize = call_nt_transact_set_security_desc(conn, inbuf, outbuf, 
+						   length, bufsize, 
+                                                   &setup, &params, &data);
+      END_PROFILE_NESTED(NT_transact_set_security_desc);
+      break;
+    case NT_TRANSACT_NOTIFY_CHANGE:
+      START_PROFILE_NESTED(NT_transact_notify_change);
+      outsize = call_nt_transact_notify_change(conn, inbuf, outbuf, 
+					       length, bufsize, 
+                                               &setup, &params, &data);
+      END_PROFILE_NESTED(NT_transact_notify_change);
+      break;
+    case NT_TRANSACT_RENAME:
+      START_PROFILE_NESTED(NT_transact_rename);
+      outsize = call_nt_transact_rename(conn, inbuf, outbuf, length, 
+					bufsize, 
+                                        &setup, &params, &data);
+      END_PROFILE_NESTED(NT_transact_rename);
+      break;
+
+    case NT_TRANSACT_QUERY_SECURITY_DESC:
+      START_PROFILE_NESTED(NT_transact_query_security_desc);
+      outsize = call_nt_transact_query_security_desc(conn, inbuf, outbuf, 
+						     length, bufsize, 
+                                                     &setup, &params, &data);
+      END_PROFILE_NESTED(NT_transact_query_security_desc);
+      break;
+  default:
+	  /* Error in request */
+	  DEBUG(0,("reply_nttrans: Unknown request %d in nttrans call\n", function_code));
+	  SAFE_FREE(setup);
+	  SAFE_FREE(params);
+	  SAFE_FREE(data);
+	  END_PROFILE(SMBnttrans);
+	  return ERROR_DOS(ERRSRV,ERRerror);
+  }
+
+  /* As we do not know how many data packets will need to be
+     returned here the various call_nt_transact_xxxx calls
+     must send their own. Thus a call_nt_transact_xxxx routine only
+     returns a value other than -1 when it wants to send
+     an error packet. 
+  */
+
+  SAFE_FREE(setup);
+  SAFE_FREE(params);
+  SAFE_FREE(data);
+  END_PROFILE(SMBnttrans);
+  return outsize; /* If a correct response was needed the call_nt_transact_xxxx 
+		     calls have already sent it. If outsize != -1 then it is
+		     returning an error packet. */
+}
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
new file mode 100644
index 0000000000..29a854a397
--- /dev/null
+++ b/source3/smbd/open.c
@@ -0,0 +1,1328 @@
+/* 
+   Unix SMB/CIFS implementation.
+   file opening and share modes
+   Copyright (C) Andrew Tridgell 1992-1998
+   Copyright (C) Jeremy Allison 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+extern userdom_struct current_user_info;
+extern uint16 global_oplock_port;
+extern BOOL global_client_failed_oplock_break;
+
+/****************************************************************************
+ fd support routines - attempt to do a dos_open.
+****************************************************************************/
+
+static int fd_open(struct connection_struct *conn, char *fname, 
+		   int flags, mode_t mode)
+{
+	int fd;
+#ifdef O_NOFOLLOW
+	if (!lp_symlinks(SNUM(conn)))
+		flags |= O_NOFOLLOW;
+#endif
+
+	fd = conn->vfs_ops.open(conn,fname,flags,mode);
+
+	/* Fix for files ending in '.' */
+	if((fd == -1) && (errno == ENOENT) &&
+	   (strchr_m(fname,'.')==NULL)) {
+		pstrcat(fname,".");
+		fd = conn->vfs_ops.open(conn,fname,flags,mode);
+	}
+
+	DEBUG(10,("fd_open: name %s, flags = 0%o mode = 0%o, fd = %d. %s\n", fname,
+		flags, (int)mode, fd, (fd == -1) ? strerror(errno) : "" ));
+
+	return fd;
+}
+
+/****************************************************************************
+ Close the file associated with a fsp.
+****************************************************************************/
+
+int fd_close(struct connection_struct *conn, files_struct *fsp)
+{
+	if (fsp->fd == -1)
+		return 0; /* what we used to call a stat open. */
+	return fd_close_posix(conn, fsp);
+}
+
+
+/****************************************************************************
+ Check a filename for the pipe string.
+****************************************************************************/
+
+static void check_for_pipe(char *fname)
+{
+	/* special case of pipe opens */
+	char s[10];
+	StrnCpy(s,fname,sizeof(s)-1);
+	strlower(s);
+	if (strstr(s,"pipe/")) {
+		DEBUG(3,("Rejecting named pipe open for %s\n",fname));
+		unix_ERR_class = ERRSRV;
+		unix_ERR_code = ERRaccess;
+	}
+}
+
+/****************************************************************************
+ Open a file.
+****************************************************************************/
+
+static BOOL open_file(files_struct *fsp,connection_struct *conn,
+		      char *fname1,SMB_STRUCT_STAT *psbuf,int flags,mode_t mode, uint32 desired_access)
+{
+	extern struct current_user current_user;
+	pstring fname;
+	int accmode = (flags & O_ACCMODE);
+	int local_flags = flags;
+
+	fsp->fd = -1;
+	fsp->oplock_type = NO_OPLOCK;
+	errno = EPERM;
+
+	pstrcpy(fname,fname1);
+
+	/* Check permissions */
+
+	/*
+	 * This code was changed after seeing a client open request 
+	 * containing the open mode of (DENY_WRITE/read-only) with
+	 * the 'create if not exist' bit set. The previous code
+	 * would fail to open the file read only on a read-only share
+	 * as it was checking the flags parameter  directly against O_RDONLY,
+	 * this was failing as the flags parameter was set to O_RDONLY|O_CREAT.
+	 * JRA.
+	 */
+
+	if (!CAN_WRITE(conn)) {
+		/* It's a read-only share - fail if we wanted to write. */
+		if(accmode != O_RDONLY) {
+			DEBUG(3,("Permission denied opening %s\n",fname));
+			check_for_pipe(fname);
+			return False;
+		} else if(flags & O_CREAT) {
+			/* We don't want to write - but we must make sure that O_CREAT
+			   doesn't create the file if we have write access into the
+			   directory.
+			*/
+			flags &= ~O_CREAT;
+		}
+	}
+
+	/*
+	 * This little piece of insanity is inspired by the
+	 * fact that an NT client can open a file for O_RDONLY,
+	 * but set the create disposition to FILE_EXISTS_TRUNCATE.
+	 * If the client *can* write to the file, then it expects to
+	 * truncate the file, even though it is opening for readonly.
+	 * Quicken uses this stupid trick in backup file creation...
+	 * Thanks *greatly* to "David W. Chapman Jr." <dwcjr@inethouston.net>
+	 * for helping track this one down. It didn't bite us in 2.0.x
+	 * as we always opened files read-write in that release. JRA.
+	 */
+
+	if ((accmode == O_RDONLY) && ((flags & O_TRUNC) == O_TRUNC))
+		local_flags = (flags & ~O_ACCMODE)|O_RDWR;
+
+	/*
+	 * We can't actually truncate here as the file may be locked.
+	 * open_file_shared will take care of the truncate later. JRA.
+	 */
+
+	local_flags &= ~O_TRUNC;
+
+	if ((desired_access & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) ||
+			(local_flags & O_CREAT)) {
+
+		/* actually do the open */
+		fsp->fd = fd_open(conn, fname, local_flags, mode);
+
+		if (fsp->fd == -1)  {
+			DEBUG(3,("Error opening file %s (%s) (local_flags=%d) (flags=%d)\n",
+				 fname,strerror(errno),local_flags,flags));
+			check_for_pipe(fname);
+			return False;
+		}
+	} else
+		fsp->fd = -1; /* What we used to call a stat open. */
+
+	if (!VALID_STAT(*psbuf)) {
+		int ret;
+
+		if (fsp->fd == -1)
+			ret = vfs_stat(conn, fname, psbuf);
+		else
+			ret = vfs_fstat(fsp,fsp->fd,psbuf);
+
+		if (ret == -1) {
+			DEBUG(0,("Error doing fstat on open file %s (%s)\n", fname,strerror(errno) ));
+			fd_close(conn, fsp);
+			return False;
+		}
+	}
+
+	/*
+	 * POSIX allows read-only opens of directories. We don't
+	 * want to do this (we use a different code path for this)
+	 * so catch a directory open and return an EISDIR. JRA.
+	 */
+
+	if(S_ISDIR(psbuf->st_mode)) {
+		fd_close(conn, fsp);
+		errno = EISDIR;
+		return False;
+	}
+
+	fsp->mode = psbuf->st_mode;
+	fsp->inode = psbuf->st_ino;
+	fsp->dev = psbuf->st_dev;
+	fsp->vuid = current_user.vuid;
+	fsp->size = psbuf->st_size;
+	fsp->pos = -1;
+	fsp->can_lock = True;
+	fsp->can_read = ((flags & O_WRONLY)==0);
+	fsp->can_write = ((flags & (O_WRONLY|O_RDWR))!=0);
+	fsp->share_mode = 0;
+	fsp->desired_access = desired_access;
+	fsp->print_file = False;
+	fsp->modified = False;
+	fsp->oplock_type = NO_OPLOCK;
+	fsp->sent_oplock_break = NO_BREAK_SENT;
+	fsp->is_directory = False;
+	fsp->directory_delete_on_close = False;
+	fsp->conn = conn;
+	string_set(&fsp->fsp_name,fname);
+	fsp->wcp = NULL; /* Write cache pointer. */
+
+	DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n",
+		 *current_user_info.smb_name ? current_user_info.smb_name : conn->user,fsp->fsp_name,
+		 BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write),
+		 conn->num_files_open + 1));
+
+	return True;
+}
+
+/****************************************************************************
+  C. Hoch 11/22/95
+  Helper for open_file_shared. 
+  Truncate a file after checking locking; close file if locked.
+  **************************************************************************/
+
+static int truncate_unless_locked(struct connection_struct *conn, files_struct *fsp)
+{
+	SMB_BIG_UINT mask = (SMB_BIG_UINT)-1;
+
+	if (is_locked(fsp,fsp->conn,mask,0,WRITE_LOCK,True)){
+		errno = EACCES;
+		unix_ERR_class = ERRDOS;
+		unix_ERR_code = ERRlock;
+		return -1;
+	} else {
+		return conn->vfs_ops.ftruncate(fsp,fsp->fd,0); 
+	}
+}
+
+/*******************************************************************
+return True if the filename is one of the special executable types
+********************************************************************/
+static BOOL is_executable(const char *fname)
+{
+	if ((fname = strrchr_m(fname,'.'))) {
+		if (strequal(fname,".com") ||
+		    strequal(fname,".dll") ||
+		    strequal(fname,".exe") ||
+		    strequal(fname,".sym")) {
+			return True;
+		}
+	}
+	return False;
+}
+
+enum {AFAIL,AREAD,AWRITE,AALL};
+
+/*******************************************************************
+reproduce the share mode access table
+this is horrendoously complex, and really can't be justified on any
+rational grounds except that this is _exactly_ what NT does. See
+the DENY1 and DENY2 tests in smbtorture for a comprehensive set of
+test routines.
+********************************************************************/
+static int access_table(int new_deny,int old_deny,int old_mode,
+			BOOL same_pid, BOOL isexe)
+{
+	  if (new_deny == DENY_ALL || old_deny == DENY_ALL) return(AFAIL);
+
+	  if (same_pid) {
+		  if (isexe && old_mode == DOS_OPEN_RDONLY && 
+		      old_deny == DENY_DOS && new_deny == DENY_READ) {
+			  return AFAIL;
+		  }
+		  if (!isexe && old_mode == DOS_OPEN_RDONLY && 
+		      old_deny == DENY_DOS && new_deny == DENY_DOS) {
+			  return AREAD;
+		  }
+		  if (new_deny == DENY_FCB && old_deny == DENY_DOS) {
+			  if (isexe) return AFAIL;
+			  if (old_mode == DOS_OPEN_RDONLY) return AFAIL;
+			  return AALL;
+		  }
+		  if (old_mode == DOS_OPEN_RDONLY && old_deny == DENY_DOS) {
+			  if (new_deny == DENY_FCB || new_deny == DENY_READ) {
+				  if (isexe) return AREAD;
+				  return AFAIL;
+			  }
+		  }
+		  if (old_deny == DENY_FCB) {
+			  if (new_deny == DENY_DOS || new_deny == DENY_FCB) return AALL;
+			  return AFAIL;
+		  }
+	  }
+
+	  if (old_deny == DENY_DOS || new_deny == DENY_DOS || 
+	      old_deny == DENY_FCB || new_deny == DENY_FCB) {
+		  if (isexe) {
+			  if (old_deny == DENY_FCB || new_deny == DENY_FCB) {
+				  return AFAIL;
+			  }
+			  if (old_deny == DENY_DOS) {
+				  if (new_deny == DENY_READ && 
+				      (old_mode == DOS_OPEN_RDONLY || 
+				       old_mode == DOS_OPEN_RDWR)) {
+					  return AFAIL;
+				  }
+				  if (new_deny == DENY_WRITE && 
+				      (old_mode == DOS_OPEN_WRONLY || 
+				       old_mode == DOS_OPEN_RDWR)) {
+					  return AFAIL;
+				  }
+				  return AALL;
+			  }
+			  if (old_deny == DENY_NONE) return AALL;
+			  if (old_deny == DENY_READ) return AWRITE;
+			  if (old_deny == DENY_WRITE) return AREAD;
+		  }
+		  /* it isn't a exe, dll, sym or com file */
+		  if (old_deny == new_deny && same_pid)
+			  return(AALL);    
+
+		  if (old_deny == DENY_READ || new_deny == DENY_READ) return AFAIL;
+		  if (old_mode == DOS_OPEN_RDONLY) return(AREAD);
+		  
+		  return(AFAIL);
+	  }
+	  
+	  switch (new_deny) 
+		  {
+		  case DENY_WRITE:
+			  if (old_deny==DENY_WRITE && old_mode==DOS_OPEN_RDONLY) return(AREAD);
+			  if (old_deny==DENY_READ && old_mode==DOS_OPEN_RDONLY) return(AWRITE);
+			  if (old_deny==DENY_NONE && old_mode==DOS_OPEN_RDONLY) return(AALL);
+			  return(AFAIL);
+		  case DENY_READ:
+			  if (old_deny==DENY_WRITE && old_mode==DOS_OPEN_WRONLY) return(AREAD);
+			  if (old_deny==DENY_READ && old_mode==DOS_OPEN_WRONLY) return(AWRITE);
+			  if (old_deny==DENY_NONE && old_mode==DOS_OPEN_WRONLY) return(AALL);
+			  return(AFAIL);
+		  case DENY_NONE:
+			  if (old_deny==DENY_WRITE) return(AREAD);
+			  if (old_deny==DENY_READ) return(AWRITE);
+			  if (old_deny==DENY_NONE) return(AALL);
+			  return(AFAIL);      
+		  }
+	  return(AFAIL);      
+}
+
+
+/****************************************************************************
+check if we can open a file with a share mode
+****************************************************************************/
+
+static BOOL check_share_mode(connection_struct *conn, share_mode_entry *share, int share_mode, uint32 desired_access,
+			     const char *fname, BOOL fcbopen, int *flags)
+{
+	int deny_mode = GET_DENY_MODE(share_mode);
+	int old_open_mode = GET_OPEN_MODE(share->share_mode);
+	int old_deny_mode = GET_DENY_MODE(share->share_mode);
+
+	/*
+	 * share modes = false means don't bother to check for
+	 * DENY mode conflict. This is a *really* bad idea :-). JRA.
+	 */
+
+	if(!lp_share_modes(SNUM(conn)))
+		return True;
+
+	/*
+	 * Don't allow any opens once the delete on close flag has been
+	 * set.
+	 */
+
+	if (GET_DELETE_ON_CLOSE_FLAG(share->share_mode)) {
+		DEBUG(5,("check_share_mode: Failing open on file %s as delete on close flag is set.\n",
+			fname ));
+		unix_ERR_class = ERRDOS;
+		unix_ERR_code = ERRnoaccess;
+		return False;
+	}
+
+	/* this is a nasty hack, but necessary until we rewrite our open
+	   handling to use a NTCreateX call as the basic call.
+	   NT may open a file with neither read nor write access, and in
+		   this case it expects the open not to conflict with any
+		   existing deny modes. This happens (for example) during a
+		   "xcopy /o" where the second file descriptor is used for
+		   ACL sets
+		   (tridge)
+	*/
+
+	/*
+	 * This is a bit wierd - the test for desired access not having the
+	 * critical bits seems seems odd. Firstly, if both opens have no
+	 * critical bits then always ignore. Then check the "allow delete"
+	 * then check for either. This probably isn't quite right yet but
+	 * gets us much closer. JRA.
+	 */
+
+	/*
+	 * If desired_access doesn't contain READ_DATA,WRITE_DATA,APPEND_DATA or EXECUTE
+	 * and the existing desired_acces then share modes don't conflict.
+	 */
+
+	if ( !(desired_access & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) &&
+		!(share->desired_access & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) ) {
+
+		/*
+		 * Wrinkle discovered by smbtorture....
+		 * If both are non-io open and requester is asking for delete and current open has delete access
+		 * but neither open has allowed file share delete then deny.... this is very strange and
+		 * seems to be the only case in which non-io opens conflict. JRA.
+		 */
+
+		if ((desired_access & DELETE_ACCESS) && (share->desired_access & DELETE_ACCESS) && 
+				(!GET_ALLOW_SHARE_DELETE(share->share_mode) || !GET_ALLOW_SHARE_DELETE(share_mode))) {
+			DEBUG(5,("check_share_mode: Failing open on file %s as delete access requests conflict.\n",
+				fname ));
+			unix_ERR_class = ERRDOS;
+			unix_ERR_code = ERRbadshare;
+
+			return False;
+		}
+
+		DEBUG(5,("check_share_mode: Allowing open on file %s as both desired access (0x%x) \
+and existing desired access (0x%x) are non-data opens\n", 
+			fname, (unsigned int)desired_access, (unsigned int)share->desired_access ));
+		return True;
+	}
+
+	/*
+	 * If delete access was requested and the existing share mode doesn't have
+	 * ALLOW_SHARE_DELETE then deny.
+	 */
+
+	if ((desired_access & DELETE_ACCESS) && !GET_ALLOW_SHARE_DELETE(share->share_mode)) {
+		DEBUG(5,("check_share_mode: Failing open on file %s as delete access requested and allow share delete not set.\n",
+			fname ));
+		unix_ERR_class = ERRDOS;
+		unix_ERR_code = ERRbadshare;
+
+		return False;
+	}
+
+	/*
+	 * The inverse of the above.
+	 * If delete access was granted and the new share mode doesn't have
+	 * ALLOW_SHARE_DELETE then deny.
+	 */
+
+	if ((share->desired_access & DELETE_ACCESS) && !GET_ALLOW_SHARE_DELETE(share_mode)) {
+		DEBUG(5,("check_share_mode: Failing open on file %s as delete access granted and allow share delete not requested.\n",
+			fname ));
+		unix_ERR_class = ERRDOS;
+		unix_ERR_code = ERRbadshare;
+
+		return False;
+	}
+
+	/*
+	 * If desired_access doesn't contain READ_DATA,WRITE_DATA,APPEND_DATA or EXECUTE
+	 * then share modes don't conflict. Likewise with existing desired access.
+	 */
+
+	if ( !(desired_access & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) ||
+		!(share->desired_access & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) ) {
+		DEBUG(5,("check_share_mode: Allowing open on file %s as desired access (0x%x) doesn't conflict with\
+existing desired access (0x%x).\n", fname, (unsigned int)desired_access, (unsigned int)share->desired_access ));
+		return True;
+	}
+
+	{
+		int access_allowed = access_table(deny_mode,old_deny_mode,old_open_mode,
+						(share->pid == sys_getpid()),is_executable(fname));
+
+		if ((access_allowed == AFAIL) ||
+			(!fcbopen && (access_allowed == AREAD && *flags == O_RDWR)) ||
+			(access_allowed == AREAD && *flags != O_RDONLY) ||
+			(access_allowed == AWRITE && *flags != O_WRONLY)) {
+
+			DEBUG(2,("Share violation on file (%d,%d,%d,%d,%s,fcbopen = %d, flags = %d) = %d\n",
+				deny_mode,old_deny_mode,old_open_mode,
+				(int)share->pid,fname, fcbopen, *flags, access_allowed));
+
+			unix_ERR_class = ERRDOS;
+			unix_ERR_code = ERRbadshare;
+
+			return False;
+		}
+
+		if (access_allowed == AREAD)
+			*flags = O_RDONLY;
+
+		if (access_allowed == AWRITE)
+			*flags = O_WRONLY;
+
+	}
+
+	return True;
+}
+
+/****************************************************************************
+ Deal with open deny mode and oplock break processing.
+ Invarient: Share mode must be locked on entry and exit.
+ Returns -1 on error, or number of share modes on success (may be zero).
+****************************************************************************/
+
+static int open_mode_check(connection_struct *conn, const char *fname, SMB_DEV_T dev,
+			   SMB_INO_T inode, 
+			   uint32 desired_access,
+			   int share_mode, int *p_flags, int *p_oplock_request,
+			   BOOL *p_all_current_opens_are_level_II)
+{
+	int i;
+	int num_share_modes;
+	int oplock_contention_count = 0;
+	share_mode_entry *old_shares = 0;
+	BOOL fcbopen = False;
+	BOOL broke_oplock;	
+	
+	if(GET_OPEN_MODE(share_mode) == DOS_OPEN_FCB)
+		fcbopen = True;
+	
+	num_share_modes = get_share_modes(conn, dev, inode, &old_shares);
+	
+	if(num_share_modes == 0)
+		return 0;
+	
+	/*
+	 * Check if the share modes will give us access.
+	 */
+	
+	do {
+		share_mode_entry broken_entry;
+		
+		broke_oplock = False;
+		*p_all_current_opens_are_level_II = True;
+		
+		for(i = 0; i < num_share_modes; i++) {
+			share_mode_entry *share_entry = &old_shares[i];
+			
+			/* 
+			 * By observation of NetBench, oplocks are broken *before* share
+			 * modes are checked. This allows a file to be closed by the client
+			 * if the share mode would deny access and the client has an oplock. 
+			 * Check if someone has an oplock on this file. If so we must break 
+			 * it before continuing. 
+			 */
+			
+			if((*p_oplock_request && EXCLUSIVE_OPLOCK_TYPE(share_entry->op_type)) ||
+			   (!*p_oplock_request && (share_entry->op_type != NO_OPLOCK))) {
+				
+				BOOL opb_ret;
+
+				DEBUG(5,("open_mode_check: oplock_request = %d, breaking oplock (%x) on file %s, \
+dev = %x, inode = %.0f\n", *p_oplock_request, share_entry->op_type, fname, (unsigned int)dev, (double)inode));
+				
+				/* Oplock break - unlock to request it. */
+				unlock_share_entry(conn, dev, inode);
+				
+				opb_ret = request_oplock_break(share_entry);
+				
+				/* Now relock. */
+				lock_share_entry(conn, dev, inode);
+				
+				if(opb_ret == False) {
+					DEBUG(0,("open_mode_check: FAILED when breaking oplock (%x) on file %s, \
+dev = %x, inode = %.0f\n", old_shares[i].op_type, fname, (unsigned int)dev, (double)inode));
+					SAFE_FREE(old_shares);
+					errno = EACCES;
+					unix_ERR_class = ERRDOS;
+					unix_ERR_code = ERRbadshare;
+					return -1;
+				}
+				
+				broke_oplock = True;
+				broken_entry = *share_entry;
+				break;
+				
+			} else if (!LEVEL_II_OPLOCK_TYPE(share_entry->op_type)) {
+				*p_all_current_opens_are_level_II = False;
+			}
+			
+			/* someone else has a share lock on it, check to see if we can too */
+			if (!check_share_mode(conn, share_entry, share_mode, desired_access,
+						fname, fcbopen, p_flags)) {
+				SAFE_FREE(old_shares);
+				errno = EACCES;
+				return -1;
+                        }
+			
+		} /* end for */
+		
+		if(broke_oplock) {
+			SAFE_FREE(old_shares);
+			num_share_modes = get_share_modes(conn, dev, inode, &old_shares);
+			oplock_contention_count++;
+			
+			/* Paranoia check that this is no longer an exlusive entry. */
+			for(i = 0; i < num_share_modes; i++) {
+				share_mode_entry *share_entry = &old_shares[i];
+				
+				if (share_modes_identical(&broken_entry, share_entry) && 
+				    EXCLUSIVE_OPLOCK_TYPE(share_entry->op_type) ) {
+					
+					/*
+					 * This should not happen. The target left this oplock
+					 * as exlusive.... The process *must* be dead.... 
+					 */
+					
+					DEBUG(0,("open_mode_check: exlusive oplock left by process %d after break ! For file %s, \
+dev = %x, inode = %.0f. Deleting it to continue...\n", (int)broken_entry.pid, fname, (unsigned int)dev, (double)inode));
+					
+					if (process_exists(broken_entry.pid)) {
+						DEBUG(0,("open_mode_check: Existent process %d left active oplock.\n",
+							 broken_entry.pid ));
+					}
+					
+					if (del_share_entry(dev, inode, &broken_entry, NULL) == -1) {
+						errno = EACCES;
+						unix_ERR_class = ERRDOS;
+						unix_ERR_code = ERRbadshare;
+						return -1;
+					}
+					
+					/*
+					 * We must reload the share modes after deleting the 
+					 * other process's entry.
+					 */
+					
+					SAFE_FREE(old_shares);
+					num_share_modes = get_share_modes(conn, dev, inode, &old_shares);
+					break;
+				}
+			} /* end for paranoia... */
+		} /* end if broke_oplock */
+		
+	} while(broke_oplock);
+	
+	if(old_shares != 0)
+		SAFE_FREE(old_shares);
+	
+	/*
+	 * Refuse to grant an oplock in case the contention limit is
+	 * reached when going through the lock list multiple times.
+	 */
+	
+	if(oplock_contention_count >= lp_oplock_contention_limit(SNUM(conn))) {
+		*p_oplock_request = 0;
+		DEBUG(4,("open_mode_check: oplock contention = %d. Not granting oplock.\n",
+			 oplock_contention_count ));
+	}
+	
+	return num_share_modes;
+}
+
+/****************************************************************************
+set a kernel flock on a file for NFS interoperability
+this requires a patch to Linux
+****************************************************************************/
+static void kernel_flock(files_struct *fsp, int deny_mode)
+{
+#if HAVE_KERNEL_SHARE_MODES
+	int kernel_mode = 0;
+	if (deny_mode == DENY_READ) kernel_mode = LOCK_MAND|LOCK_WRITE;
+	else if (deny_mode == DENY_WRITE) kernel_mode = LOCK_MAND|LOCK_READ;
+	else if (deny_mode == DENY_ALL) kernel_mode = LOCK_MAND;
+	if (kernel_mode) flock(fsp->fd, kernel_mode);
+#endif
+	;;
+}
+
+
+/****************************************************************************
+ Open a file with a share mode. On output from this open we are guarenteeing
+ that 
+****************************************************************************/
+files_struct *open_file_shared(connection_struct *conn,char *fname, SMB_STRUCT_STAT *psbuf, 
+			       int share_mode,int ofun, mode_t mode,int oplock_request, 
+			       int *Access,int *action)
+{
+	return open_file_shared1(conn, fname, psbuf, 0, share_mode, ofun, mode, 
+				 oplock_request, Access, action);
+}
+
+/****************************************************************************
+ Open a file with a share mode. On output from this open we are guarenteeing
+ that 
+****************************************************************************/
+files_struct *open_file_shared1(connection_struct *conn,char *fname, SMB_STRUCT_STAT *psbuf, 
+				uint32 desired_access, 
+				int share_mode,int ofun, mode_t mode,int oplock_request, 
+				int *Access,int *action)
+{
+	int flags=0;
+	int flags2=0;
+	int deny_mode = GET_DENY_MODE(share_mode);
+	BOOL allow_share_delete = GET_ALLOW_SHARE_DELETE(share_mode);
+	BOOL delete_on_close = GET_DELETE_ON_CLOSE_FLAG(share_mode);
+	BOOL file_existed = VALID_STAT(*psbuf);
+	BOOL fcbopen = False;
+	BOOL def_acl = False;
+	SMB_DEV_T dev = 0;
+	SMB_INO_T inode = 0;
+	int num_share_modes = 0;
+	BOOL all_current_opens_are_level_II = False;
+	BOOL fsp_open = False;
+	files_struct *fsp = NULL;
+	int open_mode=0;
+	uint16 port = 0;
+
+	if (conn->printer) {
+		/* printers are handled completely differently. Most of the passed parameters are
+			ignored */
+		if (Access)
+			*Access = DOS_OPEN_WRONLY;
+		if (action)
+			*action = FILE_WAS_CREATED;
+		return print_fsp_open(conn, fname);
+	}
+
+	fsp = file_new(conn);
+	if(!fsp)
+		return NULL;
+
+	DEBUG(10,("open_file_shared: fname = %s, share_mode = %x, ofun = %x, mode = %o, oplock request = %d\n",
+		fname, share_mode, ofun, (int)mode,  oplock_request ));
+
+	if (!check_name(fname,conn)) {
+		file_free(fsp);
+		return NULL;
+	} 
+
+	/* ignore any oplock requests if oplocks are disabled */
+	if (!lp_oplocks(SNUM(conn)) || global_client_failed_oplock_break) {
+		oplock_request = 0;
+	}
+
+	/* this is for OS/2 EAs - try and say we don't support them */
+	if (strstr(fname,".+,;=[].")) {
+		unix_ERR_class = ERRDOS;
+		/* OS/2 Workplace shell fix may be main code stream in a later release. */ 
+#if 1 /* OS2_WPS_FIX - Recent versions of OS/2 need this. */
+		unix_ERR_code = ERRcannotopen;
+#else /* OS2_WPS_FIX */
+		unix_ERR_code = ERROR_EAS_NOT_SUPPORTED;
+#endif /* OS2_WPS_FIX */
+
+		DEBUG(5,("open_file_shared: OS/2 EA's are not supported.\n"));
+		file_free(fsp);
+		return NULL;
+	}
+
+	if ((GET_FILE_OPEN_DISPOSITION(ofun) == FILE_EXISTS_FAIL) && file_existed)  {
+		DEBUG(5,("open_file_shared: create new requested for file %s and file already exists.\n",
+			fname ));
+		file_free(fsp);
+		errno = EEXIST;
+		return NULL;
+	}
+      
+	if (CAN_WRITE(conn) && (GET_FILE_CREATE_DISPOSITION(ofun) == FILE_CREATE_IF_NOT_EXIST))
+		flags2 |= O_CREAT;
+
+	if (CAN_WRITE(conn) && (GET_FILE_OPEN_DISPOSITION(ofun) == FILE_EXISTS_TRUNCATE))
+		flags2 |= O_TRUNC;
+
+	if (GET_FILE_OPEN_DISPOSITION(ofun) == FILE_EXISTS_FAIL)
+		flags2 |= O_EXCL;
+
+	/* note that we ignore the append flag as 
+		append does not mean the same thing under dos and unix */
+
+	switch (GET_OPEN_MODE(share_mode)) {
+		case DOS_OPEN_WRONLY: 
+			flags = O_WRONLY; 
+			if (desired_access == 0)
+				desired_access = FILE_WRITE_DATA;
+			break;
+		case DOS_OPEN_FCB: 
+			fcbopen = True;
+			flags = O_RDWR; 
+			if (desired_access == 0)
+				desired_access = FILE_READ_DATA|FILE_WRITE_DATA;
+			break;
+		case DOS_OPEN_RDWR: 
+			flags = O_RDWR; 
+			if (desired_access == 0)
+				desired_access = FILE_READ_DATA|FILE_WRITE_DATA;
+			break;
+		default:
+			flags = O_RDONLY;
+			if (desired_access == 0)
+				desired_access = FILE_READ_DATA;
+			break;
+	}
+
+#if defined(O_SYNC)
+	if (GET_FILE_SYNC_OPENMODE(share_mode)) {
+		flags2 |= O_SYNC;
+	}
+#endif /* O_SYNC */
+  
+	if (flags != O_RDONLY && file_existed && 
+			(!CAN_WRITE(conn) || IS_DOS_READONLY(dos_mode(conn,fname,psbuf)))) {
+		if (!fcbopen) {
+			DEBUG(5,("open_file_shared: read/write access requested for file %s on read only %s\n",
+				fname, !CAN_WRITE(conn) ? "share" : "file" ));
+			file_free(fsp);
+			errno = EACCES;
+			return NULL;
+		}
+		flags = O_RDONLY;
+	}
+
+	if (deny_mode > DENY_NONE && deny_mode!=DENY_FCB) {
+		DEBUG(2,("Invalid deny mode %d on file %s\n",deny_mode,fname));
+		file_free(fsp);
+		errno = EINVAL;
+		return NULL;
+	}
+
+	if (file_existed) {
+
+		dev = psbuf->st_dev;
+		inode = psbuf->st_ino;
+
+		lock_share_entry(conn, dev, inode);
+
+		num_share_modes = open_mode_check(conn, fname, dev, inode, 
+						  desired_access,
+						  share_mode,
+						  &flags, &oplock_request, &all_current_opens_are_level_II);
+		if(num_share_modes == -1) {
+
+			/*
+			 * This next line is a subtlety we need for MS-Access. If a file open will
+			 * fail due to share permissions and also for security (access)
+			 * reasons, we need to return the access failed error, not the
+			 * share error. This means we must attempt to open the file anyway
+			 * in order to get the UNIX access error - even if we're going to
+			 * fail the open for share reasons. This is bad, as we're burning
+			 * another fd if there are existing locks but there's nothing else
+			 * we can do. We also ensure we're not going to create or tuncate
+			 * the file as we only want an access decision at this stage. JRA.
+			 */
+			fsp_open = open_file(fsp,conn,fname,psbuf,
+						flags|(flags2&~(O_TRUNC|O_CREAT)),mode,desired_access);
+
+			DEBUG(4,("open_file_shared : share_mode deny - calling open_file with \
+flags=0x%X flags2=0x%X mode=0%o returned %d\n",
+				flags,(flags2&~(O_TRUNC|O_CREAT)),(int)mode,(int)fsp_open ));
+
+			unlock_share_entry(conn, dev, inode);
+			if (fsp_open)
+				fd_close(conn, fsp);
+			file_free(fsp);
+			return NULL;
+		}
+
+		/*
+		 * We exit this block with the share entry *locked*.....
+		 */
+	}
+
+	/*
+	 * Ensure we pay attention to default ACLs on directories if required.
+	 */
+
+        if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) &&
+			(def_acl = directory_has_default_acl(conn, parent_dirname(fname))))
+                mode = 0777;
+
+	DEBUG(4,("calling open_file with flags=0x%X flags2=0x%X mode=0%o\n",
+			flags,flags2,(int)mode));
+
+	/*
+	 * open_file strips any O_TRUNC flags itself.
+	 */
+
+	fsp_open = open_file(fsp,conn,fname,psbuf,flags|flags2,mode,desired_access);
+
+	if (!fsp_open && (flags == O_RDWR) && (errno != ENOENT) && fcbopen) {
+		if((fsp_open = open_file(fsp,conn,fname,psbuf,O_RDONLY,mode,desired_access)) == True)
+			flags = O_RDONLY;
+	}
+
+	if (!fsp_open) {
+		if(file_existed)
+			unlock_share_entry(conn, dev, inode);
+		file_free(fsp);
+		return NULL;
+	}
+
+	/*
+	 * Deal with the race condition where two smbd's detect the file doesn't
+	 * exist and do the create at the same time. One of them will win and
+	 * set a share mode, the other (ie. this one) should check if the
+	 * requested share mode for this create is allowed.
+	 */
+
+	if (!file_existed) { 
+
+		lock_share_entry_fsp(fsp);
+
+		num_share_modes = open_mode_check(conn, fname, dev, inode, 
+						  desired_access,
+						  share_mode,
+						  &flags, &oplock_request, &all_current_opens_are_level_II);
+
+		if(num_share_modes == -1) {
+			unlock_share_entry_fsp(fsp);
+			fd_close(conn,fsp);
+			file_free(fsp);
+			return NULL;
+		}
+
+		/*
+		 * If there are any share modes set then the file *did*
+		 * exist. Ensure we return the correct value for action.
+		 */
+
+		if (num_share_modes > 0)
+			file_existed = True;
+
+		/*
+		 * We exit this block with the share entry *locked*.....
+		 */
+	}
+
+	/* note that we ignore failure for the following. It is
+           basically a hack for NFS, and NFS will never set one of
+           these only read them. Nobody but Samba can ever set a deny
+           mode and we have already checked our more authoritative
+           locking database for permission to set this deny mode. If
+           the kernel refuses the operations then the kernel is wrong */
+	kernel_flock(fsp, deny_mode);
+
+	/*
+	 * At this point onwards, we can guarentee that the share entry
+	 * is locked, whether we created the file or not, and that the
+	 * deny mode is compatible with all current opens.
+	 */
+
+	/*
+	 * If requested, truncate the file.
+	 */
+
+	if (flags2&O_TRUNC) {
+		/*
+		 * We are modifing the file after open - update the stat struct..
+		 */
+		if ((truncate_unless_locked(conn,fsp) == -1) || (vfs_fstat(fsp,fsp->fd,psbuf)==-1)) {
+			unlock_share_entry_fsp(fsp);
+			fd_close(conn,fsp);
+			file_free(fsp);
+			return NULL;
+		}
+	}
+
+	switch (flags) {
+		case O_RDONLY:
+			open_mode = DOS_OPEN_RDONLY;
+			break;
+		case O_RDWR:
+			open_mode = DOS_OPEN_RDWR;
+			break;
+		case O_WRONLY:
+			open_mode = DOS_OPEN_WRONLY;
+			break;
+	}
+
+	fsp->share_mode = SET_DENY_MODE(deny_mode) | 
+						SET_OPEN_MODE(open_mode) | 
+						SET_ALLOW_SHARE_DELETE(allow_share_delete);
+
+	DEBUG(10,("open_file_shared : share_mode = %x\n", fsp->share_mode ));
+
+	if (Access)
+		(*Access) = open_mode;
+
+	if (action) {
+		if (file_existed && !(flags2 & O_TRUNC))
+			*action = FILE_WAS_OPENED;
+		if (!file_existed)
+			*action = FILE_WAS_CREATED;
+		if (file_existed && (flags2 & O_TRUNC))
+			*action = FILE_WAS_OVERWRITTEN;
+	}
+
+	/* 
+	 * Setup the oplock info in both the shared memory and
+	 * file structs.
+	 */
+
+	if(oplock_request && (num_share_modes == 0) && 
+			!IS_VETO_OPLOCK_PATH(conn,fname) && set_file_oplock(fsp, oplock_request) ) {
+		port = global_oplock_port;
+	} else if (oplock_request && all_current_opens_are_level_II) {
+		port = global_oplock_port;
+		oplock_request = LEVEL_II_OPLOCK;
+		set_file_oplock(fsp, oplock_request);
+	} else {
+		port = 0;
+		oplock_request = 0;
+	}
+
+	set_share_mode(fsp, port, oplock_request);
+
+	if (delete_on_close) {
+		NTSTATUS result = set_delete_on_close_internal(fsp, delete_on_close);
+
+		if (NT_STATUS_V(result) !=  NT_STATUS_V(NT_STATUS_OK)) {
+			/* Remember to delete the mode we just added. */
+			del_share_mode(fsp, NULL);
+			unlock_share_entry_fsp(fsp);
+			fd_close(conn,fsp);
+			file_free(fsp);
+			return NULL;
+		}
+	}
+	
+	/*
+	 * Take care of inherited ACLs on created files - if default ACL not
+	 * selected.
+	 */
+
+	if (!file_existed && !def_acl && (conn->vfs_ops.fchmod_acl != NULL)) {
+		int saved_errno = errno; /* We might get ENOSYS in the next call.. */
+		if (conn->vfs_ops.fchmod_acl(fsp, fsp->fd, mode) == -1 && errno == ENOSYS)
+			errno = saved_errno; /* Ignore ENOSYS */
+	}
+		
+	unlock_share_entry_fsp(fsp);
+
+	conn->num_files_open++;
+
+	return fsp;
+}
+
+/****************************************************************************
+ Open a file for for write to ensure that we can fchmod it.
+****************************************************************************/
+
+files_struct *open_file_fchmod(connection_struct *conn, char *fname, SMB_STRUCT_STAT *psbuf)
+{
+	files_struct *fsp = NULL;
+	BOOL fsp_open;
+
+	if (!VALID_STAT(*psbuf))
+		return NULL;
+
+	fsp = file_new(conn);
+	if(!fsp)
+		return NULL;
+
+	fsp_open = open_file(fsp,conn,fname,psbuf,O_WRONLY,0,0);
+
+	/* 
+	 * This is not a user visible file open.
+	 * Don't set a share mode and don't increment
+	 * the conn->num_files_open.
+	 */
+
+	if (!fsp_open) {
+		file_free(fsp);
+		return NULL;
+	}
+
+	return fsp;
+}
+
+/****************************************************************************
+ Close the fchmod file fd - ensure no locks are lost.
+****************************************************************************/
+
+int close_file_fchmod(files_struct *fsp)
+{
+	int ret = fd_close(fsp->conn, fsp);
+	file_free(fsp);
+	return ret;
+}
+
+/****************************************************************************
+ Open a directory from an NT SMB call.
+****************************************************************************/
+
+files_struct *open_directory(connection_struct *conn, char *fname, SMB_STRUCT_STAT *psbuf,
+			uint32 desired_access, int share_mode, int smb_ofun, mode_t unixmode, int *action)
+{
+	extern struct current_user current_user;
+	BOOL got_stat = False;
+	files_struct *fsp = file_new(conn);
+	BOOL delete_on_close = GET_DELETE_ON_CLOSE_FLAG(share_mode);
+
+	if(!fsp)
+		return NULL;
+
+	fsp->conn = conn; /* The vfs_fXXX() macros need this. */
+
+	if (VALID_STAT(*psbuf))
+		got_stat = True;
+
+	if (got_stat && (GET_FILE_OPEN_DISPOSITION(smb_ofun) == FILE_EXISTS_FAIL)) {
+		file_free(fsp);
+		errno = EEXIST; /* Setup so correct error is returned to client. */
+		return NULL;
+	}
+
+	if (GET_FILE_CREATE_DISPOSITION(smb_ofun) == FILE_CREATE_IF_NOT_EXIST) {
+
+		if (got_stat) {
+
+			if(!S_ISDIR(psbuf->st_mode)) {
+				DEBUG(0,("open_directory: %s is not a directory !\n", fname ));
+				file_free(fsp);
+				errno = EACCES;
+				return NULL;
+			}
+			*action = FILE_WAS_OPENED;
+
+		} else {
+
+			/*
+			 * Try and create the directory.
+			 */
+
+			if(!CAN_WRITE(conn)) {
+				DEBUG(2,("open_directory: failing create on read-only share\n"));
+				file_free(fsp);
+				errno = EACCES;
+				return NULL;
+			}
+
+			if(vfs_mkdir(conn,fname, unix_mode(conn,aDIR, fname)) < 0) {
+				DEBUG(2,("open_directory: unable to create %s. Error was %s\n",
+					 fname, strerror(errno) ));
+				file_free(fsp);
+				return NULL;
+			}
+
+			if(vfs_stat(conn,fname, psbuf) != 0) {
+				file_free(fsp);
+				return NULL;
+			}
+
+			*action = FILE_WAS_CREATED;
+
+		}
+	} else {
+
+		/*
+		 * Don't create - just check that it *was* a directory.
+		 */
+
+		if(!got_stat) {
+			DEBUG(0,("open_directory: unable to stat name = %s. Error was %s\n",
+				 fname, strerror(errno) ));
+			file_free(fsp);
+			return NULL;
+		}
+
+		if(!S_ISDIR(psbuf->st_mode)) {
+			DEBUG(0,("open_directory: %s is not a directory !\n", fname ));
+			file_free(fsp);
+			return NULL;
+		}
+
+		*action = FILE_WAS_OPENED;
+	}
+	
+	DEBUG(5,("open_directory: opening directory %s\n", fname));
+
+	/*
+	 * Setup the files_struct for it.
+	 */
+	
+	fsp->mode = psbuf->st_mode;
+	fsp->inode = psbuf->st_ino;
+	fsp->dev = psbuf->st_dev;
+	fsp->size = psbuf->st_size;
+	fsp->vuid = current_user.vuid;
+	fsp->pos = -1;
+	fsp->can_lock = True;
+	fsp->can_read = False;
+	fsp->can_write = False;
+	fsp->share_mode = share_mode;
+	fsp->desired_access = desired_access;
+	fsp->print_file = False;
+	fsp->modified = False;
+	fsp->oplock_type = NO_OPLOCK;
+	fsp->sent_oplock_break = NO_BREAK_SENT;
+	fsp->is_directory = True;
+	fsp->directory_delete_on_close = False;
+	fsp->conn = conn;
+	string_set(&fsp->fsp_name,fname);
+
+	if (delete_on_close) {
+		NTSTATUS result = set_delete_on_close_internal(fsp, delete_on_close);
+
+		if (NT_STATUS_V(result) !=  NT_STATUS_V(NT_STATUS_OK)) {
+			file_free(fsp);
+			return NULL;
+		}
+	}
+	conn->num_files_open++;
+
+	return fsp;
+}
+#if 0
+
+Old code - I have replaced with correct desired_access checking. JRA.
+
+/*******************************************************************
+ Check if the share mode on a file allows it to be deleted or unlinked.
+ Return True if sharing doesn't prevent the operation.
+********************************************************************/
+
+BOOL check_file_sharing(connection_struct *conn,char *fname, BOOL rename_op)
+{
+	int i;
+	int ret = False;
+	share_mode_entry *old_shares = 0;
+	int num_share_modes;
+	SMB_STRUCT_STAT sbuf;
+	pid_t pid = sys_getpid();
+	SMB_DEV_T dev;
+	SMB_INO_T inode;
+
+	if (vfs_stat(conn,fname,&sbuf) == -1)
+		return(True);
+
+	dev = sbuf.st_dev;
+	inode = sbuf.st_ino;
+
+	lock_share_entry(conn, dev, inode);
+	num_share_modes = get_share_modes(conn, dev, inode, &old_shares);
+
+	/*
+	 * Check if the share modes will give us access.
+	 */
+
+	if(num_share_modes != 0) {
+		BOOL broke_oplock;
+
+		do {
+
+			broke_oplock = False;
+			for(i = 0; i < num_share_modes; i++) {
+				share_mode_entry *share_entry = &old_shares[i];
+
+				/* 
+				 * Break oplocks before checking share modes. See comment in
+				 * open_file_shared for details. 
+				 * Check if someone has an oplock on this file. If so we must 
+				 * break it before continuing. 
+				 */
+				if(BATCH_OPLOCK_TYPE(share_entry->op_type)) {
+
+					DEBUG(5,("check_file_sharing: breaking oplock (%x) on file %s, \
+dev = %x, inode = %.0f\n", share_entry->op_type, fname, (unsigned int)dev, (double)inode));
+
+					/* Oplock break.... */
+					unlock_share_entry(conn, dev, inode);
+
+					if(request_oplock_break(share_entry) == False) {
+						DEBUG(0,("check_file_sharing: FAILED when breaking oplock (%x) on file %s, \
+dev = %x, inode = %.0f\n", old_shares[i].op_type, fname, (unsigned int)dev, (double)inode));
+
+						SAFE_FREE(old_shares);
+						return False;
+					}
+					lock_share_entry(conn, dev, inode);
+					broke_oplock = True;
+					break;
+				}
+
+				/* 
+				 * If this is a delete request and ALLOW_SHARE_DELETE is set then allow 
+				 * this to proceed. This takes precedence over share modes.
+				 */
+
+				if(!rename_op && GET_ALLOW_SHARE_DELETE(share_entry->share_mode))
+					continue;
+
+				/* 
+				 * Someone else has a share lock on it, check to see 
+				 * if we can too.
+				 */
+       			 	if ((GET_DENY_MODE(share_entry->share_mode) != DENY_DOS) || 
+							(share_entry->pid != pid))
+					goto free_and_exit;
+	
+			} /* end for */
+
+			if(broke_oplock) {
+				SAFE_FREE(old_shares);
+				num_share_modes = get_share_modes(conn, dev, inode, &old_shares);
+			}
+		} while(broke_oplock);
+	}
+
+	/*
+	 * XXXX exactly what share mode combinations should be allowed for
+	 * deleting/renaming?
+	 */
+
+	/* 
+	 * If we got here then either there were no share modes or
+	 * all share modes were DENY_DOS and the pid == getpid() or
+	 * delete access was requested and all share modes had the
+	 * ALLOW_SHARE_DELETE bit set (takes precedence over other
+	 * share modes).
+	 */
+
+	ret = True;
+
+free_and_exit:
+
+	unlock_share_entry(conn, dev, inode);
+	SAFE_FREE(old_shares);
+	return(ret);
+}
+#endif
diff --git a/source3/smbd/oplock.c b/source3/smbd/oplock.c
new file mode 100644
index 0000000000..23606f1d14
--- /dev/null
+++ b/source3/smbd/oplock.c
@@ -0,0 +1,1219 @@
+/* 
+   Unix SMB/CIFS implementation.
+   oplock processing
+   Copyright (C) Andrew Tridgell 1992-1998
+   Copyright (C) Jeremy Allison 1998 - 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/* Oplock ipc UDP socket. */
+static int oplock_sock = -1;
+uint16 global_oplock_port = 0;
+
+/* Current number of oplocks we have outstanding. */
+static int32 exclusive_oplocks_open = 0;
+static int32 level_II_oplocks_open = 0;
+BOOL global_client_failed_oplock_break = False;
+BOOL global_oplock_break = False;
+
+extern int smb_read_error;
+
+static struct kernel_oplocks *koplocks;
+
+static BOOL oplock_break(SMB_DEV_T dev, SMB_INO_T inode, unsigned long file_id, BOOL local);
+
+/****************************************************************************
+ Get the number of current exclusive oplocks.
+****************************************************************************/
+
+int32 get_number_of_exclusive_open_oplocks(void)
+{
+  return exclusive_oplocks_open;
+}
+
+/****************************************************************************
+ Return True if an oplock message is pending.
+****************************************************************************/
+
+BOOL oplock_message_waiting(fd_set *fds)
+{
+	if (koplocks && koplocks->msg_waiting(fds))
+		return True;
+
+	if (FD_ISSET(oplock_sock, fds))
+		return True;
+
+	return False;
+}
+
+/****************************************************************************
+ Read an oplock break message from either the oplock UDP fd or the
+ kernel (if kernel oplocks are supported).
+
+ If timeout is zero then *fds contains the file descriptors that
+ are ready to be read and acted upon. If timeout is non-zero then
+ *fds contains the file descriptors to be selected on for read.
+ The timeout is in milliseconds
+
+****************************************************************************/
+
+BOOL receive_local_message(fd_set *fds, char *buffer, int buffer_len, int timeout)
+{
+	struct sockaddr_in from;
+	int fromlen = sizeof(from);
+	int32 msg_len = 0;
+
+	smb_read_error = 0;
+
+	if(timeout != 0) {
+		struct timeval to;
+		int selrtn;
+		int maxfd = oplock_sock;
+
+		if (koplocks && koplocks->notification_fd != -1) {
+			FD_SET(koplocks->notification_fd, fds);
+			maxfd = MAX(maxfd, koplocks->notification_fd);
+		}
+
+		to.tv_sec = timeout / 1000;
+		to.tv_usec = (timeout % 1000) * 1000;
+
+		selrtn = sys_select(maxfd+1,fds,NULL,NULL,&to);
+
+		if (selrtn == -1 && errno == EINTR) {
+			/* could be a kernel oplock interrupt */
+			if (koplocks && koplocks->msg_waiting(fds)) {
+				return koplocks->receive_message(fds, buffer, buffer_len);
+			}
+		}
+
+		/* Check if error */
+		if(selrtn == -1) {
+			/* something is wrong. Maybe the socket is dead? */
+			smb_read_error = READ_ERROR;
+			return False;
+		}
+
+		/* Did we timeout ? */
+		if (selrtn == 0) {
+			smb_read_error = READ_TIMEOUT;
+			return False;
+		}
+	}
+
+	if (koplocks && koplocks->msg_waiting(fds)) {
+		return koplocks->receive_message(fds, buffer, buffer_len);
+	}
+
+	if (!FD_ISSET(oplock_sock, fds))
+		return False;
+
+	/*
+	 * From here down we deal with the smbd <--> smbd
+	 * oplock break protocol only.
+	 */
+
+	/*
+	 * Read a loopback udp message.
+	 */
+	msg_len = recvfrom(oplock_sock, &buffer[OPBRK_CMD_HEADER_LEN],
+						buffer_len - OPBRK_CMD_HEADER_LEN, 0, (struct sockaddr *)&from, &fromlen);
+
+	if(msg_len < 0) {
+		DEBUG(0,("receive_local_message. Error in recvfrom. (%s).\n",strerror(errno)));
+		return False;
+	}
+
+	/* Validate message length. */
+	if(msg_len > (buffer_len - OPBRK_CMD_HEADER_LEN)) {
+		DEBUG(0,("receive_local_message: invalid msg_len (%d) max can be %d\n", msg_len,
+			buffer_len  - OPBRK_CMD_HEADER_LEN));
+		return False;
+	}
+
+	/* Validate message from address (must be localhost). */
+	if(from.sin_addr.s_addr != htonl(INADDR_LOOPBACK)) {
+		DEBUG(0,("receive_local_message: invalid 'from' address \
+(was %lx should be 127.0.0.1)\n", (long)from.sin_addr.s_addr));
+		return False;
+	}
+
+	/* Setup the message header */
+	SIVAL(buffer,OPBRK_CMD_LEN_OFFSET,msg_len);
+	SSVAL(buffer,OPBRK_CMD_PORT_OFFSET,ntohs(from.sin_port));
+
+	return True;
+}
+
+/****************************************************************************
+ Attempt to set an oplock on a file. Always succeeds if kernel oplocks are
+ disabled (just sets flags). Returns True if oplock set.
+****************************************************************************/
+
+BOOL set_file_oplock(files_struct *fsp, int oplock_type)
+{
+	if (koplocks && !koplocks->set_oplock(fsp, oplock_type))
+		return False;
+
+	fsp->oplock_type = oplock_type;
+	fsp->sent_oplock_break = NO_BREAK_SENT;
+	if (oplock_type == LEVEL_II_OPLOCK)
+		level_II_oplocks_open++;
+	else
+		exclusive_oplocks_open++;
+
+	DEBUG(5,("set_file_oplock: granted oplock on file %s, dev = %x, inode = %.0f, file_id = %lu, \
+tv_sec = %x, tv_usec = %x\n",
+		 fsp->fsp_name, (unsigned int)fsp->dev, (double)fsp->inode, fsp->file_id,
+		 (int)fsp->open_time.tv_sec, (int)fsp->open_time.tv_usec ));
+
+	return True;
+}
+
+/****************************************************************************
+ Attempt to release an oplock on a file. Decrements oplock count.
+****************************************************************************/
+
+void release_file_oplock(files_struct *fsp)
+{
+	if (koplocks)
+		koplocks->release_oplock(fsp);
+
+	if (fsp->oplock_type == LEVEL_II_OPLOCK)
+		level_II_oplocks_open--;
+	else
+		exclusive_oplocks_open--;
+	
+	fsp->oplock_type = NO_OPLOCK;
+	fsp->sent_oplock_break = NO_BREAK_SENT;
+	
+	flush_write_cache(fsp, OPLOCK_RELEASE_FLUSH);
+}
+
+/****************************************************************************
+ Attempt to downgrade an oplock on a file. Doesn't decrement oplock count.
+****************************************************************************/
+
+static void downgrade_file_oplock(files_struct *fsp)
+{
+	if (koplocks)
+		koplocks->release_oplock(fsp);
+	fsp->oplock_type = LEVEL_II_OPLOCK;
+	exclusive_oplocks_open--;
+	level_II_oplocks_open++;
+	fsp->sent_oplock_break = NO_BREAK_SENT;
+}
+
+/****************************************************************************
+ Remove a file oplock. Copes with level II and exclusive.
+ Locks then unlocks the share mode lock. Client can decide to go directly
+ to none even if a "break-to-level II" was sent.
+****************************************************************************/
+
+BOOL remove_oplock(files_struct *fsp, BOOL break_to_none)
+{
+	SMB_DEV_T dev = fsp->dev;
+	SMB_INO_T inode = fsp->inode;
+	BOOL ret = True;
+
+	/* Remove the oplock flag from the sharemode. */
+	if (lock_share_entry_fsp(fsp) == False) {
+		DEBUG(0,("remove_oplock: failed to lock share entry for file %s\n",
+			 fsp->fsp_name ));
+		ret = False;
+	}
+
+	if (fsp->sent_oplock_break == EXCLUSIVE_BREAK_SENT || break_to_none) {
+		/*
+		 * Deal with a reply when a break-to-none was sent.
+		 */
+
+		if(remove_share_oplock(fsp)==False) {
+			DEBUG(0,("remove_oplock: failed to remove share oplock for file %s fnum %d, \
+dev = %x, inode = %.0f\n", fsp->fsp_name, fsp->fnum, (unsigned int)dev, (double)inode));
+			ret = False;
+		}
+
+		release_file_oplock(fsp);
+	} else {
+		/*
+		 * Deal with a reply when a break-to-level II was sent.
+		 */
+		if(downgrade_share_oplock(fsp)==False) {
+			DEBUG(0,("remove_oplock: failed to downgrade share oplock for file %s fnum %d, \
+dev = %x, inode = %.0f\n", fsp->fsp_name, fsp->fnum, (unsigned int)dev, (double)inode));
+			ret = False;
+		}
+		
+		downgrade_file_oplock(fsp);
+	}
+
+	unlock_share_entry_fsp(fsp);
+	return ret;
+}
+
+/****************************************************************************
+ Setup the listening set of file descriptors for an oplock break
+ message either from the UDP socket or from the kernel. Returns the maximum
+ fd used.
+****************************************************************************/
+
+int setup_oplock_select_set( fd_set *fds)
+{
+	int maxfd = oplock_sock;
+
+	if(oplock_sock == -1)
+		return 0;
+
+	FD_SET(oplock_sock,fds);
+
+	if (koplocks && koplocks->notification_fd != -1) {
+		FD_SET(koplocks->notification_fd, fds);
+		maxfd = MAX(maxfd, koplocks->notification_fd);
+	}
+
+	return maxfd;
+}
+
+/****************************************************************************
+ Process an oplock break message - whether it came from the UDP socket
+ or from the kernel.
+****************************************************************************/
+
+BOOL process_local_message(char *buffer, int buf_size)
+{
+	int32 msg_len;
+	uint16 from_port;
+	char *msg_start;
+	pid_t remotepid;
+	SMB_DEV_T dev;
+	SMB_INO_T inode;
+	unsigned long file_id;
+	uint16 break_cmd_type;
+
+	msg_len = IVAL(buffer,OPBRK_CMD_LEN_OFFSET);
+	from_port = SVAL(buffer,OPBRK_CMD_PORT_OFFSET);
+
+	msg_start = &buffer[OPBRK_CMD_HEADER_LEN];
+
+	DEBUG(5,("process_local_message: Got a message of length %d from port (%d)\n", 
+		msg_len, from_port));
+
+	/* 
+	 * Pull the info out of the requesting packet.
+	 */
+
+	break_cmd_type = SVAL(msg_start,OPBRK_MESSAGE_CMD_OFFSET);
+
+	switch(break_cmd_type) {
+		case KERNEL_OPLOCK_BREAK_CMD:
+			if (!koplocks) {
+				DEBUG(0,("unexpected kernel oplock break!\n"));
+				break;
+			} 
+			if (!koplocks->parse_message(msg_start, msg_len, &inode, &dev, &file_id)) {
+				DEBUG(0,("kernel oplock break parse failure!\n"));
+			}
+			break;
+
+		case OPLOCK_BREAK_CMD:
+		case LEVEL_II_OPLOCK_BREAK_CMD:
+
+			/* Ensure that the msg length is correct. */
+			if(msg_len != OPLOCK_BREAK_MSG_LEN) {
+				DEBUG(0,("process_local_message: incorrect length for OPLOCK_BREAK_CMD (was %d, should be %d).\n",
+					(int)msg_len, (int)OPLOCK_BREAK_MSG_LEN));
+				return False;
+			}
+
+			memcpy((char *)&remotepid, msg_start+OPLOCK_BREAK_PID_OFFSET,sizeof(remotepid));
+			memcpy((char *)&inode, msg_start+OPLOCK_BREAK_INODE_OFFSET,sizeof(inode));
+			memcpy((char *)&dev, msg_start+OPLOCK_BREAK_DEV_OFFSET,sizeof(dev));
+			memcpy((char *)&file_id, msg_start+OPLOCK_BREAK_FILEID_OFFSET,sizeof(file_id));
+
+			DEBUG(5,("process_local_message: (%s) oplock break request from \
+pid %d, port %d, dev = %x, inode = %.0f, file_id = %lu\n",
+				(break_cmd_type == OPLOCK_BREAK_CMD) ? "exclusive" : "level II",
+				(int)remotepid, from_port, (unsigned int)dev, (double)inode, file_id));
+			break;
+
+		/* 
+		 * Keep this as a debug case - eventually we can remove it.
+		 */
+		case 0x8001:
+			DEBUG(0,("process_local_message: Received unsolicited break \
+reply - dumping info.\n"));
+
+			if(msg_len != OPLOCK_BREAK_MSG_LEN) {
+				DEBUG(0,("process_local_message: ubr: incorrect length for reply \
+(was %d, should be %d).\n", (int)msg_len, (int)OPLOCK_BREAK_MSG_LEN));
+				return False;
+			}
+
+			memcpy((char *)&inode, msg_start+OPLOCK_BREAK_INODE_OFFSET,sizeof(inode));
+			memcpy((char *)&remotepid, msg_start+OPLOCK_BREAK_PID_OFFSET,sizeof(remotepid));
+			memcpy((char *)&dev, msg_start+OPLOCK_BREAK_DEV_OFFSET,sizeof(dev));
+			memcpy((char *)&file_id, msg_start+OPLOCK_BREAK_FILEID_OFFSET,sizeof(file_id));
+
+			DEBUG(0,("process_local_message: unsolicited oplock break reply from \
+pid %d, port %d, dev = %x, inode = %.0f, file_id = %lu\n",
+				(int)remotepid, from_port, (unsigned int)dev, (double)inode, file_id));
+
+			return False;
+
+		default:
+			DEBUG(0,("process_local_message: unknown UDP message command code (%x) - ignoring.\n",
+				(unsigned int)SVAL(msg_start,0)));
+			return False;
+	}
+
+	/*
+	 * Now actually process the break request.
+	 */
+
+	if((exclusive_oplocks_open + level_II_oplocks_open) != 0) {
+		if (oplock_break(dev, inode, file_id, False) == False) {
+			DEBUG(0,("process_local_message: oplock break failed.\n"));
+			return False;
+		}
+	} else {
+		/*
+		 * If we have no record of any currently open oplocks,
+		 * it's not an error, as a close command may have
+		 * just been issued on the file that was oplocked.
+		 * Just log a message and return success in this case.
+		 */
+		DEBUG(3,("process_local_message: oplock break requested with no outstanding \
+oplocks. Returning success.\n"));
+	}
+
+	/* 
+	 * Do the appropriate reply - none in the kernel or level II case.
+	 */
+
+	if(SVAL(msg_start,OPBRK_MESSAGE_CMD_OFFSET) == OPLOCK_BREAK_CMD) {
+		struct sockaddr_in toaddr;
+
+		/* Send the message back after OR'ing in the 'REPLY' bit. */
+		SSVAL(msg_start,OPBRK_MESSAGE_CMD_OFFSET,OPLOCK_BREAK_CMD | CMD_REPLY);
+
+		memset((char *)&toaddr,'\0',sizeof(toaddr));
+		toaddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+		toaddr.sin_port = htons(from_port);
+		toaddr.sin_family = AF_INET;
+
+		if(sendto( oplock_sock, msg_start, OPLOCK_BREAK_MSG_LEN, 0,
+				(struct sockaddr *)&toaddr, sizeof(toaddr)) < 0) {
+			DEBUG(0,("process_local_message: sendto process %d failed. Errno was %s\n",
+				(int)remotepid, strerror(errno)));
+			return False;
+		}
+
+		DEBUG(5,("process_local_message: oplock break reply sent to \
+pid %d, port %d, for file dev = %x, inode = %.0f, file_id = %lu\n",
+			(int)remotepid, from_port, (unsigned int)dev, (double)inode, file_id));
+	}
+
+	return True;
+}
+
+/****************************************************************************
+ Set up an oplock break message.
+****************************************************************************/
+
+static void prepare_break_message(char *outbuf, files_struct *fsp, BOOL level2)
+{
+	memset(outbuf,'\0',smb_size);
+	set_message(outbuf,8,0,True);
+
+	SCVAL(outbuf,smb_com,SMBlockingX);
+	SSVAL(outbuf,smb_tid,fsp->conn->cnum);
+	SSVAL(outbuf,smb_pid,0xFFFF);
+	SSVAL(outbuf,smb_uid,0);
+	SSVAL(outbuf,smb_mid,0xFFFF);
+	SCVAL(outbuf,smb_vwv0,0xFF);
+	SSVAL(outbuf,smb_vwv2,fsp->fnum);
+	SCVAL(outbuf,smb_vwv3,LOCKING_ANDX_OPLOCK_RELEASE);
+	SCVAL(outbuf,smb_vwv3+1,level2 ? OPLOCKLEVEL_II : OPLOCKLEVEL_NONE);
+}
+
+/****************************************************************************
+ Function to do the waiting before sending a local break.
+****************************************************************************/
+
+static void wait_before_sending_break(BOOL local_request)
+{
+	extern struct timeval smb_last_time;
+
+	if(local_request) {
+		struct timeval cur_tv;
+		long wait_left = (long)lp_oplock_break_wait_time();
+
+		if (wait_left == 0)
+			return;
+
+		GetTimeOfDay(&cur_tv);
+
+		wait_left -= ((cur_tv.tv_sec - smb_last_time.tv_sec)*1000) +
+                ((cur_tv.tv_usec - smb_last_time.tv_usec)/1000);
+
+		if(wait_left > 0) {
+			wait_left = MIN(wait_left, 1000);
+			sys_usleep(wait_left * 1000);
+		}
+	}
+}
+
+/****************************************************************************
+ Ensure that we have a valid oplock.
+****************************************************************************/
+
+static files_struct *initial_break_processing(SMB_DEV_T dev, SMB_INO_T inode, unsigned long file_id)
+{
+	files_struct *fsp = NULL;
+
+	if( DEBUGLVL( 3 ) ) {
+		dbgtext( "initial_break_processing: called for dev = %x, inode = %.0f file_id = %lu\n",
+			(unsigned int)dev, (double)inode, file_id);
+		dbgtext( "Current oplocks_open (exclusive = %d, levelII = %d)\n",
+			exclusive_oplocks_open, level_II_oplocks_open );
+	}
+
+	/*
+	 * We need to search the file open table for the
+	 * entry containing this dev and inode, and ensure
+	 * we have an oplock on it.
+	 */
+
+	fsp = file_find_dif(dev, inode, file_id);
+
+	if(fsp == NULL) {
+		/* The file could have been closed in the meantime - return success. */
+		if( DEBUGLVL( 3 ) ) {
+			dbgtext( "initial_break_processing: cannot find open file with " );
+			dbgtext( "dev = %x, inode = %.0f file_id = %lu", (unsigned int)dev,
+				(double)inode, file_id);
+			dbgtext( "allowing break to succeed.\n" );
+		}
+		return NULL;
+	}
+
+	/* Ensure we have an oplock on the file */
+
+	/*
+	 * There is a potential race condition in that an oplock could
+	 * have been broken due to another udp request, and yet there are
+	 * still oplock break messages being sent in the udp message
+	 * queue for this file. So return true if we don't have an oplock,
+	 * as we may have just freed it.
+	 */
+
+	if(fsp->oplock_type == NO_OPLOCK) {
+		if( DEBUGLVL( 3 ) ) {
+			dbgtext( "initial_break_processing: file %s ", fsp->fsp_name );
+			dbgtext( "(dev = %x, inode = %.0f, file_id = %lu) has no oplock.\n",
+				(unsigned int)dev, (double)inode, fsp->file_id );
+			dbgtext( "Allowing break to succeed regardless.\n" );
+		}
+		return NULL;
+	}
+
+	return fsp;
+}
+
+/****************************************************************************
+ Process a level II oplock break directly.
+****************************************************************************/
+
+BOOL oplock_break_level2(files_struct *fsp, BOOL local_request, int token)
+{
+	extern uint32 global_client_caps;
+	char outbuf[128];
+	BOOL got_lock = False;
+	SMB_DEV_T dev = fsp->dev;
+	SMB_INO_T inode = fsp->inode;
+
+	/*
+	 * We can have a level II oplock even if the client is not
+	 * level II oplock aware. In this case just remove the
+	 * flags and don't send the break-to-none message to
+	 * the client.
+	 */
+
+	if (global_client_caps & CAP_LEVEL_II_OPLOCKS) {
+		/*
+		 * If we are sending an oplock break due to an SMB sent
+		 * by our own client we ensure that we wait at leat
+		 * lp_oplock_break_wait_time() milliseconds before sending
+		 * the packet. Sending the packet sooner can break Win9x
+		 * and has reported to cause problems on NT. JRA.
+		 */
+
+		wait_before_sending_break(local_request);
+
+		/* Prepare the SMBlockingX message. */
+
+		prepare_break_message( outbuf, fsp, False);
+		if (!send_smb(smbd_server_fd(), outbuf))
+			exit_server("oplock_break_level2: send_smb failed.");
+	}
+
+	/*
+	 * Now we must update the shared memory structure to tell
+	 * everyone else we no longer have a level II oplock on 
+	 * this open file. If local_request is true then token is
+	 * the existing lock on the shared memory area.
+	 */
+
+	if(!local_request && lock_share_entry_fsp(fsp) == False) {
+		DEBUG(0,("oplock_break_level2: unable to lock share entry for file %s\n", fsp->fsp_name ));
+	} else {
+		got_lock = True;
+	}
+
+	if(remove_share_oplock(fsp)==False) {
+		DEBUG(0,("oplock_break_level2: unable to remove level II oplock for file %s\n", fsp->fsp_name ));
+	}
+
+	if (!local_request && got_lock)
+		unlock_share_entry_fsp(fsp);
+
+	fsp->oplock_type = NO_OPLOCK;
+	level_II_oplocks_open--;
+
+	if(level_II_oplocks_open < 0) {
+		DEBUG(0,("oplock_break_level2: level_II_oplocks_open < 0 (%d). PANIC ERROR\n",
+			level_II_oplocks_open));
+		abort();
+	}
+
+	if( DEBUGLVL( 3 ) ) {
+		dbgtext( "oplock_break_level2: returning success for " );
+		dbgtext( "dev = %x, inode = %.0f, file_id = %lu\n", (unsigned int)dev, (double)inode, fsp->file_id );
+		dbgtext( "Current level II oplocks_open = %d\n", level_II_oplocks_open );
+	}
+
+	return True;
+}
+
+/****************************************************************************
+ Process an oplock break directly.
+****************************************************************************/
+
+static BOOL oplock_break(SMB_DEV_T dev, SMB_INO_T inode, unsigned long file_id, BOOL local_request)
+{
+	extern uint32 global_client_caps;
+	extern struct current_user current_user;
+	char *inbuf = NULL;
+	char *outbuf = NULL;
+	files_struct *fsp = NULL;
+	time_t start_time;
+	BOOL shutdown_server = False;
+	BOOL oplock_timeout = False;
+	connection_struct *saved_user_conn;
+	connection_struct *saved_fsp_conn;
+	int saved_vuid;
+	pstring saved_dir; 
+	int timeout = (OPLOCK_BREAK_TIMEOUT * 1000);
+	pstring file_name;
+	BOOL using_levelII;
+
+	if((fsp = initial_break_processing(dev, inode, file_id)) == NULL)
+		return True;
+
+	/*
+	 * Deal with a level II oplock going break to none separately.
+	 */
+
+	if (LEVEL_II_OPLOCK_TYPE(fsp->oplock_type))
+		return oplock_break_level2(fsp, local_request, -1);
+
+	/* Mark the oplock break as sent - we don't want to send twice! */
+	if (fsp->sent_oplock_break) {
+		if( DEBUGLVL( 0 ) ) {
+			dbgtext( "oplock_break: ERROR: oplock_break already sent for " );
+			dbgtext( "file %s ", fsp->fsp_name);
+			dbgtext( "(dev = %x, inode = %.0f, file_id = %lu)\n", (unsigned int)dev, (double)inode, fsp->file_id );
+		}
+
+		/*
+		 * We have to fail the open here as we cannot send another oplock break on
+		 * this file whilst we are awaiting a response from the client - neither
+		 * can we allow another open to succeed while we are waiting for the client.
+		 */
+		return False;
+	}
+
+	if(global_oplock_break) {
+		DEBUG(0,("ABORT : ABORT : recursion in oplock_break !!!!!\n"));
+		abort();
+	}
+
+	/*
+	 * Now comes the horrid part. We must send an oplock break to the client,
+	 * and then process incoming messages until we get a close or oplock release.
+	 * At this point we know we need a new inbuf/outbuf buffer pair.
+	 * We cannot use these staticaly as we may recurse into here due to
+	 * messages crossing on the wire.
+	 */
+
+	if((inbuf = (char *)malloc(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN))==NULL) {
+		DEBUG(0,("oplock_break: malloc fail for input buffer.\n"));
+		return False;
+	}
+
+	if((outbuf = (char *)malloc(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN))==NULL) {
+		DEBUG(0,("oplock_break: malloc fail for output buffer.\n"));
+		SAFE_FREE(inbuf);
+		return False;
+	}
+
+	/*
+	 * If we are sending an oplock break due to an SMB sent
+	 * by our own client we ensure that we wait at leat
+	 * lp_oplock_break_wait_time() milliseconds before sending
+	 * the packet. Sending the packet sooner can break Win9x
+	 * and has reported to cause problems on NT. JRA.
+	 */
+
+	wait_before_sending_break(local_request);
+
+	/* Prepare the SMBlockingX message. */
+
+	if ((global_client_caps & CAP_LEVEL_II_OPLOCKS) && 
+			!koplocks && /* NOTE: we force levelII off for kernel oplocks - this will change when it is supported */
+			lp_level2_oplocks(SNUM(fsp->conn))) {
+		using_levelII = True;
+	} else {
+		using_levelII = False;
+	}
+
+	prepare_break_message( outbuf, fsp, using_levelII);
+	/* Remember if we just sent a break to level II on this file. */
+	fsp->sent_oplock_break = using_levelII? LEVEL_II_BREAK_SENT:EXCLUSIVE_BREAK_SENT;
+
+	if (!send_smb(smbd_server_fd(), outbuf))
+		exit_server("oplock_break: send_smb failed.");
+
+	/* We need this in case a readraw crosses on the wire. */
+	global_oplock_break = True;
+ 
+	/* Process incoming messages. */
+
+	/*
+	 * JRA - If we don't get a break from the client in OPLOCK_BREAK_TIMEOUT
+	 * seconds we should just die....
+	 */
+
+	start_time = time(NULL);
+
+	/*
+	 * Save the information we need to re-become the
+	 * user, then unbecome the user whilst we're doing this.
+	 */
+	saved_user_conn = current_user.conn;
+	saved_vuid = current_user.vuid;
+	saved_fsp_conn = fsp->conn;
+	change_to_root_user();
+	vfs_GetWd(saved_fsp_conn,saved_dir);
+	/* Save the chain fnum. */
+	file_chain_save();
+
+	/*
+	 * From Charles Hoch <hoch@exemplary.com>. If the break processing
+	 * code closes the file (as it often does), then the fsp pointer here
+	 * points to free()'d memory. We *must* revalidate fsp each time
+	 * around the loop.
+	 */
+
+	pstrcpy(file_name, fsp->fsp_name);
+
+	while((fsp = initial_break_processing(dev, inode, file_id)) &&
+			OPEN_FSP(fsp) && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
+		if(receive_smb(smbd_server_fd(),inbuf, timeout) == False) {
+			/*
+			 * Die if we got an error.
+			 */
+
+			if (smb_read_error == READ_EOF) {
+				DEBUG( 0, ( "oplock_break: end of file from client\n" ) );
+				shutdown_server = True;
+			} else if (smb_read_error == READ_ERROR) {
+				DEBUG( 0, ("oplock_break: receive_smb error (%s)\n", strerror(errno)) );
+				shutdown_server = True;
+			} else if (smb_read_error == READ_TIMEOUT) {
+				DEBUG( 0, ( "oplock_break: receive_smb timed out after %d seconds.\n", OPLOCK_BREAK_TIMEOUT ) );
+				oplock_timeout = True;
+			}
+
+			DEBUGADD( 0, ( "oplock_break failed for file %s ", file_name ) );
+			DEBUGADD( 0, ( "(dev = %x, inode = %.0f, file_id = %lu).\n",
+				(unsigned int)dev, (double)inode, file_id));
+
+			break;
+		}
+
+		/*
+		 * There are certain SMB requests that we shouldn't allow
+		 * to recurse. opens, renames and deletes are the obvious
+		 * ones. This is handled in the switch_message() function.
+		 * If global_oplock_break is set they will push the packet onto
+		 * the pending smb queue and return -1 (no reply).
+		 * JRA.
+		 */
+
+		process_smb(inbuf, outbuf);
+
+		/*
+		 * Die if we go over the time limit.
+		 */
+
+		if((time(NULL) - start_time) > OPLOCK_BREAK_TIMEOUT) {
+			if( DEBUGLVL( 0 ) ) {
+				dbgtext( "oplock_break: no break received from client " );
+				dbgtext( "within %d seconds.\n", OPLOCK_BREAK_TIMEOUT );
+				dbgtext( "oplock_break failed for file %s ", fsp->fsp_name );
+				dbgtext( "(dev = %x, inode = %.0f, file_id = %lu).\n",	
+					(unsigned int)dev, (double)inode, file_id );
+			}
+			oplock_timeout = True;
+			break;
+		}
+	}
+
+	/*
+	 * Go back to being the user who requested the oplock
+	 * break.
+	 */
+	if((saved_user_conn != NULL) && (saved_vuid != UID_FIELD_INVALID) && !change_to_user(saved_user_conn, saved_vuid)) {
+		DEBUG( 0, ( "oplock_break: unable to re-become user!" ) );
+		DEBUGADD( 0, ( "Shutting down server\n" ) );
+		close(oplock_sock);
+		exit_server("unable to re-become user");
+	}
+
+	/* Including the directory. */
+	vfs_ChDir(saved_fsp_conn,saved_dir);
+
+	/* Restore the chain fnum. */
+	file_chain_restore();
+
+	/* Free the buffers we've been using to recurse. */
+	SAFE_FREE(inbuf);
+	SAFE_FREE(outbuf);
+
+	/* We need this in case a readraw crossed on the wire. */
+	if(global_oplock_break)
+		global_oplock_break = False;
+
+	/*
+	 * If the client timed out then clear the oplock (or go to level II)
+	 * and continue. This seems to be what NT does and is better than dropping
+	 * the connection.
+	 */
+
+	if(oplock_timeout && (fsp = initial_break_processing(dev, inode, file_id)) &&
+			OPEN_FSP(fsp) && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
+		DEBUG(0,("oplock_break: client failure in oplock break in file %s\n", fsp->fsp_name));
+		remove_oplock(fsp,True);
+#if FASCIST_OPLOCK_BACKOFF
+		global_client_failed_oplock_break = True; /* Never grant this client an oplock again. */
+#endif
+	}
+
+	/*
+	 * If the client had an error we must die.
+	 */
+
+	if(shutdown_server) {
+		DEBUG( 0, ( "oplock_break: client failure in break - " ) );
+		DEBUGADD( 0, ( "shutting down this smbd.\n" ) );
+		close(oplock_sock);
+		exit_server("oplock break failure");
+	}
+
+	/* Santity check - remove this later. JRA */
+	if(exclusive_oplocks_open < 0) {
+		DEBUG(0,("oplock_break: exclusive_oplocks_open < 0 (%d). PANIC ERROR\n", exclusive_oplocks_open));
+		abort();
+	}
+
+	if( DEBUGLVL( 3 ) ) {
+		dbgtext( "oplock_break: returning success for " );
+		dbgtext( "dev = %x, inode = %.0f, file_id = %lu\n", (unsigned int)dev, (double)inode, file_id );
+		dbgtext( "Current exclusive_oplocks_open = %d\n", exclusive_oplocks_open );
+	}
+
+	return True;
+}
+
+/****************************************************************************
+Send an oplock break message to another smbd process. If the oplock is held 
+by the local smbd then call the oplock break function directly.
+****************************************************************************/
+
+BOOL request_oplock_break(share_mode_entry *share_entry)
+{
+	char op_break_msg[OPLOCK_BREAK_MSG_LEN];
+	struct sockaddr_in addr_out;
+	pid_t pid = sys_getpid();
+	time_t start_time;
+	int time_left;
+	SMB_DEV_T dev = share_entry->dev;
+	SMB_INO_T inode = share_entry->inode;
+	unsigned long file_id = share_entry->share_file_id;
+
+	if(pid == share_entry->pid) {
+		/* We are breaking our own oplock, make sure it's us. */
+		if(share_entry->op_port != global_oplock_port) {
+			DEBUG(0,("request_oplock_break: corrupt share mode entry - pid = %d, port = %d \
+should be %d\n", (int)pid, share_entry->op_port, global_oplock_port));
+			return False;
+		}
+
+		DEBUG(5,("request_oplock_break: breaking our own oplock\n"));
+
+#if 1 /* JRA PARANOIA TEST.... */
+		{
+			files_struct *fsp = file_find_dif(dev, inode, file_id);
+			if (!fsp) {
+				DEBUG(0,("request_oplock_break: PANIC : breaking our own oplock requested for \
+dev = %x, inode = %.0f, file_id = %lu and no fsp found !\n",
+            (unsigned int)dev, (double)inode, file_id ));
+				smb_panic("request_oplock_break: no fsp found for our own oplock\n");
+			}
+		}
+#endif /* END JRA PARANOIA TEST... */
+
+		/* Call oplock break direct. */
+		return oplock_break(dev, inode, file_id, True);
+	}
+
+	/* We need to send a OPLOCK_BREAK_CMD message to the port in the share mode entry. */
+
+	if (LEVEL_II_OPLOCK_TYPE(share_entry->op_type)) {
+		SSVAL(op_break_msg,OPBRK_MESSAGE_CMD_OFFSET,LEVEL_II_OPLOCK_BREAK_CMD);
+	} else {
+		SSVAL(op_break_msg,OPBRK_MESSAGE_CMD_OFFSET,OPLOCK_BREAK_CMD);
+	}
+
+	memcpy(op_break_msg+OPLOCK_BREAK_PID_OFFSET,(char *)&pid,sizeof(pid));
+	memcpy(op_break_msg+OPLOCK_BREAK_DEV_OFFSET,(char *)&dev,sizeof(dev));
+	memcpy(op_break_msg+OPLOCK_BREAK_INODE_OFFSET,(char *)&inode,sizeof(inode));
+	memcpy(op_break_msg+OPLOCK_BREAK_FILEID_OFFSET,(char *)&file_id,sizeof(file_id));
+
+	/* Set the address and port. */
+	memset((char *)&addr_out,'\0',sizeof(addr_out));
+	addr_out.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+	addr_out.sin_port = htons( share_entry->op_port );
+	addr_out.sin_family = AF_INET;
+   
+	if( DEBUGLVL( 3 ) ) {
+		dbgtext( "request_oplock_break: sending a oplock break message to " );
+		dbgtext( "pid %d on port %d ", (int)share_entry->pid, share_entry->op_port );
+		dbgtext( "for dev = %x, inode = %.0f, file_id = %lu\n",
+            (unsigned int)dev, (double)inode, file_id );
+	}
+
+	if(sendto(oplock_sock,op_break_msg,OPLOCK_BREAK_MSG_LEN,0,
+			(struct sockaddr *)&addr_out,sizeof(addr_out)) < 0) {
+		if( DEBUGLVL( 0 ) ) {
+			dbgtext( "request_oplock_break: failed when sending a oplock " );
+			dbgtext( "break message to pid %d ", (int)share_entry->pid );
+			dbgtext( "on port %d ", share_entry->op_port );
+			dbgtext( "for dev = %x, inode = %.0f, file_id = %lu\n",
+          (unsigned int)dev, (double)inode, file_id );
+			dbgtext( "Error was %s\n", strerror(errno) );
+		}
+		return False;
+	}
+
+	/*
+	 * If we just sent a message to a level II oplock share entry then
+	 * we are done and may return.
+	 */
+
+	if (LEVEL_II_OPLOCK_TYPE(share_entry->op_type)) {
+		DEBUG(3,("request_oplock_break: sent break message to level II entry.\n"));
+		return True;
+	}
+
+	/*
+	 * Now we must await the oplock broken message coming back
+	 * from the target smbd process. Timeout if it fails to
+	 * return in (OPLOCK_BREAK_TIMEOUT + OPLOCK_BREAK_TIMEOUT_FUDGEFACTOR) seconds.
+	 * While we get messages that aren't ours, loop.
+	 */
+
+	start_time = time(NULL);
+	time_left = OPLOCK_BREAK_TIMEOUT+OPLOCK_BREAK_TIMEOUT_FUDGEFACTOR;
+
+	while(time_left >= 0) {
+		char op_break_reply[OPBRK_CMD_HEADER_LEN+OPLOCK_BREAK_MSG_LEN];
+		uint16 reply_from_port;
+		char *reply_msg_start;
+		fd_set fds;
+
+		FD_ZERO(&fds);
+		FD_SET(oplock_sock,&fds);
+
+		if (koplocks && koplocks->notification_fd != -1) {
+			FD_SET(koplocks->notification_fd, &fds);
+		}
+
+		if(receive_local_message(&fds, op_break_reply, sizeof(op_break_reply),
+				time_left ? time_left * 1000 : 1) == False) {
+			if(smb_read_error == READ_TIMEOUT) {
+				if( DEBUGLVL( 0 ) ) {
+					dbgtext( "request_oplock_break: no response received to oplock " );
+					dbgtext( "break request to pid %d ", (int)share_entry->pid );
+					dbgtext( "on port %d ", share_entry->op_port );
+					dbgtext( "for dev = %x, inode = %.0f, file_id = %lu\n",
+							(unsigned int)dev, (double)inode, file_id );
+				}
+
+				/*
+				 * This is a hack to make handling of failing clients more robust.
+				 * If a oplock break response message is not received in the timeout
+				 * period we may assume that the smbd servicing that client holding
+				 * the oplock has died and the client changes were lost anyway, so
+				 * we should continue to try and open the file.
+				 */
+				break;
+			} else {
+				if( DEBUGLVL( 0 ) ) {
+					dbgtext( "request_oplock_break: error in response received " );
+					dbgtext( "to oplock break request to pid %d ", (int)share_entry->pid );
+					dbgtext( "on port %d ", share_entry->op_port );
+					dbgtext( "for dev = %x, inode = %.0f, file_id = %lu\n",
+						(unsigned int)dev, (double)inode, file_id );
+					dbgtext( "Error was (%s).\n", strerror(errno) );
+				}
+			}
+			return False;
+		}
+
+		reply_from_port = SVAL(op_break_reply,OPBRK_CMD_PORT_OFFSET);
+		reply_msg_start = &op_break_reply[OPBRK_CMD_HEADER_LEN];
+
+		/*
+		 * Test to see if this is the reply we are awaiting.
+		 */
+		if((SVAL(reply_msg_start,OPBRK_MESSAGE_CMD_OFFSET) & CMD_REPLY) &&
+			((SVAL(reply_msg_start,OPBRK_MESSAGE_CMD_OFFSET) & ~CMD_REPLY) == OPLOCK_BREAK_CMD) &&
+			(reply_from_port == share_entry->op_port) && 
+			(memcmp(&reply_msg_start[OPLOCK_BREAK_PID_OFFSET], &op_break_msg[OPLOCK_BREAK_PID_OFFSET],
+				OPLOCK_BREAK_MSG_LEN - OPLOCK_BREAK_PID_OFFSET) == 0)) {
+
+			/*
+			 * This is the reply we've been waiting for.
+			 */
+			break;
+		} else {
+			/*
+			 * This is another message - a break request.
+			 * Note that both kernel oplock break requests
+			 * and UDP inter-smbd oplock break requests will
+			 * be processed here.
+			 *
+			 * Process it to prevent potential deadlock.
+			 * Note that the code in switch_message() prevents
+			 * us from recursing into here as any SMB requests
+			 * we might process that would cause another oplock
+			 * break request to be made will be queued.
+			 * JRA.
+			 */
+
+			process_local_message(op_break_reply, sizeof(op_break_reply));
+		}
+
+		time_left -= (time(NULL) - start_time);
+	}
+
+	DEBUG(3,("request_oplock_break: broke oplock.\n"));
+
+	return True;
+}
+
+/****************************************************************************
+  Attempt to break an oplock on a file (if oplocked).
+  Returns True if the file was closed as a result of
+  the oplock break, False otherwise.
+  Used as a last ditch attempt to free a space in the 
+  file table when we have run out.
+****************************************************************************/
+
+BOOL attempt_close_oplocked_file(files_struct *fsp)
+{
+	DEBUG(5,("attempt_close_oplocked_file: checking file %s.\n", fsp->fsp_name));
+
+	if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type) && !fsp->sent_oplock_break && (fsp->fd != -1)) {
+		/* Try and break the oplock. */
+		if (oplock_break(fsp->dev, fsp->inode, fsp->file_id, True)) {
+			if(file_find_fsp(fsp) == NULL) /* Did the oplock break close the file ? */
+				return True;
+		}
+	}
+
+	return False;
+}
+
+/****************************************************************************
+ This function is called on any file modification or lock request. If a file
+ is level 2 oplocked then it must tell all other level 2 holders to break to none.
+****************************************************************************/
+
+void release_level_2_oplocks_on_change(files_struct *fsp)
+{
+	share_mode_entry *share_list = NULL;
+	pid_t pid = sys_getpid();
+	int token = -1;
+	int num_share_modes = 0;
+	int i;
+
+	/*
+	 * If this file is level II oplocked then we need
+	 * to grab the shared memory lock and inform all
+	 * other files with a level II lock that they need
+	 * to flush their read caches. We keep the lock over
+	 * the shared memory area whilst doing this.
+	 */
+
+	if (!LEVEL_II_OPLOCK_TYPE(fsp->oplock_type))
+		return;
+
+	if (lock_share_entry_fsp(fsp) == False) {
+		DEBUG(0,("release_level_2_oplocks_on_change: failed to lock share mode entry for file %s.\n", fsp->fsp_name ));
+	}
+
+	num_share_modes = get_share_modes(fsp->conn, fsp->dev, fsp->inode, &share_list);
+
+	DEBUG(10,("release_level_2_oplocks_on_change: num_share_modes = %d\n", 
+			num_share_modes ));
+
+	for(i = 0; i < num_share_modes; i++) {
+		share_mode_entry *share_entry = &share_list[i];
+
+		/*
+		 * As there could have been multiple writes waiting at the lock_share_entry
+		 * gate we may not be the first to enter. Hence the state of the op_types
+		 * in the share mode entries may be partly NO_OPLOCK and partly LEVEL_II
+		 * oplock. It will do no harm to re-send break messages to those smbd's
+		 * that are still waiting their turn to remove their LEVEL_II state, and
+		 * also no harm to ignore existing NO_OPLOCK states. JRA.
+		 */
+
+		DEBUG(10,("release_level_2_oplocks_on_change: share_entry[%i]->op_type == %d\n",
+				i, share_entry->op_type ));
+
+		if (share_entry->op_type == NO_OPLOCK)
+			continue;
+
+		/* Paranoia .... */
+		if (EXCLUSIVE_OPLOCK_TYPE(share_entry->op_type)) {
+			DEBUG(0,("release_level_2_oplocks_on_change: PANIC. share mode entry %d is an exlusive oplock !\n", i ));
+			unlock_share_entry(fsp->conn, fsp->dev, fsp->inode);
+			abort();
+		}
+
+		/*
+		 * Check if this is a file we have open (including the
+		 * file we've been called to do write_file on. If so
+		 * then break it directly without releasing the lock.
+		 */
+
+		if (pid == share_entry->pid) {
+			files_struct *new_fsp = file_find_dif(share_entry->dev, share_entry->inode, share_entry->share_file_id);
+
+			/* Paranoia check... */
+			if(new_fsp == NULL) {
+				DEBUG(0,("release_level_2_oplocks_on_change: PANIC. share mode entry %d is not a local file !\n", i ));
+				unlock_share_entry(fsp->conn, fsp->dev, fsp->inode);
+				abort();
+			}
+
+			DEBUG(10,("release_level_2_oplocks_on_change: breaking our own oplock.\n"));
+
+			oplock_break_level2(new_fsp, True, token);
+
+		} else {
+
+			/*
+			 * This is a remote file and so we send an asynchronous
+			 * message.
+			 */
+
+			DEBUG(10,("release_level_2_oplocks_on_change: breaking remote oplock.\n"));
+			request_oplock_break(share_entry);
+		}
+	}
+
+	SAFE_FREE(share_list);
+	unlock_share_entry_fsp(fsp);
+
+	/* Paranoia check... */
+	if (LEVEL_II_OPLOCK_TYPE(fsp->oplock_type)) {
+		DEBUG(0,("release_level_2_oplocks_on_change: PANIC. File %s still has a level II oplock.\n", fsp->fsp_name));
+		smb_panic("release_level_2_oplocks_on_change");
+	}
+}
+
+/****************************************************************************
+setup oplocks for this process
+****************************************************************************/
+
+BOOL init_oplocks(void)
+{
+	struct sockaddr_in sock_name;
+	socklen_t len = sizeof(sock_name);
+
+	DEBUG(3,("open_oplock_ipc: opening loopback UDP socket.\n"));
+
+	/* Open a lookback UDP socket on a random port. */
+	oplock_sock = open_socket_in(SOCK_DGRAM, 0, 0, htonl(INADDR_LOOPBACK),False);
+	if (oplock_sock == -1) {
+		DEBUG(0,("open_oplock_ipc: Failed to get local UDP socket for \
+address %lx. Error was %s\n", (long)htonl(INADDR_LOOPBACK), strerror(errno)));
+		global_oplock_port = 0;
+		return(False);
+	}
+
+	/* Find out the transient UDP port we have been allocated. */
+	if(getsockname(oplock_sock, (struct sockaddr *)&sock_name, &len)<0) {
+		DEBUG(0,("open_oplock_ipc: Failed to get local UDP port. Error was %s\n",
+			 strerror(errno)));
+		close(oplock_sock);
+		oplock_sock = -1;
+		global_oplock_port = 0;
+		return False;
+	}
+	global_oplock_port = ntohs(sock_name.sin_port);
+
+	if (lp_kernel_oplocks()) {
+#if HAVE_KERNEL_OPLOCKS_IRIX
+		koplocks = irix_init_kernel_oplocks();
+#elif HAVE_KERNEL_OPLOCKS_LINUX
+		koplocks = linux_init_kernel_oplocks();
+#endif
+	}
+
+	DEBUG(3,("open_oplock ipc: pid = %d, global_oplock_port = %u\n", 
+		 (int)sys_getpid(), global_oplock_port));
+
+	return True;
+}
diff --git a/source3/smbd/oplock_irix.c b/source3/smbd/oplock_irix.c
new file mode 100644
index 0000000000..14f6de27c4
--- /dev/null
+++ b/source3/smbd/oplock_irix.c
@@ -0,0 +1,285 @@
+/*
+   Unix SMB/CIFS implementation.
+   IRIX kernel oplock processing
+   Copyright (C) Andrew Tridgell 1992-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+#if HAVE_KERNEL_OPLOCKS_IRIX
+
+static int oplock_pipe_write = -1;
+static int oplock_pipe_read = -1;
+
+/****************************************************************************
+ Test to see if IRIX kernel oplocks work.
+****************************************************************************/
+
+static BOOL irix_oplocks_available(void)
+{
+	int fd;
+	int pfd[2];
+	pstring tmpname;
+
+	oplock_set_capability(True, False);
+
+	slprintf(tmpname,sizeof(tmpname)-1, "%s/koplock.%d", lp_lockdir(), (int)sys_getpid());
+
+	if(pipe(pfd) != 0) {
+		DEBUG(0,("check_kernel_oplocks: Unable to create pipe. Error was %s\n",
+			 strerror(errno) ));
+		return False;
+	}
+
+	if((fd = sys_open(tmpname, O_RDWR|O_CREAT|O_EXCL|O_TRUNC, 0600)) < 0) {
+		DEBUG(0,("check_kernel_oplocks: Unable to open temp test file %s. Error was %s\n",
+			 tmpname, strerror(errno) ));
+		unlink( tmpname );
+		close(pfd[0]);
+		close(pfd[1]);
+		return False;
+	}
+
+	unlink(tmpname);
+
+	if(fcntl(fd, F_OPLKREG, pfd[1]) == -1) {
+		DEBUG(0,("check_kernel_oplocks: Kernel oplocks are not available on this machine. \
+Disabling kernel oplock support.\n" ));
+		close(pfd[0]);
+		close(pfd[1]);
+		close(fd);
+		return False;
+	}
+
+	if(fcntl(fd, F_OPLKACK, OP_REVOKE) < 0 ) {
+		DEBUG(0,("check_kernel_oplocks: Error when removing kernel oplock. Error was %s. \
+Disabling kernel oplock support.\n", strerror(errno) ));
+		close(pfd[0]);
+		close(pfd[1]);
+		close(fd);
+		return False;
+	}
+
+	close(pfd[0]);
+	close(pfd[1]);
+	close(fd);
+
+	return True;
+}
+
+/****************************************************************************
+ * Deal with the IRIX kernel <--> smbd
+ * oplock break protocol.
+****************************************************************************/
+
+static BOOL irix_oplock_receive_message(fd_set *fds, char *buffer, int buffer_len)
+{
+	extern int smb_read_error;
+	oplock_stat_t os;
+	char dummy;
+	files_struct *fsp;
+
+	/*
+	 * Read one byte of zero to clear the
+	 * kernel break notify message.
+	 */
+
+	if(read(oplock_pipe_read, &dummy, 1) != 1) {
+		DEBUG(0,("receive_local_message: read of kernel notification failed. \
+Error was %s.\n", strerror(errno) ));
+		smb_read_error = READ_ERROR;
+		return False;
+	}
+
+	/*
+	 * Do a query to get the
+	 * device and inode of the file that has the break
+	 * request outstanding.
+	 */
+
+	if(fcntl(oplock_pipe_read, F_OPLKSTAT, &os) < 0) {
+		DEBUG(0,("receive_local_message: fcntl of kernel notification failed. \
+Error was %s.\n", strerror(errno) ));
+		if(errno == EAGAIN) {
+			/*
+			 * Duplicate kernel break message - ignore.
+			 */
+			memset(buffer, '\0', KERNEL_OPLOCK_BREAK_MSG_LEN);
+			return True;
+		}
+		smb_read_error = READ_ERROR;
+		return False;
+	}
+
+	/*
+	 * We only have device and inode info here - we have to guess that this
+	 * is the first fsp open with this dev,ino pair.
+	 */
+
+	if ((fsp = file_find_di_first((SMB_DEV_T)os.os_dev, (SMB_INO_T)os.os_ino)) == NULL) {
+		DEBUG(0,("receive_local_message: unable to find open file with dev = %x, inode = %.0f\n",
+			(unsigned int)os.os_dev, (double)os.os_ino ));
+		return False;
+	}
+     
+	DEBUG(5,("receive_local_message: kernel oplock break request received for \
+dev = %x, inode = %.0f\n, file_id = %ul", (unsigned int)fsp->dev, (double)fsp->inode, fsp->file_id ));
+     
+	/*
+	 * Create a kernel oplock break message.
+	 */
+    
+	/* Setup the message header */
+	SIVAL(buffer,OPBRK_CMD_LEN_OFFSET,KERNEL_OPLOCK_BREAK_MSG_LEN);
+	SSVAL(buffer,OPBRK_CMD_PORT_OFFSET,0);
+   
+	buffer += OPBRK_CMD_HEADER_LEN;
+     
+	SSVAL(buffer,OPBRK_MESSAGE_CMD_OFFSET,KERNEL_OPLOCK_BREAK_CMD);
+   
+	memcpy(buffer + KERNEL_OPLOCK_BREAK_DEV_OFFSET, (char *)&fsp->dev, sizeof(fsp->dev));
+	memcpy(buffer + KERNEL_OPLOCK_BREAK_INODE_OFFSET, (char *)&fsp->inode, sizeof(fsp->inode));	
+	memcpy(buffer + KERNEL_OPLOCK_BREAK_FILEID_OFFSET, (char *)&fsp->file_id, sizeof(fsp->file_id));	
+   
+	return True;
+}
+
+/****************************************************************************
+ Attempt to set an kernel oplock on a file.
+****************************************************************************/
+
+static BOOL irix_set_kernel_oplock(files_struct *fsp, int oplock_type)
+{
+	if (fcntl(fsp->fd, F_OPLKREG, oplock_pipe_write) == -1) {
+		if(errno != EAGAIN) {
+			DEBUG(0,("set_file_oplock: Unable to get kernel oplock on file %s, dev = %x, \
+inode = %.0f, file_id = %ul. Error was %s\n", 
+				 fsp->fsp_name, (unsigned int)fsp->dev, (double)fsp->inode, fsp->file_id,
+				 strerror(errno) ));
+		} else {
+			DEBUG(5,("set_file_oplock: Refused oplock on file %s, fd = %d, dev = %x, \
+inode = %.0f, file_id = %ul. Another process had the file open.\n",
+				 fsp->fsp_name, fsp->fd, (unsigned int)fsp->dev, (double)fsp->inode, fsp->file_id ));
+		}
+		return False;
+	}
+	
+	DEBUG(10,("set_file_oplock: got kernel oplock on file %s, dev = %x, inode = %.0f, file_id = %ul\n",
+		  fsp->fsp_name, (unsigned int)fsp->dev, (double)fsp->inode, fsp->file_id));
+
+	return True;
+}
+
+/****************************************************************************
+ Release a kernel oplock on a file.
+****************************************************************************/
+
+static void irix_release_kernel_oplock(files_struct *fsp)
+{
+	if (DEBUGLVL(10)) {
+		/*
+		 * Check and print out the current kernel
+		 * oplock state of this file.
+		 */
+		int state = fcntl(fsp->fd, F_OPLKACK, -1);
+		dbgtext("release_kernel_oplock: file %s, dev = %x, inode = %.0f file_id = %ul, has kernel \
+oplock state of %x.\n", fsp->fsp_name, (unsigned int)fsp->dev,
+                        (double)fsp->inode, fsp->file_id, state );
+	}
+
+	/*
+	 * Remove the kernel oplock on this file.
+	 */
+	if(fcntl(fsp->fd, F_OPLKACK, OP_REVOKE) < 0) {
+		if( DEBUGLVL( 0 )) {
+			dbgtext("release_kernel_oplock: Error when removing kernel oplock on file " );
+			dbgtext("%s, dev = %x, inode = %.0f, file_id = %ul. Error was %s\n",
+				fsp->fsp_name, (unsigned int)fsp->dev, 
+				(double)fsp->inode, fsp->file_id, strerror(errno) );
+		}
+	}
+}
+
+/****************************************************************************
+ Parse a kernel oplock message.
+****************************************************************************/
+
+static BOOL irix_kernel_oplock_parse(char *msg_start, int msg_len,
+		SMB_INO_T *inode, SMB_DEV_T *dev, unsigned long *file_id)
+{
+	/* Ensure that the msg length is correct. */
+	if(msg_len != KERNEL_OPLOCK_BREAK_MSG_LEN) {
+		DEBUG(0,("incorrect length for KERNEL_OPLOCK_BREAK_CMD (was %d, should be %d).\n", 
+			 msg_len, KERNEL_OPLOCK_BREAK_MSG_LEN));
+		return False;
+	}
+
+	memcpy((char *)inode, msg_start+KERNEL_OPLOCK_BREAK_INODE_OFFSET, sizeof(*inode));
+	memcpy((char *)dev, msg_start+KERNEL_OPLOCK_BREAK_DEV_OFFSET, sizeof(*dev));
+	memcpy((char *)file_id, msg_start+KERNEL_OPLOCK_BREAK_FILEID_OFFSET, sizeof(*file_id));
+
+	DEBUG(5,("kernel oplock break request for file dev = %x, inode = %.0f, file_id = %ul\n", 
+		(unsigned int)*dev, (double)*inode, *file_id));
+
+	return True;
+}
+
+/****************************************************************************
+ Set *maxfd to include oplock read pipe.
+****************************************************************************/
+
+static BOOL irix_oplock_msg_waiting(fd_set *fds)
+{
+	if (oplock_pipe_read == -1)
+		return False;
+
+	return FD_ISSET(oplock_pipe_read,fds);
+}
+
+/****************************************************************************
+ Setup kernel oplocks.
+****************************************************************************/
+
+struct kernel_oplocks *irix_init_kernel_oplocks(void) 
+{
+	int pfd[2];
+	static struct kernel_oplocks koplocks;
+
+	if (!irix_oplocks_available())
+		return NULL;
+
+	if(pipe(pfd) != 0) {
+		DEBUG(0,("setup_kernel_oplock_pipe: Unable to create pipe. Error was %s\n",
+			 strerror(errno) ));
+		return False;
+	}
+
+	oplock_pipe_read = pfd[0];
+	oplock_pipe_write = pfd[1];
+
+	koplocks.receive_message = irix_oplock_receive_message;
+	koplocks.set_oplock = irix_set_kernel_oplock;
+	koplocks.release_oplock = irix_release_kernel_oplock;
+	koplocks.parse_message = irix_kernel_oplock_parse;
+	koplocks.msg_waiting = irix_oplock_msg_waiting;
+	koplocks.notification_fd = oplock_pipe_read;
+
+	return &koplocks;
+}
+#else
+ void oplock_irix_dummy(void) {}
+#endif /* HAVE_KERNEL_OPLOCKS_IRIX */
diff --git a/source3/smbd/oplock_linux.c b/source3/smbd/oplock_linux.c
new file mode 100644
index 0000000000..d946578380
--- /dev/null
+++ b/source3/smbd/oplock_linux.c
@@ -0,0 +1,300 @@
+/* 
+   Unix SMB/CIFS implementation.
+   kernel oplock processing for Linux
+   Copyright (C) Andrew Tridgell 2000
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+#if HAVE_KERNEL_OPLOCKS_LINUX
+
+static VOLATILE sig_atomic_t signals_received;
+static VOLATILE sig_atomic_t signals_processed;
+static VOLATILE sig_atomic_t fd_pending; /* the fd of the current pending signal */
+
+#ifndef F_SETLEASE
+#define F_SETLEASE	1024
+#endif
+
+#ifndef F_GETLEASE
+#define F_GETLEASE	1025
+#endif
+
+#ifndef CAP_LEASE
+#define CAP_LEASE 28
+#endif
+
+#ifndef RT_SIGNAL_LEASE
+#define RT_SIGNAL_LEASE 33
+#endif
+
+#ifndef F_SETSIG
+#define F_SETSIG 10
+#endif
+
+/****************************************************************************
+ Handle a LEASE signal, incrementing the signals_received and blocking the signal.
+****************************************************************************/
+
+static void signal_handler(int sig, siginfo_t *info, void *unused)
+{
+	BlockSignals(True, sig);
+	fd_pending = (sig_atomic_t)info->si_fd;
+	signals_received++;
+	sys_select_signal();
+}
+
+/****************************************************************************
+ Try to gain a linux capability.
+****************************************************************************/
+
+static void set_capability(unsigned capability)
+{
+#ifndef _LINUX_CAPABILITY_VERSION
+#define _LINUX_CAPABILITY_VERSION 0x19980330
+#endif
+	/* these can be removed when they are in glibc headers */
+	struct  {
+		uint32 version;
+		int pid;
+	} header;
+	struct {
+		uint32 effective;
+		uint32 permitted;
+		uint32 inheritable;
+	} data;
+
+	header.version = _LINUX_CAPABILITY_VERSION;
+	header.pid = 0;
+
+	if (capget(&header, &data) == -1) {
+		DEBUG(3,("Unable to get kernel capabilities (%s)\n", strerror(errno)));
+		return;
+	}
+
+	data.effective |= (1<<capability);
+
+	if (capset(&header, &data) == -1) {
+		DEBUG(3,("Unable to set %d capability (%s)\n", 
+			 capability, strerror(errno)));
+	}
+}
+
+/****************************************************************************
+ Call SETLEASE. If we get EACCES then we try setting up the right capability and
+ try again
+****************************************************************************/
+
+static int linux_setlease(int fd, int leasetype)
+{
+	int ret;
+
+	if (fcntl(fd, F_SETSIG, RT_SIGNAL_LEASE) == -1) {
+		DEBUG(3,("Failed to set signal handler for kernel lease\n"));
+		return -1;
+	}
+
+	ret = fcntl(fd, F_SETLEASE, leasetype);
+	if (ret == -1 && errno == EACCES) {
+		set_capability(CAP_LEASE);
+		ret = fcntl(fd, F_SETLEASE, leasetype);
+	}
+
+	return ret;
+}
+
+/****************************************************************************
+ * Deal with the Linux kernel <--> smbd
+ * oplock break protocol.
+****************************************************************************/
+
+static BOOL linux_oplock_receive_message(fd_set *fds, char *buffer, int buffer_len)
+{
+	BOOL ret = True;
+	struct files_struct *fsp;
+
+	if (signals_received == signals_processed)
+		return False;
+
+	if ((fsp = file_find_fd(fd_pending)) == NULL) {
+		DEBUG(0,("Invalid file descriptor %d in kernel oplock break!\n", (int)fd_pending));
+		ret = False;
+		goto out;
+	}
+
+	DEBUG(3,("receive_local_message: kernel oplock break request received for \
+dev = %x, inode = %.0f\n", (unsigned int)fsp->dev, (double)fsp->inode ));
+     
+	/*
+	 * Create a kernel oplock break message.
+	 */
+     
+	/* Setup the message header */
+	SIVAL(buffer,OPBRK_CMD_LEN_OFFSET,KERNEL_OPLOCK_BREAK_MSG_LEN);
+	SSVAL(buffer,OPBRK_CMD_PORT_OFFSET,0);
+     
+	buffer += OPBRK_CMD_HEADER_LEN;
+     
+	SSVAL(buffer,OPBRK_MESSAGE_CMD_OFFSET,KERNEL_OPLOCK_BREAK_CMD);
+     
+	memcpy(buffer + KERNEL_OPLOCK_BREAK_DEV_OFFSET, (char *)&fsp->dev, sizeof(fsp->dev));
+	memcpy(buffer + KERNEL_OPLOCK_BREAK_INODE_OFFSET, (char *)&fsp->inode, sizeof(fsp->inode));	
+	memcpy(buffer + KERNEL_OPLOCK_BREAK_FILEID_OFFSET, (char *)&fsp->file_id, sizeof(fsp->file_id));	
+
+ out:
+	/* now we can receive more signals */
+	fd_pending = (sig_atomic_t)-1;
+	signals_processed++;
+	BlockSignals(False, RT_SIGNAL_LEASE);
+     
+	return ret;
+}
+
+/****************************************************************************
+ Attempt to set an kernel oplock on a file.
+****************************************************************************/
+
+static BOOL linux_set_kernel_oplock(files_struct *fsp, int oplock_type)
+{
+	if (linux_setlease(fsp->fd, F_WRLCK) == -1) {
+		DEBUG(3,("set_file_oplock: Refused oplock on file %s, fd = %d, dev = %x, \
+inode = %.0f. (%s)\n",
+			 fsp->fsp_name, fsp->fd, 
+			 (unsigned int)fsp->dev, (double)fsp->inode, strerror(errno)));
+		return False;
+	}
+	
+	DEBUG(3,("set_file_oplock: got kernel oplock on file %s, dev = %x, inode = %.0f, file_id = %lu\n",
+		  fsp->fsp_name, (unsigned int)fsp->dev, (double)fsp->inode, fsp->file_id));
+
+	return True;
+}
+
+/****************************************************************************
+ Release a kernel oplock on a file.
+****************************************************************************/
+
+static void linux_release_kernel_oplock(files_struct *fsp)
+{
+	if (DEBUGLVL(10)) {
+		/*
+		 * Check and print out the current kernel
+		 * oplock state of this file.
+		 */
+		int state = fcntl(fsp->fd, F_GETLEASE, 0);
+		dbgtext("release_kernel_oplock: file %s, dev = %x, inode = %.0f file_id = %lu has kernel \
+oplock state of %x.\n", fsp->fsp_name, (unsigned int)fsp->dev,
+                        (double)fsp->inode, fsp->file_id, state );
+	}
+
+	/*
+	 * Remove the kernel oplock on this file.
+	 */
+	if (linux_setlease(fsp->fd, F_UNLCK) == -1) {
+		if (DEBUGLVL(0)) {
+			dbgtext("release_kernel_oplock: Error when removing kernel oplock on file " );
+			dbgtext("%s, dev = %x, inode = %.0f, file_id = %lu. Error was %s\n",
+				fsp->fsp_name, (unsigned int)fsp->dev, 
+				(double)fsp->inode, fsp->file_id, strerror(errno) );
+		}
+	}
+}
+
+/****************************************************************************
+ Parse a kernel oplock message.
+****************************************************************************/
+
+static BOOL linux_kernel_oplock_parse(char *msg_start, int msg_len, SMB_INO_T *inode,
+		SMB_DEV_T *dev, unsigned long *file_id)
+{
+	/* Ensure that the msg length is correct. */
+	if (msg_len != KERNEL_OPLOCK_BREAK_MSG_LEN) {
+		DEBUG(0,("incorrect length for KERNEL_OPLOCK_BREAK_CMD (was %d, should be %d).\n", 
+			 msg_len, KERNEL_OPLOCK_BREAK_MSG_LEN));
+		return False;
+	}
+
+	memcpy((char *)inode, msg_start+KERNEL_OPLOCK_BREAK_INODE_OFFSET, sizeof(*inode));
+	memcpy((char *)dev, msg_start+KERNEL_OPLOCK_BREAK_DEV_OFFSET, sizeof(*dev));
+	memcpy((char *)file_id, msg_start+KERNEL_OPLOCK_BREAK_FILEID_OFFSET, sizeof(*file_id));
+
+	DEBUG(3,("kernel oplock break request for file dev = %x, inode = %.0f, file_id = %lu\n", 
+		(unsigned int)*dev, (double)*inode, *file_id));
+
+	return True;
+}
+
+/****************************************************************************
+ See if a oplock message is waiting.
+****************************************************************************/
+
+static BOOL linux_oplock_msg_waiting(fd_set *fds)
+{
+	return signals_processed != signals_received;
+}
+
+/****************************************************************************
+ See if the kernel supports oplocks.
+****************************************************************************/
+
+static BOOL linux_oplocks_available(void)
+{
+	int fd, ret;
+	fd = open("/dev/null", O_RDONLY);
+	if (fd == -1)
+		return False; /* uggh! */
+	ret = fcntl(fd, F_GETLEASE, 0);
+	close(fd);
+	return ret == F_UNLCK;
+}
+
+/****************************************************************************
+ Setup kernel oplocks.
+****************************************************************************/
+
+struct kernel_oplocks *linux_init_kernel_oplocks(void) 
+{
+	static struct kernel_oplocks koplocks;
+        struct sigaction act;
+
+	if (!linux_oplocks_available()) {
+		DEBUG(3,("Linux kernel oplocks not available\n"));
+		return NULL;
+	}
+
+	act.sa_handler = NULL;
+	act.sa_sigaction = signal_handler;
+	act.sa_flags = SA_SIGINFO;
+	if (sigaction(RT_SIGNAL_LEASE, &act, NULL) != 0) {
+		DEBUG(0,("Failed to setup RT_SIGNAL_LEASE handler\n"));
+		return NULL;
+	}
+
+	koplocks.receive_message = linux_oplock_receive_message;
+	koplocks.set_oplock = linux_set_kernel_oplock;
+	koplocks.release_oplock = linux_release_kernel_oplock;
+	koplocks.parse_message = linux_kernel_oplock_parse;
+	koplocks.msg_waiting = linux_oplock_msg_waiting;
+	koplocks.notification_fd = -1;
+
+	DEBUG(3,("Linux kernel oplocks enabled\n"));
+
+	return &koplocks;
+}
+#else
+ void oplock_linux_dummy(void) {}
+#endif /* HAVE_KERNEL_OPLOCKS_LINUX */
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 87c1fef94c..629157f22d 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -1,8 +1,7 @@
 /* 
-   Unix SMB/Netbios implementation.
-   Version 1.9.
+   Unix SMB/CIFS implementation.
    Password and authentication handling
-   Copyright (C) Andrew Tridgell 1992-1995
+   Copyright (C) Andrew Tridgell 1992-1998
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -20,1397 +19,595 @@
 */
 
 #include "includes.h"
-#include "loadparm.h"
-
-extern int DEBUGLEVEL;
-extern int Protocol;
 
 /* users from session setup */
 static pstring session_users="";
 
-/* these are kept here to keep the string_combinations function simple */
-static char this_user[100]="";
-static char this_salt[100]="";
-static char this_crypted[100]="";
-
-#ifdef SMB_PASSWD
-/* Data to do lanman1/2 password challenge. */
-static unsigned char saved_challenge[8];
-static BOOL challenge_sent=False;
-
-/*******************************************************************
-Get the next challenge value - no repeats.
-********************************************************************/
-void generate_next_challenge(char *challenge)
-{
-  extern void E1(char *,char *,char *);
-  static int counter = 0;
-  struct timeval tval;
-  int v1,v2;
-  GetTimeOfDay(&tval);
-  v1 = (counter++) + getpid() + tval.tv_sec;
-  v2 = (counter++) * getpid() + tval.tv_usec;
-  SIVAL(challenge,0,v1);
-  SIVAL(challenge,4,v2);
-  E1(challenge,"SAMBA",saved_challenge);
-  memcpy(challenge,saved_challenge,8);
-  challenge_sent = True;
-}
-
-/*******************************************************************
-set the last challenge sent, usually from a password server
-********************************************************************/
-BOOL set_challenge(char *challenge)
-{
-  memcpy(saved_challenge,challenge,8);
-  challenge_sent = True;
-  return(True);
-}
-
-/*******************************************************************
-get the last challenge sent
-********************************************************************/
-BOOL last_challenge(char *challenge)
-{
-  if (!challenge_sent) return(False);
-  memcpy(challenge,saved_challenge,8);
-  return(True);
-}
-#endif
-
 /* this holds info on user ids that are already validated for this VC */
-static user_struct *validated_users = NULL;
-static int num_validated_users = 0;
-
-/****************************************************************************
-check if a uid has been validated, and return an index if it has. -1 if not
-****************************************************************************/
-int valid_uid(int uid)
-{
-  int i;
-  if (uid == -1) return(-1);
-
-  for (i=0;i<num_validated_users;i++)
-    if (validated_users[i].uid == uid)
-      {
-	DEBUG(3,("valid uid %d mapped to vuid %d (user=%s)\n",
-		 uid,i,validated_users[i].name));
-	return(i);
-      }
-  return(-1);
-}
+static user_struct *validated_users;
+static int next_vuid = VUID_OFFSET;
+static int num_validated_vuids;
 
 /****************************************************************************
 check if a uid has been validated, and return an pointer to the user_struct
-if it has. NULL if not
-****************************************************************************/
-user_struct *get_valid_user_struct(int uid)
-{
-  int vuid = valid_uid(uid);
-  if(vuid == -1 || validated_users[vuid].guest)
-    return NULL;
-  return &validated_users[vuid];
-}
-
-/****************************************************************************
-invalidate a uid
+if it has. NULL if not. vuid is biased by an offset. This allows us to
+tell random client vuid's (normally zero) from valid vuids.
 ****************************************************************************/
-void invalidate_uid(int uid)
+user_struct *get_valid_user_struct(uint16 vuid)
 {
-  int i;
-  for (i=0;i<num_validated_users;i++)
-    if (validated_users[i].uid == uid)
-      {
-	user_struct *vuser = &validated_users[i];
-	vuser->uid = -1;
-	vuser->gid = -1;
-	vuser->user_ngroups = 0;
-	if(vuser->user_groups && 
-	   (vuser->user_groups != (gid_t *)vuser->user_igroups))
-	  free(vuser->user_groups);
-	vuser->user_groups = NULL;
-	if(vuser->user_igroups)
-	  free(vuser->user_igroups);
-	vuser->user_igroups = NULL;
-      }
-}
-
+	user_struct *usp;
+	int count=0;
+
+	if (vuid == UID_FIELD_INVALID)
+		return NULL;
+
+	for (usp=validated_users;usp;usp=usp->next,count++) {
+		if (vuid == usp->vuid) {
+			if (count > 10) {
+				DLIST_PROMOTE(validated_users, usp);
+			}
+			return usp;
+		}
+	}
 
-/****************************************************************************
-return a validated username
-****************************************************************************/
-char *validated_username(int vuid)
-{
-  return(validated_users[vuid].name);
+	return NULL;
 }
 
 /****************************************************************************
-register a uid/name pair as being valid and that a valid password
-has been given.
+invalidate a uid
 ****************************************************************************/
-void register_uid(int uid,int gid, char *name,BOOL guest)
+void invalidate_vuid(uint16 vuid)
 {
-  user_struct *vuser;
-
-  if (valid_uid(uid) >= 0)
-    return;
-  validated_users = (user_struct *)Realloc(validated_users,
-					   sizeof(user_struct)*
-					   (num_validated_users+1));
+	user_struct *vuser = get_valid_user_struct(vuid);
 
-  if (!validated_users)
-    {
-      DEBUG(0,("Failed to realloc users struct!\n"));
-      return;
-    }
+	if (vuser == NULL)
+		return;
 
-  vuser = &validated_users[num_validated_users];
-  vuser->uid = uid;
-  vuser->gid = gid;
-  vuser->guest = guest;
-  strcpy(vuser->name,name);
+	SAFE_FREE(vuser->homedir);
 
-  vuser->user_ngroups = 0;
-  vuser->user_groups = NULL;
-  vuser->user_igroups = NULL;
+	session_yield(vuser);
 
-  /* Find all the groups this uid is in and store them. 
-     Used by become_user() */
-  setup_groups(name,uid,gid,
-	       &vuser->user_ngroups,
-	       &vuser->user_igroups,
-	       &vuser->user_groups);
+	DLIST_REMOVE(validated_users, vuser);
 
-  DEBUG(3,("uid %d registered to name %s\n",uid,name));
-  
-  num_validated_users++;
+	SAFE_FREE(vuser->groups);
+	delete_nt_token(&vuser->nt_user_token);
+	SAFE_FREE(vuser);
+	num_validated_vuids--;
 }
 
-
 /****************************************************************************
-add a name to the session users list
+invalidate all vuid entries for this process
 ****************************************************************************/
-void add_session_user(char *user)
+void invalidate_all_vuids(void)
 {
-  fstring suser;
-  StrnCpy(suser,user,sizeof(suser)-1);
-
-  if (!Get_Pwnam(suser,True)) return;
+	user_struct *usp, *next=NULL;
 
-  if (suser && *suser && !in_list(suser,session_users,False))
-    {
-      if (strlen(suser) + strlen(session_users) + 2 >= sizeof(pstring))
-	DEBUG(1,("Too many session users??\n"));
-      else
-	{
-	  strcat(session_users," ");
-	  strcat(session_users,suser);
+	for (usp=validated_users;usp;usp=next) {
+		next = usp->next;
+		
+		invalidate_vuid(usp->vuid);
 	}
-    }
 }
 
-
-#ifdef NO_GETSPNAM
-/* a fake shadow password routine which just fills a fake spwd struct
- * with the sp_pwdp field. (sreiz@aie.nl)
- */
-static struct spwd *getspnam(char *username) /* fake shadow password routine */
-{
-       FILE *f;
-       char line[1024];
-       static char pw[20];
-       static struct spwd static_spwd;
-
-       static_spwd.sp_pwdp=0;
-       if (!(f=fopen("/etc/master.passwd", "r")))
-               return 0;
-       while (fgets(line, 1024, f)) {
-               if (!strncmp(line, username, strlen(username)) &&
-                line[strlen(username)]==':') { /* found entry */
-                       char *p, *q;
-
-                       p=line+strlen(username)+1;
-                       if ((q=strchr(p, ':'))) {
-                               *q=0;
-                               if (q-p+1>20)
-                                       break;
-                               strcpy(pw, p);
-                               static_spwd.sp_pwdp=pw;
-                       }
-                       break;
-               }
-       }
-       fclose(f);
-       if (static_spwd.sp_pwdp)
-               return &static_spwd;
-       return 0;
-}
-#endif
-
-
-#ifdef OSF1_ENH_SEC
 /****************************************************************************
-an enhanced crypt for OSF1
+return a validated username
 ****************************************************************************/
-static char *osf1_bigcrypt(char *password,char *salt1)
+char *validated_username(uint16 vuid)
 {
-  static char result[AUTH_MAX_PASSWD_LENGTH] = "";
-  char *p1;
-  char *p2=password;
-  char salt[3];
-  int i;
-  int parts = strlen(password) / AUTH_CLEARTEXT_SEG_CHARS;
-  if (strlen(password)%AUTH_CLEARTEXT_SEG_CHARS)
-    parts++;
-
-  StrnCpy(salt,salt1,2);
-  StrnCpy(result,salt1,2);
-
-  for (i=0; i<parts;i++)
-    {
-      p1 = crypt(p2,salt);
-      strcat(result,p1+2);
-      StrnCpy(salt,&result[2+i*AUTH_CIPHERTEXT_SEG_CHARS],2);
-      p2 += AUTH_CLEARTEXT_SEG_CHARS;
-    }
-
-  return(result);
+	user_struct *vuser = get_valid_user_struct(vuid);
+	if (vuser == NULL)
+		return 0;
+	return(vuser->user.unix_name);
 }
-#endif
-
 
 /****************************************************************************
-update the enhanced security database. Only relevant for OSF1 at the moment.
+return a validated domain
 ****************************************************************************/
-static void update_protected_database( char *user, BOOL result)
-{
-#ifdef OSF1_ENH_SEC
-  struct pr_passwd *mypasswd;
-  time_t starttime;
-  long tz;
-
-  mypasswd = getprpwnam (user);
-  starttime = time (NULL);
-  tz = mktime ( localtime ( &starttime ) );
-
-  if (result)
-    {
-      mypasswd->ufld.fd_slogin = tz;
-      mypasswd->ufld.fd_nlogins = 0;
-      
-      putprpwnam(user,mypasswd);
-      
-      DEBUG(3,("Update protected database for Account %s after succesful connection\n",user));
-    }
-  else
-    {
-      mypasswd->ufld.fd_ulogin = tz;
-      mypasswd->ufld.fd_nlogins = mypasswd->ufld.fd_nlogins + 1;
-      if ( mypasswd->ufld.fd_max_tries != 0 && mypasswd->ufld.fd_nlogins > mypasswd->ufld.fd_max_tries )
-	{
-	  mypasswd->uflg.fg_lock = 0;
-	  DEBUG(3,("Account is disabled -- see Account Administrator.\n"));
-	}
-      putprpwnam ( user , mypasswd );
-      DEBUG(3,("Update protected database for Account %s after refusing connection\n",user));
-    }
-#else
-  DEBUG(6,("Updated database with %s %s\n",user,BOOLSTR(result)));
-#endif
-}
-
-
-#ifdef AFS_AUTH
-/*******************************************************************
-check on AFS authentication
-********************************************************************/
-static BOOL afs_auth(char *this_user,char *password)
-{
-  long password_expires = 0;
-  char *reason;
-    
-  /* For versions of AFS prior to 3.3, this routine has few arguments, */
-  /* but since I can't find the old documentation... :-)               */
-  setpag();
-  if (ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION+KA_USERAUTH_DOSETPAG,
-				 this_user,
-				 (char *) 0, /* instance */
-				 (char *) 0, /* cell */
-				 password,
-				 0,          /* lifetime, default */
-				 &password_expires, /*days 'til it expires */
-				 0,          /* spare 2 */
-				 &reason) == 0)
-    return(True);
-  return(False);
-}
-#endif
-
-
-#ifdef DFS_AUTH
-
-sec_login_handle_t my_dce_sec_context;
-int dcelogin_atmost_once = 0;
-
-/*******************************************************************
-check on a DCE/DFS authentication
-********************************************************************/
-static BOOL dfs_auth(char *this_user,char *password)
+char *validated_domain(uint16 vuid)
 {
-  error_status_t err;
-  int err2;
-  int prterr;
-  boolean32 password_reset;
-  sec_passwd_rec_t my_dce_password;
-  sec_login_auth_src_t auth_src = sec_login_auth_src_network;
-  unsigned char dce_errstr[dce_c_error_string_len];
-
-  /*
-   * We only go for a DCE login context if the given password
-   * matches that stored in the local password file.. 
-   * Assumes local passwd file is kept in sync w/ DCE RGY!
-   */
-
-  if (!strcmp((char *)crypt(password,this_salt),this_crypted) ||
-      dcelogin_atmost_once)
-    return(False);
-
-  if (sec_login_setup_identity(
-			       (unsigned char *)this_user,
-			       sec_login_no_flags,
-			       &my_dce_sec_context,
-			       &err) == 0)
-    {
-      dce_error_inq_text(err, dce_errstr, &err2);
-      DEBUG(0,("DCE Setup Identity for %s failed: %s\n",
-	       this_user,dce_errstr));
-      return(False);
-    }
-
-  my_dce_password.version_number = sec_passwd_c_version_none;
-  my_dce_password.pepper = NULL; 
-  my_dce_password.key.key_type = sec_passwd_plain;
-  my_dce_password.key.tagged_union.plain  = (idl_char *)password;
-  
-  if (sec_login_valid_and_cert_ident(my_dce_sec_context,
-				     &my_dce_password,
-				     &password_reset,
-				     &auth_src,
-				     &err) == 0 )
-    { 
-      dce_error_inq_text(err, dce_errstr, &err2);
-      DEBUG(0,("DCE Identity Validation failed for principal %s: %s\n",
-	       this_user,dce_errstr));
-	  
-      return(False);
-    }
-
-  sec_login_set_context(my_dce_sec_context, &err);
-  if (err != error_status_ok )
-    {  
-      dce_error_inq_text(err, dce_errstr, &err2);
-      DEBUG(0,("DCE login failed for principal %s, cant set context: %s\n",
-	       this_user,dce_errstr));
-      sec_login_purge_context(my_dce_sec_context, &err);
-      return(False);
-    }
-  else
-    {
-      DEBUG(0,("DCE login succeeded for principal %s on pid %d\n",
-	       this_user, getpid()));
-    }
-
-  dcelogin_atmost_once = 1;
-  return (True);
+	user_struct *vuser = get_valid_user_struct(vuid);
+	if (vuser == NULL)
+		return 0;
+	return(vuser->user.domain);
 }
 
-void dfs_unlogin(void)
-{
-  error_status_t err;
-  int err2;
-  unsigned char dce_errstr[dce_c_error_string_len];
-
-  sec_login_purge_context(my_dce_sec_context, &err);
-  if (err != error_status_ok )
-    {  
-      dce_error_inq_text(err, dce_errstr, &err2);
-      DEBUG(0,("DCE purge login context failed for server instance %d: %s\n",
-	       getpid(), dce_errstr));
-    }
-}
-
-#endif
 
-
-#ifdef LINUX_BIGCRYPT
 /****************************************************************************
-an enhanced crypt for Linux to handle password longer than 8 characters
+ Create the SID list for this user.
 ****************************************************************************/
-static int linux_bigcrypt(char *password,char *salt1, char *crypted)
+
+NT_USER_TOKEN *create_nt_token(uid_t uid, gid_t gid, int ngroups, gid_t *groups, BOOL is_guest, NT_USER_TOKEN *sup_tok)
 {
-#define LINUX_PASSWORD_SEG_CHARS 8
-  char salt[3];
-  int i;
-  
-  StrnCpy(salt,salt1,2);
-  crypted +=2;
-  
-  for ( i=strlen(password); i > 0; i -= LINUX_PASSWORD_SEG_CHARS) {
-    char * p = crypt(password,salt) + 2;
-    if(strncmp(p, crypted, LINUX_PASSWORD_SEG_CHARS) != 0)
-      return(0);
-    password += LINUX_PASSWORD_SEG_CHARS;
-    crypted  += strlen(p);
-  }
-  
-  return(1);
-}
-#endif
+	extern DOM_SID global_sid_World;
+	extern DOM_SID global_sid_Network;
+	extern DOM_SID global_sid_Builtin_Guests;
+	extern DOM_SID global_sid_Authenticated_Users;
+	NT_USER_TOKEN *token;
+	DOM_SID *psids;
+	int i, psid_ndx = 0;
+	size_t num_sids = 0;
+	fstring sid_str;
+
+	if ((token = (NT_USER_TOKEN *)malloc( sizeof(NT_USER_TOKEN) ) ) == NULL)
+		return NULL;
+
+	ZERO_STRUCTP(token);
+
+	/* We always have uid/gid plus World and Network and Authenticated Users or Guest SIDs. */
+	num_sids = 5 + ngroups;
+
+	if (sup_tok && sup_tok->num_sids)
+		num_sids += sup_tok->num_sids;
+
+	if ((token->user_sids = (DOM_SID *)malloc( num_sids*sizeof(DOM_SID))) == NULL) {
+		SAFE_FREE(token);
+		return NULL;
+	}
 
+	psids = token->user_sids;
 
-/****************************************************************************
-apply a function to upper/lower case combinations
-of a string and return true if one of them returns true.
-try all combinations with N uppercase letters.
-offset is the first char to try and change (start with 0)
-it assumes the string starts lowercased
-****************************************************************************/
-static BOOL string_combinations2(char *s,int offset,BOOL (*fn)(),int N)
-{
-  int len = strlen(s);
-  int i;
+	/*
+	 * Note - user SID *MUST* be first in token !
+	 * se_access_check depends on this.
+	 */
 
-#ifdef PASSWORD_LENGTH
-  len = MIN(len,PASSWORD_LENGTH);
-#endif
+	uid_to_sid( &psids[PRIMARY_USER_SID_INDEX], uid);
+	psid_ndx++;
 
-  if (N <= 0 || offset >= len)
-    return(fn(s));
-
-  for (i=offset;i<(len-(N-1));i++)
-    {      
-      char c = s[i];
-      if (!islower(c)) continue;
-      s[i] = toupper(c);
-      if (string_combinations2(s,i+1,fn,N-1))
-	return(True);
-      s[i] = c;
-    }
-  return(False);
-}
+	/*
+	 * Primary group SID is second in token. Convention.
+	 */
 
-/****************************************************************************
-apply a function to upper/lower case combinations
-of a string and return true if one of them returns true.
-try all combinations with up to N uppercase letters.
-offset is the first char to try and change (start with 0)
-it assumes the string starts lowercased
-****************************************************************************/
-static BOOL string_combinations(char *s,BOOL (*fn)(),int N)
-{
-  int n;
-  for (n=1;n<=N;n++)
-    if (string_combinations2(s,0,fn,n)) return(True);
-  return(False);
-}
+	gid_to_sid( &psids[PRIMARY_GROUP_SID_INDEX], gid);
+	psid_ndx++;
 
+	/* Now add the group SIDs. */
 
+	for (i = 0; i < ngroups; i++) {
+		if (groups[i] != gid) {
+			gid_to_sid( &psids[psid_ndx++], groups[i]);
+		}
+	}
 
-/****************************************************************************
-core of password checking routine
-****************************************************************************/
-BOOL password_check(char *password)
-{
-#ifdef AFS_AUTH
-  if (afs_auth(this_user,password)) return(True);
-#endif
+	if (sup_tok) {
+		/* Now add the additional SIDs from the supplimentary token. */
+		for (i = 0; i < sup_tok->num_sids; i++)
+			sid_copy( &psids[psid_ndx++], &sup_tok->user_sids[i] );
+	}
 
-#ifdef DFS_AUTH
-  if (dfs_auth(this_user,password)) return(True);
-#endif 
+	/*
+	 * Finally add the "standard" SIDs.
+	 * The only difference between guest and "anonymous" (which we
+	 * don't really support) is the addition of Authenticated_Users.
+	 */
 
-#ifdef PWDAUTH
-  if (pwdauth(this_user,password) == 0)
-    return(True);
-#endif
+	sid_copy( &psids[psid_ndx++], &global_sid_World);
+	sid_copy( &psids[psid_ndx++], &global_sid_Network);
 
-#ifdef OSF1_ENH_SEC
-  return(strcmp(osf1_bigcrypt(password,this_salt),this_crypted) == 0);
-#endif
+	if (is_guest)
+		sid_copy( &psids[psid_ndx++], &global_sid_Builtin_Guests);
+	else
+		sid_copy( &psids[psid_ndx++], &global_sid_Authenticated_Users);
 
-#ifdef ULTRIX_AUTH
-  return (strcmp((char *)crypt16(password, this_salt ),this_crypted) == 0);
-#endif
+	token->num_sids = psid_ndx;
 
-#ifdef LINUX_BIGCRYPT
-  return(linux_bigcrypt(password,this_salt,this_crypted));
-#endif
+	/* Dump list of sids in token */
 
-#ifdef NO_CRYPT
-  DEBUG(1,("Warning - no crypt available\n"));
-  return(False);
-#else
-  return(strcmp((char *)crypt(password,this_salt),this_crypted) == 0);
-#endif
-}
+	for (i = 0; i < token->num_sids; i++) {
+		DEBUG(5, ("user token sid %s\n", 
+			  sid_to_string(sid_str, &token->user_sids[i])));
+	}
 
-#ifdef SMB_PASSWD
-/****************************************************************************
-core of smb password checking routine.
-****************************************************************************/
-BOOL smb_password_check(char *password, unsigned char *part_passwd, unsigned char *c8)
-{
-  /* Finish the encryption of part_passwd. */
-  unsigned char p21[21];
-  unsigned char p24[24];
-
-  if(part_passwd == NULL)
-    DEBUG(10,("No password set - allowing access\n"));
-  /* No password set - always true ! */
-  if(part_passwd == NULL)
-    return 1;
-
-  memset(p21,'\0',21);
-  memcpy(p21,part_passwd,16);
-  E_P24(p21, c8, p24);
-#if DEBUG_PASSWORD
-  {
-    int i;
-    DEBUG(100,("Part password (P16) was |"));
-    for(i = 0; i < 16; i++)
-      DEBUG(100,("%X ", (unsigned char)part_passwd[i]));
-    DEBUG(100,("|\n"));
-    DEBUG(100,("Password from client was |"));
-    for(i = 0; i < 24; i++)
-      DEBUG(100,("%X ", (unsigned char)password[i]));
-    DEBUG(100,("|\n"));
-    DEBUG(100,("Given challenge was |"));
-    for(i = 0; i < 8; i++)
-      DEBUG(100,("%X ", (unsigned char)c8[i]));
-    DEBUG(100,("|\n"));
-    DEBUG(100,("Value from encryption was |"));
-    for(i = 0; i < 24; i++)
-      DEBUG(100,("%X ", (unsigned char)p24[i]));
-    DEBUG(100,("|\n"));
-  }
-#endif
-  return (memcmp(p24, password, 24) == 0);
+	return token;
 }
-#endif
 
 /****************************************************************************
-check if a username/password is OK
+register a uid/name pair as being valid and that a valid password
+has been given. vuid is biased by an offset. This allows us to
+tell random client vuid's (normally zero) from valid vuids.
 ****************************************************************************/
-BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd, BOOL is_nt_password)
-{
-  pstring pass2;
-  int level = lp_passwordlevel();
-  struct passwd *pass;
-#ifdef SMB_PASSWD
-  char challenge[8];
-  struct smb_passwd *smb_pass;
-  BOOL challenge_done = False;
-#endif
-
-  if (password) password[pwlen] = 0;
 
-#ifdef SMB_PASSWD
-  if (pwlen == 24)
-    challenge_done = last_challenge(challenge);
-#endif
-
-#if DEBUG_PASSWORD
-#ifdef SMB_PASSWD
-  if (challenge_done)
-    {
-      int i;      
-      DEBUG(100,("checking user=[%s] pass=[",user));
-      for( i = 0; i < 24; i++)
-	DEBUG(100,("%0x ", (unsigned char)password[i]));
-      DEBUG(100,("]\n"));
-    }
-  else
-#endif
-    DEBUG(100,("checking user=[%s] pass=[%s]\n",user,password));
-#endif
-
-  if (!password)
-    return(False);
-
-  if (((!*password) || (!pwlen)) && !lp_null_passwords())
-    return(False);
+int register_vuid(auth_serversupplied_info *server_info, char *smb_name)
+{
+	user_struct *vuser = NULL;
+	uid_t uid;
+	gid_t gid;
 
-  if (pwd && !user) 
-    {
-      pass = (struct passwd *) pwd;
-      user = pass->pw_name;
-    } 
-  else 
-    pass = Get_Pwnam(user,True);
+	/* Ensure no vuid gets registered in share level security. */
+	if(lp_security() == SEC_SHARE)
+		return UID_FIELD_INVALID;
 
-#ifdef SMB_PASSWD
+	/* Limit allowed vuids to 16bits - VUID_OFFSET. */
+	if (num_validated_vuids >= 0xFFFF-VUID_OFFSET)
+		return UID_FIELD_INVALID;
 
-  DEBUG(4,("SMB Password - pwlen = %d, challenge_done = %d\n", pwlen, challenge_done));
+	if((vuser = (user_struct *)malloc( sizeof(user_struct) )) == NULL) {
+		DEBUG(0,("Failed to malloc users struct!\n"));
+		return UID_FIELD_INVALID;
+	}
 
-  if((pwlen == 24) && challenge_done)
-    {
-      DEBUG(4,("Checking SMB password for user %s (l=24)\n",user));
+	ZERO_STRUCTP(vuser);
 
-      if (!pass) 
-	{
-	  DEBUG(3,("Couldn't find user %s\n",user));
-	  return(False);
+	if (!IS_SAM_UNIX_USER(server_info->sam_account)) {
+		DEBUG(0,("Attempted session setup with invalid user.  No uid/gid in SAM_ACCOUNT (flags:%x)\n", pdb_get_init_flag(server_info->sam_account)));
+		free(vuser);
+		return UID_FIELD_INVALID;
 	}
 
-      smb_pass = get_smbpwnam(user);
-      if(!smb_pass)
-	{
-	  DEBUG(3,("Couldn't find user %s in smb_passwd file.\n", user));
-	  return(False);
-	}
+	uid = pdb_get_uid(server_info->sam_account);
+	gid = pdb_get_gid(server_info->sam_account);
 
-      /* Ensure the uid's match */
-      if(smb_pass->smb_userid != pass->pw_uid)
-	{
-	  DEBUG(3,("Error : UNIX and SMB uids in password files do not match !\n"));
-	  return(False);
+	/* Allocate a free vuid. Yes this is a linear search... :-) */
+	while( get_valid_user_struct(next_vuid) != NULL ) {
+		next_vuid++;
+		/* Check for vuid wrap. */
+		if (next_vuid == UID_FIELD_INVALID)
+			next_vuid = VUID_OFFSET;
 	}
 
-	if(Protocol >= PROTOCOL_NT1 && is_nt_password)
-	{
-		/* We have the NT MD4 hash challenge available - see if we can
-		   use it (ie. does it exist in the smbpasswd file).
-		*/
-		if(smb_pass->smb_nt_passwd != NULL)
-		{
-		  DEBUG(4,("Checking NT MD4 password\n"));
-	      if(smb_password_check(password, smb_pass->smb_nt_passwd, challenge))
-   		  {
-	      	update_protected_database(user,True);
-	        return(True);
-    	  }
-		  DEBUG(4,("NT MD4 password check failed\n"));
-		  return (False);
-		}
-	}
+	DEBUG(10,("register_vuid: allocated vuid = %u\n", (unsigned int)next_vuid ));
 
-	/* Try against the lanman password */
+	vuser->vuid = next_vuid;
+	vuser->uid = uid;
+	vuser->gid = gid;
+	vuser->guest = server_info->guest;
+	fstrcpy(vuser->user.unix_name, pdb_get_username(server_info->sam_account));
+	fstrcpy(vuser->user.smb_name, smb_name);
+	fstrcpy(vuser->user.domain, pdb_get_domain(server_info->sam_account));
+	fstrcpy(vuser->user.full_name, pdb_get_fullname(server_info->sam_account));
 
-      if(smb_password_check(password, smb_pass->smb_passwd, challenge))
 	{
-	  update_protected_database(user,True);
-	  return(True);
+		/* Keep the homedir handy */
+		const char *homedir = pdb_get_homedir(server_info->sam_account);
+		if (homedir) {
+			vuser->homedir = smb_xstrdup(homedir);
+		}
 	}
 
-	DEBUG(3,("Error smb_password_check failed\n"));
-    }
-#endif 
-
-  DEBUG(4,("Checking password for user %s (l=%d)\n",user,pwlen));
-
-  if (!pass) 
-    {
-      DEBUG(3,("Couldn't find user %s\n",user));
-      return(False);
-    }
-
-#ifdef SHADOW_PWD
-  {
-    struct spwd *spass;
+	memcpy(vuser->session_key, server_info->session_key, sizeof(vuser->session_key));
 
-    /* many shadow systems require you to be root to get the password,
-       in most cases this should already be the case when this
-       function is called, except perhaps for IPC password changing
-       requests */
+	DEBUG(10,("register_vuid: (%u,%u) %s %s %s guest=%d\n", 
+		  (unsigned int)vuser->uid, 
+		  (unsigned int)vuser->gid,
+		  vuser->user.unix_name, vuser->user.smb_name, vuser->user.domain, vuser->guest ));
 
-    spass = getspnam(pass->pw_name);
-    if (spass && spass->sp_pwdp)
-      pass->pw_passwd = spass->sp_pwdp;
-  }
-#endif
+	DEBUG(3, ("User name: %s\tReal name: %s\n",vuser->user.unix_name,vuser->user.full_name));	
 
-#ifdef SecureWare
-  {
-    struct pr_passwd *pr_pw = getprpwnam(pass->pw_name);
-    if (pr_pw && pr_pw->ufld.fd_encrypt)
-      pass->pw_passwd = pr_pw->ufld.fd_encrypt;
-  }
-#endif
+	vuser->n_groups = 0;
+	vuser->groups  = NULL;
 
-#ifdef HPUX_10_TRUSTED
-  {
-    struct pr_passwd *pr_pw = getprpwnam(pass->pw_name);
-    if (pr_pw && pr_pw->ufld.fd_encrypt)
-      pass->pw_passwd = pr_pw->ufld.fd_encrypt;
-  }
-#endif
+	/* Find all the groups this uid is in and store them. 
+		Used by change_to_user() */
+	initialise_groups(vuser->user.unix_name, vuser->uid, vuser->gid);
+	get_current_groups( &vuser->n_groups, &vuser->groups);
 
-#ifdef OSF1_ENH_SEC
-  {
-    struct pr_passwd *mypasswd;
-    DEBUG(5,("Checking password for user %s in OSF1_ENH_SEC\n",user));
-    mypasswd = getprpwnam (user);
-    if ( mypasswd )
-      { 
-  	strcpy(pass->pw_name,mypasswd->ufld.fd_name);
-  	strcpy(pass->pw_passwd,mypasswd->ufld.fd_encrypt);
-      }
-    else
-      {
-	DEBUG(5,("No entry for user %s in protected database !\n",user));
-	return(False);
-      }
-  }
-#endif
+	if (server_info->ptok)
+		add_supplementary_nt_login_groups(&vuser->n_groups, &vuser->groups, &server_info->ptok);
 
-#ifdef ULTRIX_AUTH
-  {
-    AUTHORIZATION *ap = getauthuid( pass->pw_uid );
-    if (ap)
-      {
-	strcpy( pass->pw_passwd, ap->a_password );
-	endauthent();
-      }
-  }
-#endif
-
-  /* extract relevant info */
-  strcpy(this_user,pass->pw_name);  
-  strcpy(this_salt,pass->pw_passwd);
-  strcpy(this_crypted,pass->pw_passwd);
- 
-  if (!*this_crypted) {
-    if (!lp_null_passwords()) {
-      DEBUG(2,("Disallowing access to %s due to null password\n",this_user));
-      return(False);
-    }
-#ifndef PWDAUTH
-    if (!*password) {
-      DEBUG(3,("Allowing access to %s with null password\n",this_user));
-      return(True);
-    }
-#endif    
-  }
-
-  /* try it as it came to us */
-  if (password_check(password))
-    {
-      update_protected_database(user,True);
-      return(True);
-    }
-
-  /* if the password was given to us with mixed case then we don't
-     need to proceed as we know it hasn't been case modified by the
-     client */
-  if (strhasupper(password) && strhaslower(password))
-    return(False);
-
-  /* make a copy of it */
-  StrnCpy(pass2,password,sizeof(pstring)-1);
-  
-  /* try all lowercase */
-  strlower(password);
-  if (password_check(password))
-    {
-      update_protected_database(user,True);
-      return(True);
-    }
-
-  /* give up? */
-  if(level < 1)
-    {
-      update_protected_database(user,False);
+	/* Create an NT_USER_TOKEN struct for this user. */
+	vuser->nt_user_token = create_nt_token(vuser->uid, vuser->gid, vuser->n_groups, vuser->groups, vuser->guest, server_info->ptok);
 
-      /* restore it */
-      strcpy(password,pass2);
+	DEBUG(3,("uid %d registered to name %s\n",(int)vuser->uid,vuser->user.unix_name));
 
-      return(False);
-    }
+	next_vuid++;
+	num_validated_vuids++;
 
-  /* last chance - all combinations of up to level chars upper! */
-  strlower(password);
+	DLIST_ADD(validated_users, vuser);
 
-  if (string_combinations(password,password_check,level))
-    {
-      update_protected_database(user,True);
-      return(True);
-    }
+	if (!session_claim(vuser)) {
+		DEBUG(1,("Failed to claim session for vuid=%d\n", vuser->vuid));
+		invalidate_vuid(vuser->vuid);
+		return -1;
+	}
 
-  update_protected_database(user,False);
-  
-  /* restore it */
-  strcpy(password,pass2);
-  
-  return(False);
+	/* Register a home dir service for this user */
+	if ((!vuser->guest) && vuser->homedir && *(vuser->homedir)
+		&& (lp_servicenumber(vuser->user.unix_name) < 0)) {
+		add_home_service(vuser->user.unix_name, vuser->homedir);	  
+	}
+	
+	return vuser->vuid;
 }
 
 
-
 /****************************************************************************
-check if a username is valid
+add a name to the session users list
 ****************************************************************************/
-BOOL user_ok(char *user,int snum)
+void add_session_user(char *user)
 {
-  pstring valid, invalid;
-  BOOL ret;
-
-  StrnCpy(valid, lp_valid_users(snum), sizeof(pstring));
-  StrnCpy(invalid, lp_invalid_users(snum), sizeof(pstring));
-
-  string_sub(valid,"%S",lp_servicename(snum));
-  string_sub(invalid,"%S",lp_servicename(snum));
-
-  ret = !user_in_list(user,invalid);
-
-  if (ret && valid && *valid)
-    ret = user_in_list(user,valid);
-
-  if (ret && lp_onlyuser(snum)) {
-    char *user_list = lp_username(snum);
-    string_sub(user_list,"%S",lp_servicename(snum));
-    ret = user_in_list(user,user_list);
-  }
-
-  return(ret);
-}
-
-
+  fstring suser;
+  StrnCpy(suser,user,sizeof(suser)-1);
 
+  if (!Get_Pwnam_Modify(suser)) return;
 
-/****************************************************************************
-validate a group username entry. Return the username or NULL
-****************************************************************************/
-static char *validate_group(char *group,char *password,int pwlen,int snum)
-{
-#ifdef NETGROUP
-  {
-    char *host, *user, *domain;
-    setnetgrent(group);
-    while (getnetgrent(&host, &user, &domain)) {
-      if (user) {
-	if (user_ok(user, snum) && 
-	    password_ok(user,password,pwlen,NULL,False)) {
-	  endnetgrent();
-	  return(user);
-	}
-      }
-    }
-    endnetgrent();
-  }
-#endif
-  
-#if HAVE_GETGRNAM 
-  {
-    struct group *gptr = (struct group *)getgrnam(group);
-    char **member;
-    if (gptr)
-      {
-	member = gptr->gr_mem;
-	while (member && *member)
-	  {
-	    static fstring name;
-	    strcpy(name,*member);
-	    if (user_ok(name,snum) &&
-		password_ok(name,password,pwlen,NULL,False))
-	      return(&name[0]);
-	    member++;
-	  }
-#ifdef GROUP_CHECK_PWENT
+  if (suser && *suser && !in_list(suser,session_users,False))
+    {
+      if (strlen(suser) + strlen(session_users) + 2 >= sizeof(pstring))
+	DEBUG(1,("Too many session users??\n"));
+      else
 	{
-	  struct passwd *pwd;
-	  static fstring tm;
-	  
-	  setpwent ();
-	  while (pwd = getpwent ()) {
-	    if (*(pwd->pw_passwd) && pwd->pw_gid == gptr->gr_gid) {
-	      /* This Entry have PASSWORD and same GID then check pwd */
-	      if (password_ok(NULL, password, pwlen, pwd,False)) {
-		strcpy(tm, pwd->pw_name);
-		endpwent ();
-		return tm;
-	      }
-	    }
-	  }
-	  endpwent ();
+	  pstrcat(session_users," ");
+	  pstrcat(session_users,suser);
 	}
-#endif /* GROUP_CHECK_PWENT */
-      }
-  }      
-#endif
-  return(NULL);
+    }
 }
 
 
-
 /****************************************************************************
-check for authority to login to a service with a given username/password
+check if a username is valid
 ****************************************************************************/
-BOOL authorise_login(int snum,char *user,char *password, int pwlen, 
-		     BOOL *guest,BOOL *force,int vuid)
+BOOL user_ok(char *user,int snum)
 {
-  BOOL ok = False;
-  
-  *guest = False;
-  
-#if DEBUG_PASSWORD
-  DEBUG(100,("checking authorisation on user=%s pass=%s\n",user,password));
-#endif
-
-  /* there are several possabilities:
-     1) login as the given user with given password
-     2) login as a previously registered username with the given password
-     3) login as a session list username with the given password
-     4) login as a previously validated user/password pair
-     5) login as the "user =" user with given password
-     6) login as the "user =" user with no password (guest connection)
-     7) login as guest user with no password
+	char **valid, **invalid;
+	BOOL ret;
 
-     if the service is guest_only then steps 1 to 5 are skipped
-  */
+	valid = invalid = NULL;
+	ret = True;
 
-  if (GUEST_ONLY(snum)) *force = True;
-
-  if (!(GUEST_ONLY(snum) && GUEST_OK(snum)))
-    {
-
-      /* check the given username and password */
-      if (!ok && (*user) && user_ok(user,snum)) {
-	ok = password_ok(user,password, pwlen, NULL, False);
-	if (ok) DEBUG(3,("ACCEPTED: given username password ok\n"));
-      }
-
-      /* check for a previously registered guest username */
-      if (!ok && (vuid >= 0) && validated_users[vuid].guest) {	  
-	if (user_ok(validated_users[vuid].name,snum) &&
-	    password_ok(validated_users[vuid].name, password, pwlen, NULL, False)) {
-	  strcpy(user, validated_users[vuid].name);
-	  validated_users[vuid].guest = False;
-	  DEBUG(3,("ACCEPTED: given password with registered user %s\n", user));
-	  ok = True;
+	if (lp_invalid_users(snum)) {
+		lp_list_copy(&invalid, lp_invalid_users(snum));
+		if (invalid && lp_list_substitute(invalid, "%S", lp_servicename(snum))) {
+			ret = !user_in_list(user, invalid);
+		}
 	}
-      }
-
+	if (invalid) lp_list_free (&invalid);
 
-      /* now check the list of session users */
-      if (!ok)
-	{
-	  char *auser;
-	  char *user_list = strdup(session_users);
-	  if (!user_list) return(False);
-
-	  for (auser=strtok(user_list,LIST_SEP); 
-	       !ok && auser; 
-	       auser = strtok(NULL,LIST_SEP))
-	    {
-	      fstring user2;
-	      strcpy(user2,auser);
-	      if (!user_ok(user2,snum)) continue;
-		  
-	      if (password_ok(user2,password, pwlen, NULL, False)) {
-		ok = True;
-		strcpy(user,user2);
-		DEBUG(3,("ACCEPTED: session list username and given password ok\n"));
-	      }
-	    }
-	  free(user_list);
+	if (ret && lp_valid_users(snum)) {
+		lp_list_copy(&valid, lp_valid_users(snum));
+		if (valid && lp_list_substitute(valid, "%S", lp_servicename(snum))) {
+			ret = user_in_list(user,valid);
+		}
 	}
+	if (valid) lp_list_free (&valid);
 
-      /* check for a previously validated username/password pair */
-      if (!ok && !lp_revalidate(snum) &&
-	  (vuid >= 0) && !validated_users[vuid].guest &&
-	  user_ok(validated_users[vuid].name,snum)) {
-	strcpy(user,validated_users[vuid].name);
-	*guest = False;
-	DEBUG(3,("ACCEPTED: validated uid ok as non-guest\n"));
-	ok = True;
-      }
-
-      /* check for a rhosts entry */
-      if (!ok && user_ok(user,snum) && check_hosts_equiv(user)) {
-	ok = True;
-	DEBUG(3,("ACCEPTED: hosts equiv or rhosts entry\n"));
-      }
-
-      /* check the user= fields and the given password */
-      if (!ok && lp_username(snum)) {
-	char *auser;
-	pstring user_list;
-	StrnCpy(user_list,lp_username(snum),sizeof(pstring));
-
-	string_sub(user_list,"%S",lp_servicename(snum));
-	  
-	for (auser=strtok(user_list,LIST_SEP);
-	     auser && !ok;
-	     auser = strtok(NULL,LIST_SEP))
-	  {
-	    if (*auser == '@')
-	      {
-		auser = validate_group(auser+1,password,pwlen,snum);
-		if (auser)
-		  {
-		    ok = True;
-		    strcpy(user,auser);
-		    DEBUG(3,("ACCEPTED: group username and given password ok\n"));
-		  }
-	      }
-	    else
-	      {
-		fstring user2;
-		strcpy(user2,auser);
-		if (user_ok(user2,snum) && 
-		    password_ok(user2,password,pwlen,NULL, False))
-		  {
-		    ok = True;
-		    strcpy(user,user2);
-		    DEBUG(3,("ACCEPTED: user list username and given password ok\n"));
-		  }
-	      }
-	  }
-      }      
-    } /* not guest only */
-
-  /* check for a normal guest connection */
-  if (!ok && GUEST_OK(snum))
-    {
-      fstring guestname;
-      StrnCpy(guestname,lp_guestaccount(snum),sizeof(guestname)-1);
-      if (Get_Pwnam(guestname,True))
-	{
-	  strcpy(user,guestname);
-	  ok = True;
-	  DEBUG(3,("ACCEPTED: guest account and guest ok\n"));
+	if (ret && lp_onlyuser(snum)) {
+		char **user_list = lp_list_make (lp_username(snum));
+		if (user_list && lp_list_substitute(user_list, "%S", lp_servicename(snum))) {
+			ret = user_in_list(user, user_list);
+		}
+		if (user_list) lp_list_free (&user_list);
 	}
-      else
-	DEBUG(0,("Invalid guest account %s??\n",guestname));
-      *guest = True;
-      *force = True;
-    }
 
-  if (ok && !user_ok(user,snum))
-    {
-      DEBUG(0,("rejected invalid user %s\n",user));
-      ok = False;
-    }
-
-  return(ok);
+	return(ret);
 }
 
-
 /****************************************************************************
-read the a hosts.equiv or .rhosts file and check if it
-allows this user from this machine
+validate a group username entry. Return the username or NULL
 ****************************************************************************/
-static BOOL check_user_equiv(char *user, char *remote, char *equiv_file)
+static char *validate_group(char *group, DATA_BLOB password,int snum)
 {
-  pstring buf;
-  int plus_allowed = 1;
-  char *file_host;
-  char *file_user;
-  FILE *fp = fopen(equiv_file, "r");
-  DEBUG(5, ("check_user_equiv %s %s %s\n", user, remote, equiv_file));
-  if (! fp) return False;
-  while(fgets(buf, sizeof(buf), fp)) 
-  {
-    trim_string(buf," "," ");
-
-    if (buf[0] != '#' && buf[0] != '\n') 
-    {
-      BOOL is_group = False;
-      int plus = 1;
-      char *bp = buf;
-      if (strcmp(buf, "NO_PLUS\n") == 0)
-      {
-	DEBUG(6, ("check_user_equiv NO_PLUS\n"));
-	plus_allowed = 0;
-      }
-      else {
-	if (buf[0] == '+') 
+#ifdef HAVE_NETGROUP
 	{
-	  bp++;
-	  if (*bp == '\n' && plus_allowed) 
-	  {
-	    /* a bare plus means everbody allowed */
-	    DEBUG(6, ("check_user_equiv everybody allowed\n"));
-	    fclose(fp);
-	    return True;
-	  }
-	}
-	else if (buf[0] == '-')
-	{
-	  bp++;
-	  plus = 0;
-	}
-	if (*bp == '@') 
-	{
-	  is_group = True;
-	  bp++;
+		char *host, *user, *domain;
+		setnetgrent(group);
+		while (getnetgrent(&host, &user, &domain)) {
+			if (user) {
+				if (user_ok(user, snum) && 
+				    password_ok(user,password)) {
+					endnetgrent();
+					return(user);
+				}
+			}
+		}
+		endnetgrent();
 	}
-	file_host = strtok(bp, " \t\n");
-	file_user = strtok(NULL, " \t\n");
-	DEBUG(7, ("check_user_equiv %s %s\n", file_host, file_user));
-	if (file_host && *file_host) 
-	{
-	  BOOL host_ok = False;
-
-#ifdef NETGROUP	  
-	  /* THIS IS UNTESTED!! */
-	  if (is_group)
-	    {
-	      static char *mydomain = NULL;
-	      if (!mydomain)
-		yp_get_default_domain(&mydomain);
-	      if (mydomain && innetgr(remote,file_host,user,mydomain))
-		host_ok = True;
-	    }
-#else
-	  if (is_group)
-	    {
-	      DEBUG(1,("Netgroups not configured - add -DNETGROUP and recompile\n"));
-	      continue;
-	    }
 #endif
-
-	  /* is it this host */
-	  /* the fact that remote has come from a call of gethostbyaddr
-	   * means that it may have the fully qualified domain name
-	   * so we could look up the file version to get it into
-	   * a canonical form, but I would rather just type it
-	   * in full in the equiv file
-	   */
-	  if (!host_ok && !is_group && strequal(remote, file_host))
-	    host_ok = True;
-
-	  if (!host_ok)
-	    continue;
-
-	  /* is it this user */
-	  if (file_user == 0 || strequal(user, file_user)) 
-	    {
-	      fclose(fp);
-	      DEBUG(5, ("check_user_equiv matched %s%s %s\n",
-			(plus ? "+" : "-"), file_host,
-			(file_user ? file_user : "")));
-	      return (plus ? True : False);
-	    }
-	}
-      }
-    }
-  }
-  fclose(fp);
-  return False;
-}
-
-
-/****************************************************************************
-check for a possible hosts equiv or rhosts entry for the user
-****************************************************************************/
-BOOL check_hosts_equiv(char *user)
-{
-  char *fname = NULL;
-  pstring rhostsfile;
-  struct passwd *pass = Get_Pwnam(user,True);
-
-  extern struct from_host Client_info;
-  extern int Client;
-
-  if (!pass) 
-    return(False);
-
-  fromhost(Client,&Client_info);
-
-  fname = lp_hosts_equiv();
-
-  /* note: don't allow hosts.equiv on root */
-  if (fname && *fname && (pass->pw_uid != 0))
-    {
-      if (check_user_equiv(user,Client_info.name,fname))
-	return(True);
-    }
   
-  if (lp_use_rhosts())
-    {
-      char *home = get_home_dir(user);
-      if (home)
+#ifdef HAVE_GETGRENT
 	{
-	  sprintf(rhostsfile, "%s/.rhosts", home);
-	  if (check_user_equiv(user,Client_info.name,rhostsfile))
-	    return(True);
-	}
-    }
+		struct group *gptr;
+		setgrent();
+		while ((gptr = (struct group *)getgrent())) {
+			if (strequal(gptr->gr_name,group))
+				break;
+		}
 
-  return(False);
+		/*
+		 * As user_ok can recurse doing a getgrent(), we must
+		 * copy the member list into a pstring on the stack before
+		 * use. Bug pointed out by leon@eatworms.swmed.edu.
+		 */
+
+		if (gptr) {
+			pstring member_list;
+			char *member;
+			size_t copied_len = 0;
+			int i;
+
+			*member_list = '\0';
+			member = member_list;
+
+			for(i = 0; gptr->gr_mem && gptr->gr_mem[i]; i++) {
+				size_t member_len = strlen(gptr->gr_mem[i]) + 1;
+				if( copied_len + member_len < sizeof(pstring)) { 
+
+					DEBUG(10,("validate_group: = gr_mem = %s\n", gptr->gr_mem[i]));
+
+					safe_strcpy(member, gptr->gr_mem[i], sizeof(pstring) - copied_len - 1);
+					copied_len += member_len;
+					member += copied_len;
+				} else {
+					*member = '\0';
+				}
+			}
+
+			endgrent();
+
+			member = member_list;
+			while (*member) {
+				static fstring name;
+				fstrcpy(name,member);
+				if (user_ok(name,snum) &&
+				    password_ok(name,password)) {
+					endgrent();
+					return(&name[0]);
+				}
+
+				DEBUG(10,("validate_group = member = %s\n", member));
+
+				member += strlen(member) + 1;
+			}
+		} else {
+			endgrent();
+			return NULL;
+		}
+	}
+#endif
+	return(NULL);
 }
 
-
-static int password_client = -1;
-static fstring pserver;
-
 /****************************************************************************
-attempted support for server level security 
+ Check for authority to login to a service with a given username/password.
+ Note this is *NOT* used when logging on using sessionsetup_and_X.
 ****************************************************************************/
-BOOL server_cryptkey(char *buf)
-{
-  pstring inbuf,outbuf;
-  fstring pass_protocol;
-  extern fstring remote_machine;
-  char *p;
-  int len;
-  fstring desthost;
-  struct in_addr dest_ip;
-  extern struct in_addr myip;
-  int port = 139;
-  BOOL ret;
-
-  if (password_client >= 0)
-    close(password_client);
-  password_client = -1;
-
-  if (Protocol < PROTOCOL_NT1) {
-    strcpy(pass_protocol,"LM1.2X002");
-  } else {
-    strcpy(pass_protocol,"NT LM 0.12");
-  }
-
-  bzero(inbuf,sizeof(inbuf));
-  bzero(outbuf,sizeof(outbuf));
-
-  for (p=strtok(lp_passwordserver(),LIST_SEP); p ; p = strtok(NULL,LIST_SEP)) {
-    strcpy(desthost,p);
-    standard_sub_basic(desthost);
-    strupper(desthost);
-
-    dest_ip = *interpret_addr2(desthost);
-    if (zero_ip(dest_ip)) {
-      DEBUG(1,("Can't resolve address for %s\n",p));
-      continue;
-    }
 
-    if (memcmp(&dest_ip,&myip,sizeof(dest_ip)) == 0) {
-      DEBUG(1,("Password server loop - disabling password server %s\n",p));
-      continue;
-    }
-
-    password_client = open_socket_out(SOCK_STREAM, &dest_ip, port);
-    if (password_client >= 0) {
-      DEBUG(3,("connected to password server %s\n",p));
-      StrnCpy(pserver,p,sizeof(pserver)-1);
-      break;
-    }
-  }
-
-  if (password_client < 0) {
-    DEBUG(1,("password server not available\n"));
-    return(False);
-  }
+BOOL authorise_login(int snum,char *user, DATA_BLOB password, 
+		     BOOL *guest,BOOL *force,uint16 vuid)
+{
+	BOOL ok = False;
+	user_struct *vuser = get_valid_user_struct(vuid);
 
+#if DEBUG_PASSWORD
+	DEBUG(100,("authorise_login: checking authorisation on user=%s pass=%s vuid=%d\n",
+			user,password.data, vuid));
+#endif
 
-  /* send a session request (RFC 8002) */
+	*guest = False;
+  
+	if (GUEST_ONLY(snum))
+		*force = True;
 
-  /* put in the destination name */
-  len = 4;
-  p = outbuf+len;
-  name_mangle(desthost,p,' ');
-  len += name_len(p);
+	if (!GUEST_ONLY(snum) && (lp_security() > SEC_SHARE)) {
 
-  /* and my name */
-  p = outbuf+len;
-  name_mangle(remote_machine,p,' ');
-  len += name_len(p);
+		/*
+		 * We should just use the given vuid from a sessionsetup_and_X.
+		 */
 
-  _smb_setlen(outbuf,len);
-  CVAL(outbuf,0) = 0x81;
+		if (!vuser) {
+			DEBUG(1,("authorise_login: refusing user '%s' with no session setup\n", user));
+			return False;
+		}
 
-  send_smb(password_client,outbuf);
-  receive_smb(password_client,inbuf,5000);
+		if ((!vuser->guest && user_ok(vuser->user.unix_name,snum)) || 
+		    (vuser->guest && GUEST_OK(snum))) {
+			fstrcpy(user,vuser->user.unix_name);
+			*guest = vuser->guest;
+			DEBUG(3,("authorise_login: ACCEPTED: validated based on vuid as %sguest \
+(user=%s)\n", vuser->guest ? "" : "non-", user));
+			return True;
+		}
+	}
  
-  if (CVAL(inbuf,0) != 0x82) {
-    DEBUG(1,("%s rejected the session\n",pserver));
-    close(password_client); password_client = -1;
-    return(False);
-  }
-
-  DEBUG(3,("got session\n"));
-
-  bzero(outbuf,smb_size);
-
-  /* setup the protocol string */
-  set_message(outbuf,0,strlen(pass_protocol)+2,True);
-  p = smb_buf(outbuf);
-  *p++ = 2;
-  strcpy(p,pass_protocol);
-
-  CVAL(outbuf,smb_com) = SMBnegprot;
-  CVAL(outbuf,smb_flg) = 0x8;
-  SSVAL(outbuf,smb_flg2,0x1);
-
-  send_smb(password_client,outbuf);
-  ret = receive_smb(password_client,inbuf,5000);
-
-  if (!ret || CVAL(inbuf,smb_rcls) || SVAL(inbuf,smb_vwv0)) {
-    DEBUG(1,("%s rejected the protocol\n",pserver));
-    close(password_client); password_client= -1;
-    return(False);
-  }
-
-  if (!(CVAL(inbuf,smb_vwv1) & 1)) {
-    DEBUG(1,("%s isn't in user level security mode\n",pserver));
-    close(password_client); password_client= -1;
-    return(False);
-  }
-
-  memcpy(buf,inbuf,smb_len(inbuf)+4);
-
-  DEBUG(3,("password server OK\n"));
-
-  return(True);
-}
-
-/****************************************************************************
-attempted support for server level security 
-****************************************************************************/
-BOOL server_validate(char *buf)
-{
-  pstring inbuf,outbuf;  
-  BOOL ret;
-
-  if (password_client < 0) {
-    DEBUG(1,("%s not connected\n",pserver));
-    return(False);
-  }  
-
-  bzero(inbuf,sizeof(inbuf));
-  memcpy(outbuf,buf,sizeof(outbuf));
-
-  /* send a session setup command */
-  CVAL(outbuf,smb_flg) = 0x8;
-  SSVAL(outbuf,smb_flg2,0x1);
-  CVAL(outbuf,smb_vwv0) = 0xFF;
-
-  set_message(outbuf,smb_numwords(outbuf),smb_buflen(outbuf),False);
-
-  SCVAL(inbuf,smb_rcls,1);
+	/* there are several possibilities:
+		1) login as the given user with given password
+		2) login as a previously registered username with the given password
+		3) login as a session list username with the given password
+		4) login as a previously validated user/password pair
+		5) login as the "user =" user with given password
+		6) login as the "user =" user with no password (guest connection)
+		7) login as guest user with no password
+
+		if the service is guest_only then steps 1 to 5 are skipped
+	*/
+
+	if (!(GUEST_ONLY(snum) && GUEST_OK(snum))) {
+		/* check for a previously registered guest username */
+		if (!ok && (vuser != 0) && vuser->guest) {	  
+			if (user_ok(vuser->user.unix_name,snum) &&
+					password_ok(vuser->user.unix_name, password)) {
+				fstrcpy(user, vuser->user.unix_name);
+				*guest = False;
+				DEBUG(3,("authorise_login: ACCEPTED: given password with registered user %s\n", user));
+				ok = True;
+			}
+		}
 
-  send_smb(password_client,outbuf);
-  ret = receive_smb(password_client,inbuf,5000);
+		/* now check the list of session users */
+		if (!ok) {
+			char *auser;
+			char *user_list = strdup(session_users);
+			if (!user_list)
+				return(False);
+
+			for (auser=strtok(user_list,LIST_SEP); !ok && auser;
+									auser = strtok(NULL,LIST_SEP)) {
+				fstring user2;
+				fstrcpy(user2,auser);
+				if (!user_ok(user2,snum))
+					continue;
+		  
+				if (password_ok(user2,password)) {
+					ok = True;
+					fstrcpy(user,user2);
+					DEBUG(3,("authorise_login: ACCEPTED: session list username (%s) \
+and given password ok\n", user));
+				}
+			}
+
+			SAFE_FREE(user_list);
+		}
 
-  if (!ret || CVAL(inbuf,smb_rcls) != 0) {
-    DEBUG(1,("password server %s rejected the password\n",pserver));
-    return(False);
-  }
+		/* check for a previously validated username/password pair */
+		if (!ok && (lp_security() > SEC_SHARE) && (vuser != 0) && !vuser->guest &&
+							user_ok(vuser->user.unix_name,snum)) {
+			fstrcpy(user,vuser->user.unix_name);
+			*guest = False;
+			DEBUG(3,("authorise_login: ACCEPTED: validated uid (%s) as non-guest\n",
+				user));
+			ok = True;
+		}
 
-  /* if logged in as guest then reject */
-  if ((SVAL(inbuf,smb_vwv2) & 1) != 0) {
-    DEBUG(1,("password server %s gave us guest only\n",pserver));
-    return(False);
-  }
+		/* check the user= fields and the given password */
+		if (!ok && lp_username(snum)) {
+			char *auser;
+			pstring user_list;
+			StrnCpy(user_list,lp_username(snum),sizeof(pstring));
 
-  DEBUG(3,("password server %s accepted the password\n",pserver));
+			pstring_sub(user_list,"%S",lp_servicename(snum));
+	  
+			for (auser=strtok(user_list,LIST_SEP); auser && !ok;
+											auser = strtok(NULL,LIST_SEP)) {
+				if (*auser == '@') {
+					auser = validate_group(auser+1,password,snum);
+					if (auser) {
+						ok = True;
+						fstrcpy(user,auser);
+						DEBUG(3,("authorise_login: ACCEPTED: group username \
+and given password ok (%s)\n", user));
+					}
+				} else {
+					fstring user2;
+					fstrcpy(user2,auser);
+					if (user_ok(user2,snum) && password_ok(user2,password)) {
+						ok = True;
+						fstrcpy(user,user2);
+						DEBUG(3,("authorise_login: ACCEPTED: user list username \
+and given password ok (%s)\n", user));
+					}
+				}
+			}
+		}
+	} /* not guest only */
+
+	/* check for a normal guest connection */
+	if (!ok && GUEST_OK(snum)) {
+		fstring guestname;
+		StrnCpy(guestname,lp_guestaccount(),sizeof(guestname)-1);
+		if (Get_Pwnam(guestname)) {
+			fstrcpy(user,guestname);
+			ok = True;
+			DEBUG(3,("authorise_login: ACCEPTED: guest account and guest ok (%s)\n",
+					user));
+		} else {
+			DEBUG(0,("authorise_login: Invalid guest account %s??\n",guestname));
+		}
+		*guest = True;
+	}
 
-#ifndef KEEP_PASSWORD_SERVER_OPEN
-  close(password_client); password_client= -1;
-#endif
+	if (ok && !user_ok(user,snum)) {
+		DEBUG(0,("authorise_login: rejected invalid user %s\n",user));
+		ok = False;
+	}
 
-  return(True);
+	return(ok);
 }
-
-
diff --git a/source3/smbd/pipes.c b/source3/smbd/pipes.c
new file mode 100644
index 0000000000..6c1e6efa73
--- /dev/null
+++ b/source3/smbd/pipes.c
@@ -0,0 +1,264 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Pipe SMB reply routines
+   Copyright (C) Andrew Tridgell 1992-1998
+   Copyright (C) Luke Kenneth Casson Leighton 1996-1998
+   Copyright (C) Paul Ashton  1997-1998.
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+/*
+   This file handles reply_ calls on named pipes that the server
+   makes to handle specific protocols
+*/
+
+
+#include "includes.h"
+
+#define	PIPE		"\\PIPE\\"
+#define	PIPELEN		strlen(PIPE)
+
+extern struct pipe_id_info pipe_names[];
+
+/****************************************************************************
+  reply to an open and X on a named pipe
+
+  This code is basically stolen from reply_open_and_X with some
+  wrinkles to handle pipes.
+****************************************************************************/
+int reply_open_pipe_and_X(connection_struct *conn,
+			  char *inbuf,char *outbuf,int length,int bufsize)
+{
+	pstring fname;
+	pstring pipe_name;
+	uint16 vuid = SVAL(inbuf, smb_uid);
+	smb_np_struct *p;
+	int smb_ofun = SVAL(inbuf,smb_vwv8);
+	int size=0,fmode=0,mtime=0,rmode=0;
+	int i;
+
+	/* XXXX we need to handle passed times, sattr and flags */
+	srvstr_pull(inbuf, pipe_name, smb_buf(inbuf), sizeof(pipe_name), -1, STR_TERMINATE);
+
+	/* If the name doesn't start \PIPE\ then this is directed */
+	/* at a mailslot or something we really, really don't understand, */
+	/* not just something we really don't understand. */
+	if ( strncmp(pipe_name,PIPE,PIPELEN) != 0 )
+		return(ERROR_DOS(ERRSRV,ERRaccess));
+
+	DEBUG(4,("Opening pipe %s.\n", pipe_name));
+
+	/* See if it is one we want to handle. */
+	for( i = 0; pipe_names[i].client_pipe ; i++ )
+		if( strequal(pipe_name,pipe_names[i].client_pipe) )
+			break;
+
+	if (pipe_names[i].client_pipe == NULL)
+		return(ERROR_BOTH(NT_STATUS_OBJECT_NAME_NOT_FOUND,ERRDOS,ERRbadpipe));
+
+	/* Strip \PIPE\ off the name. */
+	pstrcpy(fname, pipe_name + PIPELEN);
+
+
+#if 0
+	/*
+	 * Hack for NT printers... JRA.
+	 */
+    if(should_fail_next_srvsvc_open(fname))
+      return(ERROR(ERRSRV,ERRaccess));
+#endif
+
+	/* Known pipes arrive with DIR attribs. Remove it so a regular file */
+	/* can be opened and add it in after the open. */
+	DEBUG(3,("Known pipe %s opening.\n",fname));
+	smb_ofun |= FILE_CREATE_IF_NOT_EXIST;
+
+	p = open_rpc_pipe_p(fname, conn, vuid);
+	if (!p) return(ERROR_DOS(ERRSRV,ERRnofids));
+
+	/* Prepare the reply */
+	set_message(outbuf,15,0,True);
+
+	/* Mark the opened file as an existing named pipe in message mode. */
+	SSVAL(outbuf,smb_vwv9,2);
+	SSVAL(outbuf,smb_vwv10,0xc700);
+
+	if (rmode == 2) {
+		DEBUG(4,("Resetting open result to open from create.\n"));
+		rmode = 1;
+	}
+
+	SSVAL(outbuf,smb_vwv2, p->pnum);
+	SSVAL(outbuf,smb_vwv3,fmode);
+	put_dos_date3(outbuf,smb_vwv4,mtime);
+	SIVAL(outbuf,smb_vwv6,size);
+	SSVAL(outbuf,smb_vwv8,rmode);
+	SSVAL(outbuf,smb_vwv11,0x0001);
+
+	return chain_reply(inbuf,outbuf,length,bufsize);
+}
+
+/****************************************************************************
+  reply to a write on a pipe
+****************************************************************************/
+int reply_pipe_write(char *inbuf,char *outbuf,int length,int dum_bufsize)
+{
+	smb_np_struct *p = get_rpc_pipe_p(inbuf,smb_vwv0);
+	size_t numtowrite = SVAL(inbuf,smb_vwv1);
+	int nwritten;
+	int outsize;
+	char *data;
+
+	if (!p)
+		return(ERROR_DOS(ERRDOS,ERRbadfid));
+
+	data = smb_buf(inbuf) + 3;
+
+	if (numtowrite == 0)
+		nwritten = 0;
+	else
+		nwritten = write_to_pipe(p, data, numtowrite);
+
+	if ((nwritten == 0 && numtowrite != 0) || (nwritten < 0))
+		return (UNIXERROR(ERRDOS,ERRnoaccess));
+  
+	outsize = set_message(outbuf,1,0,True);
+
+	SSVAL(outbuf,smb_vwv0,nwritten);
+  
+	DEBUG(3,("write-IPC pnum=%04x nwritten=%d\n",
+		 p->pnum, nwritten));
+
+	return(outsize);
+}
+
+/****************************************************************************
+ Reply to a write and X.
+
+ This code is basically stolen from reply_write_and_X with some
+ wrinkles to handle pipes.
+****************************************************************************/
+
+int reply_pipe_write_and_X(char *inbuf,char *outbuf,int length,int bufsize)
+{
+	smb_np_struct *p = get_rpc_pipe_p(inbuf,smb_vwv2);
+	size_t numtowrite = SVAL(inbuf,smb_vwv10);
+	int nwritten = -1;
+	int smb_doff = SVAL(inbuf, smb_vwv11);
+	BOOL pipe_start_message_raw = ((SVAL(inbuf, smb_vwv7) & (PIPE_START_MESSAGE|PIPE_RAW_MODE)) ==
+									(PIPE_START_MESSAGE|PIPE_RAW_MODE));
+	char *data;
+
+	if (!p)
+		return(ERROR_DOS(ERRDOS,ERRbadfid));
+
+	data = smb_base(inbuf) + smb_doff;
+
+	if (numtowrite == 0)
+		nwritten = 0;
+	else {
+		if(pipe_start_message_raw) {
+			/*
+			 * For the start of a message in named pipe byte mode,
+			 * the first two bytes are a length-of-pdu field. Ignore
+			 * them (we don't trust the client. JRA.
+			 */
+	        if(numtowrite < 2) {
+				DEBUG(0,("reply_pipe_write_and_X: start of message set and not enough data sent.(%u)\n",
+					(unsigned int)numtowrite ));
+				return (UNIXERROR(ERRDOS,ERRnoaccess));
+			}
+
+			data += 2;
+			numtowrite -= 2;
+    	}                        
+		nwritten = write_to_pipe(p, data, numtowrite);
+	}
+
+	if ((nwritten == 0 && numtowrite != 0) || (nwritten < 0))
+		return (UNIXERROR(ERRDOS,ERRnoaccess));
+  
+	set_message(outbuf,6,0,True);
+
+	nwritten = (pipe_start_message_raw ? nwritten + 2 : nwritten);
+	SSVAL(outbuf,smb_vwv2,nwritten);
+  
+	DEBUG(3,("writeX-IPC pnum=%04x nwritten=%d\n",
+		 p->pnum, nwritten));
+
+	return chain_reply(inbuf,outbuf,length,bufsize);
+}
+
+/****************************************************************************
+  reply to a read and X
+
+  This code is basically stolen from reply_read_and_X with some
+  wrinkles to handle pipes.
+****************************************************************************/
+int reply_pipe_read_and_X(char *inbuf,char *outbuf,int length,int bufsize)
+{
+	smb_np_struct *p = get_rpc_pipe_p(inbuf,smb_vwv2);
+	int smb_maxcnt = SVAL(inbuf,smb_vwv5);
+	int smb_mincnt = SVAL(inbuf,smb_vwv6);
+	int nread = -1;
+	char *data;
+	BOOL unused;
+
+	/* we don't use the offset given to use for pipe reads. This
+           is deliberate, instead we always return the next lump of
+           data on the pipe */
+#if 0
+	uint32 smb_offs = IVAL(inbuf,smb_vwv3);
+#endif
+
+	if (!p)
+		return(ERROR_DOS(ERRDOS,ERRbadfid));
+
+	set_message(outbuf,12,0,True);
+	data = smb_buf(outbuf);
+
+	nread = read_from_pipe(p, data, smb_maxcnt, &unused);
+
+	if (nread < 0)
+		return(UNIXERROR(ERRDOS,ERRnoaccess));
+  
+	SSVAL(outbuf,smb_vwv5,nread);
+	SSVAL(outbuf,smb_vwv6,smb_offset(data,outbuf));
+	SSVAL(smb_buf(outbuf),-2,nread);
+  
+	DEBUG(3,("readX-IPC pnum=%04x min=%d max=%d nread=%d\n",
+		 p->pnum, smb_mincnt, smb_maxcnt, nread));
+
+	return chain_reply(inbuf,outbuf,length,bufsize);
+}
+
+/****************************************************************************
+  reply to a close
+****************************************************************************/
+int reply_pipe_close(connection_struct *conn, char *inbuf,char *outbuf)
+{
+	smb_np_struct *p = get_rpc_pipe_p(inbuf,smb_vwv0);
+	int outsize = set_message(outbuf,0,0,True);
+
+	if (!p)
+		return(ERROR_DOS(ERRDOS,ERRbadfid));
+
+	DEBUG(5,("reply_pipe_close: pnum:%x\n", p->pnum));
+
+	if (!close_rpc_pipe_hnd(p))
+		return ERROR_DOS(ERRDOS,ERRbadfid);
+
+	return(outsize);
+}
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
new file mode 100644
index 0000000000..9c8835214f
--- /dev/null
+++ b/source3/smbd/posix_acls.c
@@ -0,0 +1,2313 @@
+/*
+   Unix SMB/CIFS implementation.
+   SMB NT Security Descriptor / Unix permission conversion.
+   Copyright (C) Jeremy Allison 1994-2000
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/****************************************************************************
+ Data structures representing the internal ACE format.
+****************************************************************************/
+
+enum ace_owner {UID_ACE, GID_ACE, WORLD_ACE};
+enum ace_attribute {ALLOW_ACE, DENY_ACE}; /* Used for incoming NT ACLS. */
+
+typedef union posix_id {
+		uid_t uid;
+		gid_t gid;
+		int world;
+} posix_id;
+
+typedef struct canon_ace {
+	struct canon_ace *next, *prev;
+	SMB_ACL_TAG_T type;
+	mode_t perms; /* Only use S_I(R|W|X)USR mode bits here. */
+	DOM_SID trustee;
+	enum ace_owner owner_type;
+	enum ace_attribute attr;
+	posix_id unix_ug; 
+} canon_ace;
+
+#define ALL_ACE_PERMS (S_IRUSR|S_IWUSR|S_IXUSR)
+
+/****************************************************************************
+ Functions to manipulate the internal ACE format.
+****************************************************************************/
+
+/****************************************************************************
+ Count a linked list of canonical ACE entries.
+****************************************************************************/
+
+static size_t count_canon_ace_list( canon_ace *list_head )
+{
+	size_t count = 0;
+	canon_ace *ace;
+
+	for (ace = list_head; ace; ace = ace->next)
+		count++;
+
+	return count;
+}
+
+/****************************************************************************
+ Free a linked list of canonical ACE entries.
+****************************************************************************/
+
+static void free_canon_ace_list( canon_ace *list_head )
+{
+	while (list_head) {
+		canon_ace *old_head = list_head;
+		DLIST_REMOVE(list_head, list_head);
+		SAFE_FREE(old_head);
+	}
+}
+
+/****************************************************************************
+ Function to duplicate a canon_ace entry.
+****************************************************************************/
+
+static canon_ace *dup_canon_ace( canon_ace *src_ace)
+{
+	canon_ace *dst_ace = (canon_ace *)malloc(sizeof(canon_ace));
+
+	if (dst_ace == NULL)
+		return NULL;
+
+	*dst_ace = *src_ace;
+	dst_ace->prev = dst_ace->next = NULL;
+	return dst_ace;
+}
+
+/****************************************************************************
+ Print out a canon ace.
+****************************************************************************/
+
+static void print_canon_ace(canon_ace *pace, int num)
+{
+	fstring str;
+
+	dbgtext( "canon_ace index %d. Type = %s ", num, pace->attr == ALLOW_ACE ? "allow" : "deny" );
+	dbgtext( "SID = %s ", sid_to_string( str, &pace->trustee));
+	if (pace->owner_type == UID_ACE) {
+		char *u_name = uidtoname(pace->unix_ug.uid);
+		dbgtext( "uid %u (%s) ", (unsigned int)pace->unix_ug.uid, u_name);
+	} else if (pace->owner_type == GID_ACE) {
+		char *g_name = gidtoname(pace->unix_ug.gid);
+		dbgtext( "gid %u (%s) ", (unsigned int)pace->unix_ug.gid, g_name);
+	} else
+		dbgtext( "other ");
+	switch (pace->type) {
+		case SMB_ACL_USER:
+			dbgtext( "SMB_ACL_USER ");
+			break;
+		case SMB_ACL_USER_OBJ:
+			dbgtext( "SMB_ACL_USER_OBJ ");
+			break;
+		case SMB_ACL_GROUP:
+			dbgtext( "SMB_ACL_GROUP ");
+			break;
+		case SMB_ACL_GROUP_OBJ:
+			dbgtext( "SMB_ACL_GROUP_OBJ ");
+			break;
+		case SMB_ACL_OTHER:
+			dbgtext( "SMB_ACL_OTHER ");
+			break;
+	}
+	dbgtext( "perms ");
+	dbgtext( "%c", pace->perms & S_IRUSR ? 'r' : '-');
+	dbgtext( "%c", pace->perms & S_IWUSR ? 'w' : '-');
+	dbgtext( "%c\n", pace->perms & S_IXUSR ? 'x' : '-');
+}
+
+/****************************************************************************
+ Print out a canon ace list.
+****************************************************************************/
+
+static void print_canon_ace_list(const char *name, canon_ace *ace_list)
+{
+	int count = 0;
+
+	if( DEBUGLVL( 10 )) {
+		dbgtext( "print_canon_ace_list: %s\n", name );
+		for (;ace_list; ace_list = ace_list->next, count++)
+			print_canon_ace(ace_list, count );
+	}
+}
+
+/****************************************************************************
+ Map POSIX ACL perms to canon_ace permissions (a mode_t containing only S_(R|W|X)USR bits).
+****************************************************************************/
+
+static mode_t convert_permset_to_mode_t(connection_struct *conn, SMB_ACL_PERMSET_T permset)
+{
+	mode_t ret = 0;
+
+	ret |= (conn->vfs_ops.sys_acl_get_perm(conn, permset, SMB_ACL_READ) ? S_IRUSR : 0);
+	ret |= (conn->vfs_ops.sys_acl_get_perm(conn, permset, SMB_ACL_WRITE) ? S_IWUSR : 0);
+	ret |= (conn->vfs_ops.sys_acl_get_perm(conn, permset, SMB_ACL_EXECUTE) ? S_IXUSR : 0);
+
+	return ret;
+}
+
+/****************************************************************************
+ Map generic UNIX permissions to canon_ace permissions (a mode_t containing only S_(R|W|X)USR bits).
+****************************************************************************/
+
+static mode_t unix_perms_to_acl_perms(mode_t mode, int r_mask, int w_mask, int x_mask)
+{
+	mode_t ret = 0;
+
+	if (mode & r_mask)
+		ret |= S_IRUSR;
+	if (mode & w_mask)
+		ret |= S_IWUSR;
+	if (mode & x_mask)
+		ret |= S_IXUSR;
+
+	return ret;
+}
+
+/****************************************************************************
+ Map canon_ace permissions (a mode_t containing only S_(R|W|X)USR bits) to
+ an SMB_ACL_PERMSET_T.
+****************************************************************************/
+
+static int map_acl_perms_to_permset(connection_struct *conn, mode_t mode, SMB_ACL_PERMSET_T *p_permset)
+{
+	if (conn->vfs_ops.sys_acl_clear_perms(conn, *p_permset) ==  -1)
+		return -1;
+	if (mode & S_IRUSR) {
+		if (conn->vfs_ops.sys_acl_add_perm(conn, *p_permset, SMB_ACL_READ) == -1)
+			return -1;
+	}
+	if (mode & S_IWUSR) {
+		if (conn->vfs_ops.sys_acl_add_perm(conn, *p_permset, SMB_ACL_WRITE) == -1)
+			return -1;
+	}
+	if (mode & S_IXUSR) {
+		if (conn->vfs_ops.sys_acl_add_perm(conn, *p_permset, SMB_ACL_EXECUTE) == -1)
+			return -1;
+	}
+	return 0;
+}
+/****************************************************************************
+ Function to create owner and group SIDs from a SMB_STRUCT_STAT.
+****************************************************************************/
+
+static void create_file_sids(SMB_STRUCT_STAT *psbuf, DOM_SID *powner_sid, DOM_SID *pgroup_sid)
+{
+	uid_to_sid( powner_sid, psbuf->st_uid );
+	gid_to_sid( pgroup_sid, psbuf->st_gid );
+}
+
+/****************************************************************************
+ Merge aces with a common sid - if both are allow or deny, OR the permissions together and
+ delete the second one. If the first is deny, mask the permissions off and delete the allow
+ if the permissions become zero, delete the deny if the permissions are non zero.
+****************************************************************************/
+
+static void merge_aces( canon_ace **pp_list_head )
+{
+	canon_ace *list_head = *pp_list_head;
+	canon_ace *curr_ace_outer;
+	canon_ace *curr_ace_outer_next;
+
+	/*
+	 * First, merge allow entries with identical SIDs, and deny entries
+	 * with identical SIDs.
+	 */
+
+	for (curr_ace_outer = list_head; curr_ace_outer; curr_ace_outer = curr_ace_outer_next) {
+		canon_ace *curr_ace;
+		canon_ace *curr_ace_next;
+
+		curr_ace_outer_next = curr_ace_outer->next; /* Save the link in case we delete. */
+
+		for (curr_ace = curr_ace_outer->next; curr_ace; curr_ace = curr_ace_next) {
+
+			curr_ace_next = curr_ace->next; /* Save the link in case of delete. */
+
+			if (sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) &&
+				(curr_ace->attr == curr_ace_outer->attr)) {
+
+				if( DEBUGLVL( 10 )) {
+					dbgtext("merge_aces: Merging ACE's\n");
+					print_canon_ace( curr_ace_outer, 0);
+					print_canon_ace( curr_ace, 0);
+				}
+
+				/* Merge two allow or two deny ACE's. */
+
+				curr_ace_outer->perms |= curr_ace->perms;
+				DLIST_REMOVE(list_head, curr_ace);
+				SAFE_FREE(curr_ace);
+				curr_ace_outer_next = curr_ace_outer->next; /* We may have deleted the link. */
+			}
+		}
+	}
+
+	/*
+	 * Now go through and mask off allow permissions with deny permissions.
+	 * We can delete either the allow or deny here as we know that each SID
+	 * appears only once in the list.
+	 */
+
+	for (curr_ace_outer = list_head; curr_ace_outer; curr_ace_outer = curr_ace_outer_next) {
+		canon_ace *curr_ace;
+		canon_ace *curr_ace_next;
+
+		curr_ace_outer_next = curr_ace_outer->next; /* Save the link in case we delete. */
+
+		for (curr_ace = curr_ace_outer->next; curr_ace; curr_ace = curr_ace_next) {
+
+			curr_ace_next = curr_ace->next; /* Save the link in case of delete. */
+
+			/*
+			 * Subtract ACE's with different entries. Due to the ordering constraints
+			 * we've put on the ACL, we know the deny must be the first one.
+			 */
+
+			if (sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) &&
+				(curr_ace_outer->attr == DENY_ACE) && (curr_ace->attr == ALLOW_ACE)) {
+
+				if( DEBUGLVL( 10 )) {
+					dbgtext("merge_aces: Masking ACE's\n");
+					print_canon_ace( curr_ace_outer, 0);
+					print_canon_ace( curr_ace, 0);
+				}
+
+				curr_ace->perms &= ~curr_ace_outer->perms;
+
+				if (curr_ace->perms == 0) {
+
+					/*
+					 * The deny overrides the allow. Remove the allow.
+					 */
+
+					DLIST_REMOVE(list_head, curr_ace);
+					SAFE_FREE(curr_ace);
+					curr_ace_outer_next = curr_ace_outer->next; /* We may have deleted the link. */
+
+				} else {
+
+					/*
+					 * Even after removing permissions, there
+					 * are still allow permissions - delete the deny.
+					 * It is safe to delete the deny here,
+					 * as we are guarenteed by the deny first
+					 * ordering that all the deny entries for
+					 * this SID have already been merged into one
+					 * before we can get to an allow ace.
+					 */
+
+					DLIST_REMOVE(list_head, curr_ace_outer);
+					SAFE_FREE(curr_ace_outer);
+					break;
+				}
+			}
+
+		} /* end for curr_ace */
+	} /* end for curr_ace_outer */
+
+	/* We may have modified the list. */
+
+	*pp_list_head = list_head;
+}
+
+/****************************************************************************
+ Map canon_ace perms to permission bits NT.
+ The attr element is not used here - we only process deny entries on set,
+ not get. Deny entries are implicit on get with ace->perms = 0.
+****************************************************************************/
+
+static SEC_ACCESS map_canon_ace_perms(int *pacl_type, DOM_SID *powner_sid, canon_ace *ace)
+{
+	SEC_ACCESS sa;
+	uint32 nt_mask = 0;
+
+	*pacl_type = SEC_ACE_TYPE_ACCESS_ALLOWED;
+
+	if ((ace->perms & ALL_ACE_PERMS) == ALL_ACE_PERMS) {
+			nt_mask = UNIX_ACCESS_RWX;
+	} else if ((ace->perms & ALL_ACE_PERMS) == (mode_t)0) {
+		nt_mask = UNIX_ACCESS_NONE;
+	} else {
+		nt_mask |= ((ace->perms & S_IRUSR) ? UNIX_ACCESS_R : 0 );
+		nt_mask |= ((ace->perms & S_IWUSR) ? UNIX_ACCESS_W : 0 );
+		nt_mask |= ((ace->perms & S_IXUSR) ? UNIX_ACCESS_X : 0 );
+	}
+
+	DEBUG(10,("map_canon_ace_perms: Mapped (UNIX) %x to (NT) %x\n",
+			(unsigned int)ace->perms, (unsigned int)nt_mask ));
+
+	init_sec_access(&sa,nt_mask);
+	return sa;
+}
+
+/****************************************************************************
+ Map NT perms to a UNIX mode_t.
+****************************************************************************/
+
+#define FILE_SPECIFIC_READ_BITS (FILE_READ_DATA|FILE_READ_EA|FILE_READ_ATTRIBUTES)
+#define FILE_SPECIFIC_WRITE_BITS (FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_WRITE_EA|FILE_WRITE_ATTRIBUTES)
+#define FILE_SPECIFIC_EXECUTE_BITS (FILE_EXECUTE)
+
+static mode_t map_nt_perms( SEC_ACCESS sec_access, int type)
+{
+	mode_t mode = 0;
+
+	switch(type) {
+	case S_IRUSR:
+		if(sec_access.mask & GENERIC_ALL_ACCESS)
+			mode = S_IRUSR|S_IWUSR|S_IXUSR;
+		else {
+			mode |= (sec_access.mask & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IRUSR : 0;
+			mode |= (sec_access.mask & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWUSR : 0;
+			mode |= (sec_access.mask & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXUSR : 0;
+		}
+		break;
+	case S_IRGRP:
+		if(sec_access.mask & GENERIC_ALL_ACCESS)
+			mode = S_IRGRP|S_IWGRP|S_IXGRP;
+		else {
+			mode |= (sec_access.mask & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IRGRP : 0;
+			mode |= (sec_access.mask & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWGRP : 0;
+			mode |= (sec_access.mask & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXGRP : 0;
+		}
+		break;
+	case S_IROTH:
+		if(sec_access.mask & GENERIC_ALL_ACCESS)
+			mode = S_IROTH|S_IWOTH|S_IXOTH;
+		else {
+			mode |= (sec_access.mask & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IROTH : 0;
+			mode |= (sec_access.mask & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWOTH : 0;
+			mode |= (sec_access.mask & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXOTH : 0;
+		}
+		break;
+	}
+
+	return mode;
+}
+
+/****************************************************************************
+ Unpack a SEC_DESC into a UNIX owner and group.
+****************************************************************************/
+
+static BOOL unpack_nt_owners(SMB_STRUCT_STAT *psbuf, uid_t *puser, gid_t *pgrp, uint32 security_info_sent, SEC_DESC *psd)
+{
+	DOM_SID owner_sid;
+	DOM_SID grp_sid;
+	enum SID_NAME_USE sid_type;
+
+	*puser = (uid_t)-1;
+	*pgrp = (gid_t)-1;
+
+	if(security_info_sent == 0) {
+		DEBUG(0,("unpack_nt_owners: no security info sent !\n"));
+		return True;
+	}
+
+	/*
+	 * Validate the owner and group SID's.
+	 */
+
+	memset(&owner_sid, '\0', sizeof(owner_sid));
+	memset(&grp_sid, '\0', sizeof(grp_sid));
+
+	DEBUG(5,("unpack_nt_owners: validating owner_sids.\n"));
+
+	/*
+	 * Don't immediately fail if the owner sid cannot be validated.
+	 * This may be a group chown only set.
+	 */
+
+	if (security_info_sent & OWNER_SECURITY_INFORMATION) {
+		sid_copy(&owner_sid, psd->owner_sid);
+		if (!sid_to_uid( &owner_sid, puser, &sid_type)) {
+			DEBUG(3,("unpack_nt_owners: unable to validate owner sid for %s\n",
+				 sid_string_static(&owner_sid)));
+			return False;
+		}
+ 	}
+
+	/*
+	 * Don't immediately fail if the group sid cannot be validated.
+	 * This may be an owner chown only set.
+	 */
+
+	if (security_info_sent & GROUP_SECURITY_INFORMATION) {
+		sid_copy(&grp_sid, psd->grp_sid);
+		if (!sid_to_gid( &grp_sid, pgrp, &sid_type)) {
+			DEBUG(3,("unpack_nt_owners: unable to validate group sid.\n"));
+			return False;
+		}
+	}
+
+	DEBUG(5,("unpack_nt_owners: owner_sids validated.\n"));
+
+	return True;
+}
+
+/****************************************************************************
+ Ensure the enforced permissions for this share apply.
+****************************************************************************/
+
+static mode_t apply_default_perms(files_struct *fsp, mode_t perms, mode_t type)
+{
+	int snum = SNUM(fsp->conn);
+	mode_t and_bits = (mode_t)0;
+	mode_t or_bits = (mode_t)0;
+
+	/* Get the initial bits to apply. */
+
+	if (fsp->is_directory) {
+		and_bits = lp_dir_security_mask(snum);
+		or_bits = lp_force_dir_security_mode(snum);
+	} else {
+		and_bits = lp_security_mask(snum);
+		or_bits = lp_force_security_mode(snum);
+	}
+
+	/* Now bounce them into the S_USR space. */	
+	switch(type) {
+	case S_IRUSR:
+		and_bits = unix_perms_to_acl_perms(and_bits, S_IRUSR, S_IWUSR, S_IXUSR);
+		or_bits = unix_perms_to_acl_perms(or_bits, S_IRUSR, S_IWUSR, S_IXUSR);
+		break;
+	case S_IRGRP:
+		and_bits = unix_perms_to_acl_perms(and_bits, S_IRGRP, S_IWGRP, S_IXGRP);
+		or_bits = unix_perms_to_acl_perms(or_bits, S_IRGRP, S_IWGRP, S_IXGRP);
+		break;
+	case S_IROTH:
+		and_bits = unix_perms_to_acl_perms(and_bits, S_IROTH, S_IWOTH, S_IXOTH);
+		or_bits = unix_perms_to_acl_perms(or_bits, S_IROTH, S_IWOTH, S_IXOTH);
+		break;
+	}
+
+	return ((perms & and_bits)|or_bits);
+}
+
+/****************************************************************************
+ A well formed POSIX file or default ACL has at least 3 entries, a 
+ SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ, SMB_ACL_OTHER_OBJ.
+ In addition, the owner must always have at least read access.
+ When using this call on get_acl, the pst struct is valid and contains
+ the mode of the file. When using this call on set_acl, the pst struct has
+ been modified to have a mode containing the default for this file or directory
+ type.
+****************************************************************************/
+
+static BOOL ensure_canon_entry_valid(canon_ace **pp_ace,
+							files_struct *fsp,
+							DOM_SID *pfile_owner_sid,
+							DOM_SID *pfile_grp_sid,
+							SMB_STRUCT_STAT *pst,
+							BOOL setting_acl)
+{
+	extern DOM_SID global_sid_World;
+	canon_ace *pace;
+	BOOL got_user = False;
+	BOOL got_grp = False;
+	BOOL got_other = False;
+
+	for (pace = *pp_ace; pace; pace = pace->next) {
+		if (pace->type == SMB_ACL_USER_OBJ) {
+
+			if (setting_acl) {
+				/* Ensure owner has read access. */
+				pace->perms |= S_IRUSR;
+				if (fsp->is_directory)
+					pace->perms |= (S_IWUSR|S_IXUSR);
+
+				/*
+				 * Ensure create mask/force create mode is respected on set.
+				 */
+
+				pace->perms = apply_default_perms(fsp, pace->perms, S_IRUSR);
+			}
+
+			got_user = True;
+		} else if (pace->type == SMB_ACL_GROUP_OBJ) {
+
+			/*
+			 * Ensure create mask/force create mode is respected on set.
+			 */
+
+			if (setting_acl)
+				pace->perms = apply_default_perms(fsp, pace->perms, S_IRGRP);
+			got_grp = True;
+		} else if (pace->type == SMB_ACL_OTHER) {
+
+			/*
+			 * Ensure create mask/force create mode is respected on set.
+			 */
+
+			if (setting_acl)
+				pace->perms = apply_default_perms(fsp, pace->perms, S_IROTH);
+			got_other = True;
+		}
+	}
+
+	if (!got_user) {
+		if ((pace = (canon_ace *)malloc(sizeof(canon_ace))) == NULL) {
+			DEBUG(0,("ensure_canon_entry_valid: malloc fail.\n"));
+			return False;
+		}
+
+		ZERO_STRUCTP(pace);
+		pace->type = SMB_ACL_USER_OBJ;
+		pace->owner_type = UID_ACE;
+		pace->unix_ug.uid = pst->st_uid;
+		pace->trustee = *pfile_owner_sid;
+		pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IRUSR, S_IWUSR, S_IXUSR);
+		pace->attr = ALLOW_ACE;
+
+		DLIST_ADD(*pp_ace, pace);
+	}
+
+	if (!got_grp) {
+		if ((pace = (canon_ace *)malloc(sizeof(canon_ace))) == NULL) {
+			DEBUG(0,("ensure_canon_entry_valid: malloc fail.\n"));
+			return False;
+		}
+
+		ZERO_STRUCTP(pace);
+		pace->type = SMB_ACL_GROUP_OBJ;
+		pace->owner_type = GID_ACE;
+		pace->unix_ug.uid = pst->st_gid;
+		pace->trustee = *pfile_grp_sid;
+		pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IRGRP, S_IWGRP, S_IXGRP);
+		pace->attr = ALLOW_ACE;
+
+		DLIST_ADD(*pp_ace, pace);
+	}
+
+	if (!got_other) {
+		if ((pace = (canon_ace *)malloc(sizeof(canon_ace))) == NULL) {
+			DEBUG(0,("ensure_canon_entry_valid: malloc fail.\n"));
+			return False;
+		}
+
+		ZERO_STRUCTP(pace);
+		pace->type = SMB_ACL_OTHER;
+		pace->owner_type = WORLD_ACE;
+		pace->unix_ug.world = -1;
+		pace->trustee = global_sid_World;
+		pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IROTH, S_IWOTH, S_IXOTH);
+		pace->attr = ALLOW_ACE;
+
+		DLIST_ADD(*pp_ace, pace);
+	}
+
+	return True;
+}
+
+/****************************************************************************
+ Unpack a SEC_DESC into two canonical ace lists.
+****************************************************************************/
+
+static BOOL create_canon_ace_lists(files_struct *fsp, 
+							DOM_SID *pfile_owner_sid,
+							DOM_SID *pfile_grp_sid,
+							canon_ace **ppfile_ace, canon_ace **ppdir_ace,
+							SEC_ACL *dacl)
+{
+	extern DOM_SID global_sid_World;
+	extern struct generic_mapping file_generic_mapping;
+	BOOL all_aces_are_inherit_only = (fsp->is_directory ? True : False);
+	canon_ace *file_ace = NULL;
+	canon_ace *dir_ace = NULL;
+	canon_ace *tmp_ace = NULL;
+	canon_ace *current_ace = NULL;
+	BOOL got_dir_allow = False;
+	BOOL got_file_allow = False;
+	int i, j;
+
+	*ppfile_ace = NULL;
+	*ppdir_ace = NULL;
+
+	/*
+	 * Convert the incoming ACL into a more regular form.
+	 */
+
+	for(i = 0; i < dacl->num_aces; i++) {
+		SEC_ACE *psa = &dacl->ace[i];
+
+		if((psa->type != SEC_ACE_TYPE_ACCESS_ALLOWED) && (psa->type != SEC_ACE_TYPE_ACCESS_DENIED)) {
+			DEBUG(3,("create_canon_ace_lists: unable to set anything but an ALLOW or DENY ACE.\n"));
+			return False;
+		}
+
+		/*
+		 * The security mask may be UNIX_ACCESS_NONE which should map into
+		 * no permissions (we overload the WRITE_OWNER bit for this) or it
+		 * should be one of the ALL/EXECUTE/READ/WRITE bits. Arrange for this
+		 * to be so. Any other bits override the UNIX_ACCESS_NONE bit.
+		 */
+
+		/*
+		 * Convert GENERIC bits to specific bits.
+		 */
+ 
+		se_map_generic(&psa->info.mask, &file_generic_mapping);
+
+		psa->info.mask &= (UNIX_ACCESS_NONE|FILE_ALL_ACCESS);
+
+		if(psa->info.mask != UNIX_ACCESS_NONE)
+			psa->info.mask &= ~UNIX_ACCESS_NONE;
+	}
+
+	/*
+	 * Deal with the fact that NT 4.x re-writes the canonical format
+	 * that we return for default ACLs. If a directory ACE is identical
+	 * to a inherited directory ACE then NT changes the bits so that the
+	 * first ACE is set to OI|IO and the second ACE for this SID is set
+	 * to CI. We need to repair this. JRA.
+	 */
+
+	for(i = 0; i < dacl->num_aces; i++) {
+		SEC_ACE *psa1 = &dacl->ace[i];
+
+		for (j = i + 1; j < dacl->num_aces; j++) {
+			SEC_ACE *psa2 = &dacl->ace[j];
+
+			if (psa1->info.mask != psa2->info.mask)
+				continue;
+
+			if (!sid_equal(&psa1->trustee, &psa2->trustee))
+				continue;
+
+			/*
+			 * Ok - permission bits and SIDs are equal.
+			 * Check if flags were re-written.
+			 */
+
+			if (psa1->flags & SEC_ACE_FLAG_INHERIT_ONLY) {
+
+				psa1->flags |= (psa2->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT));
+				psa2->flags &= ~(SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT);
+				
+			} else if (psa2->flags & SEC_ACE_FLAG_INHERIT_ONLY) {
+
+				psa2->flags |= (psa1->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT));
+				psa1->flags &= ~(SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT);
+				
+			}
+		}
+	}
+
+	for(i = 0; i < dacl->num_aces; i++) {
+		enum SID_NAME_USE sid_type;
+		SEC_ACE *psa = &dacl->ace[i];
+
+		/*
+		 * Ignore non-mappable SIDs (NT Authority, BUILTIN etc).
+		 */
+
+		if (non_mappable_sid(&psa->trustee)) {
+			fstring str;
+			DEBUG(10,("create_canon_ace_lists: ignoring non-mappable SID %s\n",
+				sid_to_string(str, &psa->trustee) ));
+			continue;
+		}
+
+		/*
+		 * Create a cannon_ace entry representing this NT DACL ACE.
+		 */
+
+		if ((current_ace = (canon_ace *)malloc(sizeof(canon_ace))) == NULL) {
+			free_canon_ace_list(file_ace);
+			free_canon_ace_list(dir_ace);
+			DEBUG(0,("create_canon_ace_lists: malloc fail.\n"));
+			return False;
+		}
+
+		ZERO_STRUCTP(current_ace);
+
+		sid_copy(&current_ace->trustee, &psa->trustee);
+
+		/*
+		 * Try and work out if the SID is a user or group
+		 * as we need to flag these differently for POSIX.
+		 */
+
+		if( sid_equal(&current_ace->trustee, &global_sid_World)) {
+			current_ace->owner_type = WORLD_ACE;
+			current_ace->unix_ug.world = -1;
+		} else if (sid_to_uid( &current_ace->trustee, &current_ace->unix_ug.uid, &sid_type)) {
+			current_ace->owner_type = UID_ACE;
+		} else if (sid_to_gid( &current_ace->trustee, &current_ace->unix_ug.gid, &sid_type)) {
+			current_ace->owner_type = GID_ACE;
+		} else {
+			fstring str;
+
+			free_canon_ace_list(file_ace);
+			free_canon_ace_list(dir_ace);
+			DEBUG(0,("create_canon_ace_lists: unable to map SID %s to uid or gid.\n",
+				sid_to_string(str, &current_ace->trustee) ));
+			SAFE_FREE(current_ace);
+			return False;
+		}
+
+		/*
+		 * Map the given NT permissions into a UNIX mode_t containing only
+		 * S_I(R|W|X)USR bits.
+		 */
+
+		current_ace->perms |= map_nt_perms( psa->info, S_IRUSR);
+		current_ace->attr = (psa->type == SEC_ACE_TYPE_ACCESS_ALLOWED) ? ALLOW_ACE : DENY_ACE;
+
+		/*
+		 * Now note what kind of a POSIX ACL this should map to.
+		 */
+
+		if(sid_equal(&current_ace->trustee, pfile_owner_sid)) {
+
+			current_ace->type = SMB_ACL_USER_OBJ;
+
+		} else if( sid_equal(&current_ace->trustee, pfile_grp_sid)) {
+
+			current_ace->type = SMB_ACL_GROUP_OBJ;
+
+		} else if( sid_equal(&current_ace->trustee, &global_sid_World)) {
+
+			current_ace->type = SMB_ACL_OTHER;
+
+		} else {
+			/*
+			 * Could be a SMB_ACL_USER or SMB_ACL_GROUP. Check by
+			 * looking at owner_type.
+			 */
+
+			current_ace->type = (current_ace->owner_type == UID_ACE) ? SMB_ACL_USER : SMB_ACL_GROUP;
+		}
+
+		/*
+		 * Now add the created ace to either the file list, the directory
+		 * list, or both. We *MUST* preserve the order here (hence we use
+		 * DLIST_ADD_END) as NT ACLs are order dependent.
+		 */
+
+		if (fsp->is_directory) {
+
+			/*
+			 * We can only add to the default POSIX ACE list if the ACE is
+			 * designed to be inherited by both files and directories.
+			 */
+
+			if ((psa->flags & (SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT)) ==
+				(SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT)) {
+
+				DLIST_ADD_END(dir_ace, current_ace, tmp_ace);
+
+				/*
+				 * Note if this was an allow ace. We can't process
+				 * any further deny ace's after this.
+				 */
+
+				if (current_ace->attr == ALLOW_ACE)
+					got_dir_allow = True;
+
+				if ((current_ace->attr == DENY_ACE) && got_dir_allow) {
+					DEBUG(0,("create_canon_ace_lists: malformed ACL in inheritable ACL ! \
+Deny entry after Allow entry. Failing to set on file %s.\n", fsp->fsp_name ));
+					free_canon_ace_list(file_ace);
+					free_canon_ace_list(dir_ace);
+					SAFE_FREE(current_ace);
+					return False;
+				}	
+
+				if( DEBUGLVL( 10 )) {
+					dbgtext("create_canon_ace_lists: adding dir ACL:\n");
+					print_canon_ace( current_ace, 0);
+				}
+
+				/*
+				 * If this is not an inherit only ACE we need to add a duplicate
+				 * to the file acl.
+				 */
+
+				if (!(psa->flags & SEC_ACE_FLAG_INHERIT_ONLY)) {
+					canon_ace *dup_ace = dup_canon_ace(current_ace);
+
+					if (!dup_ace) {
+						DEBUG(0,("create_canon_ace_lists: malloc fail !\n"));
+						free_canon_ace_list(file_ace);
+						free_canon_ace_list(dir_ace);
+						return False;
+					}
+
+					current_ace = dup_ace;
+				} else {
+					current_ace = NULL;
+				}
+			}
+		}
+
+		/*
+		 * Only add to the file ACL if not inherit only.
+		 */
+
+		if (!(psa->flags & SEC_ACE_FLAG_INHERIT_ONLY)) {
+			DLIST_ADD_END(file_ace, current_ace, tmp_ace);
+
+			/*
+			 * Note if this was an allow ace. We can't process
+			 * any further deny ace's after this.
+			 */
+
+			if (current_ace->attr == ALLOW_ACE)
+				got_file_allow = True;
+
+			if ((current_ace->attr == DENY_ACE) && got_file_allow) {
+				DEBUG(0,("create_canon_ace_lists: malformed ACL in file ACL ! \
+Deny entry after Allow entry. Failing to set on file %s.\n", fsp->fsp_name ));
+				free_canon_ace_list(file_ace);
+				free_canon_ace_list(dir_ace);
+				SAFE_FREE(current_ace);
+				return False;
+			}	
+
+			if( DEBUGLVL( 10 )) {
+				dbgtext("create_canon_ace_lists: adding file ACL:\n");
+				print_canon_ace( current_ace, 0);
+			}
+			all_aces_are_inherit_only = False;
+			current_ace = NULL;
+		}
+
+		/*
+		 * Free if ACE was not added.
+		 */
+
+		SAFE_FREE(current_ace);
+	}
+
+	if (fsp->is_directory && all_aces_are_inherit_only) {
+		/*
+		 * Windows 2000 is doing one of these weird 'inherit acl'
+		 * traverses to conserve NTFS ACL resources. Just pretend
+		 * there was no DACL sent. JRA.
+		 */
+
+		DEBUG(10,("create_canon_ace_lists: Win2k inherit acl traverse. Ignoring DACL.\n"));
+		free_canon_ace_list(file_ace);
+		free_canon_ace_list(dir_ace);
+		file_ace = NULL;
+		dir_ace = NULL;
+	}
+
+	*ppfile_ace = file_ace;
+	*ppdir_ace = dir_ace;
+
+	return True;
+}
+
+/****************************************************************************
+ Check if a given uid/SID is in a group gid/SID. This is probably very
+ expensive and will need optimisation. A *lot* of optimisation :-). JRA.
+****************************************************************************/
+
+static BOOL uid_entry_in_group( canon_ace *uid_ace, canon_ace *group_ace )
+{
+	extern DOM_SID global_sid_World;
+	fstring u_name;
+	fstring g_name;
+
+	/* "Everyone" always matches every uid. */
+
+	if (sid_equal(&group_ace->trustee, &global_sid_World))
+		return True;
+
+	fstrcpy(u_name, uidtoname(uid_ace->unix_ug.uid));
+	fstrcpy(g_name, gidtoname(group_ace->unix_ug.gid));
+
+	/*
+	 * Due to the winbind interfaces we need to do this via names,
+	 * not uids/gids.
+	 */
+
+	return user_in_group_list(u_name, g_name );
+}
+
+/****************************************************************************
+ ASCII art time again... JRA :-).
+
+ We have 3 cases to process when moving from an NT ACL to a POSIX ACL. Firstly,
+ we insist the ACL is in canonical form (ie. all DENY entries preceede ALLOW
+ entries). Secondly, the merge code has ensured that all duplicate SID entries for
+ allow or deny have been merged, so the same SID can only appear once in the deny
+ list or once in the allow list.
+
+ We then process as follows :
+
+ ---------------------------------------------------------------------------
+ First pass - look for a Everyone DENY entry.
+
+ If it is deny all (rwx) trunate the list at this point.
+ Else, walk the list from this point and use the deny permissions of this
+ entry as a mask on all following allow entries. Finally, delete
+ the Everyone DENY entry (we have applied it to everything possible).
+
+ In addition, in this pass we remove any DENY entries that have 
+ no permissions (ie. they are a DENY nothing).
+ ---------------------------------------------------------------------------
+ Second pass - only deal with deny user entries.
+
+ DENY user1 (perms XXX)
+
+ new_perms = 0
+ for all following allow group entries where user1 is in group
+	new_perms |= group_perms;
+
+ user1 entry perms = new_perms & ~ XXX;
+
+ Convert the deny entry to an allow entry with the new perms and
+ push to the end of the list. Note if the user was in no groups
+ this maps to a specific allow nothing entry for this user.
+
+ The common case from the NT ACL choser (userX deny all) is
+ optimised so we don't do the group lookup - we just map to
+ an allow nothing entry.
+
+ What we're doing here is inferring the allow permissions the
+ person setting the ACE on user1 wanted by looking at the allow
+ permissions on the groups the user is currently in. This will
+ be a snapshot, depending on group membership but is the best
+ we can do and has the advantage of failing closed rather than
+ open.
+ ---------------------------------------------------------------------------
+ Third pass - only deal with deny group entries.
+
+ DENY group1 (perms XXX)
+
+ for all following allow user entries where user is in group1
+   user entry perms = user entry perms & ~ XXX;
+
+ If there is a group Everyone allow entry with permissions YYY,
+ convert the group1 entry to an allow entry and modify its
+ permissions to be :
+
+ new_perms = YYY & ~ XXX
+
+ and push to the end of the list.
+
+ If there is no group Everyone allow entry then convert the
+ group1 entry to a allow nothing entry and push to the end of the list.
+
+ Note that the common case from the NT ACL choser (groupX deny all)
+ cannot be optimised here as we need to modify user entries who are
+ in the group to change them to a deny all also.
+
+ What we're doing here is modifying the allow permissions of
+ user entries (which are more specific in POSIX ACLs) to mask
+ out the explicit deny set on the group they are in. This will
+ be a snapshot depending on current group membership but is the
+ best we can do and has the advantage of failing closed rather
+ than open.
+ ---------------------------------------------------------------------------
+
+ Note we *MUST* do the deny user pass first as this will convert deny user
+ entries into allow user entries which can then be processed by the deny
+ group pass.
+
+ The above algorithm took a *lot* of thinking about - hence this
+ explaination :-). JRA.
+****************************************************************************/
+
+/****************************************************************************
+ Process a canon_ace list entries. This is very complex code. We need
+ to go through and remove the "deny" permissions from any allow entry that matches
+ the id of this entry. We have already refused any NT ACL that wasn't in correct
+ order (DENY followed by ALLOW). If any allow entry ends up with zero permissions,
+ we just remove it (to fail safe). We have already removed any duplicate ace
+ entries. Treat an "Everyone" DENY_ACE as a special case - use it to mask all
+ allow entries.
+****************************************************************************/
+
+static void process_deny_list( canon_ace **pp_ace_list )
+{
+	extern DOM_SID global_sid_World;
+	canon_ace *ace_list = *pp_ace_list;
+	canon_ace *curr_ace = NULL;
+	canon_ace *curr_ace_next = NULL;
+
+	/* Pass 1 above - look for an Everyone, deny entry. */
+
+	for (curr_ace = ace_list; curr_ace; curr_ace = curr_ace_next) {
+		canon_ace *allow_ace_p;
+
+		curr_ace_next = curr_ace->next; /* So we can't lose the link. */
+
+		if (curr_ace->attr != DENY_ACE)
+			continue;
+
+		if (curr_ace->perms == (mode_t)0) {
+
+			/* Deny nothing entry - delete. */
+
+			DLIST_REMOVE(ace_list, curr_ace);
+			continue;
+		}
+
+		if (!sid_equal(&curr_ace->trustee, &global_sid_World))
+			continue;
+
+		/* JRATEST - assert. */
+		SMB_ASSERT(curr_ace->owner_type == WORLD_ACE);
+
+		if (curr_ace->perms == ALL_ACE_PERMS) {
+
+			/*
+			 * Optimisation. This is a DENY_ALL to Everyone. Truncate the
+			 * list at this point including this entry.
+			 */
+
+			canon_ace *prev_entry = curr_ace->prev;
+
+			free_canon_ace_list( curr_ace );
+			if (prev_entry)
+				prev_entry->next = NULL;
+			else {
+				/* We deleted the entire list. */
+				ace_list = NULL;
+			}
+			break;
+		}
+
+		for (allow_ace_p = curr_ace->next; allow_ace_p; allow_ace_p = allow_ace_p->next) {
+
+			/* 
+			 * Only mask off allow entries.
+			 */
+
+			if (allow_ace_p->attr != ALLOW_ACE)
+				continue;
+
+			allow_ace_p->perms &= ~curr_ace->perms;
+		}
+
+		/*
+		 * Now it's been applied, remove it.
+		 */
+
+		DLIST_REMOVE(ace_list, curr_ace);
+	}
+
+	/* Pass 2 above - deal with deny user entries. */
+
+	for (curr_ace = ace_list; curr_ace; curr_ace = curr_ace_next) {
+		mode_t new_perms = (mode_t)0;
+		canon_ace *allow_ace_p;
+		canon_ace *tmp_ace;
+
+		curr_ace_next = curr_ace->next; /* So we can't lose the link. */
+
+		if (curr_ace->attr != DENY_ACE)
+			continue;
+
+		if (curr_ace->owner_type != UID_ACE)
+			continue;
+
+		if (curr_ace->perms == ALL_ACE_PERMS) {
+
+			/*
+			 * Optimisation - this is a deny everything to this user.
+			 * Convert to an allow nothing and push to the end of the list.
+			 */
+
+			curr_ace->attr = ALLOW_ACE;
+			curr_ace->perms = (mode_t)0;
+			DLIST_DEMOTE(ace_list, curr_ace, tmp_ace);
+			continue;
+		}
+
+		for (allow_ace_p = curr_ace->next; allow_ace_p; allow_ace_p = allow_ace_p->next) {
+
+			if (allow_ace_p->attr != ALLOW_ACE)
+				continue;
+
+			/* We process GID_ACE and WORLD_ACE entries only. */
+
+			if (allow_ace_p->owner_type == UID_ACE)
+				continue;
+
+			if (uid_entry_in_group( curr_ace, allow_ace_p))
+				new_perms |= allow_ace_p->perms;
+		}
+
+		/*
+		 * Convert to a allow entry, modify the perms and push to the end
+		 * of the list.
+		 */
+
+		curr_ace->attr = ALLOW_ACE;
+		curr_ace->perms = (new_perms & ~curr_ace->perms);
+		DLIST_DEMOTE(ace_list, curr_ace, tmp_ace);
+	}
+
+	/* Pass 3 above - deal with deny group entries. */
+
+	for (curr_ace = ace_list; curr_ace; curr_ace = curr_ace_next) {
+		canon_ace *tmp_ace;
+		canon_ace *allow_ace_p;
+		canon_ace *allow_everyone_p = NULL;
+
+		curr_ace_next = curr_ace->next; /* So we can't lose the link. */
+
+		if (curr_ace->attr != DENY_ACE)
+			continue;
+
+		if (curr_ace->owner_type != GID_ACE)
+			continue;
+
+		for (allow_ace_p = curr_ace->next; allow_ace_p; allow_ace_p = allow_ace_p->next) {
+
+			if (allow_ace_p->attr != ALLOW_ACE)
+				continue;
+
+			/* Store a pointer to the Everyone allow, if it exists. */
+			if (allow_ace_p->owner_type == WORLD_ACE)
+				allow_everyone_p = allow_ace_p;
+
+			/* We process UID_ACE entries only. */
+
+			if (allow_ace_p->owner_type != UID_ACE)
+				continue;
+
+			/* Mask off the deny group perms. */
+
+			if (uid_entry_in_group( allow_ace_p, curr_ace))
+				allow_ace_p->perms &= ~curr_ace->perms;
+		}
+
+		/*
+		 * Convert the deny to an allow with the correct perms and
+		 * push to the end of the list.
+		 */
+
+		curr_ace->attr = ALLOW_ACE;
+		if (allow_everyone_p)
+			curr_ace->perms = allow_everyone_p->perms & ~curr_ace->perms;
+		else
+			curr_ace->perms = (mode_t)0;
+		DLIST_DEMOTE(ace_list, curr_ace, tmp_ace);
+
+	}
+
+	*pp_ace_list = ace_list;
+}
+
+/****************************************************************************
+ Create a default mode that will be used if a security descriptor entry has
+ no user/group/world entries.
+****************************************************************************/
+
+static mode_t create_default_mode(files_struct *fsp, BOOL interitable_mode)
+{
+	int snum = SNUM(fsp->conn);
+	mode_t and_bits = (mode_t)0;
+	mode_t or_bits = (mode_t)0;
+	mode_t mode = interitable_mode ? unix_mode( fsp->conn, FILE_ATTRIBUTE_ARCHIVE, fsp->fsp_name) : S_IRUSR;
+
+	if (fsp->is_directory)
+		mode |= (S_IWUSR|S_IXUSR);
+
+	/*
+	 * Now AND with the create mode/directory mode bits then OR with the
+	 * force create mode/force directory mode bits.
+	 */
+
+	if (fsp->is_directory) {
+		and_bits = lp_dir_security_mask(snum);
+		or_bits = lp_force_dir_security_mode(snum);
+	} else {
+		and_bits = lp_security_mask(snum);
+		or_bits = lp_force_security_mode(snum);
+	}
+
+	return ((mode & and_bits)|or_bits);
+}
+
+/****************************************************************************
+ Unpack a SEC_DESC into two canonical ace lists. We don't depend on this
+ succeeding.
+****************************************************************************/
+
+static BOOL unpack_canon_ace(files_struct *fsp, 
+							SMB_STRUCT_STAT *pst,
+							DOM_SID *pfile_owner_sid,
+							DOM_SID *pfile_grp_sid,
+							canon_ace **ppfile_ace, canon_ace **ppdir_ace,
+							uint32 security_info_sent, SEC_DESC *psd)
+{
+	canon_ace *file_ace = NULL;
+	canon_ace *dir_ace = NULL;
+
+	*ppfile_ace = NULL;
+	*ppdir_ace = NULL;
+
+	if(security_info_sent == 0) {
+		DEBUG(0,("unpack_canon_ace: no security info sent !\n"));
+		return False;
+	}
+
+	/*
+	 * If no DACL then this is a chown only security descriptor.
+	 */
+
+	if(!(security_info_sent & DACL_SECURITY_INFORMATION) || !psd->dacl)
+		return True;
+
+	/*
+	 * Now go through the DACL and create the canon_ace lists.
+	 */
+
+	if (!create_canon_ace_lists( fsp, pfile_owner_sid, pfile_grp_sid,
+								&file_ace, &dir_ace, psd->dacl))
+		return False;
+
+	if ((file_ace == NULL) && (dir_ace == NULL)) {
+		/* W2K traverse DACL set - ignore. */
+		return True;
+	}
+
+	/*
+	 * Go through the canon_ace list and merge entries
+	 * belonging to identical users of identical allow or deny type.
+	 * We can do this as all deny entries come first, followed by
+	 * all allow entries (we have mandated this before accepting this acl).
+	 */
+
+	print_canon_ace_list( "file ace - before merge", file_ace);
+	merge_aces( &file_ace );
+
+	print_canon_ace_list( "dir ace - before merge", dir_ace);
+	merge_aces( &dir_ace );
+
+	/*
+	 * NT ACLs are order dependent. Go through the acl lists and
+	 * process DENY entries by masking the allow entries.
+	 */
+
+	print_canon_ace_list( "file ace - before deny", file_ace);
+	process_deny_list( &file_ace);
+
+	print_canon_ace_list( "dir ace - before deny", dir_ace);
+	process_deny_list( &dir_ace);
+
+	/*
+	 * A well formed POSIX file or default ACL has at least 3 entries, a 
+	 * SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ, SMB_ACL_OTHER_OBJ
+	 * and optionally a mask entry. Ensure this is the case.
+	 */
+
+	print_canon_ace_list( "file ace - before valid", file_ace);
+
+	/*
+	 * A default 3 element mode entry for a file should be r-- --- ---.
+	 * A default 3 element mode entry for a directory should be rwx --- ---.
+	 */
+
+	pst->st_mode = create_default_mode(fsp, False);
+
+	if (!ensure_canon_entry_valid(&file_ace, fsp, pfile_owner_sid, pfile_grp_sid, pst, True)) {
+		free_canon_ace_list(file_ace);
+		free_canon_ace_list(dir_ace);
+		return False;
+	}
+
+	print_canon_ace_list( "dir ace - before valid", dir_ace);
+
+	/*
+	 * A default inheritable 3 element mode entry for a directory should be the
+	 * mode Samba will use to create a file within. Ensure user rwx bits are set if
+	 * it's a directory.
+	 */
+
+	pst->st_mode = create_default_mode(fsp, True);
+
+	if (!ensure_canon_entry_valid(&dir_ace, fsp, pfile_owner_sid, pfile_grp_sid, pst, True)) {
+		free_canon_ace_list(file_ace);
+		free_canon_ace_list(dir_ace);
+		return False;
+	}
+
+	print_canon_ace_list( "file ace - return", file_ace);
+	print_canon_ace_list( "dir ace - return", dir_ace);
+
+	*ppfile_ace = file_ace;
+	*ppdir_ace = dir_ace;
+	return True;
+
+}
+
+/******************************************************************************
+ When returning permissions, try and fit NT display
+ semantics if possible. Note the the canon_entries here must have been malloced.
+ The list format should be - first entry = owner, followed by group and other user
+ entries, last entry = other.
+
+ Note that this doesn't exactly match the NT semantics for an ACL. As POSIX entries
+ are not ordered, and match on the most specific entry rather than walking a list,
+ then a simple POSIX permission of rw-r--r-- should really map to 6 entries,
+
+ Entry 0: owner : deny all except read and write.
+ Entry 1: group : deny all except read.
+ Entry 2: Everyone : deny all except read.
+ Entry 3: owner : allow read and write.
+ Entry 4: group : allow read.
+ Entry 5: Everyone : allow read.
+
+ But NT cannot display this in their ACL editor !
+********************************************************************************/
+
+static void arrange_posix_perms( char *filename, canon_ace **pp_list_head)
+{
+	canon_ace *list_head = *pp_list_head;
+	canon_ace *owner_ace = NULL;
+	canon_ace *other_ace = NULL;
+	canon_ace *ace = NULL;
+
+	for (ace = list_head; ace; ace = ace->next) {
+		if (ace->type == SMB_ACL_USER_OBJ)
+			owner_ace = ace;
+		else if (ace->type == SMB_ACL_OTHER) {
+			/* Last ace - this is "other" */
+			other_ace = ace;
+		}
+	}
+		
+	if (!owner_ace || !other_ace) {
+		DEBUG(0,("arrange_posix_perms: Invalid POSIX permissions for file %s, missing owner or other.\n",
+			filename ));
+		return;
+	}
+
+	/*
+	 * The POSIX algorithm applies to owner first, and other last,
+	 * so ensure they are arranged in this order.
+	 */
+
+	if (owner_ace) {
+		DLIST_PROMOTE(list_head, owner_ace);
+	}
+
+	if (other_ace) {
+		DLIST_DEMOTE(list_head, other_ace, ace);
+	}
+
+	/* We have probably changed the head of the list. */
+
+	*pp_list_head = list_head;
+}
+		
+/****************************************************************************
+ Create a linked list of canonical ACE entries.
+****************************************************************************/
+
+static canon_ace *canonicalise_acl( files_struct *fsp, SMB_ACL_T posix_acl, SMB_STRUCT_STAT *psbuf,
+									DOM_SID *powner, DOM_SID *pgroup)
+{
+	extern DOM_SID global_sid_World;
+	connection_struct *conn = fsp->conn;
+	mode_t acl_mask = (S_IRUSR|S_IWUSR|S_IXUSR);
+	canon_ace *list_head = NULL;
+	canon_ace *ace = NULL;
+	canon_ace *next_ace = NULL;
+	int entry_id = SMB_ACL_FIRST_ENTRY;
+	SMB_ACL_ENTRY_T entry;
+	size_t ace_count;
+
+	while ( posix_acl && (conn->vfs_ops.sys_acl_get_entry(conn, posix_acl, entry_id, &entry) == 1)) {
+		SMB_ACL_TAG_T tagtype;
+		SMB_ACL_PERMSET_T permset;
+		DOM_SID sid;
+		posix_id unix_ug;
+		enum ace_owner owner_type;
+
+		/* get_next... */
+		if (entry_id == SMB_ACL_FIRST_ENTRY)
+			entry_id = SMB_ACL_NEXT_ENTRY;
+
+		/* Is this a MASK entry ? */
+		if (conn->vfs_ops.sys_acl_get_tag_type(conn, entry, &tagtype) == -1)
+			continue;
+
+		if (conn->vfs_ops.sys_acl_get_permset(conn, entry, &permset) == -1)
+			continue;
+
+		/* Decide which SID to use based on the ACL type. */
+		switch(tagtype) {
+			case SMB_ACL_USER_OBJ:
+				/* Get the SID from the owner. */
+				uid_to_sid( &sid, psbuf->st_uid );
+				unix_ug.uid = psbuf->st_uid;
+				owner_type = UID_ACE;
+				break;
+			case SMB_ACL_USER:
+				{
+					uid_t *puid = (uid_t *)conn->vfs_ops.sys_acl_get_qualifier(conn, entry);
+					if (puid == NULL) {
+						DEBUG(0,("canonicalise_acl: Failed to get uid.\n"));
+						continue;
+					}
+					uid_to_sid( &sid, *puid);
+					unix_ug.uid = *puid;
+					owner_type = UID_ACE;
+					conn->vfs_ops.sys_acl_free_qualifier(conn, (void *)puid,tagtype);
+					break;
+				}
+			case SMB_ACL_GROUP_OBJ:
+				/* Get the SID from the owning group. */
+				gid_to_sid( &sid, psbuf->st_gid );
+				unix_ug.gid = psbuf->st_gid;
+				owner_type = GID_ACE;
+				break;
+			case SMB_ACL_GROUP:
+				{
+					gid_t *pgid = (gid_t *)conn->vfs_ops.sys_acl_get_qualifier(conn, entry);
+					if (pgid == NULL) {
+						DEBUG(0,("canonicalise_acl: Failed to get gid.\n"));
+						continue;
+					}
+					gid_to_sid( &sid, *pgid);
+					unix_ug.gid = *pgid;
+					owner_type = GID_ACE;
+					conn->vfs_ops.sys_acl_free_qualifier(conn, (void *)pgid,tagtype);
+					break;
+				}
+			case SMB_ACL_MASK:
+				acl_mask = convert_permset_to_mode_t(conn, permset);
+				continue; /* Don't count the mask as an entry. */
+			case SMB_ACL_OTHER:
+				/* Use the Everyone SID */
+				sid = global_sid_World;
+				unix_ug.world = -1;
+				owner_type = WORLD_ACE;
+				break;
+			default:
+				DEBUG(0,("canonicalise_acl: Unknown tagtype %u\n", (unsigned int)tagtype));
+				continue;
+		}
+
+		/*
+		 * Add this entry to the list.
+		 */
+
+		if ((ace = (canon_ace *)malloc(sizeof(canon_ace))) == NULL)
+			goto fail;
+
+		ZERO_STRUCTP(ace);
+		ace->type = tagtype;
+		ace->perms = convert_permset_to_mode_t(conn, permset);
+		ace->attr = ALLOW_ACE;
+		ace->trustee = sid;
+		ace->unix_ug = unix_ug;
+		ace->owner_type = owner_type;
+
+		DLIST_ADD(list_head, ace);
+	}
+
+	/*
+	 * This next call will ensure we have at least a user/group/world set.
+	 */
+
+	if (!ensure_canon_entry_valid(&list_head, fsp, powner, pgroup, psbuf, False))
+		goto fail;
+
+	arrange_posix_perms(fsp->fsp_name,&list_head );
+
+	/*
+	 * Now go through the list, masking the permissions with the
+	 * acl_mask. Ensure all DENY Entries are at the start of the list.
+	 */
+
+	DEBUG(10,("canonicalise_acl: ace entries before arrange :\n"));
+
+	for ( ace_count = 0, ace = list_head; ace; ace = next_ace, ace_count++) {
+		next_ace = ace->next;
+
+		/* Masks are only applied to entries other than USER_OBJ and OTHER. */
+		if (ace->type != SMB_ACL_OTHER && ace->type != SMB_ACL_USER_OBJ)
+			ace->perms &= acl_mask;
+
+		if (ace->perms == 0) {
+			DLIST_PROMOTE(list_head, ace);
+		}
+
+		if( DEBUGLVL( 10 ) ) {
+			print_canon_ace(ace, ace_count);
+		}
+	}
+
+	print_canon_ace_list( "canonicalise_acl: ace entries after arrange", list_head );
+
+	return list_head;
+
+  fail:
+
+	free_canon_ace_list(list_head);
+	return NULL;
+}
+
+/****************************************************************************
+ Attempt to apply an ACL to a file or directory.
+****************************************************************************/
+
+static BOOL set_canon_ace_list(files_struct *fsp, canon_ace *the_ace, BOOL default_ace, BOOL *pacl_set_support)
+{
+	connection_struct *conn = fsp->conn;
+	BOOL ret = False;
+	SMB_ACL_T the_acl = conn->vfs_ops.sys_acl_init(conn, (int)count_canon_ace_list(the_ace) + 1);
+	canon_ace *p_ace;
+	int i;
+	SMB_ACL_ENTRY_T mask_entry;
+	SMB_ACL_PERMSET_T mask_permset;
+	SMB_ACL_TYPE_T the_acl_type = (default_ace ? SMB_ACL_TYPE_DEFAULT : SMB_ACL_TYPE_ACCESS);
+
+	if (the_acl == NULL) {
+
+		if (errno != ENOSYS) {
+			/*
+			 * Only print this error message if we have some kind of ACL
+			 * support that's not working. Otherwise we would always get this.
+			 */
+			DEBUG(0,("set_canon_ace_list: Unable to init %s ACL. (%s)\n",
+				default_ace ? "default" : "file", strerror(errno) ));
+		}
+		*pacl_set_support = False;
+		return False;
+	}
+
+	for (i = 0, p_ace = the_ace; p_ace; p_ace = p_ace->next, i++ ) {
+		SMB_ACL_ENTRY_T the_entry;
+		SMB_ACL_PERMSET_T the_permset;
+
+		/*
+		 * Get the entry for this ACE.
+		 */
+
+		if (conn->vfs_ops.sys_acl_create_entry(conn, &the_acl, &the_entry) == -1) {
+			DEBUG(0,("set_canon_ace_list: Failed to create entry %d. (%s)\n",
+				i, strerror(errno) ));
+			goto done;
+		}
+
+		/*
+		 * Ok - we now know the ACL calls should be working, don't
+		 * allow fallback to chmod.
+		 */
+
+		*pacl_set_support = True;
+
+		/*
+		 * Initialise the entry from the canon_ace.
+		 */
+
+		/*
+		 * First tell the entry what type of ACE this is.
+		 */
+
+		if (conn->vfs_ops.sys_acl_set_tag_type(conn, the_entry, p_ace->type) == -1) {
+			DEBUG(0,("set_canon_ace_list: Failed to set tag type on entry %d. (%s)\n",
+				i, strerror(errno) ));
+			goto done;
+		}
+
+		/*
+		 * Only set the qualifier (user or group id) if the entry is a user
+		 * or group id ACE.
+		 */
+
+		if ((p_ace->type == SMB_ACL_USER) || (p_ace->type == SMB_ACL_GROUP)) {
+			if (conn->vfs_ops.sys_acl_set_qualifier(conn, the_entry,(void *)&p_ace->unix_ug.uid) == -1) {
+				DEBUG(0,("set_canon_ace_list: Failed to set qualifier on entry %d. (%s)\n",
+					i, strerror(errno) ));
+				goto done;
+			}
+		}
+
+		/*
+		 * Convert the mode_t perms in the canon_ace to a POSIX permset.
+		 */
+
+		if (conn->vfs_ops.sys_acl_get_permset(conn, the_entry, &the_permset) == -1) {
+			DEBUG(0,("set_canon_ace_list: Failed to get permset on entry %d. (%s)\n",
+				i, strerror(errno) ));
+			goto done;
+		}
+
+		if (map_acl_perms_to_permset(conn, p_ace->perms, &the_permset) == -1) {
+			DEBUG(0,("set_canon_ace_list: Failed to create permset for mode (%u) on entry %d. (%s)\n",
+				(unsigned int)p_ace->perms, i, strerror(errno) ));
+			goto done;
+		}
+
+		/*
+		 * ..and apply them to the entry.
+		 */
+
+		if (conn->vfs_ops.sys_acl_set_permset(conn, the_entry, the_permset) == -1) {
+			DEBUG(0,("set_canon_ace_list: Failed to add permset on entry %d. (%s)\n",
+				i, strerror(errno) ));
+			goto done;
+		}
+
+		if( DEBUGLVL( 10 ))
+			print_canon_ace( p_ace, i);
+	}
+
+	/*
+	 * Add in a mask of rwx.
+	 */
+
+	if (conn->vfs_ops.sys_acl_create_entry( conn, &the_acl, &mask_entry) == -1) {
+		DEBUG(0,("set_canon_ace_list: Failed to create mask entry. (%s)\n", strerror(errno) ));
+		goto done;
+	}
+
+	if (conn->vfs_ops.sys_acl_set_tag_type(conn, mask_entry, SMB_ACL_MASK) == -1) {
+		DEBUG(0,("set_canon_ace_list: Failed to set tag type on mask entry. (%s)\n",strerror(errno) ));
+		goto done;
+	}
+
+	if (conn->vfs_ops.sys_acl_get_permset(conn, mask_entry, &mask_permset) == -1) {
+		DEBUG(0,("set_canon_ace_list: Failed to get mask permset. (%s)\n", strerror(errno) ));
+		goto done;
+	}
+
+	if (map_acl_perms_to_permset(conn, S_IRUSR|S_IWUSR|S_IXUSR, &mask_permset) == -1) {
+		DEBUG(0,("set_canon_ace_list: Failed to create mask permset. (%s)\n", strerror(errno) ));
+		goto done;
+	}
+
+	if (conn->vfs_ops.sys_acl_set_permset(conn, mask_entry, mask_permset) == -1) {
+		DEBUG(0,("set_canon_ace_list: Failed to add mask permset. (%s)\n", strerror(errno) ));
+		goto done;
+	}
+
+	/*
+	 * Check if the ACL is valid.
+	 */
+
+	if (conn->vfs_ops.sys_acl_valid(conn, the_acl) == -1) {
+		DEBUG(0,("set_canon_ace_list: ACL type (%s) is invalid for set (%s).\n",
+				the_acl_type == SMB_ACL_TYPE_DEFAULT ? "directory default" : "file",
+				strerror(errno) ));
+		goto done;
+	}
+
+	/*
+	 * Finally apply it to the file or directory.
+	 */
+
+	if(default_ace || fsp->is_directory || fsp->fd == -1) {
+		if (conn->vfs_ops.sys_acl_set_file(conn, fsp->fsp_name, the_acl_type, the_acl) == -1) {
+			/*
+			 * Some systems allow all the above calls and only fail with no ACL support
+			 * when attempting to apply the acl. HPUX with HFS is an example of this. JRA.
+			 */
+			if (errno == ENOSYS)
+				*pacl_set_support = False;
+			DEBUG(2,("set_canon_ace_list: sys_acl_set_file type %s failed for file %s (%s).\n",
+					the_acl_type == SMB_ACL_TYPE_DEFAULT ? "directory default" : "file",
+					fsp->fsp_name, strerror(errno) ));
+			goto done;
+		}
+	} else {
+		if (conn->vfs_ops.sys_acl_set_fd(fsp, fsp->fd, the_acl) == -1) {
+			/*
+			 * Some systems allow all the above calls and only fail with no ACL support
+			 * when attempting to apply the acl. HPUX with HFS is an example of this. JRA.
+			 */
+			if (errno == ENOSYS)
+				*pacl_set_support = False;
+			DEBUG(2,("set_canon_ace_list: sys_acl_set_file failed for file %s (%s).\n",
+					fsp->fsp_name, strerror(errno) ));
+			goto done;
+		}
+	}
+
+	ret = True;
+
+  done:
+
+	if (the_acl != NULL)
+	    conn->vfs_ops.sys_acl_free_acl(conn, the_acl);
+
+	return ret;
+}
+
+/****************************************************************************
+ Convert a canon_ace to a generic 3 element permission - if possible.
+****************************************************************************/
+
+#define MAP_PERM(p,mask,result) (((p) & (mask)) ? (result) : 0 )
+
+static BOOL convert_canon_ace_to_posix_perms( files_struct *fsp, canon_ace *file_ace_list, mode_t *posix_perms)
+{
+	int snum = SNUM(fsp->conn);
+	size_t ace_count = count_canon_ace_list(file_ace_list);
+	canon_ace *ace_p;
+	canon_ace *owner_ace = NULL;
+	canon_ace *group_ace = NULL;
+	canon_ace *other_ace = NULL;
+	mode_t and_bits;
+	mode_t or_bits;
+
+	if (ace_count != 3) {
+		DEBUG(3,("convert_canon_ace_to_posix_perms: Too many ACE entries for file %s to convert to \
+posix perms.\n", fsp->fsp_name ));
+		return False;
+	}
+
+	for (ace_p = file_ace_list; ace_p; ace_p = ace_p->next) {
+		if (ace_p->owner_type == UID_ACE)
+			owner_ace = ace_p;
+		else if (ace_p->owner_type == GID_ACE)
+			group_ace = ace_p;
+		else if (ace_p->owner_type == WORLD_ACE)
+			other_ace = ace_p;
+	}
+
+	if (!owner_ace || !group_ace || !other_ace) {
+		DEBUG(3,("convert_canon_ace_to_posix_perms: Can't get standard entries for file %s.\n",
+				fsp->fsp_name ));
+		return False;
+	}
+
+	*posix_perms = (mode_t)0;
+
+	*posix_perms |= owner_ace->perms;
+	*posix_perms |= MAP_PERM(group_ace->perms, S_IRUSR, S_IRGRP);
+	*posix_perms |= MAP_PERM(group_ace->perms, S_IWUSR, S_IWGRP);
+	*posix_perms |= MAP_PERM(group_ace->perms, S_IXUSR, S_IXGRP);
+	*posix_perms |= MAP_PERM(other_ace->perms, S_IRUSR, S_IROTH);
+	*posix_perms |= MAP_PERM(other_ace->perms, S_IWUSR, S_IWOTH);
+	*posix_perms |= MAP_PERM(other_ace->perms, S_IXUSR, S_IXOTH);
+
+	/* The owner must have at least read access. */
+
+	*posix_perms |= S_IRUSR;
+	if (fsp->is_directory)
+		*posix_perms |= (S_IWUSR|S_IXUSR);
+
+	/* If requested apply the masks. */
+
+	/* Get the initial bits to apply. */
+
+	if (fsp->is_directory) {
+		and_bits = lp_dir_security_mask(snum);
+		or_bits = lp_force_dir_security_mode(snum);
+	} else {
+		and_bits = lp_security_mask(snum);
+		or_bits = lp_force_security_mode(snum);
+	}
+
+	*posix_perms = (((*posix_perms) & and_bits)|or_bits);
+
+	DEBUG(10,("convert_canon_ace_to_posix_perms: converted u=%o,g=%o,w=%o to perm=0%o for file %s.\n",
+		(int)owner_ace->perms, (int)group_ace->perms, (int)other_ace->perms, (int)*posix_perms,
+		fsp->fsp_name ));
+
+	return True;
+}
+
+static int nt_ace_comp( SEC_ACE *a1, SEC_ACE *a2)
+{
+	if (a1->type == a2->type)
+		return 0;
+
+	if (a1->type == SEC_ACE_TYPE_ACCESS_DENIED && a2->type == SEC_ACE_TYPE_ACCESS_ALLOWED)
+		return -1;
+	return 1;
+}
+
+/****************************************************************************
+ Reply to query a security descriptor from an fsp. If it succeeds it allocates
+ the space for the return elements and returns the size needed to return the
+ security descriptor. This should be the only external function needed for
+ the UNIX style get ACL.
+****************************************************************************/
+
+size_t get_nt_acl(files_struct *fsp, SEC_DESC **ppdesc)
+{
+	connection_struct *conn = fsp->conn;
+	SMB_STRUCT_STAT sbuf;
+	SEC_ACE *nt_ace_list = NULL;
+	DOM_SID owner_sid;
+	DOM_SID group_sid;
+	size_t sd_size = 0;
+	SEC_ACL *psa = NULL;
+	size_t num_acls = 0;
+	size_t num_dir_acls = 0;
+	size_t num_aces = 0;
+	SMB_ACL_T posix_acl = NULL;
+	SMB_ACL_T dir_acl = NULL;
+	canon_ace *file_ace = NULL;
+	canon_ace *dir_ace = NULL;
+ 
+	*ppdesc = NULL;
+
+	DEBUG(10,("get_nt_acl: called for file %s\n", fsp->fsp_name ));
+
+	if(fsp->is_directory || fsp->fd == -1) {
+
+		/* Get the stat struct for the owner info. */
+		if(vfs_stat(fsp->conn,fsp->fsp_name, &sbuf) != 0) {
+			return 0;
+		}
+		/*
+		 * Get the ACL from the path.
+		 */
+
+		posix_acl = conn->vfs_ops.sys_acl_get_file(conn, fsp->fsp_name, SMB_ACL_TYPE_ACCESS);
+
+		/*
+		 * If it's a directory get the default POSIX ACL.
+		 */
+
+		if(fsp->is_directory)
+			dir_acl = conn->vfs_ops.sys_acl_get_file(conn, fsp->fsp_name, SMB_ACL_TYPE_DEFAULT);
+
+	} else {
+
+		/* Get the stat struct for the owner info. */
+		if(vfs_fstat(fsp,fsp->fd,&sbuf) != 0) {
+			return 0;
+		}
+		/*
+		 * Get the ACL from the fd.
+		 */
+		posix_acl = conn->vfs_ops.sys_acl_get_fd(fsp, fsp->fd);
+	}
+
+	DEBUG(5,("get_nt_acl : file ACL %s, directory ACL %s\n",
+			posix_acl ? "present" :  "absent",
+			dir_acl ? "present" :  "absent" ));
+
+	/*
+	 * Get the owner, group and world SIDs.
+	 */
+
+	create_file_sids(&sbuf, &owner_sid, &group_sid);
+
+	/* Create the canon_ace lists. */
+	file_ace = canonicalise_acl( fsp, posix_acl, &sbuf,  &owner_sid, &group_sid);
+	num_acls = count_canon_ace_list(file_ace);
+
+	/* We must have *some* ACLS. */
+
+	if (num_acls == 0) {
+		DEBUG(0,("get_nt_acl : No ACLs on file (%s) !\n", fsp->fsp_name ));
+		return 0;
+	}
+
+	if (fsp->is_directory) { 
+		/*
+		 * If we have to fake a default ACL then this is the mode to use.
+		 */
+		sbuf.st_mode = unix_mode( fsp->conn, FILE_ATTRIBUTE_ARCHIVE, fsp->fsp_name);
+
+		dir_ace = canonicalise_acl(fsp, dir_acl, &sbuf, &owner_sid, &group_sid);
+		num_dir_acls = count_canon_ace_list(dir_ace);
+	}
+
+	/* Allocate the ace list. */
+	if ((nt_ace_list = (SEC_ACE *)malloc((num_acls + num_dir_acls)* sizeof(SEC_ACE))) == NULL) {
+		DEBUG(0,("get_nt_acl: Unable to malloc space for nt_ace_list.\n"));
+		goto done;
+	}
+
+	memset(nt_ace_list, '\0', (num_acls + num_dir_acls) * sizeof(SEC_ACE) );
+
+	/*
+	 * Create the NT ACE list from the canonical ace lists.
+	 */
+
+	{
+		canon_ace *ace;
+		int nt_acl_type;
+		int i;
+
+		ace = file_ace;
+
+		for (i = 0; i < num_acls; i++, ace = ace->next) {
+			SEC_ACCESS acc = map_canon_ace_perms(&nt_acl_type, &owner_sid, ace );
+			init_sec_ace(&nt_ace_list[num_aces++], &ace->trustee, nt_acl_type, acc, 0);
+		}
+
+		ace = dir_ace;
+
+		for (i = 0; i < num_dir_acls; i++, ace = ace->next) {
+			SEC_ACCESS acc = map_canon_ace_perms(&nt_acl_type, &owner_sid, ace );
+			init_sec_ace(&nt_ace_list[num_aces++], &ace->trustee, nt_acl_type, acc, 
+					SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_INHERIT_ONLY);
+		}
+
+		/*
+		 * Sort to force deny entries to the front.
+		 */
+
+		if (num_acls + num_dir_acls)
+			qsort( nt_ace_list, num_acls + num_dir_acls, sizeof(nt_ace_list[0]), QSORT_CAST nt_ace_comp);
+	}
+
+	if (num_acls) {
+		if((psa = make_sec_acl( main_loop_talloc_get(), ACL_REVISION, num_aces, nt_ace_list)) == NULL) {
+			DEBUG(0,("get_nt_acl: Unable to malloc space for acl.\n"));
+			goto done;
+		}
+	}
+
+	*ppdesc = make_standard_sec_desc( main_loop_talloc_get(), &owner_sid, &group_sid, psa, &sd_size);
+
+	if(!*ppdesc) {
+		DEBUG(0,("get_nt_acl: Unable to malloc space for security descriptor.\n"));
+		sd_size = 0;
+	}
+
+  done:
+
+	if (posix_acl)	
+		conn->vfs_ops.sys_acl_free_acl(conn, posix_acl);
+	if (dir_acl)
+		conn->vfs_ops.sys_acl_free_acl(conn, dir_acl);
+	free_canon_ace_list(file_ace);
+	free_canon_ace_list(dir_ace);
+	SAFE_FREE(nt_ace_list);
+
+	return sd_size;
+}
+
+/****************************************************************************
+ Reply to set a security descriptor on an fsp. security_info_sent is the
+ description of the following NT ACL.
+ This should be the only external function needed for the UNIX style set ACL.
+****************************************************************************/
+
+BOOL set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
+{
+	connection_struct *conn = fsp->conn;
+	uid_t user = (uid_t)-1;
+	gid_t grp = (gid_t)-1;
+	SMB_STRUCT_STAT sbuf;  
+	DOM_SID file_owner_sid;
+	DOM_SID file_grp_sid;
+	canon_ace *file_ace_list = NULL;
+	canon_ace *dir_ace_list = NULL;
+	BOOL acl_perms = False;
+	mode_t orig_mode = (mode_t)0;
+	uid_t orig_uid;
+	gid_t orig_gid;
+
+	DEBUG(10,("set_nt_acl: called for file %s\n", fsp->fsp_name ));
+
+	/*
+	 * Get the current state of the file.
+	 */
+
+	if(fsp->is_directory || fsp->fd == -1) {
+		if(vfs_stat(fsp->conn,fsp->fsp_name, &sbuf) != 0)
+			return False;
+	} else {
+		if(vfs_fstat(fsp,fsp->fd,&sbuf) != 0)
+			return False;
+	}
+
+	/* Save the original elements we check against. */
+	orig_mode = sbuf.st_mode;
+	orig_uid = sbuf.st_uid;
+	orig_gid = sbuf.st_gid;
+
+	/*
+	 * Unpack the user/group/world id's.
+	 */
+
+	if (!unpack_nt_owners( &sbuf, &user, &grp, security_info_sent, psd))
+		return False;
+
+	/*
+	 * Do we need to chown ?
+	 */
+
+	if((user != (uid_t)-1 || grp != (uid_t)-1) && (orig_uid != user || orig_gid != grp)) {
+
+		DEBUG(3,("set_nt_acl: chown %s. uid = %u, gid = %u.\n",
+				fsp->fsp_name, (unsigned int)user, (unsigned int)grp ));
+
+		if(vfs_chown( fsp->conn, fsp->fsp_name, user, grp) == -1) {
+			DEBUG(3,("set_nt_acl: chown %s, %u, %u failed. Error = %s.\n",
+				fsp->fsp_name, (unsigned int)user, (unsigned int)grp, strerror(errno) ));
+			return False;
+		}
+
+		/*
+		 * Recheck the current state of the file, which may have changed.
+		 * (suid/sgid bits, for instance)
+		 */
+
+		if(fsp->is_directory) {
+			if(vfs_stat(fsp->conn, fsp->fsp_name, &sbuf) != 0) {
+				return False;
+			}
+		} else {
+
+			int ret;
+    
+			if(fsp->fd == -1)
+				ret = vfs_stat(fsp->conn, fsp->fsp_name, &sbuf);
+			else
+				ret = vfs_fstat(fsp,fsp->fd,&sbuf);
+  
+			if(ret != 0)
+				return False;
+		}
+
+		/* Save the original elements we check against. */
+		orig_mode = sbuf.st_mode;
+		orig_uid = sbuf.st_uid;
+		orig_gid = sbuf.st_gid;
+	}
+
+	create_file_sids(&sbuf, &file_owner_sid, &file_grp_sid);
+
+	acl_perms = unpack_canon_ace( fsp, &sbuf, &file_owner_sid, &file_grp_sid,
+									&file_ace_list, &dir_ace_list, security_info_sent, psd);
+
+	if ((file_ace_list == NULL) && (dir_ace_list == NULL)) {
+		/* W2K traverse DACL set - ignore. */
+		return True;
+    }
+
+	if (!acl_perms) {
+		DEBUG(3,("set_nt_acl: cannot set permissions\n"));
+		free_canon_ace_list(file_ace_list);
+		free_canon_ace_list(dir_ace_list); 
+		return False;
+	}
+
+	/*
+	 * Only change security if we got a DACL.
+	 */
+
+	if((security_info_sent & DACL_SECURITY_INFORMATION) && (psd->dacl != NULL)) {
+
+		BOOL acl_set_support = False;
+		BOOL ret = False;
+
+		/*
+		 * Try using the POSIX ACL set first. Fall back to chmod if
+		 * we have no ACL support on this filesystem.
+		 */
+
+		if (acl_perms && file_ace_list) {
+			ret = set_canon_ace_list(fsp, file_ace_list, False, &acl_set_support);
+			if (acl_set_support && ret == False) {
+				DEBUG(3,("set_nt_acl: failed to set file acl on file %s (%s).\n", fsp->fsp_name, strerror(errno) ));
+				free_canon_ace_list(file_ace_list);
+				free_canon_ace_list(dir_ace_list); 
+				return False;
+			}
+		}
+
+		if (acl_perms && acl_set_support && fsp->is_directory) {
+			if (dir_ace_list) {
+				if (!set_canon_ace_list(fsp, dir_ace_list, True, &acl_set_support)) {
+					DEBUG(3,("set_nt_acl: failed to set default acl on directory %s (%s).\n", fsp->fsp_name, strerror(errno) ));
+					free_canon_ace_list(file_ace_list);
+					free_canon_ace_list(dir_ace_list); 
+					return False;
+				}
+			} else {
+
+				/*
+				 * No default ACL - delete one if it exists.
+				 */
+
+				if (conn->vfs_ops.sys_acl_delete_def_file(conn, fsp->fsp_name) == -1) {
+					DEBUG(3,("set_nt_acl: sys_acl_delete_def_file failed (%s)\n", strerror(errno)));
+					free_canon_ace_list(file_ace_list);
+					return False;
+				}
+			}
+		}
+
+		/*
+		 * If we cannot set using POSIX ACLs we fall back to checking if we need to chmod.
+		 */
+
+		if(!acl_set_support && acl_perms) {
+			mode_t posix_perms;
+
+			if (!convert_canon_ace_to_posix_perms( fsp, file_ace_list, &posix_perms)) {
+				free_canon_ace_list(file_ace_list);
+				free_canon_ace_list(dir_ace_list);
+				DEBUG(3,("set_nt_acl: failed to convert file acl to posix permissions for file %s.\n",
+					fsp->fsp_name ));
+				return False;
+			}
+
+			if (orig_mode != posix_perms) {
+
+				DEBUG(3,("set_nt_acl: chmod %s. perms = 0%o.\n",
+					fsp->fsp_name, (unsigned int)posix_perms ));
+
+				if(conn->vfs_ops.chmod(conn,fsp->fsp_name, posix_perms) == -1) {
+					DEBUG(3,("set_nt_acl: chmod %s, 0%o failed. Error = %s.\n",
+							fsp->fsp_name, (unsigned int)posix_perms, strerror(errno) ));
+					free_canon_ace_list(file_ace_list);
+					free_canon_ace_list(dir_ace_list);
+					return False;
+				}
+			}
+		}
+	}
+
+	free_canon_ace_list(file_ace_list);
+	free_canon_ace_list(dir_ace_list); 
+
+	return True;
+}
+
+/****************************************************************************
+ Do a chmod by setting the ACL USER_OBJ, GROUP_OBJ and OTHER bits in an ACL
+ and set the mask to rwx. Needed to preserve complex ACLs set by NT.
+****************************************************************************/
+
+static int chmod_acl_internals( connection_struct *conn, SMB_ACL_T posix_acl, mode_t mode)
+{
+	int entry_id = SMB_ACL_FIRST_ENTRY;
+	SMB_ACL_ENTRY_T entry;
+	int num_entries = 0;
+
+	while ( conn->vfs_ops.sys_acl_get_entry(conn, posix_acl, entry_id, &entry) == 1) {
+		SMB_ACL_TAG_T tagtype;
+		SMB_ACL_PERMSET_T permset;
+		mode_t perms;
+
+		/* get_next... */
+		if (entry_id == SMB_ACL_FIRST_ENTRY)
+			entry_id = SMB_ACL_NEXT_ENTRY;
+
+		if (conn->vfs_ops.sys_acl_get_tag_type(conn, entry, &tagtype) == -1)
+			return -1;
+
+		if (conn->vfs_ops.sys_acl_get_permset(conn, entry, &permset) == -1)
+			return -1;
+
+		num_entries++;
+
+		switch(tagtype) {
+			case SMB_ACL_USER_OBJ:
+				perms = unix_perms_to_acl_perms(mode, S_IRUSR, S_IWUSR, S_IXUSR);
+                break;
+			case SMB_ACL_GROUP_OBJ:
+				perms = unix_perms_to_acl_perms(mode, S_IRGRP, S_IWGRP, S_IXGRP);
+				break;
+			case SMB_ACL_MASK:
+				perms = S_IRUSR|S_IWUSR|S_IXUSR;
+				break;
+			case SMB_ACL_OTHER:
+				perms = unix_perms_to_acl_perms(mode, S_IROTH, S_IWOTH, S_IXOTH);
+				break;
+			default:
+				continue;
+		}
+
+		if (map_acl_perms_to_permset(conn, perms, &permset) == -1)
+			return -1;
+
+		if (conn->vfs_ops.sys_acl_set_permset(conn, entry, permset) == -1)
+			return -1;
+	}
+
+	/*
+	 * If this is a simple 3 element ACL or no elements then it's a standard
+	 * UNIX permission set. Just use chmod...	
+	 */
+
+	if ((num_entries == 3) || (num_entries == 0))
+		return -1;
+
+	return 0;
+}
+
+/****************************************************************************
+ Do a chmod by setting the ACL USER_OBJ, GROUP_OBJ and OTHER bits in an ACL
+ and set the mask to rwx. Needed to preserve complex ACLs set by NT.
+ Note that name is in UNIX character set.
+****************************************************************************/
+
+int chmod_acl(connection_struct *conn, const char *name, mode_t mode)
+{
+	SMB_ACL_T posix_acl = NULL;
+	int ret = -1;
+
+	if ((posix_acl = conn->vfs_ops.sys_acl_get_file(conn, name, SMB_ACL_TYPE_ACCESS)) == NULL)
+		return -1;
+
+	if ((ret = chmod_acl_internals(conn, posix_acl, mode)) == -1)
+		goto done;
+
+	ret = conn->vfs_ops.sys_acl_set_file(conn, name, SMB_ACL_TYPE_ACCESS, posix_acl);
+
+  done:
+
+	conn->vfs_ops.sys_acl_free_acl(conn, posix_acl);
+	return ret;
+}
+
+/****************************************************************************
+ Do an fchmod by setting the ACL USER_OBJ, GROUP_OBJ and OTHER bits in an ACL
+ and set the mask to rwx. Needed to preserve complex ACLs set by NT.
+****************************************************************************/
+
+int fchmod_acl(files_struct *fsp, int fd, mode_t mode)
+{
+	connection_struct *conn = fsp->conn;
+	SMB_ACL_T posix_acl = NULL;
+	int ret = -1;
+
+	if ((posix_acl = conn->vfs_ops.sys_acl_get_fd(fsp, fd)) == NULL)
+		return -1;
+
+	if ((ret = chmod_acl_internals(conn, posix_acl, mode)) == -1)
+		goto done;
+
+	ret = conn->vfs_ops.sys_acl_set_fd(fsp, fd, posix_acl);
+
+  done:
+
+	conn->vfs_ops.sys_acl_free_acl(conn, posix_acl);
+	return ret;
+}
+
+BOOL directory_has_default_acl(connection_struct *conn, const char *fname)
+{
+        SMB_ACL_T dir_acl = conn->vfs_ops.sys_acl_get_file( conn, fname, SMB_ACL_TYPE_DEFAULT);
+        BOOL has_acl = False;
+        SMB_ACL_ENTRY_T entry;
+
+        if (dir_acl != NULL && (conn->vfs_ops.sys_acl_get_entry(conn, dir_acl, SMB_ACL_FIRST_ENTRY, &entry) == 1))
+                has_acl = True;
+
+        conn->vfs_ops.sys_acl_free_acl(conn, dir_acl);
+        return has_acl;
+}
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
new file mode 100644
index 0000000000..007621f6bb
--- /dev/null
+++ b/source3/smbd/process.c
@@ -0,0 +1,1301 @@
+/* 
+   Unix SMB/CIFS implementation.
+   process incoming packets - main loop
+   Copyright (C) Andrew Tridgell 1992-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+struct timeval smb_last_time;
+
+static char *InBuffer = NULL;
+char *OutBuffer = NULL;
+char *last_inbuf = NULL;
+
+/* 
+ * Size of data we can send to client. Set
+ *  by the client for all protocols above CORE.
+ *  Set by us for CORE protocol.
+ */
+int max_send = BUFFER_SIZE;
+/*
+ * Size of the data we can receive. Set by us.
+ * Can be modified by the max xmit parameter.
+ */
+int max_recv = BUFFER_SIZE;
+
+extern int last_message;
+extern int global_oplock_break;
+extern userdom_struct current_user_info;
+extern int smb_read_error;
+extern VOLATILE sig_atomic_t reload_after_sighup;
+extern VOLATILE sig_atomic_t got_sig_term;
+extern BOOL global_machine_password_needs_changing;
+extern fstring global_myworkgroup;
+extern pstring global_myname;
+extern int max_send;
+
+/****************************************************************************
+ structure to hold a linked list of queued messages.
+ for processing.
+****************************************************************************/
+
+typedef struct {
+   ubi_slNode msg_next;
+   char *msg_buf;
+   int msg_len;
+} pending_message_list;
+
+static ubi_slList smb_oplock_queue = { NULL, (ubi_slNodePtr)&smb_oplock_queue, 0};
+
+/****************************************************************************
+ Function to push a message onto the tail of a linked list of smb messages ready
+ for processing.
+****************************************************************************/
+
+static BOOL push_message(ubi_slList *list_head, char *buf, int msg_len)
+{
+  pending_message_list *msg = (pending_message_list *)
+                               malloc(sizeof(pending_message_list));
+
+  if(msg == NULL)
+  {
+    DEBUG(0,("push_message: malloc fail (1)\n"));
+    return False;
+  }
+
+  msg->msg_buf = (char *)malloc(msg_len);
+  if(msg->msg_buf == NULL)
+  {
+    DEBUG(0,("push_message: malloc fail (2)\n"));
+    SAFE_FREE(msg);
+    return False;
+  }
+
+  memcpy(msg->msg_buf, buf, msg_len);
+  msg->msg_len = msg_len;
+
+  ubi_slAddTail( list_head, msg);
+
+  return True;
+}
+
+/****************************************************************************
+ Function to push a smb message onto a linked list of local smb messages ready
+ for processing.
+****************************************************************************/
+
+BOOL push_oplock_pending_smb_message(char *buf, int msg_len)
+{
+	return push_message(&smb_oplock_queue, buf, msg_len);
+}
+
+/****************************************************************************
+ Do all async processing in here. This includes UDB oplock messages, kernel
+ oplock messages, change notify events etc.
+****************************************************************************/
+
+static void async_processing(fd_set *fds, char *buffer, int buffer_len)
+{
+	/* check for oplock messages (both UDP and kernel) */
+	if (receive_local_message(fds, buffer, buffer_len, 0)) {
+		process_local_message(buffer, buffer_len);
+	}
+
+	if (got_sig_term) {
+		exit_server("Caught TERM signal");
+	}
+
+	/* check for async change notify events */
+	process_pending_change_notify_queue(0);
+
+	/* check for sighup processing */
+	if (reload_after_sighup) {
+		change_to_root_user();
+		DEBUG(1,("Reloading services after SIGHUP\n"));
+		reload_services(False);
+		reload_after_sighup = 0;
+	}
+}
+
+/****************************************************************************
+  Do a select on an two fd's - with timeout. 
+
+  If a local udp message has been pushed onto the
+  queue (this can only happen during oplock break
+  processing) call async_processing()
+
+  If a pending smb message has been pushed onto the
+  queue (this can only happen during oplock break
+  processing) return this next.
+
+  If the first smbfd is ready then read an smb from it.
+  if the second (loopback UDP) fd is ready then read a message
+  from it and setup the buffer header to identify the length
+  and from address.
+  Returns False on timeout or error.
+  Else returns True.
+
+The timeout is in milli seconds
+****************************************************************************/
+
+static BOOL receive_message_or_smb(char *buffer, int buffer_len, int timeout)
+{
+	fd_set fds;
+	int selrtn;
+	struct timeval to;
+	int maxfd;
+
+	smb_read_error = 0;
+
+ again:
+
+	/*
+	 * Note that this call must be before processing any SMB
+	 * messages as we need to synchronously process any messages
+	 * we may have sent to ourselves from the previous SMB.
+	 */
+	message_dispatch();
+
+	/*
+	 * Check to see if we already have a message on the smb queue.
+	 * If so - copy and return it.
+	 */
+  	if(ubi_slCount(&smb_oplock_queue) != 0) {
+		pending_message_list *msg = (pending_message_list *)ubi_slRemHead(&smb_oplock_queue);
+		memcpy(buffer, msg->msg_buf, MIN(buffer_len, msg->msg_len));
+  
+		/* Free the message we just copied. */
+		SAFE_FREE(msg->msg_buf);
+		SAFE_FREE(msg);
+		
+		DEBUG(5,("receive_message_or_smb: returning queued smb message.\n"));
+		return True;
+	}
+
+
+	/*
+	 * Setup the select read fd set.
+	 */
+
+	FD_ZERO(&fds);
+	FD_SET(smbd_server_fd(),&fds);
+	maxfd = setup_oplock_select_set(&fds);
+
+	to.tv_sec = timeout / 1000;
+	to.tv_usec = (timeout % 1000) * 1000;
+
+	selrtn = sys_select(MAX(maxfd,smbd_server_fd())+1,&fds,NULL,NULL,timeout>0?&to:NULL);
+
+	/* if we get EINTR then maybe we have received an oplock
+	   signal - treat this as select returning 1. This is ugly, but
+	   is the best we can do until the oplock code knows more about
+	   signals */
+	if (selrtn == -1 && errno == EINTR) {
+		async_processing(&fds, buffer, buffer_len);
+		/*
+		 * After async processing we must go and do the select again, as
+		 * the state of the flag in fds for the server file descriptor is
+		 * indeterminate - we may have done I/O on it in the oplock processing. JRA.
+		 */
+		goto again;
+	}
+
+	/* Check if error */
+	if (selrtn == -1) {
+		/* something is wrong. Maybe the socket is dead? */
+		smb_read_error = READ_ERROR;
+		return False;
+	} 
+    
+	/* Did we timeout ? */
+	if (selrtn == 0) {
+		smb_read_error = READ_TIMEOUT;
+		return False;
+	}
+
+	/*
+	 * Ensure we process oplock break messages by preference.
+	 * This is IMPORTANT ! Otherwise we can starve other processes
+	 * sending us an oplock break message. JRA.
+	 */
+
+	if (oplock_message_waiting(&fds)) {
+		async_processing(&fds, buffer, buffer_len);
+		/*
+		 * After async processing we must go and do the select again, as
+		 * the state of the flag in fds for the server file descriptor is
+		 * indeterminate - we may have done I/O on it in the oplock processing. JRA.
+		 */
+		goto again;
+	}
+	
+	return receive_smb(smbd_server_fd(), buffer, 0);
+}
+
+/****************************************************************************
+Get the next SMB packet, doing the local message processing automatically.
+****************************************************************************/
+
+BOOL receive_next_smb(char *inbuf, int bufsize, int timeout)
+{
+	BOOL got_keepalive;
+	BOOL ret;
+
+	do {
+		ret = receive_message_or_smb(inbuf,bufsize,timeout);
+		
+		got_keepalive = (ret && (CVAL(inbuf,0) == SMBkeepalive));
+	} while (ret && got_keepalive);
+
+	return ret;
+}
+
+/****************************************************************************
+ We're terminating and have closed all our files/connections etc.
+ If there are any pending local messages we need to respond to them
+ before termination so that other smbds don't think we just died whilst
+ holding oplocks.
+****************************************************************************/
+
+void respond_to_all_remaining_local_messages(void)
+{
+  char buffer[1024];
+  fd_set fds;
+
+  /*
+   * Assert we have no exclusive open oplocks.
+   */
+
+  if(get_number_of_exclusive_open_oplocks()) {
+    DEBUG(0,("respond_to_all_remaining_local_messages: PANIC : we have %d exclusive oplocks.\n",
+          get_number_of_exclusive_open_oplocks() ));
+    return;
+  }
+
+  /*
+   * Setup the select read fd set.
+   */
+
+  FD_ZERO(&fds);
+  if(!setup_oplock_select_set(&fds))
+    return;
+
+  /*
+   * Keep doing receive_local_message with a 1 ms timeout until
+   * we have no more messages.
+   */
+  while(receive_local_message(&fds, buffer, sizeof(buffer), 1)) {
+	  /* Deal with oplock break requests from other smbd's. */
+	  process_local_message(buffer, sizeof(buffer));
+
+	  FD_ZERO(&fds);
+	  (void)setup_oplock_select_set(&fds);
+  }
+
+  return;
+}
+
+
+/*
+These flags determine some of the permissions required to do an operation 
+
+Note that I don't set NEED_WRITE on some write operations because they
+are used by some brain-dead clients when printing, and I don't want to
+force write permissions on print services.
+*/
+#define AS_USER (1<<0)
+#define NEED_WRITE (1<<1)
+#define TIME_INIT (1<<2)
+#define CAN_IPC (1<<3)
+#define AS_GUEST (1<<5)
+#define QUEUE_IN_OPLOCK (1<<6)
+
+/* 
+   define a list of possible SMB messages and their corresponding
+   functions. Any message that has a NULL function is unimplemented -
+   please feel free to contribute implementations!
+*/
+static struct smb_message_struct
+{
+  char *name;
+  int (*fn)(connection_struct *conn, char *, char *, int, int);
+  int flags;
+}
+ smb_messages[256] = {
+
+/* 0x00 */ { "SMBmkdir",reply_mkdir,AS_USER | NEED_WRITE},
+/* 0x01 */ { "SMBrmdir",reply_rmdir,AS_USER | NEED_WRITE},
+/* 0x02 */ { "SMBopen",reply_open,AS_USER | QUEUE_IN_OPLOCK },
+/* 0x03 */ { "SMBcreate",reply_mknew,AS_USER},
+/* 0x04 */ { "SMBclose",reply_close,AS_USER | CAN_IPC },
+/* 0x05 */ { "SMBflush",reply_flush,AS_USER},
+/* 0x06 */ { "SMBunlink",reply_unlink,AS_USER | NEED_WRITE | QUEUE_IN_OPLOCK},
+/* 0x07 */ { "SMBmv",reply_mv,AS_USER | NEED_WRITE | QUEUE_IN_OPLOCK},
+/* 0x08 */ { "SMBgetatr",reply_getatr,AS_USER},
+/* 0x09 */ { "SMBsetatr",reply_setatr,AS_USER | NEED_WRITE},
+/* 0x0a */ { "SMBread",reply_read,AS_USER},
+/* 0x0b */ { "SMBwrite",reply_write,AS_USER | CAN_IPC },
+/* 0x0c */ { "SMBlock",reply_lock,AS_USER},
+/* 0x0d */ { "SMBunlock",reply_unlock,AS_USER},
+/* 0x0e */ { "SMBctemp",reply_ctemp,AS_USER | QUEUE_IN_OPLOCK },
+/* 0x0f */ { "SMBmknew",reply_mknew,AS_USER}, 
+/* 0x10 */ { "SMBchkpth",reply_chkpth,AS_USER},
+/* 0x11 */ { "SMBexit",reply_exit,0},
+/* 0x12 */ { "SMBlseek",reply_lseek,AS_USER},
+/* 0x13 */ { "SMBlockread",reply_lockread,AS_USER},
+/* 0x14 */ { "SMBwriteunlock",reply_writeunlock,AS_USER},
+/* 0x15 */ { NULL, NULL, 0 },
+/* 0x16 */ { NULL, NULL, 0 },
+/* 0x17 */ { NULL, NULL, 0 },
+/* 0x18 */ { NULL, NULL, 0 },
+/* 0x19 */ { NULL, NULL, 0 },
+/* 0x1a */ { "SMBreadbraw",reply_readbraw,AS_USER},
+/* 0x1b */ { "SMBreadBmpx",reply_readbmpx,AS_USER},
+/* 0x1c */ { "SMBreadBs",NULL,0 },
+/* 0x1d */ { "SMBwritebraw",reply_writebraw,AS_USER},
+/* 0x1e */ { "SMBwriteBmpx",reply_writebmpx,AS_USER},
+/* 0x1f */ { "SMBwriteBs",reply_writebs,AS_USER},
+/* 0x20 */ { "SMBwritec",NULL,0},
+/* 0x21 */ { NULL, NULL, 0 },
+/* 0x22 */ { "SMBsetattrE",reply_setattrE,AS_USER | NEED_WRITE },
+/* 0x23 */ { "SMBgetattrE",reply_getattrE,AS_USER },
+/* 0x24 */ { "SMBlockingX",reply_lockingX,AS_USER },
+/* 0x25 */ { "SMBtrans",reply_trans,AS_USER | CAN_IPC | QUEUE_IN_OPLOCK},
+/* 0x26 */ { "SMBtranss",NULL,AS_USER | CAN_IPC},
+/* 0x27 */ { "SMBioctl",reply_ioctl,0},
+/* 0x28 */ { "SMBioctls",NULL,AS_USER},
+/* 0x29 */ { "SMBcopy",reply_copy,AS_USER | NEED_WRITE | QUEUE_IN_OPLOCK },
+/* 0x2a */ { "SMBmove",NULL,AS_USER | NEED_WRITE | QUEUE_IN_OPLOCK },
+/* 0x2b */ { "SMBecho",reply_echo,0},
+/* 0x2c */ { "SMBwriteclose",reply_writeclose,AS_USER},
+/* 0x2d */ { "SMBopenX",reply_open_and_X,AS_USER | CAN_IPC | QUEUE_IN_OPLOCK },
+/* 0x2e */ { "SMBreadX",reply_read_and_X,AS_USER | CAN_IPC },
+/* 0x2f */ { "SMBwriteX",reply_write_and_X,AS_USER | CAN_IPC },
+/* 0x30 */ { NULL, NULL, 0 },
+/* 0x31 */ { NULL, NULL, 0 },
+/* 0x32 */ { "SMBtrans2", reply_trans2, AS_USER | QUEUE_IN_OPLOCK | CAN_IPC },
+/* 0x33 */ { "SMBtranss2", reply_transs2, AS_USER},
+/* 0x34 */ { "SMBfindclose", reply_findclose,AS_USER},
+/* 0x35 */ { "SMBfindnclose", reply_findnclose, AS_USER},
+/* 0x36 */ { NULL, NULL, 0 },
+/* 0x37 */ { NULL, NULL, 0 },
+/* 0x38 */ { NULL, NULL, 0 },
+/* 0x39 */ { NULL, NULL, 0 },
+/* 0x3a */ { NULL, NULL, 0 },
+/* 0x3b */ { NULL, NULL, 0 },
+/* 0x3c */ { NULL, NULL, 0 },
+/* 0x3d */ { NULL, NULL, 0 },
+/* 0x3e */ { NULL, NULL, 0 },
+/* 0x3f */ { NULL, NULL, 0 },
+/* 0x40 */ { NULL, NULL, 0 },
+/* 0x41 */ { NULL, NULL, 0 },
+/* 0x42 */ { NULL, NULL, 0 },
+/* 0x43 */ { NULL, NULL, 0 },
+/* 0x44 */ { NULL, NULL, 0 },
+/* 0x45 */ { NULL, NULL, 0 },
+/* 0x46 */ { NULL, NULL, 0 },
+/* 0x47 */ { NULL, NULL, 0 },
+/* 0x48 */ { NULL, NULL, 0 },
+/* 0x49 */ { NULL, NULL, 0 },
+/* 0x4a */ { NULL, NULL, 0 },
+/* 0x4b */ { NULL, NULL, 0 },
+/* 0x4c */ { NULL, NULL, 0 },
+/* 0x4d */ { NULL, NULL, 0 },
+/* 0x4e */ { NULL, NULL, 0 },
+/* 0x4f */ { NULL, NULL, 0 },
+/* 0x50 */ { NULL, NULL, 0 },
+/* 0x51 */ { NULL, NULL, 0 },
+/* 0x52 */ { NULL, NULL, 0 },
+/* 0x53 */ { NULL, NULL, 0 },
+/* 0x54 */ { NULL, NULL, 0 },
+/* 0x55 */ { NULL, NULL, 0 },
+/* 0x56 */ { NULL, NULL, 0 },
+/* 0x57 */ { NULL, NULL, 0 },
+/* 0x58 */ { NULL, NULL, 0 },
+/* 0x59 */ { NULL, NULL, 0 },
+/* 0x5a */ { NULL, NULL, 0 },
+/* 0x5b */ { NULL, NULL, 0 },
+/* 0x5c */ { NULL, NULL, 0 },
+/* 0x5d */ { NULL, NULL, 0 },
+/* 0x5e */ { NULL, NULL, 0 },
+/* 0x5f */ { NULL, NULL, 0 },
+/* 0x60 */ { NULL, NULL, 0 },
+/* 0x61 */ { NULL, NULL, 0 },
+/* 0x62 */ { NULL, NULL, 0 },
+/* 0x63 */ { NULL, NULL, 0 },
+/* 0x64 */ { NULL, NULL, 0 },
+/* 0x65 */ { NULL, NULL, 0 },
+/* 0x66 */ { NULL, NULL, 0 },
+/* 0x67 */ { NULL, NULL, 0 },
+/* 0x68 */ { NULL, NULL, 0 },
+/* 0x69 */ { NULL, NULL, 0 },
+/* 0x6a */ { NULL, NULL, 0 },
+/* 0x6b */ { NULL, NULL, 0 },
+/* 0x6c */ { NULL, NULL, 0 },
+/* 0x6d */ { NULL, NULL, 0 },
+/* 0x6e */ { NULL, NULL, 0 },
+/* 0x6f */ { NULL, NULL, 0 },
+/* 0x70 */ { "SMBtcon",reply_tcon,0},
+/* 0x71 */ { "SMBtdis",reply_tdis,0},
+/* 0x72 */ { "SMBnegprot",reply_negprot,0},
+/* 0x73 */ { "SMBsesssetupX",reply_sesssetup_and_X,0},
+/* 0x74 */ { "SMBulogoffX", reply_ulogoffX, 0}, /* ulogoff doesn't give a valid TID */
+/* 0x75 */ { "SMBtconX",reply_tcon_and_X,0},
+/* 0x76 */ { NULL, NULL, 0 },
+/* 0x77 */ { NULL, NULL, 0 },
+/* 0x78 */ { NULL, NULL, 0 },
+/* 0x79 */ { NULL, NULL, 0 },
+/* 0x7a */ { NULL, NULL, 0 },
+/* 0x7b */ { NULL, NULL, 0 },
+/* 0x7c */ { NULL, NULL, 0 },
+/* 0x7d */ { NULL, NULL, 0 },
+/* 0x7e */ { NULL, NULL, 0 },
+/* 0x7f */ { NULL, NULL, 0 },
+/* 0x80 */ { "SMBdskattr",reply_dskattr,AS_USER},
+/* 0x81 */ { "SMBsearch",reply_search,AS_USER},
+/* 0x82 */ { "SMBffirst",reply_search,AS_USER},
+/* 0x83 */ { "SMBfunique",reply_search,AS_USER},
+/* 0x84 */ { "SMBfclose",reply_fclose,AS_USER},
+/* 0x85 */ { NULL, NULL, 0 },
+/* 0x86 */ { NULL, NULL, 0 },
+/* 0x87 */ { NULL, NULL, 0 },
+/* 0x88 */ { NULL, NULL, 0 },
+/* 0x89 */ { NULL, NULL, 0 },
+/* 0x8a */ { NULL, NULL, 0 },
+/* 0x8b */ { NULL, NULL, 0 },
+/* 0x8c */ { NULL, NULL, 0 },
+/* 0x8d */ { NULL, NULL, 0 },
+/* 0x8e */ { NULL, NULL, 0 },
+/* 0x8f */ { NULL, NULL, 0 },
+/* 0x90 */ { NULL, NULL, 0 },
+/* 0x91 */ { NULL, NULL, 0 },
+/* 0x92 */ { NULL, NULL, 0 },
+/* 0x93 */ { NULL, NULL, 0 },
+/* 0x94 */ { NULL, NULL, 0 },
+/* 0x95 */ { NULL, NULL, 0 },
+/* 0x96 */ { NULL, NULL, 0 },
+/* 0x97 */ { NULL, NULL, 0 },
+/* 0x98 */ { NULL, NULL, 0 },
+/* 0x99 */ { NULL, NULL, 0 },
+/* 0x9a */ { NULL, NULL, 0 },
+/* 0x9b */ { NULL, NULL, 0 },
+/* 0x9c */ { NULL, NULL, 0 },
+/* 0x9d */ { NULL, NULL, 0 },
+/* 0x9e */ { NULL, NULL, 0 },
+/* 0x9f */ { NULL, NULL, 0 },
+/* 0xa0 */ { "SMBnttrans", reply_nttrans, AS_USER | CAN_IPC | QUEUE_IN_OPLOCK},
+/* 0xa1 */ { "SMBnttranss", reply_nttranss, AS_USER | CAN_IPC },
+/* 0xa2 */ { "SMBntcreateX", reply_ntcreate_and_X, AS_USER | CAN_IPC | QUEUE_IN_OPLOCK },
+/* 0xa3 */ { NULL, NULL, 0 },
+/* 0xa4 */ { "SMBntcancel", reply_ntcancel, 0 },
+/* 0xa5 */ { NULL, NULL, 0 },
+/* 0xa6 */ { NULL, NULL, 0 },
+/* 0xa7 */ { NULL, NULL, 0 },
+/* 0xa8 */ { NULL, NULL, 0 },
+/* 0xa9 */ { NULL, NULL, 0 },
+/* 0xaa */ { NULL, NULL, 0 },
+/* 0xab */ { NULL, NULL, 0 },
+/* 0xac */ { NULL, NULL, 0 },
+/* 0xad */ { NULL, NULL, 0 },
+/* 0xae */ { NULL, NULL, 0 },
+/* 0xaf */ { NULL, NULL, 0 },
+/* 0xb0 */ { NULL, NULL, 0 },
+/* 0xb1 */ { NULL, NULL, 0 },
+/* 0xb2 */ { NULL, NULL, 0 },
+/* 0xb3 */ { NULL, NULL, 0 },
+/* 0xb4 */ { NULL, NULL, 0 },
+/* 0xb5 */ { NULL, NULL, 0 },
+/* 0xb6 */ { NULL, NULL, 0 },
+/* 0xb7 */ { NULL, NULL, 0 },
+/* 0xb8 */ { NULL, NULL, 0 },
+/* 0xb9 */ { NULL, NULL, 0 },
+/* 0xba */ { NULL, NULL, 0 },
+/* 0xbb */ { NULL, NULL, 0 },
+/* 0xbc */ { NULL, NULL, 0 },
+/* 0xbd */ { NULL, NULL, 0 },
+/* 0xbe */ { NULL, NULL, 0 },
+/* 0xbf */ { NULL, NULL, 0 },
+/* 0xc0 */ { "SMBsplopen",reply_printopen,AS_USER | QUEUE_IN_OPLOCK },
+/* 0xc1 */ { "SMBsplwr",reply_printwrite,AS_USER},
+/* 0xc2 */ { "SMBsplclose",reply_printclose,AS_USER},
+/* 0xc3 */ { "SMBsplretq",reply_printqueue,AS_USER},
+/* 0xc4 */ { NULL, NULL, 0 },
+/* 0xc5 */ { NULL, NULL, 0 },
+/* 0xc6 */ { NULL, NULL, 0 },
+/* 0xc7 */ { NULL, NULL, 0 },
+/* 0xc8 */ { NULL, NULL, 0 },
+/* 0xc9 */ { NULL, NULL, 0 },
+/* 0xca */ { NULL, NULL, 0 },
+/* 0xcb */ { NULL, NULL, 0 },
+/* 0xcc */ { NULL, NULL, 0 },
+/* 0xcd */ { NULL, NULL, 0 },
+/* 0xce */ { NULL, NULL, 0 },
+/* 0xcf */ { NULL, NULL, 0 },
+/* 0xd0 */ { "SMBsends",reply_sends,AS_GUEST},
+/* 0xd1 */ { "SMBsendb",NULL,AS_GUEST},
+/* 0xd2 */ { "SMBfwdname",NULL,AS_GUEST},
+/* 0xd3 */ { "SMBcancelf",NULL,AS_GUEST},
+/* 0xd4 */ { "SMBgetmac",NULL,AS_GUEST},
+/* 0xd5 */ { "SMBsendstrt",reply_sendstrt,AS_GUEST},
+/* 0xd6 */ { "SMBsendend",reply_sendend,AS_GUEST},
+/* 0xd7 */ { "SMBsendtxt",reply_sendtxt,AS_GUEST},
+/* 0xd8 */ { NULL, NULL, 0 },
+/* 0xd9 */ { NULL, NULL, 0 },
+/* 0xda */ { NULL, NULL, 0 },
+/* 0xdb */ { NULL, NULL, 0 },
+/* 0xdc */ { NULL, NULL, 0 },
+/* 0xdd */ { NULL, NULL, 0 },
+/* 0xde */ { NULL, NULL, 0 },
+/* 0xdf */ { NULL, NULL, 0 },
+/* 0xe0 */ { NULL, NULL, 0 },
+/* 0xe1 */ { NULL, NULL, 0 },
+/* 0xe2 */ { NULL, NULL, 0 },
+/* 0xe3 */ { NULL, NULL, 0 },
+/* 0xe4 */ { NULL, NULL, 0 },
+/* 0xe5 */ { NULL, NULL, 0 },
+/* 0xe6 */ { NULL, NULL, 0 },
+/* 0xe7 */ { NULL, NULL, 0 },
+/* 0xe8 */ { NULL, NULL, 0 },
+/* 0xe9 */ { NULL, NULL, 0 },
+/* 0xea */ { NULL, NULL, 0 },
+/* 0xeb */ { NULL, NULL, 0 },
+/* 0xec */ { NULL, NULL, 0 },
+/* 0xed */ { NULL, NULL, 0 },
+/* 0xee */ { NULL, NULL, 0 },
+/* 0xef */ { NULL, NULL, 0 },
+/* 0xf0 */ { NULL, NULL, 0 },
+/* 0xf1 */ { NULL, NULL, 0 },
+/* 0xf2 */ { NULL, NULL, 0 },
+/* 0xf3 */ { NULL, NULL, 0 },
+/* 0xf4 */ { NULL, NULL, 0 },
+/* 0xf5 */ { NULL, NULL, 0 },
+/* 0xf6 */ { NULL, NULL, 0 },
+/* 0xf7 */ { NULL, NULL, 0 },
+/* 0xf8 */ { NULL, NULL, 0 },
+/* 0xf9 */ { NULL, NULL, 0 },
+/* 0xfa */ { NULL, NULL, 0 },
+/* 0xfb */ { NULL, NULL, 0 },
+/* 0xfc */ { NULL, NULL, 0 },
+/* 0xfd */ { NULL, NULL, 0 },
+/* 0xfe */ { NULL, NULL, 0 },
+/* 0xff */ { NULL, NULL, 0 }
+
+};
+
+/*******************************************************************
+dump a prs to a file
+ ********************************************************************/
+static void smb_dump(char *name, int type, char *data, ssize_t len)
+{
+	int fd, i;
+	pstring fname;
+	if (DEBUGLEVEL < 50) return;
+
+	if (len < 4) len = smb_len(data)+4;
+	for (i=1;i<100;i++) {
+		slprintf(fname,sizeof(fname)-1, "/tmp/%s.%d.%s", name, i,
+				type ? "req" : "resp");
+		fd = open(fname, O_WRONLY|O_CREAT|O_EXCL, 0644);
+		if (fd != -1 || errno != EEXIST) break;
+	}
+	if (fd != -1) {
+		ssize_t ret = write(fd, data, len);
+		if (ret != len)
+			DEBUG(0,("smb_dump: problem: write returned %d\n", (int)ret ));
+		close(fd);
+		DEBUG(0,("created %s len %d\n", fname, len));
+	}
+}
+
+
+/****************************************************************************
+do a switch on the message type, and return the response size
+****************************************************************************/
+static int switch_message(int type,char *inbuf,char *outbuf,int size,int bufsize)
+{
+  static pid_t pid= (pid_t)-1;
+  int outsize = 0;
+  extern uint16 global_smbpid;
+
+  type &= 0xff;
+
+  if (pid == (pid_t)-1)
+    pid = sys_getpid();
+
+  errno = 0;
+  last_message = type;
+
+  /* make sure this is an SMB packet */
+  if (strncmp(smb_base(inbuf),"\377SMB",4) != 0)
+  {
+    DEBUG(2,("Non-SMB packet of length %d\n",smb_len(inbuf)));
+    return(-1);
+  }
+
+  /* yuck! this is an interim measure before we get rid of our
+     current inbuf/outbuf system */
+  global_smbpid = SVAL(inbuf,smb_pid);
+
+  if (smb_messages[type].fn == NULL)
+  {
+    DEBUG(0,("Unknown message type %d!\n",type));
+    smb_dump("Unknown", 1, inbuf, size);
+    outsize = reply_unknown(inbuf,outbuf);
+  }
+  else
+  {
+    int flags = smb_messages[type].flags;
+    static uint16 last_session_tag = UID_FIELD_INVALID;
+    /* In share mode security we must ignore the vuid. */
+    uint16 session_tag = (lp_security() == SEC_SHARE) ? UID_FIELD_INVALID : SVAL(inbuf,smb_uid);
+    connection_struct *conn = conn_find(SVAL(inbuf,smb_tid));
+
+    DEBUG(3,("switch message %s (pid %d)\n",smb_fn_name(type),(int)pid));
+
+    smb_dump(smb_fn_name(type), 1, inbuf, size);
+    if(global_oplock_break)
+    {
+      if(flags & QUEUE_IN_OPLOCK)
+      {
+        /* 
+         * Queue this message as we are the process of an oplock break.
+         */
+
+        DEBUG( 2, ( "switch_message: queueing message due to being in " ) );
+        DEBUGADD( 2, ( "oplock break state.\n" ) );
+
+        push_oplock_pending_smb_message( inbuf, size );
+        return -1;
+      }          
+    }
+
+    /* Ensure this value is replaced in the incoming packet. */
+    SSVAL(inbuf,smb_uid,session_tag);
+
+    /*
+     * Ensure the correct username is in current_user_info.
+     * This is a really ugly bugfix for problems with
+     * multiple session_setup_and_X's being done and
+     * allowing %U and %G substitutions to work correctly.
+     * There is a reason this code is done here, don't
+     * move it unless you know what you're doing... :-).
+     * JRA.
+     */
+
+    if (session_tag != last_session_tag) {
+      user_struct *vuser = NULL;
+
+      last_session_tag = session_tag;
+      if(session_tag != UID_FIELD_INVALID)
+        vuser = get_valid_user_struct(session_tag);           
+      if(vuser != NULL)
+        current_user_info = vuser->user;
+    }
+
+    /* does this protocol need to be run as root? */
+    if (!(flags & AS_USER))
+      change_to_root_user();
+
+    /* does this protocol need a valid tree connection? */
+    if ((flags & AS_USER) && !conn) {
+	    return ERROR_DOS(ERRSRV, ERRinvnid);
+    }
+
+
+    /* does this protocol need to be run as the connected user? */
+    if ((flags & AS_USER) && !change_to_user(conn,session_tag)) {
+      if (flags & AS_GUEST) 
+        flags &= ~AS_USER;
+      else
+        return(ERROR_DOS(ERRSRV,ERRaccess));
+    }
+
+    /* this code is to work around a bug is MS client 3 without
+       introducing a security hole - it needs to be able to do
+       print queue checks as guest if it isn't logged in properly */
+    if (flags & AS_USER)
+      flags &= ~AS_GUEST;
+
+    /* does it need write permission? */
+    if ((flags & NEED_WRITE) && !CAN_WRITE(conn))
+      return(ERROR_DOS(ERRSRV,ERRaccess));
+
+    /* ipc services are limited */
+    if (IS_IPC(conn) && (flags & AS_USER) && !(flags & CAN_IPC)) {
+      return(ERROR_DOS(ERRSRV,ERRaccess));	    
+    }
+
+    /* load service specific parameters */
+    if (conn && !set_current_service(conn,(flags & AS_USER)?True:False)) {
+      return(ERROR_DOS(ERRSRV,ERRaccess));
+    }
+
+    /* does this protocol need to be run as guest? */
+    if ((flags & AS_GUEST) && 
+		 (!change_to_guest() || 
+		!check_access(smbd_server_fd(), lp_hostsallow(-1), lp_hostsdeny(-1)))) {
+      return(ERROR_DOS(ERRSRV,ERRaccess));
+    }
+
+    last_inbuf = inbuf;
+
+    outsize = smb_messages[type].fn(conn, inbuf,outbuf,size,bufsize);
+  }
+
+  smb_dump(smb_fn_name(type), 0, outbuf, outsize);
+
+  return(outsize);
+}
+
+
+/****************************************************************************
+  construct a reply to the incoming packet
+****************************************************************************/
+static int construct_reply(char *inbuf,char *outbuf,int size,int bufsize)
+{
+  int type = CVAL(inbuf,smb_com);
+  int outsize = 0;
+  int msg_type = CVAL(inbuf,0);
+
+  GetTimeOfDay(&smb_last_time);
+
+  chain_size = 0;
+  file_chain_reset();
+  reset_chain_p();
+
+  if (msg_type != 0)
+    return(reply_special(inbuf,outbuf));  
+
+  construct_reply_common(inbuf, outbuf);
+
+  outsize = switch_message(type,inbuf,outbuf,size,bufsize);
+
+  outsize += chain_size;
+
+  if(outsize > 4)
+    smb_setlen(outbuf,outsize - 4);
+  return(outsize);
+}
+
+/****************************************************************************
+  Keep track of the number of running smbd's. This functionality is used to
+  'hard' limit Samba overhead on resource constrained systems. 
+****************************************************************************/
+static BOOL smbd_process_limit(void)
+{
+	int32  total_smbds;
+	
+	if (lp_max_smbd_processes()) {
+
+		/* Always add one to the smbd process count, as exit_server() always
+		 * subtracts one.
+		 */
+
+		total_smbds = 1; /* In case we need to create the entry. */
+
+		if (!conn_tdb_ctx()) {
+			DEBUG(0,("smbd_process_limit: max smbd processes parameter set with status parameter not \
+set. Ignoring max smbd restriction.\n"));
+			return False;
+		}
+
+		if (tdb_change_int32_atomic(conn_tdb_ctx(), "INFO/total_smbds", &total_smbds, 1) == -1)
+			return True;
+
+		return total_smbds > lp_max_smbd_processes();
+	}
+	else
+		return False;
+}
+
+/****************************************************************************
+  process an smb from the client - split out from the smbd_process() code so
+  it can be used by the oplock break code.
+****************************************************************************/
+void process_smb(char *inbuf, char *outbuf)
+{
+#ifdef WITH_SSL
+  extern BOOL sslEnabled;     /* don't use function for performance reasons */
+  static int sslConnected = 0;
+#endif /* WITH_SSL */
+  static int trans_num;
+  int msg_type = CVAL(inbuf,0);
+  int32 len = smb_len(inbuf);
+  int nread = len + 4;
+
+  DO_PROFILE_INC(smb_count);
+
+  if (trans_num == 0) {
+	  /* on the first packet, check the global hosts allow/ hosts
+	     deny parameters before doing any parsing of the packet
+	     passed to us by the client.  This prevents attacks on our
+	     parsing code from hosts not in the hosts allow list */
+	  if (smbd_process_limit() ||
+		  !check_access(smbd_server_fd(), lp_hostsallow(-1), lp_hostsdeny(-1))) {
+		  /* send a negative session response "not listening on calling
+		   name" */
+		  static unsigned char buf[5] = {0x83, 0, 0, 1, 0x81};
+		  DEBUG( 1, ( "Connection denied from %s\n",
+			      client_addr() ) );
+		  (void)send_smb(smbd_server_fd(),(char *)buf);
+		  exit_server("connection denied");
+	  }
+  }
+
+  DEBUG( 6, ( "got message type 0x%x of len 0x%x\n", msg_type, len ) );
+  DEBUG( 3, ( "Transaction %d of length %d\n", trans_num, nread ) );
+
+#ifdef WITH_SSL
+    if(sslEnabled && !sslConnected){
+        sslConnected = sslutil_negotiate_ssl(smbd_server_fd(), msg_type);
+        if(sslConnected < 0){   /* an error occured */
+            exit_server("SSL negotiation failed");
+        }else if(sslConnected){
+            trans_num++;
+            return;
+        }
+    }
+#endif  /* WITH_SSL */
+
+  if (msg_type == 0)
+    show_msg(inbuf);
+  else if(msg_type == SMBkeepalive)
+    return; /* Keepalive packet. */
+
+  nread = construct_reply(inbuf,outbuf,nread,max_send);
+      
+  if(nread > 0) 
+  {
+    if (CVAL(outbuf,0) == 0)
+      show_msg(outbuf);
+	
+    if (nread != smb_len(outbuf) + 4) 
+    {
+      DEBUG(0,("ERROR: Invalid message response size! %d %d\n",
+                 nread, smb_len(outbuf)));
+    }
+    else
+      if (!send_smb(smbd_server_fd(),outbuf))
+        exit_server("process_smb: send_smb failed.");
+  }
+  trans_num++;
+}
+
+
+
+/****************************************************************************
+return a string containing the function name of a SMB command
+****************************************************************************/
+char *smb_fn_name(int type)
+{
+	static char *unknown_name = "SMBunknown";
+
+	if (smb_messages[type].name == NULL)
+		return(unknown_name);
+
+	return(smb_messages[type].name);
+}
+
+
+/****************************************************************************
+ Helper function for contruct_reply.
+****************************************************************************/
+
+void construct_reply_common(char *inbuf,char *outbuf)
+{
+	memset(outbuf,'\0',smb_size);
+
+	set_message(outbuf,0,0,True);
+	SCVAL(outbuf,smb_com,CVAL(inbuf,smb_com));
+	
+	memcpy(outbuf+4,inbuf+4,4);
+	SCVAL(outbuf,smb_rcls,SMB_SUCCESS);
+	SCVAL(outbuf,smb_reh,0);
+	SCVAL(outbuf,smb_flg, FLAG_REPLY | (CVAL(inbuf,smb_flg) & FLAG_CASELESS_PATHNAMES)); 
+	SSVAL(outbuf,smb_flg2,
+	      (SVAL(inbuf,smb_flg2) & FLAGS2_UNICODE_STRINGS) |
+	      FLAGS2_LONG_PATH_COMPONENTS |
+	      FLAGS2_32_BIT_ERROR_CODES | FLAGS2_EXTENDED_SECURITY);
+
+	SSVAL(outbuf,smb_err,SMB_SUCCESS);
+	SSVAL(outbuf,smb_tid,SVAL(inbuf,smb_tid));
+	SSVAL(outbuf,smb_pid,SVAL(inbuf,smb_pid));
+	SSVAL(outbuf,smb_uid,SVAL(inbuf,smb_uid));
+	SSVAL(outbuf,smb_mid,SVAL(inbuf,smb_mid));
+}
+
+/****************************************************************************
+  construct a chained reply and add it to the already made reply
+  **************************************************************************/
+int chain_reply(char *inbuf,char *outbuf,int size,int bufsize)
+{
+  static char *orig_inbuf;
+  static char *orig_outbuf;
+  int smb_com1, smb_com2 = CVAL(inbuf,smb_vwv0);
+  unsigned smb_off2 = SVAL(inbuf,smb_vwv1);
+  char *inbuf2, *outbuf2;
+  int outsize2;
+  char inbuf_saved[smb_wct];
+  char outbuf_saved[smb_wct];
+  int wct = CVAL(outbuf,smb_wct);
+  int outsize = smb_size + 2*wct + SVAL(outbuf,smb_vwv0+2*wct);
+
+  /* maybe its not chained */
+  if (smb_com2 == 0xFF) {
+    SCVAL(outbuf,smb_vwv0,0xFF);
+    return outsize;
+  }
+
+  if (chain_size == 0) {
+    /* this is the first part of the chain */
+    orig_inbuf = inbuf;
+    orig_outbuf = outbuf;
+  }
+
+  /*
+   * The original Win95 redirector dies on a reply to
+   * a lockingX and read chain unless the chain reply is
+   * 4 byte aligned. JRA.
+   */
+
+  outsize = (outsize + 3) & ~3;
+
+  /* we need to tell the client where the next part of the reply will be */
+  SSVAL(outbuf,smb_vwv1,smb_offset(outbuf+outsize,outbuf));
+  SCVAL(outbuf,smb_vwv0,smb_com2);
+
+  /* remember how much the caller added to the chain, only counting stuff
+     after the parameter words */
+  chain_size += outsize - smb_wct;
+
+  /* work out pointers into the original packets. The
+     headers on these need to be filled in */
+  inbuf2 = orig_inbuf + smb_off2 + 4 - smb_wct;
+  outbuf2 = orig_outbuf + SVAL(outbuf,smb_vwv1) + 4 - smb_wct;
+
+  /* remember the original command type */
+  smb_com1 = CVAL(orig_inbuf,smb_com);
+
+  /* save the data which will be overwritten by the new headers */
+  memcpy(inbuf_saved,inbuf2,smb_wct);
+  memcpy(outbuf_saved,outbuf2,smb_wct);
+
+  /* give the new packet the same header as the last part of the SMB */
+  memmove(inbuf2,inbuf,smb_wct);
+
+  /* create the in buffer */
+  SCVAL(inbuf2,smb_com,smb_com2);
+
+  /* create the out buffer */
+  construct_reply_common(inbuf2, outbuf2);
+
+  DEBUG(3,("Chained message\n"));
+  show_msg(inbuf2);
+
+  /* process the request */
+  outsize2 = switch_message(smb_com2,inbuf2,outbuf2,size-chain_size,
+			    bufsize-chain_size);
+
+  /* copy the new reply and request headers over the old ones, but
+     preserve the smb_com field */
+  memmove(orig_outbuf,outbuf2,smb_wct);
+  SCVAL(orig_outbuf,smb_com,smb_com1);
+
+  /* restore the saved data, being careful not to overwrite any
+   data from the reply header */
+  memcpy(inbuf2,inbuf_saved,smb_wct);
+  {
+    int ofs = smb_wct - PTR_DIFF(outbuf2,orig_outbuf);
+    if (ofs < 0) ofs = 0;
+    memmove(outbuf2+ofs,outbuf_saved+ofs,smb_wct-ofs);
+  }
+
+  return outsize2;
+}
+
+/****************************************************************************
+ Setup the needed select timeout.
+****************************************************************************/
+
+static int setup_select_timeout(void)
+{
+	int select_timeout;
+	int t;
+
+	/*
+	 * Increase the select timeout back to SMBD_SELECT_TIMEOUT if we
+	 * have removed any blocking locks. JRA.
+	 */
+
+	select_timeout = blocking_locks_pending() ? SMBD_SELECT_TIMEOUT_WITH_PENDING_LOCKS*1000 :
+		SMBD_SELECT_TIMEOUT*1000;
+
+	t = change_notify_timeout();
+	if (t != -1) select_timeout = MIN(select_timeout, t*1000);
+
+	return select_timeout;
+}
+
+/****************************************************************************
+ Check if services need reloading.
+****************************************************************************/
+
+void check_reload(int t)
+{
+  static time_t last_smb_conf_reload_time = 0;
+
+  if(last_smb_conf_reload_time == 0)
+    last_smb_conf_reload_time = t;
+
+  if (reload_after_sighup || (t >= last_smb_conf_reload_time+SMBD_RELOAD_CHECK))
+  {
+    reload_services(True);
+    reload_after_sighup = False;
+    last_smb_conf_reload_time = t;
+  }
+}
+
+/****************************************************************************
+ Process any timeout housekeeping. Return False if the caller should exit.
+****************************************************************************/
+
+static BOOL timeout_processing(int deadtime, int *select_timeout, time_t *last_timeout_processing_time)
+{
+  static time_t last_keepalive_sent_time = 0;
+  static time_t last_idle_closed_check = 0;
+  time_t t;
+  BOOL allidle = True;
+  extern int keepalive;
+
+  if (smb_read_error == READ_EOF) 
+  {
+    DEBUG(3,("end of file from client\n"));
+    return False;
+  }
+
+  if (smb_read_error == READ_ERROR) 
+  {
+    DEBUG(3,("receive_smb error (%s) exiting\n",
+              strerror(errno)));
+    return False;
+  }
+
+  *last_timeout_processing_time = t = time(NULL);
+
+  if(last_keepalive_sent_time == 0)
+    last_keepalive_sent_time = t;
+
+  if(last_idle_closed_check == 0)
+    last_idle_closed_check = t;
+
+  /* become root again if waiting */
+  change_to_root_user();
+
+  /* check if we need to reload services */
+  check_reload(t);
+
+  /* automatic timeout if all connections are closed */      
+  if (conn_num_open()==0 && (t - last_idle_closed_check) >= IDLE_CLOSED_TIMEOUT) 
+  {
+    DEBUG( 2, ( "Closing idle connection\n" ) );
+    return False;
+  }
+  else
+    last_idle_closed_check = t;
+
+  if (keepalive && (t - last_keepalive_sent_time)>keepalive) 
+  {
+	  extern struct auth_context *negprot_global_auth_context;
+	  if (!send_keepalive(smbd_server_fd())) {
+		  DEBUG( 2, ( "Keepalive failed - exiting.\n" ) );
+		  return False;
+	  }
+	  
+	  /* send a keepalive for a password server or the like.
+	     This is attached to the auth_info created in the
+	     negprot */
+	  if (negprot_global_auth_context 
+	      && negprot_global_auth_context->challenge_set_method 
+	      && negprot_global_auth_context->challenge_set_method->send_keepalive) {
+		  negprot_global_auth_context->challenge_set_method->send_keepalive
+			  (&negprot_global_auth_context->challenge_set_method->private_data);
+	  }
+
+	  last_keepalive_sent_time = t;
+  }
+
+  /* check for connection timeouts */
+  allidle = conn_idle_all(t, deadtime);
+
+  if (allidle && conn_num_open()>0) {
+    DEBUG(2,("Closing idle connection 2.\n"));
+    return False;
+  }
+
+  if(global_machine_password_needs_changing && 
+     /* for ADS we need to do a regular ADS password change, not a domain
+        password change */
+     lp_security() == SEC_DOMAIN)
+  {
+    unsigned char trust_passwd_hash[16];
+    time_t lct;
+    pstring remote_machine_list;
+
+    /*
+     * We're in domain level security, and the code that
+     * read the machine password flagged that the machine
+     * password needs changing.
+     */
+
+    /*
+     * First, open the machine password file with an exclusive lock.
+     */
+
+    if(!secrets_fetch_trust_account_password(global_myworkgroup, trust_passwd_hash, &lct)) {
+      DEBUG(0,("process: unable to read the machine account password for \
+machine %s in domain %s.\n", global_myname, global_myworkgroup ));
+      return True;
+    }
+
+    /*
+     * Make sure someone else hasn't already done this.
+     */
+
+    if(t < lct + lp_machine_password_timeout()) {
+      global_machine_password_needs_changing = False;
+      return True;
+    }
+
+    pstrcpy(remote_machine_list, lp_passwordserver());
+
+    change_trust_account_password( global_myworkgroup, remote_machine_list);
+    global_machine_password_needs_changing = False;
+  }
+
+  /*
+   * Check to see if we have any blocking locks
+   * outstanding on the queue.
+   */
+  process_blocking_lock_queue(t);
+
+  /*
+   * Check to see if we have any change notifies 
+   * outstanding on the queue.
+   */
+  process_pending_change_notify_queue(t);
+
+  /*
+   * Now we are root, check if the log files need pruning.
+   * Force a log file check.
+   */
+  force_check_log_size();
+  check_log_size();
+
+  /*
+   * Modify the select timeout depending upon
+   * what we have remaining in our queues.
+   */
+
+  *select_timeout = setup_select_timeout();
+
+  return True;
+}
+
+/****************************************************************************
+  process commands from the client
+****************************************************************************/
+
+void smbd_process(void)
+{
+	extern int smb_echo_count;
+	time_t last_timeout_processing_time = time(NULL);
+	unsigned int num_smbs = 0;
+
+	InBuffer = (char *)malloc(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN);
+	OutBuffer = (char *)malloc(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN);
+	if ((InBuffer == NULL) || (OutBuffer == NULL)) 
+		return;
+
+	max_recv = MIN(lp_maxxmit(),BUFFER_SIZE);
+
+	/* re-initialise the timezone */
+	TimeInit();
+
+	/* register our message handlers */
+	message_register(MSG_SMB_FORCE_TDIS, msg_force_tdis);
+	talloc_init_named("dummy!");
+
+	while (True) {
+		int deadtime = lp_deadtime()*60;
+		int select_timeout = setup_select_timeout();
+		int num_echos;
+
+		if (deadtime <= 0)
+			deadtime = DEFAULT_SMBD_TIMEOUT;
+
+		errno = 0;      
+		
+		/* free up temporary memory */
+		lp_talloc_free();
+		main_loop_talloc_free();
+
+		while (!receive_message_or_smb(InBuffer,BUFFER_SIZE+LARGE_WRITEX_HDR_SIZE,select_timeout)) {
+			if(!timeout_processing( deadtime, &select_timeout, &last_timeout_processing_time))
+				return;
+			num_smbs = 0; /* Reset smb counter. */
+		}
+
+		/*
+		 * Ensure we do timeout processing if the SMB we just got was
+		 * only an echo request. This allows us to set the select
+		 * timeout in 'receive_message_or_smb()' to any value we like
+		 * without worrying that the client will send echo requests
+		 * faster than the select timeout, thus starving out the
+		 * essential processing (change notify, blocking locks) that
+		 * the timeout code does. JRA.
+		 */ 
+		num_echos = smb_echo_count;
+
+		process_smb(InBuffer, OutBuffer);
+
+		if (smb_echo_count != num_echos) {
+			if(!timeout_processing( deadtime, &select_timeout, &last_timeout_processing_time))
+				return;
+			num_smbs = 0; /* Reset smb counter. */
+		}
+
+		num_smbs++;
+
+		/*
+		 * If we are getting smb requests in a constant stream
+		 * with no echos, make sure we attempt timeout processing
+		 * every select_timeout milliseconds - but only check for this
+		 * every 200 smb requests.
+		 */
+		
+		if ((num_smbs % 200) == 0) {
+			time_t new_check_time = time(NULL);
+			if(new_check_time - last_timeout_processing_time >= (select_timeout/1000)) {
+				if(!timeout_processing( deadtime, &select_timeout, &last_timeout_processing_time))
+					return;
+				num_smbs = 0; /* Reset smb counter. */
+				last_timeout_processing_time = new_check_time; /* Reset time. */
+			}
+		}
+	}
+}
diff --git a/source3/smbd/quotas.c b/source3/smbd/quotas.c
new file mode 100644
index 0000000000..39cb8f2432
--- /dev/null
+++ b/source3/smbd/quotas.c
@@ -0,0 +1,1097 @@
+/* 
+   Unix SMB/CIFS implementation.
+   support for quotas
+   Copyright (C) Andrew Tridgell 1992-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+
+/* 
+ * This is one of the most system dependent parts of Samba, and its
+ * done a litle differently. Each system has its own way of doing 
+ * things :-(
+ */
+
+#include "includes.h"
+
+#if defined(VXFS_QUOTA)
+
+/*
+ * In addition to their native filesystems, some systems have Veritas VxFS.
+ * Declare here, define at end: reduces likely "include" interaction problems.
+ *	David Lee <T.D.Lee@durham.ac.uk>
+ */
+BOOL disk_quotas_vxfs(const pstring name, char *path, SMB_BIG_UINT *bsize, SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize);
+
+#endif /* VXFS_QUOTA */
+
+#ifdef LINUX
+
+#include <sys/types.h>
+#include <asm/types.h>
+
+/*
+ * This shouldn't be neccessary - it should be /usr/include/sys/quota.h
+ * Unfortunately, RH7.1 ships with a different quota system using struct mem_dqblk
+ * rather than the struct dqblk defined in /usr/include/sys/quota.h.
+ * This means we must include linux/quota.h to have a hope of working on
+ * RH7.1 systems. And it also means this breaks if the kernel is upgraded
+ * to a Linus 2.4.x (where x > the minor number shipped with RH7.1) until
+ * Linus synchronises with the AC patches. Sometimes I *hate* Linux :-). JRA.
+ */
+
+#include <linux/quota.h>
+#ifdef HAVE_LINUX_XQM_H
+#include <linux/xqm.h>
+#endif
+
+#include <mntent.h>
+#include <linux/unistd.h>
+
+
+#define LINUX_QUOTAS_2
+
+typedef struct _LINUX_SMB_DISK_QUOTA {
+	SMB_BIG_UINT bsize;
+	SMB_BIG_UINT hardlimit; /* In bsize units. */
+	SMB_BIG_UINT softlimit; /* In bsize units. */
+	SMB_BIG_UINT curblocks; /* In bsize units. */
+	SMB_BIG_UINT ihardlimit; /* inode hard limit. */
+	SMB_BIG_UINT isoftlimit; /* inode soft limit. */
+	SMB_BIG_UINT curinodes; /* Current used inodes. */
+} LINUX_SMB_DISK_QUOTA;
+
+/****************************************************************************
+ Abstract out the XFS Quota Manager quota get call.
+****************************************************************************/
+
+static int get_smb_linux_xfs_quota(char *path, uid_t euser_id, LINUX_SMB_DISK_QUOTA *dp)
+{
+       int ret = -1;
+#ifdef HAVE_LINUX_XQM_H
+       struct fs_disk_quota D;
+       ZERO_STRUCT(D);
+
+       if ((ret = quotactl(QCMD(Q_XGETQUOTA,USRQUOTA), path, euser_id, (caddr_t)&D)))
+               return ret;
+
+       dp->bsize = (SMB_BIG_UINT)512;
+       dp->softlimit = (SMB_BIG_UINT)D.d_blk_softlimit;
+       dp->hardlimit = (SMB_BIG_UINT)D.d_blk_hardlimit;
+       dp->ihardlimit = (SMB_BIG_UINT)D.d_ino_hardlimit;
+       dp->isoftlimit = (SMB_BIG_UINT)D.d_ino_softlimit;
+       dp->curinodes = (SMB_BIG_UINT)D.d_icount;
+       dp->curblocks = (SMB_BIG_UINT)D.d_bcount;
+#endif
+       return ret;
+}
+
+/****************************************************************************
+ Abstract out the old and new Linux quota get calls.
+****************************************************************************/
+
+static int get_smb_linux_vfs_quota(char *path, uid_t euser_id, LINUX_SMB_DISK_QUOTA *dp)
+{
+	int ret;
+#ifdef LINUX_QUOTAS_1
+	struct dqblk D;
+	ZERO_STRUCT(D);
+	dp->bsize = (SMB_BIG_UINT)1024;
+#else /* LINUX_QUOTAS_2 */
+	struct mem_dqblk D;
+	ZERO_STRUCT(D);
+#ifndef QUOTABLOCK_SIZE
+#define QUOTABLOCK_SIZE 1024
+#endif
+	dp->bsize = (SMB_BIG_UINT)QUOTABLOCK_SIZE;
+#endif
+
+	if ((ret = quotactl(QCMD(Q_GETQUOTA,USRQUOTA), path, euser_id, (caddr_t)&D)))
+		return -1;
+
+	dp->softlimit = (SMB_BIG_UINT)D.dqb_bsoftlimit;
+	dp->hardlimit = (SMB_BIG_UINT)D.dqb_bhardlimit;
+	dp->ihardlimit = (SMB_BIG_UINT)D.dqb_ihardlimit;
+	dp->isoftlimit = (SMB_BIG_UINT)D.dqb_isoftlimit;
+	dp->curinodes = (SMB_BIG_UINT)D.dqb_curinodes;
+
+#ifdef LINUX_QUOTAS_1
+	dp->curblocks = (SMB_BIG_UINT)D.dqb_curblocks;
+#else /* LINUX_QUOTAS_2 */
+	dp->curblocks = ((SMB_BIG_UINT)D.dqb_curspace)/ dp->bsize;
+#endif
+
+	return 0;
+}
+
+/****************************************************************************
+try to get the disk space from disk quotas (LINUX version)
+****************************************************************************/
+
+BOOL disk_quotas(const char *path, SMB_BIG_UINT *bsize, SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize)
+{
+	int r;
+	SMB_STRUCT_STAT S;
+	FILE *fp;
+	LINUX_SMB_DISK_QUOTA D;
+	struct mntent *mnt;
+	SMB_DEV_T devno;
+	int found;
+	uid_t euser_id;
+
+	euser_id = geteuid();
+  
+	/* find the block device file */
+  
+	if ( sys_stat(path, &S) == -1 )
+		return(False) ;
+
+	devno = S.st_dev ;
+  
+	fp = setmntent(MOUNTED,"r");
+	found = False ;
+  
+	while ((mnt = getmntent(fp))) {
+		if ( sys_stat(mnt->mnt_dir,&S) == -1 )
+			continue ;
+
+		if (S.st_dev == devno) {
+			found = True ;
+			break;
+		}
+	}
+
+	endmntent(fp) ;
+  
+	if (!found)
+		return(False);
+
+	save_re_uid();
+	set_effective_uid(0);  
+	if (strcmp(mnt->mnt_type, "xfs") == 0)
+		r=get_smb_linux_xfs_quota(mnt->mnt_fsname, euser_id, &D);
+	else
+		r=get_smb_linux_vfs_quota(mnt->mnt_fsname, euser_id, &D);
+	restore_re_uid();
+
+	/* Use softlimit to determine disk space, except when it has been exceeded */
+	*bsize = D.bsize;
+	if (r == -1) {
+		if (errno == EDQUOT) {
+			*dfree =0;
+			*dsize =D.curblocks;
+			return (True);
+		} else {
+			return(False);
+		}
+	}
+
+	/* Use softlimit to determine disk space, except when it has been exceeded */
+	if (
+		(D.softlimit && D.curblocks >= D.softlimit) ||
+		(D.hardlimit && D.curblocks >= D.hardlimit) ||
+		(D.isoftlimit && D.curinodes >= D.isoftlimit) ||
+		(D.ihardlimit && D.curinodes>=D.ihardlimit)
+	) {
+		*dfree = 0;
+		*dsize = D.curblocks;
+	} else if (D.softlimit==0 && D.hardlimit==0) {
+		return(False);
+	} else {
+		if (D.softlimit == 0)
+			D.softlimit = D.hardlimit;
+		*dfree = D.softlimit - D.curblocks;
+		*dsize = D.softlimit;
+	}
+
+	return (True);
+}
+
+#elif defined(CRAY)
+
+#include <sys/quota.h>
+#include <mntent.h>
+
+/****************************************************************************
+try to get the disk space from disk quotas (CRAY VERSION)
+****************************************************************************/
+
+BOOL disk_quotas(const char *path, SMB_BIG_UINT *bsize, SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize)
+{
+  struct mntent *mnt;
+  FILE *fd;
+  SMB_STRUCT_STAT sbuf;
+  SMB_DEV_T devno ;
+  static SMB_DEV_T devno_cached = 0 ;
+  static pstring name;
+  struct q_request request ;
+  struct qf_header header ;
+  static int quota_default = 0 ;
+  int found ;
+  
+  if ( sys_stat(path,&sbuf) == -1 )
+    return(False) ;
+  
+  devno = sbuf.st_dev ;
+  
+  if ( devno != devno_cached ) {
+    
+    devno_cached = devno ;
+    
+    if ((fd = setmntent(KMTAB)) == NULL)
+      return(False) ;
+    
+    found = False ;
+    
+    while ((mnt = getmntent(fd)) != NULL) {
+      
+      if ( sys_stat(mnt->mnt_dir,&sbuf) == -1 )
+	continue ;
+      
+      if (sbuf.st_dev == devno) {
+	
+	found = True ;
+	break ;
+	
+      }
+      
+    }
+    
+    pstrcpy(name,mnt->mnt_dir) ;
+    endmntent(fd) ;
+    
+    if ( ! found )
+      return(False) ;
+  }
+  
+  request.qf_magic = QF_MAGIC ;
+  request.qf_entry.id = geteuid() ;
+  
+  if (quotactl(name, Q_GETQUOTA, &request) == -1)
+    return(False) ;
+  
+  if ( ! request.user )
+    return(False) ;
+  
+  if ( request.qf_entry.user_q.f_quota == QFV_DEFAULT ) {
+    
+    if ( ! quota_default ) {
+      
+      if ( quotactl(name, Q_GETHEADER, &header) == -1 )
+	return(False) ;
+      else
+	quota_default = header.user_h.def_fq ;
+    }
+    
+    *dfree = quota_default ;
+    
+  }else if ( request.qf_entry.user_q.f_quota == QFV_PREVENT ) {
+    
+    *dfree = 0 ;
+    
+  }else{
+    
+    *dfree = request.qf_entry.user_q.f_quota ;
+    
+  }
+  
+  *dsize = request.qf_entry.user_q.f_use ;
+  
+  if ( *dfree < *dsize )
+    *dfree = 0 ;
+  else
+    *dfree -= *dsize ;
+  
+  *bsize = 4096 ;  /* Cray blocksize */
+  
+  return(True) ;
+  
+}
+
+
+#elif defined(SUNOS5) || defined(SUNOS4)
+
+#include <fcntl.h>
+#include <sys/param.h>
+#if defined(SUNOS5)
+#include <sys/fs/ufs_quota.h>
+#include <sys/mnttab.h>
+#include <sys/mntent.h>
+#else /* defined(SUNOS4) */
+#include <ufs/quota.h>
+#include <mntent.h>
+#endif
+
+#if defined(SUNOS5)
+
+/****************************************************************************
+ Allows querying of remote hosts for quotas on NFS mounted shares.
+ Supports normal NFS and AMD mounts.
+ Alan Romeril <a.romeril@ic.ac.uk> July 2K.
+****************************************************************************/
+
+#include <rpc/rpc.h>
+#include <rpc/types.h>
+#include <rpcsvc/rquota.h>
+#include <rpc/nettype.h>
+#include <rpc/xdr.h>
+
+static int quotastat;
+
+static int xdr_getquota_args(XDR *xdrsp, struct getquota_args *args)
+{
+	if (!xdr_string(xdrsp, &args->gqa_pathp, RQ_PATHLEN ))
+		return(0);
+	if (!xdr_int(xdrsp, &args->gqa_uid))
+		return(0);
+	return (1);
+}
+
+static int xdr_getquota_rslt(XDR *xdrsp, struct getquota_rslt *gqr)
+{
+	if (!xdr_int(xdrsp, &quotastat)) {
+		DEBUG(6,("nfs_quotas: Status bad or zero\n"));
+		return 0;
+	}
+	if (!xdr_int(xdrsp, &gqr->getquota_rslt_u.gqr_rquota.rq_bsize)) {
+		DEBUG(6,("nfs_quotas: Block size bad or zero\n"));
+		return 0;
+	}
+	if (!xdr_bool(xdrsp, &gqr->getquota_rslt_u.gqr_rquota.rq_active)) {
+		DEBUG(6,("nfs_quotas: Active bad or zero\n"));
+		return 0;
+	}
+	if (!xdr_int(xdrsp, &gqr->getquota_rslt_u.gqr_rquota.rq_bhardlimit)) {
+		DEBUG(6,("nfs_quotas: Hardlimit bad or zero\n"));
+		return 0;
+	}
+	if (!xdr_int(xdrsp, &gqr->getquota_rslt_u.gqr_rquota.rq_bsoftlimit)) {
+		DEBUG(6,("nfs_quotas: Softlimit bad or zero\n"));
+		return 0;
+	}
+	if (!xdr_int(xdrsp, &gqr->getquota_rslt_u.gqr_rquota.rq_curblocks)) {
+		DEBUG(6,("nfs_quotas: Currentblocks bad or zero\n"));
+		return 0;
+	}
+	return (1);
+}
+
+/* Restricted to SUNOS5 for the moment, I haven`t access to others to test. */ 
+static BOOL nfs_quotas(char *nfspath, uid_t euser_id, SMB_BIG_UINT *bsize, SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize)
+{
+	uid_t uid = euser_id;
+	struct dqblk D;
+	char *mnttype = nfspath;
+	CLIENT *clnt;
+	struct getquota_rslt gqr;
+	struct getquota_args args;
+	char *cutstr, *pathname, *host, *testpath;
+	int len;
+	static struct timeval timeout = {2,0};
+	enum clnt_stat clnt_stat;
+	BOOL ret = True;
+
+	*bsize = *dfree = *dsize = (SMB_BIG_UINT)0;
+
+	len=strcspn(mnttype, ":");
+	pathname=strstr(mnttype, ":");
+	cutstr = (char *) malloc(sizeof(char) * len );
+	if (!cutstr)
+		return False;
+
+	host = strncat(cutstr,mnttype, sizeof(char) * len );
+	DEBUG(5,("nfs_quotas: looking for mount on \"%s\"\n", cutstr));
+	DEBUG(5,("nfs_quotas: of path \"%s\"\n", mnttype));
+	testpath=strchr_m(mnttype, ':');
+	args.gqa_pathp = testpath+1;
+	args.gqa_uid = uid;
+
+	DEBUG(5,("nfs_quotas: Asking for host \"%s\" rpcprog \"%i\" rpcvers \"%i\" network \"%s\"\n", host, RQUOTAPROG, RQUOTAVERS, "udp"));
+
+	if ((clnt = clnt_create(host, RQUOTAPROG, RQUOTAVERS, "udp")) == NULL) {
+		ret = False;
+		goto out;
+	}
+
+	clnt->cl_auth = authunix_create_default();
+	DEBUG(9,("nfs_quotas: auth_success\n"));
+
+	clnt_stat=clnt_call(clnt, RQUOTAPROC_GETQUOTA, xdr_getquota_args, (caddr_t)&args, xdr_getquota_rslt, (caddr_t)&gqr, timeout);
+
+	if (clnt_stat != RPC_SUCCESS) {
+		DEBUG(9,("nfs_quotas: clnt_call fail\n"));
+		ret = False;
+		goto out;
+	}
+
+	/* 
+	 * quotastat returns 0 if the rpc call fails, 1 if quotas exist, 2 if there is
+	 * no quota set, and 3 if no permission to get the quota.  If 0 or 3 return
+	 * something sensible.
+	 */   
+
+	switch ( quotastat ) {
+	case 0:
+		DEBUG(9,("nfs_quotas: Remote Quotas Failed!  Error \"%i\" \n", quotastat ));
+		ret = False;
+		goto out;
+
+	case 1:
+		DEBUG(9,("nfs_quotas: Good quota data\n"));
+		D.dqb_bsoftlimit = gqr.getquota_rslt_u.gqr_rquota.rq_bsoftlimit;
+		D.dqb_bhardlimit = gqr.getquota_rslt_u.gqr_rquota.rq_bhardlimit;
+		D.dqb_curblocks = gqr.getquota_rslt_u.gqr_rquota.rq_curblocks;
+		break;
+
+	case 2:
+	case 3:
+		D.dqb_bsoftlimit = 1;
+		D.dqb_curblocks = 1;
+		DEBUG(9,("nfs_quotas: Remote Quotas returned \"%i\" \n", quotastat ));
+		break;
+
+	default:
+		DEBUG(9,("nfs_quotas: Remote Quotas Questionable!  Error \"%i\" \n", quotastat ));
+		break;
+	}
+
+	DEBUG(10,("nfs_quotas: Let`s look at D a bit closer... status \"%i\" bsize \"%i\" active? \"%i\" bhard \"%i\" bsoft \"%i\" curb \"%i\" \n",
+			quotastat,
+			gqr.getquota_rslt_u.gqr_rquota.rq_bsize,
+			gqr.getquota_rslt_u.gqr_rquota.rq_active,
+			gqr.getquota_rslt_u.gqr_rquota.rq_bhardlimit,
+			gqr.getquota_rslt_u.gqr_rquota.rq_bsoftlimit,
+			gqr.getquota_rslt_u.gqr_rquota.rq_curblocks));
+
+	*bsize = gqr.getquota_rslt_u.gqr_rquota.rq_bsize;
+	*dsize = D.dqb_bsoftlimit;
+
+	if (D.dqb_curblocks == D.dqb_curblocks == 1)
+		*bsize = 512;
+
+	if (D.dqb_curblocks > D.dqb_bsoftlimit) {
+		*dfree = 0;
+		*dsize = D.dqb_curblocks;
+	} else
+		*dfree = D.dqb_bsoftlimit - D.dqb_curblocks;
+
+  out:
+
+	if (clnt) {
+		if (clnt->cl_auth)
+			auth_destroy(clnt->cl_auth);
+		clnt_destroy(clnt);
+	}
+
+	DEBUG(5,("nfs_quotas: For path \"%s\" returning  bsize %.0f, dfree %.0f, dsize %.0f\n",args.gqa_pathp,(double)*bsize,(double)*dfree,(double)*dsize));
+
+	SAFE_FREE(cutstr);
+	DEBUG(10,("nfs_quotas: End of nfs_quotas\n" ));
+	return ret;
+}
+#endif
+
+/****************************************************************************
+try to get the disk space from disk quotas (SunOS & Solaris2 version)
+Quota code by Peter Urbanec (amiga@cse.unsw.edu.au).
+****************************************************************************/
+
+BOOL disk_quotas(const char *path, SMB_BIG_UINT *bsize, SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize)
+{
+	uid_t euser_id;
+	int ret;
+	struct dqblk D;
+#if defined(SUNOS5)
+	struct quotctl command;
+	int file;
+	static struct mnttab mnt;
+	static pstring name;
+	pstring devopt;
+#else /* SunOS4 */
+	struct mntent *mnt;
+	static pstring name;
+#endif
+	FILE *fd;
+	SMB_STRUCT_STAT sbuf;
+	SMB_DEV_T devno ;
+	static SMB_DEV_T devno_cached = 0 ;
+	static int found ;
+
+	euser_id = geteuid();
+  
+	if ( sys_stat(path,&sbuf) == -1 )
+		return(False) ;
+  
+	devno = sbuf.st_dev ;
+	DEBUG(5,("disk_quotas: looking for path \"%s\" devno=%x\n", path,(unsigned int)devno));
+	if ( devno != devno_cached ) {
+		devno_cached = devno ;
+#if defined(SUNOS5)
+		if ((fd = sys_fopen(MNTTAB, "r")) == NULL)
+			return(False) ;
+    
+		found = False ;
+		slprintf(devopt, sizeof(devopt) - 1, "dev=%x", (unsigned int)devno);
+		while (getmntent(fd, &mnt) == 0) {
+			if( !hasmntopt(&mnt, devopt) )
+				continue;
+
+			DEBUG(5,("disk_quotas: testing \"%s\" %s\n", mnt.mnt_mountp,devopt));
+
+			/* quotas are only on vxfs, UFS or NFS */
+			if ( strcmp( mnt.mnt_fstype, MNTTYPE_UFS ) == 0 ||
+				strcmp( mnt.mnt_fstype, "nfs" ) == 0    ||
+				strcmp( mnt.mnt_fstype, "vxfs" ) == 0  ) { 
+					found = True ;
+					break;
+			}
+		}
+    
+		pstrcpy(name,mnt.mnt_mountp) ;
+		pstrcat(name,"/quotas") ;
+		fclose(fd) ;
+#else /* SunOS4 */
+		if ((fd = setmntent(MOUNTED, "r")) == NULL)
+			return(False) ;
+    
+		found = False ;
+		while ((mnt = getmntent(fd)) != NULL) {
+			if ( sys_stat(mnt->mnt_dir,&sbuf) == -1 )
+				continue ;
+			DEBUG(5,("disk_quotas: testing \"%s\" devno=%x\n", mnt->mnt_dir,(unsigned int)sbuf.st_dev));
+			if (sbuf.st_dev == devno) {
+				found = True ;
+				break;
+			}
+		}
+    
+		pstrcpy(name,mnt->mnt_fsname) ;
+		endmntent(fd) ;
+#endif
+	}
+
+	if ( ! found )
+		return(False) ;
+
+	save_re_uid();
+	set_effective_uid(0);
+
+#if defined(SUNOS5)
+	if ( strcmp( mnt.mnt_fstype, "nfs" ) == 0) {
+		BOOL retval;
+		DEBUG(5,("disk_quotas: looking for mountpath (NFS) \"%s\"\n", mnt.mnt_special));
+		retval = nfs_quotas(mnt.mnt_special, euser_id, bsize, dfree, dsize);
+		restore_re_uid();
+		return retval;
+	}
+
+	DEBUG(5,("disk_quotas: looking for quotas file \"%s\"\n", name));
+	if((file=sys_open(name, O_RDONLY,0))<0) {
+		restore_re_uid();
+		return(False);
+	}
+	command.op = Q_GETQUOTA;
+	command.uid = euser_id;
+	command.addr = (caddr_t) &D;
+	ret = ioctl(file, Q_QUOTACTL, &command);
+	close(file);
+#else
+	DEBUG(5,("disk_quotas: trying quotactl on device \"%s\"\n", name));
+	ret = quotactl(Q_GETQUOTA, name, euser_id, &D);
+#endif
+
+	restore_re_uid();
+
+	if (ret < 0) {
+		DEBUG(5,("disk_quotas ioctl (Solaris) failed. Error = %s\n", strerror(errno) ));
+
+#if defined(SUNOS5) && defined(VXFS_QUOTA)
+		/* If normal quotactl() fails, try vxfs private calls */
+		set_effective_uid(euser_id);
+		DEBUG(5,("disk_quotas: mount type \"%s\"\n", mnt.mnt_fstype));
+		if ( 0 == strcmp ( mnt.mnt_fstype, "vxfs" )) {
+			BOOL retval;
+			retval = disk_quotas_vxfs(name, path, bsize, dfree, dsize);
+			return(retval);
+		}
+#else
+		return(False);
+#endif
+	}
+
+	/* If softlimit is zero, set it equal to hardlimit.
+	 */
+  
+	if (D.dqb_bsoftlimit==0)
+		D.dqb_bsoftlimit = D.dqb_bhardlimit;
+
+	/* Use softlimit to determine disk space. A user exceeding the quota is told
+	 * that there's no space left. Writes might actually work for a bit if the
+	 * hardlimit is set higher than softlimit. Effectively the disk becomes
+	 * made of rubber latex and begins to expand to accommodate the user :-)
+	 */
+
+	if (D.dqb_bsoftlimit==0)
+		return(False);
+	*bsize = DEV_BSIZE;
+	*dsize = D.dqb_bsoftlimit;
+
+	if (D.dqb_curblocks > D.dqb_bsoftlimit) {
+		*dfree = 0;
+		*dsize = D.dqb_curblocks;
+	} else
+		*dfree = D.dqb_bsoftlimit - D.dqb_curblocks;
+      
+	DEBUG(5,("disk_quotas for path \"%s\" returning  bsize %.0f, dfree %.0f, dsize %.0f\n",
+		path,(double)*bsize,(double)*dfree,(double)*dsize));
+
+	return(True);
+}
+
+
+#elif defined(OSF1)
+#include <ufs/quota.h>
+
+/****************************************************************************
+try to get the disk space from disk quotas - OSF1 version
+****************************************************************************/
+
+BOOL disk_quotas(const char *path, SMB_BIG_UINT *bsize, SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize)
+{
+  int r, save_errno;
+  struct dqblk D;
+  SMB_STRUCT_STAT S;
+  uid_t euser_id;
+
+  /*
+   * This code presumes that OSF1 will only
+   * give out quota info when the real uid 
+   * matches the effective uid. JRA.
+   */
+  euser_id = geteuid();
+  save_re_uid();
+  if (set_re_uid() != 0) return False;
+
+  r= quotactl(path,QCMD(Q_GETQUOTA, USRQUOTA),euser_id,(char *) &D);
+  if (r) {
+     save_errno = errno;
+  }
+
+  restore_re_uid();
+
+  *bsize = DEV_BSIZE;
+
+  if (r)
+  {
+      if (save_errno == EDQUOT)   /* disk quota exceeded */
+      {
+         *dfree = 0;
+         *dsize = D.dqb_curblocks;
+         return (True);
+      }
+      else
+         return (False);  
+  }
+
+  /* If softlimit is zero, set it equal to hardlimit.
+   */
+
+  if (D.dqb_bsoftlimit==0)
+    D.dqb_bsoftlimit = D.dqb_bhardlimit;
+
+  /* Use softlimit to determine disk space, except when it has been exceeded */
+
+  if (D.dqb_bsoftlimit==0)
+    return(False);
+
+  if ((D.dqb_curblocks>D.dqb_bsoftlimit)) {
+    *dfree = 0;
+    *dsize = D.dqb_curblocks;
+  } else {
+    *dfree = D.dqb_bsoftlimit - D.dqb_curblocks;
+    *dsize = D.dqb_bsoftlimit;
+  }
+  return (True);
+}
+
+#elif defined (IRIX6)
+/****************************************************************************
+try to get the disk space from disk quotas (IRIX 6.2 version)
+****************************************************************************/
+
+#include <sys/quota.h>
+#include <mntent.h>
+
+BOOL disk_quotas(const char *path, SMB_BIG_UINT *bsize, SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize)
+{
+  uid_t euser_id;
+  int r;
+  struct dqblk D;
+  struct fs_disk_quota        F;
+  SMB_STRUCT_STAT S;
+  FILE *fp;
+  struct mntent *mnt;
+  SMB_DEV_T devno;
+  int found;
+  
+  /* find the block device file */
+  
+  if ( sys_stat(path, &S) == -1 ) {
+    return(False) ;
+  }
+
+  devno = S.st_dev ;
+  
+  fp = setmntent(MOUNTED,"r");
+  found = False ;
+  
+  while ((mnt = getmntent(fp))) {
+    if ( sys_stat(mnt->mnt_dir,&S) == -1 )
+      continue ;
+    if (S.st_dev == devno) {
+      found = True ;
+      break ;
+    }
+  }
+  endmntent(fp) ;
+  
+  if (!found) {
+    return(False);
+  }
+
+  euser_id=geteuid();
+  save_re_uid();
+  set_effective_uid(0);  
+
+  /* Use softlimit to determine disk space, except when it has been exceeded */
+
+  *bsize = 512;
+
+  if ( 0 == strcmp ( mnt->mnt_type, "efs" ))
+  {
+    r=quotactl (Q_GETQUOTA, mnt->mnt_fsname, euser_id, (caddr_t) &D);
+
+    restore_re_uid();
+
+    if (r==-1)
+      return(False);
+        
+    /* Use softlimit to determine disk space, except when it has been exceeded */
+    if (
+        (D.dqb_bsoftlimit && D.dqb_curblocks>=D.dqb_bsoftlimit) ||
+        (D.dqb_bhardlimit && D.dqb_curblocks>=D.dqb_bhardlimit) ||
+        (D.dqb_fsoftlimit && D.dqb_curfiles>=D.dqb_fsoftlimit) ||
+        (D.dqb_fhardlimit && D.dqb_curfiles>=D.dqb_fhardlimit)
+       )
+    {
+      *dfree = 0;
+      *dsize = D.dqb_curblocks;
+    }
+    else if (D.dqb_bsoftlimit==0 && D.dqb_bhardlimit==0)
+    {
+      return(False);
+    }
+    else 
+    {
+      *dfree = D.dqb_bsoftlimit - D.dqb_curblocks;
+      *dsize = D.dqb_bsoftlimit;
+    }
+
+  }
+  else if ( 0 == strcmp ( mnt->mnt_type, "xfs" ))
+  {
+    r=quotactl (Q_XGETQUOTA, mnt->mnt_fsname, euser_id, (caddr_t) &F);
+
+    restore_re_uid();
+
+    if (r==-1)
+      return(False);
+        
+    /* Use softlimit to determine disk space, except when it has been exceeded */
+    if (
+        (F.d_blk_softlimit && F.d_bcount>=F.d_blk_softlimit) ||
+        (F.d_blk_hardlimit && F.d_bcount>=F.d_blk_hardlimit) ||
+        (F.d_ino_softlimit && F.d_icount>=F.d_ino_softlimit) ||
+        (F.d_ino_hardlimit && F.d_icount>=F.d_ino_hardlimit)
+       )
+    {
+      *dfree = 0;
+      *dsize = F.d_bcount;
+    }
+    else if (F.d_blk_softlimit==0 && F.d_blk_hardlimit==0)
+    {
+      return(False);
+    }
+    else 
+    {
+      *dfree = (F.d_blk_softlimit - F.d_bcount);
+      *dsize = F.d_blk_softlimit;
+    }
+
+  }
+  else
+  {
+	  restore_re_uid();
+	  return(False);
+  }
+
+  return (True);
+
+}
+
+#else
+
+#if    defined(__FreeBSD__) || defined(__OpenBSD__)
+#include <ufs/ufs/quota.h>
+#include <machine/param.h>
+#elif         AIX
+/* AIX quota patch from Ole Holm Nielsen <ohnielse@fysik.dtu.dk> */
+#include <jfs/quota.h>
+/* AIX 4.X: Rename members of the dqblk structure (ohnielse@fysik.dtu.dk) */
+#define dqb_curfiles dqb_curinodes
+#define dqb_fhardlimit dqb_ihardlimit
+#define dqb_fsoftlimit dqb_isoftlimit
+#else /* !__FreeBSD__ && !AIX && !__OpenBSD__ */
+#include <sys/quota.h>
+#include <devnm.h>
+#endif
+
+/****************************************************************************
+try to get the disk space from disk quotas - default version
+****************************************************************************/
+
+BOOL disk_quotas(const char *path, SMB_BIG_UINT *bsize, SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize)
+{
+  int r;
+  struct dqblk D;
+  uid_t euser_id;
+#if !defined(__FreeBSD__) && !defined(AIX) && !defined(__OpenBSD__)
+  char dev_disk[256];
+  SMB_STRUCT_STAT S;
+  /* find the block device file */
+  if ((sys_stat(path, &S)<0) ||
+      (devnm(S_IFBLK, S.st_dev, dev_disk, 256, 0)<0)) return (False);
+#endif
+
+  euser_id = geteuid();
+
+#ifdef HPUX
+  /* for HPUX, real uid must be same as euid to execute quotactl for euid */
+  save_re_uid();
+  if (set_re_uid() != 0) return False;
+  
+  r=quotactl(Q_GETQUOTA, dev_disk, euser_id, &D);
+
+  restore_re_uid();
+#else 
+#if defined(__FreeBSD__) || defined(__OpenBSD__)
+  {
+    /* FreeBSD patches from Marty Moll <martym@arbor.edu> */
+    gid_t egrp_id;
+ 
+    save_re_uid();
+    set_effective_uid(0);
+
+    egrp_id = getegid();
+    r= quotactl(path,QCMD(Q_GETQUOTA,USRQUOTA),euser_id,(char *) &D);
+
+    /* As FreeBSD has group quotas, if getting the user
+       quota fails, try getting the group instead. */
+    if (r) {
+	    r= quotactl(path,QCMD(Q_GETQUOTA,GRPQUOTA),egrp_id,(char *) &D);
+    }
+
+    restore_re_uid();
+  }
+#elif defined(AIX)
+  /* AIX has both USER and GROUP quotas: 
+     Get the USER quota (ohnielse@fysik.dtu.dk) */
+  r= quotactl(path,QCMD(Q_GETQUOTA,USRQUOTA),euser_id,(char *) &D);
+#else /* !__FreeBSD__ && !AIX && !__OpenBSD__ */
+  r=quotactl(Q_GETQUOTA, dev_disk, euser_id, &D);
+#endif /* !__FreeBSD__ && !AIX && !__OpenBSD__ */
+#endif /* HPUX */
+
+  /* Use softlimit to determine disk space, except when it has been exceeded */
+#if defined(__FreeBSD__) || defined(__OpenBSD__)
+  *bsize = DEV_BSIZE;
+#else /* !__FreeBSD__ && !__OpenBSD__ */
+  *bsize = 1024;
+#endif /*!__FreeBSD__ && !__OpenBSD__ */
+
+  if (r)
+    {
+      if (errno == EDQUOT) 
+	{
+ 	  *dfree =0;
+ 	  *dsize =D.dqb_curblocks;
+ 	  return (True);
+	}
+      else return(False);
+    }
+
+  /* If softlimit is zero, set it equal to hardlimit.
+   */
+
+  if (D.dqb_bsoftlimit==0)
+    D.dqb_bsoftlimit = D.dqb_bhardlimit;
+
+  if (D.dqb_bsoftlimit==0)
+    return(False);
+  /* Use softlimit to determine disk space, except when it has been exceeded */
+  if ((D.dqb_curblocks>D.dqb_bsoftlimit)
+#if !defined(__FreeBSD__) && !defined(__OpenBSD__)
+||((D.dqb_curfiles>D.dqb_fsoftlimit) && (D.dqb_fsoftlimit != 0))
+#endif
+    ) {
+      *dfree = 0;
+      *dsize = D.dqb_curblocks;
+    }
+  else {
+    *dfree = D.dqb_bsoftlimit - D.dqb_curblocks;
+    *dsize = D.dqb_bsoftlimit;
+  }
+  return (True);
+}
+
+#endif
+
+#if defined(VXFS_QUOTA)
+
+/****************************************************************************
+Try to get the disk space from Veritas disk quotas.
+    David Lee <T.D.Lee@durham.ac.uk> August 1999.
+
+Background assumptions:
+    Potentially under many Operating Systems.  Initially Solaris 2.
+
+    My guess is that Veritas is largely, though not entirely,
+    independent of OS.  So I have separated it out.
+
+    There may be some details.  For example, OS-specific "include" files.
+
+    It is understood that HPUX 10 somehow gets Veritas quotas without
+    any special effort; if so, this routine need not be compiled in.
+        Dirk De Wachter <Dirk.DeWachter@rug.ac.be>
+
+Warning:
+    It is understood that Veritas do not publicly support this ioctl interface.
+    Rather their preference would be for the user (us) to call the native
+    OS and then for the OS itself to call through to the VxFS filesystem.
+    Presumably HPUX 10, see above, does this.
+
+Hints for porting:
+    Add your OS to "IFLIST" below.
+    Get it to compile successfully:
+        Almost certainly "include"s require attention: see SUNOS5.
+    In the main code above, arrange for it to be called: see SUNOS5.
+    Test!
+    
+****************************************************************************/
+
+/* "IFLIST"
+ * This "if" is a list of ports:
+ *	if defined(OS1) || defined(OS2) || ...
+ */
+#if defined(SUNOS5)
+
+#if defined(SUNOS5)
+#include <sys/fs/vx_solaris.h>
+#endif
+#include <sys/fs/vx_machdep.h>
+#include <sys/fs/vx_layout.h>
+#include <sys/fs/vx_quota.h>
+#include <sys/fs/vx_aioctl.h>
+#include <sys/fs/vx_ioctl.h>
+
+BOOL disk_quotas_vxfs(const pstring name, char *path, SMB_BIG_UINT *bsize, SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize)
+{
+  uid_t user_id, euser_id;
+  int ret;
+  struct vx_dqblk D;
+  struct vx_quotctl quotabuf;
+  struct vx_genioctl genbuf;
+  pstring qfname;
+  int file;
+
+  /*
+   * "name" may or may not include a trailing "/quotas".
+   * Arranging consistency of calling here in "quotas.c" may not be easy and
+   * it might be easier to examine and adjust it here.
+   * Fortunately, VxFS seems not to mind at present.
+   */
+  pstrcpy(qfname, name) ;
+  /* pstrcat(qfname, "/quotas") ; */	/* possibly examine and adjust "name" */
+
+  euser_id = geteuid();
+  set_effective_uid(0);
+
+  DEBUG(5,("disk_quotas: looking for VxFS quotas file \"%s\"\n", qfname));
+  if((file=sys_open(qfname, O_RDONLY,0))<0) {
+    set_effective_uid(euser_id);
+    return(False);
+  }
+  genbuf.ioc_cmd = VX_QUOTACTL;
+  genbuf.ioc_up = (void *) &quotabuf;
+
+  quotabuf.cmd = VX_GETQUOTA;
+  quotabuf.uid = euser_id;
+  quotabuf.addr = (caddr_t) &D;
+  ret = ioctl(file, VX_ADMIN_IOCTL, &genbuf);
+  close(file);
+
+  set_effective_uid(euser_id);
+
+  if (ret < 0) {
+    DEBUG(5,("disk_quotas ioctl (VxFS) failed. Error = %s\n", strerror(errno) ));
+    return(False);
+  }
+
+  /* If softlimit is zero, set it equal to hardlimit.
+   */
+
+  if (D.dqb_bsoftlimit==0)
+    D.dqb_bsoftlimit = D.dqb_bhardlimit;
+
+  /* Use softlimit to determine disk space. A user exceeding the quota is told
+   * that there's no space left. Writes might actually work for a bit if the
+   * hardlimit is set higher than softlimit. Effectively the disk becomes
+   * made of rubber latex and begins to expand to accommodate the user :-)
+   */
+  DEBUG(5,("disk_quotas for path \"%s\" block c/s/h %ld/%ld/%ld; file c/s/h %ld/%ld/%ld\n",
+         path, D.dqb_curblocks, D.dqb_bsoftlimit, D.dqb_bhardlimit,
+         D.dqb_curfiles, D.dqb_fsoftlimit, D.dqb_fhardlimit));
+
+  if (D.dqb_bsoftlimit==0)
+    return(False);
+  *bsize = DEV_BSIZE;
+  *dsize = D.dqb_bsoftlimit;
+
+  if (D.dqb_curblocks > D.dqb_bsoftlimit) {
+     *dfree = 0;
+     *dsize = D.dqb_curblocks;
+  } else
+    *dfree = D.dqb_bsoftlimit - D.dqb_curblocks;
+      
+  DEBUG(5,("disk_quotas for path \"%s\" returning  bsize %.0f, dfree %.0f, dsize %.0f\n",
+         path,(double)*bsize,(double)*dfree,(double)*dsize));
+
+  return(True);
+}
+
+#endif /* SUNOS5 || ... */
+
+#endif /* VXFS_QUOTA */
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index b7b51775bb..fbb981781f 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -1,9 +1,9 @@
 /* 
-   Unix SMB/Netbios implementation.
-   Version 1.9.
+   Unix SMB/CIFS implementation.
    Main SMB reply routines
-   Copyright (C) Andrew Tridgell 1992-1995
-   
+   Copyright (C) Andrew Tridgell 1992-1998
+   Copyright (C) Andrew Bartlett      2001
+
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
@@ -25,222 +25,282 @@
 
 
 #include "includes.h"
-#include "loadparm.h"
-#include "trans2.h"
 
 /* look in server.c for some explanation of these variables */
 extern int Protocol;
-extern int DEBUGLEVEL;
-extern int chain_size;
-extern int maxxmit;
-extern int chain_fnum;
+extern int max_send;
+extern int max_recv;
 extern char magic_char;
-extern connection_struct Connections[];
-extern files_struct Files[];
 extern BOOL case_sensitive;
-extern pstring sesssetup_user;
-extern int Client;
+extern BOOL case_preserve;
+extern BOOL short_case_preserve;
+extern pstring global_myname;
+extern int global_oplock_break;
+unsigned int smb_echo_count = 0;
 
-/* this macro should always be used to extract an fnum (smb_fid) from
-a packet to ensure chaining works correctly */
-#define GETFNUM(buf,where) (chain_fnum!= -1?chain_fnum:SVAL(buf,where))
+extern fstring remote_machine;
+extern BOOL global_encrypted_passwords_negotiated;
 
 
 /****************************************************************************
   reply to an special message 
 ****************************************************************************/
+
 int reply_special(char *inbuf,char *outbuf)
 {
-  int outsize = 4;
-  int msg_type = CVAL(inbuf,0);
-  int msg_flags = CVAL(inbuf,1);
-  pstring name1,name2;
-  extern fstring remote_machine;
-  extern fstring local_machine;
-  char *p;
+	int outsize = 4;
+	int msg_type = CVAL(inbuf,0);
+	int msg_flags = CVAL(inbuf,1);
+	pstring name1,name2;
+
+	extern fstring local_machine;
+	int len;
+	char name_type = 0;
+	
+	*name1 = *name2 = 0;
+	
+	memset(outbuf,'\0',smb_size);
 
-  *name1 = *name2 = 0;
+	smb_setlen(outbuf,0);
+	
+	switch (msg_type) {
+	case 0x81: /* session request */
+		SCVAL(outbuf,0,0x82);
+		SCVAL(outbuf,3,0);
+		if (name_len(inbuf+4) > 50 || 
+		    name_len(inbuf+4 + name_len(inbuf + 4)) > 50) {
+			DEBUG(0,("Invalid name length in session request\n"));
+			return(0);
+		}
+		name_extract(inbuf,4,name1);
+		name_extract(inbuf,4 + name_len(inbuf + 4),name2);
+		DEBUG(2,("netbios connect: name1=%s name2=%s\n",
+			 name1,name2));      
+
+		fstrcpy(remote_machine,name2);
+		remote_machine[15] = 0;
+		trim_string(remote_machine," "," ");
+		strlower(remote_machine);
+		alpha_strcpy(remote_machine,remote_machine,SAFE_NETBIOS_CHARS,sizeof(remote_machine)-1);
+
+		fstrcpy(local_machine,name1);
+		len = strlen(local_machine);
+		if (len == 16) {
+			name_type = local_machine[15];
+			local_machine[15] = 0;
+		}
+		trim_string(local_machine," "," ");
+		strlower(local_machine);
+		alpha_strcpy(local_machine,local_machine,SAFE_NETBIOS_CHARS,sizeof(local_machine)-1);
+
+		DEBUG(2,("netbios connect: local=%s remote=%s\n",
+			local_machine, remote_machine ));
+
+		if (name_type == 'R') {
+			/* We are being asked for a pathworks session --- 
+			   no thanks! */
+			SCVAL(outbuf, 0,0x83);
+			break;
+		}
 
-  smb_setlen(outbuf,0);
+		/* only add the client's machine name to the list
+		   of possibly valid usernames if we are operating
+		   in share mode security */
+		if (lp_security() == SEC_SHARE) {
+			add_session_user(remote_machine);
+		}
 
-  switch (msg_type)
-    {
-    case 0x81: /* session request */
-      CVAL(outbuf,0) = 0x82;
-      CVAL(outbuf,3) = 0;
-      if (name_len(inbuf+4) > 50)
-	{
-	  DEBUG(0,("Invalid name length in session request\n"));
-	  return(0);
+		reload_services(True);
+		reopen_logs();
+
+		claim_connection(NULL,"",MAXSTATUS,True);
+
+		break;
+		
+	case 0x89: /* session keepalive request 
+		      (some old clients produce this?) */
+		SCVAL(outbuf,0,SMBkeepalive);
+		SCVAL(outbuf,3,0);
+		break;
+		
+	case 0x82: /* positive session response */
+	case 0x83: /* negative session response */
+	case 0x84: /* retarget session response */
+		DEBUG(0,("Unexpected session response\n"));
+		break;
+		
+	case SMBkeepalive: /* session keepalive */
+	default:
+		return(0);
 	}
-      name_extract(inbuf,4,name1);
-      name_extract(inbuf,4 + name_len(inbuf + 4),name2);
-      DEBUG(2,("netbios connect: name1=%s name2=%s\n",name1,name2));      
-
-      strcpy(remote_machine,name2);
-      trim_string(remote_machine," "," ");
-      p = strchr(remote_machine,' ');
-      strlower(remote_machine);
-      if (p) *p = 0;
-
-      strcpy(local_machine,name1);
-      trim_string(local_machine," "," ");
-      p = strchr(local_machine,' ');
-      strlower(local_machine);
-      if (p) *p = 0;
-
-      add_session_user(remote_machine);
-
-      reload_services(True);
-      reopen_logs();
-
-      break;
-    case 0x85: /* session keepalive */
-    default:
-      return(0);
-    }
-  
-  DEBUG(5,("%s init msg_type=0x%x msg_flags=0x%x\n",timestring(),msg_type,msg_flags));
-  
-  return(outsize);
-}
-
-
-/*******************************************************************
-work out what error to give to a failed connection
-********************************************************************/
-static int connection_error(char *inbuf,char *outbuf,int connection_num)
-{
-  switch (connection_num)
-    {
-    case -8:
-      return(ERROR(ERRSRV,ERRnoresource));
-    case -7:
-      return(ERROR(ERRSRV,ERRbaduid));
-    case -6:
-      return(ERROR(ERRSRV,ERRinvdevice));
-    case -5:
-      return(ERROR(ERRSRV,ERRinvnetname));
-    case -4:
-      return(ERROR(ERRSRV,ERRaccess));
-    case -3:
-      return(ERROR(ERRDOS,ERRnoipc));
-    case -2:
-      return(ERROR(ERRSRV,ERRinvnetname));
-    }
-  return(ERROR(ERRSRV,ERRbadpw));
+	
+	DEBUG(5,("init msg_type=0x%x msg_flags=0x%x\n",
+		    msg_type, msg_flags));
+	
+	return(outsize);
 }
 
 
 /****************************************************************************
-  reply to a tcon
+ Reply to a tcon.
 ****************************************************************************/
-int reply_tcon(char *inbuf,char *outbuf)
+
+int reply_tcon(connection_struct *conn,
+	       char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
 {
-  pstring service;
-  pstring user;
-  pstring password;
-  pstring dev;
-  int connection_num;
-  int outsize = 0;
-  int uid = SVAL(inbuf,smb_uid);
-  int vuid;
-  int pwlen;
+	pstring service;
+	pstring password;
+	pstring dev;
+	int outsize = 0;
+	uint16 vuid = SVAL(inbuf,smb_uid);
+	int pwlen=0;
+	NTSTATUS nt_status;
+	char *p;
+	DATA_BLOB password_blob;
+	
+	START_PROFILE(SMBtcon);
 
-  *service = *user = *password = *dev = 0;
+	*service = *password = *dev = 0;
 
-  vuid = valid_uid(uid);
-  
-  parse_connect(inbuf,service,user,password,&pwlen,dev);
+	p = smb_buf(inbuf)+1;
+	p += srvstr_pull(inbuf, service, p, sizeof(service), -1, STR_TERMINATE) + 1;
+	pwlen = srvstr_pull(inbuf, password, p, sizeof(password), -1, STR_TERMINATE) + 1;
+	p += pwlen;
+	p += srvstr_pull(inbuf, dev, p, sizeof(dev), -1, STR_TERMINATE) + 1;
+
+	p = strrchr_m(service,'\\');
+	if (p) {
+		pstrcpy(service, p+1);
+	}
+
+	password_blob = data_blob(password, pwlen+1);
+
+	conn = make_connection(service,password_blob,dev,vuid,&nt_status);
 
-  connection_num = make_connection(service,user,password,pwlen,dev,vuid);
+	data_blob_clear_free(&password_blob);
   
-  if (connection_num < 0)
-    return(connection_error(inbuf,outbuf,connection_num));
+	if (!conn) {
+		END_PROFILE(SMBtcon);
+		return ERROR_NT(nt_status);
+	}
   
-  outsize = set_message(outbuf,2,0,True);
-  SSVAL(outbuf,smb_vwv0,maxxmit);
-  SSVAL(outbuf,smb_vwv1,connection_num);
-  SSVAL(outbuf,smb_tid,connection_num);
+	outsize = set_message(outbuf,2,0,True);
+	SSVAL(outbuf,smb_vwv0,max_recv);
+	SSVAL(outbuf,smb_vwv1,conn->cnum);
+	SSVAL(outbuf,smb_tid,conn->cnum);
   
-  DEBUG(3,("%s tcon service=%s user=%s cnum=%d\n",timestring(),service,user,connection_num));
+	DEBUG(3,("tcon service=%s cnum=%d\n", 
+		 service, conn->cnum));
   
-  return(outsize);
+	END_PROFILE(SMBtcon);
+	return(outsize);
 }
 
-
 /****************************************************************************
-  reply to a tcon and X
+ Reply to a tcon and X.
 ****************************************************************************/
-int reply_tcon_and_X(char *inbuf,char *outbuf,int length,int bufsize)
+
+int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize)
 {
-  pstring service;
-  pstring user;
-  pstring password;
-  pstring devicename;
-  int connection_num;
-  int outsize = 0;
-  int uid = SVAL(inbuf,smb_uid);
-  int vuid;
-  int smb_com2 = SVAL(inbuf,smb_vwv0);
-  int smb_off2 = SVAL(inbuf,smb_vwv1);
-  int passlen = SVAL(inbuf,smb_vwv3);
+	fstring service;
+	DATA_BLOB password;
+	pstring devicename;
+	NTSTATUS nt_status;
+	uint16 vuid = SVAL(inbuf,smb_uid);
+	int passlen = SVAL(inbuf,smb_vwv3);
+	pstring path;
+	char *p, *q;
+	extern BOOL global_encrypted_passwords_negotiated;
+	START_PROFILE(SMBtconX);	
+
+	*service = *devicename = 0;
+
+	/* we might have to close an old one */
+	if ((SVAL(inbuf,smb_vwv2) & 0x1) && conn) {
+		close_cnum(conn,vuid);
+	}
 
-  *service = *user = *password = *devicename = 0;
+	if (passlen > MAX_PASS_LEN) {
+		return ERROR_DOS(ERRDOS,ERRbuftoosmall);
+	}
+ 
+	if (global_encrypted_passwords_negotiated) {
+		password = data_blob(smb_buf(inbuf),passlen);
+	} else {
+		password = data_blob(smb_buf(inbuf),passlen+1);
+		/* Ensure correct termination */
+		password.data[passlen]=0;    
+	}
 
-  /* we might have to close an old one */
-  if ((SVAL(inbuf,smb_vwv2) & 0x1) != 0)
-    close_cnum(SVAL(inbuf,smb_tid),uid);
-  
-  vuid = valid_uid(uid);
-  
-  {
-    char *path;
-    char *p;
-    memcpy(password,smb_buf(inbuf),passlen);
-    password[passlen]=0;
-    path = smb_buf(inbuf) + passlen;
-    DEBUG(4,("parsing net-path %s, passlen=%d\n",path,passlen));
-    strcpy(service,path+2);
-    p = strchr(service,'\\');
-    if (!p)
-      return(ERROR(ERRSRV,ERRinvnetname));
-    *p = 0;
-    strcpy(service,p+1);
-    p = strchr(service,'%');
-    if (p)
-      {
-	*p++ = 0;
-	strcpy(user,p);
-      }
-    StrnCpy(devicename,path + strlen(path) + 1,6);
-    DEBUG(4,("Got device type %s\n",devicename));
-  }
+	p = smb_buf(inbuf) + passlen;
+	p += srvstr_pull(inbuf, path, p, sizeof(path), -1, STR_TERMINATE);
+
+	/*
+	 * the service name can be either: \\server\share
+	 * or share directly like on the DELL PowerVault 705
+	 */
+	if (*path=='\\') {	
+		q = strchr_m(path+2,'\\');
+		if (!q) {
+			END_PROFILE(SMBtconX);
+			return(ERROR_DOS(ERRDOS,ERRnosuchshare));
+		}
+		fstrcpy(service,q+1);
+	}
+	else
+		fstrcpy(service,path);
+		
+	p += srvstr_pull(inbuf, devicename, p, sizeof(devicename), 6, STR_ASCII);
 
-  connection_num = make_connection(service,user,password,passlen,devicename,vuid);
-  
-  if (connection_num < 0)
-    return(connection_error(inbuf,outbuf,connection_num));
+	DEBUG(4,("Got device type %s\n",devicename));
 
-  outsize = set_message(outbuf,2,strlen(devicename)+1,True);
-  
-  DEBUG(3,("%s tconX service=%s user=%s cnum=%d\n",timestring(),service,user,connection_num));
-  
-  /* set the incoming and outgoing tid to the just created one */
-  SSVAL(inbuf,smb_tid,connection_num);
-  SSVAL(outbuf,smb_tid,connection_num);
+	conn = make_connection(service,password,devicename,vuid,&nt_status);
+	
+	data_blob_clear_free(&password);
 
-  CVAL(outbuf,smb_vwv0) = smb_com2;
-  SSVAL(outbuf,smb_vwv1,(chain_size + outsize)-4);
+	if (!conn) {
+		END_PROFILE(SMBtconX);
+		return ERROR_NT(nt_status);
+	}
 
-  strcpy(smb_buf(outbuf),devicename);
+	if (Protocol < PROTOCOL_NT1) {
+		set_message(outbuf,2,0,True);
+		p = smb_buf(outbuf);
+		p += srvstr_push(outbuf, p, devicename, -1, 
+				 STR_TERMINATE|STR_ASCII);
+		set_message_end(outbuf,p);
+	} else {
+		/* NT sets the fstype of IPC$ to the null string */
+		char *fsname = IS_IPC(conn) ? "" : lp_fstype(SNUM(conn));
+
+		set_message(outbuf,3,0,True);
+
+		p = smb_buf(outbuf);
+		p += srvstr_push(outbuf, p, devicename, -1, 
+				 STR_TERMINATE|STR_ASCII);
+		p += srvstr_push(outbuf, p, fsname, -1, 
+				 STR_TERMINATE);
+		
+		set_message_end(outbuf,p);
+		
+		/* what does setting this bit do? It is set by NT4 and
+		   may affect the ability to autorun mounted cdroms */
+		SSVAL(outbuf, smb_vwv2, SMB_SUPPORT_SEARCH_BITS|
+				(lp_csc_policy(SNUM(conn)) << 2));
+		
+		init_dfsroot(conn, inbuf, outbuf);
+	}
 
-  if (smb_com2 != 0xFF)
-    outsize += chain_reply(smb_com2,inbuf,inbuf+smb_off2+4,
-			   outbuf,outbuf+outsize,
-			   length,bufsize);
+  
+	DEBUG(3,("tconX service=%s \n",
+		 service));
+  
+	/* set the incoming and outgoing tid to the just created one */
+	SSVAL(inbuf,smb_tid,conn->cnum);
+	SSVAL(outbuf,smb_tid,conn->cnum);
 
-  return(outsize);
+	END_PROFILE(SMBtconX);
+	return chain_reply(inbuf,outbuf,length,bufsize);
 }
 
 
@@ -249,245 +309,105 @@ int reply_tcon_and_X(char *inbuf,char *outbuf,int length,int bufsize)
 ****************************************************************************/
 int reply_unknown(char *inbuf,char *outbuf)
 {
-  int cnum;
-  int type;
-  cnum = SVAL(inbuf,smb_tid);
-  type = CVAL(inbuf,smb_com);
+	int type;
+	type = CVAL(inbuf,smb_com);
   
-  DEBUG(0,("%s unknown command type (%s): cnum=%d type=%d (0x%X)\n",
-	timestring(),
-	smb_fn_name(type),
-	cnum,type,type));
+	DEBUG(0,("unknown command type (%s): type=%d (0x%X)\n",
+		 smb_fn_name(type), type, type));
   
-  return(ERROR(ERRSRV,ERRunknownsmb));
+	return(ERROR_DOS(ERRSRV,ERRunknownsmb));
 }
 
 
 /****************************************************************************
   reply to an ioctl
 ****************************************************************************/
-int reply_ioctl(char *inbuf,char *outbuf)
-{
-  DEBUG(3,("ignoring ioctl\n"));
-  
-  return(ERROR(ERRSRV,ERRnosupport));
-}
-
-
-/****************************************************************************
-reply to a session setup command
-****************************************************************************/
-int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize)
+int reply_ioctl(connection_struct *conn,
+		char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
 {
-  int outsize = 0;
-  int sess_uid;
-  int gid;
-  int   smb_com2;
-  int   smb_off2;       
-  int   smb_bufsize;    
-  int   smb_mpxmax;     
-  int   smb_vc_num;     
-  uint32   smb_sesskey;    
-  int   smb_apasslen;   
-  pstring smb_apasswd;
-  int   smb_ntpasslen = 0;   
-  pstring smb_ntpasswd;
-  BOOL valid_nt_password = False;
-  pstring user;
-  BOOL guest=False;
-
-  *smb_apasswd = 0;
-  
-  sess_uid = SVAL(inbuf,smb_uid);
-  smb_com2 = CVAL(inbuf,smb_vwv0);
-  smb_off2 = SVAL(inbuf,smb_vwv1);
-  smb_bufsize = SVAL(inbuf,smb_vwv2);
-  smb_mpxmax = SVAL(inbuf,smb_vwv3);
-  smb_vc_num = SVAL(inbuf,smb_vwv4);
-  smb_sesskey = IVAL(inbuf,smb_vwv5);
-
-  if (Protocol < PROTOCOL_NT1) {
-    smb_apasslen = SVAL(inbuf,smb_vwv7);
-    memcpy(smb_apasswd,smb_buf(inbuf),smb_apasslen);
-    StrnCpy(user,smb_buf(inbuf)+smb_apasslen,sizeof(user)-1);
-  } else {
-    uint16 passlen1 = SVAL(inbuf,smb_vwv7);
-    uint16 passlen2 = SVAL(inbuf,smb_vwv8);
-    BOOL doencrypt = SMBENCRYPT();
-    char *p = smb_buf(inbuf);
-    if (passlen1 > 256) passlen1 = 0;
-    if (passlen2 > 256) passlen2 = 0; /* I don't know why NT gives weird 
-					lengths sometimes */
-    if(doencrypt) {
-      /* Save the lanman2 password and the NT md4 password. */
-      smb_apasslen = passlen1;
-      memcpy(smb_apasswd,p,smb_apasslen);
-      smb_ntpasslen = passlen2;
-      memcpy(smb_ntpasswd,p+passlen1,smb_ntpasslen);
-    } else {
-      /* for Win95 */
-      if (passlen1 > passlen2) {
-	smb_apasslen = passlen1;
-	StrnCpy(smb_apasswd,p,smb_apasslen);
-      } else {
-	smb_apasslen = passlen2;
-	StrnCpy(smb_apasswd,p + passlen1,smb_apasslen);
-      }
-    }
-    if (passlen2 == 1) {
-      /* apparently NT sometimes sets passlen2 to 1 when it means 0. This
-	 tries to work around that problem */
-      passlen2 = 0;
-    }
-    p += passlen1 + passlen2;
-    strcpy(user,p); p = skip_string(p,1);
-    DEBUG(3,("Domain=[%s]  NativeOS=[%s] NativeLanMan=[%s]\n",
-	     p,skip_string(p,1),skip_string(p,2)));
-  }
-
-
-  DEBUG(3,("sesssetupX:name=[%s]\n",user));
-
-  if (!*user)
-    strcpy(user,lp_guestaccount(-1));
-
-  strlower(user);
-
-  strcpy(sesssetup_user,user);
-
-  reload_services(True);
+	uint16 device     = SVAL(inbuf,smb_vwv1);
+	uint16 function   = SVAL(inbuf,smb_vwv2);
+	uint32 ioctl_code = (device << 16) + function;
+	int replysize, outsize;
+	char *p;
+	files_struct *fsp = file_fsp(inbuf,smb_vwv0);
+	START_PROFILE(SMBioctl);
 
-  add_session_user(user);
+	DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
 
-
-  if (!(lp_security() == SEC_SERVER && server_validate(inbuf)) &&
-      !check_hosts_equiv(user))
-    {
-
-      if (strequal(user,lp_guestaccount(-1)) && (*smb_apasswd == 0))
-	guest = True;
-  
-      /* now check if it's a valid username/password */
-      /* If an NT password was supplied try and validate with that
-	 first. This is superior as the passwords are mixed case 128 length unicode */
-      if(smb_ntpasslen && !guest)
-	{
-	  if(!password_ok(user,smb_ntpasswd,smb_ntpasslen,NULL,True))
-	    DEBUG(0,("NT Password did not match ! Defaulting to Lanman\n"));
-	  else
-	    valid_nt_password = True;
-	} 
-      if (!valid_nt_password && !guest && !password_ok(user,smb_apasswd,smb_apasslen,NULL,False))
+	switch (ioctl_code)
 	{
-	  if (lp_security() >= SEC_USER) {
-#if (GUEST_SESSSETUP == 0)
-	    return(ERROR(ERRSRV,ERRbadpw));
-#endif
-#if (GUEST_SESSSETUP == 1)
-	    if (Get_Pwnam(user,True))
-	      return(ERROR(ERRSRV,ERRbadpw));
-#endif
-	  }
- 	  if (*smb_apasswd || !Get_Pwnam(user,True))
-	    strcpy(user,lp_guestaccount(-1));
-	  DEBUG(3,("Registered username %s for guest access\n",user));
-	  guest = True;
+	    case IOCTL_QUERY_JOB_INFO:
+		replysize = 32;
+		break;
+	    default:
+		END_PROFILE(SMBioctl);
+		return(ERROR_DOS(ERRSRV,ERRnosupport));
 	}
-    }
-
-  if (!Get_Pwnam(user,True)) {
-    DEBUG(3,("No such user %s - using guest account\n",user));
-    strcpy(user,lp_guestaccount(-1));
-    guest = True;
-  }
-
-  if (!strequal(user,lp_guestaccount(-1)) &&
-      lp_servicenumber(user) < 0)      
-    {
-      int homes = lp_servicenumber(HOMES_NAME);
-      char *home = get_home_dir(user);
-      if (homes >= 0 && home)
-	lp_add_home(user,homes,home);
-    }
-
-
-  /* it's ok - setup a reply */
-  if (Protocol < PROTOCOL_NT1) {
-    outsize = set_message(outbuf,3,0,True);
-  } else {
-    char *p;
-    outsize = set_message(outbuf,3,3,True);
-    p = smb_buf(outbuf);
-    strcpy(p,"Unix"); p = skip_string(p,1);
-    strcpy(p,"Samba "); strcat(p,VERSION); p = skip_string(p,1);
-    strcpy(p,my_workgroup()); p = skip_string(p,1);
-    outsize = set_message(outbuf,3,PTR_DIFF(p,smb_buf(outbuf)),False);
-    /* perhaps grab OS version here?? */
-  }
-
-  /* Set the correct uid in the outgoing and incoming packets
-     We will use this on future requests to determine which
-     user we should become.
-     */
-  {
-    struct passwd *pw = Get_Pwnam(user,False);
-    if (!pw) {
-      DEBUG(1,("Username %s is invalid on this system\n",user));
-      return(ERROR(ERRSRV,ERRbadpw));
-    }
-    gid = pw->pw_gid;
-    SSVAL(outbuf,smb_uid,(uint16)pw->pw_uid);
-    SSVAL(inbuf,smb_uid,(uint16)pw->pw_uid);
-  }
 
-  CVAL(outbuf,smb_vwv0) = smb_com2;
-  SSVAL(outbuf,smb_vwv1,(chain_size+outsize)-4);
+	outsize = set_message(outbuf,8,replysize+1,True);
+	SSVAL(outbuf,smb_vwv1,replysize); /* Total data bytes returned */
+	SSVAL(outbuf,smb_vwv5,replysize); /* Data bytes this buffer */
+	SSVAL(outbuf,smb_vwv6,52);        /* Offset to data */
+	p = smb_buf(outbuf) + 1;          /* Allow for alignment */
 
-  if (guest)
-    SSVAL(outbuf,smb_vwv2,1);
-
-  /* register the name and uid as being validated, so further connections
-     to a uid can get through without a password, on the same VC */
-  register_uid(SVAL(inbuf,smb_uid),gid,user,guest);
- 
-  maxxmit = MIN(maxxmit,smb_bufsize);
-
-  if (smb_com2 != 0xFF)
-    outsize += chain_reply(smb_com2,inbuf,inbuf+smb_off2+4,
-			   outbuf,outbuf+outsize,
-			   length,bufsize);
+	switch (ioctl_code)
+	{
+	    case IOCTL_QUERY_JOB_INFO:		    
+		SSVAL(p,0,fsp->print_jobid);             /* Job number */
+		srvstr_push(outbuf, p+2, global_myname, 15, STR_TERMINATE|STR_ASCII);
+		srvstr_push(outbuf, p+18, lp_servicename(SNUM(conn)), 13, STR_TERMINATE|STR_ASCII);
+		break;
+	}
 
-  return(outsize);
+	END_PROFILE(SMBioctl);
+	return outsize;
 }
 
-
 /****************************************************************************
   reply to a chkpth
 ****************************************************************************/
-int reply_chkpth(char *inbuf,char *outbuf)
+int reply_chkpth(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
 {
   int outsize = 0;
-  int cnum,mode;
+  int mode;
   pstring name;
   BOOL ok = False;
-  
-  cnum = SVAL(inbuf,smb_tid);
-  
-  strcpy(name,smb_buf(inbuf) + 1);
-  unix_convert(name,cnum);
+  BOOL bad_path = False;
+  SMB_STRUCT_STAT sbuf;
+  START_PROFILE(SMBchkpth);
+
+  srvstr_pull(inbuf, name, smb_buf(inbuf) + 1, sizeof(name), -1, STR_TERMINATE);
+
+  RESOLVE_DFSPATH(name, conn, inbuf, outbuf);
+
+  unix_convert(name,conn,0,&bad_path,&sbuf);
 
   mode = SVAL(inbuf,smb_vwv0);
 
-  if (check_name(name,cnum))
-    ok = directory_exist(name,NULL);
+  if (check_name(name,conn)) {
+    if (VALID_STAT(sbuf) || vfs_stat(conn,name,&sbuf) == 0)
+      ok = S_ISDIR(sbuf.st_mode);
+  }
+
+  if (!ok) {
+    /* We special case this - as when a Windows machine
+       is parsing a path is steps through the components
+       one at a time - if a component fails it expects
+       ERRbadpath, not ERRbadfile.
+     */
+    if(errno == ENOENT) {
+	    return ERROR_NT(NT_STATUS_OBJECT_PATH_NOT_FOUND);
+    }
+
+    return(UNIXERROR(ERRDOS,ERRbadpath));
+  }
 
-  if (!ok)
-    return(ERROR(ERRDOS,ERRbadpath));
-  
   outsize = set_message(outbuf,0,0,True);
-  
-  DEBUG(3,("%s chkpth %s cnum=%d mode=%d\n",timestring(),name,cnum,mode));
-  
+
+  DEBUG(3,("chkpth %s mode=%d\n", name, mode));
+
+  END_PROFILE(SMBchkpth);
   return(outsize);
 }
 
@@ -495,67 +415,75 @@ int reply_chkpth(char *inbuf,char *outbuf)
 /****************************************************************************
   reply to a getatr
 ****************************************************************************/
-int reply_getatr(char *inbuf,char *outbuf)
+int reply_getatr(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
 {
   pstring fname;
-  int cnum;
   int outsize = 0;
-  struct stat sbuf;
+  SMB_STRUCT_STAT sbuf;
   BOOL ok = False;
   int mode=0;
-  uint32 size=0;
+  SMB_OFF_T size=0;
   time_t mtime=0;
-  
-  cnum = SVAL(inbuf,smb_tid);
+  BOOL bad_path = False;
+  char *p;
+  START_PROFILE(SMBgetatr);
 
-  strcpy(fname,smb_buf(inbuf) + 1);
-  unix_convert(fname,cnum);
+  p = smb_buf(inbuf) + 1;
+  p += srvstr_pull(inbuf, fname, p, sizeof(fname), -1, STR_TERMINATE);
 
+  RESOLVE_DFSPATH(fname, conn, inbuf, outbuf);
+  
   /* dos smetimes asks for a stat of "" - it returns a "hidden directory"
      under WfWg - weird! */
   if (! (*fname))
-    {
-      mode = aHIDDEN | aDIR;
-      if (!CAN_WRITE(cnum)) mode |= aRONLY;
-      size = 0;
-      mtime = 0;
-      ok = True;
-    }
+  {
+    mode = aHIDDEN | aDIR;
+    if (!CAN_WRITE(conn)) mode |= aRONLY;
+    size = 0;
+    mtime = 0;
+    ok = True;
+  }
   else
-    if (check_name(fname,cnum))
+  {
+    unix_convert(fname,conn,0,&bad_path,&sbuf);
+    if (check_name(fname,conn))
+    {
+      if (VALID_STAT(sbuf) || vfs_stat(conn,fname,&sbuf) == 0)
       {
-	if (sys_stat(fname,&sbuf) == 0)
-	  {
-	    mode = dos_mode(cnum,fname,&sbuf);
-	    size = sbuf.st_size;
-	    mtime = sbuf.st_mtime;
-	    if (mode & aDIR)
-	      size = 0;
-	    ok = True;
-	  }
-	else
-	  DEBUG(3,("stat of %s failed (%s)\n",fname,strerror(errno)));
+        mode = dos_mode(conn,fname,&sbuf);
+        size = sbuf.st_size;
+        mtime = sbuf.st_mtime;
+        if (mode & aDIR)
+          size = 0;
+        ok = True;
+      }
+      else
+        DEBUG(3,("stat of %s failed (%s)\n",fname,strerror(errno)));
     }
+  }
   
   if (!ok)
+  {
+    set_bad_path_error(errno, bad_path);
+    END_PROFILE(SMBgetatr);
     return(UNIXERROR(ERRDOS,ERRbadfile));
-  
+  }
+ 
   outsize = set_message(outbuf,10,0,True);
 
   SSVAL(outbuf,smb_vwv0,mode);
-  put_dos_date3(outbuf,smb_vwv1,mtime);
-  SIVAL(outbuf,smb_vwv3,size);
+  if(lp_dos_filetime_resolution(SNUM(conn)) )
+    put_dos_date3(outbuf,smb_vwv1,mtime & ~1);
+  else
+    put_dos_date3(outbuf,smb_vwv1,mtime);
+  SIVAL(outbuf,smb_vwv3,(uint32)size);
 
-  if (Protocol >= PROTOCOL_NT1) {
-    char *p = strrchr(fname,'/');
-    uint16 flg2 = SVAL(outbuf,smb_flg2);
-    if (!p) p = fname;
-    if (!is_8_3(fname))
-      SSVAL(outbuf,smb_flg2,flg2 | 0x40); /* IS_LONG_NAME */
-  }
+  if (Protocol >= PROTOCOL_NT1)
+	  SSVAL(outbuf,smb_flg2,SVAL(outbuf, smb_flg2) | FLAGS2_IS_LONG_NAME);
   
-  DEBUG(3,("%s getatr name=%s mode=%d size=%d\n",timestring(),fname,mode,size));
+  DEBUG( 3, ( "getatr name=%s mode=%d size=%d\n", fname, mode, (uint32)size ) );
   
+  END_PROFILE(SMBgetatr);
   return(outsize);
 }
 
@@ -563,37 +491,48 @@ int reply_getatr(char *inbuf,char *outbuf)
 /****************************************************************************
   reply to a setatr
 ****************************************************************************/
-int reply_setatr(char *inbuf,char *outbuf)
+int reply_setatr(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
 {
   pstring fname;
-  int cnum;
   int outsize = 0;
   BOOL ok=False;
   int mode;
   time_t mtime;
-  
-  cnum = SVAL(inbuf,smb_tid);
-  
-  strcpy(fname,smb_buf(inbuf) + 1);
-  unix_convert(fname,cnum);
+  SMB_STRUCT_STAT sbuf;
+  BOOL bad_path = False;
+  char *p;
+
+  START_PROFILE(SMBsetatr);
+
+  p = smb_buf(inbuf) + 1;
+  p += srvstr_pull(inbuf, fname, p, sizeof(fname), -1, STR_TERMINATE);
+  unix_convert(fname,conn,0,&bad_path,&sbuf);
 
   mode = SVAL(inbuf,smb_vwv0);
   mtime = make_unix_date3(inbuf+smb_vwv1);
   
-  if (directory_exist(fname,NULL))
+  if (VALID_STAT_OF_DIR(sbuf))
     mode |= aDIR;
-  if (check_name(fname,cnum))
-    ok =  (dos_chmod(cnum,fname,mode,NULL) == 0);
+  else
+    mode &= ~aDIR;
+
+  if (check_name(fname,conn))
+    ok =  (file_chmod(conn,fname,mode,NULL) == 0);
   if (ok)
-    ok = set_filetime(fname,mtime);
+    ok = set_filetime(conn,fname,mtime);
   
   if (!ok)
+  {
+    set_bad_path_error(errno, bad_path);
+    END_PROFILE(SMBsetatr);
     return(UNIXERROR(ERRDOS,ERRnoaccess));
-  
+  }
+ 
   outsize = set_message(outbuf,0,0,True);
   
-  DEBUG(3,("%s setatr name=%s mode=%d\n",timestring(),fname,mode));
+  DEBUG( 3, ( "setatr name=%s mode=%d\n", fname, mode ) );
   
+  END_PROFILE(SMBsetatr);
   return(outsize);
 }
 
@@ -601,15 +540,13 @@ int reply_setatr(char *inbuf,char *outbuf)
 /****************************************************************************
   reply to a dskattr
 ****************************************************************************/
-int reply_dskattr(char *inbuf,char *outbuf)
+int reply_dskattr(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
 {
-  int cnum;
   int outsize = 0;
-  int dfree,dsize,bsize;
+  SMB_BIG_UINT dfree,dsize,bsize;
+  START_PROFILE(SMBdskattr);
   
-  cnum = SVAL(inbuf,smb_tid);
-  
-  sys_disk_free(".",&bsize,&dfree,&dsize);
+  conn->vfs_ops.disk_free(conn,".",True,&bsize,&dfree,&dsize);
   
   outsize = set_message(outbuf,5,0,True);
   
@@ -617,9 +554,10 @@ int reply_dskattr(char *inbuf,char *outbuf)
   SSVAL(outbuf,smb_vwv1,bsize/512);
   SSVAL(outbuf,smb_vwv2,512);
   SSVAL(outbuf,smb_vwv3,dfree);
-  
-  DEBUG(3,("%s dskattr cnum=%d dfree=%d\n",timestring(),cnum,dfree));
-  
+
+  DEBUG(3,("dskattr dfree=%d\n", (unsigned int)dfree));
+
+  END_PROFILE(SMBdskattr);
   return(outsize);
 }
 
@@ -628,15 +566,15 @@ int reply_dskattr(char *inbuf,char *outbuf)
   reply to a search
   Can be called from SMBsearch, SMBffirst or SMBfunique.
 ****************************************************************************/
-int reply_search(char *inbuf,char *outbuf)
+int reply_search(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
 {
   pstring mask;
   pstring directory;
   pstring fname;
-  int size,mode;
+  SMB_OFF_T size;
+  int mode;
   time_t date;
   int dirtype;
-  int cnum;
   int outsize = 0;
   int numentries = 0;
   BOOL finished = False;
@@ -645,12 +583,14 @@ int reply_search(char *inbuf,char *outbuf)
   char *p;
   BOOL ok = False;
   int status_len;
-  char *path;
+  pstring path;
   char status[21];
   int dptr_num= -1;
   BOOL check_descend = False;
   BOOL expect_close = False;
   BOOL can_open = True;
+  BOOL bad_path = False;
+  START_PROFILE(SMBsearch);
 
   *mask = *directory = *fname = 0;
 
@@ -658,197 +598,171 @@ int reply_search(char *inbuf,char *outbuf)
   if(CVAL(inbuf,smb_com) == SMBffirst)
     expect_close = True;
   
-  cnum = SVAL(inbuf,smb_tid);
-
   outsize = set_message(outbuf,1,3,True);
   maxentries = SVAL(inbuf,smb_vwv0); 
   dirtype = SVAL(inbuf,smb_vwv1);
-  path = smb_buf(inbuf) + 1;
-  status_len = SVAL(smb_buf(inbuf),3 + strlen(path));
-
+  p = smb_buf(inbuf) + 1;
+  p += srvstr_pull(inbuf, path, p, sizeof(path), -1, STR_TERMINATE);
+  p++;
+  status_len = SVAL(p, 0);
+  p += 2;
   
   /* dirtype &= ~aDIR; */
   
-  DEBUG(5,("path=%s status_len=%d\n",path,status_len));
-
-  
   if (status_len == 0)
-    {
-      pstring dir2;
-
-      strcpy(directory,smb_buf(inbuf)+1);
-      strcpy(dir2,smb_buf(inbuf)+1);
-      unix_convert(directory,cnum);
-      unix_format(dir2);
+  {
+    SMB_STRUCT_STAT sbuf;
+    pstring dir2;
 
-      if (!check_name(directory,cnum))
-	can_open = False;
+    pstrcpy(directory,path);
+    pstrcpy(dir2,path);
+    unix_convert(directory,conn,0,&bad_path,&sbuf);
+    unix_format(dir2);
 
-      p = strrchr(dir2,'/');
-      if (p == NULL) 
-	{strcpy(mask,dir2);*dir2 = 0;}
-      else
-	{*p = 0;strcpy(mask,p+1);}
-
-      p = strrchr(directory,'/');
-      if (!p) 
-	*directory = 0;
-      else
-	*p = 0;
+    if (!check_name(directory,conn))
+      can_open = False;
 
-      if (strlen(directory) == 0)
-	strcpy(directory,"./");
-      bzero(status,21);
-      CVAL(status,0) = dirtype;
+    p = strrchr_m(dir2,'/');
+    if (p == NULL) 
+    {
+      pstrcpy(mask,dir2);
+      *dir2 = 0;
     }
-  else
+    else
     {
-      memcpy(status,smb_buf(inbuf) + 1 + strlen(path) + 4,21);
-      memcpy(mask,status+1,11);
-      mask[11] = 0;
-      dirtype = CVAL(status,0) & 0x1F;
-      Connections[cnum].dirptr = dptr_fetch(status+12,&dptr_num);      
-      if (!Connections[cnum].dirptr)
-	goto SearchEmpty;
-      string_set(&Connections[cnum].dirpath,dptr_path(dptr_num));
-      if (!case_sensitive)
-	strnorm(mask);
+      *p = 0;
+      pstrcpy(mask,p+1);
     }
 
-  /* turn strings of spaces into a . */  
+    p = strrchr_m(directory,'/');
+    if (!p) 
+      *directory = 0;
+    else
+      *p = 0;
+
+    if (strlen(directory) == 0)
+      pstrcpy(directory,"./");
+    memset((char *)status,'\0',21);
+    SCVAL(status,0,dirtype);
+  }
+  else
   {
-    trim_string(mask,NULL," ");
-    if ((p = strrchr(mask,' ')))
-      {
-	fstring ext;
-	strcpy(ext,p+1);
-	*p = 0;
-	trim_string(mask,NULL," ");
-	strcat(mask,".");
-	strcat(mask,ext);
-      }
+    memcpy(status,p,21);
+    dirtype = CVAL(status,0) & 0x1F;
+    conn->dirptr = dptr_fetch(status+12,&dptr_num);      
+    if (!conn->dirptr)
+      goto SearchEmpty;
+    string_set(&conn->dirpath,dptr_path(dptr_num));
+    fstrcpy(mask, dptr_wcard(dptr_num));
   }
 
+  if (can_open)
   {
-    for (p=mask; *p; p++)
+    p = smb_buf(outbuf) + 3;
+      
+    ok = True;
+     
+    if (status_len == 0)
+    {
+      dptr_num = dptr_create(conn,directory,True,expect_close,SVAL(inbuf,smb_pid));
+      if (dptr_num < 0)
       {
-	if (*p != '?' && *p != '*' && !isdoschar(*p))
-	  {
-	    DEBUG(5,("Invalid char [%c] in search mask?\n",*p));
-	    *p = '?';
-	  }
+        if(dptr_num == -2)
+        {
+          set_bad_path_error(errno, bad_path);
+          END_PROFILE(SMBsearch);
+          return (UNIXERROR(ERRDOS,ERRnofids));
+        }
+		END_PROFILE(SMBsearch);
+        return ERROR_DOS(ERRDOS,ERRnofids);
       }
-  }
-
-  if (!strchr(mask,'.') && strlen(mask)>8)
-    {
-      fstring tmp;
-      strcpy(tmp,&mask[8]);
-      mask[8] = '.';
-      mask[9] = 0;
-      strcat(mask,tmp);
+      dptr_set_wcard(dptr_num, strdup(mask));
     }
 
-  DEBUG(5,("mask=%s directory=%s\n",mask,directory));
-  
-  if (can_open)
-    {
-      p = smb_buf(outbuf) + 3;
-      
-      ok = True;
-      
-      if (status_len == 0)
-	{
-	  dptr_num = dptr_create(cnum,directory,expect_close,SVAL(inbuf,smb_pid));
-	  if (dptr_num < 0)
-	    return(ERROR(ERRDOS,ERRnofids));
-	}
-
-      DEBUG(4,("dptr_num is %d\n",dptr_num));
+    DEBUG(4,("dptr_num is %d\n",dptr_num));
 
-      if (ok)
-	{
-	  if ((dirtype&0x1F) == aVOLID)
-	    {	  
-	      memcpy(p,status,21);
-	      make_dir_struct(p,"???????????",volume_label(SNUM(cnum)),0,aVOLID,0);
-	      dptr_fill(p+12,dptr_num);
-	      if (dptr_zero(p+12) && (status_len==0))
-		numentries = 1;
-	      else
-		numentries = 0;
-	      p += DIR_STRUCT_SIZE;
-	    }
-	  else 
-	    {
-	      DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",Connections[cnum].dirpath,lp_dontdescend(SNUM(cnum))));
-	      if (in_list(Connections[cnum].dirpath,
-			  lp_dontdescend(SNUM(cnum)),True))
-		check_descend = True;
-
-	      for (i=numentries;(i<maxentries) && !finished;i++)
-		{
-		  finished = 
-		    !get_dir_entry(cnum,mask,dirtype,fname,&size,&mode,&date,check_descend);
-		  if (!finished)
-		    {
-		      memcpy(p,status,21);
-		      make_dir_struct(p,mask,fname,size,mode,date);
-		      dptr_fill(p+12,dptr_num);
-		      numentries++;
-		    }
-		  p += DIR_STRUCT_SIZE;
-		}
-	    }
-	}
-    }
+    if (ok)
+    {
+      if ((dirtype&0x1F) == aVOLID)
+      {	  
+        memcpy(p,status,21);
+        make_dir_struct(p,"???????????",volume_label(SNUM(conn)),0,aVOLID,0);
+        dptr_fill(p+12,dptr_num);
+        if (dptr_zero(p+12) && (status_len==0))
+          numentries = 1;
+        else
+          numentries = 0;
+        p += DIR_STRUCT_SIZE;
+      }
+      else 
+      {
+        DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
+              conn->dirpath,lp_dontdescend(SNUM(conn))));
+        if (in_list(conn->dirpath, lp_dontdescend(SNUM(conn)),True))
+          check_descend = True;
+
+        for (i=numentries;(i<maxentries) && !finished;i++)
+        {
+          finished = 
+            !get_dir_entry(conn,mask,dirtype,fname,&size,&mode,&date,check_descend);
+          if (!finished)
+          {
+            memcpy(p,status,21);
+            make_dir_struct(p,mask,fname,size,mode,date);
+            dptr_fill(p+12,dptr_num);
+            numentries++;
+	  }
+	  p += DIR_STRUCT_SIZE;
+        }
+      }
+	} /* if (ok ) */
+  }
 
 
- SearchEmpty:
+  SearchEmpty:
 
   if (numentries == 0 || !ok)
-    {
-      CVAL(outbuf,smb_rcls) = ERRDOS;
-      SSVAL(outbuf,smb_err,ERRnofiles);
-    }
+  {
+    SCVAL(outbuf,smb_rcls,ERRDOS);
+    SSVAL(outbuf,smb_err,ERRnofiles);
+    dptr_close(&dptr_num);
+  }
 
   /* If we were called as SMBffirst with smb_search_id == NULL
      and no entries were found then return error and close dirptr 
      (X/Open spec) */
 
   if(ok && expect_close && numentries == 0 && status_len == 0)
-    {
-      CVAL(outbuf,smb_rcls) = ERRDOS;
-      SSVAL(outbuf,smb_err,ERRnofiles);
-      /* Also close the dptr - we know it's gone */
-      dptr_close(dptr_num);
-    }
+  {
+    SCVAL(outbuf,smb_rcls,ERRDOS);
+    SSVAL(outbuf,smb_err,ERRnofiles);
+    /* Also close the dptr - we know it's gone */
+    dptr_close(&dptr_num);
+  }
 
   /* If we were called as SMBfunique, then we can close the dirptr now ! */
   if(dptr_num >= 0 && CVAL(inbuf,smb_com) == SMBfunique)
-    dptr_close(dptr_num);
+    dptr_close(&dptr_num);
 
   SSVAL(outbuf,smb_vwv0,numentries);
   SSVAL(outbuf,smb_vwv1,3 + numentries * DIR_STRUCT_SIZE);
-  CVAL(smb_buf(outbuf),0) = 5;
+  SCVAL(smb_buf(outbuf),0,5);
   SSVAL(smb_buf(outbuf),1,numentries*DIR_STRUCT_SIZE);
 
-  if (Protocol >= PROTOCOL_NT1) {
-    uint16 flg2 = SVAL(outbuf,smb_flg2);
-    SSVAL(outbuf,smb_flg2,flg2 | 0x40); /* IS_LONG_NAME */
-  }
+  if (Protocol >= PROTOCOL_NT1)
+    SSVAL(outbuf,smb_flg2,SVAL(outbuf, smb_flg2) | FLAGS2_IS_LONG_NAME);
   
   outsize += DIR_STRUCT_SIZE*numentries;
   smb_setlen(outbuf,outsize - 4);
   
   if ((! *directory) && dptr_path(dptr_num))
-    sprintf(directory,"(%s)",dptr_path(dptr_num));
+    slprintf(directory, sizeof(directory)-1, "(%s)",dptr_path(dptr_num));
 
-  DEBUG(4,("%s %s mask=%s path=%s cnum=%d dtype=%d nument=%d of %d\n",
-	timestring(),
-	smb_fn_name(CVAL(inbuf,smb_com)), 
-	mask,directory,cnum,dirtype,numentries,maxentries));
+  DEBUG( 4, ( "%s mask=%s path=%s dtype=%d nument=%d of %d\n",
+        smb_fn_name(CVAL(inbuf,smb_com)), 
+        mask, directory, dirtype, numentries, maxentries ) );
 
+  END_PROFILE(SMBsearch);
   return(outsize);
 }
 
@@ -856,36 +770,41 @@ int reply_search(char *inbuf,char *outbuf)
 /****************************************************************************
   reply to a fclose (stop directory search)
 ****************************************************************************/
-int reply_fclose(char *inbuf,char *outbuf)
+int reply_fclose(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
 {
-  int cnum;
   int outsize = 0;
   int status_len;
-  char *path;
+  pstring path;
   char status[21];
-  int dptr_num= -1;
+  int dptr_num= -2;
+  char *p;
 
-  cnum = SVAL(inbuf,smb_tid);
+  START_PROFILE(SMBfclose);
 
   outsize = set_message(outbuf,1,0,True);
-  path = smb_buf(inbuf) + 1;
-  status_len = SVAL(smb_buf(inbuf),3 + strlen(path));
-
-  
-  if (status_len == 0)
-    return(ERROR(ERRSRV,ERRsrverror));
+  p = smb_buf(inbuf) + 1;
+  p += srvstr_pull(inbuf, path, p, sizeof(path), -1, STR_TERMINATE);
+  p++;
+  status_len = SVAL(p,0);
+  p += 2;
+
+  if (status_len == 0) {
+    END_PROFILE(SMBfclose);
+    return ERROR_DOS(ERRSRV,ERRsrverror);
+  }
 
-  memcpy(status,smb_buf(inbuf) + 1 + strlen(path) + 4,21);
+  memcpy(status,p,21);
 
   if(dptr_fetch(status+12,&dptr_num)) {
     /*  Close the dptr - we know it's gone */
-    dptr_close(dptr_num);
+    dptr_close(&dptr_num);
   }
 
   SSVAL(outbuf,smb_vwv0,0);
 
-  DEBUG(3,("%s search close cnum=%d\n",timestring(),cnum));
+  DEBUG(3,("search close\n"));
 
+  END_PROFILE(SMBfclose);
   return(outsize);
 }
 
@@ -893,63 +812,71 @@ int reply_fclose(char *inbuf,char *outbuf)
 /****************************************************************************
   reply to an open
 ****************************************************************************/
-int reply_open(char *inbuf,char *outbuf)
+
+int reply_open(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
 {
   pstring fname;
-  int cnum;
-  int fnum = -1;
   int outsize = 0;
   int fmode=0;
   int share_mode;
-  int size = 0;
+  SMB_OFF_T size = 0;
   time_t mtime=0;
-  int unixmode;
+  mode_t unixmode;
   int rmode=0;
-  struct stat sbuf;
-  
-  cnum = SVAL(inbuf,smb_tid);
-
+  SMB_STRUCT_STAT sbuf;
+  BOOL bad_path = False;
+  files_struct *fsp;
+  int oplock_request = CORE_OPLOCK_REQUEST(inbuf);
+  START_PROFILE(SMBopen);
+ 
   share_mode = SVAL(inbuf,smb_vwv0);
 
-  strcpy(fname,smb_buf(inbuf)+1);
-  unix_convert(fname,cnum);
-    
-  fnum = find_free_file();
-  if (fnum < 0)
-    return(ERROR(ERRSRV,ERRnofids));
+  srvstr_pull(inbuf, fname, smb_buf(inbuf)+1, sizeof(fname), -1, STR_TERMINATE);
 
-  if (!check_name(fname,cnum))
-    return(UNIXERROR(ERRDOS,ERRnoaccess));
-  
-  unixmode = unix_mode(cnum,aARCH);
+  RESOLVE_DFSPATH(fname, conn, inbuf, outbuf);
+
+  unix_convert(fname,conn,0,&bad_path,&sbuf);
+    
+  unixmode = unix_mode(conn,aARCH,fname);
       
-  open_file_shared(fnum,cnum,fname,share_mode,3,unixmode,&rmode,NULL);
+  fsp = open_file_shared(conn,fname,&sbuf,share_mode,(FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN),
+                   unixmode, oplock_request,&rmode,NULL);
 
-  if (!Files[fnum].open)
+  if (!fsp)
+  {
+    set_bad_path_error(errno, bad_path);
+    END_PROFILE(SMBopen);
     return(UNIXERROR(ERRDOS,ERRnoaccess));
-
-  if (fstat(Files[fnum].fd,&sbuf) != 0) {
-    close_file(fnum);
-    return(ERROR(ERRDOS,ERRnoaccess));
   }
-    
+
   size = sbuf.st_size;
-  fmode = dos_mode(cnum,fname,&sbuf);
+  fmode = dos_mode(conn,fname,&sbuf);
   mtime = sbuf.st_mtime;
 
   if (fmode & aDIR) {
     DEBUG(3,("attempt to open a directory %s\n",fname));
-    close_file(fnum);
-    return(ERROR(ERRDOS,ERRnoaccess));
+    close_file(fsp,False);
+    END_PROFILE(SMBopen);
+    return ERROR_DOS(ERRDOS,ERRnoaccess);
   }
   
   outsize = set_message(outbuf,7,0,True);
-  SSVAL(outbuf,smb_vwv0,fnum);
+  SSVAL(outbuf,smb_vwv0,fsp->fnum);
   SSVAL(outbuf,smb_vwv1,fmode);
-  put_dos_date3(outbuf,smb_vwv2,mtime);
-  SIVAL(outbuf,smb_vwv4,size);
+  if(lp_dos_filetime_resolution(SNUM(conn)) )
+    put_dos_date3(outbuf,smb_vwv2,mtime & ~1);
+  else
+    put_dos_date3(outbuf,smb_vwv2,mtime);
+  SIVAL(outbuf,smb_vwv4,(uint32)size);
   SSVAL(outbuf,smb_vwv6,rmode);
+
+  if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
+    SCVAL(outbuf,smb_flg,CVAL(outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
+  }
     
+  if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type))
+    SCVAL(outbuf,smb_flg,CVAL(outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
+  END_PROFILE(SMBopen);
   return(outsize);
 }
 
@@ -957,165 +884,211 @@ int reply_open(char *inbuf,char *outbuf)
 /****************************************************************************
   reply to an open and X
 ****************************************************************************/
-int reply_open_and_X(char *inbuf,char *outbuf,int length,int bufsize)
+int reply_open_and_X(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize)
 {
   pstring fname;
-  int cnum = SVAL(inbuf,smb_tid);
-  int fnum = -1;
-  int outsize = 0;
-  int openmode = 0;
-  int smb_com2 = CVAL(inbuf,smb_vwv0);
-  int smb_off2 = SVAL(inbuf,smb_vwv1);
   int smb_mode = SVAL(inbuf,smb_vwv3);
   int smb_attr = SVAL(inbuf,smb_vwv5);
+  /* Breakout the oplock request bits so we can set the
+     reply bits separately. */
+  BOOL ex_oplock_request = EXTENDED_OPLOCK_REQUEST(inbuf);
+  BOOL core_oplock_request = CORE_OPLOCK_REQUEST(inbuf);
+  BOOL oplock_request = ex_oplock_request | core_oplock_request;
 #if 0
   int open_flags = SVAL(inbuf,smb_vwv2);
   int smb_sattr = SVAL(inbuf,smb_vwv4); 
   uint32 smb_time = make_unix_date3(inbuf+smb_vwv6);
 #endif
   int smb_ofun = SVAL(inbuf,smb_vwv8);
-  int unixmode;
-  int size=0,fmode=0,mtime=0,rmode=0;
-  struct stat sbuf;
+  mode_t unixmode;
+  SMB_OFF_T size=0;
+  int fmode=0,mtime=0,rmode=0;
+  SMB_STRUCT_STAT sbuf;
   int smb_action = 0;
+  BOOL bad_path = False;
+  files_struct *fsp;
+  START_PROFILE(SMBopenX);
+
+  /* If it's an IPC, pass off the pipe handler. */
+  if (IS_IPC(conn)) {
+    if (lp_nt_pipe_support()) {
+	    END_PROFILE(SMBopenX);
+	    return reply_open_pipe_and_X(conn, inbuf,outbuf,length,bufsize);
+    } else {
+		END_PROFILE(SMBopenX);
+        return ERROR_DOS(ERRSRV,ERRaccess);
+    }
+  }
 
   /* XXXX we need to handle passed times, sattr and flags */
+  srvstr_pull(inbuf, fname, smb_buf(inbuf), sizeof(fname), -1, STR_TERMINATE);
 
-  strcpy(fname,smb_buf(inbuf));
-  unix_convert(fname,cnum);
-    
-  /* now add create and trunc bits */
-  if (smb_ofun & 0x10)
-    openmode |= O_CREAT;
-  if ((smb_ofun & 0x3) == 2)
-    openmode |= O_TRUNC;
-  
-  fnum = find_free_file();
-  if (fnum < 0)
-    return(ERROR(ERRSRV,ERRnofids));
-
-  if (!check_name(fname,cnum))
-    return(UNIXERROR(ERRDOS,ERRnoaccess));
+  RESOLVE_DFSPATH(fname, conn, inbuf, outbuf);
 
-  unixmode = unix_mode(cnum,smb_attr | aARCH);
+  unix_convert(fname,conn,0,&bad_path,&sbuf);
+    
+  unixmode = unix_mode(conn,smb_attr | aARCH, fname);
       
-  open_file_shared(fnum,cnum,fname,smb_mode,smb_ofun,unixmode,
-		   &rmode,&smb_action);
+  fsp = open_file_shared(conn,fname,&sbuf,smb_mode,smb_ofun,unixmode,
+	               oplock_request, &rmode,&smb_action);
       
-  if (!Files[fnum].open)
+  if (!fsp)
+  {
+    set_bad_path_error(errno, bad_path);
+    END_PROFILE(SMBopenX);
     return(UNIXERROR(ERRDOS,ERRnoaccess));
-
-  if (fstat(Files[fnum].fd,&sbuf) != 0) {
-    close_file(fnum);
-    return(ERROR(ERRDOS,ERRnoaccess));
   }
 
   size = sbuf.st_size;
-  fmode = dos_mode(cnum,fname,&sbuf);
+  fmode = dos_mode(conn,fname,&sbuf);
   mtime = sbuf.st_mtime;
   if (fmode & aDIR) {
-    close_file(fnum);
-    return(ERROR(ERRDOS,ERRnoaccess));
+    close_file(fsp,False);
+    END_PROFILE(SMBopenX);
+    return ERROR_DOS(ERRDOS,ERRnoaccess);
   }
 
-  outsize = set_message(outbuf,15,0,True);
-  CVAL(outbuf,smb_vwv0) = smb_com2;
-  SSVAL(outbuf,smb_vwv1,(chain_size+outsize)-4);
-  SSVAL(outbuf,smb_vwv2,fnum);
+  /* If the caller set the extended oplock request bit
+     and we granted one (by whatever means) - set the
+     correct bit for extended oplock reply.
+   */
+
+  if (ex_oplock_request && lp_fake_oplocks(SNUM(conn))) {
+    smb_action |= EXTENDED_OPLOCK_GRANTED;
+  }
+
+  if(ex_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
+    smb_action |= EXTENDED_OPLOCK_GRANTED;
+  }
+
+  /* If the caller set the core oplock request bit
+     and we granted one (by whatever means) - set the
+     correct bit for core oplock reply.
+   */
+
+  if (core_oplock_request && lp_fake_oplocks(SNUM(conn))) {
+    SCVAL(outbuf,smb_flg,CVAL(outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
+  }
+
+  if(core_oplock_request && EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
+    SCVAL(outbuf,smb_flg,CVAL(outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
+  }
+
+  set_message(outbuf,15,0,True);
+  SSVAL(outbuf,smb_vwv2,fsp->fnum);
   SSVAL(outbuf,smb_vwv3,fmode);
-  put_dos_date3(outbuf,smb_vwv4,mtime);
-  SIVAL(outbuf,smb_vwv6,size);
+  if(lp_dos_filetime_resolution(SNUM(conn)) )
+    put_dos_date3(outbuf,smb_vwv4,mtime & ~1);
+  else
+    put_dos_date3(outbuf,smb_vwv4,mtime);
+  SIVAL(outbuf,smb_vwv6,(uint32)size);
   SSVAL(outbuf,smb_vwv8,rmode);
   SSVAL(outbuf,smb_vwv11,smb_action);
 
-  chain_fnum = fnum;
-
-  if (smb_com2 != 0xFF)
-    outsize += chain_reply(smb_com2,inbuf,inbuf+smb_off2+4,
-			   outbuf,outbuf+outsize,
-			   length,bufsize);
-
-  chain_fnum = -1;
-  
-  return(outsize);
+  END_PROFILE(SMBopenX);
+  return chain_reply(inbuf,outbuf,length,bufsize);
 }
 
 
 /****************************************************************************
   reply to a SMBulogoffX
 ****************************************************************************/
-int reply_ulogoffX(char *inbuf,char *outbuf,int length,int bufsize)
+int reply_ulogoffX(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize)
 {
-  int outsize = 0;
-  int smb_com2 = CVAL(inbuf,smb_vwv0);
-  int smb_off2 = SVAL(inbuf,smb_vwv1);
-  int uid = SVAL(inbuf,smb_uid);
+  uint16 vuid = SVAL(inbuf,smb_uid);
+  user_struct *vuser = get_valid_user_struct(vuid);
+  START_PROFILE(SMBulogoffX);
 
-  invalidate_uid(uid);
+  if(vuser == 0) {
+    DEBUG(3,("ulogoff, vuser id %d does not map to user.\n", vuid));
+  }
 
-  outsize = set_message(outbuf,2,0,True);
-  CVAL(outbuf,smb_vwv0) = smb_com2;
-  SSVAL(outbuf,smb_vwv1,(chain_size+outsize)-4);
+  /* in user level security we are supposed to close any files
+     open by this user */
+  if ((vuser != 0) && (lp_security() != SEC_SHARE)) {
+	  file_close_user(vuid);
+  }
 
-  DEBUG(3,("%s ulogoffX uid=%d\n",timestring(),uid));
+  invalidate_vuid(vuid);
 
-  if (smb_com2 != 0xFF)
-    outsize += chain_reply(smb_com2,inbuf,inbuf+smb_off2+4,
-			   outbuf,outbuf+outsize,
-			   length,bufsize);
+  set_message(outbuf,2,0,True);
 
-  
-  return(outsize);
+  DEBUG( 3, ( "ulogoffX vuid=%d\n", vuid ) );
+
+  END_PROFILE(SMBulogoffX);
+  return chain_reply(inbuf,outbuf,length,bufsize);
 }
 
 
 /****************************************************************************
-  reply to a mknew
+  reply to a mknew or a create
 ****************************************************************************/
-int reply_mknew(char *inbuf,char *outbuf)
+int reply_mknew(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
 {
   pstring fname;
-  int cnum,com;
-  int fnum = -1;
+  int com;
   int outsize = 0;
   int createmode;
   mode_t unixmode;
-  
+  int ofun = 0;
+  BOOL bad_path = False;
+  files_struct *fsp;
+  int oplock_request = CORE_OPLOCK_REQUEST(inbuf);
+  SMB_STRUCT_STAT sbuf;
+  START_PROFILE(SMBcreate);
+ 
   com = SVAL(inbuf,smb_com);
-  cnum = SVAL(inbuf,smb_tid);
 
   createmode = SVAL(inbuf,smb_vwv0);
-  strcpy(fname,smb_buf(inbuf)+1);
-  unix_convert(fname,cnum);
+  srvstr_pull(inbuf, fname, smb_buf(inbuf) + 1, sizeof(fname), -1, STR_TERMINATE);
 
-  if (createmode & aVOLID)
-    {
+  RESOLVE_DFSPATH(fname, conn, inbuf, outbuf);
+
+  unix_convert(fname,conn,0,&bad_path,&sbuf);
+
+  if (createmode & aVOLID) {
       DEBUG(0,("Attempt to create file (%s) with volid set - please report this\n",fname));
-    }
+  }
   
-  unixmode = unix_mode(cnum,createmode);
+  unixmode = unix_mode(conn,createmode,fname);
   
-  if (com == SMBmknew && file_exist(fname,NULL))
-    return(ERROR(ERRDOS,ERRfilexists));
-    
-  fnum = find_free_file();
-  if (fnum < 0)
-    return(ERROR(ERRSRV,ERRnofids));
-
-  if (!check_name(fname,cnum))
-    return(UNIXERROR(ERRDOS,ERRnoaccess));
+  if(com == SMBmknew)
+  {
+    /* We should fail if file exists. */
+    ofun = FILE_CREATE_IF_NOT_EXIST;
+  }
+  else
+  {
+    /* SMBcreate - Create if file doesn't exist, truncate if it does. */
+    ofun = FILE_CREATE_IF_NOT_EXIST|FILE_EXISTS_TRUNCATE;
+  }
 
-  open_file(fnum,cnum,fname,O_RDWR | O_CREAT | O_TRUNC,unixmode);
+  /* Open file in dos compatibility share mode. */
+  fsp = open_file_shared(conn,fname,&sbuf,SET_DENY_MODE(DENY_FCB)|SET_OPEN_MODE(DOS_OPEN_FCB), 
+                   ofun, unixmode, oplock_request, NULL, NULL);
   
-  if (!Files[fnum].open)
+  if (!fsp)
+  {
+    set_bad_path_error(errno, bad_path);
+    END_PROFILE(SMBcreate);
     return(UNIXERROR(ERRDOS,ERRnoaccess));
-  
+  }
+ 
   outsize = set_message(outbuf,1,0,True);
-  SSVAL(outbuf,smb_vwv0,fnum);
-  
-  DEBUG(2,("new file %s\n",fname));
-  DEBUG(3,("%s mknew %s fd=%d fnum=%d cnum=%d dmode=%d umode=%o\n",timestring(),fname,Files[fnum].fd,fnum,cnum,createmode,unixmode));
-  
+  SSVAL(outbuf,smb_vwv0,fsp->fnum);
+
+  if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
+    SCVAL(outbuf,smb_flg,CVAL(outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
+  }
+ 
+  if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type))
+    SCVAL(outbuf,smb_flg,CVAL(outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
+ 
+  DEBUG( 2, ( "new file %s\n", fname ) );
+  DEBUG( 3, ( "mknew %s fd=%d dmode=%d umode=%o\n",
+        fname, fsp->fd, createmode, (int)unixmode ) );
+
+  END_PROFILE(SMBcreate);
   return(outsize);
 }
 
@@ -1123,343 +1096,561 @@ int reply_mknew(char *inbuf,char *outbuf)
 /****************************************************************************
   reply to a create temporary file
 ****************************************************************************/
-int reply_ctemp(char *inbuf,char *outbuf)
+int reply_ctemp(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
 {
   pstring fname;
-  pstring fname2;
-  int cnum;
-  int fnum = -1;
   int outsize = 0;
   int createmode;
   mode_t unixmode;
-  
-  cnum = SVAL(inbuf,smb_tid);
+  BOOL bad_path = False;
+  files_struct *fsp;
+  int oplock_request = CORE_OPLOCK_REQUEST(inbuf);
+  int tmpfd;
+  SMB_STRUCT_STAT sbuf;
+  char *p, *s;
+
+  START_PROFILE(SMBctemp);
+
   createmode = SVAL(inbuf,smb_vwv0);
-  sprintf(fname,"%s/TMXXXXXX",smb_buf(inbuf)+1);
-  unix_convert(fname,cnum);
+  srvstr_pull(inbuf, fname, smb_buf(inbuf)+1, sizeof(fname), -1, STR_TERMINATE);
+  pstrcat(fname,"\\TMXXXXXX");
+
+  RESOLVE_DFSPATH(fname, conn, inbuf, outbuf);
+
+  unix_convert(fname,conn,0,&bad_path,&sbuf);
   
-  unixmode = unix_mode(cnum,createmode);
+  unixmode = unix_mode(conn,createmode,fname);
   
-  fnum = find_free_file();
-  if (fnum < 0)
-    return(ERROR(ERRSRV,ERRnofids));
+  tmpfd = smb_mkstemp(fname);
+  if (tmpfd == -1) {
+      END_PROFILE(SMBctemp);
+      return(UNIXERROR(ERRDOS,ERRnoaccess));
+  }
 
-  if (!check_name(fname,cnum))
-    return(UNIXERROR(ERRDOS,ERRnoaccess));
+  vfs_stat(conn,fname,&sbuf);
 
-  strcpy(fname2,(char *)mktemp(fname));
+  /* Open file in dos compatibility share mode. */
+  /* We should fail if file does not exist. */
+  fsp = open_file_shared(conn,fname,&sbuf,
+			 SET_DENY_MODE(DENY_FCB)|SET_OPEN_MODE(DOS_OPEN_FCB),
+			 FILE_EXISTS_OPEN|FILE_FAIL_IF_NOT_EXIST,
+			 unixmode, oplock_request, NULL, NULL);
 
-  open_file(fnum,cnum,fname2,O_RDWR | O_CREAT | O_TRUNC,unixmode);
+  /* close fd from smb_mkstemp() */
+  close(tmpfd);
 
-  if (!Files[fnum].open)
+  if (!fsp) {
+    set_bad_path_error(errno, bad_path);
+    END_PROFILE(SMBctemp);
     return(UNIXERROR(ERRDOS,ERRnoaccess));
+  }
 
-  outsize = set_message(outbuf,1,2 + strlen(fname2),True);
-  SSVAL(outbuf,smb_vwv0,fnum);
-  CVAL(smb_buf(outbuf),0) = 4;
-  strcpy(smb_buf(outbuf) + 1,fname2);
-  
-  DEBUG(2,("created temp file %s\n",fname2));
-  DEBUG(3,("%s ctemp %s fd=%d fnum=%d cnum=%d dmode=%d umode=%o\n",timestring(),fname2,Files[fnum].fd,fnum,cnum,createmode,unixmode));
+  outsize = set_message(outbuf,1,0,True);
+  SSVAL(outbuf,smb_vwv0,fsp->fnum);
+
+  /* the returned filename is relative to the directory */
+  s = strrchr_m(fname, '/');
+  if (!s) {
+	  s = fname;
+  } else {
+	  s++;
+  }
+
+  p = smb_buf(outbuf);
+  SSVALS(p, 0, -1); /* what is this? not in spec */
+  SSVAL(p, 2, strlen(s));
+  p += 4;
+  p += srvstr_push(outbuf, p, s, -1, STR_ASCII);
+  outsize = set_message_end(outbuf, p);
+
+  if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
+	  SCVAL(outbuf,smb_flg,CVAL(outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
+  }
   
+  if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type))
+	  SCVAL(outbuf,smb_flg,CVAL(outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
+
+  DEBUG( 2, ( "created temp file %s\n", fname ) );
+  DEBUG( 3, ( "ctemp %s fd=%d dmode=%d umode=%o\n",
+        fname, fsp->fd, createmode, (int)unixmode ) );
+
+  END_PROFILE(SMBctemp);
   return(outsize);
 }
 
+/*******************************************************************
+ Check if a user is allowed to rename a file.
+********************************************************************/
+
+static NTSTATUS can_rename(char *fname,connection_struct *conn, SMB_STRUCT_STAT *pst)
+{
+	int smb_action;
+	int access_mode;
+	files_struct *fsp;
+
+	if (!CAN_WRITE(conn))
+		return NT_STATUS_MEDIA_WRITE_PROTECTED;
+	
+	if (S_ISDIR(pst->st_mode))
+		return NT_STATUS_OK;
+
+	/* We need a better way to return NT status codes from open... */
+	unix_ERR_class = 0;
+	unix_ERR_code = 0;
+
+	fsp = open_file_shared1(conn, fname, pst, DELETE_ACCESS, SET_DENY_MODE(DENY_ALL),
+		(FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), 0, 0, &access_mode, &smb_action);
+
+	if (!fsp) {
+		NTSTATUS ret = NT_STATUS_ACCESS_DENIED;
+		if (unix_ERR_class == ERRDOS && unix_ERR_code == ERRbadshare)
+			ret = NT_STATUS_SHARING_VIOLATION;
+		unix_ERR_class = 0;
+		unix_ERR_code = 0;
+		return ret;
+	}
+	close_file(fsp,False);
+	return NT_STATUS_OK;
+}
 
 /*******************************************************************
-check if a user is allowed to delete a file
+ Check if a user is allowed to delete a file.
 ********************************************************************/
-static BOOL can_delete(char *fname,int cnum,int dirtype)
+
+static NTSTATUS can_delete(char *fname,connection_struct *conn, int dirtype)
 {
-  struct stat sbuf;
-  int fmode;
-
-  if (!CAN_WRITE(cnum)) return(False);
-
-  if (sys_lstat(fname,&sbuf) != 0) return(False);
-  fmode = dos_mode(cnum,fname,&sbuf);
-  if (fmode & aDIR) return(False);
-  if (fmode & aRONLY) return(False);
-  if ((fmode & ~dirtype) & (aHIDDEN | aSYSTEM))
-    return(False);
-  if (!check_file_sharing(cnum,fname)) return(False);
-  return(True);
+	SMB_STRUCT_STAT sbuf;
+	int fmode;
+	int smb_action;
+	int access_mode;
+	files_struct *fsp;
+
+	if (!CAN_WRITE(conn))
+		return NT_STATUS_MEDIA_WRITE_PROTECTED;
+
+	if (conn->vfs_ops.lstat(conn,fname,&sbuf) != 0)
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+
+	fmode = dos_mode(conn,fname,&sbuf);
+	if (fmode & aDIR)
+		return NT_STATUS_FILE_IS_A_DIRECTORY;
+	if (!lp_delete_readonly(SNUM(conn))) {
+		if (fmode & aRONLY)
+			return NT_STATUS_CANNOT_DELETE;
+	}
+	if ((fmode & ~dirtype) & (aHIDDEN | aSYSTEM))
+		return NT_STATUS_CANNOT_DELETE;
+
+	/* We need a better way to return NT status codes from open... */
+	unix_ERR_class = 0;
+	unix_ERR_code = 0;
+
+	fsp = open_file_shared1(conn, fname, &sbuf, DELETE_ACCESS, SET_DENY_MODE(DENY_ALL),
+		(FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), 0, 0, &access_mode, &smb_action);
+
+	if (!fsp) {
+		NTSTATUS ret = NT_STATUS_ACCESS_DENIED;
+		if (unix_ERR_class == ERRDOS && unix_ERR_code == ERRbadshare)
+			ret = NT_STATUS_SHARING_VIOLATION;
+		unix_ERR_class = 0;
+		unix_ERR_code = 0;
+		return ret;
+	}
+	close_file(fsp,False);
+	return NT_STATUS_OK;
 }
 
 /****************************************************************************
-  reply to a unlink
+ The guts of the unlink command, split out so it may be called by the NT SMB
+ code.
 ****************************************************************************/
-int reply_unlink(char *inbuf,char *outbuf)
+
+NTSTATUS unlink_internals(connection_struct *conn, int dirtype, char *name)
 {
-  int outsize = 0;
-  pstring name;
-  int cnum;
-  int dirtype;
-  pstring directory;
-  pstring mask;
-  char *p;
-  int count=0;
-  int error = ERRnoaccess;
-  BOOL has_wild;
-  BOOL exists=False;
+	pstring directory;
+	pstring mask;
+	char *p;
+	int count=0;
+	NTSTATUS error = NT_STATUS_OK;
+	BOOL has_wild;
+	BOOL bad_path = False;
+	BOOL rc = True;
+	SMB_STRUCT_STAT sbuf;
+	
+	*directory = *mask = 0;
+	
+	rc = unix_convert(name,conn,0,&bad_path,&sbuf);
+	
+	p = strrchr_m(name,'/');
+	if (!p) {
+		pstrcpy(directory,".");
+		pstrcpy(mask,name);
+	} else {
+		*p = 0;
+		pstrcpy(directory,name);
+		pstrcpy(mask,p+1);
+	}
+	
+	/*
+	 * We should only check the mangled cache
+	 * here if unix_convert failed. This means
+	 * that the path in 'mask' doesn't exist
+	 * on the file system and so we need to look
+	 * for a possible mangle. This patch from
+	 * Tine Smukavec <valentin.smukavec@hermes.si>.
+	 */
+	
+	if (!rc && mangle_is_mangled(mask))
+		mangle_check_cache( mask );
+	
+	has_wild = ms_has_wild(mask);
+	
+	if (!has_wild) {
+		pstrcat(directory,"/");
+		pstrcat(directory,mask);
+		error = can_delete(directory,conn,dirtype);
+		if (!NT_STATUS_IS_OK(error)) return error;
+
+		if (vfs_unlink(conn,directory) == 0) {
+			count++;
+		}
+	} else {
+		void *dirptr = NULL;
+		char *dname;
+		
+		if (check_name(directory,conn))
+			dirptr = OpenDir(conn, directory, True);
+		
+		/* XXXX the CIFS spec says that if bit0 of the flags2 field is set then
+		   the pattern matches against the long name, otherwise the short name 
+		   We don't implement this yet XXXX
+		*/
+		
+		if (dirptr) {
+			error = NT_STATUS_OBJECT_NAME_NOT_FOUND;
+			
+			if (strequal(mask,"????????.???"))
+				pstrcpy(mask,"*");
+
+			while ((dname = ReadDirName(dirptr))) {
+				pstring fname;
+				pstrcpy(fname,dname);
+				
+				if(!mask_match(fname, mask, case_sensitive)) continue;
+				
+				slprintf(fname,sizeof(fname)-1, "%s/%s",directory,dname);
+				error = can_delete(fname,conn,dirtype);
+				if (!NT_STATUS_IS_OK(error)) continue;
+				if (vfs_unlink(conn,fname) == 0) count++;
+				DEBUG(3,("unlink_internals: succesful unlink [%s]\n",fname));
+			}
+			CloseDir(dirptr);
+		}
+	}
+	
+	if (count == 0 && NT_STATUS_IS_OK(error)) {
+		error = map_nt_error_from_unix(errno);
+	}
 
-  *directory = *mask = 0;
+	return error;
+}
 
-  cnum = SVAL(inbuf,smb_tid);
-  dirtype = SVAL(inbuf,smb_vwv0);
+/****************************************************************************
+ Reply to a unlink
+****************************************************************************/
+
+int reply_unlink(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, 
+		 int dum_buffsize)
+{
+	int outsize = 0;
+	pstring name;
+	int dirtype;
+	NTSTATUS status;
+	START_PROFILE(SMBunlink);
+	
+	dirtype = SVAL(inbuf,smb_vwv0);
+	
+	srvstr_pull(inbuf, name, smb_buf(inbuf) + 1, sizeof(name), -1, STR_TERMINATE);
+	
+	RESOLVE_DFSPATH(name, conn, inbuf, outbuf);
+	
+	DEBUG(3,("reply_unlink : %s\n",name));
+	
+	status = unlink_internals(conn, dirtype, name);
+	if (!NT_STATUS_IS_OK(status)) return ERROR_NT(status);
+
+	/*
+	 * Win2k needs a changenotify request response before it will
+	 * update after a rename..
+	 */
+	process_pending_change_notify_queue((time_t)0);
+	
+	outsize = set_message(outbuf,0,0,True);
   
-  strcpy(name,smb_buf(inbuf) + 1);
-   
-  DEBUG(3,("reply_unlink : %s\n",name));
-   
-  unix_convert(name,cnum);
+	END_PROFILE(SMBunlink);
+	return outsize;
+}
 
-  p = strrchr(name,'/');
-  if (!p) {
-    strcpy(directory,"./");
-    strcpy(mask,name);
-  } else {
-    *p = 0;
-    strcpy(directory,name);
-    strcpy(mask,p+1);
-  }
+/****************************************************************************
+ Fail for readbraw.
+****************************************************************************/
 
-  if (is_mangled(mask))
-    check_mangled_stack(mask);
+void fail_readraw(void)
+{
+	pstring errstr;
+	slprintf(errstr, sizeof(errstr)-1, "FAIL ! reply_readbraw: socket write fail (%s)",
+		strerror(errno) );
+	exit_server(errstr);
+}
 
-  has_wild = strchr(mask,'*') || strchr(mask,'?');
+/****************************************************************************
+ Reply to a readbraw (core+ protocol).
+****************************************************************************/
 
-  if (!has_wild) {
-    strcat(directory,"/");
-    strcat(directory,mask);
-    if (can_delete(directory,cnum,dirtype) && !sys_unlink(directory)) count++;
-    if (!count) exists = file_exist(directory,NULL);    
-  } else {
-    void *dirptr = NULL;
-    char *dname;
+int reply_readbraw(connection_struct *conn, char *inbuf, char *outbuf, int dum_size, int dum_buffsize)
+{
+	ssize_t maxcount,mincount;
+	size_t nread = 0;
+	SMB_OFF_T startpos;
+	char *header = outbuf;
+	ssize_t ret=0;
+	files_struct *fsp;
+	START_PROFILE(SMBreadbraw);
+
+	/*
+	 * Special check if an oplock break has been issued
+	 * and the readraw request croses on the wire, we must
+	 * return a zero length response here.
+	 */
+
+	if(global_oplock_break) {
+		_smb_setlen(header,0);
+		if (write_data(smbd_server_fd(),header,4) != 4)
+			fail_readraw();
+		DEBUG(5,("readbraw - oplock break finished\n"));
+		END_PROFILE(SMBreadbraw);
+		return -1;
+	}
 
-    if (check_name(directory,cnum))
-      dirptr = OpenDir(directory);
+	fsp = file_fsp(inbuf,smb_vwv0);
+
+	if (!FNUM_OK(fsp,conn) || !fsp->can_read) {
+		/*
+		 * fsp could be NULL here so use the value from the packet. JRA.
+		 */
+		DEBUG(3,("fnum %d not open in readbraw - cache prime?\n",(int)SVAL(inbuf,smb_vwv0)));
+		_smb_setlen(header,0);
+		if (write_data(smbd_server_fd(),header,4) != 4)
+			fail_readraw();
+		END_PROFILE(SMBreadbraw);
+		return(-1);
+	}
 
-    if (dirptr)
-      {
-	error = ERRbadfile;
+	CHECK_FSP(fsp,conn);
 
-	if (strequal(mask,"????????.???"))
-	  strcpy(mask,"*");
+	flush_write_cache(fsp, READRAW_FLUSH);
 
-	while ((dname = ReadDirName(dirptr)))
-	  {
-	    pstring fname;
-	    strcpy(fname,dname);
-	    
-	    if(!mask_match(fname, mask, case_sensitive, False)) continue;
+	startpos = IVAL(inbuf,smb_vwv1);
+	if(CVAL(inbuf,smb_wct) == 10) {
+		/*
+		 * This is a large offset (64 bit) read.
+		 */
+#ifdef LARGE_SMB_OFF_T
 
-	    error = ERRnoaccess;
-	    sprintf(fname,"%s/%s",directory,dname);
-	    if (!can_delete(fname,cnum,dirtype)) continue;
-	    if (!sys_unlink(fname)) count++;
-	    DEBUG(3,("reply_unlink : doing unlink on %s\n",fname));
-	  }
-	CloseDir(dirptr);
-      }
-  }
-  
-  if (count == 0) {
-    if (exists)
-      return(ERROR(ERRDOS,error));
-    else
-      return(UNIXERROR(ERRDOS,error));
-  }
-  
-  outsize = set_message(outbuf,0,0,True);
-  
-  return(outsize);
-}
+		startpos |= (((SMB_OFF_T)IVAL(inbuf,smb_vwv8)) << 32);
 
+#else /* !LARGE_SMB_OFF_T */
 
-/****************************************************************************
-   reply to a readbraw (core+ protocol)
-****************************************************************************/
-int reply_readbraw(char *inbuf, char *outbuf)
-{
-  int cnum,maxcount,mincount,fnum;
-  int nread = 0;
-  int startpos;
-  char *header = outbuf;
-  int ret=0;
-  int fd;
-  char *fname;
-
-  cnum = SVAL(inbuf,smb_tid);
-  fnum = GETFNUM(inbuf,smb_vwv0);
-
-  startpos = IVAL(inbuf,smb_vwv1);
-  maxcount = SVAL(inbuf,smb_vwv3);
-  mincount = SVAL(inbuf,smb_vwv4);
-
-  /* ensure we don't overrun the packet size */
-  maxcount = MIN(65535,maxcount);
-  maxcount = MAX(mincount,maxcount);
-
-  if (!FNUM_OK(fnum,cnum) || !Files[fnum].can_read)
-    {
-      DEBUG(3,("fnum %d not open in readbraw - cache prime?\n",fnum));
-      _smb_setlen(header,0);
-      transfer_file(0,Client,0,header,4,0);
-      return(-1);
-    }
-  else
-    {
-      fd = Files[fnum].fd;
-      fname = Files[fnum].name;
-    }
+		/*
+		 * Ensure we haven't been sent a >32 bit offset.
+		 */
 
+		if(IVAL(inbuf,smb_vwv8) != 0) {
+			DEBUG(0,("readbraw - large offset (%x << 32) used and we don't support \
+64 bit offsets.\n", (unsigned int)IVAL(inbuf,smb_vwv8) ));
+			_smb_setlen(header,0);
+			if (write_data(smbd_server_fd(),header,4) != 4)
+				fail_readraw();
+			END_PROFILE(SMBreadbraw);
+			return(-1);
+		}
 
-  if (!is_locked(fnum,cnum,maxcount,startpos))
-    {
-      int size = Files[fnum].size;
-      int sizeneeded = startpos + maxcount;
-	    
-      if (size < sizeneeded) {
-	struct stat st;
-	if (fstat(Files[fnum].fd,&st) == 0)
-	  size = st.st_size;
-	if (!Files[fnum].can_write) 
-	  Files[fnum].size = size;
-      }
+#endif /* LARGE_SMB_OFF_T */
 
-      nread = MIN(maxcount,size - startpos);	  
-    }
+		if(startpos < 0) {
+			DEBUG(0,("readbraw - negative 64 bit readraw offset (%.0f) !\n", (double)startpos ));
+			_smb_setlen(header,0);
+			if (write_data(smbd_server_fd(),header,4) != 4)
+				fail_readraw();
+			END_PROFILE(SMBreadbraw);
+			return(-1);
+		}      
+	}
+	maxcount = (SVAL(inbuf,smb_vwv3) & 0xFFFF);
+	mincount = (SVAL(inbuf,smb_vwv4) & 0xFFFF);
+
+	/* ensure we don't overrun the packet size */
+	maxcount = MIN(65535,maxcount);
+	maxcount = MAX(mincount,maxcount);
+
+	if (!is_locked(fsp,conn,(SMB_BIG_UINT)maxcount,(SMB_BIG_UINT)startpos, READ_LOCK,False)) {
+		SMB_OFF_T size = fsp->size;
+		SMB_OFF_T sizeneeded = startpos + maxcount;
+  
+		if (size < sizeneeded) {
+			SMB_STRUCT_STAT st;
+			if (vfs_fstat(fsp,fsp->fd,&st) == 0)
+				size = st.st_size;
+			if (!fsp->can_write) 
+				fsp->size = size;
+		}
 
-  if (nread < mincount)
-    nread = 0;
+		if (startpos >= size)
+			nread = 0;
+		else
+			nread = MIN(maxcount,(size - startpos));	  
+	}
+
+	if (nread < mincount)
+		nread = 0;
   
-  DEBUG(3,("%s readbraw fnum=%d cnum=%d start=%d max=%d min=%d nread=%d\n",
-	   timestring(),
-	   fnum,cnum,startpos,
-	   maxcount,mincount,nread));
+	DEBUG( 3, ( "readbraw fnum=%d start=%.0f max=%d min=%d nread=%d\n", fsp->fnum, (double)startpos,
+				(int)maxcount, (int)mincount, (int)nread ) );
   
-#if UNSAFE_READRAW
-  {
-    int predict=0;
-    _smb_setlen(header,nread);
-
-    if (!Files[fnum].can_write)
-      predict = read_predict(fd,startpos,header+4,NULL,nread);
-
-    if ((nread-predict) > 0)
-      seek_file(fnum,startpos + predict);
-    
-    ret = transfer_file(fd,Client,nread-predict,header,4+predict,
-			startpos+predict);
-  }
-
-  if (ret != nread+4)
-    DEBUG(0,("ERROR: file read failure on %s at %d for %d bytes (%d)\n",
-	     fname,startpos,nread,ret));
+	if (nread > 0) {
+		ret = read_file(fsp,header+4,startpos,nread);
+		if (ret < mincount)
+			ret = 0;
+	}
 
-#else
-  ret = read_file(fnum,header+4,startpos,nread,nread,-1,False);
-  if (ret < mincount) ret = 0;
+	_smb_setlen(header,ret);
+	if (write_data(smbd_server_fd(),header,4+ret) != 4+ret)
+		fail_readraw();
 
-  _smb_setlen(header,ret);
-  transfer_file(0,Client,0,header,4+ret,0);
-#endif
-
-  DEBUG(5,("readbraw finished\n"));
-  return -1;
+	DEBUG(5,("readbraw finished\n"));
+	END_PROFILE(SMBreadbraw);
+	return -1;
 }
 
-
 /****************************************************************************
   reply to a lockread (core+ protocol)
 ****************************************************************************/
-int reply_lockread(char *inbuf,char *outbuf)
+int reply_lockread(connection_struct *conn, char *inbuf,char *outbuf, int length, int dum_buffsiz)
 {
-  int cnum,fnum;
-  int nread = -1;
-  char *data;
-  int outsize = 0;
-  uint32 startpos, numtoread;
-  int eclass;
-  uint32 ecode;
-  
-  cnum = SVAL(inbuf,smb_tid);
-  fnum = GETFNUM(inbuf,smb_vwv0);
+	ssize_t nread = -1;
+	char *data;
+	int outsize = 0;
+	SMB_OFF_T startpos;
+	size_t numtoread;
+	NTSTATUS status;
+	files_struct *fsp = file_fsp(inbuf,smb_vwv0);
+	START_PROFILE(SMBlockread);
+
+	CHECK_FSP(fsp,conn);
+	CHECK_READ(fsp);
+
+	release_level_2_oplocks_on_change(fsp);
+
+	numtoread = SVAL(inbuf,smb_vwv1);
+	startpos = IVAL(inbuf,smb_vwv2);
+  
+	outsize = set_message(outbuf,5,3,True);
+	numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
+	data = smb_buf(outbuf) + 3;
+	
+	/*
+	 * NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
+	 * protocol request that predates the read/write lock concept. 
+	 * Thus instead of asking for a read lock here we need to ask
+	 * for a write lock. JRA.
+	 */
+	
+	status = do_lock_spin(fsp, conn, SVAL(inbuf,smb_pid), 
+			 (SMB_BIG_UINT)numtoread, (SMB_BIG_UINT)startpos, WRITE_LOCK);
+
+	if (NT_STATUS_V(status)) {
+		if (lp_blocking_locks(SNUM(conn))) {
+			/*
+			 * A blocking lock was requested. Package up
+			 * this smb into a queued request and push it
+			 * onto the blocking lock queue.
+			 */
+			if(push_blocking_lock_request(inbuf, length, -1, 0))
+				END_PROFILE(SMBlockread);
+			return -1;
+		}
+		END_PROFILE(SMBlockread);
+		return ERROR_NT(status);
+	}
 
-  CHECK_FNUM(fnum,cnum);
-  CHECK_READ(fnum);
-  CHECK_ERROR(fnum);
+	nread = read_file(fsp,data,startpos,numtoread);
 
-  numtoread = SVAL(inbuf,smb_vwv1);
-  startpos = IVAL(inbuf,smb_vwv2);
-  
-  outsize = set_message(outbuf,5,3,True);
-  numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
-  data = smb_buf(outbuf) + 3;
-  
-  if(!do_lock( fnum, cnum, numtoread, startpos, &eclass, &ecode))
-    return (ERROR(eclass,ecode));
+	if (nread < 0) {
+		END_PROFILE(SMBlockread);
+		return(UNIXERROR(ERRDOS,ERRnoaccess));
+	}
+	
+	outsize += nread;
+	SSVAL(outbuf,smb_vwv0,nread);
+	SSVAL(outbuf,smb_vwv5,nread+3);
+	SSVAL(smb_buf(outbuf),1,nread);
+	
+	DEBUG(3,("lockread fnum=%d num=%d nread=%d\n",
+		 fsp->fnum, (int)numtoread, (int)nread));
 
-  nread = read_file(fnum,data,startpos,numtoread,numtoread,-1,False);
-  
-  if (nread < 0)
-    return(UNIXERROR(ERRDOS,ERRnoaccess));
-  
-  outsize += nread;
-  SSVAL(outbuf,smb_vwv0,nread);
-  SSVAL(outbuf,smb_vwv5,nread+3);
-  SSVAL(smb_buf(outbuf),1,nread);
-  
-  DEBUG(3,("%s lockread fnum=%d cnum=%d num=%d nread=%d\n",timestring(),fnum,cnum,numtoread,nread));
-  
-  return(outsize);
+	END_PROFILE(SMBlockread);
+	return(outsize);
 }
 
 
 /****************************************************************************
   reply to a read
 ****************************************************************************/
-int reply_read(char *inbuf,char *outbuf)
+
+int reply_read(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
 {
-  int cnum,numtoread,fnum;
-  int nread = 0;
+  size_t numtoread;
+  ssize_t nread = 0;
   char *data;
-  int startpos;
+  SMB_OFF_T startpos;
   int outsize = 0;
-  
-  cnum = SVAL(inbuf,smb_tid);
-  fnum = GETFNUM(inbuf,smb_vwv0);
+  files_struct *fsp = file_fsp(inbuf,smb_vwv0);
+  START_PROFILE(SMBread);
 
-  CHECK_FNUM(fnum,cnum);
-  CHECK_READ(fnum);
-  CHECK_ERROR(fnum);
+  CHECK_FSP(fsp,conn);
+  CHECK_READ(fsp);
 
   numtoread = SVAL(inbuf,smb_vwv1);
   startpos = IVAL(inbuf,smb_vwv2);
-  
+
+
   outsize = set_message(outbuf,5,3,True);
   numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
   data = smb_buf(outbuf) + 3;
   
-  if (is_locked(fnum,cnum,numtoread,startpos))
-    return(ERROR(ERRDOS,ERRlock));	
+  if (is_locked(fsp,conn,(SMB_BIG_UINT)numtoread,(SMB_BIG_UINT)startpos, READ_LOCK,False)) {
+    END_PROFILE(SMBread);
+    return ERROR_DOS(ERRDOS,ERRlock);
+  }
 
   if (numtoread > 0)
-    nread = read_file(fnum,data,startpos,numtoread,numtoread,-1,False);
-  
-  if (nread < 0)
+    nread = read_file(fsp,data,startpos,numtoread);
+
+  if (nread < 0) {
+    END_PROFILE(SMBread);
     return(UNIXERROR(ERRDOS,ERRnoaccess));
+  }
   
   outsize += nread;
   SSVAL(outbuf,smb_vwv0,nread);
   SSVAL(outbuf,smb_vwv5,nread+3);
-  CVAL(smb_buf(outbuf),0) = 1;
+  SCVAL(smb_buf(outbuf),0,1);
   SSVAL(smb_buf(outbuf),1,nread);
   
-  DEBUG(3,("%s read fnum=%d cnum=%d num=%d nread=%d\n",timestring(),fnum,cnum,numtoread,nread));
-  
+  DEBUG( 3, ( "read fnum=%d num=%d nread=%d\n",
+            fsp->fnum, (int)numtoread, (int)nread ) );
+
+  END_PROFILE(SMBread);
   return(outsize);
 }
 
@@ -1467,605 +1658,813 @@ int reply_read(char *inbuf,char *outbuf)
 /****************************************************************************
   reply to a read and X
 ****************************************************************************/
-int reply_read_and_X(char *inbuf,char *outbuf,int length,int bufsize)
+int reply_read_and_X(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize)
 {
-  int smb_com2 = CVAL(inbuf,smb_vwv0);
-  int smb_off2 = SVAL(inbuf,smb_vwv1);
-  int fnum = GETFNUM(inbuf,smb_vwv2);
-  uint32 smb_offs = IVAL(inbuf,smb_vwv3);
-  int smb_maxcnt = SVAL(inbuf,smb_vwv5);
-  int smb_mincnt = SVAL(inbuf,smb_vwv6);
-  int cnum;
-  int nread = -1;
+  files_struct *fsp = file_fsp(inbuf,smb_vwv2);
+  SMB_OFF_T startpos = IVAL(inbuf,smb_vwv3);
+  size_t smb_maxcnt = SVAL(inbuf,smb_vwv5);
+  size_t smb_mincnt = SVAL(inbuf,smb_vwv6);
+  ssize_t nread = -1;
   char *data;
-  int outsize = 0;
-  BOOL ok = False;
+  START_PROFILE(SMBreadX);
 
-  cnum = SVAL(inbuf,smb_tid);
+  /* If it's an IPC, pass off the pipe handler. */
+  if (IS_IPC(conn)) {
+    END_PROFILE(SMBreadX);
+    return reply_pipe_read_and_X(inbuf,outbuf,length,bufsize);
+  }
 
-  CHECK_FNUM(fnum,cnum);
-  CHECK_READ(fnum);
-  CHECK_ERROR(fnum);
+  CHECK_FSP(fsp,conn);
+  CHECK_READ(fsp);
 
-  outsize = set_message(outbuf,12,0,True);
+  set_message(outbuf,12,0,True);
   data = smb_buf(outbuf);
 
-  if (is_locked(fnum,cnum,smb_maxcnt,smb_offs))
-    return(ERROR(ERRDOS,ERRlock));
-  nread = read_file(fnum,data,smb_offs,smb_maxcnt,smb_maxcnt,-1,False);
-  ok = True;
-  
-  if (nread < 0)
+  if(CVAL(inbuf,smb_wct) == 12) {
+#ifdef LARGE_SMB_OFF_T
+    /*
+     * This is a large offset (64 bit) read.
+     */
+    startpos |= (((SMB_OFF_T)IVAL(inbuf,smb_vwv10)) << 32);
+
+#else /* !LARGE_SMB_OFF_T */
+
+    /*
+     * Ensure we haven't been sent a >32 bit offset.
+     */
+
+    if(IVAL(inbuf,smb_vwv10) != 0) {
+      DEBUG(0,("reply_read_and_X - large offset (%x << 32) used and we don't support \
+64 bit offsets.\n", (unsigned int)IVAL(inbuf,smb_vwv10) ));
+      END_PROFILE(SMBreadX);
+      return ERROR_DOS(ERRDOS,ERRbadaccess);
+    }
+
+#endif /* LARGE_SMB_OFF_T */
+
+  }
+
+  if (is_locked(fsp,conn,(SMB_BIG_UINT)smb_maxcnt,(SMB_BIG_UINT)startpos, READ_LOCK,False)) {
+    END_PROFILE(SMBreadX);
+    return ERROR_DOS(ERRDOS,ERRlock);
+  }
+  nread = read_file(fsp,data,startpos,smb_maxcnt);
+
+  if (nread < 0) {
+    END_PROFILE(SMBreadX);
     return(UNIXERROR(ERRDOS,ERRnoaccess));
+  }
   
-  outsize += nread;
-  CVAL(outbuf,smb_vwv0) = smb_com2;
-  SSVAL(outbuf,smb_vwv1,(outsize+chain_size)-4);
   SSVAL(outbuf,smb_vwv5,nread);
-  SSVAL(outbuf,smb_vwv6,smb_offset(data,outbuf) + chain_size);
+  SSVAL(outbuf,smb_vwv6,smb_offset(data,outbuf));
   SSVAL(smb_buf(outbuf),-2,nread);
   
-  DEBUG(3,("%s readX fnum=%d cnum=%d min=%d max=%d nread=%d com2=%d off2=%d\n",
-	timestring(),fnum,cnum,
-	smb_mincnt,smb_maxcnt,nread,smb_com2,smb_off2));
+  DEBUG( 3, ( "readX fnum=%d min=%d max=%d nread=%d\n",
+	      fsp->fnum, (int)smb_mincnt, (int)smb_maxcnt, (int)nread ) );
 
-  chain_fnum = fnum;
-
-  if (smb_com2 != 0xFF)
-    outsize += chain_reply(smb_com2,inbuf,inbuf+smb_off2+4,
-			   outbuf,outbuf+outsize,
-			   length,bufsize);
-  
-  chain_fnum = -1;
-  
-  return(outsize);
+  END_PROFILE(SMBreadX);
+  return chain_reply(inbuf,outbuf,length,bufsize);
 }
 
-
 /****************************************************************************
   reply to a writebraw (core+ or LANMAN1.0 protocol)
 ****************************************************************************/
-int reply_writebraw(char *inbuf,char *outbuf)
-{
-  int nwritten=0;
-  int total_written=0;
-  int numtowrite=0;
-  int cnum,fnum;
-  int outsize = 0;
-  long startpos;
-  char *data=NULL;
-  BOOL write_through;
-  int tcount;
-
-  cnum = SVAL(inbuf,smb_tid);
-  fnum = GETFNUM(inbuf,smb_vwv0);
-
-  CHECK_FNUM(fnum,cnum);
-  CHECK_WRITE(fnum);
-  CHECK_ERROR(fnum);
-  
-  tcount = IVAL(inbuf,smb_vwv1);
-  startpos = IVAL(inbuf,smb_vwv3);
-  write_through = BITSETW(inbuf+smb_vwv7,0);
-
-  /* We have to deal with slightly different formats depending
-     on whether we are using the core+ or lanman1.0 protocol */
-  if(Protocol <= PROTOCOL_COREPLUS) {
-    numtowrite = SVAL(smb_buf(inbuf),-2);
-    data = smb_buf(inbuf);
-  } else {
-    numtowrite = SVAL(inbuf,smb_vwv10);
-    data = smb_base(inbuf) + SVAL(inbuf, smb_vwv11);
-  }
 
-  /* force the error type */
-  CVAL(inbuf,smb_com) = SMBwritec;
-  CVAL(outbuf,smb_com) = SMBwritec;
+int reply_writebraw(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
+{
+	ssize_t nwritten=0;
+	ssize_t total_written=0;
+	size_t numtowrite=0;
+	size_t tcount;
+	SMB_OFF_T startpos;
+	char *data=NULL;
+	BOOL write_through;
+	files_struct *fsp = file_fsp(inbuf,smb_vwv0);
+	int outsize = 0;
+	START_PROFILE(SMBwritebraw);
+
+	CHECK_FSP(fsp,conn);
+	CHECK_WRITE(fsp);
+  
+	tcount = IVAL(inbuf,smb_vwv1);
+	startpos = IVAL(inbuf,smb_vwv3);
+	write_through = BITSETW(inbuf+smb_vwv7,0);
+
+	/* We have to deal with slightly different formats depending
+		on whether we are using the core+ or lanman1.0 protocol */
+
+	if(Protocol <= PROTOCOL_COREPLUS) {
+		numtowrite = SVAL(smb_buf(inbuf),-2);
+		data = smb_buf(inbuf);
+	} else {
+		numtowrite = SVAL(inbuf,smb_vwv10);
+		data = smb_base(inbuf) + SVAL(inbuf, smb_vwv11);
+	}
 
-  if (is_locked(fnum,cnum,tcount,startpos))
-    return(ERROR(ERRDOS,ERRlock));
+	/* force the error type */
+	SCVAL(inbuf,smb_com,SMBwritec);
+	SCVAL(outbuf,smb_com,SMBwritec);
 
-  if (seek_file(fnum,startpos) != startpos)
-    DEBUG(0,("couldn't seek to %d in writebraw\n",startpos));
+	if (is_locked(fsp,conn,(SMB_BIG_UINT)tcount,(SMB_BIG_UINT)startpos, WRITE_LOCK,False)) {
+		END_PROFILE(SMBwritebraw);
+		return(ERROR_DOS(ERRDOS,ERRlock));
+	}
 
-  if (numtowrite>0)
-    nwritten = write_file(fnum,data,numtowrite);
+	if (numtowrite>0)
+		nwritten = write_file(fsp,data,startpos,numtowrite);
   
-  DEBUG(3,("%s writebraw1 fnum=%d cnum=%d start=%d num=%d wrote=%d sync=%d\n",
-	   timestring(),fnum,cnum,startpos,numtowrite,nwritten,write_through));
+	DEBUG(3,("writebraw1 fnum=%d start=%.0f num=%d wrote=%d sync=%d\n",
+		fsp->fnum, (double)startpos, (int)numtowrite, (int)nwritten, (int)write_through));
 
-  if (nwritten < numtowrite) 
-    return(UNIXERROR(ERRHRD,ERRdiskfull));
+	if (nwritten < numtowrite)  {
+		END_PROFILE(SMBwritebraw);
+		return(UNIXERROR(ERRHRD,ERRdiskfull));
+	}
 
-  total_written = nwritten;
+	total_written = nwritten;
 
-  /* Return a message to the redirector to tell it
-     to send more bytes */
-  CVAL(outbuf,smb_com) = SMBwritebraw;
-  SSVALS(outbuf,smb_vwv0,-1);
-  outsize = set_message(outbuf,Protocol>PROTOCOL_COREPLUS?1:0,0,True);
-  send_smb(Client,outbuf);
+	/* Return a message to the redirector to tell it to send more bytes */
+	SCVAL(outbuf,smb_com,SMBwritebraw);
+	SSVALS(outbuf,smb_vwv0,-1);
+	outsize = set_message(outbuf,Protocol>PROTOCOL_COREPLUS?1:0,0,True);
+	if (!send_smb(smbd_server_fd(),outbuf))
+		exit_server("reply_writebraw: send_smb failed.");
   
-  /* Now read the raw data into the buffer and write it */
-  if(read_smb_length(Client,inbuf,0) == -1) {
-    exit_server("secondary writebraw failed");
-  }
+	/* Now read the raw data into the buffer and write it */
+	if (read_smb_length(smbd_server_fd(),inbuf,SMB_SECONDARY_WAIT) == -1) {
+		exit_server("secondary writebraw failed");
+	}
   
-  /* Even though this is not an smb message, smb_len
-     returns the generic length of an smb message */
-  numtowrite = smb_len(inbuf);
+	/* Even though this is not an smb message, smb_len returns the generic length of an smb message */
+	numtowrite = smb_len(inbuf);
 
-  if (tcount > nwritten+numtowrite) {
-    DEBUG(3,("Client overestimated the write %d %d %d\n",
-	     tcount,nwritten,numtowrite));
-  }
+	/* Set up outbuf to return the correct return */
+	outsize = set_message(outbuf,1,0,True);
+	SCVAL(outbuf,smb_com,SMBwritec);
+	SSVAL(outbuf,smb_vwv0,total_written);
 
-  nwritten = transfer_file(Client,Files[fnum].fd,numtowrite,NULL,0,
-			   startpos+nwritten);
-  total_written += nwritten;
-  
-  /* Set up outbuf to return the correct return */
-  outsize = set_message(outbuf,1,0,True);
-  CVAL(outbuf,smb_com) = SMBwritec;
-  SSVAL(outbuf,smb_vwv0,total_written);
+	if (numtowrite != 0) {
 
-  if (nwritten < numtowrite) {
-    CVAL(outbuf,smb_rcls) = ERRHRD;
-    SSVAL(outbuf,smb_err,ERRdiskfull);      
-  }
+		if (numtowrite > BUFFER_SIZE) {
+			DEBUG(0,("reply_writebraw: Oversize secondary write raw requested (%u). Terminating\n",
+				(unsigned int)numtowrite ));
+			exit_server("secondary writebraw failed");
+		}
 
-  if (lp_syncalways(SNUM(cnum)) || write_through)
-    sync_file(fnum);
+		if (tcount > nwritten+numtowrite) {
+			DEBUG(3,("Client overestimated the write %d %d %d\n",
+				(int)tcount,(int)nwritten,(int)numtowrite));
+		}
 
-  DEBUG(3,("%s writebraw2 fnum=%d cnum=%d start=%d num=%d wrote=%d\n",
-	   timestring(),fnum,cnum,startpos,numtowrite,total_written));
+		if (read_data( smbd_server_fd(), inbuf+4, numtowrite) != numtowrite ) {
+			DEBUG(0,("reply_writebraw: Oversize secondary write raw read failed (%s). Terminating\n",
+				strerror(errno) ));
+			exit_server("secondary writebraw failed");
+		}
 
-  /* we won't return a status if write through is not selected - this 
-     follows what WfWg does */
-  if (!write_through && total_written==tcount)
-    return(-1);
+		nwritten = write_file(fsp,inbuf+4,startpos+nwritten,numtowrite);
 
-  return(outsize);
-}
+		if (nwritten < (ssize_t)numtowrite) {
+			SCVAL(outbuf,smb_rcls,ERRHRD);
+			SSVAL(outbuf,smb_err,ERRdiskfull);      
+		}
+
+		if (nwritten > 0)
+			total_written += nwritten;
+ 	}
+ 
+	if ((lp_syncalways(SNUM(conn)) || write_through) && lp_strict_sync(SNUM(conn)))
+		sync_file(conn,fsp);
+
+	DEBUG(3,("writebraw2 fnum=%d start=%.0f num=%d wrote=%d\n",
+		fsp->fnum, (double)startpos, (int)numtowrite,(int)total_written));
+
+	/* we won't return a status if write through is not selected - this follows what WfWg does */
+	END_PROFILE(SMBwritebraw);
+	if (!write_through && total_written==tcount) {
+
+#if RABBIT_PELLET_FIX
+		/*
+		 * Fix for "rabbit pellet" mode, trigger an early TCP ack by
+		 * sending a SMBkeepalive. Thanks to DaveCB at Sun for this. JRA.
+		 */
+		if (!send_keepalive(smbd_server_fd()))
+			exit_server("reply_writebraw: send of keepalive failed");
+#endif
+		return(-1);
+	}
 
+	return(outsize);
+}
 
 /****************************************************************************
   reply to a writeunlock (core+)
 ****************************************************************************/
-int reply_writeunlock(char *inbuf,char *outbuf)
-{
-  int cnum,fnum;
-  int nwritten = -1;
-  int outsize = 0;
-  char *data;
-  uint32 numtowrite,startpos;
-  int eclass;
-  uint32 ecode;
-  
-  cnum = SVAL(inbuf,smb_tid);
-  fnum = GETFNUM(inbuf,smb_vwv0);
 
-  CHECK_FNUM(fnum,cnum);
-  CHECK_WRITE(fnum);
-  CHECK_ERROR(fnum);
+int reply_writeunlock(connection_struct *conn, char *inbuf,char *outbuf, 
+		      int size, int dum_buffsize)
+{
+	ssize_t nwritten = -1;
+	size_t numtowrite;
+	SMB_OFF_T startpos;
+	char *data;
+	NTSTATUS status;
+	files_struct *fsp = file_fsp(inbuf,smb_vwv0);
+	int outsize = 0;
+	START_PROFILE(SMBwriteunlock);
+	
+	CHECK_FSP(fsp,conn);
+	CHECK_WRITE(fsp);
 
-  numtowrite = SVAL(inbuf,smb_vwv1);
-  startpos = IVAL(inbuf,smb_vwv2);
-  data = smb_buf(inbuf) + 3;
+	numtowrite = SVAL(inbuf,smb_vwv1);
+	startpos = IVAL(inbuf,smb_vwv2);
+	data = smb_buf(inbuf) + 3;
   
-  if (is_locked(fnum,cnum,numtowrite,startpos))
-    return(ERROR(ERRDOS,ERRlock));
-
-  seek_file(fnum,startpos);
+	if (is_locked(fsp,conn,(SMB_BIG_UINT)numtowrite,(SMB_BIG_UINT)startpos, 
+		      WRITE_LOCK,False)) {
+		END_PROFILE(SMBwriteunlock);
+		return ERROR_DOS(ERRDOS,ERRlock);
+	}
 
-  /* The special X/Open SMB protocol handling of
-     zero length writes is *NOT* done for
-     this call */
-  if(numtowrite == 0)
-    nwritten = 0;
-  else
-    nwritten = write_file(fnum,data,numtowrite);
+	/* The special X/Open SMB protocol handling of
+	   zero length writes is *NOT* done for
+	   this call */
+	if(numtowrite == 0)
+		nwritten = 0;
+	else
+		nwritten = write_file(fsp,data,startpos,numtowrite);
   
-  if (lp_syncalways(SNUM(cnum)))
-    sync_file(fnum);
-
-  if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0))
-    return(UNIXERROR(ERRDOS,ERRnoaccess));
+	if (lp_syncalways(SNUM(conn)))
+		sync_file(conn,fsp);
 
-  if(!do_unlock(fnum, cnum, numtowrite, startpos, &eclass, &ecode))
-    return(ERROR(eclass,ecode));
+	if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
+		END_PROFILE(SMBwriteunlock);
+		return(UNIXERROR(ERRDOS,ERRnoaccess));
+	}
 
-  outsize = set_message(outbuf,1,0,True);
-  
-  SSVAL(outbuf,smb_vwv0,nwritten);
-  
-  DEBUG(3,("%s writeunlock fnum=%d cnum=%d num=%d wrote=%d\n",
-	   timestring(),fnum,cnum,numtowrite,nwritten));
-  
-  return(outsize);
+	status = do_unlock(fsp, conn, SVAL(inbuf,smb_pid), (SMB_BIG_UINT)numtowrite, 
+			   (SMB_BIG_UINT)startpos);
+	if (NT_STATUS_V(status)) {
+		END_PROFILE(SMBwriteunlock);
+		return ERROR_NT(status);
+	}
+	
+	outsize = set_message(outbuf,1,0,True);
+	
+	SSVAL(outbuf,smb_vwv0,nwritten);
+	
+	DEBUG(3,("writeunlock fnum=%d num=%d wrote=%d\n",
+		 fsp->fnum, (int)numtowrite, (int)nwritten));
+	
+	END_PROFILE(SMBwriteunlock);
+	return outsize;
 }
 
 
 /****************************************************************************
-  reply to a write
+ Reply to a write.
 ****************************************************************************/
-int reply_write(char *inbuf,char *outbuf,int dum1,int dum2)
+
+int reply_write(connection_struct *conn, char *inbuf,char *outbuf,int size,int dum_buffsize)
 {
-  int cnum,numtowrite,fnum;
-  int nwritten = -1;
-  int outsize = 0;
-  int startpos;
-  char *data;
+	size_t numtowrite;
+	ssize_t nwritten = -1;
+	SMB_OFF_T startpos;
+	char *data;
+	files_struct *fsp = file_fsp(inbuf,smb_vwv0);
+	int outsize = 0;
+	START_PROFILE(SMBwrite);
+
+	/* If it's an IPC, pass off the pipe handler. */
+	if (IS_IPC(conn)) {
+		END_PROFILE(SMBwrite);
+		return reply_pipe_write(inbuf,outbuf,size,dum_buffsize);
+	}
 
-  dum1 = dum2 = 0;
+	CHECK_FSP(fsp,conn);
+	CHECK_WRITE(fsp);
 
+	numtowrite = SVAL(inbuf,smb_vwv1);
+	startpos = IVAL(inbuf,smb_vwv2);
+	data = smb_buf(inbuf) + 3;
   
-  cnum = SVAL(inbuf,smb_tid);
-  fnum = GETFNUM(inbuf,smb_vwv0);
-
-  CHECK_FNUM(fnum,cnum);
-  CHECK_WRITE(fnum);
-  CHECK_ERROR(fnum);
+	if (is_locked(fsp,conn,(SMB_BIG_UINT)numtowrite,(SMB_BIG_UINT)startpos, WRITE_LOCK,False)) {
+		END_PROFILE(SMBwrite);
+		return ERROR_DOS(ERRDOS,ERRlock);
+	}
 
-  numtowrite = SVAL(inbuf,smb_vwv1);
-  startpos = IVAL(inbuf,smb_vwv2);
-  data = smb_buf(inbuf) + 3;
+	/*
+	 * X/Open SMB protocol says that if smb_vwv1 is
+	 * zero then the file size should be extended or
+	 * truncated to the size given in smb_vwv[2-3].
+	 */
+
+	if(numtowrite == 0) {
+		/*
+		 * This is actually an allocate call, and set EOF. JRA.
+		 */
+		nwritten = vfs_allocate_file_space(fsp, (SMB_OFF_T)startpos);
+		if (nwritten < 0) {
+			END_PROFILE(SMBwrite);
+			return ERROR_NT(NT_STATUS_DISK_FULL);
+		}
+		nwritten = vfs_set_filelen(fsp, (SMB_OFF_T)startpos);
+		if (nwritten < 0) {
+			END_PROFILE(SMBwrite);
+			return ERROR_NT(NT_STATUS_DISK_FULL);
+		}
+	} else
+		nwritten = write_file(fsp,data,startpos,numtowrite);
   
-  if (is_locked(fnum,cnum,numtowrite,startpos))
-    return(ERROR(ERRDOS,ERRlock));
+	if (lp_syncalways(SNUM(conn)))
+		sync_file(conn,fsp);
 
-  seek_file(fnum,startpos);
+	if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
+		END_PROFILE(SMBwrite);
+		return(UNIXERROR(ERRDOS,ERRnoaccess));
+	}
 
-  /* X/Open SMB protocol says that if smb_vwv1 is
-     zero then the file size should be extended or
-     truncated to the size given in smb_vwv[2-3] */
-  if(numtowrite == 0)
-    nwritten = set_filelen(Files[fnum].fd, startpos);
-  else
-    nwritten = write_file(fnum,data,numtowrite);
+	outsize = set_message(outbuf,1,0,True);
   
-  if (lp_syncalways(SNUM(cnum)))
-    sync_file(fnum);
-
-  if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0))
-    return(UNIXERROR(ERRDOS,ERRnoaccess));
+	SSVAL(outbuf,smb_vwv0,nwritten);
 
-  outsize = set_message(outbuf,1,0,True);
+	if (nwritten < (ssize_t)numtowrite) {
+		SCVAL(outbuf,smb_rcls,ERRHRD);
+		SSVAL(outbuf,smb_err,ERRdiskfull);      
+	}
   
-  SSVAL(outbuf,smb_vwv0,nwritten);
+	DEBUG(3,("write fnum=%d num=%d wrote=%d\n", fsp->fnum, (int)numtowrite, (int)nwritten));
 
-  if (nwritten < numtowrite) {
-    CVAL(outbuf,smb_rcls) = ERRHRD;
-    SSVAL(outbuf,smb_err,ERRdiskfull);      
-  }
-  
-  DEBUG(3,("%s write fnum=%d cnum=%d num=%d wrote=%d\n",timestring(),fnum,cnum,numtowrite,nwritten));
-  
-  return(outsize);
+	END_PROFILE(SMBwrite);
+	return(outsize);
 }
 
 
 /****************************************************************************
   reply to a write and X
 ****************************************************************************/
-int reply_write_and_X(char *inbuf,char *outbuf,int length,int bufsize)
+int reply_write_and_X(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize)
 {
-  int smb_com2 = CVAL(inbuf,smb_vwv0);
-  int smb_off2 = SVAL(inbuf,smb_vwv1);
-  int fnum = GETFNUM(inbuf,smb_vwv2);
-  uint32 smb_offs = IVAL(inbuf,smb_vwv3);
-  int smb_dsize = SVAL(inbuf,smb_vwv10);
-  int smb_doff = SVAL(inbuf,smb_vwv11);
+  files_struct *fsp = file_fsp(inbuf,smb_vwv2);
+  SMB_OFF_T startpos = IVAL(inbuf,smb_vwv3);
+  size_t numtowrite = SVAL(inbuf,smb_vwv10);
   BOOL write_through = BITSETW(inbuf+smb_vwv7,0);
-  int cnum;
-  int nwritten = -1;
-  int outsize = 0;
+  ssize_t nwritten = -1;
+  unsigned int smb_doff = SVAL(inbuf,smb_vwv11);
+  unsigned int smblen = smb_len(inbuf);
   char *data;
+  BOOL large_writeX = ((CVAL(inbuf,smb_wct) == 14) && (smblen > 0xFFFF));
+  START_PROFILE(SMBwriteX);
 
-  cnum = SVAL(inbuf,smb_tid);
+  /* If it's an IPC, pass off the pipe handler. */
+  if (IS_IPC(conn)) {
+    END_PROFILE(SMBwriteX);
+    return reply_pipe_write_and_X(inbuf,outbuf,length,bufsize);
+  }
 
-  CHECK_FNUM(fnum,cnum);
-  CHECK_WRITE(fnum);
-  CHECK_ERROR(fnum);
+  CHECK_FSP(fsp,conn);
+  CHECK_WRITE(fsp);
+
+  /* Deal with possible LARGE_WRITEX */
+  if (large_writeX)
+    numtowrite |= ((((size_t)SVAL(inbuf,smb_vwv9)) & 1 )<<16);
+
+  if(smb_doff > smblen || (smb_doff + numtowrite > smblen)) {
+    END_PROFILE(SMBwriteX);
+    return ERROR_DOS(ERRDOS,ERRbadmem);
+  }
 
   data = smb_base(inbuf) + smb_doff;
 
-  if (is_locked(fnum,cnum,smb_dsize,smb_offs))
-    return(ERROR(ERRDOS,ERRlock));
+  if(CVAL(inbuf,smb_wct) == 14) {
+#ifdef LARGE_SMB_OFF_T
+    /*
+     * This is a large offset (64 bit) write.
+     */
+    startpos |= (((SMB_OFF_T)IVAL(inbuf,smb_vwv12)) << 32);
+
+#else /* !LARGE_SMB_OFF_T */
+
+    /*
+     * Ensure we haven't been sent a >32 bit offset.
+     */
+
+    if(IVAL(inbuf,smb_vwv12) != 0) {
+      DEBUG(0,("reply_write_and_X - large offset (%x << 32) used and we don't support \
+64 bit offsets.\n", (unsigned int)IVAL(inbuf,smb_vwv12) ));
+      END_PROFILE(SMBwriteX);
+      return ERROR_DOS(ERRDOS,ERRbadaccess);
+    }
+
+#endif /* LARGE_SMB_OFF_T */
+  }
+
+  if (is_locked(fsp,conn,(SMB_BIG_UINT)numtowrite,(SMB_BIG_UINT)startpos, WRITE_LOCK,False)) {
+    END_PROFILE(SMBwriteX);
+    return ERROR_DOS(ERRDOS,ERRlock);
+  }
 
-  seek_file(fnum,smb_offs);
-  
   /* X/Open SMB protocol says that, unlike SMBwrite
      if the length is zero then NO truncation is
      done, just a write of zero. To truncate a file,
      use SMBwrite. */
-  if(smb_dsize == 0)
+  if(numtowrite == 0)
     nwritten = 0;
   else
-    nwritten = write_file(fnum,data,smb_dsize);
+    nwritten = write_file(fsp,data,startpos,numtowrite);
   
-  if(((nwritten == 0) && (smb_dsize != 0))||(nwritten < 0))
+  if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
+    END_PROFILE(SMBwriteX);
     return(UNIXERROR(ERRDOS,ERRnoaccess));
+  }
 
-  outsize = set_message(outbuf,6,0,True);
+  set_message(outbuf,6,0,True);
   
-  CVAL(outbuf,smb_vwv0) = smb_com2;
-  SSVAL(outbuf,smb_vwv1,(outsize+chain_size)-4);
   SSVAL(outbuf,smb_vwv2,nwritten);
-  
-  if (nwritten < smb_dsize) {
-    CVAL(outbuf,smb_rcls) = ERRHRD;
+  if (large_writeX)
+    SSVAL(outbuf,smb_vwv4,(nwritten>>16)&1);
+
+  if (nwritten < (ssize_t)numtowrite) {
+    SCVAL(outbuf,smb_rcls,ERRHRD);
     SSVAL(outbuf,smb_err,ERRdiskfull);      
   }
 
-  DEBUG(3,("%s writeX fnum=%d cnum=%d num=%d wrote=%d\n",timestring(),fnum,cnum,smb_dsize,nwritten));
+  DEBUG(3,("writeX fnum=%d num=%d wrote=%d\n",
+	   fsp->fnum, (int)numtowrite, (int)nwritten));
 
-  chain_fnum = fnum;
+  if (lp_syncalways(SNUM(conn)) || write_through)
+    sync_file(conn,fsp);
 
-  if (lp_syncalways(SNUM(cnum)) || write_through)
-    sync_file(fnum);
-
-  if (smb_com2 != 0xFF)
-    outsize += chain_reply(smb_com2,inbuf,inbuf+smb_off2+4,
-			   outbuf,outbuf+outsize,
-			   length,bufsize);
-  
-  chain_fnum = -1;
-  
-  return(outsize);
+  END_PROFILE(SMBwriteX);
+  return chain_reply(inbuf,outbuf,length,bufsize);
 }
 
 
 /****************************************************************************
   reply to a lseek
 ****************************************************************************/
-int reply_lseek(char *inbuf,char *outbuf)
+
+int reply_lseek(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
 {
-  int cnum,fnum;
-  uint32 startpos;
-  int32 res= -1;
+  SMB_OFF_T startpos;
+  SMB_OFF_T res= -1;
   int mode,umode;
   int outsize = 0;
-  
-  cnum = SVAL(inbuf,smb_tid);
-  fnum = GETFNUM(inbuf,smb_vwv0);
+  files_struct *fsp = file_fsp(inbuf,smb_vwv0);
+  START_PROFILE(SMBlseek);
 
-  CHECK_FNUM(fnum,cnum);
-  CHECK_ERROR(fnum);
+  CHECK_FSP(fsp,conn);
+
+  flush_write_cache(fsp, SEEK_FLUSH);
 
   mode = SVAL(inbuf,smb_vwv1) & 3;
-  startpos = IVAL(inbuf,smb_vwv2);
+  startpos = IVALS(inbuf,smb_vwv2);
 
-  switch (mode & 3) 
-    {
+  switch (mode) {
     case 0: umode = SEEK_SET; break;
     case 1: umode = SEEK_CUR; break;
     case 2: umode = SEEK_END; break;
     default:
       umode = SEEK_SET; break;
+  }
+
+  if((res = conn->vfs_ops.lseek(fsp,fsp->fd,startpos,umode)) == -1) {
+    /*
+     * Check for the special case where a seek before the start
+     * of the file sets the offset to zero. Added in the CIFS spec,
+     * section 4.2.7.
+     */
+
+    if(errno == EINVAL) {
+      SMB_OFF_T current_pos = startpos;
+
+      if(umode == SEEK_CUR) {
+
+        if((current_pos = conn->vfs_ops.lseek(fsp,fsp->fd,0,SEEK_CUR)) == -1) {
+	  		END_PROFILE(SMBlseek);
+          return(UNIXERROR(ERRDOS,ERRnoaccess));
+	}
+
+        current_pos += startpos;
+
+      } else if (umode == SEEK_END) {
+
+        SMB_STRUCT_STAT sbuf;
+
+        if(vfs_fstat(fsp,fsp->fd, &sbuf) == -1) {
+		  END_PROFILE(SMBlseek);
+          return(UNIXERROR(ERRDOS,ERRnoaccess));
+	}
+
+        current_pos += sbuf.st_size;
+      }
+ 
+      if(current_pos < 0)
+        res = conn->vfs_ops.lseek(fsp,fsp->fd,0,SEEK_SET);
     }
-  
-  res = lseek(Files[fnum].fd,startpos,umode);
-  Files[fnum].pos = res;
+
+    if(res == -1) {
+      END_PROFILE(SMBlseek);
+      return(UNIXERROR(ERRDOS,ERRnoaccess));
+    }
+  }
+
+  fsp->pos = res;
   
   outsize = set_message(outbuf,2,0,True);
-  SIVALS(outbuf,smb_vwv0,res);
-  
-  DEBUG(3,("%s lseek fnum=%d cnum=%d ofs=%d mode=%d\n",timestring(),fnum,cnum,startpos,mode));
+  SIVAL(outbuf,smb_vwv0,res);
   
+  DEBUG(3,("lseek fnum=%d ofs=%.0f newpos = %.0f mode=%d\n",
+	   fsp->fnum, (double)startpos, (double)res, mode));
+
+  END_PROFILE(SMBlseek);
   return(outsize);
 }
 
-
 /****************************************************************************
   reply to a flush
 ****************************************************************************/
-int reply_flush(char *inbuf,char *outbuf)
-{
-  int cnum, fnum;
-  int outsize = set_message(outbuf,0,0,True);
-
-  cnum = SVAL(inbuf,smb_tid);
-  fnum = GETFNUM(inbuf,smb_vwv0);
 
-  if (fnum != 0xFFFF) {
-    CHECK_FNUM(fnum,cnum);
-    CHECK_ERROR(fnum);
-  }
-
-  if (fnum == 0xFFFF)
-    {
-      int i;
-      for (i=0;i<MAX_OPEN_FILES;i++)
-	if (OPEN_FNUM(i))
-	  sync_file(i);
-    }
-  else
-    sync_file(fnum);
+int reply_flush(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
+{
+	int outsize = set_message(outbuf,0,0,True);
+	files_struct *fsp = file_fsp(inbuf,smb_vwv0);
+	START_PROFILE(SMBflush);
 
-  DEBUG(3,("%s flush fnum=%d\n",timestring(),fnum));
-  return(outsize);
+	CHECK_FSP(fsp,conn);
+	
+	if (!fsp) {
+		file_sync_all(conn);
+	} else {
+		sync_file(conn,fsp);
+	}
+	
+	DEBUG(3,("flush\n"));
+	END_PROFILE(SMBflush);
+	return(outsize);
 }
 
 
 /****************************************************************************
   reply to a exit
 ****************************************************************************/
-int reply_exit(char *inbuf,char *outbuf)
+int reply_exit(connection_struct *conn, 
+	       char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
 {
-  int outsize = set_message(outbuf,0,0,True);
-  DEBUG(3,("%s exit\n",timestring()));
-  
-  return(outsize);
+	int outsize;
+	START_PROFILE(SMBexit);
+	outsize = set_message(outbuf,0,0,True);
+
+	DEBUG(3,("exit\n"));
+
+	END_PROFILE(SMBexit);
+	return(outsize);
 }
 
 
 /****************************************************************************
-  reply to a close
+ Reply to a close - has to deal with closing a directory opened by NT SMB's.
 ****************************************************************************/
-int reply_close(char *inbuf,char *outbuf)
+int reply_close(connection_struct *conn, char *inbuf,char *outbuf, int size,
+                int dum_buffsize)
 {
-  int fnum,cnum;
-  int outsize = 0;
-  time_t mtime;
-  int32 eclass = 0, err = 0;
+	int outsize = 0;
+	time_t mtime;
+	int32 eclass = 0, err = 0;
+	files_struct *fsp = NULL;
+	START_PROFILE(SMBclose);
+
+	outsize = set_message(outbuf,0,0,True);
+
+	/* If it's an IPC, pass off to the pipe handler. */
+	if (IS_IPC(conn)) {
+		END_PROFILE(SMBclose);
+		return reply_pipe_close(conn, inbuf,outbuf);
+	}
 
-  outsize = set_message(outbuf,0,0,True);
+	fsp = file_fsp(inbuf,smb_vwv0);
 
-  cnum = SVAL(inbuf,smb_tid);
+	/*
+	 * We can only use CHECK_FSP if we know it's not a directory.
+	 */
 
-  fnum = GETFNUM(inbuf,smb_vwv0);
-  CHECK_FNUM(fnum,cnum);
+	if(!fsp || (fsp->conn != conn)) {
+		END_PROFILE(SMBclose);
+		return ERROR_DOS(ERRDOS,ERRbadfid);
+	}
 
-  if(HAS_CACHED_ERROR(fnum)) {
-    eclass = Files[fnum].wbmpx_ptr->wr_errclass;
-    err = Files[fnum].wbmpx_ptr->wr_error;
-  }
+	if(fsp->is_directory) {
+		/*
+		 * Special case - close NT SMB directory handle.
+		 */
+		DEBUG(3,("close %s fnum=%d\n", fsp->is_directory ? "directory" : "stat file open", fsp->fnum));
+		close_file(fsp,True);
+	} else {
+		/*
+		 * Close ordinary file.
+		 */
+		int close_err;
+		pstring file_name;
+
+		/* Save the name for time set in close. */
+		pstrcpy( file_name, fsp->fsp_name);
+
+		DEBUG(3,("close fd=%d fnum=%d (numopen=%d)\n",
+			 fsp->fd, fsp->fnum,
+			 conn->num_files_open));
+ 
+		/*
+		 * close_file() returns the unix errno if an error
+		 * was detected on close - normally this is due to
+		 * a disk full error. If not then it was probably an I/O error.
+		 */
+ 
+		if((close_err = close_file(fsp,True)) != 0) {
+			errno = close_err;
+			END_PROFILE(SMBclose);
+			return (UNIXERROR(ERRHRD,ERRgeneral));
+		}
 
-  mtime = make_unix_date3(inbuf+smb_vwv1);
+		/*
+		 * Now take care of any time sent in the close.
+		 */
 
-  close_file(fnum);
+		mtime = make_unix_date3(inbuf+smb_vwv1);
+		
+		/* try and set the date */
+		set_filetime(conn, file_name, mtime);
 
-  /* try and set the date */
-  set_filetime(Files[fnum].name,mtime);
+	}  
 
-  /* We have a cached error */
-  if(eclass || err)
-    return(ERROR(eclass,err));
+	/* We have a cached error */
+	if(eclass || err) {
+		END_PROFILE(SMBclose);
+		return ERROR_DOS(eclass,err);
+	}
 
-  DEBUG(3,("%s close fd=%d fnum=%d cnum=%d (numopen=%d)\n",
-	   timestring(),Files[fnum].fd,fnum,cnum,
-	   Connections[cnum].num_files_open));
-  
-  return(outsize);
+	END_PROFILE(SMBclose);
+	return(outsize);
 }
 
 
 /****************************************************************************
   reply to a writeclose (Core+ protocol)
 ****************************************************************************/
-int reply_writeclose(char *inbuf,char *outbuf)
+
+int reply_writeclose(connection_struct *conn,
+		     char *inbuf,char *outbuf, int size, int dum_buffsize)
 {
-  int cnum,numtowrite,fnum;
-  int nwritten = -1;
-  int outsize = 0;
-  int startpos;
-  char *data;
-  time_t mtime;
+	size_t numtowrite;
+	ssize_t nwritten = -1;
+	int outsize = 0;
+	int close_err = 0;
+	SMB_OFF_T startpos;
+	char *data;
+	time_t mtime;
+	files_struct *fsp = file_fsp(inbuf,smb_vwv0);
+	START_PROFILE(SMBwriteclose);
+
+	CHECK_FSP(fsp,conn);
+	CHECK_WRITE(fsp);
+
+	numtowrite = SVAL(inbuf,smb_vwv1);
+	startpos = IVAL(inbuf,smb_vwv2);
+	mtime = make_unix_date3(inbuf+smb_vwv4);
+	data = smb_buf(inbuf) + 1;
+  
+	if (is_locked(fsp,conn,(SMB_BIG_UINT)numtowrite,(SMB_BIG_UINT)startpos, WRITE_LOCK,False)) {
+		END_PROFILE(SMBwriteclose);
+		return ERROR_DOS(ERRDOS,ERRlock);
+	}
   
-  cnum = SVAL(inbuf,smb_tid);
-  fnum = GETFNUM(inbuf,smb_vwv0);
-
-  CHECK_FNUM(fnum,cnum);
-  CHECK_WRITE(fnum);
-  CHECK_ERROR(fnum);
+	nwritten = write_file(fsp,data,startpos,numtowrite);
 
-  numtowrite = SVAL(inbuf,smb_vwv1);
-  startpos = IVAL(inbuf,smb_vwv2);
-  mtime = make_unix_date3(inbuf+smb_vwv4);
-  data = smb_buf(inbuf) + 1;
+	set_filetime(conn, fsp->fsp_name,mtime);
   
-  if (is_locked(fnum,cnum,numtowrite,startpos))
-    return(ERROR(ERRDOS,ERRlock));
-      
-  seek_file(fnum,startpos);
-      
-  nwritten = write_file(fnum,data,numtowrite);
+	close_err = close_file(fsp,True);
 
-  close_file(fnum);
-
-  set_filetime(Files[fnum].name,mtime);
-  
-  DEBUG(3,("%s writeclose fnum=%d cnum=%d num=%d wrote=%d (numopen=%d)\n",
-	   timestring(),fnum,cnum,numtowrite,nwritten,
-	   Connections[cnum].num_files_open));
+	DEBUG(3,("writeclose fnum=%d num=%d wrote=%d (numopen=%d)\n",
+		 fsp->fnum, (int)numtowrite, (int)nwritten,
+		 conn->num_files_open));
   
-  if (nwritten <= 0)
-    return(UNIXERROR(ERRDOS,ERRnoaccess));
-  
-  outsize = set_message(outbuf,1,0,True);
+	if (nwritten <= 0) {
+		END_PROFILE(SMBwriteclose);
+		return(UNIXERROR(ERRDOS,ERRnoaccess));
+	}
+ 
+	if(close_err != 0) {
+		errno = close_err;
+		END_PROFILE(SMBwriteclose);
+		return(UNIXERROR(ERRHRD,ERRgeneral));
+	}
+ 
+	outsize = set_message(outbuf,1,0,True);
   
-  SSVAL(outbuf,smb_vwv0,nwritten);
-  return(outsize);
+	SSVAL(outbuf,smb_vwv0,nwritten);
+	END_PROFILE(SMBwriteclose);
+	return(outsize);
 }
 
 
 /****************************************************************************
   reply to a lock
 ****************************************************************************/
-int reply_lock(char *inbuf,char *outbuf)
+int reply_lock(connection_struct *conn,
+	       char *inbuf,char *outbuf, int length, int dum_buffsize)
 {
-  int fnum,cnum;
-  int outsize = set_message(outbuf,0,0,True);
-  uint32 count,offset;
-  int eclass;
-  uint32 ecode;
-
-  cnum = SVAL(inbuf,smb_tid);
-  fnum = GETFNUM(inbuf,smb_vwv0);
-
-  CHECK_FNUM(fnum,cnum);
-  CHECK_ERROR(fnum);
-
-  count = IVAL(inbuf,smb_vwv1);
-  offset = IVAL(inbuf,smb_vwv3);
-
-  DEBUG(3,("%s lock fd=%d fnum=%d cnum=%d ofs=%d cnt=%d\n",timestring(),Files[fnum].fd,fnum,cnum,offset,count));
+	int outsize = set_message(outbuf,0,0,True);
+	SMB_BIG_UINT count,offset;
+	NTSTATUS status;
+	files_struct *fsp = file_fsp(inbuf,smb_vwv0);
+	START_PROFILE(SMBlock);
+
+	CHECK_FSP(fsp,conn);
+
+	release_level_2_oplocks_on_change(fsp);
+
+	count = (SMB_BIG_UINT)IVAL(inbuf,smb_vwv1);
+	offset = (SMB_BIG_UINT)IVAL(inbuf,smb_vwv3);
+
+	DEBUG(3,("lock fd=%d fnum=%d offset=%.0f count=%.0f\n",
+		 fsp->fd, fsp->fnum, (double)offset, (double)count));
+
+	status = do_lock_spin(fsp, conn, SVAL(inbuf,smb_pid), count, offset, WRITE_LOCK);
+	if (NT_STATUS_V(status)) {
+		if (lp_blocking_locks(SNUM(conn))) {
+			/*
+			 * A blocking lock was requested. Package up
+			 * this smb into a queued request and push it
+			 * onto the blocking lock queue.
+			 */
+			if(push_blocking_lock_request(inbuf, length, -1, 0)) {
+				END_PROFILE(SMBlock);
+				return -1;
+			}
+		}
+		END_PROFILE(SMBlock);
+		return ERROR_NT(status);
+	}
 
-  if(!do_lock( fnum, cnum, count, offset, &eclass, &ecode))
-    return (ERROR(eclass,ecode));
-  
-  return(outsize);
+	END_PROFILE(SMBlock);
+	return(outsize);
 }
 
 
 /****************************************************************************
   reply to a unlock
 ****************************************************************************/
-int reply_unlock(char *inbuf,char *outbuf)
+int reply_unlock(connection_struct *conn, char *inbuf,char *outbuf, int size, 
+		 int dum_buffsize)
 {
-  int fnum,cnum;
-  int outsize = set_message(outbuf,0,0,True);
-  uint32 count,offset;
-  int eclass;
-  uint32 ecode;
-  
-  cnum = SVAL(inbuf,smb_tid);
-  fnum = GETFNUM(inbuf,smb_vwv0);
-
-  CHECK_FNUM(fnum,cnum);
-  CHECK_ERROR(fnum);
-
-  count = IVAL(inbuf,smb_vwv1);
-  offset = IVAL(inbuf,smb_vwv3);
+	int outsize = set_message(outbuf,0,0,True);
+	SMB_BIG_UINT count,offset;
+	NTSTATUS status;
+	files_struct *fsp = file_fsp(inbuf,smb_vwv0);
+	START_PROFILE(SMBunlock);
 
-  if(!do_unlock(fnum, cnum, count, offset, &eclass, &ecode))
-    return (ERROR(eclass,ecode));
+	CHECK_FSP(fsp,conn);
+	
+	count = (SMB_BIG_UINT)IVAL(inbuf,smb_vwv1);
+	offset = (SMB_BIG_UINT)IVAL(inbuf,smb_vwv3);
+	
+	status = do_unlock(fsp, conn, SVAL(inbuf,smb_pid), count, offset);
+	if (NT_STATUS_V(status)) {
+		END_PROFILE(SMBunlock);
+		return ERROR_NT(status);
+	}
 
-  DEBUG(3,("%s unlock fd=%d fnum=%d cnum=%d ofs=%d cnt=%d\n",timestring(),Files[fnum].fd,fnum,cnum,offset,count));
-  
-  return(outsize);
+	DEBUG( 3, ( "unlock fd=%d fnum=%d offset=%.0f count=%.0f\n",
+		    fsp->fd, fsp->fnum, (double)offset, (double)count ) );
+	
+	END_PROFILE(SMBunlock);
+	return(outsize);
 }
 
 
 /****************************************************************************
   reply to a tdis
 ****************************************************************************/
-int reply_tdis(char *inbuf,char *outbuf)
+int reply_tdis(connection_struct *conn, 
+	       char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
 {
-  int cnum, uid;
-  int outsize = set_message(outbuf,0,0,True);
-  
-  cnum = SVAL(inbuf,smb_tid);
-  uid = SVAL(inbuf,smb_uid);
+	int outsize = set_message(outbuf,0,0,True);
+	uint16 vuid;
+	START_PROFILE(SMBtdis);
 
-  Connections[cnum].used = False;
+	vuid = SVAL(inbuf,smb_uid);
 
-  close_cnum(cnum,uid);
-  
-  DEBUG(3,("%s tdis cnum=%d\n",timestring(),cnum));
+	if (!conn) {
+		DEBUG(4,("Invalid connection in tdis\n"));
+		END_PROFILE(SMBtdis);
+		return ERROR_DOS(ERRSRV,ERRinvnid);
+	}
+
+	conn->used = False;
 
-  return outsize;
+	close_cnum(conn,vuid);
+  
+	END_PROFILE(SMBtdis);
+	return outsize;
 }
 
 
@@ -2073,316 +2472,438 @@ int reply_tdis(char *inbuf,char *outbuf)
 /****************************************************************************
   reply to a echo
 ****************************************************************************/
-int reply_echo(char *inbuf,char *outbuf)
+int reply_echo(connection_struct *conn,
+	       char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
 {
-  int cnum;
-  int smb_reverb = SVAL(inbuf,smb_vwv0);
-  int seq_num;
-  int data_len = smb_buflen(inbuf);
-  int outsize = set_message(outbuf,1,data_len,True);
+	int smb_reverb = SVAL(inbuf,smb_vwv0);
+	int seq_num;
+	unsigned int data_len = smb_buflen(inbuf);
+	int outsize = set_message(outbuf,1,data_len,True);
+	START_PROFILE(SMBecho);
 
-  cnum = SVAL(inbuf,smb_tid);
+	data_len = MIN(data_len, (sizeof(inbuf)-(smb_buf(inbuf)-inbuf)));
 
-  if (cnum != 0xFFFF && !OPEN_CNUM(cnum))
-    {
-      DEBUG(4,("Invalid cnum in echo (%d)\n",cnum));
-      return(ERROR(ERRSRV,ERRinvnid));
-    }
+	/* copy any incoming data back out */
+	if (data_len > 0)
+		memcpy(smb_buf(outbuf),smb_buf(inbuf),data_len);
 
-  /* copy any incoming data back out */
-  if (data_len > 0)
-    memcpy(smb_buf(outbuf),smb_buf(inbuf),data_len);
+	if (smb_reverb > 100) {
+		DEBUG(0,("large reverb (%d)?? Setting to 100\n",smb_reverb));
+		smb_reverb = 100;
+	}
 
-  if (smb_reverb > 100)
-    {
-      DEBUG(0,("large reverb (%d)?? Setting to 100\n",smb_reverb));
-      smb_reverb = 100;
-    }
+	for (seq_num =1 ; seq_num <= smb_reverb ; seq_num++) {
+		SSVAL(outbuf,smb_vwv0,seq_num);
 
-  for (seq_num =1 ; seq_num <= smb_reverb ; seq_num++)
-    {
-      SSVAL(outbuf,smb_vwv0,seq_num);
+		smb_setlen(outbuf,outsize - 4);
 
-      smb_setlen(outbuf,outsize - 4);
+		if (!send_smb(smbd_server_fd(),outbuf))
+			exit_server("reply_echo: send_smb failed.");
+	}
 
-      send_smb(Client,outbuf);
-    }
+	DEBUG(3,("echo %d times\n", smb_reverb));
 
-  DEBUG(3,("%s echo %d times cnum=%d\n",timestring(),smb_reverb,cnum));
+	smb_echo_count++;
 
-  return -1;
+	END_PROFILE(SMBecho);
+	return -1;
 }
 
 
 /****************************************************************************
   reply to a printopen
 ****************************************************************************/
-int reply_printopen(char *inbuf,char *outbuf)
+int reply_printopen(connection_struct *conn, 
+		    char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
 {
-  pstring fname;
-  pstring fname2;
-  int cnum;
-  int fnum = -1;
-  int outsize = 0;
-
-  *fname = *fname2 = 0;
-
-  cnum = SVAL(inbuf,smb_tid);
-
-  if (!CAN_PRINT(cnum))
-    return(ERROR(ERRDOS,ERRnoaccess));
-
-  {
-    pstring s;
-    char *p;
-    StrnCpy(s,smb_buf(inbuf)+1,sizeof(pstring)-1);
-    p = s;
-    while (*p)
-      {
-	if (!(isalnum(*p) || strchr("._-",*p)))
-	  *p = 'X';
-	p++;
-      }
-
-    if (strlen(s) > 10) s[10] = 0;
-
-    sprintf(fname,"%s.XXXXXX",s);  
-  }
-
-  fnum = find_free_file();
-  if (fnum < 0)
-    return(ERROR(ERRSRV,ERRnofids));
-
-  strcpy(fname2,(char *)mktemp(fname));
-
-  if (!check_name(fname2,cnum))
-    return(ERROR(ERRDOS,ERRnoaccess));
+	int outsize = 0;
+	files_struct *fsp;
+	START_PROFILE(SMBsplopen);
+	
+	if (!CAN_PRINT(conn)) {
+		END_PROFILE(SMBsplopen);
+		return ERROR_DOS(ERRDOS,ERRnoaccess);
+	}
 
-  open_file(fnum,cnum,fname2,O_WRONLY | O_CREAT | O_TRUNC,
-	    unix_mode(cnum,0));
+	/* Open for exclusive use, write only. */
+	fsp = print_fsp_open(conn, NULL);
 
-  if (!Files[fnum].open)
-    return(UNIXERROR(ERRDOS,ERRnoaccess));
+	if (!fsp) {
+		END_PROFILE(SMBsplopen);
+		return(UNIXERROR(ERRDOS,ERRnoaccess));
+	}
 
-  /* force it to be a print file */
-  Files[fnum].print_file = True;
-  
-  outsize = set_message(outbuf,1,0,True);
-  SSVAL(outbuf,smb_vwv0,fnum);
-  
-  DEBUG(3,("%s openprint %s fd=%d fnum=%d cnum=%d\n",timestring(),fname2,Files[fnum].fd,fnum,cnum));
+	outsize = set_message(outbuf,1,0,True);
+	SSVAL(outbuf,smb_vwv0,fsp->fnum);
   
-  return(outsize);
+	DEBUG(3,("openprint fd=%d fnum=%d\n",
+		 fsp->fd, fsp->fnum));
+
+	END_PROFILE(SMBsplopen);
+	return(outsize);
 }
 
 
 /****************************************************************************
   reply to a printclose
 ****************************************************************************/
-int reply_printclose(char *inbuf,char *outbuf)
+int reply_printclose(connection_struct *conn,
+		     char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
 {
-  int fnum,cnum;
-  int outsize = set_message(outbuf,0,0,True);
-  
-  cnum = SVAL(inbuf,smb_tid);
-  fnum = GETFNUM(inbuf,smb_vwv0);
+	int outsize = set_message(outbuf,0,0,True);
+	files_struct *fsp = file_fsp(inbuf,smb_vwv0);
+	int close_err = 0;
+	START_PROFILE(SMBsplclose);
 
-  CHECK_FNUM(fnum,cnum);
-  CHECK_ERROR(fnum);
+	CHECK_FSP(fsp,conn);
 
-  if (!CAN_PRINT(cnum))
-    return(ERROR(ERRDOS,ERRnoaccess));
-  
-  close_file(fnum);
+	if (!CAN_PRINT(conn)) {
+		END_PROFILE(SMBsplclose);
+		return ERROR_DOS(ERRDOS,ERRnoaccess);
+	}
   
-  DEBUG(3,("%s printclose fd=%d fnum=%d cnum=%d\n",timestring(),Files[fnum].fd,fnum,cnum));
+	DEBUG(3,("printclose fd=%d fnum=%d\n",
+		 fsp->fd,fsp->fnum));
   
-  return(outsize);
+	close_err = close_file(fsp,True);
+
+	if(close_err != 0) {
+		errno = close_err;
+		END_PROFILE(SMBsplclose);
+		return(UNIXERROR(ERRHRD,ERRgeneral));
+	}
+
+	END_PROFILE(SMBsplclose);
+	return(outsize);
 }
 
 
 /****************************************************************************
   reply to a printqueue
 ****************************************************************************/
-int reply_printqueue(char *inbuf,char *outbuf)
+int reply_printqueue(connection_struct *conn,
+		     char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
 {
-  int cnum, uid;
-  int outsize = set_message(outbuf,2,3,True);
-  int max_count = SVAL(inbuf,smb_vwv0);
-  int start_index = SVAL(inbuf,smb_vwv1);
-
-  cnum = SVAL(inbuf,smb_tid);
-  uid = SVAL(inbuf,smb_uid);
-
-/* allow checking the queue for anyone */
-#if 0
-  if (!CAN_PRINT(cnum))
-    return(ERROR(ERRDOS,ERRnoaccess));
-#endif
+	int outsize = set_message(outbuf,2,3,True);
+	int max_count = SVAL(inbuf,smb_vwv0);
+	int start_index = SVAL(inbuf,smb_vwv1);
+	START_PROFILE(SMBsplretq);
+
+	/* we used to allow the client to get the cnum wrong, but that
+	   is really quite gross and only worked when there was only
+	   one printer - I think we should now only accept it if they
+	   get it right (tridge) */
+	if (!CAN_PRINT(conn)) {
+		END_PROFILE(SMBsplretq);
+		return ERROR_DOS(ERRDOS,ERRnoaccess);
+	}
 
-  SSVAL(outbuf,smb_vwv0,0);
-  SSVAL(outbuf,smb_vwv1,0);
-  CVAL(smb_buf(outbuf),0) = 1;
-  SSVAL(smb_buf(outbuf),1,0);
+	SSVAL(outbuf,smb_vwv0,0);
+	SSVAL(outbuf,smb_vwv1,0);
+	SCVAL(smb_buf(outbuf),0,1);
+	SSVAL(smb_buf(outbuf),1,0);
   
-  DEBUG(3,("%s printqueue cnum=%d start_index=%d max_count=%d\n",
-	timestring(),cnum,start_index,max_count));
-
-  if (!OPEN_CNUM(cnum) || !Connections[cnum].printer)
-    {
-      int i;
-      cnum = -1;
-
-      for (i=0;i<MAX_CONNECTIONS;i++)
-	if (CAN_PRINT(i) && Connections[i].printer)
-	  cnum = i;
+	DEBUG(3,("printqueue start_index=%d max_count=%d\n",
+		 start_index, max_count));
 
-      if (cnum == -1)
-	for (i=0;i<MAX_CONNECTIONS;i++)
-	  if (OPEN_CNUM(i))
-	    cnum = i;
-
-      if (!OPEN_CNUM(cnum))
-	return(ERROR(ERRSRV,ERRinvnid));
-
-      DEBUG(5,("connection not open or not a printer, using cnum %d\n",cnum));
-    }
-
-  if (!become_user(cnum,uid))
-    return(ERROR(ERRSRV,ERRinvnid));
-
-  {
-    print_queue_struct *queue = NULL;
-    char *p = smb_buf(outbuf) + 3;
-    int count = get_printqueue(SNUM(cnum),cnum,&queue,NULL);
-    int num_to_get = ABS(max_count);
-    int first = (max_count>0?start_index:start_index+max_count+1);
-    int i;
-
-    if (first >= count)
-      num_to_get = 0;
-    else
-      num_to_get = MIN(num_to_get,count-first);
+	{
+		print_queue_struct *queue = NULL;
+		print_status_struct status;
+		char *p = smb_buf(outbuf) + 3;
+		int count = print_queue_status(SNUM(conn), &queue, &status);
+		int num_to_get = ABS(max_count);
+		int first = (max_count>0?start_index:start_index+max_count+1);
+		int i;
+
+		if (first >= count)
+			num_to_get = 0;
+		else
+			num_to_get = MIN(num_to_get,count-first);
     
 
-    for (i=first;i<first+num_to_get;i++)
-      {
-	put_dos_date2(p,0,queue[i].time);
-	CVAL(p,4) = (queue[i].status==LPQ_PRINTING?2:3);
-	SSVAL(p,5,queue[i].job);
-	SIVAL(p,7,queue[i].size);
-	CVAL(p,11) = 0;
-	StrnCpy(p+12,queue[i].user,16);
-	p += 28;
-      }
+		for (i=first;i<first+num_to_get;i++) {
+			put_dos_date2(p,0,queue[i].time);
+			SCVAL(p,4,(queue[i].status==LPQ_PRINTING?2:3));
+			SSVAL(p,5, queue[i].job);
+			SIVAL(p,7,queue[i].size);
+			SCVAL(p,11,0);
+			srvstr_push(outbuf, p+12, queue[i].fs_user, 16, STR_ASCII);
+			p += 28;
+		}
 
-    if (count > 0)
-      {
-	outsize = set_message(outbuf,2,28*count+3,False);	  
-	SSVAL(outbuf,smb_vwv0,count);
-	SSVAL(outbuf,smb_vwv1,(max_count>0?first+count:first-1));
-	CVAL(smb_buf(outbuf),0) = 1;
-	SSVAL(smb_buf(outbuf),1,28*count);
-      }
+		if (count > 0) {
+			outsize = set_message(outbuf,2,28*count+3,False); 
+			SSVAL(outbuf,smb_vwv0,count);
+			SSVAL(outbuf,smb_vwv1,(max_count>0?first+count:first-1));
+			SCVAL(smb_buf(outbuf),0,1);
+			SSVAL(smb_buf(outbuf),1,28*count);
+		}
 
-    if (queue) free(queue);
+		SAFE_FREE(queue);
 	  
-    DEBUG(3,("%d entries returned in queue\n",count));
-  }
+		DEBUG(3,("%d entries returned in queue\n",count));
+	}
   
-  return(outsize);
+	END_PROFILE(SMBsplretq);
+	return(outsize);
 }
 
 
 /****************************************************************************
   reply to a printwrite
 ****************************************************************************/
-int reply_printwrite(char *inbuf,char *outbuf)
+int reply_printwrite(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
 {
-  int cnum,numtowrite,fnum;
+  int numtowrite;
   int outsize = set_message(outbuf,0,0,True);
   char *data;
+  files_struct *fsp = file_fsp(inbuf,smb_vwv0);
+  START_PROFILE(SMBsplwr);
   
-  cnum = SVAL(inbuf,smb_tid);
-
-  if (!CAN_PRINT(cnum))
-    return(ERROR(ERRDOS,ERRnoaccess));
-
-  fnum = GETFNUM(inbuf,smb_vwv0);
+  if (!CAN_PRINT(conn)) {
+    END_PROFILE(SMBsplwr);
+    return ERROR_DOS(ERRDOS,ERRnoaccess);
+  }
 
-  CHECK_FNUM(fnum,cnum);
-  CHECK_WRITE(fnum);
-  CHECK_ERROR(fnum);
+  CHECK_FSP(fsp,conn);
+  CHECK_WRITE(fsp);
 
   numtowrite = SVAL(smb_buf(inbuf),1);
   data = smb_buf(inbuf) + 3;
   
-  if (write_file(fnum,data,numtowrite) != numtowrite)
+  if (write_file(fsp,data,-1,numtowrite) != numtowrite) {
+    END_PROFILE(SMBsplwr);
     return(UNIXERROR(ERRDOS,ERRnoaccess));
+  }
+
+  DEBUG( 3, ( "printwrite fnum=%d num=%d\n", fsp->fnum, numtowrite ) );
   
-  DEBUG(3,("%s printwrite fnum=%d cnum=%d num=%d\n",timestring(),fnum,cnum,numtowrite));
-  
+  END_PROFILE(SMBsplwr);
   return(outsize);
 }
 
 
 /****************************************************************************
-  reply to a mkdir
+ The guts of the mkdir command, split out so it may be called by the NT SMB
+ code. 
 ****************************************************************************/
-int reply_mkdir(char *inbuf,char *outbuf)
+NTSTATUS mkdir_internal(connection_struct *conn, pstring directory)
 {
-  pstring directory;
-  int cnum;
-  int outsize,ret= -1;
-  
-  strcpy(directory,smb_buf(inbuf) + 1);
-  cnum = SVAL(inbuf,smb_tid);
-  unix_convert(directory,cnum);
-  
-  if (check_name(directory,cnum))
-    ret = sys_mkdir(directory,unix_mode(cnum,aDIR));
-  
-  if (ret < 0)
-    return(UNIXERROR(ERRDOS,ERRnoaccess));
-  
-  outsize = set_message(outbuf,0,0,True);
-  
-  DEBUG(3,("%s mkdir %s cnum=%d ret=%d\n",timestring(),directory,cnum,ret));
-  
-  return(outsize);
+	BOOL bad_path = False;
+	SMB_STRUCT_STAT sbuf;
+	int ret= -1;
+	
+	unix_convert(directory,conn,0,&bad_path,&sbuf);
+	
+	if (check_name(directory, conn))
+		ret = vfs_mkdir(conn,directory,unix_mode(conn,aDIR,directory));
+	
+	if (ret == -1) {
+		NTSTATUS nterr = set_bad_path_error(errno, bad_path);
+		if (!NT_STATUS_IS_OK(nterr))
+			return nterr;
+		return map_nt_error_from_unix(errno);
+	}
+	
+	return NT_STATUS_OK;
 }
 
+/****************************************************************************
+ Reply to a mkdir.
+****************************************************************************/
+
+int reply_mkdir(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
+{
+	pstring directory;
+	int outsize;
+	NTSTATUS status;
+	START_PROFILE(SMBmkdir);
+ 
+	srvstr_pull(inbuf, directory, smb_buf(inbuf) + 1, sizeof(directory), -1, STR_TERMINATE);
+
+	status = mkdir_internal(conn, directory);
+	if (!NT_STATUS_IS_OK(status))
+		return ERROR_NT(status);
+
+	outsize = set_message(outbuf,0,0,True);
+
+	DEBUG( 3, ( "mkdir %s ret=%d\n", directory, outsize ) );
+
+	END_PROFILE(SMBmkdir);
+	return(outsize);
+}
 
 /****************************************************************************
-  reply to a rmdir
+ Static function used by reply_rmdir to delete an entire directory
+ tree recursively. Return False on ok, True on fail.
 ****************************************************************************/
-int reply_rmdir(char *inbuf,char *outbuf)
+
+static BOOL recursive_rmdir(connection_struct *conn, char *directory)
+{
+	char *dname = NULL;
+	BOOL ret = False;
+	void *dirptr = OpenDir(conn, directory, False);
+
+	if(dirptr == NULL)
+		return True;
+
+	while((dname = ReadDirName(dirptr))) {
+		pstring fullname;
+		SMB_STRUCT_STAT st;
+
+		if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
+			continue;
+
+		/* Construct the full name. */
+		if(strlen(directory) + strlen(dname) + 1 >= sizeof(fullname)) {
+			errno = ENOMEM;
+			ret = True;
+			break;
+		}
+
+		pstrcpy(fullname, directory);
+		pstrcat(fullname, "/");
+		pstrcat(fullname, dname);
+
+		if(conn->vfs_ops.lstat(conn,fullname, &st) != 0) {
+			ret = True;
+			break;
+		}
+
+		if(st.st_mode & S_IFDIR) {
+			if(recursive_rmdir(conn, fullname)!=0) {
+				ret = True;
+				break;
+			}
+			if(vfs_rmdir(conn,fullname) != 0) {
+				ret = True;
+				break;
+			}
+		} else if(vfs_unlink(conn,fullname) != 0) {
+			ret = True;
+			break;
+		}
+	}
+	CloseDir(dirptr);
+	return ret;
+}
+
+/****************************************************************************
+ The internals of the rmdir code - called elsewhere.
+****************************************************************************/
+
+BOOL rmdir_internals(connection_struct *conn, char *directory)
+{
+	BOOL ok;
+
+	ok = (vfs_rmdir(conn,directory) == 0);
+	if(!ok && ((errno == ENOTEMPTY)||(errno == EEXIST)) && lp_veto_files(SNUM(conn))) {
+		/* 
+		 * Check to see if the only thing in this directory are
+		 * vetoed files/directories. If so then delete them and
+		 * retry. If we fail to delete any of them (and we *don't*
+		 * do a recursive delete) then fail the rmdir.
+		 */
+		BOOL all_veto_files = True;
+		char *dname;
+		void *dirptr = OpenDir(conn, directory, False);
+
+		if(dirptr != NULL) {
+			int dirpos = TellDir(dirptr);
+			while ((dname = ReadDirName(dirptr))) {
+				if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
+					continue;
+				if(!IS_VETO_PATH(conn, dname)) {
+					all_veto_files = False;
+					break;
+				}
+			}
+
+			if(all_veto_files) {
+				SeekDir(dirptr,dirpos);
+				while ((dname = ReadDirName(dirptr))) {
+					pstring fullname;
+					SMB_STRUCT_STAT st;
+
+					if((strcmp(dname, ".") == 0) || (strcmp(dname, "..")==0))
+						continue;
+
+					/* Construct the full name. */
+					if(strlen(directory) + strlen(dname) + 1 >= sizeof(fullname)) {
+						errno = ENOMEM;
+						break;
+					}
+
+					pstrcpy(fullname, directory);
+					pstrcat(fullname, "/");
+					pstrcat(fullname, dname);
+                     
+					if(conn->vfs_ops.lstat(conn,fullname, &st) != 0)
+						break;
+					if(st.st_mode & S_IFDIR) {
+						if(lp_recursive_veto_delete(SNUM(conn))) {
+							if(recursive_rmdir(conn, fullname) != 0)
+								break;
+						}
+						if(vfs_rmdir(conn,fullname) != 0)
+							break;
+					} else if(vfs_unlink(conn,fullname) != 0)
+						break;
+				}
+				CloseDir(dirptr);
+				/* Retry the rmdir */
+				ok = (vfs_rmdir(conn,directory) == 0);
+			} else {
+				CloseDir(dirptr);
+			}
+		} else {
+			errno = ENOTEMPTY;
+		}
+	}
+
+	if (!ok)
+		DEBUG(3,("rmdir_internals: couldn't remove directory %s : %s\n", directory,strerror(errno)));
+
+	return ok;
+}
+
+/****************************************************************************
+ Reply to a rmdir.
+****************************************************************************/
+
+int reply_rmdir(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
 {
   pstring directory;
-  int cnum;
   int outsize = 0;
   BOOL ok = False;
+  BOOL bad_path = False;
+  SMB_STRUCT_STAT sbuf;
+  START_PROFILE(SMBrmdir);
+
+  srvstr_pull(inbuf, directory, smb_buf(inbuf) + 1, sizeof(directory), -1, STR_TERMINATE);
+
+  RESOLVE_DFSPATH(directory, conn, inbuf, outbuf)
+
+  unix_convert(directory,conn, NULL,&bad_path,&sbuf);
   
-  cnum = SVAL(inbuf,smb_tid);
-  strcpy(directory,smb_buf(inbuf) + 1);
-  unix_convert(directory,cnum);
-  
-  if (check_name(directory,cnum))
-    {
-      dptr_closepath(directory,SVAL(inbuf,smb_pid));
-      ok = (sys_rmdir(directory) == 0);
-      if (!ok)
-	DEBUG(3,("couldn't remove directory %s : %s\n",
-		 directory,strerror(errno)));
-    }
+  if (check_name(directory,conn))
+  {
+    dptr_closepath(directory,SVAL(inbuf,smb_pid));
+    ok = rmdir_internals(conn, directory);
+  }
   
   if (!ok)
+  {
+    set_bad_path_error(errno, bad_path);
+    END_PROFILE(SMBrmdir);
     return(UNIXERROR(ERRDOS,ERRbadpath));
-  
+  }
+ 
   outsize = set_message(outbuf,0,0,True);
   
-  DEBUG(3,("%s rmdir %s\n",timestring(),directory));
+  DEBUG( 3, ( "rmdir %s\n", directory ) );
   
+  END_PROFILE(SMBrmdir);
   return(outsize);
 }
 
@@ -2396,26 +2917,26 @@ static BOOL resolve_wildcards(char *name1,char *name2)
   fstring ext1,ext2;
   char *p,*p2;
 
-  name1 = strrchr(name1,'/');
-  name2 = strrchr(name2,'/');
+  name1 = strrchr_m(name1,'/');
+  name2 = strrchr_m(name2,'/');
 
   if (!name1 || !name2) return(False);
   
-  strcpy(root1,name1);
-  strcpy(root2,name2);
-  p = strrchr(root1,'.');
+  fstrcpy(root1,name1);
+  fstrcpy(root2,name2);
+  p = strrchr_m(root1,'.');
   if (p) {
     *p = 0;
-    strcpy(ext1,p+1);
+    fstrcpy(ext1,p+1);
   } else {
-    strcpy(ext1,"");    
+    fstrcpy(ext1,"");    
   }
-  p = strrchr(root2,'.');
+  p = strrchr_m(root2,'.');
   if (p) {
     *p = 0;
-    strcpy(ext2,p+1);
+    fstrcpy(ext2,p+1);
   } else {
-    strcpy(ext2,"");    
+    fstrcpy(ext2,"");    
   }
 
   p = root1;
@@ -2442,769 +2963,1289 @@ static BOOL resolve_wildcards(char *name1,char *name2)
     if (*p) p++;
   }
 
-  strcpy(name2,root2);
+  pstrcpy(name2,root2);
   if (ext2[0]) {
-    strcat(name2,".");
-    strcat(name2,ext2);
+    pstrcat(name2,".");
+    pstrcat(name2,ext2);
   }
 
   return(True);
 }
 
-/*******************************************************************
-check if a user is allowed to rename a file
-********************************************************************/
-static BOOL can_rename(char *fname,int cnum)
-{
-  struct stat sbuf;
-
-  if (!CAN_WRITE(cnum)) return(False);
-
-  if (sys_lstat(fname,&sbuf) != 0) return(False);
-  if (!check_file_sharing(cnum,fname)) return(False);
-
-  return(True);
-}
-
 /****************************************************************************
-  reply to a mv
+ The guts of the rename command, split out so it may be called by the NT SMB
+ code. 
 ****************************************************************************/
-int reply_mv(char *inbuf,char *outbuf)
+
+NTSTATUS rename_internals(connection_struct *conn, char *name, char *newname, BOOL replace_if_exists)
 {
-  int outsize = 0;
-  pstring name;
-  int cnum;
-  pstring directory;
-  pstring mask,newname;
-  char *p;
-  int count=0;
-  int error = ERRnoaccess;
-  BOOL has_wild;
-  BOOL exists=False;
+	pstring directory;
+	pstring mask;
+	pstring newname_last_component;
+	char *p;
+	BOOL has_wild;
+	BOOL bad_path1 = False;
+	BOOL bad_path2 = False;
+	int count=0;
+	NTSTATUS error = NT_STATUS_OK;
+	BOOL rc = True;
+	SMB_STRUCT_STAT sbuf1, sbuf2;
+
+	*directory = *mask = 0;
+
+	rc = unix_convert(name,conn,0,&bad_path1,&sbuf1);
+	unix_convert(newname,conn,newname_last_component,&bad_path2,&sbuf2);
+
+	/*
+	 * Split the old name into directory and last component
+	 * strings. Note that unix_convert may have stripped off a 
+	 * leading ./ from both name and newname if the rename is 
+	 * at the root of the share. We need to make sure either both
+	 * name and newname contain a / character or neither of them do
+	 * as this is checked in resolve_wildcards().
+	 */
+	
+	p = strrchr_m(name,'/');
+	if (!p) {
+		pstrcpy(directory,".");
+		pstrcpy(mask,name);
+	} else {
+		*p = 0;
+		pstrcpy(directory,name);
+		pstrcpy(mask,p+1);
+		*p = '/'; /* Replace needed for exceptional test below. */
+	}
 
-  *directory = *mask = 0;
+	/*
+	 * We should only check the mangled cache
+	 * here if unix_convert failed. This means
+	 * that the path in 'mask' doesn't exist
+	 * on the file system and so we need to look
+	 * for a possible mangle. This patch from
+	 * Tine Smukavec <valentin.smukavec@hermes.si>.
+	 */
+
+	if (!rc && mangle_is_mangled(mask))
+		mangle_check_cache( mask );
+
+	has_wild = ms_has_wild(mask);
+
+	if (!has_wild) {
+		/*
+		 * No wildcards - just process the one file.
+		 */
+		BOOL is_short_name = mangle_is_8_3(name, True);
+
+		/* Add a terminating '/' to the directory name. */
+		pstrcat(directory,"/");
+		pstrcat(directory,mask);
+		
+		/* Ensure newname contains a '/' also */
+		if(strrchr_m(newname,'/') == 0) {
+			pstring tmpstr;
+			
+			pstrcpy(tmpstr, "./");
+			pstrcat(tmpstr, newname);
+			pstrcpy(newname, tmpstr);
+		}
+		
+		DEBUG(3,("rename_internals: case_sensitive = %d, case_preserve = %d, short case preserve = %d, \
+directory = %s, newname = %s, newname_last_component = %s, is_8_3 = %d\n", 
+			 case_sensitive, case_preserve, short_case_preserve, directory, 
+			 newname, newname_last_component, is_short_name));
+
+		/*
+		 * Check for special case with case preserving and not
+		 * case sensitive, if directory and newname are identical,
+		 * and the old last component differs from the original
+		 * last component only by case, then we should allow
+		 * the rename (user is trying to change the case of the
+		 * filename).
+		 */
+		if((case_sensitive == False) && 
+		   (((case_preserve == True) && 
+		     (is_short_name == False)) || 
+		    ((short_case_preserve == True) && 
+		     (is_short_name == True))) &&
+		   strcsequal(directory, newname)) {
+			pstring newname_modified_last_component;
+
+			/*
+			 * Get the last component of the modified name.
+			 * Note that we guarantee that newname contains a '/'
+			 * character above.
+			 */
+			p = strrchr_m(newname,'/');
+			pstrcpy(newname_modified_last_component,p+1);
+			
+			if(strcsequal(newname_modified_last_component, 
+				      newname_last_component) == False) {
+				/*
+				 * Replace the modified last component with
+				 * the original.
+				 */
+				pstrcpy(p+1, newname_last_component);
+			}
+		}
+	
+		resolve_wildcards(directory,newname);
+	
+		/*
+		 * The source object must exist.
+		 */
+
+		if (!vfs_object_exist(conn, directory, &sbuf1)) {
+			DEBUG(3,("rename_internals: source doesn't exist doing rename %s -> %s\n",
+				directory,newname));
+
+			if (errno == ENOTDIR || errno == EISDIR || errno == ENOENT) {
+				/*
+				 * Must return different errors depending on whether the parent
+				 * directory existed or not.
+				 */
+
+				p = strrchr_m(directory, '/');
+				if (!p)
+					return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+				*p = '\0';
+				if (vfs_object_exist(conn, directory, NULL))
+					return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+				return NT_STATUS_OBJECT_PATH_NOT_FOUND;
+			}
+			error = map_nt_error_from_unix(errno);
+			DEBUG(3,("rename_internals: Error %s rename %s -> %s\n",
+				nt_errstr(error), directory,newname));
+
+			return error;
+		}
 
-  cnum = SVAL(inbuf,smb_tid);
-  
-  strcpy(name,smb_buf(inbuf) + 1);
-  strcpy(newname,smb_buf(inbuf) + 3 + strlen(name));
-   
-  DEBUG(3,("reply_mv : %s -> %s\n",name,newname));
-   
-  unix_convert(name,cnum);
-  unix_convert(newname,cnum);
+		error = can_rename(directory,conn,&sbuf1);
 
-  p = strrchr(name,'/');
-  if (!p) {
-    strcpy(directory,"./");
-    strcpy(mask,name);
-  } else {
-    *p = 0;
-    strcpy(directory,name);
-    strcpy(mask,p+1);
-  }
+		if (!NT_STATUS_IS_OK(error)) {
+			DEBUG(3,("rename_internals: Error %s rename %s -> %s\n",
+				nt_errstr(error), directory,newname));
+			return error;
+		}
+
+		/*
+		 * If the src and dest names are identical - including case,
+		 * don't do the rename, just return success.
+		 */
 
-  if (is_mangled(mask))
-    check_mangled_stack(mask);
+		if (strcsequal(directory, newname)) {
+			DEBUG(3,("rename_internals: identical names in rename %s - returning success\n", directory));
+			return NT_STATUS_OK;
+		}
 
-  has_wild = strchr(mask,'*') || strchr(mask,'?');
+		if(!replace_if_exists && vfs_object_exist(conn,newname,NULL)) {
+			DEBUG(3,("rename_internals: dest exists doing rename %s -> %s\n",
+				directory,newname));
+			return NT_STATUS_OBJECT_NAME_COLLISION;
+		}
 
-  if (!has_wild) {
-    strcat(directory,"/");
-    strcat(directory,mask);
-    if (resolve_wildcards(directory,newname) && 
-	can_rename(directory,cnum) && 
-	!file_exist(newname,NULL) &&
-	!sys_rename(directory,newname)) count++;
-    if (!count) exists = file_exist(directory,NULL);
-    if (!count && exists && file_exist(newname,NULL)) {
-      exists = True;
-      error = 183;
-    }
-  } else {
-    void *dirptr = NULL;
-    char *dname;
-    pstring destname;
+		if(conn->vfs_ops.rename(conn,directory, newname) == 0) {
+			DEBUG(3,("rename_internals: succeeded doing rename on %s -> %s\n",
+				directory,newname));
+			return NT_STATUS_OK;	
+		}
 
-    if (check_name(directory,cnum))
-      dirptr = OpenDir(directory);
+		if (errno == ENOTDIR || errno == EISDIR)
+			error = NT_STATUS_OBJECT_NAME_COLLISION;
+		else
+			error = map_nt_error_from_unix(errno);
+		
+		DEBUG(3,("rename_internals: Error %s rename %s -> %s\n",
+			nt_errstr(error), directory,newname));
+
+		return error;
+	} else {
+		/*
+		 * Wildcards - process each file that matches.
+		 */
+		void *dirptr = NULL;
+		char *dname;
+		pstring destname;
+		
+		if (check_name(directory,conn))
+			dirptr = OpenDir(conn, directory, True);
+		
+		if (dirptr) {
+			error = NT_STATUS_OBJECT_NAME_NOT_FOUND;
+			
+			if (strequal(mask,"????????.???"))
+				pstrcpy(mask,"*");
+			
+			while ((dname = ReadDirName(dirptr))) {
+				pstring fname;
+
+				pstrcpy(fname,dname);
+				
+				if(!mask_match(fname, mask, case_sensitive))
+					continue;
+				
+				error = NT_STATUS_ACCESS_DENIED;
+				slprintf(fname,sizeof(fname)-1,"%s/%s",directory,dname);
+				if (!vfs_object_exist(conn, fname, &sbuf1)) {
+					error = NT_STATUS_OBJECT_NAME_NOT_FOUND;
+					DEBUG(6,("rename %s failed. Error %s\n", fname, nt_errstr(error)));
+					continue;
+				}
+				error = can_rename(fname,conn,&sbuf1);
+				if (!NT_STATUS_IS_OK(error)) {
+					DEBUG(6,("rename %s refused\n", fname));
+					continue;
+				}
+				pstrcpy(destname,newname);
+				
+				if (!resolve_wildcards(fname,destname)) {
+					DEBUG(6,("resolve_wildcards %s %s failed\n", 
+                                                 fname, destname));
+					continue;
+				}
+				
+				if (!replace_if_exists && 
+                                    vfs_file_exist(conn,destname, NULL)) {
+					DEBUG(6,("file_exist %s\n", destname));
+					error = NT_STATUS_OBJECT_NAME_COLLISION;
+					continue;
+				}
+				
+				if (!conn->vfs_ops.rename(conn,fname,destname))
+					count++;
+				DEBUG(3,("rename_internals: doing rename on %s -> %s\n",fname,destname));
+			}
+			CloseDir(dirptr);
+		}
+	}
+	
+	if (count == 0 && NT_STATUS_IS_OK(error)) {
+		error = map_nt_error_from_unix(errno);
+	}
+	
+	return error;
+}
 
-    if (dirptr)
-      {
-	error = ERRbadfile;
+/****************************************************************************
+ Reply to a mv.
+****************************************************************************/
 
-	if (strequal(mask,"????????.???"))
-	  strcpy(mask,"*");
+int reply_mv(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, 
+	     int dum_buffsize)
+{
+	int outsize = 0;
+	pstring name;
+	pstring newname;
+	char *p;
+	NTSTATUS status;
 
-	while ((dname = ReadDirName(dirptr)))
-	  {
-	    pstring fname;
-	    strcpy(fname,dname);
-	    
-	    if(!mask_match(fname, mask, case_sensitive, False)) continue;
+	START_PROFILE(SMBmv);
 
-	    error = ERRnoaccess;
-	    sprintf(fname,"%s/%s",directory,dname);
-	    if (!can_rename(fname,cnum)) continue;
-	    strcpy(destname,newname);
-
-	    if (!resolve_wildcards(fname,destname)) continue;
-
-	    if (file_exist(destname,NULL)) {
-	      error = 183;
-	      continue;
-	    }
-	    if (!sys_rename(fname,destname)) count++;
-	    DEBUG(3,("reply_mv : doing rename on %s -> %s\n",fname,destname));
-	  }
-	CloseDir(dirptr);
-      }
-  }
-  
-  if (count == 0) {
-    if (exists)
-      return(ERROR(ERRDOS,error));
-    else
-      return(UNIXERROR(ERRDOS,error));
-  }
-  
-  outsize = set_message(outbuf,0,0,True);
+	p = smb_buf(inbuf) + 1;
+	p += srvstr_pull(inbuf, name, p, sizeof(name), -1, STR_TERMINATE);
+	p++;
+	p += srvstr_pull(inbuf, newname, p, sizeof(newname), -1, STR_TERMINATE);
+	
+	RESOLVE_DFSPATH(name, conn, inbuf, outbuf);
+	RESOLVE_DFSPATH(newname, conn, inbuf, outbuf);
+	
+	DEBUG(3,("reply_mv : %s -> %s\n",name,newname));
+	
+	status = rename_internals(conn, name, newname, False);
+	if (!NT_STATUS_IS_OK(status)) {
+		return ERROR_NT(status);
+	}
+
+	/*
+	 * Win2k needs a changenotify request response before it will
+	 * update after a rename..
+	 */	
+	process_pending_change_notify_queue((time_t)0);
+	outsize = set_message(outbuf,0,0,True);
   
-  return(outsize);
+	END_PROFILE(SMBmv);
+	return(outsize);
 }
 
 /*******************************************************************
-  copy a file as part of a reply_copy
-  ******************************************************************/
-static BOOL copy_file(char *src,char *dest1,int cnum,int ofun,
-		      int count,BOOL target_is_directory)
+ Copy a file as part of a reply_copy.
+******************************************************************/
+
+static BOOL copy_file(char *src,char *dest1,connection_struct *conn, int ofun,
+		      int count,BOOL target_is_directory, int *err_ret)
 {
-  int Access,action;
-  struct stat st;
-  int ret=0;
-  int fnum1,fnum2;
-  pstring dest;
-  
-  strcpy(dest,dest1);
-  if (target_is_directory) {
-    char *p = strrchr(src,'/');
-    if (p) 
-      p++;
-    else
-      p = src;
-    strcat(dest,"/");
-    strcat(dest,p);
-  }
+	int Access,action;
+	SMB_STRUCT_STAT src_sbuf, sbuf2;
+	SMB_OFF_T ret=-1;
+	files_struct *fsp1,*fsp2;
+	pstring dest;
+  
+	*err_ret = 0;
+
+	pstrcpy(dest,dest1);
+	if (target_is_directory) {
+		char *p = strrchr_m(src,'/');
+		if (p) 
+			p++;
+		else
+			p = src;
+		pstrcat(dest,"/");
+		pstrcat(dest,p);
+	}
 
-  if (!file_exist(src,&st)) return(False);
+	if (!vfs_file_exist(conn,src,&src_sbuf))
+		return(False);
 
-  fnum1 = find_free_file();
-  if (fnum1<0) return(False);
-  open_file_shared(fnum1,cnum,src,(DENY_NONE<<4),
-		   1,0,&Access,&action);
+	fsp1 = open_file_shared(conn,src,&src_sbuf,SET_DENY_MODE(DENY_NONE)|SET_OPEN_MODE(DOS_OPEN_RDONLY),
+					(FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN),0,0,&Access,&action);
 
-  if (!Files[fnum1].open) return(False);
+	if (!fsp1)
+		return(False);
 
-  if (!target_is_directory && count)
-    ofun = 1;
+	if (!target_is_directory && count)
+		ofun = FILE_EXISTS_OPEN;
 
-  fnum2 = find_free_file();
-  if (fnum2<0) {
-    close_file(fnum1);
-    return(False);
-  }
-  open_file_shared(fnum2,cnum,dest,(DENY_NONE<<4)|1,
-		   ofun,st.st_mode,&Access,&action);
+	if (vfs_stat(conn,dest,&sbuf2) == -1)
+		ZERO_STRUCTP(&sbuf2);
 
-  if (!Files[fnum2].open) {
-    close_file(fnum1);
-    return(False);
-  }
+	fsp2 = open_file_shared(conn,dest,&sbuf2,SET_DENY_MODE(DENY_NONE)|SET_OPEN_MODE(DOS_OPEN_WRONLY),
+			ofun,src_sbuf.st_mode,0,&Access,&action);
 
-  if ((ofun&3) == 1) {
-    lseek(Files[fnum2].fd,0,SEEK_END);
-  }
+	if (!fsp2) {
+		close_file(fsp1,False);
+		return(False);
+	}
+
+	if ((ofun&3) == 1) {
+		if(conn->vfs_ops.lseek(fsp2,fsp2->fd,0,SEEK_END) == -1) {
+			DEBUG(0,("copy_file: error - vfs lseek returned error %s\n", strerror(errno) ));
+			/*
+			 * Stop the copy from occurring.
+			 */
+			ret = -1;
+			src_sbuf.st_size = 0;
+		}
+	}
   
-  if (st.st_size)
-    ret = transfer_file(Files[fnum1].fd,Files[fnum2].fd,st.st_size,NULL,0,0);
+	if (src_sbuf.st_size)
+		ret = vfs_transfer_file(fsp1, fsp2, src_sbuf.st_size);
 
-  close_file(fnum1);
-  close_file(fnum2);
+	close_file(fsp1,False);
 
-  return(ret == st.st_size);
-}
+	/* Ensure the modtime is set correctly on the destination file. */
+	fsp2->pending_modtime = src_sbuf.st_mtime;
 
+	/*
+	 * As we are opening fsp1 read-only we only expect
+	 * an error on close on fsp2 if we are out of space.
+	 * Thus we don't look at the error return from the
+	 * close of fsp1.
+	 */
+	*err_ret = close_file(fsp2,False);
 
+	return(ret == (SMB_OFF_T)src_sbuf.st_size);
+}
 
 /****************************************************************************
   reply to a file copy.
   ****************************************************************************/
-int reply_copy(char *inbuf,char *outbuf)
+int reply_copy(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
 {
   int outsize = 0;
   pstring name;
-  int cnum;
   pstring directory;
   pstring mask,newname;
   char *p;
   int count=0;
   int error = ERRnoaccess;
+  int err = 0;
   BOOL has_wild;
   BOOL exists=False;
   int tid2 = SVAL(inbuf,smb_vwv0);
   int ofun = SVAL(inbuf,smb_vwv1);
   int flags = SVAL(inbuf,smb_vwv2);
   BOOL target_is_directory=False;
+  BOOL bad_path1 = False;
+  BOOL bad_path2 = False;
+  BOOL rc = True;
+  SMB_STRUCT_STAT sbuf1, sbuf2;
+  START_PROFILE(SMBcopy);
 
   *directory = *mask = 0;
 
-  cnum = SVAL(inbuf,smb_tid);
-  
-  strcpy(name,smb_buf(inbuf));
-  strcpy(newname,smb_buf(inbuf) + 1 + strlen(name));
+  p = smb_buf(inbuf);
+  p += srvstr_pull(inbuf, name, p, sizeof(name), -1, STR_TERMINATE);
+  p += srvstr_pull(inbuf, newname, p, sizeof(newname), -1, STR_TERMINATE);
    
   DEBUG(3,("reply_copy : %s -> %s\n",name,newname));
    
-  if (tid2 != cnum) {
+  if (tid2 != conn->cnum) {
     /* can't currently handle inter share copies XXXX */
     DEBUG(3,("Rejecting inter-share copy\n"));
-    return(ERROR(ERRSRV,ERRinvdevice));
+    END_PROFILE(SMBcopy);
+    return ERROR_DOS(ERRSRV,ERRinvdevice);
   }
 
-  unix_convert(name,cnum);
-  unix_convert(newname,cnum);
+  RESOLVE_DFSPATH(name, conn, inbuf, outbuf);
+  RESOLVE_DFSPATH(newname, conn, inbuf, outbuf);
 
-  target_is_directory = directory_exist(newname,NULL);
+  rc = unix_convert(name,conn,0,&bad_path1,&sbuf1);
+  unix_convert(newname,conn,0,&bad_path2,&sbuf2);
+
+  target_is_directory = VALID_STAT_OF_DIR(sbuf2);
 
   if ((flags&1) && target_is_directory) {
-    return(ERROR(ERRDOS,ERRbadfile));
+    END_PROFILE(SMBcopy);
+    return ERROR_DOS(ERRDOS,ERRbadfile);
   }
 
   if ((flags&2) && !target_is_directory) {
-    return(ERROR(ERRDOS,ERRbadpath));
+    END_PROFILE(SMBcopy);
+    return ERROR_DOS(ERRDOS,ERRbadpath);
   }
 
-  if ((flags&(1<<5)) && directory_exist(name,NULL)) {
+  if ((flags&(1<<5)) && VALID_STAT_OF_DIR(sbuf1)) {
     /* wants a tree copy! XXXX */
     DEBUG(3,("Rejecting tree copy\n"));
-    return(ERROR(ERRSRV,ERRerror));    
+    END_PROFILE(SMBcopy);
+    return ERROR_DOS(ERRSRV,ERRerror);
   }
 
-  p = strrchr(name,'/');
+  p = strrchr_m(name,'/');
   if (!p) {
-    strcpy(directory,"./");
-    strcpy(mask,name);
+    pstrcpy(directory,"./");
+    pstrcpy(mask,name);
   } else {
     *p = 0;
-    strcpy(directory,name);
-    strcpy(mask,p+1);
+    pstrcpy(directory,name);
+    pstrcpy(mask,p+1);
   }
 
-  if (is_mangled(mask))
-    check_mangled_stack(mask);
+  /*
+   * We should only check the mangled cache
+   * here if unix_convert failed. This means
+   * that the path in 'mask' doesn't exist
+   * on the file system and so we need to look
+   * for a possible mangle. This patch from
+   * Tine Smukavec <valentin.smukavec@hermes.si>.
+   */
+
+  if (!rc && mangle_is_mangled(mask))
+	  mangle_check_cache( mask );
 
-  has_wild = strchr(mask,'*') || strchr(mask,'?');
+  has_wild = ms_has_wild(mask);
 
   if (!has_wild) {
-    strcat(directory,"/");
-    strcat(directory,mask);
+    pstrcat(directory,"/");
+    pstrcat(directory,mask);
     if (resolve_wildcards(directory,newname) && 
-	copy_file(directory,newname,cnum,ofun,
-		  count,target_is_directory)) count++;
-    if (!count) exists = file_exist(directory,NULL);
+	copy_file(directory,newname,conn,ofun,
+		  count,target_is_directory,&err)) count++;
+    if(!count && err) {
+		errno = err;
+		END_PROFILE(SMBcopy);
+		return(UNIXERROR(ERRHRD,ERRgeneral));
+	}
+    if (!count) exists = vfs_file_exist(conn,directory,NULL);
   } else {
     void *dirptr = NULL;
     char *dname;
     pstring destname;
 
-    if (check_name(directory,cnum))
-      dirptr = OpenDir(directory);
+    if (check_name(directory,conn))
+      dirptr = OpenDir(conn, directory, True);
 
-    if (dirptr)
-      {
+    if (dirptr) {
 	error = ERRbadfile;
 
 	if (strequal(mask,"????????.???"))
-	  strcpy(mask,"*");
+	  pstrcpy(mask,"*");
 
-	while ((dname = ReadDirName(dirptr)))
-	  {
+	while ((dname = ReadDirName(dirptr))) {
 	    pstring fname;
-	    strcpy(fname,dname);
+	    pstrcpy(fname,dname);
 	    
-	    if(!mask_match(fname, mask, case_sensitive, False)) continue;
+	    if(!mask_match(fname, mask, case_sensitive))
+			continue;
 
 	    error = ERRnoaccess;
-	    sprintf(fname,"%s/%s",directory,dname);
-	    strcpy(destname,newname);
+	    slprintf(fname,sizeof(fname)-1, "%s/%s",directory,dname);
+	    pstrcpy(destname,newname);
 	    if (resolve_wildcards(fname,destname) && 
-		copy_file(directory,newname,cnum,ofun,
-			  count,target_is_directory)) count++;
+		copy_file(fname,destname,conn,ofun,
+			  count,target_is_directory,&err)) count++;
 	    DEBUG(3,("reply_copy : doing copy on %s -> %s\n",fname,destname));
 	  }
 	CloseDir(dirptr);
-      }
+    }
   }
   
   if (count == 0) {
-    if (exists)
-      return(ERROR(ERRDOS,error));
-    else
+    if(err) {
+      /* Error on close... */
+      errno = err;
+      END_PROFILE(SMBcopy);
+      return(UNIXERROR(ERRHRD,ERRgeneral));
+    }
+
+    if (exists) {
+      END_PROFILE(SMBcopy);
+      return ERROR_DOS(ERRDOS,error);
+    } else
+    {
+      if((errno == ENOENT) && (bad_path1 || bad_path2))
+      {
+        unix_ERR_class = ERRDOS;
+        unix_ERR_code = ERRbadpath;
+      }
+      END_PROFILE(SMBcopy);
       return(UNIXERROR(ERRDOS,error));
+    }
   }
   
   outsize = set_message(outbuf,1,0,True);
   SSVAL(outbuf,smb_vwv0,count);
 
+  END_PROFILE(SMBcopy);
   return(outsize);
 }
 
-
-
 /****************************************************************************
   reply to a setdir
 ****************************************************************************/
-int reply_setdir(char *inbuf,char *outbuf)
+int reply_setdir(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
 {
-  int cnum,snum;
+  int snum;
   int outsize = 0;
   BOOL ok = False;
   pstring newdir;
+  START_PROFILE(pathworks_setdir);
   
-  cnum = SVAL(inbuf,smb_tid);
-  
-  snum = Connections[cnum].service;
-  if (!CAN_SETDIR(snum))
-    return(ERROR(ERRDOS,ERRnoaccess));
-  
-  strcpy(newdir,smb_buf(inbuf) + 1);
-  strlower(newdir);
+  snum = SNUM(conn);
+  if (!CAN_SETDIR(snum)) {
+    END_PROFILE(pathworks_setdir);
+    return ERROR_DOS(ERRDOS,ERRnoaccess);
+  }
+
+  srvstr_pull(inbuf, newdir, smb_buf(inbuf) + 1, sizeof(newdir), -1, STR_TERMINATE);
   
-  if (strlen(newdir) == 0)
-    ok = True;
-  else
-    {
-      ok = directory_exist(newdir,NULL);
-      if (ok)
-	string_set(&Connections[cnum].connectpath,newdir);
-    }
+  if (strlen(newdir) == 0) {
+	  ok = True;
+  } else {
+	  ok = vfs_directory_exist(conn,newdir,NULL);
+	  if (ok) {
+		  string_set(&conn->connectpath,newdir);
+	  }
+  }
   
-  if (!ok)
-    return(ERROR(ERRDOS,ERRbadpath));
+  if (!ok) {
+	  END_PROFILE(pathworks_setdir);
+	  return ERROR_DOS(ERRDOS,ERRbadpath);
+  }
   
   outsize = set_message(outbuf,0,0,True);
-  CVAL(outbuf,smb_reh) = CVAL(inbuf,smb_reh);
-  
-  DEBUG(3,("%s setdir %s cnum=%d\n",timestring(),newdir,cnum));
+  SCVAL(outbuf,smb_reh,CVAL(inbuf,smb_reh));
   
+  DEBUG(3,("setdir %s\n", newdir));
+
+  END_PROFILE(pathworks_setdir);
   return(outsize);
 }
 
+/****************************************************************************
+ Get a lock pid, dealing with large count requests.
+****************************************************************************/
+
+uint16 get_lock_pid( char *data, int data_offset, BOOL large_file_format)
+{
+	if(!large_file_format)
+		return SVAL(data,SMB_LPID_OFFSET(data_offset));
+	else
+		return SVAL(data,SMB_LARGE_LPID_OFFSET(data_offset));
+}
 
 /****************************************************************************
-  reply to a lockingX request
+ Get a lock count, dealing with large count requests.
 ****************************************************************************/
-int reply_lockingX(char *inbuf,char *outbuf,int length,int bufsize)
+
+SMB_BIG_UINT get_lock_count( char *data, int data_offset, BOOL large_file_format)
 {
-  int smb_com2 = CVAL(inbuf,smb_vwv0);
-  int smb_off2 = SVAL(inbuf,smb_vwv1);
-  int fnum = GETFNUM(inbuf,smb_vwv2);
-  uint16 locktype = SVAL(inbuf,smb_vwv3);
-  uint16 num_ulocks = SVAL(inbuf,smb_vwv6);
-  uint16 num_locks = SVAL(inbuf,smb_vwv7);
-  uint32 count, offset;
-
-  int cnum;
-  int i;
-  char *data;
-  uint32 ecode=0, dummy2;
-  int outsize, eclass=0, dummy1;
-
-  cnum = SVAL(inbuf,smb_tid);
-
-  CHECK_FNUM(fnum,cnum);
-  CHECK_ERROR(fnum);
-
-  data = smb_buf(inbuf);
-  /* Data now points at the beginning of the list
-     of smb_unlkrng structs */
-  for(i = 0; i < (int)num_ulocks; i++) {
-    count = IVAL(data,SMB_LKLEN_OFFSET(i));
-    offset = IVAL(data,SMB_LKOFF_OFFSET(i));
-    if(!do_unlock(fnum,cnum,count,offset,&eclass, &ecode))
-      return ERROR(eclass,ecode);
-  }
-
-  /* Now do any requested locks */
-  data += 10*num_ulocks;
-  /* Data now points at the beginning of the list
-     of smb_lkrng structs */
-  for(i = 0; i < (int)num_locks; i++) {
-    count = IVAL(data,SMB_LKLEN_OFFSET(i)); 
-    offset = IVAL(data,SMB_LKOFF_OFFSET(i)); 
-    if(!do_lock(fnum,cnum,count,offset, &eclass, &ecode))
-      break;
-  }
-
-  /* If any of the above locks failed, then we must unlock
-     all of the previous locks (X/Open spec). */
-  if(i != num_locks && num_locks != 0) {
-    for(; i >= 0; i--) {
-      count = IVAL(data,SMB_LKLEN_OFFSET(i));  
-      offset = IVAL(data,SMB_LKOFF_OFFSET(i)); 
-      do_unlock(fnum,cnum,count,offset,&dummy1,&dummy2);
-    }
-    return ERROR(eclass,ecode);
-  }
+  SMB_BIG_UINT count = 0;
 
-  outsize = set_message(outbuf,2,0,True);
-  
-  CVAL(outbuf,smb_vwv0) = smb_com2;
-  SSVAL(outbuf,smb_vwv1,(outsize+chain_size)-4);
-  
-  DEBUG(3,("%s lockingX fnum=%d cnum=%d type=%d num_locks=%d num_ulocks=%d\n",
-	timestring(),fnum,cnum,locktype,num_locks,num_ulocks));
+  if(!large_file_format) {
+    count = (SMB_BIG_UINT)IVAL(data,SMB_LKLEN_OFFSET(data_offset));
+  } else {
 
-  chain_fnum = fnum;
+#if defined(HAVE_LONGLONG)
+    count = (((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset))) << 32) |
+            ((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)));
+#else /* HAVE_LONGLONG */
 
-  if (smb_com2 != 0xFF)
-    outsize += chain_reply(smb_com2,inbuf,inbuf+smb_off2+4,
-			   outbuf,outbuf+outsize,
-			   length,bufsize);
-  
-  chain_fnum = -1;
-  
-  return(outsize);
+    /*
+     * NT4.x seems to be broken in that it sends large file (64 bit)
+     * lockingX calls even if the CAP_LARGE_FILES was *not*
+     * negotiated. For boxes without large unsigned ints truncate the
+     * lock count by dropping the top 32 bits.
+     */
+
+    if(IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)) != 0) {
+      DEBUG(3,("get_lock_count: truncating lock count (high)0x%x (low)0x%x to just low count.\n",
+            (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset)),
+            (unsigned int)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset)) ));
+      SIVAL(data,SMB_LARGE_LKLEN_OFFSET_HIGH(data_offset),0);
+    }
+
+    count = (SMB_BIG_UINT)IVAL(data,SMB_LARGE_LKLEN_OFFSET_LOW(data_offset));
+#endif /* HAVE_LONGLONG */
+  }
+
+  return count;
 }
 
+#if !defined(HAVE_LONGLONG)
+/****************************************************************************
+ Pathetically try and map a 64 bit lock offset into 31 bits. I hate Windows :-).
+****************************************************************************/
+static uint32 map_lock_offset(uint32 high, uint32 low)
+{
+	unsigned int i;
+	uint32 mask = 0;
+	uint32 highcopy = high;
+ 
+	/*
+	 * Try and find out how many significant bits there are in high.
+	 */
+ 
+	for(i = 0; highcopy; i++)
+		highcopy >>= 1;
+ 
+	/*
+	 * We use 31 bits not 32 here as POSIX
+	 * lock offsets may not be negative.
+	 */
+ 
+	mask = (~0) << (31 - i);
+ 
+	if(low & mask)
+		return 0; /* Fail. */
+ 
+	high <<= (31 - i);
+ 
+	return (high|low);
+}
+#endif /* !defined(HAVE_LONGLONG) */
 
 /****************************************************************************
-  reply to a SMBreadbmpx (read block multiplex) request
+ Get a lock offset, dealing with large offset requests.
 ****************************************************************************/
-int reply_readbmpx(char *inbuf,char *outbuf,int length,int bufsize)
+
+SMB_BIG_UINT get_lock_offset( char *data, int data_offset, BOOL large_file_format, BOOL *err)
 {
-  int cnum,fnum;
-  int nread = -1;
-  int total_read;
-  char *data;
-  int32 startpos;
-  int outsize, mincount, maxcount;
-  int max_per_packet;
-  int tcount;
-  int pad;
+  SMB_BIG_UINT offset = 0;
+
+  *err = False;
 
-  /* this function doesn't seem to work - disable by default */
-  if (!lp_readbmpx())
-    return(ERROR(ERRSRV,ERRuseSTD));
+  if(!large_file_format) {
+    offset = (SMB_BIG_UINT)IVAL(data,SMB_LKOFF_OFFSET(data_offset));
+  } else {
 
-  outsize = set_message(outbuf,8,0,True);
+#if defined(HAVE_LONGLONG)
+    offset = (((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset))) << 32) |
+            ((SMB_BIG_UINT) IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset)));
+#else /* HAVE_LONGLONG */
 
-  cnum = SVAL(inbuf,smb_tid);
-  fnum = GETFNUM(inbuf,smb_vwv0);
+    /*
+     * NT4.x seems to be broken in that it sends large file (64 bit)
+     * lockingX calls even if the CAP_LARGE_FILES was *not*
+     * negotiated. For boxes without large unsigned ints mangle the
+     * lock offset by mapping the top 32 bits onto the lower 32.
+     */
+      
+    if(IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset)) != 0) {
+      uint32 low = IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
+      uint32 high = IVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset));
+      uint32 new_low = 0;
+
+      if((new_low = map_lock_offset(high, low)) == 0) {
+        *err = True;
+        return (SMB_BIG_UINT)-1;
+      }
 
-  CHECK_FNUM(fnum,cnum);
-  CHECK_READ(fnum);
-  CHECK_ERROR(fnum);
+      DEBUG(3,("get_lock_offset: truncating lock offset (high)0x%x (low)0x%x to offset 0x%x.\n",
+            (unsigned int)high, (unsigned int)low, (unsigned int)new_low ));
+      SIVAL(data,SMB_LARGE_LKOFF_OFFSET_HIGH(data_offset),0);
+      SIVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset),new_low);
+    }
 
-  startpos = IVAL(inbuf,smb_vwv1);
-  maxcount = SVAL(inbuf,smb_vwv3);
-  mincount = SVAL(inbuf,smb_vwv4);
+    offset = (SMB_BIG_UINT)IVAL(data,SMB_LARGE_LKOFF_OFFSET_LOW(data_offset));
+#endif /* HAVE_LONGLONG */
+  }
 
-  data = smb_buf(outbuf);
-  pad = ((int)data)%4;
-  if (pad) pad = 4 - pad;
-  data += pad;
+  return offset;
+}
 
-  max_per_packet = bufsize-(outsize+pad);
-  tcount = maxcount;
-  total_read = 0;
+/****************************************************************************
+  reply to a lockingX request
+****************************************************************************/
 
-  if (is_locked(fnum,cnum,maxcount,startpos))
-    return(ERROR(ERRDOS,ERRlock));
+int reply_lockingX(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize)
+{
+	files_struct *fsp = file_fsp(inbuf,smb_vwv2);
+	unsigned char locktype = CVAL(inbuf,smb_vwv3);
+	unsigned char oplocklevel = CVAL(inbuf,smb_vwv3+1);
+	uint16 num_ulocks = SVAL(inbuf,smb_vwv6);
+	uint16 num_locks = SVAL(inbuf,smb_vwv7);
+	SMB_BIG_UINT count = 0, offset = 0;
+	uint16 lock_pid;
+	int32 lock_timeout = IVAL(inbuf,smb_vwv4);
+	int i;
+	char *data;
+	BOOL large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES)?True:False;
+	BOOL err;
+	NTSTATUS status;
+
+	START_PROFILE(SMBlockingX);
 	
-  do
-    {
-      int N = MIN(max_per_packet,tcount-total_read);
-  
-      nread = read_file(fnum,data,startpos,N,N,-1,False);
+	CHECK_FSP(fsp,conn);
+	
+	data = smb_buf(inbuf);
 
-      if (nread <= 0) nread = 0;
+	if (locktype & (LOCKING_ANDX_CANCEL_LOCK | LOCKING_ANDX_CHANGE_LOCKTYPE)) {
+		/* we don't support these - and CANCEL_LOCK makes w2k
+		   and XP reboot so I don't really want to be
+		   compatible! (tridge) */
+		return ERROR_NT(NT_STATUS_NOT_SUPPORTED);
+	}
+	
+	/* Check if this is an oplock break on a file
+	   we have granted an oplock on.
+	*/
+	if ((locktype & LOCKING_ANDX_OPLOCK_RELEASE)) {
+		/* Client can insist on breaking to none. */
+		BOOL break_to_none = (oplocklevel == 0);
+		
+		DEBUG(5,("reply_lockingX: oplock break reply (%u) from client for fnum = %d\n",
+			 (unsigned int)oplocklevel, fsp->fnum ));
+
+		/*
+		 * Make sure we have granted an exclusive or batch oplock on this file.
+		 */
+		
+		if(!EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
+			DEBUG(0,("reply_lockingX: Error : oplock break from client for fnum = %d and \
+no oplock granted on this file (%s).\n", fsp->fnum, fsp->fsp_name));
+
+			/* if this is a pure oplock break request then don't send a reply */
+			if (num_locks == 0 && num_ulocks == 0) {
+				END_PROFILE(SMBlockingX);
+				return -1;
+			} else {
+				END_PROFILE(SMBlockingX);
+				return ERROR_DOS(ERRDOS,ERRlock);
+			}
+		}
 
-      if (nread < N)
-	tcount = total_read + nread;
+		if (remove_oplock(fsp, break_to_none) == False) {
+			DEBUG(0,("reply_lockingX: error in removing oplock on file %s\n",
+				 fsp->fsp_name ));
+		}
+		
+		/* if this is a pure oplock break request then don't send a reply */
+		if (num_locks == 0 && num_ulocks == 0) {
+			/* Sanity check - ensure a pure oplock break is not a
+			   chained request. */
+			if(CVAL(inbuf,smb_vwv0) != 0xff)
+				DEBUG(0,("reply_lockingX: Error : pure oplock break is a chained %d request !\n",
+					 (unsigned int)CVAL(inbuf,smb_vwv0) ));
+			END_PROFILE(SMBlockingX);
+			return -1;
+		}
+	}
 
-      set_message(outbuf,8,nread,False);
-      SIVAL(outbuf,smb_vwv0,startpos);
-      SSVAL(outbuf,smb_vwv2,tcount);
-      SSVAL(outbuf,smb_vwv6,nread);
-      SSVAL(outbuf,smb_vwv7,smb_offset(data,outbuf));
+	/*
+	 * We do this check *after* we have checked this is not a oplock break
+	 * response message. JRA.
+	 */
+	
+	release_level_2_oplocks_on_change(fsp);
+	
+	/* Data now points at the beginning of the list
+	   of smb_unlkrng structs */
+	for(i = 0; i < (int)num_ulocks; i++) {
+		lock_pid = get_lock_pid( data, i, large_file_format);
+		count = get_lock_count( data, i, large_file_format);
+		offset = get_lock_offset( data, i, large_file_format, &err);
+		
+		/*
+		 * There is no error code marked "stupid client bug".... :-).
+		 */
+		if(err) {
+			END_PROFILE(SMBlockingX);
+			return ERROR_DOS(ERRDOS,ERRnoaccess);
+		}
 
-      send_smb(Client,outbuf);
+		DEBUG(10,("reply_lockingX: unlock start=%.0f, len=%.0f for pid %u, file %s\n",
+			  (double)offset, (double)count, (unsigned int)lock_pid, fsp->fsp_name ));
+		
+		status = do_unlock(fsp,conn,lock_pid,count,offset);
+		if (NT_STATUS_V(status)) {
+			END_PROFILE(SMBlockingX);
+			return ERROR_NT(status);
+		}
+	}
 
-      total_read += nread;
-      startpos += nread;
-    }
-  while (total_read < tcount);
+	/* Setup the timeout in seconds. */
 
-  return(-1);
-}
+	lock_timeout = ((lock_timeout == -1) ? -1 : lock_timeout/1000);
+	
+	/* Now do any requested locks */
+	data += ((large_file_format ? 20 : 10)*num_ulocks);
+	
+	/* Data now points at the beginning of the list
+	   of smb_lkrng structs */
+	
+	for(i = 0; i < (int)num_locks; i++) {
+		lock_pid = get_lock_pid( data, i, large_file_format);
+		count = get_lock_count( data, i, large_file_format);
+		offset = get_lock_offset( data, i, large_file_format, &err);
+		
+		/*
+		 * There is no error code marked "stupid client bug".... :-).
+		 */
+		if(err) {
+			END_PROFILE(SMBlockingX);
+			return ERROR_DOS(ERRDOS,ERRnoaccess);
+		}
+		
+		DEBUG(10,("reply_lockingX: lock start=%.0f, len=%.0f for pid %u, file %s timeout = %d\n",
+			(double)offset, (double)count, (unsigned int)lock_pid,
+			fsp->fsp_name, (int)lock_timeout ));
+		
+		status = do_lock_spin(fsp,conn,lock_pid, count,offset, 
+				 ((locktype & 1) ? READ_LOCK : WRITE_LOCK));
+		if (NT_STATUS_V(status)) {
+			if ((lock_timeout != 0) && lp_blocking_locks(SNUM(conn))) {
+				/*
+				 * A blocking lock was requested. Package up
+				 * this smb into a queued request and push it
+				 * onto the blocking lock queue.
+				 */
+				if(push_blocking_lock_request(inbuf, length, lock_timeout, i)) {
+					END_PROFILE(SMBlockingX);
+					return -1;
+				}
+			}
+			break;
+		}
+	}
+	
+	/* If any of the above locks failed, then we must unlock
+	   all of the previous locks (X/Open spec). */
+	if (i != num_locks && num_locks != 0) {
+		/*
+		 * Ensure we don't do a remove on the lock that just failed,
+		 * as under POSIX rules, if we have a lock already there, we
+		 * will delete it (and we shouldn't) .....
+		 */
+		for(i--; i >= 0; i--) {
+			lock_pid = get_lock_pid( data, i, large_file_format);
+			count = get_lock_count( data, i, large_file_format);
+			offset = get_lock_offset( data, i, large_file_format, &err);
+			
+			/*
+			 * There is no error code marked "stupid client bug".... :-).
+			 */
+			if(err) {
+				END_PROFILE(SMBlockingX);
+				return ERROR_DOS(ERRDOS,ERRnoaccess);
+			}
+			
+			do_unlock(fsp,conn,lock_pid,count,offset);
+		}
+		END_PROFILE(SMBlockingX);
+		return ERROR_NT(status);
+	}
 
+	set_message(outbuf,2,0,True);
+	
+	DEBUG( 3, ( "lockingX fnum=%d type=%d num_locks=%d num_ulocks=%d\n",
+		    fsp->fnum, (unsigned int)locktype, num_locks, num_ulocks ) );
+	
+	END_PROFILE(SMBlockingX);
+	return chain_reply(inbuf,outbuf,length,bufsize);
+}
 
 /****************************************************************************
-  reply to a SMBwritebmpx (write block multiplex primary) request
+ Reply to a SMBreadbmpx (read block multiplex) request.
 ****************************************************************************/
-int reply_writebmpx(char *inbuf,char *outbuf)
+
+int reply_readbmpx(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize)
 {
-  int cnum,numtowrite,fnum;
-  int nwritten = -1;
-  int outsize = 0;
-  int32 startpos;
-  int tcount, write_through, smb_doff;
-  char *data;
-  
-  cnum = SVAL(inbuf,smb_tid);
-  fnum = GETFNUM(inbuf,smb_vwv0);
+	ssize_t nread = -1;
+	ssize_t total_read;
+	char *data;
+	SMB_OFF_T startpos;
+	int outsize;
+	size_t maxcount;
+	int max_per_packet;
+	size_t tcount;
+	int pad;
+	files_struct *fsp = file_fsp(inbuf,smb_vwv0);
+	START_PROFILE(SMBreadBmpx);
+
+	/* this function doesn't seem to work - disable by default */
+	if (!lp_readbmpx()) {
+		END_PROFILE(SMBreadBmpx);
+		return ERROR_DOS(ERRSRV,ERRuseSTD);
+	}
 
-  CHECK_FNUM(fnum,cnum);
-  CHECK_WRITE(fnum);
-  CHECK_ERROR(fnum);
+	outsize = set_message(outbuf,8,0,True);
 
-  tcount = SVAL(inbuf,smb_vwv1);
-  startpos = IVAL(inbuf,smb_vwv3);
-  write_through = BITSETW(inbuf+smb_vwv7,0);
-  numtowrite = SVAL(inbuf,smb_vwv10);
-  smb_doff = SVAL(inbuf,smb_vwv11);
+	CHECK_FSP(fsp,conn);
+	CHECK_READ(fsp);
 
-  data = smb_base(inbuf) + smb_doff;
+	startpos = IVAL(inbuf,smb_vwv1);
+	maxcount = SVAL(inbuf,smb_vwv3);
 
-  /* If this fails we need to send an SMBwriteC response,
-     not an SMBwritebmpx - set this up now so we don't forget */
-  CVAL(outbuf,smb_com) = SMBwritec;
+	data = smb_buf(outbuf);
+	pad = ((long)data)%4;
+	if (pad)
+		pad = 4 - pad;
+	data += pad;
 
-  if (is_locked(fnum,cnum,tcount,startpos))
-    return(ERROR(ERRDOS,ERRlock));
+	max_per_packet = bufsize-(outsize+pad);
+	tcount = maxcount;
+	total_read = 0;
 
-  seek_file(fnum,startpos);
-  nwritten = write_file(fnum,data,numtowrite);
+	if (is_locked(fsp,conn,(SMB_BIG_UINT)maxcount,(SMB_BIG_UINT)startpos, READ_LOCK,False)) {
+		END_PROFILE(SMBreadBmpx);
+		return ERROR_DOS(ERRDOS,ERRlock);
+	}
 
-  if(lp_syncalways(SNUM(cnum)) || write_through)
-    sync_file(fnum);
+	do {
+		size_t N = MIN(max_per_packet,tcount-total_read);
   
-  if(nwritten < numtowrite)
-    return(UNIXERROR(ERRHRD,ERRdiskfull));
+		nread = read_file(fsp,data,startpos,N);
 
-  /* If the maximum to be written to this file
-     is greater than what we just wrote then set
-     up a secondary struct to be attached to this
-     fd, we will use this to cache error messages etc. */
-  if(tcount > nwritten) 
-    {
-      write_bmpx_struct *wbms;
-      if(Files[fnum].wbmpx_ptr != NULL)
-	wbms = Files[fnum].wbmpx_ptr; /* Use an existing struct */
-      else
-	wbms = (write_bmpx_struct *)malloc(sizeof(write_bmpx_struct));
-      if(!wbms)
-	{
-	  DEBUG(0,("Out of memory in reply_readmpx\n"));
-	  return(ERROR(ERRSRV,ERRnoresource));
-	}
-      wbms->wr_mode = write_through;
-      wbms->wr_discard = False; /* No errors yet */
-      wbms->wr_total_written = nwritten;
-      wbms->wr_errclass = 0;
-      wbms->wr_error = 0;
-      Files[fnum].wbmpx_ptr = wbms;
-    }
+		if (nread <= 0)
+			nread = 0;
 
-  /* We are returning successfully, set the message type back to
-     SMBwritebmpx */
-  CVAL(outbuf,smb_com) = SMBwriteBmpx;
-  
-  outsize = set_message(outbuf,1,0,True);
-  
-  SSVALS(outbuf,smb_vwv0,-1); /* We don't support smb_remaining */
-  
-  DEBUG(3,("%s writebmpx fnum=%d cnum=%d num=%d wrote=%d\n",
-	timestring(),fnum,cnum,numtowrite,nwritten));
-  
-  if (write_through && tcount==nwritten) {
-    /* we need to send both a primary and a secondary response */
-    smb_setlen(outbuf,outsize - 4);
-    send_smb(Client,outbuf);
+		if (nread < (ssize_t)N)
+			tcount = total_read + nread;
 
-    /* now the secondary */
-    outsize = set_message(outbuf,1,0,True);
-    CVAL(outbuf,smb_com) = SMBwritec;
-    SSVAL(outbuf,smb_vwv0,nwritten);
-  }
+		set_message(outbuf,8,nread,False);
+		SIVAL(outbuf,smb_vwv0,startpos);
+		SSVAL(outbuf,smb_vwv2,tcount);
+		SSVAL(outbuf,smb_vwv6,nread);
+		SSVAL(outbuf,smb_vwv7,smb_offset(data,outbuf));
 
-  return(outsize);
-}
+		if (!send_smb(smbd_server_fd(),outbuf))
+			exit_server("reply_readbmpx: send_smb failed.");
 
+		total_read += nread;
+		startpos += nread;
+	} while (total_read < (ssize_t)tcount);
+
+	END_PROFILE(SMBreadBmpx);
+	return(-1);
+}
 
 /****************************************************************************
-  reply to a SMBwritebs (write block multiplex secondary) request
+ Reply to a SMBsetattrE.
 ****************************************************************************/
-int reply_writebs(char *inbuf,char *outbuf)
+
+int reply_setattrE(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
 {
-  int cnum,numtowrite,fnum;
-  int nwritten = -1;
-  int outsize = 0;
-  int32 startpos;
-  int tcount, write_through, smb_doff;
-  char *data;
-  write_bmpx_struct *wbms;
-  BOOL send_response = False;
+	struct utimbuf unix_times;
+	int outsize = 0;
+	files_struct *fsp = file_fsp(inbuf,smb_vwv0);
+	START_PROFILE(SMBsetattrE);
+
+	outsize = set_message(outbuf,0,0,True);
+
+	if(!fsp || (fsp->conn != conn)) {
+		END_PROFILE(SMBgetattrE);
+		return ERROR_DOS(ERRDOS,ERRbadfid);
+	}
+
+	/*
+	 * Convert the DOS times into unix times. Ignore create
+	 * time as UNIX can't set this.
+	 */
+
+	unix_times.actime = make_unix_date2(inbuf+smb_vwv3);
+	unix_times.modtime = make_unix_date2(inbuf+smb_vwv5);
   
-  cnum = SVAL(inbuf,smb_tid);
-  fnum = GETFNUM(inbuf,smb_vwv0);
-  CHECK_FNUM(fnum,cnum);
-  CHECK_WRITE(fnum);
+	/* 
+	 * Patch from Ray Frush <frush@engr.colostate.edu>
+	 * Sometimes times are sent as zero - ignore them.
+	 */
 
-  tcount = SVAL(inbuf,smb_vwv1);
-  startpos = IVAL(inbuf,smb_vwv2);
-  numtowrite = SVAL(inbuf,smb_vwv6);
-  smb_doff = SVAL(inbuf,smb_vwv7);
+	if ((unix_times.actime == 0) && (unix_times.modtime == 0)) {
+		/* Ignore request */
+		if( DEBUGLVL( 3 ) ) {
+			dbgtext( "reply_setattrE fnum=%d ", fsp->fnum);
+			dbgtext( "ignoring zero request - not setting timestamps of 0\n" );
+		}
+		END_PROFILE(SMBsetattrE);
+		return(outsize);
+	} else if ((unix_times.actime != 0) && (unix_times.modtime == 0)) {
+		/* set modify time = to access time if modify time was 0 */
+		unix_times.modtime = unix_times.actime;
+	}
 
-  data = smb_base(inbuf) + smb_doff;
+	/* Set the date on this file */
+	if(file_utime(conn, fsp->fsp_name, &unix_times)) {
+		END_PROFILE(SMBsetattrE);
+		return ERROR_DOS(ERRDOS,ERRnoaccess);
+	}
+  
+	DEBUG( 3, ( "reply_setattrE fnum=%d actime=%d modtime=%d\n",
+		fsp->fnum, (int)unix_times.actime, (int)unix_times.modtime ) );
 
-  /* We need to send an SMBwriteC response, not an SMBwritebs */
-  CVAL(outbuf,smb_com) = SMBwritec;
+	END_PROFILE(SMBsetattrE);
+	return(outsize);
+}
 
-  /* This fd should have an auxiliary struct attached,
-     check that it does */
-  wbms = Files[fnum].wbmpx_ptr;
-  if(!wbms) return(-1);
 
-  /* If write through is set we can return errors, else we must
-     cache them */
-  write_through = wbms->wr_mode;
+/* Back from the dead for OS/2..... JRA. */
 
-  /* Check for an earlier error */
-  if(wbms->wr_discard)
-    return -1; /* Just discard the packet */
+/****************************************************************************
+ Reply to a SMBwritebmpx (write block multiplex primary) request.
+****************************************************************************/
+
+int reply_writebmpx(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
+{
+	size_t numtowrite;
+	ssize_t nwritten = -1;
+	int outsize = 0;
+	SMB_OFF_T startpos;
+	size_t tcount;
+	BOOL write_through;
+	int smb_doff;
+	char *data;
+	files_struct *fsp = file_fsp(inbuf,smb_vwv0);
+	START_PROFILE(SMBwriteBmpx);
+
+	CHECK_FSP(fsp,conn);
+	CHECK_WRITE(fsp);
+	CHECK_ERROR(fsp);
+
+	tcount = SVAL(inbuf,smb_vwv1);
+	startpos = IVAL(inbuf,smb_vwv3);
+	write_through = BITSETW(inbuf+smb_vwv7,0);
+	numtowrite = SVAL(inbuf,smb_vwv10);
+	smb_doff = SVAL(inbuf,smb_vwv11);
+
+	data = smb_base(inbuf) + smb_doff;
+
+	/* If this fails we need to send an SMBwriteC response,
+		not an SMBwritebmpx - set this up now so we don't forget */
+	SCVAL(outbuf,smb_com,SMBwritec);
+
+	if (is_locked(fsp,conn,(SMB_BIG_UINT)tcount,(SMB_BIG_UINT)startpos,WRITE_LOCK,False)) {
+		END_PROFILE(SMBwriteBmpx);
+		return(ERROR_DOS(ERRDOS,ERRlock));
+	}
 
-  seek_file(fnum,startpos);
-  nwritten = write_file(fnum,data,numtowrite);
+	nwritten = write_file(fsp,data,startpos,numtowrite);
 
-  if(lp_syncalways(SNUM(cnum)) || write_through)
-    sync_file(fnum);
+	if(lp_syncalways(SNUM(conn)) || write_through)
+		sync_file(conn,fsp);
   
-  if (nwritten < numtowrite)
-    {
-      if(write_through)	{
-	/* We are returning an error - we can delete the aux struct */
-	if (wbms) free((char *)wbms);
-	Files[fnum].wbmpx_ptr = NULL;
-	return(ERROR(ERRHRD,ERRdiskfull));
-      }
-      return(CACHE_ERROR(wbms,ERRHRD,ERRdiskfull));
-    }
+	if(nwritten < (ssize_t)numtowrite) {
+		END_PROFILE(SMBwriteBmpx);
+		return(UNIXERROR(ERRHRD,ERRdiskfull));
+	}
 
-  /* Increment the total written, if this matches tcount
-     we can discard the auxiliary struct (hurrah !) and return a writeC */
-  wbms->wr_total_written += nwritten;
-  if(wbms->wr_total_written >= tcount)
-    {
-      if (write_through) {
+	/* If the maximum to be written to this file
+		is greater than what we just wrote then set
+		up a secondary struct to be attached to this
+		fd, we will use this to cache error messages etc. */
+
+	if((ssize_t)tcount > nwritten) {
+		write_bmpx_struct *wbms;
+		if(fsp->wbmpx_ptr != NULL)
+			wbms = fsp->wbmpx_ptr; /* Use an existing struct */
+		else
+			wbms = (write_bmpx_struct *)malloc(sizeof(write_bmpx_struct));
+		if(!wbms) {
+			DEBUG(0,("Out of memory in reply_readmpx\n"));
+			END_PROFILE(SMBwriteBmpx);
+			return(ERROR_DOS(ERRSRV,ERRnoresource));
+		}
+		wbms->wr_mode = write_through;
+		wbms->wr_discard = False; /* No errors yet */
+		wbms->wr_total_written = nwritten;
+		wbms->wr_errclass = 0;
+		wbms->wr_error = 0;
+		fsp->wbmpx_ptr = wbms;
+	}
+
+	/* We are returning successfully, set the message type back to
+		SMBwritebmpx */
+	SCVAL(outbuf,smb_com,SMBwriteBmpx);
+  
 	outsize = set_message(outbuf,1,0,True);
-	SSVAL(outbuf,smb_vwv0,wbms->wr_total_written);    
-	send_response = True;
-      }
+  
+	SSVALS(outbuf,smb_vwv0,-1); /* We don't support smb_remaining */
+  
+	DEBUG( 3, ( "writebmpx fnum=%d num=%d wrote=%d\n",
+			fsp->fnum, (int)numtowrite, (int)nwritten ) );
 
-      free((char *)wbms);
-      Files[fnum].wbmpx_ptr = NULL;
-    }
+	if (write_through && tcount==nwritten) {
+		/* We need to send both a primary and a secondary response */
+		smb_setlen(outbuf,outsize - 4);
+		if (!send_smb(smbd_server_fd(),outbuf))
+			exit_server("reply_writebmpx: send_smb failed.");
 
-  if(send_response)
-    return(outsize);
+		/* Now the secondary */
+		outsize = set_message(outbuf,1,0,True);
+		SCVAL(outbuf,smb_com,SMBwritec);
+		SSVAL(outbuf,smb_vwv0,nwritten);
+	}
 
-  return(-1);
+	END_PROFILE(SMBwriteBmpx);
+	return(outsize);
 }
 
-
 /****************************************************************************
-  reply to a SMBsetattrE
+ Reply to a SMBwritebs (write block multiplex secondary) request.
 ****************************************************************************/
-int reply_setattrE(char *inbuf,char *outbuf)
+
+int reply_writebs(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
 {
-  int cnum,fnum;
-  struct utimbuf unix_times;
-  int outsize = 0;
+	size_t numtowrite;
+	ssize_t nwritten = -1;
+	int outsize = 0;
+	SMB_OFF_T startpos;
+	size_t tcount;
+	BOOL write_through;
+	int smb_doff;
+	char *data;
+	write_bmpx_struct *wbms;
+	BOOL send_response = False; 
+	files_struct *fsp = file_fsp(inbuf,smb_vwv0);
+	START_PROFILE(SMBwriteBs);
+
+	CHECK_FSP(fsp,conn);
+	CHECK_WRITE(fsp);
+
+	tcount = SVAL(inbuf,smb_vwv1);
+	startpos = IVAL(inbuf,smb_vwv2);
+	numtowrite = SVAL(inbuf,smb_vwv6);
+	smb_doff = SVAL(inbuf,smb_vwv7);
+
+	data = smb_base(inbuf) + smb_doff;
+
+	/* We need to send an SMBwriteC response, not an SMBwritebs */
+	SCVAL(outbuf,smb_com,SMBwritec);
+
+	/* This fd should have an auxiliary struct attached,
+		check that it does */
+	wbms = fsp->wbmpx_ptr;
+	if(!wbms) {
+		END_PROFILE(SMBwriteBs);
+		return(-1);
+	}
 
-  outsize = set_message(outbuf,0,0,True);
+	/* If write through is set we can return errors, else we must cache them */
+	write_through = wbms->wr_mode;
 
-  cnum = SVAL(inbuf,smb_tid);
-  fnum = GETFNUM(inbuf,smb_vwv0);
+	/* Check for an earlier error */
+	if(wbms->wr_discard) {
+		END_PROFILE(SMBwriteBs);
+		return -1; /* Just discard the packet */
+	}
 
-  CHECK_FNUM(fnum,cnum);
-  CHECK_ERROR(fnum);
+	nwritten = write_file(fsp,data,startpos,numtowrite);
 
-  /* Convert the DOS times into unix times. Ignore create
-     time as UNIX can't set this.
-     */
-  unix_times.actime = make_unix_date2(inbuf+smb_vwv3);
-  unix_times.modtime = make_unix_date2(inbuf+smb_vwv5);
+	if(lp_syncalways(SNUM(conn)) || write_through)
+		sync_file(conn,fsp);
   
-  /* Set the date on this file */
-  if(sys_utime(Files[fnum].name, &unix_times))
-    return(ERROR(ERRDOS,ERRnoaccess));
-  
-  DEBUG(3,("%s reply_setattrE fnum=%d cnum=%d\n",timestring(),fnum,cnum));
+	if (nwritten < (ssize_t)numtowrite) {
+		if(write_through) {
+			/* We are returning an error - we can delete the aux struct */
+			if (wbms)
+				free((char *)wbms);
+			fsp->wbmpx_ptr = NULL;
+			END_PROFILE(SMBwriteBs);
+			return(ERROR_DOS(ERRHRD,ERRdiskfull));
+		}
+		END_PROFILE(SMBwriteBs);
+		return(CACHE_ERROR(wbms,ERRHRD,ERRdiskfull));
+	}
 
-  return(outsize);
-}
+	/* Increment the total written, if this matches tcount
+		we can discard the auxiliary struct (hurrah !) and return a writeC */
+	wbms->wr_total_written += nwritten;
+	if(wbms->wr_total_written >= tcount) {
+		if (write_through) {
+			outsize = set_message(outbuf,1,0,True);
+			SSVAL(outbuf,smb_vwv0,wbms->wr_total_written);    
+			send_response = True;
+		}
 
+		free((char *)wbms);
+		fsp->wbmpx_ptr = NULL;
+	}
+
+	if(send_response) {
+		END_PROFILE(SMBwriteBs);
+		return(outsize);
+	}
+
+	END_PROFILE(SMBwriteBs);
+	return(-1);
+}
 
 /****************************************************************************
-  reply to a SMBgetattrE
+ Reply to a SMBgetattrE.
 ****************************************************************************/
-int reply_getattrE(char *inbuf,char *outbuf)
-{
-  int cnum,fnum;
-  struct stat sbuf;
-  int outsize = 0;
-  int mode;
 
-  outsize = set_message(outbuf,11,0,True);
+int reply_getattrE(connection_struct *conn, char *inbuf,char *outbuf, int size, int dum_buffsize)
+{
+	SMB_STRUCT_STAT sbuf;
+	int outsize = 0;
+	int mode;
+	files_struct *fsp = file_fsp(inbuf,smb_vwv0);
+	START_PROFILE(SMBgetattrE);
 
-  cnum = SVAL(inbuf,smb_tid);
-  fnum = GETFNUM(inbuf,smb_vwv0);
+	outsize = set_message(outbuf,11,0,True);
 
-  CHECK_FNUM(fnum,cnum);
-  CHECK_ERROR(fnum);
+	if(!fsp || (fsp->conn != conn)) {
+		END_PROFILE(SMBgetattrE);
+		return ERROR_DOS(ERRDOS,ERRbadfid);
+	}
 
-  /* Do an fstat on this file */
-  if(fstat(Files[fnum].fd, &sbuf))
-    return(UNIXERROR(ERRDOS,ERRnoaccess));
+	/* Do an fstat on this file */
+	if(fsp_stat(fsp, &sbuf)) {
+		END_PROFILE(SMBgetattrE);
+		return(UNIXERROR(ERRDOS,ERRnoaccess));
+	}
   
-  mode = dos_mode(cnum,Files[fnum].name,&sbuf);
+	mode = dos_mode(conn,fsp->fsp_name,&sbuf);
   
-  /* Convert the times into dos times. Set create
-     date to be last modify date as UNIX doesn't save
-     this */
-  put_dos_date2(outbuf,smb_vwv0,sbuf.st_mtime);
-  put_dos_date2(outbuf,smb_vwv2,sbuf.st_atime);
-  put_dos_date2(outbuf,smb_vwv4,sbuf.st_mtime);
-  if (mode & aDIR)
-    {
-      SIVAL(outbuf,smb_vwv6,0);
-      SIVAL(outbuf,smb_vwv8,0);
-    }
-  else
-    {
-      SIVAL(outbuf,smb_vwv6,sbuf.st_size);
-      SIVAL(outbuf,smb_vwv8,ROUNDUP(sbuf.st_size,1024));
-    }
-  SSVAL(outbuf,smb_vwv10, mode);
+	/*
+	 * Convert the times into dos times. Set create
+	 * date to be last modify date as UNIX doesn't save
+	 * this.
+	 */
+
+	put_dos_date2(outbuf,smb_vwv0,get_create_time(&sbuf,lp_fake_dir_create_times(SNUM(conn))));
+	put_dos_date2(outbuf,smb_vwv2,sbuf.st_atime);
+	put_dos_date2(outbuf,smb_vwv4,sbuf.st_mtime);
+
+	if (mode & aDIR) {
+		SIVAL(outbuf,smb_vwv6,0);
+		SIVAL(outbuf,smb_vwv8,0);
+	} else {
+		SIVAL(outbuf,smb_vwv6,(uint32)sbuf.st_size);
+		SIVAL(outbuf,smb_vwv8,SMB_ROUNDUP(sbuf.st_size,1024));
+	}
+	SSVAL(outbuf,smb_vwv10, mode);
   
-  DEBUG(3,("%s reply_getattrE fnum=%d cnum=%d\n",timestring(),fnum,cnum));
+	DEBUG( 3, ( "reply_getattrE fnum=%d\n", fsp->fnum));
   
-  return(outsize);
+	END_PROFILE(SMBgetattrE);
+	return(outsize);
 }
-
-
-
-
-
diff --git a/source3/smbd/sec_ctx.c b/source3/smbd/sec_ctx.c
new file mode 100644
index 0000000000..87bf8b1744
--- /dev/null
+++ b/source3/smbd/sec_ctx.c
@@ -0,0 +1,424 @@
+/* 
+   Unix SMB/CIFS implementation.
+   uid/user handling
+   Copyright (C) Tim Potter 2000
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+extern struct current_user current_user;
+
+struct sec_ctx {
+	uid_t uid;
+	uid_t gid;
+	int ngroups;
+	gid_t *groups;
+	NT_USER_TOKEN *token;
+};
+
+/* A stack of security contexts.  We include the current context as being
+   the first one, so there is room for another MAX_SEC_CTX_DEPTH more. */
+
+static struct sec_ctx sec_ctx_stack[MAX_SEC_CTX_DEPTH + 1];
+static int sec_ctx_stack_ndx;
+
+/****************************************************************************
+ Become the specified uid.
+****************************************************************************/
+
+static BOOL become_uid(uid_t uid)
+{
+	/* Check for dodgy uid values */
+
+	if (uid == (uid_t)-1 || 
+	    ((sizeof(uid_t) == 2) && (uid == (uid_t)65535))) {
+		static int done;
+ 
+		if (!done) {
+			DEBUG(1,("WARNING: using uid %d is a security risk\n",
+				 (int)uid));
+			done = 1;
+		}
+	}
+
+	/* Set effective user id */
+
+	set_effective_uid(uid);
+
+	DO_PROFILE_INC(uid_changes);
+	return True;
+}
+
+/****************************************************************************
+ Become the specified gid.
+****************************************************************************/
+
+static BOOL become_gid(gid_t gid)
+{
+	/* Check for dodgy gid values */
+
+	if (gid == (gid_t)-1 || ((sizeof(gid_t) == 2) && 
+				 (gid == (gid_t)65535))) {
+		static int done;
+		
+		if (!done) {
+			DEBUG(1,("WARNING: using gid %d is a security risk\n",
+				 (int)gid));  
+			done = 1;
+		}
+	}
+  
+	/* Set effective group id */
+
+	set_effective_gid(gid);
+	return True;
+}
+
+/****************************************************************************
+ Become the specified uid and gid.
+****************************************************************************/
+
+static BOOL become_id(uid_t uid, gid_t gid)
+{
+	return become_gid(gid) && become_uid(uid);
+}
+
+/****************************************************************************
+ Drop back to root privileges in order to change to another user.
+****************************************************************************/
+
+static void gain_root(void)
+{
+	if (non_root_mode()) {
+		return;
+	}
+
+	if (geteuid() != 0) {
+		set_effective_uid(0);
+
+		if (geteuid() != 0) {
+			DEBUG(0,
+			      ("Warning: You appear to have a trapdoor "
+			       "uid system\n"));
+		}
+	}
+
+	if (getegid() != 0) {
+		set_effective_gid(0);
+
+		if (getegid() != 0) {
+			DEBUG(0,
+			      ("Warning: You appear to have a trapdoor "
+			       "gid system\n"));
+		}
+	}
+}
+
+/****************************************************************************
+ Get the list of current groups.
+****************************************************************************/
+
+int get_current_groups(int *p_ngroups, gid_t **p_groups)
+{
+	int i;
+	gid_t grp;
+	int ngroups = sys_getgroups(0,&grp);
+	gid_t *groups;
+
+	(*p_ngroups) = 0;
+	(*p_groups) = NULL;
+
+	if (ngroups <= 0)
+		return -1;
+
+	if((groups = (gid_t *)malloc(sizeof(gid_t)*ngroups)) == NULL) {
+		DEBUG(0,("setup_groups malloc fail !\n"));
+		return -1;
+	}
+
+	if ((ngroups = sys_getgroups(ngroups,groups)) == -1) {
+		SAFE_FREE(groups);
+		return -1;
+	}
+
+	(*p_ngroups) = ngroups;
+	(*p_groups) = groups;
+
+	DEBUG( 3, ( "get_current_groups: user is in %u groups: ", ngroups));
+	for (i = 0; i < ngroups; i++ ) {
+		DEBUG( 3, ( "%s%d", (i ? ", " : ""), (int)groups[i] ) );
+	}
+	DEBUG( 3, ( "\n" ) );
+
+    return ngroups;
+}
+
+/****************************************************************************
+ Initialize the groups a user belongs to.
+****************************************************************************/
+
+BOOL initialise_groups(char *user, uid_t uid, gid_t gid)
+{
+	struct sec_ctx *prev_ctx_p;
+	BOOL result = True;
+
+	if (non_root_mode()) {
+		return True;
+	}
+
+	become_root();
+
+	/* Call initgroups() to get user groups */
+
+	if (initgroups(user,gid) == -1) {
+		DEBUG(0,("Unable to initgroups. Error was %s\n", strerror(errno) ));
+		if (getuid() == 0) {
+			if (gid < 0 || gid > 32767 || uid < 0 || uid > 32767) {
+				DEBUG(0,("This is probably a problem with the account %s\n", user));
+			}
+		}
+		result = False;
+		goto done;
+	}
+
+	/* Store groups in previous user's security context.  This will
+	   always work as the become_root() call increments the stack
+	   pointer. */
+
+	prev_ctx_p = &sec_ctx_stack[sec_ctx_stack_ndx - 1];
+
+	SAFE_FREE(prev_ctx_p->groups);
+	prev_ctx_p->ngroups = 0;
+
+	get_current_groups(&prev_ctx_p->ngroups, &prev_ctx_p->groups);
+
+ done:
+	unbecome_root();
+
+	return result;
+}
+
+/****************************************************************************
+ Create a new security context on the stack.  It is the same as the old
+ one.  User changes are done using the set_sec_ctx() function.
+****************************************************************************/
+
+BOOL push_sec_ctx(void)
+{
+	struct sec_ctx *ctx_p;
+
+	/* Check we don't overflow our stack */
+
+	if (sec_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
+		DEBUG(0, ("Security context stack overflow!\n"));
+		smb_panic("Security context stack overflow!\n");
+	}
+
+	/* Store previous user context */
+
+	sec_ctx_stack_ndx++;
+
+	ctx_p = &sec_ctx_stack[sec_ctx_stack_ndx];
+
+	ctx_p->uid = geteuid();
+	ctx_p->gid = getegid();
+
+ 	DEBUG(3, ("push_sec_ctx(%u, %u) : sec_ctx_stack_ndx = %d\n", 
+ 		  (unsigned int)ctx_p->uid, (unsigned int)ctx_p->gid, sec_ctx_stack_ndx ));
+
+	ctx_p->token = dup_nt_token(sec_ctx_stack[sec_ctx_stack_ndx-1].token);
+
+	ctx_p->ngroups = sys_getgroups(0, NULL);
+
+	if (ctx_p->ngroups != 0) {
+		if (!(ctx_p->groups = malloc(ctx_p->ngroups * sizeof(gid_t)))) {
+			DEBUG(0, ("Out of memory in push_sec_ctx()\n"));
+			delete_nt_token(&ctx_p->token);
+			return False;
+		}
+
+		sys_getgroups(ctx_p->ngroups, ctx_p->groups);
+	} else {
+		ctx_p->groups = NULL;
+	}
+
+	return True;
+}
+
+/****************************************************************************
+ Set the current security context to a given user.
+****************************************************************************/
+
+void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN *token)
+{
+	struct sec_ctx *ctx_p = &sec_ctx_stack[sec_ctx_stack_ndx];
+	
+	/* Set the security context */
+
+	DEBUG(3, ("setting sec ctx (%u, %u) - sec_ctx_stack_ndx = %d\n", 
+		(unsigned int)uid, (unsigned int)gid, sec_ctx_stack_ndx));
+
+	if (ngroups) {
+		int i;
+
+		DEBUG(3, ("%d user groups: \n", ngroups));
+		for (i = 0; i < ngroups; i++) {
+			DEBUGADD(3, ("%u ", (unsigned int)groups[i]));
+		}
+
+		DEBUG(3, ("\n"));
+	}
+	
+
+	gain_root();
+
+#ifdef HAVE_SETGROUPS
+	sys_setgroups(ngroups, groups);
+#endif
+
+	ctx_p->ngroups = ngroups;
+
+	SAFE_FREE(ctx_p->groups);
+	if (token && (token == ctx_p->token))
+		smb_panic("DUPLICATE_TOKEN");
+
+	delete_nt_token(&ctx_p->token);
+	
+	ctx_p->groups = memdup(groups, sizeof(gid_t) * ngroups);
+	ctx_p->token = dup_nt_token(token);
+
+	become_id(uid, gid);
+
+	ctx_p->uid = uid;
+	ctx_p->gid = gid;
+
+	/* Update current_user stuff */
+
+	current_user.uid = uid;
+	current_user.gid = gid;
+	current_user.ngroups = ngroups;
+	current_user.groups = groups;
+	current_user.nt_user_token = ctx_p->token;
+}
+
+/****************************************************************************
+ Become root context.
+****************************************************************************/
+
+void set_root_sec_ctx(void)
+{
+	/* May need to worry about supplementary groups at some stage */
+
+	set_sec_ctx(0, 0, 0, NULL, NULL);
+}
+
+/****************************************************************************
+ Pop a security context from the stack.
+****************************************************************************/
+
+BOOL pop_sec_ctx(void)
+{
+	struct sec_ctx *ctx_p;
+	struct sec_ctx *prev_ctx_p;
+
+	/* Check for stack underflow */
+
+	if (sec_ctx_stack_ndx == 0) {
+		DEBUG(0, ("Security context stack underflow!\n"));
+		smb_panic("Security context stack underflow!\n");
+	}
+
+	ctx_p = &sec_ctx_stack[sec_ctx_stack_ndx];
+
+	/* Clear previous user info */
+
+	ctx_p->uid = (uid_t)-1;
+	ctx_p->gid = (gid_t)-1;
+
+	SAFE_FREE(ctx_p->groups);
+	ctx_p->ngroups = 0;
+
+	delete_nt_token(&ctx_p->token);
+
+	/* Pop back previous user */
+
+	sec_ctx_stack_ndx--;
+
+	gain_root();
+
+	prev_ctx_p = &sec_ctx_stack[sec_ctx_stack_ndx];
+
+#ifdef HAVE_SETGROUPS
+	sys_setgroups(prev_ctx_p->ngroups, prev_ctx_p->groups);
+#endif
+
+	become_id(prev_ctx_p->uid, prev_ctx_p->gid);
+
+	/* Update current_user stuff */
+
+	current_user.uid = prev_ctx_p->uid;
+	current_user.gid = prev_ctx_p->gid;
+	current_user.ngroups = prev_ctx_p->ngroups;
+	current_user.groups = prev_ctx_p->groups;
+	current_user.nt_user_token = prev_ctx_p->token;
+
+	DEBUG(3, ("pop_sec_ctx (%u, %u) - sec_ctx_stack_ndx = %d\n", 
+		(unsigned int)geteuid(), (unsigned int)getegid(), sec_ctx_stack_ndx));
+
+	return True;
+}
+
+/* Initialise the security context system */
+
+void init_sec_ctx(void)
+{
+	int i;
+	struct sec_ctx *ctx_p;
+
+	/* Initialise security context stack */
+
+	memset(sec_ctx_stack, 0, sizeof(struct sec_ctx) * MAX_SEC_CTX_DEPTH);
+
+	for (i = 0; i < MAX_SEC_CTX_DEPTH; i++) {
+		sec_ctx_stack[i].uid = (uid_t)-1;
+		sec_ctx_stack[i].gid = (gid_t)-1;
+	}
+
+	/* Initialise first level of stack.  It is the current context */
+	ctx_p = &sec_ctx_stack[0];
+
+	ctx_p->uid = geteuid();
+	ctx_p->gid = getegid();
+
+	get_current_groups(&ctx_p->ngroups, &ctx_p->groups);
+
+	ctx_p->token = NULL; /* Maps to guest user. */
+
+	/* Initialise current_user global */
+
+	current_user.uid = ctx_p->uid;
+	current_user.gid = ctx_p->gid;
+	current_user.ngroups = ctx_p->ngroups;
+	current_user.groups = ctx_p->groups;
+
+	/* The conn and vuid are usually taken care of by other modules.
+	   We initialise them here. */
+
+	current_user.conn = NULL;
+	current_user.vuid = UID_FIELD_INVALID;
+	current_user.nt_user_token = NULL;
+}
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 5d8facef33..c759f56e0c 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -1,8 +1,8 @@
 /* 
-   Unix SMB/Netbios implementation.
-   Version 1.9.
+   Unix SMB/CIFS implementation.
    Main SMB server routines
-   Copyright (C) Andrew Tridgell 1992-1995
+   Copyright (C) Andrew Tridgell		1992-1998
+   Copyright (C) Martin Pool			2002
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -20,29 +20,11 @@
 */
 
 #include "includes.h"
-#include "loadparm.h"
-#include "pcap.h"
-#include "trans2.h"
-#include "reply.h"
 
-pstring servicesf = CONFIGFILE;
-pstring OriginalDir ="/";
-extern pstring debugf;
-extern pstring sesssetup_user;
+extern fstring global_myworkgroup;
+extern pstring global_myname;
 
-char *InBuffer = NULL;
-char *OutBuffer = NULL;
-char *last_inbuf = NULL;
-
-int initial_uid = 0;
-int initial_gid = 0;
-
-BOOL share_mode_pending = False;
-
-/* have I done a become_user? */
-static struct {
-  int cnum, uid;
-} last_user;
+int am_parent = 1;
 
 /* the last message the was processed */
 int last_message = -1;
@@ -50,4251 +32,869 @@ int last_message = -1;
 /* a useful macro to debug the last message processed */
 #define LAST_MESSAGE() smb_fn_name(last_message)
 
-extern pstring scope;
-extern int DEBUGLEVEL;
-extern int case_default;
-extern BOOL case_sensitive;
-extern BOOL case_preserve;
-extern BOOL use_mangled_map;
-extern BOOL short_case_preserve;
-extern BOOL case_mangle;
-extern time_t smb_last_time;
-
 extern pstring user_socket_options;
 
-connection_struct Connections[MAX_CONNECTIONS];
-files_struct Files[MAX_OPEN_FILES];
-
-extern int Protocol;
-
-int maxxmit = BUFFER_SIZE;
-
-int chain_size = 0;
-
-/* a fnum to use when chaining */
-int chain_fnum = -1;
-
-/* number of open connections */
-static int num_connections_open = 0;
+#ifdef WITH_DFS
+extern int dcelogin_atmost_once;
+#endif /* WITH_DFS */
 
 extern fstring remote_machine;
 
+/* really we should have a top level context structure that has the
+   client file descriptor as an element. That would require a major rewrite :(
 
-/* these can be set by some functions to override the error codes */
-int unix_ERR_class=SUCCESS;
-int unix_ERR_code=0;
-
-
-extern int extra_time_offset;
+   the following 2 functions are an alternative - they make the file
+   descriptor private to smbd
+ */
+static int server_fd = -1;
 
-extern pstring myhostname;
-extern struct in_addr myip;
-
-
-static int find_free_connection(int hash);
-
-#ifdef SMB_PASSWD
-extern void generate_next_challenge(char *challenge);
-extern void set_challenge(char *challenge);
-#endif
-
-/* for readability... */
-#define IS_DOS_READONLY(test_mode) (((test_mode) & aRONLY) != 0)
-#define IS_DOS_DIR(test_mode) (((test_mode) & aDIR) != 0)
-#define IS_DOS_ARCHIVE(test_mode) (((test_mode) & aARCH) != 0)
-#define IS_DOS_SYSTEM(test_mode) (((test_mode) & aSYSTEM) != 0)
-#define IS_DOS_HIDDEN(test_mode) (((test_mode) & aHIDDEN) != 0)
-
-
-
-/****************************************************************************
-  change a dos mode to a unix mode
-    base permission for files:
-         everybody gets read bit set
-         dos readonly is represented in unix by removing everyone's write bit
-         dos archive is represented in unix by the user's execute bit
-         dos system is represented in unix by the group's execute bit
-         dos hidden is represented in unix by the other's execute bit
-    base permission for directories:
-         dos directory is represented in unix by unix's dir bit and the exec bit
-****************************************************************************/
-mode_t unix_mode(int cnum,int dosmode)
+int smbd_server_fd(void)
 {
-  mode_t result = (S_IRUSR | S_IRGRP | S_IROTH);
-
-  if ( !IS_DOS_READONLY(dosmode) )
-    result |= (S_IWUSR | S_IWGRP | S_IWOTH);
- 
-  if (IS_DOS_DIR(dosmode))
-    result |= (S_IFDIR | S_IXUSR | S_IXGRP | S_IXOTH | S_IWUSR);
- 
-  if (MAP_ARCHIVE(cnum) && IS_DOS_ARCHIVE(dosmode))
-    result |= S_IXUSR;
-
-  if (MAP_SYSTEM(cnum) && IS_DOS_SYSTEM(dosmode))
-    result |= S_IXGRP;
- 
-  if (MAP_HIDDEN(cnum) && IS_DOS_HIDDEN(dosmode))
-    result |= S_IXOTH;  
- 
-  result &= CREATE_MODE(cnum);
-  return(result);
+	return server_fd;
 }
 
+void smbd_set_server_fd(int fd)
+{
+	server_fd = fd;
+	client_setfd(fd);
+}
 
 /****************************************************************************
-  change a unix mode to a dos mode
+ Terminate signal.
 ****************************************************************************/
-int dos_mode(int cnum,char *path,struct stat *sbuf)
-{
-  int result = 0;
-
-#if OLD_DOS_MODE
-  if (!CAN_WRITE(cnum) || !((sbuf->st_mode & S_IWOTH) ||
-			    Connections[cnum].admin_user ||
-			    ((sbuf->st_mode & S_IWUSR) && 
-			     Connections[cnum].uid==sbuf->st_uid) ||
-			    ((sbuf->st_mode & S_IWGRP) && 
-			     in_group(sbuf->st_gid,Connections[cnum].gid,
-				      Connections[cnum].ngroups,
-				      Connections[cnum].igroups))))
-    result |= aRONLY;
-#else
-  if (CAN_WRITE(cnum) && !lp_alternate_permissions(SNUM(cnum))) {
-    if (!((sbuf->st_mode & S_IWOTH) ||
-	  Connections[cnum].admin_user ||
-	  ((sbuf->st_mode & S_IWUSR) && Connections[cnum].uid==sbuf->st_uid) ||
-	  ((sbuf->st_mode & S_IWGRP) && 
-	   in_group(sbuf->st_gid,Connections[cnum].gid,
-		    Connections[cnum].ngroups,Connections[cnum].igroups))))
-      result |= aRONLY;
-  } else {
-    if ((sbuf->st_mode & S_IWUSR) == 0)
-      result |= aRONLY;
-  }
-#endif
 
-  if ((sbuf->st_mode & S_IXUSR) != 0)
-    result |= aARCH;
+VOLATILE sig_atomic_t got_sig_term = 0;
 
-  if (MAP_SYSTEM(cnum) && ((sbuf->st_mode & S_IXGRP) != 0))
-    result |= aSYSTEM;
-
-  if (MAP_HIDDEN(cnum) && ((sbuf->st_mode & S_IXOTH) != 0))
-    result |= aHIDDEN;   
-  
-  if (S_ISDIR(sbuf->st_mode))
-    result = aDIR | (result & aRONLY);
-
-#if LINKS_READ_ONLY
-  if (S_ISLNK(sbuf->st_mode) && S_ISDIR(sbuf->st_mode))
-    result |= aRONLY;
-#endif
-
-  /* hide files with a name starting with a . */
-  if (lp_hide_dot_files(SNUM(cnum)))
-    {
-      char *p = strrchr(path,'/');
-      if (p)
-	p++;
-      else
-	p = path;
-      
-      if (p[0] == '.' && p[1] != '.' && p[1] != 0)
-	result |= aHIDDEN;
-    }
-
-  return(result);
-}
-
-
-/*******************************************************************
-chmod a file - but preserve some bits
-********************************************************************/
-int dos_chmod(int cnum,char *fname,int dosmode,struct stat *st)
+static void sig_term(void)
 {
-  struct stat st1;
-  int mask=0;
-  int tmp;
-  int unixmode;
-
-  if (!st) {
-    st = &st1;
-    if (sys_stat(fname,st)) return(-1);
-  }
-
-  if (S_ISDIR(st->st_mode)) dosmode |= aDIR;
-
-  if (dos_mode(cnum,fname,st) == dosmode) return(0);
-
-  unixmode = unix_mode(cnum,dosmode);
-
-  /* preserve the s bits */
-  mask |= (S_ISUID | S_ISGID);
-
-  /* preserve the t bit */
-#ifdef S_ISVTX
-  mask |= S_ISVTX;
-#endif
-
-  /* possibly preserve the x bits */
-  if (!MAP_ARCHIVE(cnum)) mask |= S_IXUSR;
-  if (!MAP_SYSTEM(cnum)) mask |= S_IXGRP;
-  if (!MAP_HIDDEN(cnum)) mask |= S_IXOTH;
-
-  unixmode |= (st->st_mode & mask);
-
-  /* if we previously had any r bits set then leave them alone */
-  if ((tmp = st->st_mode & (S_IRUSR|S_IRGRP|S_IROTH))) {
-    unixmode &= ~(S_IRUSR|S_IRGRP|S_IROTH);
-    unixmode |= tmp;
-  }
-
-  /* if we previously had any w bits set then leave them alone 
-   if the new mode is not rdonly */
-  if (!IS_DOS_READONLY(dosmode) &&
-      (tmp = st->st_mode & (S_IWUSR|S_IWGRP|S_IWOTH))) {
-    unixmode &= ~(S_IWUSR|S_IWGRP|S_IWOTH);
-    unixmode |= tmp;
-  }
-    
-  return(chmod(fname,unixmode));
+	got_sig_term = 1;
+	sys_select_signal();
 }
 
-
 /****************************************************************************
-check if two filenames are equal
-
-this needs to be careful about whether we are case sensitive
+ Catch a sighup.
 ****************************************************************************/
-static BOOL fname_equal(char *name1, char *name2)
-{
-  int l1 = strlen(name1);
-  int l2 = strlen(name2);
-
-  /* handle filenames ending in a single dot */
-  if (l1-l2 == 1 && name1[l1-1] == '.' && lp_strip_dot())
-    {
-      BOOL ret;
-      name1[l1-1] = 0;
-      ret = fname_equal(name1,name2);
-      name1[l1-1] = '.';
-      return(ret);
-    }
-
-  if (l2-l1 == 1 && name2[l2-1] == '.' && lp_strip_dot())
-    {
-      BOOL ret;
-      name2[l2-1] = 0;
-      ret = fname_equal(name1,name2);
-      name2[l2-1] = '.';
-      return(ret);
-    }
-
-  /* now normal filename handling */
-  if (case_sensitive)
-    return(strcmp(name1,name2) == 0);
-
-  return(strequal(name1,name2));
-}
 
+VOLATILE sig_atomic_t reload_after_sighup = 0;
 
-/****************************************************************************
-mangle the 2nd name and check if it is then equal to the first name
-****************************************************************************/
-static BOOL mangled_equal(char *name1, char *name2)
+static void sig_hup(int sig)
 {
-  pstring tmpname;
-
-  if (is_8_3(name2))
-    return(False);
-
-  strcpy(tmpname,name2);
-  mangle_name_83(tmpname);
-
-  return(strequal(name1,tmpname));
+	reload_after_sighup = 1;
+	sys_select_signal();
 }
 
-
 /****************************************************************************
-scan a directory to find a filename, matching without case sensitivity
+  Send a SIGTERM to our process group.
+*****************************************************************************/
 
-If the name looks like a mangled name then try via the mangling functions
-****************************************************************************/
-static BOOL scan_directory(char *path, char *name,int snum,BOOL docache)
+static void  killkids(void)
 {
-  void *cur_dir;
-  char *dname;
-  BOOL mangled;
-  fstring name2;
-
-  mangled = is_mangled(name);
-
-  /* handle null paths */
-  if (*path == 0)
-    path = ".";
-
-  if (docache && (dname = DirCacheCheck(path,name,snum))) {
-    strcpy(name, dname);	
-    return(True);
-  }      
-
-  if (mangled)
-    check_mangled_stack(name);
-
-  /* open the directory */
-  if (!(cur_dir = OpenDir(path))) 
-    {
-      DEBUG(3,("scan dir didn't open dir [%s]\n",path));
-      return(False);
-    }
-
-  /* now scan for matching names */
-  while ((dname = ReadDirName(cur_dir))) 
-    {
-      if (*dname == '.' &&
-	  (strequal(dname,".") || strequal(dname,"..")))
-	continue;
-
-      strcpy(name2,dname);
-      if (!name_map_mangle(name2,False,snum)) continue;
-
-      if ((mangled && mangled_equal(name,name2))
-	  || fname_equal(name, name2))
-	{
-	  /* we've found the file, change it's name and return */
-	  if (docache) DirCacheAdd(path,name,dname,snum);
-	  strcpy(name, dname);
-	  CloseDir(cur_dir);
-	  return(True);
-	}
-    }
-
-  CloseDir(cur_dir);
-  return(False);
+	if(am_parent) kill(0,SIGTERM);
 }
 
 /****************************************************************************
-This routine is called to convert names from the dos namespace to unix
-namespace. It needs to handle any case conversions, mangling, format
-changes etc.
-
-We assume that we have already done a chdir() to the right "root" directory
-for this service.
-
-The function will return False if some part of the name except for the last
-part cannot be resolved
+ Process a sam sync message - not sure whether to do this here or
+ somewhere else.
 ****************************************************************************/
-BOOL unix_convert(char *name,int cnum)
-{
-  struct stat st;
-  char *start, *end;
-  pstring dirpath;
-
-  *dirpath = 0;
-
-  /* convert to basic unix format - removing \ chars and cleaning it up */
-  unix_format(name);
-  unix_clean_name(name);
-
-  if (!case_sensitive && 
-      (!case_preserve || (is_8_3(name) && !short_case_preserve)))
-    strnorm(name);
-
-  /* names must be relative to the root of the service - trim any leading /.
-   also trim trailing /'s */
-  trim_string(name,"/","/");
-
-  /* check if it's a printer file */
-  if (Connections[cnum].printer)
-    {
-      if ((! *name) || strchr(name,'/') || !is_8_3(name))
-	{
-	  fstring name2;
-	  sprintf(name2,"%.6s.XXXXXX",remote_machine);
-	  strcpy(name,(char *)mktemp(name2));	  
-	}      
-      return(True);
-    }
-
-  /* stat the name - if it exists then we are all done! */
-  if (sys_stat(name,&st) == 0)
-    return(True);
-
-  DEBUG(5,("unix_convert(%s,%d)\n",name,cnum));
-
-  /* a special case - if we don't have any mangling chars and are case
-     sensitive then searching won't help */
-  if (case_sensitive && !is_mangled(name) && 
-      !lp_strip_dot() && !use_mangled_map)
-    return(False);
-
-  /* now we need to recursively match the name against the real 
-     directory structure */
-
-  start = name;
-  while (strncmp(start,"./",2) == 0)
-    start += 2;
-
-  /* now match each part of the path name separately, trying the names
-     as is first, then trying to scan the directory for matching names */
-  for (;start;start = (end?end+1:(char *)NULL)) 
-    {
-      /* pinpoint the end of this section of the filename */
-      end = strchr(start, '/');
-
-      /* chop the name at this point */
-      if (end) *end = 0;
-
-      /* check if the name exists up to this point */
-      if (sys_stat(name, &st) == 0) 
-	{
-	  /* it exists. it must either be a directory or this must be
-	     the last part of the path for it to be OK */
-	  if (end && !(st.st_mode & S_IFDIR)) 
-	    {
-	      /* an intermediate part of the name isn't a directory */
-	      DEBUG(5,("Not a dir %s\n",start));
-	      *end = '/';
-	      return(False);
-	    }
-	}
-      else 
-	{
-	  pstring rest;
-
-	  *rest = 0;
-
-	  /* remember the rest of the pathname so it can be restored
-	     later */
-	  if (end) strcpy(rest,end+1);
-
-
-	  /* try to find this part of the path in the directory */
-	  if (strchr(start,'?') || strchr(start,'*') ||
-	      !scan_directory(dirpath, start, SNUM(cnum), end?True:False))
-	    {
-	      if (end) 
-		{
-		  /* an intermediate part of the name can't be found */
-		  DEBUG(5,("Intermediate not found %s\n",start));
-		  *end = '/';
-		  return(False);
-		}
-	      
-	      /* just the last part of the name doesn't exist */
-	      /* we may need to strupper() or strlower() it in case
-		 this conversion is being used for file creation 
-		 purposes */
-	      /* if the filename is of mixed case then don't normalise it */
-	      if (!case_preserve && 
-		  (!strhasupper(start) || !strhaslower(start)))		
-		strnorm(start);
-
-	      /* check on the mangled stack to see if we can recover the 
-		 base of the filename */
-	      if (is_mangled(start))
-		check_mangled_stack(start);
-
-	      DEBUG(5,("New file %s\n",start));
-	      return(True); 
-	    }
-
-	  /* restore the rest of the string */
-	  if (end) 
-	    {
-	      strcpy(start+strlen(start)+1,rest);
-	      end = start + strlen(start);
-	    }
-	}
 
-      /* add to the dirpath that we have resolved so far */
-      if (*dirpath) strcat(dirpath,"/");
-      strcat(dirpath,start);
-
-      /* restore the / that we wiped out earlier */
-      if (end) *end = '/';
-    }
-  
-  /* the name has been resolved */
-  DEBUG(5,("conversion finished %s\n",name));
-  return(True);
-}
-
-
-
-
-#ifdef QUOTAS
-#ifdef LINUX
-/****************************************************************************
-try to get the disk space from disk quotas (LINUX version)
-****************************************************************************/
-/*
-If you didn't make the symlink to the quota package, too bad :(
-*/
-#include "quota/quotactl.c"
-#include "quota/hasquota.c"
-static BOOL disk_quotas(char *path, int *bsize, int *dfree, int *dsize)
+static void msg_sam_sync(int UNUSED(msg_type), pid_t UNUSED(pid),
+			 void *UNUSED(buf), size_t UNUSED(len))
 {
-  uid_t euser_id;
-  struct dqblk D;
-  struct stat S;
-  dev_t devno ;
-  struct mntent *mnt;
-  FILE *fp;
-  int found ;
-  int qcmd, fd ;
-  char *qfpathname;
-  
-  /* find the block device file */
-  
-  if ( stat(path, &S) == -1 )
-    return(False) ;
-
-  devno = S.st_dev ;
-  
-  fp = setmntent(MOUNTED,"r");
-  found = False ;
-  
-  while ((mnt = getmntent(fp)) != (struct mntent *) 0) {
-    if ( stat(mnt->mnt_dir,&S) == -1 )
-      continue ;
-    if (S.st_dev == devno) {
-      found = True ;
-      break ;
-    }
-  }
-  endmntent(fp) ;
-  
-  if ( ! found )
-    return(False) ;
-  
-  qcmd = QCMD(Q_GETQUOTA, USRQUOTA);
-  
-  if (hasmntopt(mnt, MNTOPT_NOAUTO) || hasmntopt(mnt, MNTOPT_NOQUOTA))
-    return(False) ;
-  
-  if (!hasquota(mnt, USRQUOTA, &qfpathname))
-    return(False) ;
-  
-  euser_id = geteuid();
-  seteuid(0);
-  
-  if (quotactl(qcmd, mnt->mnt_fsname, euser_id, (caddr_t)&D) != 0) {
-    if ((fd = open(qfpathname, O_RDONLY)) < 0) {
-      seteuid(euser_id);
-      return(False);
-    }
-    lseek(fd, (long) dqoff(euser_id), L_SET);
-    switch (read(fd, &D, sizeof(struct dqblk))) {
-    case 0:/* EOF */
-      memset((caddr_t)&D, 0, sizeof(struct dqblk));
-      break;
-    case sizeof(struct dqblk):   /* OK */
-      break;
-    default:   /* ERROR */
-      close(fd);
-      seteuid(euser_id);
-      return(False);
-    }
-  }
-  seteuid(euser_id);
-  *bsize=1024;
-
-  if (D.dqb_bsoftlimit==0)
-    return(False);
-  if ((D.dqb_curblocks>D.dqb_bsoftlimit)||(D.dqb_curinodes>D.dqb_isoftlimit))
-    {
-      *dfree = 0;
-      *dsize = D.dqb_curblocks;
-    }
-  else {
-    *dfree = D.dqb_bsoftlimit - D.dqb_curblocks;
-    *dsize = D.dqb_bsoftlimit;
-  }
-  return (True);
+        DEBUG(10, ("** sam sync message received, ignoring\n"));
 }
-#else
-#ifndef CRAY
-/****************************************************************************
-try to get the disk space from disk quotas
-****************************************************************************/
-static BOOL disk_quotas(char *path, int *bsize, int *dfree, int *dsize)
-{
-  uid_t user_id, euser_id;
-  int r;
-  char dev_disk[256];
-  struct dqblk D;
-  struct stat S;
-  /* find the block device file */
-  if ((stat(path, &S)<0) ||
-      (devnm(S_IFBLK, S.st_dev, dev_disk, 256, 0)<0)) return (False);
-
-  euser_id = geteuid();
-
-#ifdef USE_SETRES
-  /* for HPUX, real uid must be same as euid to execute quotactl for euid */
-  user_id = getuid();
-  setresuid(euser_id,-1,-1);
-#endif
-  r=quotactl(Q_GETQUOTA, dev_disk, euser_id, &D);
-  #ifdef USE_SETRES
-  if (setresuid(user_id,-1,-1))
-    DEBUG(5,("Unable to reset uid to %d\n", user_id));
-  #endif
-  /* Use softlimit to determine disk space, except when it has been exceeded */
-  *bsize = 1024;
-  if (r)
-    {
-      if (errno == EDQUOT) 
-	{
- 	  *dfree =0;
- 	  *dsize =D.dqb_curblocks;
- 	  return (True);
-	}
-      else return(False);
-    }
-  /* Use softlimit to determine disk space, except when it has been exceeded */
-  if ((D.dqb_curblocks>D.dqb_bsoftlimit)||(D.dqb_curfiles>D.dqb_fsoftlimit)) 
-    {
-      *dfree = 0;
-      *dsize = D.dqb_curblocks;
-    }
-  else {
-    *dfree = D.dqb_bsoftlimit - D.dqb_curblocks;
-    *dsize = D.dqb_bsoftlimit;
-  }
-  return (True);
-}
-#else
-/****************************************************************************
-try to get the disk space from disk quotas (CRAY VERSION)
-****************************************************************************/
-static BOOL disk_quotas(char *path, int *bsize, int *dfree, int *dsize)
-{
-  struct mntent *mnt;
-  FILE *fd;
-  struct stat sbuf;
-  dev_t devno ;
-  static dev_t devno_cached = 0 ;
-  static char name[MNTMAXSTR] ;
-  struct q_request request ;
-  struct qf_header header ;
-  static int quota_default = 0 ;
-  int found ;
-  
-  if ( stat(path,&sbuf) == -1 )
-    return(False) ;
-  
-  devno = sbuf.st_dev ;
-  
-  if ( devno != devno_cached ) {
-    
-    devno_cached = devno ;
-    
-    if ((fd = setmntent(KMTAB)) == NULL)
-      return(False) ;
-    
-    found = False ;
-    
-    while ((mnt = getmntent(fd)) != NULL) {
-      
-      if ( stat(mnt->mnt_dir,&sbuf) == -1 )
-	continue ;
-      
-      if (sbuf.st_dev == devno) {
-	
-	found = True ;
-	break ;
-	
-      }
-      
-    }
-    
-    strcpy(name,mnt->mnt_dir) ;
-    endmntent(fd) ;
-    
-    if ( ! found )
-      return(False) ;
-  }
-  
-  request.qf_magic = QF_MAGIC ;
-  request.qf_entry.id = geteuid() ;
-  
-  if (quotactl(name, Q_GETQUOTA, &request) == -1)
-    return(False) ;
-  
-  if ( ! request.user )
-    return(False) ;
-  
-  if ( request.qf_entry.user_q.f_quota == QFV_DEFAULT ) {
-    
-    if ( ! quota_default ) {
-      
-      if ( quotactl(name, Q_GETHEADER, &header) == -1 )
-	return(False) ;
-      else
-	quota_default = header.user_h.def_fq ;
-    }
-    
-    *dfree = quota_default ;
-    
-  }else if ( request.qf_entry.user_q.f_quota == QFV_PREVENT ) {
-    
-    *dfree = 0 ;
-    
-  }else{
-    
-    *dfree = request.qf_entry.user_q.f_quota ;
-    
-  }
-  
-  *dsize = request.qf_entry.user_q.f_use ;
-  
-  if ( *dfree )
-    *dfree -= *dsize ;
-  
-  if ( *dfree < 0 )
-    *dfree = 0 ;
-  
-  *bsize = 4096 ;  /* Cray blocksize */
-  
-  return(True) ;
-  
-}
-#endif /* CRAY */
-#endif /* LINUX */
-#endif /* QUOTAS */
-
 
 /****************************************************************************
-normalise for DOS usage 
+ Process a sam sync replicate message - not sure whether to do this here or
+ somewhere else.
 ****************************************************************************/
-static void disk_norm(int *bsize,int *dfree,int *dsize)
-{
-  /* check if the disk is beyond the max disk size */
-  int maxdisksize = lp_maxdisksize();
-  if (maxdisksize) {
-    /* convert to blocks - and don't overflow */
-    maxdisksize = ((maxdisksize*1024)/(*bsize))*1024;
-    if (*dsize > maxdisksize) *dsize = maxdisksize;
-    if (*dfree > maxdisksize) *dfree = maxdisksize-1; /* the -1 should stop 
-							 applications getting 
-							 div by 0 errors */
-  }  
-
-  while (*dfree > WORDMAX || *dsize > WORDMAX || *bsize < 512) 
-    {
-      *dfree /= 2;
-      *dsize /= 2;
-      *bsize *= 2;
-      if (*bsize > WORDMAX )
-	{
-	  *bsize = WORDMAX;
-	  if (*dsize > WORDMAX)
-	    *dsize = WORDMAX;
-	  if (*dfree >  WORDMAX)
-	    *dfree = WORDMAX;
-	  break;
-	}
-    }
-}
 
-/****************************************************************************
-  return number of 1K blocks available on a path and total number 
-****************************************************************************/
-int disk_free(char *path,int *bsize,int *dfree,int *dsize)
+static void msg_sam_repl(int msg_type, pid_t pid, void *buf, size_t len)
 {
-  char *df_command = lp_dfree_command();
-#ifndef NO_STATFS
-#ifdef USE_STATVFS
-  struct statvfs fs;
-#else
-#ifdef ULTRIX
-  struct fs_data fs;
-#else
-  struct statfs fs;
-#endif
-#endif
-#endif
-
-#ifdef QUOTAS
-  if (disk_quotas(path, bsize, dfree, dsize))
-    {
-      disk_norm(bsize,dfree,dsize);
-      return(((*bsize)/1024)*(*dfree));
-    }
-#endif
-
+        uint32 low_serial;
 
-  /* possibly use system() to get the result */
-  if (df_command && *df_command)
-    {
-      int ret;
-      pstring syscmd;
-      pstring outfile;
-	  
-      sprintf(outfile,"/tmp/dfree.smb.%d",(int)getpid());
-      sprintf(syscmd,"%s %s",df_command,path);
-      standard_sub_basic(syscmd);
-
-      ret = smbrun(syscmd,outfile);
-      DEBUG(3,("Running the command `%s' gave %d\n",syscmd,ret));
-	  
-      {
-	FILE *f = fopen(outfile,"r");	
-	*dsize = 0;
-	*dfree = 0;
-	*bsize = 1024;
-	if (f)
-	  {
-	    fscanf(f,"%d %d %d",dsize,dfree,bsize);
-	    fclose(f);
-	  }
-	else
-	  DEBUG(0,("Can't open %s\n",outfile));
-      }
-	  
-      unlink(outfile);
-      disk_norm(bsize,dfree,dsize);
-      return(((*bsize)/1024)*(*dfree));
-    }
-
-#ifdef NO_STATFS
-  DEBUG(1,("Warning - no statfs function\n"));
-  return(1);
-#else
-#ifdef STATFS4
-  if (statfs(path,&fs,sizeof(fs),0) != 0)
-#else
-#ifdef USE_STATVFS
-    if (statvfs(path, &fs))
-#else
-#ifdef STATFS3
-      if (statfs(path,&fs,sizeof(fs)) == -1)	 
-#else
-	if (statfs(path,&fs) == -1)
-#endif /* STATFS3 */
-#endif /* USE_STATVFS */
-#endif /* STATFS4 */
-	  {
-	    DEBUG(3,("dfree call failed code errno=%d\n",errno));
-	    *bsize = 1024;
-	    *dfree = 1;
-	    *dsize = 1;
-	    return(((*bsize)/1024)*(*dfree));
-	  }
-
-#ifdef ULTRIX
-  *bsize = 1024;
-  *dfree = fs.fd_req.bfree;
-  *dsize = fs.fd_req.btot;
-#else
-#ifdef USE_STATVFS
-  *bsize = fs.f_frsize;
-#else
-#ifdef USE_F_FSIZE
-  /* eg: osf1 has f_fsize = fundamental filesystem block size, 
-     f_bsize = optimal transfer block size (MX: 94-04-19) */
-  *bsize = fs.f_fsize;
-#else
-  *bsize = fs.f_bsize;
-#endif /* STATFS3 */
-#endif /* USE_STATVFS */
-
-#ifdef STATFS4
-  *dfree = fs.f_bfree;
-#else
-  *dfree = fs.f_bavail;
-#endif /* STATFS4 */
-  *dsize = fs.f_blocks;
-#endif /* ULTRIX */
-
-#if defined(SCO) || defined(ISC) || defined(MIPS)
-  *bsize = 512;
-#endif
+        if (len != sizeof(uint32))
+                return;
 
-/* handle rediculous bsize values - some OSes are broken */
-if ((*bsize) < 512 || (*bsize)>0xFFFF) *bsize = 1024;
+        low_serial = *((uint32 *)buf);
 
-  disk_norm(bsize,dfree,dsize);
-
-  if (*bsize < 256)
-    *bsize = 512;
-  if ((*dsize)<1)
-    {
-      DEBUG(0,("dfree seems to be broken on your system\n"));
-      *dsize = 20*1024*1024/(*bsize);
-      *dfree = MAX(1,*dfree);
-    }
-  return(((*bsize)/1024)*(*dfree));
-#endif
+        DEBUG(3, ("received sam replication message, serial = 0x%04x\n",
+                  low_serial));
 }
 
-
 /****************************************************************************
-wrap it to get filenames right
+ Open the socket communication - inetd.
 ****************************************************************************/
-int sys_disk_free(char *path,int *bsize,int *dfree,int *dsize)
-{
-  return(disk_free(dos_to_unix(path,False),bsize,dfree,dsize));
-}
 
-
-
-/****************************************************************************
-check a filename - possibly caling reducename
-
-This is called by every routine before it allows an operation on a filename.
-It does any final confirmation necessary to ensure that the filename is
-a valid one for the user to access.
-****************************************************************************/
-BOOL check_name(char *name,int cnum)
+static BOOL open_sockets_inetd(void)
 {
-  BOOL ret;
-
-  errno = 0;
-
-  ret = reduce_name(name,Connections[cnum].connectpath,lp_widelinks(SNUM(cnum)));
-  if (!ret)
-    DEBUG(5,("check_name on %s failed\n",name));
+	/* Started from inetd. fd 0 is the socket. */
+	/* We will abort gracefully when the client or remote system 
+	   goes away */
+	smbd_set_server_fd(dup(0));
+	
+	/* close our standard file descriptors */
+	close_low_fds();
+	
+	set_socket_options(smbd_server_fd(),"SO_KEEPALIVE");
+	set_socket_options(smbd_server_fd(), user_socket_options);
 
-  return(ret);
+	return True;
 }
 
-/****************************************************************************
-check a filename - possibly caling reducename
-****************************************************************************/
-static void check_for_pipe(char *fname)
+static void msg_exit_server(int msg_type, pid_t src, void *buf, size_t len)
 {
-  /* special case of pipe opens */
-  char s[10];
-  StrnCpy(s,fname,9);
-  strlower(s);
-  if (strstr(s,"pipe/"))
-    {
-      DEBUG(3,("Rejecting named pipe open for %s\n",fname));
-      unix_ERR_class = ERRSRV;
-      unix_ERR_code = ERRaccess;
-    }
+	exit_server("Got a SHUTDOWN message");
 }
 
 
 /****************************************************************************
-open a file
+ Open the socket communication.
 ****************************************************************************/
-void open_file(int fnum,int cnum,char *fname1,int flags,int mode)
-{
-  pstring fname;
-
-  Files[fnum].open = False;
-  Files[fnum].fd = -1;
-  errno = EPERM;
-
-  strcpy(fname,fname1);
-
-  /* check permissions */
-  if ((flags != O_RDONLY) && !CAN_WRITE(cnum) && !Connections[cnum].printer)
-    {
-      DEBUG(3,("Permission denied opening %s\n",fname));
-      check_for_pipe(fname);
-      return;
-    }
-
-  /* this handles a bug in Win95 - it doesn't say to create the file when it 
-     should */
-  if (Connections[cnum].printer)
-    flags |= O_CREAT;
-
-/*
-  if (flags == O_WRONLY)
-    DEBUG(3,("Bug in client? Set O_WRONLY without O_CREAT\n"));
-*/
 
-#if UTIME_WORKAROUND
-  /* XXXX - is this OK?? */
-  /* this works around a utime bug but can cause other problems */
-  if ((flags & (O_WRONLY|O_RDWR)) && (flags & O_CREAT) && !(flags & O_APPEND))
-    sys_unlink(fname);
-#endif
-
-
-  Files[fnum].fd = sys_open(fname,flags,mode);
-
-  if ((Files[fnum].fd>=0) && 
-      Connections[cnum].printer && lp_minprintspace(SNUM(cnum))) {
-    pstring dname;
-    int dum1,dum2,dum3;
-    char *p;
-    strcpy(dname,fname);
-    p = strrchr(dname,'/');
-    if (p) *p = 0;
-    if (sys_disk_free(dname,&dum1,&dum2,&dum3) < 
-	lp_minprintspace(SNUM(cnum))) {
-      close(Files[fnum].fd);
-      Files[fnum].fd = -1;
-      sys_unlink(fname);
-      errno = ENOSPC;
-      return;
-    }
-  }
-    
-
-  /* Fix for files ending in '.' */
-  if((Files[fnum].fd == -1) && (errno == ENOENT) && 
-     (strchr(fname,'.')==NULL))
-    {
-      strcat(fname,".");
-      Files[fnum].fd = sys_open(fname,flags,mode);
-    }
-
-#if (defined(ENAMETOOLONG) && defined(HAVE_PATHCONF))
-  if ((Files[fnum].fd == -1) && (errno == ENAMETOOLONG))
-    {
-      int max_len;
-      char *p = strrchr(fname, '/');
-
-      if (p == fname)	/* name is "/xxx" */
-	{
-	  max_len = pathconf("/", _PC_NAME_MAX);
-	  p++;
-	}
-      else if ((p == NULL) || (p == fname))
-	{
-	  p = fname;
-	  max_len = pathconf(".", _PC_NAME_MAX);
-	}
-      else
-	{
-	  *p = '\0';
-	  max_len = pathconf(fname, _PC_NAME_MAX);
-	  *p = '/';
-	  p++;
-	}
-      if (strlen(p) > max_len)
-	{
-	  char tmp = p[max_len];
+static BOOL open_sockets(BOOL is_daemon,int port)
+{
+	int num_interfaces = iface_count();
+	int fd_listenset[FD_SETSIZE];
+	fd_set listen_set;
+	int s;
+	int i;
 
-	  p[max_len] = '\0';
-	  if ((Files[fnum].fd = sys_open(fname,flags,mode)) == -1)
-	    p[max_len] = tmp;
+	if (!is_daemon) {
+		return open_sockets_inetd();
 	}
-    }
-#endif
 
-  if (Files[fnum].fd < 0)
-    {
-      DEBUG(3,("Error opening file %s (%s) (flags=%d)\n",
-	       fname,strerror(errno),flags));
-      check_for_pipe(fname);
-      return;
-    }
-
-  if (Files[fnum].fd >= 0)
-    {
-      struct stat st;
-      Connections[cnum].num_files_open++;
-      fstat(Files[fnum].fd,&st);
-      Files[fnum].mode = st.st_mode;
-      Files[fnum].open_time = time(NULL);
-      Files[fnum].size = 0;
-      Files[fnum].pos = -1;
-      Files[fnum].open = True;
-      Files[fnum].mmap_ptr = NULL;
-      Files[fnum].mmap_size = 0;
-      Files[fnum].can_lock = True;
-      Files[fnum].can_read = ((flags & O_WRONLY)==0);
-      Files[fnum].can_write = ((flags & (O_WRONLY|O_RDWR))!=0);
-      Files[fnum].share_mode = 0;
-      Files[fnum].share_pending = False;
-      Files[fnum].print_file = Connections[cnum].printer;
-      Files[fnum].modified = False;
-      Files[fnum].cnum = cnum;
-      string_set(&Files[fnum].name,fname);
-      Files[fnum].wbmpx_ptr = NULL;      
-
-      /*
-       * If the printer is marked as postscript output a leading
-       * file identifier to ensure the file is treated as a raw
-       * postscript file.
-       * This has a similar effect as CtrlD=0 in WIN.INI file.
-       * tim@fsg.com 09/06/94
-       */
-      if (Files[fnum].print_file && POSTSCRIPT(cnum) && 
-	  Files[fnum].can_write) 
-	{
-	  DEBUG(3,("Writing postscript line\n"));
-	  write_file(fnum,"%!\n",3);
-	}
-      
-      DEBUG(2,("%s %s opened file %s read=%s write=%s (numopen=%d fnum=%d)\n",
-	       timestring(),Connections[cnum].user,fname,
-	       BOOLSTR(Files[fnum].can_read),BOOLSTR(Files[fnum].can_write),
-	       Connections[cnum].num_files_open,fnum));
-
-    }
-
-#if USE_MMAP
-  /* mmap it if read-only */
-  if (!Files[fnum].can_write)
-    {
-      Files[fnum].mmap_size = file_size(fname);
-      Files[fnum].mmap_ptr = (char *)mmap(NULL,Files[fnum].mmap_size,
-					  PROT_READ,MAP_SHARED,Files[fnum].fd,0);
-
-      if (Files[fnum].mmap_ptr == (char *)-1 || !Files[fnum].mmap_ptr)
+		
+#ifdef HAVE_ATEXIT
 	{
-	  DEBUG(3,("Failed to mmap() %s - %s\n",fname,strerror(errno)));
-	  Files[fnum].mmap_ptr = NULL;
+		static int atexit_set;
+		if(atexit_set == 0) {
+			atexit_set=1;
+			atexit(killkids);
+		}
 	}
-    }
-#endif
-}
-
-/*******************************************************************
-sync a file
-********************************************************************/
-void sync_file(int fnum)
-{
-#ifndef NO_FSYNC
-  fsync(Files[fnum].fd);
-#endif
-}
-
-/****************************************************************************
-run a file if it is a magic script
-****************************************************************************/
-static void check_magic(int fnum,int cnum)
-{
-  if (!*lp_magicscript(SNUM(cnum)))
-    return;
-
-  DEBUG(5,("checking magic for %s\n",Files[fnum].name));
-
-  {
-    char *p;
-    if (!(p = strrchr(Files[fnum].name,'/')))
-      p = Files[fnum].name;
-    else
-      p++;
-
-    if (!strequal(lp_magicscript(SNUM(cnum)),p))
-      return;
-  }
-
-  {
-    int ret;
-    pstring magic_output;
-    pstring fname;
-    strcpy(fname,Files[fnum].name);
-
-    if (*lp_magicoutput(SNUM(cnum)))
-      strcpy(magic_output,lp_magicoutput(SNUM(cnum)));
-    else
-      sprintf(magic_output,"%s.out",fname);
-
-    chmod(fname,0755);
-    ret = smbrun(fname,magic_output);
-    DEBUG(3,("Invoking magic command %s gave %d\n",fname,ret));
-    unlink(fname);
-  }
-}
-
-
-/****************************************************************************
-close a file - possibly invalidating the read prediction
-****************************************************************************/
-void close_file(int fnum)
-{
-  int cnum = Files[fnum].cnum;
-  invalidate_read_prediction(Files[fnum].fd);
-  Files[fnum].open = False;
-  Connections[cnum].num_files_open--;
-  if(Files[fnum].wbmpx_ptr) 
-    {
-      free((char *)Files[fnum].wbmpx_ptr);
-      Files[fnum].wbmpx_ptr = NULL;
-    }
-
-#if USE_MMAP
-  if(Files[fnum].mmap_ptr) 
-    {
-      munmap(Files[fnum].mmap_ptr,Files[fnum].mmap_size);
-      Files[fnum].mmap_ptr = NULL;
-    }
 #endif
 
-  if (lp_share_modes(SNUM(cnum)))
-    del_share_mode(fnum);
-
-  if (Files[fnum].modified) {
-    struct stat st;
-    if (fstat(Files[fnum].fd,&st) == 0) {
-      int dosmode = dos_mode(cnum,Files[fnum].name,&st);
-      if (!IS_DOS_ARCHIVE(dosmode)) {	
-	dos_chmod(cnum,Files[fnum].name,dosmode | aARCH,&st);
-      }
-    }    
-  }
-
-  close(Files[fnum].fd);
-
-  /* NT uses smbclose to start a print - weird */
-  if (Files[fnum].print_file)
-    print_file(fnum);
-
-  /* check for magic scripts */
-  check_magic(fnum,cnum);
-
-  DEBUG(2,("%s %s closed file %s (numopen=%d)\n",
-	   timestring(),Connections[cnum].user,Files[fnum].name,
-	   Connections[cnum].num_files_open));
-}
-
-enum {AFAIL,AREAD,AWRITE,AALL};
-
-/*******************************************************************
-reproduce the share mode access table
-********************************************************************/
-static int access_table(int new_deny,int old_deny,int old_mode,
-			int share_pid,char *fname)
-{
-  if (new_deny == DENY_ALL || old_deny == DENY_ALL) return(AFAIL);
-
-  if (new_deny == DENY_DOS || old_deny == DENY_DOS) {
-    if (old_deny == new_deny && share_pid == getpid()) 
-	return(AALL);    
-
-    if (old_mode == 0) return(AREAD);
-
-    /* the new smbpub.zip spec says that if the file extension is
-       .com, .dll, .exe or .sym then allow the open. I will force
-       it to read-only as this seems sensible although the spec is
-       a little unclear on this. */
-    if ((fname = strrchr(fname,'.'))) {
-      if (strequal(fname,".com") ||
-	  strequal(fname,".dll") ||
-	  strequal(fname,".exe") ||
-	  strequal(fname,".sym"))
-	return(AREAD);
-    }
-
-    return(AFAIL);
-  }
-
-  switch (new_deny) 
-    {
-    case DENY_WRITE:
-      if (old_deny==DENY_WRITE && old_mode==0) return(AREAD);
-      if (old_deny==DENY_READ && old_mode==0) return(AWRITE);
-      if (old_deny==DENY_NONE && old_mode==0) return(AALL);
-      return(AFAIL);
-    case DENY_READ:
-      if (old_deny==DENY_WRITE && old_mode==1) return(AREAD);
-      if (old_deny==DENY_READ && old_mode==1) return(AWRITE);
-      if (old_deny==DENY_NONE && old_mode==1) return(AALL);
-      return(AFAIL);
-    case DENY_NONE:
-      if (old_deny==DENY_WRITE) return(AREAD);
-      if (old_deny==DENY_READ) return(AWRITE);
-      if (old_deny==DENY_NONE) return(AALL);
-      return(AFAIL);      
-    }
-  return(AFAIL);      
-}
-
-/*******************************************************************
-check if the share mode on a file allows it to be deleted or unlinked
-return True if sharing doesn't prevent the operation
-********************************************************************/
-BOOL check_file_sharing(int cnum,char *fname)
-{
-  int pid=0;
-  int share_mode = get_share_mode_byname(cnum,fname,&pid);
-
-  if (!pid || !share_mode) return(True);
+	/* Stop zombies */
+	CatchChild();
+		
+		
+	FD_ZERO(&listen_set);
+
+	if(lp_interfaces() && lp_bind_interfaces_only()) {
+		/* We have been given an interfaces line, and been 
+		   told to only bind to those interfaces. Create a
+		   socket per interface and bind to only these.
+		*/
+		
+		if(num_interfaces > FD_SETSIZE) {
+			DEBUG(0,("open_sockets: Too many interfaces specified to bind to. Number was %d \
+max can be %d\n", 
+				 num_interfaces, FD_SETSIZE));
+			return False;
+		}
+		
+		/* Now open a listen socket for each of the
+		   interfaces. */
+		for(i = 0; i < num_interfaces; i++) {
+			struct in_addr *ifip = iface_n_ip(i);
+			
+			if(ifip == NULL) {
+				DEBUG(0,("open_sockets: interface %d has NULL IP address !\n", i));
+				continue;
+			}
+			s = fd_listenset[i] = open_socket_in(SOCK_STREAM, port, 0, ifip->s_addr, True);
+			if(s == -1)
+				return False;
+
+			/* ready to listen */
+			set_socket_options(s,"SO_KEEPALIVE"); 
+			set_socket_options(s,user_socket_options);
+      
+			if (listen(s, 5) == -1) {
+				DEBUG(0,("listen: %s\n",strerror(errno)));
+				close(s);
+				return False;
+			}
+			FD_SET(s,&listen_set);
+		}
+	} else {
+		/* Just bind to 0.0.0.0 - accept connections
+		   from anywhere. */
+		num_interfaces = 1;
+		
+		/* open an incoming socket */
+		s = open_socket_in(SOCK_STREAM, port, 0,
+				   interpret_addr(lp_socket_address()),True);
+		if (s == -1)
+			return(False);
+		
+		/* ready to listen */
+		set_socket_options(s,"SO_KEEPALIVE"); 
+		set_socket_options(s,user_socket_options);
+
+		if (listen(s, 5) == -1) {
+			DEBUG(0,("open_sockets: listen: %s\n",
+				 strerror(errno)));
+			close(s);
+			return False;
+		}
+		
+		fd_listenset[0] = s;
+		FD_SET(s,&listen_set);
+	} 
+
+        /* Listen to messages */
+
+        message_register(MSG_SMB_SAM_SYNC, msg_sam_sync);
+        message_register(MSG_SMB_SAM_REPL, msg_sam_repl);
+        message_register(MSG_SHUTDOWN, msg_exit_server);
+
+	/* now accept incoming connections - forking a new process
+	   for each incoming connection */
+	DEBUG(2,("waiting for a connection\n"));
+	while (1) {
+		fd_set lfds;
+		int num;
+		
+		/* Free up temporary memory from the main smbd. */
+		lp_talloc_free();
+
+		/* Ensure we respond to PING and DEBUG messages from the main smbd. */
+		message_dispatch();
+
+		memcpy((char *)&lfds, (char *)&listen_set, 
+		       sizeof(listen_set));
+		
+		num = sys_select(FD_SETSIZE,&lfds,NULL,NULL,NULL);
+		
+		if (num == -1 && errno == EINTR) {
+			if (got_sig_term) {
+				exit_server("Caught TERM signal");
+			}
+
+			/* check for sighup processing */
+			if (reload_after_sighup) {
+				change_to_root_user();
+				DEBUG(1,("Reloading services after SIGHUP\n"));
+				reload_services(False);
+				reload_after_sighup = 0;
+			}
+
+			continue;
+		}
+		
+		/* check if we need to reload services */
+		check_reload(time(NULL));
+
+		/* Find the sockets that are read-ready -
+		   accept on these. */
+		for( ; num > 0; num--) {
+			struct sockaddr addr;
+			socklen_t in_addrlen = sizeof(addr);
+			
+			s = -1;
+			for(i = 0; i < num_interfaces; i++) {
+				if(FD_ISSET(fd_listenset[i],&lfds)) {
+					s = fd_listenset[i];
+					/* Clear this so we don't look
+					   at it again. */
+					FD_CLR(fd_listenset[i],&lfds);
+					break;
+				}
+			}
+
+			smbd_set_server_fd(accept(s,&addr,&in_addrlen));
+			
+			if (smbd_server_fd() == -1 && errno == EINTR)
+				continue;
+			
+			if (smbd_server_fd() == -1) {
+				DEBUG(0,("open_sockets: accept: %s\n",
+					 strerror(errno)));
+				continue;
+			}
+			
+			if (smbd_server_fd() != -1 && sys_fork()==0) {
+				/* Child code ... */
+				
+				/* close the listening socket(s) */
+				for(i = 0; i < num_interfaces; i++)
+					close(fd_listenset[i]);
+				
+				/* close our standard file
+				   descriptors */
+				close_low_fds();
+				am_parent = 0;
+				
+				set_socket_options(smbd_server_fd(),"SO_KEEPALIVE");
+				set_socket_options(smbd_server_fd(),user_socket_options);
+				
+				/* Reset global variables in util.c so
+				   that client substitutions will be
+				   done correctly in the process.  */
+				reset_globals_after_fork();
+
+				/* tdb needs special fork handling */
+				tdb_reopen_all();
+
+				return True; 
+			}
+			/* The parent doesn't need this socket */
+			close(smbd_server_fd()); 
+
+			/* Sun May 6 18:56:14 2001 ackley@cs.unm.edu:
+				Clear the closed fd info out of server_fd --
+				and more importantly, out of client_fd in
+				util_sock.c, to avoid a possible
+				getpeername failure if we reopen the logs
+				and use %I in the filename.
+			*/
+
+			smbd_set_server_fd(-1);
+
+			/* Force parent to check log size after
+			 * spawning child.  Fix from
+			 * klausr@ITAP.Physik.Uni-Stuttgart.De.  The
+			 * parent smbd will log to logserver.smb.  It
+			 * writes only two messages for each child
+			 * started/finished. But each child writes,
+			 * say, 50 messages also in logserver.smb,
+			 * begining with the debug_count of the
+			 * parent, before the child opens its own log
+			 * file logserver.client. In a worst case
+			 * scenario the size of logserver.smb would be
+			 * checked after about 50*50=2500 messages
+			 * (ca. 100kb).
+			 * */
+			force_check_log_size();
  
-  if (share_mode == DENY_DOS)
-    return(pid == getpid());
+		} /* end for num */
+	} /* end while 1 */
 
-  /* XXXX exactly what share mode combinations should be allowed for
-     deleting/renaming? */
-  return(False);
+/* NOTREACHED	return True; */
 }
 
 /****************************************************************************
-  C. Hoch 11/22/95
-  Helper for open_file_shared. 
-  Truncate a file after checking locking; close file if locked.
-  **************************************************************************/
-static void truncate_unless_locked(int fnum, int cnum)
-{
-  if (Files[fnum].can_write){
-    if (is_locked(fnum,cnum,0x3FFFFFFF,0)){
-      close_file(fnum);   
-      errno = EACCES;
-      unix_ERR_class = ERRDOS;
-      unix_ERR_code = ERRlock;
-    }
-    else
-      ftruncate(Files[fnum].fd,0); 
-  }
-}
+ Reload the services file.
+**************************************************************************/
 
-
-/****************************************************************************
-open a file with a share mode
-****************************************************************************/
-void open_file_shared(int fnum,int cnum,char *fname,int share_mode,int ofun,
-		      int mode,int *Access,int *action)
+BOOL reload_services(BOOL test)
 {
-  int flags=0;
-  int flags2=0;
-  int deny_mode = (share_mode>>4)&7;
-  struct stat sbuf;
-  BOOL file_existed = file_exist(fname,&sbuf);
-  BOOL fcbopen = False;
-  int share_pid=0;
-
-  Files[fnum].open = False;
-  Files[fnum].fd = -1;
-
-  /* this is for OS/2 EAs - try and say we don't support them */
-  if (strstr(fname,".+,;=[].")) {
-    unix_ERR_class = ERRDOS;
-    unix_ERR_code = ERROR_EAS_NOT_SUPPORTED;
-    return;
-  }
-
-  if ((ofun & 0x3) == 0 && file_existed) {
-    errno = EEXIST;
-    return;
-  }
-      
-  if (ofun & 0x10)
-    flags2 |= O_CREAT;
-  if ((ofun & 0x3) == 2)
-    flags2 |= O_TRUNC;
-
-  /* note that we ignore the append flag as 
-     append does not mean the same thing under dos and unix */
-
-  switch (share_mode&0xF)
-    {
-    case 1: 
-      flags = O_WRONLY; 
-      break;
-    case 0xF: 
-      fcbopen = True;
-      flags = O_RDWR; 
-      break;
-    case 2: 
-      flags = O_RDWR; 
-      break;
-    default:
-      flags = O_RDONLY;
-      break;
-    }
-  
-  if (flags != O_RDONLY && file_existed && 
-      (!CAN_WRITE(cnum) || IS_DOS_READONLY(dos_mode(cnum,fname,&sbuf)))) {
-    if (!fcbopen) {
-      errno = EACCES;
-      return;
-    }
-    flags = O_RDONLY;
-  }
-
-  if (deny_mode > DENY_NONE && deny_mode!=DENY_FCB) {
-    DEBUG(2,("Invalid deny mode %d on file %s\n",deny_mode,fname));
-    errno = EINVAL;
-    return;
-  }
-
-  if (deny_mode == DENY_FCB) deny_mode = DENY_DOS;
-
-  if (lp_share_modes(SNUM(cnum))) {
-    int old_share=0;
-
-    if (file_existed)
-      old_share = get_share_mode(cnum,&sbuf,&share_pid);
-
-    if (share_pid) {
-      /* someone else has a share lock on it, check to see 
-	 if we can too */
-      int old_open_mode = old_share&0xF;
-      int old_deny_mode = (old_share>>4)&7;
-
-      if (deny_mode > 4 || old_deny_mode > 4 || old_open_mode > 2) {
-	DEBUG(2,("Invalid share mode (%d,%d,%d) on file %s\n",
-		 deny_mode,old_deny_mode,old_open_mode,fname));
-	errno = EACCES;
-	unix_ERR_class = ERRDOS;
-	unix_ERR_code = ERRbadshare;
-	return;
-      }
-
-      {
-	int access_allowed = access_table(deny_mode,old_deny_mode,old_open_mode,
-					  share_pid,fname);
-
-	if ((access_allowed == AFAIL) ||
-	    (access_allowed == AREAD && flags == O_WRONLY) ||
-	    (access_allowed == AWRITE && flags == O_RDONLY)) {
-	  DEBUG(2,("Share violation on file (%d,%d,%d,%d,%s) = %d\n",
-		   deny_mode,old_deny_mode,old_open_mode,
-		   share_pid,fname,
-		   access_allowed));
-	  errno = EACCES;
-	  unix_ERR_class = ERRDOS;
-	  unix_ERR_code = ERRbadshare;
-	  return;
-	}
-	
-	if (access_allowed == AREAD)
-	  flags = O_RDONLY;
+	BOOL ret;
 	
-	if (access_allowed == AWRITE)
-	  flags = O_WRONLY;
-      }
-    }
-  }
-
-  DEBUG(4,("calling open_file with flags=0x%X flags2=0x%X mode=0%o\n",
-	   flags,flags2,mode));
-
-  open_file(fnum,cnum,fname,flags|(flags2&~(O_TRUNC)),mode);
-  if (!Files[fnum].open && flags==O_RDWR && errno!=ENOENT && fcbopen) {
-    flags = O_RDONLY;
-    open_file(fnum,cnum,fname,flags,mode);
-  }
-
-  if (Files[fnum].open) {
-    int open_mode=0;
-    switch (flags) {
-    case O_RDONLY:
-      open_mode = 0;
-      break;
-    case O_RDWR:
-      open_mode = 2;
-      break;
-    case O_WRONLY:
-      open_mode = 1;
-      break;
-    }
-
-    Files[fnum].share_mode = (deny_mode<<4) | open_mode;
-    Files[fnum].share_pending = True;
-
-    if (Access) {
-      (*Access) = open_mode;
-    }
-    
-    if (action) {
-      if (file_existed && !(flags2 & O_TRUNC)) *action = 1;
-      if (!file_existed) *action = 2;
-      if (file_existed && (flags2 & O_TRUNC)) *action = 3;
-    }
-
-    if (!share_pid)
-      share_mode_pending = True;
-
-    if ((flags2&O_TRUNC) && file_existed)
-      truncate_unless_locked(fnum,cnum);
-  }
-}
-
-
-
-/*******************************************************************
-check for files that we should now set our share modes on
-********************************************************************/
-static void check_share_modes(void)
-{
-  int i;
-  for (i=0;i<MAX_OPEN_FILES;i++)
-    if(Files[i].open && Files[i].share_pending) {
-      if (lp_share_modes(SNUM(Files[i].cnum))) {
-	int pid=0;
-	get_share_mode_by_fnum(Files[i].cnum,i,&pid);
-	if (!pid) {
-	  set_share_mode(i,Files[i].share_mode);
-	  Files[i].share_pending = False;
-	}
-      } else {
-	Files[i].share_pending = False;	
-      }
-    }
-}
-
-
-/****************************************************************************
-seek a file. Try to avoid the seek if possible
-****************************************************************************/
-int seek_file(int fnum,int pos)
-{
-  int offset = 0;
-  if (Files[fnum].print_file && POSTSCRIPT(Files[fnum].cnum))
-    offset = 3;
-
-  Files[fnum].pos = lseek(Files[fnum].fd,pos+offset,SEEK_SET) - offset;
-  return(Files[fnum].pos);
-}
-
-/****************************************************************************
-read from a file
-****************************************************************************/
-int read_file(int fnum,char *data,int pos,int mincnt,int maxcnt,int timeout,BOOL exact)
-{
-  int ret=0;
-
-  if (!Files[fnum].can_write)
-    {
-      ret = read_predict(Files[fnum].fd,
-			 pos,
-			 data,
-			 NULL,
-			 maxcnt);
-
-      data += ret;
-      maxcnt -= ret;
-      mincnt = MAX(mincnt-ret,0);
-      pos += ret;
-    }
-
-#if USE_MMAP
-  if (Files[fnum].mmap_ptr)
-    {
-      int num = MIN(maxcnt,Files[fnum].mmap_size-pos);
-      if (num > 0)
-	{
-	  memcpy(data,Files[fnum].mmap_ptr+pos,num);
-	  data += num;
-	  pos += num;
-	  maxcnt -= num;
-	  mincnt = MAX(mincnt-num,0);
-	  ret += num;
+	if (lp_loaded()) {
+		pstring fname;
+		pstrcpy(fname,lp_configfile());
+		if (file_exist(fname, NULL) &&
+		    !strcsequal(fname, dyn_CONFIGFILE)) {
+			pstrcpy(dyn_CONFIGFILE, fname);
+			test = False;
+		}
 	}
-    }
-#endif
-
-  if (maxcnt <= 0)
-    return(ret);
-
-  if (seek_file(fnum,pos) != pos)
-    {
-      DEBUG(3,("Failed to seek to %d\n",pos));
-      return(ret);
-    }
-  
-  if (maxcnt > 0)
-    ret += read_with_timeout(Files[fnum].fd,
-			     data,
-			     mincnt,
-			     maxcnt,
-			     timeout,
-			     exact);
-
-  return(ret);
-}
-
-
-/****************************************************************************
-write to a file
-****************************************************************************/
-int write_file(int fnum,char *data,int n)
-{
-  if (!Files[fnum].can_write) {
-    errno = EPERM;
-    return(0);
-  }
-
-  Files[fnum].modified = True;
-
-  return(write_data(Files[fnum].fd,data,n));
-}
-
-
-static int old_umask = 022;
-
-/****************************************************************************
-load parameters specific to a connection/service
-****************************************************************************/
-BOOL become_service(int cnum,BOOL do_chdir)
-{
-  extern char magic_char;
-  static int last_cnum = -1;
-  int snum;
-
-  if (!OPEN_CNUM(cnum))
-    {
-      last_cnum = -1;
-      return(False);
-    }
-
-  Connections[cnum].lastused = smb_last_time;
-
-  snum = SNUM(cnum);
-  
-  if (do_chdir &&
-      ChDir(Connections[cnum].connectpath) != 0 &&
-      ChDir(Connections[cnum].origpath) != 0)
-    {
-      DEBUG(0,("%s chdir (%s) failed cnum=%d\n",timestring(),
-	    Connections[cnum].connectpath,cnum));     
-      return(False);
-    }
-
-  if (cnum == last_cnum)
-    return(True);
-
-  last_cnum = cnum;
-
-  case_default = lp_defaultcase(snum);
-  case_preserve = lp_preservecase(snum);
-  short_case_preserve = lp_shortpreservecase(snum);
-  case_mangle = lp_casemangle(snum);
-  case_sensitive = lp_casesensitive(snum);
-  magic_char = lp_magicchar(snum);
-  use_mangled_map = (*lp_mangled_map(snum) ? True:False);
-  return(True);
-}
-
 
-/****************************************************************************
-  become the specified uid 
-****************************************************************************/
-static BOOL become_uid(int uid)
-{
-  if (initial_uid != 0)
-    return(True);
-
-#ifdef AIX
-  {
-    /* AIX 3 stuff - inspired by a code fragment in wu-ftpd */
-    priv_t priv;
-
-    priv.pv_priv[0] = 0;
-    priv.pv_priv[1] = 0;
-    if (setpriv(PRIV_SET|PRIV_INHERITED|PRIV_EFFECTIVE|PRIV_BEQUEATH,
-		&priv, sizeof(priv_t)) < 0 ||
-	setuidx(ID_REAL|ID_EFFECTIVE, (uid_t)uid) < 0 ||
-	seteuid((uid_t)uid) < 0) 
-      DEBUG(1,("Can't set uid (AIX3)"));
-  }
-#endif
+	reopen_logs();
 
-#ifdef USE_SETRES
-  if (setresuid(-1,uid,-1) != 0)
-#else
-    if ((seteuid(uid) != 0) && 
-	(setuid(uid) != 0))
-#endif
-      {
-	DEBUG(0,("Couldn't set uid %d currently set to (%d,%d)\n",
-		 uid,getuid(), geteuid()));
-	if (uid > 32000)
-	  DEBUG(0,("Looks like your OS doesn't like high uid values - try using a different account\n"));
-	return(False);
-      }
-
-  if (((uid == -1) || (uid == 65535)) && geteuid() != uid)
-    {
-      DEBUG(0,("Invalid uid -1. perhaps you have a account with uid 65535?\n"));
-      return(False);
-    }
-
-  return(True);
-}
-
-
-/****************************************************************************
-  become the specified gid
-****************************************************************************/
-static BOOL become_gid(int gid)
-{
-  if (initial_uid != 0)
-    return(True);
-  
-#ifdef USE_SETRES 
-  if (setresgid(-1,gid,-1) != 0)
-#else
-    if (setgid(gid) != 0)
-#endif
-      {
-	DEBUG(0,("Couldn't set gid %d currently set to (%d,%d)\n",
-		 gid,getgid(),getegid()));
-	if (gid > 32000)
-	  DEBUG(0,("Looks like your OS doesn't like high gid values - try using a different account\n"));
-	return(False);
-      }
-
-  return(True);
-}
+	if (test && !lp_file_list_changed())
+		return(True);
 
+	lp_killunused(conn_snum_used);
+	
+	ret = lp_load(dyn_CONFIGFILE, False, False, True);
 
-/****************************************************************************
-  become the specified uid and gid
-****************************************************************************/
-static BOOL become_id(int uid,int gid)
-{
-  return(become_gid(gid) && become_uid(uid));
-}
+	load_printers();
 
-/****************************************************************************
-become the guest user
-****************************************************************************/
-static BOOL become_guest(void)
-{
-  BOOL ret;
-  static struct passwd *pass=NULL;
+	/* perhaps the config filename is now set */
+	if (!test)
+		reload_services(True);
 
-  if (initial_uid != 0) 
-    return(True);
+	reopen_logs();
 
-  if (!pass)
-    pass = Get_Pwnam(lp_guestaccount(-1),True);
-  if (!pass) return(False);
+	load_interfaces();
 
-  ret = become_id(pass->pw_uid,pass->pw_gid);
+	{
+		if (smbd_server_fd() != -1) {      
+			set_socket_options(smbd_server_fd(),"SO_KEEPALIVE");
+			set_socket_options(smbd_server_fd(), user_socket_options);
+		}
+	}
 
-  if (!ret)
-    DEBUG(1,("Failed to become guest. Invalid guest account?\n"));
+	mangle_reset_cache();
+	reset_stat_cache();
 
-  last_user.cnum = -2;
+	/* this forces service parameters to be flushed */
+	set_current_service(NULL,True);
 
-  return(ret);
+	return(ret);
 }
 
+#if DUMP_CORE
 /*******************************************************************
-check if a username is OK
+prepare to dump a core file - carefully!
 ********************************************************************/
-static BOOL check_user_ok(int cnum,user_struct *vuser,int snum)
-{
-  int i;
-  for (i=0;i<Connections[cnum].uid_cache.entries;i++)
-    if (Connections[cnum].uid_cache.list[i] == vuser->uid) return(True);
-
-  if (!user_ok(vuser->name,snum)) return(False);
-
-  i = Connections[cnum].uid_cache.entries % UID_CACHE_SIZE;
-  Connections[cnum].uid_cache.list[i] = vuser->uid;
-
-  if (Connections[cnum].uid_cache.entries < UID_CACHE_SIZE)
-    Connections[cnum].uid_cache.entries++;
-
-  return(True);
-}
-
-
-/****************************************************************************
-  become the user of a connection number
-****************************************************************************/
-BOOL become_user(int cnum, int uid)
-{
-  int new_umask;
-  user_struct *vuser;
-  int snum,gid;
-  int ngroups;
-  gid_t *groups;
-
-  if (last_user.cnum == cnum && last_user.uid == uid) {
-    DEBUG(4,("Skipping become_user - already user\n"));
-    return(True);
-  }
-
-  unbecome_user();
-
-  if (!OPEN_CNUM(cnum)) {
-    DEBUG(2,("Connection %d not open\n",cnum));
-    return(False);
-  }
-
-  snum = Connections[cnum].service;
-
-  if (Connections[cnum].force_user || 
-      lp_security() == SEC_SHARE ||
-      !(vuser = get_valid_user_struct(uid)) ||
-      !check_user_ok(cnum,vuser,snum)) {
-    uid = Connections[cnum].uid;
-    gid = Connections[cnum].gid;
-    groups = Connections[cnum].groups;
-    ngroups = Connections[cnum].ngroups;
-  } else {
-    if (!vuser) {
-      DEBUG(2,("Invalid vuid used %d\n",uid));
-      return(False);
-    }
-    uid = vuser->uid;
-    if(!*lp_force_group(snum))
-      gid = vuser->gid;
-    else
-      gid = Connections[cnum].gid;
-    groups = vuser->user_groups;
-    ngroups = vuser->user_ngroups;
-  }
-
-  if (initial_uid == 0)
-    {
-      if (!become_gid(gid)) return(False);
-
-#ifndef NO_SETGROUPS      
-      if (!IS_IPC(cnum)) {
-	/* groups stuff added by ih/wreu */
-	if (ngroups > 0)
-	  if (setgroups(ngroups,groups)<0)
-	    DEBUG(0,("setgroups call failed!\n"));
-      }
-#endif
-
-      if (!Connections[cnum].admin_user && !become_uid(uid))
-	return(False);
-    }
-
-  new_umask = 0777 & ~CREATE_MODE(cnum);
-  old_umask = umask(new_umask);
-
-  last_user.cnum = cnum;
-  last_user.uid = uid;
-  
-  DEBUG(5,("become_user uid=(%d,%d) gid=(%d,%d) new_umask=0%o\n",
-	   getuid(),geteuid(),getgid(),getegid(),new_umask));
-  
-  return(True);
-}
-
-/****************************************************************************
-  unbecome the user of a connection number
-****************************************************************************/
-BOOL unbecome_user(void )
+static BOOL dump_core(void)
 {
-  if (last_user.cnum == -1)
-    return(False);
-
-  ChDir(OriginalDir);
-
-  umask(old_umask);
-
-  if (initial_uid == 0)
-    {
-#ifdef USE_SETRES
-      setresuid(-1,getuid(),-1);
-      setresgid(-1,getgid(),-1);
-#else
-      if (seteuid(initial_uid) != 0) 
-	setuid(initial_uid);
-      setgid(initial_gid);
+	char *p;
+	pstring dname;
+	
+	pstrcpy(dname,lp_logfile());
+	if ((p=strrchr_m(dname,'/'))) *p=0;
+	pstrcat(dname,"/corefiles");
+	mkdir(dname,0700);
+	sys_chown(dname,getuid(),getgid());
+	chmod(dname,0700);
+	if (chdir(dname)) return(False);
+	umask(~(0700));
+
+#ifdef HAVE_GETRLIMIT
+#ifdef RLIMIT_CORE
+	{
+		struct rlimit rlp;
+		getrlimit(RLIMIT_CORE, &rlp);
+		rlp.rlim_cur = MAX(4*1024*1024,rlp.rlim_cur);
+		setrlimit(RLIMIT_CORE, &rlp);
+		getrlimit(RLIMIT_CORE, &rlp);
+		DEBUG(3,("Core limits now %d %d\n",
+			 (int)rlp.rlim_cur,(int)rlp.rlim_max));
+	}
 #endif
-    }
-#ifdef NO_EID
-  if (initial_uid == 0)
-    DEBUG(2,("Running with no EID\n"));
-  initial_uid = getuid();
-  initial_gid = getgid();
-#else
-  if (geteuid() != initial_uid)
-    {
-      DEBUG(0,("Warning: You appear to have a trapdoor uid system\n"));
-      initial_uid = geteuid();
-    }
-  if (getegid() != initial_gid)
-    {
-      DEBUG(0,("Warning: You appear to have a trapdoor gid system\n"));
-      initial_gid = getegid();
-    }
 #endif
-  
-  if (ChDir(OriginalDir) != 0)
-    DEBUG(0,("%s chdir(%s) failed in unbecome_user\n",
-	     timestring(),OriginalDir));  
 
-  DEBUG(5,("unbecome_user now uid=(%d,%d) gid=(%d,%d)\n",
-	getuid(),geteuid(),getgid(),getegid()));
 
-  last_user.cnum = -1;
-
-  return(True);
+	DEBUG(0,("Dumping core in %s\n", dname));
+	abort();
+	return(True);
 }
+#endif
 
 /****************************************************************************
-  find a service entry
+update the current smbd process count
 ****************************************************************************/
-int find_service(char *service)
-{
-   int iService;
-
-   string_sub(service,"\\","/");
-
-   iService = lp_servicenumber(service);
-
-   /* now handle the special case of a home directory */
-   if (iService < 0)
-   {
-      char *phome_dir = get_home_dir(service);
-      DEBUG(3,("checking for home directory %s gave %s\n",service,
-	    phome_dir?phome_dir:"(NULL)"));
-      if (phome_dir)
-      {   
-	 int iHomeService;
-	 if ((iHomeService = lp_servicenumber(HOMES_NAME)) >= 0)
-	 {
-	    lp_add_home(service,iHomeService,phome_dir);
-	    iService = lp_servicenumber(service);
-	 }
-      }
-   }
-
-   /* If we still don't have a service, attempt to add it as a printer. */
-   if (iService < 0)
-   {
-      int iPrinterService;
-
-      if ((iPrinterService = lp_servicenumber(PRINTERS_NAME)) >= 0)
-      {
-         char *pszTemp;
-
-         DEBUG(3,("checking whether %s is a valid printer name...\n", service));
-         pszTemp = PRINTCAP;
-         if ((pszTemp != NULL) && pcap_printername_ok(service, pszTemp))
-         {
-            DEBUG(3,("%s is a valid printer name\n", service));
-            DEBUG(3,("adding %s as a printer service\n", service));
-            lp_add_printer(service,iPrinterService);
-            iService = lp_servicenumber(service);
-            if (iService < 0)
-               DEBUG(0,("failed to add %s as a printer service!\n", service));
-         }
-         else
-            DEBUG(3,("%s is not a valid printer name\n", service));
-      }
-   }
-
-   /* just possibly it's a default service? */
-   if (iService < 0) 
-     {
-       char *defservice = lp_defaultservice();
-       if (defservice && *defservice && !strequal(defservice,service)) {
-	 iService = find_service(defservice);
-	 if (iService >= 0) {
-	   string_sub(service,"_","/");
-	   iService = lp_add_service(service,iService);
-	 }
-       }
-     }
-
-   if (iService >= 0)
-      if (!VALID_SNUM(iService))
-      {
-         DEBUG(0,("Invalid snum %d for %s\n",iService,service));
-	 iService = -1;
-      }
-
-   if (iService < 0)
-      DEBUG(3,("find_service() failed to find service %s\n", service));
-
-   return (iService);
-}
-
 
-/****************************************************************************
-  create an error packet from a cached error.
-****************************************************************************/
-int cached_error_packet(char *inbuf,char *outbuf,int fnum,int line)
+static void decrement_smbd_process_count(void)
 {
-  write_bmpx_struct *wbmpx = Files[fnum].wbmpx_ptr;
+	int32 total_smbds;
 
-  int32 eclass = wbmpx->wr_errclass;
-  int32 err = wbmpx->wr_error;
-
-  /* We can now delete the auxiliary struct */
-  free((char *)wbmpx);
-  Files[fnum].wbmpx_ptr = NULL;
-  return error_packet(inbuf,outbuf,eclass,err,line);
-}
-
-
-struct
-{
-  int unixerror;
-  int smbclass;
-  int smbcode;
-} unix_smb_errmap[] =
-{
-  {EPERM,ERRDOS,ERRnoaccess},
-  {EACCES,ERRDOS,ERRnoaccess},
-  {ENOENT,ERRDOS,ERRbadfile},
-  {EIO,ERRHRD,ERRgeneral},
-  {EBADF,ERRSRV,ERRsrverror},
-  {EINVAL,ERRSRV,ERRsrverror},
-  {EEXIST,ERRDOS,ERRfilexists},
-  {ENFILE,ERRDOS,ERRnofids},
-  {EMFILE,ERRDOS,ERRnofids},
-  {ENOSPC,ERRHRD,ERRdiskfull},
-#ifdef EDQUOT
-  {EDQUOT,ERRHRD,ERRdiskfull},
-#endif
-#ifdef ENOTEMPTY
-  {ENOTEMPTY,ERRDOS,ERRnoaccess},
-#endif
-#ifdef EXDEV
-  {EXDEV,ERRDOS,ERRdiffdevice},
-#endif
-  {EROFS,ERRHRD,ERRnowrite},
-  {0,0,0}
-};
-
-
-/****************************************************************************
-  create an error packet from errno
-****************************************************************************/
-int unix_error_packet(char *inbuf,char *outbuf,int def_class,uint32 def_code,int line)
-{
-  int eclass=def_class;
-  int ecode=def_code;
-  int i=0;
-
-  if (unix_ERR_class != SUCCESS)
-    {
-      eclass = unix_ERR_class;
-      ecode = unix_ERR_code;
-      unix_ERR_class = SUCCESS;
-      unix_ERR_code = 0;
-    }
-  else
-    {
-      while (unix_smb_errmap[i].smbclass != 0)
-	{
-	  if (unix_smb_errmap[i].unixerror == errno)
-	    {
-	      eclass = unix_smb_errmap[i].smbclass;
-	      ecode = unix_smb_errmap[i].smbcode;
-	      break;
-	    }
-	  i++;
+	if (lp_max_smbd_processes()) {
+		total_smbds = 0;
+		tdb_change_int32_atomic(conn_tdb_ctx(), "INFO/total_smbds", &total_smbds, -1);
 	}
-    }
-
-  return(error_packet(inbuf,outbuf,eclass,ecode,line));
 }
 
-
 /****************************************************************************
-  create an error packet. Normally called using the ERROR() macro
+ Exit the server.
 ****************************************************************************/
-int error_packet(char *inbuf,char *outbuf,int error_class,uint32 error_code,int line)
-{
-  int outsize = set_message(outbuf,0,0,True);
-  int cmd;
-  cmd = CVAL(inbuf,smb_com);
-  
-  CVAL(outbuf,smb_rcls) = error_class;
-  SSVAL(outbuf,smb_err,error_code);  
-  
-  DEBUG(3,("%s error packet at line %d cmd=%d (%s) eclass=%d ecode=%d\n",
-	   timestring(),
-	   line,
-	   (int)CVAL(inbuf,smb_com),
-	   smb_fn_name(CVAL(inbuf,smb_com)),
-	   error_class,
-	   error_code));
-
-  if (errno != 0)
-    DEBUG(3,("error string = %s\n",strerror(errno)));
-  
-  return(outsize);
-}
-
 
-#ifndef SIGCLD_IGNORE
-/****************************************************************************
-this prevents zombie child processes
-****************************************************************************/
-static int sig_cld()
+void exit_server(char *reason)
 {
-  static int depth = 0;
-  if (depth != 0)
-    {
-      DEBUG(0,("ERROR: Recursion in sig_cld? Perhaps you need `#define USE_WAITPID'?\n"));
-      depth=0;
-      return(0);
-    }
-  depth++;
-
-  BlockSignals(True);
-  DEBUG(5,("got SIGCLD\n"));
-
-#ifdef USE_WAITPID
-  while (waitpid((pid_t)-1,(int *)NULL, WNOHANG) > 0);
-#endif
+	static int firsttime=1;
+	extern char *last_inbuf;
+	extern struct auth_context *negprot_global_auth_context;
 
-  /* Stop zombies */
-  /* Stevens, Adv. Unix Prog. says that on system V you must call
-     wait before reinstalling the signal handler, because the kernel
-     calls the handler from within the signal-call when there is a
-     child that has exited. This would lead to an infinite recursion
-     if done vice versa. */
-        
-#ifndef DONT_REINSTALL_SIG
-#ifdef SIGCLD_IGNORE
-  signal(SIGCLD, SIG_IGN);  
-#else
-  signal(SIGCLD, SIGNAL_CAST sig_cld);
-#endif
-#endif
+	if (!firsttime)
+		exit(0);
+	firsttime = 0;
 
-#ifndef USE_WAITPID
-  while (wait3(WAIT3_CAST1 NULL, WNOHANG, WAIT3_CAST2 NULL) > 0);
-#endif
-  depth--;
-  BlockSignals(False);
-  return 0;
-}
-#endif
+	change_to_root_user();
+	DEBUG(2,("Closing connections\n"));
 
-/****************************************************************************
-  this is called when the client exits abruptly
-  **************************************************************************/
-static int sig_pipe()
-{
-  exit_server("Got sigpipe\n");
-  return(0);
-}
-
-/****************************************************************************
-  open the socket communication
-****************************************************************************/
-static BOOL open_sockets(BOOL is_daemon,int port)
-{
-  extern int Client;
-
-  if (is_daemon)
-    {
-      int s;
-      struct sockaddr addr;
-      int in_addrlen = sizeof(addr);
-       
-      /* Stop zombies */
-#ifdef SIGCLD_IGNORE
-      signal(SIGCLD, SIG_IGN);
-#else
-      signal(SIGCLD, SIGNAL_CAST sig_cld);
-#endif
+	if (negprot_global_auth_context) {
+		(negprot_global_auth_context->free)(&negprot_global_auth_context);
+	}
 
-      /* open an incoming socket */
-      s = open_socket_in(SOCK_STREAM, port, 0);
-      if (s == -1)
-	return(False);
+	conn_close_all();
 
-      /* ready to listen */
-      if (listen(s, 5) == -1) 
-	{
-	  DEBUG(0,("listen: %s",strerror(errno)));
-	  close(s);
-	  return False;
-	}
-      
-      /* now accept incoming connections - forking a new process
-	 for each incoming connection */
-      DEBUG(2,("waiting for a connection\n"));
-      while (1)
-	{
-	  Client = accept(s,&addr,&in_addrlen);
+	invalidate_all_vuids();
 
-	  if (Client == -1 && errno == EINTR)
-	    continue;
+	/* delete our entry in the connections database. */
+	yield_connection(NULL,"");
 
-	  if (Client == -1)
-	    {
-	      DEBUG(0,("accept: %s",strerror(errno)));
-	      return False;
-	    }
+	respond_to_all_remaining_local_messages();
+	decrement_smbd_process_count();
 
-#ifdef NO_FORK_DEBUG
-#ifndef NO_SIGNAL_TEST
-          signal(SIGPIPE, SIGNAL_CAST sig_pipe);
-          signal(SIGCLD, SIGNAL_CAST SIG_DFL);
-#endif
-	  return True;
-#else
-	  if (Client != -1 && fork()==0)
-	    {
-#ifndef NO_SIGNAL_TEST
-	      signal(SIGPIPE, SIGNAL_CAST sig_pipe);
-	      signal(SIGCLD, SIGNAL_CAST SIG_DFL);
-#endif
-	      /* close our standard file descriptors */
-	      close_low_fds();
-  
-	      set_socket_options(Client,"SO_KEEPALIVE");
-	      set_socket_options(Client,user_socket_options);
-
-	      return True; 
-	    }
-          close(Client); /* The parent doesn't need this socket */
-#endif
+#ifdef WITH_DFS
+	if (dcelogin_atmost_once) {
+		dfs_unlogin();
 	}
-    }
-  else
-    {
-      /* We will abort gracefully when the client or remote system 
-	 goes away */
-#ifndef NO_SIGNAL_TEST
-      signal(SIGPIPE, SIGNAL_CAST sig_pipe);
 #endif
-      Client = dup(0);
 
-      /* close our standard file descriptors */
-      close_low_fds();
+	if (!reason) {   
+		int oldlevel = DEBUGLEVEL;
+		DEBUGLEVEL = 10;
+		DEBUG(0,("Last message was %s\n",smb_fn_name(last_message)));
+		if (last_inbuf)
+			show_msg(last_inbuf);
+		DEBUGLEVEL = oldlevel;
+		DEBUG(0,("===============================================================\n"));
+#if DUMP_CORE
+		if (dump_core()) return;
+#endif
+	}    
 
-      set_socket_options(Client,"SO_KEEPALIVE");
-      set_socket_options(Client,user_socket_options);
-    }
+	locking_end();
 
-  return True;
+	DEBUG(3,("Server exit (%s)\n", (reason ? reason : "")));
+	exit(0);
 }
 
-
 /****************************************************************************
-check if a snum is in use
+ Initialise connect, service and file structs.
 ****************************************************************************/
-BOOL snum_used(int snum)
-{
-  int i;
-  for (i=0;i<MAX_CONNECTIONS;i++)
-    if (OPEN_CNUM(i) && (SNUM(i) == snum))
-      return(True);
-  return(False);
-}
 
-/****************************************************************************
-  reload the services file
-  **************************************************************************/
-BOOL reload_services(BOOL test)
+static void init_structs(void )
 {
-  BOOL ret;
+	/*
+	 * Set the machine NETBIOS name if not already
+	 * set from the config file.
+	 */
 
-  if (lp_loaded())
-    {
-      pstring fname;
-      strcpy(fname,lp_configfile());
-      if (file_exist(fname,NULL) && !strcsequal(fname,servicesf))
-	{
-	  strcpy(servicesf,fname);
-	  test = False;
+	if (!*global_myname) {
+		char *p;
+		pstrcpy( global_myname, myhostname() );
+		p = strchr_m(global_myname, '.' );
+		if (p) 
+			*p = 0;
 	}
-    }
 
-  reopen_logs();
+	strupper(global_myname);
 
-  if (test && !lp_file_list_changed())
-    return(True);
+	conn_init();
 
-  lp_killunused(snum_used);
+	file_init();
 
-  ret = lp_load(servicesf,False);
+	/* for RPC pipes */
+	init_rpc_pipe_hnd();
 
-  /* perhaps the config filename is now set */
-  if (!test)
-    reload_services(True);
+	init_dptrs();
 
-  reopen_logs();
+	secrets_init();
 
-  {
-    extern int Client;
-    if (Client != -1) {      
-      set_socket_options(Client,"SO_KEEPALIVE");
-      set_socket_options(Client,user_socket_options);
-    }
-  }
-
-  create_mangled_stack(lp_mangledstack());
-
-  /* this forces service parameters to be flushed */
-  become_service(-1,True);
-
-  return(ret);
-}
-
-
-
-/****************************************************************************
-this prevents zombie child processes
-****************************************************************************/
-static int sig_hup()
-{
-  BlockSignals(True);
-  DEBUG(0,("Got SIGHUP\n"));
-  reload_services(False);
-#ifndef DONT_REINSTALL_SIG
-  signal(SIGHUP,SIGNAL_CAST sig_hup);
-#endif
-  BlockSignals(False);
-  return(0);
 }
 
 /****************************************************************************
-Setup the groups a user belongs to.
+ Usage on the program.
 ****************************************************************************/
-int setup_groups(char *user, int uid, int gid, int *p_ngroups, 
-		 int **p_igroups, gid_t **p_groups)
-{
-  if (-1 == initgroups(user,gid))
-    {
-      if (getuid() == 0)
-	{
-	  DEBUG(0,("Unable to initgroups!\n"));
-	  if (gid < 0 || gid > 16000 || uid < 0 || uid > 16000)
-	    DEBUG(0,("This is probably a problem with the account %s\n",user));
-	}
-    }
-  else
-    {
-      int i,ngroups;
-      int *igroups;
-      gid_t grp = 0;
-      ngroups = getgroups(0,&grp);
-      if (ngroups <= 0)
-        ngroups = 32;
-      igroups = (int *)malloc(sizeof(int)*ngroups);
-      for (i=0;i<ngroups;i++)
-        igroups[i] = 0x42424242;
-      ngroups = getgroups(ngroups,(gid_t *)igroups);
-
-      if (igroups[0] == 0x42424242)
-        ngroups = 0;
-
-      *p_ngroups = ngroups;
-
-      /* The following bit of code is very strange. It is due to the
-         fact that some OSes use int* and some use gid_t* for
-         getgroups, and some (like SunOS) use both, one in prototypes,
-         and one in man pages and the actual code. Thus we detect it
-         dynamically using some very ugly code */
-      if (ngroups > 0)
-        {
-	  /* does getgroups return ints or gid_t ?? */
-	  static BOOL groups_use_ints = True;
-
-	  if (groups_use_ints && 
-	      ngroups == 1 && 
-	      SVAL(igroups,2) == 0x4242)
-	    groups_use_ints = False;
-	  
-          for (i=0;groups_use_ints && i<ngroups;i++)
-            if (igroups[i] == 0x42424242)
-    	      groups_use_ints = False;
-	      
-          if (groups_use_ints)
-            {
-    	      *p_igroups = igroups;
-    	      *p_groups = (gid_t *)igroups;	  
-            }
-          else
-            {
-	      gid_t *groups = (gid_t *)igroups;
-	      igroups = (int *)malloc(sizeof(int)*ngroups);
-	      for (i=0;i<ngroups;i++)
-	        igroups[i] = groups[i];
-	      *p_igroups = igroups;
-	      *p_groups = (gid_t *)groups;
-	    }
-	}
-      DEBUG(3,("%s is in %d groups\n",user,ngroups));
-      for (i=0;i<ngroups;i++)
-        DEBUG(3,("%d ",igroups[i]));
-      DEBUG(3,("\n"));
-    }
-  return 0;
-}
 
-/****************************************************************************
-  make a connection to a service
-****************************************************************************/
-int make_connection(char *service,char *user,char *password, int pwlen, char *dev,int vuid)
+static void usage(char *pname)
 {
-  int cnum;
-  int snum;
-  struct passwd *pass = NULL;
-  connection_struct *pcon;
-  BOOL guest = False;
-  BOOL force = False;
-  static BOOL first_connection = True;
-
-  strlower(service);
-
-  snum = find_service(service);
-  if (snum < 0)
-    {
-      if (strequal(service,"IPC$"))
-	{	  
-	  DEBUG(3,("%s refusing IPC connection\n",timestring()));
-	  return(-3);
-	}
-
-      DEBUG(0,("%s couldn't find service %s\n",timestring(),service));      
-      return(-2);
-    }
-
-  if (strequal(service,HOMES_NAME))
-    {
-      if (*user && Get_Pwnam(user,True))
-	return(make_connection(user,user,password,pwlen,dev,vuid));
 
-      if (validated_username(vuid))
-	{
-	  strcpy(user,validated_username(vuid));
-	  return(make_connection(user,user,password,pwlen,dev,vuid));
-	}
-    }
-
-  if (!lp_snum_ok(snum) || !check_access(snum)) {    
-    return(-4);
-  }
-
-  /* you can only connect to the IPC$ service as an ipc device */
-  if (strequal(service,"IPC$"))
-    strcpy(dev,"IPC");
-
-  if (*dev == '?' || !*dev)
-    {
-      if (lp_print_ok(snum))
-	strcpy(dev,"LPT1:");
-      else
-	strcpy(dev,"A:");
-    }
-
-  /* if the request is as a printer and you can't print then refuse */
-  strupper(dev);
-  if (!lp_print_ok(snum) && (strncmp(dev,"LPT",3) == 0)) {
-    DEBUG(1,("Attempt to connect to non-printer as a printer\n"));
-    return(-6);
-  }
-
-  /* lowercase the user name */
-  strlower(user);
-
-  /* add it as a possible user name */
-  add_session_user(service);
-
-  /* shall we let them in? */
-  if (!authorise_login(snum,user,password,pwlen,&guest,&force,vuid))
-    {
-      DEBUG(2,("%s invalid username/password for %s\n",timestring(),service));
-      return(-1);
-    }
-  
-  cnum = find_free_connection(str_checksum(service) + str_checksum(user));
-  if (cnum < 0)
-    {
-      DEBUG(0,("%s couldn't find free connection\n",timestring()));      
-      return(-1);
-    }
-
-  pcon = &Connections[cnum];
-  bzero((char *)pcon,sizeof(*pcon));
-
-  /* find out some info about the user */
-  pass = Get_Pwnam(user,True);
-
-  if (pass == NULL)
-    {
-      DEBUG(0,("%s couldn't find account %s\n",timestring(),user)); 
-      return(-7);
-    }
-
-  pcon->read_only = lp_readonly(snum);
-
-  {
-    pstring list;
-    StrnCpy(list,lp_readlist(snum),sizeof(pstring)-1);
-    string_sub(list,"%S",service);
-
-    if (user_in_list(user,list))
-      pcon->read_only = True;
-
-    StrnCpy(list,lp_writelist(snum),sizeof(pstring)-1);
-    string_sub(list,"%S",service);
-
-    if (user_in_list(user,list))
-      pcon->read_only = False;    
-  }
-
-  /* admin user check */
-  if (user_in_list(user,lp_admin_users(snum)) &&
-      !pcon->read_only)
-    {
-      pcon->admin_user = True;
-      DEBUG(0,("%s logged in as admin user (root privileges)\n",user));
-    }
-  else
-    pcon->admin_user = False;
-    
-  pcon->force_user = force;
-  pcon->uid = pass->pw_uid;
-  pcon->gid = pass->pw_gid;
-  pcon->num_files_open = 0;
-  pcon->lastused = time(NULL);
-  pcon->service = snum;
-  pcon->used = True;
-  pcon->printer = (strncmp(dev,"LPT",3) == 0);
-  pcon->ipc = (strncmp(dev,"IPC",3) == 0);
-  pcon->dirptr = NULL;
-  string_set(&pcon->dirpath,"");
-  string_set(&pcon->user,user);
-
-#if HAVE_GETGRNAM 
-  if (*lp_force_group(snum))
-    {
-      struct group *gptr = (struct group *)getgrnam(lp_force_group(snum));
-      if (gptr)
-	{
-	  pcon->gid = gptr->gr_gid;
-	  DEBUG(3,("Forced group %s\n",lp_force_group(snum)));
-	}
-      else
-	DEBUG(1,("Couldn't find group %s\n",lp_force_group(snum)));
-    }
-#endif
-
-  if (*lp_force_user(snum))
-    {
-      struct passwd *pass2;
-      fstring fuser;
-      strcpy(fuser,lp_force_user(snum));
-      pass2 = (struct passwd *)Get_Pwnam(fuser,True);
-      if (pass2)
-	{
-	  pcon->uid = pass2->pw_uid;
-	  string_set(&pcon->user,fuser);
-	  strcpy(user,fuser);
-	  pcon->force_user = True;
-	  DEBUG(3,("Forced user %s\n",fuser));	  
-	}
-      else
-	DEBUG(1,("Couldn't find user %s\n",fuser));
-    }
-
-  {
-    pstring s;
-    strcpy(s,lp_pathname(snum));
-    standard_sub(cnum,s);
-    string_set(&pcon->connectpath,s);
-    DEBUG(3,("Connect path is %s\n",s));
-  }
-
-  /* groups stuff added by ih */
-  pcon->ngroups = 0;
-  pcon->groups = NULL;
-
-  if (!IS_IPC(cnum))
-    {
-      /* Find all the groups this uid is in and store them. Used by become_user() */
-      setup_groups(pcon->user,pcon->uid,pcon->gid,&pcon->ngroups,&pcon->igroups,&pcon->groups);
-      
-      /* check number of connections */
-      if (!claim_connection(cnum,
-			    lp_servicename(SNUM(cnum)),
-			    lp_max_connections(SNUM(cnum)),False))
-	{
-	  DEBUG(1,("too many connections - rejected\n"));
-	  return(-8);
-	}  
-
-      if (lp_status(SNUM(cnum)))
-	claim_connection(cnum,"STATUS.",MAXSTATUS,first_connection);
-
-      first_connection = False;
-    } /* IS_IPC */
-
-  pcon->open = True;
-
-  /* execute any "root preexec = " line */
-  if (*lp_rootpreexec(SNUM(cnum)))
-    {
-      pstring cmd;
-      strcpy(cmd,lp_rootpreexec(SNUM(cnum)));
-      standard_sub(cnum,cmd);
-      DEBUG(5,("cmd=%s\n",cmd));
-      smbrun(cmd,NULL);
-    }
-
-  if (!become_user(cnum,pcon->uid))
-    {
-      DEBUG(0,("Can't become connected user!\n"));
-      pcon->open = False;
-      if (!IS_IPC(cnum)) {
-	yield_connection(cnum,
-			 lp_servicename(SNUM(cnum)),
-			 lp_max_connections(SNUM(cnum)));
-	if (lp_status(SNUM(cnum))) yield_connection(cnum,"STATUS.",MAXSTATUS);
-      }
-      return(-1);
-    }
-
-  if (ChDir(pcon->connectpath) != 0)
-    {
-      DEBUG(0,("Can't change directory to %s\n",pcon->connectpath));
-      pcon->open = False;
-      unbecome_user();
-      if (!IS_IPC(cnum)) {
-	yield_connection(cnum,
-			 lp_servicename(SNUM(cnum)),
-			 lp_max_connections(SNUM(cnum)));
-	if (lp_status(SNUM(cnum))) yield_connection(cnum,"STATUS.",MAXSTATUS);
-      }
-      return(-5);      
-    }
-
-  string_set(&pcon->origpath,pcon->connectpath);
-
-#if SOFTLINK_OPTIMISATION
-  /* resolve any soft links early */
-  {
-    pstring s;
-    strcpy(s,pcon->connectpath);
-    GetWd(s);
-    string_set(&pcon->connectpath,s);
-    ChDir(pcon->connectpath);
-  }
-#endif
-
-  num_connections_open++;
-  add_session_user(user);
-  
-  /* execute any "preexec = " line */
-  if (*lp_preexec(SNUM(cnum)))
-    {
-      pstring cmd;
-      strcpy(cmd,lp_preexec(SNUM(cnum)));
-      standard_sub(cnum,cmd);
-      smbrun(cmd,NULL);
-    }
-  
-  /* we've finished with the sensitive stuff */
-  unbecome_user();
-
-  {
-    extern struct from_host Client_info;
-    DEBUG(IS_IPC(cnum)?3:1,("%s %s (%s) connect to service %s as user %s (uid=%d,gid=%d) (pid %d)\n",
-			    timestring(),
-			    Client_info.name,Client_info.addr,
-			    lp_servicename(SNUM(cnum)),user,
-			    pcon->uid,
-			    pcon->gid,
-			    (int)getpid()));
-  }
-
-  return(cnum);
+	d_printf("Usage: %s [-DaioPh?Vb] [-d debuglevel] [-l log basename] [-p port]\n", pname);
+	d_printf("       [-O socket options] [-s services file]\n");
+	d_printf("\t-D                    Become a daemon (default)\n");
+	d_printf("\t-a                    Append to log file (default)\n");
+	d_printf("\t-i                    Run interactive (not a daemon)\n" );
+	d_printf("\t-o                    Overwrite log file, don't append\n");
+	d_printf("\t-h                    Print usage\n");
+	d_printf("\t-?                    Print usage\n");
+	d_printf("\t-V                    Print version\n");
+	d_printf("\t-b                    Print build options\n");
+	d_printf("\t-d debuglevel         Set the debuglevel\n");
+	d_printf("\t-l log basename.      Basename for log/debug files\n");
+	d_printf("\t-p port               Listen on the specified port\n");
+	d_printf("\t-O socket options     Socket options\n");
+	d_printf("\t-s services file.     Filename of services file\n");
+	d_printf("\n");
 }
 
-
 /****************************************************************************
-  find first available file slot
+ main program.
 ****************************************************************************/
-int find_free_file(void )
-{
-  int i;
-  for (i=1;i<MAX_OPEN_FILES;i++)
-    if (!Files[i].open)
-      return(i);
-  DEBUG(1,("ERROR! Out of file structures - perhaps increase MAX_OPEN_FILES?\n"));
-  return(-1);
-}
 
-/****************************************************************************
-  find first available connection slot, starting from a random position.
-The randomisation stops problems with the server dieing and clients
-thinking the server is still available.
-****************************************************************************/
-static int find_free_connection(int hash )
+ int main(int argc,char *argv[])
 {
-  int i;
-  BOOL used=False;
-  hash = (hash % (MAX_CONNECTIONS-2))+1;
+	extern BOOL append_log;
+	extern BOOL AllowDebugChange;
+	extern char *optarg;
+	/* shall I run as a daemon */
+	BOOL is_daemon = False;
+	BOOL interactive = False;
+	BOOL specified_logfile = False;
+	int port = SMB_PORT;
+	int opt;
+	pstring logfile;
 
- again:
+#ifdef HAVE_SET_AUTH_PARAMETERS
+	set_auth_parameters(argc,argv);
+#endif
 
-  for (i=hash+1;i!=hash;)
-    {
-      if (!Connections[i].open && Connections[i].used == used) 
-	{
-	  DEBUG(3,("found free connection number %d\n",i));
-	  return(i);
+	/* this is for people who can't start the program correctly */
+	while (argc > 1 && (*argv[1] != '-')) {
+		argv++;
+		argc--;
 	}
-      i++;
-      if (i == MAX_CONNECTIONS)
-	i = 1;
-    }
-
-  if (!used)
-    {
-      used = !used;
-      goto again;
-    }
-
-  DEBUG(1,("ERROR! Out of connection structures\n"));
-  return(-1);
-}
 
+	while ( EOF != (opt = getopt(argc, argv, "O:l:s:d:Dp:h?bVaiof:")) )
+		switch (opt)  {
+		case 'O':
+			pstrcpy(user_socket_options,optarg);
+			break;
 
-/****************************************************************************
-reply for the core protocol
-****************************************************************************/
-int reply_corep(char *outbuf)
-{
-  int outsize = set_message(outbuf,1,0,True);
+		case 's':
+			pstrcpy(dyn_CONFIGFILE,optarg);
+			break;
 
-  Protocol = PROTOCOL_CORE;
-
-  return outsize;
-}
+		case 'l':
+			specified_logfile = True;
+			pstr_sprintf(logfile, "%s/log.smbd", optarg);
+			lp_set_logfile(logfile);
+			break;
 
+		case 'a':
+			append_log = True;
+			break;
 
-/****************************************************************************
-reply for the coreplus protocol
-****************************************************************************/
-int reply_coreplus(char *outbuf)
-{
-  int raw = (lp_readraw()?1:0) | (lp_writeraw()?2:0);
-  int outsize = set_message(outbuf,13,0,True);
-  SSVAL(outbuf,smb_vwv5,raw); /* tell redirector we support
-				 readbraw and writebraw (possibly) */
-  CVAL(outbuf,smb_flg) = 0x81; /* Reply, SMBlockread, SMBwritelock supported */
-  SSVAL(outbuf,smb_vwv1,0x1); /* user level security, don't encrypt */	
+		case 'i':
+			interactive = True;
+			break;
 
-  Protocol = PROTOCOL_COREPLUS;
+		case 'o':
+			append_log = False;
+			break;
 
-  return outsize;
-}
+		case 'D':
+			is_daemon = True;
+			break;
 
+		case 'd':
+			if (*optarg == 'A')
+				DEBUGLEVEL = 10000;
+			else
+				DEBUGLEVEL = atoi(optarg);
+			AllowDebugChange = False;
+			break;
 
-/****************************************************************************
-reply for the lanman 1.0 protocol
-****************************************************************************/
-int reply_lanman1(char *outbuf)
-{
-  int raw = (lp_readraw()?1:0) | (lp_writeraw()?2:0);
-  int secword=0;
-  BOOL doencrypt = SMBENCRYPT();
-  time_t t = time(NULL);
-
-  if (lp_security()>=SEC_USER) secword |= 1;
-  if (doencrypt) secword |= 2;
-
-  set_message(outbuf,13,doencrypt?8:0,True);
-  SSVAL(outbuf,smb_vwv1,secword); 
-#ifdef SMB_PASSWD
-  /* Create a token value and add it to the outgoing packet. */
-  if (doencrypt) 
-    generate_next_challenge(smb_buf(outbuf));
-#endif
+		case 'p':
+			port = atoi(optarg);
+			break;
 
-  Protocol = PROTOCOL_LANMAN1;
+		case 'h':
+		case '?':
+			usage(argv[0]);
+			exit(0);
+			break;
+
+		case 'V':
+			d_printf("Version %s\n",VERSION);
+			exit(0);
+			break;
+		case 'b':
+		        build_options(True); /* Display output to screen as well as debug */ 
+			exit(0);
+			break;
+		default:
+			DEBUG(0,("Incorrect program usage - are you sure the command line is correct?\n"));
+			usage(argv[0]);
+			exit(1);
+		}
 
-  if (lp_security() == SEC_SERVER && server_cryptkey(outbuf)) {
-    DEBUG(3,("using password server validation\n"));
-#ifdef SMB_PASSWD
-  if (doencrypt) set_challenge(smb_buf(outbuf));    
+#ifdef HAVE_SETLUID
+	/* needed for SecureWare on SCO */
+	setluid(0);
 #endif
-  }
 
-  CVAL(outbuf,smb_flg) = 0x81; /* Reply, SMBlockread, SMBwritelock supported */
-  SSVAL(outbuf,smb_vwv2,maxxmit);
-  SSVAL(outbuf,smb_vwv3,lp_maxmux()); /* maxmux */
-  SSVAL(outbuf,smb_vwv4,1);
-  SSVAL(outbuf,smb_vwv5,raw); /* tell redirector we support
-				 readbraw writebraw (possibly) */
-  SIVAL(outbuf,smb_vwv6,getpid());
-  SSVAL(outbuf,smb_vwv10, TimeDiff(t)/60);
+	sec_init();
 
-  put_dos_date(outbuf,smb_vwv8,t);
+	load_case_tables();
 
-  return (smb_len(outbuf)+4);
-}
+	append_log = True;
 
+	if(!specified_logfile) {
+		pstr_sprintf(logfile, "%s/log.smbd", dyn_LOGFILEBASE);
+		lp_set_logfile(logfile);
+	}
 
-/****************************************************************************
-reply for the lanman 2.0 protocol
-****************************************************************************/
-int reply_lanman2(char *outbuf)
-{
-  int raw = (lp_readraw()?1:0) | (lp_writeraw()?2:0);
-  int secword=0;
-  BOOL doencrypt = SMBENCRYPT();
-  time_t t = time(NULL);
-
-  if (lp_security()>=SEC_USER) secword |= 1;
-  if (doencrypt) secword |= 2;
-
-  set_message(outbuf,13,doencrypt?8:0,True);
-  SSVAL(outbuf,smb_vwv1,secword); 
-#ifdef SMB_PASSWD
-  /* Create a token value and add it to the outgoing packet. */
-  if (doencrypt) 
-    generate_next_challenge(smb_buf(outbuf));
-#endif
+	fstrcpy(remote_machine, "smbd");
 
-  SIVAL(outbuf,smb_vwv6,getpid());
+	setup_logging(argv[0],interactive);
 
-  Protocol = PROTOCOL_LANMAN2;
+	/* we want to re-seed early to prevent time delays causing
+           client problems at a later date. (tridge) */
+	generate_random_buffer(NULL, 0, False);
 
-  if (lp_security() == SEC_SERVER && server_cryptkey(outbuf)) {
-    DEBUG(3,("using password server validation\n"));
-#ifdef SMB_PASSWD
-    if (doencrypt) set_challenge(smb_buf(outbuf));    
-#endif
-  }
+	/* make absolutely sure we run as root - to handle cases where people
+	   are crazy enough to have it setuid */
 
-  CVAL(outbuf,smb_flg) = 0x81; /* Reply, SMBlockread, SMBwritelock supported */
-  SSVAL(outbuf,smb_vwv2,maxxmit);
-  SSVAL(outbuf,smb_vwv3,lp_maxmux()); 
-  SSVAL(outbuf,smb_vwv4,1);
-  SSVAL(outbuf,smb_vwv5,raw); /* readbraw and/or writebraw */
-  SSVAL(outbuf,smb_vwv10, TimeDiff(t)/60);
-  put_dos_date(outbuf,smb_vwv8,t);
+	gain_root_privilege();
+	gain_root_group_privilege();
 
-  return (smb_len(outbuf)+4);
-}
+	fault_setup((void (*)(void *))exit_server);
+	CatchSignal(SIGTERM , SIGNAL_CAST sig_term);
+	CatchSignal(SIGHUP,SIGNAL_CAST sig_hup);
+	
+	/* we are never interested in SIGPIPE */
+	BlockSignals(True,SIGPIPE);
 
-/****************************************************************************
-reply for the nt protocol
-****************************************************************************/
-int reply_nt1(char *outbuf)
-{
-  int capabilities=0x300; /* has dual names + lock_and_read */
-  int secword=0;
-  BOOL doencrypt = SMBENCRYPT();
-
-  if (lp_security()>=SEC_USER) secword |= 1;
-  if (doencrypt) secword |= 2;
-
-  set_message(outbuf,17,doencrypt?8:0,True);
-  CVAL(outbuf,smb_vwv1) = secword;
-#ifdef SMB_PASSWD
-  /* Create a token value and add it to the outgoing packet. */
-  if (doencrypt) {
-    generate_next_challenge(smb_buf(outbuf));
-    /* Tell the nt machine how long the challenge is. */
-    SSVALS(outbuf,smb_vwv16+1,8);
-  }
+#if defined(SIGFPE)
+	/* we are never interested in SIGFPE */
+	BlockSignals(True,SIGFPE);
 #endif
 
-  SIVAL(outbuf,smb_vwv7+1,getpid()); /* session key */
-
-  Protocol = PROTOCOL_NT1;
-
-  if (lp_security() == SEC_SERVER && server_cryptkey(outbuf)) {
-    DEBUG(3,("using password server validation\n"));
-#ifdef SMB_PASSWD
-    if (doencrypt) set_challenge(smb_buf(outbuf));    
+#if defined(SIGUSR2)
+	/* We are no longer interested in USR2 */
+	BlockSignals(True,SIGUSR2);
 #endif
-  }
-
-  if (lp_readraw() && lp_writeraw())
-    capabilities |= 1;
-
-  SSVAL(outbuf,smb_vwv1+1,lp_maxmux()); /* maxmpx */
-  SSVAL(outbuf,smb_vwv2+1,1); /* num vcs */
-  SIVAL(outbuf,smb_vwv3+1,0xFFFF); /* max buffer */
-  SIVAL(outbuf,smb_vwv5+1,0xFFFF); /* raw size */
-  SIVAL(outbuf,smb_vwv9+1,capabilities); /* capabilities */
-  put_long_date(outbuf+smb_vwv11+1,time(NULL));
-  SSVALS(outbuf,smb_vwv15+1,TimeDiff(time(NULL))/60);
-
-  return (smb_len(outbuf)+4);
-}
-
-
-/* these are the protocol lists used for auto architecture detection:
-
-WinNT 3.51:
-protocol [PC NETWORK PROGRAM 1.0]
-protocol [XENIX CORE]
-protocol [MICROSOFT NETWORKS 1.03]
-protocol [LANMAN1.0]
-protocol [Windows for Workgroups 3.1a]
-protocol [LM1.2X002]
-protocol [LANMAN2.1]
-protocol [NT LM 0.12]
-
-Win95:
-protocol [PC NETWORK PROGRAM 1.0]
-protocol [XENIX CORE]
-protocol [MICROSOFT NETWORKS 1.03]
-protocol [LANMAN1.0]
-protocol [Windows for Workgroups 3.1a]
-protocol [LM1.2X002]
-protocol [LANMAN2.1]
-protocol [NT LM 0.12]
-
-OS/2:
-protocol [PC NETWORK PROGRAM 1.0]
-protocol [XENIX CORE]
-protocol [LANMAN1.0]
-protocol [LM1.2X002]
-protocol [LANMAN2.1]
-*/
-
-/*
-  * Modified to recognize the architecture of the remote machine better.
-  *
-  * This appears to be the matrix of which protocol is used by which
-  * MS product.
-       Protocol                       WfWg    Win95   WinNT  OS/2
-       PC NETWORK PROGRAM 1.0          1       1       1      1
-       XENIX CORE                                      2      2
-       MICROSOFT NETWORKS 3.0          2       2       
-       DOS LM1.2X002                   3       3       
-       MICROSOFT NETWORKS 1.03                         3
-       DOS LANMAN2.1                   4       4       
-       LANMAN1.0                                       4      3
-       Windows for Workgroups 3.1a     5       5       5
-       LM1.2X002                                       6      4
-       LANMAN2.1                                       7      5
-       NT LM 0.12                              6       8
-  *
-  *  tim@fsg.com 09/29/95
-  */
-  
-#define ARCH_WFWG     0x3      /* This is a fudge because WfWg is like Win95 */
-#define ARCH_WIN95    0x2
-#define	ARCH_OS2      0xC      /* Again OS/2 is like NT */
-#define ARCH_WINNT    0x8
-#define ARCH_SAMBA    0x10
- 
-#define ARCH_ALL      0x1F
- 
-/* List of supported protocols, most desired first */
-struct {
-  char *proto_name;
-  char *short_name;
-  int (*proto_reply_fn)(char *);
-  int protocol_level;
-} supported_protocols[] = {
-  {"NT LANMAN 1.0",           "NT1",      reply_nt1,      PROTOCOL_NT1},
-  {"NT LM 0.12",              "NT1",      reply_nt1,      PROTOCOL_NT1},
-  {"LM1.2X002",               "LANMAN2",  reply_lanman2,  PROTOCOL_LANMAN2},
-  {"Samba",                   "LANMAN2",  reply_lanman2,  PROTOCOL_LANMAN2},
-  {"DOS LM1.2X002",           "LANMAN2",  reply_lanman2,  PROTOCOL_LANMAN2},
-  {"LANMAN1.0",               "LANMAN1",  reply_lanman1,  PROTOCOL_LANMAN1},
-  {"MICROSOFT NETWORKS 3.0",  "LANMAN1",  reply_lanman1,  PROTOCOL_LANMAN1},
-  {"MICROSOFT NETWORKS 1.03", "COREPLUS", reply_coreplus, PROTOCOL_COREPLUS},
-  {"PC NETWORK PROGRAM 1.0",  "CORE",     reply_corep,    PROTOCOL_CORE}, 
-  {NULL,NULL},
-};
-
-
-/****************************************************************************
-  reply to a negprot
-****************************************************************************/
-static int reply_negprot(char *inbuf,char *outbuf)
-{
-  extern fstring remote_arch;
-  int outsize = set_message(outbuf,1,0,True);
-  int Index=0;
-  int choice= -1;
-  int protocol;
-  char *p;
-  int bcc = SVAL(smb_buf(inbuf),-2);
-  int arch = ARCH_ALL;
-
-  p = smb_buf(inbuf)+1;
-  while (p < (smb_buf(inbuf) + bcc))
-    { 
-      Index++;
-      DEBUG(3,("Requested protocol [%s]\n",p));
-      if (strcsequal(p,"Windows for Workgroups 3.1a"))
-	arch &= ( ARCH_WFWG | ARCH_WIN95 | ARCH_WINNT );
-      else if (strcsequal(p,"DOS LM1.2X002"))
-	arch &= ( ARCH_WFWG | ARCH_WIN95 );
-      else if (strcsequal(p,"DOS LANMAN2.1"))
-	arch &= ( ARCH_WFWG | ARCH_WIN95 );
-      else if (strcsequal(p,"NT LM 0.12"))
-	arch &= ( ARCH_WIN95 | ARCH_WINNT );
-      else if (strcsequal(p,"LANMAN2.1"))
-	arch &= ( ARCH_WINNT | ARCH_OS2 );
-      else if (strcsequal(p,"LM1.2X002"))
-	arch &= ( ARCH_WINNT | ARCH_OS2 );
-      else if (strcsequal(p,"MICROSOFT NETWORKS 1.03"))
-	arch &= ARCH_WINNT;
-      else if (strcsequal(p,"XENIX CORE"))
-	arch &= ( ARCH_WINNT | ARCH_OS2 );
-      else if (strcsequal(p,"Samba")) {
-	arch = ARCH_SAMBA;
-	break;
-      }
- 
-      p += strlen(p) + 2;
-    }
-    
-  switch ( arch ) {
-  case ARCH_SAMBA:
-    strcpy(remote_arch,"Samba");
-    break;
-  case ARCH_WFWG:
-    strcpy(remote_arch,"WfWg");
-    break;
-  case ARCH_WIN95:
-    strcpy(remote_arch,"Win95");
-    break;
-  case ARCH_WINNT:
-    strcpy(remote_arch,"WinNT");
-    break;
-  case ARCH_OS2:
-    strcpy(remote_arch,"OS2");
-    break;
-  default:
-    strcpy(remote_arch,"UNKNOWN");
-    break;
-  }
- 
-  /* possibly reload - change of architecture */
-  reload_services(True);      
-    
-  /* a special case to stop password server loops */
-  if (Index == 1 && strequal(remote_machine,myhostname) && 
-      lp_security()==SEC_SERVER)
-    exit_server("Password server loop!");
-  
-  /* Check for protocols, most desirable first */
-  for (protocol = 0; supported_protocols[protocol].proto_name; protocol++)
-    {
-      p = smb_buf(inbuf)+1;
-      Index = 0;
-      if (lp_maxprotocol() >= supported_protocols[protocol].protocol_level)
-	while (p < (smb_buf(inbuf) + bcc))
-	  { 
-	    if (strequal(p,supported_protocols[protocol].proto_name))
-	      choice = Index;
-	    Index++;
-	    p += strlen(p) + 2;
-	  }
-      if(choice != -1)
-	break;
-    }
-  
-  SSVAL(outbuf,smb_vwv0,choice);
-  if(choice != -1) {
-    extern fstring remote_proto;
-    strcpy(remote_proto,supported_protocols[protocol].short_name);
-    reload_services(True);          
-    outsize = supported_protocols[protocol].proto_reply_fn(outbuf);
-    DEBUG(3,("Selected protocol %s\n",supported_protocols[protocol].proto_name));
-  }
-  else {
-    DEBUG(0,("No protocol supported !\n"));
-  }
-  SSVAL(outbuf,smb_vwv0,choice);
-  
-  DEBUG(5,("%s negprot index=%d\n",timestring(),choice));
-
-  return(outsize);
-}
-
-
-/****************************************************************************
-  parse a connect packet
-****************************************************************************/
-void parse_connect(char *buf,char *service,char *user,char *password,int *pwlen,char *dev)
-{
-  char *p = smb_buf(buf) + 1;
-  char *p2;
-
-  DEBUG(4,("parsing connect string %s\n",p));
-    
-  p2 = strrchr(p,'\\');
-  if (p2 == NULL)
-    strcpy(service,p);
-  else
-    strcpy(service,p2+1);
-  
-  p += strlen(p) + 2;
-  
-  strcpy(password,p);
-  *pwlen = strlen(password);
-
-  p += strlen(p) + 2;
-
-  strcpy(dev,p);
-  
-  *user = 0;
-  p = strchr(service,'%');
-  if (p != NULL)
-    {
-      *p = 0;
-      strcpy(user,p+1);
-    }
-}
 
+	/* POSIX demands that signals are inherited. If the invoking process has
+	 * these signals masked, we will have problems, as we won't recieve them. */
+	BlockSignals(False, SIGHUP);
+	BlockSignals(False, SIGUSR1);
+	BlockSignals(False, SIGTERM);
 
-/****************************************************************************
-close all open files for a connection
-****************************************************************************/
-static void close_open_files(int cnum)
-{
-  int i;
-  for (i=0;i<MAX_OPEN_FILES;i++)
-    if( Files[i].cnum == cnum && Files[i].open) {
-      close_file(i);
-    }
-}
+	/* we want total control over the permissions on created files,
+	   so set our umask to 0 */
+	umask(0);
 
+	init_sec_ctx();
 
+	reopen_logs();
 
-/****************************************************************************
-close a cnum
-****************************************************************************/
-void close_cnum(int cnum, int uid)
-{
-  extern struct from_host Client_info;
-
-  DirCacheFlush(SNUM(cnum));
-
-  unbecome_user();
-
-  if (!OPEN_CNUM(cnum))
-    {
-      DEBUG(0,("Can't close cnum %d\n",cnum));
-      return;
-    }
-
-  DEBUG(IS_IPC(cnum)?3:1,("%s %s (%s) closed connection to service %s\n",
-			  timestring(),
-			  Client_info.name,Client_info.addr,
-			  lp_servicename(SNUM(cnum))));
-
-  yield_connection(cnum,
-		   lp_servicename(SNUM(cnum)),
-		   lp_max_connections(SNUM(cnum)));
-
-  if (lp_status(SNUM(cnum)))
-    yield_connection(cnum,"STATUS.",MAXSTATUS);
-
-  close_open_files(cnum);
-  dptr_closecnum(cnum);
-
-  /* execute any "postexec = " line */
-  if (*lp_postexec(SNUM(cnum)) && become_user(cnum,uid))
-    {
-      pstring cmd;
-      strcpy(cmd,lp_postexec(SNUM(cnum)));
-      standard_sub(cnum,cmd);
-      smbrun(cmd,NULL);
-      unbecome_user();
-    }
-
-  unbecome_user();
-  /* execute any "root postexec = " line */
-  if (*lp_rootpostexec(SNUM(cnum)))
-    {
-      pstring cmd;
-      strcpy(cmd,lp_rootpostexec(SNUM(cnum)));
-      standard_sub(cnum,cmd);
-      smbrun(cmd,NULL);
-    }
-
-  Connections[cnum].open = False;
-  num_connections_open--;
-  if (Connections[cnum].ngroups && Connections[cnum].groups)
-    {
-      if (Connections[cnum].igroups != (int *)Connections[cnum].groups)
-	free(Connections[cnum].groups);
-      free(Connections[cnum].igroups);
-      Connections[cnum].groups = NULL;
-      Connections[cnum].igroups = NULL;
-      Connections[cnum].ngroups = 0;
-    }
-
-  string_set(&Connections[cnum].user,"");
-  string_set(&Connections[cnum].dirpath,"");
-  string_set(&Connections[cnum].connectpath,"");
-}
+	DEBUG(0,( "smbd version %s started.\n", VERSION));
+	DEBUGADD(0,( "Copyright Andrew Tridgell and the Samba Team 1992-2002\n"));
 
+	DEBUG(2,("uid=%d gid=%d euid=%d egid=%d\n",
+		 (int)getuid(),(int)getgid(),(int)geteuid(),(int)getegid()));
 
-/****************************************************************************
-simple routines to do connection counting
-****************************************************************************/
-BOOL yield_connection(int cnum,char *name,int max_connections)
-{
-  struct connect_record crec;
-  pstring fname;
-  FILE *f;
-  int mypid = getpid();
-  int i;
-
-  DEBUG(3,("Yielding connection to %d %s\n",cnum,name));
-
-  if (max_connections <= 0)
-    return(True);
-
-  bzero(&crec,sizeof(crec));
-
-  strcpy(fname,lp_lockdir());
-  standard_sub(cnum,fname);
-  trim_string(fname,"","/");
+	/* Output the build options to the debug log */ 
+	build_options(False);
 
-  strcat(fname,"/");
-  strcat(fname,name);
-  strcat(fname,".LCK");
-
-  f = fopen(fname,"r+");
-  if (!f)
-    {
-      DEBUG(2,("Coudn't open lock file %s (%s)\n",fname,strerror(errno)));
-      return(False);
-    }
-
-  fseek(f,0,SEEK_SET);
-
-  /* find a free spot */
-  for (i=0;i<max_connections;i++)
-    {
-      if (fread(&crec,sizeof(crec),1,f) != 1)
-	{
-	  DEBUG(2,("Entry not found in lock file %s\n",fname));
-	  fclose(f);
-	  return(False);
+	if (sizeof(uint16) < 2 || sizeof(uint32) < 4) {
+		DEBUG(0,("ERROR: Samba is not configured correctly for the word size on your machine\n"));
+		exit(1);
 	}
-      if (crec.pid == mypid && crec.cnum == cnum)
-	break;
-    }
-
-  if (crec.pid != mypid || crec.cnum != cnum)
-    {
-      fclose(f);
-      DEBUG(2,("Entry not found in lock file %s\n",fname));
-      return(False);
-    }
-
-  bzero((void *)&crec,sizeof(crec));
-  
-  /* remove our mark */
-  if (fseek(f,i*sizeof(crec),SEEK_SET) != 0 ||
-      fwrite(&crec,sizeof(crec),1,f) != 1)
-    {
-      DEBUG(2,("Couldn't update lock file %s (%s)\n",fname,strerror(errno)));
-      fclose(f);
-      return(False);
-    }
-
-  DEBUG(3,("Yield successful\n"));
-
-  fclose(f);
-  return(True);
-}
 
+	/*
+	 * Do this before reload_services.
+	 */
 
-/****************************************************************************
-simple routines to do connection counting
-****************************************************************************/
-BOOL claim_connection(int cnum,char *name,int max_connections,BOOL Clear)
-{
-  struct connect_record crec;
-  pstring fname;
-  FILE *f;
-  int snum = SNUM(cnum);
-  int i,foundi= -1;
-  int total_recs;
-
-  if (max_connections <= 0)
-    return(True);
-
-  DEBUG(5,("trying claim %s %s %d\n",lp_lockdir(),name,max_connections));
-
-  strcpy(fname,lp_lockdir());
-  standard_sub(cnum,fname);
-  trim_string(fname,"","/");
-
-  if (!directory_exist(fname,NULL))
-    mkdir(fname,0755);
-
-  strcat(fname,"/");
-  strcat(fname,name);
-  strcat(fname,".LCK");
-
-  if (!file_exist(fname,NULL))
-    {
-      f = fopen(fname,"w");
-      if (f) fclose(f);
-    }
-
-  total_recs = file_size(fname) / sizeof(crec);
+	if (!reload_services(False))
+		return(-1);	
 
-  f = fopen(fname,"r+");
+	init_structs();
 
-  if (!f)
-    {
-      DEBUG(1,("couldn't open lock file %s\n",fname));
-      return(False);
-    }
-
-  /* find a free spot */
-  for (i=0;i<max_connections;i++)
-    {
-
-      if (i>=total_recs || 
-	  fseek(f,i*sizeof(crec),SEEK_SET) != 0 ||
-	  fread(&crec,sizeof(crec),1,f) != 1)
-	{
-	  if (foundi < 0) foundi = i;
-	  break;
-	}
-
-      if (Clear && crec.pid && !process_exists(crec.pid))
-	{
-	  fseek(f,i*sizeof(crec),SEEK_SET);
-	  bzero((void *)&crec,sizeof(crec));
-	  fwrite(&crec,sizeof(crec),1,f);
-	  if (foundi < 0) foundi = i;
-	  continue;
+	/* don't call winbind for our domain if we are the DC */
+	if (lp_domain_logons()) {
+		winbind_exclude_domain(lp_workgroup());
 	}
-      if (foundi < 0 && (!crec.pid || !process_exists(crec.pid)))
-	{
-	  foundi=i;
-	  if (!Clear) break;
+	
+#ifdef WITH_PROFILE
+	if (!profile_setup(False)) {
+		DEBUG(0,("ERROR: failed to setup profiling\n"));
+		return -1;
 	}
-    }  
-
-  if (foundi < 0)
-    {
-      DEBUG(3,("no free locks in %s\n",fname));
-      fclose(f);
-      return(False);
-    }      
-
-  /* fill in the crec */
-  bzero((void *)&crec,sizeof(crec));
-  crec.magic = 0x280267;
-  crec.pid = getpid();
-  crec.cnum = cnum;
-  crec.uid = Connections[cnum].uid;
-  crec.gid = Connections[cnum].gid;
-  StrnCpy(crec.name,lp_servicename(snum),sizeof(crec.name)-1);
-  crec.start = time(NULL);
-
-  {
-    extern struct from_host Client_info;
-    StrnCpy(crec.machine,Client_info.name,sizeof(crec.machine)-1);
-    StrnCpy(crec.addr,Client_info.addr,sizeof(crec.addr)-1);
-  }
-  
-  /* make our mark */
-  if (fseek(f,foundi*sizeof(crec),SEEK_SET) != 0 ||
-      fwrite(&crec,sizeof(crec),1,f) != 1)
-    {
-      fclose(f);
-      return(False);
-    }
-
-  fclose(f);
-  return(True);
-}
-
-#if DUMP_CORE
-/*******************************************************************
-prepare to dump a core file - carefully!
-********************************************************************/
-static BOOL dump_core(void)
-{
-  char *p;
-  pstring dname;
-  strcpy(dname,debugf);
-  if ((p=strrchr(dname,'/'))) *p=0;
-  strcat(dname,"/corefiles");
-  mkdir(dname,0700);
-  sys_chown(dname,getuid(),getgid());
-  chmod(dname,0700);
-  if (chdir(dname)) return(False);
-  umask(~(0700));
-
-#ifndef NO_GETRLIMIT
-#ifdef RLIMIT_CORE
-  {
-    struct rlimit rlp;
-    getrlimit(RLIMIT_CORE, &rlp);
-    rlp.rlim_cur = MAX(4*1024*1024,rlp.rlim_cur);
-    setrlimit(RLIMIT_CORE, &rlp);
-    getrlimit(RLIMIT_CORE, &rlp);
-    DEBUG(3,("Core limits now %d %d\n",rlp.rlim_cur,rlp.rlim_max));
-  }
-#endif
-#endif
-
-
-  DEBUG(0,("Dumping core in %s\n",dname));
-  return(True);
-}
-#endif
-
-/****************************************************************************
-exit the server
-****************************************************************************/
-void exit_server(char *reason)
-{
-  static int firsttime=1;
-  int i;
-
-  if (!firsttime) exit(0);
-  firsttime = 0;
-
-  unbecome_user();
-  DEBUG(2,("Closing connections\n"));
-  for (i=0;i<MAX_CONNECTIONS;i++)
-    if (Connections[i].open)
-      close_cnum(i,-1);
-#ifdef DFS_AUTH
-  if (dcelogin_atmost_once)
-    dfs_unlogin();
-#endif
-  if (!reason) {   
-    int oldlevel = DEBUGLEVEL;
-    DEBUGLEVEL = 10;
-    DEBUG(0,("Last message was %s\n",smb_fn_name(last_message)));
-    if (last_inbuf)
-      show_msg(last_inbuf);
-    DEBUGLEVEL = oldlevel;
-    DEBUG(0,("===============================================================\n"));
-#if DUMP_CORE
-    if (dump_core()) return;
-#endif
-  }    
-  DEBUG(3,("%s Server exit  (%s)\n",timestring(),reason?reason:""));
-  exit(0);
-}
-
-/****************************************************************************
-do some standard substitutions in a string
-****************************************************************************/
-void standard_sub(int cnum,char *s)
-{
-  if (!strchr(s,'%')) return;
-
-  if (VALID_CNUM(cnum))
-    {
-      string_sub(s,"%S",lp_servicename(Connections[cnum].service));
-      string_sub(s,"%P",Connections[cnum].connectpath);
-      string_sub(s,"%u",Connections[cnum].user);
-      if (strstr(s,"%H")) {
-	char *home = get_home_dir(Connections[cnum].user);
-	if (home) string_sub(s,"%H",home);
-      }
-      string_sub(s,"%g",gidtoname(Connections[cnum].gid));
-    }
-  standard_sub_basic(s);
-}
-
-/*
-These flags determine some of the permissions required to do an operation 
-
-Note that I don't set NEED_WRITE on some write operations because they
-are used by some brain-dead clients when printing, and I don't want to
-force write permissions on print services.
-*/
-#define AS_USER (1<<0)
-#define NEED_WRITE (1<<1)
-#define TIME_INIT (1<<2)
-#define CAN_IPC (1<<3)
-#define AS_GUEST (1<<5)
-
-
-/* 
-   define a list of possible SMB messages and their corresponding
-   functions. Any message that has a NULL function is unimplemented -
-   please feel free to contribute implementations!
-*/
-struct smb_message_struct
-{
-  int code;
-  char *name;
-  int (*fn)();
-  int flags;
-#if PROFILING
-  unsigned long time;
-#endif
-}
- smb_messages[] = {
-
-    /* CORE PROTOCOL */
-
-   {SMBnegprot,"SMBnegprot",reply_negprot,0},
-   {SMBtcon,"SMBtcon",reply_tcon,0},
-   {SMBtdis,"SMBtdis",reply_tdis,0},
-   {SMBexit,"SMBexit",reply_exit,0},
-   {SMBioctl,"SMBioctl",reply_ioctl,0},
-   {SMBecho,"SMBecho",reply_echo,0},
-   {SMBsesssetupX,"SMBsesssetupX",reply_sesssetup_and_X,0},
-   {SMBtconX,"SMBtconX",reply_tcon_and_X,0},
-   {SMBulogoffX, "SMBulogoffX", reply_ulogoffX, 0}, 
-   {SMBgetatr,"SMBgetatr",reply_getatr,AS_USER},
-   {SMBsetatr,"SMBsetatr",reply_setatr,AS_USER | NEED_WRITE},
-   {SMBchkpth,"SMBchkpth",reply_chkpth,AS_USER},
-   {SMBsearch,"SMBsearch",reply_search,AS_USER},
-   {SMBopen,"SMBopen",reply_open,AS_USER},
-
-   /* note that SMBmknew and SMBcreate are deliberately overloaded */   
-   {SMBcreate,"SMBcreate",reply_mknew,AS_USER},
-   {SMBmknew,"SMBmknew",reply_mknew,AS_USER}, 
-
-   {SMBunlink,"SMBunlink",reply_unlink,AS_USER | NEED_WRITE},
-   {SMBread,"SMBread",reply_read,AS_USER},
-   {SMBwrite,"SMBwrite",reply_write,AS_USER},
-   {SMBclose,"SMBclose",reply_close,AS_USER},
-   {SMBmkdir,"SMBmkdir",reply_mkdir,AS_USER | NEED_WRITE},
-   {SMBrmdir,"SMBrmdir",reply_rmdir,AS_USER | NEED_WRITE},
-   {SMBdskattr,"SMBdskattr",reply_dskattr,AS_USER},
-   {SMBmv,"SMBmv",reply_mv,AS_USER | NEED_WRITE},
-
-   /* this is a Pathworks specific call, allowing the 
-      changing of the root path */
-   {pSETDIR,"pSETDIR",reply_setdir,AS_USER}, 
-
-   {SMBlseek,"SMBlseek",reply_lseek,AS_USER},
-   {SMBflush,"SMBflush",reply_flush,AS_USER},
-   {SMBctemp,"SMBctemp",reply_ctemp,AS_USER},
-   {SMBsplopen,"SMBsplopen",reply_printopen,AS_USER},
-   {SMBsplclose,"SMBsplclose",reply_printclose,AS_USER},
-   {SMBsplretq,"SMBsplretq",reply_printqueue,AS_USER},
-   {SMBsplwr,"SMBsplwr",reply_printwrite,AS_USER},
-   {SMBlock,"SMBlock",reply_lock,AS_USER},
-   {SMBunlock,"SMBunlock",reply_unlock,AS_USER},
-   
-   /* CORE+ PROTOCOL FOLLOWS */
-   
-   {SMBreadbraw,"SMBreadbraw",reply_readbraw,AS_USER},
-   {SMBwritebraw,"SMBwritebraw",reply_writebraw,AS_USER},
-   {SMBwriteclose,"SMBwriteclose",reply_writeclose,AS_USER},
-   {SMBlockread,"SMBlockread",reply_lockread,AS_USER},
-   {SMBwriteunlock,"SMBwriteunlock",reply_writeunlock,AS_USER},
-   
-   /* LANMAN1.0 PROTOCOL FOLLOWS */
-   
-   {SMBreadBmpx,"SMBreadBmpx",reply_readbmpx,AS_USER},
-   {SMBreadBs,"SMBreadBs",NULL,AS_USER},
-   {SMBwriteBmpx,"SMBwriteBmpx",reply_writebmpx,AS_USER},
-   {SMBwriteBs,"SMBwriteBs",reply_writebs,AS_USER},
-   {SMBwritec,"SMBwritec",NULL,AS_USER},
-   {SMBsetattrE,"SMBsetattrE",reply_setattrE,AS_USER | NEED_WRITE},
-   {SMBgetattrE,"SMBgetattrE",reply_getattrE,AS_USER},
-   {SMBtrans,"SMBtrans",reply_trans,AS_USER | CAN_IPC},
-   {SMBtranss,"SMBtranss",NULL,AS_USER | CAN_IPC},
-   {SMBioctls,"SMBioctls",NULL,AS_USER},
-   {SMBcopy,"SMBcopy",reply_copy,AS_USER | NEED_WRITE},
-   {SMBmove,"SMBmove",NULL,AS_USER | NEED_WRITE},
-   
-   {SMBopenX,"SMBopenX",reply_open_and_X,AS_USER},
-   {SMBreadX,"SMBreadX",reply_read_and_X,AS_USER},
-   {SMBwriteX,"SMBwriteX",reply_write_and_X,AS_USER},
-   {SMBlockingX,"SMBlockingX",reply_lockingX,AS_USER},
-   
-   {SMBffirst,"SMBffirst",reply_search,AS_USER},
-   {SMBfunique,"SMBfunique",reply_search,AS_USER},
-   {SMBfclose,"SMBfclose",reply_fclose,AS_USER},
-
-   /* LANMAN2.0 PROTOCOL FOLLOWS */
-   {SMBfindnclose, "SMBfindnclose", reply_findnclose, AS_USER},
-   {SMBfindclose, "SMBfindclose", reply_findclose,AS_USER},
-   {SMBtrans2, "SMBtrans2", reply_trans2, AS_USER},
-   {SMBtranss2, "SMBtranss2", reply_transs2, AS_USER},
-
-   /* messaging routines */
-   {SMBsends,"SMBsends",reply_sends,AS_GUEST},
-   {SMBsendstrt,"SMBsendstrt",reply_sendstrt,AS_GUEST},
-   {SMBsendend,"SMBsendend",reply_sendend,AS_GUEST},
-   {SMBsendtxt,"SMBsendtxt",reply_sendtxt,AS_GUEST},
-
-   /* NON-IMPLEMENTED PARTS OF THE CORE PROTOCOL */
-   
-   {SMBsendb,"SMBsendb",NULL,AS_GUEST},
-   {SMBfwdname,"SMBfwdname",NULL,AS_GUEST},
-   {SMBcancelf,"SMBcancelf",NULL,AS_GUEST},
-   {SMBgetmac,"SMBgetmac",NULL,AS_GUEST}
- };
-
-/****************************************************************************
-return a string containing the function name of a SMB command
-****************************************************************************/
-char *smb_fn_name(int type)
-{
-  static char *unknown_name = "SMBunknown";
-  static int num_smb_messages = 
-    sizeof(smb_messages) / sizeof(struct smb_message_struct);
-  int match;
-
-  for (match=0;match<num_smb_messages;match++)
-    if (smb_messages[match].code == type)
-      break;
-
-  if (match == num_smb_messages)
-    return(unknown_name);
-
-  return(smb_messages[match].name);
-}
-
-
-/****************************************************************************
-do a switch on the message type, and return the response size
-****************************************************************************/
-static int switch_message(int type,char *inbuf,char *outbuf,int size,int bufsize)
-{
-  static int pid= -1;
-  int outsize = 0;
-  static int num_smb_messages = 
-    sizeof(smb_messages) / sizeof(struct smb_message_struct);
-  int match;
-
-#if PROFILING
-  struct timeval msg_start_time;
-  struct timeval msg_end_time;
-  static unsigned long total_time = 0;
-
-  GetTimeOfDay(&msg_start_time);
 #endif
 
-  if (pid == -1)
-    pid = getpid();
-
-  errno = 0;
-  last_message = type;
-
-  /* make sure this is an SMB packet */
-  if (strncmp(smb_base(inbuf),"\377SMB",4) != 0)
-    {
-      DEBUG(2,("Non-SMB packet of length %d\n",smb_len(inbuf)));
-      return(-1);
-    }
-
-  for (match=0;match<num_smb_messages;match++)
-    if (smb_messages[match].code == type)
-      break;
-
-  if (match == num_smb_messages)
-    {
-      DEBUG(0,("Unknown message type %d!\n",type));
-      outsize = reply_unknown(inbuf,outbuf);
-    }
-  else
-    {
-      DEBUG(3,("switch message %s (pid %d)\n",smb_messages[match].name,pid));
-      if (smb_messages[match].fn)
+#ifdef WITH_SSL
 	{
-	  int cnum = SVAL(inbuf,smb_tid);
-	  int flags = smb_messages[match].flags;
-	  int uid = SVAL(inbuf,smb_uid);
-
-	  /* does this protocol need to be run as root? */
-	  if (!(flags & AS_USER))
-	    unbecome_user();
-
-	  /* does this protocol need to be run as the connected user? */
-	  if ((flags & AS_USER) && !become_user(cnum,uid))
-	    return(ERROR(ERRSRV,ERRinvnid));
-
-	  /* does it need write permission? */
-	  if ((flags & NEED_WRITE) && !CAN_WRITE(cnum))
-	    return(ERROR(ERRSRV,ERRaccess));
-
-	  /* ipc services are limited */
-	  if (IS_IPC(cnum) && (flags & AS_USER) && !(flags & CAN_IPC))
-	    return(ERROR(ERRSRV,ERRaccess));	    
-
-	  /* load service specific parameters */
-	  if (OPEN_CNUM(cnum) && !become_service(cnum,(flags & AS_USER)?True:False))
-	    return(ERROR(ERRSRV,ERRaccess));
-
-	  /* does this protocol need to be run as guest? */
-	  if ((flags & AS_GUEST) && (!become_guest() || !check_access(-1)))
-	    return(ERROR(ERRSRV,ERRaccess));
-
-	  last_inbuf = inbuf;
-
-	  outsize = smb_messages[match].fn(inbuf,outbuf,size,bufsize);
-	}
-      else
-	{
-	  outsize = reply_unknown(inbuf,outbuf);
+		extern BOOL sslEnabled;
+		sslEnabled = lp_ssl_enabled();
+		if(sslEnabled)
+			sslutil_init(True);
 	}
-    }
-
-#if PROFILING
-  GetTimeOfDay(&msg_end_time);
-  if (!(smb_messages[match].flags & TIME_INIT))
-    {
-      smb_messages[match].time = 0;
-      smb_messages[match].flags |= TIME_INIT;
-    }
-  {
-    unsigned long this_time =     
-      (msg_end_time.tv_sec - msg_start_time.tv_sec)*1e6 +
-	(msg_end_time.tv_usec - msg_start_time.tv_usec);
-    smb_messages[match].time += this_time;
-    total_time += this_time;
-  }
-  DEBUG(2,("TIME %s  %d usecs   %g pct\n",
-	   smb_fn_name(type),smb_messages[match].time,
-	(100.0*smb_messages[match].time) / total_time));
-#endif
-
-  return(outsize);
-}
-
-
-/****************************************************************************
-construct a chained reply and add it to the already made reply
-
-inbuf points to the original message start.
-inbuf2 points to the smb_wct part of the secondary message
-type is the type of the secondary message
-outbuf points to the original outbuffer
-outbuf2 points to the smb_wct field of the new outbuffer
-size is the total length of the incoming message (from inbuf1)
-bufsize is the total buffer size
-
-return how many bytes were added to the response
-****************************************************************************/
-int chain_reply(int type,char *inbuf,char *inbuf2,char *outbuf,char *outbuf2,int size,int bufsize)
-{
-  int outsize = 0;
-  char *ibuf,*obuf;
-  static BOOL in_chain = False;
-  static char *last_outbuf=NULL;
-  BOOL was_inchain = in_chain;
-  int insize_remaining;
-  static int insize_deleted;
- 
-
-  chain_size += PTR_DIFF(outbuf2,outbuf) - smb_wct;
-  if (was_inchain)
-    outbuf = last_outbuf;
-  else
-    insize_deleted = 0;
-
-
-  insize_deleted = 0;
-  inbuf2 -= insize_deleted;
-  insize_remaining = size - PTR_DIFF(inbuf2,inbuf);
-  insize_deleted += size - (insize_remaining + smb_wct);
-
-  in_chain = True;
-  last_outbuf = outbuf;
+#endif        /* WITH_SSL */
 
+	fstrcpy(global_myworkgroup, lp_workgroup());
 
-  /* allocate some space for the in and out buffers of the chained message */
-  ibuf = (char *)malloc(size + SAFETY_MARGIN);
-  obuf = (char *)malloc(bufsize + SAFETY_MARGIN);
+	DEBUG(3,( "loaded services\n"));
 
-  if (!ibuf || !obuf)
-    {
-      DEBUG(0,("Out of memory in chain reply\n"));
-      return(ERROR(ERRSRV,ERRnoresource));
-    }
+	if (!is_daemon && !is_a_socket(0)) {
+		if (!interactive)
+			DEBUG(0,("standard input is not a socket, assuming -D option\n"));
 
-  ibuf += SMB_ALIGNMENT;
-  obuf += SMB_ALIGNMENT;
+		/*
+		 * Setting is_daemon here prevents us from eventually calling
+		 * the open_sockets_inetd()
+		 */
 
-  /* create the in buffer */
-  memcpy(ibuf,inbuf,smb_wct);
-  memcpy(ibuf+smb_wct,inbuf2,insize_remaining);
-  CVAL(ibuf,smb_com) = type;
-
-  /* create the out buffer */
-  bzero(obuf,smb_size);
-
-  set_message(obuf,0,0,True);
-  CVAL(obuf,smb_com) = CVAL(ibuf,smb_com);
-  
-  memcpy(obuf+4,ibuf+4,4);
-  CVAL(obuf,smb_rcls) = SUCCESS;
-  CVAL(obuf,smb_reh) = 0;
-  CVAL(obuf,smb_flg) = 0x80 | (CVAL(ibuf,smb_flg) & 0x8); /* bit 7 set 
-							     means a reply */
-  SSVAL(obuf,smb_flg2,1); /* say we support long filenames */
-  SSVAL(obuf,smb_err,SUCCESS);
-  SSVAL(obuf,smb_tid,SVAL(inbuf,smb_tid));
-  SSVAL(obuf,smb_pid,SVAL(inbuf,smb_pid));
-  SSVAL(obuf,smb_uid,SVAL(inbuf,smb_uid));
-  SSVAL(obuf,smb_mid,SVAL(inbuf,smb_mid));
-
-  DEBUG(3,("Chained message\n"));
-  show_msg(ibuf);
-
-  /* process the request */
-  outsize = switch_message(type,ibuf,obuf,smb_wct+insize_remaining,
-			   bufsize-chain_size);
-
-  /* copy the new reply header over the old one, but preserve 
-     the smb_com field */
-  memcpy(outbuf+smb_com+1,obuf+smb_com+1,smb_wct-(smb_com+1));
-
-  /* and copy the data from the reply to the right spot */
-  memcpy(outbuf2,obuf+smb_wct,outsize - smb_wct);
-
-  /* free the allocated buffers */
-  if (ibuf) free(ibuf-SMB_ALIGNMENT);
-  if (obuf) free(obuf-SMB_ALIGNMENT);
-
-  in_chain = was_inchain;
-
-  /* return how much extra has been added to the packet */
-  return(outsize - smb_wct);
-}
-
-
-
-/****************************************************************************
-  construct a reply to the incoming packet
-****************************************************************************/
-int construct_reply(char *inbuf,char *outbuf,int size,int bufsize)
-{
-  int type = CVAL(inbuf,smb_com);
-  int outsize = 0;
-  int msg_type = CVAL(inbuf,0);
-
-  smb_last_time = time(NULL);
-
-  chain_size = 0;
-
-  bzero(outbuf,smb_size);
-
-  if (msg_type != 0)
-    return(reply_special(inbuf,outbuf));  
-
-  CVAL(outbuf,smb_com) = CVAL(inbuf,smb_com);
-  set_message(outbuf,0,0,True);
-  
-  memcpy(outbuf+4,inbuf+4,4);
-  CVAL(outbuf,smb_rcls) = SUCCESS;
-  CVAL(outbuf,smb_reh) = 0;
-  CVAL(outbuf,smb_flg) = 0x80 | (CVAL(inbuf,smb_flg) & 0x8); /* bit 7 set 
-							     means a reply */
-  SSVAL(outbuf,smb_flg2,1); /* say we support long filenames */
-  SSVAL(outbuf,smb_err,SUCCESS);
-  SSVAL(outbuf,smb_tid,SVAL(inbuf,smb_tid));
-  SSVAL(outbuf,smb_pid,SVAL(inbuf,smb_pid));
-  SSVAL(outbuf,smb_uid,SVAL(inbuf,smb_uid));
-  SSVAL(outbuf,smb_mid,SVAL(inbuf,smb_mid));
-
-  outsize = switch_message(type,inbuf,outbuf,size,bufsize);
-
-  if(outsize > 4)
-    smb_setlen(outbuf,outsize - 4);
-  return(outsize);
-}
-
-
-/****************************************************************************
-  process commands from the client
-****************************************************************************/
-void process(void )
-{
-  static int trans_num = 0;
-  int nread;
-  extern struct from_host Client_info;
-  extern int Client;
-
-  fromhost(Client,&Client_info);
-  
-  InBuffer = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
-  OutBuffer = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
-  if ((InBuffer == NULL) || (OutBuffer == NULL)) 
-    return;
-
-  InBuffer += SMB_ALIGNMENT;
-  OutBuffer += SMB_ALIGNMENT;
-
-#if PRIME_NMBD
-  DEBUG(3,("priming nmbd\n"));
-  {
-    struct in_addr ip;
-    ip = *interpret_addr2("localhost");
-    if (zero_ip(ip)) ip = *interpret_addr2("127.0.0.1");
-    *OutBuffer = 0;
-    send_one_packet(OutBuffer,1,ip,137,SOCK_DGRAM);
-  }
-#endif    
-
-  last_user.cnum = -1;
-  
-  while (True)
-    {
-      int32 len;      
-      int msg_type;
-      int msg_flags;
-      int type;
-      int deadtime = lp_deadtime()*60;
-      int counter;
-      int last_keepalive=0;
-
-      if (deadtime <= 0)
-	deadtime = DEFAULT_SMBD_TIMEOUT;
-
-      if (lp_readprediction())
-	do_read_prediction();
-
-      {
-	extern pstring share_del_pending;
-	if (*share_del_pending) {
-	  unbecome_user();
-	  if (!unlink(share_del_pending))
-	    DEBUG(3,("Share file deleted %s\n",share_del_pending));
-	  else
-	    DEBUG(2,("Share del failed of %s\n",share_del_pending));
-	  share_del_pending[0] = 0;
+		is_daemon = True;
 	}
-      }
-
-      if (share_mode_pending) {
-	unbecome_user();
-	check_share_modes();
-	share_mode_pending=False;
-      }
-
-      errno = 0;      
 
-      for (counter=SMBD_SELECT_LOOP; 
-	   !receive_smb(Client,InBuffer,SMBD_SELECT_LOOP*1000); 
-	   counter += SMBD_SELECT_LOOP)
-	{
-	  int i;
-	  time_t t;
-	  BOOL allidle = True;
-	  extern int keepalive;
-
-	  /* check for socket failure */
-	  if (errno == EBADF) {
-	    DEBUG(3,("%s Bad file descriptor - exiting\n",timestring()));
-	    return;
-	  }
-
-	  t = time(NULL);
-
-	  /* become root again if waiting */
-	  unbecome_user();
-
-	  /* check for smb.conf reload */
-	  if (!(counter%SMBD_RELOAD_CHECK))
-	    reload_services(True);
-
-	  /* check the share modes every 10 secs */
-	  if (!(counter%SHARE_MODES_CHECK))
-	    check_share_modes();
-
-	  /* clean the share modes every 5 minutes */
-	  if (!(counter%SHARE_MODES_CLEAN))
-	    clean_share_files();
-
-	  /* automatic timeout if all connections are closed */      
-	  if (num_connections_open==0 && counter >= IDLE_CLOSED_TIMEOUT) {
-	    DEBUG(2,("%s Closing idle connection\n",timestring()));
-	    return;
-	  }
-
-	  if (keepalive && (counter-last_keepalive)>keepalive) {
-	    if (!send_keepalive(Client)) {
-	      DEBUG(2,("%s Keepalive failed - exiting\n",timestring()));
-	      return;
-	    }
-	    last_keepalive = counter;
-	  }
-
-	  /* check for connection timeouts */
-	  for (i=0;i<MAX_CONNECTIONS;i++)
-	    if (Connections[i].open)
-	      {
-		/* close dirptrs on connections that are idle */
-		if ((t-Connections[i].lastused)>DPTR_IDLE_TIMEOUT)
-		  dptr_idlecnum(i);
-
-		if (Connections[i].num_files_open > 0 ||
-		    (t-Connections[i].lastused)<deadtime)
-		  allidle = False;
-	      }
-
-	  if (allidle && num_connections_open>0) {
-	    DEBUG(2,("%s Closing idle connection 2\n",timestring()));
-	    return;
-	  }
+	if (is_daemon && !interactive) {
+		DEBUG( 3, ( "Becoming a daemon.\n" ) );
+		become_daemon();
 	}
 
-      msg_type = CVAL(InBuffer,0);
-      msg_flags = CVAL(InBuffer,1);
-      type = CVAL(InBuffer,smb_com);
-
-      len = smb_len(InBuffer);
-
-      DEBUG(6,("got message type 0x%x of len 0x%x\n",msg_type,len));
-
-      nread = len + 4;
-      
-      DEBUG(3,("%s Transaction %d of length %d\n",timestring(),trans_num,nread));
-
-#ifdef WITH_VTP
-      if(trans_num == 1 && VT_Check(InBuffer)) {
-        VT_Process();
-        return;
-      }
+#if HAVE_SETPGID
+	/*
+	 * If we're interactive we want to set our own process group for
+	 * signal management.
+	 */
+	if (interactive)
+		setpgid( (pid_t)0, (pid_t)0);
 #endif
 
+	if (!directory_exist(lp_lockdir(), NULL)) {
+		mkdir(lp_lockdir(), 0755);
+	}
 
-      if (msg_type == 0)
-	show_msg(InBuffer);
-
-      nread = construct_reply(InBuffer,OutBuffer,nread,maxxmit);
-      
-      if(nread > 0) {
-        if (CVAL(OutBuffer,0) == 0)
-	  show_msg(OutBuffer);
-	
-        if (nread != smb_len(OutBuffer) + 4) 
-	  {
-	    DEBUG(0,("ERROR: Invalid message response size! %d %d\n",
-		     nread,
-		     smb_len(OutBuffer)));
-	  }
-	else
-	  send_smb(Client,OutBuffer);
-      }
-      trans_num++;
-    }
-}
-
-
-/****************************************************************************
-  initialise connect, service and file structs
-****************************************************************************/
-static void init_structs(void )
-{
-  int i;
-  get_myname(myhostname,&myip);
-
-  for (i=0;i<MAX_CONNECTIONS;i++)
-    {
-      Connections[i].open = False;
-      Connections[i].num_files_open=0;
-      Connections[i].lastused=0;
-      Connections[i].used=False;
-      string_init(&Connections[i].user,"");
-      string_init(&Connections[i].dirpath,"");
-      string_init(&Connections[i].connectpath,"");
-      string_init(&Connections[i].origpath,"");
-    }
-
-  for (i=0;i<MAX_OPEN_FILES;i++)
-    {
-      Files[i].open = False;
-      string_init(&Files[i].name,"");
-    }
-
-  init_dptrs();
-}
-
-/****************************************************************************
-usage on the program
-****************************************************************************/
-void usage(char *pname)
-{
-  DEBUG(0,("Incorrect program usage - are you sure the command line is correct?\n"));
-
-  printf("Usage: %s [-D] [-p port] [-d debuglevel] [-l log basename] [-s services file]\n",pname);
-  printf("Version %s\n",VERSION);
-  printf("\t-D                    become a daemon\n");
-  printf("\t-p port               listen on the specified port\n");
-  printf("\t-d debuglevel         set the debuglevel\n");
-  printf("\t-l log basename.      Basename for log/debug files\n");
-  printf("\t-s services file.     Filename of services file\n");
-  printf("\t-P                    passive only\n");
-  printf("\t-a                    overwrite log file, don't append\n");
-  printf("\n");
-}
-
-
-/****************************************************************************
-  main program
-****************************************************************************/
-int main(int argc,char *argv[])
-{
-  extern BOOL append_log;
-  /* shall I run as a daemon */
-  BOOL is_daemon = False;
-  int port = 139;
-  int opt;
-  extern char *optarg;
-
-#ifdef NEED_AUTH_PARAMETERS
-  set_auth_parameters(argc,argv);
-#endif
+	if (is_daemon) {
+		pidfile_create("smbd");
+	}
 
-#ifdef SecureWare
-  setluid(0);
-#endif
+	if (!message_init()) {
+		exit(1);
+	}
+	register_msg_pool_usage();
+	register_dmalloc_msgs();
 
-  append_log = True;
+	/* Setup the main smbd so that we can get messages. */
+	claim_connection(NULL,"",0,True);
 
-  TimeInit();
+	/* 
+	   DO NOT ENABLE THIS TILL YOU COPE WITH KILLING THESE TASKS AND INETD
+	   THIS *killed* LOTS OF BUILD FARM MACHINES. IT CREATED HUNDREDS OF 
+	   smbd PROCESSES THAT NEVER DIE
+	   start_background_queue(); 
+	*/
 
-  strcpy(debugf,SMBLOGFILE);  
+	if (!open_sockets(is_daemon,port))
+		exit(1);
 
-  setup_logging(argv[0],False);
+	/*
+	 * everything after this point is run after the fork()
+	 */ 
 
-  charset_initialise();
+	if (!locking_init(0))
+		exit(1);
 
-  /* make absolutely sure we run as root - to handle cases whre people
-     are crazy enough to have it setuid */
-#ifdef USE_SETRES
-  setresuid(0,0,0);
-#else
-  setuid(0);
-  seteuid(0);
-  setuid(0);
-  seteuid(0);
-#endif
+	if (!print_backend_init())
+		exit(1);
 
-  fault_setup(exit_server);
+	if (!share_info_db_init())
+		exit(1);
 
-  umask(0777 & ~DEF_CREATE_MASK);
+	if(!initialize_password_db(False))
+		exit(1);
 
-  initial_uid = geteuid();
-  initial_gid = getegid();
+	uni_group_cache_init(); /* Non-critical */
+	
+	/* possibly reload the services file. */
+	reload_services(True);
 
-  if (initial_gid != 0 && initial_uid == 0)
-    {
-#ifdef HPUX
-      setresgid(0,0,0);
-#else
-      setgid(0);
-      setegid(0);
-#endif
-    }
-
-  initial_uid = geteuid();
-  initial_gid = getegid();
-
-
-  /* this is for people who can't start the program correctly */
-  while (argc > 1 && (*argv[1] != '-'))
-    {
-      argv++;
-      argc--;
-    }
-
-  while ((opt = getopt(argc, argv, "O:i:l:s:d:Dp:hPa")) != EOF)
-    switch (opt)
-      {
-      case 'O':
-	strcpy(user_socket_options,optarg);
-	break;
-      case 'i':
-	strcpy(scope,optarg);
-	break;
-      case 'P':
-	{
-	  extern BOOL passive;
-	  passive = True;
-	}
-	break;	
-      case 's':
-	strcpy(servicesf,optarg);
-	break;
-      case 'l':
-	strcpy(debugf,optarg);
-	break;
-      case 'a':
-	{
-	  extern BOOL append_log;
-	  append_log = !append_log;
+	if(!pdb_generate_sam_sid()) {
+		DEBUG(0,("ERROR: Samba cannot create a SAM SID.\n"));
+		exit(1);
 	}
-	break;
-      case 'D':
-	is_daemon = True;
-	break;
-      case 'd':
-	if (*optarg == 'A')
-	  DEBUGLEVEL = 10000;
-	else
-	  DEBUGLEVEL = atoi(optarg);
-	break;
-      case 'p':
-	port = atoi(optarg);
-	break;
-      case 'h':
-	usage(argv[0]);
-	exit(0);
-	break;
-      default:
-	usage(argv[0]);
-	exit(1);
-      }
-
-  reopen_logs();
-
-  DEBUG(2,("%s smbd version %s started\n",timestring(),VERSION));
-  DEBUG(2,("Copyright Andrew Tridgell 1992-1995\n"));
-
-  GetWd(OriginalDir);
-
-#ifndef NO_GETRLIMIT
-#ifdef RLIMIT_NOFILE
-  {
-    struct rlimit rlp;
-    getrlimit(RLIMIT_NOFILE, &rlp);
-    rlp.rlim_cur = (MAX_OPEN_FILES>rlp.rlim_max)? rlp.rlim_max:MAX_OPEN_FILES;
-    setrlimit(RLIMIT_NOFILE, &rlp);
-    getrlimit(RLIMIT_NOFILE, &rlp);
-    DEBUG(3,("Maximum number of open files per session is %d\n",rlp.rlim_cur));
-  }
-#endif
-#endif
-
-  
-  DEBUG(2,("uid=%d gid=%d euid=%d egid=%d\n",
-	getuid(),getgid(),geteuid(),getegid()));
-
-  if (sizeof(uint16) < 2 || sizeof(uint32) < 4)
-    {
-      DEBUG(0,("ERROR: Samba is not configured correctly for the word size on your machine\n"));
-      exit(1);
-    }
-
-  init_structs();
-
-  if (!reload_services(False))
-    return(-1);	
-
-#ifndef NO_SIGNAL_TEST
-  signal(SIGHUP,SIGNAL_CAST sig_hup);
-#endif
-  
-  DEBUG(3,("%s loaded services\n",timestring()));
 
-  if (!is_daemon && !is_a_socket(0))
-    {
-      DEBUG(0,("standard input is not a socket, assuming -D option\n"));
-      is_daemon = True;
-    }
-
-  if (is_daemon)
-    {
-      DEBUG(3,("%s becoming a daemon\n",timestring()));
-      become_daemon();
-    }
-
-  if (open_sockets(is_daemon,port))
-    {      
-      /* possibly reload the services file. */
-      reload_services(True);
-
-      maxxmit = MIN(lp_maxxmit(),BUFFER_SIZE);
-
-      if (*lp_rootdir())
-	{
-	  if (sys_chroot(lp_rootdir()) == 0)
-	    DEBUG(2,("%s changed root to %s\n",timestring(),lp_rootdir()));
+	if (!init_account_policy()) {
+		DEBUG(0,("Could not open account policy tdb.\n"));
+		exit(1);
 	}
 
-      process();
-      close_sockets();
-    }
-  exit_server("normal exit");
-  return(0);
-}
+	if (*lp_rootdir()) {
+		if (sys_chroot(lp_rootdir()) == 0)
+			DEBUG(2,("Changed root to %s\n", lp_rootdir()));
+	}
 
+	/* Setup oplocks */
+	if (!init_oplocks())
+		exit(1);
+	
+	/* Setup change notify */
+	if (!init_change_notify())
+		exit(1);
 
+	smbd_process();
+	
+	uni_group_cache_shutdown();
+	exit_server("normal exit");
+	return(0);
+}
diff --git a/source3/smbd/service.c b/source3/smbd/service.c
new file mode 100644
index 0000000000..0ae49b7adf
--- /dev/null
+++ b/source3/smbd/service.c
@@ -0,0 +1,738 @@
+/* 
+   Unix SMB/CIFS implementation.
+   service (connection) opening and closing
+   Copyright (C) Andrew Tridgell 1992-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+extern struct timeval smb_last_time;
+extern int case_default;
+extern BOOL case_preserve;
+extern BOOL short_case_preserve;
+extern BOOL case_mangle;
+extern BOOL case_sensitive;
+extern BOOL use_mangled_map;
+extern fstring remote_machine;
+extern userdom_struct current_user_info;
+extern fstring remote_machine;
+
+
+/****************************************************************************
+ Load parameters specific to a connection/service.
+****************************************************************************/
+
+BOOL set_current_service(connection_struct *conn,BOOL do_chdir)
+{
+	extern char magic_char;
+	static connection_struct *last_conn;
+	int snum;
+
+	if (!conn)  {
+		last_conn = NULL;
+		return(False);
+	}
+
+	conn->lastused = smb_last_time.tv_sec;
+
+	snum = SNUM(conn);
+  
+	if (do_chdir &&
+	    vfs_ChDir(conn,conn->connectpath) != 0 &&
+	    vfs_ChDir(conn,conn->origpath) != 0) {
+		DEBUG(0,("chdir (%s) failed\n",
+			 conn->connectpath));
+		return(False);
+	}
+
+	if (conn == last_conn)
+		return(True);
+
+	last_conn = conn;
+
+	case_default = lp_defaultcase(snum);
+	case_preserve = lp_preservecase(snum);
+	short_case_preserve = lp_shortpreservecase(snum);
+	case_mangle = lp_casemangle(snum);
+	case_sensitive = lp_casesensitive(snum);
+	magic_char = lp_magicchar(snum);
+	use_mangled_map = (*lp_mangled_map(snum) ? True:False);
+	return(True);
+}
+
+/****************************************************************************
+ Add a home service. Returns the new service number or -1 if fail.
+****************************************************************************/
+
+int add_home_service(const char *service, const char *homedir)
+{
+	int iHomeService;
+	int iService;
+	fstring new_service;
+	fstring domain;
+
+	if (!service || !homedir)
+		return -1;
+
+	if ((iHomeService = lp_servicenumber(HOMES_NAME)) < 0)
+		return -1;
+
+	/*
+	 * If this is a winbindd provided username, remove
+	 * the domain component before adding the service.
+	 * Log a warning if the "path=" parameter does not
+	 * include any macros.
+	 */
+
+	split_domain_and_name(service, domain, new_service);
+	lp_add_home(new_service, iHomeService, homedir);
+	iService = lp_servicenumber(new_service);
+
+	return iService;
+}
+
+
+/**
+ * Find a service entry. service is always in dos codepage.
+ *
+ * @param service is modified (to canonical form??)
+ **/
+int find_service(fstring service)
+{
+   int iService;
+
+   all_string_sub(service,"\\","/",0);
+
+   iService = lp_servicenumber(service);
+
+   /* now handle the special case of a home directory */
+   if (iService < 0)
+   {
+      char *phome_dir = get_user_service_home_dir(service);
+
+      if(!phome_dir)
+      {
+        /*
+         * Try mapping the servicename, it may
+         * be a Windows to unix mapped user name.
+         */
+        if(map_username(service))
+          phome_dir = get_user_service_home_dir(service);
+      }
+
+      DEBUG(3,("checking for home directory %s gave %s\n",service,
+            phome_dir?phome_dir:"(NULL)"));
+
+      iService = add_home_service(service,phome_dir);
+   }
+
+   /* If we still don't have a service, attempt to add it as a printer. */
+   if (iService < 0)
+   {
+      int iPrinterService;
+
+      if ((iPrinterService = lp_servicenumber(PRINTERS_NAME)) >= 0)
+      {
+         char *pszTemp;
+
+         DEBUG(3,("checking whether %s is a valid printer name...\n", service));
+         pszTemp = PRINTCAP;
+         if ((pszTemp != NULL) && pcap_printername_ok(service, pszTemp))
+         {
+            DEBUG(3,("%s is a valid printer name\n", service));
+            DEBUG(3,("adding %s as a printer service\n", service));
+            lp_add_printer(service, iPrinterService);
+            iService = lp_servicenumber(service);
+            if (iService < 0)
+               DEBUG(0,("failed to add %s as a printer service!\n", service));
+         }
+         else
+            DEBUG(3,("%s is not a valid printer name\n", service));
+      }
+   }
+
+   /* Check for default vfs service?  Unsure whether to implement this */
+   if (iService < 0)
+   {
+   }
+
+   /* just possibly it's a default service? */
+   if (iService < 0) 
+   {
+     char *pdefservice = lp_defaultservice();
+     if (pdefservice && *pdefservice && 
+	 !strequal(pdefservice,service) &&
+	 !strstr(service,".."))
+     {
+       /*
+        * We need to do a local copy here as lp_defaultservice() 
+        * returns one of the rotating lp_string buffers that
+        * could get overwritten by the recursive find_service() call
+        * below. Fix from Josef Hinteregger <joehtg@joehtg.co.at>.
+        */
+       pstring defservice;
+       pstrcpy(defservice, pdefservice);
+       iService = find_service(defservice);
+       if (iService >= 0)
+       {
+         all_string_sub(service, "_","/",0);
+         iService = lp_add_service(service, iService);
+       }
+     }
+   }
+
+   if (iService >= 0)
+     if (!VALID_SNUM(iService))
+     {
+       DEBUG(0,("Invalid snum %d for %s\n",iService, service));
+       iService = -1;
+     }
+
+   if (iService < 0)
+     DEBUG(3,("find_service() failed to find service %s\n", service));
+
+   return (iService);
+}
+
+
+/****************************************************************************
+ do some basic sainity checks on the share.  
+ This function modifies dev, ecode.
+****************************************************************************/
+static NTSTATUS share_sanity_checks(int snum, const char* service, pstring dev) 
+{
+	
+	if (!lp_snum_ok(snum) || 
+	    !check_access(smbd_server_fd(), 
+			  lp_hostsallow(snum), lp_hostsdeny(snum))) {    
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	/* you can only connect to the IPC$ service as an ipc device */
+	if (strequal(service,"IPC$") || strequal(service,"ADMIN$"))
+		pstrcpy(dev,"IPC");
+	
+	if (dev[0] == '?' || !dev[0]) {
+		if (lp_print_ok(snum)) {
+			pstrcpy(dev,"LPT1:");
+		} else {
+			pstrcpy(dev,"A:");
+		}
+	}
+
+	/* if the request is as a printer and you can't print then refuse */
+	strupper(dev);
+	if (!lp_print_ok(snum) && (strncmp(dev,"LPT",3) == 0)) {
+		DEBUG(1,("Attempt to connect to non-printer as a printer\n"));
+		return NT_STATUS_BAD_DEVICE_TYPE;
+	}
+
+	/* Behave as a printer if we are supposed to */
+	if (lp_print_ok(snum) && (strcmp(dev, "A:") == 0)) {
+		pstrcpy(dev, "LPT1:");
+	}
+
+	return NT_STATUS_OK;
+}
+
+
+/****************************************************************************
+ readonly share?
+****************************************************************************/
+static void set_read_only(connection_struct *conn) 
+{
+	char **list;
+	char *service = lp_servicename(conn->service);
+	conn->read_only = lp_readonly(conn->service);
+
+	if (!service) return;
+
+	lp_list_copy(&list, lp_readlist(conn->service));
+	if (list) {
+		if (!lp_list_substitute(list, "%S", service)) {
+			DEBUG(0, ("ERROR: read list substitution failed\n"));
+		}
+		if (user_in_list(conn->user, list))
+			conn->read_only = True;
+		lp_list_free(&list);
+	}
+	
+	lp_list_copy(&list, lp_writelist(conn->service));
+	if (list) {
+		if (!lp_list_substitute(list, "%S", service)) {
+			DEBUG(0, ("ERROR: write list substitution failed\n"));
+		}
+		if (user_in_list(conn->user, list))
+			conn->read_only = False;
+		lp_list_free(&list);
+	}
+}
+
+
+/****************************************************************************
+  admin user check
+****************************************************************************/
+static void set_admin_user(connection_struct *conn) 
+{
+	/* admin user check */
+	
+	/* JRA - original code denied admin user if the share was
+	   marked read_only. Changed as I don't think this is needed,
+	   but old code left in case there is a problem here.
+	*/
+	if (user_in_list(conn->user,lp_admin_users(conn->service)) 
+#if 0
+	    && !conn->read_only
+#endif
+	    ) {
+		conn->admin_user = True;
+		DEBUG(0,("%s logged in as admin user (root privileges)\n",conn->user));
+	} else {
+		conn->admin_user = False;
+	}
+
+#if 0 /* This done later, for now */    
+	/* admin users always run as uid=0 */
+	if (conn->admin_user) {
+		conn->uid = 0;
+	}
+#endif
+}
+
+/****************************************************************************
+ Make a connection to a service.
+ *
+ * @param service (May be modified to canonical form???)
+****************************************************************************/
+
+connection_struct *make_connection(char *service, DATA_BLOB password, 
+				   char *dev, uint16 vuid, NTSTATUS *status)
+{
+	int snum;
+	struct passwd *pass = NULL;
+	BOOL guest = False;
+	BOOL force = False;
+	connection_struct *conn;
+	uid_t euid;
+
+	fstring user;
+	ZERO_STRUCT(user);
+
+	/* This must ONLY BE CALLED AS ROOT. As it exits this function as root. */
+	if (!non_root_mode() && (euid = geteuid()) != 0) {
+		DEBUG(0,("make_connection: PANIC ERROR. Called as nonroot (%u)\n", (unsigned int)euid ));
+		smb_panic("make_connection: PANIC ERROR. Called as nonroot\n");
+	}
+
+	strlower(service);
+
+	snum = find_service(service);
+
+	if (snum < 0) {
+		if (strequal(service,"IPC$") || strequal(service,"ADMIN$")) {
+			DEBUG(3,("refusing IPC connection\n"));
+			*status = NT_STATUS_ACCESS_DENIED;
+			return NULL;
+		}
+
+		DEBUG(0,("%s (%s) couldn't find service %s\n",
+			 remote_machine, client_addr(), service));
+		*status = NT_STATUS_BAD_NETWORK_NAME;
+		return NULL;
+	}
+
+	if (strequal(service,HOMES_NAME)) {
+		if(lp_security() != SEC_SHARE) {
+			if (validated_username(vuid)) {
+				fstring unix_username;
+				fstrcpy(unix_username,validated_username(vuid));
+				return make_connection(unix_username,
+						       password,dev,vuid,status);
+			}
+		} else {
+			/* Security = share. Try with current_user_info.smb_name
+			 * as the username.  */
+			if (* current_user_info.smb_name) {
+				fstring unix_username;
+				fstrcpy(unix_username,
+					current_user_info.smb_name);
+				map_username(unix_username);
+				return make_connection(unix_username,
+						       password,dev,vuid,status);
+			}
+		}
+	}
+
+	if (NT_STATUS_IS_ERR(*status = share_sanity_checks(snum, service, dev))) {
+		return NULL;
+	}	
+
+	/* add it as a possible user name if we 
+	   are in share mode security */
+	if (lp_security() == SEC_SHARE) {
+		add_session_user(service);
+	}
+
+
+	/* shall we let them in? */
+	if (!authorise_login(snum,user,password,&guest,&force,vuid)) {
+		DEBUG( 2, ( "Invalid username/password for %s [%s]\n", service, user ) );
+		*status = NT_STATUS_WRONG_PASSWORD;
+		return NULL;
+	}
+
+	add_session_user(user);
+  
+	conn = conn_new();
+	if (!conn) {
+		DEBUG(0,("Couldn't find free connection.\n"));
+		*status = NT_STATUS_INSUFFICIENT_RESOURCES;
+		return NULL;
+	}
+
+	/* find out some info about the user */
+	pass = smb_getpwnam(user,True);
+
+	if (pass == NULL) {
+		DEBUG(0,( "Couldn't find account %s\n",user));
+		*status = NT_STATUS_NO_SUCH_USER;
+		conn_free(conn);
+		return NULL;
+	}
+
+	conn->force_user = force;
+	conn->vuid = vuid;
+	conn->uid = pass->pw_uid;
+	conn->gid = pass->pw_gid;
+	safe_strcpy(conn->client_address, client_addr(), 
+		    sizeof(conn->client_address)-1);
+	conn->num_files_open = 0;
+	conn->lastused = time(NULL);
+	conn->service = snum;
+	conn->used = True;
+	conn->printer = (strncmp(dev,"LPT",3) == 0);
+	conn->ipc = ((strncmp(dev,"IPC",3) == 0) || strequal(dev,"ADMIN$"));
+	conn->dirptr = NULL;
+	conn->veto_list = NULL;
+	conn->hide_list = NULL;
+	conn->veto_oplock_list = NULL;
+	string_set(&conn->dirpath,"");
+	string_set(&conn->user,user);
+	conn->nt_user_token = NULL;
+	
+	set_read_only(conn);
+	
+	set_admin_user(conn);
+
+	/*
+	 * If force user is true, then store the
+	 * given userid and also the primary groupid
+	 * of the user we're forcing.
+	 */
+	
+	if (*lp_force_user(snum)) {
+		struct passwd *pass2;
+		pstring fuser;
+		pstrcpy(fuser,lp_force_user(snum));
+
+		/* Allow %S to be used by force user. */
+		pstring_sub(fuser,"%S",service);
+
+		pass2 = (struct passwd *)Get_Pwnam_Modify(fuser);
+		if (pass2) {
+			conn->uid = pass2->pw_uid;
+			conn->gid = pass2->pw_gid;
+			string_set(&conn->user,fuser);
+			fstrcpy(user,fuser);
+			conn->force_user = True;
+			DEBUG(3,("Forced user %s\n",fuser));	  
+		} else {
+			DEBUG(1,("Couldn't find user %s\n",fuser));
+		}
+	}
+
+	/* admin users always run as uid=0 */
+	if (conn->admin_user) {
+		conn->uid = 0;
+	}
+
+#ifdef HAVE_GETGRNAM 
+	/*
+	 * If force group is true, then override
+	 * any groupid stored for the connecting user.
+	 */
+	
+	if (*lp_force_group(snum)) {
+		gid_t gid;
+		pstring gname;
+		pstring tmp_gname;
+		BOOL user_must_be_member = False;
+		
+		StrnCpy(tmp_gname,lp_force_group(snum),sizeof(pstring)-1);
+
+		if (tmp_gname[0] == '+') {
+			user_must_be_member = True;
+			StrnCpy(gname,&tmp_gname[1],sizeof(pstring)-2);
+		} else {
+			StrnCpy(gname,tmp_gname,sizeof(pstring)-1);
+		}
+		/* default service may be a group name 		*/
+		pstring_sub(gname,"%S",service);
+		gid = nametogid(gname);
+		
+		if (gid != (gid_t)-1) {
+			/*
+			 * If the user has been forced and the forced group starts
+			 * with a '+', then we only set the group to be the forced
+			 * group if the forced user is a member of that group.
+			 * Otherwise, the meaning of the '+' would be ignored.
+			 */
+			if (conn->force_user && user_must_be_member) {
+				if (user_in_group_list( user, gname )) {
+						conn->gid = gid;
+						DEBUG(3,("Forced group %s for member %s\n",gname,user));
+				}
+			} else {
+				conn->gid = gid;
+				DEBUG(3,("Forced group %s\n",gname));
+			}
+		} else {
+			DEBUG(1,("Couldn't find group %s\n",gname));
+		}
+	}
+#endif /* HAVE_GETGRNAM */
+
+	{
+		pstring s;
+		pstrcpy(s,lp_pathname(snum));
+		standard_sub_conn(conn,s);
+		string_set(&conn->connectpath,s);
+		DEBUG(3,("Connect path is %s\n",s));
+	}
+
+	/* groups stuff added by ih */
+	conn->ngroups = 0;
+	conn->groups = NULL;
+	
+	/* Find all the groups this uid is in and
+	   store them. Used by change_to_user() */
+	initialise_groups(conn->user, conn->uid, conn->gid); 
+	get_current_groups(&conn->ngroups,&conn->groups);
+		
+	conn->nt_user_token = create_nt_token(conn->uid, conn->gid, 
+					      conn->ngroups, conn->groups,
+					      guest, NULL);
+
+	/*
+	 * New code to check if there's a share security descripter
+	 * added from NT server manager. This is done after the
+	 * smb.conf checks are done as we need a uid and token. JRA.
+	 */
+
+	{
+		BOOL can_write = share_access_check(conn, snum, vuid, FILE_WRITE_DATA);
+
+		if (!can_write) {
+			if (!share_access_check(conn, snum, vuid, FILE_READ_DATA)) {
+				/* No access, read or write. */
+				*status = NT_STATUS_ACCESS_DENIED;
+				DEBUG(0,( "make_connection: connection to %s denied due to security descriptor.\n",
+					service ));
+				conn_free(conn);
+				return NULL;
+			} else {
+				conn->read_only = True;
+			}
+		}
+	}
+	/* Initialise VFS function pointers */
+
+	if (!smbd_vfs_init(conn)) {
+		DEBUG(0, ("vfs_init failed for service %s\n", lp_servicename(SNUM(conn))));
+		conn_free(conn);
+		return NULL;
+	}
+
+/* ROOT Activities: */	
+	/* check number of connections */
+	if (!claim_connection(conn,
+			      lp_servicename(SNUM(conn)),
+			      lp_max_connections(SNUM(conn)),
+			      False)) {
+		DEBUG(1,("too many connections - rejected\n"));
+		*status = NT_STATUS_INSUFFICIENT_RESOURCES;
+		conn_free(conn);
+		return NULL;
+	}  
+
+	/* Preexecs are done here as they might make the dir we are to ChDir to below */
+	/* execute any "root preexec = " line */
+	if (*lp_rootpreexec(SNUM(conn))) {
+		int ret;
+		pstring cmd;
+		pstrcpy(cmd,lp_rootpreexec(SNUM(conn)));
+		standard_sub_conn(conn,cmd);
+		DEBUG(5,("cmd=%s\n",cmd));
+		ret = smbrun(cmd,NULL);
+		if (ret != 0 && lp_rootpreexec_close(SNUM(conn))) {
+			DEBUG(1,("root preexec gave %d - failing connection\n", ret));
+			yield_connection(conn, lp_servicename(SNUM(conn)));
+			conn_free(conn);
+			*status = NT_STATUS_UNSUCCESSFUL;
+			return NULL;
+		}
+	}
+
+/* USER Activites: */
+	if (!change_to_user(conn, conn->vuid)) {
+		/* No point continuing if they fail the basic checks */
+		DEBUG(0,("Can't become connected user!\n"));
+		conn_free(conn);
+		*status = NT_STATUS_LOGON_FAILURE;
+		return NULL;
+	}
+
+	/* Remember that a different vuid can connect later without these checks... */
+
+	/* Preexecs are done here as they might make the dir we are to ChDir to below */
+	/* execute any "preexec = " line */
+	if (*lp_preexec(SNUM(conn))) {
+		int ret;
+		pstring cmd;
+		pstrcpy(cmd,lp_preexec(SNUM(conn)));
+		standard_sub_conn(conn,cmd);
+		ret = smbrun(cmd,NULL);
+		if (ret != 0 && lp_preexec_close(SNUM(conn))) {
+			DEBUG(1,("preexec gave %d - failing connection\n", ret));
+			change_to_root_user();
+			yield_connection(conn, lp_servicename(SNUM(conn)));
+			conn_free(conn);
+			*status = NT_STATUS_UNSUCCESSFUL;
+			return NULL;
+		}
+	}
+
+	if (vfs_ChDir(conn,conn->connectpath) != 0) {
+		DEBUG(0,("%s (%s) Can't change directory to %s (%s)\n",
+			 remote_machine, conn->client_address,
+			 conn->connectpath,strerror(errno)));
+		change_to_root_user();
+		yield_connection(conn, lp_servicename(SNUM(conn)));
+		conn_free(conn);
+		*status = NT_STATUS_BAD_NETWORK_NAME;
+		return NULL;
+	}
+	
+	string_set(&conn->origpath,conn->connectpath);
+	
+#if SOFTLINK_OPTIMISATION
+	/* resolve any soft links early */
+	{
+		pstring s;
+		pstrcpy(s,conn->connectpath);
+		vfs_GetWd(conn,s);
+		string_set(&conn->connectpath,s);
+		vfs_ChDir(conn,conn->connectpath);
+	}
+#endif
+	
+	/*
+	 * Print out the 'connected as' stuff here as we need
+	 * to know the effective uid and gid we will be using
+	 * (at least initially).
+	 */
+
+	if( DEBUGLVL( IS_IPC(conn) ? 3 : 1 ) ) {
+		dbgtext( "%s (%s) ", remote_machine, conn->client_address );
+		dbgtext( "connect to service %s ", lp_servicename(SNUM(conn)) );
+		dbgtext( "initially as user %s ", user );
+		dbgtext( "(uid=%d, gid=%d) ", (int)geteuid(), (int)getegid() );
+		dbgtext( "(pid %d)\n", (int)sys_getpid() );
+	}
+	
+	/* Add veto/hide lists */
+	if (!IS_IPC(conn) && !IS_PRINT(conn)) {
+		set_namearray( &conn->veto_list, lp_veto_files(SNUM(conn)));
+		set_namearray( &conn->hide_list, lp_hide_files(SNUM(conn)));
+		set_namearray( &conn->veto_oplock_list, lp_veto_oplocks(SNUM(conn)));
+	}
+	
+	/* Invoke VFS make connection hook */
+
+	if (conn->vfs_ops.connect) {
+		if (conn->vfs_ops.connect(conn, service, user) < 0) {
+			DEBUG(0,("make_connection: VFS make connection failed!\n"));
+			*status = NT_STATUS_UNSUCCESSFUL;
+			change_to_root_user();
+			conn_free(conn);
+			return NULL;
+		}
+	}
+
+	/* we've finished with the user stuff - go back to root */
+	change_to_root_user();
+            
+	return(conn);
+}
+
+
+/****************************************************************************
+close a cnum
+****************************************************************************/
+void close_cnum(connection_struct *conn, uint16 vuid)
+{
+	DirCacheFlush(SNUM(conn));
+
+	change_to_root_user();
+
+	DEBUG(IS_IPC(conn)?3:1, ("%s (%s) closed connection to service %s\n",
+				 remote_machine,conn->client_address,
+				 lp_servicename(SNUM(conn))));
+
+	if (conn->vfs_ops.disconnect != NULL) {
+
+	    /* Call VFS disconnect hook */
+	    
+	    conn->vfs_ops.disconnect(conn);
+	    
+	}
+
+	yield_connection(conn, lp_servicename(SNUM(conn)));
+
+	file_close_conn(conn);
+	dptr_closecnum(conn);
+
+	/* execute any "postexec = " line */
+	if (*lp_postexec(SNUM(conn)) && 
+	    change_to_user(conn, vuid))  {
+		pstring cmd;
+		pstrcpy(cmd,lp_postexec(SNUM(conn)));
+		standard_sub_conn(conn,cmd);
+		smbrun(cmd,NULL);
+		change_to_root_user();
+	}
+
+	change_to_root_user();
+	/* execute any "root postexec = " line */
+	if (*lp_rootpostexec(SNUM(conn)))  {
+		pstring cmd;
+		pstrcpy(cmd,lp_rootpostexec(SNUM(conn)));
+		standard_sub_conn(conn,cmd);
+		smbrun(cmd,NULL);
+	}
+	conn_free(conn);
+}
diff --git a/source3/smbd/session.c b/source3/smbd/session.c
new file mode 100644
index 0000000000..05a7b24da2
--- /dev/null
+++ b/source3/smbd/session.c
@@ -0,0 +1,178 @@
+/* 
+   Unix SMB/CIFS implementation.
+   session handling for utmp and PAM
+   Copyright (C) tridge@samba.org 2001
+   Copyright (C) abartlet@pcug.org.au 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+/* a "session" is claimed when we do a SessionSetupX operation
+   and is yielded when the corresponding vuid is destroyed.
+
+   sessions are used to populate utmp and PAM session structures
+*/
+
+#include "includes.h"
+
+extern fstring remote_machine;
+
+static TDB_CONTEXT *tdb;
+/* called when a session is created */
+BOOL session_claim(user_struct *vuser)
+{
+	int i;
+	TDB_DATA data;
+	struct sessionid sessionid;
+	uint32 pid = (uint32)sys_getpid();
+	TDB_DATA key;		
+	fstring keystr;
+	char * hostname;
+
+	vuser->session_id = 0;
+
+	/* don't register sessions for the guest user - its just too
+	   expensive to go through pam session code for browsing etc */
+	if (vuser->guest) {
+		return True;
+	}
+
+	if (!tdb) {
+		tdb = tdb_open_log(lock_path("sessionid.tdb"), 0, TDB_CLEAR_IF_FIRST|TDB_DEFAULT, 
+			       O_RDWR | O_CREAT, 0644);
+		if (!tdb) {
+			DEBUG(1,("session_claim: failed to open sessionid tdb\n"));
+			return False;
+		}
+	}
+
+	ZERO_STRUCT(sessionid);
+
+	data.dptr = NULL;
+	data.dsize = 0;
+
+	for (i=1;i<MAX_SESSION_ID;i++) {
+		slprintf(keystr, sizeof(keystr)-1, "ID/%d", i);
+		key.dptr = keystr;
+		key.dsize = strlen(keystr)+1;
+
+		if (tdb_store(tdb, key, data, TDB_INSERT) == 0) break;
+	}
+
+	if (i == MAX_SESSION_ID) {
+		DEBUG(1,("session_claim: out of session IDs (max is %d)\n", 
+			 MAX_SESSION_ID));
+		return False;
+	}
+
+	/* If 'hostname lookup' == yes, then do the DNS lookup.  This is
+           needed becouse utmp and PAM both expect DNS names 
+	   
+	   client_name() handles this case internally.
+	*/
+
+	hostname = client_name();
+	if (strcmp(hostname, "UNKNOWN") == 0) {
+		hostname = client_addr();
+	}
+
+	fstrcpy(sessionid.username, vuser->user.unix_name);
+	fstrcpy(sessionid.hostname, hostname);
+	slprintf(sessionid.id_str, sizeof(sessionid.id_str)-1, SESSION_TEMPLATE, i);
+	sessionid.id_num = i;
+	sessionid.pid = pid;
+	sessionid.uid = vuser->uid;
+	sessionid.gid = vuser->gid;
+	fstrcpy(sessionid.remote_machine, remote_machine);
+	fstrcpy(sessionid.ip_addr, client_addr());
+
+	if (!smb_pam_claim_session(sessionid.username, sessionid.id_str, sessionid.hostname)) {
+		DEBUG(1,("pam_session rejected the session for %s [%s]\n",
+				sessionid.username, sessionid.id_str));
+		tdb_delete(tdb, key);
+		return False;
+	}
+
+	data.dptr = (char *)&sessionid;
+	data.dsize = sizeof(sessionid);
+	if (tdb_store(tdb, key, data, TDB_MODIFY) != 0) {
+		DEBUG(1,("session_claim: unable to create session id record\n"));
+		return False;
+	}
+
+#if WITH_UTMP	
+	if (lp_utmp()) {
+		sys_utmp_claim(sessionid.username, sessionid.hostname, 
+			       sessionid.id_str, sessionid.id_num);
+	}
+#endif
+
+	vuser->session_id = i;
+	return True;
+}
+
+/* called when a session is destroyed */
+void session_yield(user_struct *vuser)
+{
+	TDB_DATA dbuf;
+	struct sessionid sessionid;
+	TDB_DATA key;		
+	fstring keystr;
+
+	if (!tdb) return;
+
+	if (vuser->session_id == 0) {
+		return;
+	}
+
+	slprintf(keystr, sizeof(keystr)-1, "ID/%d", vuser->session_id);
+
+	key.dptr = keystr;
+	key.dsize = strlen(keystr)+1;
+
+	dbuf = tdb_fetch(tdb, key);
+
+	if (dbuf.dsize != sizeof(sessionid))
+		return;
+
+	memcpy(&sessionid, dbuf.dptr, sizeof(sessionid));
+
+	SAFE_FREE(dbuf.dptr);
+
+#if WITH_UTMP	
+	if (lp_utmp()) {
+		sys_utmp_yield(sessionid.username, sessionid.hostname, 
+			       sessionid.id_str, sessionid.id_num);
+	}
+#endif
+
+	smb_pam_close_session(sessionid.username, sessionid.id_str, sessionid.hostname);
+
+	tdb_delete(tdb, key);
+}
+
+BOOL session_traverse(int (*fn)(TDB_CONTEXT *, TDB_DATA, TDB_DATA, void *), void *state)
+{
+  if (!tdb) {
+    DEBUG(3, ("No tdb opened\n"));
+    return False;
+  }
+
+  tdb_traverse(tdb, fn, state);
+  return True;
+}
+
+
+
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
new file mode 100644
index 0000000000..899c9174b2
--- /dev/null
+++ b/source3/smbd/sesssetup.c
@@ -0,0 +1,808 @@
+/* 
+   Unix SMB/CIFS implementation.
+   handle SMBsessionsetup
+   Copyright (C) Andrew Tridgell 1998-2001
+   Copyright (C) Andrew Bartlett      2001
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+uint32 global_client_caps = 0;
+static struct auth_context *ntlmssp_auth_context = NULL;
+
+/*
+  on a logon error possibly map the error to success if "map to guest"
+  is set approriately
+*/
+static NTSTATUS do_map_to_guest(NTSTATUS status, auth_serversupplied_info **server_info,
+				const char *user, const char *domain)
+{
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) {
+		if ((lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_USER) || 
+		    (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD)) {
+			DEBUG(3,("No such user %s [%s] - using guest account\n",
+				 user, domain));
+			make_server_info_guest(server_info);
+			status = NT_STATUS_OK;
+		}
+	}
+
+	if (NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
+		if (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD) {
+			DEBUG(3,("Registered username %s for guest access\n",user));
+			make_server_info_guest(server_info);
+			status = NT_STATUS_OK;
+		}
+	}
+
+	return status;
+}
+
+
+/****************************************************************************
+ Add the standard 'Samba' signature to the end of the session setup.
+****************************************************************************/
+static void add_signature(char *outbuf) 
+{
+	char *p;
+	p = smb_buf(outbuf);
+	p += srvstr_push(outbuf, p, "Unix", -1, STR_TERMINATE);
+	p += srvstr_push(outbuf, p, "Samba", -1, STR_TERMINATE);
+	p += srvstr_push(outbuf, p, lp_workgroup(), -1, STR_TERMINATE);
+	set_message_end(outbuf,p);
+}
+
+/****************************************************************************
+ Do a 'guest' logon, getting back the 
+****************************************************************************/
+static NTSTATUS check_guest_password(auth_serversupplied_info **server_info) 
+{
+	struct auth_context *auth_context;
+	auth_usersupplied_info *user_info = NULL;
+	
+	NTSTATUS nt_status;
+	unsigned char chal[8];
+
+	ZERO_STRUCT(chal);
+
+	DEBUG(3,("Got anonymous request\n"));
+
+	if (!NT_STATUS_IS_OK(nt_status = make_auth_context_fixed(&auth_context, chal))) {
+		return nt_status;
+	}
+
+	if (!make_user_info_guest(&user_info)) {
+		(auth_context->free)(&auth_context);
+		return NT_STATUS_NO_MEMORY;
+	}
+	
+	nt_status = auth_context->check_ntlm_password(auth_context, user_info, server_info);
+	(auth_context->free)(&auth_context);
+	free_user_info(&user_info);
+	return nt_status;
+}
+
+
+#ifdef HAVE_KRB5
+/****************************************************************************
+reply to a session setup spnego negotiate packet for kerberos
+****************************************************************************/
+static int reply_spnego_kerberos(connection_struct *conn, 
+				 char *inbuf, char *outbuf,
+				 int length, int bufsize,
+				 DATA_BLOB *secblob)
+{
+	DATA_BLOB ticket;
+	char *client, *p;
+	const struct passwd *pw;
+	char *user;
+	int sess_vuid;
+	NTSTATUS ret;
+	DATA_BLOB auth_data;
+	auth_serversupplied_info *server_info = NULL;
+	ADS_STRUCT *ads;
+
+	if (!spnego_parse_krb5_wrap(*secblob, &ticket)) {
+		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
+	}
+
+	ads = ads_init(NULL, NULL, NULL, NULL);
+
+	ret = ads_verify_ticket(ads, &ticket, &client, &auth_data);
+	if (!NT_STATUS_IS_OK(ret)) {
+		DEBUG(1,("Failed to verify incoming ticket!\n"));	
+		ads_destroy(&ads);
+		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
+	}
+
+	DEBUG(3,("Ticket name is [%s]\n", client));
+
+	p = strchr_m(client, '@');
+	if (!p) {
+		DEBUG(3,("Doesn't look like a valid principal\n"));
+		ads_destroy(&ads);
+		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
+	}
+
+	*p = 0;
+	if (strcasecmp(p+1, ads->realm) != 0) {
+		DEBUG(3,("Ticket for foreign realm %s@%s\n", client, p+1));
+		if (!lp_allow_trusted_domains()) {
+			return ERROR_NT(NT_STATUS_LOGON_FAILURE);
+		}
+		/* this gives a fully qualified user name (ie. with full realm).
+		   that leads to very long usernames, but what else can we do? */
+		asprintf(&user, "%s%s%s", p+1, lp_winbind_separator(), client);
+	} else {
+		user = strdup(client);
+	}
+	ads_destroy(&ads);
+
+	/* the password is good - let them in */
+	pw = smb_getpwnam(user,False);
+	if (!pw && !strstr(user, lp_winbind_separator())) {
+		char *user2;
+		/* try it with a winbind domain prefix */
+		asprintf(&user2, "%s%s%s", lp_workgroup(), lp_winbind_separator(), user);
+		pw = smb_getpwnam(user2,False);
+		if (pw) {
+			free(user);
+			user = user2;
+		}
+	}
+
+	if (!pw) {
+		DEBUG(1,("Username %s is invalid on this system\n",user));
+		return ERROR_NT(NT_STATUS_NO_SUCH_USER);
+	}
+
+	if (!make_server_info_pw(&server_info,pw)) {
+		DEBUG(1,("make_server_info_from_pw failed!\n"));
+		return ERROR_NT(NT_STATUS_NO_MEMORY);
+	}
+	
+	sess_vuid = register_vuid(server_info, user);
+
+	free(user);
+	free_server_info(&server_info);
+
+	if (sess_vuid == -1) {
+		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
+	}
+
+	set_message(outbuf,4,0,True);
+	SSVAL(outbuf, smb_vwv3, 0);
+	add_signature(outbuf);
+ 
+	SSVAL(outbuf,smb_uid,sess_vuid);
+	SSVAL(inbuf,smb_uid,sess_vuid);
+	
+	return chain_reply(inbuf,outbuf,length,bufsize);
+}
+#endif
+
+
+/****************************************************************************
+send a security blob via a session setup reply
+****************************************************************************/
+static BOOL reply_sesssetup_blob(connection_struct *conn, char *outbuf,
+				 DATA_BLOB blob)
+{
+	char *p;
+
+	set_message(outbuf,4,0,True);
+
+	/* we set NT_STATUS_MORE_PROCESSING_REQUIRED to tell the other end
+	   that we aren't finished yet */
+
+	SIVAL(outbuf, smb_rcls, NT_STATUS_V(NT_STATUS_MORE_PROCESSING_REQUIRED));
+	SSVAL(outbuf, smb_vwv0, 0xFF); /* no chaining possible */
+	SSVAL(outbuf, smb_vwv3, blob.length);
+	p = smb_buf(outbuf);
+	memcpy(p, blob.data, blob.length);
+	p += blob.length;
+	p += srvstr_push(outbuf, p, "Unix", -1, STR_TERMINATE);
+	p += srvstr_push(outbuf, p, "Samba", -1, STR_TERMINATE);
+	p += srvstr_push(outbuf, p, lp_workgroup(), -1, STR_TERMINATE);
+	set_message_end(outbuf,p);
+	
+	return send_smb(smbd_server_fd(),outbuf);
+}
+
+/****************************************************************************
+reply to a session setup spnego negotiate packet
+****************************************************************************/
+static int reply_spnego_negotiate(connection_struct *conn, 
+				  char *inbuf,
+				  char *outbuf,
+				  int length, int bufsize,
+				  DATA_BLOB blob1)
+{
+	char *OIDs[ASN1_MAX_OIDS];
+	DATA_BLOB secblob;
+	int i;
+	uint32 ntlmssp_command, neg_flags;
+	DATA_BLOB sess_key, chal, spnego_chal;
+	const uint8 *cryptkey;
+	BOOL got_kerberos = False;
+	NTSTATUS nt_status;
+
+	/* parse out the OIDs and the first sec blob */
+	if (!parse_negTokenTarg(blob1, OIDs, &secblob)) {
+		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
+	}
+	
+	for (i=0;OIDs[i];i++) {
+		DEBUG(3,("Got OID %s\n", OIDs[i]));
+		if (strcmp(OID_KERBEROS5, OIDs[i]) == 0 ||
+		    strcmp(OID_KERBEROS5_OLD, OIDs[i]) == 0) {
+			got_kerberos = True;
+		}
+		free(OIDs[i]);
+	}
+	DEBUG(3,("Got secblob of size %d\n", secblob.length));
+
+#ifdef HAVE_KRB5
+	if (got_kerberos) {
+		int ret = reply_spnego_kerberos(conn, inbuf, outbuf, 
+						length, bufsize, &secblob);
+		data_blob_free(&secblob);
+		return ret;
+	}
+#endif
+
+	/* parse the NTLMSSP packet */
+#if 0
+	file_save("secblob.dat", secblob.data, secblob.length);
+#endif
+
+	if (!msrpc_parse(&secblob, "CddB",
+			 "NTLMSSP",
+			 &ntlmssp_command,
+			 &neg_flags,
+			 &sess_key)) {
+		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
+	}
+
+	data_blob_free(&secblob);
+	data_blob_free(&sess_key);
+
+	if (ntlmssp_command != NTLMSSP_NEGOTIATE) {
+		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
+	}
+
+	DEBUG(3,("Got neg_flags=%08x\n", neg_flags));
+
+	if (ntlmssp_auth_context) {
+		(ntlmssp_auth_context->free)(&ntlmssp_auth_context);
+	}
+
+	if (!NT_STATUS_IS_OK(nt_status = make_auth_context_subsystem(&ntlmssp_auth_context))) {
+		return ERROR_NT(nt_status);
+	}
+
+	cryptkey = ntlmssp_auth_context->get_ntlm_challenge(ntlmssp_auth_context);
+
+	/* Give them the challenge. For now, ignore neg_flags and just
+	   return the flags we want. Obviously this is not correct */
+	
+	neg_flags = NTLMSSP_NEGOTIATE_UNICODE | 
+		NTLMSSP_NEGOTIATE_LM_KEY | 
+		NTLMSSP_NEGOTIATE_NTLM;
+
+	msrpc_gen(&chal, "Cddddbdddd",
+		  "NTLMSSP", 
+		  NTLMSSP_CHALLENGE,
+		  0,
+		  0x30, /* ?? */
+		  neg_flags,
+		  cryptkey, 8,
+		  0, 0, 0,
+		  0x3000); /* ?? */
+
+	if (!spnego_gen_challenge(&spnego_chal, &chal, &chal)) {
+		DEBUG(3,("Failed to generate challenge\n"));
+		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
+	}
+
+	/* now tell the client to send the auth packet */
+	reply_sesssetup_blob(conn, outbuf, spnego_chal);
+
+	data_blob_free(&chal);
+	data_blob_free(&spnego_chal);
+
+	/* and tell smbd that we have already replied to this packet */
+	return -1;
+}
+
+	
+/****************************************************************************
+reply to a session setup spnego auth packet
+****************************************************************************/
+static int reply_spnego_auth(connection_struct *conn, char *inbuf, char *outbuf,
+			     int length, int bufsize,
+			     DATA_BLOB blob1)
+{
+	DATA_BLOB auth;
+	char *workgroup = NULL, *user = NULL, *machine = NULL;
+	DATA_BLOB lmhash, nthash, sess_key;
+	DATA_BLOB plaintext_password = data_blob(NULL, 0);
+	uint32 ntlmssp_command, neg_flags;
+	NTSTATUS nt_status;
+	int sess_vuid;
+	BOOL as_guest;
+	uint32 auth_flags = AUTH_FLAG_NONE;
+
+	auth_usersupplied_info *user_info = NULL;
+	auth_serversupplied_info *server_info = NULL;
+
+	if (!spnego_parse_auth(blob1, &auth)) {
+#if 0
+		file_save("auth.dat", blob1.data, blob1.length);
+#endif
+		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
+	}
+
+	/* now the NTLMSSP encoded auth hashes */
+	if (!msrpc_parse(&auth, "CdBBUUUBd", 
+			 "NTLMSSP", 
+			 &ntlmssp_command, 
+			 &lmhash,
+			 &nthash,
+			 &workgroup, 
+			 &user, 
+			 &machine,
+			 &sess_key,
+			 &neg_flags)) {
+		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
+	}
+
+	data_blob_free(&auth);
+	data_blob_free(&sess_key);
+	
+	DEBUG(3,("Got user=[%s] workgroup=[%s] machine=[%s] len1=%d len2=%d\n",
+		 user, workgroup, machine, lmhash.length, nthash.length));
+
+#if 0
+	file_save("nthash1.dat", nthash.data, nthash.length);
+	file_save("lmhash1.dat", lmhash.data, lmhash.length);
+#endif
+
+	if (lmhash.length) {
+		auth_flags |= AUTH_FLAG_LM_RESP;
+	}
+
+	if (nthash.length == 24) {
+		auth_flags |= AUTH_FLAG_NTLM_RESP;
+	} else if (nthash.length > 24) {
+		auth_flags |= AUTH_FLAG_NTLMv2_RESP;
+	}
+
+	if (!make_user_info_map(&user_info, 
+				user, workgroup, 
+				machine, 
+				lmhash, nthash,
+				plaintext_password, 
+				auth_flags, True)) {
+		return ERROR_NT(NT_STATUS_NO_MEMORY);
+	}
+
+	nt_status = ntlmssp_auth_context->check_ntlm_password(ntlmssp_auth_context, user_info, &server_info); 
+
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		nt_status = do_map_to_guest(nt_status, &server_info, user, workgroup);
+	}
+
+	SAFE_FREE(workgroup);
+	SAFE_FREE(machine);
+			
+	(ntlmssp_auth_context->free)(&ntlmssp_auth_context);
+
+	free_user_info(&user_info);
+	
+	data_blob_free(&lmhash);
+	
+	data_blob_free(&nthash);
+
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		SAFE_FREE(user);
+		return ERROR_NT(nt_status_squash(nt_status));
+	}
+
+	as_guest = server_info->guest;
+
+	sess_vuid = register_vuid(server_info, user);
+	free_server_info(&server_info);
+
+	SAFE_FREE(user);
+  
+	if (sess_vuid == -1) {
+		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
+	}
+
+	set_message(outbuf,4,0,True);
+	SSVAL(outbuf, smb_vwv3, 0);
+
+	if (as_guest) {
+		SSVAL(outbuf,smb_vwv2,1);
+	}
+
+	add_signature(outbuf);
+ 
+	SSVAL(outbuf,smb_uid,sess_vuid);
+	SSVAL(inbuf,smb_uid,sess_vuid);
+	
+	return chain_reply(inbuf,outbuf,length,bufsize);
+}
+
+
+/****************************************************************************
+reply to a session setup spnego anonymous packet
+****************************************************************************/
+static int reply_spnego_anonymous(connection_struct *conn, char *inbuf, char *outbuf,
+				  int length, int bufsize)
+{
+	int sess_vuid;
+	auth_serversupplied_info *server_info = NULL;
+	NTSTATUS nt_status;
+
+	nt_status = check_guest_password(&server_info);
+
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		return ERROR_NT(nt_status_squash(nt_status));
+	}
+
+	sess_vuid = register_vuid(server_info, lp_guestaccount());
+
+	free_server_info(&server_info);
+  
+	if (sess_vuid == -1) {
+		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
+	}
+
+	set_message(outbuf,4,0,True);
+	SSVAL(outbuf, smb_vwv3, 0);
+	add_signature(outbuf);
+ 
+	SSVAL(outbuf,smb_uid,sess_vuid);
+	SSVAL(inbuf,smb_uid,sess_vuid);
+	
+	return chain_reply(inbuf,outbuf,length,bufsize);
+}
+
+
+/****************************************************************************
+reply to a session setup command
+****************************************************************************/
+static int reply_sesssetup_and_X_spnego(connection_struct *conn, char *inbuf,char *outbuf,
+					int length,int bufsize)
+{
+	uint8 *p;
+	DATA_BLOB blob1;
+	int ret;
+
+	DEBUG(3,("Doing spnego session setup\n"));
+
+	if (global_client_caps == 0) {
+		global_client_caps = IVAL(inbuf,smb_vwv10);
+	}
+		
+	p = (uint8 *)smb_buf(inbuf);
+
+	if (SVAL(inbuf, smb_vwv7) == 0) {
+		/* an anonymous request */
+		return reply_spnego_anonymous(conn, inbuf, outbuf, length, bufsize);
+	}
+
+	/* pull the spnego blob */
+	blob1 = data_blob(p, SVAL(inbuf, smb_vwv7));
+
+#if 0
+	file_save("negotiate.dat", blob1.data, blob1.length);
+#endif
+
+	if (blob1.data[0] == ASN1_APPLICATION(0)) {
+		/* its a negTokenTarg packet */
+		ret = reply_spnego_negotiate(conn, inbuf, outbuf, length, bufsize, blob1);
+		data_blob_free(&blob1);
+		return ret;
+	}
+
+	if (blob1.data[0] == ASN1_CONTEXT(1)) {
+		/* its a auth packet */
+		ret = reply_spnego_auth(conn, inbuf, outbuf, length, bufsize, blob1);
+		data_blob_free(&blob1);
+		return ret;
+	}
+
+	/* what sort of packet is this? */
+	DEBUG(1,("Unknown packet in reply_sesssetup_and_X_spnego\n"));
+
+	data_blob_free(&blob1);
+
+	return ERROR_NT(NT_STATUS_LOGON_FAILURE);
+}
+
+
+/****************************************************************************
+reply to a session setup command
+****************************************************************************/
+int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,
+			  int length,int bufsize)
+{
+	int sess_vuid;
+	int   smb_bufsize;    
+	DATA_BLOB lm_resp;
+	DATA_BLOB nt_resp;
+	DATA_BLOB plaintext_password;
+	pstring user;
+	pstring sub_user; /* Sainitised username for substituion */
+	fstring domain;
+	fstring native_os;
+	fstring native_lanman;
+	static BOOL done_sesssetup = False;
+	extern BOOL global_encrypted_passwords_negotiated;
+	extern BOOL global_spnego_negotiated;
+	extern int Protocol;
+	extern fstring remote_machine;
+	extern userdom_struct current_user_info;
+	extern int max_send;
+
+	auth_usersupplied_info *user_info = NULL;
+	extern struct auth_context *negprot_global_auth_context;
+	auth_serversupplied_info *server_info = NULL;
+
+	NTSTATUS nt_status;
+
+	BOOL doencrypt = global_encrypted_passwords_negotiated;
+
+	START_PROFILE(SMBsesssetupX);
+
+	ZERO_STRUCT(lm_resp);
+	ZERO_STRUCT(nt_resp);
+	ZERO_STRUCT(plaintext_password);
+
+	DEBUG(3,("wct=%d flg2=0x%x\n", CVAL(inbuf, smb_wct), SVAL(inbuf, smb_flg2)));
+
+	/* a SPNEGO session setup has 12 command words, whereas a normal
+	   NT1 session setup has 13. See the cifs spec. */
+	if (CVAL(inbuf, smb_wct) == 12 &&
+	    (SVAL(inbuf, smb_flg2) & FLAGS2_EXTENDED_SECURITY)) {
+		if (!global_spnego_negotiated) {
+			DEBUG(0,("reply_sesssetup_and_X:  Rejecting attempt at SPNEGO session setup when it was not negoitiated.\n"));
+			return ERROR_NT(NT_STATUS_UNSUCCESSFUL);
+		}
+
+		return reply_sesssetup_and_X_spnego(conn, inbuf, outbuf, length, bufsize);
+	}
+
+	smb_bufsize = SVAL(inbuf,smb_vwv2);
+
+	if (Protocol < PROTOCOL_NT1) {
+		uint16 passlen1 = SVAL(inbuf,smb_vwv7);
+		if (passlen1 > MAX_PASS_LEN) {
+			return ERROR_DOS(ERRDOS,ERRbuftoosmall);
+		}
+
+		if (doencrypt) {
+			lm_resp = data_blob(smb_buf(inbuf), passlen1);
+		} else {
+			plaintext_password = data_blob(smb_buf(inbuf), passlen1+1);
+			/* Ensure null termination */
+			plaintext_password.data[passlen1] = 0;
+		}
+
+		srvstr_pull(inbuf, user, smb_buf(inbuf)+passlen1, sizeof(user), -1, STR_TERMINATE);
+		*domain = 0;
+  
+	} else {
+		uint16 passlen1 = SVAL(inbuf,smb_vwv7);
+		uint16 passlen2 = SVAL(inbuf,smb_vwv8);
+		enum remote_arch_types ra_type = get_remote_arch();
+		char *p = smb_buf(inbuf);    
+
+		if(global_client_caps == 0)
+			global_client_caps = IVAL(inbuf,smb_vwv11);
+		
+		/* client_caps is used as final determination if client is NT or Win95. 
+		   This is needed to return the correct error codes in some
+		   circumstances.
+		*/
+		
+		if(ra_type == RA_WINNT || ra_type == RA_WIN2K || ra_type == RA_WIN95) {
+			if(!(global_client_caps & (CAP_NT_SMBS | CAP_STATUS32))) {
+				set_remote_arch( RA_WIN95);
+			}
+		}
+		
+		if (passlen1 > MAX_PASS_LEN) {
+			return ERROR_DOS(ERRDOS,ERRbuftoosmall);
+		}
+
+		passlen1 = MIN(passlen1, MAX_PASS_LEN);
+		passlen2 = MIN(passlen2, MAX_PASS_LEN);
+
+		if (!doencrypt) {
+			/* both Win95 and WinNT stuff up the password lengths for
+			   non-encrypting systems. Uggh. 
+			   
+			   if passlen1==24 its a win95 system, and its setting the
+			   password length incorrectly. Luckily it still works with the
+			   default code because Win95 will null terminate the password
+			   anyway 
+			   
+			   if passlen1>0 and passlen2>0 then maybe its a NT box and its
+			   setting passlen2 to some random value which really stuffs
+			   things up. we need to fix that one.  */
+			
+			if (passlen1 > 0 && passlen2 > 0 && passlen2 != 24 && passlen2 != 1)
+				passlen2 = 0;
+		}
+		
+		/* Save the lanman2 password and the NT md4 password. */
+		
+		if ((doencrypt) && (passlen1 != 0) && (passlen1 != 24)) {
+			doencrypt = False;
+		}
+		
+		if (doencrypt) {
+			lm_resp = data_blob(p, passlen1);
+			nt_resp = data_blob(p+passlen1, passlen2);
+		} else {
+			plaintext_password = data_blob(p, passlen1+1);
+			/* Ensure null termination */
+			plaintext_password.data[passlen1] = 0;
+		}
+		
+		p += passlen1 + passlen2;
+		p += srvstr_pull(inbuf, user, p, sizeof(user), -1,
+				 STR_TERMINATE);
+		p += srvstr_pull(inbuf, domain, p, sizeof(domain), 
+				 -1, STR_TERMINATE);
+		p += srvstr_pull(inbuf, native_os, p, sizeof(native_os), 
+				 -1, STR_TERMINATE);
+		p += srvstr_pull(inbuf, native_lanman, p, sizeof(native_lanman),
+				 -1, STR_TERMINATE);
+		DEBUG(3,("Domain=[%s]  NativeOS=[%s] NativeLanMan=[%s]\n",
+			 domain,native_os,native_lanman));
+	}
+	
+	/* don't allow for weird usernames or domains */
+	alpha_strcpy(user, user, ". _-$", sizeof(user));
+	alpha_strcpy(domain, domain, ". _-", sizeof(domain));
+	if (strstr(user, "..") || strstr(domain,"..")) {
+		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
+	}
+
+	DEBUG(3,("sesssetupX:name=[%s]\\[%s]@[%s]\n", domain, user, remote_machine));
+
+	if (*user) {
+		if (global_spnego_negotiated) {
+			
+			/* This has to be here, becouse this is a perfectly valid behaviour for guest logons :-( */
+			
+			DEBUG(0,("reply_sesssetup_and_X:  Rejecting attempt at 'normal' session setup after negotiating spnego.\n"));
+			return ERROR_NT(NT_STATUS_UNSUCCESSFUL);
+		}
+		pstrcpy(sub_user, user);
+	} else {
+		pstrcpy(sub_user, lp_guestaccount());
+	}
+
+	pstrcpy(current_user_info.smb_name,sub_user);
+
+	reload_services(True);
+	
+	if (lp_security() == SEC_SHARE) {
+		/* in share level we should ignore any passwords */
+
+		data_blob_free(&lm_resp);
+		data_blob_free(&nt_resp);
+		data_blob_clear_free(&plaintext_password);
+
+		map_username(sub_user);
+		add_session_user(sub_user);
+		/* Then force it to null for the benfit of the code below */
+		*user = 0;
+	}
+	
+	if (!*user) {
+
+		nt_status = check_guest_password(&server_info);
+
+	} else if (doencrypt) {
+		if (!make_user_info_for_reply_enc(&user_info, 
+						  user, domain, 
+						  lm_resp, nt_resp)) {
+			nt_status = NT_STATUS_NO_MEMORY;
+		} else {
+			nt_status = negprot_global_auth_context->check_ntlm_password(negprot_global_auth_context, 
+										     user_info, 
+										     &server_info);
+		}
+	} else {
+		struct auth_context *plaintext_auth_context = NULL;
+		const uint8 *chal;
+		if (NT_STATUS_IS_OK(nt_status = make_auth_context_subsystem(&plaintext_auth_context))) {
+			chal = plaintext_auth_context->get_ntlm_challenge(plaintext_auth_context);
+			
+			if (!make_user_info_for_reply(&user_info, 
+						      user, domain, chal,
+						      plaintext_password)) {
+				nt_status = NT_STATUS_NO_MEMORY;
+			}
+		
+			if (NT_STATUS_IS_OK(nt_status)) {
+				nt_status = plaintext_auth_context->check_ntlm_password(plaintext_auth_context, 
+											user_info, 
+											&server_info); 
+				
+				(plaintext_auth_context->free)(&plaintext_auth_context);
+			}
+		}
+	}
+
+	free_user_info(&user_info);
+	
+	data_blob_free(&lm_resp);
+	data_blob_free(&nt_resp);
+	data_blob_clear_free(&plaintext_password);
+	
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		nt_status = do_map_to_guest(nt_status, &server_info, user, domain);
+	}
+	
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		return ERROR_NT(nt_status_squash(nt_status));
+	}
+	
+	/* it's ok - setup a reply */
+	if (Protocol < PROTOCOL_NT1) {
+		set_message(outbuf,3,0,True);
+	} else {
+		set_message(outbuf,3,0,True);
+		add_signature(outbuf);
+		/* perhaps grab OS version here?? */
+	}
+	
+	if (server_info->guest) {
+		SSVAL(outbuf,smb_vwv2,1);
+	}
+
+	/* register the name and uid as being validated, so further connections
+	   to a uid can get through without a password, on the same VC */
+
+	sess_vuid = register_vuid(server_info, sub_user);
+
+	free_server_info(&server_info);
+  
+	if (sess_vuid == -1) {
+		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
+	}
+
+ 
+	SSVAL(outbuf,smb_uid,sess_vuid);
+	SSVAL(inbuf,smb_uid,sess_vuid);
+	
+	if (!done_sesssetup)
+		max_send = MIN(max_send,smb_bufsize);
+	
+	done_sesssetup = True;
+	
+	END_PROFILE(SMBsesssetupX);
+	return chain_reply(inbuf,outbuf,length,bufsize);
+}
diff --git a/source3/smbd/smbrun.c b/source3/smbd/smbrun.c
deleted file mode 100644
index df12ae1f85..0000000000
--- a/source3/smbd/smbrun.c
+++ /dev/null
@@ -1,96 +0,0 @@
-/* 
-   Unix SMB/Netbios implementation.
-   Version 1.9.
-   external program running routine
-   Copyright (C) Andrew Tridgell 1992-1995
-   
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2 of the License, or
-   (at your option) any later version.
-   
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-   
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-
-/*******************************************************************
-close the low 3 fd's and open dev/null in their place
-********************************************************************/
-static void close_fds(void)
-{
-  int fd;
-  int i;
-  close(0); close(1); close(2);
-  /* try and use up these file descriptors, so silly
-     library routines writing to stdout etc won't cause havoc */
-  for (i=0;i<3;i++) {
-    fd = open("/dev/null",O_RDWR,0);
-    if (fd < 0) fd = open("/dev/null",O_WRONLY,0);
-    if (fd != i) return;
-  }
-}
-
-
-/*
-This is a wrapper around the system call to allow commands to run correctly 
-as non root from a program which is switching between root and non-root 
-
-It takes one argument as argv[1] and runs it after becoming a non-root
-user
-*/
-int main(int argc,char *argv[])
-{
-  close_fds();
-
-  if (getuid() != geteuid())
-    {
-      int uid,gid;
-      
-      if (getuid() == 0)
-	uid = geteuid();
-      else
-	uid = getuid();
-      
-      if (getgid() == 0)
-	gid = getegid();
-      else
-	gid = getgid();
-      
-#ifdef USE_SETRES
-      setresgid(0,0,0);
-      setresuid(0,0,0);
-      setresgid(gid,gid,gid);
-      setresuid(uid,uid,uid);      
-#else      
-      setuid(0);
-      seteuid(0);
-      setgid(gid);
-      setegid(gid);
-      setuid(uid);
-      seteuid(uid);
-#endif
-
-      if (getuid() != uid)
-	return(3);
-    }
-
-  if (geteuid() != getuid())
-    return(1);
-
-  if (argc < 2)
-    return(2);
-
-  /* this is to make sure that the system() call doesn't run forever */
-  alarm(30);
-
-  return(system(argv[1]));
-}
diff --git a/source3/smbd/srvstr.c b/source3/smbd/srvstr.c
new file mode 100644
index 0000000000..90da422f13
--- /dev/null
+++ b/source3/smbd/srvstr.c
@@ -0,0 +1,32 @@
+/* 
+   Unix SMB/CIFS implementation.
+   server specific string routines
+   Copyright (C) Andrew Tridgell 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+int srvstr_push(void *base_ptr, void *dest, const char *src, int dest_len, int flags)
+{
+	return push_string(base_ptr, dest, src, dest_len, flags);
+}
+
+int srvstr_pull(void *base_ptr, char *dest, const void *src, int dest_len, int src_len, 
+		int flags)
+{
+	return pull_string(base_ptr, dest, src, dest_len, src_len, flags);
+}
diff --git a/source3/smbd/ssl.c b/source3/smbd/ssl.c
new file mode 100644
index 0000000000..7fcb48a954
--- /dev/null
+++ b/source3/smbd/ssl.c
@@ -0,0 +1,286 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SSLeay utility functions
+   Copyright (C) Christian Starkjohann <cs@obdev.at> 1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+/* 
+ * since includes.h pulls in config.h which is were WITH_SSL will be 
+ * defined, we want to include includes.h before testing for WITH_SSL
+ * RJS 26-Jan-1999
+ */
+
+#include "includes.h"
+
+#ifdef WITH_SSL  /* should always be defined if this module is compiled */
+
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
+BOOL            sslEnabled;
+SSL             *ssl = NULL;
+int             sslFd = -1;
+static SSL_CTX  *sslContext = NULL;
+extern int      DEBUGLEVEL;
+
+static int  ssl_verify_cb(int ok, X509_STORE_CTX *ctx)
+{
+char    buffer[256];
+
+    X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),
+            buffer, sizeof(buffer));
+    if(ok){
+        DEBUG(0, ("SSL: Certificate OK: %s\n", buffer));
+    }else{
+        switch (ctx->error){
+        case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+            DEBUG(0, ("SSL: Cert error: CA not known: %s\n", buffer));
+            break;
+        case X509_V_ERR_CERT_NOT_YET_VALID:
+            DEBUG(0, ("SSL: Cert error: Cert not yet valid: %s\n", buffer));
+            break;
+        case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+            DEBUG(0, ("SSL: Cert error: illegal \'not before\' field: %s\n",
+                    buffer));
+            break;
+        case X509_V_ERR_CERT_HAS_EXPIRED:
+            DEBUG(0, ("SSL: Cert error: Cert expired: %s\n", buffer));
+            break;
+        case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+            DEBUG(0, ("SSL: Cert error: invalid \'not after\' field: %s\n",
+                    buffer));
+            break;
+        default:
+            DEBUG(0, ("SSL: Cert error: unknown error %d in %s\n", ctx->error,
+                    buffer));
+            break;
+        }
+    }
+    return ok;
+}
+
+static RSA  *ssl_temp_rsa_cb(SSL *ssl, int is_export, int keylength)
+{
+static RSA  *rsa = NULL;
+    
+    if(rsa == NULL)
+        rsa = RSA_generate_key(keylength, RSA_F4, NULL, NULL);
+    return rsa;
+}
+
+/* This is called before we fork. It should ask the user for the pass phrase
+ * if necessary. Error output can still go to stderr because the process
+ * has a terminal.
+ */
+int sslutil_init(int isServer)
+{
+int     err, entropybytes;
+char    *certfile, *keyfile, *ciphers, *cacertDir, *cacertFile;
+char	*egdsocket, *entropyfile;
+
+    SSL_load_error_strings();
+    SSLeay_add_ssl_algorithms();
+    egdsocket = lp_ssl_egdsocket();
+    if (egdsocket != NULL && *egdsocket != 0)
+	RAND_egd(egdsocket);
+    entropyfile = lp_ssl_entropyfile();
+    entropybytes = lp_ssl_entropybytes();
+    if (entropyfile != NULL && *entropyfile != 0)
+	RAND_load_file(entropyfile, entropybytes);
+    switch(lp_ssl_version()){
+        case SMB_SSL_V2:    sslContext = SSL_CTX_new(SSLv2_method());   break;
+        case SMB_SSL_V3:    sslContext = SSL_CTX_new(SSLv3_method());   break;
+        default:
+        case SMB_SSL_V23:   sslContext = SSL_CTX_new(SSLv23_method());  break;
+        case SMB_SSL_TLS1:  sslContext = SSL_CTX_new(TLSv1_method());   break;
+    }
+    if(sslContext == NULL){
+        err = ERR_get_error();
+        fprintf(stderr, "SSL: Error allocating context: %s\n",
+                ERR_error_string(err, NULL));
+        exit(1);
+    }
+    if(lp_ssl_compatibility()){
+        SSL_CTX_set_options(sslContext, SSL_OP_ALL);
+    }
+    certfile = isServer ? lp_ssl_server_cert() : lp_ssl_client_cert();
+    if((certfile == NULL || *certfile == 0) && isServer){
+        fprintf(stderr, "SSL: No cert file specified in config file!\n");
+        fprintf(stderr, "The server MUST have a certificate!\n");
+        exit(1);
+    }
+    keyfile = isServer ? lp_ssl_server_privkey() : lp_ssl_client_privkey();
+    if(keyfile == NULL || *keyfile == 0)
+        keyfile = certfile;
+    if(certfile != NULL && *certfile != 0){
+        if(!SSL_CTX_use_certificate_chain_file(sslContext, certfile)){
+            err = ERR_get_error();
+            fprintf(stderr, "SSL: error reading certificate from file %s: %s\n",
+                    certfile, ERR_error_string(err, NULL));
+            exit(1);
+        }
+        if(!SSL_CTX_use_PrivateKey_file(sslContext, keyfile, SSL_FILETYPE_PEM)){
+            err = ERR_get_error();
+            fprintf(stderr, "SSL: error reading private key from file %s: %s\n",
+                    keyfile, ERR_error_string(err, NULL));
+            exit(1);
+        }
+        if(!SSL_CTX_check_private_key(sslContext)){
+            err = ERR_get_error();
+            fprintf(stderr, "SSL: Private key does not match public key in cert!\n");
+            exit(1);
+        }
+    }
+    cacertDir = lp_ssl_cacertdir();
+    cacertFile = lp_ssl_cacertfile();
+    if(cacertDir != NULL && *cacertDir == 0)
+        cacertDir = NULL;
+    if(cacertFile != NULL && *cacertFile == 0)
+        cacertFile = NULL;
+    if(!SSL_CTX_load_verify_locations(sslContext, cacertFile, cacertDir)){
+        err = ERR_get_error();
+	if (cacertFile || cacertDir) {
+       	    fprintf(stderr, "SSL: Error error setting CA cert locations: %s\n",
+		ERR_error_string(err, NULL));
+            fprintf(stderr, "trying default locations.\n");
+	}
+        cacertFile = cacertDir = NULL;
+        if(!SSL_CTX_set_default_verify_paths(sslContext)){
+            err = ERR_get_error();
+            fprintf(stderr, "SSL: Error error setting default CA cert location: %s\n",
+                    ERR_error_string(err, NULL));
+            exit(1);
+        }
+    }
+    SSL_CTX_set_tmp_rsa_callback(sslContext, ssl_temp_rsa_cb);
+    if((ciphers = lp_ssl_ciphers()) != NULL && *ciphers != 0)
+        SSL_CTX_set_cipher_list(sslContext, ciphers);
+    if((isServer && lp_ssl_reqClientCert()) || (!isServer && lp_ssl_reqServerCert())){
+        SSL_CTX_set_verify(sslContext,
+            SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, ssl_verify_cb);
+    }else{
+        SSL_CTX_set_verify(sslContext, SSL_VERIFY_NONE, ssl_verify_cb);
+    }
+#if 1 /* don't know what this is good for, but s_server in SSLeay does it, too */
+    if(isServer){
+        SSL_CTX_set_client_CA_list(sslContext, SSL_load_client_CA_file(certfile));
+    }
+#endif
+    return 0;
+}
+
+int sslutil_accept(int fd)
+{
+int     err;
+
+    if(ssl != NULL){
+        DEBUG(0, ("SSL: internal error: more than one SSL connection (server)\n"));
+        return -1;
+    }
+    if((ssl = SSL_new(sslContext)) == NULL){
+        err = ERR_get_error();
+        DEBUG(0, ("SSL: Error allocating handle: %s\n",
+            ERR_error_string(err, NULL)));
+        return -1;
+    }
+    SSL_set_fd(ssl, fd);
+    sslFd = fd;
+    if(SSL_accept(ssl) <= 0){
+        err = ERR_get_error();
+        DEBUG(0, ("SSL: Error accepting on socket: %s\n",
+            ERR_error_string(err, NULL)));
+        return -1;
+    }
+    DEBUG(0, ("SSL: negotiated cipher: %s\n", SSL_get_cipher(ssl)));
+    return 0;
+}
+
+int sslutil_fd_is_ssl(int fd)
+{
+    return fd == sslFd;
+}
+
+int sslutil_connect(int fd)
+{
+int     err;
+
+    if(ssl != NULL){
+        DEBUG(0, ("SSL: internal error: more than one SSL connection (client)\n"));
+        return -1;
+    }
+    if((ssl = SSL_new(sslContext)) == NULL){
+        err = ERR_get_error();
+        DEBUG(0, ("SSL: Error allocating handle: %s\n",
+            ERR_error_string(err, NULL)));
+        return -1;
+    }
+    SSL_set_fd(ssl, fd);
+    sslFd = fd;
+    if(SSL_connect(ssl) <= 0){
+        err = ERR_get_error();
+        DEBUG(0, ("SSL: Error conencting socket: %s\n",
+            ERR_error_string(err, NULL)));
+        return -1;
+    }
+    DEBUG(0, ("SSL: negotiated cipher: %s\n", SSL_get_cipher(ssl)));
+    return 0;
+}
+
+int sslutil_disconnect(int fd)
+{
+    if(fd == sslFd && ssl != NULL){
+        SSL_free(ssl);
+        ssl = NULL;
+        sslFd = -1;
+    }
+    return 0;
+}
+
+int sslutil_negotiate_ssl(int fd, int msg_type)
+{
+unsigned char   buf[5] = {0x83, 0, 0, 1, 0x81};
+char            *reqHosts, *resignHosts;
+
+    reqHosts = lp_ssl_hosts();
+    resignHosts = lp_ssl_hosts_resign();
+    if(!allow_access(resignHosts, reqHosts, get_socket_name(fd), get_socket_addr(fd))){
+        sslEnabled = False;
+        return 0;
+    }
+    if(msg_type != 0x81){ /* first packet must be a session request */
+        DEBUG( 0, ( "Client %s did not use session setup; access denied\n",
+                     client_addr() ) );
+        if (!send_smb(fd, (char *)buf))
+          DEBUG(0, ("sslutil_negotiate_ssl: send_smb failed.\n"));
+        return -1;
+    }
+    buf[4] = 0x8e;  /* negative session response: use SSL */
+    if (!send_smb(fd, (char *)buf)) {
+        DEBUG(0,("sslutil_negotiate_ssl: send_smb failed.\n"));
+        return -1;
+    }
+    if(sslutil_accept(fd) != 0){
+        DEBUG( 0, ( "Client %s failed SSL negotiation!\n", client_addr() ) );
+        return -1;
+    }
+    return 1;
+}
+
+#else /* WITH_SSL */
+ void ssl_dummy(void);
+ void ssl_dummy(void) {;} /* So some compilers don't complain. */
+#endif  /* WITH_SSL */
diff --git a/source3/smbd/statcache.c b/source3/smbd/statcache.c
new file mode 100644
index 0000000000..93782b9bb0
--- /dev/null
+++ b/source3/smbd/statcache.c
@@ -0,0 +1,230 @@
+/* 
+   Unix SMB/CIFS implementation.
+   stat cache code
+   Copyright (C) Andrew Tridgell 1992-2000
+   Copyright (C) Jeremy Allison 1999-2000
+   
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+extern BOOL case_sensitive;
+
+
+/****************************************************************************
+ Stat cache code used in unix_convert.
+*****************************************************************************/
+
+typedef struct {
+  int name_len;
+  char names[2]; /* This is extended via malloc... */
+} stat_cache_entry;
+
+#define INIT_STAT_CACHE_SIZE 512
+static hash_table stat_cache;
+
+/****************************************************************************
+ Add an entry into the stat cache.
+*****************************************************************************/
+
+void stat_cache_add( char *full_orig_name, char *orig_translated_path)
+{
+  stat_cache_entry *scp;
+  stat_cache_entry *found_scp;
+  pstring orig_name;
+  pstring translated_path;
+  int namelen;
+  hash_element *hash_elem;
+
+  if (!lp_stat_cache()) return;
+
+  namelen = strlen(orig_translated_path);
+
+  /*
+   * Don't cache trivial valid directory entries.
+   */
+  if((*full_orig_name == '\0') || (strcmp(full_orig_name, ".") == 0) ||
+     (strcmp(full_orig_name, "..") == 0))
+    return;
+
+  /*
+   * If we are in case insentive mode, we need to
+   * store names that need no translation - else, it
+   * would be a waste.
+   */
+
+  if(case_sensitive && (strcmp(full_orig_name, orig_translated_path) == 0))
+    return;
+
+  /*
+   * Remove any trailing '/' characters from the
+   * translated path.
+   */
+
+  pstrcpy(translated_path, orig_translated_path);
+  if(translated_path[namelen-1] == '/') {
+    translated_path[namelen-1] = '\0';
+    namelen--;
+  }
+
+  /*
+   * We will only replace namelen characters 
+   * of full_orig_name.
+   * StrnCpy always null terminates.
+   */
+
+  StrnCpy(orig_name, full_orig_name, namelen);
+  if(!case_sensitive)
+    strupper( orig_name );
+
+  /*
+   * Check this name doesn't exist in the cache before we 
+   * add it.
+   */
+
+  if ((hash_elem = hash_lookup(&stat_cache, orig_name))) {
+    found_scp = (stat_cache_entry *)(hash_elem->value);
+    if (strcmp((found_scp->names+found_scp->name_len+1), translated_path) == 0) {
+      return;
+    } else {
+      hash_remove(&stat_cache, hash_elem);
+      if((scp = (stat_cache_entry *)malloc(sizeof(stat_cache_entry)+2*namelen)) == NULL) {
+        DEBUG(0,("stat_cache_add: Out of memory !\n"));
+        return;
+      }
+      pstrcpy(scp->names, orig_name);
+      pstrcpy((scp->names+namelen+1), translated_path);
+      scp->name_len = namelen;
+      hash_insert(&stat_cache, (char *)scp, orig_name);
+    }
+    return;
+  } else {
+
+    /*
+     * New entry.
+     */
+
+    if((scp = (stat_cache_entry *)malloc(sizeof(stat_cache_entry)+2*namelen)) == NULL) {
+      DEBUG(0,("stat_cache_add: Out of memory !\n"));
+      return;
+    }
+    pstrcpy(scp->names, orig_name);
+    pstrcpy(scp->names+namelen+1, translated_path);
+    scp->name_len = namelen;
+    hash_insert(&stat_cache, (char *)scp, orig_name);
+  }
+
+  DEBUG(5,("stat_cache_add: Added entry %s -> %s\n", scp->names, (scp->names+scp->name_len+1)));
+}
+
+/****************************************************************************
+ Look through the stat cache for an entry - promote it to the top if found.
+ Return True if we translated (and did a scuccessful stat on) the entire name.
+*****************************************************************************/
+
+BOOL stat_cache_lookup(connection_struct *conn, char *name, char *dirpath, 
+		       char **start, SMB_STRUCT_STAT *pst)
+{
+  stat_cache_entry *scp;
+  char *trans_name;
+  pstring chk_name;
+  int namelen;
+  hash_element *hash_elem;
+  char *sp;
+
+  if (!lp_stat_cache())
+    return False;
+ 
+  namelen = strlen(name);
+
+  *start = name;
+
+  DO_PROFILE_INC(statcache_lookups);
+
+  /*
+   * Don't lookup trivial valid directory entries.
+   */
+  if((*name == '\0') || (strcmp(name, ".") == 0) || (strcmp(name, "..") == 0)) {
+    DO_PROFILE_INC(statcache_misses);
+    return False;
+  }
+
+  pstrcpy(chk_name, name);
+  if(!case_sensitive)
+    strupper( chk_name );
+
+  while (1) {
+    hash_elem = hash_lookup(&stat_cache, chk_name);
+    if(hash_elem == NULL) {
+      /*
+       * Didn't find it - remove last component for next try.
+       */
+      sp = strrchr_m(chk_name, '/');
+      if (sp) {
+        *sp = '\0';
+      } else {
+        /*
+         * We reached the end of the name - no match.
+         */
+	DO_PROFILE_INC(statcache_misses);
+        return False;
+      }
+      if((*chk_name == '\0') || (strcmp(chk_name, ".") == 0)
+                          || (strcmp(chk_name, "..") == 0)) {
+	DO_PROFILE_INC(statcache_misses);
+        return False;
+      }
+    } else {
+      scp = (stat_cache_entry *)(hash_elem->value);
+      DO_PROFILE_INC(statcache_hits);
+      trans_name = scp->names+scp->name_len+1;
+      if(vfs_stat(conn,trans_name, pst) != 0) {
+        /* Discard this entry - it doesn't exist in the filesystem.  */
+        hash_remove(&stat_cache, hash_elem);
+        return False;
+      }
+      memcpy(name, trans_name, scp->name_len);
+      *start = &name[scp->name_len];
+      if(**start == '/')
+        ++*start;
+      StrnCpy( dirpath, trans_name, name - (*start));
+      return (namelen == scp->name_len);
+    }
+  }
+}
+
+/*************************************************************************** **
+ * Initializes or clears the stat cache.
+ *
+ *  Input:  none.
+ *  Output: none.
+ *
+ * ************************************************************************** **
+ */
+BOOL reset_stat_cache( void )
+{
+	static BOOL initialised;
+	if (!lp_stat_cache()) return True;
+
+	if (initialised) {
+		hash_clear(&stat_cache);
+	}
+
+	initialised = hash_table_init( &stat_cache, INIT_STAT_CACHE_SIZE, 
+				       (compare_function)(strcmp));
+	return initialised;
+} /* reset_stat_cache  */
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 9d02123cf8..1972e9c8c8 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -1,8 +1,7 @@
 /* 
-   Unix SMB/Netbios implementation.
-   Version 1.9.
+   Unix SMB/CIFS implementation.
    SMB transaction2 handling
-   Copyright (C) Jeremy Allison 1994
+   Copyright (C) Jeremy Allison 1994-2001
 
    Extensively modified by Andrew Tridgell, 1995
 
@@ -22,15 +21,14 @@
 */
 
 #include "includes.h"
-#include "loadparm.h"
-#include "trans2.h"
 
-extern int DEBUGLEVEL;
 extern int Protocol;
-extern connection_struct Connections[];
-extern files_struct Files[];
 extern BOOL case_sensitive;
-extern int Client;
+extern int smb_read_error;
+extern fstring local_machine;
+extern int global_oplock_break;
+extern uint32 global_client_caps;
+extern pstring global_myname;
 
 /****************************************************************************
   Send the required number of replies back.
@@ -38,23 +36,25 @@ extern int Client;
   set correctly for the type of call.
   HACK ! Always assumes smb_setup field is zero.
 ****************************************************************************/
+
 static int send_trans2_replies(char *outbuf, int bufsize, char *params, 
-			 int paramsize, char *pdata, int datasize)
+			       int paramsize, char *pdata, int datasize)
 {
-  /* As we are using a protocol > LANMAN1 then the maxxmit
+  /* As we are using a protocol > LANMAN1 then the max_send
      variable must have been set in the sessetupX call.
      This takes precedence over the max_xmit field in the
      global struct. These different max_xmit variables should
      be merged as this is now too confusing */
 
-  extern int maxxmit;
+  extern int max_send;
   int data_to_send = datasize;
   int params_to_send = paramsize;
   int useable_space;
   char *pp = params;
   char *pd = pdata;
   int params_sent_thistime, data_sent_thistime, total_sent_thistime;
-  int alignment_offset = 1;
+  int alignment_offset = 1; /* JRA. This used to be 3. Set to 1 to make netmon parse ok. */
+  int data_alignment_offset = 0;
 
   /* Initially set the wcnt area to be 10 - this is true for all
      trans2 replies */
@@ -63,107 +63,136 @@ static int send_trans2_replies(char *outbuf, int bufsize, char *params,
   /* If there genuinely are no parameters or data to send just send
      the empty packet */
   if(params_to_send == 0 && data_to_send == 0)
-    {
-      send_smb(Client,outbuf);
-      return 0;
-    }
+  {
+    if (!send_smb(smbd_server_fd(),outbuf))
+      exit_server("send_trans2_replies: send_smb failed.");
+    return 0;
+  }
+
+  /* When sending params and data ensure that both are nicely aligned */
+  /* Only do this alignment when there is also data to send - else
+     can cause NT redirector problems. */
+  if (((params_to_send % 4) != 0) && (data_to_send != 0))
+    data_alignment_offset = 4 - (params_to_send % 4);
 
   /* Space is bufsize minus Netbios over TCP header minus SMB header */
-  /* The + 1 is to align the param and data bytes on an even byte
+  /* The alignment_offset is to align the param bytes on an even byte
      boundary. NT 4.0 Beta needs this to work correctly. */
-  useable_space = bufsize - ((smb_buf(outbuf)+alignment_offset) - outbuf);
-  useable_space = MIN(useable_space, maxxmit); /* XXX is this needed? correct? */
+  useable_space = bufsize - ((smb_buf(outbuf)+
+                    alignment_offset+data_alignment_offset) - 
+                    outbuf);
 
-  while( params_to_send || data_to_send)
-    {
-      /* Calculate whether we will totally or partially fill this packet */
-      total_sent_thistime = params_to_send + data_to_send + alignment_offset;
-      total_sent_thistime = MIN(total_sent_thistime, useable_space);
+  /* useable_space can never be more than max_send minus the
+     alignment offset. */
+  useable_space = MIN(useable_space, 
+                      max_send - (alignment_offset+data_alignment_offset));
 
-      set_message(outbuf, 10, total_sent_thistime, True);
 
-      /* Set total params and data to be sent */
-      SSVAL(outbuf,smb_tprcnt,paramsize);
-      SSVAL(outbuf,smb_tdrcnt,datasize);
+  while (params_to_send || data_to_send)
+  {
+    /* Calculate whether we will totally or partially fill this packet */
+    total_sent_thistime = params_to_send + data_to_send + 
+                            alignment_offset + data_alignment_offset;
+    /* We can never send more than useable_space */
+    /*
+     * Note that 'useable_space' does not include the alignment offsets,
+     * but we must include the alignment offsets in the calculation of
+     * the length of the data we send over the wire, as the alignment offsets
+     * are sent here. Fix from Marc_Jacobsen@hp.com.
+     */
+    total_sent_thistime = MIN(total_sent_thistime, useable_space+
+			        alignment_offset + data_alignment_offset);
+
+    set_message(outbuf, 10, total_sent_thistime, True);
+
+    /* Set total params and data to be sent */
+    SSVAL(outbuf,smb_tprcnt,paramsize);
+    SSVAL(outbuf,smb_tdrcnt,datasize);
+
+    /* Calculate how many parameters and data we can fit into
+       this packet. Parameters get precedence */
+
+    params_sent_thistime = MIN(params_to_send,useable_space);
+    data_sent_thistime = useable_space - params_sent_thistime;
+    data_sent_thistime = MIN(data_sent_thistime,data_to_send);
+
+    SSVAL(outbuf,smb_prcnt, params_sent_thistime);
+
+    /* smb_proff is the offset from the start of the SMB header to the
+       parameter bytes, however the first 4 bytes of outbuf are
+       the Netbios over TCP header. Thus use smb_base() to subtract
+       them from the calculation */
+
+    SSVAL(outbuf,smb_proff,((smb_buf(outbuf)+alignment_offset) - smb_base(outbuf)));
+
+    if(params_sent_thistime == 0)
+      SSVAL(outbuf,smb_prdisp,0);
+    else
+      /* Absolute displacement of param bytes sent in this packet */
+      SSVAL(outbuf,smb_prdisp,pp - params);
+
+    SSVAL(outbuf,smb_drcnt, data_sent_thistime);
+    if(data_sent_thistime == 0)
+    {
+      SSVAL(outbuf,smb_droff,0);
+      SSVAL(outbuf,smb_drdisp, 0);
+    }
+    else
+    {
+      /* The offset of the data bytes is the offset of the
+         parameter bytes plus the number of parameters being sent this time */
+      SSVAL(outbuf,smb_droff,((smb_buf(outbuf)+alignment_offset) - 
+            smb_base(outbuf)) + params_sent_thistime + data_alignment_offset);
+      SSVAL(outbuf,smb_drdisp, pd - pdata);
+    }
 
-      /* Calculate how many parameters and data we can fit into
-	 this packet. Parameters get precedence */
+    /* Copy the param bytes into the packet */
+    if(params_sent_thistime)
+      memcpy((smb_buf(outbuf)+alignment_offset),pp,params_sent_thistime);
+    /* Copy in the data bytes */
+    if(data_sent_thistime)
+      memcpy(smb_buf(outbuf)+alignment_offset+params_sent_thistime+
+             data_alignment_offset,pd,data_sent_thistime);
 
-      params_sent_thistime = MIN(params_to_send,useable_space);
-      data_sent_thistime = useable_space - params_sent_thistime;
-      data_sent_thistime = MIN(data_sent_thistime,data_to_send);
+    DEBUG(9,("t2_rep: params_sent_thistime = %d, data_sent_thistime = %d, useable_space = %d\n",
+          params_sent_thistime, data_sent_thistime, useable_space));
+    DEBUG(9,("t2_rep: params_to_send = %d, data_to_send = %d, paramsize = %d, datasize = %d\n",
+          params_to_send, data_to_send, paramsize, datasize));
 
-      SSVAL(outbuf,smb_prcnt, params_sent_thistime);
-      if(params_sent_thistime == 0)
-	{
-	  SSVAL(outbuf,smb_proff,0);
-	  SSVAL(outbuf,smb_prdisp,0);
-	} else {
-	  /* smb_proff is the offset from the start of the SMB header to the
-	     parameter bytes, however the first 4 bytes of outbuf are
-	     the Netbios over TCP header. Thus use smb_base() to subtract
-	     them from the calculation */
-	  SSVAL(outbuf,smb_proff,((smb_buf(outbuf)+alignment_offset) - smb_base(outbuf)));
-	  /* Absolute displacement of param bytes sent in this packet */
-	  SSVAL(outbuf,smb_prdisp,pp - params);
-	}
+    /* Send the packet */
+    if (!send_smb(smbd_server_fd(),outbuf))
+		exit_server("send_trans2_replies: send_smb failed.");
 
-      SSVAL(outbuf,smb_drcnt, data_sent_thistime);
-      if(data_sent_thistime == 0)
-	{
-	  SSVAL(outbuf,smb_droff,0);
-	  SSVAL(outbuf,smb_drdisp, 0);
-	} else {
-	  /* The offset of the data bytes is the offset of the
-	     parameter bytes plus the number of parameters being sent this time */
-	  SSVAL(outbuf,smb_droff,((smb_buf(outbuf)+alignment_offset) - 
-				  smb_base(outbuf)) + params_sent_thistime);
-	  SSVAL(outbuf,smb_drdisp, pd - pdata);
-	}
+    pp += params_sent_thistime;
+    pd += data_sent_thistime;
 
-      /* Copy the param bytes into the packet */
-      if(params_sent_thistime)
-	memcpy((smb_buf(outbuf)+alignment_offset),pp,params_sent_thistime);
-      /* Copy in the data bytes */
-      if(data_sent_thistime)
-	memcpy(smb_buf(outbuf)+alignment_offset+params_sent_thistime,pd,data_sent_thistime);
-
-      DEBUG(9,("t2_rep: params_sent_thistime = %d, data_sent_thistime = %d, useable_space = %d\n",
-	       params_sent_thistime, data_sent_thistime, useable_space));
-      DEBUG(9,("t2_rep: params_to_send = %d, data_to_send = %d, paramsize = %d, datasize = %d\n",
-	       params_to_send, data_to_send, paramsize, datasize));
-
-      /* Send the packet */
-      send_smb(Client,outbuf);
-
-      pp += params_sent_thistime;
-      pd += data_sent_thistime;
-
-      params_to_send -= params_sent_thistime;
-      data_to_send -= data_sent_thistime;
-
-      /* Sanity check */
-      if(params_to_send < 0 || data_to_send < 0)
-	{
-	  DEBUG(2,("send_trans2_replies failed sanity check pts = %d, dts = %d\n!!!",
-		   params_to_send, data_to_send));
-	  return -1;
-	}
+    params_to_send -= params_sent_thistime;
+    data_to_send -= data_sent_thistime;
+
+    /* Sanity check */
+    if(params_to_send < 0 || data_to_send < 0)
+    {
+      DEBUG(0,("send_trans2_replies failed sanity check pts = %d, dts = %d\n!!!",
+            params_to_send, data_to_send));
+      return -1;
     }
+  }
 
   return 0;
 }
 
-
 /****************************************************************************
-  reply to a TRANSACT2_OPEN
+ Reply to a TRANSACT2_OPEN.
 ****************************************************************************/
-static int call_trans2open(char *inbuf, char *outbuf, int bufsize, int cnum, 
-		    char **pparams, char **ppdata)
+
+static int call_trans2open(connection_struct *conn, char *inbuf, char *outbuf, 
+			   int bufsize,  
+			   char **pparams, char **ppdata)
 {
   char *params = *pparams;
   int16 open_mode = SVAL(params, 2);
   int16 open_attr = SVAL(params,6);
+  BOOL oplock_request = (((SVAL(params,0)|(1<<1))>>1) | ((SVAL(params,0)|(1<<2))>>1));
 #if 0
   BOOL return_additional_info = BITSETW(params,0);
   int16 open_sattr = SVAL(params, 4);
@@ -172,68 +201,85 @@ static int call_trans2open(char *inbuf, char *outbuf, int bufsize, int cnum,
   int16 open_ofun = SVAL(params,12);
   int32 open_size = IVAL(params,14);
   char *pname = &params[28];
-  int16 namelen = strlen(pname)+1;
-
   pstring fname;
-  int fnum = -1;
-  int unixmode;
-  int size=0,fmode=0,mtime=0,rmode;
-  int32 inode = 0;
-  struct stat sbuf;
+  mode_t unixmode;
+  SMB_OFF_T size=0;
+  int fmode=0,mtime=0,rmode;
+  SMB_INO_T inode = 0;
+  SMB_STRUCT_STAT sbuf;
   int smb_action = 0;
+  BOOL bad_path = False;
+  files_struct *fsp;
+
+  srvstr_pull(inbuf, fname, pname, sizeof(fname), -1, STR_TERMINATE);
 
-  StrnCpy(fname,pname,namelen);
+  DEBUG(3,("trans2open %s mode=%d attr=%d ofun=%d size=%d\n",
+	   fname,open_mode, open_attr, open_ofun, open_size));
 
-  DEBUG(3,("trans2open %s cnum=%d mode=%d attr=%d ofun=%d size=%d\n",
-	   fname,cnum,open_mode, open_attr, open_ofun, open_size));
+  if (IS_IPC(conn)) {
+		return(ERROR_DOS(ERRSRV,ERRaccess));
+  }
 
   /* XXXX we need to handle passed times, sattr and flags */
 
-  unix_convert(fname,cnum);
+  unix_convert(fname,conn,0,&bad_path,&sbuf);
     
-  fnum = find_free_file();
-  if (fnum < 0)
-    return(ERROR(ERRSRV,ERRnofids));
-
-  if (!check_name(fname,cnum))
+  if (!check_name(fname,conn))
+  {
+    if((errno == ENOENT) && bad_path)
+    {
+      unix_ERR_class = ERRDOS;
+      unix_ERR_code = ERRbadpath;
+    }
     return(UNIXERROR(ERRDOS,ERRnoaccess));
+  }
 
-  unixmode = unix_mode(cnum,open_attr | aARCH);
-      
+  unixmode = unix_mode(conn,open_attr | aARCH, fname);
       
-  open_file_shared(fnum,cnum,fname,open_mode,open_ofun,unixmode,
-		   &rmode,&smb_action);
+  fsp = open_file_shared(conn,fname,&sbuf,open_mode,open_ofun,unixmode,
+		   oplock_request, &rmode,&smb_action);
       
-  if (!Files[fnum].open)
+  if (!fsp)
+  {
+    if((errno == ENOENT) && bad_path)
+    {
+      unix_ERR_class = ERRDOS;
+      unix_ERR_code = ERRbadpath;
+    }
     return(UNIXERROR(ERRDOS,ERRnoaccess));
-
-  if (fstat(Files[fnum].fd,&sbuf) != 0) {
-    close_file(fnum);
-    return(ERROR(ERRDOS,ERRnoaccess));
   }
-    
+
   size = sbuf.st_size;
-  fmode = dos_mode(cnum,fname,&sbuf);
+  fmode = dos_mode(conn,fname,&sbuf);
   mtime = sbuf.st_mtime;
   inode = sbuf.st_ino;
   if (fmode & aDIR) {
-    close_file(fnum);
-    return(ERROR(ERRDOS,ERRnoaccess));
+    close_file(fsp,False);
+    return(ERROR_DOS(ERRDOS,ERRnoaccess));
   }
 
   /* Realloc the size of parameters and data we will return */
-  params = *pparams = Realloc(*pparams, 28);
-  if(params == NULL)
-    return(ERROR(ERRDOS,ERRnomem));
+  params	= Realloc(*pparams, 28);
+  if( params == NULL ) {
+    return(ERROR_DOS(ERRDOS,ERRnomem));
+  }
+  *pparams	= params;
 
-  bzero(params,28);
-  SSVAL(params,0,fnum);
+  memset((char *)params,'\0',28);
+  SSVAL(params,0,fsp->fnum);
   SSVAL(params,2,fmode);
   put_dos_date2(params,4, mtime);
-  SIVAL(params,8, size);
+  SIVAL(params,8, (uint32)size);
   SSVAL(params,12,rmode);
 
+  if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
+    smb_action |= EXTENDED_OPLOCK_GRANTED;
+  }
+
   SSVAL(params,18,smb_action);
+  /*
+   * WARNING - this may need to be changed if SMB_INO_T <> 4 bytes.
+   */
   SIVAL(params,20,inode);
  
   /* Send the required number of replies */
@@ -242,292 +288,503 @@ static int call_trans2open(char *inbuf, char *outbuf, int bufsize, int cnum,
   return -1;
 }
 
+/*********************************************************
+ Routine to check if a given string matches exactly.
+ as a special case a mask of "." does NOT match. That
+ is required for correct wildcard semantics
+ Case can be significant or not.
+**********************************************************/
+
+static BOOL exact_match(char *str,char *mask, BOOL case_sig) 
+{
+	if (mask[0] == '.' && mask[1] == 0)
+		return False;
+	if (case_sig)	
+		return strcmp(str,mask)==0;
+	return strcasecmp(str,mask) == 0;
+}
+
+#if 0
+
+Not finished yet - jra.
+
 /****************************************************************************
-  get a level dependent lanman2 dir entry.
+ Return the filetype for UNIX extensions.
 ****************************************************************************/
-static int get_lanman2_dir_entry(int cnum,char *path_mask,int dirtype,int info_level,
-				 int requires_resume_key,
-				 BOOL dont_descend,char **ppdata, 
-				 char *base_data, int space_remaining, 
-				 BOOL *out_of_space,
-				 int *last_name_off)
+
+static uint32 unix_filetype(mode_t mode)
 {
-  char *dname;
-  BOOL found = False;
-  struct stat sbuf;
-  pstring mask;
-  pstring pathreal;
-  pstring fname;
-  BOOL matched;
-  char *p, *pdata = *ppdata;
-  int reskey=0, prev_dirpos=0;
-  int mode=0;
-  uint32 size=0,len;
-  uint32 mdate=0, adate=0, cdate=0;
-  char *name_ptr;
-  BOOL isrootdir = (strequal(Connections[cnum].dirpath,"./") ||
-		    strequal(Connections[cnum].dirpath,".") ||
-		    strequal(Connections[cnum].dirpath,"/"));
-  BOOL was_8_3;
-
-  *fname = 0;
-  *out_of_space = False;
-
-  if (!Connections[cnum].dirptr)
-    return(False);
-
-  p = strrchr(path_mask,'/');
-  if(p != NULL)
-    {
-      if(p[1] == '\0')
-	strcpy(mask,"*.*");
-      else
-	strcpy(mask, p+1);
-    }
-  else
-    strcpy(mask, path_mask);
+	if(S_ISREG(mode))
+		return UNIX_TYPE_FILE;
+	else if(S_ISDIR(mode))
+		return UNIX_TYPE_DIR;
+#ifdef S_ISLNK
+	else if(S_ISLNK(mode))
+		return UNIX_TYPE_SYMLINK;
+#endif
+#ifdef S_ISCHR
+	else if(S_ISCHR(mode))
+		return UNIX_TYPE_CHARDEV;
+#endif
+#ifdef S_ISBLK
+	else if(S_ISBLK(mode))
+		return UNIX_TYPE_BLKDEV;
+#endif
+#ifdef S_ISFIFO
+	else if(S_ISFIFO(mode))
+		return UNIX_TYPE_FIFO;
+#endif
+#ifdef S_ISSOCK
+	else if(S_ISSOCK(mode))
+		return UNIX_TYPE_SOCKET;
+#endif
 
-  while (!found)
-    {
-      /* Needed if we run out of space */
-      prev_dirpos = TellDir(Connections[cnum].dirptr);
-      dname = ReadDirName(Connections[cnum].dirptr);
+	DEBUG(0,("unix_filetype: unknown filetype %u", (unsigned)mode));
+	return UNIX_TYPE_UNKNOWN;
+}
 
-      reskey = TellDir(Connections[cnum].dirptr);
+/****************************************************************************
+ Return the major devicenumber for UNIX extensions.
+****************************************************************************/
 
-      DEBUG(6,("get_lanman2_dir_entry:readdir on dirptr 0x%x now at offset %d\n",
-	       Connections[cnum].dirptr,TellDir(Connections[cnum].dirptr)));
-      
-      if (!dname) 
-	return(False);
+static uint32 unix_dev_major(SMB_DEV_T dev)
+{
+#if defined(HAVE_DEVICE_MAJOR_FN)
+	return (uint32)major(dev);
+#else
+	return (uint32)(dev >> 8);
+#endif
+}
 
-      matched = False;
+/****************************************************************************
+ Return the minor devicenumber for UNIX extensions.
+****************************************************************************/
 
-      strcpy(fname,dname);      
+static uint32 unix_dev_minor(SMB_DEV_T dev)
+{
+#if defined(HAVE_DEVICE_MINOR_FN)
+	return (uint32)minor(dev);
+#else
+	return (uint32)(dev & 0xff);
+#endif
+}
 
-      if(mask_match(fname, mask, case_sensitive, True))
-	{
-	  BOOL isdots = (strequal(fname,"..") || strequal(fname,"."));
-	  if (dont_descend && !isdots)
-	    continue;
-	  
-	  if (isrootdir && isdots)
-	    continue;
-
-	  strcpy(pathreal,Connections[cnum].dirpath);
-	  strcat(pathreal,"/");
-	  strcat(pathreal,fname);
-	  if (sys_stat(pathreal,&sbuf) != 0) 
-	    {
-	      DEBUG(5,("get_lanman2_dir_entry:Couldn't stat [%s] (%s)\n",pathreal,strerror(errno)));
-	      continue;
-	    }
+/****************************************************************************
+ Map standard UNIX permissions onto wire representations.
+****************************************************************************/
+
+static uint32  unix_perms_to_wire(mode_t perms)
+{
+	uint ret = 0;
+
+	ret |= ((perms & S_IXOTH) ?  UNIX_X_OTH : 0);
+	ret |= ((perms & S_IWOTH) ?  UNIX_W_OTH : 0);
+	ret |= ((perms & S_IROTH) ?  UNIX_R_OTH : 0);
+	ret |= ((perms & S_IXGRP) ?  UNIX_X_GRP : 0);
+	ret |= ((perms & S_IWGRP) ?  UNIX_W_GRP : 0);
+	ret |= ((perms & S_IRGRP) ?  UNIX_R_GRP : 0);
+	ret |= ((perms & S_IXUSR) ?  UNIX_X_USR : 0);
+	ret |= ((perms & S_IWUSR) ?  UNIX_W_USR : 0);
+	ret |= ((perms & S_IRUSR) ?  UNIX_R_USR : 0);
+#ifdef S_ISVTX
+	ret |= ((perms & S_ISVTX) ?  UNIX_STICKY : 0);
+#endif
+#ifdef S_ISGID
+	ret |= ((perms & S_ISGID) ?  UNIX_SET_GID : 0);
+#endif
+#ifdef S_ISUID
+	ret |= ((perms & S_ISVTX) ?  UNIX_SET_UID : 0);
+#endif
+	return ret;
+}
 
-	  mode = dos_mode(cnum,pathreal,&sbuf);
+#endif
 
-	  if (((mode & ~dirtype) & (aHIDDEN | aSYSTEM | aDIR)) != 0)
-	    {	      
-	      DEBUG(5,("[%s] attribs didn't match %x\n",fname,dirtype));
-	      continue;
-	    }
-	  size = sbuf.st_size;
-	  mdate = sbuf.st_mtime;
-	  adate = sbuf.st_atime;
-	  cdate = sbuf.st_ctime;
-	  if(mode & aDIR)
-	    size = 0;
-
-	  DEBUG(5,("get_lanman2_dir_entry found %s fname=%s\n",pathreal,fname));
+/****************************************************************************
+ Get a level dependent lanman2 dir entry.
+****************************************************************************/
+
+static BOOL get_lanman2_dir_entry(connection_struct *conn,
+				  void *inbuf, void *outbuf,
+				 char *path_mask,int dirtype,int info_level,
+				 int requires_resume_key,
+				 BOOL dont_descend,char **ppdata, 
+				 char *base_data, int space_remaining, 
+				 BOOL *out_of_space, BOOL *got_exact_match,
+				 int *last_name_off)
+{
+	char *dname;
+	BOOL found = False;
+	SMB_STRUCT_STAT sbuf;
+	pstring mask;
+	pstring pathreal;
+	pstring fname;
+	char *p, *q, *pdata = *ppdata;
+	uint32 reskey=0;
+	int prev_dirpos=0;
+	int mode=0;
+	SMB_OFF_T size = 0;
+	SMB_OFF_T allocation_size = 0;
+	uint32 len;
+	time_t mdate=0, adate=0, cdate=0;
+	char *nameptr;
+	BOOL was_8_3;
+	int nt_extmode; /* Used for NT connections instead of mode */
+	BOOL needslash = ( conn->dirpath[strlen(conn->dirpath) -1] != '/');
+
+	*fname = 0;
+	*out_of_space = False;
+	*got_exact_match = False;
+
+	if (!conn->dirptr)
+		return(False);
+
+	p = strrchr_m(path_mask,'/');
+	if(p != NULL) {
+		if(p[1] == '\0')
+			pstrcpy(mask,"*.*");
+		else
+			pstrcpy(mask, p+1);
+	} else
+		pstrcpy(mask, path_mask);
+
+	while (!found) {
+		BOOL got_match;
+
+		/* Needed if we run out of space */
+		prev_dirpos = TellDir(conn->dirptr);
+		dname = ReadDirName(conn->dirptr);
+
+		/*
+		 * Due to bugs in NT client redirectors we are not using
+		 * resume keys any more - set them to zero.
+		 * Check out the related comments in findfirst/findnext.
+		 * JRA.
+		 */
+
+		reskey = 0;
+
+		DEBUG(8,("get_lanman2_dir_entry:readdir on dirptr 0x%lx now at offset %d\n",
+			(long)conn->dirptr,TellDir(conn->dirptr)));
+      
+		if (!dname) 
+			return(False);
+
+		pstrcpy(fname,dname);      
+
+		if(!(got_match = *got_exact_match = exact_match(fname, mask, case_sensitive)))
+			got_match = mask_match(fname, mask, case_sensitive);
+
+		if(!got_match && !mangle_is_8_3(fname, False)) {
+
+			/*
+			 * It turns out that NT matches wildcards against
+			 * both long *and* short names. This may explain some
+			 * of the wildcard wierdness from old DOS clients
+			 * that some people have been seeing.... JRA.
+			 */
+
+			pstring newname;
+			pstrcpy( newname, fname);
+			mangle_map( newname, True, False, SNUM(conn));
+			if(!(got_match = *got_exact_match = exact_match(newname, mask, case_sensitive)))
+				got_match = mask_match(newname, mask, case_sensitive);
+		}
+
+		if(got_match) {
+			BOOL isdots = (strequal(fname,"..") || strequal(fname,"."));
+			if (dont_descend && !isdots)
+				continue;
 	  
-	  found = True;
+			pstrcpy(pathreal,conn->dirpath);
+			if(needslash)
+				pstrcat(pathreal,"/");
+			pstrcat(pathreal,dname);
+
+			if (INFO_LEVEL_IS_UNIX(info_level)) {
+				if (vfs_lstat(conn,pathreal,&sbuf) != 0) {
+					DEBUG(5,("get_lanman2_dir_entry:Couldn't lstat [%s] (%s)\n",
+						pathreal,strerror(errno)));
+					continue;
+				}
+			} else if (vfs_stat(conn,pathreal,&sbuf) != 0) {
+				/* Needed to show the msdfs symlinks as directories */
+				if(!lp_host_msdfs() || !lp_msdfs_root(SNUM(conn)) 
+						|| !is_msdfs_link(conn, pathreal)) {
+					DEBUG(5,("get_lanman2_dir_entry:Couldn't stat [%s] (%s)\n",
+							pathreal,strerror(errno)));
+					continue;
+				} else {
+					DEBUG(5,("get_lanman2_dir_entry: Masquerading msdfs link %s as a directory\n",
+							pathreal));
+					sbuf.st_mode = (sbuf.st_mode & 0xFFF) | S_IFDIR;
+				}
+			}
+
+			mode = dos_mode(conn,pathreal,&sbuf);
+
+			if (!dir_check_ftype(conn,mode,&sbuf,dirtype)) {
+				DEBUG(5,("[%s] attribs didn't match %x\n",fname,dirtype));
+				continue;
+			}
+
+			size = sbuf.st_size;
+			allocation_size = SMB_ROUNDUP_ALLOCATION(sbuf.st_size);
+			mdate = sbuf.st_mtime;
+			adate = sbuf.st_atime;
+			cdate = get_create_time(&sbuf,lp_fake_dir_create_times(SNUM(conn)));
+
+			if (lp_dos_filetime_resolution(SNUM(conn))) {
+				cdate &= ~1;
+				mdate &= ~1;
+				adate &= ~1;
+			}
+
+			if(mode & aDIR)
+				size = 0;
+
+			DEBUG(5,("get_lanman2_dir_entry found %s fname=%s\n",pathreal,fname));
+	  
+			found = True;
+		}
 	}
-    }
 
-
-#ifndef KANJI
-  unix2dos_format(fname, True);
+	mangle_map(fname,False,True,SNUM(conn));
+
+	p = pdata;
+	nameptr = p;
+
+	nt_extmode = mode ? mode : FILE_ATTRIBUTE_NORMAL;
+
+	switch (info_level) {
+		case 1:
+			if(requires_resume_key) {
+				SIVAL(p,0,reskey);
+				p += 4;
+			}
+			put_dos_date2(p,l1_fdateCreation,cdate);
+			put_dos_date2(p,l1_fdateLastAccess,adate);
+			put_dos_date2(p,l1_fdateLastWrite,mdate);
+			SIVAL(p,l1_cbFile,(uint32)size);
+			SIVAL(p,l1_cbFileAlloc,(uint32)allocation_size);
+			SSVAL(p,l1_attrFile,mode);
+			p += l1_achName;
+			nameptr = p;
+			p += align_string(outbuf, p, 0);
+			len = srvstr_push(outbuf, p, fname, -1, STR_TERMINATE);
+			SCVAL(nameptr, -1, len);
+			p += len;
+			break;
+
+		case 2:
+			if(requires_resume_key) {
+				SIVAL(p,0,reskey);
+				p += 4;
+			}
+			put_dos_date2(p,l2_fdateCreation,cdate);
+			put_dos_date2(p,l2_fdateLastAccess,adate);
+			put_dos_date2(p,l2_fdateLastWrite,mdate);
+			SIVAL(p,l2_cbFile,(uint32)size);
+			SIVAL(p,l2_cbFileAlloc,(uint32)allocation_size);
+			SSVAL(p,l2_attrFile,mode);
+			SIVAL(p,l2_cbList,0); /* No extended attributes */
+			p += l2_achName;
+			nameptr = p;
+			len = srvstr_push(outbuf, p, fname, -1, STR_NOALIGN);
+			SCVAL(p, -1, len);
+			p += len;
+			*p++ = 0; /* craig from unisys pointed out we need this */
+			break;
+
+		case SMB_FIND_FILE_BOTH_DIRECTORY_INFO:
+			was_8_3 = mangle_is_8_3(fname, True);
+			p += 4;
+			SIVAL(p,0,reskey); p += 4;
+			put_long_date(p,cdate); p += 8;
+			put_long_date(p,adate); p += 8;
+			put_long_date(p,mdate); p += 8;
+			put_long_date(p,mdate); p += 8;
+			SOFF_T(p,0,size);
+			SOFF_T(p,8,allocation_size);
+			p += 16;
+			SIVAL(p,0,nt_extmode); p += 4;
+			q = p; p += 4;
+			SIVAL(p,0,0); p += 4;
+			if (!was_8_3) {
+				pstring mangled_name;
+				pstrcpy(mangled_name, fname);
+				mangle_map(mangled_name,True,True,SNUM(conn));
+				mangled_name[12] = 0;
+				len = srvstr_push(outbuf, p+2, mangled_name, 24, STR_UPPER);
+				SSVAL(p, 0, len);
+			} else {
+				SSVAL(p,0,0);
+				*(p+2) = 0;
+			}
+			p += 2 + 24;
+			len = srvstr_push(outbuf, p, fname, -1, 0);
+			SIVAL(q,0,len);
+			p += len;
+			len = PTR_DIFF(p, pdata);
+			len = (len + 3) & ~3;
+			SIVAL(pdata,0,len);
+			p = pdata + len;
+			break;
+
+		case SMB_FIND_FILE_DIRECTORY_INFO:
+			p += 4;
+			SIVAL(p,0,reskey); p += 4;
+			put_long_date(p,cdate); p += 8;
+			put_long_date(p,adate); p += 8;
+			put_long_date(p,mdate); p += 8;
+			put_long_date(p,mdate); p += 8;
+			SOFF_T(p,0,size);
+			SOFF_T(p,8,allocation_size);
+			p += 16;
+			SIVAL(p,0,nt_extmode); p += 4;
+			p += 4;
+			len = srvstr_push(outbuf, p, fname, -1, 0);
+			SIVAL(p, -4, len);
+			p += len;
+			len = PTR_DIFF(p, pdata);
+			len = (len + 3) & ~3;
+			SIVAL(pdata,0,len);
+			p = pdata + len;
+			break;
+      
+		case SMB_FIND_FILE_FULL_DIRECTORY_INFO:
+			p += 4;
+			SIVAL(p,0,reskey); p += 4;
+			put_long_date(p,cdate); p += 8;
+			put_long_date(p,adate); p += 8;
+			put_long_date(p,mdate); p += 8;
+			put_long_date(p,mdate); p += 8;
+			SOFF_T(p,0,size); 
+			SOFF_T(p,8,allocation_size);
+			p += 16;
+			SIVAL(p,0,nt_extmode); p += 4;
+			p += 4;
+			SIVAL(p,0,0); p += 4;
+
+			len = srvstr_push(outbuf, p, fname, -1, 0);
+			SIVAL(p, -4, len);
+			p += len;
+
+			len = PTR_DIFF(p, pdata);
+			len = (len + 3) & ~3;
+			SIVAL(pdata,0,len);
+			p = pdata + len;
+			break;
+
+		case SMB_FIND_FILE_NAMES_INFO:
+			p += 4;
+			SIVAL(p,0,reskey); p += 4;
+			p += 4;
+			/* this must *not* be null terminated or w2k gets in a loop trying to set an
+			   acl on a dir (tridge) */
+			len = srvstr_push(outbuf, p, fname, -1, 0);
+			SIVAL(p, -4, len);
+			p += len;
+			len = PTR_DIFF(p, pdata);
+			len = (len + 3) & ~3;
+			SIVAL(pdata,0,len);
+			p = pdata + len;
+			break;
+
+		/* CIFS UNIX Extension. */
+
+#if 0 /* JRA - FIXME - NEEDS UNICODE CONVERSION !!! */
+		case SMB_FIND_FILE_UNIX:
+
+			len = 108+strlen(fname)+1;	/* (length of SMB_QUERY_FILE_UNIX_BASIC = 100)+4+4+strlen(fname)*/
+							/* +1 to be sure to transmit the termination of fname */
+			len = (len + 3) & ~3;
+
+			SIVAL(p,0,len); p+= 4;       /* Offset from this structure to the beginning of the next one */
+			SIVAL(p,0,reskey); p+= 4;    /* Used for continuing search. */
+
+			/* Begin of SMB_QUERY_FILE_UNIX_BASIC */
+			SOFF_T(p,0,sbuf.st_size);             /* File size 64 Bit */
+			p+= 8;
+
+#if defined(HAVE_STAT_ST_BLOCKS) && defined(STAT_ST_BLOCKSIZE)
+			SOFF_T(p,0,sbuf.st_blocks*STAT_ST_BLOCKSIZE); /* Number of bytes used on disk - 64 Bit */
+#else
+			/* Can't get the value - fake it using size. */
+			SOFF_T(p,0,sbuf.st_size);             /* Number of bytes used on disk - 64 Bit */
 #endif
+			p+= 8;
 
-  p = pdata;
-  name_ptr = p;
+			put_long_date(p,sbuf.st_ctime);       /* Creation Time 64 Bit */
+			put_long_date(p+8,sbuf.st_atime);     /* Last access time 64 Bit */
+			put_long_date(p+16,sbuf.st_mtime);    /* Last modification time 64 Bit */
+			p+= 24;
 
-  name_map_mangle(fname,False,SNUM(cnum));
+			SIVAL(p,0,sbuf.st_uid);               /* user id for the owner */
+			SIVAL(p,4,0);
+			p+= 8;
 
-  switch (info_level)
-    {
-    case 1:
-      if(requires_resume_key) {
-	SIVAL(p,0,reskey);
-	p += 4;
-      }
-      put_dos_date2(p,l1_fdateCreation,cdate);
-      put_dos_date2(p,l1_fdateLastAccess,adate);
-      put_dos_date2(p,l1_fdateLastWrite,mdate);
-      SIVAL(p,l1_cbFile,size);
-      SIVAL(p,l1_cbFileAlloc,ROUNDUP(size,1024));
-      SSVAL(p,l1_attrFile,mode);
-      SCVAL(p,l1_cchName,strlen(fname));
-      strcpy(p + l1_achName, fname);
-      name_ptr = p + l1_achName;
-      p += l1_achName + strlen(fname) + 1;
-      break;
+			SIVAL(p,0,sbuf.st_gid);               /* group id of owner */
+			SIVAL(p,4,0);
+			p+= 8;
 
-    case 2:
-      /* info_level 2 */
-      if(requires_resume_key) {
-	SIVAL(p,0,reskey);
-	p += 4;
-      }
-      put_dos_date2(p,l2_fdateCreation,cdate);
-      put_dos_date2(p,l2_fdateLastAccess,adate);
-      put_dos_date2(p,l2_fdateLastWrite,mdate);
-      SIVAL(p,l2_cbFile,size);
-      SIVAL(p,l2_cbFileAlloc,ROUNDUP(size,1024));
-      SSVAL(p,l2_attrFile,mode);
-      SIVAL(p,l2_cbList,0); /* No extended attributes */
-      SCVAL(p,l2_cchName,strlen(fname));
-      strcpy(p + l2_achName, fname);
-      name_ptr = p + l2_achName;
-      p += l2_achName + strlen(fname) + 1;
-      break;
+			SIVAL(p,0,unix_filetype(sbuf.st_mode));
+			p+= 4;
 
-    case 3:
-      SIVAL(p,0,reskey);
-      put_dos_date2(p,4,cdate);
-      put_dos_date2(p,8,adate);
-      put_dos_date2(p,12,mdate);
-      SIVAL(p,16,size);
-      SIVAL(p,20,ROUNDUP(size,1024));
-      SSVAL(p,24,mode);
-      SIVAL(p,26,4);
-      CVAL(p,30) = strlen(fname);
-      strcpy(p+31, fname);
-      name_ptr = p+31;
-      p += 31 + strlen(fname) + 1;
-      break;
+			SIVAL(p,0,unix_dev_major(sbuf.st_rdev));   /* Major device number if type is device */
+			SIVAL(p,4,0);
+			p+= 8;
 
-    case 4:
-      if(requires_resume_key) {
-	SIVAL(p,0,reskey);
-	p += 4;
-      }
-      SIVAL(p,0,33+strlen(fname)+1);
-      put_dos_date2(p,4,cdate);
-      put_dos_date2(p,8,adate);
-      put_dos_date2(p,12,mdate);
-      SIVAL(p,16,size);
-      SIVAL(p,20,ROUNDUP(size,1024));
-      SSVAL(p,24,mode);
-      CVAL(p,32) = strlen(fname);
-      strcpy(p + 33, fname);
-      name_ptr = p+33;
-      p += 33 + strlen(fname) + 1;
-      break;
+			SIVAL(p,0,unix_dev_minor(sbuf.st_rdev));   /* Minor device number if type is device */
+			SIVAL(p,4,0);
+			p+= 8;
 
-    case SMB_FIND_FILE_BOTH_DIRECTORY_INFO:
-      was_8_3 = is_8_3(fname);
-      len = 94+strlen(fname);
-      len = (len + 3) & ~3;
-      SIVAL(p,0,len); p += 4;
-      SIVAL(p,0,reskey); p += 4;
-      put_long_date(p,cdate); p += 8;
-      put_long_date(p,adate); p += 8;
-      put_long_date(p,mdate); p += 8;
-      put_long_date(p,mdate); p += 8;
-      SIVAL(p,0,size); p += 8;
-      SIVAL(p,0,size); p += 8;
-      SIVAL(p,0,mode); p += 4;
-      SIVAL(p,0,strlen(fname)); p += 4;
-      SIVAL(p,0,0); p += 4;
-      if (!was_8_3) {
-#ifndef KANJI
-	strcpy(p+2,unix2dos_format(fname,False));
-#else 
-	strcpy(p+2,fname);
-#endif
-	if (!name_map_mangle(p+2,True,SNUM(cnum)))
-	  (p+2)[12] = 0;
-      } else
-	*(p+2) = 0;
-      strupper(p+2);
-      SSVAL(p,0,strlen(p+2));
-      p += 2 + 24;
-      /* name_ptr = p;  */
-      strcpy(p,fname); p += strlen(p);
-      p = pdata + len;
-      break;
+			SINO_T(p,0,(SMB_INO_T)sbuf.st_ino);   /* inode number */
+			p+= 8;
 
-    case SMB_FIND_FILE_DIRECTORY_INFO:
-      len = 64+strlen(fname);
-      len = (len + 3) & ~3;
-      SIVAL(p,0,len); p += 4;
-      SIVAL(p,0,reskey); p += 4;
-      put_long_date(p,cdate); p += 8;
-      put_long_date(p,adate); p += 8;
-      put_long_date(p,mdate); p += 8;
-      put_long_date(p,mdate); p += 8;
-      SIVAL(p,0,size); p += 8;
-      SIVAL(p,0,size); p += 8;
-      SIVAL(p,0,mode); p += 4;
-      SIVAL(p,0,strlen(fname)); p += 4;
-      strcpy(p,fname);
-      p = pdata + len;
-      break;
-      
-      
-    case SMB_FIND_FILE_FULL_DIRECTORY_INFO:
-      len = 68+strlen(fname);
-      len = (len + 3) & ~3;
-      SIVAL(p,0,len); p += 4;
-      SIVAL(p,0,reskey); p += 4;
-      put_long_date(p,cdate); p += 8;
-      put_long_date(p,adate); p += 8;
-      put_long_date(p,mdate); p += 8;
-      put_long_date(p,mdate); p += 8;
-      SIVAL(p,0,size); p += 8;
-      SIVAL(p,0,size); p += 8;
-      SIVAL(p,0,mode); p += 4;
-      SIVAL(p,0,strlen(fname)); p += 4;
-      SIVAL(p,0,0); p += 4;
-      strcpy(p,fname);
-      p = pdata + len;
-      break;
+			SIVAL(p,0, unix_perms_to_wire(sbuf.st_mode));     /* Standard UNIX file permissions */
+			SIVAL(p,4,0);
+			p+= 8;
 
-    case SMB_FIND_FILE_NAMES_INFO:
-      len = 12+strlen(fname);
-      len = (len + 3) & ~3;
-      SIVAL(p,0,len); p += 4;
-      SIVAL(p,0,reskey); p += 4;
-      SIVAL(p,0,strlen(fname)); p += 4;
-      strcpy(p,fname);
-      p = pdata + len;
-      break;
+			SIVAL(p,0,sbuf.st_nlink);             /* number of hard links */
+			SIVAL(p,4,0);
+			p+= 8;
 
-    default:      
-      return(False);
-    }
+			/* End of SMB_QUERY_FILE_UNIX_BASIC */
+			pstrcpy(p,fname);
+			p=pdata+len;
 
+			break;
+#endif
 
-  if (PTR_DIFF(p,pdata) > space_remaining) {
-    /* Move the dirptr back to prev_dirpos */
-    SeekDir(Connections[cnum].dirptr, prev_dirpos);
-    *out_of_space = True;
-    DEBUG(9,("get_lanman2_dir_entry: out of space\n"));
-    return False; /* Not finished - just out of space */
-  }
+		default:      
+			return(False);
+	}
+
+
+	if (PTR_DIFF(p,pdata) > space_remaining) {
+		/* Move the dirptr back to prev_dirpos */
+		SeekDir(conn->dirptr, prev_dirpos);
+		*out_of_space = True;
+		DEBUG(9,("get_lanman2_dir_entry: out of space\n"));
+		return False; /* Not finished - just out of space */
+	}
+
+	/* Setup the last_filename pointer, as an offset from base_data */
+	*last_name_off = PTR_DIFF(nameptr,base_data);
+	/* Advance the data pointer to the next slot */
+	*ppdata = p;
 
-  /* Setup the last_filename pointer, as an offset from base_data */
-  *last_name_off = PTR_DIFF(name_ptr,base_data);
-  /* Advance the data pointer to the next slot */
-  *ppdata = p;
-  return(found);
+	return(found);
 }
-  
+
 /****************************************************************************
-  reply to a TRANS2_FINDFIRST
+ Reply to a TRANS2_FINDFIRST.
 ****************************************************************************/
-static int call_trans2findfirst(char *inbuf, char *outbuf, int bufsize, int cnum, 
-			 char **pparams, char **ppdata)
+
+static int call_trans2findfirst(connection_struct *conn,
+				char *inbuf, char *outbuf, int bufsize,  
+				char **pparams, char **ppdata)
 {
   /* We must be careful here that we don't return more than the
      allowed number of data bytes. If this means returning fewer than
@@ -554,6 +811,8 @@ static int call_trans2findfirst(char *inbuf, char *outbuf, int bufsize, int cnum
   BOOL dont_descend = False;
   BOOL out_of_space = False;
   int space_remaining;
+  BOOL bad_path = False;
+  SMB_STRUCT_STAT sbuf;
 
   *directory = *mask = 0;
 
@@ -573,68 +832,69 @@ static int call_trans2findfirst(char *inbuf, char *outbuf, int bufsize, int cnum
     case SMB_FIND_FILE_BOTH_DIRECTORY_INFO:
       break;
     default:
-      return(ERROR(ERRDOS,ERRunknownlevel));
+      return(ERROR_DOS(ERRDOS,ERRunknownlevel));
     }
 
-  strcpy(directory, params + 12); /* Complete directory path with 
-				     wildcard mask appended */
+  srvstr_pull(inbuf, directory, params+12, sizeof(directory), -1, STR_TERMINATE);
 
-  DEBUG(5,("path=%s\n",directory));
+  RESOLVE_FINDFIRST_DFSPATH(directory, conn, inbuf, outbuf);
+
+  unix_convert(directory,conn,0,&bad_path,&sbuf);
+  if(!check_name(directory,conn)) {
+    if((errno == ENOENT) && bad_path)
+    {
+      unix_ERR_class = ERRDOS;
+      unix_ERR_code = ERRbadpath;
+    }
+
+#if 0
+    /* Ugly - NT specific hack - maybe not needed ? (JRA) */
+    if((errno == ENOTDIR) && (Protocol >= PROTOCOL_NT1) && 
+       (get_remote_arch() == RA_WINNT))
+    {
+      unix_ERR_class = ERRDOS;
+      unix_ERR_code = ERRbaddirectory;
+    }
+#endif 
 
-  unix_convert(directory,cnum);
-  if(!check_name(directory,cnum)) {
-    return(ERROR(ERRDOS,ERRbadpath));
+    return(UNIXERROR(ERRDOS,ERRbadpath));
   }
 
-  p = strrchr(directory,'/');
+  p = strrchr_m(directory,'/');
   if(p == NULL) {
-    strcpy(mask,directory);
-    strcpy(directory,"./");
+    pstrcpy(mask,directory);
+    pstrcpy(directory,"./");
   } else {
-    strcpy(mask,p+1);
+    pstrcpy(mask,p+1);
     *p = 0;
   }
 
   DEBUG(5,("dir=%s, mask = %s\n",directory, mask));
 
-  pdata = *ppdata = Realloc(*ppdata, max_data_bytes + 1024);
-  if(!*ppdata)
-    return(ERROR(ERRDOS,ERRnomem));
-  bzero(pdata,max_data_bytes);
+  pdata	= Realloc(*ppdata, max_data_bytes + 1024);
+  if( pdata == NULL ) {
+    return(ERROR_DOS(ERRDOS,ERRnomem));
+  }
+  *ppdata	= pdata;
+  memset((char *)pdata,'\0',max_data_bytes + 1024);
 
   /* Realloc the params space */
-  params = *pparams = Realloc(*pparams, 10);
-  if(params == NULL)
-    return(ERROR(ERRDOS,ERRnomem));
-
-  dptr_num = dptr_create(cnum,directory, True ,SVAL(inbuf,smb_pid));
-  if (dptr_num < 0)
-    return(ERROR(ERRDOS,ERRbadpath));
-
-  /* convert the formatted masks */
-  {
-    p = mask;
-    while (*p) {
-      if (*p == '<') *p = '*';
-      if (*p == '>') *p = '?';
-      if (*p == '"') *p = '.';
-      p++;
-    }
+  params = Realloc(*pparams, 10);
+  if (params == NULL) {
+    return ERROR_DOS(ERRDOS,ERRnomem);
   }
-  
-  /* a special case for 16 bit apps */
-  if (strequal(mask,"????????.???")) strcpy(mask,"*");
+  *pparams	= params;
 
-  /* handle broken clients that send us old 8.3 format */
-  string_sub(mask,"????????","*");
-  string_sub(mask,".???",".*");
+  dptr_num = dptr_create(conn,directory, False, True ,SVAL(inbuf,smb_pid));
+  if (dptr_num < 0)
+    return(UNIXERROR(ERRDOS,ERRbadfile));
 
   /* Save the wildcard match and attribs we are using on this directory - 
      needed as lanman2 assumes these are being saved between calls */
 
   if(!(wcard = strdup(mask))) {
-    dptr_close(dptr_num);
-    return(ERROR(ERRDOS,ERRnomem));
+    dptr_close(&dptr_num);
+    return ERROR_DOS(ERRDOS,ERRnomem);
   }
 
   dptr_set_wcard(dptr_num, wcard);
@@ -646,8 +906,8 @@ static int call_trans2findfirst(char *inbuf, char *outbuf, int bufsize, int cnum
      a different TRANS2 call. */
   
   DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
-	   Connections[cnum].dirpath,lp_dontdescend(SNUM(cnum))));
-  if (in_list(Connections[cnum].dirpath,lp_dontdescend(SNUM(cnum)),case_sensitive))
+	   conn->dirpath,lp_dontdescend(SNUM(conn))));
+  if (in_list(conn->dirpath,lp_dontdescend(SNUM(conn)),case_sensitive))
     dont_descend = True;
     
   p = pdata;
@@ -655,39 +915,61 @@ static int call_trans2findfirst(char *inbuf, char *outbuf, int bufsize, int cnum
   out_of_space = False;
 
   for (i=0;(i<maxentries) && !finished && !out_of_space;i++)
+  {
+    BOOL got_exact_match = False;
+
+    /* this is a heuristic to avoid seeking the dirptr except when 
+       absolutely necessary. It allows for a filename of about 40 chars */
+    if (space_remaining < DIRLEN_GUESS && numentries > 0)
+    {
+      out_of_space = True;
+      finished = False;
+    }
+    else
     {
+      finished = !get_lanman2_dir_entry(conn,
+					inbuf, outbuf,
+					mask,dirtype,info_level,
+					requires_resume_key,dont_descend,
+					&p,pdata,space_remaining, &out_of_space, &got_exact_match,
+					&last_name_off);
+    }
 
-      /* this is a heuristic to avoid seeking the dirptr except when 
-	 absolutely necessary. It allows for a filename of about 40 chars */
-      if (space_remaining < DIRLEN_GUESS && numentries > 0)
-	{
-	  out_of_space = True;
-	  finished = False;
-	}
-      else
-	{
-	  finished = 
-	    !get_lanman2_dir_entry(cnum,mask,dirtype,info_level,
-				   requires_resume_key,dont_descend,
-				   &p,pdata,space_remaining, &out_of_space,
-				   &last_name_off);
-	}
+    if (finished && out_of_space)
+      finished = False;
 
-      if (finished && out_of_space)
-	finished = False;
+    if (!finished && !out_of_space)
+      numentries++;
 
-      if (!finished && !out_of_space)
-	numentries++;
-      space_remaining = max_data_bytes - PTR_DIFF(p,pdata);
-    }
+    /*
+     * As an optimisation if we know we aren't looking
+     * for a wildcard name (ie. the name matches the wildcard exactly)
+     * then we can finish on any (first) match.
+     * This speeds up large directory searches. JRA.
+     */
+
+    if(got_exact_match)
+      finished = True;
+
+    space_remaining = max_data_bytes - PTR_DIFF(p,pdata);
+  }
   
   /* Check if we can close the dirptr */
   if(close_after_first || (finished && close_if_end))
-    {
-      dptr_close(dptr_num);
-      DEBUG(5,("call_trans2findfirst - (2) closing dptr_num %d\n", dptr_num));
-      dptr_num = -1;
-    }
+  {
+    DEBUG(5,("call_trans2findfirst - (2) closing dptr_num %d\n", dptr_num));
+    dptr_close(&dptr_num);
+  }
+
+  /* 
+   * If there are no matching entries we must return ERRDOS/ERRbadfile - 
+   * from observation of NT.
+   */
+
+  if(numentries == 0) {
+	  dptr_close(&dptr_num);
+	  return ERROR_DOS(ERRDOS,ERRbadfile);
+  }
 
   /* At this point pdata points to numentries directory entries. */
 
@@ -701,22 +983,34 @@ static int call_trans2findfirst(char *inbuf, char *outbuf, int bufsize, int cnum
   send_trans2_replies( outbuf, bufsize, params, 10, pdata, PTR_DIFF(p,pdata));
 
   if ((! *directory) && dptr_path(dptr_num))
-    sprintf(directory,"(%s)",dptr_path(dptr_num));
+    slprintf(directory,sizeof(directory)-1, "(%s)",dptr_path(dptr_num));
+
+  DEBUG( 4, ( "%s mask=%s directory=%s dirtype=%d numentries=%d\n",
+	    smb_fn_name(CVAL(inbuf,smb_com)), 
+	    mask, directory, dirtype, numentries ) );
 
-  DEBUG(4,("%s %s mask=%s directory=%s cnum=%d dirtype=%d numentries=%d\n",
-	timestring(),
-	smb_fn_name(CVAL(inbuf,smb_com)), 
-	mask,directory,cnum,dirtype,numentries));
+  /* 
+   * Force a name mangle here to ensure that the
+   * mask as an 8.3 name is top of the mangled cache.
+   * The reasons for this are subtle. Don't remove
+   * this code unless you know what you are doing
+   * (see PR#13758). JRA.
+   */
+
+  if(!mangle_is_8_3( mask, False))
+    mangle_map(mask, True, True, SNUM(conn));
 
   return(-1);
 }
 
-
 /****************************************************************************
-  reply to a TRANS2_FINDNEXT
+ Reply to a TRANS2_FINDNEXT.
 ****************************************************************************/
-static int call_trans2findnext(char *inbuf, char *outbuf, int length, int bufsize,
-			int cnum, char **pparams, char **ppdata)
+
+static int call_trans2findnext(connection_struct *conn, 
+			       char *inbuf, char *outbuf, 
+			       int length, int bufsize,
+			       char **pparams, char **ppdata)
 {
   /* We must be careful here that we don't return more than the
      allowed number of data bytes. If this means returning fewer than
@@ -726,7 +1020,7 @@ static int call_trans2findnext(char *inbuf, char *outbuf, int length, int bufsiz
   int max_data_bytes = SVAL(inbuf, smb_mdrcnt);
   char *params = *pparams;
   char *pdata = *ppdata;
-  int16 dptr_num = SVAL(params,0);
+  int dptr_num = SVAL(params,0);
   int maxentries = SVAL(params,2);
   uint16 info_level = SVAL(params,4);
   uint32 resume_key = IVAL(params,6);
@@ -734,6 +1028,7 @@ static int call_trans2findnext(char *inbuf, char *outbuf, int length, int bufsiz
   BOOL close_if_end = BITSETW(params+10,1);
   BOOL requires_resume_key = BITSETW(params+10,2);
   BOOL continue_bit = BITSETW(params+10,3);
+  pstring resume_name;
   pstring mask;
   pstring directory;
   char *p;
@@ -745,11 +1040,15 @@ static int call_trans2findnext(char *inbuf, char *outbuf, int length, int bufsiz
   BOOL out_of_space = False;
   int space_remaining;
 
-  *mask = *directory = 0;
+  *mask = *directory = *resume_name = 0;
+
+  srvstr_pull(inbuf, resume_name, params+12, sizeof(resume_name), -1, STR_TERMINATE);
 
-  DEBUG(3,("call_trans2findnext: dirhandle = %d, max_data_bytes = %d, maxentries = %d, close_after_request=%d, close_if_end = %d requires_resume_key = %d resume_key = %d continue=%d level = %d\n",
+  DEBUG(3,("call_trans2findnext: dirhandle = %d, max_data_bytes = %d, maxentries = %d, \
+close_after_request=%d, close_if_end = %d requires_resume_key = %d \
+resume_key = %d resume name = %s continue=%d level = %d\n",
 	   dptr_num, max_data_bytes, maxentries, close_after_request, close_if_end, 
-	   requires_resume_key, resume_key, continue_bit, info_level));
+	   requires_resume_key, resume_key, resume_name, continue_bit, info_level));
 
   switch (info_level) 
     {
@@ -763,89 +1062,179 @@ static int call_trans2findnext(char *inbuf, char *outbuf, int length, int bufsiz
     case SMB_FIND_FILE_BOTH_DIRECTORY_INFO:
       break;
     default:
-      return(ERROR(ERRDOS,ERRunknownlevel));
+      return ERROR_DOS(ERRDOS,ERRunknownlevel);
     }
 
-  pdata = *ppdata = Realloc( *ppdata, max_data_bytes + 1024);
-  if(!*ppdata)
-    return(ERROR(ERRDOS,ERRnomem));
-  bzero(pdata,max_data_bytes);
+  pdata = Realloc( *ppdata, max_data_bytes + 1024);
+  if(pdata == NULL) {
+    return ERROR_DOS(ERRDOS,ERRnomem);
+  }
+  *ppdata	= pdata;
+  memset((char *)pdata,'\0',max_data_bytes + 1024);
 
   /* Realloc the params space */
-  params = *pparams = Realloc(*pparams, 6*SIZEOFWORD);
-  if(!params)
-    return(ERROR(ERRDOS,ERRnomem));
+  params = Realloc(*pparams, 6*SIZEOFWORD);
+  if( params == NULL ) {
+    return ERROR_DOS(ERRDOS,ERRnomem);
+  }
+  *pparams	= params;
 
   /* Check that the dptr is valid */
-  if(!(Connections[cnum].dirptr = dptr_fetch_lanman2(params, dptr_num)))
-    return(ERROR(ERRDOS,ERRnofiles));
+  if(!(conn->dirptr = dptr_fetch_lanman2(dptr_num)))
+    return ERROR_DOS(ERRDOS,ERRnofiles);
 
-  string_set(&Connections[cnum].dirpath,dptr_path(dptr_num));
+  string_set(&conn->dirpath,dptr_path(dptr_num));
 
   /* Get the wildcard mask from the dptr */
   if((p = dptr_wcard(dptr_num))== NULL) {
     DEBUG(2,("dptr_num %d has no wildcard\n", dptr_num));
-    return (ERROR(ERRDOS,ERRnofiles));
+    return ERROR_DOS(ERRDOS,ERRnofiles);
   }
-  strcpy(mask, p);
-  strcpy(directory,Connections[cnum].dirpath);
+  pstrcpy(mask, p);
+  pstrcpy(directory,conn->dirpath);
 
   /* Get the attr mask from the dptr */
   dirtype = dptr_attr(dptr_num);
 
-  DEBUG(3,("dptr_num is %d, mask = %s, attr = %x, dirptr=(0x%X,%d)\n",
+  DEBUG(3,("dptr_num is %d, mask = %s, attr = %x, dirptr=(0x%lX,%d)\n",
 	   dptr_num, mask, dirtype, 
-	   Connections[cnum].dirptr,
-	   TellDir(Connections[cnum].dirptr)));
+	   (long)conn->dirptr,
+	   TellDir(conn->dirptr)));
 
   /* We don't need to check for VOL here as this is returned by 
      a different TRANS2 call. */
 
-  DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",Connections[cnum].dirpath,lp_dontdescend(SNUM(cnum))));
-  if (in_list(Connections[cnum].dirpath,lp_dontdescend(SNUM(cnum)),case_sensitive))
+  DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",conn->dirpath,lp_dontdescend(SNUM(conn))));
+  if (in_list(conn->dirpath,lp_dontdescend(SNUM(conn)),case_sensitive))
     dont_descend = True;
     
   p = pdata;
   space_remaining = max_data_bytes;
   out_of_space = False;
 
-  /* If we have a resume key - seek to the correct position. */
-  if(requires_resume_key && !continue_bit)
-    SeekDir(Connections[cnum].dirptr, resume_key);
+  /* 
+   * Seek to the correct position. We no longer use the resume key but
+   * depend on the last file name instead.
+   */
+  if(requires_resume_key && *resume_name && !continue_bit)
+  {
+    /*
+     * Fix for NT redirector problem triggered by resume key indexes
+     * changing between directory scans. We now return a resume key of 0
+     * and instead look for the filename to continue from (also given
+     * to us by NT/95/smbfs/smbclient). If no other scans have been done between the
+     * findfirst/findnext (as is usual) then the directory pointer
+     * should already be at the correct place. Check this by scanning
+     * backwards looking for an exact (ie. case sensitive) filename match. 
+     * If we get to the beginning of the directory and haven't found it then scan
+     * forwards again looking for a match. JRA.
+     */
+
+    int current_pos, start_pos;
+    char *dname = NULL;
+    void *dirptr = conn->dirptr;
+    start_pos = TellDir(dirptr);
+    for(current_pos = start_pos; current_pos >= 0; current_pos--)
+    {
+      DEBUG(7,("call_trans2findnext: seeking to pos %d\n", current_pos));
 
-  for (i=0;(i<(int)maxentries) && !finished && !out_of_space ;i++)
+      SeekDir(dirptr, current_pos);
+      dname = ReadDirName(dirptr);
+
+      /*
+       * Remember, mangle_map is called by
+       * get_lanman2_dir_entry(), so the resume name
+       * could be mangled. Ensure we do the same
+       * here.
+       */
+
+      if(dname != NULL)
+        mangle_map( dname, False, True, SNUM(conn));
+
+      if(dname && strcsequal( resume_name, dname))
+      {
+        SeekDir(dirptr, current_pos+1);
+        DEBUG(7,("call_trans2findnext: got match at pos %d\n", current_pos+1 ));
+        break;
+      }
+    }
+
+    /*
+     * Scan forward from start if not found going backwards.
+     */
+
+    if(current_pos < 0)
     {
-      /* this is a heuristic to avoid seeking the dirptr except when 
-	 absolutely necessary. It allows for a filename of about 40 chars */
-      if (space_remaining < DIRLEN_GUESS && numentries > 0)
-	{
-	  out_of_space = True;
-	  finished = False;
-	}
-      else
-	{
-	  finished = 
-	    !get_lanman2_dir_entry(cnum,mask,dirtype,info_level,
-				   requires_resume_key,dont_descend,
-				   &p,pdata,space_remaining, &out_of_space,
-				   &last_name_off);
-	}
+      DEBUG(7,("call_trans2findnext: notfound: seeking to pos %d\n", start_pos));
+      SeekDir(dirptr, start_pos);
+      for(current_pos = start_pos; (dname = ReadDirName(dirptr)) != NULL; SeekDir(dirptr,++current_pos))
+      {
+        /*
+         * Remember, mangle_map is called by
+         * get_lanman2_dir_entry(), so the resume name
+         * could be mangled. Ensure we do the same
+         * here.
+         */
+
+        if(dname != NULL)
+          mangle_map( dname, False, True, SNUM(conn));
+
+        if(dname && strcsequal( resume_name, dname))
+        {
+          SeekDir(dirptr, current_pos+1);
+          DEBUG(7,("call_trans2findnext: got match at pos %d\n", current_pos+1 ));
+          break;
+        }
+      } /* end for */
+    } /* end if current_pos */
+  } /* end if requires_resume_key && !continue_bit */
 
-      if (finished && out_of_space)
-	finished = False;
+  for (i=0;(i<(int)maxentries) && !finished && !out_of_space ;i++)
+  {
+    BOOL got_exact_match = False;
 
-      if (!finished && !out_of_space)
-	numentries++;
-      space_remaining = max_data_bytes - PTR_DIFF(p,pdata);
+    /* this is a heuristic to avoid seeking the dirptr except when 
+       absolutely necessary. It allows for a filename of about 40 chars */
+    if (space_remaining < DIRLEN_GUESS && numentries > 0)
+    {
+      out_of_space = True;
+      finished = False;
+    }
+    else
+    {
+      finished = !get_lanman2_dir_entry(conn,
+					inbuf, outbuf,
+					mask,dirtype,info_level,
+					requires_resume_key,dont_descend,
+					&p,pdata,space_remaining, &out_of_space, &got_exact_match,
+					&last_name_off);
     }
+
+    if (finished && out_of_space)
+      finished = False;
+
+    if (!finished && !out_of_space)
+      numentries++;
+
+    /*
+     * As an optimisation if we know we aren't looking
+     * for a wildcard name (ie. the name matches the wildcard exactly)
+     * then we can finish on any (first) match.
+     * This speeds up large directory searches. JRA.
+     */
+
+    if(got_exact_match)
+      finished = True;
+
+    space_remaining = max_data_bytes - PTR_DIFF(p,pdata);
+  }
   
   /* Check if we can close the dirptr */
   if(close_after_request || (finished && close_if_end))
-    {
-      dptr_close(dptr_num); /* This frees up the saved mask */
-      DEBUG(5,("call_trans2findnext: closing dptr_num = %d\n", dptr_num));
-      dptr_num = -1;
-    }
+  {
+    DEBUG(5,("call_trans2findnext: closing dptr_num = %d\n", dptr_num));
+    dptr_close(&dptr_num); /* This frees up the saved mask */
+  }
 
 
   /* Set up the return parameter block */
@@ -857,124 +1246,166 @@ static int call_trans2findnext(char *inbuf, char *outbuf, int length, int bufsiz
   send_trans2_replies( outbuf, bufsize, params, 8, pdata, PTR_DIFF(p,pdata));
 
   if ((! *directory) && dptr_path(dptr_num))
-    sprintf(directory,"(%s)",dptr_path(dptr_num));
+    slprintf(directory,sizeof(directory)-1, "(%s)",dptr_path(dptr_num));
 
-  DEBUG(3,("%s %s mask=%s directory=%s cnum=%d dirtype=%d numentries=%d\n",
-	   timestring(),
-	   smb_fn_name(CVAL(inbuf,smb_com)), 
-	   mask,directory,cnum,dirtype,numentries));
+  DEBUG( 3, ( "%s mask=%s directory=%s dirtype=%d numentries=%d\n",
+	    smb_fn_name(CVAL(inbuf,smb_com)), 
+	    mask, directory, dirtype, numentries ) );
 
   return(-1);
 }
 
 /****************************************************************************
-  reply to a TRANS2_QFSINFO (query filesystem info)
+ Reply to a TRANS2_QFSINFO (query filesystem info).
 ****************************************************************************/
-static int call_trans2qfsinfo(char *inbuf, char *outbuf, int length, int bufsize,
-			int cnum, char **pparams, char **ppdata)
+
+static int call_trans2qfsinfo(connection_struct *conn, 
+			      char *inbuf, char *outbuf, 
+			      int length, int bufsize,
+			      char **pparams, char **ppdata)
 {
+  int max_data_bytes = SVAL(inbuf, smb_mdrcnt);
   char *pdata = *ppdata;
   char *params = *pparams;
   uint16 info_level = SVAL(params,0);
-  int data_len;
-  struct stat st;
-  char *vname = volume_label(SNUM(cnum));
-  
-  DEBUG(3,("call_trans2qfsinfo: cnum = %d, level = %d\n", cnum, info_level));
+  int data_len, len;
+  SMB_STRUCT_STAT st;
+  char *vname = volume_label(SNUM(conn));
+  int snum = SNUM(conn);
+  char *fstype = lp_fstype(SNUM(conn));
 
-  if(sys_stat(".",&st)!=0) {
+  DEBUG(3,("call_trans2qfsinfo: level = %d\n", info_level));
+
+  if(vfs_stat(conn,".",&st)!=0) {
     DEBUG(2,("call_trans2qfsinfo: stat of . failed (%s)\n", strerror(errno)));
-    return (ERROR(ERRSRV,ERRinvdevice));
+    return ERROR_DOS(ERRSRV,ERRinvdevice);
   }
 
-  pdata = *ppdata = Realloc(*ppdata, 1024); bzero(pdata,1024);
+  pdata = Realloc(*ppdata, max_data_bytes + 1024);
+  if ( pdata == NULL ) {
+    return ERROR_DOS(ERRDOS,ERRnomem);
+  }
+  *ppdata	= pdata;
+  memset((char *)pdata,'\0',max_data_bytes + 1024);
 
   switch (info_level) 
-    {
+  {
     case 1:
-      {
-	int dfree,dsize,bsize;
-	data_len = 18;
-	sys_disk_free(".",&bsize,&dfree,&dsize);	
-	SIVAL(pdata,l1_idFileSystem,st.st_dev);
-	SIVAL(pdata,l1_cSectorUnit,bsize/512);
-	SIVAL(pdata,l1_cUnit,dsize);
-	SIVAL(pdata,l1_cUnitAvail,dfree);
-	SSVAL(pdata,l1_cbSector,512);
-	DEBUG(5,("call_trans2qfsinfo : bsize=%d, id=%x, cSectorUnit=%d, cUnit=%d, cUnitAvail=%d, cbSector=%d\n",
-		 bsize, st.st_dev, bsize/512, dsize, dfree, 512));
-	break;
-    }
-    case 2:
-    { 
-      /* Return volume name */
-      int volname_len = MIN(strlen(vname),11);
-      data_len = l2_vol_szVolLabel + volname_len + 1;
-      put_dos_date2(pdata,l2_vol_fdateCreation,st.st_ctime);
-      SCVAL(pdata,l2_vol_cch,volname_len);
-      StrnCpy(pdata+l2_vol_szVolLabel,vname,volname_len);
-      DEBUG(5,("call_trans2qfsinfo : time = %x, namelen = %d, name = %s\n",st.st_ctime,volname_len,
-	       pdata+l2_vol_szVolLabel));
+    {
+      SMB_BIG_UINT dfree,dsize,bsize;
+      data_len = 18;
+      conn->vfs_ops.disk_free(conn,".",False,&bsize,&dfree,&dsize);	
+      SIVAL(pdata,l1_idFileSystem,st.st_dev);
+      SIVAL(pdata,l1_cSectorUnit,bsize/512);
+      SIVAL(pdata,l1_cUnit,dsize);
+      SIVAL(pdata,l1_cUnitAvail,dfree);
+      SSVAL(pdata,l1_cbSector,512);
+      DEBUG(5,("call_trans2qfsinfo : bsize=%u, id=%x, cSectorUnit=%u, cUnit=%u, cUnitAvail=%u, cbSector=%d\n",
+		 (unsigned int)bsize, (unsigned int)st.st_dev, ((unsigned int)bsize)/512, (unsigned int)dsize,
+         (unsigned int)dfree, 512));
       break;
     }
+    case 2:
+	    /* Return volume name */
+	    /* 
+	     * Add volume serial number - hash of a combination of
+	     * the called hostname and the service name.
+	     */
+	    SIVAL(pdata,0,str_checksum(lp_servicename(snum)) ^ (str_checksum(local_machine)<<16) );
+	    len = srvstr_push(outbuf, pdata+l2_vol_szVolLabel, vname, -1, 
+			      STR_TERMINATE);
+	    SCVAL(pdata,l2_vol_cch,len);
+	    data_len = l2_vol_szVolLabel + len;
+	    DEBUG(5,("call_trans2qfsinfo : time = %x, namelen = %d, name = %s\n",
+		     (unsigned)st.st_ctime, len, vname));
+	    break;
+
     case SMB_QUERY_FS_ATTRIBUTE_INFO:
-      data_len = 12 + 2*strlen(FSTYPE_STRING);
-      SIVAL(pdata,0,0x4006); /* FS ATTRIBUTES == long filenames supported? */
-      SIVAL(pdata,4,128); /* Max filename component length */
-      SIVAL(pdata,8,2*strlen(FSTYPE_STRING));
-      PutUniCode(pdata+12,FSTYPE_STRING);
-      break;
+	    SIVAL(pdata,0,FILE_CASE_PRESERVED_NAMES|FILE_CASE_SENSITIVE_SEARCH|
+		  (lp_nt_acl_support(SNUM(conn)) ? FILE_PERSISTENT_ACLS : 0)); /* FS ATTRIBUTES */
+	    SIVAL(pdata,4,255); /* Max filename component length */
+	    /* NOTE! the fstype must *not* be null terminated or win98 won't recognise it
+	       and will think we can't do long filenames */
+	    len = srvstr_push(outbuf, pdata+12, fstype, -1, 0);
+	    SIVAL(pdata,8,len);
+	    data_len = 12 + len;
+	    break;
+
     case SMB_QUERY_FS_LABEL_INFO:
-      data_len = 4 + strlen(vname);
-      SIVAL(pdata,0,strlen(vname));
-      strcpy(pdata+4,vname);      
-      break;
+	    len = srvstr_push(outbuf, pdata+4, vname, -1, STR_TERMINATE);
+	    data_len = 4 + len;
+	    SIVAL(pdata,0,len);
+	    break;
     case SMB_QUERY_FS_VOLUME_INFO:      
-      data_len = 17 + strlen(vname);
-      SIVAL(pdata,12,strlen(vname));
-      strcpy(pdata+17,vname);      
-      break;
+	    /* 
+	     * Add volume serial number - hash of a combination of
+	     * the called hostname and the service name.
+	     */
+	    SIVAL(pdata,8,str_checksum(lp_servicename(snum)) ^ 
+		  (str_checksum(local_machine)<<16));
+
+	    len = srvstr_push(outbuf, pdata+18, vname, -1, STR_TERMINATE);
+	    SIVAL(pdata,12,len);
+	    data_len = 18+len;
+	    DEBUG(5,("call_trans2qfsinfo : SMB_QUERY_FS_VOLUME_INFO namelen = %d, vol=%s serv=%s\n", 
+		     (int)strlen(vname),vname, lp_servicename(snum)));
+	    break;
     case SMB_QUERY_FS_SIZE_INFO:
-      {
-	int dfree,dsize,bsize;
-	data_len = 24;
-	sys_disk_free(".",&bsize,&dfree,&dsize);	
-	SIVAL(pdata,0,dsize);
-	SIVAL(pdata,8,dfree);
-	SIVAL(pdata,16,bsize/512);
-	SIVAL(pdata,20,512);
-      }
+    {
+      SMB_BIG_UINT dfree,dsize,bsize;
+      data_len = 24;
+      conn->vfs_ops.disk_free(conn,".",False,&bsize,&dfree,&dsize);	
+      SBIG_UINT(pdata,0,dsize);
+      SBIG_UINT(pdata,8,dfree);
+      SIVAL(pdata,16,bsize/512);
+      SIVAL(pdata,20,512);
       break;
+    }
     case SMB_QUERY_FS_DEVICE_INFO:
       data_len = 8;
       SIVAL(pdata,0,0); /* dev type */
       SIVAL(pdata,4,0); /* characteristics */
       break;
-    default:
-      return(ERROR(ERRDOS,ERRunknownlevel));
-    }
+    case SMB_MAC_QUERY_FS_INFO:
+	    /*
+	     * Thursby MAC extension... ONLY on NTFS filesystems
+	     * once we do streams then we don't need this
+	     */
+	    if (strequal(lp_fstype(SNUM(conn)),"NTFS")) {
+		    data_len = 88;
+		    SIVAL(pdata,84,0x100); /* Don't support mac... */
+		    break;
+	    }
+	    /* drop through */
+  default:
+	  return ERROR_DOS(ERRDOS,ERRunknownlevel);
+  }
 
 
   send_trans2_replies( outbuf, bufsize, params, 0, pdata, data_len);
 
-  DEBUG(4,("%s %s info_level =%d\n",timestring(),smb_fn_name(CVAL(inbuf,smb_com)), info_level));
+  DEBUG( 4, ( "%s info_level = %d\n",
+            smb_fn_name(CVAL(inbuf,smb_com)), info_level) );
 
   return -1;
 }
 
 /****************************************************************************
-  reply to a TRANS2_SETFSINFO (set filesystem info)
+ Reply to a TRANS2_SETFSINFO (set filesystem info).
 ****************************************************************************/
-static int call_trans2setfsinfo(char *inbuf, char *outbuf, int length, int bufsize,
-			int cnum, char **pparams, char **ppdata)
+
+static int call_trans2setfsinfo(connection_struct *conn,
+				char *inbuf, char *outbuf, int length, 
+				int bufsize,
+				char **pparams, char **ppdata)
 {
   /* Just say yes we did it - there is nothing that
      can be set here so it doesn't matter. */
   int outsize;
   DEBUG(3,("call_trans2setfsinfo\n"));
 
-  if (!CAN_WRITE(cnum))
-    return(ERROR(ERRSRV,ERRaccess));
+  if (!CAN_WRITE(conn))
+    return ERROR_DOS(ERRSRV,ERRaccess);
 
   outsize = set_message(outbuf,10,0,True);
 
@@ -982,388 +1413,972 @@ static int call_trans2setfsinfo(char *inbuf, char *outbuf, int length, int bufsi
 }
 
 /****************************************************************************
-  reply to a TRANS2_QFILEINFO (query file info by fileid)
+ *  Utility function to set bad path error.
+ ****************************************************************************/
+
+NTSTATUS set_bad_path_error(int err, BOOL bad_path)
+{
+	if((err == ENOENT) && bad_path) {
+		unix_ERR_class = ERRDOS;
+		unix_ERR_code = ERRbadpath;
+		return NT_STATUS_OBJECT_PATH_NOT_FOUND;
+	}
+	return NT_STATUS_OK;
+}
+
+/****************************************************************************
+ Reply to a TRANS2_QFILEPATHINFO or TRANSACT2_QFILEINFO (query file info by
+ file name or file id).
 ****************************************************************************/
-static int call_trans2qfilepathinfo(char *inbuf, char *outbuf, int length, 
-				    int bufsize,int cnum,
+
+static int call_trans2qfilepathinfo(connection_struct *conn,
+				    char *inbuf, char *outbuf, int length, 
+				    int bufsize,
 				    char **pparams,char **ppdata,
 				    int total_data)
 {
-  char *params = *pparams;
-  char *pdata = *ppdata;
-  uint16 tran_call = SVAL(inbuf, smb_setup0);
-  uint16 info_level;
-  int mode=0;
-  int size=0;
-  unsigned int data_size;
-  struct stat sbuf;
-  pstring fname1;
-  char *fname;
-  char *p;
-  int l,pos;
+	int max_data_bytes = SVAL(inbuf, smb_mdrcnt);
+	char *params = *pparams;
+	char *pdata = *ppdata;
+	uint16 tran_call = SVAL(inbuf, smb_setup0);
+	uint16 info_level;
+	int mode=0;
+	SMB_OFF_T size=0;
+	SMB_OFF_T allocation_size=0;
+	unsigned int data_size;
+	SMB_STRUCT_STAT sbuf;
+	pstring fname, dos_fname;
+	char *base_name;
+	char *p;
+	SMB_OFF_T pos = 0;
+	BOOL bad_path = False;
+	BOOL delete_pending = False;
+	int len;
+	time_t c_time;
+
+	if (!params) {
+		return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+	}
 
+	if (tran_call == TRANSACT2_QFILEINFO) {
+		files_struct *fsp = file_fsp(params,0);
+		info_level = SVAL(params,2);
+
+		DEBUG(3,("call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = %d\n", info_level));
+
+		if(fsp && (fsp->is_directory || fsp->fd == -1)) {
+			/*
+			 * This is actually a QFILEINFO on a directory
+			 * handle (returned from an NT SMB). NT5.0 seems
+			 * to do this call. JRA.
+			 */
+			pstrcpy(fname, fsp->fsp_name);
+			unix_convert(fname,conn,0,&bad_path,&sbuf);
+			if (!check_name(fname,conn) || 
+					(!VALID_STAT(sbuf) && vfs_stat(conn,fname,&sbuf))) {
+				DEBUG(3,("fileinfo of %s failed (%s)\n",fname,strerror(errno)));
+				if((errno == ENOENT) && bad_path) {
+					unix_ERR_class = ERRDOS;
+					unix_ERR_code = ERRbadpath;
+				}
+				return(UNIXERROR(ERRDOS,ERRbadpath));
+			}
+		  
+			delete_pending = fsp->directory_delete_on_close;
+		} else {
+			/*
+			 * Original code - this is an open file.
+			 */
+			CHECK_FSP(fsp,conn);
+
+			pstrcpy(fname, fsp->fsp_name);
+			if (vfs_fstat(fsp,fsp->fd,&sbuf) != 0) {
+				DEBUG(3,("fstat of fnum %d failed (%s)\n", fsp->fnum, strerror(errno)));
+				return(UNIXERROR(ERRDOS,ERRbadfid));
+			}
+			if((pos = fsp->conn->vfs_ops.lseek(fsp,fsp->fd,0,SEEK_CUR)) == -1)
+				return(UNIXERROR(ERRDOS,ERRnoaccess));
+
+			delete_pending = fsp->delete_on_close;
+		}
+	} else {
+		/* qpathinfo */
+		info_level = SVAL(params,0);
 
-  if (tran_call == TRANSACT2_QFILEINFO) {
-    int16 fnum = SVAL(params,0);
-    info_level = SVAL(params,2);
+		DEBUG(3,("call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = %d\n", info_level));
 
-    CHECK_FNUM(fnum,cnum);
-    CHECK_ERROR(fnum);
+		srvstr_pull(inbuf, fname, &params[6], sizeof(fname), -1, STR_TERMINATE);
 
-    fname = Files[fnum].name;
-    if (fstat(Files[fnum].fd,&sbuf) != 0) {
-      DEBUG(3,("fstat of fnum %d failed (%s)\n",fnum, strerror(errno)));
-      return(UNIXERROR(ERRDOS,ERRbadfid));
-    }
-    pos = lseek(Files[fnum].fd,0,SEEK_CUR);
-  } else {
-    /* qpathinfo */
-    info_level = SVAL(params,0);
-    fname = &fname1[0];
-    strcpy(fname,&params[6]);
-    unix_convert(fname,cnum);
-    if (!check_name(fname,cnum) || sys_stat(fname,&sbuf)) {
-      DEBUG(3,("fileinfo of %s failed (%s)\n",fname,strerror(errno)));
-      return(UNIXERROR(ERRDOS,ERRbadpath));
-    }
-    pos = 0;
-  }
+		RESOLVE_DFSPATH(fname, conn, inbuf, outbuf);
+
+		unix_convert(fname,conn,0,&bad_path,&sbuf);
+		if (!check_name(fname,conn) || 
+				(!VALID_STAT(sbuf) && vfs_stat(conn,fname,&sbuf))) {
+			DEBUG(3,("fileinfo of %s failed (%s)\n",fname,strerror(errno)));
+			if((errno == ENOENT) && bad_path) {
+				unix_ERR_class = ERRDOS;
+				unix_ERR_code = ERRbadpath;
+			}
+			return(UNIXERROR(ERRDOS,ERRbadpath));
+		}
+	}
 
 
-  DEBUG(3,("call_trans2qfilepathinfo %s level=%d call=%d total_data=%d\n",
-	   fname,info_level,tran_call,total_data));
+	DEBUG(3,("call_trans2qfilepathinfo %s level=%d call=%d total_data=%d\n",
+		fname,info_level,tran_call,total_data));
+
+	p = strrchr_m(fname,'/'); 
+	if (!p)
+		base_name = fname;
+	else
+		base_name = p+1;
+
+	mode = dos_mode(conn,fname,&sbuf);
+	size = sbuf.st_size;
+	allocation_size = SMB_ROUNDUP_ALLOCATION(sbuf.st_size);
+	
+	if (mode & aDIR)
+		size = 0;
+
+	params = Realloc(*pparams,2);
+	if (params == NULL)
+	  return ERROR_DOS(ERRDOS,ERRnomem);
+	*pparams = params;
+	memset((char *)params,'\0',2);
+	data_size = max_data_bytes + 1024;
+	pdata = Realloc(*ppdata, data_size); 
+	if ( pdata == NULL )
+		return ERROR_DOS(ERRDOS,ERRnomem);
+	*ppdata = pdata;
+
+	if (total_data > 0 && IVAL(pdata,0) == total_data) {
+		/* uggh, EAs for OS2 */
+		DEBUG(4,("Rejecting EA request with total_data=%d\n",total_data));
+		return ERROR_DOS(ERRDOS,ERReasnotsupported);
+	}
 
-  p = strrchr(fname,'/'); 
-  if (!p) 
-    p = fname;
-  else
-    p++;
-  l = strlen(p);  
-  mode = dos_mode(cnum,fname,&sbuf);
-  size = sbuf.st_size;
-  if (mode & aDIR) size = 0;
-  
-  params = *pparams = Realloc(*pparams,2); bzero(params,2);
-  data_size = 1024;
-  pdata = *ppdata = Realloc(*ppdata, data_size); 
+	memset((char *)pdata,'\0',data_size);
+
+	c_time = get_create_time(&sbuf,lp_fake_dir_create_times(SNUM(conn)));
+
+	if (lp_dos_filetime_resolution(SNUM(conn))) {
+		c_time &= ~1;
+		sbuf.st_atime &= ~1;
+		sbuf.st_mtime &= ~1;
+		sbuf.st_mtime &= ~1;
+	}
+
+	/* NT expects the name to be in an exact form */
+	if (strequal(fname,".")) {
+		pstrcpy(dos_fname, "\\");
+	} else {
+		snprintf(dos_fname, sizeof(dos_fname), "\\%s", fname);
+		string_replace( dos_fname, '/', '\\');
+	}
+
+	switch (info_level) {
+		case SMB_INFO_STANDARD:
+		case SMB_INFO_QUERY_EA_SIZE:
+			data_size = (info_level==1?22:26);
+			put_dos_date2(pdata,l1_fdateCreation,c_time);
+			put_dos_date2(pdata,l1_fdateLastAccess,sbuf.st_atime);
+			put_dos_date2(pdata,l1_fdateLastWrite,sbuf.st_mtime); /* write time */
+			SIVAL(pdata,l1_cbFile,(uint32)size);
+			SIVAL(pdata,l1_cbFileAlloc,(uint32)allocation_size);
+			SSVAL(pdata,l1_attrFile,mode);
+			SIVAL(pdata,l1_attrFile+2,4); /* this is what OS2 does */
+			break;
+
+		case SMB_INFO_QUERY_EAS_FROM_LIST:
+			data_size = 24;
+			put_dos_date2(pdata,0,c_time);
+			put_dos_date2(pdata,4,sbuf.st_atime);
+			put_dos_date2(pdata,8,sbuf.st_mtime);
+			SIVAL(pdata,12,(uint32)size);
+			SIVAL(pdata,16,(uint32)allocation_size);
+			SIVAL(pdata,20,mode);
+			break;
+
+		case SMB_INFO_QUERY_ALL_EAS:
+			data_size = 4;
+			SIVAL(pdata,0,data_size);
+			break;
+
+		case 6:
+			return ERROR_DOS(ERRDOS,ERRbadfunc); /* os/2 needs this */      
+
+		case SMB_FILE_BASIC_INFORMATION:
+		case SMB_QUERY_FILE_BASIC_INFO:
+
+			if (info_level == SMB_QUERY_FILE_BASIC_INFO)
+				data_size = 36; /* w95 returns 40 bytes not 36 - why ?. */
+			else {
+				data_size = 40;
+				SIVAL(pdata,36,0);
+			}
+			put_long_date(pdata,c_time);
+			put_long_date(pdata+8,sbuf.st_atime);
+			put_long_date(pdata+16,sbuf.st_mtime); /* write time */
+			put_long_date(pdata+24,sbuf.st_mtime); /* change time */
+			SIVAL(pdata,32,mode);
+
+			DEBUG(5,("SMB_QFBI - "));
+			{
+				time_t create_time = c_time;
+				DEBUG(5,("create: %s ", ctime(&create_time)));
+			}
+			DEBUG(5,("access: %s ", ctime(&sbuf.st_atime)));
+			DEBUG(5,("write: %s ", ctime(&sbuf.st_mtime)));
+			DEBUG(5,("change: %s ", ctime(&sbuf.st_mtime)));
+			DEBUG(5,("mode: %x\n", mode));
+
+			break;
+
+		case SMB_FILE_STANDARD_INFORMATION:
+		case SMB_QUERY_FILE_STANDARD_INFO:
+			data_size = 24;
+			/* Fake up allocation size. */
+			SOFF_T(pdata,0,allocation_size);
+			SOFF_T(pdata,8,size);
+			SIVAL(pdata,16,sbuf.st_nlink);
+			SCVAL(pdata,20,0);
+			SCVAL(pdata,21,(mode&aDIR)?1:0);
+			break;
+
+		case SMB_FILE_EA_INFORMATION:
+		case SMB_QUERY_FILE_EA_INFO:
+			data_size = 4;
+			break;
+
+		/* Get the 8.3 name - used if NT SMB was negotiated. */
+		case SMB_QUERY_FILE_ALT_NAME_INFO:
+		{
+			pstring short_name;
+
+			pstrcpy(short_name,base_name);
+			/* Mangle if not already 8.3 */
+			if(!mangle_is_8_3(short_name, True)) {
+				if(!mangle_map(short_name,True,True,SNUM(conn)))
+					*short_name = '\0';
+			}
+			len = srvstr_push(outbuf, pdata+4, short_name, -1, STR_TERMINATE|STR_UPPER);
+			data_size = 4 + len;
+			SIVAL(pdata,0,len);
+			break;
+		}
+
+		case SMB_QUERY_FILE_NAME_INFO:
+			/*
+			  this must be *exactly* right for ACLs on mapped drives to work
+			 */
+			len = srvstr_push(outbuf, pdata+4, dos_fname, -1, STR_UNICODE);
+			data_size = 4 + len;
+			SIVAL(pdata,0,len);
+			break;
+
+		case SMB_FILE_END_OF_FILE_INFORMATION:
+		case SMB_QUERY_FILE_END_OF_FILEINFO:
+			data_size = 8;
+			SOFF_T(pdata,0,size);
+			break;
+
+		case SMB_FILE_ALLOCATION_INFORMATION:
+		case SMB_QUERY_FILE_ALLOCATION_INFO:
+			data_size = 8;
+			SOFF_T(pdata,0,allocation_size);
+			break;
+
+		case SMB_QUERY_FILE_ALL_INFO:
+			put_long_date(pdata,c_time);
+			put_long_date(pdata+8,sbuf.st_atime);
+			put_long_date(pdata+16,sbuf.st_mtime); /* write time */
+			put_long_date(pdata+24,sbuf.st_mtime); /* change time */
+			SIVAL(pdata,32,mode);
+			pdata += 40;
+			SOFF_T(pdata,0,allocation_size);
+			SOFF_T(pdata,8,size);
+			SIVAL(pdata,16,sbuf.st_nlink);
+			SCVAL(pdata,20,delete_pending);
+			SCVAL(pdata,21,(mode&aDIR)?1:0);
+			pdata += 24;
+			SINO_T(pdata,0,(SMB_INO_T)sbuf.st_ino); 
+			pdata += 8; /* index number */
+			pdata += 4; /* EA info */
+			if (mode & aRONLY)
+				SIVAL(pdata,0,0xA9);
+			else
+				SIVAL(pdata,0,0xd01BF);
+			pdata += 4;
+			SOFF_T(pdata,0,pos); /* current offset */
+			pdata += 8;
+			SIVAL(pdata,0,mode); /* is this the right sort of mode info? */
+			pdata += 4;
+			pdata += 4; /* alignment */
+			len = srvstr_push(outbuf, pdata+4, dos_fname, -1, STR_TERMINATE);
+			SIVAL(pdata,0,len);
+			pdata += 4 + len;
+			data_size = PTR_DIFF(pdata,(*ppdata));
+			break;
+
+		case SMB_FILE_INTERNAL_INFORMATION:
+			/* This should be an index number - looks like dev/ino to me :-) */
+			SIVAL(pdata,0,sbuf.st_dev);
+			SIVAL(pdata,4,sbuf.st_ino);
+			data_size = 8;
+			break;
+
+		case SMB_FILE_ACCESS_INFORMATION:
+			SIVAL(pdata,0,0x12019F); /* ??? */
+			data_size = 4;
+			break;
+
+		case SMB_FILE_NAME_INFORMATION:
+			/* Pathname with leading '\'. */
+			{
+				size_t byte_len;
+				byte_len = dos_PutUniCode(pdata+4,dos_fname,max_data_bytes,False);
+				SIVAL(pdata,0,byte_len);
+				data_size = 4 + byte_len;
+				break;
+			}
+
+		case SMB_FILE_DISPOSITION_INFORMATION:
+			data_size = 1;
+			SCVAL(pdata,0,delete_pending);
+			break;
+
+		case SMB_FILE_POSITION_INFORMATION:
+			data_size = 8;
+			SOFF_T(pdata,0,pos);
+			break;
+
+		case SMB_FILE_MODE_INFORMATION:
+			SIVAL(pdata,0,mode);
+			data_size = 4;
+			break;
+
+		case SMB_FILE_ALIGNMENT_INFORMATION:
+			SIVAL(pdata,0,0); /* No alignment needed. */
+			data_size = 4;
+			break;
 
-  if (total_data > 0 && IVAL(pdata,0) == total_data) {
-    /* uggh, EAs for OS2 */
-    DEBUG(4,("Rejecting EA request with total_data=%d\n",total_data));
 #if 0
-    SSVAL(params,0,ERROR_EAS_NOT_SUPPORTED);
-    send_trans2_replies(outbuf, bufsize, params, 2, *ppdata, 0);
-    return(-1);
-#else
-    return(ERROR(ERRDOS,ERROR_EAS_NOT_SUPPORTED));
+	/* Not yet finished... JRA */
+	case 1018:
+		{
+			put_long_date(pdata,c_time);
+			put_long_date(pdata+8,sbuf.st_atime);
+			put_long_date(pdata+16,sbuf.st_mtime); /* write time */
+			put_long_date(pdata+24,sbuf.st_mtime); /* change time */
+			SIVAL(pdata,32,mode);
+			SIVAL(pdata,36,0); /* ??? */
+			SIVAL(pdata,40,0x20); /* ??? */
+			SIVAL(pdata,44,0); /* ??? */
+			SOFF_T(pdata,48,size);
+			SIVAL(pdata,56,0x1); /* ??? */
+			SIVAL(pdata,60,0); /* ??? */
+			SIVAL(pdata,64,0); /* ??? */
+			SIVAL(pdata,68,length); /* Following string length in bytes. */
+			dos_PutUniCode(pdata+72,,False);
+			break;
+		}
 #endif
-  }
 
-  bzero(pdata,data_size);
+		case SMB_FILE_ALTERNATE_NAME_INFORMATION:
+			/* Last component of pathname. */
+			{
+				size_t byte_len = dos_PutUniCode(pdata+4,fname,max_data_bytes,False);
+				SIVAL(pdata,0,byte_len);
+				data_size = 4 + byte_len;
+				break;
+			}
+		
+		case SMB_FILE_STREAM_INFORMATION:
+			if (mode & aDIR) {
+				data_size = 0;
+			} else {
+				size_t byte_len = dos_PutUniCode(pdata+24,"::$DATA", 0xE, False);
+				SIVAL(pdata,0,0); /* ??? */
+				SIVAL(pdata,4,byte_len); /* Byte length of unicode string ::$DATA */
+				SOFF_T(pdata,8,size);
+				SIVAL(pdata,16,allocation_size);
+				SIVAL(pdata,20,0); /* ??? */
+				data_size = 24 + byte_len;
+			}
+			break;
+
+		case SMB_FILE_COMPRESSION_INFORMATION:
+			SOFF_T(pdata,0,size);
+			SIVAL(pdata,8,0); /* ??? */
+			SIVAL(pdata,12,0); /* ??? */
+			data_size = 16;
+			break;
+
+		case SMB_FILE_NETWORK_OPEN_INFORMATION:
+			put_long_date(pdata,c_time);
+			put_long_date(pdata+8,sbuf.st_atime);
+			put_long_date(pdata+16,sbuf.st_mtime); /* write time */
+			put_long_date(pdata+24,sbuf.st_mtime); /* change time */
+			SIVAL(pdata,32,allocation_size);
+			SOFF_T(pdata,40,size);
+			SIVAL(pdata,48,mode);
+			SIVAL(pdata,52,0); /* ??? */
+			data_size = 56;
+			break;
+
+		case SMB_FILE_ATTRIBUTE_TAG_INFORMATION:
+			SIVAL(pdata,0,mode);
+			SIVAL(pdata,4,0);
+			data_size = 8;
+			break;
 
-  switch (info_level) 
-    {
-    case 1:
-    case 2:
-      data_size = (info_level==1?22:26);
-      put_dos_date2(pdata,l1_fdateCreation,sbuf.st_ctime);
-      put_dos_date2(pdata,l1_fdateLastAccess,sbuf.st_atime);
-      put_dos_date2(pdata,l1_fdateLastWrite,sbuf.st_mtime);
-      SIVAL(pdata,l1_cbFile,size);
-      SIVAL(pdata,l1_cbFileAlloc,ROUNDUP(size,1024));
-      SSVAL(pdata,l1_attrFile,mode);
-      SIVAL(pdata,l1_attrFile+2,4); /* this is what OS2 does */
-      break;
+#if 0
+		/* NT4 server just returns "invalid query" to this - if we try to answer 
+				it then NTws gets a BSOD! (tridge) */
+		case SMB_QUERY_FILE_STREAM_INFO:
+			SIVAL(pdata,0,pos);
+			SIVAL(pdata,4,(uint32)size);
+			SIVAL(pdata,12,(uint32)allocation_size);
+			len = srvstr_push(outbuf, pdata+24, fname, -1, STR_TERMINATE);
+			SIVAL(pdata,20,len);
+			data_size = 24 + len;
+			break;
+#endif
 
-    case 3:
-      data_size = 24;
-      put_dos_date2(pdata,0,sbuf.st_ctime);
-      put_dos_date2(pdata,4,sbuf.st_atime);
-      put_dos_date2(pdata,8,sbuf.st_mtime);
-      SIVAL(pdata,12,size);
-      SIVAL(pdata,16,ROUNDUP(size,1024));
-      SIVAL(pdata,20,mode);
-      break;
+		default:
+			return ERROR_DOS(ERRDOS,ERRunknownlevel);
+	}
 
-    case 4:
-      data_size = 4;
-      SIVAL(pdata,0,data_size);
-      break;
+	send_trans2_replies(outbuf, bufsize, params, 2, *ppdata, data_size);
 
-    case 6:
-      return(ERROR(ERRDOS,ERRbadfunc)); /* os/2 needs this */      
+	return(-1);
+}
 
-    case SMB_QUERY_FILE_BASIC_INFO:
-      data_size = 36;
-      put_long_date(pdata,sbuf.st_ctime);
-      put_long_date(pdata+8,sbuf.st_atime);
-      put_long_date(pdata+16,sbuf.st_mtime);
-      put_long_date(pdata+24,sbuf.st_mtime);
-      SIVAL(pdata,32,mode);
-      break;
+/****************************************************************************
+ Deal with the internal needs of setting the delete on close flag. Note that
+ as the tdb locking is recursive, it is safe to call this from within 
+ open_file_shared. JRA.
+****************************************************************************/
 
-    case SMB_QUERY_FILE_STANDARD_INFO:
-      data_size = 22;
-      SIVAL(pdata,0,size);
-      SIVAL(pdata,8,size);
-      SIVAL(pdata,16,sbuf.st_nlink);
-      CVAL(pdata,20) = 0;
-      CVAL(pdata,21) = (mode&aDIR)?1:0;
-      break;
+NTSTATUS set_delete_on_close_internal(files_struct *fsp, BOOL delete_on_close)
+{
+	/*
+	 * Only allow delete on close for writable shares.
+	 */
+
+	if (delete_on_close && !CAN_WRITE(fsp->conn)) {
+		DEBUG(10,("set_delete_on_close_internal: file %s delete on close flag set but write access denied on share.\n",
+				fsp->fsp_name ));
+				return NT_STATUS_ACCESS_DENIED;
+	}
+	/*
+	 * Only allow delete on close for files/directories opened with delete intent.
+	 */
+
+	if (delete_on_close && !(fsp->desired_access & DELETE_ACCESS)) {
+		DEBUG(10,("set_delete_on_close_internal: file %s delete on close flag set but delete access denied.\n",
+				fsp->fsp_name ));
+				return NT_STATUS_ACCESS_DENIED;
+	}
 
-    case SMB_QUERY_FILE_EA_INFO:
-      data_size = 4;
-      break;
+	if(fsp->is_directory) {
+		fsp->directory_delete_on_close = delete_on_close;
+		DEBUG(10, ("set_delete_on_close_internal: %s delete on close flag for fnum = %d, directory %s\n",
+			delete_on_close ? "Added" : "Removed", fsp->fnum, fsp->fsp_name ));
+	} else {
 
-    case SMB_QUERY_FILE_NAME_INFO:
-    case SMB_QUERY_FILE_ALT_NAME_INFO:
-      data_size = 4 + l;
-      SIVAL(pdata,0,l);
-      strcpy(pdata+4,fname);
-      break;
-    case SMB_QUERY_FILE_ALLOCATION_INFO:
-    case SMB_QUERY_FILE_END_OF_FILEINFO:
-      data_size = 8;
-      SIVAL(pdata,0,size);
-      break;
+		files_struct *iterate_fsp;
 
-    case SMB_QUERY_FILE_ALL_INFO:
-      put_long_date(pdata,sbuf.st_ctime);
-      put_long_date(pdata+8,sbuf.st_atime);
-      put_long_date(pdata+16,sbuf.st_mtime);
-      put_long_date(pdata+24,sbuf.st_mtime);
-      SIVAL(pdata,32,mode);
-      pdata += 40;
-      SIVAL(pdata,0,size);
-      SIVAL(pdata,8,size);
-      SIVAL(pdata,16,sbuf.st_nlink);
-      CVAL(pdata,20) = 0;
-      CVAL(pdata,21) = (mode&aDIR)?1:0;
-      pdata += 24;
-      pdata += 8; /* index number */
-      pdata += 4; /* EA info */
-      if (mode & aRONLY)
-	SIVAL(pdata,0,0xA9);
-      else
-	SIVAL(pdata,0,0xd01BF);
-      pdata += 4;
-      SIVAL(pdata,0,pos); /* current offset */
-      pdata += 8;
-      SIVAL(pdata,0,mode); /* is this the right sort of mode info? */
-      pdata += 4;
-      pdata += 4; /* alignment */
-      SIVAL(pdata,0,l);
-      strcpy(pdata+4,fname);
-      pdata += 4 + l;
-      data_size = PTR_DIFF(pdata,(*ppdata));
-      break;
+		/*
+		 * Modify the share mode entry for all files open
+		 * on this device and inode to tell other smbds we have 
+		 * changed the delete on close flag. This will be noticed
+		 * in the close code, the last closer will delete the file
+		 * if flag is set.
+		 */
 
-    case SMB_QUERY_FILE_STREAM_INFO:
-      data_size = 24 + l;
-      SIVAL(pdata,0,pos);
-      SIVAL(pdata,4,size);
-      SIVAL(pdata,12,size);
-      SIVAL(pdata,20,l);	
-      strcpy(pdata+24,fname);
-      break;
-    default:
-      return(ERROR(ERRDOS,ERRunknownlevel));
-    }
+		DEBUG(10,("set_delete_on_close_internal: %s delete on close flag for fnum = %d, file %s\n",
+					delete_on_close ? "Adding" : "Removing", fsp->fnum, fsp->fsp_name ));
 
-  send_trans2_replies( outbuf, bufsize, params, 2, *ppdata, data_size);
+		if (lock_share_entry_fsp(fsp) == False)
+				return NT_STATUS_ACCESS_DENIED;
 
-  return(-1);
+		if (!modify_delete_flag(fsp->dev, fsp->inode, delete_on_close)) {
+			DEBUG(0,("set_delete_on_close_internal: failed to change delete on close flag for file %s\n",
+					fsp->fsp_name ));
+			unlock_share_entry_fsp(fsp);
+			return NT_STATUS_ACCESS_DENIED;
+		}
+
+		/*
+		 * Release the lock.
+		 */
+
+		unlock_share_entry_fsp(fsp);
+
+		/*
+		 * Go through all files we have open on the same device and
+		 * inode (hanging off the same hash bucket) and set the DELETE_ON_CLOSE_FLAG.
+		 * Other smbd's that have this file open will look in the share_mode on close.
+		 * take care of this (rare) case in close_file(). See the comment there.
+		 * NB. JRA. We don't really need to do this anymore - all should be taken
+		 * care of in the share_mode changes in the tdb.
+		 */
+
+		for(iterate_fsp = file_find_di_first(fsp->dev, fsp->inode);
+				iterate_fsp; iterate_fsp = file_find_di_next(iterate_fsp))
+						fsp->delete_on_close = delete_on_close;
+
+		/*
+		 * Set the delete on close flag in the fsp.
+		 */
+		fsp->delete_on_close = delete_on_close;
+
+		DEBUG(10, ("set_delete_on_close_internal: %s delete on close flag for fnum = %d, file %s\n",
+			delete_on_close ? "Added" : "Removed", fsp->fnum, fsp->fsp_name ));
+
+	}
+
+	return NT_STATUS_OK;
 }
 
 /****************************************************************************
-  reply to a TRANS2_SETFILEINFO (set file info by fileid)
+ Reply to a TRANS2_SETFILEINFO (set file info by fileid).
 ****************************************************************************/
-static int call_trans2setfilepathinfo(char *inbuf, char *outbuf, int length, 
-				      int bufsize, int cnum, char **pparams, 
+
+static int call_trans2setfilepathinfo(connection_struct *conn,
+				      char *inbuf, char *outbuf, int length, 
+				      int bufsize, char **pparams, 
 				      char **ppdata, int total_data)
 {
-  char *params = *pparams;
-  char *pdata = *ppdata;
-  uint16 tran_call = SVAL(inbuf, smb_setup0);
-  uint16 info_level;
-  int mode=0;
-  int size=0;
-  struct utimbuf tvs;
-  struct stat st;
-  pstring fname1;
-  char *fname;
-  int fd = -1;
-
-  if (!CAN_WRITE(cnum))
-    return(ERROR(ERRSRV,ERRaccess));
-
-  if (tran_call == TRANSACT2_SETFILEINFO) {
-    int16 fnum = SVAL(params,0);
-    info_level = SVAL(params,2);    
-
-    CHECK_FNUM(fnum,cnum);
-    CHECK_ERROR(fnum);
-
-    fname = Files[fnum].name;
-    fd = Files[fnum].fd;
-
-    if(fstat(fd,&st)!=0) {
-      DEBUG(3,("fstat of %s failed (%s)\n", fname, strerror(errno)));
-      return(ERROR(ERRDOS,ERRbadpath));
-    }
-  } else {
-    /* set path info */
-    info_level = SVAL(params,0);    
-    fname = fname1;
-    strcpy(fname,&params[6]);
-    unix_convert(fname,cnum);
-    if(!check_name(fname, cnum))
-      return(ERROR(ERRDOS,ERRbadpath));
-    
-    if(sys_stat(fname,&st)!=0) {
-      DEBUG(3,("stat of %s failed (%s)\n", fname, strerror(errno)));
-      return(ERROR(ERRDOS,ERRbadpath));
-    }    
-  }
+	char *params = *pparams;
+	char *pdata = *ppdata;
+	uint16 tran_call = SVAL(inbuf, smb_setup0);
+	uint16 info_level;
+	int mode=0;
+	SMB_OFF_T size=0;
+	struct utimbuf tvs;
+	SMB_STRUCT_STAT sbuf;
+	pstring fname;
+	int fd = -1;
+	BOOL bad_path = False;
+	files_struct *fsp = NULL;
+
+	if (tran_call == TRANSACT2_SETFILEINFO) {
+		fsp = file_fsp(params,0);
+		info_level = SVAL(params,2);    
+
+		if(fsp && (fsp->is_directory || fsp->fd == -1)) {
+			/*
+			 * This is actually a SETFILEINFO on a directory
+			 * handle (returned from an NT SMB). NT5.0 seems
+			 * to do this call. JRA.
+			 */
+			pstrcpy(fname, fsp->fsp_name);
+			unix_convert(fname,conn,0,&bad_path,&sbuf);
+			if (!check_name(fname,conn) || (!VALID_STAT(sbuf))) {
+				DEBUG(3,("fileinfo of %s failed (%s)\n",fname,strerror(errno)));
+				if((errno == ENOENT) && bad_path) {
+					unix_ERR_class = ERRDOS;
+					unix_ERR_code = ERRbadpath;
+				}
+				return(UNIXERROR(ERRDOS,ERRbadpath));
+			}
+		} else if (fsp && fsp->print_file) {
+			/*
+			 * Doing a DELETE_ON_CLOSE should cancel a print job.
+			 */
+			if ((info_level == SMB_SET_FILE_DISPOSITION_INFO) && CVAL(pdata,0)) {
+				fsp->share_mode = FILE_DELETE_ON_CLOSE;
+
+				DEBUG(3,("call_trans2setfilepathinfo: Cancelling print job (%s)\n", fsp->fsp_name ));
+	
+				SSVAL(params,0,0);
+				send_trans2_replies(outbuf, bufsize, params, 2, *ppdata, 0);
+				return(-1);
+			}
+	    } else {
+			/*
+			 * Original code - this is an open file.
+			 */
+			CHECK_FSP(fsp,conn);
+
+			pstrcpy(fname, fsp->fsp_name);
+			fd = fsp->fd;
+
+			if (vfs_fstat(fsp,fd,&sbuf) != 0) {
+				DEBUG(3,("fstat of fnum %d failed (%s)\n",fsp->fnum, strerror(errno)));
+				return(UNIXERROR(ERRDOS,ERRbadfid));
+			}
+		}
+	} else {
+		/* set path info */
+		info_level = SVAL(params,0);    
+		srvstr_pull(inbuf, fname, &params[6], sizeof(fname), -1, STR_TERMINATE);
+		unix_convert(fname,conn,0,&bad_path,&sbuf);
+		if(!check_name(fname, conn)) {
+			if((errno == ENOENT) && bad_path) {
+				unix_ERR_class = ERRDOS;
+				unix_ERR_code = ERRbadpath;
+			}
+			return(UNIXERROR(ERRDOS,ERRbadpath));
+		}
+ 
+		if(!VALID_STAT(sbuf)) {
+			DEBUG(3,("stat of %s failed (%s)\n", fname, strerror(errno)));
+			if((errno == ENOENT) && bad_path) {
+				unix_ERR_class = ERRDOS;
+				unix_ERR_code = ERRbadpath;
+			}
+			return(UNIXERROR(ERRDOS,ERRbadpath));
+		}    
+	}
 
-  DEBUG(3,("call_trans2setfilepathinfo(%d) %s info_level=%d totdata=%d\n",
-	   tran_call,fname,info_level,total_data));
+	if (!CAN_WRITE(conn))
+		return ERROR_DOS(ERRSRV,ERRaccess);
 
-  /* Realloc the parameter and data sizes */
-  params = *pparams = Realloc(*pparams,2); SSVAL(params,0,0);
-  if(params == NULL)
-    return(ERROR(ERRDOS,ERRnomem));
+	DEBUG(3,("call_trans2setfilepathinfo(%d) %s info_level=%d totdata=%d\n",
+		tran_call,fname,info_level,total_data));
 
-  size = st.st_size;
-  tvs.modtime = st.st_mtime;
-  tvs.actime = st.st_atime;
-  mode = dos_mode(cnum,fname,&st);
+	/* Realloc the parameter and data sizes */
+	params = Realloc(*pparams,2);
+	if(params == NULL)
+		return ERROR_DOS(ERRDOS,ERRnomem);
+	*pparams = params;
 
-  if (total_data > 0 && IVAL(pdata,0) == total_data) {
-    /* uggh, EAs for OS2 */
-    DEBUG(4,("Rejecting EA request with total_data=%d\n",total_data));
-    SSVAL(params,0,ERROR_EAS_NOT_SUPPORTED);
+	SSVAL(params,0,0);
 
-    send_trans2_replies(outbuf, bufsize, params, 2, *ppdata, 0);
-  
-    return(-1);    
-  }
+	size = sbuf.st_size;
+	tvs.modtime = sbuf.st_mtime;
+	tvs.actime = sbuf.st_atime;
+	mode = dos_mode(conn,fname,&sbuf);
 
-  switch (info_level)
-    {
-    case 1:
-      tvs.actime = make_unix_date2(pdata+l1_fdateLastAccess);
-      tvs.modtime = make_unix_date2(pdata+l1_fdateLastWrite);
-      mode = SVAL(pdata,l1_attrFile);
-      size = IVAL(pdata,l1_cbFile);
-      break;
+	if (total_data > 4 && IVAL(pdata,0) == total_data) {
+		/* uggh, EAs for OS2 */
+		DEBUG(4,("Rejecting EA request with total_data=%d\n",total_data));
+		return ERROR_DOS(ERRDOS,ERReasnotsupported);
+	}
 
-    case 2:
-      tvs.actime = make_unix_date2(pdata+l1_fdateLastAccess);
-      tvs.modtime = make_unix_date2(pdata+l1_fdateLastWrite);
-      mode = SVAL(pdata,l1_attrFile);
-      size = IVAL(pdata,l1_cbFile);
-      break;
+	switch (info_level) {
+		case SMB_INFO_STANDARD:
+		case SMB_INFO_QUERY_EA_SIZE:
+		{
+			/* access time */
+			tvs.actime = make_unix_date2(pdata+l1_fdateLastAccess);
+
+			/* write time */
+			tvs.modtime = make_unix_date2(pdata+l1_fdateLastWrite);
+
+			mode = SVAL(pdata,l1_attrFile);
+			size = IVAL(pdata,l1_cbFile);
+			break;
+		}
+
+		/* XXXX um, i don't think this is right.
+			it's also not in the cifs6.txt spec.
+		*/
+		case SMB_INFO_QUERY_EAS_FROM_LIST:
+			tvs.actime = make_unix_date2(pdata+8);
+			tvs.modtime = make_unix_date2(pdata+12);
+			size = IVAL(pdata,16);
+			mode = IVAL(pdata,24);
+			break;
+
+		/* XXXX nor this.  not in cifs6.txt, either. */
+		case SMB_INFO_QUERY_ALL_EAS:
+			tvs.actime = make_unix_date2(pdata+8);
+			tvs.modtime = make_unix_date2(pdata+12);
+			size = IVAL(pdata,16);
+			mode = IVAL(pdata,24);
+			break;
+
+		case SMB_SET_FILE_BASIC_INFO:
+		case SMB_FILE_BASIC_INFORMATION:
+		{
+			/* Patch to do this correctly from Paul Eggert <eggert@twinsun.com>. */
+			time_t write_time;
+			time_t changed_time;
+
+			/* Ignore create time at offset pdata. */
+
+			/* access time */
+			tvs.actime = interpret_long_date(pdata+8);
+
+			write_time = interpret_long_date(pdata+16);
+			changed_time = interpret_long_date(pdata+24);
+
+			tvs.modtime = MIN(write_time, changed_time);
+
+			/* Prefer a defined time to an undefined one. */
+			if (tvs.modtime == (time_t)0 || tvs.modtime == (time_t)-1)
+				tvs.modtime = (write_time == (time_t)0 || write_time == (time_t)-1
+					? changed_time : write_time);
+
+			/* attributes */
+			mode = IVAL(pdata,32);
+			break;
+		}
+
+		case  SMB_FILE_ALLOCATION_INFORMATION:
+		case SMB_SET_FILE_ALLOCATION_INFO:
+		{
+			int ret = -1;
+			SMB_OFF_T allocation_size = IVAL(pdata,0);
+#ifdef LARGE_SMB_OFF_T
+			allocation_size |= (((SMB_OFF_T)IVAL(pdata,4)) << 32);
+#else /* LARGE_SMB_OFF_T */
+			if (IVAL(pdata,4) != 0) /* more than 32 bits? */
+				return ERROR_DOS(ERRDOS,ERRunknownlevel);
+#endif /* LARGE_SMB_OFF_T */
+			DEBUG(10,("call_trans2setfilepathinfo: Set file allocation info for file %s to %.0f\n",
+					fname, (double)allocation_size ));
+
+			if(allocation_size != sbuf.st_size) {
+				SMB_STRUCT_STAT new_sbuf;
+ 
+				DEBUG(10,("call_trans2setfilepathinfo: file %s : setting new allocation size to %.0f\n",
+					fname, (double)allocation_size ));
+ 
+				if (fd == -1) {
+					files_struct *new_fsp = NULL;
+					int access_mode = 0;
+					int action = 0;
+ 
+					if(global_oplock_break) {
+						/* Queue this file modify as we are the process of an oplock break.  */
+ 
+						DEBUG(2,("call_trans2setfilepathinfo: queueing message due to being "));
+						DEBUGADD(2,( "in oplock break state.\n"));
+ 
+						push_oplock_pending_smb_message(inbuf, length);
+						return -1;
+					}
+ 
+					new_fsp = open_file_shared1(conn, fname, &sbuf,FILE_WRITE_DATA,
+									SET_OPEN_MODE(DOS_OPEN_RDWR),
+									(FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN),
+									0, 0, &access_mode, &action);
+ 
+					if (new_fsp == NULL)
+						return(UNIXERROR(ERRDOS,ERRbadpath));
+					ret = vfs_allocate_file_space(new_fsp, allocation_size);
+					if (vfs_fstat(new_fsp,new_fsp->fd,&new_sbuf) != 0) {
+						DEBUG(3,("fstat of fnum %d failed (%s)\n",new_fsp->fnum, strerror(errno)));
+						ret = -1;
+					}
+					close_file(new_fsp,True);
+				} else {
+					ret = vfs_allocate_file_space(fsp, allocation_size);
+					if (vfs_fstat(fsp,fd,&new_sbuf) != 0) {
+						DEBUG(3,("fstat of fnum %d failed (%s)\n",fsp->fnum, strerror(errno)));
+						ret = -1;
+					}
+				}
+				if (ret == -1)
+					return ERROR_NT(NT_STATUS_DISK_FULL);
+
+				/* Allocate can trucate size... */
+				size = new_sbuf.st_size;
+			}
+
+			break;
+		}
+
+	case SMB_FILE_END_OF_FILE_INFORMATION:
+		case SMB_SET_FILE_END_OF_FILE_INFO:
+		{
+			size = IVAL(pdata,0);
+#ifdef LARGE_SMB_OFF_T
+			size |= (((SMB_OFF_T)IVAL(pdata,4)) << 32);
+#else /* LARGE_SMB_OFF_T */
+			if (IVAL(pdata,4) != 0)	/* more than 32 bits? */
+				return ERROR_DOS(ERRDOS,ERRunknownlevel);
+#endif /* LARGE_SMB_OFF_T */
+			DEBUG(10,("call_trans2setfilepathinfo: Set end of file info for file %s to %.0f\n", fname, (double)size ));
+			break;
+		}
+
+		case SMB_FILE_DISPOSITION_INFORMATION:
+		case SMB_SET_FILE_DISPOSITION_INFO: /* Set delete on close for open file. */
+		{
+			BOOL delete_on_close = (CVAL(pdata,0) ? True : False);
+			NTSTATUS status;
+
+			if (tran_call != TRANSACT2_SETFILEINFO)
+				return ERROR_DOS(ERRDOS,ERRunknownlevel);
+
+			if (fsp == NULL)
+				return(UNIXERROR(ERRDOS,ERRbadfid));
+
+			status = set_delete_on_close_internal(fsp, delete_on_close);
+ 
+			if (NT_STATUS_V(status) !=  NT_STATUS_V(NT_STATUS_OK))
+				return ERROR_NT(status);
 
-    case 3:
-      tvs.actime = make_unix_date2(pdata+8);
-      tvs.modtime = make_unix_date2(pdata+12);
-      size = IVAL(pdata,16);
-      mode = IVAL(pdata,24);
-      break;
+			break;
+		}
 
-    case 4:
-      tvs.actime = make_unix_date2(pdata+8);
-      tvs.modtime = make_unix_date2(pdata+12);
-      size = IVAL(pdata,16);
-      mode = IVAL(pdata,24);
-      break;
+		default:
+			return ERROR_DOS(ERRDOS,ERRunknownlevel);
+	}
 
-    case SMB_SET_FILE_BASIC_INFO:
-      pdata += 8;		/* create time */
-      tvs.actime = interpret_long_date(pdata); pdata += 8;
-      tvs.modtime=MAX(interpret_long_date(pdata),interpret_long_date(pdata+8));
-      pdata += 16;
-      mode = IVAL(pdata,0);
-      break;
+	/* get some defaults (no modifications) if any info is zero or -1. */
+	if (tvs.actime == (time_t)0 || tvs.actime == (time_t)-1)
+		tvs.actime = sbuf.st_atime;
+
+	if (tvs.modtime == (time_t)0 || tvs.modtime == (time_t)-1)
+		tvs.modtime = sbuf.st_mtime;
+
+	DEBUG(6,("actime: %s " , ctime(&tvs.actime)));
+	DEBUG(6,("modtime: %s ", ctime(&tvs.modtime)));
+	DEBUG(6,("size: %.0f ", (double)size));
+	DEBUG(6,("mode: %x\n"  , mode));
+
+	if (S_ISDIR(sbuf.st_mode))
+		mode |= aDIR;
+	else
+		mode &= ~aDIR;
+
+	if(!((info_level == SMB_SET_FILE_END_OF_FILE_INFO) ||
+		(info_level == SMB_SET_FILE_ALLOCATION_INFO) ||
+		(info_level == SMB_FILE_ALLOCATION_INFORMATION) ||
+			(info_level == SMB_FILE_END_OF_FILE_INFORMATION))) {
+
+		/*
+		 * Only do this test if we are not explicitly
+		 * changing the size of a file.
+		 */
+		if (!size)
+			size = sbuf.st_size;
+	}
 
-    case SMB_SET_FILE_END_OF_FILE_INFO:
-      if (IVAL(pdata,4) != 0)	/* more than 32 bits? */
-	return(ERROR(ERRDOS,ERRunknownlevel));
-      size = IVAL(pdata,0);
-      break;
+	/*
+	 * Try and set the times, size and mode of this file -
+	 * if they are different from the current values
+	 */
+	if (sbuf.st_mtime != tvs.modtime || sbuf.st_atime != tvs.actime) {
+		if(fsp != NULL) {
+			/*
+			 * This was a setfileinfo on an open file.
+			 * NT does this a lot. It's actually pointless
+			 * setting the time here, as it will be overwritten
+			 * on the next write, so we save the request
+			 * away and will set it on file code. JRA.
+			 */
+
+			if (tvs.modtime != (time_t)0 && tvs.modtime != (time_t)-1) {
+				DEBUG(10,("call_trans2setfilepathinfo: setting pending modtime to %s\n", ctime(&tvs.modtime) ));
+				fsp->pending_modtime = tvs.modtime;
+			}
+
+		} else {
+
+			DEBUG(10,("call_trans2setfilepathinfo: setting utimes to modified values.\n"));
+
+			if(file_utime(conn, fname, &tvs)!=0)
+				return(UNIXERROR(ERRDOS,ERRnoaccess));
+		}
+	}
 
-    case SMB_SET_FILE_DISPOSITION_INFO: /* not supported yet */
-    case SMB_SET_FILE_ALLOCATION_INFO: /* not supported yet */
-    default:
-      return(ERROR(ERRDOS,ERRunknownlevel));
-    }
+	/* check the mode isn't different, before changing it */
+	if ((mode != 0) && (mode != dos_mode(conn, fname, &sbuf))) {
 
+		DEBUG(10,("call_trans2setfilepathinfo: file %s : setting dos mode %x\n", fname, mode ));
 
-  if (!tvs.actime) tvs.actime = st.st_atime;
-  if (!tvs.modtime) tvs.modtime = st.st_mtime;
-  if (!size) size = st.st_size;
+		if(file_chmod(conn, fname, mode, NULL)) {
+			DEBUG(2,("chmod of %s failed (%s)\n", fname, strerror(errno)));
+			return(UNIXERROR(ERRDOS,ERRnoaccess));
+		}
+	}
 
-  /* Try and set the times, size and mode of this file - if they are different 
-   from the current values */
-  if(st.st_mtime != tvs.modtime || st.st_atime != tvs.actime) {
-    if(sys_utime(fname, &tvs)!=0)
-      return(ERROR(ERRDOS,ERRnoaccess));
-  }
-  if(mode != dos_mode(cnum,fname,&st) && dos_chmod(cnum,fname,mode,NULL)) {
-    DEBUG(2,("chmod of %s failed (%s)\n", fname, strerror(errno)));
-    return(ERROR(ERRDOS,ERRnoaccess));
-  }
-  if(size != st.st_size) {
-    if (fd == -1) {
-      fd = sys_open(fname,O_RDWR,0);
-      if (fd == -1)
-	return(ERROR(ERRDOS,ERRbadpath));
-      set_filelen(fd, size);
-      close(fd);
-    } else {
-      set_filelen(fd, size);
-    }
-  }
+	if(size != sbuf.st_size) {
 
-  SSVAL(params,0,0);
+		int ret;
 
-  send_trans2_replies(outbuf, bufsize, params, 2, *ppdata, 0);
+		DEBUG(10,("call_trans2setfilepathinfo: file %s : setting new size to %.0f\n",
+			fname, (double)size ));
+
+		if (fd == -1) {
+			files_struct *new_fsp = NULL;
+			int access_mode = 0;
+			int action = 0;
+
+			if(global_oplock_break) {
+				/* Queue this file modify as we are the process of an oplock break.  */
+
+				DEBUG(2,("call_trans2setfilepathinfo: queueing message due to being "));
+				DEBUGADD(2,( "in oplock break state.\n"));
+
+				push_oplock_pending_smb_message(inbuf, length);
+				return -1;
+			}
+
+			new_fsp = open_file_shared(conn, fname, &sbuf,
+						SET_OPEN_MODE(DOS_OPEN_RDWR),
+						(FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN),
+						0, 0, &access_mode, &action);
+	
+			if (new_fsp == NULL)
+				return(UNIXERROR(ERRDOS,ERRbadpath));
+			ret = vfs_set_filelen(new_fsp, size);
+			close_file(new_fsp,True);
+		} else {
+			ret = vfs_set_filelen(fsp, size);
+		}
+
+		if (ret == -1)
+			return (UNIXERROR(ERRHRD,ERRdiskfull));
+	}
+
+	SSVAL(params,0,0);
+
+	send_trans2_replies(outbuf, bufsize, params, 2, *ppdata, 0);
   
-  return(-1);
+	return(-1);
 }
 
 /****************************************************************************
-  reply to a TRANS2_MKDIR (make directory with extended attributes).
+ Reply to a TRANS2_MKDIR (make directory with extended attributes).
 ****************************************************************************/
-static int call_trans2mkdir(char *inbuf, char *outbuf, int length, int bufsize,
-			int cnum, char **pparams, char **ppdata)
+
+static int call_trans2mkdir(connection_struct *conn,
+			    char *inbuf, char *outbuf, int length, int bufsize,
+			    char **pparams, char **ppdata)
 {
   char *params = *pparams;
   pstring directory;
   int ret = -1;
+  SMB_STRUCT_STAT sbuf;
+  BOOL bad_path = False;
 
-  if (!CAN_WRITE(cnum))
-    return(ERROR(ERRSRV,ERRaccess));
+  if (!CAN_WRITE(conn))
+    return ERROR_DOS(ERRSRV,ERRaccess);
 
-  strcpy(directory, &params[4]);
+  srvstr_pull(inbuf, directory, &params[4], sizeof(directory), -1, STR_TERMINATE);
 
   DEBUG(3,("call_trans2mkdir : name = %s\n", directory));
 
-  unix_convert(directory,cnum);
-  if (check_name(directory,cnum))
-    ret = sys_mkdir(directory,unix_mode(cnum,aDIR));
+  unix_convert(directory,conn,0,&bad_path,&sbuf);
+  if (check_name(directory,conn))
+    ret = vfs_mkdir(conn,directory,unix_mode(conn,aDIR,directory));
   
   if(ret < 0)
     {
       DEBUG(5,("call_trans2mkdir error (%s)\n", strerror(errno)));
+      if((errno == ENOENT) && bad_path)
+      {
+        unix_ERR_class = ERRDOS;
+        unix_ERR_code = ERRbadpath;
+      }
       return(UNIXERROR(ERRDOS,ERRnoaccess));
     }
 
   /* Realloc the parameter and data sizes */
-  params = *pparams = Realloc(*pparams,2);
-  if(params == NULL)
-    return(ERROR(ERRDOS,ERRnomem));
+  params = Realloc(*pparams,2);
+  if(params == NULL) {
+    return ERROR_DOS(ERRDOS,ERRnomem);
+  }
+  *pparams	= params;
 
   SSVAL(params,0,0);
 
@@ -1373,11 +2388,14 @@ static int call_trans2mkdir(char *inbuf, char *outbuf, int length, int bufsize,
 }
 
 /****************************************************************************
-  reply to a TRANS2_FINDNOTIFYFIRST (start monitoring a directory for changes)
-  We don't actually do this - we just send a null response.
+ Reply to a TRANS2_FINDNOTIFYFIRST (start monitoring a directory for changes).
+ We don't actually do this - we just send a null response.
 ****************************************************************************/
-static int call_trans2findnotifyfirst(char *inbuf, char *outbuf, int length, int bufsize,
-			int cnum, char **pparams, char **ppdata)
+
+static int call_trans2findnotifyfirst(connection_struct *conn,
+				      char *inbuf, char *outbuf, 
+				      int length, int bufsize,
+				      char **pparams, char **ppdata)
 {
   static uint16 fnf_handle = 257;
   char *params = *pparams;
@@ -1391,13 +2409,15 @@ static int call_trans2findnotifyfirst(char *inbuf, char *outbuf, int length, int
     case 2:
       break;
     default:
-      return(ERROR(ERRDOS,ERRunknownlevel));
+      return ERROR_DOS(ERRDOS,ERRunknownlevel);
     }
 
   /* Realloc the parameter and data sizes */
-  params = *pparams = Realloc(*pparams,6);
-  if(params == NULL)
-    return(ERROR(ERRDOS,ERRnomem));
+  params = Realloc(*pparams,6);
+  if(params == NULL) {
+    return ERROR_DOS(ERRDOS,ERRnomem);
+  }
+  *pparams	= params;
 
   SSVAL(params,0,fnf_handle);
   SSVAL(params,2,0); /* No changes */
@@ -1414,20 +2434,25 @@ static int call_trans2findnotifyfirst(char *inbuf, char *outbuf, int length, int
 }
 
 /****************************************************************************
-  reply to a TRANS2_FINDNOTIFYNEXT (continue monitoring a directory for 
-  changes). Currently this does nothing.
+ Reply to a TRANS2_FINDNOTIFYNEXT (continue monitoring a directory for 
+ changes). Currently this does nothing.
 ****************************************************************************/
-static int call_trans2findnotifynext(char *inbuf, char *outbuf, int length, int bufsize,
-			int cnum, char **pparams, char **ppdata)
+
+static int call_trans2findnotifynext(connection_struct *conn,
+				     char *inbuf, char *outbuf, 
+				     int length, int bufsize,
+				     char **pparams, char **ppdata)
 {
   char *params = *pparams;
 
   DEBUG(3,("call_trans2findnotifynext\n"));
 
   /* Realloc the parameter and data sizes */
-  params = *pparams = Realloc(*pparams,4);
-  if(params == NULL)
-    return(ERROR(ERRDOS,ERRnomem));
+  params = Realloc(*pparams,4);
+  if(params == NULL) {
+    return ERROR_DOS(ERRDOS,ERRnomem);
+  }
+  *pparams	= params;
 
   SSVAL(params,0,0); /* No changes */
   SSVAL(params,2,0); /* No EA errors */
@@ -1438,209 +2463,388 @@ static int call_trans2findnotifynext(char *inbuf, char *outbuf, int length, int
 }
 
 /****************************************************************************
-  reply to a SMBfindclose (stop trans2 directory search)
+ Reply to a TRANS2_GET_DFS_REFERRAL - Shirish Kalele <kalele@veritas.com>.
 ****************************************************************************/
-int reply_findclose(char *inbuf,char *outbuf,int length,int bufsize)
+
+static int call_trans2getdfsreferral(connection_struct *conn, char* inbuf,
+				     char* outbuf, int length, int bufsize,
+				     char** pparams, char** ppdata)
 {
-  int cnum;
-  int outsize = 0;
-  uint16 dptr_num=SVAL(inbuf,smb_vwv0);
+  char *params = *pparams;
+  pstring pathname;
+  int reply_size = 0;
+  int max_referral_level = SVAL(params,0);
 
-  cnum = SVAL(inbuf,smb_tid);
 
-  DEBUG(3,("reply_findclose, cnum = %d, dptr_num = %d\n", cnum, dptr_num));
+  DEBUG(10,("call_trans2getdfsreferral\n"));
 
-  dptr_close(dptr_num);
+  if(!lp_host_msdfs())
+    return ERROR_DOS(ERRDOS,ERRbadfunc);
 
-  outsize = set_message(outbuf,0,0,True);
+  srvstr_pull(inbuf, pathname, &params[2], sizeof(pathname), -1, STR_TERMINATE);
 
-  DEBUG(3,("%s SMBfindclose cnum=%d, dptr_num = %d\n",timestring(),cnum,dptr_num));
+  if((reply_size = setup_dfs_referral(pathname,max_referral_level,ppdata)) < 0)
+    return ERROR_DOS(ERRDOS,ERRbadfile);
+    
+  SSVAL(outbuf,smb_flg2,SVAL(outbuf,smb_flg2) | FLAGS2_DFS_PATHNAMES);
+  send_trans2_replies(outbuf,bufsize,0,0,*ppdata,reply_size);
 
-  return(outsize);
+  return(-1);
 }
 
+#define LMCAT_SPL       0x53
+#define LMFUNC_GETJOBID 0x60
+
 /****************************************************************************
-  reply to a SMBfindnclose (stop FINDNOTIFYFIRST directory search)
+ Reply to a TRANS2_IOCTL - used for OS/2 printing.
 ****************************************************************************/
-int reply_findnclose(char *inbuf,char *outbuf,int length,int bufsize)
+
+static int call_trans2ioctl(connection_struct *conn, char* inbuf,
+                            char* outbuf, int length, int bufsize,
+                            char** pparams, char** ppdata)
 {
-  int cnum;
-  int outsize = 0;
-  int dptr_num= -1;
+  char *pdata = *ppdata;
+  files_struct *fsp = file_fsp(inbuf,smb_vwv15);
 
-  cnum = SVAL(inbuf,smb_tid);
-  dptr_num = SVAL(inbuf,smb_vwv0);
+  if ((SVAL(inbuf,(smb_setup+4)) == LMCAT_SPL) &&
+      (SVAL(inbuf,(smb_setup+6)) == LMFUNC_GETJOBID)) {
+    pdata = Realloc(*ppdata, 32);
+    if(pdata == NULL) {
+      return ERROR_DOS(ERRDOS,ERRnomem);
+    }
+    *ppdata = pdata;
 
-  DEBUG(3,("reply_findnclose, cnum = %d, dptr_num = %d\n", cnum, dptr_num));
+	/* NOTE - THIS IS ASCII ONLY AT THE MOMENT - NOT SURE IF OS/2
+	   CAN ACCEPT THIS IN UNICODE. JRA. */
 
-  /* We never give out valid handles for a 
-     findnotifyfirst - so any dptr_num is ok here. 
-     Just ignore it. */
+    SSVAL(pdata,0,fsp->print_jobid);                     /* Job number */
+	srvstr_push( outbuf, pdata + 2, global_myname, 15, STR_ASCII|STR_TERMINATE); /* Our NetBIOS name */
+    srvstr_push( outbuf, pdata+18, lp_servicename(SNUM(conn)), 13, STR_ASCII|STR_TERMINATE); /* Service name */
+    send_trans2_replies(outbuf,bufsize,*pparams,0,*ppdata,32);
+    return(-1);
+  } else {
+    DEBUG(2,("Unknown TRANS2_IOCTL\n"));
+    return ERROR_DOS(ERRSRV,ERRerror);
+  }
+}
 
-  outsize = set_message(outbuf,0,0,True);
+/****************************************************************************
+ Reply to a SMBfindclose (stop trans2 directory search).
+****************************************************************************/
+
+int reply_findclose(connection_struct *conn,
+		    char *inbuf,char *outbuf,int length,int bufsize)
+{
+	int outsize = 0;
+	int dptr_num=SVALS(inbuf,smb_vwv0);
+	START_PROFILE(SMBfindclose);
+
+	DEBUG(3,("reply_findclose, dptr_num = %d\n", dptr_num));
+
+	dptr_close(&dptr_num);
+
+	outsize = set_message(outbuf,0,0,True);
 
-  DEBUG(3,("%s SMB_findnclose cnum=%d, dptr_num = %d\n",timestring(),cnum,dptr_num));
+	DEBUG(3,("SMBfindclose dptr_num = %d\n", dptr_num));
 
-  return(outsize);
+	END_PROFILE(SMBfindclose);
+	return(outsize);
 }
 
+/****************************************************************************
+ Reply to a SMBfindnclose (stop FINDNOTIFYFIRST directory search).
+****************************************************************************/
+
+int reply_findnclose(connection_struct *conn, 
+		     char *inbuf,char *outbuf,int length,int bufsize)
+{
+	int outsize = 0;
+	int dptr_num= -1;
+	START_PROFILE(SMBfindnclose);
+	
+	dptr_num = SVAL(inbuf,smb_vwv0);
+
+	DEBUG(3,("reply_findnclose, dptr_num = %d\n", dptr_num));
+
+	/* We never give out valid handles for a 
+	   findnotifyfirst - so any dptr_num is ok here. 
+	   Just ignore it. */
+
+	outsize = set_message(outbuf,0,0,True);
+
+	DEBUG(3,("SMB_findnclose dptr_num = %d\n", dptr_num));
+
+	END_PROFILE(SMBfindnclose);
+	return(outsize);
+}
 
 /****************************************************************************
-  reply to a SMBtranss2 - just ignore it!
+ Reply to a SMBtranss2 - just ignore it!
 ****************************************************************************/
-int reply_transs2(char *inbuf,char *outbuf,int length,int bufsize)
+
+int reply_transs2(connection_struct *conn,
+		  char *inbuf,char *outbuf,int length,int bufsize)
 {
-  DEBUG(4,("Ignoring transs2 of length %d\n",length));
-  return(-1);
+	START_PROFILE(SMBtranss2);
+	DEBUG(4,("Ignoring transs2 of length %d\n",length));
+	END_PROFILE(SMBtranss2);
+	return(-1);
 }
 
 /****************************************************************************
-  reply to a SMBtrans2
+ Reply to a SMBtrans2.
 ****************************************************************************/
-int reply_trans2(char *inbuf,char *outbuf,int length,int bufsize)
+
+int reply_trans2(connection_struct *conn,
+		 char *inbuf,char *outbuf,int length,int bufsize)
 {
-  int outsize = 0;
-  int cnum = SVAL(inbuf,smb_tid);
-  unsigned int total_params = SVAL(inbuf, smb_tpscnt);
-  unsigned int total_data =SVAL(inbuf, smb_tdscnt);
+	int outsize = 0;
+	unsigned int total_params = SVAL(inbuf, smb_tpscnt);
+	unsigned int total_data =SVAL(inbuf, smb_tdscnt);
 #if 0
-  unsigned int max_param_reply = SVAL(inbuf, smb_mprcnt);
-  unsigned int max_data_reply = SVAL(inbuf, smb_mdrcnt);
-  unsigned int max_setup_fields = SVAL(inbuf, smb_msrcnt);
-  BOOL close_tid = BITSETW(inbuf+smb_flags,0);
-  BOOL no_final_response = BITSETW(inbuf+smb_flags,1);
-  int32 timeout = IVALS(inbuf,smb_timeout);
+	unsigned int max_param_reply = SVAL(inbuf, smb_mprcnt);
+	unsigned int max_data_reply = SVAL(inbuf, smb_mdrcnt);
+	unsigned int max_setup_fields = SVAL(inbuf, smb_msrcnt);
+	BOOL close_tid = BITSETW(inbuf+smb_flags,0);
+	BOOL no_final_response = BITSETW(inbuf+smb_flags,1);
+	int32 timeout = IVALS(inbuf,smb_timeout);
 #endif
-  unsigned int suwcnt = SVAL(inbuf, smb_suwcnt);
-  unsigned int tran_call = SVAL(inbuf, smb_setup0);
-  char *params = NULL, *data = NULL;
-  int num_params, num_params_sofar, num_data, num_data_sofar;
-
-  outsize = set_message(outbuf,0,0,True);
+	unsigned int suwcnt = SVAL(inbuf, smb_suwcnt);
+	unsigned int tran_call = SVAL(inbuf, smb_setup0);
+	char *params = NULL, *data = NULL;
+	int num_params, num_params_sofar, num_data, num_data_sofar;
+	START_PROFILE(SMBtrans2);
+
+	if(global_oplock_break && (tran_call == TRANSACT2_OPEN)) {
+		/* Queue this open message as we are the process of an
+		 * oplock break.  */
+
+		DEBUG(2,("reply_trans2: queueing message trans2open due to being "));
+		DEBUGADD(2,( "in oplock break state.\n"));
+
+		push_oplock_pending_smb_message(inbuf, length);
+		END_PROFILE(SMBtrans2);
+		return -1;
+	}
+	
+	if (IS_IPC(conn) && (tran_call != TRANSACT2_OPEN)
+            && (tran_call != TRANSACT2_GET_DFS_REFERRAL)) {
+		END_PROFILE(SMBtrans2);
+		return ERROR_DOS(ERRSRV,ERRaccess);
+	}
 
-  /* All trans2 messages we handle have smb_sucnt == 1 - ensure this
-     is so as a sanity check */
-  if(suwcnt != 1 )
-    {
-      DEBUG(2,("Invalid smb_sucnt in trans2 call\n"));
-      return(ERROR(ERRSRV,ERRerror));
-    }
+	outsize = set_message(outbuf,0,0,True);
+
+	/* All trans2 messages we handle have smb_sucnt == 1 - ensure this
+	   is so as a sanity check */
+	if (suwcnt != 1) {
+		/*
+		 * Need to have rc=0 for ioctl to get job id for OS/2.
+		 *  Network printing will fail if function is not successful.
+		 *  Similar function in reply.c will be used if protocol
+		 *  is LANMAN1.0 instead of LM1.2X002.
+		 *  Until DosPrintSetJobInfo with PRJINFO3 is supported,
+		 *  outbuf doesn't have to be set(only job id is used).
+		 */
+		if ( (suwcnt == 4) && (tran_call == TRANSACT2_IOCTL) &&
+				(SVAL(inbuf,(smb_setup+4)) == LMCAT_SPL) &&
+				(SVAL(inbuf,(smb_setup+6)) == LMFUNC_GETJOBID)) {
+			DEBUG(2,("Got Trans2 DevIOctl jobid\n"));
+		} else {
+			DEBUG(2,("Invalid smb_sucnt in trans2 call(%d)\n",suwcnt));
+			DEBUG(2,("Transaction is %d\n",tran_call));
+			END_PROFILE(SMBtrans2);
+			return ERROR_DOS(ERRSRV,ERRerror);
+		}
+	}
     
-  /* Allocate the space for the maximum needed parameters and data */
-  if (total_params > 0)
-    params = (char *)malloc(total_params);
-  if (total_data > 0)
-    data = (char *)malloc(total_data);
+	/* Allocate the space for the maximum needed parameters and data */
+	if (total_params > 0)
+		params = (char *)malloc(total_params);
+	if (total_data > 0)
+		data = (char *)malloc(total_data);
   
-  if ((total_params && !params)  || (total_data && !data))
-    {
-      DEBUG(2,("Out of memory in reply_trans2\n"));
-      return(ERROR(ERRDOS,ERRnomem));
-    }
-
-  /* Copy the param and data bytes sent with this request into
-     the params buffer */
-  num_params = num_params_sofar = SVAL(inbuf,smb_pscnt);
-  num_data = num_data_sofar = SVAL(inbuf, smb_dscnt);
-
-  memcpy( params, smb_base(inbuf) + SVAL(inbuf, smb_psoff), num_params);
-  memcpy( data, smb_base(inbuf) + SVAL(inbuf, smb_dsoff), num_data);
+	if ((total_params && !params)  || (total_data && !data)) {
+		DEBUG(2,("Out of memory in reply_trans2\n"));
+		SAFE_FREE(params);
+		SAFE_FREE(data); 
+		END_PROFILE(SMBtrans2);
+		return ERROR_DOS(ERRDOS,ERRnomem);
+	}
 
-  if(num_data_sofar < total_data || num_params_sofar < total_params)
-    {
-    /* We need to send an interim response then receive the rest
-       of the parameter/data bytes */
-      outsize = set_message(outbuf,0,0,True);
-      send_smb(Client,outbuf);
-
-      while( num_data_sofar < total_data || num_params_sofar < total_params)
-	{
-	  receive_smb(Client,inbuf, 0);
-	  
-	  /* Ensure this is still a trans2 packet (sanity check) */
-	  if(CVAL(inbuf, smb_com) != SMBtranss2)
-	    {
-	      outsize = set_message(outbuf,0,0,True);
-	      DEBUG(2,("Invalid secondary trans2 packet\n"));
-	      free(params);
-	      free(data);
-	      return(ERROR(ERRSRV,ERRerror));
-	    }
+	/* Copy the param and data bytes sent with this request into
+	   the params buffer */
+	num_params = num_params_sofar = SVAL(inbuf,smb_pscnt);
+	num_data = num_data_sofar = SVAL(inbuf, smb_dscnt);
+
+	if (num_params > total_params || num_data > total_data)
+		exit_server("invalid params in reply_trans2");
+
+	if(params)
+		memcpy( params, smb_base(inbuf) + SVAL(inbuf, smb_psoff), num_params);
+	if(data)
+		memcpy( data, smb_base(inbuf) + SVAL(inbuf, smb_dsoff), num_data);
+
+	if(num_data_sofar < total_data || num_params_sofar < total_params)  {
+		/* We need to send an interim response then receive the rest
+		   of the parameter/data bytes */
+		outsize = set_message(outbuf,0,0,True);
+		if (!send_smb(smbd_server_fd(),outbuf))
+			exit_server("reply_trans2: send_smb failed.");
+
+		while (num_data_sofar < total_data || 
+		       num_params_sofar < total_params) {
+			BOOL ret;
+
+			ret = receive_next_smb(inbuf,bufsize,SMB_SECONDARY_WAIT);
+			
+			if ((ret && 
+			     (CVAL(inbuf, smb_com) != SMBtranss2)) || !ret) {
+				outsize = set_message(outbuf,0,0,True);
+				if(ret)
+					DEBUG(0,("reply_trans2: Invalid secondary trans2 packet\n"));
+				else
+					DEBUG(0,("reply_trans2: %s in getting secondary trans2 response.\n",
+						 (smb_read_error == READ_ERROR) ? "error" : "timeout" ));
+				SAFE_FREE(params);
+				SAFE_FREE(data);
+				END_PROFILE(SMBtrans2);
+				return ERROR_DOS(ERRSRV,ERRerror);
+			}
       
-	  /* Revise total_params and total_data in case they have changed downwards */
-	  total_params = SVAL(inbuf, smb_tpscnt);
-	  total_data = SVAL(inbuf, smb_tdscnt);
-	  num_params_sofar += (num_params = SVAL(inbuf,smb_spscnt));
-	  num_data_sofar += ( num_data = SVAL(inbuf, smb_sdscnt));
-	  memcpy( &params[ SVAL(inbuf, smb_spsdisp)], 
-		 smb_base(inbuf) + SVAL(inbuf, smb_spsoff), num_params);
-	  memcpy( &data[SVAL(inbuf, smb_sdsdisp)],
-		 smb_base(inbuf)+ SVAL(inbuf, smb_sdsoff), num_data);
+			/* Revise total_params and total_data in case
+                           they have changed downwards */
+			total_params = SVAL(inbuf, smb_tpscnt);
+			total_data = SVAL(inbuf, smb_tdscnt);
+			num_params_sofar += (num_params = SVAL(inbuf,smb_spscnt));
+			num_data_sofar += ( num_data = SVAL(inbuf, smb_sdscnt));
+			if (num_params_sofar > total_params || num_data_sofar > total_data)
+				exit_server("data overflow in trans2");
+			
+			memcpy( &params[ SVAL(inbuf, smb_spsdisp)], 
+				smb_base(inbuf) + SVAL(inbuf, smb_spsoff), num_params);
+			memcpy( &data[SVAL(inbuf, smb_sdsdisp)],
+				smb_base(inbuf)+ SVAL(inbuf, smb_sdsoff), num_data);
+		}
+	}
+	
+	if (Protocol >= PROTOCOL_NT1) {
+		SSVAL(outbuf,smb_flg2,SVAL(outbuf,smb_flg2) | 0x40); /* IS_LONG_NAME */
 	}
-    }
-
-  if (Protocol >= PROTOCOL_NT1) {
-    uint16 flg2 = SVAL(outbuf,smb_flg2);
-    SSVAL(outbuf,smb_flg2,flg2 | 0x40); /* IS_LONG_NAME */
-  }
-
-  /* Now we must call the relevant TRANS2 function */
-  switch(tran_call) 
-    {
-    case TRANSACT2_OPEN:
-      outsize = call_trans2open(inbuf, outbuf, bufsize, cnum, &params, &data);
-      break;
-    case TRANSACT2_FINDFIRST:
-      outsize = call_trans2findfirst(inbuf, outbuf, bufsize, cnum, &params, &data);
-      break;
-    case TRANSACT2_FINDNEXT:
-      outsize = call_trans2findnext(inbuf, outbuf, length, bufsize, cnum, &params, &data);
-      break;
-    case TRANSACT2_QFSINFO:
-      outsize = call_trans2qfsinfo(inbuf, outbuf, length, bufsize, cnum, &params, &data);
-      break;
-    case TRANSACT2_SETFSINFO:
-      outsize = call_trans2setfsinfo(inbuf, outbuf, length, bufsize, cnum, &params, &data);
-      break;
-    case TRANSACT2_QPATHINFO:
-    case TRANSACT2_QFILEINFO:
-      outsize = call_trans2qfilepathinfo(inbuf, outbuf, length, bufsize, cnum, &params, &data, total_data);
-      break;
-    case TRANSACT2_SETPATHINFO:
-    case TRANSACT2_SETFILEINFO:
-      outsize = call_trans2setfilepathinfo(inbuf, outbuf, length, bufsize, cnum, &params, &data, total_data);
-      break;
-    case TRANSACT2_FINDNOTIFYFIRST:
-      outsize = call_trans2findnotifyfirst(inbuf, outbuf, length, bufsize, cnum, &params, &data);
-      break;
-    case TRANSACT2_FINDNOTIFYNEXT:
-      outsize = call_trans2findnotifynext(inbuf, outbuf, length, bufsize, cnum, &params, &data);
-      break;
-    case TRANSACT2_MKDIR:
-      outsize = call_trans2mkdir(inbuf, outbuf, length, bufsize, cnum, &params, &data);
-      break;
-    default:
-      /* Error in request */
-      DEBUG(2,("%s Unknown request %d in trans2 call\n",timestring(), tran_call));
-      if(params)
-	free(params);
-      if(data)
-	free(data);
-      return (ERROR(ERRSRV,ERRerror));
-    }
 
-  /* As we do not know how many data packets will need to be
-     returned here the various call_trans2xxxx calls
-     must send their own. Thus a call_trans2xxx routine only
-     returns a value other than -1 when it wants to send
-     an error packet. 
-  */
-
-  if(params)
-    free(params);
-  if(data)
-    free(data);
-  return outsize; /* If a correct response was needed the call_trans2xxx 
-		     calls have already sent it. If outsize != -1 then it is
-		     returning an error packet. */
+	/* Now we must call the relevant TRANS2 function */
+	switch(tran_call)  {
+	case TRANSACT2_OPEN:
+		START_PROFILE_NESTED(Trans2_open);
+		outsize = call_trans2open(conn, 
+					  inbuf, outbuf, bufsize, 
+					  &params, &data);
+		END_PROFILE_NESTED(Trans2_open);
+		break;
+
+	case TRANSACT2_FINDFIRST:
+		START_PROFILE_NESTED(Trans2_findfirst);
+		outsize = call_trans2findfirst(conn, inbuf, outbuf, 
+					       bufsize, &params, &data);
+		END_PROFILE_NESTED(Trans2_findfirst);
+		break;
+
+	case TRANSACT2_FINDNEXT:
+		START_PROFILE_NESTED(Trans2_findnext);
+		outsize = call_trans2findnext(conn, inbuf, outbuf, 
+					      length, bufsize, 
+					      &params, &data);
+		END_PROFILE_NESTED(Trans2_findnext);
+		break;
+
+	case TRANSACT2_QFSINFO:
+		START_PROFILE_NESTED(Trans2_qfsinfo);
+	    outsize = call_trans2qfsinfo(conn, inbuf, outbuf, 
+					 length, bufsize, &params, 
+					 &data);
+		END_PROFILE_NESTED(Trans2_qfsinfo);
+	    break;
+
+	case TRANSACT2_SETFSINFO:
+		START_PROFILE_NESTED(Trans2_setfsinfo);
+		outsize = call_trans2setfsinfo(conn, inbuf, outbuf, 
+					       length, bufsize, 
+					       &params, &data);
+		END_PROFILE_NESTED(Trans2_setfsinfo);
+		break;
+
+	case TRANSACT2_QPATHINFO:
+	case TRANSACT2_QFILEINFO:
+		START_PROFILE_NESTED(Trans2_qpathinfo);
+		outsize = call_trans2qfilepathinfo(conn, inbuf, outbuf, 
+						   length, bufsize, 
+						   &params, &data, total_data);
+		END_PROFILE_NESTED(Trans2_qpathinfo);
+		break;
+	case TRANSACT2_SETPATHINFO:
+	case TRANSACT2_SETFILEINFO:
+		START_PROFILE_NESTED(Trans2_setpathinfo);
+		outsize = call_trans2setfilepathinfo(conn, inbuf, outbuf, 
+						     length, bufsize, 
+						     &params, &data, 
+						     total_data);
+		END_PROFILE_NESTED(Trans2_setpathinfo);
+		break;
+
+	case TRANSACT2_FINDNOTIFYFIRST:
+		START_PROFILE_NESTED(Trans2_findnotifyfirst);
+		outsize = call_trans2findnotifyfirst(conn, inbuf, outbuf, 
+						     length, bufsize, 
+						     &params, &data);
+		END_PROFILE_NESTED(Trans2_findnotifyfirst);
+		break;
+
+	case TRANSACT2_FINDNOTIFYNEXT:
+		START_PROFILE_NESTED(Trans2_findnotifynext);
+		outsize = call_trans2findnotifynext(conn, inbuf, outbuf, 
+						    length, bufsize, 
+						    &params, &data);
+		END_PROFILE_NESTED(Trans2_findnotifynext);
+		break;
+	case TRANSACT2_MKDIR:
+		START_PROFILE_NESTED(Trans2_mkdir);
+		outsize = call_trans2mkdir(conn, inbuf, outbuf, length, 
+					   bufsize, &params, &data);
+		END_PROFILE_NESTED(Trans2_mkdir);
+		break;
+
+	case TRANSACT2_GET_DFS_REFERRAL:
+		START_PROFILE_NESTED(Trans2_get_dfs_referral);
+        outsize = call_trans2getdfsreferral(conn,inbuf,outbuf,length,
+					    bufsize, &params, &data);
+		END_PROFILE_NESTED(Trans2_get_dfs_referral);
+		break;
+	case TRANSACT2_IOCTL:
+		START_PROFILE_NESTED(Trans2_ioctl);
+		outsize = call_trans2ioctl(conn,inbuf,outbuf,length,
+						bufsize,&params,&data);
+		END_PROFILE_NESTED(Trans2_ioctl);
+		break;
+	default:
+		/* Error in request */
+		DEBUG(2,("Unknown request %d in trans2 call\n", tran_call));
+		SAFE_FREE(params);
+		SAFE_FREE(data);
+		END_PROFILE(SMBtrans2);
+		return ERROR_DOS(ERRSRV,ERRerror);
+	}
+	
+	/* As we do not know how many data packets will need to be
+	   returned here the various call_trans2xxxx calls
+	   must send their own. Thus a call_trans2xxx routine only
+	   returns a value other than -1 when it wants to send
+	   an error packet. 
+	*/
+	
+	SAFE_FREE(params);
+	SAFE_FREE(data);
+	END_PROFILE(SMBtrans2);
+	return outsize; /* If a correct response was needed the
+			   call_trans2xxx calls have already sent
+			   it. If outsize != -1 then it is returning */
 }
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
new file mode 100644
index 0000000000..864d3d6c66
--- /dev/null
+++ b/source3/smbd/uid.c
@@ -0,0 +1,709 @@
+/* 
+   Unix SMB/CIFS implementation.
+   uid/user handling
+   Copyright (C) Andrew Tridgell 1992-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/* what user is current? */
+extern struct current_user current_user;
+
+/****************************************************************************
+ Become the guest user without changing the security context stack.
+****************************************************************************/
+
+BOOL change_to_guest(void)
+{
+	static struct passwd *pass=NULL;
+
+	if (!pass) {
+		/* Don't need to free() this as its stored in a static */
+		pass = getpwnam_alloc(lp_guestaccount());
+		if (!pass)
+			return(False);
+	}
+	
+#ifdef AIX
+	/* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before 
+	   setting IDs */
+	initgroups(pass->pw_name, pass->pw_gid);
+#endif
+	
+	set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
+	
+	current_user.conn = NULL;
+	current_user.vuid = UID_FIELD_INVALID;
+	
+	return True;
+}
+
+/*******************************************************************
+ Check if a username is OK.
+********************************************************************/
+
+static BOOL check_user_ok(connection_struct *conn, user_struct *vuser,int snum)
+{
+	int i;
+	for (i=0;i<conn->uid_cache.entries;i++)
+		if (conn->uid_cache.list[i] == vuser->uid)
+			return(True);
+
+	if (!user_ok(vuser->user.unix_name,snum))
+		return(False);
+
+	i = conn->uid_cache.entries % UID_CACHE_SIZE;
+	conn->uid_cache.list[i] = vuser->uid;
+
+	if (conn->uid_cache.entries < UID_CACHE_SIZE)
+		conn->uid_cache.entries++;
+
+	return(True);
+}
+
+/****************************************************************************
+ Become the user of a connection number without changing the security context
+ stack, but modify the currnet_user entries.
+****************************************************************************/
+
+BOOL change_to_user(connection_struct *conn, uint16 vuid)
+{
+	user_struct *vuser = get_valid_user_struct(vuid);
+	int snum;
+	gid_t gid;
+	uid_t uid;
+	char group_c;
+	BOOL must_free_token = False;
+	NT_USER_TOKEN *token = NULL;
+
+	if (!conn) {
+		DEBUG(2,("change_to_user: Connection not open\n"));
+		return(False);
+	}
+
+	/*
+	 * We need a separate check in security=share mode due to vuid
+	 * always being UID_FIELD_INVALID. If we don't do this then
+	 * in share mode security we are *always* changing uid's between
+	 * SMB's - this hurts performance - Badly.
+	 */
+
+	if((lp_security() == SEC_SHARE) && (current_user.conn == conn) &&
+	   (current_user.uid == conn->uid)) {
+		DEBUG(4,("change_to_user: Skipping user change - already user\n"));
+		return(True);
+	} else if ((current_user.conn == conn) && 
+		   (vuser != 0) && (current_user.vuid == vuid) && 
+		   (current_user.uid == vuser->uid)) {
+		DEBUG(4,("change_to_user: Skipping user change - already user\n"));
+		return(True);
+	}
+
+	snum = SNUM(conn);
+
+	if((vuser != NULL) && !check_user_ok(conn, vuser, snum))
+		return False;
+
+	if (conn->force_user || 
+		conn->admin_user ||
+	    (lp_security() == SEC_SHARE)) {
+		uid = conn->uid;
+		gid = conn->gid;
+		current_user.groups = conn->groups;
+		current_user.ngroups = conn->ngroups;
+		token = conn->nt_user_token;
+	} else {
+		if (!vuser) {
+			DEBUG(2,("change_to_user: Invalid vuid used %d\n",vuid));
+			return(False);
+		}
+		uid = vuser->uid;
+		gid = vuser->gid;
+		current_user.ngroups = vuser->n_groups;
+		current_user.groups  = vuser->groups;
+		token = vuser->nt_user_token;
+	}
+
+	/*
+	 * See if we should force group for this service.
+	 * If so this overrides any group set in the force
+	 * user code.
+	 */
+
+	if((group_c = *lp_force_group(snum))) {
+		BOOL is_guest = False;
+
+		if(group_c == '+') {
+
+			/*
+			 * Only force group if the user is a member of
+			 * the service group. Check the group memberships for
+			 * this user (we already have this) to
+			 * see if we should force the group.
+			 */
+
+			int i;
+			for (i = 0; i < current_user.ngroups; i++) {
+				if (current_user.groups[i] == conn->gid) {
+					gid = conn->gid;
+					break;
+				}
+			}
+		} else {
+			gid = conn->gid;
+		}
+
+		/*
+		 * We've changed the group list in the token - we must
+		 * re-create it.
+		 */
+
+		if (vuser && vuser->guest)
+			is_guest = True;
+
+		token = create_nt_token(uid, gid, current_user.ngroups, current_user.groups, is_guest, NULL);
+		must_free_token = True;
+	}
+	
+	set_sec_ctx(uid, gid, current_user.ngroups, current_user.groups, token);
+
+	/*
+	 * Free the new token (as set_sec_ctx copies it).
+	 */
+
+	if (must_free_token)
+		delete_nt_token(&token);
+
+	current_user.conn = conn;
+	current_user.vuid = vuid;
+
+	DEBUG(5,("change_to_user uid=(%d,%d) gid=(%d,%d)\n",
+		 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
+  
+	return(True);
+}
+
+/****************************************************************************
+ Go back to being root without changing the security context stack,
+ but modify the current_user entries.
+****************************************************************************/
+
+BOOL change_to_root_user(void)
+{
+	set_root_sec_ctx();
+
+	DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
+		(int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
+
+	current_user.conn = NULL;
+	current_user.vuid = UID_FIELD_INVALID;
+
+	return(True);
+}
+
+/****************************************************************************
+ Become the user of an authenticated connected named pipe.
+ When this is called we are currently running as the connection
+ user. Doesn't modify current_user.
+****************************************************************************/
+
+BOOL become_authenticated_pipe_user(pipes_struct *p)
+{
+	if (!push_sec_ctx())
+		return False;
+
+	set_sec_ctx(p->pipe_user.uid, p->pipe_user.gid, 
+		    p->pipe_user.ngroups, p->pipe_user.groups, p->pipe_user.nt_user_token);
+
+	return True;
+}
+
+/****************************************************************************
+ Unbecome the user of an authenticated connected named pipe.
+ When this is called we are running as the authenticated pipe
+ user and need to go back to being the connection user. Doesn't modify
+ current_user.
+****************************************************************************/
+
+BOOL unbecome_authenticated_pipe_user(void)
+{
+	return pop_sec_ctx();
+}
+
+/****************************************************************************
+ Utility functions used by become_xxx/unbecome_xxx.
+****************************************************************************/
+
+struct conn_ctx {
+	connection_struct *conn;
+	uint16 vuid;
+};
+ 
+/* A stack of current_user connection contexts. */
+ 
+static struct conn_ctx conn_ctx_stack[MAX_SEC_CTX_DEPTH];
+static int conn_ctx_stack_ndx;
+
+static void push_conn_ctx(void)
+{
+	struct conn_ctx *ctx_p;
+ 
+	/* Check we don't overflow our stack */
+ 
+	if (conn_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
+		DEBUG(0, ("Connection context stack overflow!\n"));
+		smb_panic("Connection context stack overflow!\n");
+	}
+ 
+	/* Store previous user context */
+	ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
+ 
+	ctx_p->conn = current_user.conn;
+	ctx_p->vuid = current_user.vuid;
+ 
+	DEBUG(3, ("push_conn_ctx(%u) : conn_ctx_stack_ndx = %d\n",
+		(unsigned int)ctx_p->vuid, conn_ctx_stack_ndx ));
+
+	conn_ctx_stack_ndx++;
+}
+
+static void pop_conn_ctx(void)
+{
+	struct conn_ctx *ctx_p;
+ 
+	/* Check for stack underflow. */
+
+	if (conn_ctx_stack_ndx == 0) {
+		DEBUG(0, ("Connection context stack underflow!\n"));
+		smb_panic("Connection context stack underflow!\n");
+	}
+
+	conn_ctx_stack_ndx--;
+	ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
+
+	current_user.conn = ctx_p->conn;
+	current_user.vuid = ctx_p->vuid;
+
+	ctx_p->conn = NULL;
+	ctx_p->vuid = UID_FIELD_INVALID;
+}
+
+void init_conn_ctx(void)
+{
+    int i;
+ 
+    /* Initialise connection context stack */
+	for (i = 0; i < MAX_SEC_CTX_DEPTH; i++) {
+		conn_ctx_stack[i].conn = NULL;
+		conn_ctx_stack[i].vuid = UID_FIELD_INVALID;
+    }
+}
+
+/****************************************************************************
+ Temporarily become a root user.  Must match with unbecome_root(). Saves and
+ restores the connection context.
+****************************************************************************/
+
+void become_root(void)
+{
+	push_sec_ctx();
+	push_conn_ctx();
+	set_root_sec_ctx();
+}
+
+/* Unbecome the root user */
+
+void unbecome_root(void)
+{
+	pop_sec_ctx();
+	pop_conn_ctx();
+}
+
+/****************************************************************************
+ Push the current security context then force a change via change_to_user().
+ Saves and restores the connection context.
+****************************************************************************/
+
+BOOL become_user(connection_struct *conn, uint16 vuid)
+{
+	if (!push_sec_ctx())
+		return False;
+
+	push_conn_ctx();
+
+	if (!change_to_user(conn, vuid)) {
+		pop_sec_ctx();
+		pop_conn_ctx();
+		return False;
+	}
+
+	return True;
+}
+
+BOOL unbecome_user(void)
+{
+	pop_sec_ctx();
+	pop_conn_ctx();
+	return True;
+}
+
+/*****************************************************************
+ Convert the suplimentary SIDs returned in a netlogon into UNIX
+ group gid_t's. Add to the total group array.
+*****************************************************************/
+ 
+void add_supplementary_nt_login_groups(int *n_groups, gid_t **pp_groups, NT_USER_TOKEN **pptok)
+{
+	int total_groups;
+	int current_n_groups = *n_groups;
+	gid_t *final_groups = NULL;
+	size_t i;
+	NT_USER_TOKEN *ptok = *pptok;
+	NT_USER_TOKEN *new_tok = NULL;
+ 
+	if (!ptok || (ptok->num_sids == 0))
+		return;
+
+	new_tok = dup_nt_token(ptok);
+	if (!new_tok) {
+		DEBUG(0,("add_supplementary_nt_login_groups: Failed to malloc new token\n"));
+		return;
+	}
+	/* Leave the allocated space but empty the number of SIDs. */
+	new_tok->num_sids = 0;
+
+	total_groups = current_n_groups + ptok->num_sids;
+ 
+	final_groups = (gid_t *)malloc(total_groups * sizeof(gid_t));
+	if (!final_groups) {
+		DEBUG(0,("add_supplementary_nt_login_groups: Failed to malloc new groups.\n"));
+		delete_nt_token(&new_tok);
+		return;
+	}
+ 
+	memcpy(final_groups, *pp_groups, current_n_groups * sizeof(gid_t));
+	for (i = 0; i < ptok->num_sids; i++) {
+		enum SID_NAME_USE sid_type;
+		gid_t new_grp;
+ 
+		if (sid_to_gid(&ptok->user_sids[i], &new_grp, &sid_type)) {
+			/*
+			 * Don't add the gid_t if it is already in the current group
+			 * list. Some UNIXen don't like the same group more than once.
+			 */
+			int j;
+
+			for (j = 0; j < current_n_groups; j++)
+				if (final_groups[j] == new_grp)
+					break;
+		
+			if ( j == current_n_groups) {
+				/* Group not already present. */
+				final_groups[current_n_groups++] = new_grp;
+			}
+		} else {
+			/* SID didn't map. Copy to the new token to be saved. */
+			sid_copy(&new_tok->user_sids[new_tok->num_sids++], &ptok->user_sids[i]);
+		}
+	}
+ 
+	SAFE_FREE(*pp_groups);
+	*pp_groups = final_groups;
+	*n_groups = current_n_groups;
+
+	/* Replace the old token with the truncated one. */
+	delete_nt_token(&ptok);
+	*pptok = new_tok;
+}
+
+/*****************************************************************
+ *THE CANONICAL* convert name to SID function.
+ Tries local lookup first - for local domains - then uses winbind.
+*****************************************************************/  
+
+BOOL lookup_name(const char *domain, const char *name, DOM_SID *psid, enum SID_NAME_USE *name_type)
+{
+	extern pstring global_myname;
+	extern fstring global_myworkgroup;
+	fstring sid;
+	BOOL ret = False;
+	
+	*name_type = SID_NAME_UNKNOWN;
+
+	/* If we are looking up a domain user, make sure it is
+	   for the local machine only */
+	
+	switch (lp_server_role()) {
+	case ROLE_DOMAIN_PDC:
+	case ROLE_DOMAIN_BDC:
+		if (strequal(domain, global_myworkgroup)) {
+			ret = local_lookup_name(name, psid, name_type);
+		}
+		/* No break is deliberate here. JRA. */
+	default:
+		if (ret) {
+		} else if (strequal(global_myname, domain)) {
+			ret = local_lookup_name(name, psid, name_type);
+		} else {
+			DEBUG(5, ("lookup_name: domain %s is not local\n", domain));
+		}
+	}
+	
+	if (ret) {
+		DEBUG(10,
+		      ("lookup_name: (local) [%s]\\[%s] -> SID %s (type %u)\n",
+		       domain, name, sid_to_string(sid,psid),
+		       (unsigned int)*name_type ));
+		return True;
+	} else if (winbind_lookup_name(domain, name, psid, name_type) || (*name_type != SID_NAME_USER) ) {
+		
+		DEBUG(10,("lookup_name (winbindd): [%s]\\[%s] -> SID %s (type %u)\n",
+			  domain, name, sid_to_string(sid, psid), 
+			  (unsigned int)*name_type));
+		return True;
+	}
+
+	DEBUG(10, ("lookup_name: winbind and local lookups for [%s]\\[%s] failed\n", domain, name));
+
+	return False;
+}
+
+/*****************************************************************
+ *THE CANONICAL* convert SID to name function.
+ Tries local lookup first - for local sids, then tries winbind.
+*****************************************************************/  
+
+BOOL lookup_sid(DOM_SID *sid, fstring dom_name, fstring name, enum SID_NAME_USE *name_type)
+{
+	if (!name_type)
+		return False;
+
+	*name_type = SID_NAME_UNKNOWN;
+
+	/* Check if this is our own sid.  This should perhaps be done by
+	   winbind?  For the moment handle it here. */
+
+	if (sid->num_auths == 5) {
+		DOM_SID tmp_sid;
+		uint32 rid;
+
+		sid_copy(&tmp_sid, sid);
+		sid_split_rid(&tmp_sid, &rid);
+
+		if (sid_equal(&global_sam_sid, &tmp_sid)) {
+
+			return map_domain_sid_to_name(&tmp_sid, dom_name) &&
+				local_lookup_sid(sid, name, name_type);
+		}
+	}
+
+	if (!winbind_lookup_sid(sid, dom_name, name, name_type)) {
+		fstring sid_str;
+		DOM_SID tmp_sid;
+		uint32 rid;
+
+		DEBUG(10,("lookup_sid: winbind lookup for SID %s failed - trying local.\n", sid_to_string(sid_str, sid) ));
+
+		sid_copy(&tmp_sid, sid);
+		sid_split_rid(&tmp_sid, &rid);
+		return map_domain_sid_to_name(&tmp_sid, dom_name) &&
+				lookup_known_rid(&tmp_sid, rid, name, name_type);
+	}
+	return True;
+}
+
+/*****************************************************************
+ *THE CANONICAL* convert uid_t to SID function.
+ Tries winbind first - then uses local lookup.
+ Returns SID pointer.
+*****************************************************************/  
+
+DOM_SID *uid_to_sid(DOM_SID *psid, uid_t uid)
+{
+	uid_t low, high;
+	fstring sid;
+
+	if (lp_winbind_uid(&low, &high) && uid >= low && uid <= high) {
+		if (winbind_uid_to_sid(psid, uid)) {
+
+			DEBUG(10,("uid_to_sid: winbindd %u -> %s\n",
+				(unsigned int)uid, sid_to_string(sid, psid)));
+
+			return psid;
+		}
+	}
+
+	local_uid_to_sid(psid, uid);
+        
+	DEBUG(10,("uid_to_sid: local %u -> %s\n", (unsigned int)uid, sid_to_string(sid, psid)));
+
+	return psid;
+}
+
+/*****************************************************************
+ *THE CANONICAL* convert gid_t to SID function.
+ Tries winbind first - then uses local lookup.
+ Returns SID pointer.
+*****************************************************************/  
+
+DOM_SID *gid_to_sid(DOM_SID *psid, gid_t gid)
+{
+	gid_t low, high;
+	fstring sid;
+
+	if (lp_winbind_gid(&low, &high) && gid >= low && gid <= high) {
+		if (winbind_gid_to_sid(psid, gid)) {
+
+			DEBUG(10,("gid_to_sid: winbindd %u -> %s\n",
+				(unsigned int)gid, sid_to_string(sid, psid)));
+                        
+			return psid;
+		}
+	}
+
+	local_gid_to_sid(psid, gid);
+        
+	DEBUG(10,("gid_to_sid: local %u -> %s\n", (unsigned int)gid, sid_to_string(sid, psid)));
+
+	return psid;
+}
+
+/*****************************************************************
+ *THE CANONICAL* convert SID to uid function.
+ Tries winbind first - then uses local lookup.
+ Returns True if this name is a user sid and the conversion
+ was done correctly, False if not. sidtype is set by this function.
+*****************************************************************/  
+
+BOOL sid_to_uid(DOM_SID *psid, uid_t *puid, enum SID_NAME_USE *sidtype)
+{
+	fstring sid_str;
+
+	/* if we know its local then don't try winbindd */
+	if (sid_compare_domain(&global_sam_sid, psid) == 0) {
+		return local_sid_to_uid(puid, psid, sidtype);
+	}
+
+/* (tridge) I commented out the slab of code below in order to support foreign SIDs
+   Do we really need to validate the type of SID we have in this case? 
+*/
+#if 0
+	fstring dom_name, name;
+	enum SID_NAME_USE name_type;
+
+	*sidtype = SID_NAME_UNKNOWN;
+	/*
+	 * First we must look up the name and decide if this is a user sid.
+	 */
+
+	if ( (!winbind_lookup_sid(psid, dom_name, name, &name_type)) || (name_type != SID_NAME_USER) ) {
+		DEBUG(10,("sid_to_uid: winbind lookup for sid %s failed - trying local.\n",
+				sid_to_string(sid_str, psid) ));
+
+		return local_sid_to_uid(puid, psid, sidtype);
+	}
+
+	/*
+	 * Ensure this is a user sid.
+	 */
+
+	if (name_type != SID_NAME_USER) {
+		DEBUG(10,("sid_to_uid: winbind lookup succeeded but SID is not a uid (%u)\n",
+				(unsigned int)name_type ));
+		return False;
+	}
+#endif
+	*sidtype = SID_NAME_USER;
+
+	/*
+	 * Get the uid for this SID.
+	 */
+
+	if (!winbind_sid_to_uid(puid, psid)) {
+		DEBUG(10,("sid_to_uid: winbind lookup for sid %s failed.\n",
+				sid_to_string(sid_str, psid) ));
+		return local_sid_to_uid(puid, psid, sidtype);
+	}
+
+	DEBUG(10,("sid_to_uid: winbindd %s -> %u\n",
+		sid_to_string(sid_str, psid),
+		(unsigned int)*puid ));
+
+	return True;
+}
+
+/*****************************************************************
+ *THE CANONICAL* convert SID to gid function.
+ Tries winbind first - then uses local lookup.
+ Returns True if this name is a user sid and the conversion
+ was done correctly, False if not.
+*****************************************************************/  
+
+BOOL sid_to_gid(DOM_SID *psid, gid_t *pgid, enum SID_NAME_USE *sidtype)
+{
+	fstring dom_name, name, sid_str;
+	enum SID_NAME_USE name_type;
+
+	*sidtype = SID_NAME_UNKNOWN;
+
+	/*
+	 * First we must look up the name and decide if this is a group sid.
+	 */
+
+	if (!winbind_lookup_sid(psid, dom_name, name, &name_type)) {
+		DEBUG(10,("sid_to_gid: winbind lookup for sid %s failed - trying local.\n",
+				sid_to_string(sid_str, psid) ));
+
+		if (!local_sid_to_gid(pgid, psid, sidtype)) {
+			/* this was probably a foreign sid - assume its a group rid 
+			   and continue */
+			name_type = SID_NAME_DOM_GRP;
+		} else {
+			return True;
+		}
+	}
+
+	/*
+	 * Ensure this is a group sid.
+	 */
+
+	if ((name_type != SID_NAME_DOM_GRP) && (name_type != SID_NAME_ALIAS) && (name_type != SID_NAME_WKN_GRP)) {
+		DEBUG(10,("sid_to_gid: winbind lookup succeeded but SID is not a known group (%u)\n",
+				(unsigned int)name_type ));
+
+		return local_sid_to_gid(pgid, psid, sidtype);
+	}
+
+	*sidtype = name_type;
+
+	/*
+	 * Get the gid for this SID.
+	 */
+
+	if (!winbind_sid_to_gid(pgid, psid)) {
+		DEBUG(10,("sid_to_gid: winbind lookup for sid %s failed.\n",
+				sid_to_string(sid_str, psid) ));
+		return False;
+	}
+
+	DEBUG(10,("sid_to_gid: winbindd %s -> %u\n",
+		sid_to_string(sid_str, psid),
+		(unsigned int)*pgid ));
+
+	return True;
+}
+
diff --git a/source3/smbd/utmp.c b/source3/smbd/utmp.c
new file mode 100644
index 0000000000..6b7b0f3ad1
--- /dev/null
+++ b/source3/smbd/utmp.c
@@ -0,0 +1,606 @@
+/* 
+   Unix SMB/CIFS implementation.
+   utmp routines
+   Copyright (C) T.D.Lee@durham.ac.uk 1999
+   Heavily modified by Andrew Bartlett and Tridge, April 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+#ifdef WITH_UTMP
+
+/****************************************************************************
+Reflect connection status in utmp/wtmp files.
+	T.D.Lee@durham.ac.uk  September 1999
+
+	With grateful thanks since then to many who have helped port it to
+	different operating systems.  The variety of OS quirks thereby
+	uncovered is amazing...
+
+Hints for porting:
+	o  Always attempt to use programmatic interface (pututline() etc.)
+	   Indeed, at present only programmatic use is supported.
+	o  The only currently supported programmatic interface to "wtmp{,x}"
+	   is through "updwtmp*()" routines.
+	o  The "x" (utmpx/wtmpx; HAVE_UTMPX_H) seems preferable.
+	o  The HAVE_* items should identify supported features.
+	o  If at all possible, avoid "if defined(MY-OS)" constructions.
+
+OS observations and status:
+	Almost every OS seems to have its own quirks.
+
+	Solaris 2.x:
+		Tested on 2.6 and 2.7; should be OK on other flavours.
+	AIX:
+		Apparently has utmpx.h but doesn't implement.
+	OSF:
+		Has utmpx.h, but (e.g.) no "getutmpx()".  (Is this like AIX ?)
+	Redhat 6:
+		utmpx.h seems not to set default filenames.  non-x better.
+	IRIX 6.5:
+		Not tested.  Appears to have "x".
+	HP-UX 9.x:
+		Not tested.  Appears to lack "x".
+	HP-UX 10.x:
+		Not tested.
+		"updwtmp*()" routines seem absent, so no current wtmp* support.
+		Has "ut_addr": probably trivial to implement (although remember
+		that IPv6 is coming...).
+
+	FreeBSD:
+		No "putut*()" type of interface.
+		No "ut_type" and associated defines. 
+		Write files directly.  Alternatively use its login(3)/logout(3).
+	SunOS 4:
+		Not tested.  Resembles FreeBSD, but no login()/logout().
+
+lastlog:
+	Should "lastlog" files, if any, be updated?
+	BSD systems (SunOS 4, FreeBSD):
+		o  Prominent mention on man pages.
+	System-V (e.g. Solaris 2):
+		o  No mention on man pages, even under "man -k".
+		o  Has a "/var/adm/lastlog" file, but pututxline() etc. seem
+		   not to touch it.
+		o  Despite downplaying (above), nevertheless has <lastlog.h>.
+	So perhaps UN*X "lastlog" facility is intended for tty/terminal only?
+
+Notes:
+	Each connection requires a small number (starting at 0, working up)
+	to represent the line (unum).  This must be unique within and across
+	all smbd processes.
+
+	The 4 byte 'ut_id' component is vital to distinguish connections,
+	of which there could be several hundered or even thousand.
+	Entries seem to be printable characters, with optional NULL pads.
+
+	We need to be distinct from other entries in utmp/wtmp.
+
+	Observed things: therefore avoid them.  Add to this list please.
+	From Solaris 2.x (because that's what I have):
+		'sN'	: run-levels; N: [0-9]
+		'co'	: console
+		'CC'	: arbitrary things;  C: [a-z]
+		'rXNN'	: rlogin;  N: [0-9]; X: [0-9a-z]
+		'tXNN'	: rlogin;  N: [0-9]; X: [0-9a-z]
+		'/NNN'	: Solaris CDE
+		'ftpZ'	: ftp (Z is the number 255, aka 0377, aka 0xff)
+	Mostly a record uses the same 'ut_id' in both "utmp" and "wtmp",
+	but differences have been seen.
+
+	Arbitrarily I have chosen to use a distinctive 'SM' for the
+	first two bytes.
+
+	The remaining two encode the "unum" (see above).
+
+	For "utmp consolidate" the suggestion was made to encode the pid into
+	those remaining two bytes (16 bits).  But recent UNIX (e.g Solaris 8)
+	is migrating to pids > 16 bits, so we ought not to do this.
+
+****************************************************************************/
+
+#include <utmp.h>
+
+#ifdef HAVE_UTMPX_H
+#include <utmpx.h>
+#endif
+
+/* BSD systems: some may need lastlog.h (SunOS 4), some may not (FreeBSD) */
+/* Some System-V systems (e.g. Solaris 2) declare this too. */
+#ifdef HAVE_LASTLOG_H
+#include <lastlog.h>
+#endif
+
+/****************************************************************************
+ Obtain/release a small number (0 upwards) unique within and across smbds.
+****************************************************************************/
+/*
+ * Need a "small" number to represent this connection, unique within this
+ * smbd and across all smbds.
+ *
+ * claim:
+ *	Start at 0, hunt up for free, unique number "unum" by attempting to
+ *	store it as a key in a tdb database:
+ *		key: unum		data: pid+conn  
+ *	Also store its inverse, ready for yield function:
+ *		key: pid+conn		data: unum
+ *
+ * yield:
+ *	Find key: pid+conn; data is unum;  delete record
+ *	Find key: unum ; delete record.
+ *
+ * Comment:
+ *	The claim algorithm (a "for" loop attempting to store numbers in a tdb
+ *	database) will be increasingly inefficient with larger numbers of
+ *	connections.  Is it possible to write a suitable primitive within tdb?
+ *
+ *	However, by also storing the inverse key/data pair, we at least make
+ *	the yield algorithm efficient.
+ */
+
+/****************************************************************************
+ Default paths to various {u,w}tmp{,x} files.
+****************************************************************************/
+
+#ifdef	HAVE_UTMPX_H
+
+static const char *ux_pathname =
+# if defined (UTMPX_FILE)
+	UTMPX_FILE ;
+# elif defined (_UTMPX_FILE)
+	_UTMPX_FILE ;
+# elif defined (_PATH_UTMPX)
+	_PATH_UTMPX ;
+# else
+	"" ;
+# endif
+
+static const char *wx_pathname =
+# if defined (WTMPX_FILE)
+	WTMPX_FILE ;
+# elif defined (_WTMPX_FILE)
+	_WTMPX_FILE ;
+# elif defined (_PATH_WTMPX)
+	_PATH_WTMPX ;
+# else
+	"" ;
+# endif
+
+#endif	/* HAVE_UTMPX_H */
+
+static const char *ut_pathname =
+# if defined (UTMP_FILE)
+	UTMP_FILE ;
+# elif defined (_UTMP_FILE)
+	_UTMP_FILE ;
+# elif defined (_PATH_UTMP)
+	_PATH_UTMP ;
+# else
+	"" ;
+# endif
+
+static const char *wt_pathname =
+# if defined (WTMP_FILE)
+	WTMP_FILE ;
+# elif defined (_WTMP_FILE)
+	_WTMP_FILE ;
+# elif defined (_PATH_WTMP)
+	_PATH_WTMP ;
+# else
+	"" ;
+# endif
+
+/* BSD-like systems might want "lastlog" support. */
+/* *** Not yet implemented */
+#ifndef HAVE_PUTUTLINE		/* see "pututline_my()" */
+static const char *ll_pathname =
+# if defined (_PATH_LASTLOG)	/* what other names (if any?) */
+	_PATH_LASTLOG ;
+# else
+	"" ;
+# endif	/* _PATH_LASTLOG */
+#endif	/* HAVE_PUTUTLINE */
+
+/*
+ * Get name of {u,w}tmp{,x} file.
+ *	return: fname contains filename
+ *		Possibly empty if this code not yet ported to this system.
+ *
+ * utmp{,x}:  try "utmp dir", then default (a define)
+ * wtmp{,x}:  try "wtmp dir", then "utmp dir", then default (a define)
+ */
+static void uw_pathname(pstring fname, const char *uw_name, const char *uw_default)
+{
+	pstring dirname;
+
+	pstrcpy(dirname, "");
+
+	/* For w-files, first look for explicit "wtmp dir" */
+	if (uw_name[0] == 'w') {
+		pstrcpy(dirname,lp_wtmpdir());
+		trim_string(dirname,"","/");
+	}
+
+	/* For u-files and non-explicit w-dir, look for "utmp dir" */
+	if (dirname == 0 || strlen(dirname) == 0) {
+		pstrcpy(dirname,lp_utmpdir());
+		trim_string(dirname,"","/");
+	}
+
+	/* If explicit directory above, use it */
+	if (dirname != 0 && strlen(dirname) != 0) {
+		pstrcpy(fname, dirname);
+		pstrcat(fname, "/");
+		pstrcat(fname, uw_name);
+		return;
+	}
+
+	/* No explicit directory: attempt to use default paths */
+	if (strlen(uw_default) == 0) {
+		/* No explicit setting, no known default.
+		 * Has it yet been ported to this OS?
+		 */
+		DEBUG(2,("uw_pathname: unable to determine pathname\n"));
+	}
+	pstrcpy(fname, uw_default);
+}
+
+#ifndef HAVE_PUTUTLINE
+
+/****************************************************************************
+ Update utmp file directly.  No subroutine interface: probably a BSD system.
+****************************************************************************/
+
+static void pututline_my(pstring uname, struct utmp *u, BOOL claim)
+{
+	DEBUG(1,("pututline_my: not yet implemented\n"));
+	/* BSD implementor: may want to consider (or not) adjusting "lastlog" */
+}
+#endif /* HAVE_PUTUTLINE */
+
+#ifndef HAVE_UPDWTMP
+
+/****************************************************************************
+ Update wtmp file directly.  No subroutine interface: probably a BSD system.
+ Credit: Michail Vidiassov <master@iaas.msu.ru>
+****************************************************************************/
+
+static void updwtmp_my(pstring wname, struct utmp *u, BOOL claim)
+{
+	int fd;
+	struct stat buf;
+
+	if (! claim) {
+		/*
+	 	 * BSD-like systems:
+		 *	may use empty ut_name to distinguish a logout record.
+		 *
+		 * May need "if defined(SUNOS4)" etc. around some of these,
+		 * but try to avoid if possible.
+		 *
+		 * SunOS 4:
+		 *	man page indicates ut_name and ut_host both NULL
+		 * FreeBSD 4.0:
+		 *	man page appears not to specify (hints non-NULL)
+		 *	A correspondent suggest at least ut_name should be NULL
+		 */
+		memset((char *)&u->ut_name, '\0', sizeof(u->ut_name));
+		memset((char *)&u->ut_host, '\0', sizeof(u->ut_host));
+	}
+	/* Stolen from logwtmp function in libutil.
+	 * May be more locking/blocking is needed?
+	 */
+	if ((fd = open(wname, O_WRONLY|O_APPEND, 0)) < 0)
+		return;
+	if (fstat(fd, &buf) == 0) {
+		if (write(fd, (char *)u, sizeof(struct utmp)) != sizeof(struct utmp))
+		(void) ftruncate(fd, buf.st_size);
+	}
+	(void) close(fd);
+}
+#endif /* HAVE_UPDWTMP */
+
+/****************************************************************************
+ Update via utmp/wtmp (not utmpx/wtmpx).
+****************************************************************************/
+
+static void utmp_nox_update(struct utmp *u, BOOL claim)
+{
+	pstring uname, wname;
+#if defined(PUTUTLINE_RETURNS_UTMP)
+	struct utmp *urc;
+#endif /* PUTUTLINE_RETURNS_UTMP */
+
+	uw_pathname(uname, "utmp", ut_pathname);
+	DEBUG(2,("utmp_nox_update: uname:%s\n", uname));
+
+#ifdef HAVE_PUTUTLINE
+	if (strlen(uname) != 0) {
+		utmpname(uname);
+	}
+
+# if defined(PUTUTLINE_RETURNS_UTMP)
+	setutent();
+	urc = pututline(u);
+	endutent();
+	if (urc == NULL) {
+		DEBUG(2,("utmp_nox_update: pututline() failed\n"));
+		return;
+	}
+# else	/* PUTUTLINE_RETURNS_UTMP */
+	setutent();
+	pututline(u);
+	endutent();
+# endif	/* PUTUTLINE_RETURNS_UTMP */
+
+#else	/* HAVE_PUTUTLINE */
+	if (strlen(uname) != 0) {
+		pututline_my(uname, u, claim);
+	}
+#endif /* HAVE_PUTUTLINE */
+
+	uw_pathname(wname, "wtmp", wt_pathname);
+	DEBUG(2,("utmp_nox_update: wname:%s\n", wname));
+	if (strlen(wname) != 0) {
+#ifdef HAVE_UPDWTMP
+		updwtmp(wname, u);
+		/*
+		 * updwtmp() and the newer updwtmpx() may be unsymmetrical.
+		 * At least one OS, Solaris 2.x declares the former in the
+		 * "utmpx" (latter) file and context.
+		 * In the Solaris case this is irrelevant: it has both and
+		 * we always prefer the "x" case, so doesn't come here.
+		 * But are there other systems, with no "x", which lack
+		 * updwtmp() perhaps?
+		 */
+#else
+		updwtmp_my(wname, u, claim);
+#endif /* HAVE_UPDWTMP */
+	}
+}
+
+/****************************************************************************
+ Copy a string in the utmp structure.
+****************************************************************************/
+
+static void utmp_strcpy(char *dest, const char *src, size_t n)
+{
+	size_t len = 0;
+
+	memset(dest, '\0', n);
+	if (src)
+		len = strlen(src);
+	if (len >= n) {
+		memcpy(dest, src, n);
+	} else {
+		if (len)
+			memcpy(dest, src, len);
+	}
+}
+
+/****************************************************************************
+ Update via utmpx/wtmpx (preferred) or via utmp/wtmp.
+****************************************************************************/
+
+static void sys_utmp_update(struct utmp *u, const char *hostname, BOOL claim)
+{
+#if !defined(HAVE_UTMPX_H)
+	/* No utmpx stuff.  Drop to non-x stuff */
+	utmp_nox_update(u, claim);
+#elif !defined(HAVE_PUTUTXLINE)
+	/* Odd.  Have utmpx.h but no "pututxline()".  Drop to non-x stuff */
+	DEBUG(1,("utmp_update: have utmpx.h but no pututxline() function\n"));
+	utmp_nox_update(u, claim);
+#elif !defined(HAVE_GETUTMPX)
+	/* Odd.  Have utmpx.h but no "getutmpx()".  Drop to non-x stuff */
+	DEBUG(1,("utmp_update: have utmpx.h but no getutmpx() function\n"));
+	utmp_nox_update(u, claim);
+#else
+	pstring uname, wname;
+	struct utmpx ux, *uxrc;
+
+	getutmpx(u, &ux);
+
+#if defined(HAVE_UX_UT_SYSLEN)
+	if (hostname)
+		ux.ut_syslen = strlen(hostname) + 1;	/* include end NULL */
+	else
+		ux.ut_syslen = 0;
+#endif
+	utmp_strcpy(ux.ut_host, hostname, sizeof(ux.ut_host));
+
+	uw_pathname(uname, "utmpx", ux_pathname);
+	uw_pathname(wname, "wtmpx", wx_pathname);
+	DEBUG(2,("utmp_update: uname:%s wname:%s\n", uname, wname));
+	/*
+	 * Check for either uname or wname being empty.
+	 * Some systems, such as Redhat 6, have a "utmpx.h" which doesn't
+	 * define default filenames.
+	 * Also, our local installation has not provided an override.
+	 * Drop to non-x method.  (E.g. RH6 has good defaults in "utmp.h".)
+	 */
+	if ((strlen(uname) == 0) || (strlen(wname) == 0)) {
+		utmp_nox_update(u, claim);
+	} else {
+		utmpxname(uname);
+		setutxent();
+		uxrc = pututxline(&ux);
+		endutxent();
+		if (uxrc == NULL) {
+			DEBUG(2,("utmp_update: pututxline() failed\n"));
+			return;
+		}
+		updwtmpx(wname, &ux);
+	}
+#endif /* HAVE_UTMPX_H */
+}
+
+#if defined(HAVE_UT_UT_ID)
+/****************************************************************************
+ Encode the unique connection number into "ut_id".
+****************************************************************************/
+
+static int ut_id_encode(int i, char *fourbyte)
+{
+	int nbase;
+	char *ut_id_encstr = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
+	
+	fourbyte[0] = 'S';
+	fourbyte[1] = 'M';
+
+/*
+ * Encode remaining 2 bytes from 'i'.
+ * 'ut_id_encstr' is the character set on which modulo arithmetic is done.
+ * Example: digits would produce the base-10 numbers from '001'.
+ */
+	nbase = strlen(ut_id_encstr);
+
+	fourbyte[3] = ut_id_encstr[i % nbase];
+	i /= nbase;
+	fourbyte[2] = ut_id_encstr[i % nbase];
+	i /= nbase;
+
+	return(i);	/* 0: good; else overflow */
+}
+#endif /* defined(HAVE_UT_UT_ID) */
+
+
+/*
+  fill a system utmp structure given all the info we can gather 
+*/
+static BOOL sys_utmp_fill(struct utmp *u,
+			  const char *username, const char *hostname,
+			  const char *id_str, int id_num)
+{			  
+	struct timeval timeval;
+
+	/*
+	 * ut_name, ut_user:
+	 *	Several (all?) systems seems to define one as the other.
+	 *	It is easier and clearer simply to let the following take its course,
+	 *	rather than to try to detect and optimise.
+	 */
+#if defined(HAVE_UT_UT_USER)
+	utmp_strcpy(u->ut_user, username, sizeof(u->ut_user));
+#elif defined(HAVE_UT_UT_NAME)
+	utmp_strcpy(u->ut_name, username, sizeof(u->ut_name));
+#endif
+
+	/*
+	 * ut_line:
+	 *	If size limit proves troublesome, then perhaps use "ut_id_encode()".
+	 *
+	 * Temporary variable "line_tmp" avoids trouble:
+	 * o  with unwanted trailing NULL if ut_line full;
+	 * o  with overflow if ut_line would be more than full.
+	 */
+	if (strlen(id_str) > sizeof(u->ut_line)) {
+		DEBUG(1,("id_str [%s] is too long for %d char utmp field\n",
+			 id_str, sizeof(u->ut_line)));
+		return False;
+	}
+	utmp_strcpy(u->ut_line, id_str, sizeof(u->ut_line));
+
+#if defined(HAVE_UT_UT_PID)
+	u->ut_pid = sys_getpid();
+#endif
+
+/*
+ * ut_time, ut_tv: 
+ *	Some have one, some the other.  Many have both, but defined (aliased).
+ *	It is easier and clearer simply to let the following take its course.
+ *	But note that we do the more precise ut_tv as the final assignment.
+ */
+#if defined(HAVE_UT_UT_TIME)
+	gettimeofday(&timeval, NULL);
+	u->ut_time = timeval.tv_sec;
+#elif defined(HAVE_UT_UT_TV)
+	gettimeofday(&timeval, NULL);
+	u->ut_tv = timeval;
+#else
+#error "with-utmp must have UT_TIME or UT_TV"
+#endif
+
+#if defined(HAVE_UT_UT_HOST)
+	utmp_strcpy(u->ut_host, hostname, sizeof(u->ut_host));
+#endif
+
+#if defined(HAVE_UT_UT_ADDR)
+	/*
+	 * "(unsigned long) ut_addr" apparently exists on at least HP-UX 10.20.
+	 * Volunteer to implement, please ...
+	 */
+#endif
+
+#if defined(HAVE_UT_UT_ID)
+	if (ut_id_encode(id_num, u->ut_id) != 0) {
+		DEBUG(1,("utmp_fill: cannot encode id %d\n", id_num));
+		return False;
+	}
+#endif
+
+	return True;
+}
+
+/****************************************************************************
+ Close a connection.
+****************************************************************************/
+
+void sys_utmp_yield(const char *username, const char *hostname, 
+		    const char *id_str, int id_num)
+{
+	struct utmp u;
+
+	ZERO_STRUCT(u);
+
+#if defined(HAVE_UT_UT_EXIT)
+	u.ut_exit.e_termination = 0;
+	u.ut_exit.e_exit = 0;
+#endif
+
+#if defined(HAVE_UT_UT_TYPE)
+	u.ut_type = DEAD_PROCESS;
+#endif
+
+	if (!sys_utmp_fill(&u, username, hostname, id_str, id_num)) return;
+
+	sys_utmp_update(&u, NULL, False);
+}
+
+/****************************************************************************
+ Claim a entry in whatever utmp system the OS uses.
+****************************************************************************/
+
+void sys_utmp_claim(const char *username, const char *hostname, 
+		    const char *id_str, int id_num)
+{
+	struct utmp u;
+
+	ZERO_STRUCT(u);
+
+#if defined(HAVE_UT_UT_TYPE)
+	u.ut_type = USER_PROCESS;
+#endif
+
+	if (!sys_utmp_fill(&u, username, hostname, id_str, id_num)) return;
+
+	sys_utmp_update(&u, hostname, True);
+}
+
+#else /* WITH_UTMP */
+ void dummy_utmp(void) {}
+#endif
diff --git a/source3/smbd/vfs-wrap.c b/source3/smbd/vfs-wrap.c
new file mode 100644
index 0000000000..fadc435a2f
--- /dev/null
+++ b/source3/smbd/vfs-wrap.c
@@ -0,0 +1,726 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Wrap disk only vfs functions to sidestep dodgy compilers.
+   Copyright (C) Tim Potter 1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/* Check for NULL pointer parameters in vfswrap_* functions */
+
+/* We don't want to have NULL function pointers lying around.  Someone
+   is sure to try and execute them.  These stubs are used to prevent
+   this possibility. */
+
+int vfswrap_dummy_connect(connection_struct *conn, const char *service, const char *user)
+{
+    return 0;    /* Return >= 0 for success */
+}
+
+void vfswrap_dummy_disconnect(connection_struct *conn)
+{
+}
+
+/* Disk operations */
+
+SMB_BIG_UINT vfswrap_disk_free(connection_struct *conn, const char *path, BOOL small_query, SMB_BIG_UINT *bsize, 
+			       SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize)
+{
+    SMB_BIG_UINT result;
+
+    result = sys_disk_free(path, small_query, bsize, dfree, dsize);
+    return result;
+}
+    
+/* Directory operations */
+
+DIR *vfswrap_opendir(connection_struct *conn, const char *fname)
+{
+    DIR *result;
+
+    START_PROFILE(syscall_opendir);
+    result = opendir(fname);
+    END_PROFILE(syscall_opendir);
+    return result;
+}
+
+struct dirent *vfswrap_readdir(connection_struct *conn, DIR *dirp)
+{
+    struct dirent *result;
+
+    START_PROFILE(syscall_readdir);
+    result = readdir(dirp);
+    END_PROFILE(syscall_readdir);
+    return result;
+}
+
+int vfswrap_mkdir(connection_struct *conn, const char *path, mode_t mode)
+{
+	int result;
+	BOOL has_dacl = False;
+
+	START_PROFILE(syscall_mkdir);
+
+	if (lp_inherit_acls(SNUM(conn)) && (has_dacl = directory_has_default_acl(conn, parent_dirname(path))))
+		mode = 0777;
+
+	result = mkdir(path, mode);
+
+	if (result == 0 && !has_dacl) {
+		/*
+		 * We need to do this as the default behavior of POSIX ACLs	
+		 * is to set the mask to be the requested group permission
+		 * bits, not the group permission bits to be the requested
+		 * group permission bits. This is not what we want, as it will
+		 * mess up any inherited ACL bits that were set. JRA.
+		 */
+		int saved_errno = errno; /* We may get ENOSYS */
+		if (conn->vfs_ops.chmod_acl != NULL) {
+			if ((conn->vfs_ops.chmod_acl(conn, path, mode) == -1) && (errno == ENOSYS))
+				errno = saved_errno;
+		}
+	}
+
+    END_PROFILE(syscall_mkdir);
+    return result;
+}
+
+int vfswrap_rmdir(connection_struct *conn, const char *path)
+{
+    int result;
+
+    START_PROFILE(syscall_rmdir);
+    result = rmdir(path);
+    END_PROFILE(syscall_rmdir);
+    return result;
+}
+
+int vfswrap_closedir(connection_struct *conn, DIR *dirp)
+{
+    int result;
+
+    START_PROFILE(syscall_closedir);
+    result = closedir(dirp);
+    END_PROFILE(syscall_closedir);
+    return result;
+}
+
+/* File operations */
+    
+int vfswrap_open(connection_struct *conn, const char *fname, int flags, mode_t mode)
+{
+    int result;
+
+    START_PROFILE(syscall_open);
+    result = sys_open(fname, flags, mode);
+    END_PROFILE(syscall_open);
+    return result;
+}
+
+int vfswrap_close(files_struct *fsp, int fd)
+{
+    int result;
+
+    START_PROFILE(syscall_close);
+
+    result = close(fd);
+    END_PROFILE(syscall_close);
+    return result;
+}
+
+ssize_t vfswrap_read(files_struct *fsp, int fd, void *data, size_t n)
+{
+    ssize_t result;
+
+    START_PROFILE_BYTES(syscall_read, n);
+    result = read(fd, data, n);
+    END_PROFILE(syscall_read);
+    return result;
+}
+
+ssize_t vfswrap_write(files_struct *fsp, int fd, const void *data, size_t n)
+{
+    ssize_t result;
+
+    START_PROFILE_BYTES(syscall_write, n);
+    result = write(fd, data, n);
+    END_PROFILE(syscall_write);
+    return result;
+}
+
+SMB_OFF_T vfswrap_lseek(files_struct *fsp, int filedes, SMB_OFF_T offset, int whence)
+{
+	SMB_OFF_T result = 0;
+
+	START_PROFILE(syscall_lseek);
+
+	/* Cope with 'stat' file opens. */
+	if (filedes != -1)
+		result = sys_lseek(filedes, offset, whence);
+
+	/*
+	 * We want to maintain the fiction that we can seek
+	 * on a fifo for file system purposes. This allows
+	 * people to set up UNIX fifo's that feed data to Windows
+	 * applications. JRA.
+	 */
+
+	if((result == -1) && (errno == ESPIPE)) {
+		result = 0;
+		errno = 0;
+	}
+
+	END_PROFILE(syscall_lseek);
+	return result;
+}
+
+int vfswrap_rename(connection_struct *conn, const char *old, const char *new)
+{
+    int result;
+
+    START_PROFILE(syscall_rename);
+    result = rename(old, new);
+    END_PROFILE(syscall_rename);
+    return result;
+}
+
+int vfswrap_fsync(files_struct *fsp, int fd)
+{
+#ifdef HAVE_FSYNC
+    int result;
+
+    START_PROFILE(syscall_fsync);
+
+    result = fsync(fd);
+    END_PROFILE(syscall_fsync);
+    return result;
+#else
+	return 0;
+#endif
+}
+
+int vfswrap_stat(connection_struct *conn, const char *fname, SMB_STRUCT_STAT *sbuf)
+{
+    int result;
+
+    START_PROFILE(syscall_stat);
+    result = sys_stat(fname, sbuf);
+    END_PROFILE(syscall_stat);
+    return result;
+}
+
+int vfswrap_fstat(files_struct *fsp, int fd, SMB_STRUCT_STAT *sbuf)
+{
+    int result;
+
+    START_PROFILE(syscall_fstat);
+    result = sys_fstat(fd, sbuf);
+    END_PROFILE(syscall_fstat);
+    return result;
+}
+
+int vfswrap_lstat(connection_struct *conn, const char *path, SMB_STRUCT_STAT *sbuf)
+{
+    int result;
+
+    START_PROFILE(syscall_lstat);
+    result = sys_lstat(path, sbuf);
+    END_PROFILE(syscall_lstat);
+    return result;
+}
+
+int vfswrap_unlink(connection_struct *conn, const char *path)
+{
+    int result;
+
+    START_PROFILE(syscall_unlink);
+    result = unlink(path);
+    END_PROFILE(syscall_unlink);
+    return result;
+}
+
+int vfswrap_chmod(connection_struct *conn, const char *path, mode_t mode)
+{
+    int result;
+
+    START_PROFILE(syscall_chmod);
+
+	/*
+	 * We need to do this due to the fact that the default POSIX ACL
+	 * chmod modifies the ACL *mask* for the group owner, not the
+	 * group owner bits directly. JRA.
+	 */
+
+	
+	if (conn->vfs_ops.chmod_acl != NULL) {
+		int saved_errno = errno; /* We might get ENOSYS */
+		if ((result = conn->vfs_ops.chmod_acl(conn, path, mode)) == 0) {
+			END_PROFILE(syscall_chmod);
+			return result;
+		}
+		/* Error - return the old errno. */
+		errno = saved_errno;
+	}
+
+    result = chmod(path, mode);
+    END_PROFILE(syscall_chmod);
+    return result;
+}
+
+int vfswrap_fchmod(files_struct *fsp, int fd, mode_t mode)
+{
+    int result;
+	struct vfs_ops *vfs_ops = &fsp->conn->vfs_ops;
+	
+    START_PROFILE(syscall_fchmod);
+
+	/*
+	 * We need to do this due to the fact that the default POSIX ACL
+	 * chmod modifies the ACL *mask* for the group owner, not the
+	 * group owner bits directly. JRA.
+	 */
+	
+	if (vfs_ops->fchmod_acl != NULL) {
+		int saved_errno = errno; /* We might get ENOSYS */
+		if ((result = vfs_ops->fchmod_acl(fsp, fd, mode)) == 0) {
+			END_PROFILE(syscall_chmod);
+			return result;
+		}
+		/* Error - return the old errno. */
+		errno = saved_errno;
+	}
+
+    result = fchmod(fd, mode);
+    END_PROFILE(syscall_fchmod);
+    return result;
+}
+
+int vfswrap_chown(connection_struct *conn, const char *path, uid_t uid, gid_t gid)
+{
+    int result;
+
+    START_PROFILE(syscall_chown);
+    result = sys_chown(path, uid, gid);
+    END_PROFILE(syscall_chown);
+    return result;
+}
+
+int vfswrap_fchown(files_struct *fsp, int fd, uid_t uid, gid_t gid)
+{
+    int result;
+
+    START_PROFILE(syscall_fchown);
+
+    result = fchown(fd, uid, gid);
+    END_PROFILE(syscall_fchown);
+    return result;
+}
+
+int vfswrap_chdir(connection_struct *conn, const char *path)
+{
+    int result;
+
+    START_PROFILE(syscall_chdir);
+    result = chdir(path);
+    END_PROFILE(syscall_chdir);
+    return result;
+}
+
+char *vfswrap_getwd(connection_struct *conn, char *path)
+{
+    char *result;
+
+    START_PROFILE(syscall_getwd);
+    result = sys_getwd(path);
+    END_PROFILE(syscall_getwd);
+    return result;
+}
+
+int vfswrap_utime(connection_struct *conn, const char *path, struct utimbuf *times)
+{
+    int result;
+
+    START_PROFILE(syscall_utime);
+    result = utime(path, times);
+    END_PROFILE(syscall_utime);
+    return result;
+}
+
+/*********************************************************************
+ A version of ftruncate that will write the space on disk if strict
+ allocate is set.
+**********************************************************************/
+
+static int strict_allocate_ftruncate(files_struct *fsp, int fd, SMB_OFF_T len)
+{
+	struct vfs_ops *vfs_ops = &fsp->conn->vfs_ops;
+	SMB_STRUCT_STAT st;
+	SMB_OFF_T currpos = vfs_ops->lseek(fsp, fd, 0, SEEK_CUR);
+	unsigned char zero_space[4096];
+	SMB_OFF_T space_to_write;
+
+	if (currpos == -1)
+		return -1;
+
+	if (vfs_ops->fstat(fsp, fd, &st) == -1)
+		return -1;
+
+	space_to_write = len - st.st_size;
+
+#ifdef S_ISFIFO
+	if (S_ISFIFO(st.st_mode))
+		return 0;
+#endif
+
+	if (st.st_size == len)
+		return 0;
+
+	/* Shrink - just ftruncate. */
+	if (st.st_size > len)
+		return sys_ftruncate(fd, len);
+
+	/* Write out the real space on disk. */
+	if (vfs_ops->lseek(fsp, fd, st.st_size, SEEK_SET) != st.st_size)
+		return -1;
+
+	space_to_write = len - st.st_size;
+
+	memset(zero_space, '\0', sizeof(zero_space));
+	while ( space_to_write > 0) {
+		SMB_OFF_T retlen;
+		SMB_OFF_T current_len_to_write = MIN(sizeof(zero_space),space_to_write);
+
+		retlen = vfs_ops->write(fsp,fsp->fd,(char *)zero_space,current_len_to_write);
+		if (retlen <= 0)
+			return -1;
+
+		space_to_write -= retlen;
+	}
+
+	/* Seek to where we were */
+	if (vfs_ops->lseek(fsp, fd, currpos, SEEK_SET) != currpos)
+		return -1;
+
+	return 0;
+}
+
+int vfswrap_ftruncate(files_struct *fsp, int fd, SMB_OFF_T len)
+{
+	int result = -1;
+	struct vfs_ops *vfs_ops = &fsp->conn->vfs_ops;
+	SMB_STRUCT_STAT st;
+	char c = 0;
+	SMB_OFF_T currpos;
+
+	START_PROFILE(syscall_ftruncate);
+
+	if (lp_strict_allocate(SNUM(fsp->conn))) {
+		result = strict_allocate_ftruncate(fsp, fd, len);
+		END_PROFILE(syscall_ftruncate);
+		return result;
+	}
+
+	/* we used to just check HAVE_FTRUNCATE_EXTEND and only use
+	   sys_ftruncate if the system supports it. Then I discovered that
+	   you can have some filesystems that support ftruncate
+	   expansion and some that don't! On Linux fat can't do
+	   ftruncate extend but ext2 can. */
+
+	result = sys_ftruncate(fd, len);
+	if (result == 0)
+		goto done;
+
+	/* According to W. R. Stevens advanced UNIX prog. Pure 4.3 BSD cannot
+	   extend a file with ftruncate. Provide alternate implementation
+	   for this */
+	currpos = vfs_ops->lseek(fsp, fd, 0, SEEK_CUR);
+	if (currpos == -1) {
+		goto done;
+	}
+
+	/* Do an fstat to see if the file is longer than the requested
+	   size in which case the ftruncate above should have
+	   succeeded or shorter, in which case seek to len - 1 and
+	   write 1 byte of zero */
+	if (vfs_ops->fstat(fsp, fd, &st) == -1) {
+		goto done;
+	}
+
+#ifdef S_ISFIFO
+	if (S_ISFIFO(st.st_mode)) {
+		result = 0;
+		goto done;
+	}
+#endif
+
+	if (st.st_size == len) {
+		result = 0;
+		goto done;
+	}
+
+	if (st.st_size > len) {
+		/* the sys_ftruncate should have worked */
+		goto done;
+	}
+
+	if (vfs_ops->lseek(fsp, fd, len-1, SEEK_SET) != len -1)
+		goto done;
+
+	if (vfs_ops->write(fsp, fd, &c, 1)!=1)
+		goto done;
+
+	/* Seek to where we were */
+	if (vfs_ops->lseek(fsp, fd, currpos, SEEK_SET) != currpos)
+		goto done;
+	result = 0;
+
+  done:
+
+	END_PROFILE(syscall_ftruncate);
+	return result;
+}
+
+BOOL vfswrap_lock(files_struct *fsp, int fd, int op, SMB_OFF_T offset, SMB_OFF_T count, int type)
+{
+    BOOL result;
+
+    START_PROFILE(syscall_fcntl_lock);
+
+    result =  fcntl_lock(fd, op, offset, count,type);
+    END_PROFILE(syscall_fcntl_lock);
+    return result;
+}
+
+int vfswrap_symlink(connection_struct *conn, const char *oldpath, const char *newpath)
+{
+    int result;
+
+    START_PROFILE(syscall_symlink);
+    result = sys_symlink(oldpath, newpath);
+    END_PROFILE(syscall_symlink);
+    return result;
+}
+
+int vfswrap_readlink(connection_struct *conn, const char *path, char *buf, size_t bufsiz)
+{
+    int result;
+
+    START_PROFILE(syscall_readlink);
+    result = sys_readlink(path, buf, bufsiz);
+    END_PROFILE(syscall_readlink);
+    return result;
+}
+
+int vfswrap_link(connection_struct *conn, const char *oldpath, const char *newpath)
+{
+	int result;
+
+	START_PROFILE(syscall_link);
+	result = sys_link(oldpath, newpath);
+	END_PROFILE(syscall_link);
+	return result;
+}
+
+int vfswrap_mknod(connection_struct *conn, const char *pathname, mode_t mode, SMB_DEV_T dev)
+{
+	int result;
+
+	START_PROFILE(syscall_mknod);
+	result = sys_mknod(pathname, mode, dev);
+	END_PROFILE(syscall_mknod);
+	return result;
+}
+
+char *vfswrap_realpath(connection_struct *conn, const char *path, char *resolved_path)
+{
+	char *result;
+
+	START_PROFILE(syscall_realpath);
+	result = sys_realpath(path, resolved_path);
+	END_PROFILE(syscall_realpath);
+	return result;
+}
+
+size_t vfswrap_fget_nt_acl(files_struct *fsp, int fd, SEC_DESC **ppdesc)
+{
+	size_t result;
+
+	START_PROFILE(fget_nt_acl);
+	result = get_nt_acl(fsp, ppdesc);
+	END_PROFILE(fget_nt_acl);
+	return result;
+}
+
+size_t vfswrap_get_nt_acl(files_struct *fsp, const char *name, SEC_DESC **ppdesc)
+{
+	size_t result;
+
+	START_PROFILE(get_nt_acl);
+	result = get_nt_acl(fsp, ppdesc);
+	END_PROFILE(get_nt_acl);
+	return result;
+}
+
+BOOL vfswrap_fset_nt_acl(files_struct *fsp, int fd, uint32 security_info_sent, SEC_DESC *psd)
+{
+	BOOL result;
+
+	START_PROFILE(fset_nt_acl);
+	result = set_nt_acl(fsp, security_info_sent, psd);
+	END_PROFILE(fset_nt_acl);
+	return result;
+}
+
+BOOL vfswrap_set_nt_acl(files_struct *fsp, const char *name, uint32 security_info_sent, SEC_DESC *psd)
+{
+	BOOL result;
+
+	START_PROFILE(set_nt_acl);
+	result = set_nt_acl(fsp, security_info_sent, psd);
+	END_PROFILE(set_nt_acl);
+	return result;
+}
+
+int vfswrap_chmod_acl(connection_struct *conn, const char *name, mode_t mode)
+{
+	int result;
+
+	START_PROFILE(chmod_acl);
+	result = chmod_acl(conn, name, mode);
+	END_PROFILE(chmod_acl);
+	return result;
+}
+
+int vfswrap_fchmod_acl(files_struct *fsp, int fd, mode_t mode)
+{
+	int result;
+
+	START_PROFILE(fchmod_acl);
+	result = fchmod_acl(fsp, fd, mode);
+	END_PROFILE(fchmod_acl);
+	return result;
+}
+
+int vfswrap_sys_acl_get_entry(struct connection_struct *conn, SMB_ACL_T theacl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
+{
+	return sys_acl_get_entry(theacl, entry_id, entry_p);
+}
+
+int vfswrap_sys_acl_get_tag_type(struct connection_struct *conn, SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
+{
+	return sys_acl_get_tag_type(entry_d, tag_type_p);
+}
+
+int vfswrap_sys_acl_get_permset(struct connection_struct *conn, SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
+{
+	return sys_acl_get_permset(entry_d, permset_p);
+}
+
+void * vfswrap_sys_acl_get_qualifier(struct connection_struct *conn, SMB_ACL_ENTRY_T entry_d)
+{
+	return sys_acl_get_qualifier(entry_d);
+}
+
+SMB_ACL_T vfswrap_sys_acl_get_file(struct connection_struct *conn, const char *path_p, SMB_ACL_TYPE_T type)
+{
+	return sys_acl_get_file(path_p, type);
+}
+
+SMB_ACL_T vfswrap_sys_acl_get_fd(struct files_struct *fsp, int fd)
+{
+	return sys_acl_get_fd(fd);
+}
+
+int vfswrap_sys_acl_clear_perms(struct connection_struct *conn, SMB_ACL_PERMSET_T permset)
+{
+	return sys_acl_clear_perms(permset);
+}
+
+int vfswrap_sys_acl_add_perm(struct connection_struct *conn, SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
+{
+	return sys_acl_add_perm(permset, perm);
+}
+
+char * vfswrap_sys_acl_to_text(struct connection_struct *conn, SMB_ACL_T theacl, ssize_t *plen)
+{
+	return sys_acl_to_text(theacl, plen);
+}
+
+SMB_ACL_T vfswrap_sys_acl_init(struct connection_struct *conn, int count)
+{
+	return sys_acl_init(count);
+}
+
+int vfswrap_sys_acl_create_entry(struct connection_struct *conn, SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
+{
+	return sys_acl_create_entry(pacl, pentry);
+}
+
+int vfswrap_sys_acl_set_tag_type(struct connection_struct *conn, SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype)
+{
+	return sys_acl_set_tag_type(entry, tagtype);
+}
+
+int vfswrap_sys_acl_set_qualifier(struct connection_struct *conn, SMB_ACL_ENTRY_T entry, void *qual)
+{
+	return sys_acl_set_qualifier(entry, qual);
+}
+
+int vfswrap_sys_acl_set_permset(struct connection_struct *conn, SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
+{
+	return sys_acl_set_permset(entry, permset);
+}
+
+int vfswrap_sys_acl_valid(struct connection_struct *conn, SMB_ACL_T theacl )
+{
+	return sys_acl_valid(theacl );
+}
+
+int vfswrap_sys_acl_set_file(struct connection_struct *conn, const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
+{
+	return sys_acl_set_file(name, acltype, theacl);
+}
+
+int vfswrap_sys_acl_set_fd(struct files_struct *fsp, int fd, SMB_ACL_T theacl)
+{
+	return sys_acl_set_fd(fd, theacl);
+}
+
+int vfswrap_sys_acl_delete_def_file(struct connection_struct *conn, const char *path)
+{
+	return sys_acl_delete_def_file(path);
+}
+
+int vfswrap_sys_acl_get_perm(struct connection_struct *conn, SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
+{
+	return sys_acl_get_perm(permset, perm);
+}
+
+int vfswrap_sys_acl_free_text(struct connection_struct *conn, char *text)
+{
+	return sys_acl_free_text(text);
+}
+
+int vfswrap_sys_acl_free_acl(struct connection_struct *conn, SMB_ACL_T posix_acl)
+{
+	return sys_acl_free_acl(posix_acl);
+}
+
+int vfswrap_sys_acl_free_qualifier(struct connection_struct *conn, void *qualifier, SMB_ACL_TAG_T tagtype)
+{
+	return sys_acl_free_qualifier(qualifier, tagtype);
+}
diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c
new file mode 100644
index 0000000000..4e2e353ed8
--- /dev/null
+++ b/source3/smbd/vfs.c
@@ -0,0 +1,802 @@
+/*
+   Unix SMB/Netbios implementation.
+   Version 1.9.
+   VFS initialisation and support functions
+   Copyright (C) Tim Potter 1999
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/* Some structures to help us initialise the vfs operations table */
+
+struct vfs_syminfo {
+	char *name;
+	void *fptr;
+};
+
+/* Default vfs hooks.  WARNING: The order of these initialisers is
+   very important.  They must be in the same order as defined in
+   vfs.h.  Change at your own peril. */
+
+struct vfs_ops default_vfs_ops = {
+
+	/* Disk operations */
+
+	vfswrap_dummy_connect,
+	vfswrap_dummy_disconnect,
+	vfswrap_disk_free,
+
+	/* Directory operations */
+
+	vfswrap_opendir,
+	vfswrap_readdir,
+	vfswrap_mkdir,
+	vfswrap_rmdir,
+	vfswrap_closedir,
+
+	/* File operations */
+
+	vfswrap_open,
+	vfswrap_close,
+	vfswrap_read,
+	vfswrap_write,
+	vfswrap_lseek,
+	vfswrap_rename,
+	vfswrap_fsync,
+	vfswrap_stat,
+	vfswrap_fstat,
+	vfswrap_lstat,
+	vfswrap_unlink,
+	vfswrap_chmod,
+	vfswrap_fchmod,
+	vfswrap_chown,
+	vfswrap_fchown,
+	vfswrap_chdir,
+	vfswrap_getwd,
+	vfswrap_utime,
+	vfswrap_ftruncate,
+	vfswrap_lock,
+	vfswrap_symlink,
+	vfswrap_readlink,
+	vfswrap_link,
+	vfswrap_mknod,
+	vfswrap_realpath,
+
+	vfswrap_fget_nt_acl,
+	vfswrap_get_nt_acl,
+	vfswrap_fset_nt_acl,
+	vfswrap_set_nt_acl,
+
+	/* POSIX ACL operations. */
+#if defined(HAVE_NO_ACLS)
+	NULL,
+	NULL,
+#else
+	vfswrap_chmod_acl,
+	vfswrap_fchmod_acl,
+#endif
+	vfswrap_sys_acl_get_entry,
+	vfswrap_sys_acl_get_tag_type,
+	vfswrap_sys_acl_get_permset,
+	vfswrap_sys_acl_get_qualifier,
+	vfswrap_sys_acl_get_file,
+	vfswrap_sys_acl_get_fd,
+	vfswrap_sys_acl_clear_perms,
+	vfswrap_sys_acl_add_perm,
+	vfswrap_sys_acl_to_text,
+	vfswrap_sys_acl_init,
+	vfswrap_sys_acl_create_entry,
+	vfswrap_sys_acl_set_tag_type,
+	vfswrap_sys_acl_set_qualifier,
+	vfswrap_sys_acl_set_permset,
+	vfswrap_sys_acl_valid,
+	vfswrap_sys_acl_set_file,
+	vfswrap_sys_acl_set_fd,
+	vfswrap_sys_acl_delete_def_file,
+	vfswrap_sys_acl_get_perm,
+	vfswrap_sys_acl_free_text,
+	vfswrap_sys_acl_free_acl,
+	vfswrap_sys_acl_free_qualifier
+};
+
+/****************************************************************************
+  initialise default vfs hooks
+****************************************************************************/
+
+static BOOL vfs_init_default(connection_struct *conn)
+{
+	DEBUG(3, ("Initialising default vfs hooks\n"));
+
+	memcpy(&conn->vfs_ops, &default_vfs_ops, sizeof(struct vfs_ops));
+	return True;
+}
+
+/****************************************************************************
+  initialise custom vfs hooks
+****************************************************************************/
+
+static BOOL vfs_init_custom(connection_struct *conn)
+{
+	int vfs_version = -1;
+	struct vfs_ops *ops, *(*init_fptr)(int *, struct vfs_ops *);
+
+	DEBUG(3, ("Initialising custom vfs hooks from %s\n", lp_vfsobj(SNUM(conn))));
+
+	/* Open object file */
+
+	if ((conn->dl_handle = sys_dlopen(lp_vfsobj(SNUM(conn)), RTLD_NOW | RTLD_GLOBAL)) == NULL) {
+		DEBUG(0, ("Error opening %s: %s\n", lp_vfsobj(SNUM(conn)), dlerror()));
+		return False;
+	}
+
+	/* Get handle on vfs_init() symbol */
+
+	init_fptr = (struct vfs_ops *(*)(int *, struct vfs_ops *))sys_dlsym(conn->dl_handle, "vfs_init");
+
+	if (init_fptr == NULL) {
+		DEBUG(0, ("No vfs_init() symbol found in %s\n", lp_vfsobj(SNUM(conn))));
+		return False;
+	}
+
+	/* Initialise vfs_ops structure */
+
+	conn->vfs_ops = default_vfs_ops;
+
+	if ((ops = init_fptr(&vfs_version, &default_vfs_ops)) == NULL) {
+		DEBUG(0, ("vfs_init function from %s failed\n", lp_vfsobj(SNUM(conn))));
+		return False;
+	}
+
+	if (vfs_version != SMB_VFS_INTERFACE_VERSION) {
+		DEBUG(0, ("vfs_init returned wrong interface version info (was %d, should be %d)\n",
+			vfs_version, SMB_VFS_INTERFACE_VERSION ));
+		return False;
+	}
+
+	if (ops != &conn->vfs_ops) {
+		memcpy(&conn->vfs_ops, ops, sizeof(struct vfs_ops));
+	}
+
+	return True;
+}
+
+/*****************************************************************
+ Generic VFS init.
+******************************************************************/
+
+BOOL smbd_vfs_init(connection_struct *conn)
+{
+	if (*lp_vfsobj(SNUM(conn))) {
+ 
+		/* Loadable object file */
+ 
+		if (!vfs_init_custom(conn)) {
+			DEBUG(0, ("smbd_vfs_init: vfs_init_custom failed\n"));
+			return False;
+		}
+
+		return True;
+	}
+ 
+	/* Normal share - initialise with disk access functions */
+ 
+	return vfs_init_default(conn);
+}
+
+/*******************************************************************
+ Check if directory exists.
+********************************************************************/
+
+BOOL vfs_directory_exist(connection_struct *conn, const char *dname, SMB_STRUCT_STAT *st)
+{
+	SMB_STRUCT_STAT st2;
+	BOOL ret;
+
+	if (!st)
+		st = &st2;
+
+	if (vfs_stat(conn,dname,st) != 0)
+		return(False);
+
+	ret = S_ISDIR(st->st_mode);
+	if(!ret)
+		errno = ENOTDIR;
+
+	return ret;
+}
+
+/*******************************************************************
+ vfs getwd wrapper 
+********************************************************************/
+char *vfs_getwd(connection_struct *conn, char *path)
+{
+	return conn->vfs_ops.getwd(conn,path);
+}
+
+/*******************************************************************
+ vfs mkdir wrapper 
+********************************************************************/
+
+int vfs_mkdir(connection_struct *conn, const char *name, mode_t mode)
+{
+	int ret;
+	SMB_STRUCT_STAT sbuf;
+
+	if(!(ret=conn->vfs_ops.mkdir(conn,name,mode))) {
+		/*
+		 * Check if high bits should have been set,
+		 * then (if bits are missing): add them.
+		 * Consider bits automagically set by UNIX, i.e. SGID bit from parent dir.
+		 */
+		if(mode & ~(S_IRWXU|S_IRWXG|S_IRWXO) &&
+				!vfs_stat(conn,name,&sbuf) && (mode & ~sbuf.st_mode))
+			vfs_chmod(conn,name,sbuf.st_mode | (mode & ~sbuf.st_mode));
+	}
+	return ret;
+}
+
+/*******************************************************************
+ Check if an object exists in the vfs.
+********************************************************************/
+
+BOOL vfs_object_exist(connection_struct *conn,const char *fname,SMB_STRUCT_STAT *sbuf)
+{
+	SMB_STRUCT_STAT st;
+
+	if (!sbuf)
+		sbuf = &st;
+
+	ZERO_STRUCTP(sbuf);
+
+	if (vfs_stat(conn,fname,sbuf) == -1)
+		return(False);
+	return True;
+}
+
+/*******************************************************************
+ Check if a file exists in the vfs.
+********************************************************************/
+
+BOOL vfs_file_exist(connection_struct *conn, const char *fname,SMB_STRUCT_STAT *sbuf)
+{
+	SMB_STRUCT_STAT st;
+
+	if (!sbuf)
+		sbuf = &st;
+
+	ZERO_STRUCTP(sbuf);
+
+	if (vfs_stat(conn,fname,sbuf) == -1)
+		return False;
+	return(S_ISREG(sbuf->st_mode));
+}
+
+/****************************************************************************
+ Read data from fsp on the vfs. (note: EINTR re-read differs from vfs_write_data)
+****************************************************************************/
+
+ssize_t vfs_read_data(files_struct *fsp, char *buf, size_t byte_count)
+{
+	size_t total=0;
+
+	while (total < byte_count)
+	{
+		ssize_t ret = fsp->conn->vfs_ops.read(fsp, fsp->fd, buf + total,
+					byte_count - total);
+
+		if (ret == 0) return total;
+		if (ret == -1) {
+			if (errno == EINTR)
+				continue;
+			else
+				return -1;
+		}
+		total += ret;
+	}
+	return (ssize_t)total;
+}
+
+/****************************************************************************
+ Write data to a fd on the vfs.
+****************************************************************************/
+
+ssize_t vfs_write_data(files_struct *fsp,const char *buffer,size_t N)
+{
+	size_t total=0;
+	ssize_t ret;
+
+	while (total < N) {
+		ret = fsp->conn->vfs_ops.write(fsp,fsp->fd,buffer + total,N - total);
+
+		if (ret == -1)
+			return -1;
+		if (ret == 0)
+			return total;
+
+		total += ret;
+	}
+	return (ssize_t)total;
+}
+
+/****************************************************************************
+ An allocate file space call using the vfs interface.
+ Allocates space for a file from a filedescriptor.
+ Returns 0 on success, -1 on failure.
+****************************************************************************/
+
+int vfs_allocate_file_space(files_struct *fsp, SMB_OFF_T len)
+{
+	int ret;
+	SMB_STRUCT_STAT st;
+	connection_struct *conn = fsp->conn;
+	struct vfs_ops *vfs_ops = &conn->vfs_ops;
+	SMB_OFF_T space_avail;
+	SMB_BIG_UINT bsize,dfree,dsize;
+
+	release_level_2_oplocks_on_change(fsp);
+
+	/*
+	 * Actually try and commit the space on disk....
+	 */
+
+	DEBUG(10,("vfs_allocate_file_space: file %s, len %.0f\n", fsp->fsp_name, (double)len ));
+
+	ret = vfs_fstat(fsp,fsp->fd,&st);
+	if (ret == -1)
+		return ret;
+
+	if (len == st.st_size)
+		return 0;
+
+	if (len < st.st_size) {
+		/* Shrink - use ftruncate. */
+
+		DEBUG(10,("vfs_allocate_file_space: file %s, shrink. Current size %.0f\n",
+				fsp->fsp_name, (double)st.st_size ));
+
+		flush_write_cache(fsp, SIZECHANGE_FLUSH);
+		if ((ret = vfs_ops->ftruncate(fsp, fsp->fd, len)) != -1) {
+			set_filelen_write_cache(fsp, len);
+		}
+		return ret;
+	}
+
+	/* Grow - we need to test if we have enough space. */
+
+	if (!lp_strict_allocate(SNUM(fsp->conn)))
+		return 0;
+
+	len -= st.st_size;
+	len /= 1024; /* Len is now number of 1k blocks needed. */
+	space_avail = (SMB_OFF_T)conn->vfs_ops.disk_free(conn,fsp->fsp_name,False,&bsize,&dfree,&dsize);
+
+	DEBUG(10,("vfs_allocate_file_space: file %s, grow. Current size %.0f, needed blocks = %lu, space avail = %lu\n",
+			fsp->fsp_name, (double)st.st_size, (unsigned long)len, (unsigned long)space_avail ));
+
+	if (len > space_avail) {
+		errno = ENOSPC;
+		return -1;
+	}
+
+	return 0;
+}
+
+/****************************************************************************
+ A vfs set_filelen call.
+ set the length of a file from a filedescriptor.
+ Returns 0 on success, -1 on failure.
+****************************************************************************/
+
+int vfs_set_filelen(files_struct *fsp, SMB_OFF_T len)
+{
+	int ret;
+
+	release_level_2_oplocks_on_change(fsp);
+	DEBUG(10,("vfs_set_filelen: ftruncate %s to len %.0f\n", fsp->fsp_name, (double)len));
+	flush_write_cache(fsp, SIZECHANGE_FLUSH);
+	if ((ret = fsp->conn->vfs_ops.ftruncate(fsp, fsp->fd, len)) != -1)
+		set_filelen_write_cache(fsp, len);
+
+	return ret;
+}
+
+/****************************************************************************
+ Transfer some data (n bytes) between two file_struct's.
+****************************************************************************/
+
+static files_struct *in_fsp;
+static files_struct *out_fsp;
+
+static ssize_t read_fn(int fd, void *buf, size_t len)
+{
+	return in_fsp->conn->vfs_ops.read(in_fsp, fd, buf, len);
+}
+
+static ssize_t write_fn(int fd, const void *buf, size_t len)
+{
+	return out_fsp->conn->vfs_ops.write(out_fsp, fd, buf, len);
+}
+
+SMB_OFF_T vfs_transfer_file(files_struct *in, files_struct *out, SMB_OFF_T n)
+{
+	in_fsp = in;
+	out_fsp = out;
+
+	return transfer_file_internal(in_fsp->fd, out_fsp->fd, n, read_fn, write_fn);
+}
+
+/*******************************************************************
+ A vfs_readdir wrapper which just returns the file name.
+********************************************************************/
+
+char *vfs_readdirname(connection_struct *conn, void *p)
+{
+	struct dirent *ptr;
+	char *dname;
+
+	if (!p)
+		return(NULL);
+
+	ptr = (struct dirent *)conn->vfs_ops.readdir(conn,p);
+	if (!ptr)
+		return(NULL);
+
+	dname = ptr->d_name;
+
+#ifdef NEXT2
+	if (telldir(p) < 0)
+		return(NULL);
+#endif
+
+#ifdef HAVE_BROKEN_READDIR
+	/* using /usr/ucb/cc is BAD */
+	dname = dname - 2;
+#endif
+
+	return(dname);
+}
+
+/* VFS options not quite working yet */
+
+#if 0
+
+/***************************************************************************
+  handle the interpretation of the vfs option parameter
+ *************************************************************************/
+static BOOL handle_vfs_option(char *pszParmValue, char **ptr)
+{
+    struct vfs_options *new_option, **options = (struct vfs_options **)ptr;
+    int i;
+
+    /* Create new vfs option */
+
+    new_option = (struct vfs_options *)malloc(sizeof(*new_option));
+    if (new_option == NULL) {
+	return False;
+    }
+
+    ZERO_STRUCTP(new_option);
+
+    /* Get name and value */
+
+    new_option->name = strtok(pszParmValue, "=");
+
+    if (new_option->name == NULL) {
+	return False;
+    }
+
+    while(isspace(*new_option->name)) {
+	new_option->name++;
+    }
+
+    for (i = strlen(new_option->name); i > 0; i--) {
+	if (!isspace(new_option->name[i - 1])) break;
+    }
+
+    new_option->name[i] = '\0';
+    new_option->name = strdup(new_option->name);
+
+    new_option->value = strtok(NULL, "=");
+
+    if (new_option->value != NULL) {
+
+	while(isspace(*new_option->value)) {
+	    new_option->value++;
+	}
+	
+	for (i = strlen(new_option->value); i > 0; i--) {
+	    if (!isspace(new_option->value[i - 1])) break;
+	}
+	
+	new_option->value[i] = '\0';
+	new_option->value = strdup(new_option->value);
+    }
+
+    /* Add to list */
+
+    DLIST_ADD(*options, new_option);
+
+    return True;
+}
+
+#endif
+
+
+/*******************************************************************
+ A wrapper for vfs_chdir().
+********************************************************************/
+
+int vfs_ChDir(connection_struct *conn, char *path)
+{
+	int res;
+	static pstring LastDir="";
+
+	if (strcsequal(path,"."))
+		return(0);
+
+	if (*path == '/' && strcsequal(LastDir,path))
+		return(0);
+
+	DEBUG(3,("vfs_ChDir to %s\n",path));
+
+	res = vfs_chdir(conn,path);
+	if (!res)
+		pstrcpy(LastDir,path);
+	return(res);
+}
+
+/* number of list structures for a caching GetWd function. */
+#define MAX_GETWDCACHE (50)
+
+struct {
+	SMB_DEV_T dev; /* These *must* be compatible with the types returned in a stat() call. */
+	SMB_INO_T inode; /* These *must* be compatible with the types returned in a stat() call. */
+	char *dos_path; /* The pathname in DOS format. */
+	BOOL valid;
+} ino_list[MAX_GETWDCACHE];
+
+extern BOOL use_getwd_cache;
+
+/****************************************************************************
+ Prompte a ptr (to make it recently used)
+****************************************************************************/
+
+static void array_promote(char *array,int elsize,int element)
+{
+	char *p;
+	if (element == 0)
+		return;
+
+	p = (char *)malloc(elsize);
+
+	if (!p) {
+		DEBUG(5,("array_promote: malloc fail\n"));
+		return;
+	}
+
+	memcpy(p,array + element * elsize, elsize);
+	memmove(array + elsize,array,elsize*element);
+	memcpy(array,p,elsize);
+	SAFE_FREE(p);
+}
+
+/*******************************************************************
+ Return the absolute current directory path - given a UNIX pathname.
+ Note that this path is returned in DOS format, not UNIX
+ format. Note this can be called with conn == NULL.
+********************************************************************/
+
+char *vfs_GetWd(connection_struct *conn, char *path)
+{
+	pstring s;
+	static BOOL getwd_cache_init = False;
+	SMB_STRUCT_STAT st, st2;
+	int i;
+
+	*s = 0;
+
+	if (!use_getwd_cache)
+		return(vfs_getwd(conn,path));
+
+	/* init the cache */
+	if (!getwd_cache_init) {
+		getwd_cache_init = True;
+		for (i=0;i<MAX_GETWDCACHE;i++) {
+			string_set(&ino_list[i].dos_path,"");
+			ino_list[i].valid = False;
+		}
+	}
+
+	/*  Get the inode of the current directory, if this doesn't work we're
+		in trouble :-) */
+
+	if (vfs_stat(conn, ".",&st) == -1) {
+		DEBUG(0,("Very strange, couldn't stat \".\" path=%s\n", path));
+		return(vfs_getwd(conn,path));
+	}
+
+
+	for (i=0; i<MAX_GETWDCACHE; i++) {
+		if (ino_list[i].valid) {
+
+			/*  If we have found an entry with a matching inode and dev number
+				then find the inode number for the directory in the cached string.
+				If this agrees with that returned by the stat for the current
+				directory then all is o.k. (but make sure it is a directory all
+				the same...) */
+
+			if (st.st_ino == ino_list[i].inode && st.st_dev == ino_list[i].dev) {
+				if (vfs_stat(conn,ino_list[i].dos_path,&st2) == 0) {
+					if (st.st_ino == st2.st_ino && st.st_dev == st2.st_dev &&
+							(st2.st_mode & S_IFMT) == S_IFDIR) {
+						pstrcpy (path, ino_list[i].dos_path);
+
+						/* promote it for future use */
+						array_promote((char *)&ino_list[0],sizeof(ino_list[0]),i);
+						return (path);
+					} else {
+						/*  If the inode is different then something's changed,
+							scrub the entry and start from scratch. */
+						ino_list[i].valid = False;
+					}
+				}
+			}
+		}
+	}
+
+	/*  We don't have the information to hand so rely on traditional methods.
+		The very slow getcwd, which spawns a process on some systems, or the
+		not quite so bad getwd. */
+
+	if (!vfs_getwd(conn,s)) {
+		DEBUG(0,("vfs_GetWd: vfs_getwd call failed, errno %s\n",strerror(errno)));
+		return (NULL);
+	}
+
+	pstrcpy(path,s);
+
+	DEBUG(5,("vfs_GetWd %s, inode %.0f, dev %.0f\n",s,(double)st.st_ino,(double)st.st_dev));
+
+	/* add it to the cache */
+	i = MAX_GETWDCACHE - 1;
+	string_set(&ino_list[i].dos_path,s);
+	ino_list[i].dev = st.st_dev;
+	ino_list[i].inode = st.st_ino;
+	ino_list[i].valid = True;
+
+	/* put it at the top of the list */
+	array_promote((char *)&ino_list[0],sizeof(ino_list[0]),i);
+
+	return (path);
+}
+
+/*******************************************************************
+ Reduce a file name, removing .. elements and checking that
+ it is below dir in the heirachy. This uses vfs_GetWd() and so must be run
+ on the system that has the referenced file system.
+ Widelinks are allowed if widelinks is true.
+********************************************************************/
+
+BOOL reduce_name(connection_struct *conn, char *s,char *dir,BOOL widelinks)
+{
+#ifndef REDUCE_PATHS
+	return True;
+#else
+	pstring dir2;
+	pstring wd;
+	pstring base_name;
+	pstring newname;
+	char *p=NULL;
+	BOOL relative = (*s != '/');
+
+	*dir2 = *wd = *base_name = *newname = 0;
+
+	if (widelinks) {
+		unix_clean_name(s);
+		/* can't have a leading .. */
+		if (strncmp(s,"..",2) == 0 && (s[2]==0 || s[2]=='/')) {
+			DEBUG(3,("Illegal file name? (%s)\n",s));
+			return(False);
+		}
+
+		if (strlen(s) == 0)
+			pstrcpy(s,"./");
+
+		return(True);
+	}
+
+	DEBUG(3,("reduce_name [%s] [%s]\n",s,dir));
+
+	/* remove any double slashes */
+	all_string_sub(s,"//","/",0);
+
+	pstrcpy(base_name,s);
+	p = strrchr_m(base_name,'/');
+
+	if (!p)
+		return(True);
+
+	if (!vfs_GetWd(conn,wd)) {
+		DEBUG(0,("couldn't vfs_GetWd for %s %s\n",s,dir));
+		return(False);
+	}
+
+	if (vfs_ChDir(conn,dir) != 0) {
+		DEBUG(0,("couldn't vfs_ChDir to %s\n",dir));
+		return(False);
+	}
+
+	if (!vfs_GetWd(conn,dir2)) {
+		DEBUG(0,("couldn't vfs_GetWd for %s\n",dir));
+		vfs_ChDir(conn,wd);
+		return(False);
+	}
+
+	if (p && (p != base_name)) {
+		*p = 0;
+		if (strcmp(p+1,".")==0)
+			p[1]=0;
+		if (strcmp(p+1,"..")==0)
+			*p = '/';
+	}
+
+	if (vfs_ChDir(conn,base_name) != 0) {
+		vfs_ChDir(conn,wd);
+		DEBUG(3,("couldn't vfs_ChDir for %s %s basename=%s\n",s,dir,base_name));
+		return(False);
+	}
+
+	if (!vfs_GetWd(conn,newname)) {
+		vfs_ChDir(conn,wd);
+		DEBUG(2,("couldn't get vfs_GetWd for %s %s\n",s,dir2));
+		return(False);
+	}
+
+	if (p && (p != base_name)) {
+		pstrcat(newname,"/");
+		pstrcat(newname,p+1);
+	}
+
+	{
+		size_t l = strlen(dir2);
+		if (dir2[l-1] == '/')
+			l--;
+
+		if (strncmp(newname,dir2,l) != 0) {
+			vfs_ChDir(conn,wd);
+			DEBUG(2,("Bad access attempt? s=%s dir=%s newname=%s l=%d\n",s,dir2,newname,(int)l));
+			return(False);
+		}
+
+		if (relative) {
+			if (newname[l] == '/')
+				pstrcpy(s,newname + l + 1);
+			else
+				pstrcpy(s,newname+l);
+		} else
+			pstrcpy(s,newname);
+	}
+
+	vfs_ChDir(conn,wd);
+
+	if (strlen(s) == 0)
+		pstrcpy(s,"./");
+
+	DEBUG(3,("reduced to %s\n",s));
+	return(True);
+#endif
+}
diff --git a/source3/smbd/vt_mode.c b/source3/smbd/vt_mode.c
deleted file mode 100644
index 83b62a38ac..0000000000
--- a/source3/smbd/vt_mode.c
+++ /dev/null
@@ -1,496 +0,0 @@
-/* vt_mode.c */
-/*
-support vtp-sessions
-
-written by Christian A. Lademann <cal@zls.com>
-*/
-
-/*
-02.05.95:cal:ported to samba-1.9.13
-*/
-
-#define	__vt_mode_c__
-
-
-/* #include	<stdio.h> */
-/* #include	<fcntl.h> */
-/* #include	<sys/types.h> */
-/* #include	<unistd.h> */
-/* #include	<signal.h> */
-/* #include	<errno.h> */
-/* #include	<ctype.h> */
-/* #include	<utmp.h> */
-/* #include	<sys/param.h> */
-/* #include	<sys/ioctl.h> */
-/* #include	<stdlib.h> */
-/* #include	<string.h> */
-
-#include	"includes.h"
-#include	"vt_mode.h"
-#include	<utmp.h>
-
-#ifdef SCO
-	extern char	*strdup();
-#endif
-
-extern int Client;
-
-#ifdef LINUX
-#	define	HAS_VTY
-#endif
-
-#ifdef SCO
-#	define	HAS_PTY
-#	define	HAS_VTY
-
-#	include	<sys/tty.h>
-#endif
-
-extern int	DEBUGLEVEL;
-extern char	*InBuffer, *OutBuffer;
-extern int	done_become_user;
-
-char	master_name [64], slave_name [64];
-int		master, slave, i, o, e;
-
-int		ms_type = MS_NONE,
-		ms_poll = 0;
-
-
-/*
-VT_Check: test incoming packet for "vtp" or "iVT1\0"
-*/
-int	VT_Check(buffer)
-char	*buffer;
-{
-	DEBUG(3,("Checking packet: <%10s...>\n", buffer+4));
-	if((strncmp(buffer+4, "vtp", 3) == 0 && smb_len(buffer) == 3) || (strncmp(buffer+4, "iVT1\0", 5) == 0 && smb_len(buffer) == 5))
-		return(1);
-	else
-		return(0);
-}
-
-
-/*
-VT_Start_utmp: prepare /etc/utmp for /bin/login
-*/
-VT_Start_utmp()
-{
-	struct utmp	u, *v;
-	char		*tt;
-
-
-	setutent();
-
-	strcpy(u.ut_line, VT_Line);
-
-	if((v = getutline(&u)) == NULL) {
-		if(strncmp(VT_Line, "tty", 3) == 0)
-			tt = VT_Line + 3;
-		else if(strlen(VT_Line) > 4)
-			tt = VT_Line + strlen(VT_Line) - 4;
-		else
-			tt = VT_Line;
-
-		strcpy(u.ut_id, tt);
-		u.ut_time = time((time_t*)0);
-	}
-
-	strcpy(u.ut_user, "LOGIN");
-	strcpy(u.ut_line, VT_Line);
-	u.ut_pid = getpid();
-	u.ut_type = LOGIN_PROCESS;
-	pututline(&u);
-
-	endutent();
-
-	return(0);
-}
-
-
-/*
-VT_Stop_utmp: prepare /etc/utmp for other processes
-*/
-VT_Stop_utmp()
-{
-	struct utmp	u, *v;
-
-
-	if(VT_Line != NULL) {
-		setutent();
-
-		strcpy(u.ut_line, VT_Line);
-
-		if((v = getutline(&u)) != NULL) {
-			strcpy(v->ut_user, "");
-			v->ut_type = DEAD_PROCESS;
-			v->ut_time = time((time_t*)0);
-			pututline(v);
-		}
-
-		endutent();
-	}
-
-	return(0);
-}
-
-
-/*
-VT_AtExit: Things to do when the program exits
-*/
-void	VT_AtExit()
-{
-	if(VT_ChildPID > 0) {
-		kill(VT_ChildPID, SIGHUP);
-		(void)wait(NULL);
-	}
-
-	VT_Stop_utmp();
-}
-
-
-/*
-VT_SigCLD: signalhandler for SIGCLD: set flag if child-process died
-*/
-void	VT_SigCLD(sig)
-int	sig;
-{
-	if(wait(NULL) == VT_ChildPID)
-		VT_ChildDied = True;
-	else
-		signal(SIGCLD, VT_SigCLD);
-}
-
-
-/*
-VT_SigEXIT: signalhandler for signals that cause the process to exit
-*/
-void	VT_SigEXIT(sig)
-int	sig;
-{
-	VT_AtExit();
-
-	exit(1);
-}
-
-
-/*
-VT_Start: initialize vt-specific data, alloc pty, spawn shell and send ACK
-*/
-int	VT_Start()
-{
-	char	OutBuf [64], *X, *Y;
-
-
-	ms_type = MS_NONE;
-	master = slave = -1;
-
-#ifdef HAS_VTY
-#ifdef LINUX
-#	define	MASTER_TMPL	"/dev/pty  "
-#	define	SLAVE_TMPL	"/dev/tty  "
-#	define	LETTER1		"pqrs"
-#	define	POS1		8
-#	define	LETTER2		"0123456789abcdef"
-#	define	POS2		9
-#endif
-
-#ifdef SCO
-#	define	MASTER_TMPL	"/dev/ptyp_  "
-#	define	SLAVE_TMPL	"/dev/ttyp_  "
-#	define	LETTER1		"0123456"
-#	define	POS1		10
-#	define	LETTER2		"0123456789abcdef"
-#	define	POS2		11
-#endif
-
-	if(ms_poll == MS_VTY || ms_poll == 0) {
-		strcpy(master_name, MASTER_TMPL);
-		strcpy(slave_name, SLAVE_TMPL);
-
-		for(X = LETTER1; *X && master < 0; X++)
-			for(Y = LETTER2; *Y && master < 0; Y++) {
-				master_name [POS1] = *X;
-				master_name [POS2] = *Y;
-				if((master = open(master_name, O_RDWR)) >= 0) {
-					slave_name [POS1] = *X;
-					slave_name [POS2] = *Y;
-					if((slave = open(slave_name, O_RDWR)) < 0)
-						close(master);
-				}
-			}
-
-		if(master >= 0 && slave >= 0)
-			ms_type = MS_VTY;
-	}
-
-#	undef	MASTER_TMPL
-#	undef	SLAVE_TMPL
-#	undef	LETTER1
-#	undef	LETTER2
-#	undef	POS1
-#	undef	POS2
-#endif
-
-
-#ifdef HAS_PTY
-#ifdef SCO
-#	define	MASTER_TMPL	"/dev/ptyp%d"
-#	define	SLAVE_TMPL	"/dev/ttyp%d"
-#	define	MIN_I		0
-#	define	MAX_I		63
-#endif
-
-	if(ms_poll == MS_PTY || ms_poll == 0) {
-		int	i;
-
-		for(i = MIN_I; i <= MAX_I && master < 0; i++) {
-			sprintf(master_name, MASTER_TMPL, i);
-			if((master = open(master_name, O_RDWR)) >= 0) {
-				sprintf(slave_name, SLAVE_TMPL, i);
-				if((slave = open(slave_name, O_RDWR)) < 0)
-					close(master);
-			}
-		}
-
-		if(master >= 0 && slave >= 0)
-			ms_type = MS_PTY;
-	}
-
-#	undef	MASTER_TMPL
-#	undef	SLAVE_TMPL
-#	undef	MIN_I
-#	undef	MAX_I
-#endif
-
-
-	if(! ms_type)
-		return(-1);
-
-	VT_Line = strdup(strrchr(slave_name, '/') + 1);
-
-	switch((VT_ChildPID = fork())) {
-	case -1:
-		return(-1);
-		break;
-
-	case 0:
-#ifdef SCO
-		setsid();
-#endif
-		close(0);
-		close(1);
-		close(2);
-
-		i = open(slave_name, O_RDWR);
-		o = open(slave_name, O_RDWR);
-		e = open(slave_name, O_RDWR);
-
-#ifdef LINUX
-		setsid();
-		if (ioctl(slave, TIOCSCTTY, (char *)NULL) == -1)
-			exit(1);
-#endif
-#ifdef SCO
-		tcsetpgrp(0, getpid());
-#endif
-
-		VT_Start_utmp();
-
-		system("stty sane");
-		execlp("/bin/login", "login", "-c", (char*)0);
-		exit(1);
-		break;
-
-	default:
-		VT_Mode = True;
-		VT_Status = VT_OPEN;
-		VT_ChildDied = False;
-		VT_Fd = master;
-
-		signal(SIGCLD, VT_SigCLD);
-
-		signal(SIGHUP, VT_SigEXIT);
-		signal(SIGTERM, VT_SigEXIT);
-		signal(SIGINT, VT_SigEXIT);
-		signal(SIGQUIT, VT_SigEXIT);
-
-		memset(OutBuf, 0, sizeof(OutBuf));
-		OutBuf [4] = 0x06;
-		_smb_setlen(OutBuf, 1);
-
-		send_smb(Client,OutBuf);
-
-		return(0);
-		break;
-	}
-}
-
-
-/*
-VT_Output: transport data from socket to pty
-*/
-int	VT_Output(Buffer)
-char	*Buffer;
-{
-	int		i, len, nb;
-
-
-	if(VT_Status != VT_OPEN)
-		return(-1);
-
-	len = smb_len(Buffer);
-
-	nb = write(VT_Fd, Buffer + 4, len);
-
-	return((nb == len) ? 0 : -1);
-}
-
-
-/*
-VT_Input: transport data from pty to socket
-*/
-int	VT_Input(Buffer, Size)
-char	*Buffer;
-int		Size;
-{
-	int		len;
-
-
-	if(VT_Status != VT_OPEN)
-		return(-1);
-
-	memset(Buffer, 0, Size);
-	len = read(VT_Fd, Buffer + 4, MIN(VT_MAXREAD, Size));
-
-	_smb_setlen(Buffer, len);
-
-	return(len + 4);
-}
-
-
-/*
-VT_Process: main loop while in vt-mode
-*/
-void VT_Process()
-{
-	static int	trans_num = 0;
-	extern int	Client;
-	int			nread;
-
-
-	VT_Start();
-
-	atexit(VT_AtExit);
-
-	while (True) {
-		int32			len;      
-		int				msg_type;
-		int				msg_flags;
-		int				counter;
-		int				last_keepalive=0;
-		struct fd_set	si;
-		struct timeval	to, *top;
-		int				n, ret, t;
-
-
-		errno = 0;
-		t = SMBD_SELECT_LOOP*1000;
-
-
-		FD_ZERO(&si);
-		FD_SET(Client, &si);
-
-		FD_SET(VT_Fd, &si);
-
-		if(t >= 0) {
-			to.tv_sec = t / 1000;
-			to.tv_usec = t - (to.tv_sec * 1000);
-
-			top = &to;
-		} else
-			top = NULL;
-
-		if(VT_ChildDied)
-			goto leave_VT_Process;
-
-		n = select(MAX(VT_Fd, Client) + 1, &si, NULL, NULL, top);
-
-		if(VT_ChildDied)
-			goto leave_VT_Process;
-	
-		if(n == 0) {
-			int i;
-			time_t t;
-			BOOL allidle = True;
-			extern int keepalive;
-	
-			counter += SMBD_SELECT_LOOP;
-
-			t = time(NULL);
-	
-			if (keepalive && (counter-last_keepalive)>keepalive) {
-				if (!send_keepalive(Client))
-					goto leave_VT_Process;
-				last_keepalive = counter;
-			}
-		} else if(n > 0) {
-			counter = 0;
-
-			if(FD_ISSET(VT_Fd, &si)) {
-				/* got input from vt */
-				nread = VT_Input(OutBuffer, MIN(BUFFER_SIZE,lp_maxxmit()));
-
-				if(nread > 0)
-					send_smb(Client,OutBuffer);
-			}
-
-			if(FD_ISSET(Client, &si)) {
-				/* got input from socket */
-
-				if(receive_smb(Client,InBuffer, 0)) {
-					msg_type = CVAL(InBuffer,0);
-					msg_flags = CVAL(InBuffer,1);
-	
-					len = smb_len(InBuffer);
-	
-					DEBUG(6,("got message type 0x%x of len 0x%x\n",msg_type,len));
-	
-					nread = len + 4;
-     	 
-					DEBUG(3,("%s Transaction %d of length %d\n",timestring(),trans_num,nread));
-	
-					if(msg_type == 0)
-						VT_Output(InBuffer);
-					else {
-						nread = construct_reply(InBuffer,OutBuffer,nread,MIN(BUFFER_SIZE,lp_maxxmit()));
-     	
-						if(nread > 0) {
-							if (nread != smb_len(OutBuffer) + 4) {
-								DEBUG(0,("ERROR: Invalid message response size! %d %d\n",
-									nread,
-									smb_len(OutBuffer)));
-							} else
-								send_smb(Client,OutBuffer);
-						}
-					}
-				} else
-					if(errno == EBADF)
-						goto leave_VT_Process;
-			}
-		}
-
-		trans_num++;
-	}
-
-	leave_VT_Process:
-/*
-		if(VT_ChildPID > 0)
-			kill(VT_ChildPID, SIGHUP);
-
-		VT_Stop_utmp(VT_Line);
-		return;
-*/
-		close_sockets();
-		exit(0);
-}
diff --git a/source3/smbwrapper/.cvsignore b/source3/smbwrapper/.cvsignore
new file mode 100644
index 0000000000..7835612d32
--- /dev/null
+++ b/source3/smbwrapper/.cvsignore
@@ -0,0 +1,8 @@
+*.po
+*.po32
+kernel_stat.h
+smbsh
+tst
+tst.c
+wrapper.h
+xstat.c
diff --git a/source3/smbwrapper/PORTING b/source3/smbwrapper/PORTING
new file mode 100644
index 0000000000..884246d078
--- /dev/null
+++ b/source3/smbwrapper/PORTING
@@ -0,0 +1,77 @@
+This describes how to port the smbwrapper portion of Samba to a new
+unix-like platform. Note that porting smbwrapper is considerably
+harder than porting Samba, for Samba you generally just need to run
+configure and recompile whereas for smbwrapper some extra effort is
+generally required.
+
+
+STEP 1
+------
+
+The first step is to work out how to create a shared library on your
+OS and how to compile C code to produce position independent object
+files (PIC files). You shoud be able to find this information in the
+man pages for your compiler and loader (ld). Then modify configure.in
+to give that information to Samba.
+
+
+STEP 2
+------
+
+The next step is to work out how to preload shared objects. On many
+systems this is done using a LD_PRELOAD environment variable. On
+others (shc as IRIX) it may use a _RTL_LIST variable.
+
+To make sure it works I suggest you create two C files like this:
+
+/* first C file */
+main()
+{
+ unlink("foo.txt");
+}
+
+/* second C file */
+#include <stdio.h>
+
+int unlink(char *fname)
+{
+	fprintf(stderr,"unlink(%s) called\n",fname);
+}
+
+
+then compile the first as an ordinary C program and the second as a
+shared library. Then use LD_PRELOAD to preload the resulting shared
+library. Then run the first program. It should print "unlink(foo.txt)
+called". If it doesn't then consult your man pages till you get it
+right.
+
+Once you work this out then edit smbwrapper/smbsh.in and add a section
+if necessary to correctly set the necessary preload options for your
+OS. 
+
+
+STEP 3
+------
+
+The next step is to work out how to make direct system calls. On most
+machines this will work without any source code changes to
+smbwrapper. To test that it does work create the following C program:
+
+#include <sys/syscall.h>
+main()
+{
+ syscall(SYS_write, 1, "hello world\n", 12);
+}
+
+and try to compile/run it. If it produces "hello world" then syscall()
+works as expected. If not then work out what needs to be changed and
+then make that change in realcalls.h. For example, on IRIX 6.4 the
+system call numbers are wrong and need to be fixed up by getting an
+offset right.
+
+
+STEP 4
+------
+
+Try compiling smbwrapper! Then test it. Then debug it. Simple really :)
+
diff --git a/source3/smbwrapper/README b/source3/smbwrapper/README
new file mode 100644
index 0000000000..8d5c376f82
--- /dev/null
+++ b/source3/smbwrapper/README
@@ -0,0 +1,94 @@
+This is a prelodable shared library that provides SMB client services
+for existing executables. Using this you can simulate a smb
+filesystem.
+
+*** This is code under development. Some things don't work yet ***
+
+Currently this code has been tested on:
+
+- Linux 2.0 with glibc2 (RH5.1)
+- Linux 2.1 with glibc2
+- Solaris 2.5.1 with gcc
+- Solaris 2.6 with gcc
+- SunOS 4.1.3 with gcc
+- IRIX 6.4 with cc
+- OSF1 with gcc
+
+
+It probably won't run on other systems without some porting. If you
+have a different system then see the file PORTING.
+
+To use it you need to do this:
+
+1) build smbwrapper.so using the command "make smbwrapper"
+3) run smbsh
+
+You will be asked for a username and password. After that you will be
+returned to a shell prompt. It is actually a subshell running with
+smbwrapper enabled. 
+
+Now try to access /smb/SERVER for some SMB server name and see what
+happens. If you use the -W option to set your workgroup or have
+workgroup set in your smb.conf then listing /smb/ should list all SMB
+servers in your workgroup.
+
+
+OPTIONS
+-------
+
+-U username
+   specify the username and optional password (as user%password)
+
+-d debug level
+ This is an integer that controls the internal debug level of smbw. It
+ defaults to 0, which means no debug info.
+
+-l logfile
+ The place where smbw debug logs are put. If this is not set then
+ stderr is used.
+
+-P prefix
+ The root of the SMB filesystem. This defaults to /smb/ but you can
+ set it to any name you like.
+
+-W workgroup
+ This is the workgroup used for browsing (ie. listing machines in the
+ /smb/ directory). It defaults to the one set in smb.conf.
+
+-R resolve order
+ This allows you to override the setting of the name resolve order
+ from smb.conf
+
+
+ATTRIBUTE MAPPING
+-----------------
+
+smbwrapper does an inverse attribute maping to what Samba does. This
+means that the archive bit appears as the user execute bit, the system
+bit appears as the group execute bit and the hidden bit appears as the
+other execute bit. You can control these with chmod. The mapping can
+be enabled an disabled using the normal smb.conf controls (ie. "map
+archive", "map system" and "map hidden").
+
+Read-only files appear as non-writeable by everyone. Writeable files
+appear as writeable by the current user.
+
+
+WHAT WORKS
+----------
+
+Things that I have tried and do seem to work include:
+
+  emacs, tar, ls, cmp, cp, rsync, du, cat, rm, mv, less, more, wc, head,
+  tail, bash, tcsh, mkdir, rmdir, vim, xedit, diff
+
+things that I know don't work:
+ 
+ anything executing from the share
+ anything that uses mmap
+ redirection within shells to smbsh files
+
+If you want to help with the development of this code then join the
+samba-technical mailing list.
+
+
diff --git a/source3/smbwrapper/realcalls.c b/source3/smbwrapper/realcalls.c
new file mode 100644
index 0000000000..b64f4a43db
--- /dev/null
+++ b/source3/smbwrapper/realcalls.c
@@ -0,0 +1,48 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB wrapper functions for calls that syscall() can't do
+   Copyright (C) Andrew Tridgell 1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "realcalls.h"
+
+#ifdef REPLACE_UTIME
+int real_utime(const char *name, struct utimbuf *buf)
+{
+	struct timeval tv[2];
+	
+	tv[0].tv_sec = buf->actime;
+	tv[0].tv_usec = 0;
+	tv[1].tv_sec = buf->modtime;
+	tv[1].tv_usec = 0;
+	
+	return real_utimes(name, &tv[0]);
+}
+#endif
+
+#ifdef REPLACE_UTIMES
+int real_utimes(const char *name, struct timeval tv[2])
+{
+	struct utimbuf buf;
+
+	buf.actime = tv[0].tv_sec;
+	buf.modtime = tv[1].tv_sec;
+	
+	return real_utime(name, &buf);
+}
+#endif
diff --git a/source3/smbwrapper/realcalls.h b/source3/smbwrapper/realcalls.h
new file mode 100644
index 0000000000..6c230dba05
--- /dev/null
+++ b/source3/smbwrapper/realcalls.h
@@ -0,0 +1,263 @@
+/* 
+   Unix SMB/CIFS implementation.
+   defintions of syscall entries
+   Copyright (C) Andrew Tridgell 1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#if HAVE_SYS_SYSCALL_H
+#include <sys/syscall.h>
+#elif HAVE_SYSCALL_H
+#include <syscall.h>
+#endif
+
+#ifdef IRIX
+/* amazingly, IRIX gets its own syscall numbers wrong! */
+#ifdef SYSVoffset
+#if (SYSVoffset == 1)
+#undef SYSVoffset
+#define SYSVoffset 1000
+#endif
+#endif
+#endif
+
+/* this file is partly derived from zlibc by Alain Knaff */
+
+#define real_access(fn, mode)		(syscall(SYS_access, (fn), (mode)))
+#define real_chdir(fn)		        (syscall(SYS_chdir, (fn)))
+#define real_chmod(fn, mode)		(syscall(SYS_chmod,(fn), (mode)))
+#define real_chown(fn, owner, group)	(syscall(SYS_chown,(fn),(owner),(group)))
+
+#ifdef SYS_getdents
+#define real_getdents(fd, dirp, count)	(syscall(SYS_getdents, (fd), (dirp), (count)))
+#endif
+
+#define real_link(fn1, fn2)		(syscall(SYS_link, (fn1), (fn2)))
+
+#define real_open(fn,flags,mode)	(syscall(SYS_open, (fn), (flags), (mode)))
+
+#ifdef SYS_open64
+#define real_open64(fn,flags,mode)	(syscall(SYS_open64, (fn), (flags), (mode)))
+#elif HAVE__OPEN64
+#define real_open64(fn,flags,mode)    	(_open64(fn,flags,mode))
+#define NO_OPEN64_ALIAS
+#elif HAVE___OPEN64
+#define real_open64(fn,flags,mode)    	(__open64(fn,flags,mode))
+#define NO_OPEN64_ALIAS
+#endif
+
+#ifdef HAVE__FORK
+#define real_fork()            	(_fork())
+#elif HAVE___FORK
+#define real_fork()            	(__fork())
+#elif SYS_fork
+#define real_fork()		(syscall(SYS_fork))
+#endif
+
+#ifdef HAVE__OPENDIR
+#define real_opendir(fn)            	(_opendir(fn))
+#elif SYS_opendir
+#define real_opendir(fn)		(syscall(SYS_opendir,(fn)))
+#elif HAVE___OPENDIR
+#define real_opendir(fn)            	(__opendir(fn))
+#endif
+
+#ifdef HAVE__READDIR
+#define real_readdir(d)            	(_readdir(d))
+#elif HAVE___READDIR
+#define real_readdir(d)            	(__readdir(d))
+#elif SYS_readdir
+#define real_readdir(d)		(syscall(SYS_readdir,(d)))
+#endif
+
+#ifdef HAVE__CLOSEDIR
+#define real_closedir(d)            	(_closedir(d))
+#elif SYS_closedir
+#define real_closedir(d)		(syscall(SYS_closedir,(d)))
+#elif HAVE___CLOSEDIR
+#define real_closedir(d)            	(__closedir(d))
+#endif
+
+#ifdef HAVE__SEEKDIR
+#define real_seekdir(d,l)            	(_seekdir(d,l))
+#elif SYS_seekdir
+#define real_seekdir(d,l)		(syscall(SYS_seekdir,(d),(l)))
+#elif HAVE___SEEKDIR
+#define real_seekdir(d,l)            	(__seekdir(d,l))
+#else
+#define NO_SEEKDIR_WRAPPER
+#endif
+
+#ifdef HAVE__TELLDIR
+#define real_telldir(d)            	(_telldir(d))
+#elif SYS_telldir
+#define real_telldir(d)		(syscall(SYS_telldir,(d)))
+#elif HAVE___TELLDIR
+#define real_telldir(d)            	(__telldir(d))
+#endif
+
+#ifdef HAVE__DUP
+#define real_dup(d)            	(_dup(d))
+#elif SYS_dup
+#define real_dup(d)		(syscall(SYS_dup,(d)))
+#elif HAVE___DUP
+#define real_dup(d)            	(__dup(d))
+#endif
+
+#ifdef HAVE__DUP2
+#define real_dup2(d1,d2)            	(_dup2(d1,d2))
+#elif SYS_dup2
+#define real_dup2(d1,d2)		(syscall(SYS_dup2,(d1),(d2)))
+#elif HAVE___DUP2
+#define real_dup2(d1,d2)            	(__dup2(d1,d2))
+#endif
+
+#ifdef HAVE__GETCWD
+#define real_getcwd(b,s)            	((char *)_getcwd(b,s))
+#elif SYS_getcwd
+#define real_getcwd(b,s)		((char *)syscall(SYS_getcwd,(b),(s)))
+#elif HAVE___GETCWD
+#define real_getcwd(b,s)            	((char *)__getcwd(b,s))
+#endif
+
+#ifdef HAVE__STAT
+#define real_stat(fn,st)            	(_stat(fn,st))
+#elif SYS_stat
+#define real_stat(fn,st)		(syscall(SYS_stat,(fn),(st)))
+#elif HAVE___STAT
+#define real_stat(fn,st)            	(__stat(fn,st))
+#endif
+
+#ifdef HAVE__LSTAT
+#define real_lstat(fn,st)            	(_lstat(fn,st))
+#elif SYS_lstat
+#define real_lstat(fn,st)		(syscall(SYS_lstat,(fn),(st)))
+#elif HAVE___LSTAT
+#define real_lstat(fn,st)            	(__lstat(fn,st))
+#endif
+
+#ifdef HAVE__FSTAT
+#define real_fstat(fd,st)            	(_fstat(fd,st))
+#elif SYS_fstat
+#define real_fstat(fd,st)		(syscall(SYS_fstat,(fd),(st)))
+#elif HAVE___FSTAT
+#define real_fstat(fd,st)            	(__fstat(fd,st))
+#endif
+
+#if defined(HAVE_SYS_ACL_H) && defined(HAVE__ACL)
+#define real_acl(fn,cmd,n,buf)            	(_acl(fn,cmd,n,buf))
+#elif SYS_acl
+#define real_acl(fn,cmd,n,buf)		(syscall(SYS_acl,(fn),(cmd),(n),(buf)))
+#elif HAVE___ACL
+#define real_acl(fn,cmd,n,buf)            	(__acl(fn,cmd,n,buf))
+#else
+#define NO_ACL_WRAPPER
+#endif
+
+#ifdef HAVE__FACL
+#define real_facl(fd,cmd,n,buf)            	(_facl(fd,cmd,n,buf))
+#elif SYS_facl
+#define real_facl(fd,cmd,n,buf)		(syscall(SYS_facl,(fd),(cmd),(n),(buf)))
+#elif HAVE___FACL
+#define real_facl(fd,cmd,n,buf)            	(__facl(fd,cmd,n,buf))
+#else
+#define NO_FACL_WRAPPER
+#endif
+
+
+#ifdef HAVE__STAT64
+#define real_stat64(fn,st)            	(_stat64(fn,st))
+#elif HAVE___STAT64
+#define real_stat64(fn,st)            	(__stat64(fn,st))
+#endif
+
+#ifdef HAVE__LSTAT64
+#define real_lstat64(fn,st)            	(_lstat64(fn,st))
+#elif HAVE___LSTAT64
+#define real_lstat64(fn,st)            	(__lstat64(fn,st))
+#endif
+
+#ifdef HAVE__FSTAT64
+#define real_fstat64(fd,st)            	(_fstat64(fd,st))
+#elif HAVE___FSTAT64
+#define real_fstat64(fd,st)            	(__fstat64(fd,st))
+#endif
+
+#ifdef HAVE__READDIR64
+#define real_readdir64(d)            	(_readdir64(d))
+#elif HAVE___READDIR64
+#define real_readdir64(d)            	(__readdir64(d))
+#endif
+
+#ifdef HAVE__LLSEEK
+#define real_llseek(fd,ofs,whence)            	(_llseek(fd,ofs,whence))
+#elif HAVE___LLSEEK
+#define real_llseek(fd,ofs,whence)            	(__llseek(fd,ofs,whence))
+#elif HAVE___SYS_LLSEEK
+#define real_llseek(fd,ofs,whence)            	(__sys_llseek(fd,ofs,whence))
+#endif
+
+
+#ifdef HAVE__PREAD
+#define real_pread(fd,buf,size,ofs)            	(_pread(fd,buf,size,ofs))
+#elif HAVE___PREAD
+#define real_pread(fd,buf,size,ofs)            	(__pread(fd,buf,size,ofs))
+#endif
+
+#ifdef HAVE__PREAD64
+#define real_pread64(fd,buf,size,ofs)            	(_pread64(fd,buf,size,ofs))
+#elif HAVE___PREAD64
+#define real_pread64(fd,buf,size,ofs)            	(__pread64(fd,buf,size,ofs))
+#endif
+
+#ifdef HAVE__PWRITE
+#define real_pwrite(fd,buf,size,ofs)            	(_pwrite(fd,buf,size,ofs))
+#elif HAVE___PWRITE
+#define real_pwrite(fd,buf,size,ofs)            	(__pwrite(fd,buf,size,ofs))
+#endif
+
+#ifdef HAVE__PWRITE64
+#define real_pwrite64(fd,buf,size,ofs)            	(_pwrite64(fd,buf,size,ofs))
+#elif HAVE___PWRITE64
+#define real_pwrite64(fd,buf,size,ofs)            	(__pwrite64(fd,buf,size,ofs))
+#endif
+
+
+#define real_readlink(fn,buf,len)	(syscall(SYS_readlink, (fn), (buf), (len)))
+#define real_rename(fn1, fn2)		(syscall(SYS_rename, (fn1), (fn2)))
+#define real_symlink(fn1, fn2)		(syscall(SYS_symlink, (fn1), (fn2)))
+#define real_read(fd, buf, count )	(syscall(SYS_read, (fd), (buf), (count)))
+#define real_lseek(fd, offset, whence)	(syscall(SYS_lseek, (fd), (offset), (whence)))
+#define real_write(fd, buf, count )	(syscall(SYS_write, (fd), (buf), (count)))
+#define real_close(fd)	                (syscall(SYS_close, (fd)))
+#define real_fchdir(fd)	                (syscall(SYS_fchdir, (fd)))
+#define real_fcntl(fd,cmd,arg)	        (syscall(SYS_fcntl, (fd), (cmd), (arg)))
+#define real_symlink(fn1, fn2)		(syscall(SYS_symlink, (fn1), (fn2)))
+#define real_unlink(fn)			(syscall(SYS_unlink, (fn)))
+#define real_rmdir(fn)			(syscall(SYS_rmdir, (fn)))
+#define real_mkdir(fn, mode)		(syscall(SYS_mkdir, (fn), (mode)))
+
+#ifdef SYS_utime
+#define real_utime(fn, buf)		(syscall(SYS_utime, (fn), (buf)))
+#else
+#define REPLACE_UTIME 1
+#endif
+
+#ifdef SYS_utimes
+#define real_utimes(fn, buf)		(syscall(SYS_utimes, (fn), (buf)))
+#else
+#define REPLACE_UTIMES 1
+#endif
diff --git a/source3/smbwrapper/shared.c b/source3/smbwrapper/shared.c
new file mode 100644
index 0000000000..00dd30b70e
--- /dev/null
+++ b/source3/smbwrapper/shared.c
@@ -0,0 +1,221 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB wrapper functions - shared variables
+   Copyright (C) Andrew Tridgell 1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+static int shared_fd;
+static char *variables;
+static int shared_size;
+
+/***************************************************** 
+setup the shared area 
+*******************************************************/
+void smbw_setup_shared(void)
+{
+	int fd;
+	pstring name, s;
+
+	slprintf(name,sizeof(name)-1, "%s/smbw.XXXXXX",tmpdir());
+
+	fd = smb_mkstemp(name);
+
+	if (fd == -1) goto failed;
+
+	unlink(name);
+
+	shared_fd = set_maxfiles(SMBW_MAX_OPEN);
+	
+	while (shared_fd && dup2(fd, shared_fd) != shared_fd) shared_fd--;
+
+	if (shared_fd == 0) goto failed;
+
+	close(fd);
+
+	DEBUG(4,("created shared_fd=%d\n", shared_fd));
+
+	slprintf(s,sizeof(s)-1,"%d", shared_fd);
+
+	smbw_setenv("SMBW_HANDLE", s);
+
+	return;
+
+ failed:
+	perror("Failed to setup shared variable area ");
+	exit(1);
+}
+
+static int locked;
+
+/***************************************************** 
+lock the shared variable area
+*******************************************************/
+static void lockit(void)
+{
+	if (shared_fd == 0) {
+		char *p = getenv("SMBW_HANDLE");
+		if (!p) {
+			DEBUG(0,("ERROR: can't get smbw shared handle\n"));
+			exit(1);
+		}
+		shared_fd = atoi(p);
+	}
+	if (locked==0 && 
+	    fcntl_lock(shared_fd,SMB_F_SETLKW,0,1,F_WRLCK)==False) {
+		DEBUG(0,("ERROR: can't get smbw shared lock (%s)\n", strerror(errno)));
+		exit(1);
+	}
+	locked++;
+}
+
+/***************************************************** 
+unlock the shared variable area
+*******************************************************/
+static void unlockit(void)
+{
+	locked--;
+	if (locked == 0) {
+		fcntl_lock(shared_fd,SMB_F_SETLK,0,1,F_UNLCK);
+	}
+}
+
+
+/***************************************************** 
+get a variable from the shared area
+*******************************************************/
+char *smbw_getshared(const char *name)
+{
+	int i;
+	struct stat st;
+	char *var;
+
+	lockit();
+
+	/* maybe the area has changed */
+	if (fstat(shared_fd, &st)) goto failed;
+
+	if (st.st_size != shared_size) {
+		var = (char *)Realloc(variables, st.st_size);
+		if (!var) goto failed;
+		else variables = var;
+		shared_size = st.st_size;
+		lseek(shared_fd, 0, SEEK_SET);
+		if (read(shared_fd, variables, shared_size) != shared_size) {
+			goto failed;
+		}
+	}
+
+	unlockit();
+
+	i=0;
+	while (i < shared_size) {
+		char *n, *v;
+		int l1, l2;
+
+		l1 = SVAL(&variables[i], 0);
+		l2 = SVAL(&variables[i], 2);
+
+		n = &variables[i+4];
+		v = &variables[i+4+l1];
+		i += 4+l1+l2;
+
+		if (strcmp(name,n)) {
+			continue;
+		}
+		return v;
+	}
+
+	return NULL;
+
+ failed:
+	DEBUG(0,("smbw: shared variables corrupt (%s)\n", strerror(errno)));
+	exit(1);
+	return NULL;
+}
+
+
+
+/***************************************************** 
+set a variable in the shared area
+*******************************************************/
+void smbw_setshared(const char *name, const char *val)
+{
+	int l1, l2;
+	char *var;
+
+	/* we don't allow variable overwrite */
+	if (smbw_getshared(name)) return;
+
+	lockit();
+
+	l1 = strlen(name)+1;
+	l2 = strlen(val)+1;
+
+	var = (char *)Realloc(variables, shared_size + l1+l2+4);
+
+	if (!var) {
+		DEBUG(0,("out of memory in smbw_setshared\n"));
+		exit(1);
+	}
+	
+	variables = var;
+
+	SSVAL(&variables[shared_size], 0, l1);
+	SSVAL(&variables[shared_size], 2, l2);
+
+	pstrcpy(&variables[shared_size] + 4, name);
+	pstrcpy(&variables[shared_size] + 4 + l1, val);
+
+	shared_size += l1+l2+4;
+
+	lseek(shared_fd, 0, SEEK_SET);
+	if (write(shared_fd, variables, shared_size) != shared_size) {
+		DEBUG(0,("smbw_setshared failed (%s)\n", strerror(errno)));
+		exit(1);
+	}
+
+	unlockit();
+}
+
+
+/*****************************************************************
+set an env variable - some systems don't have this
+*****************************************************************/  
+int smbw_setenv(const char *name, const char *value)
+{
+	pstring s;
+	char *p;
+	int ret = -1;
+
+	slprintf(s,sizeof(s)-1,"%s=%s", name, value);
+
+	p = strdup(s);
+
+	if (p) ret = putenv(p);
+
+	return ret;
+}
+
+/*****************************************************************
+return true if the passed fd is the SMBW_HANDLE
+*****************************************************************/  
+int smbw_shared_fd(int fd)
+{
+	return (shared_fd && shared_fd == fd);
+}
diff --git a/source3/smbwrapper/smbsh.c b/source3/smbwrapper/smbsh.c
new file mode 100644
index 0000000000..0d705ddcfa
--- /dev/null
+++ b/source3/smbwrapper/smbsh.c
@@ -0,0 +1,127 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB wrapper functions - frontend
+   Copyright (C) Andrew Tridgell 1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+static void smbsh_usage(void)
+{
+	printf("smbsh [options]\n\n");
+	printf(" -W workgroup\n");
+	printf(" -U username\n");
+	printf(" -P prefix\n");
+	printf(" -R resolve order\n");
+	printf(" -d debug level\n");
+	printf(" -l logfile\n");
+	printf(" -L libdir\n");
+	exit(0);
+}
+
+int main(int argc, char *argv[])
+{
+	char *p, *u;
+	char *libd = dyn_BINDIR;
+	pstring line, wd;
+	int opt;
+	extern char *optarg;
+	extern int optind;
+
+	dbf = x_stdout;
+	smbw_setup_shared();
+
+	while ((opt = getopt(argc, argv, "W:U:R:d:P:l:hL:")) != EOF) {
+		switch (opt) {
+		case 'L':
+			libd = optarg;
+			break;
+		case 'W':
+			smbw_setshared("WORKGROUP", optarg);
+			break;
+		case 'l':
+			smbw_setshared("LOGFILE", optarg);
+			break;
+		case 'P':
+			smbw_setshared("PREFIX", optarg);
+			break;
+		case 'd':
+			smbw_setshared("DEBUG", optarg);
+			break;
+		case 'U':
+			p = strchr_m(optarg,'%');
+			if (p) {
+				*p=0;
+				smbw_setshared("PASSWORD",p+1);
+			}
+			smbw_setshared("USER", optarg);
+			break;
+		case 'R':
+			smbw_setshared("RESOLVE_ORDER",optarg);
+			break;
+
+		case 'h':
+		default:
+			smbsh_usage();
+		}
+	}
+
+
+	if (!smbw_getshared("USER")) {
+		printf("Username: ");
+		u = fgets_slash(line, sizeof(line)-1, x_stdin);
+		smbw_setshared("USER", u);
+	}
+
+	if (!smbw_getshared("PASSWORD")) {
+		p = getpass("Password: ");
+		smbw_setshared("PASSWORD", p);
+	}
+
+	smbw_setenv("PS1", "smbsh$ ");
+
+	sys_getwd(wd);
+
+	slprintf(line,sizeof(line)-1,"PWD_%d", (int)getpid());
+
+	smbw_setshared(line, wd);
+
+	slprintf(line,sizeof(line)-1,"%s/smbwrapper.so", libd);
+	smbw_setenv("LD_PRELOAD", line);
+
+	slprintf(line,sizeof(line)-1,"%s/smbwrapper.32.so", libd);
+
+	if (file_exist(line, NULL)) {
+		slprintf(line,sizeof(line)-1,"%s/smbwrapper.32.so:DEFAULT", libd);
+		smbw_setenv("_RLD_LIST", line);
+		slprintf(line,sizeof(line)-1,"%s/smbwrapper.so:DEFAULT", libd);
+		smbw_setenv("_RLDN32_LIST", line);
+	} else {
+		slprintf(line,sizeof(line)-1,"%s/smbwrapper.so:DEFAULT", libd);
+		smbw_setenv("_RLD_LIST", line);
+	}
+
+	{
+    	char *shellpath = getenv("SHELL");
+		if(shellpath)
+			execl(shellpath,"smbsh",NULL);
+		else
+			execl("/bin/sh","smbsh",NULL);
+	}
+	printf("launch failed!\n");
+	return 1;
+}	
diff --git a/source3/smbwrapper/smbsh.in b/source3/smbwrapper/smbsh.in
new file mode 100644
index 0000000000..323f091699
--- /dev/null
+++ b/source3/smbwrapper/smbsh.in
@@ -0,0 +1,54 @@
+#! /bin/sh
+
+SMBW_LIBDIR=${SMBW_LIBDIR-@builddir@/smbwrapper}
+
+if [ ! -f ${SMBW_LIBDIR}/smbwrapper.so ]; then
+    echo You need to set LIBDIR in smbsh
+    exit
+fi
+
+# a simple launcher for the smbwrapper.so preloadde library
+
+if [ x"${SMBW_USER+set}" != x"set" ]; then
+    echo username?
+    read user
+    SMBW_USER=$user
+    export SMBW_USER
+fi
+
+# this doesn't hide the password - we need a proper launch app for that
+if [ x"${SMBW_PASSWORD+set}" != x"set" ]; then
+    echo password?
+    read pass
+    SMBW_PASSWORD=$pass
+    export SMBW_PASSWORD
+fi
+
+PWD=`pwd`
+export PWD
+PS1='smbsh$ '
+export PS1
+
+
+host_os=@HOST_OS@
+
+case "$host_os" in
+        *irix*)
+		_RLDN32_LIST=$SMBW_LIBDIR/smbwrapper.so:DEFAULT
+		_RLD_LIST=$SMBW_LIBDIR/smbwrapper.32.so:DEFAULT
+		export _RLDN32_LIST
+		export _RLD_LIST
+		;;
+	*osf*)
+		_RLD_LIST=$SMBW_LIBDIR/smbwrapper.so:DEFAULT
+		export _RLD_LIST
+		;;	        
+	*) 
+		LD_PRELOAD=$SMBW_LIBDIR/smbwrapper.so
+		export LD_PRELOAD
+		;;
+esac
+
+echo starting smbwrapper on $host_os
+
+exec ${SMBW_SHELL-${SHELL-/bin/sh}} ${1+"$@"}
diff --git a/source3/smbwrapper/smbw.c b/source3/smbwrapper/smbw.c
new file mode 100644
index 0000000000..2dd7c4ea6d
--- /dev/null
+++ b/source3/smbwrapper/smbw.c
@@ -0,0 +1,1554 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB wrapper functions
+   Copyright (C) Andrew Tridgell 1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "realcalls.h"
+
+pstring smbw_cwd;
+
+static struct smbw_file *smbw_files;
+static struct smbw_server *smbw_srvs;
+
+struct bitmap *smbw_file_bmap;
+extern pstring global_myname;
+
+fstring smbw_prefix = SMBW_PREFIX;
+
+int smbw_busy=0;
+
+/* needs to be here because of dumb include files on some systems */
+int creat_bits = O_WRONLY|O_CREAT|O_TRUNC;
+
+
+/***************************************************** 
+initialise structures
+*******************************************************/
+void smbw_init(void)
+{
+	extern BOOL in_client;
+	static int initialised;
+	char *p;
+	int eno;
+	pstring line;
+
+	if (initialised) return;
+	initialised = 1;
+
+	eno = errno;
+
+	smbw_busy++;
+
+	DEBUGLEVEL = 0;
+	setup_logging("smbsh",True);
+
+	dbf = x_stderr;
+
+	if ((p=smbw_getshared("LOGFILE"))) {
+		dbf = sys_fopen(p, "a");
+	}
+
+	smbw_file_bmap = bitmap_allocate(SMBW_MAX_OPEN);
+	if (!smbw_file_bmap) {
+		exit(1);
+	}
+
+	in_client = True;
+
+	load_interfaces();
+
+	if ((p=smbw_getshared("SERVICESF"))) {
+		pstrcpy(dyn_CONFIGFILE, p);
+	}
+
+	lp_load(dyn_CONFIGFILE,True,False,False);
+
+	get_myname(global_myname);
+
+	if ((p=smbw_getshared("DEBUG"))) {
+		DEBUGLEVEL = atoi(p);
+	}
+
+	if ((p=smbw_getshared("RESOLVE_ORDER"))) {
+		lp_set_name_resolve_order(p);
+	}
+
+	if ((p=smbw_getshared("PREFIX"))) {
+		slprintf(smbw_prefix,sizeof(fstring)-1, "/%s/", p);
+		all_string_sub(smbw_prefix,"//", "/", 0);
+		DEBUG(2,("SMBW_PREFIX is %s\n", smbw_prefix));
+	}
+
+	slprintf(line,sizeof(line)-1,"PWD_%d", (int)getpid());
+	
+	p = smbw_getshared(line);
+	if (!p) {
+		sys_getwd(smbw_cwd);
+	}
+	pstrcpy(smbw_cwd, p);
+	DEBUG(4,("Initial cwd is %s\n", smbw_cwd));
+
+	smbw_busy--;
+
+	set_maxfiles(SMBW_MAX_OPEN);
+
+	BlockSignals(True,SIGPIPE);
+
+	errno = eno;
+}
+
+/***************************************************** 
+determine if a file descriptor is a smb one
+*******************************************************/
+int smbw_fd(int fd)
+{
+	if (smbw_busy) return 0;
+	return smbw_file_bmap && bitmap_query(smbw_file_bmap, fd);
+}
+
+/***************************************************** 
+determine if a file descriptor is an internal smbw fd
+*******************************************************/
+int smbw_local_fd(int fd)
+{
+	struct smbw_server *srv;
+	
+	smbw_init();
+
+	if (smbw_busy) return 0;
+	if (smbw_shared_fd(fd)) return 1;
+
+	for (srv=smbw_srvs;srv;srv=srv->next) {
+		if (srv->cli.fd == fd) return 1;
+	}
+
+	return 0;
+}
+
+/***************************************************** 
+a crude inode number generator
+*******************************************************/
+ino_t smbw_inode(const char *name)
+{
+	if (!*name) return 2;
+	return (ino_t)str_checksum(name);
+}
+
+/***************************************************** 
+remove redundent stuff from a filename
+*******************************************************/
+void clean_fname(char *name)
+{
+	char *p, *p2;
+	int l;
+	int modified = 1;
+
+	if (!name) return;
+
+	while (modified) {
+		modified = 0;
+
+		DEBUG(5,("cleaning %s\n", name));
+
+		if ((p=strstr(name,"/./"))) {
+			modified = 1;
+			while (*p) {
+				p[0] = p[2];
+				p++;
+			}
+		}
+
+		if ((p=strstr(name,"//"))) {
+			modified = 1;
+			while (*p) {
+				p[0] = p[1];
+				p++;
+			}
+		}
+
+		if (strcmp(name,"/../")==0) {
+			modified = 1;
+			name[1] = 0;
+		}
+
+		if ((p=strstr(name,"/../"))) {
+			modified = 1;
+			for (p2=(p>name?p-1:p);p2>name;p2--) {
+				if (p2[0] == '/') break;
+			}
+			while (*p2) {
+				p2[0] = p2[3];
+				p2++;
+			}
+		}
+
+		if (strcmp(name,"/..")==0) {
+			modified = 1;
+			name[1] = 0;
+		}
+
+		l = strlen(name);
+		p = l>=3?(name+l-3):name;
+		if (strcmp(p,"/..")==0) {
+			modified = 1;
+			for (p2=p-1;p2>name;p2--) {
+				if (p2[0] == '/') break;
+			}
+			if (p2==name) {
+				p[0] = '/';
+				p[1] = 0;
+			} else {
+				p2[0] = 0;
+			}
+		}
+
+		l = strlen(name);
+		p = l>=2?(name+l-2):name;
+		if (strcmp(p,"/.")==0) {
+			if (p == name) {
+				p[1] = 0;
+			} else {
+				p[0] = 0;
+			}
+		}
+
+		if (strncmp(p=name,"./",2) == 0) {      
+			modified = 1;
+			do {
+				p[0] = p[2];
+			} while (*p++);
+		}
+
+		l = strlen(p=name);
+		if (l > 1 && p[l-1] == '/') {
+			modified = 1;
+			p[l-1] = 0;
+		}
+	}
+}
+
+
+
+/***************************************************** 
+find a workgroup (any workgroup!) that has a master 
+browser on the local network
+*******************************************************/
+static char *smbw_find_workgroup(void)
+{
+	fstring server;
+	char *p;
+	struct in_addr *ip_list = NULL;
+	int count = 0;
+	int i;
+
+	/* first off see if an existing workgroup name exists */
+	p = smbw_getshared("WORKGROUP");
+	if (!p) p = lp_workgroup();
+	
+	slprintf(server, sizeof(server), "%s#1D", p);
+	if (smbw_server(server, "IPC$")) return p;
+
+	/* go looking for workgroups */
+	if (!name_resolve_bcast(MSBROWSE, 1, &ip_list, &count)) {
+		DEBUG(1,("No workgroups found!"));
+		return p;
+	}
+
+	for (i=0;i<count;i++) {
+		static fstring name;
+		if (name_status_find("*", 0, 0x1d, ip_list[i], name)) {
+			slprintf(server, sizeof(server), "%s#1D", name);
+			if (smbw_server(server, "IPC$")) {
+				smbw_setshared("WORKGROUP", name);
+				SAFE_FREE(ip_list);
+				return name;
+			}
+		}
+	}
+
+	SAFE_FREE(ip_list);
+
+	return p;
+}
+
+/***************************************************** 
+parse a smb path into its components. 
+server is one of
+  1) the name of the SMB server
+  2) WORKGROUP#1D for share listing
+  3) WORKGROUP#__ for workgroup listing
+share is the share on the server to query
+path is the SMB path on the server
+return the full path (ie. add cwd if needed)
+*******************************************************/
+char *smbw_parse_path(const char *fname, char *server, char *share, char *path)
+{
+	static pstring s;
+	char *p;
+	int len;
+	fstring workgroup;
+
+	/* add cwd if necessary */
+	if (fname[0] != '/') {
+		slprintf(s, sizeof(s), "%s/%s", smbw_cwd, fname);
+	} else {
+		pstrcpy(s, fname);
+	}
+	clean_fname(s);
+
+	/* see if it has the right prefix */
+	len = strlen(smbw_prefix)-1;
+	if (strncmp(s,smbw_prefix,len) || 
+	    (s[len] != '/' && s[len] != 0)) return s;
+
+	/* ok, its for us. Now parse out the workgroup, share etc. */
+	p = s+len;
+	if (*p == '/') p++;
+	if (!next_token(&p, workgroup, "/", sizeof(fstring))) {
+		/* we're in /smb - give a list of workgroups */
+		slprintf(server,sizeof(fstring), "%s#01", smbw_find_workgroup());
+		fstrcpy(share,"IPC$");
+		pstrcpy(path,"");
+		return s;
+	}
+
+	if (!next_token(&p, server, "/", sizeof(fstring))) {
+		/* we are in /smb/WORKGROUP */
+		slprintf(server,sizeof(fstring), "%s#1D", workgroup);
+		fstrcpy(share,"IPC$");
+		pstrcpy(path,"");
+	}
+
+	if (!next_token(&p, share, "/", sizeof(fstring))) {
+		/* we are in /smb/WORKGROUP/SERVER */
+		fstrcpy(share,"IPC$");
+		pstrcpy(path,"");
+	}
+
+	pstrcpy(path, p);
+
+	all_string_sub(path, "/", "\\", 0);
+
+	return s;
+}
+
+/***************************************************** 
+determine if a path name (possibly relative) is in the 
+smb name space
+*******************************************************/
+int smbw_path(const char *path)
+{
+	fstring server, share;
+	pstring s;
+	char *cwd;
+	int len;
+
+	if(!path)
+		return 0;
+
+	/* this is needed to prevent recursion with the BSD malloc which
+	   opens /etc/malloc.conf on the first call */
+	if (strncmp(path,"/etc/", 5) == 0) {
+		return 0;
+	}
+
+	smbw_init();
+
+	len = strlen(smbw_prefix)-1;
+
+	if (path[0] == '/' && strncmp(path,smbw_prefix,len)) {
+		return 0;
+	}
+
+	if (smbw_busy) return 0;
+
+	DEBUG(3,("smbw_path(%s)\n", path));
+
+	cwd = smbw_parse_path(path, server, share, s);
+
+	if (strncmp(cwd,smbw_prefix,len) == 0 &&
+	    (cwd[len] == '/' || cwd[len] == 0)) {
+		return 1;
+	}
+
+	return 0;
+}
+
+/***************************************************** 
+return a unix errno from a SMB error pair
+*******************************************************/
+int smbw_errno(struct cli_state *c)
+{
+	return cli_errno(c);
+}
+
+/* Return a username and password given a server and share name */
+
+void get_envvar_auth_data(char *server, char *share, char **workgroup,
+			  char **username, char **password)
+{
+	/* Fall back to shared memory/environment variables */
+
+	*username = smbw_getshared("USER");
+	if (!*username) *username = getenv("USER");
+	if (!*username) *username = "guest";
+
+	*workgroup = smbw_getshared("WORKGROUP");
+	if (!*workgroup) *workgroup = lp_workgroup();
+
+	*password = smbw_getshared("PASSWORD");
+	if (!*password) *password = "";
+}
+
+static smbw_get_auth_data_fn get_auth_data_fn = get_envvar_auth_data;
+
+/*****************************************************
+set the get auth data function
+******************************************************/
+void smbw_set_auth_data_fn(smbw_get_auth_data_fn fn)
+{
+	get_auth_data_fn = fn;
+}
+
+/***************************************************** 
+return a connection to a server (existing or new)
+*******************************************************/
+struct smbw_server *smbw_server(char *server, char *share)
+{
+	struct smbw_server *srv=NULL;
+	struct cli_state c;
+	char *username;
+	char *password;
+	char *workgroup;
+	struct nmb_name called, calling;
+	char *p, *server_n = server;
+	fstring group;
+	pstring ipenv;
+	struct in_addr ip;
+
+        zero_ip(&ip);
+	ZERO_STRUCT(c);
+
+	get_auth_data_fn(server, share, &workgroup, &username, &password);
+
+	/* try to use an existing connection */
+	for (srv=smbw_srvs;srv;srv=srv->next) {
+		if (strcmp(server,srv->server_name)==0 &&
+		    strcmp(share,srv->share_name)==0 &&
+		    strcmp(workgroup,srv->workgroup)==0 &&
+		    strcmp(username, srv->username) == 0) 
+			return srv;
+	}
+
+	if (server[0] == 0) {
+		errno = EPERM;
+		return NULL;
+	}
+
+	make_nmb_name(&calling, global_myname, 0x0);
+	make_nmb_name(&called , server, 0x20);
+
+	DEBUG(4,("server_n=[%s] server=[%s]\n", server_n, server));
+
+	if ((p=strchr_m(server_n,'#')) && 
+	    (strcmp(p+1,"1D")==0 || strcmp(p+1,"01")==0)) {
+		struct in_addr sip;
+		pstring s;
+
+		fstrcpy(group, server_n);
+		p = strchr_m(group,'#');
+		*p = 0;
+		
+		/* cache the workgroup master lookup */
+		slprintf(s,sizeof(s)-1,"MASTER_%s", group);
+		if (!(server_n = smbw_getshared(s))) {
+			if (!find_master_ip(group, &sip)) {
+				errno = ENOENT;
+				return NULL;
+			}
+			fstrcpy(group, inet_ntoa(sip));
+			server_n = group;
+			smbw_setshared(s,server_n);
+		}
+	}
+
+	DEBUG(4,(" -> server_n=[%s] server=[%s]\n", server_n, server));
+
+ again:
+	slprintf(ipenv,sizeof(ipenv)-1,"HOST_%s", server_n);
+
+        zero_ip(&ip);
+	if ((p=smbw_getshared(ipenv))) {
+		ip = *(interpret_addr2(p));
+	}
+
+	/* have to open a new connection */
+	if (!cli_initialise(&c) || !cli_connect(&c, server_n, &ip)) {
+		errno = ENOENT;
+		return NULL;
+	}
+
+	if (!cli_session_request(&c, &calling, &called)) {
+		cli_shutdown(&c);
+		if (strcmp(called.name, "*SMBSERVER")) {
+			make_nmb_name(&called , "*SMBSERVER", 0x20);
+			goto again;
+		}
+		errno = ENOENT;
+		return NULL;
+	}
+
+	DEBUG(4,(" session request ok\n"));
+
+	if (!cli_negprot(&c)) {
+		cli_shutdown(&c);
+		errno = ENOENT;
+		return NULL;
+	}
+
+	if (!cli_session_setup(&c, username, 
+			       password, strlen(password),
+			       password, strlen(password),
+			       workgroup) &&
+	    /* try an anonymous login if it failed */
+	    !cli_session_setup(&c, "", "", 1,"", 0, workgroup)) {
+		cli_shutdown(&c);
+		errno = EPERM;
+		return NULL;
+	}
+
+	DEBUG(4,(" session setup ok\n"));
+
+	if (!cli_send_tconX(&c, share, "?????",
+			    password, strlen(password)+1)) {
+		errno = smbw_errno(&c);
+		cli_shutdown(&c);
+		return NULL;
+	}
+
+	smbw_setshared(ipenv,inet_ntoa(ip));
+	
+	DEBUG(4,(" tconx ok\n"));
+
+	srv = (struct smbw_server *)malloc(sizeof(*srv));
+	if (!srv) {
+		errno = ENOMEM;
+		goto failed;
+	}
+
+	ZERO_STRUCTP(srv);
+
+	srv->cli = c;
+
+	srv->dev = (dev_t)(str_checksum(server) ^ str_checksum(share));
+
+	srv->server_name = strdup(server);
+	if (!srv->server_name) {
+		errno = ENOMEM;
+		goto failed;
+	}
+
+	srv->share_name = strdup(share);
+	if (!srv->share_name) {
+		errno = ENOMEM;
+		goto failed;
+	}
+
+	srv->workgroup = strdup(workgroup);
+	if (!srv->workgroup) {
+		errno = ENOMEM;
+		goto failed;
+	}
+
+	srv->username = strdup(username);
+	if (!srv->username) {
+		errno = ENOMEM;
+		goto failed;
+	}
+
+	/* some programs play with file descriptors fairly intimately. We
+	   try to get out of the way by duping to a high fd number */
+	if (fcntl(SMBW_CLI_FD + srv->cli.fd, F_GETFD) && errno == EBADF) {
+		if (dup2(srv->cli.fd,SMBW_CLI_FD+srv->cli.fd) == 
+		    srv->cli.fd+SMBW_CLI_FD) {
+			close(srv->cli.fd);
+			srv->cli.fd += SMBW_CLI_FD;
+		}
+	}
+
+	DLIST_ADD(smbw_srvs, srv);
+
+	return srv;
+
+ failed:
+	cli_shutdown(&c);
+	if (!srv) return NULL;
+
+	SAFE_FREE(srv->server_name);
+	SAFE_FREE(srv->share_name);
+	SAFE_FREE(srv);
+	return NULL;
+}
+
+
+/***************************************************** 
+map a fd to a smbw_file structure
+*******************************************************/
+struct smbw_file *smbw_file(int fd)
+{
+	struct smbw_file *file;
+
+	for (file=smbw_files;file;file=file->next) {
+		if (file->fd == fd) return file;
+	}
+	return NULL;
+}
+
+/***************************************************** 
+a wrapper for open()
+*******************************************************/
+int smbw_open(const char *fname, int flags, mode_t mode)
+{
+	fstring server, share;
+	pstring path;
+	struct smbw_server *srv=NULL;
+	int eno=0, fd = -1;
+	struct smbw_file *file=NULL;
+
+	smbw_init();
+
+	if (!fname) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	smbw_busy++;	
+
+	/* work out what server they are after */
+	smbw_parse_path(fname, server, share, path);
+
+	/* get a connection to the server */
+	srv = smbw_server(server, share);
+	if (!srv) {
+		/* smbw_server sets errno */
+		goto failed;
+	}
+
+	if (path[strlen(path)-1] == '\\') {
+		fd = -1;
+	} else {
+		fd = cli_open(&srv->cli, path, flags, DENY_NONE);
+	}
+	if (fd == -1) {
+		/* it might be a directory. Maybe we should use chkpath? */
+		eno = smbw_errno(&srv->cli);
+		fd = smbw_dir_open(fname);
+		if (fd == -1) errno = eno;
+		smbw_busy--;
+		return fd;
+	}
+
+	file = (struct smbw_file *)malloc(sizeof(*file));
+	if (!file) {
+		errno = ENOMEM;
+		goto failed;
+	}
+
+	ZERO_STRUCTP(file);
+
+	file->f = (struct smbw_filedes *)malloc(sizeof(*(file->f)));
+	if (!file->f) {
+		errno = ENOMEM;
+		goto failed;
+	}
+
+	ZERO_STRUCTP(file->f);
+
+	file->f->cli_fd = fd;
+	file->f->fname = strdup(path);
+	if (!file->f->fname) {
+		errno = ENOMEM;
+		goto failed;
+	}
+	file->srv = srv;
+	file->fd = open(SMBW_DUMMY, O_WRONLY);
+	if (file->fd == -1) {
+		errno = EMFILE;
+		goto failed;
+	}
+
+	if (bitmap_query(smbw_file_bmap, file->fd)) {
+		DEBUG(0,("ERROR: fd used in smbw_open\n"));
+		errno = EIO;
+		goto failed;
+	}
+
+	file->f->ref_count=1;
+
+	bitmap_set(smbw_file_bmap, file->fd);
+
+	DLIST_ADD(smbw_files, file);
+
+	DEBUG(4,("opened %s\n", fname));
+
+	smbw_busy--;
+	return file->fd;
+
+ failed:
+	if (fd != -1) {
+		cli_close(&srv->cli, fd);
+	}
+	if (file) {
+		if (file->f) {
+			SAFE_FREE(file->f->fname);
+			SAFE_FREE(file->f);
+		}
+		SAFE_FREE(file);
+	}
+	smbw_busy--;
+	return -1;
+}
+
+
+/***************************************************** 
+a wrapper for pread()
+*******************************************************/
+ssize_t smbw_pread(int fd, void *buf, size_t count, off_t ofs)
+{
+	struct smbw_file *file;
+	int ret;
+
+	smbw_busy++;
+
+	file = smbw_file(fd);
+	if (!file) {
+		errno = EBADF;
+		smbw_busy--;
+		return -1;
+	}
+	
+	ret = cli_read(&file->srv->cli, file->f->cli_fd, buf, ofs, count);
+
+	if (ret == -1) {
+		errno = smbw_errno(&file->srv->cli);
+		smbw_busy--;
+		return -1;
+	}
+
+	smbw_busy--;
+	return ret;
+}
+
+/***************************************************** 
+a wrapper for read()
+*******************************************************/
+ssize_t smbw_read(int fd, void *buf, size_t count)
+{
+	struct smbw_file *file;
+	int ret;
+
+	DEBUG(4,("smbw_read(%d, %d)\n", fd, (int)count));
+
+	smbw_busy++;
+
+	file = smbw_file(fd);
+	if (!file) {
+		errno = EBADF;
+		smbw_busy--;
+		return -1;
+	}
+	
+	ret = cli_read(&file->srv->cli, file->f->cli_fd, buf, 
+		       file->f->offset, count);
+
+	if (ret == -1) {
+		errno = smbw_errno(&file->srv->cli);
+		smbw_busy--;
+		return -1;
+	}
+
+	file->f->offset += ret;
+	
+	DEBUG(4,(" -> %d\n", ret));
+
+	smbw_busy--;
+	return ret;
+}
+
+	
+
+/***************************************************** 
+a wrapper for write()
+*******************************************************/
+ssize_t smbw_write(int fd, void *buf, size_t count)
+{
+	struct smbw_file *file;
+	int ret;
+
+	smbw_busy++;
+
+	file = smbw_file(fd);
+	if (!file) {
+		errno = EBADF;
+		smbw_busy--;
+		return -1;
+	}
+	
+	ret = cli_write(&file->srv->cli, file->f->cli_fd, 0, buf, file->f->offset, count);
+
+	if (ret == -1) {
+		errno = smbw_errno(&file->srv->cli);
+		smbw_busy--;
+		return -1;
+	}
+
+	file->f->offset += ret;
+
+	smbw_busy--;
+	return ret;
+}
+
+/***************************************************** 
+a wrapper for pwrite()
+*******************************************************/
+ssize_t smbw_pwrite(int fd, void *buf, size_t count, off_t ofs)
+{
+	struct smbw_file *file;
+	int ret;
+
+	smbw_busy++;
+
+	file = smbw_file(fd);
+	if (!file) {
+		errno = EBADF;
+		smbw_busy--;
+		return -1;
+	}
+	
+	ret = cli_write(&file->srv->cli, file->f->cli_fd, 0, buf, ofs, count);
+
+	if (ret == -1) {
+		errno = smbw_errno(&file->srv->cli);
+		smbw_busy--;
+		return -1;
+	}
+
+	smbw_busy--;
+	return ret;
+}
+
+/***************************************************** 
+a wrapper for close()
+*******************************************************/
+int smbw_close(int fd)
+{
+	struct smbw_file *file;
+
+	smbw_busy++;
+
+	file = smbw_file(fd);
+	if (!file) {
+		int ret = smbw_dir_close(fd);
+		smbw_busy--;
+		return ret;
+	}
+	
+	if (file->f->ref_count == 1 &&
+	    !cli_close(&file->srv->cli, file->f->cli_fd)) {
+		errno = smbw_errno(&file->srv->cli);
+		smbw_busy--;
+		return -1;
+	}
+
+
+	bitmap_clear(smbw_file_bmap, file->fd);
+	close(file->fd);
+	
+	DLIST_REMOVE(smbw_files, file);
+
+	file->f->ref_count--;
+	if (file->f->ref_count == 0) {
+		SAFE_FREE(file->f->fname);
+		SAFE_FREE(file->f);
+	}
+	ZERO_STRUCTP(file);
+	SAFE_FREE(file);
+	
+	smbw_busy--;
+
+	return 0;
+}
+
+
+/***************************************************** 
+a wrapper for fcntl()
+*******************************************************/
+int smbw_fcntl(int fd, int cmd, long arg)
+{
+	return 0;
+}
+
+
+/***************************************************** 
+a wrapper for access()
+*******************************************************/
+int smbw_access(const char *name, int mode)
+{
+	struct stat st;
+
+	DEBUG(4,("smbw_access(%s, 0x%x)\n", name, mode));
+
+	if (smbw_stat(name, &st)) return -1;
+
+	if (((mode & R_OK) && !(st.st_mode & S_IRUSR)) ||
+	    ((mode & W_OK) && !(st.st_mode & S_IWUSR)) ||
+	    ((mode & X_OK) && !(st.st_mode & S_IXUSR))) {
+		errno = EACCES;
+		return -1;
+	}
+	
+	return 0;
+}
+
+/***************************************************** 
+a wrapper for realink() - needed for correct errno setting
+*******************************************************/
+int smbw_readlink(const char *path, char *buf, size_t bufsize)
+{
+	struct stat st;
+	int ret;
+
+	ret = smbw_stat(path, &st);
+	if (ret != 0) {
+		DEBUG(4,("readlink(%s) failed\n", path));
+		return -1;
+	}
+	
+	/* it exists - say it isn't a link */
+	DEBUG(4,("readlink(%s) not a link\n", path));
+
+	errno = EINVAL;
+	return -1;
+}
+
+
+/***************************************************** 
+a wrapper for unlink()
+*******************************************************/
+int smbw_unlink(const char *fname)
+{
+	struct smbw_server *srv;
+	fstring server, share;
+	pstring path;
+
+	if (!fname) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	smbw_init();
+
+	smbw_busy++;
+
+	/* work out what server they are after */
+	smbw_parse_path(fname, server, share, path);
+
+	/* get a connection to the server */
+	srv = smbw_server(server, share);
+	if (!srv) {
+		/* smbw_server sets errno */
+		goto failed;
+	}
+
+	if (strncmp(srv->cli.dev, "LPT", 3) == 0) {
+		int job = smbw_stat_printjob(srv, path, NULL, NULL);
+		if (job == -1) {
+			goto failed;
+		}
+		if (cli_printjob_del(&srv->cli, job) != 0) {
+			goto failed;
+		}
+	} else if (!cli_unlink(&srv->cli, path)) {
+		errno = smbw_errno(&srv->cli);
+		goto failed;
+	}
+
+	smbw_busy--;
+	return 0;
+
+ failed:
+	smbw_busy--;
+	return -1;
+}
+
+
+/***************************************************** 
+a wrapper for rename()
+*******************************************************/
+int smbw_rename(const char *oldname, const char *newname)
+{
+	struct smbw_server *srv;
+	fstring server1, share1;
+	pstring path1;
+	fstring server2, share2;
+	pstring path2;
+
+	if (!oldname || !newname) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	smbw_init();
+
+	DEBUG(4,("smbw_rename(%s,%s)\n", oldname, newname));
+
+	smbw_busy++;
+
+	/* work out what server they are after */
+	smbw_parse_path(oldname, server1, share1, path1);
+	smbw_parse_path(newname, server2, share2, path2);
+
+	if (strcmp(server1, server2) || strcmp(share1, share2)) {
+		/* can't cross filesystems */
+		errno = EXDEV;
+		return -1;
+	}
+
+	/* get a connection to the server */
+	srv = smbw_server(server1, share1);
+	if (!srv) {
+		/* smbw_server sets errno */
+		goto failed;
+	}
+
+	if (!cli_rename(&srv->cli, path1, path2)) {
+		int eno = smbw_errno(&srv->cli);
+		if (eno != EEXIST ||
+		    !cli_unlink(&srv->cli, path2) ||
+		    !cli_rename(&srv->cli, path1, path2)) {
+			errno = eno;
+			goto failed;
+		}
+	}
+
+	smbw_busy--;
+	return 0;
+
+ failed:
+	smbw_busy--;
+	return -1;
+}
+
+
+/***************************************************** 
+a wrapper for utime and utimes
+*******************************************************/
+static int smbw_settime(const char *fname, time_t t)
+{
+	struct smbw_server *srv;
+	fstring server, share;
+	pstring path;
+	uint16 mode;
+
+	if (!fname) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	smbw_init();
+
+	smbw_busy++;
+
+	/* work out what server they are after */
+	smbw_parse_path(fname, server, share, path);
+
+	/* get a connection to the server */
+	srv = smbw_server(server, share);
+	if (!srv) {
+		/* smbw_server sets errno */
+		goto failed;
+	}
+
+	if (!cli_getatr(&srv->cli, path, &mode, NULL, NULL)) {
+		errno = smbw_errno(&srv->cli);
+		goto failed;
+	}
+
+	if (!cli_setatr(&srv->cli, path, mode, t)) {
+		/* some servers always refuse directory changes */
+		if (!(mode & aDIR)) {
+			errno = smbw_errno(&srv->cli);
+			goto failed;
+		}
+	}
+
+	smbw_busy--;
+	return 0;
+
+ failed:
+	smbw_busy--;
+	return -1;
+}
+
+/***************************************************** 
+a wrapper for utime 
+*******************************************************/
+int smbw_utime(const char *fname, void *buf)
+{
+	struct utimbuf *tbuf = (struct utimbuf *)buf;
+	return smbw_settime(fname, tbuf?tbuf->modtime:time(NULL));
+}
+
+/***************************************************** 
+a wrapper for utime 
+*******************************************************/
+int smbw_utimes(const char *fname, void *buf)
+{
+	struct timeval *tbuf = (struct timeval *)buf;
+	return smbw_settime(fname, tbuf?tbuf->tv_sec:time(NULL));
+}
+
+
+/***************************************************** 
+a wrapper for chown()
+*******************************************************/
+int smbw_chown(const char *fname, uid_t owner, gid_t group)
+{
+	struct smbw_server *srv;
+	fstring server, share;
+	pstring path;
+	uint16 mode;
+
+	if (!fname) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	smbw_init();
+
+	smbw_busy++;
+
+	/* work out what server they are after */
+	smbw_parse_path(fname, server, share, path);
+
+	/* get a connection to the server */
+	srv = smbw_server(server, share);
+	if (!srv) {
+		/* smbw_server sets errno */
+		goto failed;
+	}
+
+	if (!cli_getatr(&srv->cli, path, &mode, NULL, NULL)) {
+		errno = smbw_errno(&srv->cli);
+		goto failed;
+	}
+	
+	/* assume success */
+
+	smbw_busy--;
+	return 0;
+
+ failed:
+	smbw_busy--;
+	return -1;
+}
+
+/***************************************************** 
+a wrapper for chmod()
+*******************************************************/
+int smbw_chmod(const char *fname, mode_t newmode)
+{
+	struct smbw_server *srv;
+	fstring server, share;
+	pstring path;
+	uint32 mode;
+
+	if (!fname) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	smbw_init();
+
+	smbw_busy++;
+
+	/* work out what server they are after */
+	smbw_parse_path(fname, server, share, path);
+
+	/* get a connection to the server */
+	srv = smbw_server(server, share);
+	if (!srv) {
+		/* smbw_server sets errno */
+		goto failed;
+	}
+
+	mode = 0;
+
+	if (!(newmode & (S_IWUSR | S_IWGRP | S_IWOTH))) mode |= aRONLY;
+	if ((newmode & S_IXUSR) && lp_map_archive(-1)) mode |= aARCH;
+	if ((newmode & S_IXGRP) && lp_map_system(-1)) mode |= aSYSTEM;
+	if ((newmode & S_IXOTH) && lp_map_hidden(-1)) mode |= aHIDDEN;
+
+	if (!cli_setatr(&srv->cli, path, mode, 0)) {
+		errno = smbw_errno(&srv->cli);
+		goto failed;
+	}
+	
+	smbw_busy--;
+	return 0;
+
+ failed:
+	smbw_busy--;
+	return -1;
+}
+
+/***************************************************** 
+a wrapper for lseek()
+*******************************************************/
+off_t smbw_lseek(int fd, off_t offset, int whence)
+{
+	struct smbw_file *file;
+	size_t size;
+
+	smbw_busy++;
+
+	file = smbw_file(fd);
+	if (!file) {
+		off_t ret = smbw_dir_lseek(fd, offset, whence);
+		smbw_busy--;
+		return ret;
+	}
+
+	switch (whence) {
+	case SEEK_SET:
+		file->f->offset = offset;
+		break;
+	case SEEK_CUR:
+		file->f->offset += offset;
+		break;
+	case SEEK_END:
+		if (!cli_qfileinfo(&file->srv->cli, file->f->cli_fd, 
+				   NULL, &size, NULL, NULL, NULL, 
+				   NULL, NULL) &&
+		    !cli_getattrE(&file->srv->cli, file->f->cli_fd, 
+				  NULL, &size, NULL, NULL, NULL)) {
+			errno = EINVAL;
+			smbw_busy--;
+			return -1;
+		}
+		file->f->offset = size + offset;
+		break;
+	}
+
+	smbw_busy--;
+	return file->f->offset;
+}
+
+
+/***************************************************** 
+a wrapper for dup()
+*******************************************************/
+int smbw_dup(int fd)
+{
+	int fd2;
+	struct smbw_file *file, *file2;
+
+	smbw_busy++;
+
+	file = smbw_file(fd);
+	if (!file) {
+		errno = EBADF;
+		goto failed;
+	}
+
+	fd2 = dup(file->fd);
+	if (fd2 == -1) {
+		goto failed;
+	}
+
+	if (bitmap_query(smbw_file_bmap, fd2)) {
+		DEBUG(0,("ERROR: fd already open in dup!\n"));
+		errno = EIO;
+		goto failed;
+	}
+
+	file2 = (struct smbw_file *)malloc(sizeof(*file2));
+	if (!file2) {
+		close(fd2);
+		errno = ENOMEM;
+		goto failed;
+	}
+
+	ZERO_STRUCTP(file2);
+
+	*file2 = *file;
+	file2->fd = fd2;
+
+	file->f->ref_count++;
+
+	bitmap_set(smbw_file_bmap, fd2);
+	
+	DLIST_ADD(smbw_files, file2);
+	
+	smbw_busy--;
+	return fd2;
+
+ failed:
+	smbw_busy--;
+	return -1;
+}
+
+
+/***************************************************** 
+a wrapper for dup2()
+*******************************************************/
+int smbw_dup2(int fd, int fd2)
+{
+	struct smbw_file *file, *file2;
+
+	smbw_busy++;
+
+	file = smbw_file(fd);
+	if (!file) {
+		errno = EBADF;
+		goto failed;
+	}
+
+	if (bitmap_query(smbw_file_bmap, fd2)) {
+		DEBUG(0,("ERROR: fd already open in dup2!\n"));
+		errno = EIO;
+		goto failed;
+	}
+
+	if (dup2(file->fd, fd2) != fd2) {
+		goto failed;
+	}
+
+	file2 = (struct smbw_file *)malloc(sizeof(*file2));
+	if (!file2) {
+		close(fd2);
+		errno = ENOMEM;
+		goto failed;
+	}
+
+	ZERO_STRUCTP(file2);
+
+	*file2 = *file;
+	file2->fd = fd2;
+
+	file->f->ref_count++;
+
+	bitmap_set(smbw_file_bmap, fd2);
+	
+	DLIST_ADD(smbw_files, file2);
+	
+	smbw_busy--;
+	return fd2;
+
+ failed:
+	smbw_busy--;
+	return -1;
+}
+
+
+/***************************************************** 
+close a connection to a server
+*******************************************************/
+static void smbw_srv_close(struct smbw_server *srv)
+{
+	smbw_busy++;
+
+	cli_shutdown(&srv->cli);
+
+	SAFE_FREE(srv->server_name);
+	SAFE_FREE(srv->share_name);
+
+	DLIST_REMOVE(smbw_srvs, srv);
+
+	ZERO_STRUCTP(srv);
+
+	SAFE_FREE(srv);
+	
+	smbw_busy--;
+}
+
+/***************************************************** 
+when we fork we have to close all connections and files
+in the child
+*******************************************************/
+int smbw_fork(void)
+{
+	pid_t child;
+	int p[2];
+	char c=0;
+	pstring line;
+
+	struct smbw_file *file, *next_file;
+	struct smbw_server *srv, *next_srv;
+
+	if (pipe(p)) return real_fork();
+
+	child = real_fork();
+
+	if (child) {
+		/* block the parent for a moment until the sockets are
+                   closed */
+		close(p[1]);
+		read(p[0], &c, 1);
+		close(p[0]);
+		return child;
+	}
+
+	close(p[0]);
+
+	/* close all files */
+	for (file=smbw_files;file;file=next_file) {
+		next_file = file->next;
+		close(file->fd);
+	}
+
+	/* close all server connections */
+	for (srv=smbw_srvs;srv;srv=next_srv) {
+		next_srv = srv->next;
+		smbw_srv_close(srv);
+	}
+
+	slprintf(line,sizeof(line)-1,"PWD_%d", (int)getpid());
+	smbw_setshared(line,smbw_cwd);
+
+	/* unblock the parent */
+	write(p[1], &c, 1);
+	close(p[1]);
+
+	/* and continue in the child */
+	return 0;
+}
+
+#ifndef NO_ACL_WRAPPER
+/***************************************************** 
+say no to acls
+*******************************************************/
+ int smbw_acl(const char *pathp, int cmd, int nentries, aclent_t *aclbufp)
+{
+	if (cmd == GETACL || cmd == GETACLCNT) return 0;
+	errno = ENOSYS;
+	return -1;
+}
+#endif
+
+#ifndef NO_FACL_WRAPPER
+/***************************************************** 
+say no to acls
+*******************************************************/
+ int smbw_facl(int fd, int cmd, int nentries, aclent_t *aclbufp)
+{
+	if (cmd == GETACL || cmd == GETACLCNT) return 0;
+	errno = ENOSYS;
+	return -1;
+}
+#endif
+
+#ifdef HAVE_EXPLICIT_LARGEFILE_SUPPORT
+#ifdef HAVE_STAT64
+/* this can't be in wrapped.c because of include conflicts */
+ void stat64_convert(struct stat *st, struct stat64 *st64)
+{
+	st64->st_size = st->st_size;
+	st64->st_mode = st->st_mode;
+	st64->st_ino = st->st_ino;
+	st64->st_dev = st->st_dev;
+	st64->st_rdev = st->st_rdev;
+	st64->st_nlink = st->st_nlink;
+	st64->st_uid = st->st_uid;
+	st64->st_gid = st->st_gid;
+	st64->st_atime = st->st_atime;
+	st64->st_mtime = st->st_mtime;
+	st64->st_ctime = st->st_ctime;
+	st64->st_blksize = st->st_blksize;
+	st64->st_blocks = st->st_blocks;
+}
+#endif
+
+#ifdef HAVE_READDIR64
+ void dirent64_convert(struct dirent *d, struct dirent64 *d64)
+{
+	d64->d_ino = d->d_ino;
+	d64->d_off = d->d_off;
+	d64->d_reclen = d->d_reclen;
+	pstrcpy(d64->d_name, d->d_name);
+}
+#endif
+#endif
+
+
+#ifdef HAVE___XSTAT
+/* Definition of `struct stat' used in the linux kernel..  */
+struct kernel_stat {
+	unsigned short int st_dev;
+	unsigned short int __pad1;
+	unsigned long int st_ino;
+	unsigned short int st_mode;
+	unsigned short int st_nlink;
+	unsigned short int st_uid;
+	unsigned short int st_gid;
+	unsigned short int st_rdev;
+	unsigned short int __pad2;
+	unsigned long int st_size;
+	unsigned long int st_blksize;
+	unsigned long int st_blocks;
+	unsigned long int st_atime;
+	unsigned long int __unused1;
+	unsigned long int st_mtime;
+	unsigned long int __unused2;
+	unsigned long int st_ctime;
+	unsigned long int __unused3;
+	unsigned long int __unused4;
+	unsigned long int __unused5;
+};
+
+/*
+ * Prototype for gcc in 'fussy' mode.
+ */
+ void xstat_convert(int vers, struct stat *st, struct kernel_stat *kbuf);
+ void xstat_convert(int vers, struct stat *st, struct kernel_stat *kbuf)
+{
+#ifdef _STAT_VER_LINUX_OLD
+	if (vers == _STAT_VER_LINUX_OLD) {
+		memcpy(st, kbuf, sizeof(*st));
+		return;
+	}
+#endif
+
+	ZERO_STRUCTP(st);
+
+	st->st_dev = kbuf->st_dev;
+	st->st_ino = kbuf->st_ino;
+	st->st_mode = kbuf->st_mode;
+	st->st_nlink = kbuf->st_nlink;
+	st->st_uid = kbuf->st_uid;
+	st->st_gid = kbuf->st_gid;
+	st->st_rdev = kbuf->st_rdev;
+	st->st_size = kbuf->st_size;
+	st->st_blksize = kbuf->st_blksize;
+	st->st_blocks = kbuf->st_blocks;
+	st->st_atime = kbuf->st_atime;
+	st->st_mtime = kbuf->st_mtime;
+	st->st_ctime = kbuf->st_ctime;
+}
+#endif
diff --git a/source3/smbwrapper/smbw.h b/source3/smbwrapper/smbw.h
new file mode 100644
index 0000000000..3f0b1cbb44
--- /dev/null
+++ b/source3/smbwrapper/smbw.h
@@ -0,0 +1,71 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB wrapper functions - definitions
+   Copyright (C) Andrew Tridgell 1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _SMBW_H
+#define _SMBW_H
+
+#define SMBW_PREFIX "/smb/"
+#define SMBW_DUMMY "/dev/null"
+
+#define SMBW_CLI_FD 512
+#define SMBW_MAX_OPEN 8192
+
+#define SMBW_FILE_MODE (S_IFREG | 0444)
+#define SMBW_DIR_MODE (S_IFDIR | 0555)
+
+struct smbw_server {
+	struct smbw_server *next, *prev;
+	struct cli_state cli;
+	char *server_name;
+	char *share_name;
+	char *workgroup;
+	char *username;
+	dev_t dev;
+	BOOL no_pathinfo2;
+};
+
+struct smbw_filedes {
+	int cli_fd;
+	int ref_count;
+	char *fname;
+	off_t offset;
+};
+
+struct smbw_file {
+	struct smbw_file *next, *prev;
+	struct smbw_filedes *f;
+	int fd;
+	struct smbw_server *srv;
+};
+
+struct smbw_dir {
+	struct smbw_dir *next, *prev;
+	int fd;
+	int offset, count, malloced;
+	struct smbw_server *srv;
+	struct file_info *list;
+	char *path;
+};
+
+typedef void (*smbw_get_auth_data_fn)(char *server, char *share,
+				      char **workgroup, char **username,
+				      char **password);
+
+#endif /* _SMBW_H */
diff --git a/source3/smbwrapper/smbw_cache.c b/source3/smbwrapper/smbw_cache.c
new file mode 100644
index 0000000000..fcb0eda805
--- /dev/null
+++ b/source3/smbwrapper/smbw_cache.c
@@ -0,0 +1,207 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB wrapper directory functions
+   Copyright (C) Tim Potter 2000
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/* We cache lists of workgroups, lists of servers in workgroups, and lists
+   of shares exported by servers. */
+
+#define CACHE_TIMEOUT 30
+
+struct name_list {
+	struct name_list *prev, *next;
+	char *name;
+	uint32 stype;
+	char *comment;
+};
+
+struct cached_names {
+	struct cached_names *prev, *next;
+	char *key;
+	struct name_list *name_list;
+	time_t cache_timeout;
+	int result;
+};
+
+static struct cached_names *cached_names = NULL;
+
+/* Find a list of cached name for a workgroup, server or share list */
+
+static struct cached_names *find_cached_names(char *key)
+{
+	struct cached_names *tmp;
+
+	for (tmp = cached_names; tmp; tmp = tmp->next) {
+		if (strequal(tmp->key, key)) {
+			return tmp;
+		}
+	}
+
+	return NULL;
+}
+
+/* Add a name to a list stored in the state variable */
+
+static void add_cached_names(const char *name, uint32 stype, 
+			     const char *comment, void *state)
+{
+	struct name_list **name_list = (struct name_list **)state;
+	struct name_list *new_name;
+
+	new_name = (struct name_list *)malloc(sizeof(struct name_list));
+	if (!new_name) return;
+
+	ZERO_STRUCTP(new_name);
+
+	new_name->name = strdup(name);
+	new_name->stype = stype;
+	new_name->comment = strdup(comment);
+
+	DLIST_ADD(*name_list, new_name);
+}
+
+static void free_name_list(struct name_list *name_list)
+{
+	struct name_list *tmp = name_list;
+
+	while(tmp) {
+		struct name_list *next;
+
+		next = tmp->next;
+
+		SAFE_FREE(tmp->name);
+		SAFE_FREE(tmp->comment);
+		SAFE_FREE(tmp);
+		
+		tmp = next;
+	}
+}
+
+/* Wrapper for NetServerEnum function */
+
+BOOL smbw_NetServerEnum(struct cli_state *cli, char *workgroup, uint32 stype,
+			void (*fn)(const char *, uint32, const char *, void *),
+			void *state)
+{
+	struct cached_names *names;
+	struct name_list *tmp;
+	time_t now = time(NULL);
+	char key[PATH_MAX];
+	BOOL result = True;
+
+	slprintf(key, PATH_MAX - 1, "%s/%s#%s", cli->desthost, 
+		 workgroup, (stype == SV_TYPE_DOMAIN_ENUM ? "DOM" : "SRV"));
+
+	names = find_cached_names(key);
+
+	if (names == NULL || (now - names->cache_timeout) > CACHE_TIMEOUT) {
+		struct cached_names *new_names = NULL;
+
+		/* No names cached for this workgroup */
+
+		if (names == NULL) {
+			new_names = (struct cached_names *)
+				malloc(sizeof(struct cached_names));
+
+			ZERO_STRUCTP(new_names);
+			DLIST_ADD(cached_names, new_names);
+
+		} else {
+
+			/* Dispose of out of date name list */
+
+			free_name_list(names->name_list);
+			names->name_list = NULL;
+
+			new_names = names;
+		}		
+
+		result = cli_NetServerEnum(cli, workgroup, stype, 
+					   add_cached_names, 
+					   &new_names->name_list);
+					   
+		new_names->cache_timeout = now;
+		new_names->result = result;
+		new_names->key = strdup(key);
+
+		names = new_names;
+	}
+
+	/* Return names by running callback function. */
+
+	for (tmp = names->name_list; tmp; tmp = tmp->next)
+		fn(tmp->name, stype, tmp->comment, state);
+	
+	return names->result;
+}
+
+/* Wrapper for RNetShareEnum function */
+
+int smbw_RNetShareEnum(struct cli_state *cli, 
+		       void (*fn)(const char *, uint32, const char *, void *), 
+		       void *state)
+{
+	struct cached_names *names;
+	struct name_list *tmp;
+	time_t now = time(NULL);
+	char key[PATH_MAX];
+
+	slprintf(key, PATH_MAX - 1, "SHARE/%s", cli->desthost);
+
+	names = find_cached_names(key);
+
+	if (names == NULL || (now - names->cache_timeout) > CACHE_TIMEOUT) {
+		struct cached_names *new_names = NULL;
+
+		/* No names cached for this server */
+
+		if (names == NULL) {
+			new_names = (struct cached_names *)
+				malloc(sizeof(struct cached_names));
+
+			ZERO_STRUCTP(new_names);
+			DLIST_ADD(cached_names, new_names);
+
+		} else {
+
+			/* Dispose of out of date name list */
+
+			free_name_list(names->name_list);
+			names->name_list = NULL;
+
+			new_names = names;
+		}
+
+		new_names->result = cli_RNetShareEnum(cli, add_cached_names, 
+						      &new_names->name_list);
+		
+		new_names->cache_timeout = now;
+		new_names->key = strdup(key);
+
+		names = new_names;
+	}
+
+	/* Return names by running callback function. */
+
+	for (tmp = names->name_list; tmp; tmp = tmp->next)
+		fn(tmp->name, tmp->stype, tmp->comment, state);
+	
+	return names->result;
+}
diff --git a/source3/smbwrapper/smbw_dir.c b/source3/smbwrapper/smbw_dir.c
new file mode 100644
index 0000000000..31d81a1e7e
--- /dev/null
+++ b/source3/smbwrapper/smbw_dir.c
@@ -0,0 +1,688 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB wrapper directory functions
+   Copyright (C) Andrew Tridgell 1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "realcalls.h"
+
+extern pstring smbw_cwd;
+extern fstring smbw_prefix;
+
+static struct smbw_dir *smbw_dirs;
+
+extern struct bitmap *smbw_file_bmap;
+
+extern int smbw_busy;
+
+/***************************************************** 
+map a fd to a smbw_dir structure
+*******************************************************/
+struct smbw_dir *smbw_dir(int fd)
+{
+	struct smbw_dir *dir;
+
+	for (dir=smbw_dirs;dir;dir=dir->next) {
+		if (dir->fd == fd) return dir;
+	}
+	return NULL;
+}
+
+/***************************************************** 
+check if a DIR* is one of ours
+*******************************************************/
+int smbw_dirp(DIR *dirp)
+{
+	struct smbw_dir *d = (struct smbw_dir *)dirp;
+	struct smbw_dir *dir;
+
+	for (dir=smbw_dirs;dir;dir=dir->next) {
+		if (dir == d) return 1;
+	}
+	return 0;
+}
+
+/***************************************************** 
+free a smbw_dir structure and all entries
+*******************************************************/
+static void free_dir(struct smbw_dir *dir)
+{
+	if(!dir) return;
+
+	SAFE_FREE(dir->list);
+	SAFE_FREE(dir->path);
+	ZERO_STRUCTP(dir);
+	SAFE_FREE(dir);
+}
+
+static struct smbw_dir *cur_dir;
+
+/***************************************************** 
+add a entry to a directory listing
+*******************************************************/
+static void smbw_dir_add(struct file_info *finfo, const char *mask, 
+			 void *state)
+{
+	struct file_info *cdl;
+
+	DEBUG(5,("%s\n", finfo->name));
+
+	if (cur_dir->malloced == cur_dir->count) {
+		cdl = (struct file_info *)Realloc(cur_dir->list, 
+							    sizeof(cur_dir->list[0])*
+							    (cur_dir->count+100));
+		if (!cdl) {
+			/* oops */
+			return;
+		}
+		cur_dir->list = cdl;
+		cur_dir->malloced += 100;
+	}
+
+	cur_dir->list[cur_dir->count] = *finfo;
+	cur_dir->count++;
+}
+
+/***************************************************** 
+add a entry to a directory listing
+*******************************************************/
+static void smbw_share_add(const char *share, uint32 type, 
+			   const char *comment, void *state)
+{
+	struct file_info finfo;
+
+	if (strcmp(share,"IPC$") == 0) return;
+
+	ZERO_STRUCT(finfo);
+
+	pstrcpy(finfo.name, share);
+	finfo.mode = aRONLY | aDIR;	
+
+	smbw_dir_add(&finfo, NULL, NULL);
+}
+
+
+/***************************************************** 
+add a server to a directory listing
+*******************************************************/
+static void smbw_server_add(const char *name, uint32 type, 
+			    const char *comment, void *state)
+{
+	struct file_info finfo;
+
+	ZERO_STRUCT(finfo);
+
+	pstrcpy(finfo.name, name);
+	finfo.mode = aRONLY | aDIR;	
+
+	smbw_dir_add(&finfo, NULL, NULL);
+}
+
+
+/***************************************************** 
+add a entry to a directory listing
+*******************************************************/
+static void smbw_printjob_add(struct print_job_info *job)
+{
+	struct file_info finfo;
+
+	ZERO_STRUCT(finfo);
+
+	pstrcpy(finfo.name, job->name);
+	finfo.mode = aRONLY | aDIR;	
+	finfo.mtime = job->t;
+	finfo.atime = job->t;
+	finfo.ctime = job->t;
+	finfo.uid = nametouid(job->user);
+	finfo.mode = aRONLY;
+	finfo.size = job->size;
+
+	smbw_dir_add(&finfo, NULL, NULL);
+}
+
+
+/***************************************************** 
+open a directory on the server
+*******************************************************/
+int smbw_dir_open(const char *fname)
+{
+	fstring server, share;
+	pstring path;
+	struct smbw_server *srv=NULL;
+	struct smbw_dir *dir=NULL;
+	pstring mask;
+	int fd;
+	char *s, *p;
+
+	if (!fname) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	smbw_init();
+
+	/* work out what server they are after */
+	s = smbw_parse_path(fname, server, share, path);
+
+	DEBUG(4,("dir_open share=%s\n", share));
+
+	/* get a connection to the server */
+	srv = smbw_server(server, share);
+	if (!srv) {
+		/* smbw_server sets errno */
+		goto failed;
+	}
+
+	dir = (struct smbw_dir *)malloc(sizeof(*dir));
+	if (!dir) {
+		errno = ENOMEM;
+		goto failed;
+	}
+
+	ZERO_STRUCTP(dir);
+
+	cur_dir = dir;
+
+	slprintf(mask, sizeof(mask)-1, "%s\\*", path);
+	all_string_sub(mask,"\\\\","\\",0);
+
+	if ((p=strstr(srv->server_name,"#01"))) {
+		*p = 0;
+		smbw_server_add(".",0,"", NULL);
+		smbw_server_add("..",0,"", NULL);
+		smbw_NetServerEnum(&srv->cli, srv->server_name, 
+				   SV_TYPE_DOMAIN_ENUM, smbw_server_add, NULL);
+		*p = '#';
+	} else if ((p=strstr(srv->server_name,"#1D"))) {
+		DEBUG(4,("doing NetServerEnum\n"));
+		*p = 0;
+		smbw_server_add(".",0,"", NULL);
+		smbw_server_add("..",0,"", NULL);
+		smbw_NetServerEnum(&srv->cli, srv->server_name, SV_TYPE_ALL,
+				   smbw_server_add, NULL);
+		*p = '#';
+	} else if (strcmp(srv->cli.dev,"IPC") == 0) {
+		DEBUG(4,("doing NetShareEnum\n"));
+		smbw_share_add(".",0,"", NULL);
+		smbw_share_add("..",0,"", NULL);
+		if (smbw_RNetShareEnum(&srv->cli, smbw_share_add, NULL) < 0) {
+			errno = smbw_errno(&srv->cli);
+			goto failed;
+		}
+	} else if (strncmp(srv->cli.dev,"LPT",3) == 0) {
+		smbw_share_add(".",0,"", NULL);
+		smbw_share_add("..",0,"", NULL);
+		if (cli_print_queue(&srv->cli, smbw_printjob_add) < 0) {
+			errno = smbw_errno(&srv->cli);
+			goto failed;
+		}
+	} else {
+#if 0
+		if (strcmp(path,"\\") == 0) {
+			smbw_share_add(".",0,"");
+			smbw_share_add("..",0,"");
+		}
+#endif
+		if (cli_list(&srv->cli, mask, aHIDDEN|aSYSTEM|aDIR, 
+			     smbw_dir_add, NULL) < 0) {
+			errno = smbw_errno(&srv->cli);
+			goto failed;
+		}
+	}
+
+	cur_dir = NULL;
+	
+	fd = open(SMBW_DUMMY, O_WRONLY);
+	if (fd == -1) {
+		errno = EMFILE;
+		goto failed;
+	}
+
+	if (bitmap_query(smbw_file_bmap, fd)) {
+		DEBUG(0,("ERROR: fd used in smbw_dir_open\n"));
+		errno = EIO;
+		goto failed;
+	}
+
+	DLIST_ADD(smbw_dirs, dir);
+	
+	bitmap_set(smbw_file_bmap, fd);
+
+	dir->fd = fd;
+	dir->srv = srv;
+	dir->path = strdup(s);
+
+	DEBUG(4,("  -> %d\n", dir->count));
+
+	return dir->fd;
+
+ failed:
+	free_dir(dir);
+	
+	return -1;
+}
+
+/***************************************************** 
+a wrapper for fstat() on a directory
+*******************************************************/
+int smbw_dir_fstat(int fd, struct stat *st)
+{
+	struct smbw_dir *dir;
+
+	dir = smbw_dir(fd);
+	if (!dir) {
+		errno = EBADF;
+		return -1;
+	}
+
+	ZERO_STRUCTP(st);
+
+	smbw_setup_stat(st, "", dir->count*DIRP_SIZE, aDIR);
+
+	st->st_dev = dir->srv->dev;
+
+	return 0;
+}
+
+/***************************************************** 
+close a directory handle
+*******************************************************/
+int smbw_dir_close(int fd)
+{
+	struct smbw_dir *dir;
+
+	dir = smbw_dir(fd);
+	if (!dir) {
+		errno = EBADF;
+		return -1;
+	}
+
+	bitmap_clear(smbw_file_bmap, dir->fd);
+	close(dir->fd);
+	
+	DLIST_REMOVE(smbw_dirs, dir);
+
+	free_dir(dir);
+
+	return 0;
+}
+
+/***************************************************** 
+a wrapper for getdents()
+*******************************************************/
+int smbw_getdents(unsigned int fd, struct dirent *dirp, int count)
+{
+	struct smbw_dir *dir;
+	int n=0;
+
+	smbw_busy++;
+
+	dir = smbw_dir(fd);
+	if (!dir) {
+		errno = EBADF;
+		smbw_busy--;
+		return -1;
+	}
+
+	while (count>=DIRP_SIZE && (dir->offset < dir->count)) {
+#if HAVE_DIRENT_D_OFF
+		dirp->d_off = (dir->offset+1)*DIRP_SIZE;
+#endif
+		dirp->d_reclen = DIRP_SIZE;
+		fstrcpy(&dirp->d_name[0], dir->list[dir->offset].name);
+		dirp->d_ino = smbw_inode(dir->list[dir->offset].name);
+		dir->offset++;
+		count -= dirp->d_reclen;
+#if HAVE_DIRENT_D_OFF
+		if (dir->offset == dir->count) {
+			dirp->d_off = -1;
+		}
+#endif
+		dirp = (struct dirent *)(((char *)dirp) + DIRP_SIZE);
+		n++;
+	}
+
+	smbw_busy--;
+	return n*DIRP_SIZE;
+}
+
+
+/***************************************************** 
+a wrapper for chdir()
+*******************************************************/
+int smbw_chdir(const char *name)
+{
+	struct smbw_server *srv;
+	fstring server, share;
+	pstring path;
+	uint16 mode = aDIR;
+	char *cwd;
+	int len;
+
+	smbw_init();
+
+	len = strlen(smbw_prefix);
+
+	if (smbw_busy) return real_chdir(name);
+
+	smbw_busy++;
+
+	if (!name) {
+		errno = EINVAL;
+		goto failed;
+	}
+
+	DEBUG(4,("smbw_chdir(%s)\n", name));
+
+	/* work out what server they are after */
+	cwd = smbw_parse_path(name, server, share, path);
+
+	/* a special case - accept cd to /smb */
+	if (strncmp(cwd, smbw_prefix, len-1) == 0 &&
+	    cwd[len-1] == 0) {
+		goto success1;
+	}
+
+	if (strncmp(cwd,smbw_prefix,strlen(smbw_prefix))) {
+		if (real_chdir(cwd) == 0) {
+			goto success2;
+		}
+		goto failed;
+	}
+
+	/* get a connection to the server */
+	srv = smbw_server(server, share);
+	if (!srv) {
+		/* smbw_server sets errno */
+		goto failed;
+	}
+
+	if (strncmp(srv->cli.dev,"IPC",3) &&
+	    strncmp(srv->cli.dev,"LPT",3) &&
+	    !smbw_getatr(srv, path, 
+			 &mode, NULL, NULL, NULL, NULL, NULL)) {
+		errno = smbw_errno(&srv->cli);
+		goto failed;
+	}
+
+	if (!(mode & aDIR)) {
+		errno = ENOTDIR;
+		goto failed;
+	}
+
+ success1:
+	/* we don't want the old directory to be busy */
+	real_chdir("/");
+
+ success2:
+
+	DEBUG(4,("set SMBW_CWD to %s\n", cwd));
+
+	pstrcpy(smbw_cwd, cwd);
+
+	smbw_busy--;
+	return 0;
+
+ failed:
+	smbw_busy--;
+	return -1;
+}
+
+
+/***************************************************** 
+a wrapper for lseek() on directories
+*******************************************************/
+off_t smbw_dir_lseek(int fd, off_t offset, int whence)
+{
+	struct smbw_dir *dir;
+	off_t ret;
+
+	dir = smbw_dir(fd);
+	if (!dir) {
+		errno = EBADF;
+		return -1;
+	}
+
+	switch (whence) {
+	case SEEK_SET:
+		dir->offset = offset/DIRP_SIZE;
+		break;
+	case SEEK_CUR:
+		dir->offset += offset/DIRP_SIZE;
+		break;
+	case SEEK_END:
+		dir->offset = (dir->count * DIRP_SIZE) + offset;
+		dir->offset /= DIRP_SIZE;
+		break;
+	}
+
+	ret = dir->offset * DIRP_SIZE;
+
+	DEBUG(4,("   -> %d\n", (int)ret));
+
+	return ret;
+}
+
+
+/***************************************************** 
+a wrapper for mkdir()
+*******************************************************/
+int smbw_mkdir(const char *fname, mode_t mode)
+{
+	struct smbw_server *srv;
+	fstring server, share;
+	pstring path;
+
+	if (!fname) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	smbw_init();
+
+	smbw_busy++;
+
+	/* work out what server they are after */
+	smbw_parse_path(fname, server, share, path);
+
+	/* get a connection to the server */
+	srv = smbw_server(server, share);
+	if (!srv) {
+		/* smbw_server sets errno */
+		goto failed;
+	}
+
+	if (!cli_mkdir(&srv->cli, path)) {
+		errno = smbw_errno(&srv->cli);
+		goto failed;
+	}
+
+	smbw_busy--;
+	return 0;
+
+ failed:
+	smbw_busy--;
+	return -1;
+}
+
+/***************************************************** 
+a wrapper for rmdir()
+*******************************************************/
+int smbw_rmdir(const char *fname)
+{
+	struct smbw_server *srv;
+	fstring server, share;
+	pstring path;
+
+	if (!fname) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	smbw_init();
+
+	smbw_busy++;
+
+	/* work out what server they are after */
+	smbw_parse_path(fname, server, share, path);
+
+	/* get a connection to the server */
+	srv = smbw_server(server, share);
+	if (!srv) {
+		/* smbw_server sets errno */
+		goto failed;
+	}
+
+	if (!cli_rmdir(&srv->cli, path)) {
+		errno = smbw_errno(&srv->cli);
+		goto failed;
+	}
+
+	smbw_busy--;
+	return 0;
+
+ failed:
+	smbw_busy--;
+	return -1;
+}
+
+
+/***************************************************** 
+a wrapper for getcwd()
+*******************************************************/
+char *smbw_getcwd(char *buf, size_t size)
+{
+	smbw_init();
+
+	if (smbw_busy) {
+		return (char *)real_getcwd(buf, size);
+	}
+
+	smbw_busy++;
+
+	if (!buf) {
+		if (size <= 0) size = strlen(smbw_cwd)+1;
+		buf = (char *)malloc(size);
+		if (!buf) {
+			errno = ENOMEM;
+			smbw_busy--;
+			return NULL;
+		}
+	}
+
+	if (strlen(smbw_cwd) > size-1) {
+		errno = ERANGE;
+		smbw_busy--;
+		return NULL;
+	}
+
+	safe_strcpy(buf, smbw_cwd, size);
+
+	smbw_busy--;
+	return buf;
+}
+
+/***************************************************** 
+a wrapper for fchdir()
+*******************************************************/
+int smbw_fchdir(unsigned int fd)
+{
+	struct smbw_dir *dir;
+	int ret;
+
+	smbw_busy++;
+
+	dir = smbw_dir(fd);
+	if (dir) {
+		smbw_busy--;
+		return chdir(dir->path);
+	}	
+
+	ret = real_fchdir(fd);
+	if (ret == 0) {
+		sys_getwd(smbw_cwd);		
+	}
+
+	smbw_busy--;
+	return ret;
+}
+
+/***************************************************** 
+open a directory on the server
+*******************************************************/
+DIR *smbw_opendir(const char *fname)
+{
+	int fd;
+
+	smbw_busy++;
+
+	fd = smbw_dir_open(fname);
+
+	if (fd == -1) {
+		smbw_busy--;
+		return NULL;
+	}
+
+	smbw_busy--;
+
+	return (DIR *)smbw_dir(fd);
+}
+
+/***************************************************** 
+read one entry from a directory
+*******************************************************/
+struct dirent *smbw_readdir(DIR *dirp)
+{
+	struct smbw_dir *d = (struct smbw_dir *)dirp;
+	static union {
+		char buf[DIRP_SIZE];
+		struct dirent de;
+	} dbuf;
+
+	if (smbw_getdents(d->fd, &dbuf.de, DIRP_SIZE) > 0) 
+		return &dbuf.de;
+
+	return NULL;
+}
+
+/***************************************************** 
+close a DIR*
+*******************************************************/
+int smbw_closedir(DIR *dirp)
+{
+	struct smbw_dir *d = (struct smbw_dir *)dirp;
+	return smbw_close(d->fd);
+}
+
+/***************************************************** 
+seek in a directory
+*******************************************************/
+void smbw_seekdir(DIR *dirp, off_t offset)
+{
+	struct smbw_dir *d = (struct smbw_dir *)dirp;
+	smbw_dir_lseek(d->fd,offset, SEEK_SET);
+}
+
+/***************************************************** 
+current loc in a directory
+*******************************************************/
+off_t smbw_telldir(DIR *dirp)
+{
+	struct smbw_dir *d = (struct smbw_dir *)dirp;
+	return smbw_dir_lseek(d->fd,0,SEEK_CUR);
+}
diff --git a/source3/smbwrapper/smbw_stat.c b/source3/smbwrapper/smbw_stat.c
new file mode 100644
index 0000000000..6c476a8a67
--- /dev/null
+++ b/source3/smbwrapper/smbw_stat.c
@@ -0,0 +1,250 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB wrapper stat functions
+   Copyright (C) Andrew Tridgell 1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+extern int smbw_busy;
+
+/***************************************************** 
+setup basic info in a stat structure
+*******************************************************/
+void smbw_setup_stat(struct stat *st, char *fname, size_t size, int mode)
+{
+	st->st_mode = 0;
+
+	if (IS_DOS_DIR(mode)) {
+		st->st_mode = SMBW_DIR_MODE;
+	} else {
+		st->st_mode = SMBW_FILE_MODE;
+	}
+
+	if (IS_DOS_ARCHIVE(mode)) st->st_mode |= S_IXUSR;
+	if (IS_DOS_SYSTEM(mode)) st->st_mode |= S_IXGRP;
+	if (IS_DOS_HIDDEN(mode)) st->st_mode |= S_IXOTH;
+	if (!IS_DOS_READONLY(mode)) st->st_mode |= S_IWUSR;
+
+	st->st_size = size;
+	st->st_blksize = 512;
+	st->st_blocks = (size+511)/512;
+	st->st_uid = getuid();
+	st->st_gid = getgid();
+	if (IS_DOS_DIR(mode)) {
+		st->st_nlink = 2;
+	} else {
+		st->st_nlink = 1;
+	}
+	if (st->st_ino == 0) {
+		st->st_ino = smbw_inode(fname);
+	}
+}
+
+
+/***************************************************** 
+try to do a QPATHINFO and if that fails then do a getatr
+this is needed because win95 sometimes refuses the qpathinfo
+*******************************************************/
+BOOL smbw_getatr(struct smbw_server *srv, char *path, 
+		 uint16 *mode, size_t *size, 
+		 time_t *c_time, time_t *a_time, time_t *m_time,
+		 SMB_INO_T *ino)
+{
+	DEBUG(4,("sending qpathinfo\n"));
+
+	if (!srv->no_pathinfo2 &&
+	    cli_qpathinfo2(&srv->cli, path, c_time, a_time, m_time, NULL,
+			   size, mode, ino)) return True;
+
+	/* if this is NT then don't bother with the getatr */
+	if (srv->cli.capabilities & CAP_NT_SMBS) return False;
+
+	if (cli_getatr(&srv->cli, path, mode, size, m_time)) {
+		a_time = c_time = m_time;
+		srv->no_pathinfo2 = True;
+		return True;
+	}
+	return False;
+}
+
+
+static struct print_job_info printjob;
+
+/***************************************************** 
+gather info from a printjob listing
+*******************************************************/
+static void smbw_printjob_stat(struct print_job_info *job)
+{
+	if (strcmp(job->name, printjob.name) == 0) {
+		printjob = *job;
+	}
+}
+
+/***************************************************** 
+stat a printjob
+*******************************************************/
+int smbw_stat_printjob(struct smbw_server *srv,char *path,
+		       size_t *size, time_t *m_time)
+{
+	if (path[0] == '\\') path++;
+
+	ZERO_STRUCT(printjob);
+
+	fstrcpy(printjob.name, path);
+	cli_print_queue(&srv->cli, smbw_printjob_stat);
+
+	if (size) {
+		*size = printjob.size;
+	}
+	if (m_time) {
+		*m_time = printjob.t;
+	}
+	return printjob.id;
+}
+
+
+/***************************************************** 
+a wrapper for fstat()
+*******************************************************/
+int smbw_fstat(int fd, struct stat *st)
+{
+	struct smbw_file *file;
+	time_t c_time, a_time, m_time;
+	size_t size;
+	uint16 mode;
+	SMB_INO_T ino = 0;
+
+	smbw_busy++;
+
+	ZERO_STRUCTP(st);
+
+	file = smbw_file(fd);
+	if (!file) {
+		int ret = smbw_dir_fstat(fd, st);
+		smbw_busy--;
+		return ret;
+	}
+
+	if (!cli_qfileinfo(&file->srv->cli, file->f->cli_fd, 
+			   &mode, &size, &c_time, &a_time, &m_time, NULL,
+			   &ino) &&
+	    !cli_getattrE(&file->srv->cli, file->f->cli_fd, 
+			  &mode, &size, &c_time, &a_time, &m_time)) {
+		errno = EINVAL;
+		smbw_busy--;
+		return -1;
+	}
+
+	st->st_ino = ino;
+
+	smbw_setup_stat(st, file->f->fname, size, mode);
+
+	st->st_atime = a_time;
+	st->st_ctime = c_time;
+	st->st_mtime = m_time;
+	st->st_dev = file->srv->dev;
+
+	smbw_busy--;
+	return 0;
+}
+
+
+/***************************************************** 
+a wrapper for stat()
+*******************************************************/
+int smbw_stat(const char *fname, struct stat *st)
+{
+	struct smbw_server *srv;
+	fstring server, share;
+	pstring path;
+	time_t m_time=0, a_time=0, c_time=0;
+	size_t size=0;
+	uint16 mode=0;
+	SMB_INO_T ino = 0;
+	int result = 0;
+
+	ZERO_STRUCTP(st);
+
+	if (!fname) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	DEBUG(4,("stat(%s)\n", fname));
+
+	smbw_init();
+
+	smbw_busy++;
+
+	/* work out what server they are after */
+	smbw_parse_path(fname, server, share, path);
+
+	/* get a connection to the server */
+	srv = smbw_server(server, share);
+	if (!srv) {
+
+		/* For shares we aren't allowed to connect to, or no master
+		   browser found, return an empty directory */
+
+		if ((server[0] && share[0] && !path[0] && errno == EACCES) ||
+		    (!path[0] && errno == ENOENT)) {
+			mode = aDIR | aRONLY;
+			smbw_setup_stat(st, path, size, mode);
+			goto done;
+		}
+
+		/* smbw_server sets errno */
+		result = -1;
+		goto done;
+	}
+
+	DEBUG(4,("smbw_stat\n"));
+
+	if (strncmp(srv->cli.dev,"IPC",3) == 0) {
+		mode = aDIR | aRONLY;
+	} else if (strncmp(srv->cli.dev,"LPT",3) == 0) {
+		if (strcmp(path,"\\") == 0) {
+			mode = aDIR | aRONLY;
+		} else {
+			mode = aRONLY;
+			smbw_stat_printjob(srv, path, &size, &m_time);
+			c_time = a_time = m_time;
+		}
+	} else {
+		if (!smbw_getatr(srv, path, 
+				 &mode, &size, &c_time, &a_time, &m_time,
+				 &ino)) {
+			errno = smbw_errno(&srv->cli);
+			result = -1;
+			goto done;
+		}
+	}
+
+	st->st_ino = ino;
+
+	smbw_setup_stat(st, path, size, mode);
+
+	st->st_atime = a_time;
+	st->st_ctime = c_time;
+	st->st_mtime = m_time;
+	st->st_dev = srv->dev;
+
+ done:
+	smbw_busy--;
+	return result;
+}
diff --git a/source3/smbwrapper/wrapped.c b/source3/smbwrapper/wrapped.c
new file mode 100644
index 0000000000..338ee0d5b1
--- /dev/null
+++ b/source3/smbwrapper/wrapped.c
@@ -0,0 +1,705 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB wrapper functions
+   Copyright (C) Andrew Tridgell 1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+/* NOTE: This file WILL produce compiler warnings. They are unavoidable 
+
+   Do not try and get rid of them by including other include files or
+   by including includes.h or proto.h or you will break portability. 
+  */
+
+#include "config.h"
+#include <sys/types.h>
+#include <errno.h>
+#include "realcalls.h"
+
+#ifndef NULL
+# define NULL ((void *)0)
+#endif
+
+ int open(char *name, int flags, mode_t mode)
+{
+	if (smbw_path(name)) {
+		return smbw_open(name, flags, mode);
+	}
+
+	return real_open(name, flags, mode);
+}
+
+#ifdef HAVE__OPEN
+ int _open(char *name, int flags, mode_t mode) 
+{
+	return open(name, flags, mode);
+}
+#elif HAVE___OPEN
+ int __open(char *name, int flags, mode_t mode) 
+{
+	return open(name, flags, mode);
+}
+#endif
+
+
+#ifdef HAVE_OPEN64
+ int open64(char *name, int flags, mode_t mode)
+{
+	if (smbw_path(name)) {
+		return smbw_open(name, flags, mode);
+	}
+
+	return real_open64(name, flags, mode);
+}
+#endif
+
+#ifndef NO_OPEN64_ALIAS
+#ifdef HAVE__OPEN64
+ int _open64(char *name, int flags, mode_t mode) 
+{
+	return open64(name, flags, mode);
+}
+#elif HAVE___OPEN64
+ int __open64(char *name, int flags, mode_t mode) 
+{
+	return open64(name, flags, mode);
+}
+#endif
+#endif
+
+#ifdef HAVE_PREAD
+ ssize_t pread(int fd, void *buf, size_t size, off_t ofs)
+{
+	if (smbw_fd(fd)) {
+		return smbw_pread(fd, buf, size, ofs);
+	}
+
+	return real_pread(fd, buf, size, ofs);
+}
+#endif
+
+#if defined(HAVE_PREAD64) && defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT)
+ ssize_t pread64(int fd, void *buf, size_t size, off64_t ofs)
+{
+	if (smbw_fd(fd)) {
+		return smbw_pread(fd, buf, size, ofs);
+	}
+
+	return real_pread64(fd, buf, size, ofs);
+}
+#endif
+
+#ifdef HAVE_PWRITE
+ ssize_t pwrite(int fd, void *buf, size_t size, off_t ofs)
+{
+	if (smbw_fd(fd)) {
+		return smbw_pwrite(fd, buf, size, ofs);
+	}
+
+	return real_pwrite(fd, buf, size, ofs);
+}
+#endif
+
+#if defined(HAVE_PWRITE64) && defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT)
+ ssize_t pwrite64(int fd, void *buf, size_t size, off64_t ofs)
+{
+	if (smbw_fd(fd)) {
+		return smbw_pwrite(fd, buf, size, ofs);
+	}
+
+	return real_pwrite64(fd, buf, size, ofs);
+}
+#endif
+
+
+ int chdir(char *name)
+{
+	return smbw_chdir(name);
+}
+
+#ifdef HAVE___CHDIR
+ int __chdir(char *name)
+{
+	return chdir(name);
+}
+#elif HAVE__CHDIR
+ int _chdir(char *name)
+{
+	return chdir(name);
+}
+#endif
+
+
+ int close(int fd)
+{
+	if (smbw_fd(fd)) {
+		return smbw_close(fd);
+	}
+	if (smbw_local_fd(fd)) {
+		errno = EBADF;
+		return -1;
+	}
+
+	return real_close(fd);
+}
+
+#ifdef HAVE___CLOSE
+ int __close(int fd)
+{
+	return close(fd);
+}
+#elif HAVE__CLOSE
+ int _close(int fd)
+{
+	return close(fd);
+}
+#endif
+
+
+ int fchdir(int fd)
+{
+	return smbw_fchdir(fd);
+}
+
+#ifdef HAVE___FCHDIR
+ int __fchdir(int fd)
+{
+	return fchdir(fd);
+}
+#elif HAVE__FCHDIR
+ int _fchdir(int fd)
+{
+	return fchdir(fd);
+}
+#endif
+
+
+ int fcntl(int fd, int cmd, long arg)
+{
+	if (smbw_fd(fd)) {
+		return smbw_fcntl(fd, cmd, arg);
+	}
+
+	return real_fcntl(fd, cmd, arg);
+}
+
+
+#ifdef HAVE___FCNTL
+ int __fcntl(int fd, int cmd, long arg)
+{
+	return fcntl(fd, cmd, arg);
+}
+#elif HAVE__FCNTL
+ int _fcntl(int fd, int cmd, long arg)
+{
+	return fcntl(fd, cmd, arg);
+}
+#endif
+
+
+
+#ifdef real_getdents
+ int getdents(int fd, void *dirp, unsigned int count)
+{
+	if (smbw_fd(fd)) {
+		return smbw_getdents(fd, dirp, count);
+	}
+
+	return real_getdents(fd, dirp, count);
+}
+#endif
+
+#ifdef HAVE___GETDENTS
+ int __getdents(int fd, void *dirp, unsigned int count)
+{
+	return getdents(fd, dirp, count);
+}
+#elif HAVE__GETDENTS
+ int _getdents(int fd, void *dirp, unsigned int count)
+{
+	return getdents(fd, dirp, count);
+}
+#endif
+
+
+ off_t lseek(int fd, off_t offset, int whence)
+{
+	if (smbw_fd(fd)) {
+		return smbw_lseek(fd, offset, whence);
+	}
+
+	return real_lseek(fd, offset, whence);
+}
+
+#ifdef HAVE___LSEEK
+ off_t __lseek(int fd, off_t offset, int whence)
+{
+	return lseek(fd, offset, whence);
+}
+#elif HAVE__LSEEK
+ off_t _lseek(int fd, off_t offset, int whence)
+{
+	return lseek(fd, offset, whence);
+}
+#endif
+
+
+ ssize_t read(int fd, void *buf, size_t count)
+{
+	if (smbw_fd(fd)) {
+		return smbw_read(fd, buf, count);
+	}
+
+	return real_read(fd, buf, count);
+}
+
+#ifdef HAVE___READ
+ ssize_t __read(int fd, void *buf, size_t count)
+{
+	return read(fd, buf, count);
+}
+#elif HAVE__READ
+ ssize_t _read(int fd, void *buf, size_t count)
+{
+	return read(fd, buf, count);
+}
+#endif
+
+
+ ssize_t write(int fd, void *buf, size_t count)
+{
+	if (smbw_fd(fd)) {
+		return smbw_write(fd, buf, count);
+	}
+
+	return real_write(fd, buf, count);
+}
+
+#ifdef HAVE___WRITE
+ ssize_t __write(int fd, void *buf, size_t count)
+{
+	return write(fd, buf, count);
+}
+#elif HAVE__WRITE
+ ssize_t _write(int fd, void *buf, size_t count)
+{
+	return write(fd, buf, count);
+}
+#endif
+
+
+
+ int access(char *name, int mode)
+{
+	if (smbw_path(name)) {
+		return smbw_access(name, mode);
+	}
+
+	return real_access(name, mode);
+}
+
+
+
+ int chmod(char *name,mode_t mode)
+{
+	if (smbw_path(name)) {
+		return smbw_chmod(name, mode);
+	}
+
+	return real_chmod(name, mode);
+}
+
+
+
+ int chown(char *name,uid_t owner, gid_t group)
+{
+	if (smbw_path(name)) {
+		return smbw_chown(name, owner, group);
+	}
+
+	return real_chown(name, owner, group);
+}
+
+
+ char *getcwd(char *buf, size_t size)
+{
+	return (char *)smbw_getcwd(buf, size);
+}
+
+
+
+
+ int mkdir(char *name, mode_t mode)
+{
+	if (smbw_path(name)) {
+		return smbw_mkdir(name, mode);
+	}
+
+	return real_mkdir(name, mode);
+}
+
+
+#if HAVE___FXSTAT
+ int __fxstat(int vers, int fd, void *st)
+{
+	double xx[32];
+	int ret;
+
+	if (smbw_fd(fd)) {
+		return smbw_fstat(fd, st);
+	}
+
+	ret = real_fstat(fd, xx);
+	xstat_convert(vers, st, xx);
+	return ret;
+}
+#endif
+
+#if HAVE___XSTAT
+ int __xstat(int vers, char *name, void *st)
+{
+	double xx[32];
+	int ret;
+
+	if (smbw_path(name)) {
+		return smbw_stat(name, st);
+	}
+
+	ret = real_stat(name, xx);
+	xstat_convert(vers, st, xx);
+	return ret;
+}
+#endif
+
+
+#if HAVE___LXSTAT
+ int __lxstat(int vers, char *name, void *st)
+{
+	double xx[32];
+	int ret;
+
+	if (smbw_path(name)) {
+		return smbw_stat(name, st);
+	}
+
+	ret = real_lstat(name, xx);
+	xstat_convert(vers, st, xx);
+	return ret;
+}
+#endif
+
+
+ int stat(char *name, void *st)
+{
+#if HAVE___XSTAT
+	return __xstat(0, name, st);
+#else
+	if (smbw_path(name)) {
+		return smbw_stat(name, st);
+	}
+	return real_stat(name, st);
+#endif
+}
+
+ int lstat(char *name, void *st)
+{
+#if HAVE___LXSTAT
+	return __lxstat(0, name, st);
+#else
+	if (smbw_path(name)) {
+		return smbw_stat(name, st);
+	}
+	return real_lstat(name, st);
+#endif
+}
+
+ int fstat(int fd, void *st)
+{
+#if HAVE___LXSTAT
+	return __fxstat(0, fd, st);
+#else
+	if (smbw_fd(fd)) {
+		return smbw_fstat(fd, st);
+	}
+	return real_fstat(fd, st);
+#endif
+}
+
+
+ int unlink(char *name)
+{
+	if (smbw_path(name)) {
+		return smbw_unlink(name);
+	}
+
+	return real_unlink(name);
+}
+
+
+#ifdef HAVE_UTIME
+ int utime(char *name,void *tvp)
+{
+	if (smbw_path(name)) {
+		return smbw_utime(name, tvp);
+	}
+
+	return real_utime(name, tvp);
+}
+#endif
+
+#ifdef HAVE_UTIMES
+ int utimes(const char *name, const struct timeval *tvp)
+{
+	if (smbw_path(name)) {
+		return smbw_utimes(name, tvp);
+	}
+
+	return real_utimes(name, tvp);
+}
+#endif
+
+ int readlink(char *path, char *buf, size_t bufsize)
+{
+	if (smbw_path(path)) {
+		return smbw_readlink(path, buf, bufsize);
+	}
+
+	return real_readlink(path, buf, bufsize);
+}
+
+
+ int rename(char *oldname,char *newname)
+{
+	int p1, p2;
+	p1 = smbw_path(oldname); 
+	p2 = smbw_path(newname); 
+	if (p1 ^ p2) {
+		/* can't cross filesystem boundaries */
+		errno = EXDEV;
+		return -1;
+	}
+	if (p1 && p2) {
+		return smbw_rename(oldname, newname);
+	}
+
+	return real_rename(oldname, newname);
+}
+
+ int rmdir(char *name)
+{
+	if (smbw_path(name)) {
+		return smbw_rmdir(name);
+	}
+
+	return real_rmdir(name);
+}
+
+
+ int symlink(char *topath,char *frompath)
+{
+	int p1, p2;
+	p1 = smbw_path(topath); 
+	p2 = smbw_path(frompath); 
+	if (p1 || p2) {
+		/* can't handle symlinks */
+		errno = EPERM;
+		return -1;
+	}
+
+	return real_symlink(topath, frompath);
+}
+
+ int dup(int fd)
+{
+	if (smbw_fd(fd)) {
+		return smbw_dup(fd);
+	}
+
+	return real_dup(fd);
+}
+
+ int dup2(int oldfd, int newfd)
+{
+	if (smbw_fd(newfd)) {
+		close(newfd);
+	}
+
+	if (smbw_fd(oldfd)) {
+		return smbw_dup2(oldfd, newfd);
+	}
+
+	return real_dup2(oldfd, newfd);
+}
+
+#ifdef real_opendir
+ void *opendir(char *name)
+{
+	if (smbw_path(name)) {
+		return (void *)smbw_opendir(name);
+	}
+
+	return (void *)real_opendir(name);
+}
+#endif
+
+#ifdef real_readdir
+ void *readdir(void *dir)
+{
+	if (smbw_dirp(dir)) {
+		return (void *)smbw_readdir(dir);
+	}
+
+	return (void *)real_readdir(dir);
+}
+#endif
+
+#ifdef real_closedir
+ int closedir(void *dir)
+{
+	if (smbw_dirp(dir)) {
+		return smbw_closedir(dir);
+	}
+
+	return real_closedir(dir);
+}
+#endif
+
+#ifdef real_telldir
+ off_t telldir(void *dir)
+{
+	if (smbw_dirp(dir)) {
+		return smbw_telldir(dir);
+	}
+
+	return real_telldir(dir);
+}
+#endif
+
+#ifdef real_seekdir
+ int seekdir(void *dir, off_t offset)
+{
+	if (smbw_dirp(dir)) {
+		smbw_seekdir(dir, offset);
+		return 0;
+	}
+
+	real_seekdir(dir, offset);
+	return 0;
+}
+#endif
+
+
+#ifndef NO_ACL_WRAPPER
+ int  acl(char  *pathp,  int  cmd,  int  nentries, void *aclbufp)
+{
+	if (smbw_path(pathp)) {
+		return smbw_acl(pathp, cmd, nentries, aclbufp);
+	}
+
+	return real_acl(pathp, cmd, nentries, aclbufp);
+}
+#endif
+
+#ifndef NO_FACL_WRAPPER
+ int  facl(int fd,  int  cmd,  int  nentries, void *aclbufp)
+{
+	if (smbw_fd(fd)) {
+		return smbw_facl(fd, cmd, nentries, aclbufp);
+	}
+
+	return real_facl(fd, cmd, nentries, aclbufp);
+}
+#endif
+
+ int creat(char *path, mode_t mode)
+{
+	extern int creat_bits;
+	return open(path, creat_bits, mode);
+}
+
+#ifdef HAVE_CREAT64
+ int creat64(char *path, mode_t mode)
+{
+	extern int creat_bits;
+	return open64(path, creat_bits, mode);
+}
+#endif
+
+#ifdef HAVE_STAT64
+  int stat64(char *name, void *st64)
+{
+	if (smbw_path(name)) {
+		double xx[32];
+		int ret = stat(name, xx);
+		stat64_convert(xx, st64);
+		return ret;
+	}
+	return real_stat64(name, st64);
+}
+
+  int fstat64(int fd, void *st64)
+{
+	if (smbw_fd(fd)) {
+		double xx[32];
+		int ret = fstat(fd, xx);
+		stat64_convert(xx, st64);
+		return ret;
+	}
+	return real_fstat64(fd, st64);
+}
+
+  int lstat64(char *name, void *st64)
+{
+	if (smbw_path(name)) {
+		double xx[32];
+		int ret = lstat(name, xx);
+		stat64_convert(xx, st64);
+		return ret;
+	}
+	return real_lstat64(name, st64);
+}
+#endif
+
+#ifdef HAVE_LLSEEK
+  offset_t llseek(int fd, offset_t ofs, int whence)
+{
+	if (smbw_fd(fd)) {
+		return lseek(fd, ofs, whence);
+	}
+	return real_llseek(fd, ofs, whence);
+}
+#endif
+
+#ifdef HAVE_READDIR64
+ void *readdir64(void *dir)
+{
+	if (smbw_dirp(dir)) {
+		static double xx[70];
+		void *d;
+		d = (void *)readdir(dir);
+		if (!d) return NULL;
+		dirent64_convert(d, xx);
+		return xx;
+	}
+	return (void *)real_readdir64(dir);
+}
+#endif
+
+ int fork(void)
+{
+	return smbw_fork();
+}
+
diff --git a/source3/tdb/.cvsignore b/source3/tdb/.cvsignore
new file mode 100644
index 0000000000..15ff2846c7
--- /dev/null
+++ b/source3/tdb/.cvsignore
@@ -0,0 +1,10 @@
+*.po
+*.po32
+tdbdump
+tdbtest
+tdbtool
+tdbtorture
+test.db
+test.gdbm
+test.tdb
+torture.tdb
diff --git a/source3/tdb/Makefile b/source3/tdb/Makefile
new file mode 100644
index 0000000000..59fbb079bd
--- /dev/null
+++ b/source3/tdb/Makefile
@@ -0,0 +1,29 @@
+#
+# Makefile for tdb directory
+#
+
+CFLAGS = -DSTANDALONE -DTDB_DEBUG -g -DHAVE_MMAP=1
+CC = gcc
+
+PROGS = tdbtest tdbtool tdbtorture
+TDB_OBJ = tdb.o spinlock.o
+
+default: $(PROGS)
+
+tdbtest: tdbtest.o $(TDB_OBJ)
+	$(CC) $(CFLAGS) -o tdbtest tdbtest.o $(TDB_OBJ) -lgdbm
+
+tdbtool: tdbtool.o $(TDB_OBJ)
+	$(CC) $(CFLAGS) -o tdbtool tdbtool.o $(TDB_OBJ)
+
+tdbtorture: tdbtorture.o $(TDB_OBJ)
+	$(CC) $(CFLAGS) -o tdbtorture tdbtorture.o $(TDB_OBJ)
+
+tdbdump: tdbdump.o $(TDB_OBJ)
+	$(CC) $(CFLAGS) -o tdbdump tdbdump.o $(TDB_OBJ)
+
+tdbbackup: tdbbackup.o $(TDB_OBJ)
+	$(CC) $(CFLAGS) -o tdbbackup tdbbackup.o $(TDB_OBJ)
+
+clean:
+	rm -f $(PROGS) *.o *~ *% core test.db test.tdb test.gdbm
diff --git a/source3/tdb/README b/source3/tdb/README
new file mode 100644
index 0000000000..fac3eacb4d
--- /dev/null
+++ b/source3/tdb/README
@@ -0,0 +1,167 @@
+tdb - a trivial database system
+tridge@linuxcare.com December 1999
+==================================
+
+This is a simple database API. It was inspired by the realisation that
+in Samba we have several ad-hoc bits of code that essentially
+implement small databases for sharing structures between parts of
+Samba. As I was about to add another I realised that a generic
+database module was called for to replace all the ad-hoc bits.
+
+I based the interface on gdbm. I couldn't use gdbm as we need to be
+able to have multiple writers to the databases at one time.
+
+Compilation
+-----------
+
+add HAVE_MMAP=1 to use mmap instead of read/write
+add TDB_DEBUG=1 for verbose debug info
+add NOLOCK=1 to disable locking code
+
+Testing
+-------
+
+Compile tdbtest.c and link with gdbm for testing. tdbtest will perform
+identical operations via tdb and gdbm then make sure the result is the
+same
+
+Also included is tdbtool, which allows simple database manipulation
+on the commandline.
+
+tdbtest and tdbtool are not built as part of Samba, but are included
+for completeness.
+
+Interface
+---------
+
+The interface is very similar to gdbm except for the following:
+
+- different open interface. The tdb_open call is more similar to a
+  traditional open()
+- no tdbm_reorganise() function
+- no tdbm_sync() function. No operations are cached in the library anyway
+- added a tdb_traverse() function for traversing the whole database
+
+A general rule for using tdb is that the caller frees any returned
+TDB_DATA structures. Just call free(p.dptr) to free a TDB_DATA
+return value called p. This is the same as gdbm.
+
+here is a full list of tdb functions with brief descriptions.
+
+
+----------------------------------------------------------------------
+TDB_CONTEXT *tdb_open(char *name, int hash_size, int tdb_flags,
+		      int open_flags, mode_t mode)
+
+   open the database, creating it if necessary 
+
+   The open_flags and mode are passed straight to the open call on the database
+   file. A flags value of O_WRONLY is invalid
+
+   The hash size is advisory, use zero for a default value. 
+
+   return is NULL on error
+
+   possible tdb_flags are:
+    TDB_CLEAR_IF_FIRST - clear database if we are the only one with it open
+    TDB_INTERNAL - don't use a file, instaed store the data in
+                   memory. The filename is ignored in this case.
+    TDB_NOLOCK - don't do any locking
+    TDB_NOMMAP - don't use mmap
+
+----------------------------------------------------------------------
+char *tdb_error(TDB_CONTEXT *tdb);
+
+     return a error string for the last tdb error
+
+----------------------------------------------------------------------
+int tdb_close(TDB_CONTEXT *tdb);
+
+   close a database
+
+----------------------------------------------------------------------
+int tdb_update(TDB_CONTEXT *tdb, TDB_DATA key, TDB_DATA dbuf);
+
+   update an entry in place - this only works if the new data size
+   is <= the old data size and the key exists.
+   on failure return -1
+
+----------------------------------------------------------------------
+TDB_DATA tdb_fetch(TDB_CONTEXT *tdb, TDB_DATA key);
+
+   fetch an entry in the database given a key 
+   if the return value has a null dptr then a error occurred
+
+   caller must free the resulting data
+
+----------------------------------------------------------------------
+int tdb_exists(TDB_CONTEXT *tdb, TDB_DATA key);
+
+   check if an entry in the database exists 
+
+   note that 1 is returned if the key is found and 0 is returned if not found
+   this doesn't match the conventions in the rest of this module, but is
+   compatible with gdbm
+
+----------------------------------------------------------------------
+int tdb_traverse(TDB_CONTEXT *tdb, int (*fn)(TDB_CONTEXT *tdb,
+                 TDB_DATA key, TDB_DATA dbuf, void *state), void *state);
+
+   traverse the entire database - calling fn(tdb, key, data, state) on each 
+   element.
+
+   return -1 on error or the record count traversed
+
+   if fn is NULL then it is not called
+
+   a non-zero return value from fn() indicates that the traversal should stop
+
+----------------------------------------------------------------------
+TDB_DATA tdb_firstkey(TDB_CONTEXT *tdb);
+
+   find the first entry in the database and return its key
+
+   the caller must free the returned data
+
+----------------------------------------------------------------------
+TDB_DATA tdb_nextkey(TDB_CONTEXT *tdb, TDB_DATA key);
+
+   find the next entry in the database, returning its key
+
+   the caller must free the returned data
+
+----------------------------------------------------------------------
+int tdb_delete(TDB_CONTEXT *tdb, TDB_DATA key);
+
+   delete an entry in the database given a key
+
+----------------------------------------------------------------------
+int tdb_store(TDB_CONTEXT *tdb, TDB_DATA key, TDB_DATA dbuf, int flag);
+
+   store an element in the database, replacing any existing element
+   with the same key 
+
+   If flag==TDB_INSERT then don't overwrite an existing entry
+   If flag==TDB_MODIFY then don't create a new entry
+
+   return 0 on success, -1 on failure
+
+----------------------------------------------------------------------
+int tdb_writelock(TDB_CONTEXT *tdb);
+
+   lock the database. If we already have it locked then don't do anything
+
+----------------------------------------------------------------------
+int tdb_writeunlock(TDB_CONTEXT *tdb);
+   unlock the database
+
+----------------------------------------------------------------------
+int tdb_lockchain(TDB_CONTEXT *tdb, TDB_DATA key);
+
+   lock one hash chain. This is meant to be used to reduce locking
+   contention - it cannot guarantee how many records will be locked
+
+----------------------------------------------------------------------
+int tdb_unlockchain(TDB_CONTEXT *tdb, TDB_DATA key);
+
+   unlock one hash chain
diff --git a/source3/tdb/spinlock.c b/source3/tdb/spinlock.c
new file mode 100644
index 0000000000..74472854cf
--- /dev/null
+++ b/source3/tdb/spinlock.c
@@ -0,0 +1,429 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Samba database functions
+   Copyright (C) Anton Blanchard                   2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+#if HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#if STANDALONE
+#include <stdlib.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <string.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <sys/stat.h>
+#include <time.h>
+#include "tdb.h"
+#include "spinlock.h"
+
+#define DEBUG
+#else
+#include "includes.h"
+#endif
+
+#ifdef USE_SPINLOCKS
+
+/*
+ * ARCH SPECIFIC
+ */
+
+#if defined(SPARC_SPINLOCKS)
+
+static inline int __spin_trylock(spinlock_t *lock)
+{
+	unsigned int result;
+
+	asm volatile("ldstub    [%1], %0"
+		: "=r" (result)
+		: "r" (lock)
+		: "memory");
+
+	return (result == 0) ? 0 : EBUSY;
+}
+
+static inline void __spin_unlock(spinlock_t *lock)
+{
+	asm volatile("":::"memory");
+	*lock = 0;
+}
+
+static inline void __spin_lock_init(spinlock_t *lock)
+{
+	*lock = 0;
+}
+
+static inline int __spin_is_locked(spinlock_t *lock)
+{
+	return (*lock != 0);
+}
+
+#elif defined(POWERPC_SPINLOCKS) 
+
+static inline int __spin_trylock(spinlock_t *lock)
+{
+	unsigned int result;
+
+	__asm__ __volatile__(
+"1:	lwarx		%0,0,%1\n\
+	cmpwi		0,%0,0\n\
+	li		%0,0\n\
+	bne-		2f\n\
+	li		%0,1\n\
+	stwcx.		%0,0,%1\n\
+	bne-		1b\n\
+	isync\n\
+2:"	: "=&r"(result)
+	: "r"(lock)
+	: "cr0", "memory");
+
+	return (result == 1) ? 0 : EBUSY;
+}
+
+static inline void __spin_unlock(spinlock_t *lock)
+{
+	asm volatile("eieio":::"memory");
+	*lock = 0;
+}
+
+static inline void __spin_lock_init(spinlock_t *lock)
+{
+	*lock = 0;
+}
+
+static inline int __spin_is_locked(spinlock_t *lock)
+{
+	return (*lock != 0);
+}
+
+#elif defined(INTEL_SPINLOCKS) 
+
+static inline int __spin_trylock(spinlock_t *lock)
+{
+	int oldval;
+
+	asm volatile("xchgl %0,%1"
+		: "=r" (oldval), "=m" (*lock)
+		: "0" (0)
+		: "memory");
+
+	return oldval > 0 ? 0 : EBUSY;
+}
+
+static inline void __spin_unlock(spinlock_t *lock)
+{
+	asm volatile("":::"memory");
+	*lock = 1;
+}
+
+static inline void __spin_lock_init(spinlock_t *lock)
+{
+	*lock = 1;
+}
+
+static inline int __spin_is_locked(spinlock_t *lock)
+{
+	return (*lock != 1);
+}
+
+#elif defined(MIPS_SPINLOCKS) 
+
+static inline unsigned int load_linked(unsigned long addr)
+{
+	unsigned int res;
+
+	__asm__ __volatile__("ll\t%0,(%1)"
+		: "=r" (res)
+		: "r" (addr));
+
+	return res;
+}
+
+static inline unsigned int store_conditional(unsigned long addr, unsigned int value)
+{
+	unsigned int res;
+
+	__asm__ __volatile__("sc\t%0,(%2)"
+		: "=r" (res)
+		: "0" (value), "r" (addr));
+	return res;
+}
+
+static inline int __spin_trylock(spinlock_t *lock)
+{
+	unsigned int mw;
+
+	do {
+		mw = load_linked(lock);
+		if (mw) 
+			return EBUSY;
+	} while (!store_conditional(lock, 1));
+
+	asm volatile("":::"memory");
+
+	return 0;
+}
+
+static inline void __spin_unlock(spinlock_t *lock)
+{
+	asm volatile("":::"memory");
+	*lock = 0;
+}
+
+static inline void __spin_lock_init(spinlock_t *lock)
+{
+	*lock = 0;
+}
+
+static inline int __spin_is_locked(spinlock_t *lock)
+{
+	return (*lock != 0);
+}
+
+#else
+#error Need to implement spinlock code in spinlock.c
+#endif
+
+/*
+ * OS SPECIFIC
+ */
+
+static void yield_cpu(void)
+{
+	struct timespec tm;
+
+#ifdef USE_SCHED_YIELD
+	sched_yield();
+#else
+	/* Linux will busy loop for delays < 2ms on real time tasks */
+	tm.tv_sec = 0;
+	tm.tv_nsec = 2000000L + 1;
+	nanosleep(&tm, NULL);
+#endif
+}
+
+static int this_is_smp(void)
+{
+	return 0;
+}
+
+/*
+ * GENERIC
+ */
+
+static int smp_machine = 0;
+
+static inline void __spin_lock(spinlock_t *lock)
+{
+	int ntries = 0;
+
+	while(__spin_trylock(lock)) {
+		while(__spin_is_locked(lock)) {
+			if (smp_machine && ntries++ < MAX_BUSY_LOOPS)
+				continue;
+			yield_cpu();
+		}
+	}
+}
+
+static void __read_lock(tdb_rwlock_t *rwlock)
+{
+	int ntries = 0;
+
+	while(1) {
+		__spin_lock(&rwlock->lock);
+
+		if (!(rwlock->count & RWLOCK_BIAS)) {
+			rwlock->count++;
+			__spin_unlock(&rwlock->lock);
+			return;
+		}
+	
+		__spin_unlock(&rwlock->lock);
+
+		while(rwlock->count & RWLOCK_BIAS) {
+			if (smp_machine && ntries++ < MAX_BUSY_LOOPS)
+				continue;
+			yield_cpu();
+		}
+	}
+}
+
+static void __write_lock(tdb_rwlock_t *rwlock)
+{
+	int ntries = 0;
+
+	while(1) {
+		__spin_lock(&rwlock->lock);
+
+		if (rwlock->count == 0) {
+			rwlock->count |= RWLOCK_BIAS;
+			__spin_unlock(&rwlock->lock);
+			return;
+		}
+
+		__spin_unlock(&rwlock->lock);
+
+		while(rwlock->count != 0) {
+			if (smp_machine && ntries++ < MAX_BUSY_LOOPS)
+				continue;
+			yield_cpu();
+		}
+	}
+}
+
+static void __write_unlock(tdb_rwlock_t *rwlock)
+{
+	__spin_lock(&rwlock->lock);
+
+#ifdef DEBUG
+	if (!(rwlock->count & RWLOCK_BIAS))
+		fprintf(stderr, "bug: write_unlock\n");
+#endif
+
+	rwlock->count &= ~RWLOCK_BIAS;
+	__spin_unlock(&rwlock->lock);
+}
+
+static void __read_unlock(tdb_rwlock_t *rwlock)
+{
+	__spin_lock(&rwlock->lock);
+
+#ifdef DEBUG
+	if (!rwlock->count)
+		fprintf(stderr, "bug: read_unlock\n");
+
+	if (rwlock->count & RWLOCK_BIAS)
+		fprintf(stderr, "bug: read_unlock\n");
+#endif
+
+	rwlock->count--;
+	__spin_unlock(&rwlock->lock);
+}
+
+/* TDB SPECIFIC */
+
+/* lock a list in the database. list -1 is the alloc list */
+int tdb_spinlock(TDB_CONTEXT *tdb, int list, int rw_type)
+{
+	tdb_rwlock_t *rwlocks;
+
+	if (!tdb->map_ptr) return -1;
+	rwlocks = (tdb_rwlock_t *)((char *)tdb->map_ptr + tdb->header.rwlocks);
+
+	switch(rw_type) {
+	case F_RDLCK:
+		__read_lock(&rwlocks[list+1]);
+		break;
+
+	case F_WRLCK:
+		__write_lock(&rwlocks[list+1]);
+		break;
+
+	default:
+		return TDB_ERRCODE(TDB_ERR_LOCK, -1);
+	}
+	return 0;
+}
+
+/* unlock the database. */
+int tdb_spinunlock(TDB_CONTEXT *tdb, int list, int rw_type)
+{
+	tdb_rwlock_t *rwlocks;
+
+	if (!tdb->map_ptr) return -1;
+	rwlocks = (tdb_rwlock_t *)((char *)tdb->map_ptr + tdb->header.rwlocks);
+
+	switch(rw_type) {
+	case F_RDLCK:
+		__read_unlock(&rwlocks[list+1]);
+		break;
+
+	case F_WRLCK:
+		__write_unlock(&rwlocks[list+1]);
+		break;
+
+	default:
+		return TDB_ERRCODE(TDB_ERR_LOCK, -1);
+	}
+
+	return 0;
+}
+
+int tdb_create_rwlocks(int fd, unsigned int hash_size)
+{
+	unsigned size, i;
+	tdb_rwlock_t *rwlocks;
+
+	size = (hash_size + 1) * sizeof(tdb_rwlock_t);
+	rwlocks = malloc(size);
+	if (!rwlocks)
+		return -1;
+
+	for(i = 0; i < hash_size+1; i++) {
+		__spin_lock_init(&rwlocks[i].lock);
+		rwlocks[i].count = 0;
+	}
+
+	/* Write it out (appending to end) */
+	if (write(fd, rwlocks, size) != size) {
+		free(rwlocks);
+		return -1;
+	}
+	smp_machine = this_is_smp();
+	free(rwlocks);
+	return 0;
+}
+
+int tdb_clear_spinlocks(TDB_CONTEXT *tdb)
+{
+	tdb_rwlock_t *rwlocks;
+	unsigned i;
+
+	if (tdb->header.rwlocks == 0) return 0;
+	if (!tdb->map_ptr) return -1;
+
+	/* We're mmapped here */
+	rwlocks = (tdb_rwlock_t *)((char *)tdb->map_ptr + tdb->header.rwlocks);
+	for(i = 0; i < tdb->header.hash_size+1; i++) {
+		__spin_lock_init(&rwlocks[i].lock);
+		rwlocks[i].count = 0;
+	}
+	return 0;
+}
+#else
+int tdb_create_rwlocks(int fd, unsigned int hash_size) { return 0; }
+int tdb_spinlock(TDB_CONTEXT *tdb, int list, int rw_type) { return -1; }
+int tdb_spinunlock(TDB_CONTEXT *tdb, int list, int rw_type) { return -1; }
+
+/* Non-spinlock version: remove spinlock pointer */
+int tdb_clear_spinlocks(TDB_CONTEXT *tdb)
+{
+	tdb_off off = (tdb_off)((char *)&tdb->header.rwlocks
+				- (char *)&tdb->header);
+
+	tdb->header.rwlocks = 0;
+	if (lseek(tdb->fd, off, SEEK_SET) != off
+	    || write(tdb->fd, (void *)&tdb->header.rwlocks,
+		     sizeof(tdb->header.rwlocks)) 
+	    != sizeof(tdb->header.rwlocks))
+		return -1;
+	return 0;
+}
+#endif
diff --git a/source3/tdb/spinlock.h b/source3/tdb/spinlock.h
new file mode 100644
index 0000000000..d6a2ac6eb8
--- /dev/null
+++ b/source3/tdb/spinlock.h
@@ -0,0 +1,55 @@
+#ifndef __SPINLOCK_H__
+#define __SPINLOCK_H__
+
+#if HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include "tdb.h"
+
+#ifdef USE_SPINLOCKS
+
+#define RWLOCK_BIAS 0x1000UL
+
+/* OS SPECIFIC */
+#define MAX_BUSY_LOOPS 1000
+#undef USE_SCHED_YIELD
+
+/* ARCH SPECIFIC */
+/* We should make sure these are padded to a cache line */
+#if defined(SPARC_SPINLOCKS)
+typedef volatile char spinlock_t;
+#elif defined(POWERPC_SPINLOCKS)
+typedef volatile unsigned long spinlock_t;
+#elif defined(INTEL_SPINLOCKS)
+typedef volatile int spinlock_t;
+#elif defined(MIPS_SPINLOCKS)
+typedef volatile unsigned long spinlock_t;
+#else
+#error Need to implement spinlock code in spinlock.h
+#endif
+
+typedef struct {
+	spinlock_t lock;
+	volatile int count;
+} tdb_rwlock_t;
+
+int tdb_spinlock(TDB_CONTEXT *tdb, int list, int rw_type);
+int tdb_spinunlock(TDB_CONTEXT *tdb, int list, int rw_type);
+int tdb_create_rwlocks(int fd, unsigned int hash_size);
+int tdb_clear_spinlocks(TDB_CONTEXT *tdb);
+
+#else /* !USE_SPINLOCKS */
+#if 0
+#define tdb_create_rwlocks(fd, hash_size) 0
+#define tdb_spinlock(tdb, list, rw_type) (-1)
+#define tdb_spinunlock(tdb, list, rw_type) (-1)
+#else
+int tdb_spinlock(TDB_CONTEXT *tdb, int list, int rw_type);
+int tdb_spinunlock(TDB_CONTEXT *tdb, int list, int rw_type);
+int tdb_create_rwlocks(int fd, unsigned int hash_size);
+#endif
+int tdb_clear_spinlocks(TDB_CONTEXT *tdb);
+#endif
+
+#endif
diff --git a/source3/tdb/tdb.c b/source3/tdb/tdb.c
new file mode 100644
index 0000000000..98caca82a1
--- /dev/null
+++ b/source3/tdb/tdb.c
@@ -0,0 +1,1807 @@
+ /* 
+   Unix SMB/CIFS implementation.
+   Samba database functions
+   Copyright (C) Andrew Tridgell              1999-2000
+   Copyright (C) Luke Kenneth Casson Leighton      2000
+   Copyright (C) Paul `Rusty' Russell		   2000
+   Copyright (C) Jeremy Allison			   2000
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+#ifdef STANDALONE
+#if HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <string.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <sys/mman.h>
+#include <sys/stat.h>
+#include "tdb.h"
+#include "spinlock.h"
+#else
+#include "includes.h"
+#endif
+
+#define TDB_MAGIC_FOOD "TDB file\n"
+#define TDB_VERSION (0x26011967 + 6)
+#define TDB_MAGIC (0x26011999U)
+#define TDB_FREE_MAGIC (~TDB_MAGIC)
+#define TDB_DEAD_MAGIC (0xFEE1DEAD)
+#define TDB_ALIGNMENT 4
+#define MIN_REC_SIZE (2*sizeof(struct list_struct) + TDB_ALIGNMENT)
+#define DEFAULT_HASH_SIZE 131
+#define TDB_PAGE_SIZE 0x2000
+#define FREELIST_TOP (sizeof(struct tdb_header))
+#define TDB_ALIGN(x,a) (((x) + (a)-1) & ~((a)-1))
+#define TDB_BYTEREV(x) (((((x)&0xff)<<24)|((x)&0xFF00)<<8)|(((x)>>8)&0xFF00)|((x)>>24))
+#define TDB_DEAD(r) ((r)->magic == TDB_DEAD_MAGIC)
+#define TDB_BAD_MAGIC(r) ((r)->magic != TDB_MAGIC && !TDB_DEAD(r))
+#define TDB_HASH_TOP(hash) (FREELIST_TOP + (BUCKET(hash)+1)*sizeof(tdb_off))
+
+/* NB assumes there is a local variable called "tdb" that is the
+ * current context, also takes doubly-parenthesized print-style
+ * argument. */
+#define TDB_LOG(x) (tdb->log_fn?((tdb->log_fn x),0) : 0)
+
+/* lock offsets */
+#define GLOBAL_LOCK 0
+#define ACTIVE_LOCK 4
+
+#ifndef MAP_FILE
+#define MAP_FILE 0
+#endif
+
+#ifndef MAP_FAILED
+#define MAP_FAILED ((void *)-1)
+#endif
+
+/* free memory if the pointer is valid and zero the pointer */
+#ifndef SAFE_FREE
+#define SAFE_FREE(x) do { if ((x) != NULL) {free((x)); (x)=NULL;} } while(0)
+#endif
+
+#define BUCKET(hash) ((hash) % tdb->header.hash_size)
+TDB_DATA tdb_null;
+
+/* all contexts, to ensure no double-opens (fcntl locks don't nest!) */
+static TDB_CONTEXT *tdbs = NULL;
+
+static int tdb_munmap(TDB_CONTEXT *tdb)
+{
+	if (tdb->flags & TDB_INTERNAL)
+		return 0;
+
+#ifdef HAVE_MMAP
+	if (tdb->map_ptr) {
+		int ret = munmap(tdb->map_ptr, tdb->map_size);
+		if (ret != 0)
+			return ret;
+	}
+#endif
+	tdb->map_ptr = NULL;
+	return 0;
+}
+
+static void tdb_mmap(TDB_CONTEXT *tdb)
+{
+	if (tdb->flags & TDB_INTERNAL)
+		return;
+
+#ifdef HAVE_MMAP
+	if (!(tdb->flags & TDB_NOMMAP)) {
+		tdb->map_ptr = mmap(NULL, tdb->map_size, 
+				    PROT_READ|(tdb->read_only? 0:PROT_WRITE), 
+				    MAP_SHARED|MAP_FILE, tdb->fd, 0);
+
+		/*
+		 * NB. When mmap fails it returns MAP_FAILED *NOT* NULL !!!!
+		 */
+
+		if (tdb->map_ptr == MAP_FAILED) {
+			tdb->map_ptr = NULL;
+			TDB_LOG((tdb, 2, "tdb_mmap failed for size %d (%s)\n", 
+				 tdb->map_size, strerror(errno)));
+		}
+	} else {
+		tdb->map_ptr = NULL;
+	}
+#else
+	tdb->map_ptr = NULL;
+#endif
+}
+
+/* Endian conversion: we only ever deal with 4 byte quantities */
+static void *convert(void *buf, u32 size)
+{
+	u32 i, *p = buf;
+	for (i = 0; i < size / 4; i++)
+		p[i] = TDB_BYTEREV(p[i]);
+	return buf;
+}
+#define DOCONV() (tdb->flags & TDB_CONVERT)
+#define CONVERT(x) (DOCONV() ? convert(&x, sizeof(x)) : &x)
+
+/* the body of the database is made of one list_struct for the free space
+   plus a separate data list for each hash value */
+struct list_struct {
+	tdb_off next; /* offset of the next record in the list */
+	tdb_len rec_len; /* total byte length of record */
+	tdb_len key_len; /* byte length of key */
+	tdb_len data_len; /* byte length of data */
+	u32 full_hash; /* the full 32 bit hash of the key */
+	u32 magic;   /* try to catch errors */
+	/* the following union is implied:
+		union {
+			char record[rec_len];
+			struct {
+				char key[key_len];
+				char data[data_len];
+			}
+			u32 totalsize; (tailer)
+		}
+	*/
+};
+
+/* a byte range locking function - return 0 on success
+   this functions locks/unlocks 1 byte at the specified offset.
+
+   On error, errno is also set so that errors are passed back properly
+   through tdb_open(). */
+static int tdb_brlock(TDB_CONTEXT *tdb, tdb_off offset, 
+		      int rw_type, int lck_type, int probe)
+{
+	struct flock fl;
+
+	if (tdb->flags & TDB_NOLOCK)
+		return 0;
+	if (tdb->read_only) {
+		errno = EACCES;
+		return -1;
+	}
+
+	fl.l_type = rw_type;
+	fl.l_whence = SEEK_SET;
+	fl.l_start = offset;
+	fl.l_len = 1;
+	fl.l_pid = 0;
+
+	if (fcntl(tdb->fd,lck_type,&fl) == -1) {
+		if (!probe) {
+			TDB_LOG((tdb, 5,"tdb_brlock failed (fd=%d) at offset %d rw_type=%d lck_type=%d\n", 
+				 tdb->fd, offset, rw_type, lck_type));
+		}
+		/* errno set by fcntl */
+		return TDB_ERRCODE(TDB_ERR_LOCK, -1);
+	}
+	return 0;
+}
+
+/* lock a list in the database. list -1 is the alloc list */
+static int tdb_lock(TDB_CONTEXT *tdb, int list, int ltype)
+{
+	if (list < -1 || list >= (int)tdb->header.hash_size) {
+		TDB_LOG((tdb, 0,"tdb_lock: invalid list %d for ltype=%d\n", 
+			   list, ltype));
+		return -1;
+	}
+	if (tdb->flags & TDB_NOLOCK)
+		return 0;
+
+	/* Since fcntl locks don't nest, we do a lock for the first one,
+	   and simply bump the count for future ones */
+	if (tdb->locked[list+1].count == 0) {
+		if (!tdb->read_only && tdb->header.rwlocks) {
+			if (tdb_spinlock(tdb, list, ltype)) {
+				TDB_LOG((tdb, 0, "tdb_lock spinlock failed on list ltype=%d\n", 
+					   list, ltype));
+				return -1;
+			}
+		} else if (tdb_brlock(tdb,FREELIST_TOP+4*list,ltype,F_SETLKW, 0)) {
+			TDB_LOG((tdb, 0,"tdb_lock failed on list %d ltype=%d (%s)\n", 
+					   list, ltype, strerror(errno)));
+			return -1;
+		}
+		tdb->locked[list+1].ltype = ltype;
+	}
+	tdb->locked[list+1].count++;
+	return 0;
+}
+
+/* unlock the database: returns void because it's too late for errors. */
+	/* changed to return int it may be interesting to know there
+	   has been an error  --simo */
+static int tdb_unlock(TDB_CONTEXT *tdb, int list, int ltype)
+{
+	int ret = -1;
+
+	if (tdb->flags & TDB_NOLOCK)
+		return 0;
+
+	/* Sanity checks */
+	if (list < -1 || list >= (int)tdb->header.hash_size) {
+		TDB_LOG((tdb, 0, "tdb_unlock: list %d invalid (%d)\n", list, tdb->header.hash_size));
+		return ret;
+	}
+
+	if (tdb->locked[list+1].count==0) {
+		TDB_LOG((tdb, 0, "tdb_unlock: count is 0\n"));
+		return ret;
+	}
+
+	if (tdb->locked[list+1].count == 1) {
+		/* Down to last nested lock: unlock underneath */
+		if (!tdb->read_only && tdb->header.rwlocks) {
+			ret = tdb_spinunlock(tdb, list, ltype);
+		} else {
+			ret = tdb_brlock(tdb, FREELIST_TOP+4*list, F_UNLCK, F_SETLKW, 0);
+		}
+	} else {
+		ret = 0;
+	}
+	tdb->locked[list+1].count--;
+
+	if (ret)
+		TDB_LOG((tdb, 0,"tdb_unlock: An error occurred unlocking!\n")); 
+	return ret;
+}
+
+/* This is based on the hash algorithm from gdbm */
+static u32 tdb_hash(TDB_DATA *key)
+{
+	u32 value;	/* Used to compute the hash value.  */
+	u32   i;	/* Used to cycle through random values. */
+
+	/* Set the initial value from the key size. */
+	for (value = 0x238F13AF * key->dsize, i=0; i < key->dsize; i++)
+		value = (value + (key->dptr[i] << (i*5 % 24)));
+
+	return (1103515243 * value + 12345);  
+}
+
+/* check for an out of bounds access - if it is out of bounds then
+   see if the database has been expanded by someone else and expand
+   if necessary 
+   note that "len" is the minimum length needed for the db
+*/
+static int tdb_oob(TDB_CONTEXT *tdb, tdb_off len, int probe)
+{
+	struct stat st;
+	if (len <= tdb->map_size)
+		return 0;
+	if (tdb->flags & TDB_INTERNAL) {
+		if (!probe) {
+			TDB_LOG((tdb, 0,"tdb_oob len %d beyond internal malloc size %d\n",
+				 (int)len, (int)tdb->map_size));
+		}
+		return TDB_ERRCODE(TDB_ERR_IO, -1);
+	}
+
+	if (fstat(tdb->fd, &st) == -1)
+		return TDB_ERRCODE(TDB_ERR_IO, -1);
+
+	if (st.st_size < (size_t)len) {
+		if (!probe) {
+			TDB_LOG((tdb, 0,"tdb_oob len %d beyond eof at %d\n",
+				 (int)len, (int)st.st_size));
+		}
+		return TDB_ERRCODE(TDB_ERR_IO, -1);
+	}
+
+	/* Unmap, update size, remap */
+	if (tdb_munmap(tdb) == -1)
+		return TDB_ERRCODE(TDB_ERR_IO, -1);
+	tdb->map_size = st.st_size;
+	tdb_mmap(tdb);
+	return 0;
+}
+
+/* write a lump of data at a specified offset */
+static int tdb_write(TDB_CONTEXT *tdb, tdb_off off, void *buf, tdb_len len)
+{
+	if (tdb_oob(tdb, off + len, 0) != 0)
+		return -1;
+
+	if (tdb->map_ptr)
+		memcpy(off + (char *)tdb->map_ptr, buf, len);
+#ifdef HAVE_PWRITE
+	else if (pwrite(tdb->fd, buf, len, off) != (ssize_t)len) {
+#else
+	else if (lseek(tdb->fd, off, SEEK_SET) != off
+		 || write(tdb->fd, buf, len) != (ssize_t)len) {
+#endif
+		TDB_LOG((tdb, 0,"tdb_write failed at %d len=%d (%s)\n",
+			   off, len, strerror(errno)));
+		return TDB_ERRCODE(TDB_ERR_IO, -1);
+	}
+	return 0;
+}
+
+/* read a lump of data at a specified offset, maybe convert */
+static int tdb_read(TDB_CONTEXT *tdb,tdb_off off,void *buf,tdb_len len,int cv)
+{
+	if (tdb_oob(tdb, off + len, 0) != 0)
+		return -1;
+
+	if (tdb->map_ptr)
+		memcpy(buf, off + (char *)tdb->map_ptr, len);
+#ifdef HAVE_PREAD
+	else if (pread(tdb->fd, buf, len, off) != (ssize_t)len) {
+#else
+	else if (lseek(tdb->fd, off, SEEK_SET) != off
+		 || read(tdb->fd, buf, len) != (ssize_t)len) {
+#endif
+		TDB_LOG((tdb, 0,"tdb_read failed at %d len=%d (%s)\n",
+			   off, len, strerror(errno)));
+		return TDB_ERRCODE(TDB_ERR_IO, -1);
+	}
+	if (cv)
+		convert(buf, len);
+	return 0;
+}
+
+/* read a lump of data, allocating the space for it */
+static char *tdb_alloc_read(TDB_CONTEXT *tdb, tdb_off offset, tdb_len len)
+{
+	char *buf;
+
+	if (!(buf = malloc(len))) {
+		TDB_LOG((tdb, 0,"tdb_alloc_read malloc failed len=%d (%s)\n",
+			   len, strerror(errno)));
+		return TDB_ERRCODE(TDB_ERR_OOM, buf);
+	}
+	if (tdb_read(tdb, offset, buf, len, 0) == -1) {
+		SAFE_FREE(buf);
+		return NULL;
+	}
+	return buf;
+}
+
+/* read/write a tdb_off */
+static int ofs_read(TDB_CONTEXT *tdb, tdb_off offset, tdb_off *d)
+{
+	return tdb_read(tdb, offset, (char*)d, sizeof(*d), DOCONV());
+}
+static int ofs_write(TDB_CONTEXT *tdb, tdb_off offset, tdb_off *d)
+{
+	tdb_off off = *d;
+	return tdb_write(tdb, offset, CONVERT(off), sizeof(*d));
+}
+
+/* read/write a record */
+static int rec_read(TDB_CONTEXT *tdb, tdb_off offset, struct list_struct *rec)
+{
+	if (tdb_read(tdb, offset, rec, sizeof(*rec),DOCONV()) == -1)
+		return -1;
+	if (TDB_BAD_MAGIC(rec)) {
+		TDB_LOG((tdb, 0,"rec_read bad magic 0x%x at offset=%d\n", rec->magic, offset));
+		return TDB_ERRCODE(TDB_ERR_CORRUPT, -1);
+	}
+	return tdb_oob(tdb, rec->next+sizeof(*rec), 0);
+}
+static int rec_write(TDB_CONTEXT *tdb, tdb_off offset, struct list_struct *rec)
+{
+	struct list_struct r = *rec;
+	return tdb_write(tdb, offset, CONVERT(r), sizeof(r));
+}
+
+/* read a freelist record and check for simple errors */
+static int rec_free_read(TDB_CONTEXT *tdb, tdb_off off, struct list_struct *rec)
+{
+	if (tdb_read(tdb, off, rec, sizeof(*rec),DOCONV()) == -1)
+		return -1;
+	if (rec->magic != TDB_FREE_MAGIC) {
+		TDB_LOG((tdb, 0,"rec_free_read bad magic 0x%x at offset=%d\n", 
+			   rec->magic, off));
+		return TDB_ERRCODE(TDB_ERR_CORRUPT, -1);
+	}
+	if (tdb_oob(tdb, rec->next+sizeof(*rec), 0) != 0)
+		return -1;
+	return 0;
+}
+
+/* update a record tailer (must hold allocation lock) */
+static int update_tailer(TDB_CONTEXT *tdb, tdb_off offset,
+			 const struct list_struct *rec)
+{
+	tdb_off totalsize;
+
+	/* Offset of tailer from record header */
+	totalsize = sizeof(*rec) + rec->rec_len;
+	return ofs_write(tdb, offset + totalsize - sizeof(tdb_off),
+			 &totalsize);
+}
+
+static tdb_off tdb_dump_record(TDB_CONTEXT *tdb, tdb_off offset)
+{
+	struct list_struct rec;
+	tdb_off tailer_ofs, tailer;
+
+	if (tdb_read(tdb, offset, (char *)&rec, sizeof(rec), DOCONV()) == -1) {
+		printf("ERROR: failed to read record at %u\n", offset);
+		return 0;
+	}
+
+	printf(" rec: offset=%u next=%d rec_len=%d key_len=%d data_len=%d full_hash=0x%x magic=0x%x\n",
+	       offset, rec.next, rec.rec_len, rec.key_len, rec.data_len, rec.full_hash, rec.magic);
+
+	tailer_ofs = offset + sizeof(rec) + rec.rec_len - sizeof(tdb_off);
+	if (ofs_read(tdb, tailer_ofs, &tailer) == -1) {
+		printf("ERROR: failed to read tailer at %u\n", tailer_ofs);
+		return rec.next;
+	}
+
+	if (tailer != rec.rec_len + sizeof(rec)) {
+		printf("ERROR: tailer does not match record! tailer=%u totalsize=%u\n",
+				(unsigned)tailer, (unsigned)(rec.rec_len + sizeof(rec)));
+	}
+	return rec.next;
+}
+
+static int tdb_dump_chain(TDB_CONTEXT *tdb, int i)
+{
+	tdb_off rec_ptr, top;
+
+	top = TDB_HASH_TOP(i);
+
+	if (tdb_lock(tdb, i, F_WRLCK) != 0)
+		return -1;
+
+	if (ofs_read(tdb, top, &rec_ptr) == -1)
+		return tdb_unlock(tdb, i, F_WRLCK);
+
+	if (rec_ptr)
+		printf("hash=%d\n", i);
+
+	while (rec_ptr) {
+		rec_ptr = tdb_dump_record(tdb, rec_ptr);
+	}
+
+	return tdb_unlock(tdb, i, F_WRLCK);
+}
+
+void tdb_dump_all(TDB_CONTEXT *tdb)
+{
+	int i;
+	for (i=0;i<tdb->header.hash_size;i++) {
+		tdb_dump_chain(tdb, i);
+	}
+	printf("freelist:\n");
+	tdb_dump_chain(tdb, -1);
+}
+
+int tdb_printfreelist(TDB_CONTEXT *tdb)
+{
+	int ret;
+	long total_free = 0;
+	tdb_off offset, rec_ptr;
+	struct list_struct rec;
+
+	if ((ret = tdb_lock(tdb, -1, F_WRLCK)) != 0)
+		return ret;
+
+	offset = FREELIST_TOP;
+
+	/* read in the freelist top */
+	if (ofs_read(tdb, offset, &rec_ptr) == -1) {
+		return 0;
+	}
+
+	printf("freelist top=[0x%08x]\n", rec_ptr );
+	while (rec_ptr) {
+		if (tdb_read(tdb, rec_ptr, (char *)&rec, sizeof(rec), DOCONV()) == -1) {
+			return -1;
+		}
+
+		if (rec.magic != TDB_FREE_MAGIC) {
+			printf("bad magic 0x%08x in free list\n", rec.magic);
+			return -1;
+		}
+
+		printf("entry offset=[0x%08x], rec.rec_len = [0x%08x (%d)]\n", rec.next, rec.rec_len, rec.rec_len );
+		total_free += rec.rec_len;
+
+		/* move to the next record */
+		rec_ptr = rec.next;
+	}
+	printf("total rec_len = [0x%08x (%d)]\n", (int)total_free, 
+               (int)total_free);
+
+	return tdb_unlock(tdb, -1, F_WRLCK);
+}
+
+/* Remove an element from the freelist.  Must have alloc lock. */
+static int remove_from_freelist(TDB_CONTEXT *tdb, tdb_off off, tdb_off next)
+{
+	tdb_off last_ptr, i;
+
+	/* read in the freelist top */
+	last_ptr = FREELIST_TOP;
+	while (ofs_read(tdb, last_ptr, &i) != -1 && i != 0) {
+		if (i == off) {
+			/* We've found it! */
+			return ofs_write(tdb, last_ptr, &next);
+		}
+		/* Follow chain (next offset is at start of record) */
+		last_ptr = i;
+	}
+	TDB_LOG((tdb, 0,"remove_from_freelist: not on list at off=%d\n", off));
+	return TDB_ERRCODE(TDB_ERR_CORRUPT, -1);
+}
+
+/* Add an element into the freelist. Merge adjacent records if
+   neccessary. */
+static int tdb_free(TDB_CONTEXT *tdb, tdb_off offset, struct list_struct *rec)
+{
+	tdb_off right, left;
+
+	/* Allocation and tailer lock */
+	if (tdb_lock(tdb, -1, F_WRLCK) != 0)
+		return -1;
+
+	/* set an initial tailer, so if we fail we don't leave a bogus record */
+	if (update_tailer(tdb, offset, rec) != 0) {
+		TDB_LOG((tdb, 0, "tdb_free: upfate_tailer failed!\n"));
+		goto fail;
+	}
+
+	/* Look right first (I'm an Australian, dammit) */
+	right = offset + sizeof(*rec) + rec->rec_len;
+	if (right + sizeof(*rec) <= tdb->map_size) {
+		struct list_struct r;
+
+		if (tdb_read(tdb, right, &r, sizeof(r), DOCONV()) == -1) {
+			TDB_LOG((tdb, 0, "tdb_free: right read failed at %u\n", right));
+			goto left;
+		}
+
+		/* If it's free, expand to include it. */
+		if (r.magic == TDB_FREE_MAGIC) {
+			if (remove_from_freelist(tdb, right, r.next) == -1) {
+				TDB_LOG((tdb, 0, "tdb_free: right free failed at %u\n", right));
+				goto left;
+			}
+			rec->rec_len += sizeof(r) + r.rec_len;
+		}
+	}
+
+left:
+	/* Look left */
+	left = offset - sizeof(tdb_off);
+	if (left > TDB_HASH_TOP(tdb->header.hash_size-1)) {
+		struct list_struct l;
+		tdb_off leftsize;
+
+		/* Read in tailer and jump back to header */
+		if (ofs_read(tdb, left, &leftsize) == -1) {
+			TDB_LOG((tdb, 0, "tdb_free: left offset read failed at %u\n", left));
+			goto update;
+		}
+		left = offset - leftsize;
+
+		/* Now read in record */
+		if (tdb_read(tdb, left, &l, sizeof(l), DOCONV()) == -1) {
+			TDB_LOG((tdb, 0, "tdb_free: left read failed at %u (%u)\n", left, leftsize));
+			goto update;
+		}
+
+		/* If it's free, expand to include it. */
+		if (l.magic == TDB_FREE_MAGIC) {
+			if (remove_from_freelist(tdb, left, l.next) == -1) {
+				TDB_LOG((tdb, 0, "tdb_free: left free failed at %u\n", left));
+				goto update;
+			} else {
+				offset = left;
+				rec->rec_len += leftsize;
+			}
+		}
+	}
+
+update:
+	if (update_tailer(tdb, offset, rec) == -1) {
+		TDB_LOG((tdb, 0, "tdb_free: update_tailer failed at %u\n", offset));
+		goto fail;
+	}
+
+	/* Now, prepend to free list */
+	rec->magic = TDB_FREE_MAGIC;
+
+	if (ofs_read(tdb, FREELIST_TOP, &rec->next) == -1 ||
+	    rec_write(tdb, offset, rec) == -1 ||
+	    ofs_write(tdb, FREELIST_TOP, &offset) == -1) {
+		TDB_LOG((tdb, 0, "tdb_free record write failed at offset=%d\n", offset));
+		goto fail;
+	}
+
+	/* And we're done. */
+	tdb_unlock(tdb, -1, F_WRLCK);
+	return 0;
+
+ fail:
+	tdb_unlock(tdb, -1, F_WRLCK);
+	return -1;
+}
+
+
+/* expand a file.  we prefer to use ftruncate, as that is what posix
+  says to use for mmap expansion */
+static int expand_file(TDB_CONTEXT *tdb, tdb_off size, tdb_off addition)
+{
+	char buf[1024];
+#if HAVE_FTRUNCATE_EXTEND
+	if (ftruncate(tdb->fd, size+addition) != 0) {
+		TDB_LOG((tdb, 0, "expand_file ftruncate to %d failed (%s)\n", 
+			   size+addition, strerror(errno)));
+		return -1;
+	}
+#else
+	char b = 0;
+
+#ifdef HAVE_PWRITE
+	if (pwrite(tdb->fd,  &b, 1, (size+addition) - 1) != 1) {
+#else
+	if (lseek(tdb->fd, (size+addition) - 1, SEEK_SET) != (size+addition) - 1 || 
+	    write(tdb->fd, &b, 1) != 1) {
+#endif
+		TDB_LOG((tdb, 0, "expand_file to %d failed (%s)\n", 
+			   size+addition, strerror(errno)));
+		return -1;
+	}
+#endif
+
+	/* now fill the file with something. This ensures that the file isn't sparse, which would be
+	   very bad if we ran out of disk. This must be done with write, not via mmap */
+	memset(buf, 0x42, sizeof(buf));
+	while (addition) {
+		int n = addition>sizeof(buf)?sizeof(buf):addition;
+#ifdef HAVE_PWRITE
+		int ret = pwrite(tdb->fd, buf, n, size);
+#else
+		int ret;
+		if (lseek(tdb->fd, size, SEEK_SET) != size)
+			return -1;
+		ret = write(tdb->fd, buf, n);
+#endif
+		if (ret != n) {
+			TDB_LOG((tdb, 0, "expand_file write of %d failed (%s)\n", 
+				   n, strerror(errno)));
+			return -1;
+		}
+		addition -= n;
+		size += n;
+	}
+	return 0;
+}
+
+
+/* expand the database at least size bytes by expanding the underlying
+   file and doing the mmap again if necessary */
+static int tdb_expand(TDB_CONTEXT *tdb, tdb_off size)
+{
+	struct list_struct rec;
+	tdb_off offset;
+
+	if (tdb_lock(tdb, -1, F_WRLCK) == -1) {
+		TDB_LOG((tdb, 0, "lock failed in tdb_expand\n"));
+		return -1;
+	}
+
+	/* must know about any previous expansions by another process */
+	tdb_oob(tdb, tdb->map_size + 1, 1);
+
+	/* always make room for at least 10 more records, and round
+           the database up to a multiple of TDB_PAGE_SIZE */
+	size = TDB_ALIGN(tdb->map_size + size*10, TDB_PAGE_SIZE) - tdb->map_size;
+
+	if (!(tdb->flags & TDB_INTERNAL))
+		tdb_munmap(tdb);
+
+	/*
+	 * We must ensure the file is unmapped before doing this
+	 * to ensure consistency with systems like OpenBSD where
+	 * writes and mmaps are not consistent.
+	 */
+
+	/* expand the file itself */
+	if (!(tdb->flags & TDB_INTERNAL)) {
+		if (expand_file(tdb, tdb->map_size, size) != 0)
+			goto fail;
+	}
+
+	tdb->map_size += size;
+
+	if (tdb->flags & TDB_INTERNAL)
+		tdb->map_ptr = realloc(tdb->map_ptr, tdb->map_size);
+	else {
+		/*
+		 * We must ensure the file is remapped before adding the space
+		 * to ensure consistency with systems like OpenBSD where
+		 * writes and mmaps are not consistent.
+		 */
+
+		/* We're ok if the mmap fails as we'll fallback to read/write */
+		tdb_mmap(tdb);
+	}
+
+	/* form a new freelist record */
+	memset(&rec,'\0',sizeof(rec));
+	rec.rec_len = size - sizeof(rec);
+
+	/* link it into the free list */
+	offset = tdb->map_size - size;
+	if (tdb_free(tdb, offset, &rec) == -1)
+		goto fail;
+
+	tdb_unlock(tdb, -1, F_WRLCK);
+	return 0;
+ fail:
+	tdb_unlock(tdb, -1, F_WRLCK);
+	return -1;
+}
+
+/* allocate some space from the free list. The offset returned points
+   to a unconnected list_struct within the database with room for at
+   least length bytes of total data
+
+   0 is returned if the space could not be allocated
+ */
+static tdb_off tdb_allocate(TDB_CONTEXT *tdb, tdb_len length,
+			    struct list_struct *rec)
+{
+	tdb_off rec_ptr, last_ptr, newrec_ptr;
+	struct list_struct newrec;
+
+	if (tdb_lock(tdb, -1, F_WRLCK) == -1)
+		return 0;
+
+	/* Extra bytes required for tailer */
+	length += sizeof(tdb_off);
+
+ again:
+	last_ptr = FREELIST_TOP;
+
+	/* read in the freelist top */
+	if (ofs_read(tdb, FREELIST_TOP, &rec_ptr) == -1)
+		goto fail;
+
+	/* keep looking until we find a freelist record big enough */
+	while (rec_ptr) {
+		if (rec_free_read(tdb, rec_ptr, rec) == -1)
+			goto fail;
+
+		if (rec->rec_len >= length) {
+			/* found it - now possibly split it up  */
+			if (rec->rec_len > length + MIN_REC_SIZE) {
+				/* Length of left piece */
+				length = TDB_ALIGN(length, TDB_ALIGNMENT);
+
+				/* Right piece to go on free list */
+				newrec.rec_len = rec->rec_len
+					- (sizeof(*rec) + length);
+				newrec_ptr = rec_ptr + sizeof(*rec) + length;
+
+				/* And left record is shortened */
+				rec->rec_len = length;
+			} else
+				newrec_ptr = 0;
+
+			/* Remove allocated record from the free list */
+			if (ofs_write(tdb, last_ptr, &rec->next) == -1)
+				goto fail;
+
+			/* Update header: do this before we drop alloc
+                           lock, otherwise tdb_free() might try to
+                           merge with us, thinking we're free.
+                           (Thanks Jeremy Allison). */
+			rec->magic = TDB_MAGIC;
+			if (rec_write(tdb, rec_ptr, rec) == -1)
+				goto fail;
+
+			/* Did we create new block? */
+			if (newrec_ptr) {
+				/* Update allocated record tailer (we
+                                   shortened it). */
+				if (update_tailer(tdb, rec_ptr, rec) == -1)
+					goto fail;
+
+				/* Free new record */
+				if (tdb_free(tdb, newrec_ptr, &newrec) == -1)
+					goto fail;
+			}
+
+			/* all done - return the new record offset */
+			tdb_unlock(tdb, -1, F_WRLCK);
+			return rec_ptr;
+		}
+		/* move to the next record */
+		last_ptr = rec_ptr;
+		rec_ptr = rec->next;
+	}
+	/* we didn't find enough space. See if we can expand the
+	   database and if we can then try again */
+	if (tdb_expand(tdb, length + sizeof(*rec)) == 0)
+		goto again;
+ fail:
+	tdb_unlock(tdb, -1, F_WRLCK);
+	return 0;
+}
+
+/* initialise a new database with a specified hash size */
+static int tdb_new_database(TDB_CONTEXT *tdb, int hash_size)
+{
+	struct tdb_header *newdb;
+	int size, ret = -1;
+
+	/* We make it up in memory, then write it out if not internal */
+	size = sizeof(struct tdb_header) + (hash_size+1)*sizeof(tdb_off);
+	if (!(newdb = calloc(size, 1)))
+		return TDB_ERRCODE(TDB_ERR_OOM, -1);
+
+	/* Fill in the header */
+	newdb->version = TDB_VERSION;
+	newdb->hash_size = hash_size;
+#ifdef USE_SPINLOCKS
+	newdb->rwlocks = size;
+#endif
+	if (tdb->flags & TDB_INTERNAL) {
+		tdb->map_size = size;
+		tdb->map_ptr = (char *)newdb;
+		memcpy(&tdb->header, newdb, sizeof(tdb->header));
+		/* Convert the `ondisk' version if asked. */
+		CONVERT(*newdb);
+		return 0;
+	}
+	if (lseek(tdb->fd, 0, SEEK_SET) == -1)
+		goto fail;
+
+	if (ftruncate(tdb->fd, 0) == -1)
+		goto fail;
+
+	/* This creates an endian-converted header, as if read from disk */
+	CONVERT(*newdb);
+	memcpy(&tdb->header, newdb, sizeof(tdb->header));
+	/* Don't endian-convert the magic food! */
+	memcpy(newdb->magic_food, TDB_MAGIC_FOOD, strlen(TDB_MAGIC_FOOD)+1);
+	if (write(tdb->fd, newdb, size) != size)
+		ret = -1;
+	else
+		ret = tdb_create_rwlocks(tdb->fd, hash_size);
+
+  fail:
+	SAFE_FREE(newdb);
+	return ret;
+}
+
+/* Returns 0 on fail.  On success, return offset of record, and fills
+   in rec */
+static tdb_off tdb_find(TDB_CONTEXT *tdb, TDB_DATA key, u32 hash,
+			struct list_struct *r)
+{
+	tdb_off rec_ptr;
+	
+	/* read in the hash top */
+	if (ofs_read(tdb, TDB_HASH_TOP(hash), &rec_ptr) == -1)
+		return 0;
+
+	/* keep looking until we find the right record */
+	while (rec_ptr) {
+		if (rec_read(tdb, rec_ptr, r) == -1)
+			return 0;
+
+		if (!TDB_DEAD(r) && hash==r->full_hash && key.dsize==r->key_len) {
+			char *k;
+			/* a very likely hit - read the key */
+			k = tdb_alloc_read(tdb, rec_ptr + sizeof(*r), 
+					   r->key_len);
+			if (!k)
+				return 0;
+
+			if (memcmp(key.dptr, k, key.dsize) == 0) {
+				SAFE_FREE(k);
+				return rec_ptr;
+			}
+			SAFE_FREE(k);
+		}
+		rec_ptr = r->next;
+	}
+	return TDB_ERRCODE(TDB_ERR_NOEXIST, 0);
+}
+
+/* If they do lockkeys, check that this hash is one they locked */
+static int tdb_keylocked(TDB_CONTEXT *tdb, u32 hash)
+{
+	u32 i;
+	if (!tdb->lockedkeys)
+		return 1;
+	for (i = 0; i < tdb->lockedkeys[0]; i++)
+		if (tdb->lockedkeys[i+1] == hash)
+			return 1;
+	return TDB_ERRCODE(TDB_ERR_NOLOCK, 0);
+}
+
+/* As tdb_find, but if you succeed, keep the lock */
+static tdb_off tdb_find_lock(TDB_CONTEXT *tdb, TDB_DATA key, int locktype,
+			     struct list_struct *rec)
+{
+	u32 hash, rec_ptr;
+
+	hash = tdb_hash(&key);
+	if (!tdb_keylocked(tdb, hash))
+		return 0;
+	if (tdb_lock(tdb, BUCKET(hash), locktype) == -1)
+		return 0;
+	if (!(rec_ptr = tdb_find(tdb, key, hash, rec)))
+		tdb_unlock(tdb, BUCKET(hash), locktype);
+	return rec_ptr;
+}
+
+enum TDB_ERROR tdb_error(TDB_CONTEXT *tdb)
+{
+	return tdb->ecode;
+}
+
+static struct tdb_errname {
+	enum TDB_ERROR ecode; const char *estring;
+} emap[] = { {TDB_SUCCESS, "Success"},
+	     {TDB_ERR_CORRUPT, "Corrupt database"},
+	     {TDB_ERR_IO, "IO Error"},
+	     {TDB_ERR_LOCK, "Locking error"},
+	     {TDB_ERR_OOM, "Out of memory"},
+	     {TDB_ERR_EXISTS, "Record exists"},
+	     {TDB_ERR_NOLOCK, "Lock exists on other keys"},
+	     {TDB_ERR_NOEXIST, "Record does not exist"} };
+
+/* Error string for the last tdb error */
+const char *tdb_errorstr(TDB_CONTEXT *tdb)
+{
+	u32 i;
+	for (i = 0; i < sizeof(emap) / sizeof(struct tdb_errname); i++)
+		if (tdb->ecode == emap[i].ecode)
+			return emap[i].estring;
+	return "Invalid error code";
+}
+
+/* update an entry in place - this only works if the new data size
+   is <= the old data size and the key exists.
+   on failure return -1
+*/
+static int tdb_update(TDB_CONTEXT *tdb, TDB_DATA key, TDB_DATA dbuf)
+{
+	struct list_struct rec;
+	tdb_off rec_ptr;
+	int ret = -1;
+
+	/* find entry */
+	if (!(rec_ptr = tdb_find_lock(tdb, key, F_WRLCK, &rec)))
+		return -1;
+
+	/* must be long enough key, data and tailer */
+	if (rec.rec_len < key.dsize + dbuf.dsize + sizeof(tdb_off)) {
+		tdb->ecode = TDB_SUCCESS; /* Not really an error */
+		goto out;
+	}
+
+	if (tdb_write(tdb, rec_ptr + sizeof(rec) + rec.key_len,
+		      dbuf.dptr, dbuf.dsize) == -1)
+		goto out;
+
+	if (dbuf.dsize != rec.data_len) {
+		/* update size */
+		rec.data_len = dbuf.dsize;
+		ret = rec_write(tdb, rec_ptr, &rec);
+	} else
+		ret = 0;
+ out:
+	tdb_unlock(tdb, BUCKET(rec.full_hash), F_WRLCK);
+	return ret;
+}
+
+/* find an entry in the database given a key */
+TDB_DATA tdb_fetch(TDB_CONTEXT *tdb, TDB_DATA key)
+{
+	tdb_off rec_ptr;
+	struct list_struct rec;
+	TDB_DATA ret;
+
+	/* find which hash bucket it is in */
+	if (!(rec_ptr = tdb_find_lock(tdb,key,F_RDLCK,&rec)))
+		return tdb_null;
+
+	ret.dptr = tdb_alloc_read(tdb, rec_ptr + sizeof(rec) + rec.key_len,
+				  rec.data_len);
+	ret.dsize = rec.data_len;
+	tdb_unlock(tdb, BUCKET(rec.full_hash), F_RDLCK);
+	return ret;
+}
+
+/* check if an entry in the database exists 
+
+   note that 1 is returned if the key is found and 0 is returned if not found
+   this doesn't match the conventions in the rest of this module, but is
+   compatible with gdbm
+*/
+int tdb_exists(TDB_CONTEXT *tdb, TDB_DATA key)
+{
+	struct list_struct rec;
+	
+	if (tdb_find_lock(tdb, key, F_RDLCK, &rec) == 0)
+		return 0;
+	tdb_unlock(tdb, BUCKET(rec.full_hash), F_RDLCK);
+	return 1;
+}
+
+/* record lock stops delete underneath */
+static int lock_record(TDB_CONTEXT *tdb, tdb_off off)
+{
+	return off ? tdb_brlock(tdb, off, F_RDLCK, F_SETLKW, 0) : 0;
+}
+/*
+  Write locks override our own fcntl readlocks, so check it here.
+  Note this is meant to be F_SETLK, *not* F_SETLKW, as it's not
+  an error to fail to get the lock here.
+*/
+ 
+static int write_lock_record(TDB_CONTEXT *tdb, tdb_off off)
+{
+	struct tdb_traverse_lock *i;
+	for (i = &tdb->travlocks; i; i = i->next)
+		if (i->off == off)
+			return -1;
+	return tdb_brlock(tdb, off, F_WRLCK, F_SETLK, 1);
+}
+
+/*
+  Note this is meant to be F_SETLK, *not* F_SETLKW, as it's not
+  an error to fail to get the lock here.
+*/
+
+static int write_unlock_record(TDB_CONTEXT *tdb, tdb_off off)
+{
+	return tdb_brlock(tdb, off, F_UNLCK, F_SETLK, 0);
+}
+/* fcntl locks don't stack: avoid unlocking someone else's */
+static int unlock_record(TDB_CONTEXT *tdb, tdb_off off)
+{
+	struct tdb_traverse_lock *i;
+	u32 count = 0;
+
+	if (off == 0)
+		return 0;
+	for (i = &tdb->travlocks; i; i = i->next)
+		if (i->off == off)
+			count++;
+	return (count == 1 ? tdb_brlock(tdb, off, F_UNLCK, F_SETLKW, 0) : 0);
+}
+
+/* actually delete an entry in the database given the offset */
+static int do_delete(TDB_CONTEXT *tdb, tdb_off rec_ptr, struct list_struct*rec)
+{
+	tdb_off last_ptr, i;
+	struct list_struct lastrec;
+
+	if (tdb->read_only) return -1;
+
+	if (write_lock_record(tdb, rec_ptr) == -1) {
+		/* Someone traversing here: mark it as dead */
+		rec->magic = TDB_DEAD_MAGIC;
+		return rec_write(tdb, rec_ptr, rec);
+	}
+	if (write_unlock_record(tdb, rec_ptr) != 0)
+		return -1;
+
+	/* find previous record in hash chain */
+	if (ofs_read(tdb, TDB_HASH_TOP(rec->full_hash), &i) == -1)
+		return -1;
+	for (last_ptr = 0; i != rec_ptr; last_ptr = i, i = lastrec.next)
+		if (rec_read(tdb, i, &lastrec) == -1)
+			return -1;
+
+	/* unlink it: next ptr is at start of record. */
+	if (last_ptr == 0)
+		last_ptr = TDB_HASH_TOP(rec->full_hash);
+	if (ofs_write(tdb, last_ptr, &rec->next) == -1)
+		return -1;
+
+	/* recover the space */
+	if (tdb_free(tdb, rec_ptr, rec) == -1)
+		return -1;
+	return 0;
+}
+
+/* Uses traverse lock: 0 = finish, -1 = error, other = record offset */
+static int tdb_next_lock(TDB_CONTEXT *tdb, struct tdb_traverse_lock *tlock,
+			 struct list_struct *rec)
+{
+	int want_next = (tlock->off != 0);
+
+	/* No traversal allows if you've called tdb_lockkeys() */
+	if (tdb->lockedkeys)
+		return TDB_ERRCODE(TDB_ERR_NOLOCK, -1);
+
+	/* Lock each chain from the start one. */
+	for (; tlock->hash < tdb->header.hash_size; tlock->hash++) {
+		if (tdb_lock(tdb, tlock->hash, F_WRLCK) == -1)
+			return -1;
+
+		/* No previous record?  Start at top of chain. */
+		if (!tlock->off) {
+			if (ofs_read(tdb, TDB_HASH_TOP(tlock->hash),
+				     &tlock->off) == -1)
+				goto fail;
+		} else {
+			/* Otherwise unlock the previous record. */
+			if (unlock_record(tdb, tlock->off) != 0)
+				goto fail;
+		}
+
+		if (want_next) {
+			/* We have offset of old record: grab next */
+			if (rec_read(tdb, tlock->off, rec) == -1)
+				goto fail;
+			tlock->off = rec->next;
+		}
+
+		/* Iterate through chain */
+		while( tlock->off) {
+			tdb_off current;
+			if (rec_read(tdb, tlock->off, rec) == -1)
+				goto fail;
+			if (!TDB_DEAD(rec)) {
+				/* Woohoo: we found one! */
+				if (lock_record(tdb, tlock->off) != 0)
+					goto fail;
+				return tlock->off;
+			}
+			/* Try to clean dead ones from old traverses */
+			current = tlock->off;
+			tlock->off = rec->next;
+			if (do_delete(tdb, current, rec) != 0)
+				goto fail;
+		}
+		tdb_unlock(tdb, tlock->hash, F_WRLCK);
+		want_next = 0;
+	}
+	/* We finished iteration without finding anything */
+	return TDB_ERRCODE(TDB_SUCCESS, 0);
+
+ fail:
+	tlock->off = 0;
+	if (tdb_unlock(tdb, tlock->hash, F_WRLCK) != 0)
+		TDB_LOG((tdb, 0, "tdb_next_lock: On error unlock failed!\n"));
+	return -1;
+}
+
+/* traverse the entire database - calling fn(tdb, key, data) on each element.
+   return -1 on error or the record count traversed
+   if fn is NULL then it is not called
+   a non-zero return value from fn() indicates that the traversal should stop
+  */
+int tdb_traverse(TDB_CONTEXT *tdb, tdb_traverse_func fn, void *state)
+{
+	TDB_DATA key, dbuf;
+	struct list_struct rec;
+	struct tdb_traverse_lock tl = { NULL, 0, 0 };
+	int ret, count = 0;
+
+	/* This was in the initializaton, above, but the IRIX compiler
+	 * did not like it.  crh
+	 */
+	tl.next = tdb->travlocks.next;
+
+	/* fcntl locks don't stack: beware traverse inside traverse */
+	tdb->travlocks.next = &tl;
+
+	/* tdb_next_lock places locks on the record returned, and its chain */
+	while ((ret = tdb_next_lock(tdb, &tl, &rec)) > 0) {
+		count++;
+		/* now read the full record */
+		key.dptr = tdb_alloc_read(tdb, tl.off + sizeof(rec), 
+					  rec.key_len + rec.data_len);
+		if (!key.dptr) {
+			ret = -1;
+			if (tdb_unlock(tdb, tl.hash, F_WRLCK) != 0)
+				goto out;
+			if (unlock_record(tdb, tl.off) != 0)
+				TDB_LOG((tdb, 0, "tdb_traverse: key.dptr == NULL and unlock_record failed!\n"));
+			goto out;
+		}
+		key.dsize = rec.key_len;
+		dbuf.dptr = key.dptr + rec.key_len;
+		dbuf.dsize = rec.data_len;
+
+		/* Drop chain lock, call out */
+		if (tdb_unlock(tdb, tl.hash, F_WRLCK) != 0) {
+			ret = -1;
+			goto out;
+		}
+		if (fn && fn(tdb, key, dbuf, state)) {
+			/* They want us to terminate traversal */
+			ret = count;
+			if (unlock_record(tdb, tl.off) != 0) {
+				TDB_LOG((tdb, 0, "tdb_traverse: unlock_record failed!\n"));;
+				ret = -1;
+			}
+			tdb->travlocks.next = tl.next;
+			SAFE_FREE(key.dptr);
+			return count;
+		}
+		SAFE_FREE(key.dptr);
+	}
+out:
+	tdb->travlocks.next = tl.next;
+	if (ret < 0)
+		return -1;
+	else
+		return count;
+}
+
+/* find the first entry in the database and return its key */
+TDB_DATA tdb_firstkey(TDB_CONTEXT *tdb)
+{
+	TDB_DATA key;
+	struct list_struct rec;
+
+	/* release any old lock */
+	if (unlock_record(tdb, tdb->travlocks.off) != 0)
+		return tdb_null;
+	tdb->travlocks.off = tdb->travlocks.hash = 0;
+
+	if (tdb_next_lock(tdb, &tdb->travlocks, &rec) <= 0)
+		return tdb_null;
+	/* now read the key */
+	key.dsize = rec.key_len;
+	key.dptr =tdb_alloc_read(tdb,tdb->travlocks.off+sizeof(rec),key.dsize);
+	if (tdb_unlock(tdb, BUCKET(tdb->travlocks.hash), F_WRLCK) != 0)
+		TDB_LOG((tdb, 0, "tdb_firstkey: error occurred while tdb_unlocking!\n"));
+	return key;
+}
+
+/* find the next entry in the database, returning its key */
+TDB_DATA tdb_nextkey(TDB_CONTEXT *tdb, TDB_DATA oldkey)
+{
+	u32 oldhash;
+	TDB_DATA key = tdb_null;
+	struct list_struct rec;
+	char *k = NULL;
+
+	/* Is locked key the old key?  If so, traverse will be reliable. */
+	if (tdb->travlocks.off) {
+		if (tdb_lock(tdb,tdb->travlocks.hash,F_WRLCK))
+			return tdb_null;
+		if (rec_read(tdb, tdb->travlocks.off, &rec) == -1
+		    || !(k = tdb_alloc_read(tdb,tdb->travlocks.off+sizeof(rec),
+					    rec.key_len))
+		    || memcmp(k, oldkey.dptr, oldkey.dsize) != 0) {
+			/* No, it wasn't: unlock it and start from scratch */
+			if (unlock_record(tdb, tdb->travlocks.off) != 0)
+				return tdb_null;
+			if (tdb_unlock(tdb, tdb->travlocks.hash, F_WRLCK) != 0)
+				return tdb_null;
+			tdb->travlocks.off = 0;
+		}
+
+		SAFE_FREE(k);
+	}
+
+	if (!tdb->travlocks.off) {
+		/* No previous element: do normal find, and lock record */
+		tdb->travlocks.off = tdb_find_lock(tdb, oldkey, F_WRLCK, &rec);
+		if (!tdb->travlocks.off)
+			return tdb_null;
+		tdb->travlocks.hash = BUCKET(rec.full_hash);
+		if (lock_record(tdb, tdb->travlocks.off) != 0) {
+			TDB_LOG((tdb, 0, "tdb_nextkey: lock_record failed (%s)!\n", strerror(errno)));
+			return tdb_null;
+		}
+	}
+	oldhash = tdb->travlocks.hash;
+
+	/* Grab next record: locks chain and returned record,
+	   unlocks old record */
+	if (tdb_next_lock(tdb, &tdb->travlocks, &rec) > 0) {
+		key.dsize = rec.key_len;
+		key.dptr = tdb_alloc_read(tdb, tdb->travlocks.off+sizeof(rec),
+					  key.dsize);
+		/* Unlock the chain of this new record */
+		if (tdb_unlock(tdb, tdb->travlocks.hash, F_WRLCK) != 0)
+			TDB_LOG((tdb, 0, "tdb_nextkey: WARNING tdb_unlock failed!\n"));
+	}
+	/* Unlock the chain of old record */
+	if (tdb_unlock(tdb, BUCKET(oldhash), F_WRLCK) != 0)
+		TDB_LOG((tdb, 0, "tdb_nextkey: WARNING tdb_unlock failed!\n"));
+	return key;
+}
+
+/* delete an entry in the database given a key */
+int tdb_delete(TDB_CONTEXT *tdb, TDB_DATA key)
+{
+	tdb_off rec_ptr;
+	struct list_struct rec;
+	int ret;
+
+	if (!(rec_ptr = tdb_find_lock(tdb, key, F_WRLCK, &rec)))
+		return -1;
+	ret = do_delete(tdb, rec_ptr, &rec);
+	if (tdb_unlock(tdb, BUCKET(rec.full_hash), F_WRLCK) != 0)
+		TDB_LOG((tdb, 0, "tdb_delete: WARNING tdb_unlock failed!\n"));
+	return ret;
+}
+
+/* store an element in the database, replacing any existing element
+   with the same key 
+
+   return 0 on success, -1 on failure
+*/
+int tdb_store(TDB_CONTEXT *tdb, TDB_DATA key, TDB_DATA dbuf, int flag)
+{
+	struct list_struct rec;
+	u32 hash;
+	tdb_off rec_ptr;
+	char *p = NULL;
+	int ret = 0;
+
+	/* find which hash bucket it is in */
+	hash = tdb_hash(&key);
+	if (!tdb_keylocked(tdb, hash))
+		return -1;
+	if (tdb_lock(tdb, BUCKET(hash), F_WRLCK) == -1)
+		return -1;
+
+	/* check for it existing, on insert. */
+	if (flag == TDB_INSERT) {
+		if (tdb_exists(tdb, key)) {
+			tdb->ecode = TDB_ERR_EXISTS;
+			goto fail;
+		}
+	} else {
+		/* first try in-place update, on modify or replace. */
+		if (tdb_update(tdb, key, dbuf) == 0)
+			goto out;
+		if (flag == TDB_MODIFY && tdb->ecode == TDB_ERR_NOEXIST)
+			goto fail;
+	}
+	/* reset the error code potentially set by the tdb_update() */
+	tdb->ecode = TDB_SUCCESS;
+
+	/* delete any existing record - if it doesn't exist we don't
+           care.  Doing this first reduces fragmentation, and avoids
+           coalescing with `allocated' block before it's updated. */
+	if (flag != TDB_INSERT)
+		tdb_delete(tdb, key);
+
+	/* Copy key+value *before* allocating free space in case malloc
+	   fails and we are left with a dead spot in the tdb. */
+
+	if (!(p = (char *)malloc(key.dsize + dbuf.dsize))) {
+		tdb->ecode = TDB_ERR_OOM;
+		goto fail;
+	}
+
+	memcpy(p, key.dptr, key.dsize);
+	memcpy(p+key.dsize, dbuf.dptr, dbuf.dsize);
+
+	/* now we're into insert / modify / replace of a record which
+	 * we know could not be optimised by an in-place store (for
+	 * various reasons).  */
+	if (!(rec_ptr = tdb_allocate(tdb, key.dsize + dbuf.dsize, &rec)))
+		goto fail;
+
+	/* Read hash top into next ptr */
+	if (ofs_read(tdb, TDB_HASH_TOP(hash), &rec.next) == -1)
+		goto fail;
+
+	rec.key_len = key.dsize;
+	rec.data_len = dbuf.dsize;
+	rec.full_hash = hash;
+	rec.magic = TDB_MAGIC;
+
+	/* write out and point the top of the hash chain at it */
+	if (rec_write(tdb, rec_ptr, &rec) == -1
+	    || tdb_write(tdb, rec_ptr+sizeof(rec), p, key.dsize+dbuf.dsize)==-1
+	    || ofs_write(tdb, TDB_HASH_TOP(hash), &rec_ptr) == -1) {
+		/* Need to tdb_unallocate() here */
+		goto fail;
+	}
+ out:
+	SAFE_FREE(p); 
+	tdb_unlock(tdb, BUCKET(hash), F_WRLCK);
+	return ret;
+fail:
+	ret = -1;
+	goto out;
+}
+
+static int tdb_already_open(dev_t device,
+			    ino_t ino)
+{
+	TDB_CONTEXT *i;
+	
+	for (i = tdbs; i; i = i->next) {
+		if (i->device == device && i->inode == ino) {
+			return 1;
+		}
+	}
+
+	return 0;
+}
+
+/* open the database, creating it if necessary 
+
+   The open_flags and mode are passed straight to the open call on the
+   database file. A flags value of O_WRONLY is invalid. The hash size
+   is advisory, use zero for a default value.
+
+   Return is NULL on error, in which case errno is also set.  Don't 
+   try to call tdb_error or tdb_errname, just do strerror(errno).
+
+   @param name may be NULL for internal databases. */
+TDB_CONTEXT *tdb_open(const char *name, int hash_size, int tdb_flags,
+		      int open_flags, mode_t mode)
+{
+	return tdb_open_ex(name, hash_size, tdb_flags, open_flags, mode, NULL);
+}
+
+
+TDB_CONTEXT *tdb_open_ex(const char *name, int hash_size, int tdb_flags,
+			 int open_flags, mode_t mode,
+			 tdb_log_func log_fn)
+{
+	TDB_CONTEXT *tdb;
+	struct stat st;
+	int rev = 0, locked;
+
+	if (!(tdb = calloc(1, sizeof *tdb))) {
+		/* Can't log this */
+		errno = ENOMEM;
+		goto fail;
+	}
+	tdb->fd = -1;
+	tdb->name = NULL;
+	tdb->map_ptr = NULL;
+	tdb->lockedkeys = NULL;
+	tdb->flags = tdb_flags;
+	tdb->open_flags = open_flags;
+	tdb->log_fn = log_fn;
+	
+	if ((open_flags & O_ACCMODE) == O_WRONLY) {
+		TDB_LOG((tdb, 0, "tdb_open_ex: can't open tdb %s write-only\n",
+			 name));
+		errno = EINVAL;
+		goto fail;
+	}
+	
+	if (hash_size == 0)
+		hash_size = DEFAULT_HASH_SIZE;
+	if ((open_flags & O_ACCMODE) == O_RDONLY) {
+		tdb->read_only = 1;
+		/* read only databases don't do locking or clear if first */
+		tdb->flags |= TDB_NOLOCK;
+		tdb->flags &= ~TDB_CLEAR_IF_FIRST;
+	}
+
+	/* internal databases don't mmap or lock, and start off cleared */
+	if (tdb->flags & TDB_INTERNAL) {
+		tdb->flags |= (TDB_NOLOCK | TDB_NOMMAP);
+		tdb->flags &= ~TDB_CLEAR_IF_FIRST;
+		if (tdb_new_database(tdb, hash_size) != 0) {
+			TDB_LOG((tdb, 0, "tdb_open_ex: tdb_new_database failed!"));
+			goto fail;
+		}
+		goto internal;
+	}
+
+	if ((tdb->fd = open(name, open_flags, mode)) == -1) {
+		TDB_LOG((tdb, 5, "tdb_open_ex: could not open file %s: %s\n",
+			 name, strerror(errno)));
+		goto fail;	/* errno set by open(2) */
+	}
+
+	/* ensure there is only one process initialising at once */
+	if (tdb_brlock(tdb, GLOBAL_LOCK, F_WRLCK, F_SETLKW, 0) == -1) {
+		TDB_LOG((tdb, 0, "tdb_open_ex: failed to get global lock on %s: %s\n",
+			 name, strerror(errno)));
+		goto fail;	/* errno set by tdb_brlock */
+	}
+
+	/* we need to zero database if we are the only one with it open */
+	if ((locked = (tdb_brlock(tdb, ACTIVE_LOCK, F_WRLCK, F_SETLK, 0) == 0))
+	    && (tdb_flags & TDB_CLEAR_IF_FIRST)) {
+		open_flags |= O_CREAT;
+		if (ftruncate(tdb->fd, 0) == -1) {
+			TDB_LOG((tdb, 0, "tdb_open_ex: "
+				 "failed to truncate %s: %s\n",
+				 name, strerror(errno)));
+			goto fail; /* errno set by ftruncate */
+		}
+	}
+
+	if (read(tdb->fd, &tdb->header, sizeof(tdb->header)) != sizeof(tdb->header)
+	    || strcmp(tdb->header.magic_food, TDB_MAGIC_FOOD) != 0
+	    || (tdb->header.version != TDB_VERSION
+		&& !(rev = (tdb->header.version==TDB_BYTEREV(TDB_VERSION))))) {
+		/* its not a valid database - possibly initialise it */
+		if (!(open_flags & O_CREAT) || tdb_new_database(tdb, hash_size) == -1) {
+			errno = EIO; /* ie bad format or something */
+			goto fail;
+		}
+		rev = (tdb->flags & TDB_CONVERT);
+	}
+	if (!rev)
+		tdb->flags &= ~TDB_CONVERT;
+	else {
+		tdb->flags |= TDB_CONVERT;
+		convert(&tdb->header, sizeof(tdb->header));
+	}
+	if (fstat(tdb->fd, &st) == -1)
+		goto fail;
+
+	/* Is it already in the open list?  If so, fail. */
+	if (tdb_already_open(st.st_dev, st.st_ino)) {
+		TDB_LOG((tdb, 2, "tdb_open_ex: "
+			 "%s (%d,%d) is already open in this process\n",
+			 name, st.st_dev, st.st_ino));
+		errno = EBUSY;
+		goto fail;
+	}
+
+	if (!(tdb->name = (char *)strdup(name))) {
+		errno = ENOMEM;
+		goto fail;
+	}
+
+	tdb->map_size = st.st_size;
+	tdb->device = st.st_dev;
+	tdb->inode = st.st_ino;
+	tdb->locked = calloc(tdb->header.hash_size+1, sizeof(tdb->locked[0]));
+	if (!tdb->locked) {
+		TDB_LOG((tdb, 2, "tdb_open_ex: "
+			 "failed to allocate lock structure for %s\n",
+			 name));
+		errno = ENOMEM;
+		goto fail;
+	}
+	tdb_mmap(tdb);
+	if (locked) {
+		if (!tdb->read_only)
+			if (tdb_clear_spinlocks(tdb) != 0) {
+				TDB_LOG((tdb, 0, "tdb_open_ex: "
+				"failed to clear spinlock\n"));
+				goto fail;
+			}
+		if (tdb_brlock(tdb, ACTIVE_LOCK, F_UNLCK, F_SETLK, 0) == -1) {
+			TDB_LOG((tdb, 0, "tdb_open_ex: "
+				 "failed to take ACTIVE_LOCK on %s: %s\n",
+				 name, strerror(errno)));
+			goto fail;
+		}
+	}
+	/* leave this lock in place to indicate it's in use */
+	if (tdb_brlock(tdb, ACTIVE_LOCK, F_RDLCK, F_SETLKW, 0) == -1)
+		goto fail;
+
+ internal:
+	/* Internal (memory-only) databases skip all the code above to
+	 * do with disk files, and resume here by releasing their
+	 * global lock and hooking into the active list. */
+	if (tdb_brlock(tdb, GLOBAL_LOCK, F_UNLCK, F_SETLKW, 0) == -1)
+		goto fail;
+	tdb->next = tdbs;
+	tdbs = tdb;
+	return tdb;
+
+ fail:
+	{ int save_errno = errno;
+
+	if (!tdb)
+		return NULL;
+	
+	if (tdb->map_ptr) {
+		if (tdb->flags & TDB_INTERNAL)
+			SAFE_FREE(tdb->map_ptr);
+		else
+			tdb_munmap(tdb);
+	}
+	SAFE_FREE(tdb->name);
+	if (tdb->fd != -1)
+		if (close(tdb->fd) != 0)
+			TDB_LOG((tdb, 5, "tdb_open_ex: failed to close tdb->fd on error!\n"));
+	SAFE_FREE(tdb->locked);
+	SAFE_FREE(tdb);
+	errno = save_errno;
+	return NULL;
+	}
+}
+
+/* close a database */
+int tdb_close(TDB_CONTEXT *tdb)
+{
+	TDB_CONTEXT **i;
+	int ret = 0;
+
+	if (tdb->map_ptr) {
+		if (tdb->flags & TDB_INTERNAL)
+			SAFE_FREE(tdb->map_ptr);
+		else
+			tdb_munmap(tdb);
+	}
+	SAFE_FREE(tdb->name);
+	if (tdb->fd != -1)
+		ret = close(tdb->fd);
+	SAFE_FREE(tdb->locked);
+	SAFE_FREE(tdb->lockedkeys);
+
+	/* Remove from contexts list */
+	for (i = &tdbs; *i; i = &(*i)->next) {
+		if (*i == tdb) {
+			*i = tdb->next;
+			break;
+		}
+	}
+
+	memset(tdb, 0, sizeof(*tdb));
+	SAFE_FREE(tdb);
+
+	return ret;
+}
+
+/* lock/unlock entire database */
+int tdb_lockall(TDB_CONTEXT *tdb)
+{
+	u32 i;
+
+	/* There are no locks on read-only dbs */
+	if (tdb->read_only)
+		return TDB_ERRCODE(TDB_ERR_LOCK, -1);
+	if (tdb->lockedkeys)
+		return TDB_ERRCODE(TDB_ERR_NOLOCK, -1);
+	for (i = 0; i < tdb->header.hash_size; i++) 
+		if (tdb_lock(tdb, i, F_WRLCK))
+			break;
+
+	/* If error, release locks we have... */
+	if (i < tdb->header.hash_size) {
+		u32 j;
+
+		for ( j = 0; j < i; j++)
+			tdb_unlock(tdb, j, F_WRLCK);
+		return TDB_ERRCODE(TDB_ERR_NOLOCK, -1);
+	}
+
+	return 0;
+}
+void tdb_unlockall(TDB_CONTEXT *tdb)
+{
+	u32 i;
+	for (i=0; i < tdb->header.hash_size; i++)
+		tdb_unlock(tdb, i, F_WRLCK);
+}
+
+int tdb_lockkeys(TDB_CONTEXT *tdb, u32 number, TDB_DATA keys[])
+{
+	u32 i, j, hash;
+
+	/* Can't lock more keys if already locked */
+	if (tdb->lockedkeys)
+		return TDB_ERRCODE(TDB_ERR_NOLOCK, -1);
+	if (!(tdb->lockedkeys = malloc(sizeof(u32) * (number+1))))
+		return TDB_ERRCODE(TDB_ERR_OOM, -1);
+	/* First number in array is # keys */
+	tdb->lockedkeys[0] = number;
+
+	/* Insertion sort by bucket */
+	for (i = 0; i < number; i++) {
+		hash = tdb_hash(&keys[i]);
+		for (j = 0; j < i && BUCKET(tdb->lockedkeys[j+1]) < BUCKET(hash); j++);
+			memmove(&tdb->lockedkeys[j+2], &tdb->lockedkeys[j+1], sizeof(u32) * (i-j));
+		tdb->lockedkeys[j+1] = hash;
+	}
+	/* Finally, lock in order */
+	for (i = 0; i < number; i++)
+		if (tdb_lock(tdb, i, F_WRLCK))
+			break;
+
+	/* If error, release locks we have... */
+	if (i < number) {
+		for ( j = 0; j < i; j++)
+			tdb_unlock(tdb, j, F_WRLCK);
+		SAFE_FREE(tdb->lockedkeys);
+		return TDB_ERRCODE(TDB_ERR_NOLOCK, -1);
+	}
+	return 0;
+}
+
+/* Unlock the keys previously locked by tdb_lockkeys() */
+void tdb_unlockkeys(TDB_CONTEXT *tdb)
+{
+	u32 i;
+	for (i = 0; i < tdb->lockedkeys[0]; i++)
+		tdb_unlock(tdb, tdb->lockedkeys[i+1], F_WRLCK);
+	SAFE_FREE(tdb->lockedkeys);
+}
+
+/* lock/unlock one hash chain. This is meant to be used to reduce
+   contention - it cannot guarantee how many records will be locked */
+int tdb_chainlock(TDB_CONTEXT *tdb, TDB_DATA key)
+{
+	return tdb_lock(tdb, BUCKET(tdb_hash(&key)), F_WRLCK);
+}
+
+int tdb_chainunlock(TDB_CONTEXT *tdb, TDB_DATA key)
+{
+	return tdb_unlock(tdb, BUCKET(tdb_hash(&key)), F_WRLCK);
+}
+
+
+/* register a loging function */
+void tdb_logging_function(TDB_CONTEXT *tdb, void (*fn)(TDB_CONTEXT *, int , const char *, ...))
+{
+	tdb->log_fn = fn;
+}
+
+
+/* reopen a tdb - this is used after a fork to ensure that we have an independent
+   seek pointer from our parent and to re-establish locks */
+int tdb_reopen(TDB_CONTEXT *tdb)
+{
+	struct stat st;
+
+	if (tdb_munmap(tdb) != 0) {
+		TDB_LOG((tdb, 0, "tdb_reopen: munmap failed (%s)\n", strerror(errno)));
+		goto fail;
+	}
+	if (close(tdb->fd) != 0)
+		TDB_LOG((tdb, 0, "tdb_reopen: WARNING closing tdb->fd failed!\n"));
+	tdb->fd = open(tdb->name, tdb->open_flags & ~(O_CREAT|O_TRUNC), 0);
+	if (tdb->fd == -1) {
+		TDB_LOG((tdb, 0, "tdb_reopen: open failed (%s)\n", strerror(errno)));
+		goto fail;
+	}
+	if (fstat(tdb->fd, &st) != 0) {
+		TDB_LOG((tdb, 0, "tdb_reopen: fstat failed (%s)\n", strerror(errno)));
+		goto fail;
+	}
+	if (st.st_ino != tdb->inode || st.st_dev != tdb->device) {
+		TDB_LOG((tdb, 0, "tdb_reopen: file dev/inode has changed!\n"));
+		goto fail;
+	}
+	tdb_mmap(tdb);
+	if (tdb_brlock(tdb, ACTIVE_LOCK, F_RDLCK, F_SETLKW, 0) == -1) {
+		TDB_LOG((tdb, 0, "tdb_reopen: failed to obtain active lock\n"));
+		goto fail;
+	}
+
+	return 0;
+
+fail:
+	tdb_close(tdb);
+	return -1;
+}
+
+/* reopen all tdb's */
+int tdb_reopen_all(void)
+{
+	TDB_CONTEXT *tdb;
+
+	for (tdb=tdbs; tdb; tdb = tdb->next) {
+		if (tdb_reopen(tdb) != 0) return -1;
+	}
+
+	return 0;
+}
diff --git a/source3/tdb/tdb.h b/source3/tdb/tdb.h
new file mode 100644
index 0000000000..54cde10d95
--- /dev/null
+++ b/source3/tdb/tdb.h
@@ -0,0 +1,141 @@
+#ifndef __TDB_H__
+#define __TDB_H__
+
+/* 
+   Unix SMB/CIFS implementation.
+   Samba database functions
+   Copyright (C) Andrew Tridgell 1999
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+
+/* flags to tdb_store() */
+#define TDB_REPLACE 1
+#define TDB_INSERT 2
+#define TDB_MODIFY 3
+
+/* flags for tdb_open() */
+#define TDB_DEFAULT 0 /* just a readability place holder */
+#define TDB_CLEAR_IF_FIRST 1
+#define TDB_INTERNAL 2 /* don't store on disk */
+#define TDB_NOLOCK   4 /* don't do any locking */
+#define TDB_NOMMAP   8 /* don't use mmap */
+#define TDB_CONVERT 16 /* convert endian (internal use) */
+
+#define TDB_ERRCODE(code, ret) ((tdb->ecode = (code)), ret)
+
+/* error codes */
+enum TDB_ERROR {TDB_SUCCESS=0, TDB_ERR_CORRUPT, TDB_ERR_IO, TDB_ERR_LOCK, 
+		TDB_ERR_OOM, TDB_ERR_EXISTS, TDB_ERR_NOEXIST, TDB_ERR_NOLOCK };
+
+#ifndef u32
+#define u32 unsigned
+#endif
+
+typedef struct {
+	char *dptr;
+	size_t dsize;
+} TDB_DATA;
+
+typedef u32 tdb_len;
+typedef u32 tdb_off;
+
+/* this is stored at the front of every database */
+struct tdb_header {
+	char magic_food[32]; /* for /etc/magic */
+	u32 version; /* version of the code */
+	u32 hash_size; /* number of hash entries */
+	tdb_off rwlocks;
+	tdb_off reserved[31];
+};
+
+struct tdb_lock_type {
+	u32 count;
+	u32 ltype;
+};
+
+struct tdb_traverse_lock {
+	struct tdb_traverse_lock *next;
+	u32 off;
+	u32 hash;
+};
+
+/* this is the context structure that is returned from a db open */
+typedef struct tdb_context {
+	char *name; /* the name of the database */
+	void *map_ptr; /* where it is currently mapped */
+	int fd; /* open file descriptor for the database */
+	tdb_len map_size; /* how much space has been mapped */
+	int read_only; /* opened read-only */
+	struct tdb_lock_type *locked; /* array of chain locks */
+	enum TDB_ERROR ecode; /* error code for last tdb error */
+	struct tdb_header header; /* a cached copy of the header */
+	u32 flags; /* the flags passed to tdb_open */
+	u32 *lockedkeys; /* array of locked keys: first is #keys */
+	struct tdb_traverse_lock travlocks; /* current traversal locks */
+	struct tdb_context *next; /* all tdbs to avoid multiple opens */
+	dev_t device;	/* uniquely identifies this tdb */
+	ino_t inode;	/* uniquely identifies this tdb */
+	void (*log_fn)(struct tdb_context *tdb, int level, const char *, ...); /* logging function */
+	int open_flags; /* flags used in the open - needed by reopen */
+} TDB_CONTEXT;
+
+typedef int (*tdb_traverse_func)(TDB_CONTEXT *, TDB_DATA, TDB_DATA, void *);
+typedef void (*tdb_log_func)(TDB_CONTEXT *, int , const char *, ...);
+
+TDB_CONTEXT *tdb_open(const char *name, int hash_size, int tdb_flags,
+		      int open_flags, mode_t mode);
+TDB_CONTEXT *tdb_open_ex(const char *name, int hash_size, int tdb_flags,
+			 int open_flags, mode_t mode,
+			 tdb_log_func log_fn);
+
+int tdb_reopen(TDB_CONTEXT *tdb);
+int tdb_reopen_all(void);
+void tdb_logging_function(TDB_CONTEXT *tdb, tdb_log_func);
+enum TDB_ERROR tdb_error(TDB_CONTEXT *tdb);
+const char *tdb_errorstr(TDB_CONTEXT *tdb);
+TDB_DATA tdb_fetch(TDB_CONTEXT *tdb, TDB_DATA key);
+int tdb_delete(TDB_CONTEXT *tdb, TDB_DATA key);
+int tdb_store(TDB_CONTEXT *tdb, TDB_DATA key, TDB_DATA dbuf, int flag);
+int tdb_close(TDB_CONTEXT *tdb);
+TDB_DATA tdb_firstkey(TDB_CONTEXT *tdb);
+TDB_DATA tdb_nextkey(TDB_CONTEXT *tdb, TDB_DATA key);
+int tdb_traverse(TDB_CONTEXT *tdb, tdb_traverse_func fn, void *state);
+int tdb_exists(TDB_CONTEXT *tdb, TDB_DATA key);
+int tdb_lockkeys(TDB_CONTEXT *tdb, u32 number, TDB_DATA keys[]);
+void tdb_unlockkeys(TDB_CONTEXT *tdb);
+int tdb_lockall(TDB_CONTEXT *tdb);
+void tdb_unlockall(TDB_CONTEXT *tdb);
+
+/* Low level locking functions: use with care */
+int tdb_chainlock(TDB_CONTEXT *tdb, TDB_DATA key);
+int tdb_chainunlock(TDB_CONTEXT *tdb, TDB_DATA key);
+
+/* Debug functions. Not used in production. */
+void tdb_dump_all(TDB_CONTEXT *tdb);
+int tdb_printfreelist(TDB_CONTEXT *tdb);
+
+extern TDB_DATA tdb_null;
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif /* tdb.h */
diff --git a/source3/tdb/tdb.magic b/source3/tdb/tdb.magic
new file mode 100644
index 0000000000..f5619e7327
--- /dev/null
+++ b/source3/tdb/tdb.magic
@@ -0,0 +1,10 @@
+# Magic file(1) information about tdb files.
+#
+# Install this into /etc/magic or the corresponding location for your
+# system, or pass as a -m argument to file(1).
+
+# You may use and redistribute this file without restriction.
+
+0	string	TDB\ file		TDB database
+>32	lelong	=0x2601196D		version 6, little-endian
+>>36	lelong	x			hash size %d bytes
diff --git a/source3/tdb/tdbbackup.c b/source3/tdb/tdbbackup.c
new file mode 100644
index 0000000000..48c4272d33
--- /dev/null
+++ b/source3/tdb/tdbbackup.c
@@ -0,0 +1,288 @@
+/* 
+   Unix SMB/CIFS implementation.
+   low level tdb backup and restore utility
+   Copyright (C) Andrew Tridgell              2002
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+/*
+
+  This program is meant for backup/restore of tdb databases. Typical usage would be:
+     tdbbackup *.tdb
+  when Samba shuts down cleanly, which will make a backup of all the local databases
+  to *.bak files. Then on Samba startup you would use:
+     tdbbackup -v *.tdb
+  and this will check the databases for corruption and if corruption is detected then
+  the backup will be restored.
+
+  You may also like to do a backup on a regular basis while Samba is
+  running, perhaps using cron.
+
+  The reason this program is needed is to cope with power failures
+  while Samba is running. A power failure could lead to database
+  corruption and Samba will then not start correctly.
+
+  Note that many of the databases in Samba are transient and thus
+  don't need to be backed up, so you can optimise the above a little
+  by only running the backup on the critical databases.
+
+ */
+
+#include <errno.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <string.h>
+#include <fcntl.h>
+#include <time.h>
+#include <sys/mman.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <ctype.h>
+#include "tdb.h"
+
+static int failed;
+
+static char *add_suffix(const char *name, const char *suffix)
+{
+	char *ret;
+	int len = strlen(name) + strlen(suffix) + 1;
+	ret = malloc(len);
+	if (!ret) {
+		fprintf(stderr,"Out of memory!\n");
+		exit(1);
+	}
+	strncpy(ret, name, len);
+	strncat(ret, suffix, len);
+	return ret;
+}
+
+static int copy_fn(TDB_CONTEXT *tdb, TDB_DATA key, TDB_DATA dbuf, void *state)
+{
+	TDB_CONTEXT *tdb_new = (TDB_CONTEXT *)state;
+
+	if (tdb_store(tdb_new, key, dbuf, TDB_INSERT) != 0) {
+		fprintf(stderr,"Failed to insert into %s\n", tdb_new->name);
+		failed = 1;
+		return 1;
+	}
+	return 0;
+}
+
+
+static int test_fn(TDB_CONTEXT *tdb, TDB_DATA key, TDB_DATA dbuf, void *state)
+{
+	return 0;
+}
+
+/*
+  carefully backup a tdb, validating the contents and
+  only doing the backup if its OK
+  this function is also used for restore
+*/
+static int backup_tdb(const char *old_name, const char *new_name)
+{
+	TDB_CONTEXT *tdb;
+	TDB_CONTEXT *tdb_new;
+	char *tmp_name;
+	struct stat st;
+	int count1, count2;
+
+	tmp_name = add_suffix(new_name, ".tmp");
+
+	/* stat the old tdb to find its permissions */
+	if (stat(old_name, &st) != 0) {
+		perror(old_name);
+		return 1;
+	}
+
+	/* open the old tdb */
+	tdb = tdb_open(old_name, 0, 0, O_RDWR, 0);
+	if (!tdb) {
+		printf("Failed to open %s\n", old_name);
+		return 1;
+	}
+
+	/* create the new tdb */
+	unlink(tmp_name);
+	tdb_new = tdb_open(tmp_name, tdb->header.hash_size, 
+			   TDB_DEFAULT, O_RDWR|O_CREAT|O_EXCL, 
+			   st.st_mode & 0777);
+	if (!tdb_new) {
+		perror(tmp_name);
+		free(tmp_name);
+		return 1;
+	}
+
+	/* lock the old tdb */
+	if (tdb_lockall(tdb) != 0) {
+		fprintf(stderr,"Failed to lock %s\n", old_name);
+		tdb_close(tdb);
+		tdb_close(tdb_new);
+		unlink(tmp_name);
+		free(tmp_name);
+		return 1;
+	}
+
+	failed = 0;
+
+	/* traverse and copy */
+	count1 = tdb_traverse(tdb, copy_fn, (void *)tdb_new);
+	if (count1 < 0 || failed) {
+		fprintf(stderr,"failed to copy %s\n", old_name);
+		tdb_close(tdb);
+		tdb_close(tdb_new);
+		unlink(tmp_name);
+		free(tmp_name);
+		return 1;
+	}
+
+	/* close the old tdb */
+	tdb_close(tdb);
+
+	/* close the new tdb and re-open read-only */
+	tdb_close(tdb_new);
+	tdb_new = tdb_open(tmp_name, 0, TDB_DEFAULT, O_RDONLY, 0);
+	if (!tdb_new) {
+		fprintf(stderr,"failed to reopen %s\n", tmp_name);
+		unlink(tmp_name);
+		perror(tmp_name);
+		free(tmp_name);
+		return 1;
+	}
+	
+	/* traverse the new tdb to confirm */
+	count2 = tdb_traverse(tdb_new, test_fn, 0);
+	if (count2 != count1) {
+		fprintf(stderr,"failed to copy %s\n", old_name);
+		tdb_close(tdb_new);
+		unlink(tmp_name);
+		free(tmp_name);
+		return 1;
+	}
+
+	/* make sure the new tdb has reached stable storage */
+	fsync(tdb_new->fd);
+
+	/* close the new tdb and rename it to .bak */
+	tdb_close(tdb_new);
+	unlink(new_name);
+	if (rename(tmp_name, new_name) != 0) {
+		perror(new_name);
+		free(tmp_name);
+		return 1;
+	}
+
+	printf("%s : %d records\n", old_name, count1);
+	free(tmp_name);
+
+	return 0;
+}
+
+
+
+/*
+  verify a tdb and if it is corrupt then restore from *.bak
+*/
+static int verify_tdb(const char *fname, const char *bak_name)
+{
+	TDB_CONTEXT *tdb;
+	int count = -1;
+
+	/* open the tdb */
+	tdb = tdb_open(fname, 0, 0, O_RDONLY, 0);
+
+	/* traverse the tdb, then close it */
+	if (tdb) {
+		count = tdb_traverse(tdb, test_fn, NULL);
+		tdb_close(tdb);
+	}
+
+	/* count is < 0 means an error */
+	if (count < 0) {
+		printf("restoring %s\n", fname);
+		return backup_tdb(bak_name, fname);
+	}
+
+	printf("%s : %d records\n", fname, count);
+
+	return 0;
+}
+
+
+static void usage(void)
+{
+	printf("Usage: tdbbackup [options] <fname...>\n\n");
+	printf("   -h            this help message\n");
+	printf("   -s suffix     set the backup suffix\n");
+	printf("   -v            veryify mode (restore if corrupt)\n");
+}
+		
+
+ int main(int argc, char *argv[])
+{
+	int i;
+	int ret = 0;
+	int c;
+	int verify = 0;
+	char *suffix = ".bak";
+	extern int optind;
+	extern char *optarg;
+
+	while ((c = getopt(argc, argv, "vhs:")) != -1) {
+		switch (c) {
+		case 'h':
+			usage();
+			exit(0);
+		case 'v':
+			verify = 1;
+			break;
+		case 's':
+			suffix = optarg;
+			break;
+		}
+	}
+
+	argc -= optind;
+	argv += optind;
+
+	if (argc < 1) {
+		usage();
+		exit(1);
+	}
+
+	for (i=0; i<argc; i++) {
+		const char *fname = argv[i];
+		char *bak_name;
+
+		bak_name = add_suffix(fname, suffix);
+
+		if (verify) {
+			if (verify_tdb(fname, bak_name) != 0) {
+				ret = 1;
+			}
+		} else {
+			if (backup_tdb(fname, bak_name) != 0) {
+				ret = 1;
+			}
+		}
+
+		free(bak_name);
+	}
+
+	return ret;
+}
diff --git a/source3/tdb/tdbdump.c b/source3/tdb/tdbdump.c
new file mode 100644
index 0000000000..6664213209
--- /dev/null
+++ b/source3/tdb/tdbdump.c
@@ -0,0 +1,88 @@
+/* 
+   Unix SMB/CIFS implementation.
+   simple tdb dump util
+   Copyright (C) Andrew Tridgell              2001
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include <errno.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <string.h>
+#include <fcntl.h>
+#include <time.h>
+#include <sys/mman.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <ctype.h>
+#include "tdb.h"
+
+static void print_data(TDB_DATA d)
+{
+	unsigned char *p = d.dptr;
+	int len = d.dsize;
+	while (len--) {
+		if (isprint(*p) && !strchr("\"\\", *p)) {
+			fputc(*p, stdout);
+		} else {
+			printf("\\%02X", *p);
+		}
+		p++;
+	}
+}
+
+static int traverse_fn(TDB_CONTEXT *tdb, TDB_DATA key, TDB_DATA dbuf, void *state)
+{
+	printf("{\n");
+	printf("key = \"");
+	print_data(key);
+	printf("\"\n");
+	printf("data = \"");
+	print_data(dbuf);
+	printf("\"\n");
+	printf("}\n");
+	return 0;
+}
+
+static int dump_tdb(const char *fname)
+{
+	TDB_CONTEXT *tdb;
+	
+	tdb = tdb_open(fname, 0, 0, O_RDONLY, 0);
+	if (!tdb) {
+		printf("Failed to open %s\n", fname);
+		return 1;
+	}
+
+	tdb_traverse(tdb, traverse_fn, NULL);
+	return 0;
+}
+
+ int main(int argc, char *argv[])
+{
+	char *fname;
+
+	if (argc < 2) {
+		printf("Usage: tdbdump <fname>\n");
+		exit(1);
+	}
+
+	fname = argv[1];
+
+	return dump_tdb(fname);
+}
diff --git a/source3/tdb/tdbtest.c b/source3/tdb/tdbtest.c
new file mode 100644
index 0000000000..0741073ce1
--- /dev/null
+++ b/source3/tdb/tdbtest.c
@@ -0,0 +1,262 @@
+#include <stdlib.h>
+#include <stdio.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <string.h>
+#include <fcntl.h>
+#include <stdarg.h>
+#include <sys/mman.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include "tdb.h"
+#include <gdbm.h>
+
+/* a test program for tdb - the trivial database */
+
+
+
+#define DELETE_PROB 7
+#define STORE_PROB 5
+
+static TDB_CONTEXT *db;
+static GDBM_FILE gdbm;
+
+struct timeval tp1,tp2;
+
+static void start_timer(void)
+{
+	gettimeofday(&tp1,NULL);
+}
+
+static double end_timer(void)
+{
+	gettimeofday(&tp2,NULL);
+	return((tp2.tv_sec - tp1.tv_sec) + 
+	       (tp2.tv_usec - tp1.tv_usec)*1.0e-6);
+}
+
+static void fatal(char *why)
+{
+	perror(why);
+	exit(1);
+}
+
+static void tdb_log(TDB_CONTEXT *tdb, int level, const char *format, ...)
+{
+	va_list ap;
+    
+	va_start(ap, format);
+	vfprintf(stdout, format, ap);
+	va_end(ap);
+	fflush(stdout);
+}
+
+static void compare_db(void)
+{
+	TDB_DATA d, key, nextkey;
+	datum gd, gkey, gnextkey;
+
+	key = tdb_firstkey(db);
+	while (key.dptr) {
+		d = tdb_fetch(db, key);
+		gkey.dptr = key.dptr;
+		gkey.dsize = key.dsize;
+
+		gd = gdbm_fetch(gdbm, gkey);
+
+		if (!gd.dptr) fatal("key not in gdbm");
+		if (gd.dsize != d.dsize) fatal("data sizes differ");
+		if (memcmp(gd.dptr, d.dptr, d.dsize)) {
+			fatal("data differs");
+		}
+
+		nextkey = tdb_nextkey(db, key);
+		free(key.dptr);
+		free(d.dptr);
+		free(gd.dptr);
+		key = nextkey;
+	}
+
+	gkey = gdbm_firstkey(gdbm);
+	while (gkey.dptr) {
+		gd = gdbm_fetch(gdbm, gkey);
+		key.dptr = gkey.dptr;
+		key.dsize = gkey.dsize;
+
+		d = tdb_fetch(db, key);
+
+		if (!d.dptr) fatal("key not in db");
+		if (d.dsize != gd.dsize) fatal("data sizes differ");
+		if (memcmp(d.dptr, gd.dptr, gd.dsize)) {
+			fatal("data differs");
+		}
+
+		gnextkey = gdbm_nextkey(gdbm, gkey);
+		free(gkey.dptr);
+		free(gd.dptr);
+		free(d.dptr);
+		gkey = gnextkey;
+	}
+}
+
+static char *randbuf(int len)
+{
+	char *buf;
+	int i;
+	buf = (char *)malloc(len+1);
+
+	for (i=0;i<len;i++) {
+		buf[i] = 'a' + (rand() % 26);
+	}
+	buf[i] = 0;
+	return buf;
+}
+
+static void addrec_db(void)
+{
+	int klen, dlen;
+	char *k, *d;
+	TDB_DATA key, data;
+
+	klen = 1 + (rand() % 4);
+	dlen = 1 + (rand() % 100);
+
+	k = randbuf(klen);
+	d = randbuf(dlen);
+
+	key.dptr = k;
+	key.dsize = klen+1;
+
+	data.dptr = d;
+	data.dsize = dlen+1;
+
+	if (rand() % DELETE_PROB == 0) {
+		tdb_delete(db, key);
+	} else if (rand() % STORE_PROB == 0) {
+		if (tdb_store(db, key, data, TDB_REPLACE) != 0) {
+			fatal("tdb_store failed");
+		}
+	} else {
+		data = tdb_fetch(db, key);
+		if (data.dptr) free(data.dptr);
+	}
+
+	free(k);
+	free(d);
+}
+
+static void addrec_gdbm(void)
+{
+	int klen, dlen;
+	char *k, *d;
+	datum key, data;
+
+	klen = 1 + (rand() % 4);
+	dlen = 1 + (rand() % 100);
+
+	k = randbuf(klen);
+	d = randbuf(dlen);
+
+	key.dptr = k;
+	key.dsize = klen+1;
+
+	data.dptr = d;
+	data.dsize = dlen+1;
+
+	if (rand() % DELETE_PROB == 0) {
+		gdbm_delete(gdbm, key);
+	} else if (rand() % STORE_PROB == 0) {
+		if (gdbm_store(gdbm, key, data, GDBM_REPLACE) != 0) {
+			fatal("gdbm_store failed");
+		}
+	} else {
+		data = gdbm_fetch(gdbm, key);
+		if (data.dptr) free(data.dptr);
+	}
+
+	free(k);
+	free(d);
+}
+
+static int traverse_fn(TDB_CONTEXT *tdb, TDB_DATA key, TDB_DATA dbuf, void *state)
+{
+#if 0
+	printf("[%s] [%s]\n", key.dptr, dbuf.dptr);
+#endif
+	tdb_delete(tdb, key);
+	return 0;
+}
+
+static void merge_test(void)
+{
+	int i;
+	char keys[5][2];
+	TDB_DATA key, data;
+	
+	for (i = 0; i < 5; i++) {
+		sprintf(keys[i], "%d", i);
+		key.dptr = keys[i];
+		key.dsize = 2;
+		
+		data.dptr = "test";
+		data.dsize = 4;
+		
+		if (tdb_store(db, key, data, TDB_REPLACE) != 0) {
+			fatal("tdb_store failed");
+		}
+	}
+
+	key.dptr = keys[0];
+	tdb_delete(db, key);
+	key.dptr = keys[4];
+	tdb_delete(db, key);
+	key.dptr = keys[2];
+	tdb_delete(db, key);
+	key.dptr = keys[1];
+	tdb_delete(db, key);
+	key.dptr = keys[3];
+	tdb_delete(db, key);
+}
+	
+int main(int argc, char *argv[])
+{
+	int i, seed=0;
+	int loops = 10000;
+
+	unlink("test.gdbm");
+
+	db = tdb_open("test.tdb", 0, TDB_CLEAR_IF_FIRST, 
+		      O_RDWR | O_CREAT | O_TRUNC, 0600);
+	gdbm = gdbm_open("test.gdbm", 512, GDBM_WRITER|GDBM_NEWDB|GDBM_FAST, 
+			 0600, NULL);
+
+	if (!db || !gdbm) {
+		fatal("db open failed");
+	}
+
+	tdb_logging_function(db, tdb_log);
+	
+#if 1
+	srand(seed);
+	start_timer();
+	for (i=0;i<loops;i++) addrec_gdbm();
+	printf("gdbm got %.2f ops/sec\n", i/end_timer());
+#endif
+
+	merge_test();
+
+	srand(seed);
+	start_timer();
+	for (i=0;i<loops;i++) addrec_db();
+	printf("tdb got %.2f ops/sec\n", i/end_timer());
+
+	compare_db();
+
+	printf("traversed %d records\n", tdb_traverse(db, traverse_fn, NULL));
+	printf("traversed %d records\n", tdb_traverse(db, traverse_fn, NULL));
+
+	tdb_close(db);
+	gdbm_close(gdbm);
+
+	return 0;
+}
diff --git a/source3/tdb/tdbtool.c b/source3/tdb/tdbtool.c
new file mode 100644
index 0000000000..caa2940141
--- /dev/null
+++ b/source3/tdb/tdbtool.c
@@ -0,0 +1,478 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Samba database functions
+   Copyright (C) Andrew Tridgell              1999-2000
+   Copyright (C) Paul `Rusty' Russell		   2000
+   Copyright (C) Jeremy Allison			   2000
+   Copyright (C) Andrew Esh                        2001
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include <errno.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <string.h>
+#include <fcntl.h>
+#include <time.h>
+#include <sys/mman.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <ctype.h>
+#include "tdb.h"
+
+/* a tdb tool for manipulating a tdb database */
+
+#define FSTRING_LEN 256
+typedef char fstring[FSTRING_LEN];
+
+typedef struct connections_key {
+	pid_t pid;
+	int cnum;
+	fstring name;
+} connections_key;
+
+typedef struct connections_data {
+	int magic;
+	pid_t pid;
+	int cnum;
+	uid_t uid;
+	gid_t gid;
+	char name[24];
+	char addr[24];
+	char machine[128];
+	time_t start;
+} connections_data;
+
+static TDB_CONTEXT *tdb;
+
+static int print_rec(TDB_CONTEXT *the_tdb, TDB_DATA key, TDB_DATA dbuf, void *state);
+
+static void print_asc(unsigned char *buf,int len)
+{
+	int i;
+
+	/* We're probably printing ASCII strings so don't try to display
+	   the trailing NULL character. */
+
+	if (buf[len - 1] == 0)
+	        len--;
+
+	for (i=0;i<len;i++)
+		printf("%c",isprint(buf[i])?buf[i]:'.');
+}
+
+static void print_data(unsigned char *buf,int len)
+{
+	int i=0;
+	if (len<=0) return;
+	printf("[%03X] ",i);
+	for (i=0;i<len;) {
+		printf("%02X ",(int)buf[i]);
+		i++;
+		if (i%8 == 0) printf(" ");
+		if (i%16 == 0) {      
+			print_asc(&buf[i-16],8); printf(" ");
+			print_asc(&buf[i-8],8); printf("\n");
+			if (i<len) printf("[%03X] ",i);
+		}
+	}
+	if (i%16) {
+		int n;
+		
+		n = 16 - (i%16);
+		printf(" ");
+		if (n>8) printf(" ");
+		while (n--) printf("   ");
+		
+		n = i%16;
+		if (n > 8) n = 8;
+		print_asc(&buf[i-(i%16)],n); printf(" ");
+		n = (i%16) - n;
+		if (n>0) print_asc(&buf[i-n],n); 
+		printf("\n");    
+	}
+}
+
+static void help(void)
+{
+	printf("
+tdbtool: 
+  create    dbname     : create a database
+  open      dbname     : open an existing database
+  erase                : erase the database
+  dump                 : dump the database as strings
+  insert    key  data  : insert a record
+  store     key  data  : store a record (replace)
+  show      key        : show a record by key
+  delete    key        : delete a record by key
+  list                 : print the database hash table and freelist
+  free                 : print the database freelist
+  1 | first            : print the first record
+  n | next             : print the next record
+  q | quit             : terminate
+  \\n                   : repeat 'next' command
+");
+}
+
+static void terror(char *why)
+{
+	printf("%s\n", why);
+}
+
+static char *get_token(int startover)
+{
+	static char tmp[1024];
+	static char *cont = NULL;
+	char *insert, *start;
+	char *k = strtok(NULL, " ");
+
+	if (!k)
+	  return NULL;
+
+	if (startover)
+	  start = tmp;
+	else
+	  start = cont;
+
+	strcpy(start, k);
+	insert = start + strlen(start) - 1;
+	while (*insert == '\\') {
+	  *insert++ = ' ';
+	  k = strtok(NULL, " ");
+	  if (!k)
+	    break;
+	  strcpy(insert, k);
+	  insert = start + strlen(start) - 1;
+	}
+
+	/* Get ready for next call */
+	cont = start + strlen(start) + 1;
+	return start;
+}
+
+static void create_tdb(void)
+{
+	char *tok = get_token(1);
+	if (!tok) {
+		help();
+		return;
+	}
+	if (tdb) tdb_close(tdb);
+	tdb = tdb_open(tok, 0, TDB_CLEAR_IF_FIRST,
+		       O_RDWR | O_CREAT | O_TRUNC, 0600);
+	if (!tdb) {
+		printf("Could not create %s: %s\n", tok, strerror(errno));
+	}
+}
+
+static void open_tdb(void)
+{
+	char *tok = get_token(1);
+	if (!tok) {
+		help();
+		return;
+	}
+	if (tdb) tdb_close(tdb);
+	tdb = tdb_open(tok, 0, 0, O_RDWR, 0600);
+	if (!tdb) {
+		printf("Could not open %s: %s\n", tok, strerror(errno));
+	}
+}
+
+static void insert_tdb(void)
+{
+	char *k = get_token(1);
+	char *d = get_token(0);
+	TDB_DATA key, dbuf;
+
+	if (!k || !d) {
+		help();
+		return;
+	}
+
+	key.dptr = k;
+	key.dsize = strlen(k)+1;
+	dbuf.dptr = d;
+	dbuf.dsize = strlen(d)+1;
+
+	if (tdb_store(tdb, key, dbuf, TDB_INSERT) == -1) {
+		terror("insert failed");
+	}
+}
+
+static void store_tdb(void)
+{
+	char *k = get_token(1);
+	char *d = get_token(0);
+	TDB_DATA key, dbuf;
+
+	if (!k || !d) {
+		help();
+		return;
+	}
+
+	key.dptr = k;
+	key.dsize = strlen(k)+1;
+	dbuf.dptr = d;
+	dbuf.dsize = strlen(d)+1;
+
+	printf("Storing key:\n");
+	print_rec(tdb, key, dbuf, NULL);
+
+	if (tdb_store(tdb, key, dbuf, TDB_REPLACE) == -1) {
+		terror("store failed");
+	}
+}
+
+static void show_tdb(void)
+{
+	char *k = get_token(1);
+	TDB_DATA key, dbuf;
+
+	if (!k) {
+		help();
+		return;
+	}
+
+	key.dptr = k;
+	key.dsize = strlen(k)+1;
+
+	dbuf = tdb_fetch(tdb, key);
+	if (!dbuf.dptr) {
+		terror("fetch failed");
+		return;
+	}
+	/* printf("%s : %*.*s\n", k, (int)dbuf.dsize, (int)dbuf.dsize, dbuf.dptr); */
+	print_rec(tdb, key, dbuf, NULL);
+}
+
+static void delete_tdb(void)
+{
+	char *k = get_token(1);
+	TDB_DATA key;
+
+	if (!k) {
+		help();
+		return;
+	}
+
+	key.dptr = k;
+	key.dsize = strlen(k)+1;
+
+	if (tdb_delete(tdb, key) != 0) {
+		terror("delete failed");
+	}
+}
+
+#if 0
+static int print_conn_key(TDB_DATA key)
+{
+	printf( "pid    =%5d   ", ((connections_key*)key.dptr)->pid);
+	printf( "cnum   =%10d  ", ((connections_key*)key.dptr)->cnum);
+	printf( "name   =[%s]\n", ((connections_key*)key.dptr)->name);
+	return 0;
+}
+
+static int print_conn_data(TDB_DATA dbuf)
+{
+	printf( "pid    =%5d   ", ((connections_data*)dbuf.dptr)->pid);
+	printf( "cnum   =%10d  ", ((connections_data*)dbuf.dptr)->cnum);
+	printf( "name   =[%s]\n", ((connections_data*)dbuf.dptr)->name);
+	
+	printf( "uid    =%5d   ",  ((connections_data*)dbuf.dptr)->uid);
+	printf( "addr   =[%s]\n", ((connections_data*)dbuf.dptr)->addr);
+	printf( "gid    =%5d   ",  ((connections_data*)dbuf.dptr)->gid);
+	printf( "machine=[%s]\n", ((connections_data*)dbuf.dptr)->machine);
+	printf( "start  = %s\n",   ctime(&((connections_data*)dbuf.dptr)->start));
+	return 0;
+}
+#endif
+
+static int print_rec(TDB_CONTEXT *the_tdb, TDB_DATA key, TDB_DATA dbuf, void *state)
+{
+#if 0
+	print_conn_key(key);
+	print_conn_data(dbuf);
+	return 0;
+#else
+	printf("\nkey %d bytes\n", key.dsize);
+	print_asc(key.dptr, key.dsize);
+	printf("\ndata %d bytes\n", dbuf.dsize);
+	print_data(dbuf.dptr, dbuf.dsize);
+	return 0;
+#endif
+}
+
+static int print_key(TDB_CONTEXT *the_tdb, TDB_DATA key, TDB_DATA dbuf, void *state)
+{
+	print_asc(key.dptr, key.dsize);
+	printf("\n");
+	return 0;
+}
+
+static int total_bytes;
+
+static int traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA key, TDB_DATA dbuf, void *state)
+{
+	total_bytes += dbuf.dsize;
+	return 0;
+}
+
+static void info_tdb(void)
+{
+	int count;
+	total_bytes = 0;
+	if ((count = tdb_traverse(tdb, traverse_fn, NULL) == -1))
+		printf("Error = %s\n", tdb_errorstr(tdb));
+	else
+		printf("%d records totalling %d bytes\n", count, total_bytes);
+}
+
+static char *tdb_getline(char *prompt)
+{
+	static char line[1024];
+	char *p;
+	fputs(prompt, stdout);
+	line[0] = 0;
+	p = fgets(line, sizeof(line)-1, stdin);
+	if (p) p = strchr(p, '\n');
+	if (p) *p = 0;
+	return p?line:NULL;
+}
+
+static int do_delete_fn(TDB_CONTEXT *the_tdb, TDB_DATA key, TDB_DATA dbuf,
+                     void *state)
+{
+    return tdb_delete(the_tdb, key);
+}
+
+static void first_record(TDB_CONTEXT *the_tdb, TDB_DATA *pkey)
+{
+	TDB_DATA dbuf;
+	*pkey = tdb_firstkey(the_tdb);
+	
+	dbuf = tdb_fetch(the_tdb, *pkey);
+	if (!dbuf.dptr) terror("fetch failed");
+	/* printf("%s : %*.*s\n", k, (int)dbuf.dsize, (int)dbuf.dsize, dbuf.dptr); */
+	print_rec(the_tdb, *pkey, dbuf, NULL);
+}
+
+static void next_record(TDB_CONTEXT *the_tdb, TDB_DATA *pkey)
+{
+	TDB_DATA dbuf;
+	*pkey = tdb_nextkey(the_tdb, *pkey);
+	
+	dbuf = tdb_fetch(the_tdb, *pkey);
+	if (!dbuf.dptr) 
+		terror("fetch failed");
+	else
+		/* printf("%s : %*.*s\n", k, (int)dbuf.dsize, (int)dbuf.dsize, dbuf.dptr); */
+		print_rec(the_tdb, *pkey, dbuf, NULL);
+}
+
+int main(int argc, char *argv[])
+{
+    int bIterate = 0;
+    char *line;
+    char *tok;
+	TDB_DATA iterate_kbuf;
+
+    if (argv[1]) {
+	static char tmp[1024];
+        sprintf(tmp, "open %s", argv[1]);
+        tok=strtok(tmp," ");
+        open_tdb();
+    }
+
+    while ((line = tdb_getline("tdb> "))) {
+
+        /* Shell command */
+        
+        if (line[0] == '!') {
+            system(line + 1);
+            continue;
+        }
+        
+        if ((tok = strtok(line," "))==NULL) {
+           if (bIterate)
+              next_record(tdb, &iterate_kbuf);
+           continue;
+        }
+        if (strcmp(tok,"create") == 0) {
+            bIterate = 0;
+            create_tdb();
+            continue;
+        } else if (strcmp(tok,"open") == 0) {
+            open_tdb();
+            continue;
+        } else if ((strcmp(tok, "q") == 0) ||
+                   (strcmp(tok, "quit") == 0)) {
+            break;
+	}
+            
+        /* all the rest require a open database */
+        if (!tdb) {
+            bIterate = 0;
+            terror("database not open");
+            help();
+            continue;
+        }
+            
+        if (strcmp(tok,"insert") == 0) {
+            bIterate = 0;
+            insert_tdb();
+        } else if (strcmp(tok,"store") == 0) {
+            bIterate = 0;
+            store_tdb();
+        } else if (strcmp(tok,"show") == 0) {
+            bIterate = 0;
+            show_tdb();
+        } else if (strcmp(tok,"erase") == 0) {
+            bIterate = 0;
+            tdb_traverse(tdb, do_delete_fn, NULL);
+        } else if (strcmp(tok,"delete") == 0) {
+            bIterate = 0;
+            delete_tdb();
+        } else if (strcmp(tok,"dump") == 0) {
+            bIterate = 0;
+            tdb_traverse(tdb, print_rec, NULL);
+        } else if (strcmp(tok,"list") == 0) {
+            tdb_dump_all(tdb);
+        } else if (strcmp(tok, "free") == 0) {
+            tdb_printfreelist(tdb);
+        } else if (strcmp(tok,"info") == 0) {
+            info_tdb();
+        } else if ( (strcmp(tok, "1") == 0) ||
+                    (strcmp(tok, "first") == 0)) {
+            bIterate = 1;
+            first_record(tdb, &iterate_kbuf);
+        } else if ((strcmp(tok, "n") == 0) ||
+                   (strcmp(tok, "next") == 0)) {
+            next_record(tdb, &iterate_kbuf);
+        } else if ((strcmp(tok, "keys") == 0)) {
+                bIterate = 0;
+                tdb_traverse(tdb, print_key, NULL);
+        } else {
+            help();
+        }
+    }
+
+    if (tdb) tdb_close(tdb);
+
+    return 0;
+}
diff --git a/source3/tdb/tdbtorture.c b/source3/tdb/tdbtorture.c
new file mode 100644
index 0000000000..c4d912a147
--- /dev/null
+++ b/source3/tdb/tdbtorture.c
@@ -0,0 +1,216 @@
+#include <stdlib.h>
+#include <time.h>
+#include <stdio.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <string.h>
+#include <fcntl.h>
+#include <stdarg.h>
+#include <sys/mman.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <sys/wait.h>
+#include "tdb.h"
+
+/* this tests tdb by doing lots of ops from several simultaneous
+   writers - that stresses the locking code. Build with TDB_DEBUG=1
+   for best effect */
+
+
+
+#define REOPEN_PROB 30
+#define DELETE_PROB 8
+#define STORE_PROB 4
+#define LOCKSTORE_PROB 0
+#define TRAVERSE_PROB 20
+#define CULL_PROB 100
+#define KEYLEN 3
+#define DATALEN 100
+#define LOCKLEN 20
+
+static TDB_CONTEXT *db;
+
+static void tdb_log(TDB_CONTEXT *tdb, int level, const char *format, ...)
+{
+	va_list ap;
+    
+	va_start(ap, format);
+	vfprintf(stdout, format, ap);
+	va_end(ap);
+	fflush(stdout);
+#if 0
+	{
+		char *ptr;
+		asprintf(&ptr,"xterm -e gdb /proc/%d/exe %d", getpid(), getpid());
+		system(ptr);
+		free(ptr);
+	}
+#endif	
+}
+
+static void fatal(char *why)
+{
+	perror(why);
+	exit(1);
+}
+
+static char *randbuf(int len)
+{
+	char *buf;
+	int i;
+	buf = (char *)malloc(len+1);
+
+	for (i=0;i<len;i++) {
+		buf[i] = 'a' + (rand() % 26);
+	}
+	buf[i] = 0;
+	return buf;
+}
+
+static int cull_traverse(TDB_CONTEXT *tdb, TDB_DATA key, TDB_DATA dbuf,
+			 void *state)
+{
+	if (random() % CULL_PROB == 0) {
+		tdb_delete(tdb, key);
+	}
+	return 0;
+}
+
+static void addrec_db(void)
+{
+	int klen, dlen, slen;
+	char *k, *d, *s;
+	TDB_DATA key, data, lockkey;
+
+	klen = 1 + (rand() % KEYLEN);
+	dlen = 1 + (rand() % DATALEN);
+	slen = 1 + (rand() % LOCKLEN);
+
+	k = randbuf(klen);
+	d = randbuf(dlen);
+	s = randbuf(slen);
+
+	key.dptr = k;
+	key.dsize = klen+1;
+
+	data.dptr = d;
+	data.dsize = dlen+1;
+
+	lockkey.dptr = s;
+	lockkey.dsize = slen+1;
+
+#if REOPEN_PROB
+	if (random() % REOPEN_PROB == 0) {
+		tdb_reopen_all();
+		goto next;
+	} 
+#endif
+
+#if DELETE_PROB
+	if (random() % DELETE_PROB == 0) {
+		tdb_delete(db, key);
+		goto next;
+	}
+#endif
+
+#if STORE_PROB
+	if (random() % STORE_PROB == 0) {
+		if (tdb_store(db, key, data, TDB_REPLACE) != 0) {
+			fatal("tdb_store failed");
+		}
+		goto next;
+	}
+#endif
+
+#if LOCKSTORE_PROB
+	if (random() % LOCKSTORE_PROB == 0) {
+		tdb_chainlock(db, lockkey);
+		data = tdb_fetch(db, key);
+		if (tdb_store(db, key, data, TDB_REPLACE) != 0) {
+			fatal("tdb_store failed");
+		}
+		if (data.dptr) free(data.dptr);
+		tdb_chainunlock(db, lockkey);
+		goto next;
+	} 
+#endif
+
+#if TRAVERSE_PROB
+	if (random() % TRAVERSE_PROB == 0) {
+		tdb_traverse(db, cull_traverse, NULL);
+		goto next;
+	}
+#endif
+
+	data = tdb_fetch(db, key);
+	if (data.dptr) free(data.dptr);
+
+next:
+	free(k);
+	free(d);
+	free(s);
+}
+
+static int traverse_fn(TDB_CONTEXT *tdb, TDB_DATA key, TDB_DATA dbuf,
+                       void *state)
+{
+	tdb_delete(tdb, key);
+	return 0;
+}
+
+#ifndef NPROC
+#define NPROC 6
+#endif
+
+#ifndef NLOOPS
+#define NLOOPS 200000
+#endif
+
+int main(int argc, char *argv[])
+{
+	int i, seed=0;
+	int loops = NLOOPS;
+	pid_t pids[NPROC];
+
+	pids[0] = getpid();
+
+	for (i=0;i<NPROC-1;i++) {
+		if ((pids[i+1]=fork()) == 0) break;
+	}
+
+	db = tdb_open("torture.tdb", 2, TDB_CLEAR_IF_FIRST, 
+		      O_RDWR | O_CREAT, 0600);
+	if (!db) {
+		fatal("db open failed");
+	}
+	tdb_logging_function(db, tdb_log);
+
+	srand(seed + getpid());
+	srandom(seed + getpid() + time(NULL));
+	for (i=0;i<loops;i++) addrec_db();
+
+	tdb_traverse(db, NULL, NULL);
+	tdb_traverse(db, traverse_fn, NULL);
+	tdb_traverse(db, traverse_fn, NULL);
+
+	tdb_close(db);
+
+	if (getpid() == pids[0]) {
+		for (i=0;i<NPROC-1;i++) {
+			int status;
+			if (waitpid(pids[i+1], &status, 0) != pids[i+1]) {
+				printf("failed to wait for %d\n",
+				       (int)pids[i+1]);
+				exit(1);
+			}
+			if (WEXITSTATUS(status) != 0) {
+				printf("child %d exited with status %d\n",
+				       (int)pids[i+1], WEXITSTATUS(status));
+				exit(1);
+			}
+		}
+		printf("OK\n");
+	}
+
+	return 0;
+}
diff --git a/source3/tdb/tdbutil.c b/source3/tdb/tdbutil.c
new file mode 100644
index 0000000000..3e16a03047
--- /dev/null
+++ b/source3/tdb/tdbutil.c
@@ -0,0 +1,511 @@
+/* 
+   Unix SMB/CIFS implementation.
+   tdb utility functions
+   Copyright (C) Andrew Tridgell 1992-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/* these are little tdb utility functions that are meant to make
+   dealing with a tdb database a little less cumbersome in Samba */
+
+/****************************************************************************
+ Lock a chain by string.
+****************************************************************************/
+
+int tdb_lock_bystring(TDB_CONTEXT *tdb, char *keyval)
+{
+	TDB_DATA key;
+
+	key.dptr = keyval;
+	key.dsize = strlen(keyval)+1;
+	
+	return tdb_chainlock(tdb, key);
+}
+
+/****************************************************************************
+ Unlock a chain by string.
+****************************************************************************/
+
+void tdb_unlock_bystring(TDB_CONTEXT *tdb, char *keyval)
+{
+	TDB_DATA key;
+
+	key.dptr = keyval;
+	key.dsize = strlen(keyval)+1;
+	
+	tdb_chainunlock(tdb, key);
+}
+
+/****************************************************************************
+ Fetch a int32 value by a arbitrary blob key, return -1 if not found.
+ Output is int32 in native byte order.
+****************************************************************************/
+
+int32 tdb_fetch_int32_byblob(TDB_CONTEXT *tdb, char *keyval, size_t len)
+{
+	TDB_DATA key, data;
+	int32 ret;
+
+	key.dptr = keyval;
+	key.dsize = len;
+	data = tdb_fetch(tdb, key);
+	if (!data.dptr || data.dsize != sizeof(int32))
+		return -1;
+	
+	ret = IVAL(data.dptr,0);
+	SAFE_FREE(data.dptr);
+	return ret;
+}
+
+/****************************************************************************
+ Fetch a int32 value by string key, return -1 if not found.
+ Output is int32 in native byte order.
+****************************************************************************/
+
+int32 tdb_fetch_int32(TDB_CONTEXT *tdb, char *keystr)
+{
+	return tdb_fetch_int32_byblob(tdb, keystr, strlen(keystr) + 1);
+}
+
+/****************************************************************************
+ Store a int32 value by an arbitary blob key, return 0 on success, -1 on failure.
+ Input is int32 in native byte order. Output in tdb is in little-endian.
+****************************************************************************/
+
+int tdb_store_int32_byblob(TDB_CONTEXT *tdb, char *keystr, size_t len, int32 v)
+{
+	TDB_DATA key, data;
+	int32 v_store;
+
+	key.dptr = keystr;
+	key.dsize = len;
+	SIVAL(&v_store,0,v);
+	data.dptr = (void *)&v_store;
+	data.dsize = sizeof(int32);
+
+	return tdb_store(tdb, key, data, TDB_REPLACE);
+}
+
+/****************************************************************************
+ Store a int32 value by string key, return 0 on success, -1 on failure.
+ Input is int32 in native byte order. Output in tdb is in little-endian.
+****************************************************************************/
+
+int tdb_store_int32(TDB_CONTEXT *tdb, char *keystr, int32 v)
+{
+	return tdb_store_int32_byblob(tdb, keystr, strlen(keystr) + 1, v);
+}
+
+/****************************************************************************
+ Fetch a uint32 value by a arbitrary blob key, return -1 if not found.
+ Output is uint32 in native byte order.
+****************************************************************************/
+
+BOOL tdb_fetch_uint32_byblob(TDB_CONTEXT *tdb, char *keyval, size_t len, uint32 *value)
+{
+	TDB_DATA key, data;
+
+	key.dptr = keyval;
+	key.dsize = len;
+	data = tdb_fetch(tdb, key);
+	if (!data.dptr || data.dsize != sizeof(uint32))
+		return False;
+	
+	*value = IVAL(data.dptr,0);
+	SAFE_FREE(data.dptr);
+	return True;
+}
+
+/****************************************************************************
+ Fetch a uint32 value by string key, return -1 if not found.
+ Output is uint32 in native byte order.
+****************************************************************************/
+
+BOOL tdb_fetch_uint32(TDB_CONTEXT *tdb, char *keystr, uint32 *value)
+{
+	return tdb_fetch_uint32_byblob(tdb, keystr, strlen(keystr) + 1, value);
+}
+
+/****************************************************************************
+ Store a uint32 value by an arbitary blob key, return 0 on success, -1 on failure.
+ Input is uint32 in native byte order. Output in tdb is in little-endian.
+****************************************************************************/
+
+BOOL tdb_store_uint32_byblob(TDB_CONTEXT *tdb, char *keystr, size_t len, uint32 value)
+{
+	TDB_DATA key, data;
+	uint32 v_store;
+	BOOL ret = True;
+
+	key.dptr = keystr;
+	key.dsize = len;
+	SIVAL(&v_store, 0, value);
+	data.dptr = (void *)&v_store;
+	data.dsize = sizeof(uint32);
+
+	if (tdb_store(tdb, key, data, TDB_REPLACE) == -1)
+		ret = False;
+
+	return ret;
+}
+
+/****************************************************************************
+ Store a uint32 value by string key, return 0 on success, -1 on failure.
+ Input is uint32 in native byte order. Output in tdb is in little-endian.
+****************************************************************************/
+
+BOOL tdb_store_uint32(TDB_CONTEXT *tdb, char *keystr, uint32 value)
+{
+	return tdb_store_uint32_byblob(tdb, keystr, strlen(keystr) + 1, value);
+}
+/****************************************************************************
+ Store a buffer by a null terminated string key.  Return 0 on success, -1
+ on failure.
+****************************************************************************/
+
+int tdb_store_by_string(TDB_CONTEXT *tdb, char *keystr, void *buffer, int len)
+{
+    TDB_DATA key, data;
+
+    key.dptr = keystr;
+    key.dsize = strlen(keystr) + 1;
+
+    data.dptr = buffer;
+    data.dsize = len;
+
+    return tdb_store(tdb, key, data, TDB_REPLACE);
+}
+
+/****************************************************************************
+ Fetch a buffer using a null terminated string key.  Don't forget to call
+ free() on the result dptr.
+****************************************************************************/
+
+TDB_DATA tdb_fetch_by_string(TDB_CONTEXT *tdb, char *keystr)
+{
+    TDB_DATA key;
+
+    key.dptr = keystr;
+    key.dsize = strlen(keystr) + 1;
+
+    return tdb_fetch(tdb, key);
+}
+
+/****************************************************************************
+ Atomic integer change. Returns old value. To create, set initial value in *oldval. 
+****************************************************************************/
+
+int32 tdb_change_int32_atomic(TDB_CONTEXT *tdb, char *keystr, int32 *oldval, int32 change_val)
+{
+	int32 val;
+	int32 ret = -1;
+
+	if (tdb_lock_bystring(tdb, keystr) == -1)
+		return -1;
+
+	if ((val = tdb_fetch_int32(tdb, keystr)) == -1) {
+		if (tdb_error(tdb) != TDB_ERR_NOEXIST)
+			goto err_out;
+
+		val = *oldval;
+
+	} else {
+		*oldval = val;
+		val += change_val;
+	}
+		
+	if (tdb_store_int32(tdb, keystr, val) == -1)
+		goto err_out;
+
+	ret = 0;
+
+  err_out:
+
+	tdb_unlock_bystring(tdb, keystr);
+	return ret;
+}
+
+/****************************************************************************
+ Atomic unsigned integer change. Returns old value. To create, set initial value in *oldval. 
+****************************************************************************/
+
+BOOL tdb_change_uint32_atomic(TDB_CONTEXT *tdb, char *keystr, uint32 *oldval, uint32 change_val)
+{
+	uint32 val;
+	BOOL ret = False;
+
+	if (tdb_lock_bystring(tdb, keystr) == -1)
+		return False;
+
+	if (!tdb_fetch_uint32(tdb, keystr, &val)) {
+		if (tdb_error(tdb) != TDB_ERR_NOEXIST)
+			goto err_out;
+
+		val = *oldval;
+
+	} else {
+		*oldval = val;
+		val += change_val;
+	}
+		
+	if (!tdb_store_uint32(tdb, keystr, val))
+		goto err_out;
+
+	ret = True;
+
+  err_out:
+
+	tdb_unlock_bystring(tdb, keystr);
+	return ret;
+}
+
+/****************************************************************************
+ Useful pair of routines for packing/unpacking data consisting of
+ integers and strings.
+****************************************************************************/
+
+size_t tdb_pack(char *buf, int bufsize, char *fmt, ...)
+{
+	va_list ap;
+	uint16 w;
+	uint32 d;
+	int i;
+	void *p;
+	int len;
+	char *s;
+	char c;
+	char *buf0 = buf;
+	char *fmt0 = fmt;
+	int bufsize0 = bufsize;
+
+	va_start(ap, fmt);
+
+	while (*fmt) {
+		switch ((c = *fmt++)) {
+		case 'w':
+			len = 2;
+			w = (uint16)va_arg(ap, int);
+			if (bufsize >= len)
+				SSVAL(buf, 0, w);
+			break;
+		case 'd':
+			len = 4;
+			d = va_arg(ap, uint32);
+			if (bufsize >= len)
+				SIVAL(buf, 0, d);
+			break;
+		case 'p':
+			len = 4;
+			p = va_arg(ap, void *);
+			d = p?1:0;
+			if (bufsize >= len)
+				SIVAL(buf, 0, d);
+			break;
+		case 'P':
+			s = va_arg(ap,char *);
+			w = strlen(s);
+			len = w + 1;
+			if (bufsize >= len)
+				memcpy(buf, s, len);
+			break;
+		case 'f':
+			s = va_arg(ap,char *);
+			w = strlen(s);
+			len = w + 1;
+			if (bufsize >= len)
+				memcpy(buf, s, len);
+			break;
+		case 'B':
+			i = va_arg(ap, int);
+			s = va_arg(ap, char *);
+			len = 4+i;
+			if (bufsize >= len) {
+				SIVAL(buf, 0, i);
+				memcpy(buf+4, s, i);
+			}
+			break;
+		default:
+			DEBUG(0,("Unknown tdb_pack format %c in %s\n", 
+				 c, fmt));
+			len = 0;
+			break;
+		}
+
+		buf += len;
+		bufsize -= len;
+	}
+
+	va_end(ap);
+
+	DEBUG(18,("tdb_pack(%s, %d) -> %d\n", 
+		 fmt0, bufsize0, (int)PTR_DIFF(buf, buf0)));
+	
+	return PTR_DIFF(buf, buf0);
+}
+
+/****************************************************************************
+ Useful pair of routines for packing/unpacking data consisting of
+ integers and strings.
+****************************************************************************/
+
+int tdb_unpack(char *buf, int bufsize, char *fmt, ...)
+{
+	va_list ap;
+	uint16 *w;
+	uint32 *d;
+	int len;
+	int *i;
+	void **p;
+	char *s, **b;
+	char c;
+	char *buf0 = buf;
+	char *fmt0 = fmt;
+	int bufsize0 = bufsize;
+
+	va_start(ap, fmt);
+	
+	while (*fmt) {
+		switch ((c=*fmt++)) {
+		case 'w':
+			len = 2;
+			w = va_arg(ap, uint16 *);
+			if (bufsize < len)
+				goto no_space;
+			*w = SVAL(buf, 0);
+			break;
+		case 'd':
+			len = 4;
+			d = va_arg(ap, uint32 *);
+			if (bufsize < len)
+				goto no_space;
+			*d = IVAL(buf, 0);
+			break;
+		case 'p':
+			len = 4;
+			p = va_arg(ap, void **);
+			if (bufsize < len)
+				goto no_space;
+			*p = (void *)IVAL(buf, 0);
+			break;
+		case 'P':
+			s = va_arg(ap,char *);
+			len = strlen(buf) + 1;
+			if (bufsize < len || len > sizeof(pstring))
+				goto no_space;
+			memcpy(s, buf, len);
+			break;
+		case 'f':
+			s = va_arg(ap,char *);
+			len = strlen(buf) + 1;
+			if (bufsize < len || len > sizeof(fstring))
+				goto no_space;
+			memcpy(s, buf, len);
+			break;
+		case 'B':
+			i = va_arg(ap, int *);
+			b = va_arg(ap, char **);
+			len = 4;
+			if (bufsize < len)
+				goto no_space;
+			*i = IVAL(buf, 0);
+			if (! *i) {
+				*b = NULL;
+				break;
+			}
+			len += *i;
+			if (bufsize < len)
+				goto no_space;
+			*b = (char *)malloc(*i);
+			if (! *b)
+				goto no_space;
+			memcpy(*b, buf+4, *i);
+			break;
+		default:
+			DEBUG(0,("Unknown tdb_unpack format %c in %s\n", 
+				 c, fmt));
+
+			len = 0;
+			break;
+		}
+
+		buf += len;
+		bufsize -= len;
+	}
+
+	va_end(ap);
+
+	DEBUG(18,("tdb_unpack(%s, %d) -> %d\n", 
+		 fmt0, bufsize0, (int)PTR_DIFF(buf, buf0)));
+
+	return PTR_DIFF(buf, buf0);
+
+ no_space:
+	return -1;
+}
+
+/****************************************************************************
+ Log tdb messages via DEBUG().
+****************************************************************************/
+
+static void tdb_log(TDB_CONTEXT *tdb, int level, const char *format, ...)
+{
+	va_list ap;
+	char *ptr = NULL;
+
+	va_start(ap, format);
+	vasprintf(&ptr, format, ap);
+	va_end(ap);
+	
+	if (!ptr || !*ptr)
+		return;
+
+	DEBUG(level, ("tdb(%s): %s", tdb->name ? tdb->name : "unnamed", ptr));
+	SAFE_FREE(ptr);
+}
+
+/****************************************************************************
+ Like tdb_open() but also setup a logging function that redirects to
+ the samba DEBUG() system.
+****************************************************************************/
+
+TDB_CONTEXT *tdb_open_log(const char *name, int hash_size, int tdb_flags,
+			  int open_flags, mode_t mode)
+{
+	TDB_CONTEXT *tdb;
+
+	if (!lp_use_mmap())
+		tdb_flags |= TDB_NOMMAP;
+
+	tdb = tdb_open_ex(name, hash_size, tdb_flags, 
+				    open_flags, mode, tdb_log);
+	if (!tdb)
+		return NULL;
+
+	return tdb;
+}
+
+
+/****************************************************************************
+ Allow tdb_delete to be used as a tdb_traversal_fn.
+****************************************************************************/
+
+int tdb_traverse_delete_fn(TDB_CONTEXT *the_tdb, TDB_DATA key, TDB_DATA dbuf,
+                     void *state)
+{
+    return tdb_delete(the_tdb, key);
+}
diff --git a/source3/tests/.cvsignore b/source3/tests/.cvsignore
new file mode 100644
index 0000000000..b6c1f01120
--- /dev/null
+++ b/source3/tests/.cvsignore
@@ -0,0 +1 @@
+unixsock
diff --git a/source3/tests/README b/source3/tests/README
new file mode 100644
index 0000000000..cf1be8b00a
--- /dev/null
+++ b/source3/tests/README
@@ -0,0 +1,10 @@
+This directory contains autoconf test programs that are too large to
+comfortably fit in configure.in.
+
+These programs should test one feature of the OS and exit(0) if it
+works or exit(1) if it doesn't work (do _not_ use return)
+
+The programs should be kept simple and to the point. Beautiful/fast
+code is not necessary
+
+
diff --git a/source3/tests/crypttest.c b/source3/tests/crypttest.c
new file mode 100644
index 0000000000..efee2e593d
--- /dev/null
+++ b/source3/tests/crypttest.c
@@ -0,0 +1,852 @@
+#if defined(HAVE_UNISTD_H)
+#include <unistd.h>
+#endif
+
+#include <sys/types.h>
+
+#ifdef HAVE_STRING_H
+#include <string.h>
+#endif
+
+#ifdef HAVE_STRINGS_H
+#include <strings.h>
+#endif
+
+#if !defined(HAVE_CRYPT)
+
+/*
+   This bit of code was derived from the UFC-crypt package which
+   carries the following copyright
+
+   Modified for use by Samba by Andrew Tridgell, October 1994
+
+   Note that this routine is only faster on some machines. Under Linux 1.1.51 
+   libc 4.5.26 I actually found this routine to be slightly slower.
+
+   Under SunOS I found a huge speedup by using these routines 
+   (a factor of 20 or so)
+
+   Warning: I've had a report from Steve Kennedy <steve@gbnet.org>
+   that this crypt routine may sometimes get the wrong answer. Only
+   use UFC_CRYT if you really need it.
+
+*/
+
+/*
+ * UFC-crypt: ultra fast crypt(3) implementation
+ *
+ * Copyright (C) 1991-1998, Free Software Foundation, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public
+ * License along with this library; if not, write to the Free
+ * Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ * @(#)crypt_util.c	2.31 02/08/92
+ *
+ * Support routines
+ *
+ */
+
+
+#ifndef long32
+#if (SIZEOF_INT == 4)
+#define long32 int
+#elif (SIZEOF_LONG == 4)
+#define long32 long
+#elif (SIZEOF_SHORT == 4)
+#define long32 short
+#else
+/* uggh - no 32 bit type?? probably a CRAY. just hope this works ... */
+#define long32 int
+#endif
+#endif
+
+#ifndef long64
+#ifdef HAVE_LONGLONG
+#define long64 long long long
+#endif
+#endif
+
+#ifndef ufc_long
+#define ufc_long unsigned
+#endif
+
+#ifndef _UFC_64_
+#define _UFC_32_
+#endif
+
+/* 
+ * Permutation done once on the 56 bit 
+ *  key derived from the original 8 byte ASCII key.
+ */
+static int pc1[56] = { 
+  57, 49, 41, 33, 25, 17,  9,  1, 58, 50, 42, 34, 26, 18,
+  10,  2, 59, 51, 43, 35, 27, 19, 11,  3, 60, 52, 44, 36,
+  63, 55, 47, 39, 31, 23, 15,  7, 62, 54, 46, 38, 30, 22,
+  14,  6, 61, 53, 45, 37, 29, 21, 13,  5, 28, 20, 12,  4
+};
+
+/*
+ * How much to rotate each 28 bit half of the pc1 permutated
+ *  56 bit key before using pc2 to give the i' key
+ */
+static int rots[16] = { 
+  1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 
+};
+
+/* 
+ * Permutation giving the key 
+ * of the i' DES round 
+ */
+static int pc2[48] = { 
+  14, 17, 11, 24,  1,  5,  3, 28, 15,  6, 21, 10,
+  23, 19, 12,  4, 26,  8, 16,  7, 27, 20, 13,  2,
+  41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
+  44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
+};
+
+/*
+ * The E expansion table which selects
+ * bits from the 32 bit intermediate result.
+ */
+static int esel[48] = { 
+  32,  1,  2,  3,  4,  5,  4,  5,  6,  7,  8,  9,
+   8,  9, 10, 11, 12, 13, 12, 13, 14, 15, 16, 17,
+  16, 17, 18, 19, 20, 21, 20, 21, 22, 23, 24, 25,
+  24, 25, 26, 27, 28, 29, 28, 29, 30, 31, 32,  1
+};
+static int e_inverse[64];
+
+/* 
+ * Permutation done on the 
+ * result of sbox lookups 
+ */
+static int perm32[32] = {
+  16,  7, 20, 21, 29, 12, 28, 17,  1, 15, 23, 26,  5, 18, 31, 10,
+  2,   8, 24, 14, 32, 27,  3,  9, 19, 13, 30,  6, 22, 11,  4, 25
+};
+
+/* 
+ * The sboxes
+ */
+static int sbox[8][4][16]= {
+        { { 14,  4, 13,  1,  2, 15, 11,  8,  3, 10,  6, 12,  5,  9,  0,  7 },
+          {  0, 15,  7,  4, 14,  2, 13,  1, 10,  6, 12, 11,  9,  5,  3,  8 },
+          {  4,  1, 14,  8, 13,  6,  2, 11, 15, 12,  9,  7,  3, 10,  5,  0 },
+          { 15, 12,  8,  2,  4,  9,  1,  7,  5, 11,  3, 14, 10,  0,  6, 13 }
+        },
+
+        { { 15,  1,  8, 14,  6, 11,  3,  4,  9,  7,  2, 13, 12,  0,  5, 10 },
+          {  3, 13,  4,  7, 15,  2,  8, 14, 12,  0,  1, 10,  6,  9, 11,  5 },
+          {  0, 14,  7, 11, 10,  4, 13,  1,  5,  8, 12,  6,  9,  3,  2, 15 },
+          { 13,  8, 10,  1,  3, 15,  4,  2, 11,  6,  7, 12,  0,  5, 14,  9 }
+        },
+
+        { { 10,  0,  9, 14,  6,  3, 15,  5,  1, 13, 12,  7, 11,  4,  2,  8 },
+          { 13,  7,  0,  9,  3,  4,  6, 10,  2,  8,  5, 14, 12, 11, 15,  1 },
+          { 13,  6,  4,  9,  8, 15,  3,  0, 11,  1,  2, 12,  5, 10, 14,  7 },
+          {  1, 10, 13,  0,  6,  9,  8,  7,  4, 15, 14,  3, 11,  5,  2, 12 }
+        },
+
+        { {  7, 13, 14,  3,  0,  6,  9, 10,  1,  2,  8,  5, 11, 12,  4, 15 },
+          { 13,  8, 11,  5,  6, 15,  0,  3,  4,  7,  2, 12,  1, 10, 14,  9 },
+          { 10,  6,  9,  0, 12, 11,  7, 13, 15,  1,  3, 14,  5,  2,  8,  4 },
+          {  3, 15,  0,  6, 10,  1, 13,  8,  9,  4,  5, 11, 12,  7,  2, 14 }
+        },
+
+        { {  2, 12,  4,  1,  7, 10, 11,  6,  8,  5,  3, 15, 13,  0, 14,  9 },
+          { 14, 11,  2, 12,  4,  7, 13,  1,  5,  0, 15, 10,  3,  9,  8,  6 },
+          {  4,  2,  1, 11, 10, 13,  7,  8, 15,  9, 12,  5,  6,  3,  0, 14 },
+          { 11,  8, 12,  7,  1, 14,  2, 13,  6, 15,  0,  9, 10,  4,  5,  3 }
+        },
+
+        { { 12,  1, 10, 15,  9,  2,  6,  8,  0, 13,  3,  4, 14,  7,  5, 11 },
+          { 10, 15,  4,  2,  7, 12,  9,  5,  6,  1, 13, 14,  0, 11,  3,  8 },
+          {  9, 14, 15,  5,  2,  8, 12,  3,  7,  0,  4, 10,  1, 13, 11,  6 },
+          {  4,  3,  2, 12,  9,  5, 15, 10, 11, 14,  1,  7,  6,  0,  8, 13 }
+        },
+
+        { {  4, 11,  2, 14, 15,  0,  8, 13,  3, 12,  9,  7,  5, 10,  6,  1 },
+          { 13,  0, 11,  7,  4,  9,  1, 10, 14,  3,  5, 12,  2, 15,  8,  6 },
+          {  1,  4, 11, 13, 12,  3,  7, 14, 10, 15,  6,  8,  0,  5,  9,  2 },
+          {  6, 11, 13,  8,  1,  4, 10,  7,  9,  5,  0, 15, 14,  2,  3, 12 }
+        },
+
+        { { 13,  2,  8,  4,  6, 15, 11,  1, 10,  9,  3, 14,  5,  0, 12,  7 },
+          {  1, 15, 13,  8, 10,  3,  7,  4, 12,  5,  6, 11,  0, 14,  9,  2 },
+          {  7, 11,  4,  1,  9, 12, 14,  2,  0,  6, 10, 13, 15,  3,  5,  8 },
+          {  2,  1, 14,  7,  4, 10,  8, 13, 15, 12,  9,  0,  3,  5,  6, 11 }
+        }
+};
+
+/* 
+ * This is the final 
+ * permutation matrix
+ */
+static int final_perm[64] = {
+  40,  8, 48, 16, 56, 24, 64, 32, 39,  7, 47, 15, 55, 23, 63, 31,
+  38,  6, 46, 14, 54, 22, 62, 30, 37,  5, 45, 13, 53, 21, 61, 29,
+  36,  4, 44, 12, 52, 20, 60, 28, 35,  3, 43, 11, 51, 19, 59, 27,
+  34,  2, 42, 10, 50, 18, 58, 26, 33,  1, 41,  9, 49, 17, 57, 25
+};
+
+/* 
+ * The 16 DES keys in BITMASK format 
+ */
+#ifdef _UFC_32_
+long32 _ufc_keytab[16][2];
+#endif
+
+#ifdef _UFC_64_
+long64 _ufc_keytab[16];
+#endif
+
+
+#define ascii_to_bin(c) ((c)>='a'?(c-59):(c)>='A'?((c)-53):(c)-'.')
+#define bin_to_ascii(c) ((c)>=38?((c)-38+'a'):(c)>=12?((c)-12+'A'):(c)+'.')
+
+/* Macro to set a bit (0..23) */
+#define BITMASK(i) ( (1<<(11-(i)%12+3)) << ((i)<12?16:0) )
+
+/*
+ * sb arrays:
+ *
+ * Workhorses of the inner loop of the DES implementation.
+ * They do sbox lookup, shifting of this  value, 32 bit
+ * permutation and E permutation for the next round.
+ *
+ * Kept in 'BITMASK' format.
+ */
+
+#ifdef _UFC_32_
+long32 _ufc_sb0[8192], _ufc_sb1[8192], _ufc_sb2[8192], _ufc_sb3[8192];
+static long32 *sb[4] = {_ufc_sb0, _ufc_sb1, _ufc_sb2, _ufc_sb3}; 
+#endif
+
+#ifdef _UFC_64_
+long64 _ufc_sb0[4096], _ufc_sb1[4096], _ufc_sb2[4096], _ufc_sb3[4096];
+static long64 *sb[4] = {_ufc_sb0, _ufc_sb1, _ufc_sb2, _ufc_sb3}; 
+#endif
+
+/* 
+ * eperm32tab: do 32 bit permutation and E selection
+ *
+ * The first index is the byte number in the 32 bit value to be permuted
+ *  -  second  -   is the value of this byte
+ *  -  third   -   selects the two 32 bit values
+ *
+ * The table is used and generated internally in init_des to speed it up
+ */
+static ufc_long eperm32tab[4][256][2];
+
+/* 
+ * do_pc1: permform pc1 permutation in the key schedule generation.
+ *
+ * The first   index is the byte number in the 8 byte ASCII key
+ *  -  second    -      -    the two 28 bits halfs of the result
+ *  -  third     -   selects the 7 bits actually used of each byte
+ *
+ * The result is kept with 28 bit per 32 bit with the 4 most significant
+ * bits zero.
+ */
+static ufc_long do_pc1[8][2][128];
+
+/*
+ * do_pc2: permform pc2 permutation in the key schedule generation.
+ *
+ * The first   index is the septet number in the two 28 bit intermediate values
+ *  -  second    -    -  -  septet values
+ *
+ * Knowledge of the structure of the pc2 permutation is used.
+ *
+ * The result is kept with 28 bit per 32 bit with the 4 most significant
+ * bits zero.
+ */
+static ufc_long do_pc2[8][128];
+
+/*
+ * efp: undo an extra e selection and do final
+ *      permutation giving the DES result.
+ * 
+ *      Invoked 6 bit a time on two 48 bit values
+ *      giving two 32 bit longs.
+ */
+static ufc_long efp[16][64][2];
+
+static unsigned char bytemask[8]  = {
+  0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01
+};
+
+static ufc_long longmask[32] = {
+  0x80000000, 0x40000000, 0x20000000, 0x10000000,
+  0x08000000, 0x04000000, 0x02000000, 0x01000000,
+  0x00800000, 0x00400000, 0x00200000, 0x00100000,
+  0x00080000, 0x00040000, 0x00020000, 0x00010000,
+  0x00008000, 0x00004000, 0x00002000, 0x00001000,
+  0x00000800, 0x00000400, 0x00000200, 0x00000100,
+  0x00000080, 0x00000040, 0x00000020, 0x00000010,
+  0x00000008, 0x00000004, 0x00000002, 0x00000001
+};
+
+
+/*
+ * Silly rewrite of 'bzero'. I do so
+ * because some machines don't have
+ * bzero and some don't have memset.
+ */
+
+static void clearmem(char *start, int cnt)
+  { while(cnt--)
+      *start++ = '\0';
+  }
+
+static int initialized = 0;
+
+/* lookup a 6 bit value in sbox */
+
+#define s_lookup(i,s) sbox[(i)][(((s)>>4) & 0x2)|((s) & 0x1)][((s)>>1) & 0xf];
+
+/*
+ * Initialize unit - may be invoked directly
+ * by fcrypt users.
+ */
+
+static void ufc_init_des(void)
+  { int comes_from_bit;
+    int bit, sg;
+    ufc_long j;
+    ufc_long mask1, mask2;
+
+    /*
+     * Create the do_pc1 table used
+     * to affect pc1 permutation
+     * when generating keys
+     */
+    for(bit = 0; bit < 56; bit++) {
+      comes_from_bit  = pc1[bit] - 1;
+      mask1 = bytemask[comes_from_bit % 8 + 1];
+      mask2 = longmask[bit % 28 + 4];
+      for(j = 0; j < 128; j++) {
+	if(j & mask1) 
+	  do_pc1[comes_from_bit / 8][bit / 28][j] |= mask2;
+      }
+    }
+
+    /*
+     * Create the do_pc2 table used
+     * to affect pc2 permutation when
+     * generating keys
+     */
+    for(bit = 0; bit < 48; bit++) {
+      comes_from_bit  = pc2[bit] - 1;
+      mask1 = bytemask[comes_from_bit % 7 + 1];
+      mask2 = BITMASK(bit % 24);
+      for(j = 0; j < 128; j++) {
+	if(j & mask1)
+	  do_pc2[comes_from_bit / 7][j] |= mask2;
+      }
+    }
+
+    /* 
+     * Now generate the table used to do combined
+     * 32 bit permutation and e expansion
+     *
+     * We use it because we have to permute 16384 32 bit
+     * longs into 48 bit in order to initialize sb.
+     *
+     * Looping 48 rounds per permutation becomes 
+     * just too slow...
+     *
+     */
+
+    clearmem((char*)eperm32tab, sizeof(eperm32tab));
+
+    for(bit = 0; bit < 48; bit++) {
+      ufc_long inner_mask1,comes_from;
+	
+      comes_from = perm32[esel[bit]-1]-1;
+      inner_mask1      = bytemask[comes_from % 8];
+	
+      for(j = 256; j--;) {
+	if(j & inner_mask1)
+	  eperm32tab[comes_from / 8][j][bit / 24] |= BITMASK(bit % 24);
+      }
+    }
+    
+    /* 
+     * Create the sb tables:
+     *
+     * For each 12 bit segment of an 48 bit intermediate
+     * result, the sb table precomputes the two 4 bit
+     * values of the sbox lookups done with the two 6
+     * bit halves, shifts them to their proper place,
+     * sends them through perm32 and finally E expands
+     * them so that they are ready for the next
+     * DES round.
+     *
+     */
+    for(sg = 0; sg < 4; sg++) {
+      int j1, j2;
+      int s1, s2;
+    
+      for(j1 = 0; j1 < 64; j1++) {
+	s1 = s_lookup(2 * sg, j1);
+	for(j2 = 0; j2 < 64; j2++) {
+	  ufc_long to_permute, inx;
+    
+	  s2         = s_lookup(2 * sg + 1, j2);
+	  to_permute = ((s1 << 4)  | s2) << (24 - 8 * sg);
+
+#ifdef _UFC_32_
+	  inx = ((j1 << 6)  | j2) << 1;
+	  sb[sg][inx  ]  = eperm32tab[0][(to_permute >> 24) & 0xff][0];
+	  sb[sg][inx+1]  = eperm32tab[0][(to_permute >> 24) & 0xff][1];
+	  sb[sg][inx  ] |= eperm32tab[1][(to_permute >> 16) & 0xff][0];
+	  sb[sg][inx+1] |= eperm32tab[1][(to_permute >> 16) & 0xff][1];
+  	  sb[sg][inx  ] |= eperm32tab[2][(to_permute >>  8) & 0xff][0];
+	  sb[sg][inx+1] |= eperm32tab[2][(to_permute >>  8) & 0xff][1];
+	  sb[sg][inx  ] |= eperm32tab[3][(to_permute)       & 0xff][0];
+	  sb[sg][inx+1] |= eperm32tab[3][(to_permute)       & 0xff][1];
+#endif
+#ifdef _UFC_64_
+	  inx = ((j1 << 6)  | j2);
+	  sb[sg][inx]  = 
+	    ((long64)eperm32tab[0][(to_permute >> 24) & 0xff][0] << 32) |
+	     (long64)eperm32tab[0][(to_permute >> 24) & 0xff][1];
+	  sb[sg][inx] |=
+	    ((long64)eperm32tab[1][(to_permute >> 16) & 0xff][0] << 32) |
+	     (long64)eperm32tab[1][(to_permute >> 16) & 0xff][1];
+  	  sb[sg][inx] |= 
+	    ((long64)eperm32tab[2][(to_permute >>  8) & 0xff][0] << 32) |
+	     (long64)eperm32tab[2][(to_permute >>  8) & 0xff][1];
+	  sb[sg][inx] |=
+	    ((long64)eperm32tab[3][(to_permute)       & 0xff][0] << 32) |
+	     (long64)eperm32tab[3][(to_permute)       & 0xff][1];
+#endif
+	}
+      }
+    }  
+
+    /* 
+     * Create an inverse matrix for esel telling
+     * where to plug out bits if undoing it
+     */
+    for(bit=48; bit--;) {
+      e_inverse[esel[bit] - 1     ] = bit;
+      e_inverse[esel[bit] - 1 + 32] = bit + 48;
+    }
+
+    /* 
+     * create efp: the matrix used to
+     * undo the E expansion and effect final permutation
+     */
+    clearmem((char*)efp, sizeof efp);
+    for(bit = 0; bit < 64; bit++) {
+      int o_bit, o_long;
+      ufc_long word_value, inner_mask1, inner_mask2;
+      int comes_from_f_bit, comes_from_e_bit;
+      int comes_from_word, bit_within_word;
+
+      /* See where bit i belongs in the two 32 bit long's */
+      o_long = bit / 32; /* 0..1  */
+      o_bit  = bit % 32; /* 0..31 */
+
+      /* 
+       * And find a bit in the e permutated value setting this bit.
+       *
+       * Note: the e selection may have selected the same bit several
+       * times. By the initialization of e_inverse, we only look
+       * for one specific instance.
+       */
+      comes_from_f_bit = final_perm[bit] - 1;         /* 0..63 */
+      comes_from_e_bit = e_inverse[comes_from_f_bit]; /* 0..95 */
+      comes_from_word  = comes_from_e_bit / 6;        /* 0..15 */
+      bit_within_word  = comes_from_e_bit % 6;        /* 0..5  */
+
+      inner_mask1 = longmask[bit_within_word + 26];
+      inner_mask2 = longmask[o_bit];
+
+      for(word_value = 64; word_value--;) {
+	if(word_value & inner_mask1)
+	  efp[comes_from_word][word_value][o_long] |= inner_mask2;
+      }
+    }
+    initialized++;
+  }
+
+/* 
+ * Process the elements of the sb table permuting the
+ * bits swapped in the expansion by the current salt.
+ */
+
+#ifdef _UFC_32_
+static void shuffle_sb(long32 *k, ufc_long saltbits)
+  { ufc_long j;
+    long32 x;
+    for(j=4096; j--;) {
+      x = (k[0] ^ k[1]) & (long32)saltbits;
+      *k++ ^= x;
+      *k++ ^= x;
+    }
+  }
+#endif
+
+#ifdef _UFC_64_
+static void shuffle_sb(long64 *k, ufc_long saltbits)
+  { ufc_long j;
+    long64 x;
+    for(j=4096; j--;) {
+      x = ((*k >> 32) ^ *k) & (long64)saltbits;
+      *k++ ^= (x << 32) | x;
+    }
+  }
+#endif
+
+/* 
+ * Setup the unit for a new salt
+ * Hopefully we'll not see a new salt in each crypt call.
+ */
+
+static unsigned char current_salt[3] = "&&"; /* invalid value */
+static ufc_long current_saltbits = 0;
+static int direction = 0;
+
+static void setup_salt(const char *s1)
+  { ufc_long i, j, saltbits;
+    const unsigned char *s2 = (const unsigned char *)s1;
+
+    if(!initialized)
+      ufc_init_des();
+
+    if(s2[0] == current_salt[0] && s2[1] == current_salt[1])
+      return;
+    current_salt[0] = s2[0]; current_salt[1] = s2[1];
+
+    /* 
+     * This is the only crypt change to DES:
+     * entries are swapped in the expansion table
+     * according to the bits set in the salt.
+     */
+    saltbits = 0;
+    for(i = 0; i < 2; i++) {
+      long c=ascii_to_bin(s2[i]);
+      if(c < 0 || c > 63)
+	c = 0;
+      for(j = 0; j < 6; j++) {
+	if((c >> j) & 0x1)
+	  saltbits |= BITMASK(6 * i + j);
+      }
+    }
+
+    /*
+     * Permute the sb table values
+     * to reflect the changed e
+     * selection table
+     */
+    shuffle_sb(_ufc_sb0, current_saltbits ^ saltbits); 
+    shuffle_sb(_ufc_sb1, current_saltbits ^ saltbits);
+    shuffle_sb(_ufc_sb2, current_saltbits ^ saltbits);
+    shuffle_sb(_ufc_sb3, current_saltbits ^ saltbits);
+
+    current_saltbits = saltbits;
+  }
+
+static void ufc_mk_keytab(char *key)
+  { ufc_long v1, v2, *k1;
+    int i;
+#ifdef _UFC_32_
+    long32 v, *k2 = &_ufc_keytab[0][0];
+#endif
+#ifdef _UFC_64_
+    long64 v, *k2 = &_ufc_keytab[0];
+#endif
+
+    v1 = v2 = 0; k1 = &do_pc1[0][0][0];
+    for(i = 8; i--;) {
+      v1 |= k1[*key   & 0x7f]; k1 += 128;
+      v2 |= k1[*key++ & 0x7f]; k1 += 128;
+    }
+
+    for(i = 0; i < 16; i++) {
+      k1 = &do_pc2[0][0];
+
+      v1 = (v1 << rots[i]) | (v1 >> (28 - rots[i]));
+      v  = k1[(v1 >> 21) & 0x7f]; k1 += 128;
+      v |= k1[(v1 >> 14) & 0x7f]; k1 += 128;
+      v |= k1[(v1 >>  7) & 0x7f]; k1 += 128;
+      v |= k1[(v1      ) & 0x7f]; k1 += 128;
+
+#ifdef _UFC_32_
+      *k2++ = v;
+      v = 0;
+#endif
+#ifdef _UFC_64_
+      v <<= 32;
+#endif
+
+      v2 = (v2 << rots[i]) | (v2 >> (28 - rots[i]));
+      v |= k1[(v2 >> 21) & 0x7f]; k1 += 128;
+      v |= k1[(v2 >> 14) & 0x7f]; k1 += 128;
+      v |= k1[(v2 >>  7) & 0x7f]; k1 += 128;
+      v |= k1[(v2      ) & 0x7f];
+
+      *k2++ = v;
+    }
+
+    direction = 0;
+  }
+
+/* 
+ * Undo an extra E selection and do final permutations
+ */
+
+ufc_long *_ufc_dofinalperm(ufc_long l1, ufc_long l2, ufc_long r1, ufc_long r2)
+  { ufc_long v1, v2, x;
+    static ufc_long ary[2];
+
+    x = (l1 ^ l2) & current_saltbits; l1 ^= x; l2 ^= x;
+    x = (r1 ^ r2) & current_saltbits; r1 ^= x; r2 ^= x;
+
+    v1=v2=0; l1 >>= 3; l2 >>= 3; r1 >>= 3; r2 >>= 3;
+
+    v1 |= efp[15][ r2         & 0x3f][0]; v2 |= efp[15][ r2 & 0x3f][1];
+    v1 |= efp[14][(r2 >>= 6)  & 0x3f][0]; v2 |= efp[14][ r2 & 0x3f][1];
+    v1 |= efp[13][(r2 >>= 10) & 0x3f][0]; v2 |= efp[13][ r2 & 0x3f][1];
+    v1 |= efp[12][(r2 >>= 6)  & 0x3f][0]; v2 |= efp[12][ r2 & 0x3f][1];
+
+    v1 |= efp[11][ r1         & 0x3f][0]; v2 |= efp[11][ r1 & 0x3f][1];
+    v1 |= efp[10][(r1 >>= 6)  & 0x3f][0]; v2 |= efp[10][ r1 & 0x3f][1];
+    v1 |= efp[ 9][(r1 >>= 10) & 0x3f][0]; v2 |= efp[ 9][ r1 & 0x3f][1];
+    v1 |= efp[ 8][(r1 >>= 6)  & 0x3f][0]; v2 |= efp[ 8][ r1 & 0x3f][1];
+
+    v1 |= efp[ 7][ l2         & 0x3f][0]; v2 |= efp[ 7][ l2 & 0x3f][1];
+    v1 |= efp[ 6][(l2 >>= 6)  & 0x3f][0]; v2 |= efp[ 6][ l2 & 0x3f][1];
+    v1 |= efp[ 5][(l2 >>= 10) & 0x3f][0]; v2 |= efp[ 5][ l2 & 0x3f][1];
+    v1 |= efp[ 4][(l2 >>= 6)  & 0x3f][0]; v2 |= efp[ 4][ l2 & 0x3f][1];
+
+    v1 |= efp[ 3][ l1         & 0x3f][0]; v2 |= efp[ 3][ l1 & 0x3f][1];
+    v1 |= efp[ 2][(l1 >>= 6)  & 0x3f][0]; v2 |= efp[ 2][ l1 & 0x3f][1];
+    v1 |= efp[ 1][(l1 >>= 10) & 0x3f][0]; v2 |= efp[ 1][ l1 & 0x3f][1];
+    v1 |= efp[ 0][(l1 >>= 6)  & 0x3f][0]; v2 |= efp[ 0][ l1 & 0x3f][1];
+
+    ary[0] = v1; ary[1] = v2;
+    return ary;
+  }
+
+/* 
+ * crypt only: convert from 64 bit to 11 bit ASCII 
+ * prefixing with the salt
+ */
+
+static char *output_conversion(ufc_long v1, ufc_long v2, const char *salt)
+  { static char outbuf[14];
+    int i, s;
+
+    outbuf[0] = salt[0];
+    outbuf[1] = salt[1] ? salt[1] : salt[0];
+
+    for(i = 0; i < 5; i++)
+      outbuf[i + 2] = bin_to_ascii((v1 >> (26 - 6 * i)) & 0x3f);
+
+    s  = (v2 & 0xf) << 2;
+    v2 = (v2 >> 2) | ((v1 & 0x3) << 30);
+
+    for(i = 5; i < 10; i++)
+      outbuf[i + 2] = bin_to_ascii((v2 >> (56 - 6 * i)) & 0x3f);
+
+    outbuf[12] = bin_to_ascii(s);
+    outbuf[13] = 0;
+
+    return outbuf;
+  }
+
+/* 
+ * UNIX crypt function
+ */
+
+static ufc_long *_ufc_doit(ufc_long , ufc_long, ufc_long, ufc_long, ufc_long);
+   
+char *ufc_crypt(const char *key,const char *salt)
+  { ufc_long *s;
+    char ktab[9];
+
+    /*
+     * Hack DES tables according to salt
+     */
+    setup_salt(salt);
+
+    /*
+     * Setup key schedule
+     */
+    clearmem(ktab, sizeof ktab);
+    strncpy(ktab, key, 8);
+    ufc_mk_keytab(ktab);
+
+    /*
+     * Go for the 25 DES encryptions
+     */
+    s = _ufc_doit((ufc_long)0, (ufc_long)0, 
+		  (ufc_long)0, (ufc_long)0, (ufc_long)25);
+
+    /*
+     * And convert back to 6 bit ASCII
+     */
+    return output_conversion(s[0], s[1], salt);
+  }
+
+
+#ifdef _UFC_32_
+
+/*
+ * 32 bit version
+ */
+
+extern long32 _ufc_keytab[16][2];
+extern long32 _ufc_sb0[], _ufc_sb1[], _ufc_sb2[], _ufc_sb3[];
+
+#define SBA(sb, v) (*(long32*)((char*)(sb)+(v)))
+
+static ufc_long *_ufc_doit(ufc_long l1, ufc_long l2, ufc_long r1, ufc_long r2, ufc_long itr)
+  { int i;
+    long32 s, *k;
+
+    while(itr--) {
+      k = &_ufc_keytab[0][0];
+      for(i=8; i--; ) {
+	s = *k++ ^ r1;
+	l1 ^= SBA(_ufc_sb1, s & 0xffff); l2 ^= SBA(_ufc_sb1, (s & 0xffff)+4);  
+        l1 ^= SBA(_ufc_sb0, s >>= 16);   l2 ^= SBA(_ufc_sb0, (s)         +4); 
+        s = *k++ ^ r2; 
+        l1 ^= SBA(_ufc_sb3, s & 0xffff); l2 ^= SBA(_ufc_sb3, (s & 0xffff)+4);
+        l1 ^= SBA(_ufc_sb2, s >>= 16);   l2 ^= SBA(_ufc_sb2, (s)         +4);
+
+        s = *k++ ^ l1; 
+        r1 ^= SBA(_ufc_sb1, s & 0xffff); r2 ^= SBA(_ufc_sb1, (s & 0xffff)+4);  
+        r1 ^= SBA(_ufc_sb0, s >>= 16);   r2 ^= SBA(_ufc_sb0, (s)         +4); 
+        s = *k++ ^ l2; 
+        r1 ^= SBA(_ufc_sb3, s & 0xffff); r2 ^= SBA(_ufc_sb3, (s & 0xffff)+4);  
+        r1 ^= SBA(_ufc_sb2, s >>= 16);   r2 ^= SBA(_ufc_sb2, (s)         +4);
+      } 
+      s=l1; l1=r1; r1=s; s=l2; l2=r2; r2=s;
+    }
+    return _ufc_dofinalperm(l1, l2, r1, r2);
+  }
+
+#endif
+
+#ifdef _UFC_64_
+
+/*
+ * 64 bit version
+ */
+
+extern long64 _ufc_keytab[16];
+extern long64 _ufc_sb0[], _ufc_sb1[], _ufc_sb2[], _ufc_sb3[];
+
+#define SBA(sb, v) (*(long64*)((char*)(sb)+(v)))
+
+static ufc_long *_ufc_doit(ufc_long l1, ufc_long l2, ufc_long r1, ufc_long r2, ufc_long itr)
+  { int i;
+    long64 l, r, s, *k;
+
+    l = (((long64)l1) << 32) | ((long64)l2);
+    r = (((long64)r1) << 32) | ((long64)r2);
+
+    while(itr--) {
+      k = &_ufc_keytab[0];
+      for(i=8; i--; ) {
+	s = *k++ ^ r;
+	l ^= SBA(_ufc_sb3, (s >>  0) & 0xffff);
+        l ^= SBA(_ufc_sb2, (s >> 16) & 0xffff);
+        l ^= SBA(_ufc_sb1, (s >> 32) & 0xffff);
+        l ^= SBA(_ufc_sb0, (s >> 48) & 0xffff);
+
+	s = *k++ ^ l;
+	r ^= SBA(_ufc_sb3, (s >>  0) & 0xffff);
+        r ^= SBA(_ufc_sb2, (s >> 16) & 0xffff);
+        r ^= SBA(_ufc_sb1, (s >> 32) & 0xffff);
+        r ^= SBA(_ufc_sb0, (s >> 48) & 0xffff);
+      } 
+      s=l; l=r; r=s;
+    }
+
+    l1 = l >> 32; l2 = l & 0xffffffff;
+    r1 = r >> 32; r2 = r & 0xffffffff;
+    return _ufc_dofinalperm(l1, l2, r1, r2);
+  }
+
+#endif
+
+#define crypt ufc_crypt
+#endif
+
+main()
+{
+	char passwd[9];
+	char salt[9];
+	char c_out1[256];
+	char c_out2[256];
+
+	char expected_out[14];
+
+	strcpy(expected_out, "12yJ.Of/NQ.Pk");
+	strcpy(passwd, "12345678");
+	strcpy(salt, "12345678");
+	
+	strcpy(c_out1, crypt(passwd, salt));
+	salt[2] = '\0';
+	strcpy(c_out2, crypt(passwd, salt));
+
+	/*
+	 * If the non-trucated salt fails but the
+	 * truncated salt succeeds then exit 1.
+	 */
+
+	if((strcmp(c_out1, expected_out) != 0) && 
+		(strcmp(c_out2, expected_out) == 0))
+		exit(1);
+
+#ifdef HAVE_BIGCRYPT
+	/*
+	 * Try the same with bigcrypt...
+	 */
+
+	{
+		char big_passwd[17];
+		char big_salt[17];
+		char big_c_out1[256];
+		char big_c_out2[256];
+		char big_expected_out[27];
+
+		strcpy(big_passwd, "1234567812345678");
+		strcpy(big_salt, "1234567812345678");
+		strcpy(big_expected_out, "12yJ.Of/NQ.PklfyCuHi/rwM");
+
+		strcpy(big_c_out1, bigcrypt(big_passwd, big_salt));
+		big_salt[2] = '\0';
+		strcpy(big_c_out2, bigcrypt(big_passwd, big_salt));
+
+		/*
+		 * If the non-trucated salt fails but the
+		 * truncated salt succeeds then exit 1.
+		 */
+
+		if((strcmp(big_c_out1, big_expected_out) != 0) && 
+			(strcmp(big_c_out2, big_expected_out) == 0))
+			exit(1);
+
+	}
+#endif
+
+	exit(0);
+}
diff --git a/source3/tests/fcntl_lock.c b/source3/tests/fcntl_lock.c
new file mode 100644
index 0000000000..3dc12a3897
--- /dev/null
+++ b/source3/tests/fcntl_lock.c
@@ -0,0 +1,121 @@
+/* test whether fcntl locking works on this system */
+
+#if defined(HAVE_UNISTD_H)
+#include <unistd.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/types.h>
+
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+
+#ifdef HAVE_SYS_FCNTL_H
+#include <sys/fcntl.h>
+#endif
+
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+
+#include <errno.h>
+
+static int sys_waitpid(pid_t pid,int *status,int options)
+{
+#ifdef HAVE_WAITPID
+  return waitpid(pid,status,options);
+#else /* USE_WAITPID */
+  return wait4(pid, status, options, NULL);
+#endif /* USE_WAITPID */
+}
+
+#define DATA "conftest.fcntl"
+
+#ifndef SEEK_SET
+#define SEEK_SET 0
+#endif
+
+/* lock a byte range in a open file */
+int main(int argc, char *argv[])
+{
+	struct flock lock;
+	int fd, ret, status=1;
+	pid_t pid;
+	char *testdir = NULL;
+
+	testdir = getenv("TESTDIR");
+	if (testdir) chdir(testdir);
+
+	alarm(10);
+
+	if (!(pid=fork())) {
+		sleep(2);
+		fd = open(DATA, O_RDONLY);
+
+		if (fd == -1) {
+			fprintf(stderr,"ERROR: failed to open %s (errno=%d)\n", 
+				DATA, (int)errno);
+			exit(1);
+		}
+
+		lock.l_type = F_WRLCK;
+		lock.l_whence = SEEK_SET;
+		lock.l_start = 0;
+		lock.l_len = 4;
+		lock.l_pid = getpid();
+		
+		lock.l_type = F_WRLCK;
+		
+		/* check if a lock applies */
+		ret = fcntl(fd,F_GETLK,&lock);
+
+		if ((ret == -1) ||
+		    (lock.l_type == F_UNLCK)) {
+			fprintf(stderr,"ERROR: lock test failed (ret=%d errno=%d)\n", ret, (int)errno);
+			exit(1);
+		} else {
+			exit(0);
+		}
+	}
+
+	unlink(DATA);
+	fd = open(DATA, O_RDWR|O_CREAT|O_EXCL, 0600);
+
+	if (fd == -1) {
+		fprintf(stderr,"ERROR: failed to open %s (errno=%d)\n", 
+			DATA, (int)errno);
+		exit(1);
+	}
+
+	lock.l_type = F_WRLCK;
+	lock.l_whence = SEEK_SET;
+	lock.l_start = 0;
+	lock.l_len = 4;
+	lock.l_pid = getpid();
+
+	/* set a 4 byte write lock */
+	fcntl(fd,F_SETLK,&lock);
+
+	sys_waitpid(pid, &status, 0);
+
+	unlink(DATA);
+
+#if defined(WIFEXITED) && defined(WEXITSTATUS)
+    if(WIFEXITED(status)) {
+        status = WEXITSTATUS(status);
+    } else {
+        status = 1;
+    }
+#else /* defined(WIFEXITED) && defined(WEXITSTATUS) */
+	status = (status == 0) ? 0 : 1;
+#endif /* defined(WIFEXITED) && defined(WEXITSTATUS) */
+
+	if (status) {
+		fprintf(stderr,"ERROR: lock test failed with status=%d\n", 
+			status);
+	}
+
+	exit(status);
+}
diff --git a/source3/tests/fcntl_lock64.c b/source3/tests/fcntl_lock64.c
new file mode 100644
index 0000000000..e5ecd88fd0
--- /dev/null
+++ b/source3/tests/fcntl_lock64.c
@@ -0,0 +1,96 @@
+/* test whether 64 bit fcntl locking really works on this system */
+
+#if defined(HAVE_UNISTD_H)
+#include <unistd.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/types.h>
+
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+
+#ifdef HAVE_SYS_FCNTL_H
+#include <sys/fcntl.h>
+#endif
+
+#include <errno.h>
+
+static int sys_waitpid(pid_t pid,int *status,int options)
+{
+#ifdef HAVE_WAITPID
+  return waitpid(pid,status,options);
+#else /* USE_WAITPID */
+  return wait4(pid, status, options, NULL);
+#endif /* USE_WAITPID */
+}
+
+#define DATA "conftest.fcntl64"
+
+/* lock a byte range in a open file */
+int main(int argc, char *argv[])
+{
+	struct flock64 lock;
+	int fd, ret, status=1;
+	pid_t pid;
+
+	if (!(pid=fork())) {
+		sleep(2);
+		fd = open64(DATA, O_RDONLY);
+
+		if (fd == -1) exit(1);
+
+		lock.l_type = F_WRLCK;
+		lock.l_whence = SEEK_SET;
+		lock.l_start = 0;
+		lock.l_len = 4;
+		lock.l_pid = getpid();
+		
+		lock.l_type = F_WRLCK;
+		
+		/* check if a lock applies */
+		ret = fcntl(fd,F_GETLK64,&lock);
+
+		if ((ret == -1) ||
+		    (lock.l_type == F_UNLCK)) {
+/*            printf("No lock conflict\n"); */
+			exit(1);
+		} else {
+/*            printf("lock conflict\n"); */
+			exit(0);
+		}
+	}
+
+	fd = open64(DATA, O_RDWR|O_CREAT|O_TRUNC, 0600);
+
+	lock.l_type = F_WRLCK;
+	lock.l_whence = SEEK_SET;
+#if defined(COMPILER_SUPPORTS_LL)
+	lock.l_start = 0x100000000LL;
+#else
+	lock.l_start = 0x100000000;
+#endif
+	lock.l_len = 4;
+	lock.l_pid = getpid();
+
+	/* set a 4 byte write lock */
+	fcntl(fd,F_SETLK64,&lock);
+
+	sys_waitpid(pid, &status, 0);
+
+#if defined(WIFEXITED) && defined(WEXITSTATUS)
+	if(WIFEXITED(status)) {
+		status = WEXITSTATUS(status);
+	} else {
+		status = 1;
+	}
+#else /* defined(WIFEXITED) && defined(WEXITSTATUS) */
+	status = (status == 0) ? 0 : 1;
+#endif /* defined(WIFEXITED) && defined(WEXITSTATUS) */
+
+	unlink(DATA);
+
+	exit(status);
+}
diff --git a/source3/tests/ftruncate.c b/source3/tests/ftruncate.c
new file mode 100644
index 0000000000..93282782ee
--- /dev/null
+++ b/source3/tests/ftruncate.c
@@ -0,0 +1,27 @@
+/* test whether ftruncte() can extend a file */
+
+#if defined(HAVE_UNISTD_H)
+#include <unistd.h>
+#endif
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
+#define DATA "conftest.trunc"
+#define LEN 7663
+
+main()
+{
+	int *buf;
+	int fd = open(DATA,O_RDWR|O_CREAT|O_TRUNC,0666);
+
+	ftruncate(fd, LEN);
+
+	unlink(DATA);
+
+	if (lseek(fd, 0, SEEK_END) == LEN) {
+		exit(0);
+	}
+	exit(1);
+}
diff --git a/source3/tests/getgroups.c b/source3/tests/getgroups.c
new file mode 100644
index 0000000000..343fd5a184
--- /dev/null
+++ b/source3/tests/getgroups.c
@@ -0,0 +1,66 @@
+/* this tests whether getgroups actually returns lists of integers
+   rather than gid_t. The test only works if the user running
+   the test is in at least 1 group 
+
+   The test is designed to check for those broken OSes that define
+   getgroups() as returning an array of gid_t but actually return a
+   array of ints! Ultrix is one culprit
+  */
+
+#if defined(HAVE_UNISTD_H)
+#include <unistd.h>
+#endif
+
+#include <sys/types.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <grp.h>
+
+main()
+{
+	int i;
+	int *igroups;
+	char *cgroups;
+	int grp = 0;
+	int  ngroups = getgroups(0,&grp);
+
+	if (sizeof(gid_t) == sizeof(int)) {
+		fprintf(stderr,"gid_t and int are the same size\n");
+		exit(1);
+	}
+
+	if (ngroups <= 0)
+		ngroups = 32;
+
+	igroups = (int *)malloc(sizeof(int)*ngroups);
+
+	for (i=0;i<ngroups;i++)
+		igroups[i] = 0x42424242;
+
+	ngroups = getgroups(ngroups,(gid_t *)igroups);
+
+	if (igroups[0] == 0x42424242)
+		ngroups = 0;
+
+	if (ngroups == 0) {
+		printf("WARNING: can't determine getgroups return type\n");
+		exit(1);
+	}
+	
+	cgroups = (char *)igroups;
+
+	if (ngroups == 1 && 
+	    cgroups[2] == 0x42 && cgroups[3] == 0x42) {
+		fprintf(stderr,"getgroups returns gid_t\n");
+		exit(1);
+	}
+	  
+	for (i=0;i<ngroups;i++) {
+		if (igroups[i] == 0x42424242) {
+			fprintf(stderr,"getgroups returns gid_t\n");
+			exit(1);
+		}
+	}
+
+	exit(0);
+}
diff --git a/source3/tests/shared_mmap.c b/source3/tests/shared_mmap.c
new file mode 100644
index 0000000000..fcef75d0d6
--- /dev/null
+++ b/source3/tests/shared_mmap.c
@@ -0,0 +1,68 @@
+/* this tests whether we can use a shared writeable mmap on a file -
+   as needed for the mmap varient of FAST_SHARE_MODES */
+
+#if defined(HAVE_UNISTD_H)
+#include <unistd.h>
+#endif
+#include <sys/mman.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
+#define DATA "conftest.mmap"
+
+#ifndef MAP_FILE
+#define MAP_FILE 0
+#endif
+
+main()
+{
+	int *buf;
+	int i; 
+	int fd = open(DATA,O_RDWR|O_CREAT|O_TRUNC,0666);
+	int count=7;
+
+	if (fd == -1) exit(1);
+
+	for (i=0;i<10000;i++) {
+		write(fd,&i,sizeof(i));
+	}
+
+	close(fd);
+
+	if (fork() == 0) {
+		fd = open(DATA,O_RDWR);
+		if (fd == -1) exit(1);
+
+		buf = (int *)mmap(NULL, 10000*sizeof(int), 
+				   (PROT_READ | PROT_WRITE), 
+				   MAP_FILE | MAP_SHARED, 
+				   fd, 0);
+
+		while (count-- && buf[9124] != 55732) sleep(1);
+
+		if (count <= 0) exit(1);
+
+		buf[1763] = 7268;
+		exit(0);
+	}
+
+	fd = open(DATA,O_RDWR);
+	if (fd == -1) exit(1);
+
+	buf = (int *)mmap(NULL, 10000*sizeof(int), 
+			   (PROT_READ | PROT_WRITE), 
+			   MAP_FILE | MAP_SHARED, 
+			   fd, 0);
+
+	if (buf == (int *)-1) exit(1);
+
+	buf[9124] = 55732;
+
+	while (count-- && buf[1763] != 7268) sleep(1);
+
+	unlink(DATA);
+		
+	if (count > 0) exit(0);
+	exit(1);
+}
diff --git a/source3/tests/shlib.c b/source3/tests/shlib.c
new file mode 100644
index 0000000000..761d9fd5c5
--- /dev/null
+++ b/source3/tests/shlib.c
@@ -0,0 +1,6 @@
+/* a trivial function used to test building shared libraries */
+
+int foo(void)
+{
+	return 1;
+}
diff --git a/source3/tests/summary.c b/source3/tests/summary.c
new file mode 100644
index 0000000000..79a530b013
--- /dev/null
+++ b/source3/tests/summary.c
@@ -0,0 +1,30 @@
+#include <stdio.h>
+
+main()
+{
+#if !(defined(HAVE_FCNTL_LOCK) || defined(HAVE_STRUCT_FLOCK64))
+	printf("ERROR: No locking available. Running Samba would be unsafe\n");
+	exit(1);
+#endif
+
+#if !(defined(HAVE_IFACE_IFCONF) || defined(HAVE_IFACE_IFREQ) || defined(HAVE_IFACE_AIX))
+	printf("WARNING: No automated network interface determination\n");
+#endif
+
+#if !(defined(USE_SETEUID) || defined(USE_SETREUID) || defined(USE_SETRESUID) || defined(USE_SETUIDX))
+	printf("ERROR: no seteuid method available\n");
+	exit(1);
+#endif
+
+#if !(defined(STAT_STATVFS) || defined(STAT_STATVFS64) || defined(STAT_STATFS3_OSF1) || defined(STAT_STATFS2_BSIZE) || defined(STAT_STATFS4) || defined(STAT_STATFS2_FSIZE) || defined(STAT_STATFS2_FS_DATA))
+	printf("ERROR: No disk free routine!\n");
+	exit(1);
+#endif
+
+#if !((defined(HAVE_RANDOM) || defined(HAVE_RAND)) && (defined(HAVE_SRANDOM) || defined(HAVE_SRAND)))
+    printf("ERROR: No random or srandom routine!\n");
+    exit(1);
+#endif
+
+	exit(0);
+}
diff --git a/source3/tests/trivial.c b/source3/tests/trivial.c
new file mode 100644
index 0000000000..2723637a0f
--- /dev/null
+++ b/source3/tests/trivial.c
@@ -0,0 +1,4 @@
+main()
+{
+	exit(0);
+}
diff --git a/source3/tests/unixsock.c b/source3/tests/unixsock.c
new file mode 100644
index 0000000000..f2765d68f6
--- /dev/null
+++ b/source3/tests/unixsock.c
@@ -0,0 +1,93 @@
+/* -*- c-file-style: "linux" -*-
+ *
+ * Try creating a Unix-domain socket, opening it, and reading from it.
+ * The POSIX name for these is AF_LOCAL/PF_LOCAL.
+ *
+ * This is used by the Samba autoconf scripts to detect systems which
+ * don't have Unix-domain sockets, such as (probably) VMS, or systems
+ * on which they are broken under some conditions, such as RedHat 7.0
+ * (unpatched).  We can't build WinBind there at the moment.
+ *
+ * Coding standard says to always use exit() for this, not return, so
+ * we do.
+ *
+ * Martin Pool <mbp@samba.org>, June 2000. */
+
+/* TODO: Look for AF_LOCAL (most standard), AF_UNIX, and AF_FILE. */
+
+#include <stdio.h>
+
+#ifdef HAVE_SYS_SOCKET_H
+#  include <sys/socket.h>
+#endif
+
+#ifdef HAVE_SYS_UN_H
+#  include <sys/un.h>
+#endif
+
+#ifdef HAVE_SYS_TYPES_H
+#  include <sys/types.h>
+#endif
+
+#if HAVE_SYS_WAIT_H
+# include <sys/wait.h>
+#endif
+
+#if HAVE_ERRNO_DECL
+# include <errno.h>
+#else
+extern int errno;
+#endif
+
+static int bind_socket(char const *filename)
+{
+	int sock_fd;
+	struct sockaddr_un name;
+	size_t size;
+	
+	/* Create the socket. */
+	if ((sock_fd = socket(PF_LOCAL, SOCK_STREAM, 0)) < 0) {
+		perror ("socket(PF_LOCAL, SOCK_STREAM)");
+		exit(1);
+	}
+     
+	/* Bind a name to the socket. */
+	name.sun_family = AF_LOCAL;
+	strncpy(name.sun_path, filename, sizeof (name.sun_path));
+     
+       /* The size of the address is
+          the offset of the start of the filename,
+          plus its length,
+          plus one for the terminating null byte.
+          Alternatively you can just do:
+          size = SUN_LEN (&name);
+      */
+	size = SUN_LEN(&name);
+	/* XXX: This probably won't work on unfriendly libcs */
+     
+	if (bind(sock_fd, (struct sockaddr *) &name, size) < 0) {
+		perror ("bind");
+		exit(1);
+	}
+
+	return sock_fd;
+}
+
+
+int main(void)
+{
+	int sock_fd;
+	int kid;
+	char const *filename = "conftest.unixsock.sock";
+
+	/* abolish hanging */
+	alarm(15);		/* secs */
+
+	if ((sock_fd = bind_socket(filename)) < 0)
+		exit(1);
+
+	/* the socket will be deleted when autoconf cleans up these
+           files. */
+
+	exit(0);
+}
diff --git a/source3/torture/denytest.c b/source3/torture/denytest.c
new file mode 100644
index 0000000000..045246f126
--- /dev/null
+++ b/source3/torture/denytest.c
@@ -0,0 +1,1577 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB torture tester - scanning functions
+   Copyright (C) Andrew Tridgell 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#define NO_SYSLOG
+
+#include "includes.h"
+
+extern BOOL torture_showall;
+
+enum deny_result {A_0=0, A_X=1, A_R=2, A_W=3, A_RW=5};
+
+
+static char *denystr(int denymode)
+{
+	struct {
+		int v;
+		char *name; 
+	} deny_modes[] = {
+		{DENY_DOS, "DENY_DOS"},
+		{DENY_ALL, "DENY_ALL"},
+		{DENY_WRITE, "DENY_WRITE"},
+		{DENY_READ, "DENY_READ"},
+		{DENY_NONE, "DENY_NONE"},
+		{DENY_FCB, "DENY_FCB"},
+		{-1, NULL}};
+	int i;
+	for (i=0;deny_modes[i].name;i++) {
+		if (deny_modes[i].v == denymode) return deny_modes[i].name;
+	}
+	return "DENY_XXX";
+}
+
+static char *openstr(int mode)
+{
+	struct {
+		int v;
+		char *name; 
+	} open_modes[] = {
+		{O_RDWR, "O_RDWR"},
+		{O_RDONLY, "O_RDONLY"},
+		{O_WRONLY, "O_WRONLY"},
+		{-1, NULL}};
+	int i;
+	for (i=0;open_modes[i].name;i++) {
+		if (open_modes[i].v == mode) return open_modes[i].name;
+	}
+	return "O_XXX";
+}
+
+static char *resultstr(enum deny_result res)
+{
+	struct {
+		enum deny_result res;
+		char *name; 
+	} results[] = {
+		{A_X, "X"},
+		{A_0, "-"},
+		{A_R, "R"},
+		{A_W, "W"},
+		{A_RW,"RW"}};
+	int i;
+	for (i=0;ARRAY_SIZE(results);i++) {
+		if (results[i].res == res) return results[i].name;
+	}
+	return "*";
+}
+
+static struct {
+	int isexe;
+	int mode1, deny1;
+	int mode2, deny2;
+	enum deny_result result;
+} denytable2[] = {
+{1,   O_RDWR,   DENY_DOS,      O_RDWR,   DENY_DOS,     A_RW},
+{1,   O_RDWR,   DENY_DOS,    O_RDONLY,   DENY_DOS,     A_R},
+{1,   O_RDWR,   DENY_DOS,    O_WRONLY,   DENY_DOS,     A_W},
+{1,   O_RDWR,   DENY_DOS,      O_RDWR,   DENY_ALL,     A_0},
+{1,   O_RDWR,   DENY_DOS,    O_RDONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR,   DENY_DOS,    O_WRONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR,   DENY_DOS,      O_RDWR, DENY_WRITE,     A_0},
+{1,   O_RDWR,   DENY_DOS,    O_RDONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR,   DENY_DOS,    O_WRONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR,   DENY_DOS,      O_RDWR,  DENY_READ,     A_0},
+{1,   O_RDWR,   DENY_DOS,    O_RDONLY,  DENY_READ,     A_0},
+{1,   O_RDWR,   DENY_DOS,    O_WRONLY,  DENY_READ,     A_0},
+{1,   O_RDWR,   DENY_DOS,      O_RDWR,  DENY_NONE,     A_RW},
+{1,   O_RDWR,   DENY_DOS,    O_RDONLY,  DENY_NONE,     A_R},
+{1,   O_RDWR,   DENY_DOS,    O_WRONLY,  DENY_NONE,     A_W},
+{1,   O_RDWR,   DENY_DOS,      O_RDWR,   DENY_FCB,     A_0},
+{1,   O_RDWR,   DENY_DOS,    O_RDONLY,   DENY_FCB,     A_0},
+{1,   O_RDWR,   DENY_DOS,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY,   DENY_DOS,      O_RDWR,   DENY_DOS,     A_RW},
+{1, O_RDONLY,   DENY_DOS,    O_RDONLY,   DENY_DOS,     A_R},
+{1, O_RDONLY,   DENY_DOS,    O_WRONLY,   DENY_DOS,     A_W},
+{1, O_RDONLY,   DENY_DOS,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_RDONLY,   DENY_DOS,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY,   DENY_DOS,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY,   DENY_DOS,      O_RDWR, DENY_WRITE,     A_RW},
+{1, O_RDONLY,   DENY_DOS,    O_RDONLY, DENY_WRITE,     A_R},
+{1, O_RDONLY,   DENY_DOS,    O_WRONLY, DENY_WRITE,     A_W},
+{1, O_RDONLY,   DENY_DOS,      O_RDWR,  DENY_READ,     A_0},
+{1, O_RDONLY,   DENY_DOS,    O_RDONLY,  DENY_READ,     A_0},
+{1, O_RDONLY,   DENY_DOS,    O_WRONLY,  DENY_READ,     A_0},
+{1, O_RDONLY,   DENY_DOS,      O_RDWR,  DENY_NONE,     A_RW},
+{1, O_RDONLY,   DENY_DOS,    O_RDONLY,  DENY_NONE,     A_R},
+{1, O_RDONLY,   DENY_DOS,    O_WRONLY,  DENY_NONE,     A_W},
+{1, O_RDONLY,   DENY_DOS,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_RDONLY,   DENY_DOS,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY,   DENY_DOS,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY,   DENY_DOS,      O_RDWR,   DENY_DOS,     A_RW},
+{1, O_WRONLY,   DENY_DOS,    O_RDONLY,   DENY_DOS,     A_R},
+{1, O_WRONLY,   DENY_DOS,    O_WRONLY,   DENY_DOS,     A_W},
+{1, O_WRONLY,   DENY_DOS,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_WRONLY,   DENY_DOS,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY,   DENY_DOS,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY,   DENY_DOS,      O_RDWR, DENY_WRITE,     A_0},
+{1, O_WRONLY,   DENY_DOS,    O_RDONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY,   DENY_DOS,    O_WRONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY,   DENY_DOS,      O_RDWR,  DENY_READ,     A_RW},
+{1, O_WRONLY,   DENY_DOS,    O_RDONLY,  DENY_READ,     A_R},
+{1, O_WRONLY,   DENY_DOS,    O_WRONLY,  DENY_READ,     A_W},
+{1, O_WRONLY,   DENY_DOS,      O_RDWR,  DENY_NONE,     A_RW},
+{1, O_WRONLY,   DENY_DOS,    O_RDONLY,  DENY_NONE,     A_R},
+{1, O_WRONLY,   DENY_DOS,    O_WRONLY,  DENY_NONE,     A_W},
+{1, O_WRONLY,   DENY_DOS,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_WRONLY,   DENY_DOS,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY,   DENY_DOS,    O_WRONLY,   DENY_FCB,     A_0},
+{1,   O_RDWR,   DENY_ALL,      O_RDWR,   DENY_DOS,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_RDONLY,   DENY_DOS,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_WRONLY,   DENY_DOS,     A_0},
+{1,   O_RDWR,   DENY_ALL,      O_RDWR,   DENY_ALL,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_RDONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_WRONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR,   DENY_ALL,      O_RDWR, DENY_WRITE,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_RDONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_WRONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR,   DENY_ALL,      O_RDWR,  DENY_READ,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_RDONLY,  DENY_READ,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_WRONLY,  DENY_READ,     A_0},
+{1,   O_RDWR,   DENY_ALL,      O_RDWR,  DENY_NONE,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_RDONLY,  DENY_NONE,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_WRONLY,  DENY_NONE,     A_0},
+{1,   O_RDWR,   DENY_ALL,      O_RDWR,   DENY_FCB,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_RDONLY,   DENY_FCB,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY,   DENY_ALL,      O_RDWR,   DENY_DOS,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_RDONLY,   DENY_DOS,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_WRONLY,   DENY_DOS,     A_0},
+{1, O_RDONLY,   DENY_ALL,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY,   DENY_ALL,      O_RDWR, DENY_WRITE,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_RDONLY, DENY_WRITE,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_WRONLY, DENY_WRITE,     A_0},
+{1, O_RDONLY,   DENY_ALL,      O_RDWR,  DENY_READ,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_RDONLY,  DENY_READ,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_WRONLY,  DENY_READ,     A_0},
+{1, O_RDONLY,   DENY_ALL,      O_RDWR,  DENY_NONE,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_RDONLY,  DENY_NONE,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_WRONLY,  DENY_NONE,     A_0},
+{1, O_RDONLY,   DENY_ALL,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY,   DENY_ALL,      O_RDWR,   DENY_DOS,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_RDONLY,   DENY_DOS,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_WRONLY,   DENY_DOS,     A_0},
+{1, O_WRONLY,   DENY_ALL,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY,   DENY_ALL,      O_RDWR, DENY_WRITE,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_RDONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_WRONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY,   DENY_ALL,      O_RDWR,  DENY_READ,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_RDONLY,  DENY_READ,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_WRONLY,  DENY_READ,     A_0},
+{1, O_WRONLY,   DENY_ALL,      O_RDWR,  DENY_NONE,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_RDONLY,  DENY_NONE,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_WRONLY,  DENY_NONE,     A_0},
+{1, O_WRONLY,   DENY_ALL,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_WRONLY,   DENY_FCB,     A_0},
+{1,   O_RDWR, DENY_WRITE,      O_RDWR,   DENY_DOS,     A_0},
+{1,   O_RDWR, DENY_WRITE,    O_RDONLY,   DENY_DOS,     A_R},
+{1,   O_RDWR, DENY_WRITE,    O_WRONLY,   DENY_DOS,     A_0},
+{1,   O_RDWR, DENY_WRITE,      O_RDWR,   DENY_ALL,     A_0},
+{1,   O_RDWR, DENY_WRITE,    O_RDONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR, DENY_WRITE,    O_WRONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR, DENY_WRITE,      O_RDWR, DENY_WRITE,     A_0},
+{1,   O_RDWR, DENY_WRITE,    O_RDONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR, DENY_WRITE,    O_WRONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR, DENY_WRITE,      O_RDWR,  DENY_READ,     A_0},
+{1,   O_RDWR, DENY_WRITE,    O_RDONLY,  DENY_READ,     A_0},
+{1,   O_RDWR, DENY_WRITE,    O_WRONLY,  DENY_READ,     A_0},
+{1,   O_RDWR, DENY_WRITE,      O_RDWR,  DENY_NONE,     A_0},
+{1,   O_RDWR, DENY_WRITE,    O_RDONLY,  DENY_NONE,     A_R},
+{1,   O_RDWR, DENY_WRITE,    O_WRONLY,  DENY_NONE,     A_0},
+{1,   O_RDWR, DENY_WRITE,      O_RDWR,   DENY_FCB,     A_0},
+{1,   O_RDWR, DENY_WRITE,    O_RDONLY,   DENY_FCB,     A_0},
+{1,   O_RDWR, DENY_WRITE,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY, DENY_WRITE,      O_RDWR,   DENY_DOS,     A_0},
+{1, O_RDONLY, DENY_WRITE,    O_RDONLY,   DENY_DOS,     A_R},
+{1, O_RDONLY, DENY_WRITE,    O_WRONLY,   DENY_DOS,     A_0},
+{1, O_RDONLY, DENY_WRITE,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_RDONLY, DENY_WRITE,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY, DENY_WRITE,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY, DENY_WRITE,      O_RDWR, DENY_WRITE,     A_0},
+{1, O_RDONLY, DENY_WRITE,    O_RDONLY, DENY_WRITE,     A_R},
+{1, O_RDONLY, DENY_WRITE,    O_WRONLY, DENY_WRITE,     A_0},
+{1, O_RDONLY, DENY_WRITE,      O_RDWR,  DENY_READ,     A_0},
+{1, O_RDONLY, DENY_WRITE,    O_RDONLY,  DENY_READ,     A_0},
+{1, O_RDONLY, DENY_WRITE,    O_WRONLY,  DENY_READ,     A_0},
+{1, O_RDONLY, DENY_WRITE,      O_RDWR,  DENY_NONE,     A_0},
+{1, O_RDONLY, DENY_WRITE,    O_RDONLY,  DENY_NONE,     A_R},
+{1, O_RDONLY, DENY_WRITE,    O_WRONLY,  DENY_NONE,     A_0},
+{1, O_RDONLY, DENY_WRITE,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_RDONLY, DENY_WRITE,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY, DENY_WRITE,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY, DENY_WRITE,      O_RDWR,   DENY_DOS,     A_0},
+{1, O_WRONLY, DENY_WRITE,    O_RDONLY,   DENY_DOS,     A_R},
+{1, O_WRONLY, DENY_WRITE,    O_WRONLY,   DENY_DOS,     A_0},
+{1, O_WRONLY, DENY_WRITE,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_WRONLY, DENY_WRITE,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY, DENY_WRITE,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY, DENY_WRITE,      O_RDWR, DENY_WRITE,     A_0},
+{1, O_WRONLY, DENY_WRITE,    O_RDONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY, DENY_WRITE,    O_WRONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY, DENY_WRITE,      O_RDWR,  DENY_READ,     A_0},
+{1, O_WRONLY, DENY_WRITE,    O_RDONLY,  DENY_READ,     A_R},
+{1, O_WRONLY, DENY_WRITE,    O_WRONLY,  DENY_READ,     A_0},
+{1, O_WRONLY, DENY_WRITE,      O_RDWR,  DENY_NONE,     A_0},
+{1, O_WRONLY, DENY_WRITE,    O_RDONLY,  DENY_NONE,     A_R},
+{1, O_WRONLY, DENY_WRITE,    O_WRONLY,  DENY_NONE,     A_0},
+{1, O_WRONLY, DENY_WRITE,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_WRONLY, DENY_WRITE,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY, DENY_WRITE,    O_WRONLY,   DENY_FCB,     A_0},
+{1,   O_RDWR,  DENY_READ,      O_RDWR,   DENY_DOS,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_RDONLY,   DENY_DOS,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_WRONLY,   DENY_DOS,     A_W},
+{1,   O_RDWR,  DENY_READ,      O_RDWR,   DENY_ALL,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_RDONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_WRONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR,  DENY_READ,      O_RDWR, DENY_WRITE,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_RDONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_WRONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR,  DENY_READ,      O_RDWR,  DENY_READ,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_RDONLY,  DENY_READ,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_WRONLY,  DENY_READ,     A_0},
+{1,   O_RDWR,  DENY_READ,      O_RDWR,  DENY_NONE,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_RDONLY,  DENY_NONE,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_WRONLY,  DENY_NONE,     A_W},
+{1,   O_RDWR,  DENY_READ,      O_RDWR,   DENY_FCB,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_RDONLY,   DENY_FCB,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY,  DENY_READ,      O_RDWR,   DENY_DOS,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_RDONLY,   DENY_DOS,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_WRONLY,   DENY_DOS,     A_W},
+{1, O_RDONLY,  DENY_READ,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY,  DENY_READ,      O_RDWR, DENY_WRITE,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_RDONLY, DENY_WRITE,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_WRONLY, DENY_WRITE,     A_W},
+{1, O_RDONLY,  DENY_READ,      O_RDWR,  DENY_READ,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_RDONLY,  DENY_READ,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_WRONLY,  DENY_READ,     A_0},
+{1, O_RDONLY,  DENY_READ,      O_RDWR,  DENY_NONE,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_RDONLY,  DENY_NONE,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_WRONLY,  DENY_NONE,     A_W},
+{1, O_RDONLY,  DENY_READ,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY,  DENY_READ,      O_RDWR,   DENY_DOS,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_RDONLY,   DENY_DOS,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_WRONLY,   DENY_DOS,     A_W},
+{1, O_WRONLY,  DENY_READ,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY,  DENY_READ,      O_RDWR, DENY_WRITE,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_RDONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_WRONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY,  DENY_READ,      O_RDWR,  DENY_READ,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_RDONLY,  DENY_READ,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_WRONLY,  DENY_READ,     A_W},
+{1, O_WRONLY,  DENY_READ,      O_RDWR,  DENY_NONE,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_RDONLY,  DENY_NONE,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_WRONLY,  DENY_NONE,     A_W},
+{1, O_WRONLY,  DENY_READ,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_WRONLY,   DENY_FCB,     A_0},
+{1,   O_RDWR,  DENY_NONE,      O_RDWR,   DENY_DOS,     A_RW},
+{1,   O_RDWR,  DENY_NONE,    O_RDONLY,   DENY_DOS,     A_R},
+{1,   O_RDWR,  DENY_NONE,    O_WRONLY,   DENY_DOS,     A_W},
+{1,   O_RDWR,  DENY_NONE,      O_RDWR,   DENY_ALL,     A_0},
+{1,   O_RDWR,  DENY_NONE,    O_RDONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR,  DENY_NONE,    O_WRONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR,  DENY_NONE,      O_RDWR, DENY_WRITE,     A_0},
+{1,   O_RDWR,  DENY_NONE,    O_RDONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR,  DENY_NONE,    O_WRONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR,  DENY_NONE,      O_RDWR,  DENY_READ,     A_0},
+{1,   O_RDWR,  DENY_NONE,    O_RDONLY,  DENY_READ,     A_0},
+{1,   O_RDWR,  DENY_NONE,    O_WRONLY,  DENY_READ,     A_0},
+{1,   O_RDWR,  DENY_NONE,      O_RDWR,  DENY_NONE,     A_RW},
+{1,   O_RDWR,  DENY_NONE,    O_RDONLY,  DENY_NONE,     A_R},
+{1,   O_RDWR,  DENY_NONE,    O_WRONLY,  DENY_NONE,     A_W},
+{1,   O_RDWR,  DENY_NONE,      O_RDWR,   DENY_FCB,     A_0},
+{1,   O_RDWR,  DENY_NONE,    O_RDONLY,   DENY_FCB,     A_0},
+{1,   O_RDWR,  DENY_NONE,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY,  DENY_NONE,      O_RDWR,   DENY_DOS,     A_RW},
+{1, O_RDONLY,  DENY_NONE,    O_RDONLY,   DENY_DOS,     A_R},
+{1, O_RDONLY,  DENY_NONE,    O_WRONLY,   DENY_DOS,     A_W},
+{1, O_RDONLY,  DENY_NONE,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_RDONLY,  DENY_NONE,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY,  DENY_NONE,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY,  DENY_NONE,      O_RDWR, DENY_WRITE,     A_RW},
+{1, O_RDONLY,  DENY_NONE,    O_RDONLY, DENY_WRITE,     A_R},
+{1, O_RDONLY,  DENY_NONE,    O_WRONLY, DENY_WRITE,     A_W},
+{1, O_RDONLY,  DENY_NONE,      O_RDWR,  DENY_READ,     A_0},
+{1, O_RDONLY,  DENY_NONE,    O_RDONLY,  DENY_READ,     A_0},
+{1, O_RDONLY,  DENY_NONE,    O_WRONLY,  DENY_READ,     A_0},
+{1, O_RDONLY,  DENY_NONE,      O_RDWR,  DENY_NONE,     A_RW},
+{1, O_RDONLY,  DENY_NONE,    O_RDONLY,  DENY_NONE,     A_R},
+{1, O_RDONLY,  DENY_NONE,    O_WRONLY,  DENY_NONE,     A_W},
+{1, O_RDONLY,  DENY_NONE,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_RDONLY,  DENY_NONE,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY,  DENY_NONE,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY,  DENY_NONE,      O_RDWR,   DENY_DOS,     A_RW},
+{1, O_WRONLY,  DENY_NONE,    O_RDONLY,   DENY_DOS,     A_R},
+{1, O_WRONLY,  DENY_NONE,    O_WRONLY,   DENY_DOS,     A_W},
+{1, O_WRONLY,  DENY_NONE,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_WRONLY,  DENY_NONE,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY,  DENY_NONE,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY,  DENY_NONE,      O_RDWR, DENY_WRITE,     A_0},
+{1, O_WRONLY,  DENY_NONE,    O_RDONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY,  DENY_NONE,    O_WRONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY,  DENY_NONE,      O_RDWR,  DENY_READ,     A_RW},
+{1, O_WRONLY,  DENY_NONE,    O_RDONLY,  DENY_READ,     A_R},
+{1, O_WRONLY,  DENY_NONE,    O_WRONLY,  DENY_READ,     A_W},
+{1, O_WRONLY,  DENY_NONE,      O_RDWR,  DENY_NONE,     A_RW},
+{1, O_WRONLY,  DENY_NONE,    O_RDONLY,  DENY_NONE,     A_R},
+{1, O_WRONLY,  DENY_NONE,    O_WRONLY,  DENY_NONE,     A_W},
+{1, O_WRONLY,  DENY_NONE,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_WRONLY,  DENY_NONE,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY,  DENY_NONE,    O_WRONLY,   DENY_FCB,     A_0},
+{1,   O_RDWR,   DENY_FCB,      O_RDWR,   DENY_DOS,     A_0},
+{1,   O_RDWR,   DENY_FCB,    O_RDONLY,   DENY_DOS,     A_0},
+{1,   O_RDWR,   DENY_FCB,    O_WRONLY,   DENY_DOS,     A_0},
+{1,   O_RDWR,   DENY_FCB,      O_RDWR,   DENY_ALL,     A_0},
+{1,   O_RDWR,   DENY_FCB,    O_RDONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR,   DENY_FCB,    O_WRONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR,   DENY_FCB,      O_RDWR, DENY_WRITE,     A_0},
+{1,   O_RDWR,   DENY_FCB,    O_RDONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR,   DENY_FCB,    O_WRONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR,   DENY_FCB,      O_RDWR,  DENY_READ,     A_0},
+{1,   O_RDWR,   DENY_FCB,    O_RDONLY,  DENY_READ,     A_0},
+{1,   O_RDWR,   DENY_FCB,    O_WRONLY,  DENY_READ,     A_0},
+{1,   O_RDWR,   DENY_FCB,      O_RDWR,  DENY_NONE,     A_0},
+{1,   O_RDWR,   DENY_FCB,    O_RDONLY,  DENY_NONE,     A_0},
+{1,   O_RDWR,   DENY_FCB,    O_WRONLY,  DENY_NONE,     A_0},
+{1,   O_RDWR,   DENY_FCB,      O_RDWR,   DENY_FCB,     A_0},
+{1,   O_RDWR,   DENY_FCB,    O_RDONLY,   DENY_FCB,     A_0},
+{1,   O_RDWR,   DENY_FCB,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY,   DENY_FCB,      O_RDWR,   DENY_DOS,     A_0},
+{1, O_RDONLY,   DENY_FCB,    O_RDONLY,   DENY_DOS,     A_0},
+{1, O_RDONLY,   DENY_FCB,    O_WRONLY,   DENY_DOS,     A_0},
+{1, O_RDONLY,   DENY_FCB,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_RDONLY,   DENY_FCB,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY,   DENY_FCB,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY,   DENY_FCB,      O_RDWR, DENY_WRITE,     A_0},
+{1, O_RDONLY,   DENY_FCB,    O_RDONLY, DENY_WRITE,     A_0},
+{1, O_RDONLY,   DENY_FCB,    O_WRONLY, DENY_WRITE,     A_0},
+{1, O_RDONLY,   DENY_FCB,      O_RDWR,  DENY_READ,     A_0},
+{1, O_RDONLY,   DENY_FCB,    O_RDONLY,  DENY_READ,     A_0},
+{1, O_RDONLY,   DENY_FCB,    O_WRONLY,  DENY_READ,     A_0},
+{1, O_RDONLY,   DENY_FCB,      O_RDWR,  DENY_NONE,     A_0},
+{1, O_RDONLY,   DENY_FCB,    O_RDONLY,  DENY_NONE,     A_0},
+{1, O_RDONLY,   DENY_FCB,    O_WRONLY,  DENY_NONE,     A_0},
+{1, O_RDONLY,   DENY_FCB,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_RDONLY,   DENY_FCB,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY,   DENY_FCB,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY,   DENY_FCB,      O_RDWR,   DENY_DOS,     A_0},
+{1, O_WRONLY,   DENY_FCB,    O_RDONLY,   DENY_DOS,     A_0},
+{1, O_WRONLY,   DENY_FCB,    O_WRONLY,   DENY_DOS,     A_0},
+{1, O_WRONLY,   DENY_FCB,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_WRONLY,   DENY_FCB,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY,   DENY_FCB,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY,   DENY_FCB,      O_RDWR, DENY_WRITE,     A_0},
+{1, O_WRONLY,   DENY_FCB,    O_RDONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY,   DENY_FCB,    O_WRONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY,   DENY_FCB,      O_RDWR,  DENY_READ,     A_0},
+{1, O_WRONLY,   DENY_FCB,    O_RDONLY,  DENY_READ,     A_0},
+{1, O_WRONLY,   DENY_FCB,    O_WRONLY,  DENY_READ,     A_0},
+{1, O_WRONLY,   DENY_FCB,      O_RDWR,  DENY_NONE,     A_0},
+{1, O_WRONLY,   DENY_FCB,    O_RDONLY,  DENY_NONE,     A_0},
+{1, O_WRONLY,   DENY_FCB,    O_WRONLY,  DENY_NONE,     A_0},
+{1, O_WRONLY,   DENY_FCB,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_WRONLY,   DENY_FCB,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY,   DENY_FCB,    O_WRONLY,   DENY_FCB,     A_0},
+{0,   O_RDWR,   DENY_DOS,      O_RDWR,   DENY_DOS,     A_0},
+{0,   O_RDWR,   DENY_DOS,    O_RDONLY,   DENY_DOS,     A_0},
+{0,   O_RDWR,   DENY_DOS,    O_WRONLY,   DENY_DOS,     A_0},
+{0,   O_RDWR,   DENY_DOS,      O_RDWR,   DENY_ALL,     A_0},
+{0,   O_RDWR,   DENY_DOS,    O_RDONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR,   DENY_DOS,    O_WRONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR,   DENY_DOS,      O_RDWR, DENY_WRITE,     A_0},
+{0,   O_RDWR,   DENY_DOS,    O_RDONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR,   DENY_DOS,    O_WRONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR,   DENY_DOS,      O_RDWR,  DENY_READ,     A_0},
+{0,   O_RDWR,   DENY_DOS,    O_RDONLY,  DENY_READ,     A_0},
+{0,   O_RDWR,   DENY_DOS,    O_WRONLY,  DENY_READ,     A_0},
+{0,   O_RDWR,   DENY_DOS,      O_RDWR,  DENY_NONE,     A_0},
+{0,   O_RDWR,   DENY_DOS,    O_RDONLY,  DENY_NONE,     A_0},
+{0,   O_RDWR,   DENY_DOS,    O_WRONLY,  DENY_NONE,     A_0},
+{0,   O_RDWR,   DENY_DOS,      O_RDWR,   DENY_FCB,     A_0},
+{0,   O_RDWR,   DENY_DOS,    O_RDONLY,   DENY_FCB,     A_0},
+{0,   O_RDWR,   DENY_DOS,    O_WRONLY,   DENY_FCB,     A_0},
+{0, O_RDONLY,   DENY_DOS,      O_RDWR,   DENY_DOS,     A_0},
+{0, O_RDONLY,   DENY_DOS,    O_RDONLY,   DENY_DOS,     A_R},
+{0, O_RDONLY,   DENY_DOS,    O_WRONLY,   DENY_DOS,     A_0},
+{0, O_RDONLY,   DENY_DOS,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_RDONLY,   DENY_DOS,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY,   DENY_DOS,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY,   DENY_DOS,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_RDONLY,   DENY_DOS,    O_RDONLY, DENY_WRITE,     A_R},
+{0, O_RDONLY,   DENY_DOS,    O_WRONLY, DENY_WRITE,     A_0},
+{0, O_RDONLY,   DENY_DOS,      O_RDWR,  DENY_READ,     A_0},
+{0, O_RDONLY,   DENY_DOS,    O_RDONLY,  DENY_READ,     A_0},
+{0, O_RDONLY,   DENY_DOS,    O_WRONLY,  DENY_READ,     A_0},
+{0, O_RDONLY,   DENY_DOS,      O_RDWR,  DENY_NONE,     A_0},
+{0, O_RDONLY,   DENY_DOS,    O_RDONLY,  DENY_NONE,     A_R},
+{0, O_RDONLY,   DENY_DOS,    O_WRONLY,  DENY_NONE,     A_0},
+{0, O_RDONLY,   DENY_DOS,      O_RDWR,   DENY_FCB,     A_0},
+{0, O_RDONLY,   DENY_DOS,    O_RDONLY,   DENY_FCB,     A_0},
+{0, O_RDONLY,   DENY_DOS,    O_WRONLY,   DENY_FCB,     A_0},
+{0, O_WRONLY,   DENY_DOS,      O_RDWR,   DENY_DOS,     A_0},
+{0, O_WRONLY,   DENY_DOS,    O_RDONLY,   DENY_DOS,     A_0},
+{0, O_WRONLY,   DENY_DOS,    O_WRONLY,   DENY_DOS,     A_0},
+{0, O_WRONLY,   DENY_DOS,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_WRONLY,   DENY_DOS,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY,   DENY_DOS,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY,   DENY_DOS,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_WRONLY,   DENY_DOS,    O_RDONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY,   DENY_DOS,    O_WRONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY,   DENY_DOS,      O_RDWR,  DENY_READ,     A_0},
+{0, O_WRONLY,   DENY_DOS,    O_RDONLY,  DENY_READ,     A_0},
+{0, O_WRONLY,   DENY_DOS,    O_WRONLY,  DENY_READ,     A_0},
+{0, O_WRONLY,   DENY_DOS,      O_RDWR,  DENY_NONE,     A_0},
+{0, O_WRONLY,   DENY_DOS,    O_RDONLY,  DENY_NONE,     A_0},
+{0, O_WRONLY,   DENY_DOS,    O_WRONLY,  DENY_NONE,     A_0},
+{0, O_WRONLY,   DENY_DOS,      O_RDWR,   DENY_FCB,     A_0},
+{0, O_WRONLY,   DENY_DOS,    O_RDONLY,   DENY_FCB,     A_0},
+{0, O_WRONLY,   DENY_DOS,    O_WRONLY,   DENY_FCB,     A_0},
+{0,   O_RDWR,   DENY_ALL,      O_RDWR,   DENY_DOS,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_RDONLY,   DENY_DOS,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_WRONLY,   DENY_DOS,     A_0},
+{0,   O_RDWR,   DENY_ALL,      O_RDWR,   DENY_ALL,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_RDONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_WRONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR,   DENY_ALL,      O_RDWR, DENY_WRITE,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_RDONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_WRONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR,   DENY_ALL,      O_RDWR,  DENY_READ,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_RDONLY,  DENY_READ,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_WRONLY,  DENY_READ,     A_0},
+{0,   O_RDWR,   DENY_ALL,      O_RDWR,  DENY_NONE,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_RDONLY,  DENY_NONE,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_WRONLY,  DENY_NONE,     A_0},
+{0,   O_RDWR,   DENY_ALL,      O_RDWR,   DENY_FCB,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_RDONLY,   DENY_FCB,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_WRONLY,   DENY_FCB,     A_0},
+{0, O_RDONLY,   DENY_ALL,      O_RDWR,   DENY_DOS,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_RDONLY,   DENY_DOS,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_WRONLY,   DENY_DOS,     A_0},
+{0, O_RDONLY,   DENY_ALL,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY,   DENY_ALL,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_RDONLY, DENY_WRITE,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_WRONLY, DENY_WRITE,     A_0},
+{0, O_RDONLY,   DENY_ALL,      O_RDWR,  DENY_READ,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_RDONLY,  DENY_READ,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_WRONLY,  DENY_READ,     A_0},
+{0, O_RDONLY,   DENY_ALL,      O_RDWR,  DENY_NONE,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_RDONLY,  DENY_NONE,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_WRONLY,  DENY_NONE,     A_0},
+{0, O_RDONLY,   DENY_ALL,      O_RDWR,   DENY_FCB,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_RDONLY,   DENY_FCB,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_WRONLY,   DENY_FCB,     A_0},
+{0, O_WRONLY,   DENY_ALL,      O_RDWR,   DENY_DOS,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_RDONLY,   DENY_DOS,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_WRONLY,   DENY_DOS,     A_0},
+{0, O_WRONLY,   DENY_ALL,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY,   DENY_ALL,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_RDONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_WRONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY,   DENY_ALL,      O_RDWR,  DENY_READ,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_RDONLY,  DENY_READ,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_WRONLY,  DENY_READ,     A_0},
+{0, O_WRONLY,   DENY_ALL,      O_RDWR,  DENY_NONE,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_RDONLY,  DENY_NONE,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_WRONLY,  DENY_NONE,     A_0},
+{0, O_WRONLY,   DENY_ALL,      O_RDWR,   DENY_FCB,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_RDONLY,   DENY_FCB,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_WRONLY,   DENY_FCB,     A_0},
+{0,   O_RDWR, DENY_WRITE,      O_RDWR,   DENY_DOS,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_RDONLY,   DENY_DOS,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_WRONLY,   DENY_DOS,     A_0},
+{0,   O_RDWR, DENY_WRITE,      O_RDWR,   DENY_ALL,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_RDONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_WRONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR, DENY_WRITE,      O_RDWR, DENY_WRITE,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_RDONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_WRONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR, DENY_WRITE,      O_RDWR,  DENY_READ,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_RDONLY,  DENY_READ,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_WRONLY,  DENY_READ,     A_0},
+{0,   O_RDWR, DENY_WRITE,      O_RDWR,  DENY_NONE,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_RDONLY,  DENY_NONE,     A_R},
+{0,   O_RDWR, DENY_WRITE,    O_WRONLY,  DENY_NONE,     A_0},
+{0,   O_RDWR, DENY_WRITE,      O_RDWR,   DENY_FCB,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_RDONLY,   DENY_FCB,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_WRONLY,   DENY_FCB,     A_0},
+{0, O_RDONLY, DENY_WRITE,      O_RDWR,   DENY_DOS,     A_0},
+{0, O_RDONLY, DENY_WRITE,    O_RDONLY,   DENY_DOS,     A_R},
+{0, O_RDONLY, DENY_WRITE,    O_WRONLY,   DENY_DOS,     A_0},
+{0, O_RDONLY, DENY_WRITE,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_RDONLY, DENY_WRITE,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY, DENY_WRITE,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY, DENY_WRITE,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_RDONLY, DENY_WRITE,    O_RDONLY, DENY_WRITE,     A_R},
+{0, O_RDONLY, DENY_WRITE,    O_WRONLY, DENY_WRITE,     A_0},
+{0, O_RDONLY, DENY_WRITE,      O_RDWR,  DENY_READ,     A_0},
+{0, O_RDONLY, DENY_WRITE,    O_RDONLY,  DENY_READ,     A_0},
+{0, O_RDONLY, DENY_WRITE,    O_WRONLY,  DENY_READ,     A_0},
+{0, O_RDONLY, DENY_WRITE,      O_RDWR,  DENY_NONE,     A_0},
+{0, O_RDONLY, DENY_WRITE,    O_RDONLY,  DENY_NONE,     A_R},
+{0, O_RDONLY, DENY_WRITE,    O_WRONLY,  DENY_NONE,     A_0},
+{0, O_RDONLY, DENY_WRITE,      O_RDWR,   DENY_FCB,     A_0},
+{0, O_RDONLY, DENY_WRITE,    O_RDONLY,   DENY_FCB,     A_0},
+{0, O_RDONLY, DENY_WRITE,    O_WRONLY,   DENY_FCB,     A_0},
+{0, O_WRONLY, DENY_WRITE,      O_RDWR,   DENY_DOS,     A_0},
+{0, O_WRONLY, DENY_WRITE,    O_RDONLY,   DENY_DOS,     A_0},
+{0, O_WRONLY, DENY_WRITE,    O_WRONLY,   DENY_DOS,     A_0},
+{0, O_WRONLY, DENY_WRITE,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_WRONLY, DENY_WRITE,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY, DENY_WRITE,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY, DENY_WRITE,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_WRONLY, DENY_WRITE,    O_RDONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY, DENY_WRITE,    O_WRONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY, DENY_WRITE,      O_RDWR,  DENY_READ,     A_0},
+{0, O_WRONLY, DENY_WRITE,    O_RDONLY,  DENY_READ,     A_R},
+{0, O_WRONLY, DENY_WRITE,    O_WRONLY,  DENY_READ,     A_0},
+{0, O_WRONLY, DENY_WRITE,      O_RDWR,  DENY_NONE,     A_0},
+{0, O_WRONLY, DENY_WRITE,    O_RDONLY,  DENY_NONE,     A_R},
+{0, O_WRONLY, DENY_WRITE,    O_WRONLY,  DENY_NONE,     A_0},
+{0, O_WRONLY, DENY_WRITE,      O_RDWR,   DENY_FCB,     A_0},
+{0, O_WRONLY, DENY_WRITE,    O_RDONLY,   DENY_FCB,     A_0},
+{0, O_WRONLY, DENY_WRITE,    O_WRONLY,   DENY_FCB,     A_0},
+{0,   O_RDWR,  DENY_READ,      O_RDWR,   DENY_DOS,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_RDONLY,   DENY_DOS,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_WRONLY,   DENY_DOS,     A_0},
+{0,   O_RDWR,  DENY_READ,      O_RDWR,   DENY_ALL,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_RDONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_WRONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR,  DENY_READ,      O_RDWR, DENY_WRITE,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_RDONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_WRONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR,  DENY_READ,      O_RDWR,  DENY_READ,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_RDONLY,  DENY_READ,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_WRONLY,  DENY_READ,     A_0},
+{0,   O_RDWR,  DENY_READ,      O_RDWR,  DENY_NONE,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_RDONLY,  DENY_NONE,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_WRONLY,  DENY_NONE,     A_W},
+{0,   O_RDWR,  DENY_READ,      O_RDWR,   DENY_FCB,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_RDONLY,   DENY_FCB,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_WRONLY,   DENY_FCB,     A_0},
+{0, O_RDONLY,  DENY_READ,      O_RDWR,   DENY_DOS,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_RDONLY,   DENY_DOS,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_WRONLY,   DENY_DOS,     A_0},
+{0, O_RDONLY,  DENY_READ,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY,  DENY_READ,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_RDONLY, DENY_WRITE,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_WRONLY, DENY_WRITE,     A_W},
+{0, O_RDONLY,  DENY_READ,      O_RDWR,  DENY_READ,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_RDONLY,  DENY_READ,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_WRONLY,  DENY_READ,     A_0},
+{0, O_RDONLY,  DENY_READ,      O_RDWR,  DENY_NONE,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_RDONLY,  DENY_NONE,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_WRONLY,  DENY_NONE,     A_W},
+{0, O_RDONLY,  DENY_READ,      O_RDWR,   DENY_FCB,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_RDONLY,   DENY_FCB,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_WRONLY,   DENY_FCB,     A_0},
+{0, O_WRONLY,  DENY_READ,      O_RDWR,   DENY_DOS,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_RDONLY,   DENY_DOS,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_WRONLY,   DENY_DOS,     A_0},
+{0, O_WRONLY,  DENY_READ,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY,  DENY_READ,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_RDONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_WRONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY,  DENY_READ,      O_RDWR,  DENY_READ,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_RDONLY,  DENY_READ,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_WRONLY,  DENY_READ,     A_W},
+{0, O_WRONLY,  DENY_READ,      O_RDWR,  DENY_NONE,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_RDONLY,  DENY_NONE,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_WRONLY,  DENY_NONE,     A_W},
+{0, O_WRONLY,  DENY_READ,      O_RDWR,   DENY_FCB,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_RDONLY,   DENY_FCB,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_WRONLY,   DENY_FCB,     A_0},
+{0,   O_RDWR,  DENY_NONE,      O_RDWR,   DENY_DOS,     A_0},
+{0,   O_RDWR,  DENY_NONE,    O_RDONLY,   DENY_DOS,     A_0},
+{0,   O_RDWR,  DENY_NONE,    O_WRONLY,   DENY_DOS,     A_0},
+{0,   O_RDWR,  DENY_NONE,      O_RDWR,   DENY_ALL,     A_0},
+{0,   O_RDWR,  DENY_NONE,    O_RDONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR,  DENY_NONE,    O_WRONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR,  DENY_NONE,      O_RDWR, DENY_WRITE,     A_0},
+{0,   O_RDWR,  DENY_NONE,    O_RDONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR,  DENY_NONE,    O_WRONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR,  DENY_NONE,      O_RDWR,  DENY_READ,     A_0},
+{0,   O_RDWR,  DENY_NONE,    O_RDONLY,  DENY_READ,     A_0},
+{0,   O_RDWR,  DENY_NONE,    O_WRONLY,  DENY_READ,     A_0},
+{0,   O_RDWR,  DENY_NONE,      O_RDWR,  DENY_NONE,     A_RW},
+{0,   O_RDWR,  DENY_NONE,    O_RDONLY,  DENY_NONE,     A_R},
+{0,   O_RDWR,  DENY_NONE,    O_WRONLY,  DENY_NONE,     A_W},
+{0,   O_RDWR,  DENY_NONE,      O_RDWR,   DENY_FCB,     A_0},
+{0,   O_RDWR,  DENY_NONE,    O_RDONLY,   DENY_FCB,     A_0},
+{0,   O_RDWR,  DENY_NONE,    O_WRONLY,   DENY_FCB,     A_0},
+{0, O_RDONLY,  DENY_NONE,      O_RDWR,   DENY_DOS,     A_0},
+{0, O_RDONLY,  DENY_NONE,    O_RDONLY,   DENY_DOS,     A_R},
+{0, O_RDONLY,  DENY_NONE,    O_WRONLY,   DENY_DOS,     A_0},
+{0, O_RDONLY,  DENY_NONE,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_RDONLY,  DENY_NONE,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY,  DENY_NONE,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY,  DENY_NONE,      O_RDWR, DENY_WRITE,     A_RW},
+{0, O_RDONLY,  DENY_NONE,    O_RDONLY, DENY_WRITE,     A_R},
+{0, O_RDONLY,  DENY_NONE,    O_WRONLY, DENY_WRITE,     A_W},
+{0, O_RDONLY,  DENY_NONE,      O_RDWR,  DENY_READ,     A_0},
+{0, O_RDONLY,  DENY_NONE,    O_RDONLY,  DENY_READ,     A_0},
+{0, O_RDONLY,  DENY_NONE,    O_WRONLY,  DENY_READ,     A_0},
+{0, O_RDONLY,  DENY_NONE,      O_RDWR,  DENY_NONE,     A_RW},
+{0, O_RDONLY,  DENY_NONE,    O_RDONLY,  DENY_NONE,     A_R},
+{0, O_RDONLY,  DENY_NONE,    O_WRONLY,  DENY_NONE,     A_W},
+{0, O_RDONLY,  DENY_NONE,      O_RDWR,   DENY_FCB,     A_0},
+{0, O_RDONLY,  DENY_NONE,    O_RDONLY,   DENY_FCB,     A_0},
+{0, O_RDONLY,  DENY_NONE,    O_WRONLY,   DENY_FCB,     A_0},
+{0, O_WRONLY,  DENY_NONE,      O_RDWR,   DENY_DOS,     A_0},
+{0, O_WRONLY,  DENY_NONE,    O_RDONLY,   DENY_DOS,     A_0},
+{0, O_WRONLY,  DENY_NONE,    O_WRONLY,   DENY_DOS,     A_0},
+{0, O_WRONLY,  DENY_NONE,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_WRONLY,  DENY_NONE,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY,  DENY_NONE,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY,  DENY_NONE,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_WRONLY,  DENY_NONE,    O_RDONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY,  DENY_NONE,    O_WRONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY,  DENY_NONE,      O_RDWR,  DENY_READ,     A_RW},
+{0, O_WRONLY,  DENY_NONE,    O_RDONLY,  DENY_READ,     A_R},
+{0, O_WRONLY,  DENY_NONE,    O_WRONLY,  DENY_READ,     A_W},
+{0, O_WRONLY,  DENY_NONE,      O_RDWR,  DENY_NONE,     A_RW},
+{0, O_WRONLY,  DENY_NONE,    O_RDONLY,  DENY_NONE,     A_R},
+{0, O_WRONLY,  DENY_NONE,    O_WRONLY,  DENY_NONE,     A_W},
+{0, O_WRONLY,  DENY_NONE,      O_RDWR,   DENY_FCB,     A_0},
+{0, O_WRONLY,  DENY_NONE,    O_RDONLY,   DENY_FCB,     A_0},
+{0, O_WRONLY,  DENY_NONE,    O_WRONLY,   DENY_FCB,     A_0},
+{0,   O_RDWR,   DENY_FCB,      O_RDWR,   DENY_DOS,     A_0},
+{0,   O_RDWR,   DENY_FCB,    O_RDONLY,   DENY_DOS,     A_0},
+{0,   O_RDWR,   DENY_FCB,    O_WRONLY,   DENY_DOS,     A_0},
+{0,   O_RDWR,   DENY_FCB,      O_RDWR,   DENY_ALL,     A_0},
+{0,   O_RDWR,   DENY_FCB,    O_RDONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR,   DENY_FCB,    O_WRONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR,   DENY_FCB,      O_RDWR, DENY_WRITE,     A_0},
+{0,   O_RDWR,   DENY_FCB,    O_RDONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR,   DENY_FCB,    O_WRONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR,   DENY_FCB,      O_RDWR,  DENY_READ,     A_0},
+{0,   O_RDWR,   DENY_FCB,    O_RDONLY,  DENY_READ,     A_0},
+{0,   O_RDWR,   DENY_FCB,    O_WRONLY,  DENY_READ,     A_0},
+{0,   O_RDWR,   DENY_FCB,      O_RDWR,  DENY_NONE,     A_0},
+{0,   O_RDWR,   DENY_FCB,    O_RDONLY,  DENY_NONE,     A_0},
+{0,   O_RDWR,   DENY_FCB,    O_WRONLY,  DENY_NONE,     A_0},
+{0,   O_RDWR,   DENY_FCB,      O_RDWR,   DENY_FCB,     A_0},
+{0,   O_RDWR,   DENY_FCB,    O_RDONLY,   DENY_FCB,     A_0},
+{0,   O_RDWR,   DENY_FCB,    O_WRONLY,   DENY_FCB,     A_0},
+{0, O_RDONLY,   DENY_FCB,      O_RDWR,   DENY_DOS,     A_0},
+{0, O_RDONLY,   DENY_FCB,    O_RDONLY,   DENY_DOS,     A_0},
+{0, O_RDONLY,   DENY_FCB,    O_WRONLY,   DENY_DOS,     A_0},
+{0, O_RDONLY,   DENY_FCB,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_RDONLY,   DENY_FCB,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY,   DENY_FCB,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY,   DENY_FCB,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_RDONLY,   DENY_FCB,    O_RDONLY, DENY_WRITE,     A_0},
+{0, O_RDONLY,   DENY_FCB,    O_WRONLY, DENY_WRITE,     A_0},
+{0, O_RDONLY,   DENY_FCB,      O_RDWR,  DENY_READ,     A_0},
+{0, O_RDONLY,   DENY_FCB,    O_RDONLY,  DENY_READ,     A_0},
+{0, O_RDONLY,   DENY_FCB,    O_WRONLY,  DENY_READ,     A_0},
+{0, O_RDONLY,   DENY_FCB,      O_RDWR,  DENY_NONE,     A_0},
+{0, O_RDONLY,   DENY_FCB,    O_RDONLY,  DENY_NONE,     A_0},
+{0, O_RDONLY,   DENY_FCB,    O_WRONLY,  DENY_NONE,     A_0},
+{0, O_RDONLY,   DENY_FCB,      O_RDWR,   DENY_FCB,     A_0},
+{0, O_RDONLY,   DENY_FCB,    O_RDONLY,   DENY_FCB,     A_0},
+{0, O_RDONLY,   DENY_FCB,    O_WRONLY,   DENY_FCB,     A_0},
+{0, O_WRONLY,   DENY_FCB,      O_RDWR,   DENY_DOS,     A_0},
+{0, O_WRONLY,   DENY_FCB,    O_RDONLY,   DENY_DOS,     A_0},
+{0, O_WRONLY,   DENY_FCB,    O_WRONLY,   DENY_DOS,     A_0},
+{0, O_WRONLY,   DENY_FCB,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_WRONLY,   DENY_FCB,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY,   DENY_FCB,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY,   DENY_FCB,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_WRONLY,   DENY_FCB,    O_RDONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY,   DENY_FCB,    O_WRONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY,   DENY_FCB,      O_RDWR,  DENY_READ,     A_0},
+{0, O_WRONLY,   DENY_FCB,    O_RDONLY,  DENY_READ,     A_0},
+{0, O_WRONLY,   DENY_FCB,    O_WRONLY,  DENY_READ,     A_0},
+{0, O_WRONLY,   DENY_FCB,      O_RDWR,  DENY_NONE,     A_0},
+{0, O_WRONLY,   DENY_FCB,    O_RDONLY,  DENY_NONE,     A_0},
+{0, O_WRONLY,   DENY_FCB,    O_WRONLY,  DENY_NONE,     A_0},
+{0, O_WRONLY,   DENY_FCB,      O_RDWR,   DENY_FCB,     A_0},
+{0, O_WRONLY,   DENY_FCB,    O_RDONLY,   DENY_FCB,     A_0},
+{0, O_WRONLY,   DENY_FCB,    O_WRONLY,   DENY_FCB,     A_0}
+};
+
+
+static struct {
+	int isexe;
+	int mode1, deny1;
+	int mode2, deny2;
+	enum deny_result result;
+} denytable1[] = {
+{1,   O_RDWR,   DENY_DOS,      O_RDWR,   DENY_DOS,     A_RW},
+{1,   O_RDWR,   DENY_DOS,    O_RDONLY,   DENY_DOS,     A_R},
+{1,   O_RDWR,   DENY_DOS,    O_WRONLY,   DENY_DOS,     A_W},
+{1,   O_RDWR,   DENY_DOS,      O_RDWR,   DENY_ALL,     A_0},
+{1,   O_RDWR,   DENY_DOS,    O_RDONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR,   DENY_DOS,    O_WRONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR,   DENY_DOS,      O_RDWR, DENY_WRITE,     A_0},
+{1,   O_RDWR,   DENY_DOS,    O_RDONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR,   DENY_DOS,    O_WRONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR,   DENY_DOS,      O_RDWR,  DENY_READ,     A_0},
+{1,   O_RDWR,   DENY_DOS,    O_RDONLY,  DENY_READ,     A_0},
+{1,   O_RDWR,   DENY_DOS,    O_WRONLY,  DENY_READ,     A_0},
+{1,   O_RDWR,   DENY_DOS,      O_RDWR,  DENY_NONE,     A_RW},
+{1,   O_RDWR,   DENY_DOS,    O_RDONLY,  DENY_NONE,     A_R},
+{1,   O_RDWR,   DENY_DOS,    O_WRONLY,  DENY_NONE,     A_W},
+{1,   O_RDWR,   DENY_DOS,      O_RDWR,   DENY_FCB,     A_0},
+{1,   O_RDWR,   DENY_DOS,    O_RDONLY,   DENY_FCB,     A_0},
+{1,   O_RDWR,   DENY_DOS,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY,   DENY_DOS,      O_RDWR,   DENY_DOS,     A_RW},
+{1, O_RDONLY,   DENY_DOS,    O_RDONLY,   DENY_DOS,     A_R},
+{1, O_RDONLY,   DENY_DOS,    O_WRONLY,   DENY_DOS,     A_W},
+{1, O_RDONLY,   DENY_DOS,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_RDONLY,   DENY_DOS,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY,   DENY_DOS,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY,   DENY_DOS,      O_RDWR, DENY_WRITE,     A_RW},
+{1, O_RDONLY,   DENY_DOS,    O_RDONLY, DENY_WRITE,     A_R},
+{1, O_RDONLY,   DENY_DOS,    O_WRONLY, DENY_WRITE,     A_W},
+{1, O_RDONLY,   DENY_DOS,      O_RDWR,  DENY_READ,     A_0},
+{1, O_RDONLY,   DENY_DOS,    O_RDONLY,  DENY_READ,     A_0},
+{1, O_RDONLY,   DENY_DOS,    O_WRONLY,  DENY_READ,     A_0},
+{1, O_RDONLY,   DENY_DOS,      O_RDWR,  DENY_NONE,     A_RW},
+{1, O_RDONLY,   DENY_DOS,    O_RDONLY,  DENY_NONE,     A_R},
+{1, O_RDONLY,   DENY_DOS,    O_WRONLY,  DENY_NONE,     A_W},
+{1, O_RDONLY,   DENY_DOS,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_RDONLY,   DENY_DOS,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY,   DENY_DOS,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY,   DENY_DOS,      O_RDWR,   DENY_DOS,     A_RW},
+{1, O_WRONLY,   DENY_DOS,    O_RDONLY,   DENY_DOS,     A_R},
+{1, O_WRONLY,   DENY_DOS,    O_WRONLY,   DENY_DOS,     A_W},
+{1, O_WRONLY,   DENY_DOS,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_WRONLY,   DENY_DOS,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY,   DENY_DOS,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY,   DENY_DOS,      O_RDWR, DENY_WRITE,     A_0},
+{1, O_WRONLY,   DENY_DOS,    O_RDONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY,   DENY_DOS,    O_WRONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY,   DENY_DOS,      O_RDWR,  DENY_READ,     A_RW},
+{1, O_WRONLY,   DENY_DOS,    O_RDONLY,  DENY_READ,     A_R},
+{1, O_WRONLY,   DENY_DOS,    O_WRONLY,  DENY_READ,     A_W},
+{1, O_WRONLY,   DENY_DOS,      O_RDWR,  DENY_NONE,     A_RW},
+{1, O_WRONLY,   DENY_DOS,    O_RDONLY,  DENY_NONE,     A_R},
+{1, O_WRONLY,   DENY_DOS,    O_WRONLY,  DENY_NONE,     A_W},
+{1, O_WRONLY,   DENY_DOS,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_WRONLY,   DENY_DOS,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY,   DENY_DOS,    O_WRONLY,   DENY_FCB,     A_0},
+{1,   O_RDWR,   DENY_ALL,      O_RDWR,   DENY_DOS,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_RDONLY,   DENY_DOS,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_WRONLY,   DENY_DOS,     A_0},
+{1,   O_RDWR,   DENY_ALL,      O_RDWR,   DENY_ALL,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_RDONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_WRONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR,   DENY_ALL,      O_RDWR, DENY_WRITE,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_RDONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_WRONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR,   DENY_ALL,      O_RDWR,  DENY_READ,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_RDONLY,  DENY_READ,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_WRONLY,  DENY_READ,     A_0},
+{1,   O_RDWR,   DENY_ALL,      O_RDWR,  DENY_NONE,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_RDONLY,  DENY_NONE,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_WRONLY,  DENY_NONE,     A_0},
+{1,   O_RDWR,   DENY_ALL,      O_RDWR,   DENY_FCB,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_RDONLY,   DENY_FCB,     A_0},
+{1,   O_RDWR,   DENY_ALL,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY,   DENY_ALL,      O_RDWR,   DENY_DOS,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_RDONLY,   DENY_DOS,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_WRONLY,   DENY_DOS,     A_0},
+{1, O_RDONLY,   DENY_ALL,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY,   DENY_ALL,      O_RDWR, DENY_WRITE,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_RDONLY, DENY_WRITE,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_WRONLY, DENY_WRITE,     A_0},
+{1, O_RDONLY,   DENY_ALL,      O_RDWR,  DENY_READ,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_RDONLY,  DENY_READ,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_WRONLY,  DENY_READ,     A_0},
+{1, O_RDONLY,   DENY_ALL,      O_RDWR,  DENY_NONE,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_RDONLY,  DENY_NONE,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_WRONLY,  DENY_NONE,     A_0},
+{1, O_RDONLY,   DENY_ALL,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY,   DENY_ALL,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY,   DENY_ALL,      O_RDWR,   DENY_DOS,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_RDONLY,   DENY_DOS,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_WRONLY,   DENY_DOS,     A_0},
+{1, O_WRONLY,   DENY_ALL,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY,   DENY_ALL,      O_RDWR, DENY_WRITE,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_RDONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_WRONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY,   DENY_ALL,      O_RDWR,  DENY_READ,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_RDONLY,  DENY_READ,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_WRONLY,  DENY_READ,     A_0},
+{1, O_WRONLY,   DENY_ALL,      O_RDWR,  DENY_NONE,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_RDONLY,  DENY_NONE,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_WRONLY,  DENY_NONE,     A_0},
+{1, O_WRONLY,   DENY_ALL,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY,   DENY_ALL,    O_WRONLY,   DENY_FCB,     A_0},
+{1,   O_RDWR, DENY_WRITE,      O_RDWR,   DENY_DOS,     A_0},
+{1,   O_RDWR, DENY_WRITE,    O_RDONLY,   DENY_DOS,     A_R},
+{1,   O_RDWR, DENY_WRITE,    O_WRONLY,   DENY_DOS,     A_0},
+{1,   O_RDWR, DENY_WRITE,      O_RDWR,   DENY_ALL,     A_0},
+{1,   O_RDWR, DENY_WRITE,    O_RDONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR, DENY_WRITE,    O_WRONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR, DENY_WRITE,      O_RDWR, DENY_WRITE,     A_0},
+{1,   O_RDWR, DENY_WRITE,    O_RDONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR, DENY_WRITE,    O_WRONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR, DENY_WRITE,      O_RDWR,  DENY_READ,     A_0},
+{1,   O_RDWR, DENY_WRITE,    O_RDONLY,  DENY_READ,     A_0},
+{1,   O_RDWR, DENY_WRITE,    O_WRONLY,  DENY_READ,     A_0},
+{1,   O_RDWR, DENY_WRITE,      O_RDWR,  DENY_NONE,     A_0},
+{1,   O_RDWR, DENY_WRITE,    O_RDONLY,  DENY_NONE,     A_R},
+{1,   O_RDWR, DENY_WRITE,    O_WRONLY,  DENY_NONE,     A_0},
+{1,   O_RDWR, DENY_WRITE,      O_RDWR,   DENY_FCB,     A_0},
+{1,   O_RDWR, DENY_WRITE,    O_RDONLY,   DENY_FCB,     A_0},
+{1,   O_RDWR, DENY_WRITE,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY, DENY_WRITE,      O_RDWR,   DENY_DOS,     A_0},
+{1, O_RDONLY, DENY_WRITE,    O_RDONLY,   DENY_DOS,     A_R},
+{1, O_RDONLY, DENY_WRITE,    O_WRONLY,   DENY_DOS,     A_0},
+{1, O_RDONLY, DENY_WRITE,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_RDONLY, DENY_WRITE,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY, DENY_WRITE,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY, DENY_WRITE,      O_RDWR, DENY_WRITE,     A_0},
+{1, O_RDONLY, DENY_WRITE,    O_RDONLY, DENY_WRITE,     A_R},
+{1, O_RDONLY, DENY_WRITE,    O_WRONLY, DENY_WRITE,     A_0},
+{1, O_RDONLY, DENY_WRITE,      O_RDWR,  DENY_READ,     A_0},
+{1, O_RDONLY, DENY_WRITE,    O_RDONLY,  DENY_READ,     A_0},
+{1, O_RDONLY, DENY_WRITE,    O_WRONLY,  DENY_READ,     A_0},
+{1, O_RDONLY, DENY_WRITE,      O_RDWR,  DENY_NONE,     A_0},
+{1, O_RDONLY, DENY_WRITE,    O_RDONLY,  DENY_NONE,     A_R},
+{1, O_RDONLY, DENY_WRITE,    O_WRONLY,  DENY_NONE,     A_0},
+{1, O_RDONLY, DENY_WRITE,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_RDONLY, DENY_WRITE,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY, DENY_WRITE,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY, DENY_WRITE,      O_RDWR,   DENY_DOS,     A_0},
+{1, O_WRONLY, DENY_WRITE,    O_RDONLY,   DENY_DOS,     A_R},
+{1, O_WRONLY, DENY_WRITE,    O_WRONLY,   DENY_DOS,     A_0},
+{1, O_WRONLY, DENY_WRITE,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_WRONLY, DENY_WRITE,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY, DENY_WRITE,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY, DENY_WRITE,      O_RDWR, DENY_WRITE,     A_0},
+{1, O_WRONLY, DENY_WRITE,    O_RDONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY, DENY_WRITE,    O_WRONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY, DENY_WRITE,      O_RDWR,  DENY_READ,     A_0},
+{1, O_WRONLY, DENY_WRITE,    O_RDONLY,  DENY_READ,     A_R},
+{1, O_WRONLY, DENY_WRITE,    O_WRONLY,  DENY_READ,     A_0},
+{1, O_WRONLY, DENY_WRITE,      O_RDWR,  DENY_NONE,     A_0},
+{1, O_WRONLY, DENY_WRITE,    O_RDONLY,  DENY_NONE,     A_R},
+{1, O_WRONLY, DENY_WRITE,    O_WRONLY,  DENY_NONE,     A_0},
+{1, O_WRONLY, DENY_WRITE,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_WRONLY, DENY_WRITE,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY, DENY_WRITE,    O_WRONLY,   DENY_FCB,     A_0},
+{1,   O_RDWR,  DENY_READ,      O_RDWR,   DENY_DOS,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_RDONLY,   DENY_DOS,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_WRONLY,   DENY_DOS,     A_W},
+{1,   O_RDWR,  DENY_READ,      O_RDWR,   DENY_ALL,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_RDONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_WRONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR,  DENY_READ,      O_RDWR, DENY_WRITE,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_RDONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_WRONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR,  DENY_READ,      O_RDWR,  DENY_READ,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_RDONLY,  DENY_READ,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_WRONLY,  DENY_READ,     A_0},
+{1,   O_RDWR,  DENY_READ,      O_RDWR,  DENY_NONE,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_RDONLY,  DENY_NONE,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_WRONLY,  DENY_NONE,     A_W},
+{1,   O_RDWR,  DENY_READ,      O_RDWR,   DENY_FCB,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_RDONLY,   DENY_FCB,     A_0},
+{1,   O_RDWR,  DENY_READ,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY,  DENY_READ,      O_RDWR,   DENY_DOS,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_RDONLY,   DENY_DOS,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_WRONLY,   DENY_DOS,     A_W},
+{1, O_RDONLY,  DENY_READ,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY,  DENY_READ,      O_RDWR, DENY_WRITE,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_RDONLY, DENY_WRITE,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_WRONLY, DENY_WRITE,     A_W},
+{1, O_RDONLY,  DENY_READ,      O_RDWR,  DENY_READ,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_RDONLY,  DENY_READ,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_WRONLY,  DENY_READ,     A_0},
+{1, O_RDONLY,  DENY_READ,      O_RDWR,  DENY_NONE,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_RDONLY,  DENY_NONE,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_WRONLY,  DENY_NONE,     A_W},
+{1, O_RDONLY,  DENY_READ,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY,  DENY_READ,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY,  DENY_READ,      O_RDWR,   DENY_DOS,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_RDONLY,   DENY_DOS,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_WRONLY,   DENY_DOS,     A_W},
+{1, O_WRONLY,  DENY_READ,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY,  DENY_READ,      O_RDWR, DENY_WRITE,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_RDONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_WRONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY,  DENY_READ,      O_RDWR,  DENY_READ,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_RDONLY,  DENY_READ,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_WRONLY,  DENY_READ,     A_W},
+{1, O_WRONLY,  DENY_READ,      O_RDWR,  DENY_NONE,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_RDONLY,  DENY_NONE,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_WRONLY,  DENY_NONE,     A_W},
+{1, O_WRONLY,  DENY_READ,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY,  DENY_READ,    O_WRONLY,   DENY_FCB,     A_0},
+{1,   O_RDWR,  DENY_NONE,      O_RDWR,   DENY_DOS,     A_RW},
+{1,   O_RDWR,  DENY_NONE,    O_RDONLY,   DENY_DOS,     A_R},
+{1,   O_RDWR,  DENY_NONE,    O_WRONLY,   DENY_DOS,     A_W},
+{1,   O_RDWR,  DENY_NONE,      O_RDWR,   DENY_ALL,     A_0},
+{1,   O_RDWR,  DENY_NONE,    O_RDONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR,  DENY_NONE,    O_WRONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR,  DENY_NONE,      O_RDWR, DENY_WRITE,     A_0},
+{1,   O_RDWR,  DENY_NONE,    O_RDONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR,  DENY_NONE,    O_WRONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR,  DENY_NONE,      O_RDWR,  DENY_READ,     A_0},
+{1,   O_RDWR,  DENY_NONE,    O_RDONLY,  DENY_READ,     A_0},
+{1,   O_RDWR,  DENY_NONE,    O_WRONLY,  DENY_READ,     A_0},
+{1,   O_RDWR,  DENY_NONE,      O_RDWR,  DENY_NONE,     A_RW},
+{1,   O_RDWR,  DENY_NONE,    O_RDONLY,  DENY_NONE,     A_R},
+{1,   O_RDWR,  DENY_NONE,    O_WRONLY,  DENY_NONE,     A_W},
+{1,   O_RDWR,  DENY_NONE,      O_RDWR,   DENY_FCB,     A_0},
+{1,   O_RDWR,  DENY_NONE,    O_RDONLY,   DENY_FCB,     A_0},
+{1,   O_RDWR,  DENY_NONE,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY,  DENY_NONE,      O_RDWR,   DENY_DOS,     A_RW},
+{1, O_RDONLY,  DENY_NONE,    O_RDONLY,   DENY_DOS,     A_R},
+{1, O_RDONLY,  DENY_NONE,    O_WRONLY,   DENY_DOS,     A_W},
+{1, O_RDONLY,  DENY_NONE,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_RDONLY,  DENY_NONE,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY,  DENY_NONE,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY,  DENY_NONE,      O_RDWR, DENY_WRITE,     A_RW},
+{1, O_RDONLY,  DENY_NONE,    O_RDONLY, DENY_WRITE,     A_R},
+{1, O_RDONLY,  DENY_NONE,    O_WRONLY, DENY_WRITE,     A_W},
+{1, O_RDONLY,  DENY_NONE,      O_RDWR,  DENY_READ,     A_0},
+{1, O_RDONLY,  DENY_NONE,    O_RDONLY,  DENY_READ,     A_0},
+{1, O_RDONLY,  DENY_NONE,    O_WRONLY,  DENY_READ,     A_0},
+{1, O_RDONLY,  DENY_NONE,      O_RDWR,  DENY_NONE,     A_RW},
+{1, O_RDONLY,  DENY_NONE,    O_RDONLY,  DENY_NONE,     A_R},
+{1, O_RDONLY,  DENY_NONE,    O_WRONLY,  DENY_NONE,     A_W},
+{1, O_RDONLY,  DENY_NONE,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_RDONLY,  DENY_NONE,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_RDONLY,  DENY_NONE,    O_WRONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY,  DENY_NONE,      O_RDWR,   DENY_DOS,     A_RW},
+{1, O_WRONLY,  DENY_NONE,    O_RDONLY,   DENY_DOS,     A_R},
+{1, O_WRONLY,  DENY_NONE,    O_WRONLY,   DENY_DOS,     A_W},
+{1, O_WRONLY,  DENY_NONE,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_WRONLY,  DENY_NONE,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY,  DENY_NONE,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY,  DENY_NONE,      O_RDWR, DENY_WRITE,     A_0},
+{1, O_WRONLY,  DENY_NONE,    O_RDONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY,  DENY_NONE,    O_WRONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY,  DENY_NONE,      O_RDWR,  DENY_READ,     A_RW},
+{1, O_WRONLY,  DENY_NONE,    O_RDONLY,  DENY_READ,     A_R},
+{1, O_WRONLY,  DENY_NONE,    O_WRONLY,  DENY_READ,     A_W},
+{1, O_WRONLY,  DENY_NONE,      O_RDWR,  DENY_NONE,     A_RW},
+{1, O_WRONLY,  DENY_NONE,    O_RDONLY,  DENY_NONE,     A_R},
+{1, O_WRONLY,  DENY_NONE,    O_WRONLY,  DENY_NONE,     A_W},
+{1, O_WRONLY,  DENY_NONE,      O_RDWR,   DENY_FCB,     A_0},
+{1, O_WRONLY,  DENY_NONE,    O_RDONLY,   DENY_FCB,     A_0},
+{1, O_WRONLY,  DENY_NONE,    O_WRONLY,   DENY_FCB,     A_0},
+{1,   O_RDWR,   DENY_FCB,      O_RDWR,   DENY_DOS,     A_RW},
+{1,   O_RDWR,   DENY_FCB,    O_RDONLY,   DENY_DOS,     A_R},
+{1,   O_RDWR,   DENY_FCB,    O_WRONLY,   DENY_DOS,     A_W},
+{1,   O_RDWR,   DENY_FCB,      O_RDWR,   DENY_ALL,     A_0},
+{1,   O_RDWR,   DENY_FCB,    O_RDONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR,   DENY_FCB,    O_WRONLY,   DENY_ALL,     A_0},
+{1,   O_RDWR,   DENY_FCB,      O_RDWR, DENY_WRITE,     A_0},
+{1,   O_RDWR,   DENY_FCB,    O_RDONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR,   DENY_FCB,    O_WRONLY, DENY_WRITE,     A_0},
+{1,   O_RDWR,   DENY_FCB,      O_RDWR,  DENY_READ,     A_0},
+{1,   O_RDWR,   DENY_FCB,    O_RDONLY,  DENY_READ,     A_0},
+{1,   O_RDWR,   DENY_FCB,    O_WRONLY,  DENY_READ,     A_0},
+{1,   O_RDWR,   DENY_FCB,      O_RDWR,  DENY_NONE,     A_0},
+{1,   O_RDWR,   DENY_FCB,    O_RDONLY,  DENY_NONE,     A_0},
+{1,   O_RDWR,   DENY_FCB,    O_WRONLY,  DENY_NONE,     A_0},
+{1,   O_RDWR,   DENY_FCB,      O_RDWR,   DENY_FCB,     A_RW},
+{1,   O_RDWR,   DENY_FCB,    O_RDONLY,   DENY_FCB,     A_RW},
+{1,   O_RDWR,   DENY_FCB,    O_WRONLY,   DENY_FCB,     A_RW},
+{1, O_RDONLY,   DENY_FCB,      O_RDWR,   DENY_DOS,     A_RW},
+{1, O_RDONLY,   DENY_FCB,    O_RDONLY,   DENY_DOS,     A_R},
+{1, O_RDONLY,   DENY_FCB,    O_WRONLY,   DENY_DOS,     A_W},
+{1, O_RDONLY,   DENY_FCB,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_RDONLY,   DENY_FCB,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY,   DENY_FCB,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_RDONLY,   DENY_FCB,      O_RDWR, DENY_WRITE,     A_0},
+{1, O_RDONLY,   DENY_FCB,    O_RDONLY, DENY_WRITE,     A_0},
+{1, O_RDONLY,   DENY_FCB,    O_WRONLY, DENY_WRITE,     A_0},
+{1, O_RDONLY,   DENY_FCB,      O_RDWR,  DENY_READ,     A_0},
+{1, O_RDONLY,   DENY_FCB,    O_RDONLY,  DENY_READ,     A_0},
+{1, O_RDONLY,   DENY_FCB,    O_WRONLY,  DENY_READ,     A_0},
+{1, O_RDONLY,   DENY_FCB,      O_RDWR,  DENY_NONE,     A_0},
+{1, O_RDONLY,   DENY_FCB,    O_RDONLY,  DENY_NONE,     A_0},
+{1, O_RDONLY,   DENY_FCB,    O_WRONLY,  DENY_NONE,     A_0},
+{1, O_RDONLY,   DENY_FCB,      O_RDWR,   DENY_FCB,     A_RW},
+{1, O_RDONLY,   DENY_FCB,    O_RDONLY,   DENY_FCB,     A_RW},
+{1, O_RDONLY,   DENY_FCB,    O_WRONLY,   DENY_FCB,     A_RW},
+{1, O_WRONLY,   DENY_FCB,      O_RDWR,   DENY_DOS,     A_RW},
+{1, O_WRONLY,   DENY_FCB,    O_RDONLY,   DENY_DOS,     A_R},
+{1, O_WRONLY,   DENY_FCB,    O_WRONLY,   DENY_DOS,     A_W},
+{1, O_WRONLY,   DENY_FCB,      O_RDWR,   DENY_ALL,     A_0},
+{1, O_WRONLY,   DENY_FCB,    O_RDONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY,   DENY_FCB,    O_WRONLY,   DENY_ALL,     A_0},
+{1, O_WRONLY,   DENY_FCB,      O_RDWR, DENY_WRITE,     A_0},
+{1, O_WRONLY,   DENY_FCB,    O_RDONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY,   DENY_FCB,    O_WRONLY, DENY_WRITE,     A_0},
+{1, O_WRONLY,   DENY_FCB,      O_RDWR,  DENY_READ,     A_0},
+{1, O_WRONLY,   DENY_FCB,    O_RDONLY,  DENY_READ,     A_0},
+{1, O_WRONLY,   DENY_FCB,    O_WRONLY,  DENY_READ,     A_0},
+{1, O_WRONLY,   DENY_FCB,      O_RDWR,  DENY_NONE,     A_0},
+{1, O_WRONLY,   DENY_FCB,    O_RDONLY,  DENY_NONE,     A_0},
+{1, O_WRONLY,   DENY_FCB,    O_WRONLY,  DENY_NONE,     A_0},
+{1, O_WRONLY,   DENY_FCB,      O_RDWR,   DENY_FCB,     A_RW},
+{1, O_WRONLY,   DENY_FCB,    O_RDONLY,   DENY_FCB,     A_RW},
+{1, O_WRONLY,   DENY_FCB,    O_WRONLY,   DENY_FCB,     A_RW},
+{0,   O_RDWR,   DENY_DOS,      O_RDWR,   DENY_DOS,     A_RW},
+{0,   O_RDWR,   DENY_DOS,    O_RDONLY,   DENY_DOS,     A_R},
+{0,   O_RDWR,   DENY_DOS,    O_WRONLY,   DENY_DOS,     A_W},
+{0,   O_RDWR,   DENY_DOS,      O_RDWR,   DENY_ALL,     A_0},
+{0,   O_RDWR,   DENY_DOS,    O_RDONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR,   DENY_DOS,    O_WRONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR,   DENY_DOS,      O_RDWR, DENY_WRITE,     A_0},
+{0,   O_RDWR,   DENY_DOS,    O_RDONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR,   DENY_DOS,    O_WRONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR,   DENY_DOS,      O_RDWR,  DENY_READ,     A_0},
+{0,   O_RDWR,   DENY_DOS,    O_RDONLY,  DENY_READ,     A_0},
+{0,   O_RDWR,   DENY_DOS,    O_WRONLY,  DENY_READ,     A_0},
+{0,   O_RDWR,   DENY_DOS,      O_RDWR,  DENY_NONE,     A_0},
+{0,   O_RDWR,   DENY_DOS,    O_RDONLY,  DENY_NONE,     A_0},
+{0,   O_RDWR,   DENY_DOS,    O_WRONLY,  DENY_NONE,     A_0},
+{0,   O_RDWR,   DENY_DOS,      O_RDWR,   DENY_FCB,     A_RW},
+{0,   O_RDWR,   DENY_DOS,    O_RDONLY,   DENY_FCB,     A_RW},
+{0,   O_RDWR,   DENY_DOS,    O_WRONLY,   DENY_FCB,     A_RW},
+{0, O_RDONLY,   DENY_DOS,      O_RDWR,   DENY_DOS,     A_0},
+{0, O_RDONLY,   DENY_DOS,    O_RDONLY,   DENY_DOS,     A_R},
+{0, O_RDONLY,   DENY_DOS,    O_WRONLY,   DENY_DOS,     A_0},
+{0, O_RDONLY,   DENY_DOS,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_RDONLY,   DENY_DOS,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY,   DENY_DOS,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY,   DENY_DOS,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_RDONLY,   DENY_DOS,    O_RDONLY, DENY_WRITE,     A_R},
+{0, O_RDONLY,   DENY_DOS,    O_WRONLY, DENY_WRITE,     A_0},
+{0, O_RDONLY,   DENY_DOS,      O_RDWR,  DENY_READ,     A_0},
+{0, O_RDONLY,   DENY_DOS,    O_RDONLY,  DENY_READ,     A_0},
+{0, O_RDONLY,   DENY_DOS,    O_WRONLY,  DENY_READ,     A_0},
+{0, O_RDONLY,   DENY_DOS,      O_RDWR,  DENY_NONE,     A_0},
+{0, O_RDONLY,   DENY_DOS,    O_RDONLY,  DENY_NONE,     A_R},
+{0, O_RDONLY,   DENY_DOS,    O_WRONLY,  DENY_NONE,     A_0},
+{0, O_RDONLY,   DENY_DOS,      O_RDWR,   DENY_FCB,     A_0},
+{0, O_RDONLY,   DENY_DOS,    O_RDONLY,   DENY_FCB,     A_0},
+{0, O_RDONLY,   DENY_DOS,    O_WRONLY,   DENY_FCB,     A_0},
+{0, O_WRONLY,   DENY_DOS,      O_RDWR,   DENY_DOS,     A_RW},
+{0, O_WRONLY,   DENY_DOS,    O_RDONLY,   DENY_DOS,     A_R},
+{0, O_WRONLY,   DENY_DOS,    O_WRONLY,   DENY_DOS,     A_W},
+{0, O_WRONLY,   DENY_DOS,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_WRONLY,   DENY_DOS,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY,   DENY_DOS,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY,   DENY_DOS,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_WRONLY,   DENY_DOS,    O_RDONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY,   DENY_DOS,    O_WRONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY,   DENY_DOS,      O_RDWR,  DENY_READ,     A_0},
+{0, O_WRONLY,   DENY_DOS,    O_RDONLY,  DENY_READ,     A_0},
+{0, O_WRONLY,   DENY_DOS,    O_WRONLY,  DENY_READ,     A_0},
+{0, O_WRONLY,   DENY_DOS,      O_RDWR,  DENY_NONE,     A_0},
+{0, O_WRONLY,   DENY_DOS,    O_RDONLY,  DENY_NONE,     A_0},
+{0, O_WRONLY,   DENY_DOS,    O_WRONLY,  DENY_NONE,     A_0},
+{0, O_WRONLY,   DENY_DOS,      O_RDWR,   DENY_FCB,     A_RW},
+{0, O_WRONLY,   DENY_DOS,    O_RDONLY,   DENY_FCB,     A_RW},
+{0, O_WRONLY,   DENY_DOS,    O_WRONLY,   DENY_FCB,     A_RW},
+{0,   O_RDWR,   DENY_ALL,      O_RDWR,   DENY_DOS,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_RDONLY,   DENY_DOS,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_WRONLY,   DENY_DOS,     A_0},
+{0,   O_RDWR,   DENY_ALL,      O_RDWR,   DENY_ALL,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_RDONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_WRONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR,   DENY_ALL,      O_RDWR, DENY_WRITE,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_RDONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_WRONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR,   DENY_ALL,      O_RDWR,  DENY_READ,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_RDONLY,  DENY_READ,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_WRONLY,  DENY_READ,     A_0},
+{0,   O_RDWR,   DENY_ALL,      O_RDWR,  DENY_NONE,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_RDONLY,  DENY_NONE,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_WRONLY,  DENY_NONE,     A_0},
+{0,   O_RDWR,   DENY_ALL,      O_RDWR,   DENY_FCB,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_RDONLY,   DENY_FCB,     A_0},
+{0,   O_RDWR,   DENY_ALL,    O_WRONLY,   DENY_FCB,     A_0},
+{0, O_RDONLY,   DENY_ALL,      O_RDWR,   DENY_DOS,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_RDONLY,   DENY_DOS,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_WRONLY,   DENY_DOS,     A_0},
+{0, O_RDONLY,   DENY_ALL,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY,   DENY_ALL,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_RDONLY, DENY_WRITE,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_WRONLY, DENY_WRITE,     A_0},
+{0, O_RDONLY,   DENY_ALL,      O_RDWR,  DENY_READ,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_RDONLY,  DENY_READ,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_WRONLY,  DENY_READ,     A_0},
+{0, O_RDONLY,   DENY_ALL,      O_RDWR,  DENY_NONE,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_RDONLY,  DENY_NONE,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_WRONLY,  DENY_NONE,     A_0},
+{0, O_RDONLY,   DENY_ALL,      O_RDWR,   DENY_FCB,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_RDONLY,   DENY_FCB,     A_0},
+{0, O_RDONLY,   DENY_ALL,    O_WRONLY,   DENY_FCB,     A_0},
+{0, O_WRONLY,   DENY_ALL,      O_RDWR,   DENY_DOS,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_RDONLY,   DENY_DOS,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_WRONLY,   DENY_DOS,     A_0},
+{0, O_WRONLY,   DENY_ALL,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY,   DENY_ALL,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_RDONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_WRONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY,   DENY_ALL,      O_RDWR,  DENY_READ,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_RDONLY,  DENY_READ,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_WRONLY,  DENY_READ,     A_0},
+{0, O_WRONLY,   DENY_ALL,      O_RDWR,  DENY_NONE,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_RDONLY,  DENY_NONE,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_WRONLY,  DENY_NONE,     A_0},
+{0, O_WRONLY,   DENY_ALL,      O_RDWR,   DENY_FCB,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_RDONLY,   DENY_FCB,     A_0},
+{0, O_WRONLY,   DENY_ALL,    O_WRONLY,   DENY_FCB,     A_0},
+{0,   O_RDWR, DENY_WRITE,      O_RDWR,   DENY_DOS,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_RDONLY,   DENY_DOS,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_WRONLY,   DENY_DOS,     A_0},
+{0,   O_RDWR, DENY_WRITE,      O_RDWR,   DENY_ALL,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_RDONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_WRONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR, DENY_WRITE,      O_RDWR, DENY_WRITE,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_RDONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_WRONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR, DENY_WRITE,      O_RDWR,  DENY_READ,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_RDONLY,  DENY_READ,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_WRONLY,  DENY_READ,     A_0},
+{0,   O_RDWR, DENY_WRITE,      O_RDWR,  DENY_NONE,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_RDONLY,  DENY_NONE,     A_R},
+{0,   O_RDWR, DENY_WRITE,    O_WRONLY,  DENY_NONE,     A_0},
+{0,   O_RDWR, DENY_WRITE,      O_RDWR,   DENY_FCB,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_RDONLY,   DENY_FCB,     A_0},
+{0,   O_RDWR, DENY_WRITE,    O_WRONLY,   DENY_FCB,     A_0},
+{0, O_RDONLY, DENY_WRITE,      O_RDWR,   DENY_DOS,     A_0},
+{0, O_RDONLY, DENY_WRITE,    O_RDONLY,   DENY_DOS,     A_R},
+{0, O_RDONLY, DENY_WRITE,    O_WRONLY,   DENY_DOS,     A_0},
+{0, O_RDONLY, DENY_WRITE,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_RDONLY, DENY_WRITE,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY, DENY_WRITE,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY, DENY_WRITE,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_RDONLY, DENY_WRITE,    O_RDONLY, DENY_WRITE,     A_R},
+{0, O_RDONLY, DENY_WRITE,    O_WRONLY, DENY_WRITE,     A_0},
+{0, O_RDONLY, DENY_WRITE,      O_RDWR,  DENY_READ,     A_0},
+{0, O_RDONLY, DENY_WRITE,    O_RDONLY,  DENY_READ,     A_0},
+{0, O_RDONLY, DENY_WRITE,    O_WRONLY,  DENY_READ,     A_0},
+{0, O_RDONLY, DENY_WRITE,      O_RDWR,  DENY_NONE,     A_0},
+{0, O_RDONLY, DENY_WRITE,    O_RDONLY,  DENY_NONE,     A_R},
+{0, O_RDONLY, DENY_WRITE,    O_WRONLY,  DENY_NONE,     A_0},
+{0, O_RDONLY, DENY_WRITE,      O_RDWR,   DENY_FCB,     A_0},
+{0, O_RDONLY, DENY_WRITE,    O_RDONLY,   DENY_FCB,     A_0},
+{0, O_RDONLY, DENY_WRITE,    O_WRONLY,   DENY_FCB,     A_0},
+{0, O_WRONLY, DENY_WRITE,      O_RDWR,   DENY_DOS,     A_0},
+{0, O_WRONLY, DENY_WRITE,    O_RDONLY,   DENY_DOS,     A_0},
+{0, O_WRONLY, DENY_WRITE,    O_WRONLY,   DENY_DOS,     A_0},
+{0, O_WRONLY, DENY_WRITE,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_WRONLY, DENY_WRITE,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY, DENY_WRITE,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY, DENY_WRITE,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_WRONLY, DENY_WRITE,    O_RDONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY, DENY_WRITE,    O_WRONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY, DENY_WRITE,      O_RDWR,  DENY_READ,     A_0},
+{0, O_WRONLY, DENY_WRITE,    O_RDONLY,  DENY_READ,     A_R},
+{0, O_WRONLY, DENY_WRITE,    O_WRONLY,  DENY_READ,     A_0},
+{0, O_WRONLY, DENY_WRITE,      O_RDWR,  DENY_NONE,     A_0},
+{0, O_WRONLY, DENY_WRITE,    O_RDONLY,  DENY_NONE,     A_R},
+{0, O_WRONLY, DENY_WRITE,    O_WRONLY,  DENY_NONE,     A_0},
+{0, O_WRONLY, DENY_WRITE,      O_RDWR,   DENY_FCB,     A_0},
+{0, O_WRONLY, DENY_WRITE,    O_RDONLY,   DENY_FCB,     A_0},
+{0, O_WRONLY, DENY_WRITE,    O_WRONLY,   DENY_FCB,     A_0},
+{0,   O_RDWR,  DENY_READ,      O_RDWR,   DENY_DOS,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_RDONLY,   DENY_DOS,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_WRONLY,   DENY_DOS,     A_0},
+{0,   O_RDWR,  DENY_READ,      O_RDWR,   DENY_ALL,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_RDONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_WRONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR,  DENY_READ,      O_RDWR, DENY_WRITE,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_RDONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_WRONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR,  DENY_READ,      O_RDWR,  DENY_READ,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_RDONLY,  DENY_READ,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_WRONLY,  DENY_READ,     A_0},
+{0,   O_RDWR,  DENY_READ,      O_RDWR,  DENY_NONE,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_RDONLY,  DENY_NONE,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_WRONLY,  DENY_NONE,     A_W},
+{0,   O_RDWR,  DENY_READ,      O_RDWR,   DENY_FCB,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_RDONLY,   DENY_FCB,     A_0},
+{0,   O_RDWR,  DENY_READ,    O_WRONLY,   DENY_FCB,     A_0},
+{0, O_RDONLY,  DENY_READ,      O_RDWR,   DENY_DOS,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_RDONLY,   DENY_DOS,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_WRONLY,   DENY_DOS,     A_0},
+{0, O_RDONLY,  DENY_READ,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY,  DENY_READ,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_RDONLY, DENY_WRITE,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_WRONLY, DENY_WRITE,     A_W},
+{0, O_RDONLY,  DENY_READ,      O_RDWR,  DENY_READ,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_RDONLY,  DENY_READ,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_WRONLY,  DENY_READ,     A_0},
+{0, O_RDONLY,  DENY_READ,      O_RDWR,  DENY_NONE,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_RDONLY,  DENY_NONE,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_WRONLY,  DENY_NONE,     A_W},
+{0, O_RDONLY,  DENY_READ,      O_RDWR,   DENY_FCB,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_RDONLY,   DENY_FCB,     A_0},
+{0, O_RDONLY,  DENY_READ,    O_WRONLY,   DENY_FCB,     A_0},
+{0, O_WRONLY,  DENY_READ,      O_RDWR,   DENY_DOS,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_RDONLY,   DENY_DOS,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_WRONLY,   DENY_DOS,     A_0},
+{0, O_WRONLY,  DENY_READ,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY,  DENY_READ,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_RDONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_WRONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY,  DENY_READ,      O_RDWR,  DENY_READ,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_RDONLY,  DENY_READ,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_WRONLY,  DENY_READ,     A_W},
+{0, O_WRONLY,  DENY_READ,      O_RDWR,  DENY_NONE,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_RDONLY,  DENY_NONE,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_WRONLY,  DENY_NONE,     A_W},
+{0, O_WRONLY,  DENY_READ,      O_RDWR,   DENY_FCB,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_RDONLY,   DENY_FCB,     A_0},
+{0, O_WRONLY,  DENY_READ,    O_WRONLY,   DENY_FCB,     A_0},
+{0,   O_RDWR,  DENY_NONE,      O_RDWR,   DENY_DOS,     A_0},
+{0,   O_RDWR,  DENY_NONE,    O_RDONLY,   DENY_DOS,     A_0},
+{0,   O_RDWR,  DENY_NONE,    O_WRONLY,   DENY_DOS,     A_0},
+{0,   O_RDWR,  DENY_NONE,      O_RDWR,   DENY_ALL,     A_0},
+{0,   O_RDWR,  DENY_NONE,    O_RDONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR,  DENY_NONE,    O_WRONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR,  DENY_NONE,      O_RDWR, DENY_WRITE,     A_0},
+{0,   O_RDWR,  DENY_NONE,    O_RDONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR,  DENY_NONE,    O_WRONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR,  DENY_NONE,      O_RDWR,  DENY_READ,     A_0},
+{0,   O_RDWR,  DENY_NONE,    O_RDONLY,  DENY_READ,     A_0},
+{0,   O_RDWR,  DENY_NONE,    O_WRONLY,  DENY_READ,     A_0},
+{0,   O_RDWR,  DENY_NONE,      O_RDWR,  DENY_NONE,     A_RW},
+{0,   O_RDWR,  DENY_NONE,    O_RDONLY,  DENY_NONE,     A_R},
+{0,   O_RDWR,  DENY_NONE,    O_WRONLY,  DENY_NONE,     A_W},
+{0,   O_RDWR,  DENY_NONE,      O_RDWR,   DENY_FCB,     A_0},
+{0,   O_RDWR,  DENY_NONE,    O_RDONLY,   DENY_FCB,     A_0},
+{0,   O_RDWR,  DENY_NONE,    O_WRONLY,   DENY_FCB,     A_0},
+{0, O_RDONLY,  DENY_NONE,      O_RDWR,   DENY_DOS,     A_0},
+{0, O_RDONLY,  DENY_NONE,    O_RDONLY,   DENY_DOS,     A_R},
+{0, O_RDONLY,  DENY_NONE,    O_WRONLY,   DENY_DOS,     A_0},
+{0, O_RDONLY,  DENY_NONE,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_RDONLY,  DENY_NONE,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY,  DENY_NONE,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY,  DENY_NONE,      O_RDWR, DENY_WRITE,     A_RW},
+{0, O_RDONLY,  DENY_NONE,    O_RDONLY, DENY_WRITE,     A_R},
+{0, O_RDONLY,  DENY_NONE,    O_WRONLY, DENY_WRITE,     A_W},
+{0, O_RDONLY,  DENY_NONE,      O_RDWR,  DENY_READ,     A_0},
+{0, O_RDONLY,  DENY_NONE,    O_RDONLY,  DENY_READ,     A_0},
+{0, O_RDONLY,  DENY_NONE,    O_WRONLY,  DENY_READ,     A_0},
+{0, O_RDONLY,  DENY_NONE,      O_RDWR,  DENY_NONE,     A_RW},
+{0, O_RDONLY,  DENY_NONE,    O_RDONLY,  DENY_NONE,     A_R},
+{0, O_RDONLY,  DENY_NONE,    O_WRONLY,  DENY_NONE,     A_W},
+{0, O_RDONLY,  DENY_NONE,      O_RDWR,   DENY_FCB,     A_0},
+{0, O_RDONLY,  DENY_NONE,    O_RDONLY,   DENY_FCB,     A_0},
+{0, O_RDONLY,  DENY_NONE,    O_WRONLY,   DENY_FCB,     A_0},
+{0, O_WRONLY,  DENY_NONE,      O_RDWR,   DENY_DOS,     A_0},
+{0, O_WRONLY,  DENY_NONE,    O_RDONLY,   DENY_DOS,     A_0},
+{0, O_WRONLY,  DENY_NONE,    O_WRONLY,   DENY_DOS,     A_0},
+{0, O_WRONLY,  DENY_NONE,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_WRONLY,  DENY_NONE,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY,  DENY_NONE,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY,  DENY_NONE,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_WRONLY,  DENY_NONE,    O_RDONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY,  DENY_NONE,    O_WRONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY,  DENY_NONE,      O_RDWR,  DENY_READ,     A_RW},
+{0, O_WRONLY,  DENY_NONE,    O_RDONLY,  DENY_READ,     A_R},
+{0, O_WRONLY,  DENY_NONE,    O_WRONLY,  DENY_READ,     A_W},
+{0, O_WRONLY,  DENY_NONE,      O_RDWR,  DENY_NONE,     A_RW},
+{0, O_WRONLY,  DENY_NONE,    O_RDONLY,  DENY_NONE,     A_R},
+{0, O_WRONLY,  DENY_NONE,    O_WRONLY,  DENY_NONE,     A_W},
+{0, O_WRONLY,  DENY_NONE,      O_RDWR,   DENY_FCB,     A_0},
+{0, O_WRONLY,  DENY_NONE,    O_RDONLY,   DENY_FCB,     A_0},
+{0, O_WRONLY,  DENY_NONE,    O_WRONLY,   DENY_FCB,     A_0},
+{0,   O_RDWR,   DENY_FCB,      O_RDWR,   DENY_DOS,     A_RW},
+{0,   O_RDWR,   DENY_FCB,    O_RDONLY,   DENY_DOS,     A_R},
+{0,   O_RDWR,   DENY_FCB,    O_WRONLY,   DENY_DOS,     A_W},
+{0,   O_RDWR,   DENY_FCB,      O_RDWR,   DENY_ALL,     A_0},
+{0,   O_RDWR,   DENY_FCB,    O_RDONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR,   DENY_FCB,    O_WRONLY,   DENY_ALL,     A_0},
+{0,   O_RDWR,   DENY_FCB,      O_RDWR, DENY_WRITE,     A_0},
+{0,   O_RDWR,   DENY_FCB,    O_RDONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR,   DENY_FCB,    O_WRONLY, DENY_WRITE,     A_0},
+{0,   O_RDWR,   DENY_FCB,      O_RDWR,  DENY_READ,     A_0},
+{0,   O_RDWR,   DENY_FCB,    O_RDONLY,  DENY_READ,     A_0},
+{0,   O_RDWR,   DENY_FCB,    O_WRONLY,  DENY_READ,     A_0},
+{0,   O_RDWR,   DENY_FCB,      O_RDWR,  DENY_NONE,     A_0},
+{0,   O_RDWR,   DENY_FCB,    O_RDONLY,  DENY_NONE,     A_0},
+{0,   O_RDWR,   DENY_FCB,    O_WRONLY,  DENY_NONE,     A_0},
+{0,   O_RDWR,   DENY_FCB,      O_RDWR,   DENY_FCB,     A_RW},
+{0,   O_RDWR,   DENY_FCB,    O_RDONLY,   DENY_FCB,     A_RW},
+{0,   O_RDWR,   DENY_FCB,    O_WRONLY,   DENY_FCB,     A_RW},
+{0, O_RDONLY,   DENY_FCB,      O_RDWR,   DENY_DOS,     A_RW},
+{0, O_RDONLY,   DENY_FCB,    O_RDONLY,   DENY_DOS,     A_R},
+{0, O_RDONLY,   DENY_FCB,    O_WRONLY,   DENY_DOS,     A_W},
+{0, O_RDONLY,   DENY_FCB,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_RDONLY,   DENY_FCB,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY,   DENY_FCB,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_RDONLY,   DENY_FCB,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_RDONLY,   DENY_FCB,    O_RDONLY, DENY_WRITE,     A_0},
+{0, O_RDONLY,   DENY_FCB,    O_WRONLY, DENY_WRITE,     A_0},
+{0, O_RDONLY,   DENY_FCB,      O_RDWR,  DENY_READ,     A_0},
+{0, O_RDONLY,   DENY_FCB,    O_RDONLY,  DENY_READ,     A_0},
+{0, O_RDONLY,   DENY_FCB,    O_WRONLY,  DENY_READ,     A_0},
+{0, O_RDONLY,   DENY_FCB,      O_RDWR,  DENY_NONE,     A_0},
+{0, O_RDONLY,   DENY_FCB,    O_RDONLY,  DENY_NONE,     A_0},
+{0, O_RDONLY,   DENY_FCB,    O_WRONLY,  DENY_NONE,     A_0},
+{0, O_RDONLY,   DENY_FCB,      O_RDWR,   DENY_FCB,     A_RW},
+{0, O_RDONLY,   DENY_FCB,    O_RDONLY,   DENY_FCB,     A_RW},
+{0, O_RDONLY,   DENY_FCB,    O_WRONLY,   DENY_FCB,     A_RW},
+{0, O_WRONLY,   DENY_FCB,      O_RDWR,   DENY_DOS,     A_RW},
+{0, O_WRONLY,   DENY_FCB,    O_RDONLY,   DENY_DOS,     A_R},
+{0, O_WRONLY,   DENY_FCB,    O_WRONLY,   DENY_DOS,     A_W},
+{0, O_WRONLY,   DENY_FCB,      O_RDWR,   DENY_ALL,     A_0},
+{0, O_WRONLY,   DENY_FCB,    O_RDONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY,   DENY_FCB,    O_WRONLY,   DENY_ALL,     A_0},
+{0, O_WRONLY,   DENY_FCB,      O_RDWR, DENY_WRITE,     A_0},
+{0, O_WRONLY,   DENY_FCB,    O_RDONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY,   DENY_FCB,    O_WRONLY, DENY_WRITE,     A_0},
+{0, O_WRONLY,   DENY_FCB,      O_RDWR,  DENY_READ,     A_0},
+{0, O_WRONLY,   DENY_FCB,    O_RDONLY,  DENY_READ,     A_0},
+{0, O_WRONLY,   DENY_FCB,    O_WRONLY,  DENY_READ,     A_0},
+{0, O_WRONLY,   DENY_FCB,      O_RDWR,  DENY_NONE,     A_0},
+{0, O_WRONLY,   DENY_FCB,    O_RDONLY,  DENY_NONE,     A_0},
+{0, O_WRONLY,   DENY_FCB,    O_WRONLY,  DENY_NONE,     A_0},
+{0, O_WRONLY,   DENY_FCB,      O_RDWR,   DENY_FCB,     A_RW},
+{0, O_WRONLY,   DENY_FCB,    O_RDONLY,   DENY_FCB,     A_RW},
+{0, O_WRONLY,   DENY_FCB,    O_WRONLY,   DENY_FCB,     A_RW}
+};
+
+
+static void progress_bar(unsigned i, unsigned total)
+{
+	if (i % 10 != 0) return;
+	printf("%5d/%5d\r", i, total);
+	fflush(stdout);
+}
+
+/*
+  this produces a matrix of deny mode behaviour for 1 connection
+ */
+BOOL torture_denytest1(int dummy)
+{
+	static struct cli_state cli1;
+	int fnum1, fnum2;
+	int i;
+	BOOL correct = True;
+	char *fnames[2] = {"\\denytest1.dat", "\\denytest1.exe"};
+
+	if (!torture_open_connection(&cli1)) {
+		return False;
+	}
+
+	printf("starting denytest1\n");
+
+	for (i=0;i<2;i++) {
+		cli_unlink(&cli1, fnames[i]);
+		fnum1 = cli_open(&cli1, fnames[i], O_RDWR|O_CREAT, DENY_NONE);
+		cli_write(&cli1, fnum1, 0, fnames[i], 0, strlen(fnames[i]));
+		cli_close(&cli1, fnum1);
+	}
+
+	printf("testing %d entries\n", ARRAY_SIZE(denytable1));
+
+	for (i=0; i<ARRAY_SIZE(denytable1); i++) {
+		enum deny_result res;
+		char *fname = fnames[denytable1[i].isexe];
+
+		progress_bar(i, ARRAY_SIZE(denytable1));
+
+		fnum1 = cli_open(&cli1, fname, 
+				 denytable1[i].mode1,
+				 denytable1[i].deny1);
+		fnum2 = cli_open(&cli1, fname, 
+				 denytable1[i].mode2,
+				 denytable1[i].deny2);
+
+		if (fnum1 == -1) {
+			res = A_X;
+		} else if (fnum2 == -1) {
+			res = A_0;
+		} else {
+			char x = 1;
+			res = A_0;
+			if (cli_read(&cli1, fnum2, (void *)&x, 0, 1) == 1) {
+				res += A_R;
+			}
+			if (cli_write(&cli1, fnum2, 0, (void *)&x, 0, 1) == 1) {
+				res += A_W;
+			}
+		}
+
+		if (res != denytable1[i].result) {
+			correct = False;
+		}
+
+		if (torture_showall || res != denytable1[i].result) {
+			printf("%s %8s %10s    %8s %10s    %s (correct=%s)\n",
+			       fname,
+			       denystr(denytable1[i].deny1),
+			       openstr(denytable1[i].mode1),
+			       denystr(denytable1[i].deny2),
+			       openstr(denytable1[i].mode2),
+			       resultstr(res),
+			       resultstr(denytable1[i].result));
+		}
+
+		cli_close(&cli1, fnum1);
+		cli_close(&cli1, fnum2);
+	}
+
+	for (i=0;i<2;i++) {
+		cli_unlink(&cli1, fnames[i]);
+	}
+		
+	if (!torture_close_connection(&cli1)) {
+		correct = False;
+	}
+	
+	printf("finshed denytest1\n");
+	return correct;
+}
+
+
+/*
+  this produces a matrix of deny mode behaviour with 2 connections
+ */
+BOOL torture_denytest2(int dummy)
+{
+	static struct cli_state cli1, cli2;
+	int fnum1, fnum2;
+	int i;
+	BOOL correct = True;
+	char *fnames[2] = {"\\denytest2.dat", "\\denytest2.exe"};
+
+	if (!torture_open_connection(&cli1) || !torture_open_connection(&cli2)) {
+		return False;
+	}
+
+	printf("starting denytest2\n");
+
+	for (i=0;i<2;i++) {
+		cli_unlink(&cli1, fnames[i]);
+		fnum1 = cli_open(&cli1, fnames[i], O_RDWR|O_CREAT, DENY_NONE);
+		cli_write(&cli1, fnum1, 0, fnames[i], 0, strlen(fnames[i]));
+		cli_close(&cli1, fnum1);
+	}
+
+	for (i=0; i<ARRAY_SIZE(denytable2); i++) {
+		enum deny_result res;
+		char *fname = fnames[denytable2[i].isexe];
+
+		progress_bar(i, ARRAY_SIZE(denytable1));
+
+		fnum1 = cli_open(&cli1, fname, 
+				 denytable2[i].mode1,
+				 denytable2[i].deny1);
+		fnum2 = cli_open(&cli2, fname, 
+				 denytable2[i].mode2,
+				 denytable2[i].deny2);
+
+		if (fnum1 == -1) {
+			res = A_X;
+		} else if (fnum2 == -1) {
+			res = A_0;
+		} else {
+			char x = 1;
+			res = A_0;
+			if (cli_read(&cli2, fnum2, (void *)&x, 0, 1) == 1) {
+				res += A_R;
+			}
+			if (cli_write(&cli2, fnum2, 0, (void *)&x, 0, 1) == 1) {
+				res += A_W;
+			}
+		}
+
+		if (res != denytable2[i].result) {
+			correct = False;
+		}
+
+		if (torture_showall || res != denytable2[i].result) {
+			printf("%s %8s %10s    %8s %10s    %s (correct=%s)\n",
+			       fname,
+			       denystr(denytable2[i].deny1),
+			       openstr(denytable2[i].mode1),
+			       denystr(denytable2[i].deny2),
+			       openstr(denytable2[i].mode2),
+			       resultstr(res),
+			       resultstr(denytable2[i].result));
+		}
+
+		cli_close(&cli1, fnum1);
+		cli_close(&cli2, fnum2);
+	}
+		
+	for (i=0;i<2;i++) {
+		cli_unlink(&cli1, fnames[i]);
+	}
+
+	if (!torture_close_connection(&cli1)) {
+		correct = False;
+	}
+	if (!torture_close_connection(&cli2)) {
+		correct = False;
+	}
+	
+	printf("finshed denytest2\n");
+	return correct;
+}
+
diff --git a/source3/torture/locktest.c b/source3/torture/locktest.c
new file mode 100644
index 0000000000..c34b4c1ad2
--- /dev/null
+++ b/source3/torture/locktest.c
@@ -0,0 +1,675 @@
+/* 
+   Unix SMB/CIFS implementation.
+   randomised byte range lock tester
+   Copyright (C) Andrew Tridgell 1999
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#define NO_SYSLOG
+
+#include "includes.h"
+
+static fstring password[2];
+static fstring username[2];
+static int got_pass;
+static BOOL use_kerberos;
+static int numops = 1000;
+static BOOL showall;
+static BOOL analyze;
+static BOOL hide_unlock_fails;
+static BOOL use_oplocks;
+static unsigned lock_range = 100;
+static unsigned lock_base = 0;
+static unsigned min_length = 0;
+static BOOL exact_error_codes;
+static BOOL zero_zero;
+
+#define FILENAME "\\locktest.dat"
+
+#define READ_PCT 50
+#define LOCK_PCT 45
+#define UNLOCK_PCT 70
+#define RANGE_MULTIPLE 1
+#define NSERVERS 2
+#define NCONNECTIONS 2
+#define NFILES 2
+#define LOCK_TIMEOUT 0
+
+#define NASTY_POSIX_LOCK_HACK 0
+
+enum lock_op {OP_LOCK, OP_UNLOCK, OP_REOPEN};
+
+struct record {
+	enum lock_op lock_op;
+	enum brl_type lock_type;
+	char conn, f;
+	SMB_BIG_UINT start, len;
+	char needed;
+};
+
+#define PRESETS 0
+
+#if PRESETS
+static struct record preset[] = {
+{OP_LOCK, WRITE_LOCK, 0, 0, 2, 0, 1},
+{OP_LOCK, WRITE_LOCK, 0, 0, 0, 0, 1},
+{OP_LOCK, WRITE_LOCK, 0, 0, 3, 0, 1},
+{OP_UNLOCK, 0       , 0, 0, 2, 0, 1},
+{OP_REOPEN, 0, 0, 0, 0, 0, 1},
+
+{OP_LOCK, READ_LOCK, 0, 0, 2, 0, 1},
+{OP_LOCK, READ_LOCK, 0, 0, 1, 1, 1},
+{OP_LOCK, WRITE_LOCK, 0, 0, 0, 0, 1},
+{OP_REOPEN, 0, 0, 0, 0, 0, 1},
+
+{OP_LOCK, READ_LOCK, 0, 0, 2, 0, 1},
+{OP_LOCK, WRITE_LOCK, 0, 0, 3, 1, 1},
+{OP_LOCK, WRITE_LOCK, 0, 0, 0, 0, 1},
+{OP_REOPEN, 0, 0, 0, 0, 0, 1},
+
+{OP_LOCK, READ_LOCK, 0, 0, 2, 0, 1},
+{OP_LOCK, WRITE_LOCK, 0, 0, 1, 1, 1},
+{OP_LOCK, WRITE_LOCK, 0, 0, 0, 0, 1},
+{OP_REOPEN, 0, 0, 0, 0, 0, 1},
+
+{OP_LOCK, WRITE_LOCK, 0, 0, 2, 0, 1},
+{OP_LOCK, READ_LOCK, 0, 0, 1, 1, 1},
+{OP_LOCK, WRITE_LOCK, 0, 0, 0, 0, 1},
+{OP_REOPEN, 0, 0, 0, 0, 0, 1},
+
+{OP_LOCK, WRITE_LOCK, 0, 0, 2, 0, 1},
+{OP_LOCK, READ_LOCK, 0, 0, 3, 1, 1},
+{OP_LOCK, WRITE_LOCK, 0, 0, 0, 0, 1},
+{OP_REOPEN, 0, 0, 0, 0, 0, 1},
+
+};
+#endif
+
+static struct record *recorded;
+
+static void print_brl(SMB_DEV_T dev, SMB_INO_T ino, int pid, 
+		      enum brl_type lock_type,
+		      br_off start, br_off size)
+{
+#if NASTY_POSIX_LOCK_HACK
+	{
+		pstring cmd;
+		static SMB_INO_T lastino;
+
+		if (lastino != ino) {
+			slprintf(cmd, sizeof(cmd), 
+				 "egrep POSIX.*%u /proc/locks", (int)ino);
+			system(cmd);
+		}
+		lastino = ino;
+	}
+#endif
+
+	printf("%6d   %05x:%05x    %s  %.0f:%.0f(%.0f)\n", 
+	       (int)pid, (int)dev, (int)ino, 
+	       lock_type==READ_LOCK?"R":"W",
+	       (double)start, (double)start+size-1,(double)size);
+
+}
+
+
+static void show_locks(void)
+{
+	brl_forall(print_brl);
+	/* system("cat /proc/locks"); */
+}
+
+
+/***************************************************** 
+return a connection to a server
+*******************************************************/
+struct cli_state *connect_one(char *share, int snum)
+{
+	struct cli_state *c;
+	struct nmb_name called, calling;
+	char *server_n;
+	fstring server;
+	struct in_addr ip;
+	fstring myname;
+	static int count;
+
+	fstrcpy(server,share+2);
+	share = strchr_m(server,'\\');
+	if (!share) return NULL;
+	*share = 0;
+	share++;
+
+	server_n = server;
+	
+        zero_ip(&ip);
+
+	slprintf(myname,sizeof(myname), "lock-%u-%u", getpid(), count++);
+
+	make_nmb_name(&calling, myname, 0x0);
+	make_nmb_name(&called , server, 0x20);
+
+ again:
+        zero_ip(&ip);
+
+	/* have to open a new connection */
+	if (!(c=cli_initialise(NULL)) || !cli_connect(c, server_n, &ip)) {
+		DEBUG(0,("Connection to %s failed\n", server_n));
+		return NULL;
+	}
+
+	c->use_kerberos = use_kerberos;
+
+	if (!cli_session_request(c, &calling, &called)) {
+		DEBUG(0,("session request to %s failed\n", called.name));
+		cli_shutdown(c);
+		if (strcmp(called.name, "*SMBSERVER")) {
+			make_nmb_name(&called , "*SMBSERVER", 0x20);
+			goto again;
+		}
+		return NULL;
+	}
+
+	DEBUG(4,(" session request ok\n"));
+
+	if (!cli_negprot(c)) {
+		DEBUG(0,("protocol negotiation failed\n"));
+		cli_shutdown(c);
+		return NULL;
+	}
+
+	if (!got_pass) {
+		char *pass = getpass("Password: ");
+		if (pass) {
+			pstrcpy(password[0], pass);
+			pstrcpy(password[1], pass);
+		}
+	}
+
+	if (got_pass == 1) {
+		pstrcpy(password[1], password[0]);
+		pstrcpy(username[1], username[0]);
+	}
+
+	if (!cli_session_setup(c, username[snum], 
+			       password[snum], strlen(password[snum]),
+			       password[snum], strlen(password[snum]),
+			       lp_workgroup())) {
+		DEBUG(0,("session setup failed: %s\n", cli_errstr(c)));
+		return NULL;
+	}
+
+	/*
+	 * These next two lines are needed to emulate
+	 * old client behaviour for people who have
+	 * scripts based on client output.
+	 * QUESTION ? Do we want to have a 'client compatibility
+	 * mode to turn these on/off ? JRA.
+	 */
+
+	if (*c->server_domain || *c->server_os || *c->server_type)
+		DEBUG(1,("Domain=[%s] OS=[%s] Server=[%s]\n",
+			c->server_domain,c->server_os,c->server_type));
+	
+	DEBUG(4,(" session setup ok\n"));
+
+	if (!cli_send_tconX(c, share, "?????",
+			    password[snum], strlen(password[snum])+1)) {
+		DEBUG(0,("tree connect failed: %s\n", cli_errstr(c)));
+		cli_shutdown(c);
+		return NULL;
+	}
+
+	DEBUG(4,(" tconx ok\n"));
+
+	c->use_oplocks = use_oplocks;
+
+	return c;
+}
+
+
+static void reconnect(struct cli_state *cli[NSERVERS][NCONNECTIONS], int fnum[NSERVERS][NCONNECTIONS][NFILES],
+		      char *share[NSERVERS])
+{
+	int server, conn, f;
+
+	for (server=0;server<NSERVERS;server++)
+	for (conn=0;conn<NCONNECTIONS;conn++) {
+		if (cli[server][conn]) {
+			for (f=0;f<NFILES;f++) {
+				if (fnum[server][conn][f] != -1) {
+					cli_close(cli[server][conn], fnum[server][conn][f]);
+					fnum[server][conn][f] = -1;
+				}
+			}
+			cli_ulogoff(cli[server][conn]);
+			cli_shutdown(cli[server][conn]);
+		}
+		cli[server][conn] = connect_one(share[server], server);
+		if (!cli[server][conn]) {
+			DEBUG(0,("Failed to connect to %s\n", share[server]));
+			exit(1);
+		}
+	}
+}
+
+
+
+static BOOL test_one(struct cli_state *cli[NSERVERS][NCONNECTIONS], 
+		     int fnum[NSERVERS][NCONNECTIONS][NFILES],
+		     struct record *rec)
+{
+	unsigned conn = rec->conn;
+	unsigned f = rec->f;
+	SMB_BIG_UINT start = rec->start;
+	SMB_BIG_UINT len = rec->len;
+	enum brl_type op = rec->lock_type;
+	int server;
+	BOOL ret[NSERVERS];
+	NTSTATUS status[NSERVERS];
+
+	switch (rec->lock_op) {
+	case OP_LOCK:
+		/* set a lock */
+		for (server=0;server<NSERVERS;server++) {
+			ret[server] = cli_lock64(cli[server][conn], 
+						 fnum[server][conn][f],
+						 start, len, LOCK_TIMEOUT, op);
+			status[server] = cli_nt_error(cli[server][conn]);
+			if (!exact_error_codes && 
+			    NT_STATUS_EQUAL(status[server], 
+					    NT_STATUS_FILE_LOCK_CONFLICT)) {
+				status[server] = NT_STATUS_LOCK_NOT_GRANTED;
+			}
+		}
+		if (showall || !NT_STATUS_EQUAL(status[0],status[1])) {
+			printf("lock   conn=%u f=%u range=%.0f(%.0f) op=%s -> %s:%s\n",
+			       conn, f, 
+			       (double)start, (double)len,
+			       op==READ_LOCK?"READ_LOCK":"WRITE_LOCK",
+			       nt_errstr(status[0]), nt_errstr(status[1]));
+		}
+		if (showall || !NT_STATUS_EQUAL(status[0],status[1])) show_locks();
+		if (!NT_STATUS_EQUAL(status[0],status[1])) return False;
+		break;
+		
+	case OP_UNLOCK:
+		/* unset a lock */
+		for (server=0;server<NSERVERS;server++) {
+			ret[server] = cli_unlock64(cli[server][conn], 
+						   fnum[server][conn][f],
+						   start, len);
+			status[server] = cli_nt_error(cli[server][conn]);
+		}
+		if (showall || 
+		    (!hide_unlock_fails && !NT_STATUS_EQUAL(status[0],status[1]))) {
+			printf("unlock conn=%u f=%u range=%.0f(%.0f)       -> %s:%s\n",
+			       conn, f, 
+			       (double)start, (double)len,
+			       nt_errstr(status[0]), nt_errstr(status[1]));
+		}
+		if (showall || !NT_STATUS_EQUAL(status[0],status[1])) show_locks();
+		if (!hide_unlock_fails && !NT_STATUS_EQUAL(status[0],status[1])) 
+			return False;
+		break;
+
+	case OP_REOPEN:
+		/* reopen the file */
+		for (server=0;server<NSERVERS;server++) {
+			cli_close(cli[server][conn], fnum[server][conn][f]);
+			fnum[server][conn][f] = -1;
+		}
+		for (server=0;server<NSERVERS;server++) {
+			fnum[server][conn][f] = cli_open(cli[server][conn], FILENAME,
+							 O_RDWR|O_CREAT,
+							 DENY_NONE);
+			if (fnum[server][conn][f] == -1) {
+				printf("failed to reopen on share%d\n", server);
+				return False;
+			}
+		}
+		if (showall) {
+			printf("reopen conn=%u f=%u\n",
+			       conn, f);
+			show_locks();
+		}
+		break;
+	}
+
+	return True;
+}
+
+static void close_files(struct cli_state *cli[NSERVERS][NCONNECTIONS], 
+			int fnum[NSERVERS][NCONNECTIONS][NFILES])
+{
+	int server, conn, f; 
+
+	for (server=0;server<NSERVERS;server++)
+	for (conn=0;conn<NCONNECTIONS;conn++)
+	for (f=0;f<NFILES;f++) {
+		if (fnum[server][conn][f] != -1) {
+			cli_close(cli[server][conn], fnum[server][conn][f]);
+			fnum[server][conn][f] = -1;
+		}
+	}
+	for (server=0;server<NSERVERS;server++) {
+		cli_unlink(cli[server][0], FILENAME);
+	}
+}
+
+static void open_files(struct cli_state *cli[NSERVERS][NCONNECTIONS], 
+		       int fnum[NSERVERS][NCONNECTIONS][NFILES])
+{
+	int server, conn, f; 
+
+	for (server=0;server<NSERVERS;server++)
+	for (conn=0;conn<NCONNECTIONS;conn++)
+	for (f=0;f<NFILES;f++) {
+		fnum[server][conn][f] = cli_open(cli[server][conn], FILENAME,
+						 O_RDWR|O_CREAT,
+						 DENY_NONE);
+		if (fnum[server][conn][f] == -1) {
+			fprintf(stderr,"Failed to open fnum[%u][%u][%u]\n",
+				server, conn, f);
+			exit(1);
+		}
+	}
+}
+
+
+static int retest(struct cli_state *cli[NSERVERS][NCONNECTIONS], 
+		   int fnum[NSERVERS][NCONNECTIONS][NFILES],
+		   int n)
+{
+	int i;
+	printf("testing %u ...\n", n);
+	for (i=0; i<n; i++) {
+		if (i && i % 100 == 0) {
+			printf("%u\n", i);
+		}
+
+		if (recorded[i].needed &&
+		    !test_one(cli, fnum, &recorded[i])) return i;
+	}
+	return n;
+}
+
+
+/* each server has two connections open to it. Each connection has two file
+   descriptors open on the file - 8 file descriptors in total 
+
+   we then do random locking ops in tamdem on the 4 fnums from each
+   server and ensure that the results match
+ */
+static void test_locks(char *share[NSERVERS])
+{
+	struct cli_state *cli[NSERVERS][NCONNECTIONS];
+	int fnum[NSERVERS][NCONNECTIONS][NFILES];
+	int n, i, n1, skip, r1, r2; 
+
+	ZERO_STRUCT(fnum);
+	ZERO_STRUCT(cli);
+
+	recorded = (struct record *)malloc(sizeof(*recorded) * numops);
+
+	for (n=0; n<numops; n++) {
+#if PRESETS
+		if (n < sizeof(preset) / sizeof(preset[0])) {
+			recorded[n] = preset[n];
+		} else {
+#endif
+			recorded[n].conn = random() % NCONNECTIONS;
+			recorded[n].f = random() % NFILES;
+			recorded[n].start = lock_base + ((unsigned)random() % (lock_range-1));
+			recorded[n].len =  min_length +
+				random() % (lock_range-(recorded[n].start-lock_base));
+			recorded[n].start *= RANGE_MULTIPLE;
+			recorded[n].len *= RANGE_MULTIPLE;
+			r1 = random() % 100;
+			r2 = random() % 100;
+			if (r1 < READ_PCT) {
+				recorded[n].lock_type = READ_LOCK;
+			} else {
+				recorded[n].lock_type = WRITE_LOCK;
+			}
+			if (r2 < LOCK_PCT) {
+				recorded[n].lock_op = OP_LOCK;
+			} else if (r2 < UNLOCK_PCT) {
+				recorded[n].lock_op = OP_UNLOCK;
+			} else {
+				recorded[n].lock_op = OP_REOPEN;
+			}
+			recorded[n].needed = True;
+			if (!zero_zero && recorded[n].start==0 && recorded[n].len==0) {
+				recorded[n].len = 1;
+			}
+#if PRESETS
+		}
+#endif
+	}
+
+	reconnect(cli, fnum, share);
+	open_files(cli, fnum);
+	n = retest(cli, fnum, numops);
+
+	if (n == numops || !analyze) return;
+	n++;
+
+	skip = n/2;
+
+	while (1) {
+		n1 = n;
+
+		close_files(cli, fnum);
+		reconnect(cli, fnum, share);
+		open_files(cli, fnum);
+
+		for (i=0;i<n-skip;i+=skip) {
+			int m, j;
+			printf("excluding %d-%d\n", i, i+skip-1);
+			for (j=i;j<i+skip;j++) {
+				recorded[j].needed = False;
+			}
+
+			close_files(cli, fnum);
+			open_files(cli, fnum);
+
+			m = retest(cli, fnum, n);
+			if (m == n) {
+				for (j=i;j<i+skip;j++) {
+					recorded[j].needed = True;
+				}
+			} else {
+				if (i+(skip-1) < m) {
+					memmove(&recorded[i], &recorded[i+skip],
+						(m-(i+skip-1))*sizeof(recorded[0]));
+				}
+				n = m-(skip-1);
+				i--;
+			}
+		}
+
+		if (skip > 1) {
+			skip = skip/2;
+			printf("skip=%d\n", skip);
+			continue;
+		}
+
+		if (n1 == n) break;
+	}
+
+	close_files(cli, fnum);
+	reconnect(cli, fnum, share);
+	open_files(cli, fnum);
+	showall = True;
+	n1 = retest(cli, fnum, n);
+	if (n1 != n-1) {
+		printf("ERROR - inconsistent result (%u %u)\n", n1, n);
+	}
+	close_files(cli, fnum);
+
+	for (i=0;i<n;i++) {
+		printf("{%d, %d, %u, %u, %.0f, %.0f, %u},\n",
+		       recorded[i].lock_op,
+		       recorded[i].lock_type,
+		       recorded[i].conn,
+		       recorded[i].f,
+		       (double)recorded[i].start,
+		       (double)recorded[i].len,
+		       recorded[i].needed);
+	}	
+}
+
+
+
+static void usage(void)
+{
+	printf(
+"Usage:\n\
+  locktest //server1/share1 //server2/share2 [options..]\n\
+  options:\n\
+        -U user%%pass        (may be specified twice)\n\
+        -k               use kerberos\n\
+        -s seed\n\
+        -o numops\n\
+        -u          hide unlock fails\n\
+        -a          (show all ops)\n\
+        -A          analyse for minimal ops\n\
+        -O          use oplocks\n\
+        -E          enable exact error code checking\n\
+        -Z          enable the zero/zero lock\n\
+        -R range    set lock range\n\
+        -B base     set lock base\n\
+        -M min      set min lock length\n\
+");
+}
+
+/****************************************************************************
+  main program
+****************************************************************************/
+ int main(int argc,char *argv[])
+{
+	char *share[NSERVERS];
+	extern char *optarg;
+	extern int optind;
+	int opt;
+	char *p;
+	int seed, server;
+
+	setlinebuf(stdout);
+
+	dbf = x_stderr;
+
+	if (argc < 3 || argv[1][0] == '-') {
+		usage();
+		exit(1);
+	}
+
+	setup_logging(argv[0],True);
+
+	for (server=0;server<NSERVERS;server++) {
+		share[server] = argv[1+server];
+		all_string_sub(share[server],"/","\\",0);
+	}
+
+	argc -= NSERVERS;
+	argv += NSERVERS;
+
+	lp_load(dyn_CONFIGFILE,True,False,False);
+	load_interfaces();
+
+	if (getenv("USER")) {
+		pstrcpy(username[0],getenv("USER"));
+		pstrcpy(username[1],getenv("USER"));
+	}
+
+	seed = time(NULL);
+
+	while ((opt = getopt(argc, argv, "U:s:ho:aAW:OkR:B:M:EZ")) != EOF) {
+		switch (opt) {
+		case 'k':
+#ifdef HAVE_KRB5
+			use_kerberos = True;
+			got_pass = True;
+#else
+			d_printf("No kerberos support compiled in\n");
+			exit(1);
+#endif
+			break;
+		case 'U':
+			if (got_pass == 2) {
+				d_printf("Max of 2 usernames\n");
+				exit(1);
+			}
+			pstrcpy(username[got_pass],optarg);
+			p = strchr_m(username[got_pass],'%');
+			if (p) {
+				*p = 0;
+				pstrcpy(password[got_pass], p+1);
+				got_pass++;
+			}
+			break;
+		case 'R':
+			lock_range = strtol(optarg, NULL, 0);
+			break;
+		case 'B':
+			lock_base = strtol(optarg, NULL, 0);
+			break;
+		case 'M':
+			min_length = strtol(optarg, NULL, 0);
+			break;
+		case 's':
+			seed = atoi(optarg);
+			break;
+		case 'u':
+			hide_unlock_fails = True;
+			break;
+		case 'o':
+			numops = atoi(optarg);
+			break;
+		case 'O':
+			use_oplocks = True;
+			break;
+		case 'a':
+			showall = True;
+			break;
+		case 'A':
+			analyze = True;
+			break;
+		case 'Z':
+			zero_zero = True;
+			break;
+		case 'E':
+			exact_error_codes = True;
+			break;
+		case 'h':
+			usage();
+			exit(1);
+		default:
+			printf("Unknown option %c (%d)\n", (char)opt, opt);
+			exit(1);
+		}
+	}
+
+	argc -= optind;
+	argv += optind;
+
+	DEBUG(0,("seed=%u\n", seed));
+	srandom(seed);
+
+	test_locks(share);
+
+	return(0);
+}
diff --git a/source3/torture/locktest2.c b/source3/torture/locktest2.c
new file mode 100644
index 0000000000..3c24cfaa4a
--- /dev/null
+++ b/source3/torture/locktest2.c
@@ -0,0 +1,615 @@
+/* 
+   Unix SMB/CIFS implementation.
+   byte range lock tester - with local filesystem support
+   Copyright (C) Andrew Tridgell 1999
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#define NO_SYSLOG
+
+#include "includes.h"
+
+static fstring password;
+static fstring username;
+static int got_pass;
+static int numops = 1000;
+static BOOL showall;
+static BOOL analyze;
+static BOOL hide_unlock_fails;
+static BOOL use_oplocks;
+
+#define FILENAME "\\locktest.dat"
+#define LOCKRANGE 100
+#define LOCKBASE 0
+
+/*
+#define LOCKBASE (0x40000000 - 50)
+*/
+
+#define READ_PCT 50
+#define LOCK_PCT 25
+#define UNLOCK_PCT 65
+#define RANGE_MULTIPLE 1
+
+#define NSERVERS 2
+#define NCONNECTIONS 2
+#define NUMFSTYPES 2
+#define NFILES 2
+#define LOCK_TIMEOUT 0
+
+#define FSTYPE_SMB 0
+#define FSTYPE_NFS 1
+
+struct record {
+	char r1, r2;
+	char conn, f, fstype;
+	unsigned start, len;
+	char needed;
+};
+
+static struct record *recorded;
+
+static int try_open(struct cli_state *c, char *nfs, int fstype, char *fname, int flags)
+{
+	pstring path;
+
+	switch (fstype) {
+	case FSTYPE_SMB:
+		return cli_open(c, fname, flags, DENY_NONE);
+
+	case FSTYPE_NFS:
+		slprintf(path, sizeof(path), "%s%s", nfs, fname);
+		pstring_sub(path,"\\", "/");
+		return open(path, flags, 0666);
+	}
+
+	return -1;
+}
+
+static BOOL try_close(struct cli_state *c, int fstype, int fd)
+{
+	switch (fstype) {
+	case FSTYPE_SMB:
+		return cli_close(c, fd);
+
+	case FSTYPE_NFS:
+		return close(fd) == 0;
+	}
+
+	return False;
+}
+
+static BOOL try_lock(struct cli_state *c, int fstype, 
+		     int fd, unsigned start, unsigned len,
+		     enum brl_type op)
+{
+	struct flock lock;
+
+	switch (fstype) {
+	case FSTYPE_SMB:
+		return cli_lock(c, fd, start, len, LOCK_TIMEOUT, op);
+
+	case FSTYPE_NFS:
+		lock.l_type = (op==READ_LOCK) ? F_RDLCK:F_WRLCK;
+		lock.l_whence = SEEK_SET;
+		lock.l_start = start;
+		lock.l_len = len;
+		lock.l_pid = getpid();
+		return fcntl(fd,F_SETLK,&lock) == 0;
+	}
+
+	return False;
+}
+
+static BOOL try_unlock(struct cli_state *c, int fstype, 
+		       int fd, unsigned start, unsigned len)
+{
+	struct flock lock;
+
+	switch (fstype) {
+	case FSTYPE_SMB:
+		return cli_unlock(c, fd, start, len);
+
+	case FSTYPE_NFS:
+		lock.l_type = F_UNLCK;
+		lock.l_whence = SEEK_SET;
+		lock.l_start = start;
+		lock.l_len = len;
+		lock.l_pid = getpid();
+		return fcntl(fd,F_SETLK,&lock) == 0;
+	}
+
+	return False;
+}	
+
+static void print_brl(SMB_DEV_T dev, SMB_INO_T ino, int pid, 
+		      enum brl_type lock_type,
+		      br_off start, br_off size)
+{
+	printf("%6d   %05x:%05x    %s  %.0f:%.0f(%.0f)\n", 
+	       (int)pid, (int)dev, (int)ino, 
+	       lock_type==READ_LOCK?"R":"W",
+	       (double)start, (double)start+size-1,(double)size);
+
+}
+
+/***************************************************** 
+return a connection to a server
+*******************************************************/
+struct cli_state *connect_one(char *share)
+{
+	struct cli_state *c;
+	struct nmb_name called, calling;
+	char *server_n;
+	fstring server;
+	struct in_addr ip;
+	fstring myname;
+	static int count;
+
+	fstrcpy(server,share+2);
+	share = strchr_m(server,'\\');
+	if (!share) return NULL;
+	*share = 0;
+	share++;
+
+	server_n = server;
+	
+        zero_ip(&ip);
+
+	slprintf(myname,sizeof(myname), "lock-%u-%u", getpid(), count++);
+
+	make_nmb_name(&calling, myname, 0x0);
+	make_nmb_name(&called , server, 0x20);
+
+ again:
+        zero_ip(&ip);
+
+	/* have to open a new connection */
+	if (!(c=cli_initialise(NULL)) || !cli_connect(c, server_n, &ip)) {
+		DEBUG(0,("Connection to %s failed\n", server_n));
+		return NULL;
+	}
+
+	if (!cli_session_request(c, &calling, &called)) {
+		DEBUG(0,("session request to %s failed\n", called.name));
+		cli_shutdown(c);
+		if (strcmp(called.name, "*SMBSERVER")) {
+			make_nmb_name(&called , "*SMBSERVER", 0x20);
+			goto again;
+		}
+		return NULL;
+	}
+
+	DEBUG(4,(" session request ok\n"));
+
+	if (!cli_negprot(c)) {
+		DEBUG(0,("protocol negotiation failed\n"));
+		cli_shutdown(c);
+		return NULL;
+	}
+
+	if (!got_pass) {
+		char *pass = getpass("Password: ");
+		if (pass) {
+			pstrcpy(password, pass);
+		}
+	}
+
+	if (!cli_session_setup(c, username, 
+			       password, strlen(password),
+			       password, strlen(password),
+			       lp_workgroup())) {
+		DEBUG(0,("session setup failed: %s\n", cli_errstr(c)));
+		return NULL;
+	}
+
+	/*
+	 * These next two lines are needed to emulate
+	 * old client behaviour for people who have
+	 * scripts based on client output.
+	 * QUESTION ? Do we want to have a 'client compatibility
+	 * mode to turn these on/off ? JRA.
+	 */
+
+	if (*c->server_domain || *c->server_os || *c->server_type)
+		DEBUG(1,("Domain=[%s] OS=[%s] Server=[%s]\n",
+			c->server_domain,c->server_os,c->server_type));
+	
+	DEBUG(4,(" session setup ok\n"));
+
+	if (!cli_send_tconX(c, share, "?????",
+			    password, strlen(password)+1)) {
+		DEBUG(0,("tree connect failed: %s\n", cli_errstr(c)));
+		cli_shutdown(c);
+		return NULL;
+	}
+
+	DEBUG(4,(" tconx ok\n"));
+
+	c->use_oplocks = use_oplocks;
+
+	return c;
+}
+
+
+static void reconnect(struct cli_state *cli[NSERVERS][NCONNECTIONS], 
+		      char *nfs[NSERVERS], 
+		      int fnum[NSERVERS][NUMFSTYPES][NCONNECTIONS][NFILES],
+		      char *share1, char *share2)
+{
+	int server, conn, f, fstype;
+	char *share[2];
+	share[0] = share1;
+	share[1] = share2;
+
+	fstype = FSTYPE_SMB;
+
+	for (server=0;server<NSERVERS;server++)
+	for (conn=0;conn<NCONNECTIONS;conn++) {
+		if (cli[server][conn]) {
+			for (f=0;f<NFILES;f++) {
+				cli_close(cli[server][conn], fnum[server][fstype][conn][f]);
+			}
+			cli_ulogoff(cli[server][conn]);
+			cli_shutdown(cli[server][conn]);
+		}
+		cli[server][conn] = connect_one(share[server]);
+		if (!cli[server][conn]) {
+			DEBUG(0,("Failed to connect to %s\n", share[server]));
+			exit(1);
+		}
+	}
+}
+
+
+
+static BOOL test_one(struct cli_state *cli[NSERVERS][NCONNECTIONS], 
+		     char *nfs[NSERVERS],
+		     int fnum[NSERVERS][NUMFSTYPES][NCONNECTIONS][NFILES],
+		     struct record *rec)
+{
+	unsigned conn = rec->conn;
+	unsigned f = rec->f;
+	unsigned fstype = rec->fstype;
+	unsigned start = rec->start;
+	unsigned len = rec->len;
+	unsigned r1 = rec->r1;
+	unsigned r2 = rec->r2;
+	enum brl_type op;
+	int server;
+	BOOL ret[NSERVERS];
+
+	if (r1 < READ_PCT) {
+		op = READ_LOCK; 
+	} else {
+		op = WRITE_LOCK; 
+	}
+
+	if (r2 < LOCK_PCT) {
+		/* set a lock */
+		for (server=0;server<NSERVERS;server++) {
+			ret[server] = try_lock(cli[server][conn], fstype,
+					       fnum[server][fstype][conn][f],
+					       start, len, op);
+		}
+		if (showall || ret[0] != ret[1]) {
+			printf("lock   conn=%u fstype=%u f=%u range=%u:%u(%u) op=%s -> %u:%u\n",
+			       conn, fstype, f, 
+			       start, start+len-1, len,
+			       op==READ_LOCK?"READ_LOCK":"WRITE_LOCK",
+			       ret[0], ret[1]);
+		}
+		if (showall) brl_forall(print_brl);
+		if (ret[0] != ret[1]) return False;
+	} else if (r2 < LOCK_PCT+UNLOCK_PCT) {
+		/* unset a lock */
+		for (server=0;server<NSERVERS;server++) {
+			ret[server] = try_unlock(cli[server][conn], fstype,
+						 fnum[server][fstype][conn][f],
+						 start, len);
+		}
+		if (showall || (!hide_unlock_fails && (ret[0] != ret[1]))) {
+			printf("unlock conn=%u fstype=%u f=%u range=%u:%u(%u)       -> %u:%u\n",
+			       conn, fstype, f, 
+			       start, start+len-1, len,
+			       ret[0], ret[1]);
+		}
+		if (showall) brl_forall(print_brl);
+		if (!hide_unlock_fails && ret[0] != ret[1]) return False;
+	} else {
+		/* reopen the file */
+		for (server=0;server<NSERVERS;server++) {
+			try_close(cli[server][conn], fstype, fnum[server][fstype][conn][f]);
+			fnum[server][fstype][conn][f] = try_open(cli[server][conn], nfs[server], fstype, FILENAME,
+								 O_RDWR|O_CREAT);
+			if (fnum[server][fstype][conn][f] == -1) {
+				printf("failed to reopen on share1\n");
+				return False;
+			}
+		}
+		if (showall) {
+			printf("reopen conn=%u fstype=%u f=%u\n",
+			       conn, fstype, f);
+			brl_forall(print_brl);
+		}
+	}
+	return True;
+}
+
+static void close_files(struct cli_state *cli[NSERVERS][NCONNECTIONS], 
+			char *nfs[NSERVERS],
+			int fnum[NSERVERS][NUMFSTYPES][NCONNECTIONS][NFILES])
+{
+	int server, conn, f, fstype; 
+
+	for (server=0;server<NSERVERS;server++)
+	for (fstype=0;fstype<NUMFSTYPES;fstype++)
+	for (conn=0;conn<NCONNECTIONS;conn++)
+	for (f=0;f<NFILES;f++) {
+		if (fnum[server][fstype][conn][f] != -1) {
+			try_close(cli[server][conn], fstype, fnum[server][fstype][conn][f]);
+			fnum[server][fstype][conn][f] = -1;
+		}
+	}
+	for (server=0;server<NSERVERS;server++) {
+		cli_unlink(cli[server][0], FILENAME);
+	}
+}
+
+static void open_files(struct cli_state *cli[NSERVERS][NCONNECTIONS], 
+		       char *nfs[NSERVERS],
+		       int fnum[NSERVERS][NUMFSTYPES][NCONNECTIONS][NFILES])
+{
+	int server, fstype, conn, f; 
+
+	for (server=0;server<NSERVERS;server++)
+	for (fstype=0;fstype<NUMFSTYPES;fstype++)
+	for (conn=0;conn<NCONNECTIONS;conn++)
+	for (f=0;f<NFILES;f++) {
+		fnum[server][fstype][conn][f] = try_open(cli[server][conn], nfs[server], fstype, FILENAME,
+							 O_RDWR|O_CREAT);
+		if (fnum[server][fstype][conn][f] == -1) {
+			fprintf(stderr,"Failed to open fnum[%u][%u][%u][%u]\n",
+				server, fstype, conn, f);
+			exit(1);
+		}
+	}
+}
+
+
+static int retest(struct cli_state *cli[NSERVERS][NCONNECTIONS], 
+		  char *nfs[NSERVERS],
+		  int fnum[NSERVERS][NUMFSTYPES][NCONNECTIONS][NFILES],
+		  int n)
+{
+	int i;
+	printf("testing %u ...\n", n);
+	for (i=0; i<n; i++) {
+		if (i && i % 100 == 0) {
+			printf("%u\n", i);
+		}
+
+		if (recorded[i].needed &&
+		    !test_one(cli, nfs, fnum, &recorded[i])) return i;
+	}
+	return n;
+}
+
+
+/* each server has two connections open to it. Each connection has two file
+   descriptors open on the file - 8 file descriptors in total 
+
+   we then do random locking ops in tamdem on the 4 fnums from each
+   server and ensure that the results match
+ */
+static void test_locks(char *share1, char *share2, char *nfspath1, char *nfspath2)
+{
+	struct cli_state *cli[NSERVERS][NCONNECTIONS];
+	char *nfs[NSERVERS];
+	int fnum[NSERVERS][NUMFSTYPES][NCONNECTIONS][NFILES];
+	int n, i, n1; 
+
+	nfs[0] = nfspath1;
+	nfs[1] = nfspath2;
+
+	ZERO_STRUCT(fnum);
+	ZERO_STRUCT(cli);
+
+	recorded = (struct record *)malloc(sizeof(*recorded) * numops);
+
+	for (n=0; n<numops; n++) {
+		recorded[n].conn = random() % NCONNECTIONS;
+		recorded[n].fstype = random() % NUMFSTYPES;
+		recorded[n].f = random() % NFILES;
+		recorded[n].start = LOCKBASE + ((unsigned)random() % (LOCKRANGE-1));
+		recorded[n].len = 1 + 
+			random() % (LOCKRANGE-(recorded[n].start-LOCKBASE));
+		recorded[n].start *= RANGE_MULTIPLE;
+		recorded[n].len *= RANGE_MULTIPLE;
+		recorded[n].r1 = random() % 100;
+		recorded[n].r2 = random() % 100;
+		recorded[n].needed = True;
+	}
+
+	reconnect(cli, nfs, fnum, share1, share2);
+	open_files(cli, nfs, fnum);
+	n = retest(cli, nfs, fnum, numops);
+
+	if (n == numops || !analyze) return;
+	n++;
+
+	while (1) {
+		n1 = n;
+
+		close_files(cli, nfs, fnum);
+		reconnect(cli, nfs, fnum, share1, share2);
+		open_files(cli, nfs, fnum);
+
+		for (i=0;i<n-1;i++) {
+			int m;
+			recorded[i].needed = False;
+
+			close_files(cli, nfs, fnum);
+			open_files(cli, nfs, fnum);
+
+			m = retest(cli, nfs, fnum, n);
+			if (m == n) {
+				recorded[i].needed = True;
+			} else {
+				if (i < m) {
+					memmove(&recorded[i], &recorded[i+1],
+						(m-i)*sizeof(recorded[0]));
+				}
+				n = m;
+				i--;
+			}
+		}
+
+		if (n1 == n) break;
+	}
+
+	close_files(cli, nfs, fnum);
+	reconnect(cli, nfs, fnum, share1, share2);
+	open_files(cli, nfs, fnum);
+	showall = True;
+	n1 = retest(cli, nfs, fnum, n);
+	if (n1 != n-1) {
+		printf("ERROR - inconsistent result (%u %u)\n", n1, n);
+	}
+	close_files(cli, nfs, fnum);
+
+	for (i=0;i<n;i++) {
+		printf("{%u, %u, %u, %u, %u, %u, %u, %u},\n",
+		       recorded[i].r1,
+		       recorded[i].r2,
+		       recorded[i].conn,
+		       recorded[i].fstype,
+		       recorded[i].f,
+		       recorded[i].start,
+		       recorded[i].len,
+		       recorded[i].needed);
+	}	
+}
+
+
+
+static void usage(void)
+{
+	printf(
+"Usage:\n\
+  locktest //server1/share1 //server2/share2 /path1 /path2 [options..]\n\
+  options:\n\
+        -U user%%pass\n\
+        -s seed\n\
+        -o numops\n\
+        -u          hide unlock fails\n\
+        -a          (show all ops)\n\
+        -O          use oplocks\n\
+");
+}
+
+/****************************************************************************
+  main program
+****************************************************************************/
+ int main(int argc,char *argv[])
+{
+	char *share1, *share2, *nfspath1, *nfspath2;
+	extern char *optarg;
+	extern int optind;
+	int opt;
+	char *p;
+	int seed;
+
+	setlinebuf(stdout);
+
+	dbf = x_stderr;
+
+	if (argc < 5 || argv[1][0] == '-') {
+		usage();
+		exit(1);
+	}
+
+	share1 = argv[1];
+	share2 = argv[2];
+	nfspath1 = argv[3];
+	nfspath2 = argv[4];
+
+	all_string_sub(share1,"/","\\",0);
+	all_string_sub(share2,"/","\\",0);
+
+	setup_logging(argv[0],True);
+
+	argc -= 4;
+	argv += 4;
+
+	lp_load(dyn_CONFIGFILE,True,False,False);
+	load_interfaces();
+
+	if (getenv("USER")) {
+		pstrcpy(username,getenv("USER"));
+	}
+
+	seed = time(NULL);
+
+	while ((opt = getopt(argc, argv, "U:s:ho:aAW:O")) != EOF) {
+		switch (opt) {
+		case 'U':
+			pstrcpy(username,optarg);
+			p = strchr_m(username,'%');
+			if (p) {
+				*p = 0;
+				pstrcpy(password, p+1);
+				got_pass = 1;
+			}
+			break;
+		case 's':
+			seed = atoi(optarg);
+			break;
+		case 'u':
+			hide_unlock_fails = True;
+			break;
+		case 'o':
+			numops = atoi(optarg);
+			break;
+		case 'O':
+			use_oplocks = True;
+			break;
+		case 'a':
+			showall = True;
+			break;
+		case 'A':
+			analyze = True;
+			break;
+		case 'h':
+			usage();
+			exit(1);
+		default:
+			printf("Unknown option %c (%d)\n", (char)opt, opt);
+			exit(1);
+		}
+	}
+
+	argc -= optind;
+	argv += optind;
+
+	DEBUG(0,("seed=%u\n", seed));
+	srandom(seed);
+
+	locking_init(1);
+	test_locks(share1, share2, nfspath1, nfspath2);
+
+	return(0);
+}
diff --git a/source3/torture/mangle_test.c b/source3/torture/mangle_test.c
new file mode 100644
index 0000000000..2d5b3610d5
--- /dev/null
+++ b/source3/torture/mangle_test.c
@@ -0,0 +1,201 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB torture tester - mangling test
+   Copyright (C) Andrew Tridgell 2002
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+static TDB_CONTEXT *tdb;
+
+#define NAME_LENGTH 20
+
+static unsigned total, collisions, failures;
+
+static BOOL test_one(struct cli_state *cli, const char *name)
+{
+	int fnum;
+	fstring shortname;
+	fstring name2;
+	NTSTATUS status;
+	TDB_DATA data;
+
+	total++;
+
+	fnum = cli_open(cli, name, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	if (fnum == -1) {
+		printf("open of %s failed (%s)\n", name, cli_errstr(cli));
+		return False;
+	}
+
+	if (!cli_close(cli, fnum)) {
+		printf("close of %s failed (%s)\n", name, cli_errstr(cli));
+		return False;
+	}
+
+	/* get the short name */
+	status = cli_qpathinfo_alt_name(cli, name, shortname);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("query altname of %s failed (%s)\n", name, cli_errstr(cli));
+		return False;
+	}
+
+	snprintf(name2, sizeof(name2), "\\mangle_test\\%s", shortname);
+	if (!cli_unlink(cli, name2)) {
+		printf("unlink of %s  (%s) failed (%s)\n", 
+		       name2, name, cli_errstr(cli));
+		return False;
+	}
+
+	/* recreate by short name */
+	fnum = cli_open(cli, name2, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	if (fnum == -1) {
+		printf("open2 of %s failed (%s)\n", name2, cli_errstr(cli));
+		return False;
+	}
+	if (!cli_close(cli, fnum)) {
+		printf("close of %s failed (%s)\n", name, cli_errstr(cli));
+		return False;
+	}
+
+	/* and unlink by long name */
+	if (!cli_unlink(cli, name)) {
+		printf("unlink2 of %s  (%s) failed (%s)\n", 
+		       name, name2, cli_errstr(cli));
+		failures++;
+		cli_unlink(cli, name2);
+		return True;
+	}
+
+	/* see if the short name is already in the tdb */
+	data = tdb_fetch_by_string(tdb, shortname);
+	if (data.dptr) {
+		/* maybe its a duplicate long name? */
+		if (strcasecmp(name, data.dptr) != 0) {
+			/* we have a collision */
+			collisions++;
+			printf("Collision between %s and %s   ->  %s\n", 
+			       name, data.dptr, shortname);
+		}
+		free(data.dptr);
+	} else {
+		/* store it for later */
+		tdb_store_by_string(tdb, shortname, name, strlen(name)+1);
+	}
+
+	return True;
+}
+
+
+static void gen_name(char *name)
+{
+	const char *chars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz._-$~...";
+	unsigned max_idx = strlen(chars);
+	unsigned len;
+	int i;
+	char *p;
+
+	fstrcpy(name, "\\mangle_test\\");
+	p = name + strlen(name);
+
+	len = 1 + random() % NAME_LENGTH;
+	
+	for (i=0;i<len;i++) {
+		p[i] = chars[random() % max_idx];
+	}
+
+	p[i] = 0;
+
+	if (strcmp(p, ".") == 0 || strcmp(p, "..") == 0) {
+		p[0] = '_';
+	}
+
+	/* have a high probability of a common lead char */
+	if (random() % 2 == 0) {
+		p[0] = 'A';
+	}
+
+	/* and a medium probability of a common lead string */
+	if (random() % 10 == 0) {
+		strncpy(p, "ABCDE", 5);
+	}
+
+	/* and a high probability of a good extension length */
+	if (random() % 2 == 0) {
+		char *s = strrchr(p, '.');
+		if (s) {
+			s[4] = 0;
+		}
+	}
+}
+
+
+BOOL torture_mangle(int dummy)
+{
+	extern int torture_numops;
+	static struct cli_state cli;
+	int i;
+
+	printf("starting mangle test\n");
+
+	if (!torture_open_connection(&cli)) {
+		return False;
+	}
+
+	/* we will use an internal tdb to store the names we have used */
+	tdb = tdb_open(NULL, 100000, TDB_INTERNAL, 0, 0);
+	if (!tdb) {
+		printf("ERROR: Failed to open tdb\n");
+		return False;
+	}
+
+	cli_unlink(&cli, "\\mangle_test\\*");
+	cli_rmdir(&cli, "\\mangle_test");
+
+	if (!cli_mkdir(&cli, "\\mangle_test")) {
+		printf("ERROR: Failed to make directory\n");
+		return False;
+	}
+
+	for (i=0;i<torture_numops;i++) {
+		fstring name;
+
+		gen_name(name);
+
+		if (!test_one(&cli, name)) {
+			break;
+		}
+		if (total && total % 100 == 0) {
+			printf("collisions %u/%u  - %.2f%%   (%u failures)\r",
+			       collisions, total, (100.0*collisions) / total, failures);
+		}
+	}
+
+	cli_unlink(&cli, "\\mangle_test\\*");
+	if (!cli_rmdir(&cli, "\\mangle_test")) {
+		printf("ERROR: Failed to remove directory\n");
+		return False;
+	}
+
+	printf("\nTotal collisions %u/%u  - %.2f%%   (%u failures)\n",
+	       collisions, total, (100.0*collisions) / total, failures);
+
+	torture_close_connection(&cli);
+
+	printf("mangle test finished\n");
+	return (failures == 0);
+}
diff --git a/source3/torture/masktest.c b/source3/torture/masktest.c
new file mode 100644
index 0000000000..637e9ef63a
--- /dev/null
+++ b/source3/torture/masktest.c
@@ -0,0 +1,529 @@
+/* 
+   Unix SMB/CIFS implementation.
+   mask_match tester
+   Copyright (C) Andrew Tridgell 1999
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#define NO_SYSLOG
+
+#include "includes.h"
+
+static fstring password;
+static fstring username;
+static int got_pass;
+static int max_protocol = PROTOCOL_NT1;
+static BOOL showall = False;
+static BOOL old_list = False;
+static char *maskchars = "<>\"?*abc.";
+static char *filechars = "abcdefghijklm.";
+static int verbose;
+static int die_on_error;
+static int NumLoops = 0;
+
+/* a test fn for LANMAN mask support */
+int ms_fnmatch_lanman_core(char *pattern, char *string)
+{
+	char *p = pattern, *n = string;
+	char c;
+
+	if (strcmp(p,"?")==0 && strcmp(n,".")==0) goto match;
+
+	while ((c = *p++)) {
+		switch (c) {
+		case '.':
+			/* if (! *n && ! *p) goto match; */
+			if (*n != '.') goto nomatch;
+			n++;
+			break;
+
+		case '?':
+			if ((*n == '.' && n[1] != '.') || ! *n) goto next;
+			n++;
+			break;
+
+		case '>':
+			if (n[0] == '.') {
+				if (! n[1] && ms_fnmatch_lanman_core(p, n+1) == 0) goto match;
+				if (ms_fnmatch_lanman_core(p, n) == 0) goto match;
+				goto nomatch;
+			}
+			if (! *n) goto next;
+			n++;
+			break;
+
+		case '*':
+			if (! *p) goto match;
+			for (; *n; n++) {
+				if (ms_fnmatch_lanman_core(p, n) == 0) goto match;
+			}
+			break;
+
+		case '<':
+			for (; *n; n++) {
+				if (ms_fnmatch_lanman_core(p, n) == 0) goto match;
+				if (*n == '.' && !strchr_m(n+1,'.')) {
+					n++;
+					break;
+				}
+			}
+			break;
+
+		case '"':
+			if (*n == 0 && ms_fnmatch_lanman_core(p, n) == 0) goto match;
+			if (*n != '.') goto nomatch;
+			n++;
+			break;
+
+		default:
+			if (c != *n) goto nomatch;
+			n++;
+		}
+	}
+	
+	if (! *n) goto match;
+	
+ nomatch:
+	if (verbose) printf("NOMATCH pattern=[%s] string=[%s]\n", pattern, string);
+	return -1;
+
+next:
+	if (ms_fnmatch_lanman_core(p, n) == 0) goto match;
+        goto nomatch;
+
+ match:
+	if (verbose) printf("MATCH   pattern=[%s] string=[%s]\n", pattern, string);
+	return 0;
+}
+
+int ms_fnmatch_lanman(char *pattern, char *string)
+{
+	if (!strpbrk(pattern, "?*<>\"")) {
+		if (strcmp(string,"..") == 0) string = ".";
+		return strcmp(pattern, string);
+	}
+
+	if (strcmp(string,"..") == 0 || strcmp(string,".") == 0) {
+		return ms_fnmatch_lanman_core(pattern, "..") &&
+			ms_fnmatch_lanman_core(pattern, ".");
+	}
+
+	return ms_fnmatch_lanman_core(pattern, string);
+}
+
+static BOOL reg_match_one(struct cli_state *cli, char *pattern, char *file)
+{
+	/* oh what a weird world this is */
+	if (old_list && strcmp(pattern, "*.*") == 0) return True;
+
+	if (strcmp(pattern,".") == 0) return False;
+
+	if (max_protocol <= PROTOCOL_LANMAN2) {
+		return ms_fnmatch_lanman(pattern, file)==0;
+	}
+
+	if (strcmp(file,"..") == 0) file = ".";
+
+	return ms_fnmatch(pattern, file, cli->protocol)==0;
+}
+
+static char *reg_test(struct cli_state *cli, char *pattern, char *long_name, char *short_name)
+{
+	static fstring ret;
+	fstrcpy(ret, "---");
+
+	pattern = 1+strrchr_m(pattern,'\\');
+
+	if (reg_match_one(cli, pattern, ".")) ret[0] = '+';
+	if (reg_match_one(cli, pattern, "..")) ret[1] = '+';
+	if (reg_match_one(cli, pattern, long_name) || 
+	    (*short_name && reg_match_one(cli, pattern, short_name))) ret[2] = '+';
+	return ret;
+}
+
+
+/***************************************************** 
+return a connection to a server
+*******************************************************/
+struct cli_state *connect_one(char *share)
+{
+	struct cli_state *c;
+	struct nmb_name called, calling;
+	char *server_n;
+	char *server;
+	struct in_addr ip;
+
+	server = share+2;
+	share = strchr_m(server,'\\');
+	if (!share) return NULL;
+	*share = 0;
+	share++;
+
+	server_n = server;
+	
+        zero_ip(&ip);
+
+	make_nmb_name(&calling, "masktest", 0x0);
+	make_nmb_name(&called , server, 0x20);
+
+ again:
+        zero_ip(&ip);
+
+	/* have to open a new connection */
+	if (!(c=cli_initialise(NULL)) || !cli_connect(c, server_n, &ip)) {
+		DEBUG(0,("Connection to %s failed\n", server_n));
+		return NULL;
+	}
+
+	c->protocol = max_protocol;
+
+	if (!cli_session_request(c, &calling, &called)) {
+		DEBUG(0,("session request to %s failed\n", called.name));
+		cli_shutdown(c);
+		if (strcmp(called.name, "*SMBSERVER")) {
+			make_nmb_name(&called , "*SMBSERVER", 0x20);
+			goto again;
+		}
+		return NULL;
+	}
+
+	DEBUG(4,(" session request ok\n"));
+
+	if (!cli_negprot(c)) {
+		DEBUG(0,("protocol negotiation failed\n"));
+		cli_shutdown(c);
+		return NULL;
+	}
+
+	if (!got_pass) {
+		char *pass = getpass("Password: ");
+		if (pass) {
+			pstrcpy(password, pass);
+		}
+	}
+
+	if (!cli_session_setup(c, username, 
+			       password, strlen(password),
+			       password, strlen(password),
+			       lp_workgroup())) {
+		DEBUG(0,("session setup failed: %s\n", cli_errstr(c)));
+		return NULL;
+	}
+
+	/*
+	 * These next two lines are needed to emulate
+	 * old client behaviour for people who have
+	 * scripts based on client output.
+	 * QUESTION ? Do we want to have a 'client compatibility
+	 * mode to turn these on/off ? JRA.
+	 */
+
+	if (*c->server_domain || *c->server_os || *c->server_type)
+		DEBUG(1,("Domain=[%s] OS=[%s] Server=[%s]\n",
+			c->server_domain,c->server_os,c->server_type));
+	
+	DEBUG(4,(" session setup ok\n"));
+
+	if (!cli_send_tconX(c, share, "?????",
+			    password, strlen(password)+1)) {
+		DEBUG(0,("tree connect failed: %s\n", cli_errstr(c)));
+		cli_shutdown(c);
+		return NULL;
+	}
+
+	DEBUG(4,(" tconx ok\n"));
+
+	return c;
+}
+
+static char *resultp;
+static file_info *f_info;
+
+void listfn(file_info *f, const char *s, void *state)
+{
+	if (strcmp(f->name,".") == 0) {
+		resultp[0] = '+';
+	} else if (strcmp(f->name,"..") == 0) {
+		resultp[1] = '+';		
+	} else {
+		resultp[2] = '+';
+	}
+	f_info = f;
+}
+
+static void get_real_name(struct cli_state *cli, 
+			  pstring long_name, fstring short_name)
+{
+	/* nasty hack to force level 260 listings - tridge */
+	cli->capabilities |= CAP_NT_SMBS;
+	if (max_protocol <= PROTOCOL_LANMAN1) {
+		cli_list_new(cli, "\\masktest\\*.*", aHIDDEN | aDIR, listfn, NULL);
+	} else {
+		cli_list_new(cli, "\\masktest\\*", aHIDDEN | aDIR, listfn, NULL);
+	}
+	if (f_info) {
+		fstrcpy(short_name, f_info->short_name);
+		strlower(short_name);
+		pstrcpy(long_name, f_info->name);
+		strlower(long_name);
+	}
+
+	if (*short_name == 0) {
+		fstrcpy(short_name, long_name);
+	}
+
+#if 0
+	if (!strchr_m(short_name,'.')) {
+		fstrcat(short_name,".");
+	}
+#endif
+}
+
+static void testpair(struct cli_state *cli, char *mask, char *file)
+{
+	int fnum;
+	fstring res1;
+	char *res2;
+	static int count;
+	fstring short_name;
+	pstring long_name;
+
+	count++;
+
+	fstrcpy(res1, "---");
+
+	fnum = cli_open(cli, file, O_CREAT|O_TRUNC|O_RDWR, 0);
+	if (fnum == -1) {
+		DEBUG(0,("Can't create %s\n", file));
+		return;
+	}
+	cli_close(cli, fnum);
+
+	resultp = res1;
+	fstrcpy(short_name, "");
+	f_info = NULL;
+	get_real_name(cli, long_name, short_name);
+	f_info = NULL;
+	fstrcpy(res1, "---");
+	cli_list(cli, mask, aHIDDEN | aDIR, listfn, NULL);
+
+	res2 = reg_test(cli, mask, long_name, short_name);
+
+	if (showall || strcmp(res1, res2)) {
+		DEBUG(0,("%s %s %d mask=[%s] file=[%s] rfile=[%s/%s]\n",
+			 res1, res2, count, mask, file, long_name, short_name));
+		if (die_on_error) exit(1);
+	}
+
+	cli_unlink(cli, file);
+
+	if (count % 100 == 0) DEBUG(0,("%d\n", count));
+}
+
+static void test_mask(int argc, char *argv[], 
+		      struct cli_state *cli)
+{
+	pstring mask, file;
+	int l1, l2, i, l;
+	int mc_len = strlen(maskchars);
+	int fc_len = strlen(filechars);
+
+	cli_mkdir(cli, "\\masktest");
+
+	cli_unlink(cli, "\\masktest\\*");
+
+	if (argc >= 2) {
+		while (argc >= 2) {
+			pstrcpy(mask,"\\masktest\\");
+			pstrcpy(file,"\\masktest\\");
+			pstrcat(mask, argv[0]);
+			pstrcat(file, argv[1]);
+			testpair(cli, mask, file);
+			argv += 2;
+			argc -= 2;
+		}
+		goto finished;
+	}
+
+	while (1) {
+		l1 = 1 + random() % 20;
+		l2 = 1 + random() % 20;
+		pstrcpy(mask,"\\masktest\\");
+		pstrcpy(file,"\\masktest\\");
+		l = strlen(mask);
+		for (i=0;i<l1;i++) {
+			mask[i+l] = maskchars[random() % mc_len];
+		}
+		mask[l+l1] = 0;
+
+		for (i=0;i<l2;i++) {
+			file[i+l] = filechars[random() % fc_len];
+		}
+		file[l+l2] = 0;
+
+		if (strcmp(file+l,".") == 0 || 
+		    strcmp(file+l,"..") == 0 ||
+		    strcmp(mask+l,"..") == 0) continue;
+
+		if (strspn(file+l, ".") == strlen(file+l)) continue;
+
+		testpair(cli, mask, file);
+		if (NumLoops && (--NumLoops == 0))
+			break;
+	}
+
+ finished:
+	cli_rmdir(cli, "\\masktest");
+}
+
+
+static void usage(void)
+{
+	printf(
+"Usage:\n\
+  masktest //server/share [options..]\n\
+  options:\n\
+	-d debuglevel\n\
+	-n numloops\n\
+        -W workgroup\n\
+        -U user%%pass\n\
+        -s seed\n\
+        -M max protocol\n\
+        -f filechars (default %s)\n\
+        -m maskchars (default %s)\n\
+	-v                             verbose mode\n\
+	-E                             die on error\n\
+        -a                             show all tests\n\
+\n\
+  This program tests wildcard matching between two servers. It generates\n\
+  random pairs of filenames/masks and tests that they match in the same\n\
+  way on the servers and internally\n\
+", 
+  filechars, maskchars);
+}
+
+/****************************************************************************
+  main program
+****************************************************************************/
+ int main(int argc,char *argv[])
+{
+	char *share;
+	struct cli_state *cli;	
+	extern char *optarg;
+	extern int optind;
+	extern BOOL AllowDebugChange;
+	int opt;
+	char *p;
+	int seed;
+
+	setlinebuf(stdout);
+
+	dbf = x_stderr;
+
+	DEBUGLEVEL = 0;
+	AllowDebugChange = False;
+
+	if (argc < 2 || argv[1][0] == '-') {
+		usage();
+		exit(1);
+	}
+
+	share = argv[1];
+
+	all_string_sub(share,"/","\\",0);
+
+	setup_logging(argv[0],True);
+
+	argc -= 1;
+	argv += 1;
+
+	lp_load(dyn_CONFIGFILE,True,False,False);
+	load_interfaces();
+
+	if (getenv("USER")) {
+		pstrcpy(username,getenv("USER"));
+	}
+
+	seed = time(NULL);
+
+	while ((opt = getopt(argc, argv, "n:d:U:s:hm:f:aoW:M:vE")) != EOF) {
+		switch (opt) {
+		case 'n':
+			NumLoops = atoi(optarg);
+			break;
+		case 'd':
+			DEBUGLEVEL = atoi(optarg);
+			break;
+		case 'E':
+			die_on_error = 1;
+			break;
+		case 'v':
+			verbose++;
+			break;
+		case 'M':
+			max_protocol = interpret_protocol(optarg, max_protocol);
+			break;
+		case 'U':
+			pstrcpy(username,optarg);
+			p = strchr_m(username,'%');
+			if (p) {
+				*p = 0;
+				pstrcpy(password, p+1);
+				got_pass = 1;
+			}
+			break;
+		case 's':
+			seed = atoi(optarg);
+			break;
+		case 'h':
+			usage();
+			exit(1);
+		case 'm':
+			maskchars = optarg;
+			break;
+		case 'f':
+			filechars = optarg;
+			break;
+		case 'a':
+			showall = 1;
+			break;
+		case 'o':
+			old_list = True;
+			break;
+		default:
+			printf("Unknown option %c (%d)\n", (char)opt, opt);
+			exit(1);
+		}
+	}
+
+	argc -= optind;
+	argv += optind;
+
+
+	cli = connect_one(share);
+	if (!cli) {
+		DEBUG(0,("Failed to connect to %s\n", share));
+		exit(1);
+	}
+
+	/* need to init seed after connect as clientgen uses random numbers */
+	DEBUG(0,("seed=%d\n", seed));
+	srandom(seed);
+
+	test_mask(argc, argv, cli);
+
+	return(0);
+}
diff --git a/source3/torture/msgtest.c b/source3/torture/msgtest.c
new file mode 100644
index 0000000000..8abb0a20d2
--- /dev/null
+++ b/source3/torture/msgtest.c
@@ -0,0 +1,91 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Copyright (C) Andrew Tridgell 2000
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+/*
+  test code for internal messaging
+ */
+
+#define NO_SYSLOG
+
+#include "includes.h"
+
+static int pong_count;
+
+/****************************************************************************
+a useful function for testing the message system
+****************************************************************************/
+void pong_message(int msg_type, pid_t src, void *buf, size_t len)
+{
+	pong_count++;
+}
+
+ int main(int argc, char *argv[])
+{
+	pid_t pid;
+	int i, n;
+	char buf[12];
+
+	setup_logging(argv[0],True);
+	
+	lp_load(dyn_CONFIGFILE,False,False,False);
+
+	message_init();
+
+	if (argc != 3) {
+		fprintf(stderr, "%s: Usage - %s pid count\n", argv[0], argv[0]);
+		exit(1);
+	}
+
+	pid = atoi(argv[1]);
+	n = atoi(argv[2]);
+
+	message_register(MSG_PONG, pong_message);
+
+	for (i=0;i<n;i++) {
+		message_send_pid(pid, MSG_PING, NULL, 0, True);
+	}
+
+	while (pong_count < i) {
+		message_dispatch();
+		msleep(1);
+	}
+
+	/* Now test that the duplicate filtering code works. */
+	pong_count = 0;
+
+	safe_strcpy(buf, "1234567890", sizeof(buf)-1);
+
+	for (i=0;i<n;i++) {
+		message_send_pid(getpid(), MSG_PING, NULL, 0, False);
+		message_send_pid(getpid(), MSG_PING, buf, 11, False);
+	}
+
+	for (i=0;i<n;i++) {
+		message_dispatch();
+		msleep(1);
+	}
+
+	if (pong_count != 2) {
+		fprintf(stderr, "Duplicate filter failed (%d).\n", pong_count);
+		exit(1);
+	}
+
+	return (0);
+}
+
diff --git a/source3/torture/nbio.c b/source3/torture/nbio.c
new file mode 100644
index 0000000000..0d6955c879
--- /dev/null
+++ b/source3/torture/nbio.c
@@ -0,0 +1,306 @@
+#define NBDEBUG 0
+
+/* 
+   Unix SMB/CIFS implementation.
+   SMB torture tester
+   Copyright (C) Andrew Tridgell 1997-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#define NO_SYSLOG
+
+#include "includes.h"
+
+#define MAX_FILES 1000
+
+static char buf[70000];
+extern int line_count;
+extern int nbio_id;
+static int nprocs;
+
+static struct {
+	int fd;
+	int handle;
+} ftable[MAX_FILES];
+
+static struct {
+	double bytes_in, bytes_out;
+	int line;
+	int done;
+} *children;
+
+double nbio_total(void)
+{
+	int i;
+	double total = 0;
+	for (i=0;i<nprocs;i++) {
+		total += children[i].bytes_out + children[i].bytes_in;
+	}
+	return total;
+}
+
+void nb_alarm(void)
+{
+	int i;
+	int lines=0, num_clients=0;
+	if (nbio_id != -1) return;
+
+	for (i=0;i<nprocs;i++) {
+		lines += children[i].line;
+		if (!children[i].done) num_clients++;
+	}
+
+	printf("%4d  %8d  %.2f MB/sec\r", num_clients, lines/nprocs, 1.0e-6 * nbio_total() / end_timer());
+
+	signal(SIGALRM, nb_alarm);
+	alarm(1);	
+}
+
+void nbio_shmem(int n)
+{
+	nprocs = n;
+	children = shm_setup(sizeof(*children) * nprocs);
+	if (!children) {
+		printf("Failed to setup shared memory!\n");
+		exit(1);
+	}
+}
+
+static int find_handle(int handle)
+{
+	int i;
+	children[nbio_id].line = line_count;
+	for (i=0;i<MAX_FILES;i++) {
+		if (ftable[i].handle == handle) return i;
+	}
+	printf("(%d) ERROR: handle %d was not found\n", 
+	       line_count, handle);
+	exit(1);
+
+	return -1;		/* Not reached */
+}
+
+
+static struct cli_state *c;
+
+static void sigsegv(int sig)
+{
+	char line[200];
+	printf("segv at line %d\n", line_count);
+	slprintf(line, sizeof(line), "/usr/X11R6/bin/xterm -e gdb /proc/%d/exe %d", 
+		(int)getpid(), (int)getpid());
+	system(line);
+	exit(1);
+}
+
+void nb_setup(struct cli_state *cli)
+{
+	signal(SIGSEGV, sigsegv);
+	c = cli;
+	start_timer();
+	children[nbio_id].done = 0;
+}
+
+
+void nb_unlink(char *fname)
+{
+	if (!cli_unlink(c, fname)) {
+#if NBDEBUG
+		printf("(%d) unlink %s failed (%s)\n", 
+		       line_count, fname, cli_errstr(c));
+#endif
+	}
+}
+
+
+void nb_createx(char *fname, 
+		unsigned create_options, unsigned create_disposition, int handle)
+{
+	int fd, i;
+	uint32 desired_access;
+
+	if (create_options & FILE_DIRECTORY_FILE) {
+		desired_access = FILE_READ_DATA;
+	} else {
+		desired_access = FILE_READ_DATA | FILE_WRITE_DATA;
+	}
+
+	fd = cli_nt_create_full(c, fname, 
+				desired_access,
+				0x0,
+				FILE_SHARE_READ|FILE_SHARE_WRITE, 
+				create_disposition, 
+				create_options);
+	if (fd == -1 && handle != -1) {
+		printf("ERROR: cli_nt_create_full failed for %s - %s\n",
+		       fname, cli_errstr(c));
+		exit(1);
+	}
+	if (fd != -1 && handle == -1) {
+		printf("ERROR: cli_nt_create_full succeeded for %s\n", fname);
+		exit(1);
+	}
+	if (fd == -1) return;
+
+	for (i=0;i<MAX_FILES;i++) {
+		if (ftable[i].handle == 0) break;
+	}
+	if (i == MAX_FILES) {
+		printf("(%d) file table full for %s\n", line_count, 
+		       fname);
+		exit(1);
+	}
+	ftable[i].handle = handle;
+	ftable[i].fd = fd;
+}
+
+void nb_writex(int handle, int offset, int size, int ret_size)
+{
+	int i;
+
+	if (buf[0] == 0) memset(buf, 1, sizeof(buf));
+
+	i = find_handle(handle);
+	if (cli_write(c, ftable[i].fd, 0, buf, offset, size) != ret_size) {
+		printf("(%d) ERROR: write failed on handle %d, fd %d \
+errno %d (%s)\n", line_count, handle, ftable[i].fd, errno, strerror(errno));
+		exit(1);
+	}
+
+	children[nbio_id].bytes_out += ret_size;
+}
+
+void nb_readx(int handle, int offset, int size, int ret_size)
+{
+	int i, ret;
+
+	i = find_handle(handle);
+	if ((ret=cli_read(c, ftable[i].fd, buf, offset, size)) != ret_size) {
+		printf("(%d) ERROR: read failed on handle %d ofs=%d size=%d res=%d fd %d errno %d (%s)\n",
+			line_count, handle, offset, size, ret, ftable[i].fd, errno, strerror(errno));
+		exit(1);
+	}
+	children[nbio_id].bytes_in += ret_size;
+}
+
+void nb_close(int handle)
+{
+	int i;
+	i = find_handle(handle);
+	if (!cli_close(c, ftable[i].fd)) {
+		printf("(%d) close failed on handle %d\n", line_count, handle);
+		exit(1);
+	}
+	ftable[i].handle = 0;
+}
+
+void nb_rmdir(char *fname)
+{
+	if (!cli_rmdir(c, fname)) {
+		printf("ERROR: rmdir %s failed (%s)\n", 
+		       fname, cli_errstr(c));
+		exit(1);
+	}
+}
+
+void nb_rename(char *old, char *new)
+{
+	if (!cli_rename(c, old, new)) {
+		printf("ERROR: rename %s %s failed (%s)\n", 
+		       old, new, cli_errstr(c));
+		exit(1);
+	}
+}
+
+
+void nb_qpathinfo(char *fname)
+{
+	cli_qpathinfo(c, fname, NULL, NULL, NULL, NULL, NULL);
+}
+
+void nb_qfileinfo(int fnum)
+{
+	int i;
+	i = find_handle(fnum);
+	cli_qfileinfo(c, ftable[i].fd, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
+}
+
+void nb_qfsinfo(int level)
+{
+	int bsize, total, avail;
+	/* this is not the right call - we need cli_qfsinfo() */
+	cli_dskattr(c, &bsize, &total, &avail);
+}
+
+static void find_fn(file_info *finfo, const char *name, void *state)
+{
+	/* noop */
+}
+
+void nb_findfirst(char *mask)
+{
+	cli_list(c, mask, 0, find_fn, NULL);
+}
+
+void nb_flush(int fnum)
+{
+	int i;
+	i = find_handle(fnum);
+	/* hmmm, we don't have cli_flush() yet */
+}
+
+static int total_deleted;
+
+static void delete_fn(file_info *finfo, const char *name, void *state)
+{
+	char *s, *n;
+	if (finfo->name[0] == '.') return;
+
+	n = strdup(name);
+	n[strlen(n)-1] = 0;
+	asprintf(&s, "%s%s", n, finfo->name);
+	if (finfo->mode & aDIR) {
+		char *s2;
+		asprintf(&s2, "%s\\*", s);
+		cli_list(c, s2, aDIR, delete_fn, NULL);
+		nb_rmdir(s);
+	} else {
+		total_deleted++;
+		nb_unlink(s);
+	}
+	free(s);
+	free(n);
+}
+
+void nb_deltree(char *dname)
+{
+	char *mask;
+	asprintf(&mask, "%s\\*", dname);
+
+	total_deleted = 0;
+	cli_list(c, mask, aDIR, delete_fn, NULL);
+	free(mask);
+	cli_rmdir(c, dname);
+
+	if (total_deleted) printf("WARNING: Cleaned up %d files\n", total_deleted);
+}
+
+
+void nb_cleanup(void)
+{
+	cli_rmdir(c, "clients");
+	children[nbio_id].done = 1;
+}
diff --git a/source3/torture/nsstest.c b/source3/torture/nsstest.c
new file mode 100644
index 0000000000..3aeaa177a1
--- /dev/null
+++ b/source3/torture/nsstest.c
@@ -0,0 +1,410 @@
+/* 
+   Unix SMB/CIFS implementation.
+   nss tester for winbindd
+   Copyright (C) Andrew Tridgell 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+static char *so_path = "/lib/libnss_winbind.so";
+static char *nss_name = "winbind";
+static int nss_errno;
+static NSS_STATUS last_error;
+static int total_errors;
+
+static void *find_fn(const char *name)
+{
+	char s[1024];
+	static void *h;
+	void *res;
+
+	snprintf(s,sizeof(s), "_nss_%s_%s", nss_name, name);
+
+	if (!h) {
+		h = dlopen(so_path, RTLD_LAZY);
+	}
+	if (!h) {
+		printf("Can't open shared library %s\n", so_path);
+		exit(1);
+	}
+	res = dlsym(h, s);
+	if (!res) {
+		printf("Can't find function %s\n", s);
+		return NULL;
+	}
+	return res;
+}
+
+static void report_nss_error(const char *who, NSS_STATUS status)
+{
+	last_error = status;
+	total_errors++;
+	printf("ERROR %s: NSS_STATUS=%d  %d (nss_errno=%d)\n", 
+	       who, status, NSS_STATUS_SUCCESS, nss_errno);
+}
+
+static struct passwd *nss_getpwent(void)
+{
+	NSS_STATUS (*_nss_getpwent_r)(struct passwd *, char *, 
+				      size_t , int *) = find_fn("getpwent_r");
+	static struct passwd pwd;
+	static char buf[1000];
+	NSS_STATUS status;
+
+	status = _nss_getpwent_r(&pwd, buf, sizeof(buf), &nss_errno);
+	if (status == NSS_STATUS_NOTFOUND) {
+		return NULL;
+	}
+	if (status != NSS_STATUS_SUCCESS) {
+		report_nss_error("getpwent", status);
+		return NULL;
+	}
+	return &pwd;
+}
+
+static struct passwd *nss_getpwnam(const char *name)
+{
+	NSS_STATUS (*_nss_getpwnam_r)(const char *, struct passwd *, char *, 
+				      size_t , int *) = find_fn("getpwnam_r");
+	static struct passwd pwd;
+	static char buf[1000];
+	NSS_STATUS status;
+	
+	status = _nss_getpwnam_r(name, &pwd, buf, sizeof(buf), &nss_errno);
+	if (status == NSS_STATUS_NOTFOUND) {
+		return NULL;
+	}
+	if (status != NSS_STATUS_SUCCESS) {
+		report_nss_error("getpwnam", status);
+		return NULL;
+	}
+	return &pwd;
+}
+
+static struct passwd *nss_getpwuid(uid_t uid)
+{
+	NSS_STATUS (*_nss_getpwuid_r)(uid_t , struct passwd *, char *, 
+				      size_t , int *) = find_fn("getpwuid_r");
+	static struct passwd pwd;
+	static char buf[1000];
+	NSS_STATUS status;
+	
+	status = _nss_getpwuid_r(uid, &pwd, buf, sizeof(buf), &nss_errno);
+	if (status == NSS_STATUS_NOTFOUND) {
+		return NULL;
+	}
+	if (status != NSS_STATUS_SUCCESS) {
+		report_nss_error("getpwuid", status);
+		return NULL;
+	}
+	return &pwd;
+}
+
+static void nss_setpwent(void)
+{
+	NSS_STATUS (*_nss_setpwent)(void) = find_fn("setpwent");
+	NSS_STATUS status;
+	status = _nss_setpwent();
+	if (status != NSS_STATUS_SUCCESS) {
+		report_nss_error("setpwent", status);
+	}
+}
+
+static void nss_endpwent(void)
+{
+	NSS_STATUS (*_nss_endpwent)(void) = find_fn("endpwent");
+	NSS_STATUS status;
+	status = _nss_endpwent();
+	if (status != NSS_STATUS_SUCCESS) {
+		report_nss_error("endpwent", status);
+	}
+}
+
+
+static struct group *nss_getgrent(void)
+{
+	NSS_STATUS (*_nss_getgrent_r)(struct group *, char *, 
+				      size_t , int *) = find_fn("getgrent_r");
+	static struct group grp;
+	static char *buf;
+	static int buflen = 1024;
+	NSS_STATUS status;
+
+	if (!buf) buf = malloc(buflen);
+
+again:	
+	status = _nss_getgrent_r(&grp, buf, buflen, &nss_errno);
+	if (status == NSS_STATUS_TRYAGAIN) {
+		buflen *= 2;
+		buf = realloc(buf, buflen);
+		goto again;
+	}
+	if (status == NSS_STATUS_NOTFOUND) {
+		return NULL;
+	}
+	if (status != NSS_STATUS_SUCCESS) {
+		report_nss_error("getgrent", status);
+		return NULL;
+	}
+	return &grp;
+}
+
+static struct group *nss_getgrnam(const char *name)
+{
+	NSS_STATUS (*_nss_getgrnam_r)(const char *, struct group *, char *, 
+				      size_t , int *) = find_fn("getgrnam_r");
+	static struct group grp;
+	static char *buf;
+	static int buflen = 1000;
+	NSS_STATUS status;
+
+	if (!buf) buf = malloc(buflen);
+again:	
+	status = _nss_getgrnam_r(name, &grp, buf, buflen, &nss_errno);
+	if (status == NSS_STATUS_TRYAGAIN) {
+		buflen *= 2;
+		buf = realloc(buf, buflen);
+		goto again;
+	}
+	if (status == NSS_STATUS_NOTFOUND) {
+		return NULL;
+	}
+	if (status != NSS_STATUS_SUCCESS) {
+		report_nss_error("getgrnam", status);
+		return NULL;
+	}
+	return &grp;
+}
+
+static struct group *nss_getgrgid(gid_t gid)
+{
+	NSS_STATUS (*_nss_getgrgid_r)(gid_t , struct group *, char *, 
+				      size_t , int *) = find_fn("getgrgid_r");
+	static struct group grp;
+	static char *buf;
+	static int buflen = 1000;
+	NSS_STATUS status;
+	
+	if (!buf) buf = malloc(buflen);
+again:	
+	status = _nss_getgrgid_r(gid, &grp, buf, buflen, &nss_errno);
+	if (status == NSS_STATUS_TRYAGAIN) {
+		buflen *= 2;
+		buf = realloc(buf, buflen);
+		goto again;
+	}
+	if (status == NSS_STATUS_NOTFOUND) {
+		return NULL;
+	}
+	if (status != NSS_STATUS_SUCCESS) {
+		report_nss_error("getgrgid", status);
+		return NULL;
+	}
+	return &grp;
+}
+
+static void nss_setgrent(void)
+{
+	NSS_STATUS (*_nss_setgrent)(void) = find_fn("setgrent");
+	NSS_STATUS status;
+	status = _nss_setgrent();
+	if (status != NSS_STATUS_SUCCESS) {
+		report_nss_error("setgrent", status);
+	}
+}
+
+static void nss_endgrent(void)
+{
+	NSS_STATUS (*_nss_endgrent)(void) = find_fn("endgrent");
+	NSS_STATUS status;
+	status = _nss_endgrent();
+	if (status != NSS_STATUS_SUCCESS) {
+		report_nss_error("endgrent", status);
+	}
+}
+
+static int nss_initgroups(char *user, gid_t group, gid_t **groups, long int *start, long int *size)
+{
+	NSS_STATUS (*_nss_initgroups)(char *, gid_t , long int *,
+				      long int *, gid_t **, long int , int *) = 
+		find_fn("initgroups_dyn");
+	NSS_STATUS status;
+
+	if (!_nss_initgroups) return NSS_STATUS_UNAVAIL;
+
+	status = _nss_initgroups(user, group, start, size, groups, 0, &nss_errno);
+	if (status != NSS_STATUS_SUCCESS) {
+		report_nss_error("initgroups", status);
+	}
+	return status;
+}
+
+static void print_passwd(struct passwd *pwd)
+{
+	printf("%s:%s:%d:%d:%s:%s:%s\n", 
+	       pwd->pw_name,
+	       pwd->pw_passwd,
+	       pwd->pw_uid,
+	       pwd->pw_gid,
+	       pwd->pw_gecos,
+	       pwd->pw_dir,
+	       pwd->pw_shell);
+}
+
+static void print_group(struct group *grp)
+{
+	int i;
+	printf("%s:%s:%d: ", 
+	       grp->gr_name,
+	       grp->gr_passwd,
+	       grp->gr_gid);
+	
+	if (!grp->gr_mem[0]) {
+		printf("\n");
+		return;
+	}
+	
+	for (i=0; grp->gr_mem[i+1]; i++) {
+		printf("%s, ", grp->gr_mem[i]);
+	}
+	printf("%s\n", grp->gr_mem[i]);
+}
+
+static void nss_test_initgroups(char *name, gid_t gid)
+{
+	long int size = 16;
+	long int start = 1;
+	gid_t *groups = NULL;
+	int i;
+	NSS_STATUS status;
+
+	groups = (gid_t *)malloc(size * sizeof(gid_t));
+	groups[0] = gid;
+
+	status = nss_initgroups(name, gid, &groups, &start, &size);
+	if (status == NSS_STATUS_UNAVAIL) {
+		printf("No initgroups fn\n");
+		return;
+	}
+
+	for (i=0; i<start-1; i++) {
+		printf("%d, ", groups[i]);
+	}
+	printf("%d\n", groups[i]);
+}
+
+
+static void nss_test_users(void)
+{
+	struct passwd *pwd;
+
+	nss_setpwent();
+	/* loop over all users */
+	while ((pwd = nss_getpwent())) {
+		printf("Testing user %s\n", pwd->pw_name);
+		printf("getpwent:   "); print_passwd(pwd);
+		pwd = nss_getpwuid(pwd->pw_uid);
+		if (!pwd) {
+			total_errors++;
+			printf("ERROR: can't getpwuid\n");
+			continue;
+		}
+		printf("getpwuid:   "); print_passwd(pwd);
+		pwd = nss_getpwnam(pwd->pw_name);
+		if (!pwd) {
+			total_errors++;
+			printf("ERROR: can't getpwnam\n");
+			continue;
+		}
+		printf("getpwnam:   "); print_passwd(pwd);
+		printf("initgroups: "); nss_test_initgroups(pwd->pw_name, pwd->pw_gid);
+		printf("\n");
+	}
+	nss_endpwent();
+}
+
+static void nss_test_groups(void)
+{
+	struct group *grp;
+
+	nss_setgrent();
+	/* loop over all groups */
+	while ((grp = nss_getgrent())) {
+		printf("Testing group %s\n", grp->gr_name);
+		printf("getgrent: "); print_group(grp);
+		grp = nss_getgrnam(grp->gr_name);
+		if (!grp) {
+			total_errors++;
+			printf("ERROR: can't getgrnam\n");
+			continue;
+		}
+		printf("getgrnam: "); print_group(grp);
+		grp = nss_getgrgid(grp->gr_gid);
+		if (!grp) {
+			total_errors++;
+			printf("ERROR: can't getgrgid\n");
+			continue;
+		}
+		printf("getgrgid: "); print_group(grp);
+		printf("\n");
+	}
+	nss_endgrent();
+}
+
+static void nss_test_errors(void)
+{
+	struct passwd *pwd;
+	struct group *grp;
+
+	pwd = getpwnam("nosuchname");
+	if (pwd || last_error != NSS_STATUS_NOTFOUND) {
+		total_errors++;
+		printf("ERROR Non existant user gave error %d\n", last_error);
+	}
+
+	pwd = getpwuid(0xFFF0);
+	if (pwd || last_error != NSS_STATUS_NOTFOUND) {
+		total_errors++;
+		printf("ERROR Non existant uid gave error %d\n", last_error);
+	}
+
+	grp = getgrnam("nosuchgroup");
+	if (grp || last_error != NSS_STATUS_NOTFOUND) {
+		total_errors++;
+		printf("ERROR Non existant group gave error %d\n", last_error);
+	}
+
+	grp = getgrgid(0xFFF0);
+	if (grp || last_error != NSS_STATUS_NOTFOUND) {
+		total_errors++;
+		printf("ERROR Non existant gid gave error %d\n", last_error);
+	}
+}
+
+ int main(int argc, char *argv[])
+{	
+	if (argc > 1) so_path = argv[1];
+	if (argc > 2) nss_name = argv[2];
+
+	nss_test_users();
+	nss_test_groups();
+	nss_test_errors();
+
+	printf("total_errors=%d\n", total_errors);
+
+	return total_errors;
+}
diff --git a/source3/torture/rpctorture.c b/source3/torture/rpctorture.c
new file mode 100644
index 0000000000..d984ea2842
--- /dev/null
+++ b/source3/torture/rpctorture.c
@@ -0,0 +1,545 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB client
+   Copyright (C) Andrew Tridgell 1994-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+#ifndef REGISTER
+#define REGISTER 0
+#endif
+
+extern pstring global_myname;
+
+extern pstring user_socket_options;
+
+
+extern file_info def_finfo;
+
+#define CNV_LANG(s) dos2unix_format(s,False)
+#define CNV_INPUT(s) unix2dos_format(s,True)
+
+static struct cli_state smbcli;
+struct cli_state *smb_cli = &smbcli;
+
+FILE *out_hnd;
+
+static pstring password; /* local copy only, if one is entered */
+
+/****************************************************************************
+initialise smb client structure
+****************************************************************************/
+void rpcclient_init(void)
+{
+	memset((char *)smb_cli, '\0', sizeof(smb_cli));
+	cli_initialise(smb_cli);
+	smb_cli->capabilities |= CAP_NT_SMBS;
+}
+
+/****************************************************************************
+make smb client connection
+****************************************************************************/
+static BOOL rpcclient_connect(struct client_info *info)
+{
+	struct nmb_name calling;
+	struct nmb_name called;
+
+	make_nmb_name(&called , dns_to_netbios_name(info->dest_host ), info->name_type);
+	make_nmb_name(&calling, dns_to_netbios_name(info->myhostname), 0x0);
+
+	if (!cli_establish_connection(smb_cli, 
+	                          info->dest_host, &info->dest_ip, 
+	                          &calling, &called,
+	                          info->share, info->svc_type,
+	                          False, True))
+	{
+		DEBUG(0,("rpcclient_connect: connection failed\n"));
+		cli_shutdown(smb_cli);
+		return False;
+	}
+
+	return True;
+}
+
+/****************************************************************************
+stop the smb connection(s?)
+****************************************************************************/
+static void rpcclient_stop(void)
+{
+	cli_shutdown(smb_cli);
+}
+
+/****************************************************************************
+  log in as an nt user, log out again. 
+****************************************************************************/
+void run_enums_test(int num_ops, struct client_info *cli_info, struct cli_state *cli)
+{
+	pstring cmd;
+	int i;
+
+	/* establish connections.  nothing to stop these being re-established. */
+	rpcclient_connect(cli_info);
+
+	DEBUG(5,("rpcclient_connect: cli->fd:%d\n", cli->fd));
+	if (cli->fd <= 0)
+	{
+		fprintf(out_hnd, "warning: connection could not be established to %s<%02x>\n",
+		                 cli_info->dest_host, cli_info->name_type);
+		return;
+	}
+	
+	for (i = 0; i < num_ops; i++)
+	{
+		set_first_token("");
+		cmd_srv_enum_sess(cli_info);
+		set_first_token("");
+		cmd_srv_enum_shares(cli_info);
+		set_first_token("");
+		cmd_srv_enum_files(cli_info);
+
+		if (password[0] != 0)
+		{
+			slprintf(cmd, sizeof(cmd)-1, "1");
+			set_first_token(cmd);
+		}
+		else
+		{
+			set_first_token("");
+		}
+		cmd_srv_enum_conn(cli_info);
+	}
+
+	rpcclient_stop();
+
+}
+
+/****************************************************************************
+  log in as an nt user, log out again. 
+****************************************************************************/
+void run_ntlogin_test(int num_ops, struct client_info *cli_info, struct cli_state *cli)
+{
+	pstring cmd;
+	int i;
+
+	/* establish connections.  nothing to stop these being re-established. */
+	rpcclient_connect(cli_info);
+
+	DEBUG(5,("rpcclient_connect: cli->fd:%d\n", cli->fd));
+	if (cli->fd <= 0)
+	{
+		fprintf(out_hnd, "warning: connection could not be established to %s<%02x>\n",
+		                 cli_info->dest_host, cli_info->name_type);
+		return;
+	}
+	
+	for (i = 0; i < num_ops; i++)
+	{
+		slprintf(cmd, sizeof(cmd)-1, "%s %s", cli->user_name, password);
+		set_first_token(cmd);
+
+		cmd_netlogon_login_test(cli_info);
+	}
+
+	rpcclient_stop();
+
+}
+
+/****************************************************************************
+  runs n simultaneous functions.
+****************************************************************************/
+static void create_procs(int nprocs, int numops, 
+		struct client_info *cli_info, struct cli_state *cli,
+		void (*fn)(int, struct client_info *, struct cli_state *))
+{
+	int i, status;
+
+	for (i=0;i<nprocs;i++)
+	{
+		if (fork() == 0)
+		{
+			pid_t mypid = getpid();
+			sys_srandom(mypid ^ time(NULL));
+			fn(numops, cli_info, cli);
+			fflush(out_hnd);
+			_exit(0);
+		}
+	}
+
+	for (i=0;i<nprocs;i++)
+	{
+		waitpid(0, &status, 0);
+	}
+}
+/****************************************************************************
+usage on the program - OUT OF DATE!
+****************************************************************************/
+static void usage(char *pname)
+{
+  fprintf(out_hnd, "Usage: %s service <password> [-d debuglevel] [-l log] ",
+	   pname);
+
+  fprintf(out_hnd, "\nVersion %s\n",VERSION);
+  fprintf(out_hnd, "\t-d debuglevel         set the debuglevel\n");
+  fprintf(out_hnd, "\t-l log basename.      Basename for log/debug files\n");
+  fprintf(out_hnd, "\t-n netbios name.      Use this name as my netbios name\n");
+  fprintf(out_hnd, "\t-m max protocol       set the max protocol level\n");
+  fprintf(out_hnd, "\t-I dest IP            use this IP to connect to\n");
+  fprintf(out_hnd, "\t-E                    write messages to stderr instead of stdout\n");
+  fprintf(out_hnd, "\t-U username           set the network username\n");
+  fprintf(out_hnd, "\t-W workgroup          set the workgroup name\n");
+  fprintf(out_hnd, "\t-t terminal code      terminal i/o code {sjis|euc|jis7|jis8|junet|hex}\n");
+  fprintf(out_hnd, "\n");
+}
+
+enum client_action
+{
+	CLIENT_NONE,
+	CLIENT_IPC,
+	CLIENT_SVC
+};
+
+/****************************************************************************
+  main program
+****************************************************************************/
+ int main(int argc,char *argv[])
+{
+	char *pname = argv[0];
+	int opt;
+	extern char *optarg;
+	extern int optind;
+	pstring term_code;
+	BOOL got_pass = False;
+	char *cmd_str="";
+	mode_t myumask = 0755;
+	enum client_action cli_action = CLIENT_NONE;
+	int nprocs = 1;
+	int numops = 100;
+	pstring logfile;
+
+	struct client_info cli_info;
+
+	out_hnd = stdout;
+
+	rpcclient_init();
+
+#ifdef KANJI
+	pstrcpy(term_code, KANJI);
+#else /* KANJI */
+	*term_code = 0;
+#endif /* KANJI */
+
+	if (!lp_load(dyn_CONFIGFILE,True, False, False))
+	{
+		fprintf(stderr, "Can't load %s - run testparm to debug it\n", dyn_CONFIGFILE);
+	}
+
+	DEBUGLEVEL = 0;
+
+	cli_info.put_total_size = 0;
+	cli_info.put_total_time_ms = 0;
+	cli_info.get_total_size = 0;
+	cli_info.get_total_time_ms = 0;
+
+	cli_info.dir_total = 0;
+	cli_info.newer_than = 0;
+	cli_info.archive_level = 0;
+	cli_info.print_mode = 1;
+
+	cli_info.translation = False;
+	cli_info.recurse_dir = False;
+	cli_info.lowercase = False;
+	cli_info.prompt = True;
+	cli_info.abort_mget = True;
+
+	cli_info.dest_ip.s_addr = 0;
+	cli_info.name_type = 0x20;
+
+	pstrcpy(cli_info.cur_dir , "\\");
+	pstrcpy(cli_info.file_sel, "");
+	pstrcpy(cli_info.base_dir, "");
+	pstrcpy(smb_cli->domain, "");
+	pstrcpy(smb_cli->user_name, "");
+	pstrcpy(cli_info.myhostname, "");
+	pstrcpy(cli_info.dest_host, "");
+
+	pstrcpy(cli_info.svc_type, "A:");
+	pstrcpy(cli_info.share, "");
+	pstrcpy(cli_info.service, "");
+
+	ZERO_STRUCT(cli_info.dom.level3_sid);
+	pstrcpy(cli_info.dom.level3_dom, "");
+	ZERO_STRUCT(cli_info.dom.level5_sid);
+	pstrcpy(cli_info.dom.level5_dom, "");
+
+	smb_cli->nt_pipe_fnum   = 0xffff;
+
+	setup_logging(pname, True);
+
+	myumask = umask(0);
+	umask(myumask);
+
+	if (!get_myname(global_myname))
+	{
+		fprintf(stderr, "Failed to get my hostname.\n");
+	}
+
+	password[0] = 0;
+
+	if (argc < 2)
+	{
+		usage(pname);
+		exit(1);
+	}
+
+	if (*argv[1] != '-')
+	{
+		pstrcpy(cli_info.service, argv[1]);  
+		/* Convert any '/' characters in the service name to '\' characters */
+		string_replace( cli_info.service, '/','\\');
+		argc--;
+		argv++;
+
+		DEBUG(1,("service: %s\n", cli_info.service));
+
+		if (count_chars(cli_info.service,'\\') < 3)
+		{
+			usage(pname);
+			printf("\n%s: Not enough '\\' characters in service\n", cli_info.service);
+			exit(1);
+		}
+
+		/*
+		if (count_chars(cli_info.service,'\\') > 3)
+		{
+			usage(pname);
+			printf("\n%s: Too many '\\' characters in service\n", cli_info.service);
+			exit(1);
+		}
+		*/
+
+		if (argc > 1 && (*argv[1] != '-'))
+		{
+			got_pass = True;
+			pstrcpy(password,argv[1]);  
+			memset(argv[1],'X',strlen(argv[1]));
+			argc--;
+			argv++;
+		}
+
+		cli_action = CLIENT_SVC;
+	}
+
+	while ((opt = getopt(argc, argv,"s:O:M:S:i:N:o:n:d:l:hI:EB:U:L:t:m:W:T:D:c:")) != EOF)
+	{
+		switch (opt)
+		{
+			case 'm':
+			{
+				/* FIXME ... max_protocol seems to be funny here */
+
+				int max_protocol = 0;
+				max_protocol = interpret_protocol(optarg,max_protocol);
+				fprintf(stderr, "max protocol not currently supported\n");
+				break;
+			}
+
+			case 'O':
+			{
+				pstrcpy(user_socket_options,optarg);
+				break;	
+			}
+
+			case 'S':
+			{
+				pstrcpy(cli_info.dest_host,optarg);
+				strupper(cli_info.dest_host);
+				cli_action = CLIENT_IPC;
+				break;
+			}
+
+			case 'i':
+			{
+				pstrcpy(scope, optarg);
+				break;
+			}
+
+			case 'U':
+			{
+				char *lp;
+				pstrcpy(smb_cli->user_name,optarg);
+				if ((lp=strchr_m(smb_cli->user_name,'%')))
+				{
+					*lp = 0;
+					pstrcpy(password,lp+1);
+					got_pass = True;
+					memset(strchr_m(optarg,'%')+1,'X',strlen(password));
+				}
+				break;
+			}
+
+			case 'W':
+			{
+				pstrcpy(smb_cli->domain,optarg);
+				break;
+			}
+
+			case 'E':
+			{
+				dbf = x_stderr;
+				break;
+			}
+
+			case 'I':
+			{
+				cli_info.dest_ip = *interpret_addr2(optarg);
+				if (is_zero_ip(cli_info.dest_ip))
+				{
+					exit(1);
+				}
+				break;
+			}
+
+			case 'N':
+			{
+				nprocs = atoi(optarg);
+				break;
+			}
+
+			case 'o':
+			{
+				numops = atoi(optarg);
+				break;
+			}
+
+			case 'n':
+			{
+				fstrcpy(global_myname, optarg);
+				break;
+			}
+
+			case 'd':
+			{
+				if (*optarg == 'A')
+					DEBUGLEVEL = 10000;
+				else
+					DEBUGLEVEL = atoi(optarg);
+				break;
+			}
+
+			case 'l':
+			{
+				slprintf(logfile, sizeof(logfile)-1,
+				         "%s.client",optarg);
+				lp_set_logfile(logfile);
+				break;
+			}
+
+			case 'c':
+			{
+				cmd_str = optarg;
+				got_pass = True;
+				break;
+			}
+
+			case 'h':
+			{
+				usage(pname);
+				exit(0);
+				break;
+			}
+
+			case 's':
+			{
+				pstrcpy(dyn_CONFIGFILE, optarg);
+				break;
+			}
+
+			case 't':
+			{
+				pstrcpy(term_code, optarg);
+				break;
+			}
+
+			default:
+			{
+				usage(pname);
+				exit(1);
+				break;
+			}
+		}
+	}
+
+	if (cli_action == CLIENT_NONE)
+	{
+		usage(pname);
+		exit(1);
+	}
+
+	strupper(global_myname);
+	fstrcpy(cli_info.myhostname, global_myname);
+
+	DEBUG(3,("%s client started (version %s)\n",timestring(False),VERSION));
+
+	if (*smb_cli->domain == 0)
+	{
+		pstrcpy(smb_cli->domain,lp_workgroup());
+	}
+	strupper(smb_cli->domain);
+
+	load_interfaces();
+
+	if (cli_action == CLIENT_IPC)
+	{
+		pstrcpy(cli_info.share, "IPC$");
+		pstrcpy(cli_info.svc_type, "IPC");
+	}
+
+	fstrcpy(cli_info.mach_acct, cli_info.myhostname);
+	strupper(cli_info.mach_acct);
+	fstrcat(cli_info.mach_acct, "$");
+
+	/* set the password cache info */
+	if (got_pass)
+	{
+		if (password[0] == 0)
+		{
+			pwd_set_nullpwd(&(smb_cli->pwd));
+		}
+		else
+		{
+			pwd_make_lm_nt_16(&(smb_cli->pwd), password); /* generate 16 byte hashes */
+		}
+	}
+	else 
+	{
+		char *pwd = getpass("Enter Password:");
+		safe_strcpy(password, pwd, sizeof(password));
+		pwd_make_lm_nt_16(&(smb_cli->pwd), password); /* generate 16 byte hashes */
+	}
+
+	create_procs(nprocs, numops, &cli_info, smb_cli, run_enums_test);
+
+	if (password[0] != 0)
+	{
+		create_procs(nprocs, numops, &cli_info, smb_cli, run_ntlogin_test);
+	}
+
+	fflush(out_hnd);
+
+	return(0);
+}
diff --git a/source3/torture/scanner.c b/source3/torture/scanner.c
new file mode 100644
index 0000000000..4f4164ea33
--- /dev/null
+++ b/source3/torture/scanner.c
@@ -0,0 +1,430 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB torture tester - scanning functions
+   Copyright (C) Andrew Tridgell 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#define NO_SYSLOG
+
+#include "includes.h"
+
+#define VERBOSE 0
+#define OP_MIN 0
+#define OP_MAX 20
+
+/****************************************************************************
+look for a partial hit
+****************************************************************************/
+static void trans2_check_hit(char *format, int op, int level, NTSTATUS status)
+{
+	if (NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_INVALID_LEVEL) ||
+	    NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_NOT_IMPLEMENTED) ||
+	    NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_NOT_SUPPORTED) ||
+	    NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_UNSUCCESSFUL) ||
+	    NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_INVALID_INFO_CLASS)) {
+		return;
+	}
+#if VERBOSE
+	printf("possible %s hit op=%3d level=%5d status=%s\n",
+	       format, op, level, nt_errstr(status));
+#endif
+}
+
+/****************************************************************************
+check for existance of a trans2 call
+****************************************************************************/
+static NTSTATUS try_trans2(struct cli_state *cli, 
+			 int op,
+			 char *param, char *data,
+			 int param_len, int data_len,
+			 int *rparam_len, int *rdata_len)
+{
+	uint16 setup = op;
+	char *rparam=NULL, *rdata=NULL;
+
+	if (!cli_send_trans(cli, SMBtrans2, 
+                            NULL,                           /* name */
+                            -1, 0,                          /* fid, flags */
+                            &setup, 1, 0,                   /* setup, length, max */
+                            param, param_len, 2,            /* param, length, max */
+                            data, data_len, cli->max_xmit   /* data, length, max */
+                           )) {
+		return cli_nt_error(cli);
+	}
+
+	cli_receive_trans(cli, SMBtrans2,
+			   &rparam, rparam_len,
+			   &rdata, rdata_len);
+
+	SAFE_FREE(rdata);
+	SAFE_FREE(rparam);
+
+	return cli_nt_error(cli);
+}
+
+
+static NTSTATUS try_trans2_len(struct cli_state *cli, 
+			     char *format,
+			     int op, int level,
+			     char *param, char *data,
+			     int param_len, int *data_len,
+			     int *rparam_len, int *rdata_len)
+{
+	NTSTATUS ret=NT_STATUS_OK;
+
+	ret = try_trans2(cli, op, param, data, param_len,
+			 sizeof(pstring), rparam_len, rdata_len);
+#if VERBOSE 
+	printf("op=%d level=%d ret=%s\n", op, level, nt_errstr(ret));
+#endif
+	if (!NT_STATUS_IS_OK(ret)) return ret;
+
+	*data_len = 0;
+	while (*data_len < sizeof(pstring)) {
+		ret = try_trans2(cli, op, param, data, param_len,
+				 *data_len, rparam_len, rdata_len);
+		if (NT_STATUS_IS_OK(ret)) break;
+		*data_len += 2;
+	}
+	if (NT_STATUS_IS_OK(ret)) {
+		printf("found %s level=%d data_len=%d rparam_len=%d rdata_len=%d\n",
+		       format, level, *data_len, *rparam_len, *rdata_len);
+	} else {
+		trans2_check_hit(format, op, level, ret);
+	}
+	return ret;
+}
+
+/****************************************************************************
+check for existance of a trans2 call
+****************************************************************************/
+static BOOL scan_trans2(struct cli_state *cli, int op, int level, 
+			int fnum, int dnum, char *fname)
+{
+	int data_len = 0;
+	int param_len = 0;
+	int rparam_len, rdata_len;
+	pstring param, data;
+	NTSTATUS status;
+
+	memset(data, 0, sizeof(data));
+	data_len = 4;
+
+	/* try with a info level only */
+	param_len = 2;
+	SSVAL(param, 0, level);
+	status = try_trans2_len(cli, "void", op, level, param, data, param_len, &data_len, 
+			    &rparam_len, &rdata_len);
+	if (NT_STATUS_IS_OK(status)) return True;
+
+	/* try with a file descriptor */
+	param_len = 6;
+	SSVAL(param, 0, fnum);
+	SSVAL(param, 2, level);
+	SSVAL(param, 4, 0);
+	status = try_trans2_len(cli, "fnum", op, level, param, data, param_len, &data_len, 
+				&rparam_len, &rdata_len);
+	if (NT_STATUS_IS_OK(status)) return True;
+
+
+	/* try with a notify style */
+	param_len = 6;
+	SSVAL(param, 0, dnum);
+	SSVAL(param, 2, dnum);
+	SSVAL(param, 4, level);
+	status = try_trans2_len(cli, "notify", op, level, param, data, param_len, &data_len, 
+				&rparam_len, &rdata_len);
+	if (NT_STATUS_IS_OK(status)) return True;
+
+	/* try with a file name */
+	param_len = 6;
+	SSVAL(param, 0, level);
+	SSVAL(param, 2, 0);
+	SSVAL(param, 4, 0);
+	param_len += clistr_push(cli, &param[6], fname, -1, STR_TERMINATE);
+
+	status = try_trans2_len(cli, "fname", op, level, param, data, param_len, &data_len, 
+				&rparam_len, &rdata_len);
+	if (NT_STATUS_IS_OK(status)) return True;
+
+	/* try with a new file name */
+	param_len = 6;
+	SSVAL(param, 0, level);
+	SSVAL(param, 2, 0);
+	SSVAL(param, 4, 0);
+	param_len += clistr_push(cli, &param[6], "\\newfile.dat", -1, STR_TERMINATE);
+
+	status = try_trans2_len(cli, "newfile", op, level, param, data, param_len, &data_len, 
+				&rparam_len, &rdata_len);
+	cli_unlink(cli, "\\newfile.dat");
+	cli_rmdir(cli, "\\newfile.dat");
+	if (NT_STATUS_IS_OK(status)) return True;
+
+	/* try dfs style  */
+	cli_mkdir(cli, "\\testdir");
+	param_len = 2;
+	SSVAL(param, 0, level);
+	param_len += clistr_push(cli, &param[2], "\\testdir", -1, STR_TERMINATE);
+
+	status = try_trans2_len(cli, "dfs", op, level, param, data, param_len, &data_len, 
+				&rparam_len, &rdata_len);
+	cli_rmdir(cli, "\\testdir");
+	if (NT_STATUS_IS_OK(status)) return True;
+
+	return False;
+}
+
+
+BOOL torture_trans2_scan(int dummy)
+{
+	static struct cli_state cli;
+	int op, level;
+	char *fname = "\\scanner.dat";
+	int fnum, dnum;
+
+	printf("starting trans2 scan test\n");
+
+	if (!torture_open_connection(&cli)) {
+		return False;
+	}
+
+	fnum = cli_open(&cli, fname, O_RDWR | O_CREAT | O_TRUNC, 
+			 DENY_NONE);
+	dnum = cli_open(&cli, "\\", O_RDONLY, DENY_NONE);
+
+	for (op=OP_MIN; op<=OP_MAX; op++) {
+		printf("Scanning op=%d\n", op);
+		for (level = 0; level <= 50; level++) {
+			scan_trans2(&cli, op, level, fnum, dnum, fname);
+		}
+
+		for (level = 0x100; level <= 0x130; level++) {
+			scan_trans2(&cli, op, level, fnum, dnum, fname);
+		}
+
+		for (level = 1000; level < 1050; level++) {
+			scan_trans2(&cli, op, level, fnum, dnum, fname);
+		}
+	}
+
+	torture_close_connection(&cli);
+
+	printf("trans2 scan finished\n");
+	return True;
+}
+
+
+
+
+/****************************************************************************
+look for a partial hit
+****************************************************************************/
+static void nttrans_check_hit(char *format, int op, int level, NTSTATUS status)
+{
+	if (NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_INVALID_LEVEL) ||
+	    NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_NOT_IMPLEMENTED) ||
+	    NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_NOT_SUPPORTED) ||
+	    NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_UNSUCCESSFUL) ||
+	    NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_INVALID_INFO_CLASS)) {
+		return;
+	}
+#if VERBOSE
+		printf("possible %s hit op=%3d level=%5d status=%s\n",
+		       format, op, level, nt_errstr(status));
+#endif
+}
+
+/****************************************************************************
+check for existance of a nttrans call
+****************************************************************************/
+static NTSTATUS try_nttrans(struct cli_state *cli, 
+			 int op,
+			 char *param, char *data,
+			 int param_len, int data_len,
+			 int *rparam_len, int *rdata_len)
+{
+	char *rparam=NULL, *rdata=NULL;
+
+	if (!cli_send_nt_trans(cli, op, 
+			       0,   
+			       NULL, 0, 0,
+			       param, param_len, 2,            /* param, length, max */
+			       data, data_len, cli->max_xmit   /* data, length, max */
+                           )) {
+		return cli_nt_error(cli);
+	}
+
+	cli_receive_nt_trans(cli,
+			     &rparam, rparam_len,
+			     &rdata, rdata_len);
+
+	SAFE_FREE(rdata);
+	SAFE_FREE(rparam);
+
+	return cli_nt_error(cli);
+}
+
+
+static NTSTATUS try_nttrans_len(struct cli_state *cli, 
+			     char *format,
+			     int op, int level,
+			     char *param, char *data,
+			     int param_len, int *data_len,
+			     int *rparam_len, int *rdata_len)
+{
+	NTSTATUS ret=NT_STATUS_OK;
+
+	ret = try_nttrans(cli, op, param, data, param_len,
+			 sizeof(pstring), rparam_len, rdata_len);
+#if VERBOSE 
+	printf("op=%d level=%d ret=%s\n", op, level, nt_errstr(ret));
+#endif
+	if (!NT_STATUS_IS_OK(ret)) return ret;
+
+	*data_len = 0;
+	while (*data_len < sizeof(pstring)) {
+		ret = try_nttrans(cli, op, param, data, param_len,
+				 *data_len, rparam_len, rdata_len);
+		if (NT_STATUS_IS_OK(ret)) break;
+		*data_len += 2;
+	}
+	if (NT_STATUS_IS_OK(ret)) {
+		printf("found %s level=%d data_len=%d rparam_len=%d rdata_len=%d\n",
+		       format, level, *data_len, *rparam_len, *rdata_len);
+	} else {
+		nttrans_check_hit(format, op, level, ret);
+	}
+	return ret;
+}
+
+/****************************************************************************
+check for existance of a nttrans call
+****************************************************************************/
+static BOOL scan_nttrans(struct cli_state *cli, int op, int level, 
+			int fnum, int dnum, char *fname)
+{
+	int data_len = 0;
+	int param_len = 0;
+	int rparam_len, rdata_len;
+	pstring param, data;
+	NTSTATUS status;
+
+	memset(data, 0, sizeof(data));
+	data_len = 4;
+
+	/* try with a info level only */
+	param_len = 2;
+	SSVAL(param, 0, level);
+	status = try_nttrans_len(cli, "void", op, level, param, data, param_len, &data_len, 
+			    &rparam_len, &rdata_len);
+	if (NT_STATUS_IS_OK(status)) return True;
+
+	/* try with a file descriptor */
+	param_len = 6;
+	SSVAL(param, 0, fnum);
+	SSVAL(param, 2, level);
+	SSVAL(param, 4, 0);
+	status = try_nttrans_len(cli, "fnum", op, level, param, data, param_len, &data_len, 
+				&rparam_len, &rdata_len);
+	if (NT_STATUS_IS_OK(status)) return True;
+
+
+	/* try with a notify style */
+	param_len = 6;
+	SSVAL(param, 0, dnum);
+	SSVAL(param, 2, dnum);
+	SSVAL(param, 4, level);
+	status = try_nttrans_len(cli, "notify", op, level, param, data, param_len, &data_len, 
+				&rparam_len, &rdata_len);
+	if (NT_STATUS_IS_OK(status)) return True;
+
+	/* try with a file name */
+	param_len = 6;
+	SSVAL(param, 0, level);
+	SSVAL(param, 2, 0);
+	SSVAL(param, 4, 0);
+	param_len += clistr_push(cli, &param[6], fname, -1, STR_TERMINATE);
+
+	status = try_nttrans_len(cli, "fname", op, level, param, data, param_len, &data_len, 
+				&rparam_len, &rdata_len);
+	if (NT_STATUS_IS_OK(status)) return True;
+
+	/* try with a new file name */
+	param_len = 6;
+	SSVAL(param, 0, level);
+	SSVAL(param, 2, 0);
+	SSVAL(param, 4, 0);
+	param_len += clistr_push(cli, &param[6], "\\newfile.dat", -1, STR_TERMINATE);
+
+	status = try_nttrans_len(cli, "newfile", op, level, param, data, param_len, &data_len, 
+				&rparam_len, &rdata_len);
+	cli_unlink(cli, "\\newfile.dat");
+	cli_rmdir(cli, "\\newfile.dat");
+	if (NT_STATUS_IS_OK(status)) return True;
+
+	/* try dfs style  */
+	cli_mkdir(cli, "\\testdir");
+	param_len = 2;
+	SSVAL(param, 0, level);
+	param_len += clistr_push(cli, &param[2], "\\testdir", -1, STR_TERMINATE);
+
+	status = try_nttrans_len(cli, "dfs", op, level, param, data, param_len, &data_len, 
+				&rparam_len, &rdata_len);
+	cli_rmdir(cli, "\\testdir");
+	if (NT_STATUS_IS_OK(status)) return True;
+
+	return False;
+}
+
+
+BOOL torture_nttrans_scan(int dummy)
+{
+	static struct cli_state cli;
+	int op, level;
+	char *fname = "\\scanner.dat";
+	int fnum, dnum;
+
+	printf("starting nttrans scan test\n");
+
+	if (!torture_open_connection(&cli)) {
+		return False;
+	}
+
+	fnum = cli_open(&cli, fname, O_RDWR | O_CREAT | O_TRUNC, 
+			 DENY_NONE);
+	dnum = cli_open(&cli, "\\", O_RDONLY, DENY_NONE);
+
+	for (op=OP_MIN; op<=OP_MAX; op++) {
+		printf("Scanning op=%d\n", op);
+		for (level = 0; level <= 50; level++) {
+			scan_nttrans(&cli, op, level, fnum, dnum, fname);
+		}
+
+		for (level = 0x100; level <= 0x130; level++) {
+			scan_nttrans(&cli, op, level, fnum, dnum, fname);
+		}
+
+		for (level = 1000; level < 1050; level++) {
+			scan_nttrans(&cli, op, level, fnum, dnum, fname);
+		}
+	}
+
+	torture_close_connection(&cli);
+
+	printf("nttrans scan finished\n");
+	return True;
+}
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
new file mode 100644
index 0000000000..29eeb802ff
--- /dev/null
+++ b/source3/torture/torture.c
@@ -0,0 +1,3920 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB torture tester
+   Copyright (C) Andrew Tridgell 1997-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#define NO_SYSLOG
+
+#include "includes.h"
+
+static fstring host, workgroup, share, password, username, myname;
+static int max_protocol = PROTOCOL_NT1;
+static char *sockops="TCP_NODELAY";
+static int nprocs=1, numops=100;
+static int procnum; /* records process count number when forking */
+static struct cli_state current_cli;
+static fstring randomfname;
+static BOOL use_oplocks;
+static BOOL use_level_II_oplocks;
+static char *client_txt = "client_oplocks.txt";
+static BOOL use_kerberos;
+
+BOOL torture_showall = False;
+
+static double create_procs(BOOL (*fn)(int), BOOL *result);
+
+
+static struct timeval tp1,tp2;
+
+void start_timer(void)
+{
+	gettimeofday(&tp1,NULL);
+}
+
+double end_timer(void)
+{
+	gettimeofday(&tp2,NULL);
+	return((tp2.tv_sec - tp1.tv_sec) + 
+	       (tp2.tv_usec - tp1.tv_usec)*1.0e-6);
+}
+
+
+/* return a pointer to a anonymous shared memory segment of size "size"
+   which will persist across fork() but will disappear when all processes
+   exit 
+
+   The memory is not zeroed 
+
+   This function uses system5 shared memory. It takes advantage of a property
+   that the memory is not destroyed if it is attached when the id is removed
+   */
+void *shm_setup(int size)
+{
+	int shmid;
+	void *ret;
+
+	shmid = shmget(IPC_PRIVATE, size, SHM_R | SHM_W);
+	if (shmid == -1) {
+		printf("can't get shared memory\n");
+		exit(1);
+	}
+	ret = (void *)shmat(shmid, 0, 0);
+	if (!ret || ret == (void *)-1) {
+		printf("can't attach to shared memory\n");
+		return NULL;
+	}
+	/* the following releases the ipc, but note that this process
+	   and all its children will still have access to the memory, its
+	   just that the shmid is no longer valid for other shm calls. This
+	   means we don't leave behind lots of shm segments after we exit 
+
+	   See Stevens "advanced programming in unix env" for details
+	   */
+	shmctl(shmid, IPC_RMID, 0);
+	
+	return ret;
+}
+
+
+static BOOL open_nbt_connection(struct cli_state *c)
+{
+	struct nmb_name called, calling;
+	struct in_addr ip;
+
+	ZERO_STRUCTP(c);
+
+	make_nmb_name(&calling, myname, 0x0);
+	make_nmb_name(&called , host, 0x20);
+
+        zero_ip(&ip);
+
+	if (!cli_initialise(c) || !cli_connect(c, host, &ip)) {
+		printf("Failed to connect with %s\n", host);
+		return False;
+	}
+
+	c->use_kerberos = use_kerberos;
+
+	c->timeout = 120000; /* set a really long timeout (2 minutes) */
+	if (use_oplocks) c->use_oplocks = True;
+	if (use_level_II_oplocks) c->use_level_II_oplocks = True;
+
+	if (!cli_session_request(c, &calling, &called)) {
+		printf("%s rejected the session\n",host);
+		cli_shutdown(c);
+		return False;
+	}
+
+	return True;
+}
+
+BOOL torture_open_connection(struct cli_state *c)
+{
+	ZERO_STRUCTP(c);
+
+	if (!open_nbt_connection(c)) {
+		return False;
+	}
+
+	if (!cli_negprot(c)) {
+		printf("%s rejected the negprot (%s)\n",host, cli_errstr(c));
+		cli_shutdown(c);
+		return False;
+	}
+
+	if (!cli_session_setup(c, username, 
+			       password, strlen(password),
+			       password, strlen(password),
+			       workgroup)) {
+		printf("%s rejected the sessionsetup (%s)\n", host, cli_errstr(c));
+		cli_shutdown(c);
+		return False;
+	}
+
+	if (!cli_send_tconX(c, share, "?????",
+			    password, strlen(password)+1)) {
+		printf("%s refused tree connect (%s)\n", host, cli_errstr(c));
+		cli_shutdown(c);
+		return False;
+	}
+
+	return True;
+}
+
+
+BOOL torture_close_connection(struct cli_state *c)
+{
+	BOOL ret = True;
+	if (!cli_tdis(c)) {
+		printf("tdis failed (%s)\n", cli_errstr(c));
+		ret = False;
+	}
+
+        cli_shutdown(c);
+
+	return ret;
+}
+
+
+/* check if the server produced the expected error code */
+static BOOL check_error(int line, struct cli_state *c, 
+			uint8 eclass, uint32 ecode, NTSTATUS nterr)
+{
+        if (cli_is_dos_error(c)) {
+                uint8 class;
+                uint32 num;
+
+                /* Check DOS error */
+
+                cli_dos_error(c, &class, &num);
+
+                if (eclass != class || ecode != num) {
+                        printf("unexpected error code class=%d code=%d\n", 
+                               (int)class, (int)num);
+                        printf(" expected %d/%d %s (line=%d)\n", 
+                               (int)eclass, (int)ecode, nt_errstr(nterr), line);
+                        return False;
+                }
+
+        } else {
+                NTSTATUS status;
+
+                /* Check NT error */
+
+                status = cli_nt_error(c);
+
+                if (NT_STATUS_V(nterr) != NT_STATUS_V(status)) {
+                        printf("unexpected error code %s\n", nt_errstr(status));
+                        printf(" expected %s (line=%d)\n", nt_errstr(nterr), line);
+                        return False;
+                }
+        }
+
+	return True;
+}
+
+
+static BOOL wait_lock(struct cli_state *c, int fnum, uint32 offset, uint32 len)
+{
+	while (!cli_lock(c, fnum, offset, len, -1, WRITE_LOCK)) {
+		if (!check_error(__LINE__, c, ERRDOS, ERRlock, NT_STATUS_LOCK_NOT_GRANTED)) return False;
+	}
+	return True;
+}
+
+
+static BOOL rw_torture(struct cli_state *c)
+{
+	char *lockfname = "\\torture.lck";
+	fstring fname;
+	int fnum;
+	int fnum2;
+	pid_t pid2, pid = getpid();
+	int i, j;
+	char buf[1024];
+	BOOL correct = True;
+
+	fnum2 = cli_open(c, lockfname, O_RDWR | O_CREAT | O_EXCL, 
+			 DENY_NONE);
+	if (fnum2 == -1)
+		fnum2 = cli_open(c, lockfname, O_RDWR, DENY_NONE);
+	if (fnum2 == -1) {
+		printf("open of %s failed (%s)\n", lockfname, cli_errstr(c));
+		return False;
+	}
+
+
+	for (i=0;i<numops;i++) {
+		unsigned n = (unsigned)sys_random()%10;
+		if (i % 10 == 0) {
+			printf("%d\r", i); fflush(stdout);
+		}
+		slprintf(fname, sizeof(fstring) - 1, "\\torture.%u", n);
+
+		if (!wait_lock(c, fnum2, n*sizeof(int), sizeof(int))) {
+			return False;
+		}
+
+		fnum = cli_open(c, fname, O_RDWR | O_CREAT | O_TRUNC, DENY_ALL);
+		if (fnum == -1) {
+			printf("open failed (%s)\n", cli_errstr(c));
+			correct = False;
+			break;
+		}
+
+		if (cli_write(c, fnum, 0, (char *)&pid, 0, sizeof(pid)) != sizeof(pid)) {
+			printf("write failed (%s)\n", cli_errstr(c));
+			correct = False;
+		}
+
+		for (j=0;j<50;j++) {
+			if (cli_write(c, fnum, 0, (char *)buf, 
+				      sizeof(pid)+(j*sizeof(buf)), 
+				      sizeof(buf)) != sizeof(buf)) {
+				printf("write failed (%s)\n", cli_errstr(c));
+				correct = False;
+			}
+		}
+
+		pid2 = 0;
+
+		if (cli_read(c, fnum, (char *)&pid2, 0, sizeof(pid)) != sizeof(pid)) {
+			printf("read failed (%s)\n", cli_errstr(c));
+			correct = False;
+		}
+
+		if (pid2 != pid) {
+			printf("data corruption!\n");
+			correct = False;
+		}
+
+		if (!cli_close(c, fnum)) {
+			printf("close failed (%s)\n", cli_errstr(c));
+			correct = False;
+		}
+
+		if (!cli_unlink(c, fname)) {
+			printf("unlink failed (%s)\n", cli_errstr(c));
+			correct = False;
+		}
+
+		if (!cli_unlock(c, fnum2, n*sizeof(int), sizeof(int))) {
+			printf("unlock failed (%s)\n", cli_errstr(c));
+			correct = False;
+		}
+	}
+
+	cli_close(c, fnum2);
+	cli_unlink(c, lockfname);
+
+	printf("%d\n", i);
+
+	return correct;
+}
+
+static BOOL run_torture(int dummy)
+{
+	struct cli_state cli;
+        BOOL ret;
+
+	cli = current_cli;
+
+	cli_sockopt(&cli, sockops);
+
+	ret = rw_torture(&cli);
+	
+	if (!torture_close_connection(&cli)) {
+		ret = False;
+	}
+
+	return ret;
+}
+
+static BOOL rw_torture3(struct cli_state *c, char *lockfname)
+{
+	int fnum = -1;
+	int i = 0;
+	char buf[131072];
+	char buf_rd[131072];
+	unsigned count;
+	unsigned countprev = 0;
+	ssize_t sent = 0;
+	BOOL correct = True;
+
+	srandom(1);
+	for (i = 0; i < sizeof(buf); i += sizeof(uint32))
+	{
+		SIVAL(buf, i, sys_random());
+	}
+
+	if (procnum == 0)
+	{
+		fnum = cli_open(c, lockfname, O_RDWR | O_CREAT | O_EXCL, 
+				 DENY_NONE);
+		if (fnum == -1) {
+			printf("first open read/write of %s failed (%s)\n",
+					lockfname, cli_errstr(c));
+			return False;
+		}
+	}
+	else
+	{
+		for (i = 0; i < 500 && fnum == -1; i++)
+		{
+			fnum = cli_open(c, lockfname, O_RDONLY, 
+					 DENY_NONE);
+			msleep(10);
+		}
+		if (fnum == -1) {
+			printf("second open read-only of %s failed (%s)\n",
+					lockfname, cli_errstr(c));
+			return False;
+		}
+	}
+
+	i = 0;
+	for (count = 0; count < sizeof(buf); count += sent)
+	{
+		if (count >= countprev) {
+			printf("%d %8d\r", i, count);
+			fflush(stdout);
+			i++;
+			countprev += (sizeof(buf) / 20);
+		}
+
+		if (procnum == 0)
+		{
+			sent = ((unsigned)sys_random()%(20))+ 1;
+			if (sent > sizeof(buf) - count)
+			{
+				sent = sizeof(buf) - count;
+			}
+
+			if (cli_write(c, fnum, 0, buf+count, count, (size_t)sent) != sent) {
+				printf("write failed (%s)\n", cli_errstr(c));
+				correct = False;
+			}
+		}
+		else
+		{
+			sent = cli_read(c, fnum, buf_rd+count, count,
+						  sizeof(buf)-count);
+			if (sent < 0)
+			{
+				printf("read failed offset:%d size:%d (%s)\n",
+						count, sizeof(buf)-count,
+						cli_errstr(c));
+				correct = False;
+				sent = 0;
+			}
+			if (sent > 0)
+			{
+				if (memcmp(buf_rd+count, buf+count, sent) != 0)
+				{
+					printf("read/write compare failed\n");
+					printf("offset: %d req %d recvd %d\n",
+						count, sizeof(buf)-count, sent);
+					correct = False;
+					break;
+				}
+			}
+		}
+
+	}
+
+	if (!cli_close(c, fnum)) {
+		printf("close failed (%s)\n", cli_errstr(c));
+		correct = False;
+	}
+
+	return correct;
+}
+
+static BOOL rw_torture2(struct cli_state *c1, struct cli_state *c2)
+{
+	char *lockfname = "\\torture2.lck";
+	int fnum1;
+	int fnum2;
+	int i;
+	uchar buf[131072];
+	uchar buf_rd[131072];
+	BOOL correct = True;
+	ssize_t bytes_read;
+
+	if (!cli_unlink(c1, lockfname)) {
+		printf("unlink failed (%s) (normal, this file should not exist)\n", cli_errstr(c1));
+	}
+
+	fnum1 = cli_open(c1, lockfname, O_RDWR | O_CREAT | O_EXCL, 
+			 DENY_NONE);
+	if (fnum1 == -1) {
+		printf("first open read/write of %s failed (%s)\n",
+				lockfname, cli_errstr(c1));
+		return False;
+	}
+	fnum2 = cli_open(c2, lockfname, O_RDONLY, 
+			 DENY_NONE);
+	if (fnum2 == -1) {
+		printf("second open read-only of %s failed (%s)\n",
+				lockfname, cli_errstr(c2));
+		cli_close(c1, fnum1);
+		return False;
+	}
+
+	for (i=0;i<numops;i++)
+	{
+		size_t buf_size = ((unsigned)sys_random()%(sizeof(buf)-1))+ 1;
+		if (i % 10 == 0) {
+			printf("%d\r", i); fflush(stdout);
+		}
+
+		generate_random_buffer(buf, buf_size, False);
+
+		if (cli_write(c1, fnum1, 0, buf, 0, buf_size) != buf_size) {
+			printf("write failed (%s)\n", cli_errstr(c1));
+			correct = False;
+		}
+
+		if ((bytes_read = cli_read(c2, fnum2, buf_rd, 0, buf_size)) != buf_size) {
+			printf("read failed (%s)\n", cli_errstr(c2));
+			printf("read %d, expected %d\n", bytes_read, buf_size); 
+			correct = False;
+		}
+
+		if (memcmp(buf_rd, buf, buf_size) != 0)
+		{
+			printf("read/write compare failed\n");
+			correct = False;
+		}
+	}
+
+	if (!cli_close(c2, fnum2)) {
+		printf("close failed (%s)\n", cli_errstr(c2));
+		correct = False;
+	}
+	if (!cli_close(c1, fnum1)) {
+		printf("close failed (%s)\n", cli_errstr(c1));
+		correct = False;
+	}
+
+	if (!cli_unlink(c1, lockfname)) {
+		printf("unlink failed (%s)\n", cli_errstr(c1));
+		correct = False;
+	}
+
+	return correct;
+}
+
+static BOOL run_readwritetest(int dummy)
+{
+	static struct cli_state cli1, cli2;
+	BOOL test1, test2;
+
+	if (!torture_open_connection(&cli1) || !torture_open_connection(&cli2)) {
+		return False;
+	}
+	cli_sockopt(&cli1, sockops);
+	cli_sockopt(&cli2, sockops);
+
+	printf("starting readwritetest\n");
+
+	test1 = rw_torture2(&cli1, &cli2);
+	printf("Passed readwritetest v1: %s\n", BOOLSTR(test1));
+
+	test2 = rw_torture2(&cli1, &cli1);
+	printf("Passed readwritetest v2: %s\n", BOOLSTR(test2));
+
+	if (!torture_close_connection(&cli1)) {
+		test1 = False;
+	}
+
+	if (!torture_close_connection(&cli2)) {
+		test2 = False;
+	}
+
+	return (test1 && test2);
+}
+
+static BOOL run_readwritemulti(int dummy)
+{
+	static struct cli_state cli;
+	BOOL test;
+
+	cli = current_cli;
+
+	cli_sockopt(&cli, sockops);
+
+	printf("run_readwritemulti: fname %s\n", randomfname);
+	test = rw_torture3(&cli, randomfname);
+
+	if (!torture_close_connection(&cli)) {
+		test = False;
+	}
+	
+	return test;
+}
+
+static BOOL run_readwritelarge(int dummy)
+{
+	static struct cli_state cli1;
+	int fnum1;
+	char *lockfname = "\\large.dat";
+	size_t fsize;
+	char buf[126*1024];
+	BOOL correct = True;
+ 
+	if (!torture_open_connection(&cli1)) {
+		return False;
+	}
+	cli_sockopt(&cli1, sockops);
+	memset(buf,'\0',sizeof(buf));
+	
+	cli1.max_xmit = 128*1024;
+	
+	printf("starting readwritelarge\n");
+ 
+	cli_unlink(&cli1, lockfname);
+
+	fnum1 = cli_open(&cli1, lockfname, O_RDWR | O_CREAT | O_EXCL, DENY_NONE);
+	if (fnum1 == -1) {
+		printf("open read/write of %s failed (%s)\n", lockfname, cli_errstr(&cli1));
+		return False;
+	}
+   
+	cli_write(&cli1, fnum1, 0, buf, 0, sizeof(buf));
+
+	if (!cli_qfileinfo(&cli1, fnum1, NULL, &fsize, NULL, NULL, NULL, NULL, NULL)) {
+		printf("qfileinfo failed (%s)\n", cli_errstr(&cli1));
+		correct = False;
+	}
+
+	if (fsize == sizeof(buf))
+		printf("readwritelarge test 1 succeeded (size = %x)\n", fsize);
+	else {
+		printf("readwritelarge test 1 failed (size = %x)\n", fsize);
+		correct = False;
+	}
+
+	if (!cli_close(&cli1, fnum1)) {
+		printf("close failed (%s)\n", cli_errstr(&cli1));
+		correct = False;
+	}
+
+	if (!cli_unlink(&cli1, lockfname)) {
+		printf("unlink failed (%s)\n", cli_errstr(&cli1));
+		correct = False;
+	}
+
+	fnum1 = cli_open(&cli1, lockfname, O_RDWR | O_CREAT | O_EXCL, DENY_NONE);
+	if (fnum1 == -1) {
+		printf("open read/write of %s failed (%s)\n", lockfname, cli_errstr(&cli1));
+		return False;
+	}
+	
+	cli1.max_xmit = 4*1024;
+	
+	cli_smbwrite(&cli1, fnum1, buf, 0, sizeof(buf));
+	
+	if (!cli_qfileinfo(&cli1, fnum1, NULL, &fsize, NULL, NULL, NULL, NULL, NULL)) {
+		printf("qfileinfo failed (%s)\n", cli_errstr(&cli1));
+		correct = False;
+	}
+
+	if (fsize == sizeof(buf))
+		printf("readwritelarge test 2 succeeded (size = %x)\n", fsize);
+	else {
+		printf("readwritelarge test 2 failed (size = %x)\n", fsize);
+		correct = False;
+	}
+
+#if 0
+	/* ToDo - set allocation. JRA */
+	if(!cli_set_allocation_size(&cli1, fnum1, 0)) {
+		printf("set allocation size to zero failed (%s)\n", cli_errstr(&cli1));
+		return False;
+	}
+	if (!cli_qfileinfo(&cli1, fnum1, NULL, &fsize, NULL, NULL, NULL, NULL, NULL)) {
+		printf("qfileinfo failed (%s)\n", cli_errstr(&cli1));
+		correct = False;
+	}
+	if (fsize != 0)
+		printf("readwritelarge test 3 (truncate test) succeeded (size = %x)\n", fsize);
+#endif
+
+	if (!cli_close(&cli1, fnum1)) {
+		printf("close failed (%s)\n", cli_errstr(&cli1));
+		correct = False;
+	}
+	
+	if (!torture_close_connection(&cli1)) {
+		correct = False;
+	}
+	return correct;
+	}
+
+int line_count = 0;
+int nbio_id;
+
+#define ival(s) strtol(s, NULL, 0)
+
+/* run a test that simulates an approximate netbench client load */
+static BOOL run_netbench(int client)
+{
+	struct cli_state cli;
+	int i;
+	fstring fname;
+	pstring line;
+	char cname[20];
+	FILE *f;
+	char *params[20];
+	BOOL correct = True;
+
+	cli = current_cli;
+
+	nbio_id = client;
+
+	cli_sockopt(&cli, sockops);
+
+	nb_setup(&cli);
+
+	slprintf(cname,sizeof(fname), "client%d", client);
+
+	f = fopen(client_txt, "r");
+
+	if (!f) {
+		perror(client_txt);
+		return False;
+	}
+
+	while (fgets(line, sizeof(line)-1, f)) {
+		line_count++;
+
+		line[strlen(line)-1] = 0;
+
+		/* printf("[%d] %s\n", line_count, line); */
+
+		all_string_sub(line,"client1", cname, sizeof(line));
+		
+		/* parse the command parameters */
+		params[0] = strtok(line," ");
+		i = 0;
+		while (params[i]) params[++i] = strtok(NULL," ");
+
+		params[i] = "";
+
+		if (i < 2) continue;
+
+		if (!strncmp(params[0],"SMB", 3)) {
+			printf("ERROR: You are using a dbench 1 load file\n");
+			exit(1);
+		}
+
+		if (!strcmp(params[0],"NTCreateX")) {
+			nb_createx(params[1], ival(params[2]), ival(params[3]), 
+				   ival(params[4]));
+		} else if (!strcmp(params[0],"Close")) {
+			nb_close(ival(params[1]));
+		} else if (!strcmp(params[0],"Rename")) {
+			nb_rename(params[1], params[2]);
+		} else if (!strcmp(params[0],"Unlink")) {
+			nb_unlink(params[1]);
+		} else if (!strcmp(params[0],"Deltree")) {
+			nb_deltree(params[1]);
+		} else if (!strcmp(params[0],"Rmdir")) {
+			nb_rmdir(params[1]);
+		} else if (!strcmp(params[0],"QUERY_PATH_INFORMATION")) {
+			nb_qpathinfo(params[1]);
+		} else if (!strcmp(params[0],"QUERY_FILE_INFORMATION")) {
+			nb_qfileinfo(ival(params[1]));
+		} else if (!strcmp(params[0],"QUERY_FS_INFORMATION")) {
+			nb_qfsinfo(ival(params[1]));
+		} else if (!strcmp(params[0],"FIND_FIRST")) {
+			nb_findfirst(params[1]);
+		} else if (!strcmp(params[0],"WriteX")) {
+			nb_writex(ival(params[1]), 
+				  ival(params[2]), ival(params[3]), ival(params[4]));
+		} else if (!strcmp(params[0],"ReadX")) {
+			nb_readx(ival(params[1]), 
+				  ival(params[2]), ival(params[3]), ival(params[4]));
+		} else if (!strcmp(params[0],"Flush")) {
+			nb_flush(ival(params[1]));
+		} else {
+			printf("Unknown operation %s\n", params[0]);
+			exit(1);
+		}
+	}
+	fclose(f);
+
+	nb_cleanup();
+
+	if (!torture_close_connection(&cli)) {
+		correct = False;
+	}
+	
+	return correct;
+}
+
+
+/* run a test that simulates an approximate netbench client load */
+static BOOL run_nbench(int dummy)
+{
+	double t;
+	BOOL correct = True;
+
+	nbio_shmem(nprocs);
+
+	nbio_id = -1;
+
+	signal(SIGALRM, nb_alarm);
+	alarm(1);
+	t = create_procs(run_netbench, &correct);
+	alarm(0);
+
+	printf("\nThroughput %g MB/sec\n", 
+	       1.0e-6 * nbio_total() / t);
+	return correct;
+}
+
+
+/*
+  This test checks for two things:
+
+  1) correct support for retaining locks over a close (ie. the server
+     must not use posix semantics)
+  2) support for lock timeouts
+ */
+static BOOL run_locktest1(int dummy)
+{
+	static struct cli_state cli1, cli2;
+	char *fname = "\\lockt1.lck";
+	int fnum1, fnum2, fnum3;
+	time_t t1, t2;
+
+	if (!torture_open_connection(&cli1) || !torture_open_connection(&cli2)) {
+		return False;
+	}
+	cli_sockopt(&cli1, sockops);
+	cli_sockopt(&cli2, sockops);
+
+	printf("starting locktest1\n");
+
+	cli_unlink(&cli1, fname);
+
+	fnum1 = cli_open(&cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	if (fnum1 == -1) {
+		printf("open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		return False;
+	}
+	fnum2 = cli_open(&cli1, fname, O_RDWR, DENY_NONE);
+	if (fnum2 == -1) {
+		printf("open2 of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		return False;
+	}
+	fnum3 = cli_open(&cli2, fname, O_RDWR, DENY_NONE);
+	if (fnum3 == -1) {
+		printf("open3 of %s failed (%s)\n", fname, cli_errstr(&cli2));
+		return False;
+	}
+
+	if (!cli_lock(&cli1, fnum1, 0, 4, 0, WRITE_LOCK)) {
+		printf("lock1 failed (%s)\n", cli_errstr(&cli1));
+		return False;
+	}
+
+
+	if (cli_lock(&cli2, fnum3, 0, 4, 0, WRITE_LOCK)) {
+		printf("lock2 succeeded! This is a locking bug\n");
+		return False;
+	} else {
+		if (!check_error(__LINE__, &cli2, ERRDOS, ERRlock, 
+				 NT_STATUS_LOCK_NOT_GRANTED)) return False;
+	}
+
+
+	printf("Testing lock timeouts\n");
+	t1 = time(NULL);
+	if (cli_lock(&cli2, fnum3, 0, 4, 10*1000, WRITE_LOCK)) {
+		printf("lock3 succeeded! This is a locking bug\n");
+		return False;
+	} else {
+		if (!check_error(__LINE__, &cli2, ERRDOS, ERRlock, 
+				 NT_STATUS_FILE_LOCK_CONFLICT)) return False;
+	}
+	t2 = time(NULL);
+
+	if (t2 - t1 < 5) {
+		printf("error: This server appears not to support timed lock requests\n");
+	}
+
+	if (!cli_close(&cli1, fnum2)) {
+		printf("close1 failed (%s)\n", cli_errstr(&cli1));
+		return False;
+	}
+
+	if (cli_lock(&cli2, fnum3, 0, 4, 0, WRITE_LOCK)) {
+		printf("lock4 succeeded! This is a locking bug\n");
+		return False;
+	} else {
+		if (!check_error(__LINE__, &cli2, ERRDOS, ERRlock, 
+				 NT_STATUS_FILE_LOCK_CONFLICT)) return False;
+	}
+
+	if (!cli_close(&cli1, fnum1)) {
+		printf("close2 failed (%s)\n", cli_errstr(&cli1));
+		return False;
+	}
+
+	if (!cli_close(&cli2, fnum3)) {
+		printf("close3 failed (%s)\n", cli_errstr(&cli2));
+		return False;
+	}
+
+	if (!cli_unlink(&cli1, fname)) {
+		printf("unlink failed (%s)\n", cli_errstr(&cli1));
+		return False;
+	}
+
+
+	if (!torture_close_connection(&cli1)) {
+		return False;
+	}
+
+	if (!torture_close_connection(&cli2)) {
+		return False;
+	}
+
+	printf("Passed locktest1\n");
+	return True;
+}
+
+/*
+ checks for correct tconX support
+ */
+static BOOL run_tcon_test(int dummy)
+{
+	static struct cli_state cli1;
+	char *fname = "\\tcontest.tmp";
+	int fnum1;
+	uint16 cnum;
+	char buf[4];
+
+	if (!torture_open_connection(&cli1)) {
+		return False;
+	}
+	cli_sockopt(&cli1, sockops);
+
+	printf("starting tcontest\n");
+
+	cli_unlink(&cli1, fname);
+
+	fnum1 = cli_open(&cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	if (fnum1 == -1)
+	{
+		printf("open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		return False;
+	}
+
+	cnum = cli1.cnum;
+
+	if (cli_write(&cli1, fnum1, 0, buf, 130, 4) != 4)
+	{
+		printf("write failed (%s)", cli_errstr(&cli1));
+		return False;
+	}
+
+	if (!cli_send_tconX(&cli1, share, "?????",
+			    password, strlen(password)+1)) {
+		printf("%s refused 2nd tree connect (%s)\n", host,
+		           cli_errstr(&cli1));
+		cli_shutdown(&cli1);
+		return False;
+	}
+
+	if (cli_write(&cli1, fnum1, 0, buf, 130, 4) == 4)
+	{
+		printf("write succeeded (%s)", cli_errstr(&cli1));
+		return False;
+	}
+
+	if (cli_close(&cli1, fnum1)) {
+		printf("close2 succeeded (%s)\n", cli_errstr(&cli1));
+		return False;
+	}
+
+	if (!cli_tdis(&cli1)) {
+		printf("tdis failed (%s)\n", cli_errstr(&cli1));
+		return False;
+	}
+
+	cli1.cnum = cnum;
+
+	if (!cli_close(&cli1, fnum1)) {
+		printf("close2 failed (%s)\n", cli_errstr(&cli1));
+		return False;
+	}
+
+	if (!torture_close_connection(&cli1)) {
+		return False;
+	}
+
+	printf("Passed tcontest\n");
+	return True;
+}
+
+
+/*
+  This test checks that 
+
+  1) the server supports multiple locking contexts on the one SMB
+  connection, distinguished by PID.  
+
+  2) the server correctly fails overlapping locks made by the same PID (this
+     goes against POSIX behaviour, which is why it is tricky to implement)
+
+  3) the server denies unlock requests by an incorrect client PID
+*/
+static BOOL run_locktest2(int dummy)
+{
+	static struct cli_state cli;
+	char *fname = "\\lockt2.lck";
+	int fnum1, fnum2, fnum3;
+	BOOL correct = True;
+
+	if (!torture_open_connection(&cli)) {
+		return False;
+	}
+
+	cli_sockopt(&cli, sockops);
+
+	printf("starting locktest2\n");
+
+	cli_unlink(&cli, fname);
+
+	cli_setpid(&cli, 1);
+
+	fnum1 = cli_open(&cli, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	if (fnum1 == -1) {
+		printf("open of %s failed (%s)\n", fname, cli_errstr(&cli));
+		return False;
+	}
+
+	fnum2 = cli_open(&cli, fname, O_RDWR, DENY_NONE);
+	if (fnum2 == -1) {
+		printf("open2 of %s failed (%s)\n", fname, cli_errstr(&cli));
+		return False;
+	}
+
+	cli_setpid(&cli, 2);
+
+	fnum3 = cli_open(&cli, fname, O_RDWR, DENY_NONE);
+	if (fnum3 == -1) {
+		printf("open3 of %s failed (%s)\n", fname, cli_errstr(&cli));
+		return False;
+	}
+
+	cli_setpid(&cli, 1);
+
+	if (!cli_lock(&cli, fnum1, 0, 4, 0, WRITE_LOCK)) {
+		printf("lock1 failed (%s)\n", cli_errstr(&cli));
+		return False;
+	}
+
+	if (cli_lock(&cli, fnum1, 0, 4, 0, WRITE_LOCK)) {
+		printf("WRITE lock1 succeeded! This is a locking bug\n");
+		correct = False;
+	} else {
+		if (!check_error(__LINE__, &cli, ERRDOS, ERRlock, 
+				 NT_STATUS_LOCK_NOT_GRANTED)) return False;
+	}
+
+	if (cli_lock(&cli, fnum2, 0, 4, 0, WRITE_LOCK)) {
+		printf("WRITE lock2 succeeded! This is a locking bug\n");
+		correct = False;
+	} else {
+		if (!check_error(__LINE__, &cli, ERRDOS, ERRlock, 
+				 NT_STATUS_LOCK_NOT_GRANTED)) return False;
+	}
+
+	if (cli_lock(&cli, fnum2, 0, 4, 0, READ_LOCK)) {
+		printf("READ lock2 succeeded! This is a locking bug\n");
+		correct = False;
+	} else {
+		if (!check_error(__LINE__, &cli, ERRDOS, ERRlock, 
+				 NT_STATUS_FILE_LOCK_CONFLICT)) return False;
+	}
+
+	if (!cli_lock(&cli, fnum1, 100, 4, 0, WRITE_LOCK)) {
+		printf("lock at 100 failed (%s)\n", cli_errstr(&cli));
+	}
+	cli_setpid(&cli, 2);
+	if (cli_unlock(&cli, fnum1, 100, 4)) {
+		printf("unlock at 100 succeeded! This is a locking bug\n");
+		correct = False;
+	}
+
+	if (cli_unlock(&cli, fnum1, 0, 4)) {
+		printf("unlock1 succeeded! This is a locking bug\n");
+		correct = False;
+	} else {
+		if (!check_error(__LINE__, &cli, 
+				 ERRDOS, ERRlock, 
+				 NT_STATUS_RANGE_NOT_LOCKED)) return False;
+	}
+
+	if (cli_unlock(&cli, fnum1, 0, 8)) {
+		printf("unlock2 succeeded! This is a locking bug\n");
+		correct = False;
+	} else {
+		if (!check_error(__LINE__, &cli, 
+				 ERRDOS, ERRlock, 
+				 NT_STATUS_RANGE_NOT_LOCKED)) return False;
+	}
+
+	if (cli_lock(&cli, fnum3, 0, 4, 0, WRITE_LOCK)) {
+		printf("lock3 succeeded! This is a locking bug\n");
+		correct = False;
+	} else {
+		if (!check_error(__LINE__, &cli, ERRDOS, ERRlock, NT_STATUS_LOCK_NOT_GRANTED)) return False;
+	}
+
+	cli_setpid(&cli, 1);
+
+	if (!cli_close(&cli, fnum1)) {
+		printf("close1 failed (%s)\n", cli_errstr(&cli));
+		return False;
+	}
+
+	if (!cli_close(&cli, fnum2)) {
+		printf("close2 failed (%s)\n", cli_errstr(&cli));
+		return False;
+	}
+
+	if (!cli_close(&cli, fnum3)) {
+		printf("close3 failed (%s)\n", cli_errstr(&cli));
+		return False;
+	}
+
+	if (!torture_close_connection(&cli)) {
+		correct = False;
+	}
+
+	printf("locktest2 finished\n");
+
+	return correct;
+}
+
+
+/*
+  This test checks that 
+
+  1) the server supports the full offset range in lock requests
+*/
+static BOOL run_locktest3(int dummy)
+{
+	static struct cli_state cli1, cli2;
+	char *fname = "\\lockt3.lck";
+	int fnum1, fnum2, i;
+	uint32 offset;
+	BOOL correct = True;
+
+#define NEXT_OFFSET offset += (~(uint32)0) / numops
+
+	if (!torture_open_connection(&cli1) || !torture_open_connection(&cli2)) {
+		return False;
+	}
+	cli_sockopt(&cli1, sockops);
+	cli_sockopt(&cli2, sockops);
+
+	printf("starting locktest3\n");
+
+	cli_unlink(&cli1, fname);
+
+	fnum1 = cli_open(&cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	if (fnum1 == -1) {
+		printf("open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		return False;
+	}
+	fnum2 = cli_open(&cli2, fname, O_RDWR, DENY_NONE);
+	if (fnum2 == -1) {
+		printf("open2 of %s failed (%s)\n", fname, cli_errstr(&cli2));
+		return False;
+	}
+
+	for (offset=i=0;i<numops;i++) {
+		NEXT_OFFSET;
+		if (!cli_lock(&cli1, fnum1, offset-1, 1, 0, WRITE_LOCK)) {
+			printf("lock1 %d failed (%s)\n", 
+			       i,
+			       cli_errstr(&cli1));
+			return False;
+		}
+
+		if (!cli_lock(&cli2, fnum2, offset-2, 1, 0, WRITE_LOCK)) {
+			printf("lock2 %d failed (%s)\n", 
+			       i,
+			       cli_errstr(&cli1));
+			return False;
+		}
+	}
+
+	for (offset=i=0;i<numops;i++) {
+		NEXT_OFFSET;
+
+		if (cli_lock(&cli1, fnum1, offset-2, 1, 0, WRITE_LOCK)) {
+			printf("error: lock1 %d succeeded!\n", i);
+			return False;
+		}
+
+		if (cli_lock(&cli2, fnum2, offset-1, 1, 0, WRITE_LOCK)) {
+			printf("error: lock2 %d succeeded!\n", i);
+			return False;
+		}
+
+		if (cli_lock(&cli1, fnum1, offset-1, 1, 0, WRITE_LOCK)) {
+			printf("error: lock3 %d succeeded!\n", i);
+			return False;
+		}
+
+		if (cli_lock(&cli2, fnum2, offset-2, 1, 0, WRITE_LOCK)) {
+			printf("error: lock4 %d succeeded!\n", i);
+			return False;
+		}
+	}
+
+	for (offset=i=0;i<numops;i++) {
+		NEXT_OFFSET;
+
+		if (!cli_unlock(&cli1, fnum1, offset-1, 1)) {
+			printf("unlock1 %d failed (%s)\n", 
+			       i,
+			       cli_errstr(&cli1));
+			return False;
+		}
+
+		if (!cli_unlock(&cli2, fnum2, offset-2, 1)) {
+			printf("unlock2 %d failed (%s)\n", 
+			       i,
+			       cli_errstr(&cli1));
+			return False;
+		}
+	}
+
+	if (!cli_close(&cli1, fnum1)) {
+		printf("close1 failed (%s)\n", cli_errstr(&cli1));
+		return False;
+	}
+
+	if (!cli_close(&cli2, fnum2)) {
+		printf("close2 failed (%s)\n", cli_errstr(&cli2));
+		return False;
+	}
+
+	if (!cli_unlink(&cli1, fname)) {
+		printf("unlink failed (%s)\n", cli_errstr(&cli1));
+		return False;
+	}
+
+	if (!torture_close_connection(&cli1)) {
+		correct = False;
+	}
+	
+	if (!torture_close_connection(&cli2)) {
+		correct = False;
+	}
+
+	printf("finished locktest3\n");
+
+	return correct;
+}
+
+#define EXPECTED(ret, v) if ((ret) != (v)) { \
+        printf("** "); correct = False; \
+        }
+
+/*
+  looks at overlapping locks
+*/
+static BOOL run_locktest4(int dummy)
+{
+	static struct cli_state cli1, cli2;
+	char *fname = "\\lockt4.lck";
+	int fnum1, fnum2, f;
+	BOOL ret;
+	char buf[1000];
+	BOOL correct = True;
+
+	if (!torture_open_connection(&cli1) || !torture_open_connection(&cli2)) {
+		return False;
+	}
+
+	cli_sockopt(&cli1, sockops);
+	cli_sockopt(&cli2, sockops);
+
+	printf("starting locktest4\n");
+
+	cli_unlink(&cli1, fname);
+
+	fnum1 = cli_open(&cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	fnum2 = cli_open(&cli2, fname, O_RDWR, DENY_NONE);
+
+	memset(buf, 0, sizeof(buf));
+
+	if (cli_write(&cli1, fnum1, 0, buf, 0, sizeof(buf)) != sizeof(buf)) {
+		printf("Failed to create file\n");
+		correct = False;
+		goto fail;
+	}
+
+	ret = cli_lock(&cli1, fnum1, 0, 4, 0, WRITE_LOCK) &&
+	      cli_lock(&cli1, fnum1, 2, 4, 0, WRITE_LOCK);
+	EXPECTED(ret, False);
+	printf("the same process %s set overlapping write locks\n", ret?"can":"cannot");
+	    
+	ret = cli_lock(&cli1, fnum1, 10, 4, 0, READ_LOCK) &&
+	      cli_lock(&cli1, fnum1, 12, 4, 0, READ_LOCK);
+	EXPECTED(ret, True);
+	printf("the same process %s set overlapping read locks\n", ret?"can":"cannot");
+
+	ret = cli_lock(&cli1, fnum1, 20, 4, 0, WRITE_LOCK) &&
+	      cli_lock(&cli2, fnum2, 22, 4, 0, WRITE_LOCK);
+	EXPECTED(ret, False);
+	printf("a different connection %s set overlapping write locks\n", ret?"can":"cannot");
+	    
+	ret = cli_lock(&cli1, fnum1, 30, 4, 0, READ_LOCK) &&
+	      cli_lock(&cli2, fnum2, 32, 4, 0, READ_LOCK);
+	EXPECTED(ret, True);
+	printf("a different connection %s set overlapping read locks\n", ret?"can":"cannot");
+	
+	ret = (cli_setpid(&cli1, 1), cli_lock(&cli1, fnum1, 40, 4, 0, WRITE_LOCK)) &&
+	      (cli_setpid(&cli1, 2), cli_lock(&cli1, fnum1, 42, 4, 0, WRITE_LOCK));
+	EXPECTED(ret, False);
+	printf("a different pid %s set overlapping write locks\n", ret?"can":"cannot");
+	    
+	ret = (cli_setpid(&cli1, 1), cli_lock(&cli1, fnum1, 50, 4, 0, READ_LOCK)) &&
+	      (cli_setpid(&cli1, 2), cli_lock(&cli1, fnum1, 52, 4, 0, READ_LOCK));
+	EXPECTED(ret, True);
+	printf("a different pid %s set overlapping read locks\n", ret?"can":"cannot");
+
+	ret = cli_lock(&cli1, fnum1, 60, 4, 0, READ_LOCK) &&
+	      cli_lock(&cli1, fnum1, 60, 4, 0, READ_LOCK);
+	EXPECTED(ret, True);
+	printf("the same process %s set the same read lock twice\n", ret?"can":"cannot");
+
+	ret = cli_lock(&cli1, fnum1, 70, 4, 0, WRITE_LOCK) &&
+	      cli_lock(&cli1, fnum1, 70, 4, 0, WRITE_LOCK);
+	EXPECTED(ret, False);
+	printf("the same process %s set the same write lock twice\n", ret?"can":"cannot");
+
+	ret = cli_lock(&cli1, fnum1, 80, 4, 0, READ_LOCK) &&
+	      cli_lock(&cli1, fnum1, 80, 4, 0, WRITE_LOCK);
+	EXPECTED(ret, False);
+	printf("the same process %s overlay a read lock with a write lock\n", ret?"can":"cannot");
+
+	ret = cli_lock(&cli1, fnum1, 90, 4, 0, WRITE_LOCK) &&
+	      cli_lock(&cli1, fnum1, 90, 4, 0, READ_LOCK);
+	EXPECTED(ret, True);
+	printf("the same process %s overlay a write lock with a read lock\n", ret?"can":"cannot");
+
+	ret = (cli_setpid(&cli1, 1), cli_lock(&cli1, fnum1, 100, 4, 0, WRITE_LOCK)) &&
+	      (cli_setpid(&cli1, 2), cli_lock(&cli1, fnum1, 100, 4, 0, READ_LOCK));
+	EXPECTED(ret, False);
+	printf("a different pid %s overlay a write lock with a read lock\n", ret?"can":"cannot");
+
+	ret = cli_lock(&cli1, fnum1, 110, 4, 0, READ_LOCK) &&
+	      cli_lock(&cli1, fnum1, 112, 4, 0, READ_LOCK) &&
+	      cli_unlock(&cli1, fnum1, 110, 6);
+	EXPECTED(ret, False);
+	printf("the same process %s coalesce read locks\n", ret?"can":"cannot");
+
+
+	ret = cli_lock(&cli1, fnum1, 120, 4, 0, WRITE_LOCK) &&
+	      (cli_read(&cli2, fnum2, buf, 120, 4) == 4);
+	EXPECTED(ret, False);
+	printf("this server %s strict write locking\n", ret?"doesn't do":"does");
+
+	ret = cli_lock(&cli1, fnum1, 130, 4, 0, READ_LOCK) &&
+	      (cli_write(&cli2, fnum2, 0, buf, 130, 4) == 4);
+	EXPECTED(ret, False);
+	printf("this server %s strict read locking\n", ret?"doesn't do":"does");
+
+
+	ret = cli_lock(&cli1, fnum1, 140, 4, 0, READ_LOCK) &&
+	      cli_lock(&cli1, fnum1, 140, 4, 0, READ_LOCK) &&
+	      cli_unlock(&cli1, fnum1, 140, 4) &&
+	      cli_unlock(&cli1, fnum1, 140, 4);
+	EXPECTED(ret, True);
+	printf("this server %s do recursive read locking\n", ret?"does":"doesn't");
+
+
+	ret = cli_lock(&cli1, fnum1, 150, 4, 0, WRITE_LOCK) &&
+	      cli_lock(&cli1, fnum1, 150, 4, 0, READ_LOCK) &&
+	      cli_unlock(&cli1, fnum1, 150, 4) &&
+	      (cli_read(&cli2, fnum2, buf, 150, 4) == 4) &&
+	      !(cli_write(&cli2, fnum2, 0, buf, 150, 4) == 4) &&
+	      cli_unlock(&cli1, fnum1, 150, 4);
+	EXPECTED(ret, True);
+	printf("this server %s do recursive lock overlays\n", ret?"does":"doesn't");
+
+	ret = cli_lock(&cli1, fnum1, 160, 4, 0, READ_LOCK) &&
+	      cli_unlock(&cli1, fnum1, 160, 4) &&
+	      (cli_write(&cli2, fnum2, 0, buf, 160, 4) == 4) &&		
+	      (cli_read(&cli2, fnum2, buf, 160, 4) == 4);		
+	EXPECTED(ret, True);
+	printf("the same process %s remove a read lock using write locking\n", ret?"can":"cannot");
+
+	ret = cli_lock(&cli1, fnum1, 170, 4, 0, WRITE_LOCK) &&
+	      cli_unlock(&cli1, fnum1, 170, 4) &&
+	      (cli_write(&cli2, fnum2, 0, buf, 170, 4) == 4) &&		
+	      (cli_read(&cli2, fnum2, buf, 170, 4) == 4);		
+	EXPECTED(ret, True);
+	printf("the same process %s remove a write lock using read locking\n", ret?"can":"cannot");
+
+	ret = cli_lock(&cli1, fnum1, 190, 4, 0, WRITE_LOCK) &&
+	      cli_lock(&cli1, fnum1, 190, 4, 0, READ_LOCK) &&
+	      cli_unlock(&cli1, fnum1, 190, 4) &&
+	      !(cli_write(&cli2, fnum2, 0, buf, 190, 4) == 4) &&		
+	      (cli_read(&cli2, fnum2, buf, 190, 4) == 4);		
+	EXPECTED(ret, True);
+	printf("the same process %s remove the first lock first\n", ret?"does":"doesn't");
+
+	cli_close(&cli1, fnum1);
+	cli_close(&cli2, fnum2);
+	fnum1 = cli_open(&cli1, fname, O_RDWR, DENY_NONE);
+	f = cli_open(&cli1, fname, O_RDWR, DENY_NONE);
+	ret = cli_lock(&cli1, fnum1, 0, 8, 0, READ_LOCK) &&
+	      cli_lock(&cli1, f, 0, 1, 0, READ_LOCK) &&
+	      cli_close(&cli1, fnum1) &&
+	      ((fnum1 = cli_open(&cli1, fname, O_RDWR, DENY_NONE)) != -1) &&
+	      cli_lock(&cli1, fnum1, 7, 1, 0, WRITE_LOCK);
+        cli_close(&cli1, f);
+	cli_close(&cli1, fnum1);
+	EXPECTED(ret, True);
+	printf("the server %s have the NT byte range lock bug\n", !ret?"does":"doesn't");
+
+ fail:
+	cli_close(&cli1, fnum1);
+	cli_close(&cli2, fnum2);
+	cli_unlink(&cli1, fname);
+	torture_close_connection(&cli1);
+	torture_close_connection(&cli2);
+
+	printf("finished locktest4\n");
+	return correct;
+}
+
+/*
+  looks at lock upgrade/downgrade.
+*/
+static BOOL run_locktest5(int dummy)
+{
+	static struct cli_state cli1, cli2;
+	char *fname = "\\lockt5.lck";
+	int fnum1, fnum2, fnum3;
+	BOOL ret;
+	char buf[1000];
+	BOOL correct = True;
+
+	if (!torture_open_connection(&cli1) || !torture_open_connection(&cli2)) {
+		return False;
+	}
+
+	cli_sockopt(&cli1, sockops);
+	cli_sockopt(&cli2, sockops);
+
+	printf("starting locktest5\n");
+
+	cli_unlink(&cli1, fname);
+
+	fnum1 = cli_open(&cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	fnum2 = cli_open(&cli2, fname, O_RDWR, DENY_NONE);
+	fnum3 = cli_open(&cli1, fname, O_RDWR, DENY_NONE);
+
+	memset(buf, 0, sizeof(buf));
+
+	if (cli_write(&cli1, fnum1, 0, buf, 0, sizeof(buf)) != sizeof(buf)) {
+		printf("Failed to create file\n");
+		correct = False;
+		goto fail;
+	}
+
+	/* Check for NT bug... */
+	ret = cli_lock(&cli1, fnum1, 0, 8, 0, READ_LOCK) &&
+		  cli_lock(&cli1, fnum3, 0, 1, 0, READ_LOCK);
+	cli_close(&cli1, fnum1);
+	fnum1 = cli_open(&cli1, fname, O_RDWR, DENY_NONE);
+	ret = cli_lock(&cli1, fnum1, 7, 1, 0, WRITE_LOCK);
+	EXPECTED(ret, True);
+	printf("this server %s the NT locking bug\n", ret ? "doesn't have" : "has");
+	cli_close(&cli1, fnum1);
+	fnum1 = cli_open(&cli1, fname, O_RDWR, DENY_NONE);
+	cli_unlock(&cli1, fnum3, 0, 1);
+
+	ret = cli_lock(&cli1, fnum1, 0, 4, 0, WRITE_LOCK) &&
+	      cli_lock(&cli1, fnum1, 1, 1, 0, READ_LOCK);
+	EXPECTED(ret, True);
+	printf("the same process %s overlay a write with a read lock\n", ret?"can":"cannot");
+
+	ret = cli_lock(&cli2, fnum2, 0, 4, 0, READ_LOCK);
+	EXPECTED(ret, False);
+
+	printf("a different processs %s get a read lock on the first process lock stack\n", ret?"can":"cannot");
+
+	/* Unlock the process 2 lock. */
+	cli_unlock(&cli2, fnum2, 0, 4);
+
+	ret = cli_lock(&cli1, fnum3, 0, 4, 0, READ_LOCK);
+	EXPECTED(ret, False);
+
+	printf("the same processs on a different fnum %s get a read lock\n", ret?"can":"cannot");
+
+	/* Unlock the process 1 fnum3 lock. */
+	cli_unlock(&cli1, fnum3, 0, 4);
+
+	/* Stack 2 more locks here. */
+	ret = cli_lock(&cli1, fnum1, 0, 4, 0, READ_LOCK) &&
+		  cli_lock(&cli1, fnum1, 0, 4, 0, READ_LOCK);
+
+	EXPECTED(ret, True);
+	printf("the same process %s stack read locks\n", ret?"can":"cannot");
+
+	/* Unlock the first process lock, then check this was the WRITE lock that was
+		removed. */
+
+	ret = cli_unlock(&cli1, fnum1, 0, 4) &&
+			cli_lock(&cli2, fnum2, 0, 4, 0, READ_LOCK);
+
+	EXPECTED(ret, True);
+	printf("the first unlock removes the %s lock\n", ret?"WRITE":"READ");
+
+	/* Unlock the process 2 lock. */
+	cli_unlock(&cli2, fnum2, 0, 4);
+
+	/* We should have 3 stacked locks here. Ensure we need to do 3 unlocks. */
+
+	ret = cli_unlock(&cli1, fnum1, 1, 1) &&
+		  cli_unlock(&cli1, fnum1, 0, 4) &&
+		  cli_unlock(&cli1, fnum1, 0, 4);
+
+	EXPECTED(ret, True);
+	printf("the same process %s unlock the stack of 4 locks\n", ret?"can":"cannot"); 
+
+	/* Ensure the next unlock fails. */
+	ret = cli_unlock(&cli1, fnum1, 0, 4);
+	EXPECTED(ret, False);
+	printf("the same process %s count the lock stack\n", !ret?"can":"cannot"); 
+
+	/* Ensure connection 2 can get a write lock. */
+	ret = cli_lock(&cli2, fnum2, 0, 4, 0, WRITE_LOCK);
+	EXPECTED(ret, True);
+
+	printf("a different processs %s get a write lock on the unlocked stack\n", ret?"can":"cannot");
+
+
+ fail:
+	cli_close(&cli1, fnum1);
+	cli_close(&cli2, fnum2);
+	cli_unlink(&cli1, fname);
+	if (!torture_close_connection(&cli1)) {
+		correct = False;
+	}
+	if (!torture_close_connection(&cli2)) {
+		correct = False;
+	}
+
+	printf("finished locktest5\n");
+       
+	return correct;
+}
+
+/*
+  tries the unusual lockingX locktype bits
+*/
+static BOOL run_locktest6(int dummy)
+{
+	static struct cli_state cli;
+	char *fname[1] = { "\\lock6.txt" };
+	int i;
+	int fnum;
+	NTSTATUS status;
+
+	if (!torture_open_connection(&cli)) {
+		return False;
+	}
+
+	cli_sockopt(&cli, sockops);
+
+	printf("starting locktest6\n");
+
+	for (i=0;i<1;i++) {
+		printf("Testing %s\n", fname[i]);
+
+		cli_unlink(&cli, fname[i]);
+
+		fnum = cli_open(&cli, fname[i], O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+		status = cli_locktype(&cli, fnum, 0, 8, 0, LOCKING_ANDX_CHANGE_LOCKTYPE);
+		cli_close(&cli, fnum);
+		printf("CHANGE_LOCKTYPE gave %s\n", nt_errstr(status));
+
+		fnum = cli_open(&cli, fname[i], O_RDWR, DENY_NONE);
+		status = cli_locktype(&cli, fnum, 0, 8, 0, LOCKING_ANDX_CANCEL_LOCK);
+		cli_close(&cli, fnum);
+		printf("CANCEL_LOCK gave %s\n", nt_errstr(status));
+
+		cli_unlink(&cli, fname[i]);
+	}
+
+	torture_close_connection(&cli);
+
+	printf("finished locktest6\n");
+	return True;
+}
+
+/*
+test whether fnums and tids open on one VC are available on another (a major
+security hole)
+*/
+static BOOL run_fdpasstest(int dummy)
+{
+	static struct cli_state cli1, cli2, cli3;
+	char *fname = "\\fdpass.tst";
+	int fnum1;
+	pstring buf;
+
+	if (!torture_open_connection(&cli1) || !torture_open_connection(&cli2)) {
+		return False;
+	}
+	cli_sockopt(&cli1, sockops);
+	cli_sockopt(&cli2, sockops);
+
+	printf("starting fdpasstest\n");
+
+	cli_unlink(&cli1, fname);
+
+	fnum1 = cli_open(&cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	if (fnum1 == -1) {
+		printf("open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		return False;
+	}
+
+	if (cli_write(&cli1, fnum1, 0, "hello world\n", 0, 13) != 13) {
+		printf("write failed (%s)\n", cli_errstr(&cli1));
+		return False;
+	}
+
+	cli3 = cli2;
+	cli3.vuid = cli1.vuid;
+	cli3.cnum = cli1.cnum;
+	cli3.pid = cli1.pid;
+
+	if (cli_read(&cli3, fnum1, buf, 0, 13) == 13) {
+		printf("read succeeded! nasty security hole [%s]\n",
+		       buf);
+		return False;
+	}
+
+	cli_close(&cli1, fnum1);
+	cli_unlink(&cli1, fname);
+
+	torture_close_connection(&cli1);
+	torture_close_connection(&cli2);
+
+	printf("finished fdpasstest\n");
+	return True;
+}
+
+
+/*
+  This test checks that 
+
+  1) the server does not allow an unlink on a file that is open
+*/
+static BOOL run_unlinktest(int dummy)
+{
+	static struct cli_state cli;
+	char *fname = "\\unlink.tst";
+	int fnum;
+	BOOL correct = True;
+
+	if (!torture_open_connection(&cli)) {
+		return False;
+	}
+
+	cli_sockopt(&cli, sockops);
+
+	printf("starting unlink test\n");
+
+	cli_unlink(&cli, fname);
+
+	cli_setpid(&cli, 1);
+
+	fnum = cli_open(&cli, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	if (fnum == -1) {
+		printf("open of %s failed (%s)\n", fname, cli_errstr(&cli));
+		return False;
+	}
+
+	if (cli_unlink(&cli, fname)) {
+		printf("error: server allowed unlink on an open file\n");
+		correct = False;
+	} else {
+		correct = check_error(__LINE__, &cli, ERRDOS, ERRbadshare, 
+				      NT_STATUS_SHARING_VIOLATION);
+	}
+
+	cli_close(&cli, fnum);
+	cli_unlink(&cli, fname);
+
+	if (!torture_close_connection(&cli)) {
+		correct = False;
+	}
+
+	printf("unlink test finished\n");
+	
+	return correct;
+}
+
+
+/*
+test how many open files this server supports on the one socket
+*/
+static BOOL run_maxfidtest(int dummy)
+{
+	static struct cli_state cli;
+	char *template = "\\maxfid.%d.%d";
+	fstring fname;
+	int fnums[0x11000], i;
+	int retries=4;
+	BOOL correct = True;
+
+	cli = current_cli;
+
+	if (retries <= 0) {
+		printf("failed to connect\n");
+		return False;
+	}
+
+	cli_sockopt(&cli, sockops);
+
+	for (i=0; i<0x11000; i++) {
+		slprintf(fname,sizeof(fname)-1,template, i,(int)getpid());
+		if ((fnums[i] = cli_open(&cli, fname, 
+					O_RDWR|O_CREAT|O_TRUNC, DENY_NONE)) ==
+		    -1) {
+			printf("open of %s failed (%s)\n", 
+			       fname, cli_errstr(&cli));
+			printf("maximum fnum is %d\n", i);
+			break;
+		}
+		printf("%6d\r", i);
+	}
+	printf("%6d\n", i);
+	i--;
+
+	printf("cleaning up\n");
+	for (;i>=0;i--) {
+		slprintf(fname,sizeof(fname)-1,template, i,(int)getpid());
+		cli_close(&cli, fnums[i]);
+		if (!cli_unlink(&cli, fname)) {
+			printf("unlink of %s failed (%s)\n", 
+			       fname, cli_errstr(&cli));
+			correct = False;
+		}
+		printf("%6d\r", i);
+	}
+	printf("%6d\n", 0);
+
+	printf("maxfid test finished\n");
+	if (!torture_close_connection(&cli)) {
+		correct = False;
+	}
+	return correct;
+}
+
+/* generate a random buffer */
+static void rand_buf(char *buf, int len)
+{
+	while (len--) {
+		*buf = (char)sys_random();
+		buf++;
+	}
+}
+
+/* send smb negprot commands, not reading the response */
+static BOOL run_negprot_nowait(int dummy)
+{
+	int i;
+	static struct cli_state cli;
+	BOOL correct = True;
+
+	printf("starting negprot nowait test\n");
+
+	if (!open_nbt_connection(&cli)) {
+		return False;
+	}
+
+	for (i=0;i<50000;i++) {
+		cli_negprot_send(&cli);
+	}
+
+	if (!torture_close_connection(&cli)) {
+		correct = False;
+	}
+
+	printf("finished negprot nowait test\n");
+
+	return correct;
+}
+
+
+/* send random IPC commands */
+static BOOL run_randomipc(int dummy)
+{
+	char *rparam = NULL;
+	char *rdata = NULL;
+	int rdrcnt,rprcnt;
+	pstring param;
+	int api, param_len, i;
+	static struct cli_state cli;
+	BOOL correct = True;
+	int count = 50000;
+
+	printf("starting random ipc test\n");
+
+	if (!torture_open_connection(&cli)) {
+		return False;
+	}
+
+	for (i=0;i<count;i++) {
+		api = sys_random() % 500;
+		param_len = (sys_random() % 64);
+
+		rand_buf(param, param_len);
+  
+		SSVAL(param,0,api); 
+
+		cli_api(&cli, 
+			param, param_len, 8,  
+			NULL, 0, BUFFER_SIZE, 
+			&rparam, &rprcnt,     
+			&rdata, &rdrcnt);
+		if (i % 100 == 0) {
+			printf("%d/%d\r", i,count);
+		}
+	}
+	printf("%d/%d\n", i, count);
+
+	if (!torture_close_connection(&cli)) {
+		correct = False;
+	}
+
+	printf("finished random ipc test\n");
+
+	return correct;
+}
+
+
+
+static void browse_callback(const char *sname, uint32 stype, 
+			    const char *comment, void *state)
+{
+	printf("\t%20.20s %08x %s\n", sname, stype, comment);
+}
+
+
+
+/*
+  This test checks the browse list code
+
+*/
+static BOOL run_browsetest(int dummy)
+{
+	static struct cli_state cli;
+	BOOL correct = True;
+
+	printf("starting browse test\n");
+
+	if (!torture_open_connection(&cli)) {
+		return False;
+	}
+
+	printf("domain list:\n");
+	cli_NetServerEnum(&cli, cli.server_domain, 
+			  SV_TYPE_DOMAIN_ENUM,
+			  browse_callback, NULL);
+
+	printf("machine list:\n");
+	cli_NetServerEnum(&cli, cli.server_domain, 
+			  SV_TYPE_ALL,
+			  browse_callback, NULL);
+
+	if (!torture_close_connection(&cli)) {
+		correct = False;
+	}
+
+	printf("browse test finished\n");
+
+	return correct;
+
+}
+
+
+/*
+  This checks how the getatr calls works
+*/
+static BOOL run_attrtest(int dummy)
+{
+	static struct cli_state cli;
+	int fnum;
+	time_t t, t2;
+	char *fname = "\\attrib.tst";
+	BOOL correct = True;
+
+	printf("starting attrib test\n");
+
+	if (!torture_open_connection(&cli)) {
+		return False;
+	}
+
+	cli_unlink(&cli, fname);
+	fnum = cli_open(&cli, fname, 
+			O_RDWR | O_CREAT | O_TRUNC, DENY_NONE);
+	cli_close(&cli, fnum);
+	if (!cli_getatr(&cli, fname, NULL, NULL, &t)) {
+		printf("getatr failed (%s)\n", cli_errstr(&cli));
+		correct = False;
+	}
+
+	if (abs(t - time(NULL)) > 60*60*24*10) {
+		printf("ERROR: SMBgetatr bug. time is %s",
+		       ctime(&t));
+		t = time(NULL);
+		correct = True;
+	}
+
+	t2 = t-60*60*24; /* 1 day ago */
+
+	if (!cli_setatr(&cli, fname, 0, t2)) {
+		printf("setatr failed (%s)\n", cli_errstr(&cli));
+		correct = True;
+	}
+
+	if (!cli_getatr(&cli, fname, NULL, NULL, &t)) {
+		printf("getatr failed (%s)\n", cli_errstr(&cli));
+		correct = True;
+	}
+
+	if (t != t2) {
+		printf("ERROR: getatr/setatr bug. times are\n%s",
+		       ctime(&t));
+		printf("%s", ctime(&t2));
+		correct = True;
+	}
+
+	cli_unlink(&cli, fname);
+
+	if (!torture_close_connection(&cli)) {
+		correct = False;
+	}
+
+	printf("attrib test finished\n");
+
+	return correct;
+}
+
+
+/*
+  This checks a couple of trans2 calls
+*/
+static BOOL run_trans2test(int dummy)
+{
+	static struct cli_state cli;
+	int fnum;
+	size_t size;
+	time_t c_time, a_time, m_time, w_time, m_time2;
+	char *fname = "\\trans2.tst";
+	char *dname = "\\trans2";
+	char *fname2 = "\\trans2\\trans2.tst";
+	pstring pname;
+	BOOL correct = True;
+
+	printf("starting trans2 test\n");
+
+	if (!torture_open_connection(&cli)) {
+		return False;
+	}
+
+	cli_unlink(&cli, fname);
+	fnum = cli_open(&cli, fname, 
+			O_RDWR | O_CREAT | O_TRUNC, DENY_NONE);
+	if (!cli_qfileinfo(&cli, fnum, NULL, &size, &c_time, &a_time, &m_time,
+			   NULL, NULL)) {
+		printf("ERROR: qfileinfo failed (%s)\n", cli_errstr(&cli));
+		correct = False;
+	}
+
+	if (!cli_qfilename(&cli, fnum, pname)) {
+		printf("ERROR: qfilename failed (%s)\n", cli_errstr(&cli));
+		correct = False;
+	}
+
+	if (strcmp(pname, fname)) {
+		printf("qfilename gave different name? [%s] [%s]\n",
+		       fname, pname);
+		correct = False;
+	}
+
+	cli_close(&cli, fnum);
+
+	sleep(2);
+
+	cli_unlink(&cli, fname);
+	fnum = cli_open(&cli, fname, 
+			O_RDWR | O_CREAT | O_TRUNC, DENY_NONE);
+	if (fnum == -1) {
+		printf("open of %s failed (%s)\n", fname, cli_errstr(&cli));
+		return False;
+	}
+	cli_close(&cli, fnum);
+
+	if (!cli_qpathinfo(&cli, fname, &c_time, &a_time, &m_time, &size, NULL)) {
+		printf("ERROR: qpathinfo failed (%s)\n", cli_errstr(&cli));
+		correct = False;
+	} else {
+		if (c_time != m_time) {
+			printf("create time=%s", ctime(&c_time));
+			printf("modify time=%s", ctime(&m_time));
+			printf("This system appears to have sticky create times\n");
+			correct = False;
+		}
+		if (a_time % (60*60) == 0) {
+			printf("access time=%s", ctime(&a_time));
+			printf("This system appears to set a midnight access time\n");
+			correct = False;
+		}
+
+		if (abs(m_time - time(NULL)) > 60*60*24*7) {
+			printf("ERROR: totally incorrect times - maybe word reversed? mtime=%s", ctime(&m_time));
+			correct = False;
+		}
+	}
+
+
+	cli_unlink(&cli, fname);
+	fnum = cli_open(&cli, fname, 
+			O_RDWR | O_CREAT | O_TRUNC, DENY_NONE);
+	cli_close(&cli, fnum);
+	if (!cli_qpathinfo2(&cli, fname, &c_time, &a_time, &m_time, 
+			    &w_time, &size, NULL, NULL)) {
+		printf("ERROR: qpathinfo2 failed (%s)\n", cli_errstr(&cli));
+		correct = False;
+	} else {
+		if (w_time < 60*60*24*2) {
+			printf("write time=%s", ctime(&w_time));
+			printf("This system appears to set a initial 0 write time\n");
+			correct = False;
+		}
+	}
+
+	cli_unlink(&cli, fname);
+
+
+	/* check if the server updates the directory modification time
+           when creating a new file */
+	if (!cli_mkdir(&cli, dname)) {
+		printf("ERROR: mkdir failed (%s)\n", cli_errstr(&cli));
+		correct = False;
+	}
+	sleep(3);
+	if (!cli_qpathinfo2(&cli, "\\trans2\\", &c_time, &a_time, &m_time, 
+			    &w_time, &size, NULL, NULL)) {
+		printf("ERROR: qpathinfo2 failed (%s)\n", cli_errstr(&cli));
+		correct = False;
+	}
+
+	fnum = cli_open(&cli, fname2, 
+			O_RDWR | O_CREAT | O_TRUNC, DENY_NONE);
+	cli_write(&cli, fnum,  0, (char *)&fnum, 0, sizeof(fnum));
+	cli_close(&cli, fnum);
+	if (!cli_qpathinfo2(&cli, "\\trans2\\", &c_time, &a_time, &m_time2, 
+			    &w_time, &size, NULL, NULL)) {
+		printf("ERROR: qpathinfo2 failed (%s)\n", cli_errstr(&cli));
+		correct = False;
+	} else {
+		if (m_time2 == m_time) {
+			printf("This system does not update directory modification times\n");
+			correct = False;
+		}
+	}
+	cli_unlink(&cli, fname2);
+	cli_rmdir(&cli, dname);
+
+	if (!torture_close_connection(&cli)) {
+		correct = False;
+	}
+
+	printf("trans2 test finished\n");
+
+	return correct;
+}
+
+/*
+  This checks new W2K calls.
+*/
+
+static BOOL new_trans(struct cli_state *pcli, int fnum, int level)
+{
+	char buf[4096];
+	BOOL correct = True;
+
+	memset(buf, 0xff, sizeof(buf));
+
+	if (!cli_qfileinfo_test(pcli, fnum, level, buf)) {
+		printf("ERROR: qfileinfo (%d) failed (%s)\n", level, cli_errstr(pcli));
+		correct = False;
+	} else {
+		printf("qfileinfo: level %d\n", level);
+		dump_data(0, buf, 256);
+		printf("\n");
+	}
+	return correct;
+}
+
+static BOOL run_w2ktest(int dummy)
+{
+	static struct cli_state cli;
+	int fnum;
+	char *fname = "\\w2ktest\\w2k.tst";
+	int level;
+	BOOL correct = True;
+
+	printf("starting w2k test\n");
+
+	if (!torture_open_connection(&cli)) {
+		return False;
+	}
+
+	fnum = cli_open(&cli, fname, 
+			O_RDWR | O_CREAT , DENY_NONE);
+
+	for (level = 1004; level < 1040; level++) {
+		new_trans(&cli, fnum, level);
+	}
+
+	cli_close(&cli, fnum);
+
+	if (!torture_close_connection(&cli)) {
+		correct = False;
+	}
+
+	printf("w2k test finished\n");
+	
+	return correct;
+}
+
+
+/*
+  this is a harness for some oplock tests
+ */
+static BOOL run_oplock1(int dummy)
+{
+	static struct cli_state cli1;
+	char *fname = "\\lockt1.lck";
+	int fnum1;
+	BOOL correct = True;
+
+	printf("starting oplock test 1\n");
+
+	if (!torture_open_connection(&cli1)) {
+		return False;
+	}
+
+	cli_unlink(&cli1, fname);
+
+	cli_sockopt(&cli1, sockops);
+
+	cli1.use_oplocks = True;
+
+	fnum1 = cli_open(&cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	if (fnum1 == -1) {
+		printf("open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		return False;
+	}
+
+	cli1.use_oplocks = False;
+
+	cli_unlink(&cli1, fname);
+	cli_unlink(&cli1, fname);
+
+	if (!cli_close(&cli1, fnum1)) {
+		printf("close2 failed (%s)\n", cli_errstr(&cli1));
+		return False;
+	}
+
+	if (!cli_unlink(&cli1, fname)) {
+		printf("unlink failed (%s)\n", cli_errstr(&cli1));
+		return False;
+	}
+
+	if (!torture_close_connection(&cli1)) {
+		correct = False;
+	}
+
+	printf("finished oplock test 1\n");
+
+	return correct;
+}
+
+static BOOL run_oplock2(int dummy)
+{
+	static struct cli_state cli1, cli2;
+	char *fname = "\\lockt2.lck";
+	int fnum1, fnum2;
+	int saved_use_oplocks = use_oplocks;
+	char buf[4];
+	BOOL correct = True;
+	volatile BOOL *shared_correct;
+
+	shared_correct = (volatile BOOL *)shm_setup(sizeof(BOOL));
+	*shared_correct = True;
+
+	use_level_II_oplocks = True;
+	use_oplocks = True;
+
+	printf("starting oplock test 2\n");
+
+	if (!torture_open_connection(&cli1)) {
+		use_level_II_oplocks = False;
+		use_oplocks = saved_use_oplocks;
+		return False;
+	}
+
+	cli1.use_oplocks = True;
+	cli1.use_level_II_oplocks = True;
+
+	if (!torture_open_connection(&cli2)) {
+		use_level_II_oplocks = False;
+		use_oplocks = saved_use_oplocks;
+		return False;
+	}
+
+	cli2.use_oplocks = True;
+	cli2.use_level_II_oplocks = True;
+
+	cli_unlink(&cli1, fname);
+
+	cli_sockopt(&cli1, sockops);
+	cli_sockopt(&cli2, sockops);
+
+	fnum1 = cli_open(&cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	if (fnum1 == -1) {
+		printf("open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		return False;
+	}
+
+	/* Don't need the globals any more. */
+	use_level_II_oplocks = False;
+	use_oplocks = saved_use_oplocks;
+
+	if (fork() == 0) {
+		/* Child code */
+		fnum2 = cli_open(&cli2, fname, O_RDWR, DENY_NONE);
+		if (fnum2 == -1) {
+			printf("second open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+			*shared_correct = False;
+			exit(0);
+		}
+
+		sleep(2);
+
+		if (!cli_close(&cli2, fnum2)) {
+			printf("close2 failed (%s)\n", cli_errstr(&cli1));
+			*shared_correct = False;
+		}
+
+		exit(0);
+	}
+
+	sleep(2);
+
+	/* Ensure cli1 processes the break. */
+
+	if (cli_read(&cli1, fnum1, buf, 0, 4) != 4) {
+		printf("read on fnum1 failed (%s)\n", cli_errstr(&cli1));
+		correct = False;
+	}
+
+	/* Should now be at level II. */
+	/* Test if sending a write locks causes a break to none. */
+
+	if (!cli_lock(&cli1, fnum1, 0, 4, 0, READ_LOCK)) {
+		printf("lock failed (%s)\n", cli_errstr(&cli1));
+		correct = False;
+	}
+
+	cli_unlock(&cli1, fnum1, 0, 4);
+
+	sleep(2);
+
+	if (!cli_lock(&cli1, fnum1, 0, 4, 0, WRITE_LOCK)) {
+		printf("lock failed (%s)\n", cli_errstr(&cli1));
+		correct = False;
+	}
+
+	cli_unlock(&cli1, fnum1, 0, 4);
+
+	sleep(2);
+
+	cli_read(&cli1, fnum1, buf, 0, 4);
+
+#if 0
+	if (cli_write(&cli1, fnum1, 0, buf, 0, 4) != 4) {
+		printf("write on fnum1 failed (%s)\n", cli_errstr(&cli1));
+		correct = False;
+	}
+#endif
+
+	if (!cli_close(&cli1, fnum1)) {
+		printf("close1 failed (%s)\n", cli_errstr(&cli1));
+		correct = False;
+	}
+
+	sleep(4);
+
+	if (!cli_unlink(&cli1, fname)) {
+		printf("unlink failed (%s)\n", cli_errstr(&cli1));
+		correct = False;
+	}
+
+	if (!torture_close_connection(&cli1)) {
+		correct = False;
+	}
+
+	if (!*shared_correct) {
+		correct = False;
+	}
+
+	printf("finished oplock test 2\n");
+
+	return correct;
+}
+
+/* handler for oplock 3 tests */
+static BOOL oplock3_handler(struct cli_state *cli, int fnum, unsigned char level)
+{
+	printf("got oplock break fnum=%d level=%d\n",
+	       fnum, level);
+	return cli_oplock_ack(cli, fnum, level);
+}
+
+static BOOL run_oplock3(int dummy)
+{
+	static struct cli_state cli;
+	char *fname = "\\oplockt3.dat";
+	int fnum;
+	char buf[4] = "abcd";
+	BOOL correct = True;
+	volatile BOOL *shared_correct;
+
+	shared_correct = (volatile BOOL *)shm_setup(sizeof(BOOL));
+	*shared_correct = True;
+
+	printf("starting oplock test 3\n");
+
+	if (fork() == 0) {
+		/* Child code */
+		use_oplocks = True;
+		use_level_II_oplocks = True;
+		if (!torture_open_connection(&cli)) {
+			*shared_correct = False;
+			exit(0);
+		} 
+		sleep(2);
+		/* try to trigger a oplock break in parent */
+		fnum = cli_open(&cli, fname, O_RDWR, DENY_NONE);
+		cli_write(&cli, fnum, 0, buf, 0, 4);
+		exit(0);
+	}
+
+	/* parent code */
+	use_oplocks = True;
+	use_level_II_oplocks = True;
+	if (!torture_open_connection(&cli)) { 
+		return False;
+	}
+	cli_oplock_handler(&cli, oplock3_handler);
+	fnum = cli_open(&cli, fname, O_RDWR|O_CREAT, DENY_NONE);
+	cli_write(&cli, fnum, 0, buf, 0, 4);
+	cli_close(&cli, fnum);
+	fnum = cli_open(&cli, fname, O_RDWR, DENY_NONE);
+	cli.timeout = 20000;
+	cli_receive_smb(&cli);
+	printf("finished oplock test 3\n");
+
+	return (correct && *shared_correct);
+
+/* What are we looking for here?  What's sucess and what's FAILURE? */
+}
+
+
+
+/*
+  Test delete on close semantics.
+ */
+static BOOL run_deletetest(int dummy)
+{
+	static struct cli_state cli1;
+	static struct cli_state cli2;
+	char *fname = "\\delete.file";
+	int fnum1 = -1;
+	int fnum2 = -1;
+	BOOL correct = True;
+	
+	printf("starting delete test\n");
+	
+	ZERO_STRUCT(cli1);
+	ZERO_STRUCT(cli2);
+
+	if (!torture_open_connection(&cli1)) {
+		return False;
+	}
+	
+	cli_sockopt(&cli1, sockops);
+
+	/* Test 1 - this should *NOT* delete the file on close. */
+	
+	cli_setatr(&cli1, fname, 0, 0);
+	cli_unlink(&cli1, fname);
+	
+	fnum1 = cli_nt_create_full(&cli1, fname, GENERIC_ALL_ACCESS, FILE_ATTRIBUTE_NORMAL,
+				   FILE_SHARE_DELETE, FILE_OVERWRITE_IF, 
+				   DELETE_ON_CLOSE_FLAG);
+	
+	if (fnum1 == -1) {
+		printf("[1] open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		correct = False;
+		goto fail;
+	}
+	
+	if (!cli_close(&cli1, fnum1)) {
+		printf("[1] close failed (%s)\n", cli_errstr(&cli1));
+		correct = False;
+		goto fail;
+	}
+
+	fnum1 = cli_open(&cli1, fname, O_RDWR, DENY_NONE);
+	if (fnum1 == -1) {
+		printf("[1] open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		correct = False;
+		goto fail;
+	}
+	
+	if (!cli_close(&cli1, fnum1)) {
+		printf("[1] close failed (%s)\n", cli_errstr(&cli1));
+		correct = False;
+		goto fail;
+	}
+	
+	printf("first delete on close test succeeded.\n");
+	
+	/* Test 2 - this should delete the file on close. */
+	
+	cli_setatr(&cli1, fname, 0, 0);
+	cli_unlink(&cli1, fname);
+	
+	fnum1 = cli_nt_create_full(&cli1, fname, GENERIC_ALL_ACCESS,
+				   FILE_ATTRIBUTE_NORMAL, FILE_SHARE_NONE, 
+				   FILE_OVERWRITE_IF, 0);
+	
+	if (fnum1 == -1) {
+		printf("[2] open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		correct = False;
+		goto fail;
+	}
+	
+	if (!cli_nt_delete_on_close(&cli1, fnum1, True)) {
+		printf("[2] setting delete_on_close failed (%s)\n", cli_errstr(&cli1));
+		correct = False;
+		goto fail;
+	}
+	
+	if (!cli_close(&cli1, fnum1)) {
+		printf("[2] close failed (%s)\n", cli_errstr(&cli1));
+		correct = False;
+		goto fail;
+	}
+	
+	fnum1 = cli_open(&cli1, fname, O_RDONLY, DENY_NONE);
+	if (fnum1 != -1) {
+		printf("[2] open of %s succeeded should have been deleted on close !\n", fname);
+		if (!cli_close(&cli1, fnum1)) {
+			printf("[2] close failed (%s)\n", cli_errstr(&cli1));
+			correct = False;
+			goto fail;
+		}
+		cli_unlink(&cli1, fname);
+	} else
+		printf("second delete on close test succeeded.\n");
+	
+	/* Test 3 - ... */
+	cli_setatr(&cli1, fname, 0, 0);
+	cli_unlink(&cli1, fname);
+
+	fnum1 = cli_nt_create_full(&cli1, fname, GENERIC_ALL_ACCESS, FILE_ATTRIBUTE_NORMAL,
+				   FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_OVERWRITE_IF, 0);
+
+	if (fnum1 == -1) {
+		printf("[3] open - 1 of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		correct = False;
+		goto fail;
+	}
+
+	/* This should fail with a sharing violation - open for delete is only compatible
+	   with SHARE_DELETE. */
+
+	fnum2 = cli_nt_create_full(&cli1, fname, GENERIC_READ_ACCESS, FILE_ATTRIBUTE_NORMAL,
+			FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_OPEN, 0);
+
+	if (fnum2 != -1) {
+		printf("[3] open  - 2 of %s succeeded - should have failed.\n", fname);
+		correct = False;
+		goto fail;
+	}
+
+	/* This should succeed. */
+
+	fnum2 = cli_nt_create_full(&cli1, fname, GENERIC_READ_ACCESS, FILE_ATTRIBUTE_NORMAL,
+			FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, FILE_OPEN, 0);
+
+	if (fnum2 == -1) {
+		printf("[3] open  - 2 of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		correct = False;
+		goto fail;
+	}
+
+	if (!cli_nt_delete_on_close(&cli1, fnum1, True)) {
+		printf("[3] setting delete_on_close failed (%s)\n", cli_errstr(&cli1));
+		correct = False;
+		goto fail;
+	}
+	
+	if (!cli_close(&cli1, fnum1)) {
+		printf("[3] close 1 failed (%s)\n", cli_errstr(&cli1));
+		correct = False;
+		goto fail;
+	}
+	
+	if (!cli_close(&cli1, fnum2)) {
+		printf("[3] close 2 failed (%s)\n", cli_errstr(&cli1));
+		correct = False;
+		goto fail;
+	}
+	
+	/* This should fail - file should no longer be there. */
+
+	fnum1 = cli_open(&cli1, fname, O_RDONLY, DENY_NONE);
+	if (fnum1 != -1) {
+		printf("[3] open of %s succeeded should have been deleted on close !\n", fname);
+		if (!cli_close(&cli1, fnum1)) {
+			printf("[3] close failed (%s)\n", cli_errstr(&cli1));
+		}
+		cli_unlink(&cli1, fname);
+		correct = False;
+		goto fail;
+	} else
+		printf("third delete on close test succeeded.\n");
+
+	/* Test 4 ... */
+	cli_setatr(&cli1, fname, 0, 0);
+	cli_unlink(&cli1, fname);
+
+	fnum1 = cli_nt_create_full(&cli1, fname, FILE_READ_DATA|FILE_WRITE_DATA|DELETE_ACCESS,
+			FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_OVERWRITE_IF, 0);
+								
+	if (fnum1 == -1) {
+		printf("[4] open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		correct = False;
+		goto fail;
+	}
+
+	/* This should succeed. */
+	fnum2 = cli_nt_create_full(&cli1, fname, GENERIC_READ_ACCESS,
+			FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, FILE_OPEN, 0);
+	if (fnum2 == -1) {
+		printf("[4] open  - 2 of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		correct = False;
+		goto fail;
+	}
+	
+	if (!cli_close(&cli1, fnum2)) {
+		printf("[4] close - 1 failed (%s)\n", cli_errstr(&cli1));
+		correct = False;
+		goto fail;
+	}
+	
+	if (!cli_nt_delete_on_close(&cli1, fnum1, True)) {
+		printf("[4] setting delete_on_close failed (%s)\n", cli_errstr(&cli1));
+		correct = False;
+		goto fail;
+	}
+	
+	/* This should fail - no more opens once delete on close set. */
+	fnum2 = cli_nt_create_full(&cli1, fname, GENERIC_READ_ACCESS,
+				   FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, FILE_OPEN, 0);
+	if (fnum2 != -1) {
+		printf("[4] open  - 3 of %s succeeded ! Should have failed.\n", fname );
+		correct = False;
+		goto fail;
+	} else
+		printf("fourth delete on close test succeeded.\n");
+	
+	if (!cli_close(&cli1, fnum1)) {
+		printf("[4] close - 2 failed (%s)\n", cli_errstr(&cli1));
+		correct = False;
+		goto fail;
+	}
+	
+	/* Test 5 ... */
+	cli_setatr(&cli1, fname, 0, 0);
+	cli_unlink(&cli1, fname);
+	
+	fnum1 = cli_open(&cli1, fname, O_RDWR|O_CREAT, DENY_NONE);
+	if (fnum1 == -1) {
+		printf("[5] open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		correct = False;
+		goto fail;
+	}
+
+	/* This should fail - only allowed on NT opens with DELETE access. */
+
+	if (cli_nt_delete_on_close(&cli1, fnum1, True)) {
+		printf("[5] setting delete_on_close on OpenX file succeeded - should fail !\n");
+		correct = False;
+		goto fail;
+	}
+
+	if (!cli_close(&cli1, fnum1)) {
+		printf("[5] close - 2 failed (%s)\n", cli_errstr(&cli1));
+		correct = False;
+		goto fail;
+	}
+	
+	printf("fifth delete on close test succeeded.\n");
+	
+	/* Test 6 ... */
+	cli_setatr(&cli1, fname, 0, 0);
+	cli_unlink(&cli1, fname);
+	
+	fnum1 = cli_nt_create_full(&cli1, fname, FILE_READ_DATA|FILE_WRITE_DATA,
+				   FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
+				   FILE_OVERWRITE_IF, 0);
+	
+	if (fnum1 == -1) {
+		printf("[6] open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		correct = False;
+		goto fail;
+	}
+	
+	/* This should fail - only allowed on NT opens with DELETE access. */
+	
+	if (cli_nt_delete_on_close(&cli1, fnum1, True)) {
+		printf("[6] setting delete_on_close on file with no delete access succeeded - should fail !\n");
+		correct = False;
+		goto fail;
+	}
+
+	if (!cli_close(&cli1, fnum1)) {
+		printf("[6] close - 2 failed (%s)\n", cli_errstr(&cli1));
+		correct = False;
+		goto fail;
+	}
+
+	printf("sixth delete on close test succeeded.\n");
+	
+	/* Test 7 ... */
+	cli_setatr(&cli1, fname, 0, 0);
+	cli_unlink(&cli1, fname);
+	
+	fnum1 = cli_nt_create_full(&cli1, fname, FILE_READ_DATA|FILE_WRITE_DATA|DELETE_ACCESS,
+				   FILE_ATTRIBUTE_NORMAL, 0, FILE_OVERWRITE_IF, 0);
+								
+	if (fnum1 == -1) {
+		printf("[7] open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		correct = False;
+		goto fail;
+	}
+
+	if (!cli_nt_delete_on_close(&cli1, fnum1, True)) {
+		printf("[7] setting delete_on_close on file failed !\n");
+		correct = False;
+		goto fail;
+	}
+	
+	if (!cli_nt_delete_on_close(&cli1, fnum1, False)) {
+		printf("[7] unsetting delete_on_close on file failed !\n");
+		correct = False;
+		goto fail;
+	}
+
+	if (!cli_close(&cli1, fnum1)) {
+		printf("[7] close - 2 failed (%s)\n", cli_errstr(&cli1));
+		correct = False;
+		goto fail;
+	}
+	
+	/* This next open should succeed - we reset the flag. */
+	
+	fnum1 = cli_open(&cli1, fname, O_RDONLY, DENY_NONE);
+	if (fnum1 == -1) {
+		printf("[5] open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		correct = False;
+		goto fail;
+	}
+
+	if (!cli_close(&cli1, fnum1)) {
+		printf("[7] close - 2 failed (%s)\n", cli_errstr(&cli1));
+		correct = False;
+		goto fail;
+	}
+
+	printf("seventh delete on close test succeeded.\n");
+	
+	/* Test 7 ... */
+	cli_setatr(&cli1, fname, 0, 0);
+	cli_unlink(&cli1, fname);
+	
+	if (!torture_open_connection(&cli2)) {
+		printf("[8] failed to open second connection.\n");
+		correct = False;
+		goto fail;
+	}
+
+	cli_sockopt(&cli1, sockops);
+	
+	fnum1 = cli_nt_create_full(&cli1, fname, FILE_READ_DATA|FILE_WRITE_DATA|DELETE_ACCESS,
+				   FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, FILE_OVERWRITE_IF, 0);
+	
+	if (fnum1 == -1) {
+		printf("[8] open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		correct = False;
+		goto fail;
+	}
+
+	fnum2 = cli_nt_create_full(&cli2, fname, FILE_READ_DATA|FILE_WRITE_DATA|DELETE_ACCESS,
+				   FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, FILE_OPEN, 0);
+	
+	if (fnum2 == -1) {
+		printf("[8] open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		correct = False;
+		goto fail;
+	}
+
+	if (!cli_nt_delete_on_close(&cli1, fnum1, True)) {
+		printf("[8] setting delete_on_close on file failed !\n");
+		correct = False;
+		goto fail;
+	}
+	
+	if (!cli_close(&cli1, fnum1)) {
+		printf("[8] close - 1 failed (%s)\n", cli_errstr(&cli1));
+		correct = False;
+		goto fail;
+	}
+
+	if (!cli_close(&cli2, fnum2)) {
+		printf("[8] close - 2 failed (%s)\n", cli_errstr(&cli2));
+		correct = False;
+		goto fail;
+	}
+
+	/* This should fail.. */
+	fnum1 = cli_open(&cli1, fname, O_RDONLY, DENY_NONE);
+	if (fnum1 != -1) {
+		printf("[8] open of %s succeeded should have been deleted on close !\n", fname);
+		goto fail;
+		correct = False;
+	} else
+		printf("eighth delete on close test succeeded.\n");
+
+	/* This should fail - we need to set DELETE_ACCESS. */
+	fnum1 = cli_nt_create_full(&cli1, fname, FILE_READ_DATA|FILE_WRITE_DATA,
+				   FILE_ATTRIBUTE_NORMAL, FILE_SHARE_NONE, FILE_OVERWRITE_IF, FILE_DELETE_ON_CLOSE);
+	
+	if (fnum1 != -1) {
+		printf("[9] open of %s succeeded should have failed!\n", fname);
+		correct = False;
+		goto fail;
+	}
+
+	printf("ninth delete on close test succeeded.\n");
+
+	fnum1 = cli_nt_create_full(&cli1, fname, FILE_READ_DATA|FILE_WRITE_DATA|DELETE_ACCESS,
+				   FILE_ATTRIBUTE_NORMAL, FILE_SHARE_NONE, FILE_OVERWRITE_IF, FILE_DELETE_ON_CLOSE);
+	if (fnum1 == -1) {
+		printf("[10] open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		correct = False;
+		goto fail;
+	}
+
+	/* This should delete the file. */
+	if (!cli_close(&cli1, fnum1)) {
+		printf("[10] close failed (%s)\n", cli_errstr(&cli1));
+		correct = False;
+		goto fail;
+	}
+
+	/* This should fail.. */
+	fnum1 = cli_open(&cli1, fname, O_RDONLY, DENY_NONE);
+	if (fnum1 != -1) {
+		printf("[10] open of %s succeeded should have been deleted on close !\n", fname);
+		goto fail;
+		correct = False;
+	} else
+		printf("tenth delete on close test succeeded.\n");
+	printf("finished delete test\n");
+
+  fail:
+	
+	cli_close(&cli1, fnum1);
+	cli_close(&cli1, fnum2);
+	cli_setatr(&cli1, fname, 0, 0);
+	cli_unlink(&cli1, fname);
+	
+	if (!torture_close_connection(&cli1)) {
+		correct = False;
+	}
+	if (!torture_close_connection(&cli2)) {
+		correct = False;
+	}
+	return correct;
+}
+
+
+/*
+  print out server properties
+ */
+static BOOL run_properties(int dummy)
+{
+	static struct cli_state cli;
+	BOOL correct = True;
+	
+	printf("starting properties test\n");
+	
+	ZERO_STRUCT(cli);
+
+	if (!torture_open_connection(&cli)) {
+		return False;
+	}
+	
+	cli_sockopt(&cli, sockops);
+
+	d_printf("Capabilities 0x%08x\n", cli.capabilities);
+
+	if (!torture_close_connection(&cli)) {
+		correct = False;
+	}
+
+	return correct;
+}
+
+
+
+/* FIRST_DESIRED_ACCESS   0xf019f */
+#define FIRST_DESIRED_ACCESS   FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|\
+                               FILE_READ_EA|                           /* 0xf */ \
+                               FILE_WRITE_EA|FILE_READ_ATTRIBUTES|     /* 0x90 */ \
+                               FILE_WRITE_ATTRIBUTES|                  /* 0x100 */ \
+                               DELETE_ACCESS|READ_CONTROL_ACCESS|\
+                               WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS     /* 0xf0000 */
+/* SECOND_DESIRED_ACCESS  0xe0080 */
+#define SECOND_DESIRED_ACCESS  FILE_READ_ATTRIBUTES|                   /* 0x80 */ \
+                               READ_CONTROL_ACCESS|WRITE_DAC_ACCESS|\
+                               WRITE_OWNER_ACCESS                      /* 0xe0000 */
+
+#if 0
+#define THIRD_DESIRED_ACCESS   FILE_READ_ATTRIBUTES|                   /* 0x80 */ \
+                               READ_CONTROL_ACCESS|WRITE_DAC_ACCESS|\
+                               FILE_READ_DATA|\
+                               WRITE_OWNER_ACCESS                      /* */
+#endif
+
+/*
+  Test ntcreate calls made by xcopy
+ */
+static BOOL run_xcopy(int dummy)
+{
+	static struct cli_state cli1;
+	char *fname = "\\test.txt";
+	BOOL correct = True;
+	int fnum1, fnum2;
+
+	printf("starting xcopy test\n");
+	
+	if (!torture_open_connection(&cli1)) {
+		return False;
+	}
+	
+	fnum1 = cli_nt_create_full(&cli1, fname, 
+				   FIRST_DESIRED_ACCESS, FILE_ATTRIBUTE_ARCHIVE,
+				   FILE_SHARE_NONE, FILE_OVERWRITE_IF, 
+				   0x4044);
+
+	if (fnum1 == -1) {
+		printf("First open failed - %s\n", cli_errstr(&cli1));
+		return False;
+	}
+
+	fnum2 = cli_nt_create_full(&cli1, fname, 
+				   SECOND_DESIRED_ACCESS, 0,
+				   FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, FILE_OPEN, 
+				   0x200000);
+	if (fnum2 == -1) {
+		printf("second open failed - %s\n", cli_errstr(&cli1));
+		return False;
+	}
+	
+	if (!torture_close_connection(&cli1)) {
+		correct = False;
+	}
+	
+	return correct;
+}
+
+/*
+  Test rename on files open with share delete and no share delete.
+ */
+static BOOL run_rename(int dummy)
+{
+	static struct cli_state cli1;
+	char *fname = "\\test.txt";
+	char *fname1 = "\\test1.txt";
+	BOOL correct = True;
+	int fnum1;
+
+	printf("starting rename test\n");
+	
+	if (!torture_open_connection(&cli1)) {
+		return False;
+	}
+	
+	cli_unlink(&cli1, fname);
+	cli_unlink(&cli1, fname1);
+	fnum1 = cli_nt_create_full(&cli1, fname, GENERIC_READ_ACCESS, FILE_ATTRIBUTE_NORMAL,
+				   FILE_SHARE_READ, FILE_OVERWRITE_IF, 0);
+
+	if (fnum1 == -1) {
+		printf("First open failed - %s\n", cli_errstr(&cli1));
+		return False;
+	}
+
+	if (!cli_rename(&cli1, fname, fname1)) {
+		printf("First rename failed (this is correct) - %s\n", cli_errstr(&cli1));
+	} else {
+		printf("First rename succeeded - this should have failed !\n");
+		correct = False;
+	}
+
+	if (!cli_close(&cli1, fnum1)) {
+		printf("close - 1 failed (%s)\n", cli_errstr(&cli1));
+		return False;
+	}
+
+	cli_unlink(&cli1, fname);
+	cli_unlink(&cli1, fname1);
+	fnum1 = cli_nt_create_full(&cli1, fname,GENERIC_READ_ACCESS, FILE_ATTRIBUTE_NORMAL,
+#if 0
+				   FILE_SHARE_DELETE|FILE_SHARE_NONE, FILE_OVERWRITE_IF, 0);
+#else
+				   FILE_SHARE_DELETE|FILE_SHARE_READ, FILE_OVERWRITE_IF, 0);
+#endif
+
+	if (fnum1 == -1) {
+		printf("Second open failed - %s\n", cli_errstr(&cli1));
+		return False;
+	}
+
+	if (!cli_rename(&cli1, fname, fname1)) {
+		printf("Second rename failed - this should have succeeded - %s\n", cli_errstr(&cli1));
+		correct = False;
+	} else {
+		printf("Second rename succeeded\n");
+	}
+
+	if (!cli_close(&cli1, fnum1)) {
+		printf("close - 2 failed (%s)\n", cli_errstr(&cli1));
+		return False;
+	}
+
+	cli_unlink(&cli1, fname);
+	cli_unlink(&cli1, fname1);
+
+	fnum1 = cli_nt_create_full(&cli1, fname,READ_CONTROL_ACCESS, FILE_ATTRIBUTE_NORMAL,
+				   FILE_SHARE_NONE, FILE_OVERWRITE_IF, 0);
+
+	if (fnum1 == -1) {
+		printf("Third open failed - %s\n", cli_errstr(&cli1));
+		return False;
+	}
+
+
+#if 0
+  {
+  int fnum2;
+
+	fnum2 = cli_nt_create_full(&cli1, fname,DELETE_ACCESS, FILE_ATTRIBUTE_NORMAL,
+				   FILE_SHARE_NONE, FILE_OVERWRITE_IF, 0);
+
+	if (fnum2 == -1) {
+		printf("Fourth open failed - %s\n", cli_errstr(&cli1));
+		return False;
+	}
+	if (!cli_nt_delete_on_close(&cli1, fnum2, True)) {
+		printf("[8] setting delete_on_close on file failed !\n");
+		return False;
+	}
+	
+	if (!cli_close(&cli1, fnum2)) {
+		printf("close - 4 failed (%s)\n", cli_errstr(&cli1));
+		return False;
+	}
+  }
+#endif
+
+	if (!cli_rename(&cli1, fname, fname1)) {
+		printf("Third rename failed - this should have succeeded - %s\n", cli_errstr(&cli1));
+		correct = False;
+	} else {
+		printf("Third rename succeeded\n");
+	}
+
+	if (!cli_close(&cli1, fnum1)) {
+		printf("close - 3 failed (%s)\n", cli_errstr(&cli1));
+		return False;
+	}
+
+	cli_unlink(&cli1, fname);
+	cli_unlink(&cli1, fname1);
+
+	if (!torture_close_connection(&cli1)) {
+		correct = False;
+	}
+	
+	return correct;
+}
+
+
+/*
+  Test open mode returns on read-only files.
+ */
+static BOOL run_opentest(int dummy)
+{
+	static struct cli_state cli1;
+	static struct cli_state cli2;
+	char *fname = "\\readonly.file";
+	int fnum1, fnum2;
+	char buf[20];
+	size_t fsize;
+	BOOL correct = True;
+	char *tmp_path;
+
+	printf("starting open test\n");
+	
+	if (!torture_open_connection(&cli1)) {
+		return False;
+	}
+	
+	cli_setatr(&cli1, fname, 0, 0);
+	cli_unlink(&cli1, fname);
+	
+	cli_sockopt(&cli1, sockops);
+	
+	fnum1 = cli_open(&cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	if (fnum1 == -1) {
+		printf("open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		return False;
+	}
+
+	if (!cli_close(&cli1, fnum1)) {
+		printf("close2 failed (%s)\n", cli_errstr(&cli1));
+		return False;
+	}
+	
+	if (!cli_setatr(&cli1, fname, aRONLY, 0)) {
+		printf("cli_setatr failed (%s)\n", cli_errstr(&cli1));
+		return False;
+	}
+	
+	fnum1 = cli_open(&cli1, fname, O_RDONLY, DENY_WRITE);
+	if (fnum1 == -1) {
+		printf("open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		return False;
+	}
+	
+	/* This will fail - but the error should be ERRnoaccess, not ERRbadshare. */
+	fnum2 = cli_open(&cli1, fname, O_RDWR, DENY_ALL);
+	
+        if (check_error(__LINE__, &cli1, ERRDOS, ERRnoaccess, 
+			NT_STATUS_ACCESS_DENIED)) {
+		printf("correct error code ERRDOS/ERRnoaccess returned\n");
+	}
+	
+	printf("finished open test 1\n");
+	
+	cli_close(&cli1, fnum1);
+	
+	/* Now try not readonly and ensure ERRbadshare is returned. */
+	
+	cli_setatr(&cli1, fname, 0, 0);
+	
+	fnum1 = cli_open(&cli1, fname, O_RDONLY, DENY_WRITE);
+	if (fnum1 == -1) {
+		printf("open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		return False;
+	}
+	
+	/* This will fail - but the error should be ERRshare. */
+	fnum2 = cli_open(&cli1, fname, O_RDWR, DENY_ALL);
+	
+	if (check_error(__LINE__, &cli1, ERRDOS, ERRbadshare, 
+			NT_STATUS_SHARING_VIOLATION)) {
+		printf("correct error code ERRDOS/ERRbadshare returned\n");
+	}
+	
+	if (!cli_close(&cli1, fnum1)) {
+		printf("close2 failed (%s)\n", cli_errstr(&cli1));
+		return False;
+	}
+	
+	cli_unlink(&cli1, fname);
+	
+	printf("finished open test 2\n");
+	
+	/* Test truncate open disposition on file opened for read. */
+	
+	fnum1 = cli_open(&cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	if (fnum1 == -1) {
+		printf("(3) open (1) of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		return False;
+	}
+	
+	/* write 20 bytes. */
+	
+	memset(buf, '\0', 20);
+
+	if (cli_write(&cli1, fnum1, 0, buf, 0, 20) != 20) {
+		printf("write failed (%s)\n", cli_errstr(&cli1));
+		correct = False;
+	}
+
+	if (!cli_close(&cli1, fnum1)) {
+		printf("(3) close1 failed (%s)\n", cli_errstr(&cli1));
+		return False;
+	}
+	
+	/* Ensure size == 20. */
+	if (!cli_getatr(&cli1, fname, NULL, &fsize, NULL)) {
+		printf("(3) getatr failed (%s)\n", cli_errstr(&cli1));
+		return False;
+	}
+	
+	if (fsize != 20) {
+		printf("(3) file size != 20\n");
+		return False;
+	}
+
+	/* Now test if we can truncate a file opened for readonly. */
+	
+	fnum1 = cli_open(&cli1, fname, O_RDONLY|O_TRUNC, DENY_NONE);
+	if (fnum1 == -1) {
+		printf("(3) open (2) of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		return False;
+	}
+	
+	if (!cli_close(&cli1, fnum1)) {
+		printf("close2 failed (%s)\n", cli_errstr(&cli1));
+		return False;
+	}
+
+	/* Ensure size == 0. */
+	if (!cli_getatr(&cli1, fname, NULL, &fsize, NULL)) {
+		printf("(3) getatr failed (%s)\n", cli_errstr(&cli1));
+		return False;
+	}
+
+	if (fsize != 0) {
+		printf("(3) file size != 0\n");
+		return False;
+	}
+	printf("finished open test 3\n");
+	
+	cli_unlink(&cli1, fname);
+
+
+	printf("testing ctemp\n");
+	fnum1 = cli_ctemp(&cli1, "\\", &tmp_path);
+	if (fnum1 == -1) {
+		printf("ctemp failed (%s)\n", cli_errstr(&cli1));
+		return False;
+	}
+	printf("ctemp gave path %s\n", tmp_path);
+	if (!cli_close(&cli1, fnum1)) {
+		printf("close of temp failed (%s)\n", cli_errstr(&cli1));
+	}
+	if (!cli_unlink(&cli1, tmp_path)) {
+		printf("unlink of temp failed (%s)\n", cli_errstr(&cli1));
+	}
+	
+	/* Test the non-io opens... */
+
+	if (!torture_open_connection(&cli2)) {
+		return False;
+	}
+	
+	cli_setatr(&cli2, fname, 0, 0);
+	cli_unlink(&cli2, fname);
+	
+	cli_sockopt(&cli2, sockops);
+
+	printf("TEST #1 testing 2 non-io opens (no delete)\n");
+	
+	fnum1 = cli_nt_create_full(&cli1, fname,FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+				   FILE_SHARE_NONE, FILE_OVERWRITE_IF, 0);
+
+	if (fnum1 == -1) {
+		printf("test 1 open 1 of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		return False;
+	}
+
+	fnum2 = cli_nt_create_full(&cli2, fname,FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+				   FILE_SHARE_NONE, FILE_OPEN_IF, 0);
+
+	if (fnum2 == -1) {
+		printf("test 1 open 2 of %s failed (%s)\n", fname, cli_errstr(&cli2));
+		return False;
+	}
+
+	if (!cli_close(&cli1, fnum1)) {
+		printf("test 1 close 1 of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		return False;
+	}
+	if (!cli_close(&cli2, fnum2)) {
+		printf("test 1 close 2 of %s failed (%s)\n", fname, cli_errstr(&cli2));
+		return False;
+	}
+
+	printf("non-io open test #1 passed.\n");
+
+	cli_unlink(&cli1, fname);
+
+	printf("TEST #2 testing 2 non-io opens (first with delete)\n");
+	
+	fnum1 = cli_nt_create_full(&cli1, fname,DELETE_ACCESS|FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+				   FILE_SHARE_NONE, FILE_OVERWRITE_IF, 0);
+
+	if (fnum1 == -1) {
+		printf("test 2 open 1 of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		return False;
+	}
+
+	fnum2 = cli_nt_create_full(&cli2, fname,FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+				   FILE_SHARE_NONE, FILE_OPEN_IF, 0);
+
+	if (fnum2 == -1) {
+		printf("test 2 open 2 of %s failed (%s)\n", fname, cli_errstr(&cli2));
+		return False;
+	}
+
+	if (!cli_close(&cli1, fnum1)) {
+		printf("test 1 close 1 of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		return False;
+	}
+	if (!cli_close(&cli2, fnum2)) {
+		printf("test 1 close 2 of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		return False;
+	}
+
+	printf("non-io open test #2 passed.\n");
+
+	cli_unlink(&cli1, fname);
+
+	printf("TEST #3 testing 2 non-io opens (second with delete)\n");
+	
+	fnum1 = cli_nt_create_full(&cli1, fname,FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+				   FILE_SHARE_NONE, FILE_OVERWRITE_IF, 0);
+
+	if (fnum1 == -1) {
+		printf("test 3 open 1 of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		return False;
+	}
+
+	fnum2 = cli_nt_create_full(&cli2, fname,DELETE_ACCESS|FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+				   FILE_SHARE_NONE, FILE_OPEN_IF, 0);
+
+	if (fnum2 == -1) {
+		printf("test 3 open 2 of %s failed (%s)\n", fname, cli_errstr(&cli2));
+		return False;
+	}
+
+	if (!cli_close(&cli1, fnum1)) {
+		printf("test 3 close 1 of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		return False;
+	}
+	if (!cli_close(&cli2, fnum2)) {
+		printf("test 3 close 2 of %s failed (%s)\n", fname, cli_errstr(&cli2));
+		return False;
+	}
+
+	printf("non-io open test #3 passed.\n");
+
+	cli_unlink(&cli1, fname);
+
+	printf("TEST #4 testing 2 non-io opens (both with delete)\n");
+	
+	fnum1 = cli_nt_create_full(&cli1, fname,DELETE_ACCESS|FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+				   FILE_SHARE_NONE, FILE_OVERWRITE_IF, 0);
+
+	if (fnum1 == -1) {
+		printf("test 4 open 1 of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		return False;
+	}
+
+	fnum2 = cli_nt_create_full(&cli2, fname,DELETE_ACCESS|FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+				   FILE_SHARE_NONE, FILE_OPEN_IF, 0);
+
+	if (fnum2 != -1) {
+		printf("test 4 open 2 of %s SUCCEEDED - should have failed (%s)\n", fname, cli_errstr(&cli2));
+		return False;
+	}
+
+	printf("test 3 open 2 of %s gave %s (correct error should be %s)\n", fname, cli_errstr(&cli2), "sharing violation");
+
+	if (!cli_close(&cli1, fnum1)) {
+		printf("test 4 close 1 of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		return False;
+	}
+
+	printf("non-io open test #4 passed.\n");
+
+	cli_unlink(&cli1, fname);
+
+	printf("TEST #5 testing 2 non-io opens (both with delete - both with file share delete)\n");
+	
+	fnum1 = cli_nt_create_full(&cli1, fname,DELETE_ACCESS|FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+				   FILE_SHARE_DELETE, FILE_OVERWRITE_IF, 0);
+
+	if (fnum1 == -1) {
+		printf("test 5 open 1 of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		return False;
+	}
+
+	fnum2 = cli_nt_create_full(&cli2, fname,DELETE_ACCESS|FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+				   FILE_SHARE_DELETE, FILE_OPEN_IF, 0);
+
+	if (fnum2 == -1) {
+		printf("test 5 open 2 of %s failed (%s)\n", fname, cli_errstr(&cli2));
+		return False;
+	}
+
+	if (!cli_close(&cli1, fnum1)) {
+		printf("test 5 close 1 of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		return False;
+	}
+
+	if (!cli_close(&cli2, fnum2)) {
+		printf("test 5 close 2 of %s failed (%s)\n", fname, cli_errstr(&cli2));
+		return False;
+	}
+
+	printf("non-io open test #5 passed.\n");
+
+	printf("TEST #6 testing 1 non-io open, one io open\n");
+	
+	cli_unlink(&cli1, fname);
+
+	fnum1 = cli_nt_create_full(&cli1, fname,FILE_READ_DATA, FILE_ATTRIBUTE_NORMAL,
+				   FILE_SHARE_NONE, FILE_OVERWRITE_IF, 0);
+
+	if (fnum1 == -1) {
+		printf("test 6 open 1 of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		return False;
+	}
+
+	fnum2 = cli_nt_create_full(&cli2, fname,FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+				   FILE_SHARE_READ, FILE_OPEN_IF, 0);
+
+	if (fnum2 == -1) {
+		printf("test 6 open 2 of %s failed (%s)\n", fname, cli_errstr(&cli2));
+		return False;
+	}
+
+	if (!cli_close(&cli1, fnum1)) {
+		printf("test 6 close 1 of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		return False;
+	}
+
+	if (!cli_close(&cli2, fnum2)) {
+		printf("test 6 close 2 of %s failed (%s)\n", fname, cli_errstr(&cli2));
+		return False;
+	}
+
+	printf("non-io open test #6 passed.\n");
+
+	printf("TEST #7 testing 1 non-io open, one io open with delete\n");
+
+	cli_unlink(&cli1, fname);
+
+	fnum1 = cli_nt_create_full(&cli1, fname,FILE_READ_DATA, FILE_ATTRIBUTE_NORMAL,
+				   FILE_SHARE_NONE, FILE_OVERWRITE_IF, 0);
+
+	if (fnum1 == -1) {
+		printf("test 7 open 1 of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		return False;
+	}
+
+	fnum2 = cli_nt_create_full(&cli2, fname,DELETE_ACCESS|FILE_READ_ATTRIBUTES, FILE_ATTRIBUTE_NORMAL,
+				   FILE_SHARE_READ|FILE_SHARE_DELETE, FILE_OPEN_IF, 0);
+
+	if (fnum2 != -1) {
+		printf("test 7 open 2 of %s SUCCEEDED - should have failed (%s)\n", fname, cli_errstr(&cli2));
+		return False;
+	}
+
+	printf("test 7 open 2 of %s gave %s (correct error should be %s)\n", fname, cli_errstr(&cli2), "sharing violation");
+
+	if (!cli_close(&cli1, fnum1)) {
+		printf("test 7 close 1 of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		return False;
+	}
+
+	printf("non-io open test #7 passed.\n");
+
+	cli_unlink(&cli1, fname);
+
+	if (!torture_close_connection(&cli1)) {
+		correct = False;
+	}
+	if (!torture_close_connection(&cli2)) {
+		correct = False;
+	}
+	
+	return correct;
+}
+
+static void list_fn(file_info *finfo, const char *name, void *state)
+{
+	
+}
+
+/*
+  test directory listing speed
+ */
+static BOOL run_dirtest(int dummy)
+{
+	int i;
+	static struct cli_state cli;
+	int fnum;
+	double t1;
+	BOOL correct = True;
+
+	printf("starting directory test\n");
+
+	if (!torture_open_connection(&cli)) {
+		return False;
+	}
+
+	cli_sockopt(&cli, sockops);
+
+	srandom(0);
+	for (i=0;i<numops;i++) {
+		fstring fname;
+		slprintf(fname, sizeof(fname), "\\%x", (int)random());
+		fnum = cli_open(&cli, fname, O_RDWR|O_CREAT, DENY_NONE);
+		if (fnum == -1) {
+			fprintf(stderr,"Failed to open %s\n", fname);
+			return False;
+		}
+		cli_close(&cli, fnum);
+	}
+
+	t1 = end_timer();
+
+	printf("Matched %d\n", cli_list(&cli, "a*.*", 0, list_fn, NULL));
+	printf("Matched %d\n", cli_list(&cli, "b*.*", 0, list_fn, NULL));
+	printf("Matched %d\n", cli_list(&cli, "xyzabc", 0, list_fn, NULL));
+
+	printf("dirtest core %g seconds\n", end_timer() - t1);
+
+	srandom(0);
+	for (i=0;i<numops;i++) {
+		fstring fname;
+		slprintf(fname, sizeof(fname), "\\%x", (int)random());
+		cli_unlink(&cli, fname);
+	}
+
+	if (!torture_close_connection(&cli)) {
+		correct = False;
+	}
+
+	printf("finished dirtest\n");
+
+	return correct;
+}
+
+static BOOL run_error_map_extract(int dummy) {
+	
+	static struct cli_state c_dos;
+	static struct cli_state c_nt;
+
+	uint32 error;
+
+	uint32 flgs2, errnum;
+        uint8 errclass;
+
+	NTSTATUS nt_status;
+
+	fstring user;
+
+	/* NT-Error connection */
+
+	if (!open_nbt_connection(&c_nt)) {
+		return False;
+	}
+
+	c_nt.use_spnego = False;
+
+	if (!cli_negprot(&c_nt)) {
+		printf("%s rejected the NT-error negprot (%s)\n",host, cli_errstr(&c_nt));
+		cli_shutdown(&c_nt);
+		return False;
+	}
+
+	if (!cli_session_setup(&c_nt, "", "", 0, "", 0,
+			       workgroup)) {
+		printf("%s rejected the NT-error initial session setup (%s)\n",host, cli_errstr(&c_nt));
+		return False;
+	}
+
+	/* DOS-Error connection */
+
+	if (!open_nbt_connection(&c_dos)) {
+		return False;
+	}
+
+	c_dos.use_spnego = False;
+	c_dos.force_dos_errors = True;
+
+	if (!cli_negprot(&c_dos)) {
+		printf("%s rejected the DOS-error negprot (%s)\n",host, cli_errstr(&c_dos));
+		cli_shutdown(&c_dos);
+		return False;
+	}
+
+	if (!cli_session_setup(&c_dos, "", "", 0, "", 0,
+			       workgroup)) {
+		printf("%s rejected the DOS-error initial session setup (%s)\n",host, cli_errstr(&c_dos));
+		return False;
+	}
+
+	for (error=(0xc0000000 | 0x1); error < (0xc0000000| 0xFFF); error++) {
+		snprintf(user, sizeof(user), "%X", error);
+
+		if (cli_session_setup(&c_nt, user, 
+				       password, strlen(password),
+				       password, strlen(password),
+				      workgroup)) {
+			printf("/** Session setup succeeded.  This shouldn't happen...*/\n");
+		}
+		
+		flgs2 = SVAL(c_nt.inbuf,smb_flg2);
+		
+		/* Case #1: 32-bit NT errors */
+		if (flgs2 & FLAGS2_32_BIT_ERROR_CODES) {
+			nt_status = NT_STATUS(IVAL(c_nt.inbuf,smb_rcls));
+		} else {
+			printf("/** Dos error on NT connection! (%s) */\n", 
+			       cli_errstr(&c_nt));
+			nt_status = NT_STATUS(0xc0000000);
+		}
+
+		if (cli_session_setup(&c_dos, user, 
+				       password, strlen(password),
+				       password, strlen(password),
+				       workgroup)) {
+			printf("/** Session setup succeeded.  This shouldn't happen...*/\n");
+		}
+		flgs2 = SVAL(c_dos.inbuf,smb_flg2), errnum;
+		
+		/* Case #1: 32-bit NT errors */
+		if (flgs2 & FLAGS2_32_BIT_ERROR_CODES) {
+			printf("/** NT error on DOS connection! (%s) */\n", 
+			       cli_errstr(&c_nt));
+			errnum = errclass = 0;
+		} else {
+			cli_dos_error(&c_dos, &errclass, &errnum);
+		}
+
+		if (NT_STATUS_V(nt_status) != error) { 
+			printf("/*\t{ This NT error code was 'sqashed'\n\t from %s to %s \n\t during the session setup }\n*/\n", 
+			       get_nt_error_c_code(NT_STATUS(error)), 
+			       get_nt_error_c_code(nt_status));
+		}
+		
+		printf("\t{%s,\t%s,\t%s},\n", 
+		       smb_dos_err_class(errclass), 
+		       smb_dos_err_name(errclass, errnum), 
+		       get_nt_error_c_code(NT_STATUS(error)));
+	}
+	return True;
+}
+
+static double create_procs(BOOL (*fn)(int), BOOL *result)
+{
+	int i, status;
+	volatile pid_t *child_status;
+	volatile BOOL *child_status_out;
+	int synccount;
+	int tries = 8;
+
+	synccount = 0;
+
+	child_status = (volatile pid_t *)shm_setup(sizeof(pid_t)*nprocs);
+	if (!child_status) {
+		printf("Failed to setup shared memory\n");
+		return -1;
+	}
+
+	child_status_out = (volatile BOOL *)shm_setup(sizeof(BOOL)*nprocs);
+	if (!child_status_out) {
+		printf("Failed to setup result status shared memory\n");
+		return -1;
+	}
+
+	for (i = 0; i < nprocs; i++) {
+		child_status[i] = 0;
+		child_status_out[i] = True;
+	}
+
+	start_timer();
+
+	for (i=0;i<nprocs;i++) {
+		procnum = i;
+		if (fork() == 0) {
+			pid_t mypid = getpid();
+			sys_srandom(((int)mypid) ^ ((int)time(NULL)));
+
+			slprintf(myname,sizeof(myname),"CLIENT%d", i);
+
+			while (1) {
+				memset(&current_cli, 0, sizeof(current_cli));
+				if (torture_open_connection(&current_cli)) break;
+				if (tries-- == 0) {
+					printf("pid %d failed to start\n", (int)getpid());
+					_exit(1);
+				}
+				msleep(10);	
+			}
+
+			child_status[i] = getpid();
+
+			while (child_status[i] && end_timer() < 5) msleep(2);
+
+			child_status_out[i] = fn(i);
+			_exit(0);
+		}
+	}
+
+	do {
+		synccount = 0;
+		for (i=0;i<nprocs;i++) {
+			if (child_status[i]) synccount++;
+		}
+		if (synccount == nprocs) break;
+		msleep(10);
+	} while (end_timer() < 30);
+
+	if (synccount != nprocs) {
+		printf("FAILED TO START %d CLIENTS (started %d)\n", nprocs, synccount);
+		*result = False;
+		return end_timer();
+	}
+
+	/* start the client load */
+	start_timer();
+
+	for (i=0;i<nprocs;i++) {
+		child_status[i] = 0;
+	}
+
+	printf("%d clients started\n", nprocs);
+
+	for (i=0;i<nprocs;i++) {
+		while (waitpid(0, &status, 0) == -1 && errno == EINTR) /* noop */ ;
+	}
+
+	printf("\n");
+	
+	for (i=0;i<nprocs;i++) {
+		if (!child_status_out[i]) {
+			*result = False;
+		}
+	}
+	return end_timer();
+}
+
+#define FLAG_MULTIPROC 1
+
+static struct {
+	char *name;
+	BOOL (*fn)(int);
+	unsigned flags;
+} torture_ops[] = {
+	{"FDPASS", run_fdpasstest, 0},
+	{"LOCK1",  run_locktest1,  0},
+	{"LOCK2",  run_locktest2,  0},
+	{"LOCK3",  run_locktest3,  0},
+	{"LOCK4",  run_locktest4,  0},
+	{"LOCK5",  run_locktest5,  0},
+	{"LOCK6",  run_locktest6,  0},
+	{"UNLINK", run_unlinktest, 0},
+	{"BROWSE", run_browsetest, 0},
+	{"ATTR",   run_attrtest,   0},
+	{"TRANS2", run_trans2test, 0},
+	{"MAXFID", run_maxfidtest, FLAG_MULTIPROC},
+	{"TORTURE",run_torture,    FLAG_MULTIPROC},
+	{"RANDOMIPC", run_randomipc, 0},
+	{"NEGNOWAIT", run_negprot_nowait, 0},
+	{"NBENCH",  run_nbench, 0},
+	{"OPLOCK1",  run_oplock1, 0},
+	{"OPLOCK2",  run_oplock2, 0},
+	{"OPLOCK3",  run_oplock3, 0},
+	{"DIR",  run_dirtest, 0},
+	{"DENY1",  torture_denytest1, 0},
+	{"DENY2",  torture_denytest2, 0},
+	{"TCON",  run_tcon_test, 0},
+	{"RW1",  run_readwritetest, 0},
+	{"RW2",  run_readwritemulti, FLAG_MULTIPROC},
+	{"RW3",  run_readwritelarge, 0},
+	{"OPEN", run_opentest, 0},
+	{"XCOPY", run_xcopy, 0},
+	{"RENAME", run_rename, 0},
+	{"DELETE", run_deletetest, 0},
+	{"PROPERTIES", run_properties, 0},
+	{"W2K", run_w2ktest, 0},
+	{"TRANS2SCAN", torture_trans2_scan, 0},
+	{"NTTRANSSCAN", torture_nttrans_scan, 0},
+	{"UTABLE", torture_utable, 0},
+	{"CASETABLE", torture_casetable, 0},
+	{"ERRMAPEXTRACT", run_error_map_extract, 0},
+	{NULL, NULL, 0}};
+
+
+
+/****************************************************************************
+run a specified test or "ALL"
+****************************************************************************/
+static BOOL run_test(char *name)
+{
+	BOOL ret = True;
+	BOOL result = True;
+	int i;
+	double t;
+	if (strequal(name,"ALL")) {
+		for (i=0;torture_ops[i].name;i++) {
+			run_test(torture_ops[i].name);
+		}
+	}
+	
+	for (i=0;torture_ops[i].name;i++) {
+		snprintf(randomfname, sizeof(randomfname), "\\XX%x", 
+			 (unsigned)random());
+
+		if (strequal(name, torture_ops[i].name)) {
+			printf("Running %s\n", name);
+			if (torture_ops[i].flags & FLAG_MULTIPROC) {
+				t = create_procs(torture_ops[i].fn, &result);
+				if (!result) { 
+					ret = False;
+					printf("TEST %s FAILED!\n", name);
+				}
+					 
+			} else {
+				start_timer();
+				if (!torture_ops[i].fn(0)) {
+					ret = False;
+					printf("TEST %s FAILED!\n", name);
+				}
+				t = end_timer();
+			}
+			printf("%s took %g secs\n\n", name, t);
+		}
+	}
+	return ret;
+}
+
+
+static void usage(void)
+{
+	int i;
+
+	printf("Usage: smbtorture //server/share <options> TEST1 TEST2 ...\n");
+
+	printf("\t-d debuglevel\n");
+	printf("\t-U user%%pass\n");
+	printf("\t-k               use kerberos\n");
+	printf("\t-N numprocs\n");
+	printf("\t-n my_netbios_name\n");
+	printf("\t-W workgroup\n");
+	printf("\t-o num_operations\n");
+	printf("\t-O socket_options\n");
+	printf("\t-m maximum protocol\n");
+	printf("\t-L use oplocks\n");
+	printf("\t-c CLIENT.TXT   specify client load file for NBENCH\n");
+	printf("\t-A showall\n");
+	printf("\n\n");
+
+	printf("tests are:");
+	for (i=0;torture_ops[i].name;i++) {
+		printf(" %s", torture_ops[i].name);
+	}
+	printf("\n");
+
+	printf("default test is ALL\n");
+	
+	exit(1);
+}
+
+
+
+
+
+/****************************************************************************
+  main program
+****************************************************************************/
+ int main(int argc,char *argv[])
+{
+	int opt, i;
+	char *p;
+	int gotpass = 0;
+	extern char *optarg;
+	extern int optind;
+	BOOL correct = True;
+
+	dbf = x_stdout;
+
+#ifdef HAVE_SETBUFFER
+	setbuffer(stdout, NULL, 0);
+#endif
+
+	lp_load(dyn_CONFIGFILE,True,False,False);
+	load_interfaces();
+
+	if (argc < 2) {
+		usage();
+	}
+
+        for(p = argv[1]; *p; p++)
+          if(*p == '\\')
+            *p = '/';
+ 
+	if (strncmp(argv[1], "//", 2)) {
+		usage();
+	}
+
+	fstrcpy(host, &argv[1][2]);
+	p = strchr_m(&host[2],'/');
+	if (!p) {
+		usage();
+	}
+	*p = 0;
+	fstrcpy(share, p+1);
+
+	get_myname(myname);
+
+	if (*username == 0 && getenv("LOGNAME")) {
+	  pstrcpy(username,getenv("LOGNAME"));
+	}
+
+	argc--;
+	argv++;
+
+
+	fstrcpy(workgroup, lp_workgroup());
+
+	while ((opt = getopt(argc, argv, "hW:U:n:N:O:o:m:Ld:Ac:k")) != EOF) {
+		switch (opt) {
+		case 'W':
+			fstrcpy(workgroup,optarg);
+			break;
+		case 'm':
+			max_protocol = interpret_protocol(optarg, max_protocol);
+			break;
+		case 'N':
+			nprocs = atoi(optarg);
+			break;
+		case 'o':
+			numops = atoi(optarg);
+			break;
+		case 'd':
+			DEBUGLEVEL = atoi(optarg);
+			break;
+		case 'O':
+			sockops = optarg;
+			break;
+		case 'L':
+			use_oplocks = True;
+			break;
+		case 'A':
+			torture_showall = True;
+			break;
+		case 'n':
+			fstrcpy(myname, optarg);
+			break;
+		case 'c':
+			client_txt = optarg;
+			break;
+		case 'k':
+#ifdef HAVE_KRB5
+			use_kerberos = True;
+			gotpass = True;
+#else
+			d_printf("No kerberos support compiled in\n");
+			exit(1);
+#endif
+			break;
+		case 'U':
+			pstrcpy(username,optarg);
+			p = strchr_m(username,'%');
+			if (p) {
+				*p = 0;
+				pstrcpy(password, p+1);
+				gotpass = 1;
+			}
+			break;
+		default:
+			printf("Unknown option %c (%d)\n", (char)opt, opt);
+			usage();
+		}
+	}
+
+
+	while (!gotpass) {
+		p = getpass("Password:");
+		if (p) {
+			pstrcpy(password, p);
+			gotpass = 1;
+		}
+	}
+
+	printf("host=%s share=%s user=%s myname=%s\n", 
+	       host, share, username, myname);
+
+	if (argc == 1) {
+		correct = run_test("ALL");
+	} else {
+		for (i=1;i<argc;i++) {
+			if (!run_test(argv[i])) {
+				correct = False;
+			}
+		}
+	}
+
+	if (correct) {
+		return(0);
+	} else {
+		return(1);
+	}
+}
diff --git a/source3/torture/utable.c b/source3/torture/utable.c
new file mode 100644
index 0000000000..2b5a912062
--- /dev/null
+++ b/source3/torture/utable.c
@@ -0,0 +1,186 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB torture tester - unicode table dumper
+   Copyright (C) Andrew Tridgell 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#define NO_SYSLOG
+
+#include "includes.h"
+
+BOOL torture_utable(int dummy)
+{
+	static struct cli_state cli;
+	fstring fname, alt_name;
+	int fnum;
+	smb_ucs2_t c2;
+	int c, len, fd;
+	int chars_allowed=0, alt_allowed=0;
+	uint8 valid[0x10000];
+
+	printf("starting utable\n");
+
+	if (!torture_open_connection(&cli)) {
+		return False;
+	}
+
+	memset(valid, 0, sizeof(valid));
+
+	cli_mkdir(&cli, "\\utable");
+	cli_unlink(&cli, "\\utable\\*");
+
+	for (c=1; c < 0x10000; c++) {
+		char *p;
+
+		SSVAL(&c2, 0, c);
+		fstrcpy(fname, "\\utable\\x");
+		p = fname+strlen(fname);
+		len = convert_string(CH_UCS2, CH_UNIX, 
+				     &c2, 2, 
+				     p, sizeof(fname)-strlen(fname));
+		p[len] = 0;
+		fstrcat(fname,"_a_long_extension");
+
+		fnum = cli_open(&cli, fname, O_RDWR | O_CREAT | O_TRUNC, 
+				DENY_NONE);
+		if (fnum == -1) continue;
+
+		chars_allowed++;
+
+		cli_qpathinfo_alt_name(&cli, fname, alt_name);
+
+		if (strncmp(alt_name, "X_A_L", 5) != 0) {
+			alt_allowed++;
+			valid[c] = 1;
+			d_printf("fname=[%s] alt_name=[%s]\n", fname, alt_name);
+		}
+
+		cli_close(&cli, fnum);
+		cli_unlink(&cli, fname);
+
+		if (c % 100 == 0) {
+			printf("%d (%d/%d)\r", c, chars_allowed, alt_allowed);
+		}
+	}
+	printf("%d (%d/%d)\n", c, chars_allowed, alt_allowed);
+
+	cli_rmdir(&cli, "\\utable");
+
+	d_printf("%d chars allowed   %d alt chars allowed\n", chars_allowed, alt_allowed);
+
+	fd = open("valid.dat", O_WRONLY|O_CREAT|O_TRUNC, 0644);
+	if (fd == -1) {
+		d_printf("Failed to create valid.dat - %s", strerror(errno));
+		return False;
+	}
+	write(fd, valid, 0x10000);
+	close(fd);
+	d_printf("wrote valid.dat\n");
+
+	return True;
+}
+
+
+static char *form_name(int c)
+{
+	static fstring fname;
+	smb_ucs2_t c2;
+	char *p;
+	int len;
+
+	fstrcpy(fname, "\\utable\\");
+	p = fname+strlen(fname);
+	SSVAL(&c2, 0, c);
+
+	len = convert_string(CH_UCS2, CH_UNIX, 
+			     &c2, 2, 
+			     p, sizeof(fname)-strlen(fname));
+	p[len] = 0;
+	return fname;
+}
+
+BOOL torture_casetable(int dummy)
+{
+	static struct cli_state cli;
+	char *fname;
+	int fnum;
+	int c, i;
+#define MAX_EQUIVALENCE 8
+	smb_ucs2_t equiv[0x10000][MAX_EQUIVALENCE];
+	printf("starting casetable\n");
+
+	if (!torture_open_connection(&cli)) {
+		return False;
+	}
+
+	memset(equiv, 0, sizeof(equiv));
+
+	cli_mkdir(&cli, "\\utable");
+	cli_unlink(&cli, "\\utable\\*");
+
+	for (c=1; c < 0x10000; c++) {
+		size_t size;
+
+		if (c == '.' || c == '\\') continue;
+
+		printf("%04x\n", c);
+
+		fname = form_name(c);
+		fnum = cli_nt_create_full(&cli, fname, 
+					  GENERIC_ALL_ACCESS, 
+					  FILE_ATTRIBUTE_NORMAL,
+					  FILE_SHARE_NONE,
+					  FILE_OPEN_IF, 0);
+
+		if (fnum == -1) continue;
+
+		size = 0;
+
+		if (!cli_qfileinfo(&cli, fnum, NULL, &size, 
+				   NULL, NULL, NULL, NULL, NULL)) continue;
+
+		if (size > 0) {
+			/* found a character equivalence! */
+			int c2[MAX_EQUIVALENCE];
+
+			if (size/sizeof(int) >= MAX_EQUIVALENCE) {
+				printf("too many chars match?? size=%d c=0x%04x\n",
+				       size, c);
+				cli_close(&cli, fnum);
+				return False;
+			}
+
+			cli_read(&cli, fnum, (char *)c2, 0, size);
+			printf("%04x: ", c);
+			equiv[c][0] = c;
+			for (i=0; i<size/sizeof(int); i++) {
+				printf("%04x ", c2[i]);
+				equiv[c][i+1] = c2[i];
+			}
+			printf("\n");
+			fflush(stdout);
+		}
+
+		cli_write(&cli, fnum, 0, (char *)&c, size, sizeof(c));
+		cli_close(&cli, fnum);
+	}
+
+	cli_unlink(&cli, "\\utable\\*");
+	cli_rmdir(&cli, "\\utable");
+
+	return True;
+}
diff --git a/source3/ubiqx/.cvsignore b/source3/ubiqx/.cvsignore
new file mode 100644
index 0000000000..07da2225c7
--- /dev/null
+++ b/source3/ubiqx/.cvsignore
@@ -0,0 +1,3 @@
+*.po
+*.po32
+
diff --git a/source3/ubiqx/COPYING.LIB b/source3/ubiqx/COPYING.LIB
new file mode 100644
index 0000000000..8c8377da46
--- /dev/null
+++ b/source3/ubiqx/COPYING.LIB
@@ -0,0 +1,481 @@
+		  GNU LIBRARY GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1991 Free Software Foundation, Inc.
+                    675 Mass Ave, Cambridge, MA 02139, USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+[This is the first released version of the library GPL.  It is
+ numbered 2 because it goes with version 2 of the ordinary GPL.]
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+Licenses are intended to guarantee your freedom to share and change
+free software--to make sure the software is free for all its users.
+
+  This license, the Library General Public License, applies to some
+specially designated Free Software Foundation software, and to any
+other libraries whose authors decide to use it.  You can use it for
+your libraries, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if
+you distribute copies of the library, or if you modify it.
+
+  For example, if you distribute copies of the library, whether gratis
+or for a fee, you must give the recipients all the rights that we gave
+you.  You must make sure that they, too, receive or can get the source
+code.  If you link a program with the library, you must provide
+complete object files to the recipients so that they can relink them
+with the library, after making changes to the library and recompiling
+it.  And you must show them these terms so they know their rights.
+
+  Our method of protecting your rights has two steps: (1) copyright
+the library, and (2) offer you this license which gives you legal
+permission to copy, distribute and/or modify the library.
+
+  Also, for each distributor's protection, we want to make certain
+that everyone understands that there is no warranty for this free
+library.  If the library is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original
+version, so that any problems introduced by others will not reflect on
+the original authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that companies distributing free
+software will individually obtain patent licenses, thus in effect
+transforming the program into proprietary software.  To prevent this,
+we have made it clear that any patent must be licensed for everyone's
+free use or not licensed at all.
+
+  Most GNU software, including some libraries, is covered by the ordinary
+GNU General Public License, which was designed for utility programs.  This
+license, the GNU Library General Public License, applies to certain
+designated libraries.  This license is quite different from the ordinary
+one; be sure to read it in full, and don't assume that anything in it is
+the same as in the ordinary license.
+
+  The reason we have a separate public license for some libraries is that
+they blur the distinction we usually make between modifying or adding to a
+program and simply using it.  Linking a program with a library, without
+changing the library, is in some sense simply using the library, and is
+analogous to running a utility program or application program.  However, in
+a textual and legal sense, the linked executable is a combined work, a
+derivative of the original library, and the ordinary General Public License
+treats it as such.
+
+  Because of this blurred distinction, using the ordinary General
+Public License for libraries did not effectively promote software
+sharing, because most developers did not use the libraries.  We
+concluded that weaker conditions might promote sharing better.
+
+  However, unrestricted linking of non-free programs would deprive the
+users of those programs of all benefit from the free status of the
+libraries themselves.  This Library General Public License is intended to
+permit developers of non-free programs to use free libraries, while
+preserving your freedom as a user of such programs to change the free
+libraries that are incorporated in them.  (We have not seen how to achieve
+this as regards changes in header files, but we have achieved it as regards
+changes in the actual functions of the Library.)  The hope is that this
+will lead to faster development of free libraries.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.  Pay close attention to the difference between a
+"work based on the library" and a "work that uses the library".  The
+former contains code derived from the library, while the latter only
+works together with the library.
+
+  Note that it is possible for a library to be covered by the ordinary
+General Public License rather than by this special one.
+
+		  GNU LIBRARY GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License Agreement applies to any software library which
+contains a notice placed by the copyright holder or other authorized
+party saying it may be distributed under the terms of this Library
+General Public License (also called "this License").  Each licensee is
+addressed as "you".
+
+  A "library" means a collection of software functions and/or data
+prepared so as to be conveniently linked with application programs
+(which use some of those functions and data) to form executables.
+
+  The "Library", below, refers to any such software library or work
+which has been distributed under these terms.  A "work based on the
+Library" means either the Library or any derivative work under
+copyright law: that is to say, a work containing the Library or a
+portion of it, either verbatim or with modifications and/or translated
+straightforwardly into another language.  (Hereinafter, translation is
+included without limitation in the term "modification".)
+
+  "Source code" for a work means the preferred form of the work for
+making modifications to it.  For a library, complete source code means
+all the source code for all modules it contains, plus any associated
+interface definition files, plus the scripts used to control compilation
+and installation of the library.
+
+  Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running a program using the Library is not restricted, and output from
+such a program is covered only if its contents constitute a work based
+on the Library (independent of the use of the Library in a tool for
+writing it).  Whether that is true depends on what the Library does
+and what the program that uses the Library does.
+  
+  1. You may copy and distribute verbatim copies of the Library's
+complete source code as you receive it, in any medium, provided that
+you conspicuously and appropriately publish on each copy an
+appropriate copyright notice and disclaimer of warranty; keep intact
+all the notices that refer to this License and to the absence of any
+warranty; and distribute a copy of this License along with the
+Library.
+
+  You may charge a fee for the physical act of transferring a copy,
+and you may at your option offer warranty protection in exchange for a
+fee.
+
+  2. You may modify your copy or copies of the Library or any portion
+of it, thus forming a work based on the Library, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) The modified work must itself be a software library.
+
+    b) You must cause the files modified to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    c) You must cause the whole of the work to be licensed at no
+    charge to all third parties under the terms of this License.
+
+    d) If a facility in the modified Library refers to a function or a
+    table of data to be supplied by an application program that uses
+    the facility, other than as an argument passed when the facility
+    is invoked, then you must make a good faith effort to ensure that,
+    in the event an application does not supply such function or
+    table, the facility still operates, and performs whatever part of
+    its purpose remains meaningful.
+
+    (For example, a function in a library to compute square roots has
+    a purpose that is entirely well-defined independent of the
+    application.  Therefore, Subsection 2d requires that any
+    application-supplied function or table used by this function must
+    be optional: if the application does not supply it, the square
+    root function must still compute square roots.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Library,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Library, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote
+it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Library.
+
+In addition, mere aggregation of another work not based on the Library
+with the Library (or with a work based on the Library) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may opt to apply the terms of the ordinary GNU General Public
+License instead of this License to a given copy of the Library.  To do
+this, you must alter all the notices that refer to this License, so
+that they refer to the ordinary GNU General Public License, version 2,
+instead of to this License.  (If a newer version than version 2 of the
+ordinary GNU General Public License has appeared, then you can specify
+that version instead if you wish.)  Do not make any other change in
+these notices.
+
+  Once this change is made in a given copy, it is irreversible for
+that copy, so the ordinary GNU General Public License applies to all
+subsequent copies and derivative works made from that copy.
+
+  This option is useful when you wish to copy part of the code of
+the Library into a program that is not a library.
+
+  4. You may copy and distribute the Library (or a portion or
+derivative of it, under Section 2) in object code or executable form
+under the terms of Sections 1 and 2 above provided that you accompany
+it with the complete corresponding machine-readable source code, which
+must be distributed under the terms of Sections 1 and 2 above on a
+medium customarily used for software interchange.
+
+  If distribution of object code is made by offering access to copy
+from a designated place, then offering equivalent access to copy the
+source code from the same place satisfies the requirement to
+distribute the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  5. A program that contains no derivative of any portion of the
+Library, but is designed to work with the Library by being compiled or
+linked with it, is called a "work that uses the Library".  Such a
+work, in isolation, is not a derivative work of the Library, and
+therefore falls outside the scope of this License.
+
+  However, linking a "work that uses the Library" with the Library
+creates an executable that is a derivative of the Library (because it
+contains portions of the Library), rather than a "work that uses the
+library".  The executable is therefore covered by this License.
+Section 6 states terms for distribution of such executables.
+
+  When a "work that uses the Library" uses material from a header file
+that is part of the Library, the object code for the work may be a
+derivative work of the Library even though the source code is not.
+Whether this is true is especially significant if the work can be
+linked without the Library, or if the work is itself a library.  The
+threshold for this to be true is not precisely defined by law.
+
+  If such an object file uses only numerical parameters, data
+structure layouts and accessors, and small macros and small inline
+functions (ten lines or less in length), then the use of the object
+file is unrestricted, regardless of whether it is legally a derivative
+work.  (Executables containing this object code plus portions of the
+Library will still fall under Section 6.)
+
+  Otherwise, if the work is a derivative of the Library, you may
+distribute the object code for the work under the terms of Section 6.
+Any executables containing that work also fall under Section 6,
+whether or not they are linked directly with the Library itself.
+
+  6. As an exception to the Sections above, you may also compile or
+link a "work that uses the Library" with the Library to produce a
+work containing portions of the Library, and distribute that work
+under terms of your choice, provided that the terms permit
+modification of the work for the customer's own use and reverse
+engineering for debugging such modifications.
+
+  You must give prominent notice with each copy of the work that the
+Library is used in it and that the Library and its use are covered by
+this License.  You must supply a copy of this License.  If the work
+during execution displays copyright notices, you must include the
+copyright notice for the Library among them, as well as a reference
+directing the user to the copy of this License.  Also, you must do one
+of these things:
+
+    a) Accompany the work with the complete corresponding
+    machine-readable source code for the Library including whatever
+    changes were used in the work (which must be distributed under
+    Sections 1 and 2 above); and, if the work is an executable linked
+    with the Library, with the complete machine-readable "work that
+    uses the Library", as object code and/or source code, so that the
+    user can modify the Library and then relink to produce a modified
+    executable containing the modified Library.  (It is understood
+    that the user who changes the contents of definitions files in the
+    Library will not necessarily be able to recompile the application
+    to use the modified definitions.)
+
+    b) Accompany the work with a written offer, valid for at
+    least three years, to give the same user the materials
+    specified in Subsection 6a, above, for a charge no more
+    than the cost of performing this distribution.
+
+    c) If distribution of the work is made by offering access to copy
+    from a designated place, offer equivalent access to copy the above
+    specified materials from the same place.
+
+    d) Verify that the user has already received a copy of these
+    materials or that you have already sent this user a copy.
+
+  For an executable, the required form of the "work that uses the
+Library" must include any data and utility programs needed for
+reproducing the executable from it.  However, as a special exception,
+the source code distributed need not include anything that is normally
+distributed (in either source or binary form) with the major
+components (compiler, kernel, and so on) of the operating system on
+which the executable runs, unless that component itself accompanies
+the executable.
+
+  It may happen that this requirement contradicts the license
+restrictions of other proprietary libraries that do not normally
+accompany the operating system.  Such a contradiction means you cannot
+use both them and the Library together in an executable that you
+distribute.
+
+  7. You may place library facilities that are a work based on the
+Library side-by-side in a single library together with other library
+facilities not covered by this License, and distribute such a combined
+library, provided that the separate distribution of the work based on
+the Library and of the other library facilities is otherwise
+permitted, and provided that you do these two things:
+
+    a) Accompany the combined library with a copy of the same work
+    based on the Library, uncombined with any other library
+    facilities.  This must be distributed under the terms of the
+    Sections above.
+
+    b) Give prominent notice with the combined library of the fact
+    that part of it is a work based on the Library, and explaining
+    where to find the accompanying uncombined form of the same work.
+
+  8. You may not copy, modify, sublicense, link with, or distribute
+the Library except as expressly provided under this License.  Any
+attempt otherwise to copy, modify, sublicense, link with, or
+distribute the Library is void, and will automatically terminate your
+rights under this License.  However, parties who have received copies,
+or rights, from you under this License will not have their licenses
+terminated so long as such parties remain in full compliance.
+
+  9. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Library or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Library (or any work based on the
+Library), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Library or works based on it.
+
+  10. Each time you redistribute the Library (or any work based on the
+Library), the recipient automatically receives a license from the
+original licensor to copy, distribute, link with or modify the Library
+subject to these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  11. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Library at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Library by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Library.
+
+If any portion of this section is held invalid or unenforceable under any
+particular circumstance, the balance of the section is intended to apply,
+and the section as a whole is intended to apply in other circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  12. If the distribution and/or use of the Library is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Library under this License may add
+an explicit geographical distribution limitation excluding those countries,
+so that distribution is permitted only in or among countries not thus
+excluded.  In such case, this License incorporates the limitation as if
+written in the body of this License.
+
+  13. The Free Software Foundation may publish revised and/or new
+versions of the Library General Public License from time to time.
+Such new versions will be similar in spirit to the present version,
+but may differ in detail to address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Library
+specifies a version number of this License which applies to it and
+"any later version", you have the option of following the terms and
+conditions either of that version or of any later version published by
+the Free Software Foundation.  If the Library does not specify a
+license version number, you may choose any version ever published by
+the Free Software Foundation.
+
+  14. If you wish to incorporate parts of the Library into other free
+programs whose distribution conditions are incompatible with these,
+write to the author to ask for permission.  For software which is
+copyrighted by the Free Software Foundation, write to the Free
+Software Foundation; we sometimes make exceptions for this.  Our
+decision will be guided by the two goals of preserving the free status
+of all derivatives of our free software and of promoting the sharing
+and reuse of software generally.
+
+			    NO WARRANTY
+
+  15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
+WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
+EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
+OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY
+KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
+LIBRARY IS WITH YOU.  SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME
+THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
+WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
+AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU
+FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
+CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
+LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
+RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
+FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
+SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
+DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+
+     Appendix: How to Apply These Terms to Your New Libraries
+
+  If you develop a new library, and you want it to be of the greatest
+possible use to the public, we recommend making it free software that
+everyone can redistribute and change.  You can do so by permitting
+redistribution under these terms (or, alternatively, under the terms of the
+ordinary General Public License).
+
+  To apply these terms, attach the following notices to the library.  It is
+safest to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least the
+"copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the library's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This library is free software; you can redistribute it and/or
+    modify it under the terms of the GNU Library General Public
+    License as published by the Free Software Foundation; either
+    version 2 of the License, or (at your option) any later version.
+
+    This library is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    Library General Public License for more details.
+
+    You should have received a copy of the GNU Library General Public
+    License along with this library; if not, write to the Free
+    Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+Also add information on how to contact you by electronic and paper mail.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the library, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the
+  library `Frob' (a library for tweaking knobs) written by James Random Hacker.
+
+  <signature of Ty Coon>, 1 April 1990
+  Ty Coon, President of Vice
+
+That's all there is to it!
diff --git a/source3/ubiqx/README.UBI b/source3/ubiqx/README.UBI
new file mode 100644
index 0000000000..a2c14ca62c
--- /dev/null
+++ b/source3/ubiqx/README.UBI
@@ -0,0 +1,18 @@
+Fri Apr 17 10:21:56 CDT 1998
+
+The C code files in the samba/source/ubiqx directory are licensed under
+the terms of the GNU LIBRARY GENERAL PUBLIC LICENSE (LGPL).  A copy of the
+LGPL should also be included in this directory under the name COPYING.LIB. 
+If this file is not present, you can obtain a copy of the LGPL by writing
+to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139,
+USA. 
+
+The versions of the ubiqx modules distributed with Samba may have been
+modified for inclusion with Samba.  The main distribution, which contains
+additional available modules, can be found at: 
+
+  http://www.interads.co.uk/~crh/ubiqx/
+
+Chris Hertel
+Samba Team
+ubiqx@ubiqx.mn.org
diff --git a/source3/ubiqx/debugparse.c b/source3/ubiqx/debugparse.c
new file mode 100644
index 0000000000..5da5280f19
--- /dev/null
+++ b/source3/ubiqx/debugparse.c
@@ -0,0 +1,308 @@
+/* ========================================================================== **
+ *                                debugparse.c
+ *
+ * Copyright (C) 1998 by Christopher R. Hertel
+ *
+ * Email: crh@ubiqx.mn.org
+ *
+ * -------------------------------------------------------------------------- **
+ * This module is a very simple parser for Samba debug log files.
+ * -------------------------------------------------------------------------- **
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public
+ *  License along with this library; if not, write to the Free
+ *  Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ * -------------------------------------------------------------------------- **
+ * The important function in this module is dbg_char2token().  The rest is
+ * basically fluff.  (Potentially useful fluff, but still fluff.)
+ * ========================================================================== **
+ */
+
+#include "debugparse.h"
+
+/* -------------------------------------------------------------------------- **
+ * Constants...
+ *
+ *  DBG_BSIZE - This internal constant is used only by dbg_test().  It is the
+ *          size of the read buffer.  I've tested the function using a
+ *          DBG_BSIZE value of 2.
+ */
+
+#define DBG_BSIZE 128
+
+/* -------------------------------------------------------------------------- **
+ * Functions...
+ */
+
+char *dbg_token2string( dbg_Token tok )
+  /* ------------------------------------------------------------------------ **
+   * Given a token, return a string describing the token.
+   *
+   *  Input:  tok - One of the set of dbg_Tokens defined in debugparse.h.
+   *
+   *  Output: A string identifying the token.  This is useful for debugging,
+   *          etc.
+   *
+   *  Note:   If the token is not known, this function will return the
+   *          string "<unknown>".
+   *
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  switch( tok )
+    {
+    case dbg_null:
+      return( "null" );
+    case dbg_ignore:
+      return( "ignore" );
+    case dbg_header:
+      return( "header" );
+    case dbg_timestamp:
+      return( "time stamp" );
+    case dbg_level:
+      return( "level" );
+    case dbg_sourcefile:
+      return( "source file" );
+    case dbg_function:
+      return( "function" );
+    case dbg_lineno:
+      return( "line number" );
+    case dbg_message:
+      return( "message" );
+    case dbg_eof:
+      return( "[EOF]" );
+    }
+  return( "<unknown>" );
+  } /* dbg_token2string */
+
+dbg_Token dbg_char2token( dbg_Token *state, int c )
+  /* ------------------------------------------------------------------------ **
+   * Parse input one character at a time.
+   *
+   *  Input:  state - A pointer to a token variable.  This is used to
+   *                  maintain the parser state between calls.  For
+   *                  each input stream, you should set up a separate
+   *                  state variable and initialize it to dbg_null.
+   *                  Pass a pointer to it into this function with each
+   *                  character in the input stream.  See dbg_test()
+   *                  for an example.
+   *          c     - The "current" character in the input stream.
+   *
+   *  Output: A token.
+   *          The token value will change when delimiters are found,
+   *          which indicate a transition between syntactical objects.
+   *          Possible return values are:
+   *
+   *          dbg_null        - The input character was an end-of-line.
+   *                            This resets the parser to its initial state
+   *                            in preparation for parsing the next line.
+   *          dbg_eof         - Same as dbg_null, except that the character
+   *                            was an end-of-file.
+   *          dbg_ignore      - Returned for whitespace and delimiters.
+   *                            These lexical tokens are only of interest
+   *                            to the parser.
+   *          dbg_header      - Indicates the start of a header line.  The
+   *                            input character was '[' and was the first on
+   *                            the line.
+   *          dbg_timestamp   - Indicates that the input character was part
+   *                            of a header timestamp.
+   *          dbg_level       - Indicates that the input character was part
+   *                            of the debug-level value in the header.
+   *          dbg_sourcefile  - Indicates that the input character was part
+   *                            of the sourcefile name in the header.
+   *          dbg_function    - Indicates that the input character was part
+   *                            of the function name in the header.
+   *          dbg_lineno      - Indicates that the input character was part
+   *                            of the DEBUG call line number in the header.
+   *          dbg_message     - Indicates that the input character was part
+   *                            of the DEBUG message text.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  /* The terminating characters that we see will greatly depend upon
+   * how they are read.  For example, if gets() is used instead of
+   * fgets(), then we will not see newline characters.  A lot also
+   * depends on the calling function, which may handle terminators
+   * itself.
+   *
+   * '\n', '\0', and EOF are all considered line terminators.  The
+   * dbg_eof token is sent back if an EOF is encountered.
+   *
+   * Warning:  only allow the '\0' character to be sent if you are
+   *           using gets() to read whole lines (thus replacing '\n'
+   *           with '\0').  Sending '\0' at the wrong time will mess
+   *           up the parsing.
+   */
+  switch( c )
+    {
+    case EOF:
+      *state = dbg_null;   /* Set state to null (initial state) so */
+      return( dbg_eof );   /* that we can restart with new input.  */
+    case '\n':
+    case '\0':
+      *state = dbg_null;   /* A newline or eoln resets to the null state. */
+      return( dbg_null );
+    }
+
+  /* When within the body of the message, only a line terminator
+   * can cause a change of state.  We've already checked for line
+   * terminators, so if the current state is dbg_msgtxt, simply
+   * return that as our current token.
+   */
+  if( dbg_message == *state )
+    return( dbg_message );
+
+  /* If we are at the start of a new line, and the input character 
+   * is an opening bracket, then the line is a header line, otherwise
+   * it's a message body line.
+   */
+  if( dbg_null == *state )
+    {
+    if( '[' == c )
+      {
+      *state = dbg_timestamp;
+      return( dbg_header );
+      }
+    *state = dbg_message;
+    return( dbg_message );
+    }
+
+  /* We've taken care of terminators, text blocks and new lines.
+   * The remaining possibilities are all within the header line
+   * itself.
+   */
+
+  /* Within the header line, whitespace can be ignored *except*
+   * within the timestamp.
+   */
+  if( isspace( c ) )
+    {
+    /* Fudge.  The timestamp may contain space characters. */
+    if( (' ' == c) && (dbg_timestamp == *state) )
+      return( dbg_timestamp );
+    /* Otherwise, ignore whitespace. */
+    return( dbg_ignore );
+    }
+
+  /* Okay, at this point we know we're somewhere in the header.
+   * Valid header *states* are: dbg_timestamp, dbg_level,
+   * dbg_sourcefile, dbg_function, and dbg_lineno.
+   */
+  switch( c )
+    {
+    case ',':
+      if( dbg_timestamp == *state )
+        {
+        *state = dbg_level;
+        return( dbg_ignore );
+        }
+      break;
+    case ']':
+      if( dbg_level == *state )
+        {
+        *state = dbg_sourcefile;
+        return( dbg_ignore );
+        }
+      break;
+    case ':':
+      if( dbg_sourcefile == *state )
+        {
+        *state = dbg_function;
+        return( dbg_ignore );
+        }
+      break;
+    case '(':
+      if( dbg_function == *state )
+        {
+        *state = dbg_lineno;
+        return( dbg_ignore );
+        }
+      break;
+    case ')':
+      if( dbg_lineno == *state )
+        {
+        *state = dbg_null;
+        return( dbg_ignore );
+        }
+      break;
+    }
+
+  /* If the previous block did not result in a state change, then
+   * return the current state as the current token.
+   */
+  return( *state );
+  } /* dbg_char2token */
+
+void dbg_test( void )
+  /* ------------------------------------------------------------------------ **
+   * Simple test function.
+   *
+   *  Input:  none.
+   *  Output: none.
+   *  Notes:  This function was used to test dbg_char2token().  It reads a
+   *          Samba log file from stdin and prints parsing info to stdout.
+   *          It also serves as a simple example.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  char bufr[DBG_BSIZE];
+  int  i;
+  int  linecount  = 1;
+  dbg_Token old   = dbg_null,
+            new   = dbg_null,
+            state = dbg_null;
+
+  while( fgets( bufr, DBG_BSIZE, stdin ) )
+    {
+    for( i = 0; bufr[i]; i++ )
+      {
+      old = new;
+      new = dbg_char2token( &state, bufr[i] );
+      switch( new )
+        {
+        case dbg_header:
+          if( linecount > 1 )
+            (void)putchar( '\n' );
+          break;
+        case dbg_null:
+          linecount++;
+          break;
+        case dbg_ignore:
+          break;
+        default:
+          if( old != new )
+            (void)printf( "\n[%05d]%12s: ", linecount, dbg_token2string(new) );
+          (void)putchar( bufr[i] );
+        }
+      }
+    }
+  (void)putchar( '\n' );
+  } /* dbg_test */
+
+
+/* -------------------------------------------------------------------------- **
+ * This simple main line can be uncommented and used to test the parser.
+ */
+
+/*
+ * int main( void )
+ *  {
+ *  dbg_test();
+ *  return( 0 );
+ *  }
+ */
+
+/* ========================================================================== */
diff --git a/source3/ubiqx/debugparse.h b/source3/ubiqx/debugparse.h
new file mode 100644
index 0000000000..9ed1777e95
--- /dev/null
+++ b/source3/ubiqx/debugparse.h
@@ -0,0 +1,127 @@
+#ifndef DEBUGPARSE_H
+#define DEBUGPARSE_H
+/* ========================================================================== **
+ *                                debugparse.c
+ *
+ * Copyright (C) 1998 by Christopher R. Hertel
+ *
+ * Email: crh@ubiqx.mn.org
+ *
+ * -------------------------------------------------------------------------- **
+ * This module is a very simple parser for Samba debug log files.
+ * -------------------------------------------------------------------------- **
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public
+ *  License along with this library; if not, write to the Free
+ *  Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ * -------------------------------------------------------------------------- **
+ * The important function in this module is dbg_char2token().  The rest is
+ * basically fluff.  (Potentially useful fluff, but still fluff.)
+ * ========================================================================== **
+ */
+
+#include "sys_include.h"
+
+/* This module compiles quite nicely outside of the Samba environment.
+ * You'll need the following headers:
+#include <ctype.h>
+#include <stdio.h>
+#include <string.h>
+ */
+
+/* -------------------------------------------------------------------------- **
+ * These are the tokens returned by dbg_char2token().
+ */
+
+typedef enum
+  {
+  dbg_null = 0,
+  dbg_ignore,
+  dbg_header,
+  dbg_timestamp,
+  dbg_level,
+  dbg_sourcefile,
+  dbg_function,
+  dbg_lineno,
+  dbg_message,
+  dbg_eof
+  } dbg_Token;
+
+/* -------------------------------------------------------------------------- **
+ * Function prototypes...
+ */
+
+ char *dbg_token2string( dbg_Token tok );
+  /* ------------------------------------------------------------------------ **
+   * Given a token, return a string describing the token.
+   *
+   *  Input:  tok - One of the set of dbg_Tokens defined in debugparse.h.
+   *
+   *  Output: A string identifying the token.  This is useful for debugging,
+   *          etc.
+   *
+   *  Note:   If the token is not known, this function will return the
+   *          string "<unknown>".
+   *
+   * ------------------------------------------------------------------------ **
+   */
+
+ dbg_Token dbg_char2token( dbg_Token *state, int c );
+  /* ------------------------------------------------------------------------ **
+   * Parse input one character at a time.
+   *
+   *  Input:  state - A pointer to a token variable.  This is used to
+   *                  maintain the parser state between calls.  For
+   *                  each input stream, you should set up a separate
+   *                  state variable and initialize it to dbg_null.
+   *                  Pass a pointer to it into this function with each
+   *                  character in the input stream.  See dbg_test()
+   *                  for an example.
+   *          c     - The "current" character in the input stream.
+   *
+   *  Output: A token.
+   *          The token value will change when delimiters are found,
+   *          which indicate a transition between syntactical objects.
+   *          Possible return values are:
+   *
+   *          dbg_null        - The input character was an end-of-line.
+   *                            This resets the parser to its initial state
+   *                            in preparation for parsing the next line.
+   *          dbg_eof         - Same as dbg_null, except that the character
+   *                            was an end-of-file.
+   *          dbg_ignore      - Returned for whitespace and delimiters.
+   *                            These lexical tokens are only of interest
+   *                            to the parser.
+   *          dbg_header      - Indicates the start of a header line.  The
+   *                            input character was '[' and was the first on
+   *                            the line.
+   *          dbg_timestamp   - Indicates that the input character was part
+   *                            of a header timestamp.
+   *          dbg_level       - Indicates that the input character was part
+   *                            of the debug-level value in the header.
+   *          dbg_sourcefile  - Indicates that the input character was part
+   *                            of the sourcefile name in the header.
+   *          dbg_function    - Indicates that the input character was part
+   *                            of the function name in the header.
+   *          dbg_lineno      - Indicates that the input character was part
+   *                            of the DEBUG call line number in the header.
+   *          dbg_message     - Indicates that the input character was part
+   *                            of the DEBUG message text.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+
+
+/* -------------------------------------------------------------------------- */
+#endif /* DEBUGPARSE_H */
diff --git a/source3/ubiqx/sys_include.h b/source3/ubiqx/sys_include.h
new file mode 100644
index 0000000000..8ff270afe8
--- /dev/null
+++ b/source3/ubiqx/sys_include.h
@@ -0,0 +1,52 @@
+#ifndef SYS_INCLUDE_H
+#define SYS_INCLUDE_H
+/* ========================================================================== **
+ *                               sys_include.h
+ *
+ *  Copyright (C) 1998 by Christopher R. Hertel
+ *
+ *  Email: crh@ubiqx.mn.org
+ * -------------------------------------------------------------------------- **
+ *  This header provides system declarations and data types used internally
+ *  by the ubiqx modules.
+ * -------------------------------------------------------------------------- **
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public
+ *  License along with this library; if not, write to the Free
+ *  Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ * -------------------------------------------------------------------------- **
+ *
+ *  Samba version of sys_include.h
+ *
+ * ========================================================================== **
+ */
+
+#ifndef _INCLUDES_H
+
+/* Block the inclusion of some Samba headers so that ubiqx types won't be
+ * used before the headers that define them.  These headers are not needed
+ * in the ubiqx modules anyway.
+ */
+#define _PROTO_H_
+#define _NAMESERV_H_
+#define _HASH_H_
+
+/* The main Samba system-adaptive header file.
+ */
+#include "includes.h"
+
+#endif /* _INCLUDES_H */
+
+/* ================================ The End ================================= */
+#endif /* SYS_INCLUDE_H */
diff --git a/source3/ubiqx/ubi_BinTree.c b/source3/ubiqx/ubi_BinTree.c
new file mode 100644
index 0000000000..8a4d461280
--- /dev/null
+++ b/source3/ubiqx/ubi_BinTree.c
@@ -0,0 +1,1132 @@
+/* ========================================================================== **
+ *                              ubi_BinTree.c
+ *
+ *  Copyright (C) 1991-1998 by Christopher R. Hertel
+ *
+ *  Email:  crh@ubiqx.mn.org
+ * -------------------------------------------------------------------------- **
+ *
+ *  This module implements a simple binary tree.
+ *
+ * -------------------------------------------------------------------------- **
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public
+ *  License along with this library; if not, write to the Free
+ *  Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ * -------------------------------------------------------------------------- **
+ *
+ * Log: ubi_BinTree.c,v 
+ * Revision 4.10  2000/06/06 20:38:40  crh
+ * In the ReplaceNode() function, the old node header was being copied
+ * to the new node header using a byte-by-byte copy.  This was causing
+ * the 'insure' software testing program to report a memory leak.  The
+ * fix was to do a simple assignement: *newnode = *oldnode;
+ * This quieted the (errant) memory leak reports and is probably a bit
+ * faster than the bytewise copy.
+ *
+ * Revision 4.9  2000/01/08 23:24:30  crh
+ * Clarified a variety of if( pointer ) lines, replacing them with
+ * if( NULL != pointer ).  This is more correct, and I have heard
+ * of at least one (obscure?) system out there that uses a non-zero
+ * value for NULL.
+ * Also, speed improvement in Neighbor().  It was comparing pointers
+ * when it could have compared two gender values.  The pointer
+ * comparison was somewhat indirect (does pointer equal the pointer
+ * of the parent of the node pointed to by pointer).  Urq.
+ *
+ * Revision 4.8  1999/09/22 03:40:30  crh
+ * Modified ubi_btTraverse() and ubi_btKillTree().  They now return an
+ * unsigned long indicating the number of nodes processed.  The change
+ * is subtle.  An empty tree formerly returned False, and now returns
+ * zero.
+ *
+ * Revision 4.7  1998/10/21 06:14:42  crh
+ * Fixed bugs in FirstOf() and LastOf() reported by Massimo Campostrini.
+ * See function comments.
+ *
+ * Revision 4.6  1998/07/25 17:02:10  crh
+ * Added the ubi_trNewTree() macro.
+ *
+ * Revision 4.5  1998/06/04 21:29:27  crh
+ * Upper-cased defined constants (eg UBI_BINTREE_H) in some header files.
+ * This is more "standard", and is what people expect.  Weird, eh?
+ *
+ * Revision 4.4  1998/06/03 17:42:46  crh
+ * Further fiddling with sys_include.h.  It's now in ubi_BinTree.h which is
+ * included by all of the binary tree files.
+ *
+ * Reminder: Some of the ubi_tr* macros in ubi_BinTree.h are redefined in
+ *           ubi_AVLtree.h and ubi_SplayTree.h.  This allows easy swapping
+ *           of tree types by simply changing a header.  Unfortunately, the
+ *           macro redefinitions in ubi_AVLtree.h and ubi_SplayTree.h will
+ *           conflict if used together.  You must either choose a single tree
+ *           type, or use the underlying function calls directly.  Compare
+ *           the two header files for more information.
+ *
+ * Revision 4.3  1998/06/02 01:28:43  crh
+ * Changed ubi_null.h to sys_include.h to make it more generic.
+ *
+ * Revision 4.2  1998/05/20 04:32:36  crh
+ * The C file now includes ubi_null.h.  See ubi_null.h for more info.
+ * Also, the balance and gender fields of the node were declared as
+ * signed char.  As I understand it, at least one SunOS or Solaris
+ * compiler doesn't like "signed char".  The declarations were
+ * wrong anyway, so I changed them to simple "char".
+ *
+ * Revision 4.1  1998/03/31 06:11:57  crh
+ * Thomas Aglassinger sent E'mail pointing out errors in the
+ * dereferencing of function pointers, and a missing typecast.
+ * Thanks, Thomas!
+ *
+ * Revision 4.0  1998/03/10 03:19:22  crh
+ * Added the AVL field 'balance' to the ubi_btNode structure.  This means
+ * that all BinTree modules now use the same basic node structure, which
+ * greatly simplifies the AVL module.
+ * Decided that this was a big enough change to justify a new major revision
+ * number.  3.0 was an error, so we're at 4.0.
+ *
+ * Revision 2.6  1998/01/24 06:27:46  crh
+ * Added ubi_trCount() macro.
+ *
+ * Revision 2.5  1997/12/23 03:56:29  crh
+ * In this version, all constants & macros defined in the header file have
+ * the ubi_tr prefix.  Also cleaned up anything that gcc complained about
+ * when run with '-pedantic -fsyntax-only -Wall'.
+ *
+ * Revision 2.4  1997/07/26 04:11:10  crh
+ * + Just to be annoying I changed ubi_TRUE and ubi_FALSE to ubi_trTRUE
+ *   and ubi_trFALSE.
+ * + There is now a type ubi_trBool to go with ubi_trTRUE and ubi_trFALSE.
+ * + There used to be something called "ubi_TypeDefs.h".  I got rid of it.
+ * + Added function ubi_btLeafNode().
+ *
+ * Revision 2.3  1997/06/03 05:16:17  crh
+ * Changed TRUE and FALSE to ubi_TRUE and ubi_FALSE to avoid conflicts.
+ * Also changed the interface to function InitTree().  See the comments
+ * for this function for more information.
+ *
+ * Revision 2.2  1995/10/03 22:00:07  CRH
+ * Ubisized!
+ * 
+ * Revision 2.1  95/03/09  23:37:10  CRH
+ * Added the ModuleID static string and function.  These modules are now
+ * self-identifying.
+ * 
+ * Revision 2.0  95/02/27  22:00:17  CRH
+ * Revision 2.0 of this program includes the following changes:
+ *
+ *     1)  A fix to a major typo in the RepaceNode() function.
+ *     2)  The addition of the static function Border().
+ *     3)  The addition of the public functions FirstOf() and LastOf(), which
+ *         use Border(). These functions are used with trees that allow
+ *         duplicate keys.
+ *     4)  A complete rewrite of the Locate() function.  Locate() now accepts
+ *         a "comparison" operator.
+ *     5)  Overall enhancements to both code and comments.
+ *
+ * I decided to give this a new major rev number because the interface has
+ * changed.  In particular, there are two new functions, and changes to the
+ * Locate() function.
+ *
+ * Revision 1.0  93/10/15  22:44:59  CRH
+ * With this revision, I have added a set of #define's that provide a single,
+ * standard API to all existing tree modules.  Until now, each of the three
+ * existing modules had a different function and typedef prefix, as follows:
+ *
+ *       Module        Prefix
+ *     ubi_BinTree     ubi_bt
+ *     ubi_AVLtree     ubi_avl
+ *     ubi_SplayTree   ubi_spt
+ *
+ * To further complicate matters, only those portions of the base module
+ * (ubi_BinTree) that were superceeded in the new module had the new names.
+ * For example, if you were using ubi_SplayTree, the locate function was
+ * called "ubi_sptLocate", but the next and previous functions remained
+ * "ubi_btNext" and "ubi_btPrev".
+ *
+ * This was not too terrible if you were familiar with the modules and knew
+ * exactly which tree model you wanted to use.  If you wanted to be able to
+ * change modules (for speed comparisons, etc), things could get messy very
+ * quickly.
+ *
+ * So, I have added a set of defined names that get redefined in any of the
+ * descendant modules.  To use this standardized interface in your code,
+ * simply replace all occurances of "ubi_bt", "ubi_avl", and "ubi_spt" with
+ * "ubi_tr".  The "ubi_tr" names will resolve to the correct function or
+ * datatype names for the module that you are using.  Just remember to
+ * include the header for that module in your program file.  Because these
+ * names are handled by the preprocessor, there is no added run-time
+ * overhead.
+ *
+ * Note that the original names do still exist, and can be used if you wish
+ * to write code directly to a specific module.  This should probably only be
+ * done if you are planning to implement a new descendant type, such as
+ * red/black trees.  CRH
+ *
+ *  V0.0 - June, 1991   -  Written by Christopher R. Hertel (CRH).
+ *
+ * ========================================================================== **
+ */
+
+#include "ubi_BinTree.h"  /* Header for this module.   */
+
+/* ========================================================================== **
+ * Static data.
+ */
+
+static char ModuleID[] = "ubi_BinTree\n\
+\tRevision: 4.10 \n\
+\tDate: 2000/06/06 20:38:40 \n\
+\tAuthor: crh \n";
+
+/* ========================================================================== **
+ * Internal (private) functions.
+ */
+
+static ubi_btNodePtr qFind( ubi_btCompFunc cmp,
+                            ubi_btItemPtr  FindMe,
+                   register ubi_btNodePtr  p )
+  /* ------------------------------------------------------------------------ **
+   * This function performs a non-recursive search of a tree for a node
+   * matching a specific key.  It is called "qFind()" because it is
+   * faster that TreeFind (below).
+   *
+   *  Input:
+   *     cmp      -  a pointer to the tree's comparison function.
+   *     FindMe   -  a pointer to the key value for which to search.
+   *     p        -  a pointer to the starting point of the search.  <p>
+   *                 is considered to be the root of a subtree, and only
+   *                 the subtree will be searched.
+   *
+   *  Output:
+   *     A pointer to a node with a key that matches the key indicated by
+   *     FindMe, or NULL if no such node was found.
+   *
+   *  Note:   In a tree that allows duplicates, the pointer returned *might
+   *          not* point to the (sequentially) first occurance of the
+   *          desired key.
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  int tmp;
+
+  while( (NULL != p)
+      && ((tmp = ubi_trAbNormal( (*cmp)(FindMe, p) )) != ubi_trEQUAL) )
+    p = p->Link[tmp];
+
+  return( p );
+  } /* qFind */
+
+static ubi_btNodePtr TreeFind( ubi_btItemPtr  findme,
+                               ubi_btNodePtr  p,
+                               ubi_btNodePtr *parentp,
+                               char          *gender,
+                               ubi_btCompFunc CmpFunc )
+  /* ------------------------------------------------------------------------ **
+   * TreeFind() searches a tree for a given value (findme).  It will return a
+   * pointer to the target node, if found, or NULL if the target node was not
+   * found.
+   *
+   * TreeFind() also returns, via parameters, a pointer to the parent of the
+   * target node, and a LEFT or RIGHT value indicating which child of the
+   * parent is the target node.  *If the target is not found*, then these
+   * values indicate the place at which the target *should be found*.  This
+   * is useful when inserting a new node into a tree or searching for nodes
+   * "near" the target node.
+   *
+   * The parameters are:
+   *
+   *  findme   -  is a pointer to the key information to be searched for.
+   *  p        -  points to the root of the tree to be searched.
+   *  parentp  -  will return a pointer to a pointer to the !parent! of the
+   *              target node, which can be especially usefull if the target
+   *              was not found.
+   *  gender   -  returns LEFT or RIGHT to indicate which child of *parentp
+   *              was last searched.
+   *  CmpFunc  -  points to the comparison function.
+   *
+   * This function is called by ubi_btLocate() and ubi_btInsert().
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  register ubi_btNodePtr tmp_p      = p;
+  ubi_btNodePtr          tmp_pp     = NULL;
+  char                   tmp_gender = ubi_trEQUAL;
+  int                    tmp_cmp;
+
+  while( (NULL != tmp_p)
+     && (ubi_trEQUAL != (tmp_cmp = ubi_trAbNormal((*CmpFunc)(findme, tmp_p)))) )
+    {
+    tmp_pp     = tmp_p;                 /* Keep track of previous node. */
+    tmp_gender = (char)tmp_cmp;         /* Keep track of sex of child.  */
+    tmp_p      = tmp_p->Link[tmp_cmp];  /* Go to child. */
+    }
+  *parentp = tmp_pp;                /* Return results. */
+  *gender  = tmp_gender;
+  return( tmp_p );
+  } /* TreeFind */
+
+static void ReplaceNode( ubi_btNodePtr *parent,
+                         ubi_btNodePtr  oldnode,
+                         ubi_btNodePtr  newnode )
+  /* ------------------------------------------------------------------------ **
+   * Remove node oldnode from the tree, replacing it with node newnode.
+   *
+   * Input:
+   *  parent   - A pointer to he parent pointer of the node to be
+   *             replaced.  <parent> may point to the Link[] field of
+   *             a parent node, or it may indicate the root pointer at
+   *             the top of the tree.
+   *  oldnode  - A pointer to the node that is to be replaced.
+   *  newnode  - A pointer to the node that is to be installed in the
+   *             place of <*oldnode>.
+   *
+   * Notes:    Don't forget to free oldnode.
+   *           Also, this function used to have a really nasty typo
+   *           bug.  "oldnode" and "newnode" were swapped in the line
+   *           that now reads:
+   *     ((unsigned char *)newnode)[i] = ((unsigned char *)oldnode)[i];
+   *           Bleah!
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  *newnode = *oldnode;  /* Copy node internals to new node. */
+
+  (*parent) = newnode;  /* Old node's parent points to new child. */
+  /* Now tell the children about their new step-parent. */
+  if( oldnode->Link[ubi_trLEFT] )
+    (oldnode->Link[ubi_trLEFT])->Link[ubi_trPARENT] = newnode;
+  if( oldnode->Link[ubi_trRIGHT] )
+    (oldnode->Link[ubi_trRIGHT])->Link[ubi_trPARENT] = newnode;
+  } /* ReplaceNode */
+
+static void SwapNodes( ubi_btRootPtr RootPtr,
+                       ubi_btNodePtr Node1,
+                       ubi_btNodePtr Node2 )
+  /* ------------------------------------------------------------------------ **
+   * This function swaps two nodes in the tree.  Node1 will take the place of
+   * Node2, and Node2 will fill in the space left vacant by Node 1.
+   *
+   * Input:
+   *  RootPtr  - pointer to the tree header structure for this tree.
+   *  Node1    - \
+   *              > These are the two nodes which are to be swapped.
+   *  Node2    - /
+   *
+   * Notes:
+   *  This function does a three step swap, using a dummy node as a place
+   *  holder.  This function is used by ubi_btRemove().
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  ubi_btNodePtr *Parent;
+  ubi_btNode     dummy;
+  ubi_btNodePtr  dummy_p = &dummy;
+
+  /* Replace Node 1 with the dummy, thus removing Node1 from the tree. */
+  if( NULL != Node1->Link[ubi_trPARENT] )
+    Parent = &((Node1->Link[ubi_trPARENT])->Link[(int)(Node1->gender)]);
+  else
+    Parent = &(RootPtr->root);
+  ReplaceNode( Parent, Node1, dummy_p );
+
+  /* Swap Node 1 with Node 2, placing Node 1 back into the tree. */
+  if( NULL != Node2->Link[ubi_trPARENT] )
+    Parent = &((Node2->Link[ubi_trPARENT])->Link[(int)(Node2->gender)]);
+  else
+    Parent = &(RootPtr->root);
+  ReplaceNode( Parent, Node2, Node1 );
+
+  /* Swap Node 2 and the dummy, thus placing Node 2 back into the tree. */
+  if( NULL != dummy_p->Link[ubi_trPARENT] )
+    Parent = &((dummy_p->Link[ubi_trPARENT])->Link[(int)(dummy_p->gender)]);
+  else
+    Parent = &(RootPtr->root);
+  ReplaceNode( Parent, dummy_p, Node2 );
+  } /* SwapNodes */
+
+/* -------------------------------------------------------------------------- **
+ * These routines allow you to walk through the tree, forwards or backwards.
+ */
+
+static ubi_btNodePtr SubSlide( register ubi_btNodePtr P,
+                               register int           whichway )
+  /* ------------------------------------------------------------------------ **
+   * Slide down the side of a subtree.
+   *
+   * Given a starting node, this function returns a pointer to the LEFT-, or
+   * RIGHT-most descendent, *or* (if whichway is PARENT) to the tree root.
+   *
+   *  Input:  P         - a pointer to a starting place.
+   *          whichway  - the direction (LEFT, RIGHT, or PARENT) in which to
+   *                      travel.
+   *  Output: A pointer to a node that is either the root, or has no
+   *          whichway-th child but is within the subtree of P.  Note that
+   *          the return value may be the same as P.  The return value *will
+   *          be* NULL if P is NULL.
+   * ------------------------------------------------------------------------ **
+   */
+  {
+
+  if( NULL != P )
+    while( NULL != P->Link[ whichway ] )
+      P = P->Link[ whichway ];
+  return( P );
+  } /* SubSlide */
+
+static ubi_btNodePtr Neighbor( register ubi_btNodePtr P,
+                               register int           whichway )
+  /* ------------------------------------------------------------------------ **
+   * Given starting point p, return the (key order) next or preceeding node
+   * in the tree.
+   *
+   *  Input:  P         - Pointer to our starting place node.
+   *          whichway  - the direction in which to travel to find the
+   *                      neighbor, i.e., the RIGHT neighbor or the LEFT
+   *                      neighbor.
+   *
+   *  Output: A pointer to the neighboring node, or NULL if P was NULL.
+   *
+   *  Notes:  If whichway is PARENT, the results are unpredictable.
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  if( P )
+    {
+    if( NULL != P->Link[ whichway ] )
+      return( SubSlide( P->Link[ whichway ], (char)ubi_trRevWay(whichway) ) );
+    else
+      while( NULL != P->Link[ ubi_trPARENT ] )
+        {
+        if( whichway == P->gender )
+          P = P->Link[ ubi_trPARENT ];
+        else
+          return( P->Link[ ubi_trPARENT ] );
+        }
+    }
+  return( NULL );
+  } /* Neighbor */
+
+static ubi_btNodePtr Border( ubi_btRootPtr RootPtr,
+                             ubi_btItemPtr FindMe,
+                             ubi_btNodePtr p,
+                             int           whichway )
+  /* ------------------------------------------------------------------------ **
+   * Given starting point p, which has a key value equal to *FindMe, locate
+   * the first (index order) node with the same key value.
+   *
+   * This function is useful in trees that have can have duplicate keys.
+   * For example, consider the following tree:
+   *     Tree                                                      Traversal
+   *       2    If <p> points to the root and <whichway> is RIGHT,     3
+   *      / \    then the return value will be a pointer to the       / \
+   *     2   2    RIGHT child of the root node.  The tree on         2   5
+   *    /   / \    the right shows the order of traversal.          /   / \
+   *   1   2   3                                                   1   4   6
+   *
+   *  Input:  RootPtr   - Pointer to the tree root structure.
+   *          FindMe    - Key value for comparisons.
+   *          p         - Pointer to the starting-point node.
+   *          whichway  - the direction in which to travel to find the
+   *                      neighbor, i.e., the RIGHT neighbor or the LEFT
+   *                      neighbor.
+   *
+   *  Output: A pointer to the first (index, or "traversal", order) node with
+   *          a Key value that matches *FindMe.
+   *
+   *  Notes:  If whichway is PARENT, or if the tree does not allow duplicate
+   *          keys, this function will return <p>.
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  register ubi_btNodePtr q;
+
+  /* Exit if there's nothing that can be done. */
+  if( !ubi_trDups_OK( RootPtr ) || (ubi_trPARENT == whichway) )
+    return( p );
+
+  /* First, if needed, move up the tree.  We need to get to the root of the
+   * subtree that contains all of the matching nodes.
+   */
+  q = p->Link[ubi_trPARENT];
+  while( (NULL != q)
+      && (ubi_trEQUAL == ubi_trAbNormal( (*(RootPtr->cmp))(FindMe, q) )) )
+    {
+    p = q;
+    q = p->Link[ubi_trPARENT];
+    }
+
+  /* Next, move back down in the "whichway" direction. */
+  q = p->Link[whichway];
+  while( NULL != q )
+    {
+    q = qFind( RootPtr->cmp, FindMe, q );
+    if( q )
+      {
+      p = q;
+      q = p->Link[whichway];
+      }
+    }
+  return( p );
+  } /* Border */
+
+
+/* ========================================================================== **
+ * Exported utilities.
+ */
+
+long ubi_btSgn( register long x )
+  /* ------------------------------------------------------------------------ **
+   * Return the sign of x; {negative,zero,positive} ==> {-1, 0, 1}.
+   *
+   *  Input:  x - a signed long integer value.
+   *
+   *  Output: the "sign" of x, represented as follows:
+   *            -1 == negative
+   *             0 == zero (no sign)
+   *             1 == positive
+   *
+   * Note: This utility is provided in order to facilitate the conversion
+   *       of C comparison function return values into BinTree direction
+   *       values: {LEFT, PARENT, EQUAL}.  It is INCORPORATED into the
+   *       ubi_trAbNormal() conversion macro!
+   *
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  return( (x)?((x>0)?(1):(-1)):(0) );
+  } /* ubi_btSgn */
+
+ubi_btNodePtr ubi_btInitNode( ubi_btNodePtr NodePtr )
+  /* ------------------------------------------------------------------------ **
+   * Initialize a tree node.
+   *
+   *  Input:  a pointer to a ubi_btNode structure to be initialized.
+   *  Output: a pointer to the initialized ubi_btNode structure (ie. the
+   *          same as the input pointer).
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  NodePtr->Link[ ubi_trLEFT ]   = NULL;
+  NodePtr->Link[ ubi_trPARENT ] = NULL;
+  NodePtr->Link[ ubi_trRIGHT ]  = NULL;
+  NodePtr->gender               = ubi_trEQUAL;
+  NodePtr->balance              = ubi_trEQUAL;
+  return( NodePtr );
+  } /* ubi_btInitNode */
+
+ubi_btRootPtr ubi_btInitTree( ubi_btRootPtr   RootPtr,
+                              ubi_btCompFunc  CompFunc,
+                              char            Flags )
+  /* ------------------------------------------------------------------------ **
+   * Initialize the fields of a Tree Root header structure.
+   *
+   *  Input:   RootPtr   - a pointer to an ubi_btRoot structure to be
+   *                       initialized.
+   *           CompFunc  - a pointer to a comparison function that will be used
+   *                       whenever nodes in the tree must be compared against
+   *                       outside values.
+   *           Flags     - One bytes worth of flags.  Flags include
+   *                       ubi_trOVERWRITE and ubi_trDUPKEY.  See the header
+   *                       file for more info.
+   *
+   *  Output:  a pointer to the initialized ubi_btRoot structure (ie. the
+   *           same value as RootPtr).
+   *
+   *  Note:    The interface to this function has changed from that of
+   *           previous versions.  The <Flags> parameter replaces two
+   *           boolean parameters that had the same basic effect.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  if( RootPtr )
+    {
+    RootPtr->root   = NULL;
+    RootPtr->count  = 0L;
+    RootPtr->cmp    = CompFunc;
+    RootPtr->flags  = (Flags & ubi_trDUPKEY) ? ubi_trDUPKEY : Flags;
+    }                 /* There are only two supported flags, and they are
+                       * mutually exclusive.  ubi_trDUPKEY takes precedence
+                       * over ubi_trOVERWRITE.
+                       */
+  return( RootPtr );
+  } /* ubi_btInitTree */
+
+ubi_trBool ubi_btInsert( ubi_btRootPtr  RootPtr,
+                         ubi_btNodePtr  NewNode,
+                         ubi_btItemPtr  ItemPtr,
+                         ubi_btNodePtr *OldNode )
+  /* ------------------------------------------------------------------------ **
+   * This function uses a non-recursive algorithm to add a new element to the
+   * tree.
+   *
+   *  Input:   RootPtr  -  a pointer to the ubi_btRoot structure that indicates
+   *                       the root of the tree to which NewNode is to be added.
+   *           NewNode  -  a pointer to an ubi_btNode structure that is NOT
+   *                       part of any tree.
+   *           ItemPtr  -  A pointer to the sort key that is stored within
+   *                       *NewNode.  ItemPtr MUST point to information stored
+   *                       in *NewNode or an EXACT DUPLICATE.  The key data
+   *                       indicated by ItemPtr is used to place the new node
+   *                       into the tree.
+   *           OldNode  -  a pointer to an ubi_btNodePtr.  When searching
+   *                       the tree, a duplicate node may be found.  If
+   *                       duplicates are allowed, then the new node will
+   *                       be simply placed into the tree.  If duplicates
+   *                       are not allowed, however, then one of two things
+   *                       may happen.
+   *                       1) if overwritting *is not* allowed, this
+   *                          function will return FALSE (indicating that
+   *                          the new node could not be inserted), and
+   *                          *OldNode will point to the duplicate that is
+   *                          still in the tree.
+   *                       2) if overwritting *is* allowed, then this
+   *                          function will swap **OldNode for *NewNode.
+   *                          In this case, *OldNode will point to the node
+   *                          that was removed (thus allowing you to free
+   *                          the node).
+   *                          **  If you are using overwrite mode, ALWAYS  **
+   *                          ** check the return value of this parameter! **
+   *                 Note: You may pass NULL in this parameter, the
+   *                       function knows how to cope.  If you do this,
+   *                       however, there will be no way to return a
+   *                       pointer to an old (ie. replaced) node (which is
+   *                       a problem if you are using overwrite mode).
+   *
+   *  Output:  a boolean value indicating success or failure.  The function
+   *           will return FALSE if the node could not be added to the tree.
+   *           Such failure will only occur if duplicates are not allowed,
+   *           nodes cannot be overwritten, AND a duplicate key was found
+   *           within the tree.
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  ubi_btNodePtr OtherP,
+                parent = NULL;
+  char          tmp;
+
+  if( NULL == OldNode ) /* If they didn't give us a pointer, supply our own.  */
+    OldNode = &OtherP;
+
+  (void)ubi_btInitNode( NewNode );     /* Init the new node's BinTree fields. */
+
+  /* Find a place for the new node. */
+  *OldNode = TreeFind(ItemPtr, (RootPtr->root), &parent, &tmp, (RootPtr->cmp));
+
+  /* Now add the node to the tree... */
+  if( NULL == (*OldNode) )  /* The easy one: we have a space for a new node!  */
+    {
+    if( NULL == parent )
+      RootPtr->root = NewNode;
+    else
+      {
+      parent->Link[(int)tmp]      = NewNode;
+      NewNode->Link[ubi_trPARENT] = parent;
+      NewNode->gender             = tmp;
+      }
+    (RootPtr->count)++;
+    return( ubi_trTRUE );
+    }
+
+  /* If we reach this point, we know that a duplicate node exists.  This
+   * section adds the node to the tree if duplicate keys are allowed.
+   */
+  if( ubi_trDups_OK(RootPtr) )    /* Key exists, add duplicate */
+    {
+    ubi_btNodePtr q;
+
+    tmp = ubi_trRIGHT;
+    q = (*OldNode);
+    *OldNode = NULL;
+    while( NULL != q )
+      {
+      parent = q;
+      if( tmp == ubi_trEQUAL )
+        tmp = ubi_trRIGHT;
+      q = q->Link[(int)tmp];
+      if ( q )
+        tmp = ubi_trAbNormal( (*(RootPtr->cmp))(ItemPtr, q) );
+      }
+    parent->Link[(int)tmp]       = NewNode;
+    NewNode->Link[ubi_trPARENT]  = parent;
+    NewNode->gender              = tmp;
+    (RootPtr->count)++;
+    return( ubi_trTRUE );
+    }
+
+  /* If we get to *this* point, we know that we are not allowed to have
+   * duplicate nodes, but our node keys match, so... may we replace the
+   * old one?
+   */
+  if( ubi_trOvwt_OK(RootPtr) )    /* Key exists, we replace */
+    {
+    if( NULL == parent )
+      ReplaceNode( &(RootPtr->root), *OldNode, NewNode );
+    else
+      ReplaceNode( &(parent->Link[(int)((*OldNode)->gender)]),
+                   *OldNode, NewNode );
+    return( ubi_trTRUE );
+    }
+
+  return( ubi_trFALSE );      /* Failure: could not replace an existing node. */
+  } /* ubi_btInsert */
+
+ubi_btNodePtr ubi_btRemove( ubi_btRootPtr RootPtr,
+                            ubi_btNodePtr DeadNode )
+  /* ------------------------------------------------------------------------ **
+   * This function removes the indicated node from the tree.
+   *
+   *  Input:   RootPtr  -  A pointer to the header of the tree that contains
+   *                       the node to be removed.
+   *           DeadNode -  A pointer to the node that will be removed.
+   *
+   *  Output:  This function returns a pointer to the node that was removed
+   *           from the tree (ie. the same as DeadNode).
+   *
+   *  Note:    The node MUST be in the tree indicated by RootPtr.  If not,
+   *           strange and evil things will happen to your trees.
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  ubi_btNodePtr p,
+               *parentp;
+  int           tmp;
+
+  /* if the node has both left and right subtrees, then we have to swap
+   * it with another node.  The other node we choose will be the Prev()ious
+   * node, which is garunteed to have no RIGHT child.
+   */
+  if( (NULL != DeadNode->Link[ubi_trLEFT])
+   && (NULL != DeadNode->Link[ubi_trRIGHT]) )
+    SwapNodes( RootPtr, DeadNode, ubi_btPrev( DeadNode ) );
+
+  /* The parent of the node to be deleted may be another node, or it may be
+   * the root of the tree.  Since we're not sure, it's best just to have
+   * a pointer to the parent pointer, whatever it is.
+   */
+  if( NULL == DeadNode->Link[ubi_trPARENT] )
+    parentp = &( RootPtr->root );
+  else
+    parentp = &((DeadNode->Link[ubi_trPARENT])->Link[(int)(DeadNode->gender)]);
+
+  /* Now link the parent to the only grand-child and patch up the gender. */
+  tmp = ((DeadNode->Link[ubi_trLEFT])?ubi_trLEFT:ubi_trRIGHT);
+
+  p = (DeadNode->Link[tmp]);
+  if( NULL != p )
+    {
+    p->Link[ubi_trPARENT] = DeadNode->Link[ubi_trPARENT];
+    p->gender       = DeadNode->gender;
+    }
+  (*parentp) = p;
+
+  /* Finished, reduce the node count and return. */
+  (RootPtr->count)--;
+  return( DeadNode );
+  } /* ubi_btRemove */
+
+ubi_btNodePtr ubi_btLocate( ubi_btRootPtr RootPtr,
+                            ubi_btItemPtr FindMe,
+                            ubi_trCompOps CompOp )
+  /* ------------------------------------------------------------------------ **
+   * The purpose of ubi_btLocate() is to find a node or set of nodes given
+   * a target value and a "comparison operator".  The Locate() function is
+   * more flexible and (in the case of trees that may contain dupicate keys)
+   * more precise than the ubi_btFind() function.  The latter is faster,
+   * but it only searches for exact matches and, if the tree contains
+   * duplicates, Find() may return a pointer to any one of the duplicate-
+   * keyed records.
+   *
+   *  Input:
+   *     RootPtr  -  A pointer to the header of the tree to be searched.
+   *     FindMe   -  An ubi_btItemPtr that indicates the key for which to
+   *                 search.
+   *     CompOp   -  One of the following:
+   *                    CompOp     Return a pointer to the node with
+   *                    ------     ---------------------------------
+   *                   ubi_trLT - the last key value that is less
+   *                              than FindMe.
+   *                   ubi_trLE - the first key matching FindMe, or
+   *                              the last key that is less than
+   *                              FindMe.
+   *                   ubi_trEQ - the first key matching FindMe.
+   *                   ubi_trGE - the first key matching FindMe, or the
+   *                              first key greater than FindMe.
+   *                   ubi_trGT - the first key greater than FindMe.
+   *  Output:
+   *     A pointer to the node matching the criteria listed above under
+   *     CompOp, or NULL if no node matched the criteria.
+   *
+   *  Notes:
+   *     In the case of trees with duplicate keys, Locate() will behave as
+   *     follows:
+   *
+   *     Find:  3                       Find: 3
+   *     Keys:  1 2 2 2 3 3 3 3 3 4 4   Keys: 1 1 2 2 2 4 4 5 5 5 6
+   *                  ^ ^         ^                   ^ ^
+   *                 LT EQ        GT                 LE GE
+   *
+   *     That is, when returning a pointer to a node with a key that is LESS
+   *     THAN the target key (FindMe), Locate() will return a pointer to the
+   *     LAST matching node.
+   *     When returning a pointer to a node with a key that is GREATER
+   *     THAN the target key (FindMe), Locate() will return a pointer to the
+   *     FIRST matching node.
+   *
+   *  See Also: ubi_btFind(), ubi_btFirstOf(), ubi_btLastOf().
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  register ubi_btNodePtr p;
+  ubi_btNodePtr   parent;
+  char            whichkid;
+
+  /* Start by searching for a matching node. */
+  p = TreeFind( FindMe,
+                RootPtr->root,
+                &parent,
+                &whichkid,
+                RootPtr->cmp );
+
+  if( NULL != p )    /* If we have found a match, we can resolve as follows:  */
+    {
+    switch( CompOp )
+      {
+      case ubi_trLT:            /* It's just a jump to the left...  */
+        p = Border( RootPtr, FindMe, p, ubi_trLEFT );
+        return( Neighbor( p, ubi_trLEFT ) );
+      case ubi_trGT:            /* ...and then a jump to the right. */
+        p = Border( RootPtr, FindMe, p, ubi_trRIGHT );
+        return( Neighbor( p, ubi_trRIGHT ) );
+      default:
+        p = Border( RootPtr, FindMe, p, ubi_trLEFT );
+        return( p );
+      }
+    }
+
+  /* Else, no match. */
+  if( ubi_trEQ == CompOp )    /* If we were looking for an exact match... */
+    return( NULL );           /* ...forget it.                            */
+
+  /* We can still return a valid result for GT, GE, LE, and LT.
+   * <parent> points to a node with a value that is either just before or
+   * just after the target value.
+   * Remaining possibilities are LT and GT (including LE & GE).
+   */
+  if( (ubi_trLT == CompOp) || (ubi_trLE == CompOp) )
+    return( (ubi_trLEFT == whichkid) ? Neighbor( parent, whichkid ) : parent );
+  else
+    return( (ubi_trRIGHT == whichkid) ? Neighbor( parent, whichkid ) : parent );
+  } /* ubi_btLocate */
+
+ubi_btNodePtr ubi_btFind( ubi_btRootPtr RootPtr,
+                          ubi_btItemPtr FindMe )
+  /* ------------------------------------------------------------------------ **
+   * This function performs a non-recursive search of a tree for any node
+   * matching a specific key.
+   *
+   *  Input:
+   *     RootPtr  -  a pointer to the header of the tree to be searched.
+   *     FindMe   -  a pointer to the key value for which to search.
+   *
+   *  Output:
+   *     A pointer to a node with a key that matches the key indicated by
+   *     FindMe, or NULL if no such node was found.
+   *
+   *  Note:   In a tree that allows duplicates, the pointer returned *might
+   *          not* point to the (sequentially) first occurance of the
+   *          desired key.  In such a tree, it may be more useful to use
+   *          ubi_btLocate().
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  return( qFind( RootPtr->cmp, FindMe, RootPtr->root ) );
+  } /* ubi_btFind */
+
+ubi_btNodePtr ubi_btNext( ubi_btNodePtr P )
+  /* ------------------------------------------------------------------------ **
+   * Given the node indicated by P, find the (sorted order) Next node in the
+   * tree.
+   *  Input:   P  -  a pointer to a node that exists in a binary tree.
+   *  Output:  A pointer to the "next" node in the tree, or NULL if P pointed
+   *           to the "last" node in the tree or was NULL.
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  return( Neighbor( P, ubi_trRIGHT ) );
+  } /* ubi_btNext */
+
+ubi_btNodePtr ubi_btPrev( ubi_btNodePtr P )
+  /* ------------------------------------------------------------------------ **
+   * Given the node indicated by P, find the (sorted order) Previous node in
+   * the tree.
+   *  Input:   P  -  a pointer to a node that exists in a binary tree.
+   *  Output:  A pointer to the "previous" node in the tree, or NULL if P
+   *           pointed to the "first" node in the tree or was NULL.
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  return( Neighbor( P, ubi_trLEFT ) );
+  } /* ubi_btPrev */
+
+ubi_btNodePtr ubi_btFirst( ubi_btNodePtr P )
+  /* ------------------------------------------------------------------------ **
+   * Given the node indicated by P, find the (sorted order) First node in the
+   * subtree of which *P is the root.
+   *  Input:   P  -  a pointer to a node that exists in a binary tree.
+   *  Output:  A pointer to the "first" node in a subtree that has *P as its
+   *           root.  This function will return NULL only if P is NULL.
+   *  Note:    In general, you will be passing in the value of the root field
+   *           of an ubi_btRoot structure.
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  return( SubSlide( P, ubi_trLEFT ) );
+  } /* ubi_btFirst */
+
+ubi_btNodePtr ubi_btLast( ubi_btNodePtr P )
+  /* ------------------------------------------------------------------------ **
+   * Given the node indicated by P, find the (sorted order) Last node in the
+   * subtree of which *P is the root.
+   *  Input:   P  -  a pointer to a node that exists in a binary tree.
+   *  Output:  A pointer to the "last" node in a subtree that has *P as its
+   *           root.  This function will return NULL only if P is NULL.
+   *  Note:    In general, you will be passing in the value of the root field
+   *           of an ubi_btRoot structure.
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  return( SubSlide( P, ubi_trRIGHT ) );
+  } /* ubi_btLast */
+
+ubi_btNodePtr ubi_btFirstOf( ubi_btRootPtr RootPtr,
+                             ubi_btItemPtr MatchMe,
+                             ubi_btNodePtr p )
+  /* ------------------------------------------------------------------------ **
+   * Given a tree that a allows duplicate keys, and a pointer to a node in
+   * the tree, this function will return a pointer to the first (traversal
+   * order) node with the same key value.
+   *
+   *  Input:  RootPtr - A pointer to the root of the tree.
+   *          MatchMe - A pointer to the key value.  This should probably
+   *                    point to the key within node *p.
+   *          p       - A pointer to a node in the tree.
+   *  Output: A pointer to the first node in the set of nodes with keys
+   *          matching <FindMe>.
+   *  Notes:  Node *p MUST be in the set of nodes with keys matching
+   *          <FindMe>.  If not, this function will return NULL.
+   *
+   *          4.7: Bug found & fixed by Massimo Campostrini,
+   *               Istituto Nazionale di Fisica Nucleare, Sezione di Pisa.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  /* If our starting point is invalid, return NULL. */
+  if( (NULL == p)
+   || (ubi_trEQUAL != ubi_trAbNormal( (*(RootPtr->cmp))( MatchMe, p ) )) )
+    return( NULL );
+  return( Border( RootPtr, MatchMe, p, ubi_trLEFT ) );
+  } /* ubi_btFirstOf */
+
+ubi_btNodePtr ubi_btLastOf( ubi_btRootPtr RootPtr,
+                            ubi_btItemPtr MatchMe,
+                            ubi_btNodePtr p )
+  /* ------------------------------------------------------------------------ **
+   * Given a tree that a allows duplicate keys, and a pointer to a node in
+   * the tree, this function will return a pointer to the last (traversal
+   * order) node with the same key value.
+   *
+   *  Input:  RootPtr - A pointer to the root of the tree.
+   *          MatchMe - A pointer to the key value.  This should probably
+   *                    point to the key within node *p.
+   *          p       - A pointer to a node in the tree.
+   *  Output: A pointer to the last node in the set of nodes with keys
+   *          matching <FindMe>.
+   *  Notes:  Node *p MUST be in the set of nodes with keys matching
+   *          <FindMe>.  If not, this function will return NULL.
+   *
+   *          4.7: Bug found & fixed by Massimo Campostrini,
+   *               Istituto Nazionale di Fisica Nucleare, Sezione di Pisa.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  /* If our starting point is invalid, return NULL. */
+  if( (NULL != p)
+   || (ubi_trEQUAL != ubi_trAbNormal( (*(RootPtr->cmp))( MatchMe, p ) )) )
+    return( NULL );
+  return( Border( RootPtr, MatchMe, p, ubi_trRIGHT ) );
+  } /* ubi_btLastOf */
+
+unsigned long ubi_btTraverse( ubi_btRootPtr   RootPtr,
+                              ubi_btActionRtn EachNode,
+                              void           *UserData )
+  /* ------------------------------------------------------------------------ **
+   * Traverse a tree in sorted order (non-recursively).  At each node, call
+   * (*EachNode)(), passing a pointer to the current node, and UserData as the
+   * second parameter.
+   *
+   *  Input:   RootPtr  -  a pointer to an ubi_btRoot structure that indicates
+   *                       the tree to be traversed.
+   *           EachNode -  a pointer to a function to be called at each node
+   *                       as the node is visited.
+   *           UserData -  a generic pointer that may point to anything that
+   *                       you choose.
+   *
+   *  Output:  A count of the number of nodes visited.  This will be zero
+   *           if the tree is empty.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  ubi_btNodePtr p = ubi_btFirst( RootPtr->root );
+  unsigned long count = 0;
+
+  while( NULL != p )
+    {
+    (*EachNode)( p, UserData );
+    count++;
+    p = ubi_btNext( p );
+    }
+  return( count );
+  } /* ubi_btTraverse */
+
+unsigned long ubi_btKillTree( ubi_btRootPtr     RootPtr,
+                              ubi_btKillNodeRtn FreeNode )
+  /* ------------------------------------------------------------------------ **
+   * Delete an entire tree (non-recursively) and reinitialize the ubi_btRoot
+   * structure.  Return a count of the number of nodes deleted.
+   *
+   *  Input:   RootPtr  -  a pointer to an ubi_btRoot structure that indicates
+   *                       the root of the tree to delete.
+   *           FreeNode -  a function that will be called for each node in the
+   *                       tree to deallocate the memory used by the node.
+   *
+   *  Output:  The number of nodes removed from the tree.
+   *           A value of 0 will be returned if:
+   *           - The tree actually contains 0 entries.
+   *           - the value of <RootPtr> is NULL, in which case the tree is
+   *             assumed to be empty
+   *           - the value of <FreeNode> is NULL, in which case entries
+   *             cannot be removed, so 0 is returned.  *Make sure that you
+   *             provide a valid value for <FreeNode>*.
+   *           In all other cases, you should get a positive value equal to
+   *           the value of RootPtr->count upon entry.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  ubi_btNodePtr p, q;
+  unsigned long count = 0;
+
+  if( (NULL == RootPtr) || (NULL == FreeNode) )
+    return( 0 );
+
+  p = ubi_btFirst( RootPtr->root );
+  while( NULL != p )
+    {
+    q = p;
+    while( q->Link[ubi_trRIGHT] )
+      q = SubSlide( q->Link[ubi_trRIGHT], ubi_trLEFT );
+    p = q->Link[ubi_trPARENT];
+    if( NULL != p )
+      p->Link[ ((p->Link[ubi_trLEFT] == q)?ubi_trLEFT:ubi_trRIGHT) ] = NULL;
+    (*FreeNode)((void *)q);
+    count++;
+    }
+
+  /* overkill... */
+  (void)ubi_btInitTree( RootPtr,
+                        RootPtr->cmp,
+                        RootPtr->flags );
+  return( count );
+  } /* ubi_btKillTree */
+
+ubi_btNodePtr ubi_btLeafNode( ubi_btNodePtr leader )
+  /* ------------------------------------------------------------------------ **
+   * Returns a pointer to a leaf node.
+   *
+   *  Input:  leader  - Pointer to a node at which to start the descent.
+   *
+   *  Output: A pointer to a leaf node selected in a somewhat arbitrary
+   *          manner.
+   *
+   *  Notes:  I wrote this function because I was using splay trees as a
+   *          database cache.  The cache had a maximum size on it, and I
+   *          needed a way of choosing a node to sacrifice if the cache
+   *          became full.  In a splay tree, less recently accessed nodes
+   *          tend toward the bottom of the tree, meaning that leaf nodes
+   *          are good candidates for removal.  (I really can't think of
+   *          any other reason to use this function.)
+   *        + In a simple binary tree or an AVL tree, the most recently
+   *          added nodes tend to be nearer the bottom, making this a *bad*
+   *          way to choose which node to remove from the cache.
+   *        + Randomizing the traversal order is probably a good idea.  You
+   *          can improve the randomization of leaf node selection by passing
+   *          in pointers to nodes other than the root node each time.  A
+   *          pointer to any node in the tree will do.  Of course, if you
+   *          pass a pointer to a leaf node you'll get the same thing back.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  ubi_btNodePtr follower = NULL;
+  int           whichway = ubi_trLEFT;
+
+  while( NULL != leader )
+    {
+    follower = leader;
+    leader   = follower->Link[ whichway ];
+    if( NULL == leader )
+      {
+      whichway = ubi_trRevWay( whichway );
+      leader   = follower->Link[ whichway ];
+      }
+    }
+
+  return( follower );
+  } /* ubi_btLeafNode */
+
+int ubi_btModuleID( int size, char *list[] )
+  /* ------------------------------------------------------------------------ **
+   * Returns a set of strings that identify the module.
+   *
+   *  Input:  size  - The number of elements in the array <list>.
+   *          list  - An array of pointers of type (char *).  This array
+   *                  should, initially, be empty.  This function will fill
+   *                  in the array with pointers to strings.
+   *  Output: The number of elements of <list> that were used.  If this value
+   *          is less than <size>, the values of the remaining elements are
+   *          not guaranteed.
+   *
+   *  Notes:  Please keep in mind that the pointers returned indicate strings
+   *          stored in static memory.  Don't free() them, don't write over
+   *          them, etc.  Just read them.
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  if( size > 0 )
+    {
+    list[0] = ModuleID;
+    if( size > 1 )
+      list[1] = NULL;
+    return( 1 );
+    }
+  return( 0 );
+  } /* ubi_btModuleID */
+
+
+/* ========================================================================== */
diff --git a/source3/ubiqx/ubi_BinTree.h b/source3/ubiqx/ubi_BinTree.h
new file mode 100644
index 0000000000..c0c6d59309
--- /dev/null
+++ b/source3/ubiqx/ubi_BinTree.h
@@ -0,0 +1,864 @@
+#ifndef UBI_BINTREE_H
+#define UBI_BINTREE_H
+/* ========================================================================== **
+ *                              ubi_BinTree.h
+ *
+ *  Copyright (C) 1991-1998 by Christopher R. Hertel
+ *
+ *  Email:  crh@ubiqx.mn.org
+ * -------------------------------------------------------------------------- **
+ *
+ *  This module implements a simple binary tree.
+ *
+ * -------------------------------------------------------------------------- **
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public
+ *  License along with this library; if not, write to the Free
+ *  Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ * -------------------------------------------------------------------------- **
+ *
+ * Log: ubi_BinTree.h,v 
+ * Revision 4.10  2000/06/06 20:38:40  crh
+ * In the ReplaceNode() function, the old node header was being copied
+ * to the new node header using a byte-by-byte copy.  This was causing
+ * the 'insure' software testing program to report a memory leak.  The
+ * fix was to do a simple assignement: *newnode = *oldnode;
+ * This quieted the (errant) memory leak reports and is probably a bit
+ * faster than the bytewise copy.
+ *
+ * Revision 4.9  2000/01/08 23:24:30  crh
+ * Clarified a variety of if( pointer ) lines, replacing them with
+ * if( NULL != pointer ).  This is more correct, and I have heard
+ * of at least one (obscure?) system out there that uses a non-zero
+ * value for NULL.
+ * Also, speed improvement in Neighbor().  It was comparing pointers
+ * when it could have compared two gender values.  The pointer
+ * comparison was somewhat indirect (does pointer equal the pointer
+ * of the parent of the node pointed to by pointer).  Urq.
+ *
+ * Revision 4.8  1999/09/22 03:40:30  crh
+ * Modified ubi_btTraverse() and ubi_btKillTree().  They now return an
+ * unsigned long indicating the number of nodes processed.  The change
+ * is subtle.  An empty tree formerly returned False, and now returns
+ * zero.
+ *
+ * Revision 4.7  1998/10/21 06:15:07  crh
+ * Fixed bugs in FirstOf() and LastOf() reported by Massimo Campostrini.
+ * See function comments.
+ *
+ * Revision 4.6  1998/07/25 17:02:10  crh
+ * Added the ubi_trNewTree() macro.
+ *
+ * Revision 4.5  1998/06/04 21:29:27  crh
+ * Upper-cased defined constants (eg UBI_BINTREE_H) in some header files.
+ * This is more "standard", and is what people expect.  Weird, eh?
+ *
+ * Revision 4.4  1998/06/03 17:42:46  crh
+ * Further fiddling with sys_include.h.  It's now in ubi_BinTree.h which is
+ * included by all of the binary tree files.
+ *
+ * Reminder: Some of the ubi_tr* macros in ubi_BinTree.h are redefined in
+ *           ubi_AVLtree.h and ubi_SplayTree.h.  This allows easy swapping
+ *           of tree types by simply changing a header.  Unfortunately, the
+ *           macro redefinitions in ubi_AVLtree.h and ubi_SplayTree.h will
+ *           conflict if used together.  You must either choose a single tree
+ *           type, or use the underlying function calls directly.  Compare
+ *           the two header files for more information.
+ *
+ * Revision 4.3  1998/06/02 01:28:43  crh
+ * Changed ubi_null.h to sys_include.h to make it more generic.
+ *
+ * Revision 4.2  1998/05/20 04:32:36  crh
+ * The C file now includes ubi_null.h.  See ubi_null.h for more info.
+ * Also, the balance and gender fields of the node were declared as
+ * signed char.  As I understand it, at least one SunOS or Solaris
+ * compiler doesn't like "signed char".  The declarations were
+ * wrong anyway, so I changed them to simple "char".
+ *
+ * Revision 4.1  1998/03/31 06:13:47  crh
+ * Thomas Aglassinger sent E'mail pointing out errors in the
+ * dereferencing of function pointers, and a missing typecast.
+ * Thanks, Thomas!
+ *
+ * Revision 4.0  1998/03/10 03:16:04  crh
+ * Added the AVL field 'balance' to the ubi_btNode structure.  This means
+ * that all BinTree modules now use the same basic node structure, which
+ * greatly simplifies the AVL module.
+ * Decided that this was a big enough change to justify a new major revision
+ * number.  3.0 was an error, so we're at 4.0.
+ *
+ * Revision 2.6  1998/01/24 06:27:30  crh
+ * Added ubi_trCount() macro.
+ *
+ * Revision 2.5  1997/12/23 03:59:21  crh
+ * In this version, all constants & macros defined in the header file have
+ * the ubi_tr prefix.  Also cleaned up anything that gcc complained about
+ * when run with '-pedantic -fsyntax-only -Wall'.
+ *
+ * Revision 2.4  1997/07/26 04:11:14  crh
+ * + Just to be annoying I changed ubi_TRUE and ubi_FALSE to ubi_trTRUE
+ *   and ubi_trFALSE.
+ * + There is now a type ubi_trBool to go with ubi_trTRUE and ubi_trFALSE.
+ * + There used to be something called "ubi_TypeDefs.h".  I got rid of it.
+ * + Added function ubi_btLeafNode().
+ *
+ * Revision 2.3  1997/06/03 05:15:27  crh
+ * Changed TRUE and FALSE to ubi_TRUE and ubi_FALSE to avoid conflicts.
+ * Also changed the interface to function InitTree().  See the comments
+ * for this function for more information.
+ *
+ * Revision 2.2  1995/10/03 22:00:40  CRH
+ * Ubisized!
+ * 
+ * Revision 2.1  95/03/09  23:43:46  CRH
+ * Added the ModuleID static string and function.  These modules are now
+ * self-identifying.
+ * 
+ * Revision 2.0  95/02/27  22:00:33  CRH
+ * Revision 2.0 of this program includes the following changes:
+ *
+ *     1)  A fix to a major typo in the RepaceNode() function.
+ *     2)  The addition of the static function Border().
+ *     3)  The addition of the public functions FirstOf() and LastOf(), which
+ *         use Border(). These functions are used with trees that allow
+ *         duplicate keys.
+ *     4)  A complete rewrite of the Locate() function.  Locate() now accepts
+ *         a "comparison" operator.
+ *     5)  Overall enhancements to both code and comments.
+ *
+ * I decided to give this a new major rev number because the interface has
+ * changed.  In particular, there are two new functions, and changes to the
+ * Locate() function.
+ *
+ * Revision 1.0  93/10/15  22:55:04  CRH
+ * With this revision, I have added a set of #define's that provide a single,
+ * standard API to all existing tree modules.  Until now, each of the three
+ * existing modules had a different function and typedef prefix, as follows:
+ *
+ *       Module        Prefix
+ *     ubi_BinTree     ubi_bt
+ *     ubi_AVLtree     ubi_avl
+ *     ubi_SplayTree   ubi_spt
+ *
+ * To further complicate matters, only those portions of the base module
+ * (ubi_BinTree) that were superceeded in the new module had the new names.
+ * For example, if you were using ubi_SplayTree, the locate function was
+ * called "ubi_sptLocate", but the next and previous functions remained
+ * "ubi_btNext" and "ubi_btPrev".
+ *
+ * This was not too terrible if you were familiar with the modules and knew
+ * exactly which tree model you wanted to use.  If you wanted to be able to
+ * change modules (for speed comparisons, etc), things could get messy very
+ * quickly.
+ *
+ * So, I have added a set of defined names that get redefined in any of the
+ * descendant modules.  To use this standardized interface in your code,
+ * simply replace all occurances of "ubi_bt", "ubi_avl", and "ubi_spt" with
+ * "ubi_tr".  The "ubi_tr" names will resolve to the correct function or
+ * datatype names for the module that you are using.  Just remember to
+ * include the header for that module in your program file.  Because these
+ * names are handled by the preprocessor, there is no added run-time
+ * overhead.
+ *
+ * Note that the original names do still exist, and can be used if you wish
+ * to write code directly to a specific module.  This should probably only be
+ * done if you are planning to implement a new descendant type, such as
+ * red/black trees.  CRH
+ *
+ *  V0.0 - June, 1991   -  Written by Christopher R. Hertel (CRH).
+ *
+ * ========================================================================== **
+ */
+
+#include "sys_include.h"  /* Global include file, used to adapt the ubiqx
+                           * modules to the host environment and the project
+                           * with which the modules will be used.  See
+                           * sys_include.h for more info.
+                           */
+
+/* -------------------------------------------------------------------------- **
+ * Macros and constants.
+ *
+ *  General purpose:
+ *    ubi_trTRUE  - Boolean TRUE.
+ *    ubi_trFALSE - Boolean FALSE.
+ *
+ *  Flags used in the tree header:
+ *    ubi_trOVERWRITE   - This flag indicates that an existing node may be
+ *                        overwritten by a new node with a matching key.
+ *    ubi_trDUPKEY      - This flag indicates that the tree allows duplicate
+ *                        keys.  If the tree does allow duplicates, the
+ *                        overwrite flag is ignored.
+ *
+ *  Node link array index constants:  (Each node has an array of three
+ *  pointers.  One to the left, one to the right, and one back to the
+ *  parent.)
+ *    ubi_trLEFT    - Left child pointer.
+ *    ubi_trPARENT  - Parent pointer.
+ *    ubi_trRIGHT   - Right child pointer.
+ *    ubi_trEQUAL   - Synonym for PARENT.
+ *
+ *  ubi_trCompOps:  These values are used in the ubi_trLocate() function.
+ *    ubi_trLT  - request the first instance of the greatest key less than
+ *                the search key.
+ *    ubi_trLE  - request the first instance of the greatest key that is less
+ *                than or equal to the search key.
+ *    ubi_trEQ  - request the first instance of key that is equal to the
+ *                search key.
+ *    ubi_trGE  - request the first instance of a key that is greater than
+ *                or equal to the search key.
+ *    ubi_trGT  - request the first instance of the first key that is greater
+ *                than the search key.
+ * -------------------------------------------------------------------------- **
+ */
+
+#define ubi_trTRUE  0xFF
+#define ubi_trFALSE 0x00
+
+#define ubi_trOVERWRITE 0x01        /* Turn on allow overwrite      */
+#define ubi_trDUPKEY    0x02        /* Turn on allow duplicate keys */
+
+/* Pointer array index constants... */
+#define ubi_trLEFT   0x00
+#define ubi_trPARENT 0x01
+#define ubi_trRIGHT  0x02
+#define ubi_trEQUAL  ubi_trPARENT
+
+typedef enum {
+  ubi_trLT = 1,
+  ubi_trLE,
+  ubi_trEQ,
+  ubi_trGE,
+  ubi_trGT
+  } ubi_trCompOps;
+
+/* -------------------------------------------------------------------------- **
+ * These three macros allow simple manipulation of pointer index values (LEFT,
+ * RIGHT, and PARENT).
+ *
+ *    Normalize() -  converts {LEFT, PARENT, RIGHT} into {-1, 0 ,1}.  C
+ *                   uses {negative, zero, positive} values to indicate
+ *                   {less than, equal to, greater than}.
+ *    AbNormal()  -  converts {negative, zero, positive} to {LEFT, PARENT,
+ *                   RIGHT} (opposite of Normalize()).  Note: C comparison
+ *                   functions, such as strcmp(), return {negative, zero,
+ *                   positive} values, which are not necessarily {-1, 0,
+ *                   1}.  This macro uses the the ubi_btSgn() function to
+ *                   compensate.
+ *    RevWay()    -  converts LEFT to RIGHT and RIGHT to LEFT.  PARENT (EQUAL)
+ *                   is left as is.
+ * -------------------------------------------------------------------------- **
+ */
+#define ubi_trNormalize(W) ((char)( (W) - ubi_trEQUAL ))
+#define ubi_trAbNormal(W)  ((char)( ((char)ubi_btSgn( (long)(W) )) \
+                                         + ubi_trEQUAL ))
+#define ubi_trRevWay(W)    ((char)( ubi_trEQUAL - ((W) - ubi_trEQUAL) ))
+
+/* -------------------------------------------------------------------------- **
+ * These macros allow us to quickly read the values of the OVERWRITE and
+ * DUPlicate KEY bits of the tree root flags field.
+ * -------------------------------------------------------------------------- **
+ */
+#define ubi_trDups_OK(A) \
+        ((ubi_trDUPKEY & ((A)->flags))?(ubi_trTRUE):(ubi_trFALSE))
+#define ubi_trOvwt_OK(A) \
+        ((ubi_trOVERWRITE & ((A)->flags))?(ubi_trTRUE):(ubi_trFALSE))
+
+/* -------------------------------------------------------------------------- **
+ * Additional Macros...
+ *
+ *  ubi_trCount()   - Given a pointer to a tree root, this macro returns the
+ *                    number of nodes currently in the tree.
+ *
+ *  ubi_trNewTree() - This macro makes it easy to declare and initialize a
+ *                    tree header in one step.  The line
+ *
+ *                      static ubi_trNewTree( MyTree, cmpfn, ubi_trDUPKEY );
+ *
+ *                    is equivalent to
+ *
+ *                      static ubi_trRoot MyTree[1]
+ *                        = {{ NULL, cmpfn, 0, ubi_trDUPKEY }};
+ *
+ * -------------------------------------------------------------------------- **
+ */
+
+#define ubi_trCount( R ) (((ubi_trRootPtr)(R))->count)
+
+#define ubi_trNewTree( N, C, F ) ubi_trRoot (N)[1] = {{ NULL, (C), 0, (F) }}
+
+/* -------------------------------------------------------------------------- **
+ * Typedefs...
+ * 
+ * ubi_trBool   - Your typcial true or false...
+ *
+ * Item Pointer:  The ubi_btItemPtr is a generic pointer. It is used to
+ *                indicate a key that is being searched for within the tree.
+ *                Searching occurs whenever the ubi_trFind(), ubi_trLocate(),
+ *                or ubi_trInsert() functions are called.
+ * -------------------------------------------------------------------------- **
+ */
+
+typedef unsigned char ubi_trBool;
+
+typedef void *ubi_btItemPtr;          /* A pointer to key data within a node. */
+
+/*  ------------------------------------------------------------------------- **
+ *  Binary Tree Node Structure:  This structure defines the basic elements of
+ *       the tree nodes.  In general you *SHOULD NOT PLAY WITH THESE FIELDS*!
+ *       But, of course, I have to put the structure into this header so that
+ *       you can use it as a building block.
+ *
+ *  The fields are as follows:
+ *    Link     -  an array of pointers.  These pointers are manipulated by
+ *                the BT routines.  The pointers indicate the left and right
+ *                child nodes and the parent node.  By keeping track of the
+ *                parent pointer, we avoid the need for recursive routines or
+ *                hand-tooled stacks to keep track of our path back to the
+ *                root.  The use of these pointers is subject to change without
+ *                notice.
+ *    gender   -  a one-byte field indicating whether the node is the RIGHT or
+ *                LEFT child of its parent.  If the node is the root of the
+ *                tree, gender will be PARENT.
+ *    balance  -  only used by the AVL tree module.  This field indicates
+ *                the height balance at a given node.  See ubi_AVLtree for
+ *                details.
+ *
+ *  ------------------------------------------------------------------------- **
+ */
+typedef struct ubi_btNodeStruct {
+  struct ubi_btNodeStruct *Link[ 3 ];
+  char                     gender;
+  char                     balance;
+  } ubi_btNode;
+
+typedef ubi_btNode *ubi_btNodePtr;     /* Pointer to an ubi_btNode structure. */
+
+/*  ------------------------------------------------------------------------- **
+ * The next three typedefs define standard function types used by the binary
+ * tree management routines.  In particular:
+ *
+ *    ubi_btCompFunc    is a pointer to a comparison function.  Comparison
+ *                      functions are passed an ubi_btItemPtr and an
+ *                      ubi_btNodePtr.  They return a value that is (<0), 0,
+ *                      or (>0) to indicate that the Item is (respectively)
+ *                      "less than", "equal to", or "greater than" the Item
+ *                      contained within the node.  (See ubi_btInitTree()).
+ *    ubi_btActionRtn   is a pointer to a function that may be called for each
+ *                      node visited when performing a tree traversal (see
+ *                      ubi_btTraverse()).  The function will be passed two
+ *                      parameters: the first is a pointer to a node in the
+ *                      tree, the second is a generic pointer that may point to
+ *                      anything that you like.
+ *    ubi_btKillNodeRtn is a pointer to a function that will deallocate the
+ *                      memory used by a node (see ubi_btKillTree()).  Since
+ *                      memory management is left up to you, deallocation may
+ *                      mean anything that you want it to mean.  Just remember
+ *                      that the tree *will* be destroyed and that none of the
+ *                      node pointers will be valid any more.
+ *  ------------------------------------------------------------------------- **
+ */
+
+typedef  int (*ubi_btCompFunc)( ubi_btItemPtr, ubi_btNodePtr );
+
+typedef void (*ubi_btActionRtn)( ubi_btNodePtr, void * );
+
+typedef void (*ubi_btKillNodeRtn)( ubi_btNodePtr );
+
+/* -------------------------------------------------------------------------- **
+ * Tree Root Structure: This structure gives us a convenient handle for
+ *                      accessing whole binary trees.  The fields are:
+ *    root  -  A pointer to the root node of the tree.
+ *    count -  A count of the number of nodes stored in the tree.
+ *    cmp   -  A pointer to the comparison routine to be used when building or
+ *             searching the tree.
+ *    flags -  A set of bit flags.  Two flags are currently defined:
+ *
+ *       ubi_trOVERWRITE -  If set, this flag indicates that a new node should
+ *         (bit 0x01)       overwrite an old node if the two have identical
+ *                          keys (ie., the keys are equal).
+ *       ubi_trDUPKEY    -  If set, this flag indicates that the tree is
+ *         (bit 0x02)       allowed to contain nodes with duplicate keys.
+ *
+ *       NOTE: ubi_trInsert() tests ubi_trDUPKEY before ubi_trOVERWRITE.
+ *
+ * All of these values are set when you initialize the root structure by
+ * calling ubi_trInitTree().
+ * -------------------------------------------------------------------------- **
+ */
+
+typedef struct {
+  ubi_btNodePtr  root;     /* A pointer to the root node of the tree       */
+  ubi_btCompFunc cmp;      /* A pointer to the tree's comparison function  */
+  unsigned long  count;    /* A count of the number of nodes in the tree   */
+  char           flags;    /* Overwrite Y|N, Duplicate keys Y|N...         */
+  } ubi_btRoot;
+
+typedef ubi_btRoot *ubi_btRootPtr;  /* Pointer to an ubi_btRoot structure. */
+
+
+/* -------------------------------------------------------------------------- **
+ * Function Prototypes.
+ */
+
+long ubi_btSgn( long x );
+  /* ------------------------------------------------------------------------ **
+   * Return the sign of x; {negative,zero,positive} ==> {-1, 0, 1}.
+   *
+   *  Input:  x - a signed long integer value.
+   *
+   *  Output: the "sign" of x, represented as follows:
+   *            -1 == negative
+   *             0 == zero (no sign)
+   *             1 == positive
+   *
+   * Note: This utility is provided in order to facilitate the conversion
+   *       of C comparison function return values into BinTree direction
+   *       values: {LEFT, PARENT, EQUAL}.  It is INCORPORATED into the
+   *       AbNormal() conversion macro!
+   *
+   * ------------------------------------------------------------------------ **
+   */
+
+ubi_btNodePtr ubi_btInitNode( ubi_btNodePtr NodePtr );
+  /* ------------------------------------------------------------------------ **
+   * Initialize a tree node.
+   *
+   *  Input:   a pointer to a ubi_btNode structure to be initialized.
+   *  Output:  a pointer to the initialized ubi_btNode structure (ie. the
+   *           same as the input pointer).
+   * ------------------------------------------------------------------------ **
+   */
+
+ubi_btRootPtr  ubi_btInitTree( ubi_btRootPtr   RootPtr,
+                               ubi_btCompFunc  CompFunc,
+                               char            Flags );
+  /* ------------------------------------------------------------------------ **
+   * Initialize the fields of a Tree Root header structure.
+   *  
+   *  Input:   RootPtr   - a pointer to an ubi_btRoot structure to be
+   *                       initialized.   
+   *           CompFunc  - a pointer to a comparison function that will be used
+   *                       whenever nodes in the tree must be compared against
+   *                       outside values.
+   *           Flags     - One bytes worth of flags.  Flags include
+   *                       ubi_trOVERWRITE and ubi_trDUPKEY.  See the header
+   *                       file for more info.
+   *
+   *  Output:  a pointer to the initialized ubi_btRoot structure (ie. the
+   *           same value as RootPtr).
+   * 
+   *  Note:    The interface to this function has changed from that of 
+   *           previous versions.  The <Flags> parameter replaces two      
+   *           boolean parameters that had the same basic effect.
+   * ------------------------------------------------------------------------ **
+   */
+
+ubi_trBool ubi_btInsert( ubi_btRootPtr  RootPtr,
+                         ubi_btNodePtr  NewNode,
+                         ubi_btItemPtr  ItemPtr,
+                         ubi_btNodePtr *OldNode );
+  /* ------------------------------------------------------------------------ **
+   * This function uses a non-recursive algorithm to add a new element to the
+   * tree.
+   *
+   *  Input:   RootPtr  -  a pointer to the ubi_btRoot structure that indicates
+   *                       the root of the tree to which NewNode is to be added.
+   *           NewNode  -  a pointer to an ubi_btNode structure that is NOT
+   *                       part of any tree.
+   *           ItemPtr  -  A pointer to the sort key that is stored within
+   *                       *NewNode.  ItemPtr MUST point to information stored
+   *                       in *NewNode or an EXACT DUPLICATE.  The key data
+   *                       indicated by ItemPtr is used to place the new node
+   *                       into the tree.
+   *           OldNode  -  a pointer to an ubi_btNodePtr.  When searching
+   *                       the tree, a duplicate node may be found.  If
+   *                       duplicates are allowed, then the new node will
+   *                       be simply placed into the tree.  If duplicates
+   *                       are not allowed, however, then one of two things
+   *                       may happen.
+   *                       1) if overwritting *is not* allowed, this
+   *                          function will return FALSE (indicating that
+   *                          the new node could not be inserted), and
+   *                          *OldNode will point to the duplicate that is
+   *                          still in the tree.
+   *                       2) if overwritting *is* allowed, then this
+   *                          function will swap **OldNode for *NewNode.
+   *                          In this case, *OldNode will point to the node
+   *                          that was removed (thus allowing you to free
+   *                          the node).
+   *                          **  If you are using overwrite mode, ALWAYS  **
+   *                          ** check the return value of this parameter! **
+   *                 Note: You may pass NULL in this parameter, the
+   *                       function knows how to cope.  If you do this,
+   *                       however, there will be no way to return a
+   *                       pointer to an old (ie. replaced) node (which is
+   *                       a problem if you are using overwrite mode).
+   *
+   *  Output:  a boolean value indicating success or failure.  The function
+   *           will return FALSE if the node could not be added to the tree.
+   *           Such failure will only occur if duplicates are not allowed,
+   *           nodes cannot be overwritten, AND a duplicate key was found
+   *           within the tree.
+   * ------------------------------------------------------------------------ **
+   */
+
+ubi_btNodePtr ubi_btRemove( ubi_btRootPtr RootPtr,
+                            ubi_btNodePtr DeadNode );
+  /* ------------------------------------------------------------------------ **
+   * This function removes the indicated node from the tree.
+   *
+   *  Input:   RootPtr  -  A pointer to the header of the tree that contains
+   *                       the node to be removed.
+   *           DeadNode -  A pointer to the node that will be removed.
+   *
+   *  Output:  This function returns a pointer to the node that was removed
+   *           from the tree (ie. the same as DeadNode).
+   *
+   *  Note:    The node MUST be in the tree indicated by RootPtr.  If not,
+   *           strange and evil things will happen to your trees.
+   * ------------------------------------------------------------------------ **
+   */
+
+ubi_btNodePtr ubi_btLocate( ubi_btRootPtr RootPtr,
+                            ubi_btItemPtr FindMe,
+                            ubi_trCompOps CompOp );
+  /* ------------------------------------------------------------------------ **
+   * The purpose of ubi_btLocate() is to find a node or set of nodes given
+   * a target value and a "comparison operator".  The Locate() function is
+   * more flexible and (in the case of trees that may contain dupicate keys)
+   * more precise than the ubi_btFind() function.  The latter is faster,
+   * but it only searches for exact matches and, if the tree contains
+   * duplicates, Find() may return a pointer to any one of the duplicate-
+   * keyed records.
+   *
+   *  Input:
+   *     RootPtr  -  A pointer to the header of the tree to be searched.
+   *     FindMe   -  An ubi_btItemPtr that indicates the key for which to
+   *                 search.
+   *     CompOp   -  One of the following:
+   *                    CompOp     Return a pointer to the node with
+   *                    ------     ---------------------------------
+   *                   ubi_trLT - the last key value that is less
+   *                              than FindMe.
+   *                   ubi_trLE - the first key matching FindMe, or
+   *                              the last key that is less than
+   *                              FindMe.
+   *                   ubi_trEQ - the first key matching FindMe.
+   *                   ubi_trGE - the first key matching FindMe, or the
+   *                              first key greater than FindMe.
+   *                   ubi_trGT - the first key greater than FindMe.
+   *  Output:
+   *     A pointer to the node matching the criteria listed above under
+   *     CompOp, or NULL if no node matched the criteria.
+   *
+   *  Notes:
+   *     In the case of trees with duplicate keys, Locate() will behave as
+   *     follows:
+   *
+   *     Find:  3                       Find: 3
+   *     Keys:  1 2 2 2 3 3 3 3 3 4 4   Keys: 1 1 2 2 2 4 4 5 5 5 6
+   *                  ^ ^         ^                   ^ ^
+   *                 LT EQ        GT                 LE GE
+   *
+   *     That is, when returning a pointer to a node with a key that is LESS
+   *     THAN the target key (FindMe), Locate() will return a pointer to the
+   *     LAST matching node.
+   *     When returning a pointer to a node with a key that is GREATER
+   *     THAN the target key (FindMe), Locate() will return a pointer to the
+   *     FIRST matching node.
+   *
+   *  See Also: ubi_btFind(), ubi_btFirstOf(), ubi_btLastOf().
+   * ------------------------------------------------------------------------ **
+   */
+
+ubi_btNodePtr ubi_btFind( ubi_btRootPtr RootPtr,
+                          ubi_btItemPtr FindMe );
+  /* ------------------------------------------------------------------------ **
+   * This function performs a non-recursive search of a tree for any node
+   * matching a specific key.
+   *
+   *  Input:
+   *     RootPtr  -  a pointer to the header of the tree to be searched.
+   *     FindMe   -  a pointer to the key value for which to search.
+   *
+   *  Output:
+   *     A pointer to a node with a key that matches the key indicated by
+   *     FindMe, or NULL if no such node was found.
+   *
+   *  Note:   In a tree that allows duplicates, the pointer returned *might
+   *          not* point to the (sequentially) first occurance of the
+   *          desired key.  In such a tree, it may be more useful to use
+   *          ubi_btLocate().
+   * ------------------------------------------------------------------------ **
+   */
+
+ubi_btNodePtr ubi_btNext( ubi_btNodePtr P );
+  /* ------------------------------------------------------------------------ **
+   * Given the node indicated by P, find the (sorted order) Next node in the
+   * tree.
+   *  Input:   P  -  a pointer to a node that exists in a binary tree.
+   *  Output:  A pointer to the "next" node in the tree, or NULL if P pointed
+   *           to the "last" node in the tree or was NULL.
+   * ------------------------------------------------------------------------ **
+   */
+
+ubi_btNodePtr ubi_btPrev( ubi_btNodePtr P );
+  /* ------------------------------------------------------------------------ **
+   * Given the node indicated by P, find the (sorted order) Previous node in
+   * the tree.
+   *  Input:   P  -  a pointer to a node that exists in a binary tree.
+   *  Output:  A pointer to the "previous" node in the tree, or NULL if P
+   *           pointed to the "first" node in the tree or was NULL.
+   * ------------------------------------------------------------------------ **
+   */
+
+ubi_btNodePtr ubi_btFirst( ubi_btNodePtr P );
+  /* ------------------------------------------------------------------------ **
+   * Given the node indicated by P, find the (sorted order) First node in the
+   * subtree of which *P is the root.
+   *  Input:   P  -  a pointer to a node that exists in a binary tree.
+   *  Output:  A pointer to the "first" node in a subtree that has *P as its
+   *           root.  This function will return NULL only if P is NULL.
+   *  Note:    In general, you will be passing in the value of the root field
+   *           of an ubi_btRoot structure.
+   * ------------------------------------------------------------------------ **
+   */
+
+ubi_btNodePtr ubi_btLast( ubi_btNodePtr P );
+  /* ------------------------------------------------------------------------ **
+   * Given the node indicated by P, find the (sorted order) Last node in the
+   * subtree of which *P is the root.
+   *  Input:   P  -  a pointer to a node that exists in a binary tree.
+   *  Output:  A pointer to the "last" node in a subtree that has *P as its
+   *           root.  This function will return NULL only if P is NULL.
+   *  Note:    In general, you will be passing in the value of the root field
+   *           of an ubi_btRoot structure.
+   * ------------------------------------------------------------------------ **
+   */
+
+ubi_btNodePtr ubi_btFirstOf( ubi_btRootPtr RootPtr,
+                             ubi_btItemPtr MatchMe,
+                             ubi_btNodePtr p );
+  /* ------------------------------------------------------------------------ **
+   * Given a tree that a allows duplicate keys, and a pointer to a node in
+   * the tree, this function will return a pointer to the first (traversal
+   * order) node with the same key value.
+   *
+   *  Input:  RootPtr - A pointer to the root of the tree.
+   *          MatchMe - A pointer to the key value.  This should probably
+   *                    point to the key within node *p.
+   *          p       - A pointer to a node in the tree.
+   *  Output: A pointer to the first node in the set of nodes with keys
+   *          matching <FindMe>.
+   *  Notes:  Node *p MUST be in the set of nodes with keys matching
+   *          <FindMe>.  If not, this function will return NULL.
+   *
+   *          4.7: Bug found & fixed by Massimo Campostrini,
+   *               Istituto Nazionale di Fisica Nucleare, Sezione di Pisa.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+
+ubi_btNodePtr ubi_btLastOf( ubi_btRootPtr RootPtr,
+                            ubi_btItemPtr MatchMe,
+                            ubi_btNodePtr p );
+  /* ------------------------------------------------------------------------ **
+   * Given a tree that a allows duplicate keys, and a pointer to a node in
+   * the tree, this function will return a pointer to the last (traversal
+   * order) node with the same key value.
+   *
+   *  Input:  RootPtr - A pointer to the root of the tree.
+   *          MatchMe - A pointer to the key value.  This should probably
+   *                    point to the key within node *p.
+   *          p       - A pointer to a node in the tree.
+   *  Output: A pointer to the last node in the set of nodes with keys
+   *          matching <FindMe>.
+   *  Notes:  Node *p MUST be in the set of nodes with keys matching
+   *          <FindMe>.  If not, this function will return NULL.
+   *
+   *          4.7: Bug found & fixed by Massimo Campostrini,
+   *               Istituto Nazionale di Fisica Nucleare, Sezione di Pisa.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+
+unsigned long ubi_btTraverse( ubi_btRootPtr   RootPtr,
+                              ubi_btActionRtn EachNode,
+                              void           *UserData );
+  /* ------------------------------------------------------------------------ **
+   * Traverse a tree in sorted order (non-recursively).  At each node, call
+   * (*EachNode)(), passing a pointer to the current node, and UserData as the
+   * second parameter.
+   *
+   *  Input:   RootPtr  -  a pointer to an ubi_btRoot structure that indicates
+   *                       the tree to be traversed.
+   *           EachNode -  a pointer to a function to be called at each node  
+   *                       as the node is visited.
+   *           UserData -  a generic pointer that may point to anything that
+   *                       you choose.
+   *           
+   *  Output:  A count of the number of nodes visited.  This will be zero
+   *           if the tree is empty.
+   *             
+   * ------------------------------------------------------------------------ **
+   */
+
+
+unsigned long ubi_btKillTree( ubi_btRootPtr     RootPtr,
+                              ubi_btKillNodeRtn FreeNode );
+  /* ------------------------------------------------------------------------ **
+   * Delete an entire tree (non-recursively) and reinitialize the ubi_btRoot
+   * structure.  Return a count of the number of nodes deleted.
+   *
+   *  Input:   RootPtr  -  a pointer to an ubi_btRoot structure that indicates
+   *                       the root of the tree to delete.
+   *           FreeNode -  a function that will be called for each node in the
+   *                       tree to deallocate the memory used by the node.
+   *
+   *  Output:  The number of nodes removed from the tree.
+   *           A value of 0 will be returned if:
+   *           - The tree actually contains 0 entries.
+   *           - the value of <RootPtr> is NULL, in which case the tree is
+   *             assumed to be empty
+   *           - the value of <FreeNode> is NULL, in which case entries
+   *             cannot be removed, so 0 is returned.  *Make sure that you
+   *             provide a valid value for <FreeNode>*.
+   *           In all other cases, you should get a positive value equal to
+   *           the value of RootPtr->count upon entry. 
+   *
+   * ------------------------------------------------------------------------ **
+   */
+
+ubi_btNodePtr ubi_btLeafNode( ubi_btNodePtr leader );
+  /* ------------------------------------------------------------------------ **
+   * Returns a pointer to a leaf node.
+   *
+   *  Input:  leader  - Pointer to a node at which to start the descent.
+   *
+   *  Output: A pointer to a leaf node selected in a somewhat arbitrary
+   *          manner.
+   *
+   *  Notes:  I wrote this function because I was using splay trees as a
+   *          database cache.  The cache had a maximum size on it, and I
+   *          needed a way of choosing a node to sacrifice if the cache
+   *          became full.  In a splay tree, less recently accessed nodes
+   *          tend toward the bottom of the tree, meaning that leaf nodes
+   *          are good candidates for removal.  (I really can't think of
+   *          any other reason to use this function.)
+   *        + In a simple binary tree or an AVL tree, the most recently
+   *          added nodes tend to be nearer the bottom, making this a *bad*
+   *          way to choose which node to remove from the cache.
+   *        + Randomizing the traversal order is probably a good idea.  You
+   *          can improve the randomization of leaf node selection by passing
+   *          in pointers to nodes other than the root node each time.  A
+   *          pointer to any node in the tree will do.  Of course, if you
+   *          pass a pointer to a leaf node you'll get the same thing back.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+
+
+int ubi_btModuleID( int size, char *list[] );
+  /* ------------------------------------------------------------------------ **
+   * Returns a set of strings that identify the module.
+   *
+   *  Input:  size  - The number of elements in the array <list>.
+   *          list  - An array of pointers of type (char *).  This array
+   *                  should, initially, be empty.  This function will fill
+   *                  in the array with pointers to strings.
+   *  Output: The number of elements of <list> that were used.  If this value
+   *          is less than <size>, the values of the remaining elements are
+   *          not guaranteed.
+   *
+   *  Notes:  Please keep in mind that the pointers returned indicate strings
+   *          stored in static memory.  Don't free() them, don't write over
+   *          them, etc.  Just read them.
+   * ------------------------------------------------------------------------ **
+   */
+
+/* -------------------------------------------------------------------------- **
+ * Masquarade...
+ *
+ * This set of defines allows you to write programs that will use any of the
+ * implemented binary tree modules (currently BinTree, AVLtree, and SplayTree).
+ * Instead of using ubi_bt..., use ubi_tr..., and select the tree type by
+ * including the appropriate module header.
+ */
+
+#define ubi_trItemPtr ubi_btItemPtr
+
+#define ubi_trNode    ubi_btNode
+#define ubi_trNodePtr ubi_btNodePtr
+
+#define ubi_trRoot    ubi_btRoot
+#define ubi_trRootPtr ubi_btRootPtr
+
+#define ubi_trCompFunc    ubi_btCompFunc
+#define ubi_trActionRtn   ubi_btActionRtn
+#define ubi_trKillNodeRtn ubi_btKillNodeRtn
+
+#define ubi_trSgn( x ) ubi_btSgn( x )
+
+#define ubi_trInitNode( Np ) ubi_btInitNode( (ubi_btNodePtr)(Np) )
+
+#define ubi_trInitTree( Rp, Cf, Fl ) \
+        ubi_btInitTree( (ubi_btRootPtr)(Rp), (ubi_btCompFunc)(Cf), (Fl) )
+
+#define ubi_trInsert( Rp, Nn, Ip, On ) \
+        ubi_btInsert( (ubi_btRootPtr)(Rp), (ubi_btNodePtr)(Nn), \
+                      (ubi_btItemPtr)(Ip), (ubi_btNodePtr *)(On) )
+
+#define ubi_trRemove( Rp, Dn ) \
+        ubi_btRemove( (ubi_btRootPtr)(Rp), (ubi_btNodePtr)(Dn) )
+
+#define ubi_trLocate( Rp, Ip, Op ) \
+        ubi_btLocate( (ubi_btRootPtr)(Rp), \
+                      (ubi_btItemPtr)(Ip), \
+                      (ubi_trCompOps)(Op) )
+
+#define ubi_trFind( Rp, Ip ) \
+        ubi_btFind( (ubi_btRootPtr)(Rp), (ubi_btItemPtr)(Ip) )
+
+#define ubi_trNext( P ) ubi_btNext( (ubi_btNodePtr)(P) )
+
+#define ubi_trPrev( P ) ubi_btPrev( (ubi_btNodePtr)(P) )
+
+#define ubi_trFirst( P ) ubi_btFirst( (ubi_btNodePtr)(P) )
+
+#define ubi_trLast( P ) ubi_btLast( (ubi_btNodePtr)(P) )
+
+#define ubi_trFirstOf( Rp, Ip, P ) \
+        ubi_btFirstOf( (ubi_btRootPtr)(Rp), \
+                       (ubi_btItemPtr)(Ip), \
+                       (ubi_btNodePtr)(P) )
+
+#define ubi_trLastOf( Rp, Ip, P ) \
+        ubi_btLastOf( (ubi_btRootPtr)(Rp), \
+                      (ubi_btItemPtr)(Ip), \
+                      (ubi_btNodePtr)(P) )
+
+#define ubi_trTraverse( Rp, En, Ud ) \
+        ubi_btTraverse((ubi_btRootPtr)(Rp), (ubi_btActionRtn)(En), (void *)(Ud))
+
+#define ubi_trKillTree( Rp, Fn ) \
+        ubi_btKillTree( (ubi_btRootPtr)(Rp), (ubi_btKillNodeRtn)(Fn) )
+
+#define ubi_trLeafNode( Nd ) \
+        ubi_btLeafNode( (ubi_btNodePtr)(Nd) )
+
+#define ubi_trModuleID( s, l ) ubi_btModuleID( s, l )
+
+/* ========================================================================== */
+#endif /* UBI_BINTREE_H */
diff --git a/source3/ubiqx/ubi_Cache.c b/source3/ubiqx/ubi_Cache.c
new file mode 100644
index 0000000000..f428dcefe9
--- /dev/null
+++ b/source3/ubiqx/ubi_Cache.c
@@ -0,0 +1,505 @@
+/* ========================================================================== **
+ *                                 ubi_Cache.c
+ *
+ *  Copyright (C) 1997 by Christopher R. Hertel
+ *
+ *  Email: crh@ubiqx.mn.org
+ * -------------------------------------------------------------------------- **
+ *
+ *  This module implements a generic cache.
+ *
+ * -------------------------------------------------------------------------- **
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public
+ *  License along with this library; if not, write to the Free
+ *  Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ * -------------------------------------------------------------------------- **
+ *
+ *  This module uses a splay tree to implement a simple cache.  The cache
+ *  module adds a thin layer of functionality to the splay tree.  In
+ *  particular:
+ *
+ *    - The tree (cache) may be limited in size by the number of
+ *      entries permitted or the amount of memory used.  When either
+ *      limit is exceeded cache entries are removed until the cache
+ *      conforms.
+ *    - Some statistical information is kept so that an approximate
+ *      "hit ratio" can be calculated.
+ *    - There are several functions available that provide access to
+ *      and management of cache size limits, hit ratio, and tree
+ *      trimming.
+ *
+ *  The splay tree is used because recently accessed items tend toward the
+ *  top of the tree and less recently accessed items tend toward the bottom.
+ *  This makes it easy to purge less recently used items should the cache
+ *  exceed its limits.
+ *
+ *  To use this module, you will need to supply a comparison function of
+ *  type ubi_trCompFunc and a node-freeing function of type
+ *  ubi_trKillNodeRtn.  See ubi_BinTree.h for more information on
+ *  these.  (This is all basic ubiqx tree management stuff.)
+ *
+ *  Notes:
+ *
+ *  - Cache performance will start to suffer dramatically if the
+ *    cache becomes large enough to force the OS to start swapping
+ *    memory to disk.  This is because the nodes of the underlying tree
+ *    will be scattered across memory in an order that is completely
+ *    unrelated to their traversal order.  As more and more of the
+ *    cache is placed into swap space, more and more swaps will be
+ *    required for a simple traversal (...and then there's the splay
+ *    operation).
+ *
+ *    In one simple test under Linux, the load and dump of a cache of
+ *    400,000 entries took only 1min, 40sec of real time.  The same
+ *    test with 450,000 records took 2 *hours* and eight minutes.
+ *
+ *  - In an effort to save memory, I considered using an unsigned
+ *    short to save the per-entry entry size.  I would have tucked this
+ *    value into some unused space in the tree node structure.  On
+ *    32-bit word aligned systems this would have saved an additional
+ *    four bytes per entry.  I may revisit this issue, but for now I've
+ *    decided against it.
+ *
+ *    Using an unsigned short would limit the size of an entry to 64K
+ *    bytes.  That's probably more than enough for most applications.
+ *    The key word in that last sentence, however, is "probably".  I
+ *    really dislike imposing such limits on things.
+ *
+ *  - Each entry keeps track of the amount of memory it used and the
+ *    cache header keeps the total.  This information is provided via
+ *    the EntrySize parameter in ubi_cachePut(), so it is up to you to
+ *    make sure that the numbers are accurate.  (The numbers don't even
+ *    have to represent bytes used.)
+ *
+ *    As you consider this, note that the strdup() function--as an
+ *    example--will call malloc().  The latter generally allocates a
+ *    multiple of the system word size, which may be more than the
+ *    number of bytes needed to store the string.
+ *
+ * -------------------------------------------------------------------------- **
+ *
+ *  Log: ubi_Cache.c,v 
+ *  Revision 0.4  1999/09/22 03:42:24  crh
+ *  Fixed a minor typo.
+ *
+ *  Revision 0.3  1998/06/03 18:00:15  crh
+ *  Further fiddling with sys_include.h, which is no longer explicitly
+ *  included by this module since it is inherited from ubi_BinTree.h.
+ *
+ *  Revision 0.2  1998/06/02 01:36:18  crh
+ *  Changed include name from ubi_null.h to sys_include.h to make it
+ *  more generic.
+ *
+ *  Revision 0.1  1998/05/20 04:36:02  crh
+ *  The C file now includes ubi_null.h.  See ubi_null.h for more info.
+ *
+ *  Revision 0.0  1997/12/18 06:24:33  crh
+ *  Initial Revision.
+ *
+ * ========================================================================== **
+ */
+
+#include "ubi_Cache.h"    /* Header for *this* module. */
+
+/* -------------------------------------------------------------------------- **
+ * Static data...
+ */
+
+/*  commented out until I make use of it...
+static char ModuleID[] = 
+"ubi_Cache\n\
+\tRevision: 0.4 \n\
+\tDate: 1999/09/22 03:42:24 \n\
+\tAuthor: crh \n";
+*/
+
+/* -------------------------------------------------------------------------- **
+ * Internal functions...
+ */
+
+static void free_entry( ubi_cacheRootPtr CachePtr, ubi_cacheEntryPtr EntryPtr )
+  /* ------------------------------------------------------------------------ **
+   * Free a ubi_cacheEntry, and adjust the mem_used counter accordingly.
+   *
+   *  Input:  CachePtr  - A pointer to the cache from which the entry has
+   *                      been removed.
+   *          EntryPtr  - A pointer to the already removed entry.
+   *
+   *  Output: none.
+   *
+   *  Notes:  The entry must be removed from the cache *before* this function
+   *          is called!!!!
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  CachePtr->mem_used -= EntryPtr->entry_size;
+  (*CachePtr->free_func)( (void *)EntryPtr );
+  } /* free_entry */
+
+static void cachetrim( ubi_cacheRootPtr crptr )
+  /* ------------------------------------------------------------------------ **
+   * Remove entries from the cache until the number of entries and the amount
+   * of memory used are *both* below or at the maximum.
+   *
+   *  Input:  crptr - pointer to the cache to be trimmed.
+   *
+   *  Output: None.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  while( ( crptr->max_entries && (crptr->max_entries < crptr->root.count) )
+      || ( crptr->max_memory  && (crptr->max_memory  < crptr->mem_used)   ) )
+    {
+    if( !ubi_cacheReduce( crptr, 1 ) )
+      return;
+    }
+  } /* cachetrim */
+
+
+/* -------------------------------------------------------------------------- **
+ * Exported functions...
+ */
+
+ubi_cacheRootPtr ubi_cacheInit( ubi_cacheRootPtr  CachePtr,
+                                ubi_trCompFunc    CompFunc,
+                                ubi_trKillNodeRtn FreeFunc,
+                                unsigned long     MaxEntries,
+                                unsigned long     MaxMemory )
+  /* ------------------------------------------------------------------------ **
+   * Initialize a cache header structure.
+   *
+   *  Input:  CachePtr    - A pointer to a ubi_cacheRoot structure that is
+   *                        to be initialized.
+   *          CompFunc    - A pointer to the function that will be called
+   *                        to compare two cache values.  See the module
+   *                        comments, above, for more information.
+   *          FreeFunc    - A pointer to a function that will be called
+   *                        to free a cache entry.  If you allocated
+   *                        the cache entry using malloc(), then this
+   *                        will likely be free().  If you are allocating
+   *                        cache entries from a free list, then this will
+   *                        likely be a function that returns memory to the
+   *                        free list, etc.
+   *          MaxEntries  - The maximum number of entries that will be
+   *                        allowed to exist in the cache.  If this limit
+   *                        is exceeded, then existing entries will be
+   *                        removed from the cache.  A value of zero
+   *                        indicates that there is no limit on the number
+   *                        of cache entries.  See ubi_cachePut().
+   *          MaxMemory   - The maximum amount of memory, in bytes, to be
+   *                        allocated to the cache (excluding the cache
+   *                        header).  If this is exceeded, existing entries
+   *                        in the cache will be removed until enough memory
+   *                        has been freed to meet the condition.  See
+   *                        ubi_cachePut().
+   *
+   *  Output: A pointer to the initialized cache (i.e., the same as CachePtr).
+   *
+   *  Notes:  Both MaxEntries and MaxMemory may be changed after the cache
+   *          has been created.  See
+   *            ubi_cacheSetMaxEntries() 
+   *            ubi_cacheSetMaxMemory()
+   *            ubi_cacheGetMaxEntries()
+   *            ubi_cacheGetMaxMemory()    (the latter two are macros).
+   *
+   *        - Memory is allocated in multiples of the word size.  The
+   *          return value of the strlen() function does not reflect
+   *          this; it will allways be less than or equal to the amount
+   *          of memory actually allocated.  Keep this in mind when
+   *          choosing a value for MaxMemory.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  if( CachePtr )
+    {
+    (void)ubi_trInitTree( CachePtr, CompFunc, ubi_trOVERWRITE );
+    CachePtr->free_func   = FreeFunc;
+    CachePtr->max_entries = MaxEntries;
+    CachePtr->max_memory  = MaxMemory;
+    CachePtr->mem_used    = 0;
+    CachePtr->cache_hits  = 0;
+    CachePtr->cache_trys  = 0;
+    }
+  return( CachePtr );
+  } /* ubi_cacheInit */
+
+ubi_cacheRootPtr ubi_cacheClear( ubi_cacheRootPtr CachePtr )
+  /* ------------------------------------------------------------------------ **
+   * Remove and free all entries in an existing cache.
+   *
+   *  Input:  CachePtr  - A pointer to the cache that is to be cleared.
+   *
+   *  Output: A pointer to the cache header (i.e., the same as CachePtr).
+   *          This function re-initializes the cache header.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  if( CachePtr )
+    {
+    (void)ubi_trKillTree( CachePtr, CachePtr->free_func );
+    CachePtr->mem_used    = 0;
+    CachePtr->cache_hits  = 0;
+    CachePtr->cache_trys  = 0;
+    }
+  return( CachePtr );
+  } /* ubi_cacheClear */
+
+void ubi_cachePut( ubi_cacheRootPtr  CachePtr,
+                   unsigned long     EntrySize,
+                   ubi_cacheEntryPtr EntryPtr,
+                   ubi_trItemPtr     Key )
+  /* ------------------------------------------------------------------------ **
+   * Add an entry to the cache.
+   *
+   *  Input:  CachePtr  - A pointer to the cache into which the entry
+   *                      will be added.
+   *          EntrySize - The size, in bytes, of the memory block indicated
+   *                      by EntryPtr.  This will be copied into the
+   *                      EntryPtr->entry_size field.
+   *          EntryPtr  - A pointer to a memory block that begins with a
+   *                      ubi_cacheEntry structure.  The entry structure
+   *                      should be followed immediately by the data to be
+   *                      cached (even if that is a pointer to yet more data).
+   *          Key       - Pointer used to identify the lookup key within the
+   *                      Entry.
+   *
+   *  Output: None.
+   *
+   *  Notes:  After adding the new node, the cache is "trimmed".  This
+   *          removes extra nodes if the tree has exceeded it's memory or
+   *          entry count limits.  It is unlikely that the newly added node
+   *          will be purged from the cache (assuming a reasonably large
+   *          cache), since new nodes in a splay tree (which is what this
+   *          module was designed to use) are moved to the top of the tree
+   *          and the cache purge process removes nodes from the bottom of
+   *          the tree.
+   *        - The underlying splay tree is opened in OVERWRITE mode.  If
+   *          the input key matches an existing key, the existing entry will
+   *          be politely removed from the tree and freed.
+   *        - Memory is allocated in multiples of the word size.  The
+   *          return value of the strlen() function does not reflect
+   *          this; it will allways be less than or equal to the amount
+   *          of memory actually allocated.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  ubi_trNodePtr OldNode;
+
+  EntryPtr->entry_size = EntrySize;
+  CachePtr->mem_used  += EntrySize;
+  (void)ubi_trInsert( CachePtr, EntryPtr, Key, &OldNode );
+  if( OldNode )
+    free_entry( CachePtr, (ubi_cacheEntryPtr)OldNode );
+
+  cachetrim( CachePtr );
+  } /* ubi_cachePut */
+
+ubi_cacheEntryPtr ubi_cacheGet( ubi_cacheRootPtr CachePtr,
+                                ubi_trItemPtr    FindMe )
+  /* ------------------------------------------------------------------------ **
+   * Attempt to retrieve an entry from the cache.
+   *
+   *  Input:  CachePtr  - A ponter to the cache that is to be searched.
+   *          FindMe    - A ubi_trItemPtr that indicates the key for which
+   *                      to search.
+   *
+   *  Output: A pointer to the cache entry that was found, or NULL if no
+   *          matching entry was found.
+   *
+   *  Notes:  This function also updates the hit ratio counters.
+   *          The counters are unsigned short.  If the number of cache tries
+   *          reaches 32768, then both the number of tries and the number of
+   *          hits are divided by two.  This prevents the counters from
+   *          overflowing.  See the comments in ubi_cacheHitRatio() for
+   *          additional notes.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  ubi_trNodePtr FoundPtr;
+
+  FoundPtr = ubi_trFind( CachePtr, FindMe );
+
+  if( FoundPtr )
+    CachePtr->cache_hits++;
+  CachePtr->cache_trys++;
+
+  if( CachePtr->cache_trys & 0x8000 )
+    {
+    CachePtr->cache_hits = CachePtr->cache_hits / 2;
+    CachePtr->cache_trys = CachePtr->cache_trys / 2;
+    }
+
+  return( (ubi_cacheEntryPtr)FoundPtr );
+  } /* ubi_cacheGet */
+
+ubi_trBool ubi_cacheDelete( ubi_cacheRootPtr CachePtr, ubi_trItemPtr DeleteMe )
+  /* ------------------------------------------------------------------------ **
+   * Find and delete the specified cache entry.
+   *
+   *  Input:  CachePtr  - A pointer to the cache.
+   *          DeleteMe  - The key of the entry to be deleted.
+   *
+   *  Output: TRUE if the entry was found & freed, else FALSE.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  ubi_trNodePtr FoundPtr;
+
+  FoundPtr = ubi_trFind( CachePtr, DeleteMe );
+  if( FoundPtr )
+    {
+    (void)ubi_trRemove( CachePtr, FoundPtr );
+    free_entry( CachePtr, (ubi_cacheEntryPtr)FoundPtr );
+    return( ubi_trTRUE );
+    }
+  return( ubi_trFALSE );
+  } /* ubi_cacheDelete */
+
+ubi_trBool ubi_cacheReduce( ubi_cacheRootPtr CachePtr, unsigned long count )
+  /* ------------------------------------------------------------------------ **
+   * Remove <count> entries from the bottom of the cache.
+   *
+   *  Input:  CachePtr  - A pointer to the cache which is to be reduced in
+   *                      size.
+   *          count     - The number of entries to remove.
+   *
+   *  Output: The function will return TRUE if <count> entries were removed,
+   *          else FALSE.  A return value of FALSE should indicate that
+   *          there were less than <count> entries in the cache, and that the
+   *          cache is now empty.
+   *
+   *  Notes:  This function forces a reduction in the number of cache entries
+   *          without requiring that the MaxMemory or MaxEntries values be
+   *          changed.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  ubi_trNodePtr NodePtr;
+
+  while( count )
+    {
+    NodePtr = ubi_trLeafNode( CachePtr->root.root );
+    if( NULL == NodePtr )
+      return( ubi_trFALSE );
+    else
+      {
+      (void)ubi_trRemove( CachePtr, NodePtr );
+      free_entry( CachePtr, (ubi_cacheEntryPtr)NodePtr );
+      }
+    count--;
+    }
+  return( ubi_trTRUE );
+  } /* ubi_cacheReduce */
+
+unsigned long ubi_cacheSetMaxEntries( ubi_cacheRootPtr CachePtr,
+                                      unsigned long    NewSize )
+  /* ------------------------------------------------------------------------ **
+   * Change the maximum number of entries allowed to exist in the cache.
+   *
+   *  Input:  CachePtr  - A pointer to the cache to be modified.
+   *          NewSize   - The new maximum number of cache entries.
+   *
+   *  Output: The maximum number of entries previously allowed to exist in
+   *          the cache.
+   *
+   *  Notes:  If the new size is less than the old size, this function will
+   *          trim the cache (remove excess entries).
+   *        - A value of zero indicates an unlimited number of entries.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  unsigned long oldsize = CachePtr->max_entries;      /* Save the old value.  */
+
+  CachePtr->max_entries = NewSize;                    /* Apply the new value. */
+  if( (NewSize < oldsize) || (NewSize && !oldsize) )  /* If size is smaller,  */
+    cachetrim( CachePtr );                            /*   remove excess.     */
+  return( oldsize );
+  } /* ubi_cacheSetMaxEntries */
+
+unsigned long ubi_cacheSetMaxMemory( ubi_cacheRootPtr CachePtr,
+                                     unsigned long    NewSize )
+  /* ------------------------------------------------------------------------ **
+   * Change the maximum amount of memory to be used for storing cache
+   * entries.
+   *
+   *  Input:  CachePtr  - A pointer to the cache to be modified.
+   *          NewSize   - The new cache memory size.
+   *
+   *  Output: The previous maximum memory size.
+   *
+   *  Notes:  If the new size is less than the old size, this function will
+   *          trim the cache (remove excess entries).
+   *        - A value of zero indicates that the cache has no memory limit.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  unsigned long oldsize = CachePtr->max_memory;       /* Save the old value.  */
+
+  CachePtr->max_memory = NewSize;                     /* Apply the new value. */
+  if( (NewSize < oldsize) || (NewSize && !oldsize) )  /* If size is smaller,  */
+    cachetrim( CachePtr );                            /*   remove excess.     */
+  return( oldsize );
+  } /* ubi_cacheSetMaxMemory */
+
+int ubi_cacheHitRatio( ubi_cacheRootPtr CachePtr )
+  /* ------------------------------------------------------------------------ **
+   * Returns a value that is 10,000 times the slightly weighted average hit
+   * ratio for the cache.
+   *
+   *  Input:  CachePtr  - Pointer to the cache to be queried.
+   *
+   *  Output: An integer that is 10,000 times the number of successful
+   *          cache hits divided by the number of cache lookups, or:
+   *            (10000 * hits) / trys
+   *          You can easily convert this to a float, or do something
+   *          like this (where i is the return value of this function):
+   *
+   *            printf( "Hit rate   : %d.%02d%%\n", (i/100), (i%100) );
+   *
+   *  Notes:  I say "slightly-weighted", because the numerator and
+   *          denominator are both accumulated in locations of type
+   *          'unsigned short'.  If the number of cache trys becomes
+   *          large enough, both are divided  by two.  (See function
+   *          ubi_cacheGet().) 
+   *          Dividing both numerator and denominator by two does not
+   *          change the ratio (much...it is an integer divide), but it
+   *          does mean that subsequent increments to either counter will
+   *          have twice as much significance as previous ones.
+   *
+   *        - The value returned by this function will be in the range
+   *          [0..10000] because ( 0 <= cache_hits <= cache_trys ) will
+   *          always be true.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  int tmp = 0;
+
+  if( CachePtr->cache_trys )
+    tmp = (int)( (10000 * (long)(CachePtr->cache_hits) )
+                        / (long)(CachePtr->cache_trys) );
+  return( tmp );
+  } /* ubi_cacheHitRatio */
+
+/* -------------------------------------------------------------------------- */
diff --git a/source3/ubiqx/ubi_Cache.h b/source3/ubiqx/ubi_Cache.h
new file mode 100644
index 0000000000..0fc3a074f7
--- /dev/null
+++ b/source3/ubiqx/ubi_Cache.h
@@ -0,0 +1,412 @@
+#ifndef UBI_CACHE_H
+#define UBI_CACHE_H
+/* ========================================================================== **
+ *                                 ubi_Cache.h
+ *
+ *  Copyright (C) 1997 by Christopher R. Hertel
+ *
+ *  Email: crh@ubiqx.mn.org
+ * -------------------------------------------------------------------------- **
+ *
+ *  This module implements a generic cache.
+ *
+ * -------------------------------------------------------------------------- **
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public
+ *  License along with this library; if not, write to the Free
+ *  Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ * -------------------------------------------------------------------------- **
+ *
+ *  This module uses a splay tree to implement a simple cache.  The cache
+ *  module adds a thin layer of functionality to the splay tree.  In
+ *  particular:
+ *
+ *    - The tree (cache) may be limited in size by the number of
+ *      entries permitted or the amount of memory used.  When either
+ *      limit is exceeded cache entries are removed until the cache
+ *      conforms.
+ *    - Some statistical information is kept so that an approximate
+ *      "hit ratio" can be calculated.
+ *    - There are several functions available that provide access to
+ *      and management of cache size limits, hit ratio, and tree
+ *      trimming.
+ *
+ *  The splay tree is used because recently accessed items tend toward the
+ *  top of the tree and less recently accessed items tend toward the bottom.
+ *  This makes it easy to purge less recently used items should the cache
+ *  exceed its limits.
+ *
+ *  To use this module, you will need to supply a comparison function of
+ *  type ubi_trCompFunc and a node-freeing function of type
+ *  ubi_trKillNodeRtn.  See ubi_BinTree.h for more information on
+ *  these.  (This is all basic ubiqx tree management stuff.)
+ *
+ *  Notes:
+ *
+ *  - Cache performance will start to suffer dramatically if the
+ *    cache becomes large enough to force the OS to start swapping
+ *    memory to disk.  This is because the nodes of the underlying tree
+ *    will be scattered across memory in an order that is completely
+ *    unrelated to their traversal order.  As more and more of the
+ *    cache is placed into swap space, more and more swaps will be
+ *    required for a simple traversal (...and then there's the splay
+ *    operation).
+ *
+ *    In one simple test under Linux, the load and dump of a cache of
+ *    400,000 entries took only 1min, 40sec of real time.  The same
+ *    test with 450,000 records took 2 *hours* and eight minutes.
+ *
+ *  - In an effort to save memory, I considered using an unsigned
+ *    short to save the per-entry entry size.  I would have tucked this
+ *    value into some unused space in the tree node structure.  On
+ *    32-bit word aligned systems this would have saved an additional
+ *    four bytes per entry.  I may revisit this issue, but for now I've
+ *    decided against it.
+ *
+ *    Using an unsigned short would limit the size of an entry to 64K
+ *    bytes.  That's probably more than enough for most applications.
+ *    The key word in that last sentence, however, is "probably".  I
+ *    really dislike imposing such limits on things.
+ *
+ *  - Each entry keeps track of the amount of memory it used and the
+ *    cache header keeps the total.  This information is provided via
+ *    the EntrySize parameter in ubi_cachePut(), so it is up to you to
+ *    make sure that the numbers are accurate.  (The numbers don't even
+ *    have to represent bytes used.)
+ *
+ *    As you consider this, note that the strdup() function--as an
+ *    example--will call malloc().  The latter generally allocates a
+ *    multiple of the system word size, which may be more than the
+ *    number of bytes needed to store the string.
+ *
+ * -------------------------------------------------------------------------- **
+ *
+ *  Log: ubi_Cache.h,v 
+ *  Revision 0.4  1999/09/22 03:42:24  crh
+ *  Fixed a minor typo.
+ *
+ *  Revision 0.3  1998/06/03 18:00:15  crh
+ *  Further fiddling with sys_include.h, which is no longer explicitly
+ *  included by this module since it is inherited from ubi_BinTree.h.
+ *
+ *  Revision 0.2  1998/06/02 01:36:18  crh
+ *  Changed include name from ubi_null.h to sys_include.h to make it
+ *  more generic.
+ *
+ *  Revision 0.1  1998/05/20 04:36:02  crh
+ *  The C file now includes ubi_null.h.  See ubi_null.h for more info.
+ *
+ *  Revision 0.0  1997/12/18 06:25:23  crh
+ *  Initial Revision.
+ *
+ * ========================================================================== **
+ */
+
+#include "ubi_SplayTree.h"
+
+/* -------------------------------------------------------------------------- **
+ * Typedefs...
+ *
+ *  ubi_cacheRoot     - Cache header structure, which consists of a binary
+ *                      tree root and other required housekeeping fields, as
+ *                      listed below.
+ *  ubi_cacheRootPtr  - Pointer to a Cache.
+ *
+ *  ubi_cacheEntry    - A cache Entry, which consists of a tree node
+ *                      structure and the size (in bytes) of the entry
+ *                      data.  The entry size should be supplied via
+ *                      the EntrySize parameter of the ubi_cachePut()
+ *                      function.
+ *
+ *  ubi_cacheEntryPtr - Pointer to a ubi_cacheEntry.
+ *
+ */
+
+typedef struct
+  {
+  ubi_trRoot        root;         /* Splay tree control structure.      */
+  ubi_trKillNodeRtn free_func;    /* Function used to free entries.     */
+  unsigned long     max_entries;  /* Max cache entries.  0 == unlimited */
+  unsigned long     max_memory;   /* Max memory to use.  0 == unlimited */
+  unsigned long     mem_used;     /* Memory currently in use (bytes).   */
+  unsigned short    cache_hits;   /* Incremented on succesful find.     */
+  unsigned short    cache_trys;   /* Incremented on cache lookup.       */
+  } ubi_cacheRoot;
+
+typedef ubi_cacheRoot *ubi_cacheRootPtr;
+
+
+typedef struct
+  {
+  ubi_trNode    node;           /* Tree node structure. */
+  unsigned long entry_size;     /* Entry size.  Used when managing
+                                 * caches with maximum memory limits.
+                                 */
+  } ubi_cacheEntry;
+
+typedef ubi_cacheEntry *ubi_cacheEntryPtr;
+
+
+/* -------------------------------------------------------------------------- **
+ * Macros...
+ *
+ *  ubi_cacheGetMaxEntries()  - Report the current maximum number of entries
+ *                              allowed in the cache.  Zero indicates no
+ *                              maximum.
+ *  ubi_cacheGetMaxMemory()   - Report the current maximum amount of memory
+ *                              that may be used in the cache.  Zero
+ *                              indicates no maximum.
+ *  ubi_cacheGetEntryCount()  - Report the current number of entries in the
+ *                              cache.
+ *  ubi_cacheGetMemUsed()     - Report the amount of memory currently in use
+ *                              by the cache.
+ */
+
+#define ubi_cacheGetMaxEntries( Cptr ) (((ubi_cacheRootPtr)(Cptr))->max_entries)
+#define ubi_cacheGetMaxMemory(  Cptr ) (((ubi_cacheRootPtr)(Cptr))->max_memory)
+
+#define ubi_cacheGetEntryCount( Cptr ) (((ubi_cacheRootPtr)(Cptr))->root.count)
+#define ubi_cacheGetMemUsed( Cptr ) (((ubi_cacheRootPtr)(Cptr))->mem_used)
+
+/* -------------------------------------------------------------------------- **
+ * Prototypes...
+ */
+
+ubi_cacheRootPtr ubi_cacheInit( ubi_cacheRootPtr  CachePtr,
+                                ubi_trCompFunc    CompFunc,
+                                ubi_trKillNodeRtn FreeFunc,
+                                unsigned long     MaxEntries,
+                                unsigned long     MaxMemory );
+  /* ------------------------------------------------------------------------ **
+   * Initialize a cache header structure.
+   *
+   *  Input:  CachePtr    - A pointer to a ubi_cacheRoot structure that is
+   *                        to be initialized.
+   *          CompFunc    - A pointer to the function that will be called
+   *                        to compare two cache values.  See the module
+   *                        comments, above, for more information.
+   *          FreeFunc    - A pointer to a function that will be called
+   *                        to free a cache entry.  If you allocated
+   *                        the cache entry using malloc(), then this
+   *                        will likely be free().  If you are allocating
+   *                        cache entries from a free list, then this will
+   *                        likely be a function that returns memory to the
+   *                        free list, etc.
+   *          MaxEntries  - The maximum number of entries that will be
+   *                        allowed to exist in the cache.  If this limit
+   *                        is exceeded, then existing entries will be
+   *                        removed from the cache.  A value of zero
+   *                        indicates that there is no limit on the number
+   *                        of cache entries.  See ubi_cachePut().
+   *          MaxMemory   - The maximum amount of memory, in bytes, to be
+   *                        allocated to the cache (excluding the cache
+   *                        header).  If this is exceeded, existing entries
+   *                        in the cache will be removed until enough memory
+   *                        has been freed to meet the condition.  See
+   *                        ubi_cachePut().
+   *
+   *  Output: A pointer to the initialized cache (i.e., the same as CachePtr).
+   *
+   *  Notes:  Both MaxEntries and MaxMemory may be changed after the cache
+   *          has been created.  See
+   *            ubi_cacheSetMaxEntries() 
+   *            ubi_cacheSetMaxMemory()
+   *            ubi_cacheGetMaxEntries()
+   *            ubi_cacheGetMaxMemory()    (the latter two are macros).
+   *
+   *        - Memory is allocated in multiples of the word size.  The
+   *          return value of the strlen() function does not reflect
+   *          this; it will allways be less than or equal to the amount
+   *          of memory actually allocated.  Keep this in mind when
+   *          choosing a value for MaxMemory.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+
+ubi_cacheRootPtr ubi_cacheClear( ubi_cacheRootPtr CachePtr );
+  /* ------------------------------------------------------------------------ **
+   * Remove and free all entries in an existing cache.
+   *
+   *  Input:  CachePtr  - A pointer to the cache that is to be cleared.
+   *
+   *  Output: A pointer to the cache header (i.e., the same as CachePtr).
+   *          This function re-initializes the cache header.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+
+void ubi_cachePut( ubi_cacheRootPtr  CachePtr,
+                   unsigned long     EntrySize,
+                   ubi_cacheEntryPtr EntryPtr,
+                   ubi_trItemPtr     Key );
+  /* ------------------------------------------------------------------------ **
+   * Add an entry to the cache.
+   *
+   *  Input:  CachePtr  - A pointer to the cache into which the entry
+   *                      will be added.
+   *          EntrySize - The size, in bytes, of the memory block indicated
+   *                      by EntryPtr.  This will be copied into the
+   *                      EntryPtr->entry_size field.
+   *          EntryPtr  - A pointer to a memory block that begins with a
+   *                      ubi_cacheEntry structure.  The entry structure
+   *                      should be followed immediately by the data to be
+   *                      cached (even if that is a pointer to yet more data).
+   *          Key       - Pointer used to identify the lookup key within the
+   *                      Entry.
+   *
+   *  Output: None.
+   *
+   *  Notes:  After adding the new node, the cache is "trimmed".  This
+   *          removes extra nodes if the tree has exceeded it's memory or
+   *          entry count limits.  It is unlikely that the newly added node
+   *          will be purged from the cache (assuming a reasonably large
+   *          cache), since new nodes in a splay tree (which is what this
+   *          module was designed to use) are moved to the top of the tree
+   *          and the cache purge process removes nodes from the bottom of
+   *          the tree.
+   *        - The underlying splay tree is opened in OVERWRITE mode.  If
+   *          the input key matches an existing key, the existing entry will
+   *          be politely removed from the tree and freed.
+   *        - Memory is allocated in multiples of the word size.  The
+   *          return value of the strlen() function does not reflect
+   *          this; it will allways be less than or equal to the amount
+   *          of memory actually allocated.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+
+ubi_cacheEntryPtr ubi_cacheGet( ubi_cacheRootPtr CachePtr,
+                                ubi_trItemPtr    FindMe );
+  /* ------------------------------------------------------------------------ **
+   * Attempt to retrieve an entry from the cache.
+   *
+   *  Input:  CachePtr  - A ponter to the cache that is to be searched.
+   *          FindMe    - A ubi_trItemPtr that indicates the key for which
+   *                      to search.
+   *
+   *  Output: A pointer to the cache entry that was found, or NULL if no
+   *          matching entry was found.
+   *
+   *  Notes:  This function also updates the hit ratio counters.
+   *          The counters are unsigned short.  If the number of cache tries
+   *          reaches 32768, then both the number of tries and the number of
+   *          hits are divided by two.  This prevents the counters from
+   *          overflowing.  See the comments in ubi_cacheHitRatio() for
+   *          additional notes.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+
+ubi_trBool ubi_cacheDelete( ubi_cacheRootPtr CachePtr, ubi_trItemPtr DeleteMe );
+  /* ------------------------------------------------------------------------ **
+   * Find and delete the specified cache entry.
+   *
+   *  Input:  CachePtr  - A pointer to the cache.
+   *          DeleteMe  - The key of the entry to be deleted.
+   *
+   *  Output: TRUE if the entry was found & freed, else FALSE.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+
+ubi_trBool ubi_cacheReduce( ubi_cacheRootPtr CachePtr, unsigned long count );
+  /* ------------------------------------------------------------------------ **
+   * Remove <count> entries from the bottom of the cache.
+   *
+   *  Input:  CachePtr  - A pointer to the cache which is to be reduced in
+   *                      size.
+   *          count     - The number of entries to remove.
+   *
+   *  Output: The function will return TRUE if <count> entries were removed,
+   *          else FALSE.  A return value of FALSE should indicate that
+   *          there were less than <count> entries in the cache, and that the
+   *          cache is now empty.
+   *
+   *  Notes:  This function forces a reduction in the number of cache entries
+   *          without requiring that the MaxMemory or MaxEntries values be
+   *          changed.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+
+unsigned long ubi_cacheSetMaxEntries( ubi_cacheRootPtr CachePtr,
+                                      unsigned long    NewSize );
+  /* ------------------------------------------------------------------------ **
+   * Change the maximum number of entries allowed to exist in the cache.
+   *
+   *  Input:  CachePtr  - A pointer to the cache to be modified.
+   *          NewSize   - The new maximum number of cache entries.
+   *
+   *  Output: The maximum number of entries previously allowed to exist in
+   *          the cache.
+   *
+   *  Notes:  If the new size is less than the old size, this function will
+   *          trim the cache (remove excess entries).
+   *        - A value of zero indicates an unlimited number of entries.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+
+unsigned long ubi_cacheSetMaxMemory( ubi_cacheRootPtr CachePtr,
+                                     unsigned long    NewSize );
+  /* ------------------------------------------------------------------------ **
+   * Change the maximum amount of memory to be used for storing cache
+   * entries.
+   *
+   *  Input:  CachePtr  - A pointer to the cache to be modified.
+   *          NewSize   - The new cache memory size.
+   *
+   *  Output: The previous maximum memory size.
+   *
+   *  Notes:  If the new size is less than the old size, this function will
+   *          trim the cache (remove excess entries).
+   *        - A value of zero indicates that the cache has no memory limit.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+
+int ubi_cacheHitRatio( ubi_cacheRootPtr CachePtr );
+  /* ------------------------------------------------------------------------ **
+   * Returns a value that is 10,000 times the slightly weighted average hit
+   * ratio for the cache.
+   *
+   *  Input:  CachePtr  - Pointer to the cache to be queried.
+   *
+   *  Output: An integer that is 10,000 times the number of successful
+   *          cache hits divided by the number of cache lookups, or:
+   *            (10000 * hits) / trys
+   *          You can easily convert this to a float, or do something
+   *          like this (where i is the return value of this function):
+   *
+   *            printf( "Hit rate   : %d.%02d%%\n", (i/100), (i%100) );
+   *
+   *  Notes:  I say "slightly-weighted", because the numerator and
+   *          denominator are both accumulated in locations of type
+   *          'unsigned short'.  If the number of cache trys becomes
+   *          large enough, both are divided  by two.  (See function
+   *          ubi_cacheGet().) 
+   *          Dividing both numerator and denominator by two does not
+   *          change the ratio (much...it is an integer divide), but it
+   *          does mean that subsequent increments to either counter will
+   *          have twice as much significance as previous ones. 
+   *
+   *        - The value returned by this function will be in the range
+   *          [0..10000] because ( 0 <= cache_hits <= cache_trys ) will
+   *          always be true.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+
+/* -------------------------------------------------------------------------- */
+#endif /* ubi_CACHE_H */
diff --git a/source3/ubiqx/ubi_SplayTree.c b/source3/ubiqx/ubi_SplayTree.c
new file mode 100644
index 0000000000..222506bd06
--- /dev/null
+++ b/source3/ubiqx/ubi_SplayTree.c
@@ -0,0 +1,512 @@
+/* ========================================================================== **
+ *                              ubi_SplayTree.c
+ *
+ *  Copyright (C) 1993-1998 by Christopher R. Hertel
+ *
+ *  Email: crh@ubiqx.mn.org
+ * -------------------------------------------------------------------------- **
+ *
+ *  This module implements "splay" trees.  Splay trees are binary trees
+ *  that are rearranged (splayed) whenever a node is accessed.  The
+ *  splaying process *tends* to make the tree bushier (improves balance),
+ *  and the nodes that are accessed most frequently *tend* to be closer to
+ *  the top.
+ *
+ *  References: "Self-Adjusting Binary Search Trees", by Daniel Sleator and
+ *              Robert Tarjan.  Journal of the Association for Computing
+ *              Machinery Vol 32, No. 3, July 1985 pp. 652-686
+ *
+ *    See also: http://www.cs.cmu.edu/~sleator/
+ *
+ * -------------------------------------------------------------------------- **
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public
+ *  License along with this library; if not, write to the Free
+ *  Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ * -------------------------------------------------------------------------- **
+ *
+ * Log: ubi_SplayTree.c,v 
+ * Revision 4.5  2000/01/08 23:26:49  crh
+ * Added ubi_trSplay() macro, which does a type cast for us.
+ *
+ * Revision 4.4  1998/06/04 21:29:27  crh
+ * Upper-cased defined constants (eg UBI_BINTREE_H) in some header files.
+ * This is more "standard", and is what people expect.  Weird, eh?
+ *
+ * Revision 4.3  1998/06/03 17:45:05  crh
+ * Further fiddling with sys_include.h.  It's now in ubi_BinTree.h which is
+ * included by all of the binary tree files.
+ *
+ * Also fixed some warnings produced by lint on Irix 6.2, which doesn't seem
+ * to like syntax like this:
+ *
+ *   if( (a = b) )
+ *
+ * The fix was to change lines like the above to:
+ *
+ *   if( 0 != (a=b) )
+ *
+ * Which means the same thing.
+ *
+ * Reminder: Some of the ubi_tr* macros in ubi_BinTree.h are redefined in
+ *           ubi_AVLtree.h and ubi_SplayTree.h.  This allows easy swapping
+ *           of tree types by simply changing a header.  Unfortunately, the
+ *           macro redefinitions in ubi_AVLtree.h and ubi_SplayTree.h will
+ *           conflict if used together.  You must either choose a single tree
+ *           type, or use the underlying function calls directly.  Compare
+ *           the two header files for more information.
+ *
+ * Revision 4.2  1998/06/02 01:29:14  crh
+ * Changed ubi_null.h to sys_include.h to make it more generic.
+ *
+ * Revision 4.1  1998/05/20 04:37:54  crh
+ * The C file now includes ubi_null.h.  See ubi_null.h for more info.
+ *
+ * Revision 4.0  1998/03/10 03:41:33  crh
+ * Minor comment changes.  The revision number is now 4.0 to match the
+ * BinTree and AVLtree modules.
+ *
+ * Revision 2.7  1998/01/24 06:37:08  crh
+ * Added a URL for more information.
+ *
+ * Revision 2.6  1997/12/23 04:01:12  crh
+ * In this version, all constants & macros defined in the header file have
+ * the ubi_tr prefix.  Also cleaned up anything that gcc complained about
+ * when run with '-pedantic -fsyntax-only -Wall'.
+ *
+ * Revision 2.5  1997/07/26 04:15:42  crh
+ * + Cleaned up a few minor syntax annoyances that gcc discovered for me.
+ * + Changed ubi_TRUE and ubi_FALSE to ubi_trTRUE and ubi_trFALSE.
+ *
+ * Revision 2.4  1997/06/03 04:42:21  crh
+ * Changed TRUE and FALSE to ubi_TRUE and ubi_FALSE to avoid causing
+ * problems.
+ *
+ * Revision 2.3  1995/10/03 22:19:07  CRH
+ * Ubisized!
+ * Also, added the function ubi_sptSplay().
+ *
+ * Revision 2.1  95/03/09  23:54:42  CRH
+ * Added the ModuleID static string and function.  These modules are now
+ * self-identifying.
+ * 
+ * Revision 2.0  95/02/27  22:34:46  CRH
+ * This module was updated to match the interface changes made to the
+ * ubi_BinTree module.  In particular, the interface to the Locate() function
+ * has changed.  See ubi_BinTree for more information on changes and new
+ * functions.
+ *
+ * The revision number was also upped to match ubi_BinTree.
+ *
+ * Revision 1.1  93/10/18  20:35:16  CRH
+ * I removed the hard-coded logical device names from the include file
+ * specifications.  CRH
+ *
+ * Revision 1.0  93/10/15  23:00:15  CRH
+ * With this revision, I have added a set of #define's that provide a single,
+ * standard API to all existing tree modules.  Until now, each of the three
+ * existing modules had a different function and typedef prefix, as follows:
+ *
+ *       Module        Prefix
+ *     ubi_BinTree     ubi_bt
+ *     ubi_AVLtree     ubi_avl
+ *     ubi_SplayTree   ubi_spt
+ *
+ * To further complicate matters, only those portions of the base module
+ * (ubi_BinTree) that were superceeded in the new module had the new names.
+ * For example, if you were using ubi_SplayTree, the locate function was
+ * called "ubi_sptLocate", but the next and previous functions remained
+ * "ubi_btNext" and "ubi_btPrev".
+ *
+ * This was not too terrible if you were familiar with the modules and knew
+ * exactly which tree model you wanted to use.  If you wanted to be able to
+ * change modules (for speed comparisons, etc), things could get messy very
+ * quickly.
+ *
+ * So, I have added a set of defined names that get redefined in any of the
+ * descendant modules.  To use this standardized interface in your code,
+ * simply replace all occurances of "ubi_bt", "ubi_avl", and "ubi_spt" with
+ * "ubi_tr".  The "ubi_tr" names will resolve to the correct function or
+ * datatype names for the module that you are using.  Just remember to
+ * include the header for that module in your program file.  Because these
+ * names are handled by the preprocessor, there is no added run-time
+ * overhead.
+ *
+ * Note that the original names do still exist, and can be used if you wish
+ * to write code directly to a specific module.  This should probably only be
+ * done if you are planning to implement a new descendant type, such as
+ * red/black trees.  CRH
+ *
+ * Revision 0.1  93/04/25  22:03:32  CRH
+ * Simply changed the <exec/types.h> #include reference the .c file to
+ * use <stdlib.h> instead.  The latter is portable, the former is not.
+ *
+ * Revision 0.0  93/04/21  23:05:52  CRH
+ * Initial version, written by Christopher R. Hertel.
+ * This module implements Splay Trees using the ubi_BinTree module as a basis.
+ *
+ * ========================================================================== **
+ */
+
+#include "ubi_SplayTree.h"  /* Header for THIS module.   */
+
+/* ========================================================================== **
+ * Static data.
+ */
+
+static char ModuleID[] = "ubi_SplayTree\n\
+\tRevision: 4.5 \n\
+\tDate: 2000/01/08 23:26:49 \n\
+\tAuthor: crh \n";
+
+
+/* ========================================================================== **
+ * Private functions...
+ */
+
+static void Rotate( ubi_btNodePtr p )
+  /* ------------------------------------------------------------------------ **
+   * This function performs a single rotation, moving node *p up one level
+   * in the tree.
+   *
+   *  Input:    p - a pointer to an ubi_btNode in a tree.
+   *
+   *  Output:   None.
+   *
+   *  Notes:    This implements a single rotation in either direction (left
+   *            or right).  This is the basic building block of all splay
+   *            tree rotations.
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  ubi_btNodePtr parentp;
+  ubi_btNodePtr tmp;
+  char          way;
+  char          revway;
+
+  parentp = p->Link[ubi_trPARENT];    /* Find parent. */
+
+  if( parentp )                 /* If no parent, then we're already the root. */
+    {
+    way    = p->gender;
+    revway = ubi_trRevWay(way);
+    tmp    = p->Link[(int)revway];
+
+    parentp->Link[(int)way] = tmp;
+    if( tmp )
+      {
+      tmp->Link[ubi_trPARENT] = parentp;
+      tmp->gender             = way;
+      }
+
+    tmp                   = parentp->Link[ubi_trPARENT];
+    p->Link[ubi_trPARENT] = tmp;
+    p->gender             = parentp->gender;
+    if( tmp )
+      tmp->Link[(int)(p->gender)] = p;
+
+    parentp->Link[ubi_trPARENT] = p;
+    parentp->gender             = revway;
+    p->Link[(int)revway]        = parentp;
+    }
+  } /* Rotate */
+
+static ubi_btNodePtr Splay( ubi_btNodePtr SplayWithMe )
+  /* ------------------------------------------------------------------------ **
+   * Move the node indicated by SplayWithMe to the root of the tree by
+   * splaying the tree.
+   *
+   *  Input:  SplayWithMe - A pointer to an ubi_btNode within a tree.
+   *
+   *  Output: A pointer to the root of the splay tree (i.e., the same as
+   *          SplayWithMe).
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  ubi_btNodePtr parent;
+
+  while( NULL != (parent = SplayWithMe->Link[ubi_trPARENT]) )
+    {
+    if( parent->gender == SplayWithMe->gender )       /* Zig-Zig */
+      Rotate( parent );
+    else
+      {
+      if( ubi_trEQUAL != parent->gender )             /* Zig-Zag */
+        Rotate( SplayWithMe );
+      }
+    Rotate( SplayWithMe );                            /* Zig */
+    } /* while */
+  return( SplayWithMe );
+  } /* Splay */
+
+/* ========================================================================== **
+ * Exported utilities.
+ */
+
+ubi_trBool ubi_sptInsert( ubi_btRootPtr  RootPtr,
+                          ubi_btNodePtr  NewNode,
+                          ubi_btItemPtr  ItemPtr,
+                          ubi_btNodePtr *OldNode )
+  /* ------------------------------------------------------------------------ **
+   * This function uses a non-recursive algorithm to add a new element to the
+   * splay tree.
+   *
+   *  Input:   RootPtr  -  a pointer to the ubi_btRoot structure that indicates
+   *                       the root of the tree to which NewNode is to be added.
+   *           NewNode  -  a pointer to an ubi_btNode structure that is NOT
+   *                       part of any tree.
+   *           ItemPtr  -  A pointer to the sort key that is stored within
+   *                       *NewNode.  ItemPtr MUST point to information stored
+   *                       in *NewNode or an EXACT DUPLICATE.  The key data
+   *                       indicated by ItemPtr is used to place the new node
+   *                       into the tree.
+   *           OldNode  -  a pointer to an ubi_btNodePtr.  When searching
+   *                       the tree, a duplicate node may be found.  If
+   *                       duplicates are allowed, then the new node will
+   *                       be simply placed into the tree.  If duplicates
+   *                       are not allowed, however, then one of two things
+   *                       may happen.
+   *                       1) if overwritting *is not* allowed, this
+   *                          function will return FALSE (indicating that
+   *                          the new node could not be inserted), and
+   *                          *OldNode will point to the duplicate that is
+   *                          still in the tree.
+   *                       2) if overwritting *is* allowed, then this
+   *                          function will swap **OldNode for *NewNode.
+   *                          In this case, *OldNode will point to the node
+   *                          that was removed (thus allowing you to free
+   *                          the node).
+   *                          **  If you are using overwrite mode, ALWAYS  **
+   *                          ** check the return value of this parameter! **
+   *                 Note: You may pass NULL in this parameter, the
+   *                       function knows how to cope.  If you do this,
+   *                       however, there will be no way to return a
+   *                       pointer to an old (ie. replaced) node (which is
+   *                       a problem if you are using overwrite mode).
+   *
+   *  Output:  a boolean value indicating success or failure.  The function
+   *           will return FALSE if the node could not be added to the tree.
+   *           Such failure will only occur if duplicates are not allowed,
+   *           nodes cannot be overwritten, AND a duplicate key was found
+   *           within the tree.
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  ubi_btNodePtr OtherP;
+
+  if( !(OldNode) )
+    OldNode = &OtherP;
+
+  if( ubi_btInsert( RootPtr, NewNode, ItemPtr, OldNode ) )
+    {
+    RootPtr->root = Splay( NewNode );
+    return( ubi_trTRUE );
+    }
+
+  /* Splay the unreplacable, duplicate keyed, unique, old node. */
+  RootPtr->root = Splay( (*OldNode) );
+  return( ubi_trFALSE );
+  } /* ubi_sptInsert */
+
+ubi_btNodePtr ubi_sptRemove( ubi_btRootPtr RootPtr, ubi_btNodePtr DeadNode )
+  /* ------------------------------------------------------------------------ **
+   * This function removes the indicated node from the tree.
+   *
+   *  Input:   RootPtr  -  A pointer to the header of the tree that contains
+   *                       the node to be removed.
+   *           DeadNode -  A pointer to the node that will be removed.
+   *
+   *  Output:  This function returns a pointer to the node that was removed
+   *           from the tree (ie. the same as DeadNode).
+   *
+   *  Note:    The node MUST be in the tree indicated by RootPtr.  If not,
+   *           strange and evil things will happen to your trees.
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  ubi_btNodePtr p;
+
+  (void)Splay( DeadNode );                  /* Move dead node to root.        */
+  if( NULL != (p = DeadNode->Link[ubi_trLEFT]) )
+    {                                       /* If left subtree exists...      */
+    ubi_btNodePtr q = DeadNode->Link[ubi_trRIGHT];
+
+    p->Link[ubi_trPARENT] = NULL;           /* Left subtree node becomes root.*/
+    p->gender             = ubi_trPARENT;
+    p                     = ubi_btLast( p );  /* Find rightmost left node...  */
+    p->Link[ubi_trRIGHT]  = q;                /* ...attach right tree.        */
+    if( q )
+      q->Link[ubi_trPARENT] = p;
+    RootPtr->root   = Splay( p );           /* Resplay at p.                  */
+    }
+  else
+    {
+    if( NULL != (p = DeadNode->Link[ubi_trRIGHT]) )
+      {                               /* No left, but right subtree exists... */
+      p->Link[ubi_trPARENT] = NULL;         /* Right subtree root becomes...  */
+      p->gender       = ubi_trPARENT;       /* ...overall tree root.          */
+      RootPtr->root   = p;
+      }
+    else
+      RootPtr->root = NULL;                 /* No subtrees => empty tree.     */
+    }
+
+  (RootPtr->count)--;                       /* Decrement node count.          */
+  return( DeadNode );                       /* Return pointer to pruned node. */
+  } /* ubi_sptRemove */
+
+ubi_btNodePtr ubi_sptLocate( ubi_btRootPtr RootPtr,
+                             ubi_btItemPtr FindMe,
+                             ubi_trCompOps CompOp )
+  /* ------------------------------------------------------------------------ **
+   * The purpose of ubi_btLocate() is to find a node or set of nodes given
+   * a target value and a "comparison operator".  The Locate() function is
+   * more flexible and (in the case of trees that may contain dupicate keys)
+   * more precise than the ubi_btFind() function.  The latter is faster,
+   * but it only searches for exact matches and, if the tree contains
+   * duplicates, Find() may return a pointer to any one of the duplicate-
+   * keyed records.
+   *
+   *  Input:
+   *     RootPtr  -  A pointer to the header of the tree to be searched.
+   *     FindMe   -  An ubi_btItemPtr that indicates the key for which to
+   *                 search.
+   *     CompOp   -  One of the following:
+   *                    CompOp     Return a pointer to the node with
+   *                    ------     ---------------------------------
+   *                   ubi_trLT - the last key value that is less
+   *                              than FindMe.
+   *                   ubi_trLE - the first key matching FindMe, or
+   *                              the last key that is less than
+   *                              FindMe.
+   *                   ubi_trEQ - the first key matching FindMe.
+   *                   ubi_trGE - the first key matching FindMe, or the
+   *                              first key greater than FindMe.
+   *                   ubi_trGT - the first key greater than FindMe.
+   *  Output:
+   *     A pointer to the node matching the criteria listed above under
+   *     CompOp, or NULL if no node matched the criteria.
+   *
+   *  Notes:
+   *     In the case of trees with duplicate keys, Locate() will behave as
+   *     follows:
+   *
+   *     Find:  3                       Find: 3
+   *     Keys:  1 2 2 2 3 3 3 3 3 4 4   Keys: 1 1 2 2 2 4 4 5 5 5 6
+   *                  ^ ^         ^                   ^ ^
+   *                 LT EQ        GT                 LE GE
+   *
+   *     That is, when returning a pointer to a node with a key that is LESS
+   *     THAN the target key (FindMe), Locate() will return a pointer to the
+   *     LAST matching node.
+   *     When returning a pointer to a node with a key that is GREATER
+   *     THAN the target key (FindMe), Locate() will return a pointer to the
+   *     FIRST matching node.
+   *
+   *  See Also: ubi_btFind(), ubi_btFirstOf(), ubi_btLastOf().
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  ubi_btNodePtr p;
+
+  p = ubi_btLocate( RootPtr, FindMe, CompOp );
+  if( p )
+    RootPtr->root = Splay( p );
+  return( p );
+  } /* ubi_sptLocate */
+
+ubi_btNodePtr ubi_sptFind( ubi_btRootPtr RootPtr,
+                           ubi_btItemPtr FindMe )
+  /* ------------------------------------------------------------------------ **
+   * This function performs a non-recursive search of a tree for any node
+   * matching a specific key.
+   *
+   *  Input:
+   *     RootPtr  -  a pointer to the header of the tree to be searched.
+   *     FindMe   -  a pointer to the key value for which to search.
+   *
+   *  Output:
+   *     A pointer to a node with a key that matches the key indicated by
+   *     FindMe, or NULL if no such node was found.
+   *
+   *  Note:   In a tree that allows duplicates, the pointer returned *might
+   *          not* point to the (sequentially) first occurance of the
+   *          desired key.  In such a tree, it may be more useful to use
+   *          ubi_sptLocate().
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  ubi_btNodePtr p;
+
+  p = ubi_btFind( RootPtr, FindMe );
+  if( p )
+    RootPtr->root = Splay( p );
+  return( p );
+  } /* ubi_sptFind */
+
+void ubi_sptSplay( ubi_btRootPtr RootPtr,
+                   ubi_btNodePtr SplayMe )
+  /* ------------------------------------------------------------------------ **
+   *  This function allows you to splay the tree at a given node, thus moving
+   *  the node to the top of the tree.
+   *
+   *  Input:
+   *     RootPtr  -  a pointer to the header of the tree to be splayed.
+   *     SplayMe  -  a pointer to a node within the tree.  This will become
+   *                 the new root node.
+   *  Output: None.
+   *
+   *  Notes:  This is an uncharacteristic function for this group of modules
+   *          in that it provides access to the internal balancing routines,
+   *          which would normally be hidden.
+   *          Splaying the tree will not damage it (assuming that I've done
+   *          *my* job), but there is overhead involved.  I don't recommend
+   *          that you use this function unless you understand the underlying
+   *          Splay Tree principles involved.
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  RootPtr->root = Splay( SplayMe );
+  } /* ubi_sptSplay */
+
+int ubi_sptModuleID( int size, char *list[] )
+  /* ------------------------------------------------------------------------ **
+   * Returns a set of strings that identify the module.
+   *
+   *  Input:  size  - The number of elements in the array <list>.
+   *          list  - An array of pointers of type (char *).  This array
+   *                  should, initially, be empty.  This function will fill
+   *                  in the array with pointers to strings.
+   *  Output: The number of elements of <list> that were used.  If this value
+   *          is less than <size>, the values of the remaining elements are
+   *          not guaranteed.
+   *
+   *  Notes:  Please keep in mind that the pointers returned indicate strings
+   *          stored in static memory.  Don't free() them, don't write over
+   *          them, etc.  Just read them.
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  if( size > 0 )
+    {
+    list[0] = ModuleID;
+    if( size > 1 )
+      return( 1 + ubi_btModuleID( --size, &(list[1]) ) );
+    return( 1 );
+    }
+  return( 0 );
+  } /* ubi_sptModuleID */
+
+/* ================================ The End ================================= */
+
diff --git a/source3/ubiqx/ubi_SplayTree.h b/source3/ubiqx/ubi_SplayTree.h
new file mode 100644
index 0000000000..e4fac796a9
--- /dev/null
+++ b/source3/ubiqx/ubi_SplayTree.h
@@ -0,0 +1,377 @@
+#ifndef UBI_SPLAYTREE_H
+#define UBI_SPLAYTREE_H
+/* ========================================================================== **
+ *                              ubi_SplayTree.h
+ *
+ *  Copyright (C) 1993-1998 by Christopher R. Hertel
+ *
+ *  Email: crh@ubiqx.mn.org
+ * -------------------------------------------------------------------------- **
+ *
+ *  This module implements "splay" trees.  Splay trees are binary trees
+ *  that are rearranged (splayed) whenever a node is accessed.  The
+ *  splaying process *tends* to make the tree bushier (improves balance),
+ *  and the nodes that are accessed most frequently *tend* to be closer to
+ *  the top.
+ *
+ *  References: "Self-Adjusting Binary Search Trees", by Daniel Sleator and
+ *              Robert Tarjan.  Journal of the Association for Computing
+ *              Machinery Vol 32, No. 3, July 1985 pp. 652-686
+ *
+ *    See also: http://www.cs.cmu.edu/~sleator/ 
+ *
+ * -------------------------------------------------------------------------- **
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public
+ *  License along with this library; if not, write to the Free
+ *  Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ * -------------------------------------------------------------------------- **
+ *
+ * Log: ubi_SplayTree.h,v 
+ * Revision 4.5  2000/01/08 23:26:49  crh
+ * Added ubi_trSplay() macro, which does a type cast for us.
+ *
+ * Revision 4.4  1998/06/04 21:29:27  crh
+ * Upper-cased defined constants (eg UBI_BINTREE_H) in some header files.
+ * This is more "standard", and is what people expect.  Weird, eh?
+ *
+ * Revision 4.3  1998/06/03 17:45:05  crh
+ * Further fiddling with sys_include.h.  It's now in ubi_BinTree.h which is
+ * included by all of the binary tree files.
+ *
+ * Also fixed some warnings produced by lint on Irix 6.2, which doesn't seem
+ * to like syntax like this:
+ *
+ *   if( (a = b) )
+ *
+ * The fix was to change lines like the above to:
+ *
+ *   if( 0 != (a=b) )
+ *
+ * Which means the same thing.
+ *
+ * Reminder: Some of the ubi_tr* macros in ubi_BinTree.h are redefined in
+ *           ubi_AVLtree.h and ubi_SplayTree.h.  This allows easy swapping
+ *           of tree types by simply changing a header.  Unfortunately, the
+ *           macro redefinitions in ubi_AVLtree.h and ubi_SplayTree.h will
+ *           conflict if used together.  You must either choose a single tree
+ *           type, or use the underlying function calls directly.  Compare
+ *           the two header files for more information.
+ *
+ * Revision 4.2  1998/06/02 01:29:14  crh
+ * Changed ubi_null.h to sys_include.h to make it more generic.
+ *
+ * Revision 4.1  1998/05/20 04:37:54  crh
+ * The C file now includes ubi_null.h.  See ubi_null.h for more info.
+ *
+ * Revision 4.0  1998/03/10 03:40:57  crh
+ * Minor comment changes.  The revision number is now 4.0 to match the
+ * BinTree and AVLtree modules.
+ *
+ * Revision 2.7  1998/01/24 06:37:57  crh
+ * Added a URL for more information.
+ *
+ * Revision 2.6  1997/12/23 04:02:20  crh
+ * In this version, all constants & macros defined in the header file have
+ * the ubi_tr prefix.  Also cleaned up anything that gcc complained about
+ * when run with '-pedantic -fsyntax-only -Wall'.
+ *
+ * Revision 2.5  1997/07/26 04:15:46  crh
+ * + Cleaned up a few minor syntax annoyances that gcc discovered for me.
+ * + Changed ubi_TRUE and ubi_FALSE to ubi_trTRUE and ubi_trFALSE.
+ *
+ * Revision 2.4  1997/06/03 05:22:56  crh
+ * Changed TRUE and FALSE to ubi_TRUE and ubi_FALSE to avoid causing
+ * problems.
+ *
+ * Revision 2.3  1995/10/03 22:19:37  CRH
+ * Ubisized!
+ * Also, added the function ubi_sptSplay().
+ *
+ * Revision 2.1  95/03/09  23:55:04  CRH
+ * Added the ModuleID static string and function.  These modules are now
+ * self-identifying.
+ * 
+ * Revision 2.0  95/02/27  22:34:55  CRH
+ * This module was updated to match the interface changes made to the
+ * ubi_BinTree module.  In particular, the interface to the Locate() function
+ * has changed.  See ubi_BinTree for more information on changes and new
+ * functions.
+ *
+ * The revision number was also upped to match ubi_BinTree.
+ *
+ *
+ * Revision 1.0  93/10/15  22:59:36  CRH
+ * With this revision, I have added a set of #define's that provide a single,
+ * standard API to all existing tree modules.  Until now, each of the three
+ * existing modules had a different function and typedef prefix, as follows:
+ *
+ *       Module        Prefix
+ *     ubi_BinTree     ubi_bt
+ *     ubi_AVLtree     ubi_avl
+ *     ubi_SplayTree   ubi_spt
+ *
+ * To further complicate matters, only those portions of the base module
+ * (ubi_BinTree) that were superceeded in the new module had the new names.
+ * For example, if you were using ubi_SplayTree, the locate function was
+ * called "ubi_sptLocate", but the next and previous functions remained
+ * "ubi_btNext" and "ubi_btPrev".
+ *
+ * This was not too terrible if you were familiar with the modules and knew
+ * exactly which tree model you wanted to use.  If you wanted to be able to
+ * change modules (for speed comparisons, etc), things could get messy very
+ * quickly.
+ *
+ * So, I have added a set of defined names that get redefined in any of the
+ * descendant modules.  To use this standardized interface in your code,
+ * simply replace all occurances of "ubi_bt", "ubi_avl", and "ubi_spt" with
+ * "ubi_tr".  The "ubi_tr" names will resolve to the correct function or
+ * datatype names for the module that you are using.  Just remember to
+ * include the header for that module in your program file.  Because these
+ * names are handled by the preprocessor, there is no added run-time
+ * overhead.
+ *
+ * Note that the original names do still exist, and can be used if you wish
+ * to write code directly to a specific module.  This should probably only be
+ * done if you are planning to implement a new descendant type, such as
+ * red/black trees.  CRH
+ *
+ * Revision 0.0  93/04/21  23:07:13  CRH
+ * Initial version, written by Christopher R. Hertel.
+ * This module implements Splay Trees using the ubi_BinTree module as a basis.
+ *
+ * ========================================================================== **
+ */
+
+#include "ubi_BinTree.h" /* Base binary tree functions, types, etc.  */
+
+/* ========================================================================== **
+ * Function prototypes...
+ */
+
+ubi_trBool ubi_sptInsert( ubi_btRootPtr  RootPtr,
+                          ubi_btNodePtr  NewNode,
+                          ubi_btItemPtr  ItemPtr,
+                          ubi_btNodePtr *OldNode );
+  /* ------------------------------------------------------------------------ **
+   * This function uses a non-recursive algorithm to add a new element to the
+   * splay tree.
+   *
+   *  Input:   RootPtr  -  a pointer to the ubi_btRoot structure that indicates
+   *                       the root of the tree to which NewNode is to be added.
+   *           NewNode  -  a pointer to an ubi_btNode structure that is NOT
+   *                       part of any tree.
+   *           ItemPtr  -  A pointer to the sort key that is stored within
+   *                       *NewNode.  ItemPtr MUST point to information stored
+   *                       in *NewNode or an EXACT DUPLICATE.  The key data
+   *                       indicated by ItemPtr is used to place the new node
+   *                       into the tree.
+   *           OldNode  -  a pointer to an ubi_btNodePtr.  When searching
+   *                       the tree, a duplicate node may be found.  If
+   *                       duplicates are allowed, then the new node will
+   *                       be simply placed into the tree.  If duplicates
+   *                       are not allowed, however, then one of two things
+   *                       may happen.
+   *                       1) if overwritting *is not* allowed, this
+   *                          function will return FALSE (indicating that
+   *                          the new node could not be inserted), and
+   *                          *OldNode will point to the duplicate that is
+   *                          still in the tree.
+   *                       2) if overwritting *is* allowed, then this
+   *                          function will swap **OldNode for *NewNode.
+   *                          In this case, *OldNode will point to the node
+   *                          that was removed (thus allowing you to free
+   *                          the node).
+   *                          **  If you are using overwrite mode, ALWAYS  **
+   *                          ** check the return value of this parameter! **
+   *                 Note: You may pass NULL in this parameter, the
+   *                       function knows how to cope.  If you do this,
+   *                       however, there will be no way to return a
+   *                       pointer to an old (ie. replaced) node (which is
+   *                       a problem if you are using overwrite mode).
+   *
+   *  Output:  a boolean value indicating success or failure.  The function
+   *           will return FALSE if the node could not be added to the tree.
+   *           Such failure will only occur if duplicates are not allowed,
+   *           nodes cannot be overwritten, AND a duplicate key was found
+   *           within the tree.
+   * ------------------------------------------------------------------------ **
+   */
+
+ubi_btNodePtr ubi_sptRemove( ubi_btRootPtr RootPtr, ubi_btNodePtr DeadNode );
+  /* ------------------------------------------------------------------------ **
+   * This function removes the indicated node from the tree.
+   *
+   *  Input:   RootPtr  -  A pointer to the header of the tree that contains
+   *                       the node to be removed.
+   *           DeadNode -  A pointer to the node that will be removed.
+   *
+   *  Output:  This function returns a pointer to the node that was removed
+   *           from the tree (ie. the same as DeadNode).
+   *
+   *  Note:    The node MUST be in the tree indicated by RootPtr.  If not,
+   *           strange and evil things will happen to your trees.
+   * ------------------------------------------------------------------------ **
+   */
+
+ubi_btNodePtr ubi_sptLocate( ubi_btRootPtr RootPtr,
+                             ubi_btItemPtr FindMe,
+                             ubi_trCompOps CompOp );
+  /* ------------------------------------------------------------------------ **
+   * The purpose of ubi_btLocate() is to find a node or set of nodes given
+   * a target value and a "comparison operator".  The Locate() function is
+   * more flexible and (in the case of trees that may contain dupicate keys)
+   * more precise than the ubi_btFind() function.  The latter is faster,
+   * but it only searches for exact matches and, if the tree contains
+   * duplicates, Find() may return a pointer to any one of the duplicate-
+   * keyed records.
+   *
+   *  Input:
+   *     RootPtr  -  A pointer to the header of the tree to be searched.
+   *     FindMe   -  An ubi_btItemPtr that indicates the key for which to
+   *                 search.
+   *     CompOp   -  One of the following:
+   *                    CompOp     Return a pointer to the node with
+   *                    ------     ---------------------------------
+   *                   ubi_trLT - the last key value that is less
+   *                              than FindMe.
+   *                   ubi_trLE - the first key matching FindMe, or
+   *                              the last key that is less than
+   *                              FindMe.
+   *                   ubi_trEQ - the first key matching FindMe.
+   *                   ubi_trGE - the first key matching FindMe, or the
+   *                              first key greater than FindMe.
+   *                   ubi_trGT - the first key greater than FindMe.
+   *  Output:
+   *     A pointer to the node matching the criteria listed above under
+   *     CompOp, or NULL if no node matched the criteria.
+   *
+   *  Notes:
+   *     In the case of trees with duplicate keys, Locate() will behave as
+   *     follows:
+   *
+   *     Find:  3                       Find: 3
+   *     Keys:  1 2 2 2 3 3 3 3 3 4 4   Keys: 1 1 2 2 2 4 4 5 5 5 6
+   *                  ^ ^         ^                   ^ ^
+   *                 LT EQ        GT                 LE GE
+   *
+   *     That is, when returning a pointer to a node with a key that is LESS
+   *     THAN the target key (FindMe), Locate() will return a pointer to the
+   *     LAST matching node.
+   *     When returning a pointer to a node with a key that is GREATER
+   *     THAN the target key (FindMe), Locate() will return a pointer to the
+   *     FIRST matching node.
+   *
+   *  See Also: ubi_btFind(), ubi_btFirstOf(), ubi_btLastOf().
+   * ------------------------------------------------------------------------ **
+   */
+
+ubi_btNodePtr ubi_sptFind( ubi_btRootPtr RootPtr,
+                           ubi_btItemPtr FindMe );
+  /* ------------------------------------------------------------------------ **
+   * This function performs a non-recursive search of a tree for any node
+   * matching a specific key.
+   *
+   *  Input:
+   *     RootPtr  -  a pointer to the header of the tree to be searched.
+   *     FindMe   -  a pointer to the key value for which to search.
+   *
+   *  Output:
+   *     A pointer to a node with a key that matches the key indicated by
+   *     FindMe, or NULL if no such node was found.
+   *
+   *  Note:   In a tree that allows duplicates, the pointer returned *might
+   *          not* point to the (sequentially) first occurance of the
+   *          desired key.  In such a tree, it may be more useful to use
+   *          ubi_sptLocate().
+   * ------------------------------------------------------------------------ **
+   */
+
+void ubi_sptSplay( ubi_btRootPtr RootPtr,
+                   ubi_btNodePtr SplayMe );
+  /* ------------------------------------------------------------------------ **
+   *  This function allows you to splay the tree at a given node, thus moving
+   *  the node to the top of the tree.
+   *
+   *  Input:
+   *     RootPtr  -  a pointer to the header of the tree to be splayed.
+   *     SplayMe  -  a pointer to a node within the tree.  This will become
+   *                 the new root node.
+   *  Output: None.
+   *
+   *  Notes:  This is an uncharacteristic function for this group of modules
+   *          in that it provides access to the internal balancing routines,
+   *          which would normally be hidden.
+   *          Splaying the tree will not damage it (assuming that I've done
+   *          *my* job), but there is overhead involved.  I don't recommend
+   *          that you use this function unless you understand the underlying
+   *          Splay Tree principles involved.
+   * ------------------------------------------------------------------------ **
+   */
+
+int ubi_sptModuleID( int size, char *list[] );
+  /* ------------------------------------------------------------------------ **
+   * Returns a set of strings that identify the module.
+   *
+   *  Input:  size  - The number of elements in the array <list>.
+   *          list  - An array of pointers of type (char *).  This array
+   *                  should, initially, be empty.  This function will fill
+   *                  in the array with pointers to strings.
+   *  Output: The number of elements of <list> that were used.  If this value
+   *          is less than <size>, the values of the remaining elements are
+   *          not guaranteed.
+   *
+   *  Notes:  Please keep in mind that the pointers returned indicate strings
+   *          stored in static memory.  Don't free() them, don't write over
+   *          them, etc.  Just read them.
+   * ------------------------------------------------------------------------ **
+   */
+
+/* -------------------------------------------------------------------------- **
+ * Masquarade...
+ *
+ * This set of defines allows you to write programs that will use any of the
+ * implemented binary tree modules (currently BinTree, AVLtree, and SplayTree).
+ * Instead of using ubi_bt..., use ubi_tr..., and select the tree type by
+ * including the appropriate module header.
+ */
+
+#undef ubi_trInsert
+#undef ubi_trRemove
+#undef ubi_trLocate
+#undef ubi_trFind
+#undef ubi_trModuleID
+
+#define ubi_trInsert( Rp, Nn, Ip, On ) \
+        ubi_sptInsert( (ubi_btRootPtr)(Rp), (ubi_btNodePtr)(Nn), \
+                       (ubi_btItemPtr)(Ip), (ubi_btNodePtr *)(On) )
+
+#define ubi_trRemove( Rp, Dn ) \
+        ubi_sptRemove( (ubi_btRootPtr)(Rp), (ubi_btNodePtr)(Dn) )
+
+#define ubi_trLocate( Rp, Ip, Op ) \
+        ubi_sptLocate( (ubi_btRootPtr)(Rp), \
+                       (ubi_btItemPtr)(Ip), \
+                       (ubi_trCompOps)(Op) )
+
+#define ubi_trFind( Rp, Ip ) \
+        ubi_sptFind( (ubi_btRootPtr)(Rp), (ubi_btItemPtr)(Ip) )
+
+#define ubi_trSplay( Rp, Sm ) \
+        ubi_sptSplay( (ubi_btRootPtr)(Rp), (ubi_btNodePtr)(Sm) )
+
+#define ubi_trModuleID( s, l ) ubi_sptModuleID( s, l )
+
+/* ================================ The End ================================= */
+#endif /* UBI_SPLAYTREE_H */
diff --git a/source3/ubiqx/ubi_dLinkList.c b/source3/ubiqx/ubi_dLinkList.c
new file mode 100644
index 0000000000..eb95033c69
--- /dev/null
+++ b/source3/ubiqx/ubi_dLinkList.c
@@ -0,0 +1,171 @@
+/* ========================================================================== **
+ *                              ubi_dLinkList.c
+ *
+ *  Copyright (C) 1997, 1998 by Christopher R. Hertel
+ *
+ *  Email: crh@ubiqx.mn.org
+ * -------------------------------------------------------------------------- **
+ *  This module implements simple doubly-linked lists.
+ * -------------------------------------------------------------------------- **
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public
+ *  License along with this library; if not, write to the Free
+ *  Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ * -------------------------------------------------------------------------- **
+ *
+ * Log: ubi_dLinkList.c,v 
+ * Revision 0.11  1999/06/19 16:58:06  crh
+ * Renamed the ubi_slRemove() function in ubi_sLinkList to
+ * ubi_slRemoveNext().  I was bothered by the fact that it didn't
+ * match the functionality of the ubi_dlRemove() function in
+ * ubi_dLinkList.  The new name is more 'correct'.
+ *
+ * Revision 0.10  1998/07/24 07:30:20  crh
+ * Added the ubi_dlNewList() macro.
+ *
+ * Revision 0.9  1998/06/04 21:29:27  crh
+ * Upper-cased defined constants (eg UBI_BINTREE_H) in some header files.
+ * This is more "standard", and is what people expect.  Weird, eh?
+ *
+ * Revision 0.8  1998/06/03 18:06:03  crh
+ * Further fiddling with sys_include.h, which has been moved from the .c file
+ * to the .h file.
+ *
+ * Revision 0.7  1998/06/02 01:38:47  crh
+ * Changed include file name from ubi_null.h to sys_include.h to make it
+ * more generic.
+ *
+ * Revision 0.6  1998/05/20 04:38:05  crh
+ * The C file now includes ubi_null.h.  See ubi_null.h for more info.
+ *
+ * Revision 0.5  1998/03/10 02:55:00  crh
+ * Simplified the code and added macros for stack & queue manipulations.
+ *
+ * Revision 0.4  1998/01/03 01:53:56  crh
+ * Added ubi_dlCount() macro.
+ *
+ * Revision 0.3  1997/10/15 03:05:39  crh
+ * Added some handy type casting to the macros.  Added AddHere and RemThis
+ * macros.
+ *
+ * Revision 0.2  1997/10/08 03:07:21  crh
+ * Fixed a few forgotten link-ups in Insert(), and fixed the AddHead()
+ * macro, which was passing the wrong value for <After> to Insert().
+ *
+ * Revision 0.1  1997/10/07 04:34:07  crh
+ * Initial Revision.
+ *
+ * -------------------------------------------------------------------------- **
+ * This module is similar to the ubi_sLinkList module, but it is neither a
+ * descendant type nor an easy drop-in replacement for the latter.  One key
+ * difference is that the ubi_dlRemove() function removes the indicated node,
+ * while the ubi_slRemoveNext() function (in ubi_sLinkList) removes the node
+ * *following* the indicated node.
+ *
+ * ========================================================================== **
+ */
+
+#include "ubi_dLinkList.h"  /* Header for *this* module. */
+
+/* ========================================================================== **
+ * Functions...
+ */
+
+ubi_dlListPtr ubi_dlInitList( ubi_dlListPtr ListPtr )
+  /* ------------------------------------------------------------------------ **
+   * Initialize a doubly-linked list header.
+   *
+   *  Input:  ListPtr - A pointer to the list structure that is to be
+   *                    initialized for use.
+   *
+   *  Output: A pointer to the initialized list header (i.e., same as
+   *          <ListPtr>).
+   *
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  ListPtr->Head  = NULL;
+  ListPtr->Tail  = NULL;
+  ListPtr->count = 0;
+  return( ListPtr );
+  } /* ubi_dlInitList */
+
+ubi_dlNodePtr ubi_dlInsert( ubi_dlListPtr ListPtr,
+                            ubi_dlNodePtr New,
+                            ubi_dlNodePtr After )
+  /* ------------------------------------------------------------------------ **
+   * Insert a new node into the list.
+   *
+   *  Input:  ListPtr - A pointer to the list into which the node is to
+   *                    be inserted.
+   *          New     - Pointer to the new node.
+   *          After   - NULL, or a pointer to a node that is already in the
+   *                    list.
+   *                    If NULL, then <New> will be added at the head of the
+   *                    list, else it will be added following <After>.
+   * 
+   *  Output: A pointer to the node that was inserted into the list (i.e.,
+   *          the same as <New>).
+   *
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  ubi_dlNodePtr PredNode = After ? After : (ubi_dlNodePtr)ListPtr;
+
+  New->Next         = PredNode->Next;
+  New->Prev         = After;
+  PredNode->Next    = New;
+  if( New->Next )
+    New->Next->Prev = New;
+  else
+    ListPtr->Tail   = New;
+
+  (ListPtr->count)++;
+
+  return( New );
+  } /* ubi_dlInsert */
+
+ubi_dlNodePtr ubi_dlRemove( ubi_dlListPtr ListPtr, ubi_dlNodePtr Old )
+  /* ------------------------------------------------------------------------ **
+   * Remove a node from the list.
+   *
+   *  Input:  ListPtr - A pointer to the list from which <Old> is to be
+   *                    removed.
+   *          Old     - A pointer to the node that is to be removed from the
+   *                    list.
+   *
+   *  Output: A pointer to the node that was removed (i.e., <Old>).
+   *
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  if( Old )
+    {
+    if( Old->Next )
+      Old->Next->Prev = Old->Prev;
+    else
+      ListPtr->Tail = Old->Prev;
+
+    if( Old->Prev )
+      Old->Prev->Next = Old->Next;
+    else
+      ListPtr->Head = Old->Next;
+
+    (ListPtr->count)--;
+    }
+
+  return( Old );
+  } /* ubi_dlRemove */
+
+/* ================================ The End ================================= */
diff --git a/source3/ubiqx/ubi_dLinkList.h b/source3/ubiqx/ubi_dLinkList.h
new file mode 100644
index 0000000000..682e566ee6
--- /dev/null
+++ b/source3/ubiqx/ubi_dLinkList.h
@@ -0,0 +1,242 @@
+#ifndef UBI_DLINKLIST_H
+#define UBI_DLINKLIST_H
+/* ========================================================================== **
+ *                              ubi_dLinkList.h
+ *
+ *  Copyright (C) 1997, 1998 by Christopher R. Hertel
+ *
+ *  Email: crh@ubiqx.mn.org
+ * -------------------------------------------------------------------------- **
+ *  This module implements simple doubly-linked lists.
+ * -------------------------------------------------------------------------- **
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public
+ *  License along with this library; if not, write to the Free
+ *  Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ * -------------------------------------------------------------------------- **
+ *
+ * Log: ubi_dLinkList.h,v 
+ * Revision 0.11  1999/06/19 16:58:06  crh
+ * Renamed the ubi_slRemove() function in ubi_sLinkList to
+ * ubi_slRemoveNext().  I was bothered by the fact that it didn't
+ * match the functionality of the ubi_dlRemove() function in
+ * ubi_dLinkList.  The new name is more 'correct'.
+ *
+ * Revision 0.10  1998/07/24 07:30:20  crh
+ * Added the ubi_dlNewList() macro.
+ *
+ * Revision 0.9  1998/06/04 21:29:27  crh
+ * Upper-cased defined constants (eg UBI_BINTREE_H) in some header files.
+ * This is more "standard", and is what people expect.  Weird, eh?
+ *
+ * Revision 0.8  1998/06/03 18:06:03  crh
+ * Further fiddling with sys_include.h, which has been moved from the .c file
+ * to the .h file.
+ *
+ * Revision 0.7  1998/06/02 01:38:47  crh
+ * Changed include file name from ubi_null.h to sys_include.h to make it
+ * more generic.
+ *
+ * Revision 0.6  1998/05/20 04:38:05  crh
+ * The C file now includes ubi_null.h.  See ubi_null.h for more info.
+ *
+ * Revision 0.5  1998/03/10 02:54:04  crh
+ * Simplified the code and added macros for stack & queue manipulations.
+ *
+ * Revision 0.4  1998/01/03 01:53:44  crh
+ * Added ubi_dlCount() macro.
+ *
+ * Revision 0.3  1997/10/15 03:04:31  crh
+ * Added some handy type casting to the macros.  Added AddHere and RemThis
+ * macros.
+ *
+ * Revision 0.2  1997/10/08 03:08:16  crh
+ * Fixed a few forgotten link-ups in Insert(), and fixed the AddHead()
+ * macro, which was passing the wrong value for <After> to Insert().
+ *
+ * Revision 0.1  1997/10/07 04:34:38  crh
+ * Initial Revision.
+ *
+ * -------------------------------------------------------------------------- **
+ * This module is similar to the ubi_sLinkList module, but it is neither a
+ * descendant type nor an easy drop-in replacement for the latter.  One key
+ * difference is that the ubi_dlRemove() function removes the indicated node,
+ * while the ubi_slRemoveNext() function (in ubi_sLinkList) removes the node
+ * *following* the indicated node.
+ *
+ * ========================================================================== **
+ */
+
+#include "sys_include.h"    /* System-specific includes. */
+
+/* ========================================================================== **
+ * Typedefs...
+ *
+ *  ubi_dlNode    - This is the basic node structure.
+ *  ubi_dlNodePtr - Pointer to a node.
+ *  ubi_dlList    - This is the list header structure.
+ *  ubi_dlListPtr - Pointer to a List (i.e., a list header structure).
+ *
+ */
+
+typedef struct ubi_dlListNode
+  {
+  struct ubi_dlListNode *Next;
+  struct ubi_dlListNode *Prev;
+  } ubi_dlNode;
+
+typedef ubi_dlNode *ubi_dlNodePtr;
+
+typedef struct
+  {
+  ubi_dlNodePtr Head;
+  ubi_dlNodePtr Tail;
+  unsigned long count;
+  } ubi_dlList;
+
+typedef ubi_dlList *ubi_dlListPtr;
+
+/* ========================================================================== **
+ * Macros...
+ *
+ *  ubi_dlNewList - Macro used to declare and initialize a new list in one
+ *                  swell foop.  It is used when defining a variable of
+ *                  type ubi_dlList.  The definition
+ *                    static ubi_dlNewList( gerbil );
+ *                  is translated to
+ *                    static ubi_dlList gerbil[1] = {{ NULL, NULL, 0 }};
+ *
+ *  ubi_dlCount   - Return the number of entries currently in the list.
+ *
+ *  ubi_dlAddHead - Add a new node at the head of the list.
+ *  ubi_dlAddNext - Add a node following the given node.
+ *  ubi_dlAddTail - Add a new node at the tail of the list.
+ *                  Note: AddTail evaluates the L parameter twice.
+ *
+ *  ubi_dlRemHead - Remove the node at the head of the list, if any.
+ *                  Note: RemHead evaluates the L parameter twice.
+ *  ubi_dlRemThis - Remove the indicated node.
+ *  ubi_dlRemTail - Remove the node at the tail of the list, if any.
+ *                  Note: RemTail evaluates the L parameter twice.
+ *
+ *  ubi_dlFirst   - Return a pointer to the first node in the list, if any.
+ *  ubi_dlLast    - Return a pointer to the last node in the list, if any.
+ *  ubi_dlNext    - Given a node, return a pointer to the next node.
+ *  ubi_dlPrev    - Given a node, return a pointer to the previous node.
+ *
+ *  ubi_dlPush    - Add a node at the head of the list (synonym of AddHead).
+ *  ubi_dlPop     - Remove a node at the head of the list (synonym of RemHead).
+ *  ubi_dlEnqueue - Add a node at the tail of the list (sysnonym of AddTail).
+ *  ubi_dlDequeue - Remove a node at the head of the list (synonym of RemHead).
+ *
+ *  Note that all of these provide type casting of the parameters.  The
+ *  Add and Rem macros are nothing more than nice front-ends to the
+ *  Insert and Remove operations.
+ *
+ *  Also note that the First, Next and Last macros do no parameter checking!
+ *
+ */
+
+#define ubi_dlNewList( L ) ubi_dlList (L)[1] = {{ NULL, NULL, 0 }}
+
+#define ubi_dlCount( L ) (((ubi_dlListPtr)(L))->count)
+
+#define ubi_dlAddHead( L, N ) \
+        ubi_dlInsert( (ubi_dlListPtr)(L), (ubi_dlNodePtr)(N), NULL )
+
+#define ubi_dlAddNext( L, N, A ) \
+        ubi_dlInsert( (ubi_dlListPtr)(L), \
+                      (ubi_dlNodePtr)(N), \
+                      (ubi_dlNodePtr)(A) )
+
+#define ubi_dlAddTail( L, N ) \
+        ubi_dlInsert( (ubi_dlListPtr)(L), \
+                      (ubi_dlNodePtr)(N), \
+                    (((ubi_dlListPtr)(L))->Tail) )
+
+#define ubi_dlRemHead( L ) ubi_dlRemove( (ubi_dlListPtr)(L), \
+                                         (((ubi_dlListPtr)(L))->Head) )
+
+#define ubi_dlRemThis( L, N ) ubi_dlRemove( (ubi_dlListPtr)(L), \
+                                            (ubi_dlNodePtr)(N) )
+
+#define ubi_dlRemTail( L ) ubi_dlRemove( (ubi_dlListPtr)(L), \
+                                         (((ubi_dlListPtr)(L))->Tail) )
+
+#define ubi_dlFirst( L ) (((ubi_dlListPtr)(L))->Head)
+
+#define ubi_dlLast( L )  (((ubi_dlListPtr)(L))->Tail)
+
+#define ubi_dlNext( N )  (((ubi_dlNodePtr)(N))->Next)
+
+#define ubi_dlPrev( N )  (((ubi_dlNodePtr)(N))->Prev)
+
+#define ubi_dlPush    ubi_dlAddHead
+#define ubi_dlPop     ubi_dlRemHead
+#define ubi_dlEnqueue ubi_dlAddTail
+#define ubi_dlDequeue ubi_dlRemHead
+
+/* ========================================================================== **
+ * Function prototypes...
+ */
+
+ubi_dlListPtr ubi_dlInitList( ubi_dlListPtr ListPtr );
+  /* ------------------------------------------------------------------------ **
+   * Initialize a doubly-linked list header.
+   *
+   *  Input:  ListPtr - A pointer to the list structure that is to be
+   *                    initialized for use.
+   *
+   *  Output: A pointer to the initialized list header (i.e., same as
+   *          <ListPtr>).
+   *
+   * ------------------------------------------------------------------------ **
+   */
+
+ubi_dlNodePtr ubi_dlInsert( ubi_dlListPtr ListPtr,
+                            ubi_dlNodePtr New,
+                            ubi_dlNodePtr After );
+  /* ------------------------------------------------------------------------ **
+   * Insert a new node into the list.
+   *
+   *  Input:  ListPtr - A pointer to the list into which the node is to
+   *                    be inserted.
+   *          New     - Pointer to the new node.
+   *          After   - NULL, or a pointer to a node that is already in the
+   *                    list.
+   *                    If NULL, then <New> will be added at the head of the
+   *                    list, else it will be added following <After>.
+   * 
+   *  Output: A pointer to the node that was inserted into the list (i.e.,
+   *          the same as <New>).
+   *
+   * ------------------------------------------------------------------------ **
+   */
+
+ubi_dlNodePtr ubi_dlRemove( ubi_dlListPtr ListPtr, ubi_dlNodePtr Old );
+  /* ------------------------------------------------------------------------ **
+   * Remove a node from the list.
+   *
+   *  Input:  ListPtr - A pointer to the list from which <Old> is to be
+   *                    removed.
+   *          Old     - A pointer to the node that is to be removed from the
+   *                    list.
+   *
+   *  Output: A pointer to the node that was removed (i.e., <Old>).
+   *
+   * ------------------------------------------------------------------------ **
+   */
+
+/* ================================ The End ================================= */
+#endif /* UBI_DLINKLIST_H */
diff --git a/source3/ubiqx/ubi_sLinkList.c b/source3/ubiqx/ubi_sLinkList.c
new file mode 100644
index 0000000000..ff75931b47
--- /dev/null
+++ b/source3/ubiqx/ubi_sLinkList.c
@@ -0,0 +1,187 @@
+/* ========================================================================== **
+ *                              ubi_sLinkList.c
+ *
+ *  Copyright (C) 1997, 1998 by Christopher R. Hertel
+ *
+ *  Email: crh@ubiqx.mn.org
+ * -------------------------------------------------------------------------- **
+ *  This module implements a simple singly-linked list.
+ * -------------------------------------------------------------------------- **
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public
+ *  License along with this library; if not, write to the Free
+ *  Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ * -------------------------------------------------------------------------- **
+ *
+ * Log: ubi_sLinkList.c,v 
+ * Revision 0.10  1999/06/19 16:58:06  crh
+ * Renamed the ubi_slRemove() function in ubi_sLinkList to
+ * ubi_slRemoveNext().  I was bothered by the fact that it didn't
+ * match the functionality of the ubi_dlRemove() function in
+ * ubi_dLinkList.  The new name is more 'correct'.
+ *
+ * Revision 0.9  1998/07/24 07:30:20  crh
+ * Added the ubi_slNewList() macro.
+ *
+ * Revision 0.8  1998/06/04 21:29:27  crh
+ * Upper-cased defined constants (eg UBI_BINTREE_H) in some header files.
+ * This is more "standard", and is what people expect.  Weird, eh?
+ *
+ * Revision 0.7  1998/06/03 18:06:03  crh
+ * Further fiddling with sys_include.h, which has been moved from the .c file
+ * to the .h file.
+ *
+ * Revision 0.6  1998/06/02 01:38:47  crh
+ * Changed include file name from ubi_null.h to sys_include.h to make it
+ * more generic.
+ *
+ * Revision 0.5  1998/05/20 04:38:05  crh
+ * The C file now includes ubi_null.h.  See ubi_null.h for more info.
+ *
+ * Revision 0.4  1998/03/10 02:23:20  crh
+ * Combined ubi_StackQueue and ubi_sLinkList into one module.  Redesigned
+ * the functions and macros.  Not a complete rewrite but close to it.
+ *
+ * Revision 0.3  1998/01/03 01:59:52  crh
+ * Added ubi_slCount() macro.
+ *
+ * Revision 0.2  1997/10/21 03:35:18  crh
+ * Added parameter <After> in function Insert().  Made necessary changes
+ * to macro AddHead() and added macro AddHere().
+ *
+ * Revision 0.1  1997/10/16 02:53:45  crh
+ * Initial Revision.
+ *
+ * -------------------------------------------------------------------------- **
+ *  This module implements a singly-linked list which may also be used as a
+ *  queue or a stack.  For a queue, entries are added at the tail and removed
+ *  from the head of the list.  For a stack, the entries are entered and
+ *  removed from the head of the list.  A traversal of the list will always
+ *  start at the head of the list and proceed toward the tail.  This is all
+ *  mind-numbingly simple, but I'm surprised by the number of programs out
+ *  there which re-implement this a dozen or so times.
+ *
+ *  Note:  When the list header is initialized, the Tail pointer is set to
+ *         point to the Head pointer.  This simplifies things a great deal,
+ *         except that you can't initialize a stack or queue by simply
+ *         zeroing it out.  One sure way to initialize the header is to call
+ *         ubi_slInit().  Another option would be something like this:
+ *
+ *           ubi_slNewList( MyList );
+ *
+ *         Which translates to:
+ *
+ *           ubi_slList MyList[1] = { NULL, (ubi_slNodePtr)MyList, 0 };
+ *
+ *         See ubi_slInit(), ubi_slNewList(), and the ubi_slList structure
+ *         for more info.
+ *
+ *        + Also, note that this module is similar to the ubi_dLinkList
+ *          module.  There are three key differences:
+ *          - This is a singly-linked list, the other is a doubly-linked
+ *            list.
+ *          - In this module, if the list is empty, the tail pointer will
+ *            point back to the head of the list as described above.  This
+ *            is not done in ubi_dLinkList.
+ *          - The ubi_slRemoveNext() function, by necessity, removes the
+ *            'next' node.  In ubi_dLinkList, the ubi_dlRemove() function
+ *            removes the 'current' node.
+ *
+ * ========================================================================== **
+ */
+
+#include "ubi_sLinkList.h"  /* Header for *this* module. */
+
+/* ========================================================================== **
+ * Functions...
+ */
+
+ubi_slListPtr ubi_slInitList( ubi_slListPtr ListPtr )
+  /* ------------------------------------------------------------------------ **
+   * Initialize a singly-linked list header.
+   *
+   *  Input:  ListPtr - A pointer to the list structure that is to be
+   *                    initialized for use.
+   *
+   *  Output: A pointer to the initialized list header (i.e., same as
+   *          <ListPtr>).
+   *
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  ListPtr->Head  = NULL;
+  ListPtr->Tail  = (ubi_slNodePtr)ListPtr;
+  ListPtr->count = 0;
+  return( ListPtr );
+  } /* ubi_slInitList */
+
+ubi_slNodePtr ubi_slInsert( ubi_slListPtr ListPtr,
+                            ubi_slNodePtr New,
+                            ubi_slNodePtr After )
+  /* ------------------------------------------------------------------------ **
+   * Add a node to the list.
+   *
+   *  Input:  ListPtr - A pointer to the list into which the node is to
+   *                    be inserted.
+   *          New     - Pointer to the node that is to be added to the list.
+   *          After   - Pointer to a list in a node after which the new node
+   *                    will be inserted.  If NULL, then the new node will
+   *                    be added at the head of the list.
+   *
+   *  Output: A pointer to the node that was inserted into the list (i.e.,
+   *          the same as <New>).
+   *
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  After = After ? After : (ubi_slNodePtr)ListPtr;
+  New->Next   = After->Next;
+  After->Next = New;
+  if( !(New->Next) )
+    ListPtr->Tail = New;
+  (ListPtr->count)++;
+  return( New );
+  } /* ubi_slInsert */
+
+ubi_slNodePtr ubi_slRemoveNext( ubi_slListPtr ListPtr, ubi_slNodePtr AfterMe )
+  /* ------------------------------------------------------------------------ **
+   * Remove the node followng <AfterMe>.  If <AfterMe> is NULL, remove from
+   * the head of the list.
+   *
+   *  Input:  ListPtr - A pointer to the list from which the node is to be
+   *                    removed.
+   *          AfterMe - Pointer to the node preceeding the node to be
+   *                    removed.
+   *
+   *  Output: A pointer to the node that was removed, or NULL if the list is
+   *          empty.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  ubi_slNodePtr DelNode;
+
+  AfterMe = AfterMe ? AfterMe : (ubi_slNodePtr)ListPtr;
+  DelNode = AfterMe->Next;
+  if( DelNode )
+    {
+    if( !(DelNode->Next) )
+      ListPtr->Tail = AfterMe;
+    AfterMe->Next  = DelNode->Next;
+    (ListPtr->count)--;
+    }
+  return( DelNode );
+  } /* ubi_slRemoveNext */
+
+/* ================================ The End ================================= */
diff --git a/source3/ubiqx/ubi_sLinkList.h b/source3/ubiqx/ubi_sLinkList.h
new file mode 100644
index 0000000000..53bfa40067
--- /dev/null
+++ b/source3/ubiqx/ubi_sLinkList.h
@@ -0,0 +1,254 @@
+#ifndef UBI_SLINKLIST_H
+#define UBI_SLINKLIST_H
+/* ========================================================================== **
+ *                              ubi_sLinkList.h
+ *
+ *  Copyright (C) 1997, 1998 by Christopher R. Hertel
+ *
+ *  Email: crh@ubiqx.mn.org
+ * -------------------------------------------------------------------------- **
+ *  This module implements a simple singly-linked list.
+ * -------------------------------------------------------------------------- **
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public
+ *  License along with this library; if not, write to the Free
+ *  Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ * -------------------------------------------------------------------------- **
+ *
+ * Log: ubi_sLinkList.h,v 
+ * Revision 0.10  1999/06/19 16:58:06  crh
+ * Renamed the ubi_slRemove() function in ubi_sLinkList to
+ * ubi_slRemoveNext().  I was bothered by the fact that it didn't
+ * match the functionality of the ubi_dlRemove() function in
+ * ubi_dLinkList.  The new name is more 'correct'.
+ *
+ * Revision 0.9  1998/07/24 07:30:20  crh
+ * Added the ubi_slNewList() macro.
+ *
+ * Revision 0.8  1998/06/04 21:29:27  crh
+ * Upper-cased defined constants (eg UBI_BINTREE_H) in some header files.
+ * This is more "standard", and is what people expect.  Weird, eh?
+ *
+ * Revision 0.7  1998/06/03 18:06:03  crh
+ * Further fiddling with sys_include.h, which has been moved from the .c file
+ * to the .h file.
+ *
+ * Revision 0.6  1998/06/02 01:38:47  crh
+ * Changed include file name from ubi_null.h to sys_include.h to make it
+ * more generic.
+ *
+ * Revision 0.5  1998/05/20 04:38:05  crh
+ * The C file now includes ubi_null.h.  See ubi_null.h for more info.
+ *
+ * Revision 0.4  1998/03/10 02:22:39  crh
+ * Combined ubi_StackQueue and ubi_sLinkList into one module.  Redesigned
+ * the functions and macros.  Not a complete rewrite but close to it.
+ *
+ * Revision 0.3  1998/01/03 02:00:02  crh
+ * Added ubi_slCount() macro.
+ *
+ * Revision 0.2  1997/10/21 03:36:14  crh
+ * Added parameter <After> in function Insert().  Made necessary changes
+ * to macro AddHead() and added macro AddHere().
+ *
+ * Revision 0.1  1997/10/16 02:54:08  crh
+ * Initial Revision.
+ *
+ * -------------------------------------------------------------------------- **
+ *  This module implements a singly-linked list which may also be used as a
+ *  queue or a stack.  For a queue, entries are added at the tail and removed
+ *  from the head of the list.  For a stack, the entries are entered and
+ *  removed from the head of the list.  A traversal of the list will always
+ *  start at the head of the list and proceed toward the tail.  This is all
+ *  mind-numbingly simple, but I'm surprised by the number of programs out
+ *  there which re-implement this a dozen or so times.
+ *
+ *  Note:  When the list header is initialized, the Tail pointer is set to
+ *         point to the Head pointer.  This simplifies things a great deal,
+ *         except that you can't initialize a stack or queue by simply
+ *         zeroing it out.  One sure way to initialize the header is to call
+ *         ubi_slInit().  Another option would be something like this:
+ *
+ *           ubi_slNewList( MyList );
+ *
+ *         Which translates to:
+ *
+ *           ubi_slList MyList[1] = { NULL, (ubi_slNodePtr)MyList, 0 };
+ *
+ *         See ubi_slInit(), ubi_slNewList(), and the ubi_slList structure
+ *         for more info.
+ *
+ *        + Also, note that this module is similar to the ubi_dLinkList
+ *          module.  There are three key differences:
+ *          - This is a singly-linked list, the other is a doubly-linked
+ *            list.
+ *          - In this module, if the list is empty, the tail pointer will
+ *            point back to the head of the list as described above.  This
+ *            is not done in ubi_dLinkList.
+ *          - The ubi_slRemoveNext() function, by necessity, removes the
+ *            'next' node.  In ubi_dLinkList, the ubi_dlRemove() function
+ *            removes the 'current' node.
+ *
+ * ========================================================================== **
+ */
+
+#include "sys_include.h"    /* System-specific includes. */
+
+/* ========================================================================== **
+ * Typedefs...
+ *
+ *  ubi_slNode    - This is the basic node structure.
+ *  ubi_slNodePtr - Pointer to a node.
+ *  ubi_slList    - This is the list header structure.
+ *  ubi_slListPtr - Pointer to a List (i.e., a list header structure).
+ *
+ */
+
+typedef struct ubi_slListNode
+  {
+  struct ubi_slListNode *Next;
+  } ubi_slNode;
+
+typedef ubi_slNode *ubi_slNodePtr;
+
+typedef struct
+  {
+  ubi_slNodePtr Head;
+  ubi_slNodePtr Tail;
+  unsigned long count;
+  } ubi_slList;
+
+typedef ubi_slList *ubi_slListPtr;
+
+
+/* ========================================================================== **
+ * Macros...
+ * 
+ *  ubi_slNewList - Macro used to declare and initialize a list header in
+ *                  one step.
+ *
+ *  ubi_slCount   - Returns the current number of entries in the list.
+ *
+ *  ubi_slAddHead - Add a new node at the head of the list.
+ *  ubi_slAddNext - Add a new node following the indicated node.
+ *  ubi_slAddTail - Add a new node to the tail of the list.
+ *                  Note: AddTail evaluates the L parameter twice.
+ *
+ *  ubi_slRemHead - Remove the node at the head of the list, if any.
+ *  ubi_slRemNext - Remove the node following the given node.
+ *
+ *  ubi_slFirst   - Return a pointer to the first node in the list, if any.
+ *  ubi_slNext    - Given a node, return a pointer to the next node.
+ *  ubi_slLast    - Return a pointer to the last node in the list, if any.
+ *
+ *  ubi_slPush    - Add a node at the head of the list (synonym of AddHead).
+ *  ubi_slPop     - Remove a node at the head of the list (synonym of RemHead).
+ *  ubi_slEnqueue - Add a node at the tail of the list (sysnonym of AddTail).
+ *  ubi_slDequeue - Remove a node at the head of the list (synonym of RemHead).
+ *
+ *  Note that all of these provide type casting of the parameters.  The
+ *  Add and Rem macros are nothing more than nice front-ends to the
+ *  Insert and Remove functions.
+ *
+ *  Also note that the First, Next and Last macros do no parameter checking!
+ *
+ */
+
+#define ubi_slNewList( L ) ubi_slList (L)[1] = {{ NULL, (ubi_slNodePtr)(L), 0 }}
+
+#define ubi_slCount( L ) (((ubi_slListPtr)(L))->count)
+
+#define ubi_slAddHead( L, N ) \
+        ubi_slInsert( (ubi_slListPtr)(L), (ubi_slNodePtr)(N), NULL )
+
+#define ubi_slAddNext( L, N, A ) \
+        ubi_slInsert( (ubi_slListPtr)(L), \
+                      (ubi_slNodePtr)(N), \
+                      (ubi_slNodePtr)(A) )
+
+#define ubi_slAddTail( L, N ) \
+        ubi_slInsert( (ubi_slListPtr)(L), \
+                      (ubi_slNodePtr)(N), \
+                     ((ubi_slListPtr)(L))->Tail )
+
+#define ubi_slRemHead( L ) ubi_slRemoveNext( (ubi_slListPtr)(L), NULL )
+
+#define ubi_slRemNext( L, N ) \
+        ubi_slRemoveNext( (ubi_slListPtr)(L), (ubi_slNodePtr)(N) )
+
+#define ubi_slFirst( L ) (((ubi_slListPtr)(L))->Head)
+
+#define ubi_slNext( N )  (((ubi_slNodePtr)(N))->Next)
+
+#define ubi_slLast( L )  (((ubi_slListPtr)(L))->Tail)
+
+#define ubi_slPush    ubi_slAddHead
+#define ubi_slPop     ubi_slRemHead
+#define ubi_slEnqueue ubi_slAddTail
+#define ubi_slDequeue ubi_slRemHead
+
+/* ========================================================================== **
+ * Function prototypes...
+ */
+
+ubi_slListPtr ubi_slInitList( ubi_slListPtr ListPtr );
+  /* ------------------------------------------------------------------------ **
+   * Initialize a singly-linked list header.
+   *
+   *  Input:  ListPtr - A pointer to the list structure that is to be
+   *                    initialized for use.
+   *
+   *  Output: A pointer to the initialized list header (i.e., same as
+   *          <ListPtr>).
+   *
+   * ------------------------------------------------------------------------ **
+   */
+
+ubi_slNodePtr ubi_slInsert( ubi_slListPtr ListPtr,
+                            ubi_slNodePtr New,
+                            ubi_slNodePtr After );
+  /* ------------------------------------------------------------------------ **
+   * Add a node to the list.
+   *
+   *  Input:  ListPtr - A pointer to the list into which the node is to
+   *                    be inserted.
+   *          New     - Pointer to the node that is to be added to the list.
+   *          After   - Pointer to a list in a node after which the new node
+   *                    will be inserted.  If NULL, then the new node will
+   *                    be added at the head of the list.
+   *
+   *  Output: A pointer to the node that was inserted into the list (i.e.,
+   *          the same as <New>).
+   *
+   * ------------------------------------------------------------------------ **
+   */
+
+ubi_slNodePtr ubi_slRemoveNext( ubi_slListPtr ListPtr, ubi_slNodePtr AfterMe );
+  /* ------------------------------------------------------------------------ **
+   * Remove the node followng <AfterMe>.  If <AfterMe> is NULL, remove from
+   * the head of the list.
+   *
+   *  Input:  ListPtr - A pointer to the list from which the node is to be
+   *                    removed.
+   *          AfterMe - Pointer to the node preceeding the node to be
+   *                    removed.
+   *
+   *  Output: A pointer to the node that was removed, or NULL if the list is
+   *          empty.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+
+/* ================================ The End ================================= */
+#endif /* UBI_SLINKLIST_H */
diff --git a/source3/utils/debug2html.c b/source3/utils/debug2html.c
new file mode 100644
index 0000000000..f9a1f43f46
--- /dev/null
+++ b/source3/utils/debug2html.c
@@ -0,0 +1,253 @@
+/* ========================================================================== **
+ *                                debug2html.c
+ *
+ * Copyright (C) 1998 by Christopher R. Hertel
+ *
+ * Email: crh@ubiqx.mn.org
+ *
+ * -------------------------------------------------------------------------- **
+ * Parse Samba debug logs (2.0 & greater) and output the results as HTML.
+ * -------------------------------------------------------------------------- **
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ * -------------------------------------------------------------------------- **
+ * This program provides an example of the use of debugparse.c, and also
+ * does a decent job of converting Samba logs into HTML.
+ * -------------------------------------------------------------------------- **
+ *
+ * Revision 1.4  1998/11/13 03:37:01  tridge
+ * fixes for OSF1 compilation
+ *
+ * Revision 1.3  1998/10/28 20:33:35  crh
+ * I've moved the debugparse module files into the ubiqx directory because I
+ * know that 'make proto' will ignore them there.  The debugparse.h header
+ * file is included in includes.h, and includes.h is included in debugparse.c,
+ * so all of the pieces "see" each other.  I've compiled and tested this,
+ * and it does seem to work.  It's the same compromise model I used when
+ * adding the ubiqx modules into the system, which is why I put it all into
+ * the same directory.
+ *
+ * Chris -)-----
+ *
+ * Revision 1.1  1998/10/26 23:21:37  crh
+ * Here is the simple debug parser and the debug2html converter.  Still to do:
+ *
+ *   * Debug message filtering.
+ *   * I need to add all this to Makefile.in
+ *     (If it looks at all strange I'll ask for help.)
+ *
+ * If you want to compile debug2html, you'll need to do it by hand until I
+ * make the changes to Makefile.in.  Sorry.
+ *
+ * Chris -)-----
+ *
+ * ========================================================================== **
+ */
+
+#include "debugparse.h"
+
+/* -------------------------------------------------------------------------- **
+ * The size of the read buffer.
+ */
+
+#define DBG_BSIZE 1024
+
+/* -------------------------------------------------------------------------- **
+ * Functions...
+ */
+
+static dbg_Token modechange( dbg_Token new, dbg_Token mode )
+  /* ------------------------------------------------------------------------ **
+   * Handle a switch between header and message printing.
+   *
+   *  Input:  new   - The token value of the current token.  This indicates
+   *                  the lexical item currently being recognized.
+   *          mode  - The current mode.  This is either dbg_null or
+   *                  dbg_message.  It could really be any toggle
+   *                  (true/false, etc.)
+   *
+   *  Output: The new mode.  This will be the same as the input mode unless
+   *          there was a transition in or out of message processing.
+   *
+   *  Notes:  The purpose of the mode value is to mark the beginning and end
+   *          of the message text block.  In order to show the text in its
+   *          correct format, it must be included within a <PRE></PRE> block.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  switch( new )
+    {
+    case dbg_null:
+    case dbg_ignore:
+      return( mode );
+    case dbg_message:
+      if( dbg_message != mode )
+        {
+        /* Switching to message mode. */
+        (void)printf( "<PRE>\n" );
+        return( dbg_message );
+        }
+      break;
+    default:
+      if( dbg_message == mode )
+        {
+        /* Switching out of message mode. */
+        (void)printf( "</PRE>\n\n" );
+        return( dbg_null );
+        }
+    }
+
+  return( mode );
+  } /* modechange */
+
+static void newblock( dbg_Token old, dbg_Token new )
+  /* ------------------------------------------------------------------------ **
+   * Handle the transition between tokens.
+   *
+   *  Input:  old - The previous token.
+   *          new - The current token.
+   *
+   *  Output: none.
+   *
+   *  Notes:  This is called whenever there is a transition from one token
+   *          type to another.  It first prints the markup tags that close
+   *          the previous token, and then the markup tags for the new
+   *          token.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  switch( old )
+    {
+    case dbg_timestamp:
+      (void)printf( ",</B>" );
+      break;
+    case dbg_level:
+      (void)printf( "</FONT>]</B>\n   " );
+      break;
+    case dbg_sourcefile:
+      (void)printf( ":" );
+      break;
+    case dbg_lineno:
+      (void)printf( ")" );
+      break;
+    }
+
+  switch( new )
+    {
+    case dbg_timestamp:
+      (void)printf( "<B>[" );
+      break;
+    case dbg_level:
+      (void)printf( " <B><FONT COLOR=MAROON>" );
+      break;
+    case dbg_lineno:
+      (void)printf( "(" );
+      break;
+    }
+  } /* newblock */
+
+static void charprint( dbg_Token tok, int c )
+  /* ------------------------------------------------------------------------ **
+   * Filter the input characters to determine what goes to output.
+   *
+   *  Input:  tok - The token value of the current character.
+   *          c   - The current character.
+   *
+   *  Output: none.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  switch( tok )
+    {
+    case dbg_ignore:
+    case dbg_header:
+      break;
+    case dbg_null:
+    case dbg_eof:
+      (void)putchar( '\n' );
+      break;
+    default:
+      switch( c )
+        {
+        case '<':
+          (void)printf( "&lt;" );
+          break;
+        case '>':
+          (void)printf( "&gt;" );
+          break;
+        case '&':
+          (void)printf( "&amp;" );
+          break;
+        case '\"':
+          (void)printf( "&#34;" );
+          break;
+        default:
+          (void)putchar( c );
+          break;
+        }
+    }
+  } /* charprint */
+
+int main( int argc, char *argv[] )
+  /* ------------------------------------------------------------------------ **
+   * This simple program scans and parses Samba debug logs, and produces HTML
+   * output.
+   *
+   *  Input:  argc  - Currently ignored.
+   *          argv  - Currently ignored.
+   *
+   *  Output: Always zero.
+   *
+   *  Notes:  The HTML output is sent to stdout.
+   *
+   * ------------------------------------------------------------------------ **
+   */
+  {
+  int       i;
+  int       len;
+  char      bufr[DBG_BSIZE];
+  dbg_Token old   = dbg_null,
+            new   = dbg_null,
+            state = dbg_null,
+            mode  = dbg_null;
+
+  (void)printf( "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2//EN\">\n" );
+  (void)printf( "<HTML>\n<HEAD>\n" );
+  (void)printf( "  <TITLE>Samba Debug Output</TITLE>\n</HEAD>\n\n<BODY>\n" );
+
+  while( (!feof( stdin ))
+      && ((len = fread( bufr, 1, DBG_BSIZE, stdin )) > 0) )
+    {
+    for( i = 0; i < len; i++ )
+      {
+      old = new;
+      new = dbg_char2token( &state, bufr[i] );
+      if( new != old )
+        {
+        mode = modechange( new, mode );
+        newblock( old, new );
+        }
+      charprint( new, bufr[i] );
+      }
+    }
+  (void)modechange( dbg_eof, mode );
+
+  (void)printf( "</BODY>\n</HTML>\n" );
+  return( 0 );
+  } /* main */
diff --git a/source3/utils/make_printerdef.c b/source3/utils/make_printerdef.c
new file mode 100644
index 0000000000..35ecd7f3e9
--- /dev/null
+++ b/source3/utils/make_printerdef.c
@@ -0,0 +1,585 @@
+ /*
+   Unix SMB/CIFS implementation.
+   Create printer definition files.
+
+   Copyright (C) Jean-Francois.Micouleau@utc.fr, 10/26/97 - 1998
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/*
+#define DEBUGIT
+*/
+
+char *files_to_copy;
+char *driverfile, *datafile, *helpfile, *languagemonitor, *datatype, *vendorsetup;
+char buffer[50][sizeof(pstring)];
+char sbuffer[50][sizeof(pstring)];
+char sub_dir[50][2][sizeof(pstring)];
+
+static void usage(char *name)
+{
+ fprintf(stderr,"%s: printer.def \"Printer Name\"\n", name);
+}
+
+static char *myfgets(char *s, int n, FILE *stream)
+{
+  char *LString1;
+  char *LString2;
+  char *temp;
+  pstring String;
+  pstring NewString;
+  int i;
+
+  fgets(s,n,stream);
+  while ((LString1 = strchr_m(s,'%')) != NULL) {
+    if (!(LString2 = strchr_m(LString1+1,'%'))) break;
+    *LString2 = '\0';
+    pstrcpy(String,LString1+1);
+    i = 0;
+    while(*sbuffer[i]!='\0') {
+      if (strncmp(sbuffer[i],String,strlen(String))==0)
+      {
+	pstrcpy(String,sbuffer[i]);
+	if ((temp = strchr_m(String,'=')) != NULL) ++temp;
+	pstrcpy(String,temp);
+	break;
+      }
+      i++;	
+    }
+    *LString1 = '\0';
+    pstrcpy(NewString,s);
+    pstrcat(NewString,String);
+    pstrcat(NewString,LString2+1);
+    pstrcpy(s, NewString);
+  }
+  return(s);
+}
+
+/*
+   This function split a line in two parts
+   on both side of the equal sign
+   "entry=value"
+*/
+static char *scan(char *chaine,char **entry)
+{
+  char *value;
+  char *temp;
+  int i=0;
+ 
+  *entry=(char *)malloc(sizeof(pstring));
+  value=(char *)malloc(sizeof(pstring));
+
+  if(*entry == NULL || value == NULL) {
+    fprintf(stderr,"scan: malloc fail !\n");
+    exit(1);
+  }
+
+  pstrcpy(*entry,chaine);
+  temp=chaine;
+  while( temp[i]!='=' && temp[i]!='\0') {
+ 	i++;
+  }
+  (*entry)[i]='\0'; 
+  if (temp[i]!='\0') {
+        i++;
+  }
+  while( temp[i]==' ' && temp[i]!='\0') {
+ 	i++;
+  }
+  pstrcpy(value,temp+i);      
+  return (value);
+}
+
+static void build_subdir(void)
+{
+  int i=0;
+  int j=0;
+  char *entry;
+  char *data;
+ 
+  while (*buffer[i]!='\0') { 
+    data=scan(buffer[i],&entry);
+#ifdef DEBUGIT
+    fprintf(stderr,"\tentry=data %s:%s\n",entry,data);
+#endif      
+    j = strlen(entry);
+    while (j) {
+      if (entry[j-1] != ' ') break;
+      j--;
+    }
+    entry[j] = '\0';
+
+    if (strncmp(data,"11",2)==0) {
+      pstrcpy(sub_dir[i][0],entry);
+      pstrcpy(sub_dir[i][1],"");
+    }
+    if (strncmp(data,"23",2)==0) {
+      pstrcpy(sub_dir[i][0],entry);
+      pstrcpy(sub_dir[i][1],"color\\");
+    }
+#ifdef DEBUGIT
+    fprintf(stderr,"\tsubdir %s:%s\n",sub_dir[i][0],sub_dir[i][1]);
+#endif      
+    i++;
+  }
+}
+
+/*
+   Lockup Strings entry in a file
+   Return all the lines between the entry and the next one or the end of file
+   An entry is something between braces.
+*/
+static void lookup_strings(FILE *fichier)
+{
+  int found=0,pointeur=0,i=0;
+  char *temp,*temp2;
+  
+  temp=(char *)malloc(sizeof(pstring));
+  temp2=(char *)malloc(sizeof(pstring));
+  
+  if(temp == NULL || temp2 == NULL) {
+	  SAFE_FREE(temp);
+	  SAFE_FREE(temp2);
+    fprintf(stderr,"lookup_strings: malloc fail !\n");
+    exit(1);
+  }
+
+  *sbuffer[0]='\0';
+  
+  pstrcpy(temp2,"[Strings]");
+  
+  rewind(fichier);
+#ifdef DEBUGIT
+  fprintf(stderr,"\tLooking for Strings\n");
+#endif
+  
+  while (!feof(fichier) && found==0) {
+  	*temp='\0';
+  	fgets(temp,255,fichier);
+	if (strncmp(temp,temp2,strlen(temp2))==0) found=1;
+  }
+
+
+  while (!feof(fichier) && found==1) {
+  	*temp='\0';
+  	fgets(temp,255,fichier);
+	if (*temp=='[') {
+		found=2;
+		*sbuffer[pointeur]='\0';
+	}
+	else {
+		pstrcpy(sbuffer[pointeur],temp);
+		i=strlen(sbuffer[pointeur])-1;
+		while (sbuffer[pointeur][i]=='\r' || sbuffer[pointeur][i]=='\n')
+			sbuffer[pointeur][i--]='\0';
+		pointeur++;
+	}  
+  }
+
+  /* CCMRCF Mod, seg fault or worse if not found */
+  if (pointeur == 0) {
+     fprintf(stderr,"Printer not found\tNo [Strings] block in inf file\n");
+     exit(2);
+  }
+
+#ifdef DEBUGIT
+  fprintf(stderr,"\t\tFound %d entries\n",pointeur-1);
+#endif
+}
+
+
+/*
+   Lockup an entry in a file
+   Return all the lines between the entry and the next one or the end of file
+   An entry is something between braces.
+*/
+static void lookup_entry(FILE *fichier,char *chaine)
+{
+  int found=0,pointeur=0,i=0;
+  char *temp,*temp2;
+  
+  temp=(char *)malloc(sizeof(pstring));
+  temp2=(char *)malloc(sizeof(pstring));
+  
+  if(temp == NULL || temp2 == NULL) {
+	  SAFE_FREE(temp);
+	  SAFE_FREE(temp2);
+    fprintf(stderr,"lookup_entry: malloc fail !\n");
+    exit(1);
+  }
+
+  *buffer[0]='\0';
+  
+  pstrcpy(temp2,"[");
+  pstrcat(temp2,chaine);
+  pstrcat(temp2,"]");
+  
+  rewind(fichier);
+#ifdef DEBUGIT
+  fprintf(stderr,"\tLooking for %s\n",chaine);
+#endif
+  
+  while (!feof(fichier) && found==0) {
+  	*temp='\0';
+  	myfgets(temp,255,fichier);
+	if (strncmp(temp,temp2,strlen(temp2))==0) found=1;
+  }
+
+
+  while (!feof(fichier) && found==1) {
+  	*temp='\0';
+  	myfgets(temp,255,fichier);
+	if (*temp=='[') {
+		found=2;
+		*buffer[pointeur]='\0';
+	}
+	else {
+		pstrcpy(buffer[pointeur],temp);
+		i=strlen(buffer[pointeur])-1;
+		while (buffer[pointeur][i]=='\r' || buffer[pointeur][i]=='\n')
+			buffer[pointeur][i--]='\0';
+		pointeur++;
+	}  
+  }
+#ifdef DEBUGIT
+  fprintf(stderr,"\t\tFound %d entries\n",pointeur-1);
+#endif
+}
+
+static char *find_desc(FILE *fichier,char *text)
+{
+  char *chaine;
+  char *long_desc;
+  char *short_desc;
+  char *crap = NULL;
+  char *p;
+
+  int found=0;
+
+  chaine=(char *)malloc(sizeof(pstring));
+  long_desc=(char *)malloc(sizeof(pstring));
+  short_desc=(char *)malloc(sizeof(pstring));
+  if (!chaine || !long_desc || !short_desc) {
+	  SAFE_FREE(chaine);
+	  SAFE_FREE(long_desc);
+	  SAFE_FREE(short_desc);
+    fprintf(stderr,"find_desc: Unable to malloc memory\n");
+    exit(1);
+  }
+
+  rewind(fichier);
+  while (!feof(fichier) && found==0)
+  {
+    myfgets(chaine,255,fichier);
+
+    long_desc=strtok(chaine,"=");
+    crap=strtok(NULL,",\r");
+
+    p=long_desc;
+    while(*p!='"' && *p!='\0')
+     p++;
+    if (*p=='"' && *(p+1)!='\0') p++;       
+    long_desc=p;
+
+    if (*p!='\0')
+    {
+      p++;
+      while(*p!='\"')
+       p++;
+      *p='\0';
+    }
+    if (!strcmp(text,long_desc)) 
+	found=1;
+  }
+  SAFE_FREE(chaine);
+  if (!found || !crap) return(NULL);
+  while(*crap==' ') crap++;
+  pstrcpy(short_desc,crap);
+  return(short_desc);
+}
+
+static void scan_copyfiles(FILE *fichier, char *chaine)
+{
+  char *part;
+  char *mpart;
+  int i;
+  pstring direc;
+#ifdef DEBUGIT
+  fprintf(stderr,"In scan_copyfiles Lookup up of %s\n",chaine);
+#endif 
+  fprintf(stderr,"\nCopy the following files to your printer$ share location:\n");
+  part=strtok(chaine,",");
+  do {
+     /* If the entry start with a @ then it's a file to copy
+     else it's an entry refering to files to copy
+     the main difference is when it's an entry
+     you can have a directory to append before the file name
+    */
+    if (*part=='@') {
+      if (strlen(files_to_copy) != 0)
+        pstrcat(files_to_copy,",");
+      pstrcat(files_to_copy,&part[1]);
+      fprintf(stderr,"%s\n",&part[1]);
+    } else {
+      lookup_entry(fichier,part);
+      i=0;
+      pstrcpy(direc,"");
+      while (*sub_dir[i][0]!='\0') {
+#ifdef DEBUGIT
+ 	fprintf(stderr,"\tsubdir %s:%s\n",sub_dir[i][0],sub_dir[i][1]);
+#endif      
+      	if (strcmp(sub_dir[i][0],part)==0)
+          pstrcpy(direc,sub_dir[i][1]);
+        i++;
+      }	
+      i=0;
+      while (*buffer[i]!='\0') {
+/*
+ * HP inf files have strange entries that this attempts to address
+ * Entries in the Copy sections normally have only a single file name
+ * on each line. I have seen the following format in various HP inf files:
+ * 
+ * pscript.hlp =  pscript.hl_
+ * hpdcmon.dll,hpdcmon.dl_
+ * MSVCRT.DLL,MSVCRT.DL_,,32
+ * ctl3dv2.dll,ctl3dv2.dl_,ctl3dv2.tmp
+ *
+ * In the first 2 cases you want the first file name - in the last case
+ * you only want the last file name (at least that is what a Win95
+ * machine sent). In the third case you also want the first file name
+ * (detect by the last component being just a number ?).
+ * This may still be wrong but at least I get the same list
+ * of files as seen on a printer test page.
+ */
+        part = strchr_m(buffer[i],'=');
+        if (part) {
+          /*
+           * Case (1) eg. pscript.hlp =  pscript.hl_ - chop after the first name.
+           */
+
+          *part = '\0';
+
+          /*
+           * Now move back to the start and print that.
+           */
+
+          while (--part > buffer[i]) {
+            if ((*part == ' ') || (*part =='\t'))
+              *part = '\0';
+            else
+              break;
+          }
+        } else {
+          part = strchr_m(buffer[i],',');
+          if (part) {
+            /*
+             * Cases (2-4)
+             */
+
+            if ((mpart = strrchr_m(part+1,','))!=NULL) {
+              /*
+               * Second ',' - case 3 or 4.
+               * Check if the last part is just a number,
+               * if so we need the first part.
+               */
+
+              char *endptr = NULL;
+              BOOL isnumber = False;
+
+              mpart++;
+              (void)strtol(mpart, &endptr, 10);
+
+              isnumber = ((endptr > mpart) && isdigit(*mpart));
+              if(!isnumber)
+                pstrcpy(buffer[i],mpart+1);
+              else
+                *part = '\0';
+            } else {
+              *part = '\0';
+            }
+            while (--part > buffer[i])
+              if ((*part == ' ') || (*part =='\t')) *part = '\0';
+              else break;
+          }
+	    }
+        if (*buffer[i] != ';') {
+          if (strlen(files_to_copy) != 0)
+            pstrcat(files_to_copy,",");
+          pstrcat(files_to_copy,direc);
+          pstrcat(files_to_copy,buffer[i]);
+          fprintf(stderr,"%s%s\n",direc,buffer[i]);
+        }
+        i++;
+      } /* end while */ 
+    }
+    part=strtok(NULL,",");
+    if (part) {
+      while( *part ==' ' && *part != '\0') {
+        part++;
+      }
+    }
+  } while (part!=NULL);
+  fprintf(stderr,"\n");
+}
+
+
+static void scan_short_desc(FILE *fichier, char *short_desc)
+{
+  int i=0;
+  char *temp;
+  char *copyfiles=0,*datasection=0;
+ 
+  helpfile=0;
+  languagemonitor=0;
+  vendorsetup=0;
+  datatype="RAW";
+  if((temp=(char *)malloc(sizeof(pstring))) == NULL) {
+    fprintf(stderr, "scan_short_desc: malloc fail !\n");
+    exit(1);
+  }
+  
+  driverfile=short_desc;
+  datafile=short_desc;
+
+  lookup_entry(fichier,short_desc);
+
+  while(*buffer[i]!='\0') {
+#ifdef DEBUGIT
+    fprintf(stderr,"\tLookup up of %s\n",buffer[i]);
+#endif
+    if (strncasecmp(buffer[i],"CopyFiles",9)==0) 
+	copyfiles=scan(buffer[i],&temp);
+    else if (strncasecmp(buffer[i],"DataSection",11)==0) 
+	datasection=scan(buffer[i],&temp);
+    else if (strncasecmp(buffer[i],"DataFile",8)==0) 
+	datafile=scan(buffer[i],&temp);
+    else if (strncasecmp(buffer[i],"DriverFile",10)==0) 
+	driverfile=scan(buffer[i],&temp);
+    else if (strncasecmp(buffer[i],"HelpFile",8)==0) 
+	helpfile=scan(buffer[i],&temp);
+    else if (strncasecmp(buffer[i],"LanguageMonitor",15)==0) 
+	languagemonitor=scan(buffer[i],&temp);
+    else if (strncasecmp(buffer[i],"DefaultDataType",15)==0) 
+	datatype=scan(buffer[i],&temp);
+    else if (strncasecmp(buffer[i],"VendorSetup",11)==0) 
+	vendorsetup=scan(buffer[i],&temp);
+    i++;	
+  }
+
+  if (datasection) {
+    lookup_entry(fichier,datasection);
+
+    i = 0;
+    while(*buffer[i]!='\0') {
+#ifdef DEBUGIT
+      fprintf(stderr,"\tLookup up of %s\n",buffer[i]);
+#endif
+      if (strncasecmp(buffer[i],"CopyFiles",9)==0) 
+	  copyfiles=scan(buffer[i],&temp);
+      else if (strncasecmp(buffer[i],"DataSection",11)==0) 
+	  datasection=scan(buffer[i],&temp);
+      else if (strncasecmp(buffer[i],"DataFile",8)==0) 
+	  datafile=scan(buffer[i],&temp);
+      else if (strncasecmp(buffer[i],"DriverFile",10)==0) 
+	  driverfile=scan(buffer[i],&temp);
+      else if (strncasecmp(buffer[i],"HelpFile",8)==0) 
+	  helpfile=scan(buffer[i],&temp);
+      else if (strncasecmp(buffer[i],"LanguageMonitor",15)==0) 
+	  languagemonitor=scan(buffer[i],&temp);
+      else if (strncasecmp(buffer[i],"DefaultDataType",15)==0) 
+	  datatype=scan(buffer[i],&temp);
+      else if (strncasecmp(buffer[i],"VendorSetup",11)==0) 
+	  vendorsetup=scan(buffer[i],&temp);
+      i++;	
+    }
+  }
+
+  if (languagemonitor) {
+	temp = strtok(languagemonitor,",");
+	if (*temp == '"') ++temp;
+	pstrcpy(languagemonitor,temp);
+	if ((temp = strchr_m(languagemonitor,'"'))!=NULL) *temp = '\0';
+  }
+
+  if (i) fprintf(stderr,"End of section found\n");
+ 
+  fprintf(stderr,"CopyFiles: %s\n",
+	copyfiles?copyfiles:"(null)");
+  fprintf(stderr,"Datasection: %s\n",
+	datasection?datasection:"(null)");
+  fprintf(stderr,"Datafile: %s\n",
+	datafile?datafile:"(null)");
+  fprintf(stderr,"Driverfile: %s\n",
+	driverfile?driverfile:"(null)");
+  fprintf(stderr,"Helpfile: %s\n",
+	helpfile?helpfile:"(null)");
+  fprintf(stderr,"LanguageMonitor: %s\n",
+	languagemonitor?languagemonitor:"(null)");
+  fprintf(stderr,"VendorSetup: %s\n",
+	vendorsetup?vendorsetup:"(null)");
+  if (copyfiles) scan_copyfiles(fichier,copyfiles);
+}
+
+int main(int argc, char *argv[])
+{
+  char *short_desc;
+  FILE *inf_file;
+
+  if (argc!=3)
+  {
+    usage(argv[0]);
+    return(-1);
+  }
+
+  inf_file=sys_fopen(argv[1],"r");  
+  if (!inf_file)
+  {
+    fprintf(stderr,"Description file not found, bye\n");
+    return(-1);
+  }
+
+  lookup_strings(inf_file);
+
+  short_desc=find_desc(inf_file,argv[2]);
+  if (short_desc==NULL)
+  {
+    fprintf(stderr,"Printer not found\n");
+    return(-1);
+  }
+  else fprintf(stderr,"Found:%s\n",short_desc);
+
+  lookup_entry(inf_file,"DestinationDirs");
+  build_subdir();
+
+  if((files_to_copy=(char *)malloc(2048*sizeof(char))) == NULL) {
+    fprintf(stderr, "%s: malloc fail.\n", argv[0] );
+    exit(1);
+  }
+  *files_to_copy='\0';
+  scan_short_desc(inf_file,short_desc);
+  fprintf(stdout,"%s:%s:%s:",
+    argv[2],driverfile,datafile);
+  fprintf(stdout,"%s:",
+    helpfile?helpfile:"");
+  fprintf(stdout,"%s:",
+    languagemonitor?languagemonitor:"");
+  fprintf(stdout,"%s:",datatype);
+  fprintf(stdout,"%s\n",files_to_copy);
+  return 0;
+}
+
diff --git a/source3/utils/net.c b/source3/utils/net.c
new file mode 100644
index 0000000000..b81e37c0af
--- /dev/null
+++ b/source3/utils/net.c
@@ -0,0 +1,458 @@
+/* 
+   Samba Unix/Linux SMB client library 
+   Distributed SMB/CIFS Server Management Utility 
+   Copyright (C) 2001 Steve French  (sfrench@us.ibm.com)
+   Copyright (C) 2001 Jim McDonough (jmcd@us.ibm.com)
+   Copyright (C) 2001 Andrew Tridgell (tridge@samba.org)
+   Copyright (C) 2001 Andrew Bartlett (abartlet@samba.org)
+
+   Originally written by Steve and Jim. Largely rewritten by tridge in
+   November 2001.
+
+   Reworked again by abartlet in December 2001
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.  */
+ 
+/*****************************************************/
+/*                                                   */
+/*   Distributed SMB/CIFS Server Management Utility  */
+/*                                                   */
+/*   The intent was to make the syntax similar       */
+/*   to the NET utility (first developed in DOS      */
+/*   with additional interesting & useful functions  */
+/*   added in later SMB server network operating     */
+/*   systems).                                       */
+/*                                                   */
+/*****************************************************/
+
+#include "includes.h"
+#include "../utils/net.h"
+
+/***********************************************************************/
+/* Beginning of internationalization section.  Translatable constants  */
+/* should be kept in this area and referenced in the rest of the code. */
+/*                                                                     */
+/* No functions, outside of Samba or LSB (Linux Standards Base) should */
+/* be used (if possible).                                              */
+/***********************************************************************/
+
+#define YES_STRING              "Yes"
+#define NO_STRING               "No"
+
+/************************************************************************************/
+/*                       end of internationalization section                        */
+/************************************************************************************/
+
+/* Yes, these buggers are globals.... */
+char *opt_requester_name = NULL;
+char *opt_host = NULL; 
+char *opt_password = NULL;
+char *opt_user_name = NULL;
+BOOL opt_user_specified = False;
+char *opt_workgroup = NULL;
+int opt_long_list_entries = 0;
+int opt_reboot = 0;
+int opt_force = 0;
+int opt_port = 0;
+int opt_maxusers = -1;
+char *opt_comment = "";
+int opt_flags = -1;
+int opt_jobid = 0;
+int opt_timeout = 0;
+char *opt_target_workgroup = NULL;
+
+BOOL opt_have_ip = False;
+struct in_addr opt_dest_ip;
+
+extern pstring global_myname;
+
+/*
+  run a function from a function table. If not found then
+  call the specified usage function 
+*/
+int net_run_function(int argc, const char **argv, struct functable *table, 
+		     int (*usage_fn)(int argc, const char **argv))
+{
+	int i;
+	
+	if (argc < 1) {
+		d_printf("\nUsage: \n");
+		return usage_fn(argc, argv);
+	}
+	for (i=0; table[i].funcname; i++) {
+		if (StrCaseCmp(argv[0], table[i].funcname) == 0)
+			return table[i].fn(argc-1, argv+1);
+	}
+	d_printf("No command: %s\n", argv[0]);
+	return usage_fn(argc, argv);
+}
+
+
+/****************************************************************************
+connect to \\server\ipc$  
+****************************************************************************/
+NTSTATUS connect_to_ipc(struct cli_state **c, struct in_addr *server_ip,
+					const char *server_name)
+{
+	NTSTATUS nt_status;
+
+	if (!opt_password) {
+		char *pass = getpass("Password:");
+		if (pass) {
+			opt_password = strdup(pass);
+		}
+	}
+	
+	nt_status = cli_full_connection(c, opt_requester_name, server_name, 
+					server_ip, opt_port,
+					"IPC$", "IPC",  
+					opt_user_name, opt_workgroup,
+					opt_password, strlen(opt_password));
+	
+	if (NT_STATUS_IS_OK(nt_status)) {
+		return nt_status;
+	} else {
+		DEBUG(1,("Cannot connect to server.  Error was %s\n", 
+			 nt_errstr(nt_status)));
+
+		/* Display a nicer message depending on the result */
+
+		if (NT_STATUS_V(nt_status) == 
+		    NT_STATUS_V(NT_STATUS_LOGON_FAILURE))
+			d_printf("The username or password was not correct.\n");
+
+		return nt_status;
+	}
+}
+
+/****************************************************************************
+connect to \\server\ipc$ anonymously
+****************************************************************************/
+NTSTATUS connect_to_ipc_anonymous(struct cli_state **c,
+			struct in_addr *server_ip, const char *server_name)
+{
+	NTSTATUS nt_status;
+
+	nt_status = cli_full_connection(c, opt_requester_name, server_name, 
+					server_ip, opt_port,
+					"IPC$", "IPC",  
+					"", "",
+					"", 0);
+	
+	if (NT_STATUS_IS_OK(nt_status)) {
+		return nt_status;
+	} else {
+		DEBUG(1,("Cannot connect to server (anonymously).  Error was %s\n", nt_errstr(nt_status)));
+		return nt_status;
+	}
+}
+
+BOOL net_find_server(unsigned flags, struct in_addr *server_ip, char **server_name)
+{
+
+	if (opt_host) {
+		*server_name = strdup(opt_host);
+	}		
+
+	if (opt_have_ip) {
+		*server_ip = opt_dest_ip;
+		if (!*server_name) {
+			*server_name = strdup(inet_ntoa(opt_dest_ip));
+		}
+	} else if (*server_name) {
+		/* resolve the IP address */
+		if (!resolve_name(*server_name, server_ip, 0x20))  {
+			DEBUG(1,("Unable to resolve server name\n"));
+			return False;
+		}
+	} else if (flags & NET_FLAGS_PDC) {
+		struct in_addr *ip_list;
+		int addr_count;
+		if (get_dc_list(True /* PDC only*/, opt_target_workgroup, &ip_list, &addr_count)) {
+			fstring dc_name;
+			if (addr_count < 1) {
+				return False;
+			}
+			
+			*server_ip = *ip_list;
+			
+			if (is_zero_ip(*server_ip))
+				return False;
+			
+			if (!lookup_dc_name(global_myname, opt_target_workgroup, server_ip, dc_name))
+				return False;
+				
+			*server_name = strdup(dc_name);
+		}
+		
+	} else if (flags & NET_FLAGS_DMB) {
+		struct in_addr msbrow_ip;
+		/*  if (!resolve_name(MSBROWSE, &msbrow_ip, 1)) */
+		if (!resolve_name(opt_target_workgroup, &msbrow_ip, 0x1B))  {
+			DEBUG(1,("Unable to resolve domain browser via name lookup\n"));
+			return False;
+		} else {
+			*server_ip = msbrow_ip;
+		}
+		*server_name = strdup(inet_ntoa(opt_dest_ip));
+	} else if (flags & NET_FLAGS_MASTER) {
+		struct in_addr brow_ips;
+		if (!resolve_name(opt_target_workgroup, &brow_ips, 0x1D))  {
+				/* go looking for workgroups */
+			DEBUG(1,("Unable to resolve master browser via name lookup\n"));
+			return False;
+		} else {
+			*server_ip = brow_ips;
+		}
+		*server_name = strdup(inet_ntoa(opt_dest_ip));
+	} else if (!(flags & NET_FLAGS_LOCALHOST_DEFAULT_INSANE)) {
+		extern struct in_addr loopback_ip;
+		*server_ip = loopback_ip;
+		*server_name = strdup("127.0.0.1");
+	}
+
+	if (!server_name || !*server_name) {
+		DEBUG(1,("no server to connect to\n"));
+		return False;
+	}
+
+	return True;
+}
+
+
+BOOL net_find_dc(struct in_addr *server_ip, fstring server_name, char *domain_name)
+{
+	struct in_addr *ip_list;
+	int addr_count;
+
+	if (get_dc_list(True /* PDC only*/, domain_name, &ip_list, &addr_count)) {
+		fstring dc_name;
+		if (addr_count < 1) {
+			return False;
+		}
+			
+		*server_ip = *ip_list;
+		
+		if (is_zero_ip(*server_ip))
+			return False;
+		
+		if (!lookup_dc_name(global_myname, domain_name, server_ip, dc_name))
+			return False;
+			
+		safe_strcpy(server_name, dc_name, FSTRING_LEN);
+		return True;
+	} else
+		return False;
+}
+
+
+struct cli_state *net_make_ipc_connection(unsigned flags)
+{
+	char *server_name = NULL;
+	struct in_addr server_ip;
+	struct cli_state *cli = NULL;
+	NTSTATUS nt_status;
+
+	if (!net_find_server(flags, &server_ip, &server_name)) {
+		d_printf("\nUnable to find a suitable server\n");
+		return NULL;
+	}
+
+	if (flags & NET_FLAGS_ANONYMOUS) {
+		nt_status = connect_to_ipc_anonymous(&cli, &server_ip, server_name);
+	} else {
+		nt_status = connect_to_ipc(&cli, &server_ip, server_name);
+	}
+	SAFE_FREE(server_name);
+	return cli;
+}
+
+
+
+static int net_user(int argc, const char **argv)
+{
+	if (net_ads_check() == 0)
+		return net_ads_user(argc, argv);
+
+	/* if server is not specified, default to PDC? */
+	if (net_rpc_check(NET_FLAGS_PDC))
+		return net_rpc_user(argc, argv);
+
+	return net_rap_user(argc, argv);
+}
+
+
+static int net_join(int argc, const char **argv)
+{
+	if (net_ads_check() == 0) {
+		if (net_ads_join(argc, argv) == 0)
+			return 0;
+		else
+			d_printf("ADS join did not work, trying RPC...\n");
+	}
+	return net_rpc_join(argc, argv);
+}
+
+/* main function table */
+static struct functable net_func[] = {
+	{"RPC", net_rpc},
+	{"RAP", net_rap},
+	{"ADS", net_ads},
+
+	/* eventually these should auto-choose the transport ... */
+	{"FILE", net_rap_file},
+	{"SHARE", net_rap_share},
+	{"SESSION", net_rap_session},
+	{"SERVER", net_rap_server},
+	{"DOMAIN", net_rap_domain},
+	{"PRINTQ", net_rap_printq},
+	{"USER", net_user},
+	{"GROUP", net_rap_group},
+	{"VALIDATE", net_rap_validate},
+	{"GROUPMEMBER", net_rap_groupmember},
+	{"ADMIN", net_rap_admin},
+	{"SERVICE", net_rap_service},	
+	{"PASSWORD", net_rap_password},
+	{"TIME", net_time},
+	{"LOOKUP", net_lookup},
+	{"JOIN", net_join},
+
+	{"HELP", net_help},
+	{NULL, NULL}
+};
+
+
+/****************************************************************************
+  main program
+****************************************************************************/
+ int main(int argc, const char **argv)
+{
+	int opt,i;
+	char *p;
+	int rc = 0;
+	int argc_new = 0;
+	const char ** argv_new;
+	poptContext pc;
+	static char *servicesf = dyn_CONFIGFILE;
+	static int debuglevel = 0;
+
+	struct poptOption long_options[] = {
+		{"help",	'h', POPT_ARG_NONE,   0, 'h'},
+		{"workgroup",	'w', POPT_ARG_STRING, &opt_target_workgroup},
+		{"myworkgroup",	'W', POPT_ARG_STRING, &opt_workgroup},
+		{"user",	'U', POPT_ARG_STRING, &opt_user_name, 'U'},
+		{"ipaddress",	'I', POPT_ARG_STRING, 0,'I'},
+		{"port",	'p', POPT_ARG_INT,    &opt_port},
+		{"myname",	'n', POPT_ARG_STRING, &opt_requester_name},
+		{"conf",	's', POPT_ARG_STRING, &servicesf},
+		{"debug",	'd', POPT_ARG_INT,    &debuglevel},
+		{"debuglevel",	'd', POPT_ARG_INT,    &debuglevel},
+		{"server",	'S', POPT_ARG_STRING, &opt_host},
+		{"comment",	'C', POPT_ARG_STRING, &opt_comment},
+		{"maxusers",	'M', POPT_ARG_INT,    &opt_maxusers},
+		{"flags",	'F', POPT_ARG_INT,    &opt_flags},
+		{"jobid",	'j', POPT_ARG_INT,    &opt_jobid},
+		{"long",	'l', POPT_ARG_NONE,   &opt_long_list_entries},
+		{"reboot",	'r', POPT_ARG_NONE,   &opt_reboot},
+		{"force",	'f', POPT_ARG_NONE,   &opt_force},
+		{"timeout",	't', POPT_ARG_INT,    &opt_timeout},
+		{ 0, 0, 0, 0}
+	};
+
+	zero_ip(&opt_dest_ip);
+
+	dbf = x_stderr;
+	
+	pc = poptGetContext(NULL, argc, (const char **) argv, long_options, 
+			    POPT_CONTEXT_KEEP_FIRST);
+	
+	while((opt = poptGetNextOpt(pc)) != -1) {
+		switch (opt) {
+		case 'h':
+			net_help(argc, argv);
+			exit(0);
+			break;
+		case 'I':
+			opt_dest_ip = *interpret_addr2(poptGetOptArg(pc));
+			if (is_zero_ip(opt_dest_ip))
+				d_printf("\nInvalid ip address specified\n");
+			else
+				opt_have_ip = True;
+			break;
+		case 'U':
+			opt_user_specified = True;
+			opt_user_name = strdup(opt_user_name);
+			p = strchr(opt_user_name,'%');
+			if (p) {
+				*p = 0;
+				opt_password = p+1;
+			}
+			break;
+		default:
+			d_printf("\nInvalid option %c (%d)\n", (char)opt, opt);
+			net_help(argc, argv);
+		}
+	}
+
+	lp_load(servicesf,True,False,False);       
+
+	DEBUGLEVEL = debuglevel;
+
+	argv_new = (const char **)poptGetArgs(pc);
+
+	argc_new = argc;
+	for (i=0; i<argc; i++) {
+		if (argv_new[i] == NULL) {
+			argc_new = i;
+			break;
+		}
+	}
+  	 
+	if (!opt_requester_name) {
+		static fstring myname;
+		get_myname(myname);
+		opt_requester_name = myname;
+	}
+
+	if (!opt_user_name && getenv("LOGNAME")) {
+		opt_user_name = getenv("LOGNAME");
+	}
+
+	if (!opt_workgroup) {
+		opt_workgroup = lp_workgroup();
+	}
+	
+	if (!opt_target_workgroup) {
+		opt_target_workgroup = lp_workgroup();
+	}
+	
+	if (!*global_myname) {
+		char *p2;
+
+		fstrcpy(global_myname, myhostname());
+		p2 = strchr_m(global_myname, '.');
+		if (p2) 
+                        *p2 = 0;
+	}
+	
+	strupper(global_myname);
+
+	load_interfaces();
+
+	rc = net_run_function(argc_new-1, argv_new+1, net_func, net_help);
+	
+	DEBUG(2,("return code = %d\n", rc));
+	return rc;
+}
diff --git a/source3/utils/net.h b/source3/utils/net.h
new file mode 100644
index 0000000000..af6f153f7b
--- /dev/null
+++ b/source3/utils/net.h
@@ -0,0 +1,51 @@
+/* 
+   Samba Unix/Linux SMB client library 
+   Distributed SMB/CIFS Server Management Utility 
+   Copyright (C) 2001 Andrew Bartlett (abartlet@samba.org)
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.  */
+ 
+#define NET_FLAGS_MASTER 1
+#define NET_FLAGS_DMB 2
+
+/* Would it be insane to set 'localhost' as the default
+   remote host for this operation? 
+
+   For example, localhost is insane for a 'join' operation.
+*/
+#define NET_FLAGS_LOCALHOST_DEFAULT_INSANE 4 
+
+/* We want to find the PDC only */
+#define NET_FLAGS_PDC 8 
+
+/* We want an anonymous connection */
+#define NET_FLAGS_ANONYMOUS 16 
+
+
+extern int opt_maxusers;
+extern char *opt_comment;
+extern int opt_flags;
+
+extern char *opt_comment;
+
+extern char *opt_target_workgroup;
+extern int opt_long_list_entries;
+extern int opt_reboot;
+extern int opt_force;
+extern int opt_timeout;
+extern char *opt_host;
+extern char *opt_user_name;
+extern char *opt_password;
+extern BOOL opt_user_specified;
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
new file mode 100644
index 0000000000..68fa89ea35
--- /dev/null
+++ b/source3/utils/net_ads.c
@@ -0,0 +1,787 @@
+/* 
+   Samba Unix/Linux SMB client library 
+   net ads commands
+   Copyright (C) 2001 Andrew Tridgell (tridge@samba.org)
+   Copyright (C) 2001 Remus Koos (remuskoos@yahoo.com)
+   Copyright (C) 2002 Jim McDonough (jmcd@us.ibm.com)
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.  
+*/
+
+#include "includes.h"
+#include "../utils/net.h"
+
+#ifdef HAVE_ADS
+
+int net_ads_usage(int argc, const char **argv)
+{
+	d_printf(
+"\nnet ads join <org_unit>"\
+"\n\tjoins the local machine to a ADS realm\n"\
+"\nnet ads leave"\
+"\n\tremoves the local machine from a ADS realm\n"\
+"\nnet ads user"\
+"\n\tlist users in the realm\n"\
+"\nnet ads group"\
+"\n\tlist groups in the realm\n"\
+"\nnet ads info"\
+"\n\tshows some info on the server\n"\
+"\nnet ads status"\
+"\n\tdump the machine account details to stdout\n"
+"\nnet ads password <username@realm> -Uadmin_username@realm%%admin_pass"\
+"\n\tchange a user's password using an admin account"
+"\n\t(note: use realm in UPPERCASE)\n"
+"\nnet ads chostpass"
+"\n\tchange the trust account password of this machine in the AD tree\n"
+"\nnet ads printer [info | publish | remove] <printername> <servername>"
+"\n\t lookup, add, or remove directory entry for a printer\n"
+		);
+	return -1;
+}
+
+
+static int net_ads_info(int argc, const char **argv)
+{
+	ADS_STRUCT *ads;
+
+	ads = ads_init(NULL, opt_host, NULL, NULL);
+	ads_connect(ads);
+
+	if (!ads) {
+		d_printf("Didn't find the ldap server!\n");
+		return -1;
+	}
+
+	d_printf("LDAP server: %s\n", ads->ldap_server);
+	d_printf("LDAP server name: %s\n", ads->ldap_server_name);
+	d_printf("Realm: %s\n", ads->realm);
+	d_printf("Bind Path: %s\n", ads->bind_path);
+	d_printf("LDAP port: %d\n", ads->ldap_port);
+
+	return 0;
+}
+
+
+static ADS_STRUCT *ads_startup(void)
+{
+	ADS_STRUCT *ads;
+	ADS_STATUS status;
+	BOOL need_password = False;
+	BOOL second_time = False;
+	
+	ads = ads_init(NULL, opt_host, NULL, NULL);
+
+	if (!opt_user_name) {
+		opt_user_name = "administrator";
+	}
+
+	if (opt_user_specified)
+		need_password = True;
+
+retry:
+	if (!opt_password && need_password) {
+		char *prompt;
+		asprintf(&prompt,"%s password: ", opt_user_name);
+		opt_password = getpass(prompt);
+		free(prompt);
+	}
+
+	if (opt_password)
+		ads->password = strdup(opt_password);
+
+	ads->user_name = strdup(opt_user_name);
+
+	status = ads_connect(ads);
+	if (!ADS_ERR_OK(status)) {
+		if (!need_password && !second_time) {
+			need_password = True;
+			second_time = True;
+			goto retry;
+		} else {
+			DEBUG(1,("ads_connect: %s\n", ads_errstr(status)));
+			return NULL;
+		}
+	}
+	return ads;
+}
+
+
+/*
+  Check to see if connection can be made via ads.
+  ads_startup() stores the password in opt_password if it needs to so
+  that rpc or rap can use it without re-prompting.
+*/
+int net_ads_check(void)
+{
+	ADS_STRUCT *ads;
+
+	ads = ads_startup();
+	if (!ads)
+		return -1;
+	ads_destroy(&ads);
+	return 0;
+}
+
+
+static void usergrp_display(char *field, void **values, void *data_area)
+{
+	char **disp_fields = (char **) data_area;
+
+	if (!field) { /* must be end of record */
+		if (!strchr_m(disp_fields[0], '$')) {
+			if (disp_fields[1])
+				printf("%-21.21s %-50.50s\n", 
+				       disp_fields[0], disp_fields[1]);
+			else
+				printf("%-21.21s\n", disp_fields[0]);
+		}
+		SAFE_FREE(disp_fields[0]);
+		SAFE_FREE(disp_fields[1]);
+		return;
+	}
+	if (StrCaseCmp(field, "sAMAccountName") == 0) {
+		disp_fields[0] = strdup(((struct berval *) values[0])->bv_val);
+	}
+	if (StrCaseCmp(field, "description") == 0)
+		disp_fields[1] = strdup(((struct berval *) values[0])->bv_val);
+}
+
+static int net_ads_user_usage(int argc, const char **argv)
+{
+	return net_help_user(argc, argv);
+} 
+
+static int ads_user_add(int argc, const char **argv)
+{
+	ADS_STRUCT *ads;
+	ADS_STATUS status;
+	void *res=NULL;
+	int rc = -1;
+
+	if (argc < 1) return net_ads_user_usage(argc, argv);
+	
+	if (!(ads = ads_startup())) return -1;
+
+	status = ads_find_user_acct(ads, &res, argv[0]);
+
+	if (!ADS_ERR_OK(status)) {
+		d_printf("ads_user_add: %s\n", ads_errstr(status));
+		goto done;
+	}
+	
+	if (ads_count_replies(ads, res)) {
+		d_printf("ads_user_add: User %s already exists\n", argv[0]);
+		ads_msgfree(ads, res);
+		goto done;
+	}
+
+	status = ads_add_user_acct(ads, argv[0], opt_comment);
+
+	if (ADS_ERR_OK(status)) {
+		d_printf("User %s added\n", argv[0]);
+		rc = 0;
+	} else {
+		d_printf("Could not add user %s: %s\n", argv[0],
+			 ads_errstr(status));
+	}
+
+ done:
+	if (res)
+		ads_msgfree(ads, res);
+	ads_destroy(&ads);
+	return rc;
+}
+
+static int ads_user_info(int argc, const char **argv)
+{
+	ADS_STRUCT *ads;
+	ADS_STATUS rc;
+	void *res;
+	const char *attrs[] = {"memberOf", NULL};
+	char *searchstring=NULL;
+	char **grouplist;
+
+	if (argc < 1) return net_ads_user_usage(argc, argv);
+	
+	if (!(ads = ads_startup())) return -1;
+
+	asprintf(&searchstring, "(sAMAccountName=%s)", argv[0]);
+	rc = ads_search(ads, &res, searchstring, attrs);
+	safe_free(searchstring);
+
+	if (!ADS_ERR_OK(rc)) {
+		d_printf("ads_search: %s\n", ads_errstr(rc));
+		return -1;
+	}
+	
+	grouplist = ldap_get_values(ads->ld, res, "memberOf");
+
+	if (grouplist) {
+		int i;
+		char **groupname;
+		for (i=0;grouplist[i];i++) {
+			groupname = ldap_explode_dn(grouplist[i], 1);
+			printf("%s\n", groupname[0]);
+			ldap_value_free(groupname);
+		}
+		ldap_value_free(grouplist);
+	}
+	
+	ads_msgfree(ads, res);
+
+	ads_destroy(&ads);
+	return 0;
+}
+
+static int ads_user_delete(int argc, const char **argv)
+{
+	ADS_STRUCT *ads;
+	ADS_STATUS rc;
+	void *res;
+	char *userdn;
+
+	if (argc < 1) return net_ads_user_usage(argc, argv);
+	
+	if (!(ads = ads_startup())) return -1;
+
+	rc = ads_find_user_acct(ads, &res, argv[0]);
+	if (!ADS_ERR_OK(rc)) {
+		DEBUG(0, ("User %s does not exist\n", argv[0]));
+		return -1;
+	}
+	userdn = ads_get_dn(ads, res);
+	ads_msgfree(ads, res);
+	rc = ads_del_dn(ads, userdn);
+	ads_memfree(ads, userdn);
+	if (!ADS_ERR_OK(rc)) {
+		d_printf("User %s deleted\n", argv[0]);
+		return 0;
+	}
+	d_printf("Error deleting user %s: %s\n", argv[0], 
+		 ads_errstr(rc));
+	return -1;
+}
+
+int net_ads_user(int argc, const char **argv)
+{
+	struct functable func[] = {
+		{"ADD", ads_user_add},
+		{"INFO", ads_user_info},
+		{"DELETE", ads_user_delete},
+		{NULL, NULL}
+	};
+	ADS_STRUCT *ads;
+	ADS_STATUS rc;
+	const char *shortattrs[] = {"sAMAccountName", NULL};
+	const char *longattrs[] = {"sAMAccountName", "description", NULL};
+	char *disp_fields[2] = {NULL, NULL};
+	
+	if (argc == 0) {
+		if (!(ads = ads_startup())) return -1;
+
+		if (opt_long_list_entries)
+			d_printf("\nUser name             Comment"\
+				 "\n-----------------------------\n");
+
+		rc = ads_do_search_all_fn(ads, ads->bind_path, 
+					  LDAP_SCOPE_SUBTREE,
+					  "(objectclass=user)", 
+					  opt_long_list_entries ? longattrs :
+					  shortattrs, usergrp_display, 
+					  disp_fields);
+		ads_destroy(&ads);
+		return 0;
+	}
+
+	return net_run_function(argc, argv, func, net_ads_user_usage);
+}
+
+static int net_ads_group(int argc, const char **argv)
+{
+	ADS_STRUCT *ads;
+	ADS_STATUS rc;
+	const char *shortattrs[] = {"sAMAccountName", NULL};
+	const char *longattrs[] = {"sAMAccountName", "description", NULL};
+	char *disp_fields[2] = {NULL, NULL};
+
+	if (!(ads = ads_startup())) return -1;
+
+	if (opt_long_list_entries)
+		d_printf("\nGroup name            Comment"\
+			 "\n-----------------------------\n");
+	rc = ads_do_search_all_fn(ads, ads->bind_path, LDAP_SCOPE_SUBTREE, 
+				  "(objectclass=group)", opt_long_list_entries
+				  ? longattrs : shortattrs, usergrp_display, 
+				  disp_fields);
+
+	ads_destroy(&ads);
+	return 0;
+}
+
+static int net_ads_status(int argc, const char **argv)
+{
+	ADS_STRUCT *ads;
+	ADS_STATUS rc;
+	extern pstring global_myname;
+	void *res;
+
+	if (!(ads = ads_startup())) return -1;
+
+	rc = ads_find_machine_acct(ads, &res, global_myname);
+	if (!ADS_ERR_OK(rc)) {
+		d_printf("ads_find_machine_acct: %s\n", ads_errstr(rc));
+		return -1;
+	}
+
+	if (ads_count_replies(ads, res) == 0) {
+		d_printf("No machine account for '%s' found\n", global_myname);
+		return -1;
+	}
+
+	ads_dump(ads, res);
+
+	return 0;
+}
+
+static int net_ads_leave(int argc, const char **argv)
+{
+	ADS_STRUCT *ads = NULL;
+	ADS_STATUS rc;
+	extern pstring global_myname;
+
+	if (!secrets_init()) {
+		DEBUG(1,("Failed to initialise secrets database\n"));
+		return -1;
+	}
+
+	if (!opt_password) {
+		asprintf(&opt_user_name, "%s$", global_myname);
+		opt_password = secrets_fetch_machine_password();
+	}
+
+	if (!(ads = ads_startup())) {
+		return -1;
+	}
+
+	rc = ads_leave_realm(ads, global_myname);
+	if (!ADS_ERR_OK(rc)) {
+	    d_printf("Failed to delete host '%s' from the '%s' realm.\n", 
+		     global_myname, ads->realm);
+	    return -1;
+	}
+
+	d_printf("Removed '%s' from realm '%s'\n", global_myname, ads->realm);
+
+	return 0;
+}
+
+int net_ads_join(int argc, const char **argv)
+{
+	ADS_STRUCT *ads;
+	ADS_STATUS rc;
+	char *password;
+	char *tmp_password;
+	extern pstring global_myname;
+	const char *org_unit = "Computers";
+	char *dn;
+	void *res;
+	DOM_SID dom_sid;
+	char *ou_str;
+
+	if (argc > 0) org_unit = argv[0];
+
+	if (!secrets_init()) {
+		DEBUG(1,("Failed to initialise secrets database\n"));
+		return -1;
+	}
+
+	tmp_password = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH);
+	password = strdup(tmp_password);
+
+	if (!(ads = ads_startup())) return -1;
+
+	ou_str = ads_ou_string(org_unit);
+	asprintf(&dn, "%s,%s", ou_str, ads->bind_path);
+	free(ou_str);
+
+	rc = ads_search_dn(ads, &res, dn, NULL);
+	ads_msgfree(ads, res);
+
+	if (rc.error_type == ADS_ERROR_LDAP && rc.rc == LDAP_NO_SUCH_OBJECT) {
+		d_printf("ads_join_realm: organizational unit %s does not exist (dn:%s)\n", 
+			 org_unit, dn);
+		return -1;
+	}
+	free(dn);
+
+	if (!ADS_ERR_OK(rc)) {
+		d_printf("ads_join_realm: %s\n", ads_errstr(rc));
+		return -1;
+	}	
+
+	rc = ads_join_realm(ads, global_myname, org_unit);
+	if (!ADS_ERR_OK(rc)) {
+		d_printf("ads_join_realm: %s\n", ads_errstr(rc));
+		return -1;
+	}
+
+	rc = ads_set_machine_password(ads, global_myname, password);
+	if (!ADS_ERR_OK(rc)) {
+		d_printf("ads_set_machine_password: %s\n", ads_errstr(rc));
+		return -1;
+	}
+
+	rc = ads_domain_sid(ads, &dom_sid);
+	if (!ADS_ERR_OK(rc)) {
+		d_printf("ads_domain_sid: %s\n", ads_errstr(rc));
+		return -1;
+	}
+
+	if (!secrets_store_domain_sid(lp_workgroup(), &dom_sid)) {
+		DEBUG(1,("Failed to save domain sid\n"));
+		return -1;
+	}
+
+	if (!secrets_store_machine_password(password)) {
+		DEBUG(1,("Failed to save machine password\n"));
+		return -1;
+	}
+
+	d_printf("Joined '%s' to realm '%s'\n", global_myname, ads->realm);
+
+	free(password);
+
+	return 0;
+}
+
+int net_ads_printer_usage(int argc, const char **argv)
+{
+	d_printf(
+"\nnet ads printer info <printer> <server>"
+"\n\tlookup info in directory for printer on server"
+"\n\t(note: printer defaults to \"*\", server defaults to local)\n"
+"\nnet ads printer publish <printername>"
+"\n\tpublish printer in directory"
+"\n\t(note: printer name is required)\n"
+"\nnet ads printer remove <printername>"
+"\n\tremove printer from directory"
+"\n\t(note: printer name is required)\n");
+	return -1;
+}
+
+static int net_ads_printer_info(int argc, const char **argv)
+{
+	ADS_STRUCT *ads;
+	ADS_STATUS rc;
+	char *servername, *printername;
+	extern pstring global_myname;
+	void *res = NULL;
+
+	if (!(ads = ads_startup())) return -1;
+
+	if (argc > 0)
+		printername = argv[0];
+	else
+		printername = "*";
+
+	if (argc > 1)
+		servername =  argv[1];
+	else
+		servername = global_myname;
+
+	rc = ads_find_printer_on_server(ads, &res, printername, servername);
+
+	if (!ADS_ERR_OK(rc)) {
+		d_printf("ads_find_printer_on_server: %s\n", ads_errstr(rc));
+		ads_msgfree(ads, res);
+		return -1;
+	}
+
+	if (ads_count_replies(ads, res) == 0) {
+		d_printf("Printer '%s' not found\n", printername);
+		ads_msgfree(ads, res);
+		return -1;
+	}
+
+	ads_dump(ads, res);
+	ads_msgfree(ads, res);
+
+	return 0;
+}
+
+static int net_ads_printer_publish(int argc, const char **argv)
+{
+        ADS_STRUCT *ads;
+        ADS_STATUS rc;
+	char *uncname, *servername;
+	ADS_PRINTER_ENTRY prt;
+	extern pstring global_myname;
+
+	/* 
+	   these const strings are only here as an example.  The attributes
+	   they represent are not implemented yet
+	*/
+	const char *bins[] = {"Tray 21", NULL};
+	const char *media[] = {"Letter", NULL};
+	const char *orients[] = {"PORTRAIT", NULL};
+	const char *ports[] = {"Samba", NULL};
+
+	if (!(ads = ads_startup())) return -1;
+
+	if (argc < 1)
+		return net_ads_printer_usage(argc, argv);
+
+	memset(&prt, 0, sizeof(ADS_PRINTER_ENTRY));
+
+	prt.printerName = argv[0];
+	asprintf(&servername, "%s.%s", global_myname, ads->realm);
+	prt.serverName = servername;
+	prt.shortServerName = global_myname;
+	prt.versionNumber = "4";
+	asprintf(&uncname, "\\\\%s\\%s", global_myname, argv[0]);
+	prt.uNCName=uncname;
+	prt.printBinNames = (char **) bins;
+	prt.printMediaSupported = (char **) media;
+	prt.printOrientationsSupported = (char **) orients;
+	prt.portName = (char **) ports;
+	prt.printSpooling = "PrintAfterSpooled";
+ 
+        rc = ads_add_printer(ads, &prt);
+        if (!ADS_ERR_OK(rc)) {
+                d_printf("ads_publish_printer: %s\n", ads_errstr(rc));
+                return -1;
+        }
+ 
+        d_printf("published printer\n");
+ 
+	return 0;
+}
+
+static int net_ads_printer_remove(int argc, const char **argv)
+{
+	ADS_STRUCT *ads;
+	ADS_STATUS rc;
+	char *servername, *prt_dn;
+	extern pstring global_myname;
+	void *res = NULL;
+
+	if (!(ads = ads_startup())) return -1;
+
+	if (argc < 1)
+		return net_ads_printer_usage(argc, argv);
+
+	if (argc > 1)
+		servername = argv[1];
+	else
+		servername = global_myname;
+
+	rc = ads_find_printer_on_server(ads, &res, argv[0], servername);
+
+	if (!ADS_ERR_OK(rc)) {
+		d_printf("ads_find_printer_on_server: %s\n", ads_errstr(rc));
+		ads_msgfree(ads, res);
+		return -1;
+	}
+
+	if (ads_count_replies(ads, res) == 0) {
+		d_printf("Printer '%s' not found\n", argv[1]);
+		ads_msgfree(ads, res);
+		return -1;
+	}
+
+	prt_dn = ads_get_dn(ads, res);
+	ads_msgfree(ads, res);
+	rc = ads_del_dn(ads, prt_dn);
+	ads_memfree(ads, prt_dn);
+
+	if (!ADS_ERR_OK(rc)) {
+		d_printf("ads_del_dn: %s\n", ads_errstr(rc));
+		return -1;
+	}
+
+	return 0;
+}
+
+static int net_ads_printer(int argc, const char **argv)
+{
+	struct functable func[] = {
+		{"INFO", net_ads_printer_info},
+		{"PUBLISH", net_ads_printer_publish},
+		{"REMOVE", net_ads_printer_remove},
+		{NULL, NULL}
+	};
+	
+	return net_run_function(argc, argv, func, net_ads_printer_usage);
+}
+
+
+static int net_ads_password(int argc, const char **argv)
+{
+    ADS_STRUCT *ads;
+    char *auth_principal = opt_user_name;
+    char *auth_password = opt_password;
+    char *realm = NULL;
+    char *new_password = NULL;
+    char *c;
+    char *prompt;
+    ADS_STATUS ret;
+
+    
+    if ((argc != 1) || (opt_user_name == NULL) || 
+	(opt_password == NULL) || (strchr(opt_user_name, '@') == NULL) ||
+	(strchr(argv[0], '@') == NULL)) {
+	return net_ads_usage(argc, argv);
+    }
+    
+    c = strchr(auth_principal, '@');
+    realm = ++c;
+
+    /* use the realm so we can eventually change passwords for users 
+    in realms other than default */
+    if (!(ads = ads_init(realm, NULL, NULL, NULL))) return -1;
+
+    asprintf(&prompt, "Enter new password for %s:", argv[0]);
+
+    new_password = getpass(prompt);
+
+    ret = kerberos_set_password(ads->kdc_server, auth_principal, 
+				auth_password, argv[0], new_password);
+    if (!ADS_ERR_OK(ret)) {
+	d_printf("Password change failed :-( ...\n");
+	ads_destroy(&ads);
+	free(prompt);
+	return -1;
+    }
+
+    d_printf("Password change for %s completed.\n", argv[0]);
+    ads_destroy(&ads);
+    free(prompt);
+
+    return 0;
+}
+
+
+static int net_ads_change_localhost_pass(int argc, const char **argv)
+{    
+    ADS_STRUCT *ads;
+    extern pstring global_myname;
+    char *host_principal;
+    char *hostname;
+    ADS_STATUS ret;
+
+
+    if (!(ads = ads_init(NULL, NULL, NULL, NULL))) return -1;
+
+    hostname = strdup(global_myname);
+    strlower(hostname);
+    asprintf(&host_principal, "%s@%s", hostname, ads->realm);
+    SAFE_FREE(hostname);
+    d_printf("Changing password for principal: HOST/%s\n", host_principal);
+    
+    ret = ads_change_trust_account_password(ads, host_principal);
+
+    if (!ADS_ERR_OK(ret)) {
+	d_printf("Password change failed :-( ...\n");
+	ads_destroy(&ads);
+	SAFE_FREE(host_principal);
+	return -1;
+    }
+    
+    d_printf("Password change for principal HOST/%s succeeded.\n", host_principal);
+    ads_destroy(&ads);
+    SAFE_FREE(host_principal);
+
+    return 0;
+}
+
+int net_ads_help(int argc, const char **argv)
+{
+	struct functable func[] = {
+		{"USER", net_ads_user_usage},
+#if 0
+		{"INFO", net_ads_info},
+		{"JOIN", net_ads_join},
+		{"LEAVE", net_ads_leave},
+		{"STATUS", net_ads_status},
+		{"GROUP", net_ads_group},
+		{"PASSWORD", net_ads_password},
+		{"CHOSTPASS", net_ads_change_localhost_pass},
+		{"PRINTER", net_ads_printer},
+#endif
+		{NULL, NULL}
+	};
+
+	return net_run_function(argc, argv, func, net_ads_usage);
+}
+
+int net_ads(int argc, const char **argv)
+{
+	struct functable func[] = {
+		{"INFO", net_ads_info},
+		{"JOIN", net_ads_join},
+		{"LEAVE", net_ads_leave},
+		{"STATUS", net_ads_status},
+		{"USER", net_ads_user},
+		{"GROUP", net_ads_group},
+		{"PASSWORD", net_ads_password},
+		{"CHOSTPASS", net_ads_change_localhost_pass},
+		{"PRINTER", net_ads_printer},
+		{"HELP", net_ads_help},
+		{NULL, NULL}
+	};
+	
+	return net_run_function(argc, argv, func, net_ads_usage);
+}
+
+#else
+
+static int net_ads_noads(void)
+{
+	d_printf("ADS support not compiled in\n");
+	return -1;
+}
+
+int net_ads_usage(int argc, const char **argv)
+{
+	return net_ads_noads();
+}
+
+int net_ads_help(int argc, const char **argv)
+{
+	return net_ads_noads();
+}
+
+int net_ads_join(int argc, const char **argv)
+{
+	return net_ads_noads();
+}
+
+int net_ads_user(int argc, const char **argv)
+{
+	return net_ads_noads();
+}
+
+/* this one shouldn't display a message */
+int net_ads_check(void)
+{
+	return -1;
+}
+
+int net_ads(int argc, const char **argv)
+{
+	return net_ads_usage(argc, argv);
+}
+
+#endif
diff --git a/source3/utils/net_help.c b/source3/utils/net_help.c
new file mode 100644
index 0000000000..21af8a4fd9
--- /dev/null
+++ b/source3/utils/net_help.c
@@ -0,0 +1,126 @@
+/* 
+   Samba Unix/Linux SMB client library 
+   net help commands
+   Copyright (C) 2002 Jim McDonough (jmcd@us.ibm.com)
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.  
+*/
+
+#include "includes.h"
+
+int net_common_methods_usage(int argc, const char**argv)
+{
+	d_printf("Valid methods: (auto-detected if not specified)\n");
+	d_printf("\tads\t\t\t\tActive Directory (LDAP/Kerberos)\n");
+	d_printf("\trpc\t\t\t\tDCE-RPC\n");
+	d_printf("\trap\t\t\t\tRAP (older systems)\n");
+	d_printf("\n");
+	return 0;
+}
+
+int net_common_flags_usage(int argc, const char **argv)
+{
+	d_printf("Valid targets: choose one (none defaults to localhost)\n");
+	d_printf("\t-S or --server=<server>\t\tserver name\n");
+	d_printf("\t-I or --ipaddress=<ipaddr>\taddress of target server\n");
+	d_printf("\t-w or --workgroup=<wg>\t\ttarget workgroup or domain\n");
+
+	d_printf("\n");
+	d_printf("Valid miscellaneous options are:\n"); /* misc options */
+	d_printf("\t-p or --port=<port>\t\tconnection port on target\n");
+	d_printf("\t-W or --myworkgroup=<wg>\tclient workgroup\n");
+	d_printf("\t-d or --debug=<level>\t\tdebug level (0-10)\n");
+	d_printf("\t-n or --myname=<name>\t\tclient name\n");
+	d_printf("\t-U or --user=<name>\t\tuser name\n");
+	d_printf("\t-s or --conf=<path>\t\tpathname of smb.conf file\n");
+	d_printf("\t-l or --long\t\t\tDisplay full information\n");
+	return -1;
+}
+
+static int help_usage(int argc, const char **argv)
+{
+	d_printf(
+"\n"\
+"Usage: net help <function>\n"\
+"\n"\
+"Valid functions are:\n"\
+"  RPC RAP ADS FILE SHARE SESSION SERVER DOMAIN PRINTQ USER GROUP VALIDATE\n"\
+"  GROUPMEMBER ADMIN SERVICE PASSWORD TIME LOOKUP\n");
+	return -1;
+}
+
+int net_help_user(int argc, const char **argv)
+{
+	d_printf("\nnet [method] user [misc. options] [targets]\n\tList users\n");
+	d_printf("\nnet [method] user DELETE <name> [misc. options] [targets]"\
+		 "\n\tDelete specified user\n");
+	d_printf("\nnet [method] user INFO <name> [misc. options] [targets]"\
+		 "\n\tList the domain groups of the specified user\n");
+	d_printf("\nnet [method] user ADD <name> [-F user flags] [misc. options]"\
+		 " [targets]\n\tAdd specified user\n");
+
+	net_common_methods_usage(argc, argv);
+	net_common_flags_usage(argc, argv);
+	d_printf(
+	 "\t-C or --comment=<comment>\tdescriptive comment (for add only)\n");
+	return -1;
+}
+
+static int net_usage(int argc, const char **argv)
+{
+	d_printf("  net time\t\tto view or set time information\n"\
+		 "  net lookup\t\tto lookup host name or ip address\n"\
+		 "  net user\t\tto manage users\n"\
+		 "  net join\t\tto join a domain\n"\
+		 "\n"\
+		 "  net ads [command]\tto run ADS commands\n"\
+		 "  net rap [command]\tto run RAP (pre-RPC) commands\n"\
+		 "  net rpc [command]\tto run RPC commands\n"\
+		 "\n"\
+		 "Type \"net help <option>\" to get more information on that option\n");
+	return -1;
+}
+
+/*
+  handle "net help *" subcommands
+*/
+int net_help(int argc, const char **argv)
+{
+	struct functable func[] = {
+		{"ADS", net_ads_help},	
+		{"RAP", net_rap_help},
+		{"RPC", net_rpc_help},
+
+		{"FILE", net_rap_file_usage},
+		{"SHARE", net_rap_share_usage},
+		{"SESSION", net_rap_session_usage},
+		{"SERVER", net_rap_server_usage},
+		{"DOMAIN", net_rap_domain_usage},
+		{"PRINTQ", net_rap_printq_usage},
+		{"USER", net_help_user},
+		{"GROUP", net_rap_group_usage},
+		{"VALIDATE", net_rap_validate_usage},
+		{"GROUPMEMBER", net_rap_groupmember_usage},
+		{"ADMIN", net_rap_admin_usage},
+		{"SERVICE", net_rap_service_usage},
+		{"PASSWORD", net_rap_password_usage},
+		{"TIME", net_time_usage},
+		{"LOOKUP", net_lookup_usage},
+
+		{"HELP", help_usage},
+		{NULL, NULL}};
+
+	return net_run_function(argc, argv, func, net_usage);
+}
diff --git a/source3/utils/net_lookup.c b/source3/utils/net_lookup.c
new file mode 100644
index 0000000000..0cc1ff579f
--- /dev/null
+++ b/source3/utils/net_lookup.c
@@ -0,0 +1,61 @@
+/* 
+   Samba Unix/Linux SMB client library 
+   net lookup command
+   Copyright (C) 2001 Andrew Tridgell (tridge@samba.org)
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.  */
+
+#include "includes.h"
+#include "../utils/net.h"
+
+int net_lookup_usage(int argc, const char **argv)
+{
+	d_printf(
+"  net lookup host HOSTNAME <type>\n\tgives IP for a hostname\n\n"\
+"\n");
+	return -1;
+}
+
+/* lookup a hostname giving an IP */
+static int net_lookup_host(int argc, const char **argv)
+{
+	struct in_addr ip;
+	int name_type = 0x20;
+
+	if (argc == 0) return net_lookup_usage(argc, argv);
+	if (argc > 1) name_type = strtol(argv[1], NULL, 0);
+
+	if (!resolve_name(argv[0], &ip, name_type)) {
+		/* we deliberately use DEBUG() here to send it to stderr 
+		   so scripts aren't mucked up */
+		DEBUG(0,("Didn't find %s#%02x\n", argv[0], name_type));
+		return -1;
+	}
+
+	d_printf("%s\n", inet_ntoa(ip));
+	return 0;
+}
+
+
+/* lookup hosts or IP addresses using internal samba lookup fns */
+int net_lookup(int argc, const char **argv)
+{
+	struct functable func[] = {
+		{"HOST", net_lookup_host},
+		{NULL, NULL}
+	};
+
+	return net_run_function(argc, argv, func, net_lookup_usage);
+}
diff --git a/source3/utils/net_rap.c b/source3/utils/net_rap.c
new file mode 100644
index 0000000000..a6b199fd88
--- /dev/null
+++ b/source3/utils/net_rap.c
@@ -0,0 +1,1084 @@
+/* 
+   Samba Unix/Linux SMB client library 
+   Distributed SMB/CIFS Server Management Utility 
+   Copyright (C) 2001 Steve French  (sfrench@us.ibm.com)
+   Copyright (C) 2001 Jim McDonough (jmcd@us.ibm.com)
+   Copyright (C) 2001 Andrew Tridgell (tridge@samba.org)
+   Copyright (C) 2001 Andrew Bartlett (abartlet@samba.org)
+
+   Originally written by Steve and Jim. Largely rewritten by tridge in
+   November 2001.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.  */
+
+#include "includes.h"
+#include "../utils/net.h"
+
+/* The following messages were for error checking that is not properly 
+   reported at the moment.  Which should be reinstated? */
+#define ERRMSG_TARGET_WG_NOT_VALID      "\nTarget workgroup option not valid "\
+					"except on net rap server command, ignored"
+#define ERRMSG_INVALID_HELP_OPTION	"\nInvalid help option\n"
+
+#define ERRMSG_BOTH_SERVER_IPADDRESS    "\nTarget server and IP address both "\
+  "specified. Do not set both at the same time.  The target IP address was used\n"
+
+static const char *share_type[] = {
+  "Disk",
+  "Print",
+  "Dev",
+  "IPC"
+};
+
+static int errmsg_not_implemented(void)
+{
+	d_printf("\nNot implemented\n");
+	return 0;
+}
+
+int net_rap_file_usage(int argc, const char **argv)
+{
+	d_printf("net rap file [misc. options] [targets]\n"\
+		 "\tlists all open files on file server\n\n");
+	d_printf("net rap file USER <username> [misc. options] [targets]\n"\
+		 "\tlists all files opened by username on file server\n\n");
+	d_printf("net rap file CLOSE <id> [misc. options] [targets]\n"\
+		 "\tcloses specified file on target server\n");
+
+	net_common_flags_usage(argc, argv);
+	return -1;
+}
+
+/***************************************************************************
+  list info on an open file
+***************************************************************************/
+static void file_fn(const char * pPath, const char * pUser, uint16 perms, 
+		    uint16 locks, uint32 id)
+{
+	d_printf("\t%-7.1d %-20.20s 0x%-4.2x %-6.1d %s\n",
+		 id, pUser, perms, locks, pPath);
+}
+
+static void one_file_fn(const char *pPath, const char *pUser, uint16 perms, 
+			uint16 locks, uint32 id)
+{
+	d_printf("File ID          %d\n"\
+		 "User name        %s\n"\
+		 "Locks            0x%-4.2x\n"\
+		 "Path             %s\n"\
+		 "Permissions      0x%x\n",
+		 id, pUser, locks, pPath, perms);
+}
+
+
+static int rap_file_close(int argc, const char **argv)
+{
+	struct cli_state *cli;
+	int ret;
+	if (argc == 0) {
+		d_printf("\nMissing fileid of file to close\n\n");
+		return net_rap_file_usage(argc, argv);
+	}
+
+	if (!(cli = net_make_ipc_connection(0))) 
+                return -1;
+
+	ret = cli_NetFileClose(cli, atoi(argv[0]));
+	cli_shutdown(cli);
+	return ret;
+}
+
+static int rap_file_info(int argc, const char **argv)
+{
+	struct cli_state *cli;
+	int ret;
+	if (argc == 0)
+		return net_rap_file_usage(argc, argv);
+	
+	if (!(cli = net_make_ipc_connection(0))) 
+                return -1;
+
+	ret = cli_NetFileGetInfo(cli, atoi(argv[0]), one_file_fn);
+	cli_shutdown(cli);
+	return ret;
+}
+
+static int rap_file_user(int argc, const char **argv)
+{
+	if (argc == 0)
+		return net_rap_file_usage(argc, argv);
+
+	d_printf("net rap file user not implemented yet\n");
+	return -1;
+}
+
+int net_rap_file(int argc, const char **argv)
+{
+	struct functable func[] = {
+		{"CLOSE", rap_file_close},
+		{"USER", rap_file_user},
+		{"INFO", rap_file_info},
+		{NULL, NULL}
+	};
+	
+	if (argc == 0) {
+		struct cli_state *cli;
+		int ret;
+		
+		if (!(cli = net_make_ipc_connection(0))) 
+                        return -1;
+
+		/* list open files */
+		d_printf(
+		 "\nEnumerating open files on remote server:\n\n"\
+		 "\n\tFileId  Opened by            Perms  Locks  Path \n"\
+		 "\t------  ---------            -----  -----  ---- \n");
+		ret = cli_NetFileEnum(cli, NULL, NULL, file_fn);
+		cli_shutdown(cli);
+		return ret;
+	}
+	
+	return net_run_function(argc, argv, func, net_rap_file_usage);
+}
+		       
+int net_rap_share_usage(int argc, const char **argv)
+{
+	d_printf(
+	 "\nnet [rap] share [misc. options] [targets] \n"\
+	 "\tenumerates all exported resources (network shares) "\
+	 "on target server\n");
+	d_printf(
+	 "\nnet rap share ADD <name=serverpath> [misc. options] [targets]"\
+	 "\n\tAdds a share from a server (makes the export active)\n");
+	d_printf(
+	 "\nnet rap share DELETE <sharename> [misc. options] [targets]\n"\
+	 "\tor"\
+	 "\nnet rap share CLOSE <sharename> [misc. options] [targets]"\
+	 "\n\tDeletes a share from a server (makes the export inactive)\n");
+	net_common_flags_usage(argc, argv);
+	d_printf(
+	 "\t-C or --comment=<comment>\tdescriptive comment (for add only)\n");
+	d_printf("\t-M or --maxusers=<num>\t\tmax users allowed for share\n");
+	return -1;
+}
+
+static void long_share_fn(const char *share_name, uint32 type, 
+			  const char *comment, void *state)
+{
+	d_printf("%-12.12s %-8.8s %-50.50s\n",
+		 share_name, share_type[type], comment);
+}
+
+static void share_fn(const char *share_name, uint32 type, 
+		     const char *comment, void *state)
+{
+	d_printf("%-12.12s\n", share_name);
+}
+
+static int rap_share_delete(int argc, const char **argv)
+{
+	struct cli_state *cli;
+	int ret;
+	
+	if (argc == 0) {
+		d_printf("\n\nShare name not specified\n");
+		return net_rap_share_usage(argc, argv);
+	}
+
+	if (!(cli = net_make_ipc_connection(0))) 
+                return -1;
+
+	ret = cli_NetShareDelete(cli, argv[0]);
+	cli_shutdown(cli);
+	return ret;
+}
+
+static int rap_share_add(int argc, const char **argv)
+{
+	struct cli_state *cli;
+	int ret;
+	
+	RAP_SHARE_INFO_2 sinfo;
+	char *p;
+	char *sharename;
+
+	if (argc == 0) {
+		d_printf("\n\nShare name not specified\n");
+		return net_rap_share_usage(argc, argv);
+	}
+			
+	if (!(cli = net_make_ipc_connection(0))) 
+                return -1;
+
+	sharename = strdup(argv[0]);
+	p = strchr(sharename, '=');
+	*p = 0;
+	strlcpy(sinfo.share_name, sharename, sizeof(sinfo.share_name));
+	sinfo.reserved1 = '\0';
+	sinfo.share_type = 0;
+	sinfo.comment = opt_comment;
+	sinfo.perms = 0;
+	sinfo.maximum_users = opt_maxusers;
+	sinfo.active_users = 0;
+	sinfo.path = p+1;
+	memset(sinfo.password, '\0', sizeof(sinfo.password));
+	sinfo.reserved2 = '\0';
+	
+	ret = cli_NetShareAdd(cli, &sinfo);
+	cli_shutdown(cli);
+	return ret;
+}
+
+
+int net_rap_share(int argc, const char **argv)
+{
+	struct functable func[] = {
+		{"DELETE", rap_share_delete},
+		{"CLOSE", rap_share_delete},
+		{"ADD", rap_share_add},
+		{NULL, NULL}
+	};
+
+	if (argc == 0) {
+		struct cli_state *cli;
+		int ret;
+		
+		if (!(cli = net_make_ipc_connection(0))) 
+			return -1;
+		
+		if (opt_long_list_entries) {
+			d_printf(
+	"\nEnumerating shared resources (exports) on remote server:\n\n"\
+	"\nShare name   Type     Description\n"\
+	"----------   ----     -----------\n");
+			ret = cli_RNetShareEnum(cli, long_share_fn, NULL);
+		}
+		ret = cli_RNetShareEnum(cli, share_fn, NULL);
+		cli_shutdown(cli);
+		return ret;
+	}
+
+	return net_run_function(argc, argv, func, net_rap_share_usage);
+}
+		    
+		
+int net_rap_session_usage(int argc, const char **argv)
+{
+	d_printf(
+	 "\nnet rap session [misc. options] [targets]"\
+	 "\n\tenumerates all active SMB/CIFS sessions on target server\n");
+	d_printf(
+	 "\nnet rap session DELETE <client_name> [misc. options] [targets] \n"\
+	 "\tor"\
+	 "\nnet rap session CLOSE <client_name> [misc. options] [targets]"\
+	 "\n\tDeletes (closes) a session from specified client to server\n");
+
+	net_common_flags_usage(argc, argv);
+	return -1;
+}
+    
+static void list_sessions_func(char *wsname, char *username, uint16 conns,
+			uint16 opens, uint16 users, uint32 sess_time,
+			uint32 idle_time, uint32 user_flags, char *clitype)
+{
+	int hrs = idle_time / 3600;
+	int min = (idle_time / 60) % 60;
+	int sec = idle_time % 60;
+	
+	d_printf("\\\\%-18.18s %-20.20s %-18.18s %5d %2.2d:%2.2d:%2.2d\n",
+		 wsname, username, clitype, opens, hrs, min, sec);
+}
+
+static void display_session_func(const char *wsname, const char *username, 
+				 uint16 conns, uint16 opens, uint16 users, 
+				 uint32 sess_time, uint32 idle_time, 
+				 uint32 user_flags, const char *clitype)
+{
+	int ihrs = idle_time / 3600;
+	int imin = (idle_time / 60) % 60;
+	int isec = idle_time % 60;
+	int shrs = sess_time / 3600;
+	int smin = (sess_time / 60) % 60;
+	int ssec = sess_time % 60;
+	d_printf("User name       %-20.20s\n"\
+		 "Computer        %-20.20s\n"\
+		 "Guest logon     %-20.20s\n"\
+		 "Client Type     %-40.40s\n"\
+		 "Sess time       %2.2d:%2.2d:%2.2d\n"\
+		 "Idle time       %2.2d:%2.2d:%2.2d\n", 
+		 username, wsname, 
+		 (user_flags&0x0)?"yes":"no", clitype,
+		 shrs, smin, ssec, ihrs, imin, isec);
+}
+
+static void display_conns_func(uint16 conn_id, uint16 conn_type, uint16 opens,
+			       uint16 users, uint32 conn_time,
+			       const char *username, const char *netname)
+{
+	d_printf("%-14.14s %-8.8s %5d\n",
+		 netname, share_type[conn_type], opens);
+}
+
+static int rap_session_info(int argc, const char **argv)
+{
+	const char *sessname;
+	struct cli_state *cli;
+	int ret;
+	
+	if (!(cli = net_make_ipc_connection(0))) 
+                return -1;
+
+	if (argc == 0) 
+                return net_rap_session_usage(argc, argv);
+
+	sessname = argv[0];
+
+	ret = cli_NetSessionGetInfo(cli, sessname, display_session_func);
+	if (ret < 0) {
+		cli_shutdown(cli);
+                return ret;
+	}
+
+	d_printf("Share name     Type     # Opens\n-------------------------"\
+		 "-----------------------------------------------------\n");
+	ret = cli_NetConnectionEnum(cli, sessname, display_conns_func);
+	cli_shutdown(cli);
+	return ret;
+}
+
+static int rap_session_delete(int argc, const char **argv)
+{
+	struct cli_state *cli;
+	int ret;
+	
+	if (!(cli = net_make_ipc_connection(0))) 
+                return -1;
+
+	if (argc == 0) 
+                return net_rap_session_usage(argc, argv);
+
+	ret = cli_NetSessionDel(cli, argv[0]);
+	cli_shutdown(cli);
+	return ret;
+}
+
+int net_rap_session(int argc, const char **argv)
+{
+	struct functable func[] = {
+		{"INFO", rap_session_info},
+		{"DELETE", rap_session_delete},
+		{"CLOSE", rap_session_delete},
+		{NULL, NULL}
+	};
+
+	if (argc == 0) {
+		struct cli_state *cli;
+		int ret;
+		
+		if (!(cli = net_make_ipc_connection(0))) 
+			return -1;
+
+		d_printf("Computer             User name            "\
+			 "Client Type        Opens Idle time\n"\
+			 "------------------------------------------"\
+			 "------------------------------------\n");
+		ret = cli_NetSessionEnum(cli, list_sessions_func);
+
+		cli_shutdown(cli);
+		return ret;
+	}
+
+	return net_run_function(argc, argv, func, net_rap_session_usage);
+}
+	
+/****************************************************************************
+list a server name
+****************************************************************************/
+static void display_server_func(const char *name, uint32 m,
+				const char *comment, void * reserved)
+{
+	d_printf("\t%-16.16s     %s\n", name, comment);
+}
+
+
+int net_rap_server_usage(int argc, const char **argv)
+{
+	d_printf("net rap server [misc. options] [target]\n\t"\
+		 "lists the servers in the specified domain or workgroup.\n");
+	d_printf("\n\tIf domain is not specified, it uses the current"\
+		 " domain or workgroup as\n\tthe default.\n");
+
+	net_common_flags_usage(argc, argv);
+	return -1;
+}
+		    
+int net_rap_server(int argc, const char **argv)
+{
+	struct cli_state *cli;
+	int ret;
+	
+	if (!(cli = net_make_ipc_connection(0))) 
+                return -1;
+
+	d_printf("\nEnumerating servers in this domain or workgroup: \n\n"\
+		 "\tServer name          Server description\n"\
+		 "\t-------------        ----------------------------\n");
+
+	ret = cli_NetServerEnum(cli, cli->server_domain, SV_TYPE_ALL, 
+				display_server_func,NULL); 
+	cli_shutdown(cli);
+	return ret;	
+}
+		      
+int net_rap_domain_usage(int argc, const char **argv)
+{
+	d_printf("net rap domain [misc. options] [target]\n\tlists the"\
+		 " domains or workgroups visible on the current network\n");
+
+	net_common_flags_usage(argc, argv);
+	return -1;
+}
+
+		  
+int net_rap_domain(int argc, const char **argv)
+{
+	struct cli_state *cli;
+	int ret;
+	
+	if (!(cli = net_make_ipc_connection(0))) 
+                return -1;
+
+	d_printf("\nEnumerating domains:\n\n"\
+		 "\tDomain name          Server name of Browse Master\n"\
+		 "\t-------------        ----------------------------\n");
+
+	ret = cli_NetServerEnum(cli, cli->server_domain, SV_TYPE_DOMAIN_ENUM,
+				display_server_func,NULL);	
+	cli_shutdown(cli);
+	return ret;	
+}
+		      
+int net_rap_printq_usage(int argc, const char **argv)
+{
+	d_printf(
+	 "net rap printq [misc. options] [targets]\n"\
+	 "\tor\n"\
+	 "net rap printq list [<queue_name>] [misc. options] [targets]\n"\
+	 "\tlists the specified queue and jobs on the target server.\n"\
+	 "\tIf the queue name is not specified, all queues are listed.\n\n");
+	d_printf(
+	 "net rap printq delete [<queue name>] [misc. options] [targets]\n"\
+	 "\tdeletes the specified job number on the target server, or the\n"\
+	 "\tprinter queue if no job number is specified\n");
+
+	net_common_flags_usage(argc, argv);
+        d_printf("\t-j or --jobid=<job id>\t\tjob id\n");
+
+	return -1;
+}	
+
+static void enum_queue(const char *queuename, uint16 pri, uint16 start, 
+		       uint16 until, const char *sep, const char *pproc, 
+		       const char *dest, const char *qparms, 
+		       const char *qcomment, uint16 status, uint16 jobcount) 
+{
+	d_printf("%-17.17s Queue %5d jobs                      ",
+		 queuename, jobcount);
+
+	switch (status) {
+	case 0:
+		d_printf("*Printer Active*\n");
+		break;
+	case 1:
+		d_printf("*Printer Paused*\n");
+		break;
+	case 2:
+		d_printf("*Printer error*\n");
+		break;
+	case 3:
+		d_printf("*Delete Pending*\n");
+		break;
+	default:
+		d_printf("**UNKNOWN STATUS**\n");
+	}
+}
+
+static void enum_jobs(uint16 jobid, const char *ownername, 
+		      const char *notifyname, const char *datatype,
+		      const char *jparms, uint16 pos, uint16 status, 
+		      const char *jstatus, uint submitted, uint jobsize, 
+		      const char *comment)
+{
+	d_printf("     %-23.23s %5d %9d            ",
+		 ownername, jobid, jobsize);
+	switch (status) {
+	case 0:
+		d_printf("Waiting\n");
+		break;
+	case 1:
+		d_printf("Held in queue\n");
+		break;
+	case 2:
+		d_printf("Spooling\n");
+		break;
+	case 3:
+		d_printf("Printing\n");
+		break;
+	default:
+		d_printf("**UNKNOWN STATUS**\n");
+	}
+}
+
+#define PRINTQ_ENUM_DISPLAY \
+    "Print queues at \\\\%s\n\n"\
+    "Name                         Job #      Size            Status\n\n"\
+    "------------------------------------------------------------------"\
+    "-------------\n"
+
+static int rap_printq_info(int argc, const char **argv)
+{
+	struct cli_state *cli;
+	int ret;
+	
+	if (argc == 0) 
+                return net_rap_printq_usage(argc, argv);
+
+	if (!(cli = net_make_ipc_connection(0))) 
+                return -1;
+
+	d_printf(PRINTQ_ENUM_DISPLAY, cli->desthost); /* list header */
+	ret = cli_NetPrintQGetInfo(cli, argv[0], enum_queue, enum_jobs);
+	cli_shutdown(cli);
+	return ret;
+}
+
+static int rap_printq_delete(int argc, const char **argv)
+{
+	struct cli_state *cli;
+	int ret;
+	
+	if (argc == 0) 
+                return net_rap_printq_usage(argc, argv);
+
+	if (!(cli = net_make_ipc_connection(0))) 
+                return -1;
+
+	ret = cli_printjob_del(cli, atoi(argv[0]));
+	cli_shutdown(cli);
+	return ret;
+}
+
+int net_rap_printq(int argc, const char **argv)
+{
+	struct cli_state *cli;
+	int ret;
+	
+	struct functable func[] = {
+		{"INFO", rap_printq_info},
+		{"DELETE", rap_printq_delete},
+		{NULL, NULL}
+	};
+
+	if (argc == 0) {
+		if (!(cli = net_make_ipc_connection(0))) 
+			return -1;
+
+		d_printf(PRINTQ_ENUM_DISPLAY, cli->desthost); /* list header */
+		ret = cli_NetPrintQEnum(cli, enum_queue, enum_jobs);
+		cli_shutdown(cli);
+		return ret;
+	}
+
+	return net_run_function(argc, argv, func, net_rap_printq_usage);
+}
+
+	
+static int net_rap_user_usage(int argc, const char **argv)
+{
+	return net_help_user(argc, argv);
+} 
+	
+static void user_fn(const char *user_name, const char *comment,
+		    const char * home_dir, const char * logon_script,
+		    void *state)
+{
+	d_printf("%-21.21s\n", user_name);
+}
+
+static void long_user_fn(const char *user_name, const char *comment,
+			 const char * home_dir, const char * logon_script, 
+			 void *state)
+{
+	d_printf("%-21.21s %-50.50s\n",
+		 user_name, comment);
+}
+
+static void group_member_fn(const char *user_name, void *state)
+{
+	d_printf("%-21.21s\n", user_name);
+}
+
+static int rap_user_delete(int argc, const char **argv)
+{
+	struct cli_state *cli;
+	int ret;
+	
+	if (argc == 0) {
+		d_printf("\n\nUser name not specified\n");
+                return net_rap_user_usage(argc, argv);
+	}
+
+	if (!(cli = net_make_ipc_connection(0))) 
+                return -1;
+
+	ret = cli_NetUserDelete(cli, argv[0]);
+	cli_shutdown(cli);
+	return ret;
+}
+
+static int rap_user_add(int argc, const char **argv)
+{
+	struct cli_state *cli;
+	int ret;
+	RAP_USER_INFO_1 userinfo;
+
+	if (argc == 0) {
+		d_printf("\n\nUser name not specified\n");
+                return net_rap_user_usage(argc, argv);
+	}
+
+	if (!(cli = net_make_ipc_connection(0)))
+                return -1;
+			
+	safe_strcpy(userinfo.user_name, argv[0], sizeof(userinfo.user_name));
+	if (opt_flags == -1) 
+                opt_flags = 0x21; 
+			
+	userinfo.userflags = opt_flags;
+	userinfo.reserved1 = '\0';
+	userinfo.comment = opt_comment;
+	userinfo.priv = 1; 
+	userinfo.home_dir = NULL;
+	userinfo.logon_script = NULL;
+	
+	ret = cli_NetUserAdd(cli, &userinfo);
+	cli_shutdown(cli);
+	return ret;
+}
+
+static int rap_user_info(int argc, const char **argv)
+{
+	struct cli_state *cli;
+	int ret;
+	if (argc == 0) {
+		d_printf("\n\nUser name not specified\n");
+                return net_rap_user_usage(argc, argv);
+	}
+
+	if (!(cli = net_make_ipc_connection(0)))
+                return -1;
+
+	ret = cli_NetUserGetGroups(cli, argv[0], group_member_fn, NULL);
+	cli_shutdown(cli);
+	return ret;
+}
+
+int net_rap_user(int argc, const char **argv)
+{
+	int ret = -1;
+	struct functable func[] = {
+		{"ADD", rap_user_add},
+		{"INFO", rap_user_info},
+		{"DELETE", rap_user_delete},
+		{NULL, NULL}
+	};
+
+	if (argc == 0) {
+		struct cli_state *cli;
+		if (!(cli = net_make_ipc_connection(0)))
+                        goto done;
+		if (opt_long_list_entries) {
+			d_printf("\nUser name             Comment"\
+				 "\n-----------------------------\n");
+			ret = cli_RNetUserEnum(cli, long_user_fn, NULL);
+			cli_shutdown(cli);
+			goto done;
+		}
+		ret = cli_RNetUserEnum(cli, user_fn, NULL); 
+		cli_shutdown(cli);
+		goto done;
+	}
+
+	ret = net_run_function(argc, argv, func, net_rap_user_usage);
+ done:
+	if (ret != 0) {
+		DEBUG(1, ("Net user returned: %d\n", ret));
+	}
+	return ret;
+}
+
+
+int net_rap_group_usage(int argc, const char **argv)
+{
+	d_printf("net rap group [misc. options] [targets]"\
+		 "\n\tList user groups\n");
+	d_printf("\nnet rap group DELETE <name> [misc. options] [targets]"\
+		 "\n\tDelete specified group\n");
+	d_printf("\nnet rap group ADD <name> [-C comment] [misc. options]"\
+		 " [targets]\n\tCreate specified group\n");
+
+	net_common_flags_usage(argc, argv);
+	d_printf(
+	 "\t-C or --comment=<comment>\tdescriptive comment (for add only)\n");
+	return -1;
+}
+
+static void long_group_fn(const char *group_name, const char *comment,
+			  void *state)
+{
+	d_printf("%-21.21s %-50.50s\n", group_name, comment);
+}
+
+static void group_fn(const char *group_name, const char *comment, void *state)
+{
+	d_printf("%-21.21s\n", group_name);
+}
+
+static int rap_group_delete(int argc, const char **argv)
+{
+	struct cli_state *cli;
+	int ret;
+	if (argc == 0) {
+		d_printf("\n\nGroup name not specified\n");
+                return net_rap_group_usage(argc, argv);
+	}
+
+	if (!(cli = net_make_ipc_connection(0)))
+                return -1;
+
+	ret = cli_NetGroupDelete(cli, argv[0]);
+	cli_shutdown(cli);
+	return ret;
+}
+
+static int rap_group_add(int argc, const char **argv)
+{
+	struct cli_state *cli;
+	int ret;
+	RAP_GROUP_INFO_1 grinfo;
+
+	if (argc == 0) {
+		d_printf("\n\nGroup name not specified\n");
+                return net_rap_group_usage(argc, argv);
+	}
+
+	if (!(cli = net_make_ipc_connection(0)))
+                return -1;
+			
+	/* BB check for length 21 or smaller explicitly ? BB */
+	safe_strcpy(grinfo.group_name, argv[0], sizeof(grinfo.group_name));
+	grinfo.reserved1 = '\0';
+	grinfo.comment = opt_comment;
+	
+	ret = cli_NetGroupAdd(cli, &grinfo);
+	cli_shutdown(cli);
+	return ret;
+}
+
+int net_rap_group(int argc, const char **argv)
+{
+	struct functable func[] = {
+		{"ADD", rap_group_add},
+		{"DELETE", rap_group_delete},
+		{NULL, NULL}
+	};
+
+	if (argc == 0) {
+		struct cli_state *cli;
+		int ret;
+		if (!(cli = net_make_ipc_connection(0)))
+                        return -1;
+		if (opt_long_list_entries) {
+			d_printf("Group name            Comment\n");
+			d_printf("-----------------------------\n");
+			ret = cli_RNetGroupEnum(cli, long_group_fn, NULL);
+			cli_shutdown(cli);
+			return ret;
+		}
+		ret = cli_RNetGroupEnum(cli, group_fn, NULL); 
+		cli_shutdown(cli);
+		return ret;
+	}
+
+	return net_run_function(argc, argv, func, net_rap_group_usage);
+}
+
+int net_rap_groupmember_usage(int argc, const char **argv)
+{
+	d_printf(
+	 "net rap groupmember LIST <group> [misc. options] [targets]"\
+	 "\n\t Enumerate users in a group\n"\
+	 "\nnet rap groupmember DELETE <group> <user> [misc. options] "\
+	 "[targets]\n\t Delete sepcified user from specified group\n"\
+	 "\nnet rap groupmember ADD <group> <user> [misc. options] [targets]"\
+	 "\n\t Add specified user to specified group\n");
+
+	net_common_flags_usage(argc, argv);
+	return -1;
+}
+
+
+static int rap_groupmember_add(int argc, const char **argv)
+{
+	struct cli_state *cli;
+	int ret;
+	if (argc != 2) {
+		d_printf("\n\nGroup or user name not specified\n");
+                return net_rap_groupmember_usage(argc, argv);
+	}
+
+	if (!(cli = net_make_ipc_connection(0)))
+                return -1;
+
+	ret = cli_NetGroupAddUser(cli, argv[0], argv[1]);
+	cli_shutdown(cli);
+	return ret;
+}
+
+static int rap_groupmember_delete(int argc, const char **argv)
+{
+	struct cli_state *cli;
+	int ret;
+	if (argc != 2) {
+		d_printf("\n\nGroup or user name not specified\n");
+                return net_rap_groupmember_usage(argc, argv);
+	}
+	
+	if (!(cli = net_make_ipc_connection(0)))
+                return -1;
+
+	ret = cli_NetGroupDelUser(cli, argv[0], argv[1]);
+	cli_shutdown(cli);
+	return ret;
+}
+
+static int rap_groupmember_list(int argc, const char **argv)
+{
+	struct cli_state *cli;
+	int ret;
+	if (argc == 0) {
+		d_printf("\n\nGroup name not specified\n");
+                return net_rap_groupmember_usage(argc, argv);
+	}
+
+	if (!(cli = net_make_ipc_connection(0)))
+                return -1;
+
+	ret = cli_NetGroupGetUsers(cli, argv[0], group_member_fn, NULL ); 
+	cli_shutdown(cli);
+	return ret;
+}
+
+int net_rap_groupmember(int argc, const char **argv)
+{
+	struct functable func[] = {
+		{"ADD", rap_groupmember_add},
+		{"LIST", rap_groupmember_list},
+		{"DELETE", rap_groupmember_delete},
+		{NULL, NULL}
+	};
+	
+	return net_run_function(argc, argv, func, net_rap_groupmember_usage);
+}
+
+int net_rap_validate_usage(int argc, const char **argv)
+{
+	d_printf("net rap validate <username> [password]\n"\
+		 "\tValidate user and password to check whether they"\
+		 " can access target server or domain\n");
+
+	net_common_flags_usage(argc, argv);
+	return -1;
+}
+
+int net_rap_validate(int argc, const char **argv)
+{
+	return errmsg_not_implemented();
+}
+
+int net_rap_service_usage(int argc, const char **argv)
+{
+	d_printf("net rap service [misc. options] [targets] \n"\
+		 "\tlists all running service daemons on target server\n");
+	d_printf("\nnet rap service START <name> [service startup arguments]"\
+		 " [misc. options] [targets]"\
+		 "\n\tStart named service on remote server\n");
+	d_printf("\nnet rap service STOP <name> [misc. options] [targets]\n"\
+		 "\n\tStop named service on remote server\n");
+    
+	net_common_flags_usage(argc, argv);
+	return -1;
+}
+
+static int rap_service_start(int argc, const char **argv)
+{
+	return errmsg_not_implemented();
+}
+
+static int rap_service_stop(int argc, const char **argv)
+{
+	return errmsg_not_implemented();
+}
+
+int net_rap_service(int argc, const char **argv)
+{
+	struct functable func[] = {
+		{"START", rap_service_start},
+		{"STOP", rap_service_stop},
+		{NULL, NULL}
+	};
+
+	if (argc == 0) {
+		struct cli_state *cli;
+		int ret;
+		if (!(cli = net_make_ipc_connection(0))) 
+			return -1;
+
+		if (opt_long_list_entries) {
+			d_printf("Service name          Comment\n");
+			d_printf("-----------------------------\n");
+			ret = cli_RNetServiceEnum(cli, long_group_fn, NULL);
+		}
+		ret = cli_RNetServiceEnum(cli, group_fn, NULL); 
+		cli_shutdown(cli);
+		return ret;
+	}
+
+	return net_run_function(argc, argv, func, net_rap_service_usage);
+}
+
+int net_rap_password_usage(int argc, const char **argv)
+{
+	d_printf(
+	 "net rap password <user> <oldpwo> <newpw> [misc. options] [target]\n"\
+	 "\tchanges the password for the specified user at target\n"); 
+	
+	return -1;
+}
+
+
+int net_rap_password(int argc, const char **argv)
+{
+	struct cli_state *cli;
+	int ret;
+	
+	if (argc < 3) 
+                return net_rap_password_usage(argc, argv);
+
+	if (!(cli = net_make_ipc_connection(0))) 
+                return -1;
+
+	/* BB Add check for password lengths? */
+	ret = cli_oem_change_password(cli, argv[0], argv[2], argv[1]);
+	cli_shutdown(cli);
+	return ret;
+}
+
+int net_rap_admin_usage(int argc, const char **argv)
+{
+	d_printf(
+   "net rap admin <remote command> [cmd args [env]] [misc. options] [targets]"\
+   "\n\texecutes a remote command on an os/2 target server\n"); 
+	
+	return -1;
+}
+
+
+int net_rap_admin(int argc, const char **argv)
+{
+	return errmsg_not_implemented();
+}
+
+/* The help subsystem for the RAP subcommand */
+
+int net_rap_usage(int argc, const char **argv)
+{
+	d_printf("  net rap domain \tto list domains \n"\
+		 "  net rap file \t\tto list open files on a server \n"\
+		 "  net rap group \tto list user groups  \n"\
+		 "  net rap groupmember \tto list users in a group \n"\
+		 "  net rap password \tto change the password of a user\n"\
+		 "  net rap printq \tto list the print queues on a server\n"\
+		 "  net rap server \tto list servers in a domain\n"\
+		 "  net rap session \tto list clients with open sessions to a server\n"\
+		 "  net rap share \tto list shares exported by a server\n"\
+		 "  net rap user \t\tto list users\n"\
+		 "  net rap validate \tto check whether a user and the corresponding password are valid\n"\
+		 "  net rap help\n"\
+		 "\nType \"net help <option>\" to get more information on that option\n\n");
+
+	net_common_flags_usage(argc, argv);
+	return -1;
+}
+
+/*
+  handle "net rap help *" subcommands
+*/
+int net_rap_help(int argc, const char **argv)
+{
+	struct functable func[] = {
+		{"FILE", net_rap_file_usage},
+		{"SHARE", net_rap_share_usage},
+		{"SESSION", net_rap_session_usage},
+		{"SERVER", net_rap_server_usage},
+		{"DOMAIN", net_rap_domain_usage},
+		{"PRINTQ", net_rap_printq_usage},
+		{"USER", net_rap_user_usage},
+		{"GROUP", net_rap_group_usage},
+		{"VALIDATE", net_rap_validate_usage},
+		{"GROUPMEMBER", net_rap_groupmember_usage},
+		{"ADMIN", net_rap_admin_usage},
+		{"SERVICE", net_rap_service_usage},
+		{"PASSWORD", net_rap_password_usage},
+		{NULL, NULL}};
+
+	return net_run_function(argc, argv, func, net_rap_usage);
+}
+
+/* Entry-point for all the RAP functions. */
+
+int net_rap(int argc, const char **argv)
+{
+	struct functable func[] = {
+		{"FILE", net_rap_file},
+		{"SHARE", net_rap_share},
+		{"SESSION", net_rap_session},
+		{"SERVER", net_rap_server},
+		{"DOMAIN", net_rap_domain},
+		{"PRINTQ", net_rap_printq},
+		{"USER", net_rap_user},
+		{"GROUP", net_rap_group},
+		{"VALIDATE", net_rap_validate},
+		{"GROUPMEMBER", net_rap_groupmember},
+		{"ADMIN", net_rap_admin},
+		{"SERVICE", net_rap_service},	
+		{"PASSWORD", net_rap_password},
+		{"HELP", net_rap_help},
+		{NULL, NULL}
+	};
+	
+	return net_run_function(argc, argv, func, net_rap_usage);
+}
+
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
new file mode 100644
index 0000000000..19e2c63ecc
--- /dev/null
+++ b/source3/utils/net_rpc.c
@@ -0,0 +1,1328 @@
+/* 
+   Samba Unix/Linux SMB client library 
+   Distributed SMB/CIFS Server Management Utility 
+   Copyright (C) 2001 Andrew Bartlett (abartlet@samba.org)
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.  */
+ 
+#include "includes.h"
+#include "../utils/net.h"
+
+extern pstring global_myname;
+
+/**
+ * @file net_rpc.c
+ *
+ * @brief RPC based subcommands for the 'net' utility.
+ *
+ * This file should contain much of the functionality that used to
+ * be found in rpcclient, execpt that the commands should change 
+ * less often, and the fucntionality should be sane (the user is not 
+ * expected to know a rid/sid before they conduct an operation etc.)
+ *
+ * @todo Perhaps eventually these should be split out into a number
+ * of files, as this could get quite big.
+ **/
+
+
+/* A function of this type is passed to the 'run_rpc_command' wrapper */
+typedef NTSTATUS (*rpc_command_fn)(const DOM_SID *, struct cli_state *, TALLOC_CTX *, int, const char **);
+
+/**
+ * Many of the RPC functions need the domain sid.  This function gets
+ *  it at the start of every run 
+ *
+ * @param cli A cli_state already connected to the remote machine
+ *
+ * @return The Domain SID of the remote machine.
+ **/
+
+static DOM_SID *net_get_remote_domain_sid(struct cli_state *cli)
+{
+	DOM_SID *domain_sid;
+	POLICY_HND pol;
+	NTSTATUS result = NT_STATUS_OK;
+	uint32 info_class = 5;
+	fstring domain_name;
+	TALLOC_CTX *mem_ctx;
+	
+	if (!(domain_sid = malloc(sizeof(DOM_SID)))){
+		DEBUG(0,("fetch_domain_sid: malloc returned NULL!\n"));
+		goto error;
+	}
+	    
+	if (!(mem_ctx=talloc_init()))
+	{
+		DEBUG(0,("fetch_domain_sid: talloc_init returned NULL!\n"));
+		goto error;
+	}
+
+
+	if (!cli_nt_session_open (cli, PIPE_LSARPC)) {
+		fprintf(stderr, "could not initialise lsa pipe\n");
+		goto error;
+	}
+	
+	result = cli_lsa_open_policy(cli, mem_ctx, True, 
+				     SEC_RIGHTS_MAXIMUM_ALLOWED,
+				     &pol);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto error;
+	}
+
+	result = cli_lsa_query_info_policy(cli, mem_ctx, &pol, info_class, 
+					   domain_name, domain_sid);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto error;
+	}
+
+	cli_lsa_close(cli, mem_ctx, &pol);
+	cli_nt_session_close(cli);
+	talloc_destroy(mem_ctx);
+
+	return domain_sid;
+
+ error:
+	fprintf(stderr, "could not obtain sid for domain %s\n", cli->domain);
+
+	if (!NT_STATUS_IS_OK(result)) {
+		fprintf(stderr, "error: %s\n", nt_errstr(result));
+	}
+
+	exit(1);
+}
+
+/**
+ * Run a single RPC command, from start to finish.
+ *
+ * @param pipe_name the pipe to connect to (usually a PIPE_ constant)
+ * @param conn_flag a NET_FLAG_ combination.  Passed to 
+ *                   net_make_ipc_connection.
+ * @param argc  Standard main() style argc
+ * @param argc  Standard main() style argv.  Initial components are already
+ *              stripped
+ * @return A shell status integer (0 for success)
+ */
+
+static int run_rpc_command(const char *pipe_name, int conn_flags,
+			   rpc_command_fn fn,
+			   int argc, const char **argv) 
+{
+	struct cli_state *cli = net_make_ipc_connection(conn_flags);
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS nt_status;
+	DOM_SID *domain_sid;
+
+	if (!cli) {
+		return -1;
+	}
+
+	domain_sid = net_get_remote_domain_sid(cli);
+
+	/* Create mem_ctx */
+	
+	if (!(mem_ctx = talloc_init())) {
+		DEBUG(0, ("talloc_init() failed\n"));
+		cli_shutdown(cli);
+		return -1;
+	}
+	
+	if (!cli_nt_session_open(cli, pipe_name)) {
+		DEBUG(0, ("Could not initialise samr pipe\n"));
+	}
+	
+	nt_status = fn(domain_sid, cli, mem_ctx, argc, argv);
+	
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		DEBUG(0, ("rpc command function failed! (%s)\n", nt_errstr(nt_status)));
+	} else {
+		DEBUG(5, ("rpc command function succedded\n"));
+	}
+		
+	    
+	if (cli->nt_pipe_fnum)
+		cli_nt_session_close(cli);
+	
+	talloc_destroy(mem_ctx);
+
+	return (!NT_STATUS_IS_OK(nt_status));
+}
+
+
+/****************************************************************************/
+
+
+/** 
+ * Force a change of the trust acccount password.
+ *
+ * All paramaters are provided by the run_rpc_command funcion, except for
+ * argc, argv which are passes through. 
+ *
+ * @param domain_sid The domain sid aquired from the remote server
+ * @param cli A cli_state connected to the server.
+ * @param mem_ctx Talloc context, destoyed on compleation of the function.
+ * @param argc  Standard main() style argc
+ * @param argc  Standard main() style argv.  Initial components are already
+ *              stripped
+ *
+ * @return Normal NTSTATUS return.
+ **/
+
+static NTSTATUS rpc_changetrustpw_internals(const DOM_SID *domain_sid, struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+				       int argc, const char **argv) {
+	
+	return trust_pw_find_change_and_store_it(cli, mem_ctx, opt_target_workgroup);
+}
+
+/** 
+ * Force a change of the trust acccount password.
+ *
+ * @param argc  Standard main() style argc
+ * @param argc  Standard main() style argv.  Initial components are already
+ *              stripped
+ *
+ * @return A shell status integer (0 for success)
+ **/
+
+static int rpc_changetrustpw(int argc, const char **argv) 
+{
+	return run_rpc_command(PIPE_NETLOGON, NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC, rpc_changetrustpw_internals,
+			       argc, argv);
+}
+
+
+/****************************************************************************/
+
+
+/** 
+ * Join a domain, the old way.
+ *
+ * This uses 'machinename' as the inital password, and changes it. 
+ *
+ * The password should be created with 'server manager' or eqiv first.
+ *
+ * All paramaters are provided by the run_rpc_command funcion, except for
+ * argc, argv which are passes through. 
+ *
+ * @param domain_sid The domain sid aquired from the remote server
+ * @param cli A cli_state connected to the server.
+ * @param mem_ctx Talloc context, destoyed on compleation of the function.
+ * @param argc  Standard main() style argc
+ * @param argc  Standard main() style argv.  Initial components are already
+ *              stripped
+ *
+ * @return Normal NTSTATUS return.
+ **/
+
+static NTSTATUS rpc_join_oldstyle_internals(const DOM_SID *domain_sid, struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+				       int argc, const char **argv) {
+	
+	extern pstring global_myname;
+	fstring trust_passwd;
+	unsigned char orig_trust_passwd_hash[16];
+
+	fstrcpy(trust_passwd, global_myname);
+	strlower(trust_passwd);
+	E_md4hash( (uchar *)trust_passwd, orig_trust_passwd_hash);
+
+	return trust_pw_change_and_store_it(cli, mem_ctx, orig_trust_passwd_hash);
+}
+
+/** 
+ * Join a domain, the old way.
+ *
+ * @param argc  Standard main() style argc
+ * @param argc  Standard main() style argv.  Initial components are already
+ *              stripped
+ *
+ * @return A shell status integer (0 for success)
+ **/
+
+static int net_rpc_join_oldstyle(int argc, const char **argv) 
+{
+	return run_rpc_command(PIPE_NETLOGON, NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC, rpc_join_oldstyle_internals,
+			       argc, argv);
+}
+
+/** 
+ * Basic usage function for 'net rpc join'
+ * @param argc  Standard main() style argc
+ * @param argc  Standard main() style argv.  Initial components are already
+ *              stripped
+ **/
+
+static int rpc_join_usage(int argc, const char **argv) 
+{	
+	d_printf("net rpc join -U <username>[%%password] [options]\n"\
+		 "\t to join a domain with admin username & password\n"\
+		 "\t\t password will be prompted if none is specified\n");
+	d_printf("net rpc join [options except -U]\n"\
+		 "\t to join a domain created in server manager\n\n\n");
+
+	net_common_flags_usage(argc, argv);
+	return -1;
+}
+
+/** 
+ * 'net rpc join' entrypoint.
+ * @param argc  Standard main() style argc
+ * @param argc  Standard main() style argv.  Initial components are already
+ *              stripped
+ *
+ * Main 'net_rpc_join()' (where the admain username/password is used) is 
+ * in net_rpc_join.c
+ * Assume if a -U is specified, it's the new style, otherwise it's the
+ * old style
+ **/
+
+int net_rpc_join(int argc, const char **argv) 
+{
+	if ((net_rpc_join_oldstyle(argc, argv) == 0))
+		return 0;
+	
+	return net_rpc_join_newstyle(argc, argv);
+}
+
+
+/****************************************************************************/
+
+/**
+ * Basic usage function for 'net rpc user'
+ * @param argc	Standard main() style argc.
+ * @param argv	Standard main() style argv.  Initial components are already
+ *		stripped.
+ **/
+
+static int rpc_user_usage(int argc, const char **argv)
+{
+	return net_help_user(argc, argv);
+}
+
+/** 
+ * Add a new user to a remote RPC server
+ *
+ * All paramaters are provided by the run_rpc_command funcion, except for
+ * argc, argv which are passes through. 
+ *
+ * @param domain_sid The domain sid acquired from the remote server
+ * @param cli A cli_state connected to the server.
+ * @param mem_ctx Talloc context, destoyed on completion of the function.
+ * @param argc  Standard main() style argc
+ * @param argv  Standard main() style argv.  Initial components are already
+ *              stripped
+ *
+ * @return Normal NTSTATUS return.
+ **/
+
+static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid, struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+				       int argc, const char **argv) {
+	
+	POLICY_HND connect_pol, domain_pol, user_pol;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	const char *acct_name;
+	uint16 acb_info;
+	uint32 unknown, user_rid;
+
+	if (argc != 1) {
+		d_printf("User must be specified\n");
+		rpc_user_usage(argc, argv);
+		return NT_STATUS_OK;
+	}
+
+	acct_name = argv[0];
+
+	/* Get sam policy handle */
+	
+	result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
+				  &connect_pol);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+	
+	/* Get domain policy handle */
+	
+	result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+				      MAXIMUM_ALLOWED_ACCESS,
+				      domain_sid, &domain_pol);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	/* Create domain user */
+
+	acb_info = ACB_NORMAL;
+	unknown = 0xe005000b; /* No idea what this is - a permission mask? */
+
+	result = cli_samr_create_dom_user(cli, mem_ctx, &domain_pol,
+					  acct_name, acb_info, unknown,
+					  &user_pol, &user_rid);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+ done:
+	if (!NT_STATUS_IS_OK(result)) {
+		d_printf("Failed to add user %s - %s\n", acct_name, 
+			 nt_errstr(result));
+	} else {
+		d_printf("Added user %s\n", acct_name);
+	}
+	return result;
+}
+
+/** 
+ * Add a new user to a remote RPC server
+ *
+ * @param argc  Standard main() style argc
+ * @param argv  Standard main() style argv.  Initial components are already
+ *              stripped
+ *
+ * @return A shell status integer (0 for success)
+ **/
+
+static int rpc_user_add(int argc, const char **argv) 
+{
+	return run_rpc_command(PIPE_SAMR, 0, rpc_user_add_internals,
+			       argc, argv);
+}
+
+/** 
+ * Delete a user from a remote RPC server
+ *
+ * All paramaters are provided by the run_rpc_command funcion, except for
+ * argc, argv which are passes through. 
+ *
+ * @param domain_sid The domain sid acquired from the remote server
+ * @param cli A cli_state connected to the server.
+ * @param mem_ctx Talloc context, destoyed on completion of the function.
+ * @param argc  Standard main() style argc
+ * @param argv  Standard main() style argv.  Initial components are already
+ *              stripped
+ *
+ * @return Normal NTSTATUS return.
+ **/
+
+static NTSTATUS rpc_user_del_internals(const DOM_SID *domain_sid, 
+				       struct cli_state *cli, 
+				       TALLOC_CTX *mem_ctx, 
+				       int argc, const char **argv)
+{
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	POLICY_HND connect_pol, domain_pol, user_pol;
+
+	if (argc < 1) {
+		d_printf("User must be specified\n");
+		rpc_user_usage(argc, argv);
+		return NT_STATUS_OK;
+	}
+	/* Get sam policy and domain handles */
+
+	result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
+				  &connect_pol);
+
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+				      MAXIMUM_ALLOWED_ACCESS,
+				      domain_sid, &domain_pol);
+
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	/* Get handle on user */
+
+	{
+		uint32 *user_rids, num_rids, *name_types;
+		uint32 flags = 0x000003e8; /* Unknown */
+
+		result = cli_samr_lookup_names(cli, mem_ctx, &domain_pol,
+					       flags, 1, (char **) &argv[0],
+					       &num_rids, &user_rids,
+					       &name_types);
+
+		if (!NT_STATUS_IS_OK(result)) {
+			goto done;
+		}
+
+		result = cli_samr_open_user(cli, mem_ctx, &domain_pol,
+					    MAXIMUM_ALLOWED_ACCESS,
+					    user_rids[0], &user_pol);
+
+		if (!NT_STATUS_IS_OK(result)) {
+			goto done;
+		}
+	}
+
+	/* Delete user */
+
+	result = cli_samr_delete_dom_user(cli, mem_ctx, &user_pol);
+
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	/* Display results */
+
+ done:
+	return result;
+
+}	
+
+/** 
+ * Delete a user from a remote RPC server
+ *
+ * @param argc  Standard main() style argc
+ * @param argv  Standard main() style argv.  Initial components are already
+ *              stripped
+ *
+ * @return A shell status integer (0 for success)
+ **/
+
+static int rpc_user_delete(int argc, const char **argv) 
+{
+	return run_rpc_command(PIPE_SAMR, 0, rpc_user_del_internals,
+			       argc, argv);
+}
+
+/** 
+ * List user's groups on a remote RPC server
+ *
+ * All paramaters are provided by the run_rpc_command funcion, except for
+ * argc, argv which are passes through. 
+ *
+ * @param domain_sid The domain sid acquired from the remote server
+ * @param cli A cli_state connected to the server.
+ * @param mem_ctx Talloc context, destoyed on completion of the function.
+ * @param argc  Standard main() style argc
+ * @param argv  Standard main() style argv.  Initial components are already
+ *              stripped
+ *
+ * @return Normal NTSTATUS return.
+ **/
+
+static NTSTATUS 
+rpc_user_info_internals(const DOM_SID *domain_sid, struct cli_state *cli,
+			TALLOC_CTX *mem_ctx, int argc, const char **argv)
+{
+	POLICY_HND connect_pol, domain_pol, user_pol;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	uint32 *rids, num_rids, *name_types, num_names;
+	uint32 flags = 0x000003e8; /* Unknown */
+	int i;
+	char **names;
+	DOM_GID *user_gids;
+
+	if (argc < 1) {
+		d_printf("User must be specified\n");
+		rpc_user_usage(argc, argv);
+		return NT_STATUS_OK;
+	}
+	/* Get sam policy handle */
+	
+	result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
+				  &connect_pol);
+	if (!NT_STATUS_IS_OK(result)) goto done;
+	
+	/* Get domain policy handle */
+	
+	result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+				      MAXIMUM_ALLOWED_ACCESS,
+				      domain_sid, &domain_pol);
+	if (!NT_STATUS_IS_OK(result)) goto done;
+
+	/* Get handle on user */
+
+	result = cli_samr_lookup_names(cli, mem_ctx, &domain_pol,
+				       flags, 1, (char **) &argv[0],
+				       &num_rids, &rids, &name_types);
+
+	if (!NT_STATUS_IS_OK(result)) goto done;
+
+	result = cli_samr_open_user(cli, mem_ctx, &domain_pol,
+				    MAXIMUM_ALLOWED_ACCESS,
+				    rids[0], &user_pol);
+	if (!NT_STATUS_IS_OK(result)) goto done;
+
+	result = cli_samr_query_usergroups(cli, mem_ctx, &user_pol,
+					   &num_rids, &user_gids);
+
+	/* Look up rids */
+
+	rids = (uint32 *)talloc(mem_ctx, sizeof(uint32) * num_rids);
+
+	for (i = 0; i < num_rids; i++)
+                rids[i] = user_gids[i].g_rid;
+
+	result = cli_samr_lookup_rids(cli, mem_ctx, &domain_pol,
+				      flags, num_rids, rids,
+				      &num_names, &names, &name_types);
+
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	/* Display results */
+
+	for (i = 0; i < num_names; i++)
+		printf("%s\n", names[i]);
+
+ done:
+	return result;
+}
+
+/** 
+ * List a user's groups from a remote RPC server
+ *
+ * @param argc  Standard main() style argc
+ * @param argv  Standard main() style argv.  Initial components are already
+ *              stripped
+ *
+ * @return A shell status integer (0 for success)
+ **/
+
+static int rpc_user_info(int argc, const char **argv) 
+{
+	return run_rpc_command(PIPE_SAMR, 0, rpc_user_info_internals,
+			       argc, argv);
+}
+
+/** 
+ * List users on a remote RPC server
+ *
+ * All paramaters are provided by the run_rpc_command funcion, except for
+ * argc, argv which are passes through. 
+ *
+ * @param domain_sid The domain sid acquired from the remote server
+ * @param cli A cli_state connected to the server.
+ * @param mem_ctx Talloc context, destoyed on completion of the function.
+ * @param argc  Standard main() style argc
+ * @param argv  Standard main() style argv.  Initial components are already
+ *              stripped
+ *
+ * @return Normal NTSTATUS return.
+ **/
+
+static NTSTATUS 
+rpc_user_list_internals(const DOM_SID *domain_sid, struct cli_state *cli,
+			TALLOC_CTX *mem_ctx, int argc, const char **argv)
+{
+	POLICY_HND connect_pol, domain_pol;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	uint32 start_idx=0, max_entries=250, num_entries, i;
+	SAM_DISPINFO_CTR ctr;
+	SAM_DISPINFO_1 info1;
+
+	/* Get sam policy handle */
+	
+	result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
+				  &connect_pol);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+	
+	/* Get domain policy handle */
+	
+	result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+				      MAXIMUM_ALLOWED_ACCESS,
+				      domain_sid, &domain_pol);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	/* Query domain users */
+	ZERO_STRUCT(ctr);
+	ZERO_STRUCT(info1);
+	ctr.sam.info1 = &info1;
+	if (opt_long_list_entries)
+		d_printf("\nUser name             Comment"\
+			 "\n-----------------------------\n");
+	do {
+		fstring user, desc;
+		result = cli_samr_query_dispinfo(cli, mem_ctx, &domain_pol,
+						 &start_idx, 1, &num_entries,
+						 max_entries, &ctr);
+		for (i = 0; i < num_entries; i++) {
+			unistr2_to_ascii(user, &(&ctr.sam.info1->str[i])->uni_acct_name, sizeof(user)-1);
+			if (opt_long_list_entries) 
+				unistr2_to_ascii(desc, &(&ctr.sam.info1->str[i])->uni_acct_desc, sizeof(desc)-1);
+			
+			if (opt_long_list_entries)
+				printf("%-21.21s %-50.50s\n", user, desc);
+			else
+				printf("%-21.21s\n", user);
+		}
+	} while (!NT_STATUS_IS_OK(result));
+
+ done:
+	return result;
+}
+
+/** 
+ * 'net rpc user' entrypoint.
+ * @param argc  Standard main() style argc
+ * @param argc  Standard main() style argv.  Initial components are already
+ *              stripped
+ **/
+
+int net_rpc_user(int argc, const char **argv) 
+{
+	struct functable func[] = {
+		{"add", rpc_user_add},
+		{"info", rpc_user_info},
+		{"delete", rpc_user_delete},
+		{NULL, NULL}
+	};
+	
+	if (argc == 0) {
+		if (opt_long_list_entries) {
+		} else {
+		}
+			return run_rpc_command(PIPE_SAMR, 0, 
+					       rpc_user_list_internals,
+					       argc, argv);
+	}
+
+	return net_run_function(argc, argv, func, rpc_user_usage);
+}
+
+
+/****************************************************************************/
+
+
+
+/** 
+ * ABORT the shutdown of a remote RPC Server
+ *
+ * All paramaters are provided by the run_rpc_command funcion, except for
+ * argc, argv which are passed through. 
+ *
+ * @param domain_sid The domain sid aquired from the remote server
+ * @param cli A cli_state connected to the server.
+ * @param mem_ctx Talloc context, destoyed on compleation of the function.
+ * @param argc  Standard main() style argc
+ * @param argc  Standard main() style argv.  Initial components are already
+ *              stripped
+ *
+ * @return Normal NTSTATUS return.
+ **/
+
+static NTSTATUS rpc_shutdown_abort_internals(const DOM_SID *domain_sid, struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+					     int argc, const char **argv) 
+{
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	
+	result = cli_reg_abort_shutdown(cli, mem_ctx);
+	
+	if (NT_STATUS_IS_OK(result))
+		DEBUG(5,("cmd_reg_abort_shutdown: query succeeded\n"));
+	else
+		DEBUG(5,("cmd_reg_abort_shutdown: query failed\n"));
+	
+	return result;
+}
+
+
+/** 
+ * ABORT the Shut down of a remote RPC server
+ *
+ * @param argc  Standard main() style argc
+ * @param argc  Standard main() style argv.  Initial components are already
+ *              stripped
+ *
+ * @return A shell status integer (0 for success)
+ **/
+
+static int rpc_shutdown_abort(int argc, const char **argv) 
+{
+	return run_rpc_command(PIPE_WINREG, 0, rpc_shutdown_abort_internals,
+			       argc, argv);
+}
+
+/** 
+ * Shut down a remote RPC Server
+ *
+ * All paramaters are provided by the run_rpc_command funcion, except for
+ * argc, argv which are passes through. 
+ *
+ * @param domain_sid The domain sid aquired from the remote server
+ * @param cli A cli_state connected to the server.
+ * @param mem_ctx Talloc context, destoyed on compleation of the function.
+ * @param argc  Standard main() style argc
+ * @param argc  Standard main() style argv.  Initial components are already
+ *              stripped
+ *
+ * @return Normal NTSTATUS return.
+ **/
+
+static NTSTATUS rpc_shutdown_internals(const DOM_SID *domain_sid, struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+				       int argc, const char **argv) 
+{
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+        char *msg = "This machine will be shutdown shortly";
+	uint32 timeout = 20;
+	uint16 flgs = 0;
+	BOOL reboot = opt_reboot;
+	BOOL force = opt_force;
+#if 0
+	poptContext pc;
+	int rc;
+
+	struct poptOption long_options[] = {
+		{"message",    'm', POPT_ARG_STRING, &msg},
+		{"timeout",    't', POPT_ARG_INT,    &timeout},
+		{"reboot",     'r', POPT_ARG_NONE,   &reboot},
+		{"force",      'f', POPT_ARG_NONE,   &force},
+		{ 0, 0, 0, 0}
+	};
+
+	pc = poptGetContext(NULL, argc, (const char **) argv, long_options, 
+			    POPT_CONTEXT_KEEP_FIRST);
+
+	rc = poptGetNextOpt(pc);
+	
+	if (rc < -1) {
+		/* an error occurred during option processing */
+		DEBUG(0, ("%s: %s\n",
+			  poptBadOption(pc, POPT_BADOPTION_NOALIAS),
+			  poptStrerror(rc)));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+#endif
+	if (reboot) {
+		flgs |= REG_REBOOT_ON_SHUTDOWN;
+	}
+	if (force) {
+		flgs |= REG_FORCE_SHUTDOWN;
+	}
+	if (opt_comment) {
+		msg = opt_comment;
+	}
+	if (opt_timeout) {
+		timeout = opt_timeout;
+	}
+
+	/* create an entry */
+	result = cli_reg_shutdown(cli, mem_ctx, msg, timeout, flgs);
+
+	if (NT_STATUS_IS_OK(result))
+		DEBUG(5,("Shutdown of remote machine succeeded\n"));
+	else
+		DEBUG(0,("Shutdown of remote machine failed!\n"));
+
+	return result;
+}
+
+/** 
+ * Shut down a remote RPC server
+ *
+ * @param argc  Standard main() style argc
+ * @param argc  Standard main() style argv.  Initial components are already
+ *              stripped
+ *
+ * @return A shell status integer (0 for success)
+ **/
+
+static int rpc_shutdown(int argc, const char **argv) 
+{
+	return run_rpc_command(PIPE_WINREG, 0, rpc_shutdown_internals,
+				       argc, argv);
+}
+
+/***************************************************************************
+  NT Domain trusts code (i.e. 'net rpc trustdom' functionality)
+  
+ ***************************************************************************/
+
+/**
+ * Add interdomain trust account to the RPC server.
+ * All parameters (except for argc and argv) are passed by run_rpc_command
+ * function.
+ *
+ * @param domain_sid The domain sid acquired from the server
+ * @param cli A cli_state connected to the server.
+ * @param mem_ctx Talloc context, destoyed on completion of the function.
+ * @param argc  Standard main() style argc
+ * @param argc  Standard main() style argv.  Initial components are already
+ *              stripped
+ *
+ * @return normal NTSTATUS return code
+ */
+
+static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid, struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+				       int argc, const char **argv) {
+
+	POLICY_HND connect_pol, domain_pol, user_pol;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	char *acct_name;
+	uint16 acb_info;
+	uint32 unknown, user_rid;
+
+	if (argc != 1) {
+		d_printf("Usage: net rpc trustdom add <domain_name>\n");
+		return NT_STATUS_OK;
+	}
+
+	/* 
+	 * Make valid trusting domain account (ie. uppercased and with '$' appended)
+	 */
+	 
+	if (asprintf(&acct_name, "%s$", argv[0]) < 0) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	strupper(acct_name);
+
+	/* Get sam policy handle */
+	
+	result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
+				  &connect_pol);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+	
+	/* Get domain policy handle */
+	
+	result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+				      MAXIMUM_ALLOWED_ACCESS,
+				      domain_sid, &domain_pol);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	/* Create trusting domain's account */
+
+	acb_info = ACB_DOMTRUST;
+	unknown = 0xe005000b; /* No idea what this is - a permission mask? 
+				 Is it needed for interdomain account also ? */
+
+	result = cli_samr_create_dom_user(cli, mem_ctx, &domain_pol,
+					  acct_name, acb_info, unknown,
+					  &user_pol, &user_rid);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+ done:
+	SAFE_FREE(acct_name);
+	return result;
+}
+
+/**
+ * Create interdomain trust account for a remote domain.
+ *
+ * @param argc standard argc
+ * @param argv standard argv without initial components
+ *
+ * @return Integer status (0 means success)
+ **/
+
+static int rpc_trustdom_add(int argc, const char **argv)
+{
+	return run_rpc_command(PIPE_SAMR, 0, rpc_trustdom_add_internals,
+			       argc, argv);
+}
+
+
+/**
+ * Delete interdomain trust account for a remote domain.
+ *
+ * @param argc standard argc
+ * @param argv standard argv without initial components
+ *
+ * @return Integer status (0 means success)
+ **/
+ 
+static int rpc_trustdom_del(int argc, const char **argv)
+{
+	d_printf("Sorry, not yet implemented.\n");
+	return -1;
+}
+
+ 
+/**
+ * Establish trust relationship to a trusting domain.
+ * Interdomain account must already be created on remote PDC.
+ *
+ * @param argc standard argc
+ * @param argv standard argv without initial components
+ *
+ * @return Integer status (0 means success)
+ **/
+
+extern char *opt_user_name;
+extern char *opt_password;
+
+static int rpc_trustdom_establish(int argc, const char **argv) {
+
+	struct cli_state *cli;
+	struct in_addr server_ip;
+	POLICY_HND connect_hnd;
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS nt_status;
+	DOM_SID domain_sid;
+	WKS_INFO_100 wks_info;
+	
+	char* domain_name;
+	char* acct_name;
+	fstring pdc_name;
+
+	/*
+	 * Connect to \\server\ipc$ as 'our domain' account with password
+	 */
+
+	domain_name = smb_xstrdup(argv[0]);
+	strupper(domain_name);
+	
+	asprintf(&acct_name, "%s$", lp_workgroup());
+	strupper(acct_name);
+	
+	opt_user_name = (char*)malloc(strlen(acct_name) + 1);
+	safe_strcpy(opt_user_name, acct_name, strlen(acct_name) + 1);
+
+	/* find the domain controller */
+	if (!net_find_dc(&server_ip, pdc_name, domain_name)) {
+		DEBUG(0, ("Coulnd find domain controller for domain %s\n", domain_name));
+		return -1;
+	}
+
+	/* connect to ipc$ as username/password */
+	nt_status = connect_to_ipc(&cli, &server_ip, pdc_name);
+	if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT)) {
+
+		/* Is it trusting domain account for sure ? */
+		DEBUG(0, ("Couldn't verify trusting domain account. Error was %s\n",
+			nt_errstr(nt_status)));
+		return -1;
+	}
+	
+	/*
+	 * Connect to \\server\ipc$ again (this time anonymously)
+	 */
+	
+	nt_status = connect_to_ipc_anonymous(&cli, &server_ip, (char*)pdc_name);
+	
+	if (NT_STATUS_IS_ERR(nt_status)) {
+		DEBUG(0, ("Couldn't connect to domain %s controller. Error was %s.\n",
+			domain_name, nt_errstr(nt_status)));
+	}
+
+	/*
+	 * Use NetServerEnum2 to make sure we're talking to a proper server
+	 */
+	 
+	if (!cli_get_pdc_name(cli, domain_name, (char*)pdc_name)) {
+		DEBUG(0, ("NetServerEnum2 error: Couldn't find primary domain controller\
+			 for domain %s\n", domain_name));
+	}
+	 
+	/*
+	 * Call WksQueryInfo to check remote server's capabilities
+	 * FIXME:Is really necessary ? nt serv does this, but from samba's
+	 *       point of view it doesn't seem to make the difference
+	 * IDEA: It may be used to get info about type of pdc we're talking to
+	 *       (e.g. WinNT or Win2k)
+	 */
+	
+	if (!cli_nt_session_open(cli, PIPE_WKSSVC)) {
+		DEBUG(0, ("Couldn't not initialise wkssvc pipe\n"));
+		return -1;
+	}
+
+	/* TODO: convert this call from rpc_client/cli_wkssvc.c
+	   to cli_wks_query_info() in libsmb/cli_wkssvc.c
+	   UPDATE: already done :)
+	*/
+
+	if (!(mem_ctx = talloc_init())) {
+		DEBUG(0, ("talloc_init() failed\n"));
+		cli_shutdown(cli);
+		return -1;
+	}
+	
+   	nt_status = cli_wks_query_info(cli, mem_ctx, &wks_info);
+	
+	if (NT_STATUS_IS_ERR(nt_status)) {
+		DEBUG(0, ("WksQueryInfo call failed.\n"));
+		return -1;
+	}
+
+	if (cli->nt_pipe_fnum) {
+		cli_nt_session_close(cli);
+		talloc_destroy(mem_ctx);
+	}
+
+
+	/*
+	 * Call LsaOpenPolicy and LsaQueryInfo
+	 */
+	 
+	if (!(mem_ctx = talloc_init())) {
+		DEBUG(0, ("talloc_init() failed\n"));
+		cli_shutdown(cli);
+		return -1;
+	}
+
+	if (!cli_nt_session_open(cli, PIPE_LSARPC)) {
+		DEBUG(0, ("Could not initialise lsa pipe\n"));
+	}
+
+	nt_status = cli_lsa_open_policy2(cli, mem_ctx, True, SEC_RIGHTS_QUERY_VALUE,
+					&connect_hnd);
+	if (NT_STATUS_IS_ERR(nt_status)) {
+		DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
+			nt_errstr(nt_status)));
+		return -1;
+	}
+
+	/* Querying info level 5 */
+	
+	nt_status = cli_lsa_query_info_policy(cli, mem_ctx, &connect_hnd,
+					5 /* info level */, domain_name, &domain_sid);
+	if (NT_STATUS_IS_ERR(nt_status)) {
+		DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
+			nt_errstr(nt_status)));
+		return -1;
+	}
+
+
+	/* There should be actually query info level 3 (following nt serv behaviour),
+	   but I still don't know if it's _really_ necessary */
+			
+	/*
+	 * Close the pipes and clean up
+	 */
+	 
+	nt_status = cli_lsa_close(cli, mem_ctx, &connect_hnd);
+	if (NT_STATUS_IS_ERR(nt_status)) {
+		DEBUG(0, ("Couldn't close LSA pipe. Error was %s\n",
+			nt_errstr(nt_status)));
+		return -1;
+	}
+
+	if (cli->nt_pipe_fnum)
+		cli_nt_session_close(cli);
+
+	talloc_destroy(mem_ctx);
+	 
+	 
+	/*
+	 * Store the password in secrets db
+	 */
+
+	if (!secrets_store_trusted_domain_password(domain_name, opt_password,
+						   domain_sid)) {
+		DEBUG(0, ("Storing password for trusted domain failed.\n"));
+		return -1;
+	}
+	
+	DEBUG(0, ("Success!\n"));
+	return 0;
+}
+
+/**
+ * Revoke trust relationship to the remote domain
+ *
+ * @param argc standard argc
+ * @param argv standard argv without initial components
+ *
+ * @return Integer status (0 means success)
+ **/
+
+static int rpc_trustdom_revoke(int argc, const char **argv) {
+
+	char* domain_name;
+
+	if (argc < 1) return -1;
+	
+	/* generate upper cased domain name */
+	domain_name = smb_xstrdup(argv[0]);
+	strupper(domain_name);
+
+	/* delete password of the trust */
+	if (!trusted_domain_password_delete(domain_name)) {
+		DEBUG(0, ("Failed to revoke relationship to the trusted domain %s\n",
+			  domain_name));
+		return -1;
+	};
+	
+	return 0;
+}
+
+/**
+ * Usage for 'net rpc trustdom' command
+ *
+ * @param argc standard argc
+ * @param argv standard argv without inital components
+ *
+ * @return Integer status returned to shell
+ **/
+ 
+static int rpc_trustdom_usage(int argc, const char **argv) {
+	d_printf("  net rpc trustdom add \t\t add trusting domain's account\n");
+	d_printf("  net rpc trustdom del \t\t delete trusting domain's account\n");
+	d_printf("  net rpc trustdom establish \t establish relationship to trusted domain\n");
+	d_printf("  net rpc trustdom revoke \t abandon relationship to trusted domain\n");
+	d_printf("  net rpc trustdom list \t show current interdomain trust relationships\n");
+	return -1;
+}
+
+
+/**
+ * Entrypoint for 'net rpc trustdom' code
+ *
+ * @param argc standard argc
+ * @param argv standard argv without initial components
+ *
+ * @return Integer status (0 means success)
+ */
+
+static int rpc_trustdom(int argc, const char **argv)
+{
+	struct functable func[] = {
+		{"add", rpc_trustdom_add},
+		{"del", rpc_trustdom_del},
+		{"establish", rpc_trustdom_establish},
+		{"revoke", rpc_trustdom_revoke},
+		{"help", rpc_trustdom_usage},
+		{NULL, NULL}
+	};
+
+	if (argc == 0) {
+		rpc_trustdom_usage(argc, argv);
+		return -1;
+	}
+
+	return (net_run_function(argc, argv, func, rpc_user_usage));
+}
+
+/**
+ * Check if a server will take rpc commands
+ * @param flags	Type of server to connect to (PDC, DMB, localhost)
+ *		if the host is not explicitly specified
+ * @return  BOOL (true means rpc supported)
+ */
+BOOL net_rpc_check(unsigned flags)
+{
+	struct cli_state cli;
+	BOOL ret = False;
+	struct in_addr server_ip;
+	char *server_name = NULL;
+
+	/* flags (i.e. server type) may depend on command */
+	if (!net_find_server(flags, &server_ip, &server_name))
+		goto done;
+
+	ZERO_STRUCT(cli);
+	if (cli_initialise(&cli) == False)
+		return False;
+
+	if (!cli_connect(&cli, server_name, &server_ip))
+		goto done;
+	if (!attempt_netbios_session_request(&cli, global_myname, 
+					     server_name, &server_ip))
+		goto done;
+	if (!cli_negprot(&cli))
+		goto done;
+	if (cli.protocol < PROTOCOL_NT1)
+		goto done;
+
+	ret = True;
+ done:
+	cli_shutdown(&cli);
+	return ret;
+}
+
+
+/****************************************************************************/
+
+
+/** 
+ * Basic usage function for 'net rpc'
+ * @param argc  Standard main() style argc
+ * @param argv  Standard main() style argv.  Initial components are already
+ *              stripped
+ **/
+
+int net_rpc_usage(int argc, const char **argv) 
+{
+	d_printf("  net rpc join \t\t\tto join a domain \n");
+	d_printf("  net rpc user \t\t\tto add, delete and list users\n");
+	d_printf("  net rpc changetrustpw \tto change the trust account password\n");
+	d_printf("  net rpc trustdom \t\tto create trusting domain's account or establish trust\n");
+	d_printf("  net rpc abortshutdown \tto to abort the shutdown of a remote server\n");
+	d_printf("  net rpc shutdown \t\tto to shutdown a remote server\n");
+	d_printf("\n");
+	d_printf("'net rpc shutdown' also accepts the following miscellaneous options:\n"); /* misc options */
+	d_printf("\t-r or --reboot\trequest remote server reboot on shutdown\n");
+	d_printf("\t-f or --force\trequest the remote server force its shutdown\n");
+	d_printf("\t-t or --timeout=<timeout>\tnumber of seconds before shutdown\n");
+	d_printf("\t-c or --comment=<message>\ttext message to display on impending shutdown\n");
+	return -1;
+}
+
+
+/**
+ * Help function for 'net rpc'.  Calls command specific help if requested
+ * or displays usage of net rpc
+ * @param argc  Standard main() style argc
+ * @param argv  Standard main() style argv.  Initial components are already
+ *              stripped
+ **/
+
+int net_rpc_help(int argc, const char **argv)
+{
+	struct functable func[] = {
+		{"join", rpc_join_usage},
+		{"user", net_help_user},
+		/*{"changetrustpw", rpc_changetrustpw_usage}, */
+		{"trustdom", rpc_trustdom_usage},
+		/*{"abortshutdown", rpc_shutdown_abort_usage},*/
+		/*{"shutdown", rpc_shutdown_usage}, */
+		{NULL, NULL}
+	};
+
+	if (argc == 0) {
+		net_rpc_usage(argc, argv);
+		return -1;
+	}
+
+	return (net_run_function(argc, argv, func, rpc_user_usage));
+}
+
+
+/** 
+ * 'net rpc' entrypoint.
+ * @param argc  Standard main() style argc
+ * @param argv  Standard main() style argv.  Initial components are already
+ *              stripped
+ **/
+
+int net_rpc(int argc, const char **argv)
+{
+	struct functable func[] = {
+		{"join", net_rpc_join},
+		{"user", net_rpc_user},
+		{"changetrustpw", rpc_changetrustpw},
+		{"trustdom", rpc_trustdom},
+		{"abortshutdown", rpc_shutdown_abort},
+		{"shutdown", rpc_shutdown},
+		{"help", net_rpc_help},
+		{NULL, NULL}
+	};
+	return net_run_function(argc, argv, func, net_rpc_usage);
+}
diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c
new file mode 100644
index 0000000000..c4558ea10b
--- /dev/null
+++ b/source3/utils/net_rpc_join.c
@@ -0,0 +1,303 @@
+/* 
+   Samba Unix/Linux SMB client library 
+   Distributed SMB/CIFS Server Management Utility 
+   Copyright (C) 2001 Andrew Bartlett (abartlet@samba.org)
+   Copyright (C) Tim Potter     2001
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.  */
+ 
+#include "includes.h"
+#include "../utils/net.h"
+
+/* Macro for checking RPC error codes to make things more readable */
+
+#define CHECK_RPC_ERR(rpc, msg) \
+        if (!NT_STATUS_IS_OK(result = rpc)) { \
+                DEBUG(0, (msg ": %s\n", nt_errstr(result))); \
+                goto done; \
+        }
+
+#define CHECK_RPC_ERR_DEBUG(rpc, debug_args) \
+        if (!NT_STATUS_IS_OK(result = rpc)) { \
+                DEBUG(0, debug_args); \
+                goto done; \
+        }
+
+/**
+ * Join a domain using the administrator username and password
+ *
+ * @param argc  Standard main() style argc
+ * @param argc  Standard main() style argv.  Initial components are already
+ *              stripped.  Currently not used.
+ * @return A shell status integer (0 for success)
+ *
+ **/
+
+int net_rpc_join_newstyle(int argc, const char **argv) 
+{
+
+	extern pstring global_myname;
+
+	/* libsmb variables */
+
+	struct cli_state *cli;
+	fstring acct_name;
+	TALLOC_CTX *mem_ctx;
+        uint32 acb_info;
+
+	/* rpc variables */
+
+	POLICY_HND lsa_pol, sam_pol, domain_pol, user_pol;
+	DOM_SID domain_sid;
+	uint32 user_rid;
+
+	/* Password stuff */
+
+	char *clear_trust_password = NULL;
+	fstring ucs2_trust_password;
+	int ucs2_pw_len;
+	uchar stored_md4_trust_password[16];
+	uchar pwbuf[516], sess_key[16];
+	SAM_USERINFO_CTR ctr;
+	SAM_USER_INFO_24 p24;
+	SAM_USER_INFO_10 p10;
+
+	/* Misc */
+
+	NTSTATUS result;
+	int retval = 1;
+	fstring domain;
+	uint32 num_rids, *name_types, *user_rids;
+	uint32 flags = 0x3e8;
+	char *names;
+	
+	/* Connect to remote machine */
+
+	if (!(cli = net_make_ipc_connection(NET_FLAGS_PDC))) 
+		return 1;
+
+	if (!(mem_ctx = talloc_init())) {
+		DEBUG(0, ("Could not initialise talloc context\n"));
+		goto done;
+	}
+
+	/* Fetch domain sid */
+
+	if (!cli_nt_session_open(cli, PIPE_LSARPC)) {
+		DEBUG(0, ("Error connecting to SAM pipe\n"));
+		goto done;
+	}
+
+
+	CHECK_RPC_ERR(cli_lsa_open_policy(cli, mem_ctx, True,
+					  SEC_RIGHTS_MAXIMUM_ALLOWED,
+					  &lsa_pol),
+		      "error opening lsa policy handle");
+
+	CHECK_RPC_ERR(cli_lsa_query_info_policy(cli, mem_ctx, &lsa_pol,
+						5, domain, &domain_sid),
+		      "error querying info policy");
+
+	cli_lsa_close(cli, mem_ctx, &lsa_pol);
+
+	cli_nt_session_close(cli); /* Done with this pipe */
+
+	/* Create domain user */
+	if (!cli_nt_session_open(cli, PIPE_SAMR)) {
+		DEBUG(0, ("Error connecting to SAM pipe\n"));
+		goto done;
+	}
+
+	CHECK_RPC_ERR(cli_samr_connect(cli, mem_ctx, 
+				       SEC_RIGHTS_MAXIMUM_ALLOWED,
+				       &sam_pol),
+		      "could not connect to SAM database");
+
+	
+	CHECK_RPC_ERR(cli_samr_open_domain(cli, mem_ctx, &sam_pol,
+					   SEC_RIGHTS_MAXIMUM_ALLOWED,
+					   &domain_sid, &domain_pol),
+		      "could not open domain");
+
+	/* Create domain user */
+	fstrcpy(acct_name, global_myname);
+	fstrcat(acct_name, "$");
+	strlower(acct_name);
+
+        acb_info = ((lp_server_role() == ROLE_DOMAIN_BDC) || lp_server_role() == ROLE_DOMAIN_PDC) ? ACB_SVRTRUST : ACB_WSTRUST;
+
+	result = cli_samr_create_dom_user(cli, mem_ctx, &domain_pol,
+					  acct_name, acb_info,
+					  0xe005000b, &user_pol, 
+					  &user_rid);
+
+	if (!NT_STATUS_IS_OK(result) && 
+	    !NT_STATUS_EQUAL(result, NT_STATUS_USER_EXISTS)) {
+		d_printf("Create of workstation account failed\n");
+
+		/* If NT_STATUS_ACCESS_DENIED then we have a valid
+		   username/password combo but the user does not have
+		   administrator access. */
+
+		if (NT_STATUS_V(result) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED))
+			d_printf("User specified does not have administrator privileges\n");
+
+		goto done;
+	}
+
+	/* We *must* do this.... don't ask... */
+
+	if (NT_STATUS_IS_OK(result))
+		cli_samr_close(cli, mem_ctx, &user_pol);
+
+	names = (char *)&acct_name[0];
+
+	CHECK_RPC_ERR_DEBUG(cli_samr_lookup_names(cli, mem_ctx,
+						  &domain_pol, flags,
+						  1, &names, &num_rids,
+						  &user_rids, &name_types),
+			    ("error looking up rid for user %s: %s\n",
+			     acct_name, nt_errstr(result)));
+
+	if (name_types[0] != SID_NAME_USER) {
+		DEBUG(0, ("%s is not a user account\n", acct_name));
+		goto done;
+	}
+
+	user_rid = user_rids[0];
+		
+	/* Open handle on user */
+
+	CHECK_RPC_ERR_DEBUG(
+		cli_samr_open_user(cli, mem_ctx, &domain_pol,
+				   SEC_RIGHTS_MAXIMUM_ALLOWED,
+				   user_rid, &user_pol),
+		("could not re-open existing user %s: %s\n",
+		 acct_name, nt_errstr(result)));
+	
+	/* Create a random machine account password */
+
+	{ 
+		char *str;
+		str = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH);
+		clear_trust_password = strdup(str);
+	}
+
+	ucs2_pw_len = push_ucs2(NULL, ucs2_trust_password, 
+				clear_trust_password, 
+				sizeof(ucs2_trust_password), 0);
+		  
+	encode_pw_buffer((char *)pwbuf, ucs2_trust_password,
+			 ucs2_pw_len);
+
+	/* Set password on machine account */
+
+	ZERO_STRUCT(ctr);
+	ZERO_STRUCT(p24);
+
+	init_sam_user_info24(&p24, (char *)pwbuf,24);
+
+	ctr.switch_value = 24;
+	ctr.info.id24 = &p24;
+
+	/* I don't think this is quite the right place for this
+	   calculation.  It should be moved somewhere where the credentials
+	   are calculated. )-: */
+
+	mdfour(sess_key, cli->pwd.smb_nt_pwd, 16);
+
+	CHECK_RPC_ERR(cli_samr_set_userinfo(cli, mem_ctx, &user_pol, 24, 
+					    sess_key, &ctr),
+		      "error setting trust account password");
+
+	/* Why do we have to try to (re-)set the ACB to be the same as what
+	   we passed in the samr_create_dom_user() call?  When a NT
+	   workstation is joined to a domain by an administrator the
+	   acb_info is set to 0x80.  For a normal user with "Add
+	   workstations to the domain" rights the acb_info is 0x84.  I'm
+	   not sure whether it is supposed to make a difference or not.  NT
+	   seems to cope with either value so don't bomb out if the set
+	   userinfo2 level 0x10 fails.  -tpot */
+
+	ZERO_STRUCT(ctr);
+	ctr.switch_value = 0x10;
+	ctr.info.id10 = &p10;
+
+	init_sam_user_info10(&p10, acb_info);
+
+	/* Ignoring the return value is necessary for joining a domain
+	   as a normal user with "Add workstation to domain" privilege. */
+
+	result = cli_samr_set_userinfo2(cli, mem_ctx, &user_pol, 0x10, 
+					sess_key, &ctr);
+
+	/* Now store the secret in the secrets database */
+
+	strupper(domain);
+
+	if (!secrets_store_domain_sid(domain, &domain_sid)) {
+		DEBUG(0, ("error storing domain sid for %s\n", domain));
+		goto done;
+	}
+
+	if (!secrets_store_machine_password(clear_trust_password)) {
+		DEBUG(0, ("error storing plaintext domain secrets for %s\n", domain));
+	}
+
+	/* Now check the whole process from top-to-bottom */
+
+	cli_samr_close(cli, mem_ctx, &user_pol);
+
+	cli_nt_session_close(cli); /* Done with this pipe */
+
+	if (!cli_nt_session_open(cli, PIPE_NETLOGON)) {
+		DEBUG(0, ("Error connecting to NETLOGON pipe\n"));
+		goto done;
+	}
+
+	if (!secrets_fetch_trust_account_password(domain, 
+						  stored_md4_trust_password, NULL)) {
+		DEBUG(0, ("Could not reterive secrets we just stored!"));
+		goto done;
+	}
+	
+	CHECK_RPC_ERR(new_cli_nt_setup_creds(cli, 
+					     (acb_info & ACB_SVRTRUST) ? SEC_CHAN_BDC : SEC_CHAN_WKSTA, 
+					     stored_md4_trust_password),
+			  "error in domain join verification");
+	
+	retval = 0;		/* Success! */
+	
+done:
+	/* Close down pipe - this will clean up open policy handles */
+
+	if (cli->nt_pipe_fnum)
+		cli_nt_session_close(cli);
+
+	/* Display success or failure */
+
+	if (retval != 0) {
+		trust_password_delete(domain);
+		fprintf(stderr,"Unable to join domain %s.\n",domain);
+	} else {
+		printf("Joined domain %s.\n",domain);
+	}
+	
+	cli_shutdown(cli);
+
+	SAFE_FREE(clear_trust_password);
+
+	return retval;
+}
diff --git a/source3/utils/net_time.c b/source3/utils/net_time.c
new file mode 100644
index 0000000000..3f5532109c
--- /dev/null
+++ b/source3/utils/net_time.c
@@ -0,0 +1,185 @@
+/* 
+   Samba Unix/Linux SMB client library 
+   net time command
+   Copyright (C) 2001 Andrew Tridgell (tridge@samba.org)
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.  */
+
+#include "includes.h"
+#include "../utils/net.h"
+
+
+/*
+  return the time on a server. This does not require any authentication
+*/
+static time_t cli_servertime(const char *host, struct in_addr *ip, int *zone)
+{
+	struct nmb_name calling, called;
+	time_t ret = 0;
+	extern pstring global_myname;
+	struct cli_state *cli = NULL;
+
+	cli = cli_initialise(NULL);
+	if (!cli) goto done;
+
+	if (!cli_connect(cli, host, ip)) {
+		fprintf(stderr,"Can't contact server\n");
+		goto done;
+	}
+
+	make_nmb_name(&calling, global_myname, 0x0);
+	if (host) {
+		make_nmb_name(&called, host, 0x20);
+	} else {
+		make_nmb_name(&called, "*SMBSERVER", 0x20);
+	}
+
+	if (!cli_session_request(cli, &calling, &called)) {
+		fprintf(stderr,"Session request failed\n");
+		goto done;
+	}
+	if (!cli_negprot(cli)) {
+		fprintf(stderr,"Protocol negotiation failed\n");
+		goto done;
+	}
+
+	ret = cli->servertime;
+	if (zone) *zone = cli->serverzone;
+
+done:
+	if (cli) cli_shutdown(cli);
+	return ret;
+}
+
+/* find the servers time on the opt_host host */
+static time_t nettime(int *zone)
+{
+	extern BOOL opt_have_ip;
+	extern struct in_addr opt_dest_ip;
+	extern char *opt_host; 
+	return cli_servertime(opt_host, opt_have_ip? &opt_dest_ip : NULL, zone);
+}
+
+/* return a time as a string ready to be passed to /bin/date */
+static char *systime(time_t t)
+{
+	static char s[100];
+	struct tm *tm;
+
+	tm = localtime(&t);
+	
+	snprintf(s, sizeof(s), "%02d%02d%02d%02d%04d.%02d", 
+		 tm->tm_mon+1, tm->tm_mday, tm->tm_hour, 
+		 tm->tm_min, tm->tm_year + 1900, tm->tm_sec);
+	return s;
+}
+
+int net_time_usage(int argc, const char **argv)
+{
+	d_printf(
+"net time\n\tdisplays time on a server\n\n"\
+"net time system\n\tdisplays time on a server in a format ready for /bin/date\n\n"\
+"net time set\n\truns /bin/date with the time from the server\n\n"\
+"net time zone\n\tdisplays the timezone in hours from GMT on the remote computer\n\n"\
+"\n");
+	net_common_flags_usage(argc, argv);
+	return -1;
+}
+
+/* try to set the system clock using /bin/date */
+static int net_time_set(int argc, const char **argv)
+{
+	time_t t = nettime(NULL);
+	char *cmd;
+
+	if (t == 0) return -1;
+	
+	/* yes, I know this is cheesy. Use "net time system" if you want to 
+	   roll your own. I'm putting this in as it works on a large number
+	   of systems and the user has a choice in whether its used or not */
+	asprintf(&cmd, "/bin/date %s", systime(t));
+	system(cmd);
+	free(cmd);
+
+	return 0;
+}
+
+/* display the time on a remote box in a format ready for /bin/date */
+static int net_time_system(int argc, const char **argv)
+{
+	time_t t = nettime(NULL);
+
+	if (t == 0) return -1;
+
+	printf("%s\n", systime(t));
+
+	return 0;
+}
+
+/* display the time on a remote box in a format ready for /bin/date */
+static int net_time_zone(int argc, const char **argv)
+{
+	int zone = 0;
+	int hours, mins;
+	char zsign;
+	time_t t;
+
+	t = nettime(&zone);
+
+	if (t == 0) return -1;
+
+	zsign = (zone > 0) ? '-' : '+';
+	if (zone < 0) zone = -zone;
+
+	zone /= 60;
+	hours = zone / 60;
+	mins = zone % 60;
+
+	printf("%c%02d%02d\n", zsign, hours, mins);
+
+	return 0;
+}
+
+/* display or set the time on a host */
+int net_time(int argc, const char **argv)
+{
+	time_t t;
+	extern BOOL opt_have_ip;
+	extern struct in_addr opt_dest_ip;
+	extern char *opt_host; 
+	struct functable func[] = {
+		{"SYSTEM", net_time_system},
+		{"SET", net_time_set},
+		{"ZONE", net_time_zone},
+		{NULL, NULL}
+	};
+
+	if (!opt_host && !opt_have_ip) {
+		d_printf("You must specify a hostname or IP\n");
+		net_time_usage(argc,argv);
+		return -1;
+	}
+
+	if (argc != 0) {
+		return net_run_function(argc, argv, func, net_time_usage);
+	}
+
+	/* default - print the time */
+	t = cli_servertime(opt_host, opt_have_ip? &opt_dest_ip : NULL, NULL);
+	if (t == 0) return -1;
+
+	d_printf("%s", ctime(&t));
+	return 0;
+}
diff --git a/source3/utils/nmblookup.c b/source3/utils/nmblookup.c
index aa43173332..9549d16d04 100644
--- a/source3/utils/nmblookup.c
+++ b/source3/utils/nmblookup.c
@@ -1,8 +1,7 @@
 /* 
-   Unix SMB/Netbios implementation.
-   Version 1.9.
+   Unix SMB/CIFS implementation.
    NBT client - used to lookup netbios names
-   Copyright (C) Andrew Tridgell 1994-1995
+   Copyright (C) Andrew Tridgell 1994-1998
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -20,44 +19,35 @@
    
 */
 
-#ifdef SYSLOG
-#undef SYSLOG
-#endif
+#define NO_SYSLOG
 
 #include "includes.h"
-#include "nameserv.h"
 
-extern int DEBUGLEVEL;
-
-extern pstring scope;
-
-extern struct in_addr bcast_ip;
-extern pstring myhostname;
+extern BOOL AllowDebugChange;
 
+static BOOL use_bcast = True;
 static BOOL got_bcast = False;
-
-int ServerFD= -1;
+static struct in_addr bcast_addr;
+static BOOL recursion_desired = False;
+static BOOL translate_addresses = False;
+static int ServerFD= -1;
+static int RootPort = False;
+static BOOL find_status=False;
 
 /****************************************************************************
   open the socket communication
   **************************************************************************/
 static BOOL open_sockets(void)
 {
-  struct hostent *hp;
- 
-  /* get host info */
-  if ((hp = Get_Hostbyname(myhostname)) == 0) 
-    {
-      DEBUG(0,( "Get_Hostbyname: Unknown host. %s\n",myhostname));
-      return False;
-    }   
-
-  ServerFD = open_socket_in(SOCK_DGRAM, 0,3);
+  ServerFD = open_socket_in( SOCK_DGRAM,
+                             (RootPort ? 137 : 0),
+                             (RootPort ?   0 : 3),
+                             interpret_addr(lp_socket_address()), True );
 
   if (ServerFD == -1)
     return(False);
 
-  set_socket_options(ServerFD,"SO_BROADCAST");
+  set_socket_options( ServerFD, "SO_BROADCAST" );
 
   DEBUG(3, ("Socket opened.\n"));
   return True;
@@ -65,43 +55,128 @@ static BOOL open_sockets(void)
 
 
 /****************************************************************************
-  initialise connect, service and file structs
+usage on the program
 ****************************************************************************/
-static BOOL init_structs(void )
+static void usage(void)
 {
-  struct in_addr myip;
-
-  if (!get_myname(myhostname,&myip))
-    return(False);
-
-  /* Read the broadcast address from the interface */
-  {
-    struct in_addr ip0,ip2;
-
-    ip0 = myip;
-
-    if (!got_bcast) {
-      get_broadcast(&ip0,&bcast_ip,&ip2);
+  d_printf("Usage: nmblookup [-M] [-B bcast address] [-d debuglevel] name\n");
+  d_printf("Version %s\n",VERSION);
+  d_printf("\t-d debuglevel         set the debuglevel\n");
+  d_printf("\t-B broadcast address  the address to use for broadcasts\n");
+  d_printf("\t-U unicast   address  the address to use for unicast\n");
+  d_printf("\t-M                    searches for a master browser\n");
+  d_printf("\t-R                    set recursion desired in packet\n");
+  d_printf("\t-S                    lookup node status as well\n");
+  d_printf("\t-T                    translate IP addresses into names\n");
+  d_printf("\t-r                    Use root port 137 (Win95 only replies to this)\n");
+  d_printf("\t-A                    Do a node status on <name> as an IP Address\n");
+  d_printf("\t-i NetBIOS scope      Use the given NetBIOS scope for name queries\n");
+  d_printf("\t-s smb.conf file      Use the given path to the smb.conf file\n");
+  d_printf("\t-h                    Print this help message.\n");
+  d_printf("\n  If you specify -M and name is \"-\", nmblookup looks up __MSBROWSE__<01>\n");
+  d_printf("\n");
+}
 
-      DEBUG(2,("Using broadcast %s\n",inet_ntoa(bcast_ip)));
-    }
-  }
+/****************************************************************************
+turn a node status flags field into a string
+****************************************************************************/
+static char *node_status_flags(unsigned char flags)
+{
+	static fstring ret;
+	fstrcpy(ret,"");
+	
+	fstrcat(ret, (flags & 0x80) ? "<GROUP> " : "        ");
+	if ((flags & 0x60) == 0x00) fstrcat(ret,"B ");
+	if ((flags & 0x60) == 0x20) fstrcat(ret,"P ");
+	if ((flags & 0x60) == 0x40) fstrcat(ret,"M ");
+	if ((flags & 0x60) == 0x60) fstrcat(ret,"H ");
+	if (flags & 0x10) fstrcat(ret,"<DEREGISTERING> ");
+	if (flags & 0x08) fstrcat(ret,"<CONFLICT> ");
+	if (flags & 0x04) fstrcat(ret,"<ACTIVE> ");
+	if (flags & 0x02) fstrcat(ret,"<PERMANENT> ");
+	
+	return ret;
+}
 
-  return True;
+/****************************************************************************
+do a node status query
+****************************************************************************/
+static void do_node_status(int fd, char *name, int type, struct in_addr ip)
+{
+	struct nmb_name nname;
+	int count, i, j;
+	struct node_status *status;
+	fstring cleanname;
+
+	d_printf("Looking up status of %s\n",inet_ntoa(ip));
+	make_nmb_name(&nname, name, type);
+	status = node_status_query(fd,&nname,ip, &count);
+	if (status) {
+		for (i=0;i<count;i++) {
+			fstrcpy(cleanname, status[i].name);
+			for (j=0;cleanname[j];j++) {
+				if (!isprint((int)cleanname[j])) cleanname[j] = '.';
+			}
+			d_printf("\t%-15s <%02x> - %s\n",
+			       cleanname,status[i].type,
+			       node_status_flags(status[i].flags));
+		}
+		SAFE_FREE(status);
+	}
+	d_printf("\n");
 }
 
+
 /****************************************************************************
-usage on the program
+send out one query
 ****************************************************************************/
-static void usage(void)
+static BOOL query_one(char *lookup, unsigned int lookup_type)
 {
-  printf("Usage: nmblookup [-M] [-B bcast address] [-d debuglevel] name\n");
-  printf("Version %s\n",VERSION);
-  printf("\t-d debuglevel         set the debuglevel\n");
-  printf("\t-B broadcast address  the address to use for broadcasts\n");
-  printf("\t-M                    searches for a master browser\n");
-  printf("\t-S                    lookup node status as well\n");
-  printf("\n");
+	int j, count;
+	struct in_addr *ip_list=NULL;
+
+	if (got_bcast) {
+		d_printf("querying %s on %s\n", lookup, inet_ntoa(bcast_addr));
+		ip_list = name_query(ServerFD,lookup,lookup_type,use_bcast,
+				     use_bcast?True:recursion_desired,
+				     bcast_addr,&count);
+	} else {
+		struct in_addr *bcast;
+		for (j=iface_count() - 1;
+		     !ip_list && j >= 0;
+		     j--) {
+			bcast = iface_n_bcast(j);
+			d_printf("querying %s on %s\n", 
+			       lookup, inet_ntoa(*bcast));
+			ip_list = name_query(ServerFD,lookup,lookup_type,
+					     use_bcast,
+					     use_bcast?True:recursion_desired,
+					     *bcast,&count);
+		}
+	}
+
+	if (!ip_list) return False;
+
+	for (j=0;j<count;j++) {
+		if (translate_addresses) {
+			struct hostent *host = gethostbyaddr((char *)&ip_list[j], sizeof(ip_list[j]), AF_INET);
+			if (host) {
+				d_printf("%s, ", host -> h_name);
+			}
+		}
+		d_printf("%s %s<%02x>\n",inet_ntoa(ip_list[j]),lookup, lookup_type);
+	}
+
+	/* We can only do find_status if the ip address returned
+	   was valid - ie. name_query returned true.
+	*/
+	if (find_status) {
+		do_node_status(ServerFD, lookup, lookup_type, ip_list[0]);
+	}
+
+	safe_free(ip_list);
+
+	return (ip_list != NULL);
 }
 
 
@@ -111,50 +186,71 @@ static void usage(void)
 int main(int argc,char *argv[])
 {
   int opt;
-  unsigned int lookup_type = 0x20;
+  unsigned int lookup_type = 0x0;
   pstring lookup;
   extern int optind;
   extern char *optarg;
   BOOL find_master=False;
-  BOOL find_status=False;
   int i;
-  
+  BOOL lookup_by_ip = False;
+  int commandline_debuglevel = -2;
+
   DEBUGLEVEL = 1;
-  *lookup = 0;
+  /* Prevent smb.conf setting from overridding */
+  AllowDebugChange = False;
 
-  TimeInit();
+  *lookup = 0;
 
   setup_logging(argv[0],True);
 
-  charset_initialise();
-
-  while ((opt = getopt(argc, argv, "p:d:B:i:SMh")) != EOF)
+  while ((opt = getopt(argc, argv, "d:B:U:i:s:SMrhART")) != EOF)
     switch (opt)
       {
       case 'B':
-	{
-	  unsigned long a = interpret_addr(optarg);
-	  putip((char *)&bcast_ip,(char *)&a);
-	  got_bcast = True;
-	}
+	bcast_addr = *interpret_addr2(optarg);
+	got_bcast = True;
+	use_bcast = True;
 	break;
-      case 'i':
-	strcpy(scope,optarg);
-	strupper(scope);
+      case 'U':
+	bcast_addr = *interpret_addr2(optarg);
+	got_bcast = True;
+	use_bcast = False;
+	break;
+      case 'T':
+        translate_addresses = !translate_addresses;
 	break;
+      case 'i':
+	      {
+		      extern pstring global_scope;
+		      pstrcpy(global_scope,optarg);
+		      strupper(global_scope);
+	      }
+	      break;
       case 'M':
 	find_master = True;
 	break;
       case 'S':
 	find_status = True;
 	break;
+      case 'R':
+	recursion_desired = True;
+	break;
       case 'd':
-	DEBUGLEVEL = atoi(optarg);
+	commandline_debuglevel = DEBUGLEVEL = atoi(optarg);
+	break;
+      case 's':
+	pstrcpy(dyn_CONFIGFILE, optarg);
 	break;
+      case 'r':
+        RootPort = True;
+        break;
       case 'h':
 	usage();
 	exit(0);
 	break;
+      case 'A':
+        lookup_by_ip = True;
+        break;
       default:
 	usage();
 	exit(1);
@@ -165,53 +261,58 @@ int main(int argc,char *argv[])
     exit(1);
   }
 
-  init_structs();
-  if (!open_sockets()) return(1);
+  if (!lp_load(dyn_CONFIGFILE,True,False,False)) {
+    fprintf(stderr, "Can't load %s - run testparm to debug it\n", dyn_CONFIGFILE);
+  }
 
-  DEBUG(1,("Sending queries to %s\n",inet_ntoa(bcast_ip)));
+  /*
+   * Ensure we reset DEBUGLEVEL if someone specified it
+   * on the command line.
+   */
 
+  if(commandline_debuglevel != -2)
+    DEBUGLEVEL = commandline_debuglevel;
+
+  load_interfaces();
+  if (!open_sockets()) return(1);
 
   for (i=optind;i<argc;i++)
-    {
-      BOOL bcast = True;
-      int retries = 2;
+  {
       char *p;
       struct in_addr ip;
 
-      strcpy(lookup,argv[i]);
+      fstrcpy(lookup,argv[i]);
+
+      if(lookup_by_ip)
+      {
+        fstrcpy(lookup,"*");
+        ip = *interpret_addr2(argv[i]);
+	do_node_status(ServerFD, lookup, lookup_type, ip);
+        continue;
+      }
 
       if (find_master) {
 	if (*lookup == '-') {
-	  strcpy(lookup,"\01\02__MSBROWSE__\02");
+	  fstrcpy(lookup,"\01\02__MSBROWSE__\02");
 	  lookup_type = 1;
 	} else {
 	  lookup_type = 0x1d;
 	}
       }
 
-      p = strchr(lookup,'#');
-
+      p = strchr_m(lookup,'#');
       if (p) {
-	*p = 0;
-	sscanf(p+1,"%x",&lookup_type);
-	bcast = False;
-	retries = 1;
+        *p = '\0';
+        sscanf(++p,"%x",&lookup_type);
       }
 
-      if (name_query(ServerFD,lookup,lookup_type,bcast,True,
-		     bcast_ip,&ip,NULL)) 
-	{
-	  printf("%s %s\n",inet_ntoa(ip),lookup);
-	  if (find_status) 
-	    {
-	      printf("Looking up status of %s\n",inet_ntoa(ip));
-	      name_status(ServerFD,lookup,lookup_type,True,ip,NULL,NULL,NULL);
-	      printf("\n");
-	    }
-      } else {
-	printf("couldn't find name %s\n",lookup);
+      if (!query_one(lookup, lookup_type)) {
+	d_printf( "name_query failed to find name %s", lookup );
+        if( 0 != lookup_type )
+          d_printf( "#%02x", lookup_type );
+        d_printf( "\n" );
       }
-    }
-
+  }
+  
   return(0);
 }
diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c
new file mode 100644
index 0000000000..1fb1f2355b
--- /dev/null
+++ b/source3/utils/pdbedit.c
@@ -0,0 +1,692 @@
+/* 
+   Unix SMB/CIFS implementation.
+   passdb editing frontend
+   
+   Copyright (C) Simo Sorce      2000
+   Copyright (C) Andrew Bartlett 2001   
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+extern pstring global_myname;
+extern BOOL AllowDebugChange;
+
+/*
+ * Next two lines needed for SunOS and don't
+ * hurt anything else...
+ */
+extern char *optarg;
+extern int optind;
+
+/*********************************************************
+ Print command usage on stderr and die.
+**********************************************************/
+static void usage(void)
+{
+	if (getuid() == 0) {
+		printf("pdbedit options\n");
+	} else {
+		printf("You need to be root to use this tool!\n");
+	}
+	printf("(actually to add a user you need to use smbpasswd)\n");
+	printf("options:\n");
+	printf("  -l                   list usernames\n");
+	printf("     -v                verbose output\n");
+	printf("     -w                smbpasswd file style\n");
+	printf("  -u username          print user's info\n");
+	printf("     -f fullname       set Full Name\n");
+	printf("     -h homedir        set home directory\n");
+	printf("     -d drive          set home dir drive\n");
+	printf("     -s script         set logon script\n");
+	printf("     -p profile        set profile path\n");
+	printf("  -a                   create new account\n");
+	printf("     -m                it is a machine trust\n");
+	printf("  -x                   delete this user\n");
+	printf("  -i file              import account from file (smbpasswd style)\n");
+	printf("  -D debuglevel        set DEBUGELEVEL (default = 1)\n");
+	exit(1);
+}
+
+/*********************************************************
+ Print info from sam structure
+**********************************************************/
+
+static int print_sam_info (SAM_ACCOUNT *sam_pwent, BOOL verbosity, BOOL smbpwdstyle)
+{
+	uid_t uid;
+	gid_t gid;
+
+	/* TODO: chaeck if entry is a user or a workstation */
+	if (!sam_pwent) return -1;
+	
+	if (verbosity) {
+		printf ("username:       %s\n",  pdb_get_username(sam_pwent));
+		if (IS_SAM_UNIX_USER(sam_pwent)) {
+			uid = pdb_get_uid(sam_pwent);
+			gid = pdb_get_gid(sam_pwent);
+			printf ("user ID/Group:  %d/%d\n", uid, gid);
+		}
+		printf ("user RID/GRID:  %u/%u\n", (unsigned int)pdb_get_user_rid(sam_pwent),
+			(unsigned int)pdb_get_group_rid(sam_pwent));
+		printf ("Full Name:      %s\n", pdb_get_fullname(sam_pwent));
+		printf ("Home Directory: %s\n", pdb_get_homedir(sam_pwent));
+		printf ("HomeDir Drive:  %s\n", pdb_get_dirdrive(sam_pwent));
+		printf ("Logon Script:   %s\n", pdb_get_logon_script(sam_pwent));
+		printf ("Profile Path:   %s\n", pdb_get_profile_path(sam_pwent));
+	} else if (smbpwdstyle) {
+		if (IS_SAM_UNIX_USER(sam_pwent)) {
+			char lm_passwd[33];
+			char nt_passwd[33];
+
+			uid = pdb_get_uid(sam_pwent);
+			pdb_sethexpwd(lm_passwd, 
+				      pdb_get_lanman_passwd(sam_pwent), 
+				      pdb_get_acct_ctrl(sam_pwent));
+			pdb_sethexpwd(nt_passwd, 
+				      pdb_get_nt_passwd(sam_pwent), 
+				      pdb_get_acct_ctrl(sam_pwent));
+			
+			printf("%s:%d:%s:%s:%s:LCT-%08X:\n",
+			       pdb_get_username(sam_pwent),
+			       uid,
+			       lm_passwd,
+			       nt_passwd,
+			       pdb_encode_acct_ctrl(pdb_get_acct_ctrl(sam_pwent),NEW_PW_FORMAT_SPACE_PADDED_LEN),
+			       (uint32)pdb_get_pass_last_set_time(sam_pwent));
+		} else {
+			fprintf(stderr, "Can't output in smbpasswd format, no uid on this record.\n");
+		}
+	} else {
+		if (IS_SAM_UNIX_USER(sam_pwent)) {
+			printf ("%s:%d:%s\n", pdb_get_username(sam_pwent), pdb_get_uid(sam_pwent), 
+				pdb_get_fullname(sam_pwent));
+		} else {	
+			printf ("%s:(null):%s\n", pdb_get_username(sam_pwent), pdb_get_fullname(sam_pwent));
+		}
+	}
+
+	return 0;	
+}
+
+/*********************************************************
+ Get an Print User Info
+**********************************************************/
+
+static int print_user_info (char *username, BOOL verbosity, BOOL smbpwdstyle)
+{
+	SAM_ACCOUNT *sam_pwent=NULL;
+	BOOL ret;
+	
+	if (!NT_STATUS_IS_OK(pdb_init_sam (&sam_pwent))) {
+		return -1;
+	}
+	
+	ret = pdb_getsampwnam (sam_pwent, username);
+
+	if (ret==False) {
+		fprintf (stderr, "Username not found!\n");
+		pdb_free_sam(&sam_pwent);
+		return -1;
+	}
+	
+	ret=print_sam_info (sam_pwent, verbosity, smbpwdstyle);
+	pdb_free_sam(&sam_pwent);
+	
+	return ret;
+}
+	
+/*********************************************************
+ List Users
+**********************************************************/
+static int print_users_list (BOOL verbosity, BOOL smbpwdstyle)
+{
+	SAM_ACCOUNT *sam_pwent=NULL;
+	BOOL check, ret;
+	
+	errno = 0; /* testing --simo */
+	check = pdb_setsampwent(False);
+	if (check && errno == ENOENT) {
+		fprintf (stderr,"Password database not found!\n");
+		exit(1);
+	}
+
+	check = True;
+	if (!(NT_STATUS_IS_OK(pdb_init_sam(&sam_pwent)))) return 1;
+
+	while (check && (ret = pdb_getsampwent (sam_pwent))) {
+		if (verbosity)
+			printf ("---------------\n");
+		print_sam_info (sam_pwent, verbosity, smbpwdstyle);
+		pdb_free_sam(&sam_pwent);
+		check = NT_STATUS_IS_OK(pdb_init_sam(&sam_pwent));
+	}
+	if (check) pdb_free_sam(&sam_pwent);
+	
+	pdb_endsampwent();
+	return 0;
+}
+
+/*********************************************************
+ Set User Info
+**********************************************************/
+
+static int set_user_info (char *username, char *fullname, char *homedir, char *drive, char *script, char *profile)
+{
+	SAM_ACCOUNT *sam_pwent=NULL;
+	BOOL ret;
+	
+	pdb_init_sam(&sam_pwent);
+	
+	ret = pdb_getsampwnam (sam_pwent, username);
+	if (ret==False) {
+		fprintf (stderr, "Username not found!\n");
+		pdb_free_sam(&sam_pwent);
+		return -1;
+	}
+	
+	if (fullname)
+		pdb_set_fullname(sam_pwent, fullname);
+	if (homedir)
+		pdb_set_homedir(sam_pwent, homedir, True);
+	if (drive)
+		pdb_set_dir_drive(sam_pwent,drive, True);
+	if (script)
+		pdb_set_logon_script(sam_pwent, script, True);
+	if (profile)
+		pdb_set_profile_path (sam_pwent, profile, True);
+	
+	if (pdb_update_sam_account (sam_pwent))
+		print_user_info (username, True, False);
+	else {
+		fprintf (stderr, "Unable to modify entry!\n");
+		pdb_free_sam(&sam_pwent);
+		return -1;
+	}
+	pdb_free_sam(&sam_pwent);
+	return 0;
+}
+
+/*********************************************************
+ Add New User
+**********************************************************/
+static int new_user (char *username, char *fullname, char *homedir, char *drive, char *script, char *profile)
+{
+	SAM_ACCOUNT *sam_pwent=NULL;
+	struct passwd  *pwd = NULL;
+	char *password1, *password2;
+	
+	ZERO_STRUCT(sam_pwent);
+
+	if ((pwd = getpwnam_alloc(username))) {
+		pdb_init_sam_pw (&sam_pwent, pwd);
+		passwd_free(&pwd);
+	} else {
+		fprintf (stderr, "WARNING: user %s does not exist in system passwd\n", username);
+		pdb_init_sam(&sam_pwent);
+		if (!pdb_set_username(sam_pwent, username)) {
+			return False;
+		}
+	}
+
+	password1 = getpass("new password:");
+	password2 = getpass("retype new password:");
+	if (strcmp (password1, password2)) {
+		 fprintf (stderr, "Passwords does not match!\n");
+		 pdb_free_sam (&sam_pwent);
+		 return -1;
+	}
+
+	pdb_set_plaintext_passwd(sam_pwent, password1);
+
+	if (fullname)
+		pdb_set_fullname(sam_pwent, fullname);
+	if (homedir)
+		pdb_set_homedir (sam_pwent, homedir, True);
+	if (drive)
+		pdb_set_dir_drive (sam_pwent, drive, True);
+	if (script)
+		pdb_set_logon_script(sam_pwent, script, True);
+	if (profile)
+		pdb_set_profile_path (sam_pwent, profile, True);
+	
+	pdb_set_acct_ctrl (sam_pwent, ACB_NORMAL);
+	
+	if (pdb_add_sam_account (sam_pwent)) { 
+		print_user_info (username, True, False);
+	} else {
+		fprintf (stderr, "Unable to add user! (does it alredy exist?)\n");
+		pdb_free_sam (&sam_pwent);
+		return -1;
+	}
+	pdb_free_sam (&sam_pwent);
+	return 0;
+}
+
+/*********************************************************
+ Add New Machine
+**********************************************************/
+
+static int new_machine (char *machinename)
+{
+	SAM_ACCOUNT *sam_pwent=NULL;
+	char name[16];
+	char *password = NULL;
+	
+	if (!NT_STATUS_IS_OK(pdb_init_sam (&sam_pwent))) {
+		return -1;
+	}
+
+	if (machinename[strlen (machinename) -1] == '$')
+		machinename[strlen (machinename) -1] = '\0';
+	
+	safe_strcpy (name, machinename, 16);
+	safe_strcat (name, "$", 16);
+	
+	string_set (&password, machinename);
+	strlower_m(password);
+	
+	pdb_set_plaintext_passwd (sam_pwent, password);
+
+	pdb_set_username (sam_pwent, name);
+	
+	pdb_set_acct_ctrl (sam_pwent, ACB_WSTRUST);
+	
+	pdb_set_group_rid(sam_pwent, DOMAIN_GROUP_RID_COMPUTERS);
+	
+	if (pdb_add_sam_account (sam_pwent)) {
+		print_user_info (name, True, False);
+	} else {
+		fprintf (stderr, "Unable to add machine! (does it already exist?)\n");
+		pdb_free_sam (&sam_pwent);
+		return -1;
+	}
+	pdb_free_sam (&sam_pwent);
+	return 0;
+}
+
+/*********************************************************
+ Delete user entry
+**********************************************************/
+
+static int delete_user_entry (char *username)
+{
+	SAM_ACCOUNT *samaccount = NULL;
+
+	if (!NT_STATUS_IS_OK(pdb_init_sam (&samaccount))) {
+		return -1;
+	}
+
+	if (!pdb_getsampwnam(samaccount, username)) {
+		fprintf (stderr, "user %s does not exist in the passdb\n", username);
+		return -1;
+	}
+
+	return pdb_delete_sam_account (samaccount);
+}
+
+/*********************************************************
+ Delete machine entry
+**********************************************************/
+
+static int delete_machine_entry (char *machinename)
+{
+	char name[16];
+	SAM_ACCOUNT *samaccount = NULL;
+	
+	safe_strcpy (name, machinename, 16);
+	if (name[strlen(name)] != '$')
+		safe_strcat (name, "$", 16);
+
+	if (!NT_STATUS_IS_OK(pdb_init_sam (&samaccount))) {
+		return -1;
+	}
+
+	if (!pdb_getsampwnam(samaccount, name)) {
+		fprintf (stderr, "user %s does not exist in the passdb\n", name);
+		return -1;
+	}
+
+	return pdb_delete_sam_account (samaccount);
+}
+
+/*********************************************************
+ Import smbpasswd style file
+**********************************************************/
+
+static int import_users (char *filename)
+{
+	FILE *fp = NULL;
+	SAM_ACCOUNT *sam_pwent = NULL;
+	static pstring  user_name;
+	static unsigned char smbpwd[16];
+	static unsigned char smbntpwd[16];
+	char linebuf[256];
+	size_t linebuf_len;
+	unsigned char c;
+	unsigned char *p;
+	long uidval;
+	int line = 0;
+	int good = 0;
+	struct passwd *pwd;
+
+	if((fp = sys_fopen(filename, "rb")) == NULL) {
+		fprintf (stderr, "%s\n", strerror (ferror (fp)));
+		return -1;
+	}
+	
+	while (!feof(fp)) {
+		/*Get a new line*/
+		linebuf[0] = '\0';
+		fgets(linebuf, 256, fp);
+		if (ferror(fp)) {
+			fprintf (stderr, "%s\n", strerror (ferror (fp)));
+			return -1;
+		}
+		if ((linebuf_len = strlen(linebuf)) == 0) {
+			line++;
+			continue;
+		}
+		if (linebuf[linebuf_len - 1] != '\n') {
+			c = '\0';
+			while (!ferror(fp) && !feof(fp)) {
+				c = fgetc(fp);
+				if (c == '\n') break;
+			}
+		} else
+			linebuf[linebuf_len - 1] = '\0';
+		linebuf[linebuf_len] = '\0';
+		if ((linebuf[0] == 0) && feof(fp)) {
+			/*end of file!!*/
+			return 0;
+		}
+		line++;
+		if (linebuf[0] == '#' || linebuf[0] == '\0')
+			continue;
+		
+		/* Get user name */
+		p = (unsigned char *) strchr_m(linebuf, ':');
+		if (p == NULL) {
+			fprintf (stderr, "Error: malformed password entry at line %d !!\n", line);
+			continue;
+		}
+		strncpy(user_name, linebuf, PTR_DIFF(p, linebuf));
+		user_name[PTR_DIFF(p, linebuf)] = '\0';
+
+		/* Get smb uid. */
+		p++;
+		if(*p == '-') {
+			fprintf (stderr, "Error: negative uid at line %d\n", line);
+			continue;
+		}
+		if (!isdigit(*p)) {
+			fprintf (stderr, "Error: malformed password entry at line %d (uid not number)\n", line);
+			continue;
+		}
+		uidval = atoi((char *) p);
+		while (*p && isdigit(*p)) p++;
+		if (*p != ':') {
+			fprintf (stderr, "Error: malformed password entry at line %d (no : after uid)\n", line);
+			continue;
+		}
+		if(!(pwd = sys_getpwnam(user_name))) {
+			fprintf(stderr, "User %s does not \
+exist in system password file (usually /etc/passwd). Cannot add \
+account without a valid local system user.\n", user_name);
+			return False;
+		}
+
+		if (!NT_STATUS_IS_OK(pdb_init_sam_pw(&sam_pwent, pwd))) {
+			fprintf(stderr, "Failed initialise SAM_ACCOUNT for user %s.\n", user_name);
+			return False;
+		}
+
+		/* Get passwords */
+		p++;
+		if (*p == '*' || *p == 'X') {
+			/* Password deliberately invalid */
+			fprintf (stderr, "Warning: entry invalidated for user %s\n", user_name);
+			pdb_set_lanman_passwd(sam_pwent, NULL);
+			pdb_set_nt_passwd(sam_pwent,NULL);
+			pdb_set_acct_ctrl(sam_pwent, pdb_get_acct_ctrl(sam_pwent) | ACB_DISABLED);
+		} else {
+			if (linebuf_len < (PTR_DIFF(p, linebuf) + 33)) {
+				fprintf (stderr, "Error: malformed password entry at line %d (password too short)\n",line);
+				pdb_free_sam (&sam_pwent);
+				continue;
+			}
+			if (p[32] != ':') {
+				fprintf (stderr, "Error: malformed password entry at line %d (no terminating :)\n",line);
+				pdb_free_sam (&sam_pwent);
+				continue;
+			}
+			if (!strncasecmp((char *) p, "NO PASSWORD", 11)) {
+				pdb_set_lanman_passwd(sam_pwent, NULL);
+				pdb_set_acct_ctrl(sam_pwent, pdb_get_acct_ctrl(sam_pwent) | ACB_PWNOTREQ);
+			} else {
+				if (!pdb_gethexpwd((char *)p, smbpwd)) {
+					fprintf (stderr, "Error: malformed Lanman password entry at line %d (non hex chars)\n", line);
+					pdb_free_sam (&sam_pwent);
+					continue;
+				}
+				pdb_set_lanman_passwd(sam_pwent, smbpwd);
+			}
+			/* NT password */
+			p += 33;
+			if ((linebuf_len >= (PTR_DIFF(p, linebuf) + 33)) && (p[32] == ':')) {
+				if (*p != '*' && *p != 'X') {
+					if (pdb_gethexpwd((char *)p,smbntpwd)) {
+						pdb_set_nt_passwd(sam_pwent, smbntpwd);
+					}
+				}
+				p += 33;
+			}
+		}
+
+		/* Get ACCT_CTRL field if any */
+		if (*p == '[') {
+			uint16 acct_ctrl;
+			unsigned char *end_p = (unsigned char *)strchr_m((char *)p, ']');
+			
+			acct_ctrl = pdb_decode_acct_ctrl((char*)p);
+			if (acct_ctrl)
+				acct_ctrl = ACB_NORMAL;
+
+			pdb_set_acct_ctrl(sam_pwent, acct_ctrl);
+			
+			/* Get last change time */
+			if(end_p)
+				p = end_p + 1;
+			if(*p == ':') {
+				p++;
+				if(*p && (StrnCaseCmp((char *)p, "LCT-", 4)==0)) {
+					int i;
+					
+					p += 4;
+					for(i = 0; i < 8; i++) {
+						if(p[i] == '\0' || !isxdigit(p[i])) break;
+					}
+					if(i == 8) {
+						 pdb_set_pass_last_set_time (sam_pwent, (time_t)strtol((char *)p, NULL, 16));
+					}
+				}
+			}
+		}
+
+		 /* Now ADD the entry */
+		if (!(pdb_add_sam_account (sam_pwent))) {
+			fprintf (stderr, "Unable to add user entry!\n");
+			pdb_free_sam (&sam_pwent);
+			continue;
+		}
+		printf ("%s imported!\n", user_name);
+		good++;
+		pdb_free_sam (&sam_pwent);
+	}
+	printf ("%d lines read.\n%d entryes imported\n", line, good);
+	return 0;
+}
+
+/*********************************************************
+ Start here.
+**********************************************************/
+
+int main (int argc, char **argv)
+{
+	int ch;
+	BOOL list_users = False;
+	BOOL verbose = False;
+	BOOL spstyle = False;
+	BOOL setparms = False;
+	BOOL machine = False;
+	BOOL add_user = False;
+	BOOL delete_user = False;
+	BOOL import = False;
+	char *user_name = NULL;
+	char *full_name = NULL;
+	char *home_dir = NULL;
+	char *home_drive = NULL;
+	char *logon_script = NULL;
+	char *profile_path = NULL;
+	char *smbpasswd = NULL;
+
+	setup_logging("pdbedit", True);
+
+	if (argc < 2) {
+		usage();
+		return 0;
+	}
+	
+	DEBUGLEVEL = 1;
+	AllowDebugChange = False;
+
+	if (!lp_load(dyn_CONFIGFILE,True,False,False)) {
+		fprintf(stderr, "Can't load %s - run testparm to debug it\n", 
+			dyn_CONFIGFILE);
+		exit(1);
+	}
+	
+	if(!initialize_password_db(True)) {
+		fprintf(stderr, "Can't setup password database vectors.\n");
+		exit(1);
+	}
+	
+	while ((ch = getopt(argc, argv, "ad:f:h:i:lmp:s:u:vwxD:")) != EOF) {
+		switch(ch) {
+		case 'a':
+			add_user = True;
+			break;
+		case 'm':
+			machine = True;
+			break;
+		case 'l':
+			list_users = True;
+			break;
+		case 'v':
+			verbose = True;
+			break;
+		case 'w':
+			spstyle = True;
+			break;
+		case 'u':
+			user_name = optarg;
+			break;
+		case 'f':
+			setparms = True;
+			full_name = optarg;
+			break;
+		case 'h':
+			setparms = True;
+			home_dir = optarg;
+			break;
+		case 'd':
+			setparms = True;
+			home_drive = optarg;
+			break;
+		case 's':
+			setparms = True;
+			logon_script = optarg;
+			break;
+		case 'p':
+			setparms = True;
+			profile_path = optarg;
+			break;
+		case 'x':
+			delete_user = True;
+			break;
+		case 'i':
+			import = True;
+			smbpasswd = optarg;
+			break;
+		case 'D':
+			DEBUGLEVEL = atoi(optarg);
+			break;
+		default:
+			usage();
+		}
+	}
+	if (((add_user?1:0) + (delete_user?1:0) + (list_users?1:0) + (import?1:0) + (setparms?1:0)) > 1) {
+		fprintf (stderr, "Incompatible options on command line!\n");
+		usage();
+		exit(1);
+	}
+
+	if (add_user) {
+		if (!user_name) {
+			fprintf (stderr, "Username not specified! (use -u option)\n");
+			return -1;
+		}
+		if (machine)
+			return new_machine (user_name);
+		else
+			return new_user (user_name, full_name, home_dir, home_drive, logon_script, profile_path);
+	}
+
+	if (delete_user) {
+		if (!user_name) {
+			fprintf (stderr, "Username not specified! (use -u option)\n");
+			return -1;
+		}
+		if (machine)
+			return delete_machine_entry (user_name);
+		else
+			return delete_user_entry (user_name);
+	}
+	
+	if (user_name) {
+		if (setparms)
+			set_user_info (	user_name, full_name,
+						home_dir,
+						home_drive,
+						logon_script,
+						profile_path);
+		else
+			return print_user_info (user_name, verbose, spstyle);
+		
+		return 0;
+	}
+
+	
+	if (list_users) 
+		return print_users_list (verbose, spstyle);
+	
+	if (import) 
+		return import_users (smbpasswd); 
+	
+	usage();
+
+	return 0;
+}
diff --git a/source3/utils/rpccheck.c b/source3/utils/rpccheck.c
new file mode 100644
index 0000000000..ab7286f8be
--- /dev/null
+++ b/source3/utils/rpccheck.c
@@ -0,0 +1,62 @@
+/* 
+   Unix SMB/CIFS implementation.
+   
+   Copyright (C) Jean François Micouleau 2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+main()
+{
+	char filter[]="0123456789ABCDEF";
+
+	char s[128];
+	char d=0;
+	int x=0;
+	prs_struct ps;
+	TALLOC_CTX *ctx;
+
+	/* change that struct */
+	SAMR_R_QUERY_USERINFO rpc_stub;
+	
+	ZERO_STRUCT(rpc_stub);
+
+	setup_logging("", True);
+	DEBUGLEVEL=10;
+
+	ctx=talloc_init();
+	if (!ctx) exit(1);
+
+	prs_init(&ps, 1600, 4, ctx, MARSHALL);
+
+	while (scanf("%s", s)!=-1) {
+		if (strlen(s)==2 && strchr_m(filter, *s)!=NULL && strchr_m(filter, *(s+1))!=NULL) {
+			d=strtol(s, NULL, 16);
+			if(!prs_append_data(&ps, &d, 1))
+				printf("error while reading data\n");
+		}
+	}
+	
+	prs_switch_type(&ps, UNMARSHALL);
+	prs_set_offset(&ps, 0);
+	
+	/* change that call */	
+	if(!samr_io_r_query_userinfo("", &rpc_stub, &ps, 0))
+		printf("error while UNMARSHALLING the data\n");
+
+	printf("\n");
+}
diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c
new file mode 100644
index 0000000000..8c0b2a4a72
--- /dev/null
+++ b/source3/utils/smbcacls.c
@@ -0,0 +1,964 @@
+/* 
+   Unix SMB/CIFS implementation.
+   ACL get/set utility
+   
+   Copyright (C) Andrew Tridgell 2000
+   Copyright (C) Tim Potter      2000
+   Copyright (C) Jeremy Allison  2000
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+static fstring password;
+static pstring username;
+static pstring owner_username;
+static fstring server;
+static int got_pass;
+static int test_args;
+TALLOC_CTX *ctx;
+
+#define CREATE_ACCESS_READ READ_CONTROL_ACCESS
+#define CREATE_ACCESS_WRITE (WRITE_DAC_ACCESS | WRITE_OWNER_ACCESS)
+
+/* numeric is set when the user wants numeric SIDs and ACEs rather
+   than going via LSA calls to resolve them */
+static int numeric;
+
+enum acl_mode {SMB_ACL_SET, SMB_ACL_DELETE, SMB_ACL_MODIFY, SMB_ACL_ADD };
+enum chown_mode {REQUEST_NONE, REQUEST_CHOWN, REQUEST_CHGRP};
+enum exit_values {EXIT_OK, EXIT_FAILED, EXIT_PARSE_ERROR};
+
+struct perm_value {
+	char *perm;
+	uint32 mask;
+};
+
+/* These values discovered by inspection */
+
+static struct perm_value special_values[] = {
+	{ "R", 0x00120089 },
+	{ "W", 0x00120116 },
+	{ "X", 0x001200a0 },
+	{ "D", 0x00010000 },
+	{ "P", 0x00040000 },
+	{ "O", 0x00080000 },
+	{ NULL, 0 },
+};
+
+static struct perm_value standard_values[] = {
+	{ "READ",   0x001200a9 },
+	{ "CHANGE", 0x001301bf },
+	{ "FULL",   0x001f01ff },
+	{ NULL, 0 },
+};
+
+struct cli_state lsa_cli;
+POLICY_HND pol;
+struct ntuser_creds creds;
+BOOL got_policy_hnd;
+
+/* Open cli connection and policy handle */
+
+static BOOL cacls_open_policy_hnd(void)
+{
+	creds.pwd.null_pwd = 1;
+
+	/* Initialise cli LSA connection */
+
+	if (!lsa_cli.initialised && 
+	    !cli_lsa_initialise(&lsa_cli, server, &creds)) {
+		return False;
+	}
+
+	/* Open policy handle */
+
+	if (!got_policy_hnd) {
+
+		/* Some systems don't support SEC_RIGHTS_MAXIMUM_ALLOWED,
+		   but NT sends 0x2000000 so we might as well do it too. */
+
+		if (!NT_STATUS_IS_OK(cli_lsa_open_policy(&lsa_cli, lsa_cli.mem_ctx, True, 
+							 GENERIC_EXECUTE_ACCESS, &pol))) {
+			return False;
+		}
+
+		got_policy_hnd = True;
+	}
+	
+	return True;
+}
+
+/* convert a SID to a string, either numeric or username/group */
+static void SidToString(fstring str, DOM_SID *sid)
+{
+	char **domains = NULL;
+	char **names = NULL;
+	uint32 *types = NULL;
+	int num_names;
+
+	sid_to_string(str, sid);
+
+	if (numeric) return;
+
+	/* Ask LSA to convert the sid to a name */
+
+	if (!cacls_open_policy_hnd() ||
+	    !NT_STATUS_IS_OK(cli_lsa_lookup_sids(&lsa_cli, lsa_cli.mem_ctx,  
+						 &pol, 1, sid, &domains, &names, 
+						 &types, &num_names)) ||
+	    !domains || !domains[0] || !names || !names[0]) {
+		return;
+	}
+
+	/* Converted OK */
+
+	slprintf(str, sizeof(fstring) - 1, "%s%s%s",
+		 domains[0], lp_winbind_separator(),
+		 names[0]);
+	
+}
+
+/* convert a string to a SID, either numeric or username/group */
+static BOOL StringToSid(DOM_SID *sid, const char *str)
+{
+	uint32 *types = NULL;
+	DOM_SID *sids = NULL;
+	int num_sids;
+	BOOL result = True;
+
+	if (strncmp(str, "S-", 2) == 0) {
+		return string_to_sid(sid, str);
+	}
+
+	if (!cacls_open_policy_hnd() ||
+	    !NT_STATUS_IS_OK(cli_lsa_lookup_names(&lsa_cli, lsa_cli.mem_ctx, &pol, 1, 
+						  &str, 
+						  &sids, &types, &num_sids))) {
+		result = False;
+		goto done;
+	}
+
+	sid_copy(sid, &sids[0]);
+
+ done:
+
+	return result;
+}
+
+
+/* print an ACE on a FILE, using either numeric or ascii representation */
+static void print_ace(FILE *f, SEC_ACE *ace)
+{
+	struct perm_value *v;
+	fstring sidstr;
+	int do_print = 0;
+	uint32 got_mask;
+
+	SidToString(sidstr, &ace->trustee);
+
+	fprintf(f, "%s:", sidstr);
+
+	if (numeric) {
+		fprintf(f, "%d/%d/0x%08x", 
+			ace->type, ace->flags, ace->info.mask);
+		return;
+	}
+
+	/* Ace type */
+
+	if (ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED) {
+		fprintf(f, "ALLOWED");
+	} else if (ace->type == SEC_ACE_TYPE_ACCESS_DENIED) {
+		fprintf(f, "DENIED");
+	} else {
+		fprintf(f, "%d", ace->type);
+	}
+
+	/* Not sure what flags can be set in a file ACL */
+
+	fprintf(f, "/%d/", ace->flags);
+
+	/* Standard permissions */
+
+	for (v = standard_values; v->perm; v++) {
+		if (ace->info.mask == v->mask) {
+			fprintf(f, "%s", v->perm);
+			return;
+		}
+	}
+
+	/* Special permissions.  Print out a hex value if we have
+	   leftover bits in the mask. */
+
+	got_mask = ace->info.mask;
+
+ again:
+	for (v = special_values; v->perm; v++) {
+		if ((ace->info.mask & v->mask) == v->mask) {
+			if (do_print) {
+				fprintf(f, "%s", v->perm);
+			}
+			got_mask &= ~v->mask;
+		}
+	}
+
+	if (!do_print) {
+		if (got_mask != 0) {
+			fprintf(f, "0x%08x", ace->info.mask);
+		} else {
+			do_print = 1;
+			goto again;
+		}
+	}
+}
+
+
+/* parse an ACE in the same format as print_ace() */
+static BOOL parse_ace(SEC_ACE *ace, char *str)
+{
+	char *p;
+	fstring tok;
+	unsigned atype, aflags, amask;
+	DOM_SID sid;
+	SEC_ACCESS mask;
+	struct perm_value *v;
+
+	ZERO_STRUCTP(ace);
+	p = strchr_m(str,':');
+	if (!p) return False;
+	*p = '\0';
+	p++;
+
+	/* Try to parse numeric form */
+
+	if (sscanf(p, "%i/%i/%i", &atype, &aflags, &amask) == 3 &&
+	    StringToSid(&sid, str)) {
+		goto done;
+	}
+
+	/* Try to parse text form */
+
+	if (!StringToSid(&sid, str)) {
+		return False;
+	}
+
+	if (!next_token(&p, tok, "/", sizeof(fstring))) {
+		return False;
+	}
+
+	if (strncmp(tok, "ALLOWED", strlen("ALLOWED")) == 0) {
+		atype = SEC_ACE_TYPE_ACCESS_ALLOWED;
+	} else if (strncmp(tok, "DENIED", strlen("DENIED")) == 0) {
+		atype = SEC_ACE_TYPE_ACCESS_DENIED;
+	} else {
+		return False;
+	}
+
+	/* Only numeric form accepted for flags at present */
+
+	if (!(next_token(&p, tok, "/", sizeof(fstring)) &&
+	      sscanf(tok, "%i", &aflags))) {
+		return False;
+	}
+
+	if (!next_token(&p, tok, "/", sizeof(fstring))) {
+		return False;
+	}
+
+	if (strncmp(tok, "0x", 2) == 0) {
+		if (sscanf(tok, "%i", &amask) != 1) {
+			return False;
+		}
+		goto done;
+	}
+
+	for (v = standard_values; v->perm; v++) {
+		if (strcmp(tok, v->perm) == 0) {
+			amask = v->mask;
+			goto done;
+		}
+	}
+
+	p = tok;
+
+	while(*p) {
+		BOOL found = False;
+
+		for (v = special_values; v->perm; v++) {
+			if (v->perm[0] == *p) {
+				amask |= v->mask;
+				found = True;
+			}
+		}
+
+		if (!found) return False;
+		p++;
+	}
+
+	if (*p) {
+		return False;
+	}
+
+ done:
+	mask.mask = amask;
+	init_sec_ace(ace, &sid, atype, mask, aflags);
+	return True;
+}
+
+/* add an ACE to a list of ACEs in a SEC_ACL */
+static BOOL add_ace(SEC_ACL **the_acl, SEC_ACE *ace)
+{
+	SEC_ACL *new;
+	SEC_ACE *aces;
+	if (! *the_acl) {
+		(*the_acl) = make_sec_acl(ctx, 3, 1, ace);
+		return True;
+	}
+
+	aces = calloc(1+(*the_acl)->num_aces,sizeof(SEC_ACE));
+	memcpy(aces, (*the_acl)->ace, (*the_acl)->num_aces * sizeof(SEC_ACE));
+	memcpy(aces+(*the_acl)->num_aces, ace, sizeof(SEC_ACE));
+	new = make_sec_acl(ctx,(*the_acl)->revision,1+(*the_acl)->num_aces, aces);
+	SAFE_FREE(aces);
+	(*the_acl) = new;
+	return True;
+}
+
+/* parse a ascii version of a security descriptor */
+static SEC_DESC *sec_desc_parse(char *str)
+{
+	char *p = str;
+	fstring tok;
+	SEC_DESC *ret;
+	size_t sd_size;
+	DOM_SID *grp_sid=NULL, *owner_sid=NULL;
+	SEC_ACL *dacl=NULL;
+	int revision=1;
+
+	while (next_token(&p, tok, "\t,\r\n", sizeof(tok))) {
+
+		if (strncmp(tok,"REVISION:", 9) == 0) {
+			revision = strtol(tok+9, NULL, 16);
+			continue;
+		}
+
+		if (strncmp(tok,"OWNER:", 6) == 0) {
+			owner_sid = (DOM_SID *)calloc(1, sizeof(DOM_SID));
+			if (!owner_sid ||
+			    !StringToSid(owner_sid, tok+6)) {
+				printf("Failed to parse owner sid\n");
+				return NULL;
+			}
+			continue;
+		}
+
+		if (strncmp(tok,"GROUP:", 6) == 0) {
+			grp_sid = (DOM_SID *)calloc(1, sizeof(DOM_SID));
+			if (!grp_sid ||
+			    !StringToSid(grp_sid, tok+6)) {
+				printf("Failed to parse group sid\n");
+				return NULL;
+			}
+			continue;
+		}
+
+		if (strncmp(tok,"ACL:", 4) == 0) {
+			SEC_ACE ace;
+			if (!parse_ace(&ace, tok+4)) {
+				printf("Failed to parse ACL %s\n", tok);
+				return NULL;
+			}
+			if(!add_ace(&dacl, &ace)) {
+				printf("Failed to add ACL %s\n", tok);
+				return NULL;
+			}
+			continue;
+		}
+
+		printf("Failed to parse security descriptor\n");
+		return NULL;
+	}
+
+	ret = make_sec_desc(ctx,revision, owner_sid, grp_sid, 
+			    NULL, dacl, &sd_size);
+
+	SAFE_FREE(grp_sid);
+	SAFE_FREE(owner_sid);
+
+	return ret;
+}
+
+
+/* print a ascii version of a security descriptor on a FILE handle */
+static void sec_desc_print(FILE *f, SEC_DESC *sd)
+{
+	fstring sidstr;
+	uint32 i;
+
+	printf("REVISION:%d\n", sd->revision);
+
+	/* Print owner and group sid */
+
+	if (sd->owner_sid) {
+		SidToString(sidstr, sd->owner_sid);
+	} else {
+		fstrcpy(sidstr, "");
+	}
+
+	printf("OWNER:%s\n", sidstr);
+
+	if (sd->grp_sid) {
+		SidToString(sidstr, sd->grp_sid);
+	} else {
+		fstrcpy(sidstr, "");
+	}
+
+	fprintf(f, "GROUP:%s\n", sidstr);
+
+	/* Print aces */
+	for (i = 0; sd->dacl && i < sd->dacl->num_aces; i++) {
+		SEC_ACE *ace = &sd->dacl->ace[i];
+		fprintf(f, "ACL:");
+		print_ace(f, ace);
+		fprintf(f, "\n");
+	}
+
+}
+
+/***************************************************** 
+dump the acls for a file
+*******************************************************/
+static int cacl_dump(struct cli_state *cli, char *filename)
+{
+	int fnum;
+	SEC_DESC *sd;
+
+	if (test_args) return EXIT_OK;
+
+	fnum = cli_nt_create(cli, filename, CREATE_ACCESS_READ);
+	if (fnum == -1) {
+		printf("Failed to open %s: %s\n", filename, cli_errstr(cli));
+		return EXIT_FAILED;
+	}
+
+	sd = cli_query_secdesc(cli, fnum, ctx);
+
+	if (!sd) {
+		printf("ERROR: secdesc query failed: %s\n", cli_errstr(cli));
+		return EXIT_FAILED;
+	}
+
+	sec_desc_print(stdout, sd);
+
+	cli_close(cli, fnum);
+
+	return EXIT_OK;
+}
+
+/***************************************************** 
+Change the ownership or group ownership of a file. Just
+because the NT docs say this can't be done :-). JRA.
+*******************************************************/
+
+static int owner_set(struct cli_state *cli, enum chown_mode change_mode, 
+		     char *filename, char *new_username)
+{
+	int fnum;
+	DOM_SID sid;
+	SEC_DESC *sd, *old;
+	size_t sd_size;
+
+	fnum = cli_nt_create(cli, filename, CREATE_ACCESS_READ);
+
+	if (fnum == -1) {
+		printf("Failed to open %s: %s\n", filename, cli_errstr(cli));
+		return EXIT_FAILED;
+	}
+
+	if (!StringToSid(&sid, new_username))
+		return EXIT_PARSE_ERROR;
+
+	old = cli_query_secdesc(cli, fnum, ctx);
+
+	cli_close(cli, fnum);
+
+	if (!old) {
+		printf("owner_set: Failed to query old descriptor\n");
+		return EXIT_FAILED;
+	}
+
+	sd = make_sec_desc(ctx,old->revision,
+				(change_mode == REQUEST_CHOWN) ? &sid : old->owner_sid,
+				(change_mode == REQUEST_CHGRP) ? &sid : old->grp_sid,
+			   NULL, old->dacl, &sd_size);
+
+	fnum = cli_nt_create(cli, filename, CREATE_ACCESS_WRITE);
+
+	if (fnum == -1) {
+		printf("Failed to open %s: %s\n", filename, cli_errstr(cli));
+		return EXIT_FAILED;
+	}
+
+	if (!cli_set_secdesc(cli, fnum, sd)) {
+		printf("ERROR: secdesc set failed: %s\n", cli_errstr(cli));
+	}
+
+	cli_close(cli, fnum);
+
+	return EXIT_OK;
+}
+
+
+/* The MSDN is contradictory over the ordering of ACE entries in an ACL.
+   However NT4 gives a "The information may have been modified by a
+   computer running Windows NT 5.0" if denied ACEs do not appear before
+   allowed ACEs. */
+
+static int ace_compare(SEC_ACE *ace1, SEC_ACE *ace2)
+{
+	if (sec_ace_equal(ace1, ace2)) 
+		return 0;
+
+	if (ace1->type != ace2->type) 
+		return ace2->type - ace1->type;
+
+	if (sid_compare(&ace1->trustee, &ace2->trustee)) 
+		return sid_compare(&ace1->trustee, &ace2->trustee);
+
+	if (ace1->flags != ace2->flags) 
+		return ace1->flags - ace2->flags;
+
+	if (ace1->info.mask != ace2->info.mask) 
+		return ace1->info.mask - ace2->info.mask;
+
+	if (ace1->size != ace2->size) 
+		return ace1->size - ace2->size;
+
+	return memcmp(ace1, ace2, sizeof(SEC_ACE));
+}
+
+static void sort_acl(SEC_ACL *the_acl)
+{
+	uint32 i;
+	if (!the_acl) return;
+
+	qsort(the_acl->ace, the_acl->num_aces, sizeof(the_acl->ace[0]), QSORT_CAST ace_compare);
+
+	for (i=1;i<the_acl->num_aces;) {
+		if (sec_ace_equal(&the_acl->ace[i-1], &the_acl->ace[i])) {
+			int j;
+			for (j=i; j<the_acl->num_aces-1; j++) {
+				the_acl->ace[j] = the_acl->ace[j+1];
+			}
+			the_acl->num_aces--;
+		} else {
+			i++;
+		}
+	}
+}
+
+/***************************************************** 
+set the ACLs on a file given an ascii description
+*******************************************************/
+static int cacl_set(struct cli_state *cli, char *filename, 
+		    char *the_acl, enum acl_mode mode)
+{
+	int fnum;
+	SEC_DESC *sd, *old;
+	uint32 i, j;
+	size_t sd_size;
+	int result = EXIT_OK;
+
+	sd = sec_desc_parse(the_acl);
+
+	if (!sd) return EXIT_PARSE_ERROR;
+	if (test_args) return EXIT_OK;
+
+	/* The desired access below is the only one I could find that works
+	   with NT4, W2KP and Samba */
+
+	fnum = cli_nt_create(cli, filename, CREATE_ACCESS_READ);
+
+	if (fnum == -1) {
+		printf("cacl_set failed to open %s: %s\n", filename, cli_errstr(cli));
+		return EXIT_FAILED;
+	}
+
+	old = cli_query_secdesc(cli, fnum, ctx);
+
+	if (!old) {
+		printf("calc_set: Failed to query old descriptor\n");
+		return EXIT_FAILED;
+	}
+
+	cli_close(cli, fnum);
+
+	/* the logic here is rather more complex than I would like */
+	switch (mode) {
+	case SMB_ACL_DELETE:
+		for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
+			BOOL found = False;
+
+			for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
+				if (sec_ace_equal(&sd->dacl->ace[i],
+						  &old->dacl->ace[j])) {
+					uint32 k;
+					for (k=j; k<old->dacl->num_aces-1;k++) {
+						old->dacl->ace[k] = old->dacl->ace[k+1];
+					}
+					old->dacl->num_aces--;
+					if (old->dacl->num_aces == 0) {
+						SAFE_FREE(old->dacl->ace);
+						SAFE_FREE(old->dacl);
+						old->off_dacl = 0;
+					}
+					found = True;
+					break;
+				}
+			}
+
+			if (!found) {
+				printf("ACL for ACE:"); 
+				print_ace(stdout, &sd->dacl->ace[i]);
+				printf(" not found\n");
+			}
+		}
+		break;
+
+	case SMB_ACL_MODIFY:
+		for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
+			BOOL found = False;
+
+			for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
+				if (sid_equal(&sd->dacl->ace[i].trustee,
+					      &old->dacl->ace[j].trustee)) {
+					old->dacl->ace[j] = sd->dacl->ace[i];
+					found = True;
+				}
+			}
+
+			if (!found) {
+				fstring str;
+
+				SidToString(str, &sd->dacl->ace[i].trustee);
+				printf("ACL for SID %s not found\n", str);
+			}
+		}
+
+		break;
+
+	case SMB_ACL_ADD:
+		for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
+			add_ace(&old->dacl, &sd->dacl->ace[i]);
+		}
+		break;
+
+	case SMB_ACL_SET:
+ 		old = sd;
+		break;
+	}
+
+	/* Denied ACE entries must come before allowed ones */
+	sort_acl(old->dacl);
+
+	/* Create new security descriptor and set it */
+	sd = make_sec_desc(ctx,old->revision, old->owner_sid, old->grp_sid, 
+			   NULL, old->dacl, &sd_size);
+
+	fnum = cli_nt_create(cli, filename, CREATE_ACCESS_WRITE);
+
+	if (fnum == -1) {
+		printf("cacl_set failed to open %s: %s\n", filename, cli_errstr(cli));
+		return EXIT_FAILED;
+	}
+
+	if (!cli_set_secdesc(cli, fnum, sd)) {
+		printf("ERROR: secdesc set failed: %s\n", cli_errstr(cli));
+		result = EXIT_FAILED;
+	}
+
+	/* Clean up */
+
+	cli_close(cli, fnum);
+
+	return result;
+}
+
+
+/***************************************************** 
+return a connection to a server
+*******************************************************/
+struct cli_state *connect_one(char *share)
+{
+	struct cli_state *c;
+	struct nmb_name called, calling;
+	struct in_addr ip;
+	extern pstring global_myname;
+
+	fstrcpy(server,share+2);
+	share = strchr_m(server,'\\');
+	if (!share) return NULL;
+	*share = 0;
+	share++;
+
+        zero_ip(&ip);
+
+	make_nmb_name(&calling, global_myname, 0x0);
+	make_nmb_name(&called , server, 0x20);
+
+ again:
+        zero_ip(&ip);
+
+	/* have to open a new connection */
+	if (!(c=cli_initialise(NULL)) || !cli_connect(c, server, &ip)) {
+		DEBUG(0,("Connection to %s failed\n", server));
+		cli_shutdown(c);
+		return NULL;
+	}
+
+	if (!cli_session_request(c, &calling, &called)) {
+		DEBUG(0,("session request to %s failed\n", called.name));
+		cli_shutdown(c);
+		if (strcmp(called.name, "*SMBSERVER")) {
+			make_nmb_name(&called , "*SMBSERVER", 0x20);
+			goto again;
+		}
+		return NULL;
+	}
+
+	DEBUG(4,(" session request ok\n"));
+
+	if (!cli_negprot(c)) {
+		DEBUG(0,("protocol negotiation failed\n"));
+		cli_shutdown(c);
+		return NULL;
+	}
+
+	if (!got_pass) {
+		char *pass = getpass("Password: ");
+		if (pass) {
+			pstrcpy(password, pass);
+		}
+	}
+
+	if (!cli_session_setup(c, username, 
+			       password, strlen(password),
+			       password, strlen(password),
+			       lp_workgroup())) {
+		DEBUG(0,("session setup failed: %s\n", cli_errstr(c)));
+		cli_shutdown(c);
+		return NULL;
+	}
+
+	DEBUG(4,(" session setup ok\n"));
+
+	if (!cli_send_tconX(c, share, "?????",
+			    password, strlen(password)+1)) {
+		DEBUG(0,("tree connect failed: %s\n", cli_errstr(c)));
+		cli_shutdown(c);
+		return NULL;
+	}
+
+	DEBUG(4,(" tconx ok\n"));
+
+	return c;
+}
+
+
+static void usage(void)
+{
+	printf(
+"Usage: smbcacls //server1/share1 filename [options]\n\
+\n\
+\t-D <acls>               delete an acl\n\
+\t-M <acls>               modify an acl\n\
+\t-A <acls>               add an acl\n\
+\t-S <acls>               set acls\n\
+\t-C username             change ownership of a file\n\
+\t-G username             change group ownership of a file\n\
+\t-n                      don't resolve sids or masks to names\n\
+\t-h                      print help\n\
+\t-d debuglevel           set debug output level\n\
+\t-U username             user to autheticate as\n\
+\n\
+The username can be of the form username%%password or\n\
+workgroup\\username%%password.\n\n\
+An acl is of the form ACL:<SID>:type/flags/mask\n\
+You can string acls together with spaces, commas or newlines\n\
+");
+}
+
+/****************************************************************************
+  main program
+****************************************************************************/
+ int main(int argc,char *argv[])
+{
+	char *share;
+	pstring filename;
+	extern char *optarg;
+	extern int optind;
+	int opt;
+	char *p;
+	struct cli_state *cli=NULL;
+	enum acl_mode mode = SMB_ACL_SET;
+	char *the_acl = NULL;
+	enum chown_mode change_mode = REQUEST_NONE;
+	int result;
+
+	ctx=talloc_init();
+
+	setlinebuf(stdout);
+
+	dbf = x_stderr;
+
+	if (argc < 3 || argv[1][0] == '-') {
+		usage();
+		talloc_destroy(ctx);
+		exit(EXIT_PARSE_ERROR);
+	}
+
+	setup_logging(argv[0],True);
+
+	share = argv[1];
+	pstrcpy(filename, argv[2]);
+	all_string_sub(share,"/","\\",0);
+
+	argc -= 2;
+	argv += 2;
+
+	lp_load(dyn_CONFIGFILE,True,False,False);
+	load_interfaces();
+
+	if (getenv("USER")) {
+		pstrcpy(username,getenv("USER"));
+
+		if ((p=strchr_m(username,'%'))) {
+			*p = 0;
+			pstrcpy(password,p+1);
+			got_pass = True;
+			memset(strchr_m(getenv("USER"), '%') + 1, 'X',
+			       strlen(password));
+		}
+	}
+
+	while ((opt = getopt(argc, argv, "U:nhS:D:A:M:C:G:td:")) != EOF) {
+		switch (opt) {
+		case 'U':
+			pstrcpy(username,optarg);
+			p = strchr_m(username,'%');
+			if (p) {
+				*p = 0;
+				pstrcpy(password, p+1);
+				got_pass = 1;
+			}
+			break;
+
+		case 'S':
+			the_acl = optarg;
+			mode = SMB_ACL_SET;
+			break;
+
+		case 'D':
+			the_acl = optarg;
+			mode = SMB_ACL_DELETE;
+			break;
+
+		case 'M':
+			the_acl = optarg;
+			mode = SMB_ACL_MODIFY;
+			break;
+
+		case 'A':
+			the_acl = optarg;
+			mode = SMB_ACL_ADD;
+			break;
+
+		case 'C':
+			pstrcpy(owner_username,optarg);
+			change_mode = REQUEST_CHOWN;
+			break;
+
+		case 'G':
+			pstrcpy(owner_username,optarg);
+			change_mode = REQUEST_CHGRP;
+			break;
+
+		case 'n':
+			numeric = 1;
+			break;
+
+		case 't':
+			test_args = 1;
+			break;
+
+		case 'h':
+			usage();
+			talloc_destroy(ctx);
+			exit(EXIT_PARSE_ERROR);
+
+		case 'd':
+			DEBUGLEVEL = atoi(optarg);
+			break;
+
+		default:
+			printf("Unknown option %c (%d)\n", (char)opt, opt);
+			talloc_destroy(ctx);
+			exit(EXIT_PARSE_ERROR);
+		}
+	}
+
+	argc -= optind;
+	argv += optind;
+	
+	if (argc > 0) {
+		usage();
+		talloc_destroy(ctx);
+		exit(EXIT_PARSE_ERROR);
+	}
+
+	/* Make connection to server */
+
+	if (!test_args) {
+		cli = connect_one(share);
+		if (!cli) {
+			talloc_destroy(ctx);
+			exit(EXIT_FAILED);
+		}
+	}
+
+	all_string_sub(filename, "/", "\\", 0);
+	if (filename[0] != '\\') {
+		pstring s;
+		s[0] = '\\';
+		safe_strcpy(&s[1], filename, sizeof(pstring)-1);
+		pstrcpy(filename, s);
+	}
+
+	/* Perform requested action */
+
+	if (change_mode != REQUEST_NONE) {
+		result = owner_set(cli, change_mode, filename, owner_username);
+	} else if (the_acl) {
+		result = cacl_set(cli, filename, the_acl, mode);
+	} else {
+		result = cacl_dump(cli, filename);
+	}
+
+	talloc_destroy(ctx);
+
+	return result;
+}
diff --git a/source3/utils/smbcontrol.c b/source3/utils/smbcontrol.c
new file mode 100644
index 0000000000..d680fa4489
--- /dev/null
+++ b/source3/utils/smbcontrol.c
@@ -0,0 +1,509 @@
+/* 
+   Unix SMB/CIFS implementation.
+   program to send control messages to Samba processes
+   Copyright (C) Andrew Tridgell 1994-1998
+   Copyright (C) 2001, 2002 by Martin Pool
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+extern BOOL AllowDebugChange;
+
+static struct {
+	char *name;
+	int value;
+} msg_types[] = {
+	{"debug", MSG_DEBUG},
+	{"force-election", MSG_FORCE_ELECTION},
+	{"ping", MSG_PING},
+	{"profile", MSG_PROFILE},
+	{"profilelevel", MSG_REQ_PROFILELEVEL},
+	{"debuglevel", MSG_REQ_DEBUGLEVEL},
+	{"printer-notify", MSG_PRINTER_NOTIFY},
+	{"close-share", MSG_SMB_FORCE_TDIS},
+        {"samsync", MSG_SMB_SAM_SYNC},
+        {"samrepl", MSG_SMB_SAM_REPL},
+	{"pool-usage", MSG_REQ_POOL_USAGE },
+	{"dmalloc-mark", MSG_REQ_DMALLOC_MARK },
+	{"dmalloc-log-changed", MSG_REQ_DMALLOC_LOG_CHANGED },
+	{"shutdown", MSG_SHUTDOWN },
+	{NULL, -1}
+};
+
+time_t timeout_start;
+
+#define MAX_WAIT	10
+
+static void usage(BOOL doexit)
+{
+	int i;
+	if (doexit) {
+		printf("Usage: smbcontrol -i -s configfile\n");
+		printf("       smbcontrol <destination> <message-type> <parameters>\n\n");
+	} else {
+		printf("<destination> <message-type> <parameters>\n\n");
+	}
+	printf("\t<destination> is one of \"nmbd\", \"smbd\" or a process ID\n");
+	printf("\t<message-type> is one of: ");
+	for (i=0; msg_types[i].name; i++) 
+	    printf("%s%s", i?", ":"",msg_types[i].name);
+	printf("\n");
+	if (doexit) exit(1);
+}
+
+static int pong_count;
+static BOOL got_level;
+static BOOL pong_registered = False;
+static BOOL debuglevel_registered = False;
+static BOOL profilelevel_registered = False;
+
+
+/**
+ * Wait for replies for up to @p *max_secs seconds, or until @p
+ * max_replies are received.  max_replies may be NULL in which case it
+ * is ignored.
+ *
+ * @note This is a pretty lame timeout; all it means is that after
+ * max_secs we won't look for any more messages.
+ **/
+static void wait_for_replies(int max_secs, int *max_replies)
+{
+	time_t timeout_end = time(NULL) + max_secs;
+
+	while ((!max_replies || (*max_replies)-- > 0)
+	       &&  (time(NULL) < timeout_end)) {
+		message_dispatch();
+	}
+}
+
+
+/****************************************************************************
+a useful function for testing the message system
+****************************************************************************/
+void pong_function(int msg_type, pid_t src, void *buf, size_t len)
+{
+	pong_count++;
+	printf("PONG from PID %u\n",(unsigned int)src);
+}
+
+/****************************************************************************
+Prints out the current Debug level returned by MSG_DEBUGLEVEL
+****************************************************************************/
+void debuglevel_function(int msg_type, pid_t src, void *buf, size_t len)
+{
+	int i;
+	int debuglevel_class[DBGC_LAST];
+
+	memcpy(debuglevel_class, buf, len);
+
+	printf("Current debug level of PID %u is %d ",(unsigned int)src, debuglevel_class[0]);
+	for (i=1;i<DBGC_LAST;i++)
+		if (debuglevel_class[i])
+			printf("%s:%d ", debug_classname_from_index(i), debuglevel_class[i]);
+	printf("\n");
+
+	got_level = True;
+}
+
+/****************************************************************************
+Prints out the current Profile level returned by MSG_PROFILELEVEL
+****************************************************************************/
+void profilelevel_function(int msg_type, pid_t src, void *buf, size_t len)
+{
+        int level;
+	char *s=NULL;
+        memcpy(&level, buf, sizeof(int));
+
+	if (level) {
+	    switch (level) {
+	    case 1:
+		s = "off";
+		break;
+	    case 3:
+		s = "count only";
+		break;
+	    case 7:
+		s = "count and time";
+		break;
+	    default:
+		    s = "BOGUS";
+		    break;
+	    }
+	    printf("Profiling %s on PID %u\n",s,(unsigned int)src);
+	} else {
+	    printf("Profiling not available on PID %u\n",(unsigned int)src);
+	}
+	got_level = True;
+}
+
+/**
+ * Handle reply from POOL_USAGE.
+ **/
+static void pool_usage_cb(int msg_type, pid_t src_pid, void *buf, size_t len)
+{
+	printf("Got POOL_USAGE reply from pid%u:\n%.*s",
+	       (unsigned int) src_pid, (int) len, (const char *) buf);
+}
+
+
+/**
+ * Send a message to a named destination
+ *
+ * @return False if an error occurred.
+ **/
+static BOOL send_message(char *dest, int msg_type, void *buf, int len, BOOL duplicates)
+{
+	pid_t pid;
+	/* "smbd" is the only broadcast operation */
+	if (strequal(dest,"smbd")) {
+		TDB_CONTEXT *tdb;
+		BOOL ret;
+		int n_sent = 0;
+
+		tdb = tdb_open_log(lock_path("connections.tdb"), 0, TDB_DEFAULT, O_RDWR, 0);
+		if (!tdb) {
+			fprintf(stderr,"Failed to open connections database in send_message.\n");
+			return False;
+		}
+
+		ret = message_send_all(tdb,msg_type, buf, len, duplicates,
+				       &n_sent);
+		DEBUG(10,("smbcontrol/send_message: broadcast message to "
+			  "%d processes\n", n_sent));
+		tdb_close(tdb);
+
+		return ret;
+	} else if (strequal(dest,"nmbd")) {
+		pid = pidfile_pid(dest);
+		if (pid == 0) {
+			fprintf(stderr,"Can't find pid for nmbd\n");
+			return False;
+		}
+	} else if (strequal(dest,"self")) {
+		pid = sys_getpid();
+	} else {
+		pid = atoi(dest);
+		if (pid == 0) {
+			fprintf(stderr,"Not a valid pid\n");
+			return False;
+		}		
+	} 
+
+	DEBUG(10,("smbcontrol/send_message: send message to pid%d\n", pid));
+	return message_send_pid(pid, msg_type, buf, len, duplicates);
+}
+
+/****************************************************************************
+evaluate a message type string
+****************************************************************************/
+static int parse_type(char *mtype)
+{
+	int i;
+	for (i=0;msg_types[i].name;i++) {
+		if (strequal(mtype, msg_types[i].name)) return msg_types[i].value;
+	}
+	return -1;
+}
+
+
+static void register_all(void)
+{
+	message_register(MSG_POOL_USAGE, pool_usage_cb);
+}
+
+
+/****************************************************************************
+do command
+****************************************************************************/
+static BOOL do_command(char *dest, char *msg_name, int iparams, char **params)
+{
+	int i, n, v;
+	int mtype;
+	BOOL retval=False;
+
+	mtype = parse_type(msg_name);
+	if (mtype == -1) {
+		fprintf(stderr,"Couldn't resolve message type: %s\n", msg_name);
+		return(False);
+	}
+
+	switch (mtype) {
+	case MSG_DEBUG: {
+		struct debuglevel_message dm;
+
+		if (!params || !params[0]) {
+			fprintf(stderr,"MSG_DEBUG needs a parameter\n");
+			return(False);
+		}
+
+		ZERO_STRUCT(dm);
+		if (!debug_parse_params(params, dm.debuglevel_class, dm.debuglevel_class_isset)) {
+			fprintf(stderr, "MSG_DEBUG error. Expected <class name>:level\n");
+			return(False);
+		} else
+			send_message(dest, MSG_DEBUG, &dm, sizeof(dm), False);
+		break;
+	}
+
+	case MSG_PROFILE:
+		if (!params || !params[0]) {
+			fprintf(stderr,"MSG_PROFILE needs a parameter\n");
+			return(False);
+		}
+		if (strequal(params[0], "off")) {
+			v = 0;
+		} else if (strequal(params[0], "count")) {
+			v = 1;
+		} else if (strequal(params[0], "on")) {
+			v = 2;
+		} else if (strequal(params[0], "flush")) {
+			v = 3;
+		} else {
+		    fprintf(stderr,
+			"MSG_PROFILE parameter must be off, count, on, or flush\n");
+		    return(False);
+		}
+		send_message(dest, MSG_PROFILE, &v, sizeof(int), False);
+		break;
+
+	case MSG_FORCE_ELECTION:
+		if (!strequal(dest, "nmbd")) {
+			fprintf(stderr,"force-election can only be sent to nmbd\n");
+			return(False);
+		}
+		send_message(dest, MSG_FORCE_ELECTION, NULL, 0, False);
+		break;
+
+	case MSG_REQ_PROFILELEVEL:
+		if (!profilelevel_registered) {
+		    message_register(MSG_PROFILELEVEL, profilelevel_function);
+		    profilelevel_registered = True;
+		}
+		got_level = False;
+		retval = send_message(dest, MSG_REQ_PROFILELEVEL, NULL, 0, True);
+		if (retval) {
+			timeout_start = time(NULL);
+			while (!got_level) {
+				message_dispatch();
+				if ((time(NULL) - timeout_start) > MAX_WAIT) {
+					fprintf(stderr,"profilelevel timeout\n");
+					break;
+				}
+			}
+		}
+		break;
+
+	case MSG_REQ_DEBUGLEVEL:
+		if (!debuglevel_registered) {
+		    message_register(MSG_DEBUGLEVEL, debuglevel_function);
+		    debuglevel_registered = True;
+		}
+		got_level = False;
+		retval = send_message(dest, MSG_REQ_DEBUGLEVEL, NULL, 0, True);
+		if (retval) {
+			timeout_start = time(NULL);
+			while (!got_level) {
+				message_dispatch();
+				if ((time(NULL) - timeout_start) > MAX_WAIT) {
+					fprintf(stderr,"debuglevel timeout\n");
+					break;
+				}
+			}
+		}
+		break;
+
+	case MSG_PRINTER_NOTIFY:
+		if (!strequal(dest, "smbd")) {
+			fprintf(stderr,"printer-notify can only be sent to smbd\n");
+			return(False);
+		}
+		if (!params || !params[0]) {
+			fprintf(stderr, "printer-notify needs a printer name\n");
+			return (False);
+		}
+		{
+			char msg[8 + sizeof(fstring)];
+			SIVAL(msg,0,PRINTER_CHANGE_ALL);
+			SIVAL(msg,4,0);
+			fstrcpy(&msg[8], params[0]);
+
+			retval = send_message(dest, MSG_PRINTER_NOTIFY, msg, 8 + strlen(params[0]) + 1, False);
+		}
+		break;
+
+	case MSG_SMB_FORCE_TDIS:
+		if (!strequal(dest, "smbd")) {
+			fprintf(stderr,"close-share can only be sent to smbd\n");
+			return(False);
+		}
+		if (!params || !params[0]) {
+			fprintf(stderr, "close-share needs a share name or '*'\n");
+			return (False);
+		}
+		retval = send_message(dest, MSG_SMB_FORCE_TDIS, params[0],
+				      strlen(params[0]) + 1, False);
+		break;
+
+        case MSG_SMB_SAM_SYNC:
+                if (!strequal(dest, "smbd")) {
+                        fprintf(stderr, "samsync can only be sent to smbd\n");
+                        return False;
+                }
+
+                if (params) {
+                        fprintf(stderr, "samsync does not take any parameters\n");
+                        return False;
+                }
+
+                retval = send_message(dest, MSG_SMB_SAM_SYNC, NULL, 0, False);
+
+                break;
+
+        case MSG_SMB_SAM_REPL: {
+                uint32 seqnum;
+
+                if (!strequal(dest, "smbd")) {
+                        fprintf(stderr, "sam repl can only be sent to smbd\n");
+                        return False;
+                }
+
+                if (!params || !params[0]) {
+                        fprintf(stderr, "SAM_REPL needs a parameter\n");
+                        return False;
+                }
+
+                seqnum = atoi(params[0]);
+
+                retval = send_message(dest, MSG_SMB_SAM_SYNC, 
+                                      (char *)&seqnum, sizeof(uint32), False); 
+
+                break;
+        }
+
+	case MSG_PING:
+		if (!pong_registered) {
+		    message_register(MSG_PONG, pong_function);
+		    pong_registered = True;
+		}
+		if (!params || !params[0]) {
+			fprintf(stderr,"MSG_PING needs a parameter\n");
+			return(False);
+		}
+		n = atoi(params[0]);
+		pong_count = 0;
+		for (i=0;i<n;i++) {
+			if (iparams > 1)
+				retval = send_message(dest, MSG_PING, params[1], strlen(params[1]) + 1, True);
+			else
+				retval = send_message(dest, MSG_PING, NULL, 0, True);
+			if (retval == False)
+				return False;
+		}
+		wait_for_replies(MAX_WAIT, &n);
+		if (n > 0) {
+			fprintf(stderr,"PING timeout\n");
+		}
+		break;
+
+	case MSG_REQ_POOL_USAGE:
+		if (!send_message(dest, MSG_REQ_POOL_USAGE, NULL, 0, True))
+			return False;
+		wait_for_replies(MAX_WAIT, NULL);
+		
+		break;
+
+	case MSG_REQ_DMALLOC_LOG_CHANGED:
+	case MSG_REQ_DMALLOC_MARK:
+		if (!send_message(dest, mtype, NULL, 0, False))
+			return False;
+		break;
+
+	case MSG_SHUTDOWN:
+		if (!send_message(dest, MSG_SHUTDOWN, NULL, 0, False))
+			return False;
+		break;
+	}
+
+	return (True);
+}
+
+ int main(int argc, char *argv[])
+{
+	int opt;
+	char temp[255];
+	extern int optind;
+	BOOL interactive = False;
+
+	AllowDebugChange = False;
+	DEBUGLEVEL = 0;
+
+	setup_logging(argv[0],True);
+	
+	if (argc < 2) usage(True);
+
+	while ((opt = getopt(argc, argv,"is:")) != EOF) {
+		switch (opt) {
+		case 'i':
+			interactive = True;
+			break;
+		case 's':
+			pstrcpy(dyn_CONFIGFILE, optarg);
+			break;
+		default:
+			printf("Unknown option %c (%d)\n", (char)opt, opt);
+			usage(True);
+		}
+	}
+
+	lp_load(dyn_CONFIGFILE,False,False,False);
+
+	if (!message_init()) exit(1);
+
+	argc -= optind;
+	argv = &argv[optind];
+
+	register_all();
+
+	if (!interactive) {
+		if (argc < 2) usage(True);
+		/* Need to invert sense of return code -- samba
+		 * routines mostly return True==1 for success, but
+		 * shell needs 0. */ 
+		return ! do_command(argv[0],argv[1], argc-2, argc > 2 ? &argv[2] : 0);
+	}
+
+	while (True) {
+		char *myargv[4];
+		int myargc;
+
+		printf("smbcontrol> ");
+		if (!fgets(temp, sizeof(temp)-1, stdin)) break;
+		myargc = 0;
+		while ((myargc < 4) && 
+		       (myargv[myargc] = strtok(myargc?NULL:temp," \t\n"))) {
+			myargc++;
+		}
+		if (!myargc) break;
+		if (strequal(myargv[0],"q")) break;
+		if (myargc < 2)
+			usage(False);
+		else if (!do_command(myargv[0],myargv[1],myargc-2,myargc > 2 ? &myargv[2] : 0))
+			usage(False);
+	}
+	return(0);
+}
+
diff --git a/source3/utils/smbfilter.c b/source3/utils/smbfilter.c
new file mode 100644
index 0000000000..5a2d394706
--- /dev/null
+++ b/source3/utils/smbfilter.c
@@ -0,0 +1,246 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SMB filter/socket plugin
+   Copyright (C) Andrew Tridgell 1999
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "smb.h"
+
+#define SECURITY_MASK 0
+#define SECURITY_SET  0
+
+/* this forces non-unicode */
+#define CAPABILITY_MASK 0
+#define CAPABILITY_SET  0
+
+/* and non-unicode for the client too */
+#define CLI_CAPABILITY_MASK 0
+#define CLI_CAPABILITY_SET  0
+
+static char *netbiosname;
+static char packet[BUFFER_SIZE];
+
+static void save_file(const char *fname, void *packet, size_t length)
+{
+	int fd;
+	fd = open(fname, O_WRONLY|O_CREAT|O_TRUNC, 0644);
+	if (fd == -1) {
+		perror(fname);
+		return;
+	}
+	if (write(fd, packet, length) != length) {
+		fprintf(stderr,"Failed to write %s\n", fname);
+		return;
+	}
+	close(fd);
+	printf("Wrote %d bytes to %s\n", length, fname);
+}
+
+static void filter_reply(char *buf)
+{
+	int msg_type = CVAL(buf,0);
+	int type = CVAL(buf,smb_com);
+	unsigned x;
+
+	if (msg_type) return;
+
+	switch (type) {
+
+	case SMBnegprot:
+		/* force the security bits */
+		x = CVAL(buf, smb_vwv1);
+		x = (x | SECURITY_SET) & ~SECURITY_MASK;
+		SCVAL(buf, smb_vwv1, x);
+
+		/* force the capabilities */
+		x = IVAL(buf,smb_vwv9+1);
+		x = (x | CAPABILITY_SET) & ~CAPABILITY_MASK;
+		SIVAL(buf, smb_vwv9+1, x);
+		break;
+
+	}
+}
+
+static void filter_request(char *buf)
+{
+	int msg_type = CVAL(buf,0);
+	int type = CVAL(buf,smb_com);
+	pstring name1,name2;
+	unsigned x;
+
+	if (msg_type) {
+		/* it's a netbios special */
+		switch (msg_type) {
+		case 0x81:
+			/* session request */
+			name_extract(buf,4,name1);
+			name_extract(buf,4 + name_len(buf + 4),name2);
+			d_printf("sesion_request: %s -> %s\n",
+				 name1, name2);
+			if (netbiosname) {
+				/* replace the destination netbios name */
+				name_mangle(netbiosname, buf+4, 0x20);
+			}
+		}
+		return;
+	}
+
+	/* it's an ordinary SMB request */
+	switch (type) {
+	case SMBsesssetupX:
+		/* force the client capabilities */
+		x = IVAL(buf,smb_vwv11);
+		d_printf("SMBsesssetupX cap=0x%08x\n", x);
+		d_printf("pwlen=%d/%d\n", SVAL(buf, smb_vwv7), SVAL(buf, smb_vwv8));
+		system("mv sessionsetup.dat sessionsetup1.dat");
+		save_file("sessionsetup.dat", smb_buf(buf), SVAL(buf, smb_vwv7));
+		x = (x | CLI_CAPABILITY_SET) & ~CLI_CAPABILITY_MASK;
+		SIVAL(buf, smb_vwv11, x);
+		break;
+	}
+
+}
+
+
+static void filter_child(int c, struct in_addr dest_ip)
+{
+	int s;
+
+	/* we have a connection from a new client, now connect to the server */
+	s = open_socket_out(SOCK_STREAM, &dest_ip, 445, LONG_CONNECT_TIMEOUT);
+
+	if (s == -1) {
+		d_printf("Unable to connect to %s\n", inet_ntoa(dest_ip));
+		exit(1);
+	}
+
+	while (c != -1 || s != -1) {
+		fd_set fds;
+		int num;
+		
+		FD_ZERO(&fds);
+		if (s != -1) FD_SET(s, &fds);
+		if (c != -1) FD_SET(c, &fds);
+
+		num = sys_select_intr(MAX(s+1, c+1),&fds,NULL,NULL,NULL);
+		if (num <= 0) continue;
+		
+		if (c != -1 && FD_ISSET(c, &fds)) {
+			if (!receive_smb(c, packet, 0)) {
+				d_printf("client closed connection\n");
+				exit(0);
+			}
+			filter_request(packet);
+			if (!send_smb(s, packet)) {
+				d_printf("server is dead\n");
+				exit(1);
+			}			
+		}
+		if (s != -1 && FD_ISSET(s, &fds)) {
+			if (!receive_smb(s, packet, 0)) {
+				d_printf("server closed connection\n");
+				exit(0);
+			}
+			filter_reply(packet);
+			if (!send_smb(c, packet)) {
+				d_printf("client is dead\n");
+				exit(1);
+			}			
+		}
+	}
+	d_printf("Connection closed\n");
+	exit(0);
+}
+
+
+static void start_filter(char *desthost)
+{
+	int s, c;
+	struct in_addr dest_ip;
+
+	CatchChild();
+
+	/* start listening on port 445 locally */
+	s = open_socket_in(SOCK_STREAM, 445, 0, 0, True);
+	
+	if (s == -1) {
+		d_printf("bind failed\n");
+		exit(1);
+	}
+
+	if (listen(s, 5) == -1) {
+		d_printf("listen failed\n");
+	}
+
+	if (!resolve_name(desthost, &dest_ip, 0x20)) {
+		d_printf("Unable to resolve host %s\n", desthost);
+		exit(1);
+	}
+
+	while (1) {
+		fd_set fds;
+		int num;
+		struct sockaddr addr;
+		socklen_t in_addrlen = sizeof(addr);
+		
+		FD_ZERO(&fds);
+		FD_SET(s, &fds);
+
+		num = sys_select_intr(s+1,&fds,NULL,NULL,NULL);
+		if (num > 0) {
+			c = accept(s, &addr, &in_addrlen);
+			if (c != -1) {
+				if (fork() == 0) {
+					close(s);
+					filter_child(c, dest_ip);
+					exit(0);
+				} else {
+					close(c);
+				}
+			}
+		}
+	}
+}
+
+
+int main(int argc, char *argv[])
+{
+	char *desthost;
+	pstring configfile;
+
+	setup_logging(argv[0],True);
+  
+	pstrcpy(configfile,dyn_CONFIGFILE);
+ 
+	if (argc < 2) {
+		fprintf(stderr,"smbfilter <desthost> <netbiosname>\n");
+		exit(1);
+	}
+
+	desthost = argv[1];
+	if (argc > 2) {
+		netbiosname = argv[2];
+	}
+
+	if (!lp_load(configfile,True,False,False)) {
+		d_printf("Unable to load config file\n");
+	}
+
+	start_filter(desthost);
+	return 0;
+}
diff --git a/source3/utils/smbgroupedit.c b/source3/utils/smbgroupedit.c
new file mode 100644
index 0000000000..cfa0dd8af9
--- /dev/null
+++ b/source3/utils/smbgroupedit.c
@@ -0,0 +1,397 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell              1992-2000,
+ *  Copyright (C) Jean François Micouleau      1998-2001.
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+extern pstring global_myname;
+extern DOM_SID global_sam_sid;
+
+/*
+ * Next two lines needed for SunOS and don't
+ * hurt anything else...
+ */
+extern char *optarg;
+extern int optind;
+
+/*********************************************************
+ Print command usage on stderr and die.
+**********************************************************/
+static void usage(void)
+{
+	if (getuid() == 0) {
+		printf("smbgroupedit options\n");
+	} else {
+		printf("You need to be root to use this tool!\n");
+	}
+	printf("options:\n");
+	printf("  -a group             create new group\n");
+	printf("    -n group           NT group name\n");
+	printf("    -p privilege       only local\n");
+	printf("  -v                   list groups\n");
+	printf("    -l                 long list (include details)\n");
+	printf("    -s                 short list (default)\n");
+	printf("  -c SID               change group\n");
+	printf("     -u unix group\n");
+	printf("  -x group             delete this group\n");
+	printf("\n");
+	printf("    -t[b|d|l]          type: builtin, domain, local \n");
+	exit(1);
+}
+
+/*********************************************************
+ Figure out if the input was an NT group or a SID string.  
+ Return the SID.
+**********************************************************/
+static BOOL get_sid_from_input(DOM_SID *sid, char *input) 
+{
+	GROUP_MAP map;
+	
+	if (StrnCaseCmp( input, "S-", 2)) {
+		/* Perhaps its the NT group name? */
+		if (!get_group_map_from_ntname(input, &map, MAPPING_WITHOUT_PRIV)) {
+			printf("NT Group %s doesn't exist in mapping DB\n", input);
+			return False;
+		} else {
+			*sid = map.sid;
+		}
+	} else {
+		if (!string_to_sid(sid, input)) {
+			printf("converting sid %s from a string failed!\n", input);
+			return False;
+		}
+	}
+	return True;
+}
+
+/*********************************************************
+ add a group.
+**********************************************************/
+static int addgroup(char *group, enum SID_NAME_USE sid_type, char *ntgroup, char *ntcomment, char *privilege)
+{
+	PRIVILEGE_SET se_priv;
+	gid_t gid;
+	DOM_SID sid;
+	fstring string_sid;
+	fstring name, comment;
+
+	gid=nametogid(group);
+	if (gid==-1) {
+		printf("unix group %s doesn't exist!\n", group);
+		return -1;
+	}
+
+	local_gid_to_sid(&sid, gid);
+
+	sid_to_string(string_sid, &sid);
+	
+	if (ntgroup==NULL)
+		fstrcpy(name, group);
+	else
+		fstrcpy(name, ntgroup);
+	
+	if (ntcomment==NULL)
+		fstrcpy(comment, "Local Unix group");
+	else
+		fstrcpy(comment, ntcomment);
+
+	init_privilege(&se_priv);
+	if (privilege!=NULL)
+		convert_priv_from_text(&se_priv, privilege);
+
+	if(!add_initial_entry(gid, string_sid, sid_type, name, comment, se_priv, PR_ACCESS_FROM_NETWORK)) {
+		printf("adding entry for group %s failed!\n", group);
+		free_privilege(&se_priv);
+		return -1;
+	}
+
+	free_privilege(&se_priv);
+	return 0;
+}
+
+/*********************************************************
+ Change a group.
+**********************************************************/
+static int changegroup(char *sid_string, char *group, enum SID_NAME_USE sid_type, char *ntgroup, char *groupdesc, char *privilege)
+{
+	DOM_SID sid;
+	GROUP_MAP map;
+	gid_t gid;
+
+	if (!get_sid_from_input(&sid, sid_string)) {
+		return -1;
+	}
+
+	/* Get the current mapping from the database */
+	if(!get_group_map_from_sid(sid, &map, MAPPING_WITH_PRIV)) {
+		printf("This SID does not exist in the database\n");
+		return -1;
+	}
+
+	/* If a new Unix group is specified, check and change */
+	if (group!=NULL) {
+		gid=nametogid(group);
+		if (gid==-1) {
+			printf("The UNIX group does not exist\n");
+			return -1;
+		} else
+			map.gid=gid;
+	}
+	
+	/*
+	 * Allow changing of group type only between domain and local
+	 * We disallow changing Builtin groups !!! (SID problem)
+	 */ 
+	if (sid_type==SID_NAME_ALIAS 
+	    || sid_type==SID_NAME_DOM_GRP 
+	    || sid_type==SID_NAME_UNKNOWN) {
+		if (map.sid_name_use==SID_NAME_ALIAS 
+		    || map.sid_name_use==SID_NAME_DOM_GRP
+		    || map.sid_name_use==SID_NAME_UNKNOWN) {
+			map.sid_name_use=sid_type;
+		} else {
+			printf("cannot change group type to builtin\n");
+		};
+	} else {
+		printf("cannot change group type from builtin\n");
+	}
+
+	if (ntgroup!=NULL)
+		fstrcpy(map.nt_name, ntgroup);
+
+	/* Change comment if new one */
+	if (groupdesc!=NULL)
+		fstrcpy(map.comment, groupdesc);
+
+	/* Change the privilege if new one */
+	if (privilege!=NULL)
+		convert_priv_from_text(&map.priv_set, privilege);
+
+	if (!add_mapping_entry(&map, TDB_REPLACE)) {
+		printf("Count not update group database\n");
+		free_privilege(&map.priv_set);
+		return -1;
+	}
+	
+	free_privilege(&map.priv_set);
+	return 0;
+}
+
+/*********************************************************
+ Delete the group.
+**********************************************************/
+static int deletegroup(char *group)
+{
+	DOM_SID sid;
+
+	if (!get_sid_from_input(&sid, group)) {
+		return -1;
+	}
+
+	if(!group_map_remove(sid)) {
+		printf("removing group %s from the mapping db failed!\n", group);
+		return -1;
+	}
+
+	return 0;
+}
+
+/*********************************************************
+ List the groups.
+**********************************************************/
+static int listgroup(enum SID_NAME_USE sid_type, BOOL long_list)
+{
+	int entries,i;
+	GROUP_MAP *map=NULL;
+	fstring string_sid;
+	fstring group_type;
+	fstring priv_text;
+
+	if (!long_list)
+		printf("NT group (SID) -> Unix group\n");
+		
+	if (!enum_group_mapping(sid_type, &map, &entries, ENUM_ALL_MAPPED, MAPPING_WITH_PRIV))
+		return -1;
+	
+	for (i=0; i<entries; i++) {
+		decode_sid_name_use(group_type, (map[i]).sid_name_use);
+		sid_to_string(string_sid, &map[i].sid);
+		convert_priv_to_text(&(map[i].priv_set), priv_text);
+		free_privilege(&(map[i].priv_set));
+		
+		if (!long_list)
+			printf("%s (%s) -> %s\n", map[i].nt_name, string_sid, gidtoname(map[i].gid));
+		else {
+			printf("%s\n", map[i].nt_name);
+			printf("\tSID       : %s\n", string_sid);
+			printf("\tUnix group: %s\n", gidtoname(map[i].gid));
+			printf("\tGroup type: %s\n", group_type);
+			printf("\tComment   : %s\n", map[i].comment);
+			printf("\tPrivilege : %s\n\n", priv_text);
+		}
+	}
+
+	return 0;
+}
+
+/*********************************************************
+ Start here.
+**********************************************************/
+int main (int argc, char **argv)
+{
+	int ch;
+	BOOL add_group = False;
+	BOOL view_group = False;
+	BOOL change_group = False;
+	BOOL delete_group = False;
+	BOOL nt_group = False;
+	BOOL priv = False;
+	BOOL group_type = False;
+	BOOL long_list = False;
+
+	char *group = NULL;
+	char *sid = NULL;
+	char *ntgroup = NULL;
+	char *privilege = NULL;
+	char *groupt = NULL;
+	char *group_desc = NULL;
+
+	enum SID_NAME_USE sid_type;
+
+	setup_logging("groupedit", True);
+
+	if (argc < 2) {
+		usage();
+		return 0;
+	}
+	
+	if (!lp_load(dyn_CONFIGFILE,True,False,False)) {
+		fprintf(stderr, "Can't load %s - run testparm to debug it\n", 
+			dyn_CONFIGFILE);
+		exit(1);
+	}
+	
+	if(!initialize_password_db(True)) {
+		fprintf(stderr, "Can't setup password database vectors.\n");
+		exit(1);
+	}
+	
+	if(pdb_generate_sam_sid()==False) {
+		printf("Can not read machine SID\n");
+		return 0;
+	}
+
+	while ((ch = getopt(argc, argv, "a:c:d:ln:p:st:u:vx:")) != EOF) {
+		switch(ch) {
+		case 'a':
+			add_group = True;
+			group=optarg;
+			break;
+		case 'c':
+			change_group = True;
+			sid=optarg;
+			break;
+		case 'd':
+			group_desc=optarg;
+			break;
+		case 'l':
+			long_list = True;
+			break;
+		case 'n':
+			nt_group = True;
+			ntgroup=optarg;
+			break;
+		case 'p':
+			priv = True;
+			privilege=optarg;
+			break;
+		case 's':
+			long_list = False;
+			break;
+		case 't':
+			group_type = True;
+			groupt=optarg;
+			break;
+		case 'u':
+			group=optarg;
+			break;
+		case 'v':
+			view_group = True;
+			break;
+		case 'x':
+			delete_group = True;
+			group=optarg;
+			break;
+		/*default:
+			usage();*/
+		}
+	}
+	
+	
+	if (((add_group?1:0) + (view_group?1:0) + (change_group?1:0) + (delete_group?1:0)) > 1) {
+		fprintf (stderr, "Incompatible options on command line!\n");
+		usage();
+		exit(1);
+	}
+
+	/* no option on command line -> list groups */	
+	if (((add_group?1:0) + (view_group?1:0) + (change_group?1:0) + (delete_group?1:0)) == 0)
+		view_group = True;
+
+	
+	if (group_type==False)
+		sid_type=SID_NAME_UNKNOWN;
+	else {
+		switch (groupt[0]) {
+			case 'l':
+			case 'L':
+				sid_type=SID_NAME_ALIAS;
+				break;
+			case 'd':
+			case 'D':
+				sid_type=SID_NAME_DOM_GRP;
+				break;
+			case 'b':
+			case 'B':
+				sid_type=SID_NAME_WKN_GRP;
+				break;
+			default:
+				sid_type=SID_NAME_UNKNOWN;
+				break;
+		}
+	}
+
+	if (add_group)
+		return addgroup(group, sid_type, ntgroup, group_desc, privilege);
+
+	if (view_group)
+		return listgroup(sid_type, long_list);
+
+	if (delete_group)
+		return deletegroup(group);
+	
+	if (change_group) {		
+		return changegroup(sid, group, sid_type, ntgroup, group_desc, privilege);
+	}
+	
+	usage();
+
+	return 0;
+}
diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
index 167eb2ed5f..a96fad0cdb 100644
--- a/source3/utils/smbpasswd.c
+++ b/source3/utils/smbpasswd.c
@@ -1,13 +1,12 @@
-#ifdef SMB_PASSWD
-
 /*
- * Unix SMB/Netbios implementation. Version 1.9. smbpasswd module. Copyright
- * (C) Jeremy Allison 1995.
+ * Unix SMB/CIFS implementation. 
+ * Copyright (C) Jeremy Allison 1995-1998
+ * Copyright (C) Tim Potter     2001
  * 
- * This program is free software; you can redistribute it and/or modify it under
- * the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.
  * 
  * This program is distributed in the hope that it will be useful, but WITHOUT
  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
@@ -16,441 +15,603 @@
  * 
  * You should have received a copy of the GNU General Public License along with
  * this program; if not, write to the Free Software Foundation, Inc., 675
- * Mass Ave, Cambridge, MA 02139, USA.
- */
+ * Mass Ave, Cambridge, MA 02139, USA.  */
 
 #include "includes.h"
-#include "des.h"
 
-/* Static buffers we will return. */
-static struct smb_passwd pw_buf;
-static pstring  user_name;
-static unsigned char smbpwd[16];
-static unsigned char smbntpwd[16];
+extern pstring global_myname;
+extern BOOL AllowDebugChange;
+
+/*
+ * Next two lines needed for SunOS and don't
+ * hurt anything else...
+ */
+extern char *optarg;
+extern int optind;
+
+/* forced running in root-mode */
+static BOOL local_mode;
+static BOOL got_pass = False, got_username = False;
+static int local_flags = 0;
+static BOOL stdin_passwd_get = False;
+static fstring user_name, user_password;
+static char *new_domain = NULL;
+static char *new_passwd = NULL;
+static char *old_passwd = NULL;
+static char *remote_machine = NULL;
+static pstring configfile;
+
+#ifdef WITH_LDAP_SAM
+static fstring ldap_secret;
+#endif
+
+/*********************************************************
+ Print command usage on stderr and die.
+**********************************************************/
+static void usage(void)
+{
+	printf("When run by root:\n");
+	printf("    smbpasswd [options] [username] [password]\n");
+	printf("otherwise:\n");
+	printf("    smbpasswd [options] [password]\n\n");
+
+	printf("options:\n");
+	printf("  -L                   local mode (must be first option)\n");
+	printf("  -h                   print this usage message\n");
+	printf("  -s                   use stdin for password prompt\n");
+	printf("  -c smb.conf file     Use the given path to the smb.conf file\n");
+	printf("  -D LEVEL             debug level\n");
+	printf("  -r MACHINE           remote machine\n");
+	printf("  -U USER              remote username\n");
+
+	printf("extra options when run by root or in local mode:\n");
+	printf("  -a                   add user\n");
+	printf("  -d                   disable user\n");
+	printf("  -e                   enable user\n");
+	printf("  -i                   interdomain trust account\n");
+	printf("  -m                   machine trust account\n");
+	printf("  -n                   set no password\n");
+#ifdef WITH_LDAP_SAM
+	printf("  -w                   ldap admin password\n");
+#endif
+	printf("  -x                   delete user\n");
+	printf("  -R ORDER             name resolve order\n");
+
+	exit(1);
+}
+
+static void set_line_buffering(FILE *f)
+{
+	setvbuf(f, NULL, _IOLBF, 0);
+}
 
-static int gethexpwd(char *p, char *pwd)
+/*******************************************************************
+ Process command line options
+ ******************************************************************/
+static void process_options(int argc, char **argv, BOOL amroot)
 {
-	int i;
-	unsigned char   lonybble, hinybble;
-	char           *hexchars = "0123456789ABCDEF";
-	char           *p1, *p2;
-	for (i = 0; i < 32; i += 2) {
-		hinybble = toupper(p[i]);
-		lonybble = toupper(p[i + 1]);
-
-		p1 = strchr(hexchars, hinybble);
-		p2 = strchr(hexchars, lonybble);
-		if (!p1 || !p2)
-			return (False);
-
-		hinybble = PTR_DIFF(p1, hexchars);
-		lonybble = PTR_DIFF(p2, hexchars);
-
-		pwd[i / 2] = (hinybble << 4) | lonybble;
+	int ch;
+
+	if (amroot)
+		local_flags = LOCAL_SET_PASSWORD;
+
+	ZERO_STRUCT(user_name);
+	ZERO_STRUCT(user_password);
+
+	user_name[0] = '\0';
+
+	while ((ch = getopt(argc, argv, "c:axdehmnj:r:sw:R:D:U:L")) != EOF) {
+		switch(ch) {
+		case 'L':
+			local_mode = amroot = True;
+			local_flags = LOCAL_SET_PASSWORD;
+			break;
+		case 'c':
+			pstrcpy(configfile,optarg);
+			break;
+		case 'a':
+			if (!amroot) goto bad_args;
+			local_flags |= LOCAL_ADD_USER;
+			break;
+		case 'x':
+			if (!amroot) goto bad_args;
+			local_flags |= LOCAL_DELETE_USER;
+			local_flags &= ~LOCAL_SET_PASSWORD;
+			break;
+		case 'd':
+			if (!amroot) goto bad_args;
+			local_flags |= LOCAL_DISABLE_USER;
+			local_flags &= ~LOCAL_SET_PASSWORD;
+			break;
+		case 'e':
+			if (!amroot) goto bad_args;
+			local_flags |= LOCAL_ENABLE_USER;
+			local_flags &= ~LOCAL_SET_PASSWORD;
+			break;
+		case 'm':
+			if (!amroot) goto bad_args;
+			local_flags |= LOCAL_TRUST_ACCOUNT;
+			break;
+		case 'i':
+			if (!amroot) goto bad_args;
+			local_flags |= LOCAL_INTERDOM_ACCOUNT;
+			break;
+		case 'j':
+			if (!amroot) goto bad_args;
+			d_printf("See 'net rpc join' for this functionality\n");
+			exit(1);
+			break;
+		case 'n':
+			if (!amroot) goto bad_args;
+			local_flags |= LOCAL_SET_NO_PASSWORD;
+			new_passwd = smb_xstrdup("NO PASSWORD");
+			break;
+		case 'r':
+			remote_machine = optarg;
+			break;
+		case 's':
+			set_line_buffering(stdin);
+			set_line_buffering(stdout);
+			set_line_buffering(stderr);
+			stdin_passwd_get = True;
+			break;
+		case 'w':
+			if (!amroot) goto bad_args;
+#ifdef WITH_LDAP_SAM
+			local_flags |= LOCAL_SET_LDAP_ADMIN_PW;
+			fstrcpy(ldap_secret, optarg);
+			break;
+#else
+			printf("-w not available unless configured --with-ldap\n");
+			goto bad_args;
+#endif			
+		case 'R':
+			if (!amroot) goto bad_args;
+			lp_set_name_resolve_order(optarg);
+			break;
+		case 'D':
+			DEBUGLEVEL = atoi(optarg);
+			break;
+		case 'U': {
+			char *lp;
+
+			got_username = True;
+			fstrcpy(user_name, optarg);
+
+			if ((lp = strchr(user_name, '%'))) {
+				*lp = 0;
+				fstrcpy(user_password, lp + 1);
+				got_pass = True;
+				memset(strchr_m(optarg, '%') + 1, 'X',
+				       strlen(user_password));
+			}
+
+			break;
+		}
+		case 'h':
+		default:
+bad_args:
+			usage();
+		}
+	}
+	
+	argc -= optind;
+	argv += optind;
+
+	switch(argc) {
+	case 0:
+		if (!got_username)
+			fstrcpy(user_name, "");
+		break;
+	case 1:
+		if (!amroot) {
+			new_passwd = argv[0];
+			break;
+		}
+		if (got_username)
+			usage();
+		fstrcpy(user_name, argv[0]);
+		break;
+	case 2:
+		if (!amroot || got_username || got_pass)
+			usage();
+		fstrcpy(user_name, argv[0]);
+		new_passwd = smb_xstrdup(argv[1]);
+		break;
+	default:
+		usage();
 	}
-	return (True);
+
 }
 
-struct smb_passwd *
-_my_get_smbpwnam(FILE * fp, char *name, BOOL * valid_old_pwd, 
-		BOOL *got_valid_nt_entry, long *pwd_seekpos)
+/*************************************************************
+ Utility function to prompt for passwords from stdin. Each
+ password entered must end with a newline.
+*************************************************************/
+static char *stdin_new_passwd(void)
 {
-	char            linebuf[256];
-	unsigned char   c;
-	unsigned char  *p;
-	long            uidval;
-	long            linebuf_len;
+	static fstring new_passwd;
+	size_t len;
+
+	ZERO_ARRAY(new_passwd);
 
 	/*
-	 * Scan the file, a line at a time and check if the name matches.
+	 * if no error is reported from fgets() and string at least contains
+	 * the newline that ends the password, then replace the newline with
+	 * a null terminator.
 	 */
-	while (!feof(fp)) {
-		linebuf[0] = '\0';
-		*pwd_seekpos = ftell(fp);
+	if ( fgets(new_passwd, sizeof(new_passwd), stdin) != NULL) {
+		if ((len = strlen(new_passwd)) > 0) {
+			if(new_passwd[len-1] == '\n')
+				new_passwd[len - 1] = 0; 
+		}
+	}
+	return(new_passwd);
+}
 
-		fgets(linebuf, 256, fp);
-		if (ferror(fp))
-			return NULL;
 
-		/*
-		 * Check if the string is terminated with a newline - if not
-		 * then we must keep reading and discard until we get one.
-		 */
-		linebuf_len = strlen(linebuf);
-		if (linebuf[linebuf_len - 1] != '\n') {
-			c = '\0';
-			while (!ferror(fp) && !feof(fp)) {
-				c = fgetc(fp);
-				if (c == '\n')
-					break;
-			}
-		} else
-			linebuf[linebuf_len - 1] = '\0';
+/*************************************************************
+ Utility function to get passwords via tty or stdin
+ Used if the '-s' option is set to silently get passwords
+ to enable scripting.
+*************************************************************/
+static char *get_pass( char *prompt, BOOL stdin_get)
+{
+	char *p;
+	if (stdin_get) {
+		p = stdin_new_passwd();
+	} else {
+		p = getpass(prompt);
+	}
+	return smb_xstrdup(p);
+}
 
-		if ((linebuf[0] == 0) && feof(fp))
-			break;
-		/*
-		 * The line we have should be of the form :-
-		 * 
-		 * username:uid:[32hex bytes]:....other flags presently
-		 * ignored....
-		 * 
-		 * or,
-		 * 
-		 * username:uid:[32hex bytes]:[32hex bytes]:....ignored....
-		 * 
-		 * if Windows NT compatible passwords are also present.
-		 */
+/*************************************************************
+ Utility function to prompt for new password.
+*************************************************************/
+static char *prompt_for_new_password(BOOL stdin_get)
+{
+	char *p;
+	fstring new_passwd;
 
-		if (linebuf[0] == '#' || linebuf[0] == '\0')
-			continue;
-		p = (unsigned char *) strchr(linebuf, ':');
-		if (p == NULL)
-			continue;
-		/*
-		 * As 256 is shorter than a pstring we don't need to check
-		 * length here - if this ever changes....
-		 */
-		strncpy(user_name, linebuf, PTR_DIFF(p, linebuf));
-		user_name[PTR_DIFF(p, linebuf)] = '\0';
-		if (!strequal(user_name, name))
-			continue;
+	ZERO_ARRAY(new_passwd);
+ 
+	p = get_pass("New SMB password:", stdin_get);
+
+	fstrcpy(new_passwd, p);
+	SAFE_FREE(p);
+
+	p = get_pass("Retype new SMB password:", stdin_get);
+
+	if (strcmp(p, new_passwd)) {
+		fprintf(stderr, "Mismatch - password unchanged.\n");
+		ZERO_ARRAY(new_passwd);
+		SAFE_FREE(p);
+		return NULL;
+	}
+
+	return p;
+}
+
+
+/*************************************************************
+ Change a password either locally or remotely.
+*************************************************************/
 
-		/* User name matches - get uid and password */
-		p++;		/* Go past ':' */
-		if (!isdigit(*p))
-			return (False);
+static BOOL password_change(const char *remote_machine, char *user_name, 
+			    char *old_passwd, char *new_passwd, int local_flags)
+{
+	BOOL ret;
+	pstring err_str;
+	pstring msg_str;
 
-		uidval = atoi((char *) p);
-		while (*p && isdigit(*p))
-			p++;
+	if (remote_machine != NULL) {
+		if (local_flags & (LOCAL_ADD_USER|LOCAL_DELETE_USER|LOCAL_DISABLE_USER|LOCAL_ENABLE_USER|
+							LOCAL_TRUST_ACCOUNT|LOCAL_SET_NO_PASSWORD)) {
+			/* these things can't be done remotely yet */
+			return False;
+		}
+		ret = remote_password_change(remote_machine, user_name, 
+					     old_passwd, new_passwd, err_str, sizeof(err_str));
+		if(*err_str)
+			fprintf(stderr, err_str);
+		return ret;
+	}
+	
+	ret = local_password_change(user_name, local_flags, new_passwd, 
+				     err_str, sizeof(err_str), msg_str, sizeof(msg_str));
 
-		if (*p != ':')
-			return (False);
+	if(*msg_str)
+		printf(msg_str);
+	if(*err_str)
+		fprintf(stderr, err_str);
+
+	return ret;
+}
+
+#ifdef WITH_LDAP_SAM
+/*******************************************************************
+ Store the LDAP admin password in secrets.tdb
+ ******************************************************************/
+static BOOL store_ldap_admin_pw (char* pw)
+{	
+	if (!pw) 
+		return False;
+
+	if (!secrets_init())
+		return False;
+	
+	return secrets_store_ldap_pw(lp_ldap_admin_dn(), pw);
+}
+#endif
+
+
+/*************************************************************
+ Handle password changing for root.
+*************************************************************/
+
+static int process_root(void)
+{
+	struct passwd  *pwd;
+	int result = 0;
+
+#ifdef WITH_LDAP_SAM
+	if (local_flags & LOCAL_SET_LDAP_ADMIN_PW)
+	{
+		printf("Setting stored password for \"%s\" in secrets.tdb\n", 
+			lp_ldap_admin_dn());
+		if (!store_ldap_admin_pw(ldap_secret))
+			DEBUG(0,("ERROR: Failed to store the ldap admin password!\n"));
+		goto done;
+	}
+#endif
+
+	/*
+	 * Ensure both add/delete user are not set
+	 * Ensure add/delete user and either remote machine or join domain are
+	 * not both set.
+	 */	
+	if(((local_flags & (LOCAL_ADD_USER|LOCAL_DELETE_USER)) == (LOCAL_ADD_USER|LOCAL_DELETE_USER)) || 
+	   ((local_flags & (LOCAL_ADD_USER|LOCAL_DELETE_USER)) && 
+		(remote_machine != NULL))) {
+		usage();
+	}
+	
+	/* Only load interfaces if we are doing network operations. */
+
+	if (remote_machine) {
+		load_interfaces();
+	}
+
+	if (!user_name[0] && (pwd = sys_getpwuid(geteuid()))) {
+		fstrcpy(user_name, pwd->pw_name);
+	} 
+
+	if (!user_name[0]) {
+		fprintf(stderr,"You must specify a username\n");
+		exit(1);
+	}
+
+	if (local_flags & LOCAL_TRUST_ACCOUNT) {
+		/* add the $ automatically */
+		static fstring buf;
 
 		/*
-		 * Now get the password value - this should be 32 hex digits
-		 * which are the ascii representations of a 16 byte string.
-		 * Get two at a time and put them into the password.
+		 * Remove any trailing '$' before we
+		 * generate the initial machine password.
 		 */
-		p++;
-		*pwd_seekpos += PTR_DIFF(p, linebuf);	/* Save exact position
-							 * of passwd in file -
-							 * this is used by
-							 * smbpasswd.c */
-		if (*p == '*' || *p == 'X') {
-			/* Password deliberately invalid - end here. */
-			*valid_old_pwd = False;
-			*got_valid_nt_entry = False;
-			pw_buf.smb_nt_passwd = NULL;	/* No NT password (yet)*/
-
-			/* Now check if the NT compatible password is
-			   available. */
-			p += 33; /* Move to the first character of the line after 
-						the lanman password. */
-			if ((linebuf_len >= (PTR_DIFF(p, linebuf) + 33)) && (p[32] == ':')) {
-				/* NT Entry was valid - even if 'X' or '*', can be overwritten */
-				*got_valid_nt_entry = True;
-				if (*p != '*' && *p != 'X') {
-					if(gethexpwd(p,smbntpwd))
-						pw_buf.smb_nt_passwd = smbntpwd;
-				}
-			}
-			pw_buf.smb_name = user_name;
-			pw_buf.smb_userid = uidval;
-			pw_buf.smb_passwd = NULL;	/* No password */
-			return (&pw_buf);
+
+		if (user_name[strlen(user_name)-1] == '$') {
+			user_name[strlen(user_name)-1] = 0;
 		}
-		if (linebuf_len < (PTR_DIFF(p, linebuf) + 33))
-			return (False);
 
-		if (p[32] != ':')
-			return (False);
+		if (local_flags & LOCAL_ADD_USER) {
+		        SAFE_FREE(new_passwd);
+			new_passwd = smb_xstrdup(user_name);
+			strlower(new_passwd);
+		}
 
-		if (!strncasecmp(p, "NO PASSWORD", 11)) {
-			pw_buf.smb_passwd = NULL;	/* No password */
-		} else {
-			if(!gethexpwd(p,smbpwd))
-				return False;
-			pw_buf.smb_passwd = smbpwd;
+		/*
+		 * Now ensure the username ends in '$' for
+		 * the machine add.
+		 */
+
+		slprintf(buf, sizeof(buf)-1, "%s$", user_name);
+		fstrcpy(user_name, buf);
+	} else if (local_flags & LOCAL_INTERDOM_ACCOUNT) {
+		static fstring buf;
+
+		if (local_flags & LOCAL_ADD_USER) {
+			/*
+			 * Prompt for trusting domain's account password
+			 */
+			new_passwd = prompt_for_new_password(stdin_passwd_get);
+			if(!new_passwd) {
+				fprintf(stderr, "Unable to get newpassword.\n");
+				exit(1);
+			}
 		}
+		slprintf(buf, sizeof(buf) - 1, "%s$", user_name);
+		fstrcpy(user_name, buf);
 
-		pw_buf.smb_name = user_name;
-		pw_buf.smb_userid = uidval;
-		pw_buf.smb_nt_passwd = NULL;
-		*got_valid_nt_entry = False;
-		*valid_old_pwd = True;
-
-		/* Now check if the NT compatible password is
-		   available. */
-		p += 33; /* Move to the first character of the line after 
-					the lanman password. */
-		if ((linebuf_len >= (PTR_DIFF(p, linebuf) + 33)) && (p[32] == ':')) {
-			/* NT Entry was valid - even if 'X' or '*', can be overwritten */
-			*got_valid_nt_entry = True;
-			if (*p != '*' && *p != 'X') {
-				if(gethexpwd(p,smbntpwd))
-					pw_buf.smb_nt_passwd = smbntpwd;
+	} else {
+		
+		if (remote_machine != NULL) {
+			old_passwd = get_pass("Old SMB password:",stdin_passwd_get);
+		}
+		
+		if (!(local_flags & LOCAL_SET_PASSWORD)) {
+			
+			/*
+			 * If we are trying to enable a user, first we need to find out
+			 * if they are using a modern version of the smbpasswd file that
+			 * disables a user by just writing a flag into the file. If so
+			 * then we can re-enable a user without prompting for a new
+			 * password. If not (ie. they have a no stored password in the
+			 * smbpasswd file) then we need to prompt for a new password.
+			 */
+			
+			if(local_flags & LOCAL_ENABLE_USER) {
+				SAM_ACCOUNT *sampass = NULL;
+				BOOL ret;
+				
+				pdb_init_sam(&sampass);
+				ret = pdb_getsampwnam(sampass, user_name);
+				if((sampass != False) && (pdb_get_lanman_passwd(sampass) == NULL)) {
+					local_flags |= LOCAL_SET_PASSWORD;
+				}
+				pdb_free_sam(&sampass);
 			}
 		}
-		return &pw_buf;
+		
+		if(local_flags & LOCAL_SET_PASSWORD) {
+			new_passwd = prompt_for_new_password(stdin_passwd_get);
+			
+			if(!new_passwd) {
+				fprintf(stderr, "Unable to get new password.\n");
+				exit(1);
+			}
+		}
+	}
+
+	if (!password_change(remote_machine, user_name, old_passwd, new_passwd, local_flags)) {
+		fprintf(stderr,"Failed to modify password entry for user %s\n", user_name);
+		result = 1;
+		goto done;
+	} 
+
+	if(remote_machine) {
+		printf("Password changed for user %s on %s.\n", user_name, remote_machine );
+	} else if(!(local_flags & (LOCAL_ADD_USER|LOCAL_DISABLE_USER|LOCAL_ENABLE_USER|LOCAL_DELETE_USER|LOCAL_SET_NO_PASSWORD|LOCAL_SET_PASSWORD))) {
+		SAM_ACCOUNT *sampass = NULL;
+		BOOL ret;
+		
+		pdb_init_sam(&sampass);
+		ret = pdb_getsampwnam(sampass, user_name);
+
+		printf("Password changed for user %s.", user_name );
+		if( (ret != False) && (pdb_get_acct_ctrl(sampass)&ACB_DISABLED) )
+			printf(" User has disabled flag set.");
+		if((ret != False) && (pdb_get_acct_ctrl(sampass) & ACB_PWNOTREQ) )
+			printf(" User has no password flag set.");
+		printf("\n");
+		pdb_free_sam(&sampass);
 	}
-	return NULL;
+
+ done:
+	SAFE_FREE(new_passwd);
+	return result;
 }
 
-/*
- * Print command usage on stderr and die.
- */
-void 
-usage(char *name)
+
+/*************************************************************
+ Handle password changing for non-root.
+*************************************************************/
+
+static int process_nonroot(void)
 {
-	fprintf(stderr, "Usage is : %s [username]\n", name);
-	exit(1);
+	struct passwd  *pwd = NULL;
+	int result = 0;
+
+	if (!user_name[0]) {
+		pwd = sys_getpwuid(getuid());
+		if (pwd) {
+			fstrcpy(user_name,pwd->pw_name);
+		} else {
+			fprintf(stderr, "smbpasswd: you don't exist - go away\n");
+			exit(1);
+		}
+	}
+	
+	/*
+	 * A non-root user is always setting a password
+	 * via a remote machine (even if that machine is
+	 * localhost).
+	 */	
+
+	load_interfaces(); /* Delayed from main() */
+
+	if (remote_machine == NULL) {
+		remote_machine = "127.0.0.1";
+	}
+
+	if (remote_machine != NULL) {
+		old_passwd = get_pass("Old SMB password:",stdin_passwd_get);
+	}
+	
+	if (!new_passwd) {
+		new_passwd = prompt_for_new_password(stdin_passwd_get);
+	}
+	
+	if (!new_passwd) {
+		fprintf(stderr, "Unable to get new password.\n");
+		exit(1);
+	}
+
+	if (!password_change(remote_machine, user_name, old_passwd, new_passwd, 0)) {
+		fprintf(stderr,"Failed to change password for %s\n", user_name);
+		result = 1;
+		goto done;
+	}
+
+	printf("Password changed for user %s\n", user_name);
+
+ done:
+	SAFE_FREE(old_passwd);
+	SAFE_FREE(new_passwd);
+
+	return result;
 }
 
+
+
+/*********************************************************
+ Start here.
+**********************************************************/
 int main(int argc, char **argv)
-{
-  int             real_uid;
-  struct passwd  *pwd;
-  fstring         old_passwd;
-  uchar           old_p16[16];
-  uchar           old_nt_p16[16];
-  fstring         new_passwd;
-  uchar           new_p16[16];
-  uchar           new_nt_p16[16];
-  char           *p;
-  struct smb_passwd *smb_pwent;
-  FILE           *fp;
-  BOOL            valid_old_pwd = False;
-  BOOL 			got_valid_nt_entry = False;
-  long            seekpos;
-  int             pwfd;
-  char            ascii_p16[66];
-  char            c;
-  int             ret, i, err, writelen;
-  int             lockfd = -1;
-  char           *pfile = SMB_PASSWD_FILE;
-  char            readbuf[16 * 1024];
-  
-  setup_logging(argv[0],True);
-  
-  charset_initialise();
-  
-#ifndef DEBUG_PASSWORD
-  /* Check the effective uid */
-  if (geteuid() != 0) {
-    fprintf(stderr, "%s: Must be setuid root.\n", argv[0]);
-    exit(1);
-  }
-#endif
-  
-  /* Get the real uid */
-  real_uid = getuid();
-  
-  /* Deal with usage problems */
-  if (real_uid == 0) {
-    /* As root we can change anothers password. */
-    if (argc != 1 && argc != 2)
-      usage(argv[0]);
-  } else if (argc != 1)
-    usage(argv[0]);
-  
-  
-  if (real_uid == 0 && argc == 2) {
-    /* If we are root we can change anothers password. */
-    strncpy(user_name, argv[1], sizeof(user_name) - 1);
-    user_name[sizeof(user_name) - 1] = '\0';
-    pwd = getpwnam(user_name);
-  } else {
-    pwd = getpwuid(real_uid);
-  }
-  
-  if (pwd == 0) {
-    fprintf(stderr, "%s: Unable to get UNIX password entry for user.\n", argv[0]);
-    exit(1);
-  }
-  /* If we are root we don't ask for the old password. */
-  old_passwd[0] = '\0';
-  if (real_uid != 0) {
-    p = getpass("Old SMB password:");
-    strncpy(old_passwd, p, sizeof(fstring));
-    old_passwd[sizeof(fstring)-1] = '\0';
-  }
-  new_passwd[0] = '\0';
-  p = getpass("New SMB password:");
-  strncpy(new_passwd, p, sizeof(fstring));
-  new_passwd[sizeof(fstring)-1] = '\0';
-  p = getpass("Retype new SMB password:");
-  if (strcmp(p, new_passwd)) {
-    fprintf(stderr, "%s: Mismatch - password unchanged.\n", argv[0]);
-    exit(1);
-  }
-  
-  if (new_passwd[0] == '\0') {
-    printf("Password not set\n");
-    exit(0);
-  }
-  
-  /* Calculate the MD4 hash (NT compatible) of the old and new passwords */
-  memset(old_nt_p16, '\0', 16);
-  E_md4hash((uchar *)old_passwd, old_nt_p16);
-  
-  memset(new_nt_p16, '\0', 16);
-  E_md4hash((uchar *) new_passwd, new_nt_p16);
-  
-  /* Mangle the passwords into Lanman format */
-  old_passwd[14] = '\0';
-  strupper(old_passwd);
-  new_passwd[14] = '\0';
-  strupper(new_passwd);
-  
-  /*
-   * Calculate the SMB (lanman) hash functions of both old and new passwords.
-   */
-  
-  memset(old_p16, '\0', 16);
-  E_P16((uchar *) old_passwd, old_p16);
-  
-  memset(new_p16, '\0', 16);
-  E_P16((uchar *) new_passwd, new_p16);
-  
-  /*
-   * Open the smbpaswd file XXXX - we need to parse smb.conf to get the
-   * filename
-   */
-  if ((fp = fopen(pfile, "r+")) == NULL) {
-    err = errno;
-    fprintf(stderr, "%s: Failed to open password file %s.\n",
-	    argv[0], pfile);
-    errno = err;
-    perror(argv[0]);
-    exit(err);
-  }
-  /* Set read buffer to 16k for effiecient reads */
-  setvbuf(fp, readbuf, _IOFBF, sizeof(readbuf));
-  
-  /* make sure it is only rw by the owner */
-  chmod(pfile, 0600);
-  
-  /* Lock the smbpasswd file for write. */
-  if ((lockfd = pw_file_lock(pfile, F_WRLCK, 5)) < 0) {
-    err = errno;
-    fprintf(stderr, "%s: Failed to lock password file %s.\n",
-	    argv[0], pfile);
-    fclose(fp);
-    errno = err;
-    perror(argv[0]);
-    exit(err);
-  }
-  /* Get the smb passwd entry for this user */
-  smb_pwent = _my_get_smbpwnam(fp, pwd->pw_name, &valid_old_pwd, 
-			       &got_valid_nt_entry, &seekpos);
-  if (smb_pwent == NULL) {
-    fprintf(stderr, "%s: Failed to find entry for user %s in file %s.\n",
-	    argv[0], pwd->pw_name, pfile);
-    fclose(fp);
-    pw_file_unlock(lockfd);
-    exit(1);
-  }
-  /* If we are root we don't need to check the old password. */
-  if (real_uid != 0) {
-    if ((valid_old_pwd == False) || (smb_pwent->smb_passwd == NULL)) {
-      fprintf(stderr, "%s: User %s is disabled, plase contact your administrator to enable it.\n", argv[0], pwd->pw_name);
-      fclose(fp);
-      pw_file_unlock(lockfd);
-      exit(1);
-    }
-    /* Check the old Lanman password */
-    if (memcmp(old_p16, smb_pwent->smb_passwd, 16)) {
-      fprintf(stderr, "%s: Couldn't change password.\n", argv[0]);
-      fclose(fp);
-      pw_file_unlock(lockfd);
-      exit(1);
-    }
-    /* Check the NT password if it exists */
-    if (smb_pwent->smb_nt_passwd != NULL) {
-      if (memcmp(old_nt_p16, smb_pwent->smb_nt_passwd, 16)) {
-	fprintf(stderr, "%s: Couldn't change password.\n", argv[0]);
-	fclose(fp);
-	pw_file_unlock(lockfd);
-	exit(1);
-      }
-    }
-  }
-  /*
-   * If we get here either we were root or the old password checked out
-   * ok.
-   */
-  /* Create the 32 byte representation of the new p16 */
-  for (i = 0; i < 16; i++) {
-    sprintf(&ascii_p16[i * 2], "%02X", (uchar) new_p16[i]);
-  }
-  if(got_valid_nt_entry) {
-    /* Add on the NT md4 hash */
-    ascii_p16[32] = ':';
-    for (i = 0; i < 16; i++) {
-      sprintf(&ascii_p16[(i * 2)+33], "%02X", (uchar) new_nt_p16[i]);
-    }
-  }
-  /*
-   * Do an atomic write into the file at the position defined by
-   * seekpos.
-   */
-  pwfd = fileno(fp);
-  ret = lseek(pwfd, seekpos - 1, SEEK_SET);
-  if (ret != seekpos - 1) {
-    err = errno;
-    fprintf(stderr, "%s: seek fail on file %s.\n",
-	    argv[0], pfile);
-    fclose(fp);
-    errno = err;
-    perror(argv[0]);
-    pw_file_unlock(lockfd);
-    exit(1);
-  }
-  /* Sanity check - ensure the character is a ':' */
-  if (read(pwfd, &c, 1) != 1) {
-    err = errno;
-    fprintf(stderr, "%s: read fail on file %s.\n",
-	    argv[0], pfile);
-    fclose(fp);
-    errno = err;
-    perror(argv[0]);
-    pw_file_unlock(lockfd);
-    exit(1);
-  }
-  if (c != ':') {
-    fprintf(stderr, "%s: sanity check on passwd file %s failed.\n",
-	    argv[0], pfile);
-    fclose(fp);
-    pw_file_unlock(lockfd);
-    exit(1);
-  }
-  writelen = (got_valid_nt_entry) ? 65 : 32;
-  if (write(pwfd, ascii_p16, writelen) != writelen) {
-    err = errno;
-    fprintf(stderr, "%s: write fail in file %s.\n",
-	    argv[0], pfile);
-    fclose(fp);
-    errno = err;
-    perror(argv[0]);
-    pw_file_unlock(lockfd);
-    exit(err);
-  }
-  fclose(fp);
-  pw_file_unlock(lockfd);
-  printf("Password changed\n");
-  return 0;
-}
+{	
+	BOOL amroot = getuid() == 0;
 
-#else
+	pstrcpy(configfile, dyn_CONFIGFILE);
+	AllowDebugChange = False;
 
-#include "includes.h"
+#if defined(HAVE_SET_AUTH_PARAMETERS)
+	set_auth_parameters(argc, argv);
+#endif /* HAVE_SET_AUTH_PARAMETERS */
 
-int 
-main(int argc, char **argv)
-{
-  printf("smb password encryption not selected in Makefile\n");
-  return 0;
+	process_options(argc, argv, amroot);
+
+	setup_logging("smbpasswd", True);
+	
+	if (!lp_load(configfile,True,False,False)) {
+		fprintf(stderr, "Can't load %s - run testparm to debug it\n", 
+			dyn_CONFIGFILE);
+		exit(1);
+	}
+
+	/*
+	 * Set the machine NETBIOS name if not already
+	 * set from the config file. 
+	 */ 
+    
+	if (!*global_myname) {   
+		char *p;
+		fstrcpy(global_myname, myhostname());
+		p = strchr_m(global_myname, '.' );
+		if (p) *p = 0;
+	}           
+	strupper(global_myname);
+
+	/* Check the effective uid - make sure we are not setuid */
+	if (is_setuid_root()) {
+		fprintf(stderr, "smbpasswd must *NOT* be setuid root.\n");
+		exit(1);
+	}
+
+	if (local_mode || amroot) {
+		secrets_init();
+		return process_root();
+	} 
+
+	return process_nonroot();
 }
-#endif
diff --git a/source3/utils/smbtree.c b/source3/utils/smbtree.c
new file mode 100644
index 0000000000..b80a27eb37
--- /dev/null
+++ b/source3/utils/smbtree.c
@@ -0,0 +1,423 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Network neighbourhood browser.
+   
+   Copyright (C) Tim Potter      2000
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+static BOOL use_bcast;
+
+struct user_auth_info {
+	pstring username;
+	pstring password;
+	pstring workgroup;
+};
+
+/* How low can we go? */
+
+enum tree_level {LEV_WORKGROUP, LEV_SERVER, LEV_SHARE};
+enum tree_level level = LEV_SHARE;
+
+static void usage(void)
+{
+	printf(
+"Usage: smbtree [options]\n\
+\n\
+\t-d debuglevel           set debug output level\n\
+\t-U username             user to autheticate as\n\
+\t-W workgroup            workgroup of user to authenticate as\n\
+\t-D                      list only domains (workgroups) of tree\n\
+\t-S                      list domains and servers of tree\n\
+\t-b                      use bcast instead of using the master browser\n\
+\n\
+The username can be of the form username%%password or\n\
+workgroup\\username%%password.\n\n\
+");
+}
+
+/* Holds a list of workgroups or servers */
+
+struct name_list {
+        struct name_list *prev, *next;
+        pstring name, comment;
+        uint32 server_type;
+};
+
+static struct name_list *workgroups, *servers, *shares;
+
+static void free_name_list(struct name_list *list)
+{
+        while(list)
+                DLIST_REMOVE(list, list);
+}
+
+static void add_name(const char *machine_name, uint32 server_type,
+                     const char *comment, void *state)
+{
+        struct name_list **name_list = (struct name_list **)state;
+        struct name_list *new_name;
+
+        new_name = (struct name_list *)malloc(sizeof(struct name_list));
+
+        if (!new_name)
+                return;
+
+        ZERO_STRUCTP(new_name);
+
+        pstrcpy(new_name->name, machine_name);
+        pstrcpy(new_name->comment, comment);
+        new_name->server_type = server_type;
+
+        DLIST_ADD(*name_list, new_name);
+}
+
+/* Return a cli_state pointing at the IPC$ share for the given workgroup */
+
+static struct cli_state *get_ipc_connect(char *server,
+                                         struct user_auth_info *user_info)
+{
+        struct nmb_name calling, called;
+        struct in_addr server_ip;
+        struct cli_state *cli;
+        pstring myname;
+
+        zero_ip(&server_ip);
+
+        get_myname(myname);
+
+        make_nmb_name(&called, myname, 0x0);
+        make_nmb_name(&calling, server, 0x20);
+
+        if (is_ipaddress(server))
+                if (!resolve_name(server, &server_ip, 0x20))
+                        return False;
+                
+ again:
+	if (!(cli = cli_initialise(NULL))) {
+                DEBUG(4, ("Unable to initialise cli structure\n"));
+                goto error;
+        }
+
+        if (!cli_connect(cli, server, &server_ip)) {
+                DEBUG(4, ("Unable to connect to %s\n", server));
+                goto error;
+        }
+
+        if (!cli_session_request(cli, &calling, &called)) {
+                cli_shutdown(cli);
+                if (!strequal(called.name, "*SMBSERVER")) {
+                        make_nmb_name(&called , "*SMBSERVER", 0x20);
+                        goto again;
+                }
+                DEBUG(4, ("Session request failed to %s\n", called.name));
+                goto error;
+	}
+
+        if (!cli_negprot(cli)) {
+                DEBUG(4, ("Negprot failed\n"));
+                goto error;
+	}
+
+	if (!cli_session_setup(cli, user_info->username, user_info->password, 
+                               strlen(user_info->password),
+			       user_info->password, 
+                               strlen(user_info->password), server) &&
+	    /* try an anonymous login if it failed */
+	    !cli_session_setup(cli, "", "", 1,"", 0, server)) {
+                DEBUG(4, ("Session setup failed\n"));
+                goto error;
+	}
+
+	DEBUG(4,(" session setup ok\n"));
+
+	if (!cli_send_tconX(cli, "IPC$", "?????",
+			    user_info->password, 
+                            strlen(user_info->password)+1)) {
+                DEBUG(4, ("Tconx failed\n"));
+                goto error;
+	}
+
+        return cli;
+
+        /* Clean up after error */
+
+ error:
+        if (cli && cli->initialised)
+                cli_shutdown(cli);
+
+        return NULL;
+}
+
+/* Return the IP address and workgroup of a master browser on the 
+   network. */
+
+static BOOL find_master_ip_bcast(pstring workgroup, struct in_addr *server_ip)
+{
+	struct in_addr *ip_list;
+	int i, count;
+
+        /* Go looking for workgroups by broadcasting on the local network */ 
+
+        if (!name_resolve_bcast(MSBROWSE, 1, &ip_list, &count)) {
+                return False;
+        }
+
+	for (i = 0; i < count; i++) {
+		static fstring name;
+
+		if (!name_status_find("*", 0, 0x1d, ip_list[i], name))
+			continue;
+
+                if (!find_master_ip(name, server_ip))
+			continue;
+
+                pstrcpy(workgroup, name);
+
+                DEBUG(4, ("found master browser %s, %s\n", 
+                          name, inet_ntoa(ip_list[i])));
+
+                return True;
+	}
+
+	return False;
+}
+
+/****************************************************************************
+  display tree of smb workgroups, servers and shares
+****************************************************************************/
+static BOOL get_workgroups(struct user_auth_info *user_info)
+{
+        struct cli_state *cli;
+        struct in_addr server_ip;
+	pstring master_workgroup;
+
+        /* Try to connect to a #1d name of our current workgroup.  If that
+           doesn't work broadcast for a master browser and then jump off
+           that workgroup. */
+
+	pstrcpy(master_workgroup, lp_workgroup());
+
+        if (use_bcast || !find_master_ip(lp_workgroup(), &server_ip)) {
+                DEBUG(4, ("Unable to find master browser for workgroup %s\n", 
+			  master_workgroup));
+		if (!find_master_ip_bcast(master_workgroup, &server_ip)) {
+			DEBUG(4, ("Unable to find master browser by "
+				  "broadcast\n"));
+			return False;
+		}
+        }
+
+        if (!(cli = get_ipc_connect(inet_ntoa(server_ip), user_info)))
+                return False;
+
+        if (!cli_NetServerEnum(cli, master_workgroup, 
+                               SV_TYPE_DOMAIN_ENUM, add_name, &workgroups))
+                return False;
+
+        return True;
+}
+
+/* Retrieve the list of servers for a given workgroup */
+
+static BOOL get_servers(char *workgroup, struct user_auth_info *user_info)
+{
+        struct cli_state *cli;
+        struct in_addr server_ip;
+
+        /* Open an IPC$ connection to the master browser for the workgroup */
+
+        if (!find_master_ip(workgroup, &server_ip)) {
+                DEBUG(4, ("Cannot find master browser for workgroup %s\n",
+                          workgroup));
+                return False;
+        }
+
+        if (!(cli = get_ipc_connect(inet_ntoa(server_ip), user_info)))
+                return False;
+
+        if (!cli_NetServerEnum(cli, workgroup, SV_TYPE_ALL, add_name, 
+                               &servers))
+                return False;
+
+        return True;
+}
+
+static BOOL get_shares(char *server_name, struct user_auth_info *user_info)
+{
+        struct cli_state *cli;
+
+        if (!(cli = get_ipc_connect(server_name, user_info)))
+                return False;
+
+        if (!cli_RNetShareEnum(cli, add_name, &shares))
+                return False;
+
+        return True;
+}
+
+static BOOL print_tree(struct user_auth_info *user_info)
+{
+        struct name_list *wg, *sv, *sh;
+
+        /* List workgroups */
+
+        if (!get_workgroups(user_info))
+                return False;
+
+        for (wg = workgroups; wg; wg = wg->next) {
+
+                printf("%s\n", wg->name);
+
+                /* List servers */
+
+                free_name_list(servers);
+                servers = NULL;
+
+                if (level == LEV_WORKGROUP || 
+                    !get_servers(wg->name, user_info))
+                        continue;
+
+                for (sv = servers; sv; sv = sv->next) {
+
+                        printf("\t\\\\%-15s\t\t%s\n", 
+			       sv->name, sv->comment);
+
+                        /* List shares */
+
+                        free_name_list(shares);
+                        shares = NULL;
+
+                        if (level == LEV_SERVER ||
+                            !get_shares(sv->name, user_info))
+                                continue;
+
+                        for (sh = shares; sh; sh = sh->next) {
+                                printf("\t\t\\\\%s\\%-15s\t%s\n", 
+				       sv->name, sh->name, sh->comment);
+                        }
+                }
+        }
+
+        return True;
+}
+
+/****************************************************************************
+  main program
+****************************************************************************/
+ int main(int argc,char *argv[])
+{
+	extern char *optarg;
+	extern int optind;
+	int opt;
+	char *p;
+	struct user_auth_info user_info;
+	BOOL got_pass = False;
+
+	/* Initialise samba stuff */
+
+	setlinebuf(stdout);
+
+	dbf = x_stderr;
+
+	setup_logging(argv[0],True);
+
+	lp_load(dyn_CONFIGFILE,True,False,False);
+	load_interfaces();
+
+	if (getenv("USER")) {
+		pstrcpy(user_info.username, getenv("USER"));
+
+		if ((p=strchr(user_info.username, '%'))) {
+			*p = 0;
+			pstrcpy(user_info.password, p+1);
+			got_pass = True;
+			memset(strchr(getenv("USER"), '%') + 1, 'X',
+			       strlen(user_info.password));
+		}
+	}
+
+        pstrcpy(user_info.workgroup, lp_workgroup());
+
+	/* Parse command line args */
+
+	while ((opt = getopt(argc, argv, "U:hd:W:DSb")) != EOF) {
+		switch (opt) {
+		case 'U':
+			pstrcpy(user_info.username,optarg);
+			p = strchr(user_info.username,'%');
+			if (p) {
+				*p = 0;
+				pstrcpy(user_info.password, p+1);
+				got_pass = 1;
+			}
+			break;
+
+		case 'b':
+			use_bcast = True;
+			break;
+
+		case 'h':
+			usage();
+			exit(1);
+
+		case 'd':
+			DEBUGLEVEL = atoi(optarg);
+			break;
+
+		case 'W':
+			pstrcpy(user_info.workgroup, optarg);
+			break;
+
+                case 'D':
+                        level = LEV_WORKGROUP;
+                        break;
+
+                case 'S':
+                        level = LEV_SERVER;
+                        break;
+
+		default:
+			printf("Unknown option %c (%d)\n", (char)opt, opt);
+			exit(1);
+		}
+	}
+
+	argc -= optind;
+	argv += optind;
+	
+	if (argc > 0) {
+		usage();
+		exit(1);
+	}
+
+	if (!got_pass) {
+		char *pass = getpass("Password: ");
+		if (pass) {
+			pstrcpy(user_info.password, pass);
+		}
+                got_pass = True;
+	}
+
+	/* Now do our stuff */
+
+        if (!print_tree(&user_info))
+                return 1;
+
+	return 0;
+}
diff --git a/source3/utils/smbw_sample.c b/source3/utils/smbw_sample.c
new file mode 100644
index 0000000000..5cd792df7a
--- /dev/null
+++ b/source3/utils/smbw_sample.c
@@ -0,0 +1,94 @@
+#include <stdio.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <dirent.h>
+#include <sys/stat.h>
+
+static void usage(void)
+{
+	printf("
+smbw_sample - a sample program that uses smbw
+
+smbw_sample <options> path
+
+  options:
+     -W workgroup
+     -l logfile
+     -P prefix
+     -d debuglevel
+     -U username%%password
+     -R resolve order
+
+note that path must start with /smb/
+");
+}
+
+int main(int argc, char *argv[])
+{
+	DIR *dir;
+	struct dirent *dent;
+	int opt;
+	char *p;
+	extern char *optarg;
+	extern int optind;
+	char *path;
+
+	lp_load(dyn_CONFIGFILE,1,0,0);
+	smbw_setup_shared();
+
+	while ((opt = getopt(argc, argv, "W:U:R:d:P:l:hL:")) != EOF) {
+		switch (opt) {
+		case 'W':
+			smbw_setshared("WORKGROUP", optarg);
+			break;
+		case 'l':
+			smbw_setshared("LOGFILE", optarg);
+			break;
+		case 'P':
+			smbw_setshared("PREFIX", optarg);
+			break;
+		case 'd':
+			smbw_setshared("DEBUG", optarg);
+			break;
+		case 'U':
+			p = strchr_m(optarg,'%');
+			if (p) {
+				*p=0;
+				smbw_setshared("PASSWORD",p+1);
+			}
+			smbw_setshared("USER", optarg);
+			break;
+		case 'R':
+			smbw_setshared("RESOLVE_ORDER",optarg);
+			break;
+		case 'h':
+		default:
+			usage();
+			exit(1);
+		}
+	}
+
+	argc -= optind;
+	argv += optind;
+
+	if (argc < 1) {
+		usage();
+		exit(1);
+	}
+
+	path = argv[0];
+
+	smbw_init();
+
+	dir = smbw_opendir(path);
+	if (!dir) {
+		printf("failed to open %s\n", path);
+		exit(1);
+	}
+	
+	while ((dent = smbw_readdir(dir))) {
+		printf("%s\n", dent->d_name);
+	}
+	smbw_closedir(dir);
+	return 0;
+}
diff --git a/source3/utils/status.c b/source3/utils/status.c
index ed0ae53211..6f4b9eb28c 100644
--- a/source3/utils/status.c
+++ b/source3/utils/status.c
@@ -1,8 +1,7 @@
 /* 
-   Unix SMB/Netbios implementation.
-   Version 1.9.
+   Unix SMB/CIFS implementation.
    status reporting
-   Copyright (C) Andrew Tridgell 1994-1995
+   Copyright (C) Andrew Tridgell 1994-1998
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -17,242 +16,659 @@
    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+   Revision History:
+
+   12 aug 96: Erik.Devriendt@te6.siemens.be
+   added support for shared memory implementation of share mode locking
+
+   21-Jul-1998: rsharpe@ns.aus.com (Richard Sharpe)
+   Added -L (locks only) -S (shares only) flags and code
+
 */
 
 /*
  * This program reports current SMB connections
  */
 
-#ifdef SYSLOG
-#undef SYSLOG
-#endif
+#define NO_SYSLOG
 
 #include "includes.h"
-#include "loadparm.h"
 
-struct connect_record crec;
-extern int DEBUGLEVEL;
-extern FILE *dbf;
+extern BOOL AllowDebugChange;
+
+struct session_record{
+  pid_t pid;
+  uid_t uid;
+  char machine[31];
+  time_t start;
+  struct session_record *next;
+} *srecs;
 
 static pstring Ucrit_username = "";                   /* added by OH */
-int            Ucrit_pid[100];  /* Ugly !!! */        /* added by OH */
-int            Ucrit_MaxPid=0;                        /* added by OH */
-unsigned int   Ucrit_IsActive = 0;                    /* added by OH */
-void           Ucrit_addUsername(pstring username);   /* added by OH */
-unsigned int   Ucrit_checkUsername(pstring username); /* added by OH */
-void           Ucrit_addPid(int pid);                 /* added by OH */
-unsigned int   Ucrit_checkPid(int pid);               /* added by OH */
-
-int main(int argc, char *argv[])
+static pid_t	Ucrit_pid[100];  /* Ugly !!! */        /* added by OH */
+static int            Ucrit_MaxPid=0;                        /* added by OH */
+static unsigned int   Ucrit_IsActive = 0;                    /* added by OH */
+static int verbose, brief;
+static int            shares_only = 0;            /* Added by RJS */
+static int            locks_only  = 0;            /* Added by RJS */
+static BOOL processes_only=False;
+static int show_brl;
+
+/* we need these because we link to locking*.o */
+ void become_root(void) {}
+ void unbecome_root(void) {}
+
+
+/* added by OH */
+static void Ucrit_addUsername(char *username)
+{
+	pstrcpy(Ucrit_username, username);
+	if(strlen(Ucrit_username) > 0)
+		Ucrit_IsActive = 1;
+}
+
+static unsigned int Ucrit_checkUsername(char *username)
+{
+	if ( !Ucrit_IsActive) return 1;
+	if (strcmp(Ucrit_username,username) ==0) return 1;
+	return 0;
+}
+
+static unsigned int Ucrit_checkPid(pid_t pid)
 {
-  FILE *f;
-  pstring fname;
-  int uid, c, n;
-  static pstring servicesf = CONFIGFILE;
-  extern char *optarg;
-  int verbose = 0;
-  void *dir;
-  char *s;
-  BOOL firstopen=True;
-  BOOL processes_only=False;
-  int last_pid=0;
-
-  setup_logging(argv[0],True);
-
-  charset_initialise();
-
-  DEBUGLEVEL = 0;
-  dbf = fopen("/dev/null","w");
-
-  if (getuid() != geteuid()) {
-    printf("smbstatus should not be run setuid\n");
-    return(1);
-  }
-
-  while ((c = getopt(argc, argv, "pdsu:")) != EOF) {
-    switch (c) {
-    case 'd':
-      verbose = 1;
-      break;
-    case 'p':
-      processes_only = 1;
-      break;
-    case 's':
-      strcpy(servicesf, optarg);
-      break;
-    case 'u':                                       /* added by OH */
-      Ucrit_addUsername(optarg);                    /* added by OH */
-      break;
-    default:
-      fprintf(stderr, "Usage: %s [-d] [-p] [-s configfile] [-u username]\n", *argv); /* changed by OH */
-      return (-1);
-    }
-  }
-
-
-
-  if (!lp_load(servicesf,False)) {
-    fprintf(stderr, "Can't load %s - run testparm to debug it\n", servicesf);
-    return (-1);
-  }
-
-  if (verbose) {
-    printf("using configfile = %s\n", servicesf);
-    printf("lockdir = %s\n", *lp_lockdir() ? lp_lockdir() : "NULL");
-  }
-
-  strcpy(fname,lp_lockdir());
-  standard_sub_basic(fname);
-  trim_string(fname,"","/");
-  strcat(fname,"/STATUS..LCK");
-
-  f = fopen(fname,"r");
-  if (!f) {
-    printf("Couldn't open status file %s\n",fname);
-    if (!lp_status(-1))
-      printf("You need to have status=yes in your smb config file\n");
-    return(0);
-  }
-
-  uid = getuid();
-
-  if (!processes_only) {
-    printf("\nSamba version %s\n",VERSION);
-
-    printf("Service      uid      gid      pid     machine\n");
-    printf("----------------------------------------------\n");
-  }
-
-  while (!feof(f))
-    {
-      if (fread(&crec,sizeof(crec),1,f) != 1)
-	break;
-      if ( crec.magic == 0x280267 && process_exists(crec.pid) 
-           && Ucrit_checkUsername(uidtoname(crec.uid))                      /* added by OH */
-         )
-      {
-        Ucrit_addPid(crec.pid);                                             /* added by OH */
-	if (processes_only) {
-	  if (last_pid != crec.pid)
-	    printf("%d\n",crec.pid);
-	  last_pid = crec.pid; /* XXXX we can still get repeats, have to
-				  add a sort at some time */
+	int i;
+	if ( !Ucrit_IsActive) return 1;
+	for (i=0;i<Ucrit_MaxPid;i++)
+		if( pid == Ucrit_pid[i] ) return 1;
+	return 0;
+}
+
+
+static void print_share_mode(share_mode_entry *e, char *fname)
+{
+	static int count;
+	if (count==0) {
+		d_printf("Locked files:\n");
+		d_printf("Pid    DenyMode   Access      R/W        Oplock           Name\n");
+		d_printf("--------------------------------------------------------------\n");
+	}
+	count++;
+
+	if (Ucrit_checkPid(e->pid)) {
+          d_printf("%-5d  ",(int)e->pid);
+	  switch (GET_DENY_MODE(e->share_mode)) {
+	  case DENY_NONE: d_printf("DENY_NONE  "); break;
+	  case DENY_ALL:  d_printf("DENY_ALL   "); break;
+	  case DENY_DOS:  d_printf("DENY_DOS   "); break;
+	  case DENY_READ: d_printf("DENY_READ  "); break;
+	  case DENY_WRITE:printf("DENY_WRITE "); break;
+	  case DENY_FCB:  d_printf("DENY_FCB "); break;
+	  }
+	  d_printf("0x%-8x  ",(unsigned int)e->desired_access);
+	  switch (e->share_mode&0xF) {
+	  case 0: d_printf("RDONLY     "); break;
+	  case 1: d_printf("WRONLY     "); break;
+	  case 2: d_printf("RDWR       "); break;
+	  }
+
+	  if((e->op_type & 
+	     (EXCLUSIVE_OPLOCK|BATCH_OPLOCK)) == 
+	      (EXCLUSIVE_OPLOCK|BATCH_OPLOCK))
+		d_printf("EXCLUSIVE+BATCH ");
+	  else if (e->op_type & EXCLUSIVE_OPLOCK)
+		d_printf("EXCLUSIVE       ");
+	  else if (e->op_type & BATCH_OPLOCK)
+		d_printf("BATCH           ");
+	  else if (e->op_type & LEVEL_II_OPLOCK)
+		d_printf("LEVEL_II        ");
+	  else
+		d_printf("NONE            ");
+
+	  d_printf(" %s   %s",fname,
+             asctime(LocalTime((time_t *)&e->time.tv_sec)));
 	}
-	else	  
-	  printf("%-10.10s   %-8s %-8s %5d   %-8s (%s) %s",
-		 crec.name,uidtoname(crec.uid),gidtoname(crec.gid),crec.pid,
-		 crec.machine,crec.addr,
-		 asctime(LocalTime(&crec.start,GMT_TO_LOCAL)));
-      }
-    }
-  fclose(f);
-
-  if (processes_only) exit(0);
-
-  printf("\n");
-
-  dir = opendir(lp_lockdir());
-  if (!dir) return(0);
-  while ((s=readdirname(dir))) {
-    char buf[16];
-    int pid,mode;
-    time_t t;
-    int fd;
-    pstring lname;
-    int dev,inode;
-
-    if (sscanf(s,"share.%d.%d",&dev,&inode)!=2) continue;
-
-    strcpy(lname,lp_lockdir());
-    trim_string(lname,NULL,"/");
-    strcat(lname,"/");
-    strcat(lname,s);
-
-    fd = open(lname,O_RDONLY,0);
-    if (fd < 0) continue;
-    if (read(fd,buf,16) != 16) continue;
-    n = read(fd,fname,sizeof(fname));
-    fname[MAX(n,0)]=0;
-    close(fd);
-
-    t = IVAL(buf,0);
-    mode = IVAL(buf,4);
-    pid = IVAL(buf,8);
-
-    if ( !Ucrit_checkPid(pid) )             /* added by OH */
-        continue;
-
-    if (IVAL(buf,12) != LOCKING_VERSION || !process_exists(pid)) {
-      if (unlink(lname)==0)
-        printf("Deleted stale share file %s\n",s);
-      continue;
-    }
-
-    fname[sizeof(fname)-1] = 0;
-
-    if (firstopen) {
-      firstopen=False;
-      printf("Locked files:\n");
-      printf("Pid    DenyMode   R/W     Name\n");
-      printf("------------------------------\n");
-    }
-
-
-    printf("%-5d  ",pid);
-    switch ((mode>>4)&0xF)
-      {
-      case DENY_NONE: printf("DENY_NONE  "); break;
-      case DENY_ALL:  printf("DENY_ALL   "); break;
-      case DENY_DOS:  printf("DENY_DOS   "); break;
-      case DENY_READ: printf("DENY_READ  "); break;
-      case DENY_WRITE:printf("DENY_WRITE "); break;
-      }
-    switch (mode&0xF) 
-      {
-      case 0: printf("RDONLY "); break;
-      case 1: printf("WRONLY "); break;
-      case 2: printf("RDWR   "); break;
-      }
-    printf(" %s   %s",fname,asctime(LocalTime(&t,GMT_TO_LOCAL)));
-  }
-  closedir(dir);
-
-  if (firstopen)
-    printf("No locked files\n");
-
-  return (0);
 }
 
-/* added by OH */
-void Ucrit_addUsername(pstring username)
+static void print_brl(SMB_DEV_T dev, SMB_INO_T ino, int pid, 
+		      enum brl_type lock_type,
+		      br_off start, br_off size)
 {
-  strcpy(Ucrit_username, username);
-  if(strlen(Ucrit_username) > 0)
-    Ucrit_IsActive = 1;
+	static int count;
+	if (count==0) {
+		d_printf("Byte range locks:\n");
+		d_printf("   Pid     dev:inode  R/W      start        size\n");
+		d_printf("------------------------------------------------\n");
+	}
+	count++;
+
+	d_printf("%6d   %05x:%05x    %s  %9.0f   %9.0f\n", 
+	       (int)pid, (int)dev, (int)ino, 
+	       lock_type==READ_LOCK?"R":"W",
+	       (double)start, (double)size);
 }
 
-unsigned int Ucrit_checkUsername(pstring username)
+
+/*******************************************************************
+ dump the elements of the profile structure
+  ******************************************************************/
+static int profile_dump(void)
 {
-  if ( !Ucrit_IsActive) return 1;
-  if (strcmp(Ucrit_username,username) ==0) return 1;
-  return 0;
+	if (!profile_setup(True)) {
+		fprintf(stderr,"Failed to initialise profile memory\n");
+		return -1;
+	}
+
+	d_printf("smb_count:                      %u\n", profile_p->smb_count);
+	d_printf("uid_changes:                    %u\n", profile_p->uid_changes);
+	d_printf("************************ System Calls ****************************\n");
+	d_printf("opendir_count:                  %u\n", profile_p->syscall_opendir_count);
+	d_printf("opendir_time:                   %u\n", profile_p->syscall_opendir_time);
+	d_printf("readdir_count:                  %u\n", profile_p->syscall_readdir_count);
+	d_printf("readdir_time:                   %u\n", profile_p->syscall_readdir_time);
+	d_printf("mkdir_count:                    %u\n", profile_p->syscall_mkdir_count);
+	d_printf("mkdir_time:                     %u\n", profile_p->syscall_mkdir_time);
+	d_printf("rmdir_count:                    %u\n", profile_p->syscall_rmdir_count);
+	d_printf("rmdir_time:                     %u\n", profile_p->syscall_rmdir_time);
+	d_printf("closedir_count:                 %u\n", profile_p->syscall_closedir_count);
+	d_printf("closedir_time:                  %u\n", profile_p->syscall_closedir_time);
+	d_printf("open_count:                     %u\n", profile_p->syscall_open_count);
+	d_printf("open_time:                      %u\n", profile_p->syscall_open_time);
+	d_printf("close_count:                    %u\n", profile_p->syscall_close_count);
+	d_printf("close_time:                     %u\n", profile_p->syscall_close_time);
+	d_printf("read_count:                     %u\n", profile_p->syscall_read_count);
+	d_printf("read_time:                      %u\n", profile_p->syscall_read_time);
+	d_printf("read_bytes:                     %u\n", profile_p->syscall_read_bytes);
+	d_printf("write_count:                    %u\n", profile_p->syscall_write_count);
+	d_printf("write_time:                     %u\n", profile_p->syscall_write_time);
+	d_printf("write_bytes:                    %u\n", profile_p->syscall_write_bytes);
+	d_printf("lseek_count:                    %u\n", profile_p->syscall_lseek_count);
+	d_printf("lseek_time:                     %u\n", profile_p->syscall_lseek_time);
+	d_printf("rename_count:                   %u\n", profile_p->syscall_rename_count);
+	d_printf("rename_time:                    %u\n", profile_p->syscall_rename_time);
+	d_printf("fsync_count:                    %u\n", profile_p->syscall_fsync_count);
+	d_printf("fsync_time:                     %u\n", profile_p->syscall_fsync_time);
+	d_printf("stat_count:                     %u\n", profile_p->syscall_stat_count);
+	d_printf("stat_time:                      %u\n", profile_p->syscall_stat_time);
+	d_printf("fstat_count:                    %u\n", profile_p->syscall_fstat_count);
+	d_printf("fstat_time:                     %u\n", profile_p->syscall_fstat_time);
+	d_printf("lstat_count:                    %u\n", profile_p->syscall_lstat_count);
+	d_printf("lstat_time:                     %u\n", profile_p->syscall_lstat_time);
+	d_printf("unlink_count:                   %u\n", profile_p->syscall_unlink_count);
+	d_printf("unlink_time:                    %u\n", profile_p->syscall_unlink_time);
+	d_printf("chmod_count:                    %u\n", profile_p->syscall_chmod_count);
+	d_printf("chmod_time:                     %u\n", profile_p->syscall_chmod_time);
+	d_printf("fchmod_count:                   %u\n", profile_p->syscall_fchmod_count);
+	d_printf("fchmod_time:                    %u\n", profile_p->syscall_fchmod_time);
+	d_printf("chown_count:                    %u\n", profile_p->syscall_chown_count);
+	d_printf("chown_time:                     %u\n", profile_p->syscall_chown_time);
+	d_printf("fchown_count:                   %u\n", profile_p->syscall_fchown_count);
+	d_printf("fchown_time:                    %u\n", profile_p->syscall_fchown_time);
+	d_printf("chdir_count:                    %u\n", profile_p->syscall_chdir_count);
+	d_printf("chdir_time:                     %u\n", profile_p->syscall_chdir_time);
+	d_printf("getwd_count:                    %u\n", profile_p->syscall_getwd_count);
+	d_printf("getwd_time:                     %u\n", profile_p->syscall_getwd_time);
+	d_printf("utime_count:                    %u\n", profile_p->syscall_utime_count);
+	d_printf("utime_time:                     %u\n", profile_p->syscall_utime_time);
+	d_printf("ftruncate_count:                %u\n", profile_p->syscall_ftruncate_count);
+	d_printf("ftruncate_time:                 %u\n", profile_p->syscall_ftruncate_time);
+	d_printf("fcntl_lock_count:               %u\n", profile_p->syscall_fcntl_lock_count);
+	d_printf("fcntl_lock_time:                %u\n", profile_p->syscall_fcntl_lock_time);
+	d_printf("readlink_count:                 %u\n", profile_p->syscall_readlink_count);
+	d_printf("readlink_time:                  %u\n", profile_p->syscall_readlink_time);
+	d_printf("symlink_count:                  %u\n", profile_p->syscall_symlink_count);
+	d_printf("symlink_time:                   %u\n", profile_p->syscall_symlink_time);
+	d_printf("************************ Statcache *******************************\n");
+	d_printf("lookups:                        %u\n", profile_p->statcache_lookups);
+	d_printf("misses:                         %u\n", profile_p->statcache_misses);
+	d_printf("hits:                           %u\n", profile_p->statcache_hits);
+	d_printf("************************ Writecache ******************************\n");
+	d_printf("read_hits:                      %u\n", profile_p->writecache_read_hits);
+	d_printf("abutted_writes:                 %u\n", profile_p->writecache_abutted_writes);
+	d_printf("total_writes:                   %u\n", profile_p->writecache_total_writes);
+	d_printf("non_oplock_writes:              %u\n", profile_p->writecache_non_oplock_writes);
+	d_printf("direct_writes:                  %u\n", profile_p->writecache_direct_writes);
+	d_printf("init_writes:                    %u\n", profile_p->writecache_init_writes);
+	d_printf("flushed_writes[SEEK]:           %u\n", profile_p->writecache_flushed_writes[SEEK_FLUSH]);
+	d_printf("flushed_writes[READ]:           %u\n", profile_p->writecache_flushed_writes[READ_FLUSH]);
+	d_printf("flushed_writes[WRITE]:          %u\n", profile_p->writecache_flushed_writes[WRITE_FLUSH]);
+	d_printf("flushed_writes[READRAW]:        %u\n", profile_p->writecache_flushed_writes[READRAW_FLUSH]);
+	d_printf("flushed_writes[OPLOCK_RELEASE]: %u\n", profile_p->writecache_flushed_writes[OPLOCK_RELEASE_FLUSH]);
+	d_printf("flushed_writes[CLOSE]:          %u\n", profile_p->writecache_flushed_writes[CLOSE_FLUSH]);
+	d_printf("flushed_writes[SYNC]:           %u\n", profile_p->writecache_flushed_writes[SYNC_FLUSH]);
+	d_printf("flushed_writes[SIZECHANGE]:     %u\n", profile_p->writecache_flushed_writes[SIZECHANGE_FLUSH]);
+	d_printf("num_perfect_writes:             %u\n", profile_p->writecache_num_perfect_writes);
+	d_printf("num_write_caches:               %u\n", profile_p->writecache_num_write_caches);
+	d_printf("allocated_write_caches:         %u\n", profile_p->writecache_allocated_write_caches);
+	d_printf("************************ SMB Calls *******************************\n");
+	d_printf("mkdir_count:                    %u\n", profile_p->SMBmkdir_count);
+	d_printf("mkdir_time:                     %u\n", profile_p->SMBmkdir_time);
+	d_printf("rmdir_count:                    %u\n", profile_p->SMBrmdir_count);
+	d_printf("rmdir_time:                     %u\n", profile_p->SMBrmdir_time);
+	d_printf("open_count:                     %u\n", profile_p->SMBopen_count);
+	d_printf("open_time:                      %u\n", profile_p->SMBopen_time);
+	d_printf("create_count:                   %u\n", profile_p->SMBcreate_count);
+	d_printf("create_time:                    %u\n", profile_p->SMBcreate_time);
+	d_printf("close_count:                    %u\n", profile_p->SMBclose_count);
+	d_printf("close_time:                     %u\n", profile_p->SMBclose_time);
+	d_printf("flush_count:                    %u\n", profile_p->SMBflush_count);
+	d_printf("flush_time:                     %u\n", profile_p->SMBflush_time);
+	d_printf("unlink_count:                   %u\n", profile_p->SMBunlink_count);
+	d_printf("unlink_time:                    %u\n", profile_p->SMBunlink_time);
+	d_printf("mv_count:                       %u\n", profile_p->SMBmv_count);
+	d_printf("mv_time:                        %u\n", profile_p->SMBmv_time);
+	d_printf("getatr_count:                   %u\n", profile_p->SMBgetatr_count);
+	d_printf("getatr_time:                    %u\n", profile_p->SMBgetatr_time);
+	d_printf("setatr_count:                   %u\n", profile_p->SMBsetatr_count);
+	d_printf("setatr_time:                    %u\n", profile_p->SMBsetatr_time);
+	d_printf("read_count:                     %u\n", profile_p->SMBread_count);
+	d_printf("read_time:                      %u\n", profile_p->SMBread_time);
+	d_printf("write_count:                    %u\n", profile_p->SMBwrite_count);
+	d_printf("write_time:                     %u\n", profile_p->SMBwrite_time);
+	d_printf("lock_count:                     %u\n", profile_p->SMBlock_count);
+	d_printf("lock_time:                      %u\n", profile_p->SMBlock_time);
+	d_printf("unlock_count:                   %u\n", profile_p->SMBunlock_count);
+	d_printf("unlock_time:                    %u\n", profile_p->SMBunlock_time);
+	d_printf("ctemp_count:                    %u\n", profile_p->SMBctemp_count);
+	d_printf("ctemp_time:                     %u\n", profile_p->SMBctemp_time);
+	d_printf("mknew_count:                    %u\n", profile_p->SMBmknew_count);
+	d_printf("mknew_time:                     %u\n", profile_p->SMBmknew_time);
+	d_printf("chkpth_count:                   %u\n", profile_p->SMBchkpth_count);
+	d_printf("chkpth_time:                    %u\n", profile_p->SMBchkpth_time);
+	d_printf("exit_count:                     %u\n", profile_p->SMBexit_count);
+	d_printf("exit_time:                      %u\n", profile_p->SMBexit_time);
+	d_printf("lseek_count:                    %u\n", profile_p->SMBlseek_count);
+	d_printf("lseek_time:                     %u\n", profile_p->SMBlseek_time);
+	d_printf("lockread_count:                 %u\n", profile_p->SMBlockread_count);
+	d_printf("lockread_time:                  %u\n", profile_p->SMBlockread_time);
+	d_printf("writeunlock_count:              %u\n", profile_p->SMBwriteunlock_count);
+	d_printf("writeunlock_time:               %u\n", profile_p->SMBwriteunlock_time);
+	d_printf("readbraw_count:                 %u\n", profile_p->SMBreadbraw_count);
+	d_printf("readbraw_time:                  %u\n", profile_p->SMBreadbraw_time);
+	d_printf("readBmpx_count:                 %u\n", profile_p->SMBreadBmpx_count);
+	d_printf("readBmpx_time:                  %u\n", profile_p->SMBreadBmpx_time);
+	d_printf("readBs_count:                   %u\n", profile_p->SMBreadBs_count);
+	d_printf("readBs_time:                    %u\n", profile_p->SMBreadBs_time);
+	d_printf("writebraw_count:                %u\n", profile_p->SMBwritebraw_count);
+	d_printf("writebraw_time:                 %u\n", profile_p->SMBwritebraw_time);
+	d_printf("writeBmpx_count:                %u\n", profile_p->SMBwriteBmpx_count);
+	d_printf("writeBmpx_time:                 %u\n", profile_p->SMBwriteBmpx_time);
+	d_printf("writeBs_count:                  %u\n", profile_p->SMBwriteBs_count);
+	d_printf("writeBs_time:                   %u\n", profile_p->SMBwriteBs_time);
+	d_printf("writec_count:                   %u\n", profile_p->SMBwritec_count);
+	d_printf("writec_time:                    %u\n", profile_p->SMBwritec_time);
+	d_printf("setattrE_count:                 %u\n", profile_p->SMBsetattrE_count);
+	d_printf("setattrE_time:                  %u\n", profile_p->SMBsetattrE_time);
+	d_printf("getattrE_count:                 %u\n", profile_p->SMBgetattrE_count);
+	d_printf("getattrE_time:                  %u\n", profile_p->SMBgetattrE_time);
+	d_printf("lockingX_count:                 %u\n", profile_p->SMBlockingX_count);
+	d_printf("lockingX_time:                  %u\n", profile_p->SMBlockingX_time);
+	d_printf("trans_count:                    %u\n", profile_p->SMBtrans_count);
+	d_printf("trans_time:                     %u\n", profile_p->SMBtrans_time);
+	d_printf("transs_count:                   %u\n", profile_p->SMBtranss_count);
+	d_printf("transs_time:                    %u\n", profile_p->SMBtranss_time);
+	d_printf("ioctl_count:                    %u\n", profile_p->SMBioctl_count);
+	d_printf("ioctl_time:                     %u\n", profile_p->SMBioctl_time);
+	d_printf("ioctls_count:                   %u\n", profile_p->SMBioctls_count);
+	d_printf("ioctls_time:                    %u\n", profile_p->SMBioctls_time);
+	d_printf("copy_count:                     %u\n", profile_p->SMBcopy_count);
+	d_printf("copy_time:                      %u\n", profile_p->SMBcopy_time);
+	d_printf("move_count:                     %u\n", profile_p->SMBmove_count);
+	d_printf("move_time:                      %u\n", profile_p->SMBmove_time);
+	d_printf("echo_count:                     %u\n", profile_p->SMBecho_count);
+	d_printf("echo_time:                      %u\n", profile_p->SMBecho_time);
+	d_printf("writeclose_count:               %u\n", profile_p->SMBwriteclose_count);
+	d_printf("writeclose_time:                %u\n", profile_p->SMBwriteclose_time);
+	d_printf("openX_count:                    %u\n", profile_p->SMBopenX_count);
+	d_printf("openX_time:                     %u\n", profile_p->SMBopenX_time);
+	d_printf("readX_count:                    %u\n", profile_p->SMBreadX_count);
+	d_printf("readX_time:                     %u\n", profile_p->SMBreadX_time);
+	d_printf("writeX_count:                   %u\n", profile_p->SMBwriteX_count);
+	d_printf("writeX_time:                    %u\n", profile_p->SMBwriteX_time);
+	d_printf("trans2_count:                   %u\n", profile_p->SMBtrans2_count);
+	d_printf("trans2_time:                    %u\n", profile_p->SMBtrans2_time);
+	d_printf("transs2_count:                  %u\n", profile_p->SMBtranss2_count);
+	d_printf("transs2_time:                   %u\n", profile_p->SMBtranss2_time);
+	d_printf("findclose_count:                %u\n", profile_p->SMBfindclose_count);
+	d_printf("findclose_time:                 %u\n", profile_p->SMBfindclose_time);
+	d_printf("findnclose_count:               %u\n", profile_p->SMBfindnclose_count);
+	d_printf("findnclose_time:                %u\n", profile_p->SMBfindnclose_time);
+	d_printf("tcon_count:                     %u\n", profile_p->SMBtcon_count);
+	d_printf("tcon_time:                      %u\n", profile_p->SMBtcon_time);
+	d_printf("tdis_count:                     %u\n", profile_p->SMBtdis_count);
+	d_printf("tdis_time:                      %u\n", profile_p->SMBtdis_time);
+	d_printf("negprot_count:                  %u\n", profile_p->SMBnegprot_count);
+	d_printf("negprot_time:                   %u\n", profile_p->SMBnegprot_time);
+	d_printf("sesssetupX_count:               %u\n", profile_p->SMBsesssetupX_count);
+	d_printf("sesssetupX_time:                %u\n", profile_p->SMBsesssetupX_time);
+	d_printf("ulogoffX_count:                 %u\n", profile_p->SMBulogoffX_count);
+	d_printf("ulogoffX_time:                  %u\n", profile_p->SMBulogoffX_time);
+	d_printf("tconX_count:                    %u\n", profile_p->SMBtconX_count);
+	d_printf("tconX_time:                     %u\n", profile_p->SMBtconX_time);
+	d_printf("dskattr_count:                  %u\n", profile_p->SMBdskattr_count);
+	d_printf("dskattr_time:                   %u\n", profile_p->SMBdskattr_time);
+	d_printf("search_count:                   %u\n", profile_p->SMBsearch_count);
+	d_printf("search_time:                    %u\n", profile_p->SMBsearch_time);
+	d_printf("ffirst_count:                   %u\n", profile_p->SMBffirst_count);
+	d_printf("ffirst_time:                    %u\n", profile_p->SMBffirst_time);
+	d_printf("funique_count:                  %u\n", profile_p->SMBfunique_count);
+	d_printf("funique_time:                   %u\n", profile_p->SMBfunique_time);
+	d_printf("fclose_count:                   %u\n", profile_p->SMBfclose_count);
+	d_printf("fclose_time:                    %u\n", profile_p->SMBfclose_time);
+	d_printf("nttrans_count:                  %u\n", profile_p->SMBnttrans_count);
+	d_printf("nttrans_time:                   %u\n", profile_p->SMBnttrans_time);
+	d_printf("nttranss_count:                 %u\n", profile_p->SMBnttranss_count);
+	d_printf("nttranss_time:                  %u\n", profile_p->SMBnttranss_time);
+	d_printf("ntcreateX_count:                %u\n", profile_p->SMBntcreateX_count);
+	d_printf("ntcreateX_time:                 %u\n", profile_p->SMBntcreateX_time);
+	d_printf("ntcancel_count:                 %u\n", profile_p->SMBntcancel_count);
+	d_printf("ntcancel_time:                  %u\n", profile_p->SMBntcancel_time);
+	d_printf("splopen_count:                  %u\n", profile_p->SMBsplopen_count);
+	d_printf("splopen_time:                   %u\n", profile_p->SMBsplopen_time);
+	d_printf("splwr_count:                    %u\n", profile_p->SMBsplwr_count);
+	d_printf("splwr_time:                     %u\n", profile_p->SMBsplwr_time);
+	d_printf("splclose_count:                 %u\n", profile_p->SMBsplclose_count);
+	d_printf("splclose_time:                  %u\n", profile_p->SMBsplclose_time);
+	d_printf("splretq_count:                  %u\n", profile_p->SMBsplretq_count);
+	d_printf("splretq_time:                   %u\n", profile_p->SMBsplretq_time);
+	d_printf("sends_count:                    %u\n", profile_p->SMBsends_count);
+	d_printf("sends_time:                     %u\n", profile_p->SMBsends_time);
+	d_printf("sendb_count:                    %u\n", profile_p->SMBsendb_count);
+	d_printf("sendb_time:                     %u\n", profile_p->SMBsendb_time);
+	d_printf("fwdname_count:                  %u\n", profile_p->SMBfwdname_count);
+	d_printf("fwdname_time:                   %u\n", profile_p->SMBfwdname_time);
+	d_printf("cancelf_count:                  %u\n", profile_p->SMBcancelf_count);
+	d_printf("cancelf_time:                   %u\n", profile_p->SMBcancelf_time);
+	d_printf("getmac_count:                   %u\n", profile_p->SMBgetmac_count);
+	d_printf("getmac_time:                    %u\n", profile_p->SMBgetmac_time);
+	d_printf("sendstrt_count:                 %u\n", profile_p->SMBsendstrt_count);
+	d_printf("sendstrt_time:                  %u\n", profile_p->SMBsendstrt_time);
+	d_printf("sendend_count:                  %u\n", profile_p->SMBsendend_count);
+	d_printf("sendend_time:                   %u\n", profile_p->SMBsendend_time);
+	d_printf("sendtxt_count:                  %u\n", profile_p->SMBsendtxt_count);
+	d_printf("sendtxt_time:                   %u\n", profile_p->SMBsendtxt_time);
+	d_printf("invalid_count:                  %u\n", profile_p->SMBinvalid_count);
+	d_printf("invalid_time:                   %u\n", profile_p->SMBinvalid_time);
+	d_printf("************************ Pathworks Calls *************************\n");
+	d_printf("setdir_count:                   %u\n", profile_p->pathworks_setdir_count);
+	d_printf("setdir_time:                    %u\n", profile_p->pathworks_setdir_time);
+	d_printf("************************ Trans2 Calls ****************************\n");
+	d_printf("open_count:                     %u\n", profile_p->Trans2_open_count);
+	d_printf("open_time:                      %u\n", profile_p->Trans2_open_time);
+	d_printf("findfirst_count:                %u\n", profile_p->Trans2_findfirst_count);
+	d_printf("findfirst_time:                 %u\n", profile_p->Trans2_findfirst_time);
+	d_printf("findnext_count:                 %u\n", profile_p->Trans2_findnext_count);
+	d_printf("findnext_time:                  %u\n", profile_p->Trans2_findnext_time);
+	d_printf("qfsinfo_count:                  %u\n", profile_p->Trans2_qfsinfo_count);
+	d_printf("qfsinfo_time:                   %u\n", profile_p->Trans2_qfsinfo_time);
+	d_printf("setfsinfo_count:                %u\n", profile_p->Trans2_setfsinfo_count);
+	d_printf("setfsinfo_time:                 %u\n", profile_p->Trans2_setfsinfo_time);
+	d_printf("qpathinfo_count:                %u\n", profile_p->Trans2_qpathinfo_count);
+	d_printf("qpathinfo_time:                 %u\n", profile_p->Trans2_qpathinfo_time);
+	d_printf("setpathinfo_count:              %u\n", profile_p->Trans2_setpathinfo_count);
+	d_printf("setpathinfo_time:               %u\n", profile_p->Trans2_setpathinfo_time);
+	d_printf("qfileinfo_count:                %u\n", profile_p->Trans2_qfileinfo_count);
+	d_printf("qfileinfo_time:                 %u\n", profile_p->Trans2_qfileinfo_time);
+	d_printf("setfileinfo_count:              %u\n", profile_p->Trans2_setfileinfo_count);
+	d_printf("setfileinfo_time:               %u\n", profile_p->Trans2_setfileinfo_time);
+	d_printf("fsctl_count:                    %u\n", profile_p->Trans2_fsctl_count);
+	d_printf("fsctl_time:                     %u\n", profile_p->Trans2_fsctl_time);
+	d_printf("ioctl_count:                    %u\n", profile_p->Trans2_ioctl_count);
+	d_printf("ioctl_time:                     %u\n", profile_p->Trans2_ioctl_time);
+	d_printf("findnotifyfirst_count:          %u\n", profile_p->Trans2_findnotifyfirst_count);
+	d_printf("findnotifyfirst_time:           %u\n", profile_p->Trans2_findnotifyfirst_time);
+	d_printf("findnotifynext_count:           %u\n", profile_p->Trans2_findnotifynext_count);
+	d_printf("findnotifynext_time:            %u\n", profile_p->Trans2_findnotifynext_time);
+	d_printf("mkdir_count:                    %u\n", profile_p->Trans2_mkdir_count);
+	d_printf("mkdir_time:                     %u\n", profile_p->Trans2_mkdir_time);
+	d_printf("session_setup_count:            %u\n", profile_p->Trans2_session_setup_count);
+	d_printf("session_setup_time:             %u\n", profile_p->Trans2_session_setup_time);
+	d_printf("get_dfs_referral_count:         %u\n", profile_p->Trans2_get_dfs_referral_count);
+	d_printf("get_dfs_referral_time:          %u\n", profile_p->Trans2_get_dfs_referral_time);
+	d_printf("report_dfs_inconsistancy_count: %u\n", profile_p->Trans2_report_dfs_inconsistancy_count);
+	d_printf("report_dfs_inconsistancy_time:  %u\n", profile_p->Trans2_report_dfs_inconsistancy_time);
+	d_printf("************************ NT Transact Calls ***********************\n");
+	d_printf("create_count:                   %u\n", profile_p->NT_transact_create_count);
+	d_printf("create_time:                    %u\n", profile_p->NT_transact_create_time);
+	d_printf("ioctl_count:                    %u\n", profile_p->NT_transact_ioctl_count);
+	d_printf("ioctl_time:                     %u\n", profile_p->NT_transact_ioctl_time);
+	d_printf("set_security_desc_count:        %u\n", profile_p->NT_transact_set_security_desc_count);
+	d_printf("set_security_desc_time:         %u\n", profile_p->NT_transact_set_security_desc_time);
+	d_printf("notify_change_count:            %u\n", profile_p->NT_transact_notify_change_count);
+	d_printf("notify_change_time:             %u\n", profile_p->NT_transact_notify_change_time);
+	d_printf("rename_count:                   %u\n", profile_p->NT_transact_rename_count);
+	d_printf("rename_time:                    %u\n", profile_p->NT_transact_rename_time);
+	d_printf("query_security_desc_count:      %u\n", profile_p->NT_transact_query_security_desc_count);
+	d_printf("query_security_desc_time:       %u\n", profile_p->NT_transact_query_security_desc_time);
+	d_printf("************************ ACL Calls *******************************\n");
+	d_printf("get_nt_acl_count:               %u\n", profile_p->get_nt_acl_count);
+	d_printf("get_nt_acl_time:                %u\n", profile_p->get_nt_acl_time);
+	d_printf("fget_nt_acl_count:              %u\n", profile_p->fget_nt_acl_count);
+	d_printf("fget_nt_acl_time:               %u\n", profile_p->fget_nt_acl_time);
+	d_printf("set_nt_acl_count:               %u\n", profile_p->set_nt_acl_count);
+	d_printf("set_nt_acl_time:                %u\n", profile_p->set_nt_acl_time);
+	d_printf("fset_nt_acl_count:              %u\n", profile_p->fset_nt_acl_count);
+	d_printf("fset_nt_acl_time:               %u\n", profile_p->fset_nt_acl_time);
+	d_printf("chmod_acl_count:                %u\n", profile_p->chmod_acl_count);
+	d_printf("chmod_acl_time:                 %u\n", profile_p->chmod_acl_time);
+	d_printf("fchmod_acl_count:               %u\n", profile_p->fchmod_acl_count);
+	d_printf("fchmod_acl_time:                %u\n", profile_p->fchmod_acl_time);
+	d_printf("************************ NMBD Calls ****************************\n");
+	d_printf("name_release_count:             %u\n", profile_p->name_release_count);
+	d_printf("name_release_time:              %u\n", profile_p->name_release_time);
+	d_printf("name_refresh_count:             %u\n", profile_p->name_refresh_count);
+	d_printf("name_refresh_time:              %u\n", profile_p->name_refresh_time);
+	d_printf("name_registration_count:        %u\n", profile_p->name_registration_count);
+	d_printf("name_registration_time:         %u\n", profile_p->name_registration_time);
+	d_printf("node_status_count:              %u\n", profile_p->node_status_count);
+	d_printf("node_status_time:               %u\n", profile_p->node_status_time);
+	d_printf("name_query_count:               %u\n", profile_p->name_query_count);
+	d_printf("name_query_time:                %u\n", profile_p->name_query_time);
+	d_printf("host_announce_count:            %u\n", profile_p->host_announce_count);
+	d_printf("host_announce_time:             %u\n", profile_p->host_announce_time);
+	d_printf("workgroup_announce_count:       %u\n", profile_p->workgroup_announce_count);
+	d_printf("workgroup_announce_time:        %u\n", profile_p->workgroup_announce_time);
+	d_printf("local_master_announce_count:    %u\n", profile_p->local_master_announce_count);
+	d_printf("local_master_announce_time:     %u\n", profile_p->local_master_announce_time);
+	d_printf("master_browser_announce_count:  %u\n", profile_p->master_browser_announce_count);
+	d_printf("master_browser_announce_time:   %u\n", profile_p->master_browser_announce_time);
+	d_printf("lm_host_announce_count:         %u\n", profile_p->lm_host_announce_count);
+	d_printf("lm_host_announce_time:          %u\n", profile_p->lm_host_announce_time);
+	d_printf("get_backup_list_count:          %u\n", profile_p->get_backup_list_count);
+	d_printf("get_backup_list_time:           %u\n", profile_p->get_backup_list_time);
+	d_printf("reset_browser_count:            %u\n", profile_p->reset_browser_count);
+	d_printf("reset_browser_time:             %u\n", profile_p->reset_browser_time);
+	d_printf("announce_request_count:         %u\n", profile_p->announce_request_count);
+	d_printf("announce_request_time:          %u\n", profile_p->announce_request_time);
+	d_printf("lm_announce_request_count:      %u\n", profile_p->lm_announce_request_count);
+	d_printf("lm_announce_request_time:       %u\n", profile_p->lm_announce_request_time);
+	d_printf("domain_logon_count:             %u\n", profile_p->domain_logon_count);
+	d_printf("domain_logon_time:              %u\n", profile_p->domain_logon_time);
+	d_printf("sync_browse_lists_count:        %u\n", profile_p->sync_browse_lists_count);
+	d_printf("sync_browse_lists_time:         %u\n", profile_p->sync_browse_lists_time);
+	d_printf("run_elections_count:            %u\n", profile_p->run_elections_count);
+	d_printf("run_elections_time:             %u\n", profile_p->run_elections_time);
+	d_printf("election_count:                 %u\n", profile_p->election_count);
+	d_printf("election_time:                  %u\n", profile_p->election_time);
+
+	return 0;
 }
 
-void Ucrit_addPid(int pid)
+
+static int traverse_fn1(TDB_CONTEXT *tdb, TDB_DATA kbuf, TDB_DATA dbuf, void *state)
 {
-  int i;
-  if ( !Ucrit_IsActive) return;
-  for (i=0;i<Ucrit_MaxPid;i++)
-    if( pid == Ucrit_pid[i] ) return;
-  Ucrit_pid[Ucrit_MaxPid++] = pid;
+	struct connections_data crec;
+
+	if (dbuf.dsize != sizeof(crec))
+		return 0;
+
+	memcpy(&crec, dbuf.dptr, sizeof(crec));
+
+	if (crec.cnum == -1)
+		return 0;
+
+	if (!process_exists(crec.pid) || !Ucrit_checkUsername(uidtoname(crec.uid))) {
+		return 0;
+	}
+
+	d_printf("%-10.10s   %5d   %-12s  %s",
+	       crec.name,(int)crec.pid,
+	       crec.machine,
+	       asctime(LocalTime(&crec.start)));
+
+	return 0;
 }
 
-unsigned int   Ucrit_checkPid(int pid)
+static int traverse_sessionid(TDB_CONTEXT *tdb, TDB_DATA kbuf, TDB_DATA dbuf, void *state)
 {
-  int i;
-  if ( !Ucrit_IsActive) return 1;
-  for (i=0;i<Ucrit_MaxPid;i++)
-    if( pid == Ucrit_pid[i] ) return 1;
-  return 0;
+	struct sessionid sessionid;
+
+	if (dbuf.dsize != sizeof(sessionid))
+		return 0;
+
+	memcpy(&sessionid, dbuf.dptr, sizeof(sessionid));
+
+	if (!process_exists(sessionid.pid) || !Ucrit_checkUsername(uidtoname(sessionid.uid))) {
+		return 0;
+	}
+
+	d_printf("%5d   %-12s  %-12s  %-12s (%s)\n",
+	       (int)sessionid.pid, uidtoname(sessionid.uid), gidtoname(sessionid.gid), 
+	       sessionid.remote_machine, sessionid.hostname);
+	
+	return 0;
 }
 
+
+
+
+ int main(int argc, char *argv[])
+{
+	pstring fname;
+	int c;
+	static int profile_only = 0;
+	static int new_debuglevel = -1;
+	TDB_CONTEXT *tdb;
+	poptContext pc;
+	struct poptOption long_options[] = {
+		{"processes",	'p', POPT_ARG_NONE,	&processes_only},
+		{"verbose",	'v', POPT_ARG_NONE, 	&verbose},
+		{"locks",	'L', POPT_ARG_NONE,	&locks_only},
+		{"shares",	'S', POPT_ARG_NONE,	&shares_only},
+		{"conf",	's', POPT_ARG_STRING,	0, 's'},
+		{"user",        'u', POPT_ARG_STRING,	0, 'u'},
+		{"brief",	'b', POPT_ARG_NONE, 	&brief},
+		{"profile",	'P', POPT_ARG_NONE,	&profile_only},
+		{"byterange",	'B', POPT_ARG_NONE,	&show_brl},
+		{"debug",	'd', POPT_ARG_INT,	&new_debuglevel},
+		{ 0, 0, 0, 0}
+	};
+
+
+	setup_logging(argv[0],True);
+	
+	AllowDebugChange = False;
+	DEBUGLEVEL = 0;
+	dbf = x_stderr;
+	
+	if (getuid() != geteuid()) {
+		d_printf("smbstatus should not be run setuid\n");
+		return(1);
+	}
+
+	pc = poptGetContext(NULL, argc, (const char **) argv, long_options, 
+			    POPT_CONTEXT_KEEP_FIRST);
+	
+	while ((c = poptGetNextOpt(pc)) != EOF) {
+		switch (c) {
+		case 's':
+			pstrcpy(dyn_CONFIGFILE, poptGetOptArg(pc));
+			break;
+		case 'u':                                      
+			Ucrit_addUsername(poptGetOptArg(pc));             
+			break;
+		default:
+			fprintf(stderr, "Usage: %s [-P] [-v] [-L] [-p] [-S] [-s configfile] [-u username] [-d debuglevel]\n", *argv);
+			return (-1);
+		}
+	}
+	
+	if (!lp_load(dyn_CONFIGFILE,False,False,False)) {
+		fprintf(stderr, "Can't load %s - run testparm to debug it\n", dyn_CONFIGFILE);
+		return (-1);
+	}
+	
+	if (new_debuglevel != -1) {
+		DEBUGLEVEL = new_debuglevel;
+	}
+
+	if (verbose) {
+		d_printf("using configfile = %s\n", dyn_CONFIGFILE);
+	}
+	
+	if (profile_only) {
+		return profile_dump();
+	}
+	
+	tdb = tdb_open_log(lock_path("sessionid.tdb"), 0, TDB_DEFAULT, O_RDONLY, 0);
+	if (!tdb) {
+		d_printf("sessionid.tdb not initialised\n");
+	} else {
+		if (locks_only) goto locks;
+
+		d_printf("\nSamba version %s\n",VERSION);
+		d_printf("PID     Username      Group         Machine                        \n");
+		d_printf("-------------------------------------------------------------------\n");
+
+		tdb_traverse(tdb, traverse_sessionid, NULL);
+		tdb_close(tdb);
+	}
+  
+	tdb = tdb_open_log(lock_path("connections.tdb"), 0, TDB_DEFAULT, O_RDONLY, 0);
+	if (!tdb) {
+		d_printf("connections.tdb not initialised\n");
+	}  else  {
+		if (verbose) {
+			d_printf("Opened status file %s\n", fname);
+		}
+
+		if (brief) 
+			exit(0);
+		
+		d_printf("\nService      pid     machine       Connected at\n");
+		d_printf("-------------------------------------------------------\n");
+
+		tdb_traverse(tdb, traverse_fn1, NULL);
+		tdb_close(tdb);
+	}
+
+ locks:
+	if (processes_only) exit(0);
+
+	if (!shares_only) {
+		int ret;
+
+		if (!locking_init(1)) {
+			d_printf("Can't initialise locking module - exiting\n");
+			exit(1);
+		}
+		
+		ret = share_mode_forall(print_share_mode);
+
+		if (ret == 0) {
+			d_printf("No locked files\n");
+		} else if (ret == -1) {
+			d_printf("locked file list truncated\n");
+		}
+		
+		d_printf("\n");
+
+		if (show_brl) {
+			brl_forall(print_brl);
+		}
+		
+		locking_end();
+	}
+
+	return (0);
+}
diff --git a/source3/utils/testparm.c b/source3/utils/testparm.c
index e1f070a4b8..defde6cb2c 100644
--- a/source3/utils/testparm.c
+++ b/source3/utils/testparm.c
@@ -1,8 +1,7 @@
 /* 
-   Unix SMB/Netbios implementation.
-   Version 1.9.
+   Unix SMB/CIFS implementation.
    Test validity of smb.conf
-   Copyright (C) Karl Auer 1993, 1994
+   Copyright (C) Karl Auer 1993, 1994-1998
 
    Extensively modified by Andrew Tridgell, 1995
    
@@ -34,80 +33,280 @@
 
 #include "includes.h"
 #include "smb.h"
-#include "params.h"
-#include "loadparm.h"
 
-/* these live in util.c */
-extern FILE *dbf;
-extern int DEBUGLEVEL;
+extern BOOL AllowDebugChange;
+
+/***********************************************
+ Here we do a set of 'hard coded' checks for bad
+ configuration settings.
+************************************************/
+
+static int do_global_checks(void)
+{
+	int ret = 0;
+	SMB_STRUCT_STAT st;
+
+	if (lp_security() >= SEC_DOMAIN && !lp_encrypted_passwords()) {
+		printf("ERROR: in 'security=domain' mode the 'encrypt passwords' parameter must also be set to 'true'.\n");
+		ret = 1;
+	}
+
+	if (lp_wins_support() && wins_srv_count()) {
+		printf("ERROR: both 'wins support = true' and 'wins server = <server>' \
+cannot be set in the smb.conf file. nmbd will abort with this setting.\n");
+		ret = 1;
+	}
+
+	if (!directory_exist(lp_lockdir(), &st)) {
+		printf("ERROR: lock directory %s does not exist\n",
+		       lp_lockdir());
+		ret = 1;
+	} else if ((st.st_mode & 0777) != 0755) {
+		printf("WARNING: lock directory %s should have permissions 0755 for browsing to work\n",
+		       lp_lockdir());
+		ret = 1;
+	}
+
+	/*
+	 * Password server sanity checks.
+	 */
+
+	if((lp_security() == SEC_SERVER || lp_security() >= SEC_DOMAIN) && !lp_passwordserver()) {
+		pstring sec_setting;
+		if(lp_security() == SEC_SERVER)
+			pstrcpy(sec_setting, "server");
+		else if(lp_security() == SEC_DOMAIN)
+			pstrcpy(sec_setting, "domain");
+
+		printf("ERROR: The setting 'security=%s' requires the 'password server' parameter be set \
+to a valid password server.\n", sec_setting );
+		ret = 1;
+	}
+
+	
+	/*
+	 * Check 'hosts equiv' and 'use rhosts' compatibility with 'hostname lookup' value.
+	 */
+
+	if(*lp_hosts_equiv() && !lp_hostname_lookups()) {
+		printf("ERROR: The setting 'hosts equiv = %s' requires that 'hostname lookups = yes'.\n", lp_hosts_equiv());
+		ret = 1;
+	}
+
+	/*
+	 * Password chat sanity checks.
+	 */
+
+	if(lp_security() == SEC_USER && lp_unix_password_sync()) {
+
+		/*
+		 * Check that we have a valid lp_passwd_program() if not using pam.
+		 */
+
+#ifdef WITH_PAM
+		if (!lp_pam_password_change()) {
+#endif
+
+			if(lp_passwd_program() == NULL) {
+				printf("ERROR: the 'unix password sync' parameter is set and there is no valid 'passwd program' \
+parameter.\n" );
+				ret = 1;
+			} else {
+				pstring passwd_prog;
+				pstring truncated_prog;
+				char *p;
+
+				pstrcpy( passwd_prog, lp_passwd_program());
+				p = passwd_prog;
+				*truncated_prog = '\0';
+				next_token(&p, truncated_prog, NULL, sizeof(pstring));
+
+				if(access(truncated_prog, F_OK) == -1) {
+					printf("ERROR: the 'unix password sync' parameter is set and the 'passwd program' (%s) \
+cannot be executed (error was %s).\n", truncated_prog, strerror(errno) );
+					ret = 1;
+				}
+			}
+
+#ifdef WITH_PAM
+		}
+#endif
+
+		if(lp_passwd_chat() == NULL) {
+			printf("ERROR: the 'unix password sync' parameter is set and there is no valid 'passwd chat' \
+parameter.\n");
+			ret = 1;
+		}
+
+		/*
+		 * Check that we have a valid script and that it hasn't
+		 * been written to expect the old password.
+		 */
+
+		if(lp_encrypted_passwords()) {
+			if(strstr( lp_passwd_chat(), "%o")!=NULL) {
+				printf("ERROR: the 'passwd chat' script [%s] expects to use the old plaintext password \
+via the %%o substitution. With encrypted passwords this is not possible.\n", lp_passwd_chat() );
+				ret = 1;
+			}
+		}
+	}
+
+	return ret;
+}   
+
+static void usage(char *pname)
+{
+	printf("Usage: %s [-sh] [-L servername] [configfilename] [hostname hostIP]\n", pname);
+	printf("\t-s                  Suppress prompt for enter\n");
+	printf("\t-h                  Print usage\n");
+	printf("\t-L servername       Set %%L macro to servername\n");
+	printf("\t-t encoding         Print parameters with encoding\n");
+	printf("\tconfigfilename      Configuration file to test\n");
+	printf("\thostname hostIP.    Hostname and Host IP address to test\n");
+	printf("\t                    against \"host allow\" and \"host deny\"\n");
+	printf("\n");
+}
+
 
 int main(int argc, char *argv[])
 {
+  extern char *optarg;
+  extern int optind;
+  extern fstring local_machine;
   pstring configfile;
+  int opt;
   int s;
+  BOOL silent_mode = False;
+  int ret = 0;
+  pstring term_code;
+
+  *term_code = 0;
 
   setup_logging(argv[0],True);
   
-  charset_initialise();
+  while ((opt = getopt(argc, argv,"shL:t:")) != EOF) {
+  switch (opt) {
+    case 's':
+      silent_mode = True;
+      break;
+    case 'L':
+      fstrcpy(local_machine,optarg);
+      break;
+    case 'h':
+      usage(argv[0]);
+      exit(0);
+      break;
+    case 't':
+      pstrcpy(term_code,optarg);
+      break;
+    default:
+      printf("Incorrect program usage\n");
+      usage(argv[0]);
+      exit(1);
+      break;
+    }
+  }
+
+  argc += (1 - optind);
 
-  if (argc < 2)
-    strcpy(configfile,CONFIGFILE);
-  else
-    strcpy(configfile,argv[1]);
+  if ((argc == 1) || (argc == 3))
+    pstrcpy(configfile, dyn_CONFIGFILE);
+  else if ((argc == 2) || (argc == 4))
+    pstrcpy(configfile,argv[optind]);
 
-  dbf = stdout;
+  dbf = x_stdout;
   DEBUGLEVEL = 2;
+  AllowDebugChange = False;
 
   printf("Load smb config files from %s\n",configfile);
 
-  if (!lp_load(configfile,False))
-    {
+  if (!lp_load(configfile,False,True,False)) {
       printf("Error loading services.\n");
       return(1);
-    }
-
+  }
 
   printf("Loaded services file OK.\n");
 
-  for (s=0;s<1000;s++)
+  ret = do_global_checks();
+
+  for (s=0;s<1000;s++) {
     if (VALID_SNUM(s))
       if (strlen(lp_servicename(s)) > 8) {
-	printf("WARNING: You have some share names that are longer than 8 chars\n");
-	printf("These may give errors while browsing or may not be accessible\nto some older clients\n");
-	break;
+        printf("WARNING: You have some share names that are longer than 8 chars\n");
+        printf("These may give errors while browsing or may not be accessible\nto some older clients\n");
+        break;
+      }
+  }
+
+  for (s=0;s<1000;s++) {
+    if (VALID_SNUM(s)) {
+      char **deny_list = lp_hostsdeny(s);
+      char **allow_list = lp_hostsallow(s);
+      int i;
+      if(deny_list) {
+        for (i=0; deny_list[i]; i++) {
+          char *hasstar = strchr_m(deny_list[i], '*');
+          char *hasquery = strchr_m(deny_list[i], '?');
+          if(hasstar || hasquery) {
+            printf("Invalid character %c in hosts deny list (%s) for service %s.\n",
+                 hasstar ? *hasstar : *hasquery, deny_list[i], lp_servicename(s) );
+	  }
+        }
       }
 
-  if (argc < 4)
-    {
+      if(allow_list) {
+        for (i=0; allow_list[i]; i++) {
+          char *hasstar = strchr_m(allow_list[i], '*');
+          char *hasquery = strchr_m(allow_list[i], '?');
+          if(hasstar || hasquery) {
+            printf("Invalid character %c in hosts allow list (%s) for service %s.\n",
+                 hasstar ? *hasstar : *hasquery, allow_list[i], lp_servicename(s) );
+	  }
+        }
+      }
+
+      if(lp_level2_oplocks(s) && !lp_oplocks(s)) {
+        printf("Invalid combination of parameters for service %s. \
+Level II oplocks can only be set if oplocks are also set.\n",
+               lp_servicename(s) );
+      }
+    }
+  }
+
+  if (argc < 3) {
+    if (!silent_mode) {
       printf("Press enter to see a dump of your service definitions\n");
       fflush(stdout);
       getc(stdin);
-      lp_dump();      
     }
+    lp_dump(stdout,True, lp_numservices());
+  }
   
-  if (argc == 4)
-    {
-      struct from_host f;
-      f.name = argv[2];
-      f.addr = argv[3];
+  if (argc >= 3) {
+    char *cname;
+    char *caddr;
       
-      /* this is totally ugly, a real `quick' hack */
-      for (s=0;s<1000;s++)
-	if (VALID_SNUM(s))
-	  {		 
-	    if (allow_access(lp_hostsdeny(s),lp_hostsallow(s),&f))
-	      {
-		printf("Allow connection from %s (%s) to %s\n",
-		       f.name,f.addr,lp_servicename(s));
-	      }
-	    else
-	      {
-		printf("Deny connection from %s (%s) to %s\n",
-		       f.name,f.addr,lp_servicename(s));
-	      }
-	  }
+    if (argc == 3) {
+      cname = argv[optind];
+      caddr = argv[optind+1];
+    } else {
+      cname = argv[optind+1];
+      caddr = argv[optind+2];
     }
-  return(0);
-}
-
 
+    /* this is totally ugly, a real `quick' hack */
+    for (s=0;s<1000;s++) {
+      if (VALID_SNUM(s)) {		 
+        if (allow_access(lp_hostsdeny(s),lp_hostsallow(s),cname,caddr)) {
+          printf("Allow connection from %s (%s) to %s\n",
+                 cname,caddr,lp_servicename(s));
+        } else {
+          printf("Deny connection from %s (%s) to %s\n",
+                 cname,caddr,lp_servicename(s));
+        }
+      }
+    }
+  }
+  return(ret);
+}
diff --git a/source3/utils/testprns.c b/source3/utils/testprns.c
index 89c615898d..66c8e9bfd6 100644
--- a/source3/utils/testprns.c
+++ b/source3/utils/testprns.c
@@ -1,8 +1,7 @@
 /* 
-   Unix SMB/Netbios implementation.
-   Version 1.9.
+   Unix SMB/CIFS implementation.
    test printer setup
-   Copyright (C) Karl Auer 1993, 1994
+   Copyright (C) Karl Auer 1993, 1994-1998
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -33,11 +32,6 @@
 
 #include "includes.h"
 #include "smb.h"
-#include "pcap.h"
-
-/* these live in util.c */
-extern FILE *dbf;
-extern int DEBUGLEVEL;
 
 int main(int argc, char *argv[])
 {
@@ -45,17 +39,14 @@ int main(int argc, char *argv[])
 
    setup_logging(argv[0],True);
 
-   charset_initialise();
-
    if (argc < 2 || argc > 3)
       printf("Usage: testprns printername [printcapfile]\n");
    else
    {
-      dbf = fopen("test.log", "w");
-      if (dbf == NULL)
+      dbf = x_fopen("test.log", O_WRONLY|O_CREAT|O_TRUNC, 0644);
+      if (dbf == NULL) {
          printf("Unable to open logfile.\n");
-      else
-      {
+      } else {
          DEBUGLEVEL = 3;
          pszTemp = (argc < 3) ? PRINTCAP_NAME : argv[2];
          printf("Looking for printer %s in printcap file %s\n", 
@@ -64,9 +55,8 @@ int main(int argc, char *argv[])
             printf("Printer name %s is not valid.\n", argv[1]);
          else
             printf("Printer name %s is valid.\n", argv[1]);
-         fclose(dbf);
+         x_fclose(dbf);
       }
    }
    return (0);
 }
-
diff --git a/source3/web/.cvsignore b/source3/web/.cvsignore
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/source3/web/.cvsignore
diff --git a/source3/web/cgi.c b/source3/web/cgi.c
new file mode 100644
index 0000000000..e785ce92d8
--- /dev/null
+++ b/source3/web/cgi.c
@@ -0,0 +1,665 @@
+/* 
+   some simple CGI helper routines
+   Copyright (C) Andrew Tridgell 1997-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+
+#include "includes.h"
+#include "smb.h"
+
+#define MAX_VARIABLES 10000
+
+/* set the expiry on fixed pages */
+#define EXPIRY_TIME (60*60*24*7)
+
+#ifdef DEBUG_COMMENTS
+extern void print_title(char *fmt, ...);
+#endif
+
+struct var {
+	char *name;
+	char *value;
+};
+
+static struct var variables[MAX_VARIABLES];
+static int num_variables;
+static int content_length;
+static int request_post;
+static char *query_string;
+static char *baseurl;
+static char *pathinfo;
+static char *C_user;
+static BOOL inetd_server;
+static BOOL got_request;
+
+static void unescape(char *buf)
+{
+	char *p=buf;
+
+	while ((p=strchr_m(p,'+')))
+		*p = ' ';
+
+	p = buf;
+
+	while (p && *p && (p=strchr_m(p,'%'))) {
+		int c1 = p[1];
+		int c2 = p[2];
+
+		if (c1 >= '0' && c1 <= '9')
+			c1 = c1 - '0';
+		else if (c1 >= 'A' && c1 <= 'F')
+			c1 = 10 + c1 - 'A';
+		else if (c1 >= 'a' && c1 <= 'f')
+			c1 = 10 + c1 - 'a';
+		else {p++; continue;}
+
+		if (c2 >= '0' && c2 <= '9')
+			c2 = c2 - '0';
+		else if (c2 >= 'A' && c2 <= 'F')
+			c2 = 10 + c2 - 'A';
+		else if (c2 >= 'a' && c2 <= 'f')
+			c2 = 10 + c2 - 'a';
+		else {p++; continue;}
+			
+		*p = (c1<<4) | c2;
+
+		memcpy(p+1, p+3, strlen(p+3)+1);
+		p++;
+	}
+}
+
+
+static char *grab_line(FILE *f, int *cl)
+{
+	char *ret = NULL;
+	int i = 0;
+	int len = 0;
+
+	while ((*cl)) {
+		int c;
+	
+		if (i == len) {
+			char *ret2;
+			if (len == 0) len = 1024;
+			else len *= 2;
+			ret2 = (char *)Realloc(ret, len);
+			if (!ret2) return ret;
+			ret = ret2;
+		}
+	
+		c = fgetc(f);
+		(*cl)--;
+
+		if (c == EOF) {
+			(*cl) = 0;
+			break;
+		}
+		
+		if (c == '\r') continue;
+
+		if (strchr_m("\n&", c)) break;
+
+		ret[i++] = c;
+
+	}
+	
+
+	ret[i] = 0;
+	return ret;
+}
+
+/***************************************************************************
+  load all the variables passed to the CGI program. May have multiple variables
+  with the same name and the same or different values. Takes a file parameter
+  for simulating CGI invocation eg loading saved preferences.
+  ***************************************************************************/
+void cgi_load_variables(void)
+{
+	static char *line;
+	char *p, *s, *tok;
+	int len, i;
+	FILE *f = stdin;
+
+#ifdef DEBUG_COMMENTS
+	char dummy[100]="";
+	print_title(dummy);
+	d_printf("<!== Start dump in cgi_load_variables() %s ==>\n",__FILE__);
+#endif
+
+	if (!content_length) {
+		p = getenv("CONTENT_LENGTH");
+		len = p?atoi(p):0;
+	} else {
+		len = content_length;
+	}
+
+
+	if (len > 0 && 
+	    (request_post ||
+	     ((s=getenv("REQUEST_METHOD")) && 
+	      strcasecmp(s,"POST")==0))) {
+		while (len && (line=grab_line(f, &len))) {
+			p = strchr_m(line,'=');
+			if (!p) continue;
+			
+			*p = 0;
+			
+			variables[num_variables].name = strdup(line);
+			variables[num_variables].value = strdup(p+1);
+
+			SAFE_FREE(line);
+			
+			if (!variables[num_variables].name || 
+			    !variables[num_variables].value)
+				continue;
+
+			unescape(variables[num_variables].value);
+			unescape(variables[num_variables].name);
+
+#ifdef DEBUG_COMMENTS
+			printf("<!== POST var %s has value \"%s\"  ==>\n",
+			       variables[num_variables].name,
+			       variables[num_variables].value);
+#endif
+			
+			num_variables++;
+			if (num_variables == MAX_VARIABLES) break;
+		}
+	}
+
+	fclose(stdin);
+	open("/dev/null", O_RDWR);
+
+	if ((s=query_string) || (s=getenv("QUERY_STRING"))) {
+		for (tok=strtok(s,"&;");tok;tok=strtok(NULL,"&;")) {
+			p = strchr_m(tok,'=');
+			if (!p) continue;
+			
+			*p = 0;
+			
+			variables[num_variables].name = strdup(tok);
+			variables[num_variables].value = strdup(p+1);
+
+			if (!variables[num_variables].name || 
+			    !variables[num_variables].value)
+				continue;
+
+			unescape(variables[num_variables].value);
+			unescape(variables[num_variables].name);
+
+#ifdef DEBUG_COMMENTS
+                        printf("<!== Commandline var %s has value \"%s\"  ==>\n",
+                               variables[num_variables].name,
+                               variables[num_variables].value);
+#endif						
+			num_variables++;
+			if (num_variables == MAX_VARIABLES) break;
+		}
+
+	}
+#ifdef DEBUG_COMMENTS
+        printf("<!== End dump in cgi_load_variables() ==>\n");   
+#endif
+
+	/* variables from the client are in display charset - convert them
+	   to our internal charset before use */
+	for (i=0;i<num_variables;i++) {
+		pstring dest;
+
+		convert_string(CH_DISPLAY, CH_UNIX, 
+			       variables[i].name, -1, 
+			       dest, sizeof(dest));
+		free(variables[i].name);
+		variables[i].name = strdup(dest);
+
+		convert_string(CH_DISPLAY, CH_UNIX, 
+			       variables[i].value, -1,
+			       dest, sizeof(dest));
+		free(variables[i].value);
+		variables[i].value = strdup(dest);
+	}
+}
+
+
+/***************************************************************************
+  find a variable passed via CGI
+  Doesn't quite do what you think in the case of POST text variables, because
+  if they exist they might have a value of "" or even " ", depending on the 
+  browser. Also doesn't allow for variables[] containing multiple variables
+  with the same name and the same or different values.
+  ***************************************************************************/
+char *cgi_variable(char *name)
+{
+	int i;
+
+	for (i=0;i<num_variables;i++)
+		if (strcmp(variables[i].name, name) == 0)
+			return variables[i].value;
+	return NULL;
+}
+
+/***************************************************************************
+tell a browser about a fatal error in the http processing
+  ***************************************************************************/
+static void cgi_setup_error(char *err, char *header, char *info)
+{
+	if (!got_request) {
+		/* damn browsers don't like getting cut off before they give a request */
+		char line[1024];
+		while (fgets(line, sizeof(line)-1, stdin)) {
+			if (strncasecmp(line,"GET ", 4)==0 || 
+			    strncasecmp(line,"POST ", 5)==0 ||
+			    strncasecmp(line,"PUT ", 4)==0) {
+				break;
+			}
+		}
+	}
+
+	d_printf("HTTP/1.0 %s\r\n%sConnection: close\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><TITLE>%s</TITLE></HEAD><BODY><H1>%s</H1>%s<p></BODY></HTML>\r\n\r\n", err, header, err, err, info);
+	fclose(stdin);
+	fclose(stdout);
+	exit(0);
+}
+
+
+/***************************************************************************
+tell a browser about a fatal authentication error
+  ***************************************************************************/
+static void cgi_auth_error(void)
+{
+	if (inetd_server) {
+                cgi_setup_error("401 Authorization Required", 
+                                "WWW-Authenticate: Basic realm=\"SWAT\"\r\n",
+                                "You must be authenticated to use this service");
+	} else {
+		printf("Content-Type: text/html\r\n");
+
+		printf("\r\n<HTML><HEAD><TITLE>SWAT</TITLE></HEAD>\n");
+		printf("<BODY><H1>Installation Error</H1>\n");
+		printf("SWAT must be installed via inetd. It cannot be run as a CGI script<p>\n");
+		printf("</BODY></HTML>\r\n");
+	}
+	exit(0);
+}
+
+/***************************************************************************
+authenticate when we are running as a CGI
+  ***************************************************************************/
+static void cgi_web_auth(void)
+{
+	char *user = getenv("REMOTE_USER");
+	struct passwd *pwd;
+	char *head = "Content-Type: text/html\r\n\r\n<HTML><BODY><H1>SWAT installation Error</H1>\n";
+	char *tail = "</BODY></HTML>\r\n";
+
+	if (!user) {
+		printf("%sREMOTE_USER not set. Not authenticated by web server.<br>%s\n",
+		       head, tail);
+		exit(0);
+	}
+
+	pwd = getpwnam_alloc(user);
+	if (!pwd) {
+		printf("%sCannot find user %s<br>%s\n", head, user, tail);
+		exit(0);
+	}
+
+	setuid(0);
+	setuid(pwd->pw_uid);
+	if (geteuid() != pwd->pw_uid || getuid() != pwd->pw_uid) {
+		printf("%sFailed to become user %s - uid=%d/%d<br>%s\n", 
+		       head, user, (int)geteuid(), (int)getuid(), tail);
+		exit(0);
+	}
+	passwd_free(&pwd);
+}
+
+/***************************************************************************
+decode a base64 string in-place - simple and slow algorithm
+  ***************************************************************************/
+static void base64_decode(char *s)
+{
+	char *b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+	int bit_offset, byte_offset, idx, i, n;
+	unsigned char *d = (unsigned char *)s;
+	char *p;
+
+	n=i=0;
+
+	while (*s && (p=strchr_m(b64,*s))) {
+		idx = (int)(p - b64);
+		byte_offset = (i*6)/8;
+		bit_offset = (i*6)%8;
+		d[byte_offset] &= ~((1<<(8-bit_offset))-1);
+		if (bit_offset < 3) {
+			d[byte_offset] |= (idx << (2-bit_offset));
+			n = byte_offset+1;
+		} else {
+			d[byte_offset] |= (idx >> (bit_offset-2));
+			d[byte_offset+1] = 0;
+			d[byte_offset+1] |= (idx << (8-(bit_offset-2))) & 0xFF;
+			n = byte_offset+2;
+		}
+		s++; i++;
+	}
+	/* null terminate */
+	d[n] = 0;
+}
+
+/***************************************************************************
+handle a http authentication line
+  ***************************************************************************/
+static BOOL cgi_handle_authorization(char *line)
+{
+	char *p, *user, *user_pass;
+	struct passwd *pass = NULL;
+
+	if (strncasecmp(line,"Basic ", 6)) {
+		goto err;
+	}
+	line += 6;
+	while (line[0] == ' ') line++;
+	base64_decode(line);
+	if (!(p=strchr_m(line,':'))) {
+		/*
+		 * Always give the same error so a cracker
+		 * cannot tell why we fail.
+		 */
+		goto err;
+	}
+	*p = 0;
+	user = line;
+	user_pass = p+1;
+	
+	/*
+	 * Try and get the user from the UNIX password file.
+	 */
+	
+	pass = getpwnam_alloc(user);
+	
+	/*
+	 * Validate the password they have given.
+	 */
+	
+	if NT_STATUS_IS_OK(pass_check(pass, user, user_pass, 
+		      strlen(user_pass), NULL, False)) {
+		
+		if (pass) {
+			/*
+			 * Password was ok.
+			 */
+			
+			become_user_permanently(pass->pw_uid, pass->pw_gid);
+			
+			/* Save the users name */
+			C_user = strdup(user);
+			passwd_free(&pass);
+			return True;
+		}
+	}
+	
+err:
+	cgi_setup_error("401 Bad Authorization", "", 
+			"username or password incorrect");
+
+	passwd_free(&pass);
+	return False;
+}
+
+/***************************************************************************
+is this root?
+  ***************************************************************************/
+BOOL am_root(void)
+{
+	if (geteuid() == 0) {
+		return( True);
+	} else {
+		return( False);
+	}
+}
+
+/***************************************************************************
+return a ptr to the users name
+  ***************************************************************************/
+char *cgi_user_name(void)
+{
+        return(C_user);
+}
+
+
+/***************************************************************************
+handle a file download
+  ***************************************************************************/
+static void cgi_download(char *file)
+{
+	SMB_STRUCT_STAT st;
+	char buf[1024];
+	int fd, l, i;
+	char *p;
+	char *lang;
+
+	/* sanitise the filename */
+	for (i=0;file[i];i++) {
+		if (!isalnum((int)file[i]) && !strchr_m("/.-_", file[i])) {
+			cgi_setup_error("404 File Not Found","",
+					"Illegal character in filename");
+		}
+	}
+
+	if (!file_exist(file, &st)) {
+		cgi_setup_error("404 File Not Found","",
+				"The requested file was not found");
+	}
+
+	fd = web_open(file,O_RDONLY,0);
+	if (fd == -1) {
+		cgi_setup_error("404 File Not Found","",
+				"The requested file was not found");
+	}
+	printf("HTTP/1.0 200 OK\r\n");
+	if ((p=strrchr_m(file,'.'))) {
+		if (strcmp(p,".gif")==0) {
+			printf("Content-Type: image/gif\r\n");
+		} else if (strcmp(p,".jpg")==0) {
+			printf("Content-Type: image/jpeg\r\n");
+		} else if (strcmp(p,".txt")==0) {
+			printf("Content-Type: text/plain\r\n");
+		} else {
+			printf("Content-Type: text/html\r\n");
+		}
+	}
+	printf("Expires: %s\r\n", http_timestring(time(NULL)+EXPIRY_TIME));
+
+	lang = lang_tdb_current();
+	if (lang) {
+		printf("Content-Language: %s\r\n", lang);
+	}
+
+	printf("Content-Length: %d\r\n\r\n", (int)st.st_size);
+	while ((l=read(fd,buf,sizeof(buf)))>0) {
+		fwrite(buf, 1, l, stdout);
+	}
+	close(fd);
+	exit(0);
+}
+
+
+
+
+/**
+ * @brief Setup the CGI framework.
+ *
+ * Setup the cgi framework, handling the possibility that this program
+ * is either run as a true CGI program with a gateway to a web server, or
+ * is itself a mini web server.
+ **/
+void cgi_setup(const char *rootdir, int auth_required)
+{
+	BOOL authenticated = False;
+	char line[1024];
+	char *url=NULL;
+	char *p;
+	char *lang;
+
+	if (chdir(rootdir)) {
+		cgi_setup_error("400 Server Error", "",
+				"chdir failed - the server is not configured correctly");
+	}
+
+	/* Handle the possability we might be running as non-root */
+	sec_init();
+
+	if ((lang=getenv("HTTP_ACCEPT_LANGUAGE"))) {
+		/* if running as a cgi program */
+		web_set_lang(lang);
+	}
+
+	/* maybe we are running under a web server */
+	if (getenv("CONTENT_LENGTH") || getenv("REQUEST_METHOD")) {
+		if (auth_required) {
+			cgi_web_auth();
+		}
+		return;
+	}
+
+	inetd_server = True;
+
+	if (!check_access(1, lp_hostsallow(-1), lp_hostsdeny(-1))) {
+		cgi_setup_error("400 Server Error", "",
+				"Samba is configured to deny access from this client\n<br>Check your \"hosts allow\" and \"hosts deny\" options in smb.conf ");
+	}
+
+	/* we are a mini-web server. We need to read the request from stdin
+	   and handle authentication etc */
+	while (fgets(line, sizeof(line)-1, stdin)) {
+		if (line[0] == '\r' || line[0] == '\n') break;
+		if (strncasecmp(line,"GET ", 4)==0) {
+			got_request = True;
+			url = strdup(&line[4]);
+		} else if (strncasecmp(line,"POST ", 5)==0) {
+			got_request = True;
+			request_post = 1;
+			url = strdup(&line[5]);
+		} else if (strncasecmp(line,"PUT ", 4)==0) {
+			got_request = True;
+			cgi_setup_error("400 Bad Request", "",
+					"This server does not accept PUT requests");
+		} else if (strncasecmp(line,"Authorization: ", 15)==0) {
+			authenticated = cgi_handle_authorization(&line[15]);
+		} else if (strncasecmp(line,"Content-Length: ", 16)==0) {
+			content_length = atoi(&line[16]);
+		} else if (strncasecmp(line,"Accept-Language: ", 17)==0) {
+			web_set_lang(&line[17]);
+		}
+		/* ignore all other requests! */
+	}
+
+	if (auth_required && !authenticated) {
+		cgi_auth_error();
+	}
+
+	if (!url) {
+		cgi_setup_error("400 Bad Request", "",
+				"You must specify a GET or POST request");
+	}
+
+	/* trim the URL */
+	if ((p = strchr_m(url,' ')) || (p=strchr_m(url,'\t'))) {
+		*p = 0;
+	}
+	while (*url && strchr_m("\r\n",url[strlen(url)-1])) {
+		url[strlen(url)-1] = 0;
+	}
+
+	/* anything following a ? in the URL is part of the query string */
+	if ((p=strchr_m(url,'?'))) {
+		query_string = p+1;
+		*p = 0;
+	}
+
+	string_sub(url, "/swat/", "", 0);
+
+	if (url[0] != '/' && strstr(url,"..")==0 && file_exist(url, NULL)) {
+		cgi_download(url);
+	}
+
+	printf("HTTP/1.0 200 OK\r\nConnection: close\r\n");
+	printf("Date: %s\r\n", http_timestring(time(NULL)));
+	baseurl = "";
+	pathinfo = url+1;
+}
+
+
+/***************************************************************************
+return the current pages URL
+  ***************************************************************************/
+char *cgi_baseurl(void)
+{
+	if (inetd_server) {
+		return baseurl;
+	}
+	return getenv("SCRIPT_NAME");
+}
+
+/***************************************************************************
+return the current pages path info
+  ***************************************************************************/
+char *cgi_pathinfo(void)
+{
+	char *r;
+	if (inetd_server) {
+		return pathinfo;
+	}
+	r = getenv("PATH_INFO");
+	if (!r) return "";
+	if (*r == '/') r++;
+	return r;
+}
+
+/***************************************************************************
+return the hostname of the client
+  ***************************************************************************/
+char *cgi_remote_host(void)
+{
+	if (inetd_server) {
+		return get_socket_name(1);
+	}
+	return getenv("REMOTE_HOST");
+}
+
+/***************************************************************************
+return the hostname of the client
+  ***************************************************************************/
+char *cgi_remote_addr(void)
+{
+	if (inetd_server) {
+		return get_socket_addr(1);
+	}
+	return getenv("REMOTE_ADDR");
+}
+
+
+/***************************************************************************
+return True if the request was a POST
+  ***************************************************************************/
+BOOL cgi_waspost(void)
+{
+	if (inetd_server) {
+		return request_post;
+	}
+	return strequal(getenv("REQUEST_METHOD"), "POST");
+}
diff --git a/source3/web/diagnose.c b/source3/web/diagnose.c
new file mode 100644
index 0000000000..73c23ea2bb
--- /dev/null
+++ b/source3/web/diagnose.c
@@ -0,0 +1,66 @@
+/* 
+   Unix SMB/CIFS implementation.
+   diagnosis tools for web admin
+   Copyright (C) Andrew Tridgell 1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "smb.h"
+
+
+/* check to see if nmbd is running on localhost by looking for a __SAMBA__
+   response */
+BOOL nmbd_running(void)
+{
+	extern struct in_addr loopback_ip;
+	int fd, count;
+	struct in_addr *ip_list;
+
+	if ((fd = open_socket_in(SOCK_DGRAM, 0, 3,
+				 interpret_addr("127.0.0.1"), True)) != -1) {
+		if ((ip_list = name_query(fd, "__SAMBA__", 0, 
+					  True, True, loopback_ip,
+					  &count)) != NULL) {
+			SAFE_FREE(ip_list);
+			close(fd);
+			return True;
+		}
+		close (fd);
+	}
+
+	return False;
+}
+
+
+/* check to see if smbd is running on localhost by trying to open a connection
+   then closing it */
+BOOL smbd_running(void)
+{
+	static struct cli_state cli;
+	extern struct in_addr loopback_ip;
+
+	if (!cli_initialise(&cli))
+		return False;
+
+	if (!cli_connect(&cli, "localhost", &loopback_ip)) {
+		cli_shutdown(&cli);
+		return False;
+	}
+
+	cli_shutdown(&cli);
+	return True;
+}
diff --git a/source3/web/neg_lang.c b/source3/web/neg_lang.c
new file mode 100644
index 0000000000..fc115bfd61
--- /dev/null
+++ b/source3/web/neg_lang.c
@@ -0,0 +1,66 @@
+/*
+   Unix SMB/CIFS implementation.
+   SWAT language handling
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+   Created by Ryo Kawahara <rkawa@lbe.co.jp> 
+*/
+
+#include "includes.h"
+
+/*
+  during a file download we first check to see if there is a language
+  specific file available. If there is then use that, otherwise 
+  just open the specified file
+*/
+int web_open(const char *fname, int flags, mode_t mode)
+{
+	char *p = NULL;
+	char *lang = lang_tdb_current();
+	int fd;
+	if (lang) {
+		asprintf(&p, "lang/%s/%s", lang, fname);
+		if (p) {
+			fd = sys_open(p, flags, mode);
+			free(p);
+			if (fd != -1) {
+				return fd;
+			}
+		}
+	}
+
+	/* fall through to default name */
+	return sys_open(fname, flags, mode);
+}
+
+
+/*
+  choose from a list of languages. The list can be comma or space
+  separated
+  Keep choosing until we get a hit 
+*/
+void web_set_lang(const char *lang_list)
+{
+	fstring lang;
+	char *p = (char *)lang_list;
+	
+	while (next_token(&p, lang, ", \t\r\n", sizeof(lang))) {
+		if (lang_tdb_init(lang)) return;
+	}
+	
+	/* it's not an error to not initialise - we just fall back to 
+	   the default */
+}
diff --git a/source3/web/startstop.c b/source3/web/startstop.c
new file mode 100644
index 0000000000..c56320c962
--- /dev/null
+++ b/source3/web/startstop.c
@@ -0,0 +1,104 @@
+/* 
+   Unix SMB/CIFS implementation.
+   start/stop nmbd and smbd
+   Copyright (C) Andrew Tridgell 1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "smb.h"
+#include "dynconfig.h"
+
+/** Need to wait for daemons to startup */
+#define SLEEP_TIME 3
+
+/** Startup smbd from web interface. */
+void start_smbd(void)
+{
+	pstring binfile;
+
+	if (geteuid() != 0) return;
+
+	if (fork()) {
+		sleep(SLEEP_TIME);
+		return;
+	}
+
+	slprintf(binfile, sizeof(pstring) - 1, "%s/smbd", dyn_SBINDIR);
+
+	become_daemon();
+
+	execl(binfile, binfile, "-D", NULL);
+
+	exit(0);
+}
+
+/* startup nmbd */
+void start_nmbd(void)
+{
+	pstring binfile;
+
+	if (geteuid() != 0) return;
+
+	if (fork()) {
+		sleep(SLEEP_TIME);
+		return;
+	}
+
+	slprintf(binfile, sizeof(pstring) - 1, "%s/nmbd", dyn_SBINDIR);
+	
+	become_daemon();
+
+	execl(binfile, binfile, "-D", NULL);
+
+	exit(0);
+}
+
+
+/* stop smbd */
+void stop_smbd(void)
+{
+	pid_t pid = pidfile_pid("smbd");
+
+	if (geteuid() != 0) return;
+
+	if (pid <= 0) return;
+
+	kill(pid, SIGTERM);
+}
+
+/* stop nmbd */
+void stop_nmbd(void)
+{
+	pid_t pid = pidfile_pid("nmbd");
+
+	if (geteuid() != 0) return;
+
+	if (pid <= 0) return;
+
+	kill(pid, SIGTERM);
+}
+
+/* kill a specified process */
+void kill_pid(pid_t pid)
+{
+	if (geteuid() != 0) return;
+
+	if (pid <= 0) return;
+
+	kill(pid, SIGTERM);
+	sleep(SLEEP_TIME);
+}
diff --git a/source3/web/statuspage.c b/source3/web/statuspage.c
new file mode 100644
index 0000000000..62158a5f32
--- /dev/null
+++ b/source3/web/statuspage.c
@@ -0,0 +1,373 @@
+/* 
+   Unix SMB/CIFS implementation.
+   web status page
+   Copyright (C) Andrew Tridgell 1997-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+#define PIDMAP		struct PidMap
+
+PIDMAP {
+	PIDMAP	*next, *prev;
+	pid_t	pid;
+	char	*machine;
+};
+
+static PIDMAP	*pidmap;
+static int	PID_or_Machine;		/* 0 = show PID, else show Machine name */
+
+static pid_t smbd_pid;
+
+/* from 2nd call on, remove old list */
+static void initPid2Machine (void)
+{
+	/* show machine name rather PID on table "Open Files"? */
+	if (PID_or_Machine) {
+		PIDMAP *p;
+
+		for (p = pidmap; p != NULL; ) {
+			DLIST_REMOVE(pidmap, p);
+			SAFE_FREE(p->machine);
+			SAFE_FREE(p);
+		}
+
+		pidmap = NULL;
+	}
+}
+
+/* add new PID <-> Machine name mapping */
+static void addPid2Machine (pid_t pid, char *machine)
+{
+	/* show machine name rather PID on table "Open Files"? */
+	if (PID_or_Machine) {
+		PIDMAP *newmap;
+
+		if ((newmap = (PIDMAP *) malloc (sizeof (PIDMAP))) == NULL) {
+			/* XXX need error message for this?
+			   if malloc fails, PID is always shown */
+			return;
+		}
+
+		newmap->pid = pid;
+		newmap->machine = strdup (machine);
+
+		DLIST_ADD(pidmap, newmap);
+	}
+}
+
+/* lookup PID <-> Machine name mapping */
+static char *mapPid2Machine (pid_t pid)
+{
+	static char pidbuf [64];
+	PIDMAP *map;
+
+	/* show machine name rather PID on table "Open Files"? */
+	if (PID_or_Machine) {
+		for (map = pidmap; map != NULL; map = map->next) {
+			if (pid == map->pid) {
+				if (map->machine == NULL)	/* no machine name */
+					break;			/* show PID */
+
+				return map->machine;
+			}
+		}
+	}
+
+	/* PID not in list or machine name NULL? return pid as string */
+	snprintf (pidbuf, sizeof (pidbuf) - 1, "%d", pid);
+	return pidbuf;
+}
+
+static char *tstring(time_t t)
+{
+	static pstring buf;
+	pstrcpy(buf, asctime(LocalTime(&t)));
+	all_string_sub(buf," ","&nbsp;",sizeof(buf));
+	return buf;
+}
+
+static void print_share_mode(share_mode_entry *e, char *fname)
+{
+	d_printf("<tr><td>%s</td>",_(mapPid2Machine(e->pid)));
+	d_printf("<td>");
+	switch ((e->share_mode>>4)&0xF) {
+	case DENY_NONE: d_printf("DENY_NONE"); break;
+	case DENY_ALL:  d_printf("DENY_ALL   "); break;
+	case DENY_DOS:  d_printf("DENY_DOS   "); break;
+	case DENY_READ: d_printf("DENY_READ  "); break;
+	case DENY_WRITE:d_printf("DENY_WRITE "); break;
+	}
+	d_printf("</td>");
+
+	d_printf("<td>");
+	switch (e->share_mode&0xF) {
+	case 0: d_printf("RDONLY     "); break;
+	case 1: d_printf("WRONLY     "); break;
+	case 2: d_printf("RDWR       "); break;
+	}
+	d_printf("</td>");
+
+	d_printf("<td>");
+	if((e->op_type & 
+	    (EXCLUSIVE_OPLOCK|BATCH_OPLOCK)) == 
+	   (EXCLUSIVE_OPLOCK|BATCH_OPLOCK))
+		d_printf("EXCLUSIVE+BATCH ");
+	else if (e->op_type & EXCLUSIVE_OPLOCK)
+		d_printf("EXCLUSIVE       ");
+	else if (e->op_type & BATCH_OPLOCK)
+		d_printf("BATCH           ");
+	else if (e->op_type & LEVEL_II_OPLOCK)
+		d_printf("LEVEL_II        ");
+	else
+		d_printf("NONE            ");
+	d_printf("</td>");
+
+	d_printf("<td>%s</td><td>%s</td></tr>\n",
+	       fname,tstring(e->time.tv_sec));
+}
+
+
+/* kill off any connections chosen by the user */
+static int traverse_fn1(TDB_CONTEXT *tdb, TDB_DATA kbuf, TDB_DATA dbuf, void* state)
+{
+	struct connections_data crec;
+
+	if (dbuf.dsize != sizeof(crec))
+		return 0;
+
+	memcpy(&crec, dbuf.dptr, sizeof(crec));
+
+	if (crec.cnum == -1 && process_exists(crec.pid)) {
+		char buf[30];
+		slprintf(buf,sizeof(buf)-1,"kill_%d", (int)crec.pid);
+		if (cgi_variable(buf)) {
+			kill_pid(crec.pid);
+		}
+	}
+	return 0;
+}
+
+/* traversal fn for showing machine connections */
+static int traverse_fn2(TDB_CONTEXT *tdb, TDB_DATA kbuf, TDB_DATA dbuf, void* state)
+{
+	struct connections_data crec;
+
+	if (dbuf.dsize != sizeof(crec))
+		return 0;
+
+	memcpy(&crec, dbuf.dptr, sizeof(crec));
+	
+	if (crec.cnum != -1 || !process_exists(crec.pid) || (crec.pid == smbd_pid))
+		return 0;
+
+	addPid2Machine (crec.pid, crec.machine);
+
+	d_printf("<tr><td>%d</td><td>%s</td><td>%s</td><td>%s</td>\n",
+	       (int)crec.pid,
+	       crec.machine,crec.addr,
+	       tstring(crec.start));
+	if (geteuid() == 0) {
+		d_printf("<td><input type=submit value=\"X\" name=\"kill_%d\"></td>\n",
+		       (int)crec.pid);
+	}
+	d_printf("</tr>\n");
+
+	return 0;
+}
+
+/* traversal fn for showing share connections */
+static int traverse_fn3(TDB_CONTEXT *tdb, TDB_DATA kbuf, TDB_DATA dbuf, void* state)
+{
+	struct connections_data crec;
+
+	if (dbuf.dsize != sizeof(crec))
+		return 0;
+
+	memcpy(&crec, dbuf.dptr, sizeof(crec));
+
+	if (crec.cnum == -1 || !process_exists(crec.pid))
+		return 0;
+
+	d_printf("<tr><td>%s</td><td>%s</td><td>%s</td><td>%d</td><td>%s</td><td>%s</td></tr>\n",
+	       crec.name,uidtoname(crec.uid),
+	       gidtoname(crec.gid),(int)crec.pid,
+	       crec.machine,
+	       tstring(crec.start));
+	return 0;
+}
+
+
+/* show the current server status */
+void status_page(void)
+{
+	char *v;
+	int autorefresh=0;
+	int refresh_interval=30;
+	TDB_CONTEXT *tdb;
+
+	smbd_pid = pidfile_pid("smbd");
+
+	if (cgi_variable("smbd_restart")) {
+		stop_smbd();
+		start_smbd();
+	}
+
+	if (cgi_variable("smbd_start")) {
+		start_smbd();
+	}
+
+	if (cgi_variable("smbd_stop")) {
+		stop_smbd();
+	}
+
+	if (cgi_variable("nmbd_restart")) {
+		stop_nmbd();
+		start_nmbd();
+	}
+	if (cgi_variable("nmbd_start")) {
+		start_nmbd();
+	}
+
+	if (cgi_variable("nmbd_stop")) {
+		stop_nmbd();
+	}
+
+	if (cgi_variable("autorefresh")) {
+		autorefresh = 1;
+	} else if (cgi_variable("norefresh")) {
+		autorefresh = 0;
+	} else if (cgi_variable("refresh")) {
+		autorefresh = 1;
+	}
+
+	if ((v=cgi_variable("refresh_interval"))) {
+		refresh_interval = atoi(v);
+	}
+
+	if (cgi_variable("show_client_in_col_1")) {
+		PID_or_Machine = 1;
+	}
+
+	tdb = tdb_open_log(lock_path("connections.tdb"), 0, TDB_DEFAULT, O_RDONLY, 0);
+	if (tdb) tdb_traverse(tdb, traverse_fn1, NULL);
+ 
+	initPid2Machine ();
+
+	d_printf("<H2>%s</H2>\n", _("Server Status"));
+
+	d_printf("<FORM method=post>\n");
+
+	if (!autorefresh) {
+		d_printf("<input type=submit value=\"%s\" name=autorefresh>\n", _("Auto Refresh"));
+		d_printf("<br>%s", _("Refresh Interval: "));
+		d_printf("<input type=text size=2 name=\"refresh_interval\" value=%d>\n", 
+		       refresh_interval);
+	} else {
+		d_printf("<input type=submit value=\"%s\" name=norefresh>\n", _("Stop Refreshing"));
+		d_printf("<br>%s%d\n", _("Refresh Interval: "), refresh_interval);
+		d_printf("<input type=hidden name=refresh value=1>\n");
+	}
+
+	d_printf("<p>\n");
+
+	if (!tdb) {
+		/* open failure either means no connections have been
+                   made */
+	}
+
+
+	d_printf("<table>\n");
+
+	d_printf("<tr><td>%s</td><td>%s</td></tr>", _("version:"), VERSION);
+
+	fflush(stdout);
+	d_printf("<tr><td>%s</td><td>%s</td>\n", _("smbd:"), smbd_running()?_("running"):_("not running"));
+	if (geteuid() == 0) {
+	    if (smbd_running()) {
+		d_printf("<td><input type=submit name=\"smbd_stop\" value=\"%s\"></td>\n", _("Stop smbd"));
+	    } else {
+		d_printf("<td><input type=submit name=\"smbd_start\" value=\"%s\"></td>\n", _("Start smbd"));
+	    }
+	    d_printf("<td><input type=submit name=\"smbd_restart\" value=\"%s\"></td>\n", _("Restart smbd"));
+	}
+	d_printf("</tr>\n");
+
+	fflush(stdout);
+	d_printf("<tr><td>%s</td><td>%s</td>\n", _("nmbd:"), nmbd_running()?_("running"):_("not running"));
+	if (geteuid() == 0) {
+	    if (nmbd_running()) {
+		d_printf("<td><input type=submit name=\"nmbd_stop\" value=\"%s\"></td>\n", _("Stop nmbd"));
+	    } else {
+		d_printf("<td><input type=submit name=\"nmbd_start\" value=\"%s\"></td>\n", _("Start nmbd"));
+	    }
+	    d_printf("<td><input type=submit name=\"nmbd_restart\" value=\"%s\"></td>\n", _("Restart nmbd"));
+	}
+	d_printf("</tr>\n");
+
+	d_printf("</table>\n");
+	fflush(stdout);
+
+	d_printf("<p><h3>%s</h3>\n", _("Active Connections"));
+	d_printf("<table border=1>\n");
+	d_printf("<tr><th>%s</th><th>%s</th><th>%s</th><th>%s</th>\n", _("PID"), _("Client"), _("IP address"), _("Date"));
+	if (geteuid() == 0) {
+		d_printf("<th>%s</th>\n", _("Kill"));
+	}
+	d_printf("</tr>\n");
+
+	if (tdb) tdb_traverse(tdb, traverse_fn2, NULL);
+
+	d_printf("</table><p>\n");
+
+	d_printf("<p><h3>%s</h3>\n", _("Active Shares"));
+	d_printf("<table border=1>\n");
+	d_printf("<tr><th>%s</th><th>%s</th><th>%s</th><th>%s</th><th>%s</th><th>%s</th></tr>\n\n",
+		_("Share"), _("User"), _("Group"), _("PID"), _("Client"), _("Date"));
+
+	if (tdb) tdb_traverse(tdb, traverse_fn3, NULL);
+
+	d_printf("</table><p>\n");
+
+	d_printf("<h3>%s</h3>\n", _("Open Files"));
+	d_printf("<table border=1>\n");
+	d_printf("<tr><th>%s</th><th>%s</th><th>%s</th><th>%s</th><th>%s</th><th>%s</th></tr>\n", _("PID"), _("Sharing"), _("R/W"), _("Oplock"), _("File"), _("Date"));
+
+	locking_init(1);
+	share_mode_forall(print_share_mode);
+	locking_end();
+	d_printf("</table>\n");
+
+	if (tdb) tdb_close(tdb);
+
+	d_printf("<br><input type=submit name=\"show_client_in_col_1\" value=\"Show Client in col 1\">\n");
+	d_printf("<input type=submit name=\"show_pid_in_col_1\" value=\"Show PID in col 1\">\n");
+
+	d_printf("</FORM>\n");
+
+	if (autorefresh) {
+		/* this little JavaScript allows for automatic refresh
+                   of the page. There are other methods but this seems
+                   to be the best alternative */
+		d_printf("<script language=\"JavaScript\">\n");
+		d_printf("<!--\nsetTimeout('window.location.replace(\"%s/status?refresh_interval=%d&refresh=1\")', %d)\n", 
+		       cgi_baseurl(),
+		       refresh_interval,
+		       refresh_interval*1000);
+		d_printf("//-->\n</script>\n");
+	}
+}
diff --git a/source3/web/swat.c b/source3/web/swat.c
new file mode 100644
index 0000000000..955cbb0748
--- /dev/null
+++ b/source3/web/swat.c
@@ -0,0 +1,1119 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Samba Web Administration Tool
+   Copyright (C) Andrew Tridgell 1997-1998
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+/**
+ * @group swat SWAT
+ * @{ 
+ * @file swat.c
+ *
+ * @brief Samba Web Administration Tool.
+ **/
+
+#include "includes.h"
+
+#define GLOBALS_SNUM -1
+
+static BOOL demo_mode = False;
+static BOOL have_write_access = False;
+static BOOL have_read_access = False;
+static int iNumNonAutoPrintServices = 0;
+
+/*
+ * Password Management Globals
+ */
+#define SWAT_USER "username"
+#define OLD_PSWD "old_passwd"
+#define NEW_PSWD "new_passwd"
+#define NEW2_PSWD "new2_passwd"
+#define CHG_S_PASSWD_FLAG "chg_s_passwd_flag"
+#define CHG_R_PASSWD_FLAG "chg_r_passwd_flag"
+#define ADD_USER_FLAG "add_user_flag"
+#define DELETE_USER_FLAG "delete_user_flag"
+#define DISABLE_USER_FLAG "disable_user_flag"
+#define ENABLE_USER_FLAG "enable_user_flag"
+#define RHOST "remote_host"
+
+/* we need these because we link to locking*.o */
+ void become_root(void) {}
+ void unbecome_root(void) {}
+
+/****************************************************************************
+****************************************************************************/
+static int enum_index(int value, struct enum_list *enumlist)
+{
+	int i;
+	for (i=0;enumlist[i].name;i++)
+		if (value == enumlist[i].value) break;
+	return(i);
+}
+
+static char *fix_backslash(char *str)
+{
+	static char newstring[1024];
+	char *p = newstring;
+
+        while (*str) {
+                if (*str == '\\') {*p++ = '\\';*p++ = '\\';}
+                else *p++ = *str;
+                ++str;
+        }
+	*p = '\0';
+	return newstring;
+}
+
+static char *stripspace(char *str)
+{
+static char newstring[1024];
+char *p = newstring;
+
+        while (*str) {
+                if (*str != ' ') *p++ = *str;
+                ++str;
+        }
+	*p = '\0';
+	return newstring;
+}
+
+static char *make_parm_name(char *label)
+{
+	static char parmname[1024];
+	char *p = parmname;
+
+	while (*label) {
+		if (*label == ' ') *p++ = '_';
+		else *p++ = *label;
+		++label;
+	}
+	*p = '\0';
+	return parmname;
+}
+
+/****************************************************************************
+  include a lump of html in a page 
+****************************************************************************/
+static int include_html(char *fname)
+{
+	int fd;
+	char buf[1024];
+	int ret;
+
+	fd = web_open(fname, O_RDONLY, 0);
+
+	if (fd == -1) {
+		d_printf("ERROR: Can't open %s\n", fname);
+		return 0;
+	}
+
+	while ((ret = read(fd, buf, sizeof(buf))) > 0) {
+		write(1, buf, ret);
+	}
+
+	close(fd);
+	return 1;
+}
+
+/****************************************************************************
+  start the page with standard stuff 
+****************************************************************************/
+static void print_header(void)
+{
+	if (!cgi_waspost()) {
+		d_printf("Expires: 0\r\n");
+	}
+	d_printf("Content-type: text/html\r\n\r\n");
+
+	if (!include_html("include/header.html")) {
+		d_printf("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2//EN\">\n");
+		d_printf("<HTML>\n<HEAD>\n<TITLE>Samba Web Administration Tool</TITLE>\n</HEAD>\n<BODY background=\"/swat/images/background.jpg\">\n\n");
+	}
+}
+
+/* *******************************************************************
+   show parameter label with translated name in the following form
+   because showing original and translated label in one line looks
+   too long, and showing translated label only is unusable for
+   heavy users.
+   -------------------------------
+   HELP       security   [combo box][button]
+   SECURITY
+   -------------------------------
+   (capital words are translated by gettext.)
+   if no translation is available, then same form as original is
+   used.
+   "i18n_translated_parm" class is used to change the color of the
+   translated parameter with CSS.
+   **************************************************************** */
+static const char* get_parm_translated(
+	const char* pAnchor, const char* pHelp, const char* pLabel)
+{
+	const char* pTranslated = _(pLabel);
+	static pstring output;
+	if(strcmp(pLabel, pTranslated) != 0)
+	{
+		snprintf(output, sizeof(output),
+		  "<A HREF=\"/swat/help/smb.conf.5.html#%s\" target=\"docs\"> %s</A>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; %s <br><span class=\"i18n_translated_parm\">%s</span>",
+		   pAnchor, pHelp, pLabel, pTranslated);
+		return output;
+	}
+	snprintf(output, sizeof(output), 
+	  "<A HREF=\"/swat/help/smb.conf.5.html#%s\" target=\"docs\"> %s</A>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; %s",
+	  pAnchor, pHelp, pLabel);
+	return output;
+}
+/****************************************************************************
+ finish off the page 
+****************************************************************************/
+static void print_footer(void)
+{
+	if (!include_html("include/footer.html")) {
+		d_printf("\n</BODY>\n</HTML>\n");
+	}
+}
+
+/****************************************************************************
+  display one editable parameter in a form 
+****************************************************************************/
+static void show_parameter(int snum, struct parm_struct *parm)
+{
+	int i;
+	void *ptr = parm->ptr;
+
+	if (parm->class == P_LOCAL && snum >= 0) {
+		ptr = lp_local_ptr(snum, ptr);
+	}
+
+	printf("<tr><td>%s</td><td>", get_parm_translated(stripspace(parm->label), _("Help"), parm->label));
+	switch (parm->type) {
+	case P_CHAR:
+		d_printf("<input type=text size=2 name=\"parm_%s\" value=\"%c\">",
+		       make_parm_name(parm->label), *(char *)ptr);
+		d_printf("<input type=button value=\"%s\" onClick=\"swatform.parm_%s.value=\'%c\'\">",
+			_("Set Default"), make_parm_name(parm->label),(char)(parm->def.cvalue));
+		break;
+
+	case P_LIST:
+		d_printf("<input type=text size=40 name=\"parm_%s\" value=\"",
+			make_parm_name(parm->label));
+		if ((char ***)ptr && *(char ***)ptr && **(char ***)ptr) {
+			char **list = *(char ***)ptr;
+			for (;*list;list++) {
+				d_printf("%s%s", *list, ((*(list+1))?" ":""));
+			}
+		}
+		d_printf("\">");
+		d_printf("<input type=button value=\"%s\" onClick=\"swatform.parm_%s.value=\'",
+			_("Set Default"), make_parm_name(parm->label));
+		if (parm->def.lvalue) {
+			char **list = (char **)(parm->def.lvalue);
+			for (; *list; list++) {
+				d_printf("%s%s", *list, ((*(list+1))?" ":""));
+			}
+		}
+		d_printf("\'\">");
+		break;
+
+	case P_STRING:
+	case P_USTRING:
+		d_printf("<input type=text size=40 name=\"parm_%s\" value=\"%s\">",
+		       make_parm_name(parm->label), *(char **)ptr);
+		d_printf("<input type=button value=\"%s\" onClick=\"swatform.parm_%s.value=\'%s\'\">",
+			_("Set Default"), make_parm_name(parm->label),fix_backslash((char *)(parm->def.svalue)));
+		break;
+
+	case P_GSTRING:
+	case P_UGSTRING:
+		d_printf("<input type=text size=40 name=\"parm_%s\" value=\"%s\">",
+		       make_parm_name(parm->label), (char *)ptr);
+		d_printf("<input type=button value=\"%s\" onClick=\"swatform.parm_%s.value=\'%s\'\">",
+			_("Set Default"), make_parm_name(parm->label),fix_backslash((char *)(parm->def.svalue)));
+		break;
+
+	case P_BOOL:
+		d_printf("<select name=\"parm_%s\">",make_parm_name(parm->label)); 
+		d_printf("<option %s>Yes", (*(BOOL *)ptr)?"selected":"");
+		d_printf("<option %s>No", (*(BOOL *)ptr)?"":"selected");
+		d_printf("</select>");
+		d_printf("<input type=button value=\"%s\" onClick=\"swatform.parm_%s.selectedIndex=\'%d\'\">",
+			_("Set Default"), make_parm_name(parm->label),(BOOL)(parm->def.bvalue)?0:1);
+		break;
+
+	case P_BOOLREV:
+		d_printf("<select name=\"parm_%s\">",make_parm_name(parm->label)); 
+		d_printf("<option %s>Yes", (*(BOOL *)ptr)?"":"selected");
+		d_printf("<option %s>No", (*(BOOL *)ptr)?"selected":"");
+		d_printf("</select>");
+		d_printf("<input type=button value=\"%s\" onClick=\"swatform.parm_%s.selectedIndex=\'%d\'\">",
+			_("Set Default"), make_parm_name(parm->label),(BOOL)(parm->def.bvalue)?1:0);
+		break;
+
+	case P_INTEGER:
+		d_printf("<input type=text size=8 name=\"parm_%s\" value=%d>", make_parm_name(parm->label), *(int *)ptr);
+		d_printf("<input type=button value=\"%s\" onClick=\"swatform.parm_%s.value=\'%d\'\">",
+			_("Set Default"), make_parm_name(parm->label),(int)(parm->def.ivalue));
+		break;
+
+	case P_OCTAL:
+		d_printf("<input type=text size=8 name=\"parm_%s\" value=%s>", make_parm_name(parm->label), octal_string(*(int *)ptr));
+		d_printf("<input type=button value=\"%s\" onClick=\"swatform.parm_%s.value=\'%s\'\">",
+		       _("Set Default"), make_parm_name(parm->label),
+		       octal_string((int)(parm->def.ivalue)));
+		break;
+
+	case P_ENUM:
+		d_printf("<select name=\"parm_%s\">",make_parm_name(parm->label)); 
+		for (i=0;parm->enum_list[i].name;i++) {
+			if (i == 0 || parm->enum_list[i].value != parm->enum_list[i-1].value) {
+				d_printf("<option %s>%s",(*(int *)ptr)==parm->enum_list[i].value?"selected":"",parm->enum_list[i].name);
+			}
+		}
+		d_printf("</select>");
+		d_printf("<input type=button value=\"%s\" onClick=\"swatform.parm_%s.selectedIndex=\'%d\'\">",
+			_("Set Default"), make_parm_name(parm->label),enum_index((int)(parm->def.ivalue),parm->enum_list));
+		break;
+	case P_SEP:
+		break;
+	}
+	d_printf("</td></tr>\n");
+}
+
+/****************************************************************************
+  display a set of parameters for a service 
+****************************************************************************/
+static void show_parameters(int snum, int allparameters, int advanced, int printers)
+{
+	int i = 0;
+	struct parm_struct *parm;
+	char *heading = NULL;
+	char *last_heading = NULL;
+
+	while ((parm = lp_next_parameter(snum, &i, allparameters))) {
+		if (snum < 0 && parm->class == P_LOCAL && !(parm->flags & FLAG_GLOBAL))
+			continue;
+		if (parm->class == P_SEPARATOR) {
+			heading = parm->label;
+			continue;
+		}
+		if (parm->flags & FLAG_HIDE) continue;
+		if (snum >= 0) {
+			if (printers & !(parm->flags & FLAG_PRINT)) continue;
+			if (!printers & !(parm->flags & FLAG_SHARE)) continue;
+		}
+		if (!advanced) {
+			if (!(parm->flags & FLAG_BASIC)) {
+				void *ptr = parm->ptr;
+
+				if (parm->class == P_LOCAL && snum >= 0) {
+					ptr = lp_local_ptr(snum, ptr);
+				}
+
+				switch (parm->type) {
+				case P_CHAR:
+					if (*(char *)ptr == (char)(parm->def.cvalue)) continue;
+					break;
+
+				case P_LIST:
+					if (!lp_list_compare(*(char ***)ptr, (char **)(parm->def.lvalue))) continue;
+					break;
+
+				case P_STRING:
+				case P_USTRING:
+					if (!strcmp(*(char **)ptr,(char *)(parm->def.svalue))) continue;
+					break;
+
+				case P_GSTRING:
+				case P_UGSTRING:
+					if (!strcmp((char *)ptr,(char *)(parm->def.svalue))) continue;
+					break;
+
+				case P_BOOL:
+				case P_BOOLREV:
+					if (*(BOOL *)ptr == (BOOL)(parm->def.bvalue)) continue;
+					break;
+
+				case P_INTEGER:
+				case P_OCTAL:
+					if (*(int *)ptr == (int)(parm->def.ivalue)) continue;
+					break;
+
+
+				case P_ENUM:
+					if (*(int *)ptr == (int)(parm->def.ivalue)) continue;
+					break;
+				case P_SEP:
+					continue;
+				}
+			}
+			if (printers && !(parm->flags & FLAG_PRINT)) continue;
+		}
+		if (heading && heading != last_heading) {
+			d_printf("<tr><td></td></tr><tr><td><b><u>%s</u></b></td></tr>\n", _(heading));
+			last_heading = heading;
+		}
+		show_parameter(snum, parm);
+	}
+}
+
+/****************************************************************************
+  load the smb.conf file into loadparm.
+****************************************************************************/
+static BOOL load_config(BOOL save_def)
+{
+	lp_resetnumservices();
+	return lp_load(dyn_CONFIGFILE,False,save_def,False);
+}
+
+/****************************************************************************
+  write a config file 
+****************************************************************************/
+static void write_config(FILE *f, BOOL show_defaults)
+{
+	fprintf(f, "# Samba config file created using SWAT\n");
+	fprintf(f, "# from %s (%s)\n", cgi_remote_host(), cgi_remote_addr());
+	fprintf(f, "# Date: %s\n\n", timestring(False));
+	
+	lp_dump(f, show_defaults, iNumNonAutoPrintServices);
+}
+
+/****************************************************************************
+  save and reoad the smb.conf config file 
+****************************************************************************/
+static int save_reload(int snum)
+{
+	FILE *f;
+	struct stat st;
+
+	f = sys_fopen(dyn_CONFIGFILE,"w");
+	if (!f) {
+		d_printf("failed to open %s for writing\n", dyn_CONFIGFILE);
+		return 0;
+	}
+
+	/* just in case they have used the buggy xinetd to create the file */
+	if (fstat(fileno(f), &st) == 0 &&
+	    (st.st_mode & S_IWOTH)) {
+		fchmod(fileno(f), S_IWUSR | S_IRUSR | S_IRGRP | S_IROTH);
+	}
+
+	write_config(f, False);
+	if (snum)
+		lp_dump_one(f, False, snum);
+	fclose(f);
+
+	lp_killunused(NULL);
+
+	if (!load_config(False)) {
+                d_printf("Can't reload %s\n", dyn_CONFIGFILE);
+                return 0;
+        }
+	iNumNonAutoPrintServices = lp_numservices();
+	load_printers();
+
+	return 1;
+}
+
+/****************************************************************************
+  commit one parameter 
+****************************************************************************/
+static void commit_parameter(int snum, struct parm_struct *parm, char *v)
+{
+	int i;
+	char *s;
+
+	if (snum < 0 && parm->class == P_LOCAL) {
+		/* this handles the case where we are changing a local
+		   variable globally. We need to change the parameter in 
+		   all shares where it is currently set to the default */
+		for (i=0;i<lp_numservices();i++) {
+			s = lp_servicename(i);
+			if (s && (*s) && lp_is_default(i, parm)) {
+				lp_do_parameter(i, parm->label, v);
+			}
+		}
+	}
+
+	lp_do_parameter(snum, parm->label, v);
+}
+
+/****************************************************************************
+  commit a set of parameters for a service 
+****************************************************************************/
+static void commit_parameters(int snum)
+{
+	int i = 0;
+	struct parm_struct *parm;
+	pstring label;
+	char *v;
+
+	while ((parm = lp_next_parameter(snum, &i, 1))) {
+		slprintf(label, sizeof(label)-1, "parm_%s", make_parm_name(parm->label));
+		if ((v = cgi_variable(label))) {
+			if (parm->flags & FLAG_HIDE) continue;
+			commit_parameter(snum, parm, v); 
+		}
+	}
+}
+
+/****************************************************************************
+  spit out the html for a link with an image 
+****************************************************************************/
+static void image_link(const char *name, const char *hlink, const char *src)
+{
+	d_printf("<A HREF=\"%s/%s\"><img border=\"0\" src=\"/swat/%s\" alt=\"%s\"></A>\n", 
+	       cgi_baseurl(), hlink, src, name);
+}
+
+/****************************************************************************
+  display the main navigation controls at the top of each page along
+  with a title 
+****************************************************************************/
+static void show_main_buttons(void)
+{
+	char *p;
+	
+	if ((p = cgi_user_name()) && strcmp(p, "root")) {
+		d_printf(_("Logged in as <b>%s</b><p>\n"), p);
+	}
+
+	image_link(_("Home"), "", "images/home.gif");
+	if (have_write_access) {
+		image_link(_("Globals"), "globals", "images/globals.gif");
+		image_link(_("Shares"), "shares", "images/shares.gif");
+		image_link(_("Printers"), "printers", "images/printers.gif");
+	}
+	if (have_read_access) {
+		image_link(_("Status"), "status", "images/status.gif");
+		image_link(_("View Config"), "viewconfig", "images/viewconfig.gif");
+	}
+	image_link(_("Password Management"), "passwd", "images/passwd.gif");
+
+	d_printf("<HR>\n");
+}
+
+/****************************************************************************
+  display a welcome page  
+****************************************************************************/
+static void welcome_page(void)
+{
+	include_html("help/welcome.html");
+}
+
+/****************************************************************************
+  display the current smb.conf  
+****************************************************************************/
+static void viewconfig_page(void)
+{
+	int full_view=0;
+
+	if (cgi_variable("full_view")) {
+		full_view = 1;
+	}
+
+	d_printf("<H2>%s</H2>\n", _("Current Config"));
+	d_printf("<form method=post>\n");
+
+	if (full_view) {
+		d_printf("<input type=submit name=\"normal_view\" value=\"%s\">\n", _("Normal View"));
+	} else {
+		d_printf("<input type=submit name=\"full_view\" value=\"%s\">\n", _("Full View"));
+	}
+
+	d_printf("<p><pre>");
+	write_config(stdout, full_view);
+	d_printf("</pre>");
+	d_printf("</form>\n");
+}
+
+/****************************************************************************
+  display a globals editing page  
+****************************************************************************/
+static void globals_page(void)
+{
+	int advanced = 0;
+
+	d_printf("<H2>%s</H2>\n", _("Global Variables"));
+
+	if (cgi_variable("Advanced") && !cgi_variable("Basic"))
+		advanced = 1;
+
+	if (cgi_variable("Commit")) {
+		commit_parameters(GLOBALS_SNUM);
+		save_reload(0);
+	}
+
+	d_printf("<FORM name=\"swatform\" method=post>\n");
+
+	if (have_write_access) {
+		d_printf("<input type=submit name=\"Commit\" value=\"%s\">\n",
+			_("Commit Changes"));
+	}
+
+	d_printf("<input type=reset name=\"Reset Values\" value=\"%s\">\n", 
+		 _("Reset Values"));
+	if (advanced == 0) {
+		d_printf("<input type=submit name=\"Advanced\" value=\"%s\">\n", _("Advanced View"));
+	} else {
+		d_printf("<input type=submit name=\"Basic\" value=\"%s\">\n", _("Basic View"));
+	}
+	d_printf("<p>\n");
+	
+	d_printf("<table>\n");
+	show_parameters(GLOBALS_SNUM, 1, advanced, 0);
+	d_printf("</table>\n");
+
+	if (advanced) {
+		d_printf("<input type=hidden name=\"Advanced\" value=1>\n");
+	}
+
+	d_printf("</FORM>\n");
+}
+
+/****************************************************************************
+  display a shares editing page. share is in unix codepage, and must be in
+  dos codepage. FIXME !!! JRA.
+****************************************************************************/
+static void shares_page(void)
+{
+	char *share = cgi_variable("share");
+	char *s;
+	int snum = -1;
+	int i;
+	int advanced = 0;
+
+	if (share)
+		snum = lp_servicenumber(share);
+
+	d_printf("<H2>%s</H2>\n", _("Share Parameters"));
+
+	if (cgi_variable("Advanced") && !cgi_variable("Basic"))
+		advanced = 1;
+
+	if (cgi_variable("Commit") && snum >= 0) {
+		commit_parameters(snum);
+		save_reload(0);
+	}
+
+	if (cgi_variable("Delete") && snum >= 0) {
+		lp_remove_service(snum);
+		save_reload(0);
+		share = NULL;
+		snum = -1;
+	}
+
+	if (cgi_variable("createshare") && (share=cgi_variable("newshare"))) {
+		load_config(False);
+		lp_copy_service(GLOBALS_SNUM, share);
+		iNumNonAutoPrintServices = lp_numservices();
+		save_reload(0);
+		snum = lp_servicenumber(share);
+	}
+
+	d_printf("<FORM name=\"swatform\" method=post>\n");
+
+	d_printf("<table>\n");
+	d_printf("<tr>\n");
+	d_printf("<td><input type=submit name=selectshare value=\"%s\"></td>\n", _("Choose Share"));
+	d_printf("<td><select name=share>\n");
+	if (snum < 0)
+		d_printf("<option value=\" \"> \n");
+	for (i=0;i<lp_numservices();i++) {
+		s = lp_servicename(i);
+		if (s && (*s) && strcmp(s,"IPC$") && !lp_print_ok(i)) {
+			d_printf("<option %s value=\"%s\">%s\n", 
+			       (share && strcmp(share,s)==0)?"SELECTED":"",
+			       s, s);
+		}
+	}
+	d_printf("</select></td>\n");
+	if (have_write_access) {
+		d_printf("<td><input type=submit name=\"Delete\" value=\"%s\"></td>\n", _("Delete Share"));
+	}
+	d_printf("</tr>\n");
+	d_printf("</table>");
+	d_printf("<table>");
+	if (have_write_access) {
+		d_printf("<tr>\n");
+		d_printf("<td><input type=submit name=createshare value=\"%s\"></td>\n", _("Create Share"));
+		d_printf("<td><input type=text size=30 name=newshare></td></tr>\n");
+	}
+	d_printf("</table>");
+
+
+	if (snum >= 0) {
+		if (have_write_access) {
+			d_printf("<input type=submit name=\"Commit\" value=\"%s\">\n", _("Commit Changes"));
+		}
+
+		d_printf("<input type=reset name=\"Reset Values\" value=\"%s\">\n", _("Reset Values"));
+		if (advanced == 0) {
+			d_printf("<input type=submit name=\"Advanced\" value=\"%s\">\n", _("Advanced View"));
+		} else {
+			d_printf("<input type=submit name=\"Basic\" value=\"%s\">\n", _("Basic View"));
+		}
+		d_printf("<p>\n");
+	}
+
+	if (snum >= 0) {
+		d_printf("<table>\n");
+		show_parameters(snum, 1, advanced, 0);
+		d_printf("</table>\n");
+	}
+
+	if (advanced) {
+		d_printf("<input type=hidden name=\"Advanced\" value=1>\n");
+	}
+
+	d_printf("</FORM>\n");
+}
+
+/*************************************************************
+change a password either locally or remotely
+*************************************************************/
+static BOOL change_password(const char *remote_machine, char *user_name, 
+			    char *old_passwd, char *new_passwd, 
+				int local_flags)
+{
+	BOOL ret = False;
+	pstring err_str;
+	pstring msg_str;
+
+	if (demo_mode) {
+		d_printf("%s<p>", _("password change in demo mode rejected\n"));
+		return False;
+	}
+	
+	if (remote_machine != NULL) {
+		ret = remote_password_change(remote_machine, user_name, old_passwd, 
+									 new_passwd, err_str, sizeof(err_str));
+		if(*err_str)
+			d_printf("%s\n<p>", err_str);
+		return ret;
+	}
+
+	if(!initialize_password_db(True)) {
+		d_printf("Can't setup password database vectors.\n<p>");
+		return False;
+	}
+	
+	ret = local_password_change(user_name, local_flags, new_passwd, err_str, sizeof(err_str),
+					 msg_str, sizeof(msg_str));
+
+	if(*msg_str)
+		d_printf("%s\n<p>", msg_str);
+	if(*err_str)
+		d_printf("%s\n<p>", err_str);
+
+	return ret;
+}
+
+/****************************************************************************
+  do the stuff required to add or change a password 
+****************************************************************************/
+static void chg_passwd(void)
+{
+	char *host;
+	BOOL rslt;
+	int local_flags = 0;
+
+	/* Make sure users name has been specified */
+	if (strlen(cgi_variable(SWAT_USER)) == 0) {
+		d_printf("<p>%s", _(" Must specify \"User Name\" \n"));
+		return;
+	}
+
+	/*
+	 * smbpasswd doesn't require anything but the users name to delete, disable or enable the user,
+	 * so if that's what we're doing, skip the rest of the checks
+	 */
+	if (!cgi_variable(DISABLE_USER_FLAG) && !cgi_variable(ENABLE_USER_FLAG) && !cgi_variable(DELETE_USER_FLAG)) {
+
+		/*
+		 * If current user is not root, make sure old password has been specified 
+		 * If REMOTE change, even root must provide old password 
+		 */
+		if (((!am_root()) && (strlen( cgi_variable(OLD_PSWD)) <= 0)) ||
+		    ((cgi_variable(CHG_R_PASSWD_FLAG)) &&  (strlen( cgi_variable(OLD_PSWD)) <= 0))) {
+			d_printf("<p>%s", _(" Must specify \"Old Password\" \n"));
+			return;
+		}
+
+		/* If changing a users password on a remote hosts we have to know what host */
+		if ((cgi_variable(CHG_R_PASSWD_FLAG)) && (strlen( cgi_variable(RHOST)) <= 0)) {
+			d_printf("<p>%s", _(" Must specify \"Remote Machine\" \n"));
+			return;
+		}
+
+		/* Make sure new passwords have been specified */
+		if ((strlen( cgi_variable(NEW_PSWD)) <= 0) ||
+		    (strlen( cgi_variable(NEW2_PSWD)) <= 0)) {
+			d_printf("<p>%s", _(" Must specify \"New, and Re-typed Passwords\" \n"));
+			return;
+		}
+
+		/* Make sure new passwords was typed correctly twice */
+		if (strcmp(cgi_variable(NEW_PSWD), cgi_variable(NEW2_PSWD)) != 0) {
+			d_printf("<p>%s", _(" Re-typed password didn't match new password\n"));
+			return;
+		}
+	}
+
+	if (cgi_variable(CHG_R_PASSWD_FLAG)) {
+		host = cgi_variable(RHOST);
+	} else if (am_root()) {
+		host = NULL;
+	} else {
+		host = "127.0.0.1";
+	}
+
+	/*
+	 * Set up the local flags.
+	 */
+
+	local_flags |= (cgi_variable(ADD_USER_FLAG) ? LOCAL_ADD_USER : 0);
+	local_flags |= (cgi_variable(DELETE_USER_FLAG) ? LOCAL_DELETE_USER : 0);
+	local_flags |= (cgi_variable(ENABLE_USER_FLAG) ? LOCAL_ENABLE_USER : 0);
+	local_flags |= (cgi_variable(DISABLE_USER_FLAG) ? LOCAL_DISABLE_USER : 0);
+
+	rslt = change_password(host,
+			       cgi_variable(SWAT_USER),
+			       cgi_variable(OLD_PSWD), cgi_variable(NEW_PSWD),
+				   local_flags);
+
+	if(local_flags == 0) {
+		d_printf("<p>");
+		if (rslt == True) {
+			d_printf(_(" The passwd for '%s' has been changed. \n"), cgi_variable(SWAT_USER));
+		} else {
+			d_printf(_(" The passwd for '%s' has NOT been changed. \n"), cgi_variable(SWAT_USER));
+		}
+	}
+	
+	return;
+}
+
+/****************************************************************************
+  display a password editing page  
+****************************************************************************/
+static void passwd_page(void)
+{
+	char *new_name = cgi_user_name();
+
+	/* 
+	 * After the first time through here be nice. If the user
+	 * changed the User box text to another users name, remember it.
+	 */
+	if (cgi_variable(SWAT_USER)) {
+		new_name = cgi_variable(SWAT_USER);
+	} 
+
+	if (!new_name) new_name = "";
+
+	d_printf("<H2>%s</H2>\n", _("Server Password Management"));
+
+	d_printf("<FORM name=\"swatform\" method=post>\n");
+
+	d_printf("<table>\n");
+
+	/* 
+	 * Create all the dialog boxes for data collection
+	 */
+	d_printf("<tr><td>%s</td>\n", _(" User Name : "));
+	d_printf("<td><input type=text size=30 name=%s value=%s></td></tr> \n", SWAT_USER, new_name);
+	if (!am_root()) {
+		d_printf("<tr><td>%s</td>\n", _(" Old Password : "));
+		d_printf("<td><input type=password size=30 name=%s></td></tr> \n",OLD_PSWD);
+	}
+	d_printf("<tr><td>%s</td>\n", _(" New Password : "));
+	d_printf("<td><input type=password size=30 name=%s></td></tr>\n",NEW_PSWD);
+	d_printf("<tr><td>%s</td>\n", _(" Re-type New Password : "));
+	d_printf("<td><input type=password size=30 name=%s></td></tr>\n",NEW2_PSWD);
+	d_printf("</table>\n");
+
+	/*
+	 * Create all the control buttons for requesting action
+	 */
+	d_printf("<input type=submit name=%s value=\"%s\">\n", 
+	       CHG_S_PASSWD_FLAG, _("Change Password"));
+	if (demo_mode || am_root()) {
+		d_printf("<input type=submit name=%s value=\"%s\">\n",
+		       ADD_USER_FLAG, _("Add New User"));
+		d_printf("<input type=submit name=%s value=\"%s\">\n",
+		       DELETE_USER_FLAG, _("Delete User"));
+		d_printf("<input type=submit name=%s value=\"%s\">\n", 
+		       DISABLE_USER_FLAG, _("Disable User"));
+		d_printf("<input type=submit name=%s value=\"%s\">\n", 
+		       ENABLE_USER_FLAG, _("Enable User"));
+	}
+	d_printf("<p></FORM>\n");
+
+	/*
+	 * Do some work if change, add, disable or enable was
+	 * requested. It could be this is the first time through this
+	 * code, so there isn't anything to do.  */
+	if ((cgi_variable(CHG_S_PASSWD_FLAG)) || (cgi_variable(ADD_USER_FLAG)) || (cgi_variable(DELETE_USER_FLAG)) ||
+	    (cgi_variable(DISABLE_USER_FLAG)) || (cgi_variable(ENABLE_USER_FLAG))) {
+		chg_passwd();		
+	}
+
+	d_printf("<H2>%s</H2>\n", _("Client/Server Password Management"));
+
+	d_printf("<FORM name=\"swatform\" method=post>\n");
+
+	d_printf("<table>\n");
+
+	/* 
+	 * Create all the dialog boxes for data collection
+	 */
+	d_printf("<tr><td>%s</td>\n", _(" User Name : "));
+	d_printf("<td><input type=text size=30 name=%s value=%s></td></tr>\n",SWAT_USER, new_name);
+	d_printf("<tr><td>%s</td>\n", _(" Old Password : "));
+	d_printf("<td><input type=password size=30 name=%s></td></tr>\n",OLD_PSWD);
+	d_printf("<tr><td>%s</td>\n", _(" New Password : "));
+	d_printf("<td><input type=password size=30 name=%s></td></tr>\n",NEW_PSWD);
+	d_printf("<tr><td>%s</td>\n", _(" Re-type New Password : "));
+	d_printf("<td><input type=password size=30 name=%s></td></tr>\n",NEW2_PSWD);
+	d_printf("<tr><td>%s</td>\n", _(" Remote Machine : "));
+	d_printf("<td><input type=text size=30 name=%s></td></tr>\n",RHOST);
+
+	d_printf("</table>");
+
+	/*
+	 * Create all the control buttons for requesting action
+	 */
+	d_printf("<input type=submit name=%s value=\"%s\">", 
+	       CHG_R_PASSWD_FLAG, _("Change Password"));
+
+	d_printf("<p></FORM>\n");
+
+	/*
+	 * Do some work if a request has been made to change the
+	 * password somewhere other than the server. It could be this
+	 * is the first time through this code, so there isn't
+	 * anything to do.  */
+	if (cgi_variable(CHG_R_PASSWD_FLAG)) {
+		chg_passwd();		
+	}
+
+}
+
+/****************************************************************************
+  display a printers editing page  
+****************************************************************************/
+static void printers_page(void)
+{
+	char *share = cgi_variable("share");
+	char *s;
+	int snum=-1;
+	int i;
+	int advanced = 0;
+
+	if (share)
+		snum = lp_servicenumber(share);
+
+        d_printf("<H2>%s</H2>\n", _("Printer Parameters"));
+ 
+        d_printf("<H3>%s</H3>\n", _("Important Note:"));
+        d_printf(_("Printer names marked with [*] in the Choose Printer drop-down box "));
+        d_printf(_("are autoloaded printers from "));
+        d_printf("<A HREF=\"/swat/help/smb.conf.5.html#printcapname\" target=\"docs\">%s</A>\n", _("Printcap Name"));
+        d_printf(_("Attempting to delete these printers from SWAT will have no effect.\n"));
+
+	if (cgi_variable("Advanced") && !cgi_variable("Basic"))
+		advanced = 1;
+
+	if (cgi_variable("Commit") && snum >= 0) {
+		commit_parameters(snum);
+		if (snum >= iNumNonAutoPrintServices)
+		    save_reload(snum);
+		else
+		    save_reload(0);
+	}
+
+	if (cgi_variable("Delete") && snum >= 0) {
+		lp_remove_service(snum);
+		save_reload(0);
+		share = NULL;
+		snum = -1;
+	}
+
+	if (cgi_variable("createshare") && (share=cgi_variable("newshare"))) {
+		load_config(False);
+		lp_copy_service(GLOBALS_SNUM, share);
+		iNumNonAutoPrintServices = lp_numservices();
+		snum = lp_servicenumber(share);
+		lp_do_parameter(snum, "print ok", "Yes");
+		save_reload(0);
+		snum = lp_servicenumber(share);
+	}
+
+	d_printf("<FORM name=\"swatform\" method=post>\n");
+
+	d_printf("<table>\n");
+	d_printf("<tr><td><input type=submit name=selectshare value=\"%s\"></td>\n", _("Choose Printer"));
+	d_printf("<td><select name=share>\n");
+	if (snum < 0 || !lp_print_ok(snum))
+		d_printf("<option value=\" \"> \n");
+	for (i=0;i<lp_numservices();i++) {
+		s = lp_servicename(i);
+		if (s && (*s) && strcmp(s,"IPC$") && lp_print_ok(i)) {
+                    if (i >= iNumNonAutoPrintServices)
+                        d_printf("<option %s value=\"%s\">[*]%s\n",
+                               (share && strcmp(share,s)==0)?"SELECTED":"",
+                               s, s);
+                    else
+			d_printf("<option %s value=\"%s\">%s\n", 
+			       (share && strcmp(share,s)==0)?"SELECTED":"",
+			       s, s);
+		}
+	}
+	d_printf("</select></td>");
+	if (have_write_access) {
+		d_printf("<td><input type=submit name=\"Delete\" value=\"%s\"></td>\n", _("Delete Printer"));
+	}
+	d_printf("</tr>");
+	d_printf("</table>\n");
+
+	if (have_write_access) {
+		d_printf("<table>\n");
+		d_printf("<tr><td><input type=submit name=createshare value=\"%s\"></td>\n", _("Create Printer"));
+		d_printf("<td><input type=text size=30 name=newshare></td></tr>\n");
+		d_printf("</table>");
+	}
+
+
+	if (snum >= 0) {
+		if (have_write_access) {
+			d_printf("<input type=submit name=\"Commit\" value=\"%s\">\n", _("Commit Changes"));
+		}
+		d_printf("<input type=reset name=\"Reset Values\" value=\"%s\">\n", _("Reset Values"));
+		if (advanced == 0) {
+			d_printf("<input type=submit name=\"Advanced\" value=\"%s\">\n", _("Advanced View"));
+		} else {
+			d_printf("<input type=submit name=\"Basic\" value=\"%s\">\n", _("Basic View"));
+		}
+		d_printf("<p>\n");
+	}
+
+	if (snum >= 0) {
+		d_printf("<table>\n");
+		show_parameters(snum, 1, advanced, 1);
+		d_printf("</table>\n");
+	}
+
+	if (advanced) {
+		d_printf("<input type=hidden name=\"Advanced\" value=1>\n");
+	}
+
+	d_printf("</FORM>\n");
+}
+
+
+/**
+ * main function for SWAT.
+ **/
+ int main(int argc, char *argv[])
+{
+	extern char *optarg;
+	extern int optind;
+	int opt;
+	char *page;
+
+	fault_setup(NULL);
+	umask(S_IWGRP | S_IWOTH);
+
+#if defined(HAVE_SET_AUTH_PARAMETERS)
+	set_auth_parameters(argc, argv);
+#endif /* HAVE_SET_AUTH_PARAMETERS */
+
+	/* just in case it goes wild ... */
+	alarm(300);
+
+	setlinebuf(stdout);
+
+	/* we don't want any SIGPIPE messages */
+	BlockSignals(True,SIGPIPE);
+
+	dbf = x_fopen("/dev/null", O_WRONLY, 0);
+	if (!dbf) dbf = x_stderr;
+
+	/* we don't want stderr screwing us up */
+	close(2);
+	open("/dev/null", O_WRONLY);
+
+	while ((opt = getopt(argc, argv,"s:a")) != EOF) {
+		switch (opt) {
+		case 's':
+			pstrcpy(dyn_CONFIGFILE,optarg);
+			break;	  
+		case 'a':
+			demo_mode = True;
+			break;	  
+		}
+	}
+
+	setup_logging(argv[0],False);
+	load_config(True);
+	iNumNonAutoPrintServices = lp_numservices();
+	load_printers();
+
+	cgi_setup(dyn_SWATDIR, !demo_mode);
+
+	print_header();
+
+	cgi_load_variables();
+
+	if (!file_exist(dyn_CONFIGFILE, NULL)) {
+		have_read_access = True;
+		have_write_access = True;
+	} else {
+		/* check if the authenticated user has write access - if not then
+		   don't show write options */
+		have_write_access = (access(dyn_CONFIGFILE,W_OK) == 0);
+
+		/* if the user doesn't have read access to smb.conf then
+		   don't let them view it */
+		have_read_access = (access(dyn_CONFIGFILE,R_OK) == 0);
+	}
+
+	show_main_buttons();
+
+	page = cgi_pathinfo();
+
+	/* Root gets full functionality */
+	if (have_read_access && strcmp(page, "globals")==0) {
+		globals_page();
+	} else if (have_read_access && strcmp(page,"shares")==0) {
+		shares_page();
+	} else if (have_read_access && strcmp(page,"printers")==0) {
+		printers_page();
+	} else if (have_read_access && strcmp(page,"status")==0) {
+		status_page();
+	} else if (have_read_access && strcmp(page,"viewconfig")==0) {
+		viewconfig_page();
+	} else if (strcmp(page,"passwd")==0) {
+		passwd_page();
+	} else {
+		welcome_page();
+	}
+
+	print_footer();
+	return 0;
+}
+
+/** @} **/
diff --git a/source3/wrepld/parser.c b/source3/wrepld/parser.c
new file mode 100644
index 0000000000..61d8a604ce
--- /dev/null
+++ b/source3/wrepld/parser.c
@@ -0,0 +1,694 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Jean François Micouleau      1998-2002.
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+#include "wins_repl.h"
+
+extern TALLOC_CTX *mem_ctx;
+
+/****************************************************************************
+grow the send buffer if necessary
+****************************************************************************/
+static BOOL grow_buffer(struct BUFFER *buffer, int more)
+{
+	char *temp;
+
+	DEBUG(10,("grow_buffer: size is: %d offet is:%d growing by %d\n", buffer->length, buffer->offset, more));
+	
+	if (buffer->offset+more >= buffer->length) {
+		temp=(char *)talloc_realloc(mem_ctx, buffer->buffer, sizeof(char)* (buffer->length+256) );
+		if (temp==NULL) {
+			DEBUG(0,("grow_buffer: can't grow buffer\n"));
+			return False;
+		}
+		buffer->length+=256;
+		buffer->buffer=temp;
+	}
+
+	return True;
+}
+
+/****************************************************************************
+decode a WINS_OWNER struct
+****************************************************************************/
+static int decode_wins_owner(char *inbuf, int offset, WINS_OWNER *wins_owner)
+{
+	wins_owner->address.s_addr=IVAL(inbuf, offset);
+	offset+=4;
+	wins_owner->max_version=((SMB_BIG_UINT)RIVAL(inbuf, offset))<<32;
+	offset+=4;
+	wins_owner->max_version|=RIVAL(inbuf, offset);
+	offset+=4;
+	wins_owner->min_version=((SMB_BIG_UINT)RIVAL(inbuf, offset))<<32;
+	offset+=4;
+	wins_owner->min_version|=RIVAL(inbuf, offset);
+	offset+=4;
+	wins_owner->type=RIVAL(inbuf, offset);
+	offset+=4;
+
+	return offset;
+}
+
+/****************************************************************************
+decode a WINS_NAME struct
+****************************************************************************/
+static int decode_wins_name(char *outbuf, int offset, WINS_NAME *wins_name)
+{	
+	char *p;
+	int i;
+
+	wins_name->name_len=RIVAL(outbuf, offset);
+	offset+=4;
+	memcpy(wins_name->name,outbuf+offset, 15);
+	wins_name->name[16]='\0';
+	if((p = strchr(wins_name->name,' ')) != NULL)
+		*p = 0;
+
+	offset+=15;
+
+	wins_name->type=(int)outbuf[offset++];
+	
+	/*
+	 * fix to bug in WINS replication,
+	 * present in all versions including W2K SP2 !
+	 */
+	if (wins_name->name[0]==0x1B) {
+		wins_name->name[0]=(char)wins_name->type;
+		wins_name->type=0x1B;
+	}
+	
+	wins_name->empty=RIVAL(outbuf, offset);
+	offset+=4;
+	
+	wins_name->name_flag=RIVAL(outbuf, offset);
+	offset+=4;
+	wins_name->group_flag=RIVAL(outbuf, offset);
+	offset+=4;
+	wins_name->id=((SMB_BIG_UINT)RIVAL(outbuf, offset))<<32;
+	offset+=4;
+	wins_name->id|=RIVAL(outbuf, offset);
+	offset+=4;
+	
+	/* special groups have multiple address */
+	if (wins_name->name_flag & 2) {
+		wins_name->num_ip=IVAL(outbuf, offset);
+		offset+=4;
+	}
+	else
+		wins_name->num_ip=1;
+
+	wins_name->owner.s_addr=IVAL(outbuf, offset);
+	offset+=4;
+
+	if (wins_name->name_flag & 2) {
+		wins_name->others=(struct in_addr *)talloc(mem_ctx, sizeof(struct in_addr)*wins_name->num_ip);
+		if (wins_name->others==NULL)
+			return offset;
+
+		for (i=0; i<wins_name->num_ip; i++) {
+			wins_name->others[i].s_addr=IVAL(outbuf, offset);
+			offset+=4;
+		}
+	}
+
+	wins_name->foo=RIVAL(outbuf, offset);
+	offset+=4;
+
+	return offset;
+}
+
+/****************************************************************************
+decode a update notification request
+****************************************************************************/
+static void decode_update_notify_request(char *inbuf, UPDATE_NOTIFY_REQUEST *un_rq)
+{
+	int i;
+	int offset=4;
+
+	un_rq->partner_count=RIVAL(inbuf, 0);
+
+	un_rq->wins_owner=(WINS_OWNER *)talloc(mem_ctx, un_rq->partner_count*sizeof(WINS_OWNER));
+	if (un_rq->wins_owner==NULL)
+		return;
+
+	for (i=0; i<un_rq->partner_count; i++)
+		offset=decode_wins_owner(inbuf, offset, &un_rq->wins_owner[i]);
+
+	un_rq->initiating_wins_server.s_addr=IVAL(inbuf, offset);
+}
+
+/****************************************************************************
+decode a send entries request
+****************************************************************************/
+static void decode_send_entries_request(char *inbuf, SEND_ENTRIES_REQUEST *se_rq)
+{
+	int offset;
+	offset=decode_wins_owner(inbuf, 0, &se_rq->wins_owner);
+}
+
+/****************************************************************************
+decode a send entries reply
+****************************************************************************/
+static void decode_send_entries_reply(char *inbuf, SEND_ENTRIES_REPLY *se_rp)
+{
+	int i, offset=4;
+	se_rp->max_names = RIVAL(inbuf, 0);
+
+	se_rp->wins_name=(WINS_NAME *)talloc(mem_ctx, se_rp->max_names*sizeof(WINS_NAME));
+	if (se_rp->wins_name==NULL)
+		return;
+
+	for (i=0; i<se_rp->max_names; i++)
+		offset = decode_wins_name(inbuf, offset, &se_rp->wins_name[i]);
+}
+
+/****************************************************************************
+decode a add version number map table reply
+****************************************************************************/
+static void decode_add_version_number_map_table_reply(char *inbuf, AVMT_REP *avmt_rep)
+{
+	int i;
+	int offset=4;
+
+	avmt_rep->partner_count=RIVAL(inbuf, 0);
+
+	avmt_rep->wins_owner=(WINS_OWNER *)talloc(mem_ctx, avmt_rep->partner_count*sizeof(WINS_OWNER));
+	if (avmt_rep->wins_owner==NULL)
+		return;
+
+	for (i=0; i<avmt_rep->partner_count; i++)
+		offset=decode_wins_owner(inbuf, offset, &avmt_rep->wins_owner[i]);
+
+	avmt_rep->initiating_wins_server.s_addr=IVAL(inbuf, offset);
+}
+
+/****************************************************************************
+decode a replicate packet and fill a structure
+****************************************************************************/
+static void decode_replicate(char *inbuf, REPLICATE *rep)
+{
+	rep->msg_type = RIVAL(inbuf, 0);
+
+	switch (rep->msg_type) {
+		case 0:
+			break;
+		case 1:
+			/* add version number map table reply */
+			decode_add_version_number_map_table_reply(inbuf+4, &rep->avmt_rep);
+			break;
+		case 2:
+			/* send entry request */
+			decode_send_entries_request(inbuf+4, &rep->se_rq);
+			break;
+		case 3:
+			/* send entry request */
+			decode_send_entries_reply(inbuf+4, &rep->se_rp);
+			break;
+		case 4:
+			/* update notification request */
+			decode_update_notify_request(inbuf+4, &rep->un_rq);
+			break;
+		default:
+			DEBUG(0,("decode_replicate: unknown message type:%d\n", rep->msg_type));
+			break;
+	}
+}
+
+/****************************************************************************
+read the generic header and fill the struct.
+****************************************************************************/
+static void read_generic_header(char *inbuf, generic_header *q)
+{
+	q->data_size = RIVAL(inbuf,0);
+	q->opcode    = RIVAL(inbuf,4);
+	q->assoc_ctx = RIVAL(inbuf,8);
+	q->mess_type = RIVAL(inbuf,12);
+}
+
+/*******************************************************************
+decode a start association request
+********************************************************************/
+static void decode_start_assoc_request(char *inbuf, START_ASSOC_REQUEST *q)
+{
+	q->assoc_ctx = RIVAL(inbuf, 0);
+	q->min_ver = RSVAL(inbuf, 4);
+	q->maj_ver = RSVAL(inbuf, 6);
+}
+
+/*******************************************************************
+decode a start association reply
+********************************************************************/
+static void decode_start_assoc_reply(char *inbuf, START_ASSOC_REPLY *r)
+{
+	r->assoc_ctx=RIVAL(inbuf, 0);
+	r->min_ver = RSVAL(inbuf, 4);
+	r->maj_ver = RSVAL(inbuf, 6);
+}
+
+/*******************************************************************
+decode a start association reply
+********************************************************************/
+static void decode_stop_assoc(char *inbuf, STOP_ASSOC *r)
+{
+	r->reason=RIVAL(inbuf, 0);
+}
+
+/****************************************************************************
+decode a packet and fill a generic structure
+****************************************************************************/
+void decode_generic_packet(char *inbuf, GENERIC_PACKET *q)
+{
+	read_generic_header(inbuf, &q->header);
+
+	switch (q->header.mess_type) {
+		case 0:
+			decode_start_assoc_request(inbuf+16, &q->sa_rq);
+			break;
+		case 1:
+			decode_start_assoc_reply(inbuf+16, &q->sa_rp);
+			break;
+		case 2:
+			decode_stop_assoc(inbuf+16, &q->so);
+			break;
+		case 3:
+			decode_replicate(inbuf+16, &q->rep);
+			break;
+		default:
+			DEBUG(0,("decode_generic_packet: unknown message type:%d\n", q->header.mess_type));
+			break;
+	}
+}
+
+static void encode_wins_owner(struct BUFFER *outbuf, WINS_OWNER *wins_owner)
+{
+	if (!grow_buffer(outbuf, 24))
+		return;
+
+	SIVAL(outbuf->buffer, outbuf->offset, wins_owner->address.s_addr);
+	outbuf->offset+=4;
+	RSIVAL(outbuf->buffer, outbuf->offset, (int)(wins_owner->max_version>>32));
+	outbuf->offset+=4;
+	RSIVAL(outbuf->buffer, outbuf->offset, (int)(wins_owner->max_version&0xffffffff));
+	outbuf->offset+=4;
+	RSIVAL(outbuf->buffer, outbuf->offset, wins_owner->min_version>>32);
+	outbuf->offset+=4;
+	RSIVAL(outbuf->buffer, outbuf->offset, wins_owner->min_version&0xffffffff);
+	outbuf->offset+=4;
+	RSIVAL(outbuf->buffer, outbuf->offset, wins_owner->type);
+	outbuf->offset+=4;
+	
+}
+
+static void encode_wins_name(struct BUFFER *outbuf, WINS_NAME *wins_name)
+{	
+	int i;
+
+	if (!grow_buffer(outbuf, 48+(4*wins_name->num_ip)))
+		return;
+
+	RSIVAL(outbuf->buffer, outbuf->offset, wins_name->name_len);
+	outbuf->offset+=4;
+	
+	memset(outbuf->buffer+outbuf->offset, ' ', 15);
+
+	/* to prevent copying the leading \0 */
+	memcpy(outbuf->buffer+outbuf->offset, wins_name->name, strlen(wins_name->name));
+	outbuf->offset+=15;		
+
+	outbuf->buffer[outbuf->offset++]=(char)wins_name->type;
+
+	RSIVAL(outbuf->buffer, outbuf->offset, wins_name->empty);
+	outbuf->offset+=4;
+
+	RSIVAL(outbuf->buffer, outbuf->offset, wins_name->name_flag);
+	outbuf->offset+=4;
+	RSIVAL(outbuf->buffer, outbuf->offset, wins_name->group_flag);
+	outbuf->offset+=4;
+	RSIVAL(outbuf->buffer, outbuf->offset, wins_name->id>>32);
+	outbuf->offset+=4;
+	RSIVAL(outbuf->buffer, outbuf->offset, wins_name->id);
+	outbuf->offset+=4;
+
+	if (wins_name->name_flag & 2) {
+		SIVAL(outbuf->buffer, outbuf->offset, wins_name->num_ip);
+		outbuf->offset+=4;
+	}	
+
+	SIVAL(outbuf->buffer, outbuf->offset, wins_name->owner.s_addr);
+	outbuf->offset+=4;
+
+	if (wins_name->name_flag & 2) {
+		for (i=0;i<wins_name->num_ip;i++) {
+			SIVAL(outbuf->buffer, outbuf->offset, wins_name->others[i].s_addr);
+			outbuf->offset+=4;
+		}
+	}	
+
+	RSIVAL(outbuf->buffer, outbuf->offset, wins_name->foo);
+	outbuf->offset+=4;
+}
+
+/****************************************************************************
+decode a update notification request
+****************************************************************************/
+static void encode_update_notify_request(struct BUFFER *outbuf, UPDATE_NOTIFY_REQUEST *un_rq)
+{
+	int i;
+
+	if (!grow_buffer(outbuf, 8))
+		return;
+		
+	RSIVAL(outbuf->buffer, outbuf->offset, un_rq->partner_count);
+	outbuf->offset+=4;
+
+	for (i=0; i<un_rq->partner_count; i++)
+		encode_wins_owner(outbuf,  &un_rq->wins_owner[i]);
+
+	SIVAL(outbuf->buffer, outbuf->offset, un_rq->initiating_wins_server.s_addr);
+	outbuf->offset+=4;
+	
+}
+
+/****************************************************************************
+decode a send entries request
+****************************************************************************/
+static void encode_send_entries_request(struct BUFFER *outbuf, SEND_ENTRIES_REQUEST *se_rq)
+{
+	encode_wins_owner(outbuf, &se_rq->wins_owner);
+}
+
+/****************************************************************************
+decode a send entries reply
+****************************************************************************/
+static void encode_send_entries_reply(struct BUFFER *outbuf, SEND_ENTRIES_REPLY *se_rp)
+{
+	int i;
+
+	if (!grow_buffer(outbuf, 4))
+		return;
+		
+	RSIVAL(outbuf->buffer, outbuf->offset, se_rp->max_names);
+	outbuf->offset+=4;
+
+	for (i=0; i<se_rp->max_names; i++)
+		encode_wins_name(outbuf, &se_rp->wins_name[i]);
+
+}
+
+/****************************************************************************
+encode a add version number map table reply
+****************************************************************************/
+static void encode_add_version_number_map_table_reply(struct BUFFER *outbuf, AVMT_REP *avmt_rep)
+{
+	int i;
+
+	if (!grow_buffer(outbuf, 8))
+		return;
+
+	RSIVAL(outbuf->buffer, outbuf->offset, avmt_rep->partner_count);
+	outbuf->offset+=4;
+	
+	for (i=0; i<avmt_rep->partner_count; i++)
+		encode_wins_owner(outbuf, &avmt_rep->wins_owner[i]);
+
+	SIVAL(outbuf->buffer, outbuf->offset, avmt_rep->initiating_wins_server.s_addr);
+	outbuf->offset+=4;
+	
+}
+
+/****************************************************************************
+decode a replicate packet and fill a structure
+****************************************************************************/
+static void encode_replicate(struct BUFFER *outbuf, REPLICATE *rep)
+{
+	if (!grow_buffer(outbuf, 4))
+		return;
+
+	RSIVAL(outbuf->buffer, outbuf->offset, rep->msg_type);
+	outbuf->offset+=4;
+
+	switch (rep->msg_type) {
+		case 0:
+			break;
+		case 1:
+			/* add version number map table reply */
+			encode_add_version_number_map_table_reply(outbuf, &rep->avmt_rep);
+			break;
+		case 2:
+			/* send entry request */
+			encode_send_entries_request(outbuf, &rep->se_rq);
+			break;
+		case 3:
+			/* send entry request */
+			encode_send_entries_reply(outbuf, &rep->se_rp);
+			break;
+		case 4:
+			/* update notification request */
+			encode_update_notify_request(outbuf, &rep->un_rq);
+			break;
+		default:
+			DEBUG(0,("decode_replicate: unknown message type:%d\n", rep->msg_type));
+			break;
+	}
+}
+
+/****************************************************************************
+write the generic header.
+****************************************************************************/
+static void write_generic_header(struct BUFFER *outbuf, generic_header *r)
+{
+	RSIVAL(outbuf->buffer, 0, r->data_size);
+	RSIVAL(outbuf->buffer, 4, r->opcode);
+	RSIVAL(outbuf->buffer, 8, r->assoc_ctx);
+	RSIVAL(outbuf->buffer,12, r->mess_type);
+}
+
+/*******************************************************************
+decode a start association request
+********************************************************************/
+static void encode_start_assoc_request(struct BUFFER *outbuf, START_ASSOC_REQUEST *q)
+{
+	if (!grow_buffer(outbuf, 45))
+		return;
+
+	RSIVAL(outbuf->buffer, outbuf->offset, q->assoc_ctx);
+	RSSVAL(outbuf->buffer, outbuf->offset+4, q->min_ver);
+	RSSVAL(outbuf->buffer, outbuf->offset+6, q->maj_ver);
+	
+	outbuf->offset=45;
+}
+
+/*******************************************************************
+decode a start association reply
+********************************************************************/
+static void encode_start_assoc_reply(struct BUFFER *outbuf, START_ASSOC_REPLY *r)
+{
+	if (!grow_buffer(outbuf, 45))
+		return;
+
+	RSIVAL(outbuf->buffer, outbuf->offset, r->assoc_ctx);
+	RSSVAL(outbuf->buffer, outbuf->offset+4, r->min_ver);
+	RSSVAL(outbuf->buffer, outbuf->offset+6, r->maj_ver);
+
+	outbuf->offset=45;
+}
+
+/*******************************************************************
+decode a start association reply
+********************************************************************/
+static void encode_stop_assoc(struct BUFFER *outbuf, STOP_ASSOC *r)
+{
+	if (!grow_buffer(outbuf, 44))
+		return;
+
+	RSIVAL(outbuf->buffer, outbuf->offset, r->reason);
+	
+	outbuf->offset=44;
+}
+
+/****************************************************************************
+write the generic header size.
+****************************************************************************/
+static void write_generic_header_size(generic_header *r, int size)
+{
+	/* the buffer size is the total size minus the size field */
+	r->data_size=size-4;
+}
+
+/****************************************************************************
+encode a packet and read a generic structure
+****************************************************************************/
+void encode_generic_packet(struct BUFFER *outbuf, GENERIC_PACKET *q)
+{
+	if (!grow_buffer(outbuf, 16))
+		return;
+
+	outbuf->offset=16;
+
+	switch (q->header.mess_type) {
+		case 0:
+			encode_start_assoc_request(outbuf, &q->sa_rq);
+			break;
+		case 1:
+			encode_start_assoc_reply(outbuf, &q->sa_rp);
+			break;
+		case 2:
+			encode_stop_assoc(outbuf, &q->so);
+			break;
+		case 3:
+			encode_replicate(outbuf, &q->rep);
+			break;
+		default:
+			DEBUG(0,("encode_generic_packet: unknown message type:%d\n", q->header.mess_type));
+			break;
+	}
+	
+	write_generic_header_size(&q->header, outbuf->offset);
+	write_generic_header(outbuf, &q->header);
+}
+
+
+/****************************************************************************
+dump a WINS_OWNER structure
+****************************************************************************/
+static void dump_wins_owner(WINS_OWNER *wins_owner)
+{
+	DEBUGADD(10,("\t\t\t\taddress         : %s\n", inet_ntoa(wins_owner->address)));
+	DEBUGADD(10,("\t\t\t\tmax version: %d\n", (int)wins_owner->max_version));
+	DEBUGADD(10,("\t\t\t\tmin version: %d\n", (int)wins_owner->min_version));
+	DEBUGADD(10,("\t\t\t\ttype            : %d\n", wins_owner->type));
+}
+
+/****************************************************************************
+dump a WINS_NAME structure
+****************************************************************************/
+static void dump_wins_name(WINS_NAME *wins_name)
+{
+	fstring name;
+	int i;
+
+	strncpy(name, wins_name->name, 15);
+
+	DEBUGADD(10,("name: %d, %s<%02x> %x,%x, %d %s %d ", wins_name->name_len, name, wins_name->type,
+		    wins_name->name_flag, wins_name->group_flag, (int)wins_name->id,
+		    inet_ntoa(wins_name->owner), wins_name->num_ip));
+
+	if (wins_name->num_ip!=1)
+		for (i=0; i<wins_name->num_ip; i++)
+			DEBUGADD(10,("%s ", inet_ntoa(wins_name->others[i])));	
+
+	DEBUGADD(10,("\n"));
+}
+
+/****************************************************************************
+dump a replicate structure
+****************************************************************************/
+static void dump_replicate(REPLICATE *rep)
+{
+	int i;
+
+	DEBUGADD(5,("\t\tmsg_type: %d ", rep->msg_type));
+
+	switch (rep->msg_type) {
+		case 0:
+			DEBUGADD(5,("(Add Version Map Table Request)\n"));
+			break;
+		case 1:
+			DEBUGADD(5,("(Add Version Map Table Reply)\n"));
+			DEBUGADD(5,("\t\t\tpartner_count         : %d\n", rep->avmt_rep.partner_count));
+			for (i=0; i<rep->avmt_rep.partner_count; i++)
+				dump_wins_owner(&rep->avmt_rep.wins_owner[i]);
+			DEBUGADD(5,("\t\t\tinitiating_wins_server: %s\n", inet_ntoa(rep->avmt_rep.initiating_wins_server)));
+			break;
+		case 2:
+			DEBUGADD(5,("(Send Entries Request)\n"));
+			dump_wins_owner(&rep->se_rq.wins_owner);
+			break;
+		case 3:
+			DEBUGADD(5,("(Send Entries Reply)\n"));
+			DEBUGADD(5,("\t\t\tmax_names         : %d\n", rep->se_rp.max_names));
+			for (i=0; i<rep->se_rp.max_names; i++)
+				dump_wins_name(&rep->se_rp.wins_name[i]);
+			break;
+		case 4:
+			DEBUGADD(5,("(Update Notify Request)\n"));
+			DEBUGADD(5,("\t\t\tpartner_count         : %d\n", rep->un_rq.partner_count));
+			for (i=0; i<rep->un_rq.partner_count; i++)
+				dump_wins_owner(&rep->un_rq.wins_owner[i]);
+			DEBUGADD(5,("\t\t\tinitiating_wins_server: %s\n", inet_ntoa(rep->un_rq.initiating_wins_server)));
+			break;
+		default:
+			DEBUG(5,("\n"));
+			break;
+	}
+}
+
+/****************************************************************************
+dump a generic structure
+****************************************************************************/
+void dump_generic_packet(GENERIC_PACKET *q)
+{
+	DEBUG(5,("dump_generic_packet:\n"));
+	DEBUGADD(5,("\tdata_size: %08x\n", q->header.data_size));
+	DEBUGADD(5,("\topcode   : %08x\n", q->header.opcode));
+	DEBUGADD(5,("\tassoc_ctx: %08x\n", q->header.assoc_ctx));
+	DEBUGADD(5,("\tmess_type: %08x ", q->header.mess_type));
+
+	switch (q->header.mess_type) {
+		case 0:
+			DEBUGADD(5,("(Start Association Request)\n"));
+			DEBUGADD(5,("\t\tassoc_ctx: %08x\n", q->sa_rq.assoc_ctx));
+			DEBUGADD(5,("\t\tmin_ver  : %04x\n", q->sa_rq.min_ver));
+			DEBUGADD(5,("\t\tmaj_ver  : %04x\n", q->sa_rq.maj_ver));
+			break;
+		case 1:
+			DEBUGADD(5,("(Start Association Reply)\n"));
+			DEBUGADD(5,("\t\tassoc_ctx: %08x\n", q->sa_rp.assoc_ctx));
+			DEBUGADD(5,("\t\tmin_ver  : %04x\n", q->sa_rp.min_ver));
+			DEBUGADD(5,("\t\tmaj_ver  : %04x\n", q->sa_rp.maj_ver));
+			break;
+		case 2:
+			DEBUGADD(5,("(Stop Association)\n"));
+			DEBUGADD(5,("\t\treason: %08x\n", q->so.reason));
+			break;
+		case 3:
+			DEBUGADD(5,("(Replication Message)\n"));
+			dump_replicate(&q->rep);
+			break;
+		default:
+			DEBUG(5,("\n"));
+			break;
+	}
+
+}
+
+/****************************************************************************
+generate a stop packet
+****************************************************************************/
+void stop_packet(GENERIC_PACKET *q, GENERIC_PACKET *r, int reason)
+{
+	r->header.opcode=OPCODE_NON_NBT;
+	r->header.assoc_ctx=get_server_assoc(q->header.assoc_ctx);
+	r->header.mess_type=MESSAGE_TYPE_STOP_ASSOC;
+	r->so.reason=reason;
+	
+}
+
+
diff --git a/source3/wrepld/partners.c b/source3/wrepld/partners.c
new file mode 100644
index 0000000000..abdaeaf2ee
--- /dev/null
+++ b/source3/wrepld/partners.c
@@ -0,0 +1,182 @@
+/* 
+   Unix SMB/CIFS implementation.
+   process incoming packets - main loop
+   Copyright (C) Jean François Micouleau      1998-2002.
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "wins_repl.h"
+
+/* we can exchange info with 64 partners at any given time */
+WINS_PARTNER current_partners[64];
+int total_current_partners;
+
+/*******************************************************************
+verify if we know this partner
+********************************************************************/
+BOOL check_partner(int assoc)
+{
+	int i;
+	
+	for (i=0; i<total_current_partners; i++)
+		if (current_partners[i].client_assoc==assoc)
+			return True;
+
+	return False;
+}
+
+/*******************************************************************
+add a new entry to the list
+********************************************************************/
+BOOL add_partner(int client_assoc, int server_assoc, BOOL pull, BOOL push)
+{
+	if (total_current_partners==64)
+		return False;
+
+	current_partners[total_current_partners].client_assoc=client_assoc;
+	current_partners[total_current_partners].server_assoc=server_assoc;
+	current_partners[total_current_partners].pull_partner=pull;
+	current_partners[total_current_partners].push_partner=push;
+
+	total_current_partners++;
+
+	return True;
+}
+
+/*******************************************************************
+remove an entry to the list
+********************************************************************/
+BOOL remove_partner(int client_assoc)
+{
+	int i,j;
+
+	for (i=0; current_partners[i].client_assoc!=client_assoc && i<total_current_partners; i++)
+		;
+	
+	if (i==total_current_partners)
+		return False;
+
+	for (j=i+1; j<total_current_partners; j++) {
+		current_partners[j-1].client_assoc=current_partners[j].client_assoc;
+		current_partners[j-1].server_assoc=current_partners[j].server_assoc;
+		current_partners[j-1].pull_partner=current_partners[j].pull_partner;
+		current_partners[j-1].push_partner=current_partners[j].push_partner;
+		current_partners[j-1].partner_server.s_addr=current_partners[j].partner_server.s_addr;
+		current_partners[j-1].other_server.s_addr=current_partners[j].other_server.s_addr;
+	}
+
+	total_current_partners--;
+
+	return True;
+}
+
+/*******************************************************************
+link the client and server context
+********************************************************************/
+BOOL update_server_partner(int client_assoc, int server_assoc)
+{
+	int i;
+	
+	for (i=0; i<total_current_partners; i++)
+		if (current_partners[i].client_assoc==client_assoc) {
+			current_partners[i].server_assoc=server_assoc;
+			return True;
+		}
+
+	return False;
+}
+
+/*******************************************************************
+verify if it's a pull partner
+********************************************************************/
+BOOL check_pull_partner(int assoc)
+{
+	int i;
+	
+	for (i=0; i<total_current_partners; i++)
+		if (current_partners[i].client_assoc==assoc &&
+		    current_partners[i].pull_partner==True)
+			return True;
+
+	return False;
+}
+
+/*******************************************************************
+verify if it's a push partner
+********************************************************************/
+BOOL check_push_partner(int assoc)
+{
+	int i;
+	
+	for (i=0; i<total_current_partners; i++)
+		if (current_partners[i].client_assoc==assoc &&
+		    current_partners[i].push_partner==True)
+			return True;
+
+	return False;
+}
+
+/*******************************************************************
+return the server ctx linked to the client ctx
+********************************************************************/
+int get_server_assoc(int assoc)
+{
+	int i;
+	
+	for (i=0; i<total_current_partners; i++)
+		if (current_partners[i].client_assoc==assoc)
+			return current_partners[i].server_assoc;
+
+	return 0;
+}
+
+
+/*******************************************************************
+link the client and server context
+********************************************************************/
+BOOL write_server_assoc_table(int client_assoc, struct in_addr partner, struct in_addr server)
+{
+	int i;
+	
+	for (i=0; i<total_current_partners; i++)
+		if (current_partners[i].client_assoc==client_assoc) {
+			current_partners[i].partner_server=partner;
+			current_partners[i].other_server=server;
+			return True;
+		}
+
+	return False;
+}
+
+/*******************************************************************
+link the client and server context
+********************************************************************/
+BOOL get_server_assoc_table(int client_assoc, struct in_addr *partner, struct in_addr *server)
+{
+	int i;
+	
+	for (i=0; i<total_current_partners; i++)
+		if (current_partners[i].client_assoc==client_assoc) {
+			partner->s_addr=current_partners[i].partner_server.s_addr;
+			server->s_addr=current_partners[i].other_server.s_addr;
+			return True;
+		}
+
+	return False;
+}
+
+
diff --git a/source3/wrepld/process.c b/source3/wrepld/process.c
new file mode 100644
index 0000000000..e63b8a993c
--- /dev/null
+++ b/source3/wrepld/process.c
@@ -0,0 +1,934 @@
+/* 
+   Unix SMB/CIFS implementation.
+   process incoming packets - main loop
+   Copyright (C) Jean François Micouleau      1998-2002.
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "wins_repl.h"
+
+extern fd_set *listen_set;
+extern int listen_number;
+extern int *sock_array;
+
+WINS_OWNER global_wins_table[64][64];
+int partner_count;
+
+TALLOC_CTX *mem_ctx;
+
+#define WINS_LIST "wins.tdb"
+#define INFO_VERSION	"INFO/version"
+#define INFO_COUNT	"INFO/num_entries"
+#define INFO_ID_HIGH	"INFO/id_high"
+#define INFO_ID_LOW	"INFO/id_low"
+#define ENTRY_PREFIX 	"ENTRY/"
+
+
+/*******************************************************************
+fill the header of a reply.
+********************************************************************/
+static void fill_header(GENERIC_PACKET *g, int opcode, int ctx, int mess)
+{
+	if (g==NULL)
+		return;
+
+	g->header.opcode=opcode;
+	g->header.assoc_ctx=ctx;
+	g->header.mess_type=mess;
+}
+
+/*******************************************************************
+dump the global table, that's a debug code.
+********************************************************************/
+static void dump_global_table(void)
+{
+	int i,j;
+	
+	for (i=0;i<partner_count;i++) {
+		DEBUG(0,("\n%d ", i));
+		for (j=0; global_wins_table[i][j].address.s_addr!=0; j++)
+			DEBUG(0,("%s:%d \t", inet_ntoa(global_wins_table[i][j].address),
+				(int)global_wins_table[i][j].max_version));
+	}
+	DEBUG(0,("\n"));
+}
+
+/*******************************************************************
+start association
+********************************************************************/
+static void start_assoc_process(GENERIC_PACKET *q, GENERIC_PACKET *r)
+{
+	/*
+	 * add this request to our current wins partners list
+	 * this list is used to know with who we are in contact
+	 *
+	 */
+	r->sa_rp.assoc_ctx=time(NULL);
+	fill_header(r, OPCODE_NON_NBT, q->sa_rq.assoc_ctx, MESSAGE_TYPE_START_ASSOC_REPLY);
+
+	/* reply we are a NT4 server */
+	
+	/* w2K is min=2, maj=5 */
+	
+	r->sa_rp.min_ver=1;
+	r->sa_rp.maj_ver=1;
+
+	add_partner(r->sa_rp.assoc_ctx, q->sa_rq.assoc_ctx, False, False);
+}
+
+/*******************************************************************
+start association reply
+********************************************************************/
+static void start_assoc_reply(GENERIC_PACKET *q, GENERIC_PACKET *r)
+{
+	int i;
+
+	/* check if we have already registered this client */
+	if (!check_partner(q->header.assoc_ctx)) {
+		DEBUG(0,("start_assoc_reply: unknown client\n"));
+		stop_packet(q, r, STOP_REASON_USER_REASON);
+		return;
+	}
+
+	if (!update_server_partner(q->header.assoc_ctx, q->sa_rp.assoc_ctx)) {
+		DEBUG(0,("start_assoc_reply: can't update server ctx\n"));
+		stop_packet(q, r, STOP_REASON_USER_REASON);
+		return;
+	}
+
+	/* if pull, request map table */	
+	if (check_pull_partner(q->header.assoc_ctx)) {
+		fill_header(r, OPCODE_NON_NBT, get_server_assoc(q->header.assoc_ctx), MESSAGE_TYPE_REPLICATE);
+
+		r->rep.msg_type=MESSAGE_REP_ADD_VERSION_REQUEST;
+		DEBUG(0,("start_assoc_reply: requesting map table\n"));
+
+		return;
+	}
+
+	/* if push, send our table */
+	if (check_push_partner(q->header.assoc_ctx)) {
+		fill_header(r, OPCODE_NON_NBT, get_server_assoc(q->header.assoc_ctx), MESSAGE_TYPE_REPLICATE);
+		r->rep.msg_type=MESSAGE_REP_UPDATE_NOTIFY_REQUEST;
+		r->rep.un_rq.partner_count=partner_count;
+		
+		r->rep.un_rq.wins_owner=(WINS_OWNER *)talloc(mem_ctx, partner_count*sizeof(WINS_OWNER));
+		if (r->rep.un_rq.wins_owner==NULL) {
+			DEBUG(0,("start_assoc_reply: can't alloc memory\n"));
+			stop_packet(q, r, STOP_REASON_USER_REASON);
+			return;
+		}
+
+		for (i=0; i<partner_count; i++)
+			r->rep.un_rq.wins_owner[i]=global_wins_table[0][i];
+		
+		DEBUG(0,("start_assoc_reply: sending update table\n"));
+		return;
+	}
+	
+	/* neither push/pull, stop */
+	/* we should not come here */
+	DEBUG(0,("we have a partner which is neither push nor pull !\n"));
+	stop_packet(q, r, STOP_REASON_USER_REASON);
+}
+
+/****************************************************************************
+initialise and fill the in-memory partner table.
+****************************************************************************/
+int init_wins_partner_table(void)
+{
+	int i=1,j=0,k;
+	char **partner = lp_list_make(lp_wins_partners());
+
+	DEBUG(0, ("init_wins_partner_table: partners: %s\n", lp_wins_partners()));
+
+	global_wins_table[0][0].address=*iface_n_ip(0);
+	global_wins_table[0][0].max_version=0;
+	global_wins_table[0][0].min_version=0;
+	global_wins_table[0][0].type=0;
+
+	while (partner[j]!=NULL) {
+		DEBUG(0,("init_wins_partner_table, adding partner: %s\n", partner[j]));
+		
+		global_wins_table[0][i].address=*interpret_addr2(partner[j]);
+		global_wins_table[0][i].max_version=0;
+		global_wins_table[0][i].min_version=0;
+		global_wins_table[0][i].type=0;
+		global_wins_table[0][i].last_pull=0;
+		global_wins_table[0][i].last_push=0;
+
+		i++;
+		j++;
+	}
+	
+	for (k=1; k<i;k++)
+		for (j=0; j<i; j++)
+			global_wins_table[k][j]=global_wins_table[0][j];
+	
+	lp_list_free (&partner);
+	
+	return i;
+}
+
+/****************************************************************************
+read the last ID from the wins tdb file.
+****************************************************************************/
+static void get_our_last_id(WINS_OWNER *wins_owner)
+{
+	TDB_CONTEXT *tdb;
+
+	tdb = tdb_open_log(lock_path(WINS_LIST), 0, TDB_DEFAULT, O_RDONLY, 0600);
+	if (!tdb) {
+		DEBUG(2,("get_our_last_id: Can't open wins database file %s. Error was %s\n", WINS_LIST, strerror(errno) ));
+		return;
+	}
+	
+	wins_owner->max_version=((SMB_BIG_UINT)tdb_fetch_int32(tdb, INFO_ID_HIGH))<<32 | 
+				 (SMB_BIG_UINT)tdb_fetch_int32(tdb, INFO_ID_LOW);
+
+	tdb_close(tdb);
+}
+
+/****************************************************************************
+send the list of wins server we know.
+****************************************************************************/
+static void send_version_number_map_table(GENERIC_PACKET *q, GENERIC_PACKET *r)
+{
+	int i;
+	int s_ctx=get_server_assoc(q->header.assoc_ctx);
+
+	if (s_ctx==0) {
+		DEBUG(0, ("send_entry_reply: request for a partner not in our table\n"));
+		stop_packet(q, r, STOP_REASON_USER_REASON);
+		return;
+	}
+
+	/*
+	 * return an array of wins servers, we are partner with.
+	 * each entry contains the IP address and the version info
+	 * version: ID of the last entry we've got
+	 */
+
+	/* the first wins server must be self */
+
+	/*
+	 * get our last ID from the wins database
+	 * it can have been updated since last read
+	 * as nmbd got registration/release.
+	 */ 
+	get_our_last_id(&global_wins_table[0][0]);
+
+	r->rep.avmt_rep.wins_owner=(WINS_OWNER *)talloc(mem_ctx, partner_count*sizeof(WINS_OWNER));
+	if (r->rep.avmt_rep.wins_owner==NULL) {
+		stop_packet(q, r, STOP_REASON_USER_REASON);
+		return;
+	}
+	
+	DEBUG(0,("send_version_number_map_table: partner_count: %d\n", partner_count));
+
+	for (i=0; i<partner_count; i++) {
+		DEBUG(0,("send_version_number_map_table, partner: %d -> %s, \n", i, inet_ntoa(global_wins_table[0][i].address)));
+		r->rep.avmt_rep.wins_owner[i]=global_wins_table[0][i];
+	}
+	
+	r->rep.msg_type=1;
+	r->rep.avmt_rep.partner_count=partner_count;
+	r->rep.avmt_rep.initiating_wins_server.s_addr=0; /* blatant lie, NT4/w2K do the same ! */
+	fill_header(r, OPCODE_NON_NBT, s_ctx, MESSAGE_TYPE_REPLICATE);
+}
+
+/****************************************************************************
+for a given partner, ask it to send entries we don't have.
+****************************************************************************/
+static BOOL check_partners_and_send_entries(GENERIC_PACKET *q, GENERIC_PACKET *r, int partner)
+{
+	int server;
+	int other;
+	SMB_BIG_UINT temp;
+	SMB_BIG_UINT current;
+
+
+	/*
+	 * we check if our partner has more records than us.
+	 * we need to check more than our direct partners as
+	 * we can have this case:
+	 * us: A, partners: B,C, indirect partner: D
+	 * A<->B, A<->C, B<->D, C<->D
+	 *
+	 * So if we're talking to B, we need to check if between
+	 * B and C, which one have more records about D.
+	 * and also check if we don't already have the records.
+	 */
+
+
+	 /* check all servers even indirect */
+	 for (server=1; global_wins_table[0][server].address.s_addr!=0; server++) {
+		current = global_wins_table[partner][server].max_version;
+		
+		temp=0;
+		
+		for (other=1; other<partner_count; other++) {
+			/* skip the partner itself */
+			if (other==partner)
+				continue;
+
+			if (global_wins_table[other][server].max_version > temp)
+				temp=global_wins_table[other][server].max_version;
+		}
+		
+		if (current >= temp && current > global_wins_table[0][server].max_version) {
+			/* 
+			 * it has more records than every body else and more than us,
+			 * ask it the difference between what we have and what it has
+			 */
+			fill_header(r, OPCODE_NON_NBT, get_server_assoc(q->header.assoc_ctx), MESSAGE_TYPE_REPLICATE);
+
+			r->rep.msg_type=MESSAGE_REP_SEND_ENTRIES_REQUEST;
+			r->rep.se_rq.wins_owner.address=global_wins_table[partner][server].address;
+			
+			r->rep.se_rq.wins_owner.max_version=global_wins_table[partner][server].max_version;
+			r->rep.se_rq.wins_owner.min_version=global_wins_table[0][server].max_version;
+			r->rep.se_rq.wins_owner.type=0;
+			
+			write_server_assoc_table(q->header.assoc_ctx, global_wins_table[0][partner].address, global_wins_table[partner][server].address);
+			
+			/*
+			 * and we update our version for this server
+			 * as we can't use the IDs returned in the send_entries function
+			 * the max ID can be larger than the largest ID returned
+			 */
+			
+			global_wins_table[0][server].max_version=global_wins_table[partner][server].max_version;
+
+			return True;
+		}
+	}
+	return False;
+}
+	
+/****************************************************************************
+receive the list of wins server we know.
+****************************************************************************/
+static void receive_version_number_map_table(GENERIC_PACKET *q, GENERIC_PACKET *r)
+{
+	fstring peer;
+	struct in_addr addr;
+	int i,j,k,l;
+	int s_ctx=get_server_assoc(q->header.assoc_ctx);
+
+	if (s_ctx==0) {
+		DEBUG(0, ("receive_version_number_map_table: request for a partner not in our table\n"));
+		stop_packet(q, r, STOP_REASON_USER_REASON);
+		return;
+	}
+
+	fstrcpy(peer,get_socket_addr(q->fd));
+	addr=*interpret_addr2(peer);
+
+	get_our_last_id(&global_wins_table[0][0]);
+	
+	DEBUG(0,("receive_version_number_map_table: received a map of %d server from: %s\n", 
+	          q->rep.avmt_rep.partner_count ,inet_ntoa(q->rep.avmt_rep.initiating_wins_server)));
+	DEBUG(0,("real peer is: %s\n", peer));
+
+	for (i=0; global_wins_table[0][i].address.s_addr!=addr.s_addr && i<partner_count;i++)
+		;
+
+	if (i==partner_count) {
+		DEBUG(0,("receive_version_number_map_table: unknown partner: %s\n", peer));
+		stop_packet(q, r, STOP_REASON_USER_REASON);
+		return;
+	}
+
+	for (j=0; j<q->rep.avmt_rep.partner_count;j++) {
+		/*
+		 * search if we already have this entry or if it's a new one
+		 * it can be a new one in case of propagation
+		 */
+		for (k=0; global_wins_table[0][k].address.s_addr!=0 && 
+			  global_wins_table[0][k].address.s_addr!=q->rep.avmt_rep.wins_owner[j].address.s_addr; k++);
+
+		global_wins_table[i][k].address.s_addr=q->rep.avmt_rep.wins_owner[j].address.s_addr;
+		global_wins_table[i][k].max_version=q->rep.avmt_rep.wins_owner[j].max_version;
+		global_wins_table[i][k].min_version=q->rep.avmt_rep.wins_owner[j].min_version;
+		global_wins_table[i][k].type=q->rep.avmt_rep.wins_owner[j].type;
+		
+		/*
+		 * in case it's a new one, rewrite the address for all the partner
+		 * to reserve the slot.
+		 */
+
+		for(l=0; l<partner_count; l++)
+			global_wins_table[l][k].address.s_addr=q->rep.avmt_rep.wins_owner[j].address.s_addr;
+	}
+
+	dump_global_table();
+
+	/*
+	 * if this server have newer records than what we have
+	 * for several wins servers, we need to ask it.
+	 * Alas a send entry request is only on one server.
+	 * So in the send entry reply, we'll ask for the next server is required.
+	 */
+
+	if (check_partners_and_send_entries(q, r, i))
+		return;
+
+	/* it doesn't have more entries than us */
+	stop_packet(q, r, STOP_REASON_USER_REASON);
+}
+
+/****************************************************************************
+add an entry to the wins list we'll send.
+****************************************************************************/
+static BOOL add_record_to_winsname(WINS_NAME **wins_name, int *max_names, char *name, int type, int wins_flags, int id, struct in_addr *ip_list, int num_ips)
+{
+	WINS_NAME *temp_list;
+	int i;
+	int current=*max_names;
+
+	temp_list=talloc_realloc(mem_ctx, *wins_name, (current+1)*sizeof(WINS_NAME));
+	if (temp_list==NULL)
+		return False;
+
+	temp_list[current].name_len=0x11;
+	
+	safe_strcpy(temp_list[current].name, name, 15);
+
+	temp_list[current].type=type;
+	temp_list[current].empty=0;
+
+	temp_list[current].name_flag=wins_flags;
+
+	if ( (wins_flags&0x03) == 1 || (wins_flags&0x03)==2)
+		temp_list[current].group_flag=0x01000000;
+	else
+		temp_list[current].group_flag=0x00000000;
+	
+	temp_list[current].id=id;
+	
+	temp_list[current].owner.s_addr=ip_list[0].s_addr;
+
+	if (temp_list[current].name_flag & 2) {
+		temp_list[current].num_ip=num_ips;
+		temp_list[current].others=(struct in_addr *)talloc(mem_ctx, sizeof(struct in_addr)*num_ips);
+		if (temp_list[current].others==NULL)
+			return False;
+	
+		for (i=0; i<num_ips; i++)
+			temp_list[current].others[i].s_addr=ip_list[i].s_addr;
+
+	} else 
+		temp_list[current].num_ip=1;
+
+	temp_list[current].foo=0xffffffff;
+
+	*wins_name=temp_list;
+	
+	return True;
+}
+
+/****************************************************************************
+send the list of name we have.
+****************************************************************************/
+static void send_entry_request(GENERIC_PACKET *q, GENERIC_PACKET *r)
+{
+	int max_names=0;
+	int i;
+	time_t time_now = time(NULL);
+	WINS_OWNER *wins_owner;
+	TDB_CONTEXT *tdb;
+	TDB_DATA kbuf, dbuf, newkey;
+	int s_ctx=get_server_assoc(q->header.assoc_ctx);
+	int num_interfaces = iface_count();
+
+	if (s_ctx==0) {
+		DEBUG(0, ("send_entry_request: request for a partner not in our table\n"));
+		stop_packet(q, r, STOP_REASON_USER_REASON);
+		return;
+	}
+
+
+	wins_owner=&q->rep.se_rq.wins_owner;
+	r->rep.se_rp.wins_name=NULL;
+
+	DEBUG(0,("send_entry_request: we have been asked to send the list of wins records\n"));
+	DEBUGADD(0,("owned by: %s and between min: %d and max: %d\n", inet_ntoa(wins_owner->address),
+		    (int)wins_owner->min_version, (int)wins_owner->max_version));
+
+	/*
+	 * if we are asked to send records owned by us
+	 * we overwrite the wins ip with 0.0.0.0
+	 * to make it easy in case of multihomed
+	 */
+
+	for (i=0; i<num_interfaces; i++)
+		if (ip_equal(wins_owner->address, *iface_n_ip(i))) {
+			wins_owner->address=*interpret_addr2("0.0.0.0");
+			break;
+		}
+
+
+	tdb = tdb_open_log(lock_path(WINS_LIST), 0, TDB_DEFAULT, O_RDONLY, 0600);
+	if (!tdb) {
+		DEBUG(2,("send_entry_request: Can't open wins database file %s. Error was %s\n", WINS_LIST, strerror(errno) ));
+		return;
+	}
+
+	for (kbuf = tdb_firstkey(tdb); 
+	     kbuf.dptr; 
+	     newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) {
+		pstring name_type, name, ip_str;
+		char *p;
+		int type = 0;
+		int nb_flags;
+		int ttl;
+		unsigned int num_ips;
+		int low, high;
+		SMB_BIG_UINT version;
+		struct in_addr wins_ip;
+		struct in_addr *ip_list;
+		int wins_flags;
+		int len;
+
+		if (strncmp(kbuf.dptr, ENTRY_PREFIX, strlen(ENTRY_PREFIX)) != 0)
+			continue;
+		
+		
+		dbuf = tdb_fetch(tdb, kbuf);
+		if (!dbuf.dptr)
+			continue;
+
+		fstrcpy(name_type, kbuf.dptr+strlen(ENTRY_PREFIX));
+		pstrcpy(name, name_type);
+
+		if((p = strchr(name,'#')) != NULL) {
+			*p = 0;
+			sscanf(p+1,"%x",&type);
+		}
+
+		len = tdb_unpack(dbuf.dptr, dbuf.dsize, "dddfddd",
+				&nb_flags,
+				&high,
+				&low,
+				ip_str,
+				&ttl, 
+				&num_ips,
+				&wins_flags);
+
+		wins_ip=*interpret_addr2(ip_str);
+
+ 		/* Allocate the space for the ip_list. */
+		if((ip_list = (struct in_addr *)talloc(mem_ctx,  num_ips * sizeof(struct in_addr))) == NULL) {
+			DEBUG(0,("initialise_wins: talloc fail !\n"));
+			return;
+		}
+
+		for (i = 0; i < num_ips; i++) {
+			len += tdb_unpack(dbuf.dptr+len, dbuf.dsize-len, "f", ip_str);
+			ip_list[i] = *interpret_addr2(ip_str);
+		}
+
+		/* add all entries that have 60 seconds or more to live */
+		if ((ttl - 60) > time_now || ttl == PERMANENT_TTL) {
+			if(ttl != PERMANENT_TTL)
+				ttl -= time_now;
+    
+			DEBUG( 4, ("send_entry_request: add name: %s#%02x ttl = %d first IP %s flags = %2x\n",
+			    name, type, ttl, inet_ntoa(ip_list[0]), nb_flags));
+
+			/* add the record to the list to send */
+			version=((SMB_BIG_UINT)high)<<32 | low;
+			
+			if (wins_owner->min_version<=version && wins_owner->max_version>=version &&
+			    wins_owner->address.s_addr==wins_ip.s_addr) {
+				if(!add_record_to_winsname(&r->rep.se_rp.wins_name, &max_names, name, type, wins_flags, version, ip_list, num_ips))
+					return;
+				max_names++;
+			}
+
+		} else {
+			DEBUG(4, ("send_entry_request: not adding name (ttl problem) %s#%02x ttl = %d first IP %s flags = %2x\n",
+				  name, type, ttl, inet_ntoa(ip_list[0]), nb_flags));
+		}
+	}
+    
+	tdb_close(tdb);
+
+	DEBUG(0,("send_entry_request, sending %d records\n", max_names));
+	fill_header(r, OPCODE_NON_NBT, s_ctx, MESSAGE_TYPE_REPLICATE);
+	r->rep.msg_type=MESSAGE_REP_SEND_ENTRIES_REPLY; /* reply */
+	r->rep.se_rp.max_names=max_names;
+}
+
+
+/****************************************************************************
+.
+****************************************************************************/
+static void update_notify_request(GENERIC_PACKET *q, GENERIC_PACKET *r)
+{
+	int i,j,k,l;
+	UPDATE_NOTIFY_REQUEST *u;
+	int s_ctx=get_server_assoc(q->header.assoc_ctx);
+	
+	if (s_ctx==0) {
+		DEBUG(0, ("send_entry_reply: request for a partner not in our table\n"));
+		stop_packet(q, r, STOP_REASON_USER_REASON);
+		return;
+	}
+
+	u=&q->rep.un_rq;
+
+	/* check if we already have the range of records */
+
+	DEBUG(0,("update_notify_request: wins server: %s offered this list of %d records:\n",
+		inet_ntoa(u->initiating_wins_server), u->partner_count));
+
+	get_our_last_id(&global_wins_table[0][0]);
+
+	for (i=0; i<partner_count; i++) {
+		if (global_wins_table[0][i].address.s_addr==u->initiating_wins_server.s_addr) {
+			DEBUG(0,("update_notify_request: found initiator at index %d\n", i));
+			break;
+		}
+	}
+
+	/*
+	 * some explanation is required, before someone say it's crap.
+	 *
+	 * let's take an example, we have 2 wins partners, we already now
+	 * that our max id is 10, partner 1 ID is 20 and partner 2 ID is 30
+	 * the array looks like:
+	 *
+	 * 	0	1	2
+	 * 0	10	20	30  
+	 * 1
+	 * 2
+	 *
+	 * we receive an update from partner 2 saying he has: 1:15, 2:40, 3:50
+	 * we must enlarge the array to add partner 3, it will look like:
+	 *
+	 * 	0	1	2	3
+	 * 0	10	20	30
+	 * 1
+	 * 2		15	40	50
+	 *
+	 * now we know, we should pull from partner 2, the records 30->40 of 2 and 0->50 of 3.
+	 * once the pull will be over, our table will look like:
+	 *
+	 * 	0	1	2	3
+	 * 0	10	20	40	50
+	 * 1
+	 * 2		15	40	50
+	 *
+	 *
+	 */
+
+	for (j=0; j<u->partner_count;j++) {
+		/*
+		 * search if we already have this entry or if it's a new one
+		 * it can be a new one in case of propagation
+		 */
+
+		for (k=0; global_wins_table[0][k].address.s_addr!=0 && 
+			  global_wins_table[0][k].address.s_addr!=u->wins_owner[j].address.s_addr; k++);
+
+		global_wins_table[i][k].address.s_addr=u->wins_owner[j].address.s_addr;
+		global_wins_table[i][k].max_version=u->wins_owner[j].max_version;
+		global_wins_table[i][k].min_version=u->wins_owner[j].min_version;
+		global_wins_table[i][k].type=u->wins_owner[j].type;
+		
+		/*
+		 * in case it's a new one, rewrite the address for all the partner
+		 * to reserve the slot.
+		 */
+
+		for(l=0; l<partner_count; l++)
+			global_wins_table[l][k].address.s_addr=u->wins_owner[j].address.s_addr;
+	}
+
+	dump_global_table();
+
+	stop_packet(q, r, STOP_REASON_USER_REASON);
+}
+
+/****************************************************************************
+.
+****************************************************************************/
+static void send_entry_reply(GENERIC_PACKET *q, GENERIC_PACKET *r)
+{
+	int i,j,k;
+	struct in_addr partner, server;
+	pid_t pid;
+	int s_ctx=get_server_assoc(q->header.assoc_ctx);
+	WINS_RECORD record;
+	
+	if (s_ctx==0) {
+		DEBUG(0, ("send_entry_reply: request for a partner not in our table\n"));
+		stop_packet(q, r, STOP_REASON_USER_REASON);
+		return;
+	}
+
+	DEBUG(0,("send_entry_reply:got %d new records\n", q->rep.se_rp.max_names));
+
+	/* we got records from a wins partner but that can be from another wins server */
+	/* hopefully we track that */
+
+	/* and the only doc available from MS is wrong ! */
+
+	get_server_assoc_table(q->header.assoc_ctx, &partner, &server);
+
+	for (j=0; global_wins_table[0][j].address.s_addr!=0; j++) {
+		if (global_wins_table[0][j].address.s_addr==server.s_addr) {
+			DEBUG(0,("send_entry_reply: found server at index %d\n", j));
+			break;
+		}
+	}
+
+	pid = pidfile_pid("nmbd");
+	if (pid == 0) {
+		DEBUG(0,("send_entry_reply: Can't find pid for nmbd\n"));
+		return;
+	}
+
+	for (k=0; k<q->rep.se_rp.max_names; k++) {
+		DEBUG(0,("send_entry_reply: %s<%02x> %d\n", q->rep.se_rp.wins_name[k].name, q->rep.se_rp.wins_name[k].type,
+		         (int)q->rep.se_rp.wins_name[k].id));
+
+		safe_strcpy(record.name, q->rep.se_rp.wins_name[k].name, 16);
+		record.type=q->rep.se_rp.wins_name[k].type;
+		record.id=q->rep.se_rp.wins_name[k].id;
+		record.wins_flags=q->rep.se_rp.wins_name[k].name_flag&0x00ff;
+		record.num_ips=q->rep.se_rp.wins_name[k].num_ip;
+
+		record.wins_ip.s_addr=server.s_addr;
+
+		if (record.num_ips==1)
+			record.ip[0]=q->rep.se_rp.wins_name[k].owner;
+		else
+			for (i=0; i<record.num_ips; i++)
+				record.ip[i]=q->rep.se_rp.wins_name[k].others[i];
+
+		record.nb_flags=0;
+
+		if (record.wins_flags&WINS_NGROUP || record.wins_flags&WINS_SGROUP)
+			record.nb_flags|=NB_GROUP;
+		
+		if (record.wins_flags&WINS_ACTIVE)
+			record.nb_flags|=NB_ACTIVE;
+		
+		record.nb_flags|=record.wins_flags&WINS_HNODE;
+		
+		message_send_pid(pid, MSG_WINS_NEW_ENTRY, &record, sizeof(record), False);
+
+	}
+
+	dump_global_table();
+
+	/*
+	 * we got some entries, 
+	 * ask the partner to send us the map table again
+	 * to get the other servers entries.
+	 *
+	 * we're getting the map table 1 time more than really
+	 * required. We could remove that call, but that
+	 * would complexify the code. I prefer this trade-of. 
+	 */
+	fill_header(r, OPCODE_NON_NBT, s_ctx, MESSAGE_TYPE_REPLICATE);
+
+	r->rep.msg_type=MESSAGE_REP_ADD_VERSION_REQUEST;
+}
+
+/****************************************************************************
+decode the replication message and reply.
+****************************************************************************/
+static void replicate(GENERIC_PACKET *q, GENERIC_PACKET *r)
+{
+	switch (q->rep.msg_type) {
+		case 0:
+			/* add version number map table request */
+			send_version_number_map_table(q, r);
+			break;
+		case 1:
+			receive_version_number_map_table(q, r);
+			break;
+		case 2:
+			/* send entry request */
+			send_entry_request(q, r);
+			break;
+		case 3:
+			/* send entry reply */
+			send_entry_reply(q, r);
+			break;
+		case 4:
+			/* update notification request */
+			update_notify_request(q, r);
+			break;
+	}
+}
+
+/****************************************************************************
+do a switch on the message type, and return the response size
+****************************************************************************/
+static BOOL switch_message(GENERIC_PACKET *q, GENERIC_PACKET *r)
+{
+	switch (q->header.mess_type) {
+		case 0:
+			/* Start association type */			
+			start_assoc_process(q, r);
+			return True;
+			break;
+		case 1:
+			/* start association reply */
+			start_assoc_reply(q, r);
+			return True;
+			break;
+		case 2:
+			/* stop association message */
+			/*
+			 * remove the partner from the list and 
+			 * reply false to NOT send a packet
+			 */
+			remove_partner(q->header.assoc_ctx);
+			return False;
+			break;
+		case 3:
+			/* replication message */
+			replicate(q, r);
+			return True;
+			break;
+	}
+
+	return False;
+}
+
+
+/****************************************************************************
+  construct a reply to the incoming packet
+****************************************************************************/
+void construct_reply(struct wins_packet_struct *p)
+{
+	GENERIC_PACKET r;
+	struct BUFFER buffer;
+
+	buffer.buffer=NULL;
+	buffer.offset=0;
+	buffer.length=0;
+
+	DEBUG(0,("dump: received packet\n"));
+	dump_generic_packet(p->packet);
+
+	/* Verify if the request we got is from a listed partner */
+	if (!check_partner(p->packet->header.assoc_ctx)) {
+		fstring peer;
+		struct in_addr addr;
+		int i;
+		fstrcpy(peer,get_socket_addr(p->fd));
+		addr=*interpret_addr2(peer);
+
+		for (i=1; i<partner_count; i++)
+			if (ip_equal(addr, global_wins_table[0][i].address))
+				break;
+
+		if (i==partner_count) {
+			DEBUG(0,("construct_reply: got a request from a non peer machine: %s\n", peer));
+			stop_packet(p->packet, &r, STOP_REASON_AUTH_FAILED);
+			p->stop_packet=True;
+			encode_generic_packet(&buffer, &r);
+			if (!send_smb(p->fd, buffer.buffer))
+				exit_server("process_smb: send_smb failed.");
+			return;
+		}
+	}
+
+	if (switch_message(p->packet, &r)) {
+		encode_generic_packet(&buffer, &r);
+		DEBUG(0,("dump: sending packet\n"));
+		dump_generic_packet(&r);
+
+		if(buffer.offset > 0) {
+			if (!send_smb(p->fd, buffer.buffer))
+				exit_server("process_smb: send_smb failed.");
+		}
+	}
+
+	/* if we got a stop assoc or if we send a stop assoc, close the fd after */
+	if (p->packet->header.mess_type==MESSAGE_TYPE_STOP_ASSOC || 
+	    r.header.mess_type==MESSAGE_TYPE_STOP_ASSOC)
+		p->stop_packet=True;
+}
+
+/****************************************************************************
+  contact periodically our wins partner to do a pull replication
+****************************************************************************/
+void run_pull_replication(time_t t)
+{
+	/* we pull every 30 minutes to query about new records*/
+	int i, s;
+	struct BUFFER buffer;
+	GENERIC_PACKET p;
+
+	buffer.buffer=NULL;
+	buffer.offset=0;
+	buffer.length=0;
+
+	for (i=1; i<partner_count; i++) {
+		if (global_wins_table[0][i].last_pull < t) {
+			global_wins_table[0][i].last_pull=t+30*60; /* next in 30 minutes */
+			
+			/* contact the wins server */
+			p.header.mess_type=MESSAGE_TYPE_START_ASSOC_REQUEST;
+			p.header.opcode=OPCODE_NON_NBT;
+			p.header.assoc_ctx=0;
+			p.sa_rq.assoc_ctx=(int)t;
+			p.sa_rq.min_ver=1;
+			p.sa_rq.maj_ver=1;
+			
+			DEBUG(3,("run_pull_replication: contacting wins server %s.\n", inet_ntoa(global_wins_table[0][i].address)));
+			encode_generic_packet(&buffer, &p);
+			dump_generic_packet(&p);
+
+			/* send the packet to the server and add the descriptor to receive answers */
+			s=open_socket_out(SOCK_STREAM, &global_wins_table[0][i].address, 42, LONG_CONNECT_TIMEOUT);
+			if (s==-1) {
+				DEBUG(0,("run_pull_replication: can't contact wins server %s.\n", inet_ntoa(global_wins_table[0][i].address)));
+				return;
+			}
+			
+			if(buffer.offset > 0) {
+				if (!send_smb(s, buffer.buffer))
+					exit_server("run_pull_replication: send_smb failed.");
+			}
+			
+			add_fd_to_sock_array(s);
+			FD_SET(s, listen_set);
+
+			/* add ourself as a client */
+			add_partner((int)t, 0, True, False);
+		}
+	}
+}
+
+/****************************************************************************
+  contact periodically our wins partner to do a push replication
+****************************************************************************/
+void run_push_replication(time_t t)
+{
+	/* we push every 30 minutes or 25 new entries */
+
+}
+
diff --git a/source3/wrepld/server.c b/source3/wrepld/server.c
new file mode 100644
index 0000000000..d078a833ae
--- /dev/null
+++ b/source3/wrepld/server.c
@@ -0,0 +1,723 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Main SMB server routines
+   Copyright (C) Jean François Micouleau      1998-2002.
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "wins_repl.h"
+
+extern fstring global_myworkgroup;
+extern pstring global_myname;
+
+extern pstring user_socket_options;
+
+extern fstring remote_machine;
+extern WINS_OWNER *global_wins_table;
+extern int partner_count;
+
+extern fd_set *listen_set;
+extern int listen_number;
+extern int *sock_array;
+
+extern TALLOC_CTX *mem_ctx;
+
+int wins_port = 42;
+
+/****************************************************************************
+  when exiting, take the whole family
+****************************************************************************/
+static void *dflt_sig(void)
+{
+	exit_server("caught signal");
+	return NULL;
+}
+
+/****************************************************************************
+  reload the services file
+  **************************************************************************/
+BOOL reload_services(BOOL test)
+{
+	BOOL ret;
+	
+	if (lp_loaded()) {
+		pstring fname;
+		pstrcpy(fname,lp_configfile());
+		if (file_exist(fname,NULL) && !strcsequal(fname,dyn_CONFIGFILE)) {
+			pstrcpy(dyn_CONFIGFILE,fname);
+			test = False;
+		}
+	}
+
+	reopen_logs();
+
+	if (test && !lp_file_list_changed())
+		return(True);
+
+	ret = lp_load(dyn_CONFIGFILE,False,False,True);
+
+
+	/* perhaps the config filename is now set */
+	if (!test)
+		reload_services(True);
+
+	reopen_logs();
+
+	load_interfaces();
+
+	return(ret);
+}
+
+/****************************************************************************
+ Catch a sighup.
+****************************************************************************/
+
+VOLATILE sig_atomic_t reload_after_sighup = False;
+
+static void sig_hup(int sig)
+{
+	BlockSignals(True,SIGHUP);
+	DEBUG(0,("Got SIGHUP\n"));
+
+	sys_select_signal();
+	reload_after_sighup = True;
+	BlockSignals(False,SIGHUP);
+}
+
+#if DUMP_CORE
+/*******************************************************************
+prepare to dump a core file - carefully!
+********************************************************************/
+static BOOL dump_core(void)
+{
+	char *p;
+	pstring dname;
+	pstrcpy(dname,lp_logfile());
+	if ((p=strrchr_m(dname,'/'))) *p=0;
+	pstrcat(dname,"/corefiles");
+	mkdir(dname,0700);
+	sys_chown(dname,getuid(),getgid());
+	chmod(dname,0700);
+	if (chdir(dname)) return(False);
+	umask(~(0700));
+
+#ifdef HAVE_GETRLIMIT
+#ifdef RLIMIT_CORE
+	{
+		struct rlimit rlp;
+		getrlimit(RLIMIT_CORE, &rlp);
+		rlp.rlim_cur = MAX(4*1024*1024,rlp.rlim_cur);
+		setrlimit(RLIMIT_CORE, &rlp);
+		getrlimit(RLIMIT_CORE, &rlp);
+		DEBUG(3,("Core limits now %d %d\n",
+			 (int)rlp.rlim_cur,(int)rlp.rlim_max));
+	}
+#endif
+#endif
+
+
+	DEBUG(0,("Dumping core in %s\n",dname));
+	abort();
+	return(True);
+}
+#endif
+
+/****************************************************************************
+exit the server
+****************************************************************************/
+void exit_server(char *reason)
+{
+	static int firsttime=1;
+
+	if (!firsttime)
+		exit(0);
+	firsttime = 0;
+
+	DEBUG(2,("Closing connections\n"));
+
+	if (!reason) {   
+		int oldlevel = DEBUGLEVEL;
+		DEBUGLEVEL = 10;
+		DEBUGLEVEL = oldlevel;
+		DEBUG(0,("===============================================================\n"));
+#if DUMP_CORE
+		if (dump_core()) return;
+#endif
+	}
+
+	DEBUG(3,("Server exit (%s)\n", (reason ? reason : "")));
+	exit(0);
+}
+
+/****************************************************************************
+  initialise connect, service and file structs
+****************************************************************************/
+static void init_structs(void )
+{
+	/*
+	 * Set the machine NETBIOS name if not already
+	 * set from the config file.
+	 */
+
+	if (!*global_myname) {
+		char *p;
+		fstrcpy( global_myname, myhostname() );
+		p = strchr_m( global_myname, '.' );
+		if (p) 
+			*p = 0;
+	}
+
+	strupper( global_myname );
+}
+
+/****************************************************************************
+usage on the program
+****************************************************************************/
+static void usage(char *pname)
+{
+
+	d_printf("Usage: %s [-DaioPh?V] [-d debuglevel] [-l log basename] [-p port]\n", pname);
+	d_printf("       [-O socket options] [-s services file]\n");
+	d_printf("\t-D                    Become a daemon (default)\n");
+	d_printf("\t-a                    Append to log file (default)\n");
+	d_printf("\t-i                    Run interactive (not a daemon)\n" );
+	d_printf("\t-o                    Overwrite log file, don't append\n");
+	d_printf("\t-h                    Print usage\n");
+	d_printf("\t-?                    Print usage\n");
+	d_printf("\t-V                    Print version\n");
+	d_printf("\t-d debuglevel         Set the debuglevel\n");
+	d_printf("\t-l log basename.      Basename for log/debug files\n");
+	d_printf("\t-p port               Listen on the specified port\n");
+	d_printf("\t-O socket options     Socket options\n");
+	d_printf("\t-s services file.     Filename of services file\n");
+	d_printf("\n");
+}
+
+/****************************************************************************
+  Create an fd_set containing all the sockets in the subnet structures,
+  plus the broadcast sockets.
+***************************************************************************/
+
+static BOOL create_listen_fdset(void)
+{
+	int i;
+	int num_interfaces = iface_count();
+	int s;
+
+	listen_set = (fd_set *)malloc(sizeof(fd_set));
+	if(listen_set == NULL) {
+		DEBUG(0,("create_listen_fdset: malloc fail !\n"));
+		return True;
+	}
+
+#ifdef HAVE_ATEXIT
+	{
+		static int atexit_set;
+		if(atexit_set == 0) {
+			atexit_set=1;
+		}
+	}
+#endif
+
+	FD_ZERO(listen_set);
+
+	if(lp_interfaces() && lp_bind_interfaces_only()) {
+		/* We have been given an interfaces line, and been 
+		   told to only bind to those interfaces. Create a
+		   socket per interface and bind to only these.
+		*/
+		
+		if(num_interfaces > FD_SETSIZE) {
+			DEBUG(0,("create_listen_fdset: Too many interfaces specified to bind to. Number was %d max can be %d\n", num_interfaces, FD_SETSIZE));
+			return False;
+		}
+
+		/* Now open a listen socket for each of the interfaces. */
+		for(i = 0; i < num_interfaces; i++) {
+			struct in_addr *ifip = iface_n_ip(i);
+			
+			if(ifip == NULL) {
+				DEBUG(0,("create_listen_fdset: interface %d has NULL IP address !\n", i));
+				continue;
+			}
+			s = open_socket_in(SOCK_STREAM, wins_port, 0, ifip->s_addr, True);
+			if(s == -1)
+				return False;
+
+			/* ready to listen */
+			set_socket_options(s,"SO_KEEPALIVE"); 
+			set_socket_options(s,user_socket_options);
+      
+			if (listen(s, 5) == -1) {
+				DEBUG(0,("listen: %s\n",strerror(errno)));
+				close(s);
+				return False;
+			}
+			add_fd_to_sock_array(s);
+			FD_SET(s, listen_set);
+		}
+	} else {
+		/* Just bind to 0.0.0.0 - accept connections from anywhere. */
+		num_interfaces = 1;
+		
+		/* open an incoming socket */
+		s = open_socket_in(SOCK_STREAM, wins_port, 0, interpret_addr(lp_socket_address()),True);
+		if (s == -1)
+			return(False);
+		
+		/* ready to listen */
+		set_socket_options(s,"SO_KEEPALIVE"); 
+		set_socket_options(s,user_socket_options);
+
+		if (listen(s, 5) == -1) {
+			DEBUG(0,("create_listen_fdset: listen: %s\n", strerror(errno)));
+			close(s);
+			return False;
+		}
+		
+		add_fd_to_sock_array(s);
+		FD_SET(s, listen_set);
+	} 
+
+	return True;
+}
+
+/*******************************************************************
+  read a packet from a socket and parse it, returning a packet ready
+  to be used or put on the queue. This assumes a UDP socket
+  ******************************************************************/
+static struct wins_packet_struct *read_wins_packet(int fd, int timeout)
+{
+	struct wins_packet_struct *p;
+	GENERIC_PACKET *q;
+	char buf[4096];
+
+	if (!receive_smb(fd, buf, timeout))
+		return NULL;
+
+	q = (GENERIC_PACKET *)talloc(mem_ctx, sizeof(GENERIC_PACKET));
+	p = (struct wins_packet_struct *)talloc(mem_ctx, sizeof(*p));
+	if (q==NULL || p==NULL)
+		return NULL;
+
+	decode_generic_packet(buf, q);
+
+	q->fd=fd;
+	
+	p->next = NULL;
+	p->prev = NULL;
+	p->stop_packet = False;
+	p->timestamp = time(NULL);
+	p->fd = fd;
+	p->packet=q;
+	
+	return p;
+}
+
+static struct wins_packet_struct *packet_queue = NULL;
+
+/*******************************************************************
+  Queue a packet into a packet queue
+******************************************************************/
+static void queue_packet(struct wins_packet_struct *packet)
+{
+	struct wins_packet_struct *p;
+
+	if (!packet_queue) {
+		packet->prev = NULL;
+		packet->next = NULL;
+		packet_queue = packet;
+		return;
+	}
+  
+	/* find the bottom */
+	for (p=packet_queue;p->next;p=p->next) 
+		;
+
+	p->next = packet;
+	packet->next = NULL;
+	packet->prev = p;
+}
+
+/****************************************************************************
+  Listens for NMB or DGRAM packets, and queues them.
+  return True if the socket is dead
+***************************************************************************/
+static BOOL listen_for_wins_packets(void)
+{
+	int num_interfaces = iface_count();
+	fd_set fds;
+	int i, num, s, new_s;
+	struct timeval timeout;
+
+	if(listen_set == NULL) {
+		if(!create_listen_fdset()) {
+			DEBUG(0,("listen_for_packets: Fatal error. unable to create listen set. Exiting.\n"));
+			return True;
+		}
+	}
+
+	memcpy((char *)&fds, (char *)listen_set, sizeof(fd_set));
+
+	timeout.tv_sec = NMBD_SELECT_LOOP;
+	timeout.tv_usec = 0;
+
+	/* Prepare for the select - allow certain signals. */
+
+	BlockSignals(False, SIGTERM);
+
+	num = sys_select(FD_SETSIZE, &fds, NULL, NULL, &timeout);
+
+	/* We can only take signals when we are in the select - block them again here. */
+
+	BlockSignals(True, SIGTERM);
+
+	if(num == -1)
+		return False;
+
+	for (; num > 0; num--) {
+		s = -1;
+		/* check the sockets we are only listening on, waiting to accept */		
+		for (i=0; i<num_interfaces; i++) {
+			struct sockaddr addr;
+			socklen_t in_addrlen = sizeof(addr);
+		
+			if(FD_ISSET(sock_array[i], &fds)) {
+				s = sock_array[i];
+				/* Clear this so we don't look at it again. */
+				FD_CLR(sock_array[i], &fds);
+
+				/* accept and add the new socket to the listen set */
+				new_s=accept(s, &addr, &in_addrlen);
+					
+				DEBUG(5,("listen_for_wins_packets: new connection, old: %d, new : %d\n", s, new_s));
+				
+				set_socket_options(new_s, "SO_KEEPALIVE");
+				set_socket_options(new_s, user_socket_options);
+				FD_SET(new_s, listen_set);
+				add_fd_to_sock_array(new_s);
+			}
+		}
+
+		/*
+		 * check for the sockets we are waiting data from
+		 * either client sending datas
+		 * or reply to our requests
+		 */
+		for (i=num_interfaces; i<listen_number; i++) {
+			if(FD_ISSET(sock_array[i], &fds)) {
+				struct wins_packet_struct *packet = read_wins_packet(sock_array[i], timeout.tv_sec);
+				if (packet) {
+					packet->fd = sock_array[i];
+					queue_packet(packet);
+				}
+				DEBUG(2,("listen_for_wins_packets: some data on fd %d\n", sock_array[i]));
+				FD_CLR(sock_array[i], &fds);
+				break;
+			}
+	
+		}
+
+	}
+
+	return False;
+}
+
+
+/*******************************************************************
+  Run elements off the packet queue till its empty
+******************************************************************/
+
+static void run_wins_packet_queue(void)
+{
+	struct wins_packet_struct *p;
+
+	while ((p = packet_queue)) {
+		packet_queue = p->next;
+		if (packet_queue)
+			packet_queue->prev = NULL;
+		p->next = p->prev = NULL;
+
+		construct_reply(p);
+
+		/* if it was a stop assoc, close the connection */
+		if (p->stop_packet) {
+			FD_CLR(p->fd, listen_set);
+			remove_fd_from_sock_array(p->fd);
+			close(p->fd);
+		}
+	}
+} 
+
+/**************************************************************************** **
+ The main select loop.
+ **************************************************************************** */
+static void process(void)
+{
+
+	while( True ) {
+		time_t t = time(NULL);
+
+		/* check for internal messages */
+		message_dispatch();
+
+		if(listen_for_wins_packets())
+			return;
+
+		run_wins_packet_queue();
+
+		run_pull_replication(t);
+		
+		run_push_replication(t);
+		
+		/*
+		 * Reload the services file if we got a sighup.
+		 */
+
+		if(reload_after_sighup) {
+			reload_services( True );
+			reopen_logs();
+			reload_after_sighup = False;
+		}
+
+		/* free temp memory */
+		talloc_destroy_pool(mem_ctx);
+
+		/* free up temp memory */
+		lp_talloc_free();
+	}
+} /* process */
+
+/****************************************************************************
+  main program
+****************************************************************************/
+ int main(int argc,char *argv[])
+{
+	extern BOOL append_log;
+	extern char *optarg;
+	/* shall I run as a daemon */
+	BOOL is_daemon = False;
+	BOOL interactive = False;
+	BOOL specified_logfile = False;
+	int opt;
+	pstring logfile;
+
+#ifdef HAVE_SET_AUTH_PARAMETERS
+	set_auth_parameters(argc,argv);
+#endif
+
+	/* this is for people who can't start the program correctly */
+	while (argc > 1 && (*argv[1] != '-')) {
+		argv++;
+		argc--;
+	}
+
+	while ( EOF != (opt = getopt(argc, argv, "O:l:s:d:Dp:h?Vaiof:")) )
+		switch (opt)  {
+		case 'O':
+			pstrcpy(user_socket_options,optarg);
+			break;
+
+		case 's':
+			pstrcpy(dyn_CONFIGFILE,optarg);
+			break;
+
+		case 'l':
+			specified_logfile = True;
+			slprintf(logfile, sizeof(logfile)-1, "%s/log.wrepld", optarg);
+			lp_set_logfile(logfile);
+			break;
+
+		case 'a':
+			append_log = True;
+			break;
+
+		case 'i':
+			interactive = True;
+			break;
+
+		case 'o':
+			append_log = False;
+			break;
+
+		case 'D':
+			is_daemon = True;
+			break;
+
+		case 'd':
+			if (*optarg == 'A')
+				DEBUGLEVEL = 10000;
+			else
+				DEBUGLEVEL = atoi(optarg);
+			break;
+
+		case 'p':
+			wins_port = atoi(optarg);
+			break;
+
+		case 'h':
+		case '?':
+			usage(argv[0]);
+			exit(0);
+			break;
+
+		case 'V':
+			d_printf("Version %s\n",VERSION);
+			exit(0);
+			break;
+		default:
+			DEBUG(0,("Incorrect program usage - are you sure the command line is correct?\n"));
+			usage(argv[0]);
+			exit(1);
+		}
+
+#ifdef HAVE_SETLUID
+	/* needed for SecureWare on SCO */
+	setluid(0);
+#endif
+
+	sec_init();
+
+	load_case_tables();
+
+	append_log = True;
+
+	if(!specified_logfile) {
+		slprintf(logfile, sizeof(logfile)-1, "%s/log.wrepld",
+			 dyn_LOGFILEBASE);
+		lp_set_logfile(logfile);
+	}
+
+	pstrcpy(remote_machine, "wrepld");
+
+	setup_logging(argv[0],interactive);
+
+	/* we want to re-seed early to prevent time delays causing
+           client problems at a later date. (tridge) */
+	generate_random_buffer(NULL, 0, False);
+
+	/* make absolutely sure we run as root - to handle cases where people
+	   are crazy enough to have it setuid */
+
+	gain_root_privilege();
+	gain_root_group_privilege();
+
+	fault_setup((void (*)(void *))exit_server);
+	CatchSignal(SIGTERM , SIGNAL_CAST dflt_sig);
+
+	/* we are never interested in SIGPIPE */
+	BlockSignals(True,SIGPIPE);
+
+#if defined(SIGFPE)
+	/* we are never interested in SIGFPE */
+	BlockSignals(True,SIGFPE);
+#endif
+
+#if defined(SIGUSR2)
+	/* We are no longer interested in USR2 */
+	BlockSignals(True,SIGUSR2);
+#endif
+
+	/* POSIX demands that signals are inherited. If the invoking process has
+	 * these signals masked, we will have problems, as we won't recieve them. */
+	BlockSignals(False, SIGHUP);
+	BlockSignals(False, SIGUSR1);
+
+	/* we want total control over the permissions on created files,
+	   so set our umask to 0 */
+	umask(0);
+
+	reopen_logs();
+
+	DEBUG(1,( "wrepld version %s started.\n", VERSION));
+	DEBUGADD(1,( "Copyright Andrew Tridgell and the Samba Team 1992-2002\n"));
+
+	DEBUG(2,("uid=%d gid=%d euid=%d egid=%d\n",
+		 (int)getuid(),(int)getgid(),(int)geteuid(),(int)getegid()));
+
+	if (sizeof(uint16) < 2 || sizeof(uint32) < 4) {
+		DEBUG(0,("ERROR: Samba is not configured correctly for the word size on your machine\n"));
+		exit(1);
+	}
+
+	/*
+	 * Do this before reload_services.
+	 */
+
+	if (!reload_services(False))
+		return(-1);	
+
+	init_structs();
+	
+#ifdef WITH_PROFILE
+	if (!profile_setup(False)) {
+		DEBUG(0,("ERROR: failed to setup profiling\n"));
+		return -1;
+	}
+#endif
+
+	fstrcpy(global_myworkgroup, lp_workgroup());
+
+	CatchSignal(SIGHUP,SIGNAL_CAST sig_hup);
+	
+	DEBUG(3,( "loaded services\n"));
+
+	if (!is_daemon && !is_a_socket(0)) {
+		DEBUG(0,("standard input is not a socket, assuming -D option\n"));
+		is_daemon = True;
+	}
+
+	if (is_daemon && !interactive) {
+		DEBUG( 3, ( "Becoming a daemon.\n" ) );
+		become_daemon();
+	}
+
+#if HAVE_SETPGID
+	/*
+	 * If we're interactive we want to set our own process group for
+	 * signal management.
+	 */
+	if (interactive)
+		setpgid( (pid_t)0, (pid_t)0);
+#endif
+
+	if (!directory_exist(lp_lockdir(), NULL)) {
+		mkdir(lp_lockdir(), 0755);
+	}
+
+	if (is_daemon) {
+		pidfile_create("wrepld");
+	}
+
+	if (!message_init()) {
+		exit(1);
+	}
+
+	/* Initialise the memory context */
+	mem_ctx=talloc_init_named("wins repl talloc ctx");
+
+	/* initialise the global partners table */
+	partner_count=init_wins_partner_table();
+
+	/* We can only take signals in the select. */
+	BlockSignals( True, SIGTERM );
+
+	process();
+
+	exit_server("normal exit");
+	return(0);
+}
diff --git a/source3/wrepld/socket.c b/source3/wrepld/socket.c
new file mode 100644
index 0000000000..3d759f0ab8
--- /dev/null
+++ b/source3/wrepld/socket.c
@@ -0,0 +1,69 @@
+/* 
+   Unix SMB/CIFS implementation.
+   process incoming packets - main loop
+   Copyright (C) Jean François Micouleau      1998-2002.
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "wins_repl.h"
+
+fd_set *listen_set = NULL;
+int listen_number = 0;
+int *sock_array = NULL;
+
+/*******************************************************************
+  Add an fd from the sock_array
+******************************************************************/
+void add_fd_to_sock_array(int fd)
+{
+	int *temp_sock=NULL;
+
+	temp_sock=(int *)Realloc(sock_array, (listen_number+1)*sizeof(int));
+	if (temp_sock==NULL)
+		return;
+
+	sock_array=temp_sock;
+	sock_array[listen_number]=fd;
+	listen_number++;
+}
+
+
+/*******************************************************************
+  Remove an fd from the sock_array
+******************************************************************/
+void remove_fd_from_sock_array(int fd)
+{
+	int i,j;
+
+	for (i=0; sock_array[i]!=fd && i<listen_number; i++)
+		;
+	
+	if (i==listen_number) {
+		DEBUG(0,("remove_fd_from_sock_array: unknown fd: %d\n", fd));
+		return;
+	}
+	
+	if (i==listen_number-1) {
+		sock_array=(int *)Realloc(sock_array, --listen_number*sizeof(int));
+		return;
+	}
+
+	for (j=i; j<listen_number-1; j++)
+		sock_array[j]=sock_array[j+1];
+	
+	sock_array=(int *)Realloc(sock_array, --listen_number*sizeof(int));	
+}
diff --git a/source3/wrepld/wins_repl.h b/source3/wrepld/wins_repl.h
new file mode 100644
index 0000000000..25b4442212
--- /dev/null
+++ b/source3/wrepld/wins_repl.h
@@ -0,0 +1,161 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Jean François Micouleau      1998-2002.
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#define OPCODE_NON_NBT	0x00007800
+
+/* the messages */
+#define MESSAGE_TYPE_START_ASSOC_REQUEST	0
+#define MESSAGE_TYPE_START_ASSOC_REPLY		1
+#define MESSAGE_TYPE_STOP_ASSOC			2
+#define MESSAGE_TYPE_REPLICATE			3
+
+/* the replication sub-message */
+#define MESSAGE_REP_ADD_VERSION_REQUEST		0
+#define MESSAGE_REP_ADD_VERSION_REPLY		1
+#define MESSAGE_REP_SEND_ENTRIES_REQUEST	2
+#define MESSAGE_REP_SEND_ENTRIES_REPLY		3
+#define MESSAGE_REP_UPDATE_NOTIFY_REQUEST	4
+
+/* stop reasons */
+#define STOP_REASON_USER_REASON			0
+#define STOP_REASON_AUTH_FAILED			1
+#define STOP_REASON_INCOMPLETE_VERSION		2
+#define STOP_REASON_BUG_CHECK			3
+#define STOP_REASON_MESSAGE_ERROR		4
+
+
+typedef struct _WINS_OWNER {
+	struct in_addr address;
+	SMB_BIG_UINT max_version;
+	SMB_BIG_UINT min_version;
+	int type;
+	time_t last_pull;
+	time_t last_push;
+} WINS_OWNER;
+
+typedef struct _WINS_NAME {
+	int name_len; /* always 0x11 */
+	char name[16];
+	char type;
+	int empty;
+	int name_flag;
+	int group_flag;
+	SMB_BIG_UINT id;
+	int num_ip;
+	struct in_addr owner;
+	struct in_addr *others;
+	int foo; /* 0xffffff */
+} WINS_NAME;
+	
+typedef struct _WINS_PARTNERS
+{
+	int client_assoc;
+	int server_assoc;
+	BOOL pull_partner;
+	BOOL push_partner;
+	struct in_addr partner_server;
+	struct in_addr other_server;
+} WINS_PARTNER;
+
+typedef struct _generic_header{
+	int data_size;
+	int opcode;
+	int assoc_ctx;
+	int mess_type;
+} generic_header;
+
+typedef struct _START_ASSOC_REQUEST {
+	int assoc_ctx;
+	int min_ver;
+	int maj_ver;
+} START_ASSOC_REQUEST;
+
+typedef struct _START_ASSOC_REPLY {
+	int assoc_ctx;
+	int min_ver;
+	int maj_ver;
+} START_ASSOC_REPLY;
+
+typedef struct _STOP_ASSOC {
+	int reason;
+} STOP_ASSOC;
+
+typedef struct _AVMT_REP {
+	int partner_count;
+	WINS_OWNER *wins_owner;
+	struct in_addr initiating_wins_server;
+} AVMT_REP;
+
+typedef struct _SEND_ENTRIES_REQUEST {
+	WINS_OWNER wins_owner;
+} SEND_ENTRIES_REQUEST;
+
+typedef struct _SEND_ENTRIES_REPLY {
+	int max_names;
+	WINS_NAME *wins_name;	
+} SEND_ENTRIES_REPLY;
+
+typedef struct  _UPDATE_NOTIFY_REQUEST {
+	int partner_count;
+	WINS_OWNER *wins_owner;	
+	struct in_addr initiating_wins_server;
+} UPDATE_NOTIFY_REQUEST;
+
+typedef struct _REPLICATE {
+	int msg_type;
+	
+	AVMT_REP avmt_rep;
+	SEND_ENTRIES_REQUEST se_rq;
+	SEND_ENTRIES_REPLY se_rp;
+	UPDATE_NOTIFY_REQUEST un_rq;
+} REPLICATE;
+
+
+typedef struct _GENERIC_PACKET {
+	int fd;
+
+	generic_header header;
+
+	START_ASSOC_REQUEST sa_rq;
+	START_ASSOC_REPLY sa_rp;
+	STOP_ASSOC so;
+	REPLICATE rep;
+} GENERIC_PACKET;
+
+struct wins_packet_struct
+{
+	struct wins_packet_struct *next;
+	struct wins_packet_struct *prev;
+	BOOL stop_packet;
+	int fd;
+	time_t timestamp;
+	GENERIC_PACKET *packet;
+};
+
+struct BUFFER {
+	char *buffer;
+	int offset;
+	int length;
+};
+
+
+
+#include "wrepld_proto.h"
+